Poistin tuossa n.kuukausi sitten jonkun virus/spyware infektion koneelta ja sen jälkeen taustakuva on ollut musta. Myöskin kuvien "thumbnailit" katosivat samalla. Vaihtaminen ei onnistu enää mitenkään ja teeman vaihdolla ei ole vaikutusta. Kyseessä taisi olla Virtumonde, ja itse asiassa sen poistamisen kanssa on ollut työtä. Käyttöjärjestelmänä on Vista Home Premium, ja virusturvasta vastaa Norton 360 (mikä tuntuu jostain syystä melko heikolta ratkaisulta). Niinpä siihen on tullut lisänä hankittua Malwarebytes' anti-malware, sekä Ad-aware. Tuo AM löytää aika tehokkaasti tuon Vundon koneelta pikaskannilla mutta deep skannilla tulee joku virhe ja kone käynnistyy uudelleen. Eli johtuuko tuo taustakuva ongelma siitä että koneella on edelleen joku tiitiäinen vai onko joku jo mennyt muuttamaan jotain asetuksia/rekistereitä jonka johdosta kuvat eivät toimi? Koneella on niin paljon töitä että en mielellään lähtisi sitä formatoimaan ensimmäisenä... =)
Onko ongelmaan löytynyt ratkaisua? Omalla läppärillä on myös sama ongelma. Tosin ongelma ilmeni normaalin siivouksen yhteydessä, ossa käytin myös Malwarebytes' anti-malwarea.
Bevier Lataa SmitfraudFix (c) S!Ri Pura sisältö (kansio nimeltä SmitfraudFix) työpöydällesi: Avaa SmitfraudFix kansio ja tupla-klikkaa smitfraudfix.cmd Valitse optio #1 - Search kirjoittamalla 1 ja painamalla "Enter"; tekstitiedosto avautuu, joka listaa tarttuneet tiedostot (jos olemassa). Postita ponnahtava rapport – muistion sisältö viestiketjuusi. Löytyy myös C:\rapport.txt Huomaa : process.exe filun tunnistaa jotkut Anti-virus ohjelmat (AntiVir, Dr.Web, Kaspersky) "Haittakaluna"; se ei ole virus, vaan ohjelma joka pysäyttää prosesseja. A/V ohjelmat eivät pysty tunnistamaan hyvän ja pahan käytön tälläisten ohjelmian väliltä, silloin ne saattavat varoittaa käyttäjää.
Ei ole ratkaisua löytynyt. Mutta muokkasin hieman tuota virusturvaa uudelleen. Lopetin Nortonin ja siirryin Avast!/Comodo Pro yhdistelmään eikä ole ollut valittamisia. Tein tuon searchin ohjeen mukaan ja tässä on siis se raportti: C:\Windows\system32\csrss.exe C:\Windows\system32\wininit.exe C:\Windows\system32\csrss.exe C:\Windows\system32\services.exe C:\Windows\system32\lsass.exe C:\Windows\system32\lsm.exe C:\Windows\system32\winlogon.exe C:\Windows\system32\svchost.exe C:\Windows\system32\svchost.exe C:\Windows\System32\svchost.exe C:\Windows\System32\svchost.exe C:\Windows\System32\svchost.exe C:\Windows\system32\svchost.exe C:\Windows\system32\SLsvc.exe C:\Windows\system32\svchost.exe C:\Windows\system32\svchost.exe C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe C:\Program Files\Alwil Software\Avast4\ashServ.exe C:\Windows\system32\Dwm.exe C:\Windows\Explorer.EXE C:\Program Files\Windows Defender\MSASCui.exe C:\hp\support\hpsysdrv.exe C:\Windows\System32\spoolsv.exe C:\Windows\system32\taskeng.exe C:\Windows\system32\svchost.exe C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe C:\Program Files\HP\HP Software Update\hpwuSchd2.exe C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe C:\Windows\System32\wpcumi.exe C:\Program Files\QuickTime\qttask.exe C:\Windows\RtHDVCpl.exe C:\Windows\system32\taskeng.exe C:\Windows\tsnp2std.exe C:\Windows\vsnp2std.exe C:\Program Files\Winamp\winampa.exe C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe C:\Windows\System32\rundll32.exe C:\Program Files\Alwil Software\Avast4\ashDisp.exe C:\Program Files\COMODO\Firewall\cfp.exe C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe C:\Program Files\Windows Sidebar\sidebar.exe C:\Windows\System32\rundll32.exe C:\Windows\ehome\ehtray.exe C:\Program Files\Windows Media Player\wmpnscfg.exe C:\Program Files\Panicware\Pop-Up Stopper Free Edition\PSFree.exe C:\Program Files\DAEMON Tools Lite\daemon.exe C:\Program Files\Siber Systems\AI RoboForm\robotaskbaricon.exe C:\Program Files\WinZip\WZQKPICK.EXE C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe C:\Windows\system32\svchost.exe C:\Program Files\Common Files\InterVideo\DeviceService\DevSvc.exe C:\Program Files\COMODO\Firewall\cmdagent.exe C:\Windows\ehome\ehmsas.exe C:\Program Files\Common Files\Intel\IntelDH\NMS\AdpPlugins\DQLWinService.exe C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe c:\Program Files\Common Files\LightScribe\LSSrvc.exe C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe C:\Windows\system32\PnkBstrA.exe C:\Windows\system32\svchost.exe C:\Windows\system32\svchost.exe C:\Windows\System32\svchost.exe C:\Windows\system32\SearchIndexer.exe C:\Windows\system32\WUDFHost.exe C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe C:\Program Files\Alwil Software\Avast4\ashWebSv.exe C:\Program Files\Windows Media Player\wmpnetwk.exe C:\Windows\system32\wbem\wmiprvse.exe C:\Windows\system32\wbem\unsecapp.exe C:\hp\kbd\kbd.exe C:\Windows\system32\PnkBstrB.exe C:\Windows\system32\conime.exe C:\Program Files\Mozilla Firefox\firefox.exe C:\Windows\system32\cmd.exe C:\Windows\system32\SearchProtocolHost.exe C:\Windows\system32\SearchFilterHost.exe C:\Windows\system32\wbem\wmiprvse.exe »»»»»»»»»»»»»»»»»»»»»»»» hosts »»»»»»»»»»»»»»»»»»»»»»»» C:\ »»»»»»»»»»»»»»»»»»»»»»»» C:\Windows »»»»»»»»»»»»»»»»»»»»»»»» C:\Windows\system »»»»»»»»»»»»»»»»»»»»»»»» C:\Windows\Web »»»»»»»»»»»»»»»»»»»»»»»» C:\Windows\system32 »»»»»»»»»»»»»»»»»»»»»»»» C:\Windows\system32\LogFiles »»»»»»»»»»»»»»»»»»»»»»»» C:\Users\Avalon »»»»»»»»»»»»»»»»»»»»»»»» C:\Users\Avalon\Application Data »»»»»»»»»»»»»»»»»»»»»»»» Start Menu »»»»»»»»»»»»»»»»»»»»»»»» C:\Users\Avalon\FAVORI~1 »»»»»»»»»»»»»»»»»»»»»»»» Desktop »»»»»»»»»»»»»»»»»»»»»»»» C:\Program Files »»»»»»»»»»»»»»»»»»»»»»»» Corrupted keys »»»»»»»»»»»»»»»»»»»»»»»» Desktop Components »»»»»»»»»»»»»»»»»»»»»»»» IEDFix !!!Attention, following keys are not inevitably infected!!! IEDFix Credits: Malware Analysis & Diagnostic Code: S!Ri »»»»»»»»»»»»»»»»»»»»»»»» VACFix !!!Attention, following keys are not inevitably infected!!! VACFix Credits: Malware Analysis & Diagnostic Code: S!Ri »»»»»»»»»»»»»»»»»»»»»»»» 404Fix !!!Attention, following keys are not inevitably infected!!! 404Fix Credits: Malware Analysis & Diagnostic Code: S!Ri »»»»»»»»»»»»»»»»»»»»»»»» AntiXPVSTFix !!!Attention, following keys are not inevitably infected!!! »»»»»»»»»»»»»»»»»»»»»»»» Sharedtaskscheduler !!!Attention, following keys are not inevitably infected!!! SrchSTS.exe by S!Ri Search SharedTaskScheduler's .dll »»»»»»»»»»»»»»»»»»»»»»»» AppInit_DLLs !!!Attention, following keys are not inevitably infected!!! »»»»»»»»»»»»»»»»»»»»»»»» Winlogon !!!Attention, following keys are not inevitably infected!!! [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon] "Userinit"="C:\\Windows\\system32\\userinit.exe," »»»»»»»»»»»»»»»»»»»»»»»» RK »»»»»»»»»»»»»»»»»»»»»»»» DNS Description: Intel(R) PRO/100 VE Network Connection DNS Server Search Order: 193.210.19.19 DNS Server Search Order: 192.89.123.29 HKLM\SYSTEM\CCS\Services\Tcpip\..\{CAE0952E-D612-4FB4-B9A6-86168B385045}: DhcpNameServer=193.210.19.19 192.89.123.29 HKLM\SYSTEM\CS1\Services\Tcpip\..\{CAE0952E-D612-4FB4-B9A6-86168B385045}: DhcpNameServer=193.210.19.19 192.89.123.29 HKLM\SYSTEM\CS3\Services\Tcpip\..\{CAE0952E-D612-4FB4-B9A6-86168B385045}: DhcpNameServer=193.210.19.19 192.89.123.29 HKLM\SYSTEM\CCS\Services\Tcpip\Parameters: DhcpNameServer=193.210.19.19 192.89.123.29 HKLM\SYSTEM\CS1\Services\Tcpip\Parameters: DhcpNameServer=193.210.19.19 192.89.123.29 HKLM\SYSTEM\CS3\Services\Tcpip\Parameters: DhcpNameServer=193.210.19.19 192.89.123.29 »»»»»»»»»»»»»»»»»»»»»»»» Scanning for wininet.dll infection »»»»»»»»»»»»»»»»»»»»»»»» End
Lataa Malwarebytes' Anti-Malware työpöydällesi. 1. Tuplaklikkaa mbam-setup.exe ja seuraa ohjeita asentaaksesi ohjelman. 2. Lopuksi varmistu, että seuraavat on valittu: Update Malwarebytes', Anti-Malwareja Launch Malwarebytes' Anti-Malware ja sen jälkeen klikkaaFinish. 3. Jos päivitys löytyy. ohjelma lataa ja asentaa uusimman version. 4. Kun ohjelma on latautunut, valitse Perform full scan ja klikkaa Scan. 5. Kun skanni on valmis, klikkaa OK ja sitten Show Results nähdäksesi tulokset. 6. Varmistu, että kaikki on merkitty ja klikkaa Remove Selected. 7. Tämän jälkeen loki avautuu muistioon. Tallenna se paikkaan, josta löydät sen helposti. Loki löytyy myös täältä: C:\Documents and Settings\Käyttäjänimi\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\log-päiväys.txt 8. Lähetä lokin sisältö seuraavassa viestissäsi. ============= katotaas miltä tuo hjt:n loki näyttää Lataa TÄSTÄ HJTInstall.exe * Tallenna HJTInstall.exe työpöydällesi. * Tuplaklikkaa HJTInstall.exe-kuvaketta työpöydälläsi. * Oletuksena se asentaa itsensä hakemistoon C:\Program Files\Trend Micro\HijackThis. * Klikkaa Install. * Asennusohjelma luo HijackThis-kuvakkeen työpöydälle. * Kun asennus on valmis, se käynnistää HijackThisin. * Klikkaa Do a system scan and save a logfile-painiketta. Ohjelma aloittaa skannauksen ja lokin pitäisi avautua Muistioon. * Klikkaa ensin "Muokkaa > Valitse kaikki" sitten "Muokkaa > Kopioi" kopioidaksesi koko lokin sisällön. * Liitä lokin sisältö seuraavaan vastaukseesi. * ÄLÄ käytä Analyse This-nappulaa, sen löydöt ovat vaarallisia väärinymmärrettyinä. * ÄLÄ fixaa HijackThis-ohjelmalla vielä mitään. Suurin osa sen löydöistä ovat joko harmittomia tai jopa tarpeellisia.
Ok, elikkä seuraavanlaista lokia näyttäis: Malwarebytes' Anti-Malware 1.28 Tietokantaversio: 1134 Windows 6.0.6001 Service Pack 1 2008-09-21 14:08:07 mbam-log-2008-09-21 (14-08-07).txt Tarkistustyyppi: Täysi tarkistus (C:\|) Tarkistetut kohteet: 244276 Kulunut aika: 1 hour(s), 35 minute(s), 27 second(s) Saastuneita muistiprosesseja: 0 Saastuneita muistimoduuleja: 0 Saastuneita rekisteriavaimia: 3 Saastuneita rekisteriarvoja: 0 Saastuneita rekisterikohteita: 0 Saastuneita hakemistoja: 0 Saastuneita tiedostoja: 0 Saastuneita muistiprosesseja: (Haitallisia kohteita ei löydetty) Saastuneita muistimoduuleja: (Haitallisia kohteita ei löydetty) Saastuneita rekisteriavaimia: HKEY_CURRENT_USER\SOFTWARE\Microsoft\contim (Trojan.Vundo) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\dslcnnct (Trojan.Vundo) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MS Track System (Trojan.Vundo) -> Quarantined and deleted successfully. Saastuneita rekisteriarvoja: (Haitallisia kohteita ei löydetty) Saastuneita rekisterikohteita: (Haitallisia kohteita ei löydetty) Saastuneita hakemistoja: (Haitallisia kohteita ei löydetty) Saastuneita tiedostoja: (Haitallisia kohteita ei löydetty) sekä sitten tämä HJTI:n loki Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 22:13, on 2008-09-21 Platform: Windows Vista SP1 (WinNT 6.00.1905) MSIE: Internet Explorer v7.00 (7.00.6001.18000) Boot mode: Normal Running processes: C:\Windows\system32\Dwm.exe C:\Windows\Explorer.EXE C:\Program Files\Windows Defender\MSASCui.exe C:\hp\support\hpsysdrv.exe C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe C:\Program Files\HP\HP Software Update\hpwuSchd2.exe C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe C:\Windows\System32\wpcumi.exe C:\Program Files\QuickTime\qttask.exe C:\Windows\RtHDVCpl.exe C:\Windows\tsnp2std.exe C:\Windows\vsnp2std.exe C:\Windows\system32\taskeng.exe C:\Program Files\Winamp\winampa.exe C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe C:\Windows\System32\rundll32.exe C:\Windows\System32\rundll32.exe C:\Program Files\Alwil Software\Avast4\ashDisp.exe C:\Program Files\COMODO\Firewall\cfp.exe C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe C:\Program Files\Windows Sidebar\sidebar.exe C:\Windows\ehome\ehtray.exe C:\Program Files\Windows Media Player\wmpnscfg.exe C:\Program Files\Panicware\Pop-Up Stopper Free Edition\PSFree.exe C:\Program Files\DAEMON Tools Lite\daemon.exe C:\Program Files\Siber Systems\AI RoboForm\robotaskbaricon.exe C:\Program Files\WinZip\WZQKPICK.EXE C:\Windows\ehome\ehmsas.exe C:\Windows\system32\wbem\unsecapp.exe C:\hp\kbd\kbd.exe C:\Program Files\Trend Micro\HijackThis\HijackThis.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.soneraplaza.fi R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://haku.soneraplaza.fi/haku/queryie5.jsp R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.soneraplaza.fi R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.soneraplaza.fi R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=FI_FI&c=71&bd=Presario&pf=desktop R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer - toimittaja Sonera Internet R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = O1 - Hosts: ::1 localhost O2 - BHO: RoboForm - {724d43a9-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~3\Office12\GRA8E1~1.DLL O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll O2 - BHO: (no name) - {82B026D9-BEEF-4181-9035-391D9793EEE5} - (no file) O2 - BHO: {57169175-a142-07e8-ac54-03930f63f198} - {891f36f0-3930-45ca-8e70-241a57196175} - (no file) O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll O3 - Toolbar: &RoboForm - {724d43a0-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide O4 - HKLM\..\Run: [hpsysdrv] c:\hp\support\hpsysdrv.exe O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KbdStub.EXE O4 - HKLM\..\Run: [IAAnotif] "C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe" O4 - HKLM\..\Run: [CCUTRAYICON] FactoryMode O4 - HKLM\..\Run: [HP Software Update] c:\Program Files\HP\HP Software Update\HPWuSchd2.exe O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe" O4 - HKLM\..\Run: [WPCUMI] C:\Windows\system32\WpcUmi.exe O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe O4 - HKLM\..\Run: [USB2Check] RUNDLL32.EXE "C:\Windows\system32\PCLECoInst.dll",CheckUSBController O4 - HKLM\..\Run: [USBToolTip] "C:\Program Files\Pinnacle\Shared Files\\Programs\USBTip\USBTip.exe" O4 - HKLM\..\Run: [tsnp2std] C:\Windows\tsnp2std.exe O4 - HKLM\..\Run: [snp2std] C:\Windows\vsnp2std.exe O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe O4 - HKLM\..\Run: [Symantec PIF AlertEng] "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /a /m "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\AlertEng.dll" O4 - HKLM\..\Run: [NvSvc] RUNDLL32.EXE C:\Windows\system32\nvsvc.dll,nvsvcStart O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe O4 - HKLM\..\Run: [COMODO Firewall Pro] "C:\Program Files\COMODO\Firewall\cfp.exe" -h O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe" O4 - HKLM\..\RunOnce: [Launcher] %WINDIR%\SMINST\launcher.exe O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe O4 - HKCU\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\isuspm.exe -startup O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe O4 - HKCU\..\Run: [LaunchList] C:\Program Files\Pinnacle\Studio 11\LaunchList2.exe O4 - HKCU\..\Run: [PopUpStopperFreeEdition] "C:\Program Files\Panicware\Pop-Up Stopper Free Edition\PSFree.exe" O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\daemon.exe" -autorun O4 - HKCU\..\Run: [MSSMSGS] rundll32.exe winwrv32.rom,HdyRun O4 - HKCU\..\Run: [RoboForm] "C:\Program Files\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe" O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'Paikallinen palvelu') O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'Paikallinen palvelu') O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'Verkkopalvelu') O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000 O8 - Extra context menu item: Muutavalikkoa - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComCustomizeIEMenu.html O8 - Extra context menu item: RF Työkalupalkki - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html O8 - Extra context menu item: Tallenna lomakkeet - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html O8 - Extra context menu item: Täytä lomakkeet - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\PROGRA~1\Java\JR1916~1.0_0\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\PROGRA~1\Java\JR1916~1.0_0\bin\ssv.dll O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll O9 - Extra button: Täytä lomakkeet - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html O9 - Extra 'Tools' menuitem: Täytä lomakkeet - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html O9 - Extra button: Tallenna - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html O9 - Extra 'Tools' menuitem: Tallenna lomakkeet - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html O9 - Extra button: RoboForm - {724d43aa-0d85-11d4-9908-00400523e39a} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html O9 - Extra 'Tools' menuitem: RF Työkalupalkki - {724d43aa-0d85-11d4-9908-00400523e39a} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll O13 - Gopher Prefix: O15 - Trusted Zone: *.moove.com O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~3\Office12\GR99D3~1.DLL O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe O23 - Service: Intel(R) Alert Service (AlertService) - Intel(R) Corporation - C:\Program Files\Intel\IntelDH\CCU\AlertService.exe O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe O23 - Service: Ati External Event Utility - Unknown owner - C:\Windows\system32\Ati2evxx.exe (file missing) O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe O23 - Service: Capture Device Service - InterVideo Inc. - C:\Program Files\Common Files\InterVideo\DeviceService\DevSvc.exe O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (file missing) O23 - Service: COMODO Firewall Pro Helper Service (cmdAgent) - Unknown owner - C:\Program Files\COMODO\Firewall\cmdagent.exe O23 - Service: DQLWinService - Unknown owner - C:\Program Files\Common Files\Intel\IntelDH\NMS\AdpPlugins\DQLWinService.exe O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: Intel(R) Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: Intel DH Service (IntelDHSvcConf) - Intel(R) Corporation - C:\Program Files\Intel\IntelDH\Intel Media Server\Tools\IntelDHSvcConf.exe O23 - Service: Intel(R) Software Services Manager (ISSM) - Intel(R) Corporation - C:\Program Files\Intel\IntelDH\Intel Media Server\Media Server\bin\ISSM.exe O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - c:\Program Files\Common Files\LightScribe\LSSrvc.exe O23 - Service: LiveUpdate - Unknown owner - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE (file missing) O23 - Service: LiveUpdate Notice Service Ex (LiveUpdate Notice Ex) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (file missing) O23 - Service: LiveUpdate Notice Service - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe O23 - Service: Intel(R) Viiv(TM) Media Server (M1 Server) - Unknown owner - C:\Program Files\Intel\IntelDH\Intel Media Server\Media Server\bin\mediaserver.exe O23 - Service: Intel(R) Application Tracker (MCLServiceATL) - Intel(R) Corporation - C:\Program Files\Intel\IntelDH\Intel Media Server\Shells\MCLServiceATL.exe O23 - Service: PnkBstrA - Unknown owner - C:\Windows\system32\PnkBstrA.exe O23 - Service: Intel(R) Remoting Service (Remote UI Service) - Intel(R) Corporation - C:\Program Files\Intel\IntelDH\Intel Media Server\Shells\Remote UI Service.exe O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - NetGroup - Politecnico di Torino - C:\Program Files\WinPcap\rpcapd.exe O23 - Service: stllssvr - MicroVision Development, Inc. - c:\Program Files\Common Files\SureThing Shared\stllssvr.exe O23 - Service: VundoFix Service (VundoFixSvc) - Atribune.org - C:\Windows\SYSTEM32\VundoFixSVC.exe -- End of file - 13875 bytes
1.Lataa Combofix.exe työpöydällesi yhdestä linkistä: Combofix1 Combofix2 2. Tuplaklikkaa Combofix.exe tiedostoa ja seuraa ohjeistuksia. 3. Kun työkalu on valmis, se tuottaa lokin. Lähetä tämä loki viesti ketjuusi. Huom! Älä klikkaile combofixin ikkunaa käytön aikana. Tämä saattaa aiheuttaa ohjelman jumiutumisen. ============= Päivitä Malwarebytes' Anti-Malware ja aja täysi scannaus
Ok, ajoin tuon Combofixin mutta se ei kuitenkaan lokia jostain syystä antanut. Sen sijaan tuo taustakuva ongelma kyllä korjaantui prosessin aikana? Kaikki on aika lailla niinkuin pitäisikin joten onko kaikki siis kunnossa?
aja se combofix uudelleen =========== Päivitä Malwarebytes' Anti-Malware ja aja täysi scannaus =========== ei oo ainakaan kunnossa kun tuota lokia tuossa katselee ylhäällä
No niin, elikkä tässä tämä loki Combofixiltä. ComboFix 08-09-22.06 - Avalon 2008-09-28 18:48:19.3 - NTFSx86 Microsoft® Windows Vista™ Home Premium 6.0.6001.1.1252.1.1035.18.1370 [GMT 3:00] Sijainti: C:\Users\Avalon\Desktop\ComboFix.exe . (((((((((((((((((((((((((((((((((((((( Muut poistot )))))))))))))))))))))))))))))))))))))))))))))))))))))))) . . ---- Previous Run ------- . C:\Windows\system32\actskn43.ocx C:\Windows\system32\drivers\npf.sys C:\Windows\system32\dtmcljpg.dll C:\Windows\system32\MSINET.oca C:\Windows\system32\packet.dll C:\Windows\system32\pthreadVC.dll C:\Windows\system32\skinboxer43.dll C:\Windows\system32\wanpacket.dll C:\Windows\system32\wpcap.dll . ((((((((((((((((((((((((((((((((((((((( Ajurit/Palvelut ))))))))))))))))))))))))))))))))))))))))))))))))) . -------\Service_NPF ((((( Tiedostot, jotka on luotu seuraavalla aikavälillä: 2008-08-28 to 2008-09-28 ))))))))))))))))) . 2008-09-21 13:28 . 2008-09-21 13:28 <KANSIO> d-------- C:\Program Files\Trend Micro 2008-09-18 10:23 . 2008-09-18 10:23 5,136 --a------ C:\Windows\System32\tmp.reg 2008-09-18 10:22 . 2007-09-06 00:22 289,144 --a------ C:\Windows\System32\VCCLSID.exe 2008-09-18 10:22 . 2006-04-27 17:49 288,417 --a------ C:\Windows\System32\SrchSTS.exe 2008-09-18 10:22 . 2008-09-08 23:38 88,576 --a------ C:\Windows\System32\AntiXPVSTFix.exe 2008-09-18 10:22 . 2008-09-02 16:51 86,528 --a------ C:\Windows\System32\VACFix.exe 2008-09-18 10:22 . 2008-05-18 21:40 82,944 --a------ C:\Windows\System32\IEDFix.exe 2008-09-18 10:22 . 2008-09-15 18:51 82,432 --a------ C:\Windows\System32\IEDFix.C.exe 2008-09-18 10:22 . 2008-08-18 12:19 82,432 --a------ C:\Windows\System32\404Fix.exe 2008-09-18 10:22 . 2003-06-05 21:13 53,248 --a------ C:\Windows\System32\Process.exe 2008-09-18 10:22 . 2004-07-31 18:50 51,200 --a------ C:\Windows\System32\dumphive.exe 2008-09-18 10:22 . 2007-10-04 00:36 25,600 --a------ C:\Windows\System32\WS2Fix.exe 2008-09-18 06:28 . 2008-09-18 06:28 0 --a------ C:\LHTBB.tmp 2008-09-15 14:11 . 2008-09-15 14:11 <KANSIO> d-------- C:\Program Files\Disconnect 2008-09-15 13:42 . 2008-09-16 19:19 46 --a------ C:\Windows\TP-LINK ADSL Modem_Router Utility.INI 2008-09-14 07:59 . 2006-10-26 19:56 32,592 --a------ C:\Windows\System32\msonpmon.dll 2008-09-14 07:54 . 2008-09-14 07:54 <KANSIO> d-------- C:\Program Files\Microsoft.NET 2008-09-14 07:52 . 2008-09-14 07:52 <KANSIO> d-------- C:\Program Files\Microsoft Visual Studio 8 2008-09-14 07:50 . 2008-09-14 08:00 <KANSIO> d-------- C:\Users\All Users\Microsoft Help 2008-09-14 07:50 . 2008-09-14 08:00 <KANSIO> d-------- C:\ProgramData\Microsoft Help 2008-09-14 07:50 . 2008-09-14 07:50 <KANSIO> dr-h----- C:\MSOCache 2008-09-14 07:01 . 2008-04-26 11:26 891,448 --a------ C:\Windows\System32\drivers\tcpipcopy.sys 2008-09-10 12:01 . 2008-07-31 04:13 4,240,384 --a------ C:\Windows\System32\GameUXLegacyGDFs.dll 2008-09-10 12:01 . 2008-08-02 04:01 625,152 --a------ C:\Windows\System32\drivers\dxgkrnl.sys 2008-09-10 12:01 . 2008-06-26 06:29 565,248 --a------ C:\Windows\System32\emdmgmt.dll 2008-09-10 12:01 . 2008-06-26 06:29 303,616 --a------ C:\Windows\System32\wmpeffects.dll 2008-09-10 12:01 . 2008-05-08 22:21 211,968 --a------ C:\Windows\System32\drivers\mrxsmb10.sys 2008-09-10 12:01 . 2008-05-20 05:07 148,480 --a------ C:\Windows\System32\drivers\nwifi.sys 2008-09-10 12:01 . 2008-06-26 06:29 45,056 --a------ C:\Windows\System32\dataclen.dll 2008-09-10 12:01 . 2008-08-02 06:26 36,864 --a------ C:\Windows\System32\cdd.dll 2008-09-10 12:01 . 2008-07-31 06:32 28,160 --a------ C:\Windows\System32\Apphlpdm.dll 2008-09-01 15:39 . 2008-09-10 12:54 54,156 --ah----- C:\Windows\QTFont.qfn 2008-09-01 15:39 . 2008-09-01 15:39 1,409 --a------ C:\Windows\QTFont.for . (((((((((((((((((((((((((((((((((((( Find3M-raportti )))))))))))))))))))))))))))))))))))))))))))))))))))))) . 2008-09-25 17:37 --------- d-----w C:\Program Files\World of Warcraft 2008-09-24 06:17 137,728 ----a-w C:\Windows\system32\drivers\PnkBstrK.sys 2008-09-24 06:16 111,928 ----a-w C:\Windows\System32\PnkBstrB.exe 2008-09-24 04:37 --------- d-----w C:\Program Files\City of Heroes 2008-09-24 04:36 --------- d-----w C:\Program Files\Jasc Software Inc 2008-09-21 09:28 --------- d-----w C:\Program Files\Malwarebytes' Anti-Malware 2008-09-20 03:11 --------- d-----w C:\Program Files\MobMapUpdater 2008-09-15 19:21 --------- d--h--w C:\Program Files\InstallShield Installation Information 2008-09-15 11:58 --------- d-----w C:\Program Files\EA GAMES 2008-09-15 11:42 --------- d-----w C:\Program Files\WinPcap 2008-09-15 11:41 --------- d-----w C:\Program Files\ADSL Pure Bridge Utility 2008-09-14 04:57 --------- d-----w C:\Program Files\MSBuild 2008-09-14 04:57 --------- d-----w C:\Program Files\Microsoft Works 2008-09-14 04:28 --------- d-----w C:\Users\Avalon\AppData\Roaming\uTorrent 2008-09-14 04:03 882,232 ----a-w C:\Windows\system32\drivers\tcpip.sys 2008-09-09 21:04 38,528 ----a-w C:\Windows\system32\drivers\mbamswissarmy.sys 2008-09-09 21:03 17,200 ----a-w C:\Windows\system32\drivers\mbam.sys 2008-08-17 19:26 --------- d-----w C:\ProgramData\Sony Ericsson 2008-08-17 19:24 --------- d-----w C:\Program Files\Sony Ericsson 2008-08-17 14:27 --------- d-----w C:\Program Files\Mafia 2008-08-17 13:48 --------- d-----w C:\Program Files\Mafia 2008-08-15 13:54 --------- d-----w C:\Program Files\Windows Mail 2008-08-11 13:14 --------- d-----w C:\Program Files\LucasArts 2008-08-10 17:27 --------- d-----w C:\ProgramData\Ubisoft 2008-08-10 17:26 66,872 ----a-w C:\Windows\System32\PnkBstrA.exe 2008-08-10 17:26 2,337,865 ----a-w C:\Windows\System32\pbsvc.exe 2008-08-10 17:10 --------- d-----w C:\Program Files\Ubisoft 2008-08-10 07:28 --------- d-----w C:\Program Files\Registry Easy 2008-08-09 17:26 --------- d-----w C:\Program Files\Sierra 2008-08-08 21:12 --------- d-----w C:\ProgramData\GRAW2 2008-08-06 18:03 --------- d-----w C:\Program Files\Black Isle 2008-08-06 17:06 --------- d-----w C:\Program Files\Disciples 2 2008-08-03 09:02 --------- d-----w C:\Program Files\3DO 2008-08-01 23:00 43,520 ----a-w C:\Windows\System32\CmdLineExt03.dll 2008-08-01 16:22 --------- d-----w C:\Program Files\THQ 2008-07-31 03:32 460,288 ----a-w C:\Windows\AppPatch\AcSpecfc.dll 2008-07-31 03:32 2,154,496 ----a-w C:\Windows\AppPatch\AcGenral.dll 2008-07-31 03:32 173,056 ----a-w C:\Windows\AppPatch\AcXtrnal.dll 2008-07-29 12:46 --------- d-----w C:\ProgramData\comodo 2008-07-29 12:42 85,008 ----a-w C:\Windows\system32\drivers\cmdguard.sys 2008-07-29 12:42 25,104 ----a-w C:\Windows\system32\drivers\cmdhlp.sys 2008-07-29 12:42 143,104 ----a-w C:\Windows\System32\guard32.dll 2008-07-29 12:42 --------- d-----w C:\Users\Avalon\AppData\Roaming\Comodo 2008-07-29 12:42 --------- d-----w C:\Program Files\COMODO 2008-07-29 09:07 --------- d-----w C:\ProgramData\Symantec 2008-07-29 09:07 --------- d-----w C:\Program Files\Common Files\Symantec Shared 2008-07-29 08:05 --------- d-----w C:\Program Files\Alwil Software 2008-07-28 17:00 --------- d---a-w C:\ProgramData\TEMP 2008-07-19 05:10 53,448 ----a-w C:\Windows\System32\wuauclt.exe 2008-07-19 05:10 45,768 ----a-w C:\Windows\System32\wups2.dll 2008-07-19 05:10 36,552 ----a-w C:\Windows\System32\wups.dll 2008-07-19 05:09 563,912 ----a-w C:\Windows\System32\wuapi.dll 2008-07-19 05:09 1,811,656 ----a-w C:\Windows\System32\wuaueng.dll 2008-07-19 03:44 83,456 ----a-w C:\Windows\System32\wudriver.dll 2008-07-19 03:44 1,524,736 ----a-w C:\Windows\System32\wucltux.dll 2008-07-18 19:08 163,904 ----a-w C:\Windows\System32\wuwebv.dll 2008-07-18 17:44 31,232 ----a-w C:\Windows\System32\wuapp.exe 2008-07-17 17:26 0 ----a-r C:\logwmemory.bin 2008-07-16 01:32 2,048 ----a-w C:\Windows\System32\tzres.dll 2008-07-02 19:26 24,576 ----a-w C:\Windows\System32\VundoFixSVC.exe 2008-06-30 05:33 449,305 --sha-w C:\Windows\System32\uELlkRqr.ini2 2008-06-21 09:42 371 ----a-w C:\Program Files\stronghold.cfg 2008-05-23 21:52 174 --sha-w C:\Program Files\desktop.ini 2007-12-01 20:10 22,328 ----a-w C:\Users\Avalon\AppData\Roaming\PnkBstrK.sys 2007-07-23 09:39 2,775,032 ----a-w C:\Users\Avalon\AiRoboForm.exe 2007-05-21 13:20 270 ----a-w C:\Users\Avalon\AppData\Roaming\wklnhst.dat 2002-07-26 15:02 153,088 ----a-w C:\Program Files\UNWISE.EXE 2001-10-17 07:43 26,388,208 ----a-w C:\Program Files\unpack.exe 2001-10-17 07:29 41,245 ----a-w C:\Program Files\RegSetup.exe 2001-10-17 07:07 3,107,553 ----a-w C:\Program Files\stronghold.exe 2001-10-17 07:05 40 ----a-w C:\Program Files\pc.txt 2001-10-17 07:05 10 ----a-w C:\Program Files\pc.cfg 2001-10-04 13:17 578,048 ----a-w C:\Program Files\Stronghold Readme.doc 2001-10-04 07:27 60,678 ----a-w C:\Program Files\stronghold.mlb 2001-10-02 17:22 301,000 ----a-w C:\Program Files\sh.tex 2001-09-30 21:27 38,642 ----a-w C:\Program Files\jester.ani 2001-09-30 20:23 2,314 ----a-w C:\Program Files\hand.ani 2001-09-30 19:53 2,314 ----a-w C:\Program Files\sword.ani 2001-09-30 16:22 2,314 ----a-w C:\Program Files\delete.ani 2001-08-03 07:25 45,056 ----a-w C:\Program Files\pcchk.exe 2001-03-31 08:41 346,624 ----a-w C:\Program Files\Mss32.dll 2000-11-02 13:07 291,328 ----a-w C:\Program Files\binkw32.dll 2008-05-22 19:24 439,598 --sha-w C:\Windows\System32\BcKTAcfe.ini2 2008-05-21 22:35 441,423 --sha-w C:\Windows\System32\CLkUvyxx.ini2 2008-05-22 06:28 444,540 --sha-w C:\Windows\System32\Ruxbdccf.ini2 . (((((((((((((((((((((((((((((( Rekisterin käynnistyskohteet ))))))))))))))))))))))))))))))))))))))))))))) . . *Huom* Tyhjiä arvoja ja laillisia oletusarvoja ei näytetä REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Sidebar"="C:\Program Files\Windows Sidebar\sidebar.exe" [2008-01-19 1233920] "ehTray.exe"="C:\Windows\ehome\ehTray.exe" [2008-01-19 125952] "ISUSPM Startup"="C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\isuspm.exe" [2005-02-16 221184] "WMPNSCFG"="C:\Program Files\Windows Media Player\WMPNSCFG.exe" [2008-01-19 202240] "LaunchList"="C:\Program Files\Pinnacle\Studio 11\LaunchList2.exe" [2007-03-21 145496] "DAEMON Tools Lite"="C:\Program Files\DAEMON Tools Lite\daemon.exe" [2008-04-01 486856] "RoboForm"="C:\Program Files\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe" [2008-07-26 160592] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "CCUTRAYICON"="FactoryMode" [X] "hpsysdrv"="c:\hp\support\hpsysdrv.exe" [2006-09-28 65536] "KBD"="C:\HP\KBD\KbdStub.EXE" [2006-12-08 65536] "IAAnotif"="C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe" [2006-09-29 151552] "HP Software Update"="c:\Program Files\HP\HP Software Update\HPWuSchd2.exe" [2005-02-17 49152] "SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe" [2008-06-10 144784] "WPCUMI"="C:\Windows\system32\WpcUmi.exe" [2006-11-02 176128] "QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2007-04-27 282624] "USB2Check"="C:\Windows\system32\PCLECoInst.dll" [2007-01-23 81920] "USBToolTip"="C:\Program Files\Pinnacle\Shared Files\\Programs\USBTip\USBTip.exe" [2006-10-16 202312] "tsnp2std"="C:\Windows\tsnp2std.exe" [2006-11-29 258048] "snp2std"="C:\Windows\vsnp2std.exe" [2006-09-15 675840] "WinampAgent"="C:\Program Files\Winamp\winampa.exe" [2008-01-16 37376] "Symantec PIF AlertEng"="C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" [2008-01-29 583048] "NvSvc"="C:\Windows\system32\nvsvc.dll" [2007-12-11 86016] "NvCplDaemon"="C:\Windows\system32\NvCpl.dll" [2007-12-11 8530464] "NvMediaCenter"="C:\Windows\system32\NvMcTray.dll" [2007-12-11 81920] "Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 39792] "COMODO Firewall Pro"="C:\Program Files\COMODO\Firewall\cfp.exe" [2008-07-29 1655552] "GrooveMonitor"="C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe" [2006-10-27 31016] "RtHDVCpl"="RtHDVCpl.exe" [2007-07-06 C:\Windows\RtHDVCpl.exe] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce] "Launcher"="C:\Windows\SMINST\launcher.exe" [2006-11-24 44136] C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\ Adobe Gamma Loader.lnk - C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2007-06-19 113664] WinZip Quick Pick.lnk - C:\Program Files\WinZip\WZQKPICK.EXE [2008-04-03 415072] [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "EnableLUA"= 0 (0x0) "EnableUIADesktopToggle"= 0 (0x0) [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system] "LogonHoursAction"= 2 (0x2) "DontDisplayLogonHoursWarnings"= 1 (0x1) "NoSecCPL"= 0 (0x0) "NoDevMgrPage"= 0 (0x0) "NoConfigPage"= 0 (0x0) "NoVirtMemPage"= 0 (0x0) "NoFileSysPage"= 0 (0x0) "NoNetSetup"= 0 (0x0) "NoNetSetupIDPage"= 0 (0x0) "NoNetSetupSecurityPage"= 0 (0x0) "NoWorkgroupContents"= 0 (0x0) "NoEntireNetwork"= 0 (0x0) "NoFileSharingControl"= 0 (0x0) [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer] "RestrictRun"= 0 (0x0) [HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer] "NoLogOff"= 0 (0x0) "NoClose"= 0 (0x0) "NoSetFolders"= 0 (0x0) "NoFavoritesMenu"= 0 (0x0) [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32] "VIDC.MJPG"= Pvmjpg30.dll "VIDC.I420"= vdrcodec.dll [HKEY_LOCAL_MACHINE\software\microsoft\security center] "UacDisableNotify"=dword:00000001 "InternetSettingsDisableNotify"=dword:00000001 "AutoUpdateDisableNotify"=dword:00000001 [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring] "DisableMonitoring"=dword:00000001 [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus] "DisableMonitoring"=dword:00000001 [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall] "DisableMonitoring"=dword:00000001 [HKLM\~\services\sharedaccess\parameters\firewallpolicy\DomainProfile] "EnableFirewall"= 0 (0x0) [HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules] "{AC783BFB-9784-4AB3-B57E-19ABB19D3DE4}"= UDP:C:\Program Files\Intel\IntelDH\Intel Media Server\Media Server\bin\TSHWMDTCP.exe:SPCM "{9D92B514-9E16-46A2-AA6E-FE520FCEA473}"= TCP:C:\Program Files\Intel\IntelDH\Intel Media Server\Media Server\bin\TSHWMDTCP.exe:SPCM "{6D0B5BB1-E962-4513-B14B-F0D0E3ACDCBC}"= UDP:C:\Program Files\Intel\IntelDH\Intel Media Server\Media Server\bin\mediaserver.exe:Intel(R) Viiv(TM) Media Server "{9BA0DCC9-4784-474C-9F12-DF2CF4F456C8}"= TCP:C:\Program Files\Intel\IntelDH\Intel Media Server\Media Server\bin\mediaserver.exe:Intel(R) Viiv(TM) Media Server "{16780788-3755-4C98-B77C-1A44F28AEC61}"= UDP:C:\Program Files\Intel\IntelDH\Intel Media Server\Shells\Remote UI Service.exe:Intel(R) Remoting Service "{BDDD20FE-34CC-43B0-8D67-A954DA1ADF5E}"= TCP:C:\Program Files\Intel\IntelDH\Intel Media Server\Shells\Remote UI Service.exe:Intel(R) Remoting Service "{A848F00E-A2E3-4705-B3AC-D18B83F0A6D4}"= TCP:9442:127.0.0.1:Intel(R) Viiv(TM) Media Server Discovery "{9B92EFF0-F127-4E06-A89D-481C6E507278}"= TCP:1900:LocalSubnet:LocalSubnet:Intel(R) Viiv(TM) Media Server UPnP Discovery "{374546B5-DA19-47FC-BABE-0F72FE74A608}"= UDP:C:\Program Files\LimeWire\LimeWire.exe:LimeWire "{82C55B2A-620E-400F-BBBD-5E46FA28401B}"= TCP:C:\Program Files\LimeWire\LimeWire.exe:LimeWire "{EE53797D-C48A-483D-86AE-732414C08D22}"= UDP:C:\Program Files\Sonera Internet Tietoturva\backweb\4436233\Program\fspex.exe:Sonera Tietoturva "{C1D3DBD1-8843-425A-8A52-46679C80B22C}"= TCP:C:\Program Files\Sonera Internet Tietoturva\backweb\4436233\Program\fspex.exe:Sonera Tietoturva "{5542552A-4C82-4BEC-81C3-F10E40F7698E}"= UDP:C:\Program Files\Sonera Internet Tietoturva\backweb\4436233\Program\fspex.exe:Sonera Tietoturva "{33E5021F-F3B3-4BBE-A4C1-4BE1D28D2A4E}"= TCP:C:\Program Files\Sonera Internet Tietoturva\backweb\4436233\Program\fspex.exe:Sonera Tietoturva "{84BB10A3-D9E0-42CB-ADE2-F9AB8C7E872F}"= C:\Program Files\MSN Messenger\livecall.exe:Windows Live Messenger 8.1 (Phone) "{1CAA0642-EB75-4C3D-ACD9-974058D275A6}"= UDP:C:\Program Files\Pinnacle\Studio 10\programs\RM.exe:Render Manager "{9B69BD93-95BE-4BDD-BC20-E148FBC1A93B}"= TCP:C:\Program Files\Pinnacle\Studio 10\programs\RM.exe:Render Manager "{7EE837E0-AF69-43F6-BBFB-3FB4B58F4C59}"= UDP:C:\Program Files\Pinnacle\Studio 10\programs\Studio.exe:Studio "{434E17F8-773A-4A39-ADBB-C4F5648B99D6}"= TCP:C:\Program Files\Pinnacle\Studio 10\programs\Studio.exe:Studio "{8149118F-3BF3-4F29-8363-2D3A9368AFEF}"= UDP:C:\Program Files\Pinnacle\Studio 10\programs\PMSRegisterFile.exeMSRegisterFile "{6760CC92-AE8A-4776-9DA8-B3895F2741F8}"= TCP:C:\Program Files\Pinnacle\Studio 10\programs\PMSRegisterFile.exeMSRegisterFile "{A01C3799-1030-4DFB-8738-DB154DDA8B43}"= UDP:C:\Program Files\Pinnacle\Studio 10\programs\umi.exe:umi "{918D2EC5-B161-4276-A90A-7CEAD2BCA95A}"= TCP:C:\Program Files\Pinnacle\Studio 10\programs\umi.exe:umi "{E8E23C8B-1717-4E5C-AF0D-F6AC2BCB53EE}"= UDP:C:\Program Files\Pinnacle\Studio 11\programs\RM.exe:Render Manager "{A372EA0D-5696-4738-8CE5-37834A2886F3}"= TCP:C:\Program Files\Pinnacle\Studio 11\programs\RM.exe:Render Manager "{BDD34889-18B1-44DB-B281-BF567946F625}"= UDP:C:\Program Files\Pinnacle\Studio 11\programs\Studio.exe:Studio "{D3D864E6-02C4-4610-869D-2F45BA8A15D4}"= TCP:C:\Program Files\Pinnacle\Studio 11\programs\Studio.exe:Studio "{6E026059-791A-410F-BD99-AFEEB5249E30}"= UDP:C:\Program Files\Pinnacle\Studio 11\programs\PMSRegisterFile.exeMSRegisterFile "{1B2F4AE3-C688-448F-969B-94729F6FD5C0}"= TCP:C:\Program Files\Pinnacle\Studio 11\programs\PMSRegisterFile.exeMSRegisterFile "{E7CE9977-ED1B-41AE-8464-8DCC386FD364}"= UDP:C:\Program Files\Pinnacle\Studio 11\programs\umi.exe:umi "{BA9CE60A-0B1D-4121-B5B7-3C8DC3F21131}"= TCP:C:\Program Files\Pinnacle\Studio 11\programs\umi.exe:umi "{C5B9B4D1-5F94-4B5E-B87A-0F6DABF9917A}"= UDP:C:\Windows\System32\PnkBstrA.exenkBstrA "{6DA01B61-53A3-4104-896B-D93E1905754F}"= TCP:C:\Windows\System32\PnkBstrA.exenkBstrA "{6F067481-E2E5-4213-AA75-6649B9090DC2}"= UDP:C:\Windows\System32\PnkBstrB.exenkBstrB "{FF3C9A3E-0186-4BBB-BCEF-F4984F7182E0}"= TCP:C:\Windows\System32\PnkBstrB.exenkBstrB "{4E0FF4D5-D9AB-4D3F-BD9B-9929638585D2}"= UDP:C:\Program Files\Atari\Neverwinter Nights 2\nwn2main.exe:Neverwinter Nights 2 Main "{FFD5989B-15F1-4478-8502-DC99E2372F01}"= TCP:C:\Program Files\Atari\Neverwinter Nights 2\nwn2main.exe:Neverwinter Nights 2 Main "{035D0292-0961-4F30-B1E1-4F764A0A1C25}"= UDP:C:\Program Files\Atari\Neverwinter Nights 2\nwn2main_amdxp.exe:Neverwinter Nights 2 AMD "{6B130783-AA9D-4D2E-A85F-A6A25FB0A146}"= TCP:C:\Program Files\Atari\Neverwinter Nights 2\nwn2main_amdxp.exe:Neverwinter Nights 2 AMD "{721237F7-AC81-4FA1-94C3-954C608CA851}"= UDP:C:\Program Files\Atari\Neverwinter Nights 2\nwupdate.exe:Neverwinter Nights 2 Updater "{B00FF4D7-84E4-406E-B148-0FEC7CF7BAA2}"= TCP:C:\Program Files\Atari\Neverwinter Nights 2\nwupdate.exe:Neverwinter Nights 2 Updater "{493AE4E2-7CEA-4675-AB45-9366BF5A41EB}"= UDP:C:\Program Files\Atari\Neverwinter Nights 2\nwn2server.exe:Neverwinter Nights 2 Server "{98DB4548-622A-4D64-B23A-FD0C5CF893D6}"= TCP:C:\Program Files\Atari\Neverwinter Nights 2\nwn2server.exe:Neverwinter Nights 2 Server "TCP Query User{25AD4D35-89EC-4F10-9F36-D267CD02BDF7}C:\\program files\\utorrent\\utorrent.exe"= UDP:C:\program files\utorrent\utorrent.exe:utorrent "UDP Query User{F752A60D-5633-4594-ABA3-A27F23294FC8}C:\\program files\\utorrent\\utorrent.exe"= TCP:C:\program files\utorrent\utorrent.exe:utorrent "TCP Query User{5BA96ADB-1CCD-4E1C-9070-1192659EAC19}C:\\program files\\world of warcraft\\backgrounddownloader.exe"= UDP:C:\program files\world of warcraft\backgrounddownloader.exe:Blizzard Downloader "UDP Query User{D3834100-9E7C-43C4-A5AC-F057F8B5182D}C:\\program files\\world of warcraft\\backgrounddownloader.exe"= TCP:C:\program files\world of warcraft\backgrounddownloader.exe:Blizzard Downloader "{0C252C38-7448-40A8-8B83-5BEBC504DB41}"= UDP:3724:Blizzard Downloader: 3724 "{B73C469E-5A02-4020-99E1-9B06BB3C7CF3}"= UDP:C:\Program Files\THQ\S.T.A.L.K.E.R. - Shadow of Chernobyl\bin\XR_3DA.exe:S.T.A.L.K.E.R. - Shadow of Chernobyl (CLI) "{FB93FCC0-A2DF-4CA7-AE09-14D2745C8FBD}"= TCP:C:\Program Files\THQ\S.T.A.L.K.E.R. - Shadow of Chernobyl\bin\XR_3DA.exe:S.T.A.L.K.E.R. - Shadow of Chernobyl (CLI) "{78470470-BC9E-4C36-8943-AE133EEE59E7}"= UDP:C:\Program Files\THQ\S.T.A.L.K.E.R. - Shadow of Chernobyl\bin\dedicated\XR_3DA.exe:S.T.A.L.K.E.R. - Shadow of Chernobyl (SRV) "{4348F2DD-E115-41C0-8F5E-4851ADD24F9A}"= TCP:C:\Program Files\THQ\S.T.A.L.K.E.R. - Shadow of Chernobyl\bin\dedicated\XR_3DA.exe:S.T.A.L.K.E.R. - Shadow of Chernobyl (SRV) "{E0C3C8E0-651E-4DED-95C6-F96D2E4067D8}"= UDP:C:\Program Files\Firaxis Games\Sid Meier's Civilization 4\Civilization4.exe:Sid Meier's Civilization 4 "{AEAC081C-DDEE-450E-86AC-60D7A1F1AC5C}"= TCP:C:\Program Files\Firaxis Games\Sid Meier's Civilization 4\Civilization4.exe:Sid Meier's Civilization 4 "{F51BC5BA-A52D-41CC-964B-80FE7F51F263}"= UDP:C:\Program Files\Firaxis Games\Sid Meier's Civilization 4\Warlords\Civ4Warlords.exe:Sid Meier's Civilization 4 Warlords "{8136108C-2367-42CF-8973-15FF37E343B7}"= TCP:C:\Program Files\Firaxis Games\Sid Meier's Civilization 4\Warlords\Civ4Warlords.exe:Sid Meier's Civilization 4 Warlords "{8B315F88-5A09-4379-B045-8ED63560037A}"= UDP:C:\Program Files\Firaxis Games\Sid Meier's Civilization 4\Warlords\Civ4Warlords_PitBoss.exe:Sid Meier's Civilization 4 Pitboss "{41B71C55-A89C-47D4-897B-F68AE7B6B549}"= TCP:C:\Program Files\Firaxis Games\Sid Meier's Civilization 4\Warlords\Civ4Warlords_PitBoss.exe:Sid Meier's Civilization 4 Pitboss "{3338D1C7-F81C-4EDA-AC81-B6DCFDFBCDA7}"= UDP:C:\Program Files\Firaxis Games\Sid Meier's Civilization 4\Beyond the Sword\Civ4BeyondSword.exe:Sid Meier's Civilization 4 Beyond the Sword "{610DDB40-0245-47F2-88D2-E0ECDCF63F05}"= TCP:C:\Program Files\Firaxis Games\Sid Meier's Civilization 4\Beyond the Sword\Civ4BeyondSword.exe:Sid Meier's Civilization 4 Beyond the Sword "{66DD63FB-FE30-4D92-A2CE-959593A34E2D}"= UDP:C:\Program Files\Firaxis Games\Sid Meier's Civilization 4\Beyond the Sword\Civ4BeyondSword_PitBoss.exe:Sid Meier's Civilization 4 Beyond the Sword Pitboss "{C847F843-6B65-4F8B-8DD1-3F38547AA80C}"= TCP:C:\Program Files\Firaxis Games\Sid Meier's Civilization 4\Beyond the Sword\Civ4BeyondSword_PitBoss.exe:Sid Meier's Civilization 4 Beyond the Sword Pitboss "TCP Query User{A21848E5-6E06-4E09-9A27-180305351962}C:\\program files\\zultrax p2p\\zultrax.exe"= UDP:C:\program files\zultrax p2p\zultrax.exe:Zultrax "UDP Query User{CC91A46A-8633-4614-8DA7-995E37B09335}C:\\program files\\zultrax p2p\\zultrax.exe"= TCP:C:\program files\zultrax p2p\zultrax.exe:Zultrax "{8F7DF763-EBC3-4D36-A8A7-28EC9B1842AD}"= UDP:C:\Program Files\THQ\Company of Heroes\RelicCOH.exe:Company of Heroes - Opposing Fronts "{9F20B8F1-316B-4750-B1F5-5ECBC1C01BDC}"= TCP:C:\Program Files\THQ\Company of Heroes\RelicCOH.exe:Company of Heroes - Opposing Fronts "{7D3B9868-B6D8-45A2-A5C5-AEEF09D6E09D}"= UDP:C:\Program Files\Electronic Arts\Medal of Honor Airborne\UnrealEngine3\Binaries\MOHA.exe:Medal of Honor Airborne "{81E6E26B-20DD-4354-8F7F-FB1910DE1DFD}"= TCP:C:\Program Files\Electronic Arts\Medal of Honor Airborne\UnrealEngine3\Binaries\MOHA.exe:Medal of Honor Airborne "{BFCF40F9-3704-458B-97C5-6BA410004ADD}"= UDP:C:\Program Files\Ubisoft\Assassin's Creed\AssassinsCreed_Dx9.exe:Assassin's Creed Dx9 "{BC3BD852-C501-4088-BC8F-AD86B947C9A0}"= TCP:C:\Program Files\Ubisoft\Assassin's Creed\AssassinsCreed_Dx9.exe:Assassin's Creed Dx9 "{C08E2135-ED97-4B96-B5D3-15633B584FD2}"= UDP:C:\Program Files\Ubisoft\Assassin's Creed\AssassinsCreed_Dx10.exe:Assassin's Creed Dx10 "{41335E25-4778-4A01-AD3D-94FF030EC1FC}"= TCP:C:\Program Files\Ubisoft\Assassin's Creed\AssassinsCreed_Dx10.exe:Assassin's Creed Dx10 "{4EA2C8F0-67AC-46CC-9CEC-22D4AEB897A5}"= UDP:C:\Program Files\Ubisoft\Assassin's Creed\AssassinsCreed_Launcher.exe:Assassin's Creed Update "{91FC1F91-225D-4FE5-8B86-FDFFCDB1F020}"= TCP:C:\Program Files\Ubisoft\Assassin's Creed\AssassinsCreed_Launcher.exe:Assassin's Creed Update "TCP Query User{0AA989D3-7457-4CFA-9BFA-1F816248A7A6}C:\\program files\\codemasters\\the lord of the rings online\\lotroclient.exe"= UDP:C:\program files\codemasters\the lord of the rings online\lotroclient.exe:lotroclient "UDP Query User{9AB2733B-3618-4179-9DFD-F8FDAC2A3863}C:\\program files\\codemasters\\the lord of the rings online\\lotroclient.exe"= TCP:C:\program files\codemasters\the lord of the rings online\lotroclient.exe:lotroclient "{E2C2C105-7D84-4893-945D-B2359667B3F8}"= UDP:C:\Program Files\Unreal Tournament 3\Binaries\UT3.exe:Unreal Tournament 3 "{53A19017-7C55-4671-87FC-1ED0713A2851}"= TCP:C:\Program Files\Unreal Tournament 3\Binaries\UT3.exe:Unreal Tournament 3 "{E2A8F84A-400C-4E60-8EB9-2FD0C7BC52C9}"= UDP:C:\Program Files\Mass Effect\Binaries\MassEffect.exe:Mass Effect Game "{617F09C9-B9FD-4085-ADDB-7F36806DC2E9}"= TCP:C:\Program Files\Mass Effect\Binaries\MassEffect.exe:Mass Effect Game "{AA701717-1182-467A-AA5A-DE19AD93520B}"= UDP:C:\Program Files\Mass Effect\MassEffectLauncher.exe:Mass Effect Launcher "{526CF224-9410-4DDA-BFA5-2E06ADC27D05}"= TCP:C:\Program Files\Mass Effect\MassEffectLauncher.exe:Mass Effect Launcher "{D0E6A01F-2951-470B-8674-190E00ACE3EC}"= UDP:C:\Program Files\Norton 360\MAINSTUB.EXE:Norton 360 "{44326FC5-3D1D-4189-93E6-2517734A4BED}"= TCP:C:\Program Files\Norton 360\MAINSTUB.EXE:Norton 360 "{E91D1C75-786A-4645-87D7-9E60EAF87723}"= Disabled:UDP:C:\Program Files\Sonera Internet Tietoturva\backweb\4436233\Program\fspex.exe:Sonera Tietoturva "{72BC294F-81C0-4F54-A54F-C1746A509158}"= Disabled:TCP:C:\Program Files\Sonera Internet Tietoturva\backweb\4436233\Program\fspex.exe:Sonera Tietoturva "{DD764C9D-1E46-4BFC-AC78-0198176B8A65}"= Disabled:UDP:C:\Program Files\Sonera Tietoturva\4436233\Program\fspex.exe:Sonera Tietoturva "{906DFEC6-2873-483A-B1C5-23C7CFB6CB49}"= Disabled:TCP:C:\Program Files\Sonera Tietoturva\4436233\Program\fspex.exe:Sonera Tietoturva "TCP Query User{2F735B36-E724-48F8-B706-37A96DA45DA1}C:\\soldat\\soldat.exe"= UDP:C:\soldat\soldat.exe:Soldat "UDP Query User{6A09E2F4-C0D3-40B8-9053-32E11DBCB32A}C:\\soldat\\soldat.exe"= TCP:C:\soldat\soldat.exe:Soldat "{3E69E9C8-650A-45BC-9D70-34BCB72A7D37}"= UDP:C:\Program Files\Ubisoft\Tom Clancy's Rainbow Six Vegas 2\Binaries\R6Vegas2_Game.exe:Tom Clancy's Rainbow Six Vegas 2 "{78D85C5D-13F4-447C-9C1B-A8F8C5B710B4}"= TCP:C:\Program Files\Ubisoft\Tom Clancy's Rainbow Six Vegas 2\Binaries\R6Vegas2_Game.exe:Tom Clancy's Rainbow Six Vegas 2 "{E1C19B81-2F9D-4588-8208-AE8A6CA8EAAE}"= UDP:C:\Program Files\Ubisoft\Tom Clancy's Rainbow Six Vegas 2\Binaries\R6Vegas2_Launcher.exe:Tom Clancy's Rainbow Six Vegas 2 Update "{FEBDB6C5-8F72-4EF9-9C99-5028A8EE198F}"= TCP:C:\Program Files\Ubisoft\Tom Clancy's Rainbow Six Vegas 2\Binaries\R6Vegas2_Launcher.exe:Tom Clancy's Rainbow Six Vegas 2 Update "{39825BF6-CC84-439C-8B11-496824E453B9}"= TCP:6004|C:\Program Files\Microsoft Office\Office12\outlook.exe:Microsoft Office Outlook "{E3BA1C35-8A44-4AF1-814D-4F103AB9731E}"= UDP:C:\Program Files\Microsoft Office\Office12\GROOVE.EXE:Microsoft Office Groove "{FF2242F6-3223-4BBD-81D2-9FA697C55004}"= TCP:C:\Program Files\Microsoft Office\Office12\GROOVE.EXE:Microsoft Office Groove "{2B6F3707-4FE3-4917-A931-8A10737BC772}"= UDP:C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote "{AC9D868D-FFAC-4CF8-A6D2-5B85342770EC}"= TCP:C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote "{722DF9BC-E8A7-4F99-AD69-5BB4AA31522F}"= UDP:C:\Program Files\EA GAMES\Battlefield 2\BF2.exe:Battlefield 2 "{108892B6-9699-4E54-A960-BDF5C4A60BDE}"= TCP:C:\Program Files\EA GAMES\Battlefield 2\BF2.exe:Battlefield 2 [HKLM\~\services\sharedaccess\parameters\firewallpolicy\PublicProfile] "EnableFirewall"= 0 (0x0) [HKLM\~\services\sharedaccess\parameters\firewallpolicy\StandardProfile] "EnableFirewall"= 0 (0x0) R1 aswSP;avast! Self Protection;C:\Windows\system32\drivers\aswSP.sys [2008-07-19 78416] R1 cmdGuard;COMODO Firewall Pro Sandbox Driver;C:\Windows\system32\DRIVERS\cmdguard.sys [2008-07-29 85008] R1 cmdHlp;COMODO Firewall Pro Helper Driver;C:\Windows\system32\DRIVERS\cmdhlp.sys [2008-07-29 25104] R2 aswFsBlk;aswFsBlk;C:\Windows\system32\DRIVERS\aswFsBlk.sys [2008-07-19 20560] R2 aswMonFlt;aswMonFlt;C:\Windows\system32\DRIVERS\aswMonFlt.sys [2008-07-19 51280] R2 DQLWinService;DQLWinService;C:\Program Files\Common Files\Intel\IntelDH\NMS\AdpPlugins\DQLWinService.exe [2006-09-03 208896] S2 IntelDHSvcConf;Intel DH Service;C:\Program Files\Intel\IntelDH\Intel Media Server\Tools\IntelDHSvcConf.exe [2006-05-10 29696] S3 atikmdag;atikmdag;C:\Windows\system32\DRIVERS\atikmdag.sys [2007-06-13 2600448] S3 SNP2STD;USB2.0 PC Camera (SNP2STD);C:\Windows\system32\DRIVERS\snp2sxp.sys [2007-03-02 12031744] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost] bthsvcs REG_MULTI_SZ BthServ [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{89f1a78f-06b0-11dc-b159-001a9210487c}] \shell\AutoRun\command - J:\autorun.exe [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{89f1a791-06b0-11dc-b159-001a9210487c}] \shell\AutoRun\command - K:\autorun.exe [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{89f1a793-06b0-11dc-b159-001a9210487c}] \shell\AutoRun\command - L:\autorun.exe [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{89f1a795-06b0-11dc-b159-001a9210487c}] \shell\AutoRun\command - M:\autorun.exe [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{ef33611a-d482-11db-8ad8-806e6f6e6963}] \shell\AutoRun\command - E:\Autorun.exe . - - - - POISTETUT JÄMÄRIVIT - - - - BHO-{82B026D9-BEEF-4181-9035-391D9793EEE5} - (no file) BHO-{891f36f0-3930-45ca-8e70-241a57196175} - (no file) HKCU-Run-MSSMSGS - winwrv32.rom HKLM-Run-RegistryMechanic - (no file) ShellExecuteHooks-{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - (no file) . ------- Täydentävä tarkistus ------- . FireFox -: Profile - C:\Users\Avalon\AppData\Roaming\Mozilla\Firefox\Profiles\xplhae44.default\ FireFox -: prefs.js - STARTUP.HOMEPAGE - chrome://speeddial/content/speeddial.xul FF -: plugin - C:\Program Files\DivX\DivX Content Uploader\npUpload.dll . ************************************************************************** catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2008-09-28 18:54:45 Windows 6.0.6001 Service Pack 1 NTFS tarkistaa piilotettuja prosesseja ... tarkistaa piilotettuja käynnistysarvoja ... tarkistaa piilotettuja tiedostoja ... tarkistus on valmis piilotetut tiedostot: 0 ************************************************************************** . Valmistumisajankohta: 2008-09-28 18:57:51 ComboFix-quarantined-files.txt 2008-09-28 15:57:42 Ennen ajoa: 40,587,501,568 tavua vapaana Ajon jälkeen: 40,551,854,080 tavua vapaana 381 --- E O F --- 2008-09-26 12:25:14
