Elikkäs nyt ois ongelmana tällänen juttu että kaatu toi nortoni yks päivä ku en ollu himassa niin siinä ajassa minkä toi oli nurin niin tuli kaks troijalaista ja iso kasa muuta haittaohjelmaa. Pistin norttonin sit kuntoo ja sain poistettua suurimman osan roskasta mm. kaikki virukset. Nyt vaivaa nää pop up ikkunat joita satelee jatkuvasti heti kun heittää verkkojohdon kiinni koneeseen. Käytän Mozillaa mutta se ei niitä pop up ikkunoita estä vaikka esto onkin päällä. Millä konstilla mä saisin loppumaan noi pop upit?
Laita HjT-loki, ohjelman saat täältä -> http://koti.mbnet.fi/pattaya1/HijackThis.exe . Tallenna hakemistoon c:\hjt, käynnistä, klikkaa do a system scan and save a logfile ja lähetä loki tänne.
Heitän tässä väliin, kun sulla FF, niin NoScript ja Adblock laajennokset autta noihin. Niin, jos sulla ei ole niitä jo. Työkalut=> laajennukset=> hae laajennuksia.
No varsinaisesti adblock ei kyllä auta, koska nuo eivät ole mitään ns. "tavallisia" popuppeja, vaan haittaohjelman aiheuttamia. Noscript voi estää haittaohjelmien tarttumisen Javaskriptistä.
Elikkäs tällänen tuli: Logfile of HijackThis v1.99.1 Scan saved at 18:38:59, on 10.4.2006 Platform: Windows 2000 SP4 (WinNT 5.00.2195) MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106) Running processes: C:\WINNT\System32\smss.exe C:\WINNT\system32\winlogon.exe C:\WINNT\system32\services.exe C:\WINNT\system32\lsass.exe C:\WINNT\system32\Ati2evxx.exe C:\Program Files\Common Files\Symantec Shared\ccProxy.exe C:\Program Files\Norton Internet Security\ISSVC.exe C:\WINNT\system32\svchost.exe C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe C:\WINNT\system32\LEXBCES.EXE C:\WINNT\system32\spoolsv.exe C:\WINNT\system32\LEXPPS.EXE C:\WINNT\dllhosts.exe C:\WINNT\system32\svchost.exe C:\WINNT\system32\hidserv.exe C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe C:\WINNT\system32\MSTask.exe C:\WINNT\system32\stisvc.exe C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe C:\WINNT\System32\WBEM\WinMgmt.exe C:\WINNT\system32\mspmspsv.exe C:\WINNT\system32\svchost.exe C:\WINNT\system32\Ati2evxx.exe C:\WINNT\Explorer.EXE C:\Program Files\Lexmark X1100 Series\lxbkbmgr.exe C:\Program Files\Lexmark X1100 Series\lxbkbmon.exe C:\Program Files\Common Files\Real\Update_OB\realsched.exe C:\Program Files\Common Files\Symantec Shared\ccApp.exe C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe C:\PROGRA~1\MediaKey\MMKeybd.EXE C:\PROGRA~1\Sony\SONICS~1\SsAAD.exe C:\windows\mousepad9.exe C:\WINNT\system32\LVComS.exe C:\Program Files\Common Files\Sony Shared\AVLib\SSScsiSV.exe C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe C:\Program Files\Mozilla Firefox\firefox.exe C:\WINNT\system32\rundll32.exe C:\HijackThis.exe R1 - HKCU\Software\Microsoft\Internet Explorer,SearchURL = http://www.superwebsearch.com/ie/ R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://g.msn.fi/0SEFIFI/SAOS01 R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.mtv3.fi/ R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Linkit R3 - Default URLSearchHook is missing O3 - Toolbar: @msdxmLC.dll,-1@1033,&Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINNT\system32\msdxm.ocx O3 - Toolbar: Norton Internet Security - {0B53EAC3-8D69-4b9e-9B19-A37C9A5676A7} - C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon O4 - HKLM\..\Run: [F-Secure Manager] "C:\Program Files\F-Secure\Common\FSM32.EXE" /splash O4 - HKLM\..\Run: [NeroCheck] C:\WINNT\system32\\NeroCheck.exe O4 - HKLM\..\Run: [MessengerPlus3] "C:\Program Files\Messenger Plus! 3\MsgPlus.exe" O4 - HKLM\..\Run: [LogitechVideoRepair] C:\Program Files\Logitech\Video\ISStart.exe O4 - HKLM\..\Run: [LogitechVideoTray] C:\Program Files\Logitech\Video\LogiTray.exe O4 - HKLM\..\Run: [websx] C:\Program Files\websx\int102647.exe -auto O4 - HKLM\..\Run: [P2P Networking] C:\WINNT\system32\P2P Networking\P2P Networking.exe /AUTOSTART O4 - HKLM\..\Run: [Lexmark X1100 Series] "C:\Program Files\Lexmark X1100 Series\lxbkbmgr.exe" O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\isuspm.exe -startup O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe" O4 - HKLM\..\Run: [SSC_UserPrompt] C:\Program Files\Common Files\Symantec Shared\Security Center\UsrPrmpt.exe O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe O4 - HKLM\..\Run: [MediaKey] C:\PROGRA~1\MediaKey\MMKeybd.EXE O4 - HKLM\..\Run: [SsAAD.exe] C:\PROGRA~1\Sony\SONICS~1\SsAAD.exe O4 - HKLM\..\Run: [keyboard] C:\windows\keyboard9.exe O4 - HKLM\..\Run: [mousepad] C:\windows\mousepad9.exe O4 - HKLM\..\Run: [newname] C:\windows\newname9.exe O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE O8 - Extra context menu item: Shorten URL - http://www.cjb.net/menuext.html O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab O16 - DPF: {1230CB21-C88D-11CF-B347-000000000000} - http://www.eingang69.de/EroticAccess/Cabs/1854008.cab O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://spaces.msn.com//PhotoUpload/MsnPUpld.cab O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} (RdxIE Class) - http://software-dl.real.com/09c91d9dc35b302d1e05/netzip/RdxIE601.cab O16 - DPF: {5BDBD95C-1E7F-4FB1-8497-20AF879F8B68} (FileSharingCtrl Class) - http://appdirectory.messenger.msn.com/AppDirectory/P4Apps/FileSharing/fi/filesharingctrl.cab O16 - DPF: {70BA88C8-DAE8-4CE9-92BB-979C4A75F53B} (GSDACtl Class) - http://launch.gamespyarcade.com/software/launch/alaunch.cab O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab O16 - DPF: {917623D1-D8E5-11D2-BE8B-00104B06BDE3} (CamImage Class) - http://webcam.werro.ee/activex/AxisCamControl.ocx O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMessengerSetupDownloader.cab O16 - DPF: {C4925E65-7A1E-11D2-8BB4-00A0C9CC72C3} (Virtools WebPlayer Class) - http://a532.g.akamai.net/7/532/6712...com/downloads/player/Install2.0/Installer.exe O16 - DPF: {D719897A-B07A-4C0C-AEA9-9B663A28DFCB} - http://ax.phobos.apple.com.edgesuite.net/detection/ITDetector.cab O20 - Winlogon Notify: ModuleUsage - C:\WINNT\system32\gp2ol3f31.dll O20 - Winlogon Notify: nwprovau - C:\WINNT\SYSTEM32\nwprovau.dll O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINNT\system32\Ati2evxx.exe O23 - Service: ATI Smart - Unknown owner - C:\WINNT\system32\ati2sgag.exe O23 - Service: F-Secure BackWeb (BackWeb Client - 7681197) - Unknown owner - C:\PROGRA~1\F-Secure\BackWeb\7681197\Program\SERVIC~1.EXE (file missing) O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccProxy.exe O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe O23 - Service: windows dll (dll host) - Unknown owner - C:\WINNT\dllhosts.exe O23 - Service: Loogisen levyn hallinnan valvontapalvelu (dmadmin) - VERITAS Software Corp. - C:\WINNT\System32\dmadmin.exe O23 - Service: F-Secure BackWeb LAN Access - Unknown owner - C:\Program Files\F-Secure\BackWeb\7681197\Program\fsbwlan.exe (file missing) O23 - Service: F-Secure Gatekeeper Handler Starter - Unknown owner - C:\Program Files\F-Secure\Anti-Virus\fsgk32st.exe (file missing) O23 - Service: F-Secure Network Request Broker - Unknown owner - C:\Program Files\F-Secure\Common\FNRB32.EXE (file missing) O23 - Service: F-Secure Authentication Agent (FSAA) - Unknown owner - C:\Program Files\F-Secure\Common\FSAA.EXE (file missing) O23 - Service: F-Secure Management Agent (FSMA) - Unknown owner - C:\Program Files\F-Secure\Common\FSMA32.EXE (file missing) O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: ISSvc (ISSVC) - Symantec Corporation - C:\Program Files\Norton Internet Security\ISSVC.exe O23 - Service: Kerio Personal Firewall 4 (KPF4) - Unknown owner - C:\Program Files\Kerio\Personal Firewall 4\kpf4ss.exe (file missing) O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINNT\system32\LEXBCES.EXE O23 - Service: MSCSPTISRV - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\MSCSPTISRV.exe O23 - Service: Norton AntiVirus Auto-Protect -palvelu (navapsvc) - Symantec Corporation - C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe O23 - Service: Network Monitor - Unknown owner - C:\Program Files\Network Monitor\netmon.exe (file missing) O23 - Service: PACSPTISVR - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\PACSPTISVR.exe O23 - Service: RadClock - Unknown owner - C:\WINNT\system32\RadClock.exe O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton Internet Security\Norton AntiVirus\SAVScan.exe O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe O23 - Service: SonicStage SCSI Service (SSScsiSV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SSScsiSV.exe O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
Vähän enemmänkin vikaa täällä Ohjeesta tulee pitkä, joten suosittelen tämän tulostamista Hae ja päivitä ewido, ÄLÄ skannaa vielä -> http://keskustelu.afterdawn.com/thread_view.cfm/269186 Lataa tuosta Look2Me-Destroyer.exe -> http://www.atribune.org/ccount/click.php?id=7 työpöydällesi. TÄRKEÄÄ: Ennen fixin jatkamista, sinun täytyy tehdä seuraavat: [*] Tulosta tämä, tai tallenna tekstitiedostona sopivaan sijaintiin. [*] Klikkaa käynnistä -> Suorita ja kirjoita: services.msc [*] Klikkaa OK. [*] Tarkista että tämä palvelu on käynnissä tai sen käynnistymistapa on automaattinen: [*]Toissijainen kirjautuminen [*] Seuraavaksi tietokoneesi on oltava offlinessa, vedä nettipiuha seinästä jos tarpeen. [*] Virustorjuntasi, ja kaikkien muiden turvaohjelmistojen TÄYTYY olla suljettuja. Jatka fixiä: [*]Sulje ikkunat jatkaaksesi. [*]Tupla-klikkaa Look2Me-Destroyer.exe filua ajaaksesi sen. [*]Rastita Run this program as a task. [*]Saat viestin joka sanoo "Look2Me-Destroyer will close and re-open in approximately 1 minute". Klikkaa OK [*]Kun se avautuu uudestaan, klikkaa Scan for L2M valintaa, pikakuvakkeesi katoavat; tämä on normaalia. [*]Kun skannaus on valmis, klikkaa Remove L2M. [*]Saat Done Scanning viestin, klikkaa OK. [*]Kun valmis, saat tämän viestin: Done removing infected files! Look2Me-Destroyer will now shutdown your computer, klikkaa OK. [*]Koneesi sammuu. [*]Käynnistä se uudelleen. [*]Postita C:\Look2Me-Destroyer.txt lokin sisältö seuraavaan viestiisi. Jos Look2Me-Destroyer ei aukea automaattisesi, käynnistä tietokoneesi uudestaan ja koita uudelleen. Poista ohjauspaneelista (lisää/poista sovellus, jos on): Network Monitor websx P2P Networking Lataa tuosta brute force uninstaller työpöydällesi http://www.merijn.org/files/bfu.zip työpöydällesi. [*]Oikea-klikkaa BFU zippiä työpöydälläsi, ja valitse Pura kaikki. [*]Klikkaa "Seuraava" [*]Boksissa missä valita mihin haluat tiedostot purkaa, [*]Klikkaa "Selaa" [*]Klikkaa + merkkiä oman tietokoneen vieressä [*]Klikkaa "Paikallinen Levy (C" tai mikä sinun tärkein levysi onkin [*]Klikkaa "Tee uusi kansio" [*]Kirjoita BFU [*]Klikkaa "Seuraava", ja ÄLÄ rastita boksia "Näytä puretut tiedostot" ja klikkaa "Valmis". Oikea-klikkaa tästä -> http://metallica.geekstogo.com/alcanshorty.bfu ja valitse "Save As" (Explorerissa "Save Target As") ladataksesi Alcra PLUS Poistajan. Tallenna se samaan kansioon jonka teit aiemmin (c:\BFU). Älä tee mitään tällä vielä! Käynnistä koneesi vikasietotilaan naputtamalla F8 näppäintä käynnistyksen yhteydessä. Klikkaa Käynnistä > Oma tietokone ja navigoi C:\BFU kansioon. [*] Käynnistä Brute Force Uninstaller tupla-klikkaamalla BFU.exe [*] Scriptline to execute kentässä kirjoita tai liitä c:\bfu\alcanshorty.bfu [*] Klikkaa E]xecute ja anna sen tehdä työnsä. (Sinun pitäisi nähdä edistyspalkki jos teit tämän oikein.) [*]Odota Complete script execution boksia ja klikkaa OK. [*]Klikkaa exit lopettaaksesi Brute Force Uninstallerin. Fixaa HjT:llä (do a system scan only, merkkaa ja paina fix checked): R3 - Default URLSearchHook is missing O4 - HKLM\..\Run: [websx] C:\Program Files\websx\int102647.exe -auto O4 - HKLM\..\Run: [P2P Networking] C:\WINNT\system32\P2P Networking\P2P Networking.exe /AUTOSTART O4 - HKLM\..\Run: [keyboard] C:\windows\keyboard9.exe O4 - HKLM\..\Run: [mousepad] C:\windows\mousepad9.exe O4 - HKLM\..\Run: [newname] C:\windows\newname9.exe O16 - DPF: {1230CB21-C88D-11CF-B347-000000000000} - http://www.eingang69.de/EroticAccess/Cabs/1854008.cab O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} (RdxIE Class) - http://software-dl.real.com/09c91d9dc35b302d1e05/netzip/RdxIE601.cab O23 - Service: windows dll (dll host) - Unknown owner - C:\WINNT\dllhosts.exe O23 - Service: Network Monitor - Unknown owner - C:\Program Files\Network Monitor\netmon.exe (file missing) Sitten käynnistä -> suorita -> services.msc -> ok Etsi listalta windows dll Network Monitor Tuplaklikkaa niitä, paina seis ja valitse käynnistymistavaksi ei käytössä. Avaa HjT -> open misc tools -> delete nt service Syötä (yksi kerrallaan) windows dll Network Monitor ja klikkaa ok Poista jos löytyy: C:\Program Files\websx C:\WINNT\system32\P2P Networking C:\windows\keyboard9.exe C:\windows\mousepad9.exe C:\windows\newname9.exe C:\WINNT\dllhosts.exe C:\Program Files\Network Monitor Skannaa ewidolla, anna poistaa mitä löytää ja tallenna raportti Käynnistä normaalisti uudelleen, postita tuore HijackThis logi, ewidon raportti ja C:\Look2Me-Destroyer.txtlokin sisältö.
Nyt on kaikki noi jutut tehty. Tällästä tuli: Look2Me-Destroyer V1.0.12 Scanning for infected files..... Scan started at 10.4.2006 21:15:15 Infected! C:\WINNT\system32\gp2ol3f31.dll Infected! C:\WINNT\system32\gp2ol3f31.dll Infected! C:\WINNT\system32\h22o0cf3ef2.dll Infected! C:\WINNT\system32\hmsetup.dll Infected! C:\WINNT\system32\guard.tmp Attempting to delete infected files... Attempting to delete: C:\WINNT\system32\gp2ol3f31.dll C:\WINNT\system32\gp2ol3f31.dll Deleted successfully! Attempting to delete: C:\WINNT\system32\gp2ol3f31.dll C:\WINNT\system32\gp2ol3f31.dll Deleted successfully! Attempting to delete: C:\WINNT\system32\h22o0cf3ef2.dll C:\WINNT\system32\h22o0cf3ef2.dll Deleted successfully! Attempting to delete: C:\WINNT\system32\hmsetup.dll C:\WINNT\system32\hmsetup.dll Deleted successfully! Attempting to delete: C:\WINNT\system32\guard.tmp C:\WINNT\system32\guard.tmp Deleted successfully! Making registry repairs. Removing: HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ModuleUsage Removing: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved "{499BFF18-3C38-423F-B039-47D64277D151}" HKCR\Clsid\{499BFF18-3C38-423F-B039-47D64277D151} Removing: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved "{A8F4225D-035C-4F75-B87D-26FAE521FBFF}" HKCR\Clsid\{A8F4225D-035C-4F75-B87D-26FAE521FBFF} Removing: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved "{AD840DEF-8CC1-4F8D-A6A2-9030B23ABCA3}" HKCR\Clsid\{AD840DEF-8CC1-4F8D-A6A2-9030B23ABCA3} Removing: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved "{B83C87DD-FEAA-4839-B4B7-CC7519C2666A}" HKCR\Clsid\{B83C87DD-FEAA-4839-B4B7-CC7519C2666A} Removing: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved "{6A0845A6-E60D-4E7C-B156-1F97B889FCAF}" HKCR\Clsid\{6A0845A6-E60D-4E7C-B156-1F97B889FCAF} Restoring Windows certificates. Replaced hosts file with default windows hosts file Restoring SeDebugPrivilege for Järjestelmänvalvojat - Succeeded --------------------------------------------------------- ewido anti-malware - Scan report --------------------------------------------------------- + Created on: 23:37:25, 10.4.2006 + Report-Checksum: A5D8313A + Scan result: HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\ins -> Adware.WebRebates : Cleaned with backup HKU\S-1-5-21-789336058-706699826-1343024091-1000\Software\Premium Web Service -> Dialer.Generic : Cleaned with backup HKU\S-1-5-21-789336058-706699826-1343024091-1000\Software\Premium Web Service\Content Browser -> Dialer.Generic : Cleaned with backup HKU\S-1-5-21-789336058-706699826-1343024091-1000\Software\Premium Web Service\Content Browser\Settings -> Dialer.Generic : Cleaned with backup :mozilla.23:C:\Documents and Settings\x\Application Data\Mozilla\Firefox\Profiles\plejz1qh.default\cookies.txt -> TrackingCookie.Adtech : Cleaned with backup :mozilla.24:C:\Documents and Settings\x\Application Data\Mozilla\Firefox\Profiles\plejz1qh.default\cookies.txt -> TrackingCookie.Adtech : Cleaned with backup :mozilla.32:C:\Documents and Settings\x\Application Data\Mozilla\Firefox\Profiles\plejz1qh.default\cookies.txt -> TrackingCookie.Tradedoubler : Cleaned with backup :mozilla.33:C:\Documents and Settings\x\Application Data\Mozilla\Firefox\Profiles\plejz1qh.default\cookies.txt -> TrackingCookie.Tradedoubler : Cleaned with backup :mozilla.34:C:\Documents and Settings\x\Application Data\Mozilla\Firefox\Profiles\plejz1qh.default\cookies.txt -> TrackingCookie.Tradedoubler : Cleaned with backup :mozilla.35:C:\Documents and Settings\x\Application Data\Mozilla\Firefox\Profiles\plejz1qh.default\cookies.txt -> TrackingCookie.Tradedoubler : Cleaned with backup :mozilla.48:C:\Documents and Settings\x\Application Data\Mozilla\Firefox\Profiles\plejz1qh.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned with backup :mozilla.49:C:\Documents and Settings\x\Application Data\Mozilla\Firefox\Profiles\plejz1qh.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned with backup :mozilla.50:C:\Documents and Settings\x\Application Data\Mozilla\Firefox\Profiles\plejz1qh.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned with backup :mozilla.51:C:\Documents and Settings\x\Application Data\Mozilla\Firefox\Profiles\plejz1qh.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned with backup :mozilla.52:C:\Documents and Settings\x\Application Data\Mozilla\Firefox\Profiles\plejz1qh.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned with backup :mozilla.53:C:\Documents and Settings\x\Application Data\Mozilla\Firefox\Profiles\plejz1qh.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned with backup :mozilla.54:C:\Documents and Settings\x\Application Data\Mozilla\Firefox\Profiles\plejz1qh.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned with backup :mozilla.65:C:\Documents and Settings\x\Application Data\Mozilla\Firefox\Profiles\plejz1qh.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned with backup :mozilla.66:C:\Documents and Settings\x\Application Data\Mozilla\Firefox\Profiles\plejz1qh.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned with backup :mozilla.67:C:\Documents and Settings\x\Application Data\Mozilla\Firefox\Profiles\plejz1qh.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned with backup :mozilla.68:C:\Documents and Settings\x\Application Data\Mozilla\Firefox\Profiles\plejz1qh.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned with backup :mozilla.76:C:\Documents and Settings\x\Application Data\Mozilla\Firefox\Profiles\plejz1qh.default\cookies.txt -> TrackingCookie.Revenue : Cleaned with backup :mozilla.81:C:\Documents and Settings\x\Application Data\Mozilla\Firefox\Profiles\plejz1qh.default\cookies.txt -> TrackingCookie.Atdmt : Cleaned with backup :mozilla.82:C:\Documents and Settings\x\Application Data\Mozilla\Firefox\Profiles\plejz1qh.default\cookies.txt -> TrackingCookie.Questionmarket : Cleaned with backup :mozilla.83:C:\Documents and Settings\x\Application Data\Mozilla\Firefox\Profiles\plejz1qh.default\cookies.txt -> TrackingCookie.Questionmarket : Cleaned with backup :mozilla.84:C:\Documents and Settings\x\Application Data\Mozilla\Firefox\Profiles\plejz1qh.default\cookies.txt -> TrackingCookie.Doubleclick : Cleaned with backup :mozilla.85:C:\Documents and Settings\x\Application Data\Mozilla\Firefox\Profiles\plejz1qh.default\cookies.txt -> TrackingCookie.Falkag : Cleaned with backup :mozilla.86:C:\Documents and Settings\x\Application Data\Mozilla\Firefox\Profiles\plejz1qh.default\cookies.txt -> TrackingCookie.Falkag : Cleaned with backup :mozilla.87:C:\Documents and Settings\x\Application Data\Mozilla\Firefox\Profiles\plejz1qh.default\cookies.txt -> TrackingCookie.Falkag : Cleaned with backup :mozilla.88:C:\Documents and Settings\x\Application Data\Mozilla\Firefox\Profiles\plejz1qh.default\cookies.txt -> TrackingCookie.Falkag : Cleaned with backup :mozilla.95:C:\Documents and Settings\x\Application Data\Mozilla\Firefox\Profiles\plejz1qh.default\cookies.txt -> TrackingCookie.Mediaplex : Cleaned with backup :mozilla.97:C:\Documents and Settings\x\Application Data\Mozilla\Firefox\Profiles\plejz1qh.default\cookies.txt -> TrackingCookie.Centrport : Cleaned with backup :mozilla.98:C:\Documents and Settings\x\Application Data\Mozilla\Firefox\Profiles\plejz1qh.default\cookies.txt -> TrackingCookie.Centrport : Cleaned with backup :mozilla.99:C:\Documents and Settings\x\Application Data\Mozilla\Firefox\Profiles\plejz1qh.default\cookies.txt -> TrackingCookie.Bluestreak : Cleaned with backup :mozilla.129:C:\Documents and Settings\x\Application Data\Mozilla\Firefox\Profiles\plejz1qh.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned with backup :mozilla.130:C:\Documents and Settings\x\Application Data\Mozilla\Firefox\Profiles\plejz1qh.default\cookies.txt -> TrackingCookie.Pointroll : Cleaned with backup :mozilla.131:C:\Documents and Settings\x\Application Data\Mozilla\Firefox\Profiles\plejz1qh.default\cookies.txt -> TrackingCookie.Pointroll : Cleaned with backup :mozilla.132:C:\Documents and Settings\x\Application Data\Mozilla\Firefox\Profiles\plejz1qh.default\cookies.txt -> TrackingCookie.Pointroll : Cleaned with backup :mozilla.133:C:\Documents and Settings\x\Application Data\Mozilla\Firefox\Profiles\plejz1qh.default\cookies.txt -> TrackingCookie.Pointroll : Cleaned with backup :mozilla.136:C:\Documents and Settings\x\Application Data\Mozilla\Firefox\Profiles\plejz1qh.default\cookies.txt -> TrackingCookie.Fastclick : Cleaned with backup :mozilla.137:C:\Documents and Settings\x\Application Data\Mozilla\Firefox\Profiles\plejz1qh.default\cookies.txt -> TrackingCookie.Fastclick : Cleaned with backup :mozilla.138:C:\Documents and Settings\x\Application Data\Mozilla\Firefox\Profiles\plejz1qh.default\cookies.txt -> TrackingCookie.Burstnet : Cleaned with backup :mozilla.142:C:\Documents and Settings\x\Application Data\Mozilla\Firefox\Profiles\plejz1qh.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup :mozilla.143:C:\Documents and Settings\x\Application Data\Mozilla\Firefox\Profiles\plejz1qh.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup :mozilla.144:C:\Documents and Settings\x\Application Data\Mozilla\Firefox\Profiles\plejz1qh.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup :mozilla.145:C:\Documents and Settings\x\Application Data\Mozilla\Firefox\Profiles\plejz1qh.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup :mozilla.146:C:\Documents and Settings\x\Application Data\Mozilla\Firefox\Profiles\plejz1qh.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup :mozilla.147:C:\Documents and Settings\x\Application Data\Mozilla\Firefox\Profiles\plejz1qh.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup :mozilla.148:C:\Documents and Settings\x\Application Data\Mozilla\Firefox\Profiles\plejz1qh.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup :mozilla.149:C:\Documents and Settings\x\Application Data\Mozilla\Firefox\Profiles\plejz1qh.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup :mozilla.150:C:\Documents and Settings\x\Application Data\Mozilla\Firefox\Profiles\plejz1qh.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup :mozilla.151:C:\Documents and Settings\x\Application Data\Mozilla\Firefox\Profiles\plejz1qh.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup :mozilla.152:C:\Documents and Settings\x\Application Data\Mozilla\Firefox\Profiles\plejz1qh.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup :mozilla.158:C:\Documents and Settings\x\Application Data\Mozilla\Firefox\Profiles\plejz1qh.default\cookies.txt -> TrackingCookie.Oewabox : Cleaned with backup :mozilla.173:C:\Documents and Settings\x\Application Data\Mozilla\Firefox\Profiles\plejz1qh.default\cookies.txt -> TrackingCookie.Realtracker : Cleaned with backup :mozilla.174:C:\Documents and Settings\x\Application Data\Mozilla\Firefox\Profiles\plejz1qh.default\cookies.txt -> TrackingCookie.Realtracker : Cleaned with backup :mozilla.198:C:\Documents and Settings\x\Application Data\Mozilla\Firefox\Profiles\plejz1qh.default\cookies.txt -> TrackingCookie.Zedo : Cleaned with backup :mozilla.199:C:\Documents and Settings\x\Application Data\Mozilla\Firefox\Profiles\plejz1qh.default\cookies.txt -> TrackingCookie.Zedo : Cleaned with backup :mozilla.200:C:\Documents and Settings\x\Application Data\Mozilla\Firefox\Profiles\plejz1qh.default\cookies.txt -> TrackingCookie.Zedo : Cleaned with backup :mozilla.201:C:\Documents and Settings\x\Application Data\Mozilla\Firefox\Profiles\plejz1qh.default\cookies.txt -> TrackingCookie.Tribalfusion : Cleaned with backup :mozilla.213:C:\Documents and Settings\x\Application Data\Mozilla\Firefox\Profiles\plejz1qh.default\cookies.txt -> TrackingCookie.Valueclick : Cleaned with backup :mozilla.214:C:\Documents and Settings\x\Application Data\Mozilla\Firefox\Profiles\plejz1qh.default\cookies.txt -> TrackingCookie.Valueclick : Cleaned with backup :mozilla.219:C:\Documents and Settings\x\Application Data\Mozilla\Firefox\Profiles\plejz1qh.default\cookies.txt -> TrackingCookie.Targetnet : Cleaned with backup :mozilla.220:C:\Documents and Settings\x\Application Data\Mozilla\Firefox\Profiles\plejz1qh.default\cookies.txt -> TrackingCookie.Targetnet : Cleaned with backup :mozilla.224:C:\Documents and Settings\x\Application Data\Mozilla\Firefox\Profiles\plejz1qh.default\cookies.txt -> TrackingCookie.Onestat : Cleaned with backup :mozilla.226:C:\Documents and Settings\x\Application Data\Mozilla\Firefox\Profiles\plejz1qh.default\cookies.txt -> TrackingCookie.Onestat : Cleaned with backup :mozilla.227:C:\Documents and Settings\x\Application Data\Mozilla\Firefox\Profiles\plejz1qh.default\cookies.txt -> TrackingCookie.Onestat : Cleaned with backup :mozilla.232:C:\Documents and Settings\x\Application Data\Mozilla\Firefox\Profiles\plejz1qh.default\cookies.txt -> TrackingCookie.Weborama : Cleaned with backup :mozilla.233:C:\Documents and Settings\x\Application Data\Mozilla\Firefox\Profiles\plejz1qh.default\cookies.txt -> TrackingCookie.Weborama : Cleaned with backup :mozilla.234:C:\Documents and Settings\x\Application Data\Mozilla\Firefox\Profiles\plejz1qh.default\cookies.txt -> TrackingCookie.Weborama : Cleaned with backup :mozilla.249:C:\Documents and Settings\x\Application Data\Mozilla\Firefox\Profiles\plejz1qh.default\cookies.txt -> TrackingCookie.Serving-sys : Cleaned with backup :mozilla.250:C:\Documents and Settings\x\Application Data\Mozilla\Firefox\Profiles\plejz1qh.default\cookies.txt -> TrackingCookie.Serving-sys : Cleaned with backup :mozilla.251:C:\Documents and Settings\x\Application Data\Mozilla\Firefox\Profiles\plejz1qh.default\cookies.txt -> TrackingCookie.Serving-sys : Cleaned with backup :mozilla.252:C:\Documents and Settings\x\Application Data\Mozilla\Firefox\Profiles\plejz1qh.default\cookies.txt -> TrackingCookie.Serving-sys : Cleaned with backup :mozilla.253:C:\Documents and Settings\x\Application Data\Mozilla\Firefox\Profiles\plejz1qh.default\cookies.txt -> TrackingCookie.Serving-sys : Cleaned with backup :mozilla.264:C:\Documents and Settings\x\Application Data\Mozilla\Firefox\Profiles\plejz1qh.default\cookies.txt -> TrackingCookie.Advertising : Cleaned with backup :mozilla.265:C:\Documents and Settings\x\Application Data\Mozilla\Firefox\Profiles\plejz1qh.default\cookies.txt -> TrackingCookie.Advertising : Cleaned with backup :mozilla.266:C:\Documents and Settings\x\Application Data\Mozilla\Firefox\Profiles\plejz1qh.default\cookies.txt -> TrackingCookie.Advertising : Cleaned with backup :mozilla.267:C:\Documents and Settings\x\Application Data\Mozilla\Firefox\Profiles\plejz1qh.default\cookies.txt -> TrackingCookie.Advertising : Cleaned with backup :mozilla.274:C:\Documents and Settings\x\Application Data\Mozilla\Firefox\Profiles\plejz1qh.default\cookies.txt -> TrackingCookie.Yadro : Cleaned with backup :mozilla.278:C:\Documents and Settings\x\Application Data\Mozilla\Firefox\Profiles\plejz1qh.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned with backup :mozilla.293:C:\Documents and Settings\x\Application Data\Mozilla\Firefox\Profiles\plejz1qh.default\cookies.txt -> TrackingCookie.Ivwbox : Cleaned with backup :mozilla.294:C:\Documents and Settings\x\Application Data\Mozilla\Firefox\Profiles\plejz1qh.default\cookies.txt -> TrackingCookie.Trafficmp : Cleaned with backup :mozilla.297:C:\Documents and Settings\x\Application Data\Mozilla\Firefox\Profiles\plejz1qh.default\cookies.txt -> TrackingCookie.Falkag : Cleaned with backup :mozilla.312:C:\Documents and Settings\x\Application Data\Mozilla\Firefox\Profiles\plejz1qh.default\cookies.txt -> TrackingCookie.Overture : Cleaned with backup :mozilla.314:C:\Documents and Settings\x\Application Data\Mozilla\Firefox\Profiles\plejz1qh.default\cookies.txt -> TrackingCookie.Spylog : Cleaned with backup :mozilla.315:C:\Documents and Settings\x\Application Data\Mozilla\Firefox\Profiles\plejz1qh.default\cookies.txt -> TrackingCookie.Qksrv : Cleaned with backup :mozilla.316:C:\Documents and Settings\x\Application Data\Mozilla\Firefox\Profiles\plejz1qh.default\cookies.txt -> TrackingCookie.Qksrv : Cleaned with backup :mozilla.332:C:\Documents and Settings\x\Application Data\Mozilla\Firefox\Profiles\plejz1qh.default\cookies.txt -> TrackingCookie.Clickhype : Cleaned with backup :mozilla.348:C:\Documents and Settings\x\Application Data\Mozilla\Firefox\Profiles\plejz1qh.default\cookies.txt -> TrackingCookie.Liveperson : Cleaned with backup :mozilla.349:C:\Documents and Settings\x\Application Data\Mozilla\Firefox\Profiles\plejz1qh.default\cookies.txt -> TrackingCookie.Liveperson : Cleaned with backup :mozilla.350:C:\Documents and Settings\x\Application Data\Mozilla\Firefox\Profiles\plejz1qh.default\cookies.txt -> TrackingCookie.Liveperson : Cleaned with backup :mozilla.367:C:\Documents and Settings\x\Application Data\Mozilla\Firefox\Profiles\plejz1qh.default\cookies.txt -> TrackingCookie.Esomniture : Cleaned with backup :mozilla.373:C:\Documents and Settings\x\Application Data\Mozilla\Firefox\Profiles\plejz1qh.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned with backup :mozilla.375:C:\Documents and Settings\x\Application Data\Mozilla\Firefox\Profiles\plejz1qh.default\cookies.txt -> TrackingCookie.Adrevolver : Cleaned with backup :mozilla.376:C:\Documents and Settings\x\Application Data\Mozilla\Firefox\Profiles\plejz1qh.default\cookies.txt -> TrackingCookie.Adrevolver : Cleaned with backup :mozilla.377:C:\Documents and Settings\x\Application Data\Mozilla\Firefox\Profiles\plejz1qh.default\cookies.txt -> TrackingCookie.Adrevolver : Cleaned with backup :mozilla.378:C:\Documents and Settings\x\Application Data\Mozilla\Firefox\Profiles\plejz1qh.default\cookies.txt -> TrackingCookie.Adrevolver : Cleaned with backup :mozilla.385:C:\Documents and Settings\x\Application Data\Mozilla\Firefox\Profiles\plejz1qh.default\cookies.txt -> TrackingCookie.Com : Cleaned with backup :mozilla.386:C:\Documents and Settings\x\Application Data\Mozilla\Firefox\Profiles\plejz1qh.default\cookies.txt -> TrackingCookie.Com : Cleaned with backup :mozilla.407:C:\Documents and Settings\x\Application Data\Mozilla\Firefox\Profiles\plejz1qh.default\cookies.txt -> TrackingCookie.Ru4 : Cleaned with backup :mozilla.412:C:\Documents and Settings\x\Application Data\Mozilla\Firefox\Profiles\plejz1qh.default\cookies.txt -> TrackingCookie.Bfast : Cleaned with backup :mozilla.415:C:\Documents and Settings\x\Application Data\Mozilla\Firefox\Profiles\plejz1qh.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned with backup :mozilla.416:C:\Documents and Settings\x\Application Data\Mozilla\Firefox\Profiles\plejz1qh.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned with backup :mozilla.417:C:\Documents and Settings\x\Application Data\Mozilla\Firefox\Profiles\plejz1qh.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned with backup :mozilla.418:C:\Documents and Settings\x\Application Data\Mozilla\Firefox\Profiles\plejz1qh.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned with backup :mozilla.419:C:\Documents and Settings\x\Application Data\Mozilla\Firefox\Profiles\plejz1qh.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned with backup :mozilla.420:C:\Documents and Settings\x\Application Data\Mozilla\Firefox\Profiles\plejz1qh.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned with backup :mozilla.421:C:\Documents and Settings\x\Application Data\Mozilla\Firefox\Profiles\plejz1qh.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned with backup :mozilla.422:C:\Documents and Settings\x\Application Data\Mozilla\Firefox\Profiles\plejz1qh.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned with backup :mozilla.423:C:\Documents and Settings\x\Application Data\Mozilla\Firefox\Profiles\plejz1qh.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned with backup :mozilla.424:C:\Documents and Settings\x\Application Data\Mozilla\Firefox\Profiles\plejz1qh.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned with backup :mozilla.425:C:\Documents and Settings\x\Application Data\Mozilla\Firefox\Profiles\plejz1qh.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned with backup :mozilla.446:C:\Documents and Settings\x\Application Data\Mozilla\Firefox\Profiles\plejz1qh.default\cookies.txt -> TrackingCookie.Estat : Cleaned with backup :mozilla.488:C:\Documents and Settings\x\Application Data\Mozilla\Firefox\Profiles\plejz1qh.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned with backup :mozilla.489:C:\Documents and Settings\x\Application Data\Mozilla\Firefox\Profiles\plejz1qh.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned with backup :mozilla.490:C:\Documents and Settings\x\Application Data\Mozilla\Firefox\Profiles\plejz1qh.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned with backup :mozilla.539:C:\Documents and Settings\x\Application Data\Mozilla\Firefox\Profiles\plejz1qh.default\cookies.txt -> TrackingCookie.Adserver : Cleaned with backup :mozilla.540:C:\Documents and Settings\x\Application Data\Mozilla\Firefox\Profiles\plejz1qh.default\cookies.txt -> TrackingCookie.Adserver : Cleaned with backup :mozilla.541:C:\Documents and Settings\x\Application Data\Mozilla\Firefox\Profiles\plejz1qh.default\cookies.txt -> TrackingCookie.Adserver : Cleaned with backup :mozilla.551:C:\Documents and Settings\x\Application Data\Mozilla\Firefox\Profiles\plejz1qh.default\cookies.txt -> TrackingCookie.Goldenpalace : Cleaned with backup :mozilla.566:C:\Documents and Settings\x\Application Data\Mozilla\Firefox\Profiles\plejz1qh.default\cookies.txt -> TrackingCookie.Euniverseads : Cleaned with backup :mozilla.567:C:\Documents and Settings\x\Application Data\Mozilla\Firefox\Profiles\plejz1qh.default\cookies.txt -> TrackingCookie.Ad-logics : Cleaned with backup :mozilla.586:C:\Documents and Settings\x\Application Data\Mozilla\Firefox\Profiles\plejz1qh.default\cookies.txt -> TrackingCookie.247realmedia : Cleaned with backup :mozilla.594:C:\Documents and Settings\x\Application Data\Mozilla\Firefox\Profiles\plejz1qh.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned with backup :mozilla.595:C:\Documents and Settings\x\Application Data\Mozilla\Firefox\Profiles\plejz1qh.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned with backup :mozilla.629:C:\Documents and Settings\x\Application Data\Mozilla\Firefox\Profiles\plejz1qh.default\cookies.txt -> TrackingCookie.Liveperson : Cleaned with backup :mozilla.631:C:\Documents and Settings\x\Application Data\Mozilla\Firefox\Profiles\plejz1qh.default\cookies.txt -> TrackingCookie.Web-stat : Cleaned with backup :mozilla.632:C:\Documents and Settings\x\Application Data\Mozilla\Firefox\Profiles\plejz1qh.default\cookies.txt -> TrackingCookie.Web-stat : Cleaned with backup :mozilla.634:C:\Documents and Settings\x\Application Data\Mozilla\Firefox\Profiles\plejz1qh.default\cookies.txt -> TrackingCookie.Comclick : Cleaned with backup :mozilla.635:C:\Documents and Settings\x\Application Data\Mozilla\Firefox\Profiles\plejz1qh.default\cookies.txt -> TrackingCookie.Comclick : Cleaned with backup :mozilla.636:C:\Documents and Settings\x\Application Data\Mozilla\Firefox\Profiles\plejz1qh.default\cookies.txt -> TrackingCookie.Comclick : Cleaned with backup :mozilla.638:C:\Documents and Settings\x\Application Data\Mozilla\Firefox\Profiles\plejz1qh.default\cookies.txt -> TrackingCookie.Smartadserver : Cleaned with backup :mozilla.639:C:\Documents and Settings\x\Application Data\Mozilla\Firefox\Profiles\plejz1qh.default\cookies.txt -> TrackingCookie.Smartadserver : Cleaned with backup :mozilla.640:C:\Documents and Settings\x\Application Data\Mozilla\Firefox\Profiles\plejz1qh.default\cookies.txt -> TrackingCookie.Smartadserver : Cleaned with backup :mozilla.666:C:\Documents and Settings\x\Application Data\Mozilla\Firefox\Profiles\plejz1qh.default\cookies.txt -> TrackingCookie.Esomniture : Cleaned with backup :mozilla.667:C:\Documents and Settings\x\Application Data\Mozilla\Firefox\Profiles\plejz1qh.default\cookies.txt -> TrackingCookie.Webtrendslive : Cleaned with backup :mozilla.671:C:\Documents and Settings\x\Application Data\Mozilla\Firefox\Profiles\plejz1qh.default\cookies.txt -> TrackingCookie.Esomniture : Cleaned with backup :mozilla.672:C:\Documents and Settings\x\Application Data\Mozilla\Firefox\Profiles\plejz1qh.default\cookies.txt -> TrackingCookie.Esomniture : Cleaned with backup :mozilla.673:C:\Documents and Settings\x\Application Data\Mozilla\Firefox\Profiles\plejz1qh.default\cookies.txt -> TrackingCookie.Esomniture : Cleaned with backup :mozilla.674:C:\Documents and Settings\x\Application Data\Mozilla\Firefox\Profiles\plejz1qh.default\cookies.txt -> TrackingCookie.Esomniture : Cleaned with backup :mozilla.675:C:\Documents and Settings\x\Application Data\Mozilla\Firefox\Profiles\plejz1qh.default\cookies.txt -> TrackingCookie.Esomniture : Cleaned with backup :mozilla.678:C:\Documents and Settings\x\Application Data\Mozilla\Firefox\Profiles\plejz1qh.default\cookies.txt -> TrackingCookie.Esomniture : Cleaned with backup :mozilla.682:C:\Documents and Settings\x\Application Data\Mozilla\Firefox\Profiles\plejz1qh.default\cookies.txt -> TrackingCookie.Esomniture : Cleaned with backup C:\Documents and Settings\x\Cookies\x@ad.yieldmanager[1].txt -> TrackingCookie.Yieldmanager : Cleaned with backup C:\Documents and Settings\x\Cookies\x@doubleclick[1].txt -> TrackingCookie.Doubleclick : Cleaned with backup C:\Documents and Settings\x\Cookies\x@efashionsolutions.122.2o7[1].txt -> TrackingCookie.2o7 : Cleaned with backup C:\Documents and Settings\x\Cookies\x@msnportal.112.2o7[1].txt -> TrackingCookie.2o7 : Cleaned with backup :mozilla.8:C:\Documents and Settings\x\Omat tiedostot\cookies.txt -> TrackingCookie.Doubleclick : Cleaned with backup :mozilla.10:C:\Documents and Settings\x\Omat tiedostot\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned with backup :mozilla.11:C:\Documents and Settings\x\Omat tiedostot\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned with backup :mozilla.12:C:\Documents and Settings\x\Omat tiedostot\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned with backup :mozilla.13:C:\Documents and Settings\x\Omat tiedostot\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned with backup :mozilla.14:C:\Documents and Settings\x\Omat tiedostot\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned with backup :mozilla.15:C:\Documents and Settings\x\Omat tiedostot\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned with backup :mozilla.16:C:\Documents and Settings\x\Omat tiedostot\cookies.txt -> TrackingCookie.Reliablestats : Cleaned with backup :mozilla.18:C:\Documents and Settings\x\Omat tiedostot\cookies.txt -> TrackingCookie.Reliablestats : Cleaned with backup :mozilla.19:C:\Documents and Settings\x\Omat tiedostot\cookies.txt -> TrackingCookie.Reliablestats : Cleaned with backup :mozilla.20:C:\Documents and Settings\x\Omat tiedostot\cookies.txt -> TrackingCookie.Reliablestats : Cleaned with backup :mozilla.21:C:\Documents and Settings\x\Omat tiedostot\cookies.txt -> TrackingCookie.Reliablestats : Cleaned with backup :mozilla.22:C:\Documents and Settings\x\Omat tiedostot\cookies.txt -> TrackingCookie.Reliablestats : Cleaned with backup :mozilla.23:C:\Documents and Settings\x\Omat tiedostot\cookies.txt -> TrackingCookie.Reliablestats : Cleaned with backup :mozilla.24:C:\Documents and Settings\x\Omat tiedostot\cookies.txt -> TrackingCookie.Reliablestats : Cleaned with backup :mozilla.25:C:\Documents and Settings\x\Omat tiedostot\cookies.txt -> TrackingCookie.Reliablestats : Cleaned with backup :mozilla.26:C:\Documents and Settings\x\Omat tiedostot\cookies.txt -> TrackingCookie.Cpvfeed : Cleaned with backup :mozilla.35:C:\Documents and Settings\x\Omat tiedostot\cookies.txt -> TrackingCookie.Adbrite : Cleaned with backup :mozilla.37:C:\Documents and Settings\x\Omat tiedostot\cookies.txt -> TrackingCookie.Adbrite : Cleaned with backup :mozilla.39:C:\Documents and Settings\x\Omat tiedostot\cookies.txt -> TrackingCookie.Tradedoubler : Cleaned with backup :mozilla.40:C:\Documents and Settings\x\Omat tiedostot\cookies.txt -> TrackingCookie.Tradedoubler : Cleaned with backup :mozilla.83:C:\Documents and Settings\x\Omat tiedostot\cookies.txt -> TrackingCookie.Atdmt : Cleaned with backup :mozilla.88:C:\Documents and Settings\x\Omat tiedostot\cookies.txt -> TrackingCookie.Fastclick : Cleaned with backup :mozilla.89:C:\Documents and Settings\x\Omat tiedostot\cookies.txt -> TrackingCookie.Fastclick : Cleaned with backup :mozilla.90:C:\Documents and Settings\x\Omat tiedostot\cookies.txt -> TrackingCookie.Fastclick : Cleaned with backup :mozilla.91:C:\Documents and Settings\x\Omat tiedostot\cookies.txt -> TrackingCookie.Fastclick : Cleaned with backup :mozilla.94:C:\Documents and Settings\x\Omat tiedostot\cookies.txt -> TrackingCookie.Tribalfusion : Cleaned with backup :mozilla.110:C:\Documents and Settings\x\Omat tiedostot\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup :mozilla.111:C:\Documents and Settings\x\Omat tiedostot\cookies.txt -> TrackingCookie.Sitestat : Cleaned with backup :mozilla.112:C:\Documents and Settings\x\Omat tiedostot\cookies.txt -> TrackingCookie.Sitestat : Cleaned with backup C:\WINNT\Downloaded Program Files\gsda.dll -> Not-A-Virus.Downloader.Win32.SpyGame : Cleaned with backup C:\WINNT\icont.exe -> Adware.AdURL : Cleaned with backup C:\WINNT\NDNuninstall6_30.exe -> Adware.NewDotNet : Cleaned with backup ::Report End Logfile of HijackThis v1.99.1 Scan saved at 23:41:09, on 10.4.2006 Platform: Windows 2000 SP4 (WinNT 5.00.2195) MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106) Running processes: C:\WINNT\System32\smss.exe C:\WINNT\system32\winlogon.exe C:\WINNT\system32\services.exe C:\WINNT\system32\lsass.exe C:\WINNT\system32\Ati2evxx.exe C:\Program Files\Common Files\Symantec Shared\ccProxy.exe C:\Program Files\Norton Internet Security\ISSVC.exe C:\WINNT\system32\svchost.exe C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe C:\WINNT\system32\LEXBCES.EXE C:\WINNT\system32\spoolsv.exe C:\WINNT\system32\LEXPPS.EXE C:\WINNT\system32\svchost.exe C:\Program Files\ewido anti-malware\ewidoctrl.exe C:\Program Files\ewido anti-malware\ewidoguard.exe C:\WINNT\system32\hidserv.exe C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe C:\WINNT\system32\MSTask.exe C:\WINNT\system32\stisvc.exe C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe C:\WINNT\System32\WBEM\WinMgmt.exe C:\WINNT\system32\mspmspsv.exe C:\WINNT\system32\svchost.exe C:\WINNT\system32\Ati2evxx.exe C:\WINNT\Explorer.EXE C:\Program Files\Lexmark X1100 Series\lxbkbmgr.exe C:\Program Files\Lexmark X1100 Series\lxbkbmon.exe C:\Program Files\Common Files\Real\Update_OB\realsched.exe C:\Program Files\Common Files\Symantec Shared\ccApp.exe C:\WINNT\system32\LVComS.exe C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe C:\PROGRA~1\MediaKey\MMKeybd.EXE C:\PROGRA~1\Sony\SONICS~1\SsAAD.exe C:\Program Files\Common Files\Sony Shared\AVLib\SSScsiSV.exe C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe C:\HijackThis.exe R1 - HKCU\Software\Microsoft\Internet Explorer,SearchURL = http://www.superwebsearch.com/ie/ R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://g.msn.fi/0SEFIFI/SAOS01 R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.mtv3.fi/ R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Linkit O3 - Toolbar: @msdxmLC.dll,-1@1033,&Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINNT\system32\msdxm.ocx O3 - Toolbar: Norton Internet Security - {0B53EAC3-8D69-4b9e-9B19-A37C9A5676A7} - C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon O4 - HKLM\..\Run: [F-Secure Manager] "C:\Program Files\F-Secure\Common\FSM32.EXE" /splash O4 - HKLM\..\Run: [NeroCheck] C:\WINNT\system32\\NeroCheck.exe O4 - HKLM\..\Run: [MessengerPlus3] "C:\Program Files\Messenger Plus! 3\MsgPlus.exe" O4 - HKLM\..\Run: [LogitechVideoRepair] C:\Program Files\Logitech\Video\ISStart.exe O4 - HKLM\..\Run: [LogitechVideoTray] C:\Program Files\Logitech\Video\LogiTray.exe O4 - HKLM\..\Run: [Lexmark X1100 Series] "C:\Program Files\Lexmark X1100 Series\lxbkbmgr.exe" O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\isuspm.exe -startup O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe" O4 - HKLM\..\Run: [SSC_UserPrompt] C:\Program Files\Common Files\Symantec Shared\Security Center\UsrPrmpt.exe O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe O4 - HKLM\..\Run: [MediaKey] C:\PROGRA~1\MediaKey\MMKeybd.EXE O4 - HKLM\..\Run: [SsAAD.exe] C:\PROGRA~1\Sony\SONICS~1\SsAAD.exe O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE O8 - Extra context menu item: Shorten URL - http://www.cjb.net/menuext.html O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://spaces.msn.com//PhotoUpload/MsnPUpld.cab O16 - DPF: {5BDBD95C-1E7F-4FB1-8497-20AF879F8B68} (FileSharingCtrl Class) - http://appdirectory.messenger.msn.com/AppDirectory/P4Apps/FileSharing/fi/filesharingctrl.cab O16 - DPF: {70BA88C8-DAE8-4CE9-92BB-979C4A75F53B} (GSDACtl Class) - http://launch.gamespyarcade.com/software/launch/alaunch.cab O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab O16 - DPF: {917623D1-D8E5-11D2-BE8B-00104B06BDE3} (CamImage Class) - http://webcam.werro.ee/activex/AxisCamControl.ocx O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMessengerSetupDownloader.cab O16 - DPF: {C4925E65-7A1E-11D2-8BB4-00A0C9CC72C3} (Virtools WebPlayer Class) - http://a532.g.akamai.net/7/532/6712...com/downloads/player/Install2.0/Installer.exe O16 - DPF: {D719897A-B07A-4C0C-AEA9-9B663A28DFCB} - http://ax.phobos.apple.com.edgesuite.net/detection/ITDetector.cab O20 - Winlogon Notify: nwprovau - C:\WINNT\SYSTEM32\nwprovau.dll O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINNT\system32\Ati2evxx.exe O23 - Service: ATI Smart - Unknown owner - C:\WINNT\system32\ati2sgag.exe O23 - Service: F-Secure BackWeb (BackWeb Client - 7681197) - Unknown owner - C:\PROGRA~1\F-Secure\BackWeb\7681197\Program\SERVIC~1.EXE (file missing) O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccProxy.exe O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe O23 - Service: Loogisen levyn hallinnan valvontapalvelu (dmadmin) - VERITAS Software Corp. - C:\WINNT\System32\dmadmin.exe O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido anti-malware\ewidoctrl.exe O23 - Service: ewido security suite guard - ewido networks - C:\Program Files\ewido anti-malware\ewidoguard.exe O23 - Service: F-Secure BackWeb LAN Access - Unknown owner - C:\Program Files\F-Secure\BackWeb\7681197\Program\fsbwlan.exe (file missing) O23 - Service: F-Secure Gatekeeper Handler Starter - Unknown owner - C:\Program Files\F-Secure\Anti-Virus\fsgk32st.exe (file missing) O23 - Service: F-Secure Network Request Broker - Unknown owner - C:\Program Files\F-Secure\Common\FNRB32.EXE (file missing) O23 - Service: F-Secure Authentication Agent (FSAA) - Unknown owner - C:\Program Files\F-Secure\Common\FSAA.EXE (file missing) O23 - Service: F-Secure Management Agent (FSMA) - Unknown owner - C:\Program Files\F-Secure\Common\FSMA32.EXE (file missing) O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: ISSvc (ISSVC) - Symantec Corporation - C:\Program Files\Norton Internet Security\ISSVC.exe O23 - Service: Kerio Personal Firewall 4 (KPF4) - Unknown owner - C:\Program Files\Kerio\Personal Firewall 4\kpf4ss.exe (file missing) O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINNT\system32\LEXBCES.EXE O23 - Service: MSCSPTISRV - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\MSCSPTISRV.exe O23 - Service: Norton AntiVirus Auto-Protect -palvelu (navapsvc) - Symantec Corporation - C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe O23 - Service: PACSPTISVR - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\PACSPTISVR.exe O23 - Service: RadClock - Unknown owner - C:\WINNT\system32\RadClock.exe O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton Internet Security\Norton AntiVirus\SAVScan.exe O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe O23 - Service: SonicStage SCSI Service (SSScsiSV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SSScsiSV.exe O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe Kannattaako mun säästää noi ohjelmat mitä mä latasin ni mahdollista myöhempää käyttöä varten? Ja näyttääkö nyt koneen asiat paremmilta? Pop uppeja ei ainakaa tähän mennessä ole tullut.
Loki on lähes ok Säästä se ewido, l2mdestroyerin ja bfu:n voit poistaa. Fixaa vielä tämä: R1 - HKCU\Software\Microsoft\Internet Explorer,SearchURL = http://www.superwebsearch.com/ie/[/b] Ja jos F-secure ja Kerio on poistettu koneelta, niin fixaa myös nämä: O23 - Service: F-Secure BackWeb (BackWeb Client - 7681197) - Unknown owner - C:\PROGRA~1\F-Secure\BackWeb\7681197\Program\SERVIC~1.EXE (file missing) O23 - Service: F-Secure BackWeb LAN Access - Unknown owner - C:\Program Files\F-Secure\BackWeb\7681197\Program\fsbwlan.exe (file missing) O23 - Service: F-Secure Gatekeeper Handler Starter - Unknown owner - C:\Program Files\F-Secure\Anti-Virus\fsgk32st.exe (file missing) O23 - Service: F-Secure Network Request Broker - Unknown owner - C:\Program Files\F-Secure\Common\FNRB32.EXE (file missing) O23 - Service: F-Secure Authentication Agent (FSAA) - Unknown owner - C:\Program Files\F-Secure\Common\FSAA.EXE (file missing) O23 - Service: F-Secure Management Agent (FSMA) - Unknown owner - C:\Program Files\F-Secure\Common\FSMA32.EXE (file missing) O23 - Service: Kerio Personal Firewall 4 (KPF4) - Unknown owner - C:\Program Files\Kerio\Personal Firewall 4\kpf4ss.exe (file missing) Sitten käynnistä -> suorita -> services.msc -> ok Etsi listalta: F-Secure BackWeb F-Secure BackWeb LAN Access F-Secure Gatekeeper Handler Starter F-Secure Network Request Broker F-Secure Authentication Agent F-Secure Management Agent Kerio Personal Firewall 4 Tuplaklikkaa niitä, paina seis ja valitse käynnistymistavaksi ei käytössä. Poista: C:\Program Files\F-Secure C:\Program Files\Kerio Käynnistä uudelleen ja lähetä uusi HjT-loki.
Nonni nyt on neki poistettu ja fixattu. Logfile of HijackThis v1.99.1 Scan saved at 15:14:28, on 11.4.2006 Platform: Windows 2000 SP4 (WinNT 5.00.2195) MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106) Running processes: C:\WINNT\System32\smss.exe C:\WINNT\system32\winlogon.exe C:\WINNT\system32\services.exe C:\WINNT\system32\lsass.exe C:\WINNT\system32\Ati2evxx.exe C:\Program Files\Common Files\Symantec Shared\ccProxy.exe C:\Program Files\Norton Internet Security\ISSVC.exe C:\WINNT\system32\svchost.exe C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe C:\WINNT\system32\LEXBCES.EXE C:\WINNT\system32\spoolsv.exe C:\WINNT\system32\LEXPPS.EXE C:\WINNT\system32\svchost.exe C:\Program Files\ewido anti-malware\ewidoctrl.exe C:\Program Files\ewido anti-malware\ewidoguard.exe C:\WINNT\system32\hidserv.exe C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe C:\WINNT\system32\MSTask.exe C:\WINNT\system32\stisvc.exe C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe C:\WINNT\System32\WBEM\WinMgmt.exe C:\WINNT\system32\mspmspsv.exe C:\WINNT\system32\svchost.exe C:\WINNT\system32\Ati2evxx.exe C:\WINNT\Explorer.EXE C:\Program Files\Lexmark X1100 Series\lxbkbmgr.exe C:\Program Files\Lexmark X1100 Series\lxbkbmon.exe C:\Program Files\Common Files\Real\Update_OB\realsched.exe C:\Program Files\Common Files\Symantec Shared\ccApp.exe C:\Program Files\Common Files\Symantec Shared\Security Center\UsrPrmpt.exe C:\WINNT\system32\LVComS.exe C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe C:\PROGRA~1\MediaKey\MMKeybd.EXE C:\PROGRA~1\Sony\SONICS~1\SsAAD.exe C:\Program Files\Common Files\Sony Shared\AVLib\SSScsiSV.exe C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe C:\HijackThis.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://g.msn.fi/0SEFIFI/SAOS01 R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.mtv3.fi/ R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Linkit O3 - Toolbar: @msdxmLC.dll,-1@1033,&Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINNT\system32\msdxm.ocx O3 - Toolbar: Norton Internet Security - {0B53EAC3-8D69-4b9e-9B19-A37C9A5676A7} - C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon O4 - HKLM\..\Run: [F-Secure Manager] "C:\Program Files\F-Secure\Common\FSM32.EXE" /splash O4 - HKLM\..\Run: [NeroCheck] C:\WINNT\system32\\NeroCheck.exe O4 - HKLM\..\Run: [MessengerPlus3] "C:\Program Files\Messenger Plus! 3\MsgPlus.exe" O4 - HKLM\..\Run: [LogitechVideoRepair] C:\Program Files\Logitech\Video\ISStart.exe O4 - HKLM\..\Run: [LogitechVideoTray] C:\Program Files\Logitech\Video\LogiTray.exe O4 - HKLM\..\Run: [Lexmark X1100 Series] "C:\Program Files\Lexmark X1100 Series\lxbkbmgr.exe" O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\isuspm.exe -startup O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe" O4 - HKLM\..\Run: [SSC_UserPrompt] C:\Program Files\Common Files\Symantec Shared\Security Center\UsrPrmpt.exe O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe O4 - HKLM\..\Run: [MediaKey] C:\PROGRA~1\MediaKey\MMKeybd.EXE O4 - HKLM\..\Run: [SsAAD.exe] C:\PROGRA~1\Sony\SONICS~1\SsAAD.exe O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE O8 - Extra context menu item: Shorten URL - http://www.cjb.net/menuext.html O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://spaces.msn.com//PhotoUpload/MsnPUpld.cab O16 - DPF: {5BDBD95C-1E7F-4FB1-8497-20AF879F8B68} (FileSharingCtrl Class) - http://appdirectory.messenger.msn.com/AppDirectory/P4Apps/FileSharing/fi/filesharingctrl.cab O16 - DPF: {70BA88C8-DAE8-4CE9-92BB-979C4A75F53B} (GSDACtl Class) - http://launch.gamespyarcade.com/software/launch/alaunch.cab O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab O16 - DPF: {917623D1-D8E5-11D2-BE8B-00104B06BDE3} (CamImage Class) - http://webcam.werro.ee/activex/AxisCamControl.ocx O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMessengerSetupDownloader.cab O16 - DPF: {C4925E65-7A1E-11D2-8BB4-00A0C9CC72C3} (Virtools WebPlayer Class) - http://a532.g.akamai.net/7/532/6712...com/downloads/player/Install2.0/Installer.exe O16 - DPF: {D719897A-B07A-4C0C-AEA9-9B663A28DFCB} - http://ax.phobos.apple.com.edgesuite.net/detection/ITDetector.cab O20 - Winlogon Notify: nwprovau - C:\WINNT\SYSTEM32\nwprovau.dll O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINNT\system32\Ati2evxx.exe O23 - Service: ATI Smart - Unknown owner - C:\WINNT\system32\ati2sgag.exe O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccProxy.exe O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe O23 - Service: Loogisen levyn hallinnan valvontapalvelu (dmadmin) - VERITAS Software Corp. - C:\WINNT\System32\dmadmin.exe O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido anti-malware\ewidoctrl.exe O23 - Service: ewido security suite guard - ewido networks - C:\Program Files\ewido anti-malware\ewidoguard.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: ISSvc (ISSVC) - Symantec Corporation - C:\Program Files\Norton Internet Security\ISSVC.exe O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINNT\system32\LEXBCES.EXE O23 - Service: MSCSPTISRV - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\MSCSPTISRV.exe O23 - Service: Norton AntiVirus Auto-Protect -palvelu (navapsvc) - Symantec Corporation - C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe O23 - Service: PACSPTISVR - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\PACSPTISVR.exe O23 - Service: RadClock - Unknown owner - C:\WINNT\system32\RadClock.exe O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton Internet Security\Norton AntiVirus\SAVScan.exe O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe O23 - Service: SonicStage SCSI Service (SSScsiSV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SSScsiSV.exe O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe Toimiiko tu ewido samalla periaatteella kuin ad aware? Ja vielä TUHANNET KIITOKSET AVUSTA!!!!
