HijackThis -logi

p2pman · Aug 5, 2007

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 15:50:48, on 5.8.2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16473)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\Program Files\Analog Devices\SoundMAX\Smax4.exe
C:\Program Files\SiteAdvisor\6066\SiteAdv.exe
C:\Program Files\QuickTime\qttask.exe
D:\Työkalut & Ohjelmat\iTunes\iTunesHelper.exe
C:\Program Files\Tietoturvapalvelu\Common\FSM32.EXE
C:\WINDOWS\ehome\ehtray.exe
C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe
C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe
D:\Työkalut & Ohjelmat\WinSnap\WinSnap.exe
D:\Työkalut & Ohjelmat\Tor\Vidalia\vidalia.exe
C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
D:\Työkalut & Ohjelmat\PeerGuardian2\pg2.exe
D:\Työkalut & Ohjelmat\Eraser\Eraser\eraser.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe
C:\Program Files\Anonymizer\Anonymizer Software\Anonymizer.exe
D:\Työkalut & Ohjelmat\Tor\Privoxy\privoxy.exe
C:\Program Files\OpenOffice.org 2.1\program\soffice.exe
C:\Program Files\OpenOffice.org 2.1\program\soffice.BIN
C:\PROGRA~1\MOZILL~1\FIREFOX.EXE
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\PROGRA~1\TIETOT~1\backweb\227364\Program\SERVIC~1.EXE
D:\Työkalut & Ohjelmat\BitComet 0.88\BitCometAntiARP\BitCometAntiARP.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\Tietoturvapalvelu\Anti-Virus\fsgk32st.exe
C:\Program Files\Tietoturvapalvelu\Anti-Virus\FSGK32.EXE
C:\Program Files\Tietoturvapalvelu\Anti-Virus\fssm32.exe
C:\Program Files\Tietoturvapalvelu\backweb\227364\program\fsbwsys.exe
C:\Program Files\Tietoturvapalvelu\backweb\227364\Program\fspex.exe
C:\Program Files\Tietoturvapalvelu\Common\FSMA32.EXE
C:\Program Files\Tietoturvapalvelu\Common\FSMB32.EXE
C:\Program Files\SiteAdvisor\6066\SAService.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Tietoturvapalvelu\Common\FCH32.EXE
C:\WINDOWS\ehome\mcrdsvc.exe
C:\Program Files\Tietoturvapalvelu\Common\FAMEH32.EXE
C:\Program Files\Tietoturvapalvelu\Anti-Virus\fsrw.exe
D:\Työkalut & Ohjelmat\Tor\Tor\tor.exe
C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe
C:\Program Files\Tietoturvapalvelu\Anti-Virus\fsav32.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\eHome\ehmsas.exe
C:\WINDOWS\system32\dllhost.exe
C:\Program Files\Tietoturvapalvelu\FWES\Program\fsdfwd.exe
C:\PROGRA~1\TIETOT~1\ANTI-S~1\fsaw.exe
C:\WINDOWS\System32\alg.exe
C:\Program Files\Tietoturvapalvelu\FSGUI\fsguidll.exe
c:\program files\anonymizer\anonymizer software\common\AnonProxy.exe
D:\Työkalut & Ohjelmat\BitComet 0.88\BitComet.exe
D:\Työkalut & Ohjelmat\Video Convert Master\videoapp.exe
D:\Työkalut & Ohjelmat\Video Convert Master\avcore.dll
C:\Program Files\Mozilla Firefox\firefox.exe
C:\hjt\scanner.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 80.221.94.200:12678->Finland(anonymous)
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = local
O2 - BHO: (no name) - {089FD14D-132B-48FC-8861-0048AE113215} - C:\Program Files\SiteAdvisor\6066\SiteAdv.dll
O2 - BHO: (no name) - {140BD8E3-C167-11D4-B4A3-080000180323} - (no file)
O2 - BHO: BitComet ClickCapture - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - D:\Työkalut & Ohjelmat\BitComet 0.88\tools\BitCometBHO_1.1.5.19.dll
O2 - BHO: FoxieToolbar Class - {432CAE3B-690F-4C3B-BD97-070EBDA210D5} - C:\Program Files\Foxie Suite\foxietoolbaru.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: FoxieSecurityModule Class - {C65185B1-D52B-44A9-861F-8201B50D1F37} - C:\Program Files\Foxie Suite\foxiecoreu.dll
O2 - BHO: (no name) - {E14DCE67-8FB7-4721-8149-179BAA4D792C} - (no file)
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: McAfee SiteAdvisor - {0BF43445-2F28-4351-9252-17FE6E806AA0} - C:\Program Files\SiteAdvisor\6066\SiteAdv.dll
O3 - Toolbar: Foxie - {09C02180-3B46-4CD8-83FF-34DAF442BDEF} - C:\Program Files\Foxie Suite\foxiecoreu.dll
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe
O4 - HKLM\..\Run: [SoundMAX] "C:\Program Files\Analog Devices\SoundMAX\Smax4.exe" /tray
O4 - HKLM\..\Run: [SiteAdvisor] C:\Program Files\SiteAdvisor\6066\SiteAdv.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [News Service] "C:\Program Files\Tietoturvapalvelu\FSGUI\ispnews.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [iTunesHelper] "D:\Työkalut & Ohjelmat\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [High Definition Audio Property Page Shortcut] HDAShCut.exe
O4 - HKLM\..\Run: [F-Secure TNB] "C:\Program Files\Tietoturvapalvelu\TNB\TNBUtil.exe" /CHECKALL /WAITFORSW
O4 - HKLM\..\Run: [F-Secure Startup Wizard] "C:\Program Files\Tietoturvapalvelu\FSGUI\FSSW.EXE" /reboot
O4 - HKLM\..\Run: [F-Secure Manager] "C:\Program Files\Tietoturvapalvelu\Common\FSM32.EXE" /splash
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\CLIStart.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe"
O4 - HKLM\..\Run: [PCSuiteTrayApplication] C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe -startup
O4 - HKCU\..\Run: [WinSnap] D:\Työkalut & Ohjelmat\WinSnap\WinSnap.exe /startup
O4 - HKCU\..\Run: [Vidalia] "D:\Työkalut & Ohjelmat\Tor\Vidalia\vidalia.exe"
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [PeerGuardian] D:\Työkalut & Ohjelmat\PeerGuardian2\pg2.exe
O4 - HKCU\..\Run: [Eraser] D:\Työkalut & Ohjelmat\Eraser\Eraser\eraser.exe -hide
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [Hide IP Platinum] D:\Työkalut & Ohjelmat\Hide IP Platinum\hideippla.exe
O4 - HKCU\..\Run: [Anonymizer] C:\Program Files\Anonymizer\Anonymizer Software\Anonymizer.exe -nogui
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Paikallinen palve')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Verkkopalve')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: OpenOffice.org 2.1.lnk = C:\Program Files\OpenOffice.org 2.1\program\quickstart.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe
O4 - Global Startup: Adobe Reader Synchronizer.lnk = C:\Program Files\Adobe\Reader 8.0\Reader\AdobeCollabSync.exe
O4 - Global Startup: Privoxy.lnk = ?
O4 - Global Startup: Tietoturvapalvelu.lnk = C:\Program Files\Tietoturvapalvelu\backweb\227364\Program\fspex.exe
O8 - Extra context menu item: Download all links using BitComet - res://D:\Työkalut & Ohjelmat\BitComet 0.88\BitComet.exe/AddAllLink.htm
O8 - Extra context menu item: Download all videos using BitComet - res://D:\Työkalut & Ohjelmat\BitComet 0.88\BitComet.exe/AddVideo.htm
O8 - Extra context menu item: Download link using &BitComet - res://D:\Työkalut & Ohjelmat\BitComet 0.88\BitComet.exe/AddLink.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra button: IE-suojaus - {300DB664-75B5-47c0-8B45-A44ACCF73C00} - C:\Program Files\Tietoturvapalvelu\Anti-Spyware\ieshield.dll
O9 - Extra 'Tools' menuitem: IE-suojaus... - {300DB664-75B5-47c0-8B45-A44ACCF73C00} - C:\Program Files\Tietoturvapalvelu\Anti-Spyware\ieshield.dll
O9 - Extra button: Desktop Search - {306BBB66-D9E4-4481-833E-C1D5FCA06774} - C:\Program Files\Foxie Suite\Resources\HTML\Desktop.htm
O9 - Extra 'Tools' menuitem: Desktop Search - {306BBB66-D9E4-4481-833E-C1D5FCA06774} - C:\Program Files\Foxie Suite\Resources\HTML\Desktop.htm
O9 - Extra button: Run WinHTTrack - {36ECAF82-3300-8F84-092E-AFF36D6C7040} - D:\Työkalut & Ohjelmat\WinHTTrack\WinHTTrackIEBar.dll
O9 - Extra 'Tools' menuitem: Launch WinHTTrack - {36ECAF82-3300-8F84-092E-AFF36D6C7040} - D:\Työkalut & Ohjelmat\WinHTTrack\WinHTTrackIEBar.dll
O9 - Extra button: Privacy Cleaner - {546E08AA-809F-4F1A-BE1A-6B122EBFCD5A} - C:\Program Files\Foxie Suite\Cleaner.exe
O9 - Extra 'Tools' menuitem: Privacy Cleaner - {546E08AA-809F-4F1A-BE1A-6B122EBFCD5A} - C:\Program Files\Foxie Suite\Cleaner.exe
O9 - Extra button: Swift Sweeper - {61039B22-563D-4922-B844-B076C318A66A} - C:\Program Files\Foxie Suite\Sweeper.exe
O9 - Extra 'Tools' menuitem: Swift Sweeper - {61039B22-563D-4922-B844-B076C318A66A} - C:\Program Files\Foxie Suite\Sweeper.exe
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: The Infinity Button - {E4143585-2688-4EBC-B264-27C774F600D5} - C:\Program Files\Foxie Suite\Resources\HTML\Infinity.htm
O9 - Extra 'Tools' menuitem: The Infinity Button - {E4143585-2688-4EBC-B264-27C774F600D5} - C:\Program Files\Foxie Suite\Resources\HTML\Infinity.htm
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1168774122109
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Tietoturvapalvelu (BackWeb Plug-in - 227364) - BackWeb Technologies Inc. - C:\PROGRA~1\TIETOT~1\backweb\227364\Program\SERVIC~1.EXE
O23 - Service: BitComet AntiARP - Unknown owner - D:\Työkalut & Ohjelmat\BitComet 0.88\BitCometAntiARP\BitCometAntiARP.exe
O23 - Service: FSGKHS (F-Secure Gatekeeper Handler Starter) - F-Secure Corp. - C:\Program Files\Tietoturvapalvelu\Anti-Virus\fsgk32st.exe
O23 - Service: fsbwsys - F-Secure Corp. - C:\Program Files\Tietoturvapalvelu\backweb\227364\program\fsbwsys.exe
O23 - Service: F-Secure Anti-Virus Firewall Daemon (FSDFWD) - F-Secure Corporation - C:\Program Files\Tietoturvapalvelu\FWES\Program\fsdfwd.exe
O23 - Service: F-Secure Management Agent (FSMA) - F-Secure Corporation - C:\Program Files\Tietoturvapalvelu\Common\FSMA32.EXE
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: iPod-palvelu (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: SiteAdvisor Service - McAfee, Inc. - C:\Program Files\SiteAdvisor\6066\SAService.exe

--
End of file - 13644 bytes

Auttaja · Aug 5, 2007

Moron!

=========

Avaa hijackthis merkkaa seuraavat rivi(t) ja paina fix checked, sulje muut ohjelmat siksi aikaa.

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
O2 - BHO: (no name) - {140BD8E3-C167-11D4-B4A3-080000180323} - (no file)
O2 - BHO: (no name) - {E14DCE67-8FB7-4721-8149-179BAA4D792C} - (no file)

Tässä ohje miten merkataan:

==========

Skannaa koneesi Ewido Online Scannerilla

* Lataa Ewido_micro.exe tästä.
* Tallenna tiedosto esimerkiksi työpöydälle.
* Tuplaklikkaa Ewido_micro.exeä työpöydälläsi.
* Ewido alkaa samantien päivittämään tunnisteitaan. Tässä voi mennä hetki.
* Kun päivitykset on ladattu, varmista että kaikki kohdat ovat rastitettuja ikkunan vasemmassa laidassa.
* Klikkaa vasemmalla alhaalla olevaa Start Scan -nappia.
* Scannaus alkaa. Tässä voi kestää jonkun aikaa, riippuen tiedostojen määrästä.
* Kun skannaus on valmis ja löytyneitä kohteita on, niin varmista, että kaikkien kohteiden vasemmalla puolella olevissa kohdissa on rastit.
* Klikkaa Save report -nappia ja tallenna raportti vaikka työpöydälle.
* Klikkaa Remove Infections -nappia.
* Kun vastaat aukeavaan ilmoitukseen ok, niin kaikki saastuneet tiedostot poistetaan.
* Poiston jälkeen voit sammuttaa Ewido Online Scannerin painamalla yläkulmassa olevaa punaista rastia.
* Käynnistä kone nyt uudelleen ja postita tallentamasi raportti viestiketjuusi
==========

Loistava ohje tietokoneeen nopeuttamiseksi

http://neko.1g.fi/ohje/hidastelua.html

==========

Lataa Deckard's System Scanner Työpöydällesi.

Huomioi: Sinulla tulee olla Järjestelmänvalvojan oikeudet ajaaksesi ohjelman.

[*]Sulje kaikki avoimet ikkunat ja ohjelmat.
[*]Tupla Klikkaa Dss.exe tiedostoa ajaaksesi ohjelman, seuraa ohjeita.
[*]Kun Scannaus on valmis 2 textitiedostoa pitäisi avautua, Main.txt ja extra.txt
[*]Näppäile Kopioi ( CTRL+A -> CTRL + C ) ja liitä ( CTRL + V )
[*]kopioi ja liitä Extra.txt & Main.txt sisältö seuraavaan vastaukseesi.

ja ewido online skannerin raportti

p2pman · Aug 7, 2007

Ewido:

__________________________________________________
ewido anti-spyware online scanner
http://www.ewido.net
__________________________________________________

Name: TrackingCookie.Statistik-gallup
Path: :mozilla.11:C:\Documents and Settings\ghjf\Application Data\Mozilla\Firefox\Profiles\eusngyxl.default\cookies.txt
Risk: Medium

Name: TrackingCookie.Adbrite
Path: :mozilla.17:C:\Documents and Settings\ghjf\Application Data\Mozilla\Firefox\Profiles\eusngyxl.default\cookies.txt
Risk: Medium

Name: TrackingCookie.Adbrite
Path: :mozilla.18:C:\Documents and Settings\ghjf\Application Data\Mozilla\Firefox\Profiles\eusngyxl.default\cookies.txt
Risk: Medium

Name: TrackingCookie.Adbrite
Path: :mozilla.19:C:\Documents and Settings\ghjf\Application Data\Mozilla\Firefox\Profiles\eusngyxl.default\cookies.txt
Risk: Medium

Name: TrackingCookie.Adbrite
Path: :mozilla.20:C:\Documents and Settings\ghjf\Application Data\Mozilla\Firefox\Profiles\eusngyxl.default\cookies.txt
Risk: Medium

Name: TrackingCookie.Adbrite
Path: :mozilla.21:C:\Documents and Settings\ghjf\Application Data\Mozilla\Firefox\Profiles\eusngyxl.default\cookies.txt
Risk: Medium

Name: TrackingCookie.Adbrite
Path: :mozilla.22:C:\Documents and Settings\ghjf\Application Data\Mozilla\Firefox\Profiles\eusngyxl.default\cookies.txt
Risk: Medium

Name: TrackingCookie.Yieldmanager
Path: :mozilla.48:C:\Documents and Settings\ghjf\Application Data\Mozilla\Firefox\Profiles\eusngyxl.default\cookies.txt
Risk: Medium

Name: TrackingCookie.Yieldmanager
Path: :mozilla.49:C:\Documents and Settings\ghjf\Application Data\Mozilla\Firefox\Profiles\eusngyxl.default\cookies.txt
Risk: Medium

Name: TrackingCookie.Adbrite
Path: :mozilla.64:C:\Documents and Settings\ghjf\Application Data\Mozilla\Firefox\Profiles\eusngyxl.default\cookies.txt
Risk: Medium

Name: TrackingCookie.Navrcholu
Path: :mozilla.84:C:\Documents and Settings\ghjf\Application Data\Mozilla\Firefox\Profiles\eusngyxl.default\cookies.txt
Risk: Medium

Name: TrackingCookie.Paypal
Path: :mozilla.90:C:\Documents and Settings\ghjf\Application Data\Mozilla\Firefox\Profiles\eusngyxl.default\cookies.txt
Risk: Medium

Name: Hijacker.Small
Path: C:\System Volume Information\_restore{13008B8B-28EC-4A95-8016-FDFC43DCF295}\RP33\A0095272.exe
Risk: High

Name: Hijacker.Small
Path: D:\Pelit\Hitman - Blood money\hbm_ecn.exe
Risk: High

Name: Hijacker.Small
Path: D:\System Volume Information\_restore{13008B8B-28EC-4A95-8016-FDFC43DCF295}\RP32\A0095250.exe
Risk: High

Deckard's System Scanner:

main.txt

Deckard's System Scanner v20070804.61
Run by ghjf on 2007-08-07 at 12:42:47
Computer is in Normal Mode.
--------------------------------------------------------------------------------

-- HijackThis (run as ghjf.exe) ------------------------------------------------

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 12:42:48, on 7.8.2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16473)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\Program Files\Analog Devices\SoundMAX\Smax4.exe
C:\Program Files\SiteAdvisor\6066\SiteAdv.exe
C:\Program Files\QuickTime\qttask.exe
D:\Työkalut & Ohjelmat\iTunes\iTunesHelper.exe
C:\Program Files\Tietoturvapalvelu\Common\FSM32.EXE
C:\WINDOWS\ehome\ehtray.exe
C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe
C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe
D:\Työkalut & Ohjelmat\WinSnap\WinSnap.exe
D:\Työkalut & Ohjelmat\Tor\Vidalia\vidalia.exe
C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
D:\Työkalut & Ohjelmat\PeerGuardian2\pg2.exe
D:\Työkalut & Ohjelmat\Eraser\Eraser\eraser.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe
C:\Program Files\Anonymizer\Anonymizer Software\Anonymizer.exe
D:\Työkalut & Ohjelmat\BitComet 0.88\BitComet.exe
D:\Työkalut & Ohjelmat\Tor\Privoxy\privoxy.exe
C:\Program Files\OpenOffice.org 2.1\program\soffice.exe
C:\Program Files\OpenOffice.org 2.1\program\soffice.BIN
C:\PROGRA~1\MOZILL~1\FIREFOX.EXE
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\PROGRA~1\TIETOT~1\backweb\227364\Program\SERVIC~1.EXE
D:\Työkalut & Ohjelmat\BitComet 0.88\BitCometAntiARP\BitCometAntiARP.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\Program Files\Tietoturvapalvelu\backweb\227364\Program\fspex.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\Tietoturvapalvelu\Anti-Virus\fsgk32st.exe
C:\Program Files\Tietoturvapalvelu\Anti-Virus\FSGK32.EXE
C:\Program Files\Tietoturvapalvelu\Anti-Virus\fssm32.exe
C:\Program Files\Tietoturvapalvelu\backweb\227364\program\fsbwsys.exe
C:\Program Files\Tietoturvapalvelu\Common\FSMA32.EXE
C:\Program Files\Tietoturvapalvelu\Common\FSMB32.EXE
C:\Program Files\Tietoturvapalvelu\Common\FCH32.EXE
C:\Program Files\SiteAdvisor\6066\SAService.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Tietoturvapalvelu\Common\FAMEH32.EXE
C:\Program Files\Tietoturvapalvelu\Anti-Virus\fsrw.exe
D:\Työkalut & Ohjelmat\Tor\Tor\tor.exe
C:\WINDOWS\ehome\mcrdsvc.exe
C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Tietoturvapalvelu\Anti-Virus\fsav32.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\eHome\ehmsas.exe
C:\Program Files\Tietoturvapalvelu\FWES\Program\fsdfwd.exe
C:\WINDOWS\System32\alg.exe
C:\PROGRA~1\TIETOT~1\ANTI-S~1\fsaw.exe
C:\Program Files\Tietoturvapalvelu\FSGUI\fsguidll.exe
c:\program files\anonymizer\anonymizer software\common\AnonProxy.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\ghjf\Desktop\dss(2).exe
C:\hjt\ghjf.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 80.221.94.200:12678->Finland(anonymous)
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = local
O2 - BHO: BitComet ClickCapture - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - D:\Työkalut & Ohjelmat\BitComet 0.88\tools\BitCometBHO_1.1.5.19.dll
O2 - BHO: FoxieToolbar Class - {432CAE3B-690F-4C3B-BD97-070EBDA210D5} - C:\Program Files\Foxie Suite\foxietoolbaru.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: FoxieSecurityModule Class - {C65185B1-D52B-44A9-861F-8201B50D1F37} - C:\Program Files\Foxie Suite\foxiecoreu.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: McAfee SiteAdvisor - {0BF43445-2F28-4351-9252-17FE6E806AA0} - C:\Program Files\SiteAdvisor\6066\SiteAdv.dll
O3 - Toolbar: Foxie - {09C02180-3B46-4CD8-83FF-34DAF442BDEF} - C:\Program Files\Foxie Suite\foxiecoreu.dll
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe
O4 - HKLM\..\Run: [SoundMAX] "C:\Program Files\Analog Devices\SoundMAX\Smax4.exe" /tray
O4 - HKLM\..\Run: [SiteAdvisor] C:\Program Files\SiteAdvisor\6066\SiteAdv.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [News Service] "C:\Program Files\Tietoturvapalvelu\FSGUI\ispnews.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [iTunesHelper] "D:\Työkalut & Ohjelmat\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [High Definition Audio Property Page Shortcut] HDAShCut.exe
O4 - HKLM\..\Run: [F-Secure TNB] "C:\Program Files\Tietoturvapalvelu\TNB\TNBUtil.exe" /CHECKALL /WAITFORSW
O4 - HKLM\..\Run: [F-Secure Startup Wizard] "C:\Program Files\Tietoturvapalvelu\FSGUI\FSSW.EXE" /reboot
O4 - HKLM\..\Run: [F-Secure Manager] "C:\Program Files\Tietoturvapalvelu\Common\FSM32.EXE" /splash
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\CLIStart.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe"
O4 - HKLM\..\Run: [PCSuiteTrayApplication] C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe -startup
O4 - HKCU\..\Run: [WinSnap] D:\Työkalut & Ohjelmat\WinSnap\WinSnap.exe /startup
O4 - HKCU\..\Run: [Vidalia] "D:\Työkalut & Ohjelmat\Tor\Vidalia\vidalia.exe"
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [PeerGuardian] D:\Työkalut & Ohjelmat\PeerGuardian2\pg2.exe
O4 - HKCU\..\Run: [Eraser] D:\Työkalut & Ohjelmat\Eraser\Eraser\eraser.exe -hide
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [Hide IP Platinum] D:\Työkalut & Ohjelmat\Hide IP Platinum\hideippla.exe
O4 - HKCU\..\Run: [Anonymizer] C:\Program Files\Anonymizer\Anonymizer Software\Anonymizer.exe -nogui
O4 - HKCU\..\Run: [BitComet] "D:\Työkalut & Ohjelmat\BitComet 0.88\BitComet.exe" /tray
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Paikallinen palve')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Verkkopalve')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: OpenOffice.org 2.1.lnk = C:\Program Files\OpenOffice.org 2.1\program\quickstart.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe
O4 - Global Startup: Adobe Reader Synchronizer.lnk = C:\Program Files\Adobe\Reader 8.0\Reader\AdobeCollabSync.exe
O4 - Global Startup: Privoxy.lnk = ?
O4 - Global Startup: Tietoturvapalvelu.lnk = C:\Program Files\Tietoturvapalvelu\backweb\227364\Program\fspex.exe
O8 - Extra context menu item: Download all links using BitComet - res://D:\Työkalut & Ohjelmat\BitComet 0.88\BitComet.exe/AddAllLink.htm
O8 - Extra context menu item: Download all videos using BitComet - res://D:\Työkalut & Ohjelmat\BitComet 0.88\BitComet.exe/AddVideo.htm
O8 - Extra context menu item: Download link using &BitComet - res://D:\Työkalut & Ohjelmat\BitComet 0.88\BitComet.exe/AddLink.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra button: IE-suojaus - {300DB664-75B5-47c0-8B45-A44ACCF73C00} - C:\Program Files\Tietoturvapalvelu\Anti-Spyware\ieshield.dll
O9 - Extra 'Tools' menuitem: IE-suojaus... - {300DB664-75B5-47c0-8B45-A44ACCF73C00} - C:\Program Files\Tietoturvapalvelu\Anti-Spyware\ieshield.dll
O9 - Extra button: Desktop Search - {306BBB66-D9E4-4481-833E-C1D5FCA06774} - C:\Program Files\Foxie Suite\Resources\HTML\Desktop.htm
O9 - Extra 'Tools' menuitem: Desktop Search - {306BBB66-D9E4-4481-833E-C1D5FCA06774} - C:\Program Files\Foxie Suite\Resources\HTML\Desktop.htm
O9 - Extra button: Run WinHTTrack - {36ECAF82-3300-8F84-092E-AFF36D6C7040} - D:\Työkalut & Ohjelmat\WinHTTrack\WinHTTrackIEBar.dll
O9 - Extra 'Tools' menuitem: Launch WinHTTrack - {36ECAF82-3300-8F84-092E-AFF36D6C7040} - D:\Työkalut & Ohjelmat\WinHTTrack\WinHTTrackIEBar.dll
O9 - Extra button: Privacy Cleaner - {546E08AA-809F-4F1A-BE1A-6B122EBFCD5A} - C:\Program Files\Foxie Suite\Cleaner.exe
O9 - Extra 'Tools' menuitem: Privacy Cleaner - {546E08AA-809F-4F1A-BE1A-6B122EBFCD5A} - C:\Program Files\Foxie Suite\Cleaner.exe
O9 - Extra button: Swift Sweeper - {61039B22-563D-4922-B844-B076C318A66A} - C:\Program Files\Foxie Suite\Sweeper.exe
O9 - Extra 'Tools' menuitem: Swift Sweeper - {61039B22-563D-4922-B844-B076C318A66A} - C:\Program Files\Foxie Suite\Sweeper.exe
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: The Infinity Button - {E4143585-2688-4EBC-B264-27C774F600D5} - C:\Program Files\Foxie Suite\Resources\HTML\Infinity.htm
O9 - Extra 'Tools' menuitem: The Infinity Button - {E4143585-2688-4EBC-B264-27C774F600D5} - C:\Program Files\Foxie Suite\Resources\HTML\Infinity.htm
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1168774122109
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Tietoturvapalvelu (BackWeb Plug-in - 227364) - BackWeb Technologies Inc. - C:\PROGRA~1\TIETOT~1\backweb\227364\Program\SERVIC~1.EXE
O23 - Service: BitComet AntiARP - Unknown owner - D:\Työkalut & Ohjelmat\BitComet 0.88\BitCometAntiARP\BitCometAntiARP.exe
O23 - Service: FSGKHS (F-Secure Gatekeeper Handler Starter) - F-Secure Corp. - C:\Program Files\Tietoturvapalvelu\Anti-Virus\fsgk32st.exe
O23 - Service: fsbwsys - F-Secure Corp. - C:\Program Files\Tietoturvapalvelu\backweb\227364\program\fsbwsys.exe
O23 - Service: F-Secure Anti-Virus Firewall Daemon (FSDFWD) - F-Secure Corporation - C:\Program Files\Tietoturvapalvelu\FWES\Program\fsdfwd.exe
O23 - Service: F-Secure Management Agent (FSMA) - F-Secure Corporation - C:\Program Files\Tietoturvapalvelu\Common\FSMA32.EXE
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: iPod-palvelu (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: SiteAdvisor Service - McAfee, Inc. - C:\Program Files\SiteAdvisor\6066\SAService.exe

--
End of file - 13408 bytes

-- Files created between 2007-07-07 and 2007-08-07 -----------------------------

2007-08-07 12:22:26 0 dr-h----- C:\Documents and Settings\ghjf\Recent
2007-08-07 11:32:41 0 d-------- C:\Documents and Settings\ghjf\Application Data\TeraCopy
2007-08-05 17:09:52 94208 --a------ C:\WINDOWS\system32\drivers\ezplay.sys <Not Verified; VSO Software; ezplay driver>
2007-08-05 17:09:52 94208 --a------ C:\Documents and Settings\ghjf\Application Data\ezplay.sys <Not Verified; VSO Software; ezplay driver>
2007-08-05 15:49:29 0 d-------- C:\ce4ae7aa35582e0643bff8aa5f07ec
2007-08-03 17:52:38 0 d-------- C:\Program Files\Common Files\Wise Installation Wizard
2007-08-03 17:52:26 0 d-------- C:\Program Files\Anonymizer
2007-08-01 19:15:07 0 d-------- C:\Documents and Settings\ghjf\Application Data\DVDFab
2007-07-31 22:42:49 47360 --a------ C:\WINDOWS\system32\drivers\pcouffin.sys <Not Verified; VSO Software; Patin couffin engine>
2007-07-31 11:18:29 0 d-------- C:\Program Files\AWS
2007-07-31 11:18:05 0 d-------- C:\Program Files\Realtek
2007-07-31 10:17:28 0 d-------- C:\Documents and Settings\tyu\Application Data\PC Suite
2007-07-30 21:51:26 0 d-------- C:\Inetpub
2007-07-27 00:22:03 0 d-------- C:\Documents and Settings\ghjf\Downloads
2007-07-27 00:22:01 0 d-------- C:\Documents and Settings\ghjf\Application Data\NewsLeecher
2007-07-24 18:52:21 34308 --a------ C:\WINDOWS\system32\Chip.dll
2007-07-23 21:51:37 0 d-------- C:\Documents and Settings\ghjf\Application Data\Help
2007-07-19 02:23:21 0 d-------- C:\Program Files\Common Files\PCSuite
2007-07-19 02:23:20 0 d-------- C:\Program Files\Common Files\Nokia
2007-07-19 02:22:44 0 d-------- C:\Program Files\PC Connectivity Solution
2007-07-19 02:20:19 0 d-------- C:\Program Files\Nokia
2007-07-18 19:04:26 335 --a------ C:\WINDOWS\mozregistry.dat
2007-07-15 11:37:37 0 d-------- C:\Program Files\Common Files\Java
2007-07-14 13:14:28 217088 --a------ C:\WINDOWS\system32\yv12vfw.dll <Not Verified; www.helixcommunity.org; Helix YV12 YUV Codec>
2007-07-14 13:14:28 144384 --a------ C:\WINDOWS\system32\Iacenc.dll <Not Verified; Intel Corporation; Indeo® audio software>
2007-07-14 13:14:28 217088 --a------ C:\WINDOWS\system32\i420vfw.dll <Not Verified; www.helixcommunity.org; Helix I420 YUV Codec>
2007-07-14 13:14:28 39936 --a------ C:\WINDOWS\system32\huffyuv.dll <Not Verified; Disappearing Inc.; Huffyuv>
2007-07-14 13:14:27 180224 --a------ C:\WINDOWS\system32\xvidvfw.dll
2007-07-14 13:14:27 593920 --a------ C:\WINDOWS\system32\xvidcore.dll
2007-07-14 13:14:27 630784 --a------ C:\WINDOWS\system32\vp7vfw.dll <Not Verified; On2.com; On2_VP70>
2007-07-14 13:14:27 438272 --a------ C:\WINDOWS\system32\vp6vfw.dll <Not Verified; On2.com; On2_VP6>
2007-07-14 13:14:25 0 d-------- C:\Documents and Settings\ghjf\Application Data\Real
2007-07-14 13:14:25 0 d-------- C:\Documents and Settings\All Users\Application Data\Real
2007-07-13 20:46:05 32256 --a------ C:\WINDOWS\system32\drivers\maplom.sys <Not Verified; SlySoft Inc.; Game Jackal>
2007-07-13 16:34:57 0 d-------- C:\WINDOWS\UbiSoft
2007-07-13 12:37:08 0 d-------- C:\WINDOWS\pss
2007-07-13 11:42:10 0 d-------- C:\Documents and Settings\ghjf\Application Data\Grisoft
2007-07-13 11:41:45 0 d-------- C:\Documents and Settings\All Users\Application Data\Grisoft
2007-07-12 23:47:21 0 d-------- C:\Documents and Settings\ghjf\Application Data\Media Player Classic
2007-07-11 22:26:07 0 dr-h----- C:\Documents and Settings\LocalService\Recent
2007-07-10 18:49:12 0 d-------- C:\WINDOWS\network diagnostic
2007-07-09 22:05:28 12288 --a------ C:\WINDOWS\system32\DivXWMPExtType.dll
2007-07-09 19:33:00 1356 --a------ C:\Documents and Settings\All Users\Application Data\QTSBandwidthCache
2007-07-09 15:11:18 0 d-------- C:\Documents and Settings\ghjf\Application Data\River Past G5
2007-07-09 15:11:18 0 d-------- C:\Documents and Settings\All Users\Application Data\River Past G5
2007-07-09 14:17:27 0 d--h----- C:\Program Files\System32
2007-07-07 13:23:10 0 d-------- C:\hjt
2007-07-07 02:10:00 0 d-------- C:\Documents and Settings\All Users\Application Data\TEMP

-- Find3M Report ---------------------------------------------------------------

2007-08-07 12:41:37 0 d-------- C:\Documents and Settings\ghjf\Application Data\tor
2007-08-07 12:38:50 0 d-------- C:\Documents and Settings\ghjf\Application Data\Vidalia
2007-08-07 12:29:24 0 d-------- C:\Documents and Settings\ghjf\Application Data\OpenOffice.org2
2007-08-06 15:33:04 0 d-------- C:\Documents and Settings\ghjf\Application Data\Vso
2007-08-06 12:51:56 0 d-------- C:\Documents and Settings\ghjf\Application Data\LimeWire
2007-08-05 17:10:17 34 --a------ C:\Documents and Settings\ghjf\Application Data\ezplay.log
2007-08-05 17:09:52 125 --a------ C:\Documents and Settings\ghjf\Application Data\ezplay.ini
2007-08-05 17:09:52 7861 --a------ C:\Documents and Settings\ghjf\Application Data\ezplay.cat
2007-08-05 17:09:51 1103 --a------ C:\Documents and Settings\ghjf\Application Data\ezplay.inf
2007-08-04 15:00:24 34 --a------ C:\Documents and Settings\ghjf\Application Data\pcouffin.log
2007-08-04 15:00:09 47360 --a------ C:\Documents and Settings\ghjf\Application Data\pcouffin.sys <Not Verified; VSO Software; Patin couffin engine>
2007-08-04 15:00:09 1144 --a------ C:\Documents and Settings\ghjf\Application Data\pcouffin.inf
2007-08-04 15:00:09 7176 --a------ C:\Documents and Settings\ghjf\Application Data\pcouffin.cat
2007-08-04 15:00:09 81920 --a------ C:\Documents and Settings\ghjf\Application Data\ezpinst.exe
2007-08-03 17:52:38 0 d-------- C:\Program Files\Common Files
2007-07-30 19:52:53 0 d--h----- C:\Program Files\InstallShield Installation Information
2007-07-28 01:38:15 0 d-------- C:\Documents and Settings\ghjf\Application Data\Nokia Multimedia Player
2007-07-28 01:22:17 0 d-------- C:\Documents and Settings\ghjf\Application Data\PC Suite
2007-07-23 00:52:40 32 --a------ C:\WINDOWS\go
2007-07-20 19:55:34 0 d-------- C:\Program Files\DivX
2007-07-19 13:04:54 71954 --a------ C:\Documents and Settings\ghjf\Application Data\NMM-MetaData.db
2007-07-18 16:42:58 64007 --a------ C:\Program Files\Firefox Setup 2.0.0.5.exe
2007-07-15 11:37:56 0 d-------- C:\Program Files\Java
2007-07-12 22:31:03 0 d-------- C:\Documents and Settings\ghjf\Application Data\BSplayer Pro
2007-07-12 00:14:57 0 d-------- C:\Documents and Settings\ghjf\Application Data\Ahead
2007-07-07 04:49:37 60452 --a------ C:\Documents and Settings\ghjf\Application Data\DVDSubEditLastFile.txt
2007-07-07 04:49:17 798 --a------ C:\Documents and Settings\ghjf\Application Data\DVDSubEdit.ini
2007-07-07 02:56:07 0 d-------- C:\Documents and Settings\ghjf\Application Data\PgcEdit
2007-07-05 21:06:50 0 d-------- C:\Program Files\Messenger
2007-07-05 19:48:45 0 d-------- C:\Documents and Settings\ghjf\Application Data\dvdcss
2007-07-03 18:02:48 0 d-------- C:\Documents and Settings\ghjf\Application Data\Nokia
2007-07-03 17:44:16 0 d-------- C:\Program Files\NCH Swift Sound
2007-07-03 03:15:46 0 d-------- C:\Program Files\DIFX
2007-07-02 14:22:56 0 d-------- C:\Documents and Settings\ghjf\Application Data\FoxieSpywareSwiftSweeper
2007-07-02 14:22:02 0 d-------- C:\Program Files\Foxie Suite
2007-07-01 13:12:05 0 d-------- C:\Documents and Settings\ghjf\Application Data\Apple Computer
2007-07-01 04:19:13 0 d-------- C:\Program Files\Common Files\Ahead
2007-07-01 04:18:11 0 d-------- C:\Program Files\Nero
2007-07-01 04:09:49 0 d-------- C:\Program Files\Ahead
2007-06-30 22:57:41 0 d-------- C:\Program Files\iPod
2007-06-30 22:57:02 0 d-------- C:\Program Files\QuickTime
2007-06-30 22:55:13 0 d-------- C:\Program Files\Common Files\Apple
2007-06-25 23:34:05 0 d-------- C:\Documents and Settings\ghjf\Application Data\InstallShield
2007-06-25 20:55:16 0 d-------- C:\Program Files\Gran Paradiso
2007-06-25 12:25:48 49152 --a------ C:\WINDOWS\system32\apache.dll
2007-06-24 17:22:41 0 dr-h----- C:\Documents and Settings\ghjf\Application Data\SecuROM
2007-06-24 17:22:39 98304 --a------ C:\WINDOWS\system32CmdLineExt.dll <Not Verified; Sony DADC Austria AG.; >
2007-06-09 06:14:10 564224 --a------ C:\WINDOWS\system32\x264vfw.dll
2007-06-08 21:50:32 0 d-------- C:\Documents and Settings\ghjf\Application Data\uTorrent
2007-05-27 17:58:24 2560 --a------ C:\WINDOWS\system32\bitcometres.dll <Not Verified; BitComet; BitComet BCTP Helper>
2007-05-25 22:55:21 13010 --a------ C:\WINDOWS\system32\SpoonUninstall-dBpoweramp Music Converter.dat
2007-05-17 01:13:38 3922 --a------ C:\WINDOWS\system32\tmp.reg

-- Registry Dump ---------------------------------------------------------------

*Note* empty entries & legit default entries are not shown

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"!AVG Anti-Spyware"="C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" [11.06.2007 12:25]
"SoundMAXPnP"="C:\Program Files\Analog Devices\Core\smax4pnp.exe" [20.05.2005 04:11]
"SoundMAX"="C:\Program Files\Analog Devices\SoundMAX\Smax4.exe" [07.09.2005 16:35]
"SiteAdvisor"="C:\Program Files\SiteAdvisor\6066\SiteAdv.exe" [14.03.2007 22:24]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [27.04.2007 09:41]
"News Service"="C:\Program Files\Tietoturvapalvelu\FSGUI\ispnews.exe" [31.05.2005 15:45]
"NeroFilterCheck"="C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe" [01.03.2007 15:57]
"iTunesHelper"="D:\Työkalut & Ohjelmat\iTunes\iTunesHelper.exe" []
"High Definition Audio Property Page Shortcut"="HDAShCut.exe" [27.10.2004 16:21 C:\WINDOWS\system32\HdAShCut.exe]
"F-Secure TNB"="C:\Program Files\Tietoturvapalvelu\TNB\TNBUtil.exe" [02.06.2005 16:05]
"F-Secure Startup Wizard"="C:\Program Files\Tietoturvapalvelu\FSGUI\FSSW.exe" [21.09.2005 17:56]
"F-Secure Manager"="C:\Program Files\Tietoturvapalvelu\Common\FSM32.exe" [09.05.2005 10:05]
"ehTray"="C:\WINDOWS\ehome\ehtray.exe" [05.08.2005 14:56]
"ATICCC"="C:\Program Files\ATI Technologies\ATI.ACE\CLIStart.exe" [10.05.2006 12:12]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe" [12.07.2007 04:00]
"PCSuiteTrayApplication"="C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe" [18.06.2007 15:10]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"WinSnap"="D:\Työkalut & Ohjelmat\WinSnap\WinSnap.exe" []
"Vidalia"="D:\Työkalut & Ohjelmat\Tor\Vidalia\vidalia.exe" []
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe" [27.02.2007 15:24]
"PeerGuardian"="D:\Työkalut & Ohjelmat\PeerGuardian2\pg2.exe" []
"Eraser"="D:\Työkalut & Ohjelmat\Eraser\Eraser\eraser.exe" []
"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [15.03.2006 15:00]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe" [16.05.2007 09:27]
"Hide IP Platinum"="D:\Työkalut & Ohjelmat\Hide IP Platinum\hideippla.exe" []
"Anonymizer"="C:\Program Files\Anonymizer\Anonymizer Software\Anonymizer.exe" [03.08.2007 17:54]
"BitComet"="D:\Työkalut & Ohjelmat\BitComet 0.88\BitComet.exe" []

[HKEY_USERS\.default\software\microsoft\windows\currentversion\run]
"Nokia.PCSync"=C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog

C:\Documents and Settings\ghjf\Start Menu\Programs\Startup\
OpenOffice.org 2.1.lnk - C:\Program Files\OpenOffice.org 2.1\program\quickstart.exe [2.12.2006 0:32:46]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Adobe Reader Speed Launch.lnk - C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe [23.10.2006 2:48:20]
Adobe Reader Synchronizer.lnk - C:\Program Files\Adobe\Reader 8.0\Reader\AdobeCollabSync.exe [23.10.2006 1:01:50]
Privoxy.lnk - D:\Ty”kalut & Ohjelmat\Tor\Privoxy\privoxy.exe [20.11.2006 17:30:54]
Tietoturvapalvelu.lnk - C:\Program Files\Tietoturvapalvelu\backweb\227364\Program\fspex.exe [18.1.2007 16:52:26]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"InstallVisualStyle"=C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles
"InstallTheme"=C:\WINDOWS\Resources\Themes\Royale.theme

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"DisableRegistryTools"=0 (0x0)

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"ClearRecentDocsOnExit"=1 (0x1)
"NoDesktop"=0 (0x0)
"NoActiveDesktop"=0 (0x0)
"HideClock"=0 (0x0)
"NoManageMyComputerVerb"=0 (0x0)
"NoLowDiskSpaceChecks"=0 (0x0)
"NoStartMenuPinnedList"=0 (0x0)
"NoStartMenuMFUprogramsList"=0 (0x0)
"NoUserNameInStartMenu"=0 (0x0)
"StartmenuLogoff"=0 (0x0)
"NoStartMenuSubFolders"=0 (0x0)
"NoCommonGroups"=0 (0x0)
"NoRecentDocsMenu"=1000000 (0xf4240)
"NoPrinterTabs"=0 (0x0)
"NoDeletePrinter"=0 (0x0)
"NoAddPrinter"=0 (0x0)
"NoPrinters"=0 (0x0)
"NoNetworkConnections"=0 (0x0)
"NoFavoritesMenu"=0 (0x0)
"NoRun"=0 (0x0)
"NoFind"=0 (0x0)
"NoClose"=0 (0x0)
"NoSetFolders"=0 (0x0)
"NoSMHelp"=0 (0x0)
"NoChangeStartMenu"=0 (0x0)
"NoViewContextMenu"=0 (0x0)
"NoFileMenu"=0 (0x0)
"NoShellSearchButton"=0 (0x0)
"NoToolbarCustomize"=0 (0x0)
"NoRecentDocsNetHood"=0 (0x0)
"NoChangeAnimation"=0 (0x0)
"NoChangeKeyboardNavigationIndicators"=0 (0x0)
"NoThemesTab"=0 (0x0)
"NoRecentDocsHistory"=00000000

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{35E8A801-550D-EE75-1991-0346D19660FE}]
C:\Program Files\System32\svchost.exe s

-- End of Deckard's System Scanner: finished at 2007-08-07 at 12:43:07 ---------

ja extra.txt:tä dss ei jostain syystä avannut ollenkaan.

Auttaja · Aug 7, 2007

C:\Program Files\System32\svchost.exe

Laita piilotiedostot näkyviin ja tarkistuksen jälkeen piiloon takaisin

http://www.virustotal.com/

Mene tuonne sivulle ja lataa tiedosto käyttämällä "selaa" toimintoa.

Jos palvelu on ruuhkautunut käytä http://virusscan.jotti.org/

Laita tulos seuraavaan vastaukseen

p2pman · Aug 8, 2007

File svchost.exe received on 08.08.2007 19:37:16 (CET)
Current status: Loading ... queued waiting scanning finished NOT FOUND STOPPED
Result: 9/32 (28.13%)
Loading server information...
Your file is queued in position: 3.
Estimated start time is between 52 and 75 seconds.
Do not close the window until scan is complete.
The scanner that was processing your file is stopped at this moment, we are going to wait a few seconds to try to recover your result.
If you are waiting for more than five minutes you have to resend your file.
Your file is being scanned by VirusTotal in this moment,
results will be shown as they're generated.
Compact Compact
Print results Print results
Your file has expired or does not exists.
Service is stopped in this moments, your file is waiting to be scanned (position: ) for an undefined time.

You can wait for web response (automatic reload) or type your email in the form below and click "request" so the system sends you a notification when the scan is finished.
Email:

Antivirus Version Last Update Result
AhnLab-V3 2007.8.3.0 2007.08.08 -
AntiVir 7.4.0.57 2007.08.08 BDS/Bifrose.NU
Authentium 4.93.8 2007.08.08 -
Avast 4.7.1029.0 2007.08.08 -
AVG 7.5.0.476 2007.08.07 BackDoor.Generic7.STR
BitDefender 7.2 2007.08.08 MemScan:Backdoor.Bifrose.NQ
CAT-QuickHeal 9.00 2007.08.08 -
ClamAV 0.91 2007.08.08 Trojan.Pakes-248
DrWeb 4.33 2007.08.08 -
eSafe 7.0.15.0 2007.07.31 -
eTrust-Vet 31.1.5043 2007.08.08 -
Ewido 4.0 2007.08.08 -
FileAdvisor 1 2007.08.08 -
Fortinet 2.91.0.0 2007.08.08 BDoor.CEP!tr.bdr
F-Prot 4.3.2.48 2007.08.08 -
F-Secure 6.70.13030.0 2007.08.08 -
Ikarus T3.1.1.12 2007.08.08 Backdoor.VB.EV
Kaspersky 4.0.2.24 2007.08.08 -
McAfee 5093 2007.08.08 BackDoor-CEP.svr
Microsoft 1.2704 2007.08.08 -
NOD32v2 2444 2007.08.08 -
Norman 5.80.02 2007.08.08 -
Panda 9.0.0.4 2007.08.08 -
Prevx1 V2 2007.08.08 -
Rising 19.35.22.00 2007.08.08 -
Sophos 4.19.0 2007.08.01 -
Sunbelt 2.2.907.0 2007.08.07 Backdoor.Bifrose.NQ
Symantec 10 2007.08.08 -
TheHacker 6.1.7.164 2007.08.08 -
VBA32 3.12.2.2 2007.08.07 -
VirusBuster 4.3.26:9 2007.08.08 -
Webwasher-Gateway 6.0.1 2007.08.08 Trojan.Bifrose.NU
Additional information
File size: 1287830 bytes
MD5: 59d2bbf5ad8ea131d5529b065c0b7198
SHA1: 876ea37398338ca22cd0a270eebd6d6b265718ce
packers: Themida

p2pman · Aug 8, 2007

-

Auttaja · Aug 8, 2007

Moi.. Eli koneellasi on niin paha infektio että sitä ei kannata puhistaa.. voishan sitä tietty yrittää.. eli siis formattia ja uudelleen asennus paras ratkaisu.

p2pman · Aug 8, 2007

Millä tavalla se infektio on sitten paha? Ja miksei kannata puhdistaa?

Auttaja · Aug 8, 2007

Backdoor.Bifrose

Voit googlata tietoo siitä.. kuitenkin sitä ei ikinä saa takuvarmasti poistettua..

Log in or Sign up

HijackThis -logi

p2pman Regular member

Auttaja Guest

p2pman Regular member

Auttaja Guest

p2pman Regular member

p2pman Regular member

Auttaja Guest

p2pman Regular member

Auttaja Guest

Share This Page

Log in or Sign up

HijackThis -logi

p2pman Regular member

Auttaja Guest

p2pman Regular member

Auttaja Guest

p2pman Regular member

p2pman Regular member

Auttaja Guest

p2pman Regular member

Auttaja Guest

Share This Page

Useful Searches