Haittaohjelmia??

BrollyFIN · 17.03.2007

Onko koneessani haittaohjelmia??

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\TIETOT~1\backweb\227364\Program\SERVIC~1.EXE
C:\Program Files\Tietoturvapalvelu\Anti-Virus\fsgk32st.exe
C:\Program Files\Tietoturvapalvelu\Anti-Virus\FSGK32.EXE
C:\Program Files\Tietoturvapalvelu\backweb\227364\program\fsbwsys.exe
C:\Program Files\Tietoturvapalvelu\Common\FSMA32.EXE
C:\Program Files\Tietoturvapalvelu\Anti-Virus\fssm32.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Tietoturvapalvelu\Common\FSMB32.EXE
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Tietoturvapalvelu\Common\FCH32.EXE
C:\Program Files\Tietoturvapalvelu\Common\FAMEH32.EXE
C:\Program Files\Tietoturvapalvelu\Anti-Virus\fsrw.exe
C:\Program Files\Tietoturvapalvelu\FWES\Program\fsdfwd.exe
C:\Program Files\Tietoturvapalvelu\Anti-Virus\fsav32.exe
C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\COMPAQ\Easy Access Button Support\StartEAK.exe
C:\Program Files\Compaq\Easy Access Button Support\CPQEAKSYSTEMTRAY.EXE
C:\Program Files\Compaq\Easy Access Button Support\CPQEADM.EXE
C:\Compaq\EAKDRV\EAUSBKBD.EXE
C:\Program Files\Analog Devices\SoundMAX\SMTray.exe
C:\Program Files\Analog Devices\SoundMAX\DrvLsnr.exe
C:\PROGRA~1\Compaq\EASYAC~1\BttnServ.exe
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Tietoturvapalvelu\Common\FSM32.EXE
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\D-Tools\daemon.exe
C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe
C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
C:\Program Files\Windows Media Player\WMPNSCFG.exe
C:\PROGRA~1\TIETOT~1\ANTI-S~1\fsaw.exe
C:\Program Files\Tietoturvapalvelu\FSGUI\fsguidll.exe
C:\Program Files\Logitech\SetPoint\SetPoint.exe
C:\Program Files\Common Files\Microsoft Shared\Works Shared\wkcalrem.exe
C:\Program Files\Tietoturvapalvelu\backweb\227364\Program\fspex.exe
C:\Program Files\Common Files\Logitech\KHAL\KHALMNPR.EXE
C:\Program Files\Common Files\Nokia\MPAPI\MPAPI3s.exe
C:\Program Files\MAIET\GunZ\Gunz.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Program Files\MAIET\GunZ\Gunz.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://search.fi.soneraplaza.net/cgi/sonera-ie5
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://gunz.ijji.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.soneraplaza.fi
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://search.presario.net/scripts/...rchredir2.dll?c=1c02&lc=040b&s=search&ap=b204
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://search.presario.net/scripts/...rchredir2.dll?c=1c02&lc=040b&s=search&ap=b204
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.soneraplaza.fi/
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = proxy.dial.inet.fi:800
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.fi;*.*.fi;*.*.*.fi;<local>
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Linkit
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\DOCUME~1\ANTTIC~1.000\TYPYT~1\Antti\OHOJEL~1\SPYBOT~1\SDHelper.dll (file missing)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: (no name) - {CCFB3D08-F0F6-95D3-5760-543F006EF643} - C:\DOCUME~1\nissila\APPLIC~1\DEAFCOMP\Phone inter.exe (file missing)
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [CPQEASYACC] C:\Program Files\COMPAQ\Easy Access Button Support\StartEAK.exe
O4 - HKLM\..\Run: [WCOLOREAL] "C:\Program Files\COMPAQ\Coloreal\coloreal.exe"
O4 - HKLM\..\Run: [srmclean] C:\Cpqs\Scom\srmclean.exe
O4 - HKLM\..\Run: [Smapp] C:\Program Files\Analog Devices\SoundMAX\SMTray.exe
O4 - HKLM\..\Run: [Microsoft Works Portfolio] C:\Program Files\Microsoft Works\WksSb.exe /AllUsers
O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Program Files\Microsoft Works\WkDetect.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [DrvLsnr] C:\Program Files\Analog Devices\SoundMAX\DrvLsnr.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [F-Secure Manager] "C:\Program Files\Tietoturvapalvelu\Common\FSM32.EXE" /splash
O4 - HKLM\..\Run: [F-Secure TNB] "C:\Program Files\Tietoturvapalvelu\TNB\TNBUtil.exe" /CHECKALL /WAITFORSW
O4 - HKLM\..\Run: [F-Secure Startup Wizard] "C:\Program Files\Tietoturvapalvelu\FSGUI\FSSW.EXE" /reboot
O4 - HKLM\..\Run: [News Service] "C:\Program Files\Tietoturvapalvelu\FSGUI\ispnews.exe"
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [startkey] C:\WINDOWS\system32\server.exe
O4 - HKLM\..\Run: [DAEMON Tools-1033] "C:\Program Files\D-Tools\daemon.exe" -lang 1033
O4 - HKLM\..\Run: [PCSuiteTrayApplication] C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe -startup
O4 - HKLM\..\Run: [Logitech Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [Timedownload] C:\DOCUME~1\nissila\APPLIC~1\BLAHME~1\Tons knob.exe
O4 - HKCU\..\Run: [PcSync] C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog
O4 - HKCU\..\Run: [startkey] C:\WINDOWS\system32\server.exe
O4 - HKCU\..\Run: [Steam] "C:\Program Files\Steam2\Steam.exe" -silent
O4 - HKCU\..\Run: [LDM] C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe
O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\SetPoint.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: Microsoft Works Kalenterin muistutukset.lnk = ?
O4 - Global Startup: Tietoturvapalvelu.lnk = C:\Program Files\Tietoturvapalvelu\backweb\227364\Program\fspex.exe
O8 - Extra context menu item: &Estä tämä kohoikkuna - C:\Program Files\Tietoturvapalvelu\Anti-Spyware\blockpopups.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: IE-suojaus - {300DB664-75B5-47c0-8B45-A44ACCF73C00} - C:\Program Files\Tietoturvapalvelu\Anti-Spyware\ieshield.dll
O9 - Extra 'Tools' menuitem: IE-suojaus... - {300DB664-75B5-47c0-8B45-A44ACCF73C00} - C:\Program Files\Tietoturvapalvelu\Anti-Spyware\ieshield.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
O14 - IERESET.INF: START_PAGE_URL=http://www.soneraplaza.fi
O16 - DPF: Genimap Esc Map Applet - http://www.genimap.com/Esc/applet/esc/objects1322/GenimapEscApplet.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {1754A1BA-A1DF-4F10-B199-AA55AA1A120F} (InstallerBehaviorFactory Class) - https://signup.msn.com/pages/MsnInstC.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupdate.microsoft.c...ls/en/x86/client/wuweb_site.cab?1098167980211
O16 - DPF: {CD995117-98E5-4169-9920-6C12D4C0B548} (HGPlugin9USA Class) - http://gamedownload.ijjimax.com/gamedownload/dist/hgstart/HGPlugin9USA.cab
O16 - DPF: {DD583921-A9E9-4FBF-9266-8DC2AB5EA0AF} (HGPlugin10USA Class) - http://gamedownload.ijjimax.com/gamedownload/dist/hgstart/HGPlugin10USA.cab
O18 - Protocol: bw+0 - {20AAC2F8-5C42-4E97-BF67-F215E523AF1F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw+0s - {20AAC2F8-5C42-4E97-BF67-F215E523AF1F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw-0 - {20AAC2F8-5C42-4E97-BF67-F215E523AF1F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw-0s - {20AAC2F8-5C42-4E97-BF67-F215E523AF1F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw00 - {20AAC2F8-5C42-4E97-BF67-F215E523AF1F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw00s - {20AAC2F8-5C42-4E97-BF67-F215E523AF1F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw10 - {20AAC2F8-5C42-4E97-BF67-F215E523AF1F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw10s - {20AAC2F8-5C42-4E97-BF67-F215E523AF1F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw20 - {20AAC2F8-5C42-4E97-BF67-F215E523AF1F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw20s - {20AAC2F8-5C42-4E97-BF67-F215E523AF1F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw30 - {20AAC2F8-5C42-4E97-BF67-F215E523AF1F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw30s - {20AAC2F8-5C42-4E97-BF67-F215E523AF1F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw40 - {20AAC2F8-5C42-4E97-BF67-F215E523AF1F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw40s - {20AAC2F8-5C42-4E97-BF67-F215E523AF1F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw50 - {20AAC2F8-5C42-4E97-BF67-F215E523AF1F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw50s - {20AAC2F8-5C42-4E97-BF67-F215E523AF1F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw60 - {20AAC2F8-5C42-4E97-BF67-F215E523AF1F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw60s - {20AAC2F8-5C42-4E97-BF67-F215E523AF1F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw70 - {20AAC2F8-5C42-4E97-BF67-F215E523AF1F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw70s - {20AAC2F8-5C42-4E97-BF67-F215E523AF1F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw80 - {20AAC2F8-5C42-4E97-BF67-F215E523AF1F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw80s - {20AAC2F8-5C42-4E97-BF67-F215E523AF1F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw90 - {20AAC2F8-5C42-4E97-BF67-F215E523AF1F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw90s - {20AAC2F8-5C42-4E97-BF67-F215E523AF1F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwa0 - {20AAC2F8-5C42-4E97-BF67-F215E523AF1F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwa0s - {20AAC2F8-5C42-4E97-BF67-F215E523AF1F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwb0 - {20AAC2F8-5C42-4E97-BF67-F215E523AF1F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwb0s - {20AAC2F8-5C42-4E97-BF67-F215E523AF1F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwc0 - {20AAC2F8-5C42-4E97-BF67-F215E523AF1F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwc0s - {20AAC2F8-5C42-4E97-BF67-F215E523AF1F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwd0 - {20AAC2F8-5C42-4E97-BF67-F215E523AF1F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwd0s - {20AAC2F8-5C42-4E97-BF67-F215E523AF1F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwe0 - {20AAC2F8-5C42-4E97-BF67-F215E523AF1F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwe0s - {20AAC2F8-5C42-4E97-BF67-F215E523AF1F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwf0 - {20AAC2F8-5C42-4E97-BF67-F215E523AF1F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwf0s - {20AAC2F8-5C42-4E97-BF67-F215E523AF1F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
O18 - Protocol: bwg0 - {20AAC2F8-5C42-4E97-BF67-F215E523AF1F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwg0s - {20AAC2F8-5C42-4E97-BF67-F215E523AF1F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwh0 - {20AAC2F8-5C42-4E97-BF67-F215E523AF1F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwh0s - {20AAC2F8-5C42-4E97-BF67-F215E523AF1F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwi0 - {20AAC2F8-5C42-4E97-BF67-F215E523AF1F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwi0s - {20AAC2F8-5C42-4E97-BF67-F215E523AF1F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwj0 - {20AAC2F8-5C42-4E97-BF67-F215E523AF1F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwj0s - {20AAC2F8-5C42-4E97-BF67-F215E523AF1F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwk0 - {20AAC2F8-5C42-4E97-BF67-F215E523AF1F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwk0s - {20AAC2F8-5C42-4E97-BF67-F215E523AF1F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwl0 - {20AAC2F8-5C42-4E97-BF67-F215E523AF1F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwl0s - {20AAC2F8-5C42-4E97-BF67-F215E523AF1F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwm0 - {20AAC2F8-5C42-4E97-BF67-F215E523AF1F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwm0s - {20AAC2F8-5C42-4E97-BF67-F215E523AF1F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwn0 - {20AAC2F8-5C42-4E97-BF67-F215E523AF1F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwn0s - {20AAC2F8-5C42-4E97-BF67-F215E523AF1F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwo0 - {20AAC2F8-5C42-4E97-BF67-F215E523AF1F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwo0s - {20AAC2F8-5C42-4E97-BF67-F215E523AF1F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwp0 - {20AAC2F8-5C42-4E97-BF67-F215E523AF1F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwp0s - {20AAC2F8-5C42-4E97-BF67-F215E523AF1F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwq0 - {20AAC2F8-5C42-4E97-BF67-F215E523AF1F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwq0s - {20AAC2F8-5C42-4E97-BF67-F215E523AF1F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwr0 - {20AAC2F8-5C42-4E97-BF67-F215E523AF1F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwr0s - {20AAC2F8-5C42-4E97-BF67-F215E523AF1F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bws0 - {20AAC2F8-5C42-4E97-BF67-F215E523AF1F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bws0s - {20AAC2F8-5C42-4E97-BF67-F215E523AF1F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwt0 - {20AAC2F8-5C42-4E97-BF67-F215E523AF1F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwt0s - {20AAC2F8-5C42-4E97-BF67-F215E523AF1F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwu0 - {20AAC2F8-5C42-4E97-BF67-F215E523AF1F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwu0s - {20AAC2F8-5C42-4E97-BF67-F215E523AF1F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwv0 - {20AAC2F8-5C42-4E97-BF67-F215E523AF1F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwv0s - {20AAC2F8-5C42-4E97-BF67-F215E523AF1F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bww0 - {20AAC2F8-5C42-4E97-BF67-F215E523AF1F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bww0s - {20AAC2F8-5C42-4E97-BF67-F215E523AF1F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwx0 - {20AAC2F8-5C42-4E97-BF67-F215E523AF1F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwx0s - {20AAC2F8-5C42-4E97-BF67-F215E523AF1F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwy0 - {20AAC2F8-5C42-4E97-BF67-F215E523AF1F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwy0s - {20AAC2F8-5C42-4E97-BF67-F215E523AF1F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwz0 - {20AAC2F8-5C42-4E97-BF67-F215E523AF1F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwz0s - {20AAC2F8-5C42-4E97-BF67-F215E523AF1F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: offline-8876480 - {20AAC2F8-5C42-4E97-BF67-F215E523AF1F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: Tietoturvapalvelu (BackWeb Plug-in - 227364) - BackWeb Technologies Inc. - C:\PROGRA~1\TIETOT~1\backweb\227364\Program\SERVIC~1.EXE
O23 - Service: FSGKHS (F-Secure Gatekeeper Handler Starter) - F-Secure Corp. - C:\Program Files\Tietoturvapalvelu\Anti-Virus\fsgk32st.exe
O23 - Service: fsbwsys - F-Secure Corp. - C:\Program Files\Tietoturvapalvelu\backweb\227364\program\fsbwsys.exe
O23 - Service: F-Secure Anti-Virus Firewall Daemon (FSDFWD) - F-Secure Corporation - C:\Program Files\Tietoturvapalvelu\FWES\Program\fsdfwd.exe
O23 - Service: F-Secure Management Agent (FSMA) - F-Secure Corporation - C:\Program Files\Tietoturvapalvelu\Common\FSMA32.EXE
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe

AfterDawn

kelari · 18.03.2007

Laita tämä logi Virukset ja haittaohjelmat-osioon HijackThis-logit: http://keskustelu.afterdawn.com/forum_view.cfm/198
Aloita uusi viestiketjusi ja kerro ongelmasta sekä liitä HijackThis logi mukaan! Odota rauhassa apua

pkaksp · 18.03.2007

Siirretty oikealle alueelle.

Auttaja · 18.03.2007

No eipä sielä oikeestaan muuta olekkaan.

1. Lataa combofix.exe työpöydällesi jommastakummasta linkistä:
http://www.techsupportforum.com/sectools/sUBs/ComboFix.exe
http://download.bleepingcomputer.com/sUBs/ComboFix.exe

2. Tuplaklikkaa combofix.exe tiedostoa ja seuraa ohjeistuksia.
3. Kun työkalu on valmis, se tuottaa lokin. (C:\ComboFix.txt) Lähetä tämä loki viesti ketjuusi.
Huom! Älä klikkaile combofixin ikkunaa käytön aikana. Tämä saattaa aiheuttaa ohjelman jumiutumisen.

BrollyFIN · 21.03.2007

"nissila" - 07-03-21 14:32:56 Service Pack 2
ComboFix 07-03-21.3 - Running from: "C:\Documents and Settings\nissila\Ty”p”yt„"

(((((((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

C:\WINDOWS\system32\server.exe
C:\install.log

((((((((((((((((((((((((((((((( Files Created from 2007-02-21 to 2007-03-21 ))))))))))))))))))))))))))))))))))

2007-03-20 15:04 <KANSIO> d-------- C:\DOCUME~1\nissila\APPLIC~1\Google
2007-03-20 14:39 <KANSIO> d-------- C:\Program Files\Google
2007-03-20 14:39 <KANSIO> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Google
2007-03-18 10:34 <KANSIO> d-------- C:\Program Files\GameSpy Arcade
2007-03-18 10:14 <KANSIO> d-------- C:\Program Files\Codemasters
2007-03-17 18:48 <KANSIO> d-------- C:\Program Files\LegacyGamers
2007-03-14 17:59 <KANSIO> d-------- C:\Program Files\Xponaut
2007-02-28 09:25 <KANSIO> d-------- C:\DOCUME~1\nissila\APPLIC~1\Logitech
2007-02-27 20:35 118,784 -r------- C:\WINDOWS\bwUnin-7.2.0.137-8876480SL.exe
2007-02-27 20:33 68,992 --a------ C:\WINDOWS\system32\drivers\LMouKE.Sys
2007-02-27 20:33 52,992 --a------ C:\WINDOWS\system32\drivers\L8042mou.Sys
2007-02-27 20:33 49,152 --a------ C:\WINDOWS\KHALMNPR.Exe
2007-02-27 20:33 36,480 --a------ C:\WINDOWS\system32\drivers\LHidUsbK.sys
2007-02-27 20:33 24,704 --a------ C:\WINDOWS\system32\drivers\LHidKE.Sys
2007-02-27 20:33 13,056 --a------ C:\WINDOWS\system32\drivers\L8042Kbd.sys
2007-02-25 12:12 <KANSIO> d-------- C:\Program Files\hero3
2007-02-24 21:08 1,519 -ra------ C:\Program Files\HOMM3.REG
2007-02-24 21:06 96,256 --a------ C:\Program Files\SMACKW32.DLL
2007-02-24 21:06 328,704 --a------ C:\Program Files\MSS32.DLL
2007-02-24 21:06 273,408 --a------ C:\Program Files\mplaynow.exe
2007-02-24 21:06 126,976 --a------ C:\Program Files\BINKW32.DLL
2007-02-24 21:06 109,568 --a------ C:\Program Files\GAMEUP.EXE
2007-02-24 21:06 1,462,272 --a------ C:\Program Files\h3maped.exe
2007-02-24 21:06 <KANSIO> d-------- C:\Program Files\Support
2007-02-24 21:06 <KANSIO> d-------- C:\Program Files\ONLINE
2007-02-24 21:06 <KANSIO> d-------- C:\Program Files\mplayer
2007-02-24 21:06 <KANSIO> d-------- C:\Program Files\mp3
2007-02-24 21:06 <KANSIO> d-------- C:\Program Files\Maps
2007-02-24 21:06 <KANSIO> d-------- C:\Program Files\Heat
2007-02-24 21:06 <KANSIO> d-------- C:\Program Files\games
2007-02-24 20:38 <KANSIO> d-------- C:\Team17
2007-02-24 11:31 <KANSIO> d-------- C:\DOCUME~1\nissila\APPLIC~1\Xfire
2007-02-21 20:42 <KANSIO> d-------- C:\Program Files\Guild Wars

(((((((((((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))))

2007-03-21 14:31 51733 --a------ C:\WINDOWS\system32\plugin1.dat
2007-03-21 14:05 -------- d-------- C:\DOCUME~1\nissila\APPLIC~1\skype
2007-03-21 13:15 -------- d-------- C:\Program Files\dc++
2007-03-20 20:38 -------- d-------- C:\Program Files\steam
2007-03-20 20:36 -------- d-------- C:\Program Files\emule
2007-03-20 19:34 -------- d-------- C:\Program Files\mirc
2007-03-18 10:37 43520 --a------ C:\WINDOWS\system32\cmdlineext03.dll
2007-03-17 18:48 -------- d-------- C:\Program Files\maiet
2007-03-15 18:10 48696 --a------ C:\WINDOWS\system32\perfc00b.dat
2007-03-15 18:10 283620 --a------ C:\WINDOWS\system32\perfh00b.dat
2007-03-14 13:41 111227 --a------ C:\WINDOWS\system32\drivers\dump_wmimmc.sys
2007-02-27 20:34 -------- d--h----- C:\Program Files\installshield installation information
2007-02-27 20:34 -------- d-------- C:\Program Files\logitech
2007-02-24 21:18 -------- d-------- C:\Program Files\data
2007-02-24 11:26 -------- d-------- C:\Program Files\warrock
2007-02-19 16:57 -------- d-------- C:\Program Files\teamspeak2_rc2
2007-02-11 10:33 -------- d-------- C:\Program Files\msn messenger
2007-02-11 10:06 -------- d-------- C:\Program Files\directx
2007-02-10 17:16 -------- d-------- C:\Program Files\gran paradiso
2007-02-08 19:40 -------- d-------- C:\DOCUME~1\nissila\APPLIC~1\hamachi
2007-02-04 20:07 -------- d-------- C:\Program Files\hamachi
2007-02-04 20:06 17480 --a------ C:\WINDOWS\system32\drivers\hamachi.sys
2007-02-02 15:27 -------- d-------- C:\Program Files\xchat
2007-02-02 15:26 -------- d-------- C:\Program Files\game cam v1.4
2007-02-02 14:07 -------- d-------- C:\DOCUME~1\nissila\APPLIC~1\x-chat 2
2007-01-28 15:19 -------- d-------- C:\Program Files\gravity
2007-01-19 12:53 51056 --a------ C:\WINDOWS\system32\sirenacm.dll
2006-12-28 18:13 651571 --a------ C:\DOCUME~1\nissila\APPLIC~1\nmm-metadata.db
2006-12-21 15:36 40960 --a------ C:\WINDOWS\system32\frapsvid.dll

(((((((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))

*Note* empty entries & legit default entries are not shown

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run]
"CTFMON.EXE"="C:\\WINDOWS\\system32\\ctfmon.exe"
"MSMSGS"="\"C:\\Program Files\\Messenger\\msmsgs.exe\" /background"
"Timedownload"="C:\\DOCUME~1\\nissila\\APPLIC~1\\BLAHME~1\\Tons knob.exe"
"PcSync"="C:\\Program Files\\Nokia\\Nokia PC Suite 6\\PcSync2.exe /NoDialog"
"startkey"="C:\\WINDOWS\\system32\\server.exe"
"Steam"="\"C:\\Program Files\\Steam2\\Steam.exe\" -silent"
"LDM"="C:\\Program Files\\Logitech\\Desktop Messenger\\8876480\\Program\\LogitechDesktopMessenger.exe"
"WMPNSCFG"="C:\\Program Files\\Windows Media Player\\WMPNSCFG.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run]
"NvCplDaemon"="RUNDLL32.EXE C:\\WINDOWS\\system32\\NvCpl.dll,NvStartup"
"CPQEASYACC"="C:\\Program Files\\COMPAQ\\Easy Access Button Support\\StartEAK.exe"
"WCOLOREAL"="\"C:\\Program Files\\COMPAQ\\Coloreal\\coloreal.exe\""
"srmclean"="C:\\Cpqs\\Scom\\srmclean.exe"
"Smapp"="C:\\Program Files\\Analog Devices\\SoundMAX\\SMTray.exe"
"Microsoft Works Portfolio"="C:\\Program Files\\Microsoft Works\\WksSb.exe /AllUsers"
"Microsoft Works Update Detection"="C:\\Program Files\\Microsoft Works\\WkDetect.exe"
"AutoLogon"=""
"NeroFilterCheck"="C:\\WINDOWS\\system32\\NeroCheck.exe"
"nwiz"="nwiz.exe /install"
"DrvLsnr"="C:\\Program Files\\Analog Devices\\SoundMAX\\DrvLsnr.exe"
"SunJavaUpdateSched"="C:\\Program Files\\Java\\jre1.5.0_06\\bin\\jusched.exe"
"QuickTime Task"="\"C:\\Program Files\\QuickTime\\qttask.exe\" -atboottime"
"F-Secure Manager"="\"C:\\Program Files\\Tietoturvapalvelu\\Common\\FSM32.EXE\" /splash"
"F-Secure TNB"="\"C:\\Program Files\\Tietoturvapalvelu\\TNB\\TNBUtil.exe\" /CHECKALL /WAITFORSW"
"F-Secure Startup Wizard"="\"C:\\Program Files\\Tietoturvapalvelu\\FSGUI\\FSSW.EXE\" /reboot"
"News Service"="\"C:\\Program Files\\Tietoturvapalvelu\\FSGUI\\ispnews.exe\""
"NvMediaCenter"="RUNDLL32.EXE C:\\WINDOWS\\system32\\NvMcTray.dll,NvTaskbarInit"
"startkey"="C:\\WINDOWS\\system32\\server.exe"
"DAEMON Tools-1033"="\"C:\\Program Files\\D-Tools\\daemon.exe\" -lang 1033"
"PCSuiteTrayApplication"="C:\\Program Files\\Nokia\\Nokia PC Suite 6\\LaunchApplication.exe -startup"
"Logitech Hardware Abstraction Layer"="KHALMNPR.EXE"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\Compaq]
"SetRefresh"="C:\\Program Files\\Compaq\\SetRefresh\\SetRefresh.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\IMAIL]
"Installed"="1"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MAPI]
"Installed"="1"
"NoChange"="1"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MSFS]
"Installed"="1"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\shellserviceobjectdelayload]
"WPDShServiceObj"="{AAA288BA-9A4C-45B0-95D7-94D524869DB5}"

[HKEY_USERS\.default\software\microsoft\windows\currentversion\run]
"PcSync"="C:\\Program Files\\Nokia\\Nokia PC Suite 6\\PcSync2.exe /NoDialog"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
"SecurityProviders"="msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll"

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Svchost]
LocalService REG_MULTI_SZ Alerter\0WebClient\0LmHosts\0RemoteRegistry\0upnphost\0SSDPSRV\0\0
NetworkService REG_MULTI_SZ DnsCache\0\0
rpcss REG_MULTI_SZ RpcSs\0\0
imgsvc REG_MULTI_SZ StiSvc\0\0
termsvcs REG_MULTI_SZ TermService\0\0
HTTPFilter REG_MULTI_SZ HTTPFilter\0\0
DcomLaunch REG_MULTI_SZ DcomLaunch\0TermService\0\0
WudfServiceGroup REG_MULTI_SZ WUDFSvc\0\0

Contents of the 'Scheduled Tasks' folder
C:\WINDOWS\tasks\AppleSoftwareUpdate.job
C:\WINDOWS\tasks\Scheduled scanning task.job

********************************************************************

catchme 0.2 W2K/XP/Vista - userland rootkit detector by Gmer, 17 October 2006
http://www.gmer.net

scanning hidden processes ...

scanning hidden services ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden processes: 0
hidden services: 0
hidden files: 0

********************************************************************

Completion time: 07-03-21 14:37:46

Auttaja · 21.03.2007

Noniin jatketaan:

Lataa NoLop työpöydällesi yhdestä seuraavista linkeistä...
Linkki 1
Linkki 2
Linkki 3

[*]Sulje kaikki ohjelmat, koska tämä vaihe vaatii uudelleenkäynnistyksen
[*]Tuplaklikkaa NoLop.exe ajaaksesi sen
[*]Klikkaa nappulaa "Search and Destroy"
<<Tietokoneesi skannataan saastuneiden tiedostojen osalta>>
[*] Kun skannaus on valmis, sinua pyydetään käynnistämään kone uudestaan, jos infektio löytyy. Klikkaa OK
[*] Klikkaa "REBOOT"-painiketta.
[*] NoLopin pitäisi antaa viesti. Jos ei, tuplaklikkaa ohjelmaa ja se valmistuu. Lähetä C:\NoLop.log-tiedoston sisältö uuden HijackThis-lokin kera.

-- Jos saat seuraavan virheen, "mscomctl.ocx or one of its dependencies are not correctly registered,"
lataa mscomctl.ocx
ja tallenna se system32-hakemistoosi (yleensä c:\Windows\system32). Tämän jälkeen aja ohjelma uudestaan.

*********

Lataa ATF Cleaner
http://www.atribune.org/ccount/click.php?id=1

Tupla-klikkaa ATF-Cleaner.exe käynnistääksesi ohjelman. Main:n alla valitse: Select All
Klikkaa Empty Selected valintaa.
Jos käytät FireFoxia selaimenasi Klikkaa Firefox yläpuolelta ja valitse: Select All
Klikkaa Empty Selected valintaa.
HUOMIO: Jos haluaisit pitää tallennetut salasanasi, klikkaa No kun se sitä kysyy.
Jos käytät Operaa selaimenasi Klikkaa Opera yläpuolelta ja valitse: Select All
Klikkaa Empty Selected valintaa taas.
HUOMIO: Jos haluaisit pitää tallennetut salasanasi, klikkaa No kun se sitä kysyy.
Klikkaa Exit päävalikosta sulkeaksesi ohjelman.
Teknistä tukea tulee jos tupla-klikkaat sähköpostiosoitetta joka sijaitsee jokaisen menun alapuolella kyseisessä työkalussa. (Huomatkaa että se tuki on sitten englanniksi)

*********

Lataa AVG Anti-Spyware 7.5 ja tallenna ohjelma työpöydällesi.

[*]Kun olet ladannut ohjelman, kaksoisklikkaa asennuohjelman pikakuvaketta työpöydälläsi, asennus alkaa.
[*]Asennuksen jälkeen täytyy ohjelma käynnistää ja sen tunnisteet päivittää.
[*]Käynnistä AVG Anti-Spyware.
[*]Klikkaa "Update" kuvaketta päävalikossa. Sen jälkeen klikkaa "Update now" painiketta.
[*]Sitten klikkaa "Start Update" kuvaketta jolloin päivitys alkaa.
[*]Kun päivitykset on ladattu, klikkaa "Scanner" kuvaketta ikkunan ylälaidassa. Valitse sitten "Settings" välilehti.
[*]Kun "Settings" valikko on auennut, klikkaa "Recommended actions" ja sitten valitse "Quarantine".
[*]Sitten "Reports" valikon alta:
[*]Laita täppi kohtaan "Automatically generate report after every scan"
[*]Ota täppi pois kohdasta"Only if threats were found"
[*]Sitten klikkaa "Shield" kuvaketta ikkunan ylälaidassa
[*]"Resident shield is", muuta tila active:sta inactive:ksi
[*]Sulje ohjelma, ÄLÄ skannaa vielä.

Käynnistä tietokone vikasietotilaan:
1. Käynnistä tietokone uudelleen.
2. Kun tietokone käynnistyy, paina F8-näppäintä.
3. Näyttöön tulee erilaisia käynnistysvaihtoehtoja.
4. Valitse näppäimistön nuolinäppäinten avulla Vikasietotila.
5. Paina ENTER-näppäintä.

*********
laita piilotiedostot näkyviin

* Avaa Oma Tietokone.
* Valitse Työkalut ylämenusta ja klikkaa Kansion asetukset.
* Valitse Näytä välilehti.
* Piilotiedostot/kansiot kohdalla valitse Näytä piilotetut tiedostot ja kansiot.
* Poista rasti ruudusta -> Piilota suojatut käyttöjärjestelmätiedostot
* Klikkaa Kyllä varmistaaksesi muutokset.
* Klikkaa OK.
* Muista kanssa laittaa ne piilon takasin!
********

Poista jos löytyy

C:\DOCUME~1\nissila\APPLIC~1\BLAHME~1\

HUOM! Älä käytä muita ohjelmia AVG skannauksen aikana, tämä saattaa häiritä skannausta.
[*]Kun vikasietotilassa, käynnistä AVG Anti-Spyware.
[*]Klikkaa "Scanner" kuvaketta ikkunan ylälaidassa ja valitse "Scan" välilehti. Sitten klikkaa "Complete System Scan".
[*]AVG aloittaa nyt tietokoneen skannaamisen, ole kärsivällinen sillä skannaus vie aikaa.
Kun skannaus on valmis:
TÄRKEÄÄ : Älä klikkaa "Save Scan Report" ennen kuin klikkaat "Apply all Actions"
[*]Varmistu, että Set all elements to: näyttää Quarantine (1), jos ei, klikkaa linkkiä ja valitse Quarantine popup-valikosta.
[*]Sinulta kysytään mitä tehdä jos infektioita löytyi, valitse silloin "Apply all actions"

[*]Sitten klikkaa "Reports" kuvaketta ohjelma yläosasta.
[*]Klikkaa "Save report as" painiketta ikkunan vasemmassa alalaidassa ja tallenna raportti työpöydälle.
[*]Sulje ohjelma, käynnistä kone normaalisti ja lähetä AVG:n raportti viestiketjuusi.

********

Javan päivitys ja välimuistin tyhjennys:

1. Klikkaa Käynnistä -> Ohjauspaneeli ja tupla-klikkaa Lisää tai poista sovellus Ohjauspaneelissa.
2. Etsi listasta kaikki entiset Java versiosi. (J2SE Runtime Environment.... )
Niissä pitäisi olla seuraava kuva vieressä:
3. Valitse kaikki entiset Java versiosi ja valitse Poista.
4. Asenna uusin Java päivitys seuraavasta linkistä..
5. Käynnistä kone uudelleen asennuksen jälkeen:

http://java.sun.com/javase/downloads/index.jsp

Rullaa alas kohteeseen Java Runtime Environment (JRE) 6

Paina Download

Ruksaa Accept, ota offline installation, tallenna vaikka työpöydälle ja asenna se.

6. Käynnistyksen jälkeen, mene takaisin Ohjauspaneeliin ja avaa Java asetuksesi (Muita Ohjauspaneelin asetuksia -> Java kahvikuppi).

7. General Settings -osion alla, vedä liukusäädintä (Disk Space) pienemmälle, ja klikkaa Delete Files -nappia.

(Jotkut javapohjaiset ohjelmat saattavat tarvita enemmän levytilaa.
Jos huomaat säädön pienentämisen jälkeen koneessa hitautta, siirrä liukusäädintä isommalle).

8. Varmista että kaikki kaksi valintaa ovat rastitettuja:

*Applications and Applets

*Trace and Log Files

Ja paina OK -nappia

9. Klikkaa OK "Temporary Files Settings" -ikkunassasi.

10. Klikkaa OK jättääksesi Java asetusikkunasi.

*****

Uusi HIJACKTHIS LOGI

BrollyFIN · 31.03.2007

NoLop! Log by Skate_Punk_21

Fix running from: C:\Documents and Settings\nissila\Työpöytä
[31.3.2007]
[11:23:10]

---Infection Files Found/Removed---
C:\Documents and Settings\All Users\Application Data\Corn Size Browse Poll\logo amen.exe
C:\Documents and Settings\All Users\Application Data\Corn Size Browse Poll\meal mpeg.exe

Beginning Removal...
Rebooting...
Removing Lop's Leftover Files/Folders...
Editing Registry...
**Fix Complete!**

---Listing AppData sub directories---

C:\Documents and Settings\All Users\Application Data\Apple Computer
C:\Documents and Settings\All Users\Application Data\F-secure
C:\Documents and Settings\All Users\Application Data\Google
C:\Documents and Settings\All Users\Application Data\Messenger Plus!
C:\Documents and Settings\All Users\Application Data\Microsoft
C:\Documents and Settings\All Users\Application Data\Msn6
C:\Documents and Settings\All Users\Application Data\Nfs Underground
C:\Documents and Settings\All Users\Application Data\Nview_profiles -- EMPTY Directory
C:\Documents and Settings\All Users\Application Data\Pc Suite
C:\Documents and Settings\All Users\Application Data\Skype
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
C:\Documents and Settings\All Users\Application Data\Temp -- EMPTY Directory
C:\Documents and Settings\All Users\Application Data\Windows Genuine Advantage
C:\Documents and Settings\Antti\Application Data\Hbtools
C:\Documents and Settings\Antti\Application Data\Identities
C:\Documents and Settings\Antti\Application Data\Ispnews
C:\Documents and Settings\Antti\Application Data\Microsoft
C:\Documents and Settings\Antti\Application Data\Shopperreports
C:\Documents and Settings\Antti.cpq31705227882\Application Data\Identities
C:\Documents and Settings\Antti.cpq31705227882\Application Data\Ispnews
C:\Documents and Settings\Antti.cpq31705227882\Application Data\Microsoft
C:\Documents and Settings\Antti.cpq31705227882\Application Data\Pc Suite
C:\Documents and Settings\Antti.cpq31705227882.000\Application Data\Adobe
C:\Documents and Settings\Antti.cpq31705227882.000\Application Data\Ahead
C:\Documents and Settings\Antti.cpq31705227882.000\Application Data\Apple Computer
C:\Documents and Settings\Antti.cpq31705227882.000\Application Data\Bittorrent
C:\Documents and Settings\Antti.cpq31705227882.000\Application Data\Bsplayer
C:\Documents and Settings\Antti.cpq31705227882.000\Application Data\Datalayer
C:\Documents and Settings\Antti.cpq31705227882.000\Application Data\F-secure
C:\Documents and Settings\Antti.cpq31705227882.000\Application Data\Identities
C:\Documents and Settings\Antti.cpq31705227882.000\Application Data\Intertrust
C:\Documents and Settings\Antti.cpq31705227882.000\Application Data\Ispnews
C:\Documents and Settings\Antti.cpq31705227882.000\Application Data\Lavasoft
C:\Documents and Settings\Antti.cpq31705227882.000\Application Data\Macromedia
C:\Documents and Settings\Antti.cpq31705227882.000\Application Data\Microsoft
C:\Documents and Settings\Antti.cpq31705227882.000\Application Data\Mozilla
C:\Documents and Settings\Antti.cpq31705227882.000\Application Data\Nokia
C:\Documents and Settings\Antti.cpq31705227882.000\Application Data\Nokia Multimedia Player
C:\Documents and Settings\Antti.cpq31705227882.000\Application Data\Opera
C:\Documents and Settings\Antti.cpq31705227882.000\Application Data\Pc Suite
C:\Documents and Settings\Antti.cpq31705227882.000\Application Data\Sun
C:\Documents and Settings\Antti.cpq31705227882.000\Application Data\Talkback
C:\Documents and Settings\Antti.cpq31705227882.000\Application Data\Xfire
C:\Documents and Settings\Default User\Application Data\Identities
C:\Documents and Settings\Default User\Application Data\Microsoft
C:\Documents and Settings\Järjestelmänvalvoja\Application Data\Identities
C:\Documents and Settings\Järjestelmänvalvoja\Application Data\Microsoft
C:\Documents and Settings\Localservice\Application Data\Help -- EMPTY Directory
C:\Documents and Settings\Localservice\Application Data\Microsoft
C:\Documents and Settings\Localservice\Application Data\Mozilla
C:\Documents and Settings\Matti\Application Data\F-secure
C:\Documents and Settings\Matti\Application Data\Identities
C:\Documents and Settings\Matti\Application Data\Installshield
C:\Documents and Settings\Matti\Application Data\Ispnews
C:\Documents and Settings\Matti\Application Data\Lavasoft
C:\Documents and Settings\Matti\Application Data\Macromedia
C:\Documents and Settings\Matti\Application Data\Microsoft
C:\Documents and Settings\Matti\Application Data\Mozilla
C:\Documents and Settings\Matti\Application Data\Pc Suite
C:\Documents and Settings\Matti\Application Data\Skype
C:\Documents and Settings\Matti\Application Data\Talkback
C:\Documents and Settings\Networkservice\Application Data\Microsoft
C:\Documents and Settings\Nissila\Application Data\Adobe
C:\Documents and Settings\Nissila\Application Data\Ahead
C:\Documents and Settings\Nissila\Application Data\Bittorrent
C:\Documents and Settings\Nissila\Application Data\Blah Meal Four
C:\Documents and Settings\Nissila\Application Data\Bsplayer
C:\Documents and Settings\Nissila\Application Data\Datalayer
C:\Documents and Settings\Nissila\Application Data\F-secure
C:\Documents and Settings\Nissila\Application Data\Google -- EMPTY Directory
C:\Documents and Settings\Nissila\Application Data\Hamachi
C:\Documents and Settings\Nissila\Application Data\Help -- EMPTY Directory
C:\Documents and Settings\Nissila\Application Data\Identities
C:\Documents and Settings\Nissila\Application Data\Installshield
C:\Documents and Settings\Nissila\Application Data\Intertrust
C:\Documents and Settings\Nissila\Application Data\Intervideo
C:\Documents and Settings\Nissila\Application Data\Ispnews
C:\Documents and Settings\Nissila\Application Data\Jasc
C:\Documents and Settings\Nissila\Application Data\Jasc Software Inc
C:\Documents and Settings\Nissila\Application Data\Lavasoft
C:\Documents and Settings\Nissila\Application Data\Logitech
C:\Documents and Settings\Nissila\Application Data\Macromedia
C:\Documents and Settings\Nissila\Application Data\Media Player Classic
C:\Documents and Settings\Nissila\Application Data\Microsoft
C:\Documents and Settings\Nissila\Application Data\Microsoft Web Folders -- EMPTY Directory
C:\Documents and Settings\Nissila\Application Data\Mozilla
C:\Documents and Settings\Nissila\Application Data\Msn6
C:\Documents and Settings\Nissila\Application Data\Msninstaller
C:\Documents and Settings\Nissila\Application Data\Nokia
C:\Documents and Settings\Nissila\Application Data\Nokia Multimedia Player
C:\Documents and Settings\Nissila\Application Data\Opera
C:\Documents and Settings\Nissila\Application Data\Pc Suite
C:\Documents and Settings\Nissila\Application Data\Pex
C:\Documents and Settings\Nissila\Application Data\Skype
C:\Documents and Settings\Nissila\Application Data\Sun
C:\Documents and Settings\Nissila\Application Data\Talkback
C:\Documents and Settings\Nissila\Application Data\Teamspeak2
C:\Documents and Settings\Nissila\Application Data\Ubi.com
C:\Documents and Settings\Nissila\Application Data\Utorrent
C:\Documents and Settings\Nissila\Application Data\X-chat 2
C:\Documents and Settings\Nissila\Application Data\Xfire
C:\Documents and Settings\Omistaja\Application Data\Identities
C:\Documents and Settings\Omistaja\Application Data\Microsoft

Logfile of HijackThis v1.99.1
Scan saved at 11:35:05, on 31.3.2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\TIETOT~1\backweb\227364\Program\SERVIC~1.EXE
C:\Program Files\Tietoturvapalvelu\Anti-Virus\fsgk32st.exe
C:\Program Files\Tietoturvapalvelu\Anti-Virus\FSGK32.EXE
C:\Program Files\Tietoturvapalvelu\backweb\227364\program\fsbwsys.exe
C:\Program Files\Tietoturvapalvelu\Common\FSMA32.EXE
C:\Program Files\Tietoturvapalvelu\Anti-Virus\fssm32.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Tietoturvapalvelu\Common\FSMB32.EXE
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Tietoturvapalvelu\Common\FCH32.EXE
C:\Program Files\Tietoturvapalvelu\Common\FAMEH32.EXE
C:\Program Files\Tietoturvapalvelu\Anti-Virus\fsrw.exe
C:\Program Files\Tietoturvapalvelu\FWES\Program\fsdfwd.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Tietoturvapalvelu\Anti-Virus\fsav32.exe
C:\Program Files\COMPAQ\Easy Access Button Support\StartEAK.exe
C:\Program Files\Analog Devices\SoundMAX\SMTray.exe
C:\Program Files\Analog Devices\SoundMAX\DrvLsnr.exe
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Tietoturvapalvelu\Common\FSM32.EXE
C:\Program Files\Compaq\Easy Access Button Support\CPQEAKSYSTEMTRAY.EXE
C:\Program Files\Compaq\Easy Access Button Support\CPQEADM.EXE
C:\Compaq\EAKDRV\EAUSBKBD.EXE
C:\Program Files\Tietoturvapalvelu\FSGUI\ispnews.exe
C:\PROGRA~1\TIETOT~1\ANTI-S~1\fsaw.exe
C:\PROGRA~1\Compaq\EASYAC~1\BttnServ.exe
C:\Program Files\Tietoturvapalvelu\FSGUI\fsguidll.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\D-Tools\daemon.exe
C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe
C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
C:\Program Files\Windows Media Player\WMPNSCFG.exe
C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
C:\Program Files\Logitech\SetPoint\SetPoint.exe
C:\Program Files\Common Files\Microsoft Shared\Works Shared\wkcalrem.exe
C:\Program Files\Tietoturvapalvelu\backweb\227364\Program\fspex.exe
C:\Program Files\Common Files\Logitech\KHAL\KHALMNPR.EXE
C:\Program Files\Common Files\Nokia\MPAPI\MPAPI3s.exe
C:\Program Files\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.soneraplaza.fi
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://search.presario.net/scripts/...rchredir2.dll?c=1c02&lc=040b&s=search&ap=b204
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.soneraplaza.fi/
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = proxy.dial.inet.fi:800
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.fi;*.*.fi;*.*.*.fi;<local>
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Linkit
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\DOCUME~1\ANTTIC~1.000\TYPYT~1\Antti\OHOJEL~1\SPYBOT~1\SDHelper.dll (file missing)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: (no name) - {CCFB3D08-F0F6-95D3-5760-543F006EF643} - C:\DOCUME~1\nissila\APPLIC~1\DEAFCOMP\Phone inter.exe (file missing)
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [CPQEASYACC] C:\Program Files\COMPAQ\Easy Access Button Support\StartEAK.exe
O4 - HKLM\..\Run: [WCOLOREAL] "C:\Program Files\COMPAQ\Coloreal\coloreal.exe"
O4 - HKLM\..\Run: [srmclean] C:\Cpqs\Scom\srmclean.exe
O4 - HKLM\..\Run: [Smapp] C:\Program Files\Analog Devices\SoundMAX\SMTray.exe
O4 - HKLM\..\Run: [Microsoft Works Portfolio] C:\Program Files\Microsoft Works\WksSb.exe /AllUsers
O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Program Files\Microsoft Works\WkDetect.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [DrvLsnr] C:\Program Files\Analog Devices\SoundMAX\DrvLsnr.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [F-Secure Manager] "C:\Program Files\Tietoturvapalvelu\Common\FSM32.EXE" /splash
O4 - HKLM\..\Run: [F-Secure TNB] "C:\Program Files\Tietoturvapalvelu\TNB\TNBUtil.exe" /CHECKALL /WAITFORSW
O4 - HKLM\..\Run: [F-Secure Startup Wizard] "C:\Program Files\Tietoturvapalvelu\FSGUI\FSSW.EXE" /reboot
O4 - HKLM\..\Run: [News Service] "C:\Program Files\Tietoturvapalvelu\FSGUI\ispnews.exe"
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [startkey] C:\WINDOWS\system32\server.exe
O4 - HKLM\..\Run: [DAEMON Tools-1033] "C:\Program Files\D-Tools\daemon.exe" -lang 1033
O4 - HKLM\..\Run: [PCSuiteTrayApplication] C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe -startup
O4 - HKLM\..\Run: [Logitech Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Timedownload] C:\DOCUME~1\nissila\APPLIC~1\BLAHME~1\Tons knob.exe
O4 - HKCU\..\Run: [PcSync] C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog
O4 - HKCU\..\Run: [startkey] C:\WINDOWS\system32\server.exe
O4 - HKCU\..\Run: [Steam] "C:\Program Files\Steam2\Steam.exe" -silent
O4 - HKCU\..\Run: [LDM] C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe
O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\SetPoint.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: Microsoft Works Kalenterin muistutukset.lnk = ?
O4 - Global Startup: Tietoturvapalvelu.lnk = C:\Program Files\Tietoturvapalvelu\backweb\227364\Program\fspex.exe
O8 - Extra context menu item: &Estä tämä kohoikkuna - C:\Program Files\Tietoturvapalvelu\Anti-Spyware\blockpopups.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: IE-suojaus - {300DB664-75B5-47c0-8B45-A44ACCF73C00} - C:\Program Files\Tietoturvapalvelu\Anti-Spyware\ieshield.dll
O9 - Extra 'Tools' menuitem: IE-suojaus... - {300DB664-75B5-47c0-8B45-A44ACCF73C00} - C:\Program Files\Tietoturvapalvelu\Anti-Spyware\ieshield.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
O14 - IERESET.INF: START_PAGE_URL=http://www.soneraplaza.fi
O16 - DPF: Genimap Esc Map Applet - http://www.genimap.com/Esc/applet/esc/objects1322/GenimapEscApplet.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {1754A1BA-A1DF-4F10-B199-AA55AA1A120F} (InstallerBehaviorFactory Class) - https://signup.msn.com/pages/MsnInstC.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupdate.microsoft.c...ls/en/x86/client/wuweb_site.cab?1098167980211
O16 - DPF: {CD995117-98E5-4169-9920-6C12D4C0B548} (HGPlugin9USA Class) - http://gamedownload.ijjimax.com/gamedownload/dist/hgstart/HGPlugin9USA.cab
O16 - DPF: {DD583921-A9E9-4FBF-9266-8DC2AB5EA0AF} (HGPlugin10USA Class) - http://gamedownload.ijjimax.com/gamedownload/dist/hgstart/HGPlugin10USA.cab
O18 - Protocol: bw+0 - {20AAC2F8-5C42-4E97-BF67-F215E523AF1F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw+0s - {20AAC2F8-5C42-4E97-BF67-F215E523AF1F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw-0 - {20AAC2F8-5C42-4E97-BF67-F215E523AF1F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw-0s - {20AAC2F8-5C42-4E97-BF67-F215E523AF1F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw00 - {20AAC2F8-5C42-4E97-BF67-F215E523AF1F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw00s - {20AAC2F8-5C42-4E97-BF67-F215E523AF1F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw10 - {20AAC2F8-5C42-4E97-BF67-F215E523AF1F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw10s - {20AAC2F8-5C42-4E97-BF67-F215E523AF1F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw20 - {20AAC2F8-5C42-4E97-BF67-F215E523AF1F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw20s - {20AAC2F8-5C42-4E97-BF67-F215E523AF1F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw30 - {20AAC2F8-5C42-4E97-BF67-F215E523AF1F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw30s - {20AAC2F8-5C42-4E97-BF67-F215E523AF1F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw40 - {20AAC2F8-5C42-4E97-BF67-F215E523AF1F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw40s - {20AAC2F8-5C42-4E97-BF67-F215E523AF1F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw50 - {20AAC2F8-5C42-4E97-BF67-F215E523AF1F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw50s - {20AAC2F8-5C42-4E97-BF67-F215E523AF1F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw60 - {20AAC2F8-5C42-4E97-BF67-F215E523AF1F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw60s - {20AAC2F8-5C42-4E97-BF67-F215E523AF1F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw70 - {20AAC2F8-5C42-4E97-BF67-F215E523AF1F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw70s - {20AAC2F8-5C42-4E97-BF67-F215E523AF1F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw80 - {20AAC2F8-5C42-4E97-BF67-F215E523AF1F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw80s - {20AAC2F8-5C42-4E97-BF67-F215E523AF1F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw90 - {20AAC2F8-5C42-4E97-BF67-F215E523AF1F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw90s - {20AAC2F8-5C42-4E97-BF67-F215E523AF1F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwa0 - {20AAC2F8-5C42-4E97-BF67-F215E523AF1F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwa0s - {20AAC2F8-5C42-4E97-BF67-F215E523AF1F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwb0 - {20AAC2F8-5C42-4E97-BF67-F215E523AF1F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwb0s - {20AAC2F8-5C42-4E97-BF67-F215E523AF1F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwc0 - {20AAC2F8-5C42-4E97-BF67-F215E523AF1F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwc0s - {20AAC2F8-5C42-4E97-BF67-F215E523AF1F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwd0 - {20AAC2F8-5C42-4E97-BF67-F215E523AF1F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwd0s - {20AAC2F8-5C42-4E97-BF67-F215E523AF1F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwe0 - {20AAC2F8-5C42-4E97-BF67-F215E523AF1F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwe0s - {20AAC2F8-5C42-4E97-BF67-F215E523AF1F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwf0 - {20AAC2F8-5C42-4E97-BF67-F215E523AF1F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwf0s - {20AAC2F8-5C42-4E97-BF67-F215E523AF1F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
O18 - Protocol: bwg0 - {20AAC2F8-5C42-4E97-BF67-F215E523AF1F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwg0s - {20AAC2F8-5C42-4E97-BF67-F215E523AF1F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwh0 - {20AAC2F8-5C42-4E97-BF67-F215E523AF1F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwh0s - {20AAC2F8-5C42-4E97-BF67-F215E523AF1F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwi0 - {20AAC2F8-5C42-4E97-BF67-F215E523AF1F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwi0s - {20AAC2F8-5C42-4E97-BF67-F215E523AF1F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwj0 - {20AAC2F8-5C42-4E97-BF67-F215E523AF1F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwj0s - {20AAC2F8-5C42-4E97-BF67-F215E523AF1F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwk0 - {20AAC2F8-5C42-4E97-BF67-F215E523AF1F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwk0s - {20AAC2F8-5C42-4E97-BF67-F215E523AF1F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwl0 - {20AAC2F8-5C42-4E97-BF67-F215E523AF1F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwl0s - {20AAC2F8-5C42-4E97-BF67-F215E523AF1F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwm0 - {20AAC2F8-5C42-4E97-BF67-F215E523AF1F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwm0s - {20AAC2F8-5C42-4E97-BF67-F215E523AF1F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwn0 - {20AAC2F8-5C42-4E97-BF67-F215E523AF1F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwn0s - {20AAC2F8-5C42-4E97-BF67-F215E523AF1F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwo0 - {20AAC2F8-5C42-4E97-BF67-F215E523AF1F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwo0s - {20AAC2F8-5C42-4E97-BF67-F215E523AF1F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwp0 - {20AAC2F8-5C42-4E97-BF67-F215E523AF1F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwp0s - {20AAC2F8-5C42-4E97-BF67-F215E523AF1F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwq0 - {20AAC2F8-5C42-4E97-BF67-F215E523AF1F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwq0s - {20AAC2F8-5C42-4E97-BF67-F215E523AF1F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwr0 - {20AAC2F8-5C42-4E97-BF67-F215E523AF1F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwr0s - {20AAC2F8-5C42-4E97-BF67-F215E523AF1F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bws0 - {20AAC2F8-5C42-4E97-BF67-F215E523AF1F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bws0s - {20AAC2F8-5C42-4E97-BF67-F215E523AF1F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwt0 - {20AAC2F8-5C42-4E97-BF67-F215E523AF1F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwt0s - {20AAC2F8-5C42-4E97-BF67-F215E523AF1F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwu0 - {20AAC2F8-5C42-4E97-BF67-F215E523AF1F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwu0s - {20AAC2F8-5C42-4E97-BF67-F215E523AF1F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwv0 - {20AAC2F8-5C42-4E97-BF67-F215E523AF1F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwv0s - {20AAC2F8-5C42-4E97-BF67-F215E523AF1F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bww0 - {20AAC2F8-5C42-4E97-BF67-F215E523AF1F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bww0s - {20AAC2F8-5C42-4E97-BF67-F215E523AF1F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwx0 - {20AAC2F8-5C42-4E97-BF67-F215E523AF1F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwx0s - {20AAC2F8-5C42-4E97-BF67-F215E523AF1F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwy0 - {20AAC2F8-5C42-4E97-BF67-F215E523AF1F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwy0s - {20AAC2F8-5C42-4E97-BF67-F215E523AF1F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwz0 - {20AAC2F8-5C42-4E97-BF67-F215E523AF1F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwz0s - {20AAC2F8-5C42-4E97-BF67-F215E523AF1F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: offline-8876480 - {20AAC2F8-5C42-4E97-BF67-F215E523AF1F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: Tietoturvapalvelu (BackWeb Plug-in - 227364) - BackWeb Technologies Inc. - C:\PROGRA~1\TIETOT~1\backweb\227364\Program\SERVIC~1.EXE
O23 - Service: FSGKHS (F-Secure Gatekeeper Handler Starter) - F-Secure Corp. - C:\Program Files\Tietoturvapalvelu\Anti-Virus\fsgk32st.exe
O23 - Service: fsbwsys - F-Secure Corp. - C:\Program Files\Tietoturvapalvelu\backweb\227364\program\fsbwsys.exe
O23 - Service: F-Secure Anti-Virus Firewall Daemon (FSDFWD) - F-Secure Corporation - C:\Program Files\Tietoturvapalvelu\FWES\Program\fsdfwd.exe
O23 - Service: F-Secure Management Agent (FSMA) - F-Secure Corporation - C:\Program Files\Tietoturvapalvelu\Common\FSMA32.EXE
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe

Siinä ne nyt olis... Niin ja pitääkö ATF Cleaneriä ja AVG Anti-Spyware 7.5 käyttää??

Auttaja · 31.03.2007

Avaa hijackthis merkkaa seuraavat rivi(t) ja paina fix checked, sulje muut ohjelmat siksi aikaa

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://search.presario.net/scripts/redir...=search&ap=b204
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\DOCUME~1\ANTTIC~1.000\TYPYT~1\Antti\OHOJEL~1\SPYBOT~1\SDHelper.dll (file missing)
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: (no name) - {CCFB3D08-F0F6-95D3-5760-543F006EF643} - C:\DOCUME~1\nissila\APPLIC~1\DEAFCOMP\Phone inter.exe (file missing)
O4 - HKLM\..\Run: [startkey] C:\WINDOWS\system32\server.exe
O4 - HKCU\..\Run: [Timedownload] C:\DOCUME~1\nissila\APPLIC~1\BLAHME~1\Tons knob.exe
O4 - HKCU\..\Run: [startkey] C:\WINDOWS\system32\server.exe

**********

Javan päivitys ja välimuistin tyhjennys:

1. Klikkaa Käynnistä -> Ohjauspaneeli ja tupla-klikkaa Lisää tai poista sovellus Ohjauspaneelissa.
2. Etsi listasta kaikki entiset Java versiosi. (J2SE Runtime Environment.... )
Niissä pitäisi olla seuraava kuva vieressä:
3. Valitse kaikki entiset Java versiosi ja valitse Poista.
4. Asenna uusin Java päivitys seuraavasta linkistä..
5. Käynnistä kone uudelleen asennuksen jälkeen:

http://java.sun.com/javase/downloads/index.jsp

Rullaa alas kohteeseen Java Runtime Environment (JRE) 6

Paina Download

Ruksaa Accept, ota offline installation, tallenna vaikka työpöydälle ja asenna se.

6. Käynnistyksen jälkeen, mene takaisin Ohjauspaneeliin ja avaa Java asetuksesi (Muita Ohjauspaneelin asetuksia -> Java kahvikuppi).

7. General Settings -osion alla, vedä liukusäädintä (Disk Space) pienemmälle, ja klikkaa Delete Files -nappia.

(Jotkut javapohjaiset ohjelmat saattavat tarvita enemmän levytilaa.
Jos huomaat säädön pienentämisen jälkeen koneessa hitautta, siirrä liukusäädintä isommalle).

8. Varmista että kaikki kaksi valintaa ovat rastitettuja:

*Applications and Applets

*Trace and Log Files

Ja paina OK -nappia

9. Klikkaa OK "Temporary Files Settings" -ikkunassasi.

10. Klikkaa OK jättääksesi Java asetusikkunasi.

*********

Poista ohjauspaneelin kautta logitech dekstop messenger, aja avg as laita sen logi ja uusin hijackthis logi.

Kirjaudu tai liity jäseneksi

Haittaohjelmia??

BrollyFIN Member

kelari Regular member

pkaksp Moderator Ylläpitäjä

Auttaja Guest

BrollyFIN Member

Auttaja Guest

BrollyFIN Member

Auttaja Guest

Jaa tämä sivu

Kirjaudu tai liity jäseneksi

Haittaohjelmia??

BrollyFIN Member

kelari Regular member

pkaksp Moderator Ylläpitäjä

Auttaja Guest

BrollyFIN Member

Auttaja Guest

BrollyFIN Member

Auttaja Guest

Jaa tämä sivu

Hyödyllisiä hakuja