1. Tämä sivusto käyttää keksejä (cookie). Jatkamalla sivuston käyttämistä hyväksyt keksien käyttämisen. Lue lisää.

Viruksia koneella?

Viestiketju Virukset ja haittaohjelmat - HijackThis -logit -osiossa. Ketjun avasi I_C 06.08.2006.

Viestiketjun tila:
Viestiketju on suljettu.
  1. I_C

    I_C Member

    Liittynyt:
    05.08.2006
    Viestejä:
    6
    Kiitokset:
    0
    Pisteet:
    11
    Eli joku ammattitaitoinen näissä hommissa voisi vähän jelppiä, kun koneellani taitaapi olla jonkinsortin viruksia.. spy/malware & troijjalaisia uskoisin... Joten mitenkäs/millä noita nyt sitten voisi lähteä tarkistamaan/poistamaan koneelta? (kiitos jo etukäteen auttajille!)
     
    I_C, 06.08.2006
    #1
  2.  
  3. Marku2

    Marku2 Regular member

    Liittynyt:
    07.12.2005
    Viestejä:
    1,259
    Kiitokset:
    0
    Pisteet:
    46
    Marku2, 06.08.2006
    #2
  4. I_C

    I_C Member

    Liittynyt:
    05.08.2006
    Viestejä:
    6
    Kiitokset:
    0
    Pisteet:
    11
    Niin ja vielä sen verran että on samoja ongelmia mitä muillakin varmaan on ollut eli kone sammuu joskus ittestään, tulee punainen ikkuna oikeaan alanurkkaan "your computer is infected" ja sen alapuolella vielä vilkkuu tua ympyrä jossa on kysymysmerkki ja punanen haka ja explorerin alotus sivu on joku syssecuritysite...


    Mutta tässä tämä lokitiedosto:


    Logfile of HijackThis v1.99.1
    Scan saved at 17:46:43, on 6.8.2006
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\System32\Ati2evxx.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\Common Files\Stardock\SDMCP.exe
    C:\Program Files\Stardock\Object Desktop\WindowBlinds\wbload.exe
    C:\WINDOWS\system32\Ati2evxx.exe
    C:\WINDOWS\Explorer.EXE
    C:\PROGRA~1\Stardock\OBJECT~1\DesktopX\desktopx.exe
    C:\PROGRA~1\F-Secure\BackWeb\7681197\Program\SERVIC~1.EXE
    C:\WINDOWS\system32\cisvc.exe
    C:\WINDOWS\system32\CTsvcCDA.exe
    C:\Program Files\F-Secure\BackWeb\7681197\Program\BackWeb-7681197.exe
    C:\Program Files\ewido anti-spyware 4.0\guard.exe
    C:\Program Files\F-Secure\Anti-Virus\fsgk32st.exe
    C:\Program Files\F-Secure\Anti-Virus\FSGK32.EXE
    C:\Program Files\F-Secure\Anti-Virus\fssm32.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\dcomcfg.exe
    C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
    C:\Program Files\F-Secure\Common\FSM32.EXE
    C:\Program Files\Logitech\Video\LogiTray.exe
    C:\WINDOWS\system32\CTHELPER.EXE
    C:\WINDOWS\system32\rundll32.exe
    C:\WINDOWS\system32\LVComS.exe
    C:\WINDOWS\system32\MsPMSPSv.exe
    C:\Program Files\F-Secure\Common\FSMA32.EXE
    C:\Program Files\F-Secure\Common\FSMB32.EXE
    C:\Program Files\QuickTime\qttask.exe
    C:\Program Files\F-Secure\Common\FCH32.EXE
    C:\Program Files\F-Secure\Common\FAMEH32.EXE
    C:\Program Files\Common Files\Real\Update_OB\realsched.exe
    C:\WINDOWS\system32\rundll32.exe
    C:\Program Files\iTunes\iTunesHelper.exe
    C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
    C:\Program Files\F-Secure\Common\FNRB32.EXE
    C:\PROGRA~1\Nokia\NOKIAP~1\LAUNCH~1.EXE
    C:\Program Files\DAEMON Tools\daemon.exe
    C:\Program Files\F-Secure\Common\FIH32.EXE
    C:\Program Files\F-Secure\Anti-Virus\fsav32.exe
    C:\Program Files\Winamp\winampa.exe
    C:\Program Files\iPod\bin\iPodService.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
    C:\Program Files\Creative\SBAudigy\TaskBar\CTLTray.exe
    C:\Program Files\Messenger\msmsgs.exe
    C:\Program Files\Common Files\PCSuite\Services\ServiceLayer.exe
    C:\Program Files\CursorXP\CursorXP.exe
    C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe
    C:\Program Files\MSN Messenger\msnmsgr.exe
    C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe
    C:\PROGRA~1\COMMON~1\Nokia\MPAPI\MPAPI3s.exe
    C:\Program Files\WinZip\WZQKPICK.EXE
    C:\Program Files\Opera\Opera.exe
    C:\WINDOWS\system32\cidaemon.exe
    C:\Program Files\HijackThis\HijackThis_v1.99.1.exe

    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.irc-galleria.net/
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Linkit
    O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
    O2 - BHO: URLLink - {4A2AACF3-ADF6-11D5-98A9-00E018981B9E} - C:\Program Files\NewDotNet\newdotnet7_22.dll
    O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
    O2 - BHO: (no name) - {f7d40011-29bb-43eb-9c97-875ce89e9e36} - C:\WINDOWS\system32\hp100.tmp
    O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
    O4 - HKLM\..\Run: [F-Secure Manager] "C:\Program Files\F-Secure\Common\FSM32.EXE" /splash
    O4 - HKLM\..\Run: [LogitechVideoRepair] C:\Program Files\Logitech\Video\ISStart.exe
    O4 - HKLM\..\Run: [LogitechVideoTray] C:\Program Files\Logitech\Video\LogiTray.exe
    O4 - HKLM\..\Run: [CTRegRun] C:\WINDOWS\CTRegRun.EXE
    O4 - HKLM\..\Run: [WINDVDPatch] CTHELPER.EXE
    O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE
    O4 - HKLM\..\Run: [Jet Detection] "C:\Program Files\Creative\SBAudigy\PROGRAM\ADGJDet.exe"
    O4 - HKLM\..\Run: [CTStartup] C:\Program Files\Creative\Splash Screen\CTEaxSpl.EXE /run
    O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\NeroCheck.exe
    O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
    O4 - HKLM\..\Run: [BTUSRBDG] BtUsrBdg.exe
    O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
    O4 - HKLM\..\Run: [UserFaultCheck] %systemroot%\system32\dumprep 0 -u
    O4 - HKLM\..\Run: [Update] C:\Program Files\Window Remonte Update\W1\Update.exe
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
    O4 - HKLM\..\Run: [New.net Startup] rundll32 C:\PROGRA~1\NEWDOT~1\NEWDOT~2.DLL,ClientStartup -s
    O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
    O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
    O4 - HKLM\..\Run: [PCSuiteTrayApplication] C:\PROGRA~1\Nokia\NOKIAP~1\LAUNCH~1.EXE -startup
    O4 - HKLM\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033
    O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe
    O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [LDM] C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
    O4 - HKCU\..\Run: [TaskTray] "C:\Program Files\Creative\SBAudigy\TaskBar\CTLTray.exe"
    O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
    O4 - HKCU\..\Run: [DesktopX] ""C:\PROGRA~1\Stardock\OBJECT~1\DesktopX\DesktopX.exe""
    O4 - HKCU\..\Run: [Yahoo! Pager] C:\Program Files\Yahoo!\Messenger\ypager.exe -quiet
    O4 - HKCU\..\Run: [CursorXP] C:\Program Files\CursorXP\CursorXP.exe
    O4 - HKCU\..\Run: [MessengerPlus3] "C:\Program Files\MessengerPlus! 3\MsgPlus.exe" /WinStart
    O4 - HKCU\..\Run: [PcSync] C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog
    O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
    O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
    O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
    O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe
    O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
    O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE
    O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O10 - Hijacked Internet access by New.Net
    O10 - Hijacked Internet access by New.Net
    O10 - Hijacked Internet access by New.Net
    O10 - Hijacked Internet access by New.Net
    O10 - Hijacked Internet access by New.Net
    O16 - DPF: {11260943-421B-11D0-8EAC-0000C07D88CF} (iPIX ActiveX Control) - http://www.ipix.com/viewers/ipixx.cab
    O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab31267.cab
    O16 - DPF: {15AD6789-CDB4-47E1-A9DA-992EE8E6BAD6} - http://static.windupdates.com/cab/WebsiteAccess/ie/Bridge-c139.cab
    O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
    O16 - DPF: {288C5F13-7E52-4ADA-A32E-F5BF9D125F98} (CR64Loader Object) - http://www.miniclip.com/supergerball/miniclipGameLoader.dll
    O16 - DPF: {31B7EB4E-8B4B-11D1-A789-00A0CC6651A8} (Cult3D ActiveX Player) - http://www.cult3d.com/download/cult.cab
    O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupdate.microsoft.c...ls/en/x86/client/wuweb_site.cab?1099520968828
    O16 - DPF: {745395C8-D0E1-4227-8586-624CA9A10A8D} (AxisMediaControl Class) - http://stareat.it.helsinki.fi/activex/AMC.cab
    O16 - DPF: {917623D1-D8E5-11D2-BE8B-00104B06BDE3} (CamImage Class) - http://217.118.221.102/cam/AxisCamControl.ocx
    O16 - DPF: {94EB57FE-2720-496C-B33F-D9353C6E23F7} (F-Secure Online Scanner 2.1) - http://support.f-secure.com/ols/fscax.cab
    O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMessengerSetupDownloader.cab
    O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://messenger.zone.msn.com/binary/ZIntro.cab31267.cab
    O16 - DPF: {D1E7CBDA-E60E-4970-A01C-37301EF7BF98} (Measurement Services Client v.3.7) - http://advisor.futuremark.com/global/msc37.cab
    O16 - DPF: {F04A8AE2-A59D-11D2-8792-00C04F8EF29D} (Hotmail Attachments Control) - http://by21fd.bay21.hotmail.msn.com/activex/HMAtchmt.ocx
    O16 - DPF: {FE0BD779-44EE-4A4B-AA2E-743C63F2E5E6} (IWinAmpActiveX Class) - http://pdl.stream.aol.com/downloads/aol/unagi/ampx_en_dl.cab
    O18 - Protocol: bw+0 - {BD3C0477-6DD5-41DA-8AF8-5937C655EB75} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw+0s - {BD3C0477-6DD5-41DA-8AF8-5937C655EB75} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw-0 - {BD3C0477-6DD5-41DA-8AF8-5937C655EB75} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw-0s - {BD3C0477-6DD5-41DA-8AF8-5937C655EB75} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw00 - {BD3C0477-6DD5-41DA-8AF8-5937C655EB75} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw00s - {BD3C0477-6DD5-41DA-8AF8-5937C655EB75} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw10 - {BD3C0477-6DD5-41DA-8AF8-5937C655EB75} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw10s - {BD3C0477-6DD5-41DA-8AF8-5937C655EB75} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw20 - {BD3C0477-6DD5-41DA-8AF8-5937C655EB75} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw20s - {BD3C0477-6DD5-41DA-8AF8-5937C655EB75} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw30 - {BD3C0477-6DD5-41DA-8AF8-5937C655EB75} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw30s - {BD3C0477-6DD5-41DA-8AF8-5937C655EB75} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw40 - {BD3C0477-6DD5-41DA-8AF8-5937C655EB75} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw40s - {BD3C0477-6DD5-41DA-8AF8-5937C655EB75} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw50 - {BD3C0477-6DD5-41DA-8AF8-5937C655EB75} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw50s - {BD3C0477-6DD5-41DA-8AF8-5937C655EB75} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw60 - {BD3C0477-6DD5-41DA-8AF8-5937C655EB75} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw60s - {BD3C0477-6DD5-41DA-8AF8-5937C655EB75} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw70 - {BD3C0477-6DD5-41DA-8AF8-5937C655EB75} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw70s - {BD3C0477-6DD5-41DA-8AF8-5937C655EB75} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw80 - {BD3C0477-6DD5-41DA-8AF8-5937C655EB75} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw80s - {BD3C0477-6DD5-41DA-8AF8-5937C655EB75} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw90 - {BD3C0477-6DD5-41DA-8AF8-5937C655EB75} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw90s - {BD3C0477-6DD5-41DA-8AF8-5937C655EB75} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwa0 - {BD3C0477-6DD5-41DA-8AF8-5937C655EB75} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwa0s - {BD3C0477-6DD5-41DA-8AF8-5937C655EB75} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwb0 - {BD3C0477-6DD5-41DA-8AF8-5937C655EB75} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwb0s - {BD3C0477-6DD5-41DA-8AF8-5937C655EB75} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwc0 - {BD3C0477-6DD5-41DA-8AF8-5937C655EB75} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwc0s - {BD3C0477-6DD5-41DA-8AF8-5937C655EB75} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwd0 - {BD3C0477-6DD5-41DA-8AF8-5937C655EB75} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwd0s - {BD3C0477-6DD5-41DA-8AF8-5937C655EB75} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwe0 - {BD3C0477-6DD5-41DA-8AF8-5937C655EB75} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwe0s - {BD3C0477-6DD5-41DA-8AF8-5937C655EB75} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwf0 - {BD3C0477-6DD5-41DA-8AF8-5937C655EB75} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwf0s - {BD3C0477-6DD5-41DA-8AF8-5937C655EB75} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
    O18 - Protocol: bwg0 - {BD3C0477-6DD5-41DA-8AF8-5937C655EB75} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwg0s - {BD3C0477-6DD5-41DA-8AF8-5937C655EB75} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwh0 - {BD3C0477-6DD5-41DA-8AF8-5937C655EB75} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwh0s - {BD3C0477-6DD5-41DA-8AF8-5937C655EB75} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwi0 - {BD3C0477-6DD5-41DA-8AF8-5937C655EB75} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwi0s - {BD3C0477-6DD5-41DA-8AF8-5937C655EB75} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwj0 - {BD3C0477-6DD5-41DA-8AF8-5937C655EB75} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwj0s - {BD3C0477-6DD5-41DA-8AF8-5937C655EB75} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwk0 - {BD3C0477-6DD5-41DA-8AF8-5937C655EB75} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwk0s - {BD3C0477-6DD5-41DA-8AF8-5937C655EB75} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwl0 - {BD3C0477-6DD5-41DA-8AF8-5937C655EB75} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwl0s - {BD3C0477-6DD5-41DA-8AF8-5937C655EB75} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwm0 - {BD3C0477-6DD5-41DA-8AF8-5937C655EB75} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwm0s - {BD3C0477-6DD5-41DA-8AF8-5937C655EB75} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwn0 - {BD3C0477-6DD5-41DA-8AF8-5937C655EB75} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwn0s - {BD3C0477-6DD5-41DA-8AF8-5937C655EB75} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwo0 - {BD3C0477-6DD5-41DA-8AF8-5937C655EB75} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwo0s - {BD3C0477-6DD5-41DA-8AF8-5937C655EB75} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwp0 - {BD3C0477-6DD5-41DA-8AF8-5937C655EB75} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwp0s - {BD3C0477-6DD5-41DA-8AF8-5937C655EB75} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwq0 - {BD3C0477-6DD5-41DA-8AF8-5937C655EB75} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwq0s - {BD3C0477-6DD5-41DA-8AF8-5937C655EB75} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwr0 - {BD3C0477-6DD5-41DA-8AF8-5937C655EB75} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwr0s - {BD3C0477-6DD5-41DA-8AF8-5937C655EB75} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bws0 - {BD3C0477-6DD5-41DA-8AF8-5937C655EB75} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bws0s - {BD3C0477-6DD5-41DA-8AF8-5937C655EB75} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwt0 - {BD3C0477-6DD5-41DA-8AF8-5937C655EB75} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwt0s - {BD3C0477-6DD5-41DA-8AF8-5937C655EB75} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwu0 - {BD3C0477-6DD5-41DA-8AF8-5937C655EB75} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwu0s - {BD3C0477-6DD5-41DA-8AF8-5937C655EB75} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwv0 - {BD3C0477-6DD5-41DA-8AF8-5937C655EB75} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwv0s - {BD3C0477-6DD5-41DA-8AF8-5937C655EB75} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bww0 - {BD3C0477-6DD5-41DA-8AF8-5937C655EB75} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bww0s - {BD3C0477-6DD5-41DA-8AF8-5937C655EB75} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwx0 - {BD3C0477-6DD5-41DA-8AF8-5937C655EB75} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwx0s - {BD3C0477-6DD5-41DA-8AF8-5937C655EB75} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwy0 - {BD3C0477-6DD5-41DA-8AF8-5937C655EB75} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwy0s - {BD3C0477-6DD5-41DA-8AF8-5937C655EB75} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwz0 - {BD3C0477-6DD5-41DA-8AF8-5937C655EB75} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwz0s - {BD3C0477-6DD5-41DA-8AF8-5937C655EB75} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
    O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
    O18 - Protocol: offline-8876480 - {BD3C0477-6DD5-41DA-8AF8-5937C655EB75} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O20 - Winlogon Notify: MCPClient - C:\Program Files\Common Files\Stardock\mcpstub.dll
    O20 - Winlogon Notify: WB - C:\PROGRA~1\Stardock\OBJECT~1\WINDOW~1\fastload.dll
    O21 - SSODL: cholecyst - {ee2975b6-e8d5-405e-8448-8fe9590f6cfb} - C:\Documents and Settings\Ville\Application Data\Microsoft\Installer.dll
    O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\System32\Ati2evxx.exe
    O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
    O23 - Service: F-Secure BackWeb (BackWeb Client - 7681197) - Unknown owner - C:\PROGRA~1\F-Secure\BackWeb\7681197\Program\SERVIC~1.EXE
    O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.exe
    O23 - Service: ewido anti-spyware 4.0 guard - Anti-Malware Development a.s. - C:\Program Files\ewido anti-spyware 4.0\guard.exe
    O23 - Service: F-Secure BackWeb LAN Access - Unknown owner - C:\Program Files\F-Secure\BackWeb\7681197\Program\fsbwlan.exe
    O23 - Service: F-Secure Gatekeeper Handler Starter - F-Secure Corp. - C:\Program Files\F-Secure\Anti-Virus\fsgk32st.exe
    O23 - Service: F-Secure Network Request Broker - F-Secure Corporation - C:\Program Files\F-Secure\Common\FNRB32.EXE
    O23 - Service: F-Secure Authentication Agent (FSAA) - F-Secure Corporation. All Rights Reserved. - C:\Program Files\F-Secure\Common\FSAA.EXE
    O23 - Service: F-Secure Management Agent (FSMA) - F-Secure Corporation - C:\Program Files\F-Secure\Common\FSMA32.EXE
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
    O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
    O23 - Service: Macromedia Licensing Service - Unknown owner - C:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe
    O23 - Service: ServiceLayer - Nokia. - C:\Program Files\Common Files\PCSuite\Services\ServiceLayer.exe

     
    I_C, 06.08.2006
    #3
  5. blade81

    blade81 Active member

    Liittynyt:
    29.07.2003
    Viestejä:
    1,287
    Kiitokset:
    0
    Pisteet:
    66
    Onhan siellä roskaa.


    Ensin lataa LSPfix.exe (http://www.cexx.org/lspfix.htm) sopivaan sijaintiin (kuten C:\Program Files\LSPFix tai vaikkapa työpöydälle). ÄLÄ aja tätä ohjelmaa vielä. Tätä tulee käyttää VAIN jos internetyhteys häviää NewDotNetin poiston jäljiltä.

    NewDotNetin poisto; Mene;

    Käynnistä > Ohjauspaneeli > Lisää/Poista sovellus ja hävitä seuraava jos näkyy;

    New.Net Applications tai New.Net Domains (Mitä vain mikä sanoo New.Net)

    Jos Lisää/Poista sovelluksessa ei ole New.Net listattu, toimi näin.

    Varmista että anti-virus ja anti-spyware ohjelmat ovat suljettuna poiston ajan.

    Ne saattavat estää New.Netin poiston.

    Lataa NNuninstall.exe (http://www.new.net/support/NNuninstall.exe):



    * Tallenna se työpöydällesi.
    * Tupla-klikkaa NNuninstall.exe filua.
    * Ohjelma kysyy haluatko poistaa kaikki New.Netin nimet ja osat.
    * Klikkaa Yes.
    * Klikkaa poiston jälkeen OK.
    * Käynnistä kone uudelleen ("Yes - Restart now") ellei jäänyt mitään muuta kesken, jos jäi, jätä kone päälle ("No - I will restart later).



    Jos poisto ei onnistu ja virustorjuntaohjelma(t) estävät poisto-ohjelman ajon kokonaan tai
    osittain, tee näin: Irrota koneen verkko- tai modeemijohto koneesta siten, ettei sillä
    ole yhteyttä internettiin. Sulje tämän jälkeen virustorjuntaohjelma(t) ja aja
    NNuninstall.exe. Laita tämän jälkeen virustorjuntaohjelma(t) takaisin päälle ja
    vasta sitten kytke verkko- tai modeemijohto takaisin koneeseen.

    Tyhjennä roskakori.

    JOS menetät nettiyhteytesi kun olet New.Netin poistanut, tupla-klikkaa LSPFix.exe jonka latasit aiemmin. Rastita "I know what I'm doing" valinta. Näet kaksi paneelia; Jos on jotain listattu "Remove" paneeliin oikealla puolella, anna sen olla ja klikkaa "Finish>>". Seuraavaksi käynnistä uudelleen ja netin pitäisi toimia hyvin. Jos mitään ei ole listattu "Remove" paneeliin, ÄLÄ tee MITÄÄN - sulje LSPFix. Tule joltain toiselta koneelta hakemaan lisää neuvoa. (Tämä on vain varotoimenpide, useimmiten netti pysyy ihan kunnossa)

    Tämän jälkeen vielä Smitfraudfixin ajo.

    Lataa SmitfraudFix (c) S!Ri (http://siri.urz.free.fr/Fix/SmitfraudFix.zip)
    Pura sisältö (kansio nimeltä SmitfraudFix) työpöydällesi:

    Avaa SmitfraudFix kansio ja tupla-klikkaa smitfraudfix.cmd
    Valitse optio #1 - Search kirjoittamalla 1 ja painamalla "Enter"; tekstitiedosto avautuu, joka listaa tarttuneet tiedostot (jos olemassa).
    Postita tämän tekstitiedoston sisältö viestiketjuusi.

    Huomaa : process.exe filun tunnistaa jotkut Anti-virus ohjelmat (AntiVir, Dr.Web, Kaspersky) "Haittakaluna"; se ei ole virus, vaan ohjelma joka pysäyttää prosesseja. A/V ohjelmat eivät pysty tunnistamaan hyvän ja pahan käytön tälläisten ohjelmian väliltä, silloin ne saattavat varoittaa käyttäjää.
    http://www.beyondlogic.org/consulting/proc...processutil.htm

    Laita uusi hjt-loki ja Smitfraudfixin loki.
     
    blade81, 06.08.2006
    #4
  6. I_C

    I_C Member

    Liittynyt:
    05.08.2006
    Viestejä:
    6
    Kiitokset:
    0
    Pisteet:
    11
    Tässä tämä SmitFraudfix:



    SmitFraudFix v2.81

    Scan done at 15:07:10.81, ti 08.08.2006
    Run from C:\Documents and Settings\Ville\Ty”p”yt„\SmitfraudFix
    OS: Microsoft Windows XP [versio 5.1.2600] - Windows_NT
    Fix ran in normal mode

    »»»»»»»»»»»»»»»»»»»»»»»» C:\


    »»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS


    »»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system


    »»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\Web


    »»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system32

    C:\WINDOWS\system32\dcomcfg.exe FOUND !
    C:\WINDOWS\system32\hp???.tmp FOUND !
    C:\WINDOWS\system32\hp????.tmp FOUND !
    C:\WINDOWS\system32\ld???.tmp FOUND !
    C:\WINDOWS\system32\ld????.tmp FOUND !
    C:\WINDOWS\system32\mzoeut.dll FOUND !
    C:\WINDOWS\system32\ot.ico FOUND !
    C:\WINDOWS\system32\regperf.exe FOUND !
    C:\WINDOWS\system32\simpole.tlb FOUND !
    C:\WINDOWS\system32\stdole3.tlb FOUND !
    C:\WINDOWS\system32\ts.ico FOUND !
    C:\WINDOWS\system32\1024\ FOUND !

    »»»»»»»»»»»»»»»»»»»»»»»» C:\Documents and Settings\Ville\Application Data


    »»»»»»»»»»»»»»»»»»»»»»»» Start Menu

    C:\DOCUME~1\ALLUSE~1\KYNNIS~1\Online Security Guide.url FOUND !
    C:\DOCUME~1\ALLUSE~1\KYNNIS~1\Security Troubleshooting.url FOUND !

    »»»»»»»»»»»»»»»»»»»»»»»» C:\DOCUME~1\Ville\Suosikit


    »»»»»»»»»»»»»»»»»»»»»»»» Desktop

    C:\DOCUME~1\ALLUSE~1\TYPYT~1\Online Security Guide.url FOUND !
    C:\DOCUME~1\ALLUSE~1\TYPYT~1\Security Troubleshooting.url FOUND !

    »»»»»»»»»»»»»»»»»»»»»»»» C:\Program Files


    »»»»»»»»»»»»»»»»»»»»»»»» Corrupted keys


    »»»»»»»»»»»»»»»»»»»»»»»» Desktop Components

    [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Desktop\Components\0]
    "Source"="About:Home"
    "SubscribedURL"="About:Home"
    "FriendlyName"="Nykyinen kotisivu"


    »»»»»»»»»»»»»»»»»»»»»»»» Sharedtaskscheduler
    !!!Attention, following keys are not inevitably infected!!!

    SrchSTS.exe by S!Ri
    Search SharedTaskScheduler's .dll

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler]
    "cholecyst"="{ee2975b6-e8d5-405e-8448-8fe9590f6cfb}"


    »»»»»»»»»»»»»»»»»»»»»»»» Scanning wininet.dll infection


    »»»»»»»»»»»»»»»»»»»»»»»» End






    Ja tässä uusi HjT:



    Logfile of HijackThis v1.99.1
    Scan saved at 15:20:39, on 8.8.2006
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\System32\Ati2evxx.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\Common Files\Stardock\SDMCP.exe
    C:\Program Files\Stardock\Object Desktop\WindowBlinds\wbload.exe
    C:\WINDOWS\system32\Ati2evxx.exe
    C:\WINDOWS\Explorer.EXE
    C:\PROGRA~1\F-Secure\BackWeb\7681197\Program\SERVIC~1.EXE
    C:\PROGRA~1\Stardock\OBJECT~1\DesktopX\desktopx.exe
    C:\WINDOWS\system32\cisvc.exe
    C:\WINDOWS\system32\CTsvcCDA.exe
    C:\Program Files\F-Secure\BackWeb\7681197\Program\BackWeb-7681197.exe
    C:\Program Files\ewido anti-spyware 4.0\guard.exe
    C:\Program Files\F-Secure\Anti-Virus\fsgk32st.exe
    C:\Program Files\F-Secure\Anti-Virus\FSGK32.EXE
    C:\Program Files\F-Secure\Anti-Virus\fssm32.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\dcomcfg.exe
    C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
    C:\Program Files\F-Secure\Common\FSM32.EXE
    C:\Program Files\Logitech\Video\LogiTray.exe
    C:\WINDOWS\system32\CTHELPER.EXE
    C:\WINDOWS\system32\LVComS.exe
    C:\WINDOWS\system32\MsPMSPSv.exe
    C:\WINDOWS\system32\rundll32.exe
    C:\Program Files\F-Secure\Common\FSMA32.EXE
    C:\Program Files\F-Secure\Common\FSMB32.EXE
    C:\Program Files\F-Secure\Common\FCH32.EXE
    C:\Program Files\F-Secure\Common\FAMEH32.EXE
    C:\Program Files\QuickTime\qttask.exe
    C:\Program Files\Common Files\Real\Update_OB\realsched.exe
    C:\Program Files\F-Secure\Common\FNRB32.EXE
    C:\Program Files\iTunes\iTunesHelper.exe
    C:\Program Files\F-Secure\Anti-Virus\fsav32.exe
    C:\Program Files\F-Secure\Common\FIH32.EXE
    C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
    C:\Program Files\iPod\bin\iPodService.exe
    C:\PROGRA~1\Nokia\NOKIAP~1\LAUNCH~1.EXE
    C:\Program Files\DAEMON Tools\daemon.exe
    C:\Program Files\Winamp\winampa.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
    C:\Program Files\Creative\SBAudigy\TaskBar\CTLTray.exe
    C:\Program Files\Messenger\msmsgs.exe
    C:\Program Files\Common Files\PCSuite\Services\ServiceLayer.exe
    C:\Program Files\CursorXP\CursorXP.exe
    C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe
    C:\PROGRA~1\COMMON~1\Nokia\MPAPI\MPAPI3s.exe
    C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe
    C:\Program Files\WinZip\WZQKPICK.EXE
    C:\Program Files\Opera\Opera.exe
    C:\WINDOWS\system32\cidaemon.exe
    C:\Program Files\HijackThis\HijackThis_v1.99.1.exe

    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.irc-galleria.net/
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Linkit
    O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
    O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
    O2 - BHO: (no name) - {f7d40011-29bb-43eb-9c97-875ce89e9e36} - C:\WINDOWS\system32\hp100.tmp
    O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
    O4 - HKLM\..\Run: [F-Secure Manager] "C:\Program Files\F-Secure\Common\FSM32.EXE" /splash
    O4 - HKLM\..\Run: [LogitechVideoRepair] C:\Program Files\Logitech\Video\ISStart.exe
    O4 - HKLM\..\Run: [LogitechVideoTray] C:\Program Files\Logitech\Video\LogiTray.exe
    O4 - HKLM\..\Run: [CTRegRun] C:\WINDOWS\CTRegRun.EXE
    O4 - HKLM\..\Run: [WINDVDPatch] CTHELPER.EXE
    O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE
    O4 - HKLM\..\Run: [Jet Detection] "C:\Program Files\Creative\SBAudigy\PROGRAM\ADGJDet.exe"
    O4 - HKLM\..\Run: [CTStartup] C:\Program Files\Creative\Splash Screen\CTEaxSpl.EXE /run
    O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\NeroCheck.exe
    O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
    O4 - HKLM\..\Run: [BTUSRBDG] BtUsrBdg.exe
    O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
    O4 - HKLM\..\Run: [UserFaultCheck] %systemroot%\system32\dumprep 0 -u
    O4 - HKLM\..\Run: [Update] C:\Program Files\Window Remonte Update\W1\Update.exe
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
    O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
    O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
    O4 - HKLM\..\Run: [PCSuiteTrayApplication] C:\PROGRA~1\Nokia\NOKIAP~1\LAUNCH~1.EXE -startup
    O4 - HKLM\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033
    O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe
    O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [LDM] C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
    O4 - HKCU\..\Run: [TaskTray] "C:\Program Files\Creative\SBAudigy\TaskBar\CTLTray.exe"
    O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
    O4 - HKCU\..\Run: [DesktopX] ""C:\PROGRA~1\Stardock\OBJECT~1\DesktopX\DesktopX.exe""
    O4 - HKCU\..\Run: [Yahoo! Pager] C:\Program Files\Yahoo!\Messenger\ypager.exe -quiet
    O4 - HKCU\..\Run: [CursorXP] C:\Program Files\CursorXP\CursorXP.exe
    O4 - HKCU\..\Run: [MessengerPlus3] "C:\Program Files\MessengerPlus! 3\MsgPlus.exe" /WinStart
    O4 - HKCU\..\Run: [PcSync] C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog
    O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
    O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
    O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
    O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe
    O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
    O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE
    O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O16 - DPF: {11260943-421B-11D0-8EAC-0000C07D88CF} (iPIX ActiveX Control) - http://www.ipix.com/viewers/ipixx.cab
    O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab31267.cab
    O16 - DPF: {15AD6789-CDB4-47E1-A9DA-992EE8E6BAD6} - http://static.windupdates.com/cab/WebsiteAccess/ie/Bridge-c139.cab
    O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
    O16 - DPF: {288C5F13-7E52-4ADA-A32E-F5BF9D125F98} (CR64Loader Object) - http://www.miniclip.com/supergerball/miniclipGameLoader.dll
    O16 - DPF: {31B7EB4E-8B4B-11D1-A789-00A0CC6651A8} (Cult3D ActiveX Player) - http://www.cult3d.com/download/cult.cab
    O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupdate.microsoft.c...ls/en/x86/client/wuweb_site.cab?1099520968828
    O16 - DPF: {745395C8-D0E1-4227-8586-624CA9A10A8D} (AxisMediaControl Class) - http://stareat.it.helsinki.fi/activex/AMC.cab
    O16 - DPF: {917623D1-D8E5-11D2-BE8B-00104B06BDE3} (CamImage Class) - http://217.118.221.102/cam/AxisCamControl.ocx
    O16 - DPF: {94EB57FE-2720-496C-B33F-D9353C6E23F7} (F-Secure Online Scanner 2.1) - http://support.f-secure.com/ols/fscax.cab
    O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMessengerSetupDownloader.cab
    O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://messenger.zone.msn.com/binary/ZIntro.cab31267.cab
    O16 - DPF: {D1E7CBDA-E60E-4970-A01C-37301EF7BF98} (Measurement Services Client v.3.7) - http://advisor.futuremark.com/global/msc37.cab
    O16 - DPF: {F04A8AE2-A59D-11D2-8792-00C04F8EF29D} (Hotmail Attachments Control) - http://by21fd.bay21.hotmail.msn.com/activex/HMAtchmt.ocx
    O16 - DPF: {FE0BD779-44EE-4A4B-AA2E-743C63F2E5E6} (IWinAmpActiveX Class) - http://pdl.stream.aol.com/downloads/aol/unagi/ampx_en_dl.cab
    O18 - Protocol: bw+0 - {BD3C0477-6DD5-41DA-8AF8-5937C655EB75} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw+0s - {BD3C0477-6DD5-41DA-8AF8-5937C655EB75} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw-0 - {BD3C0477-6DD5-41DA-8AF8-5937C655EB75} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw-0s - {BD3C0477-6DD5-41DA-8AF8-5937C655EB75} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw00 - {BD3C0477-6DD5-41DA-8AF8-5937C655EB75} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw00s - {BD3C0477-6DD5-41DA-8AF8-5937C655EB75} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw10 - {BD3C0477-6DD5-41DA-8AF8-5937C655EB75} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw10s - {BD3C0477-6DD5-41DA-8AF8-5937C655EB75} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw20 - {BD3C0477-6DD5-41DA-8AF8-5937C655EB75} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw20s - {BD3C0477-6DD5-41DA-8AF8-5937C655EB75} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw30 - {BD3C0477-6DD5-41DA-8AF8-5937C655EB75} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw30s - {BD3C0477-6DD5-41DA-8AF8-5937C655EB75} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw40 - {BD3C0477-6DD5-41DA-8AF8-5937C655EB75} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw40s - {BD3C0477-6DD5-41DA-8AF8-5937C655EB75} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw50 - {BD3C0477-6DD5-41DA-8AF8-5937C655EB75} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw50s - {BD3C0477-6DD5-41DA-8AF8-5937C655EB75} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw60 - {BD3C0477-6DD5-41DA-8AF8-5937C655EB75} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw60s - {BD3C0477-6DD5-41DA-8AF8-5937C655EB75} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw70 - {BD3C0477-6DD5-41DA-8AF8-5937C655EB75} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw70s - {BD3C0477-6DD5-41DA-8AF8-5937C655EB75} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw80 - {BD3C0477-6DD5-41DA-8AF8-5937C655EB75} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw80s - {BD3C0477-6DD5-41DA-8AF8-5937C655EB75} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw90 - {BD3C0477-6DD5-41DA-8AF8-5937C655EB75} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw90s - {BD3C0477-6DD5-41DA-8AF8-5937C655EB75} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwa0 - {BD3C0477-6DD5-41DA-8AF8-5937C655EB75} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwa0s - {BD3C0477-6DD5-41DA-8AF8-5937C655EB75} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwb0 - {BD3C0477-6DD5-41DA-8AF8-5937C655EB75} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwb0s - {BD3C0477-6DD5-41DA-8AF8-5937C655EB75} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwc0 - {BD3C0477-6DD5-41DA-8AF8-5937C655EB75} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwc0s - {BD3C0477-6DD5-41DA-8AF8-5937C655EB75} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwd0 - {BD3C0477-6DD5-41DA-8AF8-5937C655EB75} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwd0s - {BD3C0477-6DD5-41DA-8AF8-5937C655EB75} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwe0 - {BD3C0477-6DD5-41DA-8AF8-5937C655EB75} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwe0s - {BD3C0477-6DD5-41DA-8AF8-5937C655EB75} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwf0 - {BD3C0477-6DD5-41DA-8AF8-5937C655EB75} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwf0s - {BD3C0477-6DD5-41DA-8AF8-5937C655EB75} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
    O18 - Protocol: bwg0 - {BD3C0477-6DD5-41DA-8AF8-5937C655EB75} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwg0s - {BD3C0477-6DD5-41DA-8AF8-5937C655EB75} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwh0 - {BD3C0477-6DD5-41DA-8AF8-5937C655EB75} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwh0s - {BD3C0477-6DD5-41DA-8AF8-5937C655EB75} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwi0 - {BD3C0477-6DD5-41DA-8AF8-5937C655EB75} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwi0s - {BD3C0477-6DD5-41DA-8AF8-5937C655EB75} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwj0 - {BD3C0477-6DD5-41DA-8AF8-5937C655EB75} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwj0s - {BD3C0477-6DD5-41DA-8AF8-5937C655EB75} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwk0 - {BD3C0477-6DD5-41DA-8AF8-5937C655EB75} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwk0s - {BD3C0477-6DD5-41DA-8AF8-5937C655EB75} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwl0 - {BD3C0477-6DD5-41DA-8AF8-5937C655EB75} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwl0s - {BD3C0477-6DD5-41DA-8AF8-5937C655EB75} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwm0 - {BD3C0477-6DD5-41DA-8AF8-5937C655EB75} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwm0s - {BD3C0477-6DD5-41DA-8AF8-5937C655EB75} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwn0 - {BD3C0477-6DD5-41DA-8AF8-5937C655EB75} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwn0s - {BD3C0477-6DD5-41DA-8AF8-5937C655EB75} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwo0 - {BD3C0477-6DD5-41DA-8AF8-5937C655EB75} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwo0s - {BD3C0477-6DD5-41DA-8AF8-5937C655EB75} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwp0 - {BD3C0477-6DD5-41DA-8AF8-5937C655EB75} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwp0s - {BD3C0477-6DD5-41DA-8AF8-5937C655EB75} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwq0 - {BD3C0477-6DD5-41DA-8AF8-5937C655EB75} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwq0s - {BD3C0477-6DD5-41DA-8AF8-5937C655EB75} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwr0 - {BD3C0477-6DD5-41DA-8AF8-5937C655EB75} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwr0s - {BD3C0477-6DD5-41DA-8AF8-5937C655EB75} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bws0 - {BD3C0477-6DD5-41DA-8AF8-5937C655EB75} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bws0s - {BD3C0477-6DD5-41DA-8AF8-5937C655EB75} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwt0 - {BD3C0477-6DD5-41DA-8AF8-5937C655EB75} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwt0s - {BD3C0477-6DD5-41DA-8AF8-5937C655EB75} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwu0 - {BD3C0477-6DD5-41DA-8AF8-5937C655EB75} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwu0s - {BD3C0477-6DD5-41DA-8AF8-5937C655EB75} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwv0 - {BD3C0477-6DD5-41DA-8AF8-5937C655EB75} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwv0s - {BD3C0477-6DD5-41DA-8AF8-5937C655EB75} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bww0 - {BD3C0477-6DD5-41DA-8AF8-5937C655EB75} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bww0s - {BD3C0477-6DD5-41DA-8AF8-5937C655EB75} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwx0 - {BD3C0477-6DD5-41DA-8AF8-5937C655EB75} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwx0s - {BD3C0477-6DD5-41DA-8AF8-5937C655EB75} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwy0 - {BD3C0477-6DD5-41DA-8AF8-5937C655EB75} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwy0s - {BD3C0477-6DD5-41DA-8AF8-5937C655EB75} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwz0 - {BD3C0477-6DD5-41DA-8AF8-5937C655EB75} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwz0s - {BD3C0477-6DD5-41DA-8AF8-5937C655EB75} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
    O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
    O18 - Protocol: offline-8876480 - {BD3C0477-6DD5-41DA-8AF8-5937C655EB75} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O20 - Winlogon Notify: MCPClient - C:\Program Files\Common Files\Stardock\mcpstub.dll
    O20 - Winlogon Notify: WB - C:\PROGRA~1\Stardock\OBJECT~1\WINDOW~1\fastload.dll
    O21 - SSODL: cholecyst - {ee2975b6-e8d5-405e-8448-8fe9590f6cfb} - C:\Documents and Settings\Ville\Application Data\Microsoft\Installer.dll
    O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\System32\Ati2evxx.exe
    O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
    O23 - Service: F-Secure BackWeb (BackWeb Client - 7681197) - Unknown owner - C:\PROGRA~1\F-Secure\BackWeb\7681197\Program\SERVIC~1.EXE
    O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.exe
    O23 - Service: ewido anti-spyware 4.0 guard - Anti-Malware Development a.s. - C:\Program Files\ewido anti-spyware 4.0\guard.exe
    O23 - Service: F-Secure BackWeb LAN Access - Unknown owner - C:\Program Files\F-Secure\BackWeb\7681197\Program\fsbwlan.exe
    O23 - Service: F-Secure Gatekeeper Handler Starter - F-Secure Corp. - C:\Program Files\F-Secure\Anti-Virus\fsgk32st.exe
    O23 - Service: F-Secure Network Request Broker - F-Secure Corporation - C:\Program Files\F-Secure\Common\FNRB32.EXE
    O23 - Service: F-Secure Authentication Agent (FSAA) - F-Secure Corporation. All Rights Reserved. - C:\Program Files\F-Secure\Common\FSAA.EXE
    O23 - Service: F-Secure Management Agent (FSMA) - F-Secure Corporation - C:\Program Files\F-Secure\Common\FSMA32.EXE
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
    O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
    O23 - Service: Macromedia Licensing Service - Unknown owner - C:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe
    O23 - Service: ServiceLayer - Nokia. - C:\Program Files\Common Files\PCSuite\Services\ServiceLayer.exe

     
    I_C, 08.08.2006
    #5
  7. blade81

    blade81 Active member

    Liittynyt:
    29.07.2003
    Viestejä:
    1,287
    Kiitokset:
    0
    Pisteet:
    66
    Ennen kuin jatketaan ehdotan pienenä välietappina poistamaan Logitech Desktop Messengerin. Vie turhaan koneen resursseja ja tekee hjt-lokistakin melkoisen romaanin. :)

    Sitten itse fixaukseen..

    Printtaa ohjeet ulos.

    Käynnistä koneesi vikasietotilaan ja valitse tavallinen käyttäjätilisi.

    Kun vikasietotilassa, avaa SmitfraudFix kansio ja tupla-klikkaa smitfraudfix.cmd
    Valitse optio #2 - Clean kirjoittamalla 2 ja painamalla "Enter" poistaaksesi tarttuneet tiedostot.

    Sinulta kysytään: "Registry cleaning - Do you want to clean the registry ?"; vastaa "Yes" kirjoittamalla Y ja paina "Enter" poistaaksesi työpöydän taustakuvan ja puhdistaaksesi tarttuneet rekisteriavaimet.

    Työkalu tarkistaa jos wininet.dll on tarttunut. Sinua saatetaan pyytää korvaamaan tarttunut .dll (jos löytyy); vastaa "Yes" kirjoittamalla Y ja painamalla "Enter".

    Työkalun saattaa tarvita käynnistää kone uudelleen; jos ei tee niin, käynnistä normaaliin Windowsiin.
    Tekstitiedosto ilmestyy, puhdistusprosessin jäljiltä; kopioi & liitä tämän raportin tulokset vastaukseesi.
    Raportti löytyy paikalliselta levyltäsi, useimmiten C:\rapport.txt. Laita myös uusi hjt-loki
     
    blade81, 08.08.2006
    #6
  8. I_C

    I_C Member

    Liittynyt:
    05.08.2006
    Viestejä:
    6
    Kiitokset:
    0
    Pisteet:
    11
    -En ole ihan varma poistiko tuo kaikki mitä piti, mutta katsokaa..


    Tässä SmitFraudFix:



    SmitFraudFix v2.81

    Scan done at 19:53:24.65, ti 08.08.2006
    Run from C:\Documents and Settings\Ville\Ty”p”yt„\SmitfraudFix
    OS: Microsoft Windows XP [versio 5.1.2600] - Windows_NT
    Fix ran in safe mode

    »»»»»»»»»»»»»»»»»»»»»»»» Before SmitFraudFix
    !!!Attention, following keys are not inevitably infected!!!

    SrchSTS.exe by S!Ri
    Search SharedTaskScheduler's .dll

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler]
    "cholecyst"="{ee2975b6-e8d5-405e-8448-8fe9590f6cfb}"


    »»»»»»»»»»»»»»»»»»»»»»»» Killing process


    »»»»»»»»»»»»»»»»»»»»»»»» Generic Renos Fix

    GenericRenosFix by S!Ri

    C:\Documents and Settings\Ville\Application Data\Microsoft\Installer.dll ->
    C:\Documents and Settings\Ville\Application Data\Microsoft\Installer.dll -> Deleted


    »»»»»»»»»»»»»»»»»»»»»»»» Deleting infected files

    C:\WINDOWS\system32\dcomcfg.exe Deleted
    C:\WINDOWS\system32\hp???.tmp Deleted
    C:\WINDOWS\system32\ld???.tmp Deleted
    C:\WINDOWS\system32\mzoeut.dll Deleted
    C:\WINDOWS\system32\ot.ico Deleted
    C:\WINDOWS\system32\regperf.exe Deleted
    C:\WINDOWS\system32\simpole.tlb Deleted
    C:\WINDOWS\system32\stdole3.tlb Deleted
    C:\WINDOWS\system32\ts.ico Deleted
    C:\WINDOWS\system32\1024\ Deleted
    C:\DOCUME~1\ALLUSE~1\TYPYT~1\Online Security Guide.url Deleted
    C:\DOCUME~1\ALLUSE~1\TYPYT~1\Security Troubleshooting.url Deleted
    C:\DOCUME~1\ALLUSE~1\KYNNIS~1\Online Security Guide.url Deleted
    C:\DOCUME~1\ALLUSE~1\KYNNIS~1\Security Troubleshooting.url Deleted

    »»»»»»»»»»»»»»»»»»»»»»»» Deleting Temp Files


    »»»»»»»»»»»»»»»»»»»»»»»» Registry Cleaning

    Registry Cleaning done.

    »»»»»»»»»»»»»»»»»»»»»»»» After SmitFraudFix
    !!!Attention, following keys are not inevitably infected!!!

    SrchSTS.exe by S!Ri
    Search SharedTaskScheduler's .dll


    »»»»»»»»»»»»»»»»»»»»»»»» End






    Ja tässä HjT:



    Logfile of HijackThis v1.99.1
    Scan saved at 0:05:43, on 11.8.2006
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\System32\Ati2evxx.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\Common Files\Stardock\SDMCP.exe
    C:\Program Files\Stardock\Object Desktop\WindowBlinds\wbload.exe
    C:\WINDOWS\system32\Ati2evxx.exe
    C:\WINDOWS\Explorer.EXE
    C:\PROGRA~1\F-Secure\BackWeb\7681197\Program\SERVIC~1.EXE
    C:\PROGRA~1\Stardock\OBJECT~1\DesktopX\desktopx.exe
    C:\WINDOWS\system32\cisvc.exe
    C:\WINDOWS\system32\CTsvcCDA.exe
    C:\Program Files\F-Secure\BackWeb\7681197\Program\BackWeb-7681197.exe
    C:\Program Files\ewido anti-spyware 4.0\guard.exe
    C:\Program Files\F-Secure\Anti-Virus\fsgk32st.exe
    C:\Program Files\F-Secure\Anti-Virus\FSGK32.EXE
    C:\Program Files\F-Secure\Anti-Virus\fssm32.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
    C:\Program Files\F-Secure\Common\FSM32.EXE
    C:\WINDOWS\system32\MsPMSPSv.exe
    C:\Program Files\F-Secure\Common\FSMA32.EXE
    C:\Program Files\Logitech\Video\LogiTray.exe
    C:\Program Files\F-Secure\Common\FSMB32.EXE
    C:\Program Files\F-Secure\Common\FCH32.EXE
    C:\Program Files\F-Secure\Common\FAMEH32.EXE
    C:\WINDOWS\system32\CTHELPER.EXE
    C:\WINDOWS\system32\LVComS.exe
    C:\WINDOWS\system32\rundll32.exe
    C:\Program Files\F-Secure\Common\FNRB32.EXE
    C:\Program Files\F-Secure\Common\FIH32.EXE
    C:\Program Files\F-Secure\Anti-Virus\fsav32.exe
    C:\Program Files\QuickTime\qttask.exe
    C:\Program Files\Common Files\Real\Update_OB\realsched.exe
    C:\Program Files\iTunes\iTunesHelper.exe
    C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
    C:\PROGRA~1\Nokia\NOKIAP~1\LAUNCH~1.EXE
    C:\Program Files\iPod\bin\iPodService.exe
    C:\Program Files\DAEMON Tools\daemon.exe
    C:\Program Files\Winamp\winampa.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\Creative\SBAudigy\TaskBar\CTLTray.exe
    C:\Program Files\Messenger\msmsgs.exe
    C:\Program Files\CursorXP\CursorXP.exe
    C:\Program Files\Common Files\PCSuite\Services\ServiceLayer.exe
    C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe
    C:\Program Files\MSN Messenger\msnmsgr.exe
    C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe
    C:\Program Files\WinZip\WZQKPICK.EXE
    C:\PROGRA~1\COMMON~1\Nokia\MPAPI\MPAPI3s.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\wuauclt.exe
    C:\WINDOWS\system32\cidaemon.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Program Files\HijackThis\HijackThis_v1.99.1.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.irc-galleria.net/
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.irc-galleria.net/
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Linkit
    O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
    O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
    O2 - BHO: (no name) - {f7d40011-29bb-43eb-9c97-875ce89e9e36} - C:\WINDOWS\system32\hp100.tmp (file missing)
    O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
    O4 - HKLM\..\Run: [F-Secure Manager] "C:\Program Files\F-Secure\Common\FSM32.EXE" /splash
    O4 - HKLM\..\Run: [LogitechVideoRepair] C:\Program Files\Logitech\Video\ISStart.exe
    O4 - HKLM\..\Run: [LogitechVideoTray] C:\Program Files\Logitech\Video\LogiTray.exe
    O4 - HKLM\..\Run: [CTRegRun] C:\WINDOWS\CTRegRun.EXE
    O4 - HKLM\..\Run: [WINDVDPatch] CTHELPER.EXE
    O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE
    O4 - HKLM\..\Run: [Jet Detection] "C:\Program Files\Creative\SBAudigy\PROGRAM\ADGJDet.exe"
    O4 - HKLM\..\Run: [CTStartup] C:\Program Files\Creative\Splash Screen\CTEaxSpl.EXE /run
    O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\NeroCheck.exe
    O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
    O4 - HKLM\..\Run: [BTUSRBDG] BtUsrBdg.exe
    O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
    O4 - HKLM\..\Run: [UserFaultCheck] %systemroot%\system32\dumprep 0 -u
    O4 - HKLM\..\Run: [Update] C:\Program Files\Window Remonte Update\W1\Update.exe
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
    O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
    O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
    O4 - HKLM\..\Run: [PCSuiteTrayApplication] C:\PROGRA~1\Nokia\NOKIAP~1\LAUNCH~1.EXE -startup
    O4 - HKLM\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033
    O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe
    O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [TaskTray] "C:\Program Files\Creative\SBAudigy\TaskBar\CTLTray.exe"
    O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
    O4 - HKCU\..\Run: [DesktopX] ""C:\PROGRA~1\Stardock\OBJECT~1\DesktopX\DesktopX.exe""
    O4 - HKCU\..\Run: [Yahoo! Pager] C:\Program Files\Yahoo!\Messenger\ypager.exe -quiet
    O4 - HKCU\..\Run: [CursorXP] C:\Program Files\CursorXP\CursorXP.exe
    O4 - HKCU\..\Run: [MessengerPlus3] "C:\Program Files\MessengerPlus! 3\MsgPlus.exe" /WinStart
    O4 - HKCU\..\Run: [PcSync] C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog
    O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
    O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
    O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
    O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
    O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE
    O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O16 - DPF: {11260943-421B-11D0-8EAC-0000C07D88CF} (iPIX ActiveX Control) - http://www.ipix.com/viewers/ipixx.cab
    O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab31267.cab
    O16 - DPF: {15AD6789-CDB4-47E1-A9DA-992EE8E6BAD6} - http://static.windupdates.com/cab/WebsiteAccess/ie/Bridge-c139.cab
    O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
    O16 - DPF: {288C5F13-7E52-4ADA-A32E-F5BF9D125F98} (CR64Loader Object) - http://www.miniclip.com/supergerball/miniclipGameLoader.dll
    O16 - DPF: {31B7EB4E-8B4B-11D1-A789-00A0CC6651A8} (Cult3D ActiveX Player) - http://www.cult3d.com/download/cult.cab
    O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupdate.microsoft.c...ls/en/x86/client/wuweb_site.cab?1099520968828
    O16 - DPF: {745395C8-D0E1-4227-8586-624CA9A10A8D} (AxisMediaControl Class) - http://stareat.it.helsinki.fi/activex/AMC.cab
    O16 - DPF: {917623D1-D8E5-11D2-BE8B-00104B06BDE3} (CamImage Class) - http://217.118.221.102/cam/AxisCamControl.ocx
    O16 - DPF: {94EB57FE-2720-496C-B33F-D9353C6E23F7} (F-Secure Online Scanner 2.1) - http://support.f-secure.com/ols/fscax.cab
    O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMessengerSetupDownloader.cab
    O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://messenger.zone.msn.com/binary/ZIntro.cab31267.cab
    O16 - DPF: {D1E7CBDA-E60E-4970-A01C-37301EF7BF98} (Measurement Services Client v.3.7) - http://advisor.futuremark.com/global/msc37.cab
    O16 - DPF: {F04A8AE2-A59D-11D2-8792-00C04F8EF29D} (Hotmail Attachments Control) - http://by21fd.bay21.hotmail.msn.com/activex/HMAtchmt.ocx
    O16 - DPF: {FE0BD779-44EE-4A4B-AA2E-743C63F2E5E6} (IWinAmpActiveX Class) - http://pdl.stream.aol.com/downloads/aol/unagi/ampx_en_dl.cab
    O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
    O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
    O20 - Winlogon Notify: MCPClient - C:\Program Files\Common Files\Stardock\mcpstub.dll
    O20 - Winlogon Notify: WB - C:\PROGRA~1\Stardock\OBJECT~1\WINDOW~1\fastload.dll
    O21 - SSODL: cholecyst - {ee2975b6-e8d5-405e-8448-8fe9590f6cfb} - C:\Documents and Settings\Ville\Application Data\Microsoft\Installer.dll (file missing)
    O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\System32\Ati2evxx.exe
    O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
    O23 - Service: F-Secure BackWeb (BackWeb Client - 7681197) - Unknown owner - C:\PROGRA~1\F-Secure\BackWeb\7681197\Program\SERVIC~1.EXE
    O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.exe
    O23 - Service: ewido anti-spyware 4.0 guard - Anti-Malware Development a.s. - C:\Program Files\ewido anti-spyware 4.0\guard.exe
    O23 - Service: F-Secure BackWeb LAN Access - Unknown owner - C:\Program Files\F-Secure\BackWeb\7681197\Program\fsbwlan.exe
    O23 - Service: F-Secure Gatekeeper Handler Starter - F-Secure Corp. - C:\Program Files\F-Secure\Anti-Virus\fsgk32st.exe
    O23 - Service: F-Secure Network Request Broker - F-Secure Corporation - C:\Program Files\F-Secure\Common\FNRB32.EXE
    O23 - Service: F-Secure Authentication Agent (FSAA) - F-Secure Corporation. All Rights Reserved. - C:\Program Files\F-Secure\Common\FSAA.EXE
    O23 - Service: F-Secure Management Agent (FSMA) - F-Secure Corporation - C:\Program Files\F-Secure\Common\FSMA32.EXE
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
    O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
    O23 - Service: Macromedia Licensing Service - Unknown owner - C:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe
    O23 - Service: ServiceLayer - Nokia. - C:\Program Files\Common Files\PCSuite\Services\ServiceLayer.exe

     
    I_C, 10.08.2006
    #7
  9. shiatzuka

    shiatzuka Guest

    koneellani on virus

    tässä hjt log


    Logfile of HijackThis v1.99.1
    Scan saved at 10:39:41, on 11.8.2006
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\TGTSoft\StyleXP\StyleXPService.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\system32\CTsvcCDA.exe
    C:\Norman\bin\ZANDA.EXE
    C:\WINDOWS\system32\slserv.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\MsPMSPSv.exe
    C:\NORMAN\Nvc\BIN\NVCSCHED.EXE
    C:\NORMAN\Nvc\BIN\nvcoas.exe
    C:\Norman\bin\NJEEVES.EXE
    C:\Program Files\iPod\bin\iPodService.exe
    C:\Norman\Npf\BIN\NPFSVICE.EXE
    C:\WINDOWS\system32\winlogon.exe
    C:\ATI-CPanel\atiptaxx.exe
    C:\WINDOWS\SOUNDMAN.EXE
    C:\Norman\bin\ZLH.EXE
    C:\Program Files\Common Files\Real\Update_OB\realsched.exe
    C:\Program Files\Creative\SBAudigy2\Surround Mixer\CTSysVol.exe
    C:\Program Files\Creative\SBAudigy2\DVDAudio\CTDVDDet.EXE
    C:\WINDOWS\system32\CTHELPER.EXE
    J:\kamaa\asennnukset\MsgPlus.exe
    C:\Program Files\Winamp\winampa.exe
    C:\Program Files\Java\jre1.5.0_05\bin\jusched.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\Java\jre1.5.0_05\bin\jucheck.exe
    C:\Program Files\Skype\Phone\Skype.exe
    C:\Program Files\MSN Messenger\msnmsgr.exe
    C:\Norman\Nvc\bin\cclaw.exe
    C:\Norman\Npf\BIN\npfmsg2.exe
    C:\Program Files\GIANT Company Software\GIANT AntiSpyware\gcasDtServ.exe
    C:\Program Files\GIANT Company Software\GIANT AntiSpyware\gcasServ.exe
    C:\Program Files\Common Files\Real\Update_OB\RealOneMessageCenter.exe
    C:\WINDOWS\explorer.exe
    C:\Program Files\Mozilla Firefox\firefox.exe
    C:\Documents and Settings\koti_2\Työpöytä\HijackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.fi/
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Linkit
    O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\MSN Toolbar\01.02.5000.1021\fi\msntb.dll
    O4 - HKLM\..\Run: [ATIPTA] C:\ATI-CPanel\atiptaxx.exe
    O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
    O4 - HKLM\..\Run: [Norman ZANDA] C:\Norman\bin\ZLH.EXE /LOAD /SPLASH
    O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
    O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
    O4 - HKLM\..\Run: [CTSysVol] C:\Program Files\Creative\SBAudigy2\Surround Mixer\CTSysVol.exe
    O4 - HKLM\..\Run: [CTDVDDet] C:\Program Files\Creative\SBAudigy2\DVDAudio\CTDVDDet.EXE
    O4 - HKLM\..\Run: [CTHelper] CTHELPER.EXE
    O4 - HKLM\..\Run: [AsioReg] REGSVR32.EXE /S CTASIO.DLL
    O4 - HKLM\..\Run: [SBDrvDet] C:\Program Files\Creative\SB Drive Det\SBDrvDet.exe /r
    O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE
    O4 - HKLM\..\Run: [MessengerPlus3] "J:\kamaa\asennnukset\MsgPlus.exe"
    O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe
    O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_05\bin\jusched.exe
    O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
    O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [Microsoft Windows DLL Services Configuration] windir32.exe
    O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
    O4 - HKCU\..\Run: [MessengerPlus3] "J:\kamaa\asennnukset\MsgPlus.exe" /WinStart
    O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_05\bin\npjpi150_05.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_05\bin\npjpi150_05.dll
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O15 - Trusted Zone: optima.discendum.com
    O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab31267.cab
    O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupdate.microsoft.c...ls/en/x86/client/wuweb_site.cab?1103252033125
    O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
    O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
    O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
    O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
    O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
    O23 - Service: Norman API-hooking helper (NipSvc) - Unknown owner - C:\NORMAN\Nvc\BIN\nipsvc.exe
    O23 - Service: Norman NJeeves - Unknown owner - C:\Norman\bin\NJEEVES.EXE
    O23 - Service: Norman Type-R - Unknown owner - C:\Norman\Npf\BIN\NPFSVICE.EXE
    O23 - Service: Norman ZANDA - Unknown owner - C:\Norman\bin\ZANDA.EXE
    O23 - Service: Norman Virus Control on-access component (nvcoas) - Norman ASA - C:\NORMAN\Nvc\BIN\nvcoas.exe
    O23 - Service: Norman Virus Control Scheduler (NVCScheduler) - Norman Data Defense Systems - C:\NORMAN\Nvc\BIN\NVCSCHED.EXE
    O23 - Service: SmartLinkService (SLService) - - C:\WINDOWS\SYSTEM32\slserv.exe
    O23 - Service: StyleXPService - Unknown owner - C:\Program Files\TGTSoft\StyleXP\StyleXPService.exe
    O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
     
    shiatzuka, 11.08.2006
    #8
  10. -kemisti-

    -kemisti- Active member

    Liittynyt:
    06.06.2005
    Viestejä:
    6,305
    Kiitokset:
    0
    Pisteet:
    96
    @shiatzuka: Uudelleennimeä HijackThis.exe -> HJT.exe ja lähetä uusi HjT-loki
     
    -kemisti-, 11.08.2006
    #9
  11. Jannejt

    Jannejt Moderator Ylläpitäjä

    Liittynyt:
    10.02.2005
    Viestejä:
    5,045
    Kiitokset:
    6
    Pisteet:
    118
    ..mut välis teleporttii oikeelle alueelle :)
     
    Jannejt, 11.08.2006
    #10
  12. blade81

    blade81 Active member

    Liittynyt:
    29.07.2003
    Viestejä:
    1,287
    Kiitokset:
    0
    Pisteet:
    66
    @I_C:

    Fixaa seuraavat rivit hjtllä:
    O2 - BHO: (no name) - {f7d40011-29bb-43eb-9c97-875ce89e9e36} - C:\WINDOWS\system32\hp100.tmp (file missing)
    O16 - DPF: {288C5F13-7E52-4ADA-A32E-F5BF9D125F98} (CR64Loader Object) - http://www.miniclip.com/supergerball/miniclipGameLoader.dll
    O21 - SSODL: cholecyst - {ee2975b6-e8d5-405e-8448-8fe9590f6cfb} - C:\Documents and Settings\Ville\Application Data\Microsoft\Installer.dll (file missing)

    Buuttaa kone ja laita uusi hjt-loki.
     
    blade81, 11.08.2006
    #11
  13. I_C

    I_C Member

    Liittynyt:
    05.08.2006
    Viestejä:
    6
    Kiitokset:
    0
    Pisteet:
    11
    Niin noista fixauksista viä sen veraan (etten lähe vaan poistaan/säätään mitään väärää), että mitä pitää tarkalleen tehdä, siis aukasta HjT ja tehdä system scan ja valita noi mitä olit maininnut fixattavaksi ja sitten painaa?? (ei voi tietää kun ei oo koskaan ennen käyttäny kyseistä ohjelmaa)
     
    I_C, 16.08.2006
    #12
  14. blade81

    blade81 Active member

    Liittynyt:
    29.07.2003
    Viestejä:
    1,287
    Kiitokset:
    0
    Pisteet:
    66
    Painat fix checked. :)
     
    blade81, 16.08.2006
    #13
  15. I_C

    I_C Member

    Liittynyt:
    05.08.2006
    Viestejä:
    6
    Kiitokset:
    0
    Pisteet:
    11
    Juu tota vähän arvelinkin, mutta piti vaan varmistaa :p


    Mutta tässä on tämä uusi HjT logi:




    Logfile of HijackThis v1.99.1
    Scan saved at 18:50:37, on 16.8.2006
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\System32\Ati2evxx.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\Common Files\Stardock\SDMCP.exe
    C:\Program Files\Stardock\Object Desktop\WindowBlinds\wbload.exe
    C:\WINDOWS\system32\Ati2evxx.exe
    C:\WINDOWS\Explorer.EXE
    C:\PROGRA~1\Stardock\OBJECT~1\DesktopX\desktopx.exe
    C:\PROGRA~1\F-Secure\BackWeb\7681197\Program\SERVIC~1.EXE
    C:\WINDOWS\system32\cisvc.exe
    C:\WINDOWS\system32\CTsvcCDA.exe
    C:\Program Files\ewido anti-spyware 4.0\guard.exe
    C:\Program Files\F-Secure\Anti-Virus\fsgk32st.exe
    C:\Program Files\F-Secure\Anti-Virus\FSGK32.EXE
    C:\Program Files\F-Secure\Anti-Virus\fssm32.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
    C:\Program Files\F-Secure\Common\FSM32.EXE
    C:\Program Files\Logitech\Video\LogiTray.exe
    C:\WINDOWS\system32\CTHELPER.EXE
    C:\WINDOWS\system32\rundll32.exe
    C:\Program Files\QuickTime\qttask.exe
    C:\Program Files\Common Files\Real\Update_OB\realsched.exe
    C:\Program Files\iTunes\iTunesHelper.exe
    C:\WINDOWS\system32\LVComS.exe
    C:\WINDOWS\system32\MsPMSPSv.exe
    C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
    C:\PROGRA~1\Nokia\NOKIAP~1\LAUNCH~1.EXE
    C:\Program Files\DAEMON Tools\daemon.exe
    C:\Program Files\F-Secure\Common\FSMA32.EXE
    C:\Program Files\Winamp\winampa.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\F-Secure\Common\FSMB32.EXE
    C:\Program Files\Creative\SBAudigy\TaskBar\CTLTray.exe
    C:\Program Files\F-Secure\Common\FCH32.EXE
    C:\Program Files\F-Secure\Common\FAMEH32.EXE
    C:\Program Files\Messenger\msmsgs.exe
    C:\Program Files\iPod\bin\iPodService.exe
    C:\Program Files\CursorXP\CursorXP.exe
    C:\Program Files\F-Secure\Common\FNRB32.EXE
    C:\Program Files\F-Secure\Common\FIH32.EXE
    C:\Program Files\F-Secure\Anti-Virus\fsav32.exe
    C:\Program Files\Common Files\PCSuite\Services\ServiceLayer.exe
    C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe
    C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
    C:\Program Files\WinZip\WZQKPICK.EXE
    C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe
    C:\WINDOWS\system32\wuauclt.exe
    C:\PROGRA~1\COMMON~1\Nokia\MPAPI\MPAPI3s.exe
    C:\Program Files\F-Secure\BackWeb\7681197\Program\BackWeb-7681197.exe
    C:\Program Files\MSN Messenger\msnmsgr.exe
    C:\Program Files\HijackThis\HijackThis_v1.99.1.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.irc-galleria.net/
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.irc-galleria.net/
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Linkit
    O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
    O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
    O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
    O4 - HKLM\..\Run: [F-Secure Manager] "C:\Program Files\F-Secure\Common\FSM32.EXE" /splash
    O4 - HKLM\..\Run: [LogitechVideoRepair] C:\Program Files\Logitech\Video\ISStart.exe
    O4 - HKLM\..\Run: [LogitechVideoTray] C:\Program Files\Logitech\Video\LogiTray.exe
    O4 - HKLM\..\Run: [CTRegRun] C:\WINDOWS\CTRegRun.EXE
    O4 - HKLM\..\Run: [WINDVDPatch] CTHELPER.EXE
    O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE
    O4 - HKLM\..\Run: [Jet Detection] "C:\Program Files\Creative\SBAudigy\PROGRAM\ADGJDet.exe"
    O4 - HKLM\..\Run: [CTStartup] C:\Program Files\Creative\Splash Screen\CTEaxSpl.EXE /run
    O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\NeroCheck.exe
    O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
    O4 - HKLM\..\Run: [BTUSRBDG] BtUsrBdg.exe
    O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
    O4 - HKLM\..\Run: [UserFaultCheck] %systemroot%\system32\dumprep 0 -u
    O4 - HKLM\..\Run: [Update] C:\Program Files\Window Remonte Update\W1\Update.exe
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
    O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
    O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
    O4 - HKLM\..\Run: [PCSuiteTrayApplication] C:\PROGRA~1\Nokia\NOKIAP~1\LAUNCH~1.EXE -startup
    O4 - HKLM\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033
    O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe
    O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [TaskTray] "C:\Program Files\Creative\SBAudigy\TaskBar\CTLTray.exe"
    O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
    O4 - HKCU\..\Run: [DesktopX] ""C:\PROGRA~1\Stardock\OBJECT~1\DesktopX\DesktopX.exe""
    O4 - HKCU\..\Run: [Yahoo! Pager] C:\Program Files\Yahoo!\Messenger\ypager.exe -quiet
    O4 - HKCU\..\Run: [CursorXP] C:\Program Files\CursorXP\CursorXP.exe
    O4 - HKCU\..\Run: [MessengerPlus3] "C:\Program Files\MessengerPlus! 3\MsgPlus.exe" /WinStart
    O4 - HKCU\..\Run: [PcSync] C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog
    O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
    O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
    O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
    O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE
    O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O16 - DPF: {11260943-421B-11D0-8EAC-0000C07D88CF} (iPIX ActiveX Control) - http://www.ipix.com/viewers/ipixx.cab
    O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab31267.cab
    O16 - DPF: {15AD6789-CDB4-47E1-A9DA-992EE8E6BAD6} - http://static.windupdates.com/cab/WebsiteAccess/ie/Bridge-c139.cab
    O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
    O16 - DPF: {31B7EB4E-8B4B-11D1-A789-00A0CC6651A8} (Cult3D ActiveX Player) - http://www.cult3d.com/download/cult.cab
    O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupdate.microsoft.c...ls/en/x86/client/wuweb_site.cab?1099520968828
    O16 - DPF: {745395C8-D0E1-4227-8586-624CA9A10A8D} (AxisMediaControl Class) - http://stareat.it.helsinki.fi/activex/AMC.cab
    O16 - DPF: {917623D1-D8E5-11D2-BE8B-00104B06BDE3} (CamImage Class) - http://217.118.221.102/cam/AxisCamControl.ocx
    O16 - DPF: {94EB57FE-2720-496C-B33F-D9353C6E23F7} (F-Secure Online Scanner 2.1) - http://support.f-secure.com/ols/fscax.cab
    O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMessengerSetupDownloader.cab
    O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://messenger.zone.msn.com/binary/ZIntro.cab31267.cab
    O16 - DPF: {D1E7CBDA-E60E-4970-A01C-37301EF7BF98} (Measurement Services Client v.3.7) - http://advisor.futuremark.com/global/msc37.cab
    O16 - DPF: {F04A8AE2-A59D-11D2-8792-00C04F8EF29D} (Hotmail Attachments Control) - http://by21fd.bay21.hotmail.msn.com/activex/HMAtchmt.ocx
    O16 - DPF: {FE0BD779-44EE-4A4B-AA2E-743C63F2E5E6} (IWinAmpActiveX Class) - http://pdl.stream.aol.com/downloads/aol/unagi/ampx_en_dl.cab
    O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
    O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
    O20 - Winlogon Notify: MCPClient - C:\Program Files\Common Files\Stardock\mcpstub.dll
    O20 - Winlogon Notify: WB - C:\PROGRA~1\Stardock\OBJECT~1\WINDOW~1\fastload.dll
    O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\System32\Ati2evxx.exe
    O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
    O23 - Service: F-Secure BackWeb (BackWeb Client - 7681197) - Unknown owner - C:\PROGRA~1\F-Secure\BackWeb\7681197\Program\SERVIC~1.EXE
    O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.exe
    O23 - Service: ewido anti-spyware 4.0 guard - Anti-Malware Development a.s. - C:\Program Files\ewido anti-spyware 4.0\guard.exe
    O23 - Service: F-Secure BackWeb LAN Access - Unknown owner - C:\Program Files\F-Secure\BackWeb\7681197\Program\fsbwlan.exe
    O23 - Service: F-Secure Gatekeeper Handler Starter - F-Secure Corp. - C:\Program Files\F-Secure\Anti-Virus\fsgk32st.exe
    O23 - Service: F-Secure Network Request Broker - F-Secure Corporation - C:\Program Files\F-Secure\Common\FNRB32.EXE
    O23 - Service: F-Secure Authentication Agent (FSAA) - F-Secure Corporation. All Rights Reserved. - C:\Program Files\F-Secure\Common\FSAA.EXE
    O23 - Service: F-Secure Management Agent (FSMA) - F-Secure Corporation - C:\Program Files\F-Secure\Common\FSMA32.EXE
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
    O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
    O23 - Service: Macromedia Licensing Service - Unknown owner - C:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe
    O23 - Service: ServiceLayer - Nokia. - C:\Program Files\Common Files\PCSuite\Services\ServiceLayer.exe

     
    I_C, 16.08.2006
    #14
  16. blade81

    blade81 Active member

    Liittynyt:
    29.07.2003
    Viestejä:
    1,287
    Kiitokset:
    0
    Pisteet:
    66
    Nyt näyttäs hyvältä. :) Vielä ongelmia?
     
    blade81, 16.08.2006
    #15
Viestiketjun tila:
Viestiketju on suljettu.

Jaa tämä sivu