Örkki

Leenukka

TrojanDownloader.Win32.Swizzor
Koneellani on tollanen örkki, F-Secure nimesi sen uudelleen, riittääkä nimeäminen?
Laitan varalta tuon login, jos joku vois sitä vaikka vilkaista, että onko kaikki kunnossa vai ei!?

Logfile of HijackThis v1.99.1
Scan saved at 13:52:26, on 17.10.2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\Sonera Tietoturva\Common\FSM32.EXE
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\HP\HP Share-to-Web\hpgs2wnd.exe
C:\Program Files\Microsoft AntiSpyware\gcasServ.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Java\jre1.5.0_01\bin\jusched.exe
C:\Program Files\HP\hpcoretech\hpcmpmgr.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Winamp\winampa.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Netscape\Netscape\Netscp.exe
C:\Program Files\Siemens Data Suite SX1\SDS\SDSScheduler.exe
C:\Program Files\VIA\RAID\raid_tool.exe
C:\Program Files\HP\HP Share-to-Web\hpgs2wnf.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\PROGRA~1\SONERA~1\backweb\4436233\Program\SERVIC~1.EXE
C:\Program Files\Sonera Tietoturva\Anti-Virus\fsgk32st.exe
C:\Program Files\HP\hpcoretech\comp\hptskmgr.exe
C:\Program Files\Sonera Tietoturva\Anti-Virus\FSGK32.EXE
C:\Program Files\Sonera Tietoturva\backweb\4436233\Program\fspex.exe
C:\Program Files\Sonera Tietoturva\Anti-Virus\fssm32.exe
C:\Program Files\Sonera Tietoturva\backweb\4436233\program\fsbwsys.exe
C:\Program Files\Sonera Tietoturva\Common\FSMA32.EXE
C:\Program Files\Microsoft AntiSpyware\gcasDtServ.exe
C:\Program Files\Sonera Tietoturva\Common\FSMB32.EXE
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\wdfmgr.exe
C:\Program Files\Sonera Tietoturva\Common\FCH32.EXE
C:\Program Files\Sonera Tietoturva\Common\FAMEH32.EXE
C:\Program Files\Sonera Tietoturva\FSPC\fspc.exe
C:\Program Files\Sonera Tietoturva\Anti-Virus\fsav32.exe
C:\Program Files\Sonera Tietoturva\FSPC\fshttps\fshttps.exe
C:\Program Files\Sonera Tietoturva\FWES\Program\fsdfwd.exe
C:\WINDOWS\System32\alg.exe
C:\Program Files\Sonera Tietoturva\FSGUI\fsguiexe.exe
C:\PROGRA~1\SIEMEN~1\SDS\SPHONE~2.EXE
C:\PROGRA~1\Symbian\Shared\SYMBIA~1\SYMBIA~1.EXE
C:\PROGRA~1\Symbian\Shared\SYMBIA~1\SCBAL.exe
C:\PROGRA~1\Intuwave\Shared\MROUTE~1\MROUTE~2.EXE
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Adobe\Acrobat 6.0\Reader\AcroRd32.exe
C:\WINDOWS\system32\wisptis.exe
C:\Hijatec\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://home.netscape.com/home/winsearch.html
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://soneraplaza.fi/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://home.netscape.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://home.netscape.com/home/winsearch.html
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://soneraplaza.fi/
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://keyword.netscape.com/keyword/%s
R1 - HKLM\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://keyword.netscape.com/keyword/%s
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Linkit
O2 - BHO: Yahoo! Companion BHO - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\ycomp5_5_7_0.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O3 - Toolbar: Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\ycomp5_5_7_0.dll
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\System32\NeroCheck.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [F-Secure Manager] "C:\Program Files\Sonera Tietoturva\Common\FSM32.EXE" /splash
O4 - HKLM\..\Run: [F-Secure TNB] "C:\Program Files\Sonera Tietoturva\TNB\TNBUtil.exe" /CHECKALL /WAITFORSW
O4 - HKLM\..\Run: [News Service] "C:\Program Files\Sonera Tietoturva\FSGUI\ispnews.exe"
O4 - HKLM\..\Run: [HP Software Update] "C:\Program Files\HP\HP Software Update\HPWuSchd2.exe"
O4 - HKLM\..\Run: [Share-to-Web Namespace Daemon] C:\Program Files\HP\HP Share-to-Web\hpgs2wnd.exe
O4 - HKLM\..\Run: [gcasServ] "C:\Program Files\Microsoft AntiSpyware\gcasServ.exe"
O4 - HKLM\..\Run: [THGuard] "C:\Program Files\TrojanHunter 4.2\THGuard.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_01\bin\jusched.exe
O4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [AOL Instant Messenger (TM)] C:\Program Files\Netscape\Communicator\Program\AIM\aim.exe -cnetwait.odl
O4 - HKCU\..\Run: [Mozilla Quick Launch] "C:\Program Files\Netscape\Netscape\Netscp.exe" -turbo
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: NewShortcut35.lnk = C:\Program Files\Siemens Data Suite SX1\SDS\SDSScheduler.exe
O4 - Global Startup: RAID Tool.lnk = C:\Program Files\VIA\RAID\raid_tool.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_01\bin\npjpi150_01.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_01\bin\npjpi150_01.dll
O9 - Extra button: Web-suodatin - {200DB664-75B5-47c0-8B45-A44ACCF73C00} - C:\Program Files\Sonera Tietoturva\FSPC\fspcmsie.dll
O9 - Extra button: (no name) - {200DB664-75B5-47c0-8B45-A44ACCF73F01} - C:\Program Files\Sonera Tietoturva\FSPC\fspcmsie.dll
O9 - Extra 'Tools' menuitem: Näytä &Web-sivuluettelo... - {200DB664-75B5-47c0-8B45-A44ACCF73F01} - C:\Program Files\Sonera Tietoturva\FSPC\fspcmsie.dll
O9 - Extra button: (no name) - {200DB664-75B5-47c0-8B45-A44ACCF73F02} - C:\Program Files\Sonera Tietoturva\FSPC\fspcmsie.dll
O9 - Extra 'Tools' menuitem: &Keskeytä Web-sivujen suodatus - {200DB664-75B5-47c0-8B45-A44ACCF73F02} - C:\Program Files\Sonera Tietoturva\FSPC\fspcmsie.dll
O9 - Extra button: (no name) - {200DB664-75B5-47c0-8B45-A44ACCF73F03} - C:\Program Files\Sonera Tietoturva\FSPC\fspcmsie.dll
O9 - Extra 'Tools' menuitem: &Kiellä tämä Web-sivusto - {200DB664-75B5-47c0-8B45-A44ACCF73F03} - C:\Program Files\Sonera Tietoturva\FSPC\fspcmsie.dll
O9 - Extra button: (no name) - {200DB664-75B5-47c0-8B45-A44ACCF73F04} - C:\Program Files\Sonera Tietoturva\FSPC\fspcmsie.dll
O9 - Extra 'Tools' menuitem: &Salli tämä Web-sivusto - {200DB664-75B5-47c0-8B45-A44ACCF73F04} - C:\Program Files\Sonera Tietoturva\FSPC\fspcmsie.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .swf: C:\Program Files\Netscape\Communicator\Program\PLUGINS\npswf32.dll
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Sonera Tietoturva (BackWeb Plug-in - 4436233) - Unknown owner - C:\PROGRA~1\SONERA~1\backweb\4436233\Program\SERVIC~1.EXE
O23 - Service: F-Secure Gatekeeper Handler Starter - F-Secure Corp. - C:\Program Files\Sonera Tietoturva\Anti-Virus\fsgk32st.exe
O23 - Service: fsbwsys - F-Secure Corp. - C:\Program Files\Sonera Tietoturva\backweb\4436233\program\fsbwsys.exe
O23 - Service: F-Secure Anti-Virus Firewall Daemon (FSDFWD) - F-Secure Corporation - C:\Program Files\Sonera Tietoturva\FWES\Program\fsdfwd.exe
O23 - Service: F-Secure HTTP Server (fshttps) - F-Secure Corporation - C:\Program Files\Sonera Tietoturva\FSPC\fshttps\fshttps.exe
O23 - Service: F-Secure Management Agent (FSMA) - F-Secure Corporation - C:\Program Files\Sonera Tietoturva\Common\FSMA32.EXE
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\HPZipm12.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - Unknown owner - %ProgramFiles%\WinPcap\rpcapd.exe" -d -f "%ProgramFiles%\WinPcap\rpcapd.ini (file missing)

7

254

    Vastaukset

    Anonyymi (Kirjaudu / Rekisteröidy)
    5000
    • näyttää olevan
    • puhistus

      http://koti.mbnet.fi/pattaya1/escanmwav.htm

      Lataa, asenna, päivitä, laitta täpit merkkauksien mukaan ja scannaa.

      jos alaikkunan tulee jotain niin laita se virukset kopioiden näin

      Ctrl c

      avaa wordpad

      Ctrl v

      Kopioi sitten se tallennus wordpatista tänne.

      • puhistus

        maalaat sen alaikkunan virukset.


    • logia tänne

      logia tänne kun kerkiät.

      • Leenukka

        Tässä tulos E-Scanilta:
        File C:\WINDOWS\pludll.exe tagged as not-a-virus:AdWare.Win32.Webdir.a. No Action Taken

        Ja Tässä HjT:n Logi:

        Logfile of HijackThis v1.99.1
        Scan saved at 19:24:09, on 17.10.2005
        Platform: Windows XP SP2 (WinNT 5.01.2600)
        MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

        Running processes:
        C:\WINDOWS\System32\smss.exe
        C:\WINDOWS\system32\csrss.exe
        C:\WINDOWS\system32\winlogon.exe
        C:\WINDOWS\system32\services.exe
        C:\WINDOWS\system32\lsass.exe
        C:\WINDOWS\system32\svchost.exe
        C:\WINDOWS\system32\svchost.exe
        C:\WINDOWS\System32\svchost.exe
        C:\WINDOWS\System32\svchost.exe
        C:\WINDOWS\System32\svchost.exe
        C:\WINDOWS\system32\spoolsv.exe
        C:\WINDOWS\Explorer.EXE
        C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
        C:\WINDOWS\SOUNDMAN.EXE
        C:\Program Files\Sonera Tietoturva\Common\FSM32.EXE
        C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
        C:\Program Files\HP\HP Share-to-Web\hpgs2wnd.exe
        C:\Program Files\Microsoft AntiSpyware\gcasServ.exe
        C:\Program Files\QuickTime\qttask.exe
        C:\Program Files\Java\jre1.5.0_01\bin\jusched.exe
        C:\Program Files\HP\hpcoretech\hpcmpmgr.exe
        C:\Program Files\Common Files\Real\Update_OB\realsched.exe
        C:\Program Files\Winamp\winampa.exe
        C:\WINDOWS\system32\ctfmon.exe
        C:\Program Files\Messenger\msmsgs.exe
        C:\Program Files\Netscape\Netscape\Netscp.exe
        C:\Program Files\Siemens Data Suite SX1\SDS\SDSScheduler.exe
        C:\Program Files\VIA\RAID\raid_tool.exe
        C:\Program Files\WinZip\WZQKPICK.EXE
        C:\Program Files\HP\HP Share-to-Web\hpgs2wnf.exe
        C:\Program Files\HP\hpcoretech\comp\hptskmgr.exe
        C:\Program Files\Microsoft AntiSpyware\gcasDtServ.exe
        C:\WINDOWS\System32\Ati2evxx.exe
        C:\PROGRA~1\SONERA~1\backweb\4436233\Program\SERVIC~1.EXE
        C:\Program Files\Sonera Tietoturva\Anti-Virus\fsgk32st.exe
        C:\Program Files\Sonera Tietoturva\backweb\4436233\Program\fspex.exe
        C:\Program Files\Sonera Tietoturva\Anti-Virus\FSGK32.EXE
        C:\Program Files\Sonera Tietoturva\Anti-Virus\fssm32.exe
        C:\Program Files\Sonera Tietoturva\backweb\4436233\program\fsbwsys.exe
        C:\Program Files\Sonera Tietoturva\Common\FSMA32.EXE
        C:\Program Files\Sonera Tietoturva\Common\FSMB32.EXE
        C:\WINDOWS\System32\svchost.exe
        C:\Program Files\Sonera Tietoturva\Common\FCH32.EXE
        C:\WINDOWS\system32\wdfmgr.exe
        C:\Program Files\Sonera Tietoturva\Common\FAMEH32.EXE
        C:\Program Files\Sonera Tietoturva\FSPC\fspc.exe
        C:\Program Files\Sonera Tietoturva\Anti-Virus\fsav32.exe
        C:\WINDOWS\system32\msiexec.exe
        C:\Program Files\Sonera Tietoturva\FSPC\fshttps\fshttps.exe
        C:\Program Files\Sonera Tietoturva\FWES\Program\fsdfwd.exe
        C:\WINDOWS\System32\alg.exe
        C:\Program Files\Sonera Tietoturva\FSGUI\fsguiexe.exe
        C:\PROGRA~1\SIEMEN~1\SDS\SPHONE~2.EXE
        C:\PROGRA~1\Symbian\Shared\SYMBIA~1\SYMBIA~1.EXE
        C:\PROGRA~1\Symbian\Shared\SYMBIA~1\SCBAL.exe
        C:\PROGRA~1\Intuwave\Shared\MROUTE~1\MROUTE~2.EXE
        C:\WINDOWS\system32\wuauclt.exe
        C:\Program Files\Mozilla Firefox\firefox.exe
        C:\WINDOWS\system32\NOTEPAD.EXE
        C:\Hijatec\HijackThis.exe

        R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://home.netscape.com/home/winsearch.html
        R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://soneraplaza.fi/
        R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://home.netscape.com
        R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://home.netscape.com/home/winsearch.html
        R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://soneraplaza.fi/
        R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://keyword.netscape.com/keyword/%s
        R1 - HKLM\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://keyword.netscape.com/keyword/%s
        R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
        R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Linkit
        O2 - BHO: Yahoo! Companion BHO - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\ycomp5_5_7_0.dll
        O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
        O3 - Toolbar: Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\ycomp5_5_7_0.dll
        O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
        O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\System32\NeroCheck.exe
        O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
        O4 - HKLM\..\Run: [F-Secure Manager] "C:\Program Files\Sonera Tietoturva\Common\FSM32.EXE" /splash
        O4 - HKLM\..\Run: [F-Secure TNB] "C:\Program Files\Sonera Tietoturva\TNB\TNBUtil.exe" /CHECKALL /WAITFORSW
        O4 - HKLM\..\Run: [News Service] "C:\Program Files\Sonera Tietoturva\FSGUI\ispnews.exe"
        O4 - HKLM\..\Run: [HP Software Update] "C:\Program Files\HP\HP Software Update\HPWuSchd2.exe"
        O4 - HKLM\..\Run: [Share-to-Web Namespace Daemon] C:\Program Files\HP\HP Share-to-Web\hpgs2wnd.exe
        O4 - HKLM\..\Run: [gcasServ] "C:\Program Files\Microsoft AntiSpyware\gcasServ.exe"
        O4 - HKLM\..\Run: [THGuard] "C:\Program Files\TrojanHunter 4.2\THGuard.exe"
        O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
        O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_01\bin\jusched.exe
        O4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe"
        O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
        O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe
        O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
        O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
        O4 - HKCU\..\Run: [AOL Instant Messenger (TM)] C:\Program Files\Netscape\Communicator\Program\AIM\aim.exe -cnetwait.odl
        O4 - HKCU\..\Run: [Mozilla Quick Launch] "C:\Program Files\Netscape\Netscape\Netscp.exe" -turbo
        O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
        O4 - Global Startup: NewShortcut35.lnk = C:\Program Files\Siemens Data Suite SX1\SDS\SDSScheduler.exe
        O4 - Global Startup: RAID Tool.lnk = C:\Program Files\VIA\RAID\raid_tool.exe
        O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE
        O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_01\bin\npjpi150_01.dll
        O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_01\bin\npjpi150_01.dll
        O9 - Extra button: Web-suodatin - {200DB664-75B5-47c0-8B45-A44ACCF73C00} - C:\Program Files\Sonera Tietoturva\FSPC\fspcmsie.dll
        O9 - Extra button: (no name) - {200DB664-75B5-47c0-8B45-A44ACCF73F01} - C:\Program Files\Sonera Tietoturva\FSPC\fspcmsie.dll
        O9 - Extra 'Tools' menuitem: Näytä &Web-sivuluettelo... - {200DB664-75B5-47c0-8B45-A44ACCF73F01} - C:\Program Files\Sonera Tietoturva\FSPC\fspcmsie.dll
        O9 - Extra button: (no name) - {200DB664-75B5-47c0-8B45-A44ACCF73F02} - C:\Program Files\Sonera Tietoturva\FSPC\fspcmsie.dll
        O9 - Extra 'Tools' menuitem: &Keskeytä Web-sivujen suodatus - {200DB664-75B5-47c0-8B45-A44ACCF73F02} - C:\Program Files\Sonera Tietoturva\FSPC\fspcmsie.dll
        O9 - Extra button: (no name) - {200DB664-75B5-47c0-8B45-A44ACCF73F03} - C:\Program Files\Sonera Tietoturva\FSPC\fspcmsie.dll
        O9 - Extra 'Tools' menuitem: &Kiellä tämä Web-sivusto - {200DB664-75B5-47c0-8B45-A44ACCF73F03} - C:\Program Files\Sonera Tietoturva\FSPC\fspcmsie.dll
        O9 - Extra button: (no name) - {200DB664-75B5-47c0-8B45-A44ACCF73F04} - C:\Program Files\Sonera Tietoturva\FSPC\fspcmsie.dll
        O9 - Extra 'Tools' menuitem: &Salli tämä Web-sivusto - {200DB664-75B5-47c0-8B45-A44ACCF73F04} - C:\Program Files\Sonera Tietoturva\FSPC\fspcmsie.dll
        O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
        O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
        O12 - Plugin for .swf: C:\Program Files\Netscape\Communicator\Program\PLUGINS\npswf32.dll
        O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
        O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\System32\Ati2evxx.exe
        O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
        O23 - Service: Sonera Tietoturva (BackWeb Plug-in - 4436233) - Unknown owner - C:\PROGRA~1\SONERA~1\backweb\4436233\Program\SERVIC~1.EXE
        O23 - Service: F-Secure Gatekeeper Handler Starter - F-Secure Corp. - C:\Program Files\Sonera Tietoturva\Anti-Virus\fsgk32st.exe
        O23 - Service: fsbwsys - F-Secure Corp. - C:\Program Files\Sonera Tietoturva\backweb\4436233\program\fsbwsys.exe
        O23 - Service: F-Secure Anti-Virus Firewall Daemon (FSDFWD) - F-Secure Corporation - C:\Program Files\Sonera Tietoturva\FWES\Program\fsdfwd.exe
        O23 - Service: F-Secure HTTP Server (fshttps) - F-Secure Corporation - C:\Program Files\Sonera Tietoturva\FSPC\fshttps\fshttps.exe
        O23 - Service: F-Secure Management Agent (FSMA) - F-Secure Corporation - C:\Program Files\Sonera Tietoturva\Common\FSMA32.EXE
        O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\HPZipm12.exe
        O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - Unknown owner - %ProgramFiles%\WinPcap\rpcapd.exe" -d -f "%ProgramFiles%\WinPcap\rpcapd.ini (file missing)


      • Juu
        Leenukka kirjoitti:

        Tässä tulos E-Scanilta:
        File C:\WINDOWS\pludll.exe tagged as not-a-virus:AdWare.Win32.Webdir.a. No Action Taken

        Ja Tässä HjT:n Logi:

        Logfile of HijackThis v1.99.1
        Scan saved at 19:24:09, on 17.10.2005
        Platform: Windows XP SP2 (WinNT 5.01.2600)
        MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

        Running processes:
        C:\WINDOWS\System32\smss.exe
        C:\WINDOWS\system32\csrss.exe
        C:\WINDOWS\system32\winlogon.exe
        C:\WINDOWS\system32\services.exe
        C:\WINDOWS\system32\lsass.exe
        C:\WINDOWS\system32\svchost.exe
        C:\WINDOWS\system32\svchost.exe
        C:\WINDOWS\System32\svchost.exe
        C:\WINDOWS\System32\svchost.exe
        C:\WINDOWS\System32\svchost.exe
        C:\WINDOWS\system32\spoolsv.exe
        C:\WINDOWS\Explorer.EXE
        C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
        C:\WINDOWS\SOUNDMAN.EXE
        C:\Program Files\Sonera Tietoturva\Common\FSM32.EXE
        C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
        C:\Program Files\HP\HP Share-to-Web\hpgs2wnd.exe
        C:\Program Files\Microsoft AntiSpyware\gcasServ.exe
        C:\Program Files\QuickTime\qttask.exe
        C:\Program Files\Java\jre1.5.0_01\bin\jusched.exe
        C:\Program Files\HP\hpcoretech\hpcmpmgr.exe
        C:\Program Files\Common Files\Real\Update_OB\realsched.exe
        C:\Program Files\Winamp\winampa.exe
        C:\WINDOWS\system32\ctfmon.exe
        C:\Program Files\Messenger\msmsgs.exe
        C:\Program Files\Netscape\Netscape\Netscp.exe
        C:\Program Files\Siemens Data Suite SX1\SDS\SDSScheduler.exe
        C:\Program Files\VIA\RAID\raid_tool.exe
        C:\Program Files\WinZip\WZQKPICK.EXE
        C:\Program Files\HP\HP Share-to-Web\hpgs2wnf.exe
        C:\Program Files\HP\hpcoretech\comp\hptskmgr.exe
        C:\Program Files\Microsoft AntiSpyware\gcasDtServ.exe
        C:\WINDOWS\System32\Ati2evxx.exe
        C:\PROGRA~1\SONERA~1\backweb\4436233\Program\SERVIC~1.EXE
        C:\Program Files\Sonera Tietoturva\Anti-Virus\fsgk32st.exe
        C:\Program Files\Sonera Tietoturva\backweb\4436233\Program\fspex.exe
        C:\Program Files\Sonera Tietoturva\Anti-Virus\FSGK32.EXE
        C:\Program Files\Sonera Tietoturva\Anti-Virus\fssm32.exe
        C:\Program Files\Sonera Tietoturva\backweb\4436233\program\fsbwsys.exe
        C:\Program Files\Sonera Tietoturva\Common\FSMA32.EXE
        C:\Program Files\Sonera Tietoturva\Common\FSMB32.EXE
        C:\WINDOWS\System32\svchost.exe
        C:\Program Files\Sonera Tietoturva\Common\FCH32.EXE
        C:\WINDOWS\system32\wdfmgr.exe
        C:\Program Files\Sonera Tietoturva\Common\FAMEH32.EXE
        C:\Program Files\Sonera Tietoturva\FSPC\fspc.exe
        C:\Program Files\Sonera Tietoturva\Anti-Virus\fsav32.exe
        C:\WINDOWS\system32\msiexec.exe
        C:\Program Files\Sonera Tietoturva\FSPC\fshttps\fshttps.exe
        C:\Program Files\Sonera Tietoturva\FWES\Program\fsdfwd.exe
        C:\WINDOWS\System32\alg.exe
        C:\Program Files\Sonera Tietoturva\FSGUI\fsguiexe.exe
        C:\PROGRA~1\SIEMEN~1\SDS\SPHONE~2.EXE
        C:\PROGRA~1\Symbian\Shared\SYMBIA~1\SYMBIA~1.EXE
        C:\PROGRA~1\Symbian\Shared\SYMBIA~1\SCBAL.exe
        C:\PROGRA~1\Intuwave\Shared\MROUTE~1\MROUTE~2.EXE
        C:\WINDOWS\system32\wuauclt.exe
        C:\Program Files\Mozilla Firefox\firefox.exe
        C:\WINDOWS\system32\NOTEPAD.EXE
        C:\Hijatec\HijackThis.exe

        R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://home.netscape.com/home/winsearch.html
        R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://soneraplaza.fi/
        R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://home.netscape.com
        R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://home.netscape.com/home/winsearch.html
        R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://soneraplaza.fi/
        R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://keyword.netscape.com/keyword/%s
        R1 - HKLM\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://keyword.netscape.com/keyword/%s
        R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
        R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Linkit
        O2 - BHO: Yahoo! Companion BHO - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\ycomp5_5_7_0.dll
        O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
        O3 - Toolbar: Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\ycomp5_5_7_0.dll
        O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
        O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\System32\NeroCheck.exe
        O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
        O4 - HKLM\..\Run: [F-Secure Manager] "C:\Program Files\Sonera Tietoturva\Common\FSM32.EXE" /splash
        O4 - HKLM\..\Run: [F-Secure TNB] "C:\Program Files\Sonera Tietoturva\TNB\TNBUtil.exe" /CHECKALL /WAITFORSW
        O4 - HKLM\..\Run: [News Service] "C:\Program Files\Sonera Tietoturva\FSGUI\ispnews.exe"
        O4 - HKLM\..\Run: [HP Software Update] "C:\Program Files\HP\HP Software Update\HPWuSchd2.exe"
        O4 - HKLM\..\Run: [Share-to-Web Namespace Daemon] C:\Program Files\HP\HP Share-to-Web\hpgs2wnd.exe
        O4 - HKLM\..\Run: [gcasServ] "C:\Program Files\Microsoft AntiSpyware\gcasServ.exe"
        O4 - HKLM\..\Run: [THGuard] "C:\Program Files\TrojanHunter 4.2\THGuard.exe"
        O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
        O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_01\bin\jusched.exe
        O4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe"
        O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
        O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe
        O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
        O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
        O4 - HKCU\..\Run: [AOL Instant Messenger (TM)] C:\Program Files\Netscape\Communicator\Program\AIM\aim.exe -cnetwait.odl
        O4 - HKCU\..\Run: [Mozilla Quick Launch] "C:\Program Files\Netscape\Netscape\Netscp.exe" -turbo
        O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
        O4 - Global Startup: NewShortcut35.lnk = C:\Program Files\Siemens Data Suite SX1\SDS\SDSScheduler.exe
        O4 - Global Startup: RAID Tool.lnk = C:\Program Files\VIA\RAID\raid_tool.exe
        O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE
        O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_01\bin\npjpi150_01.dll
        O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_01\bin\npjpi150_01.dll
        O9 - Extra button: Web-suodatin - {200DB664-75B5-47c0-8B45-A44ACCF73C00} - C:\Program Files\Sonera Tietoturva\FSPC\fspcmsie.dll
        O9 - Extra button: (no name) - {200DB664-75B5-47c0-8B45-A44ACCF73F01} - C:\Program Files\Sonera Tietoturva\FSPC\fspcmsie.dll
        O9 - Extra 'Tools' menuitem: Näytä &Web-sivuluettelo... - {200DB664-75B5-47c0-8B45-A44ACCF73F01} - C:\Program Files\Sonera Tietoturva\FSPC\fspcmsie.dll
        O9 - Extra button: (no name) - {200DB664-75B5-47c0-8B45-A44ACCF73F02} - C:\Program Files\Sonera Tietoturva\FSPC\fspcmsie.dll
        O9 - Extra 'Tools' menuitem: &Keskeytä Web-sivujen suodatus - {200DB664-75B5-47c0-8B45-A44ACCF73F02} - C:\Program Files\Sonera Tietoturva\FSPC\fspcmsie.dll
        O9 - Extra button: (no name) - {200DB664-75B5-47c0-8B45-A44ACCF73F03} - C:\Program Files\Sonera Tietoturva\FSPC\fspcmsie.dll
        O9 - Extra 'Tools' menuitem: &Kiellä tämä Web-sivusto - {200DB664-75B5-47c0-8B45-A44ACCF73F03} - C:\Program Files\Sonera Tietoturva\FSPC\fspcmsie.dll
        O9 - Extra button: (no name) - {200DB664-75B5-47c0-8B45-A44ACCF73F04} - C:\Program Files\Sonera Tietoturva\FSPC\fspcmsie.dll
        O9 - Extra 'Tools' menuitem: &Salli tämä Web-sivusto - {200DB664-75B5-47c0-8B45-A44ACCF73F04} - C:\Program Files\Sonera Tietoturva\FSPC\fspcmsie.dll
        O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
        O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
        O12 - Plugin for .swf: C:\Program Files\Netscape\Communicator\Program\PLUGINS\npswf32.dll
        O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
        O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\System32\Ati2evxx.exe
        O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
        O23 - Service: Sonera Tietoturva (BackWeb Plug-in - 4436233) - Unknown owner - C:\PROGRA~1\SONERA~1\backweb\4436233\Program\SERVIC~1.EXE
        O23 - Service: F-Secure Gatekeeper Handler Starter - F-Secure Corp. - C:\Program Files\Sonera Tietoturva\Anti-Virus\fsgk32st.exe
        O23 - Service: fsbwsys - F-Secure Corp. - C:\Program Files\Sonera Tietoturva\backweb\4436233\program\fsbwsys.exe
        O23 - Service: F-Secure Anti-Virus Firewall Daemon (FSDFWD) - F-Secure Corporation - C:\Program Files\Sonera Tietoturva\FWES\Program\fsdfwd.exe
        O23 - Service: F-Secure HTTP Server (fshttps) - F-Secure Corporation - C:\Program Files\Sonera Tietoturva\FSPC\fshttps\fshttps.exe
        O23 - Service: F-Secure Management Agent (FSMA) - F-Secure Corporation - C:\Program Files\Sonera Tietoturva\Common\FSMA32.EXE
        O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\HPZipm12.exe
        O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - Unknown owner - %ProgramFiles%\WinPcap\rpcapd.exe" -d -f "%ProgramFiles%\WinPcap\rpcapd.ini (file missing)

        Hijack logi on ok.
        Poista tuo vikasietotilassa

        C:\WINDOWS\pludll.exe


      • Leenukka
        Juu kirjoitti:

        Hijack logi on ok.
        Poista tuo vikasietotilassa

        C:\WINDOWS\pludll.exe

        Kiitos taas kerran avuista!


    Ketjusta on poistettu 0 sääntöjenvastaista viestiä.

    Luetuimmat keskustelut

    1. en vaan saa häntä pois

      Mielestäni pyörimästä. Onko kellekään toiselle käynyt näin? Ihastuin pakkomielteisesti noin vuosi sitten erääseen naiseen. Ei vaan katoa mielestä va
      Ikävä
      176
      2134
    2. Suomi24 kysely: ihmisten kuplautumista ei pääosin koeta vakavaksi ongelmaksi

      “Kuplautumista on mahdotonta estää. Ihmiset ovat aina viihtyneet samankaltaiset arvot ja maailmankatsomuksen jakavassa seurassa ja muodostaneet sen pe
      Suomi24 Blogi ★
      36
      1756
    3. Ohhoh! Glamourmalli Elena, 29, teetti tiimalasivartalon - Vei rahaa ja tuotti tuskaa - Katso kuvat!

      Transtaustainen glamourmalli Elena Vikström on käynyt vuosien ajan plastiikkakirurgisissa toimenpiteissä. Tästä näet lopputuloksen: https://www.suomi
      Kotimaiset julkkisjuorut
      11
      1479
    4. Ostiko Martina uuden ponin tyttärelleen, vai oliko myös Stefan itsekkin valitsemassa ponia .?

      Kiva kun on tyttärelle mielekäs harrastus annettu, ehkä vielä on tulevaisuudessa hänelle tärkeä ja valitsee sen perusteella tulevan ammatin.
      Kotimaiset julkkisjuorut
      234
      1253
    5. Sinä olet tärkeä

      Herätät minussa kunnioitusta. Kiehdot minua. En oikein saa kiinni sinusta. Ehkä juuri siksi. Aistin että sinäkin pidät minusta. Vetovoima on ollut alu
      Ihastuminen
      61
      1234
    6. Varisjärvellä mersu.

      Varisjärven tiellä tuli vanhamersu kylkiedellä mutkassa vastaan ja vähällä keulaan mutta tökkäs penkkaan, hyppäsin omasta autosta ulos ja kävin kiskas
      Suomussalmi
      16
      1072
    7. Belorf haistattaa seuraajiaan "You can hate me now"...

      Vai haistattaako lompakkoa, joka taisi viimeinkin ymmärtää häipyä Sofian ulottumattomiin ? Sofia raukka on niin typerä, että ottaa nostetta "omasta tv
      Kotimaiset julkkisjuorut
      59
      993
    8. Mitähän ajattelet J

      Tästä kaikesta? Mä välitän susta oikeasti.
      Ikävä
      60
      975
    9. Wau mikä kroppa Sofialla

      Kuva instassa kun on suihkurusketuksessa. Kyllä on muodot kohdallaan, on kuin jumalainen Venus patsas. Eikä ole mitään järkyttäviä lonkero tatuointeja
      Kotimaiset julkkisjuorut
      103
      675
    Aihe