|
|
|
Keskustelualueet
Keskustelualueet
|
|
|
MSN-virus hjt-logi. Olen jo tehnyt kaikkeni...
|
|
|
Iivu
Newbie
|
31. toukokuuta 2008 @ 10:56 |
Linkki tähän viestiin
|
Moi,
Luin tällä foorumilla olevaa viestiketjua, ja olen jo ohjeiden mukaan käyttänyt combofixiä ja poistanut winudspm:n hijackthis-ohjeiden avulla. Alla logi tuon poiston jälkeen. Mun on tosi tärkeää saada kone puhtaaksi, Auttakee gurut PLS ja tulkitkaa tuo mulle!
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 10:50:42 AM, on 5/31/2008
Platform: Windows Vista (WinNT 6.00.1904)
MSIE: Internet Explorer v7.00 (7.00.6000.16643)
Boot mode: Normal
Running processes:
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Lenovo\PM Driver\PMHandler.exe
C:\Program Files\Lenovo\HOTKEY\TpWAudAp.exe
C:\Windows\RtHDVCpl.exe
C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
C:\Program Files\ThinkPad\ConnectUtilities\ACWLIcon.exe
C:\Windows\Samsung\PanelMgr\SSMMgr.exe
C:\Program Files\Common Files\Lenovo\Scheduler\scheduler_proxy.exe
C:\Program Files\Lenovo\NPDIRECT\tpfnf7sp.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
C:\Program Files\Lenovo\Bluetooth Software\BTTray.exe
C:\Program Files\Logitech\SetPoint\SetPoint.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\Lenovo\Bluetooth Software\BtStackServer.exe
C:\Program Files\Common Files\Logitech\KhalShared\KHALMNPR.EXE
C:\Program Files\Diskeeper Corporation\Diskeeper\DkIcon.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://lenovo.live.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://g.msn.fi/0SEFIFI/SAOS01?FORM=TOOLBR
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: Adobe PDF Reader -linkkiavustaja - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {1E8A6170-7264-4D0F-BEAE-D42A53123C75} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\1.5\NppBho.dll
O2 - BHO: (no name) - {39C8D2C2-B53A-4134-97E5-6EF45C13FC99} - C:\Windows\system32\jkkJabbY.dll (file missing)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: Windows Liven kirjautumisapuohjelma - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - c:\Program Files\Windows Live Toolbar\msntb.dll
O2 - BHO: ThinkVantage Password Manager - {F040E541-A427-4CF7-85D8-75E3E0F476C5} - C:\Program Files\Lenovo\Client Security Solution\tvtpwm_ie_com.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - c:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: (no name) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - (no file)
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [PMHandler] C:\PROGRA~1\Lenovo\PMDRIV~1\PMHandler.exe
O4 - HKLM\..\Run: [TPWAUDAP] C:\Program Files\Lenovo\HOTKEY\TpWAudAp.exe
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [DiskeeperSystray] "C:\Program Files\Diskeeper Corporation\Diskeeper\DkIcon.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKLM\..\Run: [ACWLIcon] C:\Program Files\ThinkPad\ConnectUtilities\ACWLIcon.exe
O4 - HKLM\..\Run: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [Samsung PanelMgr] C:\Windows\Samsung\PanelMgr\SSMMgr.exe /autorun
O4 - HKLM\..\Run: [FingerPrintSoftware] "C:\Program Files\Lenovo Fingerprint Software\fpapp.exe" \s
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Windows\system32\NeroCheck.exe
O4 - HKLM\..\Run: [TVT Scheduler Proxy] C:\Program Files\Common Files\Lenovo\Scheduler\scheduler_proxy.exe
O4 - HKLM\..\Run: [TPFNF7] C:\PROGRA~1\Lenovo\NPDIRECT\TPFNF7SP.exe /r
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [NvSvc] RUNDLL32.EXE C:\Windows\system32\nvsvc.dll,nvsvcStart
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Symantec PIF AlertEng] "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /a /m "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\AlertEng.dll"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [Windows svchost] service.exe
O4 - HKLM\..\Run: [Windows UDP Control Center] winudpmgr.exe
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-21-3075153018-759099659-2898441012-1004\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun (User 'postgres')
O4 - HKUS\S-1-5-18\..\Run: [Nokia.PCSync] C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [Nokia.PCSync] C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog (User 'Default user')
O4 - Global Startup: Bluetooth.lnk = ?
O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\SetPoint.exe
O8 - Extra context menu item: &Windows Live Search - res://c:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Send image to &Bluetooth Device... - C:\Program Files\Lenovo\Bluetooth Software\btsendto_ie_ctx.htm
O8 - Extra context menu item: Send page to &Bluetooth Device... - C:\Program Files\Lenovo\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: (no name) - {0045D4BC-5189-4b67-969C-83BB1906C421} - C:\Program Files\Lenovo\Client Security Solution\tvtpwm_ie_com.dll
O9 - Extra 'Tools' menuitem: ThinkVantage Password Manager... - {0045D4BC-5189-4b67-969C-83BB1906C421} - C:\Program Files\Lenovo\Client Security Solution\tvtpwm_ie_com.dll
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: BetOnBet Poker - {2B936D2B-EDD7-405f-9057-3685BE897E62} - C:\Microgaming\Poker\betonbetMPP\MPPoker.exe
O9 - Extra button: PokerStars - {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - C:\Program Files\PokerStars\PokerStarsUpdate.exe
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Programs\PartyGaming\PartyPoker\RunApp.exe
O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Programs\PartyGaming\PartyPoker\RunApp.exe
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\Lenovo\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\Lenovo\Bluetooth Software\btsendto_ie.htm
O13 - Gopher Prefix:
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/sh...ash/swflash.cab
O16 - DPF: {D821DC4A-0814-435E-9820-661C543A4679} (CRLDownloadWrapper Class) - http://drmlicense.one.microsoft.com/crlupdate/en/crlocx.ocx
O22 - SharedTaskScheduler: Windows DreamScene - {E31004D1-A431-41B8-826F-E902F9D95C81} - C:\Windows\System32\DreamScene.dll
O23 - Service: Ac Profile Manager Service (AcPrfMgrSvc) - Lenovo - C:\Program Files\ThinkPad\ConnectUtilities\AcPrfMgrSvc.exe
O23 - Service: Access Connections Main Service (AcSvc) - Lenovo - C:\Program Files\ThinkPad\ConnectUtilities\AcSvc.exe
O23 - Service: Agere Modem Call Progress Audio (AgereModemAudio) - Agere Systems - C:\Windows\system32\agrsmsvc.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Automaattinen LiveUpdate-ajastustoiminto - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: ccEvtMgr - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: ccSetMgr - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: COM Host (comHost) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\VAScanner\comHost.exe
O23 - Service: Diskeeper - Diskeeper Corporation - C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe
O23 - Service: Fn+F5 Service (FNF5SVC) - Lenovo. - C:\Program Files\LENOVO\HOTKEY\FNF5SVC.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Intel(R) Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: iPod-palvelu (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: IPS Core Service (IPSSVC) - Lenovo Group Limited - C:\Windows\system32\IPSSVC.EXE
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: LiveUpdate Notice Service Ex (LiveUpdate Notice Ex) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: LiveUpdate Notice Service - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
O23 - Service: Pure Networks Net2Go Service (nmraapache) - Pure Networks, Inc. - C:\Program Files\Pure Networks\Network Magic\WebServer\bin\nmraapache.exe
O23 - Service: Pure Networks Network Magic Service (nmservice) - Pure Networks, Inc. - C:\Program Files\Pure Networks\Network Magic\nmsrvc.exe
O23 - Service: PostgreSQL Database Server 8.2 (pgsql-8.2) - PostgreSQL Global Development Group - C:\Program Files\PostgreSQL\8.2\bin\pg_ctl.exe
O23 - Service: PMSveH - Lenovo - C:\Program Files\Lenovo\PM Driver\PMSveH.exe
O23 - Service: Remote Procedure Call (RPC) Net (rpcnet) - Absolute Software Corp. - C:\Windows\system32\rpcnet.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: System Update (SUService) - Lenovo Group Limited - C:\Program Files\Lenovo\System Update\SUService.exe
O23 - Service: Symantec Core LC - Unknown owner - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: ThinkVantage Registry Monitor Service - Lenovo Group Limited - C:\Program Files\Common Files\Lenovo\tvt_reg_monitor_svc.exe
O23 - Service: On Screen Display (TPHKSVC) - Unknown owner - C:\Program Files\LENOVO\HOTKEY\TPHKSVC.exe
O23 - Service: TSS Core Service (TSSCoreService) - IBM - C:\Program Files\Lenovo\Client Security Solution\tvttcsd.exe
O23 - Service: TVT Backup Protection Service - Unknown owner - C:\Program Files\Lenovo\Rescue and Recovery\rrpservice.exe
O23 - Service: TVT Backup Service - Lenovo Group Limited - C:\Program Files\Lenovo\Rescue and Recovery\rrservice.exe
O23 - Service: TVT Scheduler - Lenovo Group Limited - c:\Program Files\Common Files\Lenovo\Scheduler\tvtsched.exe
--
End of file - 13711 bytes
|
|
Iivu
Newbie
|
31. toukokuuta 2008 @ 12:54 |
Linkki tähän viestiin
|
|
Osaisko joku auttaa? Kiitos!!
|
AfterDawn Addict
|
31. toukokuuta 2008 @ 13:54 |
Linkki tähän viestiin
|
Toimenpiteet Vistassa suoritetaan Järjestelmänvalvojana
(tarkista älä oleta)
1. Lataa combofix.exe työpöydällesi jommastakummasta linkistä:
combofix.exe
combofix.exe
Avaa Muistio ja kopioi/liitä Lainaus: laatikon sisältö sinne:
Lainaus:
File::
C:\WINDOWS\winudpmgr.exe
C:\WINDOWS\service.exe
C:\WINDOWS\winudspm.exe
C:\Windows\system32\jkkJabbY.dll
Tallenna nimellä CFScript (itse asiassa combofix tunnistaa tuon vaikka tiedostopääte ei olisi
edes .txt).
Sitten raahaa ja pudota CFScript ComboFix.exeen kuten alla.(Älä klikkaa)
Huom! Älä klikkaile combofixin ikkunaa käytön aikana. Tämä saattaa aiheuttaa ohjelman jumiutumisen.
Käynnistä kone uudelleen, jos niin pyydetään ja lähetä combofix.txt-tiedoston sisältö tänne.
Kun käynnistät HijackThis =(HJT) ohjelman tee se hiiren oikealla napilla
ja valitset Suorita Järjestelmänvalvojana
[color=blue]Sammuta selain ja muut ohjelmat Fixin ajaksi.[/color] (ei virustorjuntaa)
Käynnistä HijackThis (HJT):ja Scan ja ruksaa seuraavat punaisella listatut tiedostot sekä poista ne.(fix Chekked)
O2 - BHO: (no name) - {39C8D2C2-B53A-4134-97E5-6EF45C13FC99} - C:\Windows\system32\jkkJabbY.dll (file missing)
O3 - Toolbar: (no name) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - (no file)
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Windows\system32\NeroCheck.exe
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Windows svchost] service.exe
O4 - HKLM\..\Run: [Windows UDP Control Center] winudpmgr.exe
Tyhjennä roskakori ja käynnistä koneesi uudelleen.
Postita tänne seuraavat lokit:
* Tuore HijackThis loki (Otetaan viimeisenä ennen postitusta)
* (C:\ComboFix.txt) raportti
*
(:)
|
|
Iivu
Newbie
|
31. toukokuuta 2008 @ 14:44 |
Linkki tähän viestiin
|
Kiitos Kalminen avusta!!! Alla HijackThis logi koneen buuttauksen jälkeen:
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 2:39:32 PM, on 5/31/2008
Platform: Windows Vista (WinNT 6.00.1904)
MSIE: Internet Explorer v7.00 (7.00.6000.16643)
Boot mode: Normal
Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskeng.exe
C:\Windows\Explorer.EXE
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Lenovo\PM Driver\PMHandler.exe
C:\Program Files\Lenovo\HOTKEY\TpWAudAp.exe
C:\Windows\RtHDVCpl.exe
C:\Program Files\ThinkPad\ConnectUtilities\ACWLIcon.exe
C:\Windows\Samsung\PanelMgr\SSMMgr.exe
C:\Program Files\Common Files\Lenovo\Scheduler\scheduler_proxy.exe
C:\Program Files\Lenovo\NPDIRECT\tpfnf7sp.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Windows\ehome\ehtray.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\Lenovo\Bluetooth Software\BTTray.exe
C:\Program Files\Logitech\SetPoint\SetPoint.exe
C:\Windows\System32\rundll32.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Program Files\Lenovo\Bluetooth Software\BtStackServer.exe
C:\Program Files\Common Files\Logitech\KhalShared\KHALMNPR.EXE
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\Program Files\Diskeeper Corporation\Diskeeper\DkIcon.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://lenovo.live.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://g.msn.fi/0SEFIFI/SAOS01?FORM=TOOLBR
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: Adobe PDF Reader -linkkiavustaja - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {1E8A6170-7264-4D0F-BEAE-D42A53123C75} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\1.5\NppBho.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: Windows Liven kirjautumisapuohjelma - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - c:\Program Files\Windows Live Toolbar\msntb.dll
O2 - BHO: ThinkVantage Password Manager - {F040E541-A427-4CF7-85D8-75E3E0F476C5} - C:\Program Files\Lenovo\Client Security Solution\tvtpwm_ie_com.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - c:\Program Files\Windows Live Toolbar\msntb.dll
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [PMHandler] C:\PROGRA~1\Lenovo\PMDRIV~1\PMHandler.exe
O4 - HKLM\..\Run: [TPWAUDAP] C:\Program Files\Lenovo\HOTKEY\TpWAudAp.exe
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [DiskeeperSystray] "C:\Program Files\Diskeeper Corporation\Diskeeper\DkIcon.exe"
O4 - HKLM\..\Run: [ACWLIcon] C:\Program Files\ThinkPad\ConnectUtilities\ACWLIcon.exe
O4 - HKLM\..\Run: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [Samsung PanelMgr] C:\Windows\Samsung\PanelMgr\SSMMgr.exe /autorun
O4 - HKLM\..\Run: [FingerPrintSoftware] "C:\Program Files\Lenovo Fingerprint Software\fpapp.exe" \s
O4 - HKLM\..\Run: [TVT Scheduler Proxy] C:\Program Files\Common Files\Lenovo\Scheduler\scheduler_proxy.exe
O4 - HKLM\..\Run: [TPFNF7] C:\PROGRA~1\Lenovo\NPDIRECT\TPFNF7SP.exe /r
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [NvSvc] RUNDLL32.EXE C:\Windows\system32\nvsvc.dll,nvsvcStart
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [Symantec PIF AlertEng] "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /a /m "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\AlertEng.dll"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-21-3075153018-759099659-2898441012-1004\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun (User 'postgres')
O4 - HKUS\S-1-5-18\..\Run: [Nokia.PCSync] C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [Nokia.PCSync] C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog (User 'Default user')
O4 - Global Startup: Bluetooth.lnk = ?
O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\SetPoint.exe
O8 - Extra context menu item: &Windows Live Search - res://c:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Send image to &Bluetooth Device... - C:\Program Files\Lenovo\Bluetooth Software\btsendto_ie_ctx.htm
O8 - Extra context menu item: Send page to &Bluetooth Device... - C:\Program Files\Lenovo\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: (no name) - {0045D4BC-5189-4b67-969C-83BB1906C421} - C:\Program Files\Lenovo\Client Security Solution\tvtpwm_ie_com.dll
O9 - Extra 'Tools' menuitem: ThinkVantage Password Manager... - {0045D4BC-5189-4b67-969C-83BB1906C421} - C:\Program Files\Lenovo\Client Security Solution\tvtpwm_ie_com.dll
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: BetOnBet Poker - {2B936D2B-EDD7-405f-9057-3685BE897E62} - C:\Microgaming\Poker\betonbetMPP\MPPoker.exe
O9 - Extra button: PokerStars - {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - C:\Program Files\PokerStars\PokerStarsUpdate.exe
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Programs\PartyGaming\PartyPoker\RunApp.exe
O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Programs\PartyGaming\PartyPoker\RunApp.exe
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\Lenovo\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\Lenovo\Bluetooth Software\btsendto_ie.htm
O13 - Gopher Prefix:
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/sh...ash/swflash.cab
O16 - DPF: {D821DC4A-0814-435E-9820-661C543A4679} (CRLDownloadWrapper Class) - http://drmlicense.one.microsoft.com/crlupdate/en/crlocx.ocx
O22 - SharedTaskScheduler: Windows DreamScene - {E31004D1-A431-41B8-826F-E902F9D95C81} - C:\Windows\System32\DreamScene.dll
O23 - Service: Ac Profile Manager Service (AcPrfMgrSvc) - Lenovo - C:\Program Files\ThinkPad\ConnectUtilities\AcPrfMgrSvc.exe
O23 - Service: Access Connections Main Service (AcSvc) - Lenovo - C:\Program Files\ThinkPad\ConnectUtilities\AcSvc.exe
O23 - Service: Agere Modem Call Progress Audio (AgereModemAudio) - Agere Systems - C:\Windows\system32\agrsmsvc.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Automaattinen LiveUpdate-ajastustoiminto - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: ccEvtMgr - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: ccSetMgr - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: COM Host (comHost) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\VAScanner\comHost.exe
O23 - Service: Diskeeper - Diskeeper Corporation - C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe
O23 - Service: Fn+F5 Service (FNF5SVC) - Lenovo. - C:\Program Files\LENOVO\HOTKEY\FNF5SVC.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Intel(R) Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: iPod-palvelu (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: IPS Core Service (IPSSVC) - Lenovo Group Limited - C:\Windows\system32\IPSSVC.EXE
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: LiveUpdate Notice Service Ex (LiveUpdate Notice Ex) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: LiveUpdate Notice Service - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
O23 - Service: Pure Networks Net2Go Service (nmraapache) - Pure Networks, Inc. - C:\Program Files\Pure Networks\Network Magic\WebServer\bin\nmraapache.exe
O23 - Service: Pure Networks Network Magic Service (nmservice) - Pure Networks, Inc. - C:\Program Files\Pure Networks\Network Magic\nmsrvc.exe
O23 - Service: PostgreSQL Database Server 8.2 (pgsql-8.2) - PostgreSQL Global Development Group - C:\Program Files\PostgreSQL\8.2\bin\pg_ctl.exe
O23 - Service: PMSveH - Lenovo - C:\Program Files\Lenovo\PM Driver\PMSveH.exe
O23 - Service: Remote Procedure Call (RPC) Net (rpcnet) - Absolute Software Corp. - C:\Windows\system32\rpcnet.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: System Update (SUService) - Lenovo Group Limited - C:\Program Files\Lenovo\System Update\SUService.exe
O23 - Service: Symantec Core LC - Unknown owner - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: ThinkVantage Registry Monitor Service - Lenovo Group Limited - C:\Program Files\Common Files\Lenovo\tvt_reg_monitor_svc.exe
O23 - Service: On Screen Display (TPHKSVC) - Unknown owner - C:\Program Files\LENOVO\HOTKEY\TPHKSVC.exe
O23 - Service: TSS Core Service (TSSCoreService) - IBM - C:\Program Files\Lenovo\Client Security Solution\tvttcsd.exe
O23 - Service: TVT Backup Protection Service - Unknown owner - C:\Program Files\Lenovo\Rescue and Recovery\rrpservice.exe
O23 - Service: TVT Backup Service - Lenovo Group Limited - C:\Program Files\Lenovo\Rescue and Recovery\rrservice.exe
O23 - Service: TVT Scheduler - Lenovo Group Limited - c:\Program Files\Common Files\Lenovo\Scheduler\tvtsched.exe
--
End of file - 12895 bytes
Ja vielä ComboFix-logi:
ComboFix 08-05-29.1 - Tuomas 05/31/2008 14:16:15.2 - NTFSx86
Microsoft® Windows Vista? Ultimate 6.0.6000.0.1252.358.1033.18.935 [GMT 3:00]
Running from: C:\Users\Tuomas\Desktop\ComboFix.exe
Command switches used :: C:\Users\Tuomas\Desktop\CFScript.txt
* Created a new restore point
FILE ::
C:\WINDOWS\service.exe
C:\Windows\system32\jkkJabbY.dll
C:\WINDOWS\winudpmgr.exe
C:\WINDOWS\winudspm.exe
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
---- Previous Run -------
.
C:\setup.exe
C:\Users\Tuomas\AppData\Roaming\macromedia\Flash Player\#SharedObjects\U7JJTTGF\iforex.com
C:\Users\Tuomas\AppData\Roaming\macromedia\Flash Player\#SharedObjects\U7JJTTGF\iforex.com\Emerp\Events\flash_object.swf\user_data.sol
C:\Users\Tuomas\AppData\Roaming\macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#iforex.com
C:\Users\Tuomas\AppData\Roaming\macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#iforex.com\settings.sol
C:\Windows\system32\jkkLdBrs.dll
C:\Windows\system32\tuVopPIB.dll
C:\Windows\System32\YbbaJkkj.ini
C:\Windows\System32\YbbaJkkj.ini2
G:\Autorun.inf
.
((((((((((((((((((((((((( Files Created from 2008-04-28 to 2008-05-31 )))))))))))))))))))))))))))))))
.
No new files created in this timespan
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-05-31 11:14 --------- d---a-w C:\ProgramData\TEMP
2008-05-31 07:20 --------- d-----w C:\ProgramData\Symantec
2008-05-31 06:57 47,104 ----a-w C:\Windows\System32\rpcnet.dll
2008-05-31 06:57 17,408 ----a-w C:\Windows\System32\rpcnetp.exe
2008-05-31 06:52 805 ----a-w C:\Windows\system32\drivers\SYMEVENT.INF
2008-05-31 06:52 123,952 ----a-w C:\Windows\system32\drivers\SYMEVENT.SYS
2008-05-31 06:52 10,671 ----a-w C:\Windows\system32\drivers\SYMEVENT.CAT
2008-05-31 06:52 --------- d-----w C:\Program Files\Symantec
2008-05-30 18:20 --------- d-----w C:\Program Files\Norton 360
2008-05-30 17:59 --------- d-----w C:\Program Files\Trend Micro
2008-05-30 17:56 60,132 ----a-w C:\dci.exe
2008-05-30 17:48 83,400 ----a-w C:\img.exe
2008-05-30 17:47 17,408 ----a-w C:\Windows\System32\rpcnetp.dll
2008-05-30 15:45 --------- d-----w C:\Program Files\Alwil Software
2008-05-29 20:51 --------- d-----w C:\Users\Tuomas\AppData\Roaming\mIRC
2008-05-29 20:21 60,132 ----a-w C:\ddc.exe
2008-05-29 18:38 --------- d-----w C:\Program Files\mIRC
2008-05-21 15:50 --------- d-----w C:\Program Files\Microsoft Silverlight
2008-05-19 15:39 --------- d-----w C:\Program Files\Windows Mail
2008-05-15 23:18 50,768 ----a-w C:\Windows\system32\drivers\aswMonFlt.sys
2008-05-15 20:46 --------- d-----w C:\Program Files\Poker Tracker Omaha
2008-05-15 20:39 --------- d-----w C:\Program Files\Poker Tracker V2
2008-05-08 13:21 --------- d-----w C:\Program Files\PokerTracker 3
2008-05-07 16:51 --------- d-----w C:\Program Files\Mozilla Thunderbird
2008-05-04 16:23 --------- d-----w C:\Program Files\Full Tilt Poker
2008-04-27 19:06 82,408 ----a-w C:\Users\Tuomas\AppData\Roaming\nvModes.dat
2008-04-20 15:11 --------- d-----w C:\Program Files\PokerStars
2008-04-17 17:05 --------- dcsh--w C:\Program Files\Common Files\WindowsLiveInstaller
2008-04-17 17:05 --------- d-----w C:\Program Files\Windows Live
2008-04-17 17:02 --------- d-----w C:\ProgramData\WLInstaller
2008-04-12 17:18 --------- d-----w C:\Program Files\Safari
2008-04-12 17:17 --------- d-----w C:\Program Files\iTunes
2008-04-12 17:17 --------- d-----w C:\Program Files\iPod
2008-04-12 17:16 --------- d-----w C:\Program Files\QuickTime
2008-04-06 19:57 --------- d-----w C:\Users\Tuomas\AppData\Roaming\uTorrent
2008-03-31 15:30 47,104 ----a-w C:\Windows\System32\rpcnet.exe
2008-03-12 20:21 678,408 ----a-w C:\Windows\System32\gpprefcl.dll
2008-03-08 04:30 537,600 ----a-w C:\Windows\AppPatch\AcLayers.dll
2008-03-08 04:30 449,536 ----a-w C:\Windows\AppPatch\AcSpecfc.dll
2008-03-08 04:30 2,144,256 ----a-w C:\Windows\AppPatch\AcGenral.dll
2008-03-08 04:30 173,056 ----a-w C:\Windows\AppPatch\AcXtrnal.dll
2008-03-08 04:30 1,686,528 ----a-w C:\Windows\System32\gameux.dll
2008-03-08 00:37 4,247,552 ----a-w C:\Windows\System32\GameUXLegacyGDFs.dll
2008-03-08 00:22 2,560 ----a-w C:\Windows\AppPatch\AcRes.dll
2008-02-29 06:51 19,000 ----a-w C:\Windows\System32\kd1394.dll
2008-02-29 06:39 40,960 ----a-w C:\Windows\System32\srclient.dll
2008-02-29 06:39 371,712 ----a-w C:\Windows\System32\srcore.dll
2008-02-29 06:38 313,856 ----a-w C:\Windows\System32\rstrui.exe
2008-02-29 06:38 16,384 ----a-w C:\Windows\System32\srdelayed.exe
2008-02-29 06:35 6,656 ----a-w C:\Windows\System32\kbd106n.dll
2008-02-29 06:34 7,168 ----a-w C:\Windows\System32\f3ahvoas.dll
2008-02-29 04:16 2,027,008 ----a-w C:\Windows\System32\win32k.sys
2008-02-21 04:43 826,368 ----a-w C:\Windows\System32\wininet.dll
2008-02-21 04:43 56,320 ----a-w C:\Windows\System32\iesetup.dll
2008-02-21 04:43 52,736 ----a-w C:\Windows\AppPatch\iebrshim.dll
2008-02-21 04:43 296,448 ----a-w C:\Windows\System32\gdi32.dll
2008-02-21 04:43 26,624 ----a-w C:\Windows\System32\ieUnatt.exe
2008-02-19 05:10 620,088 ----a-w C:\Windows\System32\ci.dll
2008-02-14 23:19 944,184 ----a-w C:\Windows\System32\winload.exe
2008-02-13 20:40 194,560 ----a-w C:\Windows\System32\WebClnt.dll
2008-02-13 20:39 613,888 ----a-w C:\Windows\System32\wpd_ci.dll
2008-02-13 20:39 558,080 ----a-w C:\Windows\System32\oleaut32.dll
2008-02-13 20:39 260,096 ----a-w C:\Windows\System32\dpx.dll
2008-02-13 20:39 224,824 ----a-w C:\Windows\System32\clfs.sys
2008-02-13 20:39 221,696 ----a-w C:\Windows\System32\umpnpmgr.dll
2008-02-13 20:39 19,456 ----a-w C:\Windows\System32\cfgmgr32.dll
2008-02-13 20:39 12,800 ----a-w C:\Windows\System32\batt.dll
2008-02-13 20:39 101,888 ----a-w C:\Windows\System32\drvinst.exe
2008-02-13 20:39 1,585,664 ----a-w C:\Windows\System32\setupapi.dll
2008-02-13 20:38 905,400 ----a-w C:\Windows\System32\winresume.exe
2008-02-13 20:38 595,456 ----a-w C:\Windows\System32\schedsvc.dll
2008-02-13 20:38 39,424 ----a-w C:\Windows\System32\lodctr.exe
2008-02-13 20:38 35,328 ----a-w C:\Windows\System32\dispci.dll
2008-02-13 20:38 32,256 ----a-w C:\Windows\System32\unlodctr.exe
2008-02-13 20:38 23,552 ----a-w C:\Windows\System32\nshhttp.dll
2008-02-13 20:38 17,408 ----a-w C:\Windows\System32\prflbmsg.dll
2008-02-13 20:38 115,200 ----a-w C:\Windows\System32\loadperf.dll
2008-02-13 20:36 3,505,720 ----a-w C:\Windows\System32\ntkrnlpa.exe
2008-02-13 20:36 3,471,928 ----a-w C:\Windows\System32\ntoskrnl.exe
2008-02-13 20:35 24,064 ----a-w C:\Windows\System32\netcfg.exe
2008-02-13 20:35 22,016 ----a-w C:\Windows\System32\netiougc.exe
2008-02-13 20:35 167,424 ----a-w C:\Windows\System32\tcpipcfg.dll
2007-08-31 15:48 174 --sh--w C:\Program Files\desktop.ini
2008-01-05 17:18 16,384 --sh--w C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Feeds Cache\index.dat
.
------- Sigcheck -------
.
((((((((((((((((((((((((((((( snapshot@Fri 05-30-2008_21.31.57.34 )))))))))))))))))))))))))))))))))))))))))
.
- 2008-05-30 18:19:19 67,584 --s-a-w C:\Windows\bootstat.dat
+ 2008-05-31 06:57:01 67,584 --s-a-w C:\Windows\bootstat.dat
- 2008-05-30 18:19:20 2,048 --sha-w C:\Windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
+ 2008-05-31 06:57:02 2,048 --sha-w C:\Windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
- 2008-05-30 18:19:20 2,048 --sha-w C:\Windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
+ 2008-05-31 06:57:02 2,048 --sha-w C:\Windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
- 2008-05-30 18:20:00 262,144 --sha-w C:\Windows\ServiceProfiles\LocalService\NTUSER.DAT
+ 2008-05-31 07:00:16 262,144 --sha-w C:\Windows\ServiceProfiles\LocalService\NTUSER.DAT
+ 2008-05-31 07:00:16 262,144 ---ha-w C:\Windows\ServiceProfiles\LocalService\ntuser.dat.LOG1
- 2008-05-30 18:20:00 262,144 --sha-w C:\Windows\ServiceProfiles\NetworkService\NTUSER.DAT
+ 2008-05-31 07:01:13 262,144 --sha-w C:\Windows\ServiceProfiles\NetworkService\NTUSER.DAT
- 2008-05-30 18:07:57 32,768 --sh--w C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2008-05-31 10:59:01 32,768 --sh--w C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2008-05-30 18:07:57 16,384 --sh--w C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2008-05-31 10:59:01 16,384 --sh--w C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2008-05-30 17:54:01 103,924 ----a-w C:\Windows\System32\perfc009.dat
+ 2008-05-31 07:05:23 103,924 ----a-w C:\Windows\System32\perfc009.dat
- 2008-05-30 17:54:01 83,888 ----a-w C:\Windows\System32\perfc00B.dat
+ 2008-05-31 07:05:23 83,888 ----a-w C:\Windows\System32\perfc00B.dat
- 2008-05-30 17:54:01 81,394 ----a-w C:\Windows\System32\perfc01D.dat
+ 2008-05-31 07:05:23 81,394 ----a-w C:\Windows\System32\perfc01D.dat
- 2008-05-30 17:54:01 610,142 ----a-w C:\Windows\System32\perfh009.dat
+ 2008-05-31 07:05:23 610,142 ----a-w C:\Windows\System32\perfh009.dat
- 2008-05-30 17:54:01 459,540 ----a-w C:\Windows\System32\perfh00B.dat
+ 2008-05-31 07:05:23 459,540 ----a-w C:\Windows\System32\perfh00B.dat
- 2008-05-30 17:54:01 463,874 ----a-w C:\Windows\System32\perfh01D.dat
+ 2008-05-31 07:05:23 463,874 ----a-w C:\Windows\System32\perfh01D.dat
- 2008-05-30 18:22:27 14,114 ----a-w C:\Windows\System32\WDI\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-3075153018-759099659-2898441012-1000_UserData.bin
+ 2008-05-31 07:01:01 14,496 ----a-w C:\Windows\System32\WDI\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-3075153018-759099659-2898441012-1000_UserData.bin
- 2008-05-30 18:22:27 78,734 ----a-w C:\Windows\System32\WDI\BootPerformanceDiagnostics_SystemData.bin
+ 2008-05-31 07:01:00 79,036 ----a-w C:\Windows\System32\WDI\BootPerformanceDiagnostics_SystemData.bin
- 2008-05-30 17:49:59 54,160 ----a-w C:\Windows\System32\WDI\ShutdownPerformanceDiagnostics_SystemData.bin
+ 2008-05-31 07:00:56 55,344 ----a-w C:\Windows\System32\WDI\ShutdownPerformanceDiagnostics_SystemData.bin
.
-- Snapshot reset to current date --
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{39C8D2C2-B53A-4134-97E5-6EF45C13FC99}]
C:\Windows\system32\jkkJabbY.dll
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ehTray.exe"="C:\Windows\ehome\ehTray.exe" [11/02/2006 03:34 PM 125440]
"msnmsgr"="C:\Program Files\Windows Live\Messenger\MsnMsgr.exe" [10/18/2007 11:34 AM 5724184]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe" [09/22/2007 10:20 AM 171448]
"WMPNSCFG"="C:\Program Files\Windows Media Player\WMPNSCFG.exe" [11/02/2006 03:33 PM 201728]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SynTPEnh"="C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" [10/23/2006 05:00 AM 815104]
"PMHandler"="C:\PROGRA~1\Lenovo\PMDRIV~1\PMHandler.exe" [06/06/2007 03:11 AM 34352]
"TPWAUDAP"="C:\Program Files\Lenovo\HOTKEY\TpWAudAp.exe" [09/06/2006 10:38 AM 54824]
"RtHDVCpl"="RtHDVCpl.exe" [03/23/2007 02:04 PM 4423680 C:\Windows\RtHDVCpl.exe]
"DiskeeperSystray"="C:\Program Files\Diskeeper Corporation\Diskeeper\DkIcon.exe" [11/16/2006 02:21 AM 217176]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" [02/22/2008 05:25 AM 144784]
"ACWLIcon"="C:\Program Files\ThinkPad\ConnectUtilities\ACWLIcon.exe" [07/05/2007 03:49 PM 124200]
"Kernel and Hardware Abstraction Layer"="KHALMNPR.EXE" [04/11/2007 03:32 PM 56080 C:\Windows\KHALMNPR.Exe]
"Samsung PanelMgr"="C:\Windows\Samsung\PanelMgr\SSMMgr.exe" [12/14/2006 03:25 PM 520192]
"FingerPrintSoftware"="C:\Program Files\Lenovo Fingerprint Software\fpapp.exe" [03/02/2007 04:32 PM 933888]
"NeroFilterCheck"="C:\Windows\system32\NeroCheck.exe" [07/09/2001 11:50 AM 155648]
"TVT Scheduler Proxy"="C:\Program Files\Common Files\Lenovo\Scheduler\scheduler_proxy.exe" [11/06/2007 04:27 PM 487424]
"TPFNF7"="C:\PROGRA~1\Lenovo\NPDIRECT\TPFNF7SP.exe" [04/10/2007 03:03 AM 58416]
"ccApp"="C:\Program Files\Common Files\Symantec Shared\ccApp.exe" [01/10/2007 12:59 AM 115816]
"NvSvc"="C:\Windows\system32\nvsvc.dll" [01/13/2007 03:40 AM 90191]
"NvCplDaemon"="C:\Windows\system32\NvCpl.dll" [01/13/2007 03:40 AM 7766016]
"NvMediaCenter"="C:\Windows\system32\NvMcTray.dll" [01/13/2007 03:40 AM 81920]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [01/11/2008 11:16 PM 39792]
"Symantec PIF AlertEng"="C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" [01/29/2008 06:38 PM 583048]
"QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" [03/28/2008 11:37 PM 413696]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [03/30/2008 10:36 AM 267048]
"Windows svchost"="service.exe" []
"Windows UDP Control Center"="winudpmgr.exe" []
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"Nokia.PCSync"="C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe" [06/19/2007 10:17 AM 1241088]
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\
Bluetooth.lnk - C:\Program Files\Lenovo\Bluetooth Software\BTTray.exe [3/29/2007 11:11:50 PM 719664]
Logitech SetPoint.lnk - C:\Program Files\Logitech\SetPoint\SetPoint.exe [8/19/2007 7:32:36 PM 692224]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableLUA"= 0 (0x0)
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"VIDC.AP41"= APmpg4v1.dll
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
--a------ 03/30/2008 10:36 AM 267048 C:\Program Files\iTunes\iTunesHelper.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PCSuiteTrayApplication]
--------- 06/18/2007 03:10 PM 271360 C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
--a------ 03/28/2008 11:37 PM 413696 C:\Program Files\QuickTime\QTTask.exe
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"UacDisableNotify"=dword:00000001
"InternetSettingsDisableNotify"=dword:00000001
"AutoUpdateDisableNotify"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\DomainProfile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]
"{C5C3692F-AC10-439B-B46D-031E76F8B60A}"= TCP:67:DHCP Discovery Service
"{8CB9AB20-C55E-4C4E-A49B-EB5DE83F06C8}"= TCP:67:0.0.0.0:DHCP Discovery Service
"{973530FC-6E7B-4806-B65B-618391C2A3D3}"= UDP:C:\Program Files\Pure Networks\Network Magic\nmsrvc.exe:Pure Networks Network Magic Service
"{82053EB9-DEC1-4DD5-A477-D403BAB6BBA8}"= TCP:C:\Program Files\Pure Networks\Network Magic\nmsrvc.exe:Pure Networks Network Magic Service
"{80C78603-DA86-4897-B488-368CA3F05A56}"= UDP:C:\Program Files\uTorrent\uTorrent.exe:µTorrent
"{F70F03B0-B383-46AB-94A7-C5FEF1C148B6}"= TCP:C:\Program Files\uTorrent\uTorrent.exe:µTorrent
"{63B268CA-337E-4123-AA3D-E54463BE90F0}"= UDP:C:\Program Files\Winamp Remote\bin\Orb.exe:Orb
"{02F11446-90F1-4FC6-B809-0F3D49643F98}"= TCP:C:\Program Files\Winamp Remote\bin\Orb.exe:Orb
"{08164F17-9534-47C7-92F3-89D03DAE3C4A}"= UDP:C:\Program Files\Winamp Remote\bin\OrbTray.exe:OrbTray
"{B0F1DFFF-1356-41F1-884B-6E4936B4F057}"= TCP:C:\Program Files\Winamp Remote\bin\OrbTray.exe:OrbTray
"{2D2F2D0C-B6D8-4123-9BF5-DB3DFD586893}"= UDP:C:\Program Files\Winamp Remote\bin\OrbIR.exe:OrbIR
"{69E9CFD9-29F4-4082-9510-1516119DFBEE}"= TCP:C:\Program Files\Winamp Remote\bin\OrbIR.exe:OrbIR
"{41967499-4FED-4468-8790-A8873E761D42}"= UDP:C:\Program Files\Winamp Remote\bin\OrbStreamerClient.exe:Orb Stream Client
"{55AEF227-A01D-4193-B7F5-4B68B4B50174}"= TCP:C:\Program Files\Winamp Remote\bin\OrbStreamerClient.exe:Orb Stream Client
"{864666A3-32E9-4D7E-B93E-00C77E2E1376}"= UDP:C:\Program Files\iTunes\iTunes.exe:iTunes
"{00EAD35C-53AA-4C55-8CD0-73A8F79D2B4B}"= TCP:C:\Program Files\iTunes\iTunes.exe:iTunes
"{3EBF7F2D-3B11-4B2D-8DE3-724CC0D4057B}"= C:\Program Files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\PublicProfile]
"EnableFirewall"= 0 (0x0)
"DoNotAllowExceptions"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\RestrictedServices\Static\System]
"DFSR-1"= RPort=5722|UDP:%SystemRoot%\system32\svchost.exe|Svc=DFSR:Allow inbound TCP traffic|
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\StandardProfile]
"EnableFirewall"= 0 (0x0)
R0 LPCFilter;LPC Lower Filter Driver;C:\Windows\system32\DRIVERS\LPCFilter.sys [11/10/2006 12:34 AM]
R1 aswSP;avast! Self Protection;C:\Windows\system32\drivers\aswSP.sys [05/16/2008 02:20 AM]
R1 IDSvix86;Symantec Intrusion Prevention Driver;C:\PROGRA~2\Symantec\DEFINI~1\SymcData\idsdefs\20080530.001\IDSvix86.sys [02/13/2008 07:18 PM]
R1 lenovo.smi;Lenovo System Interface Driver;C:\Windows\system32\DRIVERS\smiif32.sys [08/30/2006 01:04 PM]
R2 aswFsBlk;aswFsBlk;C:\Windows\system32\DRIVERS\aswFsBlk.sys [05/16/2008 02:16 AM]
R2 aswMonFlt;aswMonFlt;C:\Windows\system32\DRIVERS\aswMonFlt.sys [05/16/2008 02:18 AM]
R2 Automaattinen LiveUpdate-ajastustoiminto;Automaattinen LiveUpdate-ajastustoiminto;"C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe" [09/26/2007 01:53 PM]
R2 FNF5SVC;Fn+F5 Service;C:\Program Files\LENOVO\HOTKEY\FNF5SVC.exe [04/09/2007 10:24 AM]
R2 pgsql-8.2;PostgreSQL Database Server 8.2;"C:\Program Files\PostgreSQL\8.2\bin\pg_ctl.exe" runservice -N "pgsql-8.2" -D "C:\Program Files\PostgreSQL\8.2\data\" []
R2 SSPORT;SSPORT;C:\Windows\system32\Drivers\SSPORT.sys [12/08/2006 06:33 PM]
R2 TPHKSVC;On Screen Display;C:\Program Files\LENOVO\HOTKEY\TPHKSVC.exe [03/02/2007 02:07 PM]
R2 TVT Backup Protection Service;TVT Backup Protection Service;"C:\Program Files\Lenovo\Rescue and Recovery\rrpservice.exe" [07/10/2007 10:56 PM]
R3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;C:\Windows\system32\DRIVERS\b57nd60x.sys [02/09/2007 01:03 AM]
R3 btwaudio;Bluetooth Audio Device Service;C:\Windows\system32\drivers\btwaudio.sys [03/29/2007 10:46 PM]
R3 btwavdt;Bluetooth AVDT Service;C:\Windows\system32\drivers\btwavdt.sys [02/27/2007 09:20 AM]
R3 btwrchid;btwrchid;C:\Windows\system32\DRIVERS\btwrchid.sys [02/27/2007 09:20 AM]
R3 n558;N558 Bluetooth USB Filter Driver;C:\Windows\system32\Drivers\n558.sys [07/20/2007 06:20 AM]
R3 SYMNDISV;SYMNDISV;C:\Windows\system32\Drivers\SYMNDISV.SYS [01/10/2007 01:32 AM]
R3 TVTI2C;Lenovo SM bus driver;C:\Windows\system32\DRIVERS\Tvti2c.sys [05/22/2007 10:59 PM]
S3 NSNDIS5;NSNDIS5 NDIS Protocol Driver;C:\Windows\system32\NSNDIS5.SYS [03/24/2004 05:12 AM]
S3 TfBulk;TfBulk;C:\Windows\system32\DRIVERS\TfBulk.sys [05/31/2007 09:11 PM]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
bthsvcs REG_MULTI_SZ BthServ
GPSvcGroup REG_MULTI_SZ GPSvc
*Newly Created Service* - COMHOST
.
Contents of the 'Scheduled Tasks' folder
"2008-05-31 11:18:36 C:\Windows\Tasks\Tarkistetaan Windows Live -työkalurivin päivitykset.job"
- c:\Program Files\Windows Live Toolbar\MSNTBUP.EXE
"2008-05-31 06:38:17 C:\Windows\Tasks\User_Feed_Synchronization-{9D2C9BB4-6A54-4BC9-95FA-E34EFE1291D7}.job"
- C:\Windows\system32\msfeedssync.exe
.
**************************************************************************
catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-05-31 14:21:06
Windows 6.0.6000 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
folder error: C:\Windows\system32\drivers\
folder error: C:\Windows\TEMP\
folder error: C:\Windows\system32\
folder error: C:\Windows\system32\wbem\
C:\Users\Tuomas\AppData\Local\Microsoft\Messenger\iivu@sci.fi\SharingMetadata\Logs\Dfsr00005.log.gz 42372 bytes
C:\Users\Tuomas\AppData\Local\Microsoft\Messenger\iivu@sci.fi\SharingMetadata\Working\database_C00_CBF8_CB_E6B4\$db_clean$ 0 bytes
scan completed successfully
hidden files: 2
**************************************************************************
.
Completion time: 05/31/2008 14:22:25
ComboFix-quarantined-files.txt 2008-05-31 11:22:16
Pre-Run: 15,600,152,576 bytes free
Post-Run: 15,465,914,368 bytes free
299 --- E O F --- 2008-05-31 06:46:35
Miltä näyttää?
|
AfterDawn Addict
|
31. toukokuuta 2008 @ 15:26 |
Linkki tähän viestiin
|
Loppusuoralla ollaan.
Virustorjunta on kuralla !!!
Norton ja Avast sotasilla.
------------------------------------------
Avaa Muistio ja kopioi/liitä Lainaus: laatikon sisältö sinne:
Lainaus:
File::
C:\dci.exe
C:\img.exe
C:\ddc.exe
Registry::
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{39C8D2C2-B53A-4134-97E5-6EF45C13FC99}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Windows svchost"=-
"Windows UDP Control Center"=-
Tallenna nimellä CFScript (itse asiassa combofix tunnistaa tuon vaikka tiedostopääte ei olisi
edes .txt).
Sitten raahaa ja pudota CFScript ComboFix.exeen kuten alla.(Älä klikkaa)
Käynnistä kone uudelleen, jos niin pyydetään ja lähetä combofix.txt-tiedoston sisältö tänne.
------------------------------------------------------------------------
Lataa Malwarebytes' Anti-Malware työpöydällesi.
* Tuplaklikkaa mbam-setup.exe ja seuraa ohjeita asentaaksesi ohjelman.
* Lopuksi varmistu, että seuraavat on valittu: Update Malwarebytes' Anti-Malware ja Launch Malwarebytes' Anti-Malware ja sen jälkeen klikkaa Finish.
* Jos päivitys löytyy. ohjelma lataa ja asentaa uusimman version.
* Kun ohjelma on latautunut, valitse Perform full scan ja klikkaa Scan.
* Kun skanni on valmis, klikkaa OK ja sitten Show Results nähdäksesi tulokset.
* Varmistu, että kaikki on merkitty ja klikkaa Remove Selected.
* Tämän jälkeen loki avautuu muistioon. Tallenna se paikkaan, josta löydät sen helposti. Loki löytyy myös
täältä: C:\Documents and Settings\Käyttäjänimi\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\log-päiväys.txt
* Lähetä lokin sisältö seuraavassa viestissäsi + uusi hjt-loki + (C:\ComboFix.txt).
.
(:)
|
|
Iivu
Newbie
|
1. kesäkuuta 2008 @ 13:18 |
Linkki tähän viestiin
|
Olet kyllä hieno mies(?), kun olet auttanut apua tarvitsevia!
Malwarebytes-logi:
Malwarebytes' Anti-Malware 1.14
Tietokantaversio: 811
12:27:29 PM 6/1/2008
mbam-log-6-1-2008 (12-27-29).txt
Tarkistustyyppi: Täysi tarkistus (C:\|)
Tarkistetut kohteet: 182988
Kulunut aika: 1 hour(s), 8 minute(s), 16 second(s)
Saastuneita muistiprosesseja: 0
Saastuneita muistimoduuleja: 0
Saastuneita rekisteriavaimia: 3
Saastuneita rekisteriarvoja: 0
Saastuneita rekisterikohteita: 0
Saastuneita hakemistoja: 10
Saastuneita tiedostoja: 323
Saastuneita muistiprosesseja:
(Haitallisia kohteita ei löydetty)
Saastuneita muistimoduuleja:
(Haitallisia kohteita ei löydetty)
Saastuneita rekisteriavaimia:
HKEY_CLASSES_ROOT\CLSID\{f0e738ca-4e59-446f-b34a-6bc26fb2c735} (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Software\Microsoft\affri (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\affri (Malware.Trace) -> Quarantined and deleted successfully.
Saastuneita rekisteriarvoja:
(Haitallisia kohteita ei löydetty)
Saastuneita rekisterikohteita:
(Haitallisia kohteita ei löydetty)
Saastuneita hakemistoja:
C:\Casino (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Poker Heaven (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Poker Heaven\data (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Poker Heaven\history (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Poker Heaven\logs (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Poker Heaven\notes (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Poker Heaven\promo (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Poker Heaven\sfx (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Poker Heaven\xrs (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Poker Heaven\history\832001 (Adware.Casino) -> Quarantined and deleted successfully.
Saastuneita tiedostoja:
C:\Program Files\WinRAR\UnRAR.exe (Trojan.DNSChanger) -> Quarantined and deleted successfully.
C:\QooBox\Quarantine\C\dci.exe.vir (Backdoor.Bot) -> Quarantined and deleted successfully.
C:\QooBox\Quarantine\C\ddc.exe.vir (Backdoor.Bot) -> Quarantined and deleted successfully.
C:\QooBox\Quarantine\C\img.exe.vir (Backdoor.Bot) -> Quarantined and deleted successfully.
C:\QooBox\Quarantine\C\setup.exe.vir (Backdoor.Bot) -> Quarantined and deleted successfully.
C:\Casino\Poker Heaven\bjlicens.txt (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Poker Heaven\blackjack.dll (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Poker Heaven\browser.exe (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Poker Heaven\cacerts.crt (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Poker Heaven\cam.cas (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Poker Heaven\cardlib.dll (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Poker Heaven\common.dll (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Poker Heaven\core.dmp (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Poker Heaven\countries.lst (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Poker Heaven\db.dll (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Poker Heaven\devlib.dll (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Poker Heaven\devlibcomm.dll (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Poker Heaven\filemap.lst (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Poker Heaven\fivecard.dll (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Poker Heaven\games.xrs (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Poker Heaven\gsid.txt (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Poker Heaven\id.xrs (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Poker Heaven\INSTALL.LOG (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Poker Heaven\languages.xrs (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Poker Heaven\libeay32.dll (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Poker Heaven\licens.txt (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Poker Heaven\mfc80.dll (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Poker Heaven\microsoft.vc80.crt.manifest (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Poker Heaven\microsoft.vc80.mfc.manifest (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Poker Heaven\modstatus.lst (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Poker Heaven\mp3dec.asi (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Poker Heaven\mss32.dll (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Poker Heaven\msvcp71.dll (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Poker Heaven\msvcp80.dll (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Poker Heaven\msvcr71.dll (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Poker Heaven\msvcr80.dll (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Poker Heaven\mutedplayers.txt (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Poker Heaven\navigator.dll (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Poker Heaven\omaha.dll (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Poker Heaven\options.cfg (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Poker Heaven\poker.dll (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Poker Heaven\poker.exe (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Poker Heaven\sc.dll (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Poker Heaven\shfolder.dll (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Poker Heaven\srvmap.lst (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Poker Heaven\ssleay32.dll (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Poker Heaven\texas.dll (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Poker Heaven\UNWISE.EXE (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Poker Heaven\update.exe (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Poker Heaven\vistaelevator.dll (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Poker Heaven\webdollar.exe (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Poker Heaven\xml.dll (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Poker Heaven\zlib1.dll (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Poker Heaven\data\0.gif (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Poker Heaven\data\1.gif (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Poker Heaven\data\10.gif (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Poker Heaven\data\11.gif (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Poker Heaven\data\12.gif (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Poker Heaven\data\13.gif (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Poker Heaven\data\14.gif (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Poker Heaven\data\15.gif (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Poker Heaven\data\16.gif (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Poker Heaven\data\17.gif (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Poker Heaven\data\18.gif (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Poker Heaven\data\19.gif (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Poker Heaven\data\2.gif (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Poker Heaven\data\20.gif (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Poker Heaven\data\21.gif (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Poker Heaven\data\22.gif (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Poker Heaven\data\23.gif (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Poker Heaven\data\24.gif (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Poker Heaven\data\25.gif (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Poker Heaven\data\26.gif (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Poker Heaven\data\27.gif (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Poker Heaven\data\28.gif (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Poker Heaven\data\29.gif (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Poker Heaven\data\3.gif (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Poker Heaven\data\30.gif (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Poker Heaven\data\31.gif (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Poker Heaven\data\32.gif (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Poker Heaven\data\33.gif (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Poker Heaven\data\34.gif (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Poker Heaven\data\35.gif (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Poker Heaven\data\36.gif (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Poker Heaven\data\37.gif (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Poker Heaven\data\38.gif (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Poker Heaven\data\39.gif (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Poker Heaven\data\4.gif (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Poker Heaven\data\40.gif (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Poker Heaven\data\41.gif (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Poker Heaven\data\42.gif (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Poker Heaven\data\43.gif (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Poker Heaven\data\44.gif (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Poker Heaven\data\45.gif (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Poker Heaven\data\46.gif (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Poker Heaven\data\47.gif (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Poker Heaven\data\48.gif (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Poker Heaven\data\49.gif (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Poker Heaven\data\5.gif (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Poker Heaven\data\50.gif (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Poker Heaven\data\51.gif (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Poker Heaven\data\6.gif (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Poker Heaven\data\7.gif (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Poker Heaven\data\8.gif (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Poker Heaven\data\9.gif (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Poker Heaven\data\allin_popup.bmp (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Poker Heaven\data\allin_popup_mini.png (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Poker Heaven\data\archive.xsl (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Poker Heaven\data\archive_ff.xsl (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Poker Heaven\data\avatar.bmp (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Poker Heaven\data\b.gif (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Poker Heaven\data\base.css (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Poker Heaven\data\bj_bkg.jpg (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Poker Heaven\data\bkg.gif (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Poker Heaven\data\bkg_playerlist.png (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Poker Heaven\data\bkg_playernotes.png (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Poker Heaven\data\browserdetect.js (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Poker Heaven\data\but_blackjack.png (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Poker Heaven\data\but_close.bmp (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Poker Heaven\data\but_filters_big.bmp (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Poker Heaven\data\but_filters_small.bmp (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Poker Heaven\data\but_game.bmp (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Poker Heaven\data\but_game.png (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Poker Heaven\data\but_general.bmp (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Poker Heaven\data\but_join.bmp (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Poker Heaven\data\but_join.png (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Poker Heaven\data\but_join_mini.png (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Poker Heaven\data\but_main.bmp (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Poker Heaven\data\but_medium.bmp (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Poker Heaven\data\but_minmax.bmp (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Poker Heaven\data\but_sublevels_big.bmp (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Poker Heaven\data\but_sublevels_small.bmp (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Poker Heaven\data\but_timebank.png (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Poker Heaven\data\but_timebank_mini.png (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Poker Heaven\data\caret.bmp (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Poker Heaven\data\chatbubble.bmp (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Poker Heaven\data\chatpanel_mini.png (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Poker Heaven\data\chips.bmp (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Poker Heaven\data\decktype_settings.bmp (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Poker Heaven\data\edit.bmp (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Poker Heaven\data\gamelimits1.bmp (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Poker Heaven\data\gamelimits2.bmp (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Poker Heaven\data\gamelimits3.bmp (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Poker Heaven\data\game_bjframe.bmp (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Poker Heaven\data\game_blackjack.png (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Poker Heaven\data\game_summary.bmp (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Poker Heaven\data\gre_font_10p_regular.xbf (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Poker Heaven\data\gre_font_11p_regular.xbf (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Poker Heaven\data\hand.html (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Poker Heaven\data\hand.xsl (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Poker Heaven\data\hand_cursor.bmp (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Poker Heaven\data\hand_ff.xsl (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Poker Heaven\data\harrow.cur (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Poker Heaven\data\headers_bkg.bmp (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Poker Heaven\data\headers_text.bmp (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Poker Heaven\data\history.html (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Poker Heaven\data\history.xsl (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Poker Heaven\data\history_ff.xsl (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Poker Heaven\data\icon_mute_unmute_notes.png (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Poker Heaven\data\input_additional.bmp (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Poker Heaven\data\input_additional_mini.png (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Poker Heaven\data\input_boxes.bmp (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Poker Heaven\data\input_lists.bmp (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Poker Heaven\data\language.xml (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Poker Heaven\data\language.xsl (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Poker Heaven\data\languages.bmp (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Poker Heaven\data\language_ff.xsl (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Poker Heaven\data\main.js (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Poker Heaven\data\main_bkg.jpg (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Poker Heaven\data\main_listhi.bmp (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Poker Heaven\data\menu_buttons.png (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Poker Heaven\data\menu_window_headers.png (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Poker Heaven\data\navigator_bg.bmp (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Poker Heaven\data\navigator_buttons.bmp (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Poker Heaven\data\navigator_moneytext.jpg (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Poker Heaven\data\navigator_timer.bmp (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Poker Heaven\data\panel_big.bmp (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Poker Heaven\data\panel_bottom.bmp (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Poker Heaven\data\panel_game_big.bmp (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Poker Heaven\data\panel_game_small.bmp (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Poker Heaven\data\panel_game_small.png (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Poker Heaven\data\panel_game_small_mini.png (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Poker Heaven\data\panel_game_top.bmp (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Poker Heaven\data\panel_left.bmp (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Poker Heaven\data\panel_medium.bmp (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Poker Heaven\data\panel_moretables.bmp (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Poker Heaven\data\panel_texts.bmp (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Poker Heaven\data\panel_top.bmp (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Poker Heaven\data\panel_top_big.bmp (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Poker Heaven\data\pointer.bmp (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Poker Heaven\data\poker_bkg_mini.jpg (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Poker Heaven\data\poker_cardback.bmp (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Poker Heaven\data\poker_cards.bmp (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Poker Heaven\data\poker_cards_4c.bmp (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Poker Heaven\data\poker_cards_large.bmp (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Poker Heaven\data\poker_cards_large_4c.bmp (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Poker Heaven\data\poker_deckside.jpg (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Poker Heaven\data\poker_font_10p_bold.xbf (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Poker Heaven\data\poker_font_10p_regular.xbf (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Poker Heaven\data\poker_font_11p_bold.xbf (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Poker Heaven\data\poker_font_11p_regular.xbf (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Poker Heaven\data\poker_makechoice.bmp (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Poker Heaven\data\poker_makechoice_mini.png (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Poker Heaven\data\poker_pucks.bmp (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Poker Heaven\data\poker_pucks_mini.png (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Poker Heaven\data\pol_font_10p_regular.xbf (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Poker Heaven\data\pol_font_11p_regular.xbf (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Poker Heaven\data\popupbkg.png (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Poker Heaven\data\popups.bmp (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Poker Heaven\data\position_actions.png (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Poker Heaven\data\position_actions_mini.png (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Poker Heaven\data\position_active.bmp (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Poker Heaven\data\position_active.png (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Poker Heaven\data\position_active_mini.png (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Poker Heaven\data\position_inactive.bmp (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Poker Heaven\data\position_inactive.png (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Poker Heaven\data\position_inactive_mini.png (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Poker Heaven\data\position_mute.bmp (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Poker Heaven\data\position_note.bmp (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Poker Heaven\data\position_numbers.bmp (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Poker Heaven\data\pot_bets.bmp (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Poker Heaven\data\progress_ani.bmp (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Poker Heaven\data\promo-test1.jpg (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Poker Heaven\data\rus_font_10p_regular.xbf (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Poker Heaven\data\rus_font_11p_regular.xbf (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Poker Heaven\data\sc_bkg8.jpg (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Poker Heaven\data\tablelimits_bkg_mini.png (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Poker Heaven\data\tablelimits_header.png (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Poker Heaven\data\tablelimits_minmax.png (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Poker Heaven\data\tabs_big.bmp (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Poker Heaven\data\tabs_small.bmp (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Poker Heaven\data\tab_casino.bmp (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Poker Heaven\data\text.gif (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Poker Heaven\data\timeslider.bmp (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Poker Heaven\data\timeslider_mini.bmp (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Poker Heaven\data\tournamentinfo_bkg.png (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Poker Heaven\data\tur_font_10p_regular.xbf (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Poker Heaven\data\tur_font_11p_regular.xbf (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Poker Heaven\data\tx_bkg10.jpg (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Poker Heaven\data\tx_bkg5.jpg (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Poker Heaven\data\user.xsl (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Poker Heaven\data\user_ff.xsl (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Poker Heaven\data\white_line.bmp (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Poker Heaven\data\win_graphics.bmp (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Poker Heaven\data\xml.gif (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Poker Heaven\data\xml_decoder.js (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Poker Heaven\history\832001\archive.xml (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Poker Heaven\history\832001\history_0747.xml (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Poker Heaven\history\832001\session132365037.xml (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Poker Heaven\history\832001\session132365068.xml (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Poker Heaven\history\832001\stats_GAME_FCS.xml (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Poker Heaven\history\832001\stats_GAME_SCS.xml (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Poker Heaven\history\832001\stats_GAME_SOKO.xml (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Poker Heaven\history\832001\stats_GAME_THM.xml (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Poker Heaven\notes\1029699.txt (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Poker Heaven\notes\1068227.txt (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Poker Heaven\notes\1561368.txt (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Poker Heaven\notes\1727986.txt (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Poker Heaven\notes\1791801.txt (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Poker Heaven\notes\1950292.txt (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Poker Heaven\notes\2165414.txt (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Poker Heaven\notes\421402.txt (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Poker Heaven\notes\531299.txt (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Poker Heaven\notes\579936.txt (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Poker Heaven\notes\888621.txt (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Poker Heaven\notes\992439.txt (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Poker Heaven\promo\BJHhalfmanic.jpg (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Poker Heaven\promo\PHbj.jpg (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Poker Heaven\promo\phhalf100kguaranteed.jpg (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Poker Heaven\promo\PHhalf250k.jpg (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Poker Heaven\promo\PHhalf250ksun.jpg (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Poker Heaven\promo\PHhalfcashd.jpg (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Poker Heaven\promo\PHhalfe1000free.jpg (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Poker Heaven\promo\PHhalfeptchoice.jpg (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Poker Heaven\promo\PHhalffb.jpg (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Poker Heaven\promo\PHhalfhelsinki.jpg (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Poker Heaven\promo\PHhalfraf.jpg (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Poker Heaven\promo\PHhalftpz.jpg (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Poker Heaven\promo\PHhalftpzborder.jpg (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Poker Heaven\promo\ph_vegas_full_rev.jpg (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Poker Heaven\sfx\c_button.wav (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Poker Heaven\sfx\c_chip.wav (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Poker Heaven\sfx\c_deal.mp3 (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Poker Heaven\sfx\p_alert.wav (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Poker Heaven\sfx\p_checkknock.wav (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Poker Heaven\xrs\blackjack_game_panel.xrs (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Poker Heaven\xrs\blackjack_main.xrs (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Poker Heaven\xrs\common.xrs (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Poker Heaven\xrs\ext_clientspecific.xrs (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Poker Heaven\xrs\ext_game.xrs (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Poker Heaven\xrs\ext_general.xrs (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Poker Heaven\xrs\ext_mc_main.xrs (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Poker Heaven\xrs\ext_navigator.xrs (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Poker Heaven\xrs\fcs_main.xrs (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Poker Heaven\xrs\fc_join.xrs (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Poker Heaven\xrs\fc_main.xrs (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Poker Heaven\xrs\filemap.xrs (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Poker Heaven\xrs\filerefs.xrs (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Poker Heaven\xrs\gameclient.xrs (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Poker Heaven\xrs\game_common.xrs (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Poker Heaven\xrs\game_common_message.xrs (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Poker Heaven\xrs\game_common_mini.xrs (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Poker Heaven\xrs\game_panel.xrs (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Poker Heaven\xrs\game_panel_mini.xrs (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Poker Heaven\xrs\gizmo.xrs (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Poker Heaven\xrs\mc_main.xrs (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Poker Heaven\xrs\message.xrs (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Poker Heaven\xrs\mtt_join.xrs (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Poker Heaven\xrs\mtt_lobby.xrs (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Poker Heaven\xrs\navigator.xrs (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Poker Heaven\xrs\omaha_join.xrs (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Poker Heaven\xrs\omaha_main.xrs (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Poker Heaven\xrs\omaha_main_mini.xrs (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Poker Heaven\xrs\optdef.xrs (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Poker Heaven\xrs\poker_limits.xrs (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Poker Heaven\xrs\sc_join.xrs (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Poker Heaven\xrs\sc_main.xrs (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Poker Heaven\xrs\soko_main.xrs (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Poker Heaven\xrs\tel_main.xrs (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Poker Heaven\xrs\texas_join.xrs (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Poker Heaven\xrs\texas_main.xrs (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Poker Heaven\xrs\texas_main_mini.xrs (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\Poker Heaven\xrs\tournament_join.xrs (Adware.Casino) -> Quarantined and deleted successfully.
HJT-logi:
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 12:43:39 PM, on 6/1/2008
Platform: Windows Vista (WinNT 6.00.1904)
MSIE: Internet Explorer v7.00 (7.00.6000.16643)
Boot mode: Normal
Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskeng.exe
C:\Windows\Explorer.EXE
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Lenovo\PM Driver\PMHandler.exe
C:\Program Files\Lenovo\HOTKEY\TpWAudAp.exe
C:\Windows\RtHDVCpl.exe
C:\Program Files\ThinkPad\ConnectUtilities\ACWLIcon.exe
C:\Windows\Samsung\PanelMgr\SSMMgr.exe
C:\Program Files\Common Files\Lenovo\Scheduler\scheduler_proxy.exe
C:\Program Files\Lenovo\NPDIRECT\tpfnf7sp.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Windows\ehome\ehtray.exe
C:\Windows\ehome\ehmsas.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\Lenovo\Bluetooth Software\BTTray.exe
C:\Program Files\Logitech\SetPoint\SetPoint.exe
C:\Program Files\Lenovo\Bluetooth Software\BtStackServer.exe
C:\Program Files\Common Files\Logitech\KhalShared\KHALMNPR.EXE
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Program Files\Diskeeper Corporation\Diskeeper\DkIcon.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Windows\system32\NOTEPAD.EXE
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\NOTEPAD.EXE
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://lenovo.live.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://g.msn.fi/0SEFIFI/SAOS01?FORM=TOOLBR
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: Adobe PDF Reader -linkkiavustaja - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {1E8A6170-7264-4D0F-BEAE-D42A53123C75} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\1.5\NppBho.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: Windows Liven kirjautumisapuohjelma - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - c:\Program Files\Windows Live Toolbar\msntb.dll
O2 - BHO: ThinkVantage Password Manager - {F040E541-A427-4CF7-85D8-75E3E0F476C5} - C:\Program Files\Lenovo\Client Security Solution\tvtpwm_ie_com.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - c:\Program Files\Windows Live Toolbar\msntb.dll
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [PMHandler] C:\PROGRA~1\Lenovo\PMDRIV~1\PMHandler.exe
O4 - HKLM\..\Run: [TPWAUDAP] C:\Program Files\Lenovo\HOTKEY\TpWAudAp.exe
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [DiskeeperSystray] "C:\Program Files\Diskeeper Corporation\Diskeeper\DkIcon.exe"
O4 - HKLM\..\Run: [ACWLIcon] C:\Program Files\ThinkPad\ConnectUtilities\ACWLIcon.exe
O4 - HKLM\..\Run: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [Samsung PanelMgr] C:\Windows\Samsung\PanelMgr\SSMMgr.exe /autorun
O4 - HKLM\..\Run: [FingerPrintSoftware] "C:\Program Files\Lenovo Fingerprint Software\fpapp.exe" \s
O4 - HKLM\..\Run: [TVT Scheduler Proxy] C:\Program Files\Common Files\Lenovo\Scheduler\scheduler_proxy.exe
O4 - HKLM\..\Run: [TPFNF7] C:\PROGRA~1\Lenovo\NPDIRECT\TPFNF7SP.exe /r
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [NvSvc] RUNDLL32.EXE C:\Windows\system32\nvsvc.dll,nvsvcStart
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [Symantec PIF AlertEng] "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /a /m "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\AlertEng.dll"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-21-3075153018-759099659-2898441012-1004\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun (User 'postgres')
O4 - HKUS\S-1-5-18\..\Run: [Nokia.PCSync] C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [Nokia.PCSync] C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog (User 'Default user')
O4 - Global Startup: Bluetooth.lnk = ?
O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\SetPoint.exe
O8 - Extra context menu item: &Windows Live Search - res://c:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Send image to &Bluetooth Device... - C:\Program Files\Lenovo\Bluetooth Software\btsendto_ie_ctx.htm
O8 - Extra context menu item: Send page to &Bluetooth Device... - C:\Program Files\Lenovo\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: (no name) - {0045D4BC-5189-4b67-969C-83BB1906C421} - C:\Program Files\Lenovo\Client Security Solution\tvtpwm_ie_com.dll
O9 - Extra 'Tools' menuitem: ThinkVantage Password Manager... - {0045D4BC-5189-4b67-969C-83BB1906C421} - C:\Program Files\Lenovo\Client Security Solution\tvtpwm_ie_com.dll
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: BetOnBet Poker - {2B936D2B-EDD7-405f-9057-3685BE897E62} - C:\Microgaming\Poker\betonbetMPP\MPPoker.exe
O9 - Extra button: PokerStars - {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - C:\Program Files\PokerStars\PokerStarsUpdate.exe
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Programs\PartyGaming\PartyPoker\RunApp.exe
O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Programs\PartyGaming\PartyPoker\RunApp.exe
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\Lenovo\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\Lenovo\Bluetooth Software\btsendto_ie.htm
O13 - Gopher Prefix:
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/sh...ash/swflash.cab
O16 - DPF: {D821DC4A-0814-435E-9820-661C543A4679} (CRLDownloadWrapper Class) - http://drmlicense.one.microsoft.com/crlupdate/en/crlocx.ocx
O22 - SharedTaskScheduler: Windows DreamScene - {E31004D1-A431-41B8-826F-E902F9D95C81} - C:\Windows\System32\DreamScene.dll
O23 - Service: Ac Profile Manager Service (AcPrfMgrSvc) - Lenovo - C:\Program Files\ThinkPad\ConnectUtilities\AcPrfMgrSvc.exe
O23 - Service: Access Connections Main Service (AcSvc) - Lenovo - C:\Program Files\ThinkPad\ConnectUtilities\AcSvc.exe
O23 - Service: Agere Modem Call Progress Audio (AgereModemAudio) - Agere Systems - C:\Windows\system32\agrsmsvc.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Automaattinen LiveUpdate-ajastustoiminto - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: ccEvtMgr - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: ccSetMgr - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: COM Host (comHost) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\VAScanner\comHost.exe
O23 - Service: Diskeeper - Diskeeper Corporation - C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe
O23 - Service: Fn+F5 Service (FNF5SVC) - Lenovo. - C:\Program Files\LENOVO\HOTKEY\FNF5SVC.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Intel(R) Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: iPod-palvelu (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: IPS Core Service (IPSSVC) - Lenovo Group Limited - C:\Windows\system32\IPSSVC.EXE
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: LiveUpdate Notice Service Ex (LiveUpdate Notice Ex) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: LiveUpdate Notice Service - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
O23 - Service: Pure Networks Net2Go Service (nmraapache) - Pure Networks, Inc. - C:\Program Files\Pure Networks\Network Magic\WebServer\bin\nmraapache.exe
O23 - Service: Pure Networks Network Magic Service (nmservice) - Pure Networks, Inc. - C:\Program Files\Pure Networks\Network Magic\nmsrvc.exe
O23 - Service: PostgreSQL Database Server 8.2 (pgsql-8.2) - PostgreSQL Global Development Group - C:\Program Files\PostgreSQL\8.2\bin\pg_ctl.exe
O23 - Service: PMSveH - Lenovo - C:\Program Files\Lenovo\PM Driver\PMSveH.exe
O23 - Service: Remote Procedure Call (RPC) Net (rpcnet) - Absolute Software Corp. - C:\Windows\system32\rpcnet.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: System Update (SUService) - Lenovo Group Limited - C:\Program Files\Lenovo\System Update\SUService.exe
O23 - Service: Symantec Core LC - Unknown owner - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: ThinkVantage Registry Monitor Service - Lenovo Group Limited - C:\Program Files\Common Files\Lenovo\tvt_reg_monitor_svc.exe
O23 - Service: On Screen Display (TPHKSVC) - Unknown owner - C:\Program Files\LENOVO\HOTKEY\TPHKSVC.exe
O23 - Service: TSS Core Service (TSSCoreService) - IBM - C:\Program Files\Lenovo\Client Security Solution\tvttcsd.exe
O23 - Service: TVT Backup Protection Service - Unknown owner - C:\Program Files\Lenovo\Rescue and Recovery\rrpservice.exe
O23 - Service: TVT Backup Service - Lenovo Group Limited - C:\Program Files\Lenovo\Rescue and Recovery\rrservice.exe
O23 - Service: TVT Scheduler - Lenovo Group Limited - c:\Program Files\Common Files\Lenovo\Scheduler\tvtsched.exe
--
End of file - 13156 bytes
ComboFix-logi:
ComboFix 08-05-29.1 - Tuomas 06/01/2008 0:34:09.3 - NTFSx86
Microsoft® Windows Vista? Ultimate 6.0.6000.0.1252.358.1033.18.972 [GMT 3:00]
Running from: C:\Users\Tuomas\Desktop\ComboFix.exe
Command switches used :: C:\Users\Tuomas\Desktop\CFScript.txt
* Created a new restore point
FILE ::
C:\dci.exe
C:\ddc.exe
C:\img.exe
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\dci.exe
C:\ddc.exe
C:\img.exe
.
((((((((((((((((((((((((( Files Created from 2008-04-28 to 2008-05-31 )))))))))))))))))))))))))))))))
.
No new files created in this timespan
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-05-31 11:29 47,104 ----a-w C:\Windows\System32\rpcnet.dll
2008-05-31 11:29 17,408 ----a-w C:\Windows\System32\rpcnetp.exe
2008-05-31 11:14 --------- d---a-w C:\ProgramData\TEMP
2008-05-31 07:20 --------- d-----w C:\ProgramData\Symantec
2008-05-31 06:52 805 ----a-w C:\Windows\system32\drivers\SYMEVENT.INF
2008-05-31 06:52 123,952 ----a-w C:\Windows\system32\drivers\SYMEVENT.SYS
2008-05-31 06:52 10,671 ----a-w C:\Windows\system32\drivers\SYMEVENT.CAT
2008-05-31 06:52 --------- d-----w C:\Program Files\Symantec
2008-05-30 18:20 --------- d-----w C:\Program Files\Norton 360
2008-05-30 17:59 --------- d-----w C:\Program Files\Trend Micro
2008-05-30 17:47 17,408 ----a-w C:\Windows\System32\rpcnetp.dll
2008-05-30 15:45 --------- d-----w C:\Program Files\Alwil Software
2008-05-29 20:51 --------- d-----w C:\Users\Tuomas\AppData\Roaming\mIRC
2008-05-29 18:38 --------- d-----w C:\Program Files\mIRC
2008-05-21 15:50 --------- d-----w C:\Program Files\Microsoft Silverlight
2008-05-19 15:39 --------- d-----w C:\Program Files\Windows Mail
2008-05-15 23:18 50,768 ----a-w C:\Windows\system32\drivers\aswMonFlt.sys
2008-05-15 20:46 --------- d-----w C:\Program Files\Poker Tracker Omaha
2008-05-15 20:39 --------- d-----w C:\Program Files\Poker Tracker V2
2008-05-08 13:21 --------- d-----w C:\Program Files\PokerTracker 3
2008-05-07 16:51 --------- d-----w C:\Program Files\Mozilla Thunderbird
2008-05-04 16:23 --------- d-----w C:\Program Files\Full Tilt Poker
2008-04-27 19:06 82,408 ----a-w C:\Users\Tuomas\AppData\Roaming\nvModes.dat
2008-04-20 15:11 --------- d-----w C:\Program Files\PokerStars
2008-04-17 17:05 --------- dcsh--w C:\Program Files\Common Files\WindowsLiveInstaller
2008-04-17 17:05 --------- d-----w C:\Program Files\Windows Live
2008-04-17 17:02 --------- d-----w C:\ProgramData\WLInstaller
2008-04-12 17:18 --------- d-----w C:\Program Files\Safari
2008-04-12 17:17 --------- d-----w C:\Program Files\iTunes
2008-04-12 17:17 --------- d-----w C:\Program Files\iPod
2008-04-12 17:16 --------- d-----w C:\Program Files\QuickTime
2008-04-06 19:57 --------- d-----w C:\Users\Tuomas\AppData\Roaming\uTorrent
2008-03-31 15:30 47,104 ----a-w C:\Windows\System32\rpcnet.exe
2008-03-12 20:21 678,408 ----a-w C:\Windows\System32\gpprefcl.dll
2008-03-08 04:30 537,600 ----a-w C:\Windows\AppPatch\AcLayers.dll
2008-03-08 04:30 449,536 ----a-w C:\Windows\AppPatch\AcSpecfc.dll
2008-03-08 04:30 2,144,256 ----a-w C:\Windows\AppPatch\AcGenral.dll
2008-03-08 04:30 173,056 ----a-w C:\Windows\AppPatch\AcXtrnal.dll
2008-03-08 04:30 1,686,528 ----a-w C:\Windows\System32\gameux.dll
2008-03-08 00:37 4,247,552 ----a-w C:\Windows\System32\GameUXLegacyGDFs.dll
2008-03-08 00:22 2,560 ----a-w C:\Windows\AppPatch\AcRes.dll
2008-02-29 06:51 19,000 ----a-w C:\Windows\System32\kd1394.dll
2008-02-29 06:39 40,960 ----a-w C:\Windows\System32\srclient.dll
2008-02-29 06:39 371,712 ----a-w C:\Windows\System32\srcore.dll
2008-02-29 06:38 313,856 ----a-w C:\Windows\System32\rstrui.exe
2008-02-29 06:38 16,384 ----a-w C:\Windows\System32\srdelayed.exe
2008-02-29 06:35 6,656 ----a-w C:\Windows\System32\kbd106n.dll
2008-02-29 06:34 7,168 ----a-w C:\Windows\System32\f3ahvoas.dll
2008-02-29 04:16 2,027,008 ----a-w C:\Windows\System32\win32k.sys
2008-02-21 04:43 826,368 ----a-w C:\Windows\System32\wininet.dll
2008-02-21 04:43 56,320 ----a-w C:\Windows\System32\iesetup.dll
2008-02-21 04:43 52,736 ----a-w C:\Windows\AppPatch\iebrshim.dll
2008-02-21 04:43 296,448 ----a-w C:\Windows\System32\gdi32.dll
2008-02-21 04:43 26,624 ----a-w C:\Windows\System32\ieUnatt.exe
2008-02-19 05:10 620,088 ----a-w C:\Windows\System32\ci.dll
2008-02-14 23:19 944,184 ----a-w C:\Windows\System32\winload.exe
2008-02-13 20:40 194,560 ----a-w C:\Windows\System32\WebClnt.dll
2008-02-13 20:39 613,888 ----a-w C:\Windows\System32\wpd_ci.dll
2008-02-13 20:39 558,080 ----a-w C:\Windows\System32\oleaut32.dll
2008-02-13 20:39 260,096 ----a-w C:\Windows\System32\dpx.dll
2008-02-13 20:39 224,824 ----a-w C:\Windows\System32\clfs.sys
2008-02-13 20:39 221,696 ----a-w C:\Windows\System32\umpnpmgr.dll
2008-02-13 20:39 19,456 ----a-w C:\Windows\System32\cfgmgr32.dll
2008-02-13 20:39 12,800 ----a-w C:\Windows\System32\batt.dll
2008-02-13 20:39 101,888 ----a-w C:\Windows\System32\drvinst.exe
2008-02-13 20:39 1,585,664 ----a-w C:\Windows\System32\setupapi.dll
2008-02-13 20:38 905,400 ----a-w C:\Windows\System32\winresume.exe
2008-02-13 20:38 595,456 ----a-w C:\Windows\System32\schedsvc.dll
2008-02-13 20:38 39,424 ----a-w C:\Windows\System32\lodctr.exe
2008-02-13 20:38 35,328 ----a-w C:\Windows\System32\dispci.dll
2008-02-13 20:38 32,256 ----a-w C:\Windows\System32\unlodctr.exe
2008-02-13 20:38 23,552 ----a-w C:\Windows\System32\nshhttp.dll
2008-02-13 20:38 17,408 ----a-w C:\Windows\System32\prflbmsg.dll
2008-02-13 20:38 115,200 ----a-w C:\Windows\System32\loadperf.dll
2008-02-13 20:36 3,505,720 ----a-w C:\Windows\System32\ntkrnlpa.exe
2008-02-13 20:36 3,471,928 ----a-w C:\Windows\System32\ntoskrnl.exe
2008-02-13 20:35 24,064 ----a-w C:\Windows\System32\netcfg.exe
2008-02-13 20:35 22,016 ----a-w C:\Windows\System32\netiougc.exe
2008-02-13 20:35 167,424 ----a-w C:\Windows\System32\tcpipcfg.dll
2007-08-31 15:48 174 --sh--w C:\Program Files\desktop.ini
2008-01-05 17:18 16,384 --sh--w C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Feeds Cache\index.dat
.
------- Sigcheck -------
.
((((((((((((((((((((((((((((( snapshot_Sat 05-31-2008_14.21.58.89 )))))))))))))))))))))))))))))))))))))))))
.
- 2008-05-31 06:57:01 67,584 --s-a-w C:\Windows\bootstat.dat
+ 2008-05-31 11:28:53 67,584 --s-a-w C:\Windows\bootstat.dat
- 2008-05-31 06:57:02 2,048 --sha-w C:\Windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
+ 2008-05-31 11:28:54 2,048 --sha-w C:\Windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
- 2008-05-31 06:57:02 2,048 --sha-w C:\Windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
+ 2008-05-31 11:28:54 2,048 --sha-w C:\Windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
- 2008-05-31 07:00:16 262,144 --sha-w C:\Windows\ServiceProfiles\LocalService\NTUSER.DAT
+ 2008-05-31 11:31:53 262,144 --sha-w C:\Windows\ServiceProfiles\LocalService\NTUSER.DAT
- 2008-05-31 07:01:13 262,144 --sha-w C:\Windows\ServiceProfiles\NetworkService\NTUSER.DAT
+ 2008-05-31 11:31:46 262,144 --sha-w C:\Windows\ServiceProfiles\NetworkService\NTUSER.DAT
+ 2008-05-31 11:31:46 262,144 ---ha-w C:\Windows\ServiceProfiles\NetworkService\ntuser.dat.LOG1
- 2008-05-31 10:59:01 32,768 --sh--w C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2008-05-31 20:49:37 32,768 --sh--w C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2008-05-31 20:49:37 32,768 --sha-w C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2008-05-31 10:59:01 16,384 --sh--w C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2008-05-31 20:49:37 16,384 --sh--w C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2008-05-31 07:05:23 103,924 ----a-w C:\Windows\System32\perfc009.dat
+ 2008-05-31 11:36:56 103,924 ----a-w C:\Windows\System32\perfc009.dat
- 2008-05-31 07:05:23 83,888 ----a-w C:\Windows\System32\perfc00B.dat
+ 2008-05-31 11:36:56 83,888 ----a-w C:\Windows\System32\perfc00B.dat
- 2008-05-31 07:05:23 81,394 ----a-w C:\Windows\System32\perfc01D.dat
+ 2008-05-31 11:36:57 81,394 ----a-w C:\Windows\System32\perfc01D.dat
- 2008-05-31 07:05:23 610,142 ----a-w C:\Windows\System32\perfh009.dat
+ 2008-05-31 11:36:56 610,142 ----a-w C:\Windows\System32\perfh009.dat
- 2008-05-31 07:05:23 459,540 ----a-w C:\Windows\System32\perfh00B.dat
+ 2008-05-31 11:36:57 459,540 ----a-w C:\Windows\System32\perfh00B.dat
- 2008-05-31 07:05:23 463,874 ----a-w C:\Windows\System32\perfh01D.dat
+ 2008-05-31 11:36:57 463,874 ----a-w C:\Windows\System32\perfh01D.dat
- 2008-05-31 07:01:01 14,496 ----a-w C:\Windows\System32\WDI\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-3075153018-759099659-2898441012-1000_UserData.bin
+ 2008-05-31 11:31:32 14,496 ----a-w C:\Windows\System32\WDI\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-3075153018-759099659-2898441012-1000_UserData.bin
- 2008-05-31 07:01:00 79,036 ----a-w C:\Windows\System32\WDI\BootPerformanceDiagnostics_SystemData.bin
+ 2008-05-31 11:31:32 79,164 ----a-w C:\Windows\System32\WDI\BootPerformanceDiagnostics_SystemData.bin
- 2008-05-31 07:00:56 55,344 ----a-w C:\Windows\System32\WDI\ShutdownPerformanceDiagnostics_SystemData.bin
+ 2008-05-31 11:31:25 55,630 ----a-w C:\Windows\System32\WDI\ShutdownPerformanceDiagnostics_SystemData.bin
.
-- Snapshot reset to current date --
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ehTray.exe"="C:\Windows\ehome\ehTray.exe" [11/02/2006 03:34 PM 125440]
"msnmsgr"="C:\Program Files\Windows Live\Messenger\MsnMsgr.exe" [10/18/2007 11:34 AM 5724184]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe" [09/22/2007 10:20 AM 171448]
"WMPNSCFG"="C:\Program Files\Windows Media Player\WMPNSCFG.exe" [11/02/2006 03:33 PM 201728]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SynTPEnh"="C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" [10/23/2006 05:00 AM 815104]
"PMHandler"="C:\PROGRA~1\Lenovo\PMDRIV~1\PMHandler.exe" [06/06/2007 03:11 AM 34352]
"TPWAUDAP"="C:\Program Files\Lenovo\HOTKEY\TpWAudAp.exe" [09/06/2006 10:38 AM 54824]
"RtHDVCpl"="RtHDVCpl.exe" [03/23/2007 02:04 PM 4423680 C:\Windows\RtHDVCpl.exe]
"DiskeeperSystray"="C:\Program Files\Diskeeper Corporation\Diskeeper\DkIcon.exe" [11/16/2006 02:21 AM 217176]
"ACWLIcon"="C:\Program Files\ThinkPad\ConnectUtilities\ACWLIcon.exe" [07/05/2007 03:49 PM 124200]
"Kernel and Hardware Abstraction Layer"="KHALMNPR.EXE" [04/11/2007 03:32 PM 56080 C:\Windows\KHALMNPR.Exe]
"Samsung PanelMgr"="C:\Windows\Samsung\PanelMgr\SSMMgr.exe" [12/14/2006 03:25 PM 520192]
"FingerPrintSoftware"="C:\Program Files\Lenovo Fingerprint Software\fpapp.exe" [03/02/2007 04:32 PM 933888]
"TVT Scheduler Proxy"="C:\Program Files\Common Files\Lenovo\Scheduler\scheduler_proxy.exe" [11/06/2007 04:27 PM 487424]
"TPFNF7"="C:\PROGRA~1\Lenovo\NPDIRECT\TPFNF7SP.exe" [04/10/2007 03:03 AM 58416]
"ccApp"="C:\Program Files\Common Files\Symantec Shared\ccApp.exe" [01/10/2007 12:59 AM 115816]
"NvSvc"="C:\Windows\system32\nvsvc.dll" [01/13/2007 03:40 AM 90191]
"NvCplDaemon"="C:\Windows\system32\NvCpl.dll" [01/13/2007 03:40 AM 7766016]
"Symantec PIF AlertEng"="C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" [01/29/2008 06:38 PM 583048]
"QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" [03/28/2008 11:37 PM 413696]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [03/30/2008 10:36 AM 267048]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"Nokia.PCSync"="C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe" [06/19/2007 10:17 AM 1241088]
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\
Bluetooth.lnk - C:\Program Files\Lenovo\Bluetooth Software\BTTray.exe [3/29/2007 11:11:50 PM 719664]
Logitech SetPoint.lnk - C:\Program Files\Logitech\SetPoint\SetPoint.exe [8/19/2007 7:32:36 PM 692224]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableLUA"= 0 (0x0)
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"VIDC.AP41"= APmpg4v1.dll
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
--a------ 03/30/2008 10:36 AM 267048 C:\Program Files\iTunes\iTunesHelper.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PCSuiteTrayApplication]
--------- 06/18/2007 03:10 PM 271360 C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
--a------ 03/28/2008 11:37 PM 413696 C:\Program Files\QuickTime\QTTask.exe
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"UacDisableNotify"=dword:00000001
"InternetSettingsDisableNotify"=dword:00000001
"AutoUpdateDisableNotify"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\DomainProfile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]
"{C5C3692F-AC10-439B-B46D-031E76F8B60A}"= TCP:67:DHCP Discovery Service
"{8CB9AB20-C55E-4C4E-A49B-EB5DE83F06C8}"= TCP:67:0.0.0.0:DHCP Discovery Service
"{973530FC-6E7B-4806-B65B-618391C2A3D3}"= UDP:C:\Program Files\Pure Networks\Network Magic\nmsrvc.exe:Pure Networks Network Magic Service
"{82053EB9-DEC1-4DD5-A477-D403BAB6BBA8}"= TCP:C:\Program Files\Pure Networks\Network Magic\nmsrvc.exe:Pure Networks Network Magic Service
"{80C78603-DA86-4897-B488-368CA3F05A56}"= UDP:C:\Program Files\uTorrent\uTorrent.exe:µTorrent
"{F70F03B0-B383-46AB-94A7-C5FEF1C148B6}"= TCP:C:\Program Files\uTorrent\uTorrent.exe:µTorrent
"{63B268CA-337E-4123-AA3D-E54463BE90F0}"= UDP:C:\Program Files\Winamp Remote\bin\Orb.exe:Orb
"{02F11446-90F1-4FC6-B809-0F3D49643F98}"= TCP:C:\Program Files\Winamp Remote\bin\Orb.exe:Orb
"{08164F17-9534-47C7-92F3-89D03DAE3C4A}"= UDP:C:\Program Files\Winamp Remote\bin\OrbTray.exe:OrbTray
"{B0F1DFFF-1356-41F1-884B-6E4936B4F057}"= TCP:C:\Program Files\Winamp Remote\bin\OrbTray.exe:OrbTray
"{2D2F2D0C-B6D8-4123-9BF5-DB3DFD586893}"= UDP:C:\Program Files\Winamp Remote\bin\OrbIR.exe:OrbIR
"{69E9CFD9-29F4-4082-9510-1516119DFBEE}"= TCP:C:\Program Files\Winamp Remote\bin\OrbIR.exe:OrbIR
"{41967499-4FED-4468-8790-A8873E761D42}"= UDP:C:\Program Files\Winamp Remote\bin\OrbStreamerClient.exe:Orb Stream Client
"{55AEF227-A01D-4193-B7F5-4B68B4B50174}"= TCP:C:\Program Files\Winamp Remote\bin\OrbStreamerClient.exe:Orb Stream Client
"{864666A3-32E9-4D7E-B93E-00C77E2E1376}"= UDP:C:\Program Files\iTunes\iTunes.exe:iTunes
"{00EAD35C-53AA-4C55-8CD0-73A8F79D2B4B}"= TCP:C:\Program Files\iTunes\iTunes.exe:iTunes
"{3EBF7F2D-3B11-4B2D-8DE3-724CC0D4057B}"= C:\Program Files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\PublicProfile]
"EnableFirewall"= 0 (0x0)
"DoNotAllowExceptions"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\RestrictedServices\Static\System]
"DFSR-1"= RPort=5722|UDP:%SystemRoot%\system32\svchost.exe|Svc=DFSR:Allow inbound TCP traffic|
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\StandardProfile]
"EnableFirewall"= 0 (0x0)
R0 LPCFilter;LPC Lower Filter Driver;C:\Windows\system32\DRIVERS\LPCFilter.sys [11/10/2006 12:34 AM]
R1 aswSP;avast! Self Protection;C:\Windows\system32\drivers\aswSP.sys [05/16/2008 02:20 AM]
R1 IDSvix86;Symantec Intrusion Prevention Driver;C:\PROGRA~2\Symantec\DEFINI~1\SymcData\idsdefs\20080530.001\IDSvix86.sys [02/13/2008 07:18 PM]
R1 lenovo.smi;Lenovo System Interface Driver;C:\Windows\system32\DRIVERS\smiif32.sys [08/30/2006 01:04 PM]
R2 aswFsBlk;aswFsBlk;C:\Windows\system32\DRIVERS\aswFsBlk.sys [05/16/2008 02:16 AM]
R2 aswMonFlt;aswMonFlt;C:\Windows\system32\DRIVERS\aswMonFlt.sys [05/16/2008 02:18 AM]
R2 Automaattinen LiveUpdate-ajastustoiminto;Automaattinen LiveUpdate-ajastustoiminto;"C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe" [09/26/2007 01:53 PM]
R2 FNF5SVC;Fn+F5 Service;C:\Program Files\LENOVO\HOTKEY\FNF5SVC.exe [04/09/2007 10:24 AM]
R2 pgsql-8.2;PostgreSQL Database Server 8.2;"C:\Program Files\PostgreSQL\8.2\bin\pg_ctl.exe" runservice -N "pgsql-8.2" -D "C:\Program Files\PostgreSQL\8.2\data\" []
R2 SSPORT;SSPORT;C:\Windows\system32\Drivers\SSPORT.sys [12/08/2006 06:33 PM]
R2 TPHKSVC;On Screen Display;C:\Program Files\LENOVO\HOTKEY\TPHKSVC.exe [03/02/2007 02:07 PM]
R2 TVT Backup Protection Service;TVT Backup Protection Service;"C:\Program Files\Lenovo\Rescue and Recovery\rrpservice.exe" [07/10/2007 10:56 PM]
R3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;C:\Windows\system32\DRIVERS\b57nd60x.sys [02/09/2007 01:03 AM]
R3 btwaudio;Bluetooth Audio Device Service;C:\Windows\system32\drivers\btwaudio.sys [03/29/2007 10:46 PM]
R3 btwavdt;Bluetooth AVDT Service;C:\Windows\system32\drivers\btwavdt.sys [02/27/2007 09:20 AM]
R3 btwrchid;btwrchid;C:\Windows\system32\DRIVERS\btwrchid.sys [02/27/2007 09:20 AM]
R3 n558;N558 Bluetooth USB Filter Driver;C:\Windows\system32\Drivers\n558.sys [07/20/2007 06:20 AM]
R3 SYMNDISV;SYMNDISV;C:\Windows\system32\Drivers\SYMNDISV.SYS [01/10/2007 01:32 AM]
R3 TVTI2C;Lenovo SM bus driver;C:\Windows\system32\DRIVERS\Tvti2c.sys [05/22/2007 10:59 PM]
S3 NSNDIS5;NSNDIS5 NDIS Protocol Driver;C:\Windows\system32\NSNDIS5.SYS [03/24/2004 05:12 AM]
S3 TfBulk;TfBulk;C:\Windows\system32\DRIVERS\TfBulk.sys [05/31/2007 09:11 PM]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
bthsvcs REG_MULTI_SZ BthServ
GPSvcGroup REG_MULTI_SZ GPSvc
*Newly Created Service* - COMHOST
.
Contents of the 'Scheduled Tasks' folder
"2008-05-31 21:18:00 C:\Windows\Tasks\Tarkistetaan Windows Live -työkalurivin päivitykset.job"
- c:\Program Files\Windows Live Toolbar\MSNTBUP.EXE
"2008-05-31 19:32:05 C:\Windows\Tasks\User_Feed_Synchronization-{9D2C9BB4-6A54-4BC9-95FA-E34EFE1291D7}.job"
- C:\Windows\system32\msfeedssync.exe
.
**************************************************************************
catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-06-01 00:38:14
Windows 6.0.6000 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
folder error: C:\Windows\system32\drivers\
folder error: C:\Windows\system32\
folder error: C:\Windows\TEMP\
folder error: C:\Windows\system32\wbem\
scan completed successfully
hidden files: 0
**************************************************************************
.
Completion time: 06/01/2008 0:39:19
ComboFix-quarantined-files.txt 2008-05-31 21:39:14
ComboFix2.txt 2008-05-31 11:22:26
Pre-Run: 14,757,412,864 bytes free
Post-Run: 14,621,204,480 bytes free
277 --- E O F --- 2008-05-31 06:46:35
|
AfterDawn Addict
|
1. kesäkuuta 2008 @ 13:44 |
Linkki tähän viestiin
|
|
Puhdasta on !!!
******************************************
Kirjoita windowsin käynnistävalikon Aloita haku-kenttään ComboFix.exe /u paina OK
***************************************************************************
******************************************
Käynnistä Malwarebytes Karanteeni välileti ja tyhjennä roskat.
***************************************************************************
HJT:llä voit halutessasi poistaa nämä:
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O13 - Gopher Prefix:
Puhdasta kesää sinne :D
.
(:)
|
|
Mainos
|
|
|
|
Iivu
Newbie
|
1. kesäkuuta 2008 @ 13:52 |
Linkki tähän viestiin
|
|
Joo, kuten sanoin, olet hieno mies! Pyyteettömästi auttaa toisia.
Palkita sut pitäis!
|
|
