Ikävän näköinen virus? (Ongelma poissa, tämän voi vaikka poistaa kun ei täällä ratkaisu näy.)

Viestiketju Virukset ja haittaohjelmat - HijackThis -logit -osiossa. Ketjun avasi Drulak 10.09.2006.

Viestiketjun tila:
Viestiketju on suljettu.
  1. Drulak

    Drulak Member

    Liittynyt:
    09.09.2006
    Viestejä:
    11
    Kiitokset:
    0
    Pisteet:
    11
    Program Files -kansiossani on kaikille *.exe -tiedostoille ilmestynyt viereen 16kt kokoinen samanniminen tiedosto kansioon Data\resources.
    Lisäksi kaikki Program Filesiin viittaavat pikakuvakkeet koneellani nyt viittaavat näihin alakansioissa sijaitseviin tiedostoihin sen 'oikean' sijasta.

    Esimerkki:
    [​IMG]

    Millään skannerilla ei löydy mitään. Testattu: Xoftspy, Ad-Aware SE Personal, Avira Anti-Vir, Spybot - S&D, Panda Activescan, F-Secure Online Scanner.

    Kun tämmöisen vale-exen avaa, se suorittaa myös sen vastaavan 'oikean' exen, ja jää itse taustalle. Se käyttää aluksi n. 16,000kt muistia, ja pikkuhiljaa kasvattaa muistinkäyttöään, ilman nähtäviä rajoja. Yhden semmoisen lopetin 100,000kt kohdalla.
    ZoneAlarmin asensin, sen avulla sain tietää että nämä vale-exet yrittävät aina ottaa yhteyttä samaan IP:seen:
    192.43.244.18:Daytime.
    Jos kiellän niiltä yhteyden, ne jämähtävät siihen 16,000kt:n muistinkäyttöön.

    Asema C:llä oli myös "dllhost.exe"-niminen tiedosto, joka avasi itse itseään vähän väliä ja söi samalla tavalla muistia. Poistin sen.

    Eli siis, onko tuttu pöpö? Vaarallinen? Poisto-ohjeita?

    Pistänpä huvikseni mukaan sen ensimmäisen HjT-login. (poistin muistinsyöjät prosesseista ennen HjT:n suorittamista)



    Logfile of HijackThis v1.99.1
    Scan saved at 19:31:16, on 9.9.2006
    Platform: Windows XP SP1 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\System32\Ati2evxx.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\system32\Ati2evxx.exe
    C:\WINDOWS\Explorer.EXE
    C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
    C:\Program Files\D-Link\Air Utility\AirCFG.exe
    C:\Program Files\Logitech\MouseWare\system\em_exec.exe
    C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
    C:\WINDOWS\SOUNDMAN.EXE
    C:\Program Files\iTunes\iTunesHelper.exe
    C:\Program Files\QuickTime\qttask.exe
    C:\Program Files\AntiVir PersonalEdition Classic\avgnt.exe
    C:\WINDOWS\System32\ctfmon.exe
    C:\Program Files\Clipboard Saver\Clipboard Saver.exe
    C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
    C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
    C:\Program Files\AntiVir PersonalEdition Classic\sched.exe
    C:\Program Files\AntiVir PersonalEdition Classic\avguard.exe
    C:\WINDOWS\System32\CTSvcCDA.EXE
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\System32\MsPMSPSv.exe
    C:\Program Files\WZCBDL Service\WZCBDLS.exe
    C:\Program Files\iPod\bin\iPodService.exe
    C:\Program Files\AntiVir PersonalEdition Classic\avcenter.exe
    C:\Program Files\Logitech\SetPoint\KEM.exe
    C:\Program Files\WordWeb\wweb32.exe
    C:\Program Files\Xfire\Xfire.exe
    C:\Program Files\Logitech\SetPoint\KHALMNPR.EXE
    C:\WINDOWS\system32\winmine.exe
    C:\Program Files\Winamp\winamp.exe
    C:\Program Files\AntiVir PersonalEdition Classic\avscan.exe
    C:\Program Files\Mozilla Firefox\firefox.exe
    C:\WINDOWS\system32\taskmgr.exe
    C:\Ohjelmat\HijackThis.exe

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = www.google.fi
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.fi/
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = www.google.fi
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = www.google.fi
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Linkit
    O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
    O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
    O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
    O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
    O4 - HKLM\..\Run: [Logitech Utility] Logi_MwX.Exe
    O4 - HKLM\..\Run: [D-Link Air Utility] C:\Program Files\D-Link\Air Utility\AirCFG.exe
    O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
    O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
    O4 - HKLM\..\Run: [LogitechVideoRepair] C:\Program Files\Logitech\Video\ISStart.exe
    O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [avgnt] "C:\Program Files\AntiVir PersonalEdition Classic\avgnt.exe" /min
    O4 - HKLM\..\Run: [LogitechVideoTray] C:\Program Files\Logitech\Video\LogiTray.exe
    O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe
    O4 - HKCU\..\Run: [Clipboard saver by Lee_Nover] C:\Program Files\Clipboard Saver\Clipboard Saver.exe
    O4 - HKCU\..\Run: [LDM] C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
    O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
    O4 - Startup: Xfire.lnk = C:\Program Files\Xfire\Data\resources\Xfire.exe
    O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\Data\resources\reader_sl.exe
    O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\Data\resources\LDMConf.exe
    O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\Data\resources\KEM.exe
    O4 - Global Startup: WordWeb.lnk = C:\Program Files\WordWeb\Data\resources\wweb32.exe
    O8 - Extra context menu item: &WordWeb... - res://C:\WINDOWS\System32\wweb32.dll/lookup.html
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE (file missing)
    O9 - Extra 'Tools' menuitem: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE (file missing)
    O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab31267.cab
    O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab31267.cab
    O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab31267.cab
    O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
    O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
    O16 - DPF: {9D190AE6-C81E-4039-8061-978EBAD10073} (F-Secure Online Scanner 3.0) - http://support.f-secure.com/ols/fscax.cab
    O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://messenger.zone.msn.com/binary/ZIntro.cab32846.cab
    O16 - DPF: {CAFEEFAC-0014-0002-0001-ABCDEFFEDCBA} (Java Plug-in) -
    O16 - DPF: {CAFEEFAC-0014-0002-0004-ABCDEFFEDCBA} (Java Plug-in) -
    O18 - Protocol: bw+0 - {98DF691E-DB7A-4F5F-AC70-619E376EEDE4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw+0s - {98DF691E-DB7A-4F5F-AC70-619E376EEDE4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw-0 - {98DF691E-DB7A-4F5F-AC70-619E376EEDE4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw-0s - {98DF691E-DB7A-4F5F-AC70-619E376EEDE4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw00 - {98DF691E-DB7A-4F5F-AC70-619E376EEDE4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw00s - {98DF691E-DB7A-4F5F-AC70-619E376EEDE4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw10 - {98DF691E-DB7A-4F5F-AC70-619E376EEDE4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw10s - {98DF691E-DB7A-4F5F-AC70-619E376EEDE4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw20 - {98DF691E-DB7A-4F5F-AC70-619E376EEDE4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw20s - {98DF691E-DB7A-4F5F-AC70-619E376EEDE4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw30 - {98DF691E-DB7A-4F5F-AC70-619E376EEDE4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw30s - {98DF691E-DB7A-4F5F-AC70-619E376EEDE4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw40 - {98DF691E-DB7A-4F5F-AC70-619E376EEDE4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw40s - {98DF691E-DB7A-4F5F-AC70-619E376EEDE4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw50 - {98DF691E-DB7A-4F5F-AC70-619E376EEDE4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw50s - {98DF691E-DB7A-4F5F-AC70-619E376EEDE4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw60 - {98DF691E-DB7A-4F5F-AC70-619E376EEDE4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw60s - {98DF691E-DB7A-4F5F-AC70-619E376EEDE4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw70 - {98DF691E-DB7A-4F5F-AC70-619E376EEDE4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw70s - {98DF691E-DB7A-4F5F-AC70-619E376EEDE4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw80 - {98DF691E-DB7A-4F5F-AC70-619E376EEDE4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw80s - {98DF691E-DB7A-4F5F-AC70-619E376EEDE4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw90 - {98DF691E-DB7A-4F5F-AC70-619E376EEDE4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw90s - {98DF691E-DB7A-4F5F-AC70-619E376EEDE4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwa0 - {98DF691E-DB7A-4F5F-AC70-619E376EEDE4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwa0s - {98DF691E-DB7A-4F5F-AC70-619E376EEDE4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwb0 - {98DF691E-DB7A-4F5F-AC70-619E376EEDE4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwb0s - {98DF691E-DB7A-4F5F-AC70-619E376EEDE4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwc0 - {98DF691E-DB7A-4F5F-AC70-619E376EEDE4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwc0s - {98DF691E-DB7A-4F5F-AC70-619E376EEDE4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwd0 - {98DF691E-DB7A-4F5F-AC70-619E376EEDE4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwd0s - {98DF691E-DB7A-4F5F-AC70-619E376EEDE4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwe0 - {98DF691E-DB7A-4F5F-AC70-619E376EEDE4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwe0s - {98DF691E-DB7A-4F5F-AC70-619E376EEDE4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwf0 - {98DF691E-DB7A-4F5F-AC70-619E376EEDE4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwf0s - {98DF691E-DB7A-4F5F-AC70-619E376EEDE4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
    O18 - Protocol: bwg0 - {98DF691E-DB7A-4F5F-AC70-619E376EEDE4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwg0s - {98DF691E-DB7A-4F5F-AC70-619E376EEDE4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwh0 - {98DF691E-DB7A-4F5F-AC70-619E376EEDE4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwh0s - {98DF691E-DB7A-4F5F-AC70-619E376EEDE4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwi0 - {98DF691E-DB7A-4F5F-AC70-619E376EEDE4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwi0s - {98DF691E-DB7A-4F5F-AC70-619E376EEDE4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwj0 - {98DF691E-DB7A-4F5F-AC70-619E376EEDE4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwj0s - {98DF691E-DB7A-4F5F-AC70-619E376EEDE4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwk0 - {98DF691E-DB7A-4F5F-AC70-619E376EEDE4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwk0s - {98DF691E-DB7A-4F5F-AC70-619E376EEDE4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwl0 - {98DF691E-DB7A-4F5F-AC70-619E376EEDE4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwl0s - {98DF691E-DB7A-4F5F-AC70-619E376EEDE4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwm0 - {98DF691E-DB7A-4F5F-AC70-619E376EEDE4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwm0s - {98DF691E-DB7A-4F5F-AC70-619E376EEDE4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwn0 - {98DF691E-DB7A-4F5F-AC70-619E376EEDE4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwn0s - {98DF691E-DB7A-4F5F-AC70-619E376EEDE4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwo0 - {98DF691E-DB7A-4F5F-AC70-619E376EEDE4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwo0s - {98DF691E-DB7A-4F5F-AC70-619E376EEDE4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwp0 - {98DF691E-DB7A-4F5F-AC70-619E376EEDE4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwp0s - {98DF691E-DB7A-4F5F-AC70-619E376EEDE4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwq0 - {98DF691E-DB7A-4F5F-AC70-619E376EEDE4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwq0s - {98DF691E-DB7A-4F5F-AC70-619E376EEDE4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwr0 - {98DF691E-DB7A-4F5F-AC70-619E376EEDE4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwr0s - {98DF691E-DB7A-4F5F-AC70-619E376EEDE4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bws0 - {98DF691E-DB7A-4F5F-AC70-619E376EEDE4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bws0s - {98DF691E-DB7A-4F5F-AC70-619E376EEDE4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwt0 - {98DF691E-DB7A-4F5F-AC70-619E376EEDE4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwt0s - {98DF691E-DB7A-4F5F-AC70-619E376EEDE4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwu0 - {98DF691E-DB7A-4F5F-AC70-619E376EEDE4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwu0s - {98DF691E-DB7A-4F5F-AC70-619E376EEDE4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwv0 - {98DF691E-DB7A-4F5F-AC70-619E376EEDE4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwv0s - {98DF691E-DB7A-4F5F-AC70-619E376EEDE4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bww0 - {98DF691E-DB7A-4F5F-AC70-619E376EEDE4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bww0s - {98DF691E-DB7A-4F5F-AC70-619E376EEDE4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwx0 - {98DF691E-DB7A-4F5F-AC70-619E376EEDE4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwx0s - {98DF691E-DB7A-4F5F-AC70-619E376EEDE4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwy0 - {98DF691E-DB7A-4F5F-AC70-619E376EEDE4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwy0s - {98DF691E-DB7A-4F5F-AC70-619E376EEDE4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwz0 - {98DF691E-DB7A-4F5F-AC70-619E376EEDE4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwz0s - {98DF691E-DB7A-4F5F-AC70-619E376EEDE4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
    O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
    O18 - Protocol: offline-8876480 - {98DF691E-DB7A-4F5F-AC70-619E376EEDE4} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O23 - Service: AntiVir PersonalEdition Classic Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\AntiVir PersonalEdition Classic\sched.exe
    O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - AVIRA GmbH - C:\Program Files\AntiVir PersonalEdition Classic\avguard.exe
    O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\System32\Ati2evxx.exe
    O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
    O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\System32\CTSvcCDA.EXE
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
    O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
    O23 - Service: WZCBDL Service (WZCBDLService) - D-Link - C:\Program Files\WZCBDL Service\WZCBDLS.exe
     
    Drulak, 10.09.2006
    #1
  2.  
  3. Drulak

    Drulak Member

    Liittynyt:
    09.09.2006
    Viestejä:
    11
    Kiitokset:
    0
    Pisteet:
    11
    Lisäys: Jos poistan tämmöisen Data\resources -kansion ja sen jälkeen käytän sinne viittaavaa pikakuvaketta, kansiot ja vale-exet tulevat sinne uudestaan.
     
    Drulak, 10.09.2006
    #2
  4. Drulak

    Drulak Member

    Liittynyt:
    09.09.2006
    Viestejä:
    11
    Kiitokset:
    0
    Pisteet:
    11
    *köh* tai sitten ei. Unohtakaa tuo lisäys :]
     
    Drulak, 10.09.2006
    #3
  5. q-hub-op

    q-hub-op Regular member

    Liittynyt:
    30.01.2005
    Viestejä:
    693
    Kiitokset:
    0
    Pisteet:
    26
    Skannaappa joku noista viruksista jollain eSkannerilla vaikka: http://virusscan.jotti.org/
    Ja sano minkä nmiminen virus mahtais olla
     
    q-hub-op, 10.09.2006
    #4
  6. Drulak

    Drulak Member

    Liittynyt:
    09.09.2006
    Viestejä:
    11
    Kiitokset:
    0
    Pisteet:
    11
    Ei löytynyt niin mitään.

     
    Drulak, 10.09.2006
    #5
Viestiketjun tila:
Viestiketju on suljettu.

Jaa tämä sivu