logi

masa

Logfile of HijackThis v1.99.1
Scan saved at 12:08:33, on 12.12.2005
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\htpatch.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
C:\WINDOWS\System32\sistray.EXE
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\MessengerPlus! 3\MsgPlus1.exe
C:\Program Files\Java\jre1.5.0_04\bin\jusched.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\WINDOWS\System32\cmd32.exe
C:\WINDOWS\System32\ctfmon.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\Program Files\Messenger\msmsgs.exe
C:\winstall.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\Microsoft Office\Office\1035\OLFSNT40.EXE
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\WINDOWS\System32\z11.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\System32\wuauclt.exe
C:\Program Files\Adobe\Acrobat 7.0\Reader\AcroRd32.exe
C:\HJT\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.pakkotoisto.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = dna Internet Explorer
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,AutoConfigURL = http://paivitys.dnainternet.fi/yhteys/proxy.pac
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 10.98.16.24:8080
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Linkit
N3 - Netscape 7: user_pref("browser.search.defaultengine", "engine://C:\Program Files\Netscape\Netscape\searchplugins\SBWeb_01.src"); (C:\Documents and Settings\Matti\Application Data\Mozilla\Profiles\default\0400vye0.slt\prefs.js)
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [HTpatch] C:\WINDOWS\htpatch.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [AVG7_EMC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
O4 - HKLM\..\Run: [SiS Tray] C:\WINDOWS\System32\sistray.EXE
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [MessengerPlus3] "C:\Program Files\MessengerPlus! 3\MsgPlus1.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_04\bin\jusched.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [Zone Labs Client] C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
O4 - HKLM\..\Run: [ControlPanel] C:\WINDOWS\System32\cmd32.exe internat.dll,LoadKeyboardProfile
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [MessengerPlus3] "C:\Program Files\MessengerPlus! 3\MsgPlus1.exe" /WinStart
O4 - HKCU\..\Run: [Windows installer] C:\winstall.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: Symantec Fax Starter Edition Port.lnk = C:\Program Files\Microsoft Office\Office\1035\OLFSNT40.EXE
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1126708609436
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMessengerSetupDownloader.cab
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe

5

308

    Vastaukset

    Anonyymi (Kirjaudu / Rekisteröidy)
    5000
    • masa

      windowssi valittaa koko ajan että your computer is infected vaikkei ad-aware tai spybotti löydä mitään...

    • Fixaaja

      Fixaa HjT:llä (do a system scan only, merkkaa ja paina fix checked):

      O4 - HKCU\..\Run: [Windows installer] C:\winstall.exe

      Hae smitrem täältä -> http://noahdfear.geekstogo.com/click counter/click.php?id=1
      Tallenna työpöydälle ja tuplaklikkaa sitä, jolloin se luo smitRem-kansion työpöydälle.

      Hae ewido -> http://www.ewido.net/en/download

      Asenna ja päivitä se.

      Laita piilotiedostot näkyviin, ohje ->
      http://keskustelu.afterdawn.com/thread_view.cfm/248944

      Käynnistä vikasietotilaan (F8 käynnistyksen yhteydessä).

      Poista tämä:

      C:\==>winstall.exe

      • Juu

        Pari mörköö lisää,mutta Ewidon pitäs kyllä löytää ne

        C:\WINDOWS\System32\cmd32.exe
        C:\WINDOWS\System32\z11.exe


      • masa

        Nyt ainakin spyware ilmotus on kadonnut...tässä vielä nää jutut:

        Logfile of HijackThis v1.99.1
        Scan saved at 14:17:20, on 12.12.2005
        Platform: Windows XP SP1 (WinNT 5.01.2600)
        MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

        Running processes:
        C:\WINDOWS\System32\smss.exe
        C:\WINDOWS\system32\winlogon.exe
        C:\WINDOWS\system32\services.exe
        C:\WINDOWS\system32\lsass.exe
        C:\WINDOWS\system32\svchost.exe
        C:\WINDOWS\System32\svchost.exe
        C:\WINDOWS\system32\spoolsv.exe
        C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
        C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
        C:\Program Files\ewido\security suite\ewidoctrl.exe
        C:\Program Files\ewido\security suite\ewidoguard.exe
        C:\WINDOWS\system32\ZoneLabs\vsmon.exe
        C:\WINDOWS\Explorer.EXE
        C:\WINDOWS\htpatch.exe
        C:\WINDOWS\SOUNDMAN.EXE
        C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
        C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
        C:\WINDOWS\System32\sistray.EXE
        C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
        C:\Program Files\QuickTime\qttask.exe
        C:\Program Files\MessengerPlus! 3\MsgPlus1.exe
        C:\Program Files\Java\jre1.5.0_04\bin\jusched.exe
        C:\Program Files\Common Files\Real\Update_OB\realsched.exe
        C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
        C:\WINDOWS\System32\ctfmon.exe
        C:\Program Files\Messenger\msmsgs.exe
        C:\WINDOWS\System32\wuauclt.exe
        C:\Program Files\MSN Messenger\msnmsgr.exe
        C:\Program Files\Microsoft Office\Office\1035\OLFSNT40.EXE
        C:\Program Files\Internet Explorer\iexplore.exe
        C:\WINDOWS\System32\wuauclt.exe
        C:\HJT\HijackThis.exe

        R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.pakkotoisto.com/
        R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = dna Internet Explorer
        R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,AutoConfigURL = http://paivitys.dnainternet.fi/yhteys/proxy.pac
        R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 10.98.16.24:8080
        R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Linkit
        N3 - Netscape 7: user_pref("browser.search.defaultengine", "engine://C:\Program Files\Netscape\Netscape\searchplugins\SBWeb_01.src"); (C:\Documents and Settings\Matti\Application Data\Mozilla\Profiles\default\0400vye0.slt\prefs.js)
        O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
        O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
        O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
        O4 - HKLM\..\Run: [HTpatch] C:\WINDOWS\htpatch.exe
        O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
        O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
        O4 - HKLM\..\Run: [AVG7_EMC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
        O4 - HKLM\..\Run: [SiS Tray] C:\WINDOWS\System32\sistray.EXE
        O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
        O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
        O4 - HKLM\..\Run: [MessengerPlus3] "C:\Program Files\MessengerPlus! 3\MsgPlus1.exe"
        O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_04\bin\jusched.exe
        O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
        O4 - HKLM\..\Run: [Zone Labs Client] C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
        O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe
        O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
        O4 - HKCU\..\Run: [MessengerPlus3] "C:\Program Files\MessengerPlus! 3\MsgPlus1.exe" /WinStart
        O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
        O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
        O4 - Global Startup: Symantec Fax Starter Edition Port.lnk = C:\Program Files\Microsoft Office\Office\1035\OLFSNT40.EXE
        O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
        O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
        O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
        O9 - Extra 'Tools' menuitem: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
        O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
        O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1126708609436
        O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
        O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMessengerSetupDownloader.cab
        O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
        O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
        O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
        O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido\security suite\ewidoctrl.exe
        O23 - Service: ewido security suite guard - ewido networks - C:\Program Files\ewido\security suite\ewidoguard.exe
        O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
        O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
        O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe

        smitRem © log file
        version 2.8

        by noahdfear


        Microsoft Windows XP [versio 5.1.2600]

        ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

        checking for ShudderLTD key

        ShudderLTD key not present!

        checking for PSGuard.com key


        PSGuard.com key not present!

        spyaxe uninstaller NOT present
        ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

        Existing Pre-run Files


        ~~~ Program Files ~~~

        SpySheriff


        ~~~ Shortcuts ~~~

        Install.dat


        ~~~ Favorites ~~~



        ~~~ system32 folder ~~~



        ~~~ Icons in System32 ~~~



        ~~~ Windows directory ~~~

        desktop.html


        ~~~ Drive root ~~~


        ~~~ Miscellaneous Files/folders ~~~




        ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~



        Command Line Process Viewer/Killer/Suspender for Windows NT/2000/XP V2.03
        Copyright(C) 2002-2003 [email protected]
        Killing PID 736 'explorer.exe'
        Killing PID 736 'explorer.exe'

        Starting registry repairs

        Deleting files


        Remaining Post-run Files


        ~~~ Program Files ~~~



        ~~~ Shortcuts ~~~



        ~~~ Favorites ~~~



        ~~~ system32 folder ~~~



        ~~~ Icons in System32 ~~~



        ~~~ Windows directory ~~~



        ~~~ Drive root ~~~



        ~~~ Miscellaneous Files/folders ~~~




        ~~~ Wininet.dll ~~~

        CLEAN! :)

        ---------------------------------------------------------
        ewido security suite - Scan report
        ---------------------------------------------------------

        Created on:         14:08:47, 12.12.2005
        Report-Checksum:      8BD6CCFE

        Scan result:

           HKLM\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\WhenUSave -> Spyware.SaveNow : Cleaned with backup
           C:\Documents and Settings\Maija\Local Settings\Temp\dk.dial -> Trojan.Dialer.ay : Cleaned with backup
           C:\Documents and Settings\Matti\Cookies\matti@doubleclick[2].txt -> Spyware.Cookie.Doubleclick : Cleaned with backup
           C:\Documents and Settings\Matti\Cookies\matti@tradedoubler[1].txt -> Spyware.Cookie.Tradedoubler : Cleaned with backup
           C:\WINDOWS\system32\dial32.exe -> Trojan.Dialer.ay : Cleaned with backup
           C:\WINDOWS\system32\z11.exe -> Hijacker.Spywad.l : Cleaned with backup
           C:\WINDOWS\system32\z12.exe -> Downloader.Small.awa : Cleaned with backup


        ::Report End


      • Fixaaja
        masa kirjoitti:

        Nyt ainakin spyware ilmotus on kadonnut...tässä vielä nää jutut:

        Logfile of HijackThis v1.99.1
        Scan saved at 14:17:20, on 12.12.2005
        Platform: Windows XP SP1 (WinNT 5.01.2600)
        MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

        Running processes:
        C:\WINDOWS\System32\smss.exe
        C:\WINDOWS\system32\winlogon.exe
        C:\WINDOWS\system32\services.exe
        C:\WINDOWS\system32\lsass.exe
        C:\WINDOWS\system32\svchost.exe
        C:\WINDOWS\System32\svchost.exe
        C:\WINDOWS\system32\spoolsv.exe
        C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
        C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
        C:\Program Files\ewido\security suite\ewidoctrl.exe
        C:\Program Files\ewido\security suite\ewidoguard.exe
        C:\WINDOWS\system32\ZoneLabs\vsmon.exe
        C:\WINDOWS\Explorer.EXE
        C:\WINDOWS\htpatch.exe
        C:\WINDOWS\SOUNDMAN.EXE
        C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
        C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
        C:\WINDOWS\System32\sistray.EXE
        C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
        C:\Program Files\QuickTime\qttask.exe
        C:\Program Files\MessengerPlus! 3\MsgPlus1.exe
        C:\Program Files\Java\jre1.5.0_04\bin\jusched.exe
        C:\Program Files\Common Files\Real\Update_OB\realsched.exe
        C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
        C:\WINDOWS\System32\ctfmon.exe
        C:\Program Files\Messenger\msmsgs.exe
        C:\WINDOWS\System32\wuauclt.exe
        C:\Program Files\MSN Messenger\msnmsgr.exe
        C:\Program Files\Microsoft Office\Office\1035\OLFSNT40.EXE
        C:\Program Files\Internet Explorer\iexplore.exe
        C:\WINDOWS\System32\wuauclt.exe
        C:\HJT\HijackThis.exe

        R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.pakkotoisto.com/
        R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = dna Internet Explorer
        R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,AutoConfigURL = http://paivitys.dnainternet.fi/yhteys/proxy.pac
        R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 10.98.16.24:8080
        R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Linkit
        N3 - Netscape 7: user_pref("browser.search.defaultengine", "engine://C:\Program Files\Netscape\Netscape\searchplugins\SBWeb_01.src"); (C:\Documents and Settings\Matti\Application Data\Mozilla\Profiles\default\0400vye0.slt\prefs.js)
        O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
        O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
        O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
        O4 - HKLM\..\Run: [HTpatch] C:\WINDOWS\htpatch.exe
        O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
        O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
        O4 - HKLM\..\Run: [AVG7_EMC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
        O4 - HKLM\..\Run: [SiS Tray] C:\WINDOWS\System32\sistray.EXE
        O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
        O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
        O4 - HKLM\..\Run: [MessengerPlus3] "C:\Program Files\MessengerPlus! 3\MsgPlus1.exe"
        O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_04\bin\jusched.exe
        O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
        O4 - HKLM\..\Run: [Zone Labs Client] C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
        O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe
        O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
        O4 - HKCU\..\Run: [MessengerPlus3] "C:\Program Files\MessengerPlus! 3\MsgPlus1.exe" /WinStart
        O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
        O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
        O4 - Global Startup: Symantec Fax Starter Edition Port.lnk = C:\Program Files\Microsoft Office\Office\1035\OLFSNT40.EXE
        O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
        O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
        O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
        O9 - Extra 'Tools' menuitem: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
        O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
        O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1126708609436
        O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
        O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMessengerSetupDownloader.cab
        O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
        O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
        O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
        O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido\security suite\ewidoctrl.exe
        O23 - Service: ewido security suite guard - ewido networks - C:\Program Files\ewido\security suite\ewidoguard.exe
        O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
        O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
        O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe

        smitRem © log file
        version 2.8

        by noahdfear


        Microsoft Windows XP [versio 5.1.2600]

        ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

        checking for ShudderLTD key

        ShudderLTD key not present!

        checking for PSGuard.com key


        PSGuard.com key not present!

        spyaxe uninstaller NOT present
        ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

        Existing Pre-run Files


        ~~~ Program Files ~~~

        SpySheriff


        ~~~ Shortcuts ~~~

        Install.dat


        ~~~ Favorites ~~~



        ~~~ system32 folder ~~~



        ~~~ Icons in System32 ~~~



        ~~~ Windows directory ~~~

        desktop.html


        ~~~ Drive root ~~~


        ~~~ Miscellaneous Files/folders ~~~




        ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~



        Command Line Process Viewer/Killer/Suspender for Windows NT/2000/XP V2.03
        Copyright(C) 2002-2003 [email protected]
        Killing PID 736 'explorer.exe'
        Killing PID 736 'explorer.exe'

        Starting registry repairs

        Deleting files


        Remaining Post-run Files


        ~~~ Program Files ~~~



        ~~~ Shortcuts ~~~



        ~~~ Favorites ~~~



        ~~~ system32 folder ~~~



        ~~~ Icons in System32 ~~~



        ~~~ Windows directory ~~~



        ~~~ Drive root ~~~



        ~~~ Miscellaneous Files/folders ~~~




        ~~~ Wininet.dll ~~~

        CLEAN! :)

        ---------------------------------------------------------
        ewido security suite - Scan report
        ---------------------------------------------------------

        Created on:         14:08:47, 12.12.2005
        Report-Checksum:      8BD6CCFE

        Scan result:

           HKLM\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\WhenUSave -> Spyware.SaveNow : Cleaned with backup
           C:\Documents and Settings\Maija\Local Settings\Temp\dk.dial -> Trojan.Dialer.ay : Cleaned with backup
           C:\Documents and Settings\Matti\Cookies\matti@doubleclick[2].txt -> Spyware.Cookie.Doubleclick : Cleaned with backup
           C:\Documents and Settings\Matti\Cookies\matti@tradedoubler[1].txt -> Spyware.Cookie.Tradedoubler : Cleaned with backup
           C:\WINDOWS\system32\dial32.exe -> Trojan.Dialer.ay : Cleaned with backup
           C:\WINDOWS\system32\z11.exe -> Hijacker.Spywad.l : Cleaned with backup
           C:\WINDOWS\system32\z12.exe -> Downloader.Small.awa : Cleaned with backup


        ::Report End

        Hyvältä näyttää.

        Katso,löytyykö vielä tämä -> C:\windows\system32\==>cmd32.exe


    Ketjusta on poistettu 0 sääntöjenvastaista viestiä.

    Luetuimmat keskustelut

    1. Riikan kukkaronnyöri on umpisolmussa

      Kulutus ei lähde liikkeelle, koska kansalaiset eivät usko, että: – työpaikka säilyy – tulot eivät romahda – talous ei h
      Maailman menoa
      64
      4231
    2. Kuka paiskasi vauvan betoniin Oulussa?

      Nimi esiin.....
      Oulu
      67
      4181
    3. Jos vedetään mutkat suoraksi?

      Niin kumpaan ryhmään kuulut? A) Niihin, jotka menevät edellä ja tekevät? Vai B) Niihin, jotka kulkevat perässä ja ar
      Sinkut
      107
      2900
    4. Tanskan malli perustuu korkeaan ansioturvaan

      Ja vahvoihin työllisyys- ja kotoutumispalveluihin. Suomessa Riikka on leikannut juuri näitä: palkkatukea, työttömyysturv
      Maailman menoa
      55
      2782
    5. Vain vasemmistolaiset ovat aitoja suomalaisia

      Esimerkiksi persut ovat ulkomaalaisen pääomasijoittajan edunvalvojia, eivät auta köyhiä suomalaisia.
      Maailman menoa
      55
      1992
    6. Epäily: Räppäri yritti tappaa vauvansa.

      https://www.mtvuutiset.fi/artikkeli/epaily-mies-yritti-tappaa-vauvansa/9300728 Tämä on erittäin järkyttävä teko täysin p
      Maailman menoa
      21
      1989
    7. Anteeksipyyntöni

      Jätän tähän anteeksipyyntöni sinulle, koska en voi sanoa sitä missään muuallakaan. Pyydän anteeksi, jos purkamani tuska
      Järki ja tunteet
      15
      1669
    8. Miten must tuntuu

      et sä ajattelet mua just nyt
      Ikävä
      32
      1503
    9. Sydämeni valtiaalle

      En täältä aio asioita kysellä. Haluan tuoda tiedoksesi, että pohjimmiltani en ihmisiä tahdo satuttaa ja ajattelen muiden
      Ikävä
      109
      1343
    10. Kun et vain tajua että

      sua lähestytään feikkiprofiililla :D Hanki aivot :D m-n
      Ikävä
      180
      1271
    Aihe