Ei saa taustakuvaa!

Kone ei ota vastaan mitään taustakuvaa, eikä pysty taustakuva valikkoa selaamaan. Alimpana kuva valikossa on DESKTOP kuvake joku on omituisen näköinen. Eli kokovalikko on jumissa. tällä hetkellä on taustana vain sininenpohja työpöydällä!!

Tätä toiminta estymistä edelsi jonkinmoinen troijalaisen hyökkäys!
virus scanneri löytää edelleen niitä koneelta, mutta ei saada poistettua niitä!?

 

Laita HjT-loki, ohjelman saat täältä -> http://koti.mbnet.fi/pattaya1/HijackThis.exe . Tallenna hakemistoon c:\hjt, käynnistä, klikkaa do a system scan and save a logfile ja lähetä loki tänne.

 

Logfile of HijackThis v1.99.1
Scan saved at 21:46:18, on 28.12.2005
Platform: Windows 2000 SP4 (WinNT 5.00.2195)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\system32\spoolsv.exe
C:\WINNT\System32\svchost.exe
C:\Program Files\Network Associates\Common Framework\FrameworkService.exe
C:\Program Files\Network Associates\VirusScan\Mcshield.exe
C:\Program Files\Network Associates\VirusScan\VsTskMgr.exe
C:\WINNT\system32\regsvc.exe
C:\WINNT\system32\MSTask.exe
C:\WINNT\System32\WBEM\WinMgmt.exe
C:\WINNT\system32\mspmspsv.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\Explorer.EXE
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\WINNT\System32\igfxtray.exe
C:\WINNT\System32\hkcmd.exe
C:\Program Files\Network Associates\VirusScan\SHSTAT.EXE
C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
C:\Program Files\WebSecureAlert\WebSecureAlert.exe
C:\WINNT\System32\msdtc.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINNT\mkscd.dll/sp.html#83556%resultposition.net
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINNT\mkscd.dll/sp.html#83556%resultposition.net
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://aineistot.lehtiyhtyma.fi/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = res://C:\WINNT\mkscd.dll/sp.html#83556%resultposition.net
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = www-cache.kolumbus.fi:8080
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 194.188.72.*;isolaatu.vtt.fi;<local>
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Linkit
R3 - Default URLSearchHook is missing
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar3.dll
O3 - Toolbar: @msdxmLC.dll,-1@1033,&Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINNT\System32\msdxm.ocx
O3 - Toolbar: MSN-työkalurivi - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Toolbar\01.01.2607.0\fi\msntb.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar3.dll
O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
O4 - HKLM\..\Run: [IgfxTray] C:\WINNT\System32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINNT\System32\hkcmd.exe
O4 - HKLM\..\Run: [ShStatEXE] "C:\Program Files\Network Associates\VirusScan\SHSTAT.EXE" /STANDALONE
O4 - HKLM\..\Run: [McAfeeUpdaterUI] "C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe" /StartedFromRunKey
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [MW1HelperStartUp] C:\PROGRA~1\MAGICW~1\MW1HEL~1.EXE /partner MW1
O4 - HKLM\..\Run: [BI1HelperStartUp] C:\PROGRA~1\BEACHI~1\BI1HEL~1.EXE /partner BI1
O4 - HKLM\..\Run: [sdkqt.exe] C:\WINNT\sdkqt.exe
O4 - HKLM\..\Run: [B05.tmp] C:\DOCUME~1\painajat\LOCALS~1\Temp\B05.tmp.exe
O4 - HKLM\..\Run: [B06.tmp] C:\DOCUME~1\painajat\LOCALS~1\Temp\B06.tmp.exe
O4 - HKLM\..\Run: [winno.exe] C:\WINNT\winno.exe
O4 - HKCU\..\Run: [Registry Cleaner] "C:\Program Files\Registry Cleaner Trial\regclean.exe"
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [Windows installer] C:\winstall.exe
O4 - Global Startup: GStartup.lnk = C:\Program Files\Common Files\GMT\GMT.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: WebSecureAlert.lnk = C:\Program Files\WebSecureAlert\WebSecureAlert.exe
O8 - Extra context menu item: &Google-haku - res://c:\program files\google\GoogleToolbar3.dll/cmsearch.html
O8 - Extra context menu item: &Käännä englanninkielinen sana - res://c:\program files\google\GoogleToolbar3.dll/cmwordtrans.html
O8 - Extra context menu item: Linkit taaksepäin - res://c:\program files\google\GoogleToolbar3.dll/cmbacklinks.html
O8 - Extra context menu item: Samankaltaisia sivuja - res://c:\program files\google\GoogleToolbar3.dll/cmsimilar.html
O8 - Extra context menu item: Välimuistissa oleva kuvakaappaus sivusta - res://c:\program files\google\GoogleToolbar3.dll/cmcache.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O12 - Plugin for .pdf: C:\Program Files\Internet Explorer\PLUGINS\nppdf32.dll
O16 - DPF: {012F24D4-35B0-11D0-BF2D-0000E8D0D146} (AtlCam Class) - http://193.65.43.90/sns100.ocx
O16 - DPF: {15AD6789-CDB4-47E1-A9DA-992EE8E6BAD6} - http://static.windupdates.com/cab/MediaAccessVerisign/ie/Bridge-c139.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/msnmessengersetupdownloader.cab
O16 - DPF: {D719897A-B07A-4C0C-AEA9-9B663A28DFCB} (iTunesDetector Class) - http://ax.phobos.apple.com.edgesuite.net/detection/ITDetector.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{6A2EF33A-A472-4EA3-B22F-EE1E53EAD43D}: NameServer = 193.229.0.40,193.229.0.42
O17 - HKLM\System\CS1\Services\Tcpip\..\{6A2EF33A-A472-4EA3-B22F-EE1E53EAD43D}: NameServer = 193.229.0.40,193.229.0.42
O17 - HKLM\System\CS2\Services\Tcpip\..\{6A2EF33A-A472-4EA3-B22F-EE1E53EAD43D}: NameServer = 193.229.0.40,193.229.0.42
O20 - Winlogon Notify: igfxcui - C:\WINNT\SYSTEM32\igfxsrvc.dll
O20 - Winlogon Notify: nwprovau - C:\WINNT\SYSTEM32\nwprovau.dll
O23 - Service: Workstation NetLogon Service ( 11Fßä#·ºÄÖ`I) - Unknown owner - C:\WINNT\sysma32.exe (file missing)
O23 - Service: Loogisen levyn hallinnan valvontapalvelu (dmadmin) - VERITAS Software Corp. - C:\WINNT\System32\dmadmin.exe
O23 - Service: McAfee Framework Service (McAfeeFramework) - Network Associates, Inc. - C:\Program Files\Network Associates\Common Framework\FrameworkService.exe
O23 - Service: Network Associates McShield (McShield) - Network Associates, Inc. - C:\Program Files\Network Associates\VirusScan\Mcshield.exe
O23 - Service: Network Associates Task Manager (McTaskManager) - Network Associates, Inc. - C:\Program Files\Network Associates\VirusScan\VsTskMgr.exe



Siis tämmöinen??

 

-kemisti- Laittoi paremmat ohjeet =)

 

Laita piilotiedostot näkyviin -> http://keskustelu.afterdawn.com/thread_view.cfm/248944

Hae CWShredder täältä -> http://www.intermute.com/spysubtract/cwshredder_download.html

Päivitä, mutta älä käytä sitä vielä

Hae aboutbuster -> http://koti.mbnet.fi/pattaya1/aboutbuster.htm , päivitä se, mutta älä käytä sitäkään vielä.

Hae Registrar Lite -> http://www.resplendence.com/reglite/ ja asenna se hakemistoon C:\Program Files\RegLite\ .


Lataa ja asenna Ewido -> http://www.ewido.net/en/download/
Päivitä se, mutta älä käytä vielä.


Hae HSfix ->
http://users.telenet.be/marcvn/regfiles/HSfix.zip .
Tuplaklikkaa HSfix.zip ja se purkaa itsensä työpöydälle kansioon HSfix
Älä käytä sitäkään vielä.

Poista ohjauspaneelin kautta (lisää/poista sovellus):

Beach Islands Screensaver
Magic Waterfall Screensaver
Synchronization Manager
GStartup ( voi olla myös nimelllä GMT tai vastaava )
WebSecureAlert

Käynnistä vikasietotilaan (F8 käynnistyksen yhteydessä)


Poista seuraavat, jos löytyy:

C:\WINNT\==>mkscd.dll<==
C:\PROGRA~1\==>MAGICW~1<==
C:\PROGRA~1\==>BEACHI~1<==
C:\DOCUME~1\painajat\LOCALS~1\Temp\==>B05.tmp.exe<==
C:\DOCUME~1\painajat\LOCALS~1\Temp\==>B06.tmp.exe<==
C:\WINNT\==>winno.exe<==
C:\==>winstall.exe<==
C:\Program Files\Common Files\==>GMT<==
C:\Program Files\==>WebSecureAlert<==
C:\WINNT\==>sysma32.exe<==


Sitten sulje kaikki ohjelmat ja käynnistä hijackthis. Merkkaa nämä ja klikkaa fix checked:

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINNT\mkscd.dll/sp.html#83556%resultposition.net
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINNT\mkscd.dll/sp.html#83556%resultposition.net
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = res://C:\WINNT\mkscd.dll/sp.html#83556%resultposition.net
R3 - Default URLSearchHook is missing
O4 - HKLM\..\Run: [MW1HelperStartUp] C:\PROGRA~1\MAGICW~1\MW1HEL~1.EXE /partner MW1
O4 - HKLM\..\Run: [BI1HelperStartUp] C:\PROGRA~1\BEACHI~1\BI1HEL~1.EXE /partner BI1
O4 - HKLM\..\Run: [sdkqt.exe] C:\WINNT\sdkqt.exe
O4 - HKLM\..\Run: [B05.tmp] C:\DOCUME~1\painajat\LOCALS~1\Temp\B05.tmp.exe
O4 - HKLM\..\Run: [B06.tmp] C:\DOCUME~1\painajat\LOCALS~1\Temp\B06.tmp.exe
O4 - HKLM\..\Run: [winno.exe] C:\WINNT\winno.exe
O4 - HKCU\..\Run: [Windows installer] C:\winstall.exe
O4 - Global Startup: GStartup.lnk = C:\Program Files\Common Files\GMT\GMT.exe
O4 - Global Startup: WebSecureAlert.lnk = C:\Program Files\WebSecureAlert\WebSecureAlert.exe
O16 - DPF: {15AD6789-CDB4-47E1-A9DA-992EE8E6BAD6} - http://static.windupdates.com/cab/MediaAccessVerisign/ie/Bridge-c...
O23 - Service: Workstation NetLogon Service ( 11Fßä#·ºÄÖ`I) - Unknown owner - C:\WINNT\sysma32.exe (file missing)

Sitten sammuta tuo service näin: Käynnistä -> suorita -> services.msc -> ok. Etsi listalta Workstation NetLogon Service, tuplaklikkaa, paina seis ja valitse käynnistymistavaksi "ei käytössä".

Mene HSfix-kansioon
Tuplaklikkaa HSfix.reg ja paina Yes.

SULJE KAIKKI IKKUNAT paitsi CWShredder

Aja ohjelma painamalla fix ja anna korjata kaikki mitä löytää.

Skannaa aboutbusterilla kaksi kertaa ja säästä loki.

Skannaa ewidolla ja anna poistaa, mitä löytyy. Tallenna loki ja postita se tänne.

Käynnistä kone normaalisti

Postita hijackthisin, aboutbusterin ja ewidon lokit.

 

Tässä nämä olisi:


AboutBuster 6.0
Scan started on [29.12.2005] at [18:19:39]
-------------------------------------------------------------
Internet Explorer Instances Terminated!
HomeSearch Service stopped if present
-------------------------------------------------------------
No Ads Found!
-------------------------------------------------------------
No Files Found!
-------------------------------------------------------------
Scan was COMPLETED SUCCESSFULLY at 18:21:29


AboutBuster 6.0
Scan started on [29.12.2005] at [19:07:20]
-------------------------------------------------------------
Internet Explorer Instances Terminated!
HomeSearch Service stopped if present
-------------------------------------------------------------
No Ads Found!
-------------------------------------------------------------
No Files Found!
-------------------------------------------------------------
Scan was ABORTED at 19:07:29

------------------------------------------------------------


Logfile of HijackThis v1.99.1
Scan saved at 19:08:04, on 29.12.2005
Platform: Windows 2000 SP4 (WinNT 5.00.2195)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\System32\WBEM\WinMgmt.exe
C:\WINNT\Explorer.EXE
C:\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = www-cache.kolumbus.fi:8080
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 194.188.72.*;isolaatu.vtt.fi;<local>
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Linkit
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar3.dll
O3 - Toolbar: @msdxmLC.dll,-1@1033,&Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINNT\System32\msdxm.ocx
O3 - Toolbar: MSN-työkalurivi - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Toolbar\01.01.2607.0\fi\msntb.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar3.dll
O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
O4 - HKLM\..\Run: [IgfxTray] C:\WINNT\System32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINNT\System32\hkcmd.exe
O4 - HKLM\..\Run: [ShStatEXE] "C:\Program Files\Network Associates\VirusScan\SHSTAT.EXE" /STANDALONE
O4 - HKLM\..\Run: [McAfeeUpdaterUI] "C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe" /StartedFromRunKey
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKCU\..\Run: [Registry Cleaner] "C:\Program Files\Registry Cleaner Trial\regclean.exe"
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O8 - Extra context menu item: &Google-haku - res://c:\program files\google\GoogleToolbar3.dll/cmsearch.html
O8 - Extra context menu item: &Käännä englanninkielinen sana - res://c:\program files\google\GoogleToolbar3.dll/cmwordtrans.html
O8 - Extra context menu item: Linkit taaksepäin - res://c:\program files\google\GoogleToolbar3.dll/cmbacklinks.html
O8 - Extra context menu item: Samankaltaisia sivuja - res://c:\program files\google\GoogleToolbar3.dll/cmsimilar.html
O8 - Extra context menu item: Välimuistissa oleva kuvakaappaus sivusta - res://c:\program files\google\GoogleToolbar3.dll/cmcache.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O12 - Plugin for .pdf: C:\Program Files\Internet Explorer\PLUGINS\nppdf32.dll
O16 - DPF: {012F24D4-35B0-11D0-BF2D-0000E8D0D146} (AtlCam Class) - http://193.65.43.90/sns100.ocx
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/msnmessengersetupdownloader.cab
O16 - DPF: {D719897A-B07A-4C0C-AEA9-9B663A28DFCB} (iTunesDetector Class) - http://ax.phobos.apple.com.edgesuite.net/detection/ITDetector.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{6A2EF33A-A472-4EA3-B22F-EE1E53EAD43D}: NameServer = 193.229.0.40,193.229.0.42
O17 - HKLM\System\CS1\Services\Tcpip\..\{6A2EF33A-A472-4EA3-B22F-EE1E53EAD43D}: NameServer = 193.229.0.40,193.229.0.42
O17 - HKLM\System\CS2\Services\Tcpip\..\{6A2EF33A-A472-4EA3-B22F-EE1E53EAD43D}: NameServer = 193.229.0.40,193.229.0.42
O20 - Winlogon Notify: igfxcui - C:\WINNT\SYSTEM32\igfxsrvc.dll
O20 - Winlogon Notify: nwprovau - C:\WINNT\SYSTEM32\nwprovau.dll
O23 - Service: Loogisen levyn hallinnan valvontapalvelu (dmadmin) - VERITAS Software Corp. - C:\WINNT\System32\dmadmin.exe
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido anti-malware\ewidoctrl.exe
O23 - Service: ewido security suite guard - ewido networks - C:\Program Files\ewido anti-malware\ewidoguard.exe
O23 - Service: McAfee Framework Service (McAfeeFramework) - Network Associates, Inc. - C:\Program Files\Network Associates\Common Framework\FrameworkService.exe
O23 - Service: Network Associates McShield (McShield) - Network Associates, Inc. - C:\Program Files\Network Associates\VirusScan\Mcshield.exe
O23 - Service: Network Associates Task Manager (McTaskManager) - Network Associates, Inc. - C:\Program Files\Network Associates\VirusScan\VsTskMgr.exe

--------------------------------------------------------------------

---------------------------------------------------------
ewido anti-malware - Scan report
---------------------------------------------------------

+ Created on: 19:05:33, 29.12.2005
+ Report-Checksum: DAE2130E

+ Scan result:

HKLM\SOFTWARE\Classes\Interface\{AA4939C3-DECA-4A48-A454-97CD587C0EF5} -> Spyware.ISTBar : Ignored
HKLM\SOFTWARE\aaowier -> Spyware.Blazefind : Cleaned with backup
HKLM\SOFTWARE\Classes\Interface\{EEE4A2E5-9F56-432F-A6ED-F6F625B551E0} -> Dialer.Generic : Cleaned with backup
HKLM\SOFTWARE\Gator.com -> Spyware.Gator : Cleaned with backup
HKLM\SOFTWARE\Gator.com\WebSecureAlert -> Spyware.Gator : Cleaned with backup
HKLM\SOFTWARE\Gator.com\WebSecureAlert\AutoUpdate -> Spyware.Gator : Cleaned with backup
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\AMeOpt -> Spyware.InternetOptimizer : Cleaned with backup
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Rotue -> Spyware.InternetOptimizer : Cleaned with backup
HKLM\SOFTWARE\SearchRelevancy -> Spyware.SearchRelevancy : Cleaned with backup
HKLM\SOFTWARE\SearchRelevancy\Update -> Spyware.SearchRelevancy : Cleaned with backup
HKU\S-1-5-21-2052111302-1390067357-839522115-1001\Software\Gator.com -> Spyware.Gator : Cleaned with backup
HKU\S-1-5-21-2052111302-1390067357-839522115-1001\Software\Gator.com\WebSecureAlert -> Spyware.Gator : Cleaned with backup
HKU\S-1-5-21-2052111302-1390067357-839522115-1001\Software\Gator.com\WebSecureAlert\HomePageProtection -> Spyware.Gator : Cleaned with backup
HKU\S-1-5-21-2052111302-1390067357-839522115-1001\Software\Gator.com\WebSecureAlert\Monitoring -> Spyware.Gator : Cleaned with backup
HKU\S-1-5-21-2052111302-1390067357-839522115-1001\Software\Gator.com\WebSecureAlert\Monitoring\Snapshot -> Spyware.Gator : Cleaned with backup
HKU\S-1-5-21-2052111302-1390067357-839522115-1001\Software\Gator.com\WebSecureAlert\Monitoring\Snapshot\General -> Spyware.Gator : Cleaned with backup
HKU\S-1-5-21-2052111302-1390067357-839522115-1001\Software\Gator.com\WebSecureAlert\Monitoring\Snapshot\Security -> Spyware.Gator : Cleaned with backup
HKU\S-1-5-21-2052111302-1390067357-839522115-1001\Software\Gator.com\WebSecureAlert\Monitoring\Snapshot\Security\Zone_1 -> Spyware.Gator : Cleaned with backup
HKU\S-1-5-21-2052111302-1390067357-839522115-1001\Software\Gator.com\WebSecureAlert\Monitoring\Snapshot\Security\Zone_2 -> Spyware.Gator : Cleaned with backup
HKU\S-1-5-21-2052111302-1390067357-839522115-1001\Software\Gator.com\WebSecureAlert\Monitoring\Snapshot\Security\Zone_3 -> Spyware.Gator : Cleaned with backup
HKU\S-1-5-21-2052111302-1390067357-839522115-1001\Software\Gator.com\WebSecureAlert\Monitoring\Snapshot\Security\Zone_4 -> Spyware.Gator : Cleaned with backup
HKU\S-1-5-21-2052111302-1390067357-839522115-1001\Software\Premium Web Service -> Dialer.Generic : Cleaned with backup
HKU\S-1-5-21-2052111302-1390067357-839522115-1001\Software\Premium Web Service\Content Browser -> Dialer.Generic : Cleaned with backup
HKU\S-1-5-21-2052111302-1390067357-839522115-1001\Software\Premium Web Service\Content Browser\Settings -> Dialer.Generic : Cleaned with backup
C:\Documents and Settings\järjestelmänvalvoja.GOSS-PAGEVISION\Local Settings\Temporary Internet Files\Content.IE5\P3U70YHS\driverguide[1].htm -> Spyware.BookedSpace : Cleaned with backup
:mozilla.8:C:\Documents and Settings\painajat\Application Data\Mozilla\Firefox\Profiles\default.he9\cookies.txt -> Spyware.Cookie.Doubleclick : Cleaned with backup
:mozilla.12:C:\Documents and Settings\painajat\Application Data\Mozilla\Profiles\default\fj35rhb7.slt\cookies.txt -> Spyware.Cookie.Doubleclick : Cleaned with backup
:mozilla.16:C:\Documents and Settings\painajat\Application Data\Mozilla\Profiles\default\fj35rhb7.slt\cookies.txt -> Spyware.Cookie.Hitbox : Cleaned with backup
:mozilla.17:C:\Documents and Settings\painajat\Application Data\Mozilla\Profiles\default\fj35rhb7.slt\cookies.txt -> Spyware.Cookie.Hitbox : Cleaned with backup
:mozilla.23:C:\Documents and Settings\painajat\Application Data\Mozilla\Profiles\default\fj35rhb7.slt\cookies.txt -> Spyware.Cookie.Tradedoubler : Cleaned with backup
:mozilla.24:C:\Documents and Settings\painajat\Application Data\Mozilla\Profiles\default\fj35rhb7.slt\cookies.txt -> Spyware.Cookie.Tradedoubler : Cleaned with backup
:mozilla.25:C:\Documents and Settings\painajat\Application Data\Mozilla\Profiles\default\fj35rhb7.slt\cookies.txt -> Spyware.Cookie.Tradedoubler : Cleaned with backup
:mozilla.26:C:\Documents and Settings\painajat\Application Data\Mozilla\Profiles\default\fj35rhb7.slt\cookies.txt -> Spyware.Cookie.Tradedoubler : Cleaned with backup
:mozilla.43:C:\Documents and Settings\painajat\Application Data\Mozilla\Profiles\default\fj35rhb7.slt\cookies.txt -> Spyware.Cookie.Hitbox : Cleaned with backup
:mozilla.44:C:\Documents and Settings\painajat\Application Data\Mozilla\Profiles\default\fj35rhb7.slt\cookies.txt -> Spyware.Cookie.Hitbox : Cleaned with backup
:mozilla.46:C:\Documents and Settings\painajat\Application Data\Mozilla\Profiles\default\fj35rhb7.slt\cookies.txt -> Spyware.Cookie.Hitbox : Cleaned with backup
:mozilla.47:C:\Documents and Settings\painajat\Application Data\Mozilla\Profiles\default\fj35rhb7.slt\cookies.txt -> Spyware.Cookie.Hitbox : Cleaned with backup
:mozilla.80:C:\Documents and Settings\painajat\Application Data\Mozilla\Profiles\default\fj35rhb7.slt\cookies.txt -> Spyware.Cookie.Yieldmanager : Cleaned with backup
:mozilla.81:C:\Documents and Settings\painajat\Application Data\Mozilla\Profiles\default\fj35rhb7.slt\cookies.txt -> Spyware.Cookie.Yieldmanager : Cleaned with backup
:mozilla.82:C:\Documents and Settings\painajat\Application Data\Mozilla\Profiles\default\fj35rhb7.slt\cookies.txt -> Spyware.Cookie.Yieldmanager : Cleaned with backup
:mozilla.83:C:\Documents and Settings\painajat\Application Data\Mozilla\Profiles\default\fj35rhb7.slt\cookies.txt -> Spyware.Cookie.Yieldmanager : Cleaned with backup
:mozilla.84:C:\Documents and Settings\painajat\Application Data\Mozilla\Profiles\default\fj35rhb7.slt\cookies.txt -> Spyware.Cookie.Yieldmanager : Cleaned with backup
:mozilla.85:C:\Documents and Settings\painajat\Application Data\Mozilla\Profiles\default\fj35rhb7.slt\cookies.txt -> Spyware.Cookie.Yieldmanager : Cleaned with backup
:mozilla.86:C:\Documents and Settings\painajat\Application Data\Mozilla\Profiles\default\fj35rhb7.slt\cookies.txt -> Spyware.Cookie.Yieldmanager : Cleaned with backup
:mozilla.87:C:\Documents and Settings\painajat\Application Data\Mozilla\Profiles\default\fj35rhb7.slt\cookies.txt -> Spyware.Cookie.Yieldmanager : Cleaned with backup
:mozilla.88:C:\Documents and Settings\painajat\Application Data\Mozilla\Profiles\default\fj35rhb7.slt\cookies.txt -> Spyware.Cookie.Yieldmanager : Cleaned with backup
:mozilla.102:C:\Documents and Settings\painajat\Application Data\Mozilla\Profiles\default\fj35rhb7.slt\cookies.txt -> Spyware.Cookie.Onestat : Cleaned with backup
:mozilla.103:C:\Documents and Settings\painajat\Application Data\Mozilla\Profiles\default\fj35rhb7.slt\cookies.txt -> Spyware.Cookie.Onestat : Cleaned with backup
:mozilla.104:C:\Documents and Settings\painajat\Application Data\Mozilla\Profiles\default\fj35rhb7.slt\cookies.txt -> Spyware.Cookie.Onestat : Cleaned with backup
:mozilla.110:C:\Documents and Settings\painajat\Application Data\Mozilla\Profiles\default\fj35rhb7.slt\cookies.txt -> Spyware.Cookie.Fastclick : Cleaned with backup
:mozilla.111:C:\Documents and Settings\painajat\Application Data\Mozilla\Profiles\default\fj35rhb7.slt\cookies.txt -> Spyware.Cookie.Fastclick : Cleaned with backup
:mozilla.113:C:\Documents and Settings\painajat\Application Data\Mozilla\Profiles\default\fj35rhb7.slt\cookies.txt -> Spyware.Cookie.Euroclick : Cleaned with backup
:mozilla.120:C:\Documents and Settings\painajat\Application Data\Mozilla\Profiles\default\fj35rhb7.slt\cookies.txt -> Spyware.Cookie.Mediaplex : Cleaned with backup
:mozilla.121:C:\Documents and Settings\painajat\Application Data\Mozilla\Profiles\default\fj35rhb7.slt\cookies.txt -> Spyware.Cookie.Mediaplex : Cleaned with backup
:mozilla.123:C:\Documents and Settings\painajat\Application Data\Mozilla\Profiles\default\fj35rhb7.slt\cookies.txt -> Spyware.Cookie.Qksrv : Cleaned with backup
:mozilla.124:C:\Documents and Settings\painajat\Application Data\Mozilla\Profiles\default\fj35rhb7.slt\cookies.txt -> Spyware.Cookie.Qksrv : Cleaned with backup
:mozilla.126:C:\Documents and Settings\painajat\Application Data\Mozilla\Profiles\default\fj35rhb7.slt\cookies.txt -> Spyware.Cookie.Statcounter : Cleaned with backup
:mozilla.127:C:\Documents and Settings\painajat\Application Data\Mozilla\Profiles\default\fj35rhb7.slt\cookies.txt -> Spyware.Cookie.Statcounter : Cleaned with backup
:mozilla.128:C:\Documents and Settings\painajat\Application Data\Mozilla\Profiles\default\fj35rhb7.slt\cookies.txt -> Spyware.Cookie.Statcounter : Cleaned with backup
:mozilla.129:C:\Documents and Settings\painajat\Application Data\Mozilla\Profiles\default\fj35rhb7.slt\cookies.txt -> Spyware.Cookie.Statcounter : Cleaned with backup
:mozilla.130:C:\Documents and Settings\painajat\Application Data\Mozilla\Profiles\default\fj35rhb7.slt\cookies.txt -> Spyware.Cookie.Statcounter : Cleaned with backup
:mozilla.131:C:\Documents and Settings\painajat\Application Data\Mozilla\Profiles\default\fj35rhb7.slt\cookies.txt -> Spyware.Cookie.Statcounter : Cleaned with backup
:mozilla.132:C:\Documents and Settings\painajat\Application Data\Mozilla\Profiles\default\fj35rhb7.slt\cookies.txt -> Spyware.Cookie.Statcounter : Cleaned with backup
:mozilla.133:C:\Documents and Settings\painajat\Application Data\Mozilla\Profiles\default\fj35rhb7.slt\cookies.txt -> Spyware.Cookie.Statcounter : Cleaned with backup
:mozilla.134:C:\Documents and Settings\painajat\Application Data\Mozilla\Profiles\default\fj35rhb7.slt\cookies.txt -> Spyware.Cookie.Statcounter : Cleaned with backup
:mozilla.135:C:\Documents and Settings\painajat\Application Data\Mozilla\Profiles\default\fj35rhb7.slt\cookies.txt -> Spyware.Cookie.Statcounter : Cleaned with backup
:mozilla.140:C:\Documents and Settings\painajat\Application Data\Mozilla\Profiles\default\fj35rhb7.slt\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.141:C:\Documents and Settings\painajat\Application Data\Mozilla\Profiles\default\fj35rhb7.slt\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.142:C:\Documents and Settings\painajat\Application Data\Mozilla\Profiles\default\fj35rhb7.slt\cookies.txt -> Spyware.Cookie.Adtech : Cleaned with backup
:mozilla.143:C:\Documents and Settings\painajat\Application Data\Mozilla\Profiles\default\fj35rhb7.slt\cookies.txt -> Spyware.Cookie.Adtech : Cleaned with backup
:mozilla.144:C:\Documents and Settings\painajat\Application Data\Mozilla\Profiles\default\fj35rhb7.slt\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.151:C:\Documents and Settings\painajat\Application Data\Mozilla\Profiles\default\fj35rhb7.slt\cookies.txt -> Spyware.Cookie.Hitbox : Cleaned with backup
:mozilla.153:C:\Documents and Settings\painajat\Application Data\Mozilla\Profiles\default\fj35rhb7.slt\cookies.txt -> Spyware.Cookie.Trafficmp : Cleaned with backup
:mozilla.154:C:\Documents and Settings\painajat\Application Data\Mozilla\Profiles\default\fj35rhb7.slt\cookies.txt -> Spyware.Cookie.Casalemedia : Cleaned with backup
:mozilla.155:C:\Documents and Settings\painajat\Application Data\Mozilla\Profiles\default\fj35rhb7.slt\cookies.txt -> Spyware.Cookie.Casalemedia : Cleaned with backup
:mozilla.156:C:\Documents and Settings\painajat\Application Data\Mozilla\Profiles\default\fj35rhb7.slt\cookies.txt -> Spyware.Cookie.Casalemedia : Cleaned with backup
:mozilla.157:C:\Documents and Settings\painajat\Application Data\Mozilla\Profiles\default\fj35rhb7.slt\cookies.txt -> Spyware.Cookie.Casalemedia : Cleaned with backup
:mozilla.158:C:\Documents and Settings\painajat\Application Data\Mozilla\Profiles\default\fj35rhb7.slt\cookies.txt -> Spyware.Cookie.Casalemedia : Cleaned with backup
:mozilla.159:C:\Documents and Settings\painajat\Application Data\Mozilla\Profiles\default\fj35rhb7.slt\cookies.txt -> Spyware.Cookie.Trafficmp : Cleaned with backup
:mozilla.160:C:\Documents and Settings\painajat\Application Data\Mozilla\Profiles\default\fj35rhb7.slt\cookies.txt -> Spyware.Cookie.Trafficmp : Cleaned with backup
:mozilla.161:C:\Documents and Settings\painajat\Application Data\Mozilla\Profiles\default\fj35rhb7.slt\cookies.txt -> Spyware.Cookie.Trafficmp : Cleaned with backup
:mozilla.162:C:\Documents and Settings\painajat\Application Data\Mozilla\Profiles\default\fj35rhb7.slt\cookies.txt -> Spyware.Cookie.Trafficmp : Cleaned with backup
:mozilla.163:C:\Documents and Settings\painajat\Application Data\Mozilla\Profiles\default\fj35rhb7.slt\cookies.txt -> Spyware.Cookie.Casalemedia : Cleaned with backup
:mozilla.174:C:\Documents and Settings\painajat\Application Data\Mozilla\Profiles\default\fj35rhb7.slt\cookies.txt -> Spyware.Cookie.Webtrendslive : Cleaned with backup
:mozilla.180:C:\Documents and Settings\painajat\Application Data\Mozilla\Profiles\default\fj35rhb7.slt\cookies.txt -> Spyware.Cookie.Tribalfusion : Cleaned with backup
:mozilla.192:C:\Documents and Settings\painajat\Application Data\Mozilla\Profiles\default\fj35rhb7.slt\cookies.txt -> Spyware.Cookie.Atdmt : Cleaned with backup
:mozilla.193:C:\Documents and Settings\painajat\Application Data\Mozilla\Profiles\default\fj35rhb7.slt\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
:mozilla.194:C:\Documents and Settings\painajat\Application Data\Mozilla\Profiles\default\fj35rhb7.slt\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
:mozilla.195:C:\Documents and Settings\painajat\Application Data\Mozilla\Profiles\default\fj35rhb7.slt\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
:mozilla.196:C:\Documents and Settings\painajat\Application Data\Mozilla\Profiles\default\fj35rhb7.slt\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
:mozilla.197:C:\Documents and Settings\painajat\Application Data\Mozilla\Profiles\default\fj35rhb7.slt\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
:mozilla.198:C:\Documents and Settings\painajat\Application Data\Mozilla\Profiles\default\fj35rhb7.slt\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
:mozilla.199:C:\Documents and Settings\painajat\Application Data\Mozilla\Profiles\default\fj35rhb7.slt\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
:mozilla.202:C:\Documents and Settings\painajat\Application Data\Mozilla\Profiles\default\fj35rhb7.slt\cookies.txt -> Spyware.Cookie.Com : Cleaned with backup
:mozilla.203:C:\Documents and Settings\painajat\Application Data\Mozilla\Profiles\default\fj35rhb7.slt\cookies.txt -> Spyware.Cookie.Com : Cleaned with backup
:mozilla.204:C:\Documents and Settings\painajat\Application Data\Mozilla\Profiles\default\fj35rhb7.slt\cookies.txt -> Spyware.Cookie.Bridgetrack : Cleaned with backup
:mozilla.205:C:\Documents and Settings\painajat\Application Data\Mozilla\Profiles\default\fj35rhb7.slt\cookies.txt -> Spyware.Cookie.Questionmarket : Cleaned with backup
:mozilla.206:C:\Documents and Settings\painajat\Application Data\Mozilla\Profiles\default\fj35rhb7.slt\cookies.txt -> Spyware.Cookie.Ru4 : Cleaned with backup
:mozilla.207:C:\Documents and Settings\painajat\Application Data\Mozilla\Profiles\default\fj35rhb7.slt\cookies.txt -> Spyware.Cookie.Ru4 : Cleaned with backup
:mozilla.208:C:\Documents and Settings\painajat\Application Data\Mozilla\Profiles\default\fj35rhb7.slt\cookies.txt -> Spyware.Cookie.Ru4 : Cleaned with backup
:mozilla.214:C:\Documents and Settings\painajat\Application Data\Mozilla\Profiles\default\fj35rhb7.slt\cookies.txt -> Spyware.Cookie.Googleadservices : Cleaned with backup
:mozilla.223:C:\Documents and Settings\painajat\Application Data\Mozilla\Profiles\default\fj35rhb7.slt\cookies.txt -> Spyware.Cookie.Weborama : Cleaned with backup
:mozilla.255:C:\Documents and Settings\painajat\Application Data\Mozilla\Profiles\default\fj35rhb7.slt\cookies.txt -> Spyware.Cookie.Serving-sys : Cleaned with backup
:mozilla.256:C:\Documents and Settings\painajat\Application Data\Mozilla\Profiles\default\fj35rhb7.slt\cookies.txt -> Spyware.Cookie.Serving-sys : Cleaned with backup
:mozilla.257:C:\Documents and Settings\painajat\Application Data\Mozilla\Profiles\default\fj35rhb7.slt\cookies.txt -> Spyware.Cookie.Serving-sys : Cleaned with backup
:mozilla.258:C:\Documents and Settings\painajat\Application Data\Mozilla\Profiles\default\fj35rhb7.slt\cookies.txt -> Spyware.Cookie.Serving-sys : Cleaned with backup
:mozilla.259:C:\Documents and Settings\painajat\Application Data\Mozilla\Profiles\default\fj35rhb7.slt\cookies.txt -> Spyware.Cookie.Falkag : Cleaned with backup
:mozilla.260:C:\Documents and Settings\painajat\Application Data\Mozilla\Profiles\default\fj35rhb7.slt\cookies.txt -> Spyware.Cookie.Falkag : Cleaned with backup
:mozilla.261:C:\Documents and Settings\painajat\Application Data\Mozilla\Profiles\default\fj35rhb7.slt\cookies.txt -> Spyware.Cookie.Falkag : Cleaned with backup
:mozilla.264:C:\Documents and Settings\painajat\Application Data\Mozilla\Profiles\default\fj35rhb7.slt\cookies.txt -> Spyware.Cookie.Falkag : Cleaned with backup
:mozilla.274:C:\Documents and Settings\painajat\Application Data\Mozilla\Profiles\default\fj35rhb7.slt\cookies.txt -> Spyware.Cookie.Liveperson : Cleaned with backup
:mozilla.275:C:\Documents and Settings\painajat\Application Data\Mozilla\Profiles\default\fj35rhb7.slt\cookies.txt -> Spyware.Cookie.Liveperson : Cleaned with backup
:mozilla.288:C:\Documents and Settings\painajat\Application Data\Mozilla\Profiles\default\fj35rhb7.slt\cookies.txt -> Spyware.Cookie.Hitbox : Cleaned with backup
:mozilla.289:C:\Documents and Settings\painajat\Application Data\Mozilla\Profiles\default\fj35rhb7.slt\cookies.txt -> Spyware.Cookie.Hitbox : Cleaned with backup
:mozilla.332:C:\Documents and Settings\painajat\Application Data\Mozilla\Profiles\default\fj35rhb7.slt\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
:mozilla.379:C:\Documents and Settings\painajat\Application Data\Mozilla\Profiles\default\fj35rhb7.slt\cookies.txt -> Spyware.Cookie.Targetnet : Cleaned with backup
:mozilla.380:C:\Documents and Settings\painajat\Application Data\Mozilla\Profiles\default\fj35rhb7.slt\cookies.txt -> Spyware.Cookie.Adbrite : Cleaned with backup
:mozilla.395:C:\Documents and Settings\painajat\Application Data\Mozilla\Profiles\default\fj35rhb7.slt\cookies.txt -> Spyware.Cookie.Valueclick : Cleaned with backup
:mozilla.399:C:\Documents and Settings\painajat\Application Data\Mozilla\Profiles\default\fj35rhb7.slt\cookies.txt -> Spyware.Cookie.Adbrite : Cleaned with backup
:mozilla.409:C:\Documents and Settings\painajat\Application Data\Mozilla\Profiles\default\fj35rhb7.slt\cookies.txt -> Spyware.Cookie.Revenue : Cleaned with backup
:mozilla.425:C:\Documents and Settings\painajat\Application Data\Mozilla\Profiles\default\fj35rhb7.slt\cookies.txt -> Spyware.Cookie.Bluestreak : Cleaned with backup
:mozilla.427:C:\Documents and Settings\painajat\Application Data\Mozilla\Profiles\default\fj35rhb7.slt\cookies.txt -> Spyware.Cookie.Esomniture : Cleaned with backup
:mozilla.429:C:\Documents and Settings\painajat\Application Data\Mozilla\Profiles\default\fj35rhb7.slt\cookies.txt -> Spyware.Cookie.Esomniture : Cleaned with backup
:mozilla.430:C:\Documents and Settings\painajat\Application Data\Mozilla\Profiles\default\fj35rhb7.slt\cookies.txt -> Spyware.Cookie.Esomniture : Cleaned with backup
:mozilla.444:C:\Documents and Settings\painajat\Application Data\Mozilla\Profiles\default\fj35rhb7.slt\cookies.txt -> Spyware.Cookie.Ivwbox : Cleaned with backup
:mozilla.480:C:\Documents and Settings\painajat\Application Data\Mozilla\Profiles\default\fj35rhb7.slt\cookies.txt -> Spyware.Cookie.Adviva : Cleaned with backup
:mozilla.497:C:\Documents and Settings\painajat\Application Data\Mozilla\Profiles\default\fj35rhb7.slt\cookies.txt -> Spyware.Cookie.Hitbox : Cleaned with backup
C:\Documents and Settings\painajat\Cookies\painajat@tradedoubler[1].txt -> Spyware.Cookie.Tradedoubler : Cleaned with backup
C:\Program Files\180searchassistant -> Spyware.180Solutions : Cleaned with backup
C:\Program Files\180searchassistant\salmau.dat -> Spyware.180Solutions : Cleaned with backup
C:\Program Files\180searchassistant\salm_gdf.dat -> Spyware.180Solutions : Cleaned with backup
C:\Program Files\180searchassistant\salm_kyf.dat -> Spyware.180Solutions : Cleaned with backup
C:\Program Files\mozilla.org\Mozilla\plugins\npzango.dll -> Spyware.WinAD : Cleaned with backup
C:\RECYCLER\S-1-5-21-2052111302-1390067357-839522115-1001\Dc1\WebSecureAlert.exe -> Adware.Gator : Cleaned with backup
C:\RECYCLER\S-1-5-21-2052111302-1390067357-839522115-1001\Dc1\WSAHelper.dll -> Adware.Gator : Cleaned with backup


::Report End

 

Kaikki lokit ovat ok. Vielä ongelmia?

 

Kyllä ongelmia, ei ole mitään muutoksia tullut!?!

 

Selvä.

Hae täältä -> http://www.billsway.com/vbspage/ registry search tool ja tee haku "desktop.html":llä. Jos antivirus herjaa, anna ajaa. Jos ei löydy, kokeile "warnhp.html"-hakusanaa

Lähetä registry searchin tulokset.

 

Jep. Tämmöistä ilmotti...


REGEDIT4
; RegSrch.vbs © Bill James

; Registry search results for string "desktop.html" 29.12.2005 20:32:10

; NOTE: This file will be deleted when you close WordPad.
; You must manually save this file to a new location if you want to refer to it again later.
; (If you save the file with a .reg extension, you can use it to restore any Registry changes you make to these values.)


[HKEY_USERS\S-1-5-21-2052111302-1390067357-839522115-1001\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"Wallpaper"="C:\\WINNT\\desktop.html"

 

Ota ensin rekisteristä näin varmuuskopio:

Suorita -> regedit -> ok. Sitten Tiedosto -> Vie. Kirjoita sille joku nimi ja sitten Tallenna(ja laita muistiin, mihin tallensit sen).

Sitten tallenna tämä alla oleva tekstinpätkä nimellä fix.reg vaikka muistiossa ja vaikka työpöydälle (tallennusmuoto kaikki tiedostot)

Windows Registry Editor Version 5.00

[-HKEY_USERS\S-1-5-21-2052111302-1390067357-839522115-1001\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"Wallpaper"="C:\\WINNT\\desktop.html"

Tuplaklikkaa ja paina kyllä ja ok. Käynnistä kone uudelleen. Auttoiko?

 

Laite lähti toimimaan!! Voidaanko edelliset ladatut ohjelmat poistaa, vai voiko niistä olla hyötyä jatkossa?

Suuri kiitos ja hyvää uuttavuotta!!

T.SamiTeemu

 

Kaikki muut voit mielestäni poistaa, mutta tuon Ewidon jättäisin koneelle.Se on tällä hetkellä yksi parhaita spywaren poisto-ohjelmia. Taustasuojaus loppuu 14 pvän jälkeen, mutta senkin jälkeen onnistuu manuaalinen päivitys ja scannailu. Tuolla vielä perusteelliset ohjeet >http://keskustelu.afterdawn.com/thread_view.cfm/269186

 

Itselläni on melko sama ongelma. Taustaa ei saa näkyviin. Työpöydän taustalla näkyy vain välkettä. Hitaasti välillä näkyy valkoinen ja välillä vaaleanruskea ruutu.

 

@Tonski

pistäppä myös hjt lokisi tänne palstalle arvioitavaksi, ohjeet tuossa -kemisti-:n ensimmäisessä viestissä. Tee kuitenkin oma viestiketju että tämä ei sekoitu.