hjt-loki: onko örkkejä?

tiiän että toi webrebates on mutta en tiiä miten poistetaan ja onko muita? nii ja tuo mcafee on jotenki solmussa sitä ei saa poistettua millään mutta f-secure toimii kuitenki


Logfile of HijackThis v1.99.1
Scan saved at 1:33:05, on 21.9.2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Nero\Nero 7\InCD\InCDsrv.exe
C:\Program Files\TGTSoft\StyleXP\StyleXPService.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\F-Secure\BackWeb\7681197\Program\SERVIC~1.EXE
C:\Program Files\F-Secure\Anti-Virus\fsgk32st.exe
C:\Program Files\F-Secure\Anti-Virus\FSGK32.EXE
C:\Program Files\F-Secure\Anti-Virus\fssm32.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\slserv.exe
C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\F-Secure\Common\FSMA32.EXE
C:\Program Files\F-Secure\Common\FSMB32.EXE
C:\Program Files\F-Secure\Common\FCH32.EXE
C:\Program Files\F-Secure\Common\FAMEH32.EXE
C:\Program Files\McAfee\McAfee Firewall\CPD.EXE
C:\Program Files\F-Secure\Common\FNRB32.EXE
C:\Program Files\F-Secure\Common\FIH32.EXE
C:\Program Files\F-Secure\Anti-Virus\fsav32.exe
C:\Program Files\Common Files\PCSuite\Services\ServiceLayer.exe
C:\Program Files\F-Secure\BackWeb\7681197\Program\BackWeb-7681197.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\McAfee\McAfee Firewall\CPD.EXE
C:\WINDOWS\system32\RunDll32.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Common Files\PCSuite\DataLayer\DataLayer.exe
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
C:\Program Files\McAfee\McAfee Shared Components\Guardian\CMGrdian.exe
C:\WINDOWS\system32\LVCOMSX.EXE
C:\Program Files\Logitech\Video\LogiTray.exe
C:\Program Files\DAEMON Tools\daemon.exe
C:\Program Files\Nero\Nero 7\InCD\InCD.exe
C:\Program Files\System32\svchost.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Winamp\winampa.exe
C:\PROGRA~1\Nokia\NOKIAP~1\LAUNCH~1.EXE
C:\Program Files\Logitech\G-series Software\LGDCore.exe
C:\Program Files\Logitech\G-series Software\LCDMon.exe
C:\Program Files\WebRebates4\webrebates.exe
C:\Program Files\Razer\Copperhead\razerhid.exe
C:\Program Files\F-Secure\Common\FSM32.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\McAfee\McAfee Shared Components\Instant Updater\RuLaunch.exe
C:\Program Files\TGTSoft\StyleXP\StyleXP.exe
C:\Program Files\Logitech\G-series Software\Applets\LCDCountdown\LCDCountdown.exe
C:\Program Files\Logitech\G-series Software\Applets\LCDPop3\LCDPOP3.exe
C:\Program Files\CursorXP\CursorXP.exe
C:\Program Files\Logitech\G-series Software\Applets\LCDClock.exe
C:\Program Files\Logitech\G-series Software\Applets\LCDMedia.exe
c:\progra~1\intern~1\iexplore.exe
C:\Program Files\Common Files\Ahead\lib\NMBgMonitor.exe
C:\Program Files\PeerGuardian2\pg2.exe
C:\Program Files\Logitech\Video\FxSvr2.exe
C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe
C:\Program Files\DU Super Controler\DUSuperControler.exe
C:\PROGRA~1\COMMON~1\Nokia\MPAPI\MPAPI3s.exe
C:\Program Files\WinZip\WZQKPICK.EXE
C:\Program Files\Stardock\ObjectDock\ObjectDock.exe
C:\Program Files\DU Super Controler\DUSuperControler.exe
C:\Program Files\Razer\Copperhead\razertra.exe
C:\Program Files\Razer\Copperhead\razerofa.exe
C:\Program Files\WebRebates4\w11150.exe
C:\Program Files\Winamp\winamp.exe
C:\Program Files\Opera\Opera.exe
C:\Program Files\DC++\DCPlusPlus.exe
C:\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://runonce.msn.com/?v=msgrv75
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Linkit
R3 - URLSearchHook: (no name) - <default> - (no file)
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {0B085F22-F928-B9AA-69E4-F9D3B95D118C} - C:\DOCUME~1\irwin\APPLIC~1\IDLEEN~1\Peak more.exe (file missing)
O2 - BHO: URLLink - {4A2AACF3-ADF6-11D5-98A9-00E018981B9E} - C:\Program Files\NewDotNet\newdotnet7_22.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Accoona Search Assistant - {944864A5-3916-46E2-96A9-A2E84F3F1208} - C:\Program Files\Accoona\ASearchAssist.dll (file missing)
O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [System service62] C:\WINDOWS\etb\pokapoka63.exe
O4 - HKLM\..\Run: [DataLayer] C:\Program Files\Common Files\PCSuite\DataLayer\DataLayer.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [SpySpotter System Defender] C:\Program Files\SpySpotter3\Defender.exe -startup
O4 - HKLM\..\Run: [Microsoft Windows DLL Services Configuration] windir32.exe
O4 - HKLM\..\Run: [McAfee Guardian] "C:\Program Files\McAfee\McAfee Shared Components\Guardian\CMGrdian.exe" /SU
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [lsass] C:\windows\system32\eliteeef32.exe
O4 - HKLM\..\Run: [System service66] C:\WINDOWS\etb\pokapoka66.exe
O4 - HKLM\..\Run: [System service65] C:\WINDOWS\etb\pokapoka65.exe
O4 - HKLM\..\Run: [System service63] C:\WINDOWS\etb\pokapoka63.exe
O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\system32\LVCOMSX.EXE
O4 - HKLM\..\Run: [LogitechVideoRepair] C:\Program Files\Logitech\Video\ISStart.exe
O4 - HKLM\..\Run: [LogitechVideoTray] C:\Program Files\Logitech\Video\LogiTray.exe
O4 - HKLM\..\Run: [LogonStudio] "C:\Program Files\WinCustomize\LogonStudio\logonstudio.exe" /RANDOM
O4 - HKLM\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [InCD] C:\Program Files\Nero\Nero 7\InCD\InCD.exe
O4 - HKLM\..\Run: [WinService32] C:\Program Files\System32\svchost.exe
O4 - HKLM\..\Run: [New.net Startup] rundll32 C:\PROGRA~1\NEWDOT~1\NEWDOT~2.DLL,ClientStartup -s
O4 - HKLM\..\Run: [mode audio error coal] C:\Documents and Settings\All Users\Application Data\Secondknobmodeaudio\ActiveHole.exe
O4 - HKLM\..\Run: [BootSkin Startup Jobs] "C:\PROGRA~1\Stardock\WINCUS~1\BootSkin\BootSkin.exe" /StartupJobs
O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe
O4 - HKLM\..\Run: [PCSuiteTrayApplication] C:\PROGRA~1\Nokia\NOKIAP~1\LAUNCH~1.EXE -startup
O4 - HKLM\..\Run: [Launch LGDCore] "C:\Program Files\Logitech\G-series Software\LGDCore.exe" /SHOWHIDE
O4 - HKLM\..\Run: [Launch LCDMon] "C:\Program Files\Logitech\G-series Software\LCDMon.exe"
O4 - HKLM\..\Run: [webrebates] "C:\Program Files\WebRebates4\webrebates.exe"
O4 - HKLM\..\Run: [razer] C:\Program Files\Razer\Copperhead\razerhid.exe
O4 - HKLM\..\Run: [F-Secure Manager] "C:\Program Files\F-Secure\Common\FSM32.EXE" /splash
O4 - HKLM\..\RunServices: [Microsoft Windows DLL Services Configuration] windir32.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Microsoft Windows DLL Services Configuration] windir32.exe
O4 - HKCU\..\Run: [McAfee.InstantUpdate.Monitor] "C:\Program Files\McAfee\McAfee Shared Components\Instant Updater\RuLaunch.exe" /STARTMONITOR
O4 - HKCU\..\Run: [STYLEXP] C:\Program Files\TGTSoft\StyleXP\StyleXP.exe -Hide
O4 - HKCU\..\Run: [CursorXP] C:\Program Files\CursorXP\CursorXP.exe
O4 - HKCU\..\Run: [send stop] C:\DOCUME~1\irwin\APPLIC~1\DRIVES~1\platform great.exe
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [PeerGuardian] C:\Program Files\PeerGuardian2\pg2.exe
O4 - HKCU\..\Run: [MessengerPlus3] "C:\Program Files\MessengerPlus! 3\MsgPlus.exe" /WinStart
O4 - HKCU\..\Run: [PcSync] C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog
O4 - Startup: DUSuperControler.lnk = C:\Program Files\DU Super Controler\DUSuperControler.exe
O4 - Startup: Stardock ObjectDock.lnk = C:\Program Files\Stardock\ObjectDock\ObjectDock.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: DUSuperControler.lnk = C:\Program Files\DU Super Controler\DUSuperControler.exe
O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE
O8 - Extra context menu item: Vie Microsoft E&xceliin - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Web Rebates. - file://C:\Program Files\WebRebates4\websrebates\webtrebates\toprC0.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: Oheistiedot - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra button: PICgrabber - {4964E240-D53C-11D5-BDA9-444553540000} - C:\Program Files\PICgrabber\PICGRABBER.EXE (HKCU)
O9 - Extra 'Tools' menuitem: PICgrabber - Movie&Image Search/Download Software - {4964E240-D53C-11D5-BDA9-444553540000} - C:\Program Files\PICgrabber\PICGRABBER.EXE (HKCU)
O10 - Hijacked Internet access by New.Net
O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab31267.cab
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/SSC/SharedContent/vc/bin/AvSniff.cab
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
O16 - DPF: {9D190AE6-C81E-4039-8061-978EBAD10073} (F-Secure Online Scanner 3.0) - http://support.f-secure.com/ols/fscax.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://messenger.zone.msn.com/binary/ZIntro.cab32846.cab
O16 - DPF: {BD393C14-72AD-4790-A095-76522973D6B8} (CBreakshotControl Class) - http://messenger.zone.msn.com/binary/Bankshot.cab31267.cab
O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/SolitaireShowdown.cab31267.cab
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O23 - Service: AVSync Manager (AvSynMgr) - Unknown owner - C:\Program Files\McAfee\McAfee VirusScan\Avsynmgr.exe (file missing)
O23 - Service: F-Secure BackWeb (BackWeb Client - 7681197) - Unknown owner - C:\PROGRA~1\F-Secure\BackWeb\7681197\Program\SERVIC~1.EXE
O23 - Service: F-Secure BackWeb LAN Access - Unknown owner - C:\Program Files\F-Secure\BackWeb\7681197\Program\fsbwlan.exe
O23 - Service: F-Secure Gatekeeper Handler Starter - F-Secure Corp. - C:\Program Files\F-Secure\Anti-Virus\fsgk32st.exe
O23 - Service: F-Secure Network Request Broker - F-Secure Corporation - C:\Program Files\F-Secure\Common\FNRB32.EXE
O23 - Service: F-Secure Authentication Agent (FSAA) - F-Secure Corporation. All Rights Reserved. - C:\Program Files\F-Secure\Common\FSAA.EXE
O23 - Service: F-Secure Management Agent (FSMA) - F-Secure Corporation - C:\Program Files\F-Secure\Common\FSMA32.EXE
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: InCD Helper (InCDsrv) - Nero AG - C:\Program Files\Nero\Nero 7\InCD\InCDsrv.exe
O23 - Service: McAfee Firewall - Unknown owner - C:\Program Files\McAfee\McAfee Firewall\CPD.EXE" /SERVICE (file missing)
O23 - Service: McShield - Unknown owner - C:\Program Files\Common Files\Network Associates\McShield\Mcshield.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Panda Process Protection Service (PavPrSrv) - Panda Software - C:\Program Files\Common Files\Panda Software\PavShld\pavprsrv.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\Common Files\PCSuite\Services\ServiceLayer.exe
O23 - Service: SmartLinkService (SLService) - - C:\WINDOWS\SYSTEM32\slserv.exe
O23 - Service: StarWind iSCSI Service (StarWindService) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
O23 - Service: StyleXPService - Unknown owner - C:\Program Files\TGTSoft\StyleXP\StyleXPService.exe

 

Lataa Ewido (ohjeet & latausosoite -> http://aaxxeell.googlepages.com/ewido4) asenna ja päivitä ohjeiden mukaan. Älä skannaa vielä!

hijackthis omaan kansioon C:\HJT\HijackThis.exe

lopeta tehtävien hallinnasta (ctrl+alt+delete) seuraavat:
webrebates.exe
w11150.exe

Poista ohjauspaneelista seuraavat:jos löytyy
Accoona
SpySpotter3
MessengerPlus! 3

Ensin lataa LSPfix.exe http://www.cexx.org/lspfix.htm sopivaan sijaintiin (kuten C:\Program Files\LSPFix tai vaikkapa työpöydälle). ÄLÄ aja tätä ohjelmaa vielä. Tätä tulee käyttää VAIN jos internetyhteys häviää NewDotNetin poiston jäljiltä.

NewDotNetin poisto; Mene;

Käynnistä > Ohjauspaneeli > Lisää/Poista sovellus ja hävitä seuraava jos näkyy;

New.Net Applications tai New.Net Domains (Mitä vain mikä sanoo New.Net)

Jos Lisää/Poista sovelluksessa ei ole New.Net listattu, toimi näin.

Varmista että anti-virus ja anti-spyware ohjelmat ovat suljettuna poiston ajan.

Ne saattavat estää New.Netin poiston.

Lataa NNuninstall.exe: http://www.new.net/support/NNuninstall.exe



* Tallenna se työpöydällesi.
* Tupla-klikkaa NNuninstall.exe filua.
* Ohjelma kysyy haluatko poistaa kaikki New.Netin nimet ja osat.
* Klikkaa Yes.
* Klikkaa poiston jälkeen OK.
* Käynnistä kone uudelleen ("Yes - Restart now") ellei jäänyt mitään muuta kesken, jos jäi, jätä kone päälle ("No - I will restart later).



Jos poisto ei onnistu ja virustorjuntaohjelma(t) estävät poisto-ohjelman ajon kokonaan tai
osittain, tee näin: Irrota koneen verkko- tai modeemijohto koneesta siten, ettei sillä
ole yhteyttä internettiin. Sulje tämän jälkeen virustorjuntaohjelma(t) ja aja
NNuninstall.exe. Laita tämän jälkeen virustorjuntaohjelma(t) takaisin päälle ja
vasta sitten kytke verkko- tai modeemijohto takaisin koneeseen.

Tyhjennä roskakori.

JOS menetät nettiyhteytesi kun olet New.Netin poistanut, tupla-klikkaa LSPFix.exe jonka latasit aiemmin. Rastita "I know what I'm doing" valinta. Näet kaksi paneelia; Jos on jotain listattu "Remove" paneeliin oikealla puolella, anna sen olla ja klikkaa "Finish>>". Seuraavaksi käynnistä uudelleen ja netin pitäisi toimia hyvin. Jos mitään ei ole listattu "Remove" paneeliin, ÄLÄ tee MITÄÄN - sulje LSPFix. Tule joltain toiselta koneelta hakemaan lisää neuvoa. (Tämä on vain varotoimenpide, useimmiten netti pysyy ihan kunnossa Wink)


Sitten:
Lataa LQfix.exe© jommastakummasta linkistä:



LQfix.exe© http://www.downloads.subratam.org/LQfix.exe
LQfix.exe© http://miekiemoes.geekstogo.com/tools/LQfix.exe

* Tallenna työpöydälle.
* Tupla-klikkaa LQfix.exe ja klikkaa Next > Next > Install.
* Jätä asetukset kuten ne on, jos vaihdat ne, korjaus epäonnistuu!
* Tarvitset aktiivisen Internet-yhteyden, joten varmista ettet ole estämässä mitään yhteyttä nyt.
* Varmista että "Launch LQfix" boxi on rastitettu.
* Klikkaa Finish valintaa, fixi alkaa.
* Seuraa ohjeita screeniltä.
* Koneesi käynnistyy uusiksi kun työkalu on fixannut.
* Ole kärsivällinen uudelleenkäynnistymisen jälkeen, taustalla on scripti käynnissä.





Ja tämä:
Lataa NoLoptyöpöydällesi yhdestä seuraavista linkeistä...
Linkki 1 http://www.spywareedge.net/nolop/NoLop.exe
Linkki 2 http://www.spywaretimes.com/Tools/download/21/chk,ed0778d88843ca2625ab6208a197bcc5/
Linkki 3 http://www.thespykiller.co.uk/forum/index.php?action=tpmod;dl=item16


* Sulje kaikki ohjelmat, koska tämä vaihe vaatii uudelleenkäynnistyksen
* Tuplaklikkaa NoLop.exe ajaaksesi sen

o Kirjoita tai kopioi/liitä huolellisesti seuraava merkkisarja tekstialueeseen, jossa lukee Insert CLSID Here.

{0B085F22-F928-B9AA-69E4-F9D3B95D118C}

* Klikkaa nappulaa "Search and Destroy"
<<Tietokoneesi skannataan saastuneiden tiedostojen osalta>>
* Kun skannaus on valmis, sinua pyydetään käynnistämään kone uudestaan, jos infektio löytyy. Klikkaa OK
* Klikkaa "REBOOT"-painiketta.
* NoLopin pitäisi antaa viesti. Jos ei, tuplaklikkaa ohjelmaa ja se valmistuu. Lähetä C:\NoLop.log-tiedoston sisältö uuden HijackThis-lokin kera.

-- Jos saat seuraavan virheen, "mscomctl.ocx or one of its dependencies are not correctly registered," lataa mscomctl.ocx http://www.boletrice.com/downloads/mscomctl.ocx ja tallenna se system32-hakemistoosi (yleensä c:\Windows\system32). Tämän jälkeen aja ohjelma uudestaan. --


Avaa HijackThis, klikkaa do a system scan only, merkkaa nämä rivit. Sitten sulje kaikki muut ikkunat ja paina fix checked. kaikkia ei välttämättä enään löydy

R3 - URLSearchHook: (no name) - <default> - (no file)
O2 - BHO: (no name) - {0B085F22-F928-B9AA-69E4-F9D3B95D118C} - C:\DOCUME~1\irwin\APPLIC~1\IDLEEN~1\Peak more.exe (file missing)
O2 - BHO: URLLink - {4A2AACF3-ADF6-11D5-98A9-00E018981B9E} - C:\Program Files\NewDotNet\newdotnet7_22.dll
O2 - BHO: Accoona Search Assistant - {944864A5-3916-46E2-96A9-A2E84F3F1208} - C:\Program Files\Accoona\ASearchAssist.dll (file missing)
O4 - HKLM\..\Run: [System service62] C:\WINDOWS\etb\pokapoka63.exe
O4 - HKLM\..\Run: [SpySpotter System Defender] C:\Program Files\SpySpotter3\Defender.exe -startup
O4 - HKLM\..\Run: [Microsoft Windows DLL Services Configuration] windir32.exe
O4 - HKLM\..\Run: [lsass] C:\windows\system32\eliteeef32.exe
O4 - HKLM\..\Run: [System service66] C:\WINDOWS\etb\pokapoka66.exe
O4 - HKLM\..\Run: [System service65] C:\WINDOWS\etb\pokapoka65.exe
O4 - HKLM\..\Run: [System service63] C:\WINDOWS\etb\pokapoka63.exe
O4 - HKLM\..\Run: [WinService32] C:\Program Files\System32\svchost.exe
O4 - HKLM\..\Run: [New.net Startup] rundll32 C:\PROGRA~1\NEWDOT~1\NEWDOT~2.DLL,ClientStartup -s
O4 - HKLM\..\Run: [mode audio error coal] C:\Documents and Settings\All Users\Application Data\Secondknobmodeaudio\ActiveHole.exe
O4 - HKLM\..\Run: [webrebates] "C:\Program Files\WebRebates4\webrebates.exe"
O4 - HKLM\..\RunServices: [Microsoft Windows DLL Services Configuration] windir32.exe
O4 - HKCU\..\Run: [Microsoft Windows DLL Services Configuration] windir32.exe
O4 - HKCU\..\Run: [send stop] C:\DOCUME~1\irwin\APPLIC~1\DRIVES~1\platform great.exe
O4 - HKCU\..\Run: [MessengerPlus3] "C:\Program Files\MessengerPlus! 3\MsgPlus.exe" /WinStart
O8 - Extra context menu item: Web Rebates. - file://C:\Program Files\WebRebates4\websrebates\webtrebates\toprC0.htm

laita tarvittaessa piilotiedostot näkyviin. ohje==> http://keskustelu.afterdawn.com/thread_view.cfm/248944
mene vikasietotilaan. ohje==>
http://service1.symantec.com/SUPPORT/tsgeninfo.nsf/docid/2001052409420406

poista seuraavat:
C:\DOCUME~1\irwin\APPLIC~1\==>IDLEEN~1<==
C:\Program Files\==>Accoona<==
C:\WINDOWS\==>etb<==
C:\Program Files\==>SpySpotter3<==
C:\windows\system32\==>eliteeef32.exe<==
C:\Program Files\==>System32\<=== HUOM. KANSIO ON C:\Program Filessä EI c:\
C:\Documents and Settings\All Users\Application Data\==>Secondknobmodeaudio<==
C:\Program Files\==>WebRebates4<==
C:\DOCUME~1\irwin\APPLIC~1\==>DRIVES~1\<==
C:\Program Files\==>MessengerPlus! 3<==
C:\PROGRA~1\==>NEWDOT~1<==

käytä etsi-toimintoa ja etsi tuota ==>windir32.exe ja poista jos löytyy

Skannaa ewidolla

Käynnistä kone normaali tilaan ja laita piilotiedostot takaisin piiloon.

Javan päivitys ja välimuistin tyhjennys
1. Klikkaa Käynnistä > Ohjauspaneeli ja tupla-klikkaa Lisää tai poista sovellus Ohjauspaneelissa.
2. Etsi listasta kaikki entiset Java versiosi. (J2SE Runtime Environment.... )
Niissä pitäisi olla seuraava kuva vieressä:
3. Valitse kaikki entiset Java versiosi ja valitse Poista.
4. Asenna uusin Java päivitys seuraavasta linkistä..
5. Käynnistä kone uudelleen asennuksen jälkeen:

http://java.sun.com/javase/downloads/index.jsp

6. Käynnistyksen jälkeen, mene takaisin Ohjauspaneeliin ja avaa Java asetuksesi (Muita Ohjauspaneelin asetuksia -> Java kahvikuppi).
7. Temporary Internet Files -osion alla, klikkaa Delete Files nappia.
8. Varmista että kaikki kolme valintaa ovat rastitettuja:

Downloaded Applets
Downloaded Applications
Other Files

9. Klikkaa OK "Delete Temporary Internet Files" -ikkunassasi.
Huomaa: Tämä poistaa kaikki ladatut sovellukset ja appletit VÄLIMUISTISTA.
10. Klikkaa OK jättääksesi Java asetusikkunasi.

lähetä:
ewidon raportti
NoLOpin raportti
Uusi hjt-loki

 

tässä on nuo logit mutta tota java osiota en saanu hoidettua koska homma töppäs siihen että kun yritin poistaa tota "j2se runtime environment 5.0 update 4", ilmestyi viesti "Internal error 2753. RegUtils" ja sen jälkeen "vakava virhe" sitten ei tapahtunut enää mitään, "update 6" kyllä lähti ku taisto työkkäristä mutta tuo "update 4" on vielä siellä.
----------------------------------------------------------------------
NoLop! Log by Skate_Punk_21

Please Note: any existing old logs will have now been renamed to NoLop!OLD.log

Fix running from: C:\Documents and Settings\irwin\Työpöytä
[21.9.2006]
[14:03:20]

---Infection Files Found/Removed---
C:\Documents and Settings\All Users\Application Data\Secondknobmodeaudio\01platform.exe
C:\Documents and Settings\All Users\Application Data\Secondknobmodeaudio\ActiveHole.exe
C:\Documents and Settings\All Users\Application Data\Secondknobmodeaudio\Bold Help.exe
C:\Documents and Settings\All Users\Application Data\Secondknobmodeaudio\Loud debug.exe
C:\Documents and Settings\All Users\Application Data\Secondknobmodeaudio\Mapibib.exe
C:\Documents and Settings\All Users\Application Data\Secondknobmodeaudio\Soft trust.exe

Beginning Removal...
Rebooting...
Removing Lop's Leftover Files/Folders...
Editing Registry...
**Fix Complete!**

---Listing AppData sub directories---

C:\Documents and Settings\All Users\Application Data\Adobe
C:\Documents and Settings\All Users\Application Data\Ahead
C:\Documents and Settings\All Users\Application Data\Apple Computer
C:\Documents and Settings\All Users\Application Data\Avg7 -- EMPTY Directory
C:\Documents and Settings\All Users\Application Data\Downloaded Installations
C:\Documents and Settings\All Users\Application Data\Dvd Shrink
C:\Documents and Settings\All Users\Application Data\Grisoft(2)
C:\Documents and Settings\All Users\Application Data\Locktime
C:\Documents and Settings\All Users\Application Data\Logitech
C:\Documents and Settings\All Users\Application Data\Microsoft
C:\Documents and Settings\All Users\Application Data\Npf
C:\Documents and Settings\All Users\Application Data\Nview_profiles -- EMPTY Directory
C:\Documents and Settings\All Users\Application Data\Pc Suite
C:\Documents and Settings\All Users\Application Data\Soliddocuments
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
C:\Documents and Settings\All Users\Application Data\Ssdata
C:\Documents and Settings\Default User\Application Data\Identities
C:\Documents and Settings\Default User\Application Data\Microsoft
C:\Documents and Settings\Irwin\Application Data\.bittorrent
C:\Documents and Settings\Irwin\Application Data\Adobe
C:\Documents and Settings\Irwin\Application Data\Adobeum -- EMPTY Directory
C:\Documents and Settings\Irwin\Application Data\Ahead
C:\Documents and Settings\Irwin\Application Data\Azureus
C:\Documents and Settings\Irwin\Application Data\Datalayer
C:\Documents and Settings\Irwin\Application Data\Drivesavesupport -- EMPTY Directory
C:\Documents and Settings\Irwin\Application Data\Google
C:\Documents and Settings\Irwin\Application Data\Identities
C:\Documents and Settings\Irwin\Application Data\Idle Enc Hold
C:\Documents and Settings\Irwin\Application Data\Intervideo
C:\Documents and Settings\Irwin\Application Data\Jasc
C:\Documents and Settings\Irwin\Application Data\Jasc Software Inc
C:\Documents and Settings\Irwin\Application Data\Lavasoft
C:\Documents and Settings\Irwin\Application Data\Leadertech
C:\Documents and Settings\Irwin\Application Data\Locktime
C:\Documents and Settings\Irwin\Application Data\Macromedia
C:\Documents and Settings\Irwin\Application Data\Media Player Classic
C:\Documents and Settings\Irwin\Application Data\Microsoft
C:\Documents and Settings\Irwin\Application Data\Mozilla
C:\Documents and Settings\Irwin\Application Data\Nokia
C:\Documents and Settings\Irwin\Application Data\Opera
C:\Documents and Settings\Irwin\Application Data\Pc Suite
C:\Documents and Settings\Irwin\Application Data\Real
C:\Documents and Settings\Irwin\Application Data\Screenshot Sender
C:\Documents and Settings\Irwin\Application Data\Seven Zip
C:\Documents and Settings\Irwin\Application Data\Soliddocuments
C:\Documents and Settings\Irwin\Application Data\Sun
C:\Documents and Settings\Irwin\Application Data\Thq -- EMPTY Directory
C:\Documents and Settings\Irwin\Application Data\Utorrent
C:\Documents and Settings\Järjestelmänvalvoja\Application Data\Microsoft
C:\Documents and Settings\Järjestelmänvalvoja.your-05e275d928\Application Data\Identities
C:\Documents and Settings\Järjestelmänvalvoja.your-05e275d928\Application Data\Microsoft
C:\Documents and Settings\Lkp\Application Data\Adobe
C:\Documents and Settings\Lkp\Application Data\Adobeum -- EMPTY Directory
C:\Documents and Settings\Lkp\Application Data\Ahead
C:\Documents and Settings\Lkp\Application Data\Identities
C:\Documents and Settings\Lkp\Application Data\Locktime
C:\Documents and Settings\Lkp\Application Data\Macromedia
C:\Documents and Settings\Lkp\Application Data\Microsoft
C:\Documents and Settings\Lkp\Application Data\Opera
C:\Documents and Settings\Lkp\Application Data\Pc Suite
C:\Documents and Settings\Lkp\Application Data\Real
C:\Documents and Settings\Localservice\Application Data\Avg7 -- EMPTY Directory
C:\Documents and Settings\Localservice\Application Data\Microsoft
C:\Documents and Settings\Localservice\Application Data\Opera
C:\Documents and Settings\Networkservice\Application Data\Microsoft
C:\Documents and Settings\Timo\Application Data\Adobe
C:\Documents and Settings\Timo\Application Data\Adobeum
C:\Documents and Settings\Timo\Application Data\Ahead
C:\Documents and Settings\Timo\Application Data\Apple Computer
C:\Documents and Settings\Timo\Application Data\Avg7
C:\Documents and Settings\Timo\Application Data\Drivesavesupport
C:\Documents and Settings\Timo\Application Data\Gearbox Software -- EMPTY Directory
C:\Documents and Settings\Timo\Application Data\Help -- EMPTY Directory
C:\Documents and Settings\Timo\Application Data\Identities
C:\Documents and Settings\Timo\Application Data\Idle Enc Hold
C:\Documents and Settings\Timo\Application Data\Intertrust
C:\Documents and Settings\Timo\Application Data\Intervideo
C:\Documents and Settings\Timo\Application Data\Jasc
C:\Documents and Settings\Timo\Application Data\Jasc Software Inc
C:\Documents and Settings\Timo\Application Data\Lavasoft -- EMPTY Directory
C:\Documents and Settings\Timo\Application Data\Locktime
C:\Documents and Settings\Timo\Application Data\Macromedia
C:\Documents and Settings\Timo\Application Data\Media Player Classic
C:\Documents and Settings\Timo\Application Data\Microsoft
C:\Documents and Settings\Timo\Application Data\Neo-modus.com
C:\Documents and Settings\Timo\Application Data\Nokia
C:\Documents and Settings\Timo\Application Data\Opera
C:\Documents and Settings\Timo\Application Data\Real
C:\Documents and Settings\Timo\Application Data\Registry Cleaner
C:\Documents and Settings\Timo\Application Data\Template

---------------------------------------------------------
ewido anti-spyware - Scan Report
---------------------------------------------------------

+ Created at: 16:35:06 21.9.2006

+ Scan result:



C:\Documents and Settings\Timo\Local Settings\Temp\res4FF.tmp -> Adware.180Solutions : No action taken.
C:\Program Files\Sunbelt Software\CounterSpy Client\Quarantine\9BD67DDB-BFF2-4F4E-8AF3-D95110\B5F86905-8A21-401F-A95F-56BF0B -> Adware.180Solutions : No action taken.
HKLM\SOFTWARE\Classes\CLSID\{364B6276-C6C1-40B6-A6D7-6C48871FD707} -> Adware.Accoona : No action taken.
HKU\S-1-5-21-3087776527-443516791-1341135687-1009\Software\Microsoft\Internet Explorer\URLSearchHooks\{944864A5-3916-46E2-96A9-A2E84F3F1208} -> Adware.Accoona : No action taken.
HKU\S-1-5-21-3087776527-443516791-1341135687-1009\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{364B6276-C6C1-40B6-A6D7-6C48871FD707} -> Adware.Accoona : No action taken.
HKU\S-1-5-21-3087776527-443516791-1341135687-1009\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{944864A5-3916-46E2-96A9-A2E84F3F1208} -> Adware.Accoona : No action taken.
C:\Program Files\Sunbelt Software\CounterSpy Client\Quarantine\03344F25-8462-440B-BE6D-5ED55F\C11967F5-1848-41E6-9BBB-12094D/asm.exe -> Adware.Altnet : No action taken.
C:\Program Files\Sunbelt Software\CounterSpy Client\Quarantine\03344F25-8462-440B-BE6D-5ED55F\C11967F5-1848-41E6-9BBB-12094D/asmps.dll -> Adware.Altnet : No action taken.
HKLM\SOFTWARE\Altnet -> Adware.Altnet : No action taken.
HKLM\SOFTWARE\Altnet\Dashboard -> Adware.Altnet : No action taken.
HKLM\SOFTWARE\Altnet\Dashboard\Messages -> Adware.Altnet : No action taken.
C:\Program Files\Sunbelt Software\CounterSpy Client\Quarantine\40EE1A30-CAF8-42C2-A786-B8A7CE\4BB2BABD-3C29-47C5-B875-38C2AC -> Adware.EZula : No action taken.
C:\Program Files\Sunbelt Software\CounterSpy Client\Quarantine\40EE1A30-CAF8-42C2-A786-B8A7CE\BD754406-D295-4C60-922D-186C4F -> Adware.EZula : No action taken.
C:\WINDOWS\iLookup -> Adware.eZula : No action taken.
C:\Program Files\Common Files\jddanppr\hbretett\nptfpepn.exe -> Adware.Gator : No action taken.
C:\Program Files\Common Files\jddanppr\janerndpjh\ertdpfrbc.exe -> Adware.Gator : No action taken.
C:\Program Files\C2Media\SETUP.0XE -> Adware.Lop : No action taken.
C:\Program Files\Sunbelt Software\CounterSpy Client\Quarantine\12134538-A8D5-4FC8-9390-D2E9B2\49C42B19-424C-4CCE-A49A-210E60.0 -> Adware.Lop : No action taken.
C:\Program Files\Sunbelt Software\CounterSpy Client\Quarantine\6715E915-2B88-4405-B7CC-7B222B\87935228-C8B3-45D8-BCA0-EE75F9.0 -> Adware.Lop : No action taken.
C:\Program Files\Sunbelt Software\CounterSpy Client\Quarantine\9E460D58-590C-4A1B-8749-5CCB86\18770541-47FB-482E-A108-9ACAD7.0 -> Adware.Lop : No action taken.
C:\Program Files\Sunbelt Software\CounterSpy Client\Quarantine\E69BEAAB-9F69-462F-96E3-1D4192\F60DC123-E01B-48FF-B53B-2078AB.0 -> Adware.Lop : No action taken.
C:\Program Files\Sunbelt Software\CounterSpy Client\Quarantine\348550F1-6157-4421-99A7-BEF462\3965FDBC-F734-49C4-A900-5602AE -> Adware.NavExcel : No action taken.
C:\Program Files\Sunbelt Software\CounterSpy Client\Quarantine\348550F1-6157-4421-99A7-BEF462\D92D6155-CB1B-4238-92C4-464BCD -> Adware.NavExcel : No action taken.
C:\Documents and Settings\irwin\Työpöytä\NNuninstall.exe -> Adware.NewDotNet : No action taken.
C:\Program Files\Sunbelt Software\CounterSpy Client\Quarantine\D9077A71-8592-493F-81CA-2702C2\06234DF2-33EA-4954-952E-85F893 -> Adware.NewDotNet : No action taken.
C:\Program Files\Sunbelt Software\CounterSpy Client\Quarantine\D9077A71-8592-493F-81CA-2702C2\3B2697BF-7647-479F-B03F-10BA97 -> Adware.NewDotNet : No action taken.
C:\WINDOWS\NDNuninstall6_38.exe -> Adware.NewDotNet : No action taken.
C:\WINDOWS\NDNuninstall7_22.exe -> Adware.NewDotNet : No action taken.
HKU\.DEFAULT\Software\New.net -> Adware.NewDotNet : No action taken.
HKU\S-1-5-18\Software\New.net -> Adware.NewDotNet : No action taken.
HKU\S-1-5-21-3087776527-443516791-1341135687-1009\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{4A2AACF3-ADF6-11D5-98A9-00E018981B9E} -> Adware.NewDotNet : No action taken.
C:\Documents and Settings\Timo\Local Settings\Temp\9A8RAIA4.dll -> Adware.Sahat : No action taken.
C:\Documents and Settings\Timo\Local Settings\Temp\9UF0N2SB.dll -> Adware.Sahat : No action taken.
C:\Documents and Settings\Timo\Local Settings\Temp\sahagent.exe -> Adware.Sahat : No action taken.
C:\temp\bundle_cdt1006.exe -> Adware.Sahat : No action taken.
C:\Program Files\DAEMON Tools\SetupDTSB.exe -> Adware.SaveNow : No action taken.
C:\Program Files\MyEmoticons\VVSNI_S3_MYEM_Inst.exe -> Adware.SaveNow : No action taken.
C:\Program Files\MyEmoticons\VVSNInst.exe -> Adware.SaveNow : No action taken.
C:\Program Files\Save -> Adware.SaveNow : No action taken.
C:\Program Files\Save\SaveNowupdate.exe -> Adware.SaveNow : No action taken.
HKLM\SOFTWARE\Classes\WUSE.1 -> Adware.SaveNow : No action taken.
HKLM\SOFTWARE\Classes\WUSN.1 -> Adware.SaveNow : No action taken.
HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\ins -> Adware.WebRebates : No action taken.
C:\Documents and Settings\Timo\Local Settings\Temp\RarSFX0\10a.exe -> Adware.WinAD : No action taken.
C:\Documents and Settings\Timo\Local Settings\Temp\RarSFX1\10a.exe -> Adware.WinAD : No action taken.
C:\Documents and Settings\Timo\Local Settings\Temp\RarSFX2\10a.exe -> Adware.WinAD : No action taken.
C:\Documents and Settings\Timo\Local Settings\Temp\RarSFX3\10a.exe -> Adware.WinAD : No action taken.
C:\Documents and Settings\Timo\Local Settings\Temp\RarSFX4\10a.exe -> Adware.WinAD : No action taken.
C:\Documents and Settings\Timo\Local Settings\Temp\RarSFX5\10a.exe -> Adware.WinAD : No action taken.
C:\Documents and Settings\Timo\Local Settings\Temp\RarSFX7\10a.exe -> Adware.WinAD : No action taken.
C:\temp\MediaGateway.exe -> Adware.WinAD : No action taken.
C:\Documents and Settings\All Users\Tiedostot\install.0xe -> Backdoor.Robobot.ap : No action taken.
HKU\S-1-5-21-3087776527-443516791-1341135687-1009\Software\Coulomb -> Dialer.Generic : No action taken.
HKU\S-1-5-21-3087776527-443516791-1341135687-1009\Software\Coulomb\Porn Turbo -> Dialer.Generic : No action taken.
C:\temp\OPTIMIZE.1XE -> Downloader.Dyfuca.ei : No action taken.
C:\temp\optimize.0xe -> Downloader.Dyfuca.ei : No action taken.
C:\Documents and Settings\Timo\Local Settings\Temp\ISTBARCM.0LL -> Downloader.IstBar.kg : No action taken.
C:\Documents and Settings\Timo\Local Settings\Temp\RarSFX2\5A.0XE -> Downloader.IstBar.ld : No action taken.
C:\Documents and Settings\Timo\Local Settings\Temp\RarSFX3\5A.0XE -> Downloader.IstBar.ld : No action taken.
C:\Documents and Settings\Timo\Local Settings\Temp\RarSFX4\5A.0XE -> Downloader.IstBar.ld : No action taken.
C:\Documents and Settings\Timo\Local Settings\Temp\RarSFX5\5A.0XE -> Downloader.IstBar.ld : No action taken.
C:\Documents and Settings\Timo\Local Settings\Temp\jfghjfgudk.0xe -> Downloader.IstBar.lf : No action taken.
C:\WINDOWS\iNetPal\EZThemes_If245Om1.0xe -> Dropper.Agent.pd : No action taken.
C:\Documents and Settings\LKP\Local Settings\Temporary Internet Files\Content.IE5\K4WJ809K\protector[1].0xe -> Hijacker.StartPage.nk : No action taken.
C:\WINDOWS\PROTECTOR.0XE -> Hijacker.StartPage.nk : No action taken.
C:\WINDOWS\system32\csrss_log.dat -> Hijacker.StartPage.nk : No action taken.
C:\WINDOWS\system32\keybhookpro.dll -> Not-A-Virus.Monitor.Win32.Hooker.d : No action taken.
C:\Documents and Settings\irwin\Omat tiedostot\My Downloads\Warelex.Mobiola.WebCam.USB.v1.00.S60.SymbianOS.Cracked-BiNPDA.rar/Warelex.Mobiola.WebCam.USB.v1.00.S60.SymbianOS.Cracked-BiNPDA\Loader.exe -> Not-A-Virus.VirTool.Win32.Patcher.a : No action taken.
:mozilla.28:C:\Documents and Settings\irwin\Application Data\Mozilla\Firefox\Profiles\cvfwdgcy.tp\cookies.txt -> TrackingCookie.2o7 : No action taken.
:mozilla.29:C:\Documents and Settings\irwin\Application Data\Mozilla\Firefox\Profiles\cvfwdgcy.tp\cookies.txt -> TrackingCookie.2o7 : No action taken.
C:\Documents and Settings\irwin\Cookies\irwin@msnportal.112.2o7[1].txt -> TrackingCookie.2o7 : No action taken.
C:\Documents and Settings\irwin\Cookies\irwin@partygaming.122.2o7[1].txt -> TrackingCookie.2o7 : No action taken.
:mozilla.20:C:\Documents and Settings\irwin\Application Data\Mozilla\Firefox\Profiles\0qb05bcx.default\cookies.txt -> TrackingCookie.Adserver : No action taken.
:mozilla.21:C:\Documents and Settings\irwin\Application Data\Mozilla\Firefox\Profiles\0qb05bcx.default\cookies.txt -> TrackingCookie.Adserver : No action taken.
:mozilla.22:C:\Documents and Settings\irwin\Application Data\Mozilla\Firefox\Profiles\0qb05bcx.default\cookies.txt -> TrackingCookie.Adserver : No action taken.
C:\Documents and Settings\LKP\Cookies\lkp@z1.adserver[1].txt -> TrackingCookie.Adserver : No action taken.
:mozilla.51:C:\Documents and Settings\irwin\Application Data\Mozilla\Firefox\Profiles\cvfwdgcy.tp\cookies.txt -> TrackingCookie.Adtech : No action taken.
:mozilla.53:C:\Documents and Settings\irwin\Application Data\Mozilla\Firefox\Profiles\cvfwdgcy.tp\cookies.txt -> TrackingCookie.Adtech : No action taken.
:mozilla.79:C:\Documents and Settings\irwin\Application Data\Mozilla\Firefox\Profiles\cvfwdgcy.tp\cookies.txt -> TrackingCookie.Advertising : No action taken.
:mozilla.80:C:\Documents and Settings\irwin\Application Data\Mozilla\Firefox\Profiles\cvfwdgcy.tp\cookies.txt -> TrackingCookie.Advertising : No action taken.
:mozilla.81:C:\Documents and Settings\irwin\Application Data\Mozilla\Firefox\Profiles\cvfwdgcy.tp\cookies.txt -> TrackingCookie.Advertising : No action taken.
:mozilla.82:C:\Documents and Settings\irwin\Application Data\Mozilla\Firefox\Profiles\cvfwdgcy.tp\cookies.txt -> TrackingCookie.Advertising : No action taken.
:mozilla.23:C:\Documents and Settings\irwin\Application Data\Mozilla\Firefox\Profiles\0qb05bcx.default\cookies.txt -> TrackingCookie.Atdmt : No action taken.
:mozilla.33:C:\Documents and Settings\irwin\Application Data\Mozilla\Firefox\Profiles\cvfwdgcy.tp\cookies.txt -> TrackingCookie.Atdmt : No action taken.
:mozilla.383:C:\Documents and Settings\irwin\Application Data\Mozilla\Firefox\Profiles\cvfwdgcy.tp\cookies.txt -> TrackingCookie.Bfast : No action taken.
:mozilla.243:C:\Documents and Settings\irwin\Application Data\Mozilla\Firefox\Profiles\cvfwdgcy.tp\cookies.txt -> TrackingCookie.Bluestreak : No action taken.
:mozilla.188:C:\Documents and Settings\irwin\Application Data\Mozilla\Firefox\Profiles\cvfwdgcy.tp\cookies.txt -> TrackingCookie.Casalemedia : No action taken.
:mozilla.31:C:\Documents and Settings\irwin\Application Data\Mozilla\Firefox\Profiles\0qb05bcx.default\cookies.txt -> TrackingCookie.Casalemedia : No action taken.
:mozilla.32:C:\Documents and Settings\irwin\Application Data\Mozilla\Firefox\Profiles\0qb05bcx.default\cookies.txt -> TrackingCookie.Casalemedia : No action taken.
:mozilla.33:C:\Documents and Settings\irwin\Application Data\Mozilla\Firefox\Profiles\0qb05bcx.default\cookies.txt -> TrackingCookie.Casalemedia : No action taken.
:mozilla.34:C:\Documents and Settings\irwin\Application Data\Mozilla\Firefox\Profiles\0qb05bcx.default\cookies.txt -> TrackingCookie.Casalemedia : No action taken.
:mozilla.229:C:\Documents and Settings\irwin\Application Data\Mozilla\Firefox\Profiles\cvfwdgcy.tp\cookies.txt -> TrackingCookie.Clickzs : No action taken.
:mozilla.230:C:\Documents and Settings\irwin\Application Data\Mozilla\Firefox\Profiles\cvfwdgcy.tp\cookies.txt -> TrackingCookie.Clickzs : No action taken.
:mozilla.231:C:\Documents and Settings\irwin\Application Data\Mozilla\Firefox\Profiles\cvfwdgcy.tp\cookies.txt -> TrackingCookie.Clickzs : No action taken.
:mozilla.232:C:\Documents and Settings\irwin\Application Data\Mozilla\Firefox\Profiles\cvfwdgcy.tp\cookies.txt -> TrackingCookie.Clickzs : No action taken.
:mozilla.183:C:\Documents and Settings\irwin\Application Data\Mozilla\Firefox\Profiles\cvfwdgcy.tp\cookies.txt -> TrackingCookie.Com : No action taken.
C:\Documents and Settings\irwin\Cookies\irwin@com[1].txt -> TrackingCookie.Com : No action taken.
:mozilla.10:C:\Documents and Settings\irwin\Application Data\Mozilla\Firefox\Profiles\0qb05bcx.default\cookies.txt -> TrackingCookie.Doubleclick : No action taken.
:mozilla.7:C:\Documents and Settings\irwin\Application Data\Mozilla\Firefox\Profiles\cvfwdgcy.tp\cookies.txt -> TrackingCookie.Doubleclick : No action taken.
C:\Documents and Settings\Timo\Cookies\timo@doubleclick[1].txt -> TrackingCookie.Doubleclick : No action taken.
:mozilla.419:C:\Documents and Settings\irwin\Application Data\Mozilla\Firefox\Profiles\cvfwdgcy.tp\cookies.txt -> TrackingCookie.Estat : No action taken.
:mozilla.200:C:\Documents and Settings\irwin\Application Data\Mozilla\Firefox\Profiles\cvfwdgcy.tp\cookies.txt -> TrackingCookie.Falkag : No action taken.
:mozilla.11:C:\Documents and Settings\irwin\Application Data\Mozilla\Firefox\Profiles\0qb05bcx.default\cookies.txt -> TrackingCookie.Fastclick : No action taken.
:mozilla.12:C:\Documents and Settings\irwin\Application Data\Mozilla\Firefox\Profiles\0qb05bcx.default\cookies.txt -> TrackingCookie.Fastclick : No action taken.
:mozilla.13:C:\Documents and Settings\irwin\Application Data\Mozilla\Firefox\Profiles\0qb05bcx.default\cookies.txt -> TrackingCookie.Fastclick : No action taken.
:mozilla.14:C:\Documents and Settings\irwin\Application Data\Mozilla\Firefox\Profiles\0qb05bcx.default\cookies.txt -> TrackingCookie.Fastclick : No action taken.
:mozilla.15:C:\Documents and Settings\irwin\Application Data\Mozilla\Firefox\Profiles\0qb05bcx.default\cookies.txt -> TrackingCookie.Fastclick : No action taken.
:mozilla.16:C:\Documents and Settings\irwin\Application Data\Mozilla\Firefox\Profiles\0qb05bcx.default\cookies.txt -> TrackingCookie.Fastclick : No action taken.
:mozilla.64:C:\Documents and Settings\irwin\Application Data\Mozilla\Firefox\Profiles\cvfwdgcy.tp\cookies.txt -> TrackingCookie.Fastclick : No action taken.
:mozilla.65:C:\Documents and Settings\irwin\Application Data\Mozilla\Firefox\Profiles\cvfwdgcy.tp\cookies.txt -> TrackingCookie.Fastclick : No action taken.
:mozilla.8:C:\Documents and Settings\irwin\Application Data\Mozilla\Firefox\Profiles\0qb05bcx.default\cookies.txt -> TrackingCookie.Googleadservices : No action taken.
:mozilla.141:C:\Documents and Settings\irwin\Application Data\Mozilla\Firefox\Profiles\cvfwdgcy.tp\cookies.txt -> TrackingCookie.Hitbox : No action taken.
:mozilla.199:C:\Documents and Settings\irwin\Application Data\Mozilla\Firefox\Profiles\cvfwdgcy.tp\cookies.txt -> TrackingCookie.Hitbox : No action taken.
:mozilla.215:C:\Documents and Settings\irwin\Application Data\Mozilla\Firefox\Profiles\cvfwdgcy.tp\cookies.txt -> TrackingCookie.Hitbox : No action taken.
:mozilla.216:C:\Documents and Settings\irwin\Application Data\Mozilla\Firefox\Profiles\cvfwdgcy.tp\cookies.txt -> TrackingCookie.Hitbox : No action taken.
:mozilla.217:C:\Documents and Settings\irwin\Application Data\Mozilla\Firefox\Profiles\cvfwdgcy.tp\cookies.txt -> TrackingCookie.Hitbox : No action taken.
:mozilla.267:C:\Documents and Settings\irwin\Application Data\Mozilla\Firefox\Profiles\cvfwdgcy.tp\cookies.txt -> TrackingCookie.Hitbox : No action taken.
:mozilla.269:C:\Documents and Settings\irwin\Application Data\Mozilla\Firefox\Profiles\cvfwdgcy.tp\cookies.txt -> TrackingCookie.Hitbox : No action taken.
:mozilla.297:C:\Documents and Settings\irwin\Application Data\Mozilla\Firefox\Profiles\cvfwdgcy.tp\cookies.txt -> TrackingCookie.Hitbox : No action taken.
:mozilla.423:C:\Documents and Settings\irwin\Application Data\Mozilla\Firefox\Profiles\cvfwdgcy.tp\cookies.txt -> TrackingCookie.Hitbox : No action taken.
:mozilla.424:C:\Documents and Settings\irwin\Application Data\Mozilla\Firefox\Profiles\cvfwdgcy.tp\cookies.txt -> TrackingCookie.Hitbox : No action taken.
:mozilla.425:C:\Documents and Settings\irwin\Application Data\Mozilla\Firefox\Profiles\cvfwdgcy.tp\cookies.txt -> TrackingCookie.Hitbox : No action taken.
:mozilla.444:C:\Documents and Settings\irwin\Application Data\Mozilla\Firefox\Profiles\cvfwdgcy.tp\cookies.txt -> TrackingCookie.Hitslink : No action taken.
:mozilla.445:C:\Documents and Settings\irwin\Application Data\Mozilla\Firefox\Profiles\cvfwdgcy.tp\cookies.txt -> TrackingCookie.Hitslink : No action taken.
:mozilla.446:C:\Documents and Settings\irwin\Application Data\Mozilla\Firefox\Profiles\cvfwdgcy.tp\cookies.txt -> TrackingCookie.Hitslink : No action taken.
:mozilla.447:C:\Documents and Settings\irwin\Application Data\Mozilla\Firefox\Profiles\cvfwdgcy.tp\cookies.txt -> TrackingCookie.Hitslink : No action taken.
:mozilla.372:C:\Documents and Settings\irwin\Application Data\Mozilla\Firefox\Profiles\cvfwdgcy.tp\cookies.txt -> TrackingCookie.Ivwbox : No action taken.
C:\Documents and Settings\irwin\Cookies\irwin@ivwbox[1].txt -> TrackingCookie.Ivwbox : No action taken.
C:\Documents and Settings\irwin\Cookies\irwin@kmpads[1].txt -> TrackingCookie.Kmpads : No action taken.
:mozilla.362:C:\Documents and Settings\irwin\Application Data\Mozilla\Firefox\Profiles\cvfwdgcy.tp\cookies.txt -> TrackingCookie.Linksynergy : No action taken.
:mozilla.363:C:\Documents and Settings\irwin\Application Data\Mozilla\Firefox\Profiles\cvfwdgcy.tp\cookies.txt -> TrackingCookie.Linksynergy : No action taken.
C:\Documents and Settings\LKP\Cookies\lkp@images.lop[1].txt -> TrackingCookie.Lop : No action taken.
C:\Documents and Settings\LKP\Cookies\lkp@www.lop[1].txt -> TrackingCookie.Lop : No action taken.
:mozilla.228:C:\Documents and Settings\irwin\Application Data\Mozilla\Firefox\Profiles\cvfwdgcy.tp\cookies.txt -> TrackingCookie.Masterstats : No action taken.
:mozilla.32:C:\Documents and Settings\irwin\Application Data\Mozilla\Firefox\Profiles\cvfwdgcy.tp\cookies.txt -> TrackingCookie.Mediaplex : No action taken.
C:\Documents and Settings\Timo\Cookies\timo@need2find[2].txt -> TrackingCookie.Need2find : No action taken.
:mozilla.30:C:\Documents and Settings\irwin\Application Data\Mozilla\Firefox\Profiles\cvfwdgcy.tp\cookies.txt -> TrackingCookie.Overture : No action taken.
:mozilla.31:C:\Documents and Settings\irwin\Application Data\Mozilla\Firefox\Profiles\cvfwdgcy.tp\cookies.txt -> TrackingCookie.Overture : No action taken.
:mozilla.394:C:\Documents and Settings\irwin\Application Data\Mozilla\Firefox\Profiles\cvfwdgcy.tp\cookies.txt -> TrackingCookie.Overture : No action taken.
C:\Documents and Settings\irwin\Cookies\irwin@data2.perf.overture[2].txt -> TrackingCookie.Overture : No action taken.
:mozilla.34:C:\Documents and Settings\irwin\Application Data\Mozilla\Firefox\Profiles\cvfwdgcy.tp\cookies.txt -> TrackingCookie.Pointroll : No action taken.
:mozilla.35:C:\Documents and Settings\irwin\Application Data\Mozilla\Firefox\Profiles\cvfwdgcy.tp\cookies.txt -> TrackingCookie.Pointroll : No action taken.
:mozilla.36:C:\Documents and Settings\irwin\Application Data\Mozilla\Firefox\Profiles\cvfwdgcy.tp\cookies.txt -> TrackingCookie.Pointroll : No action taken.
:mozilla.37:C:\Documents and Settings\irwin\Application Data\Mozilla\Firefox\Profiles\cvfwdgcy.tp\cookies.txt -> TrackingCookie.Pointroll : No action taken.
:mozilla.38:C:\Documents and Settings\irwin\Application Data\Mozilla\Firefox\Profiles\cvfwdgcy.tp\cookies.txt -> TrackingCookie.Pointroll : No action taken.
:mozilla.43:C:\Documents and Settings\irwin\Application Data\Mozilla\Firefox\Profiles\0qb05bcx.default\cookies.txt -> TrackingCookie.Pointroll : No action taken.
:mozilla.44:C:\Documents and Settings\irwin\Application Data\Mozilla\Firefox\Profiles\0qb05bcx.default\cookies.txt -> TrackingCookie.Pointroll : No action taken.
:mozilla.45:C:\Documents and Settings\irwin\Application Data\Mozilla\Firefox\Profiles\0qb05bcx.default\cookies.txt -> TrackingCookie.Pointroll : No action taken.
:mozilla.46:C:\Documents and Settings\irwin\Application Data\Mozilla\Firefox\Profiles\0qb05bcx.default\cookies.txt -> TrackingCookie.Pointroll : No action taken.
:mozilla.202:C:\Documents and Settings\irwin\Application Data\Mozilla\Firefox\Profiles\cvfwdgcy.tp\cookies.txt -> TrackingCookie.Pro-market : No action taken.
:mozilla.203:C:\Documents and Settings\irwin\Application Data\Mozilla\Firefox\Profiles\cvfwdgcy.tp\cookies.txt -> TrackingCookie.Pro-market : No action taken.
C:\Documents and Settings\irwin\Cookies\irwin@stats1.reliablestats[1].txt -> TrackingCookie.Reliablestats : No action taken.
:mozilla.150:C:\Documents and Settings\irwin\Application Data\Mozilla\Firefox\Profiles\cvfwdgcy.tp\cookies.txt -> TrackingCookie.Revenue : No action taken.
C:\Documents and Settings\LKP\Cookies\lkp@revenue[2].txt -> TrackingCookie.Revenue : No action taken.
:mozilla.358:C:\Documents and Settings\irwin\Application Data\Mozilla\Firefox\Profiles\cvfwdgcy.tp\cookies.txt -> TrackingCookie.Ru4 : No action taken.
:mozilla.10:C:\Documents and Settings\irwin\Application Data\Mozilla\Firefox\Profiles\cvfwdgcy.tp\cookies.txt -> TrackingCookie.Serving-sys : No action taken.
:mozilla.11:C:\Documents and Settings\irwin\Application Data\Mozilla\Firefox\Profiles\cvfwdgcy.tp\cookies.txt -> TrackingCookie.Serving-sys : No action taken.
:mozilla.12:C:\Documents and Settings\irwin\Application Data\Mozilla\Firefox\Profiles\cvfwdgcy.tp\cookies.txt -> TrackingCookie.Serving-sys : No action taken.
:mozilla.13:C:\Documents and Settings\irwin\Application Data\Mozilla\Firefox\Profiles\cvfwdgcy.tp\cookies.txt -> TrackingCookie.Serving-sys : No action taken.
:mozilla.14:C:\Documents and Settings\irwin\Application Data\Mozilla\Firefox\Profiles\cvfwdgcy.tp\cookies.txt -> TrackingCookie.Serving-sys : No action taken.
:mozilla.9:C:\Documents and Settings\irwin\Application Data\Mozilla\Firefox\Profiles\cvfwdgcy.tp\cookies.txt -> TrackingCookie.Serving-sys : No action taken.
:mozilla.194:C:\Documents and Settings\irwin\Application Data\Mozilla\Firefox\Profiles\cvfwdgcy.tp\cookies.txt -> TrackingCookie.Sexcounter : No action taken.
:mozilla.195:C:\Documents and Settings\irwin\Application Data\Mozilla\Firefox\Profiles\cvfwdgcy.tp\cookies.txt -> TrackingCookie.Sexcounter : No action taken.
:mozilla.196:C:\Documents and Settings\irwin\Application Data\Mozilla\Firefox\Profiles\cvfwdgcy.tp\cookies.txt -> TrackingCookie.Sexcounter : No action taken.
:mozilla.197:C:\Documents and Settings\irwin\Application Data\Mozilla\Firefox\Profiles\cvfwdgcy.tp\cookies.txt -> TrackingCookie.Sexcounter : No action taken.
:mozilla.286:C:\Documents and Settings\irwin\Application Data\Mozilla\Firefox\Profiles\cvfwdgcy.tp\cookies.txt -> TrackingCookie.Spylog : No action taken.
:mozilla.144:C:\Documents and Settings\irwin\Application Data\Mozilla\Firefox\Profiles\cvfwdgcy.tp\cookies.txt -> TrackingCookie.Statcounter : No action taken.
:mozilla.145:C:\Documents and Settings\irwin\Application Data\Mozilla\Firefox\Profiles\cvfwdgcy.tp\cookies.txt -> TrackingCookie.Statcounter : No action taken.
:mozilla.146:C:\Documents and Settings\irwin\Application Data\Mozilla\Firefox\Profiles\cvfwdgcy.tp\cookies.txt -> TrackingCookie.Statcounter : No action taken.
:mozilla.147:C:\Documents and Settings\irwin\Application Data\Mozilla\Firefox\Profiles\cvfwdgcy.tp\cookies.txt -> TrackingCookie.Statcounter : No action taken.
:mozilla.148:C:\Documents and Settings\irwin\Application Data\Mozilla\Firefox\Profiles\cvfwdgcy.tp\cookies.txt -> TrackingCookie.Statcounter : No action taken.
:mozilla.149:C:\Documents and Settings\irwin\Application Data\Mozilla\Firefox\Profiles\cvfwdgcy.tp\cookies.txt -> TrackingCookie.Statcounter : No action taken.
:mozilla.218:C:\Documents and Settings\irwin\Application Data\Mozilla\Firefox\Profiles\cvfwdgcy.tp\cookies.txt -> TrackingCookie.Tacoda : No action taken.
:mozilla.219:C:\Documents and Settings\irwin\Application Data\Mozilla\Firefox\Profiles\cvfwdgcy.tp\cookies.txt -> TrackingCookie.Tacoda : No action taken.
:mozilla.382:C:\Documents and Settings\irwin\Application Data\Mozilla\Firefox\Profiles\cvfwdgcy.tp\cookies.txt -> TrackingCookie.Targetnet : No action taken.
:mozilla.49:C:\Documents and Settings\irwin\Application Data\Mozilla\Firefox\Profiles\cvfwdgcy.tp\cookies.txt -> TrackingCookie.Tradedoubler : No action taken.
:mozilla.50:C:\Documents and Settings\irwin\Application Data\Mozilla\Firefox\Profiles\cvfwdgcy.tp\cookies.txt -> TrackingCookie.Tradedoubler : No action taken.
:mozilla.52:C:\Documents and Settings\irwin\Application Data\Mozilla\Firefox\Profiles\cvfwdgcy.tp\cookies.txt -> TrackingCookie.Tradedoubler : No action taken.
C:\Documents and Settings\irwin\Cookies\irwin@tradedoubler[2].txt -> TrackingCookie.Tradedoubler : No action taken.
:mozilla.273:C:\Documents and Settings\irwin\Application Data\Mozilla\Firefox\Profiles\cvfwdgcy.tp\cookies.txt -> TrackingCookie.Trafficmp : No action taken.
:mozilla.274:C:\Documents and Settings\irwin\Application Data\Mozilla\Firefox\Profiles\cvfwdgcy.tp\cookies.txt -> TrackingCookie.Trafficmp : No action taken.
:mozilla.184:C:\Documents and Settings\irwin\Application Data\Mozilla\Firefox\Profiles\cvfwdgcy.tp\cookies.txt -> TrackingCookie.Tribalfusion : No action taken.
:mozilla.41:C:\Documents and Settings\irwin\Application Data\Mozilla\Firefox\Profiles\0qb05bcx.default\cookies.txt -> TrackingCookie.Tribalfusion : No action taken.
:mozilla.42:C:\Documents and Settings\irwin\Application Data\Mozilla\Firefox\Profiles\0qb05bcx.default\cookies.txt -> TrackingCookie.Tribalfusion : No action taken.
:mozilla.350:C:\Documents and Settings\irwin\Application Data\Mozilla\Firefox\Profiles\cvfwdgcy.tp\cookies.txt -> TrackingCookie.Valueclick : No action taken.
:mozilla.272:C:\Documents and Settings\irwin\Application Data\Mozilla\Firefox\Profiles\cvfwdgcy.tp\cookies.txt -> TrackingCookie.Yadro : No action taken.
C:\Documents and Settings\irwin\Cookies\irwin@yadro[2].txt -> TrackingCookie.Yadro : No action taken.
:mozilla.106:C:\Documents and Settings\irwin\Application Data\Mozilla\Firefox\Profiles\cvfwdgcy.tp\cookies.txt -> TrackingCookie.Yieldmanager : No action taken.
:mozilla.107:C:\Documents and Settings\irwin\Application Data\Mozilla\Firefox\Profiles\cvfwdgcy.tp\cookies.txt -> TrackingCookie.Yieldmanager : No action taken.
:mozilla.108:C:\Documents and Settings\irwin\Application Data\Mozilla\Firefox\Profiles\cvfwdgcy.tp\cookies.txt -> TrackingCookie.Yieldmanager : No action taken.
C:\Documents and Settings\irwin\Cookies\irwin@ad.yieldmanager[1].txt -> TrackingCookie.Yieldmanager : No action taken.
C:\Documents and Settings\irwin\Cookies\irwin@ad.yieldmanager[2].txt -> TrackingCookie.Yieldmanager : No action taken.
C:\Documents and Settings\irwin\Cookies\irwin@ad.yieldmanager[3].txt -> TrackingCookie.Yieldmanager : No action taken.
:mozilla.220:C:\Documents and Settings\irwin\Application Data\Mozilla\Firefox\Profiles\cvfwdgcy.tp\cookies.txt -> TrackingCookie.Zedo : No action taken.
:mozilla.221:C:\Documents and Settings\irwin\Application Data\Mozilla\Firefox\Profiles\cvfwdgcy.tp\cookies.txt -> TrackingCookie.Zedo : No action taken.
C:\Documents and Settings\LKP\Local Settings\Temporary Internet Files\Content.IE5\C0N8TFS9\FINLAND[1].0XE -> Trojan.Dialer.jr : No action taken.
C:\Documents and Settings\LKP\Local Settings\Temporary Internet Files\Content.IE5\ER16B6AO\Finland[1].0xe -> Trojan.Dialer.jr : No action taken.
C:\WINDOWS\Finland.0xe -> Trojan.Dialer.jr : No action taken.
C:\Documents and Settings\LKP\Local Settings\Temp\3735856_3484_588_4572_62.41.tmp1 -> Trojan.EliteBar.a : No action taken.
C:\Documents and Settings\LKP\Local Settings\Temp\65836_304_524_3284_62.41.tmp1 -> Trojan.EliteBar.a : No action taken.
C:\Documents and Settings\Timo\Local Settings\Temp\196734_5840_5512_5868_62.41.tmp1 -> Trojan.EliteBar.a : No action taken.
C:\Documents and Settings\Timo\Local Settings\Temp\2492358_1432_1684_2812_62.41.tmp1 -> Trojan.EliteBar.a : No action taken.
C:\Documents and Settings\Timo\Local Settings\Temp\262434_468_3152_4924_62.41.tmp1 -> Trojan.EliteBar.a : No action taken.
C:\Documents and Settings\Timo\Local Settings\Temp\264236_1428_1736_4620_62.41.tmp1 -> Trojan.EliteBar.a : No action taken.
C:\Documents and Settings\Timo\Local Settings\Temp\327844_4432_5512_5992_62.41.tmp1 -> Trojan.EliteBar.a : No action taken.
C:\Documents and Settings\Timo\Local Settings\Temp\329640_1788_2000_2936_62.41.tmp1 -> Trojan.EliteBar.a : No action taken.
C:\Documents and Settings\Timo\Local Settings\Temp\526256_6084_5512_6116_62.41.tmp1 -> Trojan.EliteBar.a : No action taken.
C:\Documents and Settings\Timo\Local Settings\Temp\591840_1852_196_4092_62.41.tmp1 -> Trojan.EliteBar.a : No action taken.
C:\Documents and Settings\Timo\Local Settings\Temp\921212_5792_196_4352_62.41.tmp1 -> Trojan.EliteBar.a : No action taken.
C:\Documents and Settings\Timo\Local Settings\Temp\RarSFX0\vonner.0xe -> Trojan.EliteBar.a : No action taken.
C:\Documents and Settings\Timo\Local Settings\Temp\RarSFX1\vonner.0xe -> Trojan.EliteBar.a : No action taken.
C:\Documents and Settings\Timo\Local Settings\Temp\RarSFX2\vonner.0xe -> Trojan.EliteBar.a : No action taken.
C:\Documents and Settings\Timo\Local Settings\Temp\RarSFX3\vonner.0xe -> Trojan.EliteBar.a : No action taken.
C:\Documents and Settings\Timo\Local Settings\Temp\RarSFX4\vonner.0xe -> Trojan.EliteBar.a : No action taken.
C:\Documents and Settings\Timo\Local Settings\Temp\RarSFX5\vonner.0xe -> Trojan.EliteBar.a : No action taken.
C:\Documents and Settings\irwin\Local Settings\Temp\1048824_1804_2036_2240_62.41.tmp1 -> Trojan.EliteBar.a : No action taken.
C:\Documents and Settings\irwin\Local Settings\Temp\1310896_1764_2032_3128_62.41.tmp1 -> Trojan.EliteBar.a : No action taken.
C:\Documents and Settings\irwin\Local Settings\Temp\131242_1776_1996_3424_62.41.tmp1 -> Trojan.EliteBar.a : No action taken.
C:\Documents and Settings\irwin\Local Settings\Temp\198266_1772_1988_2372_62.41.tmp1 -> Trojan.EliteBar.a : No action taken.
C:\Documents and Settings\irwin\Local Settings\Temp\198610_3068_1632_3768_62.41.tmp1 -> Trojan.EliteBar.a : No action taken.
C:\Documents and Settings\irwin\Local Settings\Temp\330596_1464_2000_5092_62.41.tmp1 -> Trojan.EliteBar.a : No action taken.
C:\Documents and Settings\irwin\Local Settings\Temp\459072_1768_1960_396_62.41.tmp1 -> Trojan.EliteBar.a : No action taken.
C:\Documents and Settings\irwin\Local Settings\Temp\527034_1760_1960_2772_62.41.tmp1 -> Trojan.EliteBar.a : No action taken.
C:\Documents and Settings\irwin\Local Settings\Temp\65880_344_620_3032_62.41.tmp1 -> Trojan.EliteBar.a : No action taken.
C:\Documents and Settings\irwin\Local Settings\Temp\65886_432_664_3764_62.41.tmp1 -> Trojan.EliteBar.a : No action taken.
C:\Documents and Settings\irwin\Local Settings\Temp\65888_432_664_3124_62.41.tmp1 -> Trojan.EliteBar.a : No action taken.
C:\Documents and Settings\irwin\Local Settings\Temp\65914_388_620_3632_62.41.tmp1 -> Trojan.EliteBar.a : No action taken.
C:\Documents and Settings\irwin\Local Settings\Temp\65926_344_572_3608_62.41.tmp1 -> Trojan.EliteBar.a : No action taken.
C:\Documents and Settings\irwin\Local Settings\Temp\65964_408_636_3028_62.41.tmp1 -> Trojan.EliteBar.a : No action taken.
C:\Documents and Settings\irwin\Local Settings\Temp\65976_428_660_3044_62.41.tmp1 -> Trojan.EliteBar.a : No action taken.
C:\Documents and Settings\irwin\Local Settings\Temp\920382_1768_1960_3136_62.41.tmp1 -> Trojan.EliteBar.a : No action taken.
C:\Documents and Settings\Timo\Local Settings\Temporary Internet Files\Content.IE5\4TEN8ZG9\spreaxzss[1].0xe -> Worm.Kelvir.dr : No action taken.
C:\Documents and Settings\Timo\Local Settings\Temporary Internet Files\Content.IE5\IBWPWHIP\n3[1].0xe -> Worm.Kelvir.dt : No action taken.
C:\Documents and Settings\Timo\Local Settings\Temporary Internet Files\Content.IE5\IBWPWHIP\spreaxzs[1].0xe -> Worm.Kelvir.dt : No action taken.


::Report end

Logfile of HijackThis v1.99.1
Scan saved at 14:15:16, on 21.9.2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Nero\Nero 7\InCD\InCDsrv.exe
C:\Program Files\TGTSoft\StyleXP\StyleXPService.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\F-Secure\BackWeb\7681197\Program\SERVIC~1.EXE
C:\Program Files\ewido anti-spyware 4.0\guard.exe
C:\Program Files\F-Secure\Anti-Virus\fsgk32st.exe
C:\Program Files\F-Secure\Anti-Virus\FSGK32.EXE
C:\Program Files\F-Secure\BackWeb\7681197\Program\BackWeb-7681197.exe
C:\Program Files\F-Secure\Anti-Virus\fssm32.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\slserv.exe
C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\F-Secure\Common\FSMA32.EXE
C:\Program Files\F-Secure\Common\FSMB32.EXE
C:\Program Files\F-Secure\Common\FCH32.EXE
C:\Program Files\F-Secure\Common\FAMEH32.EXE
C:\Program Files\McAfee\McAfee Firewall\CPD.EXE
C:\Program Files\F-Secure\Common\FNRB32.EXE
C:\Program Files\F-Secure\Common\FIH32.EXE
C:\Program Files\F-Secure\Anti-Virus\fsav32.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\McAfee\McAfee Firewall\CPD.EXE
C:\WINDOWS\system32\RunDll32.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Common Files\PCSuite\DataLayer\DataLayer.exe
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
C:\Program Files\McAfee\McAfee Shared Components\Guardian\CMGrdian.exe
C:\WINDOWS\system32\LVCOMSX.EXE
C:\Program Files\Logitech\Video\LogiTray.exe
C:\Program Files\DAEMON Tools\daemon.exe
C:\Program Files\Nero\Nero 7\InCD\InCD.exe
C:\Program Files\System32\svchost.exe
C:\Program Files\Common Files\PCSuite\Services\ServiceLayer.exe
C:\Program Files\Winamp\winampa.exe
C:\PROGRA~1\Nokia\NOKIAP~1\LAUNCH~1.EXE
C:\Program Files\Logitech\G-series Software\LGDCore.exe
C:\Program Files\Logitech\G-series Software\LCDMon.exe
C:\Program Files\WebRebates4\webrebates.exe
C:\Program Files\Razer\Copperhead\razerhid.exe
C:\Program Files\F-Secure\Common\FSM32.EXE
C:\Program Files\ewido anti-spyware 4.0\ewido.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Logitech\G-series Software\Applets\LCDCountdown\LCDCountdown.exe
C:\Program Files\McAfee\McAfee Shared Components\Instant Updater\RuLaunch.exe
C:\Program Files\Logitech\G-series Software\Applets\LCDPop3\LCDPOP3.exe
C:\Program Files\TGTSoft\StyleXP\StyleXP.exe
C:\Program Files\Logitech\G-series Software\Applets\LCDClock.exe
C:\Program Files\CursorXP\CursorXP.exe
C:\Documents and Settings\irwin\Omat tiedostot\okl\Kaikenlaista\G15NetSpeed\G15NetSpeed.exe
C:\Program Files\Common Files\Ahead\lib\NMBgMonitor.exe
C:\Program Files\Logitech\Video\FxSvr2.exe
C:\Program Files\PeerGuardian2\pg2.exe
C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe
C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
C:\Program Files\Razer\Copperhead\razertra.exe
C:\Program Files\DU Super Controler\DUSuperControler.exe
C:\Program Files\Razer\Copperhead\razerofa.exe
C:\Program Files\WinZip\WZQKPICK.EXE
C:\Program Files\DU Super Controler\DUSuperControler.exe
C:\Program Files\Stardock\ObjectDock\ObjectDock.exe
C:\PROGRA~1\COMMON~1\Nokia\MPAPI\MPAPI3s.exe
C:\Program Files\WebRebates4\w11150.exe
C:\Program Files\Opera\Opera.exe
C:\HJT\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Linkit
R3 - URLSearchHook: (no name) - <default> - (no file)
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Accoona Search Assistant - {944864A5-3916-46E2-96A9-A2E84F3F1208} - C:\Program Files\Accoona\ASearchAssist.dll (file missing)
O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [DataLayer] C:\Program Files\Common Files\PCSuite\DataLayer\DataLayer.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [SpySpotter System Defender] C:\Program Files\SpySpotter3\Defender.exe -startup
O4 - HKLM\..\Run: [Microsoft Windows DLL Services Configuration] windir32.exe
O4 - HKLM\..\Run: [McAfee Guardian] "C:\Program Files\McAfee\McAfee Shared Components\Guardian\CMGrdian.exe" /SU
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\system32\LVCOMSX.EXE
O4 - HKLM\..\Run: [LogitechVideoRepair] C:\Program Files\Logitech\Video\ISStart.exe
O4 - HKLM\..\Run: [LogitechVideoTray] C:\Program Files\Logitech\Video\LogiTray.exe
O4 - HKLM\..\Run: [LogonStudio] "C:\Program Files\WinCustomize\LogonStudio\logonstudio.exe" /RANDOM
O4 - HKLM\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [InCD] C:\Program Files\Nero\Nero 7\InCD\InCD.exe
O4 - HKLM\..\Run: [WinService32] C:\Program Files\System32\svchost.exe
O4 - HKLM\..\Run: [BootSkin Startup Jobs] "C:\PROGRA~1\Stardock\WINCUS~1\BootSkin\BootSkin.exe" /StartupJobs
O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe
O4 - HKLM\..\Run: [PCSuiteTrayApplication] C:\PROGRA~1\Nokia\NOKIAP~1\LAUNCH~1.EXE -startup
O4 - HKLM\..\Run: [Launch LGDCore] "C:\Program Files\Logitech\G-series Software\LGDCore.exe" /SHOWHIDE
O4 - HKLM\..\Run: [Launch LCDMon] "C:\Program Files\Logitech\G-series Software\LCDMon.exe"
O4 - HKLM\..\Run: [webrebates] "C:\Program Files\WebRebates4\webrebates.exe"
O4 - HKLM\..\Run: [razer] C:\Program Files\Razer\Copperhead\razerhid.exe
O4 - HKLM\..\Run: [F-Secure Manager] "C:\Program Files\F-Secure\Common\FSM32.EXE" /splash
O4 - HKLM\..\Run: [!ewido] "C:\Program Files\ewido anti-spyware 4.0\ewido.exe" /minimized
O4 - HKLM\..\RunServices: [Microsoft Windows DLL Services Configuration] windir32.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Microsoft Windows DLL Services Configuration] windir32.exe
O4 - HKCU\..\Run: [McAfee.InstantUpdate.Monitor] "C:\Program Files\McAfee\McAfee Shared Components\Instant Updater\RuLaunch.exe" /STARTMONITOR
O4 - HKCU\..\Run: [STYLEXP] C:\Program Files\TGTSoft\StyleXP\StyleXP.exe -Hide
O4 - HKCU\..\Run: [CursorXP] C:\Program Files\CursorXP\CursorXP.exe
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [PeerGuardian] C:\Program Files\PeerGuardian2\pg2.exe
O4 - HKCU\..\Run: [PcSync] C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog
O4 - Startup: DUSuperControler.lnk = C:\Program Files\DU Super Controler\DUSuperControler.exe
O4 - Startup: Stardock ObjectDock.lnk = C:\Program Files\Stardock\ObjectDock\ObjectDock.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: DUSuperControler.lnk = C:\Program Files\DU Super Controler\DUSuperControler.exe
O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE
O8 - Extra context menu item: Vie Microsoft E&xceliin - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Web Rebates. - file://C:\Program Files\WebRebates4\websrebates\webtrebates\toprC0.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: Oheistiedot - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra button: PICgrabber - {4964E240-D53C-11D5-BDA9-444553540000} - C:\Program Files\PICgrabber\PICGRABBER.EXE (HKCU)
O9 - Extra 'Tools' menuitem: PICgrabber - Movie&Image Search/Download Software - {4964E240-D53C-11D5-BDA9-444553540000} - C:\Program Files\PICgrabber\PICGRABBER.EXE (HKCU)
O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab31267.cab
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/SSC/SharedContent/vc/bin/AvSniff.cab
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
O16 - DPF: {9D190AE6-C81E-4039-8061-978EBAD10073} (F-Secure Online Scanner 3.0) - http://support.f-secure.com/ols/fscax.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://messenger.zone.msn.com/binary/ZIntro.cab32846.cab
O16 - DPF: {BD393C14-72AD-4790-A095-76522973D6B8} (CBreakshotControl Class) - http://messenger.zone.msn.com/binary/Bankshot.cab31267.cab
O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/SolitaireShowdown.cab31267.cab
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O23 - Service: AVSync Manager (AvSynMgr) - Unknown owner - C:\Program Files\McAfee\McAfee VirusScan\Avsynmgr.exe (file missing)
O23 - Service: F-Secure BackWeb (BackWeb Client - 7681197) - Unknown owner - C:\PROGRA~1\F-Secure\BackWeb\7681197\Program\SERVIC~1.EXE
O23 - Service: ewido anti-spyware 4.0 guard - Anti-Malware Development a.s. - C:\Program Files\ewido anti-spyware 4.0\guard.exe
O23 - Service: F-Secure BackWeb LAN Access - Unknown owner - C:\Program Files\F-Secure\BackWeb\7681197\Program\fsbwlan.exe
O23 - Service: F-Secure Gatekeeper Handler Starter - F-Secure Corp. - C:\Program Files\F-Secure\Anti-Virus\fsgk32st.exe
O23 - Service: F-Secure Network Request Broker - F-Secure Corporation - C:\Program Files\F-Secure\Common\FNRB32.EXE
O23 - Service: F-Secure Authentication Agent (FSAA) - F-Secure Corporation. All Rights Reserved. - C:\Program Files\F-Secure\Common\FSAA.EXE
O23 - Service: F-Secure Management Agent (FSMA) - F-Secure Corporation - C:\Program Files\F-Secure\Common\FSMA32.EXE
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: InCD Helper (InCDsrv) - Nero AG - C:\Program Files\Nero\Nero 7\InCD\InCDsrv.exe
O23 - Service: McAfee Firewall - Unknown owner - C:\Program Files\McAfee\McAfee Firewall\CPD.EXE" /SERVICE (file missing)
O23 - Service: McShield - Unknown owner - C:\Program Files\Common Files\Network Associates\McShield\Mcshield.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Panda Process Protection Service (PavPrSrv) - Panda Software - C:\Program Files\Common Files\Panda Software\PavShld\pavprsrv.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\Common Files\PCSuite\Services\ServiceLayer.exe
O23 - Service: SmartLinkService (SLService) - - C:\WINDOWS\SYSTEM32\slserv.exe
O23 - Service: StarWind iSCSI Service (StarWindService) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
O23 - Service: StyleXPService - Unknown owner - C:\Program Files\TGTSoft\StyleXP\StyleXPService.exe

 

Tallenna nämä ohjeet tekstitiedostoon tai tulosta nämä, muuten et pääse niihin käsiksi vikasietotilasta

Käynnistä Ewido ja pääikkunassa klikkaa "Realtime protection" (on vihreällä ja lukee "Active") muuttaksesi sen inactiveksi.

lopeta tehtävien hallinnasta (ctrl+alt+delete) seuraavat:
webrebates.exe
w11150.exe

Poista ohjauspaneelista seuraavat:
Accoona
WebRebates4

Lataa Atribunen ATF Cleaner http://www.atribune.org/ccount/click.php?id=1
Ohjeet;
Tupla-klikkaa ATF-Cleaner.exe käynnistääksesi ohjelman.

Main:n alla valitse: Select All
Klikkaa Empty Selected valintaa.

Jos käytät FireFoxia selaimenasi

Klikkaa Firefox yläpuolelta ja valitse: Select All
Klikkaa Empty Selected valintaa.
HUOMIO: Jos haluaisit pitää tallennetut salasanasi, klikkaa No kun se sitä kysyy.

Jos käytät Operaa selaimenasi

Klikkaa Opera yläpuolelta ja valitse: Select All
Klikkaa Empty Selected valintaa taas.
HUOMIO: Jos haluaisit pitää tallennetut salasanasi, klikkaa No kun se sitä kysyy.

Klikkaa Exit päävalikosta sulkeaksesi ohjelman.

Avaa HijackThis, klikkaa do a system scan only, merkkaa nämä rivit. Sitten sulje kaikki muut ikkunat ja paina fix checked.
R3 - URLSearchHook: (no name) - <default> - (no file)
O2 - BHO: Accoona Search Assistant - {944864A5-3916-46E2-96A9-A2E84F3F1208} - C:\Program Files\Accoona\ASearchAssist.dll (file missing)
O4 - HKLM\..\Run: [Microsoft Windows DLL Services Configuration] windir32.exe
O4 - HKLM\..\Run: [webrebates] "C:\Program Files\WebRebates4\webrebates.exe"
O4 - HKLM\..\Run: [WinService32] C:\Program Files\System32\svchost.exe
O4 - HKLM\..\RunServices: [Microsoft Windows DLL Services Configuration] windir32.exe
O4 - HKCU\..\Run: [Microsoft Windows DLL Services Configuration] windir32.exe
O8 - Extra context menu item: Web Rebates. - file://C:\Program Files\WebRebates4\websrebates\webtrebates\toprC0.htm

laita tarvittaessa piilotiedostot näkyviin. ohje==> http://keskustelu.afterdawn.com/thread_view.cfm/248944
mene vikasietotilaan. ohje==>
http://service1.symantec.com/SUPPORT/tsgeninfo.nsf/docid/2001052409420406

poista seuraavat:
C:\Program Files\==>WebRebates4<==
C:\Program Files\==>Accoona<==
C:\Program Files\==>System32\<==

käytä etsi toimintoa ja etsi tuota ==>windir32.exe ja jos löytyy niin poista

skannaa ewidolla.

• Kun vikasietotilassa, käynnistä Ewido Anti-Spyware.
• Klikkaa "Scanner" kuvaketta ikkunan ylälaidassa ja valitse "Scan" välilehti. Sitten klikkaa "Complete System Scan".
• Ewido aloittaa nyt tietokoneen skannaamisen, ole kärsivällinen sillä skannaus vie aikaa.
  
  Kun skannaus on valmis:
  TÄRKEÄÄ : Älä klikkaa "Save Scan Report" ennen kuin klikkaat "Apply all Actions"
• Varmistu, että Set all elements to: näyttää Quarantine (1), jos ei, klikkaa linkkiä ja valitse Quarantine popup-valikosta.
• Sinulta kysytään mitä tehdä jos infektioita löytyi, valitse silloin "Apply all actions"
  
• Sitten klikkaa "Reports" kuvaketta ohjelma yläosasta.
• Klikkaa "Save report as" painiketta ikkunan vasemmassa alalaidassa ja tallenna raportti työpöydälle.
• Sulje ohjelma, käynnistä kone normaalisti ja lähetä Ewidon raportti viestikejuusi.

käynnistä normaali tilaan ja laita piilotiedostot piiloon.

lähetä uusi hjt-loki ja ewidon raportti

 

---------------------------------------------------------
ewido anti-spyware - Scan Report
---------------------------------------------------------

+ Created at: 16:35:06 21.9.2006

+ Scan result:



C:\Documents and Settings\Timo\Local Settings\Temp\res4FF.tmp -> Adware.180Solutions : No action taken.
C:\Program Files\Sunbelt Software\CounterSpy Client\Quarantine\9BD67DDB-BFF2-4F4E-8AF3-D95110\B5F86905-8A21-401F-A95F-56BF0B -> Adware.180Solutions : No action taken.
HKLM\SOFTWARE\Classes\CLSID\{364B6276-C6C1-40B6-A6D7-6C48871FD707} -> Adware.Accoona : No action taken.
HKU\S-1-5-21-3087776527-443516791-1341135687-1009\Software\Microsoft\Internet Explorer\URLSearchHooks\{944864A5-3916-46E2-96A9-A2E84F3F1208} -> Adware.Accoona : No action taken.
HKU\S-1-5-21-3087776527-443516791-1341135687-1009\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{364B6276-C6C1-40B6-A6D7-6C48871FD707} -> Adware.Accoona : No action taken.
HKU\S-1-5-21-3087776527-443516791-1341135687-1009\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{944864A5-3916-46E2-96A9-A2E84F3F1208} -> Adware.Accoona : No action taken.
C:\Program Files\Sunbelt Software\CounterSpy Client\Quarantine\03344F25-8462-440B-BE6D-5ED55F\C11967F5-1848-41E6-9BBB-12094D/asm.exe -> Adware.Altnet : No action taken.
C:\Program Files\Sunbelt Software\CounterSpy Client\Quarantine\03344F25-8462-440B-BE6D-5ED55F\C11967F5-1848-41E6-9BBB-12094D/asmps.dll -> Adware.Altnet : No action taken.
HKLM\SOFTWARE\Altnet -> Adware.Altnet : No action taken.
HKLM\SOFTWARE\Altnet\Dashboard -> Adware.Altnet : No action taken.
HKLM\SOFTWARE\Altnet\Dashboard\Messages -> Adware.Altnet : No action taken.
C:\Program Files\Sunbelt Software\CounterSpy Client\Quarantine\40EE1A30-CAF8-42C2-A786-B8A7CE\4BB2BABD-3C29-47C5-B875-38C2AC -> Adware.EZula : No action taken.
C:\Program Files\Sunbelt Software\CounterSpy Client\Quarantine\40EE1A30-CAF8-42C2-A786-B8A7CE\BD754406-D295-4C60-922D-186C4F -> Adware.EZula : No action taken.
C:\WINDOWS\iLookup -> Adware.eZula : No action taken.
C:\Program Files\Common Files\jddanppr\hbretett\nptfpepn.exe -> Adware.Gator : No action taken.
C:\Program Files\Common Files\jddanppr\janerndpjh\ertdpfrbc.exe -> Adware.Gator : No action taken.
C:\Program Files\C2Media\SETUP.0XE -> Adware.Lop : No action taken.
C:\Program Files\Sunbelt Software\CounterSpy Client\Quarantine\12134538-A8D5-4FC8-9390-D2E9B2\49C42B19-424C-4CCE-A49A-210E60.0 -> Adware.Lop : No action taken.
C:\Program Files\Sunbelt Software\CounterSpy Client\Quarantine\6715E915-2B88-4405-B7CC-7B222B\87935228-C8B3-45D8-BCA0-EE75F9.0 -> Adware.Lop : No action taken.
C:\Program Files\Sunbelt Software\CounterSpy Client\Quarantine\9E460D58-590C-4A1B-8749-5CCB86\18770541-47FB-482E-A108-9ACAD7.0 -> Adware.Lop : No action taken.
C:\Program Files\Sunbelt Software\CounterSpy Client\Quarantine\E69BEAAB-9F69-462F-96E3-1D4192\F60DC123-E01B-48FF-B53B-2078AB.0 -> Adware.Lop : No action taken.
C:\Program Files\Sunbelt Software\CounterSpy Client\Quarantine\348550F1-6157-4421-99A7-BEF462\3965FDBC-F734-49C4-A900-5602AE -> Adware.NavExcel : No action taken.
C:\Program Files\Sunbelt Software\CounterSpy Client\Quarantine\348550F1-6157-4421-99A7-BEF462\D92D6155-CB1B-4238-92C4-464BCD -> Adware.NavExcel : No action taken.
C:\Documents and Settings\irwin\Työpöytä\NNuninstall.exe -> Adware.NewDotNet : No action taken.
C:\Program Files\Sunbelt Software\CounterSpy Client\Quarantine\D9077A71-8592-493F-81CA-2702C2\06234DF2-33EA-4954-952E-85F893 -> Adware.NewDotNet : No action taken.
C:\Program Files\Sunbelt Software\CounterSpy Client\Quarantine\D9077A71-8592-493F-81CA-2702C2\3B2697BF-7647-479F-B03F-10BA97 -> Adware.NewDotNet : No action taken.
C:\WINDOWS\NDNuninstall6_38.exe -> Adware.NewDotNet : No action taken.
C:\WINDOWS\NDNuninstall7_22.exe -> Adware.NewDotNet : No action taken.
HKU\.DEFAULT\Software\New.net -> Adware.NewDotNet : No action taken.
HKU\S-1-5-18\Software\New.net -> Adware.NewDotNet : No action taken.
HKU\S-1-5-21-3087776527-443516791-1341135687-1009\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{4A2AACF3-ADF6-11D5-98A9-00E018981B9E} -> Adware.NewDotNet : No action taken.
C:\Documents and Settings\Timo\Local Settings\Temp\9A8RAIA4.dll -> Adware.Sahat : No action taken.
C:\Documents and Settings\Timo\Local Settings\Temp\9UF0N2SB.dll -> Adware.Sahat : No action taken.
C:\Documents and Settings\Timo\Local Settings\Temp\sahagent.exe -> Adware.Sahat : No action taken.
C:\temp\bundle_cdt1006.exe -> Adware.Sahat : No action taken.
C:\Program Files\DAEMON Tools\SetupDTSB.exe -> Adware.SaveNow : No action taken.
C:\Program Files\MyEmoticons\VVSNI_S3_MYEM_Inst.exe -> Adware.SaveNow : No action taken.
C:\Program Files\MyEmoticons\VVSNInst.exe -> Adware.SaveNow : No action taken.
C:\Program Files\Save -> Adware.SaveNow : No action taken.
C:\Program Files\Save\SaveNowupdate.exe -> Adware.SaveNow : No action taken.
HKLM\SOFTWARE\Classes\WUSE.1 -> Adware.SaveNow : No action taken.
HKLM\SOFTWARE\Classes\WUSN.1 -> Adware.SaveNow : No action taken.
HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\ins -> Adware.WebRebates : No action taken.
C:\Documents and Settings\Timo\Local Settings\Temp\RarSFX0\10a.exe -> Adware.WinAD : No action taken.
C:\Documents and Settings\Timo\Local Settings\Temp\RarSFX1\10a.exe -> Adware.WinAD : No action taken.
C:\Documents and Settings\Timo\Local Settings\Temp\RarSFX2\10a.exe -> Adware.WinAD : No action taken.
C:\Documents and Settings\Timo\Local Settings\Temp\RarSFX3\10a.exe -> Adware.WinAD : No action taken.
C:\Documents and Settings\Timo\Local Settings\Temp\RarSFX4\10a.exe -> Adware.WinAD : No action taken.
C:\Documents and Settings\Timo\Local Settings\Temp\RarSFX5\10a.exe -> Adware.WinAD : No action taken.
C:\Documents and Settings\Timo\Local Settings\Temp\RarSFX7\10a.exe -> Adware.WinAD : No action taken.
C:\temp\MediaGateway.exe -> Adware.WinAD : No action taken.
C:\Documents and Settings\All Users\Tiedostot\install.0xe -> Backdoor.Robobot.ap : No action taken.
HKU\S-1-5-21-3087776527-443516791-1341135687-1009\Software\Coulomb -> Dialer.Generic : No action taken.
HKU\S-1-5-21-3087776527-443516791-1341135687-1009\Software\Coulomb\Porn Turbo -> Dialer.Generic : No action taken.
C:\temp\OPTIMIZE.1XE -> Downloader.Dyfuca.ei : No action taken.
C:\temp\optimize.0xe -> Downloader.Dyfuca.ei : No action taken.
C:\Documents and Settings\Timo\Local Settings\Temp\ISTBARCM.0LL -> Downloader.IstBar.kg : No action taken.
C:\Documents and Settings\Timo\Local Settings\Temp\RarSFX2\5A.0XE -> Downloader.IstBar.ld : No action taken.
C:\Documents and Settings\Timo\Local Settings\Temp\RarSFX3\5A.0XE -> Downloader.IstBar.ld : No action taken.
C:\Documents and Settings\Timo\Local Settings\Temp\RarSFX4\5A.0XE -> Downloader.IstBar.ld : No action taken.
C:\Documents and Settings\Timo\Local Settings\Temp\RarSFX5\5A.0XE -> Downloader.IstBar.ld : No action taken.
C:\Documents and Settings\Timo\Local Settings\Temp\jfghjfgudk.0xe -> Downloader.IstBar.lf : No action taken.
C:\WINDOWS\iNetPal\EZThemes_If245Om1.0xe -> Dropper.Agent.pd : No action taken.
C:\Documents and Settings\LKP\Local Settings\Temporary Internet Files\Content.IE5\K4WJ809K\protector[1].0xe -> Hijacker.StartPage.nk : No action taken.
C:\WINDOWS\PROTECTOR.0XE -> Hijacker.StartPage.nk : No action taken.
C:\WINDOWS\system32\csrss_log.dat -> Hijacker.StartPage.nk : No action taken.
C:\WINDOWS\system32\keybhookpro.dll -> Not-A-Virus.Monitor.Win32.Hooker.d : No action taken.
C:\Documents and Settings\irwin\Omat tiedostot\My Downloads\Warelex.Mobiola.WebCam.USB.v1.00.S60.SymbianOS.Cracked-BiNPDA.rar/Warelex.Mobiola.WebCam.USB.v1.00.S60.SymbianOS.Cracked-BiNPDA\Loader.exe -> Not-A-Virus.VirTool.Win32.Patcher.a : No action taken.
:mozilla.28:C:\Documents and Settings\irwin\Application Data\Mozilla\Firefox\Profiles\cvfwdgcy.tp\cookies.txt -> TrackingCookie.2o7 : No action taken.
:mozilla.29:C:\Documents and Settings\irwin\Application Data\Mozilla\Firefox\Profiles\cvfwdgcy.tp\cookies.txt -> TrackingCookie.2o7 : No action taken.
C:\Documents and Settings\irwin\Cookies\irwin@msnportal.112.2o7[1].txt -> TrackingCookie.2o7 : No action taken.
C:\Documents and Settings\irwin\Cookies\irwin@partygaming.122.2o7[1].txt -> TrackingCookie.2o7 : No action taken.
:mozilla.20:C:\Documents and Settings\irwin\Application Data\Mozilla\Firefox\Profiles\0qb05bcx.default\cookies.txt -> TrackingCookie.Adserver : No action taken.
:mozilla.21:C:\Documents and Settings\irwin\Application Data\Mozilla\Firefox\Profiles\0qb05bcx.default\cookies.txt -> TrackingCookie.Adserver : No action taken.
:mozilla.22:C:\Documents and Settings\irwin\Application Data\Mozilla\Firefox\Profiles\0qb05bcx.default\cookies.txt -> TrackingCookie.Adserver : No action taken.
C:\Documents and Settings\LKP\Cookies\lkp@z1.adserver[1].txt -> TrackingCookie.Adserver : No action taken.
:mozilla.51:C:\Documents and Settings\irwin\Application Data\Mozilla\Firefox\Profiles\cvfwdgcy.tp\cookies.txt -> TrackingCookie.Adtech : No action taken.
:mozilla.53:C:\Documents and Settings\irwin\Application Data\Mozilla\Firefox\Profiles\cvfwdgcy.tp\cookies.txt -> TrackingCookie.Adtech : No action taken.
:mozilla.79:C:\Documents and Settings\irwin\Application Data\Mozilla\Firefox\Profiles\cvfwdgcy.tp\cookies.txt -> TrackingCookie.Advertising : No action taken.
:mozilla.80:C:\Documents and Settings\irwin\Application Data\Mozilla\Firefox\Profiles\cvfwdgcy.tp\cookies.txt -> TrackingCookie.Advertising : No action taken.
:mozilla.81:C:\Documents and Settings\irwin\Application Data\Mozilla\Firefox\Profiles\cvfwdgcy.tp\cookies.txt -> TrackingCookie.Advertising : No action taken.
:mozilla.82:C:\Documents and Settings\irwin\Application Data\Mozilla\Firefox\Profiles\cvfwdgcy.tp\cookies.txt -> TrackingCookie.Advertising : No action taken.
:mozilla.23:C:\Documents and Settings\irwin\Application Data\Mozilla\Firefox\Profiles\0qb05bcx.default\cookies.txt -> TrackingCookie.Atdmt : No action taken.
:mozilla.33:C:\Documents and Settings\irwin\Application Data\Mozilla\Firefox\Profiles\cvfwdgcy.tp\cookies.txt -> TrackingCookie.Atdmt : No action taken.
:mozilla.383:C:\Documents and Settings\irwin\Application Data\Mozilla\Firefox\Profiles\cvfwdgcy.tp\cookies.txt -> TrackingCookie.Bfast : No action taken.
:mozilla.243:C:\Documents and Settings\irwin\Application Data\Mozilla\Firefox\Profiles\cvfwdgcy.tp\cookies.txt -> TrackingCookie.Bluestreak : No action taken.
:mozilla.188:C:\Documents and Settings\irwin\Application Data\Mozilla\Firefox\Profiles\cvfwdgcy.tp\cookies.txt -> TrackingCookie.Casalemedia : No action taken.
:mozilla.31:C:\Documents and Settings\irwin\Application Data\Mozilla\Firefox\Profiles\0qb05bcx.default\cookies.txt -> TrackingCookie.Casalemedia : No action taken.
:mozilla.32:C:\Documents and Settings\irwin\Application Data\Mozilla\Firefox\Profiles\0qb05bcx.default\cookies.txt -> TrackingCookie.Casalemedia : No action taken.
:mozilla.33:C:\Documents and Settings\irwin\Application Data\Mozilla\Firefox\Profiles\0qb05bcx.default\cookies.txt -> TrackingCookie.Casalemedia : No action taken.
:mozilla.34:C:\Documents and Settings\irwin\Application Data\Mozilla\Firefox\Profiles\0qb05bcx.default\cookies.txt -> TrackingCookie.Casalemedia : No action taken.
:mozilla.229:C:\Documents and Settings\irwin\Application Data\Mozilla\Firefox\Profiles\cvfwdgcy.tp\cookies.txt -> TrackingCookie.Clickzs : No action taken.
:mozilla.230:C:\Documents and Settings\irwin\Application Data\Mozilla\Firefox\Profiles\cvfwdgcy.tp\cookies.txt -> TrackingCookie.Clickzs : No action taken.
:mozilla.231:C:\Documents and Settings\irwin\Application Data\Mozilla\Firefox\Profiles\cvfwdgcy.tp\cookies.txt -> TrackingCookie.Clickzs : No action taken.
:mozilla.232:C:\Documents and Settings\irwin\Application Data\Mozilla\Firefox\Profiles\cvfwdgcy.tp\cookies.txt -> TrackingCookie.Clickzs : No action taken.
:mozilla.183:C:\Documents and Settings\irwin\Application Data\Mozilla\Firefox\Profiles\cvfwdgcy.tp\cookies.txt -> TrackingCookie.Com : No action taken.
C:\Documents and Settings\irwin\Cookies\irwin@com[1].txt -> TrackingCookie.Com : No action taken.
:mozilla.10:C:\Documents and Settings\irwin\Application Data\Mozilla\Firefox\Profiles\0qb05bcx.default\cookies.txt -> TrackingCookie.Doubleclick : No action taken.
:mozilla.7:C:\Documents and Settings\irwin\Application Data\Mozilla\Firefox\Profiles\cvfwdgcy.tp\cookies.txt -> TrackingCookie.Doubleclick : No action taken.
C:\Documents and Settings\Timo\Cookies\timo@doubleclick[1].txt -> TrackingCookie.Doubleclick : No action taken.
:mozilla.419:C:\Documents and Settings\irwin\Application Data\Mozilla\Firefox\Profiles\cvfwdgcy.tp\cookies.txt -> TrackingCookie.Estat : No action taken.
:mozilla.200:C:\Documents and Settings\irwin\Application Data\Mozilla\Firefox\Profiles\cvfwdgcy.tp\cookies.txt -> TrackingCookie.Falkag : No action taken.
:mozilla.11:C:\Documents and Settings\irwin\Application Data\Mozilla\Firefox\Profiles\0qb05bcx.default\cookies.txt -> TrackingCookie.Fastclick : No action taken.
:mozilla.12:C:\Documents and Settings\irwin\Application Data\Mozilla\Firefox\Profiles\0qb05bcx.default\cookies.txt -> TrackingCookie.Fastclick : No action taken.
:mozilla.13:C:\Documents and Settings\irwin\Application Data\Mozilla\Firefox\Profiles\0qb05bcx.default\cookies.txt -> TrackingCookie.Fastclick : No action taken.
:mozilla.14:C:\Documents and Settings\irwin\Application Data\Mozilla\Firefox\Profiles\0qb05bcx.default\cookies.txt -> TrackingCookie.Fastclick : No action taken.
:mozilla.15:C:\Documents and Settings\irwin\Application Data\Mozilla\Firefox\Profiles\0qb05bcx.default\cookies.txt -> TrackingCookie.Fastclick : No action taken.
:mozilla.16:C:\Documents and Settings\irwin\Application Data\Mozilla\Firefox\Profiles\0qb05bcx.default\cookies.txt -> TrackingCookie.Fastclick : No action taken.
:mozilla.64:C:\Documents and Settings\irwin\Application Data\Mozilla\Firefox\Profiles\cvfwdgcy.tp\cookies.txt -> TrackingCookie.Fastclick : No action taken.
:mozilla.65:C:\Documents and Settings\irwin\Application Data\Mozilla\Firefox\Profiles\cvfwdgcy.tp\cookies.txt -> TrackingCookie.Fastclick : No action taken.
:mozilla.8:C:\Documents and Settings\irwin\Application Data\Mozilla\Firefox\Profiles\0qb05bcx.default\cookies.txt -> TrackingCookie.Googleadservices : No action taken.
:mozilla.141:C:\Documents and Settings\irwin\Application Data\Mozilla\Firefox\Profiles\cvfwdgcy.tp\cookies.txt -> TrackingCookie.Hitbox : No action taken.
:mozilla.199:C:\Documents and Settings\irwin\Application Data\Mozilla\Firefox\Profiles\cvfwdgcy.tp\cookies.txt -> TrackingCookie.Hitbox : No action taken.
:mozilla.215:C:\Documents and Settings\irwin\Application Data\Mozilla\Firefox\Profiles\cvfwdgcy.tp\cookies.txt -> TrackingCookie.Hitbox : No action taken.
:mozilla.216:C:\Documents and Settings\irwin\Application Data\Mozilla\Firefox\Profiles\cvfwdgcy.tp\cookies.txt -> TrackingCookie.Hitbox : No action taken.
:mozilla.217:C:\Documents and Settings\irwin\Application Data\Mozilla\Firefox\Profiles\cvfwdgcy.tp\cookies.txt -> TrackingCookie.Hitbox : No action taken.
:mozilla.267:C:\Documents and Settings\irwin\Application Data\Mozilla\Firefox\Profiles\cvfwdgcy.tp\cookies.txt -> TrackingCookie.Hitbox : No action taken.
:mozilla.269:C:\Documents and Settings\irwin\Application Data\Mozilla\Firefox\Profiles\cvfwdgcy.tp\cookies.txt -> TrackingCookie.Hitbox : No action taken.
:mozilla.297:C:\Documents and Settings\irwin\Application Data\Mozilla\Firefox\Profiles\cvfwdgcy.tp\cookies.txt -> TrackingCookie.Hitbox : No action taken.
:mozilla.423:C:\Documents and Settings\irwin\Application Data\Mozilla\Firefox\Profiles\cvfwdgcy.tp\cookies.txt -> TrackingCookie.Hitbox : No action taken.
:mozilla.424:C:\Documents and Settings\irwin\Application Data\Mozilla\Firefox\Profiles\cvfwdgcy.tp\cookies.txt -> TrackingCookie.Hitbox : No action taken.
:mozilla.425:C:\Documents and Settings\irwin\Application Data\Mozilla\Firefox\Profiles\cvfwdgcy.tp\cookies.txt -> TrackingCookie.Hitbox : No action taken.
:mozilla.444:C:\Documents and Settings\irwin\Application Data\Mozilla\Firefox\Profiles\cvfwdgcy.tp\cookies.txt -> TrackingCookie.Hitslink : No action taken.
:mozilla.445:C:\Documents and Settings\irwin\Application Data\Mozilla\Firefox\Profiles\cvfwdgcy.tp\cookies.txt -> TrackingCookie.Hitslink : No action taken.
:mozilla.446:C:\Documents and Settings\irwin\Application Data\Mozilla\Firefox\Profiles\cvfwdgcy.tp\cookies.txt -> TrackingCookie.Hitslink : No action taken.
:mozilla.447:C:\Documents and Settings\irwin\Application Data\Mozilla\Firefox\Profiles\cvfwdgcy.tp\cookies.txt -> TrackingCookie.Hitslink : No action taken.
:mozilla.372:C:\Documents and Settings\irwin\Application Data\Mozilla\Firefox\Profiles\cvfwdgcy.tp\cookies.txt -> TrackingCookie.Ivwbox : No action taken.
C:\Documents and Settings\irwin\Cookies\irwin@ivwbox[1].txt -> TrackingCookie.Ivwbox : No action taken.
C:\Documents and Settings\irwin\Cookies\irwin@kmpads[1].txt -> TrackingCookie.Kmpads : No action taken.
:mozilla.362:C:\Documents and Settings\irwin\Application Data\Mozilla\Firefox\Profiles\cvfwdgcy.tp\cookies.txt -> TrackingCookie.Linksynergy : No action taken.
:mozilla.363:C:\Documents and Settings\irwin\Application Data\Mozilla\Firefox\Profiles\cvfwdgcy.tp\cookies.txt -> TrackingCookie.Linksynergy : No action taken.
C:\Documents and Settings\LKP\Cookies\lkp@images.lop[1].txt -> TrackingCookie.Lop : No action taken.
C:\Documents and Settings\LKP\Cookies\lkp@www.lop[1].txt -> TrackingCookie.Lop : No action taken.
:mozilla.228:C:\Documents and Settings\irwin\Application Data\Mozilla\Firefox\Profiles\cvfwdgcy.tp\cookies.txt -> TrackingCookie.Masterstats : No action taken.
:mozilla.32:C:\Documents and Settings\irwin\Application Data\Mozilla\Firefox\Profiles\cvfwdgcy.tp\cookies.txt -> TrackingCookie.Mediaplex : No action taken.
C:\Documents and Settings\Timo\Cookies\timo@need2find[2].txt -> TrackingCookie.Need2find : No action taken.
:mozilla.30:C:\Documents and Settings\irwin\Application Data\Mozilla\Firefox\Profiles\cvfwdgcy.tp\cookies.txt -> TrackingCookie.Overture : No action taken.
:mozilla.31:C:\Documents and Settings\irwin\Application Data\Mozilla\Firefox\Profiles\cvfwdgcy.tp\cookies.txt -> TrackingCookie.Overture : No action taken.
:mozilla.394:C:\Documents and Settings\irwin\Application Data\Mozilla\Firefox\Profiles\cvfwdgcy.tp\cookies.txt -> TrackingCookie.Overture : No action taken.
C:\Documents and Settings\irwin\Cookies\irwin@data2.perf.overture[2].txt -> TrackingCookie.Overture : No action taken.
:mozilla.34:C:\Documents and Settings\irwin\Application Data\Mozilla\Firefox\Profiles\cvfwdgcy.tp\cookies.txt -> TrackingCookie.Pointroll : No action taken.
:mozilla.35:C:\Documents and Settings\irwin\Application Data\Mozilla\Firefox\Profiles\cvfwdgcy.tp\cookies.txt -> TrackingCookie.Pointroll : No action taken.
:mozilla.36:C:\Documents and Settings\irwin\Application Data\Mozilla\Firefox\Profiles\cvfwdgcy.tp\cookies.txt -> TrackingCookie.Pointroll : No action taken.
:mozilla.37:C:\Documents and Settings\irwin\Application Data\Mozilla\Firefox\Profiles\cvfwdgcy.tp\cookies.txt -> TrackingCookie.Pointroll : No action taken.
:mozilla.38:C:\Documents and Settings\irwin\Application Data\Mozilla\Firefox\Profiles\cvfwdgcy.tp\cookies.txt -> TrackingCookie.Pointroll : No action taken.
:mozilla.43:C:\Documents and Settings\irwin\Application Data\Mozilla\Firefox\Profiles\0qb05bcx.default\cookies.txt -> TrackingCookie.Pointroll : No action taken.
:mozilla.44:C:\Documents and Settings\irwin\Application Data\Mozilla\Firefox\Profiles\0qb05bcx.default\cookies.txt -> TrackingCookie.Pointroll : No action taken.
:mozilla.45:C:\Documents and Settings\irwin\Application Data\Mozilla\Firefox\Profiles\0qb05bcx.default\cookies.txt -> TrackingCookie.Pointroll : No action taken.
:mozilla.46:C:\Documents and Settings\irwin\Application Data\Mozilla\Firefox\Profiles\0qb05bcx.default\cookies.txt -> TrackingCookie.Pointroll : No action taken.
:mozilla.202:C:\Documents and Settings\irwin\Application Data\Mozilla\Firefox\Profiles\cvfwdgcy.tp\cookies.txt -> TrackingCookie.Pro-market : No action taken.
:mozilla.203:C:\Documents and Settings\irwin\Application Data\Mozilla\Firefox\Profiles\cvfwdgcy.tp\cookies.txt -> TrackingCookie.Pro-market : No action taken.
C:\Documents and Settings\irwin\Cookies\irwin@stats1.reliablestats[1].txt -> TrackingCookie.Reliablestats : No action taken.
:mozilla.150:C:\Documents and Settings\irwin\Application Data\Mozilla\Firefox\Profiles\cvfwdgcy.tp\cookies.txt -> TrackingCookie.Revenue : No action taken.
C:\Documents and Settings\LKP\Cookies\lkp@revenue[2].txt -> TrackingCookie.Revenue : No action taken.
:mozilla.358:C:\Documents and Settings\irwin\Application Data\Mozilla\Firefox\Profiles\cvfwdgcy.tp\cookies.txt -> TrackingCookie.Ru4 : No action taken.
:mozilla.10:C:\Documents and Settings\irwin\Application Data\Mozilla\Firefox\Profiles\cvfwdgcy.tp\cookies.txt -> TrackingCookie.Serving-sys : No action taken.
:mozilla.11:C:\Documents and Settings\irwin\Application Data\Mozilla\Firefox\Profiles\cvfwdgcy.tp\cookies.txt -> TrackingCookie.Serving-sys : No action taken.
:mozilla.12:C:\Documents and Settings\irwin\Application Data\Mozilla\Firefox\Profiles\cvfwdgcy.tp\cookies.txt -> TrackingCookie.Serving-sys : No action taken.
:mozilla.13:C:\Documents and Settings\irwin\Application Data\Mozilla\Firefox\Profiles\cvfwdgcy.tp\cookies.txt -> TrackingCookie.Serving-sys : No action taken.
:mozilla.14:C:\Documents and Settings\irwin\Application Data\Mozilla\Firefox\Profiles\cvfwdgcy.tp\cookies.txt -> TrackingCookie.Serving-sys : No action taken.
:mozilla.9:C:\Documents and Settings\irwin\Application Data\Mozilla\Firefox\Profiles\cvfwdgcy.tp\cookies.txt -> TrackingCookie.Serving-sys : No action taken.
:mozilla.194:C:\Documents and Settings\irwin\Application Data\Mozilla\Firefox\Profiles\cvfwdgcy.tp\cookies.txt -> TrackingCookie.Sexcounter : No action taken.
:mozilla.195:C:\Documents and Settings\irwin\Application Data\Mozilla\Firefox\Profiles\cvfwdgcy.tp\cookies.txt -> TrackingCookie.Sexcounter : No action taken.
:mozilla.196:C:\Documents and Settings\irwin\Application Data\Mozilla\Firefox\Profiles\cvfwdgcy.tp\cookies.txt -> TrackingCookie.Sexcounter : No action taken.
:mozilla.197:C:\Documents and Settings\irwin\Application Data\Mozilla\Firefox\Profiles\cvfwdgcy.tp\cookies.txt -> TrackingCookie.Sexcounter : No action taken.
:mozilla.286:C:\Documents and Settings\irwin\Application Data\Mozilla\Firefox\Profiles\cvfwdgcy.tp\cookies.txt -> TrackingCookie.Spylog : No action taken.
:mozilla.144:C:\Documents and Settings\irwin\Application Data\Mozilla\Firefox\Profiles\cvfwdgcy.tp\cookies.txt -> TrackingCookie.Statcounter : No action taken.
:mozilla.145:C:\Documents and Settings\irwin\Application Data\Mozilla\Firefox\Profiles\cvfwdgcy.tp\cookies.txt -> TrackingCookie.Statcounter : No action taken.
:mozilla.146:C:\Documents and Settings\irwin\Application Data\Mozilla\Firefox\Profiles\cvfwdgcy.tp\cookies.txt -> TrackingCookie.Statcounter : No action taken.
:mozilla.147:C:\Documents and Settings\irwin\Application Data\Mozilla\Firefox\Profiles\cvfwdgcy.tp\cookies.txt -> TrackingCookie.Statcounter : No action taken.
:mozilla.148:C:\Documents and Settings\irwin\Application Data\Mozilla\Firefox\Profiles\cvfwdgcy.tp\cookies.txt -> TrackingCookie.Statcounter : No action taken.
:mozilla.149:C:\Documents and Settings\irwin\Application Data\Mozilla\Firefox\Profiles\cvfwdgcy.tp\cookies.txt -> TrackingCookie.Statcounter : No action taken.
:mozilla.218:C:\Documents and Settings\irwin\Application Data\Mozilla\Firefox\Profiles\cvfwdgcy.tp\cookies.txt -> TrackingCookie.Tacoda : No action taken.
:mozilla.219:C:\Documents and Settings\irwin\Application Data\Mozilla\Firefox\Profiles\cvfwdgcy.tp\cookies.txt -> TrackingCookie.Tacoda : No action taken.
:mozilla.382:C:\Documents and Settings\irwin\Application Data\Mozilla\Firefox\Profiles\cvfwdgcy.tp\cookies.txt -> TrackingCookie.Targetnet : No action taken.
:mozilla.49:C:\Documents and Settings\irwin\Application Data\Mozilla\Firefox\Profiles\cvfwdgcy.tp\cookies.txt -> TrackingCookie.Tradedoubler : No action taken.
:mozilla.50:C:\Documents and Settings\irwin\Application Data\Mozilla\Firefox\Profiles\cvfwdgcy.tp\cookies.txt -> TrackingCookie.Tradedoubler : No action taken.
:mozilla.52:C:\Documents and Settings\irwin\Application Data\Mozilla\Firefox\Profiles\cvfwdgcy.tp\cookies.txt -> TrackingCookie.Tradedoubler : No action taken.
C:\Documents and Settings\irwin\Cookies\irwin@tradedoubler[2].txt -> TrackingCookie.Tradedoubler : No action taken.
:mozilla.273:C:\Documents and Settings\irwin\Application Data\Mozilla\Firefox\Profiles\cvfwdgcy.tp\cookies.txt -> TrackingCookie.Trafficmp : No action taken.
:mozilla.274:C:\Documents and Settings\irwin\Application Data\Mozilla\Firefox\Profiles\cvfwdgcy.tp\cookies.txt -> TrackingCookie.Trafficmp : No action taken.
:mozilla.184:C:\Documents and Settings\irwin\Application Data\Mozilla\Firefox\Profiles\cvfwdgcy.tp\cookies.txt -> TrackingCookie.Tribalfusion : No action taken.
:mozilla.41:C:\Documents and Settings\irwin\Application Data\Mozilla\Firefox\Profiles\0qb05bcx.default\cookies.txt -> TrackingCookie.Tribalfusion : No action taken.
:mozilla.42:C:\Documents and Settings\irwin\Application Data\Mozilla\Firefox\Profiles\0qb05bcx.default\cookies.txt -> TrackingCookie.Tribalfusion : No action taken.
:mozilla.350:C:\Documents and Settings\irwin\Application Data\Mozilla\Firefox\Profiles\cvfwdgcy.tp\cookies.txt -> TrackingCookie.Valueclick : No action taken.
:mozilla.272:C:\Documents and Settings\irwin\Application Data\Mozilla\Firefox\Profiles\cvfwdgcy.tp\cookies.txt -> TrackingCookie.Yadro : No action taken.
C:\Documents and Settings\irwin\Cookies\irwin@yadro[2].txt -> TrackingCookie.Yadro : No action taken.
:mozilla.106:C:\Documents and Settings\irwin\Application Data\Mozilla\Firefox\Profiles\cvfwdgcy.tp\cookies.txt -> TrackingCookie.Yieldmanager : No action taken.
:mozilla.107:C:\Documents and Settings\irwin\Application Data\Mozilla\Firefox\Profiles\cvfwdgcy.tp\cookies.txt -> TrackingCookie.Yieldmanager : No action taken.
:mozilla.108:C:\Documents and Settings\irwin\Application Data\Mozilla\Firefox\Profiles\cvfwdgcy.tp\cookies.txt -> TrackingCookie.Yieldmanager : No action taken.
C:\Documents and Settings\irwin\Cookies\irwin@ad.yieldmanager[1].txt -> TrackingCookie.Yieldmanager : No action taken.
C:\Documents and Settings\irwin\Cookies\irwin@ad.yieldmanager[2].txt -> TrackingCookie.Yieldmanager : No action taken.
C:\Documents and Settings\irwin\Cookies\irwin@ad.yieldmanager[3].txt -> TrackingCookie.Yieldmanager : No action taken.
:mozilla.220:C:\Documents and Settings\irwin\Application Data\Mozilla\Firefox\Profiles\cvfwdgcy.tp\cookies.txt -> TrackingCookie.Zedo : No action taken.
:mozilla.221:C:\Documents and Settings\irwin\Application Data\Mozilla\Firefox\Profiles\cvfwdgcy.tp\cookies.txt -> TrackingCookie.Zedo : No action taken.
C:\Documents and Settings\LKP\Local Settings\Temporary Internet Files\Content.IE5\C0N8TFS9\FINLAND[1].0XE -> Trojan.Dialer.jr : No action taken.
C:\Documents and Settings\LKP\Local Settings\Temporary Internet Files\Content.IE5\ER16B6AO\Finland[1].0xe -> Trojan.Dialer.jr : No action taken.
C:\WINDOWS\Finland.0xe -> Trojan.Dialer.jr : No action taken.
C:\Documents and Settings\LKP\Local Settings\Temp\3735856_3484_588_4572_62.41.tmp1 -> Trojan.EliteBar.a : No action taken.
C:\Documents and Settings\LKP\Local Settings\Temp\65836_304_524_3284_62.41.tmp1 -> Trojan.EliteBar.a : No action taken.
C:\Documents and Settings\Timo\Local Settings\Temp\196734_5840_5512_5868_62.41.tmp1 -> Trojan.EliteBar.a : No action taken.
C:\Documents and Settings\Timo\Local Settings\Temp\2492358_1432_1684_2812_62.41.tmp1 -> Trojan.EliteBar.a : No action taken.
C:\Documents and Settings\Timo\Local Settings\Temp\262434_468_3152_4924_62.41.tmp1 -> Trojan.EliteBar.a : No action taken.
C:\Documents and Settings\Timo\Local Settings\Temp\264236_1428_1736_4620_62.41.tmp1 -> Trojan.EliteBar.a : No action taken.
C:\Documents and Settings\Timo\Local Settings\Temp\327844_4432_5512_5992_62.41.tmp1 -> Trojan.EliteBar.a : No action taken.
C:\Documents and Settings\Timo\Local Settings\Temp\329640_1788_2000_2936_62.41.tmp1 -> Trojan.EliteBar.a : No action taken.
C:\Documents and Settings\Timo\Local Settings\Temp\526256_6084_5512_6116_62.41.tmp1 -> Trojan.EliteBar.a : No action taken.
C:\Documents and Settings\Timo\Local Settings\Temp\591840_1852_196_4092_62.41.tmp1 -> Trojan.EliteBar.a : No action taken.
C:\Documents and Settings\Timo\Local Settings\Temp\921212_5792_196_4352_62.41.tmp1 -> Trojan.EliteBar.a : No action taken.
C:\Documents and Settings\Timo\Local Settings\Temp\RarSFX0\vonner.0xe -> Trojan.EliteBar.a : No action taken.
C:\Documents and Settings\Timo\Local Settings\Temp\RarSFX1\vonner.0xe -> Trojan.EliteBar.a : No action taken.
C:\Documents and Settings\Timo\Local Settings\Temp\RarSFX2\vonner.0xe -> Trojan.EliteBar.a : No action taken.
C:\Documents and Settings\Timo\Local Settings\Temp\RarSFX3\vonner.0xe -> Trojan.EliteBar.a : No action taken.
C:\Documents and Settings\Timo\Local Settings\Temp\RarSFX4\vonner.0xe -> Trojan.EliteBar.a : No action taken.
C:\Documents and Settings\Timo\Local Settings\Temp\RarSFX5\vonner.0xe -> Trojan.EliteBar.a : No action taken.
C:\Documents and Settings\irwin\Local Settings\Temp\1048824_1804_2036_2240_62.41.tmp1 -> Trojan.EliteBar.a : No action taken.
C:\Documents and Settings\irwin\Local Settings\Temp\1310896_1764_2032_3128_62.41.tmp1 -> Trojan.EliteBar.a : No action taken.
C:\Documents and Settings\irwin\Local Settings\Temp\131242_1776_1996_3424_62.41.tmp1 -> Trojan.EliteBar.a : No action taken.
C:\Documents and Settings\irwin\Local Settings\Temp\198266_1772_1988_2372_62.41.tmp1 -> Trojan.EliteBar.a : No action taken.
C:\Documents and Settings\irwin\Local Settings\Temp\198610_3068_1632_3768_62.41.tmp1 -> Trojan.EliteBar.a : No action taken.
C:\Documents and Settings\irwin\Local Settings\Temp\330596_1464_2000_5092_62.41.tmp1 -> Trojan.EliteBar.a : No action taken.
C:\Documents and Settings\irwin\Local Settings\Temp\459072_1768_1960_396_62.41.tmp1 -> Trojan.EliteBar.a : No action taken.
C:\Documents and Settings\irwin\Local Settings\Temp\527034_1760_1960_2772_62.41.tmp1 -> Trojan.EliteBar.a : No action taken.
C:\Documents and Settings\irwin\Local Settings\Temp\65880_344_620_3032_62.41.tmp1 -> Trojan.EliteBar.a : No action taken.
C:\Documents and Settings\irwin\Local Settings\Temp\65886_432_664_3764_62.41.tmp1 -> Trojan.EliteBar.a : No action taken.
C:\Documents and Settings\irwin\Local Settings\Temp\65888_432_664_3124_62.41.tmp1 -> Trojan.EliteBar.a : No action taken.
C:\Documents and Settings\irwin\Local Settings\Temp\65914_388_620_3632_62.41.tmp1 -> Trojan.EliteBar.a : No action taken.
C:\Documents and Settings\irwin\Local Settings\Temp\65926_344_572_3608_62.41.tmp1 -> Trojan.EliteBar.a : No action taken.
C:\Documents and Settings\irwin\Local Settings\Temp\65964_408_636_3028_62.41.tmp1 -> Trojan.EliteBar.a : No action taken.
C:\Documents and Settings\irwin\Local Settings\Temp\65976_428_660_3044_62.41.tmp1 -> Trojan.EliteBar.a : No action taken.
C:\Documents and Settings\irwin\Local Settings\Temp\920382_1768_1960_3136_62.41.tmp1 -> Trojan.EliteBar.a : No action taken.
C:\Documents and Settings\Timo\Local Settings\Temporary Internet Files\Content.IE5\4TEN8ZG9\spreaxzss[1].0xe -> Worm.Kelvir.dr : No action taken.
C:\Documents and Settings\Timo\Local Settings\Temporary Internet Files\Content.IE5\IBWPWHIP\n3[1].0xe -> Worm.Kelvir.dt : No action taken.
C:\Documents and Settings\Timo\Local Settings\Temporary Internet Files\Content.IE5\IBWPWHIP\spreaxzs[1].0xe -> Worm.Kelvir.dt : No action taken.


::Report end


----------------------------------------------------------------------
Logfile of HijackThis v1.99.1
Scan saved at 0:19:51, on 22.9.2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Nero\Nero 7\InCD\InCDsrv.exe
C:\Program Files\TGTSoft\StyleXP\StyleXPService.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\F-Secure\BackWeb\7681197\Program\SERVIC~1.EXE
C:\Program Files\ewido anti-spyware 4.0\guard.exe
C:\Program Files\F-Secure\Anti-Virus\fsgk32st.exe
C:\Program Files\F-Secure\Anti-Virus\FSGK32.EXE
C:\Program Files\F-Secure\Anti-Virus\fssm32.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\F-Secure\BackWeb\7681197\Program\BackWeb-7681197.exe
C:\WINDOWS\system32\slserv.exe
C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\F-Secure\Common\FSMA32.EXE
C:\Program Files\F-Secure\Common\FSMB32.EXE
C:\Program Files\F-Secure\Common\FCH32.EXE
C:\Program Files\F-Secure\Common\FAMEH32.EXE
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\McAfee\McAfee Firewall\CPD.EXE
C:\WINDOWS\Explorer.EXE
C:\Program Files\McAfee\McAfee Firewall\CPD.EXE
C:\Program Files\F-Secure\Common\FNRB32.EXE
C:\Program Files\F-Secure\Common\FIH32.EXE
C:\Program Files\F-Secure\Anti-Virus\fsav32.exe
C:\WINDOWS\system32\RunDll32.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Common Files\PCSuite\DataLayer\DataLayer.exe
C:\Program Files\McAfee\McAfee Shared Components\Guardian\CMGrdian.exe
C:\WINDOWS\system32\LVCOMSX.EXE
C:\Program Files\Logitech\Video\LogiTray.exe
C:\Program Files\DAEMON Tools\daemon.exe
C:\Program Files\Nero\Nero 7\InCD\InCD.exe
C:\Program Files\Winamp\winampa.exe
C:\PROGRA~1\Nokia\NOKIAP~1\LAUNCH~1.EXE
C:\Program Files\Logitech\G-series Software\LGDCore.exe
C:\Program Files\Logitech\G-series Software\LCDMon.exe
C:\Program Files\Razer\Copperhead\razerhid.exe
C:\Program Files\F-Secure\Common\FSM32.EXE
C:\Program Files\ewido anti-spyware 4.0\ewido.exe
C:\Program Files\Logitech\G-series Software\Applets\LCDCountdown\LCDCountdown.exe
C:\Program Files\Common Files\PCSuite\Services\ServiceLayer.exe
C:\Program Files\Java\jre1.5.0_04\bin\jusched.exe
C:\Program Files\Logitech\G-series Software\Applets\LCDPop3\LCDPOP3.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\McAfee\McAfee Shared Components\Instant Updater\RuLaunch.exe
C:\Program Files\Logitech\G-series Software\Applets\LCDClock.exe
C:\Program Files\TGTSoft\StyleXP\StyleXP.exe
C:\Documents and Settings\irwin\Omat tiedostot\okl\Kaikenlaista\G15NetSpeed\G15NetSpeed.exe
C:\Program Files\CursorXP\CursorXP.exe
C:\Program Files\Common Files\Ahead\lib\NMBgMonitor.exe
C:\Program Files\PeerGuardian2\pg2.exe
C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe
C:\Program Files\Logitech\Video\FxSvr2.exe
C:\Program Files\Razer\Copperhead\razertra.exe
C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
C:\Program Files\DU Super Controler\DUSuperControler.exe
C:\Program Files\Razer\Copperhead\razerofa.exe
C:\Program Files\DU Super Controler\DUSuperControler.exe
C:\Program Files\WinZip\WZQKPICK.EXE
C:\Program Files\Stardock\ObjectDock\ObjectDock.exe
C:\PROGRA~1\COMMON~1\Nokia\MPAPI\MPAPI3s.exe
C:\HJT\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Linkit
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_04\bin\ssv.dll (file missing)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [DataLayer] C:\Program Files\Common Files\PCSuite\DataLayer\DataLayer.exe
O4 - HKLM\..\Run: [McAfee Guardian] "C:\Program Files\McAfee\McAfee Shared Components\Guardian\CMGrdian.exe" /SU
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\system32\LVCOMSX.EXE
O4 - HKLM\..\Run: [LogitechVideoRepair] C:\Program Files\Logitech\Video\ISStart.exe
O4 - HKLM\..\Run: [LogitechVideoTray] C:\Program Files\Logitech\Video\LogiTray.exe
O4 - HKLM\..\Run: [LogonStudio] "C:\Program Files\WinCustomize\LogonStudio\logonstudio.exe" /RANDOM
O4 - HKLM\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [InCD] C:\Program Files\Nero\Nero 7\InCD\InCD.exe
O4 - HKLM\..\Run: [BootSkin Startup Jobs] "C:\PROGRA~1\Stardock\WINCUS~1\BootSkin\BootSkin.exe" /StartupJobs
O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe
O4 - HKLM\..\Run: [PCSuiteTrayApplication] C:\PROGRA~1\Nokia\NOKIAP~1\LAUNCH~1.EXE -startup
O4 - HKLM\..\Run: [Launch LGDCore] "C:\Program Files\Logitech\G-series Software\LGDCore.exe" /SHOWHIDE
O4 - HKLM\..\Run: [Launch LCDMon] "C:\Program Files\Logitech\G-series Software\LCDMon.exe"
O4 - HKLM\..\Run: [razer] C:\Program Files\Razer\Copperhead\razerhid.exe
O4 - HKLM\..\Run: [F-Secure Manager] "C:\Program Files\F-Secure\Common\FSM32.EXE" /splash
O4 - HKLM\..\Run: [!ewido] "C:\Program Files\ewido anti-spyware 4.0\ewido.exe" /minimized
O4 - HKLM\..\Run: [MSConfig] C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_04\bin\jusched.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [McAfee.InstantUpdate.Monitor] "C:\Program Files\McAfee\McAfee Shared Components\Instant Updater\RuLaunch.exe" /STARTMONITOR
O4 - HKCU\..\Run: [STYLEXP] C:\Program Files\TGTSoft\StyleXP\StyleXP.exe -Hide
O4 - HKCU\..\Run: [CursorXP] C:\Program Files\CursorXP\CursorXP.exe
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [PeerGuardian] C:\Program Files\PeerGuardian2\pg2.exe
O4 - HKCU\..\Run: [PcSync] C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog
O4 - Startup: DUSuperControler.lnk = C:\Program Files\DU Super Controler\DUSuperControler.exe
O4 - Startup: Stardock ObjectDock.lnk = C:\Program Files\Stardock\ObjectDock\ObjectDock.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: DUSuperControler.lnk = C:\Program Files\DU Super Controler\DUSuperControler.exe
O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE
O8 - Extra context menu item: Vie Microsoft E&xceliin - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra button: Oheistiedot - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra button: PICgrabber - {4964E240-D53C-11D5-BDA9-444553540000} - C:\Program Files\PICgrabber\PICGRABBER.EXE (HKCU)
O9 - Extra 'Tools' menuitem: PICgrabber - Movie&Image Search/Download Software - {4964E240-D53C-11D5-BDA9-444553540000} - C:\Program Files\PICgrabber\PICGRABBER.EXE (HKCU)
O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab31267.cab
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/SSC/SharedContent/vc/bin/AvSniff.cab
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
O16 - DPF: {9D190AE6-C81E-4039-8061-978EBAD10073} (F-Secure Online Scanner 3.0) - http://support.f-secure.com/ols/fscax.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://messenger.zone.msn.com/binary/ZIntro.cab32846.cab
O16 - DPF: {BD393C14-72AD-4790-A095-76522973D6B8} (CBreakshotControl Class) - http://messenger.zone.msn.com/binary/Bankshot.cab31267.cab
O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/SolitaireShowdown.cab31267.cab
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O23 - Service: AVSync Manager (AvSynMgr) - Unknown owner - C:\Program Files\McAfee\McAfee VirusScan\Avsynmgr.exe (file missing)
O23 - Service: F-Secure BackWeb (BackWeb Client - 7681197) - Unknown owner - C:\PROGRA~1\F-Secure\BackWeb\7681197\Program\SERVIC~1.EXE
O23 - Service: ewido anti-spyware 4.0 guard - Anti-Malware Development a.s. - C:\Program Files\ewido anti-spyware 4.0\guard.exe
O23 - Service: F-Secure BackWeb LAN Access - Unknown owner - C:\Program Files\F-Secure\BackWeb\7681197\Program\fsbwlan.exe
O23 - Service: F-Secure Gatekeeper Handler Starter - F-Secure Corp. - C:\Program Files\F-Secure\Anti-Virus\fsgk32st.exe
O23 - Service: F-Secure Network Request Broker - F-Secure Corporation - C:\Program Files\F-Secure\Common\FNRB32.EXE
O23 - Service: F-Secure Authentication Agent (FSAA) - F-Secure Corporation. All Rights Reserved. - C:\Program Files\F-Secure\Common\FSAA.EXE
O23 - Service: F-Secure Management Agent (FSMA) - F-Secure Corporation - C:\Program Files\F-Secure\Common\FSMA32.EXE
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: InCD Helper (InCDsrv) - Nero AG - C:\Program Files\Nero\Nero 7\InCD\InCDsrv.exe
O23 - Service: McAfee Firewall - Unknown owner - C:\Program Files\McAfee\McAfee Firewall\CPD.EXE" /SERVICE (file missing)
O23 - Service: McShield - Unknown owner - C:\Program Files\Common Files\Network Associates\McShield\Mcshield.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Panda Process Protection Service (PavPrSrv) - Panda Software - C:\Program Files\Common Files\Panda Software\PavShld\pavprsrv.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\Common Files\PCSuite\Services\ServiceLayer.exe
O23 - Service: SmartLinkService (SLService) - - C:\WINDOWS\SYSTEM32\slserv.exe
O23 - Service: StarWind iSCSI Service (StarWindService) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
O23 - Service: StyleXPService - Unknown owner - C:\Program Files\TGTSoft\StyleXP\StyleXPService.exe

 

Mahdoitkohan ajaa ewidon kairiksen ohjeiden mukaan, kun kaikissa lukee "no action taken"? Jos et, niin aja ewido uudelleen tarkalleen kairiksen ohjeiden mukaan (katso kuvasta ohjeita), niin nuo örkit lähtee poiskin...

 

ainaki luullakseni tein sen niinkö toss sanottiin: menin vikasieto tilaan,Scanner välilehti, complete system scan sitten odotin että skannaus on vamis, sitte laitoin siihen set all elements kohtaan quarantine ja sitte apply all actions ja tallensin raportin työpöydälle. mutta ton ohjeen alussa oli että: "Käynnistä Ewido ja pääikkunassa klikkaa "Realtime protection" (on vihreällä ja lukee "Active") muuttaksesi sen inactiveksi." en löytänyt mistään välilehdestä kohtaa "Realtime protection" mutta oli seillä semmonen kun "resident shield is.." ja sen muutin "inactiveksi". oisko tällä sitte tekemistä ton "no action taken" homman kanssa? nii ja se "resident shield is.." oli välilehdessä shield

 

toimi tuon ohjeen mukaan kun laitat ewidon skannaamaan.
http://aaxxeell.googlepages.com/ewido4

mieluummin vikasietotilassa. (Nyt ei tartte laittaa resident shieldiä inactiveksi, se kylläkään ei ollut syy miksi tuli nuo no action taken. Se olis saattanut estää hijackthis fixit (siis resident shield aktiivisena)).

Laita ewidon loki, jos tulee jotain muuta, kuin No action taken
ja uusi hjt-loki

 

tässä on tuli joku errori tonne


Logfile of HijackThis v1.99.1
Scan saved at 15:26:54, on 23.9.2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Nero\Nero 7\InCD\InCDsrv.exe
C:\Program Files\TGTSoft\StyleXP\StyleXPService.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\F-Secure\BackWeb\7681197\Program\SERVIC~1.EXE
C:\Program Files\ewido anti-spyware 4.0\guard.exe
C:\Program Files\F-Secure\Anti-Virus\fsgk32st.exe
C:\Program Files\F-Secure\Anti-Virus\FSGK32.EXE
C:\Program Files\F-Secure\Anti-Virus\fssm32.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\F-Secure\BackWeb\7681197\Program\BackWeb-7681197.exe
C:\WINDOWS\system32\slserv.exe
C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\F-Secure\Common\FSMA32.EXE
C:\Program Files\F-Secure\Common\FSMB32.EXE
C:\Program Files\F-Secure\Common\FCH32.EXE
C:\Program Files\F-Secure\Common\FAMEH32.EXE
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\McAfee\McAfee Firewall\CPD.EXE
C:\Program Files\F-Secure\Common\FNRB32.EXE
C:\WINDOWS\Explorer.EXE
C:\Program Files\F-Secure\Common\FIH32.EXE
C:\Program Files\F-Secure\Anti-Virus\fsav32.exe
C:\Program Files\McAfee\McAfee Firewall\CPD.EXE
C:\WINDOWS\system32\RunDll32.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Common Files\PCSuite\DataLayer\DataLayer.exe
C:\Program Files\McAfee\McAfee Shared Components\Guardian\CMGrdian.exe
C:\WINDOWS\system32\LVCOMSX.EXE
C:\Program Files\Logitech\Video\LogiTray.exe
C:\Program Files\DAEMON Tools\daemon.exe
C:\Program Files\Nero\Nero 7\InCD\InCD.exe
C:\Program Files\Winamp\winampa.exe
C:\Program Files\Common Files\PCSuite\Services\ServiceLayer.exe
C:\PROGRA~1\Nokia\NOKIAP~1\LAUNCH~1.EXE
C:\Program Files\Logitech\G-series Software\LGDCore.exe
C:\Program Files\Logitech\G-series Software\LCDMon.exe
C:\Program Files\Razer\Copperhead\razerhid.exe
C:\Program Files\F-Secure\Common\FSM32.EXE
C:\Program Files\Logitech\G-series Software\Applets\LCDCountdown\LCDCountdown.exe
C:\Program Files\Logitech\G-series Software\Applets\LCDPop3\LCDPOP3.exe
C:\Program Files\Logitech\G-series Software\Applets\LCDClock.exe
C:\Documents and Settings\irwin\Omat tiedostot\okl\Kaikenlaista\G15NetSpeed\G15NetSpeed.exe
C:\Program Files\Java\jre1.5.0_04\bin\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\McAfee\McAfee Shared Components\Instant Updater\RuLaunch.exe
C:\Program Files\Logitech\Video\FxSvr2.exe
C:\Program Files\TGTSoft\StyleXP\StyleXP.exe
C:\Program Files\CursorXP\CursorXP.exe
C:\Program Files\Common Files\Ahead\lib\NMBgMonitor.exe
C:\Program Files\Razer\Copperhead\razertra.exe
C:\Program Files\Razer\Copperhead\razerofa.exe
C:\Program Files\PeerGuardian2\pg2.exe
C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe
C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
C:\Program Files\DU Super Controler\DUSuperControler.exe
C:\Program Files\DU Super Controler\DUSuperControler.exe
C:\PROGRA~1\COMMON~1\Nokia\MPAPI\MPAPI3s.exe
C:\Program Files\WinZip\WZQKPICK.EXE
C:\Program Files\Stardock\ObjectDock\ObjectDock.exe
C:\HJT\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Linkit
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_04\bin\ssv.dll (file missing)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [DataLayer] C:\Program Files\Common Files\PCSuite\DataLayer\DataLayer.exe
O4 - HKLM\..\Run: [McAfee Guardian] "C:\Program Files\McAfee\McAfee Shared Components\Guardian\CMGrdian.exe" /SU
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\system32\LVCOMSX.EXE
O4 - HKLM\..\Run: [LogitechVideoRepair] C:\Program Files\Logitech\Video\ISStart.exe
O4 - HKLM\..\Run: [LogitechVideoTray] C:\Program Files\Logitech\Video\LogiTray.exe
O4 - HKLM\..\Run: [LogonStudio] "C:\Program Files\WinCustomize\LogonStudio\logonstudio.exe" /RANDOM
O4 - HKLM\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [InCD] C:\Program Files\Nero\Nero 7\InCD\InCD.exe
O4 - HKLM\..\Run: [BootSkin Startup Jobs] "C:\PROGRA~1\Stardock\WINCUS~1\BootSkin\BootSkin.exe" /StartupJobs
O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe
O4 - HKLM\..\Run: [PCSuiteTrayApplication] C:\PROGRA~1\Nokia\NOKIAP~1\LAUNCH~1.EXE -startup
O4 - HKLM\..\Run: [Launch LGDCore] "C:\Program Files\Logitech\G-series Software\LGDCore.exe" /SHOWHIDE
O4 - HKLM\..\Run: [Launch LCDMon] "C:\Program Files\Logitech\G-series Software\LCDMon.exe"
O4 - HKLM\..\Run: [razer] C:\Program Files\Razer\Copperhead\razerhid.exe
O4 - HKLM\..\Run: [F-Secure Manager] "C:\Program Files\F-Secure\Common\FSM32.EXE" /splash
O4 - HKLM\..\Run: [MSConfig] C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_04\bin\jusched.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [McAfee.InstantUpdate.Monitor] "C:\Program Files\McAfee\McAfee Shared Components\Instant Updater\RuLaunch.exe" /STARTMONITOR
O4 - HKCU\..\Run: [STYLEXP] C:\Program Files\TGTSoft\StyleXP\StyleXP.exe -Hide
O4 - HKCU\..\Run: [CursorXP] C:\Program Files\CursorXP\CursorXP.exe
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [PeerGuardian] C:\Program Files\PeerGuardian2\pg2.exe
O4 - HKCU\..\Run: [PcSync] C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog
O4 - Startup: DUSuperControler.lnk = C:\Program Files\DU Super Controler\DUSuperControler.exe
O4 - Startup: Stardock ObjectDock.lnk = C:\Program Files\Stardock\ObjectDock\ObjectDock.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: DUSuperControler.lnk = C:\Program Files\DU Super Controler\DUSuperControler.exe
O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE
O8 - Extra context menu item: Vie Microsoft E&xceliin - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra button: Oheistiedot - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra button: PICgrabber - {4964E240-D53C-11D5-BDA9-444553540000} - C:\Program Files\PICgrabber\PICGRABBER.EXE (HKCU)
O9 - Extra 'Tools' menuitem: PICgrabber - Movie&Image Search/Download Software - {4964E240-D53C-11D5-BDA9-444553540000} - C:\Program Files\PICgrabber\PICGRABBER.EXE (HKCU)
O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab31267.cab
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/SSC/SharedContent/vc/bin/AvSniff.cab
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
O16 - DPF: {9D190AE6-C81E-4039-8061-978EBAD10073} (F-Secure Online Scanner 3.0) - http://support.f-secure.com/ols/fscax.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://messenger.zone.msn.com/binary/ZIntro.cab32846.cab
O16 - DPF: {BD393C14-72AD-4790-A095-76522973D6B8} (CBreakshotControl Class) - http://messenger.zone.msn.com/binary/Bankshot.cab31267.cab
O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/SolitaireShowdown.cab31267.cab
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O23 - Service: AVSync Manager (AvSynMgr) - Unknown owner - C:\Program Files\McAfee\McAfee VirusScan\Avsynmgr.exe (file missing)
O23 - Service: F-Secure BackWeb (BackWeb Client - 7681197) - Unknown owner - C:\PROGRA~1\F-Secure\BackWeb\7681197\Program\SERVIC~1.EXE
O23 - Service: ewido anti-spyware 4.0 guard - Anti-Malware Development a.s. - C:\Program Files\ewido anti-spyware 4.0\guard.exe
O23 - Service: F-Secure BackWeb LAN Access - Unknown owner - C:\Program Files\F-Secure\BackWeb\7681197\Program\fsbwlan.exe
O23 - Service: F-Secure Gatekeeper Handler Starter - F-Secure Corp. - C:\Program Files\F-Secure\Anti-Virus\fsgk32st.exe
O23 - Service: F-Secure Network Request Broker - F-Secure Corporation - C:\Program Files\F-Secure\Common\FNRB32.EXE
O23 - Service: F-Secure Authentication Agent (FSAA) - F-Secure Corporation. All Rights Reserved. - C:\Program Files\F-Secure\Common\FSAA.EXE
O23 - Service: F-Secure Management Agent (FSMA) - F-Secure Corporation - C:\Program Files\F-Secure\Common\FSMA32.EXE
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: InCD Helper (InCDsrv) - Nero AG - C:\Program Files\Nero\Nero 7\InCD\InCDsrv.exe
O23 - Service: McAfee Firewall - Unknown owner - C:\Program Files\McAfee\McAfee Firewall\CPD.EXE" /SERVICE (file missing)
O23 - Service: McShield - Unknown owner - C:\Program Files\Common Files\Network Associates\McShield\Mcshield.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Panda Process Protection Service (PavPrSrv) - Panda Software - C:\Program Files\Common Files\Panda Software\PavShld\pavprsrv.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\Common Files\PCSuite\Services\ServiceLayer.exe
O23 - Service: SmartLinkService (SLService) - - C:\WINDOWS\SYSTEM32\slserv.exe
O23 - Service: StarWind iSCSI Service (StarWindService) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
O23 - Service: StyleXPService - Unknown owner - C:\Program Files\TGTSoft\StyleXP\StyleXPService.exe

---------------------------------------------------------
ewido anti-spyware - Scan Report
---------------------------------------------------------

+ Created at: 15:22:17 23.9.2006

+ Scan result:



HKLM\SOFTWARE\Altnet -> Adware.Altnet : Error during cleaning.
HKLM\SOFTWARE\Altnet\Dashboard -> Adware.Altnet : Error during cleaning.
HKLM\SOFTWARE\Altnet\Dashboard\Messages -> Adware.Altnet : Error during cleaning.


::Report end

 

Hyvä saatiin ewido toimimaan
Tässä jatkoa:
Ota ensin rekisteristä näin varmuuskopio:

Suorita -> regedit -> ok. Sitten Tiedosto -> Vie. Kirjoita sille joku nimi ja sitten Tallenna(ja laita muistiin, mihin tallensit sen).

Sitten tallenna tämä alla oleva tekstinpätkä nimellä fix.reg vaikka muistiossa ja vaikka työpöydälle (tallennusmuoto kaikki tiedostot)

Windows Registry Editor Version 5.00

[-HKEY_LOCAL_MACHINE\SOFTWARE\Altnet]

Tuplaklikkaa ja paina kyllä ja ok. Käynnistä kone uudelleen.



Javan päivitys ja välimuistin tyhjennys

1. Klikkaa Käynnistä > Ohjauspaneeli ja tupla-klikkaa Lisää tai poista sovellus Ohjauspaneelissa.
2. Etsi listasta kaikki entiset Java versiosi. (J2SE Runtime Environment.... )
Niissä pitäisi olla seuraava kuva vieressä:
3. Valitse kaikki entiset Java versiosi ja valitse Poista.
4. Asenna uusin Java päivitys seuraavasta linkistä..
5. Käynnistä kone uudelleen asennuksen jälkeen:

http://java.sun.com/javase/downloads/index.jsp

6. Käynnistyksen jälkeen, mene takaisin Ohjauspaneeliin ja avaa Java asetuksesi (Muita Ohjauspaneelin asetuksia -> Java kahvikuppi).
7. Temporary Internet Files -osion alla, klikkaa Delete Files nappia.
8. Varmista että kaikki kolme valintaa ovat rastitettuja:

Downloaded Applets
Downloaded Applications
Other Files

9. Klikkaa OK "Delete Temporary Internet Files" -ikkunassasi.
Huomaa: Tämä poistaa kaikki ladatut sovellukset ja appletit VÄLIMUISTISTA.
10. Klikkaa OK jättääksesi Java asetusikkunasi.


Ps. Oletko ottanut pois tuolta MSConfigista jotain kun näyttäs olevan käytössä selective startuppi.
Eli käynnistä -> suorita -> msconfig -> käynnistys välilehti

 

en saanut vieläkään pois tota vanhempaa java päivitystä se valitti vaan samaa erroria mitä edelliselläki kerralla, mutta asensin kuitenki sen uudemman, nii ja siellä msconfig:ssa oli päällä valikoiva käynnistys vaihoin sen normaaliin.

 

lähetä tuoreet hjt-loki ja ewidon raportti

 

tässä ewidon raportti (normaali tilassa skannattu) ja hjt:

--------------------------------------------------------
ewido anti-spyware - Scan Report
---------------------------------------------------------

+ Created at: 15:22:17 23.9.2006

+ Scan result:



HKLM\SOFTWARE\Altnet -> Adware.Altnet : Error during cleaning.
HKLM\SOFTWARE\Altnet\Dashboard -> Adware.Altnet : Error during cleaning.
HKLM\SOFTWARE\Altnet\Dashboard\Messages -> Adware.Altnet : Error during cleaning.


::Report end

Logfile of HijackThis v1.99.1
Scan saved at 2:23:02, on 24.9.2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Nero\Nero 7\InCD\InCDsrv.exe
C:\Program Files\TGTSoft\StyleXP\StyleXPService.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\RunDll32.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Common Files\PCSuite\DataLayer\DataLayer.exe
C:\Program Files\McAfee\McAfee Shared Components\Guardian\CMGrdian.exe
C:\WINDOWS\system32\LVCOMSX.EXE
C:\Program Files\Logitech\Video\LogiTray.exe
C:\Program Files\DAEMON Tools\daemon.exe
C:\Program Files\Nero\Nero 7\InCD\InCD.exe
C:\Program Files\Winamp\winampa.exe
C:\PROGRA~1\Nokia\NOKIAP~1\LAUNCH~1.EXE
C:\Program Files\Logitech\G-series Software\LGDCore.exe
C:\Program Files\Logitech\G-series Software\LCDMon.exe
C:\Program Files\Razer\Copperhead\razerhid.exe
C:\PROGRA~1\F-Secure\BackWeb\7681197\Program\SERVIC~1.EXE
C:\Program Files\F-Secure\Common\FSM32.EXE
C:\Program Files\Java\jre1.5.0_08\bin\jusched.exe
C:\Program Files\ewido anti-spyware 4.0\guard.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\McAfee\McAfee Shared Components\Instant Updater\RuLaunch.exe
C:\Program Files\TGTSoft\StyleXP\StyleXP.exe
C:\Program Files\CursorXP\CursorXP.exe
C:\Program Files\Common Files\Ahead\lib\NMBgMonitor.exe
C:\Program Files\F-Secure\Anti-Virus\fsgk32st.exe
C:\Program Files\Logitech\G-series Software\Applets\LCDCountdown\LCDCountdown.exe
C:\Program Files\PeerGuardian2\pg2.exe
C:\Program Files\Logitech\G-series Software\Applets\LCDPop3\LCDPOP3.exe
C:\Program Files\F-Secure\Anti-Virus\FSGK32.EXE
C:\Program Files\Logitech\G-series Software\Applets\LCDClock.exe
C:\Program Files\F-Secure\BackWeb\7681197\Program\BackWeb-7681197.exe
C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe
C:\Documents and Settings\irwin\Omat tiedostot\okl\Kaikenlaista\G15NetSpeed\G15NetSpeed.exe
C:\Program Files\F-Secure\Anti-Virus\fssm32.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\DU Super Controler\DUSuperControler.exe
C:\Program Files\WinZip\WZQKPICK.EXE
C:\Program Files\DU Super Controler\DUSuperControler.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\slserv.exe
C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
C:\Program Files\Logitech\Video\FxSvr2.exe
C:\WINDOWS\system32\svchost.exe
C:\PROGRA~1\COMMON~1\Nokia\MPAPI\MPAPI3s.exe
C:\Program Files\Stardock\ObjectDock\ObjectDock.exe
C:\Program Files\F-Secure\Common\FSMA32.EXE
C:\Program Files\Razer\Copperhead\razertra.exe
C:\Program Files\F-Secure\Common\FSMB32.EXE
C:\Program Files\Razer\Copperhead\razerofa.exe
C:\Program Files\F-Secure\Common\FCH32.EXE
C:\Program Files\F-Secure\Common\FAMEH32.EXE
C:\Program Files\McAfee\McAfee Firewall\CPD.EXE
C:\Program Files\McAfee\McAfee Firewall\CPD.EXE
C:\Program Files\Common Files\PCSuite\Services\ServiceLayer.exe
C:\Program Files\F-Secure\Common\FNRB32.EXE
C:\Program Files\F-Secure\Common\FIH32.EXE
C:\Program Files\F-Secure\Anti-Virus\fsav32.exe
C:\Program Files\DC++\DCPlusPlus.exe
C:\Program Files\ewido anti-spyware 4.0\ewido.exe
C:\Program Files\Winamp\winamp.exe
C:\Program Files\Opera\Opera.exe
C:\WINDOWS\system32\notepad.exe
C:\HJT\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Linkit
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_08\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [DataLayer] C:\Program Files\Common Files\PCSuite\DataLayer\DataLayer.exe
O4 - HKLM\..\Run: [McAfee Guardian] "C:\Program Files\McAfee\McAfee Shared Components\Guardian\CMGrdian.exe" /SU
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\system32\LVCOMSX.EXE
O4 - HKLM\..\Run: [LogitechVideoRepair] C:\Program Files\Logitech\Video\ISStart.exe
O4 - HKLM\..\Run: [LogitechVideoTray] C:\Program Files\Logitech\Video\LogiTray.exe
O4 - HKLM\..\Run: [LogonStudio] "C:\Program Files\WinCustomize\LogonStudio\logonstudio.exe" /RANDOM
O4 - HKLM\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [InCD] C:\Program Files\Nero\Nero 7\InCD\InCD.exe
O4 - HKLM\..\Run: [BootSkin Startup Jobs] "C:\PROGRA~1\Stardock\WINCUS~1\BootSkin\BootSkin.exe" /StartupJobs
O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe
O4 - HKLM\..\Run: [PCSuiteTrayApplication] C:\PROGRA~1\Nokia\NOKIAP~1\LAUNCH~1.EXE -startup
O4 - HKLM\..\Run: [Launch LGDCore] "C:\Program Files\Logitech\G-series Software\LGDCore.exe" /SHOWHIDE
O4 - HKLM\..\Run: [Launch LCDMon] "C:\Program Files\Logitech\G-series Software\LCDMon.exe"
O4 - HKLM\..\Run: [razer] C:\Program Files\Razer\Copperhead\razerhid.exe
O4 - HKLM\..\Run: [F-Secure Manager] "C:\Program Files\F-Secure\Common\FSM32.EXE" /splash
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_08\bin\jusched.exe"
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [McAfee.InstantUpdate.Monitor] "C:\Program Files\McAfee\McAfee Shared Components\Instant Updater\RuLaunch.exe" /STARTMONITOR
O4 - HKCU\..\Run: [STYLEXP] C:\Program Files\TGTSoft\StyleXP\StyleXP.exe -Hide
O4 - HKCU\..\Run: [CursorXP] C:\Program Files\CursorXP\CursorXP.exe
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [PeerGuardian] C:\Program Files\PeerGuardian2\pg2.exe
O4 - HKCU\..\Run: [PcSync] C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog
O4 - Startup: DUSuperControler.lnk = C:\Program Files\DU Super Controler\DUSuperControler.exe
O4 - Startup: Stardock ObjectDock.lnk = C:\Program Files\Stardock\ObjectDock\ObjectDock.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: DUSuperControler.lnk = C:\Program Files\DU Super Controler\DUSuperControler.exe
O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE
O8 - Extra context menu item: Vie Microsoft E&xceliin - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_08\bin\npjpi150_08.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_08\bin\npjpi150_08.dll
O9 - Extra button: Oheistiedot - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra button: PICgrabber - {4964E240-D53C-11D5-BDA9-444553540000} - C:\Program Files\PICgrabber\PICGRABBER.EXE (HKCU)
O9 - Extra 'Tools' menuitem: PICgrabber - Movie&Image Search/Download Software - {4964E240-D53C-11D5-BDA9-444553540000} - C:\Program Files\PICgrabber\PICGRABBER.EXE (HKCU)
O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab31267.cab
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/SSC/SharedContent/vc/bin/AvSniff.cab
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
O16 - DPF: {9D190AE6-C81E-4039-8061-978EBAD10073} (F-Secure Online Scanner 3.0) - http://support.f-secure.com/ols/fscax.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://messenger.zone.msn.com/binary/ZIntro.cab32846.cab
O16 - DPF: {BD393C14-72AD-4790-A095-76522973D6B8} (CBreakshotControl Class) - http://messenger.zone.msn.com/binary/Bankshot.cab31267.cab
O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/SolitaireShowdown.cab31267.cab
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O23 - Service: AVSync Manager (AvSynMgr) - Unknown owner - C:\Program Files\McAfee\McAfee VirusScan\Avsynmgr.exe (file missing)
O23 - Service: F-Secure BackWeb (BackWeb Client - 7681197) - Unknown owner - C:\PROGRA~1\F-Secure\BackWeb\7681197\Program\SERVIC~1.EXE
O23 - Service: ewido anti-spyware 4.0 guard - Anti-Malware Development a.s. - C:\Program Files\ewido anti-spyware 4.0\guard.exe
O23 - Service: F-Secure BackWeb LAN Access - Unknown owner - C:\Program Files\F-Secure\BackWeb\7681197\Program\fsbwlan.exe
O23 - Service: F-Secure Gatekeeper Handler Starter - F-Secure Corp. - C:\Program Files\F-Secure\Anti-Virus\fsgk32st.exe
O23 - Service: F-Secure Network Request Broker - F-Secure Corporation - C:\Program Files\F-Secure\Common\FNRB32.EXE
O23 - Service: F-Secure Authentication Agent (FSAA) - F-Secure Corporation. All Rights Reserved. - C:\Program Files\F-Secure\Common\FSAA.EXE
O23 - Service: F-Secure Management Agent (FSMA) - F-Secure Corporation - C:\Program Files\F-Secure\Common\FSMA32.EXE
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: InCD Helper (InCDsrv) - Nero AG - C:\Program Files\Nero\Nero 7\InCD\InCDsrv.exe
O23 - Service: McAfee Firewall - Unknown owner - C:\Program Files\McAfee\McAfee Firewall\CPD.EXE" /SERVICE (file missing)
O23 - Service: McShield - Unknown owner - C:\Program Files\Common Files\Network Associates\McShield\Mcshield.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Panda Process Protection Service (PavPrSrv) - Panda Software - C:\Program Files\Common Files\Panda Software\PavShld\pavprsrv.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\Common Files\PCSuite\Services\ServiceLayer.exe
O23 - Service: SmartLinkService (SLService) - - C:\WINDOWS\SYSTEM32\slserv.exe
O23 - Service: StarWind iSCSI Service (StarWindService) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
O23 - Service: StyleXPService - Unknown owner - C:\Program Files\TGTSoft\StyleXP\StyleXPService.exe

 

teitkö tuon Windows Registry Editor? Näyttää olevan vielä tuo HKLM\SOFTWARE\Altnet.Laita ewidon resident shield inactiveksi.

kokeillaan tuota
1. Lataa The Avenger (c) työpöydällesi.

• Klikkaa Avenger.zip filua avataksesi sen.
• Pura Avenger.exe työpöydällesi.

2. Kopioi kaikki teksti mustalla lainausboksissa alapuolella tyhjälle muistiolle:

Huomaa: yläpuolella oleva skripti on luotu erityisesti tälle käyttäjälle. Jos et ole tämä henkilö, ÄLÄ seuraa näitä ohjeita koska ne voisivat pilata koneesi toimintoja.

3. Nyt, aukaise The Avenger tupla-klikkaamalla sen kuvaketta pöydälläsi.

• "Script file to execute" alapuolelta valitse "Input Script Manually".
• Nyt klikkaa suurennuslasin kuvaa joka avaa uuden ikkunan nimeltä "View/edit script".
• Liitä se teksti jonka kopioit muistioon, tähän ikkunaan.
• Klikkaa Done.
• Nyt klikkaa vihreää valoa aloittaaksesi skriptin.
• Klikkaa "Yes" kun tulee kaksi varoitusboksia.

Avenger tekee automaattisesti seuraavat:

• Käynnistää koneesi. (Tapauksissa joissa skripti sisältää "Drivers to Unload" -komennon, Avenger käynnistää koneesi kaksi kertaa.)
• Käynnistyksen yhteydessä, se lyhyesti avaa mustan komentoikkunan työpöydällesi, tämä on normaalia.
• Käynnistyksen jälkeen, se luo lokitiedoston jonka pitäisi aueta Avengerin tekojen tuloksena. Tämän lokin tiedostopolku on C:\avenger.txt
• Avenger on myös tehnyt varmuuskopion kaikista tiedostoista jne.. jotka pyysit sen poistaa, ja on pakannut ja siirtänyt ne zip filuihin polussa C:\avenger\backup.zip.

5. Kopioi ja liitä kaikki sisältö tiedostosta avenger.txt vastaukseesi tuoreen HJT lokin mukana.

 

Logfile of The Avenger version 1, by Swandog46
Running from registry key:
\Registry\Machine\System\CurrentControlSet\Services\qcywyvek

*******************

Script file located at: \??\C:\Program Files\imcmekjr.txt
Script file opened successfully.

Script file read successfully

Backups directory opened successfully at C:\Avenger

*******************

Beginning to process script file:

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Altnet deleted successfully.

Completed script processing.

*******************

Finished! Terminate.


Logfile of HijackThis v1.99.1
Scan saved at 21:02:09, on 24.9.2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Nero\Nero 7\InCD\InCDsrv.exe
C:\Program Files\TGTSoft\StyleXP\StyleXPService.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\F-Secure\BackWeb\7681197\Program\SERVIC~1.EXE
C:\WINDOWS\Explorer.EXE
C:\Program Files\ewido anti-spyware 4.0\guard.exe
C:\Program Files\F-Secure\Anti-Virus\fsgk32st.exe
C:\Program Files\F-Secure\Anti-Virus\FSGK32.EXE
C:\Program Files\F-Secure\BackWeb\7681197\Program\BackWeb-7681197.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\F-Secure\Anti-Virus\fssm32.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\slserv.exe
C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\F-Secure\Common\FSMA32.EXE
C:\Program Files\F-Secure\Common\FSMB32.EXE
C:\Program Files\F-Secure\Common\FCH32.EXE
C:\Program Files\F-Secure\Common\FAMEH32.EXE
C:\WINDOWS\system32\RunDll32.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Common Files\PCSuite\DataLayer\DataLayer.exe
C:\Program Files\McAfee\McAfee Shared Components\Guardian\CMGrdian.exe
C:\WINDOWS\system32\LVCOMSX.EXE
C:\Program Files\Logitech\Video\LogiTray.exe
C:\Program Files\DAEMON Tools\daemon.exe
C:\Program Files\Nero\Nero 7\InCD\InCD.exe
C:\Program Files\Winamp\winampa.exe
C:\PROGRA~1\Nokia\NOKIAP~1\LAUNCH~1.EXE
C:\Program Files\Logitech\G-series Software\LGDCore.exe
C:\Program Files\Logitech\G-series Software\LCDMon.exe
C:\Program Files\Razer\Copperhead\razerhid.exe
C:\Program Files\F-Secure\Common\FSM32.EXE
C:\Program Files\Java\jre1.5.0_08\bin\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\McAfee\McAfee Shared Components\Instant Updater\RuLaunch.exe
C:\Program Files\Logitech\G-series Software\Applets\LCDCountdown\LCDCountdown.exe
C:\Program Files\Logitech\G-series Software\Applets\LCDPop3\LCDPOP3.exe
C:\Program Files\TGTSoft\StyleXP\StyleXP.exe
C:\Program Files\Logitech\G-series Software\Applets\LCDClock.exe
C:\Program Files\CursorXP\CursorXP.exe
C:\Documents and Settings\irwin\Omat tiedostot\okl\Kaikenlaista\G15NetSpeed\G15NetSpeed.exe
C:\Program Files\Common Files\Ahead\lib\NMBgMonitor.exe
C:\Program Files\PeerGuardian2\pg2.exe
C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe
C:\Program Files\McAfee\McAfee Firewall\CPD.EXE
C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
C:\Program Files\DU Super Controler\DUSuperControler.exe
C:\Program Files\DU Super Controler\DUSuperControler.exe
C:\Program Files\Logitech\Video\FxSvr2.exe
C:\Program Files\WinZip\WZQKPICK.EXE
C:\Program Files\Razer\Copperhead\razertra.exe
C:\WINDOWS\system32\notepad.exe
C:\Program Files\Razer\Copperhead\razerofa.exe
C:\Program Files\Stardock\ObjectDock\ObjectDock.exe
C:\Program Files\F-Secure\Common\FNRB32.EXE
C:\PROGRA~1\COMMON~1\Nokia\MPAPI\MPAPI3s.exe
C:\Program Files\McAfee\McAfee Firewall\CPD.EXE
C:\Program Files\F-Secure\Common\FIH32.EXE
C:\Program Files\F-Secure\Anti-Virus\fsav32.exe
C:\Program Files\Common Files\PCSuite\Services\ServiceLayer.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Opera\Opera.exe
C:\HJT\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Linkit
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_08\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [DataLayer] C:\Program Files\Common Files\PCSuite\DataLayer\DataLayer.exe
O4 - HKLM\..\Run: [McAfee Guardian] "C:\Program Files\McAfee\McAfee Shared Components\Guardian\CMGrdian.exe" /SU
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\system32\LVCOMSX.EXE
O4 - HKLM\..\Run: [LogitechVideoRepair] C:\Program Files\Logitech\Video\ISStart.exe
O4 - HKLM\..\Run: [LogitechVideoTray] C:\Program Files\Logitech\Video\LogiTray.exe
O4 - HKLM\..\Run: [LogonStudio] "C:\Program Files\WinCustomize\LogonStudio\logonstudio.exe" /RANDOM
O4 - HKLM\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [InCD] C:\Program Files\Nero\Nero 7\InCD\InCD.exe
O4 - HKLM\..\Run: [BootSkin Startup Jobs] "C:\PROGRA~1\Stardock\WINCUS~1\BootSkin\BootSkin.exe" /StartupJobs
O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe
O4 - HKLM\..\Run: [PCSuiteTrayApplication] C:\PROGRA~1\Nokia\NOKIAP~1\LAUNCH~1.EXE -startup
O4 - HKLM\..\Run: [Launch LGDCore] "C:\Program Files\Logitech\G-series Software\LGDCore.exe" /SHOWHIDE
O4 - HKLM\..\Run: [Launch LCDMon] "C:\Program Files\Logitech\G-series Software\LCDMon.exe"
O4 - HKLM\..\Run: [razer] C:\Program Files\Razer\Copperhead\razerhid.exe
O4 - HKLM\..\Run: [F-Secure Manager] "C:\Program Files\F-Secure\Common\FSM32.EXE" /splash
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_08\bin\jusched.exe"
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [McAfee.InstantUpdate.Monitor] "C:\Program Files\McAfee\McAfee Shared Components\Instant Updater\RuLaunch.exe" /STARTMONITOR
O4 - HKCU\..\Run: [STYLEXP] C:\Program Files\TGTSoft\StyleXP\StyleXP.exe -Hide
O4 - HKCU\..\Run: [CursorXP] C:\Program Files\CursorXP\CursorXP.exe
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [PeerGuardian] C:\Program Files\PeerGuardian2\pg2.exe
O4 - HKCU\..\Run: [PcSync] C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog
O4 - Startup: DUSuperControler.lnk = C:\Program Files\DU Super Controler\DUSuperControler.exe
O4 - Startup: Stardock ObjectDock.lnk = C:\Program Files\Stardock\ObjectDock\ObjectDock.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: DUSuperControler.lnk = C:\Program Files\DU Super Controler\DUSuperControler.exe
O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE
O8 - Extra context menu item: Vie Microsoft E&xceliin - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_08\bin\npjpi150_08.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_08\bin\npjpi150_08.dll
O9 - Extra button: Oheistiedot - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra button: PICgrabber - {4964E240-D53C-11D5-BDA9-444553540000} - C:\Program Files\PICgrabber\PICGRABBER.EXE (HKCU)
O9 - Extra 'Tools' menuitem: PICgrabber - Movie&Image Search/Download Software - {4964E240-D53C-11D5-BDA9-444553540000} - C:\Program Files\PICgrabber\PICGRABBER.EXE (HKCU)
O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab31267.cab
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/SSC/SharedContent/vc/bin/AvSniff.cab
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
O16 - DPF: {9D190AE6-C81E-4039-8061-978EBAD10073} (F-Secure Online Scanner 3.0) - http://support.f-secure.com/ols/fscax.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://messenger.zone.msn.com/binary/ZIntro.cab32846.cab
O16 - DPF: {BD393C14-72AD-4790-A095-76522973D6B8} (CBreakshotControl Class) - http://messenger.zone.msn.com/binary/Bankshot.cab31267.cab
O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/SolitaireShowdown.cab31267.cab
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O23 - Service: AVSync Manager (AvSynMgr) - Unknown owner - C:\Program Files\McAfee\McAfee VirusScan\Avsynmgr.exe (file missing)
O23 - Service: F-Secure BackWeb (BackWeb Client - 7681197) - Unknown owner - C:\PROGRA~1\F-Secure\BackWeb\7681197\Program\SERVIC~1.EXE
O23 - Service: ewido anti-spyware 4.0 guard - Anti-Malware Development a.s. - C:\Program Files\ewido anti-spyware 4.0\guard.exe
O23 - Service: F-Secure BackWeb LAN Access - Unknown owner - C:\Program Files\F-Secure\BackWeb\7681197\Program\fsbwlan.exe
O23 - Service: F-Secure Gatekeeper Handler Starter - F-Secure Corp. - C:\Program Files\F-Secure\Anti-Virus\fsgk32st.exe
O23 - Service: F-Secure Network Request Broker - F-Secure Corporation - C:\Program Files\F-Secure\Common\FNRB32.EXE
O23 - Service: F-Secure Authentication Agent (FSAA) - F-Secure Corporation. All Rights Reserved. - C:\Program Files\F-Secure\Common\FSAA.EXE
O23 - Service: F-Secure Management Agent (FSMA) - F-Secure Corporation - C:\Program Files\F-Secure\Common\FSMA32.EXE
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: InCD Helper (InCDsrv) - Nero AG - C:\Program Files\Nero\Nero 7\InCD\InCDsrv.exe
O23 - Service: McAfee Firewall - Unknown owner - C:\Program Files\McAfee\McAfee Firewall\CPD.EXE" /SERVICE (file missing)
O23 - Service: McShield - Unknown owner - C:\Program Files\Common Files\Network Associates\McShield\Mcshield.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Panda Process Protection Service (PavPrSrv) - Panda Software - C:\Program Files\Common Files\Panda Software\PavShld\pavprsrv.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\Common Files\PCSuite\Services\ServiceLayer.exe
O23 - Service: SmartLinkService (SLService) - - C:\WINDOWS\SYSTEM32\slserv.exe
O23 - Service: StarWind iSCSI Service (StarWindService) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
O23 - Service: StyleXPService - Unknown owner - C:\Program Files\TGTSoft\StyleXP\StyleXPService.exe

 

Hannu on lomilla,en nää logissa enää mitään ja Avenger poisti sen rekisteriavaimen.
Jos sulla on 2 antivirusta käynnissä McAfee ja F-secure ,niin sammuta toinen niistä

 

joo nyt kyllä toimiiki eikä tuu enää mitään ylimääräsiä mainoksia ku avaa netin.. SUURET KIITOKSET!