AfterDawn.com Mainosta sivuillamme
User Käyttäjä Salasana  
  Puuttuuko tunnus? Liity jäseneksi nyt!.
Salasana hukassa? Klikkaa tästä. 		 
  Etusivu   Uutiset   Oppaat   Ohjelmat   Sanasto   Laitevertailu   Profiilit   Keskustelu  
 Yksityisviestit     Luo uusi yksityisviesti     Kaikki uudet viestit     Ilman vastauksia olevat viestiketjut     Hae viestejä
maanantai 10.11.2025 / 10:45
Hae keskustelualueilta:        In English   Suomeksi   På svenska
afterdawn.com > keskustelu > yleistä keskustelua tietokoneista > virukset ja haittaohjelmat > outo troijalainen iski
Näytä aiheet
 
Keskustelualueet
Keskustelualueet
outo troijalainen iski
  Siirry:
 
Kirjoittaja Viesti
_kerkko_
Suspended due to non-functional email address
_ 		22. kesäkuuta 2006 @ 21:21 _ Linkki tähän viestiin    Lähetä käyttäjälle yksityisviesti   
elikkä koneeseeni on iskenyt ainakin : Win32:Purityscan-Q [Trj] , Win32:Tsupdate-J [Trj] enkä millään ihmeellä saa poistettua niitä. itselläni on Avast home edition , ad-awaren scannasin läpi sekä spybotin kanssa. Avast ilmoittaa viruksen olevan troijalainen. jos nämä ohjelmat eivät kykene poistamaan troijaa niin mikä? kertokaa joku hyvä ohjelma, apu olisi nyt tarpeen. aattelin itte yhtenä vaihtoehtona että formatois koneen..mut jos tiiäätte jonkun hyvän ohjelman
[ + lainaa]
-kemisti-
AfterDawn Addict
_ 		23. kesäkuuta 2006 @ 06:13 _ Linkki tähän viestiin    Lähetä käyttäjälle yksityisviesti   
Lähdetään tuosta liikkeelle:

Laita HjT-loki,ohjeet -> http://keskustelu.afterdawn.com/thread_view.cfm/316714

Avast nyt ei pysty läheskään kaikkea poistamaan kun eivät pysty kaupallisetkaan ohjelmat.
[ + lainaa]
_kerkko_
Suspended due to non-functional email address
_ 		23. kesäkuuta 2006 @ 08:23 _ Linkki tähän viestiin    Lähetä käyttäjälle yksityisviesti   
Logfile of HijackThis v1.99.1
Scan saved at 12:05:42, on 23.6.2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\DRIVERS\CDANTSRV.EXE
C:\WINDOWS\system32\CTSvcCDA.EXE
C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\MsPMSPSv.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\Maxtor\OneTouch\utils\Onetouch.exe
C:\PROGRA~1\Dantz\RETROS~1\RetroExpress.exe
C:\Program Files\Common Files\PCSuite\DataLayer\DataLayer.exe
C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe
C:\WINDOWS\system32\CAPRPCSK.EXE
C:\dfndra.exe
C:\nwnm.exe
C:\Program Files\ipwins\ipwins.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\WINDOWS\NCLAUNCH.EXe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe
C:\Program Files\Common Files\svchostsys\svchostsys.exe
C:\WINDOWS\system32\spool\drivers\w32x86\3\CAPPSWK.EXE
C:\PROGRA~1\COMMON~1\PCSuite\Services\SERVIC~1.EXE
C:\WINDOWS\system32\taskmgr.exe
C:\Program Files\OpenOffice.org 2.0\program\soffice.exe
C:\Program Files\OpenOffice.org 2.0\program\soffice.BIN
C:\WINDOWS\system32\spool\drivers\w32x86\3\CAPPSWK.EXE
C:\Program Files\Windows NT\whypertrm.exe
C:\WINDOWS\system32\wuauclt.exe
C:\PROGRA~1\COMMON~1\Nokia\MPAPI\MPAPI3s.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\PROGRA~1\Dantz\RETROS~1\retrospect.exe
C:\PROGRA~1\Dantz\RETROS~1\retrorun.exe
C:\WINDOWS\system32\dumprep.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\PROGRA~1\MOZILL~1\FIREFOX.EXE
C:\WINDOWS\system32\dumprep.exe
D:\HijackThis_v1.99.1.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://searchbar.findthewebsiteyouneed.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://searchbar.findthewebsiteyouneed.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://searchbar.findthewebsiteyouneed.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.findthewebsiteyouneed.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://searchbar.findthewebsiteyouneed.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://searchbar.findthewebsiteyouneed.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Linkit
R3 - Default URLSearchHook is missing
F2 - REG:system.ini: UserInit=userinit.exe
O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\MSN Toolbar\01.02.5000.1021\fi\msntb.dll (file missing)
O3 - Toolbar: ToolBar888 - {0E1230F8-EA50-42A9-983C-D22ABC2EED3B} - C:\Program Files\ToolBar888\MyToolBar.dll
O4 - HKLM\..\Run: [SiSUSBRG] C:\WINDOWS\SiSUSBrg.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [CAPON] C:\WINDOWS\system32\Spool\Drivers\w32x86\3\CAPONN.EXE
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [Creative WebCam Tray] C:\Program Files\Creative\Shared Files\CAMTRAY.EXE
O4 - HKLM\..\Run: [PinnacleDriverCheck] C:\WINDOWS\system32\PSDrvCheck.exe -CheckReg
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" runtime -Delay
O4 - HKLM\..\Run: [MaxtorOneTouch] C:\Program Files\Maxtor\OneTouch\utils\Onetouch.exe
O4 - HKLM\..\Run: [RetroExpress] C:\PROGRA~1\Dantz\RETROS~1\RetroExpress.exe /h
O4 - HKLM\..\Run: [DataLayer] C:\Program Files\Common Files\PCSuite\DataLayer\DataLayer.exe
O4 - HKLM\..\Run: [PCSuiteTrayApplication] C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe -onlytray
O4 - HKLM\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033
O4 - HKLM\..\Run: [PWRISOVM.EXE] G:\PowerISO\PWRISOVM.EXE
O4 - HKLM\..\Run: [outlook] C:\Program Files\outlook\outlook.exe /auto
O4 - HKLM\..\Run: [winlog] winlog.exe
O4 - HKLM\..\Run: [keyboard] C:\\kybrd.exe
O4 - HKLM\..\Run: [defender] C:\\dfndra.exe
O4 - HKLM\..\Run: [newname] C:\\nwnm.exe
O4 - HKLM\..\Run: [IpWins] C:\Program Files\ipwins\ipwins.exe
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\RunServices: [winlog] winlog.exe
O4 - HKCU\..\Run: [NCLaunch] C:\WINDOWS\NCLAUNCH.EXe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [Steam] "f:\games\steam.exe" -silent
O4 - HKCU\..\Run: [TypingSatellite] "C:\Program Files\TypingMaster\KBOOST.EXE"
O4 - HKCU\..\Run: [NBJ] "C:\Program Files\Ahead\Nero BackItUp\NBJ.exe"
O4 - HKCU\..\Run: [PcSync] C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog
O4 - HKCU\..\Run: [sys_up1] C:\Program Files\Common Files\svchostsys\svchostsys.exe
O4 - HKCU\..\Run: [Eauo] "C:\PROGRA~1\COMMON~1\CROSOF~1.NET\chkdsk.exe" -vt yazr
O4 - HKCU\..\Run: [Byaxb] C:\DOCUME~1\Joni\APPLIC~1\ICROSO~1\MCONFI~1.EXE
O4 - Startup: OpenOffice.org 2.0.lnk = C:\Program Files\OpenOffice.org 2.0\program\quickstart.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Canon LBP-810 tilaikkuna.LNK = C:\WINDOWS\system32\spool\drivers\w32x86\3\CAPPSWK.EXE
O8 - Extra context menu item: &MyToolBar Search - res://C:\Program Files\ToolBar888\MyToolBar.dll/MENUSEARCH.HTM
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: Lukutulkki - {B66541E2-E167-4084-8E77-68CA13C4B3B8} - C:\Program Files\NetClickup\Lukutulkki\Lutu.dll (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab31267.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O20 - Winlogon Notify: Setup - C:\WINDOWS\system32\cErds.dll (file missing)
O23 - Service: Avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Avast! Antivirus - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: Avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: Avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: C-DillaSrv - C-Dilla Ltd - C:\WINDOWS\system32\DRIVERS\CDANTSRV.EXE
O23 - Service: Command Service (cmdService) - Unknown owner - C:\WINDOWS\Sm9uaSBUdW9taW5lbg\command.exe (file missing)
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTSvcCDA.EXE
O23 - Service: EPSON Printer Status Agent2 (EPSONStatusAgent2) - SEIKO EPSON CORPORATION - C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Network Monitor - Unknown owner - C:\Program Files\Network Monitor\netmon.exe (file missing)
O23 - Service: Retrospect Express HD Launcher (RetroExpLauncher) - Dantz Development Corporation - C:\PROGRA~1\Dantz\RETROS~1\retrorun.exe

...nyt kun olen ensin kirjautunut omaan windows tiliini niin joku ohjelma lähtee ensin käyntiin sen jälkeen Avast varoittaa viruksista..ja uusia ohjelmia on itsestään lataantunut koneelleni : drndra.exe, nwnm.exe, kybrd.exe, ipwins, snowball wars, toolbar888 ja network monitor.
[ + lainaa]
-kemisti-
AfterDawn Addict
_ 		23. kesäkuuta 2006 @ 08:47 _ Linkki tähän viestiin    Lähetä käyttäjälle yksityisviesti   
Poista ohjauspaneelista (lisää/poista sovellus):

Toolbar888

Fixaa HjT:llä (do a system scan only, merkkaa ja paina fix checked):

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://searchbar.findthewebsiteyouneed.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://searchbar.findthewebsiteyouneed.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://searchbar.findthewebsiteyouneed.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.findthewebsiteyouneed.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://searchbar.findthewebsiteyouneed.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://searchbar.findthewebsiteyouneed.com
R3 - Default URLSearchHook is missing
O3 - Toolbar: ToolBar888 - {0E1230F8-EA50-42A9-983C-D22ABC2EED3B} - C:\Program Files\ToolBar888\MyToolBar.dll
O20 - Winlogon Notify: Setup - C:\WINDOWS\system32\cErds.dll (file missing)
O23 - Service: Command Service (cmdService) - Unknown owner - C:\WINDOWS\Sm9uaSBUdW9taW5lbg\command.exe (file missing)
O23 - Service: Network Monitor - Unknown owner - C:\Program Files\Network Monitor\netmon.exe (file missing)

Mene käynnistä -> suorita
Kirjoita sc stop cmdService ja klikkaa ok
sitten sc delete cmdService ja klikkaa ok
sitten sc stop "Network Monitor" ja klikkaa ok
sitten sc delete "Network Monitor" ja klikkaa ok

Etsi lisää/poista sovelluksesta PuritySCAN By OIN, OuterInfo, OIN, Snowball wars by OIN tai ohjelma jolla samantapainen nimi , ja poista sen asennus.

Käynnistä uudelleen ja poista tämä hakemisto, jos löytyy
C:\Program Files\PurityScan

Jos ohjelmaa ei löydy, lataa ja aja tämä
http://www.outerinfo.com/OiUninstaller.exe
Uninstaller

http://www.outerinfo.com/howto.html
Ohje englanniksi uninstallerin käyttöön, jos tarvis

Käynnistä uudelleen ja poista tämä hakemisto, jos löytyy
C:\Program Files\PurityScan

Poista myös nämä:

C:\WINDOWS\Sm9uaSBUdW9taW5lbg
C:\Program Files\Network Monitor
C:\Program Files\ToolBar888


Lataa tuosta http://www.merijn.org/files/bfu.zip Brute Force Uninstaller työpöydällesi.
[*]Oikea-klikkaa BFU zippiä työpöydälläsi, ja valitse Pura kaikki.
[*]Klikkaa "Seuraava"
[*]Boksissa missä valita mihin haluat tiedostot purkaa,
[*]Klikkaa "Selaa"
[*]Klikkaa + merkkiä oman tietokoneen vieressä
[*]Klikkaa "Paikallinen Levy (C:)" tai mikä sinun tärkein levysi onkin
[*]Klikkaa "Tee uusi kansio"
[*]Kirjoita BFU
[*]Klikkaa "Seuraava", ja ÄLÄ rastita boksia "Näytä puretut tiedostot" ja klikkaa "Valmis".
OIKEA-KLIKKAA TÄSTÄ -> http://metallica.geekstogo.com/alcanshorty.bfu ja valitse "Save As" (Explorerissa "Save Target As") ladataksesi Alcra PLUS Poistajan.
Tallenna se samaan kansioon jonka teit aiemmin (c:\BFU).

Älä tee mitään tällä vielä!

Käynnistä koneesi vikasietotilaan naputtamalla F8 näppäintä käynnistyksen yhteydessä.

Klikkaa Käynnistä > Oma tietokone ja navigoi C:\BFU kansioon.
[*] Käynnistä Brute Force Uninstaller tupla-klikkaamalla BFU.exe
[*] Scriptline to execute kentässä kirjoita tai liitä c:\bfu\alcanshorty.bfu
[*] Klikkaa Execute ja anna sen tehdä työnsä. (Sinun pitäisi nähdä edistyspalkki jos teit tämän oikein.)
[*]Odota Complete script execution boksia ja klikkaa OK.
[*]Klikkaa exit lopettaaksesi Brute Force Uninstallerin.

Käynnistä normaalisti uudelleen ja postita tuore HijackThis logi.
[ + lainaa]

Viestiä on muokattu lähettämisen jälkeen. Viimeisin muokkaus 23. kesäkuuta 2006 @ 08:48
_kerkko_
Suspended due to non-functional email address
_ 		23. kesäkuuta 2006 @ 11:02 _ Linkki tähän viestiin    Lähetä käyttäjälle yksityisviesti   
tässä nyt uusin logfile:

Logfile of HijackThis v1.99.1
Scan saved at 14:56:25, on 23.6.2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\DRIVERS\CDANTSRV.EXE
C:\WINDOWS\system32\CTSvcCDA.EXE
C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\MsPMSPSv.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\CAPRPCSK.EXE
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\Maxtor\OneTouch\utils\Onetouch.exe
C:\PROGRA~1\Dantz\RETROS~1\RetroExpress.exe
C:\Program Files\Common Files\PCSuite\DataLayer\DataLayer.exe
C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\WINDOWS\NCLAUNCH.EXe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe
C:\PROGRA~1\COMMON~1\PCSuite\Services\SERVIC~1.EXE
C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
C:\WINDOWS\system32\spool\drivers\w32x86\3\CAPPSWK.EXE
C:\WINDOWS\system32\spool\drivers\w32x86\3\CAPPSWK.EXE
C:\PROGRA~1\COMMON~1\Nokia\MPAPI\MPAPI3s.exe
C:\Program Files\OpenOffice.org 2.0\program\soffice.exe
C:\Program Files\OpenOffice.org 2.0\program\soffice.BIN
C:\PROGRA~1\Dantz\RETROS~1\retrospect.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\PROGRA~1\Dantz\RETROS~1\retrorun.exe
D:\HijackThis_v1.99.1.exe

F2 - REG:system.ini: UserInit=userinit.exe
O4 - HKLM\..\Run: [SiSUSBRG] C:\WINDOWS\SiSUSBrg.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [CAPON] C:\WINDOWS\system32\Spool\Drivers\w32x86\3\CAPONN.EXE
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [Creative WebCam Tray] C:\Program Files\Creative\Shared Files\CAMTRAY.EXE
O4 - HKLM\..\Run: [PinnacleDriverCheck] C:\WINDOWS\system32\PSDrvCheck.exe -CheckReg
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" runtime -Delay
O4 - HKLM\..\Run: [MaxtorOneTouch] C:\Program Files\Maxtor\OneTouch\utils\Onetouch.exe
O4 - HKLM\..\Run: [RetroExpress] C:\PROGRA~1\Dantz\RETROS~1\RetroExpress.exe /h
O4 - HKLM\..\Run: [DataLayer] C:\Program Files\Common Files\PCSuite\DataLayer\DataLayer.exe
O4 - HKLM\..\Run: [PCSuiteTrayApplication] C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe -onlytray
O4 - HKLM\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033
O4 - HKLM\..\Run: [PWRISOVM.EXE] G:\PowerISO\PWRISOVM.EXE
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKCU\..\Run: [NCLaunch] C:\WINDOWS\NCLAUNCH.EXe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [Steam] "f:\games\steam.exe" -silent
O4 - HKCU\..\Run: [TypingSatellite] "C:\Program Files\TypingMaster\KBOOST.EXE"
O4 - HKCU\..\Run: [NBJ] "C:\Program Files\Ahead\Nero BackItUp\NBJ.exe"
O4 - HKCU\..\Run: [PcSync] C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog
O4 - HKCU\..\Run: [Eauo] "C:\PROGRA~1\COMMON~1\CROSOF~1.NET\chkdsk.exe" -vt yazr
O4 - HKCU\..\Run: [Byaxb] C:\DOCUME~1\Joni\APPLIC~1\ICROSO~1\MCONFI~1.EXE
O4 - Startup: OpenOffice.org 2.0.lnk = C:\Program Files\OpenOffice.org 2.0\program\quickstart.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Canon LBP-810 tilaikkuna.LNK = C:\WINDOWS\system32\spool\drivers\w32x86\3\CAPPSWK.EXE
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: Lukutulkki - {B66541E2-E167-4084-8E77-68CA13C4B3B8} - C:\Program Files\NetClickup\Lukutulkki\Lutu.dll (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab31267.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O23 - Service: Avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Avast! Antivirus - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: Avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: Avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: C-DillaSrv - C-Dilla Ltd - C:\WINDOWS\system32\DRIVERS\CDANTSRV.EXE
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTSvcCDA.EXE
O23 - Service: EPSON Printer Status Agent2 (EPSONStatusAgent2) - SEIKO EPSON CORPORATION - C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Retrospect Express HD Launcher (RetroExpLauncher) - Dantz Development Corporation - C:\PROGRA~1\Dantz\RETROS~1\retrorun.exe
Quote:
Käynnistä uudelleen ja poista tämä hakemisto, jos löytyy
C:\Program Files\PurityScan

Jos ohjelmaa ei löydy, lataa ja aja tämä
http://www.outerinfo.com/OiUninstaller.exe
Uninstaller

http://www.outerinfo.com/howto.html
Ohje englanniksi uninstallerin käyttöön, jos tarvis

Käynnistä uudelleen ja poista tämä hakemisto, jos löytyy
C:\Program Files\PurityScan

Poista myös nämä:

C:\WINDOWS\Sm9uaSBUdW9taW5lbg
tämä vaihe ei onnistunut kun ei tuo oiunistaller lähde kaksois klikkaamalla käyntiin mitenkään. nyt c asemalta poistui muutama kansio itsestään mutta tuli uusi tilalle: bintheredunthat -niminen.
[ + lainaa]
-kemisti-
AfterDawn Addict
_ 		23. kesäkuuta 2006 @ 11:17 _ Linkki tähän viestiin    Lähetä käyttäjälle yksityisviesti   
Se kansio on ok, liittyy tuohon bfu:hun :) Siellä on varmuuskopioita
poistetuista jutuista.

Tossa osa skriptistä:

OptionSetStatus Trying heuristics
FolderCreate %SYSTEMDRIVE%\bintheredunthat
FileMove %WINDIR%\win*-*.exe|%SYSTEMDRIVE%\bintheredunthat
FileMoveIfContainsHex %SYSTEMDRIVE%\*.exe|%SYSTEMDRIVE%\bintheredunthat|2E,00,6E,00,6F,00,00,00,08,00,00,00,6E,00,61,00,6D,00,65,00,00,00,00,00,0A,00,00,00,66,00,6F,00
FileMoveIfContainsHex %SYSTEMDRIVE%\*.exe|%SYSTEMDRIVE%\bintheredunthat|2E,00,6E,00,6F,00,00,00,06,00,00,00,6E,00,61,00,6D,00,00,00,0A,00,00,00,65,00,66,00,6F,00
FileMoveIfContainsHex %SYSTEMDRIVE%\*.exe|%SYSTEMDRIVE%\bintheredunthat|2E,00,6E,00,00,00,10,00,00,00,6F,00,6E,00,61,00,6D,00,65,00,66,00,6F,00,72,00,00,00,00,00,10,00
FileMoveIfContainsHex %WINDIR%\*.exe|%SYSTEMDRIVE%\bintheredunthat|53,00,79,00,73,00,4D,00,6F,00,6E,00,2E,00,65,00,78,00,65
FileMoveIfContainsText %SYSTEMDRIVE%\*.exe|%SYSTEMDRIVE%\bintheredunthat|WebBrowser1
FileMoveIfContainsText %SYSTEMDRIVE%\*.exe|%SYSTEMDRIVE%\bintheredunthat|Project1
FileMoveIfContainsText %SYSTEMDRIVE%\*.exe|%SYSTEMDRIVE%\bintheredunthat|NSISu_.exe
FileMoveIfContainsHex %SYSTEMDRIVE%\w*.dll|%SYSTEMDRIVE%\bintheredunthat|61,63,32,2E,64,6C,6C,00,49,31,00,49,32
FileMoveIfContainsHex %SYSDIR%\w*.dll|%SYSTEMDRIVE%\bintheredunthat|61,63,32,2E,64,6C,6C,00,49,31,00,49,32

Ja tuo bfu-skripti poisti ne kansiot/tiedostot (olivat pöpöjä).

Fixaa nämä:

O4 - HKCU\..\Run: [Eauo] "C:\PROGRA~1\COMMON~1\CROSOF~1.NET\chkdsk.exe" -vt yazr
O4 - HKCU\..\Run: [Byaxb] C:\DOCUME~1\Joni\APPLIC~1\ICROSO~1\MCONFI~1.EXE

Hae,asenna ja päivitä ewido -> http://keskustelu.afterdawn.com/thread_view.cfm/269186

Käynnistä vikasietotilaan (F8 käynnistyksen yhteydessä)

Poista, jos löytyy:

C:\PROGRA~1\COMMON~1\CROSOF~1.NET
C:\DOCUME~1\Joni\APPLIC~1\ICROSO~1

Skannaa ewidolla, anna poistaa mitä löytää ja tallenna raportti.

Käynnistä uudelleen ja lähetä ewidon raportti ja uusi HjT-loki.
[ + lainaa]

Viestiä on muokattu lähettämisen jälkeen. Viimeisin muokkaus 23. kesäkuuta 2006 @ 11:22
_kerkko_
Suspended due to non-functional email address
_ 		23. kesäkuuta 2006 @ 13:00 _ Linkki tähän viestiin    Lähetä käyttäjälle yksityisviesti   
Logfile of HijackThis v1.99.1
Scan saved at 16:54:20, on 23.6.2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\DRIVERS\CDANTSRV.EXE
C:\WINDOWS\system32\CTSvcCDA.EXE
C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe
G:\Ewido anti-spyware\ewido anti-spyware 4.0\guard.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\MsPMSPSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\CAPRPCSK.EXE
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\Maxtor\OneTouch\utils\Onetouch.exe
C:\PROGRA~1\Dantz\RETROS~1\RetroExpress.exe
C:\Program Files\Common Files\PCSuite\DataLayer\DataLayer.exe
C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\PROGRA~1\COMMON~1\PCSuite\Services\SERVIC~1.EXE
G:\Ewido anti-spyware\ewido anti-spyware 4.0\ewido.exe
C:\WINDOWS\NCLAUNCH.EXe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe
C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
C:\WINDOWS\system32\spool\drivers\w32x86\3\CAPPSWK.EXE
C:\WINDOWS\system32\spool\drivers\w32x86\3\CAPPSWK.EXE
C:\PROGRA~1\COMMON~1\Nokia\MPAPI\MPAPI3s.exe
C:\Program Files\OpenOffice.org 2.0\program\soffice.exe
C:\Program Files\OpenOffice.org 2.0\program\soffice.BIN
C:\PROGRA~1\Dantz\RETROS~1\retrospect.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\PROGRA~1\MOZILL~1\FIREFOX.EXE
C:\PROGRA~1\Dantz\RETROS~1\retrorun.exe
D:\HijackThis_v1.99.1.exe

F2 - REG:system.ini: UserInit=userinit.exe
O4 - HKLM\..\Run: [SiSUSBRG] C:\WINDOWS\SiSUSBrg.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [CAPON] C:\WINDOWS\system32\Spool\Drivers\w32x86\3\CAPONN.EXE
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [Creative WebCam Tray] C:\Program Files\Creative\Shared Files\CAMTRAY.EXE
O4 - HKLM\..\Run: [PinnacleDriverCheck] C:\WINDOWS\system32\PSDrvCheck.exe -CheckReg
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" runtime -Delay
O4 - HKLM\..\Run: [MaxtorOneTouch] C:\Program Files\Maxtor\OneTouch\utils\Onetouch.exe
O4 - HKLM\..\Run: [RetroExpress] C:\PROGRA~1\Dantz\RETROS~1\RetroExpress.exe /h
O4 - HKLM\..\Run: [DataLayer] C:\Program Files\Common Files\PCSuite\DataLayer\DataLayer.exe
O4 - HKLM\..\Run: [PCSuiteTrayApplication] C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe -onlytray
O4 - HKLM\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033
O4 - HKLM\..\Run: [PWRISOVM.EXE] G:\PowerISO\PWRISOVM.EXE
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [!ewido] "G:\Ewido anti-spyware\ewido anti-spyware 4.0\ewido.exe" /minimized
O4 - HKCU\..\Run: [NCLaunch] C:\WINDOWS\NCLAUNCH.EXe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [Steam] "f:\games\steam.exe" -silent
O4 - HKCU\..\Run: [TypingSatellite] "C:\Program Files\TypingMaster\KBOOST.EXE"
O4 - HKCU\..\Run: [NBJ] "C:\Program Files\Ahead\Nero BackItUp\NBJ.exe"
O4 - HKCU\..\Run: [PcSync] C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog
O4 - Startup: OpenOffice.org 2.0.lnk = C:\Program Files\OpenOffice.org 2.0\program\quickstart.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Canon LBP-810 tilaikkuna.LNK = C:\WINDOWS\system32\spool\drivers\w32x86\3\CAPPSWK.EXE
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: Lukutulkki - {B66541E2-E167-4084-8E77-68CA13C4B3B8} - C:\Program Files\NetClickup\Lukutulkki\Lutu.dll (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab31267.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O23 - Service: Avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Avast! Antivirus - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: Avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: Avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: C-DillaSrv - C-Dilla Ltd - C:\WINDOWS\system32\DRIVERS\CDANTSRV.EXE
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTSvcCDA.EXE
O23 - Service: EPSON Printer Status Agent2 (EPSONStatusAgent2) - SEIKO EPSON CORPORATION - C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe
O23 - Service: ewido anti-spyware 4.0 guard - Anti-Malware Development a.s. - G:\Ewido anti-spyware\ewido anti-spyware 4.0\guard.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Retrospect Express HD Launcher (RetroExpLauncher) - Dantz Development Corporation - C:\PROGRA~1\Dantz\RETROS~1\retrorun.exe
.
.
.
ja tässä ewido logi

---------------------------------------------------------
ewido anti-spyware - Scan Report
---------------------------------------------------------

+ Created at: 16:42:26 23.6.2006

+ Scan result:



C:\Program Files\Tcl\license.exe -> Adware.Agent : Cleaned with backup (quarantined).
C:\Program Files\Common Files\Real\WeatherBug\MiniBugTransporter.dll -> Adware.Minibug : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Clickspring -> Adware.PurityScan : Cleaned with backup (quarantined).
C:\WINDOWS\system32\mkls.dll -> Adware.RK : Cleaned with backup (quarantined).
C:\WINDOWS\system32\rlls.dll -> Adware.RK : Cleaned with backup (quarantined).
C:\Program Files\Common Files\svchostsys\svchostsys.exe -> Downloader.Small : Cleaned with backup (quarantined).
C:\Program Files\Common Files\svchostsys\svchostupdate.exe -> Downloader.Small : Cleaned with backup (quarantined).
C:\Documents and Settings\Joni\Local Settings\Temporary Internet Files\Content.IE5\8H2ZKX2B\MTE3NDI6ODoxNg[1].exe -> Downloader.Small.buy : Cleaned.
C:\WINDOWS\MTE3NDI6ODoxNg.exe -> Downloader.Small.buy : Cleaned.
C:\Documents and Settings\Joni\Local Settings\Temporary Internet Files\Content.IE5\8H2ZKX2B\stub_113_4_0_4_0[1].exe -> Downloader.TSUpdate.o : Cleaned with backup (quarantined).
C:\bintheredunthat\nwnm.exe -> Hijacker.VB.fb : Cleaned.
:mozilla.14:C:\Documents and Settings\Vieras\Application Data\Mozilla\Firefox\Profiles\gecj4ux0.default\cookies.txt -> TrackingCookie.247realmedia : Cleaned.
:mozilla.15:C:\Documents and Settings\Vieras\Application Data\Mozilla\Firefox\Profiles\gecj4ux0.default\cookies.txt -> TrackingCookie.247realmedia : Cleaned.
:mozilla.60:C:\Documents and Settings\Joni\Application Data\Mozilla\Firefox\Profiles\h7h879s4.default\cookies.txt -> TrackingCookie.247realmedia : Cleaned.
:mozilla.6:C:\Documents and Settings\Joni\Application Data\Mozilla\Profiles\default\xbtrvbdp.slt\cookies.txt -> TrackingCookie.247realmedia : Cleaned.
:mozilla.25:C:\Documents and Settings\Joni\Application Data\Mozilla\Profiles\default\xbtrvbdp.slt\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.6:C:\Documents and Settings\Matti\Application Data\Mozilla\Profiles\default\ofn9qgdy.slt\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.95:C:\Documents and Settings\Matti\Application Data\Mozilla\Firefox\Profiles\679xu2k0.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.86:C:\Documents and Settings\Joni\Application Data\Mozilla\Firefox\Profiles\h7h879s4.default\cookies.txt -> TrackingCookie.Adocean : Cleaned.
:mozilla.87:C:\Documents and Settings\Joni\Application Data\Mozilla\Firefox\Profiles\h7h879s4.default\cookies.txt -> TrackingCookie.Adocean : Cleaned.
:mozilla.90:C:\Documents and Settings\Joni\Application Data\Mozilla\Firefox\Profiles\h7h879s4.default\cookies.txt -> TrackingCookie.Adocean : Cleaned.
:mozilla.91:C:\Documents and Settings\Joni\Application Data\Mozilla\Firefox\Profiles\h7h879s4.default\cookies.txt -> TrackingCookie.Adocean : Cleaned.
:mozilla.10:C:\Documents and Settings\Joni\Application Data\Mozilla\Profiles\default\xbtrvbdp.slt\cookies.txt -> TrackingCookie.Adtech : Cleaned.
:mozilla.11:C:\Documents and Settings\Joni\Application Data\Mozilla\Profiles\default\xbtrvbdp.slt\cookies.txt -> TrackingCookie.Adtech : Cleaned.
:mozilla.56:C:\Documents and Settings\Matti\Application Data\Mozilla\Firefox\Profiles\679xu2k0.default\cookies.txt -> TrackingCookie.Adtech : Cleaned.
:mozilla.57:C:\Documents and Settings\Matti\Application Data\Mozilla\Firefox\Profiles\679xu2k0.default\cookies.txt -> TrackingCookie.Adtech : Cleaned.
:mozilla.73:C:\Documents and Settings\Joni\Application Data\Mozilla\Firefox\Profiles\h7h879s4.default\cookies.txt -> TrackingCookie.Adtech : Cleaned.
:mozilla.74:C:\Documents and Settings\Joni\Application Data\Mozilla\Firefox\Profiles\h7h879s4.default\cookies.txt -> TrackingCookie.Adtech : Cleaned.
:mozilla.100:C:\Documents and Settings\Matti\Application Data\Mozilla\Firefox\Profiles\679xu2k0.default\cookies.txt -> TrackingCookie.Advertising : Cleaned.
:mozilla.13:C:\Documents and Settings\Vieras\Application Data\Mozilla\Firefox\Profiles\gecj4ux0.default\cookies.txt -> TrackingCookie.Advertising : Cleaned.
:mozilla.16:C:\Documents and Settings\Vieras\Application Data\Mozilla\Firefox\Profiles\gecj4ux0.default\cookies.txt -> TrackingCookie.Advertising : Cleaned.
:mozilla.17:C:\Documents and Settings\Vieras\Application Data\Mozilla\Firefox\Profiles\gecj4ux0.default\cookies.txt -> TrackingCookie.Advertising : Cleaned.
:mozilla.18:C:\Documents and Settings\Vieras\Application Data\Mozilla\Firefox\Profiles\gecj4ux0.default\cookies.txt -> TrackingCookie.Advertising : Cleaned.
:mozilla.19:C:\Documents and Settings\Vieras\Application Data\Mozilla\Firefox\Profiles\gecj4ux0.default\cookies.txt -> TrackingCookie.Advertising : Cleaned.
:mozilla.47:C:\Documents and Settings\Joni\Application Data\Mozilla\Firefox\Profiles\h7h879s4.default\cookies.txt -> TrackingCookie.Advertising : Cleaned.
:mozilla.48:C:\Documents and Settings\Joni\Application Data\Mozilla\Firefox\Profiles\h7h879s4.default\cookies.txt -> TrackingCookie.Advertising : Cleaned.
:mozilla.49:C:\Documents and Settings\Joni\Application Data\Mozilla\Firefox\Profiles\h7h879s4.default\cookies.txt -> TrackingCookie.Advertising : Cleaned.
:mozilla.168:C:\Documents and Settings\Matti\Application Data\Mozilla\Firefox\Profiles\679xu2k0.default\cookies.txt -> TrackingCookie.Adviva : Cleaned.
:mozilla.15:C:\Documents and Settings\Joni\Application Data\Mozilla\Firefox\Profiles\h7h879s4.default\cookies.txt -> TrackingCookie.Atdmt : Cleaned.
:mozilla.74:C:\Documents and Settings\Matti\Application Data\Mozilla\Firefox\Profiles\679xu2k0.default\cookies.txt -> TrackingCookie.Atdmt : Cleaned.
:mozilla.169:C:\Documents and Settings\Matti\Application Data\Mozilla\Firefox\Profiles\679xu2k0.default\cookies.txt -> TrackingCookie.Bfast : Cleaned.
:mozilla.177:C:\Documents and Settings\Matti\Application Data\Mozilla\Firefox\Profiles\679xu2k0.default\cookies.txt -> TrackingCookie.Bluestreak : Cleaned.
:mozilla.98:C:\Documents and Settings\Joni\Application Data\Mozilla\Firefox\Profiles\h7h879s4.default\cookies.txt -> TrackingCookie.Burstnet : Cleaned.
:mozilla.13:C:\Documents and Settings\Joni\Application Data\Mozilla\Profiles\default\xbtrvbdp.slt\cookies.txt -> TrackingCookie.Casalemedia : Cleaned.
:mozilla.14:C:\Documents and Settings\Joni\Application Data\Mozilla\Profiles\default\xbtrvbdp.slt\cookies.txt -> TrackingCookie.Casalemedia : Cleaned.
:mozilla.34:C:\Documents and Settings\Joni\Application Data\Mozilla\Firefox\Profiles\h7h879s4.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned.
:mozilla.35:C:\Documents and Settings\Joni\Application Data\Mozilla\Firefox\Profiles\h7h879s4.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned.
:mozilla.36:C:\Documents and Settings\Joni\Application Data\Mozilla\Firefox\Profiles\h7h879s4.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned.
:mozilla.37:C:\Documents and Settings\Joni\Application Data\Mozilla\Firefox\Profiles\h7h879s4.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned.
:mozilla.98:C:\Documents and Settings\Matti\Application Data\Mozilla\Firefox\Profiles\679xu2k0.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned.
:mozilla.17:C:\Documents and Settings\Joni\Application Data\Mozilla\Firefox\Profiles\h7h879s4.default\cookies.txt -> TrackingCookie.Cpvfeed : Cleaned.
:mozilla.51:C:\Documents and Settings\Anne\Application Data\Mozilla\Firefox\Profiles\679xu2k0.default\cookies.txt -> TrackingCookie.Doubleclick : Cleaned.
:mozilla.9:C:\Documents and Settings\Vieras\Application Data\Mozilla\Firefox\Profiles\gecj4ux0.default\cookies.txt -> TrackingCookie.Doubleclick : Cleaned.
:mozilla.133:C:\Documents and Settings\Matti\Application Data\Mozilla\Firefox\Profiles\679xu2k0.default\cookies.txt -> TrackingCookie.Estat : Cleaned.
:mozilla.125:C:\Documents and Settings\Matti\Application Data\Mozilla\Firefox\Profiles\679xu2k0.default\cookies.txt -> TrackingCookie.Fastclick : Cleaned.
:mozilla.50:C:\Documents and Settings\Joni\Application Data\Mozilla\Firefox\Profiles\h7h879s4.default\cookies.txt -> TrackingCookie.Fastclick : Cleaned.
:mozilla.51:C:\Documents and Settings\Joni\Application Data\Mozilla\Firefox\Profiles\h7h879s4.default\cookies.txt -> TrackingCookie.Fastclick : Cleaned.
:mozilla.52:C:\Documents and Settings\Joni\Application Data\Mozilla\Firefox\Profiles\h7h879s4.default\cookies.txt -> TrackingCookie.Fastclick : Cleaned.
:mozilla.53:C:\Documents and Settings\Joni\Application Data\Mozilla\Firefox\Profiles\h7h879s4.default\cookies.txt -> TrackingCookie.Fastclick : Cleaned.
:mozilla.123:C:\Documents and Settings\Matti\Application Data\Mozilla\Firefox\Profiles\679xu2k0.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned.
:mozilla.61:C:\Documents and Settings\Matti\Application Data\Mozilla\Firefox\Profiles\679xu2k0.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned.
:mozilla.170:C:\Documents and Settings\Matti\Application Data\Mozilla\Firefox\Profiles\679xu2k0.default\cookies.txt -> TrackingCookie.Mediaplex : Cleaned.
:mozilla.22:C:\Documents and Settings\Vieras\Application Data\Mozilla\Firefox\Profiles\gecj4ux0.default\cookies.txt -> TrackingCookie.Mediaplex : Cleaned.
C:\Documents and Settings\Joni\Cookies\joni@stats1.reliablestats[2].txt -> TrackingCookie.Reliablestats : Cleaned.
:mozilla.15:C:\Documents and Settings\Joni\Application Data\Mozilla\Profiles\default\xbtrvbdp.slt\cookies.txt -> TrackingCookie.Sexcounter : Cleaned.
:mozilla.16:C:\Documents and Settings\Joni\Application Data\Mozilla\Profiles\default\xbtrvbdp.slt\cookies.txt -> TrackingCookie.Sexcounter : Cleaned.
:mozilla.17:C:\Documents and Settings\Joni\Application Data\Mozilla\Profiles\default\xbtrvbdp.slt\cookies.txt -> TrackingCookie.Sexcounter : Cleaned.
:mozilla.18:C:\Documents and Settings\Joni\Application Data\Mozilla\Profiles\default\xbtrvbdp.slt\cookies.txt -> TrackingCookie.Sexcounter : Cleaned.
:mozilla.19:C:\Documents and Settings\Joni\Application Data\Mozilla\Profiles\default\xbtrvbdp.slt\cookies.txt -> TrackingCookie.Sexcounter : Cleaned.
:mozilla.20:C:\Documents and Settings\Joni\Application Data\Mozilla\Profiles\default\xbtrvbdp.slt\cookies.txt -> TrackingCookie.Sexcounter : Cleaned.
:mozilla.126:C:\Documents and Settings\Matti\Application Data\Mozilla\Firefox\Profiles\679xu2k0.default\cookies.txt -> TrackingCookie.Specificclick : Cleaned.
:mozilla.154:C:\Documents and Settings\Matti\Application Data\Mozilla\Firefox\Profiles\679xu2k0.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned.
:mozilla.155:C:\Documents and Settings\Matti\Application Data\Mozilla\Firefox\Profiles\679xu2k0.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned.
:mozilla.40:C:\Documents and Settings\Joni\Application Data\Mozilla\Profiles\default\xbtrvbdp.slt\cookies.txt -> TrackingCookie.Statcounter : Cleaned.
:mozilla.41:C:\Documents and Settings\Joni\Application Data\Mozilla\Profiles\default\xbtrvbdp.slt\cookies.txt -> TrackingCookie.Statcounter : Cleaned.
:mozilla.80:C:\Documents and Settings\Matti\Application Data\Mozilla\Firefox\Profiles\679xu2k0.default\cookies.txt -> TrackingCookie.Tacoda : Cleaned.
:mozilla.82:C:\Documents and Settings\Matti\Application Data\Mozilla\Firefox\Profiles\679xu2k0.default\cookies.txt -> TrackingCookie.Tacoda : Cleaned.
:mozilla.20:C:\Documents and Settings\Joni\Application Data\Mozilla\Firefox\Profiles\h7h879s4.default\cookies.txt -> TrackingCookie.Tradedoubler : Cleaned.
:mozilla.21:C:\Documents and Settings\Joni\Application Data\Mozilla\Firefox\Profiles\h7h879s4.default\cookies.txt -> TrackingCookie.Tradedoubler : Cleaned.
:mozilla.22:C:\Documents and Settings\Joni\Application Data\Mozilla\Firefox\Profiles\h7h879s4.default\cookies.txt -> TrackingCookie.Tradedoubler : Cleaned.
:mozilla.23:C:\Documents and Settings\Joni\Application Data\Mozilla\Firefox\Profiles\h7h879s4.default\cookies.txt -> TrackingCookie.Tradedoubler : Cleaned.
:mozilla.42:C:\Documents and Settings\Joni\Application Data\Mozilla\Profiles\default\xbtrvbdp.slt\cookies.txt -> TrackingCookie.Tradedoubler : Cleaned.
:mozilla.99:C:\Documents and Settings\Matti\Application Data\Mozilla\Firefox\Profiles\679xu2k0.default\cookies.txt -> TrackingCookie.Tradedoubler : Cleaned.
C:\Documents and Settings\Joni\Cookies\joni@tradedoubler[2].txt -> TrackingCookie.Tradedoubler : Cleaned.
:mozilla.176:C:\Documents and Settings\Matti\Application Data\Mozilla\Firefox\Profiles\679xu2k0.default\cookies.txt -> TrackingCookie.Tribalfusion : Cleaned.
:mozilla.43:C:\Documents and Settings\Joni\Application Data\Mozilla\Profiles\default\xbtrvbdp.slt\cookies.txt -> TrackingCookie.Tribalfusion : Cleaned.
:mozilla.99:C:\Documents and Settings\Joni\Application Data\Mozilla\Firefox\Profiles\h7h879s4.default\cookies.txt -> TrackingCookie.Tribalfusion : Cleaned.
:mozilla.164:C:\Documents and Settings\Matti\Application Data\Mozilla\Firefox\Profiles\679xu2k0.default\cookies.txt -> TrackingCookie.Webtrendslive : Cleaned.
:mozilla.165:C:\Documents and Settings\Matti\Application Data\Mozilla\Firefox\Profiles\679xu2k0.default\cookies.txt -> TrackingCookie.Webtrendslive : Cleaned.
:mozilla.46:C:\Documents and Settings\Joni\Application Data\Mozilla\Profiles\default\xbtrvbdp.slt\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned.
:mozilla.47:C:\Documents and Settings\Joni\Application Data\Mozilla\Profiles\default\xbtrvbdp.slt\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned.
C:\Documents and Settings\Joni\Cookies\joni@ad.yieldmanager[2].txt -> TrackingCookie.Yieldmanager : Cleaned.
:mozilla.127:C:\Documents and Settings\Matti\Application Data\Mozilla\Firefox\Profiles\679xu2k0.default\cookies.txt -> TrackingCookie.Zedo : Cleaned.
:mozilla.128:C:\Documents and Settings\Matti\Application Data\Mozilla\Firefox\Profiles\679xu2k0.default\cookies.txt -> TrackingCookie.Zedo : Cleaned.


::Report end

näitä ei löytynyt:Poista, jos löytyy:

C:\PROGRA~1\COMMON~1\CROSOF~1.NET
C:\DOCUME~1\Joni\APPLIC~1\ICROSO~1 , mutta mahtoikohan ewido poistaa.. lisäksi kun käynnistin koneeni uudelleen niin tuli tälläinen: .NET-Broadcastevent window.1.0.5000.0.4:cli.exe -sovellusvirhe.liittyykö toi jotenkin noihin viruksiin?
[ + lainaa]
Mainos
_ 		__
 
_
-kemisti-
AfterDawn Addict
_ 		23. kesäkuuta 2006 @ 13:04 _ Linkki tähän viestiin    Lähetä käyttäjälle yksityisviesti   
Lokit on ok. Error viittaa ATI:n ajureihin tms.

Kokeile käynnistää konetta ja katso, toistuuko tuo error.
[ + lainaa]
afterdawn.com > keskustelu > yleistä keskustelua tietokoneista > virukset ja haittaohjelmat > outo troijalainen iski
 

Apua ongelmiin: AfterDawnin keskustelualueet | AfterDawnin Vastaukset
Uutiset: IT-alan uutiset | Uutisia puhelimista
Musiikkia: MP3Lizard.com
Tuotearviot: Laitevertailu | Vertaa puhelimia | Vertaa kännykkäliittymiä
Pelit: Pelitiedostot, pelidemot ja trailerit
Ohjelmat: download.fi | AfterDawnin ohjelma-alueet
International: AfterDawn in English | Software downloads | Free, legal MP3s | AfterDawn på svenska
RSS -syötteet: AfterDawnin uutiset | Uusimmat ohjelmapäivitykset | Keskustelualueiden viestit
Tietoja: Tietoa AfterDawn Oy:stä | Mainosta sivuillamme | Sivuston käyttöehdot ja tietoja yksityisyydensuojasta
Ota yhteyttä: Lähetä palautetta | Ota yhteyttä mainosmyyntiimme
 
  © 1999-2025 AfterDawn Oy