HJT loki, taitaapi olla enemmänkin paskaan koneella

Dianzee · Aug 31, 2007

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 10:20:05, on 1.9.2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16512)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Ahead\InCD\InCDsrv.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\CyberLink DVD Solution\PowerDVD\PDVDServ.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\QuickTime\qttask.exe
C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb09.exe
C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\DAEMON Tools\daemon.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\ATKKBService.exe
C:\Program Files\Logitech\SetPoint\SetPoint.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\Program Files\OpenOffice.org 2.2\program\soffice.exe
C:\Program Files\Common Files\Logitech\KHAL\KHALMNPR.EXE
C:\Program Files\OpenOffice.org 2.2\program\soffice.BIN
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\Program Files\Raxco\PerfectDisk\PDAgent.exe
C:\WINDOWS\System32\PAStiSvc.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Canon\CAL\CALMAIN.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\Program Files\Skype\Plugin Manager\skypePM.exe
C:\Program Files\Raxco\PerfectDisk\PDEngine.exe
D:\Ohjelmatiedostot\mIRC\mirc.exe
C:\Program Files\MSN Messenger\usnsvc.exe
D:\Ohjelmatiedostot\Ad-Aware SE Personal\Ad-Aware.exe
D:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Norton 360\ScanStub.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Linkit
O3 - Toolbar: Norton-työkalurivi - {90222687-F593-4738-B738-FBEE9C7B26DF} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\1.5\UIBHO.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink DVD Solution\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb09.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033
O4 - HKLM\..\Run: [Logitech Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [avp] C:\WINDOWS\TEMP\win52.tmp.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [Symantec PIF AlertEng] "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /a /m "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\AlertEng.dll"
O4 - HKLM\..\Run: [CTDrive] rundll32.exe C:\WINDOWS\system32\drvwec.dll,startup
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [Steam] "d:\program files\steam\steam.exe" -silent
O4 - HKCU\..\Run: [LDM] C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
O4 - HKCU\..\Run: [updateMgr] "C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" AcRdB7_0_9 -reboot 1
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKLM\..\Policies\Explorer\Run: [issearch.exe] issearch.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Paikallinen palve')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Verkkopalve')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - Startup: OpenOffice.org 2.2.lnk = C:\Program Files\OpenOffice.org 2.2\program\quickstart.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: AutoCAD Startup Accelerator.lnk = C:\Program Files\Common Files\Autodesk Shared\acstart17.exe
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\SetPoint.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\npjpi160_02.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\npjpi160_02.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx2.mail.live.com/mail/w1/resources/MSNPUpld.cab
O16 - DPF: {6A344D34-5231-452A-8A57-D064AC9B7862} (Symantec Download Manager) - https://webdl.symantec.com/activex/symdlmgr.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://messenger.zone.msn.com/binary/ZIntro.cab56649.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: ATK Keyboard Service (ATKKeyboardService) - ASUSTeK COMPUTER INC. - C:\WINDOWS\ATKKBService.exe
O23 - Service: Autodesk Licensing Service - Autodesk - C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe
O23 - Service: Automaattinen LiveUpdate-ajastustoiminto - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: Automattinen LiveUpdate-ajastustoiminto - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: Canon Camera Access Library 8 (CCALib8) - Canon Inc. - C:\Program Files\Canon\CAL\CALMAIN.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: COM Host (comHost) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\VAScanner\comHost.exe
O23 - Service: DomainService - Unknown owner - C:\WINDOWS\system32\koswqnis.exe (file missing)
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: InCD Helper (InCDsrv) - Nero AG - C:\Program Files\Ahead\InCD\InCDsrv.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: LiveUpdate Notice Service Ex (LiveUpdate Notice Ex) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: LiveUpdate Notice Service - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
O23 - Service: MSCSPTISRV - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\MSCSPTISRV.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: PACSPTISVR - Unknown owner - C:\Program Files\Common Files\Sony Shared\AVLib\PACSPTISVR.exe
O23 - Service: PDAgent - Raxco Software, Inc. - C:\Program Files\Raxco\PerfectDisk\PDAgent.exe
O23 - Service: PDEngine - Raxco Software, Inc. - C:\Program Files\Raxco\PerfectDisk\PDEngine.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: SonicStage Back-End Service - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SsBeSvc.exe
O23 - Service: Sony SCSI Helper Service - Sony Corporation - C:\Program Files\Common Files\Sony Shared\Fsk\SonySCSIHelperService.exe
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe
O23 - Service: SonicStage SCSI Service (SSScsiSV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SSScsiSV.exe
O23 - Service: STI Simulator - Unknown owner - C:\WINDOWS\System32\PAStiSvc.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe

--
End of file - 11164 bytes

Eli löytyykö mitään, varmaankin löytyy.

Hujo · Sep 1, 2007

scannaa hjt:llä merkkaa paina Fix checked

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
O23 - Service: DomainService - Unknown owner - C:\WINDOWS\system32\koswqnis.exe (file missing)

=================

Kopioi / liitä seuraava teksti alapuolella tyhjään muistioFiluun
Varmista että tiedoston tyyppi on ”all Files” ja tallenna se Poisto.bat. nimisenä
työpöydällesi.

@echo off
sc stop DomainService
sc delete DomainService

Tupla-klikkaa Poisto.bat. filua työpöydälläsi , ikkuna avautuu ja Sulkeutuu tämä on normaalia.

========================

Lataa VundoFix.exe työpöydällesi.

Tupla-klikkaa VundoFix.exe ajaaksesi sen.
Klikkaa Scan for Vundo valintaa.
Kun skannaus on valmis, klikkaa Remove Vundo valintaa.
Sinulta kysytään haluatko poistaa filut - klikkaa YES.
Kun olet klikannut yes, työpöytäsi tyhjenee kun se alkaa poistamaan Vundoa.
Kun se on valmis, fiksi ilmoittaa käynnistäväsi koneesi uudelleen, klikkaa OK.
Postita C:\vundofix.txt lokin sekä tuoreen HijackThis lokin sisältö.

Huomaa: Se on mahdollista että VundoFix löysi tiedoston jota se ei pystynyt poistamaan.
Tässä tilanteessa, VundoFix ajaa itsensä rebootissa, seuraa vain yläpuolelle olevia ohjeita alkaen kohdasta "Klikkaa Scan for Vundo valintaa." kun VundoFix ilmaantuu uudelleenkäynnistyksen yhteydessä.

===============

Lataa SmitfraudFix (c) S!Ri http://siri.urz.free.fr/Fix/SmitfraudFix.zip
Pura sisältö (kansio nimeltä SmitfraudFix) työpöydällesi:

Avaa SmitfraudFix kansio ja tupla-klikkaa smitfraudfix.cmd
Valitse optio #1 - Search kirjoittamalla 1 ja painamalla "Enter"; tekstitiedosto avautuu, joka listaa tarttuneet tiedostot (jos olemassa).
Postita tämän tekstitiedoston sisältö viestiketjuusi.

Huomaa : process.exe filun tunnistaa jotkut Anti-virus ohjelmat (AntiVir, Dr.Web, Kaspersky) "Haittakaluna"; se ei ole virus, vaan ohjelma joka pysäyttää prosesseja. A/V ohjelmat eivät pysty tunnistamaan hyvän ja pahan käytön tälläisten ohjelmian väliltä, silloin ne saattavat varoittaa käyttäjää.

==================

laita lokit

Dianzee · Sep 1, 2007

Smitfraudfix logi:

SmitFraudFix v2.218

Scan done at 14:35:11,73, la 01.09.2007
Run from C:\Documents and Settings\Samuli Sarkkinen\Ty”p”yt„\SmitfraudFix
OS: Microsoft Windows XP [versio 5.1.2600] - Windows_NT
The filesystem type is NTFS
Fix run in normal mode

»»»»»»»»»»»»»»»»»»»»»»»» Process

C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Ahead\InCD\InCDsrv.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\WINDOWS\Explorer.EXE
D:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\CyberLink DVD Solution\PowerDVD\PDVDServ.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\QuickTime\qttask.exe
C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb09.exe
C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\DAEMON Tools\daemon.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
D:\Program Files\Lavasoft\Ad-Aware 2007\AAWTray.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
D:\program files\steam\steam.exe
C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\ATKKBService.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\Program Files\Logitech\SetPoint\SetPoint.exe
C:\Program Files\OpenOffice.org 2.2\program\soffice.exe
C:\Program Files\Common Files\Logitech\KHAL\KHALMNPR.EXE
C:\Program Files\OpenOffice.org 2.2\program\soffice.BIN
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\Program Files\Raxco\PerfectDisk\PDAgent.exe
C:\WINDOWS\System32\PAStiSvc.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Canon\CAL\CALMAIN.exe
C:\Program Files\Raxco\PerfectDisk\PDEngine.exe
C:\Program Files\Skype\Plugin Manager\skypePM.exe
C:\Program Files\MSN Messenger\usnsvc.exe
C:\WINDOWS\system32\rundll32.exe
D:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\cmd.exe

»»»»»»»»»»»»»»»»»»»»»»»» hosts

»»»»»»»»»»»»»»»»»»»»»»»» C:\

»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS

»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system

»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\Web

»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system32

C:\WINDOWS\system32\drvwec.dll FOUND !

»»»»»»»»»»»»»»»»»»»»»»»» C:\Documents and Settings\Samuli Sarkkinen

»»»»»»»»»»»»»»»»»»»»»»»» C:\Documents and Settings\Samuli Sarkkinen\Application Data

»»»»»»»»»»»»»»»»»»»»»»»» Start Menu

»»»»»»»»»»»»»»»»»»»»»»»» C:\DOCUME~1\SAMULI~1\Suosikit

»»»»»»»»»»»»»»»»»»»»»»»» Desktop

»»»»»»»»»»»»»»»»»»»»»»»» C:\Program Files

»»»»»»»»»»»»»»»»»»»»»»»» Corrupted keys

»»»»»»»»»»»»»»»»»»»»»»»» Desktop Components

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Desktop\Components\0]
"Source"="About:Home"
"SubscribedURL"="About:Home"
"FriendlyName"="Nykyinen kotisivu"

»»»»»»»»»»»»»»»»»»»»»»»» Sharedtaskscheduler
!!!Attention, following keys are not inevitably infected!!!

SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll

»»»»»»»»»»»»»»»»»»»»»»»» AppInit_DLLs
!!!Attention, following keys are not inevitably infected!!!

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLs"=""

»»»»»»»»»»»»»»»»»»»»»»»» Winlogon.System
!!!Attention, following keys are not inevitably infected!!!

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
"System"=""

»»»»»»»»»»»»»»»»»»»»»»»» Rustock

»»»»»»»»»»»»»»»»»»»»»»»» DNS

Description: NVIDIA nForce Networking Controller - Paketinajoituksen miniportti
DNS Server Search Order: 193.229.0.40
DNS Server Search Order: 193.229.0.42

HKLM\SYSTEM\CCS\Services\Tcpip\..\{E9ECED15-FBD1-445A-AFE6-E55D05B08373}: DhcpNameServer=193.229.0.40 193.229.0.42
HKLM\SYSTEM\CS1\Services\Tcpip\..\{E9ECED15-FBD1-445A-AFE6-E55D05B08373}: DhcpNameServer=193.229.0.40 193.229.0.42
HKLM\SYSTEM\CS2\Services\Tcpip\..\{E9ECED15-FBD1-445A-AFE6-E55D05B08373}: DhcpNameServer=193.229.0.40 193.229.0.42
HKLM\SYSTEM\CS3\Services\Tcpip\..\{E9ECED15-FBD1-445A-AFE6-E55D05B08373}: DhcpNameServer=193.229.0.40 193.229.0.42
HKLM\SYSTEM\CCS\Services\Tcpip\Parameters: DhcpNameServer=193.229.0.40 193.229.0.42
HKLM\SYSTEM\CS1\Services\Tcpip\Parameters: DhcpNameServer=193.229.0.40 193.229.0.42
HKLM\SYSTEM\CS2\Services\Tcpip\Parameters: DhcpNameServer=193.229.0.40 193.229.0.42
HKLM\SYSTEM\CS3\Services\Tcpip\Parameters: DhcpNameServer=193.229.0.40 193.229.0.42

»»»»»»»»»»»»»»»»»»»»»»»» Scanning for wininet.dll infection

»»»»»»»»»»»»»»»»»»»»»»»» End

HJT logi:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 14:36:46, on 1.9.2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16512)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Ahead\InCD\InCDsrv.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\WINDOWS\Explorer.EXE
D:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\CyberLink DVD Solution\PowerDVD\PDVDServ.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\QuickTime\qttask.exe
C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb09.exe
C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\DAEMON Tools\daemon.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
D:\Program Files\Lavasoft\Ad-Aware 2007\AAWTray.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
D:\program files\steam\steam.exe
C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\ATKKBService.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\Program Files\Logitech\SetPoint\SetPoint.exe
C:\Program Files\OpenOffice.org 2.2\program\soffice.exe
C:\Program Files\Common Files\Logitech\KHAL\KHALMNPR.EXE
C:\Program Files\OpenOffice.org 2.2\program\soffice.BIN
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\Program Files\Raxco\PerfectDisk\PDAgent.exe
C:\WINDOWS\System32\PAStiSvc.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Canon\CAL\CALMAIN.exe
C:\Program Files\Raxco\PerfectDisk\PDEngine.exe
C:\Program Files\Skype\Plugin Manager\skypePM.exe
C:\Program Files\MSN Messenger\usnsvc.exe
C:\WINDOWS\system32\rundll32.exe
D:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Linkit
O3 - Toolbar: Norton-työkalurivi - {90222687-F593-4738-B738-FBEE9C7B26DF} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\1.5\UIBHO.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink DVD Solution\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb09.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033
O4 - HKLM\..\Run: [Logitech Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [avp] C:\WINDOWS\TEMP\win52.tmp.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [Symantec PIF AlertEng] "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /a /m "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\AlertEng.dll"
O4 - HKLM\..\Run: [CTDrive] rundll32.exe C:\WINDOWS\system32\drvwec.dll,startup
O4 - HKLM\..\Run: [AAWTray] D:\Program Files\Lavasoft\Ad-Aware 2007\AAWTray.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [Steam] "d:\program files\steam\steam.exe" -silent
O4 - HKCU\..\Run: [LDM] C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
O4 - HKCU\..\Run: [updateMgr] "C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" AcRdB7_0_9 -reboot 1
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKLM\..\Policies\Explorer\Run: [issearch.exe] issearch.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Paikallinen palve')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Verkkopalve')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - Startup: OpenOffice.org 2.2.lnk = C:\Program Files\OpenOffice.org 2.2\program\quickstart.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: AutoCAD Startup Accelerator.lnk = C:\Program Files\Common Files\Autodesk Shared\acstart17.exe
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\SetPoint.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\npjpi160_02.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\npjpi160_02.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx2.mail.live.com/mail/w1/resources/MSNPUpld.cab
O16 - DPF: {6A344D34-5231-452A-8A57-D064AC9B7862} (Symantec Download Manager) - https://webdl.symantec.com/activex/symdlmgr.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://messenger.zone.msn.com/binary/ZIntro.cab56649.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - D:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: ATK Keyboard Service (ATKKeyboardService) - ASUSTeK COMPUTER INC. - C:\WINDOWS\ATKKBService.exe
O23 - Service: Autodesk Licensing Service - Autodesk - C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe
O23 - Service: Automaattinen LiveUpdate-ajastustoiminto - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: Automattinen LiveUpdate-ajastustoiminto - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: Canon Camera Access Library 8 (CCALib8) - Canon Inc. - C:\Program Files\Canon\CAL\CALMAIN.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: COM Host (comHost) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\VAScanner\comHost.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: InCD Helper (InCDsrv) - Nero AG - C:\Program Files\Ahead\InCD\InCDsrv.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: LiveUpdate Notice Service Ex (LiveUpdate Notice Ex) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: LiveUpdate Notice Service - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
O23 - Service: MSCSPTISRV - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\MSCSPTISRV.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: PACSPTISVR - Unknown owner - C:\Program Files\Common Files\Sony Shared\AVLib\PACSPTISVR.exe
O23 - Service: PDAgent - Raxco Software, Inc. - C:\Program Files\Raxco\PerfectDisk\PDAgent.exe
O23 - Service: PDEngine - Raxco Software, Inc. - C:\Program Files\Raxco\PerfectDisk\PDEngine.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: SonicStage Back-End Service - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SsBeSvc.exe
O23 - Service: Sony SCSI Helper Service - Sony Corporation - C:\Program Files\Common Files\Sony Shared\Fsk\SonySCSIHelperService.exe
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe
O23 - Service: SonicStage SCSI Service (SSScsiSV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SSScsiSV.exe
O23 - Service: STI Simulator - Unknown owner - C:\WINDOWS\System32\PAStiSvc.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe

--
End of file - 11181 bytes

Vundo logi:

VundoFix V6.2.0

Checking Java version...

Java version is 1.5.0.9

Scan started at 16:56:31 8.10.2006

Listing files found while scanning....

C:\WINDOWS\system32\ddcya.dll
C:\WINDOWS\system32\aycdd.ini
C:\WINDOWS\system32\aycdd.bak1
C:\WINDOWS\system32\aycdd.bak2
C:\WINDOWS\system32\aycdd.ini2
C:\WINDOWS\system32\aycdd.tmp
C:\WINDOWS\system32\pmcloffj.dll
C:\WINDOWS\system32\etaaigdd.exe
C:\WINDOWS\system32\fveyrigw.exe
C:\WINDOWS\system32\gwnjpsui.exe
C:\WINDOWS\system32\hmlxdqim.exe
C:\WINDOWS\system32\hnohbgbp.exe
C:\WINDOWS\system32\hutmmalu.exe
C:\WINDOWS\system32\ilfkgvmu.exe
C:\WINDOWS\system32\jngqcxau.exe
C:\WINDOWS\system32\jyqestgk.exe
C:\WINDOWS\system32\lnvoxnxi.exe
C:\WINDOWS\system32\qrxeulwe.exe
C:\WINDOWS\system32\rbkhblpr.exe
C:\WINDOWS\system32\rdcdqetc.exe
C:\WINDOWS\system32\rprdionx.exe
C:\WINDOWS\system32\ssmtnxmm.exe
C:\WINDOWS\system32\svygunwc.exe
C:\WINDOWS\system32\tctuiknu.exe
C:\WINDOWS\system32\tpncnwuh.exe
C:\WINDOWS\system32\vakijdol.exe
C:\WINDOWS\system32\vdosltex.exe
C:\WINDOWS\system32\wleyitnk.exe
C:\WINDOWS\system32\yancreau.exe
C:\WINDOWS\System32\ddcya.dll
C:\WINDOWS\system32\aycdd.ini
C:\WINDOWS\system32\aycdd.bak1
C:\WINDOWS\system32\aycdd.bak2
C:\WINDOWS\system32\aycdd.ini2
C:\WINDOWS\system32\aycdd.tmp
C:\WINDOWS\System32\aycdd.ini
C:\WINDOWS\System32\aycdd.bak1
C:\WINDOWS\System32\aycdd.bak2
C:\WINDOWS\System32\aycdd.ini2
C:\WINDOWS\System32\aycdd.tmp

Beginning removal...

Attempting to delete C:\WINDOWS\system32\ddcya.dll
C:\WINDOWS\system32\ddcya.dll Could not be deleted.

Attempting to delete C:\WINDOWS\system32\aycdd.ini
C:\WINDOWS\system32\aycdd.ini Has been deleted!

Attempting to delete C:\WINDOWS\system32\aycdd.bak1
C:\WINDOWS\system32\aycdd.bak1 Has been deleted!

Attempting to delete C:\WINDOWS\system32\aycdd.bak2
C:\WINDOWS\system32\aycdd.bak2 Has been deleted!

Attempting to delete C:\WINDOWS\system32\aycdd.ini2
C:\WINDOWS\system32\aycdd.ini2 Has been deleted!

Attempting to delete C:\WINDOWS\system32\aycdd.tmp
C:\WINDOWS\system32\aycdd.tmp Has been deleted!

Attempting to delete C:\WINDOWS\system32\pmcloffj.dll
C:\WINDOWS\system32\pmcloffj.dll Has been deleted!

Attempting to delete C:\WINDOWS\system32\etaaigdd.exe
C:\WINDOWS\system32\etaaigdd.exe Has been deleted!

Attempting to delete C:\WINDOWS\system32\fveyrigw.exe
C:\WINDOWS\system32\fveyrigw.exe Has been deleted!

Attempting to delete C:\WINDOWS\system32\gwnjpsui.exe
C:\WINDOWS\system32\gwnjpsui.exe Has been deleted!

Attempting to delete C:\WINDOWS\system32\hmlxdqim.exe
C:\WINDOWS\system32\hmlxdqim.exe Has been deleted!

Attempting to delete C:\WINDOWS\system32\hnohbgbp.exe
C:\WINDOWS\system32\hnohbgbp.exe Has been deleted!

Attempting to delete C:\WINDOWS\system32\hutmmalu.exe
C:\WINDOWS\system32\hutmmalu.exe Has been deleted!

Attempting to delete C:\WINDOWS\system32\ilfkgvmu.exe
C:\WINDOWS\system32\ilfkgvmu.exe Has been deleted!

Attempting to delete C:\WINDOWS\system32\jngqcxau.exe
C:\WINDOWS\system32\jngqcxau.exe Has been deleted!

Attempting to delete C:\WINDOWS\system32\jyqestgk.exe
C:\WINDOWS\system32\jyqestgk.exe Has been deleted!

Attempting to delete C:\WINDOWS\system32\lnvoxnxi.exe
C:\WINDOWS\system32\lnvoxnxi.exe Has been deleted!

Attempting to delete C:\WINDOWS\system32\qrxeulwe.exe
C:\WINDOWS\system32\qrxeulwe.exe Has been deleted!

Attempting to delete C:\WINDOWS\system32\rbkhblpr.exe
C:\WINDOWS\system32\rbkhblpr.exe Has been deleted!

Attempting to delete C:\WINDOWS\system32\rdcdqetc.exe
C:\WINDOWS\system32\rdcdqetc.exe Has been deleted!

Attempting to delete C:\WINDOWS\system32\rprdionx.exe
C:\WINDOWS\system32\rprdionx.exe Has been deleted!

Attempting to delete C:\WINDOWS\system32\ssmtnxmm.exe
C:\WINDOWS\system32\ssmtnxmm.exe Has been deleted!

Attempting to delete C:\WINDOWS\system32\svygunwc.exe
C:\WINDOWS\system32\svygunwc.exe Has been deleted!

Attempting to delete C:\WINDOWS\system32\tctuiknu.exe
C:\WINDOWS\system32\tctuiknu.exe Has been deleted!

Attempting to delete C:\WINDOWS\system32\tpncnwuh.exe
C:\WINDOWS\system32\tpncnwuh.exe Has been deleted!

Attempting to delete C:\WINDOWS\system32\vakijdol.exe
C:\WINDOWS\system32\vakijdol.exe Has been deleted!

Attempting to delete C:\WINDOWS\system32\vdosltex.exe
C:\WINDOWS\system32\vdosltex.exe Has been deleted!

Attempting to delete C:\WINDOWS\system32\wleyitnk.exe
C:\WINDOWS\system32\wleyitnk.exe Has been deleted!

Attempting to delete C:\WINDOWS\system32\yancreau.exe
C:\WINDOWS\system32\yancreau.exe Has been deleted!

Attempting to delete C:\WINDOWS\System32\ddcya.dll
C:\WINDOWS\System32\ddcya.dll Could not be deleted.

Performing Repairs to the registry.
Done!

VundoFix V6.2.0

Checking Java version...

Java version is 1.5.0.9

Scan started at 17:08:28 8.10.2006

Listing files found while scanning....

C:\WINDOWS\system32\ddcya.dll

Beginning removal...

Attempting to delete C:\WINDOWS\system32\ddcya.dll
C:\WINDOWS\system32\ddcya.dll Has been deleted!

Performing Repairs to the registry.
Done!

VundoFix V6.5.7

Checking Java version...

Java version is 1.5.0.9
Old versions of java are exploitable and should be removed.

Java version is 1.5.0.11

Scan started at 13:58:37 1.9.2007

Listing files found while scanning....

C:\Documents and settings\Samuli Sarkkinen\Application Data\SearchToolbarCorp\Toolbar Vision\PageHistory.txt
C:\Documents and settings\Samuli Sarkkinen\Application Data\SearchToolbarCorp\Toolbar Vision\WebHistory.txt
C:\WINDOWS\system32\kicnhomc.dll
C:\WINDOWS\system32\kjllm.bak1
C:\WINDOWS\system32\kjllm.bak2
C:\WINDOWS\system32\kjllm.ini
C:\WINDOWS\system32\kjllm.ini2
C:\WINDOWS\system32\kjllm.tmp
C:\WINDOWS\system32\mlljk.dll
C:\WINDOWS\system32\pmcloffj.dll

Beginning removal...

Attempting to delete C:\Documents and settings\Samuli Sarkkinen\Application Data\SearchToolbarCorp\Toolbar Vision\PageHistory.txt
C:\Documents and settings\Samuli Sarkkinen\Application Data\SearchToolbarCorp\Toolbar Vision\PageHistory.txt Has been deleted!

Attempting to delete C:\Documents and settings\Samuli Sarkkinen\Application Data\SearchToolbarCorp\Toolbar Vision\WebHistory.txt
C:\Documents and settings\Samuli Sarkkinen\Application Data\SearchToolbarCorp\Toolbar Vision\WebHistory.txt Has been deleted!

Attempting to delete C:\WINDOWS\system32\kjllm.bak1
C:\WINDOWS\system32\kjllm.bak1 Has been deleted!

Attempting to delete C:\WINDOWS\system32\kjllm.bak2
C:\WINDOWS\system32\kjllm.bak2 Has been deleted!

Attempting to delete C:\WINDOWS\system32\kjllm.ini
C:\WINDOWS\system32\kjllm.ini Has been deleted!

Attempting to delete C:\WINDOWS\system32\kjllm.ini2
C:\WINDOWS\system32\kjllm.ini2 Has been deleted!

Attempting to delete C:\WINDOWS\system32\kjllm.tmp
C:\WINDOWS\system32\kjllm.tmp Has been deleted!

Attempting to delete C:\WINDOWS\system32\mlljk.dll
C:\WINDOWS\system32\mlljk.dll Has been deleted!

Performing Repairs to the registry.
Done!

Hujo · Sep 1, 2007

vanha VundoFix V6.2.0 ota ja poista vanha lataa uusii koneelle linkistä ja aja lävitse.

mene vikasietotilaan ja aja smitraudfixsi ja tällä kertaat täppäät numeroa 2 ja enter.

=================

laita uudet raportit ja uusi hjt:n loki

Dianzee · Sep 1, 2007

Smitfraud logi:

SmitFraudFix v2.218

Scan done at 20:15:39,18, la 01.09.2007
Run from C:\Documents and Settings\Samuli Sarkkinen\Ty”p”yt„\SmitfraudFix
OS: Microsoft Windows XP [versio 5.1.2600] - Windows_NT
The filesystem type is NTFS
Fix run in safe mode

»»»»»»»»»»»»»»»»»»»»»»»» SharedTaskScheduler Before SmitFraudFix
!!!Attention, following keys are not inevitably infected!!!

SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll

»»»»»»»»»»»»»»»»»»»»»»»» Killing process

»»»»»»»»»»»»»»»»»»»»»»»» hosts

127.0.0.1 localhost

»»»»»»»»»»»»»»»»»»»»»»»» Generic Renos Fix

GenericRenosFix by S!Ri

»»»»»»»»»»»»»»»»»»»»»»»» Deleting infected files

C:\WINDOWS\system32\drvwec.dll Deleted

»»»»»»»»»»»»»»»»»»»»»»»» DNS

HKLM\SYSTEM\CCS\Services\Tcpip\..\{E9ECED15-FBD1-445A-AFE6-E55D05B08373}: DhcpNameServer=193.229.0.40 193.229.0.42
HKLM\SYSTEM\CS1\Services\Tcpip\..\{E9ECED15-FBD1-445A-AFE6-E55D05B08373}: DhcpNameServer=193.229.0.40 193.229.0.42
HKLM\SYSTEM\CS2\Services\Tcpip\..\{E9ECED15-FBD1-445A-AFE6-E55D05B08373}: DhcpNameServer=193.229.0.40 193.229.0.42
HKLM\SYSTEM\CS3\Services\Tcpip\..\{E9ECED15-FBD1-445A-AFE6-E55D05B08373}: DhcpNameServer=193.229.0.40 193.229.0.42
HKLM\SYSTEM\CCS\Services\Tcpip\Parameters: DhcpNameServer=193.229.0.40 193.229.0.42
HKLM\SYSTEM\CS1\Services\Tcpip\Parameters: DhcpNameServer=193.229.0.40 193.229.0.42
HKLM\SYSTEM\CS2\Services\Tcpip\Parameters: DhcpNameServer=193.229.0.40 193.229.0.42
HKLM\SYSTEM\CS3\Services\Tcpip\Parameters: DhcpNameServer=193.229.0.40 193.229.0.42

»»»»»»»»»»»»»»»»»»»»»»»» Deleting Temp Files

»»»»»»»»»»»»»»»»»»»»»»»» Winlogon.System
!!!Attention, following keys are not inevitably infected!!!

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
"System"=""

»»»»»»»»»»»»»»»»»»»»»»»» Registry Cleaning

Registry Cleaning done.

»»»»»»»»»»»»»»»»»»»»»»»» SharedTaskScheduler After SmitFraudFix
!!!Attention, following keys are not inevitably infected!!!

SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll

»»»»»»»»»»»»»»»»»»»»»»»» End

HJT logi:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 20:25:16, on 1.9.2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16512)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Ahead\InCD\InCDsrv.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
D:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\CyberLink DVD Solution\PowerDVD\PDVDServ.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\QuickTime\qttask.exe
C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb09.exe
C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\DAEMON Tools\daemon.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
D:\Program Files\Lavasoft\Ad-Aware 2007\AAWTray.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
D:\program files\steam\steam.exe
C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\ATKKBService.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
C:\Program Files\Logitech\SetPoint\SetPoint.exe
C:\Program Files\OpenOffice.org 2.2\program\soffice.exe
C:\Program Files\Common Files\Logitech\KHAL\KHALMNPR.EXE
C:\Program Files\OpenOffice.org 2.2\program\soffice.BIN
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\Program Files\Raxco\PerfectDisk\PDAgent.exe
C:\WINDOWS\System32\PAStiSvc.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Canon\CAL\CALMAIN.exe
C:\Program Files\Raxco\PerfectDisk\PDEngine.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\MSN Messenger\usnsvc.exe
C:\Program Files\Skype\Plugin Manager\skypePM.exe
D:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Linkit
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {1E8A6170-7264-4D0F-BEAE-D42A53123C75} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\1.5\NppBho.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: (no name) - {8CDDDAC0-AEA4-4EFC-94FA-8EA989E530FD} - C:\WINDOWS\system32\mlljk.dll (file missing)
O2 - BHO: (no name) - {A3624CF3-54E1-4FD0-88EF-F9BDF3979F3A} - C:\WINDOWS\system32\pmnnkhh.dll
O2 - BHO: (no name) - {E4EEFFED-93CD-4CF0-A0F3-50D139121FEE} - C:\WINDOWS\system32\iiffdcy.dll (file missing)
O2 - BHO: (no name) - {F4BC53CD-7A80-47FB-9CFA-B1399A45301E} - C:\WINDOWS\system32\gebyv.dll (file missing)
O3 - Toolbar: Norton-työkalurivi - {90222687-F593-4738-B738-FBEE9C7B26DF} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\1.5\UIBHO.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink DVD Solution\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb09.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033
O4 - HKLM\..\Run: [Logitech Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [Symantec PIF AlertEng] "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /a /m "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\AlertEng.dll"
O4 - HKLM\..\Run: [AAWTray] D:\Program Files\Lavasoft\Ad-Aware 2007\AAWTray.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [Steam] "d:\program files\steam\steam.exe" -silent
O4 - HKCU\..\Run: [LDM] C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
O4 - HKCU\..\Run: [updateMgr] "C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" AcRdB7_0_9 -reboot 1
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Paikallinen palve')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Verkkopalve')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - Startup: OpenOffice.org 2.2.lnk = C:\Program Files\OpenOffice.org 2.2\program\quickstart.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: AutoCAD Startup Accelerator.lnk = C:\Program Files\Common Files\Autodesk Shared\acstart17.exe
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\SetPoint.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\npjpi160_02.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\npjpi160_02.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx2.mail.live.com/mail/w1/resources/MSNPUpld.cab
O16 - DPF: {6A344D34-5231-452A-8A57-D064AC9B7862} (Symantec Download Manager) - https://webdl.symantec.com/activex/symdlmgr.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://messenger.zone.msn.com/binary/ZIntro.cab56649.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - Winlogon Notify: iiffdcy - iiffdcy.dll (file missing)
O20 - Winlogon Notify: pmnnkhh - C:\WINDOWS\SYSTEM32\pmnnkhh.dll
O20 - Winlogon Notify: winbug32 - C:\WINDOWS\SYSTEM32\winbug32.dll
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - D:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: ATK Keyboard Service (ATKKeyboardService) - ASUSTeK COMPUTER INC. - C:\WINDOWS\ATKKBService.exe
O23 - Service: Autodesk Licensing Service - Autodesk - C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe
O23 - Service: Automaattinen LiveUpdate-ajastustoiminto - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: Automattinen LiveUpdate-ajastustoiminto - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: Canon Camera Access Library 8 (CCALib8) - Canon Inc. - C:\Program Files\Canon\CAL\CALMAIN.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: COM Host (comHost) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\VAScanner\comHost.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: InCD Helper (InCDsrv) - Nero AG - C:\Program Files\Ahead\InCD\InCDsrv.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: LiveUpdate Notice Service Ex (LiveUpdate Notice Ex) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: LiveUpdate Notice Service - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
O23 - Service: MSCSPTISRV - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\MSCSPTISRV.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: PACSPTISVR - Unknown owner - C:\Program Files\Common Files\Sony Shared\AVLib\PACSPTISVR.exe
O23 - Service: PDAgent - Raxco Software, Inc. - C:\Program Files\Raxco\PerfectDisk\PDAgent.exe
O23 - Service: PDEngine - Raxco Software, Inc. - C:\Program Files\Raxco\PerfectDisk\PDEngine.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: SonicStage Back-End Service - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SsBeSvc.exe
O23 - Service: Sony SCSI Helper Service - Sony Corporation - C:\Program Files\Common Files\Sony Shared\Fsk\SonySCSIHelperService.exe
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe
O23 - Service: SonicStage SCSI Service (SSScsiSV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SSScsiSV.exe
O23 - Service: STI Simulator - Unknown owner - C:\WINDOWS\System32\PAStiSvc.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe

--
End of file - 11556 bytes

Vundo logi:

VundoFix V6.2.0

Checking Java version...

Java version is 1.5.0.9

Scan started at 16:56:31 8.10.2006

Listing files found while scanning....

C:\WINDOWS\system32\ddcya.dll
C:\WINDOWS\system32\aycdd.ini
C:\WINDOWS\system32\aycdd.bak1
C:\WINDOWS\system32\aycdd.bak2
C:\WINDOWS\system32\aycdd.ini2
C:\WINDOWS\system32\aycdd.tmp
C:\WINDOWS\system32\pmcloffj.dll
C:\WINDOWS\system32\etaaigdd.exe
C:\WINDOWS\system32\fveyrigw.exe
C:\WINDOWS\system32\gwnjpsui.exe
C:\WINDOWS\system32\hmlxdqim.exe
C:\WINDOWS\system32\hnohbgbp.exe
C:\WINDOWS\system32\hutmmalu.exe
C:\WINDOWS\system32\ilfkgvmu.exe
C:\WINDOWS\system32\jngqcxau.exe
C:\WINDOWS\system32\jyqestgk.exe
C:\WINDOWS\system32\lnvoxnxi.exe
C:\WINDOWS\system32\qrxeulwe.exe
C:\WINDOWS\system32\rbkhblpr.exe
C:\WINDOWS\system32\rdcdqetc.exe
C:\WINDOWS\system32\rprdionx.exe
C:\WINDOWS\system32\ssmtnxmm.exe
C:\WINDOWS\system32\svygunwc.exe
C:\WINDOWS\system32\tctuiknu.exe
C:\WINDOWS\system32\tpncnwuh.exe
C:\WINDOWS\system32\vakijdol.exe
C:\WINDOWS\system32\vdosltex.exe
C:\WINDOWS\system32\wleyitnk.exe
C:\WINDOWS\system32\yancreau.exe
C:\WINDOWS\System32\ddcya.dll
C:\WINDOWS\system32\aycdd.ini
C:\WINDOWS\system32\aycdd.bak1
C:\WINDOWS\system32\aycdd.bak2
C:\WINDOWS\system32\aycdd.ini2
C:\WINDOWS\system32\aycdd.tmp
C:\WINDOWS\System32\aycdd.ini
C:\WINDOWS\System32\aycdd.bak1
C:\WINDOWS\System32\aycdd.bak2
C:\WINDOWS\System32\aycdd.ini2
C:\WINDOWS\System32\aycdd.tmp

Beginning removal...

Attempting to delete C:\WINDOWS\system32\ddcya.dll
C:\WINDOWS\system32\ddcya.dll Could not be deleted.

Attempting to delete C:\WINDOWS\system32\aycdd.ini
C:\WINDOWS\system32\aycdd.ini Has been deleted!

Attempting to delete C:\WINDOWS\system32\aycdd.bak1
C:\WINDOWS\system32\aycdd.bak1 Has been deleted!

Attempting to delete C:\WINDOWS\system32\aycdd.bak2
C:\WINDOWS\system32\aycdd.bak2 Has been deleted!

Attempting to delete C:\WINDOWS\system32\aycdd.ini2
C:\WINDOWS\system32\aycdd.ini2 Has been deleted!

Attempting to delete C:\WINDOWS\system32\aycdd.tmp
C:\WINDOWS\system32\aycdd.tmp Has been deleted!

Attempting to delete C:\WINDOWS\system32\pmcloffj.dll
C:\WINDOWS\system32\pmcloffj.dll Has been deleted!

Attempting to delete C:\WINDOWS\system32\etaaigdd.exe
C:\WINDOWS\system32\etaaigdd.exe Has been deleted!

Attempting to delete C:\WINDOWS\system32\fveyrigw.exe
C:\WINDOWS\system32\fveyrigw.exe Has been deleted!

Attempting to delete C:\WINDOWS\system32\gwnjpsui.exe
C:\WINDOWS\system32\gwnjpsui.exe Has been deleted!

Attempting to delete C:\WINDOWS\system32\hmlxdqim.exe
C:\WINDOWS\system32\hmlxdqim.exe Has been deleted!

Attempting to delete C:\WINDOWS\system32\hnohbgbp.exe
C:\WINDOWS\system32\hnohbgbp.exe Has been deleted!

Attempting to delete C:\WINDOWS\system32\hutmmalu.exe
C:\WINDOWS\system32\hutmmalu.exe Has been deleted!

Attempting to delete C:\WINDOWS\system32\ilfkgvmu.exe
C:\WINDOWS\system32\ilfkgvmu.exe Has been deleted!

Attempting to delete C:\WINDOWS\system32\jngqcxau.exe
C:\WINDOWS\system32\jngqcxau.exe Has been deleted!

Attempting to delete C:\WINDOWS\system32\jyqestgk.exe
C:\WINDOWS\system32\jyqestgk.exe Has been deleted!

Attempting to delete C:\WINDOWS\system32\lnvoxnxi.exe
C:\WINDOWS\system32\lnvoxnxi.exe Has been deleted!

Attempting to delete C:\WINDOWS\system32\qrxeulwe.exe
C:\WINDOWS\system32\qrxeulwe.exe Has been deleted!

Attempting to delete C:\WINDOWS\system32\rbkhblpr.exe
C:\WINDOWS\system32\rbkhblpr.exe Has been deleted!

Attempting to delete C:\WINDOWS\system32\rdcdqetc.exe
C:\WINDOWS\system32\rdcdqetc.exe Has been deleted!

Attempting to delete C:\WINDOWS\system32\rprdionx.exe
C:\WINDOWS\system32\rprdionx.exe Has been deleted!

Attempting to delete C:\WINDOWS\system32\ssmtnxmm.exe
C:\WINDOWS\system32\ssmtnxmm.exe Has been deleted!

Attempting to delete C:\WINDOWS\system32\svygunwc.exe
C:\WINDOWS\system32\svygunwc.exe Has been deleted!

Attempting to delete C:\WINDOWS\system32\tctuiknu.exe
C:\WINDOWS\system32\tctuiknu.exe Has been deleted!

Attempting to delete C:\WINDOWS\system32\tpncnwuh.exe
C:\WINDOWS\system32\tpncnwuh.exe Has been deleted!

Attempting to delete C:\WINDOWS\system32\vakijdol.exe
C:\WINDOWS\system32\vakijdol.exe Has been deleted!

Attempting to delete C:\WINDOWS\system32\vdosltex.exe
C:\WINDOWS\system32\vdosltex.exe Has been deleted!

Attempting to delete C:\WINDOWS\system32\wleyitnk.exe
C:\WINDOWS\system32\wleyitnk.exe Has been deleted!

Attempting to delete C:\WINDOWS\system32\yancreau.exe
C:\WINDOWS\system32\yancreau.exe Has been deleted!

Attempting to delete C:\WINDOWS\System32\ddcya.dll
C:\WINDOWS\System32\ddcya.dll Could not be deleted.

Performing Repairs to the registry.
Done!

VundoFix V6.2.0

Checking Java version...

Java version is 1.5.0.9

Scan started at 17:08:28 8.10.2006

Listing files found while scanning....

C:\WINDOWS\system32\ddcya.dll

Beginning removal...

Attempting to delete C:\WINDOWS\system32\ddcya.dll
C:\WINDOWS\system32\ddcya.dll Has been deleted!

Performing Repairs to the registry.
Done!

VundoFix V6.5.7

Checking Java version...

Java version is 1.5.0.9
Old versions of java are exploitable and should be removed.

Java version is 1.5.0.11

Scan started at 13:58:37 1.9.2007

Listing files found while scanning....

C:\Documents and settings\Samuli Sarkkinen\Application Data\SearchToolbarCorp\Toolbar Vision\PageHistory.txt
C:\Documents and settings\Samuli Sarkkinen\Application Data\SearchToolbarCorp\Toolbar Vision\WebHistory.txt
C:\WINDOWS\system32\kicnhomc.dll
C:\WINDOWS\system32\kjllm.bak1
C:\WINDOWS\system32\kjllm.bak2
C:\WINDOWS\system32\kjllm.ini
C:\WINDOWS\system32\kjllm.ini2
C:\WINDOWS\system32\kjllm.tmp
C:\WINDOWS\system32\mlljk.dll
C:\WINDOWS\system32\pmcloffj.dll

Beginning removal...

Attempting to delete C:\Documents and settings\Samuli Sarkkinen\Application Data\SearchToolbarCorp\Toolbar Vision\PageHistory.txt
C:\Documents and settings\Samuli Sarkkinen\Application Data\SearchToolbarCorp\Toolbar Vision\PageHistory.txt Has been deleted!

Attempting to delete C:\Documents and settings\Samuli Sarkkinen\Application Data\SearchToolbarCorp\Toolbar Vision\WebHistory.txt
C:\Documents and settings\Samuli Sarkkinen\Application Data\SearchToolbarCorp\Toolbar Vision\WebHistory.txt Has been deleted!

Attempting to delete C:\WINDOWS\system32\kjllm.bak1
C:\WINDOWS\system32\kjllm.bak1 Has been deleted!

Attempting to delete C:\WINDOWS\system32\kjllm.bak2
C:\WINDOWS\system32\kjllm.bak2 Has been deleted!

Attempting to delete C:\WINDOWS\system32\kjllm.ini
C:\WINDOWS\system32\kjllm.ini Has been deleted!

Attempting to delete C:\WINDOWS\system32\kjllm.ini2
C:\WINDOWS\system32\kjllm.ini2 Has been deleted!

Attempting to delete C:\WINDOWS\system32\kjllm.tmp
C:\WINDOWS\system32\kjllm.tmp Has been deleted!

Attempting to delete C:\WINDOWS\system32\mlljk.dll
C:\WINDOWS\system32\mlljk.dll Has been deleted!

Performing Repairs to the registry.
Done!

VundoFix V6.5.0

Checking Java version...

Java version is 1.5.0.9
Old versions of java are exploitable and should be removed.

Java version is 1.5.0.11

Scan started at 20:11:06 1.9.2007

Listing files found while scanning....

C:\WINDOWS\system32\gebyv.dll
C:\WINDOWS\system32\vybeg.bak1
C:\WINDOWS\system32\vybeg.ini

Beginning removal...

Attempting to delete C:\WINDOWS\system32\gebyv.dll
C:\WINDOWS\system32\gebyv.dll Could not be deleted.

Attempting to delete C:\WINDOWS\system32\vybeg.bak1
C:\WINDOWS\system32\vybeg.bak1 Has been deleted!

Attempting to delete C:\WINDOWS\system32\vybeg.ini
C:\WINDOWS\system32\vybeg.ini Has been deleted!

Performing Repairs to the registry.
Done!

Beginning removal...

Attempting to delete C:\WINDOWS\system32\gebyv.dll
C:\WINDOWS\system32\gebyv.dll Has been deleted!

Performing Repairs to the registry.
Done!

VundoFix V6.5.0

Checking Java version...

Java version is 1.5.0.9
Old versions of java are exploitable and should be removed.

Java version is 1.5.0.11

Scan started at 20:25:43 1.9.2007

Listing files found while scanning....

C:\WINDOWS\system32\rtstv.bak1
C:\WINDOWS\system32\rtstv.ini
C:\WINDOWS\system32\vtstr.dll

Beginning removal...

Attempting to delete C:\WINDOWS\system32\rtstv.bak1
C:\WINDOWS\system32\rtstv.bak1 Has been deleted!

Attempting to delete C:\WINDOWS\system32\rtstv.ini
C:\WINDOWS\system32\rtstv.ini Has been deleted!

Attempting to delete C:\WINDOWS\system32\vtstr.dll
C:\WINDOWS\system32\vtstr.dll Could not be deleted.

Performing Repairs to the registry.
Done!

Beginning removal...

Attempting to delete C:\WINDOWS\system32\vtstr.dll
C:\WINDOWS\system32\vtstr.dll Has been deleted!

Performing Repairs to the registry.
Done!

Tässä on vundo logi kyllä tehty uusimmalla versiolla, mutta tuo liki näyttää että vanhalla.

Hujo · Sep 1, 2007

laitas tuo hjt:n loki scannaten
===============================
tuossa näytti oleen se uusin versio
VundoFix V6.5.7

Dianzee · Sep 1, 2007

uusin HJT logi:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 9:45:22, on 2.9.2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16512)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Ahead\InCD\InCDsrv.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
D:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\CyberLink DVD Solution\PowerDVD\PDVDServ.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\QuickTime\qttask.exe
C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb09.exe
C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\DAEMON Tools\daemon.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
D:\Program Files\Lavasoft\Ad-Aware 2007\AAWTray.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
D:\program files\steam\steam.exe
C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
C:\WINDOWS\ATKKBService.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
C:\Program Files\Logitech\SetPoint\SetPoint.exe
C:\Program Files\OpenOffice.org 2.2\program\soffice.exe
C:\Program Files\OpenOffice.org 2.2\program\soffice.BIN
C:\Program Files\Common Files\Logitech\KHAL\KHALMNPR.EXE
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\Program Files\Raxco\PerfectDisk\PDAgent.exe
C:\WINDOWS\System32\PAStiSvc.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Canon\CAL\CALMAIN.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\Program Files\Raxco\PerfectDisk\PDEngine.exe
C:\Program Files\Skype\Plugin Manager\skypePM.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\MSN Messenger\usnsvc.exe
D:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Linkit
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {1E8A6170-7264-4D0F-BEAE-D42A53123C75} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\1.5\NppBho.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: (no name) - {8CDDDAC0-AEA4-4EFC-94FA-8EA989E530FD} - C:\WINDOWS\system32\mlljk.dll (file missing)
O2 - BHO: (no name) - {A3624CF3-54E1-4FD0-88EF-F9BDF3979F3A} - C:\WINDOWS\system32\pmnnkhh.dll
O2 - BHO: (no name) - {E01C6C14-B6C7-4830-98A8-BA98F68A3337} - C:\WINDOWS\system32\vtstr.dll (file missing)
O2 - BHO: (no name) - {E4EEFFED-93CD-4CF0-A0F3-50D139121FEE} - C:\WINDOWS\system32\iiffdcy.dll (file missing)
O2 - BHO: (no name) - {F4BC53CD-7A80-47FB-9CFA-B1399A45301E} - C:\WINDOWS\system32\gebyv.dll (file missing)
O3 - Toolbar: Norton-työkalurivi - {90222687-F593-4738-B738-FBEE9C7B26DF} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\1.5\UIBHO.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink DVD Solution\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb09.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033
O4 - HKLM\..\Run: [Logitech Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [Symantec PIF AlertEng] "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /a /m "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\AlertEng.dll"
O4 - HKLM\..\Run: [AAWTray] D:\Program Files\Lavasoft\Ad-Aware 2007\AAWTray.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [Steam] "d:\program files\steam\steam.exe" -silent
O4 - HKCU\..\Run: [LDM] C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
O4 - HKCU\..\Run: [updateMgr] "C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" AcRdB7_0_9 -reboot 1
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Paikallinen palve')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Verkkopalve')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - Startup: OpenOffice.org 2.2.lnk = C:\Program Files\OpenOffice.org 2.2\program\quickstart.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: AutoCAD Startup Accelerator.lnk = C:\Program Files\Common Files\Autodesk Shared\acstart17.exe
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\SetPoint.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\npjpi160_02.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\npjpi160_02.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx2.mail.live.com/mail/w1/resources/MSNPUpld.cab
O16 - DPF: {6A344D34-5231-452A-8A57-D064AC9B7862} (Symantec Download Manager) - https://webdl.symantec.com/activex/symdlmgr.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://messenger.zone.msn.com/binary/ZIntro.cab56649.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - Winlogon Notify: iiffdcy - iiffdcy.dll (file missing)
O20 - Winlogon Notify: pmnnkhh - C:\WINDOWS\SYSTEM32\pmnnkhh.dll
O20 - Winlogon Notify: winbug32 - C:\WINDOWS\SYSTEM32\winbug32.dll
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - D:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: ATK Keyboard Service (ATKKeyboardService) - ASUSTeK COMPUTER INC. - C:\WINDOWS\ATKKBService.exe
O23 - Service: Autodesk Licensing Service - Autodesk - C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe
O23 - Service: Automaattinen LiveUpdate-ajastustoiminto - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: Automattinen LiveUpdate-ajastustoiminto - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: Canon Camera Access Library 8 (CCALib8) - Canon Inc. - C:\Program Files\Canon\CAL\CALMAIN.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: COM Host (comHost) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\VAScanner\comHost.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: InCD Helper (InCDsrv) - Nero AG - C:\Program Files\Ahead\InCD\InCDsrv.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: LiveUpdate Notice Service Ex (LiveUpdate Notice Ex) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: LiveUpdate Notice Service - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
O23 - Service: MSCSPTISRV - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\MSCSPTISRV.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: PACSPTISVR - Unknown owner - C:\Program Files\Common Files\Sony Shared\AVLib\PACSPTISVR.exe
O23 - Service: PDAgent - Raxco Software, Inc. - C:\Program Files\Raxco\PerfectDisk\PDAgent.exe
O23 - Service: PDEngine - Raxco Software, Inc. - C:\Program Files\Raxco\PerfectDisk\PDEngine.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: SonicStage Back-End Service - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SsBeSvc.exe
O23 - Service: Sony SCSI Helper Service - Sony Corporation - C:\Program Files\Common Files\Sony Shared\Fsk\SonySCSIHelperService.exe
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe
O23 - Service: SonicStage SCSI Service (SSScsiSV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SSScsiSV.exe
O23 - Service: STI Simulator - Unknown owner - C:\WINDOWS\System32\PAStiSvc.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe

--
End of file - 11699 bytes

ja vundo logi:

C:\WINDOWS\system32\ilnmp.bak1
C:\WINDOWS\system32\ilnmp.ini
C:\WINDOWS\system32\pmnli.dll

Beginning removal...

Attempting to delete C:\WINDOWS\system32\ilnmp.bak1
C:\WINDOWS\system32\ilnmp.bak1 Has been deleted!

Attempting to delete C:\WINDOWS\system32\ilnmp.ini
C:\WINDOWS\system32\ilnmp.ini Has been deleted!

Attempting to delete C:\WINDOWS\system32\pmnli.dll
C:\WINDOWS\system32\pmnli.dll Could not be deleted.

Performing Repairs to the registry.
Done!

Beginning removal...

Attempting to delete C:\WINDOWS\system32\pmnli.dll
C:\WINDOWS\system32\pmnli.dll Has been deleted!

Performing Repairs to the registry.
Done!

Hujo · Sep 2, 2007

Nimeä uudeleen
C:\Program Files\Trend Micro\HijackThis\===> HijackThis.exe <====

1. Klikkaa hiiren oikealla painikkeella HijackThis ikonia.

2. Valitse Uudelleennineä/ Rename.

3. Kirjoita scanner.exe

==========================

scannaa hjt:llä merkkaa paina Fix checked

O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: (no name) - {8CDDDAC0-AEA4-4EFC-94FA-8EA989E530FD} - C:\WINDOWS\system32\mlljk.dll (file missing)
O2 - BHO: (no name) - {E01C6C14-B6C7-4830-98A8-BA98F68A3337} - C:\WINDOWS\system32\vtstr.dll (file missing)
O2 - BHO: (no name) - {E4EEFFED-93CD-4CF0-A0F3-50D139121FEE} - C:\WINDOWS\system32\iiffdcy.dll (file missing)
O2 - BHO: (no name) - {F4BC53CD-7A80-47FB-9CFA-B1399A45301E} - C:\WINDOWS\system32\gebyv.dll (file missing)
O20 - Winlogon Notify: iiffdcy - iiffdcy.dll (file missing)

=============================

1.Lataa combofix.exe työpöydällesi jommastakummasta linkistä:
http://www.techsupportforum.com/sectools/sUBs/ComboFix.exe
http://download.bleepingcomputer.com/sUBs/ComboFix.exe

2. Tuplaklikkaa combofix.exe tiedostoa ja seuraa ohjeistuksia.
3. Kun työkalu on valmis, se tuottaa lokin. Lähetä tämä loki viesti ketjuusi.
Huom! Älä klikkaile combofixin ikkunaa käytön aikana. Tämä saattaa aiheuttaa ohjelman jumiutumisen.

Dianzee · Sep 2, 2007

ComboFix 07-08-30.3 - "Samuli Sarkkinen" 2007-09-02 11:57:32.1 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1035.18.467 [GMT 3:00]
* Created a new restore point

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

C:\DOCUME~1\SAMULI~1\APPLIC~1\searchtoolbarcorp
C:\WINDOWS\system32\components
C:\WINDOWS\system32\onnmp.bak1
C:\WINDOWS\system32\onnmp.ini
C:\WINDOWS\system32\pmnnkhh.dll
C:\WINDOWS\system32\pmnno.dll
C:\WINDOWS\system32\winbug32.dll

((((((((((((((((((((((((( Files Created from 2007-08-02 to 2007-09-02 )))))))))))))))))))))))))))))))

2007-09-02 11:56 51,200 --a------ C:\WINDOWS\nircmd.exe
2007-09-02 10:20 106,176 --a------ C:\WINDOWS\system32\drivers\Mach3.sys
2007-09-01 10:28 <KANSIO> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Lavasoft
2007-09-01 10:26 <KANSIO> d-------- C:\Program Files\Common Files\Wise Installation Wizard
2007-09-01 10:19 <KANSIO> d-------- C:\Program Files\Trend Micro
2007-08-15 16:06 221,184 --a------ C:\WINDOWS\system32\wmpns.dll
2007-08-13 15:41 53,248 --a------ C:\WINDOWS\system32\PAStiSvc.exe
2007-08-12 19:12 48,776 --a------ C:\WINDOWS\system32\S32EVNT1.DLL
2007-08-12 19:12 115,000 --a------ C:\WINDOWS\system32\drivers\SYMEVENT.SYS
2007-08-12 19:12 <KANSIO> d-------- C:\Program Files\Norton 360
2007-08-10 11:47 <KANSIO> d-------- C:\DOCUME~1\SAMULI~1\APPLIC~1\Symantec
2007-08-09 22:20 22,112 -ra------ C:\WINDOWS\system32\drivers\COH_Mon.sys
2007-08-09 17:30 <KANSIO> d-------- C:\DOCUME~1\ALLUSE~1\Symantec Temporary Files
2007-08-07 13:58 8,320 --a------ C:\WINDOWS\system32\drivers\AWRTRD.sys
2007-08-07 13:56 9,344 --a------ C:\WINDOWS\system32\drivers\NSDriver.sys

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

2007-09-02 12:01 --------- d-------- C:\DOCUME~1\SAMULI~1\APPLIC~1\OpenOffice.org2
2007-09-02 11:48 --------- d-------- C:\DOCUME~1\SAMULI~1\APPLIC~1\Skype
2007-09-01 20:32 --------- d-------- C:\Program Files\Common Files\Symantec Shared
2007-09-01 13:51 --------- d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Symantec
2007-09-01 10:34 --------- d-------- C:\Program Files\Google
2007-09-01 10:28 --------- d-------- C:\DOCUME~1\SAMULI~1\APPLIC~1\Lavasoft
2007-08-25 22:51 --------- d-------- C:\DOCUME~1\SAMULI~1\APPLIC~1\uTorrent
2007-08-24 19:25 --------- d-------- C:\DOCUME~1\SAMULI~1\APPLIC~1\ZoomBrowser EX
2007-08-24 19:25 --------- d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\ZoomBrowser
2007-08-12 19:13 806 --a------ C:\WINDOWS\system32\drivers\SYMEVENT.INF
2007-08-12 19:13 8014 --a------ C:\WINDOWS\system32\drivers\SYMEVENT.CAT
2007-08-12 19:13 --------- d-------- C:\Program Files\Symantec
2007-08-09 18:35 --------- d-------- C:\Program Files\Norton AntiVirus
2007-08-08 17:29 --------- d--h----- C:\Program Files\InstallShield Installation Information
2007-07-30 19:19 92504 --a------ C:\WINDOWS\system32\cdm.dll
2007-07-30 19:19 549720 --a------ C:\WINDOWS\system32\wuapi.dll
2007-07-30 19:19 53080 --a------ C:\WINDOWS\system32\wuauclt.exe
2007-07-30 19:19 43352 --a------ C:\WINDOWS\system32\wups2.dll
2007-07-30 19:19 325976 --a------ C:\WINDOWS\system32\wucltui.dll
2007-07-30 19:19 203096 --a------ C:\WINDOWS\system32\wuweb.dll
2007-07-30 19:19 1712984 --a------ C:\WINDOWS\system32\wuaueng.dll
2007-07-30 19:18 33624 --a------ C:\WINDOWS\system32\wups.dll
2007-07-24 17:30 --------- d-------- C:\DOCUME~1\SAMULI~1\APPLIC~1\Sony Corporation
2007-07-24 17:05 --------- d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Sony Corporation
2007-07-24 17:04 --------- d-------- C:\Program Files\Sony
2007-07-24 17:03 --------- d-------- C:\Program Files\Common Files\Sony Shared
2007-07-21 18:31 --------- d-------- C:\DOCUME~1\SAMULI~1\APPLIC~1\Google
2007-07-12 02:49 186256 --a------ C:\WINDOWS\system32\SymNPPWA.dll
2007-07-11 14:37 6272 --a------ C:\WINDOWS\system32\drivers\AWRTPD.sys
2007-07-02 16:25 --------- d-------- C:\Program Files\MSN Messenger
2007-06-26 09:09 1104896 --a------ C:\WINDOWS\system32\msxml3.dll
2007-06-19 16:32 282112 --a------ C:\WINDOWS\system32\gdi32.dll
2007-06-17 10:45 98304 --a------ C:\WINDOWS\system32\CmdLineExt.dll
2007-06-13 16:22 1033728 --a------ C:\WINDOWS\explorer.exe
2006-11-18 00:31 94080 --a------ C:\DOCUME~1\SAMULI~1\APPLIC~1\ezplay.sys
2006-11-18 00:31 81920 --a------ C:\DOCUME~1\SAMULI~1\APPLIC~1\ezpinst.exe
2006-11-18 00:31 47360 --a------ C:\DOCUME~1\SAMULI~1\APPLIC~1\pcouffin.sys
2004-10-01 15:00 40960 --a------ C:\Program Files\Uninstall_CDS.exe

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

*Note* empty entries & legit default entries are not shown

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{E867B9E3-5463-4260-A72B-FC27057F826E}]
C:\WINDOWS\system32\pmnli.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="C:\WINDOWS\System32\NvCpl.dll" [2006-02-13 16:05]
"nwiz"="nwiz.exe" []
"NvMediaCenter"="C:\WINDOWS\System32\NvMcTray.dll" [2006-02-13 16:05]
"RemoteControl"="C:\Program Files\CyberLink DVD Solution\PowerDVD\PDVDServ.exe" [2004-11-02 20:24]
"SoundMan"="SOUNDMAN.EXE" [2005-06-20 21:42 C:\WINDOWS\SOUNDMAN.EXE]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2006-08-06 13:01]
"HPDJ Taskbar Utility"="C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb09.exe" [2004-01-05 13:52]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe" [2007-07-12 04:00]
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [2006-10-19 17:43]
"DAEMON Tools"="C:\Program Files\DAEMON Tools\daemon.exe" [2005-12-10 17:57]
"Logitech Hardware Abstraction Layer"="KHALMNPR.EXE" [2004-12-10 13:45 C:\WINDOWS\KHALMNPR.Exe]
"ccApp"="C:\Program Files\Common Files\Symantec Shared\ccApp.exe" [2007-01-10 00:59]
"Symantec PIF AlertEng"="C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" [2007-03-12 10:22]
"AAWTray"="D:\Program Files\Lavasoft\Ad-Aware 2007\AAWTray.exe" [2007-08-08 15:53]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MsnMsgr"="C:\Program Files\MSN Messenger\MsnMsgr.exe" [2007-01-19 12:54]
"Steam"="d:\program files\steam\steam.exe" [2007-06-28 17:45]
"LDM"="C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe" [2007-02-19 12:00]
"updateMgr"="C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" [2006-03-30 16:45]
"Skype"="C:\Program Files\Skype\Phone\Skype.exe" [2007-05-28 14:52]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-09-15 02:12]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Käynnistä-valikko^Ohjelmat^Käynnistys^Adobe Gamma Loader.lnk]
path=C:\Documents and Settings\All Users\Käynnistä-valikko\Ohjelmat\Käynnistys\Adobe Gamma Loader.lnk
backup=C:\WINDOWS\pss\Adobe Gamma Loader.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Käynnistä-valikko^Ohjelmat^Käynnistys^Adobe Reader Speed Launch.lnk]
path=C:\Documents and Settings\All Users\Käynnistä-valikko\Ohjelmat\Käynnistys\Adobe Reader Speed Launch.lnk
backup=C:\WINDOWS\pss\Adobe Reader Speed Launch.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Käynnistä-valikko^Ohjelmat^Käynnistys^CONNECTAUTrayApp.lnk]
path=C:\Documents and Settings\All Users\Käynnistä-valikko\Ohjelmat\Käynnistys\CONNECTAUTrayApp.lnk
backup=C:\WINDOWS\pss\CONNECTAUTrayApp.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Käynnistä-valikko^Ohjelmat^Käynnistys^HP Digital Imaging Monitor.lnk]
path=C:\Documents and Settings\All Users\Käynnistä-valikko\Ohjelmat\Käynnistys\HP Digital Imaging Monitor.lnk
backup=C:\WINDOWS\pss\HP Digital Imaging Monitor.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CONNECTScheduler]
"C:\Program Files\Sony\CONNECTAutoUpdate\CONNECTScheduler.exe" /RUN_SCHEDULER

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools]
"D:\Ohjelmatiedostot\DAEMON Tools\daemon.exe" -lang 1033

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Component Manager]
"C:\Program Files\HP\hpcoretech\hpcmpmgr.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]
"C:\Program Files\HP\HP Software Update\HPWuSchd.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\InCD]
C:\Program Files\Ahead\InCD\InCD.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
"D:\Ohjelmatiedostot\iTunesHelper.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LClock]
C:\Program Files\LClock\LClock.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LGODDFU]
"C:\Program Files\lg_fwupdate\fwupdate.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
C:\WINDOWS\system32\NeroCheck.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]
C:\Program Files\Google\GoogleToolbarNotifier\1.0.720.3640\GoogleToolbarNotifier.exe

R2 Automaattinen LiveUpdate-ajastustoiminto;Automaattinen LiveUpdate-ajastustoiminto;"C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe"
R3 Mach3;Mach3 Pulseing Service;C:\WINDOWS\system32\Drivers\Mach3.sys
R3 PAC207;SoC PC-Camer@;C:\WINDOWS\system32\DRIVERS\pfc027.sys
S2 Automattinen LiveUpdate-ajastustoiminto;Automattinen LiveUpdate-ajastustoiminto;"C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe"
S3 gtermddo;gtermddo;\??\C:\DOCUME~1\SAMULI~1\LOCALS~1\Temp\gtermddo.sys
S3 PID_0920;Labtec WebCam(PID_0920);C:\WINDOWS\system32\DRIVERS\LV532AV.SYS

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{6d94f678-94cb-11db-b0a1-0013d4bc7a32}]
AutoRun\command- H:\AutoRun.exe

*Newly Created Service* - COMHOST

**************************************************************************

catchme 0.3.1061 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2007-09-02 12:01:20
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

Completion time: 2007-09-02 12:04:20 - machine was rebooted
C:\ComboFix-quarantined-files.txt ... 2007-09-02 12:04

--- E O F ---

Hujo · Sep 2, 2007

scannaas uusi hjt:n loki

Dianzee · Sep 2, 2007

Logfile of HijackThis v1.99.1
Scan saved at 12:34:36, on 2.9.2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16512)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Ahead\InCD\InCDsrv.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\WINDOWS\Explorer.EXE
D:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\CyberLink DVD Solution\PowerDVD\PDVDServ.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\QuickTime\qttask.exe
C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb09.exe
C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\DAEMON Tools\daemon.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
D:\Program Files\Lavasoft\Ad-Aware 2007\AAWTray.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
D:\program files\steam\steam.exe
C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Logitech\SetPoint\SetPoint.exe
C:\WINDOWS\ATKKBService.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\Program Files\OpenOffice.org 2.2\program\soffice.exe
C:\Program Files\Common Files\Logitech\KHAL\KHALMNPR.EXE
C:\Program Files\OpenOffice.org 2.2\program\soffice.BIN
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\Program Files\Raxco\PerfectDisk\PDAgent.exe
C:\WINDOWS\System32\PAStiSvc.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Canon\CAL\CALMAIN.exe
C:\Program Files\Skype\Plugin Manager\skypePM.exe
C:\Program Files\MSN Messenger\usnsvc.exe
D:\Ohjelmatiedostot\mIRC\mirc.exe
D:\Program Files\Mozilla Firefox\firefox.exe
C:\hijackthis\scanner.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Linkit
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {1E8A6170-7264-4D0F-BEAE-D42A53123C75} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\1.5\NppBho.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O2 - BHO: (no name) - {E867B9E3-5463-4260-A72B-FC27057F826E} - C:\WINDOWS\system32\pmnli.dll (file missing)
O3 - Toolbar: Norton-työkalurivi - {90222687-F593-4738-B738-FBEE9C7B26DF} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\1.5\UIBHO.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink DVD Solution\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb09.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033
O4 - HKLM\..\Run: [Logitech Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [Symantec PIF AlertEng] "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /a /m "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\AlertEng.dll"
O4 - HKLM\..\Run: [AAWTray] D:\Program Files\Lavasoft\Ad-Aware 2007\AAWTray.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [Steam] "d:\program files\steam\steam.exe" -silent
O4 - HKCU\..\Run: [LDM] C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
O4 - HKCU\..\Run: [updateMgr] "C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" AcRdB7_0_9 -reboot 1
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - Startup: OpenOffice.org 2.2.lnk = C:\Program Files\OpenOffice.org 2.2\program\quickstart.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: AutoCAD Startup Accelerator.lnk = C:\Program Files\Common Files\Autodesk Shared\acstart17.exe
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\SetPoint.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\npjpi160_02.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\npjpi160_02.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O11 - Options group: [INTERNATIONAL] International*
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx2.mail.live.com/mail/w1/resources/MSNPUpld.cab
O16 - DPF: {6A344D34-5231-452A-8A57-D064AC9B7862} (Symantec Download Manager) - https://webdl.symantec.com/activex/symdlmgr.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://messenger.zone.msn.com/binary/ZIntro.cab56649.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - D:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: ATK Keyboard Service (ATKKeyboardService) - ASUSTeK COMPUTER INC. - C:\WINDOWS\ATKKBService.exe
O23 - Service: Autodesk Licensing Service - Autodesk - C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe
O23 - Service: Automaattinen LiveUpdate-ajastustoiminto - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: Automattinen LiveUpdate-ajastustoiminto - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: Canon Camera Access Library 8 (CCALib8) - Canon Inc. - C:\Program Files\Canon\CAL\CALMAIN.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe" /h ccCommon (file missing)
O23 - Service: Symantec Settings Manager (ccSetMgr) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe" /h ccCommon (file missing)
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe" /h ccCommon (file missing)
O23 - Service: COM Host (comHost) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\VAScanner\comHost.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: InCD Helper (InCDsrv) - Nero AG - C:\Program Files\Ahead\InCD\InCDsrv.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: LiveUpdate Notice Service Ex (LiveUpdate Notice Ex) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe" /h ccCommon (file missing)
O23 - Service: LiveUpdate Notice Service - Unknown owner - C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /m "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PifEng.dll (file missing)
O23 - Service: MSCSPTISRV - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\MSCSPTISRV.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: PACSPTISVR - Unknown owner - C:\Program Files\Common Files\Sony Shared\AVLib\PACSPTISVR.exe
O23 - Service: PDAgent - Raxco Software, Inc. - C:\Program Files\Raxco\PerfectDisk\PDAgent.exe
O23 - Service: PDEngine - Raxco Software, Inc. - C:\Program Files\Raxco\PerfectDisk\PDEngine.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: SonicStage Back-End Service - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SsBeSvc.exe
O23 - Service: Sony SCSI Helper Service - Sony Corporation - C:\Program Files\Common Files\Sony Shared\Fsk\SonySCSIHelperService.exe
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe
O23 - Service: SonicStage SCSI Service (SSScsiSV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SSScsiSV.exe
O23 - Service: STI Simulator - Unknown owner - C:\WINDOWS\System32\PAStiSvc.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe

Hujo · Sep 2, 2007

scannaa hjt:llä merkkaa paina Fix checked

O2 - BHO: (no name) - {E867B9E3-5463-4260-A72B-FC27057F826E} - C:\WINDOWS\system32\pmnli.dll (file missing)

========================

Lataa Dr.Web CureIt työpöydälle:

Tuplaklikkaa drweb-cureit.exe ja anna sen tehdä express scan
Se skannaa käynnissä olevat ohjelmat ja jos jotain löytyy, klikkaa yes kun se kysyy haluatko poistaa sen. Tämä on vain lyhyt scan.
Kun scan on valmis, merkkaa asemat, jotka haluat scannata.
Valitse kaikki asemat. Punainen piste osoittaa, mitkä asemat on valittu.
Klikaa vihreää nuolta oikealla ja scan alkaa.
Klikkaa 'Yes to all', jos kysytään haluatko poistaa/siirtää tiedoston.
Kun scan on valmis, katso voitko klikata next-kuvaketta löytyneiden tiedostojen vieressä:
Jos asia on niin, klikkaa sitä ja sitten klikkaa next-kuvaketta oikealla alhaalla ja valitse Move incurable kuten alla olevalla kuvassa:

Tämä siirtää sen %userprofile%\DoctorWeb\quarantine-hakemistoon.
Tämän jälkeen klikkaa Dr.Web CureIt-valikossa file ja valitse save report list
Tallenna raportti työpöydälle. Raportin nimi on DrWeb.csv
Sulje Dr.Web Cureit.
Käynnistä kone uudelleen !! Tämä siksi, että käytössä olevat tiedostot poistetaan/siirretään käynnistyksen yhteydessä.
Käynnistyksen jälkeen liitä Dr.Web-lokin, jonka tallensit aiemmin, sisältö seuraavaan vastaukseesi.

========================

Lataa tuolta http://www.ccleaner.com/download/builds.aspx
CCleaner v1.41.544 - Basic, ÄLÄ aseenna Yahoo toolbaria!

laita asetukset näin:
Valinnat --> Lisäasetukset --> Ota ruksi pois kohdasta Poista vain yli 48 tuntia vanhat tilapäistiedostot.

aja Puhdistaja > tutki nappi > aja ccleaner nappi oikea alakulma
aja Virheet > etsi rekisteri virheitä nappi > Korjaa rekisteri virheet. nappi

Dianzee · Sep 2, 2007

mirc.exe;d:\ohjelmatiedostot\mirc;Program.mIRC.60;Incurable.Will be moved after reboot.;

mirc.exe;D:\Ohjelmatiedostot\mIRC;Program.mIRC.60;Incurable.Will be moved after reboot.;
Process.exe;C:\Documents and Settings\Samuli Sarkkinen\Työpöytä\SmitfraudFix;Tool.Prockill;Incurable.Moved.;
restart.exe;C:\Documents and Settings\Samuli Sarkkinen\Työpöytä\SmitfraudFix;Tool.ShutDown.11;Incurable.Moved.;
A0057665.dll;C:\System Volume Information\_restore{02D48ADE-04D7-426E-B4E4-DFCA8B2C4D48}\RP251;Trojan.Virtumod;Deleted.;
A0057691.exe;C:\System Volume Information\_restore{02D48ADE-04D7-426E-B4E4-DFCA8B2C4D48}\RP251;Tool.Prockill;Incurable.Moved.;
A0057693.exe;C:\System Volume Information\_restore{02D48ADE-04D7-426E-B4E4-DFCA8B2C4D48}\RP251;Tool.ShutDown.11;Incurable.Moved.;
A0057702.exe;C:\System Volume Information\_restore{02D48ADE-04D7-426E-B4E4-DFCA8B2C4D48}\RP251;Tool.Prockill;Incurable.Moved.;
A0057712.dll;C:\System Volume Information\_restore{02D48ADE-04D7-426E-B4E4-DFCA8B2C4D48}\RP251;Trojan.Virtumod.208;Deleted.;
A0057725.dll;C:\System Volume Information\_restore{02D48ADE-04D7-426E-B4E4-DFCA8B2C4D48}\RP251;Trojan.Virtumod.208;Deleted.;
A0058817.dll;C:\System Volume Information\_restore{02D48ADE-04D7-426E-B4E4-DFCA8B2C4D48}\RP252;Trojan.Virtumod.206;Deleted.;
A0058891.exe;C:\System Volume Information\_restore{02D48ADE-04D7-426E-B4E4-DFCA8B2C4D48}\RP252;Trojan.StartPage.20448;Deleted.;
gebyv.dll.bad;C:\VundoFix Backups;Trojan.Virtumod.208;Deleted.;
mlljk.dll.bad;C:\VundoFix Backups;Trojan.Virtumod;Deleted.;
vtstr.dll.bad;C:\VundoFix Backups;Trojan.Virtumod.208;Deleted.;

closeapp.exe;C:\WINDOWS\system32;Tool.CloseApp;Incurable.Moved.;

Hujo · Sep 3, 2007

1. Klikkaa käynnistä > Oma tietokone oikean puoleisella hiiren napilla
2. Valitse ominaisuudet
3. Valitse järjestelmän palauttaminen välilehti
4. Ruksi eteen ¤ poista järjestelmän palauttaminen kaikissa asemissa
5. Paina Käytä
6. Paina ok
7. Sammuta ja käynnistä
8. Ota ruksi pois ¤ poista järjestelmän palauttaminen kaikissa asemissa
9. Käytä ja OK

Log in or Sign up

HJT loki, taitaapi olla enemmänkin paskaan koneella

Dianzee Member

Hujo Guest

Dianzee Member

Hujo Guest

Dianzee Member

Hujo Guest

Dianzee Member

Hujo Guest

Dianzee Member

Hujo Guest

Dianzee Member

Hujo Guest

Dianzee Member

Hujo Guest

Share This Page

Log in or Sign up

HJT loki, taitaapi olla enemmänkin paskaan koneella

Dianzee Member

Hujo Guest

Dianzee Member

Hujo Guest

Dianzee Member

Hujo Guest

Dianzee Member

Hujo Guest

Dianzee Member

Hujo Guest

Dianzee Member

Hujo Guest

Dianzee Member

Hujo Guest

Share This Page

Useful Searches