DANGER:SPYVARE

ffffffffffffffff

Työpöydän päälle on ilmestynyt punaisella pohjalla vilkkuva Danger Spyware....mitä tarkoittaa ja miten saan pois ??

Mistä/miten saan koneen loki tiedot tänne?

6

880

    Vastaukset

    Anonyymi (Kirjaudu / Rekisteröidy)
    5000
    • Fixaaja
      • ois se

        Logfile of HijackThis v1.99.1
        Scan saved at 18:12:57, on 12.12.2005
        Platform: Windows XP SP1 (WinNT 5.01.2600)
        MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

        Running processes:
        C:\WINDOWS\System32\smss.exe
        C:\WINDOWS\system32\csrss.exe
        C:\WINDOWS\system32\winlogon.exe
        C:\WINDOWS\system32\services.exe
        C:\WINDOWS\system32\lsass.exe
        C:\WINDOWS\System32\Ati2evxx.exe
        C:\WINDOWS\system32\svchost.exe
        C:\WINDOWS\System32\svchost.exe
        C:\WINDOWS\System32\svchost.exe
        C:\WINDOWS\System32\svchost.exe
        C:\WINDOWS\system32\spoolsv.exe
        C:\WINDOWS\system32\Ati2evxx.exe
        C:\WINDOWS\Explorer.EXE
        C:\Program Files\D-Tools\daemon.exe
        C:\WINDOWS\System32\svcnet.exe
        C:\WINDOWS\System32\sndcfg16.exe
        C:\Program Files\iTunes\iTunesHelper.exe
        C:\Program Files\QuickTime\qttask.exe
        C:\Program Files\MediaGateway\MediaGateway.exe
        C:\Program Files\MSN Messenger\MsnMsgr.Exe
        C:\WINDOWS\System32\sywsvcs.exe
        D:\Ohjelmat\InterVideo\Common\Bin\WinCinemaMgr.exe
        C:\WINDOWS\System32\alg.exe
        C:\WINDOWS\YWFzaQ\command.exe
        C:\Program Files\Bonjour\mDNSResponder.exe
        C:\Program Files\iPod\bin\iPodService.exe
        C:\WINDOWS\Explorer.EXE
        E:\hämähäkkitorjuntaa\HIJACKTHIS\HijackThis.exe

        R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.fi/
        R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = local.,
        R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Linkit
        O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
        O2 - BHO: ST - {9394EDE7-C8B5-483E-8773-474BF36AF6E4} - C:\Program Files\MSN Apps\ST\01.03.0000.1005\en-xu\stmain.dll
        O2 - BHO: MSNToolBandBHO - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\01.02.4000.1001\fi\msntb.dll
        O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\system32\msdxm.ocx
        O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\01.02.4000.1001\fi\msntb.dll
        O3 - Toolbar: Zango Toolbar - {EA0D26BD-9029-431A-86E0-83152D67828A} - C:\Program Files\Zango Programs\Zango Toolbar\ZangoTB.dll
        O4 - HKLM\..\Run: [AtiPTA] atiptaxx.exe
        O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
        O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
        O4 - HKLM\..\Run: [DAEMON Tools-1033] "C:\Program Files\D-Tools\daemon.exe" -lang 1033
        O4 - HKLM\..\Run: [Shellapi32] svcnet.exe
        O4 - HKLM\..\Run: [WinProfile] sndcfg16.exe
        O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
        O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
        O4 - HKLM\..\Run: [links] links.exe
        O4 - HKLM\..\Run: [WinHound] C:\Program Files\WinHound\WinHound.exe
        O4 - HKLM\..\Run: [yaemu.exe] C:\WINDOWS\System32\yaemu.exe
        O4 - HKLM\..\Run: [MediaGateway] C:\Program Files\MediaGateway\MediaGateway.exe
        O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
        O4 - HKLM\..\RunServices: [WinProfile] sndcfg16.exe
        O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
        O4 - HKCU\..\Run: [Shellapi32] svcnet.exe
        O4 - HKCU\..\Run: [Steam] E:\pelit\hl2\\Steam.exe -silent
        O4 - HKCU\..\Run: [aupd] C:\WINDOWS\System32\sywsvcs.exe
        O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
        O4 - Global Startup: InterVideo WinCinema Manager.lnk = D:\Ohjelmat\InterVideo\Common\Bin\WinCinemaMgr.exe
        O8 - Extra context menu item: Vie Microsoft E&xceliin - res://D:\Ohjelmat\MICROS~1\Office10\EXCEL.EXE/3000
        O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
        O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
        O10 - Unknown file in Winsock LSP: c:\program files\bonjour\mdnsnsp.dll
        O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupdate.microsoft.com/v5consumer/V5Controls/en/x86/client/wuweb_site.cab?1102938678674
        O16 - DPF: {8FCDF9D9-A28B-480F-8C3D-581F119A8AB8} (MediaGatewayX) - http://static.zangocash.com/cab/Zango/ie/bridge-c46.cab
        O17 - HKLM\System\CCS\Services\Tcpip\..\{345A921B-85B2-43B3-8796-2D25D83F5116}: NameServer = 85.255.114.30,85.255.112.85
        O17 - HKLM\System\CCS\Services\Tcpip\..\{49627008-FF73-4E29-AC14-6BDA0C2D350A}: NameServer = 85.255.114.30,85.255.112.85
        O17 - HKLM\System\CCS\Services\Tcpip\..\{6DFDDB90-0DB1-4A86-B091-0D549C864A8C}: NameServer = 85.255.114.30,85.255.112.85
        O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
        O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\System32\Ati2evxx.exe
        O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
        O23 - Service: Bonjour-palvelu (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
        O23 - Service: Command Service (cmdService) - Unknown owner - C:\WINDOWS\YWFzaQ\command.exe
        O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
        O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
        O23 - Service: RadClock - Unknown owner - C:\WINDOWS\system32\RadClock.exe


      • Fixaaja
        ois se kirjoitti:

        Logfile of HijackThis v1.99.1
        Scan saved at 18:12:57, on 12.12.2005
        Platform: Windows XP SP1 (WinNT 5.01.2600)
        MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

        Running processes:
        C:\WINDOWS\System32\smss.exe
        C:\WINDOWS\system32\csrss.exe
        C:\WINDOWS\system32\winlogon.exe
        C:\WINDOWS\system32\services.exe
        C:\WINDOWS\system32\lsass.exe
        C:\WINDOWS\System32\Ati2evxx.exe
        C:\WINDOWS\system32\svchost.exe
        C:\WINDOWS\System32\svchost.exe
        C:\WINDOWS\System32\svchost.exe
        C:\WINDOWS\System32\svchost.exe
        C:\WINDOWS\system32\spoolsv.exe
        C:\WINDOWS\system32\Ati2evxx.exe
        C:\WINDOWS\Explorer.EXE
        C:\Program Files\D-Tools\daemon.exe
        C:\WINDOWS\System32\svcnet.exe
        C:\WINDOWS\System32\sndcfg16.exe
        C:\Program Files\iTunes\iTunesHelper.exe
        C:\Program Files\QuickTime\qttask.exe
        C:\Program Files\MediaGateway\MediaGateway.exe
        C:\Program Files\MSN Messenger\MsnMsgr.Exe
        C:\WINDOWS\System32\sywsvcs.exe
        D:\Ohjelmat\InterVideo\Common\Bin\WinCinemaMgr.exe
        C:\WINDOWS\System32\alg.exe
        C:\WINDOWS\YWFzaQ\command.exe
        C:\Program Files\Bonjour\mDNSResponder.exe
        C:\Program Files\iPod\bin\iPodService.exe
        C:\WINDOWS\Explorer.EXE
        E:\hämähäkkitorjuntaa\HIJACKTHIS\HijackThis.exe

        R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.fi/
        R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = local.,
        R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Linkit
        O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
        O2 - BHO: ST - {9394EDE7-C8B5-483E-8773-474BF36AF6E4} - C:\Program Files\MSN Apps\ST\01.03.0000.1005\en-xu\stmain.dll
        O2 - BHO: MSNToolBandBHO - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\01.02.4000.1001\fi\msntb.dll
        O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\system32\msdxm.ocx
        O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\01.02.4000.1001\fi\msntb.dll
        O3 - Toolbar: Zango Toolbar - {EA0D26BD-9029-431A-86E0-83152D67828A} - C:\Program Files\Zango Programs\Zango Toolbar\ZangoTB.dll
        O4 - HKLM\..\Run: [AtiPTA] atiptaxx.exe
        O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
        O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
        O4 - HKLM\..\Run: [DAEMON Tools-1033] "C:\Program Files\D-Tools\daemon.exe" -lang 1033
        O4 - HKLM\..\Run: [Shellapi32] svcnet.exe
        O4 - HKLM\..\Run: [WinProfile] sndcfg16.exe
        O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
        O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
        O4 - HKLM\..\Run: [links] links.exe
        O4 - HKLM\..\Run: [WinHound] C:\Program Files\WinHound\WinHound.exe
        O4 - HKLM\..\Run: [yaemu.exe] C:\WINDOWS\System32\yaemu.exe
        O4 - HKLM\..\Run: [MediaGateway] C:\Program Files\MediaGateway\MediaGateway.exe
        O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
        O4 - HKLM\..\RunServices: [WinProfile] sndcfg16.exe
        O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
        O4 - HKCU\..\Run: [Shellapi32] svcnet.exe
        O4 - HKCU\..\Run: [Steam] E:\pelit\hl2\\Steam.exe -silent
        O4 - HKCU\..\Run: [aupd] C:\WINDOWS\System32\sywsvcs.exe
        O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
        O4 - Global Startup: InterVideo WinCinema Manager.lnk = D:\Ohjelmat\InterVideo\Common\Bin\WinCinemaMgr.exe
        O8 - Extra context menu item: Vie Microsoft E&xceliin - res://D:\Ohjelmat\MICROS~1\Office10\EXCEL.EXE/3000
        O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
        O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
        O10 - Unknown file in Winsock LSP: c:\program files\bonjour\mdnsnsp.dll
        O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupdate.microsoft.com/v5consumer/V5Controls/en/x86/client/wuweb_site.cab?1102938678674
        O16 - DPF: {8FCDF9D9-A28B-480F-8C3D-581F119A8AB8} (MediaGatewayX) - http://static.zangocash.com/cab/Zango/ie/bridge-c46.cab
        O17 - HKLM\System\CCS\Services\Tcpip\..\{345A921B-85B2-43B3-8796-2D25D83F5116}: NameServer = 85.255.114.30,85.255.112.85
        O17 - HKLM\System\CCS\Services\Tcpip\..\{49627008-FF73-4E29-AC14-6BDA0C2D350A}: NameServer = 85.255.114.30,85.255.112.85
        O17 - HKLM\System\CCS\Services\Tcpip\..\{6DFDDB90-0DB1-4A86-B091-0D549C864A8C}: NameServer = 85.255.114.30,85.255.112.85
        O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
        O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\System32\Ati2evxx.exe
        O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
        O23 - Service: Bonjour-palvelu (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
        O23 - Service: Command Service (cmdService) - Unknown owner - C:\WINDOWS\YWFzaQ\command.exe
        O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
        O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
        O23 - Service: RadClock - Unknown owner - C:\WINDOWS\system32\RadClock.exe

        Poista lisää/poista sovellus-kohdasta, jos näkyy:

        Media Gateway
        WinHound
        Zango Toolbar

        Fixaa HjT:llä (do a system scan only, merkkaa ja paina fix checked):

        O3 - Toolbar: Zango Toolbar - {EA0D26BD-9029-431A-86E0-83152D67828A} - C:\Program Files\Zango Programs\Zango Toolbar\ZangoTB.dll
        O4 - HKLM\..\Run: [Shellapi32] svcnet.exe
        O4 - HKLM\..\Run: [WinProfile] sndcfg16.exe
        O4 - HKLM\..\Run: [links] links.exe
        O4 - HKLM\..\Run: [WinHound] C:\Program Files\WinHound\WinHound.exe
        O4 - HKLM\..\Run: [yaemu.exe] C:\WINDOWS\System32\yaemu.exe
        O4 - HKLM\..\Run: [MediaGateway] C:\Program Files\MediaGateway\MediaGateway.exe
        O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
        O4 - HKLM\..\RunServices: [WinProfile] sndcfg16.exe
        O4 - HKCU\..\Run: [Shellapi32] svcnet.exe
        O4 - HKCU\..\Run: [aupd] C:\WINDOWS\System32\sywsvcs.exe
        O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
        O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm http://static.zangocash.com/cab/Zango/ie/bridge-c46.cab
        O17 - HKLM\System\CCS\Services\Tcpip\..\{345A921B-85B2-43B3-8796-2D25D83F5116}: NameServer = 85.255.114.30,85.255.112.85
        O17 - HKLM\System\CCS\Services\Tcpip\..\{49627008-FF73-4E29-AC14-6BDA0C2D350A}: NameServer = 85.255.114.30,85.255.112.85
        O17 - HKLM\System\CCS\Services\Tcpip\..\{6DFDDB90-0DB1-4A86-B091-0D549C864A8C}: NameServer = 85.255.114.30,85.255.112.85
        O23 - Service: Command Service (cmdService) - Unknown owner - C:\WINDOWS\YWFzaQ\command.exe

        Sitten käynnistä -> suorita -> services.msc.
        Etsi listalta Command Service, tuplaklikkaa, paina seis ja valitse käynnistymistavaksi ei käytössä.

        Laita piilotiedostot näkyviin, ohje ->
        http://keskustelu.afterdawn.com/thread_view.cfm/248944

        Hae fixwareout -> http://downloads.subratam.org/Fixwareout.exe
        Tallenna johonkin hakemistoon ja käynnistä se. Seuraa ohjeita, käynnistä kone uudestaan kun fixi pyytää sitä. Fixi avaa HjT:n. Sulje se.

        Hae ewido -> http://www.ewido.net/en/download

        Asenna ja päivitä.

        Käynnistä vikasietotilaan (F8 käynnistyksen yhteydessä)

        Poista nämä:

        C:\Program Files\==>MediaGatewaysywsvcs.exeZango ProgramsYWFzaQ


      • uus logi
        Fixaaja kirjoitti:

        Poista lisää/poista sovellus-kohdasta, jos näkyy:

        Media Gateway
        WinHound
        Zango Toolbar

        Fixaa HjT:llä (do a system scan only, merkkaa ja paina fix checked):

        O3 - Toolbar: Zango Toolbar - {EA0D26BD-9029-431A-86E0-83152D67828A} - C:\Program Files\Zango Programs\Zango Toolbar\ZangoTB.dll
        O4 - HKLM\..\Run: [Shellapi32] svcnet.exe
        O4 - HKLM\..\Run: [WinProfile] sndcfg16.exe
        O4 - HKLM\..\Run: [links] links.exe
        O4 - HKLM\..\Run: [WinHound] C:\Program Files\WinHound\WinHound.exe
        O4 - HKLM\..\Run: [yaemu.exe] C:\WINDOWS\System32\yaemu.exe
        O4 - HKLM\..\Run: [MediaGateway] C:\Program Files\MediaGateway\MediaGateway.exe
        O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
        O4 - HKLM\..\RunServices: [WinProfile] sndcfg16.exe
        O4 - HKCU\..\Run: [Shellapi32] svcnet.exe
        O4 - HKCU\..\Run: [aupd] C:\WINDOWS\System32\sywsvcs.exe
        O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
        O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm http://static.zangocash.com/cab/Zango/ie/bridge-c46.cab
        O17 - HKLM\System\CCS\Services\Tcpip\..\{345A921B-85B2-43B3-8796-2D25D83F5116}: NameServer = 85.255.114.30,85.255.112.85
        O17 - HKLM\System\CCS\Services\Tcpip\..\{49627008-FF73-4E29-AC14-6BDA0C2D350A}: NameServer = 85.255.114.30,85.255.112.85
        O17 - HKLM\System\CCS\Services\Tcpip\..\{6DFDDB90-0DB1-4A86-B091-0D549C864A8C}: NameServer = 85.255.114.30,85.255.112.85
        O23 - Service: Command Service (cmdService) - Unknown owner - C:\WINDOWS\YWFzaQ\command.exe

        Sitten käynnistä -> suorita -> services.msc.
        Etsi listalta Command Service, tuplaklikkaa, paina seis ja valitse käynnistymistavaksi ei käytössä.

        Laita piilotiedostot näkyviin, ohje ->
        http://keskustelu.afterdawn.com/thread_view.cfm/248944

        Hae fixwareout -> http://downloads.subratam.org/Fixwareout.exe
        Tallenna johonkin hakemistoon ja käynnistä se. Seuraa ohjeita, käynnistä kone uudestaan kun fixi pyytää sitä. Fixi avaa HjT:n. Sulje se.

        Hae ewido -> http://www.ewido.net/en/download

        Asenna ja päivitä.

        Käynnistä vikasietotilaan (F8 käynnistyksen yhteydessä)

        Poista nämä:

        C:\Program Files\==>MediaGatewaysywsvcs.exeZango ProgramsYWFzaQ

        tiedosto:
        Logfile of HijackThis v1.99.1

        Running processes:
        C:\WINDOWS\System32\smss.exe
        C:\WINDOWS\system32\winlogon.exe
        C:\WINDOWS\system32\services.exe
        C:\WINDOWS\system32\lsass.exe
        C:\WINDOWS\System32\Ati2evxx.exe
        C:\WINDOWS\system32\svchost.exe
        C:\WINDOWS\System32\svchost.exe
        C:\WINDOWS\system32\spoolsv.exe
        C:\WINDOWS\system32\Ati2evxx.exe
        C:\WINDOWS\Explorer.EXE
        C:\Program Files\iTunes\iTunesHelper.exe
        C:\Program Files\QuickTime\qttask.exe
        D:\Ohjelmat\InterVideo\Common\Bin\WinCinemaMgr.exe
        C:\Program Files\ewido\security suite\ewidoctrl.exe
        C:\Program Files\ewido\security suite\ewidoguard.exe
        C:\Program Files\Bonjour\mDNSResponder.exe
        C:\Program Files\iPod\bin\iPodService.exe
        C:\WINDOWS\Explorer.EXE
        C:\WINDOWS\system32\NOTEPAD.EXE
        E:\hämähäkkitorjuntaa\HIJACKTHIS\HijackThis.exe

        R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = local.,
        R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Linkit
        O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
        O2 - BHO: ST - {9394EDE7-C8B5-483E-8773-474BF36AF6E4} - C:\Program Files\MSN Apps\ST\01.03.0000.1005\en-xu\stmain.dll
        O2 - BHO: MSNToolBandBHO - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\01.02.4000.1001\fi\msntb.dll
        O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\system32\msdxm.ocx
        O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\01.02.4000.1001\fi\msntb.dll
        O3 - Toolbar: Zango Toolbar - {EA0D26BD-9029-431A-86E0-83152D67828A} - C:\Program Files\Zango Programs\Zango Toolbar\ZangoTB.dll (file missing)
        O4 - HKLM\..\Run: [AtiPTA] atiptaxx.exe
        O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
        O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
        O4 - HKLM\..\Run: [DAEMON Tools-1033] "C:\Program Files\D-Tools\daemon.exe" -lang 1033
        O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
        O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
        O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
        O4 - HKCU\..\Run: [Shellapi32] svcnet.exe
        O4 - HKCU\..\Run: [Steam] E:\pelit\hl2\\Steam.exe -silent
        O4 - HKCU\..\Run: [aupd] C:\WINDOWS\System32\sywsvcs.exe
        O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
        O4 - Global Startup: InterVideo WinCinema Manager.lnk = D:\Ohjelmat\InterVideo\Common\Bin\WinCinemaMgr.exe
        O8 - Extra context menu item: Vie Microsoft E&xceliin - res://D:\Ohjelmat\MICROS~1\Office10\EXCEL.EXE/3000
        O10 - Unknown file in Winsock LSP: c:\program files\bonjour\mdnsnsp.dll
        O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupdate.microsoft.com/v5consumer/V5Controls/en/x86/client/wuweb_site.cab?1102938678674
        O16 - DPF: {8FCDF9D9-A28B-480F-8C3D-581F119A8AB8} (MediaGatewayX) - http://static.zangocash.com/cab/Zango/ie/bridge-c46.cab
        O17 - HKLM\System\CCS\Services\Tcpip\..\{345A921B-85B2-43B3-8796-2D25D83F5116}: NameServer = 85.255.114.30,85.255.112.85
        O17 - HKLM\System\CCS\Services\Tcpip\..\{49627008-FF73-4E29-AC14-6BDA0C2D350A}: NameServer = 85.255.114.30,85.255.112.85
        O17 - HKLM\System\CCS\Services\Tcpip\..\{6DFDDB90-0DB1-4A86-B091-0D549C864A8C}: NameServer = 85.255.114.30,85.255.112.85
        O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
        O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\System32\Ati2evxx.exe
        O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
        O23 - Service: Bonjour-palvelu (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
        O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido\security suite\ewidoctrl.exe
        O23 - Service: ewido security suite guard - ewido networks - C:\Program Files\ewido\security suite\ewidoguard.exe
        O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
        O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
        O23 - Service: RadClock - Unknown owner - C:\WINDOWS\system32\RadClock.exe

        ----------------------------------------------
        ------------------------------------------------
        ------------------------------------------------
        ===>:Fixwareout ver 1.003
        Last edited
        Post this report in the forums please

        Reg Entries that were deleted
        HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\repiwoh
        HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Urls\repiwoh
        HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Urls\ypszr
        HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Urls\daolnwodi
        HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Urls\x0brks
        HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Urls\lavinraCputeS

        PLEASE NOTE THAT ALL FILES FOUND BY THIS METHOD ARE NOT BAD FILES, There WILL be LEGIT FILES LISTED. IF YOU ARE UNSURE OF WHAT IT IS LEAVE THEM ALONE.

        »»»»» Search by size and names...
        C:\WINDOWS\SYSTEM32\CSIOL.EXE
        C:\WINDOWS\SYSTEM32\ENCODEX.EXE

        »»»»» Misc files

        »»»»» Checking for older varients covered by the Rem3 tool
        ---------------------------------------------------------------------------------------------------------------------------------------------------

        EWIDO LÖYSI JOTAIN 3000 saastunutta tiedostoa. mutta en viittiny kaikkia laittaa tänne...tässä tärkeimmät.

        ewido security suite - Scan report
        ---------------------------------------------------------

        Created on:         
        Report-Checksum:      

        Scan result:

           HKLM\SOFTWARE\Classes\CLSID\{357A87ED-3E5D-437d-B334-DEB7EB4982A3} -> Trojan.Agent.eo : Cleaned with backup
           HKLM\SOFTWARE\Microsoft\Internet Explorer\Extensions\{c95fe080-8f5d-11d2-a20b-00aa003c157a} -> Spyware.Alexa : Cleaned with backup
           HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Internet Update\{357A87ED-3E5D-437d-B334-DEB7EB4982A3} -> Trojan.Agent.eo : Cleaned with backup
           :mozilla.7:C:\Documents and Settings\aasi\Application Data\Mozilla\Firefox\Profiles\1317fxqf.default\cookies.txt -> Spyware.Cookie.Atdmt : Cleaned with backup
           :mozilla.17:C:\Documents and Settings\aasi\Application Data\Mozilla\Firefox\Profiles\1317fxqf.default\cookies.txt -> Spyware.Cookie.Statcounter : Cleaned with backup
           :mozilla.19:C:\Documents and Settings\aasi\Application Data\Mozilla\Firefox\Profiles\1317fxqf.default\cookies.txt -> Spyware.Cookie.Statcounter : Cleaned with backup
           :mozilla.38:C:\Documents and Settings\aasi\Application Data\Mozilla\Firefox\Profiles\1317fxqf.default\cookies.txt -> Spyware.Cookie.Spylog : Cleaned with backup
           :mozilla.46:C:\Documents and Settings\aasi\Application Data\Mozilla\Firefox\Profiles\1317fxqf.default\cookies.txt -> Spyware.Cookie.Tribalfusion : Cleaned with backup
           :mozilla.48:C:\Documents and Settings\aasi\Application Data\Mozilla\Firefox\Profiles\1317fxqf.default\cookies.txt -> Spyware.Cookie.Yieldmanager : Cleaned with backup
           :mozilla.49:C:\Documents and Settings\aasi\Application Data\Mozilla\Firefox\Profiles\1317fxqf.default\cookies.txt -> Spyware.Cookie.Yieldmanager : Cleaned with backup
           :mozilla.50:C:\Documents and Settings\aasi\Application Data\Mozilla\Firefox\Profiles\1317fxqf.default\cookies.txt -> Spyware.Cookie.Yieldmanager : Cleaned with backup
           :mozilla.51:C:\Documents and Settings\aasi\Application Data\Mozilla\Firefox\Profiles\1317fxqf.default\cookies.txt -> Spyware.Cookie.Yieldmanager : Cleaned with backup
           :mozilla.52:C:\Documents and Settings\aasi\Application Data\Mozilla\Firefox\Profiles\1317fxqf.default\cookies.txt -> Spyware.Cookie.Targetnet : Cleaned with backup
           :mozilla.53:C:\Documents and Settings\aasi\Application Data\Mozilla\Firefox\Profiles\1317fxqf.default\cookies.txt -> Spyware.Cookie.Yieldmanager : Cleaned with backup
           :mozilla.54:C:\Documents and Settings\aasi\Application Data\Mozilla\Firefox\Profiles\1317fxqf.default\cookies.txt -> Spyware.Cookie.Casalemedia : Cleaned with backup
           :mozilla.55:C:\Documents and Settings\aasi\Application Data\Mozilla\Firefox\Profiles\1317fxqf.default\cookies.txt -> Spyware.Cookie.Casalemedia : Cleaned with backup
           :mozilla.56:C:\Documents and Settings\aasi\Application Data\Mozilla\Firefox\Profiles\1317fxqf.default\cookies.txt -> Spyware.Cookie.Casalemedia : Cleaned with backup
           :mozilla.58:C:\Documents and Settings\aasi\Application Data\Mozilla\Firefox\Profiles\1317fxqf.default\cookies.txt -> Spyware.Cookie.Trafficmp : Cleaned with backup
           :mozilla.59:C:\Documents and Settings\aasi\Application Data\Mozilla\Firefox\Profiles\1317fxqf.default\cookies.txt -> Spyware.Cookie.Trafficmp : Cleaned with backup
           :mozilla.60:C:\Documents and Settings\aasi\Application Data\Mozilla\Firefox\Profiles\1317fxqf.default\cookies.txt -> Spyware.Cookie.Trafficmp : Cleaned with backup
           :mozilla.61:C:\Documents and Settings\aasi\Application Data\Mozilla\Firefox\Profiles\1317fxqf.default\cookies.txt -> Spyware.Cookie.Trafficmp : Cleaned with backup
           :mozilla.62:C:\Documents and Settings\aasi\Application Data\Mozilla\Firefox\Profiles\1317fxqf.default\cookies.txt -> Spyware.Cookie.Trafficmp : Cleaned with backup
           :mozilla.63:C:\Documents and Settings\aasi\Application Data\Mozilla\Firefox\Profiles\1317fxqf.default\cookies.txt -> Spyware.Cookie.Trafficmp : Cleaned with backup
           :mozilla.64:C:\Documents and Settings\aasi\Application Data\Mozilla\Firefox\Profiles\1317fxqf.default\cookies.txt -> Spyware.Cookie.Trafficmp : Cleaned with backup
           :mozilla.66:C:\Documents and Settings\aasi\Application Data\Mozilla\Firefox\Profiles\1317fxqf.default\cookies.txt -> Spyware.Cookie.Tradedoubler : Cleaned with backup
           :mozilla.67:C:\Documents and Settings\aasi\Application Data\Mozilla\Firefox\Profiles\1317fxqf.default\cookies.txt -> Spyware.Cookie.Masterstats : Cleaned with backup
           :mozilla.69:C:\Documents and Settings\aasi\Application Data\Mozilla\Firefox\Profiles\1317fxqf.default\cookies.txt -> Spyware.Cookie.Googleadservices : Cleaned with backup
           :mozilla.72:C:\Documents and Settings\aasi\Application Data\Mozilla\Firefox\Profiles\1317fxqf.default\cookies.txt -> Spyware.Cookie.Overture : Cleaned with backup
           :mozilla.73:C:\Documents and Settings\aasi\Application Data\Mozilla\Firefox\Profiles\1317fxqf.default\cookies.txt -> Spyware.Cookie.Googleadservices : Cleaned with backup
           :mozilla.6:C:\Documents and Settings\aasi\Application Data\Phoenix\Profiles\default\2ppbnei9.slt\cookies.txt -> Spyware.Cookie.Sextracker : Cleaned with backup
           :mozilla.7:C:\Documents and Settings\aasi\Application Data\Phoenix\Profiles\default\2ppbnei9.slt\cookies.txt -> Spyware.Cookie.Sextracker : Cleaned with backup
           :mozilla.10:C:\Documents and Settings\aasi\Application Data\Phoenix\Profiles\default\2ppbnei9.slt\cookies.txt -> Spyware.Cookie.Sexlist : Cleaned with backup
           :mozilla.17:C:\Documents and Settings\aasi\Application Data\Phoenix\Profiles\default\2ppbnei9.slt\cookies.txt -> Spyware.Cookie.Atdmt : Cleaned with backup
           :mozilla.18:C:\Documents and Settings\aasi\Application Data\Phoenix\Profiles\default\2ppbnei9.slt\cookies.txt -> Spyware.Cookie.Yieldmanager : Cleaned with backup
           :mozilla.27:C:\Documents and Settings\aasi\Application Data\Phoenix\Profiles\default\2ppbnei9.slt\cookies.txt -> Spyware.Cookie.Adtech : Cleaned with backup
           :mozilla.28:C:\Documents and Settings\aasi\Application Data\Phoenix\Profiles\default\2ppbnei9.slt\cookies.txt -> Spyware.Cookie.Adtech : Cleaned with backup
           C:\Documents and Settings\aasi\Local Settings\Temp\Del1A.tmp -> Spyware.180Solutions : Cleaned with backup
           


      • Fixaaja
        uus logi kirjoitti:

        tiedosto:
        Logfile of HijackThis v1.99.1

        Running processes:
        C:\WINDOWS\System32\smss.exe
        C:\WINDOWS\system32\winlogon.exe
        C:\WINDOWS\system32\services.exe
        C:\WINDOWS\system32\lsass.exe
        C:\WINDOWS\System32\Ati2evxx.exe
        C:\WINDOWS\system32\svchost.exe
        C:\WINDOWS\System32\svchost.exe
        C:\WINDOWS\system32\spoolsv.exe
        C:\WINDOWS\system32\Ati2evxx.exe
        C:\WINDOWS\Explorer.EXE
        C:\Program Files\iTunes\iTunesHelper.exe
        C:\Program Files\QuickTime\qttask.exe
        D:\Ohjelmat\InterVideo\Common\Bin\WinCinemaMgr.exe
        C:\Program Files\ewido\security suite\ewidoctrl.exe
        C:\Program Files\ewido\security suite\ewidoguard.exe
        C:\Program Files\Bonjour\mDNSResponder.exe
        C:\Program Files\iPod\bin\iPodService.exe
        C:\WINDOWS\Explorer.EXE
        C:\WINDOWS\system32\NOTEPAD.EXE
        E:\hämähäkkitorjuntaa\HIJACKTHIS\HijackThis.exe

        R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = local.,
        R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Linkit
        O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
        O2 - BHO: ST - {9394EDE7-C8B5-483E-8773-474BF36AF6E4} - C:\Program Files\MSN Apps\ST\01.03.0000.1005\en-xu\stmain.dll
        O2 - BHO: MSNToolBandBHO - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\01.02.4000.1001\fi\msntb.dll
        O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\system32\msdxm.ocx
        O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\01.02.4000.1001\fi\msntb.dll
        O3 - Toolbar: Zango Toolbar - {EA0D26BD-9029-431A-86E0-83152D67828A} - C:\Program Files\Zango Programs\Zango Toolbar\ZangoTB.dll (file missing)
        O4 - HKLM\..\Run: [AtiPTA] atiptaxx.exe
        O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
        O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
        O4 - HKLM\..\Run: [DAEMON Tools-1033] "C:\Program Files\D-Tools\daemon.exe" -lang 1033
        O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
        O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
        O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
        O4 - HKCU\..\Run: [Shellapi32] svcnet.exe
        O4 - HKCU\..\Run: [Steam] E:\pelit\hl2\\Steam.exe -silent
        O4 - HKCU\..\Run: [aupd] C:\WINDOWS\System32\sywsvcs.exe
        O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
        O4 - Global Startup: InterVideo WinCinema Manager.lnk = D:\Ohjelmat\InterVideo\Common\Bin\WinCinemaMgr.exe
        O8 - Extra context menu item: Vie Microsoft E&xceliin - res://D:\Ohjelmat\MICROS~1\Office10\EXCEL.EXE/3000
        O10 - Unknown file in Winsock LSP: c:\program files\bonjour\mdnsnsp.dll
        O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupdate.microsoft.com/v5consumer/V5Controls/en/x86/client/wuweb_site.cab?1102938678674
        O16 - DPF: {8FCDF9D9-A28B-480F-8C3D-581F119A8AB8} (MediaGatewayX) - http://static.zangocash.com/cab/Zango/ie/bridge-c46.cab
        O17 - HKLM\System\CCS\Services\Tcpip\..\{345A921B-85B2-43B3-8796-2D25D83F5116}: NameServer = 85.255.114.30,85.255.112.85
        O17 - HKLM\System\CCS\Services\Tcpip\..\{49627008-FF73-4E29-AC14-6BDA0C2D350A}: NameServer = 85.255.114.30,85.255.112.85
        O17 - HKLM\System\CCS\Services\Tcpip\..\{6DFDDB90-0DB1-4A86-B091-0D549C864A8C}: NameServer = 85.255.114.30,85.255.112.85
        O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
        O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\System32\Ati2evxx.exe
        O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
        O23 - Service: Bonjour-palvelu (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
        O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido\security suite\ewidoctrl.exe
        O23 - Service: ewido security suite guard - ewido networks - C:\Program Files\ewido\security suite\ewidoguard.exe
        O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
        O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
        O23 - Service: RadClock - Unknown owner - C:\WINDOWS\system32\RadClock.exe

        ----------------------------------------------
        ------------------------------------------------
        ------------------------------------------------
        ===>:Fixwareout ver 1.003
        Last edited
        Post this report in the forums please

        Reg Entries that were deleted
        HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\repiwoh
        HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Urls\repiwoh
        HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Urls\ypszr
        HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Urls\daolnwodi
        HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Urls\x0brks
        HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Urls\lavinraCputeS

        PLEASE NOTE THAT ALL FILES FOUND BY THIS METHOD ARE NOT BAD FILES, There WILL be LEGIT FILES LISTED. IF YOU ARE UNSURE OF WHAT IT IS LEAVE THEM ALONE.

        »»»»» Search by size and names...
        C:\WINDOWS\SYSTEM32\CSIOL.EXE
        C:\WINDOWS\SYSTEM32\ENCODEX.EXE

        »»»»» Misc files

        »»»»» Checking for older varients covered by the Rem3 tool
        ---------------------------------------------------------------------------------------------------------------------------------------------------

        EWIDO LÖYSI JOTAIN 3000 saastunutta tiedostoa. mutta en viittiny kaikkia laittaa tänne...tässä tärkeimmät.

        ewido security suite - Scan report
        ---------------------------------------------------------

        Created on:         
        Report-Checksum:      

        Scan result:

           HKLM\SOFTWARE\Classes\CLSID\{357A87ED-3E5D-437d-B334-DEB7EB4982A3} -> Trojan.Agent.eo : Cleaned with backup
           HKLM\SOFTWARE\Microsoft\Internet Explorer\Extensions\{c95fe080-8f5d-11d2-a20b-00aa003c157a} -> Spyware.Alexa : Cleaned with backup
           HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Internet Update\{357A87ED-3E5D-437d-B334-DEB7EB4982A3} -> Trojan.Agent.eo : Cleaned with backup
           :mozilla.7:C:\Documents and Settings\aasi\Application Data\Mozilla\Firefox\Profiles\1317fxqf.default\cookies.txt -> Spyware.Cookie.Atdmt : Cleaned with backup
           :mozilla.17:C:\Documents and Settings\aasi\Application Data\Mozilla\Firefox\Profiles\1317fxqf.default\cookies.txt -> Spyware.Cookie.Statcounter : Cleaned with backup
           :mozilla.19:C:\Documents and Settings\aasi\Application Data\Mozilla\Firefox\Profiles\1317fxqf.default\cookies.txt -> Spyware.Cookie.Statcounter : Cleaned with backup
           :mozilla.38:C:\Documents and Settings\aasi\Application Data\Mozilla\Firefox\Profiles\1317fxqf.default\cookies.txt -> Spyware.Cookie.Spylog : Cleaned with backup
           :mozilla.46:C:\Documents and Settings\aasi\Application Data\Mozilla\Firefox\Profiles\1317fxqf.default\cookies.txt -> Spyware.Cookie.Tribalfusion : Cleaned with backup
           :mozilla.48:C:\Documents and Settings\aasi\Application Data\Mozilla\Firefox\Profiles\1317fxqf.default\cookies.txt -> Spyware.Cookie.Yieldmanager : Cleaned with backup
           :mozilla.49:C:\Documents and Settings\aasi\Application Data\Mozilla\Firefox\Profiles\1317fxqf.default\cookies.txt -> Spyware.Cookie.Yieldmanager : Cleaned with backup
           :mozilla.50:C:\Documents and Settings\aasi\Application Data\Mozilla\Firefox\Profiles\1317fxqf.default\cookies.txt -> Spyware.Cookie.Yieldmanager : Cleaned with backup
           :mozilla.51:C:\Documents and Settings\aasi\Application Data\Mozilla\Firefox\Profiles\1317fxqf.default\cookies.txt -> Spyware.Cookie.Yieldmanager : Cleaned with backup
           :mozilla.52:C:\Documents and Settings\aasi\Application Data\Mozilla\Firefox\Profiles\1317fxqf.default\cookies.txt -> Spyware.Cookie.Targetnet : Cleaned with backup
           :mozilla.53:C:\Documents and Settings\aasi\Application Data\Mozilla\Firefox\Profiles\1317fxqf.default\cookies.txt -> Spyware.Cookie.Yieldmanager : Cleaned with backup
           :mozilla.54:C:\Documents and Settings\aasi\Application Data\Mozilla\Firefox\Profiles\1317fxqf.default\cookies.txt -> Spyware.Cookie.Casalemedia : Cleaned with backup
           :mozilla.55:C:\Documents and Settings\aasi\Application Data\Mozilla\Firefox\Profiles\1317fxqf.default\cookies.txt -> Spyware.Cookie.Casalemedia : Cleaned with backup
           :mozilla.56:C:\Documents and Settings\aasi\Application Data\Mozilla\Firefox\Profiles\1317fxqf.default\cookies.txt -> Spyware.Cookie.Casalemedia : Cleaned with backup
           :mozilla.58:C:\Documents and Settings\aasi\Application Data\Mozilla\Firefox\Profiles\1317fxqf.default\cookies.txt -> Spyware.Cookie.Trafficmp : Cleaned with backup
           :mozilla.59:C:\Documents and Settings\aasi\Application Data\Mozilla\Firefox\Profiles\1317fxqf.default\cookies.txt -> Spyware.Cookie.Trafficmp : Cleaned with backup
           :mozilla.60:C:\Documents and Settings\aasi\Application Data\Mozilla\Firefox\Profiles\1317fxqf.default\cookies.txt -> Spyware.Cookie.Trafficmp : Cleaned with backup
           :mozilla.61:C:\Documents and Settings\aasi\Application Data\Mozilla\Firefox\Profiles\1317fxqf.default\cookies.txt -> Spyware.Cookie.Trafficmp : Cleaned with backup
           :mozilla.62:C:\Documents and Settings\aasi\Application Data\Mozilla\Firefox\Profiles\1317fxqf.default\cookies.txt -> Spyware.Cookie.Trafficmp : Cleaned with backup
           :mozilla.63:C:\Documents and Settings\aasi\Application Data\Mozilla\Firefox\Profiles\1317fxqf.default\cookies.txt -> Spyware.Cookie.Trafficmp : Cleaned with backup
           :mozilla.64:C:\Documents and Settings\aasi\Application Data\Mozilla\Firefox\Profiles\1317fxqf.default\cookies.txt -> Spyware.Cookie.Trafficmp : Cleaned with backup
           :mozilla.66:C:\Documents and Settings\aasi\Application Data\Mozilla\Firefox\Profiles\1317fxqf.default\cookies.txt -> Spyware.Cookie.Tradedoubler : Cleaned with backup
           :mozilla.67:C:\Documents and Settings\aasi\Application Data\Mozilla\Firefox\Profiles\1317fxqf.default\cookies.txt -> Spyware.Cookie.Masterstats : Cleaned with backup
           :mozilla.69:C:\Documents and Settings\aasi\Application Data\Mozilla\Firefox\Profiles\1317fxqf.default\cookies.txt -> Spyware.Cookie.Googleadservices : Cleaned with backup
           :mozilla.72:C:\Documents and Settings\aasi\Application Data\Mozilla\Firefox\Profiles\1317fxqf.default\cookies.txt -> Spyware.Cookie.Overture : Cleaned with backup
           :mozilla.73:C:\Documents and Settings\aasi\Application Data\Mozilla\Firefox\Profiles\1317fxqf.default\cookies.txt -> Spyware.Cookie.Googleadservices : Cleaned with backup
           :mozilla.6:C:\Documents and Settings\aasi\Application Data\Phoenix\Profiles\default\2ppbnei9.slt\cookies.txt -> Spyware.Cookie.Sextracker : Cleaned with backup
           :mozilla.7:C:\Documents and Settings\aasi\Application Data\Phoenix\Profiles\default\2ppbnei9.slt\cookies.txt -> Spyware.Cookie.Sextracker : Cleaned with backup
           :mozilla.10:C:\Documents and Settings\aasi\Application Data\Phoenix\Profiles\default\2ppbnei9.slt\cookies.txt -> Spyware.Cookie.Sexlist : Cleaned with backup
           :mozilla.17:C:\Documents and Settings\aasi\Application Data\Phoenix\Profiles\default\2ppbnei9.slt\cookies.txt -> Spyware.Cookie.Atdmt : Cleaned with backup
           :mozilla.18:C:\Documents and Settings\aasi\Application Data\Phoenix\Profiles\default\2ppbnei9.slt\cookies.txt -> Spyware.Cookie.Yieldmanager : Cleaned with backup
           :mozilla.27:C:\Documents and Settings\aasi\Application Data\Phoenix\Profiles\default\2ppbnei9.slt\cookies.txt -> Spyware.Cookie.Adtech : Cleaned with backup
           :mozilla.28:C:\Documents and Settings\aasi\Application Data\Phoenix\Profiles\default\2ppbnei9.slt\cookies.txt -> Spyware.Cookie.Adtech : Cleaned with backup
           C:\Documents and Settings\aasi\Local Settings\Temp\Del1A.tmp -> Spyware.180Solutions : Cleaned with backup
           

        En ihmettele yhtään, WareOut on roskaimuri.
        Ja tuossa oli vaan enimmäkseen evästeitä, tuskin ne tärkeimmät ;)

        Fixaa HjT:llä:

        O3 - Toolbar: Zango Toolbar - {EA0D26BD-9029-431A-86E0-83152D67828A} - C:\Program Files\Zango Programs\Zango Toolbar\ZangoTB.dll (file missing)
        O4 - HKCU\..\Run: [Shellapi32] svcnet.exe
        O4 - HKCU\..\Run: [aupd] C:\WINDOWS\System32\sywsvcs.exe
        O16 - DPF: {8FCDF9D9-A28B-480F-8C3D-581F119A8AB8} (MediaGatewayX) - http://static.zangocash.com/cab/Zango/ie/bridge-c46.cab
        O17 - HKLM\System\CCS\Services\Tcpip\..\{345A921B-85B2-43B3-8796-2D25D83F5116}: NameServer = 85.255.114.30,85.255.112.85
        O17 - HKLM\System\CCS\Services\Tcpip\..\{49627008-FF73-4E29-AC14-6BDA0C2D350A}: NameServer = 85.255.114.30,85.255.112.85
        O17 - HKLM\System\CCS\Services\Tcpip\..\{6DFDDB90-0DB1-4A86-B091-0D549C864A8C}: NameServer = 85.255.114.30,85.255.112.85

        Käynnistä vikasietotilaan ja poista:

        C:\WINDOWS\SYSTEM32\==>CSIOL.EXEENCODEX.EXE
        http://www.funkytoad.com/download/hoster.zip

        Pura zippi ja tuplaklikkaa hoster.exe

        Paina "Restore original hosts" ja ok.

        Lähetä uusi HjT-loki.


      • ole koneella
        Fixaaja kirjoitti:

        En ihmettele yhtään, WareOut on roskaimuri.
        Ja tuossa oli vaan enimmäkseen evästeitä, tuskin ne tärkeimmät ;)

        Fixaa HjT:llä:

        O3 - Toolbar: Zango Toolbar - {EA0D26BD-9029-431A-86E0-83152D67828A} - C:\Program Files\Zango Programs\Zango Toolbar\ZangoTB.dll (file missing)
        O4 - HKCU\..\Run: [Shellapi32] svcnet.exe
        O4 - HKCU\..\Run: [aupd] C:\WINDOWS\System32\sywsvcs.exe
        O16 - DPF: {8FCDF9D9-A28B-480F-8C3D-581F119A8AB8} (MediaGatewayX) - http://static.zangocash.com/cab/Zango/ie/bridge-c46.cab
        O17 - HKLM\System\CCS\Services\Tcpip\..\{345A921B-85B2-43B3-8796-2D25D83F5116}: NameServer = 85.255.114.30,85.255.112.85
        O17 - HKLM\System\CCS\Services\Tcpip\..\{49627008-FF73-4E29-AC14-6BDA0C2D350A}: NameServer = 85.255.114.30,85.255.112.85
        O17 - HKLM\System\CCS\Services\Tcpip\..\{6DFDDB90-0DB1-4A86-B091-0D549C864A8C}: NameServer = 85.255.114.30,85.255.112.85

        Käynnistä vikasietotilaan ja poista:

        C:\WINDOWS\SYSTEM32\==>CSIOL.EXEENCODEX.EXE
        http://www.funkytoad.com/download/hoster.zip

        Pura zippi ja tuplaklikkaa hoster.exe

        Paina "Restore original hosts" ja ok.

        Lähetä uusi HjT-loki.

        tälläsia tiedostoja m
        C:\WINDOWS\SYSTEM32\==>CSIOL.EXEENCODEX.EXE


    Ketjusta on poistettu 0 sääntöjenvastaista viestiä.

    Luetuimmat keskustelut

    1. Mihin Ilkka Kanerva kuoli?

      Kun näin jokin aika sitten kuvan riutuneen näköisestä Kanervasta, sanoin vaimolle että haimasyövältä vaikuttaa. Vaimon isä oli kuollut kyseiseen tauti
      Maailman menoa
      403
      30893
    2. Martinan lapset JÄLLEEN valjastettu valkopesureiksi

      Ei tuo nainen todellakaan täysillä käy. Vauvakin tajuaa että kysymykset ja vastaukset ovat Martinan itsensä tekemiä, lapset vastaa mitä on käsketty. J
      Kotimaiset julkkisjuorut
      476
      4215
    3. Sofia Belorf ja Sonja Aiello

      Viihtyvät yhdessä dinnerillä. Pienet piirit. Mitä ajatuksia herättää ?
      Kotimaiset julkkisjuorut
      97
      2735
    4. Stefu LOISTAVAA!

      Ilmeisesti joku vedonlyönti tms, selvinpäin-elämästä👍👍👍 ilmankos ei ole Sofiaa näkynyt. Miten tän parin nyt käy, kun viimi ei maksettuna enää virta
      Kotimaiset julkkisjuorut
      133
      1901
    5. Teille, Venäjällä pelottelijat

      Oletatteko ja väitättekö te, että Venäjä pystyisi tuosta vain miehittämään Suomen?
      Maailman menoa
      591
      1670
    6. Ilkka Kanerva on kuollut

      74-vuotiaana.
      Maailman menoa
      86
      1596
    7. Kakista se ulos nainen vihdoin viimein

      Että haluat, kummatkin halutaan. Otan sinut kuumaan syleilyyn sitten.
      Ikävä
      75
      1570
    8. Ujostuttaa eräs aikuinen mies...

      Mitä se tämmönen on... tuo mies aiheuttaa minulle ylimääräsiä tykytyksiä... Rohkeampana pyytäsin häntä ulos mut jospa hän... Miten mun vaistot ilmoit
      Ikävä
      59
      1506
    9. Jos me käytäs nainen

      Ulkona niin mitkä olisi ne kolme asiaa joita tahtoisit kysyä tai kertoa minulle?
      Ikävä
      72
      1250
    Aihe