Kone hitaana, virukset poistettu? Hjt loki

Tässä ois



Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 16:38:27, on 12.12.2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16762)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Sygate\SPF\smc.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\brsvc01a.exe
C:\WINDOWS\system32\brss01a.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\WINDOWS\arservice.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\system32\CTsvcCDA.exe
C:\Program Files\Creative\Shared Files\CTDevSrv.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\WINDOWS\system32\svchost.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\Program Files\Canon\CAL\CALMAIN.exe
C:\PROGRA~1\AVG\AVG8\avgemc.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\ehome\ehtray.exe
C:\WINDOWS\eHome\ehmsas.exe
C:\WINDOWS\RTHDCPL.EXE
C:\WINDOWS\ARPWRMSG.EXE
C:\Program Files\HP DigitalMedia Archive\DMAScheduler.exe
C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe
C:\PROGRA~1\Sony\SONICS~1\SsAAD.exe
C:\PROGRA~1\AVG\AVG8\avgtray.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Creative\Creative Media Lite\CTZDetec.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Logitech\SetPoint\SetPoint.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Common Files\Logishrd\KHAL2\KHALMNPR.EXE
C:\WINDOWS\system32\wuauclt.exe
C:\HP\KBD\KBD.EXE
c:\windows\system\hpsysdrv.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\Program Files\Windows Live\Messenger\usnsvc.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=FI_FI&c=64&bd=PAVILION&pf=desktop
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: Windows Liven kirjautumisapuohjelma - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\3.1.807.1746\swg.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [ftutil2] rundll32.exe ftutil2.dll,SetWriteCacheMode
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [AlwaysReady Power Message APP] ARPWRMSG.EXE
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [DMAScheduler] "c:\Program Files\HP DigitalMedia Archive\DMAScheduler.exe"
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [HPBootOp] "C:\Program Files\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe" /run
O4 - HKLM\..\Run: [Reminder] "C:\Windows\Creator\Remind_XP.exe"
O4 - HKLM\..\Run: [SSBkgdUpdate] "C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot
O4 - HKLM\..\Run: [PaperPort PTD] C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe
O4 - HKLM\..\Run: [IndexSearch] C:\Program Files\ScanSoft\PaperPort\IndexSearch.exe
O4 - HKLM\..\Run: [SetDefPrt] C:\Program Files\Brother\Brmfl05a\BrStDvPt.exe
O4 - HKLM\..\Run: [ControlCenter2.0] C:\Program Files\Brother\ControlCenter2\brctrcen.exe /autorun
O4 - HKLM\..\Run: [SsAAD.exe] C:\PROGRA~1\Sony\SONICS~1\SsAAD.exe
O4 - HKLM\..\Run: [PCSuiteTrayApplication] C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe -startup
O4 - HKLM\..\Run: [PinnacleDriverCheck] C:\WINDOWS\system32\PSDrvCheck.exe -CheckReg
O4 - HKLM\..\Run: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [SmcService] C:\PROGRA~1\Sygate\SPF\smc.exe -startgui
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [CTZDetec.exe] C:\Program Files\Creative\Creative Media Lite\CTZDetec.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKUS\S-1-5-18\..\Run: [Nokia.PCSync] C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [Nokia.PCSync] C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog (User 'Default user')
O4 - S-1-5-18 Startup: Pin.lnk = C:\hp\bin\CLOAKER.EXE (User 'SYSTEM')
O4 - S-1-5-18 Startup: PinMcLnk.lnk = C:\hp\bin\cloaker.exe (User 'SYSTEM')
O4 - .DEFAULT Startup: Pin.lnk = C:\hp\bin\CLOAKER.EXE (User 'Default user')
O4 - .DEFAULT Startup: PinMcLnk.lnk = C:\hp\bin\cloaker.exe (User 'Default user')
O4 - .DEFAULT User Startup: Pin.lnk = C:\hp\bin\CLOAKER.EXE (User 'Default user')
O4 - .DEFAULT User Startup: PinMcLnk.lnk = C:\hp\bin\cloaker.exe (User 'Default user')
O4 - Global Startup: Adobe Gamma Loader.lnk = ?
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\SetPoint.exe
O4 - Global Startup: Status Monitor.lnk = C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: Vie Microsoft E&xceliin - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre6\bin\jp2iexp.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre6\bin\jp2iexp.dll
O9 - Extra button: Lisää tämä blogiin - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Lisää tämä blogiin tuotteessa Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Oheistiedot - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab31267.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
O16 - DPF: {97E71027-0BA2-44F2-97DB-F84D808ED0B6} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab55762.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://messenger.zone.msn.com/binary/ZIntro.cab55579.cab
O16 - DPF: {BDBDE413-7B1C-4C68-A8FF-C5B2B4090876} (F-Secure Online Scanner 3.3) - http://support.f-secure.com/ols/fscax.cab
O16 - DPF: {BFF1950D-B1B4-4AE8-B842-B2CCF06D9A1B} (Zylom Games Player) - http://game03.zylom.com/activex/zylomgamesplayer.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O16 - DPF: {D821DC4A-0814-435E-9820-661C543A4679} (CRLDownloadWrapper Class) - http://drmlicense.one.microsoft.com/crlupdate/en/crlocx.ocx
O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab56986.cab
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O20 - AppInit_DLLs: avgrsstx.dll
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: AVG8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgemc.exe
O23 - Service: AVG8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: Bonjour-palvelu (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: BrSplService (Brother XP spl Service) - brother Industries Ltd - C:\WINDOWS\system32\brsvc01a.exe
O23 - Service: Canon Camera Access Library 8 (CCALib8) - Canon Inc. - C:\Program Files\Canon\CAL\CALMAIN.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.exe
O23 - Service: CT Device Query service (CTDevice_Srv) - Creative Technology Ltd - C:\Program Files\Creative\Shared Files\CTDevSrv.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: iPod-palvelu (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: Logitech Bluetooth Service (LBTServ) - Logitech, Inc. - C:\Program Files\Common Files\Logitech\Bluetooth\LBTServ.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: MSCSPTISRV - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\MSCSPTISRV.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PACSPTISVR - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\PACSPTISVR.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: Sygate Personal Firewall (SmcService) - Sygate Technologies, Inc. - C:\Program Files\Sygate\SPF\smc.exe
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe

--
End of file - 13384 bytes

 

scannaa hjt:llä merkkaa paina Fix checked

R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
O4 - HKLM\..\Run: [SSBkgdUpdate] "C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup

 

Nyt on tehtynä

 

Miten kone sätkii

 

iha hyvi. netti on vaa jostaki syystä hieman hidas ja sit tehtäviel hallinnas suoritin käyttö heittelee laajalla marginaalilla. välil se on 8% sit 35% ja sit 100% jne.

 

Kuinkas paljon siinä on tuota keskusmuistia yhteensä.

Onkos koneen sisältä putsattu pölyt.

=============

scannaa uusi combofix loki

 

Mistä tuon keskusmuistin näkee?
Pölyjä taas ei ole taidettu puhdistaa aikoihin.

Joka tapauksessa tässä combofix log


ComboFix 08-12-11.06 - HP_Administrator 2008-12-12 18:45:42.3 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.385 [GMT 2:00]
Sijainti: c:\documents and settings\HP_Administrator\Desktop\ComboFix.exe
* Uusi palautuspiste luotu
.

(((((((((((((((((((((((((((((((((((((( Muut poistot ))))))))))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\windows\system32\IEDFix.C.exe
c:\windows\system32\o4Patch.exe
c:\windows\system32\Process.exe
c:\windows\system32\SrchSTS.exe

.
((((( Tiedostot, jotka on luotu seuraavalla aikavälillä: 2008-11-12 to 2008-12-12 )))))))))))))))))
.

2008-12-11 15:33 . 2008-12-11 15:33 <DIR> d-------- C:\fsaua.data
2008-12-10 23:27 . 2008-12-10 23:35 0 --a------ C:\23990098.$$$
2008-12-10 22:07 . 2008-12-10 22:14 <DIR> d-------- C:\Bases
2008-12-10 22:02 . 2008-12-10 23:39 <DIR> d-------- C:\Kaspersky
2008-12-09 16:13 . 2008-12-09 16:13 410,984 --a------ c:\windows\system32\deploytk.dll
2008-12-08 23:38 . 2008-12-08 23:38 <DIR> d-------- c:\windows\ERUNT
2008-12-08 15:53 . 2008-12-08 15:53 <DIR> d-------- c:\program files\Malwarebytes' Anti-Malware
2008-12-08 15:53 . 2008-12-08 15:53 <DIR> d-------- c:\documents and settings\HP_Administrator\Application Data\Malwarebytes
2008-12-08 15:53 . 2008-12-08 15:53 <DIR> d-------- c:\documents and settings\All Users\Application Data\Malwarebytes
2008-12-08 15:53 . 2008-12-03 19:52 38,496 --a------ c:\windows\system32\drivers\mbamswissarmy.sys
2008-12-08 15:53 . 2008-12-03 19:52 15,504 --a------ c:\windows\system32\drivers\mbam.sys
2008-12-07 00:19 . 2007-10-26 05:34 8,460,288 --a------ c:\windows\system32\dllcache\shell32.dll
2008-12-06 22:59 . 2004-08-09 23:00 71,040 --------- c:\windows\system32\drivers\_005300_.tmp.dll
2008-12-06 19:25 . 2008-12-08 15:27 <DIR> d-------- c:\documents and settings\HP_Administrator\Application Data\SUPERAntiSpyware.com
2008-12-06 19:25 . 2008-12-06 19:25 <DIR> d-------- c:\documents and settings\All Users\Application Data\SUPERAntiSpyware.com
2008-11-26 14:43 . 2008-11-26 14:43 <DIR> d-------- c:\program files\iTunes
2008-11-26 14:43 . 2008-11-26 14:43 <DIR> d-------- c:\program files\iPod
2008-11-26 14:43 . 2008-11-26 14:43 <DIR> d-------- c:\documents and settings\All Users\Application Data\{3276BE95_AF08_429F_A64F_CA64CB79BCF6}

.
(((((((((((((((((((((((((((((((((((( Find3M-raportti ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-12-12 16:00 --------- d-----w c:\documents and settings\HP_Administrator\Application Data\uTorrent
2008-12-11 20:06 --------- d-----w c:\documents and settings\HP_Administrator\Application Data\Hamachi
2008-12-10 14:41 --------- d-----w c:\program files\Yahoo!
2008-12-09 21:24 --------- d-----w c:\program files\Logitech
2008-12-09 14:27 --------- d-----w c:\program files\Java
2008-12-08 13:27 --------- d-----w c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2008-12-08 13:26 --------- d-----w c:\program files\Common Files\Wise Installation Wizard
2008-12-06 16:42 --------- d-----w c:\program files\Warcraft III
2008-12-06 13:26 --------- d-----w c:\program files\Steam
2008-11-29 21:59 --------- d-----w c:\program files\DivX
2008-11-26 12:41 --------- d-----w c:\program files\QuickTime
2008-11-26 12:40 --------- d-----w c:\program files\Common Files\Apple
2008-11-17 11:48 --------- d---a-w c:\documents and settings\All Users\Application Data\TEMP
2008-11-08 18:44 --------- d-----w c:\documents and settings\HP_Administrator\Application Data\mIRC
2008-11-08 17:52 --------- d-----w c:\program files\mIRC
2008-11-08 16:57 --------- d-----w c:\documents and settings\HP_Administrator\Application Data\FloodLightGames
2008-11-08 16:57 --------- d-----w c:\documents and settings\All Users\Application Data\FloodLightGames
2008-11-08 16:56 --------- d-----w c:\program files\Taukopelit
2008-11-08 15:45 --------- d-----w c:\documents and settings\HP_Administrator\Application Data\Flood Light Games
2008-11-08 15:45 --------- d-----w c:\documents and settings\All Users\Application Data\Flood Light Games
2008-11-08 15:44 --------- d-----w c:\program files\Common Files\Oberon Media
2008-11-06 18:01 --------- d-----w c:\program files\WinTV
2008-11-05 14:04 98,304 ----a-w c:\windows\system32\CmdLineExt.dll
2008-11-05 13:23 --------- d--h--w c:\program files\InstallShield Installation Information
2008-11-05 13:23 --------- d-----w c:\program files\Rockstar Games
2008-11-02 14:15 30 ----a-w c:\documents and settings\HP_Administrator\jagex_runescape_preferences.dat
2008-10-28 22:36 823,296 ----a-w c:\windows\system32\divx_xx0c.dll
2008-10-28 22:36 823,296 ----a-w c:\windows\system32\divx_xx07.dll
2008-10-28 22:35 815,104 ----a-w c:\windows\system32\divx_xx0a.dll
2008-10-28 22:35 802,816 ----a-w c:\windows\system32\divx_xx11.dll
2008-10-28 22:35 684,032 ----a-w c:\windows\system32\DivX.dll
2008-10-26 09:18 --------- dc----w c:\documents and settings\All Users\Application Data\{51019853-129C-4EDE-9030-D5FD7BBD9AD0}
2008-10-24 11:10 453,632 ----a-w c:\windows\system32\drivers\mrxsmb.sys
2008-10-24 11:10 453,632 ----a-w c:\windows\system32\dllcache\mrxsmb.sys
2008-10-23 13:01 283,648 ----a-w c:\windows\system32\gdi32.dll
2008-10-23 13:01 283,648 ----a-w c:\windows\system32\dllcache\gdi32.dll
2008-10-18 20:12 --------- d-----w c:\program files\TVUPlayer
2008-10-18 20:12 --------- d-----w c:\documents and settings\All Users\Application Data\TVU Networks
2008-10-17 00:08 3,593,216 ----a-w c:\windows\system32\dllcache\mshtml.dll
2008-10-16 18:44 --------- d-----w c:\documents and settings\HP_Administrator\Application Data\teamspeak2
2008-10-16 14:28 --------- d-----w c:\program files\uTorrent
2008-10-16 13:11 70,656 ----a-w c:\windows\system32\dllcache\ie4uinit.exe
2008-10-16 13:11 13,824 ------w c:\windows\system32\dllcache\ieudinit.exe
2008-10-16 12:13 202,776 ----a-w c:\windows\system32\wuweb.dll
2008-10-16 12:13 202,776 ----a-w c:\windows\system32\dllcache\wuweb.dll
2008-10-16 12:13 1,809,944 ----a-w c:\windows\system32\wuaueng.dll
2008-10-16 12:13 1,809,944 ----a-w c:\windows\system32\dllcache\wuaueng.dll
2008-10-16 12:12 561,688 ----a-w c:\windows\system32\wuapi.dll
2008-10-16 12:12 561,688 ----a-w c:\windows\system32\dllcache\wuapi.dll
2008-10-16 12:12 323,608 ----a-w c:\windows\system32\wucltui.dll
2008-10-16 12:12 323,608 ----a-w c:\windows\system32\dllcache\wucltui.dll
2008-10-16 12:09 92,696 ----a-w c:\windows\system32\dllcache\cdm.dll
2008-10-16 12:09 92,696 ----a-w c:\windows\system32\cdm.dll
2008-10-16 12:09 51,224 ----a-w c:\windows\system32\wuauclt.exe
2008-10-16 12:09 51,224 ----a-w c:\windows\system32\dllcache\wuauclt.exe
2008-10-16 12:09 43,544 ----a-w c:\windows\system32\wups2.dll
2008-10-16 12:08 34,328 ----a-w c:\windows\system32\wups.dll
2008-10-16 12:08 34,328 ----a-w c:\windows\system32\dllcache\wups.dll
2008-10-16 12:06 268,648 ----a-w c:\windows\system32\mucltui.dll
2008-10-16 12:06 208,744 ----a-w c:\windows\system32\muweb.dll
2008-10-15 16:57 332,800 ----a-w c:\windows\system32\dllcache\netapi32.dll
2008-10-15 07:06 633,632 ----a-w c:\windows\system32\dllcache\iexplore.exe
2008-10-15 07:04 161,792 ----a-w c:\windows\system32\dllcache\ieakui.dll
2008-10-14 12:42 --------- d-----w c:\program files\HP
2008-10-14 12:42 --------- d-----w c:\program files\Hewlett-Packard
2008-10-12 13:56 --------- d-----w c:\program files\Zombie Panic Source
2008-10-03 10:15 247,326 ----a-w c:\windows\system32\strmdll.dll
2008-10-03 10:15 247,326 ----a-w c:\windows\system32\dllcache\strmdll.dll
2008-09-30 14:43 1,286,152 ----a-w c:\windows\system32\msxml4.dll
2008-09-27 13:26 111,928 ----a-w c:\windows\system32\PnkBstrB.exe
2008-09-25 08:03 81,920 ----a-w c:\windows\system32\dpl100.dll
2008-09-25 08:03 593,920 ----a-w c:\windows\system32\dpuGUI11.dll
2008-09-25 08:03 57,344 ----a-w c:\windows\system32\dpv11.dll
2008-09-25 08:03 53,248 ----a-w c:\windows\system32\dpuGUI10.dll
2008-09-25 08:03 524,288 ----a-w c:\windows\system32\DivXsm.exe
2008-09-25 08:03 344,064 ----a-w c:\windows\system32\dpus11.dll
2008-09-25 08:03 294,912 ----a-w c:\windows\system32\dpu11.dll
2008-09-25 08:03 294,912 ----a-w c:\windows\system32\dpu10.dll
2008-09-25 08:03 196,608 ----a-w c:\windows\system32\dtu100.dll
2008-09-25 08:03 161,096 ----a-w c:\windows\system32\DivXCodecVersionChecker.exe
2008-09-19 21:57 3,596,288 ----a-w c:\windows\system32\qt-dx331.dll
2008-09-19 21:55 200,704 ----a-w c:\windows\system32\ssldivx.dll
2008-09-19 21:55 1,044,480 ----a-w c:\windows\system32\libdivx.dll
2008-09-19 21:54 12,288 ----a-w c:\windows\system32\DivXWMPExtType.dll
2008-09-18 00:41 42,320 ----a-w c:\windows\system32\xfcodec.dll
2008-09-15 11:57 1,846,016 ----a-w c:\windows\system32\win32k.sys
2008-09-15 11:57 1,846,016 ----a-w c:\windows\system32\dllcache\win32k.sys
2008-06-10 13:01 1,206 ----a-w c:\documents and settings\HP_Administrator\Application Data\wklnhst.dat
2008-02-13 15:47 22,328 ----a-w c:\documents and settings\HP_Administrator\Application Data\PnkBstrK.sys
2006-12-24 17:33 251 ----a-w c:\program files\wt3d.ini
.

(((((((((((((((((((((((((((((( Rekisterin käynnistyskohteet )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Huom* Tyhjiä arvoja ja laillisia oletusarvoja ei näytetä
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-06-15 68856]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2004-08-09 15360]
"CTZDetec.exe"="c:\program files\Creative\Creative Media Lite\CTZDetec.exe" [2007-05-15 98304]
"msnmsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2007-10-18 5724184]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ehTray"="c:\windows\ehome\ehtray.exe" [2005-08-05 64512]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-05-02 13529088]
"DMAScheduler"="c:\program files\HP DigitalMedia Archive\DMAScheduler.exe" [2006-04-13 90112]
"Recguard"="c:\windows\SMINST\RECGUARD.EXE" [2005-07-22 237568]
"HPBootOp"="c:\program files\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe" [2006-02-15 249856]
"Reminder"="c:\windows\Creator\Remind_XP.exe" [2004-12-13 663552]
"PaperPort PTD"="c:\program files\ScanSoft\PaperPort\pptd40nt.exe" [2005-03-17 57393]
"IndexSearch"="c:\program files\ScanSoft\PaperPort\IndexSearch.exe" [2005-03-17 40960]
"SetDefPrt"="c:\program files\Brother\Brmfl05a\BrStDvPt.exe" [2005-01-26 49152]
"ControlCenter2.0"="c:\program files\Brother\ControlCenter2\brctrcen.exe" [2005-05-17 933888]
"SsAAD.exe"="c:\progra~1\Sony\SONICS~1\SsAAD.exe" [2006-01-07 81920]
"PCSuiteTrayApplication"="c:\program files\Nokia\Nokia PC Suite 6\LaunchApplication.exe" [2007-06-18 271360]
"PinnacleDriverCheck"="c:\windows\system32\PSDrvCheck.exe" [2004-03-10 406016]
"AVG8_TRAY"="c:\progra~1\AVG\AVG8\avgtray.exe" [2008-11-27 1261336]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2008-05-02 86016]
"SmcService"="c:\progra~1\Sygate\SPF\smc.exe" [2004-10-15 2577632]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2008-11-20 290088]
"ftutil2"="ftutil2.dll" [2004-06-07 c:\windows\system32\ftutil2.dll]
"RTHDCPL"="RTHDCPL.EXE" [2006-07-21 c:\windows\RTHDCPL.EXE]
"AlwaysReady Power Message APP"="ARPWRMSG.EXE" [2005-08-03 c:\windows\arpwrmsg.exe]
"Kernel and Hardware Abstraction Layer"="KHALMNPR.EXE" [2008-02-29 c:\windows\KHALMNPR.Exe]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"Nokia.PCSync"="c:\program files\Nokia\Nokia PC Suite 6\PcSync2.exe" [2007-06-19 1241088]

c:\documents and settings\Default User\Start Menu\Programs\Startup\
Pin.lnk - c:\hp\bin\CLOAKER.EXE [2006-09-21 27136]
PinMcLnk.lnk - c:\hp\bin\cloaker.exe [2006-09-21 27136]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
Adobe Gamma Loader.lnk - c:\program files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2007-01-26 113664]
Adobe Reader Speed Launch.lnk - c:\program files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2008-04-23 29696]
Logitech SetPoint.lnk - c:\program files\Logitech\SetPoint\SetPoint.exe [2008-08-21 805392]
Status Monitor.lnk - c:\program files\Brother\Brmfcmon\BrMfcWnd.exe [2007-04-21 802816]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\LBTWlgn]
2008-05-02 01:42 72208 c:\program files\Common Files\Logitech\Bluetooth\LBTWLgn.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=avgrsstx.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"VIDC.XFR1"= xfcodec.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WdfLoadGroup]
@=""

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\PandaAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\PandaFirewall]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Liquid.6\\Program\\RM.exe"=
"c:\\Program Files\\Liquid.6\\Program\\Studiou.mod"=
"c:\\WINDOWS\\system32\\PnkBstrA.exe"=
"c:\\WINDOWS\\system32\\PnkBstrB.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=
"c:\\Program Files\\Steam\\SteamApps\\moks\\counter-strike source\\hl2.exe"=
"c:\\Program Files\\AVG\\AVG8\\avgupd.exe"=
"c:\\Program Files\\AVG\\AVG8\\avgemc.exe"=
"c:\\Program Files\\Steam\\Steam.exe"=
"c:\\Program Files\\The All-Seeing Eye\\eye.exe"=
"c:\\Program Files\\Activision\\Call of Duty 2\\CoD2MP_s.exe"=
"c:\\Program Files\\Steam\\SteamApps\\moks\\day of defeat source\\hl2.exe"=
"c:\\Program Files\\Warcraft III\\w3l.exe"=
"c:\\Program Files\\Warcraft III\\Frozen Throne.exe"=
"c:\\Program Files\\Hamachi\\hamachi.exe"=
"c:\\Documents and Settings\\HP_Administrator\\My Documents\\Tommi\\Pelit\\Warcraft III 1.18\\lancraft.exe"=
"c:\\Program Files\\Warcraft III\\Warcraft III.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\Xfire\\Xfire.exe"=
"c:\\Program Files\\mIRC\\mirc.exe"=
"c:\\Program Files\\uTorrent\\uTorrent.exe"=
"c:\\Documents and Settings\\HP_Administrator\\Desktop\\utorrent.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"7934:UDP"= 7934:UDP:BitComet 7934 UDP
"9849:TCP"= 9849:TCP:BitComet 9849 TCP
"9849:UDP"= 9849:UDP:BitComet 9849 UDP
"617:TCP"= 617:TCP:utorrent

R1 AvgLdx86;AVG AVI Loader Driver x86;c:\windows\system32\Drivers\avgldx86.sys [2008-05-29 97928]
R2 avg8emc;AVG8 E-mail Scanner;c:\progra~1\AVG\AVG8\avgemc.exe [2008-07-21 875288]
R2 avg8wd;AVG8 WatchDog;c:\progra~1\AVG\AVG8\avgwdsvc.exe [2008-07-21 231704]
R2 AvgTdiX;AVG8 Network Redirector;c:\windows\system32\Drivers\avgtdix.sys [2008-05-29 76040]
R3 V0260VID;Live! Cam Vista IM;c:\windows\system32\DRIVERS\V0260Vid.sys [2006-12-29 162176]
S1 ShldDrv;Panda File Shield Driver;\??\c:\windows\system32\DRIVERS\ShlDrv51.sys []
S2 PavProc;Panda Process Protection Driver;\??\c:\windows\system32\DRIVERS\PavProc.sys []

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{0b23511e-8951-11dd-9f55-0014a5bc97b2}]
\Shell\AutoRun\command - M:\LaunchU3.exe -a

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{0b235120-8951-11dd-9f55-0014a5bc97b2}]
\Shell\AutoRun\command - M:\LaunchU3.exe -a

*Newly Created Service* - PROCEXP113
.
'Ajoitetut tehtävät'-kansion sisältö

2008-12-01 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 11:34]

2008-12-12 c:\windows\Tasks\Tarkistetaan Windows Live -työkalurivin päivitykset.job
- c:\program files\Windows Live Toolbar\MSNTBUP.EXE [2007-10-19 11:20]
.
.
------- Täydentävä tarkistus -------
.
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
mSearch Bar = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=FI_FI&c=64&bd=PAVILION&pf=desktop
uInternet Settings,ProxyOverride = *.local
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: &Windows Live Search - c:\program files\Windows Live Toolbar\msntb.dll/search.htm
IE: Vie Microsoft E&xceliin - c:\progra~1\MICROS~3\OFFICE11\EXCEL.EXE/3000

c:\windows\Downloaded Program Files\zylomgamesplayer.dll - O16 -: {BFF1950D-B1B4-4AE8-B842-B2CCF06D9A1B}
hxxp://game03.zylom.com/activex/zylomgamesplayer.cab
c:\windows\Downloaded Program Files\ZylomGamesPlayer.inf
FF - ProfilePath - c:\documents and settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\fylv61dq.default\
FF - prefs.js: browser.search.defaulturl - hxxp://www.google.com/search?lr=&ie=UTF-8&oe=UTF-8&q=
FF - prefs.js: browser.startup.homepage - hxxp://www.youtube.com/
FF - plugin: c:\documents and settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\fylv61dq.default\extensions\firefox@tvunetworks.com\plugins\npTVUAx.dll
FF - plugin: c:\program files\Adobe\Acrobat 7.0\Reader\browser\nppdf32.dll
FF - plugin: c:\program files\iTunes\Mozilla Plugins\npitunes.dll
FF - plugin: c:\program files\Java\jre6\bin\new_plugin\npdeploytk.dll
FF - plugin: c:\program files\Java\jre6\bin\new_plugin\npjp2.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npdeploytk.dll
FF - plugin: c:\program files\Yahoo!\Common\npyaxmpb.dll
.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-12-12 18:50:01
Windows 5.1.2600 Service Pack 2 NTFS

tarkistaa piilotettuja prosesseja ...

tarkistaa piilotettuja käynnistysarvoja ...

tarkistaa piilotettuja tiedostoja ...

tarkistus on valmis
piilotetut tiedostot: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\vsdatant]
"ImagePath"=""
.
--------------------- Prosesseihin ladatut DLLt ---------------------

- - - - - - - > 'winlogon.exe'(832)
c:\windows\system32\avgrsstx.dll
c:\program files\common files\logitech\bluetooth\LBTWlgn.dll
c:\program files\common files\logitech\bluetooth\LBTServ.dll

- - - - - - - > 'lsass.exe'(936)
c:\windows\system32\avgrsstx.dll
.
Valmistumisajankohta: 2008-12-12 18:51:23
ComboFix-quarantined-files.txt 2008-12-12 16:51:07

Ennen ajoa: 30 275 219 456 bytes free
Ajon jälkeen: 30,391,726,080 tavua vapaana

284 --- E O F --- 2008-12-11 06:27:38

 

Avaa Muistio ja kopioi/liitä lainauksen sisältö sinne:

Tallenna se nimellä CFScript.txt

Sitten raahaa CFScript ComboFix.exeen kuten alla.


Käynnistä tietokone uudelleen pyydettäessä ja lähetä combofix.txt-tiedoston sisältö tänne.

 

Tässäpä tuo


ComboFix 08-12-11.06 - HP_Administrator 2008-12-13 0:27:05.4 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.358 [GMT 2:00]
Sijainti: c:\documents and settings\HP_Administrator\Desktop\ComboFix.exe
Käytetyt komentorivivalitsimet :: c:\documents and settings\HP_Administrator\Desktop\CFScript.txt
* Uusi palautuspiste luotu
.

(((((((((((((((((((((((((((((((((((((( Muut poistot ))))))))))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\23990098.$$$\
C:\Bases
c:\bases\avcmhk5.mhk
c:\bases\avp.klb
c:\bases\avp.set
c:\bases\avp.vnd
c:\bases\base001.avc
c:\bases\base001c.avc
c:\bases\base002.avc
c:\bases\base002c.avc
c:\bases\base003.avc
c:\bases\base003c.avc
c:\bases\base004.avc
c:\bases\base004c.avc
c:\bases\base005.avc
c:\bases\base005c.avc
c:\bases\base006.avc
c:\bases\base006c.avc
c:\bases\base007.avc
c:\bases\base007c.avc
c:\bases\base008.avc
c:\bases\base008c.avc
c:\bases\base009.avc
c:\bases\base009c.avc
c:\bases\base010.avc
c:\bases\base010c.avc
c:\bases\base011.avc
c:\bases\base011c.avc
c:\bases\base012.avc
c:\bases\base012c.avc
c:\bases\base013.avc
c:\bases\base013c.avc
c:\bases\base014.avc
c:\bases\base014c.avc
c:\bases\base015.avc
c:\bases\base015c.avc
c:\bases\base016.avc
c:\bases\base016c.avc
c:\bases\base017.avc
c:\bases\base017c.avc
c:\bases\base018.avc
c:\bases\base018c.avc
c:\bases\base019.avc
c:\bases\base019c.avc
c:\bases\base020.avc
c:\bases\base020c.avc
c:\bases\base021.avc
c:\bases\base021c.avc
c:\bases\base022.avc
c:\bases\base022c.avc
c:\bases\base023.avc
c:\bases\base023c.avc
c:\bases\base024.avc
c:\bases\base024c.avc
c:\bases\base025.avc
c:\bases\base025c.avc
c:\bases\base026.avc
c:\bases\base026c.avc
c:\bases\base027.avc
c:\bases\base027c.avc
c:\bases\base028.avc
c:\bases\base028c.avc
c:\bases\base029.avc
c:\bases\base029c.avc
c:\bases\base030.avc
c:\bases\base030c.avc
c:\bases\base031.avc
c:\bases\base031c.avc
c:\bases\base032.avc
c:\bases\base032c.avc
c:\bases\base033.avc
c:\bases\base033c.avc
c:\bases\base034.avc
c:\bases\base034c.avc
c:\bases\base035.avc
c:\bases\base035c.avc
c:\bases\base036.avc
c:\bases\base036c.avc
c:\bases\base037.avc
c:\bases\base037c.avc
c:\bases\base038.avc
c:\bases\base038c.avc
c:\bases\base039.avc
c:\bases\base039c.avc
c:\bases\base040.avc
c:\bases\base040c.avc
c:\bases\base041.avc
c:\bases\base041c.avc
c:\bases\base042.avc
c:\bases\base042c.avc
c:\bases\base043.avc
c:\bases\base043c.avc
c:\bases\base044.avc
c:\bases\base044c.avc
c:\bases\base045.avc
c:\bases\base045c.avc
c:\bases\base046.avc
c:\bases\base046c.avc
c:\bases\base047.avc
c:\bases\base047c.avc
c:\bases\base048.avc
c:\bases\base048c.avc
c:\bases\base049.avc
c:\bases\base049c.avc
c:\bases\base050.avc
c:\bases\base050c.avc
c:\bases\base051.avc
c:\bases\base051c.avc
c:\bases\base052.avc
c:\bases\base052c.avc
c:\bases\base053.avc
c:\bases\base053c.avc
c:\bases\base054.avc
c:\bases\base054c.avc
c:\bases\base055.avc
c:\bases\base055c.avc
c:\bases\base056.avc
c:\bases\base056c.avc
c:\bases\base057.avc
c:\bases\base057c.avc
c:\bases\base058.avc
c:\bases\base058c.avc
c:\bases\base059.avc
c:\bases\base059c.avc
c:\bases\base060.avc
c:\bases\base060c.avc
c:\bases\base061.avc
c:\bases\base061c.avc
c:\bases\base062.avc
c:\bases\base062c.avc
c:\bases\base063.avc
c:\bases\base063c.avc
c:\bases\base064.avc
c:\bases\base064c.avc
c:\bases\base065.avc
c:\bases\base065c.avc
c:\bases\base066.avc
c:\bases\base066c.avc
c:\bases\base067.avc
c:\bases\base067c.avc
c:\bases\base068.avc
c:\bases\base068c.avc
c:\bases\base069.avc
c:\bases\base069c.avc
c:\bases\base070.avc
c:\bases\base070c.avc
c:\bases\base071.avc
c:\bases\base071c.avc
c:\bases\base072.avc
c:\bases\base072c.avc
c:\bases\base073.avc
c:\bases\base073c.avc
c:\bases\base074.avc
c:\bases\base074c.avc
c:\bases\base075.avc
c:\bases\base075c.avc
c:\bases\base076.avc
c:\bases\base076c.avc
c:\bases\base077.avc
c:\bases\base077c.avc
c:\bases\base078.avc
c:\bases\base078c.avc
c:\bases\base079.avc
c:\bases\base079c.avc
c:\bases\base080.avc
c:\bases\base080c.avc
c:\bases\base081.avc
c:\bases\base081c.avc
c:\bases\base082.avc
c:\bases\base082c.avc
c:\bases\base083.avc
c:\bases\base083c.avc
c:\bases\base084.avc
c:\bases\base084c.avc
c:\bases\base085.avc
c:\bases\base085c.avc
c:\bases\base086.avc
c:\bases\base086c.avc
c:\bases\base087.avc
c:\bases\base087c.avc
c:\bases\base088.avc
c:\bases\base088c.avc
c:\bases\base089.avc
c:\bases\base089c.avc
c:\bases\base090.avc
c:\bases\base090c.avc
c:\bases\base091.avc
c:\bases\base091c.avc
c:\bases\base092.avc
c:\bases\base092c.avc
c:\bases\base093.avc
c:\bases\base093c.avc
c:\bases\base094.avc
c:\bases\base094c.avc
c:\bases\base095.avc
c:\bases\base095c.avc
c:\bases\base096.avc
c:\bases\base096c.avc
c:\bases\base097.avc
c:\bases\base097c.avc
c:\bases\base098.avc
c:\bases\base098c.avc
c:\bases\base099.avc
c:\bases\base099c.avc
c:\bases\base100.avc
c:\bases\base100c.avc
c:\bases\base101.avc
c:\bases\base101c.avc
c:\bases\base102.avc
c:\bases\base102c.avc
c:\bases\base103.avc
c:\bases\base103c.avc
c:\bases\base104.avc
c:\bases\base104c.avc
c:\bases\base105.avc
c:\bases\base105c.avc
c:\bases\base106.avc
c:\bases\base106c.avc
c:\bases\base107.avc
c:\bases\base107c.avc
c:\bases\base108.avc
c:\bases\base108c.avc
c:\bases\base109.avc
c:\bases\base109c.avc
c:\bases\base110.avc
c:\bases\base110c.avc
c:\bases\base111.avc
c:\bases\base111c.avc
c:\bases\base112.avc
c:\bases\base112c.avc
c:\bases\base113.avc
c:\bases\base113c.avc
c:\bases\base114.avc
c:\bases\base114c.avc
c:\bases\base115.avc
c:\bases\base115c.avc
c:\bases\base116.avc
c:\bases\base116c.avc
c:\bases\base117.avc
c:\bases\base117c.avc
c:\bases\base118.avc
c:\bases\base118c.avc
c:\bases\base119.avc
c:\bases\base119c.avc
c:\bases\base120.avc
c:\bases\base120c.avc
c:\bases\base121.avc
c:\bases\base121c.avc
c:\bases\base122.avc
c:\bases\base122c.avc
c:\bases\base123.avc
c:\bases\base123c.avc
c:\bases\base124.avc
c:\bases\base124c.avc
c:\bases\base125.avc
c:\bases\base125c.avc
c:\bases\base126.avc
c:\bases\base126c.avc
c:\bases\base127.avc
c:\bases\base127c.avc
c:\bases\base128.avc
c:\bases\base128c.avc
c:\bases\base129.avc
c:\bases\base129c.avc
c:\bases\base130.avc
c:\bases\base130c.avc
c:\bases\base131.avc
c:\bases\base131c.avc
c:\bases\base132.avc
c:\bases\base132c.avc
c:\bases\base133.avc
c:\bases\base133c.avc
c:\bases\base134.avc
c:\bases\base134c.avc
c:\bases\base135.avc
c:\bases\base135c.avc
c:\bases\base136.avc
c:\bases\base136c.avc
c:\bases\base137.avc
c:\bases\base137c.avc
c:\bases\base138.avc
c:\bases\base138c.avc
c:\bases\base139.avc
c:\bases\base139c.avc
c:\bases\base140.avc
c:\bases\base140c.avc
c:\bases\base141.avc
c:\bases\base141c.avc
c:\bases\base142.avc
c:\bases\base142c.avc
c:\bases\base143.avc
c:\bases\base143c.avc
c:\bases\base144.avc
c:\bases\base144c.avc
c:\bases\base145.avc
c:\bases\base145c.avc
c:\bases\base146.avc
c:\bases\base146c.avc
c:\bases\base147.avc
c:\bases\base147c.avc
c:\bases\base148.avc
c:\bases\base148c.avc
c:\bases\base149.avc
c:\bases\base149c.avc
c:\bases\base150.avc
c:\bases\base150c.avc
c:\bases\base151.avc
c:\bases\base151c.avc
c:\bases\base152.avc
c:\bases\base152c.avc
c:\bases\base153.avc
c:\bases\base153c.avc
c:\bases\base154.avc
c:\bases\base154c.avc
c:\bases\base155.avc
c:\bases\base155c.avc
c:\bases\base156.avc
c:\bases\base156c.avc
c:\bases\base157.avc
c:\bases\base157c.avc
c:\bases\base158.avc
c:\bases\base158c.avc
c:\bases\base159.avc
c:\bases\base159c.avc
c:\bases\base160.avc
c:\bases\base160c.avc
c:\bases\base161.avc
c:\bases\base161c.avc
c:\bases\base162.avc
c:\bases\base162c.avc
c:\bases\base163.avc
c:\bases\base163c.avc
c:\bases\base164.avc
c:\bases\base164c.avc
c:\bases\base165.avc
c:\bases\base165c.avc
c:\bases\base166c.avc
c:\bases\base167c.avc
c:\bases\base168c.avc
c:\bases\base169c.avc
c:\bases\base170c.avc
c:\bases\base171c.avc
c:\bases\base172c.avc
c:\bases\base173c.avc
c:\bases\base174c.avc
c:\bases\base175c.avc
c:\bases\base176c.avc
c:\bases\base177c.avc
c:\bases\base178c.avc
c:\bases\base179c.avc
c:\bases\base180c.avc
c:\bases\base181c.avc
c:\bases\base182c.avc
c:\bases\base183c.avc
c:\bases\base184c.avc
c:\bases\base185c.avc
c:\bases\base186c.avc
c:\bases\base187c.avc
c:\bases\base188c.avc
c:\bases\base189c.avc
c:\bases\base190c.avc
c:\bases\base191c.avc
c:\bases\base192c.avc
c:\bases\base193c.avc
c:\bases\base194c.avc
c:\bases\base195c.avc
c:\bases\base196c.avc
c:\bases\base197c.avc
c:\bases\base198c.avc
c:\bases\base199c.avc
c:\bases\base200c.avc
c:\bases\base201c.avc
c:\bases\base202c.avc
c:\bases\base203c.avc
c:\bases\base204c.avc
c:\bases\base205c.avc
c:\bases\base206c.avc
c:\bases\base207c.avc
c:\bases\base208c.avc
c:\bases\base209c.avc
c:\bases\base210c.avc
c:\bases\base211c.avc
c:\bases\base212c.avc
c:\bases\base213c.avc
c:\bases\base214c.avc
c:\bases\base215c.avc
c:\bases\base216c.avc
c:\bases\base217c.avc
c:\bases\base218c.avc
c:\bases\base219c.avc
c:\bases\base220c.avc
c:\bases\base221c.avc
c:\bases\base222c.avc
c:\bases\base223c.avc
c:\bases\base224c.avc
c:\bases\base225c.avc
c:\bases\base226c.avc
c:\bases\base227c.avc
c:\bases\base228c.avc
c:\bases\base229c.avc
c:\bases\base230c.avc
c:\bases\base231c.avc
c:\bases\base232c.avc
c:\bases\base233c.avc
c:\bases\base234c.avc
c:\bases\base235c.avc
c:\bases\base236c.avc
c:\bases\base237c.avc
c:\bases\base238c.avc
c:\bases\base239c.avc
c:\bases\base240c.avc
c:\bases\base241c.avc
c:\bases\base242c.avc
c:\bases\base243c.avc
c:\bases\base244c.avc
c:\bases\base245c.avc
c:\bases\base246c.avc
c:\bases\base247c.avc
c:\bases\base248c.avc
c:\bases\base249c.avc
c:\bases\base250c.avc
c:\bases\base251c.avc
c:\bases\base252c.avc
c:\bases\base253c.avc
c:\bases\base254c.avc
c:\bases\base255c.avc
c:\bases\base256c.avc
c:\bases\base257c.avc
c:\bases\base258c.avc
c:\bases\base259c.avc
c:\bases\base260c.avc
c:\bases\base261c.avc
c:\bases\base262c.avc
c:\bases\base263c.avc
c:\bases\base264c.avc
c:\bases\base265c.avc
c:\bases\base266c.avc
c:\bases\base267c.avc
c:\bases\base268c.avc
c:\bases\base269c.avc
c:\bases\base270c.avc
c:\bases\base271c.avc
c:\bases\base272c.avc
c:\bases\base273c.avc
c:\bases\base274c.avc
c:\bases\base275c.avc
c:\bases\base276c.avc
c:\bases\base277c.avc
c:\bases\base278c.avc
c:\bases\base279c.avc
c:\bases\base280c.avc
c:\bases\base281c.avc
c:\bases\base282c.avc
c:\bases\base283c.avc
c:\bases\base284c.avc
c:\bases\base285c.avc
c:\bases\base286c.avc
c:\bases\base287c.avc
c:\bases\base288c.avc
c:\bases\base289c.avc
c:\bases\base290c.avc
c:\bases\base291c.avc
c:\bases\base292c.avc
c:\bases\base293c.avc
c:\bases\base294c.avc
c:\bases\base295c.avc
c:\bases\base296c.avc
c:\bases\base297c.avc
c:\bases\base298c.avc
c:\bases\base299c.avc
c:\bases\base300c.avc
c:\bases\base301c.avc
c:\bases\base302c.avc
c:\bases\base303c.avc
c:\bases\base304c.avc
c:\bases\base305c.avc
c:\bases\base306c.avc
c:\bases\base307c.avc
c:\bases\base308c.avc
c:\bases\base309c.avc
c:\bases\base310c.avc
c:\bases\base311c.avc
c:\bases\base312c.avc
c:\bases\base313c.avc
c:\bases\base314c.avc
c:\bases\base315c.avc
c:\bases\base316c.avc
c:\bases\base317c.avc
c:\bases\base318c.avc
c:\bases\base319c.avc
c:\bases\base320c.avc
c:\bases\base321c.avc
c:\bases\base322c.avc
c:\bases\base323c.avc
c:\bases\base324c.avc
c:\bases\base325c.avc
c:\bases\base326c.avc
c:\bases\base327c.avc
c:\bases\base328c.avc
c:\bases\base329c.avc
c:\bases\base330c.avc
c:\bases\base331c.avc
c:\bases\base332c.avc
c:\bases\base333c.avc
c:\bases\base334c.avc
c:\bases\base335c.avc
c:\bases\base336c.avc
c:\bases\base337c.avc
c:\bases\base338c.avc
c:\bases\base339c.avc
c:\bases\base340c.avc
c:\bases\base341c.avc
c:\bases\base342c.avc
c:\bases\base343c.avc
c:\bases\base344c.avc
c:\bases\base345c.avc
c:\bases\base346c.avc
c:\bases\base347c.avc
c:\bases\base348c.avc
c:\bases\base349c.avc
c:\bases\base350c.avc
c:\bases\base351c.avc
c:\bases\base352c.avc
c:\bases\base353c.avc
c:\bases\base354c.avc
c:\bases\base355c.avc
c:\bases\base356c.avc
c:\bases\base357c.avc
c:\bases\base358c.avc
c:\bases\base359c.avc
c:\bases\base360c.avc
c:\bases\base361c.avc
c:\bases\base362c.avc
c:\bases\base363c.avc
c:\bases\base364c.avc
c:\bases\base365c.avc
c:\bases\base366c.avc
c:\bases\base367c.avc
c:\bases\base368c.avc
c:\bases\base369c.avc
c:\bases\base370c.avc
c:\bases\base371c.avc
c:\bases\base372c.avc
c:\bases\base373c.avc
c:\bases\base374c.avc
c:\bases\base375c.avc
c:\bases\base376c.avc
c:\bases\base377c.avc
c:\bases\base378c.avc
c:\bases\base379c.avc
c:\bases\base380c.avc
c:\bases\base381c.avc
c:\bases\base382c.avc
c:\bases\base383c.avc
c:\bases\base384c.avc
c:\bases\base385c.avc
c:\bases\base386c.avc
c:\bases\base387c.avc
c:\bases\base388c.avc
c:\bases\base389c.avc
c:\bases\base390c.avc
c:\bases\base391c.avc
c:\bases\base392c.avc
c:\bases\base393c.avc
c:\bases\base394c.avc
c:\bases\base395c.avc
c:\bases\base396c.avc
c:\bases\base397c.avc
c:\bases\base398c.avc
c:\bases\base399c.avc
c:\bases\base400c.avc
c:\bases\base401c.avc
c:\bases\base402c.avc
c:\bases\base403c.avc
c:\bases\base404c.avc
c:\bases\base405c.avc
c:\bases\base406c.avc
c:\bases\base407c.avc
c:\bases\base408c.avc
c:\bases\base409c.avc
c:\bases\base410c.avc
c:\bases\base411c.avc
c:\bases\base412c.avc
c:\bases\base413c.avc
c:\bases\base414c.avc
c:\bases\base415c.avc
c:\bases\base416c.avc
c:\bases\base417c.avc
c:\bases\base418c.avc
c:\bases\base419c.avc
c:\bases\base420c.avc
c:\bases\base421c.avc
c:\bases\base422c.avc
c:\bases\base423c.avc
c:\bases\base424c.avc
c:\bases\base425c.avc
c:\bases\base426c.avc
c:\bases\base427c.avc
c:\bases\base428c.avc
c:\bases\base429c.avc
c:\bases\base430c.avc
c:\bases\base431c.avc
c:\bases\base432c.avc
c:\bases\base433c.avc
c:\bases\base434c.avc
c:\bases\base435c.avc
c:\bases\base436c.avc
c:\bases\base437c.avc
c:\bases\base438c.avc
c:\bases\base439c.avc
c:\bases\base440c.avc
c:\bases\base441c.avc
c:\bases\base442c.avc
c:\bases\base443c.avc
c:\bases\base444c.avc
c:\bases\base445c.avc
c:\bases\base446c.avc
c:\bases\base447c.avc
c:\bases\base448c.avc
c:\bases\base449c.avc
c:\bases\base450c.avc
c:\bases\base451c.avc
c:\bases\base452c.avc
c:\bases\base453c.avc
c:\bases\base454c.avc
c:\bases\base455c.avc
c:\bases\base456c.avc
c:\bases\base457c.avc
c:\bases\base458c.avc
c:\bases\base459c.avc
c:\bases\base460c.avc
c:\bases\base461c.avc
c:\bases\base462c.avc
c:\bases\base463c.avc
c:\bases\base464c.avc
c:\bases\base465c.avc
c:\bases\base466c.avc
c:\bases\base467c.avc
c:\bases\base468c.avc
c:\bases\base469c.avc
c:\bases\base470c.avc
c:\bases\base471c.avc
c:\bases\base472c.avc
c:\bases\base473c.avc
c:\bases\base474c.avc
c:\bases\base475c.avc
c:\bases\base476c.avc
c:\bases\base999.avc
c:\bases\ca001.avc
c:\bases\ca002.avc
c:\bases\ca003.avc
c:\bases\chuka.avc
c:\bases\daily-ec.avc
c:\bases\daily-ex.avc
c:\bases\daily.avc
c:\bases\dailyc.avc
c:\bases\eicar.avc
c:\bases\engine.cfg
c:\bases\engine.dt
c:\bases\ext001.avc
c:\bases\ext001c.avc
c:\bases\ext002.avc
c:\bases\ext002c.avc
c:\bases\ext003.avc
c:\bases\ext003c.avc
c:\bases\ext004.avc
c:\bases\ext004c.avc
c:\bases\ext005.avc
c:\bases\ext005c.avc
c:\bases\ext006.avc
c:\bases\ext006c.avc
c:\bases\ext007.avc
c:\bases\ext007c.avc
c:\bases\ext008.avc
c:\bases\ext008c.avc
c:\bases\ext009.avc
c:\bases\ext009c.avc
c:\bases\ext010c.avc
c:\bases\ext011c.avc
c:\bases\ext012c.avc
c:\bases\ext013c.avc
c:\bases\ext014c.avc
c:\bases\ext015c.avc
c:\bases\ext016c.avc
c:\bases\ext017c.avc
c:\bases\ext018c.avc
c:\bases\ext019c.avc
c:\bases\ext020c.avc
c:\bases\ext021c.avc
c:\bases\ext022c.avc
c:\bases\ext023c.avc
c:\bases\ext024c.avc
c:\bases\ext025c.avc
c:\bases\ext026c.avc
c:\bases\ext027c.avc
c:\bases\ext028c.avc
c:\bases\ext029c.avc
c:\bases\ext030c.avc
c:\bases\ext031c.avc
c:\bases\ext032c.avc
c:\bases\ext033c.avc
c:\bases\ext034c.avc
c:\bases\ext035c.avc
c:\bases\ext036c.avc
c:\bases\ext037c.avc
c:\bases\ext038c.avc
c:\bases\ext039c.avc
c:\bases\ext040c.avc
c:\bases\ext041c.avc
c:\bases\ext042c.avc
c:\bases\ext043c.avc
c:\bases\ext044c.avc
c:\bases\ext045c.avc
c:\bases\ext046c.avc
c:\bases\ext047c.avc
c:\bases\ext048c.avc
c:\bases\ext049c.avc
c:\bases\ext050c.avc
c:\bases\ext051c.avc
c:\bases\ext052c.avc
c:\bases\ext053c.avc
c:\bases\ext054c.avc
c:\bases\ext055c.avc
c:\bases\ext056c.avc
c:\bases\ext057c.avc
c:\bases\ext058c.avc
c:\bases\ext059c.avc
c:\bases\ext060c.avc
c:\bases\ext061c.avc
c:\bases\ext062c.avc
c:\bases\ext063c.avc
c:\bases\ext064c.avc
c:\bases\ext065c.avc
c:\bases\ext066c.avc
c:\bases\ext999.avc
c:\bases\fa.avc
c:\bases\fa001.avc
c:\bases\gen001.avc
c:\bases\gen002.avc
c:\bases\gen003.avc
c:\bases\gen004.avc
c:\bases\gen005.avc
c:\bases\gen999.avc
c:\bases\kernel.avc
c:\bases\krn001.avc
c:\bases\krn002.avc
c:\bases\krn003.avc
c:\bases\krn004.avc
c:\bases\krn005.avc
c:\bases\krndos.avc
c:\bases\krnengn.avc
c:\bases\krnexe.avc
c:\bases\krnexe32.avc
c:\bases\krngen.avc
c:\bases\krnjava.avc
c:\bases\krnmacro.avc
c:\bases\krnun001.avc
c:\bases\krnun002.avc
c:\bases\krnun003.avc
c:\bases\krnun004.avc
c:\bases\mail.avc
c:\bases\ocr.avc
c:\bases\smart.avc
c:\bases\unp000.avc
c:\bases\unp001.avc
c:\bases\unp002.avc
c:\bases\unp003.avc
c:\bases\unp004.avc
c:\bases\unp005.avc
c:\bases\unp006.avc
c:\bases\unp007.avc
c:\bases\unp008.avc
c:\bases\unp009.avc
c:\bases\unp010.avc
c:\bases\unp011.avc
c:\bases\unp012.avc
c:\bases\unp013.avc
c:\bases\unp014.avc
c:\bases\unp015.avc
c:\bases\unp016.avc
c:\bases\unp017.avc
c:\bases\unp018.avc
c:\bases\unp019.avc
c:\bases\unp020.avc
c:\bases\unp021.avc
c:\bases\unp022.avc
c:\bases\unp023.avc
c:\bases\unp024.avc
c:\bases\unp025.avc
c:\bases\unp026.avc
c:\bases\unp027.avc
c:\bases\unp028.avc
c:\bases\unp029.avc
c:\bases\unp030.avc
c:\bases\unp031.avc
c:\bases\unp032.avc
c:\bases\unp033.avc
c:\bases\unp034.avc
c:\bases\unp035.avc
c:\bases\unp036.avc
c:\bases\unp037.avc
c:\bases\unp038.avc
c:\bases\unp039.avc
c:\bases\unp040.avc
c:\bases\unp041.avc
c:\bases\unp042.avc
c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy\Configuration.ini
c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy\Logs\Resident.log
c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\Overview.ini
c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy\Snapshots2\RegBHO-Global.reg
c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy\Snapshots2\RegDPF-Global.reg
c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy\Snapshots2\RegDummy-HP_Administrator.reg
c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy\Snapshots2\RegExtBat-Global.reg
c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy\Snapshots2\RegExtCmd-Global.reg
c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy\Snapshots2\RegExtCom-Global.reg
c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy\Snapshots2\RegExtExe-Global.reg
c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy\Snapshots2\RegExtPif-Global.reg
c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy\Snapshots2\RegExtReg-Global.reg
c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy\Snapshots2\RegExtScr-Global.reg
c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy\Snapshots2\RegGBME-Global.reg
c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy\Snapshots2\RegGBP1-Global.reg
c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy\Snapshots2\RegGBP2a-Global.reg
c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy\Snapshots2\RegGBP2b-Global.reg
c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy\Snapshots2\RegGBP3-Global.reg
c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy\Snapshots2\RegGBP4-Global.reg
c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy\Snapshots2\RegGBTB1-Global.reg
c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy\Snapshots2\RegGBTB2-Global.reg
c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy\Snapshots2\RegGCP-Global.reg
c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy\Snapshots2\RegGIESH-Global.reg
c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy\Snapshots2\RegGNTCVW-Global.reg
c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy\Snapshots2\RegGNTCVWL-Global.reg
c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy\Snapshots2\RegGS1-Global.reg
c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy\Snapshots2\RegGS1SM-Global.reg
c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy\Snapshots2\RegGS2-Global.reg
c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy\Snapshots2\RegGS2SM-Global.reg
c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy\Snapshots2\RegGS3-Global.reg
c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy\Snapshots2\RegGS3SM-Global.reg
c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy\Snapshots2\RegGS4-Global.reg
c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy\Snapshots2\RegGSS-Global.reg
c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy\Snapshots2\RegGSSODL-Global.reg
c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy\Snapshots2\RegGWLN-Global.reg
c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy\Snapshots2\RegUBME-HP_Administrator.reg
c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy\Snapshots2\RegUBP1-HP_Administrator.reg
c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy\Snapshots2\RegUBP2a-HP_Administrator.reg
c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy\Snapshots2\RegUBP2b-HP_Administrator.reg
c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy\Snapshots2\RegUBP3-HP_Administrator.reg
c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy\Snapshots2\RegUBP4-HP_Administrator.reg
c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy\Snapshots2\RegUBTB1-HP_Administrator.reg
c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy\Snapshots2\RegUBTB2-HP_Administrator.reg
c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy\Snapshots2\RegUCP-HP_Administrator.reg
c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy\Snapshots2\RegUDesk-HP_Administrator.reg
c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy\Snapshots2\RegUIESH-HP_Administrator.reg
c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy\Snapshots2\RegUNTCVW-HP_Administrator.reg
c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy\Snapshots2\RegUNTCVWL-HP_Administrator.reg
c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy\Snapshots2\RegUS1-HP_Administrator.reg
c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy\Snapshots2\RegUS2-HP_Administrator.reg
c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy\Snapshots2\RegUS3-HP_Administrator.reg
c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy\Snapshots2\RegUS4-HP_Administrator.reg
c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy\Snapshots2\RegUSSODL-HP_Administrator.reg
c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy\Snapshots2\Timestamps.ini
c:\documents and settings\All Users\Application Data\SUPERAntiSpyware.com
c:\documents and settings\HP_Administrator\Application Data\SUPERAntiSpyware.com
C:\Kaspersky
c:\kaspersky\0004960D.key
c:\kaspersky\0005DA77.key
c:\kaspersky\0006C9D5.key
c:\kaspersky\00184596.key
c:\kaspersky\00184597.key
c:\kaspersky\01FA0F93.key
c:\kaspersky\101_45095.klc
c:\kaspersky\102_4060.klc
c:\kaspersky\102_45097.klc
c:\kaspersky\125_45027.klc
c:\kaspersky\7_45097.klc
c:\kaspersky\advware.avc
c:\kaspersky\avcmhk5.mhk
c:\kaspersky\avp.klb
c:\kaspersky\avp.set
c:\kaspersky\avp.vnd
c:\kaspersky\avp0406.avc
c:\kaspersky\backdoor.avc
c:\kaspersky\base001.avc
c:\kaspersky\base001c.avc
c:\kaspersky\base002.avc
c:\kaspersky\base002c.avc
c:\kaspersky\base003.avc
c:\kaspersky\base003c.avc
c:\kaspersky\base004.avc
c:\kaspersky\base004c.avc
c:\kaspersky\base005.avc
c:\kaspersky\base005c.avc
c:\kaspersky\base006.avc
c:\kaspersky\base006c.avc
c:\kaspersky\base007.avc
c:\kaspersky\base007c.avc
c:\kaspersky\base008.avc
c:\kaspersky\base008c.avc
c:\kaspersky\base009.avc
c:\kaspersky\base009c.avc
c:\kaspersky\base010.avc
c:\kaspersky\base010c.avc
c:\kaspersky\base011.avc
c:\kaspersky\base011c.avc
c:\kaspersky\base012.avc
c:\kaspersky\base012c.avc
c:\kaspersky\base013.avc
c:\kaspersky\base013c.avc
c:\kaspersky\base014.avc
c:\kaspersky\base014c.avc
c:\kaspersky\base015.avc
c:\kaspersky\base015c.avc
c:\kaspersky\base016.avc
c:\kaspersky\base016c.avc
c:\kaspersky\base017.avc
c:\kaspersky\base017c.avc
c:\kaspersky\base018.avc
c:\kaspersky\base018c.avc
c:\kaspersky\base019.avc
c:\kaspersky\base019c.avc
c:\kaspersky\base020.avc
c:\kaspersky\base020c.avc
c:\kaspersky\base021.avc
c:\kaspersky\base021c.avc
c:\kaspersky\base022.avc
c:\kaspersky\base022c.avc
c:\kaspersky\base023.avc
c:\kaspersky\base023c.avc
c:\kaspersky\base024.avc
c:\kaspersky\base024c.avc
c:\kaspersky\base025.avc
c:\kaspersky\base025c.avc
c:\kaspersky\base026.avc
c:\kaspersky\base026c.avc
c:\kaspersky\base027.avc
c:\kaspersky\base027c.avc
c:\kaspersky\base028.avc
c:\kaspersky\base028c.avc
c:\kaspersky\base029.avc
c:\kaspersky\base029c.avc
c:\kaspersky\base030.avc
c:\kaspersky\base030c.avc
c:\kaspersky\base031.avc
c:\kaspersky\base031c.avc
c:\kaspersky\base032.avc
c:\kaspersky\base032c.avc
c:\kaspersky\base033.avc
c:\kaspersky\base033c.avc
c:\kaspersky\base034.avc
c:\kaspersky\base034c.avc
c:\kaspersky\base035.avc
c:\kaspersky\base035c.avc
c:\kaspersky\base036.avc
c:\kaspersky\base036c.avc
c:\kaspersky\base037.avc
c:\kaspersky\base037c.avc
c:\kaspersky\base038.avc
c:\kaspersky\base038c.avc
c:\kaspersky\base039.avc
c:\kaspersky\base039c.avc
c:\kaspersky\base040.avc
c:\kaspersky\base040c.avc
c:\kaspersky\base041.avc
c:\kaspersky\base041c.avc
c:\kaspersky\base042.avc
c:\kaspersky\base042c.avc
c:\kaspersky\base043.avc
c:\kaspersky\base043c.avc
c:\kaspersky\base044.avc
c:\kaspersky\base044c.avc
c:\kaspersky\base045.avc
c:\kaspersky\base045c.avc
c:\kaspersky\base046.avc
c:\kaspersky\base046c.avc
c:\kaspersky\base047.avc
c:\kaspersky\base047c.avc
c:\kaspersky\base048.avc
c:\kaspersky\base048c.avc
c:\kaspersky\base049.avc
c:\kaspersky\base049c.avc
c:\kaspersky\base050.avc
c:\kaspersky\base050c.avc
c:\kaspersky\base051.avc
c:\kaspersky\base051c.avc
c:\kaspersky\base052.avc
c:\kaspersky\base052c.avc
c:\kaspersky\base053.avc
c:\kaspersky\base053c.avc
c:\kaspersky\base054.avc
c:\kaspersky\base054c.avc
c:\kaspersky\base055.avc
c:\kaspersky\base055c.avc
c:\kaspersky\base056.avc
c:\kaspersky\base056c.avc
c:\kaspersky\base057.avc
c:\kaspersky\base057c.avc
c:\kaspersky\base058.avc
c:\kaspersky\base058c.avc
c:\kaspersky\base059.avc
c:\kaspersky\base059c.avc
c:\kaspersky\base060.avc
c:\kaspersky\base060c.avc
c:\kaspersky\base061.avc
c:\kaspersky\base061c.avc
c:\kaspersky\base062.avc
c:\kaspersky\base062c.avc
c:\kaspersky\base063.avc
c:\kaspersky\base063c.avc
c:\kaspersky\base064.avc
c:\kaspersky\base064c.avc
c:\kaspersky\base065.avc
c:\kaspersky\base065c.avc
c:\kaspersky\base066.avc
c:\kaspersky\base066c.avc
c:\kaspersky\base067.avc
c:\kaspersky\base067c.avc
c:\kaspersky\base068.avc
c:\kaspersky\base068c.avc
c:\kaspersky\base069.avc
c:\kaspersky\base069c.avc
c:\kaspersky\base070.avc
c:\kaspersky\base070c.avc
c:\kaspersky\base071.avc
c:\kaspersky\base071c.avc
c:\kaspersky\base072.avc
c:\kaspersky\base072c.avc
c:\kaspersky\base073.avc
c:\kaspersky\base073c.avc
c:\kaspersky\base074.avc
c:\kaspersky\base074c.avc
c:\kaspersky\base075.avc
c:\kaspersky\base075c.avc
c:\kaspersky\base076.avc
c:\kaspersky\base076c.avc
c:\kaspersky\base077.avc
c:\kaspersky\base077c.avc
c:\kaspersky\base078.avc
c:\kaspersky\base078c.avc
c:\kaspersky\base079.avc
c:\kaspersky\base079c.avc
c:\kaspersky\base080.avc
c:\kaspersky\base080c.avc
c:\kaspersky\base081.avc
c:\kaspersky\base081c.avc
c:\kaspersky\base082.avc
c:\kaspersky\base082c.avc
c:\kaspersky\base083.avc
c:\kaspersky\base083c.avc
c:\kaspersky\base084.avc
c:\kaspersky\base084c.avc
c:\kaspersky\base085.avc
c:\kaspersky\base085c.avc
c:\kaspersky\base086.avc
c:\kaspersky\base086c.avc
c:\kaspersky\base087.avc
c:\kaspersky\base087c.avc
c:\kaspersky\base088.avc
c:\kaspersky\base088c.avc
c:\kaspersky\base089.avc
c:\kaspersky\base089c.avc
c:\kaspersky\base090.avc
c:\kaspersky\base090c.avc
c:\kaspersky\base091.avc
c:\kaspersky\base091c.avc
c:\kaspersky\base092.avc
c:\kaspersky\base092c.avc
c:\kaspersky\base093.avc
c:\kaspersky\base093c.avc
c:\kaspersky\base094.avc
c:\kaspersky\base094c.avc
c:\kaspersky\base095.avc
c:\kaspersky\base095c.avc
c:\kaspersky\base096.avc
c:\kaspersky\base096c.avc
c:\kaspersky\base097.avc
c:\kaspersky\base097c.avc
c:\kaspersky\base098.avc
c:\kaspersky\base098c.avc
c:\kaspersky\base099.avc
c:\kaspersky\base099c.avc
c:\kaspersky\base100.avc
c:\kaspersky\base100c.avc
c:\kaspersky\base101.avc
c:\kaspersky\base101c.avc
c:\kaspersky\base102.avc
c:\kaspersky\base102c.avc
c:\kaspersky\base103.avc
c:\kaspersky\base103c.avc
c:\kaspersky\base104.avc
c:\kaspersky\base104c.avc
c:\kaspersky\base105.avc
c:\kaspersky\base105c.avc
c:\kaspersky\base106.avc
c:\kaspersky\base106c.avc
c:\kaspersky\base107.avc
c:\kaspersky\base107c.avc
c:\kaspersky\base108.avc
c:\kaspersky\base108c.avc
c:\kaspersky\base109.avc
c:\kaspersky\base109c.avc
c:\kaspersky\base110.avc
c:\kaspersky\base110c.avc
c:\kaspersky\base111.avc
c:\kaspersky\base111c.avc
c:\kaspersky\base112.avc
c:\kaspersky\base112c.avc
c:\kaspersky\base113.avc
c:\kaspersky\base113c.avc
c:\kaspersky\base114.avc
c:\kaspersky\base114c.avc
c:\kaspersky\base115.avc
c:\kaspersky\base115c.avc
c:\kaspersky\base116.avc
c:\kaspersky\base116c.avc
c:\kaspersky\base117.avc
c:\kaspersky\base117c.avc
c:\kaspersky\base118.avc
c:\kaspersky\base118c.avc
c:\kaspersky\base119.avc
c:\kaspersky\base119c.avc
c:\kaspersky\base120.avc
c:\kaspersky\base120c.avc
c:\kaspersky\base121.avc
c:\kaspersky\base121c.avc
c:\kaspersky\base122.avc
c:\kaspersky\base122c.avc
c:\kaspersky\base123.avc
c:\kaspersky\base123c.avc
c:\kaspersky\base124.avc
c:\kaspersky\base124c.avc
c:\kaspersky\base125.avc
c:\kaspersky\base125c.avc
c:\kaspersky\base126.avc
c:\kaspersky\base126c.avc
c:\kaspersky\base127.avc
c:\kaspersky\base127c.avc
c:\kaspersky\base128.avc
c:\kaspersky\base128c.avc
c:\kaspersky\base129.avc
c:\kaspersky\base129c.avc
c:\kaspersky\base130.avc
c:\kaspersky\base130c.avc
c:\kaspersky\base131.avc
c:\kaspersky\base131c.avc
c:\kaspersky\base132.avc
c:\kaspersky\base132c.avc
c:\kaspersky\base133.avc
c:\kaspersky\base133c.avc
c:\kaspersky\base134.avc
c:\kaspersky\base134c.avc
c:\kaspersky\base135.avc
c:\kaspersky\base135c.avc
c:\kaspersky\base136.avc
c:\kaspersky\base136c.avc
c:\kaspersky\base137.avc
c:\kaspersky\base137c.avc
c:\kaspersky\base138.avc
c:\kaspersky\base138c.avc
c:\kaspersky\base139.avc
c:\kaspersky\base139c.avc
c:\kaspersky\base140.avc
c:\kaspersky\base140c.avc
c:\kaspersky\base141.avc
c:\kaspersky\base141c.avc
c:\kaspersky\base142.avc
c:\kaspersky\base142c.avc
c:\kaspersky\base143.avc
c:\kaspersky\base143c.avc
c:\kaspersky\base144.avc
c:\kaspersky\base144c.avc
c:\kaspersky\base145.avc
c:\kaspersky\base145c.avc
c:\kaspersky\base146.avc
c:\kaspersky\base146c.avc
c:\kaspersky\base147.avc
c:\kaspersky\base147c.avc
c:\kaspersky\base148.avc
c:\kaspersky\base148c.avc
c:\kaspersky\base149.avc
c:\kaspersky\base149c.avc
c:\kaspersky\base150.avc
c:\kaspersky\base150c.avc
c:\kaspersky\base151.avc
c:\kaspersky\base151c.avc
c:\kaspersky\base152.avc
c:\kaspersky\base152c.avc
c:\kaspersky\base153.avc
c:\kaspersky\base153c.avc
c:\kaspersky\base154.avc
c:\kaspersky\base154c.avc
c:\kaspersky\base155.avc
c:\kaspersky\base155c.avc
c:\kaspersky\base156.avc
c:\kaspersky\base156c.avc
c:\kaspersky\base157.avc
c:\kaspersky\base157c.avc
c:\kaspersky\base158.avc
c:\kaspersky\base158c.avc
c:\kaspersky\base159.avc
c:\kaspersky\base159c.avc
c:\kaspersky\base160.avc
c:\kaspersky\base160c.avc
c:\kaspersky\base161.avc
c:\kaspersky\base161c.avc
c:\kaspersky\base162.avc
c:\kaspersky\base162c.avc
c:\kaspersky\base163.avc
c:\kaspersky\base163c.avc
c:\kaspersky\base164.avc
c:\kaspersky\base164c.avc
c:\kaspersky\base165.avc
c:\kaspersky\base165c.avc
c:\kaspersky\base166c.avc
c:\kaspersky\base167c.avc
c:\kaspersky\base168c.avc
c:\kaspersky\base169c.avc
c:\kaspersky\base170c.avc
c:\kaspersky\base171c.avc
c:\kaspersky\base172c.avc
c:\kaspersky\base173c.avc
c:\kaspersky\base174c.avc
c:\kaspersky\base175c.avc
c:\kaspersky\base176c.avc
c:\kaspersky\base177c.avc
c:\kaspersky\base178c.avc
c:\kaspersky\base179c.avc
c:\kaspersky\base180c.avc
c:\kaspersky\base181c.avc
c:\kaspersky\base182c.avc
c:\kaspersky\base183c.avc
c:\kaspersky\base184c.avc
c:\kaspersky\base185c.avc
c:\kaspersky\base186c.avc
c:\kaspersky\base187c.avc
c:\kaspersky\base188c.avc
c:\kaspersky\base189c.avc
c:\kaspersky\base190c.avc
c:\kaspersky\base191c.avc
c:\kaspersky\base192c.avc
c:\kaspersky\base193c.avc
c:\kaspersky\base194c.avc
c:\kaspersky\base195c.avc
c:\kaspersky\base196c.avc
c:\kaspersky\base197c.avc
c:\kaspersky\base198c.avc
c:\kaspersky\base199c.avc
c:\kaspersky\base200c.avc
c:\kaspersky\base201c.avc
c:\kaspersky\base202c.avc
c:\kaspersky\base203c.avc
c:\kaspersky\base204c.avc
c:\kaspersky\base205c.avc
c:\kaspersky\base206c.avc
c:\kaspersky\base207c.avc
c:\kaspersky\base208c.avc
c:\kaspersky\base209c.avc
c:\kaspersky\base210c.avc
c:\kaspersky\base211c.avc
c:\kaspersky\base212c.avc
c:\kaspersky\base213c.avc
c:\kaspersky\base214c.avc
c:\kaspersky\base215c.avc
c:\kaspersky\base216c.avc
c:\kaspersky\base217c.avc
c:\kaspersky\base218c.avc
c:\kaspersky\base219c.avc
c:\kaspersky\base220c.avc
c:\kaspersky\base221c.avc
c:\kaspersky\base222c.avc
c:\kaspersky\base223c.avc
c:\kaspersky\base224c.avc
c:\kaspersky\base225c.avc
c:\kaspersky\base226c.avc
c:\kaspersky\base227c.avc
c:\kaspersky\base228c.avc
c:\kaspersky\base229c.avc
c:\kaspersky\base230c.avc
c:\kaspersky\base231c.avc
c:\kaspersky\base232c.avc
c:\kaspersky\base233c.avc
c:\kaspersky\base234c.avc
c:\kaspersky\base235c.avc
c:\kaspersky\base236c.avc
c:\kaspersky\base237c.avc
c:\kaspersky\base238c.avc
c:\kaspersky\base239c.avc
c:\kaspersky\base240c.avc
c:\kaspersky\base241c.avc
c:\kaspersky\base242c.avc
c:\kaspersky\base243c.avc
c:\kaspersky\base244c.avc
c:\kaspersky\base245c.avc
c:\kaspersky\base246c.avc
c:\kaspersky\base247c.avc
c:\kaspersky\base248c.avc
c:\kaspersky\base249c.avc
c:\kaspersky\base250c.avc
c:\kaspersky\base251c.avc
c:\kaspersky\base252c.avc
c:\kaspersky\base253c.avc
c:\kaspersky\base254c.avc
c:\kaspersky\base255c.avc
c:\kaspersky\base256c.avc
c:\kaspersky\base257c.avc
c:\kaspersky\base258c.avc
c:\kaspersky\base259c.avc
c:\kaspersky\base260c.avc
c:\kaspersky\base261c.avc
c:\kaspersky\base262c.avc
c:\kaspersky\base263c.avc
c:\kaspersky\base264c.avc
c:\kaspersky\base265c.avc
c:\kaspersky\base266c.avc
c:\kaspersky\base267c.avc
c:\kaspersky\base268c.avc
c:\kaspersky\base269c.avc
c:\kaspersky\base270c.avc
c:\kaspersky\base271c.avc
c:\kaspersky\base272c.avc
c:\kaspersky\base273c.avc
c:\kaspersky\base274c.avc
c:\kaspersky\base275c.avc
c:\kaspersky\base276c.avc
c:\kaspersky\base277c.avc
c:\kaspersky\base278c.avc
c:\kaspersky\base279c.avc
c:\kaspersky\base280c.avc
c:\kaspersky\base281c.avc
c:\kaspersky\base282c.avc
c:\kaspersky\base283c.avc
c:\kaspersky\base284c.avc
c:\kaspersky\base285c.avc
c:\kaspersky\base286c.avc
c:\kaspersky\base287c.avc
c:\kaspersky\base288c.avc
c:\kaspersky\base289c.avc
c:\kaspersky\base290c.avc
c:\kaspersky\base291c.avc
c:\kaspersky\base292c.avc
c:\kaspersky\base293c.avc
c:\kaspersky\base294c.avc
c:\kaspersky\base295c.avc
c:\kaspersky\base296c.avc
c:\kaspersky\base297c.avc
c:\kaspersky\base298c.avc
c:\kaspersky\base299c.avc
c:\kaspersky\base300c.avc
c:\kaspersky\base301c.avc
c:\kaspersky\base302c.avc
c:\kaspersky\base303c.avc
c:\kaspersky\base304c.avc
c:\kaspersky\base305c.avc
c:\kaspersky\base306c.avc
c:\kaspersky\base307c.avc
c:\kaspersky\base308c.avc
c:\kaspersky\base309c.avc
c:\kaspersky\base310c.avc
c:\kaspersky\base311c.avc
c:\kaspersky\base312c.avc
c:\kaspersky\base313c.avc
c:\kaspersky\base314c.avc
c:\kaspersky\base315c.avc
c:\kaspersky\base316c.avc
c:\kaspersky\base317c.avc
c:\kaspersky\base318c.avc
c:\kaspersky\base319c.avc
c:\kaspersky\base320c.avc
c:\kaspersky\base321c.avc
c:\kaspersky\base322c.avc
c:\kaspersky\base323c.avc
c:\kaspersky\base324c.avc
c:\kaspersky\base325c.avc
c:\kaspersky\base326c.avc
c:\kaspersky\base327c.avc
c:\kaspersky\base328c.avc
c:\kaspersky\base329c.avc
c:\kaspersky\base330c.avc
c:\kaspersky\base331c.avc
c:\kaspersky\base332c.avc
c:\kaspersky\base333c.avc
c:\kaspersky\base334c.avc
c:\kaspersky\base335c.avc
c:\kaspersky\base336c.avc
c:\kaspersky\base337c.avc
c:\kaspersky\base338c.avc
c:\kaspersky\base339c.avc
c:\kaspersky\base340c.avc
c:\kaspersky\base341c.avc
c:\kaspersky\base342c.avc
c:\kaspersky\base343c.avc
c:\kaspersky\base344c.avc
c:\kaspersky\base345c.avc
c:\kaspersky\base346c.avc
c:\kaspersky\base347c.avc
c:\kaspersky\base348c.avc
c:\kaspersky\base349c.avc
c:\kaspersky\base350c.avc
c:\kaspersky\base351c.avc
c:\kaspersky\base352c.avc
c:\kaspersky\base353c.avc
c:\kaspersky\base354c.avc
c:\kaspersky\base355c.avc
c:\kaspersky\base356c.avc
c:\kaspersky\base357c.avc
c:\kaspersky\base358c.avc
c:\kaspersky\base359c.avc
c:\kaspersky\base360c.avc
c:\kaspersky\base361c.avc
c:\kaspersky\base362c.avc
c:\kaspersky\base363c.avc
c:\kaspersky\base364c.avc
c:\kaspersky\base365c.avc
c:\kaspersky\base366c.avc
c:\kaspersky\base367c.avc
c:\kaspersky\base368c.avc
c:\kaspersky\base369c.avc
c:\kaspersky\base370c.avc
c:\kaspersky\base371c.avc
c:\kaspersky\base372c.avc
c:\kaspersky\base373c.avc
c:\kaspersky\base374c.avc
c:\kaspersky\base375c.avc
c:\kaspersky\base376c.avc
c:\kaspersky\base377c.avc
c:\kaspersky\base378c.avc
c:\kaspersky\base379c.avc
c:\kaspersky\base380c.avc
c:\kaspersky\base381c.avc
c:\kaspersky\base382c.avc
c:\kaspersky\base383c.avc
c:\kaspersky\base384c.avc
c:\kaspersky\base385c.avc
c:\kaspersky\base386c.avc
c:\kaspersky\base387c.avc
c:\kaspersky\base388c.avc
c:\kaspersky\base389c.avc
c:\kaspersky\base390c.avc
c:\kaspersky\base391c.avc
c:\kaspersky\base392c.avc
c:\kaspersky\base393c.avc
c:\kaspersky\base394c.avc
c:\kaspersky\base395c.avc
c:\kaspersky\base396c.avc
c:\kaspersky\base397c.avc
c:\kaspersky\base398c.avc
c:\kaspersky\base399c.avc
c:\kaspersky\base400c.avc
c:\kaspersky\base401c.avc
c:\kaspersky\base402c.avc
c:\kaspersky\base403c.avc
c:\kaspersky\base404c.avc
c:\kaspersky\base405c.avc
c:\kaspersky\base406c.avc
c:\kaspersky\base407c.avc
c:\kaspersky\base408c.avc
c:\kaspersky\base409c.avc
c:\kaspersky\base410c.avc
c:\kaspersky\base411c.avc
c:\kaspersky\base412c.avc
c:\kaspersky\base413c.avc
c:\kaspersky\base414c.avc
c:\kaspersky\base415c.avc
c:\kaspersky\base416c.avc
c:\kaspersky\base417c.avc
c:\kaspersky\base418c.avc
c:\kaspersky\base419c.avc
c:\kaspersky\base420c.avc
c:\kaspersky\base421c.avc
c:\kaspersky\base422c.avc
c:\kaspersky\base423c.avc
c:\kaspersky\base424c.avc
c:\kaspersky\base425c.avc
c:\kaspersky\base426c.avc
c:\kaspersky\base427c.avc
c:\kaspersky\base428c.avc
c:\kaspersky\base429c.avc
c:\kaspersky\base430c.avc
c:\kaspersky\base431c.avc
c:\kaspersky\base432c.avc
c:\kaspersky\base433c.avc
c:\kaspersky\base434c.avc
c:\kaspersky\base435c.avc
c:\kaspersky\base436c.avc
c:\kaspersky\base437c.avc
c:\kaspersky\base438c.avc
c:\kaspersky\base439c.avc
c:\kaspersky\base440c.avc
c:\kaspersky\base441c.avc
c:\kaspersky\base442c.avc
c:\kaspersky\base443c.avc
c:\kaspersky\base444c.avc
c:\kaspersky\base445c.avc
c:\kaspersky\base446c.avc
c:\kaspersky\base447c.avc
c:\kaspersky\base448c.avc
c:\kaspersky\base449c.avc
c:\kaspersky\base450c.avc
c:\kaspersky\base451c.avc
c:\kaspersky\base452c.avc
c:\kaspersky\base453c.avc
c:\kaspersky\base454c.avc
c:\kaspersky\base455c.avc
c:\kaspersky\base456c.avc
c:\kaspersky\base457c.avc
c:\kaspersky\base458c.avc
c:\kaspersky\base459c.avc
c:\kaspersky\base460c.avc
c:\kaspersky\base461c.avc
c:\kaspersky\base462c.avc
c:\kaspersky\base463c.avc
c:\kaspersky\base464c.avc
c:\kaspersky\base465c.avc
c:\kaspersky\base466c.avc
c:\kaspersky\base467c.avc
c:\kaspersky\base468c.avc
c:\kaspersky\base469c.avc
c:\kaspersky\base470c.avc
c:\kaspersky\base471c.avc
c:\kaspersky\base472c.avc
c:\kaspersky\base473c.avc
c:\kaspersky\base474c.avc
c:\kaspersky\base475c.avc
c:\kaspersky\base476c.avc
c:\kaspersky\base999.avc
c:\kaspersky\bitmap1.bmp
c:\kaspersky\ca.avc
c:\kaspersky\ca001.avc
c:\kaspersky\ca002.avc
c:\kaspersky\ca003.avc
c:\kaspersky\chuka.avc
c:\kaspersky\config.lan
c:\kaspersky\config.old
c:\kaspersky\daily-ec.avc
c:\kaspersky\daily-ex.avc
c:\kaspersky\daily.avc
c:\kaspersky\dailyc.avc
c:\kaspersky\eicar.avc
c:\kaspersky\engine.cfg
c:\kaspersky\engine.dt
c:\kaspersky\ext001.avc
c:\kaspersky\ext001c.avc
c:\kaspersky\ext002.avc
c:\kaspersky\ext002c.avc
c:\kaspersky\ext003.avc
c:\kaspersky\ext003c.avc
c:\kaspersky\ext004.avc
c:\kaspersky\ext004c.avc
c:\kaspersky\ext005.avc
c:\kaspersky\ext005c.avc
c:\kaspersky\ext006.avc
c:\kaspersky\ext006c.avc
c:\kaspersky\ext007.avc
c:\kaspersky\ext007c.avc
c:\kaspersky\ext008.avc
c:\kaspersky\ext008c.avc
c:\kaspersky\ext009.avc
c:\kaspersky\ext009c.avc
c:\kaspersky\ext010c.avc
c:\kaspersky\ext011c.avc
c:\kaspersky\ext012c.avc
c:\kaspersky\ext013c.avc
c:\kaspersky\ext014c.avc
c:\kaspersky\ext015c.avc
c:\kaspersky\ext016c.avc
c:\kaspersky\ext017c.avc
c:\kaspersky\ext018c.avc
c:\kaspersky\ext019c.avc
c:\kaspersky\ext020c.avc
c:\kaspersky\ext021c.avc
c:\kaspersky\ext022c.avc
c:\kaspersky\ext023c.avc
c:\kaspersky\ext024c.avc
c:\kaspersky\ext025c.avc
c:\kaspersky\ext026c.avc
c:\kaspersky\ext027c.avc
c:\kaspersky\ext028c.avc
c:\kaspersky\ext029c.avc
c:\kaspersky\ext030c.avc
c:\kaspersky\ext031c.avc
c:\kaspersky\ext032c.avc
c:\kaspersky\ext033c.avc
c:\kaspersky\ext034c.avc
c:\kaspersky\ext035c.avc
c:\kaspersky\ext036c.avc
c:\kaspersky\ext037c.avc
c:\kaspersky\ext038c.avc
c:\kaspersky\ext039c.avc
c:\kaspersky\ext040c.avc
c:\kaspersky\ext041c.avc
c:\kaspersky\ext042c.avc
c:\kaspersky\ext043c.avc
c:\kaspersky\ext044c.avc
c:\kaspersky\ext045c.avc
c:\kaspersky\ext046c.avc
c:\kaspersky\ext047c.avc
c:\kaspersky\ext048c.avc
c:\kaspersky\ext049c.avc
c:\kaspersky\ext050c.avc
c:\kaspersky\ext051c.avc
c:\kaspersky\ext052c.avc
c:\kaspersky\ext053c.avc
c:\kaspersky\ext054c.avc
c:\kaspersky\ext055c.avc
c:\kaspersky\ext056c.avc
c:\kaspersky\ext057c.avc
c:\kaspersky\ext058c.avc
c:\kaspersky\ext059c.avc
c:\kaspersky\ext060c.avc
c:\kaspersky\ext061c.avc
c:\kaspersky\ext062c.avc
c:\kaspersky\ext063c.avc
c:\kaspersky\ext064c.avc
c:\kaspersky\ext065c.avc
c:\kaspersky\ext066c.avc
c:\kaspersky\ext999.avc
c:\kaspersky\extr-cab.avc
c:\kaspersky\extract.avc
c:\kaspersky\fa.avc
c:\kaspersky\fa001.avc
c:\kaspersky\gen001.avc
c:\kaspersky\gen002.avc
c:\kaspersky\gen003.avc
c:\kaspersky\gen004.avc
c:\kaspersky\gen005.avc
c:\kaspersky\gen999.avc
c:\kaspersky\generic.avc
c:\kaspersky\Getvlist.exe
c:\kaspersky\ipc.dll
c:\kaspersky\kavss.dll
c:\kaspersky\kavss.exe
c:\kaspersky\kavssd.dll
c:\kaspersky\kavssdi.dll
c:\kaspersky\kavssi.dll
c:\kaspersky\KAVUpd.dll
c:\kaspersky\kavupd.exe
c:\kaspersky\kavvlg.dll
c:\kaspersky\kernel.avc
c:\kaspersky\keyid.dat
c:\kaspersky\krn001.avc
c:\kaspersky\krn002.avc
c:\kaspersky\krn003.avc
c:\kaspersky\krn004.avc
c:\kaspersky\krn005.avc
c:\kaspersky\krndos.avc
c:\kaspersky\krnengn.avc
c:\kaspersky\krnexe.avc
c:\kaspersky\krnexe32.avc
c:\kaspersky\krngen.avc
c:\kaspersky\krnjava.avc
c:\kaspersky\krnmacro.avc
c:\kaspersky\krnun001.avc
c:\kaspersky\krnun002.avc
c:\kaspersky\krnun003.avc
c:\kaspersky\krnun004.avc
c:\kaspersky\krnunp.avc
c:\kaspersky\macro.avc
c:\kaspersky\mail.avc
c:\kaspersky\main.avi
c:\kaspersky\malware.avc
c:\kaspersky\MicroWorld Toolkit Utility.txt
c:\kaspersky\msvlclnt.dll
c:\kaspersky\mwav.ini
c:\kaspersky\mwav.log
c:\kaspersky\mwavscan.com
c:\kaspersky\mwXface.log
c:\kaspersky\newexe.avc
c:\kaspersky\newexeg.avc
c:\kaspersky\ocr.avc
c:\kaspersky\pornware.avc
c:\kaspersky\product.bmp
c:\kaspersky\psapi.dll
c:\kaspersky\riched32.dll
c:\kaspersky\riskware.avc
c:\kaspersky\script.avc
c:\kaspersky\smart.avc
c:\kaspersky\trojan.avc
c:\kaspersky\unp000.avc
c:\kaspersky\unp001.avc
c:\kaspersky\unp002.avc
c:\kaspersky\unp003.avc
c:\kaspersky\unp004.avc
c:\kaspersky\unp005.avc
c:\kaspersky\unp006.avc
c:\kaspersky\unp007.avc
c:\kaspersky\unp008.avc
c:\kaspersky\unp009.avc
c:\kaspersky\unp010.avc
c:\kaspersky\unp011.avc
c:\kaspersky\unp012.avc
c:\kaspersky\unp013.avc
c:\kaspersky\unp014.avc
c:\kaspersky\unp015.avc
c:\kaspersky\unp016.avc
c:\kaspersky\unp017.avc
c:\kaspersky\unp018.avc
c:\kaspersky\unp019.avc
c:\kaspersky\unp020.avc
c:\kaspersky\unp021.avc
c:\kaspersky\unp022.avc
c:\kaspersky\unp023.avc
c:\kaspersky\unp024.avc
c:\kaspersky\unp025.avc
c:\kaspersky\unp026.avc
c:\kaspersky\unp027.avc
c:\kaspersky\unp028.avc
c:\kaspersky\unp029.avc
c:\kaspersky\unp030.avc
c:\kaspersky\unp031.avc
c:\kaspersky\unp032.avc
c:\kaspersky\unp033.avc
c:\kaspersky\unp034.avc
c:\kaspersky\unp035.avc
c:\kaspersky\unp036.avc
c:\kaspersky\unp037.avc
c:\kaspersky\unp038.avc
c:\kaspersky\unp039.avc
c:\kaspersky\unp040.avc
c:\kaspersky\unp041.avc
c:\kaspersky\unp042.avc
c:\kaspersky\unpack.avc
c:\kaspersky\up040702.avc
c:\kaspersky\up040709.avc
c:\kaspersky\up040716.avc
c:\kaspersky\up040723.avc
c:\kaspersky\up040730.avc
c:\kaspersky\up040806.avc
c:\kaspersky\up040813.avc
c:\kaspersky\up040820.avc
c:\kaspersky\up040827.avc
c:\kaspersky\up040903.avc
c:\kaspersky\virus.avi
c:\kaspersky\vlist.txt
c:\kaspersky\worm.avc
c:\kaspersky\x-files.avc
c:\program files\Yahoo!
c:\program files\Yahoo!\Common\npyaxmpb.dll
c:\program files\Yahoo!\Common\unyt.exe
c:\program files\Yahoo!\Common\yinsthelper.dll
c:\program files\Yahoo!\Common\yverinfo.dll

.
((((( Tiedostot, jotka on luotu seuraavalla aikavälillä: 2008-11-12 to 2008-12-12 )))))))))))))))))
.

2008-12-11 15:33 . 2008-12-11 15:33 <DIR> d-------- C:\fsaua.data
2008-12-10 23:27 . 2008-12-10 23:35 0 --a------ C:\23990098.$$$
2008-12-09 16:13 . 2008-12-09 16:13 410,984 --a------ c:\windows\system32\deploytk.dll
2008-12-08 23:38 . 2008-12-08 23:38 <DIR> d-------- c:\windows\ERUNT
2008-12-08 15:53 . 2008-12-08 15:53 <DIR> d-------- c:\program files\Malwarebytes' Anti-Malware
2008-12-08 15:53 . 2008-12-08 15:53 <DIR> d-------- c:\documents and settings\HP_Administrator\Application Data\Malwarebytes
2008-12-08 15:53 . 2008-12-08 15:53 <DIR> d-------- c:\documents and settings\All Users\Application Data\Malwarebytes
2008-12-08 15:53 . 2008-12-03 19:52 38,496 --a------ c:\windows\system32\drivers\mbamswissarmy.sys
2008-12-08 15:53 . 2008-12-03 19:52 15,504 --a------ c:\windows\system32\drivers\mbam.sys
2008-12-07 00:19 . 2007-10-26 05:34 8,460,288 --a------ c:\windows\system32\dllcache\shell32.dll
2008-12-06 22:59 . 2004-08-09 23:00 71,040 --------- c:\windows\system32\drivers\_005300_.tmp.dll
2008-11-26 14:43 . 2008-11-26 14:43 <DIR> d-------- c:\program files\iTunes
2008-11-26 14:43 . 2008-11-26 14:43 <DIR> d-------- c:\program files\iPod
2008-11-26 14:43 . 2008-11-26 14:43 <DIR> d-------- c:\documents and settings\All Users\Application Data\{3276BE95_AF08_429F_A64F_CA64CB79BCF6}

.
(((((((((((((((((((((((((((((((((((( Find3M-raportti ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-12-12 16:00 --------- d-----w c:\documents and settings\HP_Administrator\Application Data\uTorrent
2008-12-11 20:06 --------- d-----w c:\documents and settings\HP_Administrator\Application Data\Hamachi
2008-12-09 21:24 --------- d-----w c:\program files\Logitech
2008-12-09 14:27 --------- d-----w c:\program files\Java
2008-12-08 13:26 --------- d-----w c:\program files\Common Files\Wise Installation Wizard
2008-12-06 16:42 --------- d-----w c:\program files\Warcraft III
2008-12-06 13:26 --------- d-----w c:\program files\Steam
2008-11-29 21:59 --------- d-----w c:\program files\DivX
2008-11-26 12:41 --------- d-----w c:\program files\QuickTime
2008-11-26 12:40 --------- d-----w c:\program files\Common Files\Apple
2008-11-17 11:48 --------- d---a-w c:\documents and settings\All Users\Application Data\TEMP
2008-11-08 18:44 --------- d-----w c:\documents and settings\HP_Administrator\Application Data\mIRC
2008-11-08 17:52 --------- d-----w c:\program files\mIRC
2008-11-08 16:57 --------- d-----w c:\documents and settings\HP_Administrator\Application Data\FloodLightGames
2008-11-08 16:57 --------- d-----w c:\documents and settings\All Users\Application Data\FloodLightGames
2008-11-08 16:56 --------- d-----w c:\program files\Taukopelit
2008-11-08 15:45 --------- d-----w c:\documents and settings\HP_Administrator\Application Data\Flood Light Games
2008-11-08 15:45 --------- d-----w c:\documents and settings\All Users\Application Data\Flood Light Games
2008-11-08 15:44 --------- d-----w c:\program files\Common Files\Oberon Media
2008-11-06 18:01 --------- d-----w c:\program files\WinTV
2008-11-05 14:04 98,304 ----a-w c:\windows\system32\CmdLineExt.dll
2008-11-05 13:23 --------- d--h--w c:\program files\InstallShield Installation Information
2008-11-05 13:23 --------- d-----w c:\program files\Rockstar Games
2008-11-02 14:15 30 ----a-w c:\documents and settings\HP_Administrator\jagex_runescape_preferences.dat
2008-10-28 22:36 823,296 ----a-w c:\windows\system32\divx_xx0c.dll
2008-10-28 22:36 823,296 ----a-w c:\windows\system32\divx_xx07.dll
2008-10-28 22:35 815,104 ----a-w c:\windows\system32\divx_xx0a.dll
2008-10-28 22:35 802,816 ----a-w c:\windows\system32\divx_xx11.dll
2008-10-28 22:35 684,032 ----a-w c:\windows\system32\DivX.dll
2008-10-26 09:18 --------- dc----w c:\documents and settings\All Users\Application Data\{51019853-129C-4EDE-9030-D5FD7BBD9AD0}
2008-10-24 11:10 453,632 ----a-w c:\windows\system32\drivers\mrxsmb.sys
2008-10-24 11:10 453,632 ----a-w c:\windows\system32\dllcache\mrxsmb.sys
2008-10-23 13:01 283,648 ----a-w c:\windows\system32\gdi32.dll
2008-10-23 13:01 283,648 ----a-w c:\windows\system32\dllcache\gdi32.dll
2008-10-18 20:12 --------- d-----w c:\program files\TVUPlayer
2008-10-18 20:12 --------- d-----w c:\documents and settings\All Users\Application Data\TVU Networks
2008-10-17 00:08 3,593,216 ----a-w c:\windows\system32\dllcache\mshtml.dll
2008-10-16 18:44 --------- d-----w c:\documents and settings\HP_Administrator\Application Data\teamspeak2
2008-10-16 14:28 --------- d-----w c:\program files\uTorrent
2008-10-16 13:11 70,656 ----a-w c:\windows\system32\dllcache\ie4uinit.exe
2008-10-16 13:11 13,824 ------w c:\windows\system32\dllcache\ieudinit.exe
2008-10-16 12:13 202,776 ----a-w c:\windows\system32\wuweb.dll
2008-10-16 12:13 202,776 ----a-w c:\windows\system32\dllcache\wuweb.dll
2008-10-16 12:13 1,809,944 ----a-w c:\windows\system32\wuaueng.dll
2008-10-16 12:13 1,809,944 ----a-w c:\windows\system32\dllcache\wuaueng.dll
2008-10-16 12:12 561,688 ----a-w c:\windows\system32\wuapi.dll
2008-10-16 12:12 561,688 ----a-w c:\windows\system32\dllcache\wuapi.dll
2008-10-16 12:12 323,608 ----a-w c:\windows\system32\wucltui.dll
2008-10-16 12:12 323,608 ----a-w c:\windows\system32\dllcache\wucltui.dll
2008-10-16 12:09 92,696 ----a-w c:\windows\system32\dllcache\cdm.dll
2008-10-16 12:09 92,696 ----a-w c:\windows\system32\cdm.dll
2008-10-16 12:09 51,224 ----a-w c:\windows\system32\wuauclt.exe
2008-10-16 12:09 51,224 ----a-w c:\windows\system32\dllcache\wuauclt.exe
2008-10-16 12:09 43,544 ----a-w c:\windows\system32\wups2.dll
2008-10-16 12:08 34,328 ----a-w c:\windows\system32\wups.dll
2008-10-16 12:08 34,328 ----a-w c:\windows\system32\dllcache\wups.dll
2008-10-16 12:06 268,648 ----a-w c:\windows\system32\mucltui.dll
2008-10-16 12:06 208,744 ----a-w c:\windows\system32\muweb.dll
2008-10-15 16:57 332,800 ----a-w c:\windows\system32\dllcache\netapi32.dll
2008-10-15 07:06 633,632 ----a-w c:\windows\system32\dllcache\iexplore.exe
2008-10-15 07:04 161,792 ----a-w c:\windows\system32\dllcache\ieakui.dll
2008-10-14 12:42 --------- d-----w c:\program files\HP
2008-10-14 12:42 --------- d-----w c:\program files\Hewlett-Packard
2008-10-12 13:56 --------- d-----w c:\program files\Zombie Panic Source
2008-10-03 10:15 247,326 ----a-w c:\windows\system32\strmdll.dll
2008-10-03 10:15 247,326 ----a-w c:\windows\system32\dllcache\strmdll.dll
2008-09-30 14:43 1,286,152 ----a-w c:\windows\system32\msxml4.dll
2008-09-27 13:26 111,928 ----a-w c:\windows\system32\PnkBstrB.exe
2008-09-25 08:03 81,920 ----a-w c:\windows\system32\dpl100.dll
2008-09-25 08:03 593,920 ----a-w c:\windows\system32\dpuGUI11.dll
2008-09-25 08:03 57,344 ----a-w c:\windows\system32\dpv11.dll
2008-09-25 08:03 53,248 ----a-w c:\windows\system32\dpuGUI10.dll
2008-09-25 08:03 524,288 ----a-w c:\windows\system32\DivXsm.exe
2008-09-25 08:03 344,064 ----a-w c:\windows\system32\dpus11.dll
2008-09-25 08:03 294,912 ----a-w c:\windows\system32\dpu11.dll
2008-09-25 08:03 294,912 ----a-w c:\windows\system32\dpu10.dll
2008-09-25 08:03 196,608 ----a-w c:\windows\system32\dtu100.dll
2008-09-25 08:03 161,096 ----a-w c:\windows\system32\DivXCodecVersionChecker.exe
2008-09-19 21:57 3,596,288 ----a-w c:\windows\system32\qt-dx331.dll
2008-09-19 21:55 200,704 ----a-w c:\windows\system32\ssldivx.dll
2008-09-19 21:55 1,044,480 ----a-w c:\windows\system32\libdivx.dll
2008-09-19 21:54 12,288 ----a-w c:\windows\system32\DivXWMPExtType.dll
2008-09-18 00:41 42,320 ----a-w c:\windows\system32\xfcodec.dll
2008-09-15 11:57 1,846,016 ----a-w c:\windows\system32\win32k.sys
2008-09-15 11:57 1,846,016 ----a-w c:\windows\system32\dllcache\win32k.sys
2008-06-10 13:01 1,206 ----a-w c:\documents and settings\HP_Administrator\Application Data\wklnhst.dat
2008-02-13 15:47 22,328 ----a-w c:\documents and settings\HP_Administrator\Application Data\PnkBstrK.sys
2006-12-24 17:33 251 ----a-w c:\program files\wt3d.ini
.

((((((((((((((((((((((((((((( snapshot@2008-12-12_18.50.37,71 )))))))))))))))))))))))))))))))))))))))))
.
+ 2008-12-12 17:00:47 16,384 ----atw c:\windows\temp\Perflib_Perfdata_148.dat
.
(((((((((((((((((((((((((((((( Rekisterin käynnistyskohteet )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Huom* Tyhjiä arvoja ja laillisia oletusarvoja ei näytetä
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-06-15 68856]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2004-08-09 15360]
"CTZDetec.exe"="c:\program files\Creative\Creative Media Lite\CTZDetec.exe" [2007-05-15 98304]
"msnmsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2007-10-18 5724184]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ehTray"="c:\windows\ehome\ehtray.exe" [2005-08-05 64512]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-05-02 13529088]
"DMAScheduler"="c:\program files\HP DigitalMedia Archive\DMAScheduler.exe" [2006-04-13 90112]
"Recguard"="c:\windows\SMINST\RECGUARD.EXE" [2005-07-22 237568]
"HPBootOp"="c:\program files\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe" [2006-02-15 249856]
"Reminder"="c:\windows\Creator\Remind_XP.exe" [2004-12-13 663552]
"PaperPort PTD"="c:\program files\ScanSoft\PaperPort\pptd40nt.exe" [2005-03-17 57393]
"IndexSearch"="c:\program files\ScanSoft\PaperPort\IndexSearch.exe" [2005-03-17 40960]
"SetDefPrt"="c:\program files\Brother\Brmfl05a\BrStDvPt.exe" [2005-01-26 49152]
"ControlCenter2.0"="c:\program files\Brother\ControlCenter2\brctrcen.exe" [2005-05-17 933888]
"SsAAD.exe"="c:\progra~1\Sony\SONICS~1\SsAAD.exe" [2006-01-07 81920]
"PCSuiteTrayApplication"="c:\program files\Nokia\Nokia PC Suite 6\LaunchApplication.exe" [2007-06-18 271360]
"PinnacleDriverCheck"="c:\windows\system32\PSDrvCheck.exe" [2004-03-10 406016]
"AVG8_TRAY"="c:\progra~1\AVG\AVG8\avgtray.exe" [2008-11-27 1261336]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2008-05-02 86016]
"SmcService"="c:\progra~1\Sygate\SPF\smc.exe" [2004-10-15 2577632]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2008-11-20 290088]
"ISUSPM Startup"="c:\progra~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe" [2004-07-27 221184]
"ftutil2"="ftutil2.dll" [2004-06-07 c:\windows\system32\ftutil2.dll]
"RTHDCPL"="RTHDCPL.EXE" [2006-07-21 c:\windows\RTHDCPL.EXE]
"AlwaysReady Power Message APP"="ARPWRMSG.EXE" [2005-08-03 c:\windows\arpwrmsg.exe]
"Kernel and Hardware Abstraction Layer"="KHALMNPR.EXE" [2008-02-29 c:\windows\KHALMNPR.Exe]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"Nokia.PCSync"="c:\program files\Nokia\Nokia PC Suite 6\PcSync2.exe" [2007-06-19 1241088]

c:\documents and settings\Default User\Start Menu\Programs\Startup\
Pin.lnk - c:\hp\bin\CLOAKER.EXE [2006-09-21 27136]
PinMcLnk.lnk - c:\hp\bin\cloaker.exe [2006-09-21 27136]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
Adobe Gamma Loader.lnk - c:\program files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2007-01-26 113664]
Adobe Reader Speed Launch.lnk - c:\program files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2008-04-23 29696]
Logitech SetPoint.lnk - c:\program files\Logitech\SetPoint\SetPoint.exe [2008-08-21 805392]
Status Monitor.lnk - c:\program files\Brother\Brmfcmon\BrMfcWnd.exe [2007-04-21 802816]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\LBTWlgn]
2008-05-02 01:42 72208 c:\program files\Common Files\Logitech\Bluetooth\LBTWLgn.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=avgrsstx.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"VIDC.XFR1"= xfcodec.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WdfLoadGroup]
@=""

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\PandaAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\PandaFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Liquid.6\\Program\\RM.exe"=
"c:\\Program Files\\Liquid.6\\Program\\Studiou.mod"=
"c:\\WINDOWS\\system32\\PnkBstrA.exe"=
"c:\\WINDOWS\\system32\\PnkBstrB.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=
"c:\\Program Files\\Steam\\SteamApps\\moks\\counter-strike source\\hl2.exe"=
"c:\\Program Files\\AVG\\AVG8\\avgupd.exe"=
"c:\\Program Files\\AVG\\AVG8\\avgemc.exe"=
"c:\\Program Files\\Steam\\Steam.exe"=
"c:\\Program Files\\The All-Seeing Eye\\eye.exe"=
"c:\\Program Files\\Activision\\Call of Duty 2\\CoD2MP_s.exe"=
"c:\\Program Files\\Steam\\SteamApps\\moks\\day of defeat source\\hl2.exe"=
"c:\\Program Files\\Warcraft III\\w3l.exe"=
"c:\\Program Files\\Warcraft III\\Frozen Throne.exe"=
"c:\\Program Files\\Hamachi\\hamachi.exe"=
"c:\\Documents and Settings\\HP_Administrator\\My Documents\\Tommi\\Pelit\\Warcraft III 1.18\\lancraft.exe"=
"c:\\Program Files\\Warcraft III\\Warcraft III.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\Xfire\\Xfire.exe"=
"c:\\Program Files\\mIRC\\mirc.exe"=
"c:\\Program Files\\uTorrent\\uTorrent.exe"=
"c:\\Documents and Settings\\HP_Administrator\\Desktop\\utorrent.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"7934:UDP"= 7934:UDP:BitComet 7934 UDP
"9849:TCP"= 9849:TCP:BitComet 9849 TCP
"9849:UDP"= 9849:UDP:BitComet 9849 UDP
"617:TCP"= 617:TCP:utorrent

R1 AvgLdx86;AVG AVI Loader Driver x86;c:\windows\system32\Drivers\avgldx86.sys [2008-05-29 97928]
R2 avg8emc;AVG8 E-mail Scanner;c:\progra~1\AVG\AVG8\avgemc.exe [2008-07-21 875288]
R2 avg8wd;AVG8 WatchDog;c:\progra~1\AVG\AVG8\avgwdsvc.exe [2008-07-21 231704]
R2 AvgTdiX;AVG8 Network Redirector;c:\windows\system32\Drivers\avgtdix.sys [2008-05-29 76040]
R3 V0260VID;Live! Cam Vista IM;c:\windows\system32\DRIVERS\V0260Vid.sys [2006-12-29 162176]
S1 ShldDrv;Panda File Shield Driver;\??\c:\windows\system32\DRIVERS\ShlDrv51.sys []
S2 PavProc;Panda Process Protection Driver;\??\c:\windows\system32\DRIVERS\PavProc.sys []

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{0b23511e-8951-11dd-9f55-0014a5bc97b2}]
\Shell\AutoRun\command - M:\LaunchU3.exe -a

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{0b235120-8951-11dd-9f55-0014a5bc97b2}]
\Shell\AutoRun\command - M:\LaunchU3.exe -a
.
'Ajoitetut tehtävät'-kansion sisältö

2008-12-01 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 11:34]

2008-12-12 c:\windows\Tasks\Tarkistetaan Windows Live -työkalurivin päivitykset.job
- c:\program files\Windows Live Toolbar\MSNTBUP.EXE [2007-10-19 11:20]
.
.
------- Täydentävä tarkistus -------
.
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
mSearch Bar = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=FI_FI&c=64&bd=PAVILION&pf=desktop
uInternet Settings,ProxyOverride = *.local
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: &Windows Live Search - c:\program files\Windows Live Toolbar\msntb.dll/search.htm
IE: Vie Microsoft E&xceliin - c:\progra~1\MICROS~3\OFFICE11\EXCEL.EXE/3000

c:\windows\Downloaded Program Files\zylomgamesplayer.dll - O16 -: {BFF1950D-B1B4-4AE8-B842-B2CCF06D9A1B}
hxxp://game03.zylom.com/activex/zylomgamesplayer.cab
c:\windows\Downloaded Program Files\ZylomGamesPlayer.inf
FF - ProfilePath - c:\documents and settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\fylv61dq.default\
FF - prefs.js: browser.search.defaulturl - hxxp://www.google.com/search?lr=&ie=UTF-8&oe=UTF-8&q=
FF - prefs.js: browser.startup.homepage - hxxp://www.youtube.com/
FF - plugin: c:\documents and settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\fylv61dq.default\extensions\firefox@tvunetworks.com\plugins\npTVUAx.dll
FF - plugin: c:\program files\Adobe\Acrobat 7.0\Reader\browser\nppdf32.dll
FF - plugin: c:\program files\iTunes\Mozilla Plugins\npitunes.dll
FF - plugin: c:\program files\Java\jre6\bin\new_plugin\npdeploytk.dll
FF - plugin: c:\program files\Java\jre6\bin\new_plugin\npjp2.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npdeploytk.dll
FF - plugin: c:\program files\Yahoo!\Common\npyaxmpb.dll
.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-12-13 00:32:56
Windows 5.1.2600 Service Pack 2 NTFS

tarkistaa piilotettuja prosesseja ...

tarkistaa piilotettuja käynnistysarvoja ...

tarkistaa piilotettuja tiedostoja ...

tarkistus on valmis
piilotetut tiedostot: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\vsdatant]
"ImagePath"=""
.
--------------------- Prosesseihin ladatut DLLt ---------------------

- - - - - - - > 'winlogon.exe'(832)
c:\windows\system32\avgrsstx.dll
c:\program files\common files\logitech\bluetooth\LBTWlgn.dll
c:\program files\common files\logitech\bluetooth\LBTServ.dll

- - - - - - - > 'lsass.exe'(936)
c:\windows\system32\avgrsstx.dll
.
Valmistumisajankohta: 2008-12-13 0:34:08
ComboFix-quarantined-files.txt 2008-12-12 22:33:52
ComboFix2.txt 2008-12-12 16:51:25

Ennen ajoa: 30 437 584 896 bytes free
Ajon jälkeen: 30,412,304,384 tavua vapaana

2017 --- E O F --- 2008-12-11 06:27:38

 

Avaa Muistio ja kopioi/liitä lainauksen sisältö sinne:

Tallenna se nimellä CFScript.txt

Sitten raahaa CFScript ComboFix.exeen kuten alla.


Käynnistä tietokone uudelleen pyydettäessä ja lähetä combofix.txt-tiedoston sisältö tänne.

 

Tuossa


ComboFix 08-12-11.06 - HP_Administrator 2008-12-13 13:07:29.5 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.370 [GMT 2:00]
Sijainti: c:\documents and settings\HP_Administrator\Desktop\ComboFix.exe
Käytetyt komentorivivalitsimet :: c:\documents and settings\HP_Administrator\Desktop\CFScript.txt
* Uusi palautuspiste luotu
.

(((((((((((((((((((((((((((((((((((((( Muut poistot ))))))))))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\23990098.$$$\

.
((((( Tiedostot, jotka on luotu seuraavalla aikavälillä: 2008-11-13 to 2008-12-13 )))))))))))))))))
.

2008-12-11 15:33 . 2008-12-11 15:33 <DIR> d-------- C:\fsaua.data
2008-12-10 23:27 . 2008-12-10 23:35 0 --a------ C:\23990098.$$$
2008-12-09 16:13 . 2008-12-09 16:13 410,984 --a------ c:\windows\system32\deploytk.dll
2008-12-08 23:38 . 2008-12-08 23:38 <DIR> d-------- c:\windows\ERUNT
2008-12-08 15:53 . 2008-12-08 15:53 <DIR> d-------- c:\program files\Malwarebytes' Anti-Malware
2008-12-08 15:53 . 2008-12-08 15:53 <DIR> d-------- c:\documents and settings\HP_Administrator\Application Data\Malwarebytes
2008-12-08 15:53 . 2008-12-08 15:53 <DIR> d-------- c:\documents and settings\All Users\Application Data\Malwarebytes
2008-12-08 15:53 . 2008-12-03 19:52 38,496 --a------ c:\windows\system32\drivers\mbamswissarmy.sys
2008-12-08 15:53 . 2008-12-03 19:52 15,504 --a------ c:\windows\system32\drivers\mbam.sys
2008-12-07 00:19 . 2007-10-26 05:34 8,460,288 --a------ c:\windows\system32\dllcache\shell32.dll
2008-12-06 22:59 . 2004-08-09 23:00 71,040 --------- c:\windows\system32\drivers\_005300_.tmp.dll
2008-11-26 14:43 . 2008-11-26 14:43 <DIR> d-------- c:\program files\iTunes
2008-11-26 14:43 . 2008-11-26 14:43 <DIR> d-------- c:\program files\iPod
2008-11-26 14:43 . 2008-11-26 14:43 <DIR> d-------- c:\documents and settings\All Users\Application Data\{3276BE95_AF08_429F_A64F_CA64CB79BCF6}

.
(((((((((((((((((((((((((((((((((((( Find3M-raportti ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-12-12 23:15 --------- d-----w c:\program files\Warcraft III
2008-12-12 16:00 --------- d-----w c:\documents and settings\HP_Administrator\Application Data\uTorrent
2008-12-11 20:06 --------- d-----w c:\documents and settings\HP_Administrator\Application Data\Hamachi
2008-12-09 21:24 --------- d-----w c:\program files\Logitech
2008-12-09 14:27 --------- d-----w c:\program files\Java
2008-12-08 13:26 --------- d-----w c:\program files\Common Files\Wise Installation Wizard
2008-12-06 13:26 --------- d-----w c:\program files\Steam
2008-11-29 21:59 --------- d-----w c:\program files\DivX
2008-11-26 12:41 --------- d-----w c:\program files\QuickTime
2008-11-26 12:40 --------- d-----w c:\program files\Common Files\Apple
2008-11-17 11:48 --------- d---a-w c:\documents and settings\All Users\Application Data\TEMP
2008-11-08 18:44 --------- d-----w c:\documents and settings\HP_Administrator\Application Data\mIRC
2008-11-08 17:52 --------- d-----w c:\program files\mIRC
2008-11-08 16:57 --------- d-----w c:\documents and settings\HP_Administrator\Application Data\FloodLightGames
2008-11-08 16:57 --------- d-----w c:\documents and settings\All Users\Application Data\FloodLightGames
2008-11-08 16:56 --------- d-----w c:\program files\Taukopelit
2008-11-08 15:45 --------- d-----w c:\documents and settings\HP_Administrator\Application Data\Flood Light Games
2008-11-08 15:45 --------- d-----w c:\documents and settings\All Users\Application Data\Flood Light Games
2008-11-08 15:44 --------- d-----w c:\program files\Common Files\Oberon Media
2008-11-06 18:01 --------- d-----w c:\program files\WinTV
2008-11-05 14:04 98,304 ----a-w c:\windows\system32\CmdLineExt.dll
2008-11-05 13:23 --------- d--h--w c:\program files\InstallShield Installation Information
2008-11-05 13:23 --------- d-----w c:\program files\Rockstar Games
2008-11-02 14:15 30 ----a-w c:\documents and settings\HP_Administrator\jagex_runescape_preferences.dat
2008-10-28 22:36 823,296 ----a-w c:\windows\system32\divx_xx0c.dll
2008-10-28 22:36 823,296 ----a-w c:\windows\system32\divx_xx07.dll
2008-10-28 22:35 815,104 ----a-w c:\windows\system32\divx_xx0a.dll
2008-10-28 22:35 802,816 ----a-w c:\windows\system32\divx_xx11.dll
2008-10-28 22:35 684,032 ----a-w c:\windows\system32\DivX.dll
2008-10-26 09:18 --------- dc----w c:\documents and settings\All Users\Application Data\{51019853-129C-4EDE-9030-D5FD7BBD9AD0}
2008-10-24 11:10 453,632 ----a-w c:\windows\system32\drivers\mrxsmb.sys
2008-10-24 11:10 453,632 ----a-w c:\windows\system32\dllcache\mrxsmb.sys
2008-10-23 13:01 283,648 ----a-w c:\windows\system32\gdi32.dll
2008-10-23 13:01 283,648 ----a-w c:\windows\system32\dllcache\gdi32.dll
2008-10-18 20:12 --------- d-----w c:\program files\TVUPlayer
2008-10-18 20:12 --------- d-----w c:\documents and settings\All Users\Application Data\TVU Networks
2008-10-17 00:08 3,593,216 ----a-w c:\windows\system32\dllcache\mshtml.dll
2008-10-16 18:44 --------- d-----w c:\documents and settings\HP_Administrator\Application Data\teamspeak2
2008-10-16 14:28 --------- d-----w c:\program files\uTorrent
2008-10-16 13:11 70,656 ----a-w c:\windows\system32\dllcache\ie4uinit.exe
2008-10-16 13:11 13,824 ------w c:\windows\system32\dllcache\ieudinit.exe
2008-10-16 12:13 202,776 ----a-w c:\windows\system32\wuweb.dll
2008-10-16 12:13 202,776 ----a-w c:\windows\system32\dllcache\wuweb.dll
2008-10-16 12:13 1,809,944 ----a-w c:\windows\system32\wuaueng.dll
2008-10-16 12:13 1,809,944 ----a-w c:\windows\system32\dllcache\wuaueng.dll
2008-10-16 12:12 561,688 ----a-w c:\windows\system32\wuapi.dll
2008-10-16 12:12 561,688 ----a-w c:\windows\system32\dllcache\wuapi.dll
2008-10-16 12:12 323,608 ----a-w c:\windows\system32\wucltui.dll
2008-10-16 12:12 323,608 ----a-w c:\windows\system32\dllcache\wucltui.dll
2008-10-16 12:09 92,696 ----a-w c:\windows\system32\dllcache\cdm.dll
2008-10-16 12:09 92,696 ----a-w c:\windows\system32\cdm.dll
2008-10-16 12:09 51,224 ----a-w c:\windows\system32\wuauclt.exe
2008-10-16 12:09 51,224 ----a-w c:\windows\system32\dllcache\wuauclt.exe
2008-10-16 12:09 43,544 ----a-w c:\windows\system32\wups2.dll
2008-10-16 12:08 34,328 ----a-w c:\windows\system32\wups.dll
2008-10-16 12:08 34,328 ----a-w c:\windows\system32\dllcache\wups.dll
2008-10-16 12:06 268,648 ----a-w c:\windows\system32\mucltui.dll
2008-10-16 12:06 208,744 ----a-w c:\windows\system32\muweb.dll
2008-10-15 16:57 332,800 ----a-w c:\windows\system32\dllcache\netapi32.dll
2008-10-15 07:06 633,632 ----a-w c:\windows\system32\dllcache\iexplore.exe
2008-10-15 07:04 161,792 ----a-w c:\windows\system32\dllcache\ieakui.dll
2008-10-14 12:42 --------- d-----w c:\program files\HP
2008-10-14 12:42 --------- d-----w c:\program files\Hewlett-Packard
2008-10-03 10:15 247,326 ----a-w c:\windows\system32\strmdll.dll
2008-10-03 10:15 247,326 ----a-w c:\windows\system32\dllcache\strmdll.dll
2008-09-30 14:43 1,286,152 ----a-w c:\windows\system32\msxml4.dll
2008-09-27 13:26 111,928 ----a-w c:\windows\system32\PnkBstrB.exe
2008-09-25 08:03 81,920 ----a-w c:\windows\system32\dpl100.dll
2008-09-25 08:03 593,920 ----a-w c:\windows\system32\dpuGUI11.dll
2008-09-25 08:03 57,344 ----a-w c:\windows\system32\dpv11.dll
2008-09-25 08:03 53,248 ----a-w c:\windows\system32\dpuGUI10.dll
2008-09-25 08:03 524,288 ----a-w c:\windows\system32\DivXsm.exe
2008-09-25 08:03 344,064 ----a-w c:\windows\system32\dpus11.dll
2008-09-25 08:03 294,912 ----a-w c:\windows\system32\dpu11.dll
2008-09-25 08:03 294,912 ----a-w c:\windows\system32\dpu10.dll
2008-09-25 08:03 196,608 ----a-w c:\windows\system32\dtu100.dll
2008-09-25 08:03 161,096 ----a-w c:\windows\system32\DivXCodecVersionChecker.exe
2008-09-19 21:57 3,596,288 ----a-w c:\windows\system32\qt-dx331.dll
2008-09-19 21:55 200,704 ----a-w c:\windows\system32\ssldivx.dll
2008-09-19 21:55 1,044,480 ----a-w c:\windows\system32\libdivx.dll
2008-09-19 21:54 12,288 ----a-w c:\windows\system32\DivXWMPExtType.dll
2008-09-18 00:41 42,320 ----a-w c:\windows\system32\xfcodec.dll
2008-09-15 11:57 1,846,016 ----a-w c:\windows\system32\win32k.sys
2008-09-15 11:57 1,846,016 ----a-w c:\windows\system32\dllcache\win32k.sys
2008-06-10 13:01 1,206 ----a-w c:\documents and settings\HP_Administrator\Application Data\wklnhst.dat
2008-02-13 15:47 22,328 ----a-w c:\documents and settings\HP_Administrator\Application Data\PnkBstrK.sys
2006-12-24 17:33 251 ----a-w c:\program files\wt3d.ini
.

((((((((((((((((((((((((((((( snapshot@2008-12-12_18.50.37,71 )))))))))))))))))))))))))))))))))))))))))
.
- 2008-11-04 00:10:25 17,318,336 ----a-w c:\windows\system32\MRT.exe
+ 2008-12-09 23:24:37 17,593,280 ----a-w c:\windows\system32\MRT.exe
+ 2008-12-12 17:00:47 16,384 ----atw c:\windows\temp\Perflib_Perfdata_148.dat
.
(((((((((((((((((((((((((((((( Rekisterin käynnistyskohteet )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Huom* Tyhjiä arvoja ja laillisia oletusarvoja ei näytetä
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-06-15 68856]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2004-08-09 15360]
"CTZDetec.exe"="c:\program files\Creative\Creative Media Lite\CTZDetec.exe" [2007-05-15 98304]
"msnmsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2007-10-18 5724184]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ehTray"="c:\windows\ehome\ehtray.exe" [2005-08-05 64512]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-05-02 13529088]
"DMAScheduler"="c:\program files\HP DigitalMedia Archive\DMAScheduler.exe" [2006-04-13 90112]
"Recguard"="c:\windows\SMINST\RECGUARD.EXE" [2005-07-22 237568]
"HPBootOp"="c:\program files\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe" [2006-02-15 249856]
"Reminder"="c:\windows\Creator\Remind_XP.exe" [2004-12-13 663552]
"PaperPort PTD"="c:\program files\ScanSoft\PaperPort\pptd40nt.exe" [2005-03-17 57393]
"IndexSearch"="c:\program files\ScanSoft\PaperPort\IndexSearch.exe" [2005-03-17 40960]
"SetDefPrt"="c:\program files\Brother\Brmfl05a\BrStDvPt.exe" [2005-01-26 49152]
"ControlCenter2.0"="c:\program files\Brother\ControlCenter2\brctrcen.exe" [2005-05-17 933888]
"SsAAD.exe"="c:\progra~1\Sony\SONICS~1\SsAAD.exe" [2006-01-07 81920]
"PCSuiteTrayApplication"="c:\program files\Nokia\Nokia PC Suite 6\LaunchApplication.exe" [2007-06-18 271360]
"PinnacleDriverCheck"="c:\windows\system32\PSDrvCheck.exe" [2004-03-10 406016]
"AVG8_TRAY"="c:\progra~1\AVG\AVG8\avgtray.exe" [2008-11-27 1261336]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2008-05-02 86016]
"SmcService"="c:\progra~1\Sygate\SPF\smc.exe" [2004-10-15 2577632]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2008-11-20 290088]
"ISUSPM Startup"="c:\progra~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe" [2004-07-27 221184]
"ftutil2"="ftutil2.dll" [2004-06-07 c:\windows\system32\ftutil2.dll]
"RTHDCPL"="RTHDCPL.EXE" [2006-07-21 c:\windows\RTHDCPL.EXE]
"AlwaysReady Power Message APP"="ARPWRMSG.EXE" [2005-08-03 c:\windows\arpwrmsg.exe]
"Kernel and Hardware Abstraction Layer"="KHALMNPR.EXE" [2008-02-29 c:\windows\KHALMNPR.Exe]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"Nokia.PCSync"="c:\program files\Nokia\Nokia PC Suite 6\PcSync2.exe" [2007-06-19 1241088]

c:\documents and settings\Default User\Start Menu\Programs\Startup\
Pin.lnk - c:\hp\bin\CLOAKER.EXE [2006-09-21 27136]
PinMcLnk.lnk - c:\hp\bin\cloaker.exe [2006-09-21 27136]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
Adobe Gamma Loader.lnk - c:\program files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2007-01-26 113664]
Adobe Reader Speed Launch.lnk - c:\program files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2008-04-23 29696]
Logitech SetPoint.lnk - c:\program files\Logitech\SetPoint\SetPoint.exe [2008-08-21 805392]
Status Monitor.lnk - c:\program files\Brother\Brmfcmon\BrMfcWnd.exe [2007-04-21 802816]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\LBTWlgn]
2008-05-02 01:42 72208 c:\program files\Common Files\Logitech\Bluetooth\LBTWLgn.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=avgrsstx.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"VIDC.XFR1"= xfcodec.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WdfLoadGroup]
@=""

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Liquid.6\\Program\\RM.exe"=
"c:\\Program Files\\Liquid.6\\Program\\Studiou.mod"=
"c:\\WINDOWS\\system32\\PnkBstrA.exe"=
"c:\\WINDOWS\\system32\\PnkBstrB.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=
"c:\\Program Files\\Steam\\SteamApps\\moks\\counter-strike source\\hl2.exe"=
"c:\\Program Files\\AVG\\AVG8\\avgupd.exe"=
"c:\\Program Files\\AVG\\AVG8\\avgemc.exe"=
"c:\\Program Files\\Steam\\Steam.exe"=
"c:\\Program Files\\The All-Seeing Eye\\eye.exe"=
"c:\\Program Files\\Activision\\Call of Duty 2\\CoD2MP_s.exe"=
"c:\\Program Files\\Steam\\SteamApps\\moks\\day of defeat source\\hl2.exe"=
"c:\\Program Files\\Warcraft III\\w3l.exe"=
"c:\\Program Files\\Warcraft III\\Frozen Throne.exe"=
"c:\\Program Files\\Hamachi\\hamachi.exe"=
"c:\\Documents and Settings\\HP_Administrator\\My Documents\\Tommi\\Pelit\\Warcraft III 1.18\\lancraft.exe"=
"c:\\Program Files\\Warcraft III\\Warcraft III.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\Xfire\\Xfire.exe"=
"c:\\Program Files\\mIRC\\mirc.exe"=
"c:\\Program Files\\uTorrent\\uTorrent.exe"=
"c:\\Documents and Settings\\HP_Administrator\\Desktop\\utorrent.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"7934:UDP"= 7934:UDP:BitComet 7934 UDP
"9849:TCP"= 9849:TCP:BitComet 9849 TCP
"9849:UDP"= 9849:UDP:BitComet 9849 UDP
"617:TCP"= 617:TCP:utorrent

R1 AvgLdx86;AVG AVI Loader Driver x86;c:\windows\system32\Drivers\avgldx86.sys [2008-05-29 97928]
R2 avg8emc;AVG8 E-mail Scanner;c:\progra~1\AVG\AVG8\avgemc.exe [2008-07-21 875288]
R2 avg8wd;AVG8 WatchDog;c:\progra~1\AVG\AVG8\avgwdsvc.exe [2008-07-21 231704]
R2 AvgTdiX;AVG8 Network Redirector;c:\windows\system32\Drivers\avgtdix.sys [2008-05-29 76040]
R3 V0260VID;Live! Cam Vista IM;c:\windows\system32\DRIVERS\V0260Vid.sys [2006-12-29 162176]
S1 ShldDrv;Panda File Shield Driver;\??\c:\windows\system32\DRIVERS\ShlDrv51.sys []
S2 PavProc;Panda Process Protection Driver;\??\c:\windows\system32\DRIVERS\PavProc.sys []

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{0b23511e-8951-11dd-9f55-0014a5bc97b2}]
\Shell\AutoRun\command - M:\LaunchU3.exe -a

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{0b235120-8951-11dd-9f55-0014a5bc97b2}]
\Shell\AutoRun\command - M:\LaunchU3.exe -a
.
'Ajoitetut tehtävät'-kansion sisältö

2008-12-01 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 11:34]

2008-12-13 c:\windows\Tasks\Tarkistetaan Windows Live -työkalurivin päivitykset.job
- c:\program files\Windows Live Toolbar\MSNTBUP.EXE [2007-10-19 11:20]
.
.
------- Täydentävä tarkistus -------
.
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
mSearch Bar = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=FI_FI&c=64&bd=PAVILION&pf=desktop
uInternet Settings,ProxyOverride = *.local
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: &Windows Live Search - c:\program files\Windows Live Toolbar\msntb.dll/search.htm
IE: Vie Microsoft E&xceliin - c:\progra~1\MICROS~3\OFFICE11\EXCEL.EXE/3000

c:\windows\Downloaded Program Files\zylomgamesplayer.dll - O16 -: {BFF1950D-B1B4-4AE8-B842-B2CCF06D9A1B}
hxxp://game03.zylom.com/activex/zylomgamesplayer.cab
c:\windows\Downloaded Program Files\ZylomGamesPlayer.inf
FF - ProfilePath - c:\documents and settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\fylv61dq.default\
FF - prefs.js: browser.search.defaulturl - hxxp://www.google.com/search?lr=&ie=UTF-8&oe=UTF-8&q=
FF - prefs.js: browser.startup.homepage - hxxp://www.youtube.com/
FF - plugin: c:\documents and settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\fylv61dq.default\extensions\firefox@tvunetworks.com\plugins\npTVUAx.dll
FF - plugin: c:\program files\Adobe\Acrobat 7.0\Reader\browser\nppdf32.dll
FF - plugin: c:\program files\iTunes\Mozilla Plugins\npitunes.dll
FF - plugin: c:\program files\Java\jre6\bin\new_plugin\npdeploytk.dll
FF - plugin: c:\program files\Java\jre6\bin\new_plugin\npjp2.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npdeploytk.dll
.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-12-13 13:11:59
Windows 5.1.2600 Service Pack 2 NTFS

tarkistaa piilotettuja prosesseja ...

tarkistaa piilotettuja käynnistysarvoja ...

tarkistaa piilotettuja tiedostoja ...

tarkistus on valmis
piilotetut tiedostot: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\vsdatant]
"ImagePath"=""
.
--------------------- Prosesseihin ladatut DLLt ---------------------

- - - - - - - > 'winlogon.exe'(832)
c:\windows\system32\avgrsstx.dll
c:\program files\common files\logitech\bluetooth\LBTWlgn.dll
c:\program files\common files\logitech\bluetooth\LBTServ.dll

- - - - - - - > 'lsass.exe'(936)
c:\windows\system32\avgrsstx.dll
.
Valmistumisajankohta: 2008-12-13 13:13:12
ComboFix-quarantined-files.txt 2008-12-13 11:12:56
ComboFix2.txt 2008-12-12 22:34:10
ComboFix3.txt 2008-12-12 16:51:25

Ennen ajoa: 30 331 215 872 bytes free
Ajon jälkeen: 30,309,539,840 tavua vapaana

276 --- E O F --- 2008-12-13 10:02:41

 

Lataa täältä EVEREST Home Edition 2.20

asenna ja avaa
emolevy ja muisti paljon löytyy yhteensä

katso samalla lämmöt tietokone ja anturit

 

Keskusmuistia yhteensä 1022 MB.

Anturit
Tyyppi HDD
Näytönohjainanturi Driver (NV-DRV)

Lämpötilat
Suoritin 40 °C (104 °F)
Näytönohjain 77 °C (171 °F)
Seagate ST3200827AS 39 °C (102 °F)

 

Näyttön ohjaimen lämpötila on aika korkee Näytönohjain 77 °C

Kannatais aukasta kone nyt ja putsata pölyt pois.

sitten koneella on noita pelejä niin
jos emolevy sallii niin laitais koneeseen 2g muistia.

==================

Lataa OTMoveIt
OTMoveIt ja tallenna se työpöydällesi.

Tuplaklikkaa OTMoveIt.exe.
Klikkaa CleanUp!.
Valitse Yes kun kysytään "Begin cleanup Process?".
Jos pyydetään, että saako koneen käynnistää uudeelleen, valitse Yes.OTMoveIt poistaa itsensä kun se on valmis, jos näin ei käy poista se itse.

HUOM: Jos palomuurisi tai joku muu tietoturvaohjelma varoittaa, että OTMoveIt yrittää päästä nettin, niin anna sen päästä sinne.

 

Viimestään viikon päästä kun joululoma alkaa niin voisi puhdistaa pölyt. Ikävä kyllä tässä pöytäkoneessani on integroitu RAM joten en tiedä saako tähän lisää RAMeja.

editaljonko noitten lämpöjen olisi hyvä olla?

 

mikäs on sen pöytäkoneen emolevyn merkki malli

 

Kun otan tuolta EVERESTistä emolevy->emolevy
Ominaisuus Arvo
Emolevy
Tunnus 09/07/2006-C51-MCP51-Hematite-00
Emolevy ei tietoa

edit:Katsoinko oikeasta paikasta?

 

mikäs on koneen merkki ja malli

 

Järjestelmä
Valmistaja HP Pavilion 061
Tuote RF796AA-UUW s7610.sc

Onko se tuossa?

edit:Jos ei, niin mistä sen näkee?

 

tuossa kuvassa löytyy johto nipun takaa ne muisti kammat

==================

Muistikammat saa pois näin: ku lipsut työntää päätystä ylos päin
kampa kalistuu sivulle uusi laitetaan samalla lailla takasin ja painetaan paikoileen että lipsut naksahtaa kampaan kiini katso että kamassa oleva lovi menee siintä emolevyssä olevaan kampa telineeseen oikeaan kohtaan





=================

Voipi olla että näytönohjain tulee vielä menemään rikki
lämpöjen takia.

sitten yläkuvan valkoiseen pci väylään uusi näyttönohjain