Spylock riivaa minua.. Auttakaa täs mun HjT loq.

En kestä enää niitä pop uppeja ja sun muita Pr0n mainoksia, pliis auttakaa mua oon jo tehny kaikki virutarkistukset. Kiitos.





Logfile of HijackThis v1.99.1
Scan saved at 0:15:06, on 26.5.2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Norman\Npm\bin\ELOGSVC.EXE
C:\Norman\Npm\Bin\Zanda.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\CTsvcCDA.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\MsPMSPSv.exe
C:\Program Files\Windows Media Player\WMPNetwk.exe
C:\NORMAN\Nvc\BIN\NVCSCHED.EXE
C:\NORMAN\Nvc\BIN\nvcoas.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Video ActiveX Access\iesmn.exe
C:\Program Files\Video ActiveX Access\iesmin.exe
C:\Program Files\Video ActiveX Access\imsmain.exe
C:\Program Files\Video ActiveX Access\imsmn.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Norman\Npm\bin\ZLH.EXE
C:\WINDOWS\system32\LVCOMSX.EXE
C:\Program Files\Logitech\Video\LogiTray.exe
C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe
C:\Program Files\Brother\ControlCenter2\brctrcen.exe
C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\WINDOWS\retadpu2000352.exe
C:\WINDOWS\smanager.7.exe
C:\Norman\Nvc\BIN\NIP.EXE
C:\Program Files\Creative\Sync Manager Unicode\CTSyncU.exe
C:\program files\valve\steam\steam.exe
C:\Program Files\Windows Media Player\WMPNSCFG.exe
C:\Norman\Nvc\bin\cclaw.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
C:\Program Files\Logitech\Video\FxSvr2.exe
C:\DOCUME~1\Teemu\LOCALS~1\Temp\server64.exe
C:\HJT\HijackThis_v1.99.1.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.games-fusion.net/
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = https://login.live.com/ppsecure/sha1auth.srf?lc=1035
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Linkit
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {0777FDE1-50AB-4E2F-8DC8-23548E111F93} - C:\WINDOWS\system32\byxuvus.dll
O2 - BHO: (no name) - {4B646AFB-9341-4330-8FD1-C32485AEE619} - C:\WINDOWS\system32\lusckjrq.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: (no name) - {61EB7105-E879-4272-B976-DDDC4D1FCFDC} - C:\WINDOWS\system32\ddccy.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O2 - BHO: Alcohol Toolbar Helper - {8126A4A5-BFD3-46FE-BBDF-BFB5CF78E489} - C:\Program Files\Alcohol Toolbar\v3.2.0.0\Alcohol_Toolbar.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: ST - {9394EDE7-C8B5-483E-8773-474BF36AF6E4} - C:\Program Files\MSN Apps\ST\01.03.0000.1005\en-xu\stmain.dll
O2 - BHO: (no name) - {B8C5186E-EC37-4889-9C2E-F73649FFB7BB} - C:\Program Files\Video ActiveX Access\iesplg.dll
O2 - BHO: MSNToolBandBHO - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\MSN Toolbar\01.02.5000.1021\fi\msntb.dll
O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\MSN Toolbar\01.02.5000.1021\fi\msntb.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O3 - Toolbar: Alcohol Toolbar - {ED4BD629-C1B6-4399-8A34-02CCAA921DC9} - C:\Program Files\Alcohol Toolbar\v3.2.0.0\Alcohol_Toolbar.dll
O3 - Toolbar: Protection Bar - {31615D5C-5126-448A-818A-A7CDFEE85A9B} - C:\Program Files\Video ActiveX Access\iesbpl.dll
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [ATIPTA] C:\ATI-CPanel\atiptaxx.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [Norman ZANDA] C:\Norman\Npm\bin\ZLH.EXE /LOAD /SPLASH
O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\system32\LVCOMSX.EXE
O4 - HKLM\..\Run: [LogitechVideoRepair] C:\Program Files\Logitech\Video\ISStart.exe
O4 - HKLM\..\Run: [LogitechVideoTray] C:\Program Files\Logitech\Video\LogiTray.exe
O4 - HKLM\..\Run: [SSBkgdUpdate] "C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot
O4 - HKLM\..\Run: [PaperPort PTD] C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe
O4 - HKLM\..\Run: [IndexSearch] C:\Program Files\ScanSoft\PaperPort\IndexSearch.exe
O4 - HKLM\..\Run: [SetDefPrt] C:\Program Files\Brother\Brmfl04g\BrStDvPt.exe
O4 - HKLM\..\Run: [ControlCenter2.0] C:\Program Files\Brother\ControlCenter2\brctrcen.exe /autorun
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe"
O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" runtime -Delay
O4 - HKLM\..\Run: [runner1] C:\WINDOWS\retadpu2000352.exe 61A847B5BBF72810329B385577FB01F0B3E35B6638993F4661AA4EBD86D67C56389B284534F310
O4 - HKLM\..\Run: [SManager] smanager.7.exe
O4 - HKLM\..\Run: [setup] rundll32.exe "C:\WINDOWS\system32\dhenfghv.dll",realset
O4 - HKCU\..\Run: [µTorrent] "C:\Program Files\uTorrent\utorrent.exe"
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [CTSyncU.exe] "C:\Program Files\Creative\Sync Manager Unicode\CTSyncU.exe"
O4 - HKCU\..\Run: [Steam] "c:\program files\valve\steam\steam.exe" -silent
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - Startup: Client Default.lnk = C:\Program Files\Samurize\Client.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab31267.cab
O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab31267.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupdate.microsoft.c...ls/en/x86/client/wuweb_site.cab?1110625660993
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://messenger.zone.msn.com/binary/ZIntro.cab56649.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab56986.cab
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O20 - Winlogon Notify: byxuvus - C:\WINDOWS\SYSTEM32\byxuvus.dll
O20 - Winlogon Notify: ddccy - C:\WINDOWS\system32\ddccy.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O20 - Winlogon Notify: winhoq32 - C:\WINDOWS\SYSTEM32\winhoq32.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.exe
O23 - Service: Norman eLogger service 6 (eLoggerSvc6) - Norman ASA - C:\Norman\Npm\bin\ELOGSVC.EXE
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: Norman NJeeves - Unknown owner - C:\Norman\Npm\bin\NJEEVES.EXE
O23 - Service: Norman ZANDA - Norman ASA - C:\Norman\Npm\Bin\Zanda.exe
O23 - Service: Norman Virus Control on-access component (nvcoas) - Norman ASA - C:\NORMAN\Nvc\BIN\nvcoas.exe
O23 - Service: Norman Virus Control Scheduler (NVCScheduler) - Norman ASA - C:\NORMAN\Nvc\BIN\NVCSCHED.EXE
O23 - Service: SmartLinkService (SLService) - - C:\WINDOWS\SYSTEM32\slserv.exe
O23 - Service: StarWind iSCSI Service (StarWindService) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe

 

Jep kyll siel kunnon armeija lymyilee


==========

Lataa SDFix by AndyManchesta http://downloads.andymanchesta.com/RemovalTools/SDFix.zip ja tallenna se työpöydällesi.

Käynnistä koneesi vikasietotilaan ja valitse tavallinen käyttäjätilisi:

* Käynnistä tietokone
* Kun kuulet koneen piippaavan, paina F8, kuitenkin ennen Windowsin logon esiintuloa
* Seuraavaksi pitäisi ilmestyä valikko
* Valitse valikosta vikasietotila.


* Kun vikasietotilassa, pura tiedoston SDFix.zip sisältö (SDFix.exe) työpöydälle. Tuplakilikkaa työpöydälle ilmestynyttä sdfix.exe tiedostoa. Tiedosto purkaantuu ja asentaa itsensä siihen levyasemaan, minne on käyttöjärjestelmä on asennettu ja juureen ilmestyy kansio SDFix, ESIM C:\SDFix
* Avaa SDFix-kansio ja tuplaklikkaa tiedostoa RunThis.bat käynnistääksesi ohjelman.
* Paina Y käynnistääksesi skriptin.
* Työkalu puhdistaa troijalaisen palvelut ja tekee myös joitakin korjauksia rekisteriin. Lopuksi se pyytää käynnistämään koneen uudelleen, "Press any key to Reboot".
* Paina mitä tahansa näppäintä ja kone käynnistyy uudelleen.
* Käynnistyminen kestää normaalia kauemmin sillä SDFix puhdistaa konetta.
* Kun kone on käynnistynyt ja työpöytä latautunut, SDFix kertoo että puhdistus on suoritettu, "Finished".
* Paina sitten mitä tahansa näppäintä sulkeaksesi skriptin ja ladataksesi pikakuvakkeet työpöydälle.
* Lopuksi avaa SDFix kansio ja kopioi & liitä tiedoston Report.txt sisältö viestiketjuusi

==============

Lataa SmitfraudFix (by S!Ri) työpöydällesi.

Tuplaklikkaa tiedostoa SmitfraudFix.exe

Valitse optio #1 - Search kirjoittamalla 1 ja painamalla "Enter"; tekstitiedosto avautuu, joka listaa tarttuneet tiedostot (jos olemassa).
Postita tämän tekstitiedoston sisältö viestiketjuusi.

**Jos työkalu ei käynnisty työpöydältä niin siirrä SmitfraudFix.exe suoraan järjestelmäaseman juureen (yleensä C:). Kokeile sitten käynnistää ohjelma uudestaan sieltä.

Huomaa : process.exe filun tunnistaa jotkut Anti-virus ohjelmat (AntiVir, Dr.Web, Kaspersky) "Haittakaluna"; se ei ole virus, vaan ohjelma joka pysäyttää prosesseja. A/V ohjelmat eivät pysty tunnistamaan hyvän ja pahan käytön tälläisten ohjelmian väliltä, silloin ne saattavat varoittaa käyttäjää.
http://www.beyondlogic.org/consulting/processutil/processutil.htm

==========

Printtaa ohjeet ulos tai tallenna nämä tekstitiedostoon.

Käynnistä koneesi vikasietotilaan ja valitse tavallinen käyttäjätilisi.


Kun vikasietotilassa, tuplaklikkaa tiedostoa SmitfraudFix.exe
Valitse optio #2 - Clean kirjoittamalla 2 ja painamalla "Enter" poistaaksesi tarttuneet tiedostot.

Sinulta kysytään: "Registry cleaning - Do you want to clean the registry ?"; vastaa "Yes" kirjoittamalla Y ja paina "Enter" poistaaksesi työpöydän taustakuvan ja puhdistaaksesi tarttuneet rekisteriavaimet.

Työkalu tarkistaa jos wininet.dll on tarttunut. Sinua saatetaan pyytää korvaamaan tarttunut .dll (jos löytyy); vastaa "Yes" kirjoittamalla Y ja painamalla "Enter".

Työkalun saattaa tarvita käynnistää kone uudelleen; jos ei tee niin, käynnistä normaaliin Windowsiin.
Tekstitiedosto ilmestyy, puhdistusprosessin jäljiltä; kopioi & liitä tämän raportin tulokset vastaukseesi.
Raportti löytyy paikalliselta levyltäsi, useimmiten C:\rapport.txt.

==========

Lataa VundoFix.exe työpöydällesi.
*Tupla-klikkaa VundoFix.exe ajaaksesi sen.
*Klikkaa Scan for Vundo valintaa.
*Kun skannaus on valmis, klikkaa Remove Vundo valintaa.
*Sinulta kysytään haluatko poistaa filut - klikkaa YES.
*Kun olet klikannut yes, työpöytäsi tyhjenee kun se alkaa poistamaan Vundoa.
*Kun se on valmis, fiksi ilmoittaa käynnistäväsi koneesi uudelleen, klikkaa OK.
*Postita C:\vundofix.txt lokin sekä tuoreen HijackThis lokin sisältö.


Huomaa: Se on mahdollista että VundoFix löysi tiedoston jota se ei pystynyt poistamaan.
Tässä tilanteessa, VundoFix ajaa itsensä rebootissa, seuraa vain yläpuolelle olevia ohjeita alkaen kohdasta "Klikkaa Scan for Vundo valintaa." kun VundoFix ilmaantuu uudelleenkäynnistyksen yhteydessä.


=========

1. Lataa combofix.exe työpöydällesi jommastakummasta linkistä:
http://www.techsupportforum.com/sectools/sUBs/ComboFix.exe
http://download.bleepingcomputer.com/sUBs/ComboFix.exe

2. Tuplaklikkaa combofix.exe tiedostoa ja seuraa ohjeistuksia.
3. Kun työkalu on valmis, se tuottaa lokin. (C:\ComboFix.txt) Lähetä tämä loki viesti ketjuusi.
Huom! Älä klikkaile combofixin ikkunaa käytön aikana. Tämä saattaa aiheuttaa ohjelman jumiutumisen.

========

Myös uusi HijackThis logi kaikkien edellisten lisäksi.

 

Tässä tulee nyt ne loqit:

Tässä ois nyt sitte SDFixin Loqi:


SDFix: Version 1.85

Run by Teemu - la 26.05.2007 - 9:00:09,85

Microsoft Windows XP [versio 5.1.2600]

Running From: C:\SDFix

Safe Mode:
Checking Services:






Restoring Windows Registry Values
Restoring Windows Default Hosts File
Restoring Missing Security Center Service
Restoring Missing SharedAccess Service

Rebooting...


Normal Mode:
Checking Files:

Below files will be copied to Backups folder then removed:

C:\WINDOWS\Temp\win15.tmp.exe - Deleted
C:\WINDOWS\Temp\win19.tmp.exe - Deleted
C:\WINDOWS\Temp\win15.tmp.exe - Deleted
C:\WINDOWS\Temp\win19.tmp.exe - Deleted
C:\WINDOWS\retadpu2000352.exe - Deleted
C:\WINDOWS\smanager.7.exe - Deleted
C:\WINDOWS\Temp\removalfile.bat - Deleted
C:\WINDOWS\wr.txt - Deleted
C:\WINDOWS\Temp\win*.tmp - Deleted



Removing Temp Files...

ADS Check:

Checking if ADS is attached to system32 Folder
C:\WINDOWS\system32
No streams found.

Checking if ADS is attached to svchost.exe
C:\WINDOWS\system32\svchost.exe
No streams found.



Final Check:

Remaining Services:
------------------



Authorized Application Key Export:

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabledxpsp2res.dll,-22019"
"C:\\Program Files\\Messenger\\msmsgs.exe"="C:\\Program Files\\Messenger\\msmsgs.exe:*:Enabled:Windows Messenger"
"C:\\WINDOWS\\pchealth\\helpctr\\binaries\\HelpCtr.exe"="C:\\WINDOWS\\pchealth\\helpctr\\binaries\\HelpCtr.exe:*:Enabled:Et„tuki - Windows Messenger ja „„niyhteys"
"C:\\Program Files\\Valve\\Steam\\SteamApps\\killazaurus\\counter-strike source\\hl2.exe"="C:\\Program Files\\Valve\\Steam\\SteamApps\\killazaurus\\counter-strike source\\hl2.exe:*:Enabled:hl2"
"C:\\Program Files\\Wolfenstein - Enemy Territory\\ET.exe"="C:\\Program Files\\Wolfenstein - Enemy Territory\\ET.exe:*:Enabled:ET"
"C:\\Program Files\\mIRC\\mirc.exe"="C:\\Program Files\\mIRC\\mirc.exe:*:Enabled:mIRC"
"C:\\Program Files\\Valve\\Steam\\ÿsteam.exe"="C:\\Program Files\\Valve\\Steam\\ÿsteam.exe:*:Enabled:ÿsteam"
"C:\\Program Files\\Valve\\Steam\\SteamApps\\killazaurus\\half-life 2\\hl2.exe"="C:\\Program Files\\Valve\\Steam\\SteamApps\\killazaurus\\half-life 2\\hl2.exe:*:Enabled:hl2"
"C:\\Program Files\\MSN Messenger\\msnmsgr.exe"="C:\\Program Files\\MSN Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.0"
"C:\\Program Files\\MSN Messenger\\msncall.exe"="C:\\Program Files\\MSN Messenger\\msncall.exe:*:Enabled:Windows Live Messenger 8.0 (Phone)"
"C:\\Documents and Settings\\Lapset\\Ty”p”yt„\\Actualspy\\ASMonitor.exe"="C:\\Documents and Settings\\Lapset\\Ty”p”yt„\\Actualspy\\ASMonitor.exe:*:Enabled:System"
"C:\\Documents and Settings\\Lapset\\Ty”p”yt„\\utorrent.exe"="C:\\Documents and Settings\\Lapset\\Ty”p”yt„\\utorrent.exe:*:Enabled:æTorrent"
"C:\\Program Files\\uTorrent\\utorrent.exe"="C:\\Program Files\\uTorrent\\utorrent.exe:*:Enabled:æTorrent"
"C:\\Program Files\\Azureus\\Azureus.exe"="C:\\Program Files\\Azureus\\Azureus.exe:*isabled:Azureus"
"C:\\Program Files\\BearShare\\BearShare.exe"="C:\\Program Files\\BearShare\\BearShare.exe:*isabled:BearShare"
"C:\\Program Files\\BitComet\\BitComet.exe"="C:\\Program Files\\BitComet\\BitComet.exe:*isabled:BitComet - a BitTorrent Client"
"C:\\Program Files\\RevConnect\\DCPlusPlus.exe"="C:\\Program Files\\RevConnect\\DCPlusPlus.exe:*isabledC++"
"C:\\Program Files\\DC++\\DCPlusPlus.exe"="C:\\Program Files\\DC++\\DCPlusPlus.exe:*isabledC++"
"C:\\Program Files\\LimeWire\\LimeWire.exe"="C:\\Program Files\\LimeWire\\LimeWire.exe:*isabled:LimeWire"
"C:\\StubInstaller.exe"="C:\\StubInstaller.exe:*isabled:LimeWire swarmed installer"
"C:\\Program Files\\Firefly Studios\\Stronghold 2\\Autorun.exe"="C:\\Program Files\\Firefly Studios\\Stronghold 2\\Autorun.exe:*:Enabled:Autorun"
"C:\\Program Files\\Electronic Arts\\Battlefield 2142\\BF2142.exe"="C:\\Program Files\\Electronic Arts\\Battlefield 2142\\BF2142.exe:*isabled:Battlefield 2"
"C:\\Program Files\\Firefly Studios\\CivCity Rome\\autorun.exe"="C:\\Program Files\\Firefly Studios\\CivCity Rome\\autorun.exe:*isabled:CivCity Rome"
"C:\\Program Files\\Valve\\Steam\\SteamApps\\killazaurus\\source dedicated server\\srcds.exe"="C:\\Program Files\\Valve\\Steam\\SteamApps\\killazaurus\\source dedicated server\\srcds.exe:*isabled:srcds"
"C:\\Program Files\\Firefly Studios\\Stronghold\\Stronghold.exe"="C:\\Program Files\\Firefly Studios\\Stronghold\\Stronghold.exe:*isabled:Stronghold"
"C:\\Program Files\\Firefly Studios\\Stronghold 2\\Stronghold2.exe"="C:\\Program Files\\Firefly Studios\\Stronghold 2\\Stronghold2.exe:*isabled:Stronghold 2"
"C:\\Program Files\\Firefly Studios\\Stronghold Legends\\StrongholdLegends.exe"="C:\\Program Files\\Firefly Studios\\Stronghold Legends\\StrongholdLegends.exe:*isabled:Stronghold Legends"
"C:\\Program Files\\SwiftSwitch\\SwiftSwitch.exe"="C:\\Program Files\\SwiftSwitch\\SwiftSwitch.exe:*isabled:World Switcher for RuneScape"
"C:\\Program Files\\Counter-Strike 1.6\\hl.exe"="C:\\Program Files\\Counter-Strike 1.6\\hl.exe:*:Enabled:Half-Life Launcher"
"C:\\Program Files\\Counter-Strike 1.6\\hltv.exe"="C:\\Program Files\\Counter-Strike 1.6\\hltv.exe:*:Enabled:HLTV Launcher"
"C:\\Program Files\\The All-Seeing Eye\\eye.exe"="C:\\Program Files\\The All-Seeing Eye\\eye.exe:*:Enabled:Yahoo! All-Seeing Eye"
"C:\\Program Files\\webcamXP\\webcamXP.exe"="C:\\Program Files\\webcamXP\\webcamXP.exe:*:Enabled:webcamXP 2007"
"C:\\DOCUME~1\\Teemu\\LOCALS~1\\Temp\\win6.tmp.exe"="C:\\DOCUME~1\\Teemu\\LOCALS~1\\Temp\\win6.tmp.exe:*:Enabled:win6.tmp"
"C:\\Program Files\\Internet Explorer\\IEXPLORE.EXE"="C:\\Program Files\\Internet Explorer\\IEXPLORE.EXE:*:Enabled:Internet Explorer"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabledxpsp2res.dll,-22019"
"C:\\Program Files\\MSN Messenger\\msnmsgr.exe"="C:\\Program Files\\MSN Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.0"
"C:\\Program Files\\MSN Messenger\\msncall.exe"="C:\\Program Files\\MSN Messenger\\msncall.exe:*:Enabled:Windows Live Messenger 8.0 (Phone)"

Remaining Files:
---------------

Backups Folder: - C:\SDFix\backups\backups.zip

Checking For Files with Hidden Attributes:

C:\Documents and Settings\Lapset_2\Ty”p”yt„\Helin Kansio!!!\Linkin Park - Minutes To Midnight (2007) - Rock [www.torrentazos.com]\Thumbs.db
C:\Program Files\DC++\HubLists\http___dchublist.com_hublist.xml.bz2
C:\Program Files\DC++\Incomplete\mvn-tfatftdts[1].www.thegenius.com.br.Up.by.Articulador.avi.JH7YDRSKSI3WWZCPZBVOQOQ7WIT2EM2PXBDANJI.dctmp.antifrag
C:\Documents and Settings\Teemu\Ty”p”yt„\Hackkipakki\Hypnotick Hook v0.5\loader.dll
C:\Documents and Settings\Teemu\Ty”p”yt„\Hackkipakki\Hypnotick Hook v0.6\loader.dll
C:\HJT\backups\backup-20070107-131135-216.dll
C:\Program Files\AviSynth 2.5\plugins\DirectShowSource.dll
C:\Program Files\AviSynth 2.5\plugins\TCPDeliver.dll
C:\Program Files\DC++\dbghelp.dll
C:\Program Files\DC++\unicows.dll
C:\Program Files\pspvideo9\AxInterop.SHDocVw.dll
C:\Program Files\pspvideo9\Interop.SHDocVw.dll
C:\Program Files\pspvideo9\Interop.Shell32.dll
C:\Program Files\pspvideo9\Microsoft.mshtml.dll
C:\Program Files\pspvideo9\MSVTagger.dll
C:\Program Files\pspvideo9\PieChart.dll
C:\Program Files\pspvideo9\videoraui.controls.listviewex.dll
C:\Program Files\pspvideo9\apps\AVSredirect.dll
C:\Program Files\pspvideo9\apps\cygwin1.dll
C:\Program Files\pspvideo9\apps\cygz.dll
C:\Program Files\Sony\PSP Media Manager 1.0\Autoproxy.dll
C:\Program Files\Sony\PSP Media Manager 1.0\AxInterop.SHDocVw.dll
C:\Program Files\Sony\PSP Media Manager 1.0\CDDBControl.dll
C:\Program Files\Sony\PSP Media Manager 1.0\CddbLangJA.dll
C:\Program Files\Sony\PSP Media Manager 1.0\CDDBUI.dll
C:\Program Files\Sony\PSP Media Manager 1.0\Interfaces.dll
C:\Program Files\Sony\PSP Media Manager 1.0\Interop.CDDBCONTROLLib.dll
C:\Program Files\Sony\PSP Media Manager 1.0\Interop.CDDBUICONTROLLib.dll
C:\Program Files\Sony\PSP Media Manager 1.0\Interop.IWshRuntimeLibrary.dll
C:\Program Files\Sony\PSP Media Manager 1.0\Interop.SHDocVw.dll
C:\Program Files\Sony\PSP Media Manager 1.0\Interop.Shell32.dll
C:\Program Files\Sony\PSP Media Manager 1.0\log4net.dll
C:\Program Files\Sony\PSP Media Manager 1.0\mp3dec.dll
C:\Program Files\Sony\PSP Media Manager 1.0\mp3enc.dll
C:\Program Files\Sony\PSP Media Manager 1.0\PerstNET.dll
C:\Program Files\Sony\PSP Media Manager 1.0\PMM.GUI.dll
C:\Program Files\Sony\PSP Media Manager 1.0\PMM.SplashScreen.dll
C:\Program Files\Sony\PSP Media Manager 1.0\PMM.Utils.dll
C:\Program Files\Sony\PSP Media Manager 1.0\pmm10k.dll
C:\Program Files\Sony\PSP Media Manager 1.0\sfconfigmgr.dll
C:\Program Files\Sony\PSP Media Manager 1.0\sfmarket2.dll
C:\Program Files\Sony\PSP Media Manager 1.0\SFMARKETLib.dll
C:\Program Files\Sony\PSP Media Manager 1.0\sfs4rw.dll
C:\Program Files\Sony\PSP Media Manager 1.0\Sony.MediaSoftware.clrshared.dll
C:\Program Files\Sony\PSP Media Manager 1.0\Zip.dll
C:\Program Files\Sony\PSP Media Manager 1.0\zlib.dll
C:\Program Files\Sony\PSP Media Manager 1.0\FileIO Plug-Ins\aviplug\aviplug.dll
C:\Program Files\Sony\PSP Media Manager 1.0\FileIO Plug-Ins\gifplug\gifplug.dll
C:\Program Files\Sony\PSP Media Manager 1.0\FileIO Plug-Ins\mp3plug2\mp3plug2.dll
C:\Program Files\Sony\PSP Media Manager 1.0\FileIO Plug-Ins\oggplug\oggplug.dll
C:\Program Files\Sony\PSP Media Manager 1.0\FileIO Plug-Ins\qt7plug\qt7plug.dll
C:\Program Files\Sony\PSP Media Manager 1.0\FileIO Plug-Ins\sfpaplug\sfpaplug.dll
C:\Program Files\Sony\PSP Media Manager 1.0\FileIO Plug-Ins\stl2plg\stl2plg.dll
C:\Program Files\Sony\PSP Media Manager 1.0\FileIO Plug-Ins\wavplug\wavplug.dll
C:\Program Files\Sony\PSP Media Manager 1.0\FileIO Plug-Ins\wmfplug3\wmfplug3.dll
C:\Program Files\Sony\Shared Plug-Ins\File Formats\MCMP4\aacadec.dll
C:\Program Files\Sony\Shared Plug-Ins\File Formats\MCMP4\aacaenc.dll
C:\Program Files\Sony\Shared Plug-Ins\File Formats\MCMP4\h264vout.dll
C:\Program Files\Sony\Shared Plug-Ins\File Formats\MCMP4\libmmd.dll
C:\Program Files\Sony\Shared Plug-Ins\File Formats\MCMP4\mch264dec.dll
C:\Program Files\Sony\Shared Plug-Ins\File Formats\MCMP4\mp4plug.dll
C:\Program Files\Sony\Shared Plug-Ins\File Formats\MCMP4\MT\sony4vem.dll
C:\Program Files\Sony\Shared Plug-Ins\File Formats\MCMP4\ST\sony4vem.dll
C:\Program Files\Sony\Shared Plug-Ins\File Formats\MCMPEG\mcac3dec.dll
C:\Program Files\Sony\Shared Plug-Ins\File Formats\MCMPEG\mcmpgdec.dll
C:\Program Files\Sony\Shared Plug-Ins\File Formats\MCMPEG\mcplug.dll
C:\Program Files\Sony\Shared Plug-Ins\File Formats\MCMPEG\mcplugrw.dll
C:\Program Files\Sony\Shared Plug-Ins\File Formats\MCMPEG\mpegin.dll
C:\Program Files\Sony\Shared Plug-Ins\File Formats\MCMPEG\mpgaout.dll
C:\Program Files\Sony\Shared Plug-Ins\File Formats\MCMPEG\mpgmux.dll
C:\Program Files\Sony\Shared Plug-Ins\File Formats\MCMPEG\mpgvout.dll
C:\Program Files\Sony\Shared Plug-Ins\File Formats\MCMPEG\mxflib.dll
C:\Program Files\Sony\Shared Plug-Ins\File Formats\MCMPEG\mxfplug.dll
C:\Program Files\Sony\Shared Plug-Ins\File Formats\MCMPEG\pcmaout.dll
C:\Program Files\Sony\Shared Plug-Ins\File Formats\MCMPEG\mcmpegmarket\sfconfigmgr.dll
C:\Program Files\Sony\Shared Plug-Ins\File Formats\MCMPEG\mcmpegmarket\sfmarket2.dll
C:\Program Files\Sony Setup\PSP Media Manager 1.0\dsetup.dll
C:\Program Files\UltraISO\isoshell.dll
C:\Program Files\UltraISO\lang\lang_ar.dll
C:\Program Files\UltraISO\lang\lang_bg.dll
C:\Program Files\UltraISO\lang\lang_br.dll
C:\Program Files\UltraISO\lang\lang_by.dll
C:\Program Files\UltraISO\lang\lang_cn.dll
C:\Program Files\UltraISO\lang\lang_ct.dll
C:\Program Files\UltraISO\lang\lang_cz.dll
C:\Program Files\UltraISO\lang\lang_de.dll
C:\Program Files\UltraISO\lang\lang_dk.dll
C:\Program Files\UltraISO\lang\lang_es.dll
C:\Program Files\UltraISO\lang\lang_et.dll
C:\Program Files\UltraISO\lang\lang_fi.dll
C:\Program Files\UltraISO\lang\lang_fr.dll
C:\Program Files\UltraISO\lang\lang_gr.dll
C:\Program Files\UltraISO\lang\lang_he.dll
C:\Program Files\UltraISO\lang\lang_hr.dll
C:\Program Files\UltraISO\lang\lang_hu.dll
C:\Program Files\UltraISO\lang\lang_ir.dll
C:\Program Files\UltraISO\lang\lang_it.dll
C:\Program Files\UltraISO\lang\lang_kr.dll
C:\Program Files\UltraISO\lang\lang_lt.dll
C:\Program Files\UltraISO\lang\lang_lv.dll
C:\Program Files\UltraISO\lang\lang_mk.dll
C:\Program Files\UltraISO\lang\lang_nl.dll
C:\Program Files\UltraISO\lang\lang_no.dll
C:\Program Files\UltraISO\lang\lang_pl.dll
C:\Program Files\UltraISO\lang\lang_pt.dll
C:\Program Files\UltraISO\lang\lang_ro.dll
C:\Program Files\UltraISO\lang\lang_ru.dll
C:\Program Files\UltraISO\lang\lang_se.dll
C:\Program Files\UltraISO\lang\lang_si.dll
C:\Program Files\UltraISO\lang\lang_sk.dll
C:\Program Files\UltraISO\lang\lang_sr.dll
C:\Program Files\UltraISO\lang\lang_tr.dll
C:\Program Files\UltraISO\lang\lang_tw.dll
C:\Program Files\UltraISO\lang\lang_ua.dll
C:\Program Files\UltraISO\lang\lang_yu.dll
C:\Program Files\WinAVI MP4 Converter\Core.DLL
C:\Program Files\WinAVI MP4 Converter\Decoder.DLL
C:\Program Files\WinAVI MP4 Converter\Diver.DLL
C:\Program Files\WinAVI MP4 Converter\Major.dll
C:\Program Files\WinAVI MP4 Converter\MMLink.dll
C:\Program Files\WinAVI MP4 Converter\MMTranslation.DLL
C:\Program Files\WinAVI MP4 Converter\ShellFounder.DLL
C:\Program Files\WinAVI MP4 Converter\VideoConverter.DLL
C:\Program Files\Xilisoft\MP4 Converter 3\atrc.dll
C:\Program Files\Xilisoft\MP4 Converter 3\authmgr.dll
C:\Program Files\Xilisoft\MP4 Converter 3\avcodec.dll
C:\Program Files\Xilisoft\MP4 Converter 3\avformat.dll
C:\Program Files\Xilisoft\MP4 Converter 3\avp.dll
C:\Program Files\Xilisoft\MP4 Converter 3\clntcore.dll
C:\Program Files\Xilisoft\MP4 Converter 3\clntxres.dll
C:\Program Files\Xilisoft\MP4 Converter 3\colorcvt.dll
C:\Program Files\Xilisoft\MP4 Converter 3\cook.dll
C:\Program Files\Xilisoft\MP4 Converter 3\coreres.dll
C:\Program Files\Xilisoft\MP4 Converter 3\cvt1.dll
C:\Program Files\Xilisoft\MP4 Converter 3\drv1.dll
C:\Program Files\Xilisoft\MP4 Converter 3\drv2.dll
C:\Program Files\Xilisoft\MP4 Converter 3\drvc.dll
C:\Program Files\Xilisoft\MP4 Converter 3\GWCProp.dll
C:\Program Files\Xilisoft\MP4 Converter 3\h263render.dll
C:\Program Files\Xilisoft\MP4 Converter 3\httpfsys.dll
C:\Program Files\Xilisoft\MP4 Converter 3\hxltcolor.dll
C:\Program Files\Xilisoft\MP4 Converter 3\hxsdp.dll
C:\Program Files\Xilisoft\MP4 Converter 3\hxxml.dll
C:\Program Files\Xilisoft\MP4 Converter 3\i420render.dll
C:\Program Files\Xilisoft\MP4 Converter 3\ImIdleUI.dll
C:\Program Files\Xilisoft\MP4 Converter 3\libmmd.dll
C:\Program Files\Xilisoft\MP4 Converter 3\MACDll.dll
C:\Program Files\Xilisoft\MP4 Converter 3\mp4TagParse.dll
C:\Program Files\Xilisoft\MP4 Converter 3\pncrt.dll
C:\Program Files\Xilisoft\MP4 Converter 3\ramfformat.dll
C:\Program Files\Xilisoft\MP4 Converter 3\ramrender.dll
C:\Program Files\Xilisoft\MP4 Converter 3\rarender.dll
C:\Program Files\Xilisoft\MP4 Converter 3\rmfformat.dll
C:\Program Files\Xilisoft\MP4 Converter 3\rtfformat.dll
C:\Program Files\Xilisoft\MP4 Converter 3\rtrender.dll
C:\Program Files\Xilisoft\MP4 Converter 3\rv10.dll
C:\Program Files\Xilisoft\MP4 Converter 3\rv20.dll
C:\Program Files\Xilisoft\MP4 Converter 3\rv30.dll
C:\Program Files\Xilisoft\MP4 Converter 3\rv40.dll
C:\Program Files\Xilisoft\MP4 Converter 3\rvrender.dll
C:\Program Files\Xilisoft\MP4 Converter 3\rvxrender.dll
C:\Program Files\Xilisoft\MP4 Converter 3\SDL.dll
C:\Program Files\Xilisoft\MP4 Converter 3\sipr.dll
C:\Program Files\Xilisoft\MP4 Converter 3\smmrender.dll
C:\Program Files\Xilisoft\MP4 Converter 3\TagEditor.dll
C:\Program Files\Xilisoft\MP4 Converter 3\UILib71.dll
C:\Program Files\Xilisoft\MP4 Converter 3\vidsite.dll
C:\Program Files\Xilisoft\MP4 Converter 3\watermark.dll
C:\Program Files\Xilisoft\MP4 Converter 3\wbmpfformat.dll
C:\Program Files\Xilisoft\MP4 Converter 3\wbmprend.dll
C:\Program Files\Xilisoft\MP4 Converter 3\psp-video-manager\UILib71.dll
C:\PSP Videot\VSFilter.dll
C:\PSP Videot\Release Unicode\VSFilter.dll
C:\WINDOWS\system32\ddcyy.dll
C:\Downloads\LemmingsRevolutionSetup.exe.partial
C:\HJT\HijackThis_v1.99.1.exe
C:\Program Files\AviSynth 2.5\Uninstall.exe
C:\Program Files\DC++\DCPlusPlus.exe
C:\Program Files\DC++\magnet.exe
C:\Program Files\DC++\uninstall.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\pspvideo9\pspVideo9.exe
C:\Program Files\pspvideo9\uninst.exe
C:\Program Files\pspvideo9\apps\avscheck.exe
C:\Program Files\pspvideo9\apps\ffmpeg.exe
C:\Program Files\Sony\PSP Media Manager 1.0\e-spmm10.exe
C:\Program Files\Sony\PSP Media Manager 1.0\PMM.exe
C:\Program Files\Sony\PSP Media Manager 1.0\PMM.exe.config
C:\Program Files\Sony\PSP Media Manager 1.0\PMM.Ngen.exe
C:\Program Files\Sony\PSP Media Manager 1.0\PMM.Ngen.exe.config
C:\Program Files\Sony Setup\PSP Media Manager 1.0\50comupd.exe
C:\Program Files\Sony Setup\PSP Media Manager 1.0\hhupd.exe
C:\Program Files\Sony Setup\PSP Media Manager 1.0\InstMsi-x86a.exe
C:\Program Files\Sony Setup\PSP Media Manager 1.0\InstMsi-x86w.exe
C:\Program Files\Sony Setup\PSP Media Manager 1.0\Setup.exe
C:\Program Files\UltraISO\UltraISO.exe
C:\Program Files\UltraISO\unins000.exe
C:\Program Files\UltraISO\drivers\IsoCmd.exe
C:\Program Files\WinAVI MP4 Converter\unins000.exe
C:\Program Files\WinAVI MP4 Converter\WinAVI MP4 Converter.exe
C:\Program Files\WinAVI MP4 Converter\WinAVIMp4cmd.exe
C:\Program Files\Xilisoft\MP4 Converter 3\avc.exe
C:\Program Files\Xilisoft\MP4 Converter 3\Uninstall.exe
C:\Program Files\Xilisoft\MP4 Converter 3\VCW.exe
C:\Program Files\Xilisoft\MP4 Converter 3\videoenc.exe
C:\Program Files\Xilisoft\MP4 Converter 3\psp-video-manager\pvm.exe
C:\Downloads\ARCHPRv.3.01.rar
C:\Program Files\UltraISO\drivers\ISODrive.sys
C:\Program Files\UltraISO\drivers\ISODrv64.sys
C:\Documents and Settings\All Users\DRM\Cache\Indiv02.tmp
C:\Program Files\AviSynth 2.5\Examples\Equalizer Presets.zip
C:\Program Files\Sony\PSP Media Manager 1.0\pmm10k.zip
C:\Program Files\Sony\Shared Plug-Ins\File Formats\MCMPEG\mcplug.zip

Finished



_ _ ___ ____ ___ __ ___ ___ __ __ _ _ __ _ _ _ _ _
Sitten SmitFraudFix:




SmitFraudFix v2.188

Scan done at 9:26:10,04, la 26.05.2007
Run from C:\Documents and Settings\Teemu\SmitfraudFix
OS: Microsoft Windows XP [versio 5.1.2600] - Windows_NT
The filesystem type is NTFS
Fix run in normal mode

»»»»»»»»»»»»»»»»»»»»»»»» Process

C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Norman\Npm\bin\ELOGSVC.EXE
C:\Norman\Npm\Bin\Zanda.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\WINDOWS\system32\CTsvcCDA.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\MsPMSPSv.exe
C:\Program Files\Windows Media Player\WMPNetwk.exe
C:\NORMAN\Nvc\BIN\nvcoas.exe
C:\NORMAN\Nvc\BIN\NVCSCHED.EXE
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Norman\Npm\bin\ZLH.EXE
C:\Norman\Nvc\BIN\NIP.EXE
C:\WINDOWS\system32\LVCOMSX.EXE
C:\Program Files\Logitech\Video\LogiTray.exe
C:\Norman\Nvc\bin\cclaw.exe
C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe
C:\Program Files\Brother\ControlCenter2\brctrcen.exe
C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\Creative\Sync Manager Unicode\CTSyncU.exe
C:\program files\valve\steam\steam.exe
C:\Program Files\Logitech\Video\FxSvr2.exe
C:\Program Files\Windows Media Player\WMPNSCFG.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\PROGRA~1\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\cmd.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe

»»»»»»»»»»»»»»»»»»»»»»»» hosts


»»»»»»»»»»»»»»»»»»»»»»»» C:\


»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS


»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system


»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\Web


»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system32

C:\WINDOWS\system32\indwvm.dll FOUND !

»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system32\LogFiles


»»»»»»»»»»»»»»»»»»»»»»»» C:\Documents and Settings\Teemu


»»»»»»»»»»»»»»»»»»»»»»»» C:\Documents and Settings\Teemu\Application Data


»»»»»»»»»»»»»»»»»»»»»»»» Start Menu

C:\DOCUME~1\ALLUSE~1\KYNNIS~1\Online Security Guide.url FOUND !
C:\DOCUME~1\ALLUSE~1\KYNNIS~1\Security Troubleshooting.url FOUND !

»»»»»»»»»»»»»»»»»»»»»»»» C:\DOCUME~1\Teemu\Suosikit

C:\DOCUME~1\Teemu\Suosikit\Online Security Test.url FOUND !

»»»»»»»»»»»»»»»»»»»»»»»» Desktop


»»»»»»»»»»»»»»»»»»»»»»»» C:\Program Files

C:\Program Files\Video ActiveX Access\ FOUND !

»»»»»»»»»»»»»»»»»»»»»»»» Corrupted keys


»»»»»»»»»»»»»»»»»»»»»»»» Desktop Components

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Desktop\Components\0]
"Source"="About:Home"
"SubscribedURL"="About:Home"
"FriendlyName"="Nykyinen kotisivu"


»»»»»»»»»»»»»»»»»»»»»»»» Sharedtaskscheduler
!!!Attention, following keys are not inevitably infected!!!

SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler]
"{25b7d2fd-4f71-46d1-801a-7de323e4ec82}"="equiparant"

[HKEY_CLASSES_ROOT\CLSID\{25b7d2fd-4f71-46d1-801a-7de323e4ec82}\InProcServer32]
@="C:\WINDOWS\system32\indwvm.dll"

[HKEY_LOCAL_MACHINE\Software\Classes\CLSID\{25b7d2fd-4f71-46d1-801a-7de323e4ec82}\InProcServer32]
@="C:\WINDOWS\system32\indwvm.dll"



»»»»»»»»»»»»»»»»»»»»»»»» AppInit_DLLs
!!!Attention, following keys are not inevitably infected!!!

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLs"=""


»»»»»»»»»»»»»»»»»»»»»»»» Winlogon.System
!!!Attention, following keys are not inevitably infected!!!

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
"System"=""


»»»»»»»»»»»»»»»»»»»»»»»» pe386-msguard-lzx32-huy32-xpdt



»»»»»»»»»»»»»»»»»»»»»»»» DNS

Description: Realtek RTL8139/810x Family Fast Ethernet NIC - Paketinajoituksen miniportti
DNS Server Search Order: 212.146.0.10
DNS Server Search Order: 212.146.30.200
DNS Server Search Order: 212.146.30.201

HKLM\SYSTEM\CCS\Services\Tcpip\..\{05BFE7F7-3CE6-411A-B236-3D5D46EF1099}: DhcpNameServer=212.146.0.10 212.146.30.200 212.146.30.201
HKLM\SYSTEM\CS1\Services\Tcpip\..\{05BFE7F7-3CE6-411A-B236-3D5D46EF1099}: DhcpNameServer=212.146.0.10 212.146.30.200 212.146.30.201
HKLM\SYSTEM\CS3\Services\Tcpip\..\{05BFE7F7-3CE6-411A-B236-3D5D46EF1099}: DhcpNameServer=212.146.0.10 212.146.30.200 212.146.30.201
HKLM\SYSTEM\CCS\Services\Tcpip\Parameters: DhcpNameServer=212.146.0.10 212.146.30.200 212.146.30.201
HKLM\SYSTEM\CS1\Services\Tcpip\Parameters: DhcpNameServer=212.146.0.10 212.146.30.200 212.146.30.201
HKLM\SYSTEM\CS3\Services\Tcpip\Parameters: DhcpNameServer=212.146.0.10 212.146.30.200 212.146.30.201


»»»»»»»»»»»»»»»»»»»»»»»» Scanning for wininet.dll infection


»»»»»»»»»»»»»»»»»»»»»»»» End




_ ___ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _
Tässä sitten se toinen smitFraudFix:





SmitFraudFix v2.188

Scan done at 9:37:43,79, la 26.05.2007
Run from C:\Documents and Settings\Teemu\Ty”p”yt„\SmitfraudFix
OS: Microsoft Windows XP [versio 5.1.2600] - Windows_NT
The filesystem type is NTFS
Fix run in safe mode

»»»»»»»»»»»»»»»»»»»»»»»» SharedTaskScheduler Before SmitFraudFix
!!!Attention, following keys are not inevitably infected!!!

SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler]
"{25b7d2fd-4f71-46d1-801a-7de323e4ec82}"="equiparant"

[HKEY_CLASSES_ROOT\CLSID\{25b7d2fd-4f71-46d1-801a-7de323e4ec82}\InProcServer32]
@="C:\WINDOWS\system32\indwvm.dll"

[HKEY_LOCAL_MACHINE\Software\Classes\CLSID\{25b7d2fd-4f71-46d1-801a-7de323e4ec82}\InProcServer32]
@="C:\WINDOWS\system32\indwvm.dll"


»»»»»»»»»»»»»»»»»»»»»»»» Killing process


»»»»»»»»»»»»»»»»»»»»»»»» hosts

127.0.0.1 localhost

»»»»»»»»»»»»»»»»»»»»»»»» Generic Renos Fix

GenericRenosFix by S!Ri

C:\WINDOWS\system32\indwvm.dll -> Hoax.Win32.Renos.gen.n
C:\WINDOWS\system32\indwvm.dll -> Deleted


»»»»»»»»»»»»»»»»»»»»»»»» Deleting infected files

C:\DOCUME~1\ALLUSE~1\KYNNIS~1\Online Security Guide.url Deleted
C:\DOCUME~1\ALLUSE~1\KYNNIS~1\Security Troubleshooting.url Deleted
C:\DOCUME~1\Teemu\Suosikit\Online Security Test.url Deleted
C:\Program Files\Video ActiveX Access\ Deleted

»»»»»»»»»»»»»»»»»»»»»»»» DNS

HKLM\SYSTEM\CCS\Services\Tcpip\..\{05BFE7F7-3CE6-411A-B236-3D5D46EF1099}: DhcpNameServer=212.146.0.10 212.146.30.200 212.146.30.201
HKLM\SYSTEM\CS1\Services\Tcpip\..\{05BFE7F7-3CE6-411A-B236-3D5D46EF1099}: DhcpNameServer=212.146.0.10 212.146.30.200 212.146.30.201
HKLM\SYSTEM\CS3\Services\Tcpip\..\{05BFE7F7-3CE6-411A-B236-3D5D46EF1099}: DhcpNameServer=212.146.0.10 212.146.30.200 212.146.30.201
HKLM\SYSTEM\CCS\Services\Tcpip\Parameters: DhcpNameServer=212.146.0.10 212.146.30.200 212.146.30.201
HKLM\SYSTEM\CS1\Services\Tcpip\Parameters: DhcpNameServer=212.146.0.10 212.146.30.200 212.146.30.201
HKLM\SYSTEM\CS3\Services\Tcpip\Parameters: DhcpNameServer=212.146.0.10 212.146.30.200 212.146.30.201


»»»»»»»»»»»»»»»»»»»»»»»» Deleting Temp Files


»»»»»»»»»»»»»»»»»»»»»»»» Winlogon.System
!!!Attention, following keys are not inevitably infected!!!

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
"System"=""


»»»»»»»»»»»»»»»»»»»»»»»» Registry Cleaning

Registry Cleaning done.

»»»»»»»»»»»»»»»»»»»»»»»» SharedTaskScheduler After SmitFraudFix
!!!Attention, following keys are not inevitably infected!!!

SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll


»»»»»»»»»»»»»»»»»»»»»»»» End





_ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _
Tässä VundoFixin:



Scan started at 9:54:52 26.5.2007

Listing files found while scanning....

C:\WINDOWS\system32\ddcyy.dll
C:\WINDOWS\system32\yycdd.bak1
C:\WINDOWS\system32\yycdd.ini

Beginning removal...

Attempting to delete C:\WINDOWS\system32\ddcyy.dll
C:\WINDOWS\system32\ddcyy.dll Could not be deleted.

Attempting to delete C:\WINDOWS\system32\yycdd.bak1
C:\WINDOWS\system32\yycdd.bak1 Has been deleted!

Attempting to delete C:\WINDOWS\system32\yycdd.ini
C:\WINDOWS\system32\yycdd.ini Has been deleted!

Performing Repairs to the registry.
Done!

Beginning removal...

Attempting to delete C:\WINDOWS\system32\ddcyy.dll
C:\WINDOWS\system32\ddcyy.dll Has been deleted!

Performing Repairs to the registry.
Done!



_ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _
Tässä on ComboFixin loqi:



"Teemu" - 2007-05-26 10:32:05 Service Pack 2
ComboFix 07-05.26.3.V - Running from: "C:\Documents and Settings\Teemu\Ty”p”yt„\"


(((((((((((((((((((((((((((((((((((((((((((((((((( V Log )))))))))))))))))))))))))))))))))))))))))))))))))))))))


C:\WINDOWS\system32\dhenfghv.dll
C:\WINDOWS\system32\tiitsvyg.dll
C:\WINDOWS\system32\khffgff.dll
C:\WINDOWS\system32\qomjjhe.dll
C:\WINDOWS\system32\winhoq32.dll
C:\WINDOWS\system32\vhgfnehd.ini
C:\WINDOWS\system32\gyvstiit.ini
C:\WINDOWS\system32\ggjlm.bak1
C:\WINDOWS\system32\ggjlm.ini
C:\WINDOWS\system32\byxuvus.dll


* * * POST RUN FILES/FOLDERS * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * *



(((((((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))


"C:\install.log"
"C:\WINDOWS\system32\klikalka.exe"


((((((((((((((((((((((((((((((( Files Created from 2007-04-26 to 2007-05-26 ))))))))))))))))))))))))))))))))))


2007-05-26 10:38 263,220 ---hs---- C:\WINDOWS\system32\mljgg.dll
2007-05-26 10:38 263,220 ---hs---- C:\WINDOWS\system32\ddaba.dll
2007-05-26 09:26 2,296 --a------ C:\WINDOWS\system32\tmp.reg
2007-05-26 09:25 <KANSIO> d-------- C:\Documents and Settings\Teemu\SmitfraudFix
2007-05-26 09:25 <KANSIO> d-------- C:\DOCUME~1\Teemu\SmitfraudFix
2007-05-25 23:08 <KANSIO> d-------- C:\DOCUME~1\Teemu\APPLIC~1\Lavasoft
2007-05-25 21:56 <KANSIO> d-------- C:\SmitfraudFix
2007-05-25 21:26 50,745 --a------ C:\WINDOWS\system32\lusckjrq.dll
2007-05-25 16:24 <KANSIO> d-------- C:\Program Files\Guild Wars
2007-05-25 07:55 <KANSIO> d-------- C:\Program Files\Google
2007-05-25 07:55 <KANSIO> d-------- C:\DOCUME~1\Teemu\APPLIC~1\Google
2007-05-25 07:50 <KANSIO> d-------- C:\Program Files\webcamXP
2007-05-20 01:19 <KANSIO> d-------- C:\Program Files\The All-Seeing Eye
2007-05-19 15:30 86,016 --a------ C:\WINDOWS\unvise32.exe
2007-05-19 15:29 <KANSIO> d-------- C:\DOCUME~1\Teemu\APPLIC~1\AdobeUM
2007-05-16 15:27 <KANSIO> d-------- C:\Program Files\Counter-Strike 1.6
2007-05-05 19:18 <KANSIO> d-------- C:\DOCUME~1\Lapset_2\APPLIC~1\ATI
2007-05-05 18:20 <KANSIO> d-------- C:\DOCUME~1\Arto\APPLIC~1\ATI
2007-05-05 16:08 <KANSIO> d-------- C:\DOCUME~1\Teemu\APPLIC~1\ATI
2007-05-05 16:01 520,192 --------- C:\WINDOWS\system32\ati2sgag.exe
2007-05-05 16:00 <KANSIO> d-------- C:\Program Files\ATI Technologies
2007-05-05 15:59 <KANSIO> d-------- C:\ATI
2007-05-05 12:59 <KANSIO> d-------- C:\DOCUME~1\Lapset_2\APPLIC~1\Creative
2007-05-05 12:47 <KANSIO> d-------- C:\DOCUME~1\Teemu\APPLIC~1\Creative
2007-05-05 12:07 41,984 --------- C:\WINDOWS\Ctregrun.exe
2007-05-05 11:51 <KANSIO> d-------- C:\Program Files\Audible
2007-05-05 11:49 44,032 --------- C:\WINDOWS\system32\CTSVCCDA.EXE
2007-05-05 11:49 25,088 --------- C:\WINDOWS\system32\CTSVCCTL.EXE
2007-05-05 11:49 <KANSIO> d--h----- C:\Program Files\Creative Installation Information
2007-05-05 11:49 <KANSIO> d-------- C:\Program Files\Common Files\Creative
2007-05-05 11:43 <KANSIO> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Creative
2007-05-05 11:41 <KANSIO> d-------- C:\Program Files\Creative
2007-05-04 16:27 <KANSIO> d-------- C:\DOCUME~1\Lapset_2\APPLIC~1\ScanSoft
2007-05-01 15:06 <KANSIO> d-------- C:\DOCUME~1\Teemu\APPLIC~1\vlc
2007-05-01 15:05 <KANSIO> d-------- C:\Program Files\VideoLAN
2007-04-26 17:09 76,560 --a------ C:\WINDOWS\system32\drivers\tmcomm.sys
2007-04-26 16:31 <KANSIO> d-------- C:\Documents and Settings\Teemu\.housecall6.6
2007-04-26 16:31 <KANSIO> d-------- C:\DOCUME~1\Teemu\.housecall6.6


(((((((((((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))))

2007-05-26 07:54:44 695,118 --sh--w C:\WINDOWS\system32\ggjlm.bak1
2007-05-26 07:24:09 -------- d-----w C:\DOCUME~1\Teemu\APPLIC~1\uTorrent
2007-05-05 13:07:05 -------- d--h--w C:\Program Files\InstallShield Installation Information
2007-04-25 15:07:20 -------- d-----w C:\Program Files\CCleaner
2007-04-21 08:47:21 -------- d-----w C:\DOCUME~1\Teemu\APPLIC~1\FastSum
2007-04-21 08:47:14 -------- d-----w C:\Program Files\FastSum
2007-04-18 16:14:18 2,854,400 ----a-w C:\WINDOWS\system32\msi.dll
2007-04-17 12:00:21 -------- d-----w C:\Program Files\Subdownloader
2007-04-16 15:58:08 -------- d-----w C:\Program Files\Windows Media Connect 2
2007-04-16 15:54:45 -------- d-----w C:\Program Files\Windows Media Connect
2007-04-09 14:10:32 -------- d-----w C:\Program Files\EA GAMES
2007-04-09 12:00:32 -------- d-----w C:\Program Files\Samurize
2007-04-09 09:39:26 -------- d-----w C:\Program Files\uTorrent
2007-04-09 08:53:00 -------- d-----w C:\DOCUME~1\Teemu\APPLIC~1\Talkback
2007-04-08 11:50:39 -------- d-----w C:\Program Files\Smart Projects
2007-04-04 12:53:44 29,944 ----a-w C:\WINDOWS\system32\GDIPFONTCACHEV1.DAT
2007-04-02 12:21:56 -------- d-----w C:\Program Files\REAPER
2007-03-31 19:18:24 -------- d-----w C:\Program Files\Firefly Studios
2007-03-31 08:44:18 -------- d-----w C:\Program Files\GameSpy
2007-03-25 08:57:53 65,686 ----a-w C:\WINDOWS\system32\perfc00B.dat
2007-03-25 08:57:53 356,030 ----a-w C:\WINDOWS\system32\perfh00B.dat
2007-03-18 13:37:53 41 ---h--w C:\WINDOWS\d4149094.dat
2007-03-17 18:59:00 228,937 ----a-w C:\WINDOWS\Alcohol_Toolbar_Uninstaller_3937.exe
2007-03-17 13:44:51 292,864 ----a-w C:\WINDOWS\system32\winsrv.dll
2007-03-08 15:38:00 578,048 ----a-w C:\WINDOWS\system32\user32.dll
2007-03-08 15:37:59 40,960 ----a-w C:\WINDOWS\system32\mf3216.dll
2007-03-08 15:37:59 281,600 ----a-w C:\WINDOWS\system32\gdi32.dll
2007-03-08 15:34:26 1,843,840 ----a-w C:\WINDOWS\system32\win32k.sys
2007-03-04 15:24:20 6,688 ----a-w C:\WINDOWS\movexe.exe


(((((((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))


*Note* empty entries & legit default entries are not shown

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects]
{02478D38-C3F9-4EFB-9B51-7695ECA05670}=C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll [2005-11-22 14:46]
{4B646AFB-9341-4330-8FD1-C32485AEE619}=C:\WINDOWS\system32\lusckjrq.dll [2007-05-25 21:26]
{53707962-6F74-2D53-2644-206D7942484F}=C:\PROGRA~1\SPYBOT~1\SDHelper.dll [2005-05-31 01:04]
{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}=C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll [2007-03-14 03:43]
{8126A4A5-BFD3-46FE-BBDF-BFB5CF78E489}=C:\Program Files\Alcohol Toolbar\v3.2.0.0\Alcohol_Toolbar.dll [2007-03-17 21:58]
{9030D464-4C02-4ABF-8ECC-5164760863C6}=C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2006-04-17 13:32]
{9394EDE7-C8B5-483E-8773-474BF36AF6E4}=C:\Program Files\MSN Apps\ST\01.03.0000.1005\en-xu\stmain.dll [2004-08-13 18:42]
{BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0}=C:\Program Files\MSN Apps\MSN Toolbar\MSN Toolbar\01.02.5000.1021\fi\msntb.dll [2006-01-17 17:04]
{E97088B7-1F68-4811-88CB-9C1D245B6349}=C:\WINDOWS\system32\mljgg.dll [2007-05-26 10:38]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SoundMan"="SOUNDMAN.EXE" []
"ATIPTA"="C:\ATI-CPanel\atiptaxx.exe" [2004-09-29 08:15]
"Norman ZANDA"="C:\Norman\Npm\bin\ZLH.exe" [2007-04-10 09:53]
"LogitechVideoRepair"="C:\Program Files\Logitech\Video\ISStart.exe" [2004-10-08 12:31]
"LogitechVideoTray"="C:\Program Files\Logitech\Video\LogiTray.exe" [2004-10-08 12:24]
"SSBkgdUpdate"="C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" [2003-10-14 11:22]
"PaperPort PTD"="C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe" [2004-04-14 15:46]
"IndexSearch"="C:\Program Files\ScanSoft\PaperPort\IndexSearch.exe" [2004-04-14 16:04]
"SetDefPrt"="C:\Program Files\Brother\Brmfl04g\BrStDvPt.exe" [2004-11-11 18:14]
"ControlCenter2.0"="C:\Program Files\Brother\ControlCenter2\brctrcen.exe" [2004-11-11 23:00]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe" [2007-03-14 03:43]
"ATICCC"="C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" [2006-01-02 16:41]
"setup"="C:\WINDOWS\system32\mxxuieao.dll" [2007-05-26 10:57]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"µTorrent"="C:\Program Files\uTorrent\utorrent.exe" [2007-02-16 16:17]
"msnmsgr"="C:\Program Files\MSN Messenger\msnmsgr.exe" [2006-07-29 20:34]
"CTSyncU.exe"="C:\Program Files\Creative\Sync Manager Unicode\CTSyncU.exe" [2006-08-07 10:06]
"Steam"="c:\program files\valve\steam\steam.exe" [2007-05-19 12:19]
"WMPNSCFG"="C:\Program Files\Windows Media Player\WMPNSCFG.exe" [2006-11-15 10:40]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{57B86673-276A-48B2-BAE7-C6DBB3020EB8}"="C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\shellexecutehook.dll" [2006-09-28 17:13]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\mljgg]
C:\WINDOWS\system32\mljgg.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
Usnsvc usnsvc


Contents of the 'Scheduled Tasks' folder
2007-05-25 06:00:00 C:\WINDOWS\tasks\Turkki.job

********************************************************************

catchme 0.3.681 W2K/XP/Vista - userland rootkit detector by Gmer, http://www.gmer.net
Rootkit scan 2007-05-26 10:52:31
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

C:\WINDOWS\system32\ggjlm.bak1
C:\WINDOWS\system32\ggjlm.ini

scan completed successfully
hidden files: 2


********************************************************************

Completion time: 2007-05-26 11:05:50 - machine was rebooted
C:\ComboFix-quarantined-files.txt ... 2007-05-26 11:05

--- E O F ---





_ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _
TÄSSÄ TUORE HJT LOQI:


Logfile of HijackThis v1.99.1
Scan saved at 11:19:11, on 26.5.2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Norman\Npm\bin\ELOGSVC.EXE
C:\Norman\Npm\Bin\Zanda.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\WINDOWS\system32\CTsvcCDA.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\MsPMSPSv.exe
C:\Program Files\Windows Media Player\WMPNetwk.exe
C:\NORMAN\Nvc\BIN\NVCSCHED.EXE
C:\NORMAN\Nvc\BIN\nvcoas.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Norman\Npm\bin\ZLH.EXE
C:\Norman\Nvc\BIN\NIP.EXE
C:\Norman\Nvc\bin\cclaw.exe
C:\Program Files\Logitech\Video\LogiTray.exe
C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe
C:\Program Files\Brother\ControlCenter2\brctrcen.exe
C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\Creative\Sync Manager Unicode\CTSyncU.exe
C:\Program Files\Windows Media Player\WMPNSCFG.exe
C:\WINDOWS\system32\LVComsX.exe
C:\Program Files\Logitech\Video\FxSvr2.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\WINDOWS\system32\rundll32.exe
C:\PROGRA~1\Mozilla Firefox\firefox.exe
C:\HJT\HijackThis_v1.99.1.exe

R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = https://login.live.com/ppsecure/sha1auth.srf?lc=1035
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Linkit
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {4B646AFB-9341-4330-8FD1-C32485AEE619} - C:\WINDOWS\system32\lusckjrq.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O2 - BHO: Alcohol Toolbar Helper - {8126A4A5-BFD3-46FE-BBDF-BFB5CF78E489} - C:\Program Files\Alcohol Toolbar\v3.2.0.0\Alcohol_Toolbar.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: ST - {9394EDE7-C8B5-483E-8773-474BF36AF6E4} - C:\Program Files\MSN Apps\ST\01.03.0000.1005\en-xu\stmain.dll
O2 - BHO: MSNToolBandBHO - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\MSN Toolbar\01.02.5000.1021\fi\msntb.dll
O2 - BHO: (no name) - {F49168DB-EAE7-4C1D-A65B-94FC947B6FCD} - C:\WINDOWS\system32\mljgg.dll
O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\MSN Toolbar\01.02.5000.1021\fi\msntb.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O3 - Toolbar: Alcohol Toolbar - {ED4BD629-C1B6-4399-8A34-02CCAA921DC9} - C:\Program Files\Alcohol Toolbar\v3.2.0.0\Alcohol_Toolbar.dll
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [ATIPTA] C:\ATI-CPanel\atiptaxx.exe
O4 - HKLM\..\Run: [Norman ZANDA] C:\Norman\Npm\bin\ZLH.EXE /LOAD /SPLASH
O4 - HKLM\..\Run: [LogitechVideoRepair] C:\Program Files\Logitech\Video\ISStart.exe
O4 - HKLM\..\Run: [LogitechVideoTray] C:\Program Files\Logitech\Video\LogiTray.exe
O4 - HKLM\..\Run: [SSBkgdUpdate] "C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot
O4 - HKLM\..\Run: [PaperPort PTD] C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe
O4 - HKLM\..\Run: [IndexSearch] C:\Program Files\ScanSoft\PaperPort\IndexSearch.exe
O4 - HKLM\..\Run: [SetDefPrt] C:\Program Files\Brother\Brmfl04g\BrStDvPt.exe
O4 - HKLM\..\Run: [ControlCenter2.0] C:\Program Files\Brother\ControlCenter2\brctrcen.exe /autorun
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe"
O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" runtime -Delay
O4 - HKLM\..\Run: [setup] rundll32.exe "C:\WINDOWS\system32\mxxuieao.dll",realset
O4 - HKCU\..\Run: [µTorrent] "C:\Program Files\uTorrent\utorrent.exe"
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [CTSyncU.exe] "C:\Program Files\Creative\Sync Manager Unicode\CTSyncU.exe"
O4 - HKCU\..\Run: [Steam] "c:\program files\valve\steam\steam.exe" -silent
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - Startup: Client Default.lnk = C:\Program Files\Samurize\Client.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab31267.cab
O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab31267.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupdate.microsoft.c...ls/en/x86/client/wuweb_site.cab?1110625660993
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://messenger.zone.msn.com/binary/ZIntro.cab56649.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab56986.cab
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O20 - Winlogon Notify: mljgg - C:\WINDOWS\system32\mljgg.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.exe
O23 - Service: Norman eLogger service 6 (eLoggerSvc6) - Norman ASA - C:\Norman\Npm\bin\ELOGSVC.EXE
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: Norman NJeeves - Unknown owner - C:\Norman\Npm\bin\NJEEVES.EXE
O23 - Service: Norman ZANDA - Norman ASA - C:\Norman\Npm\Bin\Zanda.exe
O23 - Service: Norman Virus Control on-access component (nvcoas) - Norman ASA - C:\NORMAN\Nvc\BIN\nvcoas.exe
O23 - Service: Norman Virus Control Scheduler (NVCScheduler) - Norman ASA - C:\NORMAN\Nvc\BIN\NVCSCHED.EXE
O23 - Service: SmartLinkService (SLService) - - C:\WINDOWS\SYSTEM32\slserv.exe
O23 - Service: StarWind iSCSI Service (StarWindService) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe




Kiitos muuten vaivannäöstä

 

[*]Tupla-klikkaa VundoFix.exe ajaaksesi sen.
[*]Kun Vundofix uudelleenaukeaa, klikkaa Scan for Vundo valintaa.
[*]Kun skannaus on valmis, oikea-klikkaa kyseisen listaboksin sisällä (valkoinen laatikko jossa on löydetyt tiedostot listattu) ja valitse Add more files
[*]Kopioi ja liitä seuraavat 2 riviä kahteen ylimmäiseen boksiin
[*]C:\WINDOWS\system32\lusckjrq.dll
[*]C:\WINDOWS\system32\mljgg.dll
[*]Klikkaa Add Files ja sitten klikkaa Close Window.

[*]Klikkaa Remove Vundo valintaa.
[*]Saat viestin jossa kysytään haluatko poistaa valitut tiedostot, klikkaa YES.
[*]Kun klikkaat yes, työpöytäsi tyhjenee kun työkalu alkaa poistamaan Vundoa.
[*]Kun valmis, saat viestin jossa pyydetään sammuttamaan tietokone, klikkaa OK.
[*]Käynnistä koneesi uudelleen.
[*]Postita C:\vundofix.txt lokin sisältö tuoreen HijackThis lokin kera.

Missä palomuuri koneelta?