|
kahden koneen HJT- loki, toinen koneista kaapattu???
|
|
|
Virus88
Member
|
20. maaliskuuta 2006 @ 13:53 |
Linkki tähän viestiin
|
KONE YKSI:
Logfile of HijackThis v1.99.1
Scan saved at 18:44:10, on 20.3.2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Sygate\SPF\smc.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\slserv.exe
C:\WINDOWS\System32\svchost.exe
C:\ATI-CPanel\atiptaxx.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S10IC2.EXE
C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
C:\Program Files\Winamp\winampa.exe
C:\Program Files\D-Tools\daemon.exe
C:\WINDOWS\system32\LVCOMSX.EXE
C:\Program Files\Logitech\Video\LogiTray.exe
C:\Program Files\MessengerPlus! 3\MsgPlus.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
C:\Program Files\FinePixViewer\QuickDCF.exe
C:\Program Files\Logitech\Video\FxSvr2.exe
C:\Program Files\ewido anti-malware\ewidoctrl.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Hijacthis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Linkit
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O4 - HKLM\..\Run: [ATIModeChange] Ati2mdxx.exe
O4 - HKLM\..\Run: [ATIPTA] C:\ATI-CPanel\atiptaxx.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [REGSHAVE] C:\Program Files\REGSHAVE\REGSHAVE.EXE /AUTORUN
O4 - HKLM\..\Run: [EPSON Stylus Photo R300 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S10IC2.EXE /P30 "EPSON Stylus Photo R300 Series" /O6 "USB001" /M "Stylus Photo R300"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe
O4 - HKLM\..\Run: [SmcService] C:\PROGRA~1\Sygate\SPF\smc.exe -startgui
O4 - HKLM\..\Run: [DAEMON Tools-1033] "C:\Program Files\D-Tools\daemon.exe" -lang 1033
O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\system32\LVCOMSX.EXE
O4 - HKLM\..\Run: [LogitechVideoRepair] C:\Program Files\Logitech\Video\ISStart.exe
O4 - HKLM\..\Run: [LogitechVideoTray] C:\Program Files\Logitech\Video\LogiTray.exe
O4 - HKLM\..\Run: [MessengerPlus3] "C:\Program Files\MessengerPlus! 3\MsgPlus.exe"
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [LDM] C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
O4 - HKCU\..\Run: [LogitechSoftwareUpdate] "C:\Program Files\Logitech\Video\ManifestEngine.exe" boot
O4 - Global Startup: Exif Launcher.lnk = C:\Program Files\FinePixViewer\QuickDCF.exe
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: Vie Microsoft E&xceliin - res://C:\PROGRA~1\MICROS~4\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {288C5F13-7E52-4ADA-A32E-F5BF9D125F99} - http://www.miniclip.com/supergerball/miniclipGameLoader.dll
O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab31267.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMessengerSetupDownloader.cab
O18 - Protocol: bw+0 - {957D8FDF-CF21-4907-BDC8-63D4EA6EBFD6} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw+0s - {957D8FDF-CF21-4907-BDC8-63D4EA6EBFD6} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw-0 - {957D8FDF-CF21-4907-BDC8-63D4EA6EBFD6} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw-0s - {957D8FDF-CF21-4907-BDC8-63D4EA6EBFD6} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw00 - {957D8FDF-CF21-4907-BDC8-63D4EA6EBFD6} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw00s - {957D8FDF-CF21-4907-BDC8-63D4EA6EBFD6} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw10 - {957D8FDF-CF21-4907-BDC8-63D4EA6EBFD6} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw10s - {957D8FDF-CF21-4907-BDC8-63D4EA6EBFD6} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw20 - {957D8FDF-CF21-4907-BDC8-63D4EA6EBFD6} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw20s - {957D8FDF-CF21-4907-BDC8-63D4EA6EBFD6} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw30 - {957D8FDF-CF21-4907-BDC8-63D4EA6EBFD6} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw30s - {957D8FDF-CF21-4907-BDC8-63D4EA6EBFD6} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw40 - {957D8FDF-CF21-4907-BDC8-63D4EA6EBFD6} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw40s - {957D8FDF-CF21-4907-BDC8-63D4EA6EBFD6} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw50 - {957D8FDF-CF21-4907-BDC8-63D4EA6EBFD6} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw50s - {957D8FDF-CF21-4907-BDC8-63D4EA6EBFD6} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw60 - {957D8FDF-CF21-4907-BDC8-63D4EA6EBFD6} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw60s - {957D8FDF-CF21-4907-BDC8-63D4EA6EBFD6} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw70 - {957D8FDF-CF21-4907-BDC8-63D4EA6EBFD6} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw70s - {957D8FDF-CF21-4907-BDC8-63D4EA6EBFD6} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw80 - {957D8FDF-CF21-4907-BDC8-63D4EA6EBFD6} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw80s - {957D8FDF-CF21-4907-BDC8-63D4EA6EBFD6} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw90 - {957D8FDF-CF21-4907-BDC8-63D4EA6EBFD6} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw90s - {957D8FDF-CF21-4907-BDC8-63D4EA6EBFD6} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwa0 - {957D8FDF-CF21-4907-BDC8-63D4EA6EBFD6} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwa0s - {957D8FDF-CF21-4907-BDC8-63D4EA6EBFD6} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwb0 - {957D8FDF-CF21-4907-BDC8-63D4EA6EBFD6} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwb0s - {957D8FDF-CF21-4907-BDC8-63D4EA6EBFD6} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwc0 - {957D8FDF-CF21-4907-BDC8-63D4EA6EBFD6} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwc0s - {957D8FDF-CF21-4907-BDC8-63D4EA6EBFD6} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwd0 - {957D8FDF-CF21-4907-BDC8-63D4EA6EBFD6} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwd0s - {957D8FDF-CF21-4907-BDC8-63D4EA6EBFD6} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwe0 - {957D8FDF-CF21-4907-BDC8-63D4EA6EBFD6} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwe0s - {957D8FDF-CF21-4907-BDC8-63D4EA6EBFD6} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwf0 - {957D8FDF-CF21-4907-BDC8-63D4EA6EBFD6} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwf0s - {957D8FDF-CF21-4907-BDC8-63D4EA6EBFD6} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
O18 - Protocol: bwg0 - {957D8FDF-CF21-4907-BDC8-63D4EA6EBFD6} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwg0s - {957D8FDF-CF21-4907-BDC8-63D4EA6EBFD6} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwh0 - {957D8FDF-CF21-4907-BDC8-63D4EA6EBFD6} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwh0s - {957D8FDF-CF21-4907-BDC8-63D4EA6EBFD6} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwi0 - {957D8FDF-CF21-4907-BDC8-63D4EA6EBFD6} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwi0s - {957D8FDF-CF21-4907-BDC8-63D4EA6EBFD6} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwj0 - {957D8FDF-CF21-4907-BDC8-63D4EA6EBFD6} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwj0s - {957D8FDF-CF21-4907-BDC8-63D4EA6EBFD6} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwk0 - {957D8FDF-CF21-4907-BDC8-63D4EA6EBFD6} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwk0s - {957D8FDF-CF21-4907-BDC8-63D4EA6EBFD6} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwl0 - {957D8FDF-CF21-4907-BDC8-63D4EA6EBFD6} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwl0s - {957D8FDF-CF21-4907-BDC8-63D4EA6EBFD6} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwm0 - {957D8FDF-CF21-4907-BDC8-63D4EA6EBFD6} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwm0s - {957D8FDF-CF21-4907-BDC8-63D4EA6EBFD6} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwn0 - {957D8FDF-CF21-4907-BDC8-63D4EA6EBFD6} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwn0s - {957D8FDF-CF21-4907-BDC8-63D4EA6EBFD6} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwo0 - {957D8FDF-CF21-4907-BDC8-63D4EA6EBFD6} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwo0s - {957D8FDF-CF21-4907-BDC8-63D4EA6EBFD6} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwp0 - {957D8FDF-CF21-4907-BDC8-63D4EA6EBFD6} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwp0s - {957D8FDF-CF21-4907-BDC8-63D4EA6EBFD6} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwq0 - {957D8FDF-CF21-4907-BDC8-63D4EA6EBFD6} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwq0s - {957D8FDF-CF21-4907-BDC8-63D4EA6EBFD6} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwr0 - {957D8FDF-CF21-4907-BDC8-63D4EA6EBFD6} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwr0s - {957D8FDF-CF21-4907-BDC8-63D4EA6EBFD6} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bws0 - {957D8FDF-CF21-4907-BDC8-63D4EA6EBFD6} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bws0s - {957D8FDF-CF21-4907-BDC8-63D4EA6EBFD6} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwt0 - {957D8FDF-CF21-4907-BDC8-63D4EA6EBFD6} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwt0s - {957D8FDF-CF21-4907-BDC8-63D4EA6EBFD6} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwu0 - {957D8FDF-CF21-4907-BDC8-63D4EA6EBFD6} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwu0s - {957D8FDF-CF21-4907-BDC8-63D4EA6EBFD6} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwv0 - {957D8FDF-CF21-4907-BDC8-63D4EA6EBFD6} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwv0s - {957D8FDF-CF21-4907-BDC8-63D4EA6EBFD6} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bww0 - {957D8FDF-CF21-4907-BDC8-63D4EA6EBFD6} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bww0s - {957D8FDF-CF21-4907-BDC8-63D4EA6EBFD6} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwx0 - {957D8FDF-CF21-4907-BDC8-63D4EA6EBFD6} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwx0s - {957D8FDF-CF21-4907-BDC8-63D4EA6EBFD6} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwy0 - {957D8FDF-CF21-4907-BDC8-63D4EA6EBFD6} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwy0s - {957D8FDF-CF21-4907-BDC8-63D4EA6EBFD6} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwz0 - {957D8FDF-CF21-4907-BDC8-63D4EA6EBFD6} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwz0s - {957D8FDF-CF21-4907-BDC8-63D4EA6EBFD6} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O18 - Protocol: offline-8876480 - {957D8FDF-CF21-4907-BDC8-63D4EA6EBFD6} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O20 - Winlogon Notify: WRNotifier - WRLogonNTF.dll (file missing)
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido anti-malware\ewidoctrl.exe
O23 - Service: Norman API-hooking helper (NipSvc) - Unknown owner - C:\NORMAN\Nvc\BIN\nipsvc.exe (file missing)
O23 - Service: Norman NJeeves - Unknown owner - C:\Norman\bin\NJEEVES.EXE (file missing)
O23 - Service: Norman ZANDA - Unknown owner - C:\Norman\bin\ZANDA.EXE (file missing)
O23 - Service: SmartLinkService (SLService) - - C:\WINDOWS\SYSTEM32\slserv.exe
O23 - Service: Sygate Personal Firewall Pro (SmcService) - Sygate Technologies, Inc. - C:\Program Files\Sygate\SPF\smc.exe
Tuossa näyttäisi olevan vielä jotain Norman krääsää alku ajoilta eli ne voi vissiin poistaa turvallisesti?
KONE KAKSI:
Logfile of HijackThis v1.99.1
Scan saved at 18:50:04, on 20.3.2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Sygate\SPF\smc.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\Program Files\Power Manager\PM.exe
C:\WINDOWS\system32\VTtrayp.exe
C:\WINDOWS\system32\VTTimer.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\WINDOWS\AGRSMMSG.exe
C:\Program Files\Apoint2K\Apoint.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\MessengerPlus! 3\MsgPlus.exe
C:\WINDOWS\system32\LVCOMSX.EXE
C:\Program Files\Logitech\Video\LogiTray.exe
C:\Program Files\DAEMON Tools\daemon.exe
C:\Program Files\Unlocker\UnlockerAssistant.exe
C:\Program Files\Winamp\winampa.exe
C:\Program Files\QuickTime\qttask.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Apoint2K\Apntex.exe
C:\Program Files\Logitech\Video\FxSvr2.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\HiJackThis\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://windowsupdate.microsoft.com/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Linkit
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [ProgramPath] C:\Program Files\Power Manager\PM.exe
O4 - HKLM\..\Run: [VTTrayp] VTtrayp.exe
O4 - HKLM\..\Run: [VTTimer] VTTimer.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint2K\Apoint.exe
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [SmcService] C:\PROGRA~1\Sygate\SPF\smc.exe -startgui
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [MessengerPlus3] "C:\Program Files\MessengerPlus! 3\MsgPlus.exe"
O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\system32\LVCOMSX.EXE
O4 - HKLM\..\Run: [LogitechVideoRepair] C:\Program Files\Logitech\Video\ISStart.exe
O4 - HKLM\..\Run: [LogitechVideoTray] C:\Program Files\Logitech\Video\LogiTray.exe
O4 - HKLM\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033
O4 - HKLM\..\Run: [UnlockerAssistant] "C:\Program Files\Unlocker\UnlockerAssistant.exe"
O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [LogitechSoftwareUpdate] "C:\Program Files\Logitech\Video\ManifestEngine.exe" boot
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: Vie Microsoft E&xceliin - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {A8482EAF-A1F3-4934-AE3F-56EB195A50BF} (DeskUpdate - Activex Control) - http://support.fujitsu-siemens.de/DeskUpdate/isapi/activex.cab
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Sygate Personal Firewall Pro (SmcService) - Sygate Technologies, Inc. - C:\Program Files\Sygate\SPF\smc.exe
Tuossa koneessa Avast kävi huutamaan kaappausohjelmasta.
Eli onko tuo kone kaapattu?
|
Senior Member
|
20. maaliskuuta 2006 @ 16:38 |
Linkki tähän viestiin
|
Terve.
KONE 1:
Puhdas haittaohjelmista.
Nortonin jämät otetaan pois.
Avaa Muistio.
-> Kopioi seuraavat rivit siihen
sc stop NipSvc
sc delete NipSvc
sc stop NJeeves
sc delete NJeeves
sc stop ZANDA
sc delete ZANDA
Tallenna työpöydälle nimellä NormanPoisto.bat ja tallennusmuodoksi -> All Files
Mene työpöydälle, aja NormanPoisto.bat ja vastaa kylllä jos kysytään jotain.
KONE 2:
Lokin perusteella kone puhdas haittaohjelmista.
Lataa koneelle Ewido, asenna ja päivitä se. -> http://www.ewido.net/en/download/
Skannaa koneesi Ewidolla ja postita sen loki tänne
Molemmissa koneissa on paljon turhaan käynnistyviä ohjelmia. Haluatko että ne karsitaan pois muistin vapauttamiseksi ja käynnistyksen nopeuttamiseksi?
I have moved from AD, I won''t be taking new HijackThis logs from here. Reason: The AD''s Unsupportive athmosphere.
Viestiä on muokattu lähettämisen jälkeen. Viimeisin muokkaus 20. maaliskuuta 2006 @ 16:39
|
|
Virus88
Member
|
20. maaliskuuta 2006 @ 16:40 |
Linkki tähän viestiin
|
|
No mikä ettei jos vaan viitsitte katsoa. :)
Tuosta ewidosta vielä. miten tuo loki lähetetään ja mikä loki ku en ole ennen joutunu sitä lähettelee. ja pitääkö koneelle vetää ensin joku full system scannaus ennenku toi lähetetää?
Viestiä on muokattu lähettämisen jälkeen. Viimeisin muokkaus 20. maaliskuuta 2006 @ 16:51
|
Senior Member
|
20. maaliskuuta 2006 @ 16:51 |
Linkki tähän viestiin
|
Kun kerran nyt vauhtiin päästiin niin :)
Juu pitää ajaa Ewidolla skannaus ensin ja tässä ohjeet Ewidon käyttöön, siinä myös lokin lähetyksen ohje -> http://keskustelu.afterdawn.com/thread_view.cfm/269186
KONE1:
Jos et käytä Logitech Desktop Messengeriä, niin suosittelen että poistat sen kokonaan. Vapautuu muistia ja lokista tulee siistimpi.
Eli Ohjauspaneeli -> Lisää tai Poista sovellus -> etsi Logitech Desktop Messenger ja poista se
Sitten nämä muut turhat:
Käynnistä HijackThis, klikkaa do a system scan only ja merkkaa nämä rivit ja paina Fix checked:
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
O4 - HKLM\..\Run: [ATIModeChange] Ati2mdxx.exe
O4 - HKLM\..\Run: [ATIPTA] C:\ATI-CPanel\atiptaxx.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [REGSHAVE] C:\Program Files\REGSHAVE\REGSHAVE.EXE /AUTORUN
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe
O4 - HKLM\..\Run: [DAEMON Tools-1033] "C:\Program Files\D-Tools\daemon.exe" -lang 1033
O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\system32\LVCOMSX.EXE
O4 - HKLM\..\Run: [LogitechVideoRepair] C:\Program Files\Logitech\Video\ISStart.exe
O4 - HKLM\..\Run: [LogitechVideoTray] C:\Program Files\Logitech\Video\LogiTray.exe
O4 - HKLM\..\Run: [MessengerPlus3] "C:\Program Files\MessengerPlus! 3\MsgPlus.exe"
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [LDM] C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
O4 - HKCU\..\Run: [LogitechSoftwareUpdate] "C:\Program Files\Logitech\Video\ManifestEngine.exe" boot
O4 - Global Startup: Exif Launcher.lnk = C:\Program Files\FinePixViewer\QuickDCF.exe
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
KONE2:
Käynnistä HijackThis, klikkaa do a system scan only ja merkkaa nämä rivit ja paina Fix checked:
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [VTTrayp] VTtrayp.exe
O4 - HKLM\..\Run: [VTTimer] VTTimer.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint2K\Apoint.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [MessengerPlus3] "C:\Program Files\MessengerPlus! 3\MsgPlus.exe"
O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\system32\LVCOMSX.EXE
O4 - HKLM\..\Run: [LogitechVideoRepair] C:\Program Files\Logitech\Video\ISStart.exe
O4 - HKLM\..\Run: [LogitechVideoTray] C:\Program Files\Logitech\Video\LogiTray.exe
O4 - HKLM\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033
O4 - HKLM\..\Run: [UnlockerAssistant] "C:\Program Files\Unlocker\UnlockerAssistant.exe"
O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [LogitechSoftwareUpdate] "C:\Program Files\Logitech\Video\ManifestEngine.exe" boot
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
Varmaan nopeutuu käynnistykset =)
I have moved from AD, I won''t be taking new HijackThis logs from here. Reason: The AD''s Unsupportive athmosphere.
Viestiä on muokattu lähettämisen jälkeen. Viimeisin muokkaus 20. maaliskuuta 2006 @ 16:54
|
|
Virus88
Member
|
21. maaliskuuta 2006 @ 06:28 |
Linkki tähän viestiin
|
|
Juu no kysäsempä uudestaan ku en tiedä huomattiinko tuota tekstiä.
Tuosta ewidosta vielä. miten tuo loki lähetetään ja mikä loki ku en ole ennen joutunu sitä lähettelee. ja pitääkö koneelle vetää ensin joku full system scannaus ennenku toi lähetetää?
Ja sit olis toinen juttu. Ku molemmissa koneissa suoritinkäyttö on lähes 100% vaikka koneella ei välttis mitään tekisikään. Onko tuo normaalia?
|
Senior Member
|
21. maaliskuuta 2006 @ 07:36 |
Linkki tähän viestiin
|
ASAP & UNITE member since 2006
 |
Senior Member
|
21. maaliskuuta 2006 @ 11:34 |
Linkki tähän viestiin
|
Virus88: pistin kyllä tuon Ewidon ohjeen edelliseen viestiini =)
Tuo suoritinkäyttö 100%......
Lataa F-Secure BlackLight molempiin koneisiin työpöydälle -> http://www.europe.f-secure.com/exclude/blacklight/blbeta.exe
Skannaa koneet sillä. Älä uudelleennimeä mitään.
Lähetä sitten Blacklightin lokit tänne. (Tallentuu työpöydälle nimellä fsbl********.txt)
I have moved from AD, I won''t be taking new HijackThis logs from here. Reason: The AD''s Unsupportive athmosphere.
|
|
Virus88
Member
|
22. maaliskuuta 2006 @ 12:24 |
Linkki tähän viestiin
|
|
Juu nyt molempien koneiden suoritinkäyttö on tippunut. Heti ku nuo kohdat korjasi niin se auttoi vissiin asiaa. mutta tässä kyn on KONE 2 ewidon scan report.
---------------------------------------------------------
ewido anti-malware - Scan report
---------------------------------------------------------
+ Created on: 16:50:51, 22.3.2006
+ Report-Checksum: 7C0571B4
+ Scan result:
:mozilla.13:C:\Documents and Settings\Omistaja\Application Data\Mozilla\Firefox\Profiles\pnqitrtq.default\cookies.txt -> TrackingCookie.Doubleclick : Cleaned with backup
:mozilla.78:C:\Documents and Settings\Omistaja\Application Data\Mozilla\Firefox\Profiles\pnqitrtq.default\cookies.txt -> TrackingCookie.Revenue : Cleaned with backup
:mozilla.79:C:\Documents and Settings\Omistaja\Application Data\Mozilla\Firefox\Profiles\pnqitrtq.default\cookies.txt -> TrackingCookie.Revenue : Cleaned with backup
:mozilla.80:C:\Documents and Settings\Omistaja\Application Data\Mozilla\Firefox\Profiles\pnqitrtq.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned with backup
:mozilla.81:C:\Documents and Settings\Omistaja\Application Data\Mozilla\Firefox\Profiles\pnqitrtq.default\cookies.txt -> TrackingCookie.Revenue : Cleaned with backup
:mozilla.82:C:\Documents and Settings\Omistaja\Application Data\Mozilla\Firefox\Profiles\pnqitrtq.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned with backup
:mozilla.83:C:\Documents and Settings\Omistaja\Application Data\Mozilla\Firefox\Profiles\pnqitrtq.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned with backup
:mozilla.85:C:\Documents and Settings\Omistaja\Application Data\Mozilla\Firefox\Profiles\pnqitrtq.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned with backup
:mozilla.88:C:\Documents and Settings\Omistaja\Application Data\Mozilla\Firefox\Profiles\pnqitrtq.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned with backup
:mozilla.96:C:\Documents and Settings\Omistaja\Application Data\Mozilla\Firefox\Profiles\pnqitrtq.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned with backup
:mozilla.97:C:\Documents and Settings\Omistaja\Application Data\Mozilla\Firefox\Profiles\pnqitrtq.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned with backup
:mozilla.98:C:\Documents and Settings\Omistaja\Application Data\Mozilla\Firefox\Profiles\pnqitrtq.default\cookies.txt -> TrackingCookie.Tradedoubler : Cleaned with backup
:mozilla.99:C:\Documents and Settings\Omistaja\Application Data\Mozilla\Firefox\Profiles\pnqitrtq.default\cookies.txt -> TrackingCookie.Tradedoubler : Cleaned with backup
:mozilla.100:C:\Documents and Settings\Omistaja\Application Data\Mozilla\Firefox\Profiles\pnqitrtq.default\cookies.txt -> TrackingCookie.Tradedoubler : Cleaned with backup
:mozilla.107:C:\Documents and Settings\Omistaja\Application Data\Mozilla\Firefox\Profiles\pnqitrtq.default\cookies.txt -> TrackingCookie.Advertising : Cleaned with backup
:mozilla.108:C:\Documents and Settings\Omistaja\Application Data\Mozilla\Firefox\Profiles\pnqitrtq.default\cookies.txt -> TrackingCookie.Advertising : Cleaned with backup
:mozilla.120:C:\Documents and Settings\Omistaja\Application Data\Mozilla\Firefox\Profiles\pnqitrtq.default\cookies.txt -> TrackingCookie.Liveperson : Cleaned with backup
:mozilla.121:C:\Documents and Settings\Omistaja\Application Data\Mozilla\Firefox\Profiles\pnqitrtq.default\cookies.txt -> TrackingCookie.Liveperson : Cleaned with backup
:mozilla.131:C:\Documents and Settings\Omistaja\Application Data\Mozilla\Firefox\Profiles\pnqitrtq.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned with backup
:mozilla.132:C:\Documents and Settings\Omistaja\Application Data\Mozilla\Firefox\Profiles\pnqitrtq.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned with backup
:mozilla.133:C:\Documents and Settings\Omistaja\Application Data\Mozilla\Firefox\Profiles\pnqitrtq.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned with backup
:mozilla.137:C:\Documents and Settings\Omistaja\Application Data\Mozilla\Firefox\Profiles\pnqitrtq.default\cookies.txt -> TrackingCookie.Adtech : Cleaned with backup
:mozilla.138:C:\Documents and Settings\Omistaja\Application Data\Mozilla\Firefox\Profiles\pnqitrtq.default\cookies.txt -> TrackingCookie.Adtech : Cleaned with backup
:mozilla.148:C:\Documents and Settings\Omistaja\Application Data\Mozilla\Firefox\Profiles\pnqitrtq.default\cookies.txt -> TrackingCookie.Atdmt : Cleaned with backup
:mozilla.149:C:\Documents and Settings\Omistaja\Application Data\Mozilla\Firefox\Profiles\pnqitrtq.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned with backup
:mozilla.150:C:\Documents and Settings\Omistaja\Application Data\Mozilla\Firefox\Profiles\pnqitrtq.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned with backup
:mozilla.151:C:\Documents and Settings\Omistaja\Application Data\Mozilla\Firefox\Profiles\pnqitrtq.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned with backup
:mozilla.152:C:\Documents and Settings\Omistaja\Application Data\Mozilla\Firefox\Profiles\pnqitrtq.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned with backup
:mozilla.153:C:\Documents and Settings\Omistaja\Application Data\Mozilla\Firefox\Profiles\pnqitrtq.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned with backup
:mozilla.154:C:\Documents and Settings\Omistaja\Application Data\Mozilla\Firefox\Profiles\pnqitrtq.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned with backup
:mozilla.155:C:\Documents and Settings\Omistaja\Application Data\Mozilla\Firefox\Profiles\pnqitrtq.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned with backup
:mozilla.160:C:\Documents and Settings\Omistaja\Application Data\Mozilla\Firefox\Profiles\pnqitrtq.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup
:mozilla.162:C:\Documents and Settings\Omistaja\Application Data\Mozilla\Firefox\Profiles\pnqitrtq.default\cookies.txt -> TrackingCookie.Burstnet : Cleaned with backup
:mozilla.163:C:\Documents and Settings\Omistaja\Application Data\Mozilla\Firefox\Profiles\pnqitrtq.default\cookies.txt -> TrackingCookie.Tacoda : Cleaned with backup
:mozilla.164:C:\Documents and Settings\Omistaja\Application Data\Mozilla\Firefox\Profiles\pnqitrtq.default\cookies.txt -> TrackingCookie.Tacoda : Cleaned with backup
:mozilla.167:C:\Documents and Settings\Omistaja\Application Data\Mozilla\Firefox\Profiles\pnqitrtq.default\cookies.txt -> TrackingCookie.Falkag : Cleaned with backup
:mozilla.168:C:\Documents and Settings\Omistaja\Application Data\Mozilla\Firefox\Profiles\pnqitrtq.default\cookies.txt -> TrackingCookie.Mediaplex : Cleaned with backup
:mozilla.169:C:\Documents and Settings\Omistaja\Application Data\Mozilla\Firefox\Profiles\pnqitrtq.default\cookies.txt -> TrackingCookie.Clickbank : Cleaned with backup
:mozilla.170:C:\Documents and Settings\Omistaja\Application Data\Mozilla\Firefox\Profiles\pnqitrtq.default\cookies.txt -> TrackingCookie.Googleadservices : Cleaned with backup
:mozilla.181:C:\Documents and Settings\Omistaja\Application Data\Mozilla\Firefox\Profiles\pnqitrtq.default\cookies.txt -> TrackingCookie.Bluestreak : Cleaned with backup
:mozilla.192:C:\Documents and Settings\Omistaja\Application Data\Mozilla\Firefox\Profiles\pnqitrtq.default\cookies.txt -> TrackingCookie.Tribalfusion : Cleaned with backup
:mozilla.196:C:\Documents and Settings\Omistaja\Application Data\Mozilla\Firefox\Profiles\pnqitrtq.default\cookies.txt -> TrackingCookie.Questionmarket : Cleaned with backup
:mozilla.197:C:\Documents and Settings\Omistaja\Application Data\Mozilla\Firefox\Profiles\pnqitrtq.default\cookies.txt -> TrackingCookie.Questionmarket : Cleaned with backup
:mozilla.198:C:\Documents and Settings\Omistaja\Application Data\Mozilla\Firefox\Profiles\pnqitrtq.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned with backup
:mozilla.199:C:\Documents and Settings\Omistaja\Application Data\Mozilla\Firefox\Profiles\pnqitrtq.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned with backup
:mozilla.213:C:\Documents and Settings\Omistaja\Application Data\Mozilla\Firefox\Profiles\pnqitrtq.default\cookies.txt -> TrackingCookie.Onestat : Cleaned with backup
:mozilla.214:C:\Documents and Settings\Omistaja\Application Data\Mozilla\Firefox\Profiles\pnqitrtq.default\cookies.txt -> TrackingCookie.Onestat : Cleaned with backup
onko tuo oikea loki?
|
Senior Member
|
22. maaliskuuta 2006 @ 15:43 |
Linkki tähän viestiin
|
Oikea loki on ja hyvältä vaikuttaa. Varmistetaan kuitenkin ettei ole mitään piilossa....
Lataa F-Secure BlackLight molempiin koneisiin työpöydälle -> http://www.europe.f-secure.com/exclude/blacklight/blbeta.exe
Skannaa koneet sillä. Älä uudelleennimeä mitään.
Lähetä sitten Blacklightin lokit tänne. (Tallentuu työpöydälle nimellä fsbl********.txt)
I have moved from AD, I won''t be taking new HijackThis logs from here. Reason: The AD''s Unsupportive athmosphere.
|
|
Virus88
Member
|
22. maaliskuuta 2006 @ 16:27 |
Linkki tähän viestiin
|
|
Tässähän tämä
03/22/06 21:22:00 [Info]: BlackLight Engine 1.0.33 initialized
03/22/06 21:22:00 [Info]: OS: 5.1 build 2600 (Service Pack 2)
03/22/06 21:22:00 [Note]: 7019 4
03/22/06 21:22:00 [Note]: 7005 0
03/22/06 21:22:13 [Note]: 7006 0
03/22/06 21:22:13 [Note]: 7011 1716
03/22/06 21:22:14 [Note]: FSRAW library version 1.7.1015
03/22/06 21:24:33 [Note]: 7007 0
|
Senior Member
|
22. maaliskuuta 2006 @ 16:41 |
Linkki tähän viestiin
|
|
Puhdas on =)
I have moved from AD, I won''t be taking new HijackThis logs from here. Reason: The AD''s Unsupportive athmosphere.
|
|
Virus88
Member
|
22. maaliskuuta 2006 @ 16:46 |
Linkki tähän viestiin
|
|
Jeps :) kiitoksia vaivannäöstä kaikille :)
|
|
Mainos
|
|
|
Senior Member
|
22. maaliskuuta 2006 @ 17:00 |
Linkki tähän viestiin
|
|
Oleppa hyvä =)
I have moved from AD, I won''t be taking new HijackThis logs from here. Reason: The AD''s Unsupportive athmosphere.
|
