DANGER:SPYVARE

ffffffffffffffff

Työpöydän päälle on ilmestynyt punaisella pohjalla vilkkuva Danger Spyware....mitä tarkoittaa ja miten saan pois ??

Mistä/miten saan koneen loki tiedot tänne?

6

951

    Vastaukset

    Anonyymi (Kirjaudu / Rekisteröidy)
    5000
    • Fixaaja
      • ois se

        Logfile of HijackThis v1.99.1
        Scan saved at 18:12:57, on 12.12.2005
        Platform: Windows XP SP1 (WinNT 5.01.2600)
        MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

        Running processes:
        C:\WINDOWS\System32\smss.exe
        C:\WINDOWS\system32\csrss.exe
        C:\WINDOWS\system32\winlogon.exe
        C:\WINDOWS\system32\services.exe
        C:\WINDOWS\system32\lsass.exe
        C:\WINDOWS\System32\Ati2evxx.exe
        C:\WINDOWS\system32\svchost.exe
        C:\WINDOWS\System32\svchost.exe
        C:\WINDOWS\System32\svchost.exe
        C:\WINDOWS\System32\svchost.exe
        C:\WINDOWS\system32\spoolsv.exe
        C:\WINDOWS\system32\Ati2evxx.exe
        C:\WINDOWS\Explorer.EXE
        C:\Program Files\D-Tools\daemon.exe
        C:\WINDOWS\System32\svcnet.exe
        C:\WINDOWS\System32\sndcfg16.exe
        C:\Program Files\iTunes\iTunesHelper.exe
        C:\Program Files\QuickTime\qttask.exe
        C:\Program Files\MediaGateway\MediaGateway.exe
        C:\Program Files\MSN Messenger\MsnMsgr.Exe
        C:\WINDOWS\System32\sywsvcs.exe
        D:\Ohjelmat\InterVideo\Common\Bin\WinCinemaMgr.exe
        C:\WINDOWS\System32\alg.exe
        C:\WINDOWS\YWFzaQ\command.exe
        C:\Program Files\Bonjour\mDNSResponder.exe
        C:\Program Files\iPod\bin\iPodService.exe
        C:\WINDOWS\Explorer.EXE
        E:\hämähäkkitorjuntaa\HIJACKTHIS\HijackThis.exe

        R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.fi/
        R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = local.,
        R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Linkit
        O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
        O2 - BHO: ST - {9394EDE7-C8B5-483E-8773-474BF36AF6E4} - C:\Program Files\MSN Apps\ST\01.03.0000.1005\en-xu\stmain.dll
        O2 - BHO: MSNToolBandBHO - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\01.02.4000.1001\fi\msntb.dll
        O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\system32\msdxm.ocx
        O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\01.02.4000.1001\fi\msntb.dll
        O3 - Toolbar: Zango Toolbar - {EA0D26BD-9029-431A-86E0-83152D67828A} - C:\Program Files\Zango Programs\Zango Toolbar\ZangoTB.dll
        O4 - HKLM\..\Run: [AtiPTA] atiptaxx.exe
        O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
        O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
        O4 - HKLM\..\Run: [DAEMON Tools-1033] "C:\Program Files\D-Tools\daemon.exe" -lang 1033
        O4 - HKLM\..\Run: [Shellapi32] svcnet.exe
        O4 - HKLM\..\Run: [WinProfile] sndcfg16.exe
        O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
        O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
        O4 - HKLM\..\Run: [links] links.exe
        O4 - HKLM\..\Run: [WinHound] C:\Program Files\WinHound\WinHound.exe
        O4 - HKLM\..\Run: [yaemu.exe] C:\WINDOWS\System32\yaemu.exe
        O4 - HKLM\..\Run: [MediaGateway] C:\Program Files\MediaGateway\MediaGateway.exe
        O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
        O4 - HKLM\..\RunServices: [WinProfile] sndcfg16.exe
        O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
        O4 - HKCU\..\Run: [Shellapi32] svcnet.exe
        O4 - HKCU\..\Run: [Steam] E:\pelit\hl2\\Steam.exe -silent
        O4 - HKCU\..\Run: [aupd] C:\WINDOWS\System32\sywsvcs.exe
        O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
        O4 - Global Startup: InterVideo WinCinema Manager.lnk = D:\Ohjelmat\InterVideo\Common\Bin\WinCinemaMgr.exe
        O8 - Extra context menu item: Vie Microsoft E&xceliin - res://D:\Ohjelmat\MICROS~1\Office10\EXCEL.EXE/3000
        O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
        O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
        O10 - Unknown file in Winsock LSP: c:\program files\bonjour\mdnsnsp.dll
        O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupdate.microsoft.com/v5consumer/V5Controls/en/x86/client/wuweb_site.cab?1102938678674
        O16 - DPF: {8FCDF9D9-A28B-480F-8C3D-581F119A8AB8} (MediaGatewayX) - http://static.zangocash.com/cab/Zango/ie/bridge-c46.cab
        O17 - HKLM\System\CCS\Services\Tcpip\..\{345A921B-85B2-43B3-8796-2D25D83F5116}: NameServer = 85.255.114.30,85.255.112.85
        O17 - HKLM\System\CCS\Services\Tcpip\..\{49627008-FF73-4E29-AC14-6BDA0C2D350A}: NameServer = 85.255.114.30,85.255.112.85
        O17 - HKLM\System\CCS\Services\Tcpip\..\{6DFDDB90-0DB1-4A86-B091-0D549C864A8C}: NameServer = 85.255.114.30,85.255.112.85
        O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
        O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\System32\Ati2evxx.exe
        O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
        O23 - Service: Bonjour-palvelu (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
        O23 - Service: Command Service (cmdService) - Unknown owner - C:\WINDOWS\YWFzaQ\command.exe
        O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
        O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
        O23 - Service: RadClock - Unknown owner - C:\WINDOWS\system32\RadClock.exe


      • Fixaaja
        ois se kirjoitti:

        Logfile of HijackThis v1.99.1
        Scan saved at 18:12:57, on 12.12.2005
        Platform: Windows XP SP1 (WinNT 5.01.2600)
        MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

        Running processes:
        C:\WINDOWS\System32\smss.exe
        C:\WINDOWS\system32\csrss.exe
        C:\WINDOWS\system32\winlogon.exe
        C:\WINDOWS\system32\services.exe
        C:\WINDOWS\system32\lsass.exe
        C:\WINDOWS\System32\Ati2evxx.exe
        C:\WINDOWS\system32\svchost.exe
        C:\WINDOWS\System32\svchost.exe
        C:\WINDOWS\System32\svchost.exe
        C:\WINDOWS\System32\svchost.exe
        C:\WINDOWS\system32\spoolsv.exe
        C:\WINDOWS\system32\Ati2evxx.exe
        C:\WINDOWS\Explorer.EXE
        C:\Program Files\D-Tools\daemon.exe
        C:\WINDOWS\System32\svcnet.exe
        C:\WINDOWS\System32\sndcfg16.exe
        C:\Program Files\iTunes\iTunesHelper.exe
        C:\Program Files\QuickTime\qttask.exe
        C:\Program Files\MediaGateway\MediaGateway.exe
        C:\Program Files\MSN Messenger\MsnMsgr.Exe
        C:\WINDOWS\System32\sywsvcs.exe
        D:\Ohjelmat\InterVideo\Common\Bin\WinCinemaMgr.exe
        C:\WINDOWS\System32\alg.exe
        C:\WINDOWS\YWFzaQ\command.exe
        C:\Program Files\Bonjour\mDNSResponder.exe
        C:\Program Files\iPod\bin\iPodService.exe
        C:\WINDOWS\Explorer.EXE
        E:\hämähäkkitorjuntaa\HIJACKTHIS\HijackThis.exe

        R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.fi/
        R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = local.,
        R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Linkit
        O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
        O2 - BHO: ST - {9394EDE7-C8B5-483E-8773-474BF36AF6E4} - C:\Program Files\MSN Apps\ST\01.03.0000.1005\en-xu\stmain.dll
        O2 - BHO: MSNToolBandBHO - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\01.02.4000.1001\fi\msntb.dll
        O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\system32\msdxm.ocx
        O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\01.02.4000.1001\fi\msntb.dll
        O3 - Toolbar: Zango Toolbar - {EA0D26BD-9029-431A-86E0-83152D67828A} - C:\Program Files\Zango Programs\Zango Toolbar\ZangoTB.dll
        O4 - HKLM\..\Run: [AtiPTA] atiptaxx.exe
        O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
        O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
        O4 - HKLM\..\Run: [DAEMON Tools-1033] "C:\Program Files\D-Tools\daemon.exe" -lang 1033
        O4 - HKLM\..\Run: [Shellapi32] svcnet.exe
        O4 - HKLM\..\Run: [WinProfile] sndcfg16.exe
        O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
        O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
        O4 - HKLM\..\Run: [links] links.exe
        O4 - HKLM\..\Run: [WinHound] C:\Program Files\WinHound\WinHound.exe
        O4 - HKLM\..\Run: [yaemu.exe] C:\WINDOWS\System32\yaemu.exe
        O4 - HKLM\..\Run: [MediaGateway] C:\Program Files\MediaGateway\MediaGateway.exe
        O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
        O4 - HKLM\..\RunServices: [WinProfile] sndcfg16.exe
        O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
        O4 - HKCU\..\Run: [Shellapi32] svcnet.exe
        O4 - HKCU\..\Run: [Steam] E:\pelit\hl2\\Steam.exe -silent
        O4 - HKCU\..\Run: [aupd] C:\WINDOWS\System32\sywsvcs.exe
        O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
        O4 - Global Startup: InterVideo WinCinema Manager.lnk = D:\Ohjelmat\InterVideo\Common\Bin\WinCinemaMgr.exe
        O8 - Extra context menu item: Vie Microsoft E&xceliin - res://D:\Ohjelmat\MICROS~1\Office10\EXCEL.EXE/3000
        O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
        O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
        O10 - Unknown file in Winsock LSP: c:\program files\bonjour\mdnsnsp.dll
        O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupdate.microsoft.com/v5consumer/V5Controls/en/x86/client/wuweb_site.cab?1102938678674
        O16 - DPF: {8FCDF9D9-A28B-480F-8C3D-581F119A8AB8} (MediaGatewayX) - http://static.zangocash.com/cab/Zango/ie/bridge-c46.cab
        O17 - HKLM\System\CCS\Services\Tcpip\..\{345A921B-85B2-43B3-8796-2D25D83F5116}: NameServer = 85.255.114.30,85.255.112.85
        O17 - HKLM\System\CCS\Services\Tcpip\..\{49627008-FF73-4E29-AC14-6BDA0C2D350A}: NameServer = 85.255.114.30,85.255.112.85
        O17 - HKLM\System\CCS\Services\Tcpip\..\{6DFDDB90-0DB1-4A86-B091-0D549C864A8C}: NameServer = 85.255.114.30,85.255.112.85
        O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
        O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\System32\Ati2evxx.exe
        O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
        O23 - Service: Bonjour-palvelu (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
        O23 - Service: Command Service (cmdService) - Unknown owner - C:\WINDOWS\YWFzaQ\command.exe
        O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
        O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
        O23 - Service: RadClock - Unknown owner - C:\WINDOWS\system32\RadClock.exe

        Poista lisää/poista sovellus-kohdasta, jos näkyy:

        Media Gateway
        WinHound
        Zango Toolbar

        Fixaa HjT:llä (do a system scan only, merkkaa ja paina fix checked):

        O3 - Toolbar: Zango Toolbar - {EA0D26BD-9029-431A-86E0-83152D67828A} - C:\Program Files\Zango Programs\Zango Toolbar\ZangoTB.dll
        O4 - HKLM\..\Run: [Shellapi32] svcnet.exe
        O4 - HKLM\..\Run: [WinProfile] sndcfg16.exe
        O4 - HKLM\..\Run: [links] links.exe
        O4 - HKLM\..\Run: [WinHound] C:\Program Files\WinHound\WinHound.exe
        O4 - HKLM\..\Run: [yaemu.exe] C:\WINDOWS\System32\yaemu.exe
        O4 - HKLM\..\Run: [MediaGateway] C:\Program Files\MediaGateway\MediaGateway.exe
        O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
        O4 - HKLM\..\RunServices: [WinProfile] sndcfg16.exe
        O4 - HKCU\..\Run: [Shellapi32] svcnet.exe
        O4 - HKCU\..\Run: [aupd] C:\WINDOWS\System32\sywsvcs.exe
        O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
        O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm http://static.zangocash.com/cab/Zango/ie/bridge-c46.cab
        O17 - HKLM\System\CCS\Services\Tcpip\..\{345A921B-85B2-43B3-8796-2D25D83F5116}: NameServer = 85.255.114.30,85.255.112.85
        O17 - HKLM\System\CCS\Services\Tcpip\..\{49627008-FF73-4E29-AC14-6BDA0C2D350A}: NameServer = 85.255.114.30,85.255.112.85
        O17 - HKLM\System\CCS\Services\Tcpip\..\{6DFDDB90-0DB1-4A86-B091-0D549C864A8C}: NameServer = 85.255.114.30,85.255.112.85
        O23 - Service: Command Service (cmdService) - Unknown owner - C:\WINDOWS\YWFzaQ\command.exe

        Sitten käynnistä -> suorita -> services.msc.
        Etsi listalta Command Service, tuplaklikkaa, paina seis ja valitse käynnistymistavaksi ei käytössä.

        Laita piilotiedostot näkyviin, ohje ->
        http://keskustelu.afterdawn.com/thread_view.cfm/248944

        Hae fixwareout -> http://downloads.subratam.org/Fixwareout.exe
        Tallenna johonkin hakemistoon ja käynnistä se. Seuraa ohjeita, käynnistä kone uudestaan kun fixi pyytää sitä. Fixi avaa HjT:n. Sulje se.

        Hae ewido -> http://www.ewido.net/en/download

        Asenna ja päivitä.

        Käynnistä vikasietotilaan (F8 käynnistyksen yhteydessä)

        Poista nämä:

        C:\Program Files\==>MediaGatewaysywsvcs.exeZango ProgramsYWFzaQ


      • uus logi
        Fixaaja kirjoitti:

        Poista lisää/poista sovellus-kohdasta, jos näkyy:

        Media Gateway
        WinHound
        Zango Toolbar

        Fixaa HjT:llä (do a system scan only, merkkaa ja paina fix checked):

        O3 - Toolbar: Zango Toolbar - {EA0D26BD-9029-431A-86E0-83152D67828A} - C:\Program Files\Zango Programs\Zango Toolbar\ZangoTB.dll
        O4 - HKLM\..\Run: [Shellapi32] svcnet.exe
        O4 - HKLM\..\Run: [WinProfile] sndcfg16.exe
        O4 - HKLM\..\Run: [links] links.exe
        O4 - HKLM\..\Run: [WinHound] C:\Program Files\WinHound\WinHound.exe
        O4 - HKLM\..\Run: [yaemu.exe] C:\WINDOWS\System32\yaemu.exe
        O4 - HKLM\..\Run: [MediaGateway] C:\Program Files\MediaGateway\MediaGateway.exe
        O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
        O4 - HKLM\..\RunServices: [WinProfile] sndcfg16.exe
        O4 - HKCU\..\Run: [Shellapi32] svcnet.exe
        O4 - HKCU\..\Run: [aupd] C:\WINDOWS\System32\sywsvcs.exe
        O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
        O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm http://static.zangocash.com/cab/Zango/ie/bridge-c46.cab
        O17 - HKLM\System\CCS\Services\Tcpip\..\{345A921B-85B2-43B3-8796-2D25D83F5116}: NameServer = 85.255.114.30,85.255.112.85
        O17 - HKLM\System\CCS\Services\Tcpip\..\{49627008-FF73-4E29-AC14-6BDA0C2D350A}: NameServer = 85.255.114.30,85.255.112.85
        O17 - HKLM\System\CCS\Services\Tcpip\..\{6DFDDB90-0DB1-4A86-B091-0D549C864A8C}: NameServer = 85.255.114.30,85.255.112.85
        O23 - Service: Command Service (cmdService) - Unknown owner - C:\WINDOWS\YWFzaQ\command.exe

        Sitten käynnistä -> suorita -> services.msc.
        Etsi listalta Command Service, tuplaklikkaa, paina seis ja valitse käynnistymistavaksi ei käytössä.

        Laita piilotiedostot näkyviin, ohje ->
        http://keskustelu.afterdawn.com/thread_view.cfm/248944

        Hae fixwareout -> http://downloads.subratam.org/Fixwareout.exe
        Tallenna johonkin hakemistoon ja käynnistä se. Seuraa ohjeita, käynnistä kone uudestaan kun fixi pyytää sitä. Fixi avaa HjT:n. Sulje se.

        Hae ewido -> http://www.ewido.net/en/download

        Asenna ja päivitä.

        Käynnistä vikasietotilaan (F8 käynnistyksen yhteydessä)

        Poista nämä:

        C:\Program Files\==>MediaGatewaysywsvcs.exeZango ProgramsYWFzaQ

        tiedosto:
        Logfile of HijackThis v1.99.1

        Running processes:
        C:\WINDOWS\System32\smss.exe
        C:\WINDOWS\system32\winlogon.exe
        C:\WINDOWS\system32\services.exe
        C:\WINDOWS\system32\lsass.exe
        C:\WINDOWS\System32\Ati2evxx.exe
        C:\WINDOWS\system32\svchost.exe
        C:\WINDOWS\System32\svchost.exe
        C:\WINDOWS\system32\spoolsv.exe
        C:\WINDOWS\system32\Ati2evxx.exe
        C:\WINDOWS\Explorer.EXE
        C:\Program Files\iTunes\iTunesHelper.exe
        C:\Program Files\QuickTime\qttask.exe
        D:\Ohjelmat\InterVideo\Common\Bin\WinCinemaMgr.exe
        C:\Program Files\ewido\security suite\ewidoctrl.exe
        C:\Program Files\ewido\security suite\ewidoguard.exe
        C:\Program Files\Bonjour\mDNSResponder.exe
        C:\Program Files\iPod\bin\iPodService.exe
        C:\WINDOWS\Explorer.EXE
        C:\WINDOWS\system32\NOTEPAD.EXE
        E:\hämähäkkitorjuntaa\HIJACKTHIS\HijackThis.exe

        R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = local.,
        R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Linkit
        O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
        O2 - BHO: ST - {9394EDE7-C8B5-483E-8773-474BF36AF6E4} - C:\Program Files\MSN Apps\ST\01.03.0000.1005\en-xu\stmain.dll
        O2 - BHO: MSNToolBandBHO - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\01.02.4000.1001\fi\msntb.dll
        O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\system32\msdxm.ocx
        O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\01.02.4000.1001\fi\msntb.dll
        O3 - Toolbar: Zango Toolbar - {EA0D26BD-9029-431A-86E0-83152D67828A} - C:\Program Files\Zango Programs\Zango Toolbar\ZangoTB.dll (file missing)
        O4 - HKLM\..\Run: [AtiPTA] atiptaxx.exe
        O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
        O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
        O4 - HKLM\..\Run: [DAEMON Tools-1033] "C:\Program Files\D-Tools\daemon.exe" -lang 1033
        O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
        O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
        O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
        O4 - HKCU\..\Run: [Shellapi32] svcnet.exe
        O4 - HKCU\..\Run: [Steam] E:\pelit\hl2\\Steam.exe -silent
        O4 - HKCU\..\Run: [aupd] C:\WINDOWS\System32\sywsvcs.exe
        O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
        O4 - Global Startup: InterVideo WinCinema Manager.lnk = D:\Ohjelmat\InterVideo\Common\Bin\WinCinemaMgr.exe
        O8 - Extra context menu item: Vie Microsoft E&xceliin - res://D:\Ohjelmat\MICROS~1\Office10\EXCEL.EXE/3000
        O10 - Unknown file in Winsock LSP: c:\program files\bonjour\mdnsnsp.dll
        O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupdate.microsoft.com/v5consumer/V5Controls/en/x86/client/wuweb_site.cab?1102938678674
        O16 - DPF: {8FCDF9D9-A28B-480F-8C3D-581F119A8AB8} (MediaGatewayX) - http://static.zangocash.com/cab/Zango/ie/bridge-c46.cab
        O17 - HKLM\System\CCS\Services\Tcpip\..\{345A921B-85B2-43B3-8796-2D25D83F5116}: NameServer = 85.255.114.30,85.255.112.85
        O17 - HKLM\System\CCS\Services\Tcpip\..\{49627008-FF73-4E29-AC14-6BDA0C2D350A}: NameServer = 85.255.114.30,85.255.112.85
        O17 - HKLM\System\CCS\Services\Tcpip\..\{6DFDDB90-0DB1-4A86-B091-0D549C864A8C}: NameServer = 85.255.114.30,85.255.112.85
        O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
        O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\System32\Ati2evxx.exe
        O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
        O23 - Service: Bonjour-palvelu (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
        O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido\security suite\ewidoctrl.exe
        O23 - Service: ewido security suite guard - ewido networks - C:\Program Files\ewido\security suite\ewidoguard.exe
        O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
        O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
        O23 - Service: RadClock - Unknown owner - C:\WINDOWS\system32\RadClock.exe



        ----------------------------------------------
        ------------------------------------------------
        ------------------------------------------------
        ===>:Fixwareout ver 1.003
        Last edited
        Post this report in the forums please

        Reg Entries that were deleted
        HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\repiwoh
        HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Urls\repiwoh
        HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Urls\ypszr
        HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Urls\daolnwodi
        HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Urls\x0brks
        HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Urls\lavinraCputeS

        PLEASE NOTE THAT ALL FILES FOUND BY THIS METHOD ARE NOT BAD FILES, There WILL be LEGIT FILES LISTED. IF YOU ARE UNSURE OF WHAT IT IS LEAVE THEM ALONE.

        »»»»» Search by size and names...
        C:\WINDOWS\SYSTEM32\CSIOL.EXE
        C:\WINDOWS\SYSTEM32\ENCODEX.EXE

        »»»»» Misc files

        »»»»» Checking for older varients covered by the Rem3 tool
        ---------------------------------------------------------------------------------------------------------------------------------------------------

        EWIDO LÖYSI JOTAIN 3000 saastunutta tiedostoa. mutta en viittiny kaikkia laittaa tänne...tässä tärkeimmät.

        ewido security suite - Scan report
        ---------------------------------------------------------

        Created on:         
        Report-Checksum:      

        Scan result:

           HKLM\SOFTWARE\Classes\CLSID\{357A87ED-3E5D-437d-B334-DEB7EB4982A3} -> Trojan.Agent.eo : Cleaned with backup
           HKLM\SOFTWARE\Microsoft\Internet Explorer\Extensions\{c95fe080-8f5d-11d2-a20b-00aa003c157a} -> Spyware.Alexa : Cleaned with backup
           HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Internet Update\{357A87ED-3E5D-437d-B334-DEB7EB4982A3} -> Trojan.Agent.eo : Cleaned with backup
           :mozilla.7:C:\Documents and Settings\aasi\Application Data\Mozilla\Firefox\Profiles\1317fxqf.default\cookies.txt -> Spyware.Cookie.Atdmt : Cleaned with backup
           :mozilla.17:C:\Documents and Settings\aasi\Application Data\Mozilla\Firefox\Profiles\1317fxqf.default\cookies.txt -> Spyware.Cookie.Statcounter : Cleaned with backup
           :mozilla.19:C:\Documents and Settings\aasi\Application Data\Mozilla\Firefox\Profiles\1317fxqf.default\cookies.txt -> Spyware.Cookie.Statcounter : Cleaned with backup
           :mozilla.38:C:\Documents and Settings\aasi\Application Data\Mozilla\Firefox\Profiles\1317fxqf.default\cookies.txt -> Spyware.Cookie.Spylog : Cleaned with backup
           :mozilla.46:C:\Documents and Settings\aasi\Application Data\Mozilla\Firefox\Profiles\1317fxqf.default\cookies.txt -> Spyware.Cookie.Tribalfusion : Cleaned with backup
           :mozilla.48:C:\Documents and Settings\aasi\Application Data\Mozilla\Firefox\Profiles\1317fxqf.default\cookies.txt -> Spyware.Cookie.Yieldmanager : Cleaned with backup
           :mozilla.49:C:\Documents and Settings\aasi\Application Data\Mozilla\Firefox\Profiles\1317fxqf.default\cookies.txt -> Spyware.Cookie.Yieldmanager : Cleaned with backup
           :mozilla.50:C:\Documents and Settings\aasi\Application Data\Mozilla\Firefox\Profiles\1317fxqf.default\cookies.txt -> Spyware.Cookie.Yieldmanager : Cleaned with backup
           :mozilla.51:C:\Documents and Settings\aasi\Application Data\Mozilla\Firefox\Profiles\1317fxqf.default\cookies.txt -> Spyware.Cookie.Yieldmanager : Cleaned with backup
           :mozilla.52:C:\Documents and Settings\aasi\Application Data\Mozilla\Firefox\Profiles\1317fxqf.default\cookies.txt -> Spyware.Cookie.Targetnet : Cleaned with backup
           :mozilla.53:C:\Documents and Settings\aasi\Application Data\Mozilla\Firefox\Profiles\1317fxqf.default\cookies.txt -> Spyware.Cookie.Yieldmanager : Cleaned with backup
           :mozilla.54:C:\Documents and Settings\aasi\Application Data\Mozilla\Firefox\Profiles\1317fxqf.default\cookies.txt -> Spyware.Cookie.Casalemedia : Cleaned with backup
           :mozilla.55:C:\Documents and Settings\aasi\Application Data\Mozilla\Firefox\Profiles\1317fxqf.default\cookies.txt -> Spyware.Cookie.Casalemedia : Cleaned with backup
           :mozilla.56:C:\Documents and Settings\aasi\Application Data\Mozilla\Firefox\Profiles\1317fxqf.default\cookies.txt -> Spyware.Cookie.Casalemedia : Cleaned with backup
           :mozilla.58:C:\Documents and Settings\aasi\Application Data\Mozilla\Firefox\Profiles\1317fxqf.default\cookies.txt -> Spyware.Cookie.Trafficmp : Cleaned with backup
           :mozilla.59:C:\Documents and Settings\aasi\Application Data\Mozilla\Firefox\Profiles\1317fxqf.default\cookies.txt -> Spyware.Cookie.Trafficmp : Cleaned with backup
           :mozilla.60:C:\Documents and Settings\aasi\Application Data\Mozilla\Firefox\Profiles\1317fxqf.default\cookies.txt -> Spyware.Cookie.Trafficmp : Cleaned with backup
           :mozilla.61:C:\Documents and Settings\aasi\Application Data\Mozilla\Firefox\Profiles\1317fxqf.default\cookies.txt -> Spyware.Cookie.Trafficmp : Cleaned with backup
           :mozilla.62:C:\Documents and Settings\aasi\Application Data\Mozilla\Firefox\Profiles\1317fxqf.default\cookies.txt -> Spyware.Cookie.Trafficmp : Cleaned with backup
           :mozilla.63:C:\Documents and Settings\aasi\Application Data\Mozilla\Firefox\Profiles\1317fxqf.default\cookies.txt -> Spyware.Cookie.Trafficmp : Cleaned with backup
           :mozilla.64:C:\Documents and Settings\aasi\Application Data\Mozilla\Firefox\Profiles\1317fxqf.default\cookies.txt -> Spyware.Cookie.Trafficmp : Cleaned with backup
           :mozilla.66:C:\Documents and Settings\aasi\Application Data\Mozilla\Firefox\Profiles\1317fxqf.default\cookies.txt -> Spyware.Cookie.Tradedoubler : Cleaned with backup
           :mozilla.67:C:\Documents and Settings\aasi\Application Data\Mozilla\Firefox\Profiles\1317fxqf.default\cookies.txt -> Spyware.Cookie.Masterstats : Cleaned with backup
           :mozilla.69:C:\Documents and Settings\aasi\Application Data\Mozilla\Firefox\Profiles\1317fxqf.default\cookies.txt -> Spyware.Cookie.Googleadservices : Cleaned with backup
           :mozilla.72:C:\Documents and Settings\aasi\Application Data\Mozilla\Firefox\Profiles\1317fxqf.default\cookies.txt -> Spyware.Cookie.Overture : Cleaned with backup
           :mozilla.73:C:\Documents and Settings\aasi\Application Data\Mozilla\Firefox\Profiles\1317fxqf.default\cookies.txt -> Spyware.Cookie.Googleadservices : Cleaned with backup
           :mozilla.6:C:\Documents and Settings\aasi\Application Data\Phoenix\Profiles\default\2ppbnei9.slt\cookies.txt -> Spyware.Cookie.Sextracker : Cleaned with backup
           :mozilla.7:C:\Documents and Settings\aasi\Application Data\Phoenix\Profiles\default\2ppbnei9.slt\cookies.txt -> Spyware.Cookie.Sextracker : Cleaned with backup
           :mozilla.10:C:\Documents and Settings\aasi\Application Data\Phoenix\Profiles\default\2ppbnei9.slt\cookies.txt -> Spyware.Cookie.Sexlist : Cleaned with backup
           :mozilla.17:C:\Documents and Settings\aasi\Application Data\Phoenix\Profiles\default\2ppbnei9.slt\cookies.txt -> Spyware.Cookie.Atdmt : Cleaned with backup
           :mozilla.18:C:\Documents and Settings\aasi\Application Data\Phoenix\Profiles\default\2ppbnei9.slt\cookies.txt -> Spyware.Cookie.Yieldmanager : Cleaned with backup
           :mozilla.27:C:\Documents and Settings\aasi\Application Data\Phoenix\Profiles\default\2ppbnei9.slt\cookies.txt -> Spyware.Cookie.Adtech : Cleaned with backup
           :mozilla.28:C:\Documents and Settings\aasi\Application Data\Phoenix\Profiles\default\2ppbnei9.slt\cookies.txt -> Spyware.Cookie.Adtech : Cleaned with backup
           C:\Documents and Settings\aasi\Local Settings\Temp\Del1A.tmp -> Spyware.180Solutions : Cleaned with backup
           


      • Fixaaja
        uus logi kirjoitti:

        tiedosto:
        Logfile of HijackThis v1.99.1

        Running processes:
        C:\WINDOWS\System32\smss.exe
        C:\WINDOWS\system32\winlogon.exe
        C:\WINDOWS\system32\services.exe
        C:\WINDOWS\system32\lsass.exe
        C:\WINDOWS\System32\Ati2evxx.exe
        C:\WINDOWS\system32\svchost.exe
        C:\WINDOWS\System32\svchost.exe
        C:\WINDOWS\system32\spoolsv.exe
        C:\WINDOWS\system32\Ati2evxx.exe
        C:\WINDOWS\Explorer.EXE
        C:\Program Files\iTunes\iTunesHelper.exe
        C:\Program Files\QuickTime\qttask.exe
        D:\Ohjelmat\InterVideo\Common\Bin\WinCinemaMgr.exe
        C:\Program Files\ewido\security suite\ewidoctrl.exe
        C:\Program Files\ewido\security suite\ewidoguard.exe
        C:\Program Files\Bonjour\mDNSResponder.exe
        C:\Program Files\iPod\bin\iPodService.exe
        C:\WINDOWS\Explorer.EXE
        C:\WINDOWS\system32\NOTEPAD.EXE
        E:\hämähäkkitorjuntaa\HIJACKTHIS\HijackThis.exe

        R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = local.,
        R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Linkit
        O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
        O2 - BHO: ST - {9394EDE7-C8B5-483E-8773-474BF36AF6E4} - C:\Program Files\MSN Apps\ST\01.03.0000.1005\en-xu\stmain.dll
        O2 - BHO: MSNToolBandBHO - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\01.02.4000.1001\fi\msntb.dll
        O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\system32\msdxm.ocx
        O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\01.02.4000.1001\fi\msntb.dll
        O3 - Toolbar: Zango Toolbar - {EA0D26BD-9029-431A-86E0-83152D67828A} - C:\Program Files\Zango Programs\Zango Toolbar\ZangoTB.dll (file missing)
        O4 - HKLM\..\Run: [AtiPTA] atiptaxx.exe
        O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
        O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
        O4 - HKLM\..\Run: [DAEMON Tools-1033] "C:\Program Files\D-Tools\daemon.exe" -lang 1033
        O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
        O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
        O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
        O4 - HKCU\..\Run: [Shellapi32] svcnet.exe
        O4 - HKCU\..\Run: [Steam] E:\pelit\hl2\\Steam.exe -silent
        O4 - HKCU\..\Run: [aupd] C:\WINDOWS\System32\sywsvcs.exe
        O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
        O4 - Global Startup: InterVideo WinCinema Manager.lnk = D:\Ohjelmat\InterVideo\Common\Bin\WinCinemaMgr.exe
        O8 - Extra context menu item: Vie Microsoft E&xceliin - res://D:\Ohjelmat\MICROS~1\Office10\EXCEL.EXE/3000
        O10 - Unknown file in Winsock LSP: c:\program files\bonjour\mdnsnsp.dll
        O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupdate.microsoft.com/v5consumer/V5Controls/en/x86/client/wuweb_site.cab?1102938678674
        O16 - DPF: {8FCDF9D9-A28B-480F-8C3D-581F119A8AB8} (MediaGatewayX) - http://static.zangocash.com/cab/Zango/ie/bridge-c46.cab
        O17 - HKLM\System\CCS\Services\Tcpip\..\{345A921B-85B2-43B3-8796-2D25D83F5116}: NameServer = 85.255.114.30,85.255.112.85
        O17 - HKLM\System\CCS\Services\Tcpip\..\{49627008-FF73-4E29-AC14-6BDA0C2D350A}: NameServer = 85.255.114.30,85.255.112.85
        O17 - HKLM\System\CCS\Services\Tcpip\..\{6DFDDB90-0DB1-4A86-B091-0D549C864A8C}: NameServer = 85.255.114.30,85.255.112.85
        O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
        O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\System32\Ati2evxx.exe
        O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
        O23 - Service: Bonjour-palvelu (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
        O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido\security suite\ewidoctrl.exe
        O23 - Service: ewido security suite guard - ewido networks - C:\Program Files\ewido\security suite\ewidoguard.exe
        O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
        O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
        O23 - Service: RadClock - Unknown owner - C:\WINDOWS\system32\RadClock.exe



        ----------------------------------------------
        ------------------------------------------------
        ------------------------------------------------
        ===>:Fixwareout ver 1.003
        Last edited
        Post this report in the forums please

        Reg Entries that were deleted
        HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\repiwoh
        HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Urls\repiwoh
        HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Urls\ypszr
        HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Urls\daolnwodi
        HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Urls\x0brks
        HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Urls\lavinraCputeS

        PLEASE NOTE THAT ALL FILES FOUND BY THIS METHOD ARE NOT BAD FILES, There WILL be LEGIT FILES LISTED. IF YOU ARE UNSURE OF WHAT IT IS LEAVE THEM ALONE.

        »»»»» Search by size and names...
        C:\WINDOWS\SYSTEM32\CSIOL.EXE
        C:\WINDOWS\SYSTEM32\ENCODEX.EXE

        »»»»» Misc files

        »»»»» Checking for older varients covered by the Rem3 tool
        ---------------------------------------------------------------------------------------------------------------------------------------------------

        EWIDO LÖYSI JOTAIN 3000 saastunutta tiedostoa. mutta en viittiny kaikkia laittaa tänne...tässä tärkeimmät.

        ewido security suite - Scan report
        ---------------------------------------------------------

        Created on:         
        Report-Checksum:      

        Scan result:

           HKLM\SOFTWARE\Classes\CLSID\{357A87ED-3E5D-437d-B334-DEB7EB4982A3} -> Trojan.Agent.eo : Cleaned with backup
           HKLM\SOFTWARE\Microsoft\Internet Explorer\Extensions\{c95fe080-8f5d-11d2-a20b-00aa003c157a} -> Spyware.Alexa : Cleaned with backup
           HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Internet Update\{357A87ED-3E5D-437d-B334-DEB7EB4982A3} -> Trojan.Agent.eo : Cleaned with backup
           :mozilla.7:C:\Documents and Settings\aasi\Application Data\Mozilla\Firefox\Profiles\1317fxqf.default\cookies.txt -> Spyware.Cookie.Atdmt : Cleaned with backup
           :mozilla.17:C:\Documents and Settings\aasi\Application Data\Mozilla\Firefox\Profiles\1317fxqf.default\cookies.txt -> Spyware.Cookie.Statcounter : Cleaned with backup
           :mozilla.19:C:\Documents and Settings\aasi\Application Data\Mozilla\Firefox\Profiles\1317fxqf.default\cookies.txt -> Spyware.Cookie.Statcounter : Cleaned with backup
           :mozilla.38:C:\Documents and Settings\aasi\Application Data\Mozilla\Firefox\Profiles\1317fxqf.default\cookies.txt -> Spyware.Cookie.Spylog : Cleaned with backup
           :mozilla.46:C:\Documents and Settings\aasi\Application Data\Mozilla\Firefox\Profiles\1317fxqf.default\cookies.txt -> Spyware.Cookie.Tribalfusion : Cleaned with backup
           :mozilla.48:C:\Documents and Settings\aasi\Application Data\Mozilla\Firefox\Profiles\1317fxqf.default\cookies.txt -> Spyware.Cookie.Yieldmanager : Cleaned with backup
           :mozilla.49:C:\Documents and Settings\aasi\Application Data\Mozilla\Firefox\Profiles\1317fxqf.default\cookies.txt -> Spyware.Cookie.Yieldmanager : Cleaned with backup
           :mozilla.50:C:\Documents and Settings\aasi\Application Data\Mozilla\Firefox\Profiles\1317fxqf.default\cookies.txt -> Spyware.Cookie.Yieldmanager : Cleaned with backup
           :mozilla.51:C:\Documents and Settings\aasi\Application Data\Mozilla\Firefox\Profiles\1317fxqf.default\cookies.txt -> Spyware.Cookie.Yieldmanager : Cleaned with backup
           :mozilla.52:C:\Documents and Settings\aasi\Application Data\Mozilla\Firefox\Profiles\1317fxqf.default\cookies.txt -> Spyware.Cookie.Targetnet : Cleaned with backup
           :mozilla.53:C:\Documents and Settings\aasi\Application Data\Mozilla\Firefox\Profiles\1317fxqf.default\cookies.txt -> Spyware.Cookie.Yieldmanager : Cleaned with backup
           :mozilla.54:C:\Documents and Settings\aasi\Application Data\Mozilla\Firefox\Profiles\1317fxqf.default\cookies.txt -> Spyware.Cookie.Casalemedia : Cleaned with backup
           :mozilla.55:C:\Documents and Settings\aasi\Application Data\Mozilla\Firefox\Profiles\1317fxqf.default\cookies.txt -> Spyware.Cookie.Casalemedia : Cleaned with backup
           :mozilla.56:C:\Documents and Settings\aasi\Application Data\Mozilla\Firefox\Profiles\1317fxqf.default\cookies.txt -> Spyware.Cookie.Casalemedia : Cleaned with backup
           :mozilla.58:C:\Documents and Settings\aasi\Application Data\Mozilla\Firefox\Profiles\1317fxqf.default\cookies.txt -> Spyware.Cookie.Trafficmp : Cleaned with backup
           :mozilla.59:C:\Documents and Settings\aasi\Application Data\Mozilla\Firefox\Profiles\1317fxqf.default\cookies.txt -> Spyware.Cookie.Trafficmp : Cleaned with backup
           :mozilla.60:C:\Documents and Settings\aasi\Application Data\Mozilla\Firefox\Profiles\1317fxqf.default\cookies.txt -> Spyware.Cookie.Trafficmp : Cleaned with backup
           :mozilla.61:C:\Documents and Settings\aasi\Application Data\Mozilla\Firefox\Profiles\1317fxqf.default\cookies.txt -> Spyware.Cookie.Trafficmp : Cleaned with backup
           :mozilla.62:C:\Documents and Settings\aasi\Application Data\Mozilla\Firefox\Profiles\1317fxqf.default\cookies.txt -> Spyware.Cookie.Trafficmp : Cleaned with backup
           :mozilla.63:C:\Documents and Settings\aasi\Application Data\Mozilla\Firefox\Profiles\1317fxqf.default\cookies.txt -> Spyware.Cookie.Trafficmp : Cleaned with backup
           :mozilla.64:C:\Documents and Settings\aasi\Application Data\Mozilla\Firefox\Profiles\1317fxqf.default\cookies.txt -> Spyware.Cookie.Trafficmp : Cleaned with backup
           :mozilla.66:C:\Documents and Settings\aasi\Application Data\Mozilla\Firefox\Profiles\1317fxqf.default\cookies.txt -> Spyware.Cookie.Tradedoubler : Cleaned with backup
           :mozilla.67:C:\Documents and Settings\aasi\Application Data\Mozilla\Firefox\Profiles\1317fxqf.default\cookies.txt -> Spyware.Cookie.Masterstats : Cleaned with backup
           :mozilla.69:C:\Documents and Settings\aasi\Application Data\Mozilla\Firefox\Profiles\1317fxqf.default\cookies.txt -> Spyware.Cookie.Googleadservices : Cleaned with backup
           :mozilla.72:C:\Documents and Settings\aasi\Application Data\Mozilla\Firefox\Profiles\1317fxqf.default\cookies.txt -> Spyware.Cookie.Overture : Cleaned with backup
           :mozilla.73:C:\Documents and Settings\aasi\Application Data\Mozilla\Firefox\Profiles\1317fxqf.default\cookies.txt -> Spyware.Cookie.Googleadservices : Cleaned with backup
           :mozilla.6:C:\Documents and Settings\aasi\Application Data\Phoenix\Profiles\default\2ppbnei9.slt\cookies.txt -> Spyware.Cookie.Sextracker : Cleaned with backup
           :mozilla.7:C:\Documents and Settings\aasi\Application Data\Phoenix\Profiles\default\2ppbnei9.slt\cookies.txt -> Spyware.Cookie.Sextracker : Cleaned with backup
           :mozilla.10:C:\Documents and Settings\aasi\Application Data\Phoenix\Profiles\default\2ppbnei9.slt\cookies.txt -> Spyware.Cookie.Sexlist : Cleaned with backup
           :mozilla.17:C:\Documents and Settings\aasi\Application Data\Phoenix\Profiles\default\2ppbnei9.slt\cookies.txt -> Spyware.Cookie.Atdmt : Cleaned with backup
           :mozilla.18:C:\Documents and Settings\aasi\Application Data\Phoenix\Profiles\default\2ppbnei9.slt\cookies.txt -> Spyware.Cookie.Yieldmanager : Cleaned with backup
           :mozilla.27:C:\Documents and Settings\aasi\Application Data\Phoenix\Profiles\default\2ppbnei9.slt\cookies.txt -> Spyware.Cookie.Adtech : Cleaned with backup
           :mozilla.28:C:\Documents and Settings\aasi\Application Data\Phoenix\Profiles\default\2ppbnei9.slt\cookies.txt -> Spyware.Cookie.Adtech : Cleaned with backup
           C:\Documents and Settings\aasi\Local Settings\Temp\Del1A.tmp -> Spyware.180Solutions : Cleaned with backup
           

        En ihmettele yhtään, WareOut on roskaimuri.
        Ja tuossa oli vaan enimmäkseen evästeitä, tuskin ne tärkeimmät ;)

        Fixaa HjT:llä:

        O3 - Toolbar: Zango Toolbar - {EA0D26BD-9029-431A-86E0-83152D67828A} - C:\Program Files\Zango Programs\Zango Toolbar\ZangoTB.dll (file missing)
        O4 - HKCU\..\Run: [Shellapi32] svcnet.exe
        O4 - HKCU\..\Run: [aupd] C:\WINDOWS\System32\sywsvcs.exe
        O16 - DPF: {8FCDF9D9-A28B-480F-8C3D-581F119A8AB8} (MediaGatewayX) - http://static.zangocash.com/cab/Zango/ie/bridge-c46.cab
        O17 - HKLM\System\CCS\Services\Tcpip\..\{345A921B-85B2-43B3-8796-2D25D83F5116}: NameServer = 85.255.114.30,85.255.112.85
        O17 - HKLM\System\CCS\Services\Tcpip\..\{49627008-FF73-4E29-AC14-6BDA0C2D350A}: NameServer = 85.255.114.30,85.255.112.85
        O17 - HKLM\System\CCS\Services\Tcpip\..\{6DFDDB90-0DB1-4A86-B091-0D549C864A8C}: NameServer = 85.255.114.30,85.255.112.85

        Käynnistä vikasietotilaan ja poista:

        C:\WINDOWS\SYSTEM32\==>CSIOL.EXEENCODEX.EXE
        http://www.funkytoad.com/download/hoster.zip

        Pura zippi ja tuplaklikkaa hoster.exe

        Paina "Restore original hosts" ja ok.

        Lähetä uusi HjT-loki.


      • ole koneella
        Fixaaja kirjoitti:

        En ihmettele yhtään, WareOut on roskaimuri.
        Ja tuossa oli vaan enimmäkseen evästeitä, tuskin ne tärkeimmät ;)

        Fixaa HjT:llä:

        O3 - Toolbar: Zango Toolbar - {EA0D26BD-9029-431A-86E0-83152D67828A} - C:\Program Files\Zango Programs\Zango Toolbar\ZangoTB.dll (file missing)
        O4 - HKCU\..\Run: [Shellapi32] svcnet.exe
        O4 - HKCU\..\Run: [aupd] C:\WINDOWS\System32\sywsvcs.exe
        O16 - DPF: {8FCDF9D9-A28B-480F-8C3D-581F119A8AB8} (MediaGatewayX) - http://static.zangocash.com/cab/Zango/ie/bridge-c46.cab
        O17 - HKLM\System\CCS\Services\Tcpip\..\{345A921B-85B2-43B3-8796-2D25D83F5116}: NameServer = 85.255.114.30,85.255.112.85
        O17 - HKLM\System\CCS\Services\Tcpip\..\{49627008-FF73-4E29-AC14-6BDA0C2D350A}: NameServer = 85.255.114.30,85.255.112.85
        O17 - HKLM\System\CCS\Services\Tcpip\..\{6DFDDB90-0DB1-4A86-B091-0D549C864A8C}: NameServer = 85.255.114.30,85.255.112.85

        Käynnistä vikasietotilaan ja poista:

        C:\WINDOWS\SYSTEM32\==>CSIOL.EXEENCODEX.EXE
        http://www.funkytoad.com/download/hoster.zip

        Pura zippi ja tuplaklikkaa hoster.exe

        Paina "Restore original hosts" ja ok.

        Lähetä uusi HjT-loki.

        tälläsia tiedostoja m
        C:\WINDOWS\SYSTEM32\==>CSIOL.EXEENCODEX.EXE


    Ketjusta on poistettu 0 sääntöjenvastaista viestiä.

    Luetuimmat keskustelut

    1. Kuka paiskasi vauvan betoniin Oulussa?

      Nimi esiin.....
      Oulu
      49
      3747
    2. Riikan kukkaronnyöri on umpisolmussa

      Kulutus ei lähde liikkeelle, koska kansalaiset eivät usko, että: – työpaikka säilyy – tulot eivät romahda – talous ei h
      Maailman menoa
      60
      3709
    3. Jos vedetään mutkat suoraksi?

      Niin kumpaan ryhmään kuulut? A) Niihin, jotka menevät edellä ja tekevät? Vai B) Niihin, jotka kulkevat perässä ja ar
      Sinkut
      106
      2841
    4. Tanskan malli perustuu korkeaan ansioturvaan

      Ja vahvoihin työllisyys- ja kotoutumispalveluihin. Suomessa Riikka on leikannut juuri näitä: palkkatukea, työttömyysturv
      Maailman menoa
      52
      2579
    5. Vain vasemmistolaiset ovat aitoja suomalaisia

      Esimerkiksi persut ovat ulkomaalaisen pääomasijoittajan edunvalvojia, eivät auta köyhiä suomalaisia.
      Maailman menoa
      54
      1973
    6. Epäily: Räppäri yritti tappaa vauvansa.

      https://www.mtvuutiset.fi/artikkeli/epaily-mies-yritti-tappaa-vauvansa/9300728 Tämä on erittäin järkyttävä teko täysin p
      Maailman menoa
      21
      1679
    7. Anteeksipyyntöni

      Jätän tähän anteeksipyyntöni sinulle, koska en voi sanoa sitä missään muuallakaan. Pyydän anteeksi, jos purkamani tuska
      Järki ja tunteet
      15
      1639
    8. Miten must tuntuu

      et sä ajattelet mua just nyt
      Ikävä
      32
      1503
    9. Sydämeni valtiaalle

      En täältä aio asioita kysellä. Haluan tuoda tiedoksesi, että pohjimmiltani en ihmisiä tahdo satuttaa ja ajattelen muiden
      Ikävä
      106
      1317
    10. Kun et vain tajua että

      sua lähestytään feikkiprofiililla :D Hanki aivot :D m-n
      Ikävä
      180
      1261
    Aihe