Onko täs jotai paskaa..alkaa kärsivällisyys mennä tähä netin pätkimiseen :/ Logfile of HijackThis v1.99.1 Scan saved at 11:12:38, on 7.3.2006 Platform: Windows XP SP1 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\System32\Ati2evxx.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe C:\Program Files\Alwil Software\Avast4\ashServ.exe C:\Program Files\ewido anti-malware\ewidoctrl.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\ZoneLabs\vsmon.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\Explorer.EXE C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe C:\Program Files\Alwil Software\Avast4\ashWebSv.exe C:\WINDOWS\System32\RunDll32.exe C:\Program Files\A-Link\RoadRunner 32\CnxDslTb.exe C:\Program Files\ATI Technologies\ATI.ACE\cli.exe C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe C:\Program Files\Winamp\winampa.exe C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe C:\WINDOWS\System32\ctfmon.exe C:\Program Files\ATI Multimedia\RemCtrl\ATIRW.EXE C:\Program Files\ATI Technologies\ATI.ACE\CLI.exe C:\WINDOWS\System32\rundll32.exe C:\Program Files\MSN Messenger\msnmsgr.exe C:\Program Files\The All-Seeing Eye\eye.exe C:\Program Files\ewido anti-malware\SecuritySuite.exe C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe C:\HJT\HijackThis.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://g.msn.fi/0SEFIFI/SAOS01 R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Linkit O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll O2 - BHO: ST - {9394EDE7-C8B5-483E-8773-474BF36AF6E4} - C:\Program Files\MSN Apps\ST\01.03.0000.1005\en-xu\stmain.dll O2 - BHO: MSNToolBandBHO - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\01.02.4000.1001\fi\msntb.dll O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\01.02.4000.1001\fi\msntb.dll O4 - HKLM\..\Run: [SiSUSBRG] C:\WINDOWS\SiSUSBrg.exe O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd O4 - HKLM\..\Run: [CnxDslTaskBar] C:\Program Files\A-Link\RoadRunner 32\CnxDslTb.exe O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_01\bin\jusched.exe O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" runtime O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe O4 - HKLM\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033 O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe O4 - HKLM\..\Run: [Zone Labs Client] C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe O4 - HKLM\..\Run: [USBToolTip] "C:\Program Files\Pinnacle\Shared Files\Programs\USBTip\USBTip.exe" O4 - HKLM\..\Run: [PinnacleDriverCheck] C:\WINDOWS\System32\PSDrvCheck.exe -CheckReg O4 - HKLM\..\Run: [Tweak UI] RUNDLL32.EXE TWEAKUI.CPL,TweakMeUp O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe O4 - HKCU\..\Run: [ATI Remote Control] C:\Program Files\ATI Multimedia\RemCtrl\ATIRW.EXE O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background O4 - Startup: PowerReg Scheduler.exe O4 - Startup: ubisoft register.lnk = C:\Program Files\Ubi Soft\Register\schedule.exe O4 - Startup: Xfire.lnk = C:\Program Files\Xfire\Xfire.exe O4 - Global Startup: ATI CATALYST System Tray.lnk = C:\Program Files\ATI Technologies\ATI.ACE\CLI.exe O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_01\bin\npjpi150_01.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_01\bin\npjpi150_01.dll O9 - Extra button: ATI TV - {44226DFF-747E-4edc-B30C-78752E50CD0C} - C:\Program Files\ATI Multimedia\tv\EXPLBAR.DLL O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE O9 - Extra 'Tools' menuitem: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE O10 - Broken Internet access because of LSP provider 'xfire_lsp_10650.dll' missing O16 - DPF: {9122D757-5A4F-4768-82C5-B4171D8556A7} (PhotoPickConvert Class) - http://appdirectory.messenger.msn.com/AppDirectory/P4Apps/PhotoSwap/PhtPkMSN.cab O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing) O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\System32\Ati2evxx.exe O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe O23 - Service: avast! Antivirus - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashServ.exe O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing) O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing) O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido anti-malware\ewidoctrl.exe O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe
Missäkähän vika... Loki näyttäisi olevan ihan puhdas. Kokeiles tuolla Ewidolla skannata koneesi kun sinulla se on? Sitten voit lähettää Ewidon raportin.
ewido anti-malware - Scan report --------------------------------------------------------- + Created on: 16:52:32, 7.3.2006 + Report-Checksum: 3DAFB65F + Scan result: :mozilla.11:C:\Documents and Settings\Juhis\Application Data\Mozilla\Firefox\Profiles\zue6d4h9.default\cookies.txt -> TrackingCookie.Tradedoubler : Cleaned with backup :mozilla.12:C:\Documents and Settings\Juhis\Application Data\Mozilla\Firefox\Profiles\zue6d4h9.default\cookies.txt -> TrackingCookie.Tradedoubler : Cleaned with backup :mozilla.13:C:\Documents and Settings\Juhis\Application Data\Mozilla\Firefox\Profiles\zue6d4h9.default\cookies.txt -> TrackingCookie.Burstnet : Cleaned with backup :mozilla.14:C:\Documents and Settings\Juhis\Application Data\Mozilla\Firefox\Profiles\zue6d4h9.default\cookies.txt -> TrackingCookie.Burstnet : Cleaned with backup :mozilla.22:C:\Documents and Settings\Juhis\Application Data\Mozilla\Firefox\Profiles\zue6d4h9.default\cookies.txt -> TrackingCookie.Googleadservices : Cleaned with backup C:\Documents and Settings\Juhis\Cookies\juhis@atdmt[1].txt -> TrackingCookie.Atdmt : Cleaned with backup ewido löytää nuo aina vaikka putsaan ne. Joskus hieman erinimisiä mut aina tuosta mozillast. Ja spybot löytää kaks örkkii aina...ne oli avenue a inc...joku semmone ja sit Doubleclick.
Nuo on keksejä joita ewido löysi. Eli ihan ok. Lataa SP2 koneelle: http://www.microsoft.com/downloads/...FamilyID=049c9dbe-3b8e-4f30-8245-9e368d3cdb5a Loki on minunkin mielestä ihan ok. Mutta jos haluat että noiden cookies-tiedostojen tulo loppuu niin lataa SpywareBlaster http://koti.mbnet.fi/pattaya1/spywareblaster.htm ja laita siihen lisätunnistepaketti, ohjeet samaisessa linkissä.
Spywareblaster tai sitten yksinkertaisesti hosts-tiedosto (http://mvps.org/winhelp2002/hosts.htm). Sieltä zip-tiedosto johonkin väliaikaiseen hakemistoon (esim. c:\temphost). Paketin purku ja mvps.bat -tiedoston ajo. Lopuksi luodun väliaikaishakemiston voi poistaa. Toimii kuin junan vessa.
