r16 ha scritto:No Fleccer , dobbiamo levarci di torno anche quelle dll.
Fa un'altra scansione con
Combofix, e mi
posti il log.
Non ti preoccupare che le eliminiamo. I Troyan, li abbiamo presi per il collo, basta solo stringere un pò.......
In teoria, avendo visto il log di Malwarebyte, non dovresti più averle quelle dll.
Controlla se ci sono ancora. Se ci sono, prova a eliminarle in
Modalità Provvisoria.
Guarda cosa ti ha levato Malwarebyte:File infetti:
3764Fai un'altra scansione ancora con Malwarebyte, al termine,
RIAVVIA IL PC.( Postami il log)
Onestamente, non ho mai visto una cosa del genere.
*********************************************************************************************************
Scarica questo antispyware, c'è anche la guida:
http://www.aiutaamici.com/software?ID=11397Questo antispyware, e Malwarebyte,
TIENILI INSTALLATI che sono ottimi programmi.
Ricordati solo di
AGGIORNARLI,prima di eseguire le scansioni.
Postami il log anche di questa scansione.
Fatto. Però non sono riuscito ad eliminare ykjfaxuy.dll , e oewrmyla.dll, nemmeno in modalità provvioria. Ad ogni modo pare che il pc sia migliorato parecchio.
Comunque ti posto il risultato della scansioni con ComboFix e Malwarebyte, e naturalmente ti ringrazio per l'aiuto che è stato prezioso.
ComboFix 08-09-26.01 - Administrator 2008-09-27 17.48.56.4 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.874.1.1033.18.557 [GMT 7:00]
Running from: C:\Documents and Settings\Administrator.MICROSOF-3C5AAB\Desktop\ComboFix.exe
* Created a new restore point
WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\Program Files\Messenger\msgmr.dll
C:\WINDOWS\AppPatch\AcSpecf.sdb
C:\WINDOWS\AppPatch\AcXtrnel.sdb
C:\WINDOWS\Fonts\Framdee.ttf
C:\WINDOWS\system32\8566F82E.cfg
C:\WINDOWS\system32\8566F82E.dll
C:\WINDOWS\system32\HBCHIBI.dll
C:\WINDOWS\system32\HBFY.dll
C:\WINDOWS\system32\HBQQFFO.dll
C:\WINDOWS\system32\HBQQSG.dll
C:\WINDOWS\system32\HBSO2.dll
C:\WINDOWS\system32\mshta.dll
C:\WINDOWS\system32\Update.dat
C:\WINDOWS\temp\wmsetup.dll
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
-------\Legacy_HBKERNEL32
((((((((((((((((((((((((( Files Created from 2008-08-27 to 2008-09-27 )))))))))))))))))))))))))))))))
.
2008-09-27 14:48 . 2008-09-27 14:48 <DIR> d-------- C:\Casino
2008-09-27 11:47 . 2008-09-27 11:51 <DIR> d-------- C:\Program Files\Malwarebytes' Anti-Malware
2008-09-27 11:47 . 2008-09-27 11:47 <DIR> d-------- C:\Documents and Settings\All Users.WINDOWS\Application Data\Malwarebytes
2008-09-27 11:47 . 2008-09-27 11:47 <DIR> d-------- C:\Documents and Settings\Administrator.MICROSOF-3C5AAB\Application Data\Malwarebytes
2008-09-27 11:47 . 2008-09-10 00:04 38,528 --a------ C:\WINDOWS\system32\drivers\mbamswissarmy.sys
2008-09-27 11:47 . 2008-09-10 00:03 17,200 --a------ C:\WINDOWS\system32\drivers\mbam.sys
2008-09-27 11:33 . 2008-09-27 11:33 <DIR> d-------- C:\Program Files\CCleaner
2008-09-26 12:48 . 2008-09-26 12:48 <DIR> d-------- C:\Program Files\Trend Micro
2008-09-25 22:48 . 2008-09-25 01:57 24,576 --a------ C:\WINDOWS\system32\C8.tmp
2008-09-25 22:48 . 2008-09-25 01:57 16,384 --a------ C:\WINDOWS\system32\C4.tmp
2008-09-25 22:48 . 2008-09-25 01:57 15,360 --a------ C:\WINDOWS\system32\C6.tmp
2008-09-25 22:48 . 2008-09-25 01:57 14,848 --a------ C:\WINDOWS\system32\C2.tmp
2008-09-25 22:47 . 2008-09-25 22:47 5,504 --a------ C:\WINDOWS\system32\c56bcc1.sys
2008-09-25 01:50 . 2008-09-25 00:28 24,576 --a------ C:\WINDOWS\system32\B8.tmp
2008-09-25 01:50 . 2008-09-25 01:20 16,384 --a------ C:\WINDOWS\system32\B3.tmp
2008-09-25 01:50 . 2008-09-25 01:20 15,360 --a------ C:\WINDOWS\system32\B5.tmp
2008-09-25 01:50 . 2008-09-25 01:20 14,848 --a------ C:\WINDOWS\system32\B0.tmp
2008-09-25 01:49 . 2008-09-25 01:18 19,968 --a------ C:\WINDOWS\system32\AC.tmp
2008-09-25 01:15 . 2008-09-27 10:23 52,909 ---hs---- C:\WINDOWS\855731CQWZ.exe
2008-09-25 01:15 . 2008-09-27 17:52 50,666 --ahs---- C:\WINDOWS\855731CQWZ.DLL
2008-09-24 13:51 . 2008-09-24 13:51 2,312,852 --a------ C:\WINDOWS\system32\yevjgcnq.dll
2008-09-24 13:51 . 2008-09-24 13:51 148 --a------ C:\WINDOWS\system32\yevjgcnq.nls
2008-09-24 11:13 . 2008-09-22 14:17 24,576 --a------ C:\WINDOWS\system32\9C.tmp
2008-09-24 11:13 . 2008-09-22 13:37 16,384 --a------ C:\WINDOWS\system32\98.tmp
2008-09-24 11:13 . 2008-09-22 13:36 15,360 --a------ C:\WINDOWS\system32\9A.tmp
2008-09-24 11:12 . 2008-09-23 23:10 19,968 --a------ C:\WINDOWS\system32\93.tmp
2008-09-24 11:12 . 2008-09-22 14:16 14,848 --a------ C:\WINDOWS\system32\96.tmp
2008-09-24 11:11 . 2008-09-24 11:11 2,149,012 --a------ C:\WINDOWS\system32\jmwtgpsg.dll
2008-09-24 11:11 . 2008-09-27 11:22 47,409 --a------ C:\WINDOWS\855731WL.DLL
2008-09-24 11:11 . 2008-09-26 13:12 28,672 --a------ C:\WINDOWS\system32\mircos.dll
2008-09-24 11:11 . 2008-09-26 13:12 10,752 --a------ C:\WINDOWS\system32\mircosk.exe
2008-09-24 11:11 . 2008-09-24 11:11 148 --a------ C:\WINDOWS\system32\jmwtgpsg.nls
2008-09-23 23:42 . 2008-09-23 23:42 148 --a------ C:\WINDOWS\system32\ymnfxhox.nls
2008-09-23 23:11 . 2008-09-23 23:11 2,513,556 --a------ C:\WINDOWS\system32\etyvxgef.dll
2008-09-23 23:11 . 2008-09-23 23:11 148 --a------ C:\WINDOWS\system32\etyvxgef.nls
2008-09-23 23:10 . 2008-09-23 23:10 2,296,608 --a------ C:\WINDOWS\system32\hoptnjni.dll
2008-09-23 23:10 . 2008-09-23 23:10 288 --a------ C:\WINDOWS\system32\hoptnjni.nls
2008-09-23 23:08 . 2008-09-23 23:08 <DIR> d-------- C:\Program Files\Lavalys
2008-09-23 22:51 . 2008-09-23 22:59 <DIR> d-------- C:\Program Files\Prime95
2008-09-23 22:32 . 2008-09-23 22:32 <DIR> d-------- C:\Documents and Settings\Administrator.MICROSOF-3C5AAB\Application Data\AdobeUM
2008-09-22 23:22 . 2008-09-22 23:22 2,614,700 --a------ C:\WINDOWS\system32\ykyuxmyj.dll
2008-09-22 23:22 . 2008-09-22 23:22 2,193,324 --a------ C:\WINDOWS\system32\lzcegndy.dll
2008-09-22 23:22 . 2008-09-22 23:22 428 --a------ C:\WINDOWS\system32\ykyuxmyj.nls
2008-09-22 23:22 . 2008-09-22 23:22 428 --a------ C:\WINDOWS\system32\lzcegndy.nls
2008-09-22 23:21 . 2008-09-22 23:21 2,383,648 --a------ C:\WINDOWS\system32\ykjfaxuy.dll
2008-09-22 23:21 . 2008-09-25 00:27 33,409 ---hs---- C:\WINDOWS\855731M.exe
2008-09-22 23:21 . 2008-09-22 23:21 288 --a------ C:\WINDOWS\system32\ykjfaxuy.nls
2008-09-22 23:20 . 2008-09-25 01:57 28,672 --a------ C:\WINDOWS\system32\zosdof.dll
2008-09-22 23:20 . 2008-09-23 21:26 14,336 --a------ C:\WINDOWS\system32\zosdofk.exe
2008-09-22 23:20 . 2008-09-22 23:20 148 --a------ C:\WINDOWS\system32\howvbidb.nls
2008-09-22 14:36 . 2008-09-22 14:36 <DIR> d-------- C:\Program Files\YourWare Solutions
2008-09-22 13:36 . 2008-09-22 13:36 2,272,684 --a------ C:\WINDOWS\system32\ybnpiahg.dll
2008-09-22 13:36 . 2008-09-22 13:36 428 --a------ C:\WINDOWS\system32\ybnpiahg.nls
2008-09-22 13:36 . 2008-09-22 13:36 288 --a------ C:\WINDOWS\system32\oewrmyla.nls
2008-09-22 13:35 . 2008-09-22 13:35 2,609,580 --a------ C:\WINDOWS\system32\neicxjzh.dll
2008-09-22 13:35 . 2008-09-22 13:35 2,518,444 --a------ C:\WINDOWS\system32\hcalrkfe.dll
2008-09-22 13:35 . 2008-09-22 13:35 2,175,916 --a------ C:\WINDOWS\system32\kicxkrmb.dll
2008-09-22 13:35 . 2008-09-22 13:35 428 --a------ C:\WINDOWS\system32\rscjhdcn.nls
2008-09-22 13:35 . 2008-09-22 13:35 428 --a------ C:\WINDOWS\system32\neicxjzh.nls
2008-09-22 13:35 . 2008-09-22 13:35 428 --a------ C:\WINDOWS\system32\kicxkrmb.nls
2008-09-22 13:35 . 2008-09-22 13:35 428 --a------ C:\WINDOWS\system32\hcalrkfe.nls
2008-09-22 13:34 . 2008-09-22 13:34 2,385,324 --a------ C:\WINDOWS\system32\zoaycemx.dll
2008-09-22 13:34 . 2008-09-22 23:21 28,672 --a------ C:\WINDOWS\system32\stepps.dll
2008-09-22 13:34 . 2008-09-22 13:34 428 --a------ C:\WINDOWS\system32\zoaycemx.nls
2008-09-22 13:34 . 2008-09-22 13:34 428 --a------ C:\WINDOWS\system32\mkhoncbt.nls
2008-09-22 13:34 . 2008-09-22 13:34 288 --a------ C:\WINDOWS\system32\wxjseuop.nls
2008-09-22 13:34 . 2008-09-22 13:34 288 --a------ C:\WINDOWS\system32\ndtwiuvw.nls
2008-09-22 13:33 . 2008-09-22 13:33 2,539,808 --a------ C:\WINDOWS\system32\pnjggifd.dll
2008-09-22 13:33 . 2008-09-22 13:33 288 --a------ C:\WINDOWS\system32\pnjggifd.nls
2008-09-22 13:33 . 2008-09-22 13:33 148 --a------ C:\WINDOWS\system32\jenpdifv.nls
2008-09-21 23:56 . 2008-09-21 23:56 288 --a------ C:\WINDOWS\system32\xgpjhtww.nls
2008-09-21 10:43 . 2008-09-21 10:43 428 --a------ C:\WINDOWS\system32\yxqywewt.nls
2008-09-21 10:43 . 2008-09-21 10:43 428 --a------ C:\WINDOWS\system32\ufdmjgub.nls
2008-09-21 10:43 . 2008-09-21 10:43 428 --a------ C:\WINDOWS\system32\avkkpmdq.nls
2008-09-21 10:43 . 2008-09-21 10:43 428 --a------ C:\WINDOWS\system32\ahvxsqct.nls
2008-09-21 10:42 . 2008-09-21 10:42 428 --a------ C:\WINDOWS\system32\gpdzobyi.nls
2008-09-21 10:41 . 2008-09-21 10:41 288 --a------ C:\WINDOWS\system32\pftcsqon.nls
2008-09-20 20:36 . 2008-09-20 20:36 428 --a------ C:\WINDOWS\system32\csrhmtes.nls
2008-09-20 16:35 . 2008-09-20 16:35 288 --a------ C:\WINDOWS\system32\hmgoqcgx.nls
2008-09-20 00:37 . 2008-09-20 00:37 428 --a------ C:\WINDOWS\system32\ejbmybpy.nls
2008-09-20 00:36 . 2008-09-20 00:36 428 --a------ C:\WINDOWS\system32\nwoczeqb.nls
2008-09-20 00:35 . 2008-09-20 00:35 428 --a------ C:\WINDOWS\system32\cnxpmvoz.nls
2008-09-20 00:34 . 2008-09-20 00:34 428 --a------ C:\WINDOWS\system32\ofqyjdxx.nls
2008-09-20 00:34 . 2008-09-20 00:34 148 --a------ C:\WINDOWS\system32\byxuuiby.nls
2008-09-19 22:50 . 2008-09-19 22:50 148 --a------ C:\WINDOWS\system32\azbchxdr.nls
2008-09-19 16:32 . 2008-09-19 16:32 428 --a------ C:\WINDOWS\system32\kycdldgx.nls
2008-09-19 16:31 . 2008-09-19 16:31 428 --a------ C:\WINDOWS\system32\gwljefkb.nls
2008-09-16 13:24 . 2008-09-16 13:24 <DIR> d-------- C:\Documents and Settings\Administrator.MICROSOF-3C5AAB\Application Data\vlc
2008-09-16 12:42 . 2008-09-16 12:42 <DIR> d-------- C:\Documents and Settings\Administrator.MICROSOF-3C5AAB\Application Data\Apple Computer
2008-09-16 12:41 . 2008-09-16 12:41 <DIR> d-------- C:\Program Files\iTunes
2008-09-16 12:41 . 2008-09-16 12:41 <DIR> d-------- C:\Program Files\iPod
2008-09-16 12:41 . 2008-09-16 12:41 <DIR> d-------- C:\Program Files\Bonjour
2008-09-16 12:41 . 2008-09-16 12:41 <DIR> d-------- C:\Documents and Settings\All Users.WINDOWS\Application Data\{3276BE95_AF08_429F_A64F_CA64CB79BCF6}
2008-09-16 12:41 . 2008-04-17 13:12 107,368 --a------ C:\WINDOWS\system32\GEARAspi.dll
2008-09-16 12:41 . 2008-04-17 13:12 15,464 --a------ C:\WINDOWS\system32\drivers\GEARAspiWDM.sys
2008-09-16 12:40 . 2008-09-16 12:41 <DIR> d----c--- C:\WINDOWS\system32\DRVSTORE
2008-09-16 12:40 . 2008-09-16 12:41 <DIR> d-------- C:\Program Files\QuickTime
2008-09-16 12:40 . 2008-09-16 12:40 <DIR> d-------- C:\Program Files\Apple Software Update
2008-09-16 12:40 . 2008-09-16 12:40 <DIR> d-------- C:\Documents and Settings\All Users.WINDOWS\Application Data\Apple Computer
2008-09-16 12:39 . 2008-09-16 12:39 <DIR> d-------- C:\Program Files\Common Files\Apple
2008-09-16 12:39 . 2008-09-16 12:39 <DIR> d-------- C:\Documents and Settings\All Users.WINDOWS\Application Data\Apple
2008-09-15 20:39 . 2008-09-15 20:39 20 --ahs---- C:\ntuser.ini
2008-09-14 17:47 . 2008-09-25 21:31 <DIR> d-------- C:\QUARANTENA_VIRIT
2008-09-14 17:42 . 2008-09-26 14:04 <DIR> d-------- C:\VEXPLITE
2008-09-14 17:42 . 2008-09-25 01:47 40,960 --a------ C:\WINDOWS\system32\drivers\VIRAGTLT.SYS
2008-09-14 12:25 . 2008-09-14 12:25 288 --a------ C:\WINDOWS\system32\afuzbsfz.nls
2008-09-14 01:01 . 2008-09-14 01:01 288 --a------ C:\WINDOWS\system32\raclayaf.nls
2008-09-13 18:34 . 2008-09-13 18:34 428 --a------ C:\WINDOWS\system32\nwapi32dj.nls
2008-09-13 16:51 . 2008-09-13 16:51 148 --a------ C:\WINDOWS\system32\twainyy.nls
2008-09-13 16:49 . 2008-09-13 16:49 288 --a------ C:\WINDOWS\system32\qjuzwvjw.nls
2008-09-11 12:44 . 2008-09-24 17:33 116 --a------ C:\WINDOWS\NeroDigital.ini
2008-09-11 12:33 . 2008-09-14 12:11 <DIR> d-------- C:\Program Files\a-squared Free
2008-09-11 12:07 . 2004-07-26 16:16 1,568,768 --------- C:\WINDOWS\system32\ImagX7.dll
2008-09-11 12:07 . 2004-07-26 16:16 476,320 --------- C:\WINDOWS\system32\ImagXpr7.dll
2008-09-11 12:07 . 2004-07-26 16:16 471,040 --------- C:\WINDOWS\system32\ImagXRA7.dll
2008-09-11 12:07 . 2004-07-09 08:43 364,544 --------- C:\WINDOWS\system32\TwnLib4.dll
2008-09-11 12:07 . 2004-07-26 16:16 262,144 --------- C:\WINDOWS\system32\ImagXR7.dll
2008-09-11 12:07 . 2000-06-26 10:45 106,496 --a------ C:\WINDOWS\system32\TwnLib20.dll
2008-09-11 12:06 . 2001-07-09 10:50 155,648 --a------ C:\WINDOWS\system32\NeroCheck.exe
2008-09-11 12:05 . 2005-04-20 18:32 2,916,352 --------- C:\WINDOWS\UNNMP.exe
2008-09-11 12:05 . 2006-03-22 18:55 47,867 --------- C:\WINDOWS\UNNMP.cfg
2008-09-09 23:12 . 2008-09-11 10:36 <DIR> d-------- C:\Documents and Settings\Administrator.MICROSOF-3C5AAB\Application Data\skypePM
2008-09-09 23:12 . 2008-09-09 23:12 32 --a------ C:\Documents and Settings\All Users.WINDOWS\Application Data\ezsid.dat
2008-09-09 23:10 . 2008-09-11 11:45 <DIR> d-------- C:\Program Files\Skype
2008-09-09 23:10 . 2008-09-11 11:45 <DIR> d-------- C:\Documents and Settings\Administrator.MICROSOF-3C5AAB\Application Data\Skype
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-09-26 05:12 --------- d-----w C:\Program Files\Common Files\Network Associates
2008-09-24 15:25 27,136 ----a-w C:\WINDOWS\AppPatch\AcPlugin.dll
2008-09-06 05:40 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-09-01 07:21 --------- d-----w C:\Program Files\Common Files\InstallShield
2008-09-01 05:58 --------- d-----w C:\Program Files\Creative
2008-09-01 05:57 --------- d-----w C:\Documents and Settings\Administrator\Application Data\Creative
2008-09-01 05:53 --------- d-----w C:\Program Files\Microsoft ActiveSync
2008-09-01 05:51 --------- d-----w C:\Program Files\Common Files\L&H
2008-09-01 05:35 --------- d-----w C:\Program Files\Common Files\Cisco Systems
2008-09-01 05:32 --------- d-----w C:\Program Files\MSN Messenger
2008-09-01 05:25 --------- d-----w C:\Program Files\microsoft frontpage
.
(((((((((((((((((((((((((((((
snapshot@2008-09-26_12.46.34.47 )))))))))))))))))))))))))))))))))))))))))
.
- 2008-09-26 05:39:29 274,432 ----a-w C:\WINDOWS\system32\config\systemprofile\ntuser.dat
+ 2008-09-27 10:48:50 274,432 ----a-w C:\WINDOWS\system32\config\systemprofile\ntuser.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-05-19 14336]
"FreeRAM XP"="C:\Program Files\YourWare Solutions\FreeRAM XP Pro\FreeRAM XP Pro.exe" [2006-03-23 1591808]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="NvQTwk" [X]
"IMJPMIG8.1"="C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" [2004-05-18 208952]
"PHIME2002ASync"="C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-05-18 455168]
"PHIME2002A"="C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-05-18 455168]
"CoolSwitch"="C:\WINDOWS\system32\taskswitch.exe" [2002-03-19 45632]
"DisplayTrayIcon"="C:\WINDOWS\system32\TrayIcon.exe" [2001-10-18 147456]
"WinWZSys"="C:\WINDOWS\855731CQWZ.exe" [2008-09-27 52909]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-05-19 14336]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"UseDesktopIniCache"= 1 (0x1)
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{D1CC9DC6-F0BC-40fc-9552-E497B05E05B8}"= "C:\WINDOWS\system32\ykjfaxuy.dll" [2008-09-22 2383648]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
"ykjfaxuy.dll"= {D1CC9DC6-F0BC-40fc-9552-E497B05E05B8} - C:\WINDOWS\system32\ykjfaxuy.dll [2008-09-22 2383648]
[HKLM\~\startupfolder\C:^Documents and Settings^All Users.WINDOWS^Start Menu^Programs^Startup^IDW Logging Tool.lnk]
path=C:\Documents and Settings\All Users.WINDOWS\Start Menu\Programs\Startup\IDW Logging Tool.lnk
backup=C:\WINDOWS\pss\IDW Logging Tool.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^All Users.WINDOWS^Start Menu^Programs^Startup^Microsoft Office.lnk]
path=C:\Documents and Settings\All Users.WINDOWS\Start Menu\Programs\Startup\Microsoft Office.lnk
backup=C:\WINDOWS\pss\Microsoft Office.lnkCommon Startup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DevconDefaultDB]
C:\WINDOWS\READREG [X]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CTFMON.EXE]
--a------ 2004-05-19 00:18 14336 C:\WINDOWS\system32\ctfmon.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
--a------ 2008-09-10 17:40 289576 C:\Program Files\iTunes\iTunesHelper.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
--------- 2004-05-19 01:29 1667584 C:\Program Files\Messenger\msmsgs.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MsnMsgr]
--a------ 2004-04-18 22:45 4882432 C:\Program Files\MSN Messenger\msnmsgr.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
--a------ 2001-07-09 10:50 155648 C:\WINDOWS\system32\NeroCheck.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
--a------ 2008-09-06 15:09 413696 C:\Program Files\QuickTime\QTTask.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VIRIT LITE MONITOR]
--a------ 2008-09-25 01:47 249856 C:\VEXPLITE\MONLITE.EXE
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinWZSys]
---hs---- 2008-09-27 10:23 52909 C:\WINDOWS\855731CQWZ.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CTHelper]
--a------ 2006-08-11 14:56 17920 C:\WINDOWS\CTHELPER.EXE
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CTxfiHlp]
--a------ 2006-08-11 14:56 18944 C:\WINDOWS\system32\CTXFIHLP.EXE
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\eMule\\emule.exe"=
"C:\\Program Files\\MSN Messenger\\msnmsgr.exe"=
"C:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"C:\\Program Files\\iTunes\\iTunes.exe"=
R0 VIRAGTLT;VIRAGTLT;C:\WINDOWS\system32\drivers\VIRAGTLT.SYS [2008-09-25 40960]
R1 hmonitor;hmonitor;C:\WINDOWS\system32\drivers\hmonitor.sys [2008-06-08 10536]
R2 viritsvclite;Virit eXplorer Lite;C:\VEXPLITE\viritsvc.exe [2008-09-25 57344]
S3 c56bcc1;c56bcc1;C:\WINDOWS\system32\c56bcc1.sys [2008-09-25 5504]
.
- - - - ORPHANS REMOVED - - - -
MSConfigStartUp-WinSysW - C:\WINDOWS\855731L.exe
.
------- Supplementary Scan -------
.
R0 -: HKCU-Main,Start Page = hxxp://www.msn.it/
R1 -: HKCU-Internet Settings,ProxyOverride = *.local
R1 -: HKCU-SearchURL,(Default) = hxxp://www.google.com/search?q=%s
O8 -: E&xport to Microsoft Excel - C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
.
**************************************************************************
catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer,
http://www.gmer.netRootkit scan 2008-09-27 17:52:08
Windows 5.1.2600 Service Pack 2, v.2135 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
C:\WINDOWS\linkinfo.dll 46592 bytes executable
C:\WINDOWS\system32\drivers\nvmini.sys 17152 bytes executable
C:\WINDOWS\system32\linkinfo.dll 18944 bytes executable
**************************************************************************
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\nvmini]
"ImagePath"="system32\DRIVERS\nvmini.sys"
.
------------------------ Other Running Processes ------------------------
.
C:\Program Files\a-squared Free\a2service.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\wscntfy.exe
.
**************************************************************************
.
Completion time: 2008-09-27 17:57:57 - machine was rebooted
ComboFix-quarantined-files.txt 2008-09-27 10:56:54
ComboFix2.txt 2008-09-26 17:39:55
ComboFix3.txt 2008-09-26 05:47:01
Pre-Run: 25.688.457.216 bytes free
Post-Run: 25,731,158,016 bytes free
276
Scansione con Malwarebytes' Malwarebytes' Anti-Malware 1.28
Versione del database: 1212
Windows 5.1.2600 Service Pack 2, v.2135
27/09/2008 18.48.01
mbam-log-2008-09-27 (18-48-01).txt
Tipo di scansione: Scansione completa (C:\|D:\|)
Elementi scansionati: 83699
Tempo trascorso: 25 minute(s), 47 second(s)
Processi delle memoria infetti: 0
Moduli della memoria infetti: 3
Chiavi di registro infette: 11
Valori di registro infetti: 6
Elementi dato del registro infetti: 0
Cartelle infette: 23
File infetti: 193
Processi delle memoria infetti:
(Nessun elemento malevolo rilevato)
Moduli della memoria infetti:
C:\WINDOWS\Downloaded Program Files\ThunderAdvise.dll (Trojan.BHO) -> Delete on reboot.
C:\WINDOWS\sysocmgr.dll (Spyware.OnlineGames) -> Delete on reboot.
C:\WINDOWS\system32\HBmhly.dll (Spyware.OnlineGames) -> Delete on reboot.
Chiavi di registro infette:
HKEY_CLASSES_ROOT\thunderadvise.thunderhlpobj (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\TypeLib\{6d4c7e08-e021-414c-a42d-ab15a2302196} (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{deef6582-9927-4cbd-897c-6a1f9e8c47de} (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{97421d0d-e07f-40df-8f07-99597b9585ad} (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{97421d0d-e07f-40df-8f07-99597b9585ad} (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\thunderadvise.thunderhlpobj.1 (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{da1de019-a6a8-ed40-4b87-248b2a93de99} (Spyware.OnlineGames) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{da191de0-aa86-4ed0-4b87-293d48b2ae99} (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\hbkernel32 (Backdoor.Bot) -> Delete on reboot.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\hbkernel32 (Backdoor.Bot) -> Delete on reboot.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\hbkernel32 (Backdoor.Bot) -> Delete on reboot.
Valori di registro infetti:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\thunderadvise (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\sysocmgr (Spyware.OnlineGames) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\msnmsg (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\3PMmUpdate (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\HBService32 (Trojan.Agent) -> Delete on reboot.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\winsysw (Spyware.OnlineGames) -> Quarantined and deleted successfully.
Elementi dato del registro infetti:
(Nessun elemento malevolo rilevato)
Cartelle infette:
C:\Casino (Adware.Casino) -> Not selected for removal.
C:\Casino\bet365casino (Adware.Casino) -> Not selected for removal.
C:\Casino\bet365casino\data (Adware.Casino) -> Not selected for removal.
C:\Casino\bet365casino\data\baccarat_ln (Adware.Casino) -> Not selected for removal.
C:\Casino\bet365casino\data\lobby (Adware.Casino) -> Not selected for removal.
C:\Casino\bet365casino\data\lobby\ln (Adware.Casino) -> Not selected for removal.
C:\Casino\bet365casino\data\lobby\login (Adware.Casino) -> Not selected for removal.
C:\Casino\bet365casino\data\lobby\menu (Adware.Casino) -> Not selected for removal.
C:\Casino\bet365casino\data\lobby\sounds (Adware.Casino) -> Not selected for removal.
C:\Casino\bet365casino\data\lobby\window_jackpot (Adware.Casino) -> Not selected for removal.
C:\Casino\bet365casino\data\roulette_ln (Adware.Casino) -> Not selected for removal.
C:\Casino\bet365casino\data\shared (Adware.Casino) -> Not selected for removal.
C:\Casino\bet365casino\data\shared\buttons (Adware.Casino) -> Not selected for removal.
C:\Casino\bet365casino\data\shared\fonts (Adware.Casino) -> Not selected for removal.
C:\Casino\bet365casino\data\shared\html (Adware.Casino) -> Not selected for removal.
C:\Casino\bet365casino\data\shared\html\chat (Adware.Casino) -> Not selected for removal.
C:\Casino\bet365casino\data\shared\html\chat\emoticons (Adware.Casino) -> Not selected for removal.
C:\Casino\bet365casino\data\shared\interface (Adware.Casino) -> Not selected for removal.
C:\Casino\bet365casino\data\shared\interface\chat (Adware.Casino) -> Not selected for removal.
C:\Casino\bet365casino\data\shared\interface\ui (Adware.Casino) -> Not selected for removal.
C:\Casino\bet365casino\data\shared\ln (Adware.Casino) -> Not selected for removal.
C:\Casino\bet365casino\data\shared\ui (Adware.Casino) -> Not selected for removal.
C:\Casino\bet365casino\data\sicbo_ln (Adware.Casino) -> Not selected for removal.
File infetti:
C:\WINDOWS\Downloaded Program Files\ThunderAdvise.dll (Trojan.BHO) -> Delete on reboot.
C:\WINDOWS\sysocmgr.dll (Spyware.OnlineGames) -> Delete on reboot.
C:\Program Files\Messenger\msgmr.dll (Trojan.Agent) -> Delete on reboot.
C:\Documents and Settings\Administrator.MICROSOF-3C5AAB\Local Settings\temp\wmsetup.dll (Trojan.Downloader) -> Delete on reboot.
C:\Documents and Settings\Administrator.MICROSOF-3C5AAB\Local Settings\Temporary Internet Files\Content.IE5\47YHAF2X\05[1].cab (Spyware.OnlineGames) -> Quarantined and deleted successfully.
C:\Documents and Settings\Administrator.MICROSOF-3C5AAB\Local Settings\Temporary Internet Files\Content.IE5\47YHAF2X\21[1].cab (Spyware.OnlineGames) -> Quarantined and deleted successfully.
C:\Documents and Settings\Administrator.MICROSOF-3C5AAB\Local Settings\Temporary Internet Files\Content.IE5\6789STCV\18[1].cab (Spyware.OnlineGames) -> Quarantined and deleted successfully.
C:\Documents and Settings\Administrator.MICROSOF-3C5AAB\Local Settings\Temporary Internet Files\Content.IE5\8T0ZOTC9\19[1].cab (Spyware.OnlineGames) -> Quarantined and deleted successfully.
C:\Documents and Settings\Administrator.MICROSOF-3C5AAB\Local Settings\Temporary Internet Files\Content.IE5\8T0ZOTC9\22[1].cab (Spyware.OnlineGames) -> Quarantined and deleted successfully.
C:\Documents and Settings\Administrator.MICROSOF-3C5AAB\Local Settings\Temporary Internet Files\Content.IE5\8T0ZOTC9\abb[1].gif (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Documents and Settings\Administrator.MICROSOF-3C5AAB\Local Settings\Temporary Internet Files\Content.IE5\YHI12LMN\20[1].cab (Spyware.OnlineGames) -> Quarantined and deleted successfully.
C:\Documents and Settings\NetworkService.NT AUTHORITY\Local Settings\Temporary Internet Files\Content.IE5\GHARO1IR\abb[1].gif (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\QooBox\Quarantine\C\WINDOWS\Temp\wmsetup.dll.vir (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\WINDOWS\temp\wmsetup.dll (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Casino\bet365casino\cactivex.dll (Adware.Casino) -> Not selected for removal.
C:\Casino\bet365casino\casino.exe (Adware.Casino) -> Not selected for removal.
C:\Casino\bet365casino\directsounddriver.dll (Adware.Casino) -> Not selected for removal.
C:\Casino\bet365casino\fileinfo.dat (Adware.Casino) -> Not selected for removal.
C:\Casino\bet365casino\fileinfo2.dat (Adware.Casino) -> Not selected for removal.
C:\Casino\bet365casino\fileinfo2r.dat (Adware.Casino) -> Not selected for removal.
C:\Casino\bet365casino\gdigraphdriver.dll (Adware.Casino) -> Not selected for removal.
C:\Casino\bet365casino\h264dec.dll (Adware.Casino) -> Not selected for removal.
C:\Casino\bet365casino\nvssd450.dll (Adware.Casino) -> Not selected for removal.
C:\Casino\bet365casino\ptsetup.lang (Adware.Casino) -> Not selected for removal.
C:\Casino\bet365casino\ptsetup.log (Adware.Casino) -> Not selected for removal.
C:\Casino\bet365casino\replace.exe (Adware.Casino) -> Not selected for removal.
C:\Casino\bet365casino\unicows.dll (Adware.Casino) -> Not selected for removal.
C:\Casino\bet365casino\_SetupCasino bet.exe (Adware.Casino) -> Not selected for removal.
C:\Casino\bet365casino\data\cashier.dll (Adware.Casino) -> Not selected for removal.
C:\Casino\bet365casino\data\cashier.gam (Adware.Casino) -> Not selected for removal.
C:\Casino\bet365casino\data\common.dll (Adware.Casino) -> Not selected for removal.
C:\Casino\bet365casino\data\common.gam (Adware.Casino) -> Not selected for removal.
C:\Casino\bet365casino\data\loader.dll (Adware.Casino) -> Not selected for removal.
C:\Casino\bet365casino\data\loader.gam (Adware.Casino) -> Not selected for removal.
C:\Casino\bet365casino\data\lobby.dll (Adware.Casino) -> Not selected for removal.
C:\Casino\bet365casino\data\lobby.gam (Adware.Casino) -> Not selected for removal.
C:\Casino\bet365casino\data\baccarat_ln\history_buttons.png (Adware.Casino) -> Not selected for removal.
C:\Casino\bet365casino\data\baccarat_ln\history_symbols.png (Adware.Casino) -> Not selected for removal.
C:\Casino\bet365casino\data\lobby\back.jpg (Adware.Casino) -> Not selected for removal.
C:\Casino\bet365casino\data\lobby\buttons-alpha.jpg (Adware.Casino) -> Not selected for removal.
C:\Casino\bet365casino\data\lobby\buttons.jpg (Adware.Casino) -> Not selected for removal.
C:\Casino\bet365casino\data\lobby\buttons2-alpha.jpg (Adware.Casino) -> Not selected for removal.
C:\Casino\bet365casino\data\lobby\buttons2.jpg (Adware.Casino) -> Not selected for removal.
C:\Casino\bet365casino\data\lobby\cashier-over.jpg (Adware.Casino) -> Not selected for removal.
C:\Casino\bet365casino\data\lobby\enter_the_name_of_the_group-alpha.jpg (Adware.Casino) -> Not selected for removal.
C:\Casino\bet365casino\data\lobby\enter_the_name_of_the_group.jpg (Adware.Casino) -> Not selected for removal.
C:\Casino\bet365casino\data\lobby\groupname-alpha.jpg (Adware.Casino) -> Not selected for removal.
C:\Casino\bet365casino\data\lobby\groupname.jpg (Adware.Casino) -> Not selected for removal.
C:\Casino\bet365casino\data\lobby\onlinestatus.jpg (Adware.Casino) -> Not selected for removal.
C:\Casino\bet365casino\data\lobby\play_for_real.jpg (Adware.Casino) -> Not selected for removal.
C:\Casino\bet365casino\data\lobby\ln\back.png (Adware.Casino) -> Not selected for removal.
C:\Casino\bet365casino\data\lobby\ln\checkbox.png (Adware.Casino) -> Not selected for removal.
C:\Casino\bet365casino\data\lobby\ln\close.png (Adware.Casino) -> Not selected for removal.
C:\Casino\bet365casino\data\lobby\ln\header_txt.png (Adware.Casino) -> Not selected for removal.
C:\Casino\bet365casino\data\lobby\ln\history_back.png (Adware.Casino) -> Not selected for removal.
C:\Casino\bet365casino\data\lobby\ln\icon_coin.png (Adware.Casino) -> Not selected for removal.
C:\Casino\bet365casino\data\lobby\ln\join.png (Adware.Casino) -> Not selected for removal.
C:\Casino\bet365casino\data\lobby\ln\loading.png (Adware.Casino) -> Not selected for removal.
C:\Casino\bet365casino\data\lobby\ln\tabletop_arrows.png (Adware.Casino) -> Not selected for removal.
C:\Casino\bet365casino\data\lobby\ln\tabletop_limits_button.png (Adware.Casino) -> Not selected for removal.
C:\Casino\bet365casino\data\lobby\ln\tabletop_limits_table.png (Adware.Casino) -> Not selected for removal.
C:\Casino\bet365casino\data\lobby\ln\tabletop_over.png (Adware.Casino) -> Not selected for removal.
C:\Casino\bet365casino\data\lobby\ln\tabletop_sep.png (Adware.Casino) -> Not selected for removal.
C:\Casino\bet365casino\data\lobby\ln\tabletop_txt.png (Adware.Casino) -> Not selected for removal.
C:\Casino\bet365casino\data\lobby\ln\table_back.png (Adware.Casino) -> Not selected for removal.
C:\Casino\bet365casino\data\lobby\ln\tabs.png (Adware.Casino) -> Not selected for removal.
C:\Casino\bet365casino\data\lobby\ln\waiting_list.png (Adware.Casino) -> Not selected for removal.
C:\Casino\bet365casino\data\lobby\ln\waiting_list_remove.png (Adware.Casino) -> Not selected for removal.
C:\Casino\bet365casino\data\lobby\login\back.jpg (Adware.Casino) -> Not selected for removal.
C:\Casino\bet365casino\data\lobby\login\background.jpg (Adware.Casino) -> Not selected for removal.
C:\Casino\bet365casino\data\lobby\login\buttons-alpha.jpg (Adware.Casino) -> Not selected for removal.
C:\Casino\bet365casino\data\lobby\login\buttons.jpg (Adware.Casino) -> Not selected for removal.
C:\Casino\bet365casino\data\lobby\login\forgot-alpha.jpg (Adware.Casino) -> Not selected for removal.
C:\Casino\bet365casino\data\lobby\login\forgot.jpg (Adware.Casino) -> Not selected for removal.
C:\Casino\bet365casino\data\lobby\login\play_for_fun.jpg (Adware.Casino) -> Not selected for removal.
C:\Casino\bet365casino\data\lobby\login\play_for_real.jpg (Adware.Casino) -> Not selected for removal.
C:\Casino\bet365casino\data\lobby\login\remember_password-alpha.jpg (Adware.Casino) -> Not selected for removal.
C:\Casino\bet365casino\data\lobby\login\remember_password.jpg (Adware.Casino) -> Not selected for removal.
C:\Casino\bet365casino\data\lobby\login\textbox-alpha.jpg (Adware.Casino) -> Not selected for removal.
C:\Casino\bet365casino\data\lobby\login\textbox.jpg (Adware.Casino) -> Not selected for removal.
C:\Casino\bet365casino\data\lobby\login\uppertext-alpha.jpg (Adware.Casino) -> Not selected for removal.
C:\Casino\bet365casino\data\lobby\login\uppertext.jpg (Adware.Casino) -> Not selected for removal.
C:\Casino\bet365casino\data\lobby\menu\gamebutton-alpha.jpg (Adware.Casino) -> Not selected for removal.
C:\Casino\bet365casino\data\lobby\menu\gamebutton_default-over.jpg (Adware.Casino) -> Not selected for removal.
C:\Casino\bet365casino\data\lobby\menu\gamebutton_default.jpg (Adware.Casino) -> Not selected for removal.
C:\Casino\bet365casino\data\lobby\menu\gamebutton_info.png (Adware.Casino) -> Not selected for removal.
C:\Casino\bet365casino\data\lobby\menu\gamebutton_root-alpha.jpg (Adware.Casino) -> Not selected for removal.
C:\Casino\bet365casino\data\lobby\menu\gamebutton_root.jpg (Adware.Casino) -> Not selected for removal.
C:\Casino\bet365casino\data\lobby\menu\gamebutton_slots.jpg (Adware.Casino) -> Not selected for removal.
C:\Casino\bet365casino\data\lobby\menu\gamebutton_special-over.jpg (Adware.Casino) -> Not selected for removal.
C:\Casino\bet365casino\data\lobby\menu\gamebutton_special.jpg (Adware.Casino) -> Not selected for removal.
C:\Casino\bet365casino\data\lobby\menu\gamebutton_text-over.jpg (Adware.Casino) -> Not selected for removal.
C:\Casino\bet365casino\data\lobby\menu\gamebutton_text.jpg (Adware.Casino) -> Not selected for removal.
C:\Casino\bet365casino\data\lobby\menu\gametype-alpha.jpg (Adware.Casino) -> Not selected for removal.
C:\Casino\bet365casino\data\lobby\menu\gametype.jpg (Adware.Casino) -> Not selected for removal.
C:\Casino\bet365casino\data\lobby\menu\gametype_mahjong.jpg (Adware.Casino) -> Not selected for removal.
C:\Casino\bet365casino\data\lobby\menu\headers.jpg (Adware.Casino) -> Not selected for removal.
C:\Casino\bet365casino\data\lobby\sounds\bet365_lobby.mp3 (Adware.Casino) -> Not selected for removal.
C:\Casino\bet365casino\data\lobby\window_jackpot\jp_block.jpg (Adware.Casino) -> Not selected for removal.
C:\Casino\bet365casino\data\lobby\window_jackpot\jp_button-alpha.jpg (Adware.Casino) -> Not selected for removal.
C:\Casino\bet365casino\data\lobby\window_jackpot\jp_button.jpg (Adware.Casino) -> Not selected for removal.
C:\Casino\bet365casino\data\lobby\window_jackpot\jp_window-alpha.jpg (Adware.Casino) -> Not selected for removal.
C:\Casino\bet365casino\data\lobby\window_jackpot\jp_window.jpg (Adware.Casino) -> Not selected for removal.
C:\Casino\bet365casino\data\roulette_ln\history_numbers.png (Adware.Casino) -> Not selected for removal.
C:\Casino\bet365casino\data\roulette_ln\history_over.png (Adware.Casino) -> Not selected for removal.
C:\Casino\bet365casino\data\shared\black100x100.png (Adware.Casino) -> Not selected for removal.
C:\Casino\bet365casino\data\shared\loading.png (Adware.Casino) -> Not selected for removal.
C:\Casino\bet365casino\data\shared\loading_anim.png (Adware.Casino) -> Not selected for removal.
C:\Casino\bet365casino\data\shared\buttons\buttons-alpha.jpg (Adware.Casino) -> Not selected for removal.
C:\Casino\bet365casino\data\shared\buttons\buttons.jpg (Adware.Casino) -> Not selected for removal.
C:\Casino\bet365casino\data\shared\fonts\kabelultbt.fon (Adware.Casino) -> Not selected for removal.
C:\Casino\bet365casino\data\shared\fonts\serifabdcnbt.fon (Adware.Casino) -> Not selected for removal.
C:\Casino\bet365casino\data\shared\fonts\square721bdexbt.fon (Adware.Casino) -> Not selected for removal.
C:\Casino\bet365casino\data\shared\fonts\tahoma10b.fon (Adware.Casino) -> Not selected for removal.
C:\Casino\bet365casino\data\shared\fonts\tahoma7.fon (Adware.Casino) -> Not selected for removal.
C:\Casino\bet365casino\data\shared\fonts\tahoma8.fon (Adware.Casino) -> Not selected for removal.
C:\Casino\bet365casino\data\shared\fonts\tahoma8b.fon (Adware.Casino) -> Not selected for removal.
C:\Casino\bet365casino\data\shared\html\bg.jpg (Adware.Casino) -> Not selected for removal.
C:\Casino\bet365casino\data\shared\html\button_left.gif (Adware.Casino) -> Not selected for removal.
C:\Casino\bet365casino\data\shared\html\button_middle.gif (Adware.Casino) -> Not selected for removal.
C:\Casino\bet365casino\data\shared\html\button_right.gif (Adware.Casino) -> Not selected for removal.
C:\Casino\bet365casino\data\shared\html\cashier_offline.css (Adware.Casino) -> Not selected for removal.
C:\Casino\bet365casino\data\shared\html\cashier_offline.html (Adware.Casino) -> Not selected for removal.
C:\Casino\bet365casino\data\shared\html\cashier_offline.js (Adware.Casino) -> Not selected for removal.
C:\Casino\bet365casino\data\shared\html\cashier_offline_functions.js (Adware.Casino) -> Not selected for removal.
C:\Casino\bet365casino\data\shared\html\dealer.jpg (Adware.Casino) -> Not selected for removal.
C:\Casino\bet365casino\data\shared\html\icon_comps.gif (Adware.Casino) -> Not selected for removal.
C:\Casino\bet365casino\data\shared\html\icon_transactionhistory.gif (Adware.Casino) -> Not selected for removal.
C:\Casino\bet365casino\data\shared\html\icon_withdraw.gif (Adware.Casino) -> Not selected for removal.
C:\Casino\bet365casino\data\shared\html\logo_offline_cashier.gif (Adware.Casino) -> Not selected for removal.
C:\Casino\bet365casino\data\shared\html\spacer.gif (Adware.Casino) -> Not selected for removal.
C:\Casino\bet365casino\data\shared\html\chat\chat.html (Adware.Casino) -> Not selected for removal.
C:\Casino\bet365casino\data\shared\html\chat\colors.html (Adware.Casino) -> Not selected for removal.
C:\Casino\bet365casino\data\shared\html\chat\edit.html (Adware.Casino) -> Not selected for removal.
C:\Casino\bet365casino\data\shared\html\chat\emoticons.html (Adware.Casino) -> Not selected for removal.
C:\Casino\bet365casino\data\shared\html\chat\emoticons\01.gif (Adware.Casino) -> Not selected for removal.
C:\Casino\bet365casino\data\shared\html\chat\emoticons\02.gif (Adware.Casino) -> Not selected for removal.
C:\Casino\bet365casino\data\shared\html\chat\emoticons\03.gif (Adware.Casino) -> Not selected for removal.
C:\Casino\bet365casino\data\shared\html\chat\emoticons\04.gif (Adware.Casino) -> Not selected for removal.
C:\Casino\bet365casino\data\shared\html\chat\emoticons\05.gif (Adware.Casino) -> Not selected for removal.
C:\Casino\bet365casino\data\shared\html\chat\emoticons\06.gif (Adware.Casino) -> Not selected for removal.
C:\Casino\bet365casino\data\shared\html\chat\emoticons\07.gif (Adware.Casino) -> Not selected for removal.
C:\Casino\bet365casino\data\shared\html\chat\emoticons\08.gif (Adware.Casino) -> Not selected for removal.
C:\Casino\bet365casino\data\shared\html\chat\emoticons\09.gif (Adware.Casino) -> Not selected for removal.
C:\Casino\bet365casino\data\shared\html\chat\emoticons\10.gif (Adware.Casino) -> Not selected for removal.
C:\Casino\bet365casino\data\shared\html\chat\emoticons\11.gif (Adware.Casino) -> Not selected for removal.
C:\Casino\bet365casino\data\shared\html\chat\emoticons\12.gif (Adware.Casino) -> Not selected for removal.
C:\Casino\bet365casino\data\shared\html\chat\emoticons\13.gif (Adware.Casino) -> Not selected for removal.
C:\Casino\bet365casino\data\shared\html\chat\emoticons\14.gif (Adware.Casino) -> Not selected for removal.
C:\Casino\bet365casino\data\shared\interface\bottom_ribbon-alpha.jpg (Adware.Casino) -> Not selected for removal.
C:\Casino\bet365casino\data\shared\interface\bottom_ribbon.jpg (Adware.Casino) -> Not selected for removal.
C:\Casino\bet365casino\data\shared\interface\buttons.jpg (Adware.Casino) -> Not selected for removal.
C:\Casino\bet365casino\data\shared\interface\button_close.jpg (Adware.Casino) -> Not selected for removal.
C:\Casino\bet365casino\data\shared\interface\cashier_playforreal.jpg (Adware.Casino) -> Not selected for removal.
C:\Casino\bet365casino\data\shared\interface\chat.jpg (Adware.Casino) -> Not selected for removal.
C:\Casino\bet365casino\data\shared\interface\close.jpg (Adware.Casino) -> Not selected for removal.
C:\Casino\bet365casino\data\shared\interface\game.jpg (Adware.Casino) -> Not selected for removal.
C:\Casino\bet365casino\data\shared\interface\logo-alpha.jpg (Adware.Casino) -> Not selected for removal.
C:\Casino\bet365casino\data\shared\interface\logo.jpg (Adware.Casino) -> Not selected for removal.
C:\Casino\bet365casino\data\shared\interface\logo_download-alpha.jpg (Adware.Casino) -> Not selected for removal.
C:\Casino\bet365casino\data\shared\interface\logo_download.jpg (Adware.Casino) -> Not selected for removal.
C:\Casino\bet365casino\data\shared\interface\menu-alpha.jpg (Adware.Casino) -> Not selected for removal.
C:\Casino\bet365casino\data\shared\interface\menu.jpg (Adware.Casino) -> Not selected for removal.
C:\Casino\bet365casino\data\shared\interface\messageoftheday.jpg (Adware.Casino) -> Not selected for removal.
C:\Casino\bet365casino\data\shared\interface\onlinestatus.jpg (Adware.Casino) -> Not selected for removal.
C:\Casino\bet365casino\data\shared\interface\online_support.jpg (Adware.Casino) -> Not selected for removal.
C:\Casino\bet365casino\data\shared\interface\options-dialog.jpg (Adware.Casino) -> Not selected for removal.
C:\Casino\bet365casino\data\shared\interface\options-dialog2.jpg (Adware.Casino) -> Not selected for removal.
C:\Casino\bet365casino\data\shared\interface\options_adjust.jpg (Adware.Casino) -> Not selected for removal.
C:\Casino\bet365casino\data\shared\interface\options_ribbon.jpg (Adware.Casino) -> Not selected for removal.
C:\Casino\bet365casino\data\shared\interface\options_slider.jpg (Adware.Casino) -> Not selected for removal.
C:\Casino\bet365casino\data\shared\interface\playtech-alpha.jpg (Adware.Casino) -> Not selected for removal.
C:\Casino\bet365casino\data\shared\interface\playtech.jpg (Adware.Casino) -> Not selected for removal.
C:\Casino\bet365casino\data\shared\interface\play_for_real2-alpha.jpg (Adware.Casino) -> Not selected for removal.
C:\Casino\bet365casino\data\shared\interface\play_for_real2.jpg (Adware.Casino) -> Not selected for removal.
C:\Casino\bet365casino\data\shared\interface\sound.jpg (Adware.Casino) -> Not selected for removal.
C:\Casino\bet365casino\data\shared\interface\chat\chat_window.png (Adware.Casino) -> Not selected for removal.
C:\Casino\bet365casino\data\shared\interface\chat\close.png (Adware.Casino) -> Not selected for removal.
C:\Casino\bet365casino\data\shared\interface\chat\font.png (Adware.Casino) -> Not selected for removal.
C:\Casino\bet365casino\data\shared\interface\chat\send.png (Adware.Casino) -> Not selected for removal.
C:\Casino\bet365casino\data\shared\interface\ui\ui-alpha.jpg (Adware.Casino) -> Not selected for removal.
C:\Casino\bet365casino\data\shared\interface\ui\ui.jpg (Adware.Casino) -> Not selected for removal.
C:\Casino\bet365casino\data\shared\ln\cross.png (Adware.Casino) -> Not selected for removal.
C:\Casino\bet365casino\data\shared\ln\scrollbuttons.png (Adware.Casino) -> Not selected for removal.
C:\Casino\bet365casino\data\shared\ui\sysmenu-alpha.jpg (Adware.Casino) -> Not selected for removal.
C:\Casino\bet365casino\data\shared\ui\sysmenu.jpg (Adware.Casino) -> Not selected for removal.
C:\Casino\bet365casino\data\sicbo_ln\history_dice.png (Adware.Casino) -> Not selected for removal.
C:\Casino\bet365casino\data\sicbo_ln\history_over.png (Adware.Casino) -> Not selected for removal.
C:\WINDOWS\Update.dll (Trojan.Agent) -> Delete on reboot.
C:\WINDOWS\system32\System.exe (Trojan.Agent) -> Delete on reboot.
C:\WINDOWS\system32\drivers\HBKernel32.sys (Backdoor.Bot) -> Delete on reboot.
C:\WINDOWS\855731L.exe (Spyware.OnlineGames) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\HBmhly.dll (Spyware.OnlineGames) -> Delete on reboot.
