Työpöydän päälle on ilmestynyt punaisella pohjalla vilkkuva Danger Spyware....mitä tarkoittaa ja miten saan pois ??
Mistä/miten saan koneen loki tiedot tänne?
DANGER:SPYVARE
6
880
Vastaukset
- Fixaaja
Laita HjT-loki, ohjelman saat täältä -> http://koti.mbnet.fi/pattaya1/HijackThis.exe . Tallenna hakemistoon c:\hjt, käynnistä, klikkaa do a system scan and save a logfile ja lähetä loki tänne.
- ois se
Logfile of HijackThis v1.99.1
Scan saved at 18:12:57, on 12.12.2005
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\D-Tools\daemon.exe
C:\WINDOWS\System32\svcnet.exe
C:\WINDOWS\System32\sndcfg16.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\MediaGateway\MediaGateway.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\WINDOWS\System32\sywsvcs.exe
D:\Ohjelmat\InterVideo\Common\Bin\WinCinemaMgr.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\YWFzaQ\command.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\Explorer.EXE
E:\hämähäkkitorjuntaa\HIJACKTHIS\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.fi/
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = local.,
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Linkit
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: ST - {9394EDE7-C8B5-483E-8773-474BF36AF6E4} - C:\Program Files\MSN Apps\ST\01.03.0000.1005\en-xu\stmain.dll
O2 - BHO: MSNToolBandBHO - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\01.02.4000.1001\fi\msntb.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\system32\msdxm.ocx
O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\01.02.4000.1001\fi\msntb.dll
O3 - Toolbar: Zango Toolbar - {EA0D26BD-9029-431A-86E0-83152D67828A} - C:\Program Files\Zango Programs\Zango Toolbar\ZangoTB.dll
O4 - HKLM\..\Run: [AtiPTA] atiptaxx.exe
O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [DAEMON Tools-1033] "C:\Program Files\D-Tools\daemon.exe" -lang 1033
O4 - HKLM\..\Run: [Shellapi32] svcnet.exe
O4 - HKLM\..\Run: [WinProfile] sndcfg16.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [links] links.exe
O4 - HKLM\..\Run: [WinHound] C:\Program Files\WinHound\WinHound.exe
O4 - HKLM\..\Run: [yaemu.exe] C:\WINDOWS\System32\yaemu.exe
O4 - HKLM\..\Run: [MediaGateway] C:\Program Files\MediaGateway\MediaGateway.exe
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\RunServices: [WinProfile] sndcfg16.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [Shellapi32] svcnet.exe
O4 - HKCU\..\Run: [Steam] E:\pelit\hl2\\Steam.exe -silent
O4 - HKCU\..\Run: [aupd] C:\WINDOWS\System32\sywsvcs.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: InterVideo WinCinema Manager.lnk = D:\Ohjelmat\InterVideo\Common\Bin\WinCinemaMgr.exe
O8 - Extra context menu item: Vie Microsoft E&xceliin - res://D:\Ohjelmat\MICROS~1\Office10\EXCEL.EXE/3000
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O10 - Unknown file in Winsock LSP: c:\program files\bonjour\mdnsnsp.dll
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupdate.microsoft.com/v5consumer/V5Controls/en/x86/client/wuweb_site.cab?1102938678674
O16 - DPF: {8FCDF9D9-A28B-480F-8C3D-581F119A8AB8} (MediaGatewayX) - http://static.zangocash.com/cab/Zango/ie/bridge-c46.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{345A921B-85B2-43B3-8796-2D25D83F5116}: NameServer = 85.255.114.30,85.255.112.85
O17 - HKLM\System\CCS\Services\Tcpip\..\{49627008-FF73-4E29-AC14-6BDA0C2D350A}: NameServer = 85.255.114.30,85.255.112.85
O17 - HKLM\System\CCS\Services\Tcpip\..\{6DFDDB90-0DB1-4A86-B091-0D549C864A8C}: NameServer = 85.255.114.30,85.255.112.85
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Bonjour-palvelu (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Command Service (cmdService) - Unknown owner - C:\WINDOWS\YWFzaQ\command.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: RadClock - Unknown owner - C:\WINDOWS\system32\RadClock.exe - Fixaaja
ois se kirjoitti:
Logfile of HijackThis v1.99.1
Scan saved at 18:12:57, on 12.12.2005
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\D-Tools\daemon.exe
C:\WINDOWS\System32\svcnet.exe
C:\WINDOWS\System32\sndcfg16.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\MediaGateway\MediaGateway.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\WINDOWS\System32\sywsvcs.exe
D:\Ohjelmat\InterVideo\Common\Bin\WinCinemaMgr.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\YWFzaQ\command.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\Explorer.EXE
E:\hämähäkkitorjuntaa\HIJACKTHIS\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.fi/
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = local.,
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Linkit
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: ST - {9394EDE7-C8B5-483E-8773-474BF36AF6E4} - C:\Program Files\MSN Apps\ST\01.03.0000.1005\en-xu\stmain.dll
O2 - BHO: MSNToolBandBHO - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\01.02.4000.1001\fi\msntb.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\system32\msdxm.ocx
O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\01.02.4000.1001\fi\msntb.dll
O3 - Toolbar: Zango Toolbar - {EA0D26BD-9029-431A-86E0-83152D67828A} - C:\Program Files\Zango Programs\Zango Toolbar\ZangoTB.dll
O4 - HKLM\..\Run: [AtiPTA] atiptaxx.exe
O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [DAEMON Tools-1033] "C:\Program Files\D-Tools\daemon.exe" -lang 1033
O4 - HKLM\..\Run: [Shellapi32] svcnet.exe
O4 - HKLM\..\Run: [WinProfile] sndcfg16.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [links] links.exe
O4 - HKLM\..\Run: [WinHound] C:\Program Files\WinHound\WinHound.exe
O4 - HKLM\..\Run: [yaemu.exe] C:\WINDOWS\System32\yaemu.exe
O4 - HKLM\..\Run: [MediaGateway] C:\Program Files\MediaGateway\MediaGateway.exe
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\RunServices: [WinProfile] sndcfg16.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [Shellapi32] svcnet.exe
O4 - HKCU\..\Run: [Steam] E:\pelit\hl2\\Steam.exe -silent
O4 - HKCU\..\Run: [aupd] C:\WINDOWS\System32\sywsvcs.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: InterVideo WinCinema Manager.lnk = D:\Ohjelmat\InterVideo\Common\Bin\WinCinemaMgr.exe
O8 - Extra context menu item: Vie Microsoft E&xceliin - res://D:\Ohjelmat\MICROS~1\Office10\EXCEL.EXE/3000
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O10 - Unknown file in Winsock LSP: c:\program files\bonjour\mdnsnsp.dll
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupdate.microsoft.com/v5consumer/V5Controls/en/x86/client/wuweb_site.cab?1102938678674
O16 - DPF: {8FCDF9D9-A28B-480F-8C3D-581F119A8AB8} (MediaGatewayX) - http://static.zangocash.com/cab/Zango/ie/bridge-c46.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{345A921B-85B2-43B3-8796-2D25D83F5116}: NameServer = 85.255.114.30,85.255.112.85
O17 - HKLM\System\CCS\Services\Tcpip\..\{49627008-FF73-4E29-AC14-6BDA0C2D350A}: NameServer = 85.255.114.30,85.255.112.85
O17 - HKLM\System\CCS\Services\Tcpip\..\{6DFDDB90-0DB1-4A86-B091-0D549C864A8C}: NameServer = 85.255.114.30,85.255.112.85
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Bonjour-palvelu (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Command Service (cmdService) - Unknown owner - C:\WINDOWS\YWFzaQ\command.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: RadClock - Unknown owner - C:\WINDOWS\system32\RadClock.exePoista lisää/poista sovellus-kohdasta, jos näkyy:
Media Gateway
WinHound
Zango Toolbar
Fixaa HjT:llä (do a system scan only, merkkaa ja paina fix checked):
O3 - Toolbar: Zango Toolbar - {EA0D26BD-9029-431A-86E0-83152D67828A} - C:\Program Files\Zango Programs\Zango Toolbar\ZangoTB.dll
O4 - HKLM\..\Run: [Shellapi32] svcnet.exe
O4 - HKLM\..\Run: [WinProfile] sndcfg16.exe
O4 - HKLM\..\Run: [links] links.exe
O4 - HKLM\..\Run: [WinHound] C:\Program Files\WinHound\WinHound.exe
O4 - HKLM\..\Run: [yaemu.exe] C:\WINDOWS\System32\yaemu.exe
O4 - HKLM\..\Run: [MediaGateway] C:\Program Files\MediaGateway\MediaGateway.exe
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\RunServices: [WinProfile] sndcfg16.exe
O4 - HKCU\..\Run: [Shellapi32] svcnet.exe
O4 - HKCU\..\Run: [aupd] C:\WINDOWS\System32\sywsvcs.exe
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm http://static.zangocash.com/cab/Zango/ie/bridge-c46.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{345A921B-85B2-43B3-8796-2D25D83F5116}: NameServer = 85.255.114.30,85.255.112.85
O17 - HKLM\System\CCS\Services\Tcpip\..\{49627008-FF73-4E29-AC14-6BDA0C2D350A}: NameServer = 85.255.114.30,85.255.112.85
O17 - HKLM\System\CCS\Services\Tcpip\..\{6DFDDB90-0DB1-4A86-B091-0D549C864A8C}: NameServer = 85.255.114.30,85.255.112.85
O23 - Service: Command Service (cmdService) - Unknown owner - C:\WINDOWS\YWFzaQ\command.exe
Sitten käynnistä -> suorita -> services.msc.
Etsi listalta Command Service, tuplaklikkaa, paina seis ja valitse käynnistymistavaksi ei käytössä.
Laita piilotiedostot näkyviin, ohje ->
http://keskustelu.afterdawn.com/thread_view.cfm/248944
Hae fixwareout -> http://downloads.subratam.org/Fixwareout.exe
Tallenna johonkin hakemistoon ja käynnistä se. Seuraa ohjeita, käynnistä kone uudestaan kun fixi pyytää sitä. Fixi avaa HjT:n. Sulje se.
Hae ewido -> http://www.ewido.net/en/download
Asenna ja päivitä.
Käynnistä vikasietotilaan (F8 käynnistyksen yhteydessä)
Poista nämä:
C:\Program Files\==>MediaGatewaysywsvcs.exeZango ProgramsYWFzaQ - uus logi
Fixaaja kirjoitti:
Poista lisää/poista sovellus-kohdasta, jos näkyy:
Media Gateway
WinHound
Zango Toolbar
Fixaa HjT:llä (do a system scan only, merkkaa ja paina fix checked):
O3 - Toolbar: Zango Toolbar - {EA0D26BD-9029-431A-86E0-83152D67828A} - C:\Program Files\Zango Programs\Zango Toolbar\ZangoTB.dll
O4 - HKLM\..\Run: [Shellapi32] svcnet.exe
O4 - HKLM\..\Run: [WinProfile] sndcfg16.exe
O4 - HKLM\..\Run: [links] links.exe
O4 - HKLM\..\Run: [WinHound] C:\Program Files\WinHound\WinHound.exe
O4 - HKLM\..\Run: [yaemu.exe] C:\WINDOWS\System32\yaemu.exe
O4 - HKLM\..\Run: [MediaGateway] C:\Program Files\MediaGateway\MediaGateway.exe
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\RunServices: [WinProfile] sndcfg16.exe
O4 - HKCU\..\Run: [Shellapi32] svcnet.exe
O4 - HKCU\..\Run: [aupd] C:\WINDOWS\System32\sywsvcs.exe
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm http://static.zangocash.com/cab/Zango/ie/bridge-c46.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{345A921B-85B2-43B3-8796-2D25D83F5116}: NameServer = 85.255.114.30,85.255.112.85
O17 - HKLM\System\CCS\Services\Tcpip\..\{49627008-FF73-4E29-AC14-6BDA0C2D350A}: NameServer = 85.255.114.30,85.255.112.85
O17 - HKLM\System\CCS\Services\Tcpip\..\{6DFDDB90-0DB1-4A86-B091-0D549C864A8C}: NameServer = 85.255.114.30,85.255.112.85
O23 - Service: Command Service (cmdService) - Unknown owner - C:\WINDOWS\YWFzaQ\command.exe
Sitten käynnistä -> suorita -> services.msc.
Etsi listalta Command Service, tuplaklikkaa, paina seis ja valitse käynnistymistavaksi ei käytössä.
Laita piilotiedostot näkyviin, ohje ->
http://keskustelu.afterdawn.com/thread_view.cfm/248944
Hae fixwareout -> http://downloads.subratam.org/Fixwareout.exe
Tallenna johonkin hakemistoon ja käynnistä se. Seuraa ohjeita, käynnistä kone uudestaan kun fixi pyytää sitä. Fixi avaa HjT:n. Sulje se.
Hae ewido -> http://www.ewido.net/en/download
Asenna ja päivitä.
Käynnistä vikasietotilaan (F8 käynnistyksen yhteydessä)
Poista nämä:
C:\Program Files\==>MediaGatewaysywsvcs.exeZango ProgramsYWFzaQtiedosto:
Logfile of HijackThis v1.99.1
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\QuickTime\qttask.exe
D:\Ohjelmat\InterVideo\Common\Bin\WinCinemaMgr.exe
C:\Program Files\ewido\security suite\ewidoctrl.exe
C:\Program Files\ewido\security suite\ewidoguard.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\NOTEPAD.EXE
E:\hämähäkkitorjuntaa\HIJACKTHIS\HijackThis.exe
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = local.,
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Linkit
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: ST - {9394EDE7-C8B5-483E-8773-474BF36AF6E4} - C:\Program Files\MSN Apps\ST\01.03.0000.1005\en-xu\stmain.dll
O2 - BHO: MSNToolBandBHO - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\01.02.4000.1001\fi\msntb.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\system32\msdxm.ocx
O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\01.02.4000.1001\fi\msntb.dll
O3 - Toolbar: Zango Toolbar - {EA0D26BD-9029-431A-86E0-83152D67828A} - C:\Program Files\Zango Programs\Zango Toolbar\ZangoTB.dll (file missing)
O4 - HKLM\..\Run: [AtiPTA] atiptaxx.exe
O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [DAEMON Tools-1033] "C:\Program Files\D-Tools\daemon.exe" -lang 1033
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [Shellapi32] svcnet.exe
O4 - HKCU\..\Run: [Steam] E:\pelit\hl2\\Steam.exe -silent
O4 - HKCU\..\Run: [aupd] C:\WINDOWS\System32\sywsvcs.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: InterVideo WinCinema Manager.lnk = D:\Ohjelmat\InterVideo\Common\Bin\WinCinemaMgr.exe
O8 - Extra context menu item: Vie Microsoft E&xceliin - res://D:\Ohjelmat\MICROS~1\Office10\EXCEL.EXE/3000
O10 - Unknown file in Winsock LSP: c:\program files\bonjour\mdnsnsp.dll
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupdate.microsoft.com/v5consumer/V5Controls/en/x86/client/wuweb_site.cab?1102938678674
O16 - DPF: {8FCDF9D9-A28B-480F-8C3D-581F119A8AB8} (MediaGatewayX) - http://static.zangocash.com/cab/Zango/ie/bridge-c46.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{345A921B-85B2-43B3-8796-2D25D83F5116}: NameServer = 85.255.114.30,85.255.112.85
O17 - HKLM\System\CCS\Services\Tcpip\..\{49627008-FF73-4E29-AC14-6BDA0C2D350A}: NameServer = 85.255.114.30,85.255.112.85
O17 - HKLM\System\CCS\Services\Tcpip\..\{6DFDDB90-0DB1-4A86-B091-0D549C864A8C}: NameServer = 85.255.114.30,85.255.112.85
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Bonjour-palvelu (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido\security suite\ewidoctrl.exe
O23 - Service: ewido security suite guard - ewido networks - C:\Program Files\ewido\security suite\ewidoguard.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: RadClock - Unknown owner - C:\WINDOWS\system32\RadClock.exe
----------------------------------------------
------------------------------------------------
------------------------------------------------
===>:Fixwareout ver 1.003
Last edited
Post this report in the forums please
Reg Entries that were deleted
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\repiwoh
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Urls\repiwoh
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Urls\ypszr
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Urls\daolnwodi
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Urls\x0brks
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Urls\lavinraCputeS
PLEASE NOTE THAT ALL FILES FOUND BY THIS METHOD ARE NOT BAD FILES, There WILL be LEGIT FILES LISTED. IF YOU ARE UNSURE OF WHAT IT IS LEAVE THEM ALONE.
»»»»» Search by size and names...
C:\WINDOWS\SYSTEM32\CSIOL.EXE
C:\WINDOWS\SYSTEM32\ENCODEX.EXE
»»»»» Misc files
»»»»» Checking for older varients covered by the Rem3 tool
---------------------------------------------------------------------------------------------------------------------------------------------------
EWIDO LÖYSI JOTAIN 3000 saastunutta tiedostoa. mutta en viittiny kaikkia laittaa tänne...tässä tärkeimmät.
ewido security suite - Scan report
---------------------------------------------------------
Created on:
Report-Checksum:
Scan result:
HKLM\SOFTWARE\Classes\CLSID\{357A87ED-3E5D-437d-B334-DEB7EB4982A3} -> Trojan.Agent.eo : Cleaned with backup
HKLM\SOFTWARE\Microsoft\Internet Explorer\Extensions\{c95fe080-8f5d-11d2-a20b-00aa003c157a} -> Spyware.Alexa : Cleaned with backup
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Internet Update\{357A87ED-3E5D-437d-B334-DEB7EB4982A3} -> Trojan.Agent.eo : Cleaned with backup
:mozilla.7:C:\Documents and Settings\aasi\Application Data\Mozilla\Firefox\Profiles\1317fxqf.default\cookies.txt -> Spyware.Cookie.Atdmt : Cleaned with backup
:mozilla.17:C:\Documents and Settings\aasi\Application Data\Mozilla\Firefox\Profiles\1317fxqf.default\cookies.txt -> Spyware.Cookie.Statcounter : Cleaned with backup
:mozilla.19:C:\Documents and Settings\aasi\Application Data\Mozilla\Firefox\Profiles\1317fxqf.default\cookies.txt -> Spyware.Cookie.Statcounter : Cleaned with backup
:mozilla.38:C:\Documents and Settings\aasi\Application Data\Mozilla\Firefox\Profiles\1317fxqf.default\cookies.txt -> Spyware.Cookie.Spylog : Cleaned with backup
:mozilla.46:C:\Documents and Settings\aasi\Application Data\Mozilla\Firefox\Profiles\1317fxqf.default\cookies.txt -> Spyware.Cookie.Tribalfusion : Cleaned with backup
:mozilla.48:C:\Documents and Settings\aasi\Application Data\Mozilla\Firefox\Profiles\1317fxqf.default\cookies.txt -> Spyware.Cookie.Yieldmanager : Cleaned with backup
:mozilla.49:C:\Documents and Settings\aasi\Application Data\Mozilla\Firefox\Profiles\1317fxqf.default\cookies.txt -> Spyware.Cookie.Yieldmanager : Cleaned with backup
:mozilla.50:C:\Documents and Settings\aasi\Application Data\Mozilla\Firefox\Profiles\1317fxqf.default\cookies.txt -> Spyware.Cookie.Yieldmanager : Cleaned with backup
:mozilla.51:C:\Documents and Settings\aasi\Application Data\Mozilla\Firefox\Profiles\1317fxqf.default\cookies.txt -> Spyware.Cookie.Yieldmanager : Cleaned with backup
:mozilla.52:C:\Documents and Settings\aasi\Application Data\Mozilla\Firefox\Profiles\1317fxqf.default\cookies.txt -> Spyware.Cookie.Targetnet : Cleaned with backup
:mozilla.53:C:\Documents and Settings\aasi\Application Data\Mozilla\Firefox\Profiles\1317fxqf.default\cookies.txt -> Spyware.Cookie.Yieldmanager : Cleaned with backup
:mozilla.54:C:\Documents and Settings\aasi\Application Data\Mozilla\Firefox\Profiles\1317fxqf.default\cookies.txt -> Spyware.Cookie.Casalemedia : Cleaned with backup
:mozilla.55:C:\Documents and Settings\aasi\Application Data\Mozilla\Firefox\Profiles\1317fxqf.default\cookies.txt -> Spyware.Cookie.Casalemedia : Cleaned with backup
:mozilla.56:C:\Documents and Settings\aasi\Application Data\Mozilla\Firefox\Profiles\1317fxqf.default\cookies.txt -> Spyware.Cookie.Casalemedia : Cleaned with backup
:mozilla.58:C:\Documents and Settings\aasi\Application Data\Mozilla\Firefox\Profiles\1317fxqf.default\cookies.txt -> Spyware.Cookie.Trafficmp : Cleaned with backup
:mozilla.59:C:\Documents and Settings\aasi\Application Data\Mozilla\Firefox\Profiles\1317fxqf.default\cookies.txt -> Spyware.Cookie.Trafficmp : Cleaned with backup
:mozilla.60:C:\Documents and Settings\aasi\Application Data\Mozilla\Firefox\Profiles\1317fxqf.default\cookies.txt -> Spyware.Cookie.Trafficmp : Cleaned with backup
:mozilla.61:C:\Documents and Settings\aasi\Application Data\Mozilla\Firefox\Profiles\1317fxqf.default\cookies.txt -> Spyware.Cookie.Trafficmp : Cleaned with backup
:mozilla.62:C:\Documents and Settings\aasi\Application Data\Mozilla\Firefox\Profiles\1317fxqf.default\cookies.txt -> Spyware.Cookie.Trafficmp : Cleaned with backup
:mozilla.63:C:\Documents and Settings\aasi\Application Data\Mozilla\Firefox\Profiles\1317fxqf.default\cookies.txt -> Spyware.Cookie.Trafficmp : Cleaned with backup
:mozilla.64:C:\Documents and Settings\aasi\Application Data\Mozilla\Firefox\Profiles\1317fxqf.default\cookies.txt -> Spyware.Cookie.Trafficmp : Cleaned with backup
:mozilla.66:C:\Documents and Settings\aasi\Application Data\Mozilla\Firefox\Profiles\1317fxqf.default\cookies.txt -> Spyware.Cookie.Tradedoubler : Cleaned with backup
:mozilla.67:C:\Documents and Settings\aasi\Application Data\Mozilla\Firefox\Profiles\1317fxqf.default\cookies.txt -> Spyware.Cookie.Masterstats : Cleaned with backup
:mozilla.69:C:\Documents and Settings\aasi\Application Data\Mozilla\Firefox\Profiles\1317fxqf.default\cookies.txt -> Spyware.Cookie.Googleadservices : Cleaned with backup
:mozilla.72:C:\Documents and Settings\aasi\Application Data\Mozilla\Firefox\Profiles\1317fxqf.default\cookies.txt -> Spyware.Cookie.Overture : Cleaned with backup
:mozilla.73:C:\Documents and Settings\aasi\Application Data\Mozilla\Firefox\Profiles\1317fxqf.default\cookies.txt -> Spyware.Cookie.Googleadservices : Cleaned with backup
:mozilla.6:C:\Documents and Settings\aasi\Application Data\Phoenix\Profiles\default\2ppbnei9.slt\cookies.txt -> Spyware.Cookie.Sextracker : Cleaned with backup
:mozilla.7:C:\Documents and Settings\aasi\Application Data\Phoenix\Profiles\default\2ppbnei9.slt\cookies.txt -> Spyware.Cookie.Sextracker : Cleaned with backup
:mozilla.10:C:\Documents and Settings\aasi\Application Data\Phoenix\Profiles\default\2ppbnei9.slt\cookies.txt -> Spyware.Cookie.Sexlist : Cleaned with backup
:mozilla.17:C:\Documents and Settings\aasi\Application Data\Phoenix\Profiles\default\2ppbnei9.slt\cookies.txt -> Spyware.Cookie.Atdmt : Cleaned with backup
:mozilla.18:C:\Documents and Settings\aasi\Application Data\Phoenix\Profiles\default\2ppbnei9.slt\cookies.txt -> Spyware.Cookie.Yieldmanager : Cleaned with backup
:mozilla.27:C:\Documents and Settings\aasi\Application Data\Phoenix\Profiles\default\2ppbnei9.slt\cookies.txt -> Spyware.Cookie.Adtech : Cleaned with backup
:mozilla.28:C:\Documents and Settings\aasi\Application Data\Phoenix\Profiles\default\2ppbnei9.slt\cookies.txt -> Spyware.Cookie.Adtech : Cleaned with backup
C:\Documents and Settings\aasi\Local Settings\Temp\Del1A.tmp -> Spyware.180Solutions : Cleaned with backup
- Fixaaja
uus logi kirjoitti:
tiedosto:
Logfile of HijackThis v1.99.1
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\QuickTime\qttask.exe
D:\Ohjelmat\InterVideo\Common\Bin\WinCinemaMgr.exe
C:\Program Files\ewido\security suite\ewidoctrl.exe
C:\Program Files\ewido\security suite\ewidoguard.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\NOTEPAD.EXE
E:\hämähäkkitorjuntaa\HIJACKTHIS\HijackThis.exe
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = local.,
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Linkit
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: ST - {9394EDE7-C8B5-483E-8773-474BF36AF6E4} - C:\Program Files\MSN Apps\ST\01.03.0000.1005\en-xu\stmain.dll
O2 - BHO: MSNToolBandBHO - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\01.02.4000.1001\fi\msntb.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\system32\msdxm.ocx
O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\01.02.4000.1001\fi\msntb.dll
O3 - Toolbar: Zango Toolbar - {EA0D26BD-9029-431A-86E0-83152D67828A} - C:\Program Files\Zango Programs\Zango Toolbar\ZangoTB.dll (file missing)
O4 - HKLM\..\Run: [AtiPTA] atiptaxx.exe
O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [DAEMON Tools-1033] "C:\Program Files\D-Tools\daemon.exe" -lang 1033
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [Shellapi32] svcnet.exe
O4 - HKCU\..\Run: [Steam] E:\pelit\hl2\\Steam.exe -silent
O4 - HKCU\..\Run: [aupd] C:\WINDOWS\System32\sywsvcs.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: InterVideo WinCinema Manager.lnk = D:\Ohjelmat\InterVideo\Common\Bin\WinCinemaMgr.exe
O8 - Extra context menu item: Vie Microsoft E&xceliin - res://D:\Ohjelmat\MICROS~1\Office10\EXCEL.EXE/3000
O10 - Unknown file in Winsock LSP: c:\program files\bonjour\mdnsnsp.dll
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupdate.microsoft.com/v5consumer/V5Controls/en/x86/client/wuweb_site.cab?1102938678674
O16 - DPF: {8FCDF9D9-A28B-480F-8C3D-581F119A8AB8} (MediaGatewayX) - http://static.zangocash.com/cab/Zango/ie/bridge-c46.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{345A921B-85B2-43B3-8796-2D25D83F5116}: NameServer = 85.255.114.30,85.255.112.85
O17 - HKLM\System\CCS\Services\Tcpip\..\{49627008-FF73-4E29-AC14-6BDA0C2D350A}: NameServer = 85.255.114.30,85.255.112.85
O17 - HKLM\System\CCS\Services\Tcpip\..\{6DFDDB90-0DB1-4A86-B091-0D549C864A8C}: NameServer = 85.255.114.30,85.255.112.85
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Bonjour-palvelu (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido\security suite\ewidoctrl.exe
O23 - Service: ewido security suite guard - ewido networks - C:\Program Files\ewido\security suite\ewidoguard.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: RadClock - Unknown owner - C:\WINDOWS\system32\RadClock.exe
----------------------------------------------
------------------------------------------------
------------------------------------------------
===>:Fixwareout ver 1.003
Last edited
Post this report in the forums please
Reg Entries that were deleted
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\repiwoh
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Urls\repiwoh
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Urls\ypszr
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Urls\daolnwodi
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Urls\x0brks
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Urls\lavinraCputeS
PLEASE NOTE THAT ALL FILES FOUND BY THIS METHOD ARE NOT BAD FILES, There WILL be LEGIT FILES LISTED. IF YOU ARE UNSURE OF WHAT IT IS LEAVE THEM ALONE.
»»»»» Search by size and names...
C:\WINDOWS\SYSTEM32\CSIOL.EXE
C:\WINDOWS\SYSTEM32\ENCODEX.EXE
»»»»» Misc files
»»»»» Checking for older varients covered by the Rem3 tool
---------------------------------------------------------------------------------------------------------------------------------------------------
EWIDO LÖYSI JOTAIN 3000 saastunutta tiedostoa. mutta en viittiny kaikkia laittaa tänne...tässä tärkeimmät.
ewido security suite - Scan report
---------------------------------------------------------
Created on:
Report-Checksum:
Scan result:
HKLM\SOFTWARE\Classes\CLSID\{357A87ED-3E5D-437d-B334-DEB7EB4982A3} -> Trojan.Agent.eo : Cleaned with backup
HKLM\SOFTWARE\Microsoft\Internet Explorer\Extensions\{c95fe080-8f5d-11d2-a20b-00aa003c157a} -> Spyware.Alexa : Cleaned with backup
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Internet Update\{357A87ED-3E5D-437d-B334-DEB7EB4982A3} -> Trojan.Agent.eo : Cleaned with backup
:mozilla.7:C:\Documents and Settings\aasi\Application Data\Mozilla\Firefox\Profiles\1317fxqf.default\cookies.txt -> Spyware.Cookie.Atdmt : Cleaned with backup
:mozilla.17:C:\Documents and Settings\aasi\Application Data\Mozilla\Firefox\Profiles\1317fxqf.default\cookies.txt -> Spyware.Cookie.Statcounter : Cleaned with backup
:mozilla.19:C:\Documents and Settings\aasi\Application Data\Mozilla\Firefox\Profiles\1317fxqf.default\cookies.txt -> Spyware.Cookie.Statcounter : Cleaned with backup
:mozilla.38:C:\Documents and Settings\aasi\Application Data\Mozilla\Firefox\Profiles\1317fxqf.default\cookies.txt -> Spyware.Cookie.Spylog : Cleaned with backup
:mozilla.46:C:\Documents and Settings\aasi\Application Data\Mozilla\Firefox\Profiles\1317fxqf.default\cookies.txt -> Spyware.Cookie.Tribalfusion : Cleaned with backup
:mozilla.48:C:\Documents and Settings\aasi\Application Data\Mozilla\Firefox\Profiles\1317fxqf.default\cookies.txt -> Spyware.Cookie.Yieldmanager : Cleaned with backup
:mozilla.49:C:\Documents and Settings\aasi\Application Data\Mozilla\Firefox\Profiles\1317fxqf.default\cookies.txt -> Spyware.Cookie.Yieldmanager : Cleaned with backup
:mozilla.50:C:\Documents and Settings\aasi\Application Data\Mozilla\Firefox\Profiles\1317fxqf.default\cookies.txt -> Spyware.Cookie.Yieldmanager : Cleaned with backup
:mozilla.51:C:\Documents and Settings\aasi\Application Data\Mozilla\Firefox\Profiles\1317fxqf.default\cookies.txt -> Spyware.Cookie.Yieldmanager : Cleaned with backup
:mozilla.52:C:\Documents and Settings\aasi\Application Data\Mozilla\Firefox\Profiles\1317fxqf.default\cookies.txt -> Spyware.Cookie.Targetnet : Cleaned with backup
:mozilla.53:C:\Documents and Settings\aasi\Application Data\Mozilla\Firefox\Profiles\1317fxqf.default\cookies.txt -> Spyware.Cookie.Yieldmanager : Cleaned with backup
:mozilla.54:C:\Documents and Settings\aasi\Application Data\Mozilla\Firefox\Profiles\1317fxqf.default\cookies.txt -> Spyware.Cookie.Casalemedia : Cleaned with backup
:mozilla.55:C:\Documents and Settings\aasi\Application Data\Mozilla\Firefox\Profiles\1317fxqf.default\cookies.txt -> Spyware.Cookie.Casalemedia : Cleaned with backup
:mozilla.56:C:\Documents and Settings\aasi\Application Data\Mozilla\Firefox\Profiles\1317fxqf.default\cookies.txt -> Spyware.Cookie.Casalemedia : Cleaned with backup
:mozilla.58:C:\Documents and Settings\aasi\Application Data\Mozilla\Firefox\Profiles\1317fxqf.default\cookies.txt -> Spyware.Cookie.Trafficmp : Cleaned with backup
:mozilla.59:C:\Documents and Settings\aasi\Application Data\Mozilla\Firefox\Profiles\1317fxqf.default\cookies.txt -> Spyware.Cookie.Trafficmp : Cleaned with backup
:mozilla.60:C:\Documents and Settings\aasi\Application Data\Mozilla\Firefox\Profiles\1317fxqf.default\cookies.txt -> Spyware.Cookie.Trafficmp : Cleaned with backup
:mozilla.61:C:\Documents and Settings\aasi\Application Data\Mozilla\Firefox\Profiles\1317fxqf.default\cookies.txt -> Spyware.Cookie.Trafficmp : Cleaned with backup
:mozilla.62:C:\Documents and Settings\aasi\Application Data\Mozilla\Firefox\Profiles\1317fxqf.default\cookies.txt -> Spyware.Cookie.Trafficmp : Cleaned with backup
:mozilla.63:C:\Documents and Settings\aasi\Application Data\Mozilla\Firefox\Profiles\1317fxqf.default\cookies.txt -> Spyware.Cookie.Trafficmp : Cleaned with backup
:mozilla.64:C:\Documents and Settings\aasi\Application Data\Mozilla\Firefox\Profiles\1317fxqf.default\cookies.txt -> Spyware.Cookie.Trafficmp : Cleaned with backup
:mozilla.66:C:\Documents and Settings\aasi\Application Data\Mozilla\Firefox\Profiles\1317fxqf.default\cookies.txt -> Spyware.Cookie.Tradedoubler : Cleaned with backup
:mozilla.67:C:\Documents and Settings\aasi\Application Data\Mozilla\Firefox\Profiles\1317fxqf.default\cookies.txt -> Spyware.Cookie.Masterstats : Cleaned with backup
:mozilla.69:C:\Documents and Settings\aasi\Application Data\Mozilla\Firefox\Profiles\1317fxqf.default\cookies.txt -> Spyware.Cookie.Googleadservices : Cleaned with backup
:mozilla.72:C:\Documents and Settings\aasi\Application Data\Mozilla\Firefox\Profiles\1317fxqf.default\cookies.txt -> Spyware.Cookie.Overture : Cleaned with backup
:mozilla.73:C:\Documents and Settings\aasi\Application Data\Mozilla\Firefox\Profiles\1317fxqf.default\cookies.txt -> Spyware.Cookie.Googleadservices : Cleaned with backup
:mozilla.6:C:\Documents and Settings\aasi\Application Data\Phoenix\Profiles\default\2ppbnei9.slt\cookies.txt -> Spyware.Cookie.Sextracker : Cleaned with backup
:mozilla.7:C:\Documents and Settings\aasi\Application Data\Phoenix\Profiles\default\2ppbnei9.slt\cookies.txt -> Spyware.Cookie.Sextracker : Cleaned with backup
:mozilla.10:C:\Documents and Settings\aasi\Application Data\Phoenix\Profiles\default\2ppbnei9.slt\cookies.txt -> Spyware.Cookie.Sexlist : Cleaned with backup
:mozilla.17:C:\Documents and Settings\aasi\Application Data\Phoenix\Profiles\default\2ppbnei9.slt\cookies.txt -> Spyware.Cookie.Atdmt : Cleaned with backup
:mozilla.18:C:\Documents and Settings\aasi\Application Data\Phoenix\Profiles\default\2ppbnei9.slt\cookies.txt -> Spyware.Cookie.Yieldmanager : Cleaned with backup
:mozilla.27:C:\Documents and Settings\aasi\Application Data\Phoenix\Profiles\default\2ppbnei9.slt\cookies.txt -> Spyware.Cookie.Adtech : Cleaned with backup
:mozilla.28:C:\Documents and Settings\aasi\Application Data\Phoenix\Profiles\default\2ppbnei9.slt\cookies.txt -> Spyware.Cookie.Adtech : Cleaned with backup
C:\Documents and Settings\aasi\Local Settings\Temp\Del1A.tmp -> Spyware.180Solutions : Cleaned with backup
En ihmettele yhtään, WareOut on roskaimuri.
Ja tuossa oli vaan enimmäkseen evästeitä, tuskin ne tärkeimmät ;)
Fixaa HjT:llä:
O3 - Toolbar: Zango Toolbar - {EA0D26BD-9029-431A-86E0-83152D67828A} - C:\Program Files\Zango Programs\Zango Toolbar\ZangoTB.dll (file missing)
O4 - HKCU\..\Run: [Shellapi32] svcnet.exe
O4 - HKCU\..\Run: [aupd] C:\WINDOWS\System32\sywsvcs.exe
O16 - DPF: {8FCDF9D9-A28B-480F-8C3D-581F119A8AB8} (MediaGatewayX) - http://static.zangocash.com/cab/Zango/ie/bridge-c46.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{345A921B-85B2-43B3-8796-2D25D83F5116}: NameServer = 85.255.114.30,85.255.112.85
O17 - HKLM\System\CCS\Services\Tcpip\..\{49627008-FF73-4E29-AC14-6BDA0C2D350A}: NameServer = 85.255.114.30,85.255.112.85
O17 - HKLM\System\CCS\Services\Tcpip\..\{6DFDDB90-0DB1-4A86-B091-0D549C864A8C}: NameServer = 85.255.114.30,85.255.112.85
Käynnistä vikasietotilaan ja poista:
C:\WINDOWS\SYSTEM32\==>CSIOL.EXEENCODEX.EXE
http://www.funkytoad.com/download/hoster.zip
Pura zippi ja tuplaklikkaa hoster.exe
Paina "Restore original hosts" ja ok.
Lähetä uusi HjT-loki. - ole koneella
Fixaaja kirjoitti:
En ihmettele yhtään, WareOut on roskaimuri.
Ja tuossa oli vaan enimmäkseen evästeitä, tuskin ne tärkeimmät ;)
Fixaa HjT:llä:
O3 - Toolbar: Zango Toolbar - {EA0D26BD-9029-431A-86E0-83152D67828A} - C:\Program Files\Zango Programs\Zango Toolbar\ZangoTB.dll (file missing)
O4 - HKCU\..\Run: [Shellapi32] svcnet.exe
O4 - HKCU\..\Run: [aupd] C:\WINDOWS\System32\sywsvcs.exe
O16 - DPF: {8FCDF9D9-A28B-480F-8C3D-581F119A8AB8} (MediaGatewayX) - http://static.zangocash.com/cab/Zango/ie/bridge-c46.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{345A921B-85B2-43B3-8796-2D25D83F5116}: NameServer = 85.255.114.30,85.255.112.85
O17 - HKLM\System\CCS\Services\Tcpip\..\{49627008-FF73-4E29-AC14-6BDA0C2D350A}: NameServer = 85.255.114.30,85.255.112.85
O17 - HKLM\System\CCS\Services\Tcpip\..\{6DFDDB90-0DB1-4A86-B091-0D549C864A8C}: NameServer = 85.255.114.30,85.255.112.85
Käynnistä vikasietotilaan ja poista:
C:\WINDOWS\SYSTEM32\==>CSIOL.EXEENCODEX.EXE
http://www.funkytoad.com/download/hoster.zip
Pura zippi ja tuplaklikkaa hoster.exe
Paina "Restore original hosts" ja ok.
Lähetä uusi HjT-loki.tälläsia tiedostoja m
C:\WINDOWS\SYSTEM32\==>CSIOL.EXEENCODEX.EXE
Ketjusta on poistettu 0 sääntöjenvastaista viestiä.
Luetuimmat keskustelut
Mihin Ilkka Kanerva kuoli?
Kun näin jokin aika sitten kuvan riutuneen näköisestä Kanervasta, sanoin vaimolle että haimasyövältä vaikuttaa. Vaimon isä oli kuollut kyseiseen tauti40330893Martinan lapset JÄLLEEN valjastettu valkopesureiksi
Ei tuo nainen todellakaan täysillä käy. Vauvakin tajuaa että kysymykset ja vastaukset ovat Martinan itsensä tekemiä, lapset vastaa mitä on käsketty. J4764215Sofia Belorf ja Sonja Aiello
Viihtyvät yhdessä dinnerillä. Pienet piirit. Mitä ajatuksia herättää ?972735Stefu LOISTAVAA!
Ilmeisesti joku vedonlyönti tms, selvinpäin-elämästä👍👍👍 ilmankos ei ole Sofiaa näkynyt. Miten tän parin nyt käy, kun viimi ei maksettuna enää virta1331901Teille, Venäjällä pelottelijat
Oletatteko ja väitättekö te, että Venäjä pystyisi tuosta vain miehittämään Suomen?5911670- 861596
Kakista se ulos nainen vihdoin viimein
Että haluat, kummatkin halutaan. Otan sinut kuumaan syleilyyn sitten.751570Ujostuttaa eräs aikuinen mies...
Mitä se tämmönen on... tuo mies aiheuttaa minulle ylimääräsiä tykytyksiä... Rohkeampana pyytäsin häntä ulos mut jospa hän... Miten mun vaistot ilmoit591506Jos me käytäs nainen
Ulkona niin mitkä olisi ne kolme asiaa joita tahtoisit kysyä tai kertoa minulle?721250