HJT-Loki

621 · Jan 17, 2006

Juu, tässä olisi minun koneen vanhuksen HJT-Loki.

Logfile of HijackThis v1.99.1
Scan saved at 18:10:18, on 17.1.2006
Platform: Windows 2000 SP2 (WinNT 5.00.2195)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\system32\spoolsv.exe
C:\WINNT\System32\CTSvcCDA.EXE
C:\WINNT\System32\svchost.exe
C:\WINNT\system32\regsvc.exe
C:\WINNT\system32\MSTask.exe
C:\WINNT\system32\ZoneLabs\vsmon.exe
C:\WINNT\Explorer.EXE
C:\WINNT\System32\WBEM\WinMgmt.exe
C:\WINNT\System32\mspmspsv.exe
C:\WINNT\System32\HostSVC.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\WINNT\loadqm.exe
C:\Program Files\MessengerPlus! 3\MsgPlus.exe
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\D-Tools\daemon.exe
C:\WINNT\System32\LVCOMSX.EXE
C:\Program Files\Logitech\Video\LogiTray.exe
C:\WINNT\System32\winPE.exe
C:\WINNT\System32\internat.exe
C:\Program Files\Logitech\Video\FxSvr2.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\Janne\Työpöytä\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.dnainternet.fi/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = dna Internet Explorer
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,AutoConfigURL = http://paivitys.dnainternet.fi/yhteys/proxy.pac
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Linkit
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINNT\System32\msdxm.ocx
O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
O4 - HKLM\..\Run: [HostSVC syse] HostSVC.exe
O4 - HKLM\..\Run: [Windows Automatic Updater] WinUpdater.exe
O4 - HKLM\..\Run: [Zone Labs Client] C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
O4 - HKLM\..\Run: [LoadQM] loadqm.exe
O4 - HKLM\..\Run: [NeroCheck] C:\WINNT\system32\NeroCheck.exe
O4 - HKLM\..\Run: [MessengerPlus3] "C:\Program Files\MessengerPlus! 3\MsgPlus.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [DAEMON Tools-1033] "C:\Program Files\D-Tools\daemon.exe" -lang 1033
O4 - HKLM\..\Run: [LVCOMSX] C:\WINNT\System32\LVCOMSX.EXE
O4 - HKLM\..\Run: [LogitechVideoRepair] C:\Program Files\Logitech\Video\ISStart.exe
O4 - HKLM\..\Run: [LogitechVideoTray] C:\Program Files\Logitech\Video\LogiTray.exe
O4 - HKLM\..\Run: [ms ownage] winPE.exe
O4 - HKLM\..\RunServices: [HostSVC syse] HostSVC.exe
O4 - HKLM\..\RunServices: [Windows Automatic Updater] WinUpdater.exe
O4 - HKLM\..\RunServices: [ms ownage] winPE.exe
O4 - HKCU\..\Run: [Windows Automatic Updater] WinUpdater.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [internat.exe] internat.exe
O4 - HKCU\..\Run: [LogitechSoftwareUpdate] "C:\Program Files\Logitech\Video\ManifestEngine.exe" boot
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/msnmessengersetupdownloader.cab
O16 - DPF: {D1E7CBDA-E60E-4970-A01C-37301EF7BF98} (Measurement Services Client v.3.7) - http://gameadvisor.futuremark.com/global/msc37.cab
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINNT\System32\CTSvcCDA.EXE
O23 - Service: Loogisen levyn hallinnan valvontapalvelu (dmadmin) - VERITAS Software Corp. - C:\WINNT\System32\dmadmin.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINNT\system32\ZoneLabs\vsmon.exe

spertti · Jan 17, 2006

Fixaa nämä:

O4 - HKLM\..\Run: [HostSVC syse] HostSVC.exe
O4 - HKLM\..\Run: [Windows Automatic Updater] WinUpdater.exe
O4 - HKLM\..\Run: [ms ownage] winPE.exe
O4 - HKLM\..\RunServices: [HostSVC syse] HostSVC.exe
O4 - HKLM\..\RunServices: [Windows Automatic Updater] WinUpdater.exe
O4 - HKLM\..\RunServices: [ms ownage] winPE.exe
O4 - HKCU\..\Run: [Windows Automatic Updater] WinUpdater.exe

Hae Ewido >
http://keskustelu.afterdawn.com/thread_view.cfm/269186
Asenna ja päivitä, mutta älä tee muuta

Laita piilotiedostot näkyviin, ohje ->
http://keskustelu.afterdawn.com/thread_view.cfm/248944

Käynnistä vikasietotilaan ( en muista mikä nappi käynnistyksen yhteydessä se on Win2000:ssa )

Poista nämä jos löytyy

C:\WINNT\System32\HostSVC.exe
C:\WINNT\System32\winPE.exe
WinUpdater.exe < Tuon polkua en näe, mutta jos se ei ole samassa polussa noiden muiden kanssa, niin käytä Windowsin omaa etsi toimintoa

Skannaa Ewidolla siellä vikasietotilassa, ja tallenna raportti

Lähetä uusi loki, ja Ewidon raportti

621 · Jan 17, 2006

Juu, tuota winPE:tä, eikä Winupdater.exeä ei löytänyt etsi toiminto. Ja sitten tuota SVC Hostia yritin poistaa, mutta se sano, että "Lähdetiedosto voi olla käytössä" tai jotain. Mutta tässä silti lokit:

Logfile of HijackThis v1.99.1
Scan saved at 23:11:20, on 17.1.2006
Platform: Windows 2000 SP2 (WinNT 5.00.2195)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\system32\spoolsv.exe
C:\WINNT\System32\CTSvcCDA.EXE
C:\WINNT\System32\svchost.exe
C:\Program Files\ewido anti-malware\ewidoctrl.exe
C:\WINNT\system32\regsvc.exe
C:\WINNT\system32\MSTask.exe
C:\WINNT\system32\ZoneLabs\vsmon.exe
C:\WINNT\Explorer.EXE
C:\WINNT\System32\WBEM\WinMgmt.exe
C:\WINNT\System32\mspmspsv.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\WINNT\loadqm.exe
C:\Program Files\MessengerPlus! 3\MsgPlus.exe
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINNT\System32\LVCOMSX.EXE
C:\Program Files\Logitech\Video\LogiTray.exe
C:\WINNT\System32\internat.exe
C:\Program Files\Logitech\Video\ManifestEngine.exe
C:\Program Files\Logitech\Video\FxSvr2.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\Janne\Työpöytä\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.dnainternet.fi/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = dna Internet Explorer
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,AutoConfigURL = http://paivitys.dnainternet.fi/yhteys/proxy.pac
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Linkit
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINNT\System32\msdxm.ocx
O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
O4 - HKLM\..\Run: [Zone Labs Client] C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
O4 - HKLM\..\Run: [LoadQM] loadqm.exe
O4 - HKLM\..\Run: [NeroCheck] C:\WINNT\system32\NeroCheck.exe
O4 - HKLM\..\Run: [MessengerPlus3] "C:\Program Files\MessengerPlus! 3\MsgPlus.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [LVCOMSX] C:\WINNT\System32\LVCOMSX.EXE
O4 - HKLM\..\Run: [LogitechVideoRepair] C:\Program Files\Logitech\Video\ISStart.exe
O4 - HKLM\..\Run: [LogitechVideoTray] C:\Program Files\Logitech\Video\LogiTray.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [internat.exe] internat.exe
O4 - HKCU\..\Run: [LogitechSoftwareUpdate] "C:\Program Files\Logitech\Video\ManifestEngine.exe" boot
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/msnmessengersetupdownloader.cab
O16 - DPF: {D1E7CBDA-E60E-4970-A01C-37301EF7BF98} (Measurement Services Client v.3.7) - http://gameadvisor.futuremark.com/global/msc37.cab
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINNT\System32\CTSvcCDA.EXE
O23 - Service: Loogisen levyn hallinnan valvontapalvelu (dmadmin) - VERITAS Software Corp. - C:\WINNT\System32\dmadmin.exe
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido anti-malware\ewidoctrl.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINNT\system32\ZoneLabs\vsmon.exe

---------------------------------------------------------
ewido anti-malware - Scan report
---------------------------------------------------------

+ Created on: 22:57:28, 17.1.2006
+ Report-Checksum: 88BBFF2B

+ Scan result:

:mozilla.7:C:\Documents and Settings\Janne\Application Data\Mozilla\Firefox\Profiles\fte1kbxk.default\cookies.txt -> Spyware.Cookie.Tradedoubler : Cleaned with backup
:mozilla.8:C:\Documents and Settings\Janne\Application Data\Mozilla\Firefox\Profiles\fte1kbxk.default\cookies.txt -> Spyware.Cookie.Tradedoubler : Cleaned with backup
:mozilla.33:C:\Documents and Settings\Janne\Application Data\Mozilla\Firefox\Profiles\fte1kbxk.default\cookies.txt -> Spyware.Cookie.Statcounter : Cleaned with backup
:mozilla.34:C:\Documents and Settings\Janne\Application Data\Mozilla\Firefox\Profiles\fte1kbxk.default\cookies.txt -> Spyware.Cookie.Statcounter : Cleaned with backup
:mozilla.36:C:\Documents and Settings\Janne\Application Data\Mozilla\Firefox\Profiles\fte1kbxk.default\cookies.txt -> Spyware.Cookie.Overture : Cleaned with backup
:mozilla.37:C:\Documents and Settings\Janne\Application Data\Mozilla\Firefox\Profiles\fte1kbxk.default\cookies.txt -> Spyware.Cookie.Overture : Cleaned with backup
:mozilla.40:C:\Documents and Settings\Janne\Application Data\Mozilla\Firefox\Profiles\fte1kbxk.default\cookies.txt -> Spyware.Cookie.Tribalfusion : Cleaned with backup
:mozilla.61:C:\Documents and Settings\Janne\Application Data\Mozilla\Firefox\Profiles\fte1kbxk.default\cookies.txt -> Spyware.Cookie.Bfast : Cleaned with backup
:mozilla.63:C:\Documents and Settings\Janne\Application Data\Mozilla\Firefox\Profiles\fte1kbxk.default\cookies.txt -> Spyware.Cookie.Com : Cleaned with backup
:mozilla.64:C:\Documents and Settings\Janne\Application Data\Mozilla\Firefox\Profiles\fte1kbxk.default\cookies.txt -> Spyware.Cookie.Com : Cleaned with backup
:mozilla.65:C:\Documents and Settings\Janne\Application Data\Mozilla\Firefox\Profiles\fte1kbxk.default\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
:mozilla.78:C:\Documents and Settings\Janne\Application Data\Mozilla\Firefox\Profiles\fte1kbxk.default\cookies.txt -> Spyware.Cookie.Hitbox : Cleaned with backup
:mozilla.79:C:\Documents and Settings\Janne\Application Data\Mozilla\Firefox\Profiles\fte1kbxk.default\cookies.txt -> Spyware.Cookie.Hitbox : Cleaned with backup
:mozilla.80:C:\Documents and Settings\Janne\Application Data\Mozilla\Firefox\Profiles\fte1kbxk.default\cookies.txt -> Spyware.Cookie.Hitbox : Cleaned with backup
:mozilla.81:C:\Documents and Settings\Janne\Application Data\Mozilla\Firefox\Profiles\fte1kbxk.default\cookies.txt -> Spyware.Cookie.Hitbox : Cleaned with backup
:mozilla.84:C:\Documents and Settings\Janne\Application Data\Mozilla\Firefox\Profiles\fte1kbxk.default\cookies.txt -> Spyware.Cookie.Fastclick : Cleaned with backup
:mozilla.85:C:\Documents and Settings\Janne\Application Data\Mozilla\Firefox\Profiles\fte1kbxk.default\cookies.txt -> Spyware.Cookie.Fastclick : Cleaned with backup
:mozilla.86:C:\Documents and Settings\Janne\Application Data\Mozilla\Firefox\Profiles\fte1kbxk.default\cookies.txt -> Spyware.Cookie.Fastclick : Cleaned with backup
C:\Documents and Settings\Janne\Cookies\janne@ad.yieldmanager[1].txt -> Spyware.Cookie.Yieldmanager : Cleaned with backup
C:\Documents and Settings\Janne\Cookies\janne@yieldmanager[2].txt -> Spyware.Cookie.Yieldmanager : Cleaned with backup
C:\WINNT\system32\HostSVC.exe -> Backdoor.IRCBot.az : Cleaned with backup
C:\WINNT\system32\rdcwiee.exe -> Heuristic.Win32.Morphine-Crypted : Cleaned with backup
C:\WINNT\system32\rtlno.exe -> Heuristic.Win32.Morphine-Crypted : Cleaned with backup
C:\WINNT\system32\winPE.exe -> Backdoor.Rbot : Cleaned with backup
C:\WINNT\system32\ybn1e.fon -> Backdoor.IRC.Mox.a : Cleaned with backup
C:\WINNT\system32\ybn3e.fon -> Worm.Randon.a : Cleaned with backup

::Report End

spertti · Jan 17, 2006

Ewidohan ne oli osannut poistaakin =)

Eli näyttää hyvältä. Vieläkö ongelmia?

PS. Tuli kylmät väreet, kun sanoit että SVC hostia yritit poistaa =)
On nimittäin ihan winukan oma filu, mikä on todella tärkeä.... Pyysin poistamaan HostSVC filun, mikä oli örminkäinen... Mutta kaikki lähti niinkuin pitikin.

621 · Jan 17, 2006

Juu, kone toimii, kuin tuliterä Ferrari. Aloin miettimäänkin, että miksihän minun pitää poistaa tuo SVC Host, mutta olinkin lukenut sanat väärinpäin.

-Kiitos.

spertti · Jan 17, 2006

Eipä mitään =)

Kannattaa tosiaan lukea nuo ohjeet aina tarkasti, niin ei pääse totaalisesti käyttistään tuhoamaan =)

Vent · Jan 17, 2006

Tässäpä pähkäiltävää.

Logfile of HijackThis v1.99.1
Scan saved at 3:20:27, on 18.1.2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Network Associates\Common Framework\FrameworkService.exe
C:\Program Files\Network Associates\VirusScan\Mcshield.exe
C:\Program Files\Network Associates\VirusScan\VsTskMgr.exe
C:\Program Files\Speed Disk\nopdb.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\Logitech\iTouch\iTouch.exe
C:\PROGRA~1\Logitech\MOUSEW~1\SYSTEM\EM_EXEC.EXE
C:\Program Files\Network Associates\VirusScan\SHSTAT.EXE
C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\mIRC\mirc.exe
C:\Program Files\RevConnect\DCPlusPlus.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\HJT\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://haku.soneraplaza.fi/haku/queryie5.jsp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.soneraplaza.fi
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.fi;*.*.fi;*.*.*.fi
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Linkit
O1 - Hosts: AmsServer
O2 - BHO: bho2gr Class - {31FF080D-12A3-439A-A2EF-4BA95A3148E8} - C:\Program Files\GetRight\xx2gr.dll
O2 - BHO: HomepageBHO - {7caf96a2-c556-460a-988e-76fc7895d284} - (no file)
O2 - BHO: (no name) - {CF52F4F7-EFB1-4C02-9423-3AC96C454E74} - C:\WINDOWS\system32\statpop.dll
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [zBrowser Launcher] C:\Program Files\Logitech\iTouch\iTouch.exe
O4 - HKLM\..\Run: [EM_EXEC] C:\PROGRA~1\Logitech\MOUSEW~1\SYSTEM\EM_EXEC.EXE
O4 - HKLM\..\Run: [ShStatEXE] "C:\Program Files\Network Associates\VirusScan\SHSTAT.EXE" /STANDALONE
O4 - HKLM\..\Run: [McAfeeUpdaterUI] "C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe" /StartedFromRunKey
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [Tweak UI] RUNDLL32.EXE TWEAKUI.CPL,TweakMeUp
O4 - HKLM\..\Run: [DAEMON Tools-1033] "C:\Program Files\D-Tools\daemon.exe" -lang 1033 -noicon
O8 - Extra context menu item: Download with GetRight - C:\Program Files\GetRight\GRdownload.htm
O8 - Extra context menu item: Open with GetRight Browser - C:\Program Files\GetRight\GRbrowse.htm
O8 - Extra context menu item: Vie Microsoft E&xceliin - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=http://www.soneraplaza.fi
O16 - DPF: {9122D757-5A4F-4768-82C5-B4171D8556A7} (PhotoPickConvert Class) - http://appdirectory.messenger.msn.com/AppDirectory/P4Apps/PhotoSwap/PhtPkMSN.cab
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O21 - SSODL: Ipmac - {E6D78B08-68A8-46A4-A091-C893A9DFC55D} - C:\WINDOWS\system32\v2vid.dll
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: McAfee Framework Service (McAfeeFramework) - Network Associates, Inc. - C:\Program Files\Network Associates\Common Framework\FrameworkService.exe
O23 - Service: Network Associates McShield (McShield) - Network Associates, Inc. - C:\Program Files\Network Associates\VirusScan\Mcshield.exe
O23 - Service: Network Associates Task Manager (McTaskManager) - Network Associates, Inc. - C:\Program Files\Network Associates\VirusScan\VsTskMgr.exe
O23 - Service: Speed Disk service - Symantec Corporation - C:\Program Files\Speed Disk\nopdb.exe

spertti · Jan 17, 2006

Fixaa nämä:

O2 - BHO: HomepageBHO - {7caf96a2-c556-460a-988e-76fc7895d284} - (no file)
O2 - BHO: (no name) - {CF52F4F7-EFB1-4C02-9423-3AC96C454E74} - C:\WINDOWS\system32\statpop.dll
O21 - SSODL: Ipmac - {E6D78B08-68A8-46A4-A091-C893A9DFC55D} - C:\WINDOWS\system32\v2vid.dll

Laita piilotiedostot näkyviin, ohje ->
http://keskustelu.afterdawn.com/thread_view.cfm/248944

Käynnistä vikasietotilaan ( F8 käynnistyksen yhteydessä ), ja poista

C:\WINDOWS\system32\====>v2vid.dll<=====

Käynnistä kone uudelleen, ja laita uusi loki

Vent · Jan 17, 2006

Tässä ois taas uus.

Logfile of HijackThis v1.99.1
Scan saved at 3:44:12, on 18.1.2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\userinit.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\Logitech\iTouch\iTouch.exe
C:\PROGRA~1\Logitech\MOUSEW~1\SYSTEM\EM_EXEC.EXE
C:\Program Files\Network Associates\VirusScan\SHSTAT.EXE
C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\mIRC\mirc.exe
C:\Program Files\Network Associates\Common Framework\FrameworkService.exe
C:\Program Files\Network Associates\VirusScan\Mcshield.exe
C:\Program Files\Network Associates\VirusScan\VsTskMgr.exe
C:\Program Files\Speed Disk\nopdb.exe
C:\WINDOWS\System32\svchost.exe
C:\HJT\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://haku.soneraplaza.fi/haku/queryie5.jsp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.soneraplaza.fi
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.fi;*.*.fi;*.*.*.fi
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Linkit
O1 - Hosts: AmsServer
O2 - BHO: bho2gr Class - {31FF080D-12A3-439A-A2EF-4BA95A3148E8} - C:\Program Files\GetRight\xx2gr.dll
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [zBrowser Launcher] C:\Program Files\Logitech\iTouch\iTouch.exe
O4 - HKLM\..\Run: [EM_EXEC] C:\PROGRA~1\Logitech\MOUSEW~1\SYSTEM\EM_EXEC.EXE
O4 - HKLM\..\Run: [ShStatEXE] "C:\Program Files\Network Associates\VirusScan\SHSTAT.EXE" /STANDALONE
O4 - HKLM\..\Run: [McAfeeUpdaterUI] "C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe" /StartedFromRunKey
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [Tweak UI] RUNDLL32.EXE TWEAKUI.CPL,TweakMeUp
O4 - HKLM\..\Run: [DAEMON Tools-1033] "C:\Program Files\D-Tools\daemon.exe" -lang 1033 -noicon
O8 - Extra context menu item: Download with GetRight - C:\Program Files\GetRight\GRdownload.htm
O8 - Extra context menu item: Open with GetRight Browser - C:\Program Files\GetRight\GRbrowse.htm
O8 - Extra context menu item: Vie Microsoft E&xceliin - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=http://www.soneraplaza.fi
O16 - DPF: {9122D757-5A4F-4768-82C5-B4171D8556A7} (PhotoPickConvert Class) - http://appdirectory.messenger.msn.com/AppDirectory/P4Apps/PhotoSwap/PhtPkMSN.cab
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: McAfee Framework Service (McAfeeFramework) - Network Associates, Inc. - C:\Program Files\Network Associates\Common Framework\FrameworkService.exe
O23 - Service: Network Associates McShield (McShield) - Network Associates, Inc. - C:\Program Files\Network Associates\VirusScan\Mcshield.exe
O23 - Service: Network Associates Task Manager (McTaskManager) - Network Associates, Inc. - C:\Program Files\Network Associates\VirusScan\VsTskMgr.exe
O23 - Service: Speed Disk service - Symantec Corporation - C:\Program Files\Speed Disk\nopdb.exe

spertti · Jan 17, 2006

Eipä tuossa örkkejä näy, mutta varmistutaan nyt vielä
Hae Ewido > http://keskustelu.afterdawn.com/thread_view.cfm/269186
Tee ohjeiden mukaan ja lähetä sen raportti tänne.

Vent · Jan 17, 2006

---------------------------------------------------------
ewido anti-malware - Scan report
---------------------------------------------------------

+ Created on: 4:16:31, 18.1.2006
+ Report-Checksum: CF2EF637

+ Scan result:

:mozilla.6:C:\Documents and Settings\Nakke Nakuttaja\Application Data\Mozilla\Firefox\Profiles\1cz66gua.Oletuskäyttäjä\cookies.txt -> Spyware.Cookie.Yieldmanager : Cleaned with backup
:mozilla.11:C:\Documents and Settings\Nakke Nakuttaja\Application Data\Mozilla\Firefox\Profiles\1cz66gua.Oletuskäyttäjä\cookies.txt -> Spyware.Cookie.Yieldmanager : Cleaned with backup
:mozilla.12:C:\Documents and Settings\Nakke Nakuttaja\Application Data\Mozilla\Firefox\Profiles\1cz66gua.Oletuskäyttäjä\cookies.txt -> Spyware.Cookie.Yieldmanager : Cleaned with backup
:mozilla.13:C:\Documents and Settings\Nakke Nakuttaja\Application Data\Mozilla\Firefox\Profiles\1cz66gua.Oletuskäyttäjä\cookies.txt -> Spyware.Cookie.Yieldmanager : Cleaned with backup
:mozilla.16:C:\Documents and Settings\Nakke Nakuttaja\Application Data\Mozilla\Firefox\Profiles\1cz66gua.Oletuskäyttäjä\cookies.txt -> Spyware.Cookie.Adbrite : Cleaned with backup
:mozilla.41:C:\Documents and Settings\Nakke Nakuttaja\Application Data\Mozilla\Firefox\Profiles\1cz66gua.Oletuskäyttäjä\cookies.txt -> Spyware.Cookie.Tradedoubler : Cleaned with backup
:mozilla.42:C:\Documents and Settings\Nakke Nakuttaja\Application Data\Mozilla\Firefox\Profiles\1cz66gua.Oletuskäyttäjä\cookies.txt -> Spyware.Cookie.Tradedoubler : Cleaned with backup
:mozilla.43:C:\Documents and Settings\Nakke Nakuttaja\Application Data\Mozilla\Firefox\Profiles\1cz66gua.Oletuskäyttäjä\cookies.txt -> Spyware.Cookie.Doubleclick : Cleaned with backup
:mozilla.64:C:\Documents and Settings\Nakke Nakuttaja\Application Data\Mozilla\Firefox\Profiles\1cz66gua.Oletuskäyttäjä\cookies.txt -> Spyware.Cookie.Hitbox : Cleaned with backup
:mozilla.69:C:\Documents and Settings\Nakke Nakuttaja\Application Data\Mozilla\Firefox\Profiles\1cz66gua.Oletuskäyttäjä\cookies.txt -> Spyware.Cookie.Mediaplex : Cleaned with backup
:mozilla.78:C:\Documents and Settings\Nakke Nakuttaja\Application Data\Mozilla\Firefox\Profiles\1cz66gua.Oletuskäyttäjä\cookies.txt -> Spyware.Cookie.Adtech : Cleaned with backup
:mozilla.79:C:\Documents and Settings\Nakke Nakuttaja\Application Data\Mozilla\Firefox\Profiles\1cz66gua.Oletuskäyttäjä\cookies.txt -> Spyware.Cookie.Adtech : Cleaned with backup
:mozilla.128:C:\Documents and Settings\Nakke Nakuttaja\Application Data\Mozilla\Firefox\Profiles\1cz66gua.Oletuskäyttäjä\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.129:C:\Documents and Settings\Nakke Nakuttaja\Application Data\Mozilla\Firefox\Profiles\1cz66gua.Oletuskäyttäjä\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.136:C:\Documents and Settings\Nakke Nakuttaja\Application Data\Mozilla\Firefox\Profiles\1cz66gua.Oletuskäyttäjä\cookies.txt -> Spyware.Cookie.Atdmt : Cleaned with backup
:mozilla.140:C:\Documents and Settings\Nakke Nakuttaja\Application Data\Mozilla\Firefox\Profiles\1cz66gua.Oletuskäyttäjä\cookies.txt -> Spyware.Cookie.Statcounter : Cleaned with backup
:mozilla.141:C:\Documents and Settings\Nakke Nakuttaja\Application Data\Mozilla\Firefox\Profiles\1cz66gua.Oletuskäyttäjä\cookies.txt -> Spyware.Cookie.Statcounter : Cleaned with backup
:mozilla.142:C:\Documents and Settings\Nakke Nakuttaja\Application Data\Mozilla\Firefox\Profiles\1cz66gua.Oletuskäyttäjä\cookies.txt -> Spyware.Cookie.Statcounter : Cleaned with backup
:mozilla.143:C:\Documents and Settings\Nakke Nakuttaja\Application Data\Mozilla\Firefox\Profiles\1cz66gua.Oletuskäyttäjä\cookies.txt -> Spyware.Cookie.Statcounter : Cleaned with backup
:mozilla.144:C:\Documents and Settings\Nakke Nakuttaja\Application Data\Mozilla\Firefox\Profiles\1cz66gua.Oletuskäyttäjä\cookies.txt -> Spyware.Cookie.Statcounter : Cleaned with backup
:mozilla.155:C:\Documents and Settings\Nakke Nakuttaja\Application Data\Mozilla\Firefox\Profiles\1cz66gua.Oletuskäyttäjä\cookies.txt -> Spyware.Cookie.Spylog : Cleaned with backup
:mozilla.156:C:\Documents and Settings\Nakke Nakuttaja\Application Data\Mozilla\Firefox\Profiles\1cz66gua.Oletuskäyttäjä\cookies.txt -> Spyware.Cookie.Fastclick : Cleaned with backup
:mozilla.157:C:\Documents and Settings\Nakke Nakuttaja\Application Data\Mozilla\Firefox\Profiles\1cz66gua.Oletuskäyttäjä\cookies.txt -> Spyware.Cookie.Adserver : Cleaned with backup
:mozilla.158:C:\Documents and Settings\Nakke Nakuttaja\Application Data\Mozilla\Firefox\Profiles\1cz66gua.Oletuskäyttäjä\cookies.txt -> Spyware.Cookie.Adserver : Cleaned with backup
:mozilla.159:C:\Documents and Settings\Nakke Nakuttaja\Application Data\Mozilla\Firefox\Profiles\1cz66gua.Oletuskäyttäjä\cookies.txt -> Spyware.Cookie.Fastclick : Cleaned with backup
:mozilla.162:C:\Documents and Settings\Nakke Nakuttaja\Application Data\Mozilla\Firefox\Profiles\1cz66gua.Oletuskäyttäjä\cookies.txt -> Spyware.Cookie.Tribalfusion : Cleaned with backup
:mozilla.163:C:\Documents and Settings\Nakke Nakuttaja\Application Data\Mozilla\Firefox\Profiles\1cz66gua.Oletuskäyttäjä\cookies.txt -> Spyware.Cookie.Hitslink : Cleaned with backup
:mozilla.164:C:\Documents and Settings\Nakke Nakuttaja\Application Data\Mozilla\Firefox\Profiles\1cz66gua.Oletuskäyttäjä\cookies.txt -> Spyware.Cookie.Hitslink : Cleaned with backup
:mozilla.165:C:\Documents and Settings\Nakke Nakuttaja\Application Data\Mozilla\Firefox\Profiles\1cz66gua.Oletuskäyttäjä\cookies.txt -> Spyware.Cookie.Hitslink : Cleaned with backup
:mozilla.167:C:\Documents and Settings\Nakke Nakuttaja\Application Data\Mozilla\Firefox\Profiles\1cz66gua.Oletuskäyttäjä\cookies.txt -> Spyware.Cookie.Hitslink : Cleaned with backup
:mozilla.204:C:\Documents and Settings\Nakke Nakuttaja\Application Data\Mozilla\Firefox\Profiles\1cz66gua.Oletuskäyttäjä\cookies.txt -> Spyware.Cookie.Hotlog : Cleaned with backup
:mozilla.217:C:\Documents and Settings\Nakke Nakuttaja\Application Data\Mozilla\Firefox\Profiles\1cz66gua.Oletuskäyttäjä\cookies.txt -> Spyware.Cookie.Dbbsrv : Cleaned with backup
:mozilla.228:C:\Documents and Settings\Nakke Nakuttaja\Application Data\Mozilla\Firefox\Profiles\1cz66gua.Oletuskäyttäjä\cookies.txt -> Spyware.Cookie.Revenue : Cleaned with backup
:mozilla.229:C:\Documents and Settings\Nakke Nakuttaja\Application Data\Mozilla\Firefox\Profiles\1cz66gua.Oletuskäyttäjä\cookies.txt -> Spyware.Cookie.Revenue : Cleaned with backup
:mozilla.230:C:\Documents and Settings\Nakke Nakuttaja\Application Data\Mozilla\Firefox\Profiles\1cz66gua.Oletuskäyttäjä\cookies.txt -> Spyware.Cookie.Revenue : Cleaned with backup
:mozilla.240:C:\Documents and Settings\Nakke Nakuttaja\Application Data\Mozilla\Firefox\Profiles\1cz66gua.Oletuskäyttäjä\cookies.txt -> Spyware.Cookie.Adbrite : Cleaned with backup
:mozilla.255:C:\Documents and Settings\Nakke Nakuttaja\Application Data\Mozilla\Firefox\Profiles\1cz66gua.Oletuskäyttäjä\cookies.txt -> Spyware.Cookie.Valueclick : Cleaned with backup
:mozilla.257:C:\Documents and Settings\Nakke Nakuttaja\Application Data\Mozilla\Firefox\Profiles\1cz66gua.Oletuskäyttäjä\cookies.txt -> Spyware.Cookie.Masterstats : Cleaned with backup
:mozilla.274:C:\Documents and Settings\Nakke Nakuttaja\Application Data\Mozilla\Firefox\Profiles\1cz66gua.Oletuskäyttäjä\cookies.txt -> Spyware.Cookie.Liveperson : Cleaned with backup
:mozilla.275:C:\Documents and Settings\Nakke Nakuttaja\Application Data\Mozilla\Firefox\Profiles\1cz66gua.Oletuskäyttäjä\cookies.txt -> Spyware.Cookie.Liveperson : Cleaned with backup
:mozilla.276:C:\Documents and Settings\Nakke Nakuttaja\Application Data\Mozilla\Firefox\Profiles\1cz66gua.Oletuskäyttäjä\cookies.txt -> Spyware.Cookie.Liveperson : Cleaned with backup
:mozilla.305:C:\Documents and Settings\Nakke Nakuttaja\Application Data\Mozilla\Firefox\Profiles\1cz66gua.Oletuskäyttäjä\cookies.txt -> Spyware.Cookie.Burstnet : Cleaned with backup
:mozilla.306:C:\Documents and Settings\Nakke Nakuttaja\Application Data\Mozilla\Firefox\Profiles\1cz66gua.Oletuskäyttäjä\cookies.txt -> Spyware.Cookie.Burstnet : Cleaned with backup
:mozilla.307:C:\Documents and Settings\Nakke Nakuttaja\Application Data\Mozilla\Firefox\Profiles\1cz66gua.Oletuskäyttäjä\cookies.txt -> Spyware.Cookie.Casalemedia : Cleaned with backup
:mozilla.308:C:\Documents and Settings\Nakke Nakuttaja\Application Data\Mozilla\Firefox\Profiles\1cz66gua.Oletuskäyttäjä\cookies.txt -> Spyware.Cookie.Casalemedia : Cleaned with backup
:mozilla.309:C:\Documents and Settings\Nakke Nakuttaja\Application Data\Mozilla\Firefox\Profiles\1cz66gua.Oletuskäyttäjä\cookies.txt -> Spyware.Cookie.Casalemedia : Cleaned with backup
:mozilla.310:C:\Documents and Settings\Nakke Nakuttaja\Application Data\Mozilla\Firefox\Profiles\1cz66gua.Oletuskäyttäjä\cookies.txt -> Spyware.Cookie.Casalemedia : Cleaned with backup
:mozilla.311:C:\Documents and Settings\Nakke Nakuttaja\Application Data\Mozilla\Firefox\Profiles\1cz66gua.Oletuskäyttäjä\cookies.txt -> Spyware.Cookie.Casalemedia : Cleaned with backup
:mozilla.312:C:\Documents and Settings\Nakke Nakuttaja\Application Data\Mozilla\Firefox\Profiles\1cz66gua.Oletuskäyttäjä\cookies.txt -> Spyware.Cookie.Casalemedia : Cleaned with backup
:mozilla.318:C:\Documents and Settings\Nakke Nakuttaja\Application Data\Mozilla\Firefox\Profiles\1cz66gua.Oletuskäyttäjä\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
:mozilla.319:C:\Documents and Settings\Nakke Nakuttaja\Application Data\Mozilla\Firefox\Profiles\1cz66gua.Oletuskäyttäjä\cookies.txt -> Spyware.Cookie.Questionmarket : Cleaned with backup
:mozilla.321:C:\Documents and Settings\Nakke Nakuttaja\Application Data\Mozilla\Firefox\Profiles\1cz66gua.Oletuskäyttäjä\cookies.txt -> Spyware.Cookie.Hitbox : Cleaned with backup
:mozilla.322:C:\Documents and Settings\Nakke Nakuttaja\Application Data\Mozilla\Firefox\Profiles\1cz66gua.Oletuskäyttäjä\cookies.txt -> Spyware.Cookie.Hitbox : Cleaned with backup
:mozilla.324:C:\Documents and Settings\Nakke Nakuttaja\Application Data\Mozilla\Firefox\Profiles\1cz66gua.Oletuskäyttäjä\cookies.txt -> Spyware.Cookie.Bfast : Cleaned with backup
:mozilla.26:C:\RECYCLER\S-1-5-21-527237240-1580436667-1343024091-1003\Dc22\Application Data\Mozilla\Firefox\Profiles\1cz66gua.Oletuskäyttäjä\cookies.txt -> Spyware.Cookie.Tradedoubler : Cleaned with backup
:mozilla.27:C:\RECYCLER\S-1-5-21-527237240-1580436667-1343024091-1003\Dc22\Application Data\Mozilla\Firefox\Profiles\1cz66gua.Oletuskäyttäjä\cookies.txt -> Spyware.Cookie.Tradedoubler : Cleaned with backup
:mozilla.28:C:\RECYCLER\S-1-5-21-527237240-1580436667-1343024091-1003\Dc22\Application Data\Mozilla\Firefox\Profiles\1cz66gua.Oletuskäyttäjä\cookies.txt -> Spyware.Cookie.Doubleclick : Cleaned with backup
:mozilla.50:C:\RECYCLER\S-1-5-21-527237240-1580436667-1343024091-1003\Dc22\Application Data\Mozilla\Firefox\Profiles\1cz66gua.Oletuskäyttäjä\cookies.txt -> Spyware.Cookie.Hitbox : Cleaned with backup
:mozilla.55:C:\RECYCLER\S-1-5-21-527237240-1580436667-1343024091-1003\Dc22\Application Data\Mozilla\Firefox\Profiles\1cz66gua.Oletuskäyttäjä\cookies.txt -> Spyware.Cookie.Mediaplex : Cleaned with backup
:mozilla.64:C:\RECYCLER\S-1-5-21-527237240-1580436667-1343024091-1003\Dc22\Application Data\Mozilla\Firefox\Profiles\1cz66gua.Oletuskäyttäjä\cookies.txt -> Spyware.Cookie.Adtech : Cleaned with backup
:mozilla.65:C:\RECYCLER\S-1-5-21-527237240-1580436667-1343024091-1003\Dc22\Application Data\Mozilla\Firefox\Profiles\1cz66gua.Oletuskäyttäjä\cookies.txt -> Spyware.Cookie.Adtech : Cleaned with backup
:mozilla.102:C:\RECYCLER\S-1-5-21-527237240-1580436667-1343024091-1003\Dc22\Application Data\Mozilla\Firefox\Profiles\1cz66gua.Oletuskäyttäjä\cookies.txt -> Spyware.Cookie.Adbrite : Cleaned with backup
:mozilla.115:C:\RECYCLER\S-1-5-21-527237240-1580436667-1343024091-1003\Dc22\Application Data\Mozilla\Firefox\Profiles\1cz66gua.Oletuskäyttäjä\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.116:C:\RECYCLER\S-1-5-21-527237240-1580436667-1343024091-1003\Dc22\Application Data\Mozilla\Firefox\Profiles\1cz66gua.Oletuskäyttäjä\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.123:C:\RECYCLER\S-1-5-21-527237240-1580436667-1343024091-1003\Dc22\Application Data\Mozilla\Firefox\Profiles\1cz66gua.Oletuskäyttäjä\cookies.txt -> Spyware.Cookie.Atdmt : Cleaned with backup
:mozilla.127:C:\RECYCLER\S-1-5-21-527237240-1580436667-1343024091-1003\Dc22\Application Data\Mozilla\Firefox\Profiles\1cz66gua.Oletuskäyttäjä\cookies.txt -> Spyware.Cookie.Statcounter : Cleaned with backup
:mozilla.128:C:\RECYCLER\S-1-5-21-527237240-1580436667-1343024091-1003\Dc22\Application Data\Mozilla\Firefox\Profiles\1cz66gua.Oletuskäyttäjä\cookies.txt -> Spyware.Cookie.Statcounter : Cleaned with backup
:mozilla.129:C:\RECYCLER\S-1-5-21-527237240-1580436667-1343024091-1003\Dc22\Application Data\Mozilla\Firefox\Profiles\1cz66gua.Oletuskäyttäjä\cookies.txt -> Spyware.Cookie.Statcounter : Cleaned with backup
:mozilla.130:C:\RECYCLER\S-1-5-21-527237240-1580436667-1343024091-1003\Dc22\Application Data\Mozilla\Firefox\Profiles\1cz66gua.Oletuskäyttäjä\cookies.txt -> Spyware.Cookie.Statcounter : Cleaned with backup
:mozilla.131:C:\RECYCLER\S-1-5-21-527237240-1580436667-1343024091-1003\Dc22\Application Data\Mozilla\Firefox\Profiles\1cz66gua.Oletuskäyttäjä\cookies.txt -> Spyware.Cookie.Statcounter : Cleaned with backup
:mozilla.142:C:\RECYCLER\S-1-5-21-527237240-1580436667-1343024091-1003\Dc22\Application Data\Mozilla\Firefox\Profiles\1cz66gua.Oletuskäyttäjä\cookies.txt -> Spyware.Cookie.Spylog : Cleaned with backup
:mozilla.143:C:\RECYCLER\S-1-5-21-527237240-1580436667-1343024091-1003\Dc22\Application Data\Mozilla\Firefox\Profiles\1cz66gua.Oletuskäyttäjä\cookies.txt -> Spyware.Cookie.Fastclick : Cleaned with backup
:mozilla.144:C:\RECYCLER\S-1-5-21-527237240-1580436667-1343024091-1003\Dc22\Application Data\Mozilla\Firefox\Profiles\1cz66gua.Oletuskäyttäjä\cookies.txt -> Spyware.Cookie.Adserver : Cleaned with backup
:mozilla.145:C:\RECYCLER\S-1-5-21-527237240-1580436667-1343024091-1003\Dc22\Application Data\Mozilla\Firefox\Profiles\1cz66gua.Oletuskäyttäjä\cookies.txt -> Spyware.Cookie.Adserver : Cleaned with backup
:mozilla.146:C:\RECYCLER\S-1-5-21-527237240-1580436667-1343024091-1003\Dc22\Application Data\Mozilla\Firefox\Profiles\1cz66gua.Oletuskäyttäjä\cookies.txt -> Spyware.Cookie.Fastclick : Cleaned with backup
:mozilla.149:C:\RECYCLER\S-1-5-21-527237240-1580436667-1343024091-1003\Dc22\Application Data\Mozilla\Firefox\Profiles\1cz66gua.Oletuskäyttäjä\cookies.txt -> Spyware.Cookie.Tribalfusion : Cleaned with backup
:mozilla.150:C:\RECYCLER\S-1-5-21-527237240-1580436667-1343024091-1003\Dc22\Application Data\Mozilla\Firefox\Profiles\1cz66gua.Oletuskäyttäjä\cookies.txt -> Spyware.Cookie.Hitslink : Cleaned with backup
:mozilla.151:C:\RECYCLER\S-1-5-21-527237240-1580436667-1343024091-1003\Dc22\Application Data\Mozilla\Firefox\Profiles\1cz66gua.Oletuskäyttäjä\cookies.txt -> Spyware.Cookie.Hitslink : Cleaned with backup
:mozilla.152:C:\RECYCLER\S-1-5-21-527237240-1580436667-1343024091-1003\Dc22\Application Data\Mozilla\Firefox\Profiles\1cz66gua.Oletuskäyttäjä\cookies.txt -> Spyware.Cookie.Hitslink : Cleaned with backup
:mozilla.154:C:\RECYCLER\S-1-5-21-527237240-1580436667-1343024091-1003\Dc22\Application Data\Mozilla\Firefox\Profiles\1cz66gua.Oletuskäyttäjä\cookies.txt -> Spyware.Cookie.Hitslink : Cleaned with backup
:mozilla.191:C:\RECYCLER\S-1-5-21-527237240-1580436667-1343024091-1003\Dc22\Application Data\Mozilla\Firefox\Profiles\1cz66gua.Oletuskäyttäjä\cookies.txt -> Spyware.Cookie.Hotlog : Cleaned with backup
:mozilla.197:C:\RECYCLER\S-1-5-21-527237240-1580436667-1343024091-1003\Dc22\Application Data\Mozilla\Firefox\Profiles\1cz66gua.Oletuskäyttäjä\cookies.txt -> Spyware.Cookie.Yieldmanager : Cleaned with backup
:mozilla.198:C:\RECYCLER\S-1-5-21-527237240-1580436667-1343024091-1003\Dc22\Application Data\Mozilla\Firefox\Profiles\1cz66gua.Oletuskäyttäjä\cookies.txt -> Spyware.Cookie.Yieldmanager : Cleaned with backup
:mozilla.199:C:\RECYCLER\S-1-5-21-527237240-1580436667-1343024091-1003\Dc22\Application Data\Mozilla\Firefox\Profiles\1cz66gua.Oletuskäyttäjä\cookies.txt -> Spyware.Cookie.Yieldmanager : Cleaned with backup
:mozilla.200:C:\RECYCLER\S-1-5-21-527237240-1580436667-1343024091-1003\Dc22\Application Data\Mozilla\Firefox\Profiles\1cz66gua.Oletuskäyttäjä\cookies.txt -> Spyware.Cookie.Yieldmanager : Cleaned with backup
:mozilla.201:C:\RECYCLER\S-1-5-21-527237240-1580436667-1343024091-1003\Dc22\Application Data\Mozilla\Firefox\Profiles\1cz66gua.Oletuskäyttäjä\cookies.txt -> Spyware.Cookie.Yieldmanager : Cleaned with backup
:mozilla.202:C:\RECYCLER\S-1-5-21-527237240-1580436667-1343024091-1003\Dc22\Application Data\Mozilla\Firefox\Profiles\1cz66gua.Oletuskäyttäjä\cookies.txt -> Spyware.Cookie.Yieldmanager : Cleaned with backup
:mozilla.208:C:\RECYCLER\S-1-5-21-527237240-1580436667-1343024091-1003\Dc22\Application Data\Mozilla\Firefox\Profiles\1cz66gua.Oletuskäyttäjä\cookies.txt -> Spyware.Cookie.Yieldmanager : Cleaned with backup
:mozilla.215:C:\RECYCLER\S-1-5-21-527237240-1580436667-1343024091-1003\Dc22\Application Data\Mozilla\Firefox\Profiles\1cz66gua.Oletuskäyttäjä\cookies.txt -> Spyware.Cookie.Dbbsrv : Cleaned with backup
:mozilla.229:C:\RECYCLER\S-1-5-21-527237240-1580436667-1343024091-1003\Dc22\Application Data\Mozilla\Firefox\Profiles\1cz66gua.Oletuskäyttäjä\cookies.txt -> Spyware.Cookie.Revenue : Cleaned with backup
:mozilla.230:C:\RECYCLER\S-1-5-21-527237240-1580436667-1343024091-1003\Dc22\Application Data\Mozilla\Firefox\Profiles\1cz66gua.Oletuskäyttäjä\cookies.txt -> Spyware.Cookie.Revenue : Cleaned with backup
:mozilla.231:C:\RECYCLER\S-1-5-21-527237240-1580436667-1343024091-1003\Dc22\Application Data\Mozilla\Firefox\Profiles\1cz66gua.Oletuskäyttäjä\cookies.txt -> Spyware.Cookie.Revenue : Cleaned with backup
:mozilla.241:C:\RECYCLER\S-1-5-21-527237240-1580436667-1343024091-1003\Dc22\Application Data\Mozilla\Firefox\Profiles\1cz66gua.Oletuskäyttäjä\cookies.txt -> Spyware.Cookie.Adbrite : Cleaned with backup
:mozilla.256:C:\RECYCLER\S-1-5-21-527237240-1580436667-1343024091-1003\Dc22\Application Data\Mozilla\Firefox\Profiles\1cz66gua.Oletuskäyttäjä\cookies.txt -> Spyware.Cookie.Valueclick : Cleaned with backup
:mozilla.258:C:\RECYCLER\S-1-5-21-527237240-1580436667-1343024091-1003\Dc22\Application Data\Mozilla\Firefox\Profiles\1cz66gua.Oletuskäyttäjä\cookies.txt -> Spyware.Cookie.Masterstats : Cleaned with backup
:mozilla.275:C:\RECYCLER\S-1-5-21-527237240-1580436667-1343024091-1003\Dc22\Application Data\Mozilla\Firefox\Profiles\1cz66gua.Oletuskäyttäjä\cookies.txt -> Spyware.Cookie.Liveperson : Cleaned with backup
:mozilla.276:C:\RECYCLER\S-1-5-21-527237240-1580436667-1343024091-1003\Dc22\Application Data\Mozilla\Firefox\Profiles\1cz66gua.Oletuskäyttäjä\cookies.txt -> Spyware.Cookie.Liveperson : Cleaned with backup
:mozilla.277:C:\RECYCLER\S-1-5-21-527237240-1580436667-1343024091-1003\Dc22\Application Data\Mozilla\Firefox\Profiles\1cz66gua.Oletuskäyttäjä\cookies.txt -> Spyware.Cookie.Liveperson : Cleaned with backup
:mozilla.306:C:\RECYCLER\S-1-5-21-527237240-1580436667-1343024091-1003\Dc22\Application Data\Mozilla\Firefox\Profiles\1cz66gua.Oletuskäyttäjä\cookies.txt -> Spyware.Cookie.Burstnet : Cleaned with backup
:mozilla.307:C:\RECYCLER\S-1-5-21-527237240-1580436667-1343024091-1003\Dc22\Application Data\Mozilla\Firefox\Profiles\1cz66gua.Oletuskäyttäjä\cookies.txt -> Spyware.Cookie.Burstnet : Cleaned with backup
:mozilla.308:C:\RECYCLER\S-1-5-21-527237240-1580436667-1343024091-1003\Dc22\Application Data\Mozilla\Firefox\Profiles\1cz66gua.Oletuskäyttäjä\cookies.txt -> Spyware.Cookie.Casalemedia : Cleaned with backup
:mozilla.309:C:\RECYCLER\S-1-5-21-527237240-1580436667-1343024091-1003\Dc22\Application Data\Mozilla\Firefox\Profiles\1cz66gua.Oletuskäyttäjä\cookies.txt -> Spyware.Cookie.Casalemedia : Cleaned with backup
:mozilla.310:C:\RECYCLER\S-1-5-21-527237240-1580436667-1343024091-1003\Dc22\Application Data\Mozilla\Firefox\Profiles\1cz66gua.Oletuskäyttäjä\cookies.txt -> Spyware.Cookie.Casalemedia : Cleaned with backup
:mozilla.311:C:\RECYCLER\S-1-5-21-527237240-1580436667-1343024091-1003\Dc22\Application Data\Mozilla\Firefox\Profiles\1cz66gua.Oletuskäyttäjä\cookies.txt -> Spyware.Cookie.Casalemedia : Cleaned with backup
:mozilla.312:C:\RECYCLER\S-1-5-21-527237240-1580436667-1343024091-1003\Dc22\Application Data\Mozilla\Firefox\Profiles\1cz66gua.Oletuskäyttäjä\cookies.txt -> Spyware.Cookie.Casalemedia : Cleaned with backup
:mozilla.313:C:\RECYCLER\S-1-5-21-527237240-1580436667-1343024091-1003\Dc22\Application Data\Mozilla\Firefox\Profiles\1cz66gua.Oletuskäyttäjä\cookies.txt -> Spyware.Cookie.Casalemedia : Cleaned with backup
:mozilla.319:C:\RECYCLER\S-1-5-21-527237240-1580436667-1343024091-1003\Dc22\Application Data\Mozilla\Firefox\Profiles\1cz66gua.Oletuskäyttäjä\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
:mozilla.320:C:\RECYCLER\S-1-5-21-527237240-1580436667-1343024091-1003\Dc22\Application Data\Mozilla\Firefox\Profiles\1cz66gua.Oletuskäyttäjä\cookies.txt -> Spyware.Cookie.Questionmarket : Cleaned with backup
:mozilla.322:C:\RECYCLER\S-1-5-21-527237240-1580436667-1343024091-1003\Dc22\Application Data\Mozilla\Firefox\Profiles\1cz66gua.Oletuskäyttäjä\cookies.txt -> Spyware.Cookie.Hitbox : Cleaned with backup
:mozilla.323:C:\RECYCLER\S-1-5-21-527237240-1580436667-1343024091-1003\Dc22\Application Data\Mozilla\Firefox\Profiles\1cz66gua.Oletuskäyttäjä\cookies.txt -> Spyware.Cookie.Hitbox : Cleaned with backup
:mozilla.325:C:\RECYCLER\S-1-5-21-527237240-1580436667-1343024091-1003\Dc22\Application Data\Mozilla\Firefox\Profiles\1cz66gua.Oletuskäyttäjä\cookies.txt -> Spyware.Cookie.Bfast : Cleaned with backup
:mozilla.26:C:\RECYCLER\S-1-5-21-527237240-1580436667-1343024091-1003\Dc8\Mozilla\Firefox\Profiles\1cz66gua.Oletuskäyttäjä\cookies.txt -> Spyware.Cookie.Tradedoubler : Cleaned with backup
:mozilla.27:C:\RECYCLER\S-1-5-21-527237240-1580436667-1343024091-1003\Dc8\Mozilla\Firefox\Profiles\1cz66gua.Oletuskäyttäjä\cookies.txt -> Spyware.Cookie.Tradedoubler : Cleaned with backup
:mozilla.28:C:\RECYCLER\S-1-5-21-527237240-1580436667-1343024091-1003\Dc8\Mozilla\Firefox\Profiles\1cz66gua.Oletuskäyttäjä\cookies.txt -> Spyware.Cookie.Doubleclick : Cleaned with backup
:mozilla.50:C:\RECYCLER\S-1-5-21-527237240-1580436667-1343024091-1003\Dc8\Mozilla\Firefox\Profiles\1cz66gua.Oletuskäyttäjä\cookies.txt -> Spyware.Cookie.Hitbox : Cleaned with backup
:mozilla.55:C:\RECYCLER\S-1-5-21-527237240-1580436667-1343024091-1003\Dc8\Mozilla\Firefox\Profiles\1cz66gua.Oletuskäyttäjä\cookies.txt -> Spyware.Cookie.Mediaplex : Cleaned with backup
:mozilla.64:C:\RECYCLER\S-1-5-21-527237240-1580436667-1343024091-1003\Dc8\Mozilla\Firefox\Profiles\1cz66gua.Oletuskäyttäjä\cookies.txt -> Spyware.Cookie.Adtech : Cleaned with backup
:mozilla.65:C:\RECYCLER\S-1-5-21-527237240-1580436667-1343024091-1003\Dc8\Mozilla\Firefox\Profiles\1cz66gua.Oletuskäyttäjä\cookies.txt -> Spyware.Cookie.Adtech : Cleaned with backup
:mozilla.102:C:\RECYCLER\S-1-5-21-527237240-1580436667-1343024091-1003\Dc8\Mozilla\Firefox\Profiles\1cz66gua.Oletuskäyttäjä\cookies.txt -> Spyware.Cookie.Adbrite : Cleaned with backup
:mozilla.115:C:\RECYCLER\S-1-5-21-527237240-1580436667-1343024091-1003\Dc8\Mozilla\Firefox\Profiles\1cz66gua.Oletuskäyttäjä\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.116:C:\RECYCLER\S-1-5-21-527237240-1580436667-1343024091-1003\Dc8\Mozilla\Firefox\Profiles\1cz66gua.Oletuskäyttäjä\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.123:C:\RECYCLER\S-1-5-21-527237240-1580436667-1343024091-1003\Dc8\Mozilla\Firefox\Profiles\1cz66gua.Oletuskäyttäjä\cookies.txt -> Spyware.Cookie.Atdmt : Cleaned with backup
:mozilla.127:C:\RECYCLER\S-1-5-21-527237240-1580436667-1343024091-1003\Dc8\Mozilla\Firefox\Profiles\1cz66gua.Oletuskäyttäjä\cookies.txt -> Spyware.Cookie.Statcounter : Cleaned with backup
:mozilla.128:C:\RECYCLER\S-1-5-21-527237240-1580436667-1343024091-1003\Dc8\Mozilla\Firefox\Profiles\1cz66gua.Oletuskäyttäjä\cookies.txt -> Spyware.Cookie.Statcounter : Cleaned with backup
:mozilla.129:C:\RECYCLER\S-1-5-21-527237240-1580436667-1343024091-1003\Dc8\Mozilla\Firefox\Profiles\1cz66gua.Oletuskäyttäjä\cookies.txt -> Spyware.Cookie.Statcounter : Cleaned with backup
:mozilla.130:C:\RECYCLER\S-1-5-21-527237240-1580436667-1343024091-1003\Dc8\Mozilla\Firefox\Profiles\1cz66gua.Oletuskäyttäjä\cookies.txt -> Spyware.Cookie.Statcounter : Cleaned with backup
:mozilla.131:C:\RECYCLER\S-1-5-21-527237240-1580436667-1343024091-1003\Dc8\Mozilla\Firefox\Profiles\1cz66gua.Oletuskäyttäjä\cookies.txt -> Spyware.Cookie.Statcounter : Cleaned with backup
:mozilla.142:C:\RECYCLER\S-1-5-21-527237240-1580436667-1343024091-1003\Dc8\Mozilla\Firefox\Profiles\1cz66gua.Oletuskäyttäjä\cookies.txt -> Spyware.Cookie.Spylog : Cleaned with backup
:mozilla.143:C:\RECYCLER\S-1-5-21-527237240-1580436667-1343024091-1003\Dc8\Mozilla\Firefox\Profiles\1cz66gua.Oletuskäyttäjä\cookies.txt -> Spyware.Cookie.Fastclick : Cleaned with backup
:mozilla.144:C:\RECYCLER\S-1-5-21-527237240-1580436667-1343024091-1003\Dc8\Mozilla\Firefox\Profiles\1cz66gua.Oletuskäyttäjä\cookies.txt -> Spyware.Cookie.Adserver : Cleaned with backup
:mozilla.145:C:\RECYCLER\S-1-5-21-527237240-1580436667-1343024091-1003\Dc8\Mozilla\Firefox\Profiles\1cz66gua.Oletuskäyttäjä\cookies.txt -> Spyware.Cookie.Adserver : Cleaned with backup
:mozilla.146:C:\RECYCLER\S-1-5-21-527237240-1580436667-1343024091-1003\Dc8\Mozilla\Firefox\Profiles\1cz66gua.Oletuskäyttäjä\cookies.txt -> Spyware.Cookie.Fastclick : Cleaned with backup
:mozilla.149:C:\RECYCLER\S-1-5-21-527237240-1580436667-1343024091-1003\Dc8\Mozilla\Firefox\Profiles\1cz66gua.Oletuskäyttäjä\cookies.txt -> Spyware.Cookie.Tribalfusion : Cleaned with backup
:mozilla.150:C:\RECYCLER\S-1-5-21-527237240-1580436667-1343024091-1003\Dc8\Mozilla\Firefox\Profiles\1cz66gua.Oletuskäyttäjä\cookies.txt -> Spyware.Cookie.Hitslink : Cleaned with backup
:mozilla.151:C:\RECYCLER\S-1-5-21-527237240-1580436667-1343024091-1003\Dc8\Mozilla\Firefox\Profiles\1cz66gua.Oletuskäyttäjä\cookies.txt -> Spyware.Cookie.Hitslink : Cleaned with backup
:mozilla.152:C:\RECYCLER\S-1-5-21-527237240-1580436667-1343024091-1003\Dc8\Mozilla\Firefox\Profiles\1cz66gua.Oletuskäyttäjä\cookies.txt -> Spyware.Cookie.Hitslink : Cleaned with backup
:mozilla.154:C:\RECYCLER\S-1-5-21-527237240-1580436667-1343024091-1003\Dc8\Mozilla\Firefox\Profiles\1cz66gua.Oletuskäyttäjä\cookies.txt -> Spyware.Cookie.Hitslink : Cleaned with backup
:mozilla.191:C:\RECYCLER\S-1-5-21-527237240-1580436667-1343024091-1003\Dc8\Mozilla\Firefox\Profiles\1cz66gua.Oletuskäyttäjä\cookies.txt -> Spyware.Cookie.Hotlog : Cleaned with backup
:mozilla.197:C:\RECYCLER\S-1-5-21-527237240-1580436667-1343024091-1003\Dc8\Mozilla\Firefox\Profiles\1cz66gua.Oletuskäyttäjä\cookies.txt -> Spyware.Cookie.Yieldmanager : Cleaned with backup
:mozilla.198:C:\RECYCLER\S-1-5-21-527237240-1580436667-1343024091-1003\Dc8\Mozilla\Firefox\Profiles\1cz66gua.Oletuskäyttäjä\cookies.txt -> Spyware.Cookie.Yieldmanager : Cleaned with backup
:mozilla.199:C:\RECYCLER\S-1-5-21-527237240-1580436667-1343024091-1003\Dc8\Mozilla\Firefox\Profiles\1cz66gua.Oletuskäyttäjä\cookies.txt -> Spyware.Cookie.Yieldmanager : Cleaned with backup
:mozilla.200:C:\RECYCLER\S-1-5-21-527237240-1580436667-1343024091-1003\Dc8\Mozilla\Firefox\Profiles\1cz66gua.Oletuskäyttäjä\cookies.txt -> Spyware.Cookie.Yieldmanager : Cleaned with backup
:mozilla.201:C:\RECYCLER\S-1-5-21-527237240-1580436667-1343024091-1003\Dc8\Mozilla\Firefox\Profiles\1cz66gua.Oletuskäyttäjä\cookies.txt -> Spyware.Cookie.Yieldmanager : Cleaned with backup
:mozilla.202:C:\RECYCLER\S-1-5-21-527237240-1580436667-1343024091-1003\Dc8\Mozilla\Firefox\Profiles\1cz66gua.Oletuskäyttäjä\cookies.txt -> Spyware.Cookie.Yieldmanager : Cleaned with backup
:mozilla.208:C:\RECYCLER\S-1-5-21-527237240-1580436667-1343024091-1003\Dc8\Mozilla\Firefox\Profiles\1cz66gua.Oletuskäyttäjä\cookies.txt -> Spyware.Cookie.Yieldmanager : Cleaned with backup
:mozilla.215:C:\RECYCLER\S-1-5-21-527237240-1580436667-1343024091-1003\Dc8\Mozilla\Firefox\Profiles\1cz66gua.Oletuskäyttäjä\cookies.txt -> Spyware.Cookie.Dbbsrv : Cleaned with backup
:mozilla.229:C:\RECYCLER\S-1-5-21-527237240-1580436667-1343024091-1003\Dc8\Mozilla\Firefox\Profiles\1cz66gua.Oletuskäyttäjä\cookies.txt -> Spyware.Cookie.Revenue : Cleaned with backup
:mozilla.230:C:\RECYCLER\S-1-5-21-527237240-1580436667-1343024091-1003\Dc8\Mozilla\Firefox\Profiles\1cz66gua.Oletuskäyttäjä\cookies.txt -> Spyware.Cookie.Revenue : Cleaned with backup
:mozilla.231:C:\RECYCLER\S-1-5-21-527237240-1580436667-1343024091-1003\Dc8\Mozilla\Firefox\Profiles\1cz66gua.Oletuskäyttäjä\cookies.txt -> Spyware.Cookie.Revenue : Cleaned with backup
:mozilla.241:C:\RECYCLER\S-1-5-21-527237240-1580436667-1343024091-1003\Dc8\Mozilla\Firefox\Profiles\1cz66gua.Oletuskäyttäjä\cookies.txt -> Spyware.Cookie.Adbrite : Cleaned with backup
:mozilla.256:C:\RECYCLER\S-1-5-21-527237240-1580436667-1343024091-1003\Dc8\Mozilla\Firefox\Profiles\1cz66gua.Oletuskäyttäjä\cookies.txt -> Spyware.Cookie.Valueclick : Cleaned with backup
:mozilla.258:C:\RECYCLER\S-1-5-21-527237240-1580436667-1343024091-1003\Dc8\Mozilla\Firefox\Profiles\1cz66gua.Oletuskäyttäjä\cookies.txt -> Spyware.Cookie.Masterstats : Cleaned with backup
:mozilla.275:C:\RECYCLER\S-1-5-21-527237240-1580436667-1343024091-1003\Dc8\Mozilla\Firefox\Profiles\1cz66gua.Oletuskäyttäjä\cookies.txt -> Spyware.Cookie.Liveperson : Cleaned with backup
:mozilla.276:C:\RECYCLER\S-1-5-21-527237240-1580436667-1343024091-1003\Dc8\Mozilla\Firefox\Profiles\1cz66gua.Oletuskäyttäjä\cookies.txt -> Spyware.Cookie.Liveperson : Cleaned with backup
:mozilla.277:C:\RECYCLER\S-1-5-21-527237240-1580436667-1343024091-1003\Dc8\Mozilla\Firefox\Profiles\1cz66gua.Oletuskäyttäjä\cookies.txt -> Spyware.Cookie.Liveperson : Cleaned with backup
:mozilla.306:C:\RECYCLER\S-1-5-21-527237240-1580436667-1343024091-1003\Dc8\Mozilla\Firefox\Profiles\1cz66gua.Oletuskäyttäjä\cookies.txt -> Spyware.Cookie.Burstnet : Cleaned with backup
:mozilla.307:C:\RECYCLER\S-1-5-21-527237240-1580436667-1343024091-1003\Dc8\Mozilla\Firefox\Profiles\1cz66gua.Oletuskäyttäjä\cookies.txt -> Spyware.Cookie.Burstnet : Cleaned with backup
:mozilla.308:C:\RECYCLER\S-1-5-21-527237240-1580436667-1343024091-1003\Dc8\Mozilla\Firefox\Profiles\1cz66gua.Oletuskäyttäjä\cookies.txt -> Spyware.Cookie.Casalemedia : Cleaned with backup
:mozilla.309:C:\RECYCLER\S-1-5-21-527237240-1580436667-1343024091-1003\Dc8\Mozilla\Firefox\Profiles\1cz66gua.Oletuskäyttäjä\cookies.txt -> Spyware.Cookie.Casalemedia : Cleaned with backup
:mozilla.310:C:\RECYCLER\S-1-5-21-527237240-1580436667-1343024091-1003\Dc8\Mozilla\Firefox\Profiles\1cz66gua.Oletuskäyttäjä\cookies.txt -> Spyware.Cookie.Casalemedia : Cleaned with backup
:mozilla.311:C:\RECYCLER\S-1-5-21-527237240-1580436667-1343024091-1003\Dc8\Mozilla\Firefox\Profiles\1cz66gua.Oletuskäyttäjä\cookies.txt -> Spyware.Cookie.Casalemedia : Cleaned with backup
:mozilla.312:C:\RECYCLER\S-1-5-21-527237240-1580436667-1343024091-1003\Dc8\Mozilla\Firefox\Profiles\1cz66gua.Oletuskäyttäjä\cookies.txt -> Spyware.Cookie.Casalemedia : Cleaned with backup
:mozilla.313:C:\RECYCLER\S-1-5-21-527237240-1580436667-1343024091-1003\Dc8\Mozilla\Firefox\Profiles\1cz66gua.Oletuskäyttäjä\cookies.txt -> Spyware.Cookie.Casalemedia : Cleaned with backup
:mozilla.319:C:\RECYCLER\S-1-5-21-527237240-1580436667-1343024091-1003\Dc8\Mozilla\Firefox\Profiles\1cz66gua.Oletuskäyttäjä\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
:mozilla.320:C:\RECYCLER\S-1-5-21-527237240-1580436667-1343024091-1003\Dc8\Mozilla\Firefox\Profiles\1cz66gua.Oletuskäyttäjä\cookies.txt -> Spyware.Cookie.Questionmarket : Cleaned with backup
:mozilla.322:C:\RECYCLER\S-1-5-21-527237240-1580436667-1343024091-1003\Dc8\Mozilla\Firefox\Profiles\1cz66gua.Oletuskäyttäjä\cookies.txt -> Spyware.Cookie.Hitbox : Cleaned with backup
:mozilla.323:C:\RECYCLER\S-1-5-21-527237240-1580436667-1343024091-1003\Dc8\Mozilla\Firefox\Profiles\1cz66gua.Oletuskäyttäjä\cookies.txt -> Spyware.Cookie.Hitbox : Cleaned with backup
:mozilla.325:C:\RECYCLER\S-1-5-21-527237240-1580436667-1343024091-1003\Dc8\Mozilla\Firefox\Profiles\1cz66gua.Oletuskäyttäjä\cookies.txt -> Spyware.Cookie.Bfast : Cleaned with backup
C:\WINDOWS\crrst32.exe -> Logger.PCSpy.b : Cleaned with backup
C:\WINDOWS\hl2crack.CAB/hl2crack.exe -> Heuristic.Win32.Backdoor.IrcBot : Cleaned with backup
C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\8DMRO1MF\istdownload[1].exe -> Downloader.IstBar : Cleaned with backup
C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\CDAV8D63\istsvc[1].exe -> Downloader.IstBar : Cleaned with backup
C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\KHQVWXI3\installist[1].exe -> Downloader.IstBar : Cleaned with backup
C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\KHQVWXI3\istbarcm[1].dll -> Downloader.IstBar.ik : Cleaned with backup

::Report End

spertti · Jan 17, 2006

Kyllähän siellä jotain ihan oikeita "pahiksiakin" oli joukossa.
Taitaa olla paras vielä varmistua puhtaudesa eScanilla > http://koti.mbnet.fi/pattaya1/escanmwav.htm
Tee ohjeiden mukaan, ja laita alalaatikon örkkitulokset tänne ( ohjeet siihenkin sivulla )

Vent · Jan 17, 2006

File C:\PROGRA~1\mIRC\mirc.exe tagged as not-a-virus:Client-IRC.Win32.mIRC.616. No Action Taken.
File C:\WINDOWS\system32\NTInvisible.dll tagged as not-a-virus:Monitor.Win32.SpyAgent.g. No Action Taken.

File C:\Documents and Settings\Nakke Nakuttaja\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\count.jar-4fb61ae6-4b4892ba.zip infected by "Exploit.Java.ByteVerify" Virus. Action Taken: File Renamed.

File C:\Program Files\mIRC\mirc.exe tagged as not-a-virus:Client-IRC.Win32.mIRC.616. No Action Taken.

File C:\RECYCLER\S-1-5-21-527237240-1580436667-1343024091-1003\Dc22\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\count.jar-4fb61ae6-4b4892ba.zip infected by "Exploit.Java.ByteVerify" Virus. Action Taken: File Renamed.

File C:\RECYCLER\S-1-5-21-527237240-1580436667-1343024091-1003\Dc22\Local Settings\Temporary Internet Files\Content.IE5\02BRSASR\NavBar[1].htm infected by "BkCln.Unknown" Virus. Action Taken: File Renamed.

File C:\RECYCLER\S-1-5-21-527237240-1580436667-1343024091-1003\Dc22\Local Settings\Temporary Internet Files\Content.IE5\02BRSASR\navi_corner_right[1].gif infected by "BkCln.Unknown" Virus. Action Taken: File Renamed.

File C:\RECYCLER\S-1-5-21-527237240-1580436667-1343024091-1003\Dc22\Local Settings\Temporary Internet Files\Content.IE5\02BRSASR\omadna[1].htm infected by "BkCln.Unknown" Virus. Action Taken: File Renamed.

File C:\RECYCLER\S-1-5-21-527237240-1580436667-1343024091-1003\Dc22\Local Settings\Temporary Internet Files\Content.IE5\02BRSASR\opRyhma_fi[1].gif infected by "BkCln.Unknown" Virus. Action Taken: File Renamed.

File C:\RECYCLER\S-1-5-21-527237240-1580436667-1343024091-1003\Dc22\Local Settings\Temporary Internet Files\Content.IE5\02BRSASR\op_fiEtusivu[1].gif infected by "BkCln.Unknown" Virus. ction Taken: File Renamed.

File C:\RECYCLER\S-1-5-21-527237240-1580436667-1343024091-1003\Dc22\Local Settings\Temporary Internet Files\Content.IE5\02BRSASR\personal[1].gif infected by "BkCln.Unknown" Virus. Action Taken: File Renamed.

File C:\RECYCLER\S-1-5-21-527237240-1580436667-1343024091-1003\Dc22\Local Settings\Temporary Internet Files\Content.IE5\02BRSASR\prefs[1].gif infected by "BkCln.Unknown" Virus. Action Taken: File Renamed.

File C:\RECYCLER\S-1-5-21-527237240-1580436667-1343024091-1003\Dc22\Local Settings\Temporary Internet Files\Content.IE5\02BRSASR\pysty_rasteri[1].gif infected by "BkCln.Unknown" Virus. Action Taken: File Renamed.

File C:\RECYCLER\S-1-5-21-527237240-1580436667-1343024091-1003\Dc22\Local Settings\Temporary Internet Files\Content.IE5\02BRSASR\reply[1].gif infected by "BkCln.Unknown" Virus. Action Taken: File Renamed.

File C:\RECYCLER\S-1-5-21-527237240-1580436667-1343024091-1003\Dc22\Local Settings\Temporary Internet Files\Content.IE5\02BRSASR\rollover[1].js infected by "BkCln.Unknown" Virus. Action Taken: File Deleted.

File C:\RECYCLER\S-1-5-21-527237240-1580436667-1343024091-1003\Dc22\Local Settings\Temporary Internet Files\Content.IE5\02BRSASR\rollover[2].js infected by "BkCln.Unknown" Virus. Action Taken: File Deleted.

File C:\RECYCLER\S-1-5-21-527237240-1580436667-1343024091-1003\Dc22\Local Settings\Temporary Internet Files\Content.IE5\02BRSASR\shared[1].css infected by "BkCln.Unknown" Virus. Action Taken: File Renamed.

File C:\RECYCLER\S-1-5-21-527237240-1580436667-1343024091-1003\Dc22\Local Settings\Temporary Internet Files\Content.IE5\02BRSASR\showthread[1].htm infected by "BkCln.Unknown" Virus. Action Taken: File Renamed.

File C:\RECYCLER\S-1-5-21-527237240-1580436667-1343024091-1003\Dc22\Local Settings\Temporary Internet Files\Content.IE5\02BRSASR\signouticon[1].bmp infected by "BkCln.Unknown" Virus. Action Taken: File Renamed.

File C:\RECYCLER\S-1-5-21-527237240-1580436667-1343024091-1003\Dc22\Local Settings\Temporary Internet Files\Content.IE5\02BRSASR\slogan_omadna[1].gif infected by "BkCln.Unknown" Virus. Action Taken: File Renamed.

File C:\RECYCLER\S-1-5-21-527237240-1580436667-1343024091-1003\Dc22\Local Settings\Temporary Internet Files\Content.IE5\02BRSASR\tausta2[1].jpg infected by "BkCln.Unknown" Virus. Action Taken: File Renamed.

File C:\RECYCLER\S-1-5-21-527237240-1580436667-1343024091-1003\Dc22\Local Settings\Temporary Internet Files\Content.IE5\02BRSASR\telkkutyylit[1].css infected by "BkCln.Unknown" Virus. Action Taken: File Renamed.

File C:\RECYCLER\S-1-5-21-527237240-1580436667-1343024091-1003\Dc22\Local Settings\Temporary Internet Files\Content.IE5\02BRSASR\telkku[1].css infected by "BkCln.Unknown" Virus. Action Taken: File Renamed.

File C:\RECYCLER\S-1-5-21-527237240-1580436667-1343024091-1003\Dc22\Local Settings\Temporary Internet Files\Content.IE5\02BRSASR\thread[1].gif infected by "BkCln.Unknown" Virus. Action Taken: File Renamed.

File C:\RECYCLER\S-1-5-21-527237240-1580436667-1343024091-1003\Dc22\Local Settings\Temporary Internet Files\Content.IE5\02BRSASR\thread_lock[1].gif infected by "BkCln.Unknown" Virus. Action Taken: File Renamed.

File C:\RECYCLER\S-1-5-21-527237240-1580436667-1343024091-1003\Dc22\Local Settings\Temporary Internet Files\Content.IE5\02BRSASR\tool_arrow[1].gif infected by "BkCln.Unknown" Virus. Action Taken: File Renamed.

File C:\RECYCLER\S-1-5-21-527237240-1580436667-1343024091-1003\Dc22\Local Settings\Temporary Internet Files\Content.IE5\02BRSASR\trendit[1].htm infected by "BkCln.Unknown" Virus. Action Taken: File Renamed.

File C:\RECYCLER\S-1-5-21-527237240-1580436667-1343024091-1003\Dc22\Local Settings\Temporary Internet Files\Content.IE5\02BRSASR\trend[1].swf infected by "BkCln.Unknown" Virus. Action Taken: File Renamed.

File C:\RECYCLER\S-1-5-21-527237240-1580436667-1343024091-1003\Dc22\Local Settings\Temporary Internet Files\Content.IE5\02BRSASR\tulosta[1].gif infected by "BkCln.Unknown" Virus. Action Taken: File Renamed.

File C:\RECYCLER\S-1-5-21-527237240-1580436667-1343024091-1003\Dc22\Local Settings\Temporary Internet Files\Content.IE5\02BRSASR\tuoteselostecanthia[2].htm infected by "BkCln.Unknown" Virus. Action Taken: File Renamed.

File C:\RECYCLER\S-1-5-21-527237240-1580436667-1343024091-1003\Dc22\Local Settings\Temporary Internet Files\Content.IE5\02BRSASR\tuoteseloste[1].htm infected by "BkCln.Unknown" Virus. Action Taken: File Renamed.

File C:\RECYCLER\S-1-5-21-527237240-1580436667-1343024091-1003\Dc22\Local Settings\Temporary Internet Files\Content.IE5\desktop.ini infected by "BkCln.Unknown" Virus. Action Taken: File Renamed.

File C:\RECYCLER\S-1-5-21-527237240-1580436667-1343024091-1003\Dc22\Local Settings\Temporary Internet Files\Content.IE5\index.dat infected by "BkCln.Unknown" Virus. Action Taken: File Renamed.

File C:\RECYCLER\S-1-5-21-527237240-1580436667-1343024091-1003\Dc22\Local Settings\Temporary Internet Files\desktop.ini infected by "BkCln.Unknown" Virus. Action Taken: File Renamed.

File C:\RECYCLER\S-1-5-21-527237240-1580436667-1343024091-1003\Dc22\ntuser.dat.LOG infected by "BkCln.Unknown" Virus. Action Taken: File Renamed.

File C:\RECYCLER\S-1-5-21-527237240-1580436667-1343024091-1003\Dc22\ntuser.ini infected by "BkCln.Unknown" Virus. Action Taken: File Renamed.

File C:\RECYCLER\S-1-5-21-527237240-1580436667-1343024091-1003\Dc22\RefEdit.exd infected by "BkCln.Unknown" Virus. Action Taken: File Renamed.

File C:\RECYCLER\S-1-5-21-527237240-1580436667-1343024091-1003\Dc23.dll infected by "BkCln.Unknown" Virus. Action Taken: File Renamed.

File C:\RECYCLER\S-1-5-21-527237240-1580436667-1343024091-1003\Dc4.DAT infected by "BkCln.Unknown" Virus. Action Taken: File Renamed.

File C:\RECYCLER\S-1-5-21-527237240-1580436667-1343024091-1003\Dc5.LOG infected by "BkCln.Unknown" Virus. Action Taken: File Renamed.

File C:\RECYCLER\S-1-5-21-527237240-1580436667-1343024091-1003\Dc6.ini infected by "BkCln.Unknown" Virus. Action Taken: File Renamed.

File C:\RECYCLER\S-1-5-21-527237240-1580436667-1343024091-1003\Dc7.exd infected by "BkCln.Unknown" Virus. Action Taken: File Renamed.

File C:\RECYCLER\S-1-5-21-527237240-1580436667-1343024091-1003\desktop.ini infected by "BkCln.Unknown" Virus. Action Taken: File Renamed.

File C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\4HINS9YF\targetsaver[1].exe infected by "Trojan-Downloader.Win32.TSUpdate.p" Virus. Action Taken: File Deleted.

File C:\WINDOWS\system32\NTInvisible.dll tagged as not-a-virus:Monitor.Win32.SpyAgent.g. No Action Taken.

Nuo löytyi sitten eScanilla...

spertti · Jan 17, 2006

Kaikki muut lähti, paitsi tuo
C:\WINDOWS\system32\NTInvisible.dll

Poista se, jos ei muuten lähde, niin vikasietotilassa

Kannattaa nuo tempit tyhjentää, kun siellä noita örkkejäkin tuntui olevan. Hae tuolta Easycleaner, ja poista sillä turhat tiedostot, ja puhdista myös rekisteri
> http://personal.inet.fi/business/toniarts/files/EClea2_0.exe

Vieläkö ongelmia?

aaxxeell · Jan 17, 2006

Avaa java ohjauspaneelista
general -> temporary files ja klikkaa delete files.

Log in or Sign up

HJT-Loki

621 Regular member

spertti Active member

621 Regular member

spertti Active member

621 Regular member

spertti Active member

Vent Member

spertti Active member

Vent Member

spertti Active member

Vent Member

spertti Active member

Vent Member

spertti Active member

aaxxeell Regular member

Share This Page

Log in or Sign up

HJT-Loki

621 Regular member

spertti Active member

621 Regular member

spertti Active member

621 Regular member

spertti Active member

Vent Member

spertti Active member

Vent Member

spertti Active member

Vent Member

spertti Active member

Vent Member

spertti Active member

aaxxeell Regular member

Share This Page

Useful Searches