Logfile of HijackThis v1.99.1 Scan saved at 16:21:42, on 4.5.2007 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\TGTSoft\StyleXP\StyleXPService.exe C:\WINDOWS\system32\Ati2evxx.exe C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\Explorer.EXE C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe C:\Program Files\Common Files\Symantec Shared\ccApp.exe C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe C:\Program Files\Microsoft Hardware\Keyboard\type32.exe C:\WINDOWS\System32\inetsrv\daemon\services.exe C:\Program Files\EPoX\USDM\USDM.EXE C:\WINDOWS\System32\inetsrv\daemon\ethernet.exe C:\Program Files\Common Files\PCSuite\DataLayer\DataLayer.exe C:\WINDOWS\system32\RunDll32.exe C:\Program Files\TGTSoft\StyleXP\StyleXP.exe C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe C:\Program Files\MSN Messenger\msnmsgr.exe C:\Program Files\Messenger\msmsgs.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe C:\PROGRA~1\COMMON~1\PCSuite\Services\SERVIC~1.EXE C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.EXE C:\PROGRA~1\COMMON~1\Nokia\MPAPI\MPAPI3s.exe C:\Program Files\Canon\CAL\CALMAIN.exe C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe D:\AAA\HijackThis_v1.99.1.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Linkit O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll O2 - BHO: (no name) - {1E8A6170-7264-4D0F-BEAE-D42A53123C75} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\1.0\NppBho.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file) O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll O3 - Toolbar: Show Norton Toolbar - {90222687-F593-4738-B738-FBEE9C7B26DF} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\1.0\UIBHO.dll O4 - HKLM\..\Run: [Symantec PIF AlertEng] "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /a /m "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\AlertEng.dll" O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe" O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe" O4 - HKLM\..\Run: [PCSuiteTrayApplication] C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe -onlytray O4 - HKLM\..\Run: [osCheck] "C:\Program Files\Norton Internet Security\osCheck.exe" O4 - HKLM\..\Run: [NVMixerTray] "C:\Program Files\NVIDIA Corporation\NvMixer\NVMixerTray.exe" O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe O4 - HKLM\..\Run: [IntelliType] "C:\Program Files\Microsoft Hardware\Keyboard\type32.exe" O4 - HKLM\..\Run: [EPoXUSDM] "C:\Program Files\EPoX\USDM\USDM.EXE" "5000" O4 - HKLM\..\Run: [DataLayer] C:\Program Files\Common Files\PCSuite\DataLayer\DataLayer.exe O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd O4 - HKCU\..\Run: [STYLEXP] C:\Program Files\TGTSoft\StyleXP\StyleXP.exe -Hide O4 - HKCU\..\Run: [PcSync] C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background O4 - HKCU\..\Run: [MessengerPlus3] "C:\Program Files\MessengerPlus! 3\MsgPlus.exe" /WinStart O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe" O4 - HKCU\..\Run: [StartCCC] C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MI1933~1\OFFICE11\EXCEL.EXE/3000 O8 - Extra context menu item: Easy-WebPrint Add To Print List - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_AddToList.html O8 - Extra context menu item: Easy-WebPrint High Speed Print - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_HSPrint.html O8 - Extra context menu item: Easy-WebPrint Preview - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Preview.html O8 - Extra context menu item: Easy-WebPrint Print - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Print.html O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MI1933~1\OFFICE11\REFIEBAR.DLL O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O16 - DPF: {85D1F3B2-2A21-11D7-97B9-0010DC2A6243} (SecureLogin class) - http://secure2.comned.com/signuptemplates/securelogin-devel.cab O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe O23 - Service: Canon Camera Access Library 8 (CCALib8) - Canon Inc. - C:\Program Files\Canon\CAL\CALMAIN.exe O23 - Service: Symantec Event Manager (ccEvtMgr) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe" /h ccCommon (file missing) O23 - Service: Symantec Settings Manager (ccSetMgr) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe" /h ccCommon (file missing) O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe" /h ccCommon (file missing) O23 - Service: COM Host (comHost) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\VAScanner\comHost.exe O23 - Service: DisplayController - Unknown owner - C:\WINDOWS\System32\inetsrv\daemon\services.exe O23 - Service: EthernetController - Unknown owner - C:\WINDOWS\System32\inetsrv\daemon\services.exe O23 - Service: Symantec IS Password Validation (ISPwdSvc) - Symantec Corporation - C:\Program Files\Norton Internet Security\isPwdSvc.exe O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE O23 - Service: LiveUpdate Notice Service Ex (LiveUpdate Notice Ex) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe" /h ccCommon (file missing) O23 - Service: LiveUpdate Notice Service - Unknown owner - C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /m "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PifEng.dll (file missing) O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe O23 - Service: StyleXPService - Unknown owner - C:\Program Files\TGTSoft\StyleXP\StyleXPService.exe O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe O23 - Service: Symantec AppCore Service (SymAppCore) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe
Avaa hijackthis merkkaa seuraavat rivi(t) ja paina fix checked, sulje muut ohjelmat siksi aikaa O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file) O16 - DPF: {85D1F3B2-2A21-11D7-97B9-0010DC2A6243} (SecureLogin class) - http://secure2.comned.com/signuptemplates/securelogin-devel.cab O23 - Service: DisplayController - Unknown owner - C:\WINDOWS\System32\inetsrv\daemon\services.exe O23 - Service: EthernetController - Unknown owner - C:\WINDOWS\System32\inetsrv\daemon\services.exe Tässä ohje miten merkataan: ******** kopioi seuraavat rivit esim notepad:in @echo off sc delete DisplayController sc delete EthernetControlle Tallenna nimellä FIX.BAT työpöydälle muotoon kaikki tiedostot tuplaklikka hiirellä FIX.BAT :a ******** 1,Lataa AVG Anti-Spyware 7.5 ja tallenna ohjelma työpöydällesi. Jos sinulla on jo kyseinen ohjelma siirry suoraan kohtaan 2! [*]Kun olet ladannut ohjelman, kaksoisklikkaa asennuohjelman pikakuvaketta työpöydälläsi, asennus alkaa. [*]Asennuksen jälkeen täytyy ohjelma käynnistää ja sen tunnisteet päivittää. 2. [*]Käynnistä AVG eAnti-Spyware. [*]Klikkaa "Update" kuvaketta päävalikossa. Sen jälkeen klikkaa "Update now" painiketta. [*]Sitten klikkaa "Start Update" kuvaketta jolloin päivitys alkaa. [*]Paina hetken kuluttua uudestaan "Start Update" , jos päivitykset eivät heti onnistu [*]Jos automaattipäivitys ei jostain syystä toimi, niin tunnisteet voi ladata manuaalisesti http://www.ewido.net/en/download/updates/ -linkin takaa. [*]Kun päivitykset on ladattu, klikkaa "Scanner" kuvaketta ikkunan ylälaidassa. Valitse sitten "Settings" välilehti. [*]Kun "Settings" valikko on auennut, klikkaa "Recommended actions" ja sitten valitse "Quarantine". [*]Sitten "Reports" valikon alta: [*]Laita täppi kohtaan "Automatically generate report after every scan" [*]Ota täppi pois kohdasta"Only if threats were found" [*]Sitten klikkaa "Shield" kuvaketta ikkunan ylälaidassa [*]"Resident shield is", muuta tila active:sta inactive:ksi [*]Sulje ohjelma, ÄLÄ skannaa vielä. Käynnistä tietokone vikasietotilaan: 1. Käynnistä tietokone uudelleen. 2. Kun tietokone käynnistyy, paina F8-näppäintä. 3. Näyttöön tulee erilaisia käynnistysvaihtoehtoja. 4. Valitse näppäimistön nuolinäppäinten avulla Vikasietotila. 5. Paina ENTER-näppäintä. Poista tää kansio HUOM! Älä käytä muita ohjelmia AVG skannauksen aikana, tämä saattaa häiritä skannausta. [*]Kun vikasietotilassa, käynnistä AVG Anti-Spyware. [*]Klikkaa "Scanner" kuvaketta ikkunan ylälaidassa ja valitse "Scan" välilehti. Sitten klikkaa "Complete System Scan". [*]AVG aloittaa nyt tietokoneen skannaamisen, ole kärsivällinen sillä skannaus vie aikaa. Kun skannaus on valmis: TÄRKEÄÄ : Älä klikkaa "Save Scan Report" ennen kuin klikkaat "Apply all Actions" [*]Varmistu, että Set all elements to: näyttää Quarantine (1), jos ei, klikkaa linkkiä ja valitse Quarantine popup-valikosta. [*]Sinulta kysytään mitä tehdä jos infektioita löytyi, valitse silloin "Apply all actions" [*]Sitten klikkaa "Reports" kuvaketta ohjelma yläosasta. [*]Klikkaa "Save report as" painiketta ikkunan vasemmassa alalaidassa ja tallenna raportti työpöydälle. [*]Sulje ohjelma, käynnistä kone normaalisti ja lähetä AVG:n raportti viestiketjuusi. ***** 1. Lataa combofix.exe työpöydällesi jommastakummasta linkistä: http://www.techsupportforum.com/sectools/sUBs/ComboFix.exe http://download.bleepingcomputer.com/sUBs/ComboFix.exe 2. Tuplaklikkaa combofix.exe tiedostoa ja seuraa ohjeistuksia. 3. Kun työkalu on valmis, se tuottaa lokin. (C:\ComboFix.txt) Lähetä tämä loki viesti ketjuusi. Huom! Älä klikkaile combofixin ikkunaa käytön aikana. Tämä saattaa aiheuttaa ohjelman jumiutumisen. ***** uusi hijackthis logi
--------------------------------------------------------- AVG Anti-Spyware - Scan Report --------------------------------------------------------- + Created at: 21:24:07 4.5.2007 + Scan result: C:\WINDOWS\system32\inetsrv\daemon\display.exe -> Backdoor.Iroffer.b : Cleaned with backup (quarantined). F:\System Volume Information\_restore{BB579893-769C-4030-BB06-D1FAE4506BB7}\RP230\A0060746.exe -> Dropper.Delf.jn : Cleaned with backup (quarantined). F:\System Volume Information\_restore{BB579893-769C-4030-BB06-D1FAE4506BB7}\RP230\A0060890.exe -> Dropper.Delf.jn : Cleaned with backup (quarantined). C:\Program Files\vso\ConvertXtoDVD\patch.exe -> Dropper.Small : Cleaned with backup (quarantined). F:\Uus eMule\pornosaur ps_v144.exe -> Heuristic.Win32.Dialer : Cleaned with backup (quarantined). C:\Program Files\Pornosaur\Pornosaur.exe -> Not-A-Virus.PornTool.Win32.Pornosaur.144 : Cleaned with backup (quarantined). C:\Program Files\Pornosaur\window.exe -> Not-A-Virus.PornTool.Win32.Pornosaur.144 : Cleaned with backup (quarantined). C:\System Volume Information\_restore{E28C47F2-9EDB-4DF8-A80F-2A114637D0A8}\RP15\A0001112.exe -> Not-A-Virus.PornTool.Win32.Pornosaur.144 : Cleaned with backup (quarantined). F:\Uus eMule\ps_v145.rar/ps_v145.exe -> Not-A-Virus.PornTool.Win32.Pornosaur.145 : Cleaned with backup (quarantined). C:\Program Files\Spybot - Search & Destroy 1.1\Recovery\InternetExplorer6.zip/jurppi@247realmedia[1].txt -> TrackingCookie.247realmedia : Cleaned. C:\Program Files\Spybot - Search & Destroy 1.1\Recovery\InternetExplorer6.zip/jurppi@oasc02.247realmedia[1].txt -> TrackingCookie.247realmedia : Cleaned. :mozilla.198:C:\Documents and Settings\jurppi\Application Data\Mozilla\Firefox\Profiles\qjskq7fl.default\cookies.txt -> TrackingCookie.2o7 : Cleaned. :mozilla.199:C:\Documents and Settings\jurppi\Application Data\Mozilla\Firefox\Profiles\qjskq7fl.default\cookies.txt -> TrackingCookie.2o7 : Cleaned. :mozilla.200:C:\Documents and Settings\jurppi\Application Data\Mozilla\Firefox\Profiles\qjskq7fl.default\cookies.txt -> TrackingCookie.2o7 : Cleaned. :mozilla.201:C:\Documents and Settings\jurppi\Application Data\Mozilla\Firefox\Profiles\qjskq7fl.default\cookies.txt -> TrackingCookie.2o7 : Cleaned. :mozilla.202:C:\Documents and Settings\jurppi\Application Data\Mozilla\Firefox\Profiles\qjskq7fl.default\cookies.txt -> TrackingCookie.2o7 : Cleaned. :mozilla.203:C:\Documents and Settings\jurppi\Application Data\Mozilla\Firefox\Profiles\qjskq7fl.default\cookies.txt -> TrackingCookie.2o7 : Cleaned. :mozilla.204:C:\Documents and Settings\jurppi\Application Data\Mozilla\Firefox\Profiles\qjskq7fl.default\cookies.txt -> TrackingCookie.2o7 : Cleaned. :mozilla.205:C:\Documents and Settings\jurppi\Application Data\Mozilla\Firefox\Profiles\qjskq7fl.default\cookies.txt -> TrackingCookie.2o7 : Cleaned. :mozilla.278:C:\Documents and Settings\jurppi\Application Data\Mozilla\Firefox\Profiles\qjskq7fl.default\cookies.txt -> TrackingCookie.2o7 : Cleaned. :mozilla.488:C:\Documents and Settings\jurppi\Application Data\Mozilla\Firefox\Profiles\qjskq7fl.default\cookies.txt -> TrackingCookie.2o7 : Cleaned. :mozilla.502:C:\Documents and Settings\jurppi\Application Data\Mozilla\Firefox\Profiles\qjskq7fl.default\cookies.txt -> TrackingCookie.2o7 : Cleaned. :mozilla.644:C:\Documents and Settings\jurppi\Application Data\Mozilla\Firefox\Profiles\qjskq7fl.default\cookies.txt -> TrackingCookie.2o7 : Cleaned. :mozilla.760:C:\Documents and Settings\jurppi\Application Data\Mozilla\Firefox\Profiles\qjskq7fl.default\cookies.txt -> TrackingCookie.2o7 : Cleaned. :mozilla.797:C:\Documents and Settings\jurppi\Application Data\Mozilla\Firefox\Profiles\qjskq7fl.default\cookies.txt -> TrackingCookie.2o7 : Cleaned. C:\Documents and Settings\jurppi\Cookies\jurppi@msnportal.112.2o7[1].txt -> TrackingCookie.2o7 : Cleaned. C:\Program Files\Spybot - Search & Destroy 1.1\Recovery\InternetExplorer3.zip/jurppi@msnportal.112.2o7[1].txt -> TrackingCookie.2o7 : Cleaned. C:\Program Files\Spybot - Search & Destroy 1.1\Recovery\InternetExplorer4.zip/jurppi@msnportal.112.2o7[1].txt -> TrackingCookie.2o7 : Cleaned. C:\Program Files\Spybot - Search & Destroy 1.1\Recovery\InternetExplorer6.zip/jurppi@microsoftwga.112.2o7[1].txt -> TrackingCookie.2o7 : Cleaned. C:\Program Files\Spybot - Search & Destroy 1.1\Recovery\InternetExplorer6.zip/jurppi@msnportal.112.2o7[1].txt -> TrackingCookie.2o7 : Cleaned. C:\Program Files\Spybot - Search & Destroy 1.1\Recovery\InternetExplorer8.zip/jurppi@msnportal.112.2o7[1].txt -> TrackingCookie.2o7 : Cleaned. :mozilla.197:C:\Documents and Settings\jurppi\Application Data\Mozilla\Firefox\Profiles\qjskq7fl.default\cookies.txt -> TrackingCookie.Abcsearch : Cleaned. :mozilla.170:C:\Documents and Settings\jurppi\Application Data\Mozilla\Firefox\Profiles\qjskq7fl.default\cookies.txt -> TrackingCookie.Adbrite : Cleaned. :mozilla.171:C:\Documents and Settings\jurppi\Application Data\Mozilla\Firefox\Profiles\qjskq7fl.default\cookies.txt -> TrackingCookie.Adbrite : Cleaned. :mozilla.172:C:\Documents and Settings\jurppi\Application Data\Mozilla\Firefox\Profiles\qjskq7fl.default\cookies.txt -> TrackingCookie.Adbrite : Cleaned. :mozilla.868:C:\Documents and Settings\jurppi\Application Data\Mozilla\Firefox\Profiles\qjskq7fl.default\cookies.txt -> TrackingCookie.Adocean : Cleaned. :mozilla.869:C:\Documents and Settings\jurppi\Application Data\Mozilla\Firefox\Profiles\qjskq7fl.default\cookies.txt -> TrackingCookie.Adocean : Cleaned. :mozilla.870:C:\Documents and Settings\jurppi\Application Data\Mozilla\Firefox\Profiles\qjskq7fl.default\cookies.txt -> TrackingCookie.Adocean : Cleaned. :mozilla.871:C:\Documents and Settings\jurppi\Application Data\Mozilla\Firefox\Profiles\qjskq7fl.default\cookies.txt -> TrackingCookie.Adocean : Cleaned. :mozilla.79:C:\Documents and Settings\jurppi\Application Data\Mozilla\Firefox\Profiles\qjskq7fl.default\cookies.txt -> TrackingCookie.Adrevolver : Cleaned. :mozilla.80:C:\Documents and Settings\jurppi\Application Data\Mozilla\Firefox\Profiles\qjskq7fl.default\cookies.txt -> TrackingCookie.Adrevolver : Cleaned. :mozilla.81:C:\Documents and Settings\jurppi\Application Data\Mozilla\Firefox\Profiles\qjskq7fl.default\cookies.txt -> TrackingCookie.Adrevolver : Cleaned. :mozilla.82:C:\Documents and Settings\jurppi\Application Data\Mozilla\Firefox\Profiles\qjskq7fl.default\cookies.txt -> TrackingCookie.Adrevolver : Cleaned. :mozilla.83:C:\Documents and Settings\jurppi\Application Data\Mozilla\Firefox\Profiles\qjskq7fl.default\cookies.txt -> TrackingCookie.Adrevolver : Cleaned. :mozilla.86:C:\Documents and Settings\jurppi\Application Data\Mozilla\Firefox\Profiles\qjskq7fl.default\cookies.txt -> TrackingCookie.Adrevolver : Cleaned. :mozilla.60:C:\Documents and Settings\jurppi\Application Data\Mozilla\Firefox\Profiles\qjskq7fl.default\cookies.txt -> TrackingCookie.Adtech : Cleaned. :mozilla.61:C:\Documents and Settings\jurppi\Application Data\Mozilla\Firefox\Profiles\qjskq7fl.default\cookies.txt -> TrackingCookie.Adtech : Cleaned. C:\Program Files\Spybot - Search & Destroy 1.1\Recovery\InternetExplorer4.zip/jurppi@adtech[2].txt -> TrackingCookie.Adtech : Cleaned. :mozilla.100:C:\Documents and Settings\jurppi\Application Data\Mozilla\Firefox\Profiles\qjskq7fl.default\cookies.txt -> TrackingCookie.Advertising : Cleaned. :mozilla.101:C:\Documents and Settings\jurppi\Application Data\Mozilla\Firefox\Profiles\qjskq7fl.default\cookies.txt -> TrackingCookie.Advertising : Cleaned. :mozilla.102:C:\Documents and Settings\jurppi\Application Data\Mozilla\Firefox\Profiles\qjskq7fl.default\cookies.txt -> TrackingCookie.Advertising : Cleaned. :mozilla.103:C:\Documents and Settings\jurppi\Application Data\Mozilla\Firefox\Profiles\qjskq7fl.default\cookies.txt -> TrackingCookie.Advertising : Cleaned. :mozilla.104:C:\Documents and Settings\jurppi\Application Data\Mozilla\Firefox\Profiles\qjskq7fl.default\cookies.txt -> TrackingCookie.Advertising : Cleaned. :mozilla.301:C:\Documents and Settings\jurppi\Application Data\Mozilla\Firefox\Profiles\qjskq7fl.default\cookies.txt -> TrackingCookie.Atdmt : Cleaned. C:\Documents and Settings\jurppi\Cookies\jurppi@atdmt[2].txt -> TrackingCookie.Atdmt : Cleaned. C:\Program Files\Spybot - Search & Destroy 1.1\Recovery\AvenueAInc.zip/jurppi@atdmt[2].txt -> TrackingCookie.Atdmt : Cleaned. C:\Program Files\Spybot - Search & Destroy 1.1\Recovery\AvenueAInc1.zip/jurppi@atdmt[2].txt -> TrackingCookie.Atdmt : Cleaned. C:\Program Files\Spybot - Search & Destroy 1.1\Recovery\AvenueAInc2.zip/jurppi@atdmt[2].txt -> TrackingCookie.Atdmt : Cleaned. C:\Program Files\Spybot - Search & Destroy 1.1\Recovery\AvenueAInc3.zip/jurppi@atdmt[1].txt -> TrackingCookie.Atdmt : Cleaned. C:\Program Files\Spybot - Search & Destroy 1.1\Recovery\AvenueAInc4.zip/jurppi@atdmt[2].txt -> TrackingCookie.Atdmt : Cleaned. :mozilla.123:C:\Documents and Settings\jurppi\Application Data\Mozilla\Firefox\Profiles\qjskq7fl.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned. :mozilla.126:C:\Documents and Settings\jurppi\Application Data\Mozilla\Firefox\Profiles\qjskq7fl.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned. :mozilla.127:C:\Documents and Settings\jurppi\Application Data\Mozilla\Firefox\Profiles\qjskq7fl.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned. :mozilla.128:C:\Documents and Settings\jurppi\Application Data\Mozilla\Firefox\Profiles\qjskq7fl.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned. :mozilla.129:C:\Documents and Settings\jurppi\Application Data\Mozilla\Firefox\Profiles\qjskq7fl.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned. :mozilla.130:C:\Documents and Settings\jurppi\Application Data\Mozilla\Firefox\Profiles\qjskq7fl.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned. :mozilla.131:C:\Documents and Settings\jurppi\Application Data\Mozilla\Firefox\Profiles\qjskq7fl.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned. :mozilla.132:C:\Documents and Settings\jurppi\Application Data\Mozilla\Firefox\Profiles\qjskq7fl.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned. C:\Program Files\Spybot - Search & Destroy 1.1\Recovery\InternetExplorer6.zip/jurppi@casalemedia[2].txt -> TrackingCookie.Casalemedia : Cleaned. :mozilla.730:C:\Documents and Settings\jurppi\Application Data\Mozilla\Firefox\Profiles\qjskq7fl.default\cookies.txt -> TrackingCookie.Cnn : Cleaned. :mozilla.344:C:\Documents and Settings\jurppi\Application Data\Mozilla\Firefox\Profiles\qjskq7fl.default\cookies.txt -> TrackingCookie.Com : Cleaned. :mozilla.33:C:\Documents and Settings\jurppi\Application Data\Mozilla\Firefox\Profiles\qjskq7fl.default\cookies.txt -> TrackingCookie.Doubleclick : Cleaned. C:\Documents and Settings\jurppi\Cookies\jurppi@doubleclick[1].txt -> TrackingCookie.Doubleclick : Cleaned. C:\Program Files\Spybot - Search & Destroy 1.1\Recovery\DoubleClick.zip/jurppi@doubleclick[1].txt -> TrackingCookie.Doubleclick : Cleaned. C:\Program Files\Spybot - Search & Destroy 1.1\Recovery\DoubleClick1.zip/jurppi@doubleclick[2].txt -> TrackingCookie.Doubleclick : Cleaned. C:\Program Files\Spybot - Search & Destroy 1.1\Recovery\DoubleClick2.zip/jurppi@doubleclick[2].txt -> TrackingCookie.Doubleclick : Cleaned. C:\Program Files\Spybot - Search & Destroy 1.1\Recovery\DoubleClick3.zip/jurppi@doubleclick[1].txt -> TrackingCookie.Doubleclick : Cleaned. C:\Program Files\Spybot - Search & Destroy 1.1\Recovery\DoubleClick4.zip/jurppi@doubleclick[2].txt -> TrackingCookie.Doubleclick : Cleaned. C:\Program Files\Spybot - Search & Destroy 1.1\Recovery\DoubleClick5.zip/jurppi@doubleclick[1].txt -> TrackingCookie.Doubleclick : Cleaned. :mozilla.250:C:\Documents and Settings\jurppi\Application Data\Mozilla\Firefox\Profiles\qjskq7fl.default\cookies.txt -> TrackingCookie.Enhance : Cleaned. :mozilla.251:C:\Documents and Settings\jurppi\Application Data\Mozilla\Firefox\Profiles\qjskq7fl.default\cookies.txt -> TrackingCookie.Enhance : Cleaned. :mozilla.570:C:\Documents and Settings\jurppi\Application Data\Mozilla\Firefox\Profiles\qjskq7fl.default\cookies.txt -> TrackingCookie.Epilot : Cleaned. :mozilla.74:C:\Documents and Settings\jurppi\Application Data\Mozilla\Firefox\Profiles\qjskq7fl.default\cookies.txt -> TrackingCookie.Fastclick : Cleaned. :mozilla.75:C:\Documents and Settings\jurppi\Application Data\Mozilla\Firefox\Profiles\qjskq7fl.default\cookies.txt -> TrackingCookie.Fastclick : Cleaned. :mozilla.76:C:\Documents and Settings\jurppi\Application Data\Mozilla\Firefox\Profiles\qjskq7fl.default\cookies.txt -> TrackingCookie.Fastclick : Cleaned. :mozilla.78:C:\Documents and Settings\jurppi\Application Data\Mozilla\Firefox\Profiles\qjskq7fl.default\cookies.txt -> TrackingCookie.Fastclick : Cleaned. C:\Program Files\Spybot - Search & Destroy 1.1\Recovery\FastClick.zip/jurppi@fastclick[2].txt -> TrackingCookie.Fastclick : Cleaned. :mozilla.507:C:\Documents and Settings\jurppi\Application Data\Mozilla\Firefox\Profiles\qjskq7fl.default\cookies.txt -> TrackingCookie.Gemius : Cleaned. :mozilla.508:C:\Documents and Settings\jurppi\Application Data\Mozilla\Firefox\Profiles\qjskq7fl.default\cookies.txt -> TrackingCookie.Gemius : Cleaned. :mozilla.248:C:\Documents and Settings\jurppi\Application Data\Mozilla\Firefox\Profiles\qjskq7fl.default\cookies.txt -> TrackingCookie.Goclick : Cleaned. :mozilla.249:C:\Documents and Settings\jurppi\Application Data\Mozilla\Firefox\Profiles\qjskq7fl.default\cookies.txt -> TrackingCookie.Goclick : Cleaned. :mozilla.208:C:\Documents and Settings\jurppi\Application Data\Mozilla\Firefox\Profiles\qjskq7fl.default\cookies.txt -> TrackingCookie.Googleadservices : Cleaned. :mozilla.523:C:\Documents and Settings\jurppi\Application Data\Mozilla\Firefox\Profiles\qjskq7fl.default\cookies.txt -> TrackingCookie.Googleadservices : Cleaned. :mozilla.40:C:\Documents and Settings\jurppi\Application Data\Mozilla\Firefox\Profiles\qjskq7fl.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned. :mozilla.431:C:\Documents and Settings\jurppi\Application Data\Mozilla\Firefox\Profiles\qjskq7fl.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned. :mozilla.718:C:\Documents and Settings\jurppi\Application Data\Mozilla\Firefox\Profiles\qjskq7fl.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned. :mozilla.719:C:\Documents and Settings\jurppi\Application Data\Mozilla\Firefox\Profiles\qjskq7fl.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned. :mozilla.110:C:\Documents and Settings\jurppi\Application Data\Mozilla\Firefox\Profiles\qjskq7fl.default\cookies.txt -> TrackingCookie.Hotlog : Cleaned. :mozilla.87:C:\Documents and Settings\jurppi\Application Data\Mozilla\Firefox\Profiles\qjskq7fl.default\cookies.txt -> TrackingCookie.Imrworldwide : Cleaned. :mozilla.88:C:\Documents and Settings\jurppi\Application Data\Mozilla\Firefox\Profiles\qjskq7fl.default\cookies.txt -> TrackingCookie.Imrworldwide : Cleaned. :mozilla.744:C:\Documents and Settings\jurppi\Application Data\Mozilla\Firefox\Profiles\qjskq7fl.default\cookies.txt -> TrackingCookie.Information : Cleaned. :mozilla.779:C:\Documents and Settings\jurppi\Application Data\Mozilla\Firefox\Profiles\qjskq7fl.default\cookies.txt -> TrackingCookie.Ivwbox : Cleaned. C:\Program Files\Spybot - Search & Destroy 1.1\Recovery\InternetExplorer3.zip/jurppi@search.live[1].txt -> TrackingCookie.Live : Cleaned. :mozilla.713:C:\Documents and Settings\jurppi\Application Data\Mozilla\Firefox\Profiles\qjskq7fl.default\cookies.txt -> TrackingCookie.Liveperson : Cleaned. :mozilla.714:C:\Documents and Settings\jurppi\Application Data\Mozilla\Firefox\Profiles\qjskq7fl.default\cookies.txt -> TrackingCookie.Liveperson : Cleaned. :mozilla.715:C:\Documents and Settings\jurppi\Application Data\Mozilla\Firefox\Profiles\qjskq7fl.default\cookies.txt -> TrackingCookie.Liveperson : Cleaned. :mozilla.241:C:\Documents and Settings\jurppi\Application Data\Mozilla\Firefox\Profiles\qjskq7fl.default\cookies.txt -> TrackingCookie.Mediaplex : Cleaned. :mozilla.242:C:\Documents and Settings\jurppi\Application Data\Mozilla\Firefox\Profiles\qjskq7fl.default\cookies.txt -> TrackingCookie.Mediaplex : Cleaned. :mozilla.560:C:\Documents and Settings\jurppi\Application Data\Mozilla\Firefox\Profiles\qjskq7fl.default\cookies.txt -> TrackingCookie.Overture : Cleaned. :mozilla.561:C:\Documents and Settings\jurppi\Application Data\Mozilla\Firefox\Profiles\qjskq7fl.default\cookies.txt -> TrackingCookie.Overture : Cleaned. :mozilla.562:C:\Documents and Settings\jurppi\Application Data\Mozilla\Firefox\Profiles\qjskq7fl.default\cookies.txt -> TrackingCookie.Overture : Cleaned. :mozilla.62:C:\Documents and Settings\jurppi\Application Data\Mozilla\Firefox\Profiles\qjskq7fl.default\cookies.txt -> TrackingCookie.Paypal : Cleaned. :mozilla.571:C:\Documents and Settings\jurppi\Application Data\Mozilla\Firefox\Profiles\qjskq7fl.default\cookies.txt -> TrackingCookie.Reliablestats : Cleaned. :mozilla.572:C:\Documents and Settings\jurppi\Application Data\Mozilla\Firefox\Profiles\qjskq7fl.default\cookies.txt -> TrackingCookie.Reliablestats : Cleaned. :mozilla.573:C:\Documents and Settings\jurppi\Application Data\Mozilla\Firefox\Profiles\qjskq7fl.default\cookies.txt -> TrackingCookie.Reliablestats : Cleaned. :mozilla.574:C:\Documents and Settings\jurppi\Application Data\Mozilla\Firefox\Profiles\qjskq7fl.default\cookies.txt -> TrackingCookie.Reliablestats : Cleaned. :mozilla.575:C:\Documents and Settings\jurppi\Application Data\Mozilla\Firefox\Profiles\qjskq7fl.default\cookies.txt -> TrackingCookie.Reliablestats : Cleaned. :mozilla.576:C:\Documents and Settings\jurppi\Application Data\Mozilla\Firefox\Profiles\qjskq7fl.default\cookies.txt -> TrackingCookie.Reliablestats : Cleaned. :mozilla.577:C:\Documents and Settings\jurppi\Application Data\Mozilla\Firefox\Profiles\qjskq7fl.default\cookies.txt -> TrackingCookie.Reliablestats : Cleaned. :mozilla.582:C:\Documents and Settings\jurppi\Application Data\Mozilla\Firefox\Profiles\qjskq7fl.default\cookies.txt -> TrackingCookie.Reliablestats : Cleaned. :mozilla.345:C:\Documents and Settings\jurppi\Application Data\Mozilla\Firefox\Profiles\qjskq7fl.default\cookies.txt -> TrackingCookie.Revsci : Cleaned. :mozilla.346:C:\Documents and Settings\jurppi\Application Data\Mozilla\Firefox\Profiles\qjskq7fl.default\cookies.txt -> TrackingCookie.Revsci : Cleaned. :mozilla.347:C:\Documents and Settings\jurppi\Application Data\Mozilla\Firefox\Profiles\qjskq7fl.default\cookies.txt -> TrackingCookie.Revsci : Cleaned. :mozilla.348:C:\Documents and Settings\jurppi\Application Data\Mozilla\Firefox\Profiles\qjskq7fl.default\cookies.txt -> TrackingCookie.Revsci : Cleaned. :mozilla.350:C:\Documents and Settings\jurppi\Application Data\Mozilla\Firefox\Profiles\qjskq7fl.default\cookies.txt -> TrackingCookie.Serving-sys : Cleaned. :mozilla.351:C:\Documents and Settings\jurppi\Application Data\Mozilla\Firefox\Profiles\qjskq7fl.default\cookies.txt -> TrackingCookie.Serving-sys : Cleaned. :mozilla.352:C:\Documents and Settings\jurppi\Application Data\Mozilla\Firefox\Profiles\qjskq7fl.default\cookies.txt -> TrackingCookie.Serving-sys : Cleaned. :mozilla.353:C:\Documents and Settings\jurppi\Application Data\Mozilla\Firefox\Profiles\qjskq7fl.default\cookies.txt -> TrackingCookie.Serving-sys : Cleaned. :mozilla.354:C:\Documents and Settings\jurppi\Application Data\Mozilla\Firefox\Profiles\qjskq7fl.default\cookies.txt -> TrackingCookie.Serving-sys : Cleaned. :mozilla.355:C:\Documents and Settings\jurppi\Application Data\Mozilla\Firefox\Profiles\qjskq7fl.default\cookies.txt -> TrackingCookie.Serving-sys : Cleaned. C:\Program Files\Spybot - Search & Destroy 1.1\Recovery\InternetExplorer3.zip/jurppi@bs.serving-sys[1].txt -> TrackingCookie.Serving-sys : Cleaned. C:\Program Files\Spybot - Search & Destroy 1.1\Recovery\InternetExplorer3.zip/jurppi@serving-sys[1].txt -> TrackingCookie.Serving-sys : Cleaned. C:\Program Files\Spybot - Search & Destroy 1.1\Recovery\InternetExplorer8.zip/jurppi@bs.serving-sys[2].txt -> TrackingCookie.Serving-sys : Cleaned. C:\Program Files\Spybot - Search & Destroy 1.1\Recovery\InternetExplorer8.zip/jurppi@serving-sys[1].txt -> TrackingCookie.Serving-sys : Cleaned. :mozilla.269:C:\Documents and Settings\jurppi\Application Data\Mozilla\Firefox\Profiles\qjskq7fl.default\cookies.txt -> TrackingCookie.Sitestat : Cleaned. :mozilla.270:C:\Documents and Settings\jurppi\Application Data\Mozilla\Firefox\Profiles\qjskq7fl.default\cookies.txt -> TrackingCookie.Sitestat : Cleaned. :mozilla.682:C:\Documents and Settings\jurppi\Application Data\Mozilla\Firefox\Profiles\qjskq7fl.default\cookies.txt -> TrackingCookie.Sitestat : Cleaned. :mozilla.683:C:\Documents and Settings\jurppi\Application Data\Mozilla\Firefox\Profiles\qjskq7fl.default\cookies.txt -> TrackingCookie.Sitestat : Cleaned. :mozilla.98:C:\Documents and Settings\jurppi\Application Data\Mozilla\Firefox\Profiles\qjskq7fl.default\cookies.txt -> TrackingCookie.Sitestat : Cleaned. :mozilla.99:C:\Documents and Settings\jurppi\Application Data\Mozilla\Firefox\Profiles\qjskq7fl.default\cookies.txt -> TrackingCookie.Sitestat : Cleaned. :mozilla.650:C:\Documents and Settings\jurppi\Application Data\Mozilla\Firefox\Profiles\qjskq7fl.default\cookies.txt -> TrackingCookie.Specificclick : Cleaned. :mozilla.651:C:\Documents and Settings\jurppi\Application Data\Mozilla\Firefox\Profiles\qjskq7fl.default\cookies.txt -> TrackingCookie.Specificclick : Cleaned. :mozilla.652:C:\Documents and Settings\jurppi\Application Data\Mozilla\Firefox\Profiles\qjskq7fl.default\cookies.txt -> TrackingCookie.Specificclick : Cleaned. :mozilla.653:C:\Documents and Settings\jurppi\Application Data\Mozilla\Firefox\Profiles\qjskq7fl.default\cookies.txt -> TrackingCookie.Specificclick : Cleaned. :mozilla.178:C:\Documents and Settings\jurppi\Application Data\Mozilla\Firefox\Profiles\qjskq7fl.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned. :mozilla.179:C:\Documents and Settings\jurppi\Application Data\Mozilla\Firefox\Profiles\qjskq7fl.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned. :mozilla.180:C:\Documents and Settings\jurppi\Application Data\Mozilla\Firefox\Profiles\qjskq7fl.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned. :mozilla.181:C:\Documents and Settings\jurppi\Application Data\Mozilla\Firefox\Profiles\qjskq7fl.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned. :mozilla.182:C:\Documents and Settings\jurppi\Application Data\Mozilla\Firefox\Profiles\qjskq7fl.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned. :mozilla.183:C:\Documents and Settings\jurppi\Application Data\Mozilla\Firefox\Profiles\qjskq7fl.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned. :mozilla.7:C:\Documents and Settings\jurppi\Application Data\Mozilla\Firefox\Profiles\qjskq7fl.default\cookies.txt -> TrackingCookie.Statistik-gallup : Cleaned. C:\Documents and Settings\jurppi\Cookies\jurppi@statistik-gallup[1].txt -> TrackingCookie.Statistik-gallup : Cleaned. C:\Program Files\Spybot - Search & Destroy 1.1\Recovery\InternetExplorer1.zip/jurppi@statistik-gallup[1].txt -> TrackingCookie.Statistik-gallup : Cleaned. C:\Program Files\Spybot - Search & Destroy 1.1\Recovery\InternetExplorer3.zip/jurppi@statistik-gallup[1].txt -> TrackingCookie.Statistik-gallup : Cleaned. C:\Program Files\Spybot - Search & Destroy 1.1\Recovery\InternetExplorer4.zip/jurppi@statistik-gallup[1].txt -> TrackingCookie.Statistik-gallup : Cleaned. C:\Program Files\Spybot - Search & Destroy 1.1\Recovery\InternetExplorer6.zip/jurppi@statistik-gallup[1].txt -> TrackingCookie.Statistik-gallup : Cleaned. C:\Program Files\Spybot - Search & Destroy 1.1\Recovery\InternetExplorer8.zip/jurppi@statistik-gallup[1].txt -> TrackingCookie.Statistik-gallup : Cleaned. :mozilla.692:C:\Documents and Settings\jurppi\Application Data\Mozilla\Firefox\Profiles\qjskq7fl.default\cookies.txt -> TrackingCookie.Tacoda : Cleaned. :mozilla.693:C:\Documents and Settings\jurppi\Application Data\Mozilla\Firefox\Profiles\qjskq7fl.default\cookies.txt -> TrackingCookie.Tacoda : Cleaned. :mozilla.696:C:\Documents and Settings\jurppi\Application Data\Mozilla\Firefox\Profiles\qjskq7fl.default\cookies.txt -> TrackingCookie.Tacoda : Cleaned. :mozilla.34:C:\Documents and Settings\jurppi\Application Data\Mozilla\Firefox\Profiles\qjskq7fl.default\cookies.txt -> TrackingCookie.Tradedoubler : Cleaned. :mozilla.35:C:\Documents and Settings\jurppi\Application Data\Mozilla\Firefox\Profiles\qjskq7fl.default\cookies.txt -> TrackingCookie.Tradedoubler : Cleaned. :mozilla.36:C:\Documents and Settings\jurppi\Application Data\Mozilla\Firefox\Profiles\qjskq7fl.default\cookies.txt -> TrackingCookie.Tradedoubler : Cleaned. :mozilla.39:C:\Documents and Settings\jurppi\Application Data\Mozilla\Firefox\Profiles\qjskq7fl.default\cookies.txt -> TrackingCookie.Tradedoubler : Cleaned. C:\Program Files\Spybot - Search & Destroy 1.1\Recovery\InternetExplorer8.zip/jurppi@tradedoubler[1].txt -> TrackingCookie.Tradedoubler : Cleaned. :mozilla.141:C:\Documents and Settings\jurppi\Application Data\Mozilla\Firefox\Profiles\qjskq7fl.default\cookies.txt -> TrackingCookie.Tribalfusion : Cleaned. :mozilla.207:C:\Documents and Settings\jurppi\Application Data\Mozilla\Firefox\Profiles\qjskq7fl.default\cookies.txt -> TrackingCookie.Web-stat : Cleaned. :mozilla.432:C:\Documents and Settings\jurppi\Application Data\Mozilla\Firefox\Profiles\qjskq7fl.default\cookies.txt -> TrackingCookie.Webtrends : Cleaned. C:\Program Files\Spybot - Search & Destroy 1.1\Recovery\InternetExplorer6.zip/jurppi@m.webtrends[2].txt -> TrackingCookie.Webtrends : Cleaned. :mozilla.212:C:\Documents and Settings\jurppi\Application Data\Mozilla\Firefox\Profiles\qjskq7fl.default\cookies.txt -> TrackingCookie.Webtrendslive : Cleaned. :mozilla.503:C:\Documents and Settings\jurppi\Application Data\Mozilla\Firefox\Profiles\qjskq7fl.default\cookies.txt -> TrackingCookie.Yadro : Cleaned. :mozilla.68:C:\Documents and Settings\jurppi\Application Data\Mozilla\Firefox\Profiles\qjskq7fl.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned. :mozilla.69:C:\Documents and Settings\jurppi\Application Data\Mozilla\Firefox\Profiles\qjskq7fl.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned. :mozilla.71:C:\Documents and Settings\jurppi\Application Data\Mozilla\Firefox\Profiles\qjskq7fl.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned. :mozilla.77:C:\Documents and Settings\jurppi\Application Data\Mozilla\Firefox\Profiles\qjskq7fl.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned. C:\Program Files\Spybot - Search & Destroy 1.1\Recovery\InternetExplorer4.zip/jurppi@ad.yieldmanager[1].txt -> TrackingCookie.Yieldmanager : Cleaned. C:\Program Files\Spybot - Search & Destroy 1.1\Recovery\InternetExplorer6.zip/jurppi@ad.yieldmanager[1].txt -> TrackingCookie.Yieldmanager : Cleaned. :mozilla.465:C:\Documents and Settings\jurppi\Application Data\Mozilla\Firefox\Profiles\qjskq7fl.default\cookies.txt -> TrackingCookie.Zedo : Cleaned. :mozilla.466:C:\Documents and Settings\jurppi\Application Data\Mozilla\Firefox\Profiles\qjskq7fl.default\cookies.txt -> TrackingCookie.Zedo : Cleaned. :mozilla.467:C:\Documents and Settings\jurppi\Application Data\Mozilla\Firefox\Profiles\qjskq7fl.default\cookies.txt -> TrackingCookie.Zedo : Cleaned. ::Report end "jurppi" - 07-05-04 21:29:02 Service Pack 2 ComboFix 07-04-25.4V - Running from: "C:\Documents and Settings\jurppi\Ty”p”yt„\" ((((((((((((((((((((((((((((((( Files Created from 2007-04-04 to 2007-05-04 )))))))))))))))))))))))))))))))))) 2007-05-04 20:53 3,968 --a------ C:\WINDOWS\system32\drivers\AvgAsCln.sys 2007-04-18 10:56 <KANSIO> d-------- C:\DOCUME~1\jurppi\APPLIC~1\ATI 2007-04-18 10:26 <KANSIO> d-------- C:\Program Files\ATI Technologies 2007-04-18 10:11 520,192 --------- C:\WINDOWS\system32\ati2sgag.exe 2007-04-13 14:43 <KANSIO> d-------- C:\Program Files\Pornosaur 2007-04-13 13:21 <KANSIO> d-------- C:\WINDOWS\pss 2007-04-13 12:20 22,112 -ra------ C:\WINDOWS\system32\drivers\COH_Mon.sys 2007-04-13 11:30 <KANSIO> d-------- C:\Program Files\Norton Internet Security 2007-04-13 11:29 48,776 --a------ C:\WINDOWS\system32\S32EVNT1.DLL 2007-04-13 11:29 115,000 --a------ C:\WINDOWS\system32\drivers\SYMEVENT.SYS 2007-04-13 11:29 <KANSIO> d-------- C:\Program Files\Symantec 2007-04-13 11:29 <KANSIO> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Symantec 2007-04-12 15:21 <KANSIO> d-------- C:\DOCUME~1\LOCALS~1\APPLIC~1\Symantec (((((((((((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))) 2007-04-18 11:04 75610 --a------ C:\WINDOWS\system32\perfc00b.dat 2007-04-18 11:04 375602 --a------ C:\WINDOWS\system32\perfh00b.dat 2007-03-27 17:11 276792 --a------ C:\WINDOWS\system32\drivers\srtspl.sys 2007-03-27 17:11 25400 --a------ C:\WINDOWS\system32\drivers\srtspx.sys 2007-03-27 17:11 247608 --a------ C:\WINDOWS\system32\drivers\srtsp.sys 2007-03-25 12:26 87608 --a------ C:\DOCUME~1\jurppi\APPLIC~1\ezpinst.exe 2007-03-25 12:26 47360 --a------ C:\WINDOWS\system32\drivers\pcouffin.sys 2007-03-25 12:26 47360 --a------ C:\DOCUME~1\jurppi\APPLIC~1\pcouffin.sys 2007-03-25 12:26 34 --a------ C:\DOCUME~1\jurppi\APPLIC~1\pcouffin.log 2007-03-25 12:26 1144 --a------ C:\DOCUME~1\jurppi\APPLIC~1\pcouffin.inf 2007-03-25 12:26 1074 --a------ C:\DOCUME~1\jurppi\APPLIC~1\pcouffin.cat 2007-03-25 12:26 -------- d-------- C:\Program Files\vso 2007-03-23 23:15 -------- d-------- C:\Program Files\philips intelligent agent 2007-03-23 23:02 -------- d-------- C:\Program Files\nero 2007-03-19 18:49 -------- d-------- C:\Program Files\messenger plus! live 2007-03-19 17:28 -------- d-------- C:\Program Files\microsoft windows vista upgrade advisor 2007-03-19 13:57 -------- d-------- C:\Program Files\windows media connect 2 2007-03-17 16:44 292864 --a------ C:\WINDOWS\system32\winsrv.dll 2007-03-08 18:38 578048 --a------ C:\WINDOWS\system32\user32.dll 2007-03-08 18:38 40960 --a------ C:\WINDOWS\system32\mf3216.dll 2007-03-08 18:38 281600 --a------ C:\WINDOWS\system32\gdi32.dll 2007-03-08 18:34 1843840 --a------ C:\WINDOWS\system32\win32k.sys 2007-03-02 23:57 307200 --a------ C:\WINDOWS\system32\atiiiexx.dll 2007-03-02 23:54 307200 --a------ C:\WINDOWS\system32\atidemgx.dll 2007-03-02 23:53 265728 --a------ C:\WINDOWS\system32\ati2dvag.dll 2007-03-02 23:47 42496 --a------ C:\WINDOWS\system32\ati2edxx.dll 2007-03-02 23:47 26112 --a------ C:\WINDOWS\system32\ati2mdxx.exe 2007-03-02 23:47 118784 --a------ C:\WINDOWS\system32\atipdlxx.dll 2007-03-02 23:47 110592 --a------ C:\WINDOWS\system32\oemdspif.dll 2007-03-02 23:47 110592 --a------ C:\WINDOWS\system32\ati2evxx.dll 2007-03-02 23:46 446464 --a------ C:\WINDOWS\system32\ati2evxx.exe 2007-03-02 23:45 53248 --a------ C:\WINDOWS\system32\atiddc.dll 2007-03-02 23:38 2824512 --a------ C:\WINDOWS\system32\ati3duag.dll 2007-03-02 23:29 3107788 --a------ C:\WINDOWS\system32\ativvaxx.dat 2007-03-02 23:29 1288960 --a------ C:\WINDOWS\system32\ativvaxx.dll 2007-03-02 23:21 5398528 --a------ C:\WINDOWS\system32\atioglxx.dll 2007-03-02 23:17 258048 --a------ C:\WINDOWS\system32\atikvmag.dll 2007-03-02 23:16 17408 --a------ C:\WINDOWS\system32\atitvo32.dll 2007-03-02 23:11 348160 --a------ C:\WINDOWS\system32\ati2cqag.dll 2007-02-26 18:44 147685 --a------ C:\WINDOWS\system32\atiicdxx.dat 2007-02-05 23:19 185344 --a------ C:\WINDOWS\system32\upnphost.dll (((((((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))) *Note* empty entries & legit default entries are not shown [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects] {1E8A6170-7264-4D0F-BEAE-D42A53123C75} C:\Program Files\Common Files\Symantec Shared\coShared\Browser\1.0\NppBho.dll {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll {9030D464-4C02-4ABF-8ECC-5164760863C6} C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run] "Symantec PIF AlertEng"="\"C:\\Program Files\\Common Files\\Symantec Shared\\PIF\\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\\PIFSvc.exe\" /a /m \"C:\\Program Files\\Common Files\\Symantec Shared\\PIF\\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\\AlertEng.dll\"" "ccApp"="\"C:\\Program Files\\Common Files\\Symantec Shared\\ccApp.exe\"" "SunJavaUpdateSched"="\"C:\\Program Files\\Java\\jre1.6.0_01\\bin\\jusched.exe\"" "PCSuiteTrayApplication"="C:\\Program Files\\Nokia\\Nokia PC Suite 6\\LaunchApplication.exe -onlytray" "osCheck"="\"C:\\Program Files\\Norton Internet Security\\osCheck.exe\"" "NWEReboot"="" "NVMixerTray"="\"C:\\Program Files\\NVIDIA Corporation\\NvMixer\\NVMixerTray.exe\"" "NeroFilterCheck"="C:\\Program Files\\Common Files\\Ahead\\Lib\\NeroCheck.exe" "IntelliType"="\"C:\\Program Files\\Microsoft Hardware\\Keyboard\\type32.exe\"" "EPoXUSDM"="\"C:\\Program Files\\EPoX\\USDM\\USDM.EXE\" \"5000\"" "DataLayer"="C:\\Program Files\\Common Files\\PCSuite\\DataLayer\\DataLayer.exe" "Cmaudio"="RunDll32 cmicnfg.cpl,CMICtrlWnd" "!AVG Anti-Spyware"="\"C:\\Program Files\\Grisoft\\AVG Anti-Spyware 7.5\\avgas.exe\" /minimized" [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run] "STYLEXP"="C:\\Program Files\\TGTSoft\\StyleXP\\StyleXP.exe -Hide" "PcSync"="C:\\Program Files\\Nokia\\Nokia PC Suite 6\\PcSync2.exe /NoDialog" "msnmsgr"="\"C:\\Program Files\\MSN Messenger\\msnmsgr.exe\" /background" "MSMSGS"="\"C:\\Program Files\\Messenger\\msmsgs.exe\" /background" "MessengerPlus3"="\"C:\\Program Files\\MessengerPlus! 3\\MsgPlus.exe\" /WinStart" "BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="\"C:\\Program Files\\Common Files\\Ahead\\Lib\\NMBgMonitor.exe\"" @="" "StartCCC"="C:\\Program Files\\ATI Technologies\\ATI.ACE\\Core-Static\\CLIStart.exe" [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shellexecutehooks] "{57B86673-276A-48B2-BAE7-C6DBB3020EB8}"="AVG Anti-Spyware 7.5" HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa Authentication Packages REG_MULTI_SZ msv1_0\0\0 Security Packages REG_MULTI_SZ kerberos\0msv1_0\0schannel\0wdigest\0\0 Notification Packages REG_MULTI_SZ scecli\0\0 [HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Svchost] LocalService REG_MULTI_SZ Alerter\0WebClient\0LmHosts\0RemoteRegistry\0upnphost\0SSDPSRV\0\0 NetworkService REG_MULTI_SZ DnsCache\0\0 rpcss REG_MULTI_SZ RpcSs\0\0 imgsvc REG_MULTI_SZ StiSvc\0\0 termsvcs REG_MULTI_SZ TermService\0\0 HTTPFilter REG_MULTI_SZ HTTPFilter\0\0 DcomLaunch REG_MULTI_SZ DcomLaunch\0TermService\0\0 WudfServiceGroup REG_MULTI_SZ WUDFSvc\0\0 *newlycreated* - HKEY_LOCAL_MACHINE\system\currentcontrolset\enum\root\LEGACY_COMHOST ~ ~ ~ ~ ~ ~ ~ ~ Hijackthis Backups ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ backup-20070504-204551-129 O16 - DPF: {85D1F3B2-2A21-11D7-97B9-0010DC2A6243} (SecureLogin class) - http://secure2.comned.com/signuptemplates/securelogin-devel.cab backup-20070504-204552-935 O23 - Service: DisplayController - Unknown owner - C:\WINDOWS\System32\inetsrv\daemon\services.exe backup-20070504-204552-923 O23 - Service: EthernetController - Unknown owner - C:\WINDOWS\System32\inetsrv\daemon\services.exe backup-20070504-204551-681 O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file) Contents of the 'Scheduled Tasks' folder C:\WINDOWS\tasks\Norton Internet Security - Run Full System Scan - jurppi.job ******************************************************************** catchme 0.3.660 W2K/XP/Vista - userland rootkit detector by Gmer, http://www.gmer.net Rootkit scan 2007-05-04 21:31:09 Windows 5.1.2600 Service Pack 2 FAT scanning hidden processes ... scanning hidden services ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden processes: 0 hidden services: 0 hidden files: 0 ******************************************************************** Completion time: 07-05-04 21:31:11 C:\ComboFix-quarantined-files.txt ... 07-05-04 21:31 Logfile of HijackThis v1.99.1 Scan saved at 21:33:19, on 4.5.2007 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\TGTSoft\StyleXP\StyleXPService.exe C:\WINDOWS\system32\Ati2evxx.exe C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\Explorer.EXE C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe C:\Program Files\Common Files\Symantec Shared\ccApp.exe C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe C:\Program Files\Microsoft Hardware\Keyboard\type32.exe C:\Program Files\EPoX\USDM\USDM.EXE C:\Program Files\Common Files\PCSuite\DataLayer\DataLayer.exe C:\WINDOWS\system32\RunDll32.exe C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe C:\Program Files\TGTSoft\StyleXP\StyleXP.exe C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe C:\Program Files\MSN Messenger\msnmsgr.exe C:\Program Files\Messenger\msmsgs.exe C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe C:\PROGRA~1\COMMON~1\PCSuite\Services\SERVIC~1.EXE C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.EXE C:\PROGRA~1\COMMON~1\Nokia\MPAPI\MPAPI3s.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe C:\Program Files\Canon\CAL\CALMAIN.exe C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE C:\WINDOWS\system32\NOTEPAD.EXE C:\Program Files\Mozilla Firefox\firefox.exe D:\AAA\HijackThis_v1.99.1.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Linkit O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll O2 - BHO: (no name) - {1E8A6170-7264-4D0F-BEAE-D42A53123C75} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\1.0\NppBho.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll O3 - Toolbar: Show Norton Toolbar - {90222687-F593-4738-B738-FBEE9C7B26DF} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\1.0\UIBHO.dll O4 - HKLM\..\Run: [Symantec PIF AlertEng] "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /a /m "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\AlertEng.dll" O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe" O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe" O4 - HKLM\..\Run: [PCSuiteTrayApplication] C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe -onlytray O4 - HKLM\..\Run: [osCheck] "C:\Program Files\Norton Internet Security\osCheck.exe" O4 - HKLM\..\Run: [NVMixerTray] "C:\Program Files\NVIDIA Corporation\NvMixer\NVMixerTray.exe" O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe O4 - HKLM\..\Run: [IntelliType] "C:\Program Files\Microsoft Hardware\Keyboard\type32.exe" O4 - HKLM\..\Run: [EPoXUSDM] "C:\Program Files\EPoX\USDM\USDM.EXE" "5000" O4 - HKLM\..\Run: [DataLayer] C:\Program Files\Common Files\PCSuite\DataLayer\DataLayer.exe O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized O4 - HKCU\..\Run: [STYLEXP] C:\Program Files\TGTSoft\StyleXP\StyleXP.exe -Hide O4 - HKCU\..\Run: [PcSync] C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background O4 - HKCU\..\Run: [MessengerPlus3] "C:\Program Files\MessengerPlus! 3\MsgPlus.exe" /WinStart O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe" O4 - HKCU\..\Run: [StartCCC] C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MI1933~1\OFFICE11\EXCEL.EXE/3000 O8 - Extra context menu item: Easy-WebPrint Add To Print List - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_AddToList.html O8 - Extra context menu item: Easy-WebPrint High Speed Print - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_HSPrint.html O8 - Extra context menu item: Easy-WebPrint Preview - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Preview.html O8 - Extra context menu item: Easy-WebPrint Print - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Print.html O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MI1933~1\OFFICE11\REFIEBAR.DLL O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe O23 - Service: Canon Camera Access Library 8 (CCALib8) - Canon Inc. - C:\Program Files\Canon\CAL\CALMAIN.exe O23 - Service: Symantec Event Manager (ccEvtMgr) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe" /h ccCommon (file missing) O23 - Service: Symantec Settings Manager (ccSetMgr) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe" /h ccCommon (file missing) O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe" /h ccCommon (file missing) O23 - Service: COM Host (comHost) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\VAScanner\comHost.exe O23 - Service: Symantec IS Password Validation (ISPwdSvc) - Symantec Corporation - C:\Program Files\Norton Internet Security\isPwdSvc.exe O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE O23 - Service: LiveUpdate Notice Service Ex (LiveUpdate Notice Ex) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe" /h ccCommon (file missing) O23 - Service: LiveUpdate Notice Service - Unknown owner - C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /m "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PifEng.dll (file missing) O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe O23 - Service: StyleXPService - Unknown owner - C:\Program Files\TGTSoft\StyleXP\StyleXPService.exe O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe O23 - Service: Symantec AppCore Service (SymAppCore) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe Siinä parit lokit..
njaa, että takaovia oot sitten hankkinu. Lataa Dr.Web CureIt työpöydälle: ftp://ftp.drweb.com/pub/drweb/cureit/drweb-cureit.exe [*]Tuplaklikkaa drweb-cureit.exe ja anna sen tehdä express scan [*]Se skannaa käynnissä olevat ohjelmat ja jos jotain löytyy, klikkaa yes kun se kysyy haluatko poistaa sen. Tämä on vain lyhyt scan. [*]Kun scan on valmis, merkkaa asemat, jotka haluat scannata. [*]Valitse kaikki asemat. Punainen piste osoittaa, mitkä asemat on valittu. [*]Klikaa vihreää nuolta oikealla ja scan alkaa. [*]Klikkaa 'Yes to all', jos kysytään haluatko poistaa/siirtää tiedoston. [*]Kun scan on valmis, katso voitko klikata next-kuvaketta löytyneiden tiedostojen vieressä: [*]Jos asia on niin, klikkaa sitä ja sitten klikkaa next-kuvaketta oikealla alhaalla ja valitse Move incurable kuten alla olevalla kuvassa: Tämä siirtää sen %userprofile%\DoctorWeb\quarantine-hakemistoon. [*]Tämän jälkeen klikkaa Dr.Web CureIt-valikossa file ja valitse save report list [*]Tallenna raportti työpöydälle. Raportin nimi on DrWeb.csv [*]Sulje Dr.Web Cureit. [*]Käynnistä kone uudelleen !! Tämä siksi, että käytössä olevat tiedostot poistetaan/siirretään käynnistyksen yhteydessä. [*]Käynnistyksen jälkeen liitä Dr.Web-lokin, jonka tallensit aiemmin, sisältö seuraavaan vastaukseesi.
Tämmönen loki tuli sieltä. Näyttäis siltä että jotain, ei niin kivoja juttuja, se sieltä poisti.. Mistä lie tullu sitte...? A0001336.exe;C:\System Volume Information\_restore{E28C47F2-9EDB-4DF8-A80F-2A114637D0A8}\RP21;BackDoor.Iroffer.13;Deleted.; ethernet.exe;C:\WINDOWS\system32\inetsrv\daemon;BackDoor.Servu.50011;Deleted.; services.exe;C:\WINDOWS\system32\inetsrv\daemon;Trojan.Runas;Deleted.;
Ajetaanpas blacklightia. Lataa ja tallenna Blacklight työpöydällesi; Tupla-klikkaa fsbl.exe, hyväksy sopimus, klikkaa -> Scan, sitten -> Next Näet listan kaikesta mitä löytyi. Työpöydällesi myös ilmestyy loki jonka nimi on fsbl.xxxxxxx.log (xxxxxxx;n tilalla on luultavimmin numeroita). Kopioi ja liitä tämä loki seuraavaan vastaukseesi. Älä valitse "Rename" optiota vielä! Haluamme nähdä login ensin, koska hyviä tiedostoja saattaa olla mukana, kuten "wbemtest.exe". ************ Luo käynnistyslista * Avaa HiJackThis * Klikkaa "Configure" valintaa oikealla alhaalla * Klikkaa "Misc Tools" * Rastita 2 boxia boxin vierestä jossa lukee "Generate StartupList log" * Klikkaa valintaa "Generate StartupList log" * Kopioi ja liitä käynnistyslistasi muistiosta postiisi
Blacklight ei löytäny mitään. 05/07/07 00:03:52 [Info]: BlackLight Engine 1.0.61 initialized 05/07/07 00:03:52 [Info]: OS: 5.1 build 2600 (Service Pack 2) 05/07/07 00:03:52 [Note]: 7019 4 05/07/07 00:03:52 [Note]: 7005 0 05/07/07 00:03:59 [Note]: 7006 0 05/07/07 00:03:59 [Note]: 7011 1800 05/07/07 00:03:59 [Note]: 7026 0 05/07/07 00:03:59 [Note]: 7026 0 05/07/07 00:04:01 [Note]: FSRAW library version 1.7.1021 05/07/07 00:04:54 [Note]: 2000 1012 05/07/07 00:04:54 [Note]: 2000 1012 05/07/07 00:04:54 [Note]: 2000 1012 05/07/07 00:05:10 [Note]: 7007 0 StartupList report, 7.5.2007, 0:06:51 StartupList version: 1.52.2 Started from : C:\Documents and Settings\jurppi\Työpöytä\HijackThis_v1.99.1.EXE Detected: Windows XP SP2 (WinNT 5.01.2600) Detected: Internet Explorer v6.00 SP2 (6.00.2900.2180) * Using default options * Including empty and uninteresting sections * Showing rarely important sections ================================================== Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\TGTSoft\StyleXP\StyleXPService.exe C:\WINDOWS\system32\Ati2evxx.exe C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Canon\CAL\CALMAIN.exe C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe C:\WINDOWS\Explorer.EXE C:\Program Files\Common Files\Symantec Shared\ccApp.exe C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe C:\Program Files\Microsoft Hardware\Keyboard\type32.exe C:\PROGRA~1\COMMON~1\PCSuite\Services\SERVIC~1.EXE C:\Program Files\EPoX\USDM\USDM.EXE C:\Program Files\Common Files\PCSuite\DataLayer\DataLayer.exe C:\WINDOWS\system32\RunDll32.exe C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe C:\Program Files\TGTSoft\StyleXP\StyleXP.exe C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe C:\PROGRA~1\COMMON~1\Nokia\MPAPI\MPAPI3s.exe C:\Program Files\MSN Messenger\msnmsgr.exe C:\Program Files\Messenger\msmsgs.exe C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.EXE C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe C:\Program Files\Mozilla Firefox\firefox.exe C:\Documents and Settings\jurppi\Työpöytä\HijackThis_v1.99.1.exe -------------------------------------------------- Listing of startup folders: Shell folders Startup: [C:\Documents and Settings\jurppi\Käynnistä-valikko\Ohjelmat\Käynnistys] *No files* Shell folders AltStartup: *Folder not found* User shell folders Startup: *Folder not found* User shell folders AltStartup: *Folder not found* Shell folders Common Startup: [C:\Documents and Settings\All Users\Käynnistä-valikko\Ohjelmat\Käynnistys] Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe Shell folders Common AltStartup: *Folder not found* User shell folders Common Startup: *Folder not found* User shell folders Alternate Common Startup: *Folder not found* -------------------------------------------------- Checking Windows NT UserInit: [HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon] UserInit = C:\WINDOWS\system32\userinit.exe, [HKLM\Software\Microsoft\Windows\CurrentVersion\Winlogon] *Registry key not found* [HKCU\Software\Microsoft\Windows NT\CurrentVersion\Winlogon] *Registry value not found* [HKCU\Software\Microsoft\Windows\CurrentVersion\Winlogon] *Registry key not found* -------------------------------------------------- Autorun entries from Registry: HKLM\Software\Microsoft\Windows\CurrentVersion\Run Symantec PIF AlertEng = "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /a /m "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\AlertEng.dll" ccApp = "C:\Program Files\Common Files\Symantec Shared\ccApp.exe" SunJavaUpdateSched = "C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe" PCSuiteTrayApplication = C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe -onlytray osCheck = "C:\Program Files\Norton Internet Security\osCheck.exe" NWEReboot = NVMixerTray = "C:\Program Files\NVIDIA Corporation\NvMixer\NVMixerTray.exe" NeroFilterCheck = C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe IntelliType = "C:\Program Files\Microsoft Hardware\Keyboard\type32.exe" EPoXUSDM = "C:\Program Files\EPoX\USDM\USDM.EXE" "5000" DataLayer = C:\Program Files\Common Files\PCSuite\DataLayer\DataLayer.exe Cmaudio = RunDll32 cmicnfg.cpl,CMICtrlWnd !AVG Anti-Spyware = "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized -------------------------------------------------- Autorun entries from Registry: HKLM\Software\Microsoft\Windows\CurrentVersion\RunOnce *No values found* -------------------------------------------------- Autorun entries from Registry: HKLM\Software\Microsoft\Windows\CurrentVersion\RunOnceEx *No values found* -------------------------------------------------- Autorun entries from Registry: HKLM\Software\Microsoft\Windows\CurrentVersion\RunServices *No values found* -------------------------------------------------- Autorun entries from Registry: HKLM\Software\Microsoft\Windows\CurrentVersion\RunServicesOnce *Registry key not found* -------------------------------------------------- Autorun entries from Registry: HKCU\Software\Microsoft\Windows\CurrentVersion\Run STYLEXP = C:\Program Files\TGTSoft\StyleXP\StyleXP.exe -Hide PcSync = C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog msnmsgr = "C:\Program Files\MSN Messenger\msnmsgr.exe" /background MSMSGS = "C:\Program Files\Messenger\msmsgs.exe" /background MessengerPlus3 = "C:\Program Files\MessengerPlus! 3\MsgPlus.exe" /WinStart BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA} = "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe" (Default) = StartCCC = C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe -------------------------------------------------- Autorun entries from Registry: HKCU\Software\Microsoft\Windows\CurrentVersion\RunOnce *No values found* -------------------------------------------------- Autorun entries from Registry: HKCU\Software\Microsoft\Windows\CurrentVersion\RunOnceEx *Registry key not found* -------------------------------------------------- Autorun entries from Registry: HKCU\Software\Microsoft\Windows\CurrentVersion\RunServices *No values found* -------------------------------------------------- Autorun entries from Registry: HKCU\Software\Microsoft\Windows\CurrentVersion\RunServicesOnce *Registry key not found* -------------------------------------------------- Autorun entries from Registry: HKLM\Software\Microsoft\Windows NT\CurrentVersion\Run *Registry key not found* -------------------------------------------------- Autorun entries from Registry: HKCU\Software\Microsoft\Windows NT\CurrentVersion\Run *Registry key not found* -------------------------------------------------- Autorun entries in Registry subkeys of: HKLM\Software\Microsoft\Windows\CurrentVersion\Run [OptionalComponents] *No values found* -------------------------------------------------- Autorun entries in Registry subkeys of: HKLM\Software\Microsoft\Windows\CurrentVersion\RunOnce *No subkeys found* -------------------------------------------------- Autorun entries in Registry subkeys of: HKLM\Software\Microsoft\Windows\CurrentVersion\RunOnceEx *No subkeys found* -------------------------------------------------- Autorun entries in Registry subkeys of: HKLM\Software\Microsoft\Windows\CurrentVersion\RunServices *No subkeys found* -------------------------------------------------- Autorun entries in Registry subkeys of: HKLM\Software\Microsoft\Windows\CurrentVersion\RunServicesOnce *Registry key not found* -------------------------------------------------- Autorun entries in Registry subkeys of: HKCU\Software\Microsoft\Windows\CurrentVersion\Run *No subkeys found* -------------------------------------------------- Autorun entries in Registry subkeys of: HKCU\Software\Microsoft\Windows\CurrentVersion\RunOnce *No subkeys found* -------------------------------------------------- Autorun entries in Registry subkeys of: HKCU\Software\Microsoft\Windows\CurrentVersion\RunOnceEx *Registry key not found* -------------------------------------------------- Autorun entries in Registry subkeys of: HKCU\Software\Microsoft\Windows\CurrentVersion\RunServices *No subkeys found* -------------------------------------------------- Autorun entries in Registry subkeys of: HKCU\Software\Microsoft\Windows\CurrentVersion\RunServicesOnce *Registry key not found* -------------------------------------------------- Autorun entries in Registry subkeys of: HKLM\Software\Microsoft\Windows NT\CurrentVersion\Run *Registry key not found* -------------------------------------------------- Autorun entries in Registry subkeys of: HKCU\Software\Microsoft\Windows NT\CurrentVersion\Run *Registry key not found* -------------------------------------------------- File association entry for .EXE: HKEY_CLASSES_ROOT\exefile\shell\open\command (Default) = "%1" %* -------------------------------------------------- File association entry for .COM: HKEY_CLASSES_ROOT\comfile\shell\open\command (Default) = "%1" %* -------------------------------------------------- File association entry for .BAT: HKEY_CLASSES_ROOT\batfile\shell\open\command (Default) = "%1" %* -------------------------------------------------- File association entry for .PIF: HKEY_CLASSES_ROOT\piffile\shell\open\command (Default) = "%1" %* -------------------------------------------------- File association entry for .SCR: HKEY_CLASSES_ROOT\scrfile\shell\open\command (Default) = "%1" /S -------------------------------------------------- File association entry for .HTA: HKEY_CLASSES_ROOT\htafile\shell\open\command (Default) = C:\WINDOWS\System32\mshta.exe "%1" %* -------------------------------------------------- File association entry for .TXT: HKEY_CLASSES_ROOT\txtfile\shell\open\command (Default) = %SystemRoot%\system32\NOTEPAD.EXE %1 -------------------------------------------------- Enumerating Active Setup stub paths: HKLM\Software\Microsoft\Active Setup\Installed Components (* = disabled by HKCU twin) [>{22d6f312-b0f6-11d0-94ab-0080c74c7e95}] StubPath = C:\WINDOWS\inf\unregmp2.exe /ShowWMP [>{26923b43-4d38-484f-9b9e-de460746276c}] * StubPath = %systemroot%\system32\shmgrate.exe OCInstallUserConfigIE [>{60B49E34-C7CC-11D0-8953-00A0C90347FF}MICROS] * StubPath = RunDLL32 IEDKCS32.DLL,BrandIE4 SIGNUP [>{881dd1c5-3dcf-431b-b061-f3f88e8be88a}] * StubPath = %systemroot%\system32\shmgrate.exe OCInstallUserConfigOE [{2C7339CF-2B09-4501-B3F3-F3508C9228ED}] * StubPath = %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll [{44BBA840-CC51-11CF-AAFA-00AA00B6015C}] * StubPath = "%ProgramFiles%\Outlook Express\setup50.exe" /APP:OE /CALLER:WINNT /user /install [{44BBA842-CC51-11CF-AAFA-00AA00B6015B}] * StubPath = rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msnetmtg.inf,NetMtg.Install.PerUser.NT [{5945c046-1e7d-11d1-bc44-00c04fd912be}] * StubPath = rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msmsgs.inf,BLC.QuietInstall.PerUser [{6BF52A52-394A-11d3-B153-00C04F79FAA6}] * StubPath = rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\wmp11.inf,PerUserStub [{7790769C-0471-11d2-AF11-00C04FA35D02}] * StubPath = "%ProgramFiles%\Outlook Express\setup50.exe" /APP:WAB /CALLER:WINNT /user /install [{89820200-ECBD-11cf-8B85-00AA005B4340}] * StubPath = regsvr32.exe /s /n /i:U shell32.dll [{89820200-ECBD-11cf-8B85-00AA005B4383}] * StubPath = %SystemRoot%\system32\ie4uinit.exe [{89B4C1CD-B018-4511-B0A1-5476DBF70820}] * StubPath = C:\WINDOWS\system32\Rundll32.exe C:\WINDOWS\system32\mscories.dll,Install -------------------------------------------------- Enumerating ICQ Agent Autostart apps: HKCU\Software\Mirabilis\ICQ\Agent\Apps *Registry key not found* -------------------------------------------------- Load/Run keys from C:\WINDOWS\WIN.INI: load=*INI section not found* run=*INI section not found* Load/Run keys from Registry: HKLM\..\Windows NT\CurrentVersion\WinLogon: load=*Registry value not found* HKLM\..\Windows NT\CurrentVersion\WinLogon: run=*Registry value not found* HKLM\..\Windows\CurrentVersion\WinLogon: load=*Registry key not found* HKLM\..\Windows\CurrentVersion\WinLogon: run=*Registry key not found* HKCU\..\Windows NT\CurrentVersion\WinLogon: load=*Registry value not found* HKCU\..\Windows NT\CurrentVersion\WinLogon: run=*Registry value not found* HKCU\..\Windows\CurrentVersion\WinLogon: load=*Registry key not found* HKCU\..\Windows\CurrentVersion\WinLogon: run=*Registry key not found* HKCU\..\Windows NT\CurrentVersion\Windows: load=*Registry value not found* HKCU\..\Windows NT\CurrentVersion\Windows: run=*Registry value not found* HKLM\..\Windows NT\CurrentVersion\Windows: load=*Registry value not found* HKLM\..\Windows NT\CurrentVersion\Windows: run=*Registry value not found* HKLM\..\Windows NT\CurrentVersion\Windows: AppInit_DLLs= -------------------------------------------------- Shell & screensaver key from C:\WINDOWS\SYSTEM.INI: Shell=*INI section not found* SCRNSAVE.EXE=*INI section not found* drivers=*INI section not found* Shell & screensaver key from Registry: Shell=Explorer.exe SCRNSAVE.EXE=*Registry value not found* drivers=*Registry value not found* Policies Shell key: HKCU\..\Policies: Shell=*Registry value not found* HKLM\..\Policies: Shell=*Registry value not found* -------------------------------------------------- Checking for EXPLORER.EXE instances: C:\WINDOWS\Explorer.exe: PRESENT! C:\Explorer.exe: not present C:\WINDOWS\Explorer\Explorer.exe: not present C:\WINDOWS\System\Explorer.exe: not present C:\WINDOWS\System32\Explorer.exe: not present C:\WINDOWS\Command\Explorer.exe: not present C:\WINDOWS\Fonts\Explorer.exe: not present -------------------------------------------------- Checking for superhidden extensions: .lnk: HIDDEN! (arrow overlay: yes) .pif: HIDDEN! (arrow overlay: yes) .exe: not hidden .com: not hidden .bat: not hidden .hta: not hidden .scr: not hidden .shs: HIDDEN! .shb: HIDDEN! .vbs: not hidden .vbe: not hidden .wsh: not hidden .scf: HIDDEN! (arrow overlay: NO!) .url: HIDDEN! (arrow overlay: yes) .js: not hidden .jse: not hidden -------------------------------------------------- Verifying REGEDIT.EXE integrity: - Regedit.exe found in C:\WINDOWS - .reg open command is normal (regedit.exe %1) - Regedit.exe has no CompanyName property! It is either missing or named something else. - Regedit.exe has no OriginalFilename property! It is either missing or named something else. - Regedit.exe has no FileDescription property! It is either missing or named something else. Registry check failed! -------------------------------------------------- Enumerating Browser Helper Objects: (no name) - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} (no name) - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\1.0\NppBho.dll - {1E8A6170-7264-4D0F-BEAE-D42A53123C75} (no name) - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} (no name) - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll - {9030D464-4C02-4ABF-8ECC-5164760863C6} -------------------------------------------------- Enumerating Task Scheduler jobs: Norton Internet Security - Run Full System Scan - jurppi.job -------------------------------------------------- Enumerating Download Program Files: [{33564D57-0000-0010-8000-00AA00389B71}] CODEBASE = http://download.microsoft.com/download/F/6/E/F6E491A6-77E1-4E20-9F5F-94901338C922/wmv9VCM.CAB [Java Plug-in 1.6.0_01] InProcServer32 = C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll CODEBASE = http://java.sun.com/update/1.6.0/jinstall-1_6_0_01-windows-i586.cab [Java Plug-in 1.5.0_01] InProcServer32 = C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll CODEBASE = http://java.sun.com/update/1.5.0/jinstall-1_5_0_01-windows-i586.cab [Java Plug-in 1.5.0_02] InProcServer32 = C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll CODEBASE = http://java.sun.com/update/1.5.0/jinstall-1_5_0_02-windows-i586.cab [Java Plug-in 1.5.0_04] InProcServer32 = C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll CODEBASE = http://java.sun.com/update/1.5.0/jinstall-1_5_0_04-windows-i586.cab [Java Plug-in 1.5.0_06] InProcServer32 = C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll CODEBASE = http://java.sun.com/update/1.5.0/jinstall-1_5_0_06-windows-i586.cab [Java Plug-in 1.5.0_08] InProcServer32 = C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll CODEBASE = http://java.sun.com/update/1.5.0/jinstall-1_5_0_08-windows-i586.cab [Java Plug-in 1.5.0_09] InProcServer32 = C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll CODEBASE = http://java.sun.com/update/1.5.0/jinstall-1_5_0_09-windows-i586.cab [Java Plug-in 1.5.0_10] InProcServer32 = C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll CODEBASE = http://java.sun.com/update/1.5.0/jinstall-1_5_0_10-windows-i586.cab [Java Plug-in 1.5.0_11] InProcServer32 = C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll CODEBASE = http://java.sun.com/update/1.5.0/jinstall-1_5_0_11-windows-i586.cab [Java Plug-in 1.6.0_01] InProcServer32 = C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll CODEBASE = http://java.sun.com/update/1.6.0/jinstall-1_6_0_01-windows-i586.cab [Java Plug-in 1.6.0_01] InProcServer32 = C:\Program Files\Java\jre1.6.0_01\bin\npjpi160_01.dll CODEBASE = http://java.sun.com/update/1.6.0/jinstall-1_6_0_01-windows-i586.cab [Shockwave Flash Object] InProcServer32 = C:\WINDOWS\system32\Macromed\Flash\Flash9b.ocx CODEBASE = http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab -------------------------------------------------- Enumerating Winsock LSP files: NameSpace #1: C:\WINDOWS\System32\mswsock.dll NameSpace #2: C:\WINDOWS\System32\winrnr.dll NameSpace #3: C:\WINDOWS\System32\mswsock.dll Protocol #1: C:\WINDOWS\system32\mswsock.dll Protocol #2: C:\WINDOWS\system32\mswsock.dll Protocol #3: C:\WINDOWS\system32\mswsock.dll Protocol #4: C:\WINDOWS\system32\rsvpsp.dll Protocol #5: C:\WINDOWS\system32\rsvpsp.dll Protocol #6: C:\WINDOWS\system32\mswsock.dll Protocol #7: C:\WINDOWS\system32\mswsock.dll Protocol #8: C:\WINDOWS\system32\mswsock.dll Protocol #9: C:\WINDOWS\system32\mswsock.dll Protocol #10: C:\WINDOWS\system32\mswsock.dll Protocol #11: C:\WINDOWS\system32\mswsock.dll Protocol #12: C:\WINDOWS\system32\mswsock.dll Protocol #13: C:\WINDOWS\system32\mswsock.dll Protocol #14: C:\WINDOWS\system32\mswsock.dll Protocol #15: C:\WINDOWS\system32\mswsock.dll -------------------------------------------------- Enumerating Windows NT/2000/XP services a347bus: system32\DRIVERS\a347bus.sys (system) a347scsi: System32\Drivers\a347scsi.sys (system) Microsoft ACPI Driver: System32\DRIVERS\ACPI.sys (system) Microsoft Kernel Acoustic Echo Canceller: system32\drivers\aec.sys (manual start) AFD Networking Support -ympäristö: \SystemRoot\System32\drivers\afd.sys (system) Hälytys: %SystemRoot%\System32\svchost.exe -k LocalService (disabled) Sovelluskerroksen yhdyskäytäväpalvelu: %SystemRoot%\System32\alg.exe (manual start) AMD K7 Processor Driver: System32\DRIVERS\amdk7.sys (system) Sovellusten hallinta: %SystemRoot%\system32\svchost.exe -k netsvcs (manual start) 1394 ARP -asiakasprotokolla: System32\DRIVERS\arp1394.sys (manual start) ASP.NET State Service: %SystemRoot%\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe (manual start) RAS Asynchronous Media Driver: System32\DRIVERS\asyncmac.sys (manual start) Standardi IDE/ESDI-kiintolevyohjain: System32\DRIVERS\atapi.sys (system) Ati HotKey Poller: %SystemRoot%\system32\Ati2evxx.exe (autostart) ATI Smart: C:\WINDOWS\system32\ati2sgag.exe (autostart) ati2mtag: system32\DRIVERS\ati2mtag.sys (manual start) ATM ARP Client -protokolla: System32\DRIVERS\atmarpc.sys (manual start) Windows Audio: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart) Audio Stub Driver: System32\DRIVERS\audstub.sys (manual start) Automatic LiveUpdate Scheduler: "C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe" (autostart) AVG Anti-Spyware Driver: \??\C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.sys (system) AVG Anti-Spyware Guard: C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe (autostart) AVG Anti-Spyware Clean Driver: System32\DRIVERS\AvgAsCln.sys (system) BITS-tausta-ajo (Background Intelligent Transfer Service): %SystemRoot%\System32\svchost.exe -k netsvcs (manual start) Tietokoneiden selaus: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart) Canon Camera Access Library 8: C:\Program Files\Canon\CAL\CALMAIN.exe (autostart) Symantec Event Manager: "C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe" /h ccCommon (autostart) Symantec Settings Manager: "C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe" /h ccCommon (autostart) CD-ROM-ohjain: System32\DRIVERS\cdrom.sys (system) Indexing Service: %SystemRoot%\system32\cisvc.exe (manual start) Leikekirja: %SystemRoot%\system32\clipsrv.exe (disabled) .NET Runtime Optimization Service v2.0.50727_X86: C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (manual start) Symantec Lic NetConnect service: "C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe" /h ccCommon (autostart) C-Media WDM Audio Interface: system32\drivers\cmuda.sys (manual start) COM Host: "C:\Program Files\Common Files\Symantec Shared\VAScanner\comHost.exe" (manual start) COM+-järjestelmäsovellus: C:\WINDOWS\System32\dllhost.exe /Processid:{02D4B3F1-FD88-11D1-960D-00805FC79235} (manual start) Salauspalvelut: %SystemRoot%\system32\svchost.exe -k netsvcs (autostart) DCOM-palvelinprosessin käynnistys: %SystemRoot%\system32\svchost -k DcomLaunch (autostart) devdpl: system32\DRIVERS\devdpl.sys (autostart) DHCP-asiakas: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart) Levyohjain: System32\DRIVERS\disk.sys (system) Loogisen levyn hallinnan valvontapalvelu: %SystemRoot%\System32\dmadmin.exe /com (manual start) dmboot: System32\drivers\dmboot.sys (disabled) Loogisen levyn hallinta -ohjain: System32\drivers\dmio.sys (system) dmload: System32\drivers\dmload.sys (system) Loogisen levyn hallinta: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart) DMSKSSRh: \??\C:\DOCUME~1\jurppi\LOCALS~1\Temp\DMSKSSRh.sys (manual start) Microsoft Kernel DLS Syntheiszer: system32\drivers\DMusic.sys (manual start) DNS-asiakas: %SystemRoot%\System32\svchost.exe -k NetworkService (autostart) Microsoft Kernel DRM Audio Descrambler: system32\drivers\drmkaud.sys (manual start) Symantec Eraser Control driver: \??\C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys (system) ENTECH: \??\C:\WINDOWS\system32\DRIVERS\ENTECH.SYS (manual start) EraserUtilRebootDrv: \??\C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys (manual start) Error Reporting Service: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart) Tapahtumaloki: %SystemRoot%\system32\services.exe (autostart) COM+-tapahtumajärjestelmä: C:\WINDOWS\System32\svchost.exe -k netsvcs (manual start) Nopean käyttäjän vaihdon yhteensopivuus: %SystemRoot%\System32\svchost.exe -k netsvcs (manual start) Levykeaseman ohjain: System32\DRIVERS\fdc.sys (manual start) Levykeasemaohjain: System32\DRIVERS\flpydisk.sys (manual start) FltMgr: system32\drivers\fltmgr.sys (system) Volume Manager -ohjain: System32\DRIVERS\ftdisk.sys (system) Game Port Enumerator: System32\DRIVERS\gameenum.sys (manual start) Yleinen paketinmääritys: System32\DRIVERS\msgpc.sys (manual start) Ohjeet ja tuotetuki: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart) HID (Human Interface Device) -liittymä: %SystemRoot%\System32\svchost.exe -k netsvcs (disabled) Microsoft HID -luokkaohjain: System32\DRIVERS\hidusb.sys (manual start) HTTP: System32\Drivers\HTTP.sys (manual start) HTTP SSL: %SystemRoot%\System32\svchost.exe -k HTTPFilter (manual start) i8042-näppäimistö ja PS/2-hiiriohjain: System32\DRIVERS\i8042prt.sys (system) CD-Burning Filter Driver: system32\DRIVERS\imapi.sys (system) CD-levyjen kirjoittamisen IMAPI COM -palvelu: C:\WINDOWS\System32\imapi.exe (manual start) Windowsin IPv6-palomuurin ohjain: system32\drivers\ip6fw.sys (manual start) IP Traffic Filter Driver: System32\DRIVERS\ipfltdrv.sys (manual start) IP in IP Tunnel Driver: System32\DRIVERS\ipinip.sys (manual start) IP Network Address Translator: System32\DRIVERS\ipnat.sys (manual start) IPSEC-ohjain: System32\DRIVERS\ipsec.sys (system) IR Enumerator Service: System32\DRIVERS\irenum.sys (manual start) PnP ISA/EISA -väyläohjain: System32\DRIVERS\isapnp.sys (system) Symantec IS Password Validation: "C:\Program Files\Norton Internet Security\isPwdSvc.exe" (manual start) Näppäimistön luokkaohjain: System32\DRIVERS\kbdclass.sys (system) Microsoft Kernel Wave Audio Mixer: system32\drivers\kmixer.sys (manual start) Palvelin: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart) Työasema: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart) litdpl: system32\DRIVERS\litdpl.sys (autostart) LiveUpdate: "C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE" (manual start) LiveUpdate Notice Service Ex: "C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe" /h ccCommon (autostart) LiveUpdate Notice Service: "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /m "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PifEng.dll" (autostart) TCP/IP NetBIOS Helper: %SystemRoot%\System32\svchost.exe -k LocalService (autostart) Viestinvälitys: %SystemRoot%\System32\svchost.exe -k netsvcs (disabled) NetMeeting etätyöpöydän jakaminen: C:\WINDOWS\System32\mnmsrvc.exe (manual start) Hiiren luokkaohjain: System32\DRIVERS\mouclass.sys (system) Hiiren HID-ohjain: System32\DRIVERS\mouhid.sys (manual start) WebDav Client Redirector: System32\DRIVERS\mrxdav.sys (manual start) MRXSMB: System32\DRIVERS\mrxsmb.sys (system) Distributed Transaction Coordinator: C:\WINDOWS\System32\msdtc.exe (manual start) Windows Installer: C:\WINDOWS\system32\msiexec.exe /V (manual start) Microsoft Streaming Service -välityspalvelin: system32\drivers\MSKSSRV.sys (manual start) Microsoft Streaming Clock Proxy: system32\drivers\MSPCLOCK.sys (manual start) Microsoft Streaming Quality Manager Proxy: system32\drivers\MSPQM.sys (manual start) Microsoft-järjestelmänhallinnan BIOS-ohjain: System32\DRIVERS\mssmbios.sys (manual start) Microsoft MPU-401 MIDI UART Driver: system32\drivers\msmpu401.sys (manual start) NAVENG: \??\C:\PROGRA~1\COMMON~1\SYMANT~1\VIRUSD~1\20070506.018\NAVENG.SYS (manual start) NAVEX15: \??\C:\PROGRA~1\COMMON~1\SYMANT~1\VIRUSD~1\20070506.018\NAVEX15.SYS (manual start) NBService: C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe (manual start) Remote Access NDIS TAPI Driver: System32\DRIVERS\ndistapi.sys (manual start) NDIS Usermode I/O -protokolla: System32\DRIVERS\ndisuio.sys (manual start) Remote Access NDIS WAN Driver: System32\DRIVERS\ndiswan.sys (manual start) NetBIOS-käyttöliittymä: System32\DRIVERS\netbios.sys (system) NetBIOS TCP/IP:n päällä: System32\DRIVERS\netbt.sys (system) Verkon DDE: %SystemRoot%\system32\netdde.exe (disabled) Verkon DDE DSDM: %SystemRoot%\system32\netdde.exe (disabled) Verkkokirjautuminen: %SystemRoot%\System32\lsass.exe (manual start) Verkkoyhteydet: %SystemRoot%\System32\svchost.exe -k netsvcs (manual start) 1394-verkko-ohjain: System32\DRIVERS\nic1394.sys (manual start) NLA-nimiavaruus (Network Location Awareness): %SystemRoot%\System32\svchost.exe -k netsvcs (manual start) NT LM -suojaustuen toimittaja: %SystemRoot%\System32\lsass.exe (manual start) Siirrettävät tallennusvälineet: %SystemRoot%\system32\svchost.exe -k netsvcs (manual start) nvatabus: system32\DRIVERS\nvatabus.sys (system) NVIDIA nForce Networking Controller Driver: system32\DRIVERS\NVENET.sys (manual start) NVIDIA nForce AGP Bus Filter: system32\DRIVERS\nv_agp.sys (system) IPX Traffic Filter Driver: System32\DRIVERS\nwlnkflt.sys (manual start) IPX Traffic Forwarder Driver: System32\DRIVERS\nwlnkfwd.sys (manual start) OHCI Compliant IEEE 1394 Host Controller: System32\DRIVERS\ohci1394.sys (system) Office Source Engine: "C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE" (manual start) Rinnakkaisporttiohjain: System32\DRIVERS\parport.sys (manual start) PCI Bus Driver: System32\DRIVERS\pci.sys (system) PCIIde: System32\DRIVERS\pciide.sys (system) VSO Software pcouffin: System32\Drivers\pcouffin.sys (manual start) Plug and Play: %SystemRoot%\system32\services.exe (autostart) IPSEC-palvelut: %SystemRoot%\System32\lsass.exe (autostart) WAN Miniport (PPTP): System32\DRIVERS\raspptp.sys (manual start) Processor Driver: System32\DRIVERS\processr.sys (system) Suojattu tallennuspaikka: %SystemRoot%\system32\lsass.exe (autostart) QoS-paketinajoitus: System32\DRIVERS\psched.sys (manual start) Direct Parallel Link Driver: System32\DRIVERS\ptilink.sys (manual start) PxHelp20: System32\Drivers\PxHelp20.sys (system) Remote Access Auto Connection -ohjain: System32\DRIVERS\rasacd.sys (system) Remote Access Auto Connection -hallinta: %SystemRoot%\System32\svchost.exe -k netsvcs (manual start) WAN Miniport (L2TP): System32\DRIVERS\rasl2tp.sys (manual start) Etäkäytön (RAS) yhteyksienhallinta: %SystemRoot%\System32\svchost.exe -k netsvcs (manual start) Remote Access PPPOE Driver: System32\DRIVERS\raspppoe.sys (manual start) Suora rinnakkainen: System32\DRIVERS\raspti.sys (manual start) Rdbss: System32\DRIVERS\rdbss.sys (system) RDPCDD: System32\DRIVERS\RDPCDD.sys (system) Terminal Server Device Redirector -ohjain: System32\DRIVERS\rdpdr.sys (manual start) Etätyöpöydän ohjeen istunnonhallinta: C:\WINDOWS\system32\sessmgr.exe (manual start) Digital CD Audio Playback Filter Driver: System32\DRIVERS\redbook.sys (system) Reititys ja etäkäyttö: %SystemRoot%\System32\svchost.exe -k netsvcs (disabled) Etärekisteri: %SystemRoot%\system32\svchost.exe -k LocalService (autostart) Etäproseduurikutsujen (RPC) paikannin: %SystemRoot%\System32\locator.exe (manual start) Etäproseduurikutsu (RPC): %SystemRoot%\system32\svchost -k rpcss (autostart) QoS RSVP: %SystemRoot%\System32\rsvp.exe (manual start) Realtek RTL8139(A/B/C)-based PCI Fast Ethernet Adapter NT Driver: System32\DRIVERS\RTL8139.SYS (manual start) Käyttöoikeustilien hallinta: %SystemRoot%\system32\lsass.exe (autostart) Älykortti: %SystemRoot%\System32\SCardSvr.exe (manual start) Tehtävien ajoitus: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart) Secdrv: System32\DRIVERS\secdrv.sys (manual start) Toissijainen kirjautuminen: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart) Järjestelmätapahtuman ilmoitus: %SystemRoot%\system32\svchost.exe -k netsvcs (autostart) Prolific Serial port driver: system32\DRIVERS\ser2pl.sys (manual start) Serenum Filter Driver: System32\DRIVERS\serenum.sys (manual start) Sarjaporttiohjain: System32\DRIVERS\serial.sys (system) Windows Firewall/Internet Connection Sharing (ICS): %SystemRoot%\system32\svchost.exe -k netsvcs (autostart) Käyttöliittymän laitteistotunnistus: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart) SPBBCDrv: \??\C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCDrv.sys (system) Microsoft Kernel Audio Splitter: system32\drivers\splitter.sys (manual start) Taustatulostusohjain: %SystemRoot%\system32\spoolsv.exe (autostart) Järjestelmän palautussuodatin -ohjain: System32\DRIVERS\sr.sys (system) Järjestelmän palauttaminen -palvelu: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart) SRTSP: System32\Drivers\SRTSP.SYS (manual start) SRTSPL: System32\Drivers\SRTSPL.SYS (manual start) SRTSPX: System32\Drivers\SRTSPX.SYS (system) Srv: System32\DRIVERS\srv.sys (manual start) SSDP-palvelu (Simple Service Discovery Protocol): %SystemRoot%\System32\svchost.exe -k LocalService (manual start) WIA (Windows Image Acquisition): %SystemRoot%\System32\svchost.exe -k imgsvc (autostart) StyleXPHelper: \??\C:\Program Files\TGTSoft\StyleXP\StyleXPHelper.exe (system) StyleXPService: "C:\Program Files\TGTSoft\StyleXP\StyleXPService.exe" (autostart) Ohjelmistoväyläohjain: System32\DRIVERS\swenum.sys (manual start) Microsoft Kernel GS Wavetable Synthesizer: system32\drivers\swmidi.sys (manual start) MS Software Shadow Copy Provider: C:\WINDOWS\System32\dllhost.exe /Processid:{2D5C8796-BEC0-428F-B585-789150CA9683} (manual start) Symantec Core LC: "C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe" (manual start) Symantec AppCore Service: "C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe" (autostart) SYMDNS: \SystemRoot\System32\Drivers\SYMDNS.SYS (manual start) SymEvent: \??\C:\WINDOWS\system32\Drivers\SYMEVENT.SYS (manual start) SYMFW: \SystemRoot\System32\Drivers\SYMFW.SYS (manual start) SYMIDS: \SystemRoot\System32\Drivers\SYMIDS.SYS (manual start) SYMIDSCO: \??\C:\PROGRA~1\COMMON~1\SYMANT~1\SymcData\idsdefs\20070426.001\SymIDSCo.sys (manual start) SYMNDIS: \SystemRoot\System32\Drivers\SYMNDIS.SYS (manual start) SYMREDRV: \SystemRoot\System32\Drivers\SYMREDRV.SYS (manual start) SYMTDI: \SystemRoot\System32\Drivers\SYMTDI.SYS (system) Microsoft Kernel System Audio Device: system32\drivers\sysaudio.sys (manual start) Resurssilokit ja -hälytykset: %SystemRoot%\system32\smlogsvc.exe (manual start) Puhelin: %SystemRoot%\System32\svchost.exe -k netsvcs (manual start) TCP/IP-protokollaohjain: System32\DRIVERS\tcpip.sys (system) Päätelaiteohjain: System32\DRIVERS\termdd.sys (system) Päätepalvelut: %SystemRoot%\System32\svchost -k DComLaunch (manual start) Teemat: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart) Telnet: C:\WINDOWS\System32\tlntsvr.exe (manual start) Tiedostolinkkijäljityksen asiakas: %SystemRoot%\system32\svchost.exe -k netsvcs (autostart) Microcode Update -ohjain: System32\DRIVERS\update.sys (manual start) Universal Plug & Play -laiteisäntä: %SystemRoot%\System32\svchost.exe -k LocalService (manual start) Uninterruptible Power Supply: %SystemRoot%\System32\ups.exe (manual start) Microsoft USB Generic Parent Driver: system32\DRIVERS\usbccgp.sys (manual start) Microsoft USB Standard Hub Driver: System32\DRIVERS\usbhub.sys (manual start) Microsoft USB Open Host Controller Miniport Driver: System32\DRIVERS\usbohci.sys (manual start) Microsoft USB PRINTER -luokka: system32\DRIVERS\usbprint.sys (manual start) USB Scanner Driver: system32\DRIVERS\usbscan.sys (manual start) Messengerin jaettavien kansioiden USN Journal -lokin lukupalvelu: "C:\Program Files\MSN Messenger\usnsvc.exe" (manual start) VGA-näytönohjain: \SystemRoot\System32\drivers\vga.sys (system) Aseman tilannevedos: %SystemRoot%\System32\vssvc.exe (manual start) Windows Time: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart) Remote Access IP ARP Driver: System32\DRIVERS\wanarp.sys (manual start) Microsoft WINMM WDM Audio Compatibility Driver: system32\drivers\wdmaud.sys (manual start) WebClient: %SystemRoot%\System32\svchost.exe -k LocalService (autostart) WMI-palvelu (Windows Management Instrumentation): %systemroot%\system32\svchost.exe -k netsvcs (autostart) Kannettavan mediasoittimen sarjanumeropalvelu: %SystemRoot%\System32\svchost.exe -k netsvcs (manual start) WMI-palvelun ohjainlaajennukset: %SystemRoot%\System32\svchost.exe -k netsvcs (manual start) WMI resurssisovitin: C:\WINDOWS\System32\wbem\wmiapsrv.exe (manual start) Windows Media Playerin verkkojakamispalvelu: "C:\Program Files\Windows Media Player\WMPNetwk.exe" (manual start) Tietoturvakeskus: %SystemRoot%\System32\svchost.exe -k netsvcs (disabled) Automaattiset päivitykset: %systemroot%\system32\svchost.exe -k netsvcs (autostart) Windows Driver Foundation - User-mode Driver Framework Platform Driver: system32\DRIVERS\WudfPf.sys (manual start) Windows Driver Foundation - User-mode Driver Framework Reflector: system32\DRIVERS\wudfrd.sys (manual start) Windows Driver Foundation - User-mode Driver Framework: %SystemRoot%\system32\svchost.exe -k WudfServiceGroup (manual start) Wireless Zero Configuration: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart) Verkon käyttöönottopalvelu: %SystemRoot%\System32\svchost.exe -k netsvcs (manual start) -------------------------------------------------- Enumerating Windows NT logon/logoff scripts: *No scripts set to run* Windows NT checkdisk command: BootExecute = autocheck autochk * Windows NT 'Wininit.ini': PendingFileRenameOperations: *Registry value not found* -------------------------------------------------- Enumerating ShellServiceObjectDelayLoad items: PostBootReminder: C:\WINDOWS\system32\SHELL32.dll CDBurn: C:\WINDOWS\system32\SHELL32.dll WebCheck: C:\WINDOWS\System32\webcheck.dll SysTray: C:\WINDOWS\System32\stobject.dll WPDShServiceObj: C:\WINDOWS\system32\WPDShServiceObj.dll -------------------------------------------------- Autorun entries from Registry: HKCU\Software\Microsoft\Windows\CurrentVersion\policies\Explorer\Run *No values found* -------------------------------------------------- Autorun entries from Registry: HKLM\Software\Microsoft\Windows\CurrentVersion\policies\Explorer\Run *No values found* -------------------------------------------------- End of report, 39 243 bytes Report generated in 0,125 seconds Command line options: /verbose - to add additional info on each section /complete - to include empty sections and unsuspicious data /full - to include several rarely-important sections /force9x - to include Win9x-only startups even if running on WinNT /forcent - to include WinNT-only startups even if running on Win9x /forceall - to include all Win9x and WinNT startups, regardless of platform /history - to list version history only
www.virustotal.com c:\windows\system32\shmgrate.exe skannaa toi tiedosto sielä ja laita tulokset tänne Laita piilotiedostot näkyviin ja lähettämisen jälkeen piiloon takaisin ======== Kaspersky online-skanneri Skannaa koneesi Kaspersky Online Skannerilla Sinulta kysytään sallitko ActiveX -komponentin asentamisen Kasperskyltä, klikkaa Kyllä. [*] Ohjelma käynnistyy ja aloittaa viimeisimpien tunnistetiedostojen lataamisen. [*] Kun skanneri on asennettu ja tunnistetiedot ladattu, klikkaa Next. [*] Klikkaa nyt asetuksia, Scan Settings [*] Tarkista asetuksista, että seuraavat ovat valittuina: o Scan using the following Anti-Virus database: + Extended (Jos valittavissa, muuten valitse Standard) o Scan Options: + Scan Archives + Scan Mail Bases [*] Klikkaa OK [*] Nyt valitse "select a target to scan" otsikon alta Oma Tietokone, My Computer [*] Skannaus vie aikaa, joten ole kärsivällinen. Kun skannaus on valmis saat ilmoituksen, jos koneesi on saastunut. [*] Klikkaa nyt Save as Text-painiketta. [*] Tallenna tiedosto työpöydällesi. [*] Kopioi ja Liitä tiedoston sisältö seuraavaan vastaukseesi.
Antivirus Version Update Result AhnLab-V3 2007.5.7.1 05.07.2007 no virus found AntiVir 7.4.0.15 05.07.2007 no virus found Authentium 4.93.8 05.04.2007 no virus found Avast 4.7.997.0 05.05.2007 no virus found AVG 7.5.0.467 05.06.2007 no virus found BitDefender 7.2 05.07.2007 no virus found CAT-QuickHeal 9.00 05.05.2007 no virus found ClamAV devel-20070416 05.07.2007 no virus found DrWeb 4.33 05.07.2007 no virus found eSafe 7.0.15.0 05.03.2007 no virus found eTrust-Vet 30.7.3616 05.07.2007 no virus found Ewido 4.0 05.06.2007 no virus found FileAdvisor 1 05.07.2007 No threat detected Fortinet 2.85.0.0 05.07.2007 no virus found F-Prot 4.3.2.48 05.04.2007 no virus found F-Secure 6.70.13030.0 05.07.2007 no virus found Ikarus T3.1.1.7 05.07.2007 no virus found Kaspersky 4.0.2.24 05.07.2007 no virus found McAfee 5024 05.04.2007 no virus found Microsoft 1.2503 05.07.2007 no virus found NOD32v2 2245 05.06.2007 no virus found Norman 5.80.02 05.04.2007 no virus found Panda 9.0.0.4 05.07.2007 no virus found Prevx1 V2 05.07.2007 no virus found Sophos 4.17.0 05.05.2007 no virus found Sunbelt 2.2.907.0 05.05.2007 no virus found Symantec 10 05.07.2007 no virus found TheHacker 6.1.6.108 05.06.2007 no virus found VBA32 3.11.4 05.07.2007 no virus found VirusBuster 4.3.7:9 05.06.2007 no virus found Webwasher-Gateway 6.0.1 05.07.2007 no virus found Aditional Information File size: 42496 bytes MD5: 9becdba77af85540cdbae2118d5ce6df SHA1: 91429000718fc2401eef1c652a6fdb3a209c5a1c Bit9 info: http://fileadvisor.bit9.com/services/extinfo.aspx?md5=9becdba77af85540cdbae2118d5ce6df ------------------------------------------------------------------------------- KASPERSKY ONLINE SCANNER REPORT Monday, May 07, 2007 11:42:52 AM Operating System: Microsoft Windows XP Professional, Service Pack 2 (Build 2600) Kaspersky Online Scanner version: 5.0.93.0 Kaspersky Anti-Virus database last update: 7/05/2007 Kaspersky Anti-Virus database records: 314115 ------------------------------------------------------------------------------- Scan Settings: Scan using the following antivirus database: extended Scan Archives: true Scan Mail Bases: true Scan Target - My Computer: A:\ C:\ D:\ E:\ F:\ G:\ H:\ I:\ Scan Statistics: Total number of scanned objects: 64996 Number of viruses found: 5 Number of infected objects: 24 Number of suspicious objects: 0 Duration of the scan process: 01:06:07 Infected Object Name / Virus Name / Last Action C:\System Volume Information\_restore{E28C47F2-9EDB-4DF8-A80F-2A114637D0A8}\RP21\A0001339.exe Infected: not-a-virusorn-Tool.Win32.Pornosaur.144 skipped C:\System Volume Information\_restore{E28C47F2-9EDB-4DF8-A80F-2A114637D0A8}\RP21\A0001340.exe Infected: not-a-virusorn-Tool.Win32.Pornosaur.144 skipped C:\System Volume Information\_restore{E28C47F2-9EDB-4DF8-A80F-2A114637D0A8}\RP22\A0001416.exe Infected: Backdoor.Win32.ServU-based.ap skipped C:\System Volume Information\_restore{E28C47F2-9EDB-4DF8-A80F-2A114637D0A8}\RP23\change.log Object is locked skipped C:\WINDOWS\system32\config\system.LOG Object is locked skipped C:\WINDOWS\system32\config\software.LOG Object is locked skipped C:\WINDOWS\system32\config\default.LOG Object is locked skipped C:\WINDOWS\system32\config\SAM.LOG Object is locked skipped C:\WINDOWS\system32\config\SECURITY.LOG Object is locked skipped C:\WINDOWS\system32\config\AppEvent.Evt Object is locked skipped C:\WINDOWS\system32\config\SecEvent.Evt Object is locked skipped C:\WINDOWS\system32\config\SysEvent.Evt Object is locked skipped C:\WINDOWS\system32\config\DEFAULT Object is locked skipped C:\WINDOWS\system32\config\SECURITY Object is locked skipped C:\WINDOWS\system32\config\SOFTWARE Object is locked skipped C:\WINDOWS\system32\config\SYSTEM Object is locked skipped C:\WINDOWS\system32\config\SAM Object is locked skipped C:\WINDOWS\system32\config\ACEEvent.evt Object is locked skipped C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.DATA Object is locked skipped C:\WINDOWS\system32\wbem\Repository\FS\INDEX.BTR Object is locked skipped C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.MAP Object is locked skipped C:\WINDOWS\system32\wbem\Repository\FS\MAPPING1.MAP Object is locked skipped C:\WINDOWS\system32\wbem\Repository\FS\MAPPING2.MAP Object is locked skipped C:\WINDOWS\system32\wbem\Repository\FS\MAPPING.VER Object is locked skipped C:\WINDOWS\system32\wbem\Repository\FS\INDEX.MAP Object is locked skipped C:\WINDOWS\Debug\PASSWD.LOG Object is locked skipped C:\WINDOWS\Sti_Trace.log Object is locked skipped C:\WINDOWS\wiaservc.log Object is locked skipped C:\WINDOWS\wiadebug.log Object is locked skipped C:\WINDOWS\SchedLgU.Txt Object is locked skipped C:\WINDOWS\SoftwareDistribution\ReportingEvents.log Object is locked skipped C:\WINDOWS\WindowsUpdate.log Object is locked skipped C:\Documents and Settings\All Users\Application Data\Symantec\LiveUpdate\2007-05-07_Log.ALUSchedulerSvc.LiveUpdate Object is locked skipped C:\Documents and Settings\All Users\Application Data\Symantec\Common Client\settings.dat Object is locked skipped C:\Documents and Settings\All Users\Application Data\Symantec\SRTSP\SrtETmp\ACAEBAE9.TMP Object is locked skipped C:\Documents and Settings\All Users\Application Data\Symantec\SRTSP\SrtETmp\C7CD960D.TMP Object is locked skipped C:\Documents and Settings\All Users\Application Data\Symantec\SRTSP\SrtViEvt.log Object is locked skipped C:\Documents and Settings\All Users\Application Data\Symantec\SRTSP\SrtNvEvt.log Object is locked skipped C:\Documents and Settings\All Users\Application Data\Symantec\SRTSP\SrtMoEvt.log Object is locked skipped C:\Documents and Settings\All Users\Application Data\Symantec\SRTSP\SrtScEvt.log Object is locked skipped C:\Documents and Settings\All Users\Application Data\Symantec\SRTSP\SrtErEvt.log Object is locked skipped C:\Documents and Settings\All Users\Application Data\Symantec\SRTSP\SrtTxFEvt.log Object is locked skipped C:\Documents and Settings\All Users\Application Data\Symantec\SPBBC\SPPolicy.log Object is locked skipped C:\Documents and Settings\All Users\Application Data\Symantec\SPBBC\SPStart.log Object is locked skipped C:\Documents and Settings\All Users\Application Data\Symantec\SPBBC\SPStop.log Object is locked skipped C:\Documents and Settings\All Users\Application Data\Symantec\SPBBC\BBValid.log Object is locked skipped C:\Documents and Settings\All Users\Application Data\Symantec\SPBBC\BBConfig.log Object is locked skipped C:\Documents and Settings\All Users\Application Data\Symantec\SPBBC\BBRefr.log Object is locked skipped C:\Documents and Settings\All Users\Application Data\Symantec\SPBBC\BBNotify.log Object is locked skipped C:\Documents and Settings\All Users\Application Data\Symantec\SPBBC\BBSetCfg.log Object is locked skipped C:\Documents and Settings\All Users\Application Data\Symantec\SPBBC\BBSetCfg2.log Object is locked skipped C:\Documents and Settings\All Users\Application Data\Symantec\SPBBC\BBSetUsr.log Object is locked skipped C:\Documents and Settings\All Users\Application Data\Symantec\SPBBC\BBStHash.log Object is locked skipped C:\Documents and Settings\All Users\Application Data\Symantec\SPBBC\BBSetLoc.log Object is locked skipped C:\Documents and Settings\All Users\Application Data\Symantec\SPBBC\BBSetDev.log Object is locked skipped C:\Documents and Settings\All Users\Application Data\Symantec\SPBBC\BBDetect.log Object is locked skipped C:\Documents and Settings\All Users\Application Data\Symantec\SPBBC\BBDebug.log Object is locked skipped C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped C:\Documents and Settings\NetworkService\ntuser.dat.LOG Object is locked skipped C:\Documents and Settings\NetworkService\NTUSER.DAT Object is locked skipped C:\Documents and Settings\LocalService\Local Settings\Sivuhistoria\History.IE5\index.dat Object is locked skipped C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped C:\Documents and Settings\LocalService\Cookies\index.dat Object is locked skipped C:\Documents and Settings\LocalService\ntuser.dat.LOG Object is locked skipped C:\Documents and Settings\LocalService\NTUSER.DAT Object is locked skipped C:\Documents and Settings\jurppi\ntuser.dat Object is locked skipped C:\Documents and Settings\jurppi\Local Settings\Sivuhistoria\History.IE5\index.dat Object is locked skipped C:\Documents and Settings\jurppi\Local Settings\Sivuhistoria\History.IE5\MSHist012007050720070508\index.dat Object is locked skipped C:\Documents and Settings\jurppi\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped C:\Documents and Settings\jurppi\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped C:\Documents and Settings\jurppi\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped C:\Documents and Settings\jurppi\Local Settings\Application Data\ATI\ACE\Log\MOM-0.log Object is locked skipped C:\Documents and Settings\jurppi\Local Settings\Application Data\Mozilla\Firefox\Profiles\qjskq7fl.default\Cache\_CACHE_MAP_ Object is locked skipped C:\Documents and Settings\jurppi\Local Settings\Application Data\Mozilla\Firefox\Profiles\qjskq7fl.default\Cache\_CACHE_001_ Object is locked skipped C:\Documents and Settings\jurppi\Local Settings\Application Data\Mozilla\Firefox\Profiles\qjskq7fl.default\Cache\_CACHE_002_ Object is locked skipped C:\Documents and Settings\jurppi\Local Settings\Application Data\Mozilla\Firefox\Profiles\qjskq7fl.default\Cache\_CACHE_003_ Object is locked skipped C:\Documents and Settings\jurppi\Cookies\index.dat Object is locked skipped C:\Documents and Settings\jurppi\Application Data\Mozilla\Firefox\Profiles\qjskq7fl.default\history.dat Object is locked skipped C:\Documents and Settings\jurppi\Application Data\Mozilla\Firefox\Profiles\qjskq7fl.default\parent.lock Object is locked skipped C:\Documents and Settings\jurppi\Application Data\Mozilla\Firefox\Profiles\qjskq7fl.default\cert8.db Object is locked skipped C:\Documents and Settings\jurppi\Application Data\Mozilla\Firefox\Profiles\qjskq7fl.default\key3.db Object is locked skipped C:\Documents and Settings\jurppi\Application Data\Mozilla\Firefox\Profiles\qjskq7fl.default\search.sqlite Object is locked skipped C:\Documents and Settings\jurppi\Application Data\Mozilla\Firefox\Profiles\qjskq7fl.default\urlclassifier2.sqlite Object is locked skipped C:\Documents and Settings\jurppi\ntuser.dat.LOG Object is locked skipped C:\Program Files\Common Files\Symantec Shared\EENGINE\EPERSIST.DAT Object is locked skipped C:\Program Files\Common Files\Symantec Shared\NFWEVT.LOG Object is locked skipped C:\Program Files\Common Files\Symantec Shared\SNDSYS.log Object is locked skipped C:\Program Files\Common Files\Symantec Shared\SNDFW.log Object is locked skipped C:\Program Files\Common Files\Symantec Shared\SNDCON.log Object is locked skipped C:\Program Files\Common Files\Symantec Shared\SNDALRT.log Object is locked skipped C:\Program Files\Common Files\Symantec Shared\SNDIDS.log Object is locked skipped C:\Program Files\Common Files\Symantec Shared\SNDDBG.log Object is locked skipped C:\Program Files\Norton Internet Security\Norton AntiVirus\AVVirus.log Object is locked skipped C:\Program Files\Norton Internet Security\Norton AntiVirus\AVApp.log Object is locked skipped C:\Program Files\Norton Internet Security\Norton AntiVirus\AVError.log Object is locked skipped D:\AAA\74626.exe/WISE0017.BIN Infected: not-a-virus:AdWare.Win32.NewDotNet skipped D:\AAA\74626.exe/WISE0019.BIN Infected: not-a-virus:AdTool.Win32.WhenU.a skipped D:\AAA\74626.exe/WISE0024.BIN Infected: not-a-virus:AdWare.Win32.Relevant.a skipped D:\AAA\74626.exe WiseSFX: infected - 3 skipped D:\AAA\74626.exe WiseSFX Dropper: infected - 3 skipped D:\AAA\57996.exe/WISE0017.BIN Infected: not-a-virus:AdWare.Win32.NewDotNet skipped D:\AAA\57996.exe/WISE0019.BIN Infected: not-a-virus:AdTool.Win32.WhenU.a skipped D:\AAA\57996.exe/WISE0024.BIN Infected: not-a-virus:AdWare.Win32.Relevant.a skipped D:\AAA\57996.exe WiseSFX: infected - 3 skipped D:\AAA\57996.exe WiseSFX Dropper: infected - 3 skipped D:\AAA\54376.exe/WISE0017.BIN Infected: not-a-virus:AdWare.Win32.NewDotNet skipped D:\AAA\54376.exe/WISE0019.BIN Infected: not-a-virus:AdTool.Win32.WhenU.a skipped D:\AAA\54376.exe/WISE0024.BIN Infected: not-a-virus:AdWare.Win32.Relevant.a skipped D:\AAA\54376.exe WiseSFX: infected - 3 skipped D:\AAA\54376.exe WiseSFX Dropper: infected - 3 skipped D:\AAA\blazexpss.exe/WISE0017.BIN Infected: not-a-virus:AdWare.Win32.NewDotNet skipped D:\AAA\blazexpss.exe/WISE0019.BIN Infected: not-a-virus:AdTool.Win32.WhenU.a skipped D:\AAA\blazexpss.exe/WISE0024.BIN Infected: not-a-virus:AdWare.Win32.Relevant.a skipped D:\AAA\blazexpss.exe WiseSFX: infected - 3 skipped D:\AAA\blazexpss.exe WiseSFX Dropper: infected - 3 skipped F:\System Volume Information\_restore{E28C47F2-9EDB-4DF8-A80F-2A114637D0A8}\RP21\A0001338.exe Infected: not-a-virusorn-Tool.Win32.Pornosaur.144 skipped Scan process completed.
Tääl taitaa olla kaikenlaista roskaa D:\AAA\ eli kannattaa poistaa se kansio Pysy puhtaana -> Tyhjennä järjestelmänpalautus Ohjeet Tyhjennä järjestelmänpalautuskansio ja luo uusi palautuspiste. Tämä puhdistaa palautuskansion mahdollisista haittaohjelmajäännöksistä. -> Käytä CCleaneria -> CCleaner Lataa ja asenna CCleaner. Puhdista väliaikaistiedostot ja -kansiot ohjelmalla säännöllisesti. -> Asenna SpywareBlaster -> SpywareBlaster SpywareBlaster estää haittaohjelmia asentumasta koneellesi. Ei kuluta muistia! Opas saatavilla suomeksi! Nimimerkki Ad-Awaren opas -> Asenna MVPS Hosts tiedosto -> MVPS Hosts Estää koneesi yhteyden haitallisiin sivustoihin. Opas saatavilla suomeksi! Nimimerkki Axelin opas -> Vaihda selaimesi Firefoxiin -> Firefox Firefox on nopeampi, turvallisempi ja parempi selain kuin Internet Explorer. -> Pidä järjestelmäsi ajantasalla. -> Windows Update Vieraile Windows Updatessa säännöllisesti. -> Pidä palomuuri ja virustorjunta ajantasalla Päivitä ja skannaa koneesi säännöllisesti virustorjuntaohjelmallasi. ja hyvä myös escan http://koti.mbnet.fi/pattaya1/escanmwav.htm ->Pidä ohjelmistosi ajantasalla. -> Secunia Software Inspector Secunia Software Inspector tutkii sinun järjestälmäsi ja ohjelmistosi puuttuvien turvallisuuspäivityksien osalta. Tavallinen tutkinta kestää normaalisti 5-40 sekuntia, kun läpikotainen (thorough system inspection) voi kestää useita minuutteja. ->Seuraa säännöllisesti viestintäviraston tietoja uusista haavoittuvuuksista -> CERT-FI
Joo huomasin ihan saman to D:\AAA\ kansion suhteen ja nakkelin kaiken roskikseen. Netti toimii ainaki todella paljo paremmin, ei nyi ei pätki enää. Kiitos teille, koitan pitää koneen puhtoisempana.
