1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

auttakaa Äkkiä kone sekoo ei lopeta nappia enkä pääse tehtävienhallintaan!!

Discussion in 'Virukset ja haittaohjelmat - HijackThis -logit' started by gmsupr, Jul 17, 2007.

Page 2 of 2
  1. Hujo

    Hujo Guest

    1. Klikkaa käynnistä > Oma tietokone oikean puoleisella hiiren napilla
    2. Valitse ominaisuudet
    3. Valitse järjestelmän palauttaminen välilehti
    4. Ruksi eteen ¤ poista järjestelmän palauttaminen kaikissa asemissa
    5. Paina Käytä
    6. Paina ok
    7. Sammuta ja käynnistä
    8. Ota ruksi pois ¤ poista järjestelmän palauttaminen kaikissa asemissa
    9. Käytä ja OK
     
    Hujo, Jul 19, 2007
    #21
  2. gmsupr

    gmsupr Member

    Joined:
    Dec 30, 2005
    Messages:
    90
    Likes Received:
    0
    Trophy Points:
    16
    no niin tein tuon mitäs sen jälkeen?
     
    gmsupr, Jul 20, 2007
    #22
  3. Hujo

    Hujo Guest

    laitas uusi hjt loki scannaten
     
    Hujo, Jul 20, 2007
    #23
  4. gmsupr

    gmsupr Member

    Joined:
    Dec 30, 2005
    Messages:
    90
    Likes Received:
    0
    Trophy Points:
    16
    tässä uusi hjt loki

    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 16:35:57, on 20.7.2007
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\Explorer.EXE
    C:\Program Files\Analog Devices\Core\smax4pnp.exe
    C:\Program Files\Analog Devices\SoundMAX\Smax4.exe
    C:\Program Files\Eset\nod32kui.exe
    C:\Program Files\Unlocker\UnlockerAssistant.exe
    C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe
    C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe
    C:\Program Files\TomTom HOME\TomTomHOME.exe
    C:\Program Files\Common Files\Real\Update_OB\realsched.exe
    C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
    C:\WINDOWS\Xerox\PanelMgr\ssmmgr.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe
    C:\Program Files\Creative\MediaSource\Detector\CTDetect.exe
    C:\Program Files\Logitech\Profiler\lwemon.exe
    C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
    C:\WINDOWS\system32\CTsvcCDA.exe
    C:\Program Files\Eset\nod32krn.exe
    C:\WINDOWS\system32\nvsvc32.exe
    C:\Program Files\Common Files\Protexis\License Service\PSIService.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\MSN Messenger\usnsvc.exe
    C:\Program Files\Mozilla Firefox\firefox.exe
    C:\WINDOWS\system32\drwtsn32.exe
    C:\WINDOWS\system32\drwtsn32.exe
    C:\Program Files\foobar2000\foobar2000.exe
    N:\Ohjelmat\Valvonta ja systeemin kunnossa pito\HijackThis\HijackThis.exe

    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Linkit
    O2 - BHO: Adobe PDF Reader -linkkiavustaja - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
    O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe
    O4 - HKLM\..\Run: [SoundMAX] "C:\Program Files\Analog Devices\SoundMAX\Smax4.exe" /tray
    O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
    O4 - HKLM\..\Run: [nod32kui] "C:\Program Files\Eset\nod32kui.exe" /WAITSERVICE
    O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
    O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
    O4 - HKLM\..\Run: [UnlockerAssistant] "C:\Program Files\Unlocker\UnlockerAssistant.exe"
    O4 - HKLM\..\Run: [CorelDRAW Graphics Suite 11b] C:\Program Files\Corel\Corel Graphics 12\Languages\EN\Programs\Registration.exe /title="CorelDRAW Graphics Suite 12" /date=072807 serial=DR12WEX-1504397-KTY lang=EN
    O4 - HKLM\..\Run: [PCSuiteTrayApplication] C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe -startup
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe"
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [TomTomHOME.exe] "C:\Program Files\TomTom HOME\TomTomHOME.exe" -s
    O4 - HKLM\..\Run: [Easy TM] C:\Program Files\Easy TM\EasyTM.exe /min
    O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
    O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
    O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
    O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe
    O4 - HKLM\..\Run: [Xerox PanelMgr] C:\WINDOWS\Xerox\PanelMgr\ssmmgr.exe /autorun
    O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
    O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"
    O4 - HKCU\..\Run: [DAEMON Tools Pro Agent] "C:\Program Files\DAEMON Tools Pro\DTProAgent.exe"
    O4 - HKCU\..\Run: [Steam] "C:\Program Files\Steam\Steam.exe" -silent
    O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
    O4 - HKCU\..\Run: [Creative Detector] "C:\Program Files\Creative\MediaSource\Detector\CTDetect.exe" /R
    O4 - HKCU\..\Run: [Start WingMan Profiler] "C:\Program Files\Logitech\Profiler\lwemon.exe" /noui
    O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Paikallinen palve')
    O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Verkkopalve')
    O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
    O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
    O8 - Extra context menu item: Vie Microsoft E&xceliin - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
    O9 - Extra button: Oheistiedot - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O16 - DPF: {0B79F48A-E8D6-11DB-9283-E25056D89593} - http://support.f-secure.com/ols/fscax.cab
    O23 - Service: Ares Chatroom server (AresChatServer) - Ares Development Group - C:\Program Files\Ares\chatServer.exe
    O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
    O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.exe
    O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
    O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C:\Program Files\Eset\nod32krn.exe
    O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
    O23 - Service: ProtexisLicensing - Unknown owner - C:\Program Files\Common Files\Protexis\License Service\PSIService.exe
    O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe

    --
    End of file - 6787 bytes
     
    gmsupr, Jul 20, 2007
    #24
  5. Hujo

    Hujo Guest

    Hujo, Jul 20, 2007
    #25
  6. gmsupr

    gmsupr Member

    Joined:
    Dec 30, 2005
    Messages:
    90
    Likes Received:
    0
    Trophy Points:
    16
    tässä combofix loki

    "Pekka Roulamo" - 2007-07-20 20:09:10 - ComboFix 07-07-17.8 - Service Pack 2 NTFS


    ((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))


    C:\temp\tn3
    C:\WINDOWS\system32\dwdsregt.exe
    C:\WINDOWS\system32\msnav32.ax
    C:\WINDOWS\system32\winpfz32.sys
    C:\WINDOWS\system32\zxdnt3d.cfg


    ((((((((((((((((((((((((( Files Created from 2007-06-20 to 2007-07-20 )))))))))))))))))))))))))))))))


    2007-07-20 15:31 <KANSIO> d-------- C:\Program Files\Barrel Mania
    2007-07-19 18:11 <KANSIO> d-------- C:\Program Files\Ricochet Lost Worlds
    2007-07-19 17:33 <KANSIO> d-------- C:\Program Files\Mr Robot
    2007-07-19 15:27 <KANSIO> d-------- C:\Program Files\ReflexiveArcade
    2007-07-19 15:19 14,848 --a------ C:\WINDOWS\system32\drivers\kbdhid.sys
    2007-07-19 15:19 12,160 --a------ C:\WINDOWS\system32\drivers\mouhid.sys
    2007-07-19 15:18 5,600 --a------ C:\WINDOWS\system32\drivers\WmVirHid.sys
    2007-07-19 15:18 44,384 --a------ C:\WINDOWS\system32\drivers\WmXlCore.sys
    2007-07-19 15:18 21,440 --a------ C:\WINDOWS\system32\drivers\WmFilter.sys
    2007-07-19 15:18 167,936 --a------ C:\WINDOWS\system32\WmJoyFrc.dll
    2007-07-19 15:18 14,720 --a------ C:\WINDOWS\system32\drivers\WmHidLo.sys
    2007-07-19 15:18 10,144 --a------ C:\WINDOWS\system32\drivers\WmBEnum.sys
    2007-07-19 15:18 <KANSIO> d-------- C:\Program Files\Logitech
    2007-07-19 15:18 <KANSIO> d-------- C:\Program Files\Common Files\Logitech
    2007-07-19 09:49 <KANSIO> d-------- C:\DOCUME~1\PEKKAR~1\DoctorWeb
    2007-07-18 21:45 4,354 --a------ C:\WINDOWS\system32\tmp.reg
    2007-07-18 19:55 10,872 --a------ C:\WINDOWS\system32\drivers\AvgAsCln.sys
    2007-07-18 19:48 <KANSIO> d-------- C:\VundoFix Backups
    2007-07-18 17:52 223,436 --a------ C:\WINDOWS\rFactor Data Acquisition Plugin Uninstaller.exe
    2007-07-18 17:43 <KANSIO> d-------- C:\Program Files\rFactor
    2007-07-18 13:21 <KANSIO> d-a------ C:\DOCUME~1\ALLUSE~1\APPLIC~1\TEMP
    2007-07-18 13:21 <KANSIO> d-------- C:\WINDOWS\system32\appmgmt
    2007-07-17 17:30 <KANSIO> d-------- C:\DOCUME~1\PEKKAR~1\APPLIC~1\Comodo
    2007-07-17 17:30 <KANSIO> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Comodo
    2007-07-17 17:27 <KANSIO> d-------- C:\Program Files\Comodo
    2007-07-17 17:18 1,040,965 --ahs---- C:\WINDOWS\system32\kjllm.ini.ren
    2007-07-17 17:18 1,032,299 --a------ C:\WINDOWS\system32\kjllm.bak1.ren
    2007-07-17 17:13 31,232 --a------ C:\hcplxt.exe
    2007-07-17 17:13 <KANSIO> d-------- C:\Program Files\Dealio
    2007-07-17 17:12 <KANSIO> d-------- C:\WINDOWS\Web Download
    2007-07-17 17:01 <KANSIO> d-------- C:\DOCUME~1\PEKKAR~1\APPLIC~1\DMCache
    2007-07-17 16:33 <KANSIO> d-a------ C:\Rasterbator Standalone
    2007-07-16 18:06 9,600 --a------ C:\WINDOWS\system32\drivers\hidusb.sys
    2007-07-16 17:28 <KANSIO> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Trymedia
    2007-07-16 17:13 <KANSIO> d-------- C:\rFactorSetup
    2007-07-15 09:55 <KANSIO> d-------- C:\Deckard
    2007-07-14 23:34 <KANSIO> d-------- C:\Program Files\MagicISO
    2007-07-14 21:48 <KANSIO> d-------- C:\Temp
    2007-07-14 21:01 <KANSIO> d-------- C:\WINDOWS\ERUNT
    2007-07-14 09:59 51,200 --a------ C:\WINDOWS\nircmd.exe
    2007-07-13 17:29 <KANSIO> d-------- C:\Program Files\Winnydows
    2007-07-13 17:29 <KANSIO> d-------- C:\Program Files\AviSynth 2.5
    2007-07-13 10:53 36,528 --------- C:\WINDOWS\system32\drivers\PxHelp20.sys
    2007-07-13 10:53 2,560 --------- C:\WINDOWS\system32\drivers\cdralw2k.sys
    2007-07-13 10:53 2,432 --------- C:\WINDOWS\system32\drivers\cdr4_xp.sys
    2007-07-13 10:53 129,784 --------- C:\WINDOWS\system32\pxafs.dll
    2007-07-13 10:53 115,880 --------- C:\WINDOWS\system32\pxinsi64.exe
    2007-07-13 10:53 <KANSIO> d-------- C:\Program Files\Winamp
    2007-07-12 10:38 221,184 --a------ C:\WINDOWS\system32\wmpns.dll
    2007-07-12 10:07 <KANSIO> d-------- C:\DOCUME~1\PEKKAR~1\APPLIC~1\Creative
    2007-07-12 10:05 41,984 --------- C:\WINDOWS\Ctregrun.exe
    2007-07-12 10:00 44,032 --------- C:\WINDOWS\system32\CTSVCCDA.EXE
    2007-07-12 10:00 25,088 --------- C:\WINDOWS\system32\CTSVCCTL.EXE
    2007-07-12 09:57 <KANSIO> d-------- C:\WINDOWS\RegisteredPackages
    2007-07-11 10:54 88 -r-hs---- C:\WINDOWS\system32\13DCD71260.sys
    2007-07-11 10:52 <KANSIO> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\InstallShield
    2007-07-11 10:51 <KANSIO> d-------- C:\Program Files\Common Files\Protexis
    2007-07-11 10:48 <KANSIO> d-------- C:\CorelDRAW.Graphics.Suite.X3.v13.0.Incl.Keygen-SSG
    2007-07-11 10:42 <KANSIO> d-------- C:\CorelDRAW.Graphics.Suite.X3.v13.0.Incl.Keygen--SSG
    2007-07-10 19:13 4,682 --a------ C:\WINDOWS\system32\npptNT2.sys
    2007-07-10 19:06 <KANSIO> d-------- C:\Program Files\DANCE!ONLINE
    2007-07-10 16:33 <KANSIO> d-------- C:\psp games
    2007-07-10 13:02 <KANSIO> d-------- C:\Program Files\SmartFTP Client
    2007-07-10 13:02 <KANSIO> d-------- C:\DOCUME~1\PEKKAR~1\APPLIC~1\SmartFTP
    2007-07-10 09:21 <KANSIO> d-------- C:\j-pop
    2007-07-10 08:45 <KANSIO> d-------- C:\Program Files\ProPilkki2
    2007-07-10 07:49 <KANSIO> d-------- C:\DOCUME~1\PEKKAR~1\Shared
    2007-07-10 07:49 <KANSIO> d-------- C:\DOCUME~1\PEKKAR~1\Incomplete
    2007-07-10 07:48 <KANSIO> d-------- C:\Program Files\LimeWire
    2007-07-10 07:48 <KANSIO> d-------- C:\DOCUME~1\PEKKAR~1\APPLIC~1\LimeWire
    2007-07-10 07:36 <KANSIO> d-------- C:\Limewire 4.12.11 Pro
    2007-07-10 00:02 33,952 --a------ C:\WINDOWS\system32\drivers\oreans32.sys
    2007-07-09 23:47 81,920 --a------ C:\WINDOWS\system32\OpenAL32.dll
    2007-07-09 23:47 233,472 --a------ C:\WINDOWS\system32\wrap_oal.dll
    2007-07-09 19:41 <KANSIO> d-------- C:\DOCUME~1\PEKKAR~1\APPLIC~1\Thinstall
    2007-07-09 17:31 <KANSIO> d-------- C:\Program Files\CDisplay
    2007-07-09 13:38 <KANSIO> d-------- C:\Program Files\Common Files\Thraex Software
    2007-07-09 13:38 <KANSIO> d-------- C:\PacSteam
    2007-07-09 12:59 <KANSIO> d-------- C:\DOCUME~1\PEKKAR~1\APPLIC~1\funkitron
    2007-07-09 12:16 <KANSIO> d-------- C:\WINDOWS\system32\AGEIA
    2007-07-09 12:16 <KANSIO> d-------- C:\Program Files\Common Files\Wise Installation Wizard
    2007-07-09 12:16 <KANSIO> d-------- C:\Program Files\AGEIA Technologies
    2007-07-09 11:17 16 --a------ C:\WINDOWS\popcinfo.dat
    2007-07-09 10:44 8,704 --a------ C:\WINDOWS\system32\kbdjpn.dll
    2007-07-09 10:44 8,192 --a------ C:\WINDOWS\system32\kbdkor.dll
    2007-07-09 10:44 6,144 --a------ C:\WINDOWS\system32\kbd106.dll
    2007-07-09 10:44 6,144 --a------ C:\WINDOWS\system32\kbd101c.dll
    2007-07-09 10:44 6,144 --a------ C:\WINDOWS\system32\kbd101b.dll
    2007-07-09 10:44 5,632 --a------ C:\WINDOWS\system32\kbd103.dll
    2007-07-09 09:44 <KANSIO> d-------- C:\Program Files\Real
    2007-07-09 09:44 <KANSIO> d-------- C:\Program Files\Common Files\xing shared
    2007-07-09 09:44 <KANSIO> d-------- C:\Program Files\Common Files\Real
    2007-07-09 09:44 <KANSIO> d-------- C:\DOCUME~1\PEKKAR~1\APPLIC~1\Real
    2007-07-09 09:36 <KANSIO> d-------- C:\DOCUME~1\PEKKAR~1\APPLIC~1\Media Player Classic
    2007-07-09 09:35 <KANSIO> d-------- C:\Program Files\Combined Community Codec Pack
    2007-07-08 20:28 <KANSIO> d-------- C:\Program Files\RapidCheck
    2007-07-07 20:50 <KANSIO> d-------- C:\Program Files\Creative
    2007-07-07 13:26 3,426,072 --a------ C:\WINDOWS\system32\d3dx9_32.dll
    2007-07-07 13:26 255,848 --a------ C:\WINDOWS\system32\xactengine2_6.dll
    2007-07-07 13:26 251,672 --a------ C:\WINDOWS\system32\xactengine2_5.dll


    (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

    2007-07-17 15:14:48 58,852 ----a-w C:\WINDOWS\system32\perfc00B.dat
    2007-07-17 15:14:48 343,462 ----a-w C:\WINDOWS\system32\perfh00B.dat
    2007-07-16 15:48:00 0 ---ha-w C:\WINDOWS\system32\drivers\Msft_Kernel_xusb21_01001.Wdf
    2007-07-16 15:47:39 0 ---ha-w C:\WINDOWS\system32\drivers\MsftWdf_Kernel_01001_Coinstaller_Critical.Wdf
    2007-04-25 14:22:38 144,896 ----a-w C:\WINDOWS\system32\schannel.dll


    ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))


    *Note* empty entries & legit default entries are not shown

    [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]
    2006-10-22 23:08 62080 --a------ C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll

    [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
    2007-03-14 03:43 501400 --a------ C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "SoundMAXPnP"="C:\Program Files\Analog Devices\Core\smax4pnp.exe" [2006-05-01 05:07]
    "SoundMAX"="C:\Program Files\Analog Devices\SoundMAX\Smax4.exe" [2006-04-10 09:19]
    "nwiz"="nwiz.exe" [2006-08-08 09:54 C:\WINDOWS\system32\nwiz.exe]
    "nod32kui"="C:\Program Files\Eset\nod32kui.exe" [2007-06-27 18:02]
    "NeroFilterCheck"="C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe" [2006-01-12 16:40]
    "Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2007-05-11 03:06]
    "UnlockerAssistant"="C:\Program Files\Unlocker\UnlockerAssistant.exe" [2006-09-07 20:19]
    "CorelDRAW Graphics Suite 11b"="C:\Program Files\Corel\Corel Graphics 12\Languages\EN\Programs\Registration.exe" [2003-11-25 13:39]
    "PCSuiteTrayApplication"="C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe" [2007-03-23 13:20]
    "SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe" [2007-03-14 03:43]
    "QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2007-04-27 09:41]
    "TomTomHOME.exe"="C:\Program Files\TomTom HOME\TomTomHOME.exe" [2007-03-14 16:52]
    "Easy TM"="C:\Program Files\Easy TM\EasyTM.exe" [2007-02-25 14:30]
    "TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [2007-07-09 09:44]
    "ISUSPM Startup"="C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe" [2005-02-16 16:15]
    "ISUSScheduler"="C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" [2005-02-16 16:15]
    "WinampAgent"="C:\Program Files\Winamp\winampa.exe" [2007-02-13 21:29]
    "!AVG Anti-Spyware"="C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" [2007-06-11 12:25]

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-09-14 16:12]
    "BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe" [2006-08-22 09:52]
    "DAEMON Tools Pro Agent"="C:\Program Files\DAEMON Tools Pro\DTProAgent.exe" [2007-06-22 15:45]
    "Steam"="C:\Program Files\Steam\Steam.exe" [2007-06-29 19:17]
    "MsnMsgr"="C:\Program Files\MSN Messenger\MsnMsgr.exe" [2007-01-19 12:55]
    "Creative Detector"="C:\Program Files\Creative\MediaSource\Detector\CTDetect.exe" [2004-12-02 18:23]
    "Start WingMan Profiler"="C:\Program Files\Logitech\Profiler\lwemon.exe" [2004-05-19 17:42]

    [HKEY_USERS\.default\software\microsoft\windows\currentversion\run]
    "Nokia.PCSync"=C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
    "NoLogOff"=0 (0x0)

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
    "{57B86673-276A-48B2-BAE7-C6DBB3020EB8}"="C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\shellexecutehook.dll" [2007-05-30 15:29]

    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\minimal\AVG Anti-Spyware Driver]

    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\minimal\AVG Anti-Spyware Guard]
    HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Svchost - netsvcs
    crvdll


    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{6880b660-287c-11dc-8d91-0017318f048b}]
    AutoRun\command- N:\InstallTomTomHOME.exe


    Contents of the 'Scheduled Tasks' folder
    2007-07-17 06:16:00 C:\WINDOWS\tasks\AppleSoftwareUpdate.job

    **************************************************************************

    catchme 0.3.1040 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2007-07-20 20:10:39
    Windows 5.1.2600 Service Pack 2 NTFS

    scanning hidden processes ...

    scanning hidden registry entries ...

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\\x90\x2022\x20ac|\xff\xff\xff\xff"\x2022\x20ac|\xfe\xbb\xd3w\2]
    "b049C053C7D38EE4AB9A00CB3B5D2472"="C?\Program Files\Common Files\Microsoft Shared\Web Folders\PUBPLACE.HTT"

    scanning hidden files ...

    scan completed successfully
    hidden files: 0

    **************************************************************************

    Completion time: 2007-07-20 20:11:01
    C:\ComboFix-quarantined-files.txt ... 2007-07-20 20:10
    C:\ComboFix2.txt ... 2007-07-14 20:56
    C:\ComboFix3.txt ... 2007-07-14 10:04

    --- E O F ---
     
    gmsupr, Jul 20, 2007
    #26
Page 2 of 2

Share This Page