"Mesevirus" jo pois? Mitä muuta vialla?

Kooppen · 31.05.2008

Eli tämä mesevirus iski koneelle ja uskon sen poistuneen, mutta mitä muuta on vielä ongelmana. Esim tämä afterdawnin sivut ovat toimineet satunnaisesti parin viime päivän aikana. Kiitoksia jo etukäteen jos joku osaa autta! HJT-logi:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 2:31:00, on 31.5.2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16640)
Boot mode: Normal

Running processes:
D:\WINDOWS\System32\smss.exe
D:\WINDOWS\system32\winlogon.exe
D:\WINDOWS\system32\services.exe
D:\WINDOWS\system32\lsass.exe
D:\WINDOWS\system32\svchost.exe
D:\WINDOWS\System32\svchost.exe
D:\WINDOWS\system32\spoolsv.exe
D:\Program Files\Java\jre1.6.0_06\bin\jusched.exe
D:\WINDOWS\AGRSMMSG.exe
D:\WINDOWS\SOUNDMAN.EXE
D:\Program Files\F-Secure\Common\FSM32.EXE
D:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
D:\Program Files\DAEMON Tools\daemon.exe
E:\Ohjelmat\QuickTime\qttask.exe
D:\Program Files\Logitech\MouseWare\system\em_exec.exe
E:\Ohjelmat\Winamp\winampa.exe
D:\Program Files\Bonjour\mDNSResponder.exe
D:\Program Files\F-Secure\Anti-Virus\fsgk32st.exe
D:\Program Files\F-Secure\Anti-Virus\FSGK32.EXE
D:\Program Files\F-Secure\Common\FSMA32.EXE
D:\WINDOWS\system32\ctfmon.exe
D:\WINDOWS\system32\inetsrv\inetinfo.exe
D:\Program Files\F-Secure\Common\FSMB32.EXE
D:\Program Files\Common Files\LightScribe\LSSrvc.exe
D:\Program Files\F-Secure\Common\FCH32.EXE
D:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
D:\Program Files\F-Secure\Common\FAMEH32.EXE
D:\Program Files\F-Secure\Anti-Virus\fsqh.exe
D:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
D:\WINDOWS\system32\nvsvc32.exe
D:\WINDOWS\System32\svchost.exe
D:\Program Files\F-Secure\Common\FNRB32.EXE
D:\Program Files\F-Secure\Anti-Virus\fssm32.exe
D:\Program Files\F-Secure\Common\FIH32.EXE
D:\Program Files\F-Secure\FSAUA\program\fsaua.exe
D:\Program Files\F-Secure\FWES\Program\fsdfwd.exe
D:\Program Files\F-Secure\Anti-Virus\fsav32.exe
E:\Ohjelmat\Mirc\mirc.exe
E:\Ohjelmat\Nero2\Nero Core\nero.exe
D:\WINDOWS\explorer.exe
D:\Program Files\Internet Explorer\iexplore.exe
D:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.fi/ig?hl=fi
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Linkit
O2 - BHO: (no name) - {06E12C36-760F-4D92-8509-5E5DBF12C423} - D:\WINDOWS\system32\xxyayWOg.dll (file missing)
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - D:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - D:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O2 - BHO: (no name) - {8ed1c08b-a7a6-4f16-86ab-2c6859a02f42} - (no file)
O2 - BHO: (no name) - {AD91F568-27C5-4EF5-A3F9-9C100514A327} - D:\WINDOWS\system32\wvUlKeEW.dll (file missing)
O2 - BHO: (no name) - {DADF23A6-E2D4-47B4-9C7F-3725D07B20E1} - D:\WINDOWS\system32\nnnnOfca.dll (file missing)
O2 - BHO: {4e2ffb93-b39a-38fa-3994-199dce0e872f} - {f278e0ec-d991-4993-af83-a93b39bff2e4} - D:\WINDOWS\system32\uecbcayt.dll
O4 - HKLM\..\Run: [SunJavaUpdateSched] "D:\Program Files\Java\jre1.6.0_06\bin\jusched.exe"
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [F-Secure Manager] "D:\Program Files\F-Secure\Common\FSM32.EXE" /splash
O4 - HKLM\..\Run: [F-Secure TNB] "D:\Program Files\F-Secure\FSGUI\TNBUtil.exe" /CHECKALL /WAITFORSW
O4 - HKLM\..\Run: [RemoteControl] "D:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [DAEMON Tools] "D:\Program Files\DAEMON Tools\daemon.exe" -lang 1033
O4 - HKLM\..\Run: [Logitech Utility] Logi_MwX.Exe
O4 - HKLM\..\Run: [QuickTime Task] "E:\Ohjelmat\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE D:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RunDLL32.exe NvMCTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [WinampAgent] E:\Ohjelmat\Winamp\winampa.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "E:\Ohjelmat\Adobe Reader\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [4352de1a] rundll32.exe "D:\WINDOWS\system32\evsfnmpg.dll",b
O4 - HKCU\..\Run: [CTFMON.EXE] D:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MsnMsgr] "D:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [Steam] "f:\-games-\steam\steam.exe" -silent
O4 - HKCU\..\Run: [SpybotSD TeaTimer] D:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] D:\WINDOWS\System32\CTFMON.EXE (User 'Paikallinen palve')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] D:\WINDOWS\System32\CTFMON.EXE (User 'Verkkopalve')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] D:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] D:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - Startup: Adobe Gamma.lnk = D:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Microsoft Office.lnk = D:\Program Files\Microsoft Office\Office10\OSA.EXE
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - D:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - D:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O9 - Extra button: VC Poker - {40B2063F-DB01-4962-BE63-59435C01283C} - E:\Ohjelmat\Pokeri\VCPOKE~1\client.exe
O9 - Extra button: PartyGammon.com - {59A861EE-32B3-42cd-8CCA-FC130EDF3A44} - E:\Ohjelmat\Pokeri\PartyPoker\PartyGammon\RunBackGammon.exe
O9 - Extra 'Tools' menuitem: PartyGammon.com - {59A861EE-32B3-42cd-8CCA-FC130EDF3A44} - E:\Ohjelmat\Pokeri\PartyPoker\PartyGammon\RunBackGammon.exe
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - D:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: UltimateBet - {94148DB5-B42D-4915-95DA-2CBB4F7095BF} - E:\Ohjelmat\Pokeri\UltimateBet\UltimateBet.exe
O9 - Extra 'Tools' menuitem: UltimateBet - {94148DB5-B42D-4915-95DA-2CBB4F7095BF} - E:\Ohjelmat\Pokeri\UltimateBet\UltimateBet.exe
O9 - Extra button: PacificPoker4 - {94EDF7B4-4272-4af3-8F8B-4E2F68E225B7} - E:\Ohjelmat\Pokeri\PACIFI~1\pacificpoker.exe
O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - E:\Ohjelmat\Pokeri\PartyPoker\PartyPoker\RunApp.exe
O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - E:\Ohjelmat\Pokeri\PartyPoker\PartyPoker\RunApp.exe
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - D:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - D:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - D:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - D:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - D:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - D:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: d:\windows\system32\nwprovau.dll
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1133550622138
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - http://go.divx.com/plugin/DivXBrowserPlugin.cab
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Runtime Environment 1.6.0) - http://sdlc-esd.sun.com/ESD42/JSCDL...-jc.cab&File=jinstall-6u6-windows-i586-jc.cab
O16 - DPF: {AB86CE53-AC9F-449F-9399-D8ABCA09EC09} (Get_ActiveX Control) - https://h17000.www1.hp.com/ewfrf-JAVA/Secure/HPGetDownloadManager.ocx
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMessengerSetupDownloader.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://messenger.zone.msn.com/binary/ZIntro.cab56649.cab
O16 - DPF: {BD393C14-72AD-4790-A095-76522973D6B8} (CBreakshotControl Class) - http://messenger.zone.msn.com/binary/Bankshot.cab57213.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O16 - DPF: {EFFDEEEC-F9E1-4461-91D2-DAEB8CC595F1} (CSViewer Control) - http://213.139.188.65:84/CSViewer.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{166345AB-340B-4919-8D1F-B64408A76A4A}: NameServer = 212.116.32.218 212.116.32.222
O17 - HKLM\System\CS1\Services\Tcpip\..\{166345AB-340B-4919-8D1F-B64408A76A4A}: NameServer = 212.116.32.218 212.116.32.222
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - D:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - Winlogon Notify: xxyayWOg - xxyayWOg.dll (file missing)
O23 - Service: Adobe LM Service - Adobe Systems - D:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - D:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: FSGKHS (F-Secure Gatekeeper Handler Starter) - F-Secure Corporation - D:\Program Files\F-Secure\Anti-Virus\fsgk32st.exe
O23 - Service: F-Secure Network Request Broker - F-Secure Corporation - D:\Program Files\F-Secure\Common\FNRB32.EXE
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - D:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: F-Secure Automatic Update Agent (FSAUA) - F-Secure Corporation - D:\Program Files\F-Secure\FSAUA\program\fsaua.exe
O23 - Service: F-Secure Anti-Virus Firewall Daemon (FSDFWD) - F-Secure Corporation - D:\Program Files\F-Secure\FWES\Program\fsdfwd.exe
O23 - Service: FSMA - F-Secure Corporation - D:\Program Files\F-Secure\Common\FSMA32.EXE
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - D:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - D:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: MSCSPTISRV - Sony Corporation - D:\Program Files\Common Files\Sony Shared\AVLib\MSCSPTISRV.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - D:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PACSPTISVR - Sony Corporation - D:\Program Files\Common Files\Sony Shared\AVLib\PACSPTISVR.exe
O23 - Service: SF FrontLine Drivers Auto Removal (v1) (sfrem01) - Protection Technology (StarForce) - D:\WINDOWS\system32\sfrem01.exe
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - D:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe

--
End of file - 11798 bytes

AfterDawn

kalminen · 31.05.2008

1. Lataa combofix.exe työpöydällesi jommastakummasta linkistä:
combofix.exe
combofix.exe

Avaa Muistio ja kopioi/liitä Lainaus: laatikon sisältö sinne:

File::
D:\WINDOWS\system32\evsfnmpg.dll
D:\WINDOWS\system32\xxyayWOg.dll
D:\WINDOWS\system32\wvUlKeEW.dll
D:\WINDOWS\system32\nnnnOfca.dll
D:\WINDOWS\system32\uecbcayt.dll

Laajenna...

Tallenna nimellä CFScript (itse asiassa combofix tunnistaa tuon vaikka tiedostopääte ei olisi
edes .txt).

Sitten raahaa ja pudota CFScript ComboFix.exeen kuten alla.(Älä klikkaa)

Huom! Älä klikkaile combofixin ikkunaa käytön aikana. Tämä saattaa aiheuttaa ohjelman jumiutumisen.
Käynnistä kone uudelleen, jos niin pyydetään ja lähetä combofix.txt-tiedoston sisältö tänne.

Sammuta selain ja muut ohjelmat Fixin ajaksi. (ei virustorjuntaa)
Käynnistä HijackThis:ja Scan ja ruksaa seuraavat punaisella listatut tiedostot sekä poista ne.(fix Chekked)

O2 - BHO: (no name) - {06E12C36-760F-4D92-8509-5E5DBF12C423} - D:\WINDOWS\system32\xxyayWOg.dll (file missing)
O2 - BHO: (no name) - {8ed1c08b-a7a6-4f16-86ab-2c6859a02f42} - (no file)
O2 - BHO: (no name) - {AD91F568-27C5-4EF5-A3F9-9C100514A327} - D:\WINDOWS\system32\wvUlKeEW.dll (file missing)
O2 - BHO: (no name) - {DADF23A6-E2D4-47B4-9C7F-3725D07B20E1} - D:\WINDOWS\system32\nnnnOfca.dll (file missing)
O2 - BHO: {4e2ffb93-b39a-38fa-3994-199dce0e872f} - {f278e0ec-d991-4993-af83-a93b39bff2e4} - D:\WINDOWS\system32\uecbcayt.dll
O4 - HKLM\..\Run: [SunJavaUpdateSched] "D:\Program Files\Java\jre1.6.0_06\bin\jusched.exe"
O4 - HKLM\..\Run: [QuickTime Task] "E:\Ohjelmat\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [WinampAgent] E:\Ohjelmat\Winamp\winampa.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "E:\Ohjelmat\Adobe Reader\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [4352de1a] rundll32.exe "D:\WINDOWS\system32\evsfnmpg.dll",b
O4 - Global Startup: Microsoft Office.lnk = D:\Program Files\Microsoft Office\Office10\OSA.EXE
O20 - Winlogon Notify: xxyayWOg - xxyayWOg.dll (file missing)

Tyhjennä roskakori ja käynnistä koneesi uudelleen.

Postita tänne seuraavat lokit:
* Tuore HijackThis loki (Otetaan viimeisenä ennen postitusta)
* (C:\ComboFix.txt) raportti
*

Kooppen · 31.05.2008

Hijack -logi:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 16:59:56, on 31.5.2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16640)
Boot mode: Normal

Running processes:
D:\WINDOWS\System32\smss.exe
D:\WINDOWS\system32\winlogon.exe
D:\WINDOWS\system32\services.exe
D:\WINDOWS\system32\lsass.exe
D:\WINDOWS\system32\svchost.exe
D:\WINDOWS\System32\svchost.exe
D:\WINDOWS\system32\spoolsv.exe
D:\Program Files\Bonjour\mDNSResponder.exe
D:\Program Files\F-Secure\Anti-Virus\fsgk32st.exe
D:\Program Files\F-Secure\Anti-Virus\FSGK32.EXE
D:\Program Files\F-Secure\Common\FSMA32.EXE
D:\WINDOWS\system32\inetsrv\inetinfo.exe
D:\Program Files\F-Secure\Common\FSMB32.EXE
D:\Program Files\Common Files\LightScribe\LSSrvc.exe
D:\Program Files\F-Secure\Common\FCH32.EXE
D:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
D:\WINDOWS\system32\nvsvc32.exe
D:\WINDOWS\System32\svchost.exe
D:\Program Files\F-Secure\Common\FAMEH32.EXE
D:\Program Files\F-Secure\Anti-Virus\fsqh.exe
D:\WINDOWS\Explorer.EXE
D:\Program Files\F-Secure\Anti-Virus\fssm32.exe
D:\Program Files\F-Secure\Common\FNRB32.EXE
D:\WINDOWS\AGRSMMSG.exe
D:\Program Files\F-Secure\Common\FIH32.EXE
D:\Program Files\F-Secure\FSAUA\program\fsaua.exe
D:\WINDOWS\SOUNDMAN.EXE
D:\Program Files\F-Secure\Common\FSM32.EXE
D:\Program Files\F-Secure\FWES\Program\fsdfwd.exe
D:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
D:\Program Files\DAEMON Tools\daemon.exe
D:\WINDOWS\system32\ctfmon.exe
D:\Program Files\Logitech\MouseWare\system\em_exec.exe
D:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
D:\Program Files\F-Secure\FSGUI\fsguidll.exe
D:\WINDOWS\system32\wuauclt.exe
D:\Program Files\F-Secure\Anti-Virus\fsav32.exe
D:\Program Files\internet explorer\iexplore.exe
D:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.fi/ig?hl=fi
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Linkit
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - D:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - D:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O2 - BHO: (no name) - {f278e0ec-d991-4993-af83-a93b39bff2e4} - (no file)
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [F-Secure Manager] "D:\Program Files\F-Secure\Common\FSM32.EXE" /splash
O4 - HKLM\..\Run: [F-Secure TNB] "D:\Program Files\F-Secure\FSGUI\TNBUtil.exe" /CHECKALL /WAITFORSW
O4 - HKLM\..\Run: [RemoteControl] "D:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [DAEMON Tools] "D:\Program Files\DAEMON Tools\daemon.exe" -lang 1033
O4 - HKLM\..\Run: [Logitech Utility] Logi_MwX.Exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE D:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RunDLL32.exe NvMCTray.dll,NvTaskbarInit
O4 - HKCU\..\Run: [CTFMON.EXE] D:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MsnMsgr] "D:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [Steam] "f:\-games-\steam\steam.exe" -silent
O4 - HKCU\..\Run: [SpybotSD TeaTimer] D:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] D:\WINDOWS\System32\CTFMON.EXE (User 'Paikallinen palve')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] D:\WINDOWS\System32\CTFMON.EXE (User 'Verkkopalve')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] D:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] D:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - Startup: Adobe Gamma.lnk = D:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - D:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - D:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O9 - Extra button: VC Poker - {40B2063F-DB01-4962-BE63-59435C01283C} - E:\Ohjelmat\Pokeri\VCPOKE~1\client.exe
O9 - Extra button: PartyGammon.com - {59A861EE-32B3-42cd-8CCA-FC130EDF3A44} - E:\Ohjelmat\Pokeri\PartyPoker\PartyGammon\RunBackGammon.exe
O9 - Extra 'Tools' menuitem: PartyGammon.com - {59A861EE-32B3-42cd-8CCA-FC130EDF3A44} - E:\Ohjelmat\Pokeri\PartyPoker\PartyGammon\RunBackGammon.exe
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - D:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: UltimateBet - {94148DB5-B42D-4915-95DA-2CBB4F7095BF} - E:\Ohjelmat\Pokeri\UltimateBet\UltimateBet.exe
O9 - Extra 'Tools' menuitem: UltimateBet - {94148DB5-B42D-4915-95DA-2CBB4F7095BF} - E:\Ohjelmat\Pokeri\UltimateBet\UltimateBet.exe
O9 - Extra button: PacificPoker4 - {94EDF7B4-4272-4af3-8F8B-4E2F68E225B7} - E:\Ohjelmat\Pokeri\PACIFI~1\pacificpoker.exe
O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - E:\Ohjelmat\Pokeri\PartyPoker\PartyPoker\RunApp.exe
O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - E:\Ohjelmat\Pokeri\PartyPoker\PartyPoker\RunApp.exe
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - D:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - D:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - D:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - D:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - D:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - D:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: d:\windows\system32\nwprovau.dll
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1133550622138
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - http://go.divx.com/plugin/DivXBrowserPlugin.cab
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Runtime Environment 1.6.0) - http://sdlc-esd.sun.com/ESD42/JSCDL...-jc.cab&File=jinstall-6u6-windows-i586-jc.cab
O16 - DPF: {AB86CE53-AC9F-449F-9399-D8ABCA09EC09} (Get_ActiveX Control) - https://h17000.www1.hp.com/ewfrf-JAVA/Secure/HPGetDownloadManager.ocx
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMessengerSetupDownloader.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://messenger.zone.msn.com/binary/ZIntro.cab56649.cab
O16 - DPF: {BD393C14-72AD-4790-A095-76522973D6B8} (CBreakshotControl Class) - http://messenger.zone.msn.com/binary/Bankshot.cab57213.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O16 - DPF: {EFFDEEEC-F9E1-4461-91D2-DAEB8CC595F1} (CSViewer Control) - http://213.139.188.65:84/CSViewer.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{166345AB-340B-4919-8D1F-B64408A76A4A}: NameServer = 212.116.32.218 212.116.32.222
O17 - HKLM\System\CS1\Services\Tcpip\..\{166345AB-340B-4919-8D1F-B64408A76A4A}: NameServer = 212.116.32.218 212.116.32.222
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - D:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: Adobe LM Service - Adobe Systems - D:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - D:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: FSGKHS (F-Secure Gatekeeper Handler Starter) - F-Secure Corporation - D:\Program Files\F-Secure\Anti-Virus\fsgk32st.exe
O23 - Service: F-Secure Network Request Broker - F-Secure Corporation - D:\Program Files\F-Secure\Common\FNRB32.EXE
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - D:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: F-Secure Automatic Update Agent (FSAUA) - F-Secure Corporation - D:\Program Files\F-Secure\FSAUA\program\fsaua.exe
O23 - Service: F-Secure Anti-Virus Firewall Daemon (FSDFWD) - F-Secure Corporation - D:\Program Files\F-Secure\FWES\Program\fsdfwd.exe
O23 - Service: FSMA - F-Secure Corporation - D:\Program Files\F-Secure\Common\FSMA32.EXE
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - D:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - D:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: MSCSPTISRV - Sony Corporation - D:\Program Files\Common Files\Sony Shared\AVLib\MSCSPTISRV.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - D:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PACSPTISVR - Sony Corporation - D:\Program Files\Common Files\Sony Shared\AVLib\PACSPTISVR.exe
O23 - Service: SF FrontLine Drivers Auto Removal (v1) (sfrem01) - Protection Technology (StarForce) - D:\WINDOWS\system32\sfrem01.exe
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - D:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe

--
End of file - 10615 bytes

Combofix.txt:
ComboFix 08-05-29.1 - Kalle 2008-05-31 16:21:19.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1035.18.503 [GMT 3:00]
Running from: D:\Documents and Settings\Kalle\Työpöytä\ComboFix.exe
Command switches used :: D:\Documents and Settings\Kalle\Työpöytä\CFScript.txt
* Created a new restore point
* Resident AV is active

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!

FILE ::
D:\WINDOWS\system32\evsfnmpg.dll
D:\WINDOWS\system32\nnnnOfca.dll
D:\WINDOWS\system32\uecbcayt.dll
D:\WINDOWS\system32\wvUlKeEW.dll
D:\WINDOWS\system32\xxyayWOg.dll
.

(((((((((((((((((((((((((((((((((((((( Muut poistot ))))))))))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Autorun.inf
D:\Program Files\Seekmo Programs
D:\WINDOWS\BM731eaf70.xml
D:\WINDOWS\cookies.ini
D:\WINDOWS\pskt.ini
D:\WINDOWS\system32\acfOnnnn.ini
D:\WINDOWS\system32\acfOnnnn.ini2
D:\WINDOWS\system32\Cache
D:\WINDOWS\system32\fpgywxhl.dll
D:\WINDOWS\system32\gpmnfsve.ini
D:\WINDOWS\system32\hspywrws.ini
D:\WINDOWS\system32\jncvirjg.ini
D:\WINDOWS\system32\mhepjfoe.exe
D:\WINDOWS\system32\pthreadVC.dll
D:\WINDOWS\system32\qrajbxfs.exe
D:\WINDOWS\system32\uecbcayt.dll
D:\WINDOWS\system32\WEeKlUvw.ini
D:\WINDOWS\system32\WEeKlUvw.ini2
D:\WINDOWS\system32\ytkflsqw.dll

.
((((( Tiedostot, jotka on luotu seuraavalla aikav„lill„: 2008-04-28 to 2008-05-31 )))))))))))))))))
.

2008-05-30 19:21 . 2008-05-30 19:21 <KANSIO> d-------- D:\Program Files\Trend Micro
2008-05-30 17:23 . 2008-05-30 17:24 <KANSIO> d-------- D:\WINDOWS\ERUNT
2008-05-28 23:24 . 2008-05-29 22:01 209 --a------ D:\WINDOWS\wininit.ini
2008-05-28 16:16 . 2008-05-28 16:18 <KANSIO> d-------- D:\Program Files\Spybot - Search & Destroy
2008-05-28 15:22 . 2008-05-30 17:56 <KANSIO> d-a------ D:\Program Files\SDFix
2008-05-28 10:06 . 2008-05-28 16:03 <KANSIO> d-------- D:\Documents and Settings\Kalle\amsn
2008-05-28 10:05 . 2008-05-28 10:05 <KANSIO> d-------- D:\Program Files\aMSN
2008-05-28 09:17 . 2008-05-28 09:17 57,344 --a------ D:\WINDOWS\system32\wvUnLDUk.0ll
2008-05-28 08:41 . 2008-05-28 08:41 57,344 --a------ D:\WINDOWS\system32\ljJaYOgF.0ll
2008-05-28 00:40 . 2008-05-28 00:40 57,344 --a------ D:\WINDOWS\system32\nnnMcyAp.0ll
2008-05-28 00:35 . 2008-05-28 00:39 0 --a------ D:\WINDOWS\system32\mcrh.MSNFix
2008-05-28 00:28 . 2008-05-28 00:28 83 --a------ D:\WINDOWS\cookies.MSNFix
2008-05-28 00:20 . 2008-05-28 00:20 57,344 --a------ D:\WINDOWS\system32\xxyayWOg.dll.bak
2008-05-27 19:42 . 2008-05-27 19:46 <KANSIO> d--hsc--- D:\Program Files\Common Files\WindowsLiveInstaller
2008-05-27 19:42 . 2008-05-27 19:42 <KANSIO> d-------- D:\Documents and Settings\All Users\Application Data\WLInstaller
2008-05-12 21:36 . 2008-05-12 21:36 <KANSIO> d-------- D:\Documents and Settings\Kalle\Application Data\Sports Interactive
2008-05-12 21:31 . 2008-05-12 21:32 <KANSIO> d--h----- D:\Program Files\Zero G Registry
2008-05-12 21:30 . 2008-05-12 21:30 <KANSIO> d--h----- D:\Documents and Settings\Kalle\InstallAnywhere
2008-05-08 18:01 . 2004-01-03 00:08 70,656 --a------ D:\WINDOWS\system32\yv12vfw.dll
2008-05-01 21:30 . 2008-05-01 21:30 152,010 --a------ D:\WINDOWS\HAM Uninstaller.exe
2008-04-27 13:15 . 2008-05-26 19:17 54,156 --ah----- D:\WINDOWS\QTFont.qfn
2008-04-27 13:15 . 2008-04-27 13:15 1,409 --a------ D:\WINDOWS\QTFont.for
2008-04-24 16:45 . 2008-04-24 16:45 <KANSIO> dr-h----- D:\Documents and Settings\Kalle\Application Data\SecuROM
2008-04-13 11:18 . 2008-04-13 11:18 <KANSIO> d-------- D:\Documents and Settings\Kalle\.onnet

.
(((((((((((((((((((((((((((((((((((( Find3M-raportti ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-05-31 13:26 --------- d-----w D:\Documents and Settings\Kalle\Application Data\mIRC
2008-05-30 23:16 --------- d-----w D:\Documents and Settings\Kalle\Application Data\Azureus
2008-05-30 15:21 --------- d-----w D:\Program Files\Java
2008-05-28 20:26 --------- d-----w D:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-05-28 07:04 --------- d-----w D:\Program Files\DAEMON Tools
2008-05-28 06:38 --------- d-----w D:\Program Files\F-Secure
2008-05-28 06:38 --------- d-----w D:\Documents and Settings\All Users\Application Data\F-Secure
2008-05-17 21:49 --------- d-----w D:\Documents and Settings\Kalle\Application Data\Skype
2008-05-08 10:15 --------- d-----w D:\Documents and Settings\Kalle\Application Data\Microgaming
2008-04-24 13:54 --------- d--h--w D:\Program Files\InstallShield Installation Information
2008-04-15 05:47 --------- d-----w D:\Program Files\Common Files\Adobe
2008-04-10 00:05 --------- d-----w D:\Documents and Settings\All Users\Application Data\Microsoft Help
2008-04-02 11:05 25,432 ----a-w D:\Documents and Settings\Kalle\Application Data\GDIPFONTCACHEV1.DAT
2008-03-25 04:51 621,344 ----a-w D:\WINDOWS\system32\mswstr10.dll
2008-03-25 04:51 166,688 ----a-w D:\WINDOWS\system32\msjint40.dll
2008-03-20 08:09 1,845,504 ----a-w D:\WINDOWS\system32\win32k.sys
2008-03-01 13:01 826,368 ----a-w D:\WINDOWS\system32\wininet.dll
2008-02-26 12:00 294,912 ----a-w D:\WINDOWS\system32\msctf.dll
2008-02-20 06:51 282,624 ----a-w D:\WINDOWS\system32\gdi32.dll
2008-02-20 05:38 45,568 ----a-w D:\WINDOWS\system32\dnsrslvr.dll
2007-02-15 18:51 88 --sh--r D:\WINDOWS\system32\45036B7D0D.sys
2006-05-03 09:06 163,328 --sh--r D:\WINDOWS\system32\flvDX.dll
2007-07-17 10:48 2,516 -csha-w D:\WINDOWS\system32\KGyGaAvL.sys
2007-02-21 10:47 31,232 -csh--r D:\WINDOWS\system32\msfDX.dll
.

(((((((((((((((((((((((((((((( Rekisterin k„ynnistyskohteet )))))))))))))))))))))))))))))))))))))))))))))
.
.
REGEDIT4
*Huom* Tyhji„ arvoja ja laillisia oletusarvoja ei n„ytet„

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{06E12C36-760F-4D92-8509-5E5DBF12C423}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{8ed1c08b-a7a6-4f16-86ab-2c6859a02f42}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{AD91F568-27C5-4EF5-A3F9-9C100514A327}]
D:\WINDOWS\system32\wvUlKeEW.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{DADF23A6-E2D4-47B4-9C7F-3725D07B20E1}]
D:\WINDOWS\system32\nnnnOfca.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{f278e0ec-d991-4993-af83-a93b39bff2e4}]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="D:\WINDOWS\system32\ctfmon.exe" [2004-09-15 02:12 15360]
"MsnMsgr"="D:\Program Files\Windows Live\Messenger\msnmsgr.exe" [ ]
"Steam"="f:\-games-\steam\steam.exe" [2008-04-24 14:50 1271032]
"SpybotSD TeaTimer"="D:\Program Files\Spybot - Search & Destroy\TeaTimer.exe" [2008-01-28 11:43 2097488]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SunJavaUpdateSched"="D:\Program Files\Java\jre1.6.0_06\bin\jusched.exe" [2008-03-25 04:28 144784]
"AGRSMMSG"="AGRSMMSG.exe" [2004-06-29 10:06 88363 D:\WINDOWS\AGRSMMSG.exe]
"SoundMan"="SOUNDMAN.EXE" [2005-10-24 15:45 90112 D:\WINDOWS\soundman.exe]
"F-Secure Manager"="D:\Program Files\F-Secure\Common\FSM32.exe" [2008-02-15 18:46 182936]
"F-Secure TNB"="D:\Program Files\F-Secure\FSGUI\TNBUtil.exe" [2008-02-15 18:46 895584]
"RemoteControl"="D:\Program Files\CyberLink\PowerDVD\PDVDServ.exe" [2004-11-02 21:24 32768]
"DAEMON Tools"="D:\Program Files\DAEMON Tools\daemon.exe" [2005-12-10 17:57 133016]
"Logitech Utility"="Logi_MwX.Exe" [2003-12-11 09:50 20992 D:\WINDOWS\LOGI_MWX.EXE]
"QuickTime Task"="E:\Ohjelmat\QuickTime\qttask.exe" [2007-04-27 09:41 282624]
"NvCplDaemon"="D:\WINDOWS\system32\NvCpl.dll" [2006-10-22 12:22 7700480]
"nwiz"="nwiz.exe" [2006-10-22 12:22 1622016 D:\WINDOWS\system32\nwiz.exe]
"NvMediaCenter"="NvMCTray.dll" [2006-10-22 12:22 86016 D:\WINDOWS\system32\nvmctray.dll]
"WinampAgent"="E:\Ohjelmat\Winamp\winampa.exe" [2008-04-01 21:49 36352]
"Adobe Reader Speed Launcher"="E:\Ohjelmat\Adobe Reader\Reader\Reader_sl.exe" [2008-01-11 22:16 39792]
"4352de1a"="D:\WINDOWS\system32\evsfnmpg.dll" [ ]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="D:\WINDOWS\System32\CTFMON.EXE" [2004-09-15 02:12 15360]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\xxyayWOg]
xxyayWOg.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"vidc.i420"= i420vfw.dll
"vidc.yv12"= yv12vfw.dll

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"E:\\Ohjelmat\\Mirc\\mirc.exe"=
"D:\\Program Files\\Java\\jre1.5.0_09\\bin\\javaw.exe"=
"D:\\Program Files\\Internet Explorer\\iexplore.exe"=
"D:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"D:\\Program Files\\aMSN\\bin\\wish.exe"=
"E:\\Ohjelmat\\Azureus\\Azureus.exe"=

R0 FSFW;F-Secure Firewall Driver;D:\WINDOWS\system32\drivers\fsdfw.sys [2008-02-15 18:45]
R1 F-Secure HIPS;F-Secure HIPS;D:\Program Files\F-Secure\HIPS\fshs.sys [2008-02-15 18:46]
R3 F-Secure Gatekeeper;F-Secure Gatekeeper;D:\Program Files\F-Secure\Anti-Virus\minifilter\fsgk.sys [2008-02-15 18:45]
S3 PCnetHL;AMD PCnet-Home Adapter Driver;D:\WINDOWS\system32\DRIVERS\pcntn5hl.sys [2001-08-17 21:11]
S4 F-Secure Filter;F-Secure File System Filter;D:\Program Files\F-Secure\Anti-Virus\Win2K\FSfilter.sys [2008-02-15 18:45]
S4 F-Secure Recognizer;F-Secure File System Recognizer;D:\Program Files\F-Secure\Anti-Virus\Win2K\FSrec.sys [2008-02-15 18:45]
S4 msvsmon80;Visual Studio 2005 Remote Debugger;"E:\Ohjelmat\Visual Studio 2005\Common7\IDE\Remote Debugger\x86\msvsmon.exe" /service msvsmon80 []

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\C]
\Shell\AutoRun\command - D:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL Info.exe protect.ed 480 480

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\M]
\Shell\AutoRun\command - M:\autorun.exe

.
'Ajoitetut teht„v„t'-kansion sis„lt”
"2008-05-25 15:40:00 D:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
- D:\Program Files\Apple Software Update\SoftwareUpdate.exe
.
**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-05-31 16:30:35
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

**************************************************************************
.
------------------------ Other Running Processes ------------------------
.
D:\Program Files\Bonjour\mDNSResponder.exe
D:\Program Files\F-Secure\Anti-Virus\fsgk32st.exe
D:\Program Files\F-Secure\Anti-Virus\fsgk32.exe
D:\Program Files\F-Secure\common\FSMA32.EXE
D:\WINDOWS\system32\inetsrv\inetinfo.exe
D:\Program Files\F-Secure\common\FSMB32.EXE
D:\Program Files\Common Files\LightScribe\LSSrvc.exe
D:\Program Files\F-Secure\common\FCH32.EXE
D:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
D:\WINDOWS\system32\nvsvc32.exe
D:\WINDOWS\system32\wdfmgr.exe
D:\Program Files\F-Secure\common\FAMEH32.EXE
D:\Program Files\F-Secure\Anti-Virus\fsqh.exe
D:\Program Files\F-Secure\common\FNRB32.exe
D:\Program Files\F-Secure\Anti-Virus\fssm32.exe
D:\Program Files\F-Secure\common\FIH32.exe
D:\Program Files\F-Secure\FSAUA\program\fsaua.exe
D:\Program Files\F-Secure\FWES\program\fsdfwd.exe
D:\Program Files\Logitech\MouseWare\system\EM_EXEC.EXE
D:\Program Files\F-Secure\FSGUI\fsguidll.exe
D:\Program Files\F-Secure\Anti-Virus\fsav32.exe
.
**************************************************************************
.
Completion time: 2008-05-31 16:38:21 - machine was rebooted
ComboFix-quarantined-files.txt 2008-05-31 13:37:16

Pre-Run: 594,575,360 tavua vapaana
Post-Run: 526,217,216 tavua vapaana

193 --- E O F --- 2008-05-30 00:01:52

kalminen · 31.05.2008

Logit on puhtaat !!!

******************************************
Kirjoita windowsin käynnistävalikon suorita-kenttään ComboFix.exe /u paina OK
***************************************************************************

Fixaa HJT:llä pois:
O2 - BHO: (no name) - {f278e0ec-d991-4993-af83-a93b39bff2e4} - (no file)

Varmistetaan:

Lataa Malwarebytes' Anti-Malware työpöydällesi.

* Tuplaklikkaa mbam-setup.exe ja seuraa ohjeita asentaaksesi ohjelman.
* Lopuksi varmistu, että seuraavat on valittu: Update Malwarebytes' Anti-Malware ja Launch Malwarebytes' Anti-Malware ja sen jälkeen klikkaa Finish.
* Jos päivitys löytyy. ohjelma lataa ja asentaa uusimman version.
* Kun ohjelma on latautunut, valitse Perform full scan ja klikkaa Scan.
* Kun skanni on valmis, klikkaa OK ja sitten Show Results nähdäksesi tulokset.
* Varmistu, että kaikki on merkitty ja klikkaa Remove Selected.
* Tämän jälkeen loki avautuu muistioon. Tallenna se paikkaan, josta löydät sen helposti. Loki löytyy myös
täältä: C:\Documents and Settings\Käyttäjänimi\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\log-päiväys.txt
* Lähetä lokin sisältö seuraavassa viestissäsi Jos löytyi jotain laita logi.
.

Kirjaudu tai liity jäseneksi

"Mesevirus" jo pois? Mitä muuta vialla?

Kooppen Member

kalminen Regular member

Kooppen Member

kalminen Regular member

Jaa tämä sivu

Kirjaudu tai liity jäseneksi

"Mesevirus" jo pois? Mitä muuta vialla?

Kooppen Member

kalminen Regular member

Kooppen Member

kalminen Regular member

Jaa tämä sivu

Hyödyllisiä hakuja