|
|
|
Keskustelualueet
Keskustelualueet
|
|
|
HJT -logi / MSN lähettelee linkkejä - - voisiko joku auttaa?
|
|
|
mixu66
Junior Member
|
20. maaliskuuta 2008 @ 10:42 |
Linkki tähän viestiin
|
Ajelin kaikki puhdistukset jotka osaan.
Onkohan kone vielä saastunut.
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 10:29:27, on 20.3.2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Safe mode
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\IBM\Personal Communications\PCS_AGNT.EXE
C:\WINDOWS\Explorer.EXE
C:\HJT\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://w3.ibm.com/jct03001pt/wps/myportal
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://w3.ibm.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://w3.ibm.com/download/standardsoftware/
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = ftp=proxy.emea.ibm.com:8080;gopher=proxy.emea.ibm.com:8080;http=proxy.emea.ibm.com:8080;https=proxy.emea.ibm.com:8080
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = http://158.98.130.99/;https://9.134.127.86:950/;<local>
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.1.1119.1736\swg.dll
O4 - HKLM\..\Run: [ISAM SMT Service] "C:\Program Files\C4ebreg\isamsmt.exe"
O4 - HKLM\..\Run: [ISAMTray] "C:\Program Files\C4ebreg\isamtray.exe"
O4 - HKLM\..\Run: [stgclean] c:\sdwork\w32main2.exe /cleanup
O4 - HKLM\..\Run: [Tpam.exe] "C:\Program Files\IBM\Personal Communications\tpam.exe"
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [TPHOTKEY] C:\Program Files\Lenovo\HOTKEY\TPOSDSVC.exe
O4 - HKLM\..\Run: [PWRMGRTR] rundll32 C:\PROGRA~1\ThinkPad\UTILIT~1\PWRMGRTR.DLL,PwrMgrBkGndMonitor
O4 - HKLM\..\Run: [BLOG] rundll32 C:\PROGRA~1\ThinkPad\UTILIT~1\BatLogEx.DLL,StartBattLog
O4 - HKLM\..\Run: [ACTray] C:\Program Files\ThinkPad\ConnectUtilities\ACTray.exe
O4 - HKLM\..\Run: [ACWLIcon] C:\Program Files\ThinkPad\ConnectUtilities\ACWLIcon.exe
O4 - HKLM\..\Run: [TpShocks] TpShocks.exe
O4 - HKLM\..\Run: [TP4EX] tp4ex.exe
O4 - HKLM\..\Run: [TPKMAPHELPER] C:\Program Files\ThinkPad\Utilities\TpKmapAp.exe -helper
O4 - HKLM\..\Run: [ipmcmu] c:\Program Files\IBM\IPM Client Migration Utility\ipmcmu.exe "c:\Program Files\IBM\IPM Client Migration Utility"
O4 - HKLM\..\Run: [MyHelpService] "C:\Program Files\IBM\My Help\plugins\com.ibm.myhelp.installer\service\delayStart.exe"
O4 - HKLM\..\Run: [PSQLLauncher] "C:\Program Files\Thinkvantage Fingerprint Software\launcher.exe" /startup
O4 - HKLM\..\Run: [ISSI EZUpdate Service] "c:\sdwork\issimsvc.exe"
O4 - HKLM\..\Run: [C4EBReg] "C:\Program Files\C4ebreg\c4ebreg.exe" /q
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~2\SYMANT~2\VPTray.exe
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [PCSuiteTrayApplication] C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe -startup
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [TVT Scheduler Proxy] C:\Program Files\Common Files\Lenovo\Scheduler\scheduler_proxy.exe
O4 - HKLM\..\Run: [EZEJMNAP] C:\PROGRA~1\ThinkPad\UTILIT~1\EzEjMnAp.Exe
O4 - HKLM\..\Run: [LPManager] C:\PROGRA~1\THINKV~1\PrdCtr\LPMGR.exe
O4 - HKLM\..\Run: [Mouse Suite 98 Daemon] ICO.EXE
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [defergui] c:/sdwork/defergui.exe
O4 - HKLM\..\Run: [UserFaultCheck] %systemroot%\system32\dumprep 0 -u
O4 - HKCU\..\Run: [Rainlendar2] C:\Program Files\Rainlendar2\Rainlendar2.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [NetSP - restore settings on power failure] "C:\Program Files\AT&T Network Client\NetSP.exe" -show
O4 - HKUS\S-1-5-18\..\Run: [ctfmon.exe] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\Run: [Nokia.PCSync] C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\Run: [Picasa Media Detector] C:\Program Files\Picasa2\PicasaMediaDetector.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [ctfmon.exe] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Bluetooth.lnk = ?
O4 - Global Startup: Google Updater.lnk = C:\Program Files\Google\Google Updater\GoogleUpdater.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Send to &Bluetooth Device... - C:\Program Files\ThinkPad\Bluetooth Software\btsendto_ie_ctx.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\ThinkPad\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\ThinkPad\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: Software Installer - {D1A4DEBD-C2EE-449f-B9FB-E8409F9A0BC5} - C:\Program Files\Lenovo\PkgMgr\\PkgMgr.exe
O14 - IERESET.INF: START_PAGE_URL=http://w3.ibm.com
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/english/kavwebscan_unicode.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/microsoftupd...b?1189673667609
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupd...b?1189673660437
O16 - DPF: {9519B2A2-6592-4E41-8290-D0298459270C} (LNWebAssist Class) - http://w3.ibm.com/bluepages/scripts/lnwebassist.cab
O16 - DPF: {A4B28810-11A2-4956-82D1-B2DCBA4B2AFD} (gpwsx.plugin) - http://w3.ibm.com/tools/print/plugin/gpwsx.cab
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: SearchList = ibm.com
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: SearchList = ibm.com
O20 - Winlogon Notify: ACNotify - ACNotify.dll (file missing)
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Ac Profile Manager Service (AcPrfMgrSvc) - Lenovo - C:\Program Files\ThinkPad\ConnectUtilities\AcPrfMgrSvc.exe
O23 - Service: Atheros Configuration Service (acs) - Atheros - C:\WINDOWS\system32\acs.exe
O23 - Service: Access Connections Main Service (AcSvc) - Lenovo - C:\Program Files\ThinkPad\ConnectUtilities\AcSvc.exe
O23 - Service: AppnNode - IBM Corporation - C:\WINDOWS\system32\Drivers\appnnode.exe
O23 - Service: IBM Mobility Client Start Utility (artstartsvc) - Unknown owner - C:\Program Files\IBM\Mobility Client\artstartsvc.exe (file missing)
O23 - Service: BroadWave Service (BroadWaveService) - Unknown owner - C:\Program Files\NCH Swift Sound\BroadWave\broadwave.exe
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\ThinkPad\Bluetooth Software\bin\btwdins.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: IBM DCD Standard Client (DCDClient-ISSI) (DCDClient-ISSI) - Unknown owner - C:\Program Files\IBM\tivoli\dcd\client\ISSI\cds\CDSWinSrv.exe
O23 - Service: Symantec AntiVirus Definition Watcher (DefWatch) - Symantec Corporation - C:\Program Files\Symantec Client Security\Symantec AntiVirus\DefWatch.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: ThinkPad PM Service (IBMPMSVC) - Lenovo - C:\WINDOWS\system32\ibmpmsvc.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: ISAM SMT Service (ISAMsmt) - Unknown owner - C:\Program Files\C4ebreg\isamsmt.exe (file missing)
O23 - Service: IBM Standard Asset Manager Service (ISAMSvc) - IBM Corp. - C:\Program Files\C4ebreg\c4ebreg.exe
O23 - Service: ISSI EZUpdate (ISSIMon) - IBM Corp. - c:\sdwork\issimsvc.exe
O23 - Service: IS Service (ISSVC) - Symantec Corporation - C:\Program Files\Symantec Client Security\Symantec Client Firewall\ISSVC.exe
O23 - Service: IBM Enterprise Extender (ldlcserv) - IBM Corporation - C:\WINDOWS\system32\Drivers\ldlcserv.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: Multi-user Cleanup Service - IBM Corp - C:\notes\ntmulti.exe
O23 - Service: My Help (MyHelp) - Unknown owner - C:\Program Files\IBM\My Help\plugins\com.ibm.myhelp.installer\service\MyHelpService.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: Network Configuration Service (NetCfgSvr) - AT&T - C:\Program Files\AT&T Network Client\NetCfgSv.EXE
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
O23 - Service: SAVRoam (SavRoam) - Unknown owner - C:\Program Files\Symantec AntiVirus\SavRoam.exe (file missing)
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: System Update (SUService) - Lenovo Group Limited - c:\program files\lenovo\system update\suservice.exe
O23 - Service: Symantec AntiVirus - Symantec Corporation - C:\Program Files\Symantec Client Security\Symantec AntiVirus\Rtvscan.exe
O23 - Service: Symantec SecurePort (SymSecurePort) - Symantec Corporation - C:\Program Files\Symantec Client Security\Symantec Client Firewall\SymSPort.exe
O23 - Service: ThinkPad HDD APS Logging Service (TPHDEXLGSVC) - Lenovo. - C:\WINDOWS\System32\TPHDEXLG.exe
O23 - Service: IBM KCU Service (TpKmpSVC) - Unknown owner - C:\WINDOWS\system32\TpKmpSVC.exe
O23 - Service: IBM Trace Facility (TrcBoot) - IBM Corporation - C:\WINDOWS\system32\Drivers\trcboot.exe
O23 - Service: TVT Scheduler - Lenovo Group Limited - C:\Program Files\Common Files\Lenovo\Scheduler\tvtsched.exe
--
End of file - 12562 bytes
|
|
Hujo
Suspended permanently
|
20. maaliskuuta 2008 @ 13:28 |
Linkki tähän viestiin
|
Lataa SDFix by AndyManchesta ja tallenna se työpöydällesi.
Käynnistä koneesi vikasietotilaan:
sammuta ja käynnistä
käynnistyksen yhteydessä hakkaa F8 nappia
valitse nuolinäppäimellä vikasietotila
paina enter ja enter
valitse käyttäjätilisi
paina kyllä
Jossakin koneissa hakataan F8:sin sijasta F5:tä
" Kun vikasietotilassa, pura tiedoston SDFix.zip sisältö (SDFix kansio) työpöydällesi. Työpöydälle pitäisi ilmestyä kansio nimeltä SDFix.
" Avaa SDFix-kansio ja tuplaklikkaa tiedostoa RunThis.bat käynnistääksesi ohjelman.
" Paina Y käynnistääksesi skriptin.
" Työkalu puhdistaa troijalaisen palvelut ja tekee myös joitakin korjauksia rekisteriin. Lopuksi se pyytää käynnistämään koneen uudelleen, "Press any key to Reboot".
" Paina mitä tahansa näppäintä ja kone käynnistyy uudelleen.
" Käynnistyminen kestää normaalia kauemmin sillä SDFix puhdistaa konetta.
" Kun kone on käynnistynyt ja työpöytä latautunut, SDFix kertoo että puhdistus on suoritettu, "Finished".
" Paina sitten mitä tahansa näppäintä sulkeaksesi skriptin ja ladataksesi pikakuvakkeet työpöydälle.
" Lopuksi avaa SDFix kansio (työpöydällä) ja kopioi & liitä tiedoston Report.txt sisältö viestiketjuusi uuden HijackThis:n lokin kera.
============
Ota tuo hjt:n loki normaalissa tilassa.
Voiko tietsikka koskaan toimia?
|
|
mixu66
Junior Member
|
21. maaliskuuta 2008 @ 04:12 |
Linkki tähän viestiin
|
SDFix: Version 1.159
Run by fi07628 on to 20.03.2008 at 22:25
Microsoft Windows XP [Version 5.1.2600]
Running From: C:\DOCUME~1\ADMINI~1\Desktop\SDFix
Checking Services :
Restoring Windows Registry Values
Restoring Windows Default Hosts File
Rebooting
Checking Files :
No Trojan Files Found
Removing Temp Files
ADS Check :
Final Check :
catchme 0.3.1344.2 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-03-20 22:37:19
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden services & system hive ...
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\BTHPORT\Parameters\Keys\00197de9e096]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg]
"s1"=dword:2df9c43f
"s2"=dword:110480d0
"h0"=dword:00000001
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4]
"p0"="C:\Program Files\DAEMON Tools\"
"h0"=dword:00000000
"khjeh"=hex:07,20,94,2e,75,13,1a,05,0b,8c,f8,73,a1,73,1c,24,7e,79,62,8a,1c,..
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001]
"a0"=hex:20,01,00,00,a7,b0,01,15,bc,85,83,ae,bb,e5,45,80,f9,55,2a,95,b9,..
"khjeh"=hex:b1,0f,0e,e0,0b,7e,13,30,82,bf,fe,ac,cb,ed,b0,1a,60,ee,e5,15,61,..
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40]
"khjeh"=hex:0f,af,af,9f,95,c2,7f,5f,a4,43,ca,a5,b7,95,09,08,6c,39,87,f8,ae,..
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\BTHPORT\Parameters\Keys\00197de9e096]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4]
"p0"="C:\Program Files\DAEMON Tools\"
"h0"=dword:00000000
"khjeh"=hex:07,20,94,2e,75,13,1a,05,0b,8c,f8,73,a1,73,1c,24,7e,79,62,8a,1c,..
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001]
"a0"=hex:20,01,00,00,a7,b0,01,15,bc,85,83,ae,bb,e5,45,80,f9,55,2a,95,b9,..
"khjeh"=hex:b1,0f,0e,e0,0b,7e,13,30,82,bf,fe,ac,cb,ed,b0,1a,60,ee,e5,15,61,..
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40]
"khjeh"=hex:0f,af,af,9f,95,c2,7f,5f,a4,43,ca,a5,b7,95,09,08,6c,39,87,f8,ae,..
scanning hidden registry entries ...
scanning hidden files ...
scan completed successfully
hidden processes: 0
hidden services: 0
hidden files: 0
Remaining Services :
Authorized Application Key Export:
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"="C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger"
"C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"="C:\\Program Files\\Windows Live\\Messenger\\livecall.exe:*:Enabled:Windows Live Messenger (Phone)"
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"="C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger"
"C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"="C:\\Program Files\\Windows Live\\Messenger\\livecall.exe:*:Enabled:Windows Live Messenger (Phone)"
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
Remaining Files :
File Backups: - C:\DOCUME~1\ADMINI~1\Desktop\SDFix\backups\backups.zip
Files with Hidden Attributes :
Wed 7 Feb 2007 224 A.SHR --- "C:\BOOT.BAK"
Wed 13 Oct 2004 1,694,208 ..SH. --- "C:\Program Files\Messenger\msmsgs.exe"
Wed 4 Aug 2004 60,416 A.SH. --- "C:\Program Files\Outlook Express\msimn.exe"
Tue 16 Oct 2007 5,903,928 A..H. --- "C:\Program Files\Picasa2\setup.exe"
Mon 28 Jan 2008 1,404,240 A.SHR --- "C:\Program Files\Spybot - Search & Destroy\SDUpdate.exe"
Mon 28 Jan 2008 5,146,448 A.SHR --- "C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe"
Mon 28 Jan 2008 2,097,488 A.SHR --- "C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe"
Mon 23 Apr 2007 0 A.SH. --- "C:\Documents and Settings\All Users\DRM\Cache\Indiv01.tmp"
Finished!
HJT logi
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 4:11:38, on 21.3.2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\ibmpmsvc.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\ThinkPad\Bluetooth Software\bin\btwdins.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
C:\Program Files\Symantec Client Security\Symantec Client Firewall\ISSVC.exe
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\Drivers\trcboot.exe
C:\Program Files\IBM\Personal Communications\PCS_AGNT.EXE
C:\Program Files\ThinkPad\ConnectUtilities\AcPrfMgrSvc.exe
C:\WINDOWS\system32\acs.exe
C:\Program Files\IBM\tivoli\dcd\client\ISSI\cds\CDSWinSrv.exe
C:\Program Files\Symantec Client Security\Symantec AntiVirus\DefWatch.exe
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\Program Files\C4ebreg\c4ebreg.exe
c:\sdwork\issimsvc.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\notes\ntmulti.exe
C:\WINDOWS\system32\cmd.exe
C:\Program Files\IBM\My Help\plugins\com.ibm.myhelp.installer\service\MyHelpService.exe
C:\Program Files\AT&T Network Client\NetCfgSv.EXE
C:\WINDOWS\system32\svchost.exe
c:\program files\lenovo\system update\suservice.exe
C:\Program Files\Symantec Client Security\Symantec AntiVirus\Rtvscan.exe
C:\Program Files\Symantec Client Security\Symantec Client Firewall\SymSPort.exe
C:\WINDOWS\System32\TPHDEXLG.exe
C:\WINDOWS\system32\TpKmpSVC.exe
C:\Program Files\Common Files\Lenovo\Scheduler\tvtsched.exe
C:\WINDOWS\system32\Drivers\ldlcserv.exe
C:\Program Files\ThinkPad\ConnectUtilities\AcSvc.exe
C:\Program Files\IBM\tivoli\dcd\client\ISSI\_jvm\jre\bin\java.exe
C:\Program Files\ThinkPad\ConnectUtilities\SvcGuiHlpr.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\C4ebreg\isamtray.exe
C:\Program Files\IBM\Personal Communications\tpam.exe
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Lenovo\HOTKEY\TPOSDSVC.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Lenovo\HOTKEY\TPONSCR.exe
C:\Program Files\ThinkPad\ConnectUtilities\ACTray.exe
C:\Program Files\Lenovo\PkgMgr\HOTKEY_1\TpScrex.exe
C:\Program Files\ThinkPad\ConnectUtilities\ACWLIcon.exe
C:\WINDOWS\system32\TpShocks.exe
C:\Program Files\IBM\IPM Client Migration Utility\ipmcmu.exe
C:\Program Files\IBM\My Help\plugins\com.ibm.myhelp.installer\service\delayStart.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\PROGRA~1\SYMANT~2\SYMANT~2\VPTray.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\Program Files\Common Files\Lenovo\Scheduler\scheduler_proxy.exe
C:\PROGRA~1\ThinkPad\UTILIT~1\EzEjMnAp.Exe
C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
C:\PROGRA~1\THINKV~1\PrdCtr\LPMGR.exe
C:\WINDOWS\system32\ICO.EXE
C:\WINDOWS\system32\FSRremoS.EXE
C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe
C:\Program Files\Rainlendar2\Rainlendar2.exe
C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe
C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe
C:\Program Files\ThinkPad\Bluetooth Software\BTTray.exe
C:\Program Files\Google\Google Updater\GoogleUpdater.exe
C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe
C:\Program Files\PC Connectivity Solution\NclBTHandler.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\HJT\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://w3.ibm.com/jct03001pt/wps/myportal
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://w3.ibm.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://w3.ibm.com/download/standardsoftware/
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = ftp=proxy.emea.ibm.com:8080;gopher=proxy.emea.ibm.com:8080;http=proxy.emea.ibm.com:8080;https=proxy.emea.ibm.com:8080
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = http://158.98.130.99/;https://9.134.127.86:950/;<local>
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.1.1119.1736\swg.dll
O4 - HKLM\..\Run: [ISAM SMT Service] "C:\Program Files\C4ebreg\isamsmt.exe"
O4 - HKLM\..\Run: [ISAMTray] "C:\Program Files\C4ebreg\isamtray.exe"
O4 - HKLM\..\Run: [stgclean] c:\sdwork\w32main2.exe /cleanup
O4 - HKLM\..\Run: [Tpam.exe] "C:\Program Files\IBM\Personal Communications\tpam.exe"
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [TPHOTKEY] C:\Program Files\Lenovo\HOTKEY\TPOSDSVC.exe
O4 - HKLM\..\Run: [PWRMGRTR] rundll32 C:\PROGRA~1\ThinkPad\UTILIT~1\PWRMGRTR.DLL,PwrMgrBkGndMonitor
O4 - HKLM\..\Run: [BLOG] rundll32 C:\PROGRA~1\ThinkPad\UTILIT~1\BatLogEx.DLL,StartBattLog
O4 - HKLM\..\Run: [ACTray] C:\Program Files\ThinkPad\ConnectUtilities\ACTray.exe
O4 - HKLM\..\Run: [ACWLIcon] C:\Program Files\ThinkPad\ConnectUtilities\ACWLIcon.exe
O4 - HKLM\..\Run: [TpShocks] TpShocks.exe
O4 - HKLM\..\Run: [TP4EX] tp4ex.exe
O4 - HKLM\..\Run: [TPKMAPHELPER] C:\Program Files\ThinkPad\Utilities\TpKmapAp.exe -helper
O4 - HKLM\..\Run: [ipmcmu] c:\Program Files\IBM\IPM Client Migration Utility\ipmcmu.exe "c:\Program Files\IBM\IPM Client Migration Utility"
O4 - HKLM\..\Run: [MyHelpService] "C:\Program Files\IBM\My Help\plugins\com.ibm.myhelp.installer\service\delayStart.exe"
O4 - HKLM\..\Run: [PSQLLauncher] "C:\Program Files\Thinkvantage Fingerprint Software\launcher.exe" /startup
O4 - HKLM\..\Run: [ISSI EZUpdate Service] "c:\sdwork\issimsvc.exe"
O4 - HKLM\..\Run: [C4EBReg] "C:\Program Files\C4ebreg\c4ebreg.exe" /q
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~2\SYMANT~2\VPTray.exe
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [PCSuiteTrayApplication] C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe -startup
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [TVT Scheduler Proxy] C:\Program Files\Common Files\Lenovo\Scheduler\scheduler_proxy.exe
O4 - HKLM\..\Run: [EZEJMNAP] C:\PROGRA~1\ThinkPad\UTILIT~1\EzEjMnAp.Exe
O4 - HKLM\..\Run: [LPManager] C:\PROGRA~1\THINKV~1\PrdCtr\LPMGR.exe
O4 - HKLM\..\Run: [Mouse Suite 98 Daemon] ICO.EXE
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [defergui] c:/sdwork/defergui.exe
O4 - HKLM\..\Run: [UserFaultCheck] %systemroot%\system32\dumprep 0 -u
O4 - HKCU\..\Run: [Rainlendar2] C:\Program Files\Rainlendar2\Rainlendar2.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [NetSP - restore settings on power failure] "C:\Program Files\AT&T Network Client\NetSP.exe" -show
O4 - HKUS\S-1-5-18\..\Run: [ctfmon.exe] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\Run: [Nokia.PCSync] C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\Run: [Picasa Media Detector] C:\Program Files\Picasa2\PicasaMediaDetector.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [ctfmon.exe] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Bluetooth.lnk = ?
O4 - Global Startup: Google Updater.lnk = C:\Program Files\Google\Google Updater\GoogleUpdater.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Send to &Bluetooth Device... - C:\Program Files\ThinkPad\Bluetooth Software\btsendto_ie_ctx.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\ThinkPad\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\ThinkPad\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: Software Installer - {D1A4DEBD-C2EE-449f-B9FB-E8409F9A0BC5} - C:\Program Files\Lenovo\PkgMgr\\PkgMgr.exe
O14 - IERESET.INF: START_PAGE_URL=http://w3.ibm.com
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/english/kavwebscan_unicode.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/microsoftupd...b?1189673667609
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupd...b?1189673660437
O16 - DPF: {9519B2A2-6592-4E41-8290-D0298459270C} (LNWebAssist Class) - http://w3.ibm.com/bluepages/scripts/lnwebassist.cab
O16 - DPF: {A4B28810-11A2-4956-82D1-B2DCBA4B2AFD} (gpwsx.plugin) - http://w3.ibm.com/tools/print/plugin/gpwsx.cab
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: SearchList = ibm.com
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: SearchList = ibm.com
O20 - Winlogon Notify: ACNotify - ACNotify.dll (file missing)
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Ac Profile Manager Service (AcPrfMgrSvc) - Lenovo - C:\Program Files\ThinkPad\ConnectUtilities\AcPrfMgrSvc.exe
O23 - Service: Atheros Configuration Service (acs) - Atheros - C:\WINDOWS\system32\acs.exe
O23 - Service: Access Connections Main Service (AcSvc) - Lenovo - C:\Program Files\ThinkPad\ConnectUtilities\AcSvc.exe
O23 - Service: AppnNode - IBM Corporation - C:\WINDOWS\system32\Drivers\appnnode.exe
O23 - Service: IBM Mobility Client Start Utility (artstartsvc) - Unknown owner - C:\Program Files\IBM\Mobility Client\artstartsvc.exe (file missing)
O23 - Service: BroadWave Service (BroadWaveService) - Unknown owner - C:\Program Files\NCH Swift Sound\BroadWave\broadwave.exe
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\ThinkPad\Bluetooth Software\bin\btwdins.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: IBM DCD Standard Client (DCDClient-ISSI) (DCDClient-ISSI) - Unknown owner - C:\Program Files\IBM\tivoli\dcd\client\ISSI\cds\CDSWinSrv.exe
O23 - Service: Symantec AntiVirus Definition Watcher (DefWatch) - Symantec Corporation - C:\Program Files\Symantec Client Security\Symantec AntiVirus\DefWatch.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: ThinkPad PM Service (IBMPMSVC) - Lenovo - C:\WINDOWS\system32\ibmpmsvc.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: ISAM SMT Service (ISAMsmt) - Unknown owner - C:\Program Files\C4ebreg\isamsmt.exe (file missing)
O23 - Service: IBM Standard Asset Manager Service (ISAMSvc) - IBM Corp. - C:\Program Files\C4ebreg\c4ebreg.exe
O23 - Service: ISSI EZUpdate (ISSIMon) - IBM Corp. - c:\sdwork\issimsvc.exe
O23 - Service: IS Service (ISSVC) - Symantec Corporation - C:\Program Files\Symantec Client Security\Symantec Client Firewall\ISSVC.exe
O23 - Service: IBM Enterprise Extender (ldlcserv) - IBM Corporation - C:\WINDOWS\system32\Drivers\ldlcserv.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: Multi-user Cleanup Service - IBM Corp - C:\notes\ntmulti.exe
O23 - Service: My Help (MyHelp) - Unknown owner - C:\Program Files\IBM\My Help\plugins\com.ibm.myhelp.installer\service\MyHelpService.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: Network Configuration Service (NetCfgSvr) - AT&T - C:\Program Files\AT&T Network Client\NetCfgSv.EXE
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
O23 - Service: SAVRoam (SavRoam) - Unknown owner - C:\Program Files\Symantec AntiVirus\SavRoam.exe (file missing)
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: System Update (SUService) - Lenovo Group Limited - c:\program files\lenovo\system update\suservice.exe
O23 - Service: Symantec AntiVirus - Symantec Corporation - C:\Program Files\Symantec Client Security\Symantec AntiVirus\Rtvscan.exe
O23 - Service: Symantec SecurePort (SymSecurePort) - Symantec Corporation - C:\Program Files\Symantec Client Security\Symantec Client Firewall\SymSPort.exe
O23 - Service: ThinkPad HDD APS Logging Service (TPHDEXLGSVC) - Lenovo. - C:\WINDOWS\System32\TPHDEXLG.exe
O23 - Service: IBM KCU Service (TpKmpSVC) - Unknown owner - C:\WINDOWS\system32\TpKmpSVC.exe
O23 - Service: IBM Trace Facility (TrcBoot) - IBM Corporation - C:\WINDOWS\system32\Drivers\trcboot.exe
O23 - Service: TVT Scheduler - Lenovo Group Limited - C:\Program Files\Common Files\Lenovo\Scheduler\tvtsched.exe
--
End of file - 16303 bytes
|
|
Hujo
Suspended permanently
|
21. maaliskuuta 2008 @ 14:37 |
Linkki tähän viestiin
|
1.Lataa combofix.exe työpöydällesi yhdestä linkistä:
combofix1
combofix2
2. Tuplaklikkaa combofix.exe tiedostoa ja seuraa ohjeistuksia.
3. Kun työkalu on valmis, se tuottaa lokin. Lähetä tämä loki viesti ketjuusi.
Huom! Älä klikkaile combofixin ikkunaa käytön aikana. Tämä saattaa aiheuttaa ohjelman jumiutumisen.
Voiko tietsikka koskaan toimia?
|
|
mixu66
Junior Member
|
21. maaliskuuta 2008 @ 19:16 |
Linkki tähän viestiin
|
ComboFix 08-03-20.5 - fi07628 2008-03-21 19:00:13.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.273 [GMT 2:00]
Running from: C:\Documents and Settings\Administrator\Desktop\ComboFix.exe
* Created a new restore point
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\WINDOWS\system32\x64
.
((((((((((((((((((((((((( Files Created from 2008-02-21 to 2008-03-21 )))))))))))))))))))))))))))))))
.
2008-03-20 12:13 . 2008-03-20 12:13 <DIR> d-------- C:\Program Files\CCleaner
2008-03-20 10:07 . 2008-03-20 10:07 <DIR> d-------- C:\WINDOWS\ERUNT
2008-03-18 01:01 . 2008-03-18 01:01 1,163,842 --a------ C:\FRAGLIST.HTM
2008-03-14 21:29 . 2008-03-14 21:29 <DIR> d-------- C:\Program Files\Prolific Publishing, Inc
2008-03-14 21:14 . 2008-03-14 21:27 <DIR> d-------- C:\Program Files\Kyodai Mahjongg
2008-03-11 22:00 . 2007-02-08 10:51 1,594,455 --a------ C:\WINDOWS\UnderWater v3.scr
2008-03-11 21:41 . 2008-03-11 21:41 <DIR> d-------- C:\WINDOWS\acezsoftware
2008-03-11 21:41 . 2008-03-11 21:41 <DIR> d-------- C:\Program Files\3D Cozy Fireplace Screen Saver 1.0
2008-03-11 21:41 . 2004-02-02 19:14 1,839,168 --a------ C:\WINDOWS\system32\truevision3d.dll
2008-03-11 21:41 . 2004-02-02 20:33 1,036,288 --a------ C:\WINDOWS\system32\tvutil62.dll
2008-03-11 21:41 . 2007-05-01 19:46 356,352 --a------ C:\WINDOWS\3D Cozy Fireplace.scr
2008-03-11 21:41 . 2004-02-02 20:26 253,952 --a------ C:\WINDOWS\system32\tvmedia.dll
2008-03-11 21:41 . 2008-03-11 21:43 207 --a------ C:\WINDOWS\acez3dfireplace.ini
2008-03-11 21:37 . 2008-03-11 22:03 91 --a------ C:\WINDOWS\Bridge.ini
2008-03-11 21:36 . 2008-02-03 04:08 2,439,559 --a------ C:\WINDOWS\Bridge.scr
2008-03-11 21:36 . 2008-02-04 12:43 103,742 --a------ C:\WINDOWS\Bridge_scr_prv.JPG
2008-03-11 21:34 . 2008-03-11 21:34 <DIR> d-------- C:\Program Files\DuoPixart
2008-03-11 21:34 . 2008-03-11 21:34 2,025,228 --a------ C:\WINDOWS\system32\Aquart.scr
2008-03-11 21:34 . 2007-11-12 01:32 1,884,228 --a------ C:\WINDOWS\AquartInstall.exe
2008-03-11 21:25 . 2008-03-11 23:00 91 --a------ C:\WINDOWS\Beach1.ini
2008-03-11 21:24 . 2008-02-29 15:36 3,232,347 --a------ C:\WINDOWS\Beach1.scr
2008-03-11 21:20 . 2008-03-11 21:21 91 --a------ C:\WINDOWS\ANOTHE~1.ini
2008-03-11 21:19 . 2007-11-29 20:00 843,690 --a------ C:\WINDOWS\another dream.scr
2008-03-04 15:12 . 2008-03-04 15:12 <DIR> d-------- C:\Documents and Settings\LocalService\Application Data\Talkback
2008-03-03 14:12 . 2008-03-03 14:12 <DIR> d--hsc--- C:\Program Files\Common Files\WindowsLiveInstaller
2008-02-27 13:57 . 2008-02-27 13:52 691,545 --a------ C:\WINDOWS\unins000.exe
2008-02-27 13:57 . 2008-02-27 13:57 2,552 --a------ C:\WINDOWS\unins000.dat
2008-02-25 18:35 . 2008-02-25 18:44 <DIR> d-------- C:\Program Files\DVDx
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2020-02-17 19:53 15,872 ----a-w C:\WINDOWS\system32\drivers\atmeltpm.sys
2014-05-15 03:06 1,354,620 ----a-w C:\WINDOWS\system32\drivers\ialmnt5.sys
2008-03-21 17:05 --------- d-----w C:\Program Files\C4ebreg
2008-03-21 12:41 --------- d-----w C:\Program Files\WST
2008-03-21 11:13 --------- d-----w C:\Documents and Settings\All Users\Application Data\Google Updater
2008-03-20 17:03 --------- d-----w C:\Program Files\AT&T Network Client
2008-03-20 10:19 --------- d-----w C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-03-20 08:49 --------- d-----w C:\Program Files\Common Files\Symantec Shared
2008-03-20 07:17 --------- d-----w C:\Documents and Settings\All Users\Application Data\Lavasoft
2008-03-18 07:01 --------- d-----w C:\Program Files\KeePass Password Safe
2008-03-03 12:10 --------- d-----w C:\Documents and Settings\All Users\Application Data\WLInstaller
2008-02-27 11:58 --------- d-----w C:\Program Files\Spybot - Search & Destroy
2008-02-10 14:42 --------- d-----w C:\Documents and Settings\Administrator\Application Data\GanymedeNet
2008-02-09 15:18 --------- d-----w C:\Program Files\ShockAero3D
2008-02-06 15:55 7,012 ------w C:\WINDOWS\system32\drivers\PMEMNT.SYS
2008-02-05 12:18 --------- d-----w C:\Program Files\InstallShield Installation Information
2008-01-31 10:35 --------- d-----w C:\Documents and Settings\Administrator\Application Data\ICAClient
2008-01-31 10:34 --------- d-----w C:\Program Files\Citrix
2008-01-31 09:58 --------- d-----w C:\Program Files\IBM
2008-01-31 06:33 --------- d-----w C:\Program Files\Microsoft Silverlight
2008-01-22 19:13 --------- d-----w C:\Program Files\Hardwood Spades
2008-01-21 12:15 --------- d-----w C:\Program Files\AT&T Network Client Install
2008-01-21 12:15 --------- d-----w C:\Documents and Settings\All Users\Application Data\AGNS
2007-11-05 08:42 55,944 ----a-w C:\Documents and Settings\Administrator\Application Data\GDIPFONTCACHEV1.DAT
2007-06-29 07:27 389,120 ----a-w C:\Documents and Settings\Administrator\stas75_20060810.0001.dll
.
((((((((((((((((((((((((((((((((((((((((((((( AWF ))))))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
----a-w 3,350 2008-03-19 14:46:51 C:\Program Files\IBM\tivoli\dcd\client\ISSI\bak\cds\ISXuninst1.bat.bak
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Rainlendar2"="C:\Program Files\Rainlendar2\Rainlendar2.exe" [2007-04-15 08:31 1291264]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 07:00 15360]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe" [2007-03-12 12:49 153136]
"MsnMsgr"="C:\Program Files\Windows Live\Messenger\MsnMsgr.exe" [2007-10-18 11:34 5724184]
"NetSP - restore settings on power failure"="C:\Program Files\AT&T Network Client\NetSP.exe" [2007-01-13 08:00 24576]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ISAM SMT Service"="C:\Program Files\C4ebreg\isamsmt.exe" [ ]
"ISAMTray"="C:\Program Files\C4ebreg\isamtray.exe" [2008-02-06 17:58 249856]
"stgclean"="c:\sdwork\w32main2.exe" [2008-03-06 10:55 271872]
"Tpam.exe"="C:\Program Files\IBM\Personal Communications\tpam.exe" [2005-09-06 11:07 28672]
"SoundMAXPnP"="C:\Program Files\Analog Devices\Core\smax4pnp.exe" [1951-09-05 01:20 925696]
"SynTPLpr"="C:\Program Files\Synaptics\SynTP\SynTPLpr.exe" [2007-08-11 01:30 110592]
"SynTPEnh"="C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" [2007-08-11 01:30 512000]
"TPHOTKEY"="C:\Program Files\Lenovo\HOTKEY\TPOSDSVC.exe" [2007-03-09 14:49 66176]
"PWRMGRTR"="C:\PROGRA~1\ThinkPad\UTILIT~1\PWRMGRTR.DLL" [2007-09-21 01:19 200704]
"BLOG"="C:\PROGRA~1\ThinkPad\UTILIT~1\BatLogEx.DLL" [2007-09-21 01:19 208896]
"ACTray"="C:\Program Files\ThinkPad\ConnectUtilities\ACTray.exe" [2007-07-05 14:58 413696]
"ACWLIcon"="C:\Program Files\ThinkPad\ConnectUtilities\ACWLIcon.exe" [2007-07-05 14:51 126976]
"TpShocks"="TpShocks.exe" [2007-09-28 13:28 181544 C:\WINDOWS\system32\TpShocks.exe]
"TP4EX"="tp4ex.exe" [2005-10-17 03:11 65536 C:\WINDOWS\system32\TP4EX.exe]
"TPKMAPHELPER"="C:\Program Files\ThinkPad\Utilities\TpKmapAp.exe" [2006-06-03 00:00 856064]
"ipmcmu"="c:\Program Files\IBM\IPM Client Migration Utility\ipmcmu.exe" [2007-07-10 08:12 204800]
"MyHelpService"="C:\Program Files\IBM\My Help\plugins\com.ibm.myhelp.installer\service\delayStart.exe" [2006-12-19 13:44 81920]
"PSQLLauncher"="C:\Program Files\Thinkvantage Fingerprint Software\launcher.exe" [ ]
"ISSI EZUpdate Service"="c:\sdwork\issimsvc.exe" [2008-02-25 08:54 211456]
"C4EBReg"="C:\Program Files\C4ebreg\c4ebreg.exe" [2008-02-06 17:58 372736]
"ccApp"="C:\Program Files\Common Files\Symantec Shared\ccApp.exe" [2006-07-19 21:26 52896]
"vptray"="C:\PROGRA~1\SYMANT~2\SYMANT~2\VPTray.exe" [2006-09-27 22:33 125168]
"BluetoothAuthenticationAgent"="bthprops.cpl" [2004-08-03 23:56 110592 C:\WINDOWS\system32\bthprops.cpl]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" [2007-09-25 01:11 132496]
"NeroFilterCheck"="C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe" [2007-03-09 17:53 153136]
"PCSuiteTrayApplication"="C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe" [2007-03-23 12:20 227328]
"IgfxTray"="C:\WINDOWS\system32\igfxtray.exe" [2007-08-09 16:32 135168]
"HotKeysCmds"="C:\WINDOWS\system32\hkcmd.exe" [2007-08-09 16:32 155648]
"Persistence"="C:\WINDOWS\system32\igfxpers.exe" [2007-08-09 16:32 131072]
"TVT Scheduler Proxy"="C:\Program Files\Common Files\Lenovo\Scheduler\scheduler_proxy.exe" [2007-08-01 11:07 540672]
"EZEJMNAP"="C:\PROGRA~1\ThinkPad\UTILIT~1\EzEjMnAp.Exe" [2007-04-27 02:33 243248]
"LPManager"="C:\PROGRA~1\THINKV~1\PrdCtr\LPMGR.exe" [2007-04-27 02:10 120368]
"Mouse Suite 98 Daemon"="ICO.EXE" [2003-11-20 14:08 57344 C:\WINDOWS\system32\ico.exe]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 22:16 39792]
"defergui"="c:/sdwork/defergui.exe" [2007-07-09 11:14 131072 c:\sdwork\defergui.exe]
"UserFaultCheck"="C:\WINDOWS\system32\dumprep 0 -u" [ ]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-04 07:00 15360]
"Nokia.PCSync"="C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe" [2007-03-27 14:58 1744896]
"Picasa Media Detector"="C:\Program Files\Picasa2\PicasaMediaDetector.exe" [2007-09-28 03:17 443968]
C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Bluetooth.lnk - C:\Program Files\ThinkPad\Bluetooth Software\BTTray.exe [2006-08-01 21:25:16 622653]
Google Updater.lnk - C:\Program Files\Google\Google Updater\GoogleUpdater.exe [2008-01-07 18:32:25 124400]
Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office10\OSA.EXE [2001-02-13 00:01:04 83360]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"NoStartMenuMFUprogramsList"= 0 (0x0)
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoDevMgrUpdate"= 1 (0x1)
"NoStartMenuMFUprogramsList"= 0 (0x0)
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\ACNotify]
ACNotify.dll 2007-07-05 14:52 32768 C:\Program Files\ThinkPad\ConnectUtilities\ACNotify.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\atmgrtok]
atmgrtok.dll 2005-09-06 11:07 53248 C:\Program Files\IBM\Personal Communications\atmgrtok.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\pcsinst]
pcsinst.dll 2005-09-06 20:43 49152 C:\WINDOWS\system32\pcsinst.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\tpfnf2]
C:\Program Files\Lenovo\HOTKEY\notifyf2.dll 2006-09-06 16:37 34344 C:\Program Files\Lenovo\HOTKEY\notifyf2.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\tphotkey]
C:\Program Files\Lenovo\HOTKEY\tphklock.dll 2006-12-14 11:06 28672 C:\Program Files\Lenovo\HOTKEY\tphklock.dll
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"UpdatesDisableNotify"=dword:00000001
"IBMconfig"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=
"%windir%\\system32\\sessmgr.exe"=
R0 Shockprf;Shockprf;C:\WINDOWS\system32\DRIVERS\Apsx86.sys [2007-09-28 16:29]
R0 TPDIGIMN;TPDIGIMN;C:\WINDOWS\system32\DRIVERS\ApsHM86.sys [2007-09-28 16:28]
R1 ANC;ANC;C:\WINDOWS\system32\drivers\ANC.SYS [2005-11-08 09:27]
R1 IBMTPCHK;IBMTPCHK;C:\WINDOWS\system32\Drivers\IBMBLDID.sys [2007-04-02 11:24]
R1 TPPWRIF;TPPWRIF;C:\WINDOWS\system32\drivers\Tppwrif.sys [2007-09-21 01:19]
R2 AppnApi;AppnApi;C:\WINDOWS\system32\drivers\appnapi.sys [2005-09-06 11:07]
R2 DCDClient-ISSI;IBM DCD Standard Client (DCDClient-ISSI);C:\Program Files\IBM\tivoli\dcd\client\ISSI\cds\CDSWinSrv.exe [2007-07-06 22:34]
R2 IBM_LLC2;IBM Personal Communications LLC2 Driver;C:\WINDOWS\system32\DRIVERS\llc2.sys [2005-09-06 11:07]
R2 ISAMSvc;IBM Standard Asset Manager Service;"C:\Program Files\C4ebreg\c4ebreg.exe" [2008-02-06 17:58]
R2 MyHelp;My Help;C:\Program Files\IBM\My Help\plugins\com.ibm.myhelp.installer\service\MyHelpService.exe [2006-12-11 10:48]
R2 NsTrcNT;NsTrcNT;C:\WINDOWS\system32\drivers\nstrcnt.sys [2005-09-06 11:07]
R2 pdlnctdl;Twinax CUT Adapter;C:\WINDOWS\system32\drivers\pdlnctdl.sys [2005-09-06 11:07]
R2 pdlndldl;IBM Enterprise Extender (HPR/IP);C:\WINDOWS\system32\drivers\pdlndldl.sys [2005-09-06 11:07]
R3 agnfilt;AGN Filter Interface;C:\WINDOWS\system32\DRIVERS\agnfilt.sys [2006-05-19 09:46]
R3 Anydlc;Anydlc;C:\WINDOWS\system32\drivers\anydlc.sys [2005-09-06 11:07]
R3 Appn;Appn;C:\WINDOWS\system32\drivers\appn.sys [2005-09-06 11:07]
R3 AppnBase;AppnBase;C:\WINDOWS\system32\drivers\AppnBase.sys [2005-09-06 11:07]
R3 KLOGNT;KLOGNT;C:\WINDOWS\system32\drivers\klognt.sys [2005-09-06 11:07]
R3 pdlnacom;PDLC Adapter -- COM;C:\WINDOWS\system32\drivers\pdlnacom.sys [2005-09-06 11:07]
R3 pdlnafac;PDLC Adapter Factory;C:\WINDOWS\system32\drivers\pdlnafac.sys [2005-09-06 11:07]
R3 pdlnatcm;Twinax Adapter Common;C:\WINDOWS\system32\drivers\pdlnatcm.sys [2005-09-06 11:07]
R3 pdlnatdl;Twinax Adapter;C:\WINDOWS\system32\drivers\pdlnatdl.sys [2005-09-06 11:07]
R3 pdlncbas;PDLC CxM Classes;C:\WINDOWS\system32\drivers\pdlncbas.sys [2005-09-06 11:07]
R3 pdlncfwk;PDLC Connection Manager;C:\WINDOWS\system32\drivers\pdlncfwk.sys [2005-09-06 11:07]
R3 pdlndint;PDLC DLC Classes;C:\WINDOWS\system32\drivers\pdlndint.sys [2005-09-06 11:07]
R3 pdlndlpb;PDLC LAPB;C:\WINDOWS\system32\drivers\pdlndlpb.sys [2005-09-06 11:07]
R3 pdlndoem;PDLC OEM Interface;C:\WINDOWS\system32\drivers\pdlndoem.sys [2005-09-06 11:07]
R3 pdlndqll;PDLC QLLC;C:\WINDOWS\system32\drivers\pdlndqll.sys [2005-09-06 11:07]
R3 pdlndsdl;PDLC SDLC;C:\WINDOWS\system32\drivers\pdlndsdl.sys [2005-09-06 11:07]
R3 pdlndtdl;Twinax DLC;C:\WINDOWS\system32\drivers\pdlndtdl.sys [2005-09-06 11:07]
R3 pdlnebas;PDLC Environment;C:\WINDOWS\system32\drivers\pdlnebas.sys [2005-09-06 11:07]
R3 pdlnecfg;PDLC Configuration;C:\WINDOWS\system32\drivers\pdlnecfg.sys [2005-09-06 11:07]
R3 pdlnemap;PDLC Mapper;C:\WINDOWS\system32\drivers\pdlnemap.sys [2005-09-06 11:07]
R3 pdlnemsg;PDLC Message Driver;C:\WINDOWS\system32\drivers\pdlnemsg.sys [2005-09-06 11:07]
R3 pdlnepkt;PDLC Buffer Manager;C:\WINDOWS\system32\drivers\pdlnepkt.sys [2005-09-06 11:07]
R3 pdlnshay;PDLC Hayes At signalling;C:\WINDOWS\system32\drivers\pdlnshay.sys [2005-09-06 11:07]
R3 pdlnslea;PDLC SDLC Leased;C:\WINDOWS\system32\drivers\pdlnslea.sys [2005-09-06 11:07]
R3 pdlnsv25;PDLC V25bis signalling;C:\WINDOWS\system32\drivers\pdlnsv25.sys [2005-09-06 11:07]
R3 pdlnsx25;PDLC X.25;C:\WINDOWS\system32\drivers\pdlnsx25.sys [2005-09-06 11:07]
R3 WSIMD;wsimd Service;C:\WINDOWS\system32\DRIVERS\wsimd.sys [2007-07-03 18:46]
S2 artstartsvc;IBM Mobility Client Start Utility;C:\Program Files\IBM\Mobility Client\artstartsvc.exe []
S3 avpnnic;AGN Virtual Network Adapter;C:\WINDOWS\system32\DRIVERS\avpnnic.sys [2003-04-04 12:48]
S3 BroadWaveService;BroadWave Service;"C:\Program Files\NCH Swift Sound\BroadWave\broadwave.exe" -service []
S3 gwiopm;gwiopm;C:\Program Files\wst\gwiopm.sys []
S3 pelmouse;Mouse Suite Driver;C:\WINDOWS\system32\DRIVERS\pelmouse.sys [2003-01-10 13:55]
S3 pelusblf;USB Mouse Low Filter Driver;C:\WINDOWS\system32\DRIVERS\pelusblf.sys [2003-02-11 13:25]
S3 ultradfg;ultradfg;C:\WINDOWS\system32\DRIVERS\ultradfg.sys [2007-08-03 13:37]
S3 wcndis;Mobility Client Virtual Miniport;C:\WINDOWS\system32\DRIVERS\wcndis.sys [2006-01-30 09:05]
S4 agnwifi;AT&T Wi-Fi Support Driver;C:\WINDOWS\system32\DRIVERS\agnwifi.sys [2004-04-29 17:19]
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{ab7dacee-9e5b-11dc-afe0-00197e2586b3}]
\Shell\AutoRun\command - E:\LaunchU3.exe -a
.
Contents of the 'Scheduled Tasks' folder
"2008-03-21 17:08:06 C:\WINDOWS\Tasks\PMTask.job"
- C:\PROGRA~1\ThinkPad\UTILIT~1\PWMIDTSK.EXE
.
**************************************************************************
catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-03-21 19:07:59
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------
PROCESS: C:\WINDOWS\system32\winlogon.exe
-> C:\Program Files\Lenovo\HOTKEY\tphklock.dll
.
------------------------ Other Running Processes ------------------------
.
C:\WINDOWS\system32\ibmpmsvc.exe
C:\Program Files\ThinkPad\Bluetooth Software\bin\btwdins.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
C:\Program Files\Symantec Client Security\Symantec Client Firewall\ISSVC.exe
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\system32\Drivers\trcboot.exe
C:\Program Files\IBM\Personal Communications\PCS_AGNT.EXE
C:\Program Files\ThinkPad\ConnectUtilities\AcPrfMgrSvc.exe
C:\WINDOWS\system32\acs.exe
C:\Program Files\Symantec Client Security\Symantec AntiVirus\DefWatch.exe
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\notes\ntmulti.exe
C:\Program Files\AT&T Network Client\NetCfgSv.EXE
c:\program files\lenovo\system update\suservice.exe
C:\WINDOWS\system32\cmd.exe
C:\Program Files\Symantec Client Security\Symantec AntiVirus\Rtvscan.exe
C:\Program Files\Symantec Client Security\Symantec Client Firewall\SymSPort.exe
C:\WINDOWS\System32\TPHDEXLG.exe
C:\WINDOWS\system32\TpKmpSVC.exe
C:\Program Files\Common Files\Lenovo\Scheduler\tvtsched.exe
C:\Program Files\ThinkPad\ConnectUtilities\AcSvc.exe
C:\WINDOWS\system32\Drivers\ldlcserv.exe
C:\Program Files\IBM\tivoli\dcd\client\ISSI\_jvm\jre\bin\java.exe
C:\Program Files\ThinkPad\ConnectUtilities\SvcGuiHlpr.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Lenovo\HOTKEY\TPONSCR.exe
C:\Program Files\Lenovo\PkgMgr\HOTKEY_1\TpScrex.exe
C:\WINDOWS\system32\rundll32.exe
.
**************************************************************************
.
Completion time: 2008-03-21 19:12:31 - machine was rebooted
ComboFix2.txt 2007-06-25 19:07:13
|
|
Hujo
Suspended permanently
|
21. maaliskuuta 2008 @ 19:19 |
Linkki tähän viestiin
|
Ohje AVG:n Anti-Spyware 7.5:n käyttöön
Huom! Tässä ohjeessa sammutetaan tuo reaaliaikasuojaus (Shield). Näin vältetään tilanteet joissa suojaus estäisi esim HijackThis:n työkalun toimintaa.
Tallenna nämä ohjeet tekstitiedostoon tai tulosta nämä, muuten et pääse niihin käsiksi vikasietotilasta
Lataa AVG:n Anti-Spyware 7.5:n
ja tallenna ohjelma työpöydällesi.
o Kun olet ladannut ohjelman, kaksoisklikkaa asennuohjelman pikakuvaketta työpöydälläsi, asennus alkaa.
o Asennuksen jälkeen täytyy ohjelma käynnistää ja sen tunnisteet päivittää.
o Käynnistä AVG:n Anti-Spyware.
o Klikkaa "Update" kuvaketta päävalikossa. Sen jälkeen klikkaa "Update now" painiketta.
o Sitten klikkaa "Start Update" kuvaketta jolloin päivitys alkaa.
o Kun päivitykset on ladattu, klikkaa "Scanner" kuvaketta ikkunan ylälaidassa. Valitse sitten "Settings" välilehti.
o Kun "Settings" valikko on auennut, klikkaa "Recommended actions" ja sitten valitse "Quarantine".
o Sitten "Reports" valikon alta:
o Laita täppi kohtaan "Automatically generate report after every scan"
o Ota täppi pois kohdasta"Only if threats were found"
o Sitten klikkaa "Shield" kuvaketta ikkunan ylälaidassa
o "Resident shield is", muuta tila active:sta inactive:ksi
o Sulje ohjelma, ÄLÄ skannaa vielä.
Käynnistä koneesi vikasietotilaan,
sammuta ja käynnistä
käynnistyksen yhteydessä naputtele F8
valitse nuoli näppäimellä vikasietotila
paina enter ja enter
Toisissa koneissa paukutetaan F8:sin sijasta F5:tä
HUOM! Älä käytä muita ohjelmia AVG:n skannauksen aikana, tämä saattaa häiritä skannausta.
o Kun vikasietotilassa, käynnistä AVG:n Anti-Spyware.
o Klikkaa "Scanner" kuvaketta ikkunan ylälaidassa ja valitse "Scan" välilehti. Sitten klikkaa "Complete System Scan".
o Ewido aloittaa nyt tietokoneen skannaamisen, ole kärsivällinen sillä skannaus vie aikaa.
Kun skannaus on valmis:
TÄRKEÄÄ : Älä klikkaa "Save Scan Report" ennen kuin klikkaat "Apply all Actions"
o Varmistu, että Set all elements to: näyttää Quarantine (1), jos ei, klikkaa linkkiä ja valitse Quarantine popup-valikosta.
o Sinulta kysytään mitä tehdä jos infektioita löytyi, valitse silloin "Apply all actions"
o Sitten klikkaa "Reports" kuvaketta ohjelma yläosasta.
o Klikkaa "Save report as" painiketta ikkunan vasemmassa alalaidassa ja tallenna raportti työpöydälle.
o Sulje ohjelma, käynnistä kone normaalisti ja lähetä AVG:n raportti viestikejuusi.
Voiko tietsikka koskaan toimia?
|
|
mixu66
Junior Member
|
21. maaliskuuta 2008 @ 20:46 |
Linkki tähän viestiin
|
---------------------------------------------------------
AVG Anti-Spyware - Scan Report
---------------------------------------------------------
+ Created at: 20:30:20 21.3.2008
+ Scan result:
:mozilla.156:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\hq5hcnl9.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.157:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\hq5hcnl9.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.200:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\hq5hcnl9.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.212:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\hq5hcnl9.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.213:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\hq5hcnl9.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.161:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\hq5hcnl9.default\cookies.txt -> TrackingCookie.Adbrite : Cleaned.
:mozilla.162:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\hq5hcnl9.default\cookies.txt -> TrackingCookie.Adbrite : Cleaned.
:mozilla.163:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\hq5hcnl9.default\cookies.txt -> TrackingCookie.Adbrite : Cleaned.
:mozilla.123:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\hq5hcnl9.default\cookies.txt -> TrackingCookie.Adtech : Cleaned.
:mozilla.91:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\hq5hcnl9.default\cookies.txt -> TrackingCookie.Advertising : Cleaned.
:mozilla.92:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\hq5hcnl9.default\cookies.txt -> TrackingCookie.Advertising : Cleaned.
:mozilla.93:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\hq5hcnl9.default\cookies.txt -> TrackingCookie.Advertising : Cleaned.
:mozilla.94:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\hq5hcnl9.default\cookies.txt -> TrackingCookie.Advertising : Cleaned.
C:\Documents and Settings\Administrator\Cookies\fi07628@advertising[2].txt -> TrackingCookie.Advertising : Cleaned.
:mozilla.170:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\hq5hcnl9.default\cookies.txt -> TrackingCookie.Atdmt : Cleaned.
C:\Documents and Settings\Administrator\Cookies\fi07628@atdmt[2].txt -> TrackingCookie.Atdmt : Cleaned.
:mozilla.84:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\hq5hcnl9.default\cookies.txt -> TrackingCookie.Doubleclick : Cleaned.
:mozilla.274:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\hq5hcnl9.default\cookies.txt -> TrackingCookie.Etracker : Cleaned.
:mozilla.164:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\hq5hcnl9.default\cookies.txt -> TrackingCookie.Euroclick : Cleaned.
:mozilla.165:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\hq5hcnl9.default\cookies.txt -> TrackingCookie.Euroclick : Cleaned.
:mozilla.277:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\hq5hcnl9.default\cookies.txt -> TrackingCookie.Googleadservices : Cleaned.
:mozilla.190:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\hq5hcnl9.default\cookies.txt -> TrackingCookie.Imrworldwide : Cleaned.
:mozilla.191:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\hq5hcnl9.default\cookies.txt -> TrackingCookie.Imrworldwide : Cleaned.
:mozilla.193:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\hq5hcnl9.default\cookies.txt -> TrackingCookie.Intelli-direct : Cleaned.
:mozilla.10:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\hq5hcnl9.default\cookies.txt -> TrackingCookie.Netflame : Cleaned.
:mozilla.168:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\hq5hcnl9.default\cookies.txt -> TrackingCookie.Planetactive : Cleaned.
:mozilla.221:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\hq5hcnl9.default\cookies.txt -> TrackingCookie.Revsci : Cleaned.
:mozilla.222:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\hq5hcnl9.default\cookies.txt -> TrackingCookie.Revsci : Cleaned.
:mozilla.223:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\hq5hcnl9.default\cookies.txt -> TrackingCookie.Revsci : Cleaned.
:mozilla.224:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\hq5hcnl9.default\cookies.txt -> TrackingCookie.Revsci : Cleaned.
:mozilla.225:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\hq5hcnl9.default\cookies.txt -> TrackingCookie.Revsci : Cleaned.
:mozilla.65:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\hq5hcnl9.default\cookies.txt -> TrackingCookie.Serving-sys : Cleaned.
:mozilla.69:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\hq5hcnl9.default\cookies.txt -> TrackingCookie.Serving-sys : Cleaned.
:mozilla.70:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\hq5hcnl9.default\cookies.txt -> TrackingCookie.Serving-sys : Cleaned.
:mozilla.71:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\hq5hcnl9.default\cookies.txt -> TrackingCookie.Serving-sys : Cleaned.
:mozilla.72:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\hq5hcnl9.default\cookies.txt -> TrackingCookie.Serving-sys : Cleaned.
:mozilla.73:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\hq5hcnl9.default\cookies.txt -> TrackingCookie.Serving-sys : Cleaned.
:mozilla.75:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\hq5hcnl9.default\cookies.txt -> TrackingCookie.Serving-sys : Cleaned.
:mozilla.26:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\hq5hcnl9.default\cookies.txt -> TrackingCookie.Statistik-gallup : Cleaned.
C:\Documents and Settings\Administrator\Cookies\fi07628@statistik-gallup[1].txt -> TrackingCookie.Statistik-gallup : Cleaned.
:mozilla.23:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\hq5hcnl9.default\cookies.txt -> TrackingCookie.Tradedoubler : Cleaned.
:mozilla.24:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\hq5hcnl9.default\cookies.txt -> TrackingCookie.Tradedoubler : Cleaned.
:mozilla.25:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\hq5hcnl9.default\cookies.txt -> TrackingCookie.Tradedoubler : Cleaned.
:mozilla.149:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\hq5hcnl9.default\cookies.txt -> TrackingCookie.Tribalfusion : Cleaned.
:mozilla.246:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\hq5hcnl9.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned.
:mozilla.247:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\hq5hcnl9.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned.
:mozilla.248:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\hq5hcnl9.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned.
:mozilla.249:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\hq5hcnl9.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned.
::Report end
|
|
Hujo
Suspended permanently
|
21. maaliskuuta 2008 @ 21:22 |
Linkki tähän viestiin
|
|
scannaa hjt:n loki uusi
Voiko tietsikka koskaan toimia?
|
|
mixu66
Junior Member
|
21. maaliskuuta 2008 @ 21:32 |
Linkki tähän viestiin
|
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 21:31:05, on 21.3.2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\ibmpmsvc.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\ThinkPad\Bluetooth Software\bin\btwdins.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
C:\Program Files\Symantec Client Security\Symantec Client Firewall\ISSVC.exe
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\Drivers\trcboot.exe
C:\Program Files\IBM\Personal Communications\PCS_AGNT.EXE
C:\Program Files\ThinkPad\ConnectUtilities\AcPrfMgrSvc.exe
C:\WINDOWS\system32\acs.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\IBM\tivoli\dcd\client\ISSI\cds\CDSWinSrv.exe
C:\Program Files\Symantec Client Security\Symantec AntiVirus\DefWatch.exe
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\Program Files\C4ebreg\c4ebreg.exe
c:\sdwork\issimsvc.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\notes\ntmulti.exe
C:\Program Files\AT&T Network Client\NetCfgSv.EXE
C:\WINDOWS\system32\cmd.exe
C:\WINDOWS\system32\svchost.exe
c:\program files\lenovo\system update\suservice.exe
C:\Program Files\Symantec Client Security\Symantec AntiVirus\Rtvscan.exe
C:\Program Files\Symantec Client Security\Symantec Client Firewall\SymSPort.exe
C:\WINDOWS\System32\TPHDEXLG.exe
C:\WINDOWS\system32\TpKmpSVC.exe
C:\Program Files\Common Files\Lenovo\Scheduler\tvtsched.exe
C:\WINDOWS\system32\Drivers\ldlcserv.exe
C:\Program Files\ThinkPad\ConnectUtilities\AcSvc.exe
C:\Program Files\IBM\tivoli\dcd\client\ISSI\_jvm\jre\bin\java.exe
C:\Program Files\ThinkPad\ConnectUtilities\SvcGuiHlpr.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\C4ebreg\isamtray.exe
C:\Program Files\IBM\Personal Communications\tpam.exe
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Lenovo\HOTKEY\TPOSDSVC.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\ThinkPad\ConnectUtilities\ACTray.exe
C:\Program Files\ThinkPad\ConnectUtilities\ACWLIcon.exe
C:\WINDOWS\system32\TpShocks.exe
C:\Program Files\IBM\IPM Client Migration Utility\ipmcmu.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Lenovo\HOTKEY\TPONSCR.exe
C:\Program Files\Lenovo\PkgMgr\HOTKEY_1\TpScrex.exe
C:\PROGRA~1\SYMANT~2\SYMANT~2\VPTray.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe
C:\WINDOWS\system32\hkcmd.exe
C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
C:\WINDOWS\system32\igfxpers.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\Program Files\Common Files\Lenovo\Scheduler\scheduler_proxy.exe
C:\PROGRA~1\ThinkPad\UTILIT~1\EzEjMnAp.Exe
C:\PROGRA~1\THINKV~1\PrdCtr\LPMGR.exe
C:\WINDOWS\system32\ICO.EXE
C:\WINDOWS\system32\FSRremoS.EXE
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\Program Files\Rainlendar2\Rainlendar2.exe
C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe
C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe
C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
C:\Program Files\ThinkPad\Bluetooth Software\BTTray.exe
C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe
C:\Program Files\Google\Google Updater\GoogleUpdater.exe
C:\Program Files\PC Connectivity Solution\NclBTHandler.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\IBM\My Help\MyHelp.exe
C:\Program Files\IBM\My Help\jre\bin\myhelpw.exe
C:\HJT\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://w3.ibm.com/jct03001pt/wps/myportal
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://w3.ibm.com/download/standardsoftware/
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = ftp=proxy.emea.ibm.com:8080;gopher=proxy.emea.ibm.com:8080;http=proxy.emea.ibm.com:8080;https=proxy.emea.ibm.com:8080
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = http://158.98.130.99/;https://9.134.127.86:950/;<local>
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.1.1119.1736\swg.dll
O4 - HKLM\..\Run: [ISAM SMT Service] "C:\Program Files\C4ebreg\isamsmt.exe"
O4 - HKLM\..\Run: [ISAMTray] "C:\Program Files\C4ebreg\isamtray.exe"
O4 - HKLM\..\Run: [stgclean] c:\sdwork\w32main2.exe /cleanup
O4 - HKLM\..\Run: [Tpam.exe] "C:\Program Files\IBM\Personal Communications\tpam.exe"
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [TPHOTKEY] C:\Program Files\Lenovo\HOTKEY\TPOSDSVC.exe
O4 - HKLM\..\Run: [PWRMGRTR] rundll32 C:\PROGRA~1\ThinkPad\UTILIT~1\PWRMGRTR.DLL,PwrMgrBkGndMonitor
O4 - HKLM\..\Run: [BLOG] rundll32 C:\PROGRA~1\ThinkPad\UTILIT~1\BatLogEx.DLL,StartBattLog
O4 - HKLM\..\Run: [ACTray] C:\Program Files\ThinkPad\ConnectUtilities\ACTray.exe
O4 - HKLM\..\Run: [ACWLIcon] C:\Program Files\ThinkPad\ConnectUtilities\ACWLIcon.exe
O4 - HKLM\..\Run: [TpShocks] TpShocks.exe
O4 - HKLM\..\Run: [TP4EX] tp4ex.exe
O4 - HKLM\..\Run: [TPKMAPHELPER] C:\Program Files\ThinkPad\Utilities\TpKmapAp.exe -helper
O4 - HKLM\..\Run: [ipmcmu] c:\Program Files\IBM\IPM Client Migration Utility\ipmcmu.exe "c:\Program Files\IBM\IPM Client Migration Utility"
O4 - HKLM\..\Run: [MyHelpService] "C:\Program Files\IBM\My Help\plugins\com.ibm.myhelp.installer\service\delayStart.exe"
O4 - HKLM\..\Run: [PSQLLauncher] "C:\Program Files\Thinkvantage Fingerprint Software\launcher.exe" /startup
O4 - HKLM\..\Run: [ISSI EZUpdate Service] "c:\sdwork\issimsvc.exe"
O4 - HKLM\..\Run: [C4EBReg] "C:\Program Files\C4ebreg\c4ebreg.exe" /q
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~2\SYMANT~2\VPTray.exe
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [PCSuiteTrayApplication] C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe -startup
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [TVT Scheduler Proxy] C:\Program Files\Common Files\Lenovo\Scheduler\scheduler_proxy.exe
O4 - HKLM\..\Run: [EZEJMNAP] C:\PROGRA~1\ThinkPad\UTILIT~1\EzEjMnAp.Exe
O4 - HKLM\..\Run: [LPManager] C:\PROGRA~1\THINKV~1\PrdCtr\LPMGR.exe
O4 - HKLM\..\Run: [Mouse Suite 98 Daemon] ICO.EXE
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [defergui] c:/sdwork/defergui.exe
O4 - HKLM\..\Run: [UserFaultCheck] %systemroot%\system32\dumprep 0 -u
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKCU\..\Run: [Rainlendar2] C:\Program Files\Rainlendar2\Rainlendar2.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [NetSP - restore settings on power failure] "C:\Program Files\AT&T Network Client\NetSP.exe" -show
O4 - HKUS\S-1-5-18\..\Run: [ctfmon.exe] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\Run: [Nokia.PCSync] C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\Run: [Picasa Media Detector] C:\Program Files\Picasa2\PicasaMediaDetector.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [ctfmon.exe] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Bluetooth.lnk = ?
O4 - Global Startup: Google Updater.lnk = C:\Program Files\Google\Google Updater\GoogleUpdater.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Send to &Bluetooth Device... - C:\Program Files\ThinkPad\Bluetooth Software\btsendto_ie_ctx.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\ThinkPad\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\ThinkPad\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: Software Installer - {D1A4DEBD-C2EE-449f-B9FB-E8409F9A0BC5} - C:\Program Files\Lenovo\PkgMgr\\PkgMgr.exe
O14 - IERESET.INF: START_PAGE_URL=http://w3.ibm.com
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/english/kavwebscan_unicode.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/microsoftupd...b?1189673667609
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupd...b?1189673660437
O16 - DPF: {9519B2A2-6592-4E41-8290-D0298459270C} (LNWebAssist Class) - http://w3.ibm.com/bluepages/scripts/lnwebassist.cab
O16 - DPF: {A4B28810-11A2-4956-82D1-B2DCBA4B2AFD} (gpwsx.plugin) - http://w3.ibm.com/tools/print/plugin/gpwsx.cab
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: SearchList = ibm.com
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: SearchList = ibm.com
O20 - Winlogon Notify: ACNotify - ACNotify.dll (file missing)
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Ac Profile Manager Service (AcPrfMgrSvc) - Lenovo - C:\Program Files\ThinkPad\ConnectUtilities\AcPrfMgrSvc.exe
O23 - Service: Atheros Configuration Service (acs) - Atheros - C:\WINDOWS\system32\acs.exe
O23 - Service: Access Connections Main Service (AcSvc) - Lenovo - C:\Program Files\ThinkPad\ConnectUtilities\AcSvc.exe
O23 - Service: AppnNode - IBM Corporation - C:\WINDOWS\system32\Drivers\appnnode.exe
O23 - Service: IBM Mobility Client Start Utility (artstartsvc) - Unknown owner - C:\Program Files\IBM\Mobility Client\artstartsvc.exe (file missing)
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: BroadWave Service (BroadWaveService) - Unknown owner - C:\Program Files\NCH Swift Sound\BroadWave\broadwave.exe
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\ThinkPad\Bluetooth Software\bin\btwdins.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: IBM DCD Standard Client (DCDClient-ISSI) (DCDClient-ISSI) - Unknown owner - C:\Program Files\IBM\tivoli\dcd\client\ISSI\cds\CDSWinSrv.exe
O23 - Service: Symantec AntiVirus Definition Watcher (DefWatch) - Symantec Corporation - C:\Program Files\Symantec Client Security\Symantec AntiVirus\DefWatch.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: ThinkPad PM Service (IBMPMSVC) - Lenovo - C:\WINDOWS\system32\ibmpmsvc.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: ISAM SMT Service (ISAMsmt) - Unknown owner - C:\Program Files\C4ebreg\isamsmt.exe (file missing)
O23 - Service: IBM Standard Asset Manager Service (ISAMSvc) - IBM Corp. - C:\Program Files\C4ebreg\c4ebreg.exe
O23 - Service: ISSI EZUpdate (ISSIMon) - IBM Corp. - c:\sdwork\issimsvc.exe
O23 - Service: IS Service (ISSVC) - Symantec Corporation - C:\Program Files\Symantec Client Security\Symantec Client Firewall\ISSVC.exe
O23 - Service: IBM Enterprise Extender (ldlcserv) - IBM Corporation - C:\WINDOWS\system32\Drivers\ldlcserv.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: Multi-user Cleanup Service - IBM Corp - C:\notes\ntmulti.exe
O23 - Service: My Help (MyHelp) - Unknown owner - C:\Program Files\IBM\My Help\plugins\com.ibm.myhelp.installer\service\MyHelpService.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: Network Configuration Service (NetCfgSvr) - AT&T - C:\Program Files\AT&T Network Client\NetCfgSv.EXE
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
O23 - Service: SAVRoam (SavRoam) - Unknown owner - C:\Program Files\Symantec AntiVirus\SavRoam.exe (file missing)
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: System Update (SUService) - Lenovo Group Limited - c:\program files\lenovo\system update\suservice.exe
O23 - Service: Symantec AntiVirus - Symantec Corporation - C:\Program Files\Symantec Client Security\Symantec AntiVirus\Rtvscan.exe
O23 - Service: Symantec SecurePort (SymSecurePort) - Symantec Corporation - C:\Program Files\Symantec Client Security\Symantec Client Firewall\SymSPort.exe
O23 - Service: ThinkPad HDD APS Logging Service (TPHDEXLGSVC) - Lenovo. - C:\WINDOWS\System32\TPHDEXLG.exe
O23 - Service: IBM KCU Service (TpKmpSVC) - Unknown owner - C:\WINDOWS\system32\TpKmpSVC.exe
O23 - Service: IBM Trace Facility (TrcBoot) - IBM Corporation - C:\WINDOWS\system32\Drivers\trcboot.exe
O23 - Service: TVT Scheduler - Lenovo Group Limited - C:\Program Files\Common Files\Lenovo\Scheduler\tvtsched.exe
--
End of file - 16725 bytes
|
|
Hujo
Suspended permanently
|
21. maaliskuuta 2008 @ 21:39 |
Linkki tähän viestiin
|
Voiko tietsikka koskaan toimia?
Viestiä on muokattu lähettämisen jälkeen. Viimeisin muokkaus 21. maaliskuuta 2008 @ 21:44
|
|
mixu66
Junior Member
|
21. maaliskuuta 2008 @ 22:51 |
Linkki tähän viestiin
|
|
Nuo urlit on duunin intranettiin, siellä käytän IEtä pelkästään.
Netti on Elisan tarjooma.
|
|
Hujo
Suspended permanently
|
21. maaliskuuta 2008 @ 22:58 |
Linkki tähän viestiin
|
|
Ok..
fixsaa tuo pois
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
Voiko tietsikka koskaan toimia?
|
|
Mainos
|
|
|
|
mixu66
Junior Member
|
22. maaliskuuta 2008 @ 08:45 |
Linkki tähän viestiin
|
|
No niin, tehty.
Olikos se sit siinä.
ISO KIITOS SINULE.
|
|
