hjt-logi: ongelmana vähintään Antivirus xp 2008

thym · Aug 1, 2008

Alkuun logi, lopussa selostus ongelmasta. Kiitokset avusta.

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 3:48:48 PM, on 8/1/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\F-Secure\BackWeb\7681197\Program\SERVIC~1.EXE
C:\Program Files\F-Secure\Anti-Virus\fsgk32st.exe
C:\Program Files\F-Secure\BackWeb\7681197\program\fsbwsys.exe
C:\Program Files\F-Secure\Anti-Virus\FSGK32.EXE
C:\Program Files\F-Secure\Common\FSMA32.EXE
C:\Program Files\F-Secure\Anti-Virus\fssm32.exe
C:\Program Files\F-Secure\Common\FSMB32.EXE
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\F-Secure\Common\FCH32.EXE
C:\Program Files\F-Secure\BackWeb\7681197\Program\F-Secure Automatic Update.exe
C:\Program Files\F-Secure\Common\FAMEH32.EXE
C:\Program Files\F-Secure\Anti-Virus\fsqh.exe
C:\Program Files\F-Secure\Anti-Virus\fsrw.exe
C:\Program Files\F-Secure\Common\FNRB32.EXE
C:\Program Files\F-Secure\FWES\Program\fsdfwd.exe
C:\Program Files\F-Secure\Common\FIH32.EXE
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\F-Secure\Anti-Virus\fsav32.exe
C:\WINDOWS\system32\WgaTray.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\F-Secure\Common\FSM32.EXE
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\PROGRA~1\F-Secure\ANTI-S~1\fsaw.exe
C:\Program Files\Logitech\Video\LogiTray.exe
C:\WINDOWS\system32\LVCOMSX.EXE
C:\Program Files\F-Secure\FSGUI\fsguidll.exe
C:\Program Files\rhcvsmj0ej3a\rhcvsmj0ej3a.exe
C:\WINDOWS\system32\pphcrsmj0ej3a.exe
C:\Program Files\Logitech\Video\FxSvr2.exe
C:\WINDOWS\system32\sistray.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\WINDOWS\system32\dumprep.exe
C:\WINDOWS\system32\dumprep.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://runonce.msn.com/?v=msgrv75
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://home.sweetim.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [F-Secure Manager] "C:\Program Files\F-Secure\Common\FSM32.EXE" /splash
O4 - HKLM\..\Run: [F-Secure TNB] "C:\Program Files\F-Secure\TNB\TNBUtil.exe" /CHECKALL /WAITFORSW
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [LogitechVideoRepair] C:\Program Files\Logitech\Video\ISStart.exe
O4 - HKLM\..\Run: [LogitechVideoTray] C:\Program Files\Logitech\Video\LogiTray.exe
O4 - HKLM\..\Run: [SiSPower] Rundll32.exe SiSPower.dll,ModeAgent
O4 - HKLM\..\Run: [SiSUSBRG] C:\WINDOWS\SiSUSBrg.exe
O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\system32\LVCOMSX.EXE
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [MSN Messenger] msn.com
O4 - HKLM\..\Run: [lphcrsmj0ej3a] C:\WINDOWS\system32\lphcrsmj0ej3a.exe
O4 - HKLM\..\Run: [SMrhcvsmj0ej3a] C:\Program Files\rhcvsmj0ej3a\rhcvsmj0ej3a.exe
O4 - HKLM\..\Run: [14292b13] rundll32.exe "C:\WINDOWS\system32\tjtllkbp.dll",b
O4 - HKLM\..\Run: [BM171a188f] Rundll32.exe "C:\WINDOWS\system32\blhvkncq.dll",s
O4 - HKCU\..\Run: [LogitechSoftwareUpdate] "C:\Program Files\Logitech\Video\ManifestEngine.exe" boot
O4 - HKCU\..\Run: [updateMgr] "C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" AcRdB7_0_9
O4 - HKCU\..\Run: [ares] "C:\Program Files\Ares\Ares.exe" -h
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: F-Secure Automatic Update.lnk = C:\Program Files\F-Secure\BackWeb\7681197\program\F-Secure Automatic Update.exe
O4 - Global Startup: Utility Tray.lnk = C:\WINDOWS\system32\sistray.exe
O8 - Extra context menu item: &Block this popup - C:\Program Files\F-Secure\Anti-Spyware\blockpopups.htm
O8 - Extra context menu item: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx
O9 - Extra button: IE Shield - {300DB664-75B5-47c0-8B45-A44ACCF73C00} - C:\Program Files\F-Secure\Anti-Spyware\ieshield.dll
O9 - Extra 'Tools' menuitem: IE Shield... - {300DB664-75B5-47c0-8B45-A44ACCF73C00} - C:\Program Files\F-Secure\Anti-Spyware\ieshield.dll
O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyGaming\PartyPoker\RunApp.exe (file missing)
O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyGaming\PartyPoker\RunApp.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O23 - Service: Adobe LM Service - Unknown owner - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: F-Secure Automatic Update (BackWeb Plug-in - 7681197) - F-Secure Automatic Update - C:\PROGRA~1\F-Secure\BackWeb\7681197\Program\SERVIC~1.EXE
O23 - Service: FSGKHS (F-Secure Gatekeeper Handler Starter) - F-Secure Corp. - C:\Program Files\F-Secure\Anti-Virus\fsgk32st.exe
O23 - Service: F-Secure Network Request Broker - F-Secure Corporation - C:\Program Files\F-Secure\Common\FNRB32.EXE
O23 - Service: fsbwsys - F-Secure Corp. - C:\Program Files\F-Secure\BackWeb\7681197\program\fsbwsys.exe
O23 - Service: F-Secure Anti-Virus Firewall Daemon (FSDFWD) - F-Secure Corporation - C:\Program Files\F-Secure\FWES\Program\fsdfwd.exe
O23 - Service: F-Secure Management Agent (FSMA) - F-Secure Corporation - C:\Program Files\F-Secure\Common\FSMA32.EXE
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe

--
End of file - 7070 bytes

Selostus ongelmasta:
Sain tuttavislta koneen. piakkoin nettiyhteyden saamisen jälkeen alkoivat ongelmat, ilmeisesti asensin spywaren itse, en tiedä.. Antivirus XP 2008 ilmoittaa itsestään jatkuvasti. Nettiä selaillessa ilmestyy mainoksia. System restore ei toimi ja kone sammuu/käynnistyy uudelleen. Spybot ei ehdi skannata loppuun, vaikka löytääkin korjattavaa. F-secure ei pysty poistamaan "vääriä" tiedostoja kokonaisuudessaan.
F-secure jatkuvasti hyväksyntää nettiyhteyttäkaipaaville ".dll", ".tmp "ja ".exe"-tiedostoille, jotka ovat peräisin system32- ja temp-kansioista.
Olen poistanut väliaikaiset tiedostot, muuta en oikein osaa enää tässä tilanteessa tehdä.

Kiitokset avusta.

thym · Aug 1, 2008

Laitan tämän seuraavaan viestiin selkeyden vuoksi (pahoittelut, jos toimin väärin).

koneessa ilmenee myös tämä sama ongelma kuin
http://keskustelu.afterdawn.com/thread_view.cfm/685629#4170059
eli taustaväri muuttui siniseksi ja ilmestyi keltasininen laatikko, jossa lukee: Warning! Spyware detected on your computer! Instal antivirus or Spyware remover to clean your computer!Koneen käynnistyessä uudelleen ilmestyy kaksi seuraavan kaltaista viestiä: RUNDLL
Error loading C:\WINDOWS\system32\tjtllkbp.dll
The specified module could not be found.
Error loading C:\WINDOWS\system32\blhvkncq.dll
The specified module could not be found.

seurasin keskustelussa annettuja ohjeita ja tässä on
SmitFraudFix-logi

SmitFraudFix v2.332

Scan done at 16:32:05.81, Fri 08/01/2008
Run from C:\Documents and Settings\benyam\Desktop\SmitfraudFix
OS: Microsoft Windows XP [Version 5.1.2600] - Windows_NT
The filesystem type is NTFS
Fix run in normal mode

»»»»»»»»»»»»»»»»»»»»»»»» Process

C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\F-Secure\BackWeb\7681197\Program\SERVIC~1.EXE
C:\Program Files\F-Secure\Anti-Virus\fsgk32st.exe
C:\Program Files\F-Secure\BackWeb\7681197\program\fsbwsys.exe
C:\Program Files\F-Secure\Anti-Virus\FSGK32.EXE
C:\Program Files\F-Secure\Common\FSMA32.EXE
C:\Program Files\F-Secure\Anti-Virus\fssm32.exe
C:\Program Files\F-Secure\Common\FSMB32.EXE
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\F-Secure\Common\FCH32.EXE
C:\Program Files\F-Secure\BackWeb\7681197\Program\F-Secure Automatic Update.exe
C:\Program Files\F-Secure\Common\FAMEH32.EXE
C:\Program Files\F-Secure\Anti-Virus\fsqh.exe
C:\Program Files\F-Secure\Anti-Virus\fsrw.exe
C:\Program Files\F-Secure\Common\FNRB32.EXE
C:\Program Files\F-Secure\FWES\Program\fsdfwd.exe
C:\Program Files\F-Secure\Common\FIH32.EXE
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\F-Secure\Anti-Virus\fsav32.exe
C:\WINDOWS\system32\WgaTray.exe
C:\Program Files\F-Secure\Common\FSM32.EXE
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\PROGRA~1\F-Secure\ANTI-S~1\fsaw.exe
C:\Program Files\Logitech\Video\LogiTray.exe
C:\WINDOWS\system32\LVCOMSX.EXE
C:\Program Files\F-Secure\FSGUI\fsguidll.exe
C:\Program Files\rhcvsmj0ej3a\rhcvsmj0ej3a.exe
C:\WINDOWS\system32\pphcrsmj0ej3a.exe
C:\Program Files\Logitech\Video\FxSvr2.exe
C:\WINDOWS\system32\sistray.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\WINDOWS\system32\cmd.exe
C:\WINDOWS\explorer.exe

»»»»»»»»»»»»»»»»»»»»»»»» hosts

»»»»»»»»»»»»»»»»»»»»»»»» C:\

»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS

»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system

»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\Web

»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system32

»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system32\LogFiles

»»»»»»»»»»»»»»»»»»»»»»»» C:\Documents and Settings\benyam

»»»»»»»»»»»»»»»»»»»»»»»» C:\Documents and Settings\benyam\Application Data

»»»»»»»»»»»»»»»»»»»»»»»» Start Menu

»»»»»»»»»»»»»»»»»»»»»»»» C:\DOCUME~1\benyam\FAVORI~1

»»»»»»»»»»»»»»»»»»»»»»»» Desktop

»»»»»»»»»»»»»»»»»»»»»»»» C:\Program Files

»»»»»»»»»»»»»»»»»»»»»»»» Corrupted keys

»»»»»»»»»»»»»»»»»»»»»»»» Desktop Components

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Desktop\Components\0]
"Source"="About:Home"
"SubscribedURL"="About:Home"
"FriendlyName"="My Current Home Page"

»»»»»»»»»»»»»»»»»»»»»»»» IEDFix
!!!Attention, following keys are not inevitably infected!!!

»»»»»»»»»»»»»»»»»»»»»»»» VACFix
!!!Attention, following keys are not inevitably infected!!!

VACFix
Credits: Malware Analysis & Diagnostic
Code: S!Ri

»»»»»»»»»»»»»»»»»»»»»»»» 404Fix
!!!Attention, following keys are not inevitably infected!!!

404Fix
Credits: Malware Analysis & Diagnostic
Code: S!Ri

»»»»»»»»»»»»»»»»»»»»»»»» Sharedtaskscheduler
!!!Attention, following keys are not inevitably infected!!!

SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll

»»»»»»»»»»»»»»»»»»»»»»»» AppInit_DLLs
!!!Attention, following keys are not inevitably infected!!!

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLs"=""

»»»»»»»»»»»»»»»»»»»»»»»» Winlogon
!!!Attention, following keys are not inevitably infected!!!

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
"Userinit"="C:\\WINDOWS\\system32\\userinit.exe,"
"System"=""

»»»»»»»»»»»»»»»»»»»»»»»» Rustock

»»»»»»»»»»»»»»»»»»»»»»»» DNS

Description: SiS 900 PCI Fast Ethernet Adapter
DNS Server Search Order: 213.243.153.136
DNS Server Search Order: 213.243.153.170

HKLM\SYSTEM\CCS\Services\Tcpip\..\{932C7670-CE35-46AF-A0D7-FFEF20CE96E5}: DhcpNameServer=213.243.153.136 213.243.153.170
HKLM\SYSTEM\CS1\Services\Tcpip\..\{932C7670-CE35-46AF-A0D7-FFEF20CE96E5}: DhcpNameServer=213.243.153.136 213.243.153.170
HKLM\SYSTEM\CS3\Services\Tcpip\..\{932C7670-CE35-46AF-A0D7-FFEF20CE96E5}: DhcpNameServer=213.243.153.136 213.243.153.170
HKLM\SYSTEM\CCS\Services\Tcpip\Parameters: DhcpNameServer=213.243.153.136 213.243.153.170
HKLM\SYSTEM\CS1\Services\Tcpip\Parameters: DhcpNameServer=213.243.153.136 213.243.153.170
HKLM\SYSTEM\CS3\Services\Tcpip\Parameters: DhcpNameServer=213.243.153.136 213.243.153.170

»»»»»»»»»»»»»»»»»»»»»»»» Scanning for wininet.dll infection

»»»»»»»»»»»»»»»»»»»»»»»» End

kalminen · Aug 1, 2008

Onhan tätä täällä !!!

Lataa Malwarebytes' Anti-Malware työpöydällesi.

* Tuplaklikkaa mbam-setup.exe ja seuraa ohjeita asentaaksesi ohjelman.
* Lopuksi varmistu, että seuraavat on valittu: Update Malwarebytes' Anti-Malware ja Launch Malwarebytes' Anti-Malware ja sen jälkeen klikkaa Finish.
* Jos päivitys löytyy. ohjelma lataa ja asentaa uusimman version.
* Kun ohjelma on latautunut, valitse Perform full scan ja klikkaa Scan.
* Kun skanni on valmis, klikkaa OK ja sitten Show Results nähdäksesi tulokset.
* Varmistu, että kaikki on merkitty ja klikkaa Remove Selected.
* Tämän jälkeen loki avautuu muistioon. Tallenna se paikkaan, josta löydät sen helposti. Loki löytyy myös
täältä: C:\Documents and Settings\Käyttäjänimi\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\log-päiväys.txt
* Lähetä lokin sisältö seuraavassa viestissäsi + uusi hjt-loki.

------------------------------------------------------------------

1. Lataa combofix.exe työpöydällesi jommastakummasta linkistä:
combofix.exe
combofix.exe

Avaa Muistio ja kopioi/liitä Lainaus: laatikon sisältö sinne:

File::
C:\WINDOWS\system32\lphcrsmj0ej3a.exe
C:\WINDOWS\system32\tjtllkbp.dll
C:\WINDOWS\system32\blhvkncq.dll
c:\windows\msn.com
Folder:
C:\Program Files\rhcvsmj0ej3a

Click to expand...

Tallenna nimellä CFScript (itse asiassa combofix tunnistaa tuon vaikka tiedostopääte ei olisi
edes .txt).

Sitten raahaa ja pudota CFScript ComboFix.exeen kuten alla.(Älä klikkaa)

Huom! Älä klikkaile combofixin ikkunaa käytön aikana. Tämä saattaa aiheuttaa ohjelman jumiutumisen.
Käynnistä kone uudelleen, jos niin pyydetään ja lähetä combofix.txt-tiedoston sisältö tänne.

Folder::
-----------------------------------------------------------------

Sammuta selain ja muut ohjelmat Fixin ajaksi. (ei virustorjuntaa)
Käynnistä HijackThis:ja Scan ja ruksaa seuraavat punaisella listatut tiedostot sekä poista ne.(fix Chekked)

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://home.sweetim.com
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [MSN Messenger] msn.com
O4 - HKLM\..\Run: [lphcrsmj0ej3a] C:\WINDOWS\system32\lphcrsmj0ej3a.exe
O4 - HKLM\..\Run: [SMrhcvsmj0ej3a] C:\Program Files\rhcvsmj0ej3a\rhcvsmj0ej3a.exe
O4 - HKLM\..\Run: [14292b13] rundll32.exe "C:\WINDOWS\system32\tjtllkbp.dll",b
O4 - HKLM\..\Run: [BM171a188f] Rundll32.exe "C:\WINDOWS\system32\blhvkncq.dll",s
O4 - HKCU\..\Run: [updateMgr] "C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" AcRdB7_0_9
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyGaming\PartyPoker\RunApp.exe (file missing)
O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyGaming\PartyPoker\RunApp.exe (file missing)

Tyhjennä roskakori ja käynnistä koneesi uudelleen.

Postita tänne seuraavat lokit:
* Tuore HijackThis loki (Otetaan viimeisenä ennen postitusta)
* (C:\ComboFix.txt) raportti
* Malwarebytes' Anti-Malware\Logs\log-päiväys.txt
*

thym · Aug 1, 2008

hjt-log

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 20:24:26, on 8/1/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\F-Secure\BackWeb\7681197\Program\SERVIC~1.EXE
C:\Program Files\F-Secure\Anti-Virus\fsgk32st.exe
C:\Program Files\F-Secure\BackWeb\7681197\program\fsbwsys.exe
C:\Program Files\F-Secure\Anti-Virus\FSGK32.EXE
C:\Program Files\F-Secure\Common\FSMA32.EXE
C:\Program Files\F-Secure\Common\FSMB32.EXE
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\F-Secure\Anti-Virus\fssm32.exe
C:\Program Files\F-Secure\BackWeb\7681197\Program\F-Secure Automatic Update.exe
C:\Program Files\F-Secure\Common\FCH32.EXE
C:\Program Files\F-Secure\Common\FAMEH32.EXE
C:\Program Files\F-Secure\Anti-Virus\fsqh.exe
C:\Program Files\F-Secure\Anti-Virus\fsrw.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\F-Secure\Common\FNRB32.EXE
C:\Program Files\F-Secure\FWES\Program\fsdfwd.exe
C:\Program Files\F-Secure\Common\FIH32.EXE
C:\WINDOWS\system32\WgaTray.exe
C:\Program Files\F-Secure\Common\FSM32.EXE
C:\Program Files\Logitech\Video\LogiTray.exe
C:\WINDOWS\system32\LVCOMSX.EXE
C:\WINDOWS\system32\sistray.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\F-Secure\Anti-Virus\fsav32.exe
C:\Program Files\Logitech\Video\FxSvr2.exe
C:\PROGRA~1\F-Secure\ANTI-S~1\fsaw.exe
C:\Program Files\F-Secure\FSGUI\fsguidll.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://runonce.msn.com/?v=msgrv75
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll (file missing)
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [F-Secure Manager] "C:\Program Files\F-Secure\Common\FSM32.EXE" /splash
O4 - HKLM\..\Run: [F-Secure TNB] "C:\Program Files\F-Secure\TNB\TNBUtil.exe" /CHECKALL /WAITFORSW
O4 - HKLM\..\Run: [LogitechVideoRepair] C:\Program Files\Logitech\Video\ISStart.exe
O4 - HKLM\..\Run: [LogitechVideoTray] C:\Program Files\Logitech\Video\LogiTray.exe
O4 - HKLM\..\Run: [SiSPower] Rundll32.exe SiSPower.dll,ModeAgent
O4 - HKLM\..\Run: [SiSUSBRG] C:\WINDOWS\SiSUSBrg.exe
O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\system32\LVCOMSX.EXE
O4 - HKCU\..\Run: [LogitechSoftwareUpdate] "C:\Program Files\Logitech\Video\ManifestEngine.exe" boot
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: F-Secure Automatic Update.lnk = C:\Program Files\F-Secure\BackWeb\7681197\program\F-Secure Automatic Update.exe
O4 - Global Startup: Utility Tray.lnk = C:\WINDOWS\system32\sistray.exe
O8 - Extra context menu item: &Block this popup - C:\Program Files\F-Secure\Anti-Spyware\blockpopups.htm
O8 - Extra context menu item: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx
O9 - Extra button: IE Shield - {300DB664-75B5-47c0-8B45-A44ACCF73C00} - C:\Program Files\F-Secure\Anti-Spyware\ieshield.dll
O9 - Extra 'Tools' menuitem: IE Shield... - {300DB664-75B5-47c0-8B45-A44ACCF73C00} - C:\Program Files\F-Secure\Anti-Spyware\ieshield.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O23 - Service: F-Secure Automatic Update (BackWeb Plug-in - 7681197) - F-Secure Automatic Update - C:\PROGRA~1\F-Secure\BackWeb\7681197\Program\SERVIC~1.EXE
O23 - Service: FSGKHS (F-Secure Gatekeeper Handler Starter) - F-Secure Corp. - C:\Program Files\F-Secure\Anti-Virus\fsgk32st.exe
O23 - Service: F-Secure Network Request Broker - F-Secure Corporation - C:\Program Files\F-Secure\Common\FNRB32.EXE
O23 - Service: fsbwsys - F-Secure Corp. - C:\Program Files\F-Secure\BackWeb\7681197\program\fsbwsys.exe
O23 - Service: F-Secure Anti-Virus Firewall Daemon (FSDFWD) - F-Secure Corporation - C:\Program Files\F-Secure\FWES\Program\fsdfwd.exe
O23 - Service: F-Secure Management Agent (FSMA) - F-Secure Corporation - C:\Program Files\F-Secure\Common\FSMA32.EXE
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe

--
End of file - 6223 bytes

combo-log:
ComboFix 08-07-31.06 - Tiia 2008-08-01 19:33:29.1 - NTFSx86 NETWORK
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.59 [GMT 3:00]
Running from: C:\Documents and Settings\benyam\Desktop\ComboFix.exe
Command switches used :: C:\Documents and Settings\benyam\Desktop\CFScript.txt

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!

FILE ::
c:\windows\msn.com
C:\WINDOWS\system32\blhvkncq.dll
C:\WINDOWS\system32\lphcrsmj0ej3a.exe
C:\WINDOWS\system32\tjtllkbp.dll
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Documents and Settings\benyam\Application Data\rhcvsmj0ej3a
C:\Program Files\rhcvsmj0ej3a
C:\WINDOWS\admintxt.txt
C:\WINDOWS\BM171a188f.txt
C:\WINDOWS\BM171a188f.xml
C:\WINDOWS\pskt.ini
C:\WINDOWS\system32\B.tmp
C:\WINDOWS\system32\blphcrsmj0ej3a.scr
C:\WINDOWS\system32\C.tmp
C:\WINDOWS\system32\csmvrppe.dll
C:\WINDOWS\system32\D.tmp
C:\WINDOWS\system32\dphrgd.dll
C:\WINDOWS\system32\E.tmp
C:\WINDOWS\system32\F.tmp
C:\WINDOWS\system32\fccdedCu.dll
C:\WINDOWS\system32\fippopwy.dll
C:\WINDOWS\system32\hylfomvu.dll
C:\WINDOWS\system32\iifgFYpP.dll
C:\WINDOWS\system32\ipauhq.dll
C:\WINDOWS\system32\jhpckhcx.ini
C:\WINDOWS\system32\jqmsjeam.ini
C:\WINDOWS\system32\ldhlgw.dll
C:\WINDOWS\system32\lnrluqhy.dll
C:\WINDOWS\system32\lphcrsmj0ej3a.exe
C:\WINDOWS\system32\mcrh.tmp
C:\WINDOWS\system32\mwmwotxn.dll
C:\WINDOWS\system32\oahode.dll
C:\WINDOWS\system32\pbklltjt.ini
C:\WINDOWS\system32\phcrsmj0ej3a.bmp
C:\WINDOWS\system32\pphcrsmj0ej3a.exe
C:\WINDOWS\system32\sgutgcfq.dll
C:\WINDOWS\system32\sysrest32.exe
C:\WINDOWS\system32\tacxvwcm.dll
C:\WINDOWS\system32\uajpgekt.dll
C:\WINDOWS\system32\uCdedccf.ini
C:\WINDOWS\system32\uCdedccf.ini2
C:\WINDOWS\system32\vtwylsuy.dll
C:\WINDOWS\system32\vukchd.dll
C:\WINDOWS\system32\wifxqara.dll
C:\WINDOWS\system32\winhoo32.dll
C:\WINDOWS\system32\xpxarpnm.dll

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_SYSREST.SYS
-------\Service_sysrest.sys

((((((((((((((((((((((((( Files Created from 2008-07-01 to 2008-08-01 )))))))))))))))))))))))))))))))
.

2008-08-01 17:41 . 2008-08-01 17:41 <DIR> d-------- C:\Documents and Settings\benyam\Application Data\Malwarebytes
2008-08-01 17:40 . 2008-08-01 17:41 <DIR> d-------- C:\Program Files\Malwarebytes' Anti-Malware
2008-08-01 17:40 . 2008-08-01 17:40 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2008-08-01 17:40 . 2008-07-30 20:07 38,472 --a------ C:\WINDOWS\system32\drivers\mbamswissarmy.sys
2008-08-01 17:40 . 2008-07-30 20:07 17,144 --a------ C:\WINDOWS\system32\drivers\mbam.sys
2008-08-01 16:34 . 2008-08-01 16:34 2,196 --a------ C:\WINDOWS\system32\tmp.reg
2008-08-01 16:31 . 2007-09-06 00:22 289,144 --a------ C:\WINDOWS\system32\VCCLSID.exe
2008-08-01 16:31 . 2006-04-27 17:49 288,417 --a------ C:\WINDOWS\system32\SrchSTS.exe
2008-08-01 16:31 . 2008-05-29 09:35 86,528 --a------ C:\WINDOWS\system32\VACFix.exe
2008-08-01 16:31 . 2008-05-23 18:21 81,920 --a------ C:\WINDOWS\system32\404Fix.exe
2008-08-01 16:31 . 2003-06-05 21:13 53,248 --a------ C:\WINDOWS\system32\Process.exe
2008-08-01 16:31 . 2004-07-31 18:50 51,200 --a------ C:\WINDOWS\system32\dumphive.exe
2008-08-01 16:31 . 2007-10-04 00:36 25,600 --a------ C:\WINDOWS\system32\WS2Fix.exe
2008-08-01 15:47 . 2008-08-01 15:47 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Yahoo! Companion
2008-08-01 14:13 . 2008-08-01 14:13 <DIR> d-------- C:\Program Files\Trend Micro
2008-08-01 14:08 . 2008-08-01 14:13 <DIR> d-------- C:\Program Files\CCleaner
2008-08-01 14:01 . 2008-08-01 14:01 145 --a------ C:\WINDOWS\system32\winver.bat
2008-07-31 11:46 . 2008-07-31 11:46 81,408 --a------ C:\WINDOWS\system32\TJTLLKBP.0LL
2008-07-31 11:43 . 2008-07-31 11:43 89,600 --a------ C:\WINDOWS\system32\BLHVKNCQ.0LL
2008-07-31 05:42 . 2008-07-31 05:42 81,408 --a------ C:\WINDOWS\system32\XCHKCPHJ.0LL
2008-07-30 22:54 . 2008-07-30 22:58 <DIR> d-------- C:\Documents and Settings\benyam\Contacts

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-08-01 15:32 94,208 ----a-w C:\WINDOWS\system32\92.tmp
2008-08-01 15:32 94,208 ----a-w C:\WINDOWS\system32\90.tmp
2008-08-01 15:32 94,208 ----a-w C:\WINDOWS\system32\8F.tmp
2008-08-01 15:32 94,208 ----a-w C:\WINDOWS\system32\8E.tmp
2008-08-01 15:32 94,208 ----a-w C:\WINDOWS\system32\8D.tmp
2008-08-01 15:32 94,208 ----a-w C:\WINDOWS\system32\8C.tmp
2008-08-01 15:32 94,208 ----a-w C:\WINDOWS\system32\8B.tmp
2008-08-01 15:31 94,208 ----a-w C:\WINDOWS\system32\8A.tmp
2008-08-01 15:31 94,208 ----a-w C:\WINDOWS\system32\87.tmp
2008-08-01 15:31 94,208 ----a-w C:\WINDOWS\system32\78.tmp
2008-08-01 15:31 94,208 ----a-w C:\WINDOWS\system32\70.tmp
2008-08-01 15:31 94,208 ----a-w C:\WINDOWS\system32\66.tmp
2008-08-01 15:31 94,208 ----a-w C:\WINDOWS\system32\65.tmp
2008-08-01 15:31 94,208 ----a-w C:\WINDOWS\system32\56.tmp
2008-08-01 15:30 94,208 ----a-w C:\WINDOWS\system32\53.tmp
2008-08-01 15:30 94,208 ----a-w C:\WINDOWS\system32\50.tmp
2008-08-01 15:30 94,208 ----a-w C:\WINDOWS\system32\4F.tmp
2008-08-01 11:08 --------- d-----w C:\Program Files\Yahoo!
2008-08-01 10:47 94,208 ----a-w C:\WINDOWS\system32\5A.tmp
2008-08-01 10:47 94,208 ----a-w C:\WINDOWS\system32\59.tmp
2008-08-01 10:46 94,208 ----a-w C:\WINDOWS\system32\58.tmp
2008-08-01 10:46 94,208 ----a-w C:\WINDOWS\system32\57.tmp
2008-08-01 10:46 94,208 ----a-w C:\WINDOWS\system32\4E.tmp
2008-08-01 10:46 94,208 ----a-w C:\WINDOWS\system32\4D.tmp
2008-08-01 10:46 94,208 ----a-w C:\WINDOWS\system32\4C.tmp
2008-08-01 10:46 94,208 ----a-w C:\WINDOWS\system32\4A.tmp
2008-08-01 08:55 94,208 ----a-w C:\WINDOWS\system32\136.tmp
2008-08-01 08:55 94,208 ----a-w C:\WINDOWS\system32\10A.tmp
2008-08-01 08:55 94,208 ----a-w C:\WINDOWS\system32\109.tmp
2008-08-01 08:55 94,208 ----a-w C:\WINDOWS\system32\108.tmp
2008-08-01 08:55 94,208 ----a-w C:\WINDOWS\system32\107.tmp
2008-08-01 08:55 94,208 ----a-w C:\WINDOWS\system32\106.tmp
2008-08-01 08:55 94,208 ----a-w C:\WINDOWS\system32\105.tmp
2008-08-01 08:54 94,208 ----a-w C:\WINDOWS\system32\104.tmp
2008-08-01 08:53 94,208 ----a-w C:\WINDOWS\system32\D6.tmp
2008-08-01 08:53 94,208 ----a-w C:\WINDOWS\system32\D5.tmp
2008-08-01 08:53 94,208 ----a-w C:\WINDOWS\system32\D4.tmp
2008-08-01 08:53 94,208 ----a-w C:\WINDOWS\system32\D3.tmp
2008-08-01 08:53 94,208 ----a-w C:\WINDOWS\system32\D2.tmp
2008-08-01 08:53 94,208 ----a-w C:\WINDOWS\system32\D1.tmp
2008-08-01 08:53 94,208 ----a-w C:\WINDOWS\system32\D0.tmp
2008-08-01 08:53 94,208 ----a-w C:\WINDOWS\system32\103.tmp
2008-08-01 08:52 94,208 ----a-w C:\WINDOWS\system32\CF.tmp
2008-08-01 08:52 94,208 ----a-w C:\WINDOWS\system32\CE.tmp
2008-08-01 08:52 94,208 ----a-w C:\WINDOWS\system32\CD.tmp
2008-08-01 08:52 94,208 ----a-w C:\WINDOWS\system32\CC.tmp
2008-08-01 08:52 94,208 ----a-w C:\WINDOWS\system32\CB.tmp
2008-08-01 08:52 94,208 ----a-w C:\WINDOWS\system32\CA.tmp
2008-08-01 06:40 94,208 ----a-w C:\WINDOWS\system32\2A7.tmp
2008-08-01 06:40 94,208 ----a-w C:\WINDOWS\system32\2A6.tmp
2008-08-01 06:40 94,208 ----a-w C:\WINDOWS\system32\2A5.tmp
2008-08-01 06:39 94,208 ----a-w C:\WINDOWS\system32\2A4.tmp
2008-08-01 06:39 94,208 ----a-w C:\WINDOWS\system32\2A3.tmp
2008-08-01 06:39 94,208 ----a-w C:\WINDOWS\system32\2A2.tmp
2008-08-01 06:39 94,208 ----a-w C:\WINDOWS\system32\2A1.tmp
2008-08-01 06:39 94,208 ----a-w C:\WINDOWS\system32\2A0.tmp
2008-08-01 06:39 94,208 ----a-w C:\WINDOWS\system32\29F.tmp
2008-08-01 06:39 94,208 ----a-w C:\WINDOWS\system32\299.tmp
2008-08-01 06:39 94,208 ----a-w C:\WINDOWS\system32\298.tmp
2008-08-01 06:38 94,208 ----a-w C:\WINDOWS\system32\297.tmp
2008-08-01 06:38 94,208 ----a-w C:\WINDOWS\system32\296.tmp
2008-08-01 06:38 94,208 ----a-w C:\WINDOWS\system32\295.tmp
2008-08-01 06:38 94,208 ----a-w C:\WINDOWS\system32\294.tmp
2008-08-01 06:37 94,208 ----a-w C:\WINDOWS\system32\293.tmp
2008-08-01 06:37 94,208 ----a-w C:\WINDOWS\system32\292.tmp
2008-08-01 06:37 94,208 ----a-w C:\WINDOWS\system32\28F.tmp
2008-08-01 06:37 94,208 ----a-w C:\WINDOWS\system32\28E.tmp
2008-08-01 06:36 94,208 ----a-w C:\WINDOWS\system32\28D.tmp
2008-08-01 06:36 94,208 ----a-w C:\WINDOWS\system32\28C.tmp
2008-08-01 06:36 94,208 ----a-w C:\WINDOWS\system32\28B.tmp
2008-08-01 06:36 94,208 ----a-w C:\WINDOWS\system32\28A.tmp
2008-08-01 06:36 94,208 ----a-w C:\WINDOWS\system32\289.tmp
2008-08-01 06:36 94,208 ----a-w C:\WINDOWS\system32\288.tmp
2008-08-01 06:36 94,208 ----a-w C:\WINDOWS\system32\287.tmp
2008-08-01 06:36 94,208 ----a-w C:\WINDOWS\system32\286.tmp
2008-08-01 06:35 94,208 ----a-w C:\WINDOWS\system32\285.tmp
2008-07-31 22:37 94,208 ----a-w C:\WINDOWS\system32\91.tmp
2008-07-31 22:36 94,208 ----a-w C:\WINDOWS\system32\89.tmp
2008-07-31 22:36 94,208 ----a-w C:\WINDOWS\system32\88.tmp
2008-07-31 21:42 94,208 ----a-w C:\WINDOWS\system32\86.tmp
2008-07-31 21:42 94,208 ----a-w C:\WINDOWS\system32\85.tmp
2008-07-31 21:42 94,208 ----a-w C:\WINDOWS\system32\84.tmp
2008-07-31 21:41 94,208 ----a-w C:\WINDOWS\system32\83.tmp
2008-07-31 21:41 94,208 ----a-w C:\WINDOWS\system32\82.tmp
2008-07-31 21:41 94,208 ----a-w C:\WINDOWS\system32\81.tmp
2008-07-31 21:41 94,208 ----a-w C:\WINDOWS\system32\80.tmp
2008-07-31 21:41 94,208 ----a-w C:\WINDOWS\system32\7F.tmp
2008-07-31 21:41 94,208 ----a-w C:\WINDOWS\system32\7E.tmp
2008-07-31 21:41 94,208 ----a-w C:\WINDOWS\system32\7D.tmp
2008-07-31 21:40 94,208 ----a-w C:\WINDOWS\system32\7C.tmp
2008-07-31 21:40 94,208 ----a-w C:\WINDOWS\system32\7B.tmp
2008-07-31 21:40 94,208 ----a-w C:\WINDOWS\system32\7A.tmp
2008-07-31 21:40 94,208 ----a-w C:\WINDOWS\system32\77.tmp
2008-07-31 21:40 94,208 ----a-w C:\WINDOWS\system32\76.tmp
2008-07-31 21:40 94,208 ----a-w C:\WINDOWS\system32\75.tmp
2008-07-31 21:40 94,208 ----a-w C:\WINDOWS\system32\74.tmp
2008-07-31 21:40 94,208 ----a-w C:\WINDOWS\system32\73.tmp
2008-07-31 21:39 94,208 ----a-w C:\WINDOWS\system32\72.tmp
2008-07-31 21:39 94,208 ----a-w C:\WINDOWS\system32\6F.tmp
2008-07-31 21:39 94,208 ----a-w C:\WINDOWS\system32\6E.tmp
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"LogitechSoftwareUpdate"="C:\Program Files\Logitech\Video\ManifestEngine.exe" [2005-06-08 14:44 196608]
"updateMgr"="C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" [2006-03-31 03:45 313472]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"F-Secure Manager"="C:\Program Files\F-Secure\Common\FSM32.EXE" [2005-10-26 04:51 122929]
"F-Secure TNB"="C:\Program Files\F-Secure\TNB\TNBUtil.exe" [2004-05-27 11:57 684032]
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [2007-02-04 18:31 180269]
"LogitechVideoRepair"="C:\Program Files\Logitech\Video\ISStart.exe" [2005-06-08 15:24 458752]
"LogitechVideoTray"="C:\Program Files\Logitech\Video\LogiTray.exe" [2005-06-08 15:14 217088]
"SiSUSBRG"="C:\WINDOWS\SiSUSBrg.exe" [2002-07-12 13:15 106496]
"LVCOMSX"="C:\WINDOWS\system32\LVCOMSX.EXE" [2005-07-19 17:32 221184]
"QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" [2007-12-11 11:56 286720]
"SiSPower"="SiSPower.dll" [2004-09-02 08:47 49152 C:\WINDOWS\system32\SiSPower.dll]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\System32\CTFMON.EXE" [2004-08-04 10:56 15360]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Adobe Gamma Loader.lnk - C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2008-06-02 17:46:02 113664]
Adobe Reader Speed Launch.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2005-09-24 09:05:26 29696]
F-Secure Automatic Update.lnk - C:\Program Files\F-Secure\BackWeb\7681197\program\F-Secure Automatic Update.exe [2007-02-04 16:24:10 32807]
Utility Tray.lnk - C:\WINDOWS\system32\sistray.exe [2007-02-10 16:02:50 331776]

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"C:\\Program Files\\F-Secure\\BackWeb\\7681197\\Program\\F-Secure Automatic Update.exe"= C:\\Program Files\\F-Secure\\BackWeb\\7681197\\program\\F-Secure Automatic Update.exe
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"C:\\Program Files\\Messenger\\msmsgs.exe"=
"C:\\Program Files\\Java\\jdk1.6.0_10\\jre\\bin\\java.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=
"C:\\WINDOWS\\system32\\winver.exe"=

R0 FSFW;F-Secure Firewall Driver;C:\WINDOWS\system32\drivers\fsdfw.sys [2005-10-31 13:01]
R2 BackWeb Plug-in - 7681197;F-Secure Automatic Update;C:\PROGRA~1\F-Secure\BackWeb\7681197\Program\SERVIC~1.EXE [2007-02-04 16:24]
R2 F-Secure Filter;F-Secure File System Filter;C:\Program Files\F-Secure\Anti-Virus\Win2K\FSfilter.sys [2005-08-19 16:37]
R2 F-Secure Gatekeeper;F-Secure Gatekeeper;C:\Program Files\F-Secure\Anti-Virus\Win2K\FSgk.sys [2005-10-06 17:30]
R2 F-Secure Recognizer;F-Secure File System Recognizer;C:\Program Files\F-Secure\Anti-Virus\Win2K\FSrec.sys [2005-08-19 16:37]
S3 MBAMSwissArmy;MBAMSwissArmy;C:\WINDOWS\system32\drivers\mbamswissarmy.sys [2008-07-30 20:07]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{2ec0e1d3-d26a-11dc-8f62-0013d41582d6}]
\Shell\Auto\command - OSO.exe
\Shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL OSO.exe
.
Contents of the 'Scheduled Tasks' folder

2008-04-21 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe [2007-08-29 15:57]

2008-08-01 C:\WINDOWS\Tasks\Scheduled scanning task.job
- C:\PROGRA~1\F-Secure\ANTI-V~1\fsav.exe [2005-05-24 17:42]
.
- - - - ORPHANS REMOVED - - - -

BHO-{6FF22309-A6ED-462B-ABEC-877625C012F3} - C:\WINDOWS\system32\xxywuSmJ.dll
HKCU-Run-ares - C:\Program Files\Ares\Ares.exe
HKLM-Run-lphcrsmj0ej3a - C:\WINDOWS\system32\lphcrsmj0ej3a.exe
HKLM-Run-SMrhcvsmj0ej3a - C:\Program Files\rhcvsmj0ej3a\rhcvsmj0ej3a.exe
HKLM-Run-14292b13 - C:\WINDOWS\system32\tjtllkbp.dll
HKLM-Run-BM171a188f - C:\WINDOWS\system32\blhvkncq.dll
HKLM-Run-sysrest32.exe - C:\WINDOWS\system32\sysrest32.exe
ShellExecuteHooks-{6FF22309-A6ED-462B-ABEC-877625C012F3} - C:\WINDOWS\system32\xxywuSmJ.dll
Notify-xxywuSmJ - xxywuSmJ.dll

**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-08-01 19:42:33
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
------------------------ Other Running Processes ------------------------
.
C:\Program Files\F-Secure\Anti-Virus\fsgk32st.exe
C:\Program Files\F-Secure\BackWeb\7681197\program\fsbwsys.exe
C:\Program Files\F-Secure\Anti-Virus\fsgk32.exe
C:\Program Files\F-Secure\common\FSMA32.EXE
C:\Program Files\F-Secure\common\FSMB32.EXE
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\Program Files\F-Secure\Anti-Virus\fssm32.exe
C:\Program Files\F-Secure\common\FCH32.EXE
C:\Program Files\F-Secure\common\FAMEH32.EXE
C:\Program Files\F-Secure\Anti-Virus\fsqh.exe
C:\Program Files\F-Secure\Anti-Virus\FSRW.exe
C:\Program Files\F-Secure\common\FNRB32.exe
C:\Program Files\F-Secure\FWES\program\fsdfwd.exe
C:\Program Files\F-Secure\common\FIH32.exe
C:\WINDOWS\system32\WgaTray.exe
C:\Program Files\F-Secure\Anti-Virus\FSAV32.exe
C:\PROGRA~1\F-Secure\ANTI-S~1\FSAW.exe
C:\Program Files\F-Secure\FSGUI\fsguidll.exe
C:\Program Files\Logitech\Video\FxSvr2.exe
C:\WINDOWS\SoftwareDistribution\Download\ad744bdeedce85bf37a096f34577ff3a\update\update.exe
.
**************************************************************************
.
Completion time: 2008-08-01 19:51:37 - machine was rebooted [Tiia]
ComboFix-quarantined-files.txt 2008-08-01 16:49:31

Pre-Run: 18,222,579,712 bytes free
Post-Run: 20,623,966,208 bytes free

286 --- E O F --- 2008-05-16 00:03:26

malware-log
Malwarebytes' Anti-Malware 1.24
Database version: 1014
Windows 5.1.2600 Service Pack 2

19:29:55 2008-08-01
mbam-log-8-1-2008 (19-29-44).txt

Scan type: Full Scan (C:\|D:\|)
Objects scanned: 152754
Time elapsed: 28 minute(s), 23 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 2
Registry Keys Infected: 22
Registry Values Infected: 8
Registry Data Items Infected: 4
Folders Infected: 13
Files Infected: 257

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
C:\WINDOWS\system32\fccdedCu.dll (Trojan.Vundo) -> No action taken.
C:\WINDOWS\system32\winhoo32.dll (Dialer) -> No action taken.

Registry Keys Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9e3317a2-b8cd-4864-b8b7-a245cab00238} (Trojan.Vundo) -> No action taken.
HKEY_CLASSES_ROOT\CLSID\{9e3317a2-b8cd-4864-b8b7-a245cab00238} (Trojan.Vundo) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5eeefd1f-fce2-4281-a015-73a2b13273e4} (Trojan.BHO) -> No action taken.
HKEY_CLASSES_ROOT\CLSID\{5eeefd1f-fce2-4281-a015-73a2b13273e4} (Trojan.BHO) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{d58e2d81-3eb1-4fce-a6a9-96cda633a3a7} (Trojan.BHO) -> No action taken.
HKEY_CLASSES_ROOT\CLSID\{d58e2d81-3eb1-4fce-a6a9-96cda633a3a7} (Trojan.BHO) -> No action taken.
HKEY_CLASSES_ROOT\CLSID\{6ff22309-a6ed-462b-abec-877625c012f3} (Trojan.Vundo) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{6ff22309-a6ed-462b-abec-877625c012f3} (Trojan.Vundo) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\rhcvsmj0ej3a (Rogue.Multiple) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\rhcvsmj0ej3a (Rogue.Multiple) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\winhoo32 (Dialer) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\rdfa (Trojan.Vundo) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Software Notifier (Rogue.Multiple) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MS Juan (Malware.Trace) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\contim (Trojan.Vundo) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\dslcnnct (Trojan.Vundo) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\IProxyProvider (Trojan.Vundo) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MS Track System (Trojan.Vundo) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\FCOVM (Trojan.Vundo) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\RemoveRP (Trojan.Vundo) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MSSMGR (Trojan.Downloader) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\aoprndtws (Trojan.Vundo) -> No action taken.

Registry Values Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks\{6ff22309-a6ed-462b-abec-877625c012f3} (Trojan.Vundo) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\smrhcvsmj0ej3a (Rogue.Multiple) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\sysrest32.exe (Trojan.Agent) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\lphcrsmj0ej3a (Trojan.FakeAlert) -> No action taken.
HKEY_CURRENT_USER\Control Panel\Desktop\wallpaper (Hijack.Wallpaper) -> No action taken.
HKEY_CURRENT_USER\Control Panel\Desktop\originalwallpaper (Hijack.Wallpaper) -> No action taken.
HKEY_CURRENT_USER\Control Panel\Desktop\convertedwallpaper (Hijack.Wallpaper) -> No action taken.
HKEY_CURRENT_USER\Control Panel\Desktop\scrnsave.exe (Hijack.Wallpaper) -> No action taken.

Registry Data Items Infected:
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\LSA\Notification Packages (Trojan.Vundo) -> Data: c:\windows\system32\fccdedcu -> No action taken.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\LSA\Authentication Packages (Trojan.Vundo) -> Data: c:\windows\system32\fccdedcu -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\NoDispBackgroundPage (Hijack.DisplayProperties) -> Bad: (1) Good: (0) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\NoDispScrSavPage (Hijack.DisplayProperties) -> Bad: (1) Good: (0) -> No action taken.

Folders Infected:
C:\Program Files\rhcvsmj0ej3a (Rogue.Multiple) -> No action taken.
C:\Documents and Settings\All Users\Start Menu\Programs\Antivirus XP 2008 (Rogue.AntivirusXP2008) -> No action taken.
C:\Documents and Settings\benyam\Application Data\rhcvsmj0ej3a (Rogue.Multiple) -> No action taken.
C:\Documents and Settings\benyam\Application Data\rhcvsmj0ej3a\Quarantine (Rogue.Multiple) -> No action taken.
C:\Documents and Settings\benyam\Application Data\rhcvsmj0ej3a\Quarantine\Autorun (Rogue.Multiple) -> No action taken.
C:\Documents and Settings\benyam\Application Data\rhcvsmj0ej3a\Quarantine\Autorun\HKCU (Rogue.Multiple) -> No action taken.
C:\Documents and Settings\benyam\Application Data\rhcvsmj0ej3a\Quarantine\Autorun\HKCU\RunOnce (Rogue.Multiple) -> No action taken.
C:\Documents and Settings\benyam\Application Data\rhcvsmj0ej3a\Quarantine\Autorun\HKLM (Rogue.Multiple) -> No action taken.
C:\Documents and Settings\benyam\Application Data\rhcvsmj0ej3a\Quarantine\Autorun\HKLM\RunOnce (Rogue.Multiple) -> No action taken.
C:\Documents and Settings\benyam\Application Data\rhcvsmj0ej3a\Quarantine\Autorun\StartMenuAllUsers (Rogue.Multiple) -> No action taken.
C:\Documents and Settings\benyam\Application Data\rhcvsmj0ej3a\Quarantine\Autorun\StartMenuCurrentUser (Rogue.Multiple) -> No action taken.
C:\Documents and Settings\benyam\Application Data\rhcvsmj0ej3a\Quarantine\BrowserObjects (Rogue.Multiple) -> No action taken.
C:\Documents and Settings\benyam\Application Data\rhcvsmj0ej3a\Quarantine\Packages (Rogue.Multiple) -> No action taken.

Files Infected:
C:\WINDOWS\system32\fccdedCu.dll (Trojan.Vundo) -> No action taken.
C:\WINDOWS\system32\uCdedccf.ini (Trojan.Vundo) -> No action taken.
C:\WINDOWS\system32\uCdedccf.ini2 (Trojan.Vundo) -> No action taken.
C:\WINDOWS\system32\oahode.dll (Trojan.BHO) -> No action taken.
C:\WINDOWS\system32\hylfomvu.dll (Trojan.BHO) -> No action taken.
C:\Documents and Settings\benyam\Local Settings\Temp\BXQLMDCG.0LL (Trojan.Vundo) -> No action taken.
C:\Documents and Settings\benyam\Local Settings\Temporary Internet Files\Content.IE5\CR072PCR\kb456456[1] (Trojan.Vundo) -> No action taken.
C:\Documents and Settings\benyam\Local Settings\Temporary Internet Files\Content.IE5\LDW2GF17\2oxu[1].dll (Trojan.Vundo) -> No action taken.
C:\Documents and Settings\benyam\Local Settings\Temporary Internet Files\Content.IE5\N7D9X5DA\CA1MW3RT (Trojan.Vundo) -> No action taken.
C:\Documents and Settings\benyam\Local Settings\Temporary Internet Files\Content.IE5\NWLDR0GG\kb767887[1] (Trojan.Vundo) -> No action taken.
C:\Documents and Settings\benyam\Local Settings\Temporary Internet Files\Content.IE5\SXAV05AF\kb671231[1] (Trojan.Vundo) -> No action taken.
C:\System Volume Information\_restore{6A7CE58E-E671-46AA-A82B-E36CB700F171}\RP681\A0117831.0LL (Trojan.Vundo) -> No action taken.
C:\System Volume Information\_restore{6A7CE58E-E671-46AA-A82B-E36CB700F171}\RP681\A0117842.0LL (Trojan.Vundo) -> No action taken.
C:\System Volume Information\_restore{6A7CE58E-E671-46AA-A82B-E36CB700F171}\RP681\A0117843.0LL (Trojan.Vundo) -> No action taken.
C:\System Volume Information\_restore{6A7CE58E-E671-46AA-A82B-E36CB700F171}\RP681\A0117844.exe (Trojan.Fakealert) -> No action taken.
C:\System Volume Information\_restore{6A7CE58E-E671-46AA-A82B-E36CB700F171}\RP681\A0118840.exe (Trojan.Fakealert) -> No action taken.
C:\System Volume Information\_restore{6A7CE58E-E671-46AA-A82B-E36CB700F171}\RP682\A0118856.exe (Trojan.Fakealert) -> No action taken.
C:\System Volume Information\_restore{6A7CE58E-E671-46AA-A82B-E36CB700F171}\RP682\A0118860.0LL (Trojan.Vundo) -> No action taken.
C:\System Volume Information\_restore{6A7CE58E-E671-46AA-A82B-E36CB700F171}\RP682\A0118861.0LL (Trojan.Vundo) -> No action taken.
C:\System Volume Information\_restore{6A7CE58E-E671-46AA-A82B-E36CB700F171}\RP682\A0118863.0LL (Trojan.Vundo) -> No action taken.
C:\System Volume Information\_restore{6A7CE58E-E671-46AA-A82B-E36CB700F171}\RP682\A0119856.exe (Trojan.Fakealert) -> No action taken.
C:\System Volume Information\_restore{6A7CE58E-E671-46AA-A82B-E36CB700F171}\RP682\A0120855.exe (Trojan.Fakealert) -> No action taken.
C:\System Volume Information\_restore{6A7CE58E-E671-46AA-A82B-E36CB700F171}\RP683\A0120868.exe (Trojan.Fakealert) -> No action taken.
C:\System Volume Information\_restore{6A7CE58E-E671-46AA-A82B-E36CB700F171}\RP683\A0120880.exe (Trojan.Fakealert) -> No action taken.
C:\System Volume Information\_restore{6A7CE58E-E671-46AA-A82B-E36CB700F171}\RP683\A0121879.exe (Trojan.Fakealert) -> No action taken.
C:\System Volume Information\_restore{6A7CE58E-E671-46AA-A82B-E36CB700F171}\RP683\A0122878.dll (Trojan.Vundo) -> No action taken.
C:\System Volume Information\_restore{6A7CE58E-E671-46AA-A82B-E36CB700F171}\RP683\A0122882.exe (Trojan.Fakealert) -> No action taken.
C:\System Volume Information\_restore{6A7CE58E-E671-46AA-A82B-E36CB700F171}\RP683\A0123880.exe (Trojan.Fakealert) -> No action taken.
C:\System Volume Information\_restore{6A7CE58E-E671-46AA-A82B-E36CB700F171}\RP683\A0124880.exe (Trojan.Fakealert) -> No action taken.
C:\System Volume Information\_restore{6A7CE58E-E671-46AA-A82B-E36CB700F171}\RP683\A0125880.exe (Trojan.Fakealert) -> No action taken.
C:\System Volume Information\_restore{6A7CE58E-E671-46AA-A82B-E36CB700F171}\RP683\A0126880.exe (Trojan.Fakealert) -> No action taken.
C:\System Volume Information\_restore{6A7CE58E-E671-46AA-A82B-E36CB700F171}\RP683\A0128879.exe (Trojan.Fakealert) -> No action taken.
C:\System Volume Information\_restore{6A7CE58E-E671-46AA-A82B-E36CB700F171}\RP683\A0129881.exe (Trojan.Fakealert) -> No action taken.
C:\WINDOWS\system32\10.tmp (Trojan.Fakealert) -> No action taken.
C:\WINDOWS\system32\103.tmp (Trojan.Fakealert) -> No action taken.
C:\WINDOWS\system32\104.tmp (Trojan.Fakealert) -> No action taken.
C:\WINDOWS\system32\105.tmp (Trojan.Fakealert) -> No action taken.
C:\WINDOWS\system32\106.tmp (Trojan.Fakealert) -> No action taken.
C:\WINDOWS\system32\107.tmp (Trojan.Fakealert) -> No action taken.
C:\WINDOWS\system32\108.tmp (Trojan.Fakealert) -> No action taken.
C:\WINDOWS\system32\109.tmp (Trojan.Fakealert) -> No action taken.
C:\WINDOWS\system32\10A.tmp (Trojan.Fakealert) -> No action taken.
C:\WINDOWS\system32\11.tmp (Trojan.Fakealert) -> No action taken.
C:\WINDOWS\system32\12.tmp (Trojan.Fakealert) -> No action taken.
C:\WINDOWS\system32\13.tmp (Trojan.Fakealert) -> No action taken.
C:\WINDOWS\system32\136.tmp (Trojan.Fakealert) -> No action taken.
C:\WINDOWS\system32\14.tmp (Trojan.Fakealert) -> No action taken.
C:\WINDOWS\system32\15.tmp (Trojan.Fakealert) -> No action taken.
C:\WINDOWS\system32\16.tmp (Trojan.Fakealert) -> No action taken.
C:\WINDOWS\system32\17.tmp (Trojan.Fakealert) -> No action taken.
C:\WINDOWS\system32\18.tmp (Trojan.Fakealert) -> No action taken.
C:\WINDOWS\system32\19.tmp (Trojan.Fakealert) -> No action taken.
C:\WINDOWS\system32\1A.tmp (Trojan.Fakealert) -> No action taken.
C:\WINDOWS\system32\1B.tmp (Trojan.Fakealert) -> No action taken.
C:\WINDOWS\system32\1C.tmp (Trojan.Fakealert) -> No action taken.
C:\WINDOWS\system32\1D.tmp (Trojan.Fakealert) -> No action taken.
C:\WINDOWS\system32\1E.tmp (Trojan.Fakealert) -> No action taken.
C:\WINDOWS\system32\1F.tmp (Trojan.Fakealert) -> No action taken.
C:\WINDOWS\system32\20.tmp (Trojan.Fakealert) -> No action taken.
C:\WINDOWS\system32\21.tmp (Trojan.Fakealert) -> No action taken.
C:\WINDOWS\system32\22.tmp (Trojan.Fakealert) -> No action taken.
C:\WINDOWS\system32\23.tmp (Trojan.Fakealert) -> No action taken.
C:\WINDOWS\system32\24.tmp (Trojan.Fakealert) -> No action taken.
C:\WINDOWS\system32\25.tmp (Trojan.Fakealert) -> No action taken.
C:\WINDOWS\system32\26.tmp (Trojan.Fakealert) -> No action taken.
C:\WINDOWS\system32\27.tmp (Trojan.Fakealert) -> No action taken.
C:\WINDOWS\system32\28.tmp (Trojan.Fakealert) -> No action taken.
C:\WINDOWS\system32\285.tmp (Trojan.Fakealert) -> No action taken.
C:\WINDOWS\system32\286.tmp (Trojan.Fakealert) -> No action taken.
C:\WINDOWS\system32\287.tmp (Trojan.Fakealert) -> No action taken.
C:\WINDOWS\system32\288.tmp (Trojan.Fakealert) -> No action taken.
C:\WINDOWS\system32\289.tmp (Trojan.Fakealert) -> No action taken.
C:\WINDOWS\system32\28A.tmp (Trojan.Fakealert) -> No action taken.
C:\WINDOWS\system32\28B.tmp (Trojan.Fakealert) -> No action taken.
C:\WINDOWS\system32\28C.tmp (Trojan.Fakealert) -> No action taken.
C:\WINDOWS\system32\28D.tmp (Trojan.Fakealert) -> No action taken.
C:\WINDOWS\system32\28E.tmp (Trojan.Fakealert) -> No action taken.
C:\WINDOWS\system32\28F.tmp (Trojan.Fakealert) -> No action taken.
C:\WINDOWS\system32\29.tmp (Trojan.Fakealert) -> No action taken.
C:\WINDOWS\system32\292.tmp (Trojan.Fakealert) -> No action taken.
C:\WINDOWS\system32\293.tmp (Trojan.Fakealert) -> No action taken.
C:\WINDOWS\system32\294.tmp (Trojan.Fakealert) -> No action taken.
C:\WINDOWS\system32\295.tmp (Trojan.Fakealert) -> No action taken.
C:\WINDOWS\system32\296.tmp (Trojan.Fakealert) -> No action taken.
C:\WINDOWS\system32\297.tmp (Trojan.Fakealert) -> No action taken.
C:\WINDOWS\system32\298.tmp (Trojan.Fakealert) -> No action taken.
C:\WINDOWS\system32\299.tmp (Trojan.Fakealert) -> No action taken.
C:\WINDOWS\system32\29F.tmp (Trojan.Fakealert) -> No action taken.
C:\WINDOWS\system32\2A.tmp (Trojan.Fakealert) -> No action taken.
C:\WINDOWS\system32\2A0.tmp (Trojan.Fakealert) -> No action taken.
C:\WINDOWS\system32\2A1.tmp (Trojan.Fakealert) -> No action taken.
C:\WINDOWS\system32\2A2.tmp (Trojan.Fakealert) -> No action taken.
C:\WINDOWS\system32\2A3.tmp (Trojan.Fakealert) -> No action taken.
C:\WINDOWS\system32\2A4.tmp (Trojan.Fakealert) -> No action taken.
C:\WINDOWS\system32\2A5.tmp (Trojan.Fakealert) -> No action taken.
C:\WINDOWS\system32\2A6.tmp (Trojan.Fakealert) -> No action taken.
C:\WINDOWS\system32\2A7.tmp (Trojan.Fakealert) -> No action taken.
C:\WINDOWS\system32\2B.tmp (Trojan.Fakealert) -> No action taken.
C:\WINDOWS\system32\2C.tmp (Trojan.Fakealert) -> No action taken.
C:\WINDOWS\system32\2D.tmp (Trojan.Fakealert) -> No action taken.
C:\WINDOWS\system32\2E.tmp (Trojan.Fakealert) -> No action taken.
C:\WINDOWS\system32\2F.tmp (Trojan.Fakealert) -> No action taken.
C:\WINDOWS\system32\30.tmp (Trojan.Fakealert) -> No action taken.
C:\WINDOWS\system32\31.tmp (Trojan.Fakealert) -> No action taken.
C:\WINDOWS\system32\32.tmp (Trojan.Fakealert) -> No action taken.
C:\WINDOWS\system32\33.tmp (Trojan.Fakealert) -> No action taken.
C:\WINDOWS\system32\34.tmp (Trojan.Fakealert) -> No action taken.
C:\WINDOWS\system32\35.tmp (Trojan.Fakealert) -> No action taken.
C:\WINDOWS\system32\36.tmp (Trojan.Fakealert) -> No action taken.
C:\WINDOWS\system32\37.tmp (Trojan.Fakealert) -> No action taken.
C:\WINDOWS\system32\38.tmp (Trojan.Fakealert) -> No action taken.
C:\WINDOWS\system32\39.tmp (Trojan.Fakealert) -> No action taken.
C:\WINDOWS\system32\3A.tmp (Trojan.Fakealert) -> No action taken.
C:\WINDOWS\system32\3B.tmp (Trojan.Fakealert) -> No action taken.
C:\WINDOWS\system32\3C.tmp (Trojan.Fakealert) -> No action taken.
C:\WINDOWS\system32\3D.tmp (Trojan.Fakealert) -> No action taken.
C:\WINDOWS\system32\3E.tmp (Trojan.Fakealert) -> No action taken.
C:\WINDOWS\system32\3F.tmp (Trojan.Fakealert) -> No action taken.
C:\WINDOWS\system32\40.tmp (Trojan.Fakealert) -> No action taken.
C:\WINDOWS\system32\41.tmp (Trojan.Fakealert) -> No action taken.
C:\WINDOWS\system32\42.tmp (Trojan.Fakealert) -> No action taken.
C:\WINDOWS\system32\43.tmp (Trojan.Fakealert) -> No action taken.
C:\WINDOWS\system32\44.tmp (Trojan.Fakealert) -> No action taken.
C:\WINDOWS\system32\45.tmp (Trojan.Fakealert) -> No action taken.
C:\WINDOWS\system32\46.tmp (Trojan.Fakealert) -> No action taken.
C:\WINDOWS\system32\47.tmp (Trojan.Fakealert) -> No action taken.
C:\WINDOWS\system32\48.tmp (Trojan.Fakealert) -> No action taken.
C:\WINDOWS\system32\49.tmp (Trojan.Fakealert) -> No action taken.
C:\WINDOWS\system32\4A.tmp (Trojan.Fakealert) -> No action taken.
C:\WINDOWS\system32\4B.tmp (Trojan.Fakealert) -> No action taken.
C:\WINDOWS\system32\4C.tmp (Trojan.Fakealert) -> No action taken.
C:\WINDOWS\system32\4D.tmp (Trojan.Fakealert) -> No action taken.
C:\WINDOWS\system32\4E.tmp (Trojan.Fakealert) -> No action taken.
C:\WINDOWS\system32\4F.tmp (Trojan.Fakealert) -> No action taken.
C:\WINDOWS\system32\50.tmp (Trojan.Fakealert) -> No action taken.
C:\WINDOWS\system32\53.tmp (Trojan.Fakealert) -> No action taken.
C:\WINDOWS\system32\56.tmp (Trojan.Fakealert) -> No action taken.
C:\WINDOWS\system32\57.tmp (Trojan.Fakealert) -> No action taken.
C:\WINDOWS\system32\58.tmp (Trojan.Fakealert) -> No action taken.
C:\WINDOWS\system32\59.tmp (Trojan.Fakealert) -> No action taken.
C:\WINDOWS\system32\5A.tmp (Trojan.Fakealert) -> No action taken.
C:\WINDOWS\system32\5B.tmp (Trojan.Fakealert) -> No action taken.
C:\WINDOWS\system32\5C.tmp (Trojan.Fakealert) -> No action taken.
C:\WINDOWS\system32\5D.tmp (Trojan.Fakealert) -> No action taken.
C:\WINDOWS\system32\5E.tmp (Trojan.Fakealert) -> No action taken.
C:\WINDOWS\system32\5F.tmp (Trojan.Fakealert) -> No action taken.
C:\WINDOWS\system32\60.tmp (Trojan.Fakealert) -> No action taken.
C:\WINDOWS\system32\61.tmp (Trojan.Fakealert) -> No action taken.
C:\WINDOWS\system32\62.tmp (Trojan.Fakealert) -> No action taken.
C:\WINDOWS\system32\63.tmp (Trojan.Fakealert) -> No action taken.
C:\WINDOWS\system32\64.tmp (Trojan.Fakealert) -> No action taken.
C:\WINDOWS\system32\65.tmp (Trojan.Fakealert) -> No action taken.
C:\WINDOWS\system32\66.tmp (Trojan.Fakealert) -> No action taken.
C:\WINDOWS\system32\67.tmp (Trojan.Fakealert) -> No action taken.
C:\WINDOWS\system32\68.tmp (Trojan.Fakealert) -> No action taken.
C:\WINDOWS\system32\69.tmp (Trojan.Fakealert) -> No action taken.
C:\WINDOWS\system32\6A.tmp (Trojan.Fakealert) -> No action taken.
C:\WINDOWS\system32\6B.tmp (Trojan.Fakealert) -> No action taken.
C:\WINDOWS\system32\6C.tmp (Trojan.Fakealert) -> No action taken.
C:\WINDOWS\system32\6D.tmp (Trojan.Fakealert) -> No action taken.
C:\WINDOWS\system32\6E.tmp (Trojan.Fakealert) -> No action taken.
C:\WINDOWS\system32\6F.tmp (Trojan.Fakealert) -> No action taken.
C:\WINDOWS\system32\70.tmp (Trojan.Fakealert) -> No action taken.
C:\WINDOWS\system32\72.tmp (Trojan.Fakealert) -> No action taken.
C:\WINDOWS\system32\73.tmp (Trojan.Fakealert) -> No action taken.
C:\WINDOWS\system32\74.tmp (Trojan.Fakealert) -> No action taken.
C:\WINDOWS\system32\75.tmp (Trojan.Fakealert) -> No action taken.
C:\WINDOWS\system32\76.tmp (Trojan.Fakealert) -> No action taken.
C:\WINDOWS\system32\77.tmp (Trojan.Fakealert) -> No action taken.
C:\WINDOWS\system32\78.tmp (Trojan.Fakealert) -> No action taken.
C:\WINDOWS\system32\7A.tmp (Trojan.Fakealert) -> No action taken.
C:\WINDOWS\system32\7B.tmp (Trojan.Fakealert) -> No action taken.
C:\WINDOWS\system32\7C.tmp (Trojan.Fakealert) -> No action taken.
C:\WINDOWS\system32\7D.tmp (Trojan.Fakealert) -> No action taken.
C:\WINDOWS\system32\7E.tmp (Trojan.Fakealert) -> No action taken.
C:\WINDOWS\system32\7F.tmp (Trojan.Fakealert) -> No action taken.
C:\WINDOWS\system32\80.tmp (Trojan.Fakealert) -> No action taken.
C:\WINDOWS\system32\81.tmp (Trojan.Fakealert) -> No action taken.
C:\WINDOWS\system32\82.tmp (Trojan.Fakealert) -> No action taken.
C:\WINDOWS\system32\83.tmp (Trojan.Fakealert) -> No action taken.
C:\WINDOWS\system32\84.tmp (Trojan.Fakealert) -> No action taken.
C:\WINDOWS\system32\85.tmp (Trojan.Fakealert) -> No action taken.
C:\WINDOWS\system32\86.tmp (Trojan.Fakealert) -> No action taken.
C:\WINDOWS\system32\87.tmp (Trojan.Fakealert) -> No action taken.
C:\WINDOWS\system32\88.tmp (Trojan.Fakealert) -> No action taken.
C:\WINDOWS\system32\89.tmp (Trojan.Fakealert) -> No action taken.
C:\WINDOWS\system32\8A.tmp (Trojan.Fakealert) -> No action taken.
C:\WINDOWS\system32\8B.tmp (Trojan.Fakealert) -> No action taken.
C:\WINDOWS\system32\8C.tmp (Trojan.Fakealert) -> No action taken.
C:\WINDOWS\system32\8D.tmp (Trojan.Fakealert) -> No action taken.
C:\WINDOWS\system32\8E.tmp (Trojan.Fakealert) -> No action taken.
C:\WINDOWS\system32\8F.tmp (Trojan.Fakealert) -> No action taken.
C:\WINDOWS\system32\90.tmp (Trojan.Fakealert) -> No action taken.
C:\WINDOWS\system32\91.tmp (Trojan.Fakealert) -> No action taken.
C:\WINDOWS\system32\92.tmp (Trojan.Fakealert) -> No action taken.
C:\WINDOWS\system32\B.tmp (Trojan.Fakealert) -> No action taken.
C:\WINDOWS\system32\BLHVKNCQ.0LL (Trojan.Vundo) -> No action taken.
C:\WINDOWS\system32\C.tmp (Trojan.Fakealert) -> No action taken.
C:\WINDOWS\system32\CA.tmp (Trojan.Fakealert) -> No action taken.
C:\WINDOWS\system32\CB.tmp (Trojan.Fakealert) -> No action taken.
C:\WINDOWS\system32\CC.tmp (Trojan.Fakealert) -> No action taken.
C:\WINDOWS\system32\CD.tmp (Trojan.Fakealert) -> No action taken.
C:\WINDOWS\system32\CE.tmp (Trojan.Fakealert) -> No action taken.
C:\WINDOWS\system32\CF.tmp (Trojan.Fakealert) -> No action taken.
C:\WINDOWS\system32\csmvrppe.dll (Trojan.Vundo) -> No action taken.
C:\WINDOWS\system32\D.tmp (Trojan.Fakealert) -> No action taken.
C:\WINDOWS\system32\D0.tmp (Trojan.Fakealert) -> No action taken.
C:\WINDOWS\system32\D1.tmp (Trojan.Fakealert) -> No action taken.
C:\WINDOWS\system32\D2.tmp (Trojan.Fakealert) -> No action taken.
C:\WINDOWS\system32\D3.tmp (Trojan.Fakealert) -> No action taken.
C:\WINDOWS\system32\D4.tmp (Trojan.Fakealert) -> No action taken.
C:\WINDOWS\system32\D5.tmp (Trojan.Fakealert) -> No action taken.
C:\WINDOWS\system32\D6.tmp (Trojan.Fakealert) -> No action taken.
C:\WINDOWS\system32\dphrgd.dll (Trojan.Vundo) -> No action taken.
C:\WINDOWS\system32\E.tmp (Trojan.Fakealert) -> No action taken.
C:\WINDOWS\system32\F.tmp (Trojan.Fakealert) -> No action taken.
C:\WINDOWS\system32\fippopwy.dll (Trojan.Vundo) -> No action taken.
C:\WINDOWS\system32\iifgFYpP.dll (Trojan.Vundo) -> No action taken.
C:\WINDOWS\system32\ipauhq.dll (Trojan.Vundo) -> No action taken.
C:\WINDOWS\system32\ldhlgw.dll (Trojan.Vundo) -> No action taken.
C:\WINDOWS\system32\lnrluqhy.dll (Trojan.Vundo) -> No action taken.
C:\WINDOWS\system32\mwmwotxn.dll (Trojan.Vundo) -> No action taken.
C:\WINDOWS\system32\pphcrsmj0ej3a.exe (Trojan.Fakealert) -> No action taken.
C:\WINDOWS\system32\sgutgcfq.dll (Trojan.Vundo) -> No action taken.
C:\WINDOWS\system32\tacxvwcm.dll (Trojan.Vundo) -> No action taken.
C:\WINDOWS\system32\TJTLLKBP.0LL (Trojan.Vundo) -> No action taken.
C:\WINDOWS\system32\uajpgekt.dll (Trojan.Vundo) -> No action taken.
C:\WINDOWS\system32\vtwylsuy.dll (Trojan.Vundo) -> No action taken.
C:\WINDOWS\system32\vukchd.dll (Trojan.Vundo) -> No action taken.
C:\WINDOWS\system32\wifxqara.dll (Trojan.Vundo) -> No action taken.
C:\WINDOWS\system32\XCHKCPHJ.0LL (Trojan.Vundo) -> No action taken.
C:\WINDOWS\system32\xpxarpnm.dll (Trojan.Vundo) -> No action taken.
C:\WINDOWS\Temp\gos278.tmp (Trojan.Fakealert) -> No action taken.
C:\Program Files\rhcvsmj0ej3a\database.dat (Rogue.Multiple) -> No action taken.
C:\Program Files\rhcvsmj0ej3a\license.txt (Rogue.Multiple) -> No action taken.
C:\Program Files\rhcvsmj0ej3a\MFC71.dll (Rogue.Multiple) -> No action taken.
C:\Program Files\rhcvsmj0ej3a\MFC71ENU.DLL (Rogue.Multiple) -> No action taken.
C:\Program Files\rhcvsmj0ej3a\msvcp71.dll (Rogue.Multiple) -> No action taken.
C:\Program Files\rhcvsmj0ej3a\msvcr71.dll (Rogue.Multiple) -> No action taken.
C:\Program Files\rhcvsmj0ej3a\rhcvsmj0ej3a.exe (Rogue.Multiple) -> No action taken.
C:\Program Files\rhcvsmj0ej3a\rhcvsmj0ej3a.exe.local (Rogue.Multiple) -> No action taken.
C:\Program Files\rhcvsmj0ej3a\Uninstall.exe (Rogue.Multiple) -> No action taken.
C:\Documents and Settings\All Users\Start Menu\Programs\Antivirus XP 2008\Antivirus XP 2008.lnk (Rogue.AntivirusXP2008) -> No action taken.
C:\Documents and Settings\All Users\Start Menu\Programs\Antivirus XP 2008\How to Register Antivirus XP 2008.lnk (Rogue.AntivirusXP2008) -> No action taken.
C:\Documents and Settings\All Users\Start Menu\Programs\Antivirus XP 2008\License Agreement.lnk (Rogue.AntivirusXP2008) -> No action taken.
C:\Documents and Settings\All Users\Start Menu\Programs\Antivirus XP 2008\Register Antivirus XP 2008.lnk (Rogue.AntivirusXP2008) -> No action taken.
C:\Documents and Settings\All Users\Start Menu\Programs\Antivirus XP 2008\Uninstall.lnk (Rogue.AntivirusXP2008) -> No action taken.
C:\Documents and Settings\All Users\Start Menu\Programs\Antivirus XP 2008.lnk (Rogue.AntivirusXP) -> No action taken.
C:\WINDOWS\system32\winhoo32.dll (Dialer) -> No action taken.
C:\Documents and Settings\benyam\Application Data\Microsoft\Internet Explorer\Quick Launch\Antivirus XP 2008.lnk (Rogue.Antivirus2008) -> No action taken.
C:\WINDOWS\system32\sysrest32.exe (Trojan.Agent) -> No action taken.
C:\WINDOWS\pskt.ini (Trojan.Vundo) -> No action taken.
C:\WINDOWS\BM171a188f.xml (Trojan.Vundo) -> No action taken.
C:\WINDOWS\BM171a188f.txt (Trojan.Vundo) -> No action taken.
C:\WINDOWS\system32\blphcrsmj0ej3a.scr (Trojan.FakeAlert) -> No action taken.
C:\WINDOWS\system32\lphcrsmj0ej3a.exe (Trojan.FakeAlert) -> No action taken.
C:\WINDOWS\system32\phcrsmj0ej3a.bmp (Trojan.FakeAlert) -> No action taken.

Olipa aikaa vievää, kun kone sammuili kesken kaiken. Kiitos avusta jo tähän asti.
Nyt lopuksi kun koitin käynnistää uudelleen, ni kone jumittu, muuten vaikuttaa tilanne jo paremmalta. Huomasin, että mulla ei oo oikeuksia/salasanaa admin-käyttäjätunnukseen, en tiiä onko sillä ollu merkitystä tässä operaatiossa.

kalminen · Aug 2, 2008

Kyllä Admin oikeudet tarvitaan.

Aja tuo Malwarebytes' Anti-Malware uudelleen C:\ asema riittää
sitten nähdään riittikö oikeudet. (No action taken)

-----------------------------

Java on riekaleina !!!

Javan päivitys ja välimuistin tyhjennys:

1. Klikkaa Käynnistä -> Ohjauspaneeli ja tupla-klikkaa Lisää tai poista sovellus Ohjauspaneelissa.
(Windows Vista: Käynnistä -> [kirjoita hakukenttään] Ohjelmat ja toiminnot ja Enter)

2. Etsi listasta kaikki entiset Java versiosi. (J2SE Runtime Environment.... )
Niissä pitäisi olla seuraava kuva vieressä:
3. Valitse kaikki entiset Java versiosi ja valitse Poista.
4. Asenna uusin Java päivitys seuraavasta linkistä..

http://java.sun.com/javase/downloads/index.jsp

Rullaa alas kohteeseen Java Runtime Environment (JRE) 6 Update 7

Paina Download

Laita Platform -kohtaan Windows

Ruksaa I agree to the Java SE Runtime Environment 6 License Agreement ja paina Continue

Paina Windows Offline Installationin alapuolella jre-6u4-windows-i586-p.exe

Tallenna tiedosto vaikka työpöydälle ja asenna se.

5. Käynnistä kone uudelleen asennuksen jälkeen.

6. Käynnistyksen jälkeen, mene takaisin Ohjauspaneeliin ja avaa Java asetuksesi (Muita Ohjauspaneelin asetuksia -> Java kahvikuppi).

7. General-välilehdellä klikkaa Settings. Vedä liukusäädintä (Disk Space) pienemmälle.

(Jotkut javapohjaiset ohjelmat saattavat tarvita enemmän levytilaa.
Jos huomaat säädön pienentämisen jälkeen koneessa hitautta, siirrä liukusäädintä isommalle).

8. Klikkaa Delete Files -nappia. Varmista että kaikki kaksi valintaa ovat rastitettuja:

* Applications and Applets

* Trace and Log Files

Ja paina OK -nappia
Huomaa: Tämä poistaa kaikki ladatut sovellukset ja appletit VÄLIMUISTISTA.

9. Klikkaa OK "Temporary Files Settings" -ikkunassasi.

10. Välilehti Update: ota ruksi pois kohdasta Check for Updates automatically

Valitse Never check

11. Klikkaa Apply ja OK jättääksesi Java asetusikkunasi.

---------------------------------------------------

Poista nämä tiedostot:
C:\WINDOWS\system32\TJTLLKBP.0LL
C:\WINDOWS\system32\BLHVKNCQ.0LL
C:\WINDOWS\system32\XCHKCPHJ.0LL

==>>

thym · Aug 3, 2008

Jäi epäselväks, että oliko mun tarkotus postata tuo malwarebytelogi vielä.. Ajoin sen läpi vielä koneen uudelleen käynnistettyäni ja laitan sen login nyt varmuuden vuoksi tuohon näytille.

Vanhoja Javoja ei löytyny lisää/poista ohjelmaosiosta, asensin ohjeistamasi.

system32-kansiossa ei ollut nimeämiäsi tiedostoja, joten sen suhteen en tehnyt mitään.

Kone on kyllä aivan toivottoman hidas, hitaampi kuin tähän asti. Ylenpalttinen hitaus ja aivan jatkuva jumitus ilmeni ennen kuin pääsin lukemaan edellistä vastaustasi. Jo selaimen tabista toiseen vaihtaminen vie aikaa, saati uusien toimintojen suorittaminen, kirjoitettu teksti ilmestyy ajoittain (useahkosti) viiveellä.

malwarelog:
Malwarebytes' Anti-Malware 1.24
Database version: 1014
Windows 5.1.2600 Service Pack 2

1:47:48 AM 8/4/2008
mbam-log-8-4-2008 (01-47-48).txt

Scan type: Full Scan (C:\|D:\|)
Objects scanned: 76073
Time elapsed: 1 hour(s), 8 minute(s), 48 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

hjt-log:
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 02:34:16, on 8/4/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\F-Secure\BackWeb\7681197\Program\SERVIC~1.EXE
C:\Program Files\F-Secure\Anti-Virus\fsgk32st.exe
C:\Program Files\F-Secure\BackWeb\7681197\program\fsbwsys.exe
C:\Program Files\F-Secure\Anti-Virus\FSGK32.EXE
C:\Program Files\F-Secure\Common\FSMA32.EXE
C:\Program Files\F-Secure\Common\FSMB32.EXE
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\Program Files\F-Secure\Anti-Virus\fssm32.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\F-Secure\Common\FCH32.EXE
C:\Program Files\F-Secure\Common\FAMEH32.EXE
C:\Program Files\F-Secure\Anti-Virus\fsqh.exe
C:\Program Files\F-Secure\Anti-Virus\fsrw.exe
C:\Program Files\F-Secure\Common\FNRB32.EXE
C:\Program Files\F-Secure\FWES\Program\fsdfwd.exe
C:\Program Files\F-Secure\Common\FIH32.EXE
C:\WINDOWS\system32\WgaTray.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\F-Secure\Anti-Virus\fsav32.exe
C:\Program Files\F-Secure\Common\FSM32.EXE
C:\Program Files\Logitech\Video\LogiTray.exe
C:\WINDOWS\system32\LVCOMSX.EXE
C:\PROGRA~1\F-Secure\ANTI-S~1\fsaw.exe
C:\Program Files\F-Secure\BackWeb\7681197\program\F-Secure Automatic Update.exe
C:\WINDOWS\system32\sistray.exe
C:\Program Files\F-Secure\FSGUI\fsguidll.exe
C:\Program Files\Logitech\Video\FxSvr2.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://runonce.msn.com/?v=msgrv75
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll (file missing)
O4 - HKLM\..\Run: [F-Secure Manager] "C:\Program Files\F-Secure\Common\FSM32.EXE" /splash
O4 - HKLM\..\Run: [F-Secure TNB] "C:\Program Files\F-Secure\TNB\TNBUtil.exe" /CHECKALL /WAITFORSW
O4 - HKLM\..\Run: [LogitechVideoRepair] C:\Program Files\Logitech\Video\ISStart.exe
O4 - HKLM\..\Run: [LogitechVideoTray] C:\Program Files\Logitech\Video\LogiTray.exe
O4 - HKLM\..\Run: [SiSPower] Rundll32.exe SiSPower.dll,ModeAgent
O4 - HKLM\..\Run: [SiSUSBRG] C:\WINDOWS\SiSUSBrg.exe
O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\system32\LVCOMSX.EXE
O4 - HKCU\..\Run: [LogitechSoftwareUpdate] "C:\Program Files\Logitech\Video\ManifestEngine.exe" boot
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: F-Secure Automatic Update.lnk = C:\Program Files\F-Secure\BackWeb\7681197\program\F-Secure Automatic Update.exe
O4 - Global Startup: Utility Tray.lnk = C:\WINDOWS\system32\sistray.exe
O8 - Extra context menu item: &Block this popup - C:\Program Files\F-Secure\Anti-Spyware\blockpopups.htm
O8 - Extra context menu item: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: IE Shield - {300DB664-75B5-47c0-8B45-A44ACCF73C00} - C:\Program Files\F-Secure\Anti-Spyware\ieshield.dll
O9 - Extra 'Tools' menuitem: IE Shield... - {300DB664-75B5-47c0-8B45-A44ACCF73C00} - C:\Program Files\F-Secure\Anti-Spyware\ieshield.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O23 - Service: F-Secure Automatic Update (BackWeb Plug-in - 7681197) - F-Secure Automatic Update - C:\PROGRA~1\F-Secure\BackWeb\7681197\Program\SERVIC~1.EXE
O23 - Service: FSGKHS (F-Secure Gatekeeper Handler Starter) - F-Secure Corp. - C:\Program Files\F-Secure\Anti-Virus\fsgk32st.exe
O23 - Service: F-Secure Network Request Broker - F-Secure Corporation - C:\Program Files\F-Secure\Common\FNRB32.EXE
O23 - Service: fsbwsys - F-Secure Corp. - C:\Program Files\F-Secure\BackWeb\7681197\program\fsbwsys.exe
O23 - Service: F-Secure Anti-Virus Firewall Daemon (FSDFWD) - F-Secure Corporation - C:\Program Files\F-Secure\FWES\Program\fsdfwd.exe
O23 - Service: F-Secure Management Agent (FSMA) - F-Secure Corporation - C:\Program Files\F-Secure\Common\FSMA32.EXE
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe

--
End of file - 6312 bytes

kalminen · Aug 4, 2008

Lataa JavaRa ja pura se työpöydällesi.

* Tuplaklikkaa JavaRa.exeä käynnistääksesi ohjelma.
* Klikkaa Remove Older Versions poistaaksesi vanhat Java-versiot koneeltasi.
* Klikkaa Yes kun pyydetään. Kun JavaRa on valmis, se ilmoittaa, että lokitiedosto on luotu.
* Klikkaa OK.
* Lokitiedosto avautuu. Lähetä sen sisältö seuraavassa viestissäsi.

Jos uusinkin poistui =>
Tämän jälkeen lataa ja asenna Java Runtime Environment (JRE) 6 Update 7

----------------------------------------------------

Poista kansio jos on vielä:
C:\Program Files\Java\jre6\

------------------------------------------------------

Sammuta selain ja muut ohjelmat Fixin ajaksi. (ei virustorjuntaa)
Käynnistä HijackThis:ja Scan ja ruksaa seuraavat punaisella listatut tiedostot sekä poista ne.(fix Chekked)

O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll (file missing)

Tyhjennä roskakori ja käynnistä koneesi uudelleen.

Postita tänne seuraavat lokit:
* Tuore HijackThis loki (Otetaan viimeisenä ennen postitusta)
* Koska tuo F-Secure on asennettu ???
*

thym · Aug 4, 2008

Jos oikein katsoin, niin F-Secure on asennettu 2/4/2007.
Tässä on menny aikansa kaikenlaista turhaa poistellessa jo ennen tän virusongelman ilmestymistä. Haluisin mielelläni poistaa täältä kaiken turhan..
Nyt kone vaikuttaa toimivan normaalisti, ei jumita kovin. Kansioitten selaaminen ei oo hidasta ja suuremmatkin kuvat latautuu esikatseluun kivasti.

Kysymääsi kansiota ei ollut (C:\Program Files\Java\jre6\)
mutta kaksi kansiota: jdk1.6.0_10 ja jre1.6.0_07
löytyivät tuosta java-kansiosta JavaRa:n läpikäymisen jälkeen.
Myöskin lisää/poista löytää ohjeistamasi 6 update 7 (137MB) lisäksi "Java(TM) SE Development Kit 6 update 10" 122MB

javaralog:
JavaRa 1.11 Removal Log.

Report follows after line.

------------------------------------

The JavaRa removal process was started on Mon Aug 04 15:50:13 2008

Found and removed: C:\Program Files\Java\jre1.6.0_02

Found and removed: SOFTWARE\Classes\JavaPlugin.142_06

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0000-0003-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0000-0004-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0000-0005-ABCDEFFEDCBA}

Found and removed: SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders\\C:\Program Files\Java\jre1.6.0_02\

Found and removed: SOFTWARE\JavaSoft\Java Web Start\1.0.1

Found and removed: SOFTWARE\JavaSoft\Java Web Start\1.0.1_02

Found and removed: SOFTWARE\JavaSoft\Java Web Start\1.0.1_03

Found and removed: SOFTWARE\JavaSoft\Java Web Start\1.0.1_04

Found and removed: SOFTWARE\JavaSoft\Java Web Start\1.2

Found and removed: SOFTWARE\JavaSoft\Java Web Start\1.2.0_01

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0000-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0001-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0001-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0002-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0002-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0003-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0003-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0004-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0004-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0005-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0005-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0006-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0006-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0007-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0007-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0008-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0008-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0009-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0009-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0010-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0010-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0011-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0011-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0012-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0012-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0013-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0013-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0014-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0014-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0015-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0015-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0016-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0016-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0017-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0017-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0018-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0018-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0019-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0019-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0020-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0020-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0021-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0021-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0022-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0022-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0023-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0023-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0024-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0024-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0025-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0025-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0026-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0026-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0027-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0027-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0028-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0028-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0029-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0029-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0030-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0030-ABCDEFFEDCBB}

------------------------------------

Finished reporting.

JavaRa 1.11 Removal Log.

Report follows after line.

------------------------------------

The JavaRa removal process was started on Mon Aug 04 16:37:26 2008

------------------------------------

Finished reporting.

Hijack log:
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 22:50:37, on 8/4/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\F-Secure\BackWeb\7681197\Program\SERVIC~1.EXE
C:\Program Files\F-Secure\Anti-Virus\fsgk32st.exe
C:\Program Files\F-Secure\BackWeb\7681197\program\fsbwsys.exe
C:\Program Files\F-Secure\Anti-Virus\FSGK32.EXE
C:\Program Files\F-Secure\Common\FSMA32.EXE
C:\Program Files\F-Secure\Common\FSMB32.EXE
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\Program Files\F-Secure\BackWeb\7681197\Program\F-Secure Automatic Update.exe
C:\Program Files\F-Secure\Anti-Virus\fssm32.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\F-Secure\Common\FCH32.EXE
C:\Program Files\F-Secure\Common\FAMEH32.EXE
C:\Program Files\F-Secure\Anti-Virus\fsqh.exe
C:\Program Files\F-Secure\Anti-Virus\fsrw.exe
C:\Program Files\F-Secure\Common\FNRB32.EXE
C:\Program Files\F-Secure\FWES\Program\fsdfwd.exe
C:\Program Files\F-Secure\Common\FIH32.EXE
C:\Program Files\F-Secure\Anti-Virus\fsav32.exe
C:\WINDOWS\system32\WgaTray.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\F-Secure\Common\FSM32.EXE
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Logitech\Video\LogiTray.exe
C:\WINDOWS\system32\LVCOMSX.EXE
C:\PROGRA~1\F-Secure\ANTI-S~1\fsaw.exe
C:\WINDOWS\system32\sistray.exe
C:\Program Files\F-Secure\FSGUI\fsguidll.exe
C:\Program Files\Logitech\Video\FxSvr2.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://runonce.msn.com/?v=msgrv75
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O4 - HKLM\..\Run: [F-Secure Manager] "C:\Program Files\F-Secure\Common\FSM32.EXE" /splash
O4 - HKLM\..\Run: [F-Secure TNB] "C:\Program Files\F-Secure\TNB\TNBUtil.exe" /CHECKALL /WAITFORSW
O4 - HKLM\..\Run: [LogitechVideoRepair] C:\Program Files\Logitech\Video\ISStart.exe
O4 - HKLM\..\Run: [LogitechVideoTray] C:\Program Files\Logitech\Video\LogiTray.exe
O4 - HKLM\..\Run: [SiSPower] Rundll32.exe SiSPower.dll,ModeAgent
O4 - HKLM\..\Run: [SiSUSBRG] C:\WINDOWS\SiSUSBrg.exe
O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\system32\LVCOMSX.EXE
O4 - HKCU\..\Run: [LogitechSoftwareUpdate] "C:\Program Files\Logitech\Video\ManifestEngine.exe" boot
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: F-Secure Automatic Update.lnk = C:\Program Files\F-Secure\BackWeb\7681197\program\F-Secure Automatic Update.exe
O4 - Global Startup: Utility Tray.lnk = C:\WINDOWS\system32\sistray.exe
O8 - Extra context menu item: &Block this popup - C:\Program Files\F-Secure\Anti-Spyware\blockpopups.htm
O8 - Extra context menu item: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: IE Shield - {300DB664-75B5-47c0-8B45-A44ACCF73C00} - C:\Program Files\F-Secure\Anti-Spyware\ieshield.dll
O9 - Extra 'Tools' menuitem: IE Shield... - {300DB664-75B5-47c0-8B45-A44ACCF73C00} - C:\Program Files\F-Secure\Anti-Spyware\ieshield.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O23 - Service: F-Secure Automatic Update (BackWeb Plug-in - 7681197) - F-Secure Automatic Update - C:\PROGRA~1\F-Secure\BackWeb\7681197\Program\SERVIC~1.EXE
O23 - Service: FSGKHS (F-Secure Gatekeeper Handler Starter) - F-Secure Corp. - C:\Program Files\F-Secure\Anti-Virus\fsgk32st.exe
O23 - Service: F-Secure Network Request Broker - F-Secure Corporation - C:\Program Files\F-Secure\Common\FNRB32.EXE
O23 - Service: fsbwsys - F-Secure Corp. - C:\Program Files\F-Secure\BackWeb\7681197\program\fsbwsys.exe
O23 - Service: F-Secure Anti-Virus Firewall Daemon (FSDFWD) - F-Secure Corporation - C:\Program Files\F-Secure\FWES\Program\fsdfwd.exe
O23 - Service: F-Secure Management Agent (FSMA) - F-Secure Corporation - C:\Program Files\F-Secure\Common\FSMA32.EXE
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe

--
End of file - 6031 bytes

kalminen · Aug 4, 2008

Kyllä tämä nyt näyttää puhtaalta, mutta olihan sitä
tauhkaa koneella riittävästi.

******************************************
Kirjoita windowsin käynnistävalikon suorita-kenttään ComboFix.exe /u paina OK
*************************************************************
******************************************
Käynnistä Malwarebytes Karanteeni välileti ja tyhjennä roskat.
**********************************************************

Puhdasta loppukesää sinne
.

thym · Aug 5, 2008

Suurkiitokset. Hienoa saada kone kuntoon. Kaunista kesää sinne.

Log in or Sign up

hjt-logi: ongelmana vähintään Antivirus xp 2008

thym Member

thym Member

kalminen Regular member

thym Member

kalminen Regular member

thym Member

kalminen Regular member

thym Member

kalminen Regular member

thym Member

Share This Page

Log in or Sign up

hjt-logi: ongelmana vähintään Antivirus xp 2008

thym Member

thym Member

kalminen Regular member

thym Member

kalminen Regular member

thym Member

kalminen Regular member

thym Member

kalminen Regular member

thym Member

Share This Page

Useful Searches