outo troijalainen iski

elikkä koneeseeni on iskenyt ainakin : Win32urityscan-Q [Trj] , Win32:Tsupdate-J [Trj] enkä millään ihmeellä saa poistettua niitä. itselläni on avast home edition , ad-awaren scannasin läpi sekä spybotin kanssa. avast ilmoittaa viruksen olevan troijalainen. jos nämä ohjelmat eivät kykene poistamaan troijaa niin mikä? kertokaa joku hyvä ohjelma, apu olisi nyt tarpeen. aattelin itte yhtenä vaihtoehtona että formatois koneen..mut jos tiiäätte jonkun hyvän ohjelman

 

Lähdetään tuosta liikkeelle:

Laita HjT-loki,ohjeet -> http://keskustelu.afterdawn.com/thread_view.cfm/316714

Avast nyt ei pysty läheskään kaikkea poistamaan kun eivät pysty kaupallisetkaan ohjelmat.

 

Logfile of HijackThis v1.99.1
Scan saved at 12:05:42, on 23.6.2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\DRIVERS\CDANTSRV.EXE
C:\WINDOWS\system32\CTSvcCDA.EXE
C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\MsPMSPSv.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\Maxtor\OneTouch\utils\Onetouch.exe
C:\PROGRA~1\Dantz\RETROS~1\RetroExpress.exe
C:\Program Files\Common Files\PCSuite\DataLayer\DataLayer.exe
C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe
C:\WINDOWS\system32\CAPRPCSK.EXE
C:\dfndra.exe
C:\nwnm.exe
C:\Program Files\ipwins\ipwins.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\WINDOWS\NCLAUNCH.EXe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe
C:\Program Files\Common Files\svchostsys\svchostsys.exe
C:\WINDOWS\system32\spool\drivers\w32x86\3\CAPPSWK.EXE
C:\PROGRA~1\COMMON~1\PCSuite\Services\SERVIC~1.EXE
C:\WINDOWS\system32\taskmgr.exe
C:\Program Files\OpenOffice.org 2.0\program\soffice.exe
C:\Program Files\OpenOffice.org 2.0\program\soffice.BIN
C:\WINDOWS\system32\spool\drivers\w32x86\3\CAPPSWK.EXE
C:\Program Files\Windows NT\whypertrm.exe
C:\WINDOWS\system32\wuauclt.exe
C:\PROGRA~1\COMMON~1\Nokia\MPAPI\MPAPI3s.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\PROGRA~1\Dantz\RETROS~1\retrospect.exe
C:\PROGRA~1\Dantz\RETROS~1\retrorun.exe
C:\WINDOWS\system32\dumprep.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\PROGRA~1\MOZILL~1\FIREFOX.EXE
C:\WINDOWS\system32\dumprep.exe
D:\HijackThis_v1.99.1.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://searchbar.findthewebsiteyouneed.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://searchbar.findthewebsiteyouneed.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://searchbar.findthewebsiteyouneed.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.findthewebsiteyouneed.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://searchbar.findthewebsiteyouneed.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://searchbar.findthewebsiteyouneed.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Linkit
R3 - Default URLSearchHook is missing
F2 - REG:system.ini: UserInit=userinit.exe
O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\MSN Toolbar\01.02.5000.1021\fi\msntb.dll (file missing)
O3 - Toolbar: ToolBar888 - {0E1230F8-EA50-42A9-983C-D22ABC2EED3B} - C:\Program Files\ToolBar888\MyToolBar.dll
O4 - HKLM\..\Run: [SiSUSBRG] C:\WINDOWS\SiSUSBrg.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [CAPON] C:\WINDOWS\system32\Spool\Drivers\w32x86\3\CAPONN.EXE
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [Creative WebCam Tray] C:\Program Files\Creative\Shared Files\CAMTRAY.EXE
O4 - HKLM\..\Run: [PinnacleDriverCheck] C:\WINDOWS\system32\PSDrvCheck.exe -CheckReg
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" runtime -Delay
O4 - HKLM\..\Run: [MaxtorOneTouch] C:\Program Files\Maxtor\OneTouch\utils\Onetouch.exe
O4 - HKLM\..\Run: [RetroExpress] C:\PROGRA~1\Dantz\RETROS~1\RetroExpress.exe /h
O4 - HKLM\..\Run: [DataLayer] C:\Program Files\Common Files\PCSuite\DataLayer\DataLayer.exe
O4 - HKLM\..\Run: [PCSuiteTrayApplication] C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe -onlytray
O4 - HKLM\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033
O4 - HKLM\..\Run: [PWRISOVM.EXE] G:\PowerISO\PWRISOVM.EXE
O4 - HKLM\..\Run: [outlook] C:\Program Files\outlook\outlook.exe /auto
O4 - HKLM\..\Run: [winlog] winlog.exe
O4 - HKLM\..\Run: [keyboard] C:\\kybrd.exe
O4 - HKLM\..\Run: [defender] C:\\dfndra.exe
O4 - HKLM\..\Run: [newname] C:\\nwnm.exe
O4 - HKLM\..\Run: [IpWins] C:\Program Files\ipwins\ipwins.exe
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\RunServices: [winlog] winlog.exe
O4 - HKCU\..\Run: [NCLaunch] C:\WINDOWS\NCLAUNCH.EXe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [Steam] "f:\games\steam.exe" -silent
O4 - HKCU\..\Run: [TypingSatellite] "C:\Program Files\TypingMaster\KBOOST.EXE"
O4 - HKCU\..\Run: [NBJ] "C:\Program Files\Ahead\Nero BackItUp\NBJ.exe"
O4 - HKCU\..\Run: [PcSync] C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog
O4 - HKCU\..\Run: [sys_up1] C:\Program Files\Common Files\svchostsys\svchostsys.exe
O4 - HKCU\..\Run: [Eauo] "C:\PROGRA~1\COMMON~1\CROSOF~1.NET\chkdsk.exe" -vt yazr
O4 - HKCU\..\Run: [Byaxb] C:\DOCUME~1\Joni\APPLIC~1\ICROSO~1\MCONFI~1.EXE
O4 - Startup: OpenOffice.org 2.0.lnk = C:\Program Files\OpenOffice.org 2.0\program\quickstart.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Canon LBP-810 tilaikkuna.LNK = C:\WINDOWS\system32\spool\drivers\w32x86\3\CAPPSWK.EXE
O8 - Extra context menu item: &MyToolBar Search - res://C:\Program Files\ToolBar888\MyToolBar.dll/MENUSEARCH.HTM
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: Lukutulkki - {B66541E2-E167-4084-8E77-68CA13C4B3B8} - C:\Program Files\NetClickup\Lukutulkki\Lutu.dll (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab31267.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O20 - Winlogon Notify: Setup - C:\WINDOWS\system32\cErds.dll (file missing)
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: C-DillaSrv - C-Dilla Ltd - C:\WINDOWS\system32\DRIVERS\CDANTSRV.EXE
O23 - Service: Command Service (cmdService) - Unknown owner - C:\WINDOWS\Sm9uaSBUdW9taW5lbg\command.exe (file missing)
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTSvcCDA.EXE
O23 - Service: EPSON Printer Status Agent2 (EPSONStatusAgent2) - SEIKO EPSON CORPORATION - C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Network Monitor - Unknown owner - C:\Program Files\Network Monitor\netmon.exe (file missing)
O23 - Service: Retrospect Express HD Launcher (RetroExpLauncher) - Dantz Development Corporation - C:\PROGRA~1\Dantz\RETROS~1\retrorun.exe

...nyt kun olen ensin kirjautunut omaan windows tiliini niin joku ohjelma lähtee ensin käyntiin sen jälkeen avast varoittaa viruksista..ja uusia ohjelmia on itsestään lataantunut koneelleni : drndra.exe, nwnm.exe, kybrd.exe, ipwins, snowball wars, toolbar888 ja network monitor.

 

Poista ohjauspaneelista (lisää/poista sovellus):

Toolbar888

Fixaa HjT:llä (do a system scan only, merkkaa ja paina fix checked):

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://searchbar.findthewebsiteyouneed.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://searchbar.findthewebsiteyouneed.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://searchbar.findthewebsiteyouneed.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.findthewebsiteyouneed.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://searchbar.findthewebsiteyouneed.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://searchbar.findthewebsiteyouneed.com
R3 - Default URLSearchHook is missing
O3 - Toolbar: ToolBar888 - {0E1230F8-EA50-42A9-983C-D22ABC2EED3B} - C:\Program Files\ToolBar888\MyToolBar.dll
O20 - Winlogon Notify: Setup - C:\WINDOWS\system32\cErds.dll (file missing)
O23 - Service: Command Service (cmdService) - Unknown owner - C:\WINDOWS\Sm9uaSBUdW9taW5lbg\command.exe (file missing)
O23 - Service: Network Monitor - Unknown owner - C:\Program Files\Network Monitor\netmon.exe (file missing)

Mene käynnistä -> suorita
Kirjoita sc stop cmdService ja klikkaa ok
sitten sc delete cmdService ja klikkaa ok
sitten sc stop "Network Monitor" ja klikkaa ok
sitten sc delete "Network Monitor" ja klikkaa ok

Etsi lisää/poista sovelluksesta PuritySCAN By OIN, OuterInfo, OIN, Snowball wars by OIN tai ohjelma jolla samantapainen nimi , ja poista sen asennus.

Käynnistä uudelleen ja poista tämä hakemisto, jos löytyy
C:\Program Files\PurityScan

Jos ohjelmaa ei löydy, lataa ja aja tämä
http://www.outerinfo.com/OiUninstaller.exe
Uninstaller

http://www.outerinfo.com/howto.html
Ohje englanniksi uninstallerin käyttöön, jos tarvis

Käynnistä uudelleen ja poista tämä hakemisto, jos löytyy
C:\Program Files\PurityScan

Poista myös nämä:

C:\WINDOWS\Sm9uaSBUdW9taW5lbg
C:\Program Files\Network Monitor
C:\Program Files\ToolBar888


Lataa tuosta http://www.merijn.org/files/bfu.zip Brute Force Uninstaller työpöydällesi.
[*]Oikea-klikkaa BFU zippiä työpöydälläsi, ja valitse Pura kaikki.
[*]Klikkaa "Seuraava"
[*]Boksissa missä valita mihin haluat tiedostot purkaa,
[*]Klikkaa "Selaa"
[*]Klikkaa + merkkiä oman tietokoneen vieressä
[*]Klikkaa "Paikallinen Levy (C" tai mikä sinun tärkein levysi onkin
[*]Klikkaa "Tee uusi kansio"
[*]Kirjoita BFU
[*]Klikkaa "Seuraava", ja ÄLÄ rastita boksia "Näytä puretut tiedostot" ja klikkaa "Valmis".
OIKEA-KLIKKAA TÄSTÄ -> http://metallica.geekstogo.com/alcanshorty.bfu ja valitse "Save As" (Explorerissa "Save Target As") ladataksesi Alcra PLUS Poistajan.
Tallenna se samaan kansioon jonka teit aiemmin (c:\BFU).

Älä tee mitään tällä vielä!

Käynnistä koneesi vikasietotilaan naputtamalla F8 näppäintä käynnistyksen yhteydessä.

Klikkaa Käynnistä > Oma tietokone ja navigoi C:\BFU kansioon.
[*] Käynnistä Brute Force Uninstaller tupla-klikkaamalla BFU.exe
[*] Scriptline to execute kentässä kirjoita tai liitä c:\bfu\alcanshorty.bfu
[*] Klikkaa Execute ja anna sen tehdä työnsä. (Sinun pitäisi nähdä edistyspalkki jos teit tämän oikein.)
[*]Odota Complete script execution boksia ja klikkaa OK.
[*]Klikkaa exit lopettaaksesi Brute Force Uninstallerin.

Käynnistä normaalisti uudelleen ja postita tuore HijackThis logi.

 

tässä nyt uusin logfile:

Logfile of HijackThis v1.99.1
Scan saved at 14:56:25, on 23.6.2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\DRIVERS\CDANTSRV.EXE
C:\WINDOWS\system32\CTSvcCDA.EXE
C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\MsPMSPSv.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\CAPRPCSK.EXE
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\Maxtor\OneTouch\utils\Onetouch.exe
C:\PROGRA~1\Dantz\RETROS~1\RetroExpress.exe
C:\Program Files\Common Files\PCSuite\DataLayer\DataLayer.exe
C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\WINDOWS\NCLAUNCH.EXe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe
C:\PROGRA~1\COMMON~1\PCSuite\Services\SERVIC~1.EXE
C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
C:\WINDOWS\system32\spool\drivers\w32x86\3\CAPPSWK.EXE
C:\WINDOWS\system32\spool\drivers\w32x86\3\CAPPSWK.EXE
C:\PROGRA~1\COMMON~1\Nokia\MPAPI\MPAPI3s.exe
C:\Program Files\OpenOffice.org 2.0\program\soffice.exe
C:\Program Files\OpenOffice.org 2.0\program\soffice.BIN
C:\PROGRA~1\Dantz\RETROS~1\retrospect.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\PROGRA~1\Dantz\RETROS~1\retrorun.exe
D:\HijackThis_v1.99.1.exe

F2 - REG:system.ini: UserInit=userinit.exe
O4 - HKLM\..\Run: [SiSUSBRG] C:\WINDOWS\SiSUSBrg.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [CAPON] C:\WINDOWS\system32\Spool\Drivers\w32x86\3\CAPONN.EXE
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [Creative WebCam Tray] C:\Program Files\Creative\Shared Files\CAMTRAY.EXE
O4 - HKLM\..\Run: [PinnacleDriverCheck] C:\WINDOWS\system32\PSDrvCheck.exe -CheckReg
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" runtime -Delay
O4 - HKLM\..\Run: [MaxtorOneTouch] C:\Program Files\Maxtor\OneTouch\utils\Onetouch.exe
O4 - HKLM\..\Run: [RetroExpress] C:\PROGRA~1\Dantz\RETROS~1\RetroExpress.exe /h
O4 - HKLM\..\Run: [DataLayer] C:\Program Files\Common Files\PCSuite\DataLayer\DataLayer.exe
O4 - HKLM\..\Run: [PCSuiteTrayApplication] C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe -onlytray
O4 - HKLM\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033
O4 - HKLM\..\Run: [PWRISOVM.EXE] G:\PowerISO\PWRISOVM.EXE
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKCU\..\Run: [NCLaunch] C:\WINDOWS\NCLAUNCH.EXe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [Steam] "f:\games\steam.exe" -silent
O4 - HKCU\..\Run: [TypingSatellite] "C:\Program Files\TypingMaster\KBOOST.EXE"
O4 - HKCU\..\Run: [NBJ] "C:\Program Files\Ahead\Nero BackItUp\NBJ.exe"
O4 - HKCU\..\Run: [PcSync] C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog
O4 - HKCU\..\Run: [Eauo] "C:\PROGRA~1\COMMON~1\CROSOF~1.NET\chkdsk.exe" -vt yazr
O4 - HKCU\..\Run: [Byaxb] C:\DOCUME~1\Joni\APPLIC~1\ICROSO~1\MCONFI~1.EXE
O4 - Startup: OpenOffice.org 2.0.lnk = C:\Program Files\OpenOffice.org 2.0\program\quickstart.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Canon LBP-810 tilaikkuna.LNK = C:\WINDOWS\system32\spool\drivers\w32x86\3\CAPPSWK.EXE
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: Lukutulkki - {B66541E2-E167-4084-8E77-68CA13C4B3B8} - C:\Program Files\NetClickup\Lukutulkki\Lutu.dll (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab31267.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: C-DillaSrv - C-Dilla Ltd - C:\WINDOWS\system32\DRIVERS\CDANTSRV.EXE
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTSvcCDA.EXE
O23 - Service: EPSON Printer Status Agent2 (EPSONStatusAgent2) - SEIKO EPSON CORPORATION - C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Retrospect Express HD Launcher (RetroExpLauncher) - Dantz Development Corporation - C:\PROGRA~1\Dantz\RETROS~1\retrorun.exe

tämä vaihe ei onnistunut kun ei tuo oiunistaller lähde kaksois klikkaamalla käyntiin mitenkään. nyt c asemalta poistui muutama kansio itsestään mutta tuli uusi tilalle: bintheredunthat -niminen.

 

Se kansio on ok, liittyy tuohon bfu:hun Siellä on varmuuskopioita
poistetuista jutuista.

Tossa osa skriptistä:

OptionSetStatus Trying heuristics
FolderCreate %SYSTEMDRIVE%\bintheredunthat
FileMove %WINDIR%\win*-*.exe|%SYSTEMDRIVE%\bintheredunthat
FileMoveIfContainsHex %SYSTEMDRIVE%\*.exe|%SYSTEMDRIVE%\bintheredunthat|2E,00,6E,00,6F,00,00,00,08,00,00,00,6E,00,61,00,6D,00,65,00,00,00,00,00,0A,00,00,00,66,00,6F,00
FileMoveIfContainsHex %SYSTEMDRIVE%\*.exe|%SYSTEMDRIVE%\bintheredunthat|2E,00,6E,00,6F,00,00,00,06,00,00,00,6E,00,61,00,6D,00,00,00,0A,00,00,00,65,00,66,00,6F,00
FileMoveIfContainsHex %SYSTEMDRIVE%\*.exe|%SYSTEMDRIVE%\bintheredunthat|2E,00,6E,00,00,00,10,00,00,00,6F,00,6E,00,61,00,6D,00,65,00,66,00,6F,00,72,00,00,00,00,00,10,00
FileMoveIfContainsHex %WINDIR%\*.exe|%SYSTEMDRIVE%\bintheredunthat|53,00,79,00,73,00,4D,00,6F,00,6E,00,2E,00,65,00,78,00,65
FileMoveIfContainsText %SYSTEMDRIVE%\*.exe|%SYSTEMDRIVE%\bintheredunthat|WebBrowser1
FileMoveIfContainsText %SYSTEMDRIVE%\*.exe|%SYSTEMDRIVE%\bintheredunthat|Project1
FileMoveIfContainsText %SYSTEMDRIVE%\*.exe|%SYSTEMDRIVE%\bintheredunthat|NSISu_.exe
FileMoveIfContainsHex %SYSTEMDRIVE%\w*.dll|%SYSTEMDRIVE%\bintheredunthat|61,63,32,2E,64,6C,6C,00,49,31,00,49,32
FileMoveIfContainsHex %SYSDIR%\w*.dll|%SYSTEMDRIVE%\bintheredunthat|61,63,32,2E,64,6C,6C,00,49,31,00,49,32

Ja tuo bfu-skripti poisti ne kansiot/tiedostot (olivat pöpöjä).

Fixaa nämä:

O4 - HKCU\..\Run: [Eauo] "C:\PROGRA~1\COMMON~1\CROSOF~1.NET\chkdsk.exe" -vt yazr
O4 - HKCU\..\Run: [Byaxb] C:\DOCUME~1\Joni\APPLIC~1\ICROSO~1\MCONFI~1.EXE

Hae,asenna ja päivitä ewido -> http://keskustelu.afterdawn.com/thread_view.cfm/269186

Käynnistä vikasietotilaan (F8 käynnistyksen yhteydessä)

Poista, jos löytyy:

C:\PROGRA~1\COMMON~1\CROSOF~1.NET
C:\DOCUME~1\Joni\APPLIC~1\ICROSO~1

Skannaa ewidolla, anna poistaa mitä löytää ja tallenna raportti.

Käynnistä uudelleen ja lähetä ewidon raportti ja uusi HjT-loki.

 

Logfile of HijackThis v1.99.1
Scan saved at 16:54:20, on 23.6.2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\DRIVERS\CDANTSRV.EXE
C:\WINDOWS\system32\CTSvcCDA.EXE
C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe
G:\Ewido anti-spyware\ewido anti-spyware 4.0\guard.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\MsPMSPSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\CAPRPCSK.EXE
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\Maxtor\OneTouch\utils\Onetouch.exe
C:\PROGRA~1\Dantz\RETROS~1\RetroExpress.exe
C:\Program Files\Common Files\PCSuite\DataLayer\DataLayer.exe
C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\PROGRA~1\COMMON~1\PCSuite\Services\SERVIC~1.EXE
G:\Ewido anti-spyware\ewido anti-spyware 4.0\ewido.exe
C:\WINDOWS\NCLAUNCH.EXe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe
C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
C:\WINDOWS\system32\spool\drivers\w32x86\3\CAPPSWK.EXE
C:\WINDOWS\system32\spool\drivers\w32x86\3\CAPPSWK.EXE
C:\PROGRA~1\COMMON~1\Nokia\MPAPI\MPAPI3s.exe
C:\Program Files\OpenOffice.org 2.0\program\soffice.exe
C:\Program Files\OpenOffice.org 2.0\program\soffice.BIN
C:\PROGRA~1\Dantz\RETROS~1\retrospect.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\PROGRA~1\MOZILL~1\FIREFOX.EXE
C:\PROGRA~1\Dantz\RETROS~1\retrorun.exe
D:\HijackThis_v1.99.1.exe

F2 - REG:system.ini: UserInit=userinit.exe
O4 - HKLM\..\Run: [SiSUSBRG] C:\WINDOWS\SiSUSBrg.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [CAPON] C:\WINDOWS\system32\Spool\Drivers\w32x86\3\CAPONN.EXE
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [Creative WebCam Tray] C:\Program Files\Creative\Shared Files\CAMTRAY.EXE
O4 - HKLM\..\Run: [PinnacleDriverCheck] C:\WINDOWS\system32\PSDrvCheck.exe -CheckReg
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" runtime -Delay
O4 - HKLM\..\Run: [MaxtorOneTouch] C:\Program Files\Maxtor\OneTouch\utils\Onetouch.exe
O4 - HKLM\..\Run: [RetroExpress] C:\PROGRA~1\Dantz\RETROS~1\RetroExpress.exe /h
O4 - HKLM\..\Run: [DataLayer] C:\Program Files\Common Files\PCSuite\DataLayer\DataLayer.exe
O4 - HKLM\..\Run: [PCSuiteTrayApplication] C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe -onlytray
O4 - HKLM\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033
O4 - HKLM\..\Run: [PWRISOVM.EXE] G:\PowerISO\PWRISOVM.EXE
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [!ewido] "G:\Ewido anti-spyware\ewido anti-spyware 4.0\ewido.exe" /minimized
O4 - HKCU\..\Run: [NCLaunch] C:\WINDOWS\NCLAUNCH.EXe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [Steam] "f:\games\steam.exe" -silent
O4 - HKCU\..\Run: [TypingSatellite] "C:\Program Files\TypingMaster\KBOOST.EXE"
O4 - HKCU\..\Run: [NBJ] "C:\Program Files\Ahead\Nero BackItUp\NBJ.exe"
O4 - HKCU\..\Run: [PcSync] C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog
O4 - Startup: OpenOffice.org 2.0.lnk = C:\Program Files\OpenOffice.org 2.0\program\quickstart.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Canon LBP-810 tilaikkuna.LNK = C:\WINDOWS\system32\spool\drivers\w32x86\3\CAPPSWK.EXE
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: Lukutulkki - {B66541E2-E167-4084-8E77-68CA13C4B3B8} - C:\Program Files\NetClickup\Lukutulkki\Lutu.dll (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab31267.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: C-DillaSrv - C-Dilla Ltd - C:\WINDOWS\system32\DRIVERS\CDANTSRV.EXE
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTSvcCDA.EXE
O23 - Service: EPSON Printer Status Agent2 (EPSONStatusAgent2) - SEIKO EPSON CORPORATION - C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe
O23 - Service: ewido anti-spyware 4.0 guard - Anti-Malware Development a.s. - G:\Ewido anti-spyware\ewido anti-spyware 4.0\guard.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Retrospect Express HD Launcher (RetroExpLauncher) - Dantz Development Corporation - C:\PROGRA~1\Dantz\RETROS~1\retrorun.exe
.
.
.
ja tässä ewido logi

---------------------------------------------------------
ewido anti-spyware - Scan Report
---------------------------------------------------------

+ Created at: 16:42:26 23.6.2006

+ Scan result:



C:\Program Files\Tcl\license.exe -> Adware.Agent : Cleaned with backup (quarantined).
C:\Program Files\Common Files\Real\WeatherBug\MiniBugTransporter.dll -> Adware.Minibug : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Clickspring -> Adware.PurityScan : Cleaned with backup (quarantined).
C:\WINDOWS\system32\mkls.dll -> Adware.RK : Cleaned with backup (quarantined).
C:\WINDOWS\system32\rlls.dll -> Adware.RK : Cleaned with backup (quarantined).
C:\Program Files\Common Files\svchostsys\svchostsys.exe -> Downloader.Small : Cleaned with backup (quarantined).
C:\Program Files\Common Files\svchostsys\svchostupdate.exe -> Downloader.Small : Cleaned with backup (quarantined).
C:\Documents and Settings\Joni\Local Settings\Temporary Internet Files\Content.IE5\8H2ZKX2B\MTE3NDI6ODoxNg[1].exe -> Downloader.Small.buy : Cleaned.
C:\WINDOWS\MTE3NDI6ODoxNg.exe -> Downloader.Small.buy : Cleaned.
C:\Documents and Settings\Joni\Local Settings\Temporary Internet Files\Content.IE5\8H2ZKX2B\stub_113_4_0_4_0[1].exe -> Downloader.TSUpdate.o : Cleaned with backup (quarantined).
C:\bintheredunthat\nwnm.exe -> Hijacker.VB.fb : Cleaned.
:mozilla.14:C:\Documents and Settings\Vieras\Application Data\Mozilla\Firefox\Profiles\gecj4ux0.default\cookies.txt -> TrackingCookie.247realmedia : Cleaned.
:mozilla.15:C:\Documents and Settings\Vieras\Application Data\Mozilla\Firefox\Profiles\gecj4ux0.default\cookies.txt -> TrackingCookie.247realmedia : Cleaned.
:mozilla.60:C:\Documents and Settings\Joni\Application Data\Mozilla\Firefox\Profiles\h7h879s4.default\cookies.txt -> TrackingCookie.247realmedia : Cleaned.
:mozilla.6:C:\Documents and Settings\Joni\Application Data\Mozilla\Profiles\default\xbtrvbdp.slt\cookies.txt -> TrackingCookie.247realmedia : Cleaned.
:mozilla.25:C:\Documents and Settings\Joni\Application Data\Mozilla\Profiles\default\xbtrvbdp.slt\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.6:C:\Documents and Settings\Matti\Application Data\Mozilla\Profiles\default\ofn9qgdy.slt\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.95:C:\Documents and Settings\Matti\Application Data\Mozilla\Firefox\Profiles\679xu2k0.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.86:C:\Documents and Settings\Joni\Application Data\Mozilla\Firefox\Profiles\h7h879s4.default\cookies.txt -> TrackingCookie.Adocean : Cleaned.
:mozilla.87:C:\Documents and Settings\Joni\Application Data\Mozilla\Firefox\Profiles\h7h879s4.default\cookies.txt -> TrackingCookie.Adocean : Cleaned.
:mozilla.90:C:\Documents and Settings\Joni\Application Data\Mozilla\Firefox\Profiles\h7h879s4.default\cookies.txt -> TrackingCookie.Adocean : Cleaned.
:mozilla.91:C:\Documents and Settings\Joni\Application Data\Mozilla\Firefox\Profiles\h7h879s4.default\cookies.txt -> TrackingCookie.Adocean : Cleaned.
:mozilla.10:C:\Documents and Settings\Joni\Application Data\Mozilla\Profiles\default\xbtrvbdp.slt\cookies.txt -> TrackingCookie.Adtech : Cleaned.
:mozilla.11:C:\Documents and Settings\Joni\Application Data\Mozilla\Profiles\default\xbtrvbdp.slt\cookies.txt -> TrackingCookie.Adtech : Cleaned.
:mozilla.56:C:\Documents and Settings\Matti\Application Data\Mozilla\Firefox\Profiles\679xu2k0.default\cookies.txt -> TrackingCookie.Adtech : Cleaned.
:mozilla.57:C:\Documents and Settings\Matti\Application Data\Mozilla\Firefox\Profiles\679xu2k0.default\cookies.txt -> TrackingCookie.Adtech : Cleaned.
:mozilla.73:C:\Documents and Settings\Joni\Application Data\Mozilla\Firefox\Profiles\h7h879s4.default\cookies.txt -> TrackingCookie.Adtech : Cleaned.
:mozilla.74:C:\Documents and Settings\Joni\Application Data\Mozilla\Firefox\Profiles\h7h879s4.default\cookies.txt -> TrackingCookie.Adtech : Cleaned.
:mozilla.100:C:\Documents and Settings\Matti\Application Data\Mozilla\Firefox\Profiles\679xu2k0.default\cookies.txt -> TrackingCookie.Advertising : Cleaned.
:mozilla.13:C:\Documents and Settings\Vieras\Application Data\Mozilla\Firefox\Profiles\gecj4ux0.default\cookies.txt -> TrackingCookie.Advertising : Cleaned.
:mozilla.16:C:\Documents and Settings\Vieras\Application Data\Mozilla\Firefox\Profiles\gecj4ux0.default\cookies.txt -> TrackingCookie.Advertising : Cleaned.
:mozilla.17:C:\Documents and Settings\Vieras\Application Data\Mozilla\Firefox\Profiles\gecj4ux0.default\cookies.txt -> TrackingCookie.Advertising : Cleaned.
:mozilla.18:C:\Documents and Settings\Vieras\Application Data\Mozilla\Firefox\Profiles\gecj4ux0.default\cookies.txt -> TrackingCookie.Advertising : Cleaned.
:mozilla.19:C:\Documents and Settings\Vieras\Application Data\Mozilla\Firefox\Profiles\gecj4ux0.default\cookies.txt -> TrackingCookie.Advertising : Cleaned.
:mozilla.47:C:\Documents and Settings\Joni\Application Data\Mozilla\Firefox\Profiles\h7h879s4.default\cookies.txt -> TrackingCookie.Advertising : Cleaned.
:mozilla.48:C:\Documents and Settings\Joni\Application Data\Mozilla\Firefox\Profiles\h7h879s4.default\cookies.txt -> TrackingCookie.Advertising : Cleaned.
:mozilla.49:C:\Documents and Settings\Joni\Application Data\Mozilla\Firefox\Profiles\h7h879s4.default\cookies.txt -> TrackingCookie.Advertising : Cleaned.
:mozilla.168:C:\Documents and Settings\Matti\Application Data\Mozilla\Firefox\Profiles\679xu2k0.default\cookies.txt -> TrackingCookie.Adviva : Cleaned.
:mozilla.15:C:\Documents and Settings\Joni\Application Data\Mozilla\Firefox\Profiles\h7h879s4.default\cookies.txt -> TrackingCookie.Atdmt : Cleaned.
:mozilla.74:C:\Documents and Settings\Matti\Application Data\Mozilla\Firefox\Profiles\679xu2k0.default\cookies.txt -> TrackingCookie.Atdmt : Cleaned.
:mozilla.169:C:\Documents and Settings\Matti\Application Data\Mozilla\Firefox\Profiles\679xu2k0.default\cookies.txt -> TrackingCookie.Bfast : Cleaned.
:mozilla.177:C:\Documents and Settings\Matti\Application Data\Mozilla\Firefox\Profiles\679xu2k0.default\cookies.txt -> TrackingCookie.Bluestreak : Cleaned.
:mozilla.98:C:\Documents and Settings\Joni\Application Data\Mozilla\Firefox\Profiles\h7h879s4.default\cookies.txt -> TrackingCookie.Burstnet : Cleaned.
:mozilla.13:C:\Documents and Settings\Joni\Application Data\Mozilla\Profiles\default\xbtrvbdp.slt\cookies.txt -> TrackingCookie.Casalemedia : Cleaned.
:mozilla.14:C:\Documents and Settings\Joni\Application Data\Mozilla\Profiles\default\xbtrvbdp.slt\cookies.txt -> TrackingCookie.Casalemedia : Cleaned.
:mozilla.34:C:\Documents and Settings\Joni\Application Data\Mozilla\Firefox\Profiles\h7h879s4.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned.
:mozilla.35:C:\Documents and Settings\Joni\Application Data\Mozilla\Firefox\Profiles\h7h879s4.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned.
:mozilla.36:C:\Documents and Settings\Joni\Application Data\Mozilla\Firefox\Profiles\h7h879s4.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned.
:mozilla.37:C:\Documents and Settings\Joni\Application Data\Mozilla\Firefox\Profiles\h7h879s4.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned.
:mozilla.98:C:\Documents and Settings\Matti\Application Data\Mozilla\Firefox\Profiles\679xu2k0.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned.
:mozilla.17:C:\Documents and Settings\Joni\Application Data\Mozilla\Firefox\Profiles\h7h879s4.default\cookies.txt -> TrackingCookie.Cpvfeed : Cleaned.
:mozilla.51:C:\Documents and Settings\Anne\Application Data\Mozilla\Firefox\Profiles\679xu2k0.default\cookies.txt -> TrackingCookie.Doubleclick : Cleaned.
:mozilla.9:C:\Documents and Settings\Vieras\Application Data\Mozilla\Firefox\Profiles\gecj4ux0.default\cookies.txt -> TrackingCookie.Doubleclick : Cleaned.
:mozilla.133:C:\Documents and Settings\Matti\Application Data\Mozilla\Firefox\Profiles\679xu2k0.default\cookies.txt -> TrackingCookie.Estat : Cleaned.
:mozilla.125:C:\Documents and Settings\Matti\Application Data\Mozilla\Firefox\Profiles\679xu2k0.default\cookies.txt -> TrackingCookie.Fastclick : Cleaned.
:mozilla.50:C:\Documents and Settings\Joni\Application Data\Mozilla\Firefox\Profiles\h7h879s4.default\cookies.txt -> TrackingCookie.Fastclick : Cleaned.
:mozilla.51:C:\Documents and Settings\Joni\Application Data\Mozilla\Firefox\Profiles\h7h879s4.default\cookies.txt -> TrackingCookie.Fastclick : Cleaned.
:mozilla.52:C:\Documents and Settings\Joni\Application Data\Mozilla\Firefox\Profiles\h7h879s4.default\cookies.txt -> TrackingCookie.Fastclick : Cleaned.
:mozilla.53:C:\Documents and Settings\Joni\Application Data\Mozilla\Firefox\Profiles\h7h879s4.default\cookies.txt -> TrackingCookie.Fastclick : Cleaned.
:mozilla.123:C:\Documents and Settings\Matti\Application Data\Mozilla\Firefox\Profiles\679xu2k0.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned.
:mozilla.61:C:\Documents and Settings\Matti\Application Data\Mozilla\Firefox\Profiles\679xu2k0.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned.
:mozilla.170:C:\Documents and Settings\Matti\Application Data\Mozilla\Firefox\Profiles\679xu2k0.default\cookies.txt -> TrackingCookie.Mediaplex : Cleaned.
:mozilla.22:C:\Documents and Settings\Vieras\Application Data\Mozilla\Firefox\Profiles\gecj4ux0.default\cookies.txt -> TrackingCookie.Mediaplex : Cleaned.
C:\Documents and Settings\Joni\Cookies\joni@stats1.reliablestats[2].txt -> TrackingCookie.Reliablestats : Cleaned.
:mozilla.15:C:\Documents and Settings\Joni\Application Data\Mozilla\Profiles\default\xbtrvbdp.slt\cookies.txt -> TrackingCookie.Sexcounter : Cleaned.
:mozilla.16:C:\Documents and Settings\Joni\Application Data\Mozilla\Profiles\default\xbtrvbdp.slt\cookies.txt -> TrackingCookie.Sexcounter : Cleaned.
:mozilla.17:C:\Documents and Settings\Joni\Application Data\Mozilla\Profiles\default\xbtrvbdp.slt\cookies.txt -> TrackingCookie.Sexcounter : Cleaned.
:mozilla.18:C:\Documents and Settings\Joni\Application Data\Mozilla\Profiles\default\xbtrvbdp.slt\cookies.txt -> TrackingCookie.Sexcounter : Cleaned.
:mozilla.19:C:\Documents and Settings\Joni\Application Data\Mozilla\Profiles\default\xbtrvbdp.slt\cookies.txt -> TrackingCookie.Sexcounter : Cleaned.
:mozilla.20:C:\Documents and Settings\Joni\Application Data\Mozilla\Profiles\default\xbtrvbdp.slt\cookies.txt -> TrackingCookie.Sexcounter : Cleaned.
:mozilla.126:C:\Documents and Settings\Matti\Application Data\Mozilla\Firefox\Profiles\679xu2k0.default\cookies.txt -> TrackingCookie.Specificclick : Cleaned.
:mozilla.154:C:\Documents and Settings\Matti\Application Data\Mozilla\Firefox\Profiles\679xu2k0.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned.
:mozilla.155:C:\Documents and Settings\Matti\Application Data\Mozilla\Firefox\Profiles\679xu2k0.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned.
:mozilla.40:C:\Documents and Settings\Joni\Application Data\Mozilla\Profiles\default\xbtrvbdp.slt\cookies.txt -> TrackingCookie.Statcounter : Cleaned.
:mozilla.41:C:\Documents and Settings\Joni\Application Data\Mozilla\Profiles\default\xbtrvbdp.slt\cookies.txt -> TrackingCookie.Statcounter : Cleaned.
:mozilla.80:C:\Documents and Settings\Matti\Application Data\Mozilla\Firefox\Profiles\679xu2k0.default\cookies.txt -> TrackingCookie.Tacoda : Cleaned.
:mozilla.82:C:\Documents and Settings\Matti\Application Data\Mozilla\Firefox\Profiles\679xu2k0.default\cookies.txt -> TrackingCookie.Tacoda : Cleaned.
:mozilla.20:C:\Documents and Settings\Joni\Application Data\Mozilla\Firefox\Profiles\h7h879s4.default\cookies.txt -> TrackingCookie.Tradedoubler : Cleaned.
:mozilla.21:C:\Documents and Settings\Joni\Application Data\Mozilla\Firefox\Profiles\h7h879s4.default\cookies.txt -> TrackingCookie.Tradedoubler : Cleaned.
:mozilla.22:C:\Documents and Settings\Joni\Application Data\Mozilla\Firefox\Profiles\h7h879s4.default\cookies.txt -> TrackingCookie.Tradedoubler : Cleaned.
:mozilla.23:C:\Documents and Settings\Joni\Application Data\Mozilla\Firefox\Profiles\h7h879s4.default\cookies.txt -> TrackingCookie.Tradedoubler : Cleaned.
:mozilla.42:C:\Documents and Settings\Joni\Application Data\Mozilla\Profiles\default\xbtrvbdp.slt\cookies.txt -> TrackingCookie.Tradedoubler : Cleaned.
:mozilla.99:C:\Documents and Settings\Matti\Application Data\Mozilla\Firefox\Profiles\679xu2k0.default\cookies.txt -> TrackingCookie.Tradedoubler : Cleaned.
C:\Documents and Settings\Joni\Cookies\joni@tradedoubler[2].txt -> TrackingCookie.Tradedoubler : Cleaned.
:mozilla.176:C:\Documents and Settings\Matti\Application Data\Mozilla\Firefox\Profiles\679xu2k0.default\cookies.txt -> TrackingCookie.Tribalfusion : Cleaned.
:mozilla.43:C:\Documents and Settings\Joni\Application Data\Mozilla\Profiles\default\xbtrvbdp.slt\cookies.txt -> TrackingCookie.Tribalfusion : Cleaned.
:mozilla.99:C:\Documents and Settings\Joni\Application Data\Mozilla\Firefox\Profiles\h7h879s4.default\cookies.txt -> TrackingCookie.Tribalfusion : Cleaned.
:mozilla.164:C:\Documents and Settings\Matti\Application Data\Mozilla\Firefox\Profiles\679xu2k0.default\cookies.txt -> TrackingCookie.Webtrendslive : Cleaned.
:mozilla.165:C:\Documents and Settings\Matti\Application Data\Mozilla\Firefox\Profiles\679xu2k0.default\cookies.txt -> TrackingCookie.Webtrendslive : Cleaned.
:mozilla.46:C:\Documents and Settings\Joni\Application Data\Mozilla\Profiles\default\xbtrvbdp.slt\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned.
:mozilla.47:C:\Documents and Settings\Joni\Application Data\Mozilla\Profiles\default\xbtrvbdp.slt\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned.
C:\Documents and Settings\Joni\Cookies\joni@ad.yieldmanager[2].txt -> TrackingCookie.Yieldmanager : Cleaned.
:mozilla.127:C:\Documents and Settings\Matti\Application Data\Mozilla\Firefox\Profiles\679xu2k0.default\cookies.txt -> TrackingCookie.Zedo : Cleaned.
:mozilla.128:C:\Documents and Settings\Matti\Application Data\Mozilla\Firefox\Profiles\679xu2k0.default\cookies.txt -> TrackingCookie.Zedo : Cleaned.


::Report end

näitä ei löytynytoista, jos löytyy:

C:\PROGRA~1\COMMON~1\CROSOF~1.NET
C:\DOCUME~1\Joni\APPLIC~1\ICROSO~1 , mutta mahtoikohan ewido poistaa.. lisäksi kun käynnistin koneeni uudelleen niin tuli tälläinen: .NET-Broadcastevent window.1.0.5000.0.4:cli.exe -sovellusvirhe.liittyykö toi jotenkin noihin viruksiin?

 

Lokit on ok. Error viittaa ATI:n ajureihin tms.

Kokeile käynnistää konetta ja katso, toistuuko tuo error.