Win32:Zlob-BM [Trj]

Advertise at AfterDawn.com

Link to us!

Private messages

Compose a private message

List of all updated threads

Threads without replies

Search messages

Sunday 24.11.2024 / 16:33

Search AfterDawn Forums:

afterdawn.com > forums > software, operating systems and more > windows - virus and spyware problems > win32:zlob-bm [trj]

Browse by topic

Forums

Start a new thread

Win32:Zlob-BM [Trj]

Jump to:

Posted

Message

metalgod

Newbie

1. June 2006 @ 13:49

Link to this message

Hello, i have a big problem of viruses.. It seems i have the Win32:Zlob-BM virus, it's a trojan horse. I keep deleting it but always come back OR don't delete it at all !!

I saw somewhere that i needed to do a scan with Smitfraudfix. I did it and here the results.

----------------------------------------------------------------

SmitFraudFix v2.53

Scan done at 17:41:46,29, 2006-06-01
Run from C:\Documents and Settings\Alexandre\Desktop\Smitfraudfix\SmitfraudFix
OS: Microsoft Windows XP [Version 5.1.2600] - Windows_NT
Fix ran in normal mode

»»»»»»»»»»»»»»»»»»»»»»»» C:\

»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS

C:\WINDOWS\q*_disk.dll FOUND !

»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system

»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\Web

»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system32

C:\WINDOWS\system32\date.ico FOUND !
C:\WINDOWS\system32\dcomcfg.exe FOUND !
C:\WINDOWS\system32\ld????.tmp FOUND !
C:\WINDOWS\system32\network.ico FOUND !
C:\WINDOWS\system32\ot.ico FOUND !
C:\WINDOWS\system32\pharm.ico FOUND !
C:\WINDOWS\system32\regperf.exe FOUND !
C:\WINDOWS\system32\simpole.tlb FOUND !
C:\WINDOWS\system32\spam.ico FOUND !
C:\WINDOWS\system32\spyware.ico FOUND !
C:\WINDOWS\system32\stdole3.tlb FOUND !
C:\WINDOWS\system32\ts.ico FOUND !
C:\WINDOWS\system32\wp.bmp FOUND !
C:\WINDOWS\system32\1024\ FOUND !

»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system32\LogFiles

»»»»»»»»»»»»»»»»»»»»»»»» C:\Documents and Settings\Alexandre\Application Data

»»»»»»»»»»»»»»»»»»»»»»»» Start Menu

»»»»»»»»»»»»»»»»»»»»»»»» C:\DOCUME~1\ALEXAN~1\FAVORI~1

C:\DOCUME~1\ALEXAN~1\FAVORI~1\Antivirus Test Online.url FOUND !

»»»»»»»»»»»»»»»»»»»»»»»» Desktop

»»»»»»»»»»»»»»»»»»»»»»»» C:\Program Files

»»»»»»»»»»»»»»»»»»»»»»»» Corrupted keys

HKLM\SOFTWARE\PSGuard.com FOUND !

»»»»»»»»»»»»»»»»»»»»»»»» Desktop Components

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Desktop\Components\0]
"Source"="About:Home"
"SubscribedURL"="About:Home"
"FriendlyName"="My Current Home Page"

»»»»»»»»»»»»»»»»»»»»»»»» Sharedtaskscheduler
!!!Attention, following keys are not inevitably infected!!!

SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler]
"{0c7416f0-dd23-420f-97f5-aae352ea2bf1}"="glochid"

[HKEY_CLASSES_ROOT\CLSID\{0c7416f0-dd23-420f-97f5-aae352ea2bf1}\InProcServer32]
@="C:\WINDOWS\System32\wfkduei.dll"

[HKEY_CURRENT_USER\Software\Classes\CLSID\{0c7416f0-dd23-420f-97f5-aae352ea2bf1}\InProcServer32]
@="C:\WINDOWS\System32\wfkduei.dll"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler]
"{e5b1e382-817e-4b74-8a96-ec78751e6acf}"="incatenate"

[HKEY_CLASSES_ROOT\CLSID\{e5b1e382-817e-4b74-8a96-ec78751e6acf}\InProcServer32]
@="C:\WINDOWS\System32\imfdfcj.dll"

[HKEY_CURRENT_USER\Software\Classes\CLSID\{e5b1e382-817e-4b74-8a96-ec78751e6acf}\InProcServer32]
@="C:\WINDOWS\System32\imfdfcj.dll"

»»»»»»»»»»»»»»»»»»»»»»»» Scanning wininet.dll infection

C:\WINDOWS\system32\wininet.dll infected !

»»»»»»»»»»»»»»»»»»»»»»»» Scanning wininet.dll backup

Volume in drive C has no label.
Volume Serial Number is AC53-4921

Directory of C:\WINDOWS\$NtUninstallKB834707-IE6-20040929.115007$

2001-08-23 12:00 593ÿ920 wininet.dll
1 File(s) 593ÿ920 bytes

Directory of C:\WINDOWS\LastGood\System32

2004-01-08 16:23 585ÿ216 WININET.DLL
1 File(s) 585ÿ216 bytes

Directory of C:\WINDOWS\LastGood\System32\DllCache

2004-01-08 16:23 585ÿ216 WININET.DLL
1 File(s) 585ÿ216 bytes

Directory of C:\WINDOWS\LastGood.Tmp\System32

2001-08-23 12:00 593ÿ920 WININET.DLL
1 File(s) 593ÿ920 bytes

Directory of C:\WINDOWS\LastGood.Tmp\System32\DllCache

2001-08-23 12:00 593ÿ920 WININET.DLL
1 File(s) 593ÿ920 bytes

Directory of C:\WINDOWS\system32

2004-01-08 16:23 585ÿ216 wininet.dll
1 File(s) 585ÿ216 bytes

Directory of C:\WINDOWS\system32\dllcache

2004-01-08 16:23 585ÿ216 WININET.DLL
1 File(s) 585ÿ216 bytes

»»»»»»»»»»»»»»»»»»»»»»»» End

----------------------------------------------------------

I really hope this can work :S Someone has an answer ?

Thanks a lot

[ + quote]

metalgod

Newbie

1. June 2006 @ 14:33

Link to this message

And here's the log for HiJackthis

---------------------------------------------------

Logfile of HijackThis v1.99.1
Scan saved at 18:31:05, on 2006-06-01
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\runservice.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\WINDOWS\System32\rundll32.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\System32\dcomcfg.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\HJT\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://www.updatesearches.com/search.php?qq=%1
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = http://www.updatesearches.com/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: URLLink - {4A2AACF3-ADF6-11D5-98A9-00E018981B9E} - C:\Program Files\NewDotNet\newdotnet7_22.dll
O2 - BHO: (no name) - {6ab7158b-4bff-4160-ad7d-4d622df548cf} - C:\WINDOWS\System32\hp100.tmp (file missing)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [anvshell] anvshell.exe
O4 - HKLM\..\Run: [LiveNote] livenote.exe
O4 - HKLM\..\Run: [AdaptecDirectCD] "C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe"
O4 - HKLM\..\Run: [Generic Host Process32g System Backup] scvhost32cg.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [MSNPluginSrvcs] p6.exe
O4 - HKLM\..\Run: [ohwrwzmb] C:\WINDOWS\ohwrwzmb.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [PSGuard] C:\Program Files\PSGuard\PSGuard.exe
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [WhenUSearchWHSE] "C:\Program Files\WhenUSearch\whse.exe"
O4 - HKLM\..\Run: [CloneCDTray] "C:\Program Files\SlySoft\CloneCD\CloneCDTray.exe" /s
O4 - HKLM\..\Run: [New.net Startup] rundll32 C:\PROGRA~1\NEWDOT~1\NEWDOT~2.DLL,ClientStartup -s
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [VIRIT LITE MONITOR] C:\VEXPLITE\MONLITE.EXE
O4 - HKLM\..\RunServices: [Generic Host Process32g System Backup] scvhost32cg.exe
O4 - HKLM\..\RunServices: [MSNPluginSrvcs] p6.exe
O4 - HKCU\..\Run: [Generic Host Process32g System Backup] scvhost32cg.exe
O4 - HKCU\..\Run: [MSNPluginSrvcs] p6.exe
O4 - Startup: Eurobarre.lnk = ?
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Microsoft AntiSpyware helper - {A1F38CA3-AB0B-4C5D-B0D2-4DD0EA492F4F} - C:\WINDOWS\System32\wldr.dll (file missing)
O9 - Extra 'Tools' menuitem: Microsoft AntiSpyware helper - {A1F38CA3-AB0B-4C5D-B0D2-4DD0EA492F4F} - C:\WINDOWS\System32\wldr.dll (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra button: Microsoft AntiSpyware helper - {A1F38CA3-AB0B-4C5D-B0D2-4DD0EA492F4F} - C:\WINDOWS\System32\wldr.dll (file missing) (HKCU)
O9 - Extra 'Tools' menuitem: Microsoft AntiSpyware helper - {A1F38CA3-AB0B-4C5D-B0D2-4DD0EA492F4F} - C:\WINDOWS\System32\wldr.dll (file missing) (HKCU)
O10 - Hijacked Internet access by New.Net
O10 - Hijacked Internet access by New.Net
O10 - Hijacked Internet access by New.Net
O10 - Hijacked Internet access by New.Net
O10 - Hijacked Internet access by New.Net
O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab31...
O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab31267.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://spaces.msn.com//PhotoUpload/MsnPUpld.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://messenger.zone.msn.com/binary/ZIntro.cab32846.cab
O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/SolitaireShowdown.cab31267.cab
O20 - AppInit_DLLs: c:\windows\system32\hk.dll
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LicCtrl Service (LicCtrlService) - Unknown owner - C:\WINDOWS\runservice.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: Virit eXplorer Lite (viritsvclite) - TG Soft Sas www.tgsoft.it - C:\VEXPLITE\viritsvc.exe

[ + quote]

JaPK

Senior Member

1. June 2006 @ 22:04

Link to this message

Hi metalgod.

You got a quite nice malware collection there...

You don't have a firewall on your computer. Download and install one firewall.

These are good (free) firewalls:
ZoneAlarm --> http://www.zonelabs.com
Kerio--> http://www.sunbelt-software.com/Kerio.cfm
Outpost-> http://www.agnitum.com

Cleaning instructions:

Download and install Ewido anti-malware -> http://www.ewido.net/en/download
Update it, but do NOT run a scan yet. We'll use it later.

Donwload LSPFix -> http://www.cexx.org/lspfix.htm to yuor desktop.
Don't run this program yet. This program is used only if you lost your internet connection during the cleaning.

Go to Control Panel -> Add/Remove programs -> Remove New.Net, NewDotNet, WhenUSearch if found

--->IF New.Net or NewDotNet ain't listed in add/or remove programs, do this<---

1.Un-plug your internet cable.
2.Disable your antispyware and antivirus
3.Download NNuninstall to your desktop http://www.new.net/support/NNuninstall.exe
4.Run NNuninstall.exe file.
->It asks if you want to remove New.Net
->Click Yes.
->When it is done click OK.
->Restart your computer
5.Restart your antivirus
6.Plug your internet cable back.
7.Empty the recycle bin.

(IF you lost your internet connection during the new.net removal, doubleclik LSPFix.exe. Check "I know what I'm doing" option.You see two panels; If something is listed in "Remove" panel on the right side, leave it there and press "Finish>>". Then restart your computer and the connection should work. If nothing is listed in "Remove" panel, DO NOTHING, close LSPFix. Go to some different machine to get help. (This is just a precaution. Usually the internet connection stays ok ;) )

-->Then continue from here<---

Run HijackThis. Press Do a system scan only, then close all other windows, checkmark the following entries and press Fix checked

R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://www.updatesearches.com/search.php?qq=%1
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = http://www.updatesearches.com/
O2 - BHO: URLLink - {4A2AACF3-ADF6-11D5-98A9-00E018981B9E} - C:\Program Files\NewDotNet\newdotnet7_22.dll
O4 - HKLM\..\Run: [Generic Host Process32g System Backup] scvhost32cg.exe
O4 - HKLM\..\Run: [MSNPluginSrvcs] p6.exe
O4 - HKLM\..\Run: [ohwrwzmb] C:\WINDOWS\ohwrwzmb.exe
O4 - HKLM\..\Run: [WhenUSearchWHSE] "C:\Program Files\WhenUSearch\whse.exe"
O4 - HKLM\..\Run: [New.net Startup] rundll32 C:\PROGRA~1\NEWDOT~1\NEWDOT~2.DLL,ClientStartup -s
O4 - HKLM\..\RunServices: [Generic Host Process32g System Backup] scvhost32cg.exe
O4 - HKLM\..\RunServices: [MSNPluginSrvcs] p6.exe
O4 - HKCU\..\Run: [Generic Host Process32g System Backup] scvhost32cg.exe
O4 - HKCU\..\Run: [MSNPluginSrvcs] p6.exe
O9 - Extra button: Microsoft AntiSpyware helper - {A1F38CA3-AB0B-4C5D-B0D2-4DD0EA492F4F} - C:\WINDOWS\System32\wldr.dll (file missing)
O9 - Extra 'Tools' menuitem: Microsoft AntiSpyware helper - {A1F38CA3-AB0B-4C5D-B0D2-4DD0EA492F4F} - C:\WINDOWS\System32\wldr.dll (file missing)
O9 - Extra button: Microsoft AntiSpyware helper - {A1F38CA3-AB0B-4C5D-B0D2-4DD0EA492F4F} - C:\WINDOWS\System32\wldr.dll (file missing) (HKCU)
O9 - Extra 'Tools' menuitem: Microsoft AntiSpyware helper - {A1F38CA3-AB0B-4C5D-B0D2-4DD0EA492F4F} - C:\WINDOWS\System32\wldr.dll (file missing) (HKCU)
O20 - AppInit_DLLs: c:\windows\system32\hk.dll <- if you haven't installed any keyloggers yourself

Make your hidden files visible -> http://www.bleepingcomputer.com/tutorials/tutorial62.html
Restart your computer to the safemode -> http://www.pchell.com/support/safemode.shtml

Delete these folders (if found):
C:\Program Files\NewDotNet
C:\Program Files\WhenUSearch

Delete these files (if found):
C:\WINDOWS\System32\wldr.dll
C:\WINDOWSohwrwzmb.exe
C:\Windows\system32\hk.dll <- if you haven't installed any keyloggers yourself

Use the Windows "search" function
-> Start
-> Search
-> All files and folders
-> More advanced options

Checkmark these options:
- "Search system folders"
- "Search hidden files and folders"
- "Search subfolders"

->Search for this and delete if found: scvhost32cg.exe
->Search for this and delete if found: p6.exe

Clean the Recycle bin and make your hidden files visible again.

When in safemode, open SmitfraudFix folder and doubleclick the file smitfraudfix.cmd
Choose option #2 - Clean by typing 2 and pressing "Enter" in order to remove the infected files.

You are asked: "Registry cleaning - Do you want to clean the registry ?"; answer "Yes" by typing Y and press "Enter" in order to remove your desktop wallpaper and the infected registry keys.

The tool checks if wininet.dll file is infected. You might be asked to replace the infected .dll (if found); answer "Yes" by typing Y and press "Enter".

The tool might have to restart your computer; if it won't do it, restart your computer back to normal mode.
A textfile will appear after the cleaning process, copy this file and paste it to here.

Tha log is saved to your local diskdrive, usually C:\rapport.txt.

Warning : Running option 2 in a clean computer will delete your desktop wallpaper.

Scan and clean your computer with Ewido and save the report.

Download F-Secure Blacklight and save it to your desktop -> http://www.f-secure.com/blacklight/try.shtml

Doubleclick blbeta.exe, accept the agreement, click Scan, then click Next

You'll see a list what have been found. A log will appear to your desktop, it is named fsbl.xxxxxxx.log (xxxxxxx will be random numbers).

DON'T choose Rename if something was found!

Post the contents of fsbl.xxxx.log to here (blacklight log from your desktop)

Post the following logs to here:
-> a fresh HijackThis log
-> Ewido's log
-> contents of C:\rapport.txt
-> Blacklight log

[ + quote]

I have moved from AD, I won''t be taking new HijackThis logs from here. Reason: The AD''s Unsupportive athmosphere.

This message has been edited since posting. Last time this message was edited on 1. June 2006 @ 22:09

metalgod

Newbie

2. June 2006 @ 10:51

Link to this message

Ok, i did all that you told me to do.. Here's the logs !

---------------------------------------------------------------

Logfile of HijackThis v1.99.1
Scan saved at 14:47:34, on 2006-06-02
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\Program Files\ewido anti-malware\ewidoctrl.exe
C:\Program Files\ewido anti-malware\ewidoguard.exe
C:\WINDOWS\runservice.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\VEXPLITE\viritsvc.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\HJT\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: (no name) - {6ab7158b-4bff-4160-ad7d-4d622df548cf} - C:\WINDOWS\System32\hp100.tmp (file missing)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [anvshell] anvshell.exe
O4 - HKLM\..\Run: [LiveNote] livenote.exe
O4 - HKLM\..\Run: [AdaptecDirectCD] "C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [CloneCDTray] "C:\Program Files\SlySoft\CloneCD\CloneCDTray.exe" /s
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [VIRIT LITE MONITOR] C:\VEXPLITE\MONLITE.EXE
O4 - Startup: Eurobarre.lnk = ?
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab31...
O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab31267.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://spaces.msn.com//PhotoUpload/MsnPUpld.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://messenger.zone.msn.com/binary/ZIntro.cab32846.cab
O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/SolitaireShowdown.cab31267.cab
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido anti-malware\ewidoctrl.exe
O23 - Service: ewido security suite guard - ewido networks - C:\Program Files\ewido anti-malware\ewidoguard.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LicCtrl Service (LicCtrlService) - Unknown owner - C:\WINDOWS\runservice.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: Virit eXplorer Lite (viritsvclite) - TG Soft Sas www.tgsoft.it - C:\VEXPLITE\viritsvc.exe

----------------------------------------------------------------

---------------------------------------------------------
ewido anti-malware - Scan report
---------------------------------------------------------

+ Created on: 14:40:36, 2006-06-02
+ Report-Checksum: E9B841F1

+ Scan result:

HKLM\SOFTWARE\Classes\WUSN.1 -> Adware.SaveNow : Cleaned with backup
HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\ins -> Adware.WebRebates : Cleaned with backup
HKU\S-1-5-21-746137067-1637723038-839522115-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\CLSID\{0c7416f0-dd23-420f-97f5-aae352ea2bf1} -> Trojan.Small : Cleaned with backup
:mozilla.20:C:\Documents and Settings\Alexandre\Application Data\Mozilla\Firefox\Profiles\bxkkjb17.default\cookies.txt -> TrackingCookie.Sextracker : Cleaned with backup
:mozilla.21:C:\Documents and Settings\Alexandre\Application Data\Mozilla\Firefox\Profiles\bxkkjb17.default\cookies.txt -> TrackingCookie.Sextracker : Cleaned with backup
:mozilla.35:C:\Documents and Settings\Alexandre\Application Data\Mozilla\Firefox\Profiles\bxkkjb17.default\cookies.txt -> TrackingCookie.Weborama : Cleaned with backup
:mozilla.36:C:\Documents and Settings\Alexandre\Application Data\Mozilla\Firefox\Profiles\bxkkjb17.default\cookies.txt -> TrackingCookie.Doubleclick : Cleaned with backup
:mozilla.38:C:\Documents and Settings\Alexandre\Application Data\Mozilla\Firefox\Profiles\bxkkjb17.default\cookies.txt -> TrackingCookie.Sexlist : Cleaned with backup
:mozilla.39:C:\Documents and Settings\Alexandre\Application Data\Mozilla\Firefox\Profiles\bxkkjb17.default\cookies.txt -> TrackingCookie.Sexlist : Cleaned with backup
:mozilla.40:C:\Documents and Settings\Alexandre\Application Data\Mozilla\Firefox\Profiles\bxkkjb17.default\cookies.txt -> TrackingCookie.Sexlist : Cleaned with backup
:mozilla.41:C:\Documents and Settings\Alexandre\Application Data\Mozilla\Firefox\Profiles\bxkkjb17.default\cookies.txt -> TrackingCookie.Sexlist : Cleaned with backup
:mozilla.42:C:\Documents and Settings\Alexandre\Application Data\Mozilla\Firefox\Profiles\bxkkjb17.default\cookies.txt -> TrackingCookie.Sexlist : Cleaned with backup
:mozilla.43:C:\Documents and Settings\Alexandre\Application Data\Mozilla\Firefox\Profiles\bxkkjb17.default\cookies.txt -> TrackingCookie.Sexlist : Cleaned with backup
:mozilla.44:C:\Documents and Settings\Alexandre\Application Data\Mozilla\Firefox\Profiles\bxkkjb17.default\cookies.txt -> TrackingCookie.Sexlist : Cleaned with backup
:mozilla.45:C:\Documents and Settings\Alexandre\Application Data\Mozilla\Firefox\Profiles\bxkkjb17.default\cookies.txt -> TrackingCookie.Sexlist : Cleaned with backup
:mozilla.46:C:\Documents and Settings\Alexandre\Application Data\Mozilla\Firefox\Profiles\bxkkjb17.default\cookies.txt -> TrackingCookie.Sexlist : Cleaned with backup
:mozilla.47:C:\Documents and Settings\Alexandre\Application Data\Mozilla\Firefox\Profiles\bxkkjb17.default\cookies.txt -> TrackingCookie.Sexlist : Cleaned with backup
:mozilla.48:C:\Documents and Settings\Alexandre\Application Data\Mozilla\Firefox\Profiles\bxkkjb17.default\cookies.txt -> TrackingCookie.Sexlist : Cleaned with backup
:mozilla.49:C:\Documents and Settings\Alexandre\Application Data\Mozilla\Firefox\Profiles\bxkkjb17.default\cookies.txt -> TrackingCookie.Sexlist : Cleaned with backup
:mozilla.50:C:\Documents and Settings\Alexandre\Application Data\Mozilla\Firefox\Profiles\bxkkjb17.default\cookies.txt -> TrackingCookie.Sexlist : Cleaned with backup
:mozilla.51:C:\Documents and Settings\Alexandre\Application Data\Mozilla\Firefox\Profiles\bxkkjb17.default\cookies.txt -> TrackingCookie.Sexlist : Cleaned with backup
:mozilla.52:C:\Documents and Settings\Alexandre\Application Data\Mozilla\Firefox\Profiles\bxkkjb17.default\cookies.txt -> TrackingCookie.Sexlist : Cleaned with backup
:mozilla.53:C:\Documents and Settings\Alexandre\Application Data\Mozilla\Firefox\Profiles\bxkkjb17.default\cookies.txt -> TrackingCookie.Sexlist : Cleaned with backup
:mozilla.54:C:\Documents and Settings\Alexandre\Application Data\Mozilla\Firefox\Profiles\bxkkjb17.default\cookies.txt -> TrackingCookie.Sexlist : Cleaned with backup
:mozilla.55:C:\Documents and Settings\Alexandre\Application Data\Mozilla\Firefox\Profiles\bxkkjb17.default\cookies.txt -> TrackingCookie.Sexlist : Cleaned with backup
:mozilla.56:C:\Documents and Settings\Alexandre\Application Data\Mozilla\Firefox\Profiles\bxkkjb17.default\cookies.txt -> TrackingCookie.Sexlist : Cleaned with backup
:mozilla.57:C:\Documents and Settings\Alexandre\Application Data\Mozilla\Firefox\Profiles\bxkkjb17.default\cookies.txt -> TrackingCookie.Sexlist : Cleaned with backup
:mozilla.58:C:\Documents and Settings\Alexandre\Application Data\Mozilla\Firefox\Profiles\bxkkjb17.default\cookies.txt -> TrackingCookie.Sexlist : Cleaned with backup
:mozilla.59:C:\Documents and Settings\Alexandre\Application Data\Mozilla\Firefox\Profiles\bxkkjb17.default\cookies.txt -> TrackingCookie.Sexlist : Cleaned with backup
:mozilla.60:C:\Documents and Settings\Alexandre\Application Data\Mozilla\Firefox\Profiles\bxkkjb17.default\cookies.txt -> TrackingCookie.Sexlist : Cleaned with backup
:mozilla.61:C:\Documents and Settings\Alexandre\Application Data\Mozilla\Firefox\Profiles\bxkkjb17.default\cookies.txt -> TrackingCookie.Sexlist : Cleaned with backup
:mozilla.62:C:\Documents and Settings\Alexandre\Application Data\Mozilla\Firefox\Profiles\bxkkjb17.default\cookies.txt -> TrackingCookie.Sexlist : Cleaned with backup
:mozilla.63:C:\Documents and Settings\Alexandre\Application Data\Mozilla\Firefox\Profiles\bxkkjb17.default\cookies.txt -> TrackingCookie.Sexlist : Cleaned with backup
:mozilla.64:C:\Documents and Settings\Alexandre\Application Data\Mozilla\Firefox\Profiles\bxkkjb17.default\cookies.txt -> TrackingCookie.Sexlist : Cleaned with backup
:mozilla.65:C:\Documents and Settings\Alexandre\Application Data\Mozilla\Firefox\Profiles\bxkkjb17.default\cookies.txt -> TrackingCookie.Sexlist : Cleaned with backup
:mozilla.66:C:\Documents and Settings\Alexandre\Application Data\Mozilla\Firefox\Profiles\bxkkjb17.default\cookies.txt -> TrackingCookie.Sexlist : Cleaned with backup
:mozilla.67:C:\Documents and Settings\Alexandre\Application Data\Mozilla\Firefox\Profiles\bxkkjb17.default\cookies.txt -> TrackingCookie.Sexlist : Cleaned with backup
:mozilla.68:C:\Documents and Settings\Alexandre\Application Data\Mozilla\Firefox\Profiles\bxkkjb17.default\cookies.txt -> TrackingCookie.Sexlist : Cleaned with backup
:mozilla.69:C:\Documents and Settings\Alexandre\Application Data\Mozilla\Firefox\Profiles\bxkkjb17.default\cookies.txt -> TrackingCookie.Sexlist : Cleaned with backup
:mozilla.70:C:\Documents and Settings\Alexandre\Application Data\Mozilla\Firefox\Profiles\bxkkjb17.default\cookies.txt -> TrackingCookie.Sexlist : Cleaned with backup
:mozilla.71:C:\Documents and Settings\Alexandre\Application Data\Mozilla\Firefox\Profiles\bxkkjb17.default\cookies.txt -> TrackingCookie.Sexlist : Cleaned with backup
:mozilla.72:C:\Documents and Settings\Alexandre\Application Data\Mozilla\Firefox\Profiles\bxkkjb17.default\cookies.txt -> TrackingCookie.Sexlist : Cleaned with backup
:mozilla.73:C:\Documents and Settings\Alexandre\Application Data\Mozilla\Firefox\Profiles\bxkkjb17.default\cookies.txt -> TrackingCookie.Sexlist : Cleaned with backup
:mozilla.74:C:\Documents and Settings\Alexandre\Application Data\Mozilla\Firefox\Profiles\bxkkjb17.default\cookies.txt -> TrackingCookie.Sexlist : Cleaned with backup
:mozilla.75:C:\Documents and Settings\Alexandre\Application Data\Mozilla\Firefox\Profiles\bxkkjb17.default\cookies.txt -> TrackingCookie.Paycounter : Cleaned with backup
:mozilla.76:C:\Documents and Settings\Alexandre\Application Data\Mozilla\Firefox\Profiles\bxkkjb17.default\cookies.txt -> TrackingCookie.Sexcounter : Cleaned with backup
:mozilla.77:C:\Documents and Settings\Alexandre\Application Data\Mozilla\Firefox\Profiles\bxkkjb17.default\cookies.txt -> TrackingCookie.Sexcounter : Cleaned with backup
:mozilla.78:C:\Documents and Settings\Alexandre\Application Data\Mozilla\Firefox\Profiles\bxkkjb17.default\cookies.txt -> TrackingCookie.Sexcounter : Cleaned with backup
:mozilla.79:C:\Documents and Settings\Alexandre\Application Data\Mozilla\Firefox\Profiles\bxkkjb17.default\cookies.txt -> TrackingCookie.Sexcounter : Cleaned with backup
:mozilla.80:C:\Documents and Settings\Alexandre\Application Data\Mozilla\Firefox\Profiles\bxkkjb17.default\cookies.txt -> TrackingCookie.Sexcounter : Cleaned with backup
:mozilla.81:C:\Documents and Settings\Alexandre\Application Data\Mozilla\Firefox\Profiles\bxkkjb17.default\cookies.txt -> TrackingCookie.Sexcounter : Cleaned with backup
:mozilla.82:C:\Documents and Settings\Alexandre\Application Data\Mozilla\Firefox\Profiles\bxkkjb17.default\cookies.txt -> TrackingCookie.Sexcounter : Cleaned with backup
:mozilla.83:C:\Documents and Settings\Alexandre\Application Data\Mozilla\Firefox\Profiles\bxkkjb17.default\cookies.txt -> TrackingCookie.Sexcounter : Cleaned with backup
:mozilla.84:C:\Documents and Settings\Alexandre\Application Data\Mozilla\Firefox\Profiles\bxkkjb17.default\cookies.txt -> TrackingCookie.Sexcounter : Cleaned with backup
:mozilla.85:C:\Documents and Settings\Alexandre\Application Data\Mozilla\Firefox\Profiles\bxkkjb17.default\cookies.txt -> TrackingCookie.Sexcounter : Cleaned with backup
:mozilla.86:C:\Documents and Settings\Alexandre\Application Data\Mozilla\Firefox\Profiles\bxkkjb17.default\cookies.txt -> TrackingCookie.Sexcounter : Cleaned with backup
:mozilla.87:C:\Documents and Settings\Alexandre\Application Data\Mozilla\Firefox\Profiles\bxkkjb17.default\cookies.txt -> TrackingCookie.Sexcounter : Cleaned with backup
:mozilla.88:C:\Documents and Settings\Alexandre\Application Data\Mozilla\Firefox\Profiles\bxkkjb17.default\cookies.txt -> TrackingCookie.Sexcounter : Cleaned with backup
:mozilla.89:C:\Documents and Settings\Alexandre\Application Data\Mozilla\Firefox\Profiles\bxkkjb17.default\cookies.txt -> TrackingCookie.Sexcounter : Cleaned with backup
:mozilla.90:C:\Documents and Settings\Alexandre\Application Data\Mozilla\Firefox\Profiles\bxkkjb17.default\cookies.txt -> TrackingCookie.Sexcounter : Cleaned with backup
:mozilla.91:C:\Documents and Settings\Alexandre\Application Data\Mozilla\Firefox\Profiles\bxkkjb17.default\cookies.txt -> TrackingCookie.Sexcounter : Cleaned with backup
:mozilla.92:C:\Documents and Settings\Alexandre\Application Data\Mozilla\Firefox\Profiles\bxkkjb17.default\cookies.txt -> TrackingCookie.Sexcounter : Cleaned with backup
:mozilla.93:C:\Documents and Settings\Alexandre\Application Data\Mozilla\Firefox\Profiles\bxkkjb17.default\cookies.txt -> TrackingCookie.Sexcounter : Cleaned with backup
:mozilla.94:C:\Documents and Settings\Alexandre\Application Data\Mozilla\Firefox\Profiles\bxkkjb17.default\cookies.txt -> TrackingCookie.Sexcounter : Cleaned with backup
:mozilla.95:C:\Documents and Settings\Alexandre\Application Data\Mozilla\Firefox\Profiles\bxkkjb17.default\cookies.txt -> TrackingCookie.Sexcounter : Cleaned with backup
:mozilla.96:C:\Documents and Settings\Alexandre\Application Data\Mozilla\Firefox\Profiles\bxkkjb17.default\cookies.txt -> TrackingCookie.Sexcounter : Cleaned with backup
:mozilla.97:C:\Documents and Settings\Alexandre\Application Data\Mozilla\Firefox\Profiles\bxkkjb17.default\cookies.txt -> TrackingCookie.Sexcounter : Cleaned with backup
:mozilla.98:C:\Documents and Settings\Alexandre\Application Data\Mozilla\Firefox\Profiles\bxkkjb17.default\cookies.txt -> TrackingCookie.Sexcounter : Cleaned with backup
:mozilla.99:C:\Documents and Settings\Alexandre\Application Data\Mozilla\Firefox\Profiles\bxkkjb17.default\cookies.txt -> TrackingCookie.Sexcounter : Cleaned with backup
:mozilla.100:C:\Documents and Settings\Alexandre\Application Data\Mozilla\Firefox\Profiles\bxkkjb17.default\cookies.txt -> TrackingCookie.Sexcounter : Cleaned with backup
:mozilla.101:C:\Documents and Settings\Alexandre\Application Data\Mozilla\Firefox\Profiles\bxkkjb17.default\cookies.txt -> TrackingCookie.Sexcounter : Cleaned with backup
:mozilla.102:C:\Documents and Settings\Alexandre\Application Data\Mozilla\Firefox\Profiles\bxkkjb17.default\cookies.txt -> TrackingCookie.Sexcounter : Cleaned with backup
:mozilla.103:C:\Documents and Settings\Alexandre\Application Data\Mozilla\Firefox\Profiles\bxkkjb17.default\cookies.txt -> TrackingCookie.Sexcounter : Cleaned with backup
:mozilla.104:C:\Documents and Settings\Alexandre\Application Data\Mozilla\Firefox\Profiles\bxkkjb17.default\cookies.txt -> TrackingCookie.Sexcounter : Cleaned with backup
:mozilla.105:C:\Documents and Settings\Alexandre\Application Data\Mozilla\Firefox\Profiles\bxkkjb17.default\cookies.txt -> TrackingCookie.Sexcounter : Cleaned with backup
:mozilla.106:C:\Documents and Settings\Alexandre\Application Data\Mozilla\Firefox\Profiles\bxkkjb17.default\cookies.txt -> TrackingCookie.Sexcounter : Cleaned with backup
:mozilla.107:C:\Documents and Settings\Alexandre\Application Data\Mozilla\Firefox\Profiles\bxkkjb17.default\cookies.txt -> TrackingCookie.Sexcounter : Cleaned with backup
:mozilla.108:C:\Documents and Settings\Alexandre\Application Data\Mozilla\Firefox\Profiles\bxkkjb17.default\cookies.txt -> TrackingCookie.Sexcounter : Cleaned with backup
:mozilla.109:C:\Documents and Settings\Alexandre\Application Data\Mozilla\Firefox\Profiles\bxkkjb17.default\cookies.txt -> TrackingCookie.Sexcounter : Cleaned with backup
:mozilla.110:C:\Documents and Settings\Alexandre\Application Data\Mozilla\Firefox\Profiles\bxkkjb17.default\cookies.txt -> TrackingCookie.Sexcounter : Cleaned with backup
:mozilla.111:C:\Documents and Settings\Alexandre\Application Data\Mozilla\Firefox\Profiles\bxkkjb17.default\cookies.txt -> TrackingCookie.Sexcounter : Cleaned with backup
:mozilla.112:C:\Documents and Settings\Alexandre\Application Data\Mozilla\Firefox\Profiles\bxkkjb17.default\cookies.txt -> TrackingCookie.Sexcounter : Cleaned with backup
:mozilla.113:C:\Documents and Settings\Alexandre\Application Data\Mozilla\Firefox\Profiles\bxkkjb17.default\cookies.txt -> TrackingCookie.Sexcounter : Cleaned with backup
:mozilla.114:C:\Documents and Settings\Alexandre\Application Data\Mozilla\Firefox\Profiles\bxkkjb17.default\cookies.txt -> TrackingCookie.Sexcounter : Cleaned with backup
:mozilla.115:C:\Documents and Settings\Alexandre\Application Data\Mozilla\Firefox\Profiles\bxkkjb17.default\cookies.txt -> TrackingCookie.Sexcounter : Cleaned with backup
:mozilla.116:C:\Documents and Settings\Alexandre\Application Data\Mozilla\Firefox\Profiles\bxkkjb17.default\cookies.txt -> TrackingCookie.Sexcounter : Cleaned with backup
:mozilla.117:C:\Documents and Settings\Alexandre\Application Data\Mozilla\Firefox\Profiles\bxkkjb17.default\cookies.txt -> TrackingCookie.Sexcounter : Cleaned with backup
:mozilla.118:C:\Documents and Settings\Alexandre\Application Data\Mozilla\Firefox\Profiles\bxkkjb17.default\cookies.txt -> TrackingCookie.Sexcounter : Cleaned with backup
:mozilla.119:C:\Documents and Settings\Alexandre\Application Data\Mozilla\Firefox\Profiles\bxkkjb17.default\cookies.txt -> TrackingCookie.Sexcounter : Cleaned with backup
:mozilla.120:C:\Documents and Settings\Alexandre\Application Data\Mozilla\Firefox\Profiles\bxkkjb17.default\cookies.txt -> TrackingCookie.Sexcounter : Cleaned with backup
:mozilla.121:C:\Documents and Settings\Alexandre\Application Data\Mozilla\Firefox\Profiles\bxkkjb17.default\cookies.txt -> TrackingCookie.Sexcounter : Cleaned with backup
:mozilla.122:C:\Documents and Settings\Alexandre\Application Data\Mozilla\Firefox\Profiles\bxkkjb17.default\cookies.txt -> TrackingCookie.Sexcounter : Cleaned with backup
:mozilla.123:C:\Documents and Settings\Alexandre\Application Data\Mozilla\Firefox\Profiles\bxkkjb17.default\cookies.txt -> TrackingCookie.Sexcounter : Cleaned with backup
:mozilla.124:C:\Documents and Settings\Alexandre\Application Data\Mozilla\Firefox\Profiles\bxkkjb17.default\cookies.txt -> TrackingCookie.Sexcounter : Cleaned with backup
:mozilla.125:C:\Documents and Settings\Alexandre\Application Data\Mozilla\Firefox\Profiles\bxkkjb17.default\cookies.txt -> TrackingCookie.Sexcounter : Cleaned with backup
:mozilla.126:C:\Documents and Settings\Alexandre\Application Data\Mozilla\Firefox\Profiles\bxkkjb17.default\cookies.txt -> TrackingCookie.Sexcounter : Cleaned with backup
:mozilla.127:C:\Documents and Settings\Alexandre\Application Data\Mozilla\Firefox\Profiles\bxkkjb17.default\cookies.txt -> TrackingCookie.Sexcounter : Cleaned with backup
:mozilla.149:C:\Documents and Settings\Alexandre\Application Data\Mozilla\Firefox\Profiles\bxkkjb17.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup
:mozilla.150:C:\Documents and Settings\Alexandre\Application Data\Mozilla\Firefox\Profiles\bxkkjb17.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup
:mozilla.151:C:\Documents and Settings\Alexandre\Application Data\Mozilla\Firefox\Profiles\bxkkjb17.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup
:mozilla.152:C:\Documents and Settings\Alexandre\Application Data\Mozilla\Firefox\Profiles\bxkkjb17.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup
:mozilla.162:C:\Documents and Settings\Alexandre\Application Data\Mozilla\Firefox\Profiles\bxkkjb17.default\cookies.txt -> TrackingCookie.Tracking101 : Cleaned with backup
:mozilla.165:C:\Documents and Settings\Alexandre\Application Data\Mozilla\Firefox\Profiles\bxkkjb17.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned with backup
:mozilla.166:C:\Documents and Settings\Alexandre\Application Data\Mozilla\Firefox\Profiles\bxkkjb17.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned with backup
:mozilla.167:C:\Documents and Settings\Alexandre\Application Data\Mozilla\Firefox\Profiles\bxkkjb17.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned with backup
:mozilla.168:C:\Documents and Settings\Alexandre\Application Data\Mozilla\Firefox\Profiles\bxkkjb17.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned with backup
:mozilla.169:C:\Documents and Settings\Alexandre\Application Data\Mozilla\Firefox\Profiles\bxkkjb17.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned with backup
:mozilla.170:C:\Documents and Settings\Alexandre\Application Data\Mozilla\Firefox\Profiles\bxkkjb17.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned with backup
:mozilla.171:C:\Documents and Settings\Alexandre\Application Data\Mozilla\Firefox\Profiles\bxkkjb17.default\cookies.txt -> TrackingCookie.Falkag : Cleaned with backup
:mozilla.191:C:\Documents and Settings\Alexandre\Application Data\Mozilla\Firefox\Profiles\bxkkjb17.default\cookies.txt -> TrackingCookie.Adserver : Cleaned with backup
:mozilla.192:C:\Documents and Settings\Alexandre\Application Data\Mozilla\Firefox\Profiles\bxkkjb17.default\cookies.txt -> TrackingCookie.Adserver : Cleaned with backup
:mozilla.193:C:\Documents and Settings\Alexandre\Application Data\Mozilla\Firefox\Profiles\bxkkjb17.default\cookies.txt -> TrackingCookie.Adserver : Cleaned with backup
:mozilla.240:C:\Documents and Settings\Alexandre\Application Data\Mozilla\Firefox\Profiles\bxkkjb17.default\cookies.txt -> TrackingCookie.Trafficmp : Cleaned with backup
:mozilla.241:C:\Documents and Settings\Alexandre\Application Data\Mozilla\Firefox\Profiles\bxkkjb17.default\cookies.txt -> TrackingCookie.Trafficmp : Cleaned with backup
:mozilla.242:C:\Documents and Settings\Alexandre\Application Data\Mozilla\Firefox\Profiles\bxkkjb17.default\cookies.txt -> TrackingCookie.Trafficmp : Cleaned with backup
:mozilla.243:C:\Documents and Settings\Alexandre\Application Data\Mozilla\Firefox\Profiles\bxkkjb17.default\cookies.txt -> TrackingCookie.Trafficmp : Cleaned with backup
:mozilla.244:C:\Documents and Settings\Alexandre\Application Data\Mozilla\Firefox\Profiles\bxkkjb17.default\cookies.txt -> TrackingCookie.Trafficmp : Cleaned with backup
:mozilla.245:C:\Documents and Settings\Alexandre\Application Data\Mozilla\Firefox\Profiles\bxkkjb17.default\cookies.txt -> TrackingCookie.Trafficmp : Cleaned with backup
:mozilla.246:C:\Documents and Settings\Alexandre\Application Data\Mozilla\Firefox\Profiles\bxkkjb17.default\cookies.txt -> TrackingCookie.Trafficmp : Cleaned with backup
:mozilla.249:C:\Documents and Settings\Alexandre\Application Data\Mozilla\Firefox\Profiles\bxkkjb17.default\cookies.txt -> TrackingCookie.Fastclick : Cleaned with backup
:mozilla.253:C:\Documents and Settings\Alexandre\Application Data\Mozilla\Firefox\Profiles\bxkkjb17.default\cookies.txt -> TrackingCookie.Smartadserver : Cleaned with backup
:mozilla.254:C:\Documents and Settings\Alexandre\Application Data\Mozilla\Firefox\Profiles\bxkkjb17.default\cookies.txt -> TrackingCookie.Smartadserver : Cleaned with backup
:mozilla.255:C:\Documents and Settings\Alexandre\Application Data\Mozilla\Firefox\Profiles\bxkkjb17.default\cookies.txt -> TrackingCookie.Smartadserver : Cleaned with backup
:mozilla.262:C:\Documents and Settings\Alexandre\Application Data\Mozilla\Firefox\Profiles\bxkkjb17.default\cookies.txt -> TrackingCookie.Masterstats : Cleaned with backup
:mozilla.265:C:\Documents and Settings\Alexandre\Application Data\Mozilla\Firefox\Profiles\bxkkjb17.default\cookies.txt -> TrackingCookie.Clickzs : Cleaned with backup
:mozilla.266:C:\Documents and Settings\Alexandre\Application Data\Mozilla\Firefox\Profiles\bxkkjb17.default\cookies.txt -> TrackingCookie.Clickzs : Cleaned with backup
:mozilla.281:C:\Documents and Settings\Alexandre\Application Data\Mozilla\Firefox\Profiles\bxkkjb17.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned with backup
:mozilla.282:C:\Documents and Settings\Alexandre\Application Data\Mozilla\Firefox\Profiles\bxkkjb17.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned with backup
:mozilla.283:C:\Documents and Settings\Alexandre\Application Data\Mozilla\Firefox\Profiles\bxkkjb17.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned with backup
:mozilla.284:C:\Documents and Settings\Alexandre\Application Data\Mozilla\Firefox\Profiles\bxkkjb17.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned with backup
:mozilla.285:C:\Documents and Settings\Alexandre\Application Data\Mozilla\Firefox\Profiles\bxkkjb17.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned with backup
:mozilla.286:C:\Documents and Settings\Alexandre\Application Data\Mozilla\Firefox\Profiles\bxkkjb17.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned with backup
:mozilla.287:C:\Documents and Settings\Alexandre\Application Data\Mozilla\Firefox\Profiles\bxkkjb17.default\cookies.txt -> TrackingCookie.Clickzs : Cleaned with backup
:mozilla.288:C:\Documents and Settings\Alexandre\Application Data\Mozilla\Firefox\Profiles\bxkkjb17.default\cookies.txt -> TrackingCookie.Clickzs : Cleaned with backup
:mozilla.289:C:\Documents and Settings\Alexandre\Application Data\Mozilla\Firefox\Profiles\bxkkjb17.default\cookies.txt -> TrackingCookie.Clickzs : Cleaned with backup
:mozilla.290:C:\Documents and Settings\Alexandre\Application Data\Mozilla\Firefox\Profiles\bxkkjb17.default\cookies.txt -> TrackingCookie.Clickzs : Cleaned with backup
:mozilla.291:C:\Documents and Settings\Alexandre\Application Data\Mozilla\Firefox\Profiles\bxkkjb17.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned with backup
:mozilla.292:C:\Documents and Settings\Alexandre\Application Data\Mozilla\Firefox\Profiles\bxkkjb17.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned with backup
:mozilla.293:C:\Documents and Settings\Alexandre\Application Data\Mozilla\Firefox\Profiles\bxkkjb17.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned with backup
:mozilla.294:C:\Documents and Settings\Alexandre\Application Data\Mozilla\Firefox\Profiles\bxkkjb17.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned with backup
:mozilla.295:C:\Documents and Settings\Alexandre\Application Data\Mozilla\Firefox\Profiles\bxkkjb17.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned with backup
:mozilla.296:C:\Documents and Settings\Alexandre\Application Data\Mozilla\Firefox\Profiles\bxkkjb17.default\cookies.txt -> TrackingCookie.Com : Cleaned with backup
:mozilla.297:C:\Documents and Settings\Alexandre\Application Data\Mozilla\Firefox\Profiles\bxkkjb17.default\cookies.txt -> TrackingCookie.Com : Cleaned with backup
:mozilla.304:C:\Documents and Settings\Alexandre\Application Data\Mozilla\Firefox\Profiles\bxkkjb17.default\cookies.txt -> TrackingCookie.Atdmt : Cleaned with backup
:mozilla.345:C:\Documents and Settings\Alexandre\Application Data\Mozilla\Firefox\Profiles\bxkkjb17.default\cookies.txt -> TrackingCookie.Adocean : Cleaned with backup
:mozilla.346:C:\Documents and Settings\Alexandre\Application Data\Mozilla\Firefox\Profiles\bxkkjb17.default\cookies.txt -> TrackingCookie.Adocean : Cleaned with backup
:mozilla.350:C:\Documents and Settings\Alexandre\Application Data\Mozilla\Firefox\Profiles\bxkkjb17.default\cookies.txt -> TrackingCookie.Revenue : Cleaned with backup
:mozilla.367:C:\Documents and Settings\Alexandre\Application Data\Mozilla\Firefox\Profiles\bxkkjb17.default\cookies.txt -> TrackingCookie.Questionmarket : Cleaned with backup
:mozilla.369:C:\Documents and Settings\Alexandre\Application Data\Mozilla\Firefox\Profiles\bxkkjb17.default\cookies.txt -> TrackingCookie.Mediaplex : Cleaned with backup
:mozilla.371:C:\Documents and Settings\Alexandre\Application Data\Mozilla\Firefox\Profiles\bxkkjb17.default\cookies.txt -> TrackingCookie.Coremetrics : Cleaned with backup
:mozilla.378:C:\Documents and Settings\Alexandre\Application Data\Mozilla\Firefox\Profiles\bxkkjb17.default\cookies.txt -> TrackingCookie.Webtrendslive : Cleaned with backup
:mozilla.379:C:\Documents and Settings\Alexandre\Application Data\Mozilla\Firefox\Profiles\bxkkjb17.default\cookies.txt -> TrackingCookie.Webtrendslive : Cleaned with backup
:mozilla.380:C:\Documents and Settings\Alexandre\Application Data\Mozilla\Firefox\Profiles\bxkkjb17.default\cookies.txt -> TrackingCookie.Webtrendslive : Cleaned with backup
:mozilla.381:C:\Documents and Settings\Alexandre\Application Data\Mozilla\Firefox\Profiles\bxkkjb17.default\cookies.txt -> TrackingCookie.Webtrendslive : Cleaned with backup
:mozilla.382:C:\Documents and Settings\Alexandre\Application Data\Mozilla\Firefox\Profiles\bxkkjb17.default\cookies.txt -> TrackingCookie.Webtrendslive : Cleaned with backup
:mozilla.383:C:\Documents and Settings\Alexandre\Application Data\Mozilla\Firefox\Profiles\bxkkjb17.default\cookies.txt -> TrackingCookie.Webtrendslive : Cleaned with backup
C:\Documents and Settings\Alexandre\Application Data\Mozilla\Firefox\Profiles\gjue2y7f.Alex\Cache\D536F5E0d01 -> Not-A-Virus.Exploit.HTML.CodeBaseExec : Cleaned with backup
C:\Documents and Settings\Alexandre\Application Data\Mozilla\Firefox\Profiles\gjue2y7f.Alex\Cache\EFA351F7d01 -> Adware.NewDotNet : Cleaned with backup
:mozilla.16:C:\Documents and Settings\Alexandre\Application Data\Mozilla\Firefox\Profiles\gjue2y7f.Alex\cookies.txt -> TrackingCookie.Doubleclick : Cleaned with backup
:mozilla.32:C:\Documents and Settings\Alexandre\Application Data\Mozilla\Firefox\Profiles\gjue2y7f.Alex\cookies.txt -> TrackingCookie.Advertising : Cleaned with backup
:mozilla.33:C:\Documents and Settings\Alexandre\Application Data\Mozilla\Firefox\Profiles\gjue2y7f.Alex\cookies.txt -> TrackingCookie.Advertising : Cleaned with backup
:mozilla.43:C:\Documents and Settings\Alexandre\Application Data\Mozilla\Firefox\Profiles\gjue2y7f.Alex\cookies.txt -> TrackingCookie.Advertising : Cleaned with backup
:mozilla.44:C:\Documents and Settings\Alexandre\Application Data\Mozilla\Firefox\Profiles\gjue2y7f.Alex\cookies.txt -> TrackingCookie.Advertising : Cleaned with backup
:mozilla.45:C:\Documents and Settings\Alexandre\Application Data\Mozilla\Firefox\Profiles\gjue2y7f.Alex\cookies.txt -> TrackingCookie.Casalemedia : Cleaned with backup
:mozilla.46:C:\Documents and Settings\Alexandre\Application Data\Mozilla\Firefox\Profiles\gjue2y7f.Alex\cookies.txt -> TrackingCookie.Casalemedia : Cleaned with backup
:mozilla.47:C:\Documents and Settings\Alexandre\Application Data\Mozilla\Firefox\Profiles\gjue2y7f.Alex\cookies.txt -> TrackingCookie.Casalemedia : Cleaned with backup
:mozilla.48:C:\Documents and Settings\Alexandre\Application Data\Mozilla\Firefox\Profiles\gjue2y7f.Alex\cookies.txt -> TrackingCookie.Casalemedia : Cleaned with backup
:mozilla.49:C:\Documents and Settings\Alexandre\Application Data\Mozilla\Firefox\Profiles\gjue2y7f.Alex\cookies.txt -> TrackingCookie.Casalemedia : Cleaned with backup
:mozilla.50:C:\Documents and Settings\Alexandre\Application Data\Mozilla\Firefox\Profiles\gjue2y7f.Alex\cookies.txt -> TrackingCookie.Casalemedia : Cleaned with backup
:mozilla.51:C:\Documents and Settings\Alexandre\Application Data\Mozilla\Firefox\Profiles\gjue2y7f.Alex\cookies.txt -> TrackingCookie.Casalemedia : Cleaned with backup
:mozilla.52:C:\Documents and Settings\Alexandre\Application Data\Mozilla\Firefox\Profiles\gjue2y7f.Alex\cookies.txt -> TrackingCookie.Casalemedia : Cleaned with backup
:mozilla.53:C:\Documents and Settings\Alexandre\Application Data\Mozilla\Firefox\Profiles\gjue2y7f.Alex\cookies.txt -> TrackingCookie.Casalemedia : Cleaned with backup
:mozilla.54:C:\Documents and Settings\Alexandre\Application Data\Mozilla\Firefox\Profiles\gjue2y7f.Alex\cookies.txt -> TrackingCookie.Casalemedia : Cleaned with backup
:mozilla.59:C:\Documents and Settings\Alexandre\Application Data\Mozilla\Firefox\Profiles\gjue2y7f.Alex\cookies.txt -> TrackingCookie.Casalemedia : Cleaned with backup
:mozilla.65:C:\Documents and Settings\Alexandre\Application Data\Mozilla\Firefox\Profiles\gjue2y7f.Alex\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned with backup
:mozilla.66:C:\Documents and Settings\Alexandre\Application Data\Mozilla\Firefox\Profiles\gjue2y7f.Alex\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned with backup
:mozilla.67:C:\Documents and Settings\Alexandre\Application Data\Mozilla\Firefox\Profiles\gjue2y7f.Alex\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned with backup
:mozilla.68:C:\Documents and Settings\Alexandre\Application Data\Mozilla\Firefox\Profiles\gjue2y7f.Alex\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned with backup
:mozilla.69:C:\Documents and Settings\Alexandre\Application Data\Mozilla\Firefox\Profiles\gjue2y7f.Alex\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned with backup
:mozilla.70:C:\Documents and Settings\Alexandre\Application Data\Mozilla\Firefox\Profiles\gjue2y7f.Alex\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned with backup
:mozilla.72:C:\Documents and Settings\Alexandre\Application Data\Mozilla\Firefox\Profiles\gjue2y7f.Alex\cookies.txt -> TrackingCookie.Tribalfusion : Cleaned with backup
:mozilla.79:C:\Documents and Settings\Alexandre\Application Data\Mozilla\Firefox\Profiles\gjue2y7f.Alex\cookies.txt -> TrackingCookie.Adjuggler : Cleaned with backup
:mozilla.81:C:\Documents and Settings\Alexandre\Application Data\Mozilla\Firefox\Profiles\gjue2y7f.Alex\cookies.txt -> TrackingCookie.Hitbox : Cleaned with backup
:mozilla.82:C:\Documents and Settings\Alexandre\Application Data\Mozilla\Firefox\Profiles\gjue2y7f.Alex\cookies.txt -> TrackingCookie.Hitbox : Cleaned with backup
:mozilla.83:C:\Documents and Settings\Alexandre\Application Data\Mozilla\Firefox\Profiles\gjue2y7f.Alex\cookies.txt -> TrackingCookie.Hitbox : Cleaned with backup
:mozilla.88:C:\Documents and Settings\Alexandre\Application Data\Mozilla\Firefox\Profiles\gjue2y7f.Alex\cookies.txt -> TrackingCookie.Fastclick : Cleaned with backup
:mozilla.90:C:\Documents and Settings\Alexandre\Application Data\Mozilla\Firefox\Profiles\gjue2y7f.Alex\cookies.txt -> TrackingCookie.Fastclick : Cleaned with backup
:mozilla.91:C:\Documents and Settings\Alexandre\Application Data\Mozilla\Firefox\Profiles\gjue2y7f.Alex\cookies.txt -> TrackingCookie.Fastclick : Cleaned with backup
:mozilla.93:C:\Documents and Settings\Alexandre\Application Data\Mozilla\Firefox\Profiles\gjue2y7f.Alex\cookies.txt -> TrackingCookie.Statcounter : Cleaned with backup
:mozilla.94:C:\Documents and Settings\Alexandre\Application Data\Mozilla\Firefox\Profiles\gjue2y7f.Alex\cookies.txt -> TrackingCookie.Atdmt : Cleaned with backup
:mozilla.108:C:\Documents and Settings\Alexandre\Application Data\Mozilla\Firefox\Profiles\gjue2y7f.Alex\cookies.txt -> TrackingCookie.Centrport : Cleaned with backup
:mozilla.112:C:\Documents and Settings\Alexandre\Application Data\Mozilla\Firefox\Profiles\gjue2y7f.Alex\cookies.txt -> TrackingCookie.Mediaplex : Cleaned with backup
:mozilla.113:C:\Documents and Settings\Alexandre\Application Data\Mozilla\Firefox\Profiles\gjue2y7f.Alex\cookies.txt -> TrackingCookie.Hitbox : Cleaned with backup
:mozilla.114:C:\Documents and Settings\Alexandre\Application Data\Mozilla\Firefox\Profiles\gjue2y7f.Alex\cookies.txt -> TrackingCookie.Hitbox : Cleaned with backup
:mozilla.117:C:\Documents and Settings\Alexandre\Application Data\Mozilla\Firefox\Profiles\gjue2y7f.Alex\cookies.txt -> TrackingCookie.Revenue : Cleaned with backup
:mozilla.118:C:\Documents and Settings\Alexandre\Application Data\Mozilla\Firefox\Profiles\gjue2y7f.Alex\cookies.txt -> TrackingCookie.Revenue : Cleaned with backup
:mozilla.119:C:\Documents and Settings\Alexandre\Application Data\Mozilla\Firefox\Profiles\gjue2y7f.Alex\cookies.txt -> TrackingCookie.Revenue : Cleaned with backup
:mozilla.120:C:\Documents and Settings\Alexandre\Application Data\Mozilla\Firefox\Profiles\gjue2y7f.Alex\cookies.txt -> TrackingCookie.247realmedia : Cleaned with backup
:mozilla.121:C:\Documents and Settings\Alexandre\Application Data\Mozilla\Firefox\Profiles\gjue2y7f.Alex\cookies.txt -> TrackingCookie.247realmedia : Cleaned with backup
:mozilla.122:C:\Documents and Settings\Alexandre\Application Data\Mozilla\Firefox\Profiles\gjue2y7f.Alex\cookies.txt -> TrackingCookie.247realmedia : Cleaned with backup
:mozilla.132:C:\Documents and Settings\Alexandre\Application Data\Mozilla\Firefox\Profiles\gjue2y7f.Alex\cookies.txt -> TrackingCookie.Trafficmp : Cleaned with backup
:mozilla.133:C:\Documents and Settings\Alexandre\Application Data\Mozilla\Firefox\Profiles\gjue2y7f.Alex\cookies.txt -> TrackingCookie.Trafficmp : Cleaned with backup
:mozilla.134:C:\Documents and Settings\Alexandre\Application Data\Mozilla\Firefox\Profiles\gjue2y7f.Alex\cookies.txt -> TrackingCookie.Trafficmp : Cleaned with backup
:mozilla.136:C:\Documents and Settings\Alexandre\Application Data\Mozilla\Firefox\Profiles\gjue2y7f.Alex\cookies.txt -> TrackingCookie.Trafficmp : Cleaned with backup
:mozilla.137:C:\Documents and Settings\Alexandre\Application Data\Mozilla\Firefox\Profiles\gjue2y7f.Alex\cookies.txt -> TrackingCookie.Trafficmp : Cleaned with backup
:mozilla.138:C:\Documents and Settings\Alexandre\Application Data\Mozilla\Firefox\Profiles\gjue2y7f.Alex\cookies.txt -> TrackingCookie.Trafficmp : Cleaned with backup
:mozilla.139:C:\Documents and Settings\Alexandre\Application Data\Mozilla\Firefox\Profiles\gjue2y7f.Alex\cookies.txt -> TrackingCookie.Trafficmp : Cleaned with backup
:mozilla.142:C:\Documents and Settings\Alexandre\Application Data\Mozilla\Firefox\Profiles\gjue2y7f.Alex\cookies.txt -> TrackingCookie.Trafficmp : Cleaned with backup
:mozilla.143:C:\Documents and Settings\Alexandre\Application Data\Mozilla\Firefox\Profiles\gjue2y7f.Alex\cookies.txt -> TrackingCookie.Sexcounter : Cleaned with backup
:mozilla.144:C:\Documents and Settings\Alexandre\Application Data\Mozilla\Firefox\Profiles\gjue2y7f.Alex\cookies.txt -> TrackingCookie.Sexcounter : Cleaned with backup
:mozilla.145:C:\Documents and Settings\Alexandre\Application Data\Mozilla\Firefox\Profiles\gjue2y7f.Alex\cookies.txt -> TrackingCookie.Sexcounter : Cleaned with backup
:mozilla.146:C:\Documents and Settings\Alexandre\Application Data\Mozilla\Firefox\Profiles\gjue2y7f.Alex\cookies.txt -> TrackingCookie.Sexcounter : Cleaned with backup
:mozilla.147:C:\Documents and Settings\Alexandre\Application Data\Mozilla\Firefox\Profiles\gjue2y7f.Alex\cookies.txt -> TrackingCookie.Sexcounter : Cleaned with backup
:mozilla.148:C:\Documents and Settings\Alexandre\Application Data\Mozilla\Firefox\Profiles\gjue2y7f.Alex\cookies.txt -> TrackingCookie.Sexcounter : Cleaned with backup
:mozilla.149:C:\Documents and Settings\Alexandre\Application Data\Mozilla\Firefox\Profiles\gjue2y7f.Alex\cookies.txt -> TrackingCookie.Sexcounter : Cleaned with backup
:mozilla.150:C:\Documents and Settings\Alexandre\Application Data\Mozilla\Firefox\Profiles\gjue2y7f.Alex\cookies.txt -> TrackingCookie.Sexcounter : Cleaned with backup
:mozilla.151:C:\Documents and Settings\Alexandre\Application Data\Mozilla\Firefox\Profiles\gjue2y7f.Alex\cookies.txt -> TrackingCookie.Sexcounter : Cleaned with backup
:mozilla.152:C:\Documents and Settings\Alexandre\Application Data\Mozilla\Firefox\Profiles\gjue2y7f.Alex\cookies.txt -> TrackingCookie.Sexcounter : Cleaned with backup
:mozilla.153:C:\Documents and Settings\Alexandre\Application Data\Mozilla\Firefox\Profiles\gjue2y7f.Alex\cookies.txt -> TrackingCookie.Sexcounter : Cleaned with backup
:mozilla.154:C:\Documents and Settings\Alexandre\Application Data\Mozilla\Firefox\Profiles\gjue2y7f.Alex\cookies.txt -> TrackingCookie.Sexcounter : Cleaned with backup
:mozilla.155:C:\Documents and Settings\Alexandre\Application Data\Mozilla\Firefox\Profiles\gjue2y7f.Alex\cookies.txt -> TrackingCookie.Sexcounter : Cleaned with backup
:mozilla.156:C:\Documents and Settings\Alexandre\Application Data\Mozilla\Firefox\Profiles\gjue2y7f.Alex\cookies.txt -> TrackingCookie.Sexcounter : Cleaned with backup
:mozilla.157:C:\Documents and Settings\Alexandre\Application Data\Mozilla\Firefox\Profiles\gjue2y7f.Alex\cookies.txt -> TrackingCookie.Sexcounter : Cleaned with backup
:mozilla.158:C:\Documents and Settings\Alexandre\Application Data\Mozilla\Firefox\Profiles\gjue2y7f.Alex\cookies.txt -> TrackingCookie.Sexcounter : Cleaned with backup
:mozilla.159:C:\Documents and Settings\Alexandre\Application Data\Mozilla\Firefox\Profiles\gjue2y7f.Alex\cookies.txt -> TrackingCookie.Sexcounter : Cleaned with backup
:mozilla.160:C:\Documents and Settings\Alexandre\Application Data\Mozilla\Firefox\Profiles\gjue2y7f.Alex\cookies.txt -> TrackingCookie.Sexcounter : Cleaned with backup
:mozilla.161:C:\Documents and Settings\Alexandre\Application Data\Mozilla\Firefox\Profiles\gjue2y7f.Alex\cookies.txt -> TrackingCookie.Sexcounter : Cleaned with backup
:mozilla.162:C:\Documents and Settings\Alexandre\Application Data\Mozilla\Firefox\Profiles\gjue2y7f.Alex\cookies.txt -> TrackingCookie.Sexcounter : Cleaned with backup
:mozilla.163:C:\Documents and Settings\Alexandre\Application Data\Mozilla\Firefox\Profiles\gjue2y7f.Alex\cookies.txt -> TrackingCookie.Sexcounter : Cleaned with backup
:mozilla.164:C:\Documents and Settings\Alexandre\Application Data\Mozilla\Firefox\Profiles\gjue2y7f.Alex\cookies.txt -> TrackingCookie.Sexcounter : Cleaned with backup
:mozilla.165:C:\Documents and Settings\Alexandre\Application Data\Mozilla\Firefox\Profiles\gjue2y7f.Alex\cookies.txt -> TrackingCookie.Sexcounter : Cleaned with backup
:mozilla.166:C:\Documents and Settings\Alexandre\Application Data\Mozilla\Firefox\Profiles\gjue2y7f.Alex\cookies.txt -> TrackingCookie.Sexcounter : Cleaned with backup
:mozilla.167:C:\Documents and Settings\Alexandre\Application Data\Mozilla\Firefox\Profiles\gjue2y7f.Alex\cookies.txt -> TrackingCookie.Sexcounter : Cleaned with backup
:mozilla.168:C:\Documents and Settings\Alexandre\Application Data\Mozilla\Firefox\Profiles\gjue2y7f.Alex\cookies.txt -> TrackingCookie.Sexcounter : Cleaned with backup
:mozilla.169:C:\Documents and Settings\Alexandre\Application Data\Mozilla\Firefox\Profiles\gjue2y7f.Alex\cookies.txt -> TrackingCookie.Sexcounter : Cleaned with backup
:mozilla.170:C:\Documents and Settings\Alexandre\Application Data\Mozilla\Firefox\Profiles\gjue2y7f.Alex\cookies.txt -> TrackingCookie.Sexcounter : Cleaned with backup
:mozilla.171:C:\Documents and Settings\Alexandre\Application Data\Mozilla\Firefox\Profiles\gjue2y7f.Alex\cookies.txt -> TrackingCookie.Sexcounter : Cleaned with backup
:mozilla.172:C:\Documents and Settings\Alexandre\Application Data\Mozilla\Firefox\Profiles\gjue2y7f.Alex\cookies.txt -> TrackingCookie.Sexcounter : Cleaned with backup
:mozilla.173:C:\Documents and Settings\Alexandre\Application Data\Mozilla\Firefox\Profiles\gjue2y7f.Alex\cookies.txt -> TrackingCookie.Sexcounter : Cleaned with backup
:mozilla.174:C:\Documents and Settings\Alexandre\Application Data\Mozilla\Firefox\Profiles\gjue2y7f.Alex\cookies.txt -> TrackingCookie.Sexcounter : Cleaned with backup
:mozilla.175:C:\Documents and Settings\Alexandre\Application Data\Mozilla\Firefox\Profiles\gjue2y7f.Alex\cookies.txt -> TrackingCookie.Sexcounter : Cleaned with backup
:mozilla.176:C:\Documents and Settings\Alexandre\Application Data\Mozilla\Firefox\Profiles\gjue2y7f.Alex\cookies.txt -> TrackingCookie.Sexcounter : Cleaned with backup
:mozilla.177:C:\Documents and Settings\Alexandre\Application Data\Mozilla\Firefox\Profiles\gjue2y7f.Alex\cookies.txt -> TrackingCookie.Sexcounter : Cleaned with backup
:mozilla.178:C:\Documents and Settings\Alexandre\Application Data\Mozilla\Firefox\Profiles\gjue2y7f.Alex\cookies.txt -> TrackingCookie.Sexcounter : Cleaned with backup
:mozilla.179:C:\Documents and Settings\Alexandre\Application Data\Mozilla\Firefox\Profiles\gjue2y7f.Alex\cookies.txt -> TrackingCookie.Sexcounter : Cleaned with backup
:mozilla.180:C:\Documents and Settings\Alexandre\Application Data\Mozilla\Firefox\Profiles\gjue2y7f.Alex\cookies.txt -> TrackingCookie.Sexcounter : Cleaned with backup
:mozilla.181:C:\Documents and Settings\Alexandre\Application Data\Mozilla\Firefox\Profiles\gjue2y7f.Alex\cookies.txt -> TrackingCookie.Sexcounter : Cleaned with backup
:mozilla.182:C:\Documents and Settings\Alexandre\Application Data\Mozilla\Firefox\Profiles\gjue2y7f.Alex\cookies.txt -> TrackingCookie.Sexcounter : Cleaned with backup
:mozilla.183:C:\Documents and Settings\Alexandre\Application Data\Mozilla\Firefox\Profiles\gjue2y7f.Alex\cookies.txt -> TrackingCookie.Sexcounter : Cleaned with backup
:mozilla.184:C:\Documents and Settings\Alexandre\Application Data\Mozilla\Firefox\Profiles\gjue2y7f.Alex\cookies.txt -> TrackingCookie.Sexcounter : Cleaned with backup
:mozilla.185:C:\Documents and Settings\Alexandre\Application Data\Mozilla\Firefox\Profiles\gjue2y7f.Alex\cookies.txt -> TrackingCookie.Sexcounter : Cleaned with backup
:mozilla.186:C:\Documents and Settings\Alexandre\Application Data\Mozilla\Firefox\Profiles\gjue2y7f.Alex\cookies.txt -> TrackingCookie.Sexcounter : Cleaned with backup
:mozilla.187:C:\Documents and Settings\Alexandre\Application Data\Mozilla\Firefox\Profiles\gjue2y7f.Alex\cookies.txt -> TrackingCookie.Sexcounter : Cleaned with backup
:mozilla.188:C:\Documents and Settings\Alexandre\Application Data\Mozilla\Firefox\Profiles\gjue2y7f.Alex\cookies.txt -> TrackingCookie.Sexcounter : Cleaned with backup
:mozilla.189:C:\Documents and Settings\Alexandre\Application Data\Mozilla\Firefox\Profiles\gjue2y7f.Alex\cookies.txt -> TrackingCookie.Sexcounter : Cleaned with backup
:mozilla.190:C:\Documents and Settings\Alexandre\Application Data\Mozilla\Firefox\Profiles\gjue2y7f.Alex\cookies.txt -> TrackingCookie.Sexcounter : Cleaned with backup
:mozilla.191:C:\Documents and Settings\Alexandre\Application Data\Mozilla\Firefox\Profiles\gjue2y7f.Alex\cookies.txt -> TrackingCookie.Sexcounter : Cleaned with backup
:mozilla.192:C:\Documents and Settings\Alexandre\Application Data\Mozilla\Firefox\Profiles\gjue2y7f.Alex\cookies.txt -> TrackingCookie.Sexcounter : Cleaned with backup
:mozilla.195:C:\Documents and Settings\Alexandre\Application Data\Mozilla\Firefox\Profiles\gjue2y7f.Alex\cookies.txt -> TrackingCookie.Sexlist : Cleaned with backup
:mozilla.196:C:\Documents and Settings\Alexandre\Application Data\Mozilla\Firefox\Profiles\gjue2y7f.Alex\cookies.txt -> TrackingCookie.Sexlist : Cleaned with backup
:mozilla.197:C:\Documents and Settings\Alexandre\Application Data\Mozilla\Firefox\Profiles\gjue2y7f.Alex\cookies.txt -> TrackingCookie.Sexlist : Cleaned with backup
:mozilla.198:C:\Documents and Settings\Alexandre\Application Data\Mozilla\Firefox\Profiles\gjue2y7f.Alex\cookies.txt -> TrackingCookie.Sexlist : Cleaned with backup
:mozilla.199:C:\Documents and Settings\Alexandre\Application Data\Mozilla\Firefox\Profiles\gjue2y7f.Alex\cookies.txt -> TrackingCookie.Sexlist : Cleaned with backup
:mozilla.200:C:\Documents and Settings\Alexandre\Application Data\Mozilla\Firefox\Profiles\gjue2y7f.Alex\cookies.txt -> TrackingCookie.Sexlist : Cleaned with backup
:mozilla.201:C:\Documents and Settings\Alexandre\Application Data\Mozilla\Firefox\Profiles\gjue2y7f.Alex\cookies.txt -> TrackingCookie.Sexlist : Cleaned with backup
:mozilla.202:C:\Documents and Settings\Alexandre\Application Data\Mozilla\Firefox\Profiles\gjue2y7f.Alex\cookies.txt -> TrackingCookie.Sexlist : Cleaned with backup
:mozilla.240:C:\Documents and Settings\Alexandre\Application Data\Mozilla\Firefox\Profiles\gjue2y7f.Alex\cookies.txt -> TrackingCookie.Paycounter : Cleaned with backup
:mozilla.260:C:\Documents and Settings\Alexandre\Application Data\Mozilla\Firefox\Profiles\gjue2y7f.Alex\cookies.txt -> TrackingCookie.Tacoda : Cleaned with backup
:mozilla.261:C:\Documents and Settings\Alexandre\Application Data\Mozilla\Firefox\Profiles\gjue2y7f.Alex\cookies.txt -> TrackingCookie.Burstnet : Cleaned with backup
:mozilla.262:C:\Documents and Settings\Alexandre\Application Data\Mozilla\Firefox\Profiles\gjue2y7f.Alex\cookies.txt -> TrackingCookie.Burstnet : Cleaned with backup
:mozilla.263:C:\Documents and Settings\Alexandre\Application Data\Mozilla\Firefox\Profiles\gjue2y7f.Alex\cookies.txt -> TrackingCookie.Tacoda : Cleaned with backup
:mozilla.264:C:\Documents and Settings\Alexandre\Application Data\Mozilla\Firefox\Profiles\gjue2y7f.Alex\cookies.txt -> TrackingCookie.Tacoda : Cleaned with backup
:mozilla.265:C:\Documents and Settings\Alexandre\Application Data\Mozilla\Firefox\Profiles\gjue2y7f.Alex\cookies.txt -> TrackingCookie.Burstbeacon : Cleaned with backup
:mozilla.268:C:\Documents and Settings\Alexandre\Application Data\Mozilla\Firefox\Profiles\gjue2y7f.Alex\cookies.txt -> TrackingCookie.Yadro : Cleaned with backup
:mozilla.278:C:\Documents and Settings\Alexandre\Application Data\Mozilla\Firefox\Profiles\gjue2y7f.Alex\cookies.txt -> TrackingCookie.Targetnet : Cleaned with backup
:mozilla.279:C:\Documents and Settings\Alexandre\Application Data\Mozilla\Firefox\Profiles\gjue2y7f.Alex\cookies.txt -> TrackingCookie.Targetnet : Cleaned with backup
:mozilla.290:C:\Documents and Settings\Alexandre\Application Data\Mozilla\Firefox\Profiles\gjue2y7f.Alex\cookies.txt -> TrackingCookie.Com : Cleaned with backup
:mozilla.314:C:\Documents and Settings\Alexandre\Application Data\Mozilla\Firefox\Profiles\gjue2y7f.Alex\cookies.txt -> TrackingCookie.Hitbox : Cleaned with backup
:mozilla.315:C:\Documents and Settings\Alexandre\Application Data\Mozilla\Firefox\Profiles\gjue2y7f.Alex\cookies.txt -> TrackingCookie.Hitbox : Cleaned with backup
:mozilla.321:C:\Documents and Settings\Alexandre\Application Data\Mozilla\Firefox\Profiles\gjue2y7f.Alex\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup
:mozilla.322:C:\Documents and Settings\Alexandre\Application Data\Mozilla\Firefox\Profiles\gjue2y7f.Alex\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup
:mozilla.329:C:\Documents and Settings\Alexandre\Application Data\Mozilla\Firefox\Profiles\gjue2y7f.Alex\cookies.txt -> TrackingCookie.Weborama : Cleaned with backup
:mozilla.330:C:\Documents and Settings\Alexandre\Application Data\Mozilla\Firefox\Profiles\gjue2y7f.Alex\cookies.txt -> TrackingCookie.Smartadserver : Cleaned with backup
:mozilla.331:C:\Documents and Settings\Alexandre\Application Data\Mozilla\Firefox\Profiles\gjue2y7f.Alex\cookies.txt -> TrackingCookie.Smartadserver : Cleaned with backup
:mozilla.332:C:\Documents and Settings\Alexandre\Application Data\Mozilla\Firefox\Profiles\gjue2y7f.Alex\cookies.txt -> TrackingCookie.Smartadserver : Cleaned with backup
:mozilla.350:C:\Documents and Settings\Alexandre\Application Data\Mozilla\Firefox\Profiles\gjue2y7f.Alex\cookies.txt -> TrackingCookie.Questionmarket : Cleaned with backup
:mozilla.351:C:\Documents and Settings\Alexandre\Application Data\Mozilla\Firefox\Profiles\gjue2y7f.Alex\cookies.txt -> TrackingCookie.Questionmarket : Cleaned with backup
:mozilla.352:C:\Documents and Settings\Alexandre\Application Data\Mozilla\Firefox\Profiles\gjue2y7f.Alex\cookies.txt -> TrackingCookie.Questionmarket : Cleaned with backup
:mozilla.353:C:\Documents and Settings\Alexandre\Application Data\Mozilla\Firefox\Profiles\gjue2y7f.Alex\cookies.txt -> TrackingCookie.Ru4 : Cleaned with backup
:mozilla.354:C:\Documents and Settings\Alexandre\Application Data\Mozilla\Firefox\Profiles\gjue2y7f.Alex\cookies.txt -> TrackingCookie.Ru4 : Cleaned with backup
:mozilla.365:C:\Documents and Settings\Alexandre\Application Data\Mozilla\Firefox\Profiles\gjue2y7f.Alex\cookies.txt -> TrackingCookie.Hitbox : Cleaned with backup
:mozilla.395:C:\Documents and Settings\Alexandre\Application Data\Mozilla\Firefox\Profiles\gjue2y7f.Alex\cookies.txt -> TrackingCookie.Serving-sys : Cleaned with backup
:mozilla.396:C:\Documents and Settings\Alexandre\Application Data\Mozilla\Firefox\Profiles\gjue2y7f.Alex\cookies.txt -> TrackingCookie.Serving-sys : Cleaned with backup
:mozilla.397:C:\Documents and Settings\Alexandre\Application Data\Mozilla\Firefox\Profiles\gjue2y7f.Alex\cookies.txt -> TrackingCookie.Serving-sys : Cleaned with backup
:mozilla.398:C:\Documents and Settings\Alexandre\Application Data\Mozilla\Firefox\Profiles\gjue2y7f.Alex\cookies.txt -> TrackingCookie.Serving-sys : Cleaned with backup
:mozilla.403:C:\Documents and Settings\Alexandre\Application Data\Mozilla\Firefox\Profiles\gjue2y7f.Alex\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup
:mozilla.409:C:\Documents and Settings\Alexandre\Application Data\Mozilla\Firefox\Profiles\gjue2y7f.Alex\cookies.txt -> TrackingCookie.Euroclick : Cleaned with backup
:mozilla.410:C:\Documents and Settings\Alexandre\Application Data\Mozilla\Firefox\Profiles\gjue2y7f.Alex\cookies.txt -> TrackingCookie.Euroclick : Cleaned with backup
:mozilla.411:C:\Documents and Settings\Alexandre\Application Data\Mozilla\Firefox\Profiles\gjue2y7f.Alex\cookies.txt -> TrackingCookie.Euroclick : Cleaned with backup
:mozilla.414:C:\Documents and Settings\Alexandre\Application Data\Mozilla\Firefox\Profiles\gjue2y7f.Alex\cookies.txt -> TrackingCookie.Liveperson : Cleaned with backup
:mozilla.415:C:\Documents and Settings\Alexandre\Application Data\Mozilla\Firefox\Profiles\gjue2y7f.Alex\cookies.txt -> TrackingCookie.Liveperson : Cleaned with backup
:mozilla.417:C:\Documents and Settings\Alexandre\Application Data\Mozilla\Firefox\Profiles\gjue2y7f.Alex\cookies.txt -> TrackingCookie.Liveperson : Cleaned with backup
:mozilla.443:C:\Documents and Settings\Alexandre\Application Data\Mozilla\Firefox\Profiles\gjue2y7f.Alex\cookies.txt -> TrackingCookie.Hitbox : Cleaned with backup
:mozilla.445:C:\Documents and Settings\Alexandre\Application Data\Mozilla\Firefox\Profiles\gjue2y7f.Alex\cookies.txt -> TrackingCookie.Qksrv : Cleaned with backup
:mozilla.448:C:\Documents and Settings\Alexandre\Application Data\Mozilla\Firefox\Profiles\gjue2y7f.Alex\cookies.txt -> TrackingCookie.Qksrv : Cleaned with backup
C:\Documents and Settings\Alexandre\Cookies\alexandre@aavalue[2].txt -> TrackingCookie.Aavalue : Cleaned with backup
C:\Documents and Settings\Alexandre\Cookies\alexandre@ad.yieldmanager[1].txt -> TrackingCookie.Yieldmanager : Cleaned with backup
C:\Documents and Settings\Alexandre\Cookies\alexandre@ads.realcastmedia[2].txt -> TrackingCookie.Realcastmedia : Cleaned with backup
C:\Documents and Settings\Alexandre\Cookies\alexandre@ads1.revenue[2].txt -> TrackingCookie.Revenue : Cleaned with backup
C:\Documents and Settings\Alexandre\Cookies\alexandre@atdmt[2].txt -> TrackingCookie.Atdmt : Cleaned with backup
C:\Documents and Settings\Alexandre\Cookies\alexandre@com[2].txt -> TrackingCookie.Com : Cleaned with backup
C:\Documents and Settings\Alexandre\Cookies\alexandre@doubleclick[1].txt -> TrackingCookie.Doubleclick : Cleaned with backup
C:\Documents and Settings\Alexandre\Cookies\alexandre@getmusicfree.aavalue[1].txt -> TrackingCookie.Aavalue : Cleaned with backup
C:\Documents and Settings\Alexandre\Cookies\alexandre@grouplotto.aavalue[2].txt -> TrackingCookie.Aavalue : Cleaned with backup
C:\Documents and Settings\Alexandre\Cookies\alexandre@h.starware[2].txt -> TrackingCookie.Starware : Cleaned with backup
C:\Documents and Settings\Alexandre\Cookies\alexandre@rotator.adjuggler[1].txt -> TrackingCookie.Adjuggler : Cleaned with backup
C:\Documents and Settings\Alexandre\Cookies\alexandre@www.starware[1].txt -> TrackingCookie.Starware : Cleaned with backup
C:\Documents and Settings\Fidele\Start Menu\Programs\Power Scan -> Adware.PowerScan : Cleaned with backup
C:\msn8ba.exe -> Heuristic.Win32.Morphine-Crypted : Cleaned with backup
C:\Program Files\FastTorrent\nngluz564.exe -> Adware.NewDotNet : Cleaned with backup
C:\Program Files\FastTorrent\TBGLZ127Q.exe -> Adware.Quick : Cleaned with backup
C:\RECYCLER\S-1-5-21-746137067-1637723038-839522115-1003\Dc9.exe -> Adware.NewDotNet : Cleaned with backup
C:\rez.exe -> Heuristic.Win32.Morphine-Crypted : Cleaned with backup
C:\WINDOWS\NDNuninstall6_90.exe -> Adware.NewDotNet : Cleaned with backup
C:\WINDOWS\NDNuninstall6_98.exe -> Adware.NewDotNet : Cleaned with backup
C:\WINDOWS\NDNuninstall7_14.exe -> Adware.NewDotNet : Cleaned with backup
C:\WINDOWS\NDNuninstall7_22.exe -> Adware.NewDotNet : Cleaned with backup

::Report End

-----------------------------------------------------------------

SmitFraudFix v2.53

Scan done at 13:46:51,10, 2006-06-02
Run from C:\Documents and Settings\Alexandre\Desktop\Smitfraudfix\SmitfraudFix
OS: Microsoft Windows XP [Version 5.1.2600] - Windows_NT
Fix ran in safe mode

»»»»»»»»»»»»»»»»»»»»»»»» Before SmitFraudFix
!!!Attention, following keys are not inevitably infected!!!

SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler]
"{0c7416f0-dd23-420f-97f5-aae352ea2bf1}"="glochid"

[HKEY_CLASSES_ROOT\CLSID\{0c7416f0-dd23-420f-97f5-aae352ea2bf1}\InProcServer32]
@="C:\WINDOWS\System32\wfkduei.dll"

[HKEY_CURRENT_USER\Software\Classes\CLSID\{0c7416f0-dd23-420f-97f5-aae352ea2bf1}\InProcServer32]
@="C:\WINDOWS\System32\wfkduei.dll"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler]
"{e5b1e382-817e-4b74-8a96-ec78751e6acf}"="incatenate"

[HKEY_CLASSES_ROOT\CLSID\{e5b1e382-817e-4b74-8a96-ec78751e6acf}\InProcServer32]
@="C:\WINDOWS\System32\imfdfcj.dll"

[HKEY_CURRENT_USER\Software\Classes\CLSID\{e5b1e382-817e-4b74-8a96-ec78751e6acf}\InProcServer32]
@="C:\WINDOWS\System32\imfdfcj.dll"

»»»»»»»»»»»»»»»»»»»»»»»» Killing process

»»»»»»»»»»»»»»»»»»»»»»»» Deleting infected files

C:\WINDOWS\q*_disk.dll Deleted
C:\WINDOWS\system32\atmclk.exe Deleted
C:\WINDOWS\system32\date.ico Deleted
C:\WINDOWS\system32\dcomcfg.exe Deleted
C:\WINDOWS\system32\hp???.tmp Deleted
C:\WINDOWS\system32\ld????.tmp Deleted
C:\WINDOWS\system32\network.ico Deleted
C:\WINDOWS\system32\ot.ico Deleted
C:\WINDOWS\system32\pharm.ico Deleted
C:\WINDOWS\system32\regperf.exe Deleted
C:\WINDOWS\system32\simpole.tlb Deleted
C:\WINDOWS\system32\spam.ico Deleted
C:\WINDOWS\system32\spyware.ico Deleted
C:\WINDOWS\system32\stdole3.tlb Deleted
C:\WINDOWS\system32\ts.ico Deleted
C:\WINDOWS\system32\wp.bmp Deleted
C:\WINDOWS\system32\1024\ Deleted
C:\DOCUME~1\ALEXAN~1\FAVORI~1\Antivirus Test Online.url Deleted

»»»»»»»»»»»»»»»»»»»»»»»» Generic Renos Fix

GenericRenosFix by S!Ri

C:\WINDOWS\System32\wfkduei.dll -> Missing File

C:\WINDOWS\System32\imfdfcj.dll -> Missing File

»»»»»»»»»»»»»»»»»»»»»»»» Deleting Temp Files

»»»»»»»»»»»»»»»»»»»»»»»» Registry Cleaning

HKLM\SOFTWARE\PSGuard.com Deleted

Registry Cleaning done.

»»»»»»»»»»»»»»»»»»»»»»»» After SmitFraudFix
!!!Attention, following keys are not inevitably infected!!!

SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll

»»»»»»»»»»»»»»»»»»»»»»»» Scanning wininet.dll

C:\WINDOWS\system32\wininet.dll infected !

Searching wininet.dll backup file...
C:\WINDOWS\$NtUninstallKB834707-IE6-20040929.115007$\wininet.dll
C:\WINDOWS\LastGood\System32\WININET.DLL
C:\WINDOWS\LastGood\System32\DllCache\WININET.DLL
C:\WINDOWS\LastGood.Tmp\System32\WININET.DLL
C:\WINDOWS\LastGood.Tmp\System32\DllCache\WININET.DLL
C:\WINDOWS\system32\wininet.dll
C:\WINDOWS\system32\dllcache\WININET.DLL

File Found : C:\WINDOWS\system32\dllcache\\wininet.dll
System Version : 6.0.2737.800
BackUp Version : 6.0.2737.800

Wininet.dll Remplacement (reboot necessary)

»»»»»»»»»»»»»»»»»»»»»»»» End

---------------------------------------------------------------

06/02/06 14:44:10 [Info]: BlackLight Engine 1.0.37 initialized
06/02/06 14:44:10 [Info]: OS: 5.1 build 2600 ()
06/02/06 14:44:10 [Note]: 7019 4
06/02/06 14:44:10 [Note]: 7005 0
06/02/06 14:44:17 [Note]: 7006 0
06/02/06 14:44:17 [Note]: 7011 1548
06/02/06 14:44:18 [Note]: 7026 0
06/02/06 14:44:18 [Note]: 7026 0
06/02/06 14:44:27 [Note]: FSRAW library version 1.7.1015
06/02/06 14:46:55 [Note]: 2000 1006
06/02/06 14:46:55 [Note]: 2000 1006
06/02/06 14:47:04 [Note]: 7007 0

-----------------------------------------------------------

Is this ok ? I'm free of malware and the virus i mentionned ? Looking for an answer :)

Thanks !

[ + quote]

JaPK

Senior Member

2. June 2006 @ 21:36

Link to this message

Ok looking quite good :)

Install a Firewall...

Fix this entry with HijackThis:

O2 - BHO: (no name) - {6ab7158b-4bff-4160-ad7d-4d622df548cf} - C:\WINDOWS\System32\hp100.tmp (file missing)

Open the folder SmitfraudFix and doubleclick smitfraudfix.cmd
Choose option #1 - Search by typing 1 and pressing "Enter"; a textfile opens and lists the infected files (if those exist)

Post the contents of this textfile to here.

You had so many infections there that you could run a one more scanner. This is because there might be something left behind.

Download eScan to your desktop -> http://www.spywareinfo.dk/download/mwav.exe
Run the file mwav.exe and unzip it to its default location, C:\Kaspersky

1. Updating the scanner (close the eScan window if open)
-> Go to My Computer
-> C:\
-> Kaspersky
-> Run the file kavupd.exe, it starts downloading updates
-> When downloading is finished, go to C:\Downloads
-> Copy all the files in the Downloads folder by pressing CTRL+A and then CTRL+C
-> Then go back to the C:\Kaspersky folder and paste the files by pressing CTRL+V
-> Answer Yes to all when it asks about replacing files
-> Now the scanner has been updated

2. Scanner settings
-> Go to folder C:\Kaspersky and run the file mwavscan.com (or mwavscan.exe)
-> The scanner window opens
-> Select the same settings than in this picture -> http://koti.mbnet.fi/pattaya1/eScan6.jpg
-> When ready, press the Scan Clean button
-> Scanning for infections begins

3. Posting the results
-> When the scan has finished (scan may take a quite long time), you'll need to post the findings
-> Copy all the text in this field -> http://koti.mbnet.fi/pattaya1/eScan10.jpg
-> Click the field, press CTRL+A, CTRL+C
-> Then open Notepad and paste the findings into a new document by pressing CTRL+V
-> Save the document to your desktop
-> Post the contents of that textfile to here

[ + quote]

I have moved from AD, I won''t be taking new HijackThis logs from here. Reason: The AD''s Unsupportive athmosphere.

This message has been edited since posting. Last time this message was edited on 2. June 2006 @ 21:36

metalgod

Newbie

3. June 2006 @ 11:00

Link to this message

Ok thanks a lot, i will do it when i'm home.. I'll be home tomorrow night, so i'll give you an update about it ! Thanks ;)

[ + quote]

metalgod

Newbie

4. June 2006 @ 20:18

Link to this message

Ok here's the logs:

Smitfraudfix:

SmitFraudFix v2.53

Scan done at 0:14:18,57, 2006-06-05
Run from C:\Documents and Settings\Alexandre\Desktop\Smitfraudfix\SmitfraudFix
OS: Microsoft Windows XP [Version 5.1.2600] - Windows_NT
Fix ran in normal mode

»»»»»»»»»»»»»»»»»»»»»»»» C:\

»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS

»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system

»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\Web

»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system32

»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system32\LogFiles

»»»»»»»»»»»»»»»»»»»»»»»» C:\Documents and Settings\Alexandre\Application Data

»»»»»»»»»»»»»»»»»»»»»»»» Start Menu

»»»»»»»»»»»»»»»»»»»»»»»» C:\DOCUME~1\ALEXAN~1\FAVORI~1

»»»»»»»»»»»»»»»»»»»»»»»» Desktop

»»»»»»»»»»»»»»»»»»»»»»»» C:\Program Files

»»»»»»»»»»»»»»»»»»»»»»»» Corrupted keys

»»»»»»»»»»»»»»»»»»»»»»»» Desktop Components

»»»»»»»»»»»»»»»»»»»»»»»» Sharedtaskscheduler
!!!Attention, following keys are not inevitably infected!!!

SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll

»»»»»»»»»»»»»»»»»»»»»»»» Scanning wininet.dll infection

»»»»»»»»»»»»»»»»»»»»»»»» End

--------------------------------------------------------------
--------------------------------------------------------------
eScan Anti-virus

File C:\Documents and Settings\Alexandre\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\count.jar-66caba6e-418afad0.zip infected by "Exploit.Java.ByteVerify" Virus. Action Taken: File Renamed.

File C:\Documents and Settings\Alexandre\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\javainstaller.jar-3cc46f89-28ca6e82.zip infected by "Trojan-Downloader.Java.OpenStream.w" Virus. Action Taken: File Deleted.

File C:\Documents and Settings\Alexandre\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\javainstaller.jar-5ad1bcbe-1504587e.zip infected by "Trojan-Downloader.Java.OpenStream.w" Virus. Action Taken: File Deleted.

That's it ? How does it look ?

And i had a question.. Wich anti-spyware/malware AND anti-virus should i use ?

Because you make me download a lot and all that.. I downloaded ZoneAlarm now, that's my firewall.. I'm using Avast! Antivirus, and i have like 4-5 anti-spyware/malware that you told me to download.. Wich ones i keep and use regularly and wich ones i delete ?

Thanks !

[ + quote]

JaPK

Senior Member

4. June 2006 @ 20:36

Link to this message

Ok looking quite good, please post a one more HijackThis log to here.

And you should at least keep a firewall and an antivirus.

Ewido is a good malware scanner too.

The other programs you can remove, most of them were just tools that we needed in the cleaning process.

So post a one more HjT log so I can verify that you're clean :)

[ + quote]

I have moved from AD, I won''t be taking new HijackThis logs from here. Reason: The AD''s Unsupportive athmosphere.

metalgod

Newbie

5. June 2006 @ 08:48

Link to this message

Logfile of HijackThis v1.99.1
Scan saved at 12:48:01, on 2006-06-05
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\Program Files\ewido anti-malware\ewidoctrl.exe
C:\Program Files\ewido anti-malware\ewidoguard.exe
C:\WINDOWS\runservice.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\PROGRA~1\MOZILL~1\FIREFOX.EXE
C:\HJT\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [anvshell] anvshell.exe
O4 - HKLM\..\Run: [LiveNote] livenote.exe
O4 - HKLM\..\Run: [AdaptecDirectCD] "C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [CloneCDTray] "C:\Program Files\SlySoft\CloneCD\CloneCDTray.exe" /s
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Zone Labs Client] C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
O4 - Startup: Eurobarre.lnk = ?
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab31...
O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab31267.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://spaces.msn.com//PhotoUpload/MsnPUpld.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://messenger.zone.msn.com/binary/ZIntro.cab32846.cab
O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/SolitaireShowdown.cab31267.cab
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido anti-malware\ewidoctrl.exe
O23 - Service: ewido security suite guard - ewido networks - C:\Program Files\ewido anti-malware\ewidoguard.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LicCtrl Service (LicCtrlService) - Unknown owner - C:\WINDOWS\runservice.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe

-----------------------

How does it look ?

[ + quote]

JaPK

Senior Member

5. June 2006 @ 10:48

Link to this message

You're clean :)

You should update your Windows and Internet Explorer by visiting Windows Update -> http://windowsupdate.microsoft.com
-> Firstly, install Service Pack 1 update
-> Reboot
-> Secondly, install Service back 2 update
-> Reboot
-> Thirdly, install all remaining important updates

You should update your Java (old version has all kinds of vulnerabilities)

1. Click "Start"-> "Control panel" -> Double-click Java icon (coffee cup)
2. Move to "Update" tab and update Java by clicking "Update Now". After that do a restart.
3. If you can't make automatic update, get new version manually from here -> http://java.sun.com/j2se/1.5.0/download.jsp
4. After updating, uninstall the old Java if found from Add/Remove Programs, named as J2SE Runtime Environment 5.0 Update 6
Now that you're clean, here are some tips how to stay clean.

-> Stand Up and Be Counted, Malware Complaints -> http://www.malwarecomplaints.info
The site offers people who have been (or are) victims of malware the opportunity to document their story and, in that way, launch a complaint against the malware and the makers of the malware.

-> Clear your system restore -> http://www.microsoft.com/windowsxp/using/helpandsupport/learnmore...
This will clear the system restore folders from possible malware that was left behind during the cleaning process. Remember to create a new restore point after the cleaning.

-> Use CCleaner -> http://www.ccleaner.com
Download and install CCleaner. Clean your registry and temporary files with it regularly.

-> Use Ad-Aware -> http://www.bleepingcomputer.com/forums/?showtutorial=48
Download and install Ad-Aware. Update it and scan your computer regularly with it.

-> Use Ewido -> http://www.ewido.net/en
Download and install Ewido. Update it and scan your computer regularly with it.

-> Install SpywareBlaster -> http://www.javacoolsoftware.com/spywareblaster.html
SpywareBlaster will prevent spyware from being installed to your computer.

-> Install MVPS Hosts file -> http://mvps.org/winhelp2002/hosts.htm
This prevents your computer from connecting to harmful sites.

-> Change your browser to Firefox -> http://www.mozilla.org
Firefox is faster, safer and quicker browser than Internet Explorer.

-> Keep your systen up-to-date -> http://windowsupdate.microsoft.com
Visit Windows Update regularly.

-> Keep your antivirus and firewall up-to-date
Scan your computer regularly with your antivirus.

-> Read this article by TonyKlein -> http://castlecops.com/postlite7736-.html
So how did I get infected in the first place?

Stay clean ;)

[ + quote]

I have moved from AD, I won''t be taking new HijackThis logs from here. Reason: The AD''s Unsupportive athmosphere.

metalgod

Newbie

5. June 2006 @ 10:51

Link to this message

THANKS so much man ! Now my computer's normal, everything's fine.. Better that than format my computer ;)

Thanks a lot

[ + quote]

JaPK

Senior Member

5. June 2006 @ 11:00

Link to this message

You're welcome :=)

[ + quote]

I have moved from AD, I won''t be taking new HijackThis logs from here. Reason: The AD''s Unsupportive athmosphere.

Start a new thread

afterdawn.com > forums > software, operating systems and more > windows - virus and spyware problems > win32:zlob-bm [trj]


		User name	Password

		Not registered yet? Register here. Lost your password? Click here.