auttakaa Äkkiä kone sekoo ei lopeta nappia enkä pääse tehtävienhallintaan!!

1. Klikkaa käynnistä > Oma tietokone oikean puoleisella hiiren napilla
2. Valitse ominaisuudet
3. Valitse järjestelmän palauttaminen välilehti
4. Ruksi eteen ¤ poista järjestelmän palauttaminen kaikissa asemissa
5. Paina Käytä
6. Paina ok
7. Sammuta ja käynnistä
8. Ota ruksi pois ¤ poista järjestelmän palauttaminen kaikissa asemissa
9. Käytä ja OK

 

no niin tein tuon mitäs sen jälkeen?

 

laitas uusi hjt loki scannaten

 

tässä uusi hjt loki

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 16:35:57, on 20.7.2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\Program Files\Analog Devices\SoundMAX\Smax4.exe
C:\Program Files\Eset\nod32kui.exe
C:\Program Files\Unlocker\UnlockerAssistant.exe
C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe
C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe
C:\Program Files\TomTom HOME\TomTomHOME.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\WINDOWS\Xerox\PanelMgr\ssmmgr.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe
C:\Program Files\Creative\MediaSource\Detector\CTDetect.exe
C:\Program Files\Logitech\Profiler\lwemon.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\WINDOWS\system32\CTsvcCDA.exe
C:\Program Files\Eset\nod32krn.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Common Files\Protexis\License Service\PSIService.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\MSN Messenger\usnsvc.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\drwtsn32.exe
C:\WINDOWS\system32\drwtsn32.exe
C:\Program Files\foobar2000\foobar2000.exe
N:\Ohjelmat\Valvonta ja systeemin kunnossa pito\HijackThis\HijackThis.exe

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Linkit
O2 - BHO: Adobe PDF Reader -linkkiavustaja - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe
O4 - HKLM\..\Run: [SoundMAX] "C:\Program Files\Analog Devices\SoundMAX\Smax4.exe" /tray
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [nod32kui] "C:\Program Files\Eset\nod32kui.exe" /WAITSERVICE
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [UnlockerAssistant] "C:\Program Files\Unlocker\UnlockerAssistant.exe"
O4 - HKLM\..\Run: [CorelDRAW Graphics Suite 11b] C:\Program Files\Corel\Corel Graphics 12\Languages\EN\Programs\Registration.exe /title="CorelDRAW Graphics Suite 12" /date=072807 serial=DR12WEX-1504397-KTY lang=EN
O4 - HKLM\..\Run: [PCSuiteTrayApplication] C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe -startup
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [TomTomHOME.exe] "C:\Program Files\TomTom HOME\TomTomHOME.exe" -s
O4 - HKLM\..\Run: [Easy TM] C:\Program Files\Easy TM\EasyTM.exe /min
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe
O4 - HKLM\..\Run: [Xerox PanelMgr] C:\WINDOWS\Xerox\PanelMgr\ssmmgr.exe /autorun
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [DAEMON Tools Pro Agent] "C:\Program Files\DAEMON Tools Pro\DTProAgent.exe"
O4 - HKCU\..\Run: [Steam] "C:\Program Files\Steam\Steam.exe" -silent
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [Creative Detector] "C:\Program Files\Creative\MediaSource\Detector\CTDetect.exe" /R
O4 - HKCU\..\Run: [Start WingMan Profiler] "C:\Program Files\Logitech\Profiler\lwemon.exe" /noui
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Paikallinen palve')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Verkkopalve')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O8 - Extra context menu item: Vie Microsoft E&xceliin - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra button: Oheistiedot - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {0B79F48A-E8D6-11DB-9283-E25056D89593} - http://support.f-secure.com/ols/fscax.cab
O23 - Service: Ares Chatroom server (AresChatServer) - Ares Development Group - C:\Program Files\Ares\chatServer.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C:\Program Files\Eset\nod32krn.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: ProtexisLicensing - Unknown owner - C:\Program Files\Common Files\Protexis\License Service\PSIService.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe

--
End of file - 6787 bytes

 

1. Lataa combofix.exe työpöydällesi jommastakummasta linkistä:
http://www.techsupportforum.com/sectools/sUBs/ComboFix.exe
http://download.bleepingcomputer.com/sUBs/ComboFix.exe

2. Tuplaklikkaa combofix.exe tiedostoa ja seuraa ohjeistuksia.
3. Kun työkalu on valmis, se tuottaa lokin. Lähetä tämä loki viesti ketjuusi.
Huom! Älä klikkaile combofixin ikkunaa käytön aikana. Tämä saattaa aiheuttaa ohjelman jumiutumisen.

 

tässä combofix loki

"Pekka Roulamo" - 2007-07-20 20:09:10 - ComboFix 07-07-17.8 - Service Pack 2 NTFS


((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))


C:\temp\tn3
C:\WINDOWS\system32\dwdsregt.exe
C:\WINDOWS\system32\msnav32.ax
C:\WINDOWS\system32\winpfz32.sys
C:\WINDOWS\system32\zxdnt3d.cfg


((((((((((((((((((((((((( Files Created from 2007-06-20 to 2007-07-20 )))))))))))))))))))))))))))))))


2007-07-20 15:31 <KANSIO> d-------- C:\Program Files\Barrel Mania
2007-07-19 18:11 <KANSIO> d-------- C:\Program Files\Ricochet Lost Worlds
2007-07-19 17:33 <KANSIO> d-------- C:\Program Files\Mr Robot
2007-07-19 15:27 <KANSIO> d-------- C:\Program Files\ReflexiveArcade
2007-07-19 15:19 14,848 --a------ C:\WINDOWS\system32\drivers\kbdhid.sys
2007-07-19 15:19 12,160 --a------ C:\WINDOWS\system32\drivers\mouhid.sys
2007-07-19 15:18 5,600 --a------ C:\WINDOWS\system32\drivers\WmVirHid.sys
2007-07-19 15:18 44,384 --a------ C:\WINDOWS\system32\drivers\WmXlCore.sys
2007-07-19 15:18 21,440 --a------ C:\WINDOWS\system32\drivers\WmFilter.sys
2007-07-19 15:18 167,936 --a------ C:\WINDOWS\system32\WmJoyFrc.dll
2007-07-19 15:18 14,720 --a------ C:\WINDOWS\system32\drivers\WmHidLo.sys
2007-07-19 15:18 10,144 --a------ C:\WINDOWS\system32\drivers\WmBEnum.sys
2007-07-19 15:18 <KANSIO> d-------- C:\Program Files\Logitech
2007-07-19 15:18 <KANSIO> d-------- C:\Program Files\Common Files\Logitech
2007-07-19 09:49 <KANSIO> d-------- C:\DOCUME~1\PEKKAR~1\DoctorWeb
2007-07-18 21:45 4,354 --a------ C:\WINDOWS\system32\tmp.reg
2007-07-18 19:55 10,872 --a------ C:\WINDOWS\system32\drivers\AvgAsCln.sys
2007-07-18 19:48 <KANSIO> d-------- C:\VundoFix Backups
2007-07-18 17:52 223,436 --a------ C:\WINDOWS\rFactor Data Acquisition Plugin Uninstaller.exe
2007-07-18 17:43 <KANSIO> d-------- C:\Program Files\rFactor
2007-07-18 13:21 <KANSIO> d-a------ C:\DOCUME~1\ALLUSE~1\APPLIC~1\TEMP
2007-07-18 13:21 <KANSIO> d-------- C:\WINDOWS\system32\appmgmt
2007-07-17 17:30 <KANSIO> d-------- C:\DOCUME~1\PEKKAR~1\APPLIC~1\Comodo
2007-07-17 17:30 <KANSIO> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Comodo
2007-07-17 17:27 <KANSIO> d-------- C:\Program Files\Comodo
2007-07-17 17:18 1,040,965 --ahs---- C:\WINDOWS\system32\kjllm.ini.ren
2007-07-17 17:18 1,032,299 --a------ C:\WINDOWS\system32\kjllm.bak1.ren
2007-07-17 17:13 31,232 --a------ C:\hcplxt.exe
2007-07-17 17:13 <KANSIO> d-------- C:\Program Files\Dealio
2007-07-17 17:12 <KANSIO> d-------- C:\WINDOWS\Web Download
2007-07-17 17:01 <KANSIO> d-------- C:\DOCUME~1\PEKKAR~1\APPLIC~1\DMCache
2007-07-17 16:33 <KANSIO> d-a------ C:\Rasterbator Standalone
2007-07-16 18:06 9,600 --a------ C:\WINDOWS\system32\drivers\hidusb.sys
2007-07-16 17:28 <KANSIO> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Trymedia
2007-07-16 17:13 <KANSIO> d-------- C:\rFactorSetup
2007-07-15 09:55 <KANSIO> d-------- C:\Deckard
2007-07-14 23:34 <KANSIO> d-------- C:\Program Files\MagicISO
2007-07-14 21:48 <KANSIO> d-------- C:\Temp
2007-07-14 21:01 <KANSIO> d-------- C:\WINDOWS\ERUNT
2007-07-14 09:59 51,200 --a------ C:\WINDOWS\nircmd.exe
2007-07-13 17:29 <KANSIO> d-------- C:\Program Files\Winnydows
2007-07-13 17:29 <KANSIO> d-------- C:\Program Files\AviSynth 2.5
2007-07-13 10:53 36,528 --------- C:\WINDOWS\system32\drivers\PxHelp20.sys
2007-07-13 10:53 2,560 --------- C:\WINDOWS\system32\drivers\cdralw2k.sys
2007-07-13 10:53 2,432 --------- C:\WINDOWS\system32\drivers\cdr4_xp.sys
2007-07-13 10:53 129,784 --------- C:\WINDOWS\system32\pxafs.dll
2007-07-13 10:53 115,880 --------- C:\WINDOWS\system32\pxinsi64.exe
2007-07-13 10:53 <KANSIO> d-------- C:\Program Files\Winamp
2007-07-12 10:38 221,184 --a------ C:\WINDOWS\system32\wmpns.dll
2007-07-12 10:07 <KANSIO> d-------- C:\DOCUME~1\PEKKAR~1\APPLIC~1\Creative
2007-07-12 10:05 41,984 --------- C:\WINDOWS\Ctregrun.exe
2007-07-12 10:00 44,032 --------- C:\WINDOWS\system32\CTSVCCDA.EXE
2007-07-12 10:00 25,088 --------- C:\WINDOWS\system32\CTSVCCTL.EXE
2007-07-12 09:57 <KANSIO> d-------- C:\WINDOWS\RegisteredPackages
2007-07-11 10:54 88 -r-hs---- C:\WINDOWS\system32\13DCD71260.sys
2007-07-11 10:52 <KANSIO> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\InstallShield
2007-07-11 10:51 <KANSIO> d-------- C:\Program Files\Common Files\Protexis
2007-07-11 10:48 <KANSIO> d-------- C:\CorelDRAW.Graphics.Suite.X3.v13.0.Incl.Keygen-SSG
2007-07-11 10:42 <KANSIO> d-------- C:\CorelDRAW.Graphics.Suite.X3.v13.0.Incl.Keygen--SSG
2007-07-10 19:13 4,682 --a------ C:\WINDOWS\system32\npptNT2.sys
2007-07-10 19:06 <KANSIO> d-------- C:\Program Files\DANCE!ONLINE
2007-07-10 16:33 <KANSIO> d-------- C:\psp games
2007-07-10 13:02 <KANSIO> d-------- C:\Program Files\SmartFTP Client
2007-07-10 13:02 <KANSIO> d-------- C:\DOCUME~1\PEKKAR~1\APPLIC~1\SmartFTP
2007-07-10 09:21 <KANSIO> d-------- C:\j-pop
2007-07-10 08:45 <KANSIO> d-------- C:\Program Files\ProPilkki2
2007-07-10 07:49 <KANSIO> d-------- C:\DOCUME~1\PEKKAR~1\Shared
2007-07-10 07:49 <KANSIO> d-------- C:\DOCUME~1\PEKKAR~1\Incomplete
2007-07-10 07:48 <KANSIO> d-------- C:\Program Files\LimeWire
2007-07-10 07:48 <KANSIO> d-------- C:\DOCUME~1\PEKKAR~1\APPLIC~1\LimeWire
2007-07-10 07:36 <KANSIO> d-------- C:\Limewire 4.12.11 Pro
2007-07-10 00:02 33,952 --a------ C:\WINDOWS\system32\drivers\oreans32.sys
2007-07-09 23:47 81,920 --a------ C:\WINDOWS\system32\OpenAL32.dll
2007-07-09 23:47 233,472 --a------ C:\WINDOWS\system32\wrap_oal.dll
2007-07-09 19:41 <KANSIO> d-------- C:\DOCUME~1\PEKKAR~1\APPLIC~1\Thinstall
2007-07-09 17:31 <KANSIO> d-------- C:\Program Files\CDisplay
2007-07-09 13:38 <KANSIO> d-------- C:\Program Files\Common Files\Thraex Software
2007-07-09 13:38 <KANSIO> d-------- C:\PacSteam
2007-07-09 12:59 <KANSIO> d-------- C:\DOCUME~1\PEKKAR~1\APPLIC~1\funkitron
2007-07-09 12:16 <KANSIO> d-------- C:\WINDOWS\system32\AGEIA
2007-07-09 12:16 <KANSIO> d-------- C:\Program Files\Common Files\Wise Installation Wizard
2007-07-09 12:16 <KANSIO> d-------- C:\Program Files\AGEIA Technologies
2007-07-09 11:17 16 --a------ C:\WINDOWS\popcinfo.dat
2007-07-09 10:44 8,704 --a------ C:\WINDOWS\system32\kbdjpn.dll
2007-07-09 10:44 8,192 --a------ C:\WINDOWS\system32\kbdkor.dll
2007-07-09 10:44 6,144 --a------ C:\WINDOWS\system32\kbd106.dll
2007-07-09 10:44 6,144 --a------ C:\WINDOWS\system32\kbd101c.dll
2007-07-09 10:44 6,144 --a------ C:\WINDOWS\system32\kbd101b.dll
2007-07-09 10:44 5,632 --a------ C:\WINDOWS\system32\kbd103.dll
2007-07-09 09:44 <KANSIO> d-------- C:\Program Files\Real
2007-07-09 09:44 <KANSIO> d-------- C:\Program Files\Common Files\xing shared
2007-07-09 09:44 <KANSIO> d-------- C:\Program Files\Common Files\Real
2007-07-09 09:44 <KANSIO> d-------- C:\DOCUME~1\PEKKAR~1\APPLIC~1\Real
2007-07-09 09:36 <KANSIO> d-------- C:\DOCUME~1\PEKKAR~1\APPLIC~1\Media Player Classic
2007-07-09 09:35 <KANSIO> d-------- C:\Program Files\Combined Community Codec Pack
2007-07-08 20:28 <KANSIO> d-------- C:\Program Files\RapidCheck
2007-07-07 20:50 <KANSIO> d-------- C:\Program Files\Creative
2007-07-07 13:26 3,426,072 --a------ C:\WINDOWS\system32\d3dx9_32.dll
2007-07-07 13:26 255,848 --a------ C:\WINDOWS\system32\xactengine2_6.dll
2007-07-07 13:26 251,672 --a------ C:\WINDOWS\system32\xactengine2_5.dll


(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

2007-07-17 15:14:48 58,852 ----a-w C:\WINDOWS\system32\perfc00B.dat
2007-07-17 15:14:48 343,462 ----a-w C:\WINDOWS\system32\perfh00B.dat
2007-07-16 15:48:00 0 ---ha-w C:\WINDOWS\system32\drivers\Msft_Kernel_xusb21_01001.Wdf
2007-07-16 15:47:39 0 ---ha-w C:\WINDOWS\system32\drivers\MsftWdf_Kernel_01001_Coinstaller_Critical.Wdf
2007-04-25 14:22:38 144,896 ----a-w C:\WINDOWS\system32\schannel.dll


((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))


*Note* empty entries & legit default entries are not shown

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]
2006-10-22 23:08 62080 --a------ C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
2007-03-14 03:43 501400 --a------ C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SoundMAXPnP"="C:\Program Files\Analog Devices\Core\smax4pnp.exe" [2006-05-01 05:07]
"SoundMAX"="C:\Program Files\Analog Devices\SoundMAX\Smax4.exe" [2006-04-10 09:19]
"nwiz"="nwiz.exe" [2006-08-08 09:54 C:\WINDOWS\system32\nwiz.exe]
"nod32kui"="C:\Program Files\Eset\nod32kui.exe" [2007-06-27 18:02]
"NeroFilterCheck"="C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe" [2006-01-12 16:40]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2007-05-11 03:06]
"UnlockerAssistant"="C:\Program Files\Unlocker\UnlockerAssistant.exe" [2006-09-07 20:19]
"CorelDRAW Graphics Suite 11b"="C:\Program Files\Corel\Corel Graphics 12\Languages\EN\Programs\Registration.exe" [2003-11-25 13:39]
"PCSuiteTrayApplication"="C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe" [2007-03-23 13:20]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe" [2007-03-14 03:43]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2007-04-27 09:41]
"TomTomHOME.exe"="C:\Program Files\TomTom HOME\TomTomHOME.exe" [2007-03-14 16:52]
"Easy TM"="C:\Program Files\Easy TM\EasyTM.exe" [2007-02-25 14:30]
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [2007-07-09 09:44]
"ISUSPM Startup"="C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe" [2005-02-16 16:15]
"ISUSScheduler"="C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" [2005-02-16 16:15]
"WinampAgent"="C:\Program Files\Winamp\winampa.exe" [2007-02-13 21:29]
"!AVG Anti-Spyware"="C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" [2007-06-11 12:25]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-09-14 16:12]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe" [2006-08-22 09:52]
"DAEMON Tools Pro Agent"="C:\Program Files\DAEMON Tools Pro\DTProAgent.exe" [2007-06-22 15:45]
"Steam"="C:\Program Files\Steam\Steam.exe" [2007-06-29 19:17]
"MsnMsgr"="C:\Program Files\MSN Messenger\MsnMsgr.exe" [2007-01-19 12:55]
"Creative Detector"="C:\Program Files\Creative\MediaSource\Detector\CTDetect.exe" [2004-12-02 18:23]
"Start WingMan Profiler"="C:\Program Files\Logitech\Profiler\lwemon.exe" [2004-05-19 17:42]

[HKEY_USERS\.default\software\microsoft\windows\currentversion\run]
"Nokia.PCSync"=C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoLogOff"=0 (0x0)

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{57B86673-276A-48B2-BAE7-C6DBB3020EB8}"="C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\shellexecutehook.dll" [2007-05-30 15:29]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\minimal\AVG Anti-Spyware Driver]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\minimal\AVG Anti-Spyware Guard]
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Svchost - netsvcs
crvdll


[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{6880b660-287c-11dc-8d91-0017318f048b}]
AutoRun\command- N:\InstallTomTomHOME.exe


Contents of the 'Scheduled Tasks' folder
2007-07-17 06:16:00 C:\WINDOWS\tasks\AppleSoftwareUpdate.job

**************************************************************************

catchme 0.3.1040 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2007-07-20 20:10:39
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden registry entries ...

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\\x90\x2022\x20ac|\xff\xff\xff\xff"\x2022\x20ac|\xfe\xbb\xd3w\2]
"b049C053C7D38EE4AB9A00CB3B5D2472"="C?\Program Files\Common Files\Microsoft Shared\Web Folders\PUBPLACE.HTT"

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

Completion time: 2007-07-20 20:11:01
C:\ComboFix-quarantined-files.txt ... 2007-07-20 20:10
C:\ComboFix2.txt ... 2007-07-14 20:56
C:\ComboFix3.txt ... 2007-07-14 10:04

--- E O F ---