Messengeri virus + HooJiiTee-logi

Yksityisviestit

Luo uusi yksityisviesti

Kaikki uudet viestit

Ilman vastauksia olevat viestiketjut

Hae viestejä

perjantai 14.11.2025 / 00:20

Hae keskustelualueilta:

afterdawn.com > keskustelu > yleistä keskustelua tietokoneista > virukset ja haittaohjelmat - hijackthis -logit > messengeri virus + hoojiitee-logi

Aiheet

Keskustelualueet

Vastaa

Aloita uusi viestiketju

Messengeri virus + HooJiiTee-logi

Siirry:

Kirjoittaja

Viesti

tupla3

Newbie

10. kesäkuuta 2008 @ 21:42

Linkki tähän viestiin

Eli minäkin onnistuin tuon mese viruksen koneelle hankkimaan viime viikolla. Kotikonsteilla (=tämän keskustelupalstan ohjeilla ja vinkeillä) sitä yrittänyt hävittää ja jotenkin onnistunutkin..

Aluksi konetta käynnittäessä tuli .botteja ruutuun ja ja C:n juureen, ne oon saanu hävitettyä. Myös windowsin autom.päivitykset meni pois käytöstä eikä siihen pystyny vaikuttaa, mutta senkin sain sit lopulta kuntoon ohjeiden avulla. Lisäksi windows-kansioon tuli yhtä jos sun toista troijalaista..nekin kuoli erilaisilla torjuntaohjelmilla.

Koneen oon käynyt läpi useampaan kertaan ainakin Avastilla, CCleanerilla, Ad-Awarella ja koneen omalla Nortonilla, ja enää noi ei juurikaan mitään ylimääräistä löydä..

Ainut näkyvä haitta mikä viel esiintyy on aina uudelleen käynnistettäessä tuleva ilmoitus:
"virhe ladattaessa C:\windows\system32\qhnbvrcp.dll "
Tuon joko Avast tai Ad-aware pyyhki mennessään..

Alla on hjt-logi..löytyykö siitä jotain häikkää? lisäksi kiinnostaisi miten sen käynnistyksen yhteydessä ilmestyvän virheilmoituksen saisi hävitettyä.
Jahka joku asiantuntija kerkiäis vilkasta ja kommeintoida, niin suuresti arvostaisin!

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 20:28:06, on 10.6.2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16640)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Norman\Npm\bin\ELOGSVC.EXE
C:\Norman\Npm\Bin\Zanda.exe
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
c:\program files\common files\logitech\lvmvfm\LVPrcSrv.exe
C:\WINDOWS\system32\svchost.exe
C:\Norman\Npm\bin\NJEEVES.EXE
C:\Norman\Nvc\BIN\NVCSCHED.EXE
C:\Norman\Nvc\bin\nvcoas.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\WINDOWS\system32\UMonit.exe
C:\WINDOWS\RTHDCPL.EXE
C:\WINDOWS\sm56hlpr.exe
C:\Program Files\Power Manager\PM.exe
C:\Norman\Npm\bin\ZLH.EXE
C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe
C:\Norman\Nvc\BIN\NIP.EXE
C:\Program Files\Logitech\Video\CameraAssistant.exe
C:\WINDOWS\system32\ElkCtrl.exe
C:\WINDOWS\system32\LVCOMSX.EXE
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\PowerISO\PWRISOVM.EXE
C:\Norman\Nvc\bin\cclaw.exe
C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe
C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
C:\Program Files\IObit\Advanced WindowsCare 3 Beta\AWC.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.fi/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Linkit
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: (no name) - {487C9905-26A8-42C8-8033-C58AD3D2AEC3} - (no file)
O2 - BHO: (no name) - {4A7750C8-797B-4DE6-9009-61757B7E4167} - (no file)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: Windows Liven kirjautumisapuohjelma - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O4 - HKLM\..\Run: [High Definition Audio -ominaisuussivun pikakuvake] HDAShCut.exe
O4 - HKLM\..\Run: [ATIPTA] "C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe"
O4 - HKLM\..\Run: [UMonit] C:\WINDOWS\system32\UMonit.exe
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [SMSERIAL] sm56hlpr.exe
O4 - HKLM\..\Run: [PowerManager] C:\Program Files\Power Manager\PM.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [Norman ZANDA] C:\Norman\Npm\bin\ZLH.EXE /LOAD /SPLASH
O4 - HKLM\..\Run: [LogitechVideo[inspector]] C:\Program Files\Logitech\Video\InstallHelper.exe /inspect
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe"
O4 - HKLM\..\Run: [LogitechCameraAssistant] C:\Program Files\Logitech\Video\CameraAssistant.exe
O4 - HKLM\..\Run: [LogitechCameraService(E)] C:\WINDOWS\system32\ElkCtrl.exe /automation
O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\system32\LVCOMSX.EXE
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb10.exe
O4 - HKLM\..\Run: [PWRISOVM.EXE] C:\Program Files\PowerISO\PWRISOVM.EXE
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Windows svchost] service.exe
O4 - HKLM\..\Run: [BMa354a9f9] Rundll32.exe "C:\WINDOWS\system32\qhnbvrcp.dll",s
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [LDM] C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
O4 - HKCU\..\Run: [Advanced WindowsCare 3] "C:\Program Files\IObit\Advanced WindowsCare 3 Beta\AWC.exe" /startup
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Paikallinen palve')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Verkkopalve')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: @c:\Program Files\Messenger\Msgslang.dll,-61144 - {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: @c:\Program Files\Messenger\Msgslang.dll,-61144 - {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab
O18 - Protocol: bw+0 - {C08B645C-6D45-42C3-9C42-0455CE632F2D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw+0s - {C08B645C-6D45-42C3-9C42-0455CE632F2D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw-0 - {C08B645C-6D45-42C3-9C42-0455CE632F2D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw-0s - {C08B645C-6D45-42C3-9C42-0455CE632F2D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw00 - {C08B645C-6D45-42C3-9C42-0455CE632F2D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw00s - {C08B645C-6D45-42C3-9C42-0455CE632F2D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw10 - {C08B645C-6D45-42C3-9C42-0455CE632F2D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw10s - {C08B645C-6D45-42C3-9C42-0455CE632F2D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw20 - {C08B645C-6D45-42C3-9C42-0455CE632F2D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw20s - {C08B645C-6D45-42C3-9C42-0455CE632F2D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw30 - {C08B645C-6D45-42C3-9C42-0455CE632F2D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw30s - {C08B645C-6D45-42C3-9C42-0455CE632F2D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw40 - {C08B645C-6D45-42C3-9C42-0455CE632F2D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw40s - {C08B645C-6D45-42C3-9C42-0455CE632F2D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw50 - {C08B645C-6D45-42C3-9C42-0455CE632F2D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw50s - {C08B645C-6D45-42C3-9C42-0455CE632F2D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw60 - {C08B645C-6D45-42C3-9C42-0455CE632F2D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw60s - {C08B645C-6D45-42C3-9C42-0455CE632F2D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw70 - {C08B645C-6D45-42C3-9C42-0455CE632F2D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw70s - {C08B645C-6D45-42C3-9C42-0455CE632F2D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw80 - {C08B645C-6D45-42C3-9C42-0455CE632F2D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw80s - {C08B645C-6D45-42C3-9C42-0455CE632F2D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw90 - {C08B645C-6D45-42C3-9C42-0455CE632F2D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw90s - {C08B645C-6D45-42C3-9C42-0455CE632F2D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwa0 - {C08B645C-6D45-42C3-9C42-0455CE632F2D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwa0s - {C08B645C-6D45-42C3-9C42-0455CE632F2D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwb0 - {C08B645C-6D45-42C3-9C42-0455CE632F2D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwb0s - {C08B645C-6D45-42C3-9C42-0455CE632F2D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwc0 - {C08B645C-6D45-42C3-9C42-0455CE632F2D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwc0s - {C08B645C-6D45-42C3-9C42-0455CE632F2D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwd0 - {C08B645C-6D45-42C3-9C42-0455CE632F2D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwd0s - {C08B645C-6D45-42C3-9C42-0455CE632F2D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwe0 - {C08B645C-6D45-42C3-9C42-0455CE632F2D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwe0s - {C08B645C-6D45-42C3-9C42-0455CE632F2D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwf0 - {C08B645C-6D45-42C3-9C42-0455CE632F2D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwf0s - {C08B645C-6D45-42C3-9C42-0455CE632F2D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
O18 - Protocol: bwg0 - {C08B645C-6D45-42C3-9C42-0455CE632F2D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwg0s - {C08B645C-6D45-42C3-9C42-0455CE632F2D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwh0 - {C08B645C-6D45-42C3-9C42-0455CE632F2D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwh0s - {C08B645C-6D45-42C3-9C42-0455CE632F2D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwi0 - {C08B645C-6D45-42C3-9C42-0455CE632F2D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwi0s - {C08B645C-6D45-42C3-9C42-0455CE632F2D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwj0 - {C08B645C-6D45-42C3-9C42-0455CE632F2D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwj0s - {C08B645C-6D45-42C3-9C42-0455CE632F2D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwk0 - {C08B645C-6D45-42C3-9C42-0455CE632F2D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwk0s - {C08B645C-6D45-42C3-9C42-0455CE632F2D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwl0 - {C08B645C-6D45-42C3-9C42-0455CE632F2D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwl0s - {C08B645C-6D45-42C3-9C42-0455CE632F2D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwm0 - {C08B645C-6D45-42C3-9C42-0455CE632F2D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwm0s - {C08B645C-6D45-42C3-9C42-0455CE632F2D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwn0 - {C08B645C-6D45-42C3-9C42-0455CE632F2D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwn0s - {C08B645C-6D45-42C3-9C42-0455CE632F2D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwo0 - {C08B645C-6D45-42C3-9C42-0455CE632F2D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwo0s - {C08B645C-6D45-42C3-9C42-0455CE632F2D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwp0 - {C08B645C-6D45-42C3-9C42-0455CE632F2D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwp0s - {C08B645C-6D45-42C3-9C42-0455CE632F2D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwq0 - {C08B645C-6D45-42C3-9C42-0455CE632F2D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwq0s - {C08B645C-6D45-42C3-9C42-0455CE632F2D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwr0 - {C08B645C-6D45-42C3-9C42-0455CE632F2D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwr0s - {C08B645C-6D45-42C3-9C42-0455CE632F2D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bws0 - {C08B645C-6D45-42C3-9C42-0455CE632F2D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bws0s - {C08B645C-6D45-42C3-9C42-0455CE632F2D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwt0 - {C08B645C-6D45-42C3-9C42-0455CE632F2D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwt0s - {C08B645C-6D45-42C3-9C42-0455CE632F2D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwu0 - {C08B645C-6D45-42C3-9C42-0455CE632F2D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwu0s - {C08B645C-6D45-42C3-9C42-0455CE632F2D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwv0 - {C08B645C-6D45-42C3-9C42-0455CE632F2D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwv0s - {C08B645C-6D45-42C3-9C42-0455CE632F2D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bww0 - {C08B645C-6D45-42C3-9C42-0455CE632F2D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bww0s - {C08B645C-6D45-42C3-9C42-0455CE632F2D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwx0 - {C08B645C-6D45-42C3-9C42-0455CE632F2D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwx0s - {C08B645C-6D45-42C3-9C42-0455CE632F2D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwy0 - {C08B645C-6D45-42C3-9C42-0455CE632F2D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwy0s - {C08B645C-6D45-42C3-9C42-0455CE632F2D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwz0 - {C08B645C-6D45-42C3-9C42-0455CE632F2D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwz0s - {C08B645C-6D45-42C3-9C42-0455CE632F2D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: offline-8876480 - {C08B645C-6D45-42C3-9C42-0455CE632F2D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - Winlogon Notify: iifcDVmL - iifcDVmL.dll (file missing)
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: Norman eLogger service 6 (eLoggerSvc6) - Norman ASA - C:\Norman\Npm\bin\ELOGSVC.EXE
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Logitech Process Monitor (LVPrcSrv) - Logitech Inc. - c:\program files\common files\logitech\lvmvfm\LVPrcSrv.exe
O23 - Service: Norman NJeeves - Unknown owner - C:\Norman\Npm\bin\NJEEVES.EXE
O23 - Service: Norman ZANDA - Norman ASA - C:\Norman\Npm\Bin\Zanda.exe
O23 - Service: Norman Virus Control on-access component (nvcoas) - Norman ASA - C:\Norman\Nvc\bin\nvcoas.exe
O23 - Service: Norman Virus Control Scheduler (NVCScheduler) - Norman ASA - C:\Norman\Nvc\BIN\NVCSCHED.EXE
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe

--
End of file - 19867 bytes

[ + lainaa]

Hujo

Suspended permanently

11. kesäkuuta 2008 @ 00:29

Linkki tähän viestiin

1.Lataa combofix.exe työpöydällesi yhdestä linkistä:
combofix1
combofix2

2. Tuplaklikkaa combofix.exe tiedostoa ja seuraa ohjeistuksia.
3. Kun työkalu on valmis, se tuottaa lokin. Lähetä tämä loki viesti ketjuusi.
Huom! Älä klikkaile combofixin ikkunaa käytön aikana. Tämä saattaa aiheuttaa ohjelman jumiutumisen.

[ + lainaa]

Voiko tietsikka koskaan toimia?

tupla3

Newbie

11. kesäkuuta 2008 @ 18:11

Linkki tähän viestiin

ComboFix 08-06-10.5 - JP 2008-06-11 17:34:38.1 - NTFSx86
Running from: C:\Documents and Settings\JP\Omat tiedostot\Vastaanotetut tiedostot\ComboFix.exe
* Created a new restore point
* Resident AV is active

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.

(((((((((((((((((((((((((((((((((((((( Muut poistot ))))))))))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\WINDOWS\BMa354a9f9.xml
C:\WINDOWS\cookies.ini
C:\WINDOWS\pskt.ini
C:\WINDOWS\system32\jsnrqred.ini
C:\WINDOWS\system32\mcrh.tmp
C:\WINDOWS\system32\ybHQAccf.ini
C:\WINDOWS\system32\ybHQAccf.ini2

.
((((( Tiedostot, jotka on luotu seuraavalla aikav?lill?: 2008-05-11 to 2008-06-11 )))))))))))))))))
.

2008-06-11 03:08 . 2008-06-11 03:09 1,374 --a------ C:\WINDOWS\imsins.BAK
2008-06-11 00:26 . 2008-04-14 18:52 272,128 --------- C:\WINDOWS\system32\drivers\bthport.sys
2008-06-11 00:26 . 2008-04-14 18:52 272,128 -----c--- C:\WINDOWS\system32\dllcache\bthport.sys
2008-06-06 01:20 . 2008-04-17 16:19 90,668 --a------ C:\WINDOWS\system32\vobis32.dll
2008-06-06 01:19 . 2008-06-06 01:19 <KANSIO> d-------- C:\Program Files\IObit
2008-06-05 18:23 . 2008-06-05 18:23 <KANSIO> d-------- C:\Program Files\Trend Micro
2008-06-05 18:10 . 2008-06-05 18:10 <KANSIO> d-------- C:\Program Files\Lavasoft
2008-06-05 18:10 . 2008-06-05 18:12 <KANSIO> d-------- C:\Documents and Settings\All Users\Application Data\Lavasoft
2008-06-05 18:09 . 2008-06-05 18:09 <KANSIO> d-------- C:\Program Files\Common Files\Wise Installation Wizard
2008-06-05 17:57 . 2004-09-15 15:00 10,129,408 --a--c--- C:\WINDOWS\system32\dllcache\hwxkor.dll
2008-06-05 17:56 . 2004-09-15 15:00 13,463,552 --a--c--- C:\WINDOWS\system32\dllcache\hwxjpn.dll
2008-06-05 17:56 . 2004-09-15 15:00 471,102 --a--c--- C:\WINDOWS\system32\dllcache\imskdic.dll
2008-06-05 17:56 . 2004-09-15 15:00 315,452 --a--c--- C:\WINDOWS\system32\dllcache\imskf.dll
2008-06-05 17:56 . 2004-09-15 15:00 229,439 --a--c--- C:\WINDOWS\system32\dllcache\multibox.dll
2008-06-05 17:56 . 2004-09-15 15:00 57,398 --a--c--- C:\WINDOWS\system32\dllcache\imjpdadm.exe
2008-06-05 17:56 . 2004-09-15 15:00 45,109 --a--c--- C:\WINDOWS\system32\dllcache\imjpuex.exe
2008-06-03 23:33 . 2008-06-11 17:45 2,206 --a------ C:\WINDOWS\system32\wpa.dbl
2008-06-03 00:43 . 2008-06-03 00:44 <KANSIO> d-------- C:\Program Files\CCleaner
2008-06-02 22:30 . 2008-06-10 06:41 22 --a------ C:\WINDOWS\DC5177176.zip
2008-06-02 21:05 . 2008-06-02 21:05 54,156 --ah----- C:\WINDOWS\QTFont.qfn
2008-06-02 21:05 . 2008-06-02 21:05 1,409 --a------ C:\WINDOWS\QTFont.for
2008-05-16 11:58 . 2008-05-16 11:58 12,632 --a------ C:\WINDOWS\system32\lsdelete.exe

.
(((((((((((((((((((((((((((((((((((( Find3M-raportti ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-06-05 21:18 --------- d-----w C:\Program Files\Google
2008-06-05 18:48 --------- d-----w C:\Program Files\Common Files\Real
2008-06-05 14:42 --------- d-----w C:\Program Files\Java
2008-06-03 21:45 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-06-02 21:26 --------- d-----w C:\Documents and Settings\All Users\Application Data\WLInstaller
2008-06-02 16:20 --------- d-----w C:\Program Files\DC++
2008-05-29 13:38 --------- d-----w C:\Program Files\My music 1
2008-05-22 19:03 --------- d-----w C:\Program Files\My music
2008-05-08 12:28 202,752 ----a-w C:\WINDOWS\system32\drivers\rmcast.sys
2008-05-07 05:15 1,288,192 ----a-w C:\WINDOWS\system32\quartz.dll
2008-04-29 08:20 15,648 ----a-w C:\WINDOWS\system32\drivers\NSDriver.sys
2008-04-29 08:19 15,648 ----a-w C:\WINDOWS\system32\drivers\Awrtrd.sys
2008-04-29 08:19 12,960 ----a-w C:\WINDOWS\system32\drivers\Awrtpd.sys
2008-04-23 04:16 826,368 ----a-w C:\WINDOWS\system32\wininet.dll
2008-03-25 04:51 621,344 ----a-w C:\WINDOWS\system32\mswstr10.dll
2008-03-25 04:51 166,688 ----a-w C:\WINDOWS\system32\msjint40.dll
2008-03-20 08:09 1,845,504 ----a-w C:\WINDOWS\system32\win32k.sys
.

(((((((((((((((((((((((((((((( Rekisterin k?ynnistyskohteet )))))))))))))))))))))))))))))))))))))))))))))
.
.
REGEDIT4
*Huom* Tyhji? arvoja ja laillisia oletusarvoja ei n?ytet?

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{4A7750C8-797B-4DE6-9009-61757B7E4167}]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-09-15 15:00 15360]
"LDM"="C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe" [2007-04-12 00:09 32768]
"Advanced WindowsCare 3"="C:\Program Files\IObit\Advanced WindowsCare 3 Beta\AWC.exe" [2008-04-22 17:01 2024200]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"High Definition Audio -ominaisuussivun pikakuvake"="HDAShCut.exe" [2005-01-07 17:07 61952 C:\WINDOWS\system32\HdAShCut.exe]
"ATIPTA"="C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2005-08-05 21:05 344064]
"UMonit"="C:\WINDOWS\system32\UMonit.exe" [2005-08-25 14:48 237568]
"RTHDCPL"="RTHDCPL.EXE" [2005-09-22 14:36 14854144 C:\WINDOWS\RTHDCPL.EXE]
"SMSERIAL"="sm56hlpr.exe" [2005-09-12 16:35 544768 C:\WINDOWS\sm56hlpr.exe]
"PowerManager"="C:\Program Files\Power Manager\PM.exe" [2005-09-16 09:38 31744]
"NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [2001-07-09 10:50 155648]
"Norman ZANDA"="C:\Norman\Npm\bin\ZLH.exe" [2007-08-09 14:40 183352]
"LogitechVideo[inspector]"="C:\Program Files\Logitech\Video\InstallHelper.exe" [2006-01-05 08:15 73728]
"Adobe Photo Downloader"="C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe" [2005-06-07 00:46 57344]
"LogitechCameraAssistant"="C:\Program Files\Logitech\Video\CameraAssistant.exe" [2006-01-05 07:58 489472]
"LogitechCameraService(E)"="C:\WINDOWS\system32\ElkCtrl.exe" [2004-11-01 17:22 262144]
"LVCOMSX"="C:\WINDOWS\system32\LVCOMSX.EXE" [2005-12-09 16:32 225280]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2007-02-16 10:54 282624]
"HPDJ Taskbar Utility"="C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb10.exe" [2004-06-21 22:25 172032]
"PWRISOVM.EXE"="C:\Program Files\PowerISO\PWRISOVM.EXE" [2007-08-07 03:05 200704]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 23:16 39792]
"Windows svchost"="service.exe" []
"BMa354a9f9"="C:\WINDOWS\system32\qhnbvrcp.dll" [ ]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" [2008-02-22 05:25 144784]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-09-15 15:00 15360]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\iifcDVmL]
iifcDVmL.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"vidc.DIV3"= DivXc32.dll
"vidc.DIV4"= DivXc32f.dll
"msacm.divxa32"= DivXa32.acm
"VIDC.HFYU"= huffyuv.dll
"msacm.avis"= ff_acm.acm
"vidc.i263"= C:\WINDOWS\system32\i263_32.drv
"msacm.imc"= C:\WINDOWS\system32\imc32.acm

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\Messenger\\Msmsgs.exe"=
"C:\\Program Files\\DC++\\DCPlusPlus.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"C:\\Program Files\\Internet Explorer\\iexplore.exe"=
"C:\\WINDOWS\\system32\\dpvsetup.exe"=
"C:\\Program Files\\Logitech\\Desktop Messenger\\8876480\\Program\\LogitechDesktopMessenger.exe"=
"C:\\Program Files\\SopCast\\SopCast.exe"=
"C:\\Program Files\\TVUPlayer\\TVUPlayer.exe"=
"C:\\Program Files\\Skype\\Phone\\Skype.exe"=

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{16e429ba-0e1d-11dd-b4ed-0014a56dd8d6}]
\Shell\AutoRun\command - F:\setup.exe AUTORUN=1

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{cd1aeaea-d34a-11dc-b4a4-0014a56dd8d6}]
\Shell\AutoRun\command - E:\LaunchU3.exe

.
'Ajoitetut teht?v?t'-kansion sis?lt?
"2008-06-05 15:27:55 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe
.
**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-06-11 17:42:48
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
------------------------ Other Running Processes ------------------------
.
C:\WINDOWS\system32\ati2evxx.exe
C:\Norman\npm\bin\elogsvc.exe
C:\Norman\npm\bin\Zanda.exe
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\WINDOWS\system32\ati2evxx.exe
C:\Program Files\Common Files\Logitech\LVMVFM\LVPrcSrv.exe
C:\Norman\NVC\Bin\Nip.exe
C:\Norman\npm\bin\Njeeves.exe
C:\Norman\NVC\Bin\Nvcsched.exe
C:\Norman\NVC\Bin\Nvcoas.exe
C:\Norman\NVC\Bin\CClaw.exe
.
**************************************************************************
.
Completion time: 2008-06-11 17:55:33 - machine was rebooted
ComboFix-quarantined-files.txt 2008-06-11 14:54:53

Pre-Run: 23,416,307,712 tavua vapaana
Post-Run: 23,373,262,848 tavua vapaana

157 --- E O F --- 2008-06-11 00:18:04

Eli tällainen oli tulos..mitkä ovat seuraavat liikkeet..?

[ + lainaa]

Hujo

Suspended permanently

11. kesäkuuta 2008 @ 18:29

Linkki tähän viestiin

Avaa Muistio ja kopioi/liitä quoteboxin sisältö sinne:

Lainaus:
File::
C:\WINDOWS\DC5177176.zip
C:\WINDOWS\system32\qhnbvrcp.dll
C:\WINDOWS\service.exe

Tallenna se nimellä CFScript.txt

Sitten raahaa CFScript ComboFix.exeen kuten alla.

Käynnistä tietokone uudelleen pyydettäessä ja lähetä combofix.txt-tiedoston sisältö tänne.

============

scannaa hjt:llä merkkaa paina Fix checked

O2 - BHO: (no name) - {487C9905-26A8-42C8-8033-C58AD3D2AEC3} - (no file)
O2 - BHO: (no name) - {4A7750C8-797B-4DE6-9009-61757B7E4167} - (no file)
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [Windows svchost] service.exe
O4 - HKLM\..\Run: [BMa354a9f9] Rundll32.exe "C:\WINDOWS\system32\qhnbvrcp.dll",s
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
O20 - Winlogon Notify: iifcDVmL - iifcDVmL.dll (file missing)

[ + lainaa]

Voiko tietsikka koskaan toimia?

tupla3

Newbie

11. kesäkuuta 2008 @ 19:59

Linkki tähän viestiin

Yllä olevat tehty..

ComboFix 08-06-10.5 - 2008-06-11 19:04:07.2 - NTFSx86
Running from: C:\Documents and Settings\JP\Omat tiedostot\Vastaanotetut tiedostot\ComboFix.exe
Command switches used :: C:\Documents and Settings\JP\Omat tiedostot\Vastaanotetut tiedostot\CFScript.txt.txt
* Created a new restore point
* Resident AV is active

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!

FILE ::
C:\WINDOWS\DC5177176.zip
C:\WINDOWS\service.exe
C:\WINDOWS\system32\qhnbvrcp.dll
.

(((((((((((((((((((((((((((((((((((((( Muut poistot ))))))))))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\WINDOWS\DC5177176.zip

.
((((( Tiedostot, jotka on luotu seuraavalla aikavälillä: 2008-05-11 to 2008-06-11 )))))))))))))))))
.

2008-06-11 17:55 . 2008-06-11 17:55 <KANSIO> d-------- C:\Documents and Settings\JP
2008-06-11 03:08 . 2008-06-11 03:09 1,374 --a------ C:\WINDOWS\imsins.BAK
2008-06-11 00:26 . 2008-04-14 18:52 272,128 --------- C:\WINDOWS\system32\drivers\bthport.sys
2008-06-11 00:26 . 2008-04-14 18:52 272,128 -----c--- C:\WINDOWS\system32\dllcache\bthport.sys
2008-06-06 01:20 . 2008-06-06 01:20 <KANSIO> d-------- C:\Documents and Settings\JP\Application Data\IObit
2008-06-06 01:20 . 2008-04-17 16:19 90,668 --a------ C:\WINDOWS\system32\vobis32.dll
2008-06-06 01:19 . 2008-06-06 01:19 <KANSIO> d-------- C:\Program Files\IObit
2008-06-05 23:30 . 2008-06-06 00:03 <KANSIO> d-------- C:\Documents and Settings\JP\Application Data\RegClean
2008-06-05 18:23 . 2008-06-05 18:23 <KANSIO> d-------- C:\Program Files\Trend Micro
2008-06-05 18:10 . 2008-06-05 18:10 <KANSIO> d-------- C:\Program Files\Lavasoft
2008-06-05 18:10 . 2008-06-05 18:12 <KANSIO> d-------- C:\Documents and Settings\All Users\Application Data\Lavasoft
2008-06-05 18:09 . 2008-06-05 18:09 <KANSIO> d-------- C:\Program Files\Common Files\Wise Installation Wizard
2008-06-05 17:57 . 2004-09-15 15:00 10,129,408 --a--c--- C:\WINDOWS\system32\dllcache\hwxkor.dll
2008-06-05 17:56 . 2004-09-15 15:00 13,463,552 --a--c--- C:\WINDOWS\system32\dllcache\hwxjpn.dll
2008-06-05 17:56 . 2004-09-15 15:00 471,102 --a--c--- C:\WINDOWS\system32\dllcache\imskdic.dll
2008-06-05 17:56 . 2004-09-15 15:00 315,452 --a--c--- C:\WINDOWS\system32\dllcache\imskf.dll
2008-06-05 17:56 . 2004-09-15 15:00 229,439 --a--c--- C:\WINDOWS\system32\dllcache\multibox.dll
2008-06-05 17:56 . 2004-09-15 15:00 57,398 --a--c--- C:\WINDOWS\system32\dllcache\imjpdadm.exe
2008-06-05 17:56 . 2004-09-15 15:00 45,109 --a--c--- C:\WINDOWS\system32\dllcache\imjpuex.exe
2008-06-03 23:33 . 2008-06-11 17:45 2,206 --a------ C:\WINDOWS\system32\wpa.dbl
2008-06-03 00:43 . 2008-06-03 00:44 <KANSIO> d-------- C:\Program Files\CCleaner
2008-06-02 21:05 . 2008-06-02 21:05 54,156 --ah----- C:\WINDOWS\QTFont.qfn
2008-06-02 21:05 . 2008-06-02 21:05 1,409 --a------ C:\WINDOWS\QTFont.for
2008-05-16 11:58 . 2008-05-16 11:58 12,632 --a------ C:\WINDOWS\system32\lsdelete.exe

.
(((((((((((((((((((((((((((((((((((( Find3M-raportti ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-06-05 21:18 --------- d-----w C:\Program Files\Google
2008-06-05 18:48 --------- d-----w C:\Program Files\Common Files\Real
2008-06-05 14:42 --------- d-----w C:\Program Files\Java
2008-06-03 21:45 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-06-02 21:26 --------- d-----w C:\Documents and Settings\All Users\Application Data\WLInstaller
2008-06-02 16:20 --------- d-----w C:\Program Files\DC++
2008-05-29 13:38 --------- d-----w C:\Program Files\My music 1
2008-05-22 19:03 --------- d-----w C:\Program Files\My music
2008-05-08 12:28 202,752 ----a-w C:\WINDOWS\system32\drivers\rmcast.sys
2008-05-07 05:15 1,288,192 ----a-w C:\WINDOWS\system32\quartz.dll
2008-04-29 08:20 15,648 ----a-w C:\WINDOWS\system32\drivers\NSDriver.sys
2008-04-29 08:19 15,648 ----a-w C:\WINDOWS\system32\drivers\Awrtrd.sys
2008-04-29 08:19 12,960 ----a-w C:\WINDOWS\system32\drivers\Awrtpd.sys
2008-04-23 04:16 826,368 ----a-w C:\WINDOWS\system32\wininet.dll
2008-03-25 04:51 621,344 ----a-w C:\WINDOWS\system32\mswstr10.dll
2008-03-25 04:51 166,688 ----a-w C:\WINDOWS\system32\msjint40.dll
2008-03-20 08:09 1,845,504 ----a-w C:\WINDOWS\system32\win32k.sys
.

(((((((((((((((((((((((((((((( Rekisterin käynnistyskohteet )))))))))))))))))))))))))))))))))))))))))))))
.
.
REGEDIT4
*Huom* Tyhjiä arvoja ja laillisia oletusarvoja ei näytetä

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{4A7750C8-797B-4DE6-9009-61757B7E4167}]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-09-15 15:00 15360]
"LDM"="C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe" [2007-04-12 00:09 32768]
"Advanced WindowsCare 3"="C:\Program Files\IObit\Advanced WindowsCare 3 Beta\AWC.exe" [2008-04-22 17:01 2024200]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"High Definition Audio -ominaisuussivun pikakuvake"="HDAShCut.exe" [2005-01-07 17:07 61952 C:\WINDOWS\system32\HdAShCut.exe]
"ATIPTA"="C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2005-08-05 21:05 344064]
"UMonit"="C:\WINDOWS\system32\UMonit.exe" [2005-08-25 14:48 237568]
"RTHDCPL"="RTHDCPL.EXE" [2005-09-22 14:36 14854144 C:\WINDOWS\RTHDCPL.EXE]
"SMSERIAL"="sm56hlpr.exe" [2005-09-12 16:35 544768 C:\WINDOWS\sm56hlpr.exe]
"PowerManager"="C:\Program Files\Power Manager\PM.exe" [2005-09-16 09:38 31744]
"NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [2001-07-09 10:50 155648]
"Norman ZANDA"="C:\Norman\Npm\bin\ZLH.exe" [2007-08-09 14:40 183352]
"LogitechVideo[inspector]"="C:\Program Files\Logitech\Video\InstallHelper.exe" [2006-01-05 08:15 73728]
"Adobe Photo Downloader"="C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe" [2005-06-07 00:46 57344]
"LogitechCameraAssistant"="C:\Program Files\Logitech\Video\CameraAssistant.exe" [2006-01-05 07:58 489472]
"LogitechCameraService(E)"="C:\WINDOWS\system32\ElkCtrl.exe" [2004-11-01 17:22 262144]
"LVCOMSX"="C:\WINDOWS\system32\LVCOMSX.EXE" [2005-12-09 16:32 225280]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2007-02-16 10:54 282624]
"HPDJ Taskbar Utility"="C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb10.exe" [2004-06-21 22:25 172032]
"PWRISOVM.EXE"="C:\Program Files\PowerISO\PWRISOVM.EXE" [2007-08-07 03:05 200704]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 23:16 39792]
"Windows svchost"="service.exe" []
"BMa354a9f9"="C:\WINDOWS\system32\qhnbvrcp.dll" [ ]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" [2008-02-22 05:25 144784]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-09-15 15:00 15360]

C:\Documents and Settings\All Users\K?ynnist?-valikko\Ohjelmat\K?ynnistys\
Logitech Desktop Messenger.lnk - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe [2007-04-12 00:09:09 450560]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\iifcDVmL]
iifcDVmL.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"vidc.DIV3"= DivXc32.dll
"vidc.DIV4"= DivXc32f.dll
"msacm.divxa32"= DivXa32.acm
"VIDC.HFYU"= huffyuv.dll
"msacm.avis"= ff_acm.acm
"vidc.i263"= C:\WINDOWS\system32\i263_32.drv
"msacm.imc"= C:\WINDOWS\system32\imc32.acm

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\Messenger\\Msmsgs.exe"=
"C:\\Program Files\\DC++\\DCPlusPlus.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"C:\\Program Files\\Internet Explorer\\iexplore.exe"=
"C:\\WINDOWS\\system32\\dpvsetup.exe"=
"C:\\Program Files\\Logitech\\Desktop Messenger\\8876480\\Program\\LogitechDesktopMessenger.exe"=
"C:\\Program Files\\SopCast\\SopCast.exe"=
"C:\\Program Files\\TVUPlayer\\TVUPlayer.exe"=
"C:\\Program Files\\Skype\\Phone\\Skype.exe"=

R2 Ndiskio;Ndiskio;C:\Norman\Nse\bin\NDISKIO.SYS [2007-01-02 10:55]
R3 EKBfltr;ENE Keyboard Controller;C:\WINDOWS\system32\DRIVERS\EKBfltr.sys [2005-07-28 11:53]
R3 LVPrcMon;Logitech LVPrcMon Driver;C:\WINDOWS\system32\drivers\LVPrcMon.sys [2005-12-09 16:37]
R3 NvcMFlt;NvcMFlt;C:\WINDOWS\system32\DRIVERS\nvcw32mf.sys [2008-02-11 15:56]
R3 nvcoas;Norman Virus Control on-access component;C:\Norman\Nvc\bin\nvcoas.exe [2007-12-12 12:45]
R3 NVCScheduler;Norman Virus Control Scheduler;C:\Norman\Nvc\BIN\NVCSCHED.EXE [2007-05-23 13:23]
S3 fixustor;fixustor;C:\WINDOWS\system32\drivers\fixustor.sys [2005-08-17 20:25]
S3 NCBULK;NetChip USB client driver;C:\WINDOWS\system32\drivers\NcBulk.sys [2005-06-01 05:46]
S3 nvcfsr;nvcfsr;C:\Norman\Nvc\bin\nvcfsr.sys [2007-01-09 15:25]
S3 nvcoafl51;nvcoafl51;C:\Norman\Nvc\bin\nvcoafl51.sys [2007-01-09 15:25]
S3 nvcoaft51;nvcoaft51;C:\Norman\Nvc\bin\nvcoaft51.sys [2007-01-09 15:25]
S3 nvcoarc51;nvcoarc51;C:\Norman\Nvc\bin\nvcoarc51.sys [2007-01-09 15:25]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{16e429ba-0e1d-11dd-b4ed-0014a56dd8d6}]
\Shell\AutoRun\command - F:\setup.exe AUTORUN=1

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{cd1aeaea-d34a-11dc-b4a4-0014a56dd8d6}]
\Shell\AutoRun\command - E:\LaunchU3.exe

.
'Ajoitetut tehtävät'-kansion sisältö
"2008-06-05 15:27:55 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe
.
**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-06-11 19:11:34
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2008-06-11 19:14:06
ComboFix-quarantined-files.txt 2008-06-11 16:14:01
ComboFix2.txt 2008-06-11 14:55:37

Pre-Run: 23,371,890,688 tavua vapaana
Post-Run: 23,363,354,624 tavua vapaana

157 --- E O F --- 2008-06-11 00:18:04

Käynnistin koneen uudelleen noiden toimenpiteiden jälkeen ja ainakin se aikaisempi virheilmoitus oli kadonnut!
Laitan vielä tuoreimman hjt-loginkin..

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 19:41:28, on 11.6.2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16674)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Norman\Npm\bin\ELOGSVC.EXE
C:\Norman\Npm\Bin\Zanda.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
c:\program files\common files\logitech\lvmvfm\LVPrcSrv.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\WINDOWS\system32\UMonit.exe
C:\WINDOWS\RTHDCPL.EXE
C:\WINDOWS\sm56hlpr.exe
C:\Program Files\Power Manager\PM.exe
C:\Norman\Npm\bin\ZLH.EXE
C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe
C:\Program Files\Logitech\Video\CameraAssistant.exe
C:\WINDOWS\system32\ElkCtrl.exe
C:\WINDOWS\system32\LVCOMSX.EXE
C:\Program Files\PowerISO\PWRISOVM.EXE
C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
C:\Norman\Nvc\BIN\NIP.EXE
C:\Program Files\IObit\Advanced WindowsCare 3 Beta\AWC.exe
C:\WINDOWS\system32\svchost.exe
C:\Norman\Npm\bin\NJEEVES.EXE
C:\Norman\Nvc\BIN\NVCSCHED.EXE
C:\Norman\Nvc\bin\nvcoas.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\Norman\Nvc\bin\cclaw.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.fi/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Linkit
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: Windows Liven kirjautumisapuohjelma - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O4 - HKLM\..\Run: [High Definition Audio -ominaisuussivun pikakuvake] HDAShCut.exe
O4 - HKLM\..\Run: [ATIPTA] "C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe"
O4 - HKLM\..\Run: [UMonit] C:\WINDOWS\system32\UMonit.exe
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [SMSERIAL] sm56hlpr.exe
O4 - HKLM\..\Run: [PowerManager] C:\Program Files\Power Manager\PM.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [Norman ZANDA] C:\Norman\Npm\bin\ZLH.EXE /LOAD /SPLASH
O4 - HKLM\..\Run: [LogitechVideo[inspector]] C:\Program Files\Logitech\Video\InstallHelper.exe /inspect
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe"
O4 - HKLM\..\Run: [LogitechCameraAssistant] C:\Program Files\Logitech\Video\CameraAssistant.exe
O4 - HKLM\..\Run: [LogitechCameraService(E)] C:\WINDOWS\system32\ElkCtrl.exe /automation
O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\system32\LVCOMSX.EXE
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb10.exe
O4 - HKLM\..\Run: [PWRISOVM.EXE] C:\Program Files\PowerISO\PWRISOVM.EXE
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [LDM] C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
O4 - HKCU\..\Run: [Advanced WindowsCare 3] "C:\Program Files\IObit\Advanced WindowsCare 3 Beta\AWC.exe" /startup
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Paikallinen palve')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Verkkopalve')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: @c:\Program Files\Messenger\Msgslang.dll,-61144 - {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: @c:\Program Files\Messenger\Msgslang.dll,-61144 - {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab
O18 - Protocol: bw+0 - {C08B645C-6D45-42C3-9C42-0455CE632F2D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw+0s - {C08B645C-6D45-42C3-9C42-0455CE632F2D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw-0 - {C08B645C-6D45-42C3-9C42-0455CE632F2D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw-0s - {C08B645C-6D45-42C3-9C42-0455CE632F2D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw00 - {C08B645C-6D45-42C3-9C42-0455CE632F2D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw00s - {C08B645C-6D45-42C3-9C42-0455CE632F2D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw10 - {C08B645C-6D45-42C3-9C42-0455CE632F2D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw10s - {C08B645C-6D45-42C3-9C42-0455CE632F2D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw20 - {C08B645C-6D45-42C3-9C42-0455CE632F2D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw20s - {C08B645C-6D45-42C3-9C42-0455CE632F2D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw30 - {C08B645C-6D45-42C3-9C42-0455CE632F2D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw30s - {C08B645C-6D45-42C3-9C42-0455CE632F2D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw40 - {C08B645C-6D45-42C3-9C42-0455CE632F2D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw40s - {C08B645C-6D45-42C3-9C42-0455CE632F2D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw50 - {C08B645C-6D45-42C3-9C42-0455CE632F2D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw50s - {C08B645C-6D45-42C3-9C42-0455CE632F2D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw60 - {C08B645C-6D45-42C3-9C42-0455CE632F2D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw60s - {C08B645C-6D45-42C3-9C42-0455CE632F2D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw70 - {C08B645C-6D45-42C3-9C42-0455CE632F2D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw70s - {C08B645C-6D45-42C3-9C42-0455CE632F2D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw80 - {C08B645C-6D45-42C3-9C42-0455CE632F2D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw80s - {C08B645C-6D45-42C3-9C42-0455CE632F2D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw90 - {C08B645C-6D45-42C3-9C42-0455CE632F2D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw90s - {C08B645C-6D45-42C3-9C42-0455CE632F2D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwa0 - {C08B645C-6D45-42C3-9C42-0455CE632F2D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwa0s - {C08B645C-6D45-42C3-9C42-0455CE632F2D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwb0 - {C08B645C-6D45-42C3-9C42-0455CE632F2D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwb0s - {C08B645C-6D45-42C3-9C42-0455CE632F2D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwc0 - {C08B645C-6D45-42C3-9C42-0455CE632F2D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwc0s - {C08B645C-6D45-42C3-9C42-0455CE632F2D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwd0 - {C08B645C-6D45-42C3-9C42-0455CE632F2D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwd0s - {C08B645C-6D45-42C3-9C42-0455CE632F2D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwe0 - {C08B645C-6D45-42C3-9C42-0455CE632F2D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwe0s - {C08B645C-6D45-42C3-9C42-0455CE632F2D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwf0 - {C08B645C-6D45-42C3-9C42-0455CE632F2D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwf0s - {C08B645C-6D45-42C3-9C42-0455CE632F2D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
O18 - Protocol: bwg0 - {C08B645C-6D45-42C3-9C42-0455CE632F2D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwg0s - {C08B645C-6D45-42C3-9C42-0455CE632F2D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwh0 - {C08B645C-6D45-42C3-9C42-0455CE632F2D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwh0s - {C08B645C-6D45-42C3-9C42-0455CE632F2D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwi0 - {C08B645C-6D45-42C3-9C42-0455CE632F2D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwi0s - {C08B645C-6D45-42C3-9C42-0455CE632F2D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwj0 - {C08B645C-6D45-42C3-9C42-0455CE632F2D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwj0s - {C08B645C-6D45-42C3-9C42-0455CE632F2D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwk0 - {C08B645C-6D45-42C3-9C42-0455CE632F2D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwk0s - {C08B645C-6D45-42C3-9C42-0455CE632F2D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwl0 - {C08B645C-6D45-42C3-9C42-0455CE632F2D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwl0s - {C08B645C-6D45-42C3-9C42-0455CE632F2D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwm0 - {C08B645C-6D45-42C3-9C42-0455CE632F2D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwm0s - {C08B645C-6D45-42C3-9C42-0455CE632F2D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwn0 - {C08B645C-6D45-42C3-9C42-0455CE632F2D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwn0s - {C08B645C-6D45-42C3-9C42-0455CE632F2D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwo0 - {C08B645C-6D45-42C3-9C42-0455CE632F2D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwo0s - {C08B645C-6D45-42C3-9C42-0455CE632F2D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwp0 - {C08B645C-6D45-42C3-9C42-0455CE632F2D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwp0s - {C08B645C-6D45-42C3-9C42-0455CE632F2D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwq0 - {C08B645C-6D45-42C3-9C42-0455CE632F2D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwq0s - {C08B645C-6D45-42C3-9C42-0455CE632F2D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwr0 - {C08B645C-6D45-42C3-9C42-0455CE632F2D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwr0s - {C08B645C-6D45-42C3-9C42-0455CE632F2D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bws0 - {C08B645C-6D45-42C3-9C42-0455CE632F2D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bws0s - {C08B645C-6D45-42C3-9C42-0455CE632F2D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwt0 - {C08B645C-6D45-42C3-9C42-0455CE632F2D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwt0s - {C08B645C-6D45-42C3-9C42-0455CE632F2D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwu0 - {C08B645C-6D45-42C3-9C42-0455CE632F2D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwu0s - {C08B645C-6D45-42C3-9C42-0455CE632F2D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwv0 - {C08B645C-6D45-42C3-9C42-0455CE632F2D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwv0s - {C08B645C-6D45-42C3-9C42-0455CE632F2D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bww0 - {C08B645C-6D45-42C3-9C42-0455CE632F2D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bww0s - {C08B645C-6D45-42C3-9C42-0455CE632F2D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwx0 - {C08B645C-6D45-42C3-9C42-0455CE632F2D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwx0s - {C08B645C-6D45-42C3-9C42-0455CE632F2D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwy0 - {C08B645C-6D45-42C3-9C42-0455CE632F2D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwy0s - {C08B645C-6D45-42C3-9C42-0455CE632F2D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwz0 - {C08B645C-6D45-42C3-9C42-0455CE632F2D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwz0s - {C08B645C-6D45-42C3-9C42-0455CE632F2D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: offline-8876480 - {C08B645C-6D45-42C3-9C42-0455CE632F2D} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: Norman eLogger service 6 (eLoggerSvc6) - Norman ASA - C:\Norman\Npm\bin\ELOGSVC.EXE
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Logitech Process Monitor (LVPrcSrv) - Logitech Inc. - c:\program files\common files\logitech\lvmvfm\LVPrcSrv.exe
O23 - Service: Norman NJeeves - Unknown owner - C:\Norman\Npm\bin\NJEEVES.EXE
O23 - Service: Norman ZANDA - Norman ASA - C:\Norman\Npm\Bin\Zanda.exe
O23 - Service: Norman Virus Control on-access component (nvcoas) - Norman ASA - C:\Norman\Nvc\bin\nvcoas.exe
O23 - Service: Norman Virus Control Scheduler (NVCScheduler) - Norman ASA - C:\Norman\Nvc\BIN\NVCSCHED.EXE
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe

--
End of file - 19413 bytes

[ + lainaa]

Hujo

Suspended permanently

11. kesäkuuta 2008 @ 20:12

Linkki tähän viestiin

Poista lisää poista sovelutuksesta

Logitech Desktop Messenger

==============

Lataa Malwarebytes' Anti-Malware työpöydällesi.

1. Tuplaklikkaa mbam-setup.exe ja seuraa ohjeita asentaaksesi ohjelman.
2. Lopuksi varmistu, että seuraavat on valittu: Update Malwarebytes', Anti-Malwareja
Launch Malwarebytes' Anti-Malware ja sen jälkeen klikkaaFinish.
3. Jos päivitys löytyy. ohjelma lataa ja asentaa uusimman version.
4. Kun ohjelma on latautunut, valitse Perform full scan ja klikkaa Scan.
5. Kun skanni on valmis, klikkaa OK ja sitten Show Results nähdäksesi tulokset.
6. Varmistu, että kaikki on merkitty ja klikkaa Remove Selected.
7. Tämän jälkeen loki avautuu muistioon. Tallenna se paikkaan, josta löydät sen helposti. Loki
löytyy myös täältä: C:\Documents and Settings\Käyttäjänimi\Application
Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\log-päiväys.txt
8. Lähetä lokin sisältö seuraavassa viestissäsi.

[ + lainaa]

Voiko tietsikka koskaan toimia?

tupla3

Newbie

11. kesäkuuta 2008 @ 21:21

Linkki tähän viestiin

Malwarebytes' Anti-Malware 1.17
Tietokantaversio: 848

21:18:46 11.6.2008
mbam-log-6-11-2008 (21-18-46).txt

Tarkistustyyppi: Täysi tarkistus (C:\|)
Tarkistetut kohteet: 95278
Kulunut aika: 55 minute(s), 8 second(s)

Saastuneita muistiprosesseja: 0
Saastuneita muistimoduuleja: 0
Saastuneita rekisteriavaimia: 3
Saastuneita rekisteriarvoja: 0
Saastuneita rekisterikohteita: 0
Saastuneita hakemistoja: 0
Saastuneita tiedostoja: 0

Saastuneita muistiprosesseja:
(Haitallisia kohteita ei löydetty)

Saastuneita muistimoduuleja:
(Haitallisia kohteita ei löydetty)

Saastuneita rekisteriavaimia:
HKEY_CURRENT_USER\Software\Microsoft\affri (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\affri (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MS Juan (Malware.Trace) -> Quarantined and deleted successfully.

Saastuneita rekisteriarvoja:
(Haitallisia kohteita ei löydetty)

Saastuneita rekisterikohteita:
(Haitallisia kohteita ei löydetty)

Saastuneita hakemistoja:
(Haitallisia kohteita ei löydetty)

Saastuneita tiedostoja:
(Haitallisia kohteita ei löydetty)

Seuraavat toimenpiteet..?

[ + lainaa]

Hujo

Suspended permanently

11. kesäkuuta 2008 @ 21:35

Linkki tähän viestiin

scannaa uusi hjt:n loki

[ + lainaa]

Voiko tietsikka koskaan toimia?

tupla3

Newbie

11. kesäkuuta 2008 @ 21:48

Linkki tähän viestiin

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 21:43:40, on 11.6.2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16674)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Norman\Npm\bin\ELOGSVC.EXE
C:\Norman\Npm\Bin\Zanda.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
c:\program files\common files\logitech\lvmvfm\LVPrcSrv.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\WINDOWS\system32\UMonit.exe
C:\WINDOWS\RTHDCPL.EXE
C:\WINDOWS\sm56hlpr.exe
C:\Program Files\Power Manager\PM.exe
C:\Norman\Npm\bin\ZLH.EXE
C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe
C:\Program Files\Logitech\Video\CameraAssistant.exe
C:\WINDOWS\system32\ElkCtrl.exe
C:\WINDOWS\system32\LVCOMSX.EXE
C:\Program Files\PowerISO\PWRISOVM.EXE
C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\IObit\Advanced WindowsCare 3 Beta\AWC.exe
C:\Norman\Nvc\BIN\NIP.EXE
C:\WINDOWS\system32\svchost.exe
C:\Norman\Npm\bin\NJEEVES.EXE
C:\Norman\Nvc\BIN\NVCSCHED.EXE
C:\Norman\Nvc\bin\nvcoas.exe
C:\Norman\Nvc\bin\cclaw.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.fi/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Linkit
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: Windows Liven kirjautumisapuohjelma - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O4 - HKLM\..\Run: [High Definition Audio -ominaisuussivun pikakuvake] HDAShCut.exe
O4 - HKLM\..\Run: [ATIPTA] "C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe"
O4 - HKLM\..\Run: [UMonit] C:\WINDOWS\system32\UMonit.exe
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [SMSERIAL] sm56hlpr.exe
O4 - HKLM\..\Run: [PowerManager] C:\Program Files\Power Manager\PM.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [Norman ZANDA] C:\Norman\Npm\bin\ZLH.EXE /LOAD /SPLASH
O4 - HKLM\..\Run: [LogitechVideo[inspector]] C:\Program Files\Logitech\Video\InstallHelper.exe /inspect
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe"
O4 - HKLM\..\Run: [LogitechCameraAssistant] C:\Program Files\Logitech\Video\CameraAssistant.exe
O4 - HKLM\..\Run: [LogitechCameraService(E)] C:\WINDOWS\system32\ElkCtrl.exe /automation
O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\system32\LVCOMSX.EXE
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb10.exe
O4 - HKLM\..\Run: [PWRISOVM.EXE] C:\Program Files\PowerISO\PWRISOVM.EXE
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Advanced WindowsCare 3] "C:\Program Files\IObit\Advanced WindowsCare 3 Beta\AWC.exe" /startup
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Paikallinen palve')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Verkkopalve')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: @c:\Program Files\Messenger\Msgslang.dll,-61144 - {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: @c:\Program Files\Messenger\Msgslang.dll,-61144 - {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: Norman eLogger service 6 (eLoggerSvc6) - Norman ASA - C:\Norman\Npm\bin\ELOGSVC.EXE
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Logitech Process Monitor (LVPrcSrv) - Logitech Inc. - c:\program files\common files\logitech\lvmvfm\LVPrcSrv.exe
O23 - Service: Norman NJeeves - Unknown owner - C:\Norman\Npm\bin\NJEEVES.EXE
O23 - Service: Norman ZANDA - Norman ASA - C:\Norman\Npm\Bin\Zanda.exe
O23 - Service: Norman Virus Control on-access component (nvcoas) - Norman ASA - C:\Norman\Nvc\bin\nvcoas.exe
O23 - Service: Norman Virus Control Scheduler (NVCScheduler) - Norman ASA - C:\Norman\Nvc\BIN\NVCSCHED.EXE
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe

--
End of file - 7167 bytes

[ + lainaa]

Hujo

Suspended permanently

11. kesäkuuta 2008 @ 21:54

Linkki tähän viestiin

kunnossa kuinkas kone toimii

[ + lainaa]

Voiko tietsikka koskaan toimia?

tupla3

Newbie

11. kesäkuuta 2008 @ 22:00

Linkki tähän viestiin

Hyvä! Näyttäisi ja tuntuisi toimivan ihan normaalisti, tai jopa tehokkaammin kuin mitä ennen näitä siivous-episodeja, sillä tais siellä jotain aikaisempiakin pöpöjä olla ja turhia ohjelmia..

Voiko nuo "ylimääräiset" torjunta/skannaus ohjelmat nyt poistaa koneelta ja voiko esim live messengerin asentaa uudestaan ilman pelkoa, että vielä levittäisin tai lähettäisin mesevirusta eteenpäin..?

[ + lainaa]

Hujo

Suspended permanently

11. kesäkuuta 2008 @ 22:12

Linkki tähän viestiin

Tätä älä poista Malwarebytes' Anti-Malware

=================

Kirjoita windowsin käynnistävalikon suorita-kenttään ComboFix.exe /u paina OK

==================

voihan sen mesen koneelle laittaa mutta ei pidä aukoa linkejä tai jotain lataus juttuja mitä mesen kautta tarjotaan sillä siellä voi sen kaverin kone olla saastunut ja taas on msn virus koneella jos aukaset

[ + lainaa]

Voiko tietsikka koskaan toimia?

Viestiä on muokattu lähettämisen jälkeen. Viimeisin muokkaus 11. kesäkuuta 2008 @ 22:16

tupla3

Newbie

11. kesäkuuta 2008 @ 22:51

Linkki tähän viestiin

OK!

Ajan vielä Nortonit ja Ad-awaret yön aikana läpi..
Palaan asiaan jos vielä jotain probleemia esiin putkahtaa,
vaikka nyt aika hyvältä jo näyttääkin..

Tuhannet kiitokset avusta, vaivannäöstä ja vinkeistä!!

Ja hyvää kesän jatkoa, toivottavasti ei mene koko kesää meidän tumpeloiden jelppimiseen..:)

[ + lainaa]

Mainos

tupla3

Newbie

17. kesäkuuta 2008 @ 19:02

Linkki tähän viestiin

Moi! muuten on kone toiminut hyvin ja mitään viruksia tai muita menninkäisiä ei enää ole löytynyt, mutta messengeriä uudelleen asennettaessa tulee vielä pieni ongelma johon asennus keskeytyy.

Eli "Windows live-asennusongelma" -ikkuna ilmestyy ruutuun ja siinä lukee:

"Tässä asennuksessa ilmeni ongelma.
Järjestelmävirheen tiedot
koodi: 0x8000ffff
kuvaus: kriittinen virhe "

Oisko tällaseen probleemaan vielä ohjetta tai vinkkiä..?

[ + lainaa]

Vastaa

Aloita uusi viestiketju

afterdawn.com > keskustelu > yleistä keskustelua tietokoneista > virukset ja haittaohjelmat - hijackthis -logit > messengeri virus + hoojiitee-logi


		Käyttäjä	Salasana

		Puuttuuko tunnus? Liity jäseneksi nyt!. Salasana hukassa? Klikkaa tästä.