HJT-loki. Jelppiä?

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 21:32:17, on 1.6.2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16640)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Sygate\SPF\smc.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\HP\QuickPlay\QPService.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\PROGRA~1\MYWEBS~1\bar\1.bin\mwsoemon.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\PROGRA~1\hpq\Shared\HPQTOA~1.EXE
c:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\WINDOWS\service.exe
C:\Documents and Settings\Stuu\Työpöytä\Windows-KB890830-V1.41.exe
c:\f2950e2ac9738d7f63478c\mrtstub.exe
C:\WINDOWS\system32\MRT.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Windows Live\installer\WLSetupSvc.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Windows Live\Messenger\usnsvc.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.fi/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer - Toimittaja Elisa Internet
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = varasto.saunalahti.fi:80
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Linkit
R3 - URLSearchHook: (no name) - {00A6FAF6-072E-44cf-8957-5838F569A31D} - C:\Program Files\MyWebSearch\SrchAstt\1.bin\MWSSRCAS.DLL
R3 - URLSearchHook: (no name) - {BC4FFE41-DE9F-46fa-B455-AAD49B9F9938} - (no file)
O2 - BHO: MyWebSearch Search Assistant BHO - {00A6FAF1-072E-44cf-8957-5838F569A31D} - C:\Program Files\MyWebSearch\SrchAstt\1.bin\MWSSRCAS.DLL
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Liven kirjautumisapuohjelma - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O4 - HKLM\..\Run: [hpWirelessAssistant] C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe
O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [High Definition Audio Property Page Shortcut] CHDAudPropShortcut.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [QPService] "C:\Program Files\HP\QuickPlay\QPService.exe"
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [QlbCtrl] %ProgramFiles%\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start
O4 - HKLM\..\Run: [Cpqset] C:\Program Files\Hewlett-Packard\Default Settings\cpqset.exe
O4 - HKLM\..\Run: [RecGuard] C:\Windows\SMINST\RecGuard.exe
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [MyWebSearch Email Plugin] C:\PROGRA~1\MYWEBS~1\bar\1.bin\mwsoemon.exe
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [SmcService] C:\PROGRA~1\Sygate\SPF\smc.exe -startgui
O4 - HKLM\..\Run: [Windows UDP Control] winudspm.exe
O4 - HKLM\..\Run: [Windows svchost] service.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MyWebSearch Email Plugin] C:\PROGRA~1\MYWEBS~1\bar\1.bin\mwsoemon.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [Antispyware] C:\Program Files\AntiSpywareApp\Antispyware.exe -boot
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Paikallinen palve')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Verkkopalve')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Bluetooth Manager.lnk = ?
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O8 - Extra context menu item: &Search - http://edits.mywebsearch.com/toolbaredits/menusearch.jhtml?p=ZNxdm119YYFI
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: SMS-viesti - {08EA4593-9F9A-4CAE-846E-8173B4866093} - http://sms.kolumbus.fi/ (file missing) (HKCU)
O9 - Extra button: Palvelut - {25229784-7180-4C24-908F-CDC6F593C3D7} - http://service.kolumbus.fi/ (file missing) (HKCU)
O9 - Extra button: Tuki - {E8F58F93-DC4F-4F6A-A9C2-103A555DCC86} - http://tuki.elisa.net/ (file missing) (HKCU)
O14 - IERESET.INF: START_PAGE_URL=http://elisa.net/
O16 - DPF: CabBuilder - http://kiw.imgag.com/imgag/kiw/toolbar/download/InstallerControl.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O23 - Service: AddFiltr - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\AddFiltr.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - c:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: NetCom3 Service (Netcom3) - Unknown owner - C:\Program Files\Netcom3 Cleaner\PSCMonitor.exe (file missing)
O23 - Service: NMIndexingService - Unknown owner - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe (file missing)
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: Sygate Personal Firewall (SmcService) - Sygate Technologies, Inc. - C:\Program Files\Sygate\SPF\smc.exe

--
End of file - 8547 bytes

 

Mene Windowsin ControlPaneliin (Ohjauspaneli) ja sieltä Lisää / Poista sovellus
Vistassa Ohjelmat ja toiminnot
Etsi ja poista ohjelma jonka nimessä on:

MyWebSearch Search Assistant
NetCom3 Service
AntiSpyware


---------------------------------------------

1. Lataa combofix.exe työpöydällesi jommastakummasta linkistä:
combofix.exe
combofix.exe

Avaa Muistio ja kopioi/liitä Lainaus: laatikon sisältö sinne:

Tallenna nimellä CFScript (itse asiassa combofix tunnistaa tuon vaikka tiedostopääte ei olisi
edes .txt).

Sitten raahaa ja pudota CFScript ComboFix.exeen kuten alla.(Älä klikkaa)



Huom! Älä klikkaile combofixin ikkunaa käytön aikana. Tämä saattaa aiheuttaa ohjelman jumiutumisen.
Käynnistä kone uudelleen, jos niin pyydetään ja lähetä combofix.txt-tiedoston sisältö tänne.

Sammuta selain ja muut ohjelmat Fixin ajaksi. (ei virustorjuntaa)
Käynnistä HijackThis:ja Scan ja ruksaa seuraavat punaisella listatut tiedostot sekä poista ne.(fix Chekked)

R3 - URLSearchHook: (no name) - {00A6FAF6-072E-44cf-8957-5838F569A31D} - C:\Program Files\MyWebSearch\SrchAstt\1.bin\MWSSRCAS.DLL
O2 - BHO: MyWebSearch Search Assistant BHO - {00A6FAF1-072E-44cf-8957-5838F569A31D} - C:\Program Files\MyWebSearch\SrchAstt\1.bin\MWSSRCAS.DLL
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O4 - HKLM\..\Run: [MyWebSearch Email Plugin] C:\PROGRA~1\MYWEBS~1\bar\1.bin\mwsoemon.exe
O4 - HKLM\..\Run: [Windows UDP Control] winudspm.exe
O4 - HKLM\..\Run: [Windows svchost] service.exe
O4 - HKCU\..\Run: [MyWebSearch Email Plugin] C:\PROGRA~1\MYWEBS~1\bar\1.bin\mwsoemon.exe
O4 - HKCU\..\Run: [Antispyware] C:\Program Files\AntiSpywareApp\Antispyware.exe -boot
O8 - Extra context menu item: &Search - http://edits.mywebsearch.com/toolbaredit...?p=ZNxdm119YYFI
O23 - Service: NetCom3 Service (Netcom3) - Unknown owner - C:\Program Files\Netcom3 Cleaner\PSCMonitor.exe (file missing)

Tyhjennä roskakori ja käynnistä koneesi uudelleen.

Postita tänne seuraavat lokit:
* Tuore HijackThis loki (Otetaan viimeisenä ennen postitusta)
* (C:\ComboFix.txt) raportti
*

 

ComboFix 08-06-01.6 - Stuu 2008-06-02 13:06:31.3 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1035.18.652 [GMT 3:00]
Running from: C:\Documents and Settings\Stuu\Työpöytä\ComboFix.exe

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.

((((( Tiedostot, jotka on luotu seuraavalla aikavälillä: 2008-05-02 to 2008-06-02 )))))))))))))))))
.

2008-06-01 21:38 . 2008-06-01 21:38 <KANSIO> d-------- C:\Program Files\Malwarebytes' Anti-Malware
2008-06-01 21:38 . 2008-06-01 21:38 <KANSIO> d-------- C:\Documents and Settings\Stuu\Application Data\Malwarebytes
2008-06-01 21:38 . 2008-06-01 21:38 <KANSIO> d-------- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2008-06-01 21:38 . 2008-05-30 01:06 34,296 --a------ C:\WINDOWS\system32\drivers\mbamcatchme.sys
2008-06-01 21:38 . 2008-05-30 01:06 15,864 --a------ C:\WINDOWS\system32\drivers\mbam.sys
2008-06-01 19:30 . 2008-06-01 19:31 <KANSIO> d-------- C:\Documents and Settings\Stuu\Application Data\Antispyware
2008-05-28 00:00 . 2008-05-28 00:00 <KANSIO> d-------- C:\Program Files\Trend Micro
2008-05-27 18:22 . 2008-05-27 18:22 <KANSIO> d-------- C:\Program Files\EA GAMES
2008-05-27 18:22 . 2004-08-18 11:34 442,368 -ra------ C:\WINDOWS\system32\vp6vfw.dll
2008-05-22 19:28 . 2008-05-22 19:36 <KANSIO> d-------- C:\Program Files\Serif
2008-05-22 19:28 . 1998-12-08 20:53 212,480 --------- C:\WINDOWS\pcdlib32.dll
2008-05-18 18:22 . 2008-06-01 19:47 <KANSIO> d-------- C:\Program Files\Windows Live Safety Center
2008-05-15 20:01 . 2008-05-15 20:01 <KANSIO> d-------- C:\Program Files\Kiwee Toolbar2

.
(((((((((((((((((((((((((((((((((((( Find3M-raportti ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-06-01 19:09 --------- d-----w C:\Program Files\Windows Live
2008-06-01 17:13 --------- d-----w C:\Documents and Settings\All Users\Application Data\WLInstaller
2008-05-24 15:01 --------- d-----w C:\Program Files\DC++
2008-05-22 16:28 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-05-18 13:34 --------- d-----w C:\Program Files\Common Files\Adobe
2008-05-18 13:29 --------- d-----w C:\Documents and Settings\All Users\Application Data\Downloaded Installations
2008-05-13 12:36 10,770 -c--a-w C:\Documents and Settings\Stuu\Application Data\wklnhst.dat
2008-05-05 06:55 --------- d-----w C:\Program Files\Winamp
2008-04-24 16:30 --------- d-----w C:\Documents and Settings\Stuu\Application Data\AdobeUM
2008-04-23 12:03 --------- d-----w C:\Program Files\Windows Live Toolbar
2008-04-23 11:53 18,895,728 ----a-w C:\Documents and Settings\Stuu\WLinstaller.exe
2008-04-23 00:16 --------- d-----w C:\Documents and Settings\All Users\Application Data\Winamp Toolbar
2008-04-22 19:29 --------- dcsh--w C:\Program Files\Common Files\WindowsLiveInstaller
2008-04-06 15:14 --------- d-----w C:\Documents and Settings\Stuu\Application Data\Nokia Multimedia Player
2008-04-06 14:50 --------- d-----w C:\Documents and Settings\Stuu\Application Data\Toshiba
2008-03-25 04:51 621,344 ----a-w C:\WINDOWS\system32\mswstr10.dll
2008-03-25 04:51 621,344 ------w C:\WINDOWS\system32\dllcache\mswstr10.dll
2008-03-25 04:51 166,688 ----a-w C:\WINDOWS\system32\msjint40.dll
2008-03-25 04:51 166,688 ------w C:\WINDOWS\system32\dllcache\msjint40.dll
2008-03-20 08:09 1,845,504 ----a-w C:\WINDOWS\system32\win32k.sys
2008-03-20 08:09 1,845,504 ------w C:\WINDOWS\system32\dllcache\win32k.sys
2008-03-13 20:36 63,762 ----a-w C:\WINDOWS\Metalium.scr
2008-03-13 20:36 4,059,744 ----a-w C:\WINDOWS\Metalium.exe
2007-11-25 13:18 9,228,440 ----a-w C:\Documents and Settings\Stuu\spf5.6.exe
2007-06-08 00:20 110 -c--a-w C:\Documents and Settings\All Users\Application Data\MostFunGameId.bin
.

((((((((((((((((((((((((((((( snapshot@2008-06-02_12.52.07,81 )))))))))))))))))))))))))))))))))))))))))
.
- 2008-06-02 09:37:58 2,048 --s-a-w C:\WINDOWS\bootstat.dat
+ 2008-06-02 10:03:08 2,048 --s-a-w C:\WINDOWS\bootstat.dat
- 2008-06-02 09:42:42 53,098 ----a-w C:\WINDOWS\system32\perfc009.dat
+ 2008-06-02 10:07:55 53,098 ----a-w C:\WINDOWS\system32\perfc009.dat
- 2008-06-02 09:42:42 65,222 ----a-w C:\WINDOWS\system32\perfc00B.dat
+ 2008-06-02 10:07:55 65,222 ----a-w C:\WINDOWS\system32\perfc00B.dat
- 2008-06-02 09:42:42 380,684 ----a-w C:\WINDOWS\system32\perfh009.dat
+ 2008-06-02 10:07:55 380,684 ----a-w C:\WINDOWS\system32\perfh009.dat
- 2008-06-02 09:42:42 355,056 ----a-w C:\WINDOWS\system32\perfh00B.dat
+ 2008-06-02 10:07:55 355,056 ----a-w C:\WINDOWS\system32\perfh00B.dat
+ 2008-06-02 10:03:17 16,384 ----atw C:\WINDOWS\Temp\Perflib_Perfdata_5e0.dat
.
(((((((((((((((((((((((((((((( Rekisterin käynnistyskohteet )))))))))))))))))))))))))))))))))))))))))))))
.
.
REGEDIT4
*Huom* Tyhjiä arvoja ja laillisia oletusarvoja ei näytetä

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-09-16 00:00 15360]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"hpWirelessAssistant"="C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe" [2006-05-03 22:58 458752]
"igfxtray"="C:\WINDOWS\system32\igfxtray.exe" [2006-03-23 15:17 94208]
"igfxhkcmd"="C:\WINDOWS\system32\hkcmd.exe" [2006-03-23 15:13 77824]
"igfxpers"="C:\WINDOWS\system32\igfxpers.exe" [2006-03-23 15:17 118784]
"High Definition Audio Property Page Shortcut"="CHDAudPropShortcut.exe" [2006-06-02 18:02 61952 C:\WINDOWS\system32\CHDAudPropShortcut.exe]
"SynTPEnh"="C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" [2006-06-17 08:22 794713]
"QPService"="C:\Program Files\HP\QuickPlay\QPService.exe" [2006-06-23 14:43 102400]
"HP Software Update"="C:\Program Files\HP\HP Software Update\HPWuSchd2.exe" [2006-02-19 02:41 49152]
"QlbCtrl"="C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe" [2006-06-02 15:21 135168]
"Cpqset"="C:\Program Files\Hewlett-Packard\Default Settings\cpqset.exe" [2006-06-19 10:50 40960]
"RecGuard"="C:\Windows\SMINST\RecGuard.exe" [2005-10-11 10:23 1187840]
"avast!"="C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [2008-05-16 02:19 79224]
"BluetoothAuthenticationAgent"="bthprops.cpl" [2004-09-16 00:00 110592 C:\WINDOWS\system32\bthprops.cpl]
"SmcService"="C:\PROGRA~1\Sygate\SPF\smc.exe" [2004-10-15 20:40 2577632]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-09-16 00:00 15360]

C:\Documents and Settings\All Users\K„ynnist„-valikko\Ohjelmat\K„ynnistys\
Bluetooth Manager.lnk - C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe [2006-02-02 22:19:10 1753088]
HP Digital Imaging Monitor.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe [2006-02-19 04:21:22 288472]

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Käynnistä-valikko^Ohjelmat^Käynnistys^Adobe Reader Speed Launch.lnk]
path=C:\Documents and Settings\All Users\Käynnistä-valikko\Ohjelmat\Käynnistys\Adobe Reader Speed Launch.lnk
backup=C:\WINDOWS\pss\Adobe Reader Speed Launch.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Käynnistä-valikko^Ohjelmat^Käynnistys^HP Photosmart Premier -pikakäynnistys.lnk]
path=C:\Documents and Settings\All Users\Käynnistä-valikko\Ohjelmat\Käynnistys\HP Photosmart Premier -pikakäynnistys.lnk
backup=C:\WINDOWS\pss\HP Photosmart Premier -pikakäynnistys.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}]
C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MsnMsgr]
C:\Program Files\MSN Messenger\MsnMsgr.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PCSuiteTrayApplication]
C:\PROGRA~1\Nokia\NOKIAP~1\LAUNCH~1.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PcSync]
C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Reminder]
-----c--- 2006-02-09 09:52 643072 C:\Windows\CREATOR\Remind_XP.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]
C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinampAgent]
--a------ 2008-04-01 21:49 36352 C:\Program Files\Winamp\winampa.exe

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpofxm08.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hposfx08.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqscnvw.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqCopy.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpfccopy.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpzwiz01.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqPhUnl.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqDIA.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqnrs08.exe"=
"C:\\Program Files\\DC++\\DCPlusPlus.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"7685:UDP"= 7685:UDP:*isabled:BitComet 7685 UDP

R1 aswSP;avast! Self Protection;C:\WINDOWS\system32\drivers\aswSP.sys [2008-05-16 02:20]
R2 aswFsBlk;aswFsBlk;C:\WINDOWS\system32\DRIVERS\aswFsBlk.sys [2008-05-16 02:16]
S3 Netcom3;NetCom3 Service;C:\Program Files\Netcom3 Cleaner\PSCMonitor.exe []

.
'Ajoitetut tehtävät'-kansion sisältö
"2008-06-01 16:30:48 C:\WINDOWS\Tasks\Antispyware Scheduled Scan.job"
- C:\Program Files\AntiSpywareApp\AntiSpyware.ex
- C:\Program Files\AntiSpywareApp
.
**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-06-02 13:08:17
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

HKLM\Software\Microsoft\Windows\CurrentVersion\Run
Cpqset = C:\Program Files\Hewlett-Packard\Default Settings\cpqset.exe????????????L?@? ????\??????`?@?????L?@

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\vsdatant]
"ImagePath"=""
.
Completion time: 2008-06-02 13:09:32
ComboFix-quarantined-files.txt 2008-06-02 10:09:24
ComboFix2.txt 2008-06-02 09:52:51

Pre-Run: 35,023,671,296 tavua vapaana
Post-Run: 35,009,961,984 tavua vapaana

161 --- E O F --- 2008-05-28 10:18:30





Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 13:10:54, on 2.6.2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16640)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Sygate\SPF\smc.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\HP\QuickPlay\QPService.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\msiexec.exe
C:\PROGRA~1\hpq\Shared\HPQTOA~1.EXE
C:\WINDOWS\explorer.exe
C:\Program Files\internet explorer\iexplore.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.fi/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = varasto.saunalahti.fi:80
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Linkit
R3 - URLSearchHook: (no name) - {BC4FFE41-DE9F-46fa-B455-AAD49B9F9938} - (no file)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
O4 - HKLM\..\Run: [hpWirelessAssistant] C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe
O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [High Definition Audio Property Page Shortcut] CHDAudPropShortcut.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [QPService] "C:\Program Files\HP\QuickPlay\QPService.exe"
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [QlbCtrl] %ProgramFiles%\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start
O4 - HKLM\..\Run: [Cpqset] C:\Program Files\Hewlett-Packard\Default Settings\cpqset.exe
O4 - HKLM\..\Run: [RecGuard] C:\Windows\SMINST\RecGuard.exe
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [SmcService] C:\PROGRA~1\Sygate\SPF\smc.exe -startgui
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Paikallinen palve')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Verkkopalve')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Bluetooth Manager.lnk = ?
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: SMS-viesti - {08EA4593-9F9A-4CAE-846E-8173B4866093} - http://sms.kolumbus.fi/ (file missing) (HKCU)
O9 - Extra button: Palvelut - {25229784-7180-4C24-908F-CDC6F593C3D7} - http://service.kolumbus.fi/ (file missing) (HKCU)
O9 - Extra button: Tuki - {E8F58F93-DC4F-4F6A-A9C2-103A555DCC86} - http://tuki.elisa.net/ (file missing) (HKCU)
O14 - IERESET.INF: START_PAGE_URL=http://elisa.net/
O16 - DPF: CabBuilder - http://kiw.imgag.com/imgag/kiw/toolbar/download/InstallerControl.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O23 - Service: AddFiltr - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\AddFiltr.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - c:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: NetCom3 Service (Netcom3) - Unknown owner - C:\Program Files\Netcom3 Cleaner\PSCMonitor.exe (file missing)
O23 - Service: NMIndexingService - Unknown owner - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe (file missing)
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: Sygate Personal Firewall (SmcService) - Sygate Technologies, Inc. - C:\Program Files\Sygate\SPF\smc.exe

--
End of file - 6740 bytes

 

ComboFixin raahaus ei onnistunut.
Tee uudelleen (irroita älä klikkaa)
Lähetä => C:\comboFix.txt

 

Juu en klikan mut jokin sit meni pieleen kuitenki

ComboFix 08-06-01.6 - Stuu 2008-06-02 17:15:29.4 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1035.18.635 [GMT 3:00]
Running from: C:\Documents and Settings\Stuu\Työpöytä\ComboFix.exe

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.

((((( Tiedostot, jotka on luotu seuraavalla aikavälillä: 2008-05-02 to 2008-06-02 )))))))))))))))))
.

2008-06-01 21:38 . 2008-06-01 21:38 <KANSIO> d-------- C:\Program Files\Malwarebytes' Anti-Malware
2008-06-01 21:38 . 2008-06-01 21:38 <KANSIO> d-------- C:\Documents and Settings\Stuu\Application Data\Malwarebytes
2008-06-01 21:38 . 2008-06-01 21:38 <KANSIO> d-------- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2008-06-01 21:38 . 2008-05-30 01:06 34,296 --a------ C:\WINDOWS\system32\drivers\mbamcatchme.sys
2008-06-01 21:38 . 2008-05-30 01:06 15,864 --a------ C:\WINDOWS\system32\drivers\mbam.sys
2008-06-01 19:30 . 2008-06-01 19:31 <KANSIO> d-------- C:\Documents and Settings\Stuu\Application Data\Antispyware
2008-05-28 00:00 . 2008-05-28 00:00 <KANSIO> d-------- C:\Program Files\Trend Micro
2008-05-27 18:22 . 2008-05-27 18:22 <KANSIO> d-------- C:\Program Files\EA GAMES
2008-05-27 18:22 . 2004-08-18 11:34 442,368 -ra------ C:\WINDOWS\system32\vp6vfw.dll
2008-05-22 19:28 . 2008-05-22 19:36 <KANSIO> d-------- C:\Program Files\Serif
2008-05-22 19:28 . 1998-12-08 20:53 212,480 --------- C:\WINDOWS\pcdlib32.dll
2008-05-18 18:22 . 2008-06-01 19:47 <KANSIO> d-------- C:\Program Files\Windows Live Safety Center

.
(((((((((((((((((((((((((((((((((((( Find3M-raportti ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-06-02 13:04 --------- d-----w C:\Program Files\Windows Live
2008-06-02 13:03 --------- d-----w C:\Program Files\DC++
2008-06-02 13:03 --------- d-----w C:\Documents and Settings\All Users\Application Data\WLInstaller
2008-05-22 16:28 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-05-18 13:34 --------- d-----w C:\Program Files\Common Files\Adobe
2008-05-18 13:29 --------- d-----w C:\Documents and Settings\All Users\Application Data\Downloaded Installations
2008-05-13 12:36 10,770 -c--a-w C:\Documents and Settings\Stuu\Application Data\wklnhst.dat
2008-05-05 06:55 --------- d-----w C:\Program Files\Winamp
2008-04-24 16:30 --------- d-----w C:\Documents and Settings\Stuu\Application Data\AdobeUM
2008-04-23 12:03 --------- d-----w C:\Program Files\Windows Live Toolbar
2008-04-23 00:16 --------- d-----w C:\Documents and Settings\All Users\Application Data\Winamp Toolbar
2008-04-22 19:29 --------- dcsh--w C:\Program Files\Common Files\WindowsLiveInstaller
2008-04-06 15:14 --------- d-----w C:\Documents and Settings\Stuu\Application Data\Nokia Multimedia Player
2008-04-06 14:50 --------- d-----w C:\Documents and Settings\Stuu\Application Data\Toshiba
2008-03-25 04:51 621,344 ----a-w C:\WINDOWS\system32\mswstr10.dll
2008-03-25 04:51 621,344 ------w C:\WINDOWS\system32\dllcache\mswstr10.dll
2008-03-25 04:51 166,688 ----a-w C:\WINDOWS\system32\msjint40.dll
2008-03-25 04:51 166,688 ------w C:\WINDOWS\system32\dllcache\msjint40.dll
2008-03-20 08:09 1,845,504 ----a-w C:\WINDOWS\system32\win32k.sys
2008-03-20 08:09 1,845,504 ------w C:\WINDOWS\system32\dllcache\win32k.sys
2008-03-13 20:36 63,762 ----a-w C:\WINDOWS\Metalium.scr
2008-03-13 20:36 4,059,744 ----a-w C:\WINDOWS\Metalium.exe
2007-06-08 00:20 110 -c--a-w C:\Documents and Settings\All Users\Application Data\MostFunGameId.bin
.

((((((((((((((((((((((((((((( snapshot@2008-06-02_12.52.07,81 )))))))))))))))))))))))))))))))))))))))))
.
- 2008-06-02 09:37:58 2,048 --s-a-w C:\WINDOWS\bootstat.dat
+ 2008-06-02 13:30:13 2,048 --s-a-w C:\WINDOWS\bootstat.dat
- 2008-06-01 17:19:09 29,926 ----a-r C:\WINDOWS\Installer\{A9174A72-1B46-445B-B3CF-90ED2C63D83B}\MsblIco.Exe
+ 2008-06-02 13:05:55 29,926 ----a-r C:\WINDOWS\Installer\{A9174A72-1B46-445B-B3CF-90ED2C63D83B}\MsblIco.Exe
- 2008-06-02 09:42:42 53,098 ----a-w C:\WINDOWS\system32\perfc009.dat
+ 2008-06-02 13:34:41 53,098 ----a-w C:\WINDOWS\system32\perfc009.dat
- 2008-06-02 09:42:42 65,222 ----a-w C:\WINDOWS\system32\perfc00B.dat
+ 2008-06-02 13:34:41 65,222 ----a-w C:\WINDOWS\system32\perfc00B.dat
- 2008-06-02 09:42:42 380,684 ----a-w C:\WINDOWS\system32\perfh009.dat
+ 2008-06-02 13:34:41 380,684 ----a-w C:\WINDOWS\system32\perfh009.dat
- 2008-06-02 09:42:42 355,056 ----a-w C:\WINDOWS\system32\perfh00B.dat
+ 2008-06-02 13:34:41 355,056 ----a-w C:\WINDOWS\system32\perfh00B.dat
+ 2007-10-18 08:31:46 51,224 ----a-w C:\WINDOWS\system32\sirenacm.dll
+ 2008-06-02 13:30:20 16,384 ----atw C:\WINDOWS\Temp\Perflib_Perfdata_5dc.dat
+ 2006-06-05 11:14:28 479,232 ----a-w C:\WINDOWS\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.163_x-ww_681e29fb\msvcm80.dll
+ 2006-06-05 11:14:28 548,864 ----a-w C:\WINDOWS\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.163_x-ww_681e29fb\msvcp80.dll
+ 2006-06-05 11:14:28 626,688 ----a-w C:\WINDOWS\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.163_x-ww_681e29fb\msvcr80.dll
.
(((((((((((((((((((((((((((((( Rekisterin käynnistyskohteet )))))))))))))))))))))))))))))))))))))))))))))
.
.
REGEDIT4
*Huom* Tyhjiä arvoja ja laillisia oletusarvoja ei näytetä

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-09-16 00:00 15360]
"MsnMsgr"="C:\Program Files\Windows Live\Messenger\MsnMsgr.exe" [2007-10-18 11:34 5724184]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"hpWirelessAssistant"="C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe" [2006-05-03 22:58 458752]
"igfxtray"="C:\WINDOWS\system32\igfxtray.exe" [2006-03-23 15:17 94208]
"igfxhkcmd"="C:\WINDOWS\system32\hkcmd.exe" [2006-03-23 15:13 77824]
"igfxpers"="C:\WINDOWS\system32\igfxpers.exe" [2006-03-23 15:17 118784]
"High Definition Audio Property Page Shortcut"="CHDAudPropShortcut.exe" [2006-06-02 18:02 61952 C:\WINDOWS\system32\CHDAudPropShortcut.exe]
"SynTPEnh"="C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" [2006-06-17 08:22 794713]
"QPService"="C:\Program Files\HP\QuickPlay\QPService.exe" [2006-06-23 14:43 102400]
"HP Software Update"="C:\Program Files\HP\HP Software Update\HPWuSchd2.exe" [2006-02-19 02:41 49152]
"QlbCtrl"="C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe" [2006-06-02 15:21 135168]
"Cpqset"="C:\Program Files\Hewlett-Packard\Default Settings\cpqset.exe" [2006-06-19 10:50 40960]
"RecGuard"="C:\Windows\SMINST\RecGuard.exe" [2005-10-11 10:23 1187840]
"avast!"="C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [2008-05-16 02:19 79224]
"BluetoothAuthenticationAgent"="bthprops.cpl" [2004-09-16 00:00 110592 C:\WINDOWS\system32\bthprops.cpl]
"SmcService"="C:\PROGRA~1\Sygate\SPF\smc.exe" [2004-10-15 20:40 2577632]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-09-16 00:00 15360]

C:\Documents and Settings\All Users\K„ynnist„-valikko\Ohjelmat\K„ynnistys\
Bluetooth Manager.lnk - C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe [2006-02-02 22:19:10 1753088]
HP Digital Imaging Monitor.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe [2006-02-19 04:21:22 288472]

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Käynnistä-valikko^Ohjelmat^Käynnistys^Adobe Reader Speed Launch.lnk]
path=C:\Documents and Settings\All Users\Käynnistä-valikko\Ohjelmat\Käynnistys\Adobe Reader Speed Launch.lnk
backup=C:\WINDOWS\pss\Adobe Reader Speed Launch.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Käynnistä-valikko^Ohjelmat^Käynnistys^HP Photosmart Premier -pikakäynnistys.lnk]
path=C:\Documents and Settings\All Users\Käynnistä-valikko\Ohjelmat\Käynnistys\HP Photosmart Premier -pikakäynnistys.lnk
backup=C:\WINDOWS\pss\HP Photosmart Premier -pikakäynnistys.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}]
C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MsnMsgr]
C:\Program Files\MSN Messenger\MsnMsgr.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PCSuiteTrayApplication]
C:\PROGRA~1\Nokia\NOKIAP~1\LAUNCH~1.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PcSync]
C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Reminder]
-----c--- 2006-02-09 09:52 643072 C:\Windows\CREATOR\Remind_XP.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]
C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinampAgent]
--a------ 2008-04-01 21:49 36352 C:\Program Files\Winamp\winampa.exe

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpofxm08.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hposfx08.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqscnvw.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqCopy.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpfccopy.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpzwiz01.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqPhUnl.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqDIA.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqnrs08.exe"=
"C:\\Program Files\\DC++\\DCPlusPlus.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"7685:UDP"= 7685:UDP:*isabled:BitComet 7685 UDP

R1 aswSP;avast! Self Protection;C:\WINDOWS\system32\drivers\aswSP.sys [2008-05-16 02:20]
R2 aswFsBlk;aswFsBlk;C:\WINDOWS\system32\DRIVERS\aswFsBlk.sys [2008-05-16 02:16]
S3 Netcom3;NetCom3 Service;C:\Program Files\Netcom3 Cleaner\PSCMonitor.exe []

.
'Ajoitetut tehtävät'-kansion sisältö
"2008-06-01 16:30:48 C:\WINDOWS\Tasks\Antispyware Scheduled Scan.job"
- C:\Program Files\AntiSpywareApp\AntiSpyware.ex
- C:\Program Files\AntiSpywareApp
.
**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-06-02 17:16:57
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

HKLM\Software\Microsoft\Windows\CurrentVersion\Run
Cpqset = C:\Program Files\Hewlett-Packard\Default Settings\cpqset.exe????????????L?@? ????\??????`?@?????L?@

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\vsdatant]
"ImagePath"=""
.
Completion time: 2008-06-02 17:18:55
ComboFix-quarantined-files.txt 2008-06-02 14:18:24
ComboFix2.txt 2008-06-02 09:52:51

Pre-Run: 34,743,484,416 tavua vapaana
Post-Run: 34,731,077,632 tavua vapaana

167 --- E O F --- 2008-05-28 10:18:30

 

Jos combon login alussa lukee näin:
Running from: C:\Documents and Settings\Stuu\Työpöytä\ComboFix.exe
raahaus ei onnistunut.

Onnistuneessa logissa lukee näin:
Command switches used :: C:\Documents and Settings\Jessica\Työpöytä\CFScript.txt

Harjoittele ja logi kun onnistuu.