Kone taas sekasi joten - Hjt -logi

Viestiketju Virukset ja haittaohjelmat - HijackThis -logit -osiossa. Ketjun avasi TooMuch 20.07.2006.

Viestiketjun tila:
Viestiketju on suljettu.
  1. TooMuch

    TooMuch Regular member

    Liittynyt:
    23.08.2004
    Viestejä:
    116
    Kiitokset:
    0
    Pisteet:
    26
    Elikkä mainos pop-uppeja ponnahtelee vähän väliä vaikka ei olisi selain auki jne. joten tässäpä hjt -logi:

    Logfile of HijackThis v1.99.1
    Scan saved at 11:54:28, on 20.7.2006
    Platform: Windows XP (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP1 (6.00.2600.0000)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\logonui.exe
    C:\WINDOWS\system32\LEXBCES.EXE
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\system32\LEXPPS.EXE
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\SOUNDMAN.EXE
    C:\Program Files\ahead\InCD\InCD.exe
    C:\PROGRA~1\MICROS~2\GAMECO~1\Common\SWTrayV4.exe
    C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
    C:\Program Files\Lexmark X1100 Series\lxbkbmgr.exe
    C:\Program Files\MessengerPlus! 3\MsgPlus.exe
    C:\Program Files\QuickTime\qttask.exe
    C:\WINDOWS\System32\RUNDLL32.EXE
    C:\Program Files\Winamp\winampa.exe
    C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
    C:\WINDOWS\System32\vclacuhg.exe
    C:\Program Files\Common Files\Real\Update_OB\realsched.exe
    C:\Program Files\D-Tools\daemon.exe
    C:\Program Files\webHancer\Programs\whagent.exe
    C:\Program Files\webHancer\Programs\whsurvey.exe
    C:\Program Files\ipwins\ipwins.exe
    C:\WINDOWS\System32\ctfmon.exe
    C:\Program Files\Yak!\Yak.exe
    C:\Documents and Settings\Manninen\Local Settings\Application Data\961a5975.exe
    C:\Program Files\Common Files\svchostsys\svchostsys.exe
    C:\PROGRA~1\COMMON~1\qiwo\qiwom.exe
    C:\Program Files\WIDCOMM\Bluetooth-ohjelmisto\BTTray.exe
    C:\Program Files\Ulead Systems\Ulead Photo Express 4.0 SE\CalCheck.exe
    C:\WINDOWS\wt\wcmdmgr.exe
    C:\Program Files\USB Phone\USB Driver\USB Phone Driver.exe
    C:\Program Files\Zone Labs\ZoneAlarm\zapro.exe
    C:\Program Files\Lexmark X1100 Series\lxbkbmon.exe
    C:\PROGRA~1\COMMON~1\qiwo\qiwoa.exe
    C:\WINDOWS\System32\jntfctun.exe
    C:\Program Files\WIDCOMM\Bluetooth-ohjelmisto\bin\btwdins.exe
    C:\WINDOWS\TWF0dGkgTWFubmluZW4\command.exe
    C:\Program Files\ewido\security suite\ewidoctrl.exe
    C:\Program Files\TClock\TClock.exe
    C:\Program Files\CA\SharedComponents\CA_LIC\LogWatNT.exe
    C:\Program Files\Network Monitor\netmon.exe
    C:\WINDOWS\System32\nvsvc32.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\System32\UAService7.exe
    C:\WINDOWS\system32\ZoneLabs\vsmon.exe
    C:\Program Files\Windows Media Player\mpvis.exe
    C:\WINDOWS\System32\wuauclt.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Program Files\MSN Messenger\msnmsgr.exe
    C:\Program Files\Internet Explorer\IEXPLORE.EXE
    C:\PROGRA~1\COMMON~1\MICROS~1\Msinfo\OFFPROV.EXE
    C:\hjt\HijackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.dnainternet.fi/
    O1 - Hosts: localhost 127.0.0.1
    O2 - BHO: WhIeHelperObj Class - {c900b400-cdfe-11d3-976a-00e02913a9e0} - C:\Program Files\webHancer\programs\whiehlpr.dll
    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
    O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
    O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
    O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb02.exe
    O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\NeroCheck.exe
    O4 - HKLM\..\Run: [InCD] C:\Program Files\ahead\InCD\InCD.exe
    O4 - HKLM\..\Run: [SideWinderTrayV4] C:\PROGRA~1\MICROS~2\GAMECO~1\Common\SWTrayV4.exe
    O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
    O4 - HKLM\..\Run: [Lexmark X1100 Series] "C:\Program Files\Lexmark X1100 Series\lxbkbmgr.exe"
    O4 - HKLM\..\Run: [wcmdmgr] C:\WINDOWS\wt\wcmdmgrl.exe -launch
    O4 - HKLM\..\Run: [MessengerPlus3] "C:\Program Files\MessengerPlus! 3\MsgPlus.exe"
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit
    O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe
    O4 - HKLM\..\Run: [ControlPanel] C:\WINDOWS\System32\private.exe internat.dll,LoadMouseCarpetProfile
    O4 - HKLM\..\Run: [ISUSPM Startup] "C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" -startup
    O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
    O4 - HKLM\..\Run: [vclacuhg] C:\WINDOWS\System32\vclacuhg.exe
    O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
    O4 - HKLM\..\Run: [961a5975.exe] C:\WINDOWS\System32\961a5975.exe
    O4 - HKLM\..\Run: [DAEMON Tools-1033] "C:\Program Files\D-Tools\daemon.exe" -lang 1033
    O4 - HKLM\..\Run: [defender] C:\\dfndra_1.exe
    O4 - HKLM\..\Run: [keyboard] C:\\kybrd_1.exe
    O4 - HKLM\..\Run: [newname] C:\\nwnm_1.exe
    O4 - HKLM\..\Run: [webHancer Agent] C:\Program Files\webHancer\Programs\whagent.exe
    O4 - HKLM\..\Run: [webHancer Survey Companion] C:\Program Files\webHancer\Programs\whsurvey.exe
    O4 - HKLM\..\Run: [IpWins] C:\Program Files\ipwins\ipwins.exe
    O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe
    O4 - HKCU\..\Run: [modex] C:\WINDOWS\System32\modex.exe
    O4 - HKCU\..\Run: [Yak!] C:\Program Files\Yak!\Yak.exe
    O4 - HKCU\..\Run: [vclacuhg] C:\WINDOWS\System32\vclacuhg.exe
    O4 - HKCU\..\Run: [961a5975.exe] C:\Documents and Settings\Manninen\Local Settings\Application Data\961a5975.exe
    O4 - HKCU\..\Run: [sys_up1] C:\Program Files\Common Files\svchostsys\svchostsys.exe
    O4 - HKCU\..\Run: [qiwo] C:\PROGRA~1\COMMON~1\qiwo\qiwom.exe
    O4 - HKCU\..\Run: [TClock.exe] C:\Program Files\TClock\tclock_install.exe
    O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
    O4 - Global Startup: BTTray.lnk = ?
    O4 - Global Startup: Ulead Photo Express 4.0 SE Calendar Checker .lnk = C:\Program Files\Ulead Systems\Ulead Photo Express 4.0 SE\CalCheck.exe
    O4 - Global Startup: USB Phone Driver Startup.lnk = ?
    O4 - Global Startup: ZoneAlarm Pro.lnk = C:\Program Files\Zone Labs\ZoneAlarm\zapro.exe
    O8 - Extra context menu item: Download &All by FD - C:\Program Files\FreshDevices\FreshDownload\fdiectx2.htm
    O8 - Extra context menu item: Download with &FD - C:\Program Files\FreshDevices\FreshDownload\fdiectx.htm
    O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MI1933~1\OFFICE11\EXCEL.EXE/3000
    O8 - Extra context menu item: Lähetä &Bluetooth-laitteeseen - C:\Program Files\WIDCOMM\Bluetooth-ohjelmisto\btsendto_ie_ctx.htm
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
    O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MI1933~1\OFFICE11\REFIEBAR.DLL
    O9 - Extra button: Researcher - {9455301C-CF6B-11D3-A266-00C04F689C50} - C:\Program Files\Common Files\Microsoft Shared\Reference 2001\EROProj.dll
    O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth-ohjelmisto\btsendto_ie.htm
    O9 - Extra 'Tools' menuitem: @btrez.dll,-4017 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth-ohjelmisto\btsendto_ie.htm
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
    O9 - Extra button: Tuki - {03D1C9E4-278C-4D5C-A0A4-B7CD0A74CD94} - http://tuki.elisa.net/ (file missing) (HKCU)
    O9 - Extra button: SMS-viesti - {29EDF730-43EA-45F0-A446-0934AF879926} - http://sms.kolumbus.fi/ (file missing) (HKCU)
    O9 - Extra button: Palvelut - {DD404E7A-1755-4083-B78D-03A537C66F16} - http://service.kolumbus.fi/ (file missing) (HKCU)
    O10 - Hijacked Internet access by WebHancer
    O10 - Hijacked Internet access by WebHancer
    O10 - Hijacked Internet access by WebHancer
    O12 - Plugin for .pdf: C:\Program Files\Internet Explorer\PLUGINS\nppdf32.dll
    O14 - IERESET.INF: START_PAGE_URL=http://elisa.net/
    O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} - http://ak.imgfarm.com/images/nocache/funwebproducts/ei/HistorySwatterFWBInitialSetup1.0.0.15.cab
    O16 - DPF: {42F2C9BA-614F-47C0-B3E3-ECFD34EED658} - http://promo.dollarrevenue.com/activex/promocache/3130302D2D2D.exe
    O16 - DPF: {DECEAAA2-370A-49BB-9362-68C3A58DDC62} (SAIX) - http://static.zangocash.com/cab/Zan...b3ad7583cce2:86ce58ef4ad882ce96e46115b5703919
    O17 - HKLM\System\CCS\Services\Tcpip\..\{0D41412C-FA8E-4A6F-9CCE-C9DB02D522F5}: NameServer = 85.255.113.126,85.255.112.102
    O17 - HKLM\System\CCS\Services\Tcpip\..\{35183CD9-48CB-48EC-BDBF-39C081545BA4}: NameServer = 85.255.113.126,85.255.112.102
    O17 - HKLM\System\CCS\Services\Tcpip\..\{405E2D66-B7DF-4E2A-BC46-9568956B9672}: NameServer = 85.255.113.126,85.255.112.102
    O17 - HKLM\System\CCS\Services\Tcpip\..\{4A8807AF-9233-4CF8-976C-F30013E39665}: NameServer = 85.255.113.126,85.255.112.102
    O17 - HKLM\System\CCS\Services\Tcpip\..\{7E3E0AA6-44DA-4572-AB2E-C07F98AB1D69}: NameServer = 85.255.113.126 85.255.112.102
    O17 - HKLM\System\CCS\Services\Tcpip\..\{813805FE-494E-44BE-B590-29FD1D24CA4A}: NameServer = 85.255.113.126,85.255.112.102
    O17 - HKLM\System\CCS\Services\Tcpip\..\{CA554C8F-D8DA-4C44-B65A-ED5C9AF5A22D}: NameServer = 85.255.113.126,85.255.112.102
    O17 - HKLM\System\CCS\Services\Tcpip\..\{D39B307B-0559-45E7-9851-B0463A07B8C0}: NameServer = 85.255.113.126,85.255.112.102
    O17 - HKLM\System\CCS\Services\Tcpip\..\{D563BC21-0200-452B-90EA-E990DB60F793}: NameServer = 85.255.113.126,85.255.112.102
    O17 - HKLM\System\CS2\Services\Tcpip\..\{0D41412C-FA8E-4A6F-9CCE-C9DB02D522F5}: NameServer = 85.255.113.126,85.255.112.102
    O17 - HKLM\System\CS3\Services\Tcpip\..\{0D41412C-FA8E-4A6F-9CCE-C9DB02D522F5}: NameServer = 85.255.113.126,85.255.112.102
    O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
    O18 - Protocol: widimg - {EE7C2AFF-5742-44FF-BD0E-E521B0D3C3BA} - C:\WINDOWS\System32\btxppanel.dll
    O20 - Winlogon Notify: StillImage - C:\WINDOWS\system32\gpr0l39m1.dll (file missing)
    O21 - SSODL: IEFilter - {AB8B669D-1611-44DE-B432-9C0F8C3028BE} - C:\WINDOWS\system32\IEFilter.dll
    O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\WIDCOMM\Bluetooth-ohjelmisto\bin\btwdins.exe
    O23 - Service: CA License Client (CA_LIC_CLNT) - Computer Associates - C:\Program Files\CA\SharedComponents\CA_LIC\lic98rmt.exe
    O23 - Service: CA License Server (CA_LIC_SRVR) - Computer Associates - C:\Program Files\CA\SharedComponents\CA_LIC\lic98rmtd.exe
    O23 - Service: Command Service (cmdService) - Unknown owner - C:\WINDOWS\TWF0dGkgTWFubmluZW4\command.exe
    O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido\security suite\ewidoctrl.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
    O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
    O23 - Service: Event Log Watch (LogWatch) - Computer Associates - C:\Program Files\CA\SharedComponents\CA_LIC\LogWatNT.exe
    O23 - Service: Macromedia Licensing Service - Unknown owner - C:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe
    O23 - Service: Network Monitor - Unknown owner - C:\Program Files\Network Monitor\netmon.exe
    O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
    O23 - Service: SecuROM User Access Service (V7) (UserAccess7) - Sony DADC Austria AG. - C:\WINDOWS\System32\UAService7.exe
    O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs Inc. - C:\WINDOWS\system32\ZoneLabs\vsmon.exe
     
  2.  
  3. Jurppis

    Jurppis Regular member

    Liittynyt:
    22.02.2006
    Viestejä:
    659
    Kiitokset:
    0
    Pisteet:
    26
    Sulla on aika reippaasti haittaohjelmia, mutta alotellaan tällä:

    Lataa fixwareout.exe täältä > http://downloads.subratam.org/Fixwareout.exe
    tai täältä >
    http://www.bleepingcomputer.com/files/lonny/Fixwareout.exe
    ja tallenna se työpöydälle. Tuplaklikkaa sitä ja seuraa ohjeita. Klikkaa Next, sitten Install ja varmistu, että "Run fixit" on valittu. Sinun pitää käynnistää kone uudelleen, kun niin käsketään.



    Lataa tuosta Look2Me-Destroyer.exe työpöydällesi.
    http://www.atribune.org/ccount/click.php?id=7

    TÄRKEÄÄ: Ennen fixin jatkamista, sinun täytyy tehdä seuraavat:


    Tulosta tämä, tai tallenna tekstitiedostona sopivaan sijaintiin.
    Klikkaa käynnistä -> Suorita ja kirjoita: services.msc
    Klikkaa OK.
    Tarkista että tämä palvelu on käynnissä tai sen käynnistymistapa on automaattinen:
    Toissijainen kirjautuminen
    Seuraavaksi tietokoneesi on oltava offlinessa, vedä nettipiuha seinästä jos tarpeen.
    Virustorjuntasi, ja kaikkien muiden turvaohjelmistojen TÄYTYY olla suljettuja.


    Jatka fixiä:

    Sulje ikkunat jatkaaksesi.
    Tupla-klikkaa Look2Me-Destroyer.exe filua ajaaksesi sen.
    Rastita Run this program as a task.
    Saat viestin joka sanoo "Look2Me-Destroyer will close and re-open in approximately 1 minute". Klikkaa OK
    Kun se avautuu uudestaan, klikkaa Scan for L2M valintaa, pikakuvakkeesi katoavat; tämä on normaalia.
    Kun skannaus on valmis, klikkaa Remove L2M.
    Saat Done Scanning viestin, klikkaa OK.
    Kun valmis, saat tämän viestin: Done removing infected files! Look2Me-Destroyer will now shutdown your computer, klikkaa OK.
    Koneesi sammuu.
    Käynnistä se uudelleen.
    Postita C:\Look2Me-Destroyer.txt lokin sisältö seuraavaan viestiisi.

    Jos Look2Me-Destroyer ei aukea automaattisesi, käynnistä tietokoneesi uudestaan ja koita uudelleen.

    Eli lähetä uusi HijackThis loki sekä c:\fixwareout\report.txt sisältö ja C:\Look2Me-Destroyer.txt sisältö.
     
  4. TooMuch

    TooMuch Regular member

    Liittynyt:
    23.08.2004
    Viestejä:
    116
    Kiitokset:
    0
    Pisteet:
    26
    No niin, tässäpä tulee sitten logia ja reporttia yms...

    [bold]HJT:[/bold]

    Logfile of HijackThis v1.99.1
    Scan saved at 19:29:24, on 20.7.2006
    Platform: Windows XP (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP1 (6.00.2600.0000)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\LEXBCES.EXE
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\system32\LEXPPS.EXE
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\System32\jntfctun.exe
    C:\Program Files\WIDCOMM\Bluetooth-ohjelmisto\bin\btwdins.exe
    C:\Program Files\ewido\security suite\ewidoctrl.exe
    C:\Program Files\CA\SharedComponents\CA_LIC\LogWatNT.exe
    C:\Program Files\Network Monitor\netmon.exe
    C:\WINDOWS\System32\nvsvc32.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\System32\UAService7.exe
    C:\WINDOWS\SOUNDMAN.EXE
    C:\Program Files\ahead\InCD\InCD.exe
    C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
    C:\Program Files\Lexmark X1100 Series\lxbkbmgr.exe
    C:\Program Files\MessengerPlus! 3\MsgPlus.exe
    C:\Program Files\QuickTime\qttask.exe
    C:\WINDOWS\System32\RUNDLL32.EXE
    C:\Program Files\Winamp\winampa.exe
    C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
    C:\WINDOWS\System32\vclacuhg.exe
    C:\Program Files\Common Files\Real\Update_OB\realsched.exe
    C:\WINDOWS\System32\961a5975.exe
    C:\Program Files\D-Tools\daemon.exe
    C:\Program Files\webHancer\Programs\whagent.exe
    C:\Program Files\webHancer\Programs\whsurvey.exe
    C:\Program Files\ipwins\ipwins.exe
    C:\WINDOWS\System32\ctfmon.exe
    C:\Program Files\Yak!\Yak.exe
    C:\Program Files\Common Files\svchostsys\svchostsys.exe
    C:\PROGRA~1\COMMON~1\qiwo\qiwom.exe
    C:\Program Files\Lexmark X1100 Series\lxbkbmon.exe
    C:\WINDOWS\wt\wcmdmgr.exe
    C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
    C:\Program Files\WIDCOMM\Bluetooth-ohjelmisto\BTTray.exe
    C:\PROGRA~1\COMMON~1\qiwo\qiwoa.exe
    C:\Program Files\Ulead Systems\Ulead Photo Express 4.0 SE\CalCheck.exe
    C:\Program Files\TClock\TClock.exe
    C:\Program Files\USB Phone\USB Driver\USB Phone Driver.exe
    C:\Program Files\Life For Today\wuninstall.exe
    C:\Program Files\Zone Labs\ZoneAlarm\zapro.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\WINDOWS\system32\ZoneLabs\vsmon.exe
    C:\PROGRA~1\COMMON~1\qiwo\qiwol.exe
    C:\WINDOWS\System32\wuauclt.exe
    C:\WINDOWS\System32\wuauclt.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\hjt\HijackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.dnainternet.fi/
    O2 - BHO: WhIeHelperObj Class - {c900b400-cdfe-11d3-976a-00e02913a9e0} - C:\Program Files\webHancer\programs\whiehlpr.dll
    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
    O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
    O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
    O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb02.exe
    O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\NeroCheck.exe
    O4 - HKLM\..\Run: [InCD] C:\Program Files\ahead\InCD\InCD.exe
    O4 - HKLM\..\Run: [SideWinderTrayV4] C:\PROGRA~1\MICROS~2\GAMECO~1\Common\SWTrayV4.exe
    O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
    O4 - HKLM\..\Run: [Lexmark X1100 Series] "C:\Program Files\Lexmark X1100 Series\lxbkbmgr.exe"
    O4 - HKLM\..\Run: [wcmdmgr] C:\WINDOWS\wt\wcmdmgrl.exe -launch
    O4 - HKLM\..\Run: [MessengerPlus3] "C:\Program Files\MessengerPlus! 3\MsgPlus.exe"
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit
    O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe
    O4 - HKLM\..\Run: [ISUSPM Startup] "C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" -startup
    O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
    O4 - HKLM\..\Run: [vclacuhg] C:\WINDOWS\System32\vclacuhg.exe
    O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
    O4 - HKLM\..\Run: [961a5975.exe] C:\WINDOWS\System32\961a5975.exe
    O4 - HKLM\..\Run: [DAEMON Tools-1033] "C:\Program Files\D-Tools\daemon.exe" -lang 1033
    O4 - HKLM\..\Run: [defender] C:\\dfndra_1.exe
    O4 - HKLM\..\Run: [keyboard] C:\\kybrd_1.exe
    O4 - HKLM\..\Run: [newname] C:\\nwnm_1.exe
    O4 - HKLM\..\Run: [webHancer Agent] C:\Program Files\webHancer\Programs\whagent.exe
    O4 - HKLM\..\Run: [webHancer Survey Companion] C:\Program Files\webHancer\Programs\whsurvey.exe
    O4 - HKLM\..\Run: [IpWins] C:\Program Files\ipwins\ipwins.exe
    O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe
    O4 - HKCU\..\Run: [modex] C:\WINDOWS\System32\modex.exe
    O4 - HKCU\..\Run: [Yak!] C:\Program Files\Yak!\Yak.exe
    O4 - HKCU\..\Run: [vclacuhg] C:\WINDOWS\System32\vclacuhg.exe
    O4 - HKCU\..\Run: [961a5975.exe] C:\Documents and Settings\Manninen\Local Settings\Application Data\961a5975.exe
    O4 - HKCU\..\Run: [sys_up1] C:\Program Files\Common Files\svchostsys\svchostsys.exe
    O4 - HKCU\..\Run: [qiwo] C:\PROGRA~1\COMMON~1\qiwo\qiwom.exe
    O4 - HKCU\..\Run: [TClock.exe] C:\Program Files\TClock\tclock_install.exe
    O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
    O4 - Global Startup: BTTray.lnk = ?
    O4 - Global Startup: Ulead Photo Express 4.0 SE Calendar Checker .lnk = C:\Program Files\Ulead Systems\Ulead Photo Express 4.0 SE\CalCheck.exe
    O4 - Global Startup: USB Phone Driver Startup.lnk = ?
    O4 - Global Startup: ZoneAlarm Pro.lnk = C:\Program Files\Zone Labs\ZoneAlarm\zapro.exe
    O8 - Extra context menu item: Download &All by FD - C:\Program Files\FreshDevices\FreshDownload\fdiectx2.htm
    O8 - Extra context menu item: Download with &FD - C:\Program Files\FreshDevices\FreshDownload\fdiectx.htm
    O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MI1933~1\OFFICE11\EXCEL.EXE/3000
    O8 - Extra context menu item: Lähetä &Bluetooth-laitteeseen - C:\Program Files\WIDCOMM\Bluetooth-ohjelmisto\btsendto_ie_ctx.htm
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
    O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MI1933~1\OFFICE11\REFIEBAR.DLL
    O9 - Extra button: Researcher - {9455301C-CF6B-11D3-A266-00C04F689C50} - C:\Program Files\Common Files\Microsoft Shared\Reference 2001\EROProj.dll
    O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth-ohjelmisto\btsendto_ie.htm
    O9 - Extra 'Tools' menuitem: @btrez.dll,-4017 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth-ohjelmisto\btsendto_ie.htm
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
    O9 - Extra button: Tuki - {03D1C9E4-278C-4D5C-A0A4-B7CD0A74CD94} - http://tuki.elisa.net/ (file missing) (HKCU)
    O9 - Extra button: SMS-viesti - {29EDF730-43EA-45F0-A446-0934AF879926} - http://sms.kolumbus.fi/ (file missing) (HKCU)
    O9 - Extra button: Palvelut - {DD404E7A-1755-4083-B78D-03A537C66F16} - http://service.kolumbus.fi/ (file missing) (HKCU)
    O10 - Hijacked Internet access by WebHancer
    O10 - Hijacked Internet access by WebHancer
    O10 - Hijacked Internet access by WebHancer
    O12 - Plugin for .pdf: C:\Program Files\Internet Explorer\PLUGINS\nppdf32.dll
    O14 - IERESET.INF: START_PAGE_URL=http://elisa.net/
    O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} - http://ak.imgfarm.com/images/nocache/funwebproducts/ei/HistorySwatterFWBInitialSetup1.0.0.15.cab
    O16 - DPF: {42F2C9BA-614F-47C0-B3E3-ECFD34EED658} - http://promo.dollarrevenue.com/activex/promocache/3130302D2D2D.exe
    O16 - DPF: {DECEAAA2-370A-49BB-9362-68C3A58DDC62} (SAIX) - http://static.zangocash.com/cab/Zan...b3ad7583cce2:86ce58ef4ad882ce96e46115b5703919
    O17 - HKLM\System\CCS\Services\Tcpip\..\{0D41412C-FA8E-4A6F-9CCE-C9DB02D522F5}: NameServer = 85.255.113.126,85.255.112.102
    O17 - HKLM\System\CCS\Services\Tcpip\..\{35183CD9-48CB-48EC-BDBF-39C081545BA4}: NameServer = 85.255.113.126,85.255.112.102
    O17 - HKLM\System\CCS\Services\Tcpip\..\{405E2D66-B7DF-4E2A-BC46-9568956B9672}: NameServer = 85.255.113.126,85.255.112.102
    O17 - HKLM\System\CCS\Services\Tcpip\..\{4A8807AF-9233-4CF8-976C-F30013E39665}: NameServer = 85.255.113.126,85.255.112.102
    O17 - HKLM\System\CCS\Services\Tcpip\..\{7E3E0AA6-44DA-4572-AB2E-C07F98AB1D69}: NameServer = 85.255.113.126 85.255.112.102
    O17 - HKLM\System\CCS\Services\Tcpip\..\{813805FE-494E-44BE-B590-29FD1D24CA4A}: NameServer = 85.255.113.126,85.255.112.102
    O17 - HKLM\System\CCS\Services\Tcpip\..\{CA554C8F-D8DA-4C44-B65A-ED5C9AF5A22D}: NameServer = 85.255.113.126,85.255.112.102
    O17 - HKLM\System\CCS\Services\Tcpip\..\{D39B307B-0559-45E7-9851-B0463A07B8C0}: NameServer = 85.255.113.126,85.255.112.102
    O17 - HKLM\System\CCS\Services\Tcpip\..\{D563BC21-0200-452B-90EA-E990DB60F793}: NameServer = 85.255.113.126,85.255.112.102
    O17 - HKLM\System\CS2\Services\Tcpip\..\{0D41412C-FA8E-4A6F-9CCE-C9DB02D522F5}: NameServer = 85.255.113.126,85.255.112.102
    O17 - HKLM\System\CS3\Services\Tcpip\..\{0D41412C-FA8E-4A6F-9CCE-C9DB02D522F5}: NameServer = 85.255.113.126,85.255.112.102
    O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
    O18 - Protocol: widimg - {EE7C2AFF-5742-44FF-BD0E-E521B0D3C3BA} - C:\WINDOWS\System32\btxppanel.dll
    O21 - SSODL: IEFilter - {AB8B669D-1611-44DE-B432-9C0F8C3028BE} - C:\WINDOWS\system32\IEFilter.dll
    O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\WIDCOMM\Bluetooth-ohjelmisto\bin\btwdins.exe
    O23 - Service: CA License Client (CA_LIC_CLNT) - Computer Associates - C:\Program Files\CA\SharedComponents\CA_LIC\lic98rmt.exe
    O23 - Service: CA License Server (CA_LIC_SRVR) - Computer Associates - C:\Program Files\CA\SharedComponents\CA_LIC\lic98rmtd.exe
    O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido\security suite\ewidoctrl.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
    O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
    O23 - Service: Event Log Watch (LogWatch) - Computer Associates - C:\Program Files\CA\SharedComponents\CA_LIC\LogWatNT.exe
    O23 - Service: Macromedia Licensing Service - Unknown owner - C:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe
    O23 - Service: Network Monitor - Unknown owner - C:\Program Files\Network Monitor\netmon.exe
    O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
    O23 - Service: SecuROM User Access Service (V7) (UserAccess7) - Sony DADC Austria AG. - C:\WINDOWS\System32\UAService7.exe
    O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs Inc. - C:\WINDOWS\system32\ZoneLabs\vsmon.exe



    [bold]Fixwareout:[/bold]


    Fixwareout ver 1.003
    Last edited 07/1/2006
    Post this report in the forums please

    Reg Entries that were deleted
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\repiwoh
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Urls\repiwoh
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Urls\ypszr
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Urls\daolnwodi
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Urls\putesprpgd
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Urls\lavinraCputeS
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Urls\x0brks
    ...

    Random Runs removed from HKLM
    ...

    PLEASE NOTE, There WILL be LEGIT FILES LISTED. IF YOU ARE UNSURE OF WHAT IT IS LEAVE THEM ALONE.
    Example ipsec6.exe is legitimate

    »»»»» Search by size and names...

    »»»»» Misc files

    »»»»» Checking for older varients covered by the Rem3 tool
    C:\WINDOWS\System32\service.exe

    »»»»»
    Search five digit cs, dm and jb files
    This WILL/CAN also list Legit Files, Submit them at Virustotal
    Other suspects
    Directory of C:\WINDOWS\system32


    Look2Me-Destroyer:


    [bold]Look2Me-Destroyer V1.0.12[/bold]

    Scanning for infected files.....
    Scan started at 20.7.2006 19:16:35

    Infected! C:\WINDOWS\system32\gpr0l39m1.dll
    Infected! C:\System Volume Information\_restore{5BEEC213-22A6-4972-AA81-B2A0FD83A0F8}\RP428\A0348609.dll
    Infected! C:\System Volume Information\_restore{5BEEC213-22A6-4972-AA81-B2A0FD83A0F8}\RP428\A0348620.dll
    Infected! C:\System Volume Information\_restore{5BEEC213-22A6-4972-AA81-B2A0FD83A0F8}\RP428\A0348635.dll
    Infected! C:\System Volume Information\_restore{5BEEC213-22A6-4972-AA81-B2A0FD83A0F8}\RP428\A0348648.dll
    Infected! C:\System Volume Information\_restore{5BEEC213-22A6-4972-AA81-B2A0FD83A0F8}\RP428\A0348658.dll
    Infected! C:\System Volume Information\_restore{5BEEC213-22A6-4972-AA81-B2A0FD83A0F8}\RP428\A0348661.dll
    Infected! C:\System Volume Information\_restore{5BEEC213-22A6-4972-AA81-B2A0FD83A0F8}\RP428\A0349672.dll
    Infected! C:\System Volume Information\_restore{5BEEC213-22A6-4972-AA81-B2A0FD83A0F8}\RP428\A0349686.dll
    Infected! C:\System Volume Information\_restore{5BEEC213-22A6-4972-AA81-B2A0FD83A0F8}\RP428\A0349726.dll
    Infected! C:\System Volume Information\_restore{5BEEC213-22A6-4972-AA81-B2A0FD83A0F8}\RP428\A0349758.dll
    Infected! C:\System Volume Information\_restore{5BEEC213-22A6-4972-AA81-B2A0FD83A0F8}\RP428\A0349804.dll
    Infected! C:\System Volume Information\_restore{5BEEC213-22A6-4972-AA81-B2A0FD83A0F8}\RP428\A0349823.dll
    Infected! C:\System Volume Information\_restore{5BEEC213-22A6-4972-AA81-B2A0FD83A0F8}\RP428\A0350833.dll
    Infected! C:\System Volume Information\_restore{5BEEC213-22A6-4972-AA81-B2A0FD83A0F8}\RP428\A0350841.dll
    Infected! C:\System Volume Information\_restore{5BEEC213-22A6-4972-AA81-B2A0FD83A0F8}\RP430\A0354524.dll
    Infected! C:\System Volume Information\_restore{5BEEC213-22A6-4972-AA81-B2A0FD83A0F8}\RP430\A0354525.dll
    Infected! C:\System Volume Information\_restore{5BEEC213-22A6-4972-AA81-B2A0FD83A0F8}\RP430\A0354526.dll
    Infected! C:\System Volume Information\_restore{5BEEC213-22A6-4972-AA81-B2A0FD83A0F8}\RP430\A0355560.dll
    Infected! C:\System Volume Information\_restore{5BEEC213-22A6-4972-AA81-B2A0FD83A0F8}\RP430\A0357575.dll
    Infected! C:\System Volume Information\_restore{5BEEC213-22A6-4972-AA81-B2A0FD83A0F8}\RP430\A0357600.dll
    Infected! C:\System Volume Information\_restore{5BEEC213-22A6-4972-AA81-B2A0FD83A0F8}\RP430\A0357626.dll
    Infected! C:\System Volume Information\_restore{5BEEC213-22A6-4972-AA81-B2A0FD83A0F8}\RP430\A0357634.dll
    Infected! C:\System Volume Information\_restore{5BEEC213-22A6-4972-AA81-B2A0FD83A0F8}\RP430\A0357653.dll
    Infected! C:\System Volume Information\_restore{5BEEC213-22A6-4972-AA81-B2A0FD83A0F8}\RP430\A0357680.dll
    Infected! C:\System Volume Information\_restore{5BEEC213-22A6-4972-AA81-B2A0FD83A0F8}\RP430\A0357743.dll
    Infected! C:\System Volume Information\_restore{5BEEC213-22A6-4972-AA81-B2A0FD83A0F8}\RP430\A0358760.dll
    Infected! C:\System Volume Information\_restore{5BEEC213-22A6-4972-AA81-B2A0FD83A0F8}\RP430\A0358776.dll
    Infected! C:\System Volume Information\_restore{5BEEC213-22A6-4972-AA81-B2A0FD83A0F8}\RP430\A0358787.dll
    Infected! C:\System Volume Information\_restore{5BEEC213-22A6-4972-AA81-B2A0FD83A0F8}\RP430\A0358810.dll
    Infected! C:\System Volume Information\_restore{5BEEC213-22A6-4972-AA81-B2A0FD83A0F8}\RP430\A0358824.dll
    Infected! C:\System Volume Information\_restore{5BEEC213-22A6-4972-AA81-B2A0FD83A0F8}\RP430\A0358852.dll
    Infected! C:\System Volume Information\_restore{5BEEC213-22A6-4972-AA81-B2A0FD83A0F8}\RP430\A0358871.dll
    Infected! C:\System Volume Information\_restore{5BEEC213-22A6-4972-AA81-B2A0FD83A0F8}\RP430\A0358892.dll
    Infected! C:\System Volume Information\_restore{5BEEC213-22A6-4972-AA81-B2A0FD83A0F8}\RP430\A0358956.dll
    Infected! C:\System Volume Information\_restore{5BEEC213-22A6-4972-AA81-B2A0FD83A0F8}\RP430\A0358969.dll
    Infected! C:\System Volume Information\_restore{5BEEC213-22A6-4972-AA81-B2A0FD83A0F8}\RP430\A0358982.dll
    Infected! C:\WINDOWS\system32\absnt.dll
    Infected! C:\WINDOWS\system32\acycfilt.dll
    Infected! C:\WINDOWS\system32\arpmgr.dll
    Infected! C:\WINDOWS\system32\biprn2k.dll
    Infected! C:\WINDOWS\system32\bisendto_wab.dll
    Infected! C:\WINDOWS\system32\bjosif.dll
    Infected! C:\WINDOWS\system32\BlXpShell.dll
    Infected! C:\WINDOWS\system32\cansole.dll
    Infected! C:\WINDOWS\system32\cbgmgr32.dll
    Infected! C:\WINDOWS\system32\clmpatUI.dll
    Infected! C:\WINDOWS\system32\cOpesnpn.dll
    Infected! C:\WINDOWS\system32\cQtsrvps.dll
    Infected! C:\WINDOWS\system32\crprops.dll
    Infected! C:\WINDOWS\system32\ctyptdlg.dll
    Infected! C:\WINDOWS\system32\d40m0ed1eh0.dll
    Infected! C:\WINDOWS\system32\dftmsft3.dll
    Infected! C:\WINDOWS\system32\DjvXc32.dll
    Infected! C:\WINDOWS\system32\dn0401dqe.dll
    Infected! C:\WINDOWS\system32\dn6o01j3e.dll
    Infected! C:\WINDOWS\system32\dnn6015se.dll
    Infected! C:\WINDOWS\system32\dOdx9_24.dll
    Infected! C:\WINDOWS\system32\dtcompos.dll
    Infected! C:\WINDOWS\system32\dtn6015se.dll
    Infected! C:\WINDOWS\system32\duime.dll
    Infected! C:\WINDOWS\system32\dzkquota.dll
    Infected! C:\WINDOWS\system32\en26l1fs1.dll
    Infected! C:\WINDOWS\system32\enj0l11m1.dll
    Infected! C:\WINDOWS\system32\eos.dll
    Infected! C:\WINDOWS\system32\ezentcls.dll
    Infected! C:\WINDOWS\system32\f2l02c3mgf.dll
    Infected! C:\WINDOWS\system32\f4j20e1oeh.dll
    Infected! C:\WINDOWS\system32\fk20ita.dll
    Infected! C:\WINDOWS\system32\fmntext.dll
    Infected! C:\WINDOWS\system32\fp2m03f1e.dll
    Infected! C:\WINDOWS\system32\fppo0373e.dll
    Infected! C:\WINDOWS\system32\funtext.dll
    Infected! C:\WINDOWS\system32\g2jo0c13ef.dll
    Infected! C:\WINDOWS\system32\gppol3731.dll
    Infected! C:\WINDOWS\system32\hgetcfg.dll
    Infected! C:\WINDOWS\system32\i0600ajmedoa0.dll
    Infected! C:\WINDOWS\system32\i442leho1h4c.dll
    Infected! C:\WINDOWS\system32\ilwdial.dll
    Infected! C:\WINDOWS\system32\infgnt5.dll
    Infected! C:\WINDOWS\system32\iosetup.dll
    Infected! C:\WINDOWS\system32\ir0ml5d11.dll
    Infected! C:\WINDOWS\system32\ivign32.dll
    Infected! C:\WINDOWS\system32\iVssdo.dll
    Infected! C:\WINDOWS\system32\iwgutil.dll
    Infected! C:\WINDOWS\system32\iwwphbk.dll
    Infected! C:\WINDOWS\system32\ixput.dll
    Infected! C:\WINDOWS\system32\izetpp.dll
    Infected! C:\WINDOWS\system32\j82q0if5e82.dll
    Infected! C:\WINDOWS\system32\jt2q07f5e.dll
    Infected! C:\WINDOWS\system32\jtj4071qe.dll
    Infected! C:\WINDOWS\system32\jtn6075se.dll
    Infected! C:\WINDOWS\system32\kedmon.dll
    Infected! C:\WINDOWS\system32\kGnapi.dll
    Infected! C:\WINDOWS\system32\kidgae.dll
    Infected! C:\WINDOWS\system32\krdhu.dll
    Infected! C:\WINDOWS\system32\ktdes.dll
    Infected! C:\WINDOWS\system32\kudhe.dll
    Infected! C:\WINDOWS\system32\kxymgr.dll
    Infected! C:\WINDOWS\system32\kzdgae.dll
    Infected! C:\WINDOWS\system32\l4n40e5qeh.dll
    Infected! C:\WINDOWS\system32\l6l60g3se6.dll
    Infected! C:\WINDOWS\system32\lagif11n.dll
    Infected! C:\WINDOWS\system32\lPngwrbk.dll
    Infected! C:\WINDOWS\system32\lqhsvc.dll
    Infected! C:\WINDOWS\system32\lscmp13n.dll
    Infected! C:\WINDOWS\system32\lvj4091qe.dll
    Infected! C:\WINDOWS\system32\lzbkcoin.dll
    Infected! C:\WINDOWS\system32\m0lsla371d.dll
    Infected! C:\WINDOWS\system32\mbdimap.dll
    Infected! C:\WINDOWS\system32\mcgina.dll
    Infected! C:\WINDOWS\system32\mcvidc32.dll
    Infected! C:\WINDOWS\system32\mdprpptb.dll
    Infected! C:\WINDOWS\system32\meprpnl.dll
    Infected! C:\WINDOWS\system32\mgcuia32.dll
    Infected! C:\WINDOWS\system32\mhl_hp.dll
    Infected! C:\WINDOWS\system32\mjjtes40.dll
    Infected! C:\WINDOWS\system32\MjPMSP.dll
    Infected! C:\WINDOWS\system32\MmltiSZ.dll
    Infected! C:\WINDOWS\system32\mqisam11.dll
    Infected! C:\WINDOWS\system32\mqxdm.dll
    Infected! C:\WINDOWS\system32\mv4ul9h91.dll
    Infected! C:\WINDOWS\system32\mvnol9531.dll
    Infected! C:\WINDOWS\system32\mwl_mtf.dll
    Infected! C:\WINDOWS\system32\myutil.dll
    Infected! C:\WINDOWS\system32\n6r2lg9o16.dll
    Infected! C:\WINDOWS\system32\ngimage.dll
    Infected! C:\WINDOWS\system32\nirsit.dll
    Infected! C:\WINDOWS\system32\niwrsru.dll
    Infected! C:\WINDOWS\system32\njrsesm.dll
    Infected! C:\WINDOWS\system32\nlapi16.dll
    Infected! C:\WINDOWS\system32\nrwrshe.dll
    Infected! C:\WINDOWS\system32\nswdmcpl.dll
    Infected! C:\WINDOWS\system32\ntobjapi.dll
    Infected! C:\WINDOWS\system32\nydenb32.dll
    Infected! C:\WINDOWS\system32\o2840clqefqe0.dll
    Infected! C:\WINDOWS\system32\OACodec2.dll
    Infected! C:\WINDOWS\system32\odjsel.dll
    Infected! C:\WINDOWS\system32\OEBC32.dll
    Infected! C:\WINDOWS\system32\ohecli.dll
    Infected! C:\WINDOWS\system32\opjsel.dll
    Infected! C:\WINDOWS\system32\owedlg.dll
    Infected! C:\WINDOWS\system32\pmofmap.dll
    Infected! C:\WINDOWS\system32\pqofmap.dll
    Infected! C:\WINDOWS\system32\pulstore.dll
    Infected! C:\WINDOWS\system32\r4p8le7u1h.dll
    Infected! C:\WINDOWS\system32\rbmotepg.dll
    Infected! C:\WINDOWS\system32\rLcpldlg.dll
    Infected! C:\WINDOWS\system32\rMsapi32.dll
    Infected! C:\WINDOWS\system32\rnmotepg.dll
    Infected! C:\WINDOWS\system32\rspwsx.dll
    Infected! C:\WINDOWS\system32\sbgina.dll
    Infected! C:\WINDOWS\system32\sbnike.dll
    Infected! C:\WINDOWS\system32\sbxcoins.dll
    Infected! C:\WINDOWS\system32\sharddlg.dll
    Infected! C:\WINDOWS\system32\slhedsvc.dll
    Infected! C:\WINDOWS\system32\stclogon.dll
    Infected! C:\WINDOWS\system32\sWfrcdlg.dll
    Infected! C:\WINDOWS\system32\szmapi.dll
    Infected! C:\WINDOWS\system32\tlflog.dll
    Infected! C:\WINDOWS\system32\tnaffic.dll
    Infected! C:\WINDOWS\system32\twcfgwmi.dll
    Infected! C:\WINDOWS\system32\udimdmat.dll
    Infected! C:\WINDOWS\system32\uinpui.dll
    Infected! C:\WINDOWS\system32\vgrsion.dll
    Infected! C:\WINDOWS\system32\VKCodec.dll
    Infected! C:\WINDOWS\system32\vlmredir.dll
    Infected! C:\WINDOWS\system32\vms_ps.dll
    Infected! C:\WINDOWS\system32\vs6jp.dll
    Infected! C:\WINDOWS\system32\vwinit.dll
    Infected! C:\WINDOWS\system32\WDInterf.dll
    Infected! C:\WINDOWS\system32\wgvcore.dll
    Infected! C:\WINDOWS\system32\whhisn.dll
    Infected! C:\WINDOWS\system32\wmnmm.dll
    Infected! C:\WINDOWS\system32\wrn87em.dll
    Infected! C:\WINDOWS\system32\xgnput1_1.dll
    Infected! C:\WINDOWS\system32\xNctengine2_0.dll
    Infected! C:\WINDOWS\system32\xSctengine2_0.dll
    Infected! C:\WINDOWS\System32\guard.tmp

    Attempting to delete infected files...

    Attempting to delete: C:\System Volume Information\_restore{5BEEC213-22A6-4972-AA81-B2A0FD83A0F8}\RP428\A0348609.dll
    C:\System Volume Information\_restore{5BEEC213-22A6-4972-AA81-B2A0FD83A0F8}\RP428\A0348609.dll Deleted successfully!

    Attempting to delete: C:\System Volume Information\_restore{5BEEC213-22A6-4972-AA81-B2A0FD83A0F8}\RP428\A0348620.dll
    C:\System Volume Information\_restore{5BEEC213-22A6-4972-AA81-B2A0FD83A0F8}\RP428\A0348620.dll Deleted successfully!

    Attempting to delete: C:\System Volume Information\_restore{5BEEC213-22A6-4972-AA81-B2A0FD83A0F8}\RP428\A0348635.dll
    C:\System Volume Information\_restore{5BEEC213-22A6-4972-AA81-B2A0FD83A0F8}\RP428\A0348635.dll Deleted successfully!

    Attempting to delete: C:\System Volume Information\_restore{5BEEC213-22A6-4972-AA81-B2A0FD83A0F8}\RP428\A0348648.dll
    C:\System Volume Information\_restore{5BEEC213-22A6-4972-AA81-B2A0FD83A0F8}\RP428\A0348648.dll Deleted successfully!

    Attempting to delete: C:\System Volume Information\_restore{5BEEC213-22A6-4972-AA81-B2A0FD83A0F8}\RP428\A0348658.dll
    C:\System Volume Information\_restore{5BEEC213-22A6-4972-AA81-B2A0FD83A0F8}\RP428\A0348658.dll Deleted successfully!

    Attempting to delete: C:\System Volume Information\_restore{5BEEC213-22A6-4972-AA81-B2A0FD83A0F8}\RP428\A0348661.dll
    C:\System Volume Information\_restore{5BEEC213-22A6-4972-AA81-B2A0FD83A0F8}\RP428\A0348661.dll Deleted successfully!

    Attempting to delete: C:\System Volume Information\_restore{5BEEC213-22A6-4972-AA81-B2A0FD83A0F8}\RP428\A0349672.dll
    C:\System Volume Information\_restore{5BEEC213-22A6-4972-AA81-B2A0FD83A0F8}\RP428\A0349672.dll Deleted successfully!

    Attempting to delete: C:\System Volume Information\_restore{5BEEC213-22A6-4972-AA81-B2A0FD83A0F8}\RP428\A0349686.dll
    C:\System Volume Information\_restore{5BEEC213-22A6-4972-AA81-B2A0FD83A0F8}\RP428\A0349686.dll Deleted successfully!

    Attempting to delete: C:\System Volume Information\_restore{5BEEC213-22A6-4972-AA81-B2A0FD83A0F8}\RP428\A0349726.dll
    C:\System Volume Information\_restore{5BEEC213-22A6-4972-AA81-B2A0FD83A0F8}\RP428\A0349726.dll Deleted successfully!

    Attempting to delete: C:\System Volume Information\_restore{5BEEC213-22A6-4972-AA81-B2A0FD83A0F8}\RP428\A0349758.dll
    C:\System Volume Information\_restore{5BEEC213-22A6-4972-AA81-B2A0FD83A0F8}\RP428\A0349758.dll Deleted successfully!

    Attempting to delete: C:\System Volume Information\_restore{5BEEC213-22A6-4972-AA81-B2A0FD83A0F8}\RP428\A0349804.dll
    C:\System Volume Information\_restore{5BEEC213-22A6-4972-AA81-B2A0FD83A0F8}\RP428\A0349804.dll Deleted successfully!

    Attempting to delete: C:\System Volume Information\_restore{5BEEC213-22A6-4972-AA81-B2A0FD83A0F8}\RP428\A0349823.dll
    C:\System Volume Information\_restore{5BEEC213-22A6-4972-AA81-B2A0FD83A0F8}\RP428\A0349823.dll Deleted successfully!

    Attempting to delete: C:\System Volume Information\_restore{5BEEC213-22A6-4972-AA81-B2A0FD83A0F8}\RP428\A0350833.dll
    C:\System Volume Information\_restore{5BEEC213-22A6-4972-AA81-B2A0FD83A0F8}\RP428\A0350833.dll Deleted successfully!

    Attempting to delete: C:\System Volume Information\_restore{5BEEC213-22A6-4972-AA81-B2A0FD83A0F8}\RP428\A0350841.dll
    C:\System Volume Information\_restore{5BEEC213-22A6-4972-AA81-B2A0FD83A0F8}\RP428\A0350841.dll Deleted successfully!

    Attempting to delete: C:\System Volume Information\_restore{5BEEC213-22A6-4972-AA81-B2A0FD83A0F8}\RP430\A0354524.dll
    C:\System Volume Information\_restore{5BEEC213-22A6-4972-AA81-B2A0FD83A0F8}\RP430\A0354524.dll Deleted successfully!

    Attempting to delete: C:\System Volume Information\_restore{5BEEC213-22A6-4972-AA81-B2A0FD83A0F8}\RP430\A0354525.dll
    C:\System Volume Information\_restore{5BEEC213-22A6-4972-AA81-B2A0FD83A0F8}\RP430\A0354525.dll Deleted successfully!

    Attempting to delete: C:\System Volume Information\_restore{5BEEC213-22A6-4972-AA81-B2A0FD83A0F8}\RP430\A0354526.dll
    C:\System Volume Information\_restore{5BEEC213-22A6-4972-AA81-B2A0FD83A0F8}\RP430\A0354526.dll Deleted successfully!

    Attempting to delete: C:\System Volume Information\_restore{5BEEC213-22A6-4972-AA81-B2A0FD83A0F8}\RP430\A0355560.dll
    C:\System Volume Information\_restore{5BEEC213-22A6-4972-AA81-B2A0FD83A0F8}\RP430\A0355560.dll Deleted successfully!

    Attempting to delete: C:\System Volume Information\_restore{5BEEC213-22A6-4972-AA81-B2A0FD83A0F8}\RP430\A0357575.dll
    C:\System Volume Information\_restore{5BEEC213-22A6-4972-AA81-B2A0FD83A0F8}\RP430\A0357575.dll Deleted successfully!

    Attempting to delete: C:\System Volume Information\_restore{5BEEC213-22A6-4972-AA81-B2A0FD83A0F8}\RP430\A0357600.dll
    C:\System Volume Information\_restore{5BEEC213-22A6-4972-AA81-B2A0FD83A0F8}\RP430\A0357600.dll Deleted successfully!

    Attempting to delete: C:\System Volume Information\_restore{5BEEC213-22A6-4972-AA81-B2A0FD83A0F8}\RP430\A0357626.dll
    C:\System Volume Information\_restore{5BEEC213-22A6-4972-AA81-B2A0FD83A0F8}\RP430\A0357626.dll Deleted successfully!

    Attempting to delete: C:\System Volume Information\_restore{5BEEC213-22A6-4972-AA81-B2A0FD83A0F8}\RP430\A0357634.dll
    C:\System Volume Information\_restore{5BEEC213-22A6-4972-AA81-B2A0FD83A0F8}\RP430\A0357634.dll Deleted successfully!

    Attempting to delete: C:\System Volume Information\_restore{5BEEC213-22A6-4972-AA81-B2A0FD83A0F8}\RP430\A0357653.dll
    C:\System Volume Information\_restore{5BEEC213-22A6-4972-AA81-B2A0FD83A0F8}\RP430\A0357653.dll Deleted successfully!

    Attempting to delete: C:\System Volume Information\_restore{5BEEC213-22A6-4972-AA81-B2A0FD83A0F8}\RP430\A0357680.dll
    C:\System Volume Information\_restore{5BEEC213-22A6-4972-AA81-B2A0FD83A0F8}\RP430\A0357680.dll Deleted successfully!

    Attempting to delete: C:\System Volume Information\_restore{5BEEC213-22A6-4972-AA81-B2A0FD83A0F8}\RP430\A0357743.dll
    C:\System Volume Information\_restore{5BEEC213-22A6-4972-AA81-B2A0FD83A0F8}\RP430\A0357743.dll Deleted successfully!

    Attempting to delete: C:\System Volume Information\_restore{5BEEC213-22A6-4972-AA81-B2A0FD83A0F8}\RP430\A0358760.dll
    C:\System Volume Information\_restore{5BEEC213-22A6-4972-AA81-B2A0FD83A0F8}\RP430\A0358760.dll Deleted successfully!

    Attempting to delete: C:\System Volume Information\_restore{5BEEC213-22A6-4972-AA81-B2A0FD83A0F8}\RP430\A0358776.dll
    C:\System Volume Information\_restore{5BEEC213-22A6-4972-AA81-B2A0FD83A0F8}\RP430\A0358776.dll Deleted successfully!

    Attempting to delete: C:\System Volume Information\_restore{5BEEC213-22A6-4972-AA81-B2A0FD83A0F8}\RP430\A0358787.dll
    C:\System Volume Information\_restore{5BEEC213-22A6-4972-AA81-B2A0FD83A0F8}\RP430\A0358787.dll Deleted successfully!

    Attempting to delete: C:\System Volume Information\_restore{5BEEC213-22A6-4972-AA81-B2A0FD83A0F8}\RP430\A0358810.dll
    C:\System Volume Information\_restore{5BEEC213-22A6-4972-AA81-B2A0FD83A0F8}\RP430\A0358810.dll Deleted successfully!

    Attempting to delete: C:\System Volume Information\_restore{5BEEC213-22A6-4972-AA81-B2A0FD83A0F8}\RP430\A0358824.dll
    C:\System Volume Information\_restore{5BEEC213-22A6-4972-AA81-B2A0FD83A0F8}\RP430\A0358824.dll Deleted successfully!

    Attempting to delete: C:\System Volume Information\_restore{5BEEC213-22A6-4972-AA81-B2A0FD83A0F8}\RP430\A0358852.dll
    C:\System Volume Information\_restore{5BEEC213-22A6-4972-AA81-B2A0FD83A0F8}\RP430\A0358852.dll Deleted successfully!

    Attempting to delete: C:\System Volume Information\_restore{5BEEC213-22A6-4972-AA81-B2A0FD83A0F8}\RP430\A0358871.dll
    C:\System Volume Information\_restore{5BEEC213-22A6-4972-AA81-B2A0FD83A0F8}\RP430\A0358871.dll Deleted successfully!

    Attempting to delete: C:\System Volume Information\_restore{5BEEC213-22A6-4972-AA81-B2A0FD83A0F8}\RP430\A0358892.dll
    C:\System Volume Information\_restore{5BEEC213-22A6-4972-AA81-B2A0FD83A0F8}\RP430\A0358892.dll Deleted successfully!

    Attempting to delete: C:\System Volume Information\_restore{5BEEC213-22A6-4972-AA81-B2A0FD83A0F8}\RP430\A0358956.dll
    C:\System Volume Information\_restore{5BEEC213-22A6-4972-AA81-B2A0FD83A0F8}\RP430\A0358956.dll Deleted successfully!

    Attempting to delete: C:\System Volume Information\_restore{5BEEC213-22A6-4972-AA81-B2A0FD83A0F8}\RP430\A0358969.dll
    C:\System Volume Information\_restore{5BEEC213-22A6-4972-AA81-B2A0FD83A0F8}\RP430\A0358969.dll Deleted successfully!

    Attempting to delete: C:\System Volume Information\_restore{5BEEC213-22A6-4972-AA81-B2A0FD83A0F8}\RP430\A0358982.dll
    C:\System Volume Information\_restore{5BEEC213-22A6-4972-AA81-B2A0FD83A0F8}\RP430\A0358982.dll Deleted successfully!

    Attempting to delete: C:\WINDOWS\system32\absnt.dll
    C:\WINDOWS\system32\absnt.dll Deleted successfully!

    Attempting to delete: C:\WINDOWS\system32\acycfilt.dll
    C:\WINDOWS\system32\acycfilt.dll Deleted successfully!

    Attempting to delete: C:\WINDOWS\system32\arpmgr.dll
    C:\WINDOWS\system32\arpmgr.dll Deleted successfully!

    Attempting to delete: C:\WINDOWS\system32\biprn2k.dll
    C:\WINDOWS\system32\biprn2k.dll Deleted successfully!

    Attempting to delete: C:\WINDOWS\system32\bisendto_wab.dll
    C:\WINDOWS\system32\bisendto_wab.dll Deleted successfully!

    Attempting to delete: C:\WINDOWS\system32\bjosif.dll
    C:\WINDOWS\system32\bjosif.dll Deleted successfully!

    Attempting to delete: C:\WINDOWS\system32\BlXpShell.dll
    C:\WINDOWS\system32\BlXpShell.dll Deleted successfully!

    Attempting to delete: C:\WINDOWS\system32\cansole.dll
    C:\WINDOWS\system32\cansole.dll Deleted successfully!

    Attempting to delete: C:\WINDOWS\system32\cbgmgr32.dll
    C:\WINDOWS\system32\cbgmgr32.dll Deleted successfully!

    Attempting to delete: C:\WINDOWS\system32\clmpatUI.dll
    C:\WINDOWS\system32\clmpatUI.dll Deleted successfully!

    Attempting to delete: C:\WINDOWS\system32\cOpesnpn.dll
    C:\WINDOWS\system32\cOpesnpn.dll Deleted successfully!

    Attempting to delete: C:\WINDOWS\system32\cQtsrvps.dll
    C:\WINDOWS\system32\cQtsrvps.dll Deleted successfully!

    Attempting to delete: C:\WINDOWS\system32\crprops.dll
    C:\WINDOWS\system32\crprops.dll Deleted successfully!

    Attempting to delete: C:\WINDOWS\system32\ctyptdlg.dll
    C:\WINDOWS\system32\ctyptdlg.dll Deleted successfully!

    Attempting to delete: C:\WINDOWS\system32\d40m0ed1eh0.dll
    C:\WINDOWS\system32\d40m0ed1eh0.dll Deleted successfully!

    Attempting to delete: C:\WINDOWS\system32\dftmsft3.dll
    C:\WINDOWS\system32\dftmsft3.dll Deleted successfully!

    Attempting to delete: C:\WINDOWS\system32\DjvXc32.dll
    C:\WINDOWS\system32\DjvXc32.dll Deleted successfully!

    Attempting to delete: C:\WINDOWS\system32\dn0401dqe.dll
    C:\WINDOWS\system32\dn0401dqe.dll Deleted successfully!

    Attempting to delete: C:\WINDOWS\system32\dn6o01j3e.dll
    C:\WINDOWS\system32\dn6o01j3e.dll Deleted successfully!

    Attempting to delete: C:\WINDOWS\system32\dnn6015se.dll
    C:\WINDOWS\system32\dnn6015se.dll Deleted successfully!

    Attempting to delete: C:\WINDOWS\system32\dOdx9_24.dll
    C:\WINDOWS\system32\dOdx9_24.dll Deleted successfully!

    Attempting to delete: C:\WINDOWS\system32\dtcompos.dll
    C:\WINDOWS\system32\dtcompos.dll Deleted successfully!

    Attempting to delete: C:\WINDOWS\system32\dtn6015se.dll
    C:\WINDOWS\system32\dtn6015se.dll Deleted successfully!

    Attempting to delete: C:\WINDOWS\system32\duime.dll
    C:\WINDOWS\system32\duime.dll Deleted successfully!

    Attempting to delete: C:\WINDOWS\system32\dzkquota.dll
    C:\WINDOWS\system32\dzkquota.dll Deleted successfully!

    Attempting to delete: C:\WINDOWS\system32\en26l1fs1.dll
    C:\WINDOWS\system32\en26l1fs1.dll Deleted successfully!

    Attempting to delete: C:\WINDOWS\system32\enj0l11m1.dll
    C:\WINDOWS\system32\enj0l11m1.dll Deleted successfully!

    Attempting to delete: C:\WINDOWS\system32\eos.dll
    C:\WINDOWS\system32\eos.dll Deleted successfully!

    Attempting to delete: C:\WINDOWS\system32\ezentcls.dll
    C:\WINDOWS\system32\ezentcls.dll Deleted successfully!

    Attempting to delete: C:\WINDOWS\system32\f2l02c3mgf.dll
    C:\WINDOWS\system32\f2l02c3mgf.dll Deleted successfully!

    Attempting to delete: C:\WINDOWS\system32\f4j20e1oeh.dll
    C:\WINDOWS\system32\f4j20e1oeh.dll Deleted successfully!

    Attempting to delete: C:\WINDOWS\system32\fk20ita.dll
    C:\WINDOWS\system32\fk20ita.dll Deleted successfully!

    Attempting to delete: C:\WINDOWS\system32\fmntext.dll
    C:\WINDOWS\system32\fmntext.dll Deleted successfully!

    Attempting to delete: C:\WINDOWS\system32\fp2m03f1e.dll
    C:\WINDOWS\system32\fp2m03f1e.dll Deleted successfully!

    Attempting to delete: C:\WINDOWS\system32\fppo0373e.dll
    C:\WINDOWS\system32\fppo0373e.dll Deleted successfully!

    Attempting to delete: C:\WINDOWS\system32\funtext.dll
    C:\WINDOWS\system32\funtext.dll Deleted successfully!

    Attempting to delete: C:\WINDOWS\system32\g2jo0c13ef.dll
    C:\WINDOWS\system32\g2jo0c13ef.dll Deleted successfully!

    Attempting to delete: C:\WINDOWS\system32\gppol3731.dll
    C:\WINDOWS\system32\gppol3731.dll Deleted successfully!

    Attempting to delete: C:\WINDOWS\system32\hgetcfg.dll
    C:\WINDOWS\system32\hgetcfg.dll Deleted successfully!

    Attempting to delete: C:\WINDOWS\system32\i0600ajmedoa0.dll
    C:\WINDOWS\system32\i0600ajmedoa0.dll Deleted successfully!

    Attempting to delete: C:\WINDOWS\system32\i442leho1h4c.dll
    C:\WINDOWS\system32\i442leho1h4c.dll Deleted successfully!

    Attempting to delete: C:\WINDOWS\system32\ilwdial.dll
    C:\WINDOWS\system32\ilwdial.dll Deleted successfully!

    Attempting to delete: C:\WINDOWS\system32\infgnt5.dll
    C:\WINDOWS\system32\infgnt5.dll Deleted successfully!

    Attempting to delete: C:\WINDOWS\system32\iosetup.dll
    C:\WINDOWS\system32\iosetup.dll Deleted successfully!

    Attempting to delete: C:\WINDOWS\system32\ir0ml5d11.dll
    C:\WINDOWS\system32\ir0ml5d11.dll Deleted successfully!

    Attempting to delete: C:\WINDOWS\system32\ivign32.dll
    C:\WINDOWS\system32\ivign32.dll Deleted successfully!

    Attempting to delete: C:\WINDOWS\system32\iVssdo.dll
    C:\WINDOWS\system32\iVssdo.dll Deleted successfully!

    Attempting to delete: C:\WINDOWS\system32\iwgutil.dll
    C:\WINDOWS\system32\iwgutil.dll Deleted successfully!

    Attempting to delete: C:\WINDOWS\system32\iwwphbk.dll
    C:\WINDOWS\system32\iwwphbk.dll Deleted successfully!

    Attempting to delete: C:\WINDOWS\system32\ixput.dll
    C:\WINDOWS\system32\ixput.dll Deleted successfully!

    Attempting to delete: C:\WINDOWS\system32\izetpp.dll
    C:\WINDOWS\system32\izetpp.dll Deleted successfully!

    Attempting to delete: C:\WINDOWS\system32\j82q0if5e82.dll
    C:\WINDOWS\system32\j82q0if5e82.dll Deleted successfully!

    Attempting to delete: C:\WINDOWS\system32\jt2q07f5e.dll
    C:\WINDOWS\system32\jt2q07f5e.dll Deleted successfully!

    Attempting to delete: C:\WINDOWS\system32\jtj4071qe.dll
    C:\WINDOWS\system32\jtj4071qe.dll Deleted successfully!

    Attempting to delete: C:\WINDOWS\system32\jtn6075se.dll
    C:\WINDOWS\system32\jtn6075se.dll Deleted successfully!

    Attempting to delete: C:\WINDOWS\system32\kedmon.dll
    C:\WINDOWS\system32\kedmon.dll Deleted successfully!

    Attempting to delete: C:\WINDOWS\system32\kGnapi.dll
    C:\WINDOWS\system32\kGnapi.dll Deleted successfully!

    Attempting to delete: C:\WINDOWS\system32\kidgae.dll
    C:\WINDOWS\system32\kidgae.dll Deleted successfully!

    Attempting to delete: C:\WINDOWS\system32\krdhu.dll
    C:\WINDOWS\system32\krdhu.dll Deleted successfully!

    Attempting to delete: C:\WINDOWS\system32\ktdes.dll
    C:\WINDOWS\system32\ktdes.dll Deleted successfully!

    Attempting to delete: C:\WINDOWS\system32\kudhe.dll
    C:\WINDOWS\system32\kudhe.dll Deleted successfully!

    Attempting to delete: C:\WINDOWS\system32\kxymgr.dll
    C:\WINDOWS\system32\kxymgr.dll Deleted successfully!

    Attempting to delete: C:\WINDOWS\system32\kzdgae.dll
    C:\WINDOWS\system32\kzdgae.dll Deleted successfully!

    Attempting to delete: C:\WINDOWS\system32\l4n40e5qeh.dll
    C:\WINDOWS\system32\l4n40e5qeh.dll Deleted successfully!

    Attempting to delete: C:\WINDOWS\system32\l6l60g3se6.dll
    C:\WINDOWS\system32\l6l60g3se6.dll Deleted successfully!

    Attempting to delete: C:\WINDOWS\system32\lagif11n.dll
    C:\WINDOWS\system32\lagif11n.dll Deleted successfully!

    Attempting to delete: C:\WINDOWS\system32\lPngwrbk.dll
    C:\WINDOWS\system32\lPngwrbk.dll Deleted successfully!

    Attempting to delete: C:\WINDOWS\system32\lqhsvc.dll
    C:\WINDOWS\system32\lqhsvc.dll Deleted successfully!

    Attempting to delete: C:\WINDOWS\system32\lscmp13n.dll
    C:\WINDOWS\system32\lscmp13n.dll Deleted successfully!

    Attempting to delete: C:\WINDOWS\system32\lvj4091qe.dll
    C:\WINDOWS\system32\lvj4091qe.dll Deleted successfully!

    Attempting to delete: C:\WINDOWS\system32\lzbkcoin.dll
    C:\WINDOWS\system32\lzbkcoin.dll Deleted successfully!

    Attempting to delete: C:\WINDOWS\system32\m0lsla371d.dll
    C:\WINDOWS\system32\m0lsla371d.dll Deleted successfully!

    Attempting to delete: C:\WINDOWS\system32\mbdimap.dll
    C:\WINDOWS\system32\mbdimap.dll Deleted successfully!

    Attempting to delete: C:\WINDOWS\system32\mcgina.dll
    C:\WINDOWS\system32\mcgina.dll Deleted successfully!

    Attempting to delete: C:\WINDOWS\system32\mcvidc32.dll
    C:\WINDOWS\system32\mcvidc32.dll Deleted successfully!

    Attempting to delete: C:\WINDOWS\system32\mdprpptb.dll
    C:\WINDOWS\system32\mdprpptb.dll Deleted successfully!

    Attempting to delete: C:\WINDOWS\system32\meprpnl.dll
    C:\WINDOWS\system32\meprpnl.dll Deleted successfully!

    Attempting to delete: C:\WINDOWS\system32\mgcuia32.dll
    C:\WINDOWS\system32\mgcuia32.dll Deleted successfully!

    Attempting to delete: C:\WINDOWS\system32\mhl_hp.dll
    C:\WINDOWS\system32\mhl_hp.dll Deleted successfully!

    Attempting to delete: C:\WINDOWS\system32\mjjtes40.dll
    C:\WINDOWS\system32\mjjtes40.dll Deleted successfully!

    Attempting to delete: C:\WINDOWS\system32\MjPMSP.dll
    C:\WINDOWS\system32\MjPMSP.dll Deleted successfully!

    Attempting to delete: C:\WINDOWS\system32\MmltiSZ.dll
    C:\WINDOWS\system32\MmltiSZ.dll Deleted successfully!

    Attempting to delete: C:\WINDOWS\system32\mqisam11.dll
    C:\WINDOWS\system32\mqisam11.dll Deleted successfully!

    Attempting to delete: C:\WINDOWS\system32\mqxdm.dll
    C:\WINDOWS\system32\mqxdm.dll Deleted successfully!

    Attempting to delete: C:\WINDOWS\system32\mv4ul9h91.dll
    C:\WINDOWS\system32\mv4ul9h91.dll Deleted successfully!

    Attempting to delete: C:\WINDOWS\system32\mvnol9531.dll
    C:\WINDOWS\system32\mvnol9531.dll Deleted successfully!

    Attempting to delete: C:\WINDOWS\system32\mwl_mtf.dll
    C:\WINDOWS\system32\mwl_mtf.dll Deleted successfully!

    Attempting to delete: C:\WINDOWS\system32\myutil.dll
    C:\WINDOWS\system32\myutil.dll Deleted successfully!

    Attempting to delete: C:\WINDOWS\system32\n6r2lg9o16.dll
    C:\WINDOWS\system32\n6r2lg9o16.dll Deleted successfully!

    Attempting to delete: C:\WINDOWS\system32\ngimage.dll
    C:\WINDOWS\system32\ngimage.dll Deleted successfully!

    Attempting to delete: C:\WINDOWS\system32\nirsit.dll
    C:\WINDOWS\system32\nirsit.dll Deleted successfully!

    Attempting to delete: C:\WINDOWS\system32\niwrsru.dll
    C:\WINDOWS\system32\niwrsru.dll Deleted successfully!

    Attempting to delete: C:\WINDOWS\system32\njrsesm.dll
    C:\WINDOWS\system32\njrsesm.dll Deleted successfully!

    Attempting to delete: C:\WINDOWS\system32\nlapi16.dll
    C:\WINDOWS\system32\nlapi16.dll Deleted successfully!

    Attempting to delete: C:\WINDOWS\system32\nrwrshe.dll
    C:\WINDOWS\system32\nrwrshe.dll Deleted successfully!

    Attempting to delete: C:\WINDOWS\system32\nswdmcpl.dll
    C:\WINDOWS\system32\nswdmcpl.dll Deleted successfully!

    Attempting to delete: C:\WINDOWS\system32\ntobjapi.dll
    C:\WINDOWS\system32\ntobjapi.dll Deleted successfully!

    Attempting to delete: C:\WINDOWS\system32\nydenb32.dll
    C:\WINDOWS\system32\nydenb32.dll Deleted successfully!

    Attempting to delete: C:\WINDOWS\system32\o2840clqefqe0.dll
    C:\WINDOWS\system32\o2840clqefqe0.dll Deleted successfully!

    Attempting to delete: C:\WINDOWS\system32\OACodec2.dll
    C:\WINDOWS\system32\OACodec2.dll Deleted successfully!

    Attempting to delete: C:\WINDOWS\system32\odjsel.dll
    C:\WINDOWS\system32\odjsel.dll Deleted successfully!

    Attempting to delete: C:\WINDOWS\system32\OEBC32.dll
    C:\WINDOWS\system32\OEBC32.dll Deleted successfully!

    Attempting to delete: C:\WINDOWS\system32\ohecli.dll
    C:\WINDOWS\system32\ohecli.dll Deleted successfully!

    Attempting to delete: C:\WINDOWS\system32\opjsel.dll
    C:\WINDOWS\system32\opjsel.dll Deleted successfully!

    Attempting to delete: C:\WINDOWS\system32\owedlg.dll
    C:\WINDOWS\system32\owedlg.dll Deleted successfully!

    Attempting to delete: C:\WINDOWS\system32\pmofmap.dll
    C:\WINDOWS\system32\pmofmap.dll Deleted successfully!

    Attempting to delete: C:\WINDOWS\system32\pqofmap.dll
    C:\WINDOWS\system32\pqofmap.dll Deleted successfully!

    Attempting to delete: C:\WINDOWS\system32\pulstore.dll
    C:\WINDOWS\system32\pulstore.dll Deleted successfully!

    Attempting to delete: C:\WINDOWS\system32\r4p8le7u1h.dll
    C:\WINDOWS\system32\r4p8le7u1h.dll Deleted successfully!

    Attempting to delete: C:\WINDOWS\system32\rbmotepg.dll
    C:\WINDOWS\system32\rbmotepg.dll Deleted successfully!

    Attempting to delete: C:\WINDOWS\system32\rLcpldlg.dll
    C:\WINDOWS\system32\rLcpldlg.dll Deleted successfully!

    Attempting to delete: C:\WINDOWS\system32\rMsapi32.dll
    C:\WINDOWS\system32\rMsapi32.dll Deleted successfully!

    Attempting to delete: C:\WINDOWS\system32\rnmotepg.dll
    C:\WINDOWS\system32\rnmotepg.dll Deleted successfully!

    Attempting to delete: C:\WINDOWS\system32\rspwsx.dll
    C:\WINDOWS\system32\rspwsx.dll Deleted successfully!

    Attempting to delete: C:\WINDOWS\system32\sbgina.dll
    C:\WINDOWS\system32\sbgina.dll Deleted successfully!

    Attempting to delete: C:\WINDOWS\system32\sbnike.dll
    C:\WINDOWS\system32\sbnike.dll Deleted successfully!

    Attempting to delete: C:\WINDOWS\system32\sbxcoins.dll
    C:\WINDOWS\system32\sbxcoins.dll Deleted successfully!

    Attempting to delete: C:\WINDOWS\system32\sharddlg.dll
    C:\WINDOWS\system32\sharddlg.dll Deleted successfully!

    Attempting to delete: C:\WINDOWS\system32\slhedsvc.dll
    C:\WINDOWS\system32\slhedsvc.dll Deleted successfully!

    Attempting to delete: C:\WINDOWS\system32\stclogon.dll
    C:\WINDOWS\system32\stclogon.dll Deleted successfully!

    Attempting to delete: C:\WINDOWS\system32\sWfrcdlg.dll
    C:\WINDOWS\system32\sWfrcdlg.dll Deleted successfully!

    Attempting to delete: C:\WINDOWS\system32\szmapi.dll
    C:\WINDOWS\system32\szmapi.dll Deleted successfully!

    Attempting to delete: C:\WINDOWS\system32\tlflog.dll
    C:\WINDOWS\system32\tlflog.dll Deleted successfully!

    Attempting to delete: C:\WINDOWS\system32\tnaffic.dll
    C:\WINDOWS\system32\tnaffic.dll Deleted successfully!

    Attempting to delete: C:\WINDOWS\system32\twcfgwmi.dll
    C:\WINDOWS\system32\twcfgwmi.dll Deleted successfully!

    Attempting to delete: C:\WINDOWS\system32\udimdmat.dll
    C:\WINDOWS\system32\udimdmat.dll Deleted successfully!

    Attempting to delete: C:\WINDOWS\system32\uinpui.dll
    C:\WINDOWS\system32\uinpui.dll Deleted successfully!

    Attempting to delete: C:\WINDOWS\system32\vgrsion.dll
    C:\WINDOWS\system32\vgrsion.dll Deleted successfully!

    Attempting to delete: C:\WINDOWS\system32\VKCodec.dll
    C:\WINDOWS\system32\VKCodec.dll Deleted successfully!

    Attempting to delete: C:\WINDOWS\system32\vlmredir.dll
    C:\WINDOWS\system32\vlmredir.dll Deleted successfully!

    Attempting to delete: C:\WINDOWS\system32\vms_ps.dll
    C:\WINDOWS\system32\vms_ps.dll Deleted successfully!

    Attempting to delete: C:\WINDOWS\system32\vs6jp.dll
    C:\WINDOWS\system32\vs6jp.dll Deleted successfully!

    Attempting to delete: C:\WINDOWS\system32\vwinit.dll
    C:\WINDOWS\system32\vwinit.dll Deleted successfully!

    Attempting to delete: C:\WINDOWS\system32\WDInterf.dll
    C:\WINDOWS\system32\WDInterf.dll Deleted successfully!

    Attempting to delete: C:\WINDOWS\system32\wgvcore.dll
    C:\WINDOWS\system32\wgvcore.dll Deleted successfully!

    Attempting to delete: C:\WINDOWS\system32\whhisn.dll
    C:\WINDOWS\system32\whhisn.dll Deleted successfully!

    Attempting to delete: C:\WINDOWS\system32\wmnmm.dll
    C:\WINDOWS\system32\wmnmm.dll Deleted successfully!

    Attempting to delete: C:\WINDOWS\system32\wrn87em.dll
    C:\WINDOWS\system32\wrn87em.dll Deleted successfully!

    Attempting to delete: C:\WINDOWS\system32\xgnput1_1.dll
    C:\WINDOWS\system32\xgnput1_1.dll Deleted successfully!

    Attempting to delete: C:\WINDOWS\system32\xNctengine2_0.dll
    C:\WINDOWS\system32\xNctengine2_0.dll Deleted successfully!

    Attempting to delete: C:\WINDOWS\system32\xSctengine2_0.dll
    C:\WINDOWS\system32\xSctengine2_0.dll Deleted successfully!

    Attempting to delete: C:\WINDOWS\System32\guard.tmp
    C:\WINDOWS\System32\guard.tmp Deleted successfully!

    Making registry repairs.

    Removing: HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\StillImage

    Removing: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved "{7A6CD297-EEC3-4F9E-BBAB-C9720B0E4F72}"
    HKCR\Clsid\{7A6CD297-EEC3-4F9E-BBAB-C9720B0E4F72}

    Removing: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved "{787D9B56-16E2-4928-88C9-05548BFDC546}"
    HKCR\Clsid\{787D9B56-16E2-4928-88C9-05548BFDC546}

    Removing: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved "{BD6D1E3A-E630-40AB-9361-2DCF7D3F8133}"
    HKCR\Clsid\{BD6D1E3A-E630-40AB-9361-2DCF7D3F8133}

    Removing: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved "{7B8AE584-D16E-43F0-8C89-30E67A1EA683}"
    HKCR\Clsid\{7B8AE584-D16E-43F0-8C89-30E67A1EA683}

    Removing: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved "{A33E9094-505B-46B1-B591-48AAE9809B2C}"
    HKCR\Clsid\{A33E9094-505B-46B1-B591-48AAE9809B2C}

    Removing: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved "{EE8CFBEB-0A8E-4A36-A879-43E2D3043C35}"
    HKCR\Clsid\{EE8CFBEB-0A8E-4A36-A879-43E2D3043C35}

    Removing: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved "{19D9B377-F7F4-4A85-BA11-6B3C3D924DA2}"
    HKCR\Clsid\{19D9B377-F7F4-4A85-BA11-6B3C3D924DA2}

    Removing: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved "{AFEBEF9D-9CEC-4747-9167-628CDE1A54B8}"
    HKCR\Clsid\{AFEBEF9D-9CEC-4747-9167-628CDE1A54B8}

    Removing: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved "{055EEC79-86E7-4DAD-A616-99E69A972A07}"
    HKCR\Clsid\{055EEC79-86E7-4DAD-A616-99E69A972A07}

    Removing: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved "{CDFB68A7-69E6-4368-88B6-ACED3447A5C7}"
    HKCR\Clsid\{CDFB68A7-69E6-4368-88B6-ACED3447A5C7}

    Removing: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved "{BB20ADE5-9A68-4E59-8F7F-4ABF3B8A2E16}"
    HKCR\Clsid\{BB20ADE5-9A68-4E59-8F7F-4ABF3B8A2E16}

    Removing: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved "{C2572F06-F493-493D-94C6-6D0E79209212}"
    HKCR\Clsid\{C2572F06-F493-493D-94C6-6D0E79209212}

    Removing: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved "{46089C61-39CF-4E3C-AED4-B317A8AC9D92}"
    HKCR\Clsid\{46089C61-39CF-4E3C-AED4-B317A8AC9D92}

    Removing: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved "{4915C126-3588-4A2D-9C27-8B2A1DBABC75}"
    HKCR\Clsid\{4915C126-3588-4A2D-9C27-8B2A1DBABC75}

    Removing: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved "{460D99E6-961E-409A-9354-53EEF6D44E39}"
    HKCR\Clsid\{460D99E6-961E-409A-9354-53EEF6D44E39}

    Removing: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved "{CB7F3A38-3FDD-4685-8EAA-306A1ED0AF46}"
    HKCR\Clsid\{CB7F3A38-3FDD-4685-8EAA-306A1ED0AF46}

    Removing: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved "{108A61B8-9C96-449B-A165-15DF061B54F1}"
    HKCR\Clsid\{108A61B8-9C96-449B-A165-15DF061B54F1}

    Removing: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved "{3B94F2B5-0D4F-48F9-95F0-D9D2DCCD354D}"
    HKCR\Clsid\{3B94F2B5-0D4F-48F9-95F0-D9D2DCCD354D}

    Removing: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved "{65CE0C49-4F4E-4575-B2F7-3442AFB52CBB}"
    HKCR\Clsid\{65CE0C49-4F4E-4575-B2F7-3442AFB52CBB}

    Removing: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved "{D7DCA046-326E-44AD-8282-54C0BE7DEC00}"
    HKCR\Clsid\{D7DCA046-326E-44AD-8282-54C0BE7DEC00}

    Removing: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved "{C510EDB9-8BD2-4FED-ABFC-A27F92023357}"
    HKCR\Clsid\{C510EDB9-8BD2-4FED-ABFC-A27F92023357}

    Removing: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved "{FBE6929D-ED04-4D95-ADF3-F6DED802F0EB}"
    HKCR\Clsid\{FBE6929D-ED04-4D95-ADF3-F6DED802F0EB}

    Removing: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved "{A5ACBC97-E3D3-4818-B448-4BB25D7E9523}"
    HKCR\Clsid\{A5ACBC97-E3D3-4818-B448-4BB25D7E9523}

    Removing: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved "{30B7E8E1-F710-461D-A5B1-07110AA38ADE}"
    HKCR\Clsid\{30B7E8E1-F710-461D-A5B1-07110AA38ADE}

    Removing: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved "{98173825-39B6-45C6-97CE-8E0AA6D6117A}"
    HKCR\Clsid\{98173825-39B6-45C6-97CE-8E0AA6D6117A}

    Removing: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved "{73B56F24-41D6-4134-B79B-EA3CB8AE9AF6}"
    HKCR\Clsid\{73B56F24-41D6-4134-B79B-EA3CB8AE9AF6}

    Removing: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved "{0942D93C-16E9-4114-9665-B61442D976FC}"
    HKCR\Clsid\{0942D93C-16E9-4114-9665-B61442D976FC}

    Removing: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved "{0951FDAA-62E5-4AAB-8A74-8B240A87389C}"
    HKCR\Clsid\{0951FDAA-62E5-4AAB-8A74-8B240A87389C}

    Removing: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved "{2C12858C-256A-4325-99FF-D2259707018E}"
    HKCR\Clsid\{2C12858C-256A-4325-99FF-D2259707018E}

    Removing: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved "{8A8BFB0F-BC7B-4EE2-A7B4-9FBDA5A322E5}"
    HKCR\Clsid\{8A8BFB0F-BC7B-4EE2-A7B4-9FBDA5A322E5}

    Removing: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved "{9AE3C1E6-C7FD-40FE-9F04-B9D38C5FCD70}"
    HKCR\Clsid\{9AE3C1E6-C7FD-40FE-9F04-B9D38C5FCD70}

    Removing: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved "{CAA36B4C-F15E-4B4C-8C00-AC02815FCF0D}"
    HKCR\Clsid\{CAA36B4C-F15E-4B4C-8C00-AC02815FCF0D}

    Removing: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved "{F07D6175-C6C4-42D4-AC3F-B2D57AFA348F}"
    HKCR\Clsid\{F07D6175-C6C4-42D4-AC3F-B2D57AFA348F}

    Removing: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved "{59383131-A045-4320-B7F2-DC60EF0923E2}"
    HKCR\Clsid\{59383131-A045-4320-B7F2-DC60EF0923E2}

    Removing: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved "{E9248530-F0A7-44BE-9C60-C301C50872EA}"
    HKCR\Clsid\{E9248530-F0A7-44BE-9C60-C301C50872EA}

    Removing: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved "{6DEA9194-F31E-473C-864F-8215FCA98FE4}"
    HKCR\Clsid\{6DEA9194-F31E-473C-864F-8215FCA98FE4}

    Removing: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved "{434114D9-22C1-4DCC-80F1-0419911DF4B3}"
    HKCR\Clsid\{434114D9-22C1-4DCC-80F1-0419911DF4B3}

    Removing: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved "{C2AEB5CA-4CDA-44EE-A1A1-A478308A4280}"
    HKCR\Clsid\{C2AEB5CA-4CDA-44EE-A1A1-A478308A4280}

    Removing: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved "{C864F911-4530-4330-9FC2-C3DDCA4F5446}"
    HKCR\Clsid\{C864F911-4530-4330-9FC2-C3DDCA4F5446}

    Removing: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved "{8363CF85-1F7A-46EA-9B44-6EC8F17E5710}"
    HKCR\Clsid\{8363CF85-1F7A-46EA-9B44-6EC8F17E5710}

    Removing: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved "{8920CD82-4BB5-4576-9EE2-6A5CBF2F9FE2}"
    HKCR\Clsid\{8920CD82-4BB5-4576-9EE2-6A5CBF2F9FE2}

    Removing: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved "{7E019537-3377-42E0-A2C1-A8894B0E6311}"
    HKCR\Clsid\{7E019537-3377-42E0-A2C1-A8894B0E6311}

    Removing: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved "{9D7D6E0D-A7A3-4B18-9744-50E83A889777}"
    HKCR\Clsid\{9D7D6E0D-A7A3-4B18-9744-50E83A889777}

    Removing: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved "{18E8A9D2-18CC-42EE-911B-2BB8B46B1E08}"
    HKCR\Clsid\{18E8A9D2-18CC-42EE-911B-2BB8B46B1E08}

    Removing: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved "{455AADF6-4896-40B6-9B52-44EC7DC0ACFF}"
    HKCR\Clsid\{455AADF6-4896-40B6-9B52-44EC7DC0ACFF}

    Removing: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved "{DDDAE45C-D5A5-42B6-AB68-36B1E0125CAE}"
    HKCR\Clsid\{DDDAE45C-D5A5-42B6-AB68-36B1E0125CAE}

    Removing: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved "{48E19A8A-A60A-46A2-84AD-A714C18373F2}"
    HKCR\Clsid\{48E19A8A-A60A-46A2-84AD-A714C18373F2}

    Removing: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved "{7D1A0E96-4B44-41C4-BA6C-C8D40E7E1B75}"
    HKCR\Clsid\{7D1A0E96-4B44-41C4-BA6C-C8D40E7E1B75}

    Removing: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved "{9CC2B482-9BEF-43D7-B190-D5A7B48887BC}"
    HKCR\Clsid\{9CC2B482-9BEF-43D7-B190-D5A7B48887BC}

    Removing: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved "{46EFF559-5C5E-4EA4-B92F-47D780DAEB52}"
    HKCR\Clsid\{46EFF559-5C5E-4EA4-B92F-47D780DAEB52}

    Removing: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved "{86EBA164-32C3-4699-89A0-E5C1DB6969E0}"
    HKCR\Clsid\{86EBA164-32C3-4699-89A0-E5C1DB6969E0}

    Removing: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved "{19F44B0C-6A3A-468F-99EE-F90C0EADB093}"
    HKCR\Clsid\{19F44B0C-6A3A-468F-99EE-F90C0EADB093}

    Removing: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved "{D3E4F59D-82FE-4652-B9D5-78C929C95A80}"
    HKCR\Clsid\{D3E4F59D-82FE-4652-B9D5-78C929C95A80}

    Removing: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved "{47D78BF8-B8B1-48B8-B4AB-66C8AA9DD61A}"
    HKCR\Clsid\{47D78BF8-B8B1-48B8-B4AB-66C8AA9DD61A}

    Removing: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved "{A3A14C3D-787B-40FB-AD54-E2DC48332903}"
    HKCR\Clsid\{A3A14C3D-787B-40FB-AD54-E2DC48332903}

    Removing: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved "{0DBC81F8-50E8-4743-998E-BBA6450EAA30}"
    HKCR\Clsid\{0DBC81F8-50E8-4743-998E-BBA6450EAA30}

    Removing: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved "{3F7E975B-B759-4919-B16D-A843499388AB}"
    HKCR\Clsid\{3F7E975B-B759-4919-B16D-A843499388AB}

    Removing: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved "{C6C55FEE-A487-42A4-BE18-B501678B7683}"
    HKCR\Clsid\{C6C55FEE-A487-42A4-BE18-B501678B7683}

    Removing: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved "{2C2E5696-F790-4D70-89F4-EEBC32878F0C}"
    HKCR\Clsid\{2C2E5696-F790-4D70-89F4-EEBC32878F0C}

    Removing: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved "{E17521A9-0D53-48CC-B1F8-F67F2F934ED3}"
    HKCR\Clsid\{E17521A9-0D53-48CC-B1F8-F67F2F934ED3}

    Removing: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved "{DBDA3163-5580-4336-A252-E6D44722A69B}"
    HKCR\Clsid\{DBDA3163-5580-4336-A252-E6D44722A69B}

    Removing: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved "{6F847E77-5B3C-426A-B5CF-2DB565BF1DEE}"
    HKCR\Clsid\{6F847E77-5B3C-426A-B5CF-2DB565BF1DEE}

    Removing: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved "{63333E8F-1A50-4654-AC90-0B5A678D40E3}"
    HKCR\Clsid\{63333E8F-1A50-4654-AC90-0B5A678D40E3}

    Removing: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved "{38ED6C8D-44DB-4149-B5DF-9D76BBE8B040}"
    HKCR\Clsid\{38ED6C8D-44DB-4149-B5DF-9D76BBE8B040}

    Removing: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved "{3BE93DA6-D772-4FED-9095-83571E465F8D}"
    HKCR\Clsid\{3BE93DA6-D772-4FED-9095-83571E465F8D}

    Removing: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved "{ED34EC69-DCEF-4435-8397-3E0341B4B34D}"
    HKCR\Clsid\{ED34EC69-DCEF-4435-8397-3E0341B4B34D}

    Removing: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved "{A27F59E9-1F16-4476-807E-2D1D188A3873}"
    HKCR\Clsid\{A27F59E9-1F16-4476-807E-2D1D188A3873}

    Removing: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved "{50498B7B-5EBF-4B45-8EA5-BBBD267EAAA5}"
    HKCR\Clsid\{50498B7B-5EBF-4B45-8EA5-BBBD267EAAA5}

    Removing: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved "{6B4DED88-E4D1-46DB-A56F-60076613239C}"
    HKCR\Clsid\{6B4DED88-E4D1-46DB-A56F-60076613239C}

    Removing: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved "{8B3A671B-8FE9-4AA9-BFCA-288FDBB31BB8}"
    HKCR\Clsid\{8B3A671B-8FE9-4AA9-BFCA-288FDBB31BB8}

    Removing: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved "{E3E0E448-17E4-4242-8095-BF929040559A}"
    HKCR\Clsid\{E3E0E448-17E4-4242-8095-BF929040559A}

    Removing: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved "{5A49C229-A567-46B7-A10F-F21C86589459}"
    HKCR\Clsid\{5A49C229-A567-46B7-A10F-F21C86589459}

    Removing: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved "{EF02A485-11B8-4C54-9DD2-70CA3E20F001}"
    HKCR\Clsid\{EF02A485-11B8-4C54-9DD2-70CA3E20F001}

    Removing: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved "{2691CF06-93BE-49EB-A017-67105AAA4AE0}"
    HKCR\Clsid\{2691CF06-93BE-49EB-A017-67105AAA4AE0}

    Removing: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved "{30CF4488-FD7E-4F2A-9602-B4E3482EF506}"
    HKCR\Clsid\{30CF4488-FD7E-4F2A-9602-B4E3482EF506}

    Removing: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved "{D409096D-C96A-4C1B-A6EB-1EA14CA1892B}"
    HKCR\Clsid\{D409096D-C96A-4C1B-A6EB-1EA14CA1892B}

    Removing: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved "{2C34CCDC-EF9E-445C-815B-5EE162BA9141}"
    HKCR\Clsid\{2C34CCDC-EF9E-445C-815B-5EE162BA9141}

    Removing: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved "{C2805E1F-7C9F-422D-90B7-E481D2D95180}"
    HKCR\Clsid\{C2805E1F-7C9F-422D-90B7-E481D2D95180}

    Removing: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved "{5F6A4556-642D-4441-A618-8D6A1E2CDBC4}"
    HKCR\Clsid\{5F6A4556-642D-4441-A618-8D6A1E2CDBC4}

    Removing: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved "{7B212BE7-EFD5-41A6-B44D-A0DAB2947872}"
    HKCR\Clsid\{7B212BE7-EFD5-41A6-B44D-A0DAB2947872}

    Removing: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved "{CC9C67E8-07FF-4A0B-B877-A92E0A482BFB}"
    HKCR\Clsid\{CC9C67E8-07FF-4A0B-B877-A92E0A482BFB}

    Removing: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved "{353379DD-98B9-4B7F-BDA8-246D373927E6}"
    HKCR\Clsid\{353379DD-98B9-4B7F-BDA8-246D373927E6}

    Removing: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved "{FF8C4F20-A29D-4662-BAE5-FB3EDCBE0109}"
    HKCR\Clsid\{FF8C4F20-A29D-4662-BAE5-FB3EDCBE0109}

    Removing: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved "{23B42EB8-34C6-4B0A-B9AF-3B5B61BF81CD}"
    HKCR\Clsid\{23B42EB8-34C6-4B0A-B9AF-3B5B61BF81CD}

    Removing: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved "{4CC89620-03BE-4EE7-AFAE-B655266A1A12}"
    HKCR\Clsid\{4CC89620-03BE-4EE7-AFAE-B655266A1A12}

    Removing: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved "{B285038A-9A1A-4C9A-9794-39D609880477}"
    HKCR\Clsid\{B285038A-9A1A-4C9A-9794-39D609880477}

    Removing: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved "{10CD73CC-15A7-484E-8C22-4B14D4B62521}"
    HKCR\Clsid\{10CD73CC-15A7-484E-8C22-4B14D4B62521}

    Removing: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved "{EC2E9457-75EB-4156-93A0-7F9CB3669D46}"
    HKCR\Clsid\{EC2E9457-75EB-4156-93A0-7F9CB3669D46}

    Removing: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved "{643D9AF5-2C90-403A-A85C-7339A05D3F04}"
    HKCR\Clsid\{643D9AF5-2C90-403A-A85C-7339A05D3F04}

    Removing: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved "{ABA379FF-EBBD-408C-A137-3E4F1B58F2DE}"
    HKCR\Clsid\{ABA379FF-EBBD-408C-A137-3E4F1B58F2DE}

    Removing: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved "{8184FB3A-DACB-44A4-A035-ABAC12E2D939}"
    HKCR\Clsid\{8184FB3A-DACB-44A4-A035-ABAC12E2D939}

    Removing: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved "{63A72F31-4057-488B-9FDF-4AF3FC33AD86}"
    HKCR\Clsid\{63A72F31-4057-488B-9FDF-4AF3FC33AD86}

    Removing: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved "{6AF6648D-0E87-463C-8131-D87169543F71}"
    HKCR\Clsid\{6AF6648D-0E87-463C-8131-D87169543F71}

    Removing: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved "{903BCABF-37CA-448C-9912-65BDBFD74C99}"
    HKCR\Clsid\{903BCABF-37CA-448C-9912-65BDBFD74C99}

    Removing: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved "{1561034F-7474-48F1-9D9C-EAE236E0CBA9}"
    HKCR\Clsid\{1561034F-7474-48F1-9D9C-EAE236E0CBA9}

    Removing: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved "{47509E7D-2A2F-439B-B09A-90E4D5AE7420}"
    HKCR\Clsid\{47509E7D-2A2F-439B-B09A-90E4D5AE7420}

    Removing: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved "{A4FF4B9F-4F27-479B-9D4B-4B5131A24DE4}"
    HKCR\Clsid\{A4FF4B9F-4F27-479B-9D4B-4B5131A24DE4}

    Removing: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved "{C5533C8D-402D-4CFC-883C-C76F23A50CDD}"
    HKCR\Clsid\{C5533C8D-402D-4CFC-883C-C76F23A50CDD}

    Removing: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved "{BFA0F813-8560-4775-A08E-25A9BC293B98}"
    HKCR\Clsid\{BFA0F813-8560-4775-A08E-25A9BC293B98}

    Removing: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved "{F09FF679-9B4F-49F4-B5EF-CE05AF32E4A0}"
    HKCR\Clsid\{F09FF679-9B4F-49F4-B5EF-CE05AF32E4A0}

    Removing: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved "{AA55EA60-FC81-4AD2-95E4-659D7D911BD7}"
    HKCR\Clsid\{AA55EA60-FC81-4AD2-95E4-659D7D911BD7}

    Removing: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved "{83BDB0DE-8726-4578-BF6C-F2AFF049BB4A}"
    HKCR\Clsid\{83BDB0DE-8726-4578-BF6C-F2AFF049BB4A}

    Removing: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved "{B024DC97-B4C3-496D-899B-BB19883AA6F4}"
    HKCR\Clsid\{B024DC97-B4C3-496D-899B-BB19883AA6F4}

    Removing: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved "{9240957E-4E2B-4E6A-BE96-F6F00754B299}"
    HKCR\Clsid\{9240957E-4E2B-4E6A-BE96-F6F00754B299}

    Removing: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved "{1EE4FFF8-F9BE-47F0-9A7C-2EF8AD9998C6}"
    HKCR\Clsid\{1EE4FFF8-F9BE-47F0-9A7C-2EF8AD9998C6}

    Removing: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved "{BFD81CF7-CB72-4B12-906B-909AAC9054B1}"
    HKCR\Clsid\{BFD81CF7-CB72-4B12-906B-909AAC9054B1}

    Removing: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved "{F043F124-2841-4004-93D0-5AB761F9FFB6}"
    HKCR\Clsid\{F043F124-2841-4004-93D0-5AB761F9FFB6}

    Removing: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved "{F1467DD4-8CD3-4BE7-9EC5-275694613A9B}"
    HKCR\Clsid\{F1467DD4-8CD3-4BE7-9EC5-275694613A9B}

    Removing: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved "{C6172078-0A46-42A6-8DAC-7B93544C4789}"
    HKCR\Clsid\{C6172078-0A46-42A6-8DAC-7B93544C4789}

    Removing: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved "{52310B18-5092-43D3-B2F6-410B5EE4DF12}"
    HKCR\Clsid\{52310B18-5092-43D3-B2F6-410B5EE4DF12}

    Removing: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved "{1FAFCCFD-7C19-430F-B65B-CB01A114043C}"
    HKCR\Clsid\{1FAFCCFD-7C19-430F-B65B-CB01A114043C}

    Restoring Windows certificates.

    Replaced hosts file with default windows hosts file


    Restoring SeDebugPrivilege for Järjestelmänvalvojat - Succeeded


    Eli näin... aika paljo tekstiä näyttäis olevan.
     
  5. Jurppis

    Jurppis Regular member

    Liittynyt:
    22.02.2006
    Viestejä:
    659
    Kiitokset:
    0
    Pisteet:
    26
    Päivitä ensin Ewido käynnistämällä ohjelma ja painamalla Update kohtaa.

    Lataa tuosta Brute Force Uninstaller työpöydällesi.
    http://www.merijn.org/files/bfu.zip

    Oikea-klikkaa BFU zippiä työpöydälläsi, ja valitse Pura kaikki.
    Klikkaa "Seuraava"
    Boksissa missä valita mihin haluat tiedostot purkaa,
    Klikkaa "Selaa"
    Klikkaa + merkkiä oman tietokoneen vieressä
    Klikkaa "Paikallinen Levy ( C: )" tai mikä sinun tärkein levysi onkin
    Klikkaa "Tee uusi kansio"
    Kirjoita BFU
    Klikkaa "Seuraava", ja ÄLÄ rastita boksia "Näytä puretut tiedostot" ja klikkaa "Valmis".

    OIKEA-KLIKKAA Tätä linkkiä -> http://metallica.geekstogo.com/alcanshorty.bfu <- ja valitse "Save As" (Explorerissa "Save Target As") ladataksesi Alcra PLUS Poistajan.
    Tallenna se samaan kansioon jonka teit aiemmin (c:\BFU).

    Älä tee mitään tällä vielä!

    Käynnistä koneesi vikasietotilaan naputtamalla F8 näppäintä käynnistyksen yhteydessä.

    Klikkaa Käynnistä > Oma tietokone ja navigoi C:\BFU kansioon.

    Käynnistä Brute Force Uninstaller tupla-klikkaamalla BFU.exe
    Scriptline to execute kentässä kirjoita tai liitä c:\bfu\alcanshorty.bfu
    Klikkaa Execute ja anna sen tehdä työnsä. (Sinun pitäisi nähdä edistyspalkki jos teit tämän oikein.)
    Odota Complete script execution boksia ja klikkaa OK.
    Klikkaa exit lopettaaksesi Brute Force Uninstallerin.

    Seuraavaksi skannaa vieläkin vikasietotilassa Ewidolla full system scan ja tallenna siitä skannaustulokset.

    Käynnistä normaalisti uudelleen ja postita tuore HijackThis logi sekä Ewidon raportti.
     
  6. TooMuch

    TooMuch Regular member

    Liittynyt:
    23.08.2004
    Viestejä:
    116
    Kiitokset:
    0
    Pisteet:
    26
    Tässä taas logia ja reporttia:

    [bold]HJT:[/bold]

    Logfile of HijackThis v1.99.1
    Scan saved at 20:33:29, on 21.7.2006
    Platform: Windows XP (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP1 (6.00.2600.0000)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\system32\LEXBCES.EXE
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\system32\LEXPPS.EXE
    C:\WINDOWS\SOUNDMAN.EXE
    C:\Program Files\ahead\InCD\InCD.exe
    C:\PROGRA~1\MICROS~2\GAMECO~1\Common\SWTrayV4.exe
    C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
    C:\Program Files\Lexmark X1100 Series\lxbkbmgr.exe
    C:\Program Files\MessengerPlus! 3\MsgPlus.exe
    C:\Program Files\QuickTime\qttask.exe
    C:\WINDOWS\System32\RUNDLL32.EXE
    C:\Program Files\Winamp\winampa.exe
    C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
    C:\Program Files\Common Files\Real\Update_OB\realsched.exe
    C:\Program Files\D-Tools\daemon.exe
    C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
    C:\WINDOWS\wt\wcmdmgr.exe
    C:\WINDOWS\System32\ctfmon.exe
    C:\Program Files\Yak!\Yak.exe
    C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
    C:\Program Files\WIDCOMM\Bluetooth-ohjelmisto\BTTray.exe
    C:\Program Files\Ulead Systems\Ulead Photo Express 4.0 SE\CalCheck.exe
    C:\Program Files\USB Phone\USB Driver\USB Phone Driver.exe
    C:\Program Files\Zone Labs\ZoneAlarm\zapro.exe
    C:\Program Files\Lexmark X1100 Series\lxbkbmon.exe
    C:\Program Files\WIDCOMM\Bluetooth-ohjelmisto\bin\btwdins.exe
    C:\Program Files\ewido\security suite\ewidoctrl.exe
    C:\Program Files\TClock\TClock.exe
    C:\Program Files\CA\SharedComponents\CA_LIC\LogWatNT.exe
    C:\WINDOWS\System32\nvsvc32.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\System32\UAService7.exe
    C:\WINDOWS\system32\ZoneLabs\vsmon.exe
    C:\WINDOWS\System32\wuauclt.exe
    C:\WINDOWS\System32\wuauclt.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\hjt\HijackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.dnainternet.fi/
    O2 - BHO: WhIeHelperObj Class - {c900b400-cdfe-11d3-976a-00e02913a9e0} - C:\Program Files\webHancer\programs\whiehlpr.dll (file missing)
    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
    O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
    O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
    O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb02.exe
    O4 - HKLM\..\Run: [InCD] C:\Program Files\ahead\InCD\InCD.exe
    O4 - HKLM\..\Run: [SideWinderTrayV4] C:\PROGRA~1\MICROS~2\GAMECO~1\Common\SWTrayV4.exe
    O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
    O4 - HKLM\..\Run: [Lexmark X1100 Series] "C:\Program Files\Lexmark X1100 Series\lxbkbmgr.exe"
    O4 - HKLM\..\Run: [wcmdmgr] C:\WINDOWS\wt\wcmdmgrl.exe -launch
    O4 - HKLM\..\Run: [MessengerPlus3] "C:\Program Files\MessengerPlus! 3\MsgPlus.exe"
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit
    O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe
    O4 - HKLM\..\Run: [ISUSPM Startup] "C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" -startup
    O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
    O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
    O4 - HKLM\..\Run: [DAEMON Tools-1033] "C:\Program Files\D-Tools\daemon.exe" -lang 1033
    O4 - HKLM\..\Run: [webHancer Agent] C:\Program Files\webHancer\Programs\whagent.exe
    O4 - HKLM\..\Run: [webHancer Survey Companion] C:\Program Files\webHancer\Programs\whsurvey.exe
    O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
    O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
    O4 - HKLM\..\Run: [MSConfig] C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto
    O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe
    O4 - HKCU\..\Run: [modex] C:\WINDOWS\System32\modex.exe
    O4 - HKCU\..\Run: [Yak!] C:\Program Files\Yak!\Yak.exe
    O4 - HKCU\..\Run: [961a5975.exe] C:\Documents and Settings\Manninen\Local Settings\Application Data\961a5975.exe
    O4 - HKCU\..\Run: [TClock.exe] C:\Program Files\TClock\tclock_install.exe
    O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
    O4 - Global Startup: BTTray.lnk = ?
    O4 - Global Startup: Ulead Photo Express 4.0 SE Calendar Checker .lnk = C:\Program Files\Ulead Systems\Ulead Photo Express 4.0 SE\CalCheck.exe
    O4 - Global Startup: USB Phone Driver Startup.lnk = ?
    O4 - Global Startup: ZoneAlarm Pro.lnk = C:\Program Files\Zone Labs\ZoneAlarm\zapro.exe
    O8 - Extra context menu item: Download &All by FD - C:\Program Files\FreshDevices\FreshDownload\fdiectx2.htm
    O8 - Extra context menu item: Download with &FD - C:\Program Files\FreshDevices\FreshDownload\fdiectx.htm
    O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MI1933~1\OFFICE11\EXCEL.EXE/3000
    O8 - Extra context menu item: Lähetä &Bluetooth-laitteeseen - C:\Program Files\WIDCOMM\Bluetooth-ohjelmisto\btsendto_ie_ctx.htm
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
    O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MI1933~1\OFFICE11\REFIEBAR.DLL
    O9 - Extra button: Researcher - {9455301C-CF6B-11D3-A266-00C04F689C50} - C:\Program Files\Common Files\Microsoft Shared\Reference 2001\EROProj.dll
    O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth-ohjelmisto\btsendto_ie.htm
    O9 - Extra 'Tools' menuitem: @btrez.dll,-4017 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth-ohjelmisto\btsendto_ie.htm
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
    O9 - Extra button: Tuki - {03D1C9E4-278C-4D5C-A0A4-B7CD0A74CD94} - http://tuki.elisa.net/ (file missing) (HKCU)
    O9 - Extra button: SMS-viesti - {29EDF730-43EA-45F0-A446-0934AF879926} - http://sms.kolumbus.fi/ (file missing) (HKCU)
    O9 - Extra button: Palvelut - {DD404E7A-1755-4083-B78D-03A537C66F16} - http://service.kolumbus.fi/ (file missing) (HKCU)
    O12 - Plugin for .pdf: C:\Program Files\Internet Explorer\PLUGINS\nppdf32.dll
    O14 - IERESET.INF: START_PAGE_URL=http://elisa.net/
    O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} - http://ak.imgfarm.com/images/nocache/funwebproducts/ei/HistorySwatterFWBInitialSetup1.0.0.15.cab
    O16 - DPF: {42F2C9BA-614F-47C0-B3E3-ECFD34EED658} - http://promo.dollarrevenue.com/activex/promocache/3130302D2D2D.exe
    O16 - DPF: {DECEAAA2-370A-49BB-9362-68C3A58DDC62} (SAIX) - http://static.zangocash.com/cab/Zan...b3ad7583cce2:86ce58ef4ad882ce96e46115b5703919
    O17 - HKLM\System\CCS\Services\Tcpip\..\{0D41412C-FA8E-4A6F-9CCE-C9DB02D522F5}: NameServer = 85.255.113.126,85.255.112.102
    O17 - HKLM\System\CCS\Services\Tcpip\..\{35183CD9-48CB-48EC-BDBF-39C081545BA4}: NameServer = 85.255.113.126,85.255.112.102
    O17 - HKLM\System\CCS\Services\Tcpip\..\{405E2D66-B7DF-4E2A-BC46-9568956B9672}: NameServer = 85.255.113.126,85.255.112.102
    O17 - HKLM\System\CCS\Services\Tcpip\..\{4A8807AF-9233-4CF8-976C-F30013E39665}: NameServer = 85.255.113.126,85.255.112.102
    O17 - HKLM\System\CCS\Services\Tcpip\..\{7E3E0AA6-44DA-4572-AB2E-C07F98AB1D69}: NameServer = 85.255.113.126 85.255.112.102
    O17 - HKLM\System\CCS\Services\Tcpip\..\{813805FE-494E-44BE-B590-29FD1D24CA4A}: NameServer = 85.255.113.126,85.255.112.102
    O17 - HKLM\System\CCS\Services\Tcpip\..\{CA554C8F-D8DA-4C44-B65A-ED5C9AF5A22D}: NameServer = 85.255.113.126,85.255.112.102
    O17 - HKLM\System\CCS\Services\Tcpip\..\{D39B307B-0559-45E7-9851-B0463A07B8C0}: NameServer = 85.255.113.126,85.255.112.102
    O17 - HKLM\System\CCS\Services\Tcpip\..\{D563BC21-0200-452B-90EA-E990DB60F793}: NameServer = 85.255.113.126,85.255.112.102
    O17 - HKLM\System\CS2\Services\Tcpip\..\{0D41412C-FA8E-4A6F-9CCE-C9DB02D522F5}: NameServer = 85.255.113.126,85.255.112.102
    O17 - HKLM\System\CS3\Services\Tcpip\..\{0D41412C-FA8E-4A6F-9CCE-C9DB02D522F5}: NameServer = 85.255.113.126,85.255.112.102
    O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
    O18 - Protocol: widimg - {EE7C2AFF-5742-44FF-BD0E-E521B0D3C3BA} - C:\WINDOWS\System32\btxppanel.dll
    O21 - SSODL: IEFilter - {AB8B669D-1611-44DE-B432-9C0F8C3028BE} - C:\WINDOWS\system32\IEFilter.dll (file missing)
    O23 - Service: .NET Runtime Optimization Service v1.000.3.1434 - Unknown owner - C:\WINDOWS\System32\jntfctun.exe (file missing)
    O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\WIDCOMM\Bluetooth-ohjelmisto\bin\btwdins.exe
    O23 - Service: CA License Client (CA_LIC_CLNT) - Computer Associates - C:\Program Files\CA\SharedComponents\CA_LIC\lic98rmt.exe
    O23 - Service: CA License Server (CA_LIC_SRVR) - Computer Associates - C:\Program Files\CA\SharedComponents\CA_LIC\lic98rmtd.exe
    O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido\security suite\ewidoctrl.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
    O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
    O23 - Service: Event Log Watch (LogWatch) - Computer Associates - C:\Program Files\CA\SharedComponents\CA_LIC\LogWatNT.exe
    O23 - Service: Macromedia Licensing Service - Unknown owner - C:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe
    O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
    O23 - Service: Service - Unknown owner - C:\WINDOWS\System32\Service.exe (file missing)
    O23 - Service: SecuROM User Access Service (V7) (UserAccess7) - Sony DADC Austria AG. - C:\WINDOWS\System32\UAService7.exe
    O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs Inc. - C:\WINDOWS\system32\ZoneLabs\vsmon.exe


    [bold]EWIDO:[/bold]

    ---------------------------------------------------------
    ewido anti-malware - Scan report
    ---------------------------------------------------------

    + Created on: 20:27:41, 21.7.2006
    + Report-Checksum: D7C47D31

    + Scan result:

    HKLM\SOFTWARE\Classes\WhIeHelperObj.WhIeHelperObj -> Adware.WebHancer : Cleaned with backup
    HKLM\SOFTWARE\Classes\WhIeHelperObj.WhIeHelperObj\CurVer -> Adware.WebHancer : Cleaned with backup
    HKLM\SOFTWARE\Classes\WhIeHelperObj.WhIeHelperObj.1 -> Adware.WebHancer : Cleaned with backup
    HKLM\SOFTWARE\Classes\WUSN.1 -> Adware.SaveNow : Cleaned with backup
    HKLM\SOFTWARE\Media Access -> Adware.WinAD : Cleaned with backup
    HKLM\SOFTWARE\Microsoft\UPnP Device Host\Description\{3C51752E-F81E-415A-8833-E967298BD85B} -> Adware.CoolWebSearch : Cleaned with backup
    HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\SaveNow -> Adware.SaveNow : Cleaned with backup
    HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\webHancer Agent -> Adware.WebHancer : Cleaned with backup
    HKLM\SOFTWARE\sau -> Adware.180Solutions : Cleaned with backup
    HKLM\SOFTWARE\webhancer -> Adware.WebHancer : Cleaned with backup
    HKLM\SOFTWARE\webhancer\CC -> Adware.WebHancer : Cleaned with backup
    HKLM\SOFTWARE\webhancer\ESO -> Adware.WebHancer : Cleaned with backup
    HKU\S-1-5-21-1547161642-2139871995-839522115-1003\Software\IntermixMedia -> Adware.Ezula : Cleaned with backup
    HKU\S-1-5-21-1547161642-2139871995-839522115-1003\Software\sau -> Adware.180Solutions : Cleaned with backup
    [464] C:\Program Files\webHancer\Programs\webhdll.dll -> Adware.WebHancer : Cleaned with backup
    C:\anad.exe -> Downloader.Tiny.bw : Cleaned with backup
    C:\Documents and Settings\jou\Cookies\jou@image.masterstats[1].txt -> TrackingCookie.Masterstats : Cleaned with backup
    C:\Documents and Settings\jou\Local Settings\Application Data\961a5975.exe -> Downloader.Tiny.bw : Cleaned with backup
    C:\Documents and Settings\jou.TIETOKONE1\Cookies\jou@cs.sexcounter[2].txt -> TrackingCookie.Sexcounter : Cleaned with backup
    C:\Documents and Settings\jou.TIETOKONE1\Local Settings\Application Data\961a5975.exe -> Downloader.Tiny.bw : Cleaned with backup
    :mozilla.12:C:\Documents and Settings\Manninen\Application Data\Mozilla\Firefox\Profiles\aoyev9g0.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned with backup
    :mozilla.13:C:\Documents and Settings\Manninen\Application Data\Mozilla\Firefox\Profiles\aoyev9g0.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned with backup
    :mozilla.14:C:\Documents and Settings\Manninen\Application Data\Mozilla\Firefox\Profiles\aoyev9g0.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned with backup
    :mozilla.15:C:\Documents and Settings\Manninen\Application Data\Mozilla\Firefox\Profiles\aoyev9g0.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned with backup
    :mozilla.16:C:\Documents and Settings\Manninen\Application Data\Mozilla\Firefox\Profiles\aoyev9g0.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned with backup
    :mozilla.17:C:\Documents and Settings\Manninen\Application Data\Mozilla\Firefox\Profiles\aoyev9g0.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned with backup
    :mozilla.18:C:\Documents and Settings\Manninen\Application Data\Mozilla\Firefox\Profiles\aoyev9g0.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned with backup
    :mozilla.19:C:\Documents and Settings\Manninen\Application Data\Mozilla\Firefox\Profiles\aoyev9g0.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned with backup
    :mozilla.28:C:\Documents and Settings\Manninen\Application Data\Mozilla\Firefox\Profiles\aoyev9g0.default\cookies.txt -> TrackingCookie.Spylog : Cleaned with backup
    :mozilla.30:C:\Documents and Settings\Manninen\Application Data\Mozilla\Firefox\Profiles\aoyev9g0.default\cookies.txt -> TrackingCookie.Euroclick : Cleaned with backup
    :mozilla.31:C:\Documents and Settings\Manninen\Application Data\Mozilla\Firefox\Profiles\aoyev9g0.default\cookies.txt -> TrackingCookie.Euroclick : Cleaned with backup
    :mozilla.32:C:\Documents and Settings\Manninen\Application Data\Mozilla\Firefox\Profiles\aoyev9g0.default\cookies.txt -> TrackingCookie.Euroclick : Cleaned with backup
    :mozilla.33:C:\Documents and Settings\Manninen\Application Data\Mozilla\Firefox\Profiles\aoyev9g0.default\cookies.txt -> TrackingCookie.Euroclick : Cleaned with backup
    :mozilla.34:C:\Documents and Settings\Manninen\Application Data\Mozilla\Firefox\Profiles\aoyev9g0.default\cookies.txt -> TrackingCookie.Euroclick : Cleaned with backup
    :mozilla.35:C:\Documents and Settings\Manninen\Application Data\Mozilla\Firefox\Profiles\aoyev9g0.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned with backup
    :mozilla.36:C:\Documents and Settings\Manninen\Application Data\Mozilla\Firefox\Profiles\aoyev9g0.default\cookies.txt -> TrackingCookie.Fastclick : Cleaned with backup
    :mozilla.37:C:\Documents and Settings\Manninen\Application Data\Mozilla\Firefox\Profiles\aoyev9g0.default\cookies.txt -> TrackingCookie.Fastclick : Cleaned with backup
    :mozilla.49:C:\Documents and Settings\Manninen\Application Data\Mozilla\Firefox\Profiles\aoyev9g0.default\cookies.txt -> TrackingCookie.Tribalfusion : Cleaned with backup
    :mozilla.50:C:\Documents and Settings\Manninen\Application Data\Mozilla\Firefox\Profiles\aoyev9g0.default\cookies.txt -> TrackingCookie.Falkag : Cleaned with backup
    :mozilla.55:C:\Documents and Settings\Manninen\Application Data\Mozilla\Firefox\Profiles\aoyev9g0.default\cookies.txt -> TrackingCookie.Yadro : Cleaned with backup
    :mozilla.91:C:\Documents and Settings\Manninen\Application Data\Mozilla\Firefox\Profiles\aoyev9g0.default\cookies.txt -> TrackingCookie.Adserver : Cleaned with backup
    :mozilla.92:C:\Documents and Settings\Manninen\Application Data\Mozilla\Firefox\Profiles\aoyev9g0.default\cookies.txt -> TrackingCookie.Adserver : Cleaned with backup
    :mozilla.93:C:\Documents and Settings\Manninen\Application Data\Mozilla\Firefox\Profiles\aoyev9g0.default\cookies.txt -> TrackingCookie.Adserver : Cleaned with backup
    -> : Error during cleaning
    :mozilla.97:C:\Documents and Settings\Manninen\Application Data\Mozilla\Firefox\Profiles\aoyev9g0.default\cookies.txt -> TrackingCookie.Zedo : Cleaned with backup
    :mozilla.98:C:\Documents and Settings\Manninen\Application Data\Mozilla\Firefox\Profiles\aoyev9g0.default\cookies.txt -> TrackingCookie.Zedo : Cleaned with backup
    :mozilla.101:C:\Documents and Settings\Manninen\Application Data\Mozilla\Firefox\Profiles\aoyev9g0.default\cookies.txt -> TrackingCookie.Smartadserver : Cleaned with backup
    :mozilla.191:C:\Documents and Settings\Manninen\Application Data\Mozilla\Firefox\Profiles\aoyev9g0.default\cookies.txt -> TrackingCookie.Weborama : Cleaned with backup
    :mozilla.195:C:\Documents and Settings\Manninen\Application Data\Mozilla\Firefox\Profiles\aoyev9g0.default\cookies.txt -> TrackingCookie.Weborama : Cleaned with backup
    :mozilla.196:C:\Documents and Settings\Manninen\Application Data\Mozilla\Firefox\Profiles\aoyev9g0.default\cookies.txt -> TrackingCookie.Tacoda : Cleaned with backup
    :mozilla.199:C:\Documents and Settings\Manninen\Application Data\Mozilla\Firefox\Profiles\aoyev9g0.default\cookies.txt -> TrackingCookie.Tacoda : Cleaned with backup
    :mozilla.203:C:\Documents and Settings\Manninen\Application Data\Mozilla\Firefox\Profiles\aoyev9g0.default\cookies.txt -> TrackingCookie.Trafic : Cleaned with backup
    :mozilla.210:C:\Documents and Settings\Manninen\Application Data\Mozilla\Firefox\Profiles\aoyev9g0.default\cookies.txt -> TrackingCookie.Burstbeacon : Cleaned with backup
    :mozilla.215:C:\Documents and Settings\Manninen\Application Data\Mozilla\Firefox\Profiles\aoyev9g0.default\cookies.txt -> TrackingCookie.Web-stat : Cleaned with backup
    :mozilla.216:C:\Documents and Settings\Manninen\Application Data\Mozilla\Firefox\Profiles\aoyev9g0.default\cookies.txt -> TrackingCookie.Web-stat : Cleaned with backup
    :mozilla.217:C:\Documents and Settings\Manninen\Application Data\Mozilla\Firefox\Profiles\aoyev9g0.default\cookies.txt -> TrackingCookie.Targetnet : Cleaned with backup
    :mozilla.220:C:\Documents and Settings\Manninen\Application Data\Mozilla\Firefox\Profiles\aoyev9g0.default\cookies.txt -> TrackingCookie.Com : Cleaned with backup
    :mozilla.223:C:\Documents and Settings\Manninen\Application Data\Mozilla\Firefox\Profiles\aoyev9g0.default\cookies.txt -> TrackingCookie.Advertising : Cleaned with backup
    :mozilla.236:C:\Documents and Settings\Manninen\Application Data\Mozilla\Firefox\Profiles\aoyev9g0.default\cookies.txt -> TrackingCookie.Webtrendslive : Cleaned with backup
    :mozilla.240:C:\Documents and Settings\Manninen\Application Data\Mozilla\Firefox\Profiles\aoyev9g0.default\cookies.txt -> TrackingCookie.Sitestat : Cleaned with backup
    :mozilla.250:C:\Documents and Settings\Manninen\Application Data\Mozilla\Firefox\Profiles\aoyev9g0.default\cookies.txt -> TrackingCookie.Valueclick : Cleaned with backup
    :mozilla.255:C:\Documents and Settings\Manninen\Application Data\Mozilla\Firefox\Profiles\aoyev9g0.default\cookies.txt -> TrackingCookie.Serving-sys : Cleaned with backup
    :mozilla.256:C:\Documents and Settings\Manninen\Application Data\Mozilla\Firefox\Profiles\aoyev9g0.default\cookies.txt -> TrackingCookie.Serving-sys : Cleaned with backup
    :mozilla.258:C:\Documents and Settings\Manninen\Application Data\Mozilla\Firefox\Profiles\aoyev9g0.default\cookies.txt -> TrackingCookie.Serving-sys : Cleaned with backup
    :mozilla.259:C:\Documents and Settings\Manninen\Application Data\Mozilla\Firefox\Profiles\aoyev9g0.default\cookies.txt -> TrackingCookie.Serving-sys : Cleaned with backup
    :mozilla.276:C:\Documents and Settings\Manninen\Application Data\Mozilla\Firefox\Profiles\aoyev9g0.default\cookies.txt -> TrackingCookie.Valueclick : Cleaned with backup
    :mozilla.278:C:\Documents and Settings\Manninen\Application Data\Mozilla\Firefox\Profiles\aoyev9g0.default\cookies.txt -> TrackingCookie.Liveperson : Cleaned with backup
    :mozilla.288:C:\Documents and Settings\Manninen\Application Data\Mozilla\Firefox\Profiles\aoyev9g0.default\cookies.txt -> TrackingCookie.Revenue : Cleaned with backup
    :mozilla.289:C:\Documents and Settings\Manninen\Application Data\Mozilla\Firefox\Profiles\aoyev9g0.default\cookies.txt -> TrackingCookie.Revenue : Cleaned with backup
    :mozilla.291:C:\Documents and Settings\Manninen\Application Data\Mozilla\Firefox\Profiles\aoyev9g0.default\cookies.txt -> TrackingCookie.Ivwbox : Cleaned with backup
    :mozilla.323:C:\Documents and Settings\Manninen\Application Data\Mozilla\Firefox\Profiles\aoyev9g0.default\cookies.txt -> TrackingCookie.Mediaplex : Cleaned with backup
    :mozilla.334:C:\Documents and Settings\Manninen\Application Data\Mozilla\Firefox\Profiles\aoyev9g0.default\cookies.txt -> TrackingCookie.Com : Cleaned with backup
    :mozilla.344:C:\Documents and Settings\Manninen\Application Data\Mozilla\Firefox\Profiles\aoyev9g0.default\cookies.txt -> TrackingCookie.Pro-market : Cleaned with backup
    :mozilla.373:C:\Documents and Settings\Manninen\Application Data\Mozilla\Firefox\Profiles\aoyev9g0.default\cookies.txt -> TrackingCookie.Qksrv : Cleaned with backup
    :mozilla.374:C:\Documents and Settings\Manninen\Application Data\Mozilla\Firefox\Profiles\aoyev9g0.default\cookies.txt -> TrackingCookie.Qksrv : Cleaned with backup
    :mozilla.379:C:\Documents and Settings\Manninen\Application Data\Mozilla\Firefox\Profiles\aoyev9g0.default\cookies.txt -> TrackingCookie.Overture : Cleaned with backup
    :mozilla.380:C:\Documents and Settings\Manninen\Application Data\Mozilla\Firefox\Profiles\aoyev9g0.default\cookies.txt -> TrackingCookie.Overture : Cleaned with backup
    :mozilla.409:C:\Documents and Settings\Manninen\Application Data\Mozilla\Firefox\Profiles\aoyev9g0.default\cookies.txt -> TrackingCookie.Questionmarket : Cleaned with backup
    :mozilla.424:C:\Documents and Settings\Manninen\Application Data\Mozilla\Firefox\Profiles\aoyev9g0.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned with backup
    :mozilla.425:C:\Documents and Settings\Manninen\Application Data\Mozilla\Firefox\Profiles\aoyev9g0.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned with backup
    :mozilla.426:C:\Documents and Settings\Manninen\Application Data\Mozilla\Firefox\Profiles\aoyev9g0.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned with backup
    :mozilla.433:C:\Documents and Settings\Manninen\Application Data\Mozilla\Firefox\Profiles\aoyev9g0.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned with backup
    :mozilla.435:C:\Documents and Settings\Manninen\Application Data\Mozilla\Firefox\Profiles\aoyev9g0.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned with backup
    :mozilla.436:C:\Documents and Settings\Manninen\Application Data\Mozilla\Firefox\Profiles\aoyev9g0.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned with backup
    :mozilla.439:C:\Documents and Settings\Manninen\Application Data\Mozilla\Firefox\Profiles\aoyev9g0.default\cookies.txt -> TrackingCookie.Hotlog : Cleaned with backup
    :mozilla.447:C:\Documents and Settings\Manninen\Application Data\Mozilla\Firefox\Profiles\aoyev9g0.default\cookies.txt -> TrackingCookie.Estat : Cleaned with backup
    :mozilla.484:C:\Documents and Settings\Manninen\Application Data\Mozilla\Firefox\Profiles\aoyev9g0.default\cookies.txt -> TrackingCookie.Ru4 : Cleaned with backup
    :mozilla.500:C:\Documents and Settings\Manninen\Application Data\Mozilla\Firefox\Profiles\aoyev9g0.default\cookies.txt -> TrackingCookie.Doubleclick : Cleaned with backup
    :mozilla.525:C:\Documents and Settings\Manninen\Application Data\Mozilla\Firefox\Profiles\aoyev9g0.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned with backup
    :mozilla.526:C:\Documents and Settings\Manninen\Application Data\Mozilla\Firefox\Profiles\aoyev9g0.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned with backup
    :mozilla.527:C:\Documents and Settings\Manninen\Application Data\Mozilla\Firefox\Profiles\aoyev9g0.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned with backup
    :mozilla.547:C:\Documents and Settings\Manninen\Application Data\Mozilla\Firefox\Profiles\aoyev9g0.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned with backup
    :mozilla.548:C:\Documents and Settings\Manninen\Application Data\Mozilla\Firefox\Profiles\aoyev9g0.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned with backup
    :mozilla.576:C:\Documents and Settings\Manninen\Application Data\Mozilla\Firefox\Profiles\aoyev9g0.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned with backup
    :mozilla.577:C:\Documents and Settings\Manninen\Application Data\Mozilla\Firefox\Profiles\aoyev9g0.default\cookies.txt -> TrackingCookie.Bfast : Cleaned with backup
    :mozilla.591:C:\Documents and Settings\Manninen\Application Data\Mozilla\Firefox\Profiles\aoyev9g0.default\cookies.txt -> TrackingCookie.Clickbank : Cleaned with backup
    :mozilla.592:C:\Documents and Settings\Manninen\Application Data\Mozilla\Firefox\Profiles\aoyev9g0.default\cookies.txt -> TrackingCookie.Clickbank : Cleaned with backup
    :mozilla.595:C:\Documents and Settings\Manninen\Application Data\Mozilla\Firefox\Profiles\aoyev9g0.default\cookies.txt -> TrackingCookie.Com : Cleaned with backup
    :mozilla.596:C:\Documents and Settings\Manninen\Application Data\Mozilla\Firefox\Profiles\aoyev9g0.default\cookies.txt -> TrackingCookie.Com : Cleaned with backup
    :mozilla.597:C:\Documents and Settings\Manninen\Application Data\Mozilla\Firefox\Profiles\aoyev9g0.default\cookies.txt -> TrackingCookie.Burstnet : Cleaned with backup
    :mozilla.598:C:\Documents and Settings\Manninen\Application Data\Mozilla\Firefox\Profiles\aoyev9g0.default\cookies.txt -> TrackingCookie.Addynamix : Cleaned with backup
    :mozilla.599:C:\Documents and Settings\Manninen\Application Data\Mozilla\Firefox\Profiles\aoyev9g0.default\cookies.txt -> TrackingCookie.Specificclick : Cleaned with backup
    :mozilla.604:C:\Documents and Settings\Manninen\Application Data\Mozilla\Firefox\Profiles\aoyev9g0.default\cookies.txt -> TrackingCookie.Liveperson : Cleaned with backup
    :mozilla.605:C:\Documents and Settings\Manninen\Application Data\Mozilla\Firefox\Profiles\aoyev9g0.default\cookies.txt -> TrackingCookie.Serving-sys : Cleaned with backup
    :mozilla.609:C:\Documents and Settings\Manninen\Application Data\Mozilla\Firefox\Profiles\aoyev9g0.default\cookies.txt -> TrackingCookie.Enhance : Cleaned with backup
    :mozilla.610:C:\Documents and Settings\Manninen\Application Data\Mozilla\Firefox\Profiles\aoyev9g0.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup
    :mozilla.611:C:\Documents and Settings\Manninen\Application Data\Mozilla\Firefox\Profiles\aoyev9g0.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup
    :mozilla.612:C:\Documents and Settings\Manninen\Application Data\Mozilla\Firefox\Profiles\aoyev9g0.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup
    :mozilla.613:C:\Documents and Settings\Manninen\Application Data\Mozilla\Firefox\Profiles\aoyev9g0.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup
    :mozilla.614:C:\Documents and Settings\Manninen\Application Data\Mozilla\Firefox\Profiles\aoyev9g0.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup
    :mozilla.618:C:\Documents and Settings\Manninen\Application Data\Mozilla\Firefox\Profiles\aoyev9g0.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup
    :mozilla.619:C:\Documents and Settings\Manninen\Application Data\Mozilla\Firefox\Profiles\aoyev9g0.default\cookies.txt -> TrackingCookie.Falkag : Cleaned with backup
    :mozilla.620:C:\Documents and Settings\Manninen\Application Data\Mozilla\Firefox\Profiles\aoyev9g0.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup
    :mozilla.621:C:\Documents and Settings\Manninen\Application Data\Mozilla\Firefox\Profiles\aoyev9g0.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup
    :mozilla.622:C:\Documents and Settings\Manninen\Application Data\Mozilla\Firefox\Profiles\aoyev9g0.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup
    :mozilla.623:C:\Documents and Settings\Manninen\Application Data\Mozilla\Firefox\Profiles\aoyev9g0.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup
    :mozilla.624:C:\Documents and Settings\Manninen\Application Data\Mozilla\Firefox\Profiles\aoyev9g0.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup
    :mozilla.625:C:\Documents and Settings\Manninen\Application Data\Mozilla\Firefox\Profiles\aoyev9g0.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup
    :mozilla.632:C:\Documents and Settings\Manninen\Application Data\Mozilla\Firefox\Profiles\aoyev9g0.default\cookies.txt -> TrackingCookie.Adtech : Cleaned with backup
    :mozilla.633:C:\Documents and Settings\Manninen\Application Data\Mozilla\Firefox\Profiles\aoyev9g0.default\cookies.txt -> TrackingCookie.Adtech : Cleaned with backup
    :mozilla.635:C:\Documents and Settings\Manninen\Application Data\Mozilla\Firefox\Profiles\aoyev9g0.default\cookies.txt -> TrackingCookie.Sexcounter : Cleaned with backup
    :mozilla.638:C:\Documents and Settings\Manninen\Application Data\Mozilla\Firefox\Profiles\aoyev9g0.default\cookies.txt -> TrackingCookie.Bluestreak : Cleaned with backup
    :mozilla.664:C:\Documents and Settings\Manninen\Application Data\Mozilla\Firefox\Profiles\aoyev9g0.default\cookies.txt -> TrackingCookie.Atdmt : Cleaned with backup
    :mozilla.665:C:\Documents and Settings\Manninen\Application Data\Mozilla\Firefox\Profiles\aoyev9g0.default\cookies.txt -> TrackingCookie.247realmedia : Cleaned with backup
    :mozilla.666:C:\Documents and Settings\Manninen\Application Data\Mozilla\Firefox\Profiles\aoyev9g0.default\cookies.txt -> TrackingCookie.Sexcounter : Cleaned with backup
    :mozilla.668:C:\Documents and Settings\Manninen\Application Data\Mozilla\Firefox\Profiles\aoyev9g0.default\cookies.txt -> TrackingCookie.Advertising : Cleaned with backup
    :mozilla.669:C:\Documents and Settings\Manninen\Application Data\Mozilla\Firefox\Profiles\aoyev9g0.default\cookies.txt -> TrackingCookie.Advertising : Cleaned with backup
    :mozilla.670:C:\Documents and Settings\Manninen\Application Data\Mozilla\Firefox\Profiles\aoyev9g0.default\cookies.txt -> TrackingCookie.Advertising : Cleaned with backup
    :mozilla.671:C:\Documents and Settings\Manninen\Application Data\Mozilla\Firefox\Profiles\aoyev9g0.default\cookies.txt -> TrackingCookie.Advertising : Cleaned with backup
    :mozilla.672:C:\Documents and Settings\Manninen\Application Data\Mozilla\Firefox\Profiles\aoyev9g0.default\cookies.txt -> TrackingCookie.Advertising : Cleaned with backup
    :mozilla.674:C:\Documents and Settings\Manninen\Application Data\Mozilla\Firefox\Profiles\aoyev9g0.default\cookies.txt -> TrackingCookie.Pointroll : Cleaned with backup
    :mozilla.675:C:\Documents and Settings\Manninen\Application Data\Mozilla\Firefox\Profiles\aoyev9g0.default\cookies.txt -> TrackingCookie.Pointroll : Cleaned with backup
    :mozilla.676:C:\Documents and Settings\Manninen\Application Data\Mozilla\Firefox\Profiles\aoyev9g0.default\cookies.txt -> TrackingCookie.Pointroll : Cleaned with backup
    :mozilla.677:C:\Documents and Settings\Manninen\Application Data\Mozilla\Firefox\Profiles\aoyev9g0.default\cookies.txt -> TrackingCookie.Pointroll : Cleaned with backup
    :mozilla.684:C:\Documents and Settings\Manninen\Application Data\Mozilla\Firefox\Profiles\aoyev9g0.default\cookies.txt -> TrackingCookie.Goclick : Cleaned with backup
    :mozilla.691:C:\Documents and Settings\Manninen\Application Data\Mozilla\Firefox\Profiles\aoyev9g0.default\cookies.txt -> TrackingCookie.Hitslink : Cleaned with backup
    :mozilla.692:C:\Documents and Settings\Manninen\Application Data\Mozilla\Firefox\Profiles\aoyev9g0.default\cookies.txt -> TrackingCookie.Hitslink : Cleaned with backup
    :mozilla.694:C:\Documents and Settings\Manninen\Application Data\Mozilla\Firefox\Profiles\aoyev9g0.default\cookies.txt -> TrackingCookie.Goclick : Cleaned with backup
    :mozilla.695:C:\Documents and Settings\Manninen\Application Data\Mozilla\Firefox\Profiles\aoyev9g0.default\cookies.txt -> TrackingCookie.Hitslink : Cleaned with backup
    :mozilla.696:C:\Documents and Settings\Manninen\Application Data\Mozilla\Firefox\Profiles\aoyev9g0.default\cookies.txt -> TrackingCookie.Hitslink : Cleaned with backup
    C:\Documents and Settings\Manninen\Cookies\manninen@112.2o7[2].txt -> TrackingCookie.2o7 : Cleaned with backup
    C:\Documents and Settings\Manninen\Cookies\manninen@122.2o7[2].txt -> TrackingCookie.2o7 : Cleaned with backup
    C:\Documents and Settings\Manninen\Cookies\manninen@247realmedia[1].txt -> TrackingCookie.247realmedia : Cleaned with backup
    C:\Documents and Settings\Manninen\Cookies\manninen@2o7[2].txt -> TrackingCookie.2o7 : Cleaned with backup
    C:\Documents and Settings\Manninen\Cookies\manninen@ad.yieldmanager[2].txt -> TrackingCookie.Yieldmanager : Cleaned with backup
    C:\Documents and Settings\Manninen\Cookies\manninen@adopt.euroclick[1].txt -> TrackingCookie.Euroclick : Cleaned with backup
    C:\Documents and Settings\Manninen\Cookies\manninen@ads.addynamix[1].txt -> TrackingCookie.Addynamix : Cleaned with backup
    C:\Documents and Settings\Manninen\Cookies\manninen@ads.pointroll[2].txt -> TrackingCookie.Pointroll : Cleaned with backup
    C:\Documents and Settings\Manninen\Cookies\manninen@adtech[2].txt -> TrackingCookie.Adtech : Cleaned with backup
    C:\Documents and Settings\Manninen\Cookies\manninen@advertising[1].txt -> TrackingCookie.Advertising : Cleaned with backup
    C:\Documents and Settings\Manninen\Cookies\manninen@adviva[2].txt -> TrackingCookie.Adviva : Cleaned with backup
    C:\Documents and Settings\Manninen\Cookies\manninen@anad.tacoda[2].txt -> TrackingCookie.Tacoda : Cleaned with backup
    C:\Documents and Settings\Manninen\Cookies\manninen@as-eu.falkag[1].txt -> TrackingCookie.Falkag : Cleaned with backup
    C:\Documents and Settings\Manninen\Cookies\manninen@as-us.falkag[2].txt -> TrackingCookie.Falkag : Cleaned with backup
    C:\Documents and Settings\Manninen\Cookies\manninen@as.casalemedia[1].txt -> TrackingCookie.Casalemedia : Cleaned with backup
    C:\Documents and Settings\Manninen\Cookies\manninen@as1.falkag[1].txt -> TrackingCookie.Falkag : Cleaned with backup
    C:\Documents and Settings\Manninen\Cookies\manninen@atdmt[2].txt -> TrackingCookie.Atdmt : Cleaned with backup
    C:\Documents and Settings\Manninen\Cookies\manninen@banners.searchingbooth[1].txt -> TrackingCookie.Searchingbooth : Cleaned with backup
    C:\Documents and Settings\Manninen\Cookies\manninen@bfast[2].txt -> TrackingCookie.Bfast : Cleaned with backup
    C:\Documents and Settings\Manninen\Cookies\manninen@bluestreak[2].txt -> TrackingCookie.Bluestreak : Cleaned with backup
    C:\Documents and Settings\Manninen\Cookies\manninen@bs.serving-sys[2].txt -> TrackingCookie.Serving-sys : Cleaned with backup
    C:\Documents and Settings\Manninen\Cookies\manninen@burstnet[2].txt -> TrackingCookie.Burstnet : Cleaned with backup
    C:\Documents and Settings\Manninen\Cookies\manninen@casalemedia[1].txt -> TrackingCookie.Casalemedia : Cleaned with backup
    C:\Documents and Settings\Manninen\Cookies\manninen@cbs.112.2o7[1].txt -> TrackingCookie.2o7 : Cleaned with backup
    C:\Documents and Settings\Manninen\Cookies\manninen@citi.bridgetrack[2].txt -> TrackingCookie.Bridgetrack : Cleaned with backup
    C:\Documents and Settings\Manninen\Cookies\manninen@cnn.122.2o7[1].txt -> TrackingCookie.2o7 : Cleaned with backup
    C:\Documents and Settings\Manninen\Cookies\manninen@com[1].txt -> TrackingCookie.Com : Cleaned with backup
    C:\Documents and Settings\Manninen\Cookies\manninen@counter2.hitslink[2].txt -> TrackingCookie.Hitslink : Cleaned with backup
    C:\Documents and Settings\Manninen\Cookies\manninen@cpvfeed[1].txt -> TrackingCookie.Cpvfeed : Cleaned with backup
    C:\Documents and Settings\Manninen\Cookies\manninen@data.coremetrics[1].txt -> TrackingCookie.Coremetrics : Cleaned with backup
    C:\Documents and Settings\Manninen\Cookies\manninen@data2.perf.overture[1].txt -> TrackingCookie.Overture : Cleaned with backup
    C:\Documents and Settings\Manninen\Cookies\manninen@doubleclick[1].txt -> TrackingCookie.Doubleclick : Cleaned with backup
    C:\Documents and Settings\Manninen\Cookies\manninen@e-2dj6wfk4uhazgbo.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Cleaned with backup
    C:\Documents and Settings\Manninen\Cookies\manninen@edge.ru4[2].txt -> TrackingCookie.Ru4 : Cleaned with backup
    C:\Documents and Settings\Manninen\Cookies\manninen@ehg-alt64.hitbox[1].txt -> TrackingCookie.Hitbox : Cleaned with backup
    C:\Documents and Settings\Manninen\Cookies\manninen@ehg-atariinc.hitbox[2].txt -> TrackingCookie.Hitbox : Cleaned with backup
    C:\Documents and Settings\Manninen\Cookies\manninen@ehg-gamedaily.hitbox[2].txt -> TrackingCookie.Hitbox : Cleaned with backup
    C:\Documents and Settings\Manninen\Cookies\manninen@ehg-gamespot.hitbox[1].txt -> TrackingCookie.Hitbox : Cleaned with backup
    C:\Documents and Settings\Manninen\Cookies\manninen@ehg-globalgamingleague.hitbox[2].txt -> TrackingCookie.Hitbox : Cleaned with backup
    C:\Documents and Settings\Manninen\Cookies\manninen@ehg-hollywood.hitbox[1].txt -> TrackingCookie.Hitbox : Cleaned with backup
    C:\Documents and Settings\Manninen\Cookies\manninen@ehg-idg.hitbox[1].txt -> TrackingCookie.Hitbox : Cleaned with backup
    C:\Documents and Settings\Manninen\Cookies\manninen@ehg-idgentertainment.hitbox[2].txt -> TrackingCookie.Hitbox : Cleaned with backup
    C:\Documents and Settings\Manninen\Cookies\manninen@epilot[2].txt -> TrackingCookie.Epilot : Cleaned with backup
    C:\Documents and Settings\Manninen\Cookies\manninen@estat[1].txt -> TrackingCookie.Estat : Cleaned with backup
    C:\Documents and Settings\Manninen\Cookies\manninen@fad-1113.nyc1.targetnet[1].txt -> TrackingCookie.Targetnet : Cleaned with backup
    C:\Documents and Settings\Manninen\Cookies\manninen@fastclick[2].txt -> TrackingCookie.Fastclick : Cleaned with backup
    C:\Documents and Settings\Manninen\Cookies\manninen@findwhat[1].txt -> TrackingCookie.Findwhat : Cleaned with backup
    C:\Documents and Settings\Manninen\Cookies\manninen@fl01.ct2.comclick[1].txt -> TrackingCookie.Comclick : Cleaned with backup
    C:\Documents and Settings\Manninen\Cookies\manninen@hg1.hitbox[2].txt -> TrackingCookie.Hitbox : Cleaned with backup
    C:\Documents and Settings\Manninen\Cookies\manninen@hitbox[1].txt -> TrackingCookie.Hitbox : Cleaned with backup
    C:\Documents and Settings\Manninen\Cookies\manninen@image.masterstats[1].txt -> TrackingCookie.Masterstats : Cleaned with backup
    C:\Documents and Settings\Manninen\Cookies\manninen@ivwbox[1].txt -> TrackingCookie.Ivwbox : Cleaned with backup
    C:\Documents and Settings\Manninen\Cookies\manninen@linkbuddies[1].txt -> TrackingCookie.Linkbuddies : Cleaned with backup
    C:\Documents and Settings\Manninen\Cookies\manninen@linksynergy[2].txt -> TrackingCookie.Linksynergy : Cleaned with backup
    C:\Documents and Settings\Manninen\Cookies\manninen@media.fastclick[2].txt -> TrackingCookie.Fastclick : Cleaned with backup
    C:\Documents and Settings\Manninen\Cookies\manninen@media.top-banners[1].txt -> TrackingCookie.Top-banners : Cleaned with backup
    C:\Documents and Settings\Manninen\Cookies\manninen@mediaplex[1].txt -> TrackingCookie.Mediaplex : Cleaned with backup
    C:\Documents and Settings\Manninen\Cookies\manninen@msnportal.112.2o7[1].txt -> TrackingCookie.2o7 : Cleaned with backup
    C:\Documents and Settings\Manninen\Cookies\manninen@overture[2].txt -> TrackingCookie.Overture : Cleaned with backup
    C:\Documents and Settings\Manninen\Cookies\manninen@partygaming.122.2o7[1].txt -> TrackingCookie.2o7 : Cleaned with backup
    C:\Documents and Settings\Manninen\Cookies\manninen@perf.overture[1].txt -> TrackingCookie.Overture : Cleaned with backup
    C:\Documents and Settings\Manninen\Cookies\manninen@qksrv[2].txt -> TrackingCookie.Qksrv : Cleaned with backup
    C:\Documents and Settings\Manninen\Cookies\manninen@questionmarket[2].txt -> TrackingCookie.Questionmarket : Cleaned with backup
    C:\Documents and Settings\Manninen\Cookies\manninen@revenue[2].txt -> TrackingCookie.Revenue : Cleaned with backup
    C:\Documents and Settings\Manninen\Cookies\manninen@rotator.adjuggler[2].txt -> TrackingCookie.Adjuggler : Cleaned with backup
    C:\Documents and Settings\Manninen\Cookies\manninen@servedby.advertising[1].txt -> TrackingCookie.Advertising : Cleaned with backup
    C:\Documents and Settings\Manninen\Cookies\manninen@server.iad.liveperson[1].txt -> TrackingCookie.Liveperson : Cleaned with backup
    C:\Documents and Settings\Manninen\Cookies\manninen@serving-sys[2].txt -> TrackingCookie.Serving-sys : Cleaned with backup
    C:\Documents and Settings\Manninen\Cookies\manninen@spylog[1].txt -> TrackingCookie.Spylog : Cleaned with backup
    C:\Documents and Settings\Manninen\Cookies\manninen@stat.onestat[2].txt -> TrackingCookie.Onestat : Cleaned with backup
    C:\Documents and Settings\Manninen\Cookies\manninen@stats1.reliablestats[1].txt -> TrackingCookie.Reliablestats : Cleaned with backup
    C:\Documents and Settings\Manninen\Cookies\manninen@statse.webtrendslive[2].txt -> TrackingCookie.Webtrendslive : Cleaned with backup
    C:\Documents and Settings\Manninen\Cookies\manninen@tacoda[2].txt -> TrackingCookie.Tacoda : Cleaned with backup
    C:\Documents and Settings\Manninen\Cookies\manninen@targetnet[2].txt -> TrackingCookie.Targetnet : Cleaned with backup
    C:\Documents and Settings\Manninen\Cookies\manninen@tribalfusion[1].txt -> TrackingCookie.Tribalfusion : Cleaned with backup
    C:\Documents and Settings\Manninen\Cookies\manninen@valueclick[2].txt -> TrackingCookie.Valueclick : Cleaned with backup
    C:\Documents and Settings\Manninen\Cookies\manninen@web2.realtracker[1].txt -> TrackingCookie.Realtracker : Cleaned with backup
    C:\Documents and Settings\Manninen\Cookies\manninen@weborama[1].txt -> TrackingCookie.Weborama : Cleaned with backup
    C:\Documents and Settings\Manninen\Cookies\manninen@www.burstnet[1].txt -> TrackingCookie.Burstnet : Cleaned with backup
    C:\Documents and Settings\Manninen\Cookies\manninen@www.myaffiliateprogram[1].txt -> TrackingCookie.Myaffiliateprogram : Cleaned with backup
    C:\Documents and Settings\Manninen\Cookies\manninen@www.smartadserver[2].txt -> TrackingCookie.Smartadserver : Cleaned with backup
    C:\Documents and Settings\Manninen\Cookies\manninen@yadro[1].txt -> TrackingCookie.Yadro : Cleaned with backup
    C:\Documents and Settings\Manninen\Cookies\manninen@zedo[2].txt -> TrackingCookie.Zedo : Cleaned with backup
    C:\Documents and Settings\Manninen\Local Settings\Application Data\961a5975.exe -> Downloader.Tiny.bw : Cleaned with backup
    C:\Documents and Settings\Manninen\Työpöytä\suomipelit\Hectigo_kalma\kalma\dist\main.exe -> Worm.RJump.a : Cleaned with backup
    C:\Program Files\Common Files\qiwo\qiwoa.exe -> Downloader.TSUpdate.l : Cleaned with backup
    C:\Program Files\Common Files\qiwo\qiwod\qiwoc.dll -> Adware.TargetServer : Cleaned with backup
    C:\Program Files\Common Files\qiwo\qiwol.exe -> Downloader.TSUpdate.p : Cleaned with backup
    C:\Program Files\Common Files\qiwo\qiwom.exe -> Downloader.TSUpdate.n : Cleaned with backup
    C:\Program Files\Common Files\qiwo\qiwop.exe -> Downloader.TSUpdate.f : Cleaned with backup
    C:\Program Files\Deluxe Ski Jump 3\DSJ3.exe.exe -> Adware.Agent : Cleaned with backup
    C:\Program Files\Save -> Adware.SaveNow : Cleaned with backup
    C:\Program Files\Save\Save.exe -> Adware.SaveNow : Cleaned with backup
    C:\Program Files\Snowball Wars\SnowballWars.exe -> Dropper.VB.mz : Cleaned with backup
    C:\Program Files\webHancer\Programs\webhdll.dll -> Adware.WebHancer : Cleaned with backup
    C:\Program Files\webHancer\Programs\whagent.exe -> Adware.WebHancer : Cleaned with backup
    C:\Program Files\webHancer\Programs\whiehlpr.dll -> Adware.WebHancer : Cleaned with backup
    C:\Program Files\webHancer\Programs\whinstaller.exe -> Adware.WebHancer : Cleaned with backup
    C:\Program Files\webHancer\Programs\whsurvey.exe -> Adware.WebHancer : Cleaned with backup
    C:\Program Files\whInstall -> Adware.Webhancer : Cleaned with backup
    C:\Program Files\whInstall\license.txt -> Adware.Webhancer : Cleaned with backup
    C:\Program Files\whInstall\readme.txt -> Adware.Webhancer : Cleaned with backup
    C:\Program Files\whInstall\Sporder.dll -> Adware.Webhancer : Cleaned with backup
    C:\Program Files\whInstall\webhdll.dll -> Adware.Webhancer : Cleaned with backup
    C:\Program Files\whInstall\whAgent.exe -> Adware.Webhancer : Cleaned with backup
    C:\Program Files\whInstall\whAgent.ini -> Adware.Webhancer : Cleaned with backup
    C:\Program Files\whInstall\whiehlpr.dll -> Adware.Webhancer : Cleaned with backup
    C:\Program Files\whInstall\whInstaller.exe -> Adware.Webhancer : Cleaned with backup
    C:\Program Files\whInstall\whSurvey.exe -> Adware.Webhancer : Cleaned with backup
    C:\Program Files\Windows AdService\WinAdMaster.dll -> Adware.WinAD : Cleaned with backup
    C:\Program Files\Windows NT\horegowi.dll -> Downloader.Small.ctp : Cleaned with backup
    C:\WINDOWS\desktop.html -> Not-A-Virus.Hoax.Win32.Aflac.a : Cleaned with backup
    C:\WINDOWS\Downloaded Program Files\Install.dll -> Adware.SpywareStorm : Cleaned with backup
    C:\WINDOWS\icont.exe -> Adware.AdURL : Cleaned with backup
    C:\WINDOWS\iconu.exe -> Adware.Zestyfind : Cleaned with backup
    C:\WINDOWS\Installer.exe -> Adware.Look2Me : Cleaned with backup
    C:\WINDOWS\MTE3NDI6ODoxNg.exe -> Downloader.Small.buy : Cleaned with backup
    C:\WINDOWS\stub_113_4_0_4_0.exe -> Downloader.TSUpdate.o : Cleaned with backup
    C:\WINDOWS\system32\961a5975.exe -> Downloader.Tiny.bw : Cleaned with backup
    C:\WINDOWS\system32\FI20FRA.DLL -> Adware.Look2Me : Cleaned with backup
    C:\WINDOWS\system32\idownload.exe -> Downloader.Small.buy : Cleaned with backup
    C:\WINDOWS\system32\IEFilter.dll -> Trojan.Jetes : Cleaned with backup
    C:\WINDOWS\system32\jecojaaa.exe -> Downloader.Small.crx : Cleaned with backup
    C:\WINDOWS\system32\jntfctun.exe -> Proxy.Loser.a : Cleaned with backup
    C:\WINDOWS\system32\MPSD32.DLL -> Adware.Look2Me : Cleaned with backup
    C:\WINDOWS\system32\MSIEHelper.dll -> Trojan.Agent.fd : Cleaned with backup
    C:\WINDOWS\system32\private.exe -> Downloader.Delf.aco : Cleaned with backup
    C:\WINDOWS\system32\rzspy.exe -> Adware.Raze : Cleaned with backup
    C:\WINDOWS\system32\Service.exe -> Trojan.Agent.fd : Cleaned with backup
    C:\WINDOWS\system32\vclacuhg.exe -> Backdoor.Small.kw : Cleaned with backup
    C:\WINDOWS\TWF0dGkgTWFubmluZW4\asappsrv.dll -> Adware.CommAd : Cleaned with backup
    C:\WINDOWS\TWF0dGkgTWFubmluZW4\command.exe -> Adware.CommAd : Cleaned with backup
    C:\WINDOWS\warebundle.exe -> Adware.Look2Me : Cleaned with backup


    ::Report End

     
  7. Jurppis

    Jurppis Regular member

    Liittynyt:
    22.02.2006
    Viestejä:
    659
    Kiitokset:
    0
    Pisteet:
    26
    Muutama juttu vielä.

    Poista lisää / poista sovelluksilla webHancer sekä TClock tai vastaava.

    Avaa HijackThis, paina do system scan only ja merkkaa nämä(kaikkia ei välttämättä löydy):

    O2 - BHO: WhIeHelperObj Class - {c900b400-cdfe-11d3-976a-00e02913a9e0} - C:\Program Files\webHancer\programs\whiehlpr.dll (file missing)
    O4 - HKLM\..\Run: [webHancer Agent] C:\Program Files\webHancer\Programs\whagent.exe
    O4 - HKLM\..\Run: [webHancer Survey Companion] C:\Program Files\webHancer\Programs\whsurvey.exe
    O4 - HKCU\..\Run: [961a5975.exe] C:\Documents and Settings\Manninen\Local Settings\Application Data\961a5975.exe
    O4 - HKCU\..\Run: [TClock.exe] C:\Program Files\TClock\tclock_install.exe
    O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} - http://ak.imgfarm.com/images/nocache/funwebproducts/ei/HistorySwa...
    O16 - DPF: {42F2C9BA-614F-47C0-B3E3-ECFD34EED658} - http://promo.dollarrevenue.com/activex/promocache/3130302D2D2D.exe
    O16 - DPF: {DECEAAA2-370A-49BB-9362-68C3A58DDC62} (SAIX) - http://static.zangocash.com/cab/Zango/ie/bridge-c6.cab?d57370afca...
    O17 - HKLM\System\CCS\Services\Tcpip\..\{0D41412C-FA8E-4A6F-9CCE-C9DB02D522F5}: NameServer = 85.255.113.126,85.255.112.102
    O17 - HKLM\System\CCS\Services\Tcpip\..\{35183CD9-48CB-48EC-BDBF-39C081545BA4}: NameServer = 85.255.113.126,85.255.112.102
    O17 - HKLM\System\CCS\Services\Tcpip\..\{405E2D66-B7DF-4E2A-BC46-9568956B9672}: NameServer = 85.255.113.126,85.255.112.102
    O17 - HKLM\System\CCS\Services\Tcpip\..\{4A8807AF-9233-4CF8-976C-F30013E39665}: NameServer = 85.255.113.126,85.255.112.102
    O17 - HKLM\System\CCS\Services\Tcpip\..\{7E3E0AA6-44DA-4572-AB2E-C07F98AB1D69}: NameServer = 85.255.113.126 85.255.112.102
    O17 - HKLM\System\CCS\Services\Tcpip\..\{813805FE-494E-44BE-B590-29FD1D24CA4A}: NameServer = 85.255.113.126,85.255.112.102
    O17 - HKLM\System\CCS\Services\Tcpip\..\{CA554C8F-D8DA-4C44-B65A-ED5C9AF5A22D}: NameServer = 85.255.113.126,85.255.112.102
    O17 - HKLM\System\CCS\Services\Tcpip\..\{D39B307B-0559-45E7-9851-B0463A07B8C0}: NameServer = 85.255.113.126,85.255.112.102
    O17 - HKLM\System\CCS\Services\Tcpip\..\{D563BC21-0200-452B-90EA-E990DB60F793}: NameServer = 85.255.113.126,85.255.112.102
    O17 - HKLM\System\CS2\Services\Tcpip\..\{0D41412C-FA8E-4A6F-9CCE-C9DB02D522F5}: NameServer = 85.255.113.126,85.255.112.102
    O17 - HKLM\System\CS3\Services\Tcpip\..\{0D41412C-FA8E-4A6F-9CCE-C9DB02D522F5}: NameServer = 85.255.113.126,85.255.112.102
    O21 - SSODL: IEFilter - {AB8B669D-1611-44DE-B432-9C0F8C3028BE} - C:\WINDOWS\system32\IEFilter.dll (file missing)


    Sulje kaikki muut avoimet ikkunat ja paina fix cheked.

    Avaa muistio ja kopioi lainauksessa oleva teksti sinne

    paina muistiosta tiedosto -> tallenna nimellä. Valitse tiedostomuodoksi "kaikki tiedostot (*.*)"
    Tallenna tämän jälkeen tiedosto nimellä fix.bat työpöydälle. Kun olet tallentanut tiedoston, tuplaklikkaa sitä, odota vähän aikaa ja sitten sulje ikkuna.

    Mene vikasietotilaan ja poista siellä nämä tiedostot tai kansiot mikäli löytyy:

    C:\Program Files\->TClock
    C:\Program Files\->webHancer
    C:\Documents and Settings\Manninen\Local Settings\Application Data\->961a5975.exe
    C:\WINDOWS\System32\->961a5975.exe
    C:\WINDOWS\System32\->Service.exe
    C:\WINDOWS\System32\->jntfctun.exe

    Sitten käynnistä tietokoneesi normaalisti uudelleen ja mene tänne:
    http://www.virustotal.com

    Paina ylhäältä valitse ja navigoi tänne:
    C:\WINDOWS\System32\modex.exe
    Kun olet löytänyt tiedoston, tuplaklikkaa sitä ja paina send.
    Kun se on saanut skannattua sen (kestää jonkin aikaa) tallenna tulokset.

    Lähetä uusi HijackThis loki sekä virustotalin tulokset.

    PS. Ewido tuli ns. "väärä positiivinen" eli se poisti tämän:

    C:\Program Files\Deluxe Ski Jump 3\DSJ3.exe.exe

    Pahoittelut, ilmoitan ewidolle tästä :)
     
    Viimeksi muokattu: 22.07.2006
  8. TooMuch

    TooMuch Regular member

    Liittynyt:
    23.08.2004
    Viestejä:
    116
    Kiitokset:
    0
    Pisteet:
    26
    No niin, tuo kun VirusTotalilla piti skannata modex.exe tiedosto, niin en löytänyt sitä. Käytin Windowsin hakuakin, mutta ainoa mikä löytyi oli modex.dll. Skannasin sen sitten eikä löytynyt ainakaan siitä mitään... Ja tuo fix.bat homma niin ikkuna kyllä aukesi, mutta se sulkeutui heti millisekunnin jälkeen, eli ei pystynyt näkemään edes tekstiä joka siinä ikkunassa oli. Mutta tässä Hjt -log:

    HJT:

    Logfile of HijackThis v1.99.1
    Scan saved at 12:50:07, on 22.7.2006
    Platform: Windows XP (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP1 (6.00.2600.0000)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\LEXBCES.EXE
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\system32\LEXPPS.EXE
    C:\Program Files\WIDCOMM\Bluetooth-ohjelmisto\bin\btwdins.exe
    C:\Program Files\ewido\security suite\ewidoctrl.exe
    C:\Program Files\CA\SharedComponents\CA_LIC\LogWatNT.exe
    C:\WINDOWS\System32\nvsvc32.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\System32\UAService7.exe
    C:\WINDOWS\system32\ZoneLabs\vsmon.exe
    C:\WINDOWS\SOUNDMAN.EXE
    C:\Program Files\ahead\InCD\InCD.exe
    C:\PROGRA~1\MICROS~2\GAMECO~1\Common\SWTrayV4.exe
    C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
    C:\Program Files\Lexmark X1100 Series\lxbkbmgr.exe
    C:\Program Files\MessengerPlus! 3\MsgPlus.exe
    C:\Program Files\QuickTime\qttask.exe
    C:\WINDOWS\System32\RUNDLL32.EXE
    C:\Program Files\Winamp\winampa.exe
    C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
    C:\Program Files\Common Files\Real\Update_OB\realsched.exe
    C:\Program Files\D-Tools\daemon.exe
    C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
    C:\WINDOWS\System32\ctfmon.exe
    C:\Program Files\Yak!\Yak.exe
    C:\Program Files\WIDCOMM\Bluetooth-ohjelmisto\BTTray.exe
    C:\Program Files\Ulead Systems\Ulead Photo Express 4.0 SE\CalCheck.exe
    C:\WINDOWS\wt\wcmdmgr.exe
    C:\Program Files\Lexmark X1100 Series\lxbkbmon.exe
    C:\Program Files\USB Phone\USB Driver\USB Phone Driver.exe
    C:\Program Files\Zone Labs\ZoneAlarm\zapro.exe
    C:\WINDOWS\System32\wuauclt.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\WINDOWS\NOTEPAD.EXE
    C:\hjt\HijackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.dnainternet.fi/
    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
    O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
    O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
    O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb02.exe
    O4 - HKLM\..\Run: [InCD] C:\Program Files\ahead\InCD\InCD.exe
    O4 - HKLM\..\Run: [SideWinderTrayV4] C:\PROGRA~1\MICROS~2\GAMECO~1\Common\SWTrayV4.exe
    O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
    O4 - HKLM\..\Run: [Lexmark X1100 Series] "C:\Program Files\Lexmark X1100 Series\lxbkbmgr.exe"
    O4 - HKLM\..\Run: [wcmdmgr] C:\WINDOWS\wt\wcmdmgrl.exe -launch
    O4 - HKLM\..\Run: [MessengerPlus3] "C:\Program Files\MessengerPlus! 3\MsgPlus.exe"
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit
    O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe
    O4 - HKLM\..\Run: [ISUSPM Startup] "C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" -startup
    O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
    O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
    O4 - HKLM\..\Run: [DAEMON Tools-1033] "C:\Program Files\D-Tools\daemon.exe" -lang 1033
    O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
    O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
    O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe
    O4 - HKCU\..\Run: [modex] C:\WINDOWS\System32\modex.exe
    O4 - HKCU\..\Run: [Yak!] C:\Program Files\Yak!\Yak.exe
    O4 - HKCU\..\Run: [TClock.exe] C:\Program Files\TClock\tclock_install.exe
    O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
    O4 - Global Startup: BTTray.lnk = ?
    O4 - Global Startup: Ulead Photo Express 4.0 SE Calendar Checker .lnk = C:\Program Files\Ulead Systems\Ulead Photo Express 4.0 SE\CalCheck.exe
    O4 - Global Startup: USB Phone Driver Startup.lnk = ?
    O4 - Global Startup: ZoneAlarm Pro.lnk = C:\Program Files\Zone Labs\ZoneAlarm\zapro.exe
    O8 - Extra context menu item: Download &All by FD - C:\Program Files\FreshDevices\FreshDownload\fdiectx2.htm
    O8 - Extra context menu item: Download with &FD - C:\Program Files\FreshDevices\FreshDownload\fdiectx.htm
    O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MI1933~1\OFFICE11\EXCEL.EXE/3000
    O8 - Extra context menu item: Lähetä &Bluetooth-laitteeseen - C:\Program Files\WIDCOMM\Bluetooth-ohjelmisto\btsendto_ie_ctx.htm
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
    O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MI1933~1\OFFICE11\REFIEBAR.DLL
    O9 - Extra button: Researcher - {9455301C-CF6B-11D3-A266-00C04F689C50} - C:\Program Files\Common Files\Microsoft Shared\Reference 2001\EROProj.dll
    O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth-ohjelmisto\btsendto_ie.htm
    O9 - Extra 'Tools' menuitem: @btrez.dll,-4017 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth-ohjelmisto\btsendto_ie.htm
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
    O9 - Extra button: Tuki - {03D1C9E4-278C-4D5C-A0A4-B7CD0A74CD94} - http://tuki.elisa.net/ (file missing) (HKCU)
    O9 - Extra button: SMS-viesti - {29EDF730-43EA-45F0-A446-0934AF879926} - http://sms.kolumbus.fi/ (file missing) (HKCU)
    O9 - Extra button: Palvelut - {DD404E7A-1755-4083-B78D-03A537C66F16} - http://service.kolumbus.fi/ (file missing) (HKCU)
    O12 - Plugin for .pdf: C:\Program Files\Internet Explorer\PLUGINS\nppdf32.dll
    O14 - IERESET.INF: START_PAGE_URL=http://elisa.net/
    O17 - HKLM\System\CCS\Services\Tcpip\..\{7E3E0AA6-44DA-4572-AB2E-C07F98AB1D69}: NameServer = 85.255.113.126 85.255.112.102
    O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
    O18 - Protocol: widimg - {EE7C2AFF-5742-44FF-BD0E-E521B0D3C3BA} - C:\WINDOWS\System32\btxppanel.dll
    O23 - Service: .NET Runtime Optimization Service v1.000.3.1434 - Unknown owner - C:\WINDOWS\System32\jntfctun.exe (file missing)
    O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\WIDCOMM\Bluetooth-ohjelmisto\bin\btwdins.exe
    O23 - Service: CA License Client (CA_LIC_CLNT) - Computer Associates - C:\Program Files\CA\SharedComponents\CA_LIC\lic98rmt.exe
    O23 - Service: CA License Server (CA_LIC_SRVR) - Computer Associates - C:\Program Files\CA\SharedComponents\CA_LIC\lic98rmtd.exe
    O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido\security suite\ewidoctrl.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
    O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
    O23 - Service: Event Log Watch (LogWatch) - Computer Associates - C:\Program Files\CA\SharedComponents\CA_LIC\LogWatNT.exe
    O23 - Service: Macromedia Licensing Service - Unknown owner - C:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe
    O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
    O23 - Service: SecuROM User Access Service (V7) (UserAccess7) - Sony DADC Austria AG. - C:\WINDOWS\System32\UAService7.exe
    O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs Inc. - C:\WINDOWS\system32\ZoneLabs\vsmon.exe


    Niin ja eipä tuo DSJ -homma paljoa haittaa. Pääasia että saa nämä roskat pois koneelta.

     
  9. Jurppis

    Jurppis Regular member

    Liittynyt:
    22.02.2006
    Viestejä:
    659
    Kiitokset:
    0
    Pisteet:
    26
    Paina käynnistä -> suorita -> kirjoita services.msc
    Etsi luettelosta:
    .NET Runtime Optimization Service v1.000.3.1434
    Tuplaklikkaa sitä ja valitse sen käynnistystavaksi "ei käytössä".

    Mene Ohjauspaneeli -> Verkkoyhteydet. Sitten klikkaa hiiren oikealla yhteyskuvaketta -> ominaisuudet. Valitse TCP/IP ja sitten ominaisuudet. Valitse "hae IP-osoite automaattisesti" ja klikkaa ok

    Sitten käynnistä -> suorita
    Kirjoita cmd ja klikkaa ok
    Kirjoita ipconfig /flushdns , paina enter, kirjoita exit
    ja paina enter

    Jos ei toimi, mene käynnistä -> apuohjelmat -> komentorivi ja kirjoita ipconfig /flushdns sinne ja paina enter. Kirjoita exit ja enter

    Fiksaa nämä rivit:

    O4 - HKCU\..\Run: [modex] C:\WINDOWS\System32\modex.exe
    O23 - Service: .NET Runtime Optimization Service v1.000.3.1434 - Unknown owner - C:\WINDOWS\System32\jntfctun.exe (file missing)
    O4 - HKCU\..\Run: [TClock.exe] C:\Program Files\TClock

    Poista:
    C:\Program Files\->TClock

    Käynnistä tietokoneesi uudelleen, avaa HijackTHis, paina open misc tools section ja sieltä delete an NT service.
    Kopioi tämä sinne:
    .NET Runtime Optimization Service v1.000.3.1434
    ja paina ok.

    Lähetä vielä yksi HijackThis loki ja jos ongelmia tuntuu vielä olevan, lähetä WinPFind loki:

    Lataa WinPFind2.
    http://download.bleepingcomputer.com/oldtimer/winpfind2.zip

    Pura tiedostot hakemistoon(eg: C:\WinPFind2).
    Tuplaklikkaa WinPFind2.exe käynnistääksesi ohjelman.
    Klikkaa Select All-painiketta File Options-boksissa Configuration-välilehdellä(ohjelma avaa tämän välilehden oletuksena).
    Klikkaa Run all Scans-painiketta..
    Kun skanni on valmis, näetScans Complete! alavasemmalla.
    Klikkaa Export to Text-painiketta.
    Muistio avautuu ja loki tallentuu siihen kansioon mihin purit ohjelman(C:\WinPFind2\WinPFind2.txt)
    Lähetä loki seuraavassa vastauksessasi. Voit tarvita siihen useita vastauksia, ettei se jää vaillinaiseksi.
     
  10. TooMuch

    TooMuch Regular member

    Liittynyt:
    23.08.2004
    Viestejä:
    116
    Kiitokset:
    0
    Pisteet:
    26
    Tässäpä tulee sitten toivottavasti (toistaiseksi) viimeinen Hjt -logi. Kiitti Jurppis kaikista neuvoista tosi paljon, katson jonkun aikaa, että tuleeko enää mitään ongelmia mm. mainoksia ilman syytä, ja jos tulee niin teen silloin tuon WinPFind2:n. Mutta tässä vielä tämä Hjt:

    Logfile of HijackThis v1.99.1
    Scan saved at 16:25:31, on 22.7.2006
    Platform: Windows XP (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP1 (6.00.2600.0000)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\LEXBCES.EXE
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\system32\LEXPPS.EXE
    C:\WINDOWS\Explorer.EXE
    C:\Program Files\WIDCOMM\Bluetooth-ohjelmisto\bin\btwdins.exe
    C:\Program Files\ewido\security suite\ewidoctrl.exe
    C:\Program Files\CA\SharedComponents\CA_LIC\LogWatNT.exe
    C:\WINDOWS\System32\nvsvc32.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\System32\UAService7.exe
    C:\WINDOWS\system32\ZoneLabs\vsmon.exe
    C:\WINDOWS\SOUNDMAN.EXE
    C:\Program Files\ahead\InCD\InCD.exe
    C:\PROGRA~1\MICROS~2\GAMECO~1\Common\SWTrayV4.exe
    C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
    C:\Program Files\Lexmark X1100 Series\lxbkbmgr.exe
    C:\Program Files\MessengerPlus! 3\MsgPlus.exe
    C:\Program Files\QuickTime\qttask.exe
    C:\WINDOWS\System32\RUNDLL32.EXE
    C:\Program Files\Winamp\winampa.exe
    C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
    C:\Program Files\Common Files\Real\Update_OB\realsched.exe
    C:\Program Files\D-Tools\daemon.exe
    C:\WINDOWS\wt\wcmdmgr.exe
    C:\Program Files\Lexmark X1100 Series\lxbkbmon.exe
    C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
    C:\WINDOWS\System32\ctfmon.exe
    C:\Program Files\Yak!\Yak.exe
    C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
    C:\Program Files\WIDCOMM\Bluetooth-ohjelmisto\BTTray.exe
    C:\Program Files\Ulead Systems\Ulead Photo Express 4.0 SE\CalCheck.exe
    C:\Program Files\USB Phone\USB Driver\USB Phone Driver.exe
    C:\Program Files\Zone Labs\ZoneAlarm\zapro.exe
    C:\WINDOWS\System32\wuauclt.exe
    C:\WINDOWS\System32\wuauclt.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\hjt\HijackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.dnainternet.fi/
    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
    O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
    O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
    O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb02.exe
    O4 - HKLM\..\Run: [InCD] C:\Program Files\ahead\InCD\InCD.exe
    O4 - HKLM\..\Run: [SideWinderTrayV4] C:\PROGRA~1\MICROS~2\GAMECO~1\Common\SWTrayV4.exe
    O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
    O4 - HKLM\..\Run: [Lexmark X1100 Series] "C:\Program Files\Lexmark X1100 Series\lxbkbmgr.exe"
    O4 - HKLM\..\Run: [wcmdmgr] C:\WINDOWS\wt\wcmdmgrl.exe -launch
    O4 - HKLM\..\Run: [MessengerPlus3] "C:\Program Files\MessengerPlus! 3\MsgPlus.exe"
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit
    O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe
    O4 - HKLM\..\Run: [ISUSPM Startup] "C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" -startup
    O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
    O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
    O4 - HKLM\..\Run: [DAEMON Tools-1033] "C:\Program Files\D-Tools\daemon.exe" -lang 1033
    O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
    O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
    O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe
    O4 - HKCU\..\Run: [Yak!] C:\Program Files\Yak!\Yak.exe
    O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
    O4 - Global Startup: BTTray.lnk = ?
    O4 - Global Startup: Ulead Photo Express 4.0 SE Calendar Checker .lnk = C:\Program Files\Ulead Systems\Ulead Photo Express 4.0 SE\CalCheck.exe
    O4 - Global Startup: USB Phone Driver Startup.lnk = ?
    O4 - Global Startup: ZoneAlarm Pro.lnk = C:\Program Files\Zone Labs\ZoneAlarm\zapro.exe
    O8 - Extra context menu item: Download &All by FD - C:\Program Files\FreshDevices\FreshDownload\fdiectx2.htm
    O8 - Extra context menu item: Download with &FD - C:\Program Files\FreshDevices\FreshDownload\fdiectx.htm
    O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MI1933~1\OFFICE11\EXCEL.EXE/3000
    O8 - Extra context menu item: Lähetä &Bluetooth-laitteeseen - C:\Program Files\WIDCOMM\Bluetooth-ohjelmisto\btsendto_ie_ctx.htm
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
    O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MI1933~1\OFFICE11\REFIEBAR.DLL
    O9 - Extra button: Researcher - {9455301C-CF6B-11D3-A266-00C04F689C50} - C:\Program Files\Common Files\Microsoft Shared\Reference 2001\EROProj.dll
    O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth-ohjelmisto\btsendto_ie.htm
    O9 - Extra 'Tools' menuitem: @btrez.dll,-4017 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth-ohjelmisto\btsendto_ie.htm
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
    O9 - Extra button: Tuki - {03D1C9E4-278C-4D5C-A0A4-B7CD0A74CD94} - http://tuki.elisa.net/ (file missing) (HKCU)
    O9 - Extra button: SMS-viesti - {29EDF730-43EA-45F0-A446-0934AF879926} - http://sms.kolumbus.fi/ (file missing) (HKCU)
    O9 - Extra button: Palvelut - {DD404E7A-1755-4083-B78D-03A537C66F16} - http://service.kolumbus.fi/ (file missing) (HKCU)
    O12 - Plugin for .pdf: C:\Program Files\Internet Explorer\PLUGINS\nppdf32.dll
    O14 - IERESET.INF: START_PAGE_URL=http://elisa.net/
    O17 - HKLM\System\CCS\Services\Tcpip\..\{7E3E0AA6-44DA-4572-AB2E-C07F98AB1D69}: NameServer = 85.255.113.126 85.255.112.102
    O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
    O18 - Protocol: widimg - {EE7C2AFF-5742-44FF-BD0E-E521B0D3C3BA} - C:\WINDOWS\System32\btxppanel.dll
    O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\WIDCOMM\Bluetooth-ohjelmisto\bin\btwdins.exe
    O23 - Service: CA License Client (CA_LIC_CLNT) - Computer Associates - C:\Program Files\CA\SharedComponents\CA_LIC\lic98rmt.exe
    O23 - Service: CA License Server (CA_LIC_SRVR) - Computer Associates - C:\Program Files\CA\SharedComponents\CA_LIC\lic98rmtd.exe
    O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido\security suite\ewidoctrl.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
    O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
    O23 - Service: Event Log Watch (LogWatch) - Computer Associates - C:\Program Files\CA\SharedComponents\CA_LIC\LogWatNT.exe
    O23 - Service: Macromedia Licensing Service - Unknown owner - C:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe
    O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
    O23 - Service: SecuROM User Access Service (V7) (UserAccess7) - Sony DADC Austria AG. - C:\WINDOWS\System32\UAService7.exe
    O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs Inc. - C:\WINDOWS\system32\ZoneLabs\vsmon.exe
     
    Viimeksi muokattu: 22.07.2006
  11. TooMuch

    TooMuch Regular member

    Liittynyt:
    23.08.2004
    Viestejä:
    116
    Kiitokset:
    0
    Pisteet:
    26
    Jooh, ei tarvinnut kauan oottaa kun jo mainosikkunat rävähti taas silmille. Niitä tulee ns. sykäyksinä, eli eri ikkunoita n. 5 kpl samaan aikaan joissa on kaikkea nettipokerista, virustorjuntaan. Tässä nyt jotain osotteita jos olisi jotain hyötyä:

    http://ad.bannerconnect.net/rw?ifra...3icAUooWCwFWIU8kPzBwsSnOX56q8b5Dys6yuwAAAAA=,

    http://ad.firstadsolution.com/rw?if...MAvMZ93dCgGcn1YMbZv3jUOyAlxI4sg2lFkrmgAAAAA=,

    Yritän koittaa tehdä tuolla WinPFind2:lla tänään tai huomenna jotain, jos vaikka auttaa. Muuten kone on kyllä huomattavasti nopeampi ja terveemmän olonen. Mainokset vaan häiritsee.
     
    Viimeksi muokattu: 22.07.2006
  12. Jurppis

    Jurppis Regular member

    Liittynyt:
    22.02.2006
    Viestejä:
    659
    Kiitokset:
    0
    Pisteet:
    26
    Jep, siellä on vielä toi yksi rivi, eli sun Internet yhteytesi tulee parasta aikaa valko-venäjältä :(

    Tehdään niin, että tee tämä operaatio:

    Mene Ohjauspaneeli -> Verkkoyhteydet. Sitten klikkaa hiiren oikealla yhteyskuvaketta -> ominaisuudet. Valitse TCP/IP ja sitten ominaisuudet. Valitse "hae IP-osoite automaattisesti" ja klikkaa ok

    Sitten käynnistä -> suorita
    Kirjoita cmd ja klikkaa ok
    Kirjoita ipconfig /flushdns , paina enter, kirjoita exit
    ja paina enter

    Moneen kertaan ja käynnistä tietokoneesi uudelleen pari kertaa siinä välissä. Tärkeää on että tuo "hae IP-osoite automaattisesti" on valittuna. Myös se WinPFindin loki auttaisi.
     
  13. TooMuch

    TooMuch Regular member

    Liittynyt:
    23.08.2004
    Viestejä:
    116
    Kiitokset:
    0
    Pisteet:
    26
    Joo, tosta Valko-Venäjästä on sanottu mulle täällä aikasemminkin, eikä oo kyllä harmainta aavistustakaan miten se on mahollista. Tein noita IP - ja cmd -juttuja muutamaan kertaan. Tuli vaan mieleen, että kuuluuko tuon DNS -palvelinosoite valinnan, joka on samassa ikkunassa kuin "Hae IP -osoite automaattisesti" niin mulla se DNS -palvelinosoite on siinä jo valmiina, eikä siis ole automaattista hakua sille.
     
    Viimeksi muokattu: 23.07.2006
  14. -kemisti-

    -kemisti- Active member

    Liittynyt:
    06.06.2005
    Viestejä:
    6,305
    Kiitokset:
    0
    Pisteet:
    96
    Siten se on mahdollista, että wareout-pöpö tekee nimipalvelinkaappauksen Valko-Venäjälle :)

    Jos DNS-palvelin-kohdassa lukee näitä(kohdassa ensisijainen ja toissijainen palvelin):

    85.255.113.126 85.255.112.102

    niin tyhjennä ne kohdat (muuta muotoon 0.0.0.0) ja valitse "Hae IP -osoite automaattisesti"

     
  15. TooMuch

    TooMuch Regular member

    Liittynyt:
    23.08.2004
    Viestejä:
    116
    Kiitokset:
    0
    Pisteet:
    26
    Ok, ei kuulosta toi wareout-pöpö miltään hyvältä. :) Mutta nyt muutin siis automaattiseksi ton DNS-haun.
     
  16. -kemisti-

    -kemisti- Active member

    Liittynyt:
    06.06.2005
    Viestejä:
    6,305
    Kiitokset:
    0
    Pisteet:
    96
    Sitten käynnistä kone uudestaan ja lähetä uusi HjT-loki :)
     
  17. TooMuch

    TooMuch Regular member

    Liittynyt:
    23.08.2004
    Viestejä:
    116
    Kiitokset:
    0
    Pisteet:
    26
    Ja tässä:

    Logfile of HijackThis v1.99.1
    Scan saved at 13:04:09, on 23.7.2006
    Platform: Windows XP (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP1 (6.00.2600.0000)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\system32\LEXBCES.EXE
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\system32\LEXPPS.EXE
    C:\Program Files\WIDCOMM\Bluetooth-ohjelmisto\bin\btwdins.exe
    C:\Program Files\ewido\security suite\ewidoctrl.exe
    C:\Program Files\CA\SharedComponents\CA_LIC\LogWatNT.exe
    C:\WINDOWS\System32\nvsvc32.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\System32\UAService7.exe
    C:\WINDOWS\system32\ZoneLabs\vsmon.exe
    C:\WINDOWS\SOUNDMAN.EXE
    C:\Program Files\ahead\InCD\InCD.exe
    C:\PROGRA~1\MICROS~2\GAMECO~1\Common\SWTrayV4.exe
    C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
    C:\Program Files\Lexmark X1100 Series\lxbkbmgr.exe
    C:\Program Files\MessengerPlus! 3\MsgPlus.exe
    C:\Program Files\QuickTime\qttask.exe
    C:\WINDOWS\System32\RUNDLL32.EXE
    C:\Program Files\Winamp\winampa.exe
    C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
    C:\Program Files\Common Files\Real\Update_OB\realsched.exe
    C:\Program Files\D-Tools\daemon.exe
    C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
    C:\WINDOWS\System32\ctfmon.exe
    C:\Program Files\Yak!\Yak.exe
    C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
    C:\WINDOWS\wt\wcmdmgr.exe
    C:\Program Files\WIDCOMM\Bluetooth-ohjelmisto\BTTray.exe
    C:\Program Files\Ulead Systems\Ulead Photo Express 4.0 SE\CalCheck.exe
    C:\Program Files\Lexmark X1100 Series\lxbkbmon.exe
    C:\Program Files\USB Phone\USB Driver\USB Phone Driver.exe
    C:\Program Files\Zone Labs\ZoneAlarm\zapro.exe
    C:\WINDOWS\System32\wuauclt.exe
    C:\WINDOWS\System32\wuauclt.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\hjt\HijackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.dnainternet.fi/
    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
    O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
    O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
    O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb02.exe
    O4 - HKLM\..\Run: [InCD] C:\Program Files\ahead\InCD\InCD.exe
    O4 - HKLM\..\Run: [SideWinderTrayV4] C:\PROGRA~1\MICROS~2\GAMECO~1\Common\SWTrayV4.exe
    O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
    O4 - HKLM\..\Run: [Lexmark X1100 Series] "C:\Program Files\Lexmark X1100 Series\lxbkbmgr.exe"
    O4 - HKLM\..\Run: [wcmdmgr] C:\WINDOWS\wt\wcmdmgrl.exe -launch
    O4 - HKLM\..\Run: [MessengerPlus3] "C:\Program Files\MessengerPlus! 3\MsgPlus.exe"
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit
    O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe
    O4 - HKLM\..\Run: [ISUSPM Startup] "C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" -startup
    O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
    O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
    O4 - HKLM\..\Run: [DAEMON Tools-1033] "C:\Program Files\D-Tools\daemon.exe" -lang 1033
    O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
    O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
    O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe
    O4 - HKCU\..\Run: [Yak!] C:\Program Files\Yak!\Yak.exe
    O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
    O4 - Global Startup: BTTray.lnk = ?
    O4 - Global Startup: Ulead Photo Express 4.0 SE Calendar Checker .lnk = C:\Program Files\Ulead Systems\Ulead Photo Express 4.0 SE\CalCheck.exe
    O4 - Global Startup: USB Phone Driver Startup.lnk = ?
    O4 - Global Startup: ZoneAlarm Pro.lnk = C:\Program Files\Zone Labs\ZoneAlarm\zapro.exe
    O8 - Extra context menu item: Download &All by FD - C:\Program Files\FreshDevices\FreshDownload\fdiectx2.htm
    O8 - Extra context menu item: Download with &FD - C:\Program Files\FreshDevices\FreshDownload\fdiectx.htm
    O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MI1933~1\OFFICE11\EXCEL.EXE/3000
    O8 - Extra context menu item: Lähetä &Bluetooth-laitteeseen - C:\Program Files\WIDCOMM\Bluetooth-ohjelmisto\btsendto_ie_ctx.htm
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
    O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MI1933~1\OFFICE11\REFIEBAR.DLL
    O9 - Extra button: Researcher - {9455301C-CF6B-11D3-A266-00C04F689C50} - C:\Program Files\Common Files\Microsoft Shared\Reference 2001\EROProj.dll
    O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth-ohjelmisto\btsendto_ie.htm
    O9 - Extra 'Tools' menuitem: @btrez.dll,-4017 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth-ohjelmisto\btsendto_ie.htm
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
    O9 - Extra button: Tuki - {03D1C9E4-278C-4D5C-A0A4-B7CD0A74CD94} - http://tuki.elisa.net/ (file missing) (HKCU)
    O9 - Extra button: SMS-viesti - {29EDF730-43EA-45F0-A446-0934AF879926} - http://sms.kolumbus.fi/ (file missing) (HKCU)
    O9 - Extra button: Palvelut - {DD404E7A-1755-4083-B78D-03A537C66F16} - http://service.kolumbus.fi/ (file missing) (HKCU)
    O12 - Plugin for .pdf: C:\Program Files\Internet Explorer\PLUGINS\nppdf32.dll
    O14 - IERESET.INF: START_PAGE_URL=http://elisa.net/
    O17 - HKLM\System\CCS\Services\Tcpip\..\{7E3E0AA6-44DA-4572-AB2E-C07F98AB1D69}: NameServer = 212.116.32.218 212.116.32.222
    O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
    O18 - Protocol: widimg - {EE7C2AFF-5742-44FF-BD0E-E521B0D3C3BA} - C:\WINDOWS\System32\btxppanel.dll
    O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\WIDCOMM\Bluetooth-ohjelmisto\bin\btwdins.exe
    O23 - Service: CA License Client (CA_LIC_CLNT) - Computer Associates - C:\Program Files\CA\SharedComponents\CA_LIC\lic98rmt.exe
    O23 - Service: CA License Server (CA_LIC_SRVR) - Computer Associates - C:\Program Files\CA\SharedComponents\CA_LIC\lic98rmtd.exe
    O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido\security suite\ewidoctrl.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
    O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
    O23 - Service: Event Log Watch (LogWatch) - Computer Associates - C:\Program Files\CA\SharedComponents\CA_LIC\LogWatNT.exe
    O23 - Service: Macromedia Licensing Service - Unknown owner - C:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe
    O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
    O23 - Service: SecuROM User Access Service (V7) (UserAccess7) - Sony DADC Austria AG. - C:\WINDOWS\System32\UAService7.exe
    O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs Inc. - C:\WINDOWS\system32\ZoneLabs\vsmon.exe
     
  18. -kemisti-

    -kemisti- Active member

    Liittynyt:
    06.06.2005
    Viestejä:
    6,305
    Kiitokset:
    0
    Pisteet:
    96
    Nyt näyttäis hyvältä :D Vielä ongelmia?
     
  19. TooMuch

    TooMuch Regular member

    Liittynyt:
    23.08.2004
    Viestejä:
    116
    Kiitokset:
    0
    Pisteet:
    26
    No hyvä, vielä en varmaksi tiedä mutta jos nyt ei vähään aikaan tule mitään ongelmia niin sillon varmaan kaikki on ok. Laitan tänne vielä myöhemmin viestiä kun tiedän varmaksi. :)
     
  20. TooMuch

    TooMuch Regular member

    Liittynyt:
    23.08.2004
    Viestejä:
    116
    Kiitokset:
    0
    Pisteet:
    26
    Jaa jaa, ei noiden pop-uppien tulo näytä millään loppuvan. Samanlailla tulee kuin ennenkin. Ainoa ero on että useammin tulee myös Windowsin viesti että joko "Explorer.exe on aiheuttanut virheen" tai "iexplorer.exe on aiheuttanut virheen". Viesti tulee siis kun alkaa sulkea niitä selainikkunoita. Joku juttu on pakko olla koneella vielä joka noita laittaa. Palomuurikaan ei mitään ilmoita noista.
     
  21. -kemisti-

    -kemisti- Active member

    Liittynyt:
    06.06.2005
    Viestejä:
    6,305
    Kiitokset:
    0
    Pisteet:
    96
    Sitten lähetä se winpfind2:sen loki, mitä Jurppis jo pyysi aiemmin.
     
Viestiketjun tila:
Viestiketju on suljettu.

Jaa tämä sivu