Koneesta puuttuu tiedostoja, mut on örkkejä

many68 · 22.03.2008

Tässä Hjt-logi, jos joku pystyis auttaan. Mikään ei oikeen toimi, työn ja tuskan takana oli että sai yhden käytäjän auki jotenki...
Logfile of HijackThis v1.99.1
Scan saved at 17:38:04, on 22.3.2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16608)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\Winamp\winampa.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\Program Files\Comodo\Firewall\cfp.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Comodo\Firewall\cmdagent.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\WINDOWS\System32\PAStiSvc.exe
C:\Scanner.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Linkit
O2 - BHO: (no name) - {00000250-0320-4dd4-be4f-7566d2314352} - (no file)
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: (no name) - {13197ace-6851-45c3-a7ff-c281324d5489} - (no file)
O2 - BHO: (no name) - {15651c7c-e812-44a2-a9ac-b467a2233e7d} - (no file)
O2 - BHO: (no name) - {4e1075f4-eec4-4a86-add7-cd5f52858c31} - (no file)
O2 - BHO: (no name) - {4e7bd74f-2b8d-469e-92c6-ce7eb590a94d} - (no file)
O2 - BHO: (no name) - {5929cd6e-2062-44a4-b2c5-2c7e78fbab38} - (no file)
O2 - BHO: (no name) - {5dafd089-24b1-4c5e-bd42-8ca72550717b} - (no file)
O2 - BHO: (no name) - {5fa6752a-c4a0-4222-88c2-928ae5ab4966} - (no file)
O2 - BHO: (no name) - {622cc208-b014-4fe0-801b-874a5e5e403a} - (no file)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll (file missing)
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: (no name) - {8674aea0-9d3d-11d9-99dc-00600f9a01f1} - (no file)
O2 - BHO: (no name) - {965a592f-8efa-4250-8630-7960230792f1} - (no file)
O2 - BHO: (no name) - {9c5b2f29-1f46-4639-a6b4-828942301d3e} - (no file)
O2 - BHO: (no name) - {cf021f40-3e14-23a5-cba2-717765728274} - (no file)
O2 - BHO: (no name) - {fc3a74e5-f281-4f10-ae1e-733078684f3c} - (no file)
O2 - BHO: (no name) - {ffff0001-0002-101a-a3c9-08002b2f49fb} - (no file)
O3 - Toolbar: (no name) - {BC4FFE41-DE9F-46fa-B455-AAD49B9F9938} - (no file)
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKLM\..\Run: [Sony Ericsson PC Suite] "C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe" /startoptions
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [WinampAgent] "C:\Program Files\Winamp\winampa.exe"
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKLM\..\Run: [COMODO Firewall Pro] "C:\Program Files\Comodo\Firewall\cfp.exe" -h
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll (file missing)
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll (file missing)
O9 - Extra button: Lukutulkki - {B66541E2-E167-4084-8E77-68CA13C4B3B8} - C:\Program Files\NetClickup\Lukutulkki\Lutu.dll (file missing)
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O11 - Options group: [INTERNATIONAL] International*
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O14 - IERESET.INF: START_PAGE_URL=http://www.multitronic.fi/
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Object) - http://a1540.g.akamai.net/7/1540/52/20070711/qtinstall.info.apple.com/qtactivex/qtplugin.cab
O16 - DPF: {0B79F48A-E8D6-11DB-9283-E25056D89593} (F-Secure Online Scanner 3.1) - http://support.f-secure.com/ols/fscax.cab
O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab31267.cab
O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/SharedContent/vc/bin/AvSniff.cab
O16 - DPF: {4539348E-01D7-11D5-9A39-0080C8D85044} (GameDesire Slots 90th) - http://67.15.101.33/g_bin/eng/slots90_2_0_0_35.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1138006785703
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab
O16 - DPF: {69EF49E5-FE46-4B92-B5FA-2193AB7A6B8A} (GameLauncher Control) - http://www.acclaim.com/cabs/acclaim_v4.cab
O16 - DPF: {917623D1-D8E5-11D2-BE8B-00104B06BDE3} (CamImage Class) - http://webcam.ttk.ru/activex/AxisCamControl.cab
O16 - DPF: {A6212120-01D4-11D5-9A39-0080C8D85044} (GameDesire Slots 70th) - http://67.15.101.33/g_bin/eng/slots70_2_0_0_35.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://messenger.zone.msn.com/binary/ZIntro.cab56649.cab
O16 - DPF: {BD08A9D5-0E5C-4F42-99A3-C0CB5E860557} (CSolidBrowserObj Object) - http://cdn1.acclaimdownloads.com/solidstateion.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O16 - DPF: {D8089245-3211-40F6-819B-9E5E92CD61A2} (FlashXControl Object) - https://mppv2flash3.valueactive.com/Unibet/FlashAX.cab
O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab56986.cab
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - AppInit_DLLs: C:\WINDOWS\system32\guard32.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe (file missing)
O23 - Service: avast! Antivirus - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashServ.exe (file missing)
O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: COMODO Firewall Pro Helper Service (cmdAgent) - COMODO - C:\Program Files\Comodo\Firewall\cmdagent.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: STI Simulator - Unknown owner - C:\WINDOWS\System32\PAStiSvc.exe

AfterDawn

Hujo · 22.03.2008

aletaan tuolla sitten

scannaa hjt:llä merkkaa paina Fix checked

O2 - BHO: (no name) - {00000250-0320-4dd4-be4f-7566d2314352} - (no file)
O2 - BHO: (no name) - {13197ace-6851-45c3-a7ff-c281324d5489} - (no file)
O2 - BHO: (no name) - {15651c7c-e812-44a2-a9ac-b467a2233e7d} - (no file)
O2 - BHO: (no name) - {4e1075f4-eec4-4a86-add7-cd5f52858c31} - (no file)
O2 - BHO: (no name) - {4e7bd74f-2b8d-469e-92c6-ce7eb590a94d} - (no file)
O2 - BHO: (no name) - {5929cd6e-2062-44a4-b2c5-2c7e78fbab38} - (no file)
O2 - BHO: (no name) - {5dafd089-24b1-4c5e-bd42-8ca72550717b} - (no file)
O2 - BHO: (no name) - {5fa6752a-c4a0-4222-88c2-928ae5ab4966} - (no file)
O2 - BHO: (no name) - {622cc208-b014-4fe0-801b-874a5e5e403a} - (no file)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll (file missing)
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: (no name) - {8674aea0-9d3d-11d9-99dc-00600f9a01f1} - (no file)
O2 - BHO: (no name) - {965a592f-8efa-4250-8630-7960230792f1} - (no file)
O2 - BHO: (no name) - {9c5b2f29-1f46-4639-a6b4-828942301d3e} - (no file)
O2 - BHO: (no name) - {cf021f40-3e14-23a5-cba2-717765728274} - (no file)
O2 - BHO: (no name) - {fc3a74e5-f281-4f10-ae1e-733078684f3c} - (no file)
O2 - BHO: (no name) - {ffff0001-0002-101a-a3c9-08002b2f49fb} - (no file)
O3 - Toolbar: (no name) - {BC4FFE41-DE9F-46fa-B455-AAD49B9F9938} - (no file)
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/Share...bin/AvSniff.cab[/color]
O16 - DPF: {D8089245-3211-40F6-819B-9E5E92CD61A2} (FlashXControl Object) - https://mppv2flash3.valueactive.com/Unibet/FlashAX.cab

==========

1.Lataa combofix.exe työpöydällesi yhdestä linkistä:
combofix1
combofix2

2. Tuplaklikkaa combofix.exe tiedostoa ja seuraa ohjeistuksia.
3. Kun työkalu on valmis, se tuottaa lokin. Lähetä tämä loki viesti ketjuusi.
Huom! Älä klikkaile combofixin ikkunaa käytön aikana. Tämä saattaa aiheuttaa ohjelman jumiutumisen.

========

Lataa SDFix by AndyManchesta ja tallenna se työpöydällesi.

Käynnistä koneesi vikasietotilaan:

sammuta ja käynnistä
käynnistyksen yhteydessä hakkaa F8 nappia
valitse nuolinäppäimellä vikasietotila
paina enter ja enter
valitse käyttäjätilisi
paina kyllä

Jossakin koneissa hakataan F8:sin sijasta F5:tä

" Kun vikasietotilassa, pura tiedoston SDFix.zip sisältö (SDFix kansio) työpöydällesi. Työpöydälle pitäisi ilmestyä kansio nimeltä SDFix.
" Avaa SDFix-kansio ja tuplaklikkaa tiedostoa RunThis.bat käynnistääksesi ohjelman.
" Paina Y käynnistääksesi skriptin.
" Työkalu puhdistaa troijalaisen palvelut ja tekee myös joitakin korjauksia rekisteriin. Lopuksi se pyytää käynnistämään koneen uudelleen, "Press any key to Reboot".
" Paina mitä tahansa näppäintä ja kone käynnistyy uudelleen.
" Käynnistyminen kestää normaalia kauemmin sillä SDFix puhdistaa konetta.
" Kun kone on käynnistynyt ja työpöytä latautunut, SDFix kertoo että puhdistus on suoritettu, "Finished".
" Paina sitten mitä tahansa näppäintä sulkeaksesi skriptin ja ladataksesi pikakuvakkeet työpöydälle.
" Lopuksi avaa SDFix kansio (työpöydällä) ja kopioi & liitä tiedoston Report.txt sisältö viestiketjuusi uuden HijackThis:n lokin kera.

mind92 · 22.03.2008

selevä;(
[ ]

Hujo · 22.03.2008

Malwarebytes' Anti-Malware ei ladata tätä
eikä uutta hjt:tä kään koneelle.

many68 · 22.03.2008

Yritän jatkaa tota hommaa huomenna, kun on vähä vaikeeta, kun ei ie toimi tos eikä voi suoraan tikulta kopioida, vaan pitää kaikki mennä komentokehotteen kautta...
Mut jatkan huomenna.

tukis · 23.03.2008

-Poistettu-

many68 · 23.03.2008

Elikkä tässä tää combofix logi. Kun ohjelma lopetti ajon, niin nyt on taas vaan pelkkä sininen ruutu ja hiiren nuoli näkyvis... Uskallanko kokeilla käynnistää uusiks?

Kokeilin Ctrl+Alt+Del, ja sain tehtävienhallinnan näkyviin, voisinko siis lisätä explorer.exe prosessin, kun ei oo käynnis, että saisin työpöydän esiin? -> lisätty ja työpöytä näkyvis

(tein muuten sen expand jutun myös explorer.exe tiedostolle, mut ei ollu kovasti muutoksia, mut ainakaan roskis ei ollu enää vioittunut ;-))

ComboFix 08-03-22.1 - Jari 2008-03-23 12:02:14.1 - NTFSx86
Running from: C:\Documents and Settings\All Users\Työpöytä\ComboFix.exe

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.

(((((((((((((((((((((((((((((((((((((( Muut poistot ))))))))))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Documents and Settings\Jari\Application Data\Starware347
C:\Documents and Settings\Jari\Application Data\Starware347\BrowserSearch\BrowserSearch.xml
C:\Documents and Settings\Jari\Application Data\Starware347\BrowserSearch\BrowserSearch.xml.backup
C:\Documents and Settings\Jari\Application Data\Starware347\Configurator\Configurator.xml
C:\Documents and Settings\Jari\Application Data\Starware347\Configurator\Configurator.xml.backup
C:\Documents and Settings\Jari\Application Data\Starware347\EntertainmentMarketingSP\EntertainmentMarketingSPOptions.xml
C:\Documents and Settings\Jari\Application Data\Starware347\EntertainmentMarketingSP\EntertainmentMarketingSPOptions.xml.backup
C:\Documents and Settings\Jari\Application Data\Starware347\ErrorSearch\ErrorSearchOptions.xml
C:\Documents and Settings\Jari\Application Data\Starware347\ErrorSearch\ErrorSearchOptions.xml.backup
C:\Documents and Settings\Jari\Application Data\Starware347\Games\GamesOptions.xml
C:\Documents and Settings\Jari\Application Data\Starware347\Games\GamesOptions.xml.backup
C:\Documents and Settings\Jari\Application Data\Starware347\JokeSearch\JokeSearchOptions.xml
C:\Documents and Settings\Jari\Application Data\Starware347\JokeSearch\JokeSearchOptions.xml.backup
C:\Documents and Settings\Jari\Application Data\Starware347\Layouts\ToolbarLayout.xml
C:\Documents and Settings\Jari\Application Data\Starware347\Layouts\ToolbarLayout.xml.backup
C:\Documents and Settings\Jari\Application Data\Starware347\Manager\ManagerOptions.xml
C:\Documents and Settings\Jari\Application Data\Starware347\Manager\ManagerOptions.xml.backup
C:\Documents and Settings\Jari\Application Data\Starware347\Movies\MoviesOptions.xml
C:\Documents and Settings\Jari\Application Data\Starware347\Movies\MoviesOptions.xml.backup
C:\Documents and Settings\Jari\Application Data\Starware347\Pranks\PranksOptions.xml
C:\Documents and Settings\Jari\Application Data\Starware347\Pranks\PranksOptions.xml.backup
C:\Documents and Settings\Jari\Application Data\Starware347\RelatedSearch\RelatedSearchOptions.xml
C:\Documents and Settings\Jari\Application Data\Starware347\RelatedSearch\RelatedSearchOptions.xml.backup
C:\Documents and Settings\Jari\Application Data\Starware347\ScreensaversMarketingSitePager\ScreensaversMarketingSitePagerOptions.xml
C:\Documents and Settings\Jari\Application Data\Starware347\ScreensaversMarketingSitePager\ScreensaversMarketingSitePagerOptions.xml.backup
C:\Documents and Settings\Jari\Application Data\Starware347\SearchAssistPlus\SearchAssistPlusOptions.xml
C:\Documents and Settings\Jari\Application Data\Starware347\SearchAssistPlus\SearchAssistPlusOptions.xml.backup
C:\Documents and Settings\Jari\Application Data\Starware347\SearchMatch\SearchMatchOptions.xml
C:\Documents and Settings\Jari\Application Data\Starware347\SearchMatch\SearchMatchOptions.xml.backup
C:\Documents and Settings\Jari\Application Data\Starware347\Toolbar\TBProductsOptions.xml
C:\Documents and Settings\Jari\Application Data\Starware347\Toolbar\TBProductsOptions.xml.backup
C:\Documents and Settings\Jari\Application Data\Starware347\ToolbarLogo\ToolbarLogoOptions.xml
C:\Documents and Settings\Jari\Application Data\Starware347\ToolbarLogo\ToolbarLogoOptions.xml.backup
C:\Documents and Settings\Jari\Application Data\Starware347\ToolbarSearch\ToolbarSearchOptions.xml
C:\Documents and Settings\Jari\Application Data\Starware347\ToolbarSearch\ToolbarSearchOptions.xml.backup
C:\Documents and Settings\Jari\Application Data\Starware347\TravelSearch\TravelSearchOptions.xml
C:\Documents and Settings\Jari\Application Data\Starware347\TravelSearch\TravelSearchOptions.xml.backup
C:\Documents and Settings\Miro ja Rami\Application Data\macromedia\Flash Player\#SharedObjects\YBFX79J8\iforex.com
C:\Documents and Settings\Miro ja Rami\Application Data\macromedia\Flash Player\#SharedObjects\YBFX79J8\iforex.com\Emerp\Events\flash_object.swf\user_data.sol
C:\Documents and Settings\Miro ja Rami\Application Data\macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#iforex.com
C:\Documents and Settings\Miro ja Rami\Application Data\macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#iforex.com\settings.sol
C:\Documents and Settings\Miro ja Rami\Application Data\Starware347
C:\Documents and Settings\Miro ja Rami\Application Data\Starware347\EntertainmentMarketingSP\EntertainmentMarketingSPOptions.xml
C:\Documents and Settings\Miro ja Rami\Application Data\Starware347\EntertainmentMarketingSP\EntertainmentMarketingSPOptions.xml.backup
C:\Documents and Settings\Miro ja Rami\Application Data\Starware347\Games\GamesOptions.xml
C:\Documents and Settings\Miro ja Rami\Application Data\Starware347\Games\GamesOptions.xml.backup
C:\Documents and Settings\Miro ja Rami\Application Data\Starware347\JokeSearch\JokeSearchOptions.xml
C:\Documents and Settings\Miro ja Rami\Application Data\Starware347\JokeSearch\JokeSearchOptions.xml.backup
C:\Documents and Settings\Miro ja Rami\Application Data\Starware347\Movies\MoviesOptions.xml
C:\Documents and Settings\Miro ja Rami\Application Data\Starware347\Movies\MoviesOptions.xml.backup
C:\Documents and Settings\Miro ja Rami\Application Data\Starware347\Pranks\PranksOptions.xml
C:\Documents and Settings\Miro ja Rami\Application Data\Starware347\Pranks\PranksOptions.xml.backup
C:\Documents and Settings\Miro ja Rami\Application Data\Starware347\ScreensaversMarketingSitePager\ScreensaversMarketingSitePagerOptions.xml
C:\Documents and Settings\Miro ja Rami\Application Data\Starware347\ScreensaversMarketingSitePager\ScreensaversMarketingSitePagerOptions.xml.backup
C:\Program Files\seekmo
C:\Program Files\seekmo\seekmohook.dll
C:\WINDOWS\bjam.dll
C:\WINDOWS\bokja.exe
C:\WINDOWS\cdsm32.dll
C:\WINDOWS\mspphe.dll
C:\WINDOWS\mssvr.exe
C:\WINDOWS\saiemod.dll
C:\WINDOWS\salm.exe
C:\WINDOWS\stcloader.exe
C:\WINDOWS\swin32.dll
C:\WINDOWS\system32\msixu.dll
C:\WINDOWS\system32\wer8274.dll
C:\WINDOWS\updatetc.exe
C:\WINDOWS\voiceip.dll

.
((((( Tiedostot, jotka on luotu seuraavalla aikavälillä: 2008-02-23 to 2008-03-23 )))))))))))))))))
.

2008-03-23 13:57 . 2004-09-14 18:12 1,032,704 --a--c--- C:\WINDOWS\explorer.exe
2008-03-23 13:57 . 2004-09-14 18:12 1,032,704 --a--c--- C:\explorer.exe
2008-03-22 21:48 . 2008-03-22 21:03 1,606,483 --a--c--- C:\Documents and Settings\All Users\ComboFix.exe
2008-03-22 21:16 . 2008-03-22 21:16 <KANSIO> d----c--- C:\ComboFix1
2008-03-22 21:10 . 2008-03-22 21:13 <KANSIO> d----c--- C:\ComboFix2
2008-03-22 21:06 . 2008-03-22 21:03 1,606,483 --a--c--- C:\ComboFix.exe
2008-03-22 19:14 . 2004-09-14 18:12 24,576 --a--c--- C:\WINDOWS\system32\userinit.exe
2008-03-22 19:14 . 2004-09-14 18:12 24,576 --a--c--- C:\userinit.exe
2008-03-22 12:47 . 2008-03-22 12:47 <KANSIO> d----c--- C:\WINDOWS\system32\config\systemprofile\Application Data\Grisoft
2008-03-22 12:47 . 2008-03-22 12:47 <KANSIO> d----c--- C:\WINDOWS\system32\config\systemprofile\Application Data\Comodo
2008-03-20 21:17 . 2007-11-07 13:28 722,432 --a--c--- C:\WINDOWS\system32\lsasrv.dll
2008-03-20 20:00 . 2007-02-09 15:10 574,464 --a--c--- C:\WINDOWS\system32\drivers\ntfs.sys
2008-03-20 15:39 . 2008-03-20 15:39 <KANSIO> d--hs---- C:\found.000
2008-03-20 11:00 . 2008-03-22 16:22 0 --a--c--- C:\23990098.$$$
2008-03-20 08:58 . 2008-03-20 09:01 <KANSIO> d----c--- C:\Downloads
2008-03-20 08:58 . 2008-03-20 09:00 <KANSIO> d----c--- C:\Bases
2008-03-20 08:54 . 2008-03-20 09:01 <KANSIO> d----c--- C:\Kaspersky
2008-03-20 08:48 . 2008-03-20 08:48 <KANSIO> d----c--- C:\Program Files\180searchassistant
2008-03-20 08:48 . 2008-03-20 08:48 <KANSIO> d----c--- C:\Program Files\180search assistant
2008-03-19 21:57 . 2008-03-19 21:57 <KANSIO> d----c--- C:\Documents and Settings\Järjestelmänvalvoja\Application Data\Teleca
2008-03-19 19:49 . 2008-03-19 19:49 <KANSIO> d----c--- C:\WINDOWS\FLEOK
2008-03-19 19:49 . 2008-03-19 19:49 <KANSIO> d----c--- C:\Program Files\zango
2008-03-19 19:49 . 2008-03-19 19:49 <KANSIO> d----c--- C:\Program Files\180solutions
2008-03-19 19:30 . 2008-03-19 19:30 <KANSIO> d----c--- C:\Documents and Settings\Järjestelmänvalvoja\Application Data\Grisoft
2008-03-16 19:50 . 2008-03-16 19:50 139,008 --a--c--- C:\WINDOWS\system32\guard32.dll
2008-03-16 19:50 . 2008-03-16 19:50 85,112 --a--c--- C:\WINDOWS\system32\drivers\cmdguard.sys
2008-03-16 19:50 . 2008-03-16 19:50 23,800 --a--c--- C:\WINDOWS\system32\drivers\cmdhlp.sys
2008-03-16 17:05 . 2008-03-16 17:05 <KANSIO> d----c--- C:\Program Files\Common Files\HP
2008-03-16 16:56 . 2008-03-16 17:05 113,144 --a--c--- C:\WINDOWS\hpoins07.dat
2008-03-16 16:56 . 2005-05-24 07:41 21,124 -----c--- C:\WINDOWS\hpomdl07.dat
2008-03-16 09:12 . 2008-03-16 09:12 <KANSIO> d----c--- C:\Documents and Settings\Rami\Application Data\Grisoft
2008-03-15 16:05 . 2008-03-15 16:05 <KANSIO> d----c--- C:\Documents and Settings\Miro ja Rami\Application Data\Grisoft
2008-03-15 16:00 . 2008-03-15 16:00 <KANSIO> d-------- C:\Documents and Settings\Jari\Application Data\Grisoft
2008-03-15 15:28 . 2008-03-15 15:28 <KANSIO> d----c--- C:\Program Files\Sysmnt
2008-03-15 15:28 . 2008-03-15 15:28 <KANSIO> d----c--- C:\Program Files\stc
2008-03-15 13:55 . 2008-03-15 13:55 <KANSIO> d----c--- C:\Documents and Settings\All Users\Application Data\Grisoft
2008-03-15 13:55 . 2007-05-30 14:10 10,872 --a--c--- C:\WINDOWS\system32\drivers\AvgAsCln.sys
2008-03-15 12:56 . 2008-03-15 12:56 <KANSIO> d----c--- C:\Program Files\Spybot - Search & Destroy
2008-03-15 12:56 . 2008-03-15 12:58 <KANSIO> d----c--- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-03-14 16:49 . 2008-03-14 16:49 1,720,086 --a--c--- C:\WINDOWS\system32\TmpA9346968
2008-03-14 07:23 . 2008-03-20 09:02 1,856 --a--c--- C:\WINDOWS\defaultxxx.htm
2008-03-13 21:28 . 2008-03-13 21:28 88,587 --a--c--- C:\WINDOWS\system32\mgmrwmrv.exe.mwt
2008-03-13 21:28 . 2008-03-13 21:28 4 --a--c--- C:\WINDOWS\system32\winfrun32.bin
2008-03-08 14:22 . 2008-03-08 14:23 <KANSIO> d----c--- C:\Program Files\Windows Live
2008-03-08 14:22 . 2008-03-08 14:22 <KANSIO> d--hsc--- C:\Program Files\Common Files\WindowsLiveInstaller
2008-03-08 14:22 . 2008-03-08 14:22 <KANSIO> d----c--- C:\Documents and Settings\All Users\Application Data\WLInstaller
2008-03-02 17:56 . 2008-03-02 17:56 <KANSIO> d----c--- C:\Program Files\Microsoft Games
2008-02-23 20:40 . 2008-02-23 20:40 <KANSIO> d----c--- C:\Program Files\CASIO
2008-02-23 20:40 . 2003-10-02 00:00 413,696 --a--c--- C:\WINDOWS\system32\PICSDK.dll
2008-02-23 20:40 . 2002-11-01 00:00 114,688 --a--c--- C:\WINDOWS\system32\EpPicPrt.dll
2008-02-23 20:40 . 2003-10-02 00:00 91,923 --a--c--- C:\WINDOWS\system32\EPPICPrinterDB.dat
2008-02-23 20:40 . 2003-10-02 00:00 76,956 --a--c--- C:\WINDOWS\system32\EPPICPattern2.dat
2008-02-23 20:40 . 2002-11-01 00:00 65,536 --a--c--- C:\WINDOWS\system32\EPPicMgr.dll
2008-02-23 20:40 . 2003-10-02 00:00 39,121 --a--c--- C:\WINDOWS\system32\EPPICPattern1.dat
2008-02-23 20:40 . 2003-10-02 00:01 27,965 --a--c--- C:\WINDOWS\system32\EPPICPresetData_JP.dat
2008-02-23 20:40 . 2003-10-02 00:00 15,822 --a--c--- C:\WINDOWS\system32\EPPICLocal_JP.cfg
2008-02-23 20:40 . 2008-02-23 20:40 15,172 --a--c--- C:\WINDOWS\system32\drivers\PzWDM.sys
2008-02-23 20:40 . 2003-10-02 00:00 14,482 --a--c--- C:\WINDOWS\system32\EPPICLocal_EN.cfg
2008-02-23 20:38 . 2008-02-23 20:45 <KANSIO> d----c--- C:\Program Files\HOTALBUMMyBOX

.
(((((((((((((((((((((((((((((((((((( Find3M-raportti ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-03-19 15:49 --------- d-----w C:\Documents and Settings\Jari\Application Data\Comodo
2008-03-19 15:14 --------- dc----w C:\Program Files\Steam
2008-03-17 13:33 --------- dc----w C:\Documents and Settings\Miro ja Rami\Application Data\Comodo
2008-03-16 17:53 --------- dc----w C:\Documents and Settings\All Users\Application Data\Comodo
2008-03-16 17:50 --------- dc----w C:\Documents and Settings\Rami\Application Data\Comodo
2008-03-16 17:09 --------- dc----w C:\Documents and Settings\Rami\Application Data\Image Zone Express
2008-03-16 15:05 --------- dc----w C:\Program Files\HP
2008-03-16 14:55 --------- dc----w C:\Documents and Settings\Rami\Application Data\HP
2008-03-14 14:48 --------- dc----w C:\Program Files\StepMania
2008-03-13 17:23 --------- dc----w C:\Program Files\GameSpy Arcade
2008-03-13 17:19 --------- dc----w C:\Program Files\OpenOffice.org1.1.1
2008-03-10 13:13 --------- dc-h--w C:\Program Files\InstallShield Installation Information
2008-03-10 13:13 --------- dc----w C:\Program Files\Ubisoft
2008-03-09 07:25 --------- dc----w C:\Program Files\Java
2008-03-08 12:23 --------- dc----w C:\Program Files\MSN Messenger
2008-02-24 18:13 --------- dc----w C:\Documents and Settings\Miro ja Rami\Application Data\uTorrent
2008-02-23 11:57 --------- dc----w C:\Program Files\Electronic Arts
2008-02-23 09:36 --------- dc----w C:\Program Files\Common Files\3DO Shared
2008-02-19 15:34 --------- dc----w C:\Program Files\Winamp
2008-02-19 12:15 --------- dc----w C:\Program Files\3DO
2008-02-16 10:23 --------- dc----w C:\Program Files\Lavasoft
2008-02-16 10:23 --------- dc----w C:\Documents and Settings\All Users\Application Data\Lavasoft
2008-02-16 10:22 --------- dc----w C:\Program Files\Common Files\Wise Installation Wizard
2008-02-03 18:51 --------- dc----w C:\Documents and Settings\All Users\Application Data\Absolutist
2008-02-01 11:44 --------- dc----w C:\Documents and Settings\Miro ja Rami\Application Data\Skype
2007-01-15 17:00 138,220 -c--a-w C:\Documents and Settings\All Users\Application Data\firstlsp.reg.dat
2005-10-25 17:48 1,302,528 -c--a-w C:\Documents and Settings\Rami\Fishing.exe
2005-10-15 23:49 97,848 -c--a-w C:\Documents and Settings\Rami\bass.dll
2007-01-20 19:03 88 -csh--r C:\WINDOWS\system32\24DD2CB436.sys
2007-01-26 13:20 3,350 -csha-w C:\WINDOWS\system32\KGyGaAvL.sys
.

------- Sigcheck -------

Cryptography Services Error !!
.
(((((((((((((((((((((((((((((( Rekisterin käynnistyskohteet )))))))))))))))))))))))))))))))))))))))))))))
.
.
REGEDIT4
*Huom* Tyhjiä arvoja ja laillisia oletusarvoja ei näytetä

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-09-14 15:12 15360]
"msnmsgr"="C:\Program Files\MSN Messenger\msnmsgr.exe" [2007-01-19 11:55 5674352]
"WMPNSCFG"="C:\Program Files\Windows Media Player\WMPNSCFG.exe" [2006-11-15 10:40 204288]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2005-12-10 03:06 7311360]
"nwiz"="nwiz.exe" [2005-12-10 03:06 1519616 C:\WINDOWS\system32\nwiz.exe]
"NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [2005-12-10 03:06 86016]
"RemoteControl"="C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe" [2003-10-31 19:42 32768]
"HP Software Update"="C:\Program Files\HP\HP Software Update\HPWuSchd2.exe" [2005-05-11 23:12 49152]
"avast!"="C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [ ]
"SoundMan"="SOUNDMAN.EXE" [2007-04-16 14:28 577536 C:\WINDOWS\soundman.exe]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" [ ]
"Sony Ericsson PC Suite"="C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe" [2005-10-26 16:17 159744]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2007-08-11 22:23 286720]
"WinampAgent"="C:\Program Files\Winamp\winampa.exe" [2007-12-03 07:59 37376]
"!AVG Anti-Spyware"="C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" [2007-06-11 11:25 6731312]
"COMODO Firewall Pro"="C:\Program Files\Comodo\Firewall\cfp.exe" [2008-03-16 19:50 1503488]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-09-14 15:12 15360]
"msnmsgr"="C:\Program Files\MSN Messenger\msnmsgr.exe" [2007-01-19 11:55 5674352]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"= C:\WINDOWS\system32\guard32.dll

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Käynnistä-valikko^Ohjelmat^Käynnistys^Adobe Reader Speed Launch.lnk]
path=C:\Documents and Settings\All Users\Käynnistä-valikko\Ohjelmat\Käynnistys\Adobe Reader Speed Launch.lnk
backup=C:\WINDOWS\pss\Adobe Reader Speed Launch.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Käynnistä-valikko^Ohjelmat^Käynnistys^MediaChecker.lnk]
path=C:\Documents and Settings\All Users\Käynnistä-valikko\Ohjelmat\Käynnistys\MediaChecker.lnk
backup=C:\WINDOWS\pss\MediaChecker.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\F-Secure Manager]
C:\Program Files\F-Secure\Common\FSM32.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\F-Secure TNB]
C:\Program Files\F-Secure\FSGUI\TNBUtil.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MBBalloon]
--a--c--- 2007-02-09 14:28 789120 C:\Program Files\HOTALBUMMyBOX\MBBalloon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
--a--c--- 2001-07-09 11:50 155648 C:\WINDOWS\system32\NeroCheck.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpyHunter]
C:\WINDOWS\system32\bhxzopiux.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Update API]
C:\WINDOWS\system32\bhxzopiux.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UR]
C:\DOCUME~1\make\LOCALS~1\Temp\UR.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"WLSetupSvc"=3 (0x3)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"C:\\Program Files\\Steam\\SteamApps\\headshot913\\counter-strike source\\hl2.exe"=
"C:\\Program Files\\Messenger\\msmsgs.exe"=
"C:\\Program Files\\Steam\\steam.exe"=
"C:\\Program Files\\Ubisoft\\Heroes of Might and Magic V\\bin\\H5_Game.exe"=
"C:\\Program Files\\3DO\\Heroes 3 Complete\\HEROES3.EXE"=
"C:\\Program Files\\Microsoft Games\\Age of Empires II\\age2_x1\\age2_x1.exe"=
"C:\\WINDOWS\\system32\\dplaysvr.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=
"C:\\Program Files\\GameSpy Arcade\\Aphex.exe"=
"C:\\Program Files\\3DO\\Heroes of Might and Magic IV\\heroes4.exe"=
"C:\\WINDOWS\\system32\\dpnsvr.exe"=
"C:\\Program Files\\Skype\\Phone\\Skype.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpofxm08.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hposfx08.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqscnvw.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqCopy.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpfccopy.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpzwiz01.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqPhUnl.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqDIA.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"7200:TCP"= 7200:TCP:BitComet 7200 TCP
"7200:UDP"= 7200:UDP:BitComet 7200 UDP
"9838:TCP"= 9838:TCP:BitComet 9838 TCP
"9838:UDP"= 9838:UDP:BitComet 9838 UDP
"9842:TCP"= 9842:TCP:*isabled:SolidNetworkManager
"9842:UDP"= 9842:UDP:*isabled:SolidNetworkManager
"3724:TCP"= 3724:TCP:Blizzard Downloader: 3724

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\C]
\Shell\Auto\command - skndcpvcx.exe
\Shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL skndcpvcx.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{3d7697ca-937e-11db-b110-0015f2176775}]
\Shell\Auto\command - avyxrxvvm.exe
\Shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL avyxrxvvm.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{7a900b40-8c00-11da-ac57-806d6172696f}]
\Shell\Auto\command - skndcpvcx.exe
\Shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL skndcpvcx.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{c41fc520-24b1-11dc-b3ac-0015f2176775}]
\Shell\Auto\command - avyxrxvvm.exe
\Shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL avyxrxvvm.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{c41fc521-24b1-11dc-b3ac-0015f2176775}]
\Shell\Auto\command - avyxrxvvm.exe
\Shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL avyxrxvvm.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{d870e673-253e-11dc-b3b1-0015f2176775}]
\Shell\Auto\command - kelkbnawu.exe
\Shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL kelkbnawu.exe

.
**************************************************************************

catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-03-23 12:05:42
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2008-03-23 12:06:41
ComboFix-quarantined-files.txt 2008-03-23 10:06:24
.
2008-03-12 06:00:04 --- E O F ---

many68 · 23.03.2008

Tässä SDFix-raportti ja sen perässä uusin Hjt-logi

SDFix: Version 1.160

Run by Jari on su 23.03.2008 at 12:49

Microsoft Windows XP [versio 5.1.2600]
Running From: C:\DOCUME~1\Jari\TYPYT~1\SDFix

Checking Services :

Restoring Windows Registry Values
Restoring Windows Default Hosts File

Rebooting

Checking Files :

Trojan Files Found:

C:\autorun.inf - Deleted
C:\explorer.exe - Deleted
C:\WINDOWS\system32\winfrun32.bin - Deleted

Removing Temp Files

ADS Check :

Final Check :

catchme 0.3.1344.2 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-03-23 12:54:17
Windows 5.1.2600 Service Pack 2 NTFS

detected NTDLL code modification:
ZwClose

scanning hidden processes ...

scanning hidden services & system hive ...

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4]
"h0"=dword:00000000
"khjeh"=hex:e6,88,13,f2,25,02,26,ea,99,5f,c7,80,83,ea,09,39,ea,7a,b0,3e,30,..
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4]
"h0"=dword:00000000
"khjeh"=hex:e6,88,13,f2,25,02,26,ea,99,5f,c7,80,83,ea,09,39,ea,7a,b0,3e,30,..
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4]
"h0"=dword:00000000
"khjeh"=hex:e6,88,13,f2,25,02,26,ea,99,5f,c7,80,83,ea,09,39,ea,7a,b0,3e,30,..
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet004\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4]
"h0"=dword:00000000
"khjeh"=hex:e6,88,13,f2,25,02,26,ea,99,5f,c7,80,83,ea,09,39,ea,7a,b0,3e,30,..
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg]
"s1"=dword:ce60e291
"s2"=dword:6fd677f7
"h0"=dword:00000001

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4]
"h0"=dword:00000000
"khjeh"=hex:e6,88,13,f2,25,02,26,ea,99,5f,c7,80,83,ea,09,39,ea,7a,b0,3e,30,..
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet006\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4]
"h0"=dword:00000000
"khjeh"=hex:e6,88,13,f2,25,02,26,ea,99,5f,c7,80,83,ea,09,39,ea,7a,b0,3e,30,..

scanning hidden registry entries ...

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\\x90\x2022\x20ac|\xff\xff\xff\xff"\x2022\x20ac|\xf9\x2022\xd3w\2]
"b049C053C7D38EE4AB9A00CB3B5D2472"="C?\Program Files\Common Files\Microsoft Shared\Web Folders\PUBPLACE.HTT"

scanning hidden files ...

scan completed successfully
hidden processes: 0
hidden services: 0
hidden files: 0

Remaining Services :

Authorized Application Key Export:

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabledxpsp2res.dll,-22019"
"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabledxpsp3res.dll,-20000"
"C:\\Program Files\\Steam\\SteamApps\\headshot913\\counter-strike source\\hl2.exe"="C:\\Program Files\\Steam\\SteamApps\\headshot913\\counter-strike source\\hl2.exe:*isabled:hl2"
"C:\\Program Files\\Messenger\\msmsgs.exe"="C:\\Program Files\\Messenger\\msmsgs.exe:*:Enabled:Windows Messenger"
"C:\\Program Files\\Steam\\steam.exe"="C:\\Program Files\\Steam\\steam.exe:*:Enabled:Steam"
"C:\\Program Files\\Ubisoft\\Heroes of Might and Magic V\\bin\\H5_Game.exe"="C:\\Program Files\\Ubisoft\\Heroes of Might and Magic V\\bin\\H5_Game.exe:*:Enabled:Heroes of Might and Magic V"
"C:\\Program Files\\3DO\\Heroes 3 Complete\\HEROES3.EXE"="C:\\Program Files\\3DO\\Heroes 3 Complete\\HEROES3.EXE:*:Enabled:Heroes of Might and Magic© III"
"C:\\Program Files\\Microsoft Games\\Age of Empires II\\age2_x1\\age2_x1.exe"="C:\\Program Files\\Microsoft Games\\Age of Empires II\\age2_x1\\age2_x1.exe:*:Enabled:Age of Empires II Expansion"
"C:\\WINDOWS\\system32\\dplaysvr.exe"="C:\\WINDOWS\\system32\\dplaysvr.exe:*:Enabled:Microsoft DirectPlay Helper"
"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"="C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger"
"C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"="C:\\Program Files\\Windows Live\\Messenger\\livecall.exe:*:Enabled:Windows Live Messenger (Phone)"
"C:\\Program Files\\GameSpy Arcade\\Aphex.exe"="C:\\Program Files\\GameSpy Arcade\\Aphex.exe:*:Enabled:GameSpy Arcade"
"C:\\Program Files\\3DO\\Heroes of Might and Magic IV\\heroes4.exe"="C:\\Program Files\\3DO\\Heroes of Might and Magic IV\\heroes4.exe:*:Enabled:Heroes of Might and Magic© IV: Winds of WarT"
"C:\\WINDOWS\\system32\\dpnsvr.exe"="C:\\WINDOWS\\system32\\dpnsvr.exe:*:Enabled:Microsoft DirectPlay8 Server"
"C:\\Program Files\\Skype\\Phone\\Skype.exe"="C:\\Program Files\\Skype\\Phone\\Skype.exe:*:Enabled:Skype"
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"="C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe:*:Enabled:hpqtra08.exe"
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"="C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe:*:Enabled:hpqste08.exe"
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpofxm08.exe"="C:\\Program Files\\HP\\Digital Imaging\\bin\\hpofxm08.exe:*:Enabled:hpofxm08.exe"
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hposfx08.exe"="C:\\Program Files\\HP\\Digital Imaging\\bin\\hposfx08.exe:*:Enabled:hposfx08.exe"
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"="C:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe:*:Enabled:hposid01.exe"
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqscnvw.exe"="C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqscnvw.exe:*:Enabled:hpqscnvw.exe"
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"="C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe:*:Enabled:hpqkygrp.exe"
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqCopy.exe"="C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqCopy.exe:*:Enabled:hpqcopy.exe"
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpfccopy.exe"="C:\\Program Files\\HP\\Digital Imaging\\bin\\hpfccopy.exe:*:Enabled:hpfccopy.exe"
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpzwiz01.exe"="C:\\Program Files\\HP\\Digital Imaging\\bin\\hpzwiz01.exe:*:Enabled:hpzwiz01.exe"
"C:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqPhUnl.exe"="C:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqPhUnl.exe:*:Enabled:hpqphunl.exe"
"C:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqDIA.exe"="C:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqDIA.exe:*:Enabled:hpqdia.exe"
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe"="C:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe:*:Enabled:hpoews01.exe"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabledxpsp2res.dll,-22019"
"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabledxpsp3res.dll,-20000"
"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"="C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger"
"C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"="C:\\Program Files\\Windows Live\\Messenger\\livecall.exe:*:Enabled:Windows Live Messenger (Phone)"

Remaining Files :

File Backups: - C:\DOCUME~1\Jari\TYPYT~1\SDFix\backups\backups.zip

Files with Hidden Attributes :

Mon 28 Jan 2008 1,404,240 A.SHR --- "C:\Program Files\Spybot - Search & Destroy\SDUpdate.exe"
Mon 28 Jan 2008 5,146,448 A.SHR --- "C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe"
Mon 28 Jan 2008 2,097,488 A.SHR --- "C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe"
Sat 20 Jan 2007 88 ..SHR --- "C:\WINDOWS\system32\24DD2CB436.sys"
Fri 26 Jan 2007 3,350 A.SH. --- "C:\WINDOWS\system32\KGyGaAvL.sys"
Mon 18 Jun 2007 700,928 ...H. --- "C:\WINDOWS\system32\wodfamoh.dll"
Sun 12 Feb 2006 4,348 ..SH. --- "C:\Documents and Settings\All Users\DRM\DRMv1.bak"
Wed 19 Jul 2006 205 A..H. --- "C:\Program Files\InterActual\InterActual Player\iti351.tmp"
Wed 21 Feb 2007 0 A.SH. --- "C:\Documents and Settings\All Users\DRM\Cache\Indiv02.tmp"
Wed 23 Jan 2008 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\585dc2612ebcefc90e7dee4c276ee95e\BIT10.tmp"
Fri 16 Nov 2007 616,448 A.SH. --- "C:\Deckard\System Scanner\backup\WINDOWS\temp\0b27ysru.TMP"
Tue 18 Sep 2007 616,448 A.SH. --- "C:\Deckard\System Scanner\backup\WINDOWS\temp\0brc5glp.TMP"
Tue 20 Nov 2007 616,448 A.SH. --- "C:\Deckard\System Scanner\backup\WINDOWS\temp\0d3sfq3z.TMP"
Fri 16 Nov 2007 616,448 A.SH. --- "C:\Deckard\System Scanner\backup\WINDOWS\temp\0es6vh5a.TMP"
Tue 20 Nov 2007 616,448 A.SH. --- "C:\Deckard\System Scanner\backup\WINDOWS\temp\0r2njf85.TMP"
Fri 16 Nov 2007 616,448 A.SH. --- "C:\Deckard\System Scanner\backup\WINDOWS\temp\0w299qv1.TMP"
Tue 20 Nov 2007 616,448 A.SH. --- "C:\Deckard\System Scanner\backup\WINDOWS\temp\115uf20n.TMP"
Fri 16 Nov 2007 616,448 A.SH. --- "C:\Deckard\System Scanner\backup\WINDOWS\temp\11xxykme.TMP"
Tue 20 Nov 2007 616,448 A.SH. --- "C:\Deckard\System Scanner\backup\WINDOWS\temp\12nlozd4.TMP"
Fri 16 Nov 2007 616,448 A.SH. --- "C:\Deckard\System Scanner\backup\WINDOWS\temp\13rb9ic9.TMP"
Tue 20 Nov 2007 616,448 A.SH. --- "C:\Deckard\System Scanner\backup\WINDOWS\temp\14uplr6l.TMP"
Tue 18 Sep 2007 616,448 A.SH. --- "C:\Deckard\System Scanner\backup\WINDOWS\temp\15nlo4zx.TMP"
Tue 18 Sep 2007 616,448 A.SH. --- "C:\Deckard\System Scanner\backup\WINDOWS\temp\1fklgsle.TMP"
Tue 20 Nov 2007 616,448 A.SH. --- "C:\Deckard\System Scanner\backup\WINDOWS\temp\1h11xtib.TMP"
Tue 18 Sep 2007 589,824 A.SH. --- "C:\Deckard\System Scanner\backup\WINDOWS\temp\1hcv7d8z.TMP"
Fri 16 Nov 2007 616,448 A.SH. --- "C:\Deckard\System Scanner\backup\WINDOWS\temp\1vbtywp7.TMP"
Tue 20 Nov 2007 616,448 A.SH. --- "C:\Deckard\System Scanner\backup\WINDOWS\temp\1yw9tafy.TMP"
Tue 18 Sep 2007 616,448 A.SH. --- "C:\Deckard\System Scanner\backup\WINDOWS\temp\20lz003u.TMP"
Tue 20 Nov 2007 616,448 A.SH. --- "C:\Deckard\System Scanner\backup\WINDOWS\temp\271rujl1.TMP"
Tue 20 Nov 2007 616,448 A.SH. --- "C:\Deckard\System Scanner\backup\WINDOWS\temp\2bwxer57.TMP"
Fri 16 Nov 2007 616,448 A.SH. --- "C:\Deckard\System Scanner\backup\WINDOWS\temp\2lv4x0m8.TMP"
Fri 16 Nov 2007 616,448 A.SH. --- "C:\Deckard\System Scanner\backup\WINDOWS\temp\2rxoalga.TMP"
Tue 20 Nov 2007 616,448 A.SH. --- "C:\Deckard\System Scanner\backup\WINDOWS\temp\2t9n7pf0.TMP"
Tue 20 Nov 2007 616,448 A.SH. --- "C:\Deckard\System Scanner\backup\WINDOWS\temp\2v09evhw.TMP"
Wed 19 Dec 2007 616,448 A.SH. --- "C:\Deckard\System Scanner\backup\WINDOWS\temp\2wxkdzd6.TMP"
Fri 16 Nov 2007 616,448 A.SH. --- "C:\Deckard\System Scanner\backup\WINDOWS\temp\2zil04nc.TMP"
Tue 20 Nov 2007 616,448 A.SH. --- "C:\Deckard\System Scanner\backup\WINDOWS\temp\303y86gp.TMP"
Fri 16 Nov 2007 616,448 A.SH. --- "C:\Deckard\System Scanner\backup\WINDOWS\temp\338ztpd7.TMP"
Fri 16 Nov 2007 616,448 A.SH. --- "C:\Deckard\System Scanner\backup\WINDOWS\temp\34z4fmh6.TMP"
Tue 20 Nov 2007 616,448 A.SH. --- "C:\Deckard\System Scanner\backup\WINDOWS\temp\39ifd81q.TMP"
Tue 25 Dec 2007 616,448 A.SH. --- "C:\Deckard\System Scanner\backup\WINDOWS\temp\3ew744eu.TMP"
Tue 20 Nov 2007 616,448 A.SH. --- "C:\Deckard\System Scanner\backup\WINDOWS\temp\3i53i0dy.TMP"
Fri 16 Nov 2007 616,448 A.SH. --- "C:\Deckard\System Scanner\backup\WINDOWS\temp\3muykhj3.TMP"
Tue 20 Nov 2007 616,448 A.SH. --- "C:\Deckard\System Scanner\backup\WINDOWS\temp\3pztpb58.TMP"
Tue 18 Sep 2007 616,448 A.SH. --- "C:\Deckard\System Scanner\backup\WINDOWS\temp\41jpf492.TMP"
Tue 18 Sep 2007 616,448 A.SH. --- "C:\Deckard\System Scanner\backup\WINDOWS\temp\42658hs8.TMP"
Fri 16 Nov 2007 616,448 A.SH. --- "C:\Deckard\System Scanner\backup\WINDOWS\temp\4b89wuo3.TMP"
Fri 16 Nov 2007 616,448 A.SH. --- "C:\Deckard\System Scanner\backup\WINDOWS\temp\4fsc5ds5.TMP"
Tue 20 Nov 2007 616,448 A.SH. --- "C:\Deckard\System Scanner\backup\WINDOWS\temp\4p2bh32q.TMP"
Tue 18 Sep 2007 616,448 A.SH. --- "C:\Deckard\System Scanner\backup\WINDOWS\temp\4vp9vwb3.TMP"
Tue 20 Nov 2007 616,448 A.SH. --- "C:\Deckard\System Scanner\backup\WINDOWS\temp\4xpwt436.TMP"
Tue 20 Nov 2007 616,448 A.SH. --- "C:\Deckard\System Scanner\backup\WINDOWS\temp\5325resl.TMP"
Fri 16 Nov 2007 616,448 A.SH. --- "C:\Deckard\System Scanner\backup\WINDOWS\temp\550hjha4.TMP"
Fri 16 Nov 2007 616,448 A.SH. --- "C:\Deckard\System Scanner\backup\WINDOWS\temp\5bxteyng.TMP"
Tue 20 Nov 2007 616,448 A.SH. --- "C:\Deckard\System Scanner\backup\WINDOWS\temp\5t3nwrug.TMP"
Tue 20 Nov 2007 616,448 A.SH. --- "C:\Deckard\System Scanner\backup\WINDOWS\temp\63pxpzp9.TMP"
Tue 20 Nov 2007 616,448 A.SH. --- "C:\Deckard\System Scanner\backup\WINDOWS\temp\6enee6io.TMP"
Tue 18 Sep 2007 616,448 A.SH. --- "C:\Deckard\System Scanner\backup\WINDOWS\temp\6hzc23j8.TMP"
Tue 20 Nov 2007 616,448 A.SH. --- "C:\Deckard\System Scanner\backup\WINDOWS\temp\6ipbnri8.TMP"
Tue 20 Nov 2007 616,448 A.SH. --- "C:\Deckard\System Scanner\backup\WINDOWS\temp\6msuhpit.TMP"
Tue 20 Nov 2007 616,448 A.SH. --- "C:\Deckard\System Scanner\backup\WINDOWS\temp\6rbqxbx4.TMP"
Tue 18 Sep 2007 616,448 A.SH. --- "C:\Deckard\System Scanner\backup\WINDOWS\temp\6u7uzrq9.TMP"
Tue 20 Nov 2007 589,824 A.SH. --- "C:\Deckard\System Scanner\backup\WINDOWS\temp\721cxbil.TMP"
Tue 18 Sep 2007 616,448 A.SH. --- "C:\Deckard\System Scanner\backup\WINDOWS\temp\7arfq0ly.TMP"
Fri 16 Nov 2007 616,448 A.SH. --- "C:\Deckard\System Scanner\backup\WINDOWS\temp\7fvg3yjp.TMP"
Sun 28 Oct 2007 616,448 A.SH. --- "C:\Deckard\System Scanner\backup\WINDOWS\temp\7xx8rl7o.TMP"
Fri 16 Nov 2007 616,448 A.SH. --- "C:\Deckard\System Scanner\backup\WINDOWS\temp\89zweojx.TMP"
Fri 16 Nov 2007 616,448 A.SH. --- "C:\Deckard\System Scanner\backup\WINDOWS\temp\8xff7cr1.TMP"
Fri 16 Nov 2007 616,448 A.SH. --- "C:\Deckard\System Scanner\backup\WINDOWS\temp\92dswslh.TMP"
Tue 18 Sep 2007 616,448 A.SH. --- "C:\Deckard\System Scanner\backup\WINDOWS\temp\99gnid8i.TMP"
Tue 20 Nov 2007 616,448 A.SH. --- "C:\Deckard\System Scanner\backup\WINDOWS\temp\9bfzc1ou.TMP"
Tue 20 Nov 2007 616,448 A.SH. --- "C:\Deckard\System Scanner\backup\WINDOWS\temp\9mssccue.TMP"
Tue 20 Nov 2007 616,448 A.SH. --- "C:\Deckard\System Scanner\backup\WINDOWS\temp\9ojerjhr.TMP"
Sun 28 Oct 2007 616,448 A.SH. --- "C:\Deckard\System Scanner\backup\WINDOWS\temp\9qb8cvh8.TMP"
Fri 16 Nov 2007 616,448 A.SH. --- "C:\Deckard\System Scanner\backup\WINDOWS\temp\9wb3r3ei.TMP"
Fri 16 Nov 2007 616,448 A.SH. --- "C:\Deckard\System Scanner\backup\WINDOWS\temp\9x7dg4mz.TMP"
Tue 18 Sep 2007 616,448 A.SH. --- "C:\Deckard\System Scanner\backup\WINDOWS\temp\9zktc2ym.TMP"
Fri 16 Nov 2007 616,448 A.SH. --- "C:\Deckard\System Scanner\backup\WINDOWS\temp\a03shhjj.TMP"
Tue 20 Nov 2007 616,448 A.SH. --- "C:\Deckard\System Scanner\backup\WINDOWS\temp\a5dit1yw.TMP"
Tue 20 Nov 2007 616,448 A.SH. --- "C:\Deckard\System Scanner\backup\WINDOWS\temp\a74vgof3.TMP"
Fri 16 Nov 2007 616,448 A.SH. --- "C:\Deckard\System Scanner\backup\WINDOWS\temp\amr9qy4i.TMP"
Fri 16 Nov 2007 616,448 A.SH. --- "C:\Deckard\System Scanner\backup\WINDOWS\temp\ar8d1fvt.TMP"
Fri 16 Nov 2007 616,448 A.SH. --- "C:\Deckard\System Scanner\backup\WINDOWS\temp\ark3z870.TMP"
Tue 20 Nov 2007 616,448 A.SH. --- "C:\Deckard\System Scanner\backup\WINDOWS\temp\atzq8f4b.TMP"
Fri 16 Nov 2007 616,448 A.SH. --- "C:\Deckard\System Scanner\backup\WINDOWS\temp\b5mx6bgk.TMP"
Fri 16 Nov 2007 616,448 A.SH. --- "C:\Deckard\System Scanner\backup\WINDOWS\temp\b6jyv677.TMP"
Tue 18 Sep 2007 616,448 A.SH. --- "C:\Deckard\System Scanner\backup\WINDOWS\temp\b9xyutks.TMP"
Tue 20 Nov 2007 616,448 A.SH. --- "C:\Deckard\System Scanner\backup\WINDOWS\temp\bcdqs1j3.TMP"
Fri 16 Nov 2007 616,448 A.SH. --- "C:\Deckard\System Scanner\backup\WINDOWS\temp\bfhislyv.TMP"
Tue 20 Nov 2007 616,448 A.SH. --- "C:\Deckard\System Scanner\backup\WINDOWS\temp\bldmxxbq.TMP"
Fri 16 Nov 2007 616,448 A.SH. --- "C:\Deckard\System Scanner\backup\WINDOWS\temp\bwlmsvso.TMP"
Tue 20 Nov 2007 616,448 A.SH. --- "C:\Deckard\System Scanner\backup\WINDOWS\temp\cjt5fnw7.TMP"
Tue 20 Nov 2007 616,448 A.SH. --- "C:\Deckard\System Scanner\backup\WINDOWS\temp\coopsap7.TMP"
Tue 18 Sep 2007 616,448 A.SH. --- "C:\Deckard\System Scanner\backup\WINDOWS\temp\cpjjilkd.TMP"
Tue 18 Sep 2007 616,448 A.SH. --- "C:\Deckard\System Scanner\backup\WINDOWS\temp\cqu1jmwl.TMP"
Tue 20 Nov 2007 616,448 A.SH. --- "C:\Deckard\System Scanner\backup\WINDOWS\temp\cveh528w.TMP"
Fri 16 Nov 2007 616,448 A.SH. --- "C:\Deckard\System Scanner\backup\WINDOWS\temp\d0vy9oe3.TMP"
Tue 20 Nov 2007 616,448 A.SH. --- "C:\Deckard\System Scanner\backup\WINDOWS\temp\e0xiropd.TMP"
Tue 18 Sep 2007 616,448 A.SH. --- "C:\Deckard\System Scanner\backup\WINDOWS\temp\e950e04o.TMP"
Fri 16 Nov 2007 616,448 A.SH. --- "C:\Deckard\System Scanner\backup\WINDOWS\temp\ea5w8hyx.TMP"
Tue 20 Nov 2007 616,448 A.SH. --- "C:\Deckard\System Scanner\backup\WINDOWS\temp\eib59jom.TMP"
Tue 20 Nov 2007 616,448 A.SH. --- "C:\Deckard\System Scanner\backup\WINDOWS\temp\ejd4qmx6.TMP"
Tue 20 Nov 2007 616,448 A.SH. --- "C:\Deckard\System Scanner\backup\WINDOWS\temp\eoi96tov.TMP"
Fri 16 Nov 2007 616,448 A.SH. --- "C:\Deckard\System Scanner\backup\WINDOWS\temp\eubmo9u3.TMP"
Tue 18 Sep 2007 616,448 A.SH. --- "C:\Deckard\System Scanner\backup\WINDOWS\temp\ewd7ql82.TMP"
Fri 16 Nov 2007 616,448 A.SH. --- "C:\Deckard\System Scanner\backup\WINDOWS\temp\eyjlukie.TMP"
Tue 20 Nov 2007 616,448 A.SH. --- "C:\Deckard\System Scanner\backup\WINDOWS\temp\f28w2xui.TMP"
Tue 25 Dec 2007 616,448 A.SH. --- "C:\Deckard\System Scanner\backup\WINDOWS\temp\fjkyjimo.TMP"
Tue 18 Sep 2007 616,448 A.SH. --- "C:\Deckard\System Scanner\backup\WINDOWS\temp\fk0i5k7n.TMP"
Fri 16 Nov 2007 616,448 A.SH. --- "C:\Deckard\System Scanner\backup\WINDOWS\temp\fn61o6mx.TMP"
Fri 16 Nov 2007 616,448 A.SH. --- "C:\Deckard\System Scanner\backup\WINDOWS\temp\fodp740m.TMP"
Tue 18 Sep 2007 616,448 A.SH. --- "C:\Deckard\System Scanner\backup\WINDOWS\temp\fq9xsdbs.TMP"
Tue 20 Nov 2007 616,448 A.SH. --- "C:\Deckard\System Scanner\backup\WINDOWS\temp\fqeyad5p.TMP"
Fri 16 Nov 2007 616,448 A.SH. --- "C:\Deckard\System Scanner\backup\WINDOWS\temp\fruqqv9q.TMP"
Tue 20 Nov 2007 616,448 A.SH. --- "C:\Deckard\System Scanner\backup\WINDOWS\temp\g03gs5vw.TMP"
Tue 20 Nov 2007 616,448 A.SH. --- "C:\Deckard\System Scanner\backup\WINDOWS\temp\g5icmn16.TMP"
Tue 20 Nov 2007 616,448 A.SH. --- "C:\Deckard\System Scanner\backup\WINDOWS\temp\g8jwa69e.TMP"
Tue 20 Nov 2007 616,448 A.SH. --- "C:\Deckard\System Scanner\backup\WINDOWS\temp\gbnmq357.TMP"
Tue 20 Nov 2007 616,448 A.SH. --- "C:\Deckard\System Scanner\backup\WINDOWS\temp\gcly8y7j.TMP"
Tue 20 Nov 2007 616,448 A.SH. --- "C:\Deckard\System Scanner\backup\WINDOWS\temp\gd8h9dqr.TMP"
Fri 16 Nov 2007 616,448 A.SH. --- "C:\Deckard\System Scanner\backup\WINDOWS\temp\ghma14td.TMP"
Fri 16 Nov 2007 616,448 A.SH. --- "C:\Deckard\System Scanner\backup\WINDOWS\temp\gjhvpb77.TMP"
Tue 20 Nov 2007 616,448 A.SH. --- "C:\Deckard\System Scanner\backup\WINDOWS\temp\glxd0kpy.TMP"
Tue 20 Nov 2007 616,448 A.SH. --- "C:\Deckard\System Scanner\backup\WINDOWS\temp\guzobaj0.TMP"
Fri 16 Nov 2007 616,448 A.SH. --- "C:\Deckard\System Scanner\backup\WINDOWS\temp\h05qtaxm.TMP"
Fri 16 Nov 2007 616,448 A.SH. --- "C:\Deckard\System Scanner\backup\WINDOWS\temp\h939p88y.TMP"
Tue 20 Nov 2007 616,448 A.SH. --- "C:\Deckard\System Scanner\backup\WINDOWS\temp\hszuv4ip.TMP"
Tue 20 Nov 2007 616,448 A.SH. --- "C:\Deckard\System Scanner\backup\WINDOWS\temp\husd1vbb.TMP"
Tue 20 Nov 2007 616,448 A.SH. --- "C:\Deckard\System Scanner\backup\WINDOWS\temp\i93jr3yx.TMP"
Tue 20 Nov 2007 616,448 A.SH. --- "C:\Deckard\System Scanner\backup\WINDOWS\temp\imrpi251.TMP"
Tue 20 Nov 2007 616,448 A.SH. --- "C:\Deckard\System Scanner\backup\WINDOWS\temp\ixczsp7p.TMP"
Tue 20 Nov 2007 616,448 A.SH. --- "C:\Deckard\System Scanner\backup\WINDOWS\temp\iyxrsocp.TMP"
Fri 16 Nov 2007 616,448 A.SH. --- "C:\Deckard\System Scanner\backup\WINDOWS\temp\j4keiyr0.TMP"
Tue 20 Nov 2007 616,448 A.SH. --- "C:\Deckard\System Scanner\backup\WINDOWS\temp\j7j6uxsx.TMP"
Fri 16 Nov 2007 616,448 A.SH. --- "C:\Deckard\System Scanner\backup\WINDOWS\temp\jalr55kh.TMP"
Tue 18 Sep 2007 616,448 A.SH. --- "C:\Deckard\System Scanner\backup\WINDOWS\temp\jfkxopsk.TMP"
Tue 20 Nov 2007 616,448 A.SH. --- "C:\Deckard\System Scanner\backup\WINDOWS\temp\jg5vjhc4.TMP"
Tue 20 Nov 2007 616,448 A.SH. --- "C:\Deckard\System Scanner\backup\WINDOWS\temp\jpb8buqr.TMP"
Tue 20 Nov 2007 616,448 A.SH. --- "C:\Deckard\System Scanner\backup\WINDOWS\temp\jpxs7w51.TMP"
Tue 20 Nov 2007 616,448 A.SH. --- "C:\Deckard\System Scanner\backup\WINDOWS\temp\js0p3c0r.TMP"
Tue 18 Sep 2007 616,448 A.SH. --- "C:\Deckard\System Scanner\backup\WINDOWS\temp\k0o7dy6k.TMP"
Tue 20 Nov 2007 616,448 A.SH. --- "C:\Deckard\System Scanner\backup\WINDOWS\temp\k3iofhii.TMP"
Fri 16 Nov 2007 616,448 A.SH. --- "C:\Deckard\System Scanner\backup\WINDOWS\temp\k51qfwx0.TMP"
Tue 20 Nov 2007 616,448 A.SH. --- "C:\Deckard\System Scanner\backup\WINDOWS\temp\k5f1l67x.TMP"
Fri 16 Nov 2007 616,448 A.SH. --- "C:\Deckard\System Scanner\backup\WINDOWS\temp\k5tb18dw.TMP"
Fri 16 Nov 2007 616,448 A.SH. --- "C:\Deckard\System Scanner\backup\WINDOWS\temp\k6ixgw79.TMP"
Wed 19 Dec 2007 616,448 A.SH. --- "C:\Deckard\System Scanner\backup\WINDOWS\temp\k8waz1zd.TMP"
Fri 16 Nov 2007 616,448 A.SH. --- "C:\Deckard\System Scanner\backup\WINDOWS\temp\kcjp5a53.TMP"
Tue 20 Nov 2007 616,448 A.SH. --- "C:\Deckard\System Scanner\backup\WINDOWS\temp\l989t3vv.TMP"
Tue 20 Nov 2007 616,448 A.SH. --- "C:\Deckard\System Scanner\backup\WINDOWS\temp\lmxy9cev.TMP"
Fri 16 Nov 2007 616,448 A.SH. --- "C:\Deckard\System Scanner\backup\WINDOWS\temp\lo1o8j4n.TMP"
Tue 20 Nov 2007 616,448 A.SH. --- "C:\Deckard\System Scanner\backup\WINDOWS\temp\lsel4g1u.TMP"
Tue 20 Nov 2007 616,448 A.SH. --- "C:\Deckard\System Scanner\backup\WINDOWS\temp\lxb5z9cg.TMP"
Fri 16 Nov 2007 616,448 A.SH. --- "C:\Deckard\System Scanner\backup\WINDOWS\temp\m1pd5fx8.TMP"
Tue 20 Nov 2007 616,448 A.SH. --- "C:\Deckard\System Scanner\backup\WINDOWS\temp\m7polcox.TMP"
Tue 20 Nov 2007 616,448 A.SH. --- "C:\Deckard\System Scanner\backup\WINDOWS\temp\m90qtasu.TMP"
Tue 20 Nov 2007 616,448 A.SH. --- "C:\Deckard\System Scanner\backup\WINDOWS\temp\mbfx4rfg.TMP"
Tue 20 Nov 2007 616,448 A.SH. --- "C:\Deckard\System Scanner\backup\WINDOWS\temp\mco583s9.TMP"
Tue 20 Nov 2007 616,448 A.SH. --- "C:\Deckard\System Scanner\backup\WINDOWS\temp\mguccscd.TMP"
Tue 20 Nov 2007 616,448 A.SH. --- "C:\Deckard\System Scanner\backup\WINDOWS\temp\mhny6fk0.TMP"
Fri 16 Nov 2007 616,448 A.SH. --- "C:\Deckard\System Scanner\backup\WINDOWS\temp\mme4lla8.TMP"
Tue 20 Nov 2007 616,448 A.SH. --- "C:\Deckard\System Scanner\backup\WINDOWS\temp\n2qqg39u.TMP"
Tue 20 Nov 2007 616,448 A.SH. --- "C:\Deckard\System Scanner\backup\WINDOWS\temp\n3ti4zjr.TMP"
Fri 16 Nov 2007 616,448 A.SH. --- "C:\Deckard\System Scanner\backup\WINDOWS\temp\n4t5mpco.TMP"
Tue 18 Sep 2007 616,448 A.SH. --- "C:\Deckard\System Scanner\backup\WINDOWS\temp\n6v4x0k2.TMP"
Tue 20 Nov 2007 616,448 A.SH. --- "C:\Deckard\System Scanner\backup\WINDOWS\temp\n785cmx5.TMP"
Tue 20 Nov 2007 616,448 A.SH. --- "C:\Deckard\System Scanner\backup\WINDOWS\temp\nndhxr06.TMP"
Fri 16 Nov 2007 616,448 A.SH. --- "C:\Deckard\System Scanner\backup\WINDOWS\temp\npu4zf1y.TMP"
Tue 18 Sep 2007 616,448 A.SH. --- "C:\Deckard\System Scanner\backup\WINDOWS\temp\nqfzpujc.TMP"
Fri 16 Nov 2007 616,448 A.SH. --- "C:\Deckard\System Scanner\backup\WINDOWS\temp\nrdrvj4g.TMP"
Fri 16 Nov 2007 616,448 A.SH. --- "C:\Deckard\System Scanner\backup\WINDOWS\temp\nuct7k3a.TMP"
Tue 20 Nov 2007 616,448 A.SH. --- "C:\Deckard\System Scanner\backup\WINDOWS\temp\o4lzp64c.TMP"
Fri 16 Nov 2007 616,448 A.SH. --- "C:\Deckard\System Scanner\backup\WINDOWS\temp\o6g6nrp5.TMP"
Fri 16 Nov 2007 616,448 A.SH. --- "C:\Deckard\System Scanner\backup\WINDOWS\temp\o81wdewz.TMP"
Fri 16 Nov 2007 616,448 A.SH. --- "C:\Deckard\System Scanner\backup\WINDOWS\temp\omb3y3h1.TMP"
Tue 20 Nov 2007 616,448 A.SH. --- "C:\Deckard\System Scanner\backup\WINDOWS\temp\op1jrf4j.TMP"
Tue 18 Sep 2007 616,448 A.SH. --- "C:\Deckard\System Scanner\backup\WINDOWS\temp\oqbfb2zn.TMP"
Tue 18 Sep 2007 616,448 A.SH. --- "C:\Deckard\System Scanner\backup\WINDOWS\temp\p278q9qg.TMP"
Fri 16 Nov 2007 616,448 A.SH. --- "C:\Deckard\System Scanner\backup\WINDOWS\temp\p6wyl2mt.TMP"
Fri 16 Nov 2007 616,448 A.SH. --- "C:\Deckard\System Scanner\backup\WINDOWS\temp\pb9v4kru.TMP"
Fri 16 Nov 2007 616,448 A.SH. --- "C:\Deckard\System Scanner\backup\WINDOWS\temp\pryja54y.TMP"
Tue 18 Sep 2007 616,448 A.SH. --- "C:\Deckard\System Scanner\backup\WINDOWS\temp\qnfnja2q.TMP"
Tue 20 Nov 2007 616,448 A.SH. --- "C:\Deckard\System Scanner\backup\WINDOWS\temp\qq0emoxe.TMP"
Fri 16 Nov 2007 616,448 A.SH. --- "C:\Deckard\System Scanner\backup\WINDOWS\temp\qvxgytkx.TMP"
Tue 20 Nov 2007 616,448 A.SH. --- "C:\Deckard\System Scanner\backup\WINDOWS\temp\qxrcywfc.TMP"
Tue 20 Nov 2007 616,448 A.SH. --- "C:\Deckard\System Scanner\backup\WINDOWS\temp\qxxamdj5.TMP"
Fri 16 Nov 2007 616,448 A.SH. --- "C:\Deckard\System Scanner\backup\WINDOWS\temp\r6gb6qz9.TMP"
Tue 20 Nov 2007 616,448 A.SH. --- "C:\Deckard\System Scanner\backup\WINDOWS\temp\rhumja7i.TMP"
Tue 20 Nov 2007 616,448 A.SH. --- "C:\Deckard\System Scanner\backup\WINDOWS\temp\rpqh7e1k.TMP"
Tue 20 Nov 2007 616,448 A.SH. --- "C:\Deckard\System Scanner\backup\WINDOWS\temp\rvgynf5u.TMP"
Fri 16 Nov 2007 616,448 A.SH. --- "C:\Deckard\System Scanner\backup\WINDOWS\temp\rwaodlhu.TMP"
Tue 20 Nov 2007 616,448 A.SH. --- "C:\Deckard\System Scanner\backup\WINDOWS\temp\ryvgerbv.TMP"
Tue 20 Nov 2007 616,448 A.SH. --- "C:\Deckard\System Scanner\backup\WINDOWS\temp\s00jnpfk.TMP"
Fri 16 Nov 2007 616,448 A.SH. --- "C:\Deckard\System Scanner\backup\WINDOWS\temp\s137vdru.TMP"
Fri 16 Nov 2007 616,448 A.SH. --- "C:\Deckard\System Scanner\backup\WINDOWS\temp\s1nc6b4k.TMP"
Tue 25 Dec 2007 616,448 A.SH. --- "C:\Deckard\System Scanner\backup\WINDOWS\temp\s64tww9n.TMP"
Tue 20 Nov 2007 616,448 A.SH. --- "C:\Deckard\System Scanner\backup\WINDOWS\temp\s7g3yxaa.TMP"
Fri 16 Nov 2007 616,448 A.SH. --- "C:\Deckard\System Scanner\backup\WINDOWS\temp\sepx5ixm.TMP"
Tue 25 Dec 2007 616,448 A.SH. --- "C:\Deckard\System Scanner\backup\WINDOWS\temp\snho7g0v.TMP"
Tue 25 Dec 2007 616,448 A.SH. --- "C:\Deckard\System Scanner\backup\WINDOWS\temp\sp2owsh5.TMP"
Fri 16 Nov 2007 616,448 A.SH. --- "C:\Deckard\System Scanner\backup\WINDOWS\temp\st8rke7y.TMP"
Tue 20 Nov 2007 616,448 A.SH. --- "C:\Deckard\System Scanner\backup\WINDOWS\temp\svdqi6e7.TMP"
Tue 20 Nov 2007 616,448 A.SH. --- "C:\Deckard\System Scanner\backup\WINDOWS\temp\sz60tc65.TMP"
Tue 18 Sep 2007 616,448 A.SH. --- "C:\Deckard\System Scanner\backup\WINDOWS\temp\t72eazd5.TMP"
Tue 18 Sep 2007 616,448 A.SH. --- "C:\Deckard\System Scanner\backup\WINDOWS\temp\tbj9mgit.TMP"
Fri 16 Nov 2007 616,448 A.SH. --- "C:\Deckard\System Scanner\backup\WINDOWS\temp\twj7ivqf.TMP"
Fri 16 Nov 2007 616,448 A.SH. --- "C:\Deckard\System Scanner\backup\WINDOWS\temp\u3g7buun.TMP"
Tue 18 Sep 2007 616,448 A.SH. --- "C:\Deckard\System Scanner\backup\WINDOWS\temp\u4ld0m5z.TMP"
Fri 16 Nov 2007 616,448 A.SH. --- "C:\Deckard\System Scanner\backup\WINDOWS\temp\u92mnbeb.TMP"
Tue 18 Sep 2007 616,448 A.SH. --- "C:\Deckard\System Scanner\backup\WINDOWS\temp\ug02utab.TMP"
Tue 20 Nov 2007 616,448 A.SH. --- "C:\Deckard\System Scanner\backup\WINDOWS\temp\ug7unn5z.TMP"
Fri 16 Nov 2007 616,448 A.SH. --- "C:\Deckard\System Scanner\backup\WINDOWS\temp\umaz17a1.TMP"
Fri 16 Nov 2007 616,448 A.SH. --- "C:\Deckard\System Scanner\backup\WINDOWS\temp\umoj6a1f.TMP"
Fri 16 Nov 2007 616,448 A.SH. --- "C:\Deckard\System Scanner\backup\WINDOWS\temp\umrdwja4.TMP"
Tue 20 Nov 2007 616,448 A.SH. --- "C:\Deckard\System Scanner\backup\WINDOWS\temp\uoyild54.TMP"
Tue 20 Nov 2007 616,448 A.SH. --- "C:\Deckard\System Scanner\backup\WINDOWS\temp\up2slvpk.TMP"
Fri 16 Nov 2007 616,448 A.SH. --- "C:\Deckard\System Scanner\backup\WINDOWS\temp\uuh3ve7v.TMP"
Tue 20 Nov 2007 616,448 A.SH. --- "C:\Deckard\System Scanner\backup\WINDOWS\temp\uxz4elg4.TMP"
Tue 20 Nov 2007 616,448 A.SH. --- "C:\Deckard\System Scanner\backup\WINDOWS\temp\v37572q4.TMP"
Tue 18 Sep 2007 616,448 A.SH. --- "C:\Deckard\System Scanner\backup\WINDOWS\temp\vo2j8h02.TMP"
Tue 20 Nov 2007 616,448 A.SH. --- "C:\Deckard\System Scanner\backup\WINDOWS\temp\vy82m42n.TMP"
Tue 20 Nov 2007 616,448 A.SH. --- "C:\Deckard\System Scanner\backup\WINDOWS\temp\vzr6jejm.TMP"
Fri 16 Nov 2007 616,448 A.SH. --- "C:\Deckard\System Scanner\backup\WINDOWS\temp\w43vmnck.TMP"
Tue 20 Nov 2007 616,448 A.SH. --- "C:\Deckard\System Scanner\backup\WINDOWS\temp\w6ohzzzw.TMP"
Fri 16 Nov 2007 616,448 A.SH. --- "C:\Deckard\System Scanner\backup\WINDOWS\temp\wcsyq1j0.TMP"
Tue 20 Nov 2007 616,448 A.SH. --- "C:\Deckard\System Scanner\backup\WINDOWS\temp\wcvntc16.TMP"
Tue 18 Sep 2007 616,448 A.SH. --- "C:\Deckard\System Scanner\backup\WINDOWS\temp\wd4flzh2.TMP"
Fri 16 Nov 2007 616,448 A.SH. --- "C:\Deckard\System Scanner\backup\WINDOWS\temp\xo1r72g5.TMP"
Tue 20 Nov 2007 616,448 A.SH. --- "C:\Deckard\System Scanner\backup\WINDOWS\temp\xupryp3r.TMP"
Fri 16 Nov 2007 616,448 A.SH. --- "C:\Deckard\System Scanner\backup\WINDOWS\temp\xy53w3w8.TMP"
Fri 16 Nov 2007 616,448 A.SH. --- "C:\Deckard\System Scanner\backup\WINDOWS\temp\y95pcmrz.TMP"
Fri 16 Nov 2007 616,448 A.SH. --- "C:\Deckard\System Scanner\backup\WINDOWS\temp\ynumjjlj.TMP"
Tue 20 Nov 2007 616,448 A.SH. --- "C:\Deckard\System Scanner\backup\WINDOWS\temp\ywho4fzs.TMP"
Fri 16 Nov 2007 616,448 A.SH. --- "C:\Deckard\System Scanner\backup\WINDOWS\temp\z2rzt14p.TMP"
Fri 16 Nov 2007 616,448 A.SH. --- "C:\Deckard\System Scanner\backup\WINDOWS\temp\z31l4ur4.TMP"
Tue 20 Nov 2007 616,448 A.SH. --- "C:\Deckard\System Scanner\backup\WINDOWS\temp\z4tekqns.TMP"
Tue 18 Sep 2007 616,448 A.SH. --- "C:\Deckard\System Scanner\backup\WINDOWS\temp\zj4gpz2u.TMP"
Tue 20 Nov 2007 616,448 A.SH. --- "C:\Deckard\System Scanner\backup\WINDOWS\temp\zqvj412g.TMP"
Mon 25 Jun 2007 616,448 A.SH. --- "C:\Deckard\System Scanner\20080320112155\backup\WINDOWS\temp\18clkbza.TMP"
Sun 24 Jun 2007 616,448 A.SH. --- "C:\Deckard\System Scanner\20080320112155\backup\WINDOWS\temp\1b20atyb.TMP"
Wed 2 May 2007 616,448 A.SH. --- "C:\Deckard\System Scanner\20080320112155\backup\WINDOWS\temp\2dzsefo4.TMP"
Sun 24 Jun 2007 616,448 A.SH. --- "C:\Deckard\System Scanner\20080320112155\backup\WINDOWS\temp\2f92wojf.TMP"
Wed 2 May 2007 616,448 A.SH. --- "C:\Deckard\System Scanner\20080320112155\backup\WINDOWS\temp\2pfac495.TMP"
Mon 25 Jun 2007 616,448 A.SH. --- "C:\Deckard\System Scanner\20080320112155\backup\WINDOWS\temp\46xm08rc.TMP"
Mon 25 Jun 2007 616,448 A.SH. --- "C:\Deckard\System Scanner\20080320112155\backup\WINDOWS\temp\652kfrko.TMP"
Mon 25 Jun 2007 616,448 A.SH. --- "C:\Deckard\System Scanner\20080320112155\backup\WINDOWS\temp\7frcmv77.TMP"
Sun 24 Jun 2007 616,448 A.SH. --- "C:\Deckard\System Scanner\20080320112155\backup\WINDOWS\temp\7tkyo41q.TMP"
Sun 24 Jun 2007 616,448 A.SH. --- "C:\Deckard\System Scanner\20080320112155\backup\WINDOWS\temp\8pjfde51.TMP"
Mon 25 Jun 2007 616,448 A.SH. --- "C:\Deckard\System Scanner\20080320112155\backup\WINDOWS\temp\9e7cifah.TMP"
Sun 24 Jun 2007 616,448 A.SH. --- "C:\Deckard\System Scanner\20080320112155\backup\WINDOWS\temp\c00od1fv.TMP"
Sun 24 Jun 2007 616,448 A.SH. --- "C:\Deckard\System Scanner\20080320112155\backup\WINDOWS\temp\cdrc4wde.TMP"
Sun 24 Jun 2007 616,448 A.SH. --- "C:\Deckard\System Scanner\20080320112155\backup\WINDOWS\temp\dfgh70xm.TMP"
Sun 24 Jun 2007 616,448 A.SH. --- "C:\Deckard\System Scanner\20080320112155\backup\WINDOWS\temp\dxig5hn7.TMP"
Sun 24 Jun 2007 616,448 A.SH. --- "C:\Deckard\System Scanner\20080320112155\backup\WINDOWS\temp\fmfa46wf.TMP"
Mon 25 Jun 2007 589,824 A.SH. --- "C:\Deckard\System Scanner\20080320112155\backup\WINDOWS\temp\frn1pq9i.TMP"
Mon 25 Jun 2007 616,448 A.SH. --- "C:\Deckard\System Scanner\20080320112155\backup\WINDOWS\temp\h0be7jrx.TMP"
Mon 25 Jun 2007 616,448 A.SH. --- "C:\Deckard\System Scanner\20080320112155\backup\WINDOWS\temp\i8iig2s0.TMP"
Sun 24 Jun 2007 616,448 A.SH. --- "C:\Deckard\System Scanner\20080320112155\backup\WINDOWS\temp\kcezl0hi.TMP"
Sun 24 Jun 2007 616,448 A.SH. --- "C:\Deckard\System Scanner\20080320112155\backup\WINDOWS\temp\lm05hude.TMP"
Sun 24 Jun 2007 616,448 A.SH. --- "C:\Deckard\System Scanner\20080320112155\backup\WINDOWS\temp\mt4dt1do.TMP"
Sun 24 Jun 2007 616,448 A.SH. --- "C:\Deckard\System Scanner\20080320112155\backup\WINDOWS\temp\n42uk03t.TMP"
Mon 25 Jun 2007 616,448 A.SH. --- "C:\Deckard\System Scanner\20080320112155\backup\WINDOWS\temp\nqx4udwa.TMP"
Sun 24 Jun 2007 616,448 A.SH. --- "C:\Deckard\System Scanner\20080320112155\backup\WINDOWS\temp\nxmbonmq.TMP"
Mon 25 Jun 2007 616,448 A.SH. --- "C:\Deckard\System Scanner\20080320112155\backup\WINDOWS\temp\saovaoty.TMP"
Mon 25 Jun 2007 616,448 A.SH. --- "C:\Deckard\System Scanner\20080320112155\backup\WINDOWS\temp\sftqbr38.TMP"
Sun 24 Jun 2007 616,448 A.SH. --- "C:\Deckard\System Scanner\20080320112155\backup\WINDOWS\temp\swy8jrbo.TMP"
Mon 25 Jun 2007 616,448 A.SH. --- "C:\Deckard\System Scanner\20080320112155\backup\WINDOWS\temp\tijbn9gl.TMP"
Wed 2 May 2007 616,448 A.SH. --- "C:\Deckard\System Scanner\20080320112155\backup\WINDOWS\temp\u96kecww.TMP"
Mon 25 Jun 2007 616,448 A.SH. --- "C:\Deckard\System Scanner\20080320112155\backup\WINDOWS\temp\ul5cyhkj.TMP"
Wed 2 May 2007 616,448 A.SH. --- "C:\Deckard\System Scanner\20080320112155\backup\WINDOWS\temp\v75ba5d4.TMP"
Sun 24 Jun 2007 616,448 A.SH. --- "C:\Deckard\System Scanner\20080320112155\backup\WINDOWS\temp\vwmgdr3t.TMP"
Mon 25 Jun 2007 616,448 A.SH. --- "C:\Deckard\System Scanner\20080320112155\backup\WINDOWS\temp\whxmjoyh.TMP"
Mon 25 Jun 2007 616,448 A.SH. --- "C:\Deckard\System Scanner\20080320112155\backup\WINDOWS\temp\xbh5pi8h.TMP"
Sun 24 Jun 2007 616,448 A.SH. --- "C:\Deckard\System Scanner\20080320112155\backup\WINDOWS\temp\xtx0o5n3.TMP"
Sun 24 Jun 2007 616,448 A.SH. --- "C:\Deckard\System Scanner\20080320112155\backup\WINDOWS\temp\yrsfyokj.TMP"
Sun 24 Jun 2007 616,448 A.SH. --- "C:\Deckard\System Scanner\20080320112155\backup\WINDOWS\temp\ytwlcqku.TMP"
Mon 25 Jun 2007 616,448 A.SH. --- "C:\Deckard\System Scanner\20080320112155\backup\WINDOWS\temp\z9pwgrr5.TMP"

Finished!

Logfile of HijackThis v1.99.1
Scan saved at 13:00:49, on 23.3.2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16608)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\Comodo\Firewall\cmdagent.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\WINDOWS\System32\PAStiSvc.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\Winamp\winampa.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\Program Files\Comodo\Firewall\cfp.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Scanner.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Linkit
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKLM\..\Run: [Sony Ericsson PC Suite] "C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe" /startoptions
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [WinampAgent] "C:\Program Files\Winamp\winampa.exe"
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKLM\..\Run: [COMODO Firewall Pro] "C:\Program Files\Comodo\Firewall\cfp.exe" -h
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll (file missing)
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll (file missing)
O9 - Extra button: Lukutulkki - {B66541E2-E167-4084-8E77-68CA13C4B3B8} - C:\Program Files\NetClickup\Lukutulkki\Lutu.dll (file missing)
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O11 - Options group: [INTERNATIONAL] International*
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O14 - IERESET.INF: START_PAGE_URL=http://www.multitronic.fi/
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Object) - http://a1540.g.akamai.net/7/1540/52/20070711/qtinstall.info.apple.com/qtactivex/qtplugin.cab
O16 - DPF: {0B79F48A-E8D6-11DB-9283-E25056D89593} (F-Secure Online Scanner 3.1) - http://support.f-secure.com/ols/fscax.cab
O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab31267.cab
O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab
O16 - DPF: {4539348E-01D7-11D5-9A39-0080C8D85044} (GameDesire Slots 90th) - http://67.15.101.33/g_bin/eng/slots90_2_0_0_35.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1138006785703
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab
O16 - DPF: {69EF49E5-FE46-4B92-B5FA-2193AB7A6B8A} (GameLauncher Control) - http://www.acclaim.com/cabs/acclaim_v4.cab
O16 - DPF: {917623D1-D8E5-11D2-BE8B-00104B06BDE3} (CamImage Class) - http://webcam.ttk.ru/activex/AxisCamControl.cab
O16 - DPF: {A6212120-01D4-11D5-9A39-0080C8D85044} (GameDesire Slots 70th) - http://67.15.101.33/g_bin/eng/slots70_2_0_0_35.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://messenger.zone.msn.com/binary/ZIntro.cab56649.cab
O16 - DPF: {BD08A9D5-0E5C-4F42-99A3-C0CB5E860557} (CSolidBrowserObj Object) - http://cdn1.acclaimdownloads.com/solidstateion.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab56986.cab
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - AppInit_DLLs: C:\WINDOWS\system32\guard32.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe (file missing)
O23 - Service: avast! Antivirus - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashServ.exe (file missing)
O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: COMODO Firewall Pro Helper Service (cmdAgent) - COMODO - C:\Program Files\Comodo\Firewall\cmdagent.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: STI Simulator - Unknown owner - C:\WINDOWS\System32\PAStiSvc.exe

Hujo · 23.03.2008

scannaa hjt:llä merkkaa paina Fix checked

O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/Share...n/bin/cabsa.cab

=============

asenna avasti uudelleen koneelle.

many68 · 23.03.2008

Asennan just tos Avastia koneelle uusiks, laitoin sen skannaamaan buutatessa ja nyt se menee sitä läpi. Mut tos aikaisemmin yht'äkkiä katos tuo työkalupalkki ja siis käynnistä-valikko ruudusta. Millä sen saa takas, pitäiskö tehdä uusiks se expand juttu palautuskonsolis explorer.exe tiedostolle?
Mites saan IE:n toimiin?
Ja vielä, ei avaa ohjetta, ei pysty tekemään/muokkaamaan käyttäjätilejä (käyttäjätilit ruutu pysyy blancona), eikä pysty järjestelmän palautusta avata? Saisko yritettyä palautusta muulla tavoin?

Hujo · 23.03.2008

Lataa Atribunen ATF Cleaner

Ohjeet;

Tupla-klikkaa ATF-Cleaner.exe käynnistääksesi ohjelman.Main:n alla valitse: Select All
Klikkaa Empty Selected valintaa.
Jos käytät FireFoxia selaimenasi Klikkaa Firefox yläpuolelta ja valitse: Select All
Klikkaa Empty Selected valintaa.
HUOMIO: Jos haluaisit pitää tallennetut salasanasi, klikkaa No kun se sitä kysyy.
Jos käytät Operaa selaimenasiKlikkaa Opera yläpuolelta ja valitse: Select All
Klikkaa Empty Selected valintaa taas.
HUOMIO: Jos haluaisit pitää tallennetut salasanasi, klikkaa No kun se sitä kysyy.
Klikkaa Exit päävalikosta sulkeaksesi ohjelman.
Teknistä tukea tulee jos tupla-klikkaat sähköpostiosoitetta joka sijaitsee jokaisen menun alapuolella kyseisessä työkalussa. (Huomatkaa että se tuki on sitten englanniksi)

============

Järjestelmän palutusta ei kannata tehdä

ajas tuo combofix uudelleen.

many68 · 23.03.2008

Tuo kone vielä skannaa sillä Avastin start up scannilla, eli teen nuo heti kun mahdollista. Pieni ongelma on se että en tiedä varmasti, mitä selainta kaveri on käyttäny, mut ainaki työpöydällä on vaan IE.
Ja toinen ongelma on se, että en oo vieläkään ainakaan tähän mennes saanu kopioitus suoraan tikulle noita tiedostoja ja logeja yms, eli pitää aina vähä säätää cmd:n kans ja sit lähettää tänne pojan koneelta.

many68 · 23.03.2008

Tässä uus ComboFix-logi (ei oo vielä työkalupalkkia, enkä saanu pois päältä comodoa)

ComboFix 08-03-22.1 - Jari 2008-03-23 18:52:57.2 - NTFSx86
Running from: C:\Documents and Settings\All Users\Työpöytä\ComboFix.exe

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.

((((( Tiedostot, jotka on luotu seuraavalla aikavälillä: 2008-02-23 to 2008-03-23 )))))))))))))))))
.

2008-03-23 18:55 . 2008-03-23 18:55 6,736 --a--c--- C:\WINDOWS\system32\drivers\PROCEXP90.SYS
2008-03-23 18:44 . 2008-03-23 18:34 50,688 --a------ C:\Documents and Settings\Jari\ATF-Cleaner.exe
2008-03-23 18:02 . 2007-12-04 15:04 837,496 --a------ C:\WINDOWS\system32\aswBoot.exe
2008-03-23 18:02 . 2004-01-09 11:13 380,928 --a------ C:\WINDOWS\system32\actskin4.ocx
2008-03-23 18:02 . 2007-12-04 14:54 95,608 --a--c--- C:\WINDOWS\system32\AvastSS.scr
2008-03-23 18:02 . 2007-12-04 16:55 94,544 --a--c--- C:\WINDOWS\system32\drivers\aswmon2.sys
2008-03-23 18:02 . 2007-12-04 16:56 93,264 --a--c--- C:\WINDOWS\system32\drivers\aswmon.sys
2008-03-23 18:02 . 2007-12-04 16:51 42,912 --a--c--- C:\WINDOWS\system32\drivers\aswTdi.sys
2008-03-23 18:02 . 2007-12-04 16:49 26,624 --a--c--- C:\WINDOWS\system32\drivers\aavmker4.sys
2008-03-23 18:02 . 2007-12-04 16:53 23,152 --a--c--- C:\WINDOWS\system32\drivers\aswRdr.sys
2008-03-23 17:56 . 2008-03-23 15:37 18,500,624 --a------ C:\Documents and Settings\Jari\avast_setupeng_v4.7.1098.exe
2008-03-23 13:57 . 2004-09-14 18:12 1,032,704 --a--c--- C:\WINDOWS\explorer.exe
2008-03-23 13:46 . 2008-03-23 13:46 552 --a--c--- C:\WINDOWS\system32\d3d8caps.dat
2008-03-23 12:47 . 2008-03-23 12:47 <KANSIO> d----c--- C:\WINDOWS\ERUNT
2008-03-22 21:48 . 2008-03-22 21:03 1,606,483 --a--c--- C:\Documents and Settings\All Users\ComboFix.exe
2008-03-22 21:16 . 2008-03-22 21:16 <KANSIO> d----c--- C:\ComboFix1
2008-03-22 21:10 . 2008-03-22 21:13 <KANSIO> d----c--- C:\ComboFix2
2008-03-22 21:06 . 2008-03-22 21:03 1,606,483 --a--c--- C:\ComboFix.exe
2008-03-22 19:14 . 2004-09-14 18:12 24,576 --a--c--- C:\WINDOWS\system32\userinit.exe
2008-03-22 19:14 . 2004-09-14 18:12 24,576 --a--c--- C:\userinit.exe
2008-03-22 12:47 . 2008-03-22 12:47 <KANSIO> d----c--- C:\WINDOWS\system32\config\systemprofile\Application Data\Grisoft
2008-03-22 12:47 . 2008-03-22 12:47 <KANSIO> d----c--- C:\WINDOWS\system32\config\systemprofile\Application Data\Comodo
2008-03-20 21:17 . 2007-11-07 13:28 722,432 --a--c--- C:\WINDOWS\system32\lsasrv.dll
2008-03-20 20:00 . 2007-02-09 15:10 574,464 --a--c--- C:\WINDOWS\system32\drivers\ntfs.sys
2008-03-20 15:39 . 2008-03-20 15:39 <KANSIO> d--hs---- C:\found.000
2008-03-20 11:00 . 2008-03-22 16:22 0 --a--c--- C:\23990098.$$$
2008-03-20 08:58 . 2008-03-20 09:01 <KANSIO> d----c--- C:\Downloads
2008-03-20 08:58 . 2008-03-20 09:00 <KANSIO> d----c--- C:\Bases
2008-03-20 08:54 . 2008-03-20 09:01 <KANSIO> d----c--- C:\Kaspersky
2008-03-20 08:48 . 2008-03-20 08:48 <KANSIO> d----c--- C:\Program Files\180searchassistant
2008-03-20 08:48 . 2008-03-20 08:48 <KANSIO> d----c--- C:\Program Files\180search assistant
2008-03-19 21:57 . 2008-03-19 21:57 <KANSIO> d----c--- C:\Documents and Settings\Järjestelmänvalvoja\Application Data\Teleca
2008-03-19 19:49 . 2008-03-19 19:49 <KANSIO> d----c--- C:\WINDOWS\FLEOK
2008-03-19 19:49 . 2008-03-19 19:49 <KANSIO> d----c--- C:\Program Files\zango
2008-03-19 19:49 . 2008-03-19 19:49 <KANSIO> d----c--- C:\Program Files\180solutions
2008-03-19 19:30 . 2008-03-19 19:30 <KANSIO> d----c--- C:\Documents and Settings\Järjestelmänvalvoja\Application Data\Grisoft
2008-03-16 19:50 . 2008-03-16 19:50 139,008 --a--c--- C:\WINDOWS\system32\guard32.dll
2008-03-16 19:50 . 2008-03-16 19:50 85,112 --a--c--- C:\WINDOWS\system32\drivers\cmdguard.sys
2008-03-16 19:50 . 2008-03-16 19:50 23,800 --a--c--- C:\WINDOWS\system32\drivers\cmdhlp.sys
2008-03-16 17:05 . 2008-03-16 17:05 <KANSIO> d----c--- C:\Program Files\Common Files\HP
2008-03-16 16:56 . 2008-03-16 17:05 113,144 --a--c--- C:\WINDOWS\hpoins07.dat
2008-03-16 16:56 . 2005-05-24 07:41 21,124 -----c--- C:\WINDOWS\hpomdl07.dat
2008-03-16 09:12 . 2008-03-16 09:12 <KANSIO> d----c--- C:\Documents and Settings\Rami\Application Data\Grisoft
2008-03-15 16:05 . 2008-03-15 16:05 <KANSIO> d----c--- C:\Documents and Settings\Miro ja Rami\Application Data\Grisoft
2008-03-15 16:00 . 2008-03-15 16:00 <KANSIO> d-------- C:\Documents and Settings\Jari\Application Data\Grisoft
2008-03-15 15:28 . 2008-03-15 15:28 <KANSIO> d----c--- C:\Program Files\Sysmnt
2008-03-15 15:28 . 2008-03-15 15:28 <KANSIO> d----c--- C:\Program Files\stc
2008-03-15 13:55 . 2008-03-15 13:55 <KANSIO> d----c--- C:\Documents and Settings\All Users\Application Data\Grisoft
2008-03-15 13:55 . 2007-05-30 14:10 10,872 --a--c--- C:\WINDOWS\system32\drivers\AvgAsCln.sys
2008-03-15 12:56 . 2008-03-15 12:56 <KANSIO> d----c--- C:\Program Files\Spybot - Search & Destroy
2008-03-15 12:56 . 2008-03-15 12:58 <KANSIO> d----c--- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-03-14 16:49 . 2008-03-14 16:49 1,720,086 --a--c--- C:\WINDOWS\system32\TmpA9346968
2008-03-14 07:23 . 2008-03-20 09:02 1,856 --a--c--- C:\WINDOWS\defaultxxx.htm
2008-03-13 21:28 . 2008-03-13 21:28 88,587 --a--c--- C:\WINDOWS\system32\mgmrwmrv.exe.mwt
2008-03-08 14:22 . 2008-03-08 14:23 <KANSIO> d----c--- C:\Program Files\Windows Live
2008-03-08 14:22 . 2008-03-08 14:22 <KANSIO> d--hsc--- C:\Program Files\Common Files\WindowsLiveInstaller
2008-03-08 14:22 . 2008-03-08 14:22 <KANSIO> d----c--- C:\Documents and Settings\All Users\Application Data\WLInstaller
2008-03-02 17:56 . 2008-03-02 17:56 <KANSIO> d----c--- C:\Program Files\Microsoft Games
2008-02-23 20:40 . 2008-02-23 20:40 <KANSIO> d----c--- C:\Program Files\CASIO
2008-02-23 20:40 . 2003-10-02 00:00 413,696 --a--c--- C:\WINDOWS\system32\PICSDK.dll
2008-02-23 20:40 . 2002-11-01 00:00 114,688 --a--c--- C:\WINDOWS\system32\EpPicPrt.dll
2008-02-23 20:40 . 2003-10-02 00:00 91,923 --a--c--- C:\WINDOWS\system32\EPPICPrinterDB.dat
2008-02-23 20:40 . 2003-10-02 00:00 76,956 --a--c--- C:\WINDOWS\system32\EPPICPattern2.dat
2008-02-23 20:40 . 2002-11-01 00:00 65,536 --a--c--- C:\WINDOWS\system32\EPPicMgr.dll
2008-02-23 20:40 . 2003-10-02 00:00 39,121 --a--c--- C:\WINDOWS\system32\EPPICPattern1.dat
2008-02-23 20:40 . 2003-10-02 00:01 27,965 --a--c--- C:\WINDOWS\system32\EPPICPresetData_JP.dat
2008-02-23 20:40 . 2003-10-02 00:00 15,822 --a--c--- C:\WINDOWS\system32\EPPICLocal_JP.cfg
2008-02-23 20:40 . 2008-02-23 20:40 15,172 --a--c--- C:\WINDOWS\system32\drivers\PzWDM.sys
2008-02-23 20:40 . 2003-10-02 00:00 14,482 --a--c--- C:\WINDOWS\system32\EPPICLocal_EN.cfg
2008-02-23 20:38 . 2008-02-23 20:45 <KANSIO> d----c--- C:\Program Files\HOTALBUMMyBOX

.
(((((((((((((((((((((((((((((((((((( Find3M-raportti ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-03-23 16:02 --------- dc----w C:\Program Files\Alwil Software
2008-03-23 12:12 --------- dc----w C:\Program Files\Steam
2008-03-19 15:49 --------- d-----w C:\Documents and Settings\Jari\Application Data\Comodo
2008-03-17 13:33 --------- dc----w C:\Documents and Settings\Miro ja Rami\Application Data\Comodo
2008-03-16 17:53 --------- dc----w C:\Documents and Settings\All Users\Application Data\Comodo
2008-03-16 17:50 --------- dc----w C:\Documents and Settings\Rami\Application Data\Comodo
2008-03-16 17:09 --------- dc----w C:\Documents and Settings\Rami\Application Data\Image Zone Express
2008-03-16 15:05 --------- dc----w C:\Program Files\HP
2008-03-16 14:55 --------- dc----w C:\Documents and Settings\Rami\Application Data\HP
2008-03-14 14:48 --------- dc----w C:\Program Files\StepMania
2008-03-13 17:23 --------- dc----w C:\Program Files\GameSpy Arcade
2008-03-13 17:19 --------- dc----w C:\Program Files\OpenOffice.org1.1.1
2008-03-10 13:13 --------- dc-h--w C:\Program Files\InstallShield Installation Information
2008-03-10 13:13 --------- dc----w C:\Program Files\Ubisoft
2008-03-09 07:25 --------- dc----w C:\Program Files\Java
2008-03-08 12:23 --------- dc----w C:\Program Files\MSN Messenger
2008-02-24 18:13 --------- dc----w C:\Documents and Settings\Miro ja Rami\Application Data\uTorrent
2008-02-23 11:57 --------- dc----w C:\Program Files\Electronic Arts
2008-02-23 09:36 --------- dc----w C:\Program Files\Common Files\3DO Shared
2008-02-19 15:34 --------- dc----w C:\Program Files\Winamp
2008-02-19 12:15 --------- dc----w C:\Program Files\3DO
2008-02-16 10:23 --------- dc----w C:\Program Files\Lavasoft
2008-02-16 10:23 --------- dc----w C:\Documents and Settings\All Users\Application Data\Lavasoft
2008-02-16 10:22 --------- dc----w C:\Program Files\Common Files\Wise Installation Wizard
2008-02-03 18:51 --------- dc----w C:\Documents and Settings\All Users\Application Data\Absolutist
2008-02-01 11:44 --------- dc----w C:\Documents and Settings\Miro ja Rami\Application Data\Skype
2007-01-15 17:00 138,220 -c--a-w C:\Documents and Settings\All Users\Application Data\firstlsp.reg.dat
2005-10-25 17:48 1,302,528 -c--a-w C:\Documents and Settings\Rami\Fishing.exe
2005-10-15 23:49 97,848 -c--a-w C:\Documents and Settings\Rami\bass.dll
2007-01-20 19:03 88 -csh--r C:\WINDOWS\system32\24DD2CB436.sys
2007-01-26 13:20 3,350 -csha-w C:\WINDOWS\system32\KGyGaAvL.sys
.

------- Sigcheck -------

Cryptography Services Error !!
.
((((((((((((((((((((((((((((( snapshot@2008-03-23_12.06.08,12 )))))))))))))))))))))))))))))))))))))))))
.
+ 2008-03-23 05:24:58 163,328 -c--a-w C:\WINDOWS\ERUNT\SDFIX\ERDNT.EXE
+ 2008-03-23 10:47:48 3,731,456 -c--a-w C:\WINDOWS\ERUNT\SDFIX\Users\00000001\NTUSER.DAT
+ 2008-03-23 10:47:48 151,552 -c--a-w C:\WINDOWS\ERUNT\SDFIX\Users\00000002\UsrClass.dat
+ 2008-03-23 05:24:58 163,328 -c--a-w C:\WINDOWS\ERUNT\SDFIX_First_Run\ERDNT.EXE
+ 2008-03-23 10:47:46 3,731,456 -c--a-w C:\WINDOWS\ERUNT\SDFIX_First_Run\Users\00000001\NTUSER.DAT
+ 2008-03-23 10:47:46 151,552 -c--a-w C:\WINDOWS\ERUNT\SDFIX_First_Run\Users\00000002\UsrClass.dat
.
(((((((((((((((((((((((((((((( Rekisterin käynnistyskohteet )))))))))))))))))))))))))))))))))))))))))))))
.
.
REGEDIT4
*Huom* Tyhjiä arvoja ja laillisia oletusarvoja ei näytetä

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"msnmsgr"="C:\Program Files\MSN Messenger\msnmsgr.exe" [2007-01-19 11:55 5674352]
"WMPNSCFG"="C:\Program Files\Windows Media Player\WMPNSCFG.exe" [2006-11-15 10:40 204288]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-09-14 15:12 15360]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2005-12-10 03:06 7311360]
"nwiz"="nwiz.exe" [2005-12-10 03:06 1519616 C:\WINDOWS\system32\nwiz.exe]
"NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [2005-12-10 03:06 86016]
"RemoteControl"="C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe" [2003-10-31 19:42 32768]
"HP Software Update"="C:\Program Files\HP\HP Software Update\HPWuSchd2.exe" [2005-05-11 23:12 49152]
"SoundMan"="SOUNDMAN.EXE" [2007-04-16 14:28 577536 C:\WINDOWS\soundman.exe]
"Sony Ericsson PC Suite"="C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe" [2005-10-26 16:17 159744]
"WinampAgent"="C:\Program Files\Winamp\winampa.exe" [2007-12-03 07:59 37376]
"!AVG Anti-Spyware"="C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" [2007-06-11 11:25 6731312]
"COMODO Firewall Pro"="C:\Program Files\Comodo\Firewall\cfp.exe" [2008-03-16 19:50 1503488]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" [ ]
"avast!"="C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [2007-12-04 15:00 79224]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-09-14 15:12 15360]
"msnmsgr"="C:\Program Files\MSN Messenger\msnmsgr.exe" [2007-01-19 11:55 5674352]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"= C:\WINDOWS\system32\guard32.dll

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Käynnistä-valikko^Ohjelmat^Käynnistys^Adobe Gamma Loader.lnk]
path=C:\Documents and Settings\All Users\Käynnistä-valikko\Ohjelmat\Käynnistys\Adobe Gamma Loader.lnk
backup=C:\WINDOWS\pss\Adobe Gamma Loader.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Käynnistä-valikko^Ohjelmat^Käynnistys^Adobe Reader Speed Launch.lnk]
path=C:\Documents and Settings\All Users\Käynnistä-valikko\Ohjelmat\Käynnistys\Adobe Reader Speed Launch.lnk
backup=C:\WINDOWS\pss\Adobe Reader Speed Launch.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Käynnistä-valikko^Ohjelmat^Käynnistys^MediaChecker.lnk]
path=C:\Documents and Settings\All Users\Käynnistä-valikko\Ohjelmat\Käynnistys\MediaChecker.lnk
backup=C:\WINDOWS\pss\MediaChecker.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\F-Secure Manager]
C:\Program Files\F-Secure\Common\FSM32.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\F-Secure TNB]
C:\Program Files\F-Secure\FSGUI\TNBUtil.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MBBalloon]
--a--c--- 2007-02-09 14:28 789120 C:\Program Files\HOTALBUMMyBOX\MBBalloon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
--a--c--- 2001-07-09 11:50 155648 C:\WINDOWS\system32\NeroCheck.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
--a--c--- 2007-08-11 22:23 286720 C:\Program Files\QuickTime\qttask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpyHunter]
C:\WINDOWS\system32\bhxzopiux.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Update API]
C:\WINDOWS\system32\bhxzopiux.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UR]
C:\DOCUME~1\make\LOCALS~1\Temp\UR.exe

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"C:\\Program Files\\Steam\\SteamApps\\headshot913\\counter-strike source\\hl2.exe"=
"C:\\Program Files\\Messenger\\msmsgs.exe"=
"C:\\Program Files\\Steam\\steam.exe"=
"C:\\Program Files\\Ubisoft\\Heroes of Might and Magic V\\bin\\H5_Game.exe"=
"C:\\Program Files\\3DO\\Heroes 3 Complete\\HEROES3.EXE"=
"C:\\Program Files\\Microsoft Games\\Age of Empires II\\age2_x1\\age2_x1.exe"=
"C:\\WINDOWS\\system32\\dplaysvr.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=
"C:\\Program Files\\GameSpy Arcade\\Aphex.exe"=
"C:\\Program Files\\3DO\\Heroes of Might and Magic IV\\heroes4.exe"=
"C:\\WINDOWS\\system32\\dpnsvr.exe"=
"C:\\Program Files\\Skype\\Phone\\Skype.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpofxm08.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hposfx08.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqscnvw.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqCopy.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpfccopy.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpzwiz01.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqPhUnl.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqDIA.exe"=
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"7200:TCP"= 7200:TCP:BitComet 7200 TCP
"7200:UDP"= 7200:UDP:BitComet 7200 UDP
"9838:TCP"= 9838:TCP:BitComet 9838 TCP
"9838:UDP"= 9838:UDP:BitComet 9838 UDP
"9842:TCP"= 9842:TCP:*isabled:SolidNetworkManager
"9842:UDP"= 9842:UDP:*isabled:SolidNetworkManager
"3724:TCP"= 3724:TCP:Blizzard Downloader: 3724

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{3d7697ca-937e-11db-b110-0015f2176775}]
\Shell\Auto\command - avyxrxvvm.exe
\Shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL avyxrxvvm.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{7a900b40-8c00-11da-ac57-806d6172696f}]
\Shell\Auto\command - skndcpvcx.exe
\Shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL skndcpvcx.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{c41fc520-24b1-11dc-b3ac-0015f2176775}]
\Shell\Auto\command - avyxrxvvm.exe
\Shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL avyxrxvvm.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{c41fc521-24b1-11dc-b3ac-0015f2176775}]
\Shell\Auto\command - avyxrxvvm.exe
\Shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL avyxrxvvm.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{d870e673-253e-11dc-b3b1-0015f2176775}]
\Shell\Auto\command - kelkbnawu.exe
\Shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL kelkbnawu.exe

*Newly Created Service* - ASWUPDSV
*Newly Created Service* - AVAST!_ANTIVIRUS
.
**************************************************************************

catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-03-23 18:56:43
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

PROCESS: C:\WINDOWS\system32\winlogon.exe
-> C:\WINDOWS\system32\guard32.dll

PROCESS: C:\WINDOWS\system32\lsass.exe
-> C:\WINDOWS\system32\guard32.dll
.
Completion time: 2008-03-23 18:57:38
ComboFix-quarantined-files.txt 2008-03-23 16:57:35
ComboFix2.txt 2008-03-23 10:06:42
.
2008-03-12 06:00:04 --- E O F ---

Hujo · 23.03.2008

Joo se on välillä aika kovaa säätämistä.. Mitäs tiedostoja sieltä koneelta puuttuu?
No ainakin putsataan sitä konetta ja sitten tulee varmaankin eteen se korjausasenuksen tekeminen mahdollisesti.

ajas sitten Sdfix uudelleen

============

• Avaa HiJackThis
• Klikkaa "Configure" valintaa oikealla alhaalla
• Klikkaa "Misc Tools"
• Klikkaa boxia joka sanoo "Uninstall Manager"
• Klikkaa valintaa "Save list"
• Kopioi ja liitä kyseinen lista muistiosta postiisi

many68 · 23.03.2008

Korjausasennus vaan ei oo mahdollista, kun ei oo win xp home cd:tä...
Enkä oikeen tiedä mitä tuolta puuttuu, mut jos voi käyttää apuna tota win xp pro cd:tä, niin sit on helpompaa... Tai kopioida pojan Xp Home koneesta tiedostoja.

Hujo · 23.03.2008

laitoin tohon ylös lisä ohjetta

many68 · 23.03.2008

Ajoin vikasietotilas SDfixin, ja nyt kun se käynnityi uusiks, niin tuli taas tuo logon.scr komentokehote tuohon, niinku silloin kun yritettiin katkasta se käynnistyskierre...
Kirjotanko tohon explorer, vai mitä?

Hujo · 23.03.2008

Pystyykö siinä valiteen normaalin käynnistyksen

many68 · 23.03.2008

Sain sen ajettua läpi. Täs eka sdfix-logi ja perään se lista hjt:stä

SDFix: Version 1.160

Run by Jari on su 23.03.2008 at 19:15

Microsoft Windows XP [versio 5.1.2600]
Running From: C:\DOCUME~1\Jari\TYPYT~1\SDFix

Checking Services :

Restoring Windows Registry Values
Restoring Windows Default Hosts File

Rebooting

Checking Files :

No Trojan Files Found

Removing Temp Files

ADS Check :

Final Check :

catchme 0.3.1344.2 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-03-23 19:30:41
Windows 5.1.2600 Service Pack 2 NTFS

detected NTDLL code modification:
ZwClose

scanning hidden processes ...

scanning hidden services & system hive ...

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4]
"h0"=dword:00000000
"khjeh"=hex:e6,88,13,f2,25,02,26,ea,99,5f,c7,80,83,ea,09,39,ea,7a,b0,3e,30,..
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4]
"h0"=dword:00000000
"khjeh"=hex:e6,88,13,f2,25,02,26,ea,99,5f,c7,80,83,ea,09,39,ea,7a,b0,3e,30,..
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4]
"h0"=dword:00000000
"khjeh"=hex:e6,88,13,f2,25,02,26,ea,99,5f,c7,80,83,ea,09,39,ea,7a,b0,3e,30,..
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet004\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4]
"h0"=dword:00000000
"khjeh"=hex:e6,88,13,f2,25,02,26,ea,99,5f,c7,80,83,ea,09,39,ea,7a,b0,3e,30,..
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg]
"s1"=dword:ce60e291
"s2"=dword:6fd677f7
"h0"=dword:00000001

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4]
"h0"=dword:00000000
"khjeh"=hex:e6,88,13,f2,25,02,26,ea,99,5f,c7,80,83,ea,09,39,ea,7a,b0,3e,30,..
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet006\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4]
"h0"=dword:00000000
"khjeh"=hex:e6,88,13,f2,25,02,26,ea,99,5f,c7,80,83,ea,09,39,ea,7a,b0,3e,30,..

scanning hidden registry entries ...

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\\x90\x2022\x20ac|\xff\xff\xff\xff"\x2022\x20ac|\xf9\x2022\xd3w\2]
"b049C053C7D38EE4AB9A00CB3B5D2472"="C?\Program Files\Common Files\Microsoft Shared\Web Folders\PUBPLACE.HTT"

scanning hidden files ...

scan completed successfully
hidden processes: 0
hidden services: 0
hidden files: 0

Remaining Services :

Authorized Application Key Export:

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabledxpsp2res.dll,-22019"
"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabledxpsp3res.dll,-20000"
"C:\\Program Files\\Steam\\SteamApps\\headshot913\\counter-strike source\\hl2.exe"="C:\\Program Files\\Steam\\SteamApps\\headshot913\\counter-strike source\\hl2.exe:*isabled:hl2"
"C:\\Program Files\\Messenger\\msmsgs.exe"="C:\\Program Files\\Messenger\\msmsgs.exe:*:Enabled:Windows Messenger"
"C:\\Program Files\\Steam\\steam.exe"="C:\\Program Files\\Steam\\steam.exe:*:Enabled:Steam"
"C:\\Program Files\\Ubisoft\\Heroes of Might and Magic V\\bin\\H5_Game.exe"="C:\\Program Files\\Ubisoft\\Heroes of Might and Magic V\\bin\\H5_Game.exe:*:Enabled:Heroes of Might and Magic V"
"C:\\Program Files\\3DO\\Heroes 3 Complete\\HEROES3.EXE"="C:\\Program Files\\3DO\\Heroes 3 Complete\\HEROES3.EXE:*:Enabled:Heroes of Might and Magic© III"
"C:\\Program Files\\Microsoft Games\\Age of Empires II\\age2_x1\\age2_x1.exe"="C:\\Program Files\\Microsoft Games\\Age of Empires II\\age2_x1\\age2_x1.exe:*:Enabled:Age of Empires II Expansion"
"C:\\WINDOWS\\system32\\dplaysvr.exe"="C:\\WINDOWS\\system32\\dplaysvr.exe:*:Enabled:Microsoft DirectPlay Helper"
"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"="C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger"
"C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"="C:\\Program Files\\Windows Live\\Messenger\\livecall.exe:*:Enabled:Windows Live Messenger (Phone)"
"C:\\Program Files\\GameSpy Arcade\\Aphex.exe"="C:\\Program Files\\GameSpy Arcade\\Aphex.exe:*:Enabled:GameSpy Arcade"
"C:\\Program Files\\3DO\\Heroes of Might and Magic IV\\heroes4.exe"="C:\\Program Files\\3DO\\Heroes of Might and Magic IV\\heroes4.exe:*:Enabled:Heroes of Might and Magic© IV: Winds of WarT"
"C:\\WINDOWS\\system32\\dpnsvr.exe"="C:\\WINDOWS\\system32\\dpnsvr.exe:*:Enabled:Microsoft DirectPlay8 Server"
"C:\\Program Files\\Skype\\Phone\\Skype.exe"="C:\\Program Files\\Skype\\Phone\\Skype.exe:*:Enabled:Skype"
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"="C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe:*:Enabled:hpqtra08.exe"
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"="C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe:*:Enabled:hpqste08.exe"
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpofxm08.exe"="C:\\Program Files\\HP\\Digital Imaging\\bin\\hpofxm08.exe:*:Enabled:hpofxm08.exe"
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hposfx08.exe"="C:\\Program Files\\HP\\Digital Imaging\\bin\\hposfx08.exe:*:Enabled:hposfx08.exe"
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"="C:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe:*:Enabled:hposid01.exe"
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqscnvw.exe"="C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqscnvw.exe:*:Enabled:hpqscnvw.exe"
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"="C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe:*:Enabled:hpqkygrp.exe"
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqCopy.exe"="C:\\Program Files\\HP\\Digital Imaging\\bin\\hpqCopy.exe:*:Enabled:hpqcopy.exe"
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpfccopy.exe"="C:\\Program Files\\HP\\Digital Imaging\\bin\\hpfccopy.exe:*:Enabled:hpfccopy.exe"
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpzwiz01.exe"="C:\\Program Files\\HP\\Digital Imaging\\bin\\hpzwiz01.exe:*:Enabled:hpzwiz01.exe"
"C:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqPhUnl.exe"="C:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqPhUnl.exe:*:Enabled:hpqphunl.exe"
"C:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqDIA.exe"="C:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqDIA.exe:*:Enabled:hpqdia.exe"
"C:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe"="C:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe:*:Enabled:hpoews01.exe"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabledxpsp2res.dll,-22019"
"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabledxpsp3res.dll,-20000"
"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"="C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger"
"C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"="C:\\Program Files\\Windows Live\\Messenger\\livecall.exe:*:Enabled:Windows Live Messenger (Phone)"

Remaining Files :

File Backups: - C:\DOCUME~1\Jari\TYPYT~1\SDFix\backups\backups.zip

Files with Hidden Attributes :

Mon 28 Jan 2008 1,404,240 A.SHR --- "C:\Program Files\Spybot - Search & Destroy\SDUpdate.exe"
Mon 28 Jan 2008 5,146,448 A.SHR --- "C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe"
Mon 28 Jan 2008 2,097,488 A.SHR --- "C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe"
Sat 20 Jan 2007 88 ..SHR --- "C:\WINDOWS\system32\24DD2CB436.sys"
Fri 26 Jan 2007 3,350 A.SH. --- "C:\WINDOWS\system32\KGyGaAvL.sys"
Mon 18 Jun 2007 700,928 ...H. --- "C:\WINDOWS\system32\wodfamoh.dll"
Sun 12 Feb 2006 4,348 ..SH. --- "C:\Documents and Settings\All Users\DRM\DRMv1.bak"
Wed 19 Jul 2006 205 A..H. --- "C:\Program Files\InterActual\InterActual Player\iti351.tmp"
Wed 21 Feb 2007 0 A.SH. --- "C:\Documents and Settings\All Users\DRM\Cache\Indiv02.tmp"
Wed 23 Jan 2008 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\585dc2612ebcefc90e7dee4c276ee95e\BIT10.tmp"
Fri 16 Nov 2007 616,448 A.SH. --- "C:\Deckard\System Scanner\backup\WINDOWS\temp\0b27ysru.TMP"
Tue 18 Sep 2007 616,448 A.SH. --- "C:\Deckard\System Scanner\backup\WINDOWS\temp\0brc5glp.TMP"
Tue 20 Nov 2007 616,448 A.SH. --- "C:\Deckard\System Scanner\backup\WINDOWS\temp\0d3sfq3z.TMP"
Fri 16 Nov 2007 616,448 A.SH. --- "C:\Deckard\System Scanner\backup\WINDOWS\temp\0es6vh5a.TMP"
Tue 20 Nov 2007 616,448 A.SH. --- "C:\Deckard\System Scanner\backup\WINDOWS\temp\0r2njf85.TMP"
Fri 16 Nov 2007 616,448 A.SH. --- "C:\Deckard\System Scanner\backup\WINDOWS\temp\0w299qv1.TMP"
Tue 20 Nov 2007 616,448 A.SH. --- "C:\Deckard\System Scanner\backup\WINDOWS\temp\115uf20n.TMP"
Fri 16 Nov 2007 616,448 A.SH. --- "C:\Deckard\System Scanner\backup\WINDOWS\temp\11xxykme.TMP"
Tue 20 Nov 2007 616,448 A.SH. --- "C:\Deckard\System Scanner\backup\WINDOWS\temp\12nlozd4.TMP"
Fri 16 Nov 2007 616,448 A.SH. --- "C:\Deckard\System Scanner\backup\WINDOWS\temp\13rb9ic9.TMP"
Tue 20 Nov 2007 616,448 A.SH. --- "C:\Deckard\System Scanner\backup\WINDOWS\temp\14uplr6l.TMP"
Tue 18 Sep 2007 616,448 A.SH. --- "C:\Deckard\System Scanner\backup\WINDOWS\temp\15nlo4zx.TMP"
Tue 18 Sep 2007 616,448 A.SH. --- "C:\Deckard\System Scanner\backup\WINDOWS\temp\1fklgsle.TMP"
Tue 20 Nov 2007 616,448 A.SH. --- "C:\Deckard\System Scanner\backup\WINDOWS\temp\1h11xtib.TMP"
Tue 18 Sep 2007 589,824 A.SH. --- "C:\Deckard\System Scanner\backup\WINDOWS\temp\1hcv7d8z.TMP"
Fri 16 Nov 2007 616,448 A.SH. --- "C:\Deckard\System Scanner\backup\WINDOWS\temp\1vbtywp7.TMP"
Tue 20 Nov 2007 616,448 A.SH. --- "C:\Deckard\System Scanner\backup\WINDOWS\temp\1yw9tafy.TMP"
Tue 18 Sep 2007 616,448 A.SH. --- "C:\Deckard\System Scanner\backup\WINDOWS\temp\20lz003u.TMP"
Tue 20 Nov 2007 616,448 A.SH. --- "C:\Deckard\System Scanner\backup\WINDOWS\temp\271rujl1.TMP"
Tue 20 Nov 2007 616,448 A.SH. --- "C:\Deckard\System Scanner\backup\WINDOWS\temp\2bwxer57.TMP"
Fri 16 Nov 2007 616,448 A.SH. --- "C:\Deckard\System Scanner\backup\WINDOWS\temp\2lv4x0m8.TMP"
Fri 16 Nov 2007 616,448 A.SH. --- "C:\Deckard\System Scanner\backup\WINDOWS\temp\2rxoalga.TMP"
Tue 20 Nov 2007 616,448 A.SH. --- "C:\Deckard\System Scanner\backup\WINDOWS\temp\2t9n7pf0.TMP"
Tue 20 Nov 2007 616,448 A.SH. --- "C:\Deckard\System Scanner\backup\WINDOWS\temp\2v09evhw.TMP"
Wed 19 Dec 2007 616,448 A.SH. --- "C:\Deckard\System Scanner\backup\WINDOWS\temp\2wxkdzd6.TMP"
Fri 16 Nov 2007 616,448 A.SH. --- "C:\Deckard\System Scanner\backup\WINDOWS\temp\2zil04nc.TMP"
Tue 20 Nov 2007 616,448 A.SH. --- "C:\Deckard\System Scanner\backup\WINDOWS\temp\303y86gp.TMP"
Fri 16 Nov 2007 616,448 A.SH. --- "C:\Deckard\System Scanner\backup\WINDOWS\temp\338ztpd7.TMP"
Fri 16 Nov 2007 616,448 A.SH. --- "C:\Deckard\System Scanner\backup\WINDOWS\temp\34z4fmh6.TMP"
Tue 20 Nov 2007 616,448 A.SH. --- "C:\Deckard\System Scanner\backup\WINDOWS\temp\39ifd81q.TMP"
Tue 25 Dec 2007 616,448 A.SH. --- "C:\Deckard\System Scanner\backup\WINDOWS\temp\3ew744eu.TMP"
Tue 20 Nov 2007 616,448 A.SH. --- "C:\Deckard\System Scanner\backup\WINDOWS\temp\3i53i0dy.TMP"
Fri 16 Nov 2007 616,448 A.SH. --- "C:\Deckard\System Scanner\backup\WINDOWS\temp\3muykhj3.TMP"
Tue 20 Nov 2007 616,448 A.SH. --- "C:\Deckard\System Scanner\backup\WINDOWS\temp\3pztpb58.TMP"
Tue 18 Sep 2007 616,448 A.SH. --- "C:\Deckard\System Scanner\backup\WINDOWS\temp\41jpf492.TMP"
Tue 18 Sep 2007 616,448 A.SH. --- "C:\Deckard\System Scanner\backup\WINDOWS\temp\42658hs8.TMP"
Fri 16 Nov 2007 616,448 A.SH. --- "C:\Deckard\System Scanner\backup\WINDOWS\temp\4b89wuo3.TMP"
Fri 16 Nov 2007 616,448 A.SH. --- "C:\Deckard\System Scanner\backup\WINDOWS\temp\4fsc5ds5.TMP"
Tue 20 Nov 2007 616,448 A.SH. --- "C:\Deckard\System Scanner\backup\WINDOWS\temp\4p2bh32q.TMP"
Tue 18 Sep 2007 616,448 A.SH. --- "C:\Deckard\System Scanner\backup\WINDOWS\temp\4vp9vwb3.TMP"
Tue 20 Nov 2007 616,448 A.SH. --- "C:\Deckard\System Scanner\backup\WINDOWS\temp\4xpwt436.TMP"
Tue 20 Nov 2007 616,448 A.SH. --- "C:\Deckard\System Scanner\backup\WINDOWS\temp\5325resl.TMP"
Fri 16 Nov 2007 616,448 A.SH. --- "C:\Deckard\System Scanner\backup\WINDOWS\temp\550hjha4.TMP"
Fri 16 Nov 2007 616,448 A.SH. --- "C:\Deckard\System Scanner\backup\WINDOWS\temp\5bxteyng.TMP"
Tue 20 Nov 2007 616,448 A.SH. --- "C:\Deckard\System Scanner\backup\WINDOWS\temp\5t3nwrug.TMP"
Tue 20 Nov 2007 616,448 A.SH. --- "C:\Deckard\System Scanner\backup\WINDOWS\temp\63pxpzp9.TMP"
Tue 20 Nov 2007 616,448 A.SH. --- "C:\Deckard\System Scanner\backup\WINDOWS\temp\6enee6io.TMP"
Tue 18 Sep 2007 616,448 A.SH. --- "C:\Deckard\System Scanner\backup\WINDOWS\temp\6hzc23j8.TMP"
Tue 20 Nov 2007 616,448 A.SH. --- "C:\Deckard\System Scanner\backup\WINDOWS\temp\6ipbnri8.TMP"
Tue 20 Nov 2007 616,448 A.SH. --- "C:\Deckard\System Scanner\backup\WINDOWS\temp\6msuhpit.TMP"
Tue 20 Nov 2007 616,448 A.SH. --- "C:\Deckard\System Scanner\backup\WINDOWS\temp\6rbqxbx4.TMP"
Tue 18 Sep 2007 616,448 A.SH. --- "C:\Deckard\System Scanner\backup\WINDOWS\temp\6u7uzrq9.TMP"
Tue 20 Nov 2007 589,824 A.SH. --- "C:\Deckard\System Scanner\backup\WINDOWS\temp\721cxbil.TMP"
Tue 18 Sep 2007 616,448 A.SH. --- "C:\Deckard\System Scanner\backup\WINDOWS\temp\7arfq0ly.TMP"
Fri 16 Nov 2007 616,448 A.SH. --- "C:\Deckard\System Scanner\backup\WINDOWS\temp\7fvg3yjp.TMP"
Sun 28 Oct 2007 616,448 A.SH. --- "C:\Deckard\System Scanner\backup\WINDOWS\temp\7xx8rl7o.TMP"
Fri 16 Nov 2007 616,448 A.SH. --- "C:\Deckard\System Scanner\backup\WINDOWS\temp\89zweojx.TMP"
Fri 16 Nov 2007 616,448 A.SH. --- "C:\Deckard\System Scanner\backup\WINDOWS\temp\8xff7cr1.TMP"
Fri 16 Nov 2007 616,448 A.SH. --- "C:\Deckard\System Scanner\backup\WINDOWS\temp\92dswslh.TMP"
Tue 18 Sep 2007 616,448 A.SH. --- "C:\Deckard\System Scanner\backup\WINDOWS\temp\99gnid8i.TMP"
Tue 20 Nov 2007 616,448 A.SH. --- "C:\Deckard\System Scanner\backup\WINDOWS\temp\9bfzc1ou.TMP"
Tue 20 Nov 2007 616,448 A.SH. --- "C:\Deckard\System Scanner\backup\WINDOWS\temp\9mssccue.TMP"
Tue 20 Nov 2007 616,448 A.SH. --- "C:\Deckard\System Scanner\backup\WINDOWS\temp\9ojerjhr.TMP"
Sun 28 Oct 2007 616,448 A.SH. --- "C:\Deckard\System Scanner\backup\WINDOWS\temp\9qb8cvh8.TMP"
Fri 16 Nov 2007 616,448 A.SH. --- "C:\Deckard\System Scanner\backup\WINDOWS\temp\9wb3r3ei.TMP"
Fri 16 Nov 2007 616,448 A.SH. --- "C:\Deckard\System Scanner\backup\WINDOWS\temp\9x7dg4mz.TMP"
Tue 18 Sep 2007 616,448 A.SH. --- "C:\Deckard\System Scanner\backup\WINDOWS\temp\9zktc2ym.TMP"
Fri 16 Nov 2007 616,448 A.SH. --- "C:\Deckard\System Scanner\backup\WINDOWS\temp\a03shhjj.TMP"
Tue 20 Nov 2007 616,448 A.SH. --- "C:\Deckard\System Scanner\backup\WINDOWS\temp\a5dit1yw.TMP"
Tue 20 Nov 2007 616,448 A.SH. --- "C:\Deckard\System Scanner\backup\WINDOWS\temp\a74vgof3.TMP"
Fri 16 Nov 2007 616,448 A.SH. --- "C:\Deckard\System Scanner\backup\WINDOWS\temp\amr9qy4i.TMP"
Fri 16 Nov 2007 616,448 A.SH. --- "C:\Deckard\System Scanner\backup\WINDOWS\temp\ar8d1fvt.TMP"
Fri 16 Nov 2007 616,448 A.SH. --- "C:\Deckard\System Scanner\backup\WINDOWS\temp\ark3z870.TMP"
Tue 20 Nov 2007 616,448 A.SH. --- "C:\Deckard\System Scanner\backup\WINDOWS\temp\atzq8f4b.TMP"
Fri 16 Nov 2007 616,448 A.SH. --- "C:\Deckard\System Scanner\backup\WINDOWS\temp\b5mx6bgk.TMP"
Fri 16 Nov 2007 616,448 A.SH. --- "C:\Deckard\System Scanner\backup\WINDOWS\temp\b6jyv677.TMP"
Tue 18 Sep 2007 616,448 A.SH. --- "C:\Deckard\System Scanner\backup\WINDOWS\temp\b9xyutks.TMP"
Tue 20 Nov 2007 616,448 A.SH. --- "C:\Deckard\System Scanner\backup\WINDOWS\temp\bcdqs1j3.TMP"
Fri 16 Nov 2007 616,448 A.SH. --- "C:\Deckard\System Scanner\backup\WINDOWS\temp\bfhislyv.TMP"
Tue 20 Nov 2007 616,448 A.SH. --- "C:\Deckard\System Scanner\backup\WINDOWS\temp\bldmxxbq.TMP"
Fri 16 Nov 2007 616,448 A.SH. --- "C:\Deckard\System Scanner\backup\WINDOWS\temp\bwlmsvso.TMP"
Tue 20 Nov 2007 616,448 A.SH. --- "C:\Deckard\System Scanner\backup\WINDOWS\temp\cjt5fnw7.TMP"
Tue 20 Nov 2007 616,448 A.SH. --- "C:\Deckard\System Scanner\backup\WINDOWS\temp\coopsap7.TMP"
Tue 18 Sep 2007 616,448 A.SH. --- "C:\Deckard\System Scanner\backup\WINDOWS\temp\cpjjilkd.TMP"
Tue 18 Sep 2007 616,448 A.SH. --- "C:\Deckard\System Scanner\backup\WINDOWS\temp\cqu1jmwl.TMP"
Tue 20 Nov 2007 616,448 A.SH. --- "C:\Deckard\System Scanner\backup\WINDOWS\temp\cveh528w.TMP"
Fri 16 Nov 2007 616,448 A.SH. --- "C:\Deckard\System Scanner\backup\WINDOWS\temp\d0vy9oe3.TMP"
Tue 20 Nov 2007 616,448 A.SH. --- "C:\Deckard\System Scanner\backup\WINDOWS\temp\e0xiropd.TMP"
Tue 18 Sep 2007 616,448 A.SH. --- "C:\Deckard\System Scanner\backup\WINDOWS\temp\e950e04o.TMP"
Fri 16 Nov 2007 616,448 A.SH. --- "C:\Deckard\System Scanner\backup\WINDOWS\temp\ea5w8hyx.TMP"
Tue 20 Nov 2007 616,448 A.SH. --- "C:\Deckard\System Scanner\backup\WINDOWS\temp\eib59jom.TMP"
Tue 20 Nov 2007 616,448 A.SH. --- "C:\Deckard\System Scanner\backup\WINDOWS\temp\ejd4qmx6.TMP"
Tue 20 Nov 2007 616,448 A.SH. --- "C:\Deckard\System Scanner\backup\WINDOWS\temp\eoi96tov.TMP"
Fri 16 Nov 2007 616,448 A.SH. --- "C:\Deckard\System Scanner\backup\WINDOWS\temp\eubmo9u3.TMP"
Tue 18 Sep 2007 616,448 A.SH. --- "C:\Deckard\System Scanner\backup\WINDOWS\temp\ewd7ql82.TMP"
Fri 16 Nov 2007 616,448 A.SH. --- "C:\Deckard\System Scanner\backup\WINDOWS\temp\eyjlukie.TMP"
Tue 20 Nov 2007 616,448 A.SH. --- "C:\Deckard\System Scanner\backup\WINDOWS\temp\f28w2xui.TMP"
Tue 25 Dec 2007 616,448 A.SH. --- "C:\Deckard\System Scanner\backup\WINDOWS\temp\fjkyjimo.TMP"
Tue 18 Sep 2007 616,448 A.SH. --- "C:\Deckard\System Scanner\backup\WINDOWS\temp\fk0i5k7n.TMP"
Fri 16 Nov 2007 616,448 A.SH. --- "C:\Deckard\System Scanner\backup\WINDOWS\temp\fn61o6mx.TMP"
Fri 16 Nov 2007 616,448 A.SH. --- "C:\Deckard\System Scanner\backup\WINDOWS\temp\fodp740m.TMP"
Tue 18 Sep 2007 616,448 A.SH. --- "C:\Deckard\System Scanner\backup\WINDOWS\temp\fq9xsdbs.TMP"
Tue 20 Nov 2007 616,448 A.SH. --- "C:\Deckard\System Scanner\backup\WINDOWS\temp\fqeyad5p.TMP"
Fri 16 Nov 2007 616,448 A.SH. --- "C:\Deckard\System Scanner\backup\WINDOWS\temp\fruqqv9q.TMP"
Tue 20 Nov 2007 616,448 A.SH. --- "C:\Deckard\System Scanner\backup\WINDOWS\temp\g03gs5vw.TMP"
Tue 20 Nov 2007 616,448 A.SH. --- "C:\Deckard\System Scanner\backup\WINDOWS\temp\g5icmn16.TMP"
Tue 20 Nov 2007 616,448 A.SH. --- "C:\Deckard\System Scanner\backup\WINDOWS\temp\g8jwa69e.TMP"
Tue 20 Nov 2007 616,448 A.SH. --- "C:\Deckard\System Scanner\backup\WINDOWS\temp\gbnmq357.TMP"
Tue 20 Nov 2007 616,448 A.SH. --- "C:\Deckard\System Scanner\backup\WINDOWS\temp\gcly8y7j.TMP"
Tue 20 Nov 2007 616,448 A.SH. --- "C:\Deckard\System Scanner\backup\WINDOWS\temp\gd8h9dqr.TMP"
Fri 16 Nov 2007 616,448 A.SH. --- "C:\Deckard\System Scanner\backup\WINDOWS\temp\ghma14td.TMP"
Fri 16 Nov 2007 616,448 A.SH. --- "C:\Deckard\System Scanner\backup\WINDOWS\temp\gjhvpb77.TMP"
Tue 20 Nov 2007 616,448 A.SH. --- "C:\Deckard\System Scanner\backup\WINDOWS\temp\glxd0kpy.TMP"
Tue 20 Nov 2007 616,448 A.SH. --- "C:\Deckard\System Scanner\backup\WINDOWS\temp\guzobaj0.TMP"
Fri 16 Nov 2007 616,448 A.SH. --- "C:\Deckard\System Scanner\backup\WINDOWS\temp\h05qtaxm.TMP"
Fri 16 Nov 2007 616,448 A.SH. --- "C:\Deckard\System Scanner\backup\WINDOWS\temp\h939p88y.TMP"
Tue 20 Nov 2007 616,448 A.SH. --- "C:\Deckard\System Scanner\backup\WINDOWS\temp\hszuv4ip.TMP"
Tue 20 Nov 2007 616,448 A.SH. --- "C:\Deckard\System Scanner\backup\WINDOWS\temp\husd1vbb.TMP"
Tue 20 Nov 2007 616,448 A.SH. --- "C:\Deckard\System Scanner\backup\WINDOWS\temp\i93jr3yx.TMP"
Tue 20 Nov 2007 616,448 A.SH. --- "C:\Deckard\System Scanner\backup\WINDOWS\temp\imrpi251.TMP"
Tue 20 Nov 2007 616,448 A.SH. --- "C:\Deckard\System Scanner\backup\WINDOWS\temp\ixczsp7p.TMP"
Tue 20 Nov 2007 616,448 A.SH. --- "C:\Deckard\System Scanner\backup\WINDOWS\temp\iyxrsocp.TMP"
Fri 16 Nov 2007 616,448 A.SH. --- "C:\Deckard\System Scanner\backup\WINDOWS\temp\j4keiyr0.TMP"
Tue 20 Nov 2007 616,448 A.SH. --- "C:\Deckard\System Scanner\backup\WINDOWS\temp\j7j6uxsx.TMP"
Fri 16 Nov 2007 616,448 A.SH. --- "C:\Deckard\System Scanner\backup\WINDOWS\temp\jalr55kh.TMP"
Tue 18 Sep 2007 616,448 A.SH. --- "C:\Deckard\System Scanner\backup\WINDOWS\temp\jfkxopsk.TMP"
Tue 20 Nov 2007 616,448 A.SH. --- "C:\Deckard\System Scanner\backup\WINDOWS\temp\jg5vjhc4.TMP"
Tue 20 Nov 2007 616,448 A.SH. --- "C:\Deckard\System Scanner\backup\WINDOWS\temp\jpb8buqr.TMP"
Tue 20 Nov 2007 616,448 A.SH. --- "C:\Deckard\System Scanner\backup\WINDOWS\temp\jpxs7w51.TMP"
Tue 20 Nov 2007 616,448 A.SH. --- "C:\Deckard\System Scanner\backup\WINDOWS\temp\js0p3c0r.TMP"
Tue 18 Sep 2007 616,448 A.SH. --- "C:\Deckard\System Scanner\backup\WINDOWS\temp\k0o7dy6k.TMP"
Tue 20 Nov 2007 616,448 A.SH. --- "C:\Deckard\System Scanner\backup\WINDOWS\temp\k3iofhii.TMP"
Fri 16 Nov 2007 616,448 A.SH. --- "C:\Deckard\System Scanner\backup\WINDOWS\temp\k51qfwx0.TMP"
Tue 20 Nov 2007 616,448 A.SH. --- "C:\Deckard\System Scanner\backup\WINDOWS\temp\k5f1l67x.TMP"
Fri 16 Nov 2007 616,448 A.SH. --- "C:\Deckard\System Scanner\backup\WINDOWS\temp\k5tb18dw.TMP"
Fri 16 Nov 2007 616,448 A.SH. --- "C:\Deckard\System Scanner\backup\WINDOWS\temp\k6ixgw79.TMP"
Wed 19 Dec 2007 616,448 A.SH. --- "C:\Deckard\System Scanner\backup\WINDOWS\temp\k8waz1zd.TMP"
Fri 16 Nov 2007 616,448 A.SH. --- "C:\Deckard\System Scanner\backup\WINDOWS\temp\kcjp5a53.TMP"
Tue 20 Nov 2007 616,448 A.SH. --- "C:\Deckard\System Scanner\backup\WINDOWS\temp\l989t3vv.TMP"
Tue 20 Nov 2007 616,448 A.SH. --- "C:\Deckard\System Scanner\backup\WINDOWS\temp\lmxy9cev.TMP"
Fri 16 Nov 2007 616,448 A.SH. --- "C:\Deckard\System Scanner\backup\WINDOWS\temp\lo1o8j4n.TMP"
Tue 20 Nov 2007 616,448 A.SH. --- "C:\Deckard\System Scanner\backup\WINDOWS\temp\lsel4g1u.TMP"
Tue 20 Nov 2007 616,448 A.SH. --- "C:\Deckard\System Scanner\backup\WINDOWS\temp\lxb5z9cg.TMP"
Fri 16 Nov 2007 616,448 A.SH. --- "C:\Deckard\System Scanner\backup\WINDOWS\temp\m1pd5fx8.TMP"
Tue 20 Nov 2007 616,448 A.SH. --- "C:\Deckard\System Scanner\backup\WINDOWS\temp\m7polcox.TMP"
Tue 20 Nov 2007 616,448 A.SH. --- "C:\Deckard\System Scanner\backup\WINDOWS\temp\m90qtasu.TMP"
Tue 20 Nov 2007 616,448 A.SH. --- "C:\Deckard\System Scanner\backup\WINDOWS\temp\mbfx4rfg.TMP"
Tue 20 Nov 2007 616,448 A.SH. --- "C:\Deckard\System Scanner\backup\WINDOWS\temp\mco583s9.TMP"
Tue 20 Nov 2007 616,448 A.SH. --- "C:\Deckard\System Scanner\backup\WINDOWS\temp\mguccscd.TMP"
Tue 20 Nov 2007 616,448 A.SH. --- "C:\Deckard\System Scanner\backup\WINDOWS\temp\mhny6fk0.TMP"
Fri 16 Nov 2007 616,448 A.SH. --- "C:\Deckard\System Scanner\backup\WINDOWS\temp\mme4lla8.TMP"
Tue 20 Nov 2007 616,448 A.SH. --- "C:\Deckard\System Scanner\backup\WINDOWS\temp\n2qqg39u.TMP"
Tue 20 Nov 2007 616,448 A.SH. --- "C:\Deckard\System Scanner\backup\WINDOWS\temp\n3ti4zjr.TMP"
Fri 16 Nov 2007 616,448 A.SH. --- "C:\Deckard\System Scanner\backup\WINDOWS\temp\n4t5mpco.TMP"
Tue 18 Sep 2007 616,448 A.SH. --- "C:\Deckard\System Scanner\backup\WINDOWS\temp\n6v4x0k2.TMP"
Tue 20 Nov 2007 616,448 A.SH. --- "C:\Deckard\System Scanner\backup\WINDOWS\temp\n785cmx5.TMP"
Tue 20 Nov 2007 616,448 A.SH. --- "C:\Deckard\System Scanner\backup\WINDOWS\temp\nndhxr06.TMP"
Fri 16 Nov 2007 616,448 A.SH. --- "C:\Deckard\System Scanner\backup\WINDOWS\temp\npu4zf1y.TMP"
Tue 18 Sep 2007 616,448 A.SH. --- "C:\Deckard\System Scanner\backup\WINDOWS\temp\nqfzpujc.TMP"
Fri 16 Nov 2007 616,448 A.SH. --- "C:\Deckard\System Scanner\backup\WINDOWS\temp\nrdrvj4g.TMP"
Fri 16 Nov 2007 616,448 A.SH. --- "C:\Deckard\System Scanner\backup\WINDOWS\temp\nuct7k3a.TMP"
Tue 20 Nov 2007 616,448 A.SH. --- "C:\Deckard\System Scanner\backup\WINDOWS\temp\o4lzp64c.TMP"
Fri 16 Nov 2007 616,448 A.SH. --- "C:\Deckard\System Scanner\backup\WINDOWS\temp\o6g6nrp5.TMP"
Fri 16 Nov 2007 616,448 A.SH. --- "C:\Deckard\System Scanner\backup\WINDOWS\temp\o81wdewz.TMP"
Fri 16 Nov 2007 616,448 A.SH. --- "C:\Deckard\System Scanner\backup\WINDOWS\temp\omb3y3h1.TMP"
Tue 20 Nov 2007 616,448 A.SH. --- "C:\Deckard\System Scanner\backup\WINDOWS\temp\op1jrf4j.TMP"
Tue 18 Sep 2007 616,448 A.SH. --- "C:\Deckard\System Scanner\backup\WINDOWS\temp\oqbfb2zn.TMP"
Tue 18 Sep 2007 616,448 A.SH. --- "C:\Deckard\System Scanner\backup\WINDOWS\temp\p278q9qg.TMP"
Fri 16 Nov 2007 616,448 A.SH. --- "C:\Deckard\System Scanner\backup\WINDOWS\temp\p6wyl2mt.TMP"
Fri 16 Nov 2007 616,448 A.SH. --- "C:\Deckard\System Scanner\backup\WINDOWS\temp\pb9v4kru.TMP"
Fri 16 Nov 2007 616,448 A.SH. --- "C:\Deckard\System Scanner\backup\WINDOWS\temp\pryja54y.TMP"
Tue 18 Sep 2007 616,448 A.SH. --- "C:\Deckard\System Scanner\backup\WINDOWS\temp\qnfnja2q.TMP"
Tue 20 Nov 2007 616,448 A.SH. --- "C:\Deckard\System Scanner\backup\WINDOWS\temp\qq0emoxe.TMP"
Fri 16 Nov 2007 616,448 A.SH. --- "C:\Deckard\System Scanner\backup\WINDOWS\temp\qvxgytkx.TMP"
Tue 20 Nov 2007 616,448 A.SH. --- "C:\Deckard\System Scanner\backup\WINDOWS\temp\qxrcywfc.TMP"
Tue 20 Nov 2007 616,448 A.SH. --- "C:\Deckard\System Scanner\backup\WINDOWS\temp\qxxamdj5.TMP"
Fri 16 Nov 2007 616,448 A.SH. --- "C:\Deckard\System Scanner\backup\WINDOWS\temp\r6gb6qz9.TMP"
Tue 20 Nov 2007 616,448 A.SH. --- "C:\Deckard\System Scanner\backup\WINDOWS\temp\rhumja7i.TMP"
Tue 20 Nov 2007 616,448 A.SH. --- "C:\Deckard\System Scanner\backup\WINDOWS\temp\rpqh7e1k.TMP"
Tue 20 Nov 2007 616,448 A.SH. --- "C:\Deckard\System Scanner\backup\WINDOWS\temp\rvgynf5u.TMP"
Fri 16 Nov 2007 616,448 A.SH. --- "C:\Deckard\System Scanner\backup\WINDOWS\temp\rwaodlhu.TMP"
Tue 20 Nov 2007 616,448 A.SH. --- "C:\Deckard\System Scanner\backup\WINDOWS\temp\ryvgerbv.TMP"
Tue 20 Nov 2007 616,448 A.SH. --- "C:\Deckard\System Scanner\backup\WINDOWS\temp\s00jnpfk.TMP"
Fri 16 Nov 2007 616,448 A.SH. --- "C:\Deckard\System Scanner\backup\WINDOWS\temp\s137vdru.TMP"
Fri 16 Nov 2007 616,448 A.SH. --- "C:\Deckard\System Scanner\backup\WINDOWS\temp\s1nc6b4k.TMP"
Tue 25 Dec 2007 616,448 A.SH. --- "C:\Deckard\System Scanner\backup\WINDOWS\temp\s64tww9n.TMP"
Tue 20 Nov 2007 616,448 A.SH. --- "C:\Deckard\System Scanner\backup\WINDOWS\temp\s7g3yxaa.TMP"
Fri 16 Nov 2007 616,448 A.SH. --- "C:\Deckard\System Scanner\backup\WINDOWS\temp\sepx5ixm.TMP"
Tue 25 Dec 2007 616,448 A.SH. --- "C:\Deckard\System Scanner\backup\WINDOWS\temp\snho7g0v.TMP"
Tue 25 Dec 2007 616,448 A.SH. --- "C:\Deckard\System Scanner\backup\WINDOWS\temp\sp2owsh5.TMP"
Fri 16 Nov 2007 616,448 A.SH. --- "C:\Deckard\System Scanner\backup\WINDOWS\temp\st8rke7y.TMP"
Tue 20 Nov 2007 616,448 A.SH. --- "C:\Deckard\System Scanner\backup\WINDOWS\temp\svdqi6e7.TMP"
Tue 20 Nov 2007 616,448 A.SH. --- "C:\Deckard\System Scanner\backup\WINDOWS\temp\sz60tc65.TMP"
Tue 18 Sep 2007 616,448 A.SH. --- "C:\Deckard\System Scanner\backup\WINDOWS\temp\t72eazd5.TMP"
Tue 18 Sep 2007 616,448 A.SH. --- "C:\Deckard\System Scanner\backup\WINDOWS\temp\tbj9mgit.TMP"
Fri 16 Nov 2007 616,448 A.SH. --- "C:\Deckard\System Scanner\backup\WINDOWS\temp\twj7ivqf.TMP"
Fri 16 Nov 2007 616,448 A.SH. --- "C:\Deckard\System Scanner\backup\WINDOWS\temp\u3g7buun.TMP"
Tue 18 Sep 2007 616,448 A.SH. --- "C:\Deckard\System Scanner\backup\WINDOWS\temp\u4ld0m5z.TMP"
Fri 16 Nov 2007 616,448 A.SH. --- "C:\Deckard\System Scanner\backup\WINDOWS\temp\u92mnbeb.TMP"
Tue 18 Sep 2007 616,448 A.SH. --- "C:\Deckard\System Scanner\backup\WINDOWS\temp\ug02utab.TMP"
Tue 20 Nov 2007 616,448 A.SH. --- "C:\Deckard\System Scanner\backup\WINDOWS\temp\ug7unn5z.TMP"
Fri 16 Nov 2007 616,448 A.SH. --- "C:\Deckard\System Scanner\backup\WINDOWS\temp\umaz17a1.TMP"
Fri 16 Nov 2007 616,448 A.SH. --- "C:\Deckard\System Scanner\backup\WINDOWS\temp\umoj6a1f.TMP"
Fri 16 Nov 2007 616,448 A.SH. --- "C:\Deckard\System Scanner\backup\WINDOWS\temp\umrdwja4.TMP"
Tue 20 Nov 2007 616,448 A.SH. --- "C:\Deckard\System Scanner\backup\WINDOWS\temp\uoyild54.TMP"
Tue 20 Nov 2007 616,448 A.SH. --- "C:\Deckard\System Scanner\backup\WINDOWS\temp\up2slvpk.TMP"
Fri 16 Nov 2007 616,448 A.SH. --- "C:\Deckard\System Scanner\backup\WINDOWS\temp\uuh3ve7v.TMP"
Tue 20 Nov 2007 616,448 A.SH. --- "C:\Deckard\System Scanner\backup\WINDOWS\temp\uxz4elg4.TMP"
Tue 20 Nov 2007 616,448 A.SH. --- "C:\Deckard\System Scanner\backup\WINDOWS\temp\v37572q4.TMP"
Tue 18 Sep 2007 616,448 A.SH. --- "C:\Deckard\System Scanner\backup\WINDOWS\temp\vo2j8h02.TMP"
Tue 20 Nov 2007 616,448 A.SH. --- "C:\Deckard\System Scanner\backup\WINDOWS\temp\vy82m42n.TMP"
Tue 20 Nov 2007 616,448 A.SH. --- "C:\Deckard\System Scanner\backup\WINDOWS\temp\vzr6jejm.TMP"
Fri 16 Nov 2007 616,448 A.SH. --- "C:\Deckard\System Scanner\backup\WINDOWS\temp\w43vmnck.TMP"
Tue 20 Nov 2007 616,448 A.SH. --- "C:\Deckard\System Scanner\backup\WINDOWS\temp\w6ohzzzw.TMP"
Fri 16 Nov 2007 616,448 A.SH. --- "C:\Deckard\System Scanner\backup\WINDOWS\temp\wcsyq1j0.TMP"
Tue 20 Nov 2007 616,448 A.SH. --- "C:\Deckard\System Scanner\backup\WINDOWS\temp\wcvntc16.TMP"
Tue 18 Sep 2007 616,448 A.SH. --- "C:\Deckard\System Scanner\backup\WINDOWS\temp\wd4flzh2.TMP"
Fri 16 Nov 2007 616,448 A.SH. --- "C:\Deckard\System Scanner\backup\WINDOWS\temp\xo1r72g5.TMP"
Tue 20 Nov 2007 616,448 A.SH. --- "C:\Deckard\System Scanner\backup\WINDOWS\temp\xupryp3r.TMP"
Fri 16 Nov 2007 616,448 A.SH. --- "C:\Deckard\System Scanner\backup\WINDOWS\temp\xy53w3w8.TMP"
Fri 16 Nov 2007 616,448 A.SH. --- "C:\Deckard\System Scanner\backup\WINDOWS\temp\y95pcmrz.TMP"
Fri 16 Nov 2007 616,448 A.SH. --- "C:\Deckard\System Scanner\backup\WINDOWS\temp\ynumjjlj.TMP"
Tue 20 Nov 2007 616,448 A.SH. --- "C:\Deckard\System Scanner\backup\WINDOWS\temp\ywho4fzs.TMP"
Fri 16 Nov 2007 616,448 A.SH. --- "C:\Deckard\System Scanner\backup\WINDOWS\temp\z2rzt14p.TMP"
Fri 16 Nov 2007 616,448 A.SH. --- "C:\Deckard\System Scanner\backup\WINDOWS\temp\z31l4ur4.TMP"
Tue 20 Nov 2007 616,448 A.SH. --- "C:\Deckard\System Scanner\backup\WINDOWS\temp\z4tekqns.TMP"
Tue 18 Sep 2007 616,448 A.SH. --- "C:\Deckard\System Scanner\backup\WINDOWS\temp\zj4gpz2u.TMP"
Tue 20 Nov 2007 616,448 A.SH. --- "C:\Deckard\System Scanner\backup\WINDOWS\temp\zqvj412g.TMP"
Mon 25 Jun 2007 616,448 A.SH. --- "C:\Deckard\System Scanner\20080320112155\backup\WINDOWS\temp\18clkbza.TMP"
Sun 24 Jun 2007 616,448 A.SH. --- "C:\Deckard\System Scanner\20080320112155\backup\WINDOWS\temp\1b20atyb.TMP"
Wed 2 May 2007 616,448 A.SH. --- "C:\Deckard\System Scanner\20080320112155\backup\WINDOWS\temp\2dzsefo4.TMP"
Sun 24 Jun 2007 616,448 A.SH. --- "C:\Deckard\System Scanner\20080320112155\backup\WINDOWS\temp\2f92wojf.TMP"
Wed 2 May 2007 616,448 A.SH. --- "C:\Deckard\System Scanner\20080320112155\backup\WINDOWS\temp\2pfac495.TMP"
Mon 25 Jun 2007 616,448 A.SH. --- "C:\Deckard\System Scanner\20080320112155\backup\WINDOWS\temp\46xm08rc.TMP"
Mon 25 Jun 2007 616,448 A.SH. --- "C:\Deckard\System Scanner\20080320112155\backup\WINDOWS\temp\652kfrko.TMP"
Mon 25 Jun 2007 616,448 A.SH. --- "C:\Deckard\System Scanner\20080320112155\backup\WINDOWS\temp\7frcmv77.TMP"
Sun 24 Jun 2007 616,448 A.SH. --- "C:\Deckard\System Scanner\20080320112155\backup\WINDOWS\temp\7tkyo41q.TMP"
Sun 24 Jun 2007 616,448 A.SH. --- "C:\Deckard\System Scanner\20080320112155\backup\WINDOWS\temp\8pjfde51.TMP"
Mon 25 Jun 2007 616,448 A.SH. --- "C:\Deckard\System Scanner\20080320112155\backup\WINDOWS\temp\9e7cifah.TMP"
Sun 24 Jun 2007 616,448 A.SH. --- "C:\Deckard\System Scanner\20080320112155\backup\WINDOWS\temp\c00od1fv.TMP"
Sun 24 Jun 2007 616,448 A.SH. --- "C:\Deckard\System Scanner\20080320112155\backup\WINDOWS\temp\cdrc4wde.TMP"
Sun 24 Jun 2007 616,448 A.SH. --- "C:\Deckard\System Scanner\20080320112155\backup\WINDOWS\temp\dfgh70xm.TMP"
Sun 24 Jun 2007 616,448 A.SH. --- "C:\Deckard\System Scanner\20080320112155\backup\WINDOWS\temp\dxig5hn7.TMP"
Sun 24 Jun 2007 616,448 A.SH. --- "C:\Deckard\System Scanner\20080320112155\backup\WINDOWS\temp\fmfa46wf.TMP"
Mon 25 Jun 2007 589,824 A.SH. --- "C:\Deckard\System Scanner\20080320112155\backup\WINDOWS\temp\frn1pq9i.TMP"
Mon 25 Jun 2007 616,448 A.SH. --- "C:\Deckard\System Scanner\20080320112155\backup\WINDOWS\temp\h0be7jrx.TMP"
Mon 25 Jun 2007 616,448 A.SH. --- "C:\Deckard\System Scanner\20080320112155\backup\WINDOWS\temp\i8iig2s0.TMP"
Sun 24 Jun 2007 616,448 A.SH. --- "C:\Deckard\System Scanner\20080320112155\backup\WINDOWS\temp\kcezl0hi.TMP"
Sun 24 Jun 2007 616,448 A.SH. --- "C:\Deckard\System Scanner\20080320112155\backup\WINDOWS\temp\lm05hude.TMP"
Sun 24 Jun 2007 616,448 A.SH. --- "C:\Deckard\System Scanner\20080320112155\backup\WINDOWS\temp\mt4dt1do.TMP"
Sun 24 Jun 2007 616,448 A.SH. --- "C:\Deckard\System Scanner\20080320112155\backup\WINDOWS\temp\n42uk03t.TMP"
Mon 25 Jun 2007 616,448 A.SH. --- "C:\Deckard\System Scanner\20080320112155\backup\WINDOWS\temp\nqx4udwa.TMP"
Sun 24 Jun 2007 616,448 A.SH. --- "C:\Deckard\System Scanner\20080320112155\backup\WINDOWS\temp\nxmbonmq.TMP"
Mon 25 Jun 2007 616,448 A.SH. --- "C:\Deckard\System Scanner\20080320112155\backup\WINDOWS\temp\saovaoty.TMP"
Mon 25 Jun 2007 616,448 A.SH. --- "C:\Deckard\System Scanner\20080320112155\backup\WINDOWS\temp\sftqbr38.TMP"
Sun 24 Jun 2007 616,448 A.SH. --- "C:\Deckard\System Scanner\20080320112155\backup\WINDOWS\temp\swy8jrbo.TMP"
Mon 25 Jun 2007 616,448 A.SH. --- "C:\Deckard\System Scanner\20080320112155\backup\WINDOWS\temp\tijbn9gl.TMP"
Wed 2 May 2007 616,448 A.SH. --- "C:\Deckard\System Scanner\20080320112155\backup\WINDOWS\temp\u96kecww.TMP"
Mon 25 Jun 2007 616,448 A.SH. --- "C:\Deckard\System Scanner\20080320112155\backup\WINDOWS\temp\ul5cyhkj.TMP"
Wed 2 May 2007 616,448 A.SH. --- "C:\Deckard\System Scanner\20080320112155\backup\WINDOWS\temp\v75ba5d4.TMP"
Sun 24 Jun 2007 616,448 A.SH. --- "C:\Deckard\System Scanner\20080320112155\backup\WINDOWS\temp\vwmgdr3t.TMP"
Mon 25 Jun 2007 616,448 A.SH. --- "C:\Deckard\System Scanner\20080320112155\backup\WINDOWS\temp\whxmjoyh.TMP"
Mon 25 Jun 2007 616,448 A.SH. --- "C:\Deckard\System Scanner\20080320112155\backup\WINDOWS\temp\xbh5pi8h.TMP"
Sun 24 Jun 2007 616,448 A.SH. --- "C:\Deckard\System Scanner\20080320112155\backup\WINDOWS\temp\xtx0o5n3.TMP"
Sun 24 Jun 2007 616,448 A.SH. --- "C:\Deckard\System Scanner\20080320112155\backup\WINDOWS\temp\yrsfyokj.TMP"
Sun 24 Jun 2007 616,448 A.SH. --- "C:\Deckard\System Scanner\20080320112155\backup\WINDOWS\temp\ytwlcqku.TMP"
Mon 25 Jun 2007 616,448 A.SH. --- "C:\Deckard\System Scanner\20080320112155\backup\WINDOWS\temp\z9pwgrr5.TMP"

Finished!

Ad-Aware 2007
Adobe Acrobat 5.0
Adobe Acrobat Reader 3.02
Adobe Flash Player 9 ActiveX
Adobe Flash Player ActiveX
Adobe Photoshop 7.0
Adobe Photoshop 7.0.1
Adobe Reader 7.0 - Suomi
Adobe Shockwave Player
Apple Software Update
avast! Antivirus
AVG Anti-Spyware 7.5
Avira UnErase Personal
Battlefield 1942
COMODO Firewall Pro
Counter-Strike: Source
Crow Hunting 1.0
Elasto Mania
GameSpy Arcade
GdiplusUpgrade
GPL MPEG-1/2 DirectShow Decoder Filter
Grand Theft Auto
Heroes of Might & Magic V: Hammers of Fate
Heroes of Might and Magic IV: Winds of War
Heroes of Might and Magic V
Heroes of Might and Magic V - Tribes of the East
Heroes of Might and Magic® III Complete
HijackThis 1.99.1
HOT ALBUM MYBOX
Hotfix for Windows Media Format 11 SDK (KB929399)
Hotfix for Windows Media Format SDK (KB902344)
Hotfix for Windows XP (KB915865)
Hotfix for Windows XP (KB926239)
Hotfix-korjauspäivitys Windows Media Player 11:lle (KB939683)
Hotfix-päivitys Windows XP:lle (KB914440)
HP Extended Capabilities 5.3
HP Image Zone Express
HP Imaging Device Functions 5.3
HP PSC & OfficeJet 5.3.B
HP Software Update
HP Solution Center & Imaging Support Tools 5.3
InterActual Player
Java(TM) 6 Update 2
Java(TM) 6 Update 3
Java(TM) 6 Update 5
LEGOLAND
Lukutulkki
Macromedia Flash Player 8
Macromedia Shockwave Player
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Finnish Language Pack
Microsoft .NET Framework 1.1 Hotfix (KB928366)
Microsoft .NET Framework 2.0
Microsoft .NET Framework 2.0 -tuotteen Security Update (KB928365)
Microsoft Age of Empires II
Microsoft Age of Empires II: The Conquerors Expansion
Microsoft Base Smart Card Cryptographic Service Provider Package
Microsoft Compression Client Pack 1.0 for Windows XP
Microsoft DirectX Transform optional components
Microsoft Internationalized Domain Names Mitigation APIs
Microsoft National Language Support Downlevel APIs
Microsoft User-Mode Driver Framework Feature Pack 1.0
Microsoft Windows XP -käyttöjärjestelmän ohjatun CD-levylle tallentamisen HighMAT-laajennus
MSXML 4.0 SP2 (KB927978)
MSXML 4.0 SP2 (KB936181)
Nero OEM
Network Play System (Patching)
NVIDIA Drivers
OLYMPUS CAMEDIA Master 4.1
PowerDVD
Project64 1.6
Päivitys Windows XP:lle (KB900485)
Päivitys Windows XP:lle (KB904942)
Päivitys Windows XP:lle (KB910437)
Päivitys Windows XP:lle (KB916595)
Päivitys Windows XP:lle (KB920872)
Päivitys Windows XP:lle (KB922582)
Päivitys Windows XP:lle (KB927891)
Päivitys Windows XP:lle (KB929338)
Päivitys Windows XP:lle (KB930916)
Päivitys Windows XP:lle (KB931836)
Päivitys Windows XP:lle (KB933360)
Päivitys Windows XP:lle (KB938828)
Päivitys Windows XP:lle (KB942763)
QuickTime
Racer
Realtek AC'97 Audio
RTP for RM2K (Png, Wav, Midi, Fonts)
Security Update for CAPICOM (KB931906)
Security Update for CAPICOM (KB931906)
Sinbad - Legend Of The Seven Seas (TM)
Skype™ Beta 3.6
Solid State ION Internet Explorer Plugin
Sony Ericsson PC Suite
Spybot - Search & Destroy
Steam
Steam(TM)
Suojauspäivitys ohjelmistolle Windows XP (KB941569)
Suojauspäivitys Windows Internet Explorer 7:lle (KB928090)
Suojauspäivitys Windows Internet Explorer 7:lle (KB929969)
Suojauspäivitys Windows Internet Explorer 7:lle (KB931768)
Suojauspäivitys Windows Internet Explorer 7:lle (KB933566)
Suojauspäivitys Windows Internet Explorer 7:lle (KB937143)
Suojauspäivitys Windows Internet Explorer 7:lle (KB938127)
Suojauspäivitys Windows Internet Explorer 7:lle (KB939653)
Suojauspäivitys Windows Internet Explorer 7:lle (KB942615)
Suojauspäivitys Windows Internet Explorer 7:lle (KB944533)
Suojauspäivitys Windows Media Player 10:lle (KB911565)
Suojauspäivitys Windows Media Player 10:lle (KB917734)
Suojauspäivitys Windows Media Player 11:lle (KB936782)
Suojauspäivitys Windows Media Player 6.4:lle (KB925398)
Suojauspäivitys Windows Media Playerille (KB911564)
Suojauspäivitys Windows XP:lle (KB901190)
Suojauspäivitys Windows XP:lle (KB905915)
Suojauspäivitys Windows XP:lle (KB908519)
Suojauspäivitys Windows XP:lle (KB908531)
Suojauspäivitys Windows XP:lle (KB911280)
Suojauspäivitys Windows XP:lle (KB911562)
Suojauspäivitys Windows XP:lle (KB911567)
Suojauspäivitys Windows XP:lle (KB911927)
Suojauspäivitys Windows XP:lle (KB912812)
Suojauspäivitys Windows XP:lle (KB912919)
Suojauspäivitys Windows XP:lle (KB913446)
Suojauspäivitys Windows XP:lle (KB913580)
Suojauspäivitys Windows XP:lle (KB914388)
Suojauspäivitys Windows XP:lle (KB914389)
Suojauspäivitys Windows XP:lle (KB916281)
Suojauspäivitys Windows XP:lle (KB917159)
Suojauspäivitys Windows XP:lle (KB917344)
Suojauspäivitys Windows XP:lle (KB917422)
Suojauspäivitys Windows XP:lle (KB917953)
Suojauspäivitys Windows XP:lle (KB918118)
Suojauspäivitys Windows XP:lle (KB918439)
Suojauspäivitys Windows XP:lle (KB918899)
Suojauspäivitys Windows XP:lle (KB919007)
Suojauspäivitys Windows XP:lle (KB920213)
Suojauspäivitys Windows XP:lle (KB920214)
Suojauspäivitys Windows XP:lle (KB920670)
Suojauspäivitys Windows XP:lle (KB920683)
Suojauspäivitys Windows XP:lle (KB920685)
Suojauspäivitys Windows XP:lle (KB921398)
Suojauspäivitys Windows XP:lle (KB921503)
Suojauspäivitys Windows XP:lle (KB921883)
Suojauspäivitys Windows XP:lle (KB922616)
Suojauspäivitys Windows XP:lle (KB922760)
Suojauspäivitys Windows XP:lle (KB922819)
Suojauspäivitys Windows XP:lle (KB923191)
Suojauspäivitys Windows XP:lle (KB923414)
Suojauspäivitys Windows XP:lle (KB923694)
Suojauspäivitys Windows XP:lle (KB923980)
Suojauspäivitys Windows XP:lle (KB924191)
Suojauspäivitys Windows XP:lle (KB924270)
Suojauspäivitys Windows XP:lle (KB924496)
Suojauspäivitys Windows XP:lle (KB924667)
Suojauspäivitys Windows XP:lle (KB925454)
Suojauspäivitys Windows XP:lle (KB925486)
Suojauspäivitys Windows XP:lle (KB925902)
Suojauspäivitys Windows XP:lle (KB926255)
Suojauspäivitys Windows XP:lle (KB926436)
Suojauspäivitys Windows XP:lle (KB927779)
Suojauspäivitys Windows XP:lle (KB927802)
Suojauspäivitys Windows XP:lle (KB928255)
Suojauspäivitys Windows XP:lle (KB928843)
Suojauspäivitys Windows XP:lle (KB929123)
Suojauspäivitys Windows XP:lle (KB930178)
Suojauspäivitys Windows XP:lle (KB931261)
Suojauspäivitys Windows XP:lle (KB931784)
Suojauspäivitys Windows XP:lle (KB932168)
Suojauspäivitys Windows XP:lle (KB933729)
Suojauspäivitys Windows XP:lle (KB935839)
Suojauspäivitys Windows XP:lle (KB935840)
Suojauspäivitys Windows XP:lle (KB936021)
Suojauspäivitys Windows XP:lle (KB938829)
Suojauspäivitys Windows XP:lle (KB941202)
Suojauspäivitys Windows XP:lle (KB941568)
Suojauspäivitys Windows XP:lle (KB941644)
Suojauspäivitys Windows XP:lle (KB943055)
Suojauspäivitys Windows XP:lle (KB943460)
Suojauspäivitys Windows XP:lle (KB943485)
Suojauspäivitys Windows XP:lle (KB944653)
Suojauspäivitys Windows XP:lle (KB946026)
VideoLAN VLC media player 0.8.5
Windows Genuine Advantage v1.3.0254.0
Windows Internet Explorer 7
Windows Live installer
Windows Live Messenger
Windows Live OneCare safety scanner
Windows Media Connect
Windows Media Format 11 runtime
Windows Media Format 11 runtime
Windows Media Player 11
Windows Media Player 11
Windows XP Hotfix - KB887472
Windows XP Hotfix - KB887742
Windows XP Hotfix - KB887797
WinRAR archiver

many68 · 23.03.2008

Poistettu, tuli raportit 2 kretaa...

Kirjaudu tai liity jäseneksi

Koneesta puuttuu tiedostoja, mut on örkkejä

many68 Regular member

Hujo Guest

mind92 Regular member

Hujo Guest

many68 Regular member

tukis Guest

many68 Regular member

many68 Regular member

Hujo Guest

many68 Regular member

Hujo Guest

many68 Regular member

many68 Regular member

Hujo Guest

many68 Regular member

Hujo Guest

many68 Regular member

Hujo Guest

many68 Regular member

many68 Regular member

Jaa tämä sivu

Kirjaudu tai liity jäseneksi

Koneesta puuttuu tiedostoja, mut on örkkejä

many68 Regular member

Hujo Guest

mind92 Regular member

Hujo Guest

many68 Regular member

tukis Guest

many68 Regular member

many68 Regular member

Hujo Guest

many68 Regular member

Hujo Guest

many68 Regular member

many68 Regular member

Hujo Guest

many68 Regular member

Hujo Guest

many68 Regular member

Hujo Guest

many68 Regular member

many68 Regular member

Jaa tämä sivu

Hyödyllisiä hakuja