kahden koneen HJT- loki, toinen koneista kaapattu???

Discussion in 'Virukset ja haittaohjelmat' started by Virus88, Mar 20, 2006.

  1. Virus88

    Virus88 Regular member

    Joined:
    Apr 11, 2005
    Messages:
    475
    Likes Received:
    0
    Trophy Points:
    26
    KONE YKSI:

    Logfile of HijackThis v1.99.1
    Scan saved at 18:44:10, on 20.3.2006
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Sygate\SPF\smc.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
    C:\Program Files\Alwil Software\Avast4\ashServ.exe
    C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\system32\slserv.exe
    C:\WINDOWS\System32\svchost.exe
    C:\ATI-CPanel\atiptaxx.exe
    C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
    C:\WINDOWS\SOUNDMAN.EXE
    C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
    C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S10IC2.EXE
    C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
    C:\Program Files\QuickTime\qttask.exe
    C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
    C:\Program Files\Winamp\winampa.exe
    C:\Program Files\D-Tools\daemon.exe
    C:\WINDOWS\system32\LVCOMSX.EXE
    C:\Program Files\Logitech\Video\LogiTray.exe
    C:\Program Files\MessengerPlus! 3\MsgPlus.exe
    C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\Messenger\msmsgs.exe
    C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
    C:\Program Files\FinePixViewer\QuickDCF.exe
    C:\Program Files\Logitech\Video\FxSvr2.exe
    C:\Program Files\ewido anti-malware\ewidoctrl.exe
    C:\Program Files\MSN Messenger\msnmsgr.exe
    C:\Hijacthis\HijackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Linkit
    O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
    O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
    O4 - HKLM\..\Run: [ATIModeChange] Ati2mdxx.exe
    O4 - HKLM\..\Run: [ATIPTA] C:\ATI-CPanel\atiptaxx.exe
    O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
    O4 - HKLM\..\Run: [REGSHAVE] C:\Program Files\REGSHAVE\REGSHAVE.EXE /AUTORUN
    O4 - HKLM\..\Run: [EPSON Stylus Photo R300 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S10IC2.EXE /P30 "EPSON Stylus Photo R300 Series" /O6 "USB001" /M "Stylus Photo R300"
    O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
    O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
    O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe
    O4 - HKLM\..\Run: [SmcService] C:\PROGRA~1\Sygate\SPF\smc.exe -startgui
    O4 - HKLM\..\Run: [DAEMON Tools-1033] "C:\Program Files\D-Tools\daemon.exe" -lang 1033
    O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\system32\LVCOMSX.EXE
    O4 - HKLM\..\Run: [LogitechVideoRepair] C:\Program Files\Logitech\Video\ISStart.exe
    O4 - HKLM\..\Run: [LogitechVideoTray] C:\Program Files\Logitech\Video\LogiTray.exe
    O4 - HKLM\..\Run: [MessengerPlus3] "C:\Program Files\MessengerPlus! 3\MsgPlus.exe"
    O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
    O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
    O4 - HKCU\..\Run: [LDM] C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
    O4 - HKCU\..\Run: [LogitechSoftwareUpdate] "C:\Program Files\Logitech\Video\ManifestEngine.exe" boot
    O4 - Global Startup: Exif Launcher.lnk = C:\Program Files\FinePixViewer\QuickDCF.exe
    O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe
    O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
    O8 - Extra context menu item: Vie Microsoft E&xceliin - res://C:\PROGRA~1\MICROS~4\Office10\EXCEL.EXE/3000
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
    O16 - DPF: {288C5F13-7E52-4ADA-A32E-F5BF9D125F99} - http://www.miniclip.com/supergerball/miniclipGameLoader.dll
    O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab31267.cab
    O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
    O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMessengerSetupDownloader.cab
    O18 - Protocol: bw+0 - {957D8FDF-CF21-4907-BDC8-63D4EA6EBFD6} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw+0s - {957D8FDF-CF21-4907-BDC8-63D4EA6EBFD6} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw-0 - {957D8FDF-CF21-4907-BDC8-63D4EA6EBFD6} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw-0s - {957D8FDF-CF21-4907-BDC8-63D4EA6EBFD6} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw00 - {957D8FDF-CF21-4907-BDC8-63D4EA6EBFD6} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw00s - {957D8FDF-CF21-4907-BDC8-63D4EA6EBFD6} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw10 - {957D8FDF-CF21-4907-BDC8-63D4EA6EBFD6} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw10s - {957D8FDF-CF21-4907-BDC8-63D4EA6EBFD6} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw20 - {957D8FDF-CF21-4907-BDC8-63D4EA6EBFD6} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw20s - {957D8FDF-CF21-4907-BDC8-63D4EA6EBFD6} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw30 - {957D8FDF-CF21-4907-BDC8-63D4EA6EBFD6} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw30s - {957D8FDF-CF21-4907-BDC8-63D4EA6EBFD6} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw40 - {957D8FDF-CF21-4907-BDC8-63D4EA6EBFD6} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw40s - {957D8FDF-CF21-4907-BDC8-63D4EA6EBFD6} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw50 - {957D8FDF-CF21-4907-BDC8-63D4EA6EBFD6} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw50s - {957D8FDF-CF21-4907-BDC8-63D4EA6EBFD6} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw60 - {957D8FDF-CF21-4907-BDC8-63D4EA6EBFD6} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw60s - {957D8FDF-CF21-4907-BDC8-63D4EA6EBFD6} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw70 - {957D8FDF-CF21-4907-BDC8-63D4EA6EBFD6} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw70s - {957D8FDF-CF21-4907-BDC8-63D4EA6EBFD6} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw80 - {957D8FDF-CF21-4907-BDC8-63D4EA6EBFD6} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw80s - {957D8FDF-CF21-4907-BDC8-63D4EA6EBFD6} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw90 - {957D8FDF-CF21-4907-BDC8-63D4EA6EBFD6} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw90s - {957D8FDF-CF21-4907-BDC8-63D4EA6EBFD6} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwa0 - {957D8FDF-CF21-4907-BDC8-63D4EA6EBFD6} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwa0s - {957D8FDF-CF21-4907-BDC8-63D4EA6EBFD6} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwb0 - {957D8FDF-CF21-4907-BDC8-63D4EA6EBFD6} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwb0s - {957D8FDF-CF21-4907-BDC8-63D4EA6EBFD6} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwc0 - {957D8FDF-CF21-4907-BDC8-63D4EA6EBFD6} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwc0s - {957D8FDF-CF21-4907-BDC8-63D4EA6EBFD6} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwd0 - {957D8FDF-CF21-4907-BDC8-63D4EA6EBFD6} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwd0s - {957D8FDF-CF21-4907-BDC8-63D4EA6EBFD6} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwe0 - {957D8FDF-CF21-4907-BDC8-63D4EA6EBFD6} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwe0s - {957D8FDF-CF21-4907-BDC8-63D4EA6EBFD6} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwf0 - {957D8FDF-CF21-4907-BDC8-63D4EA6EBFD6} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwf0s - {957D8FDF-CF21-4907-BDC8-63D4EA6EBFD6} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
    O18 - Protocol: bwg0 - {957D8FDF-CF21-4907-BDC8-63D4EA6EBFD6} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwg0s - {957D8FDF-CF21-4907-BDC8-63D4EA6EBFD6} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwh0 - {957D8FDF-CF21-4907-BDC8-63D4EA6EBFD6} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwh0s - {957D8FDF-CF21-4907-BDC8-63D4EA6EBFD6} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwi0 - {957D8FDF-CF21-4907-BDC8-63D4EA6EBFD6} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwi0s - {957D8FDF-CF21-4907-BDC8-63D4EA6EBFD6} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwj0 - {957D8FDF-CF21-4907-BDC8-63D4EA6EBFD6} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwj0s - {957D8FDF-CF21-4907-BDC8-63D4EA6EBFD6} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwk0 - {957D8FDF-CF21-4907-BDC8-63D4EA6EBFD6} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwk0s - {957D8FDF-CF21-4907-BDC8-63D4EA6EBFD6} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwl0 - {957D8FDF-CF21-4907-BDC8-63D4EA6EBFD6} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwl0s - {957D8FDF-CF21-4907-BDC8-63D4EA6EBFD6} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwm0 - {957D8FDF-CF21-4907-BDC8-63D4EA6EBFD6} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwm0s - {957D8FDF-CF21-4907-BDC8-63D4EA6EBFD6} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwn0 - {957D8FDF-CF21-4907-BDC8-63D4EA6EBFD6} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwn0s - {957D8FDF-CF21-4907-BDC8-63D4EA6EBFD6} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwo0 - {957D8FDF-CF21-4907-BDC8-63D4EA6EBFD6} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwo0s - {957D8FDF-CF21-4907-BDC8-63D4EA6EBFD6} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwp0 - {957D8FDF-CF21-4907-BDC8-63D4EA6EBFD6} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwp0s - {957D8FDF-CF21-4907-BDC8-63D4EA6EBFD6} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwq0 - {957D8FDF-CF21-4907-BDC8-63D4EA6EBFD6} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwq0s - {957D8FDF-CF21-4907-BDC8-63D4EA6EBFD6} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwr0 - {957D8FDF-CF21-4907-BDC8-63D4EA6EBFD6} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwr0s - {957D8FDF-CF21-4907-BDC8-63D4EA6EBFD6} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bws0 - {957D8FDF-CF21-4907-BDC8-63D4EA6EBFD6} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bws0s - {957D8FDF-CF21-4907-BDC8-63D4EA6EBFD6} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwt0 - {957D8FDF-CF21-4907-BDC8-63D4EA6EBFD6} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwt0s - {957D8FDF-CF21-4907-BDC8-63D4EA6EBFD6} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwu0 - {957D8FDF-CF21-4907-BDC8-63D4EA6EBFD6} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwu0s - {957D8FDF-CF21-4907-BDC8-63D4EA6EBFD6} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwv0 - {957D8FDF-CF21-4907-BDC8-63D4EA6EBFD6} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwv0s - {957D8FDF-CF21-4907-BDC8-63D4EA6EBFD6} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bww0 - {957D8FDF-CF21-4907-BDC8-63D4EA6EBFD6} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bww0s - {957D8FDF-CF21-4907-BDC8-63D4EA6EBFD6} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwx0 - {957D8FDF-CF21-4907-BDC8-63D4EA6EBFD6} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwx0s - {957D8FDF-CF21-4907-BDC8-63D4EA6EBFD6} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwy0 - {957D8FDF-CF21-4907-BDC8-63D4EA6EBFD6} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwy0s - {957D8FDF-CF21-4907-BDC8-63D4EA6EBFD6} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwz0 - {957D8FDF-CF21-4907-BDC8-63D4EA6EBFD6} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwz0s - {957D8FDF-CF21-4907-BDC8-63D4EA6EBFD6} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
    O18 - Protocol: offline-8876480 - {957D8FDF-CF21-4907-BDC8-63D4EA6EBFD6} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O20 - Winlogon Notify: WRNotifier - WRLogonNTF.dll (file missing)
    O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
    O23 - Service: avast! Antivirus - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashServ.exe
    O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
    O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
    O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido anti-malware\ewidoctrl.exe
    O23 - Service: Norman API-hooking helper (NipSvc) - Unknown owner - C:\NORMAN\Nvc\BIN\nipsvc.exe (file missing)
    O23 - Service: Norman NJeeves - Unknown owner - C:\Norman\bin\NJEEVES.EXE (file missing)
    O23 - Service: Norman ZANDA - Unknown owner - C:\Norman\bin\ZANDA.EXE (file missing)
    O23 - Service: SmartLinkService (SLService) - - C:\WINDOWS\SYSTEM32\slserv.exe
    O23 - Service: Sygate Personal Firewall Pro (SmcService) - Sygate Technologies, Inc. - C:\Program Files\Sygate\SPF\smc.exe


    Tuossa näyttäisi olevan vielä jotain Norman krääsää alku ajoilta eli ne voi vissiin poistaa turvallisesti?


    KONE KAKSI:

    Logfile of HijackThis v1.99.1
    Scan saved at 18:50:04, on 20.3.2006
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Sygate\SPF\smc.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
    C:\Program Files\Alwil Software\Avast4\ashServ.exe
    C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
    C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
    C:\Program Files\Power Manager\PM.exe
    C:\WINDOWS\system32\VTtrayp.exe
    C:\WINDOWS\system32\VTTimer.exe
    C:\WINDOWS\SOUNDMAN.EXE
    C:\WINDOWS\AGRSMMSG.exe
    C:\Program Files\Apoint2K\Apoint.exe
    C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
    C:\Program Files\MessengerPlus! 3\MsgPlus.exe
    C:\WINDOWS\system32\LVCOMSX.EXE
    C:\Program Files\Logitech\Video\LogiTray.exe
    C:\Program Files\DAEMON Tools\daemon.exe
    C:\Program Files\Unlocker\UnlockerAssistant.exe
    C:\Program Files\Winamp\winampa.exe
    C:\Program Files\QuickTime\qttask.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\Apoint2K\Apntex.exe
    C:\Program Files\Logitech\Video\FxSvr2.exe
    C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
    C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
    C:\Program Files\MSN Messenger\msnmsgr.exe
    C:\HiJackThis\HijackThis.exe

    R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://windowsupdate.microsoft.com/
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Linkit
    O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
    O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
    O4 - HKLM\..\Run: [ProgramPath] C:\Program Files\Power Manager\PM.exe
    O4 - HKLM\..\Run: [VTTrayp] VTtrayp.exe
    O4 - HKLM\..\Run: [VTTimer] VTTimer.exe
    O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
    O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
    O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint2K\Apoint.exe
    O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
    O4 - HKLM\..\Run: [SmcService] C:\PROGRA~1\Sygate\SPF\smc.exe -startgui
    O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
    O4 - HKLM\..\Run: [MessengerPlus3] "C:\Program Files\MessengerPlus! 3\MsgPlus.exe"
    O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\system32\LVCOMSX.EXE
    O4 - HKLM\..\Run: [LogitechVideoRepair] C:\Program Files\Logitech\Video\ISStart.exe
    O4 - HKLM\..\Run: [LogitechVideoTray] C:\Program Files\Logitech\Video\LogiTray.exe
    O4 - HKLM\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033
    O4 - HKLM\..\Run: [UnlockerAssistant] "C:\Program Files\Unlocker\UnlockerAssistant.exe"
    O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [LogitechSoftwareUpdate] "C:\Program Files\Logitech\Video\ManifestEngine.exe" boot
    O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
    O8 - Extra context menu item: Vie Microsoft E&xceliin - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
    O16 - DPF: {A8482EAF-A1F3-4934-AE3F-56EB195A50BF} (DeskUpdate - Activex Control) - http://support.fujitsu-siemens.de/DeskUpdate/isapi/activex.cab
    O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
    O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
    O23 - Service: avast! Antivirus - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashServ.exe
    O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
    O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
    O23 - Service: Sygate Personal Firewall Pro (SmcService) - Sygate Technologies, Inc. - C:\Program Files\Sygate\SPF\smc.exe

    Tuossa koneessa Avast kävi huutamaan kaappausohjelmasta.
    Eli onko tuo kone kaapattu?
     
    Virus88, Mar 20, 2006
    #1
  2. JaPK

    JaPK Regular member

    Joined:
    Feb 23, 2006
    Messages:
    1,269
    Likes Received:
    0
    Trophy Points:
    46
    Terve.

    KONE 1:
    Puhdas haittaohjelmista.

    Nortonin jämät otetaan pois.

    Avaa Muistio.

    -> Kopioi seuraavat rivit siihen

    sc stop NipSvc
    sc delete NipSvc
    sc stop NJeeves
    sc delete NJeeves
    sc stop ZANDA
    sc delete ZANDA


    Tallenna työpöydälle nimellä NormanPoisto.bat ja tallennusmuodoksi -> All Files

    Mene työpöydälle, aja NormanPoisto.bat ja vastaa kylllä jos kysytään jotain.



    KONE 2:

    Lokin perusteella kone puhdas haittaohjelmista.

    Lataa koneelle Ewido, asenna ja päivitä se. -> http://www.ewido.net/en/download/

    Skannaa koneesi Ewidolla ja postita sen loki tänne

    Molemmissa koneissa on paljon turhaan käynnistyviä ohjelmia. Haluatko että ne karsitaan pois muistin vapauttamiseksi ja käynnistyksen nopeuttamiseksi?
     
    Last edited: Mar 20, 2006
    JaPK, Mar 20, 2006
    #2
  3. Virus88

    Virus88 Regular member

    Joined:
    Apr 11, 2005
    Messages:
    475
    Likes Received:
    0
    Trophy Points:
    26
    No mikä ettei jos vaan viitsitte katsoa. :)

    Tuosta ewidosta vielä. miten tuo loki lähetetään ja mikä loki ku en ole ennen joutunu sitä lähettelee. ja pitääkö koneelle vetää ensin joku full system scannaus ennenku toi lähetetää?
     
    Last edited: Mar 20, 2006
    Virus88, Mar 20, 2006
    #3
  4. JaPK

    JaPK Regular member

    Joined:
    Feb 23, 2006
    Messages:
    1,269
    Likes Received:
    0
    Trophy Points:
    46
    Kun kerran nyt vauhtiin päästiin niin :)

    Juu pitää ajaa Ewidolla skannaus ensin ja tässä ohjeet Ewidon käyttöön, siinä myös lokin lähetyksen ohje -> http://keskustelu.afterdawn.com/thread_view.cfm/269186

    KONE1:
    Jos et käytä Logitech Desktop Messengeriä, niin suosittelen että poistat sen kokonaan. Vapautuu muistia ja lokista tulee siistimpi.
    Eli Ohjauspaneeli -> Lisää tai Poista sovellus -> etsi Logitech Desktop Messenger ja poista se

    Sitten nämä muut turhat:

    Käynnistä HijackThis, klikkaa do a system scan only ja merkkaa nämä rivit ja paina Fix checked:

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
    O4 - HKLM\..\Run: [ATIModeChange] Ati2mdxx.exe
    O4 - HKLM\..\Run: [ATIPTA] C:\ATI-CPanel\atiptaxx.exe
    O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
    O4 - HKLM\..\Run: [REGSHAVE] C:\Program Files\REGSHAVE\REGSHAVE.EXE /AUTORUN
    O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
    O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
    O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe
    O4 - HKLM\..\Run: [DAEMON Tools-1033] "C:\Program Files\D-Tools\daemon.exe" -lang 1033
    O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\system32\LVCOMSX.EXE
    O4 - HKLM\..\Run: [LogitechVideoRepair] C:\Program Files\Logitech\Video\ISStart.exe
    O4 - HKLM\..\Run: [LogitechVideoTray] C:\Program Files\Logitech\Video\LogiTray.exe
    O4 - HKLM\..\Run: [MessengerPlus3] "C:\Program Files\MessengerPlus! 3\MsgPlus.exe"
    O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
    O4 - HKCU\..\Run: [LDM] C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
    O4 - HKCU\..\Run: [LogitechSoftwareUpdate] "C:\Program Files\Logitech\Video\ManifestEngine.exe" boot
    O4 - Global Startup: Exif Launcher.lnk = C:\Program Files\FinePixViewer\QuickDCF.exe
    O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe
    O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE



    KONE2:

    Käynnistä HijackThis, klikkaa do a system scan only ja merkkaa nämä rivit ja paina Fix checked:

    O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
    O4 - HKLM\..\Run: [VTTrayp] VTtrayp.exe
    O4 - HKLM\..\Run: [VTTimer] VTTimer.exe
    O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
    O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint2K\Apoint.exe
    O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
    O4 - HKLM\..\Run: [MessengerPlus3] "C:\Program Files\MessengerPlus! 3\MsgPlus.exe"
    O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\system32\LVCOMSX.EXE
    O4 - HKLM\..\Run: [LogitechVideoRepair] C:\Program Files\Logitech\Video\ISStart.exe
    O4 - HKLM\..\Run: [LogitechVideoTray] C:\Program Files\Logitech\Video\LogiTray.exe
    O4 - HKLM\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033
    O4 - HKLM\..\Run: [UnlockerAssistant] "C:\Program Files\Unlocker\UnlockerAssistant.exe"
    O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [LogitechSoftwareUpdate] "C:\Program Files\Logitech\Video\ManifestEngine.exe" boot
    O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE


    Varmaan nopeutuu käynnistykset =)
     
    Last edited: Mar 20, 2006
    JaPK, Mar 20, 2006
    #4
  5. Virus88

    Virus88 Regular member

    Joined:
    Apr 11, 2005
    Messages:
    475
    Likes Received:
    0
    Trophy Points:
    26
    Juu no kysäsempä uudestaan ku en tiedä huomattiinko tuota tekstiä.

    Tuosta ewidosta vielä. miten tuo loki lähetetään ja mikä loki ku en ole ennen joutunu sitä lähettelee. ja pitääkö koneelle vetää ensin joku full system scannaus ennenku toi lähetetää?

    Ja sit olis toinen juttu. Ku molemmissa koneissa suoritinkäyttö on lähes 100% vaikka koneella ei välttis mitään tekisikään. Onko tuo normaalia?
     
    Virus88, Mar 20, 2006
    #5
  6. blade81

    blade81 Active member

    Joined:
    Jul 28, 2003
    Messages:
    1,287
    Likes Received:
    0
    Trophy Points:
    66
    Täältä ohjetta Ewidon suhteen ->http://keskustelu.afterdawn.com/thread_view.cfm/269186

    Tuo suorittimen käynti jatkuvasti lähes 100%:na ei kuulosta kyllä normaalilta.
     
    blade81, Mar 21, 2006
    #6
  7. JaPK

    JaPK Regular member

    Joined:
    Feb 23, 2006
    Messages:
    1,269
    Likes Received:
    0
    Trophy Points:
    46
    Virus88: pistin kyllä tuon Ewidon ohjeen edelliseen viestiini =)

    Tuo suoritinkäyttö 100%......

    Lataa F-Secure BlackLight molempiin koneisiin työpöydälle -> http://www.europe.f-secure.com/exclude/blacklight/blbeta.exe

    Skannaa koneet sillä. Älä uudelleennimeä mitään.

    Lähetä sitten Blacklightin lokit tänne. (Tallentuu työpöydälle nimellä fsbl********.txt)
     
    JaPK, Mar 21, 2006
    #7
  8. Virus88

    Virus88 Regular member

    Joined:
    Apr 11, 2005
    Messages:
    475
    Likes Received:
    0
    Trophy Points:
    26
    Juu nyt molempien koneiden suoritinkäyttö on tippunut. Heti ku nuo kohdat korjasi niin se auttoi vissiin asiaa. mutta tässä kyn on KONE 2 ewidon scan report.

    ---------------------------------------------------------
    ewido anti-malware - Scan report
    ---------------------------------------------------------

    + Created on: 16:50:51, 22.3.2006
    + Report-Checksum: 7C0571B4

    + Scan result:

    :mozilla.13:C:\Documents and Settings\Omistaja\Application Data\Mozilla\Firefox\Profiles\pnqitrtq.default\cookies.txt -> TrackingCookie.Doubleclick : Cleaned with backup
    :mozilla.78:C:\Documents and Settings\Omistaja\Application Data\Mozilla\Firefox\Profiles\pnqitrtq.default\cookies.txt -> TrackingCookie.Revenue : Cleaned with backup
    :mozilla.79:C:\Documents and Settings\Omistaja\Application Data\Mozilla\Firefox\Profiles\pnqitrtq.default\cookies.txt -> TrackingCookie.Revenue : Cleaned with backup
    :mozilla.80:C:\Documents and Settings\Omistaja\Application Data\Mozilla\Firefox\Profiles\pnqitrtq.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned with backup
    :mozilla.81:C:\Documents and Settings\Omistaja\Application Data\Mozilla\Firefox\Profiles\pnqitrtq.default\cookies.txt -> TrackingCookie.Revenue : Cleaned with backup
    :mozilla.82:C:\Documents and Settings\Omistaja\Application Data\Mozilla\Firefox\Profiles\pnqitrtq.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned with backup
    :mozilla.83:C:\Documents and Settings\Omistaja\Application Data\Mozilla\Firefox\Profiles\pnqitrtq.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned with backup
    :mozilla.85:C:\Documents and Settings\Omistaja\Application Data\Mozilla\Firefox\Profiles\pnqitrtq.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned with backup
    :mozilla.88:C:\Documents and Settings\Omistaja\Application Data\Mozilla\Firefox\Profiles\pnqitrtq.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned with backup
    :mozilla.96:C:\Documents and Settings\Omistaja\Application Data\Mozilla\Firefox\Profiles\pnqitrtq.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned with backup
    :mozilla.97:C:\Documents and Settings\Omistaja\Application Data\Mozilla\Firefox\Profiles\pnqitrtq.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned with backup
    :mozilla.98:C:\Documents and Settings\Omistaja\Application Data\Mozilla\Firefox\Profiles\pnqitrtq.default\cookies.txt -> TrackingCookie.Tradedoubler : Cleaned with backup
    :mozilla.99:C:\Documents and Settings\Omistaja\Application Data\Mozilla\Firefox\Profiles\pnqitrtq.default\cookies.txt -> TrackingCookie.Tradedoubler : Cleaned with backup
    :mozilla.100:C:\Documents and Settings\Omistaja\Application Data\Mozilla\Firefox\Profiles\pnqitrtq.default\cookies.txt -> TrackingCookie.Tradedoubler : Cleaned with backup
    :mozilla.107:C:\Documents and Settings\Omistaja\Application Data\Mozilla\Firefox\Profiles\pnqitrtq.default\cookies.txt -> TrackingCookie.Advertising : Cleaned with backup
    :mozilla.108:C:\Documents and Settings\Omistaja\Application Data\Mozilla\Firefox\Profiles\pnqitrtq.default\cookies.txt -> TrackingCookie.Advertising : Cleaned with backup
    :mozilla.120:C:\Documents and Settings\Omistaja\Application Data\Mozilla\Firefox\Profiles\pnqitrtq.default\cookies.txt -> TrackingCookie.Liveperson : Cleaned with backup
    :mozilla.121:C:\Documents and Settings\Omistaja\Application Data\Mozilla\Firefox\Profiles\pnqitrtq.default\cookies.txt -> TrackingCookie.Liveperson : Cleaned with backup
    :mozilla.131:C:\Documents and Settings\Omistaja\Application Data\Mozilla\Firefox\Profiles\pnqitrtq.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned with backup
    :mozilla.132:C:\Documents and Settings\Omistaja\Application Data\Mozilla\Firefox\Profiles\pnqitrtq.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned with backup
    :mozilla.133:C:\Documents and Settings\Omistaja\Application Data\Mozilla\Firefox\Profiles\pnqitrtq.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned with backup
    :mozilla.137:C:\Documents and Settings\Omistaja\Application Data\Mozilla\Firefox\Profiles\pnqitrtq.default\cookies.txt -> TrackingCookie.Adtech : Cleaned with backup
    :mozilla.138:C:\Documents and Settings\Omistaja\Application Data\Mozilla\Firefox\Profiles\pnqitrtq.default\cookies.txt -> TrackingCookie.Adtech : Cleaned with backup
    :mozilla.148:C:\Documents and Settings\Omistaja\Application Data\Mozilla\Firefox\Profiles\pnqitrtq.default\cookies.txt -> TrackingCookie.Atdmt : Cleaned with backup
    :mozilla.149:C:\Documents and Settings\Omistaja\Application Data\Mozilla\Firefox\Profiles\pnqitrtq.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned with backup
    :mozilla.150:C:\Documents and Settings\Omistaja\Application Data\Mozilla\Firefox\Profiles\pnqitrtq.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned with backup
    :mozilla.151:C:\Documents and Settings\Omistaja\Application Data\Mozilla\Firefox\Profiles\pnqitrtq.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned with backup
    :mozilla.152:C:\Documents and Settings\Omistaja\Application Data\Mozilla\Firefox\Profiles\pnqitrtq.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned with backup
    :mozilla.153:C:\Documents and Settings\Omistaja\Application Data\Mozilla\Firefox\Profiles\pnqitrtq.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned with backup
    :mozilla.154:C:\Documents and Settings\Omistaja\Application Data\Mozilla\Firefox\Profiles\pnqitrtq.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned with backup
    :mozilla.155:C:\Documents and Settings\Omistaja\Application Data\Mozilla\Firefox\Profiles\pnqitrtq.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned with backup
    :mozilla.160:C:\Documents and Settings\Omistaja\Application Data\Mozilla\Firefox\Profiles\pnqitrtq.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup
    :mozilla.162:C:\Documents and Settings\Omistaja\Application Data\Mozilla\Firefox\Profiles\pnqitrtq.default\cookies.txt -> TrackingCookie.Burstnet : Cleaned with backup
    :mozilla.163:C:\Documents and Settings\Omistaja\Application Data\Mozilla\Firefox\Profiles\pnqitrtq.default\cookies.txt -> TrackingCookie.Tacoda : Cleaned with backup
    :mozilla.164:C:\Documents and Settings\Omistaja\Application Data\Mozilla\Firefox\Profiles\pnqitrtq.default\cookies.txt -> TrackingCookie.Tacoda : Cleaned with backup
    :mozilla.167:C:\Documents and Settings\Omistaja\Application Data\Mozilla\Firefox\Profiles\pnqitrtq.default\cookies.txt -> TrackingCookie.Falkag : Cleaned with backup
    :mozilla.168:C:\Documents and Settings\Omistaja\Application Data\Mozilla\Firefox\Profiles\pnqitrtq.default\cookies.txt -> TrackingCookie.Mediaplex : Cleaned with backup
    :mozilla.169:C:\Documents and Settings\Omistaja\Application Data\Mozilla\Firefox\Profiles\pnqitrtq.default\cookies.txt -> TrackingCookie.Clickbank : Cleaned with backup
    :mozilla.170:C:\Documents and Settings\Omistaja\Application Data\Mozilla\Firefox\Profiles\pnqitrtq.default\cookies.txt -> TrackingCookie.Googleadservices : Cleaned with backup
    :mozilla.181:C:\Documents and Settings\Omistaja\Application Data\Mozilla\Firefox\Profiles\pnqitrtq.default\cookies.txt -> TrackingCookie.Bluestreak : Cleaned with backup
    :mozilla.192:C:\Documents and Settings\Omistaja\Application Data\Mozilla\Firefox\Profiles\pnqitrtq.default\cookies.txt -> TrackingCookie.Tribalfusion : Cleaned with backup
    :mozilla.196:C:\Documents and Settings\Omistaja\Application Data\Mozilla\Firefox\Profiles\pnqitrtq.default\cookies.txt -> TrackingCookie.Questionmarket : Cleaned with backup
    :mozilla.197:C:\Documents and Settings\Omistaja\Application Data\Mozilla\Firefox\Profiles\pnqitrtq.default\cookies.txt -> TrackingCookie.Questionmarket : Cleaned with backup
    :mozilla.198:C:\Documents and Settings\Omistaja\Application Data\Mozilla\Firefox\Profiles\pnqitrtq.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned with backup
    :mozilla.199:C:\Documents and Settings\Omistaja\Application Data\Mozilla\Firefox\Profiles\pnqitrtq.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned with backup
    :mozilla.213:C:\Documents and Settings\Omistaja\Application Data\Mozilla\Firefox\Profiles\pnqitrtq.default\cookies.txt -> TrackingCookie.Onestat : Cleaned with backup
    :mozilla.214:C:\Documents and Settings\Omistaja\Application Data\Mozilla\Firefox\Profiles\pnqitrtq.default\cookies.txt -> TrackingCookie.Onestat : Cleaned with backup



    onko tuo oikea loki?


     
    Virus88, Mar 22, 2006
    #8
  9. JaPK

    JaPK Regular member

    Joined:
    Feb 23, 2006
    Messages:
    1,269
    Likes Received:
    0
    Trophy Points:
    46
    Oikea loki on ja hyvältä vaikuttaa. Varmistetaan kuitenkin ettei ole mitään piilossa....

    Lataa F-Secure BlackLight molempiin koneisiin työpöydälle -> http://www.europe.f-secure.com/exclude/blacklight/blbeta.exe

    Skannaa koneet sillä. Älä uudelleennimeä mitään.

    Lähetä sitten Blacklightin lokit tänne. (Tallentuu työpöydälle nimellä fsbl********.txt)
     
    JaPK, Mar 22, 2006
    #9
  10. Virus88

    Virus88 Regular member

    Joined:
    Apr 11, 2005
    Messages:
    475
    Likes Received:
    0
    Trophy Points:
    26
    Tässähän tämä

    03/22/06 21:22:00 [Info]: BlackLight Engine 1.0.33 initialized
    03/22/06 21:22:00 [Info]: OS: 5.1 build 2600 (Service Pack 2)
    03/22/06 21:22:00 [Note]: 7019 4
    03/22/06 21:22:00 [Note]: 7005 0
    03/22/06 21:22:13 [Note]: 7006 0
    03/22/06 21:22:13 [Note]: 7011 1716
    03/22/06 21:22:14 [Note]: FSRAW library version 1.7.1015
    03/22/06 21:24:33 [Note]: 7007 0
     
    Virus88, Mar 22, 2006
    #10
  11. JaPK

    JaPK Regular member

    Joined:
    Feb 23, 2006
    Messages:
    1,269
    Likes Received:
    0
    Trophy Points:
    46
    Puhdas on =)
     
    JaPK, Mar 22, 2006
    #11
  12. Virus88

    Virus88 Regular member

    Joined:
    Apr 11, 2005
    Messages:
    475
    Likes Received:
    0
    Trophy Points:
    26
    Jeps :) kiitoksia vaivannäöstä kaikille :)
     
    Virus88, Mar 22, 2006
    #12
  13. JaPK

    JaPK Regular member

    Joined:
    Feb 23, 2006
    Messages:
    1,269
    Likes Received:
    0
    Trophy Points:
    46
    Oleppa hyvä =)
     
    JaPK, Mar 22, 2006
    #13

Share This Page