Hei jos jollakin sattuu olemaan aikaa, niin voisittekos tarkistaa mun lokini. Itse en oikein ymmärrä noista jutuista, joten näppärän näpyttelijän taitoja tarvitaan. Kone on takkuillu seilut pari viikkoa ja prosesseissa pyörii ohjelmia joita en ole ennen havainnut. Ainekaan Norman ei havaitse viruksia, matoja tai muitakaan pöpöjä. Eli tässä... Logfile of HijackThis v1.99.1 Scan saved at 12:07:14, on 10.5.2004 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\system32\hkcmd.exe C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb05.exe C:\Norman\bin\ZLH.EXE C:\Program Files\Common Files\Real\Update_OB\realsched.exe C:\Program Files\Java\jre1.5.0_04\bin\jusched.exe C:\WINDOWS\system32\ctfmon.exe C:\Norman\Npf\BIN\NPFSVICE.EXE C:\Norman\bin\ZANDA.EXE C:\WINDOWS\System32\tcpsvcs.exe C:\NORMAN\Nvc\BIN\nvcoas.exe C:\Norman\bin\NJEEVES.EXE C:\WINDOWS\system32\wscntfy.exe C:\Norman\Npf\BIN\npfmsg2.exe C:\Norman\Nvc\bin\cclaw.exe C:\WINDOWS\system32\wuauclt.exe C:\Documents and Settings\lelulaatikko\Työpöytä\Roinaa\HijackThis_v1.99.1.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://haku.soneraplaza.fi/haku/queryie5.jsp R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.utu.fi/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.soneraplaza.fi R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer - toimittaja Sonera Internet R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = proxy.dial.inet.fi:800 R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.fi;*.*.fi;*.*.*.fi;<local> R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Linkit R3 - URLSearchHook: (no name) - {00A6FAF6-072E-44cf-8957-5838F569A31D} - C:\Program Files\MyWebSearch\SrchAstt\1.bin\MWSSRCAS.DLL (file missing) O2 - BHO: MyWebSearch Search Assistant BHO - {00A6FAF1-072E-44cf-8957-5838F569A31D} - C:\Program Files\MyWebSearch\SrchAstt\1.bin\MWSSRCAS.DLL (file missing) O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx O2 - BHO: (no name) - {1BDD55B8-3985-4E59-B906-5E0AD56D6710} - (no file) O2 - BHO: REALBAR - {4E7BD74F-2B8D-469E-C0FF-FD60B590A87D} - C:\PROGRA~1\COMMON~1\Real\Toolbar\realbar.dll O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll O3 - Toolbar: REALBAR - {4E7BD74F-2B8D-469E-C0FF-FD60B590A87D} - C:\PROGRA~1\COMMON~1\Real\Toolbar\realbar.dll O3 - Toolbar: (no name) - {702AD576-FDDB-4d0f-9811-A43252064684} - (no file) O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb05.exe O4 - HKLM\..\Run: [Norman ZANDA] C:\Norman\bin\ZLH.EXE /LOAD /SPLASH O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot O4 - HKLM\..\Run: [Logitech Hardware Abstraction Layer] KHALMNPR.EXE O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_04\bin\jusched.exe O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar2.dll/cmsearch.html O8 - Extra context menu item: &Translate English Word - res://c:\program files\google\GoogleToolbar2.dll/cmwordtrans.html O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar2.dll/cmbacklinks.html O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar2.dll/cmcache.html O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar2.dll/cmsimilar.html O8 - Extra context menu item: Translate Page into English - res://c:\program files\google\GoogleToolbar2.dll/cmtrans.html O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O14 - IERESET.INF: START_PAGE_URL=http://www.soneraplaza.fi O16 - DPF: {001EE746-A1F9-460E-80AD-269E088D6A01} (Infotl Control) - http://ezproxy.utu.fi:2191/lib/uniturku/support/plugins/ebraryRdr.cab O16 - DPF: {1230CB21-C88D-11CF-B347-000000000000} - http://www.eingang69.de/EroticAccess/Cabs/1854003.cab O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204 O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} - http://ak.imgfarm.com/images/nocache/funwebproducts/ei/SmileyCentralFWBInitia lSetup1.0.0.15.cab O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_s ite.cab?1097235938296 O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb _site.cab?1083331324796 O16 - DPF: {75D1F3B2-2A21-11D7-97B9-0010DC2A6243} (SecureLogin.SecureControl) - http://secure2.comned.com/signuptemplates/ActiveSecurity.cab O16 - DPF: {AD7FAFB0-16D6-40C3-AF27-585D6E6453FD} - http://dload.ipbill.com/del/loader.cab O16 - DPF: {CEFB7B49-9652-464F-8AFD-A577C0500F39} - http://akamai.downloadv3.com/binaries/P2EClient/EGAUTH_pack_XP.cab O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - http://www.popcap.com/games/popcaploader_v6.cab O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll O23 - Service: Norman API-hooking helper (NipSvc) - Unknown owner - C:\NORMAN\Nvc\BIN\nipsvc.exe O23 - Service: Norman NJeeves - Unknown owner - C:\Norman\bin\NJEEVES.EXE O23 - Service: Norman Type-R - Unknown owner - C:\Norman\Npf\BIN\NPFSVICE.EXE O23 - Service: Norman ZANDA - Unknown owner - C:\Norman\bin\ZANDA.EXE O23 - Service: Norman Virus Control on-access component (nvcoas) - Norman ASA - C:\NORMAN\Nvc\BIN\nvcoas.exe Onko jotain vialla vai olenko ollut turhaan huolissaan? Kiittää ja kumartaa...
Tässä vähän ohjeita... Mene Ohjauspaneeliin > Lisää tai poista sovellus > Etsi: My Web Search tai vähänkin tuohon liittyvää Sulje selaimet ja muut ohjelmat ja käynnistä Hijackthis, do a system scan only Merkkaa seuraavat rivit:--> R3 - URLSearchHook: (no name) - {00A6FAF6-072E-44cf-8957-5838F569A31D} - C:\Program Files\MyWebSearch\SrchAstt\1.bin\MWSSRCAS.DLL (file missing) O2 - BHO: MyWebSearch Search Assistant BHO - {00A6FAF1-072E-44cf-8957-5838F569A31D} - C:\Program Files\MyWebSearch\SrchAstt\1.bin\MWSSRCAS.DLL (file missing) O2 - BHO: (no name) - {1BDD55B8-3985-4E59-B906-5E0AD56D6710} - (no file) O3 - Toolbar: (no name) - {702AD576-FDDB-4d0f-9811-A43252064684} - (no file) O16 - DPF: {1230CB21-C88D-11CF-B347-000000000000} - http://www.eingang69.de/EroticAccess/Cabs/1854003.cab O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} - http://ak.imgfarm.com/images/nocache/funwebproducts/ei/SmileyCent... O16 - DPF: {75D1F3B2-2A21-11D7-97B9-0010DC2A6243} (SecureLogin.SecureControl) - http://secure2.comned.com/signuptemplates/ActiveSecurity.cab O16 - DPF: {AD7FAFB0-16D6-40C3-AF27-585D6E6453FD} - http://dload.ipbill.com/del/loader.cab O16 - DPF: {CEFB7B49-9652-464F-8AFD-A577C0500F39} - http://akamai.downloadv3.com/binaries/P2EClient/EGAUTH_pack_XP.cab O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - http://www.popcap.com/games/popcaploader_v6.cab paina: fix checked! Lataa Ewido http://www.virustorjunta.net/modules.php?name=Forums&file=viewtopic&t=3914url] Päivitä mutta ÄLÄ skannaa vielä. Hae Brute Force Uninstaller http://www.merijn.org/files/bfu.zip Pura se omaan kansioon tuonne C:\BFU ja sitten klikkaa alla olevaa linkkiä oikealla http://metallica.geekstogo.com/EGDACCESS.bfu * valitse tallenna kohde nimellä ja säästä se C:\BFU-kansioon * sen jälkeen tuplaklikkaa BFU.exe * kohtaan scriptline to execute kopioi/liitä c:\bfu\EGDACCESS.bfu * klikkaa execute ja oota että complete script execution laatikko tulee esiin ja klikkaa OK * klikkaa exit jotta ohjelma sulkeutuu Mene vikasietotilaan: sammuta ja käynnistä käynnistyksen yhteydessä naputtele F8 valitse nuolinäppäimellä vikasietotila paina Enter ja uudelleen Enter OK Poista seuraavat kansiot / tiedosto C:\Program Files\ ---> MyWebSearch <--- Tyhjennä roskakori Scannaa Ewidolla Complete system Scan" Eli ajat koko koneen läpi haittaohjelmien löytämiseksi. Sitten kun hälyttää niin tee tämä. Perform action -> Remove ja laita ruksi kohtaan: Perform action with all infections Näin se poistaa kaikki löydöt erikseen kysymättä. Sitten kun Ewido on suorittanut skannauksen loppuun,paina Save report ja lähetä Ewidon raportti tänne ja uusi hjt-loki, niin tutkaillaan.
Lisätään hiukan Kairiksen ohjeiden lisäksi: Avaa bfu Liitä tämä osoite "Download script" ikkunan osoitepalkkiin: http://metallica.geekstogo.com/collectora.bfu Aja skripti klikkaamalla Execute-nappia.
Kiitokset ohjeista. lokini näyttää nyt tältä: Logfile of HijackThis v1.99.1 Scan saved at 12:21:11, on 12.5.2006 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\system32\hkcmd.exe C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb05.exe C:\Norman\bin\ZLH.EXE C:\Program Files\Common Files\Real\Update_OB\realsched.exe C:\Program Files\Java\jre1.5.0_04\bin\jusched.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\ewido anti-malware\ewidoctrl.exe C:\Program Files\ewido anti-malware\ewidoguard.exe C:\Norman\Npf\BIN\NPFSVICE.EXE C:\Norman\bin\ZANDA.EXE C:\WINDOWS\System32\tcpsvcs.exe C:\NORMAN\Nvc\BIN\nvcoas.exe C:\Norman\bin\NJEEVES.EXE C:\WINDOWS\system32\wscntfy.exe C:\Norman\Npf\BIN\npfmsg2.exe C:\Norman\Nvc\bin\cclaw.exe C:\WINDOWS\system32\wuauclt.exe C:\Documents and Settings\lelulaatikko\Työpöytä\Roinaa\HijackThis\HijackThis_v1.99.1.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://haku.soneraplaza.fi/haku/queryie5.jsp R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.utu.fi/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.soneraplaza.fi R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer - toimittaja Sonera Internet R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = proxy.dial.inet.fi:800 R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.fi;*.*.fi;*.*.*.fi;<local> R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Linkit O2 - BHO: MyWebSearch Search Assistant BHO - {00A6FAF1-072E-44cf-8957-5838F569A31D} - C:\Program Files\MyWebSearch\SrchAstt\1.bin\MWSSRCAS.DLL (file missing) O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx O2 - BHO: REALBAR - {4E7BD74F-2B8D-469E-C0FF-FD60B590A87D} - C:\PROGRA~1\COMMON~1\Real\Toolbar\realbar.dll O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll O3 - Toolbar: REALBAR - {4E7BD74F-2B8D-469E-C0FF-FD60B590A87D} - C:\PROGRA~1\COMMON~1\Real\Toolbar\realbar.dll O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb05.exe O4 - HKLM\..\Run: [Norman ZANDA] C:\Norman\bin\ZLH.EXE /LOAD /SPLASH O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot O4 - HKLM\..\Run: [Logitech Hardware Abstraction Layer] KHALMNPR.EXE O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_04\bin\jusched.exe O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar2.dll/cmsearch.html O8 - Extra context menu item: &Translate English Word - res://c:\program files\google\GoogleToolbar2.dll/cmwordtrans.html O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar2.dll/cmbacklinks.html O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar2.dll/cmcache.html O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar2.dll/cmsimilar.html O8 - Extra context menu item: Translate Page into English - res://c:\program files\google\GoogleToolbar2.dll/cmtrans.html O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O14 - IERESET.INF: START_PAGE_URL=http://www.soneraplaza.fi O16 - DPF: {001EE746-A1F9-460E-80AD-269E088D6A01} (Infotl Control) - http://ezproxy.utu.fi:2191/lib/uniturku/support/plugins/ebraryRdr.cab O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204 O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_s ite.cab?1097235938296 O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb _site.cab?1083331324796 O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido anti-malware\ewidoctrl.exe O23 - Service: ewido security suite guard - ewido networks - C:\Program Files\ewido anti-malware\ewidoguard.exe O23 - Service: Norman API-hooking helper (NipSvc) - Unknown owner - C:\NORMAN\Nvc\BIN\nipsvc.exe O23 - Service: Norman NJeeves - Unknown owner - C:\Norman\bin\NJEEVES.EXE O23 - Service: Norman Type-R - Unknown owner - C:\Norman\Npf\BIN\NPFSVICE.EXE O23 - Service: Norman ZANDA - Unknown owner - C:\Norman\bin\ZANDA.EXE O23 - Service: Norman Virus Control on-access component (nvcoas) - Norman ASA - C:\NORMAN\Nvc\BIN\nvcoas.exe --------------------------------------------------------------------- Ja Ewidon raportti seuraavanlainen: --------------------------------------------------------- ewido anti-malware - Scan report --------------------------------------------------------- + Created on: 16:20:00, 11.5.2006 + Report-Checksum: B92F0B21 + Scan result: HKLM\SOFTWARE\Classes\AppID\adm.EXE -> Adware.Altnet : Cleaned with backup HKLM\SOFTWARE\Classes\AppID\Altnet Signing Module.EXE -> Adware.Altnet : Cleaned with backup HKLM\SOFTWARE\GMSoft -> Dialer.Generic : Cleaned with backup HKLM\SOFTWARE\PowerScan -> Adware.PowerScan : Cleaned with backup HKU\S-1-5-21-4059586104-2355143865-2670888620-1005\Software\INSTAFINK -> Adware.InstaFinder : Cleaned with backup HKU\S-1-5-21-4059586104-2355143865-2670888620-1005\Software\INSTAFINK\Reports -> Adware.InstaFinder : Cleaned with backup HKU\S-1-5-21-4059586104-2355143865-2670888620-1005\Software\INSTAFINK\Reports\38122 -> Adware.InstaFinder : Cleaned with backup HKU\S-1-5-21-4059586104-2355143865-2670888620-1005\Software\INSTAFINK\Reports\38122\Objects -> Adware.InstaFinder : Cleaned with backup HKU\S-1-5-21-4059586104-2355143865-2670888620-1005\Software\INSTAFINK\Reports\38122\Objects\5 -> Adware.InstaFinder : Cleaned with backup HKU\S-1-5-21-4059586104-2355143865-2670888620-1005\Software\INSTAFINK\Stat -> Adware.InstaFinder : Cleaned with backup HKU\S-1-5-21-4059586104-2355143865-2670888620-1005\Software\PowerScan -> Adware.PowerScan : Cleaned with backup HKU\S-1-5-21-4059586104-2355143865-2670888620-1005\Software\Premium Web Service -> Dialer.Generic : Cleaned with backup HKU\S-1-5-21-4059586104-2355143865-2670888620-1005\Software\Premium Web Service\Content Browser -> Dialer.Generic : Cleaned with backup HKU\S-1-5-21-4059586104-2355143865-2670888620-1005\Software\Premium Web Service\Content Browser\Settings -> Dialer.Generic : Cleaned with backup HKU\S-1-5-21-4059586104-2355143865-2670888620-1005\Software\RX Toolbar -> Adware.RXToolbar : Cleaned with backup :mozilla.49:C:\Documents and Settings\lelulaatikko\Application Data\Mozilla\Firefox\Profiles\ppqa75wh.default\cookies.txt -> TrackingCookie.Tradedoubler : Cleaned with backup :mozilla.50:C:\Documents and Settings\lelulaatikko\Application Data\Mozilla\Firefox\Profiles\ppqa75wh.default\cookies.txt -> TrackingCookie.Tradedoubler : Cleaned with backup :mozilla.58:C:\Documents and Settings\lelulaatikko\Application Data\Mozilla\Firefox\Profiles\ppqa75wh.default\cookies.txt -> TrackingCookie.Adbrite : Cleaned with backup :mozilla.74:C:\Documents and Settings\lelulaatikko\Application Data\Mozilla\Firefox\Profiles\ppqa75wh.default\cookies.txt -> TrackingCookie.Overture : Cleaned with backup :mozilla.87:C:\Documents and Settings\lelulaatikko\Application Data\Mozilla\Firefox\Profiles\ppqa75wh.default\cookies.txt -> TrackingCookie.Doubleclick : Cleaned with backup :mozilla.88:C:\Documents and Settings\lelulaatikko\Application Data\Mozilla\Firefox\Profiles\ppqa75wh.default\cookies.txt -> TrackingCookie.Doubleclick : Cleaned with backup :mozilla.89:C:\Documents and Settings\lelulaatikko\Application Data\Mozilla\Firefox\Profiles\ppqa75wh.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned with backup :mozilla.90:C:\Documents and Settings\lelulaatikko\Application Data\Mozilla\Firefox\Profiles\ppqa75wh.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned with backup :mozilla.91:C:\Documents and Settings\lelulaatikko\Application Data\Mozilla\Firefox\Profiles\ppqa75wh.default\cookies.txt -> TrackingCookie.Googleadservices : Cleaned with backup :mozilla.101:C:\Documents and Settings\lelulaatikko\Application Data\Mozilla\Firefox\Profiles\ppqa75wh.default\cookies.txt -> TrackingCookie.Adtech : Cleaned with backup :mozilla.105:C:\Documents and Settings\lelulaatikko\Application Data\Mozilla\Firefox\Profiles\ppqa75wh.default\cookies.txt -> TrackingCookie.Adtech : Cleaned with backup C:\Documents and Settings\lelulaatikko\Cookies\lelulaatikko@adtech[2].txt -> TrackingCookie.Adtech : Cleaned with backup C:\Documents and Settings\lelulaatikko\Cookies\lelulaatikko@casalemedia[2].txt -> TrackingCookie.Casalemedia : Cleaned with backup C:\Documents and Settings\lelulaatikko\Cookies\lelulaatikko@doubleclick[1].txt -> TrackingCookie.Doubleclick : Cleaned with backup C:\Documents and Settings\lelulaatikko\Cookies\lelulaatikko@perf.overture[1].txt -> TrackingCookie.Overture : Cleaned with backup C:\Documents and Settings\lelulaatikko\Cookies\lelulaatikko@tradedoubler[1].txt -> TrackingCookie.Tradedoubler : Cleaned with backup Kone on edelleen tahmaisen tuntuinen ja muisti kuluu kummallisen nopeasti...
Loki on ok, käynnistyviä ohjelmia voi karsia. O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_04\bin\jusched.exe Paljon koneessa on keskusmuistia? Lisäksi Javan päivitys: Javan päivitys ja välimuistin tyhjennys [*]Klikkaa Käynnistä > Ohjauspaneeli ja tupla-klikkaa Java kuvaketta (kahvikuppi) Ohjauspaneelissa. [*]Mene "Update" -välilehteen Java asetusikkunassasi. Päivitä Javasi klikkaamalla "Update Now" ja sitten käynnistä uudelleen. [*]Jos et pysty päivittämään automaattisesti, hae manuaalisesti täältä: http://www.java.com/en/download/manual.jsp [*]Käynnistyksen jälkeen, mene takaisin Ohjauspaneeliin ja siitä Java asetuksiisi. [*]Temporary Internet Files -osion alla, klikkaa Delete Files nappia. [*]Varmista että kaikki kolme valintaa ovat rastitettuja: Downloaded Applets Downloaded Applications Other Files [*]Klikkaa OK "Delete Temporary Internet Files" -ikkunassasi. Huomaa: Tämä poistaa kaikki ladatut sovellukset ja appletit VÄLIMUISTISTA. [*]Klikkaa OK jättääksesi Java-asetusikkunasi.
