1. Tämä sivusto käyttää keksejä (cookie). Jatkamalla sivuston käyttämistä hyväksyt keksien käyttämisen. Lue lisää.

RootKit epäily koneella!

Viestiketju Virukset ja haittaohjelmat - HijackThis -logit -osiossa. Ketjun avasi Axu83 14.09.2010.

  1. kalminen

    kalminen Regular member

    Liittynyt:
    04.05.2007
    Viestejä:
    3,915
    Kiitokset:
    0
    Pisteet:
    46
    .
    Uutta raahausta ja logia =>

    Avaa Muistio ja kopioi/liitä Lainaus: laatikon sisältö sinne:

    Koodi:
    File::
    C:\Documents and Settings\Admin\Local Settings\Temp\awrcqkog.sys
    
    Tallenna nimellä CFScript (itse asiassa combofix tunnistaa tuon vaikka tiedostopääte ei olisi
    edes .txt).

    * Sulje/ota pois päältä kaikki virustorjunta- ja haittaohjelmien poisto-ohjelmat, jotta ne eivät häiritse ComboFixin ajoa.

    Sitten raahaa ja pudota CFScript ComboFix.exeen kuten alla.(Älä klikkaa)

    [​IMG]

    Huom! Älä klikkaile combofixin ikkunaa käytön aikana. Tämä saattaa aiheuttaa ohjelman jumiutumisen.
    Käynnistä kone uudelleen, jos niin pyydetään ja lähetä combofix.txt-tiedoston sisältö tänne.

    (C:\ComboFix.txt)

    Uusi ajo GMERillä ja logi=>
    :)
     
  2.  
  3. Axu83

    Axu83 Member

    Liittynyt:
    19.11.2003
    Viestejä:
    30
    Kiitokset:
    0
    Pisteet:
    16
    En ole varma tekikö Combofix mitään, käynnistyi kyllä mutta oli tosi nopea, ei tullut reboottia tai logia. Nyt oli tosin hälyohjelmat pois päältä.

    Tässä gmer-logi:

    GMER 1.0.15.15281 - http://www.gmer.net
    Rootkit scan 2010-09-18 13:51:30
    Windows 5.1.2600 Service Pack 3
    Running: gmer.exe; Driver: C:\DOCUME~1\Admin\LOCALS~1\Temp\awrcqkog.sys


    ---- System - GMER 1.0.15 ----

    SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Firewall Pro Sandbox Driver/COMODO) ZwAdjustPrivilegesToken [0xA7B4DC8C]
    SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Firewall Pro Sandbox Driver/COMODO) ZwConnectPort [0xA7B4D3C4]
    SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Firewall Pro Sandbox Driver/COMODO) ZwCreateFile [0xA7B4D8A0]
    SSDT BA71329E ZwCreateKey
    SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Firewall Pro Sandbox Driver/COMODO) ZwCreatePort [0xA7B4D080]
    SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Firewall Pro Sandbox Driver/COMODO) ZwCreateSection [0xA7B4F084]
    SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Firewall Pro Sandbox Driver/COMODO) ZwCreateSymbolicLinkObject [0xA7B4DE72]
    SSDT BA713294 ZwCreateThread
    SSDT BA7132A3 ZwDeleteKey
    SSDT BA7132AD ZwDeleteValueKey
    SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Firewall Pro Sandbox Driver/COMODO) ZwDuplicateObject [0xA7B4CB02]
    SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Firewall Pro Sandbox Driver/COMODO) ZwLoadDriver [0xA7B4ED24]
    SSDT BA7132B2 ZwLoadKey
    SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Firewall Pro Sandbox Driver/COMODO) ZwOpenFile [0xA7B4DAB0]
    SSDT BA713280 ZwOpenProcess
    SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Firewall Pro Sandbox Driver/COMODO) ZwOpenSection [0xA7B4D744]
    SSDT BA713285 ZwOpenThread
    SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Firewall Pro Sandbox Driver/COMODO) ZwRenameKey [0xA7B4E7F2]
    SSDT BA7132BC ZwReplaceKey
    SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Firewall Pro Sandbox Driver/COMODO) ZwRequestWaitReplyPort [0xA7B4D196]
    SSDT BA7132B7 ZwRestoreKey
    SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Firewall Pro Sandbox Driver/COMODO) ZwSecureConnectPort [0xA7B4EAE6]
    SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Firewall Pro Sandbox Driver/COMODO) ZwSetSystemInformation [0xA7B4EEC4]
    SSDT BA7132A8 ZwSetValueKey
    SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Firewall Pro Sandbox Driver/COMODO) ZwShutdownSystem [0xA7B4D5D2]
    SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Firewall Pro Sandbox Driver/COMODO) ZwSystemDebugControl [0xA7B4D638]
    SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Firewall Pro Sandbox Driver/COMODO) ZwTerminateProcess [0xA7B4CF4A]
    SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Firewall Pro Sandbox Driver/COMODO) ZwTerminateThread [0xA7B4CE18]

    Code fsdfw.sys (F-Secure Internet Shield Driver/F-Secure Corporation) IoCreateDevice

    ---- Kernel code sections - GMER 1.0.15 ----

    .text ntkrnlpa.exe!ZwCallbackReturn + 26CC 80501F04 4 Bytes JMP CBECA7B4
    PAGE ntkrnlpa.exe!IoCreateDevice 8056AB48 5 Bytes JMP B9E02FFA fsdfw.sys (F-Secure Internet Shield Driver/F-Secure Corporation)
    PAGENPNP NDIS.SYS!NdisRegisterProtocol B9E1217F 5 Bytes JMP B9E02E0C fsdfw.sys (F-Secure Internet Shield Driver/F-Secure Corporation)
    PAGENPNP NDIS.SYS!NdisOpenAdapter B9E12399 5 Bytes JMP B9E03394 fsdfw.sys (F-Secure Internet Shield Driver/F-Secure Corporation)
    PAGENPNP NDIS.SYS!NdisCloseAdapter B9E1C642 5 Bytes JMP B9E02F18 fsdfw.sys (F-Secure Internet Shield Driver/F-Secure Corporation)
    PAGENPNP NDIS.SYS!NdisDeregisterProtocol B9E1C821 5 Bytes JMP B9E031B0 fsdfw.sys (F-Secure Internet Shield Driver/F-Secure Corporation)
    PAGENDSP NDIS.SYS!NdisReturnPackets B9E1F810 5 Bytes JMP B9E03C0C fsdfw.sys (F-Secure Internet Shield Driver/F-Secure Corporation)
    PAGENDSP NDIS.SYS!NdisRequest B9E1F97B 5 Bytes JMP B9E035AC fsdfw.sys (F-Secure Internet Shield Driver/F-Secure Corporation)
    PAGENDSP NDIS.SYS!NdisSend B9E22986 5 Bytes JMP B9E0458C fsdfw.sys (F-Secure Internet Shield Driver/F-Secure Corporation)
    PAGENDSP NDIS.SYS!NdisSendPackets B9E229A3 5 Bytes JMP B9E0465E fsdfw.sys (F-Secure Internet Shield Driver/F-Secure Corporation)
    PAGENDSP NDIS.SYS!NdisTransferData B9E229BE 5 Bytes JMP B9E03D0A fsdfw.sys (F-Secure Internet Shield Driver/F-Secure Corporation)
    PAGENDCO NDIS.SYS!NdisCoCreateVc B9E29186 5 Bytes JMP B9E02E76 fsdfw.sys (F-Secure Internet Shield Driver/F-Secure Corporation)
    PAGENDCO NDIS.SYS!NdisCoDeleteVc B9E2A557 5 Bytes JMP B9E02EE4 fsdfw.sys (F-Secure Internet Shield Driver/F-Secure Corporation)
    PAGENDCO NDIS.SYS!NdisCoSendPackets B9E2AAF1 5 Bytes JMP B9E04376 fsdfw.sys (F-Secure Internet Shield Driver/F-Secure Corporation)

    ---- User code sections - GMER 1.0.15 ----

    .text C:\WINDOWS\System32\svchost.exe[160] ntdll.dll!NtClose 7C90CFEE 5 Bytes JMP 10005060 C:\WINDOWS\system32\guard32.dll
    .text C:\WINDOWS\System32\svchost.exe[160] ntdll.dll!LdrUnloadDll 7C91738B 5 Bytes JMP 10004F90 C:\WINDOWS\system32\guard32.dll
    .text C:\WINDOWS\System32\svchost.exe[160] USER32.dll!EndTask 7E45A0A5 5 Bytes JMP 10004C30 C:\WINDOWS\system32\guard32.dll
    .text C:\WINDOWS\System32\svchost.exe[160] USER32.dll!mouse_event 7E46673F 5 Bytes JMP 100016D0 C:\WINDOWS\system32\guard32.dll
    .text C:\WINDOWS\System32\svchost.exe[160] USER32.dll!keybd_event 7E466783 5 Bytes JMP 10001550 C:\WINDOWS\system32\guard32.dll
    .text C:\WINDOWS\System32\svchost.exe[160] GDI32.dll!BitBlt 77F16F79 5 Bytes JMP 10001860 C:\WINDOWS\system32\guard32.dll
    .text C:\WINDOWS\System32\svchost.exe[160] GDI32.dll!CreateDCA 77F1B7D2 5 Bytes JMP 10001230 C:\WINDOWS\system32\guard32.dll
    .text C:\WINDOWS\System32\svchost.exe[160] GDI32.dll!CreateDCW 77F1BE38 2 Bytes JMP 100013C0 C:\WINDOWS\system32\guard32.dll
    .text C:\WINDOWS\System32\svchost.exe[160] GDI32.dll!CreateDCW + 3 77F1BE3B 2 Bytes [0E, 98] {PUSH CS; CWDE }
    .text C:\WINDOWS\System32\svchost.exe[160] ole32.dll!CoCreateInstanceEx 77500526 5 Bytes JMP 10004960 C:\WINDOWS\system32\guard32.dll
    .text C:\WINDOWS\System32\svchost.exe[160] ole32.dll!CoGetClassObject 775156C5 5 Bytes JMP 10004AD0 C:\WINDOWS\system32\guard32.dll
    .text C:\WINDOWS\system32\locator.exe[340] ntdll.dll!NtClose 7C90CFEE 5 Bytes JMP 10005060 C:\WINDOWS\system32\guard32.dll
    .text C:\WINDOWS\system32\locator.exe[340] ntdll.dll!LdrUnloadDll 7C91738B 5 Bytes JMP 10004F90 C:\WINDOWS\system32\guard32.dll
    .text C:\WINDOWS\system32\locator.exe[340] USER32.dll!EndTask 7E45A0A5 5 Bytes JMP 10004C30 C:\WINDOWS\system32\guard32.dll
    .text C:\WINDOWS\system32\locator.exe[340] USER32.dll!mouse_event 7E46673F 5 Bytes JMP 100016D0 C:\WINDOWS\system32\guard32.dll
    .text C:\WINDOWS\system32\locator.exe[340] USER32.dll!keybd_event 7E466783 5 Bytes JMP 10001550 C:\WINDOWS\system32\guard32.dll
    .text C:\WINDOWS\system32\locator.exe[340] GDI32.dll!BitBlt 77F16F79 5 Bytes JMP 10001860 C:\WINDOWS\system32\guard32.dll
    .text C:\WINDOWS\system32\locator.exe[340] GDI32.dll!CreateDCA 77F1B7D2 5 Bytes JMP 10001230 C:\WINDOWS\system32\guard32.dll
    .text C:\WINDOWS\system32\locator.exe[340] GDI32.dll!CreateDCW 77F1BE38 2 Bytes JMP 100013C0 C:\WINDOWS\system32\guard32.dll
    .text C:\WINDOWS\system32\locator.exe[340] GDI32.dll!CreateDCW + 3 77F1BE3B 2 Bytes [0E, 98] {PUSH CS; CWDE }
    .text C:\WINDOWS\system32\locator.exe[340] ole32.dll!CoCreateInstanceEx 77500526 5 Bytes JMP 10004960 C:\WINDOWS\system32\guard32.dll
    .text C:\WINDOWS\system32\locator.exe[340] ole32.dll!CoGetClassObject 775156C5 5 Bytes JMP 10004AD0 C:\WINDOWS\system32\guard32.dll
    .text C:\WINDOWS\system32\wdfmgr.exe[396] ntdll.dll!NtClose 7C90CFEE 5 Bytes JMP 10005060 C:\WINDOWS\system32\guard32.dll
    .text C:\WINDOWS\system32\wdfmgr.exe[396] ntdll.dll!LdrUnloadDll 7C91738B 5 Bytes JMP 10004F90 C:\WINDOWS\system32\guard32.dll
    .text C:\WINDOWS\system32\wdfmgr.exe[396] USER32.dll!EndTask 7E45A0A5 5 Bytes JMP 10004C30 C:\WINDOWS\system32\guard32.dll
    .text C:\WINDOWS\system32\wdfmgr.exe[396] USER32.dll!mouse_event 7E46673F 5 Bytes JMP 100016D0 C:\WINDOWS\system32\guard32.dll
    .text C:\WINDOWS\system32\wdfmgr.exe[396] USER32.dll!keybd_event 7E466783 5 Bytes JMP 10001550 C:\WINDOWS\system32\guard32.dll
    .text C:\WINDOWS\system32\wdfmgr.exe[396] GDI32.dll!BitBlt 77F16F79 5 Bytes JMP 10001860 C:\WINDOWS\system32\guard32.dll
    .text C:\WINDOWS\system32\wdfmgr.exe[396] GDI32.dll!CreateDCA 77F1B7D2 5 Bytes JMP 10001230 C:\WINDOWS\system32\guard32.dll
    .text C:\WINDOWS\system32\wdfmgr.exe[396] GDI32.dll!CreateDCW 77F1BE38 2 Bytes JMP 100013C0 C:\WINDOWS\system32\guard32.dll
    .text C:\WINDOWS\system32\wdfmgr.exe[396] GDI32.dll!CreateDCW + 3 77F1BE3B 2 Bytes [0E, 98] {PUSH CS; CWDE }
    .text C:\WINDOWS\system32\wdfmgr.exe[396] ole32.dll!CoCreateInstanceEx 77500526 5 Bytes JMP 10004960 C:\WINDOWS\system32\guard32.dll
    .text C:\WINDOWS\system32\wdfmgr.exe[396] ole32.dll!CoGetClassObject 775156C5 5 Bytes JMP 10004AD0 C:\WINDOWS\system32\guard32.dll
    .text C:\WINDOWS\system32\winlogon.exe[580] ntdll.dll!NtClose 7C90CFEE 5 Bytes JMP 10005060 C:\WINDOWS\system32\guard32.dll
    .text C:\WINDOWS\system32\winlogon.exe[580] ntdll.dll!LdrUnloadDll 7C91738B 5 Bytes JMP 10004F90 C:\WINDOWS\system32\guard32.dll
    .text C:\WINDOWS\system32\winlogon.exe[580] USER32.dll!EndTask 7E45A0A5 5 Bytes JMP 10004C30 C:\WINDOWS\system32\guard32.dll
    .text C:\WINDOWS\system32\winlogon.exe[580] USER32.dll!mouse_event 7E46673F 5 Bytes JMP 100016D0 C:\WINDOWS\system32\guard32.dll
    .text C:\WINDOWS\system32\winlogon.exe[580] USER32.dll!keybd_event 7E466783 5 Bytes JMP 10001550 C:\WINDOWS\system32\guard32.dll
    .text C:\WINDOWS\system32\winlogon.exe[580] GDI32.dll!BitBlt 77F16F79 5 Bytes JMP 10001860 C:\WINDOWS\system32\guard32.dll
    .text C:\WINDOWS\system32\winlogon.exe[580] GDI32.dll!CreateDCA 77F1B7D2 5 Bytes JMP 10001230 C:\WINDOWS\system32\guard32.dll
    .text C:\WINDOWS\system32\winlogon.exe[580] GDI32.dll!CreateDCW 77F1BE38 2 Bytes JMP 100013C0 C:\WINDOWS\system32\guard32.dll
    .text C:\WINDOWS\system32\winlogon.exe[580] GDI32.dll!CreateDCW + 3 77F1BE3B 2 Bytes [0E, 98] {PUSH CS; CWDE }
    .text C:\WINDOWS\system32\winlogon.exe[580] ole32.dll!CoCreateInstanceEx 77500526 5 Bytes JMP 10004960 C:\WINDOWS\system32\guard32.dll
    .text C:\WINDOWS\system32\winlogon.exe[580] ole32.dll!CoGetClassObject 775156C5 5 Bytes JMP 10004AD0 C:\WINDOWS\system32\guard32.dll
    .text C:\WINDOWS\system32\services.exe[624] ntdll.dll!NtClose 7C90CFEE 5 Bytes JMP 10005060 C:\WINDOWS\system32\guard32.dll
    .text C:\WINDOWS\system32\services.exe[624] ntdll.dll!LdrUnloadDll 7C91738B 5 Bytes JMP 10004F90 C:\WINDOWS\system32\guard32.dll
    .text C:\WINDOWS\system32\services.exe[624] USER32.dll!EndTask 7E45A0A5 5 Bytes JMP 10004C30 C:\WINDOWS\system32\guard32.dll
    .text C:\WINDOWS\system32\services.exe[624] USER32.dll!mouse_event 7E46673F 5 Bytes JMP 100016D0 C:\WINDOWS\system32\guard32.dll
    .text C:\WINDOWS\system32\services.exe[624] USER32.dll!keybd_event 7E466783 5 Bytes JMP 10001550 C:\WINDOWS\system32\guard32.dll
    .text C:\WINDOWS\system32\services.exe[624] GDI32.dll!BitBlt 77F16F79 5 Bytes JMP 10001860 C:\WINDOWS\system32\guard32.dll
    .text C:\WINDOWS\system32\services.exe[624] GDI32.dll!CreateDCA 77F1B7D2 5 Bytes JMP 10001230 C:\WINDOWS\system32\guard32.dll
    .text C:\WINDOWS\system32\services.exe[624] GDI32.dll!CreateDCW 77F1BE38 2 Bytes JMP 100013C0 C:\WINDOWS\system32\guard32.dll
    .text C:\WINDOWS\system32\services.exe[624] GDI32.dll!CreateDCW + 3 77F1BE3B 2 Bytes [0E, 98] {PUSH CS; CWDE }
    .text C:\WINDOWS\system32\services.exe[624] ole32.dll!CoCreateInstanceEx 77500526 5 Bytes JMP 10004960 C:\WINDOWS\system32\guard32.dll
    .text C:\WINDOWS\system32\services.exe[624] ole32.dll!CoGetClassObject 775156C5 5 Bytes JMP 10004AD0 C:\WINDOWS\system32\guard32.dll
    .text C:\WINDOWS\system32\lsass.exe[636] ntdll.dll!NtClose 7C90CFEE 5 Bytes JMP 10005060 C:\WINDOWS\system32\guard32.dll
    .text C:\WINDOWS\system32\lsass.exe[636] ntdll.dll!LdrUnloadDll 7C91738B 5 Bytes JMP 10004F90 C:\WINDOWS\system32\guard32.dll
    .text C:\WINDOWS\system32\lsass.exe[636] USER32.dll!EndTask 7E45A0A5 5 Bytes JMP 10004C30 C:\WINDOWS\system32\guard32.dll
    .text C:\WINDOWS\system32\lsass.exe[636] USER32.dll!mouse_event 7E46673F 5 Bytes JMP 100016D0 C:\WINDOWS\system32\guard32.dll
    .text C:\WINDOWS\system32\lsass.exe[636] USER32.dll!keybd_event 7E466783 5 Bytes JMP 10001550 C:\WINDOWS\system32\guard32.dll
    .text C:\WINDOWS\system32\lsass.exe[636] GDI32.dll!BitBlt 77F16F79 5 Bytes JMP 10001860 C:\WINDOWS\system32\guard32.dll
    .text C:\WINDOWS\system32\lsass.exe[636] GDI32.dll!CreateDCA 77F1B7D2 5 Bytes JMP 10001230 C:\WINDOWS\system32\guard32.dll
    .text C:\WINDOWS\system32\lsass.exe[636] GDI32.dll!CreateDCW 77F1BE38 2 Bytes JMP 100013C0 C:\WINDOWS\system32\guard32.dll
    .text C:\WINDOWS\system32\lsass.exe[636] GDI32.dll!CreateDCW + 3 77F1BE3B 2 Bytes [0E, 98] {PUSH CS; CWDE }
    .text C:\WINDOWS\system32\lsass.exe[636] ole32.dll!CoCreateInstanceEx 77500526 5 Bytes JMP 10004960 C:\WINDOWS\system32\guard32.dll
    .text C:\WINDOWS\system32\lsass.exe[636] ole32.dll!CoGetClassObject 775156C5 5 Bytes JMP 10004AD0 C:\WINDOWS\system32\guard32.dll
    .text D:\Program Files\Avira\AntiVir Desktop\avguard.exe[792] ntdll.dll!NtClose 7C90CFEE 5 Bytes JMP 10005060 C:\WINDOWS\system32\guard32.dll
    .text D:\Program Files\Avira\AntiVir Desktop\avguard.exe[792] ntdll.dll!LdrUnloadDll 7C91738B 5 Bytes JMP 10004F90 C:\WINDOWS\system32\guard32.dll
    .text D:\Program Files\Avira\AntiVir Desktop\avguard.exe[792] USER32.dll!EndTask 7E45A0A5 5 Bytes JMP 10004C30 C:\WINDOWS\system32\guard32.dll
    .text D:\Program Files\Avira\AntiVir Desktop\avguard.exe[792] USER32.dll!mouse_event 7E46673F 5 Bytes JMP 100016D0 C:\WINDOWS\system32\guard32.dll
    .text D:\Program Files\Avira\AntiVir Desktop\avguard.exe[792] USER32.dll!keybd_event 7E466783 5 Bytes JMP 10001550 C:\WINDOWS\system32\guard32.dll
    .text D:\Program Files\Avira\AntiVir Desktop\avguard.exe[792] GDI32.dll!BitBlt 77F16F79 5 Bytes JMP 10001860 C:\WINDOWS\system32\guard32.dll
    .text D:\Program Files\Avira\AntiVir Desktop\avguard.exe[792] GDI32.dll!CreateDCA 77F1B7D2 5 Bytes JMP 10001230 C:\WINDOWS\system32\guard32.dll
    .text D:\Program Files\Avira\AntiVir Desktop\avguard.exe[792] GDI32.dll!CreateDCW 77F1BE38 2 Bytes JMP 100013C0 C:\WINDOWS\system32\guard32.dll
    .text D:\Program Files\Avira\AntiVir Desktop\avguard.exe[792] GDI32.dll!CreateDCW + 3 77F1BE3B 2 Bytes [0E, 98] {PUSH CS; CWDE }
    .text D:\Program Files\Avira\AntiVir Desktop\avguard.exe[792] ole32.dll!CoCreateInstanceEx 77500526 5 Bytes JMP 10004960 C:\WINDOWS\system32\guard32.dll
    .text D:\Program Files\Avira\AntiVir Desktop\avguard.exe[792] ole32.dll!CoGetClassObject 775156C5 5 Bytes JMP 10004AD0 C:\WINDOWS\system32\guard32.dll
    .text D:\Program Files\Avira\AntiVir Desktop\avshadow.exe[848] ntdll.dll!NtClose 7C90CFEE 5 Bytes JMP 10005060 C:\WINDOWS\system32\guard32.dll
    .text D:\Program Files\Avira\AntiVir Desktop\avshadow.exe[848] ntdll.dll!LdrUnloadDll 7C91738B 5 Bytes JMP 10004F90 C:\WINDOWS\system32\guard32.dll
    .text D:\Program Files\Avira\AntiVir Desktop\avshadow.exe[848] ole32.dll!CoCreateInstanceEx 77500526 5 Bytes JMP 10004960 C:\WINDOWS\system32\guard32.dll
    .text D:\Program Files\Avira\AntiVir Desktop\avshadow.exe[848] ole32.dll!CoGetClassObject 775156C5 5 Bytes JMP 10004AD0 C:\WINDOWS\system32\guard32.dll
    .text D:\Program Files\Avira\AntiVir Desktop\avshadow.exe[848] GDI32.dll!BitBlt 77F16F79 5 Bytes JMP 10001860 C:\WINDOWS\system32\guard32.dll
    .text D:\Program Files\Avira\AntiVir Desktop\avshadow.exe[848] GDI32.dll!CreateDCA 77F1B7D2 5 Bytes JMP 10001230 C:\WINDOWS\system32\guard32.dll
    .text D:\Program Files\Avira\AntiVir Desktop\avshadow.exe[848] GDI32.dll!CreateDCW 77F1BE38 2 Bytes JMP 100013C0 C:\WINDOWS\system32\guard32.dll
    .text D:\Program Files\Avira\AntiVir Desktop\avshadow.exe[848] GDI32.dll!CreateDCW + 3 77F1BE3B 2 Bytes [0E, 98] {PUSH CS; CWDE }
    .text D:\Program Files\Avira\AntiVir Desktop\avshadow.exe[848] USER32.dll!EndTask 7E45A0A5 5 Bytes JMP 10004C30 C:\WINDOWS\system32\guard32.dll
    .text D:\Program Files\Avira\AntiVir Desktop\avshadow.exe[848] USER32.dll!mouse_event 7E46673F 5 Bytes JMP 100016D0 C:\WINDOWS\system32\guard32.dll
    .text D:\Program Files\Avira\AntiVir Desktop\avshadow.exe[848] USER32.dll!keybd_event 7E466783 5 Bytes JMP 10001550 C:\WINDOWS\system32\guard32.dll
    .text C:\WINDOWS\system32\svchost.exe[1012] ntdll.dll!NtClose 7C90CFEE 5 Bytes JMP 10005060 C:\WINDOWS\system32\guard32.dll
    .text C:\WINDOWS\system32\svchost.exe[1012] ntdll.dll!LdrUnloadDll 7C91738B 5 Bytes JMP 10004F90 C:\WINDOWS\system32\guard32.dll
    .text C:\WINDOWS\system32\svchost.exe[1012] USER32.dll!EndTask 7E45A0A5 5 Bytes JMP 10004C30 C:\WINDOWS\system32\guard32.dll
    .text C:\WINDOWS\system32\svchost.exe[1012] USER32.dll!mouse_event 7E46673F 5 Bytes JMP 100016D0 C:\WINDOWS\system32\guard32.dll
    .text C:\WINDOWS\system32\svchost.exe[1012] USER32.dll!keybd_event 7E466783 5 Bytes JMP 10001550 C:\WINDOWS\system32\guard32.dll
    .text C:\WINDOWS\system32\svchost.exe[1012] GDI32.dll!BitBlt 77F16F79 5 Bytes JMP 10001860 C:\WINDOWS\system32\guard32.dll
    .text C:\WINDOWS\system32\svchost.exe[1012] GDI32.dll!CreateDCA 77F1B7D2 5 Bytes JMP 10001230 C:\WINDOWS\system32\guard32.dll
    .text C:\WINDOWS\system32\svchost.exe[1012] GDI32.dll!CreateDCW 77F1BE38 2 Bytes JMP 100013C0 C:\WINDOWS\system32\guard32.dll
    .text C:\WINDOWS\system32\svchost.exe[1012] GDI32.dll!CreateDCW + 3 77F1BE3B 2 Bytes [0E, 98] {PUSH CS; CWDE }
    .text C:\WINDOWS\system32\svchost.exe[1012] ole32.dll!CoCreateInstanceEx 77500526 5 Bytes JMP 10004960 C:\WINDOWS\system32\guard32.dll
    .text C:\WINDOWS\system32\svchost.exe[1012] ole32.dll!CoGetClassObject 775156C5 5 Bytes JMP 10004AD0 C:\WINDOWS\system32\guard32.dll
    .text C:\WINDOWS\System32\svchost.exe[1048] ntdll.dll!NtClose 7C90CFEE 5 Bytes JMP 10005060 C:\WINDOWS\system32\guard32.dll
    .text C:\WINDOWS\System32\svchost.exe[1048] ntdll.dll!LdrUnloadDll 7C91738B 5 Bytes JMP 10004F90 C:\WINDOWS\system32\guard32.dll
    .text C:\WINDOWS\System32\svchost.exe[1048] USER32.dll!EndTask 7E45A0A5 5 Bytes JMP 10004C30 C:\WINDOWS\system32\guard32.dll
    .text C:\WINDOWS\System32\svchost.exe[1048] USER32.dll!mouse_event 7E46673F 5 Bytes JMP 100016D0 C:\WINDOWS\system32\guard32.dll
    .text C:\WINDOWS\System32\svchost.exe[1048] USER32.dll!keybd_event 7E466783 5 Bytes JMP 10001550 C:\WINDOWS\system32\guard32.dll
    .text C:\WINDOWS\System32\svchost.exe[1048] GDI32.dll!BitBlt 77F16F79 5 Bytes JMP 10001860 C:\WINDOWS\system32\guard32.dll
    .text C:\WINDOWS\System32\svchost.exe[1048] GDI32.dll!CreateDCA 77F1B7D2 5 Bytes JMP 10001230 C:\WINDOWS\system32\guard32.dll
    .text C:\WINDOWS\System32\svchost.exe[1048] GDI32.dll!CreateDCW 77F1BE38 2 Bytes JMP 100013C0 C:\WINDOWS\system32\guard32.dll
    .text C:\WINDOWS\System32\svchost.exe[1048] GDI32.dll!CreateDCW + 3 77F1BE3B 2 Bytes [0E, 98] {PUSH CS; CWDE }
    .text C:\WINDOWS\System32\svchost.exe[1048] ole32.dll!CoCreateInstanceEx 77500526 5 Bytes JMP 10004960 C:\WINDOWS\system32\guard32.dll
    .text C:\WINDOWS\System32\svchost.exe[1048] ole32.dll!CoGetClassObject 775156C5 5 Bytes JMP 10004AD0 C:\WINDOWS\system32\guard32.dll
    .text C:\WINDOWS\system32\svchost.exe[1260] ntdll.dll!NtClose 7C90CFEE 5 Bytes JMP 10005060 C:\WINDOWS\system32\guard32.dll
    .text C:\WINDOWS\system32\svchost.exe[1260] ntdll.dll!LdrUnloadDll 7C91738B 5 Bytes JMP 10004F90 C:\WINDOWS\system32\guard32.dll
    .text C:\WINDOWS\system32\svchost.exe[1260] USER32.dll!EndTask 7E45A0A5 5 Bytes JMP 10004C30 C:\WINDOWS\system32\guard32.dll
    .text C:\WINDOWS\system32\svchost.exe[1260] USER32.dll!mouse_event 7E46673F 5 Bytes JMP 100016D0 C:\WINDOWS\system32\guard32.dll
    .text C:\WINDOWS\system32\svchost.exe[1260] USER32.dll!keybd_event 7E466783 5 Bytes JMP 10001550 C:\WINDOWS\system32\guard32.dll
    .text C:\WINDOWS\system32\svchost.exe[1260] GDI32.dll!BitBlt 77F16F79 5 Bytes JMP 10001860 C:\WINDOWS\system32\guard32.dll
    .text C:\WINDOWS\system32\svchost.exe[1260] GDI32.dll!CreateDCA 77F1B7D2 5 Bytes JMP 10001230 C:\WINDOWS\system32\guard32.dll
    .text C:\WINDOWS\system32\svchost.exe[1260] GDI32.dll!CreateDCW 77F1BE38 2 Bytes JMP 100013C0 C:\WINDOWS\system32\guard32.dll
    .text C:\WINDOWS\system32\svchost.exe[1260] GDI32.dll!CreateDCW + 3 77F1BE3B 2 Bytes [0E, 98] {PUSH CS; CWDE }
    .text C:\WINDOWS\system32\svchost.exe[1260] ole32.dll!CoCreateInstanceEx 77500526 5 Bytes JMP 10004960 C:\WINDOWS\system32\guard32.dll
    .text C:\WINDOWS\system32\svchost.exe[1260] ole32.dll!CoGetClassObject 775156C5 5 Bytes JMP 10004AD0 C:\WINDOWS\system32\guard32.dll
    .text C:\WINDOWS\system32\svchost.exe[1272] ntdll.dll!NtClose 7C90CFEE 5 Bytes JMP 10005060 C:\WINDOWS\system32\guard32.dll
    .text C:\WINDOWS\system32\svchost.exe[1272] ntdll.dll!LdrUnloadDll 7C91738B 5 Bytes JMP 10004F90 C:\WINDOWS\system32\guard32.dll
    .text C:\WINDOWS\system32\svchost.exe[1272] USER32.dll!EndTask 7E45A0A5 5 Bytes JMP 10004C30 C:\WINDOWS\system32\guard32.dll
    .text C:\WINDOWS\system32\svchost.exe[1272] USER32.dll!mouse_event 7E46673F 5 Bytes JMP 100016D0 C:\WINDOWS\system32\guard32.dll
    .text C:\WINDOWS\system32\svchost.exe[1272] USER32.dll!keybd_event 7E466783 5 Bytes JMP 10001550 C:\WINDOWS\system32\guard32.dll
    .text C:\WINDOWS\system32\svchost.exe[1272] GDI32.dll!BitBlt 77F16F79 5 Bytes JMP 10001860 C:\WINDOWS\system32\guard32.dll
    .text C:\WINDOWS\system32\svchost.exe[1272] GDI32.dll!CreateDCA 77F1B7D2 5 Bytes JMP 10001230 C:\WINDOWS\system32\guard32.dll
    .text C:\WINDOWS\system32\svchost.exe[1272] GDI32.dll!CreateDCW 77F1BE38 2 Bytes JMP 100013C0 C:\WINDOWS\system32\guard32.dll
    .text C:\WINDOWS\system32\svchost.exe[1272] GDI32.dll!CreateDCW + 3 77F1BE3B 2 Bytes [0E, 98] {PUSH CS; CWDE }
    .text C:\WINDOWS\system32\svchost.exe[1272] ole32.dll!CoCreateInstanceEx 77500526 5 Bytes JMP 10004960 C:\WINDOWS\system32\guard32.dll
    .text C:\WINDOWS\system32\svchost.exe[1272] ole32.dll!CoGetClassObject 775156C5 5 Bytes JMP 10004AD0 C:\WINDOWS\system32\guard32.dll
    .text C:\WINDOWS\Explorer.EXE[1308] ntdll.dll!NtClose 7C90CFEE 5 Bytes JMP 10005060 C:\WINDOWS\system32\guard32.dll
    .text C:\WINDOWS\Explorer.EXE[1308] ntdll.dll!LdrUnloadDll 7C91738B 5 Bytes JMP 10004F90 C:\WINDOWS\system32\guard32.dll
    .text C:\WINDOWS\Explorer.EXE[1308] GDI32.dll!BitBlt 77F16F79 5 Bytes JMP 10001860 C:\WINDOWS\system32\guard32.dll
    .text C:\WINDOWS\Explorer.EXE[1308] GDI32.dll!CreateDCA 77F1B7D2 5 Bytes JMP 10001230 C:\WINDOWS\system32\guard32.dll
    .text C:\WINDOWS\Explorer.EXE[1308] GDI32.dll!CreateDCW 77F1BE38 2 Bytes JMP 100013C0 C:\WINDOWS\system32\guard32.dll
    .text C:\WINDOWS\Explorer.EXE[1308] GDI32.dll!CreateDCW + 3 77F1BE3B 2 Bytes [0E, 98] {PUSH CS; CWDE }
    .text C:\WINDOWS\Explorer.EXE[1308] USER32.dll!EndTask 7E45A0A5 5 Bytes JMP 10004C30 C:\WINDOWS\system32\guard32.dll
    .text C:\WINDOWS\Explorer.EXE[1308] USER32.dll!mouse_event 7E46673F 5 Bytes JMP 100016D0 C:\WINDOWS\system32\guard32.dll
    .text C:\WINDOWS\Explorer.EXE[1308] USER32.dll!keybd_event 7E466783 5 Bytes JMP 10001550 C:\WINDOWS\system32\guard32.dll
    .text C:\WINDOWS\Explorer.EXE[1308] ole32.dll!CoCreateInstanceEx 77500526 5 Bytes JMP 10004960 C:\WINDOWS\system32\guard32.dll
    .text C:\WINDOWS\Explorer.EXE[1308] ole32.dll!CoGetClassObject 775156C5 5 Bytes JMP 10004AD0 C:\WINDOWS\system32\guard32.dll
    .text C:\WINDOWS\system32\spoolsv.exe[1360] ntdll.dll!NtClose 7C90CFEE 5 Bytes JMP 10005060 C:\WINDOWS\system32\guard32.dll
    .text C:\WINDOWS\system32\spoolsv.exe[1360] ntdll.dll!LdrUnloadDll 7C91738B 5 Bytes JMP 10004F90 C:\WINDOWS\system32\guard32.dll
    .text C:\WINDOWS\system32\spoolsv.exe[1360] GDI32.dll!BitBlt 77F16F79 5 Bytes JMP 10001860 C:\WINDOWS\system32\guard32.dll
    .text C:\WINDOWS\system32\spoolsv.exe[1360] GDI32.dll!CreateDCA 77F1B7D2 5 Bytes JMP 10001230 C:\WINDOWS\system32\guard32.dll
    .text C:\WINDOWS\system32\spoolsv.exe[1360] GDI32.dll!CreateDCW 77F1BE38 2 Bytes JMP 100013C0 C:\WINDOWS\system32\guard32.dll
    .text C:\WINDOWS\system32\spoolsv.exe[1360] GDI32.dll!CreateDCW + 3 77F1BE3B 2 Bytes [0E, 98] {PUSH CS; CWDE }
    .text C:\WINDOWS\system32\spoolsv.exe[1360] USER32.dll!EndTask 7E45A0A5 5 Bytes JMP 10004C30 C:\WINDOWS\system32\guard32.dll
    .text C:\WINDOWS\system32\spoolsv.exe[1360] USER32.dll!mouse_event 7E46673F 5 Bytes JMP 100016D0 C:\WINDOWS\system32\guard32.dll
    .text C:\WINDOWS\system32\spoolsv.exe[1360] USER32.dll!keybd_event 7E466783 5 Bytes JMP 10001550 C:\WINDOWS\system32\guard32.dll
    .text C:\WINDOWS\system32\spoolsv.exe[1360] ole32.dll!CoCreateInstanceEx 77500526 5 Bytes JMP 10004960 C:\WINDOWS\system32\guard32.dll
    .text C:\WINDOWS\system32\spoolsv.exe[1360] ole32.dll!CoGetClassObject 775156C5 5 Bytes JMP 10004AD0 C:\WINDOWS\system32\guard32.dll
    .text D:\Program Files\Avira\AntiVir Desktop\sched.exe[1408] ntdll.dll!NtClose 7C90CFEE 5 Bytes JMP 10005060 C:\WINDOWS\system32\guard32.dll
    .text D:\Program Files\Avira\AntiVir Desktop\sched.exe[1408] ntdll.dll!LdrUnloadDll 7C91738B 5 Bytes JMP 10004F90 C:\WINDOWS\system32\guard32.dll
    .text D:\Program Files\Avira\AntiVir Desktop\sched.exe[1408] USER32.dll!EndTask 7E45A0A5 5 Bytes JMP 10004C30 C:\WINDOWS\system32\guard32.dll
    .text D:\Program Files\Avira\AntiVir Desktop\sched.exe[1408] USER32.dll!mouse_event 7E46673F 5 Bytes JMP 100016D0 C:\WINDOWS\system32\guard32.dll
    .text D:\Program Files\Avira\AntiVir Desktop\sched.exe[1408] USER32.dll!keybd_event 7E466783 5 Bytes JMP 10001550 C:\WINDOWS\system32\guard32.dll
    .text D:\Program Files\Avira\AntiVir Desktop\sched.exe[1408] GDI32.dll!BitBlt 77F16F79 5 Bytes JMP 10001860 C:\WINDOWS\system32\guard32.dll
    .text D:\Program Files\Avira\AntiVir Desktop\sched.exe[1408] GDI32.dll!CreateDCA 77F1B7D2 5 Bytes JMP 10001230 C:\WINDOWS\system32\guard32.dll
    .text D:\Program Files\Avira\AntiVir Desktop\sched.exe[1408] GDI32.dll!CreateDCW 77F1BE38 2 Bytes JMP 100013C0 C:\WINDOWS\system32\guard32.dll
    .text D:\Program Files\Avira\AntiVir Desktop\sched.exe[1408] GDI32.dll!CreateDCW + 3 77F1BE3B 2 Bytes [0E, 98] {PUSH CS; CWDE }
    .text D:\Program Files\Avira\AntiVir Desktop\sched.exe[1408] ole32.dll!CoCreateInstanceEx 77500526 5 Bytes JMP 10004960 C:\WINDOWS\system32\guard32.dll
    .text D:\Program Files\Avira\AntiVir Desktop\sched.exe[1408] ole32.dll!CoGetClassObject 775156C5 5 Bytes JMP 10004AD0 C:\WINDOWS\system32\guard32.dll
    .text C:\WINDOWS\system32\svchost.exe[1528] ntdll.dll!NtClose 7C90CFEE 5 Bytes JMP 10005060 C:\WINDOWS\system32\guard32.dll
    .text C:\WINDOWS\system32\svchost.exe[1528] ntdll.dll!LdrUnloadDll 7C91738B 5 Bytes JMP 10004F90 C:\WINDOWS\system32\guard32.dll
    .text C:\WINDOWS\system32\svchost.exe[1528] USER32.dll!EndTask 7E45A0A5 5 Bytes JMP 10004C30 C:\WINDOWS\system32\guard32.dll
    .text C:\WINDOWS\system32\svchost.exe[1528] USER32.dll!mouse_event 7E46673F 5 Bytes JMP 100016D0 C:\WINDOWS\system32\guard32.dll
    .text C:\WINDOWS\system32\svchost.exe[1528] USER32.dll!keybd_event 7E466783 5 Bytes JMP 10001550 C:\WINDOWS\system32\guard32.dll
    .text C:\WINDOWS\system32\svchost.exe[1528] GDI32.dll!BitBlt 77F16F79 5 Bytes JMP 10001860 C:\WINDOWS\system32\guard32.dll
    .text C:\WINDOWS\system32\svchost.exe[1528] GDI32.dll!CreateDCA 77F1B7D2 5 Bytes JMP 10001230 C:\WINDOWS\system32\guard32.dll
    .text C:\WINDOWS\system32\svchost.exe[1528] GDI32.dll!CreateDCW 77F1BE38 2 Bytes JMP 100013C0 C:\WINDOWS\system32\guard32.dll
    .text C:\WINDOWS\system32\svchost.exe[1528] GDI32.dll!CreateDCW + 3 77F1BE3B 2 Bytes [0E, 98] {PUSH CS; CWDE }
    .text C:\WINDOWS\system32\svchost.exe[1528] ole32.dll!CoCreateInstanceEx 77500526 5 Bytes JMP 10004960 C:\WINDOWS\system32\guard32.dll
    .text C:\WINDOWS\system32\svchost.exe[1528] ole32.dll!CoGetClassObject 775156C5 5 Bytes JMP 10004AD0 C:\WINDOWS\system32\guard32.dll
    .text C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe[1668] ntdll.dll!NtClose 7C90CFEE 5 Bytes JMP 00675060 C:\WINDOWS\system32\guard32.dll
    .text C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe[1668] ntdll.dll!LdrUnloadDll 7C91738B 5 Bytes JMP 00674F90 C:\WINDOWS\system32\guard32.dll
    .text C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe[1668] ole32.dll!CoCreateInstanceEx 77500526 5 Bytes JMP 00674960 C:\WINDOWS\system32\guard32.dll
    .text C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe[1668] ole32.dll!CoGetClassObject 775156C5 5 Bytes JMP 00674AD0 C:\WINDOWS\system32\guard32.dll
    .text C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe[1668] GDI32.dll!BitBlt 77F16F79 5 Bytes JMP 00671860 C:\WINDOWS\system32\guard32.dll
    .text C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe[1668] GDI32.dll!CreateDCA 77F1B7D2 5 Bytes JMP 00671230 C:\WINDOWS\system32\guard32.dll
    .text C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe[1668] GDI32.dll!CreateDCW 77F1BE38 2 Bytes JMP 006713C0 C:\WINDOWS\system32\guard32.dll
    .text C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe[1668] GDI32.dll!CreateDCW + 3 77F1BE3B 2 Bytes [75, 88] {JNZ 0xffffffffffffff8a}
    .text C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe[1668] USER32.dll!EndTask 7E45A0A5 5 Bytes JMP 00674C30 C:\WINDOWS\system32\guard32.dll
    .text C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe[1668] USER32.dll!mouse_event 7E46673F 5 Bytes JMP 006716D0 C:\WINDOWS\system32\guard32.dll
    .text C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe[1668] USER32.dll!keybd_event 7E466783 5 Bytes JMP 00671550 C:\WINDOWS\system32\guard32.dll
    .text D:\Program Files\Palomuuri\Comodo\Firewall\cmdagent.exe[1728] ntdll.dll!NtClose 7C90CFEE 5 Bytes JMP 10005060 C:\WINDOWS\system32\guard32.dll
    .text D:\Program Files\Palomuuri\Comodo\Firewall\cmdagent.exe[1728] ntdll.dll!LdrUnloadDll 7C91738B 5 Bytes JMP 10004F90 C:\WINDOWS\system32\guard32.dll
    .text D:\Program Files\Palomuuri\Comodo\Firewall\cmdagent.exe[1728] USER32.dll!EndTask 7E45A0A5 5 Bytes JMP 10004C30 C:\WINDOWS\system32\guard32.dll
    .text D:\Program Files\Palomuuri\Comodo\Firewall\cmdagent.exe[1728] USER32.dll!mouse_event 7E46673F 5 Bytes JMP 100016D0 C:\WINDOWS\system32\guard32.dll
    .text D:\Program Files\Palomuuri\Comodo\Firewall\cmdagent.exe[1728] USER32.dll!keybd_event 7E466783 5 Bytes JMP 10001550 C:\WINDOWS\system32\guard32.dll
    .text D:\Program Files\Palomuuri\Comodo\Firewall\cmdagent.exe[1728] GDI32.dll!BitBlt 77F16F79 5 Bytes JMP 10001860 C:\WINDOWS\system32\guard32.dll
    .text D:\Program Files\Palomuuri\Comodo\Firewall\cmdagent.exe[1728] GDI32.dll!CreateDCA 77F1B7D2 5 Bytes JMP 10001230 C:\WINDOWS\system32\guard32.dll
    .text D:\Program Files\Palomuuri\Comodo\Firewall\cmdagent.exe[1728] GDI32.dll!CreateDCW 77F1BE38 2 Bytes JMP 100013C0 C:\WINDOWS\system32\guard32.dll
    .text D:\Program Files\Palomuuri\Comodo\Firewall\cmdagent.exe[1728] GDI32.dll!CreateDCW + 3 77F1BE3B 2 Bytes [0E, 98] {PUSH CS; CWDE }
    .text D:\Program Files\Palomuuri\Comodo\Firewall\cmdagent.exe[1728] ole32.dll!CoCreateInstanceEx 77500526 5 Bytes JMP 10004960 C:\WINDOWS\system32\guard32.dll
    .text D:\Program Files\Palomuuri\Comodo\Firewall\cmdagent.exe[1728] ole32.dll!CoGetClassObject 775156C5 5 Bytes JMP 10004AD0 C:\WINDOWS\system32\guard32.dll
    .text D:\Program Files\Avira\AntiVir Desktop\avgnt.exe[1968] ntdll.dll!NtClose 7C90CFEE 5 Bytes JMP 10005060 C:\WINDOWS\system32\guard32.dll
    .text D:\Program Files\Avira\AntiVir Desktop\avgnt.exe[1968] ntdll.dll!LdrUnloadDll 7C91738B 5 Bytes JMP 10004F90 C:\WINDOWS\system32\guard32.dll
    .text D:\Program Files\Avira\AntiVir Desktop\avgnt.exe[1968] USER32.dll!EndTask 7E45A0A5 5 Bytes JMP 10004C30 C:\WINDOWS\system32\guard32.dll
    .text D:\Program Files\Avira\AntiVir Desktop\avgnt.exe[1968] USER32.dll!mouse_event 7E46673F 5 Bytes JMP 100016D0 C:\WINDOWS\system32\guard32.dll
    .text D:\Program Files\Avira\AntiVir Desktop\avgnt.exe[1968] USER32.dll!keybd_event 7E466783 5 Bytes JMP 10001550 C:\WINDOWS\system32\guard32.dll
    .text D:\Program Files\Avira\AntiVir Desktop\avgnt.exe[1968] GDI32.dll!BitBlt 77F16F79 5 Bytes JMP 10001860 C:\WINDOWS\system32\guard32.dll
    .text D:\Program Files\Avira\AntiVir Desktop\avgnt.exe[1968] GDI32.dll!CreateDCA 77F1B7D2 5 Bytes JMP 10001230 C:\WINDOWS\system32\guard32.dll
    .text D:\Program Files\Avira\AntiVir Desktop\avgnt.exe[1968] GDI32.dll!CreateDCW 77F1BE38 2 Bytes JMP 100013C0 C:\WINDOWS\system32\guard32.dll
    .text D:\Program Files\Avira\AntiVir Desktop\avgnt.exe[1968] GDI32.dll!CreateDCW + 3 77F1BE3B 2 Bytes [0E, 98] {PUSH CS; CWDE }
    .text D:\Program Files\Avira\AntiVir Desktop\avgnt.exe[1968] ole32.dll!CoCreateInstanceEx 77500526 5 Bytes JMP 10004960 C:\WINDOWS\system32\guard32.dll
    .text D:\Program Files\Avira\AntiVir Desktop\avgnt.exe[1968] ole32.dll!CoGetClassObject 775156C5 5 Bytes JMP 10004AD0 C:\WINDOWS\system32\guard32.dll
    .text C:\WINDOWS\System32\svchost.exe[2092] ntdll.dll!NtClose 7C90CFEE 5 Bytes JMP 10005060 C:\WINDOWS\system32\guard32.dll
    .text C:\WINDOWS\System32\svchost.exe[2092] ntdll.dll!LdrUnloadDll 7C91738B 5 Bytes JMP 10004F90 C:\WINDOWS\system32\guard32.dll
    .text C:\WINDOWS\System32\svchost.exe[2092] USER32.dll!EndTask 7E45A0A5 5 Bytes JMP 10004C30 C:\WINDOWS\system32\guard32.dll
    .text C:\WINDOWS\System32\svchost.exe[2092] USER32.dll!mouse_event 7E46673F 5 Bytes JMP 100016D0 C:\WINDOWS\system32\guard32.dll
    .text C:\WINDOWS\System32\svchost.exe[2092] USER32.dll!keybd_event 7E466783 5 Bytes JMP 10001550 C:\WINDOWS\system32\guard32.dll
    .text C:\WINDOWS\System32\svchost.exe[2092] GDI32.dll!BitBlt 77F16F79 5 Bytes JMP 10001860 C:\WINDOWS\system32\guard32.dll
    .text C:\WINDOWS\System32\svchost.exe[2092] GDI32.dll!CreateDCA 77F1B7D2 5 Bytes JMP 10001230 C:\WINDOWS\system32\guard32.dll
    .text C:\WINDOWS\System32\svchost.exe[2092] GDI32.dll!CreateDCW 77F1BE38 2 Bytes JMP 100013C0 C:\WINDOWS\system32\guard32.dll
    .text C:\WINDOWS\System32\svchost.exe[2092] GDI32.dll!CreateDCW + 3 77F1BE3B 2 Bytes [0E, 98] {PUSH CS; CWDE }
    .text C:\WINDOWS\System32\svchost.exe[2092] ole32.dll!CoCreateInstanceEx 77500526 5 Bytes JMP 10004960 C:\WINDOWS\system32\guard32.dll
    .text C:\WINDOWS\System32\svchost.exe[2092] ole32.dll!CoGetClassObject 775156C5 5 Bytes JMP 10004AD0 C:\WINDOWS\system32\guard32.dll
    .text C:\WINDOWS\system32\dllhost.exe[2204] ntdll.dll!NtClose 7C90CFEE 5 Bytes JMP 10005060 C:\WINDOWS\system32\guard32.dll
    .text C:\WINDOWS\system32\dllhost.exe[2204] ntdll.dll!LdrUnloadDll 7C91738B 5 Bytes JMP 10004F90 C:\WINDOWS\system32\guard32.dll
    .text C:\WINDOWS\system32\dllhost.exe[2204] ole32.dll!CoCreateInstanceEx 77500526 5 Bytes JMP 10004960 C:\WINDOWS\system32\guard32.dll
    .text C:\WINDOWS\system32\dllhost.exe[2204] ole32.dll!CoGetClassObject 775156C5 5 Bytes JMP 10004AD0 C:\WINDOWS\system32\guard32.dll
    .text C:\WINDOWS\system32\dllhost.exe[2204] GDI32.dll!BitBlt 77F16F79 5 Bytes JMP 10001860 C:\WINDOWS\system32\guard32.dll
    .text C:\WINDOWS\system32\dllhost.exe[2204] GDI32.dll!CreateDCA 77F1B7D2 5 Bytes JMP 10001230 C:\WINDOWS\system32\guard32.dll
    .text C:\WINDOWS\system32\dllhost.exe[2204] GDI32.dll!CreateDCW 77F1BE38 2 Bytes JMP 100013C0 C:\WINDOWS\system32\guard32.dll
    .text C:\WINDOWS\system32\dllhost.exe[2204] GDI32.dll!CreateDCW + 3 77F1BE3B 2 Bytes [0E, 98] {PUSH CS; CWDE }
    .text C:\WINDOWS\system32\dllhost.exe[2204] USER32.dll!EndTask 7E45A0A5 5 Bytes JMP 10004C30 C:\WINDOWS\system32\guard32.dll
    .text C:\WINDOWS\system32\dllhost.exe[2204] USER32.dll!mouse_event 7E46673F 5 Bytes JMP 100016D0 C:\WINDOWS\system32\guard32.dll
    .text C:\WINDOWS\system32\dllhost.exe[2204] USER32.dll!keybd_event 7E466783 5 Bytes JMP 10001550 C:\WINDOWS\system32\guard32.dll
    .text C:\WINDOWS\System32\alg.exe[2340] ntdll.dll!NtClose 7C90CFEE 5 Bytes JMP 10005060 C:\WINDOWS\system32\guard32.dll
    .text C:\WINDOWS\System32\alg.exe[2340] ntdll.dll!LdrUnloadDll 7C91738B 5 Bytes JMP 10004F90 C:\WINDOWS\system32\guard32.dll
    .text C:\WINDOWS\System32\alg.exe[2340] USER32.dll!EndTask 7E45A0A5 5 Bytes JMP 10004C30 C:\WINDOWS\system32\guard32.dll
    .text C:\WINDOWS\System32\alg.exe[2340] USER32.dll!mouse_event 7E46673F 5 Bytes JMP 100016D0 C:\WINDOWS\system32\guard32.dll
    .text C:\WINDOWS\System32\alg.exe[2340] USER32.dll!keybd_event 7E466783 5 Bytes JMP 10001550 C:\WINDOWS\system32\guard32.dll
    .text C:\WINDOWS\System32\alg.exe[2340] GDI32.dll!BitBlt 77F16F79 5 Bytes JMP 10001860 C:\WINDOWS\system32\guard32.dll
    .text C:\WINDOWS\System32\alg.exe[2340] GDI32.dll!CreateDCA 77F1B7D2 5 Bytes JMP 10001230 C:\WINDOWS\system32\guard32.dll
    .text C:\WINDOWS\System32\alg.exe[2340] GDI32.dll!CreateDCW 77F1BE38 2 Bytes JMP 100013C0 C:\WINDOWS\system32\guard32.dll
    .text C:\WINDOWS\System32\alg.exe[2340] GDI32.dll!CreateDCW + 3 77F1BE3B 2 Bytes [0E, 98] {PUSH CS; CWDE }
    .text C:\WINDOWS\System32\alg.exe[2340] ole32.dll!CoCreateInstanceEx 77500526 5 Bytes JMP 10004960 C:\WINDOWS\system32\guard32.dll
    .text C:\WINDOWS\System32\alg.exe[2340] ole32.dll!CoGetClassObject 775156C5 5 Bytes JMP 10004AD0 C:\WINDOWS\system32\guard32.dll

    ---- Kernel IAT/EAT - GMER 1.0.15 ----

    IAT \SystemRoot\system32\DRIVERS\ndiswan.sys[NDIS.SYS!NdisCloseAdapter] [B9E38710] inspect.sys (COMODO Firewall Pro Firewall Driver/COMODO)
    IAT \SystemRoot\system32\DRIVERS\ndiswan.sys[NDIS.SYS!NdisOpenAdapter] [B9E38770] inspect.sys (COMODO Firewall Pro Firewall Driver/COMODO)
    IAT \SystemRoot\system32\DRIVERS\ndiswan.sys[NDIS.SYS!NdisDeregisterProtocol] [B9E38990] inspect.sys (COMODO Firewall Pro Firewall Driver/COMODO)
    IAT \SystemRoot\system32\DRIVERS\ndiswan.sys[NDIS.SYS!NdisRegisterProtocol] [B9E38950] inspect.sys (COMODO Firewall Pro Firewall Driver/COMODO)
    IAT \SystemRoot\system32\DRIVERS\raspppoe.sys[NDIS.SYS!NdisRegisterProtocol] [B9E38950] inspect.sys (COMODO Firewall Pro Firewall Driver/COMODO)
    IAT \SystemRoot\system32\DRIVERS\raspppoe.sys[NDIS.SYS!NdisOpenAdapter] [B9E38770] inspect.sys (COMODO Firewall Pro Firewall Driver/COMODO)
    IAT \SystemRoot\system32\DRIVERS\raspppoe.sys[NDIS.SYS!NdisCloseAdapter] [B9E38710] inspect.sys (COMODO Firewall Pro Firewall Driver/COMODO)
    IAT \SystemRoot\system32\DRIVERS\raspppoe.sys[NDIS.SYS!NdisDeregisterProtocol] [B9E38990] inspect.sys (COMODO Firewall Pro Firewall Driver/COMODO)
    IAT \SystemRoot\system32\DRIVERS\psched.sys[NDIS.SYS!NdisDeregisterProtocol] [B9E38990] inspect.sys (COMODO Firewall Pro Firewall Driver/COMODO)
    IAT \SystemRoot\system32\DRIVERS\psched.sys[NDIS.SYS!NdisRegisterProtocol] [B9E38950] inspect.sys (COMODO Firewall Pro Firewall Driver/COMODO)
    IAT \SystemRoot\system32\DRIVERS\psched.sys[NDIS.SYS!NdisOpenAdapter] [B9E38770] inspect.sys (COMODO Firewall Pro Firewall Driver/COMODO)
    IAT \SystemRoot\system32\DRIVERS\psched.sys[NDIS.SYS!NdisCloseAdapter] [B9E38710] inspect.sys (COMODO Firewall Pro Firewall Driver/COMODO)
    IAT \SystemRoot\System32\Drivers\NDProxy.SYS[NDIS.SYS!NdisRegisterProtocol] [B9E38950] inspect.sys (COMODO Firewall Pro Firewall Driver/COMODO)
    IAT \SystemRoot\System32\Drivers\NDProxy.SYS[NDIS.SYS!NdisDeregisterProtocol] [B9E38990] inspect.sys (COMODO Firewall Pro Firewall Driver/COMODO)
    IAT \SystemRoot\System32\Drivers\NDProxy.SYS[NDIS.SYS!NdisCloseAdapter] [B9E38710] inspect.sys (COMODO Firewall Pro Firewall Driver/COMODO)
    IAT \SystemRoot\System32\Drivers\NDProxy.SYS[NDIS.SYS!NdisOpenAdapter] [B9E38770] inspect.sys (COMODO Firewall Pro Firewall Driver/COMODO)
    IAT \SystemRoot\system32\DRIVERS\tcpip.sys[NDIS.SYS!NdisCloseAdapter] [B9E38710] inspect.sys (COMODO Firewall Pro Firewall Driver/COMODO)
    IAT \SystemRoot\system32\DRIVERS\tcpip.sys[NDIS.SYS!NdisOpenAdapter] [B9E38770] inspect.sys (COMODO Firewall Pro Firewall Driver/COMODO)
    IAT \SystemRoot\system32\DRIVERS\tcpip.sys[NDIS.SYS!NdisRegisterProtocol] [B9E38950] inspect.sys (COMODO Firewall Pro Firewall Driver/COMODO)
    IAT \SystemRoot\system32\DRIVERS\wanarp.sys[NDIS.SYS!NdisDeregisterProtocol] [B9E38990] inspect.sys (COMODO Firewall Pro Firewall Driver/COMODO)
    IAT \SystemRoot\system32\DRIVERS\wanarp.sys[NDIS.SYS!NdisRegisterProtocol] [B9E38950] inspect.sys (COMODO Firewall Pro Firewall Driver/COMODO)
    IAT \SystemRoot\system32\DRIVERS\wanarp.sys[NDIS.SYS!NdisOpenAdapter] [B9E38770] inspect.sys (COMODO Firewall Pro Firewall Driver/COMODO)
    IAT \SystemRoot\system32\DRIVERS\wanarp.sys[NDIS.SYS!NdisCloseAdapter] [B9E38710] inspect.sys (COMODO Firewall Pro Firewall Driver/COMODO)

    ---- Devices - GMER 1.0.15 ----

    Device \Driver\Tcpip \Device\Ip fsdfw.sys (F-Secure Internet Shield Driver/F-Secure Corporation)

    AttachedDevice \Driver\Tcpip \Device\Ip cmdhlp.sys (COMODO Firewall Pro Helper Driver/COMODO)
    AttachedDevice \Driver\Kbdclass \Device\KeyboardClass0 SynTP.sys (Synaptics Touchpad Driver/Synaptics, Inc.)
    AttachedDevice \Driver\Kbdclass \Device\KeyboardClass1 SynTP.sys (Synaptics Touchpad Driver/Synaptics, Inc.)

    Device \Driver\Tcpip \Device\Tcp fsdfw.sys (F-Secure Internet Shield Driver/F-Secure Corporation)

    AttachedDevice \Driver\Tcpip \Device\Tcp cmdhlp.sys (COMODO Firewall Pro Helper Driver/COMODO)

    Device \Driver\Tcpip \Device\Udp fsdfw.sys (F-Secure Internet Shield Driver/F-Secure Corporation)

    AttachedDevice \Driver\Tcpip \Device\Udp cmdhlp.sys (COMODO Firewall Pro Helper Driver/COMODO)

    Device \Driver\Tcpip \Device\RawIp fsdfw.sys (F-Secure Internet Shield Driver/F-Secure Corporation)

    AttachedDevice \Driver\Tcpip \Device\RawIp cmdhlp.sys (COMODO Firewall Pro Helper Driver/COMODO)

    Device \Driver\Tcpip \Device\IPMULTICAST fsdfw.sys (F-Secure Internet Shield Driver/F-Secure Corporation)

    AttachedDevice \FileSystem\Fastfat \Fat fltmgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)

    ---- Registry - GMER 1.0.15 ----

    Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC
    Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@u0 0xD4 0xC3 0x97 0x02 ...
    Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0 0
    Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12 0x4C 0xC1 0x00 0x92 ...
    Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@p0 D:\Program Files\DAEMON Tools Lite\
    Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001
    Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@a0 0x20 0x01 0x00 0x00 ...
    Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@hdf12 0x41 0xA3 0xFC 0x3E ...
    Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0
    Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0@hdf12 0x4D 0x3A 0xAB 0x5D ...
    Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq1
    Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq1@hdf12 0x96 0x47 0xC5 0x35 ...
    Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC (not active ControlSet)
    Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@u0 0xD4 0xC3 0x97 0x02 ...
    Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0 0
    Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12 0x4C 0xC1 0x00 0x92 ...
    Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@p0 D:\Program Files\DAEMON Tools Lite\
    Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001 (not active ControlSet)
    Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@a0 0x20 0x01 0x00 0x00 ...
    Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@hdf12 0x41 0xA3 0xFC 0x3E ...
    Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0 (not active ControlSet)
    Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0@hdf12 0x4D 0x3A 0xAB 0x5D ...
    Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq1 (not active ControlSet)
    Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq1@hdf12 0x96 0x47 0xC5 0x35 ...
    Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows@DeviceNotSelectedTimeout 15
    Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows@GDIProcessHandleQuota 10000
    Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows@Spooler yes
    Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows@swapdisk
    Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows@TransmissionRetryTimeout 90
    Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows@USERProcessHandleQuota 10000
    Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows@AppInit_DLLs C:\WINDOWS\system32\guard32.dll

    ---- EOF - GMER 1.0.15 ----
     
    Viimeksi muokattu: 18.09.2010
  4. kalminen

    kalminen Regular member

    Liittynyt:
    04.05.2007
    Viestejä:
    3,915
    Kiitokset:
    0
    Pisteet:
    46
    .
    ComboFixin raahaus ei onnistunut.
    Tee uudelleen (irroita älä klikkaa)
    Lähetä => C:\comboFix.txt
    :)
     
  5. Axu83

    Axu83 Member

    Liittynyt:
    19.11.2003
    Viestejä:
    30
    Kiitokset:
    0
    Pisteet:
    16
    Unohdin vapauttaa palomuurin liikenteen ennen Comodon sammutusta, lisää ohjeisiin? Ei antanut varmaan oikeuksia combolle vaikka sammutin sen. Samoin SPyware blasterin disabloin.

    ComboFix 10-09-16.07 - Admin 18.09.2010 15:23:06.3.1 - FAT32x86
    Running from: c:\documents and settings\Admin\Desktop\Logiohjelmat\ComboFix.exe
    Command switches used :: c:\documents and settings\Admin\Desktop\Logiohjelmat\CFScript.txt
    AV: AntiVir Desktop *On-access scanning disabled* (Updated) {AD166499-45F9-482A-A743-FDD3350758C7}
    AV: avast! Antivirus *On-access scanning enabled* (Outdated) {7591DB91-41F0-48A3-B128-1A293FD8233D}
    AV: F-Secure Internet Security 2010 10.00 *On-access scanning disabled* (Updated) {E7512ED5-4245-4B4D-AF3A-382D3F313F15}
    FW: COMODO Firewall Pro *enabled* {043803A3-4F86-4ef6-AFC5-F6E02A79969B}
    FW: F-Secure Internet Security 2010 10.00 *enabled* {D4747503-0346-49EB-9262-997542F79BF4}
    * Created a new restore point

    FILE ::
    "c:\documents and settings\Admin\Local Settings\Temp\awrcqkog.sys"
    .

    ((((((((((((((((((((((((( Files Created from 2010-08-18 to 2010-09-18 )))))))))))))))))))))))))))))))
    .

    2010-09-16 21:41 . 2010-09-16 21:41 -------- d-----w- c:\documents and settings\Admin\Application Data\Avira
    2010-09-16 21:31 . 2010-03-01 07:05 124784 ----a-w- c:\windows\system32\drivers\avipbb.sys
    2010-09-16 21:31 . 2010-02-16 11:24 60936 ----a-w- c:\windows\system32\drivers\avgntflt.sys
    2010-09-16 21:31 . 2009-05-11 09:49 45416 ----a-w- c:\windows\system32\drivers\avgntdd.sys
    2010-09-16 21:31 . 2009-05-11 09:49 22360 ----a-w- c:\windows\system32\drivers\avgntmgr.sys
    2010-09-16 21:31 . 2010-09-16 21:31 -------- d-----w- c:\documents and settings\All Users\Application Data\Avira
    2010-09-16 19:45 . 2010-09-16 19:45 -------- d-----w- c:\documents and settings\All Users\Application Data\TEMP
    2010-09-15 23:36 . 2010-09-15 23:36 -------- d-----w- c:\documents and settings\Admin\Application Data\Malwarebytes
    2010-09-15 23:34 . 2010-04-29 12:39 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
    2010-09-15 23:34 . 2010-09-15 23:34 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
    2010-09-15 23:34 . 2010-04-29 12:39 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
    2010-09-14 10:50 . 2010-09-14 10:50 388096 ----a-r- c:\documents and settings\Admin\Application Data\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
    2010-09-12 18:06 . 2010-09-12 18:06 -------- d-----w- c:\windows\Internet Logs
    2010-09-08 11:21 . 2010-09-08 11:21 -------- d-sh--w- c:\documents and settings\NetworkService\IETldCache
    2010-09-07 22:52 . 2010-06-24 12:21 743424 ------w- c:\windows\system32\dllcache\iedvtool.dll
    2010-09-07 22:40 . 2010-06-14 14:31 744448 ------w- c:\windows\system32\dllcache\helpsvc.exe
    2010-09-03 14:13 . 2010-09-03 14:13 1266056 ----a-w- c:\temp\WindowsXP-KB927891-v3-x86-ENU.exe
    2010-09-03 14:12 . 2010-09-03 14:12 3038 ----a-w- c:\temp\fix_svchost.bat
    2010-09-03 14:12 . 2010-09-03 14:12 6216032 ----a-w- c:\temp\windowsupdateagent30-x86.exe
    2010-09-02 11:41 . 2010-09-02 11:41 -------- d-----w- c:\documents and settings\LocalService\Local Settings\Application Data\Opera
    2010-09-02 11:37 . 2010-09-02 11:37 -------- d--h--w- c:\documents and settings\All Users\Application Data\ActiveSMART
    2010-09-01 12:26 . 2010-09-01 12:26 -------- d-----w- c:\documents and settings\All Users\Application Data\Comodo Downloader

    .
    (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2010-08-30 10:41 . 2010-08-30 10:41 16 ----a-w- c:\documents and settings\NetworkService\Application Data\hngmfc.dat
    2010-06-30 12:31 . 1979-12-31 21:00 149504 ----a-w- c:\windows\system32\schannel.dll
    2010-06-24 12:22 . 1979-12-31 21:00 916480 ----a-w- c:\windows\system32\wininet.dll
    2010-06-23 13:44 . 1979-12-31 21:00 1851904 ------w- c:\windows\system32\win32k.sys
    2010-06-21 15:27 . 1979-12-31 21:00 354304 ------w- c:\windows\system32\drivers\srv.sys
    2009-08-14 10:33 . 2009-08-14 10:33 652640 ----a-w- c:\program files\mozilla firefox\plugins\sslsdk_b.dll
    2009-09-12 20:05 . 2009-09-12 20:05 124240 ----a-w- c:\program files\mozilla firefox\plugins\CCMSDK.dll
    2009-09-12 20:06 . 2009-09-12 20:06 40280 ----a-w- c:\program files\mozilla firefox\plugins\icalogon.dll
    2009-09-12 20:06 . 2009-09-12 20:06 31064 ----a-w- c:\program files\mozilla firefox\plugins\icafile.dll
    2009-09-12 20:07 . 2009-09-12 20:07 255312 ----a-w- c:\program files\mozilla firefox\plugins\ctxmui.dll
    2009-09-12 20:06 . 2009-09-12 20:06 22360 ----a-w- c:\program files\mozilla firefox\plugins\ctxlogging.dll
    2009-09-12 20:06 . 2009-09-12 20:06 91480 ----a-w- c:\program files\mozilla firefox\plugins\confmgr.dll
    2009-09-12 20:06 . 2009-09-12 20:06 13136 ----a-w- c:\program files\mozilla firefox\plugins\cgpcfg.dll
    2009-09-12 20:06 . 2009-09-12 20:06 23896 ----a-w- c:\program files\mozilla firefox\plugins\TcpPServ.dll
    2009-09-12 20:06 . 2009-09-12 20:06 70488 ----a-w- c:\program files\mozilla firefox\plugins\CgpCore.dll
    .

    ------- Sigcheck -------

    [-] 2008-06-20 . AD978A1B783B5719720CFF204B666C8E . 361600 . . [5.1.2600.5625] . . c:\windows\$hf_mig$\KB951748\SP3QFE\tcpip.sys
    [-] 2008-06-20 . 9AEFA14BD6B182D61E3119FA5F436D3D . 361600 . . [5.1.2600.5625] . . c:\windows\system32\drivers\tcpip.sys
    [-] 2008-06-20 . 9AEFA14BD6B182D61E3119FA5F436D3D . 361600 . . [5.1.2600.5625] . . c:\windows\system32\dllcache\tcpip.sys
    [-] 2008-06-20 . 9AEFA14BD6B182D61E3119FA5F436D3D . 361600 . . [5.1.2600.5625] . . c:\windows\$hf_mig$\KB951748\SP3GDR\tcpip.sys
    [-] 2008-06-20 . 2A5554FC5B1E04E131230E3CE035C3F9 . 360320 . . [5.1.2600.3394] . . c:\windows\$NtServicePackUninstall$\tcpip.sys
    [-] 2008-06-20 . 744E57C99232201AE98C49168B918F48 . 360960 . . [5.1.2600.3394] . . c:\windows\$hf_mig$\KB951748\SP2QFE\tcpip.sys
    [7] 2008-04-13 . 93EA8D04EC73A85DB02EB8805988F733 . 361344 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\tcpip.sys
    [-] 2007-10-30 . 64798ECFA43D78C7178375FCDD16D8C8 . 360832 . . [5.1.2600.3244] . . c:\windows\$hf_mig$\KB941644\SP2QFE\tcpip.sys
    [-] 2006-04-20 . B2220C618B42A2212A59D91EBD6FC4B4 . 360576 . . [5.1.2600.2892] . . c:\windows\$hf_mig$\KB917953\SP2QFE\tcpip.sys
    [-] 2006-01-13 . 5562CC0A47B2AEF06D3417B733F3C195 . 360448 . . [5.1.2600.2827] . . c:\windows\$hf_mig$\KB913446\SP2QFE\tcpip.sys
    [-] 2005-05-25 . 63FDFEA54EB53DE2D863EE454937CE1E . 359936 . . [5.1.2600.2685] . . c:\windows\$hf_mig$\KB893066\SP2QFE\tcpip.sys

    [-] 2009-02-09 . 6B27A5C03DFB94B4245739065431322C . 401408 . . [5.1.2600.5755] . . c:\windows\system32\rpcss.dll
    [-] 2009-02-09 . 6B27A5C03DFB94B4245739065431322C . 401408 . . [5.1.2600.5755] . . c:\windows\system32\dllcache\rpcss.dll
    [-] 2009-02-09 . 6B27A5C03DFB94B4245739065431322C . 401408 . . [5.1.2600.5755] . . c:\windows\$hf_mig$\KB956572\SP3GDR\rpcss.dll
    [-] 2009-02-09 . 9222562D44021B988B9F9F62207FB6F2 . 401408 . . [5.1.2600.5755] . . c:\windows\$hf_mig$\KB956572\SP3QFE\rpcss.dll
    [-] 2009-02-09 . 01095FEBF33BEEA00C2A0730B9B3EC28 . 399360 . . [5.1.2600.3520] . . c:\windows\$NtServicePackUninstall$\rpcss.dll
    [-] 2009-02-09 . 24B5D53B9ACCC1E2EDCF0A878D6659D4 . 401408 . . [5.1.2600.3520] . . c:\windows\$hf_mig$\KB956572\SP2QFE\rpcss.dll
    [7] 2008-04-13 . 2589FE6015A316C0F5D5112B4DA7B509 . 399360 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\rpcss.dll
    [-] 2005-07-26 . C369DF215D352B6F3A0B8C3469AA34F8 . 398336 . . [5.1.2600.2726] . . c:\windows\$hf_mig$\KB902400\SP2QFE\rpcss.dll
    [-] 2005-04-28 . DA383FB39A6F1C445F3AFC94B3EB1248 . 396288 . . [5.1.2600.2665] . . c:\windows\$hf_mig$\KB894391\SP2QFE\rpcss.dll

    [-] 2009-02-06 . 37561F8D4160D62DA86D24AE41FAE8DE . 110592 . . [5.1.2600.3520] . . c:\windows\$NtServicePackUninstall$\services.exe
    [-] 2009-02-06 . 65DF52F5B8B6E9BBD183505225C37315 . 110592 . . [5.1.2600.5755] . . c:\windows\system32\services.exe
    [-] 2009-02-06 . 65DF52F5B8B6E9BBD183505225C37315 . 110592 . . [5.1.2600.5755] . . c:\windows\system32\dllcache\services.exe
    [-] 2009-02-06 . 65DF52F5B8B6E9BBD183505225C37315 . 110592 . . [5.1.2600.5755] . . c:\windows\$hf_mig$\KB956572\SP3GDR\services.exe
    [-] 2009-02-06 . 020CEAAEDC8EB655B6506B8C70D53BB6 . 110592 . . [5.1.2600.5755] . . c:\windows\$hf_mig$\KB956572\SP3QFE\services.exe
    [-] 2009-02-06 . 4712531AB7A01B7EE059853CA17D39BD . 110592 . . [5.1.2600.3520] . . c:\windows\$hf_mig$\KB956572\SP2QFE\services.exe
    [7] 2008-04-13 . 0E776ED5F7CC9F94299E70461B7B8185 . 108544 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\services.exe

    [-] 2008-07-07 19:32 . 60D1A6342238378BFB7545C81EE3606C . 253952 . . [2001.12.4414.320] . . c:\windows\$NtServicePackUninstall$\es.dll
    [-] 2008-07-07 19:26 . D4991D98F2DB73C60D042F1AEF79EFAE . 253952 . . [2001.12.4414.706] . . c:\windows\system32\es.dll
    [-] 2008-07-07 19:26 . D4991D98F2DB73C60D042F1AEF79EFAE . 253952 . . [2001.12.4414.706] . . c:\windows\system32\dllcache\es.dll
    [-] 2008-07-07 19:26 . D4991D98F2DB73C60D042F1AEF79EFAE . 253952 . . [2001.12.4414.706] . . c:\windows\$hf_mig$\KB950974\SP3GDR\es.dll
    [-] 2008-07-07 19:23 . F17F6226BDC0CD5F0BEF0DAF84D29BEC . 253952 . . [2001.12.4414.706] . . c:\windows\$hf_mig$\KB950974\SP3QFE\es.dll
    [-] 2008-07-07 19:06 . A4AB3DCA4A383F0DF4988ABDEB84F9A4 . 253952 . . [2001.12.4414.320] . . c:\windows\$hf_mig$\KB950974\SP2QFE\es.dll
    [7] 2008-04-13 23:11 . 19A799805B24990867B00C120D300C3A . 246272 . . [2001.12.4414.701] . . c:\windows\ServicePackFiles\i386\es.dll
    [-] 2005-07-26 03:20 . 95F5FEA4C6DE2C3F28784D0DCC8F0DD3 . 243200 . . [2001.12.4414.308] . . c:\windows\$hf_mig$\KB902400\SP2QFE\es.dll

    [-] 2009-03-21 . B6ACAED7588295129791E0E6A2B0FADE . 986112 . . [5.1.2600.3541] . . c:\windows\$NtServicePackUninstall$\kernel32.dll
    [-] 2009-03-21 . B921FB870C9AC0D509B2CCABBBBE95F3 . 989696 . . [5.1.2600.5781] . . c:\windows\system32\kernel32.dll
    [-] 2009-03-21 . B921FB870C9AC0D509B2CCABBBBE95F3 . 989696 . . [5.1.2600.5781] . . c:\windows\system32\dllcache\kernel32.dll
    [-] 2009-03-21 . B921FB870C9AC0D509B2CCABBBBE95F3 . 989696 . . [5.1.2600.5781] . . c:\windows\$hf_mig$\KB959426\SP3GDR\kernel32.dll
    [-] 2009-03-21 . DA11D9D6ECBDF0F93436A4B7C13F7BEC . 991744 . . [5.1.2600.5781] . . c:\windows\$hf_mig$\KB959426\SP3QFE\kernel32.dll
    [-] 2009-03-21 . 80202858D245FF07DAA1739C57A3E19B . 989184 . . [5.1.2600.3541] . . c:\windows\$hf_mig$\KB959426\SP2QFE\kernel32.dll
    [7] 2008-04-13 . C24B983D211C34DA8FCC1AC38477971D . 989696 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\kernel32.dll
    [-] 2007-04-16 . 09F7CB3687F86EDAA4CA081F7AB66C03 . 986112 . . [5.1.2600.3119] . . c:\windows\$hf_mig$\KB935839\SP2QFE\kernel32.dll
    [-] 2006-07-05 . 0FDD84928A5DDE2510761B7EC76CCEC9 . 985088 . . [5.1.2600.2945] . . c:\windows\$hf_mig$\KB917422\SP2QFE\kernel32.dll

    [-] 2008-06-20 . 832E4DD8964AB7ACC880B2837CB1ED20 . 245248 . . [5.1.2600.5625] . . c:\windows\system32\mswsock.dll
    [-] 2008-06-20 . 832E4DD8964AB7ACC880B2837CB1ED20 . 245248 . . [5.1.2600.5625] . . c:\windows\system32\dllcache\mswsock.dll
    [-] 2008-06-20 . 832E4DD8964AB7ACC880B2837CB1ED20 . 245248 . . [5.1.2600.5625] . . c:\windows\$hf_mig$\KB951748\SP3GDR\mswsock.dll
    [-] 2008-06-20 . FCEE5FCB99F7C724593365C706D28388 . 245248 . . [5.1.2600.5625] . . c:\windows\$hf_mig$\KB951748\SP3QFE\mswsock.dll
    [-] 2008-06-20 . 097722F235A1FB698BF9234E01B52637 . 245248 . . [5.1.2600.3394] . . c:\windows\$NtServicePackUninstall$\mswsock.dll
    [-] 2008-06-20 . 1DFCA7713EA5A70D5D93B436AEA0317A . 245248 . . [5.1.2600.3394] . . c:\windows\$hf_mig$\KB951748\SP2QFE\mswsock.dll
    [7] 2008-04-13 . B4138E99236F0F57D4CF49BAE98A0746 . 245248 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\mswsock.dll

    [-] 2005-01-28 10:44 . 140EF97B64F560FD78643CAE2CDAD838 . 25088 . . [10.0.3790.3802] . . c:\windows\system32\MsPMSNSv.dll
    [-] 2005-01-28 10:44 . 140EF97B64F560FD78643CAE2CDAD838 . 25088 . . [10.0.3790.3802] . . c:\windows\system32\dllcache\mspmsnsv.dll
    [-] 2005-01-28 10:44 . 140EF97B64F560FD78643CAE2CDAD838 . 25088 . . [10.0.3790.3802] . . c:\windows\RegisteredPackages\{30C7234B-6482-4A55-A11D-ECD9030313F2}\MsPMSNSv.dll
    [7] 2004-08-04 02:00 . C086483E3DBA8C1C0A687EC8D5B3D4C1 . 52224 . . [9.0.1.56] . . c:\windows\RegisteredPackages\{30C7234B-6482-4A55-A11D-ECD9030313F2}$BACKUP$\System\MsPMSNSv.dll
    .
    ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* empty entries & legit default entries are not shown
    REGEDIT4

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "Mobile Partner"="d:\program files\Mobile Partner\Mobile Partner.exe" [2008-01-29 110592]
    "SpybotSD TeaTimer"="d:\program files\Spybot - Search & Destroy\TeaTimer.exe" [2009-03-05 2260480]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "CtrlVol"="c:\program files\Launch Manager\CtrlVol.exe" [2003-09-16 20480]
    "ePowerManagement"="c:\acer\ePM\ePM.exe" [2005-03-15 2893824]
    "COMODO Firewall Pro"="d:\program files\Palomuuri\Comodo\Firewall\cfp.exe" [2010-04-15 1655552]
    "avgnt"="d:\program files\Avira\AntiVir Desktop\avgnt.exe" [2010-03-02 282792]

    [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
    "CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-13 15360]

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
    "AppInit_DLLs"=c:\windows\system32\guard32.dll

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
    2009-09-04 09:08 935288 ----a-r- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
    2009-10-03 01:08 35696 ----a-w- d:\program files\Adobe\Reader\reader_sl.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ConnectionCenter]
    2009-09-12 20:09 103768 ----a-w- c:\program files\Citrix\ICA Client\concentr.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\epm-dm]
    2005-06-01 11:17 192512 ----a-w- c:\acer\ePM\epm-dm.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\eRecoveryService]
    2005-06-29 14:26 352256 ----a-w- c:\program files\acer\eRecovery\Monitor.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\F-Secure Manager]
    2009-07-09 09:34 199264 ----a-w- c:\program files\F-Secure Internet Security\Common\FSM32.EXE

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\F-Secure TNB]
    2009-07-09 09:32 2349664 ----a-w- c:\program files\F-Secure Internet Security\FSGUI\tnbutil.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HotKeysCmds]
    2005-01-23 07:31 126976 ------w- c:\windows\system32\hkcmd.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IgfxTray]
    2005-01-23 07:36 155648 ------w- c:\windows\system32\igfxtray.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IMJPMIG8.1]
    2004-08-04 02:00 208952 ----a-w- c:\windows\ime\imjp8_1\imjpmig.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LaunchAp]
    2005-07-25 10:36 32768 ----a-w- c:\program files\Launch Manager\LaunchAp.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LManager]
    2005-06-06 08:52 69632 ----a-w- c:\program files\Launch Manager\HotkeyApp.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LMgrOSD]
    2005-07-25 07:45 241664 ----a-w- c:\program files\Launch Manager\OSDCtrl.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\News Service]
    2005-05-31 11:45 356352 ----a-w- c:\program files\F-Secure Internet Security\FSGUI\ispnews.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PowerKey]
    2002-08-30 12:02 94208 ----a-w- c:\program files\Launch Manager\Powerkey.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SoundMan]
    2007-04-16 12:28 577536 ----a-w- c:\windows\soundman.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
    2009-10-11 01:17 149280 ----a-w- c:\program files\Java\jre6\bin\jusched.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SynTPEnh]
    2005-02-04 08:11 708698 ----a-w- c:\program files\Synaptics\SynTP\SynTPEnh.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SynTPLpr]
    2005-02-04 08:12 102490 ----a-w- c:\program files\Synaptics\SynTP\SynTPLpr.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Wbutton]
    2005-07-25 10:34 81920 ----a-w- c:\program files\Launch Manager\WButton.exe

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
    "EnableFirewall"= 0 (0x0)

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
    "%windir%\\system32\\sessmgr.exe"=
    "c:\\Program Files\\Messenger\\MSMSGS.EXE"=
    "%windir%\\Network Diagnostic\\xpnetdiag.exe"=
    "c:\\Program Files\\DC++\\DCPlusPlus.exe"=
    "d:\\Program Files\\Opera\\opera.exe"=
    "d:\\Program Files\\BitTorrent\\bittorrent.exe"=

    R1 mailKmd;mailKmd; [x]
    R3 F-Secure Gatekeeper;F-Secure Gatekeeper;c:\program files\F-Secure Internet Security\Anti-Virus\minifilter\fsgk.sys [2010-03-29 111296]
    R3 POWERKEY;POWERKEY;c:\program files\Launch Manager\POWERKEY.sys [2000-12-19 2343]
    R4 F-Secure Filter;F-Secure File System Filter;c:\program files\F-Secure Internet Security\Anti-Virus\Win2K\FSfilter.sys [2009-07-09 39776]
    R4 F-Secure Recognizer;F-Secure File System Recognizer;c:\program files\F-Secure Internet Security\Anti-Virus\Win2K\FSrec.sys [2009-07-09 25184]
    R4 FSORSPClient;F-Secure ORSP Client;c:\program files\F-Secure Internet Security\ORSP Client\fsorsp.exe [2010-03-01 55992]
    R4 sptd;sptd;c:\windows\system32\Drivers\sptd.sys [2009-11-29 691696]
    S0 fsbts;fsbts;c:\windows\system32\Drivers\fsbts.sys [2009-09-25 33920]
    S0 FSFW;F-Secure Firewall Driver;c:\windows\System32\drivers\fsdfw.sys [2009-07-09 80000]
    S1 cmdGuard;COMODO Firewall Pro Sandbox Driver;c:\windows\system32\DRIVERS\cmdguard.sys [2010-04-15 87056]
    S1 cmdHlp;COMODO Firewall Pro Helper Driver;c:\windows\system32\DRIVERS\cmdhlp.sys [2010-04-15 24208]
    S1 ctxusbm;Citrix USB Monitor Driver;c:\windows\system32\DRIVERS\ctxusbm.sys [2009-09-08 65584]
    S1 F-Secure HIPS;F-Secure HIPS Driver;c:\program files\F-Secure Internet Security\HIPS\drivers\fshs.sys [2009-07-09 68064]
    S2 AntiVirSchedulerService;Avira AntiVir Scheduler;d:\program files\Avira\AntiVir Desktop\sched.exe [2010-02-24 135336]


    --- Other Services/Drivers In Memory ---

    *Deregistered* - awrcqkog

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
    getPlusHelper REG_MULTI_SZ getPlusHelper
    .
    .
    ------- Supplementary Scan -------
    .
    uStart Page = hxxp://www.google.fi/
    IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
    IE: Vie Microsoft E&xceliin - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
    LSP: c:\program files\F-Secure Internet Security\FSPS\program\FSLSP.DLL
    Trusted Zone: microsoft.com\www.update
    FF - ProfilePath - c:\documents and settings\Admin\Application Data\Mozilla\Firefox\Profiles\k8adl0js.default\
    FF - component: c:\program files\F-Secure Internet Security\NRS\litmus-ff@f-secure.com\components\litmus-ff.dll
    FF - plugin: c:\program files\Mozilla Firefox\plugins\np-mswmp.dll
    FF - plugin: c:\program files\Mozilla Firefox\plugins\npicaN.dll
    FF - plugin: d:\program files\Adobe\Reader\browser\nppdf32.dll
    FF - plugin: d:\program files\Opera\program\plugins\npdsplay.dll
    FF - plugin: d:\program files\Opera\program\plugins\npwmsdrm.dll
    FF - plugin: d:\program files\Picasa3\npPicasa3.dll
    FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

    ---- FIREFOX POLICIES ----
    c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbaam7a8h", true);
    c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true);
    c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled", false);
    .

    **************************************************************************

    catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2010-09-18 15:32
    Windows 5.1.2600 Service Pack 3 FAT NTAPI

    scanning hidden processes ...

    scanning hidden autostart entries ...

    scanning hidden files ...

    scan completed successfully
    hidden files: 0

    **************************************************************************
    .
    --------------------- LOCKED REGISTRY KEYS ---------------------

    [HKEY_USERS\S-1-5-21-3845734143-1002380211-3227636783-1005\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*]
    "??"=hex:77,3d,25,f7,65,81,ed,6d,17,1b,13,58,01,7e,b0,9a,38,5a,c5,21,64,f5,71,
    be,03,7d,f8,f4,10,20,ed,21,b5,d0,5c,70,e1,e5,65,03,e3,76,0f,d4,a3,31,4a,08,\
    "??"=hex:50,7c,a2,1e,10,75,48,ba,d8,91,db,8e,f1,c0,17,b8
    .
    --------------------- DLLs Loaded Under Running Processes ---------------------

    - - - - - - - > 'winlogon.exe'(580)
    c:\windows\system32\guard32.dll

    - - - - - - - > 'lsass.exe'(636)
    c:\windows\system32\guard32.dll
    c:\program files\F-Secure Internet Security\FSPS\program\FSLSP.DLL

    - - - - - - - > 'explorer.exe'(3100)
    c:\windows\system32\WININET.dll
    c:\windows\system32\ieframe.dll
    c:\windows\system32\webcheck.dll
    .
    Completion time: 2010-09-18 15:36:30
    ComboFix-quarantined-files.txt 2010-09-18 12:36

    Pre-Run: 1 953 071 104 bytes free
    Post-Run: 1 938 718 720 bytes free

    - - End Of File - - 248D7E552A04B9F2F75ED9C6370C38D1


    LOPPU
    -
    -
    -
    -
    -


    GMER 1.0.15.15281 - http://www.gmer.net
    Rootkit scan 2010-09-18 15:41:33
    Windows 5.1.2600 Service Pack 3
    Running: gmer.exe; Driver: C:\DOCUME~1\Admin\LOCALS~1\Temp\awrcqkog.sys


    ---- System - GMER 1.0.15 ----

    SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Firewall Pro Sandbox Driver/COMODO) ZwAdjustPrivilegesToken [0xA7B4DC8C]
    SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Firewall Pro Sandbox Driver/COMODO) ZwConnectPort [0xA7B4D3C4]
    SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Firewall Pro Sandbox Driver/COMODO) ZwCreateFile [0xA7B4D8A0]
    SSDT BA71329E ZwCreateKey
    SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Firewall Pro Sandbox Driver/COMODO) ZwCreatePort [0xA7B4D080]
    SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Firewall Pro Sandbox Driver/COMODO) ZwCreateSection [0xA7B4F084]
    SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Firewall Pro Sandbox Driver/COMODO) ZwCreateSymbolicLinkObject [0xA7B4DE72]
    SSDT BA713294 ZwCreateThread
    SSDT BA7132A3 ZwDeleteKey
    SSDT BA7132AD ZwDeleteValueKey
    SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Firewall Pro Sandbox Driver/COMODO) ZwDuplicateObject [0xA7B4CB02]
    SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Firewall Pro Sandbox Driver/COMODO) ZwLoadDriver [0xA7B4ED24]
    SSDT BA7132B2 ZwLoadKey
    SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Firewall Pro Sandbox Driver/COMODO) ZwOpenFile [0xA7B4DAB0]
    SSDT BA713280 ZwOpenProcess
    SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Firewall Pro Sandbox Driver/COMODO) ZwOpenSection [0xA7B4D744]
    SSDT BA713285 ZwOpenThread
    SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Firewall Pro Sandbox Driver/COMODO) ZwRenameKey [0xA7B4E7F2]
    SSDT BA7132BC ZwReplaceKey
    SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Firewall Pro Sandbox Driver/COMODO) ZwRequestWaitReplyPort [0xA7B4D196]
    SSDT BA7132B7 ZwRestoreKey
    SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Firewall Pro Sandbox Driver/COMODO) ZwSecureConnectPort [0xA7B4EAE6]
    SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Firewall Pro Sandbox Driver/COMODO) ZwSetSystemInformation [0xA7B4EEC4]
    SSDT BA7132A8 ZwSetValueKey
    SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Firewall Pro Sandbox Driver/COMODO) ZwShutdownSystem [0xA7B4D5D2]
    SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Firewall Pro Sandbox Driver/COMODO) ZwSystemDebugControl [0xA7B4D638]
    SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Firewall Pro Sandbox Driver/COMODO) ZwTerminateProcess [0xA7B4CF4A]
    SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Firewall Pro Sandbox Driver/COMODO) ZwTerminateThread [0xA7B4CE18]

    Code fsdfw.sys (F-Secure Internet Shield Driver/F-Secure Corporation) IoCreateDevice
    Code \??\C:\DOCUME~1\Admin\LOCALS~1\Temp\catchme.sys pIofCallDriver

    ---- Kernel code sections - GMER 1.0.15 ----

    .text ntkrnlpa.exe!ZwCallbackReturn + 26CC 80501F04 4 Bytes JMP CBECA7B4
    PAGE ntkrnlpa.exe!IoCreateDevice 8056AB48 5 Bytes JMP B9E02FFA fsdfw.sys (F-Secure Internet Shield Driver/F-Secure Corporation)
    PAGENPNP NDIS.SYS!NdisRegisterProtocol B9E1217F 5 Bytes JMP B9E02E0C fsdfw.sys (F-Secure Internet Shield Driver/F-Secure Corporation)
    PAGENPNP NDIS.SYS!NdisOpenAdapter B9E12399 5 Bytes JMP B9E03394 fsdfw.sys (F-Secure Internet Shield Driver/F-Secure Corporation)
    PAGENPNP NDIS.SYS!NdisCloseAdapter B9E1C642 5 Bytes JMP B9E02F18 fsdfw.sys (F-Secure Internet Shield Driver/F-Secure Corporation)
    PAGENPNP NDIS.SYS!NdisDeregisterProtocol B9E1C821 5 Bytes JMP B9E031B0 fsdfw.sys (F-Secure Internet Shield Driver/F-Secure Corporation)
    PAGENDSP NDIS.SYS!NdisReturnPackets B9E1F810 5 Bytes JMP B9E03C0C fsdfw.sys (F-Secure Internet Shield Driver/F-Secure Corporation)
    PAGENDSP NDIS.SYS!NdisRequest B9E1F97B 5 Bytes JMP B9E035AC fsdfw.sys (F-Secure Internet Shield Driver/F-Secure Corporation)
    PAGENDSP NDIS.SYS!NdisSend B9E22986 5 Bytes JMP B9E0458C fsdfw.sys (F-Secure Internet Shield Driver/F-Secure Corporation)
    PAGENDSP NDIS.SYS!NdisSendPackets B9E229A3 5 Bytes JMP B9E0465E fsdfw.sys (F-Secure Internet Shield Driver/F-Secure Corporation)
    PAGENDSP NDIS.SYS!NdisTransferData B9E229BE 5 Bytes JMP B9E03D0A fsdfw.sys (F-Secure Internet Shield Driver/F-Secure Corporation)
    PAGENDCO NDIS.SYS!NdisCoCreateVc B9E29186 5 Bytes JMP B9E02E76 fsdfw.sys (F-Secure Internet Shield Driver/F-Secure Corporation)
    PAGENDCO NDIS.SYS!NdisCoDeleteVc B9E2A557 5 Bytes JMP B9E02EE4 fsdfw.sys (F-Secure Internet Shield Driver/F-Secure Corporation)
    PAGENDCO NDIS.SYS!NdisCoSendPackets B9E2AAF1 5 Bytes JMP B9E04376 fsdfw.sys (F-Secure Internet Shield Driver/F-Secure Corporation)
    ? C:\WINDOWS\system32\Drivers\PROCEXP113.SYS The system cannot find the file specified. !
    ? C:\DOCUME~1\Admin\LOCALS~1\Temp\catchme.sys The system cannot find the file specified. !
    ? C:\DOCUME~1\Admin\LOCALS~1\Temp\mbr.sys The system cannot find the file specified. !

    ---- User code sections - GMER 1.0.15 ----

    .text C:\WINDOWS\System32\svchost.exe[160] ntdll.dll!NtClose 7C90CFEE 5 Bytes JMP 10005060 C:\WINDOWS\system32\guard32.dll
    .text C:\WINDOWS\System32\svchost.exe[160] ntdll.dll!LdrUnloadDll 7C91738B 5 Bytes JMP 10004F90 C:\WINDOWS\system32\guard32.dll
    .text C:\WINDOWS\System32\svchost.exe[160] USER32.dll!EndTask 7E45A0A5 5 Bytes JMP 10004C30 C:\WINDOWS\system32\guard32.dll
    .text C:\WINDOWS\System32\svchost.exe[160] USER32.dll!mouse_event 7E46673F 5 Bytes JMP 100016D0 C:\WINDOWS\system32\guard32.dll
    .text C:\WINDOWS\System32\svchost.exe[160] USER32.dll!keybd_event 7E466783 5 Bytes JMP 10001550 C:\WINDOWS\system32\guard32.dll
    .text C:\WINDOWS\System32\svchost.exe[160] GDI32.dll!BitBlt 77F16F79 5 Bytes JMP 10001860 C:\WINDOWS\system32\guard32.dll
    .text C:\WINDOWS\System32\svchost.exe[160] GDI32.dll!CreateDCA 77F1B7D2 5 Bytes JMP 10001230 C:\WINDOWS\system32\guard32.dll
    .text C:\WINDOWS\System32\svchost.exe[160] GDI32.dll!CreateDCW 77F1BE38 2 Bytes JMP 100013C0 C:\WINDOWS\system32\guard32.dll
    .text C:\WINDOWS\System32\svchost.exe[160] GDI32.dll!CreateDCW + 3 77F1BE3B 2 Bytes [0E, 98] {PUSH CS; CWDE }
    .text C:\WINDOWS\System32\svchost.exe[160] ole32.dll!CoCreateInstanceEx 77500526 5 Bytes JMP 10004960 C:\WINDOWS\system32\guard32.dll
    .text C:\WINDOWS\System32\svchost.exe[160] ole32.dll!CoGetClassObject 775156C5 5 Bytes JMP 10004AD0 C:\WINDOWS\system32\guard32.dll
    .text C:\WINDOWS\system32\locator.exe[340] ntdll.dll!NtClose 7C90CFEE 5 Bytes JMP 10005060 C:\WINDOWS\system32\guard32.dll
    .text C:\WINDOWS\system32\locator.exe[340] ntdll.dll!LdrUnloadDll 7C91738B 5 Bytes JMP 10004F90 C:\WINDOWS\system32\guard32.dll
    .text C:\WINDOWS\system32\locator.exe[340] USER32.dll!EndTask 7E45A0A5 5 Bytes JMP 10004C30 C:\WINDOWS\system32\guard32.dll
    .text C:\WINDOWS\system32\locator.exe[340] USER32.dll!mouse_event 7E46673F 5 Bytes JMP 100016D0 C:\WINDOWS\system32\guard32.dll
    .text C:\WINDOWS\system32\locator.exe[340] USER32.dll!keybd_event 7E466783 5 Bytes JMP 10001550 C:\WINDOWS\system32\guard32.dll
    .text C:\WINDOWS\system32\locator.exe[340] GDI32.dll!BitBlt 77F16F79 5 Bytes JMP 10001860 C:\WINDOWS\system32\guard32.dll
    .text C:\WINDOWS\system32\locator.exe[340] GDI32.dll!CreateDCA 77F1B7D2 5 Bytes JMP 10001230 C:\WINDOWS\system32\guard32.dll
    .text C:\WINDOWS\system32\locator.exe[340] GDI32.dll!CreateDCW 77F1BE38 2 Bytes JMP 100013C0 C:\WINDOWS\system32\guard32.dll
    .text C:\WINDOWS\system32\locator.exe[340] GDI32.dll!CreateDCW + 3 77F1BE3B 2 Bytes [0E, 98] {PUSH CS; CWDE }
    .text C:\WINDOWS\system32\locator.exe[340] ole32.dll!CoCreateInstanceEx 77500526 5 Bytes JMP 10004960 C:\WINDOWS\system32\guard32.dll
    .text C:\WINDOWS\system32\locator.exe[340] ole32.dll!CoGetClassObject 775156C5 5 Bytes JMP 10004AD0 C:\WINDOWS\system32\guard32.dll
    .text C:\WINDOWS\system32\wdfmgr.exe[396] ntdll.dll!NtClose 7C90CFEE 5 Bytes JMP 10005060 C:\WINDOWS\system32\guard32.dll
    .text C:\WINDOWS\system32\wdfmgr.exe[396] ntdll.dll!LdrUnloadDll 7C91738B 5 Bytes JMP 10004F90 C:\WINDOWS\system32\guard32.dll
    .text C:\WINDOWS\system32\wdfmgr.exe[396] USER32.dll!EndTask 7E45A0A5 5 Bytes JMP 10004C30 C:\WINDOWS\system32\guard32.dll
    .text C:\WINDOWS\system32\wdfmgr.exe[396] USER32.dll!mouse_event 7E46673F 5 Bytes JMP 100016D0 C:\WINDOWS\system32\guard32.dll
    .text C:\WINDOWS\system32\wdfmgr.exe[396] USER32.dll!keybd_event 7E466783 5 Bytes JMP 10001550 C:\WINDOWS\system32\guard32.dll
    .text C:\WINDOWS\system32\wdfmgr.exe[396] GDI32.dll!BitBlt 77F16F79 5 Bytes JMP 10001860 C:\WINDOWS\system32\guard32.dll
    .text C:\WINDOWS\system32\wdfmgr.exe[396] GDI32.dll!CreateDCA 77F1B7D2 5 Bytes JMP 10001230 C:\WINDOWS\system32\guard32.dll
    .text C:\WINDOWS\system32\wdfmgr.exe[396] GDI32.dll!CreateDCW 77F1BE38 2 Bytes JMP 100013C0 C:\WINDOWS\system32\guard32.dll
    .text C:\WINDOWS\system32\wdfmgr.exe[396] GDI32.dll!CreateDCW + 3 77F1BE3B 2 Bytes [0E, 98] {PUSH CS; CWDE }
    .text C:\WINDOWS\system32\wdfmgr.exe[396] ole32.dll!CoCreateInstanceEx 77500526 5 Bytes JMP 10004960 C:\WINDOWS\system32\guard32.dll
    .text C:\WINDOWS\system32\wdfmgr.exe[396] ole32.dll!CoGetClassObject 775156C5 5 Bytes JMP 10004AD0 C:\WINDOWS\system32\guard32.dll
    .text C:\WINDOWS\system32\winlogon.exe[580] ntdll.dll!NtClose 7C90CFEE 5 Bytes JMP 10005060 C:\WINDOWS\system32\guard32.dll
    .text C:\WINDOWS\system32\winlogon.exe[580] ntdll.dll!LdrUnloadDll 7C91738B 5 Bytes JMP 10004F90 C:\WINDOWS\system32\guard32.dll
    .text C:\WINDOWS\system32\winlogon.exe[580] USER32.dll!EndTask 7E45A0A5 5 Bytes JMP 10004C30 C:\WINDOWS\system32\guard32.dll
    .text C:\WINDOWS\system32\winlogon.exe[580] USER32.dll!mouse_event 7E46673F 5 Bytes JMP 100016D0 C:\WINDOWS\system32\guard32.dll
    .text C:\WINDOWS\system32\winlogon.exe[580] USER32.dll!keybd_event 7E466783 5 Bytes JMP 10001550 C:\WINDOWS\system32\guard32.dll
    .text C:\WINDOWS\system32\winlogon.exe[580] GDI32.dll!BitBlt 77F16F79 5 Bytes JMP 10001860 C:\WINDOWS\system32\guard32.dll
    .text C:\WINDOWS\system32\winlogon.exe[580] GDI32.dll!CreateDCA 77F1B7D2 5 Bytes JMP 10001230 C:\WINDOWS\system32\guard32.dll
    .text C:\WINDOWS\system32\winlogon.exe[580] GDI32.dll!CreateDCW 77F1BE38 2 Bytes JMP 100013C0 C:\WINDOWS\system32\guard32.dll
    .text C:\WINDOWS\system32\winlogon.exe[580] GDI32.dll!CreateDCW + 3 77F1BE3B 2 Bytes [0E, 98] {PUSH CS; CWDE }
    .text C:\WINDOWS\system32\winlogon.exe[580] ole32.dll!CoCreateInstanceEx 77500526 5 Bytes JMP 10004960 C:\WINDOWS\system32\guard32.dll
    .text C:\WINDOWS\system32\winlogon.exe[580] ole32.dll!CoGetClassObject 775156C5 5 Bytes JMP 10004AD0 C:\WINDOWS\system32\guard32.dll
    .text C:\WINDOWS\system32\services.exe[624] ntdll.dll!NtClose 7C90CFEE 5 Bytes JMP 10005060 C:\WINDOWS\system32\guard32.dll
    .text C:\WINDOWS\system32\services.exe[624] ntdll.dll!LdrUnloadDll 7C91738B 5 Bytes JMP 10004F90 C:\WINDOWS\system32\guard32.dll
    .text C:\WINDOWS\system32\services.exe[624] USER32.dll!EndTask 7E45A0A5 5 Bytes JMP 10004C30 C:\WINDOWS\system32\guard32.dll
    .text C:\WINDOWS\system32\services.exe[624] USER32.dll!mouse_event 7E46673F 5 Bytes JMP 100016D0 C:\WINDOWS\system32\guard32.dll
    .text C:\WINDOWS\system32\services.exe[624] USER32.dll!keybd_event 7E466783 5 Bytes JMP 10001550 C:\WINDOWS\system32\guard32.dll
    .text C:\WINDOWS\system32\services.exe[624] GDI32.dll!BitBlt 77F16F79 5 Bytes JMP 10001860 C:\WINDOWS\system32\guard32.dll
    .text C:\WINDOWS\system32\services.exe[624] GDI32.dll!CreateDCA 77F1B7D2 5 Bytes JMP 10001230 C:\WINDOWS\system32\guard32.dll
    .text C:\WINDOWS\system32\services.exe[624] GDI32.dll!CreateDCW 77F1BE38 2 Bytes JMP 100013C0 C:\WINDOWS\system32\guard32.dll
    .text C:\WINDOWS\system32\services.exe[624] GDI32.dll!CreateDCW + 3 77F1BE3B 2 Bytes [0E, 98] {PUSH CS; CWDE }
    .text C:\WINDOWS\system32\services.exe[624] ole32.dll!CoCreateInstanceEx 77500526 5 Bytes JMP 10004960 C:\WINDOWS\system32\guard32.dll
    .text C:\WINDOWS\system32\services.exe[624] ole32.dll!CoGetClassObject 775156C5 5 Bytes JMP 10004AD0 C:\WINDOWS\system32\guard32.dll
    .text C:\WINDOWS\system32\lsass.exe[636] ntdll.dll!NtClose 7C90CFEE 5 Bytes JMP 10005060 C:\WINDOWS\system32\guard32.dll
    .text C:\WINDOWS\system32\lsass.exe[636] ntdll.dll!LdrUnloadDll 7C91738B 5 Bytes JMP 10004F90 C:\WINDOWS\system32\guard32.dll
    .text C:\WINDOWS\system32\lsass.exe[636] USER32.dll!EndTask 7E45A0A5 5 Bytes JMP 10004C30 C:\WINDOWS\system32\guard32.dll
    .text C:\WINDOWS\system32\lsass.exe[636] USER32.dll!mouse_event 7E46673F 5 Bytes JMP 100016D0 C:\WINDOWS\system32\guard32.dll
    .text C:\WINDOWS\system32\lsass.exe[636] USER32.dll!keybd_event 7E466783 5 Bytes JMP 10001550 C:\WINDOWS\system32\guard32.dll
    .text C:\WINDOWS\system32\lsass.exe[636] GDI32.dll!BitBlt 77F16F79 5 Bytes JMP 10001860 C:\WINDOWS\system32\guard32.dll
    .text C:\WINDOWS\system32\lsass.exe[636] GDI32.dll!CreateDCA 77F1B7D2 5 Bytes JMP 10001230 C:\WINDOWS\system32\guard32.dll
    .text C:\WINDOWS\system32\lsass.exe[636] GDI32.dll!CreateDCW 77F1BE38 2 Bytes JMP 100013C0 C:\WINDOWS\system32\guard32.dll
    .text C:\WINDOWS\system32\lsass.exe[636] GDI32.dll!CreateDCW + 3 77F1BE3B 2 Bytes [0E, 98] {PUSH CS; CWDE }
    .text C:\WINDOWS\system32\lsass.exe[636] ole32.dll!CoCreateInstanceEx 77500526 5 Bytes JMP 10004960 C:\WINDOWS\system32\guard32.dll
    .text C:\WINDOWS\system32\lsass.exe[636] ole32.dll!CoGetClassObject 775156C5 5 Bytes JMP 10004AD0 C:\WINDOWS\system32\guard32.dll
    .text D:\Program Files\Avira\AntiVir Desktop\avguard.exe[792] ntdll.dll!NtClose 7C90CFEE 5 Bytes JMP 10005060 C:\WINDOWS\system32\guard32.dll
    .text D:\Program Files\Avira\AntiVir Desktop\avguard.exe[792] ntdll.dll!LdrUnloadDll 7C91738B 5 Bytes JMP 10004F90 C:\WINDOWS\system32\guard32.dll
    .text D:\Program Files\Avira\AntiVir Desktop\avguard.exe[792] USER32.dll!EndTask 7E45A0A5 5 Bytes JMP 10004C30 C:\WINDOWS\system32\guard32.dll
    .text D:\Program Files\Avira\AntiVir Desktop\avguard.exe[792] USER32.dll!mouse_event 7E46673F 5 Bytes JMP 100016D0 C:\WINDOWS\system32\guard32.dll
    .text D:\Program Files\Avira\AntiVir Desktop\avguard.exe[792] USER32.dll!keybd_event 7E466783 5 Bytes JMP 10001550 C:\WINDOWS\system32\guard32.dll
    .text D:\Program Files\Avira\AntiVir Desktop\avguard.exe[792] GDI32.dll!BitBlt 77F16F79 5 Bytes JMP 10001860 C:\WINDOWS\system32\guard32.dll
    .text D:\Program Files\Avira\AntiVir Desktop\avguard.exe[792] GDI32.dll!CreateDCA 77F1B7D2 5 Bytes JMP 10001230 C:\WINDOWS\system32\guard32.dll
    .text D:\Program Files\Avira\AntiVir Desktop\avguard.exe[792] GDI32.dll!CreateDCW 77F1BE38 2 Bytes JMP 100013C0 C:\WINDOWS\system32\guard32.dll
    .text D:\Program Files\Avira\AntiVir Desktop\avguard.exe[792] GDI32.dll!CreateDCW + 3 77F1BE3B 2 Bytes [0E, 98] {PUSH CS; CWDE }
    .text D:\Program Files\Avira\AntiVir Desktop\avguard.exe[792] ole32.dll!CoCreateInstanceEx 77500526 5 Bytes JMP 10004960 C:\WINDOWS\system32\guard32.dll
    .text D:\Program Files\Avira\AntiVir Desktop\avguard.exe[792] ole32.dll!CoGetClassObject 775156C5 5 Bytes JMP 10004AD0 C:\WINDOWS\system32\guard32.dll
    .text D:\Program Files\Avira\AntiVir Desktop\avshadow.exe[848] ntdll.dll!NtClose 7C90CFEE 5 Bytes JMP 10005060 C:\WINDOWS\system32\guard32.dll
    .text D:\Program Files\Avira\AntiVir Desktop\avshadow.exe[848] ntdll.dll!LdrUnloadDll 7C91738B 5 Bytes JMP 10004F90 C:\WINDOWS\system32\guard32.dll
    .text D:\Program Files\Avira\AntiVir Desktop\avshadow.exe[848] ole32.dll!CoCreateInstanceEx 77500526 5 Bytes JMP 10004960 C:\WINDOWS\system32\guard32.dll
    .text D:\Program Files\Avira\AntiVir Desktop\avshadow.exe[848] ole32.dll!CoGetClassObject 775156C5 5 Bytes JMP 10004AD0 C:\WINDOWS\system32\guard32.dll
    .text D:\Program Files\Avira\AntiVir Desktop\avshadow.exe[848] GDI32.dll!BitBlt 77F16F79 5 Bytes JMP 10001860 C:\WINDOWS\system32\guard32.dll
    .text D:\Program Files\Avira\AntiVir Desktop\avshadow.exe[848] GDI32.dll!CreateDCA 77F1B7D2 5 Bytes JMP 10001230 C:\WINDOWS\system32\guard32.dll
    .text D:\Program Files\Avira\AntiVir Desktop\avshadow.exe[848] GDI32.dll!CreateDCW 77F1BE38 2 Bytes JMP 100013C0 C:\WINDOWS\system32\guard32.dll
    .text D:\Program Files\Avira\AntiVir Desktop\avshadow.exe[848] GDI32.dll!CreateDCW + 3 77F1BE3B 2 Bytes [0E, 98] {PUSH CS; CWDE }
    .text D:\Program Files\Avira\AntiVir Desktop\avshadow.exe[848] USER32.dll!EndTask 7E45A0A5 5 Bytes JMP 10004C30 C:\WINDOWS\system32\guard32.dll
    .text D:\Program Files\Avira\AntiVir Desktop\avshadow.exe[848] USER32.dll!mouse_event 7E46673F 5 Bytes JMP 100016D0 C:\WINDOWS\system32\guard32.dll
    .text D:\Program Files\Avira\AntiVir Desktop\avshadow.exe[848] USER32.dll!keybd_event 7E466783 5 Bytes JMP 10001550 C:\WINDOWS\system32\guard32.dll
    .text C:\WINDOWS\system32\svchost.exe[1012] ntdll.dll!NtClose 7C90CFEE 5 Bytes JMP 10005060 C:\WINDOWS\system32\guard32.dll
    .text C:\WINDOWS\system32\svchost.exe[1012] ntdll.dll!LdrUnloadDll 7C91738B 5 Bytes JMP 10004F90 C:\WINDOWS\system32\guard32.dll
    .text C:\WINDOWS\system32\svchost.exe[1012] USER32.dll!EndTask 7E45A0A5 5 Bytes JMP 10004C30 C:\WINDOWS\system32\guard32.dll
    .text C:\WINDOWS\system32\svchost.exe[1012] USER32.dll!mouse_event 7E46673F 5 Bytes JMP 100016D0 C:\WINDOWS\system32\guard32.dll
    .text C:\WINDOWS\system32\svchost.exe[1012] USER32.dll!keybd_event 7E466783 5 Bytes JMP 10001550 C:\WINDOWS\system32\guard32.dll
    .text C:\WINDOWS\system32\svchost.exe[1012] GDI32.dll!BitBlt 77F16F79 5 Bytes JMP 10001860 C:\WINDOWS\system32\guard32.dll
    .text C:\WINDOWS\system32\svchost.exe[1012] GDI32.dll!CreateDCA 77F1B7D2 5 Bytes JMP 10001230 C:\WINDOWS\system32\guard32.dll
    .text C:\WINDOWS\system32\svchost.exe[1012] GDI32.dll!CreateDCW 77F1BE38 2 Bytes JMP 100013C0 C:\WINDOWS\system32\guard32.dll
    .text C:\WINDOWS\system32\svchost.exe[1012] GDI32.dll!CreateDCW + 3 77F1BE3B 2 Bytes [0E, 98] {PUSH CS; CWDE }
    .text C:\WINDOWS\system32\svchost.exe[1012] ole32.dll!CoCreateInstanceEx 77500526 5 Bytes JMP 10004960 C:\WINDOWS\system32\guard32.dll
    .text C:\WINDOWS\system32\svchost.exe[1012] ole32.dll!CoGetClassObject 775156C5 5 Bytes JMP 10004AD0 C:\WINDOWS\system32\guard32.dll
    .text C:\WINDOWS\System32\svchost.exe[1048] ntdll.dll!NtClose 7C90CFEE 5 Bytes JMP 10005060 C:\WINDOWS\system32\guard32.dll
    .text C:\WINDOWS\System32\svchost.exe[1048] ntdll.dll!LdrUnloadDll 7C91738B 5 Bytes JMP 10004F90 C:\WINDOWS\system32\guard32.dll
    .text C:\WINDOWS\System32\svchost.exe[1048] USER32.dll!EndTask 7E45A0A5 5 Bytes JMP 10004C30 C:\WINDOWS\system32\guard32.dll
    .text C:\WINDOWS\System32\svchost.exe[1048] USER32.dll!mouse_event 7E46673F 5 Bytes JMP 100016D0 C:\WINDOWS\system32\guard32.dll
    .text C:\WINDOWS\System32\svchost.exe[1048] USER32.dll!keybd_event 7E466783 5 Bytes JMP 10001550 C:\WINDOWS\system32\guard32.dll
    .text C:\WINDOWS\System32\svchost.exe[1048] GDI32.dll!BitBlt 77F16F79 5 Bytes JMP 10001860 C:\WINDOWS\system32\guard32.dll
    .text C:\WINDOWS\System32\svchost.exe[1048] GDI32.dll!CreateDCA 77F1B7D2 5 Bytes JMP 10001230 C:\WINDOWS\system32\guard32.dll
    .text C:\WINDOWS\System32\svchost.exe[1048] GDI32.dll!CreateDCW 77F1BE38 2 Bytes JMP 100013C0 C:\WINDOWS\system32\guard32.dll
    .text C:\WINDOWS\System32\svchost.exe[1048] GDI32.dll!CreateDCW + 3 77F1BE3B 2 Bytes [0E, 98] {PUSH CS; CWDE }
    .text C:\WINDOWS\System32\svchost.exe[1048] ole32.dll!CoCreateInstanceEx 77500526 5 Bytes JMP 10004960 C:\WINDOWS\system32\guard32.dll
    .text C:\WINDOWS\System32\svchost.exe[1048] ole32.dll!CoGetClassObject 775156C5 5 Bytes JMP 10004AD0 C:\WINDOWS\system32\guard32.dll
    .text C:\Documents and Settings\Admin\Desktop\gmer.exe[1204] ntdll.dll!NtClose 7C90CFEE 5 Bytes JMP 10005060 C:\WINDOWS\system32\guard32.dll
    .text C:\Documents and Settings\Admin\Desktop\gmer.exe[1204] ntdll.dll!LdrUnloadDll 7C91738B 5 Bytes JMP 10004F90 C:\WINDOWS\system32\guard32.dll
    .text C:\Documents and Settings\Admin\Desktop\gmer.exe[1204] GDI32.dll!BitBlt 77F16F79 5 Bytes JMP 10001860 C:\WINDOWS\system32\guard32.dll
    .text C:\Documents and Settings\Admin\Desktop\gmer.exe[1204] GDI32.dll!CreateDCA 77F1B7D2 5 Bytes JMP 10001230 C:\WINDOWS\system32\guard32.dll
    .text C:\Documents and Settings\Admin\Desktop\gmer.exe[1204] GDI32.dll!CreateDCW 77F1BE38 2 Bytes JMP 100013C0 C:\WINDOWS\system32\guard32.dll
    .text C:\Documents and Settings\Admin\Desktop\gmer.exe[1204] GDI32.dll!CreateDCW + 3 77F1BE3B 2 Bytes [0E, 98] {PUSH CS; CWDE }
    .text C:\Documents and Settings\Admin\Desktop\gmer.exe[1204] USER32.dll!EndTask 7E45A0A5 5 Bytes JMP 10004C30 C:\WINDOWS\system32\guard32.dll
    .text C:\Documents and Settings\Admin\Desktop\gmer.exe[1204] USER32.dll!mouse_event 7E46673F 5 Bytes JMP 100016D0 C:\WINDOWS\system32\guard32.dll
    .text C:\Documents and Settings\Admin\Desktop\gmer.exe[1204] USER32.dll!keybd_event 7E466783 5 Bytes JMP 10001550 C:\WINDOWS\system32\guard32.dll
    .text C:\Documents and Settings\Admin\Desktop\gmer.exe[1204] ole32.dll!CoCreateInstanceEx 77500526 5 Bytes JMP 10004960 C:\WINDOWS\system32\guard32.dll
    .text C:\Documents and Settings\Admin\Desktop\gmer.exe[1204] ole32.dll!CoGetClassObject 775156C5 5 Bytes JMP 10004AD0 C:\WINDOWS\system32\guard32.dll
    .text C:\WINDOWS\system32\svchost.exe[1260] ntdll.dll!NtClose 7C90CFEE 5 Bytes JMP 10005060 C:\WINDOWS\system32\guard32.dll
    .text C:\WINDOWS\system32\svchost.exe[1260] ntdll.dll!LdrUnloadDll 7C91738B 5 Bytes JMP 10004F90 C:\WINDOWS\system32\guard32.dll
    .text C:\WINDOWS\system32\svchost.exe[1260] USER32.dll!EndTask 7E45A0A5 5 Bytes JMP 10004C30 C:\WINDOWS\system32\guard32.dll
    .text C:\WINDOWS\system32\svchost.exe[1260] USER32.dll!mouse_event 7E46673F 5 Bytes JMP 100016D0 C:\WINDOWS\system32\guard32.dll
    .text C:\WINDOWS\system32\svchost.exe[1260] USER32.dll!keybd_event 7E466783 5 Bytes JMP 10001550 C:\WINDOWS\system32\guard32.dll
    .text C:\WINDOWS\system32\svchost.exe[1260] GDI32.dll!BitBlt 77F16F79 5 Bytes JMP 10001860 C:\WINDOWS\system32\guard32.dll
    .text C:\WINDOWS\system32\svchost.exe[1260] GDI32.dll!CreateDCA 77F1B7D2 5 Bytes JMP 10001230 C:\WINDOWS\system32\guard32.dll
    .text C:\WINDOWS\system32\svchost.exe[1260] GDI32.dll!CreateDCW 77F1BE38 2 Bytes JMP 100013C0 C:\WINDOWS\system32\guard32.dll
    .text C:\WINDOWS\system32\svchost.exe[1260] GDI32.dll!CreateDCW + 3 77F1BE3B 2 Bytes [0E, 98] {PUSH CS; CWDE }
    .text C:\WINDOWS\system32\svchost.exe[1260] ole32.dll!CoCreateInstanceEx 77500526 5 Bytes JMP 10004960 C:\WINDOWS\system32\guard32.dll
    .text C:\WINDOWS\system32\svchost.exe[1260] ole32.dll!CoGetClassObject 775156C5 5 Bytes JMP 10004AD0 C:\WINDOWS\system32\guard32.dll
    .text C:\WINDOWS\system32\svchost.exe[1272] ntdll.dll!NtClose 7C90CFEE 5 Bytes JMP 10005060 C:\WINDOWS\system32\guard32.dll
    .text C:\WINDOWS\system32\svchost.exe[1272] ntdll.dll!LdrUnloadDll 7C91738B 5 Bytes JMP 10004F90 C:\WINDOWS\system32\guard32.dll
    .text C:\WINDOWS\system32\svchost.exe[1272] USER32.dll!EndTask 7E45A0A5 5 Bytes JMP 10004C30 C:\WINDOWS\system32\guard32.dll
    .text C:\WINDOWS\system32\svchost.exe[1272] USER32.dll!mouse_event 7E46673F 5 Bytes JMP 100016D0 C:\WINDOWS\system32\guard32.dll
    .text C:\WINDOWS\system32\svchost.exe[1272] USER32.dll!keybd_event 7E466783 5 Bytes JMP 10001550 C:\WINDOWS\system32\guard32.dll
    .text C:\WINDOWS\system32\svchost.exe[1272] GDI32.dll!BitBlt 77F16F79 5 Bytes JMP 10001860 C:\WINDOWS\system32\guard32.dll
    .text C:\WINDOWS\system32\svchost.exe[1272] GDI32.dll!CreateDCA 77F1B7D2 5 Bytes JMP 10001230 C:\WINDOWS\system32\guard32.dll
    .text C:\WINDOWS\system32\svchost.exe[1272] GDI32.dll!CreateDCW 77F1BE38 2 Bytes JMP 100013C0 C:\WINDOWS\system32\guard32.dll
    .text C:\WINDOWS\system32\svchost.exe[1272] GDI32.dll!CreateDCW + 3 77F1BE3B 2 Bytes [0E, 98] {PUSH CS; CWDE }
    .text C:\WINDOWS\system32\svchost.exe[1272] ole32.dll!CoCreateInstanceEx 77500526 5 Bytes JMP 10004960 C:\WINDOWS\system32\guard32.dll
    .text C:\WINDOWS\system32\svchost.exe[1272] ole32.dll!CoGetClassObject 775156C5 5 Bytes JMP 10004AD0 C:\WINDOWS\system32\guard32.dll
    .text C:\WINDOWS\system32\spoolsv.exe[1360] ntdll.dll!NtClose 7C90CFEE 5 Bytes JMP 10005060 C:\WINDOWS\system32\guard32.dll
    .text C:\WINDOWS\system32\spoolsv.exe[1360] ntdll.dll!LdrUnloadDll 7C91738B 5 Bytes JMP 10004F90 C:\WINDOWS\system32\guard32.dll
    .text C:\WINDOWS\system32\spoolsv.exe[1360] GDI32.dll!BitBlt 77F16F79 5 Bytes JMP 10001860 C:\WINDOWS\system32\guard32.dll
    .text C:\WINDOWS\system32\spoolsv.exe[1360] GDI32.dll!CreateDCA 77F1B7D2 5 Bytes JMP 10001230 C:\WINDOWS\system32\guard32.dll
    .text C:\WINDOWS\system32\spoolsv.exe[1360] GDI32.dll!CreateDCW 77F1BE38 2 Bytes JMP 100013C0 C:\WINDOWS\system32\guard32.dll
    .text C:\WINDOWS\system32\spoolsv.exe[1360] GDI32.dll!CreateDCW + 3 77F1BE3B 2 Bytes [0E, 98] {PUSH CS; CWDE }
    .text C:\WINDOWS\system32\spoolsv.exe[1360] USER32.dll!EndTask 7E45A0A5 5 Bytes JMP 10004C30 C:\WINDOWS\system32\guard32.dll
    .text C:\WINDOWS\system32\spoolsv.exe[1360] USER32.dll!mouse_event 7E46673F 5 Bytes JMP 100016D0 C:\WINDOWS\system32\guard32.dll
    .text C:\WINDOWS\system32\spoolsv.exe[1360] USER32.dll!keybd_event 7E466783 5 Bytes JMP 10001550 C:\WINDOWS\system32\guard32.dll
    .text C:\WINDOWS\system32\spoolsv.exe[1360] ole32.dll!CoCreateInstanceEx 77500526 5 Bytes JMP 10004960 C:\WINDOWS\system32\guard32.dll
    .text C:\WINDOWS\system32\spoolsv.exe[1360] ole32.dll!CoGetClassObject 775156C5 5 Bytes JMP 10004AD0 C:\WINDOWS\system32\guard32.dll
    .text D:\Program Files\Avira\AntiVir Desktop\sched.exe[1408] ntdll.dll!NtClose 7C90CFEE 5 Bytes JMP 10005060 C:\WINDOWS\system32\guard32.dll
    .text D:\Program Files\Avira\AntiVir Desktop\sched.exe[1408] ntdll.dll!LdrUnloadDll 7C91738B 5 Bytes JMP 10004F90 C:\WINDOWS\system32\guard32.dll
    .text D:\Program Files\Avira\AntiVir Desktop\sched.exe[1408] USER32.dll!EndTask 7E45A0A5 5 Bytes JMP 10004C30 C:\WINDOWS\system32\guard32.dll
    .text D:\Program Files\Avira\AntiVir Desktop\sched.exe[1408] USER32.dll!mouse_event 7E46673F 5 Bytes JMP 100016D0 C:\WINDOWS\system32\guard32.dll
    .text D:\Program Files\Avira\AntiVir Desktop\sched.exe[1408] USER32.dll!keybd_event 7E466783 5 Bytes JMP 10001550 C:\WINDOWS\system32\guard32.dll
    .text D:\Program Files\Avira\AntiVir Desktop\sched.exe[1408] GDI32.dll!BitBlt 77F16F79 5 Bytes JMP 10001860 C:\WINDOWS\system32\guard32.dll
    .text D:\Program Files\Avira\AntiVir Desktop\sched.exe[1408] GDI32.dll!CreateDCA 77F1B7D2 5 Bytes JMP 10001230 C:\WINDOWS\system32\guard32.dll
    .text D:\Program Files\Avira\AntiVir Desktop\sched.exe[1408] GDI32.dll!CreateDCW 77F1BE38 2 Bytes JMP 100013C0 C:\WINDOWS\system32\guard32.dll
    .text D:\Program Files\Avira\AntiVir Desktop\sched.exe[1408] GDI32.dll!CreateDCW + 3 77F1BE3B 2 Bytes [0E, 98] {PUSH CS; CWDE }
    .text D:\Program Files\Avira\AntiVir Desktop\sched.exe[1408] ole32.dll!CoCreateInstanceEx 77500526 5 Bytes JMP 10004960 C:\WINDOWS\system32\guard32.dll
    .text D:\Program Files\Avira\AntiVir Desktop\sched.exe[1408] ole32.dll!CoGetClassObject 775156C5 5 Bytes JMP 10004AD0 C:\WINDOWS\system32\guard32.dll
    .text C:\WINDOWS\system32\svchost.exe[1528] ntdll.dll!NtClose 7C90CFEE 5 Bytes JMP 10005060 C:\WINDOWS\system32\guard32.dll
    .text C:\WINDOWS\system32\svchost.exe[1528] ntdll.dll!LdrUnloadDll 7C91738B 5 Bytes JMP 10004F90 C:\WINDOWS\system32\guard32.dll
    .text C:\WINDOWS\system32\svchost.exe[1528] USER32.dll!EndTask 7E45A0A5 5 Bytes JMP 10004C30 C:\WINDOWS\system32\guard32.dll
    .text C:\WINDOWS\system32\svchost.exe[1528] USER32.dll!mouse_event 7E46673F 5 Bytes JMP 100016D0 C:\WINDOWS\system32\guard32.dll
    .text C:\WINDOWS\system32\svchost.exe[1528] USER32.dll!keybd_event 7E466783 5 Bytes JMP 10001550 C:\WINDOWS\system32\guard32.dll
    .text C:\WINDOWS\system32\svchost.exe[1528] GDI32.dll!BitBlt 77F16F79 5 Bytes JMP 10001860 C:\WINDOWS\system32\guard32.dll
    .text C:\WINDOWS\system32\svchost.exe[1528] GDI32.dll!CreateDCA 77F1B7D2 5 Bytes JMP 10001230 C:\WINDOWS\system32\guard32.dll
    .text C:\WINDOWS\system32\svchost.exe[1528] GDI32.dll!CreateDCW 77F1BE38 2 Bytes JMP 100013C0 C:\WINDOWS\system32\guard32.dll
    .text C:\WINDOWS\system32\svchost.exe[1528] GDI32.dll!CreateDCW + 3 77F1BE3B 2 Bytes [0E, 98] {PUSH CS; CWDE }
    .text C:\WINDOWS\system32\svchost.exe[1528] ole32.dll!CoCreateInstanceEx 77500526 5 Bytes JMP 10004960 C:\WINDOWS\system32\guard32.dll
    .text C:\WINDOWS\system32\svchost.exe[1528] ole32.dll!CoGetClassObject 775156C5 5 Bytes JMP 10004AD0 C:\WINDOWS\system32\guard32.dll
    .text C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe[1668] ntdll.dll!NtClose 7C90CFEE 5 Bytes JMP 00675060 C:\WINDOWS\system32\guard32.dll
    .text C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe[1668] ntdll.dll!LdrUnloadDll 7C91738B 5 Bytes JMP 00674F90 C:\WINDOWS\system32\guard32.dll
    .text C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe[1668] ole32.dll!CoCreateInstanceEx 77500526 5 Bytes JMP 00674960 C:\WINDOWS\system32\guard32.dll
    .text C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe[1668] ole32.dll!CoGetClassObject 775156C5 5 Bytes JMP 00674AD0 C:\WINDOWS\system32\guard32.dll
    .text C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe[1668] GDI32.dll!BitBlt 77F16F79 5 Bytes JMP 00671860 C:\WINDOWS\system32\guard32.dll
    .text C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe[1668] GDI32.dll!CreateDCA 77F1B7D2 5 Bytes JMP 00671230 C:\WINDOWS\system32\guard32.dll
    .text C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe[1668] GDI32.dll!CreateDCW 77F1BE38 2 Bytes JMP 006713C0 C:\WINDOWS\system32\guard32.dll
    .text C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe[1668] GDI32.dll!CreateDCW + 3 77F1BE3B 2 Bytes [75, 88] {JNZ 0xffffffffffffff8a}
    .text C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe[1668] USER32.dll!EndTask 7E45A0A5 5 Bytes JMP 00674C30 C:\WINDOWS\system32\guard32.dll
    .text C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe[1668] USER32.dll!mouse_event 7E46673F 5 Bytes JMP 006716D0 C:\WINDOWS\system32\guard32.dll
    .text C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe[1668] USER32.dll!keybd_event 7E466783 5 Bytes JMP 00671550 C:\WINDOWS\system32\guard32.dll
    .text D:\Program Files\Palomuuri\Comodo\Firewall\cmdagent.exe[1728] ntdll.dll!NtClose 7C90CFEE 5 Bytes JMP 10005060 C:\WINDOWS\system32\guard32.dll
    .text D:\Program Files\Palomuuri\Comodo\Firewall\cmdagent.exe[1728] ntdll.dll!LdrUnloadDll 7C91738B 5 Bytes JMP 10004F90 C:\WINDOWS\system32\guard32.dll
    .text D:\Program Files\Palomuuri\Comodo\Firewall\cmdagent.exe[1728] USER32.dll!EndTask 7E45A0A5 5 Bytes JMP 10004C30 C:\WINDOWS\system32\guard32.dll
    .text D:\Program Files\Palomuuri\Comodo\Firewall\cmdagent.exe[1728] USER32.dll!mouse_event 7E46673F 5 Bytes JMP 100016D0 C:\WINDOWS\system32\guard32.dll
    .text D:\Program Files\Palomuuri\Comodo\Firewall\cmdagent.exe[1728] USER32.dll!keybd_event 7E466783 5 Bytes JMP 10001550 C:\WINDOWS\system32\guard32.dll
    .text D:\Program Files\Palomuuri\Comodo\Firewall\cmdagent.exe[1728] GDI32.dll!BitBlt 77F16F79 5 Bytes JMP 10001860 C:\WINDOWS\system32\guard32.dll
    .text D:\Program Files\Palomuuri\Comodo\Firewall\cmdagent.exe[1728] GDI32.dll!CreateDCA 77F1B7D2 5 Bytes JMP 10001230 C:\WINDOWS\system32\guard32.dll
    .text D:\Program Files\Palomuuri\Comodo\Firewall\cmdagent.exe[1728] GDI32.dll!CreateDCW 77F1BE38 2 Bytes JMP 100013C0 C:\WINDOWS\system32\guard32.dll
    .text D:\Program Files\Palomuuri\Comodo\Firewall\cmdagent.exe[1728] GDI32.dll!CreateDCW + 3 77F1BE3B 2 Bytes [0E, 98] {PUSH CS; CWDE }
    .text D:\Program Files\Palomuuri\Comodo\Firewall\cmdagent.exe[1728] ole32.dll!CoCreateInstanceEx 77500526 5 Bytes JMP 10004960 C:\WINDOWS\system32\guard32.dll
    .text D:\Program Files\Palomuuri\Comodo\Firewall\cmdagent.exe[1728] ole32.dll!CoGetClassObject 775156C5 5 Bytes JMP 10004AD0 C:\WINDOWS\system32\guard32.dll
    .text D:\Program Files\Avira\AntiVir Desktop\avgnt.exe[1968] ntdll.dll!NtClose 7C90CFEE 5 Bytes JMP 10005060 C:\WINDOWS\system32\guard32.dll
    .text D:\Program Files\Avira\AntiVir Desktop\avgnt.exe[1968] ntdll.dll!LdrUnloadDll 7C91738B 5 Bytes JMP 10004F90 C:\WINDOWS\system32\guard32.dll
    .text D:\Program Files\Avira\AntiVir Desktop\avgnt.exe[1968] USER32.dll!EndTask 7E45A0A5 5 Bytes JMP 10004C30 C:\WINDOWS\system32\guard32.dll
    .text D:\Program Files\Avira\AntiVir Desktop\avgnt.exe[1968] USER32.dll!mouse_event 7E46673F 5 Bytes JMP 100016D0 C:\WINDOWS\system32\guard32.dll
    .text D:\Program Files\Avira\AntiVir Desktop\avgnt.exe[1968] USER32.dll!keybd_event 7E466783 5 Bytes JMP 10001550 C:\WINDOWS\system32\guard32.dll
    .text D:\Program Files\Avira\AntiVir Desktop\avgnt.exe[1968] GDI32.dll!BitBlt 77F16F79 5 Bytes JMP 10001860 C:\WINDOWS\system32\guard32.dll
    .text D:\Program Files\Avira\AntiVir Desktop\avgnt.exe[1968] GDI32.dll!CreateDCA 77F1B7D2 5 Bytes JMP 10001230 C:\WINDOWS\system32\guard32.dll
    .text D:\Program Files\Avira\AntiVir Desktop\avgnt.exe[1968] GDI32.dll!CreateDCW 77F1BE38 2 Bytes JMP 100013C0 C:\WINDOWS\system32\guard32.dll
    .text D:\Program Files\Avira\AntiVir Desktop\avgnt.exe[1968] GDI32.dll!CreateDCW + 3 77F1BE3B 2 Bytes [0E, 98] {PUSH CS; CWDE }
    .text D:\Program Files\Avira\AntiVir Desktop\avgnt.exe[1968] ole32.dll!CoCreateInstanceEx 77500526 5 Bytes JMP 10004960 C:\WINDOWS\system32\guard32.dll
    .text D:\Program Files\Avira\AntiVir Desktop\avgnt.exe[1968] ole32.dll!CoGetClassObject 775156C5 5 Bytes JMP 10004AD0 C:\WINDOWS\system32\guard32.dll
    .text C:\WINDOWS\System32\svchost.exe[2092] ntdll.dll!NtClose 7C90CFEE 5 Bytes JMP 10005060 C:\WINDOWS\system32\guard32.dll
    .text C:\WINDOWS\System32\svchost.exe[2092] ntdll.dll!LdrUnloadDll 7C91738B 5 Bytes JMP 10004F90 C:\WINDOWS\system32\guard32.dll
    .text C:\WINDOWS\System32\svchost.exe[2092] USER32.dll!EndTask 7E45A0A5 5 Bytes JMP 10004C30 C:\WINDOWS\system32\guard32.dll
    .text C:\WINDOWS\System32\svchost.exe[2092] USER32.dll!mouse_event 7E46673F 5 Bytes JMP 100016D0 C:\WINDOWS\system32\guard32.dll
    .text C:\WINDOWS\System32\svchost.exe[2092] USER32.dll!keybd_event 7E466783 5 Bytes JMP 10001550 C:\WINDOWS\system32\guard32.dll
    .text C:\WINDOWS\System32\svchost.exe[2092] GDI32.dll!BitBlt 77F16F79 5 Bytes JMP 10001860 C:\WINDOWS\system32\guard32.dll
    .text C:\WINDOWS\System32\svchost.exe[2092] GDI32.dll!CreateDCA 77F1B7D2 5 Bytes JMP 10001230 C:\WINDOWS\system32\guard32.dll
    .text C:\WINDOWS\System32\svchost.exe[2092] GDI32.dll!CreateDCW 77F1BE38 2 Bytes JMP 100013C0 C:\WINDOWS\system32\guard32.dll
    .text C:\WINDOWS\System32\svchost.exe[2092] GDI32.dll!CreateDCW + 3 77F1BE3B 2 Bytes [0E, 98] {PUSH CS; CWDE }
    .text C:\WINDOWS\System32\svchost.exe[2092] ole32.dll!CoCreateInstanceEx 77500526 5 Bytes JMP 10004960 C:\WINDOWS\system32\guard32.dll
    .text C:\WINDOWS\System32\svchost.exe[2092] ole32.dll!CoGetClassObject 775156C5 5 Bytes JMP 10004AD0 C:\WINDOWS\system32\guard32.dll
    .text C:\WINDOWS\system32\dllhost.exe[2204] ntdll.dll!NtClose 7C90CFEE 5 Bytes JMP 10005060 C:\WINDOWS\system32\guard32.dll
    .text C:\WINDOWS\system32\dllhost.exe[2204] ntdll.dll!LdrUnloadDll 7C91738B 5 Bytes JMP 10004F90 C:\WINDOWS\system32\guard32.dll
    .text C:\WINDOWS\system32\dllhost.exe[2204] ole32.dll!CoCreateInstanceEx 77500526 5 Bytes JMP 10004960 C:\WINDOWS\system32\guard32.dll
    .text C:\WINDOWS\system32\dllhost.exe[2204] ole32.dll!CoGetClassObject 775156C5 5 Bytes JMP 10004AD0 C:\WINDOWS\system32\guard32.dll
    .text C:\WINDOWS\system32\dllhost.exe[2204] GDI32.dll!BitBlt 77F16F79 5 Bytes JMP 10001860 C:\WINDOWS\system32\guard32.dll
    .text C:\WINDOWS\system32\dllhost.exe[2204] GDI32.dll!CreateDCA 77F1B7D2 5 Bytes JMP 10001230 C:\WINDOWS\system32\guard32.dll
    .text C:\WINDOWS\system32\dllhost.exe[2204] GDI32.dll!CreateDCW 77F1BE38 2 Bytes JMP 100013C0 C:\WINDOWS\system32\guard32.dll
    .text C:\WINDOWS\system32\dllhost.exe[2204] GDI32.dll!CreateDCW + 3 77F1BE3B 2 Bytes [0E, 98] {PUSH CS; CWDE }
    .text C:\WINDOWS\system32\dllhost.exe[2204] USER32.dll!EndTask 7E45A0A5 5 Bytes JMP 10004C30 C:\WINDOWS\system32\guard32.dll
    .text C:\WINDOWS\system32\dllhost.exe[2204] USER32.dll!mouse_event 7E46673F 5 Bytes JMP 100016D0 C:\WINDOWS\system32\guard32.dll
    .text C:\WINDOWS\system32\dllhost.exe[2204] USER32.dll!keybd_event 7E466783 5 Bytes JMP 10001550 C:\WINDOWS\system32\guard32.dll
    .text C:\WINDOWS\System32\alg.exe[2340] ntdll.dll!NtClose 7C90CFEE 5 Bytes JMP 10005060 C:\WINDOWS\system32\guard32.dll
    .text C:\WINDOWS\System32\alg.exe[2340] ntdll.dll!LdrUnloadDll 7C91738B 5 Bytes JMP 10004F90 C:\WINDOWS\system32\guard32.dll
    .text C:\WINDOWS\System32\alg.exe[2340] USER32.dll!EndTask 7E45A0A5 5 Bytes JMP 10004C30 C:\WINDOWS\system32\guard32.dll
    .text C:\WINDOWS\System32\alg.exe[2340] USER32.dll!mouse_event 7E46673F 5 Bytes JMP 100016D0 C:\WINDOWS\system32\guard32.dll
    .text C:\WINDOWS\System32\alg.exe[2340] USER32.dll!keybd_event 7E466783 5 Bytes JMP 10001550 C:\WINDOWS\system32\guard32.dll
    .text C:\WINDOWS\System32\alg.exe[2340] GDI32.dll!BitBlt 77F16F79 5 Bytes JMP 10001860 C:\WINDOWS\system32\guard32.dll
    .text C:\WINDOWS\System32\alg.exe[2340] GDI32.dll!CreateDCA 77F1B7D2 5 Bytes JMP 10001230 C:\WINDOWS\system32\guard32.dll
    .text C:\WINDOWS\System32\alg.exe[2340] GDI32.dll!CreateDCW 77F1BE38 2 Bytes JMP 100013C0 C:\WINDOWS\system32\guard32.dll
    .text C:\WINDOWS\System32\alg.exe[2340] GDI32.dll!CreateDCW + 3 77F1BE3B 2 Bytes [0E, 98] {PUSH CS; CWDE }
    .text C:\WINDOWS\System32\alg.exe[2340] ole32.dll!CoCreateInstanceEx 77500526 5 Bytes JMP 10004960 C:\WINDOWS\system32\guard32.dll
    .text C:\WINDOWS\System32\alg.exe[2340] ole32.dll!CoGetClassObject 775156C5 5 Bytes JMP 10004AD0 C:\WINDOWS\system32\guard32.dll

    ---- Kernel IAT/EAT - GMER 1.0.15 ----

    IAT \SystemRoot\system32\DRIVERS\ndiswan.sys[NDIS.SYS!NdisCloseAdapter] [B9E38710] inspect.sys (COMODO Firewall Pro Firewall Driver/COMODO)
    IAT \SystemRoot\system32\DRIVERS\ndiswan.sys[NDIS.SYS!NdisOpenAdapter] [B9E38770] inspect.sys (COMODO Firewall Pro Firewall Driver/COMODO)
    IAT \SystemRoot\system32\DRIVERS\ndiswan.sys[NDIS.SYS!NdisDeregisterProtocol] [B9E38990] inspect.sys (COMODO Firewall Pro Firewall Driver/COMODO)
    IAT \SystemRoot\system32\DRIVERS\ndiswan.sys[NDIS.SYS!NdisRegisterProtocol] [B9E38950] inspect.sys (COMODO Firewall Pro Firewall Driver/COMODO)
    IAT \SystemRoot\system32\DRIVERS\raspppoe.sys[NDIS.SYS!NdisRegisterProtocol] [B9E38950] inspect.sys (COMODO Firewall Pro Firewall Driver/COMODO)
    IAT \SystemRoot\system32\DRIVERS\raspppoe.sys[NDIS.SYS!NdisOpenAdapter] [B9E38770] inspect.sys (COMODO Firewall Pro Firewall Driver/COMODO)
    IAT \SystemRoot\system32\DRIVERS\raspppoe.sys[NDIS.SYS!NdisCloseAdapter] [B9E38710] inspect.sys (COMODO Firewall Pro Firewall Driver/COMODO)
    IAT \SystemRoot\system32\DRIVERS\raspppoe.sys[NDIS.SYS!NdisDeregisterProtocol] [B9E38990] inspect.sys (COMODO Firewall Pro Firewall Driver/COMODO)
    IAT \SystemRoot\system32\DRIVERS\psched.sys[NDIS.SYS!NdisDeregisterProtocol] [B9E38990] inspect.sys (COMODO Firewall Pro Firewall Driver/COMODO)
    IAT \SystemRoot\system32\DRIVERS\psched.sys[NDIS.SYS!NdisRegisterProtocol] [B9E38950] inspect.sys (COMODO Firewall Pro Firewall Driver/COMODO)
    IAT \SystemRoot\system32\DRIVERS\psched.sys[NDIS.SYS!NdisOpenAdapter] [B9E38770] inspect.sys (COMODO Firewall Pro Firewall Driver/COMODO)
    IAT \SystemRoot\system32\DRIVERS\psched.sys[NDIS.SYS!NdisCloseAdapter] [B9E38710] inspect.sys (COMODO Firewall Pro Firewall Driver/COMODO)
    IAT \SystemRoot\System32\Drivers\NDProxy.SYS[NDIS.SYS!NdisRegisterProtocol] [B9E38950] inspect.sys (COMODO Firewall Pro Firewall Driver/COMODO)
    IAT \SystemRoot\System32\Drivers\NDProxy.SYS[NDIS.SYS!NdisDeregisterProtocol] [B9E38990] inspect.sys (COMODO Firewall Pro Firewall Driver/COMODO)
    IAT \SystemRoot\System32\Drivers\NDProxy.SYS[NDIS.SYS!NdisCloseAdapter] [B9E38710] inspect.sys (COMODO Firewall Pro Firewall Driver/COMODO)
    IAT \SystemRoot\System32\Drivers\NDProxy.SYS[NDIS.SYS!NdisOpenAdapter] [B9E38770] inspect.sys (COMODO Firewall Pro Firewall Driver/COMODO)
    IAT \SystemRoot\system32\DRIVERS\tcpip.sys[NDIS.SYS!NdisCloseAdapter] [B9E38710] inspect.sys (COMODO Firewall Pro Firewall Driver/COMODO)
    IAT \SystemRoot\system32\DRIVERS\tcpip.sys[NDIS.SYS!NdisOpenAdapter] [B9E38770] inspect.sys (COMODO Firewall Pro Firewall Driver/COMODO)
    IAT \SystemRoot\system32\DRIVERS\tcpip.sys[NDIS.SYS!NdisRegisterProtocol] [B9E38950] inspect.sys (COMODO Firewall Pro Firewall Driver/COMODO)
    IAT \SystemRoot\system32\DRIVERS\wanarp.sys[NDIS.SYS!NdisDeregisterProtocol] [B9E38990] inspect.sys (COMODO Firewall Pro Firewall Driver/COMODO)
    IAT \SystemRoot\system32\DRIVERS\wanarp.sys[NDIS.SYS!NdisRegisterProtocol] [B9E38950] inspect.sys (COMODO Firewall Pro Firewall Driver/COMODO)
    IAT \SystemRoot\system32\DRIVERS\wanarp.sys[NDIS.SYS!NdisOpenAdapter] [B9E38770] inspect.sys (COMODO Firewall Pro Firewall Driver/COMODO)
    IAT \SystemRoot\system32\DRIVERS\wanarp.sys[NDIS.SYS!NdisCloseAdapter] [B9E38710] inspect.sys (COMODO Firewall Pro Firewall Driver/COMODO)

    ---- Devices - GMER 1.0.15 ----

    Device \Driver\Tcpip \Device\Ip fsdfw.sys (F-Secure Internet Shield Driver/F-Secure Corporation)

    AttachedDevice \Driver\Tcpip \Device\Ip cmdhlp.sys (COMODO Firewall Pro Helper Driver/COMODO)
    AttachedDevice \Driver\Kbdclass \Device\KeyboardClass0 SynTP.sys (Synaptics Touchpad Driver/Synaptics, Inc.)
    AttachedDevice \Driver\Kbdclass \Device\KeyboardClass1 SynTP.sys (Synaptics Touchpad Driver/Synaptics, Inc.)

    Device \Driver\Tcpip \Device\Tcp fsdfw.sys (F-Secure Internet Shield Driver/F-Secure Corporation)

    AttachedDevice \Driver\Tcpip \Device\Tcp cmdhlp.sys (COMODO Firewall Pro Helper Driver/COMODO)

    Device \Driver\Tcpip \Device\Udp fsdfw.sys (F-Secure Internet Shield Driver/F-Secure Corporation)

    AttachedDevice \Driver\Tcpip \Device\Udp cmdhlp.sys (COMODO Firewall Pro Helper Driver/COMODO)

    Device \Driver\Tcpip \Device\RawIp fsdfw.sys (F-Secure Internet Shield Driver/F-Secure Corporation)

    AttachedDevice \Driver\Tcpip \Device\RawIp cmdhlp.sys (COMODO Firewall Pro Helper Driver/COMODO)

    Device \Driver\Tcpip \Device\IPMULTICAST fsdfw.sys (F-Secure Internet Shield Driver/F-Secure Corporation)

    AttachedDevice \FileSystem\Fastfat \Fat fltmgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)

    ---- Registry - GMER 1.0.15 ----

    Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC
    Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@u0 0xD4 0xC3 0x97 0x02 ...
    Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0 0
    Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12 0x4C 0xC1 0x00 0x92 ...
    Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@p0 D:\Program Files\DAEMON Tools Lite\
    Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001
    Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@a0 0x20 0x01 0x00 0x00 ...
    Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@hdf12 0x41 0xA3 0xFC 0x3E ...
    Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0
    Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0@hdf12 0x4D 0x3A 0xAB 0x5D ...
    Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq1
    Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq1@hdf12 0x96 0x47 0xC5 0x35 ...
    Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC (not active ControlSet)
    Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@u0 0xD4 0xC3 0x97 0x02 ...
    Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0 0
    Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12 0x4C 0xC1 0x00 0x92 ...
    Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@p0 D:\Program Files\DAEMON Tools Lite\
    Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001 (not active ControlSet)
    Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@a0 0x20 0x01 0x00 0x00 ...
    Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@hdf12 0x41 0xA3 0xFC 0x3E ...
    Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0 (not active ControlSet)
    Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0@hdf12 0x4D 0x3A 0xAB 0x5D ...
    Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq1 (not active ControlSet)
    Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq1@hdf12 0x96 0x47 0xC5 0x35 ...

    ---- EOF - GMER 1.0.15 ----
     
  6. kalminen

    kalminen Regular member

    Liittynyt:
    04.05.2007
    Viestejä:
    3,915
    Kiitokset:
    0
    Pisteet:
    46
    .
    Kauanko sinulla riittää metsästys intoa ???

    Eka rivi kertoo, että raahaus onnistui =>

    Command switches used :: c:\documents and settings\Admin\Desktop\Logiohjelmat\CFScript.txt
    AV: AntiVir Desktop *On-access scanning disabled* (Updated) {AD166499-45F9-482A-A743-FDD3350758C7}
    AV: avast! Antivirus *On-access scanning enabled* (Outdated) {7591DB91-41F0-48A3-B128-1A293FD8233D}
    AV: F-Secure Internet Security 2010 10.00 *On-access scanning disabled* (Updated) {E7512ED5-4245-4B4D-AF3A-382D3F313F15}
    FW: COMODO Firewall Pro *enabled* {043803A3-4F86-4ef6-AFC5-F6E02A79969B}
    FW: F-Secure Internet Security 2010 10.00 *enabled* {D4747503-0346-49EB-9262-997542F79BF4}
    * Created a new restore point

    Niinkuin tuosta näkyy nyt samalla tuo sun virus ohjelmat
    pitää saattaa kuntoon periaatteella yksi virustuka ja yksi palo muuri.

    Pidätkö F-Securen vai luovutko siitä ???
    AntiVir on jo koneella OK ja on ihan hyvä.
    Comodon voi vaihtaa ilmaiseen niin sekin päivittyy.

    Ilmoittele vastauksesi, niin saat siihen vaikka ohjeita.

    ***************************************************************

    jos ei ole ennestään:

    * Lataa OTM by OldTimer.
    * Tallenna se työpöydällesi.
    * Tuplaklikkaa OTM.exe käynnistääksesi sen.
    * Kopioi (CTRL+C) alla olevasta laatikosta kaikki teksti.
    Koodi:
    :Processes
    explorer.exe
    :files 
    C:\DOCUME~1\Admin\LOCALS~1\Temp\awrcqkog.sys
    :Commands
    [purity]
    [emptytemp]
    [emptyflash]
    [start explorer]
    [Reboot]
    
    * Palaa takaisin OtmoveIt3, paina oikeanpuoleista hiiren nappia Paste Instructions for Items to be Move-ikkunassa (Keltaisen palkin alla) ja paina Liitä.
    * Paina punaista MoveIt! -nappia.
    * Kopioi (CTRL+C) ja liitä (CTRL+V) Results-ikkunaan (Vihreän palkin alla) tullut teksti seuraavaan viestiisi.
    * Sulje OTM.

    Jos jotain tiedostoa/kansiota ei voitu siirtää heti, ohjelma ehdottaa koneen uudelleenkäynnistystä. Vastaa ehdotukseen Yes, jolloin OtMoveIt käynnistää koneesi uudelleen.

    *********************************************************
    jos ei ole ennestään:

    Lataa SystemLook by. jpshortstuff TÄÄLTÄ. ja tallenna se työpöydälle.

    Tupla-klikkaa SystemLook.exe ajaaksesi sen.

    Kopioi(CTRL+C) alla olevasta laatikosta kaikki teksti, tekstialueeseen.

    Koodi:
    :regfind
    awrcqkog.sys
    awrcqkog
    
    :filefind 
    awrcqkog.sys
    awrcqkog.*
    
    Klikkaa nappulaa Look aloittaaksesi skannauksen.

    Kun skannaus on valmis avautuu muistio joka sisältää lokitiedot
    Klikkaa lokia hiiren oikealla painikkeella ja valitse "Valitse kaikki"
    Kopio ja liitä se seuraavaan viestiisi.
    (Loki löytyy myös työpöydältäsi nimellä SystemLook.txt)

    *******************************************************************

    Lähetä =>

    OTMoveIt logi.
    SystemLook.txt
    Uusi HJT logi
    :)
     
  7. Axu83

    Axu83 Member

    Liittynyt:
    19.11.2003
    Viestejä:
    30
    Kiitokset:
    0
    Pisteet:
    16
    Mulla on Avira, Comodo, SpyBot (Immunized) ja SpywareBlaster päällä (ja hosts päivitetty). Avast on uninstalloitu aikoja sitten, miten saisin rekisterimerkinnät pois? CCleaner ei auta.

    F-Secure on disabloitu, mutta ilmeisesti käynyt sama kuin äsken Comodolla, että palomuuri jäänyt päälle ennen sulkemista, eli täytyy avata se ja sallia kaikki liikenne.

    Haluaisin pitää nämä mitä nyt päällä + F-Secure disabloituna, varmuuden vuoksi, mutta jos sinulla on parempi ja ilmainen palomuuri tiedossa niin kerro ihmeessä. Nyt on tosin Defence+ päällä mikä varmaan auttaa jotain, mutta onko Comodo vanhentunut kun ei päivity enää?

    Zonealarmista hyviä kokemuksia, mutta se taas ei anna asenna itseään, kun F-Secure on asennettuna. Saisiko sitä kierrettyä mitenkään? Tai jos se muurin avaus auttaa siihen..

    Metsästysintoa riittää! Hienoa kun sinullakin :) Tässähän oppii kaikkea uutta, ja voi auttaa kavereita myös. Onko Combofix sellainen, mikä voi aiheuttaa vauriota? Muut ohjelmat turvallisia?

    All processes killed
    ========== PROCESSES ==========
    No active process named explorer.exe was found!
    ========== FILES ==========
    File/Folder C:\DOCUME~1\Admin\LOCALS~1\Temp\awrcqkog.sys not found.
    ========== COMMANDS ==========

    [EMPTYTEMP]

    User: Default User
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 0 bytes

    User: All Users

    User: NetworkService
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 67 bytes

    User: LocalService
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 32835 bytes
    ->Opera cache emptied: 0 bytes
    ->Flash cache emptied: 0 bytes

    User: Admin
    ->Temp folder emptied: 81920 bytes
    ->Temporary Internet Files folder emptied: 918365 bytes
    ->Java cache emptied: 0 bytes
    ->FireFox cache emptied: 36747756 bytes
    ->Opera cache emptied: 240 bytes
    ->Flash cache emptied: 3715 bytes

    User: Administrator
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 0 bytes

    %systemdrive% .tmp files removed: 0 bytes
    %systemroot% .tmp files removed: 0 bytes
    %systemroot%\System32 .tmp files removed: 0 bytes
    %systemroot%\System32\dllcache .tmp files removed: 0 bytes
    %systemroot%\System32\drivers .tmp files removed: 0 bytes
    Windows Temp folder emptied: 0 bytes
    %systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 0 bytes
    %systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 0 bytes
    RecycleBin emptied: 0 bytes

    Total Files Cleaned = 36,00 mb


    OTM by OldTimer - Version 3.1.16.1 log created on 09182010_173945

    Files moved on Reboot...
    C:\Documents and Settings\Admin\Local Settings\Temp\~DFFCB5.tmp moved successfully.

    Registry entries deleted on Reboot...

    LOPPU
    -
    -
    -
    -
    -

    SystemLook 04.09.10 by jpshortstuff
    Log created at 18:03 on 18/09/2010 by Admin
    Administrator - Elevation successful

    ========== regfind ==========

    Searching for "awrcqkog.sys"
    No data found.

    Searching for "awrcqkog"
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_AWRCQKOG]
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_AWRCQKOG\0000]
    "Service"="awrcqkog"
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_AWRCQKOG\0000]
    "DeviceDesc"="awrcqkog"
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Enum\Root\LEGACY_AWRCQKOG]
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Enum\Root\LEGACY_AWRCQKOG\0000]
    "Service"="awrcqkog"
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Enum\Root\LEGACY_AWRCQKOG\0000]
    "DeviceDesc"="awrcqkog"
    [HKEY_LOCAL_MACHINE\SYSTEM\Software\Comodo\Firewall Pro\Configurations\0\HIPS\Policy\0\Rules\1\Allowed\1]
    "Filename"="HKLM\SYSTEM\ControlSet001\Services\awrcqkog"
    [HKEY_LOCAL_MACHINE\SYSTEM\Software\Comodo\Firewall Pro\Configurations\0\HIPS\Policy\0\Rules\1\Allowed\1]
    "DeviceName"="HKLM\SYSTEM\ControlSet001\Services\awrcqkog"
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_AWRCQKOG]
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_AWRCQKOG\0000]
    "Service"="awrcqkog"
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_AWRCQKOG\0000]
    "DeviceDesc"="awrcqkog"

    ========== filefind ==========

    Searching for "awrcqkog.sys"
    No files found.

    Searching for "awrcqkog.*"
    No files found.

    -= EOF =-

    LOPPU
    -
    -
    -
    -
    -

    Logfile of Trend Micro HijackThis v2.0.4
    Scan saved at 18:08:18, on 18.9.2010
    Platform: Windows XP SP3 (WinNT 5.01.2600)
    MSIE: Internet Explorer v8.00 (8.00.6001.18702)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    D:\Program Files\Avira\AntiVir Desktop\avguard.exe
    D:\Program Files\Avira\AntiVir Desktop\avshadow.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\system32\spoolsv.exe
    D:\Program Files\Avira\AntiVir Desktop\sched.exe
    D:\Program Files\Palomuuri\Comodo\Firewall\cmdagent.exe
    C:\WINDOWS\System32\svchost.exe
    D:\Program Files\Palomuuri\Comodo\Firewall\cfp.exe
    D:\Program Files\Avira\AntiVir Desktop\avgnt.exe
    D:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\dllhost.exe
    D:\Program Files\Mobile Partner\Mobile Partner.exe
    D:\Program Files\Opera\opera.exe
    D:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.fi/
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
    O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
    O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - D:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O2 - BHO: LitmusBHO - {C6867EB7-8350-4856-877F-93CF8AE3DC9C} - C:\Program Files\F-Secure Internet Security\NRS\iescript\baselitmus.dll
    O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
    O3 - Toolbar: Browsing Protection Toolbar - {265EEE8E-3228-44D3-AEA5-F7FDF5860049} - C:\Program Files\F-Secure Internet Security\NRS\iescript\baselitmus.dll
    O4 - HKLM\..\Run: [CtrlVol] "C:\Program Files\Launch Manager\CtrlVol.exe"
    O4 - HKLM\..\Run: [ePowerManagement] C:\Acer\ePM\ePM.exe boot
    O4 - HKLM\..\Run: [COMODO Firewall Pro] "D:\Program Files\Palomuuri\Comodo\Firewall\cfp.exe" -h
    O4 - HKLM\..\Run: [avgnt] "D:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min
    O4 - HKLM\..\Run: [SpybotSnD] "D:\Program Files\Spybot - Search & Destroy\SpybotSD.exe"
    O4 - HKCU\..\Run: [Mobile Partner] "D:\Program Files\Mobile Partner\Mobile Partner.exe"
    O4 - HKCU\..\Run: [SpybotSD TeaTimer] D:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
    O4 - HKUS\S-1-5-21-3845734143-1002380211-3227636783-1005\..\Run: [Mobile Partner] "D:\Program Files\Mobile Partner\Mobile Partner.exe" (User '?')
    O4 - HKUS\S-1-5-21-3845734143-1002380211-3227636783-1005\..\Run: [SpybotSD TeaTimer] D:\Program Files\Spybot - Search & Destroy\TeaTimer.exe (User '?')
    O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User '?')
    O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
    O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\WINDOWS\system32\GPhotos.scr/200
    O8 - Extra context menu item: Vie Microsoft E&xceliin - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
    O9 - Extra button: Oheistiedot - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
    O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - D:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - D:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O14 - IERESET.INF: START_PAGE_URL=http://www.soneraplaza.fi
    O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/mic...ls/en/x86/client/muweb_site.cab?1257426773234
    O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - http://fpdownload2.macromedia.com/get/flashplayer/current/swflash.cab
    O17 - HKLM\System\CCS\Services\Tcpip\..\{117DD082-98E2-4B81-806F-972E32D209DC}: NameServer = 62.241.198.246 62.241.198.245
    O17 - HKLM\System\CS1\Services\Tcpip\..\{117DD082-98E2-4B81-806F-972E32D209DC}: NameServer = 62.241.198.246 62.241.198.245
    O20 - AppInit_DLLs: C:\WINDOWS\system32\guard32.dll
    O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
    O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
    O23 - Service: Notebook Manager Service (anbmService) - OSA Technologies Inc. - C:\Acer\eManager\anbmServ.exe
    O23 - Service: Avira AntiVir Scheduler (AntiVirSchedulerService) - Avira GmbH - D:\Program Files\Avira\AntiVir Desktop\sched.exe
    O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - D:\Program Files\Avira\AntiVir Desktop\avguard.exe
    O23 - Service: Canon Camera Access Library 8 (CCALib8) - Canon Inc. - C:\Program Files\Canon\CAL\CALMAIN.exe
    O23 - Service: COMODO Firewall Pro Helper Service (cmdAgent) - Unknown owner - D:\Program Files\Palomuuri\Comodo\Firewall\cmdagent.exe
    O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe

    --
    End of file - 6249 bytes
     
  8. kalminen

    kalminen Regular member

    Liittynyt:
    04.05.2007
    Viestejä:
    3,915
    Kiitokset:
    0
    Pisteet:
    46
    .
    SRI kun ei jaksais selittää ja kinata jokaiselle samaa asiaa.
    - Tietokone vuotaa viruksia niinkuin sun koneesi on tehnyt
    Silloinkun Virusohjelmat on sekaisin ja siksi haluaisin
    laittaa ne kuntoon nyt ettei tarviis jatkuvasti viruksia siivota.

    Mitä enemmän virusohjelmia käynnissä sitä huonompi suoja

    Siellä on nyt AntiViirin lisäksi käynnissä =>

    O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - D:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O2 - BHO: LitmusBHO - {C6867EB7-8350-4856-877F-93CF8AE3DC9C} - C:\Program Files\F-Secure Internet Security\NRS\iescript\baselitmus.dll
    O3 - Toolbar: Browsing Protection Toolbar - {265EEE8E-3228-44D3-AEA5-F7FDF5860049} - C:\Program Files\F-Secure Internet Security\NRS\iescript\baselitmus.dll

    Antivir tekee kaiken tuon, mutta sulla on kolminkertainen ohjelmisto niitä hoitamassa.

    Muista käyttää vain yhtä palomuuria kerrallaan.

    On vahvasti suositeltua että käytät vain yhtä anti-virusta kerrallaan. Pitämällä enempää kuin yhtä anti-virus softaa
    aktiivisena muistissa käyttää liikaa koneen resursseja ja voi johtaa vääriin hälytyksiin sekä ohjelmien välisiin konflikteihin.
    Jos välttämättä haluat asentaa useamman kuin yhden anti-virus ohjelman koneellesi, vain yhden niistä pitää olla aktiivisena
    suojaamassa.


    ------------------------------------------------------

    Nuo rekisterissä olevat viimeiset RootKitin jämät ovat
    LECASY avaimissa ja eivätkä lähde CCleanerilla.
    Niihin tarvitaan erikois työkalut.
    :)
     
  9. Axu83

    Axu83 Member

    Liittynyt:
    19.11.2003
    Viestejä:
    30
    Kiitokset:
    0
    Pisteet:
    16
    Poistin SpyBotin ja F-Securen, otin rekisteröintikoodin talteen, saa varmaan uusiksi laitettua jos tarvii? Ei onnistunu ilman tota sun uninstall-työkalua.

    Eli nyt on käytössä:

    Windows XP SP3 (uusimmat päivitykset)
    Avira
    Comodo (onko tämä riittävä, vai vaihdanko ZoneAlarmiin tms?)
    SpywareBlaster
    Hosts-tiedosto
    CCleaner
    Iobit Advanced Systemcare

    Logfile of Trend Micro HijackThis v2.0.4
    Scan saved at 20:40:36, on 19.9.2010
    Platform: Windows XP SP3 (WinNT 5.01.2600)
    MSIE: Internet Explorer v8.00 (8.00.6001.18702)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    D:\Program Files\Avira\AntiVir Desktop\avguard.exe
    D:\Program Files\Avira\AntiVir Desktop\avshadow.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    D:\Program Files\Avira\AntiVir Desktop\sched.exe
    C:\WINDOWS\Explorer.EXE
    D:\Program Files\Palomuuri\Comodo\Firewall\cmdagent.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\msiexec.exe
    D:\Program Files\Palomuuri\Comodo\Firewall\cfp.exe
    D:\Program Files\Avira\AntiVir Desktop\avgnt.exe
    D:\Program Files\Mobile Partner\Mobile Partner.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\WINDOWS\system32\wuauclt.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\dllhost.exe
    D:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.fi/
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = proxy.dial.inet.fi:800
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.fi;*.*.fi;*.*.*.fi;<local>
    O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
    O2 - BHO: LitmusBHO - {C6867EB7-8350-4856-877F-93CF8AE3DC9C} - (no file)
    O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
    O3 - Toolbar: (no name) - {265EEE8E-3228-44D3-AEA5-F7FDF5860049} - (no file)
    O4 - HKLM\..\Run: [CtrlVol] "C:\Program Files\Launch Manager\CtrlVol.exe"
    O4 - HKLM\..\Run: [ePowerManagement] C:\Acer\ePM\ePM.exe boot
    O4 - HKLM\..\Run: [COMODO Firewall Pro] "D:\Program Files\Palomuuri\Comodo\Firewall\cfp.exe" -h
    O4 - HKLM\..\Run: [avgnt] "D:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min
    O4 - HKLM\..\Run: [ConnectionCenter] "C:\Program Files\Citrix\ICA Client\concentr.exe" /startup
    O4 - HKCU\..\Run: [Mobile Partner] "D:\Program Files\Mobile Partner\Mobile Partner.exe"
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKUS\S-1-5-21-3845734143-1002380211-3227636783-1005\..\Run: [Mobile Partner] "D:\Program Files\Mobile Partner\Mobile Partner.exe" (User '?')
    O4 - HKUS\S-1-5-21-3845734143-1002380211-3227636783-1005\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe (User '?')
    O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User '?')
    O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
    O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\WINDOWS\system32\GPhotos.scr/200
    O8 - Extra context menu item: Vie Microsoft E&xceliin - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
    O9 - Extra button: Oheistiedot - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
    O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O14 - IERESET.INF: START_PAGE_URL=http://www.soneraplaza.fi
    O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/mic...ls/en/x86/client/muweb_site.cab?1257426773234
    O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - http://fpdownload2.macromedia.com/get/flashplayer/current/swflash.cab
    O20 - AppInit_DLLs: C:\WINDOWS\system32\guard32.dll
    O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
    O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
    O23 - Service: Notebook Manager Service (anbmService) - OSA Technologies Inc. - C:\Acer\eManager\anbmServ.exe
    O23 - Service: Avira AntiVir Scheduler (AntiVirSchedulerService) - Avira GmbH - D:\Program Files\Avira\AntiVir Desktop\sched.exe
    O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - D:\Program Files\Avira\AntiVir Desktop\avguard.exe
    O23 - Service: Canon Camera Access Library 8 (CCALib8) - Canon Inc. - C:\Program Files\Canon\CAL\CALMAIN.exe
    O23 - Service: COMODO Firewall Pro Helper Service (cmdAgent) - Unknown owner - D:\Program Files\Palomuuri\Comodo\Firewall\cmdagent.exe
    O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe

    --
    End of file - 5667 bytes

    Näyttää aika hyvältä?? :)
     
    Viimeksi muokattu: 19.09.2010
  10. kalminen

    kalminen Regular member

    Liittynyt:
    04.05.2007
    Viestejä:
    3,915
    Kiitokset:
    0
    Pisteet:
    46
    .
    Kyllä tämä tästä ollaan jo voiton puolella !!!

    SpyBot voi olla koneella,mutta sen TeaTimer sammutettuna.
    Sillä voi scannailla silloinkun haluaa kuvakkeesta, mutta
    StartUppiin ei auta laittaa.

    Comodo ja ZoneAlarmi ovat molemmat oikeen hyviä !!!

    Ymmärsin ettei tämä COMODO Firewall Pro (kaupallinen)
    ei päivity joten sen voit vaihtaa jonpaan kunpaan em... muuriin. (FreeWare)

    Nämä on OK =>
    SpywareBlasteri
    Hosts-tiedosto

    Iobit sattaa vahingoittaa winukan rekisteriä ???

    -----------------------------------------------------------------------------

    Lataa netistä Avastin UnInstalleri: TÄÄLTÄ
    tallenna se työpöydälle ja käynnistä se.

    -------------------------------------------------------------------

    Ota ensin Windowssin rekisteristä näin varmuuskopio:

    XP =>
    Alapalkista > Käynnistä > Suorita -> Kirjoita regedit -> paina OK.

    Klikkaa hiirellä omatietokone rivi aktiiviseksi.
    Sitten Tiedosto -> Vie. Kirjoita sille Rekisteri Tiedoston nimi ja
    Tallennus Kohde sarakkeeseen valitset (C:) juureen. Vientialueeseen "täppi" kohtaan kaikki.
    Klikkaat nappia Tallenna.
    Poistu Regeditistä.

    --------------------------------------------------------

    * Lataa RegASSASSIN työpöydällesi.
    * Tupla-klikkaa RegASSASSIN.exe'ä käynnistääksesi sen.
    * Ruxit annat olla molemmissa kohdissa.
    * Kopioi ja liitä seuraava rivi alapuolelta valkoiseen laatikkoon.

    Koodi:
    HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_AWRCQKOG
    * Klikkaa Delete -nappia.
    * Vastaa YES jokaiseen kysymykseen.
    Poista myös seuraavat avaimet samalla tavalla.
    Koodi:
    HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Enum\Root\LEGACY_AWRCQKOG
    HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_AWRCQKOG
    --------------------------------------------------------------------------------

    Kyllä se Comodokin on vaurioitunut:

    Avaa Muistio ja kopioi/liitä Lainaus: laatikon sisältö sinne:

    Koodi:
    Driver::
    awrcqkog
    
    Registry::
    [HKEY_LOCAL_MACHINE\SYSTEM\Software\Comodo\Firewall Pro\Configurations\0\HIPS\Policy\0\Rules\1\Allowed\1]
    "Filename"=-
    [HKEY_LOCAL_MACHINE\SYSTEM\Software\Comodo\Firewall Pro\Configurations\0\HIPS\Policy\0\Rules\1\Allowed\1]
    "DeviceName"=-
    
    
    Tallenna nimellä CFScript (itse asiassa combofix tunnistaa tuon vaikka tiedostopääte ei olisi
    edes .txt).

    * Sulje/ota pois päältä kaikki virustorjunta- ja haittaohjelmien poisto-ohjelmat, jotta ne eivät häiritse ComboFixin ajoa.
    * Ei palomuuria.

    Sitten raahaa ja pudota CFScript ComboFix.exeen kuten alla.(Älä klikkaa)

    [​IMG]

    Huom! Älä klikkaile combofixin ikkunaa käytön aikana. Tämä saattaa aiheuttaa ohjelman jumiutumisen.
    Käynnistä kone uudelleen, jos niin pyydetään ja lähetä combofix.txt-tiedoston sisältö tänne.

    ----------------------------------------------------------------

    Nämä voit HJT:llä Fixiä pois =>
    O2 - BHO: LitmusBHO - {C6867EB7-8350-4856-877F-93CF8AE3DC9C} - (no file)
    O3 - Toolbar: (no name) - {265EEE8E-3228-44D3-AEA5-F7FDF5860049} - (no file)


    Lähetä =>
    (C:\ComboFix.txt)
    Onnistuiko ???
    :)
     
  11. Axu83

    Axu83 Member

    Liittynyt:
    19.11.2003
    Viestejä:
    30
    Kiitokset:
    0
    Pisteet:
    16
    Hyvin onnistui! Mulla ei ollut enää Avastia koneella, pelkästään rekisterissä, joten poistin haun avulla kaikki avast-tulokset sieltä regeditillä. Tein noi kaikki muutkin "askeleet", ja poistin vanhan Comodon ja asensin uuden. Kiitos vihjeestä! Luotin download.fi sivustoon, että Pro olisi ainoa Comodon palomuuri.

    Tämä uusi Comodo Firewall tuntuu yhtä kevyeltä kuin vanha Pro, ja Avira + Comodo -yhdistelmä on todella paljon kevyempi kuin F-Secure 2010! Ei edes läppärin tuuletin huuda enää surffaillessa :) Comodo ja Zonealarm vaikuttaa tähän mennessä yhtä kevyiltä, Comodo kyselee vaan paljon enemmän.

    Täytyypä käyttää harkiten tuota Iobittia, asensin sen vain Defragia varten, Windowsin oma eheytys ei toimi jostain syystä? Ei tapahdu mitään kun painaa eheytä-nappia. Huomasin, että Iobit tekee samaa jos kone ei ole verkkovirrassa, ja sellainen asetuskin löytyi Iobitin Smart Defrag ohjelmasta (virransäästöominaisuus tms)

    Vielä pari kysymystä:

    1) Onko googlen kuvahaku vaarallinen? Sitä tulee käytettyä päivittäin.
    2) Kumpi on turvallisempi, Opera vai Firefox? Molemmista uusin versio asennettuna, ja SpywareBlaster taitaa suojata vain Firefoxia?
    3) Musiikki ei soi hyvin youtubesta tai edes winapista, ääni särkee ja pätkii (kuulokkeilla, kaiuttimilla jne). Päivitin AC97 -ajurit, mutta ei muutosta. Integroitu äänikortti tai äänen ulostulo rikki?

    ComboFix 10-09-16.07 - Admin 20.09.2010 19:51:46.4.1 - FAT32x86
    Running from: c:\documents and settings\Admin\Desktop\Logiohjelmat\ComboFix.exe
    Command switches used :: c:\documents and settings\Admin\Desktop\Logiohjelmat\CFScript.txt
    AV: AntiVir Desktop *On-access scanning disabled* (Updated) {AD166499-45F9-482A-A743-FDD3350758C7}
    FW: COMODO Firewall Pro *enabled* {043803A3-4F86-4ef6-AFC5-F6E02A79969B}
    * Created a new restore point
    .

    ((((((((((((((((((((((((( Files Created from 2010-08-20 to 2010-09-20 )))))))))))))))))))))))))))))))
    .

    2010-09-20 16:42 . 2010-09-20 16:43 76388260 ----a-w- C:\rekisteri_uusi_avast_poistettu.reg
    2010-09-20 16:27 . 2010-09-20 16:28 76545904 ----a-w- C:\rekisteri_20_9_2010.reg
    2010-09-20 12:12 . 2010-09-20 12:12 -------- d-----w- c:\windows\LastGood
    2010-09-20 12:12 . 2010-09-20 12:12 -------- d-----w- c:\program files\Realtek AC97
    2010-09-18 15:47 . 2010-09-18 15:47 -------- d-----w- c:\documents and settings\Admin\Application Data\IObit
    2010-09-18 14:39 . 2010-09-18 14:39 -------- d-----w- C:\_OTM
    2010-09-16 21:41 . 2010-09-16 21:41 -------- d-----w- c:\documents and settings\Admin\Application Data\Avira
    2010-09-16 21:31 . 2010-03-01 07:05 124784 ----a-w- c:\windows\system32\drivers\avipbb.sys
    2010-09-16 21:31 . 2010-02-16 11:24 60936 ----a-w- c:\windows\system32\drivers\avgntflt.sys
    2010-09-16 21:31 . 2009-05-11 09:49 45416 ----a-w- c:\windows\system32\drivers\avgntdd.sys
    2010-09-16 21:31 . 2009-05-11 09:49 22360 ----a-w- c:\windows\system32\drivers\avgntmgr.sys
    2010-09-16 21:31 . 2010-09-16 21:31 -------- d-----w- c:\documents and settings\All Users\Application Data\Avira
    2010-09-16 19:45 . 2010-09-16 19:45 -------- d-----w- c:\documents and settings\All Users\Application Data\TEMP
    2010-09-15 23:36 . 2010-09-15 23:36 -------- d-----w- c:\documents and settings\Admin\Application Data\Malwarebytes
    2010-09-15 23:34 . 2010-04-29 12:39 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
    2010-09-15 23:34 . 2010-09-15 23:34 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
    2010-09-15 23:34 . 2010-04-29 12:39 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
    2010-09-14 10:50 . 2010-09-14 10:50 388096 ----a-r- c:\documents and settings\Admin\Application Data\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
    2010-09-12 18:06 . 2010-09-12 18:06 -------- d-----w- c:\windows\Internet Logs
    2010-09-08 11:21 . 2010-09-08 11:21 -------- d-sh--w- c:\documents and settings\NetworkService\IETldCache
    2010-09-07 22:52 . 2010-06-24 12:21 743424 ------w- c:\windows\system32\dllcache\iedvtool.dll
    2010-09-07 22:40 . 2010-06-14 14:31 744448 ------w- c:\windows\system32\dllcache\helpsvc.exe
    2010-09-03 14:13 . 2010-09-03 14:13 1266056 ----a-w- c:\temp\WindowsXP-KB927891-v3-x86-ENU.exe
    2010-09-03 14:12 . 2010-09-03 14:12 3038 ----a-w- c:\temp\fix_svchost.bat
    2010-09-03 14:12 . 2010-09-03 14:12 6216032 ----a-w- c:\temp\windowsupdateagent30-x86.exe
    2010-09-02 11:41 . 2010-09-02 11:41 -------- d-----w- c:\documents and settings\LocalService\Local Settings\Application Data\Opera
    2010-09-02 11:37 . 2010-09-02 11:37 -------- d--h--w- c:\documents and settings\All Users\Application Data\ActiveSMART
    2010-09-01 12:26 . 2010-09-01 12:26 -------- d-----w- c:\documents and settings\All Users\Application Data\Comodo Downloader

    .
    (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2010-09-18 15:10 . 2005-12-20 10:03 45280 ----a-w- c:\documents and settings\Admin\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
    2010-08-30 10:41 . 2010-08-30 10:41 16 ----a-w- c:\documents and settings\NetworkService\Application Data\hngmfc.dat
    2010-06-30 12:31 . 1979-12-31 21:00 149504 ----a-w- c:\windows\system32\schannel.dll
    2010-06-24 12:22 . 1979-12-31 21:00 916480 ----a-w- c:\windows\system32\wininet.dll
    2010-06-23 13:44 . 1979-12-31 21:00 1851904 ------w- c:\windows\system32\win32k.sys
    2009-08-14 10:33 . 2009-08-14 10:33 652640 ----a-w- c:\program files\mozilla firefox\plugins\sslsdk_b.dll
    2009-09-12 20:05 . 2009-09-12 20:05 124240 ----a-w- c:\program files\mozilla firefox\plugins\CCMSDK.dll
    2009-09-12 20:06 . 2009-09-12 20:06 40280 ----a-w- c:\program files\mozilla firefox\plugins\icalogon.dll
    2009-09-12 20:06 . 2009-09-12 20:06 31064 ----a-w- c:\program files\mozilla firefox\plugins\icafile.dll
    2009-09-12 20:07 . 2009-09-12 20:07 255312 ----a-w- c:\program files\mozilla firefox\plugins\ctxmui.dll
    2009-09-12 20:06 . 2009-09-12 20:06 22360 ----a-w- c:\program files\mozilla firefox\plugins\ctxlogging.dll
    2009-09-12 20:06 . 2009-09-12 20:06 91480 ----a-w- c:\program files\mozilla firefox\plugins\confmgr.dll
    2009-09-12 20:06 . 2009-09-12 20:06 13136 ----a-w- c:\program files\mozilla firefox\plugins\cgpcfg.dll
    2009-09-12 20:06 . 2009-09-12 20:06 23896 ----a-w- c:\program files\mozilla firefox\plugins\TcpPServ.dll
    2009-09-12 20:06 . 2009-09-12 20:06 70488 ----a-w- c:\program files\mozilla firefox\plugins\CgpCore.dll
    .

    ------- Sigcheck -------

    [-] 2008-06-20 . AD978A1B783B5719720CFF204B666C8E . 361600 . . [5.1.2600.5625] . . c:\windows\$hf_mig$\KB951748\SP3QFE\tcpip.sys
    [-] 2008-06-20 . 9AEFA14BD6B182D61E3119FA5F436D3D . 361600 . . [5.1.2600.5625] . . c:\windows\system32\drivers\tcpip.sys
    [-] 2008-06-20 . 9AEFA14BD6B182D61E3119FA5F436D3D . 361600 . . [5.1.2600.5625] . . c:\windows\system32\dllcache\tcpip.sys
    [-] 2008-06-20 . 9AEFA14BD6B182D61E3119FA5F436D3D . 361600 . . [5.1.2600.5625] . . c:\windows\$hf_mig$\KB951748\SP3GDR\tcpip.sys
    [-] 2008-06-20 . 2A5554FC5B1E04E131230E3CE035C3F9 . 360320 . . [5.1.2600.3394] . . c:\windows\$NtServicePackUninstall$\tcpip.sys
    [-] 2008-06-20 . 744E57C99232201AE98C49168B918F48 . 360960 . . [5.1.2600.3394] . . c:\windows\$hf_mig$\KB951748\SP2QFE\tcpip.sys
    [7] 2008-04-13 . 93EA8D04EC73A85DB02EB8805988F733 . 361344 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\tcpip.sys
    [-] 2007-10-30 . 64798ECFA43D78C7178375FCDD16D8C8 . 360832 . . [5.1.2600.3244] . . c:\windows\$hf_mig$\KB941644\SP2QFE\tcpip.sys
    [-] 2006-04-20 . B2220C618B42A2212A59D91EBD6FC4B4 . 360576 . . [5.1.2600.2892] . . c:\windows\$hf_mig$\KB917953\SP2QFE\tcpip.sys
    [-] 2006-01-13 . 5562CC0A47B2AEF06D3417B733F3C195 . 360448 . . [5.1.2600.2827] . . c:\windows\$hf_mig$\KB913446\SP2QFE\tcpip.sys
    [-] 2005-05-25 . 63FDFEA54EB53DE2D863EE454937CE1E . 359936 . . [5.1.2600.2685] . . c:\windows\$hf_mig$\KB893066\SP2QFE\tcpip.sys

    [-] 2009-02-09 . 6B27A5C03DFB94B4245739065431322C . 401408 . . [5.1.2600.5755] . . c:\windows\system32\rpcss.dll
    [-] 2009-02-09 . 6B27A5C03DFB94B4245739065431322C . 401408 . . [5.1.2600.5755] . . c:\windows\system32\dllcache\rpcss.dll
    [-] 2009-02-09 . 6B27A5C03DFB94B4245739065431322C . 401408 . . [5.1.2600.5755] . . c:\windows\$hf_mig$\KB956572\SP3GDR\rpcss.dll
    [-] 2009-02-09 . 9222562D44021B988B9F9F62207FB6F2 . 401408 . . [5.1.2600.5755] . . c:\windows\$hf_mig$\KB956572\SP3QFE\rpcss.dll
    [-] 2009-02-09 . 01095FEBF33BEEA00C2A0730B9B3EC28 . 399360 . . [5.1.2600.3520] . . c:\windows\$NtServicePackUninstall$\rpcss.dll
    [-] 2009-02-09 . 24B5D53B9ACCC1E2EDCF0A878D6659D4 . 401408 . . [5.1.2600.3520] . . c:\windows\$hf_mig$\KB956572\SP2QFE\rpcss.dll
    [7] 2008-04-13 . 2589FE6015A316C0F5D5112B4DA7B509 . 399360 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\rpcss.dll
    [-] 2005-07-26 . C369DF215D352B6F3A0B8C3469AA34F8 . 398336 . . [5.1.2600.2726] . . c:\windows\$hf_mig$\KB902400\SP2QFE\rpcss.dll
    [-] 2005-04-28 . DA383FB39A6F1C445F3AFC94B3EB1248 . 396288 . . [5.1.2600.2665] . . c:\windows\$hf_mig$\KB894391\SP2QFE\rpcss.dll

    [-] 2009-02-06 . 37561F8D4160D62DA86D24AE41FAE8DE . 110592 . . [5.1.2600.3520] . . c:\windows\$NtServicePackUninstall$\services.exe
    [-] 2009-02-06 . 65DF52F5B8B6E9BBD183505225C37315 . 110592 . . [5.1.2600.5755] . . c:\windows\system32\services.exe
    [-] 2009-02-06 . 65DF52F5B8B6E9BBD183505225C37315 . 110592 . . [5.1.2600.5755] . . c:\windows\system32\dllcache\services.exe
    [-] 2009-02-06 . 65DF52F5B8B6E9BBD183505225C37315 . 110592 . . [5.1.2600.5755] . . c:\windows\$hf_mig$\KB956572\SP3GDR\services.exe
    [-] 2009-02-06 . 020CEAAEDC8EB655B6506B8C70D53BB6 . 110592 . . [5.1.2600.5755] . . c:\windows\$hf_mig$\KB956572\SP3QFE\services.exe
    [-] 2009-02-06 . 4712531AB7A01B7EE059853CA17D39BD . 110592 . . [5.1.2600.3520] . . c:\windows\$hf_mig$\KB956572\SP2QFE\services.exe
    [7] 2008-04-13 . 0E776ED5F7CC9F94299E70461B7B8185 . 108544 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\services.exe

    [-] 2008-07-07 19:32 . 60D1A6342238378BFB7545C81EE3606C . 253952 . . [2001.12.4414.320] . . c:\windows\$NtServicePackUninstall$\es.dll
    [-] 2008-07-07 19:26 . D4991D98F2DB73C60D042F1AEF79EFAE . 253952 . . [2001.12.4414.706] . . c:\windows\system32\es.dll
    [-] 2008-07-07 19:26 . D4991D98F2DB73C60D042F1AEF79EFAE . 253952 . . [2001.12.4414.706] . . c:\windows\system32\dllcache\es.dll
    [-] 2008-07-07 19:26 . D4991D98F2DB73C60D042F1AEF79EFAE . 253952 . . [2001.12.4414.706] . . c:\windows\$hf_mig$\KB950974\SP3GDR\es.dll
    [-] 2008-07-07 19:23 . F17F6226BDC0CD5F0BEF0DAF84D29BEC . 253952 . . [2001.12.4414.706] . . c:\windows\$hf_mig$\KB950974\SP3QFE\es.dll
    [-] 2008-07-07 19:06 . A4AB3DCA4A383F0DF4988ABDEB84F9A4 . 253952 . . [2001.12.4414.320] . . c:\windows\$hf_mig$\KB950974\SP2QFE\es.dll
    [7] 2008-04-13 23:11 . 19A799805B24990867B00C120D300C3A . 246272 . . [2001.12.4414.701] . . c:\windows\ServicePackFiles\i386\es.dll
    [-] 2005-07-26 03:20 . 95F5FEA4C6DE2C3F28784D0DCC8F0DD3 . 243200 . . [2001.12.4414.308] . . c:\windows\$hf_mig$\KB902400\SP2QFE\es.dll

    [-] 2009-03-21 . B6ACAED7588295129791E0E6A2B0FADE . 986112 . . [5.1.2600.3541] . . c:\windows\$NtServicePackUninstall$\kernel32.dll
    [-] 2009-03-21 . B921FB870C9AC0D509B2CCABBBBE95F3 . 989696 . . [5.1.2600.5781] . . c:\windows\system32\kernel32.dll
    [-] 2009-03-21 . B921FB870C9AC0D509B2CCABBBBE95F3 . 989696 . . [5.1.2600.5781] . . c:\windows\system32\dllcache\kernel32.dll
    [-] 2009-03-21 . B921FB870C9AC0D509B2CCABBBBE95F3 . 989696 . . [5.1.2600.5781] . . c:\windows\$hf_mig$\KB959426\SP3GDR\kernel32.dll
    [-] 2009-03-21 . DA11D9D6ECBDF0F93436A4B7C13F7BEC . 991744 . . [5.1.2600.5781] . . c:\windows\$hf_mig$\KB959426\SP3QFE\kernel32.dll
    [-] 2009-03-21 . 80202858D245FF07DAA1739C57A3E19B . 989184 . . [5.1.2600.3541] . . c:\windows\$hf_mig$\KB959426\SP2QFE\kernel32.dll
    [7] 2008-04-13 . C24B983D211C34DA8FCC1AC38477971D . 989696 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\kernel32.dll
    [-] 2007-04-16 . 09F7CB3687F86EDAA4CA081F7AB66C03 . 986112 . . [5.1.2600.3119] . . c:\windows\$hf_mig$\KB935839\SP2QFE\kernel32.dll
    [-] 2006-07-05 . 0FDD84928A5DDE2510761B7EC76CCEC9 . 985088 . . [5.1.2600.2945] . . c:\windows\$hf_mig$\KB917422\SP2QFE\kernel32.dll

    [-] 2008-06-20 . 832E4DD8964AB7ACC880B2837CB1ED20 . 245248 . . [5.1.2600.5625] . . c:\windows\system32\mswsock.dll
    [-] 2008-06-20 . 832E4DD8964AB7ACC880B2837CB1ED20 . 245248 . . [5.1.2600.5625] . . c:\windows\system32\dllcache\mswsock.dll
    [-] 2008-06-20 . 832E4DD8964AB7ACC880B2837CB1ED20 . 245248 . . [5.1.2600.5625] . . c:\windows\$hf_mig$\KB951748\SP3GDR\mswsock.dll
    [-] 2008-06-20 . FCEE5FCB99F7C724593365C706D28388 . 245248 . . [5.1.2600.5625] . . c:\windows\$hf_mig$\KB951748\SP3QFE\mswsock.dll
    [-] 2008-06-20 . 097722F235A1FB698BF9234E01B52637 . 245248 . . [5.1.2600.3394] . . c:\windows\$NtServicePackUninstall$\mswsock.dll
    [-] 2008-06-20 . 1DFCA7713EA5A70D5D93B436AEA0317A . 245248 . . [5.1.2600.3394] . . c:\windows\$hf_mig$\KB951748\SP2QFE\mswsock.dll
    [7] 2008-04-13 . B4138E99236F0F57D4CF49BAE98A0746 . 245248 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\mswsock.dll

    [-] 2005-01-28 10:44 . 140EF97B64F560FD78643CAE2CDAD838 . 25088 . . [10.0.3790.3802] . . c:\windows\system32\MsPMSNSv.dll
    [-] 2005-01-28 10:44 . 140EF97B64F560FD78643CAE2CDAD838 . 25088 . . [10.0.3790.3802] . . c:\windows\system32\dllcache\mspmsnsv.dll
    [-] 2005-01-28 10:44 . 140EF97B64F560FD78643CAE2CDAD838 . 25088 . . [10.0.3790.3802] . . c:\windows\RegisteredPackages\{30C7234B-6482-4A55-A11D-ECD9030313F2}\MsPMSNSv.dll
    [7] 2004-08-04 02:00 . C086483E3DBA8C1C0A687EC8D5B3D4C1 . 52224 . . [9.0.1.56] . . c:\windows\RegisteredPackages\{30C7234B-6482-4A55-A11D-ECD9030313F2}$BACKUP$\System\MsPMSNSv.dll
    .
    ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* empty entries & legit default entries are not shown
    REGEDIT4

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "Mobile Partner"="d:\program files\Mobile Partner\Mobile Partner.exe" [2008-01-29 110592]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "CtrlVol"="c:\program files\Launch Manager\CtrlVol.exe" [2003-09-16 20480]
    "ePowerManagement"="c:\acer\ePM\ePM.exe" [2005-03-15 2893824]
    "COMODO Firewall Pro"="d:\program files\Palomuuri\Comodo\Firewall\cfp.exe" [2010-04-15 1655552]
    "avgnt"="d:\program files\Avira\AntiVir Desktop\avgnt.exe" [2010-03-02 282792]
    "ConnectionCenter"="c:\program files\Citrix\ICA Client\concentr.exe" [2009-09-12 103768]
    "SoundMan"="SOUNDMAN.EXE" [2007-04-16 577536]

    [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
    "CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-13 15360]

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
    "AppInit_DLLs"=c:\windows\system32\guard32.dll

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
    2009-09-04 09:08 935288 ----a-r- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
    2009-10-03 01:08 35696 ----a-w- d:\program files\Adobe\Reader\reader_sl.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\epm-dm]
    2005-06-01 11:17 192512 ----a-w- c:\acer\ePM\epm-dm.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\eRecoveryService]
    2005-06-29 14:26 352256 ----a-w- c:\program files\acer\eRecovery\Monitor.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HotKeysCmds]
    2005-01-23 07:31 126976 ------w- c:\windows\system32\hkcmd.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IgfxTray]
    2005-01-23 07:36 155648 ------w- c:\windows\system32\igfxtray.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IMJPMIG8.1]
    2004-08-04 02:00 208952 ----a-w- c:\windows\ime\imjp8_1\imjpmig.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LaunchAp]
    2005-07-25 10:36 32768 ----a-w- c:\program files\Launch Manager\LaunchAp.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LManager]
    2005-06-06 08:52 69632 ----a-w- c:\program files\Launch Manager\HotkeyApp.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LMgrOSD]
    2005-07-25 07:45 241664 ----a-w- c:\program files\Launch Manager\OSDCtrl.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PowerKey]
    2002-08-30 12:02 94208 ----a-w- c:\program files\Launch Manager\Powerkey.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SoundMan]
    2007-04-16 12:28 577536 ----a-w- c:\windows\soundman.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
    2009-10-11 01:17 149280 ----a-w- c:\program files\Java\jre6\bin\jusched.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SynTPEnh]
    2005-02-04 08:11 708698 ----a-w- c:\program files\Synaptics\SynTP\SynTPEnh.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SynTPLpr]
    2005-02-04 08:12 102490 ----a-w- c:\program files\Synaptics\SynTP\SynTPLpr.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Wbutton]
    2005-07-25 10:34 81920 ----a-w- c:\program files\Launch Manager\WButton.exe

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
    "%windir%\\system32\\sessmgr.exe"=
    "c:\\Program Files\\Messenger\\MSMSGS.EXE"=
    "%windir%\\Network Diagnostic\\xpnetdiag.exe"=
    "c:\\Program Files\\DC++\\DCPlusPlus.exe"=
    "d:\\Program Files\\Opera\\opera.exe"=
    "d:\\Program Files\\BitTorrent\\bittorrent.exe"=

    R1 mailKmd;mailKmd; [x]
    R3 POWERKEY;POWERKEY;c:\program files\Launch Manager\POWERKEY.sys [2000-12-19 2343]
    R4 sptd;sptd;c:\windows\system32\Drivers\sptd.sys [2009-11-29 691696]
    S1 cmdGuard;COMODO Firewall Pro Sandbox Driver;c:\windows\system32\DRIVERS\cmdguard.sys [2010-04-15 87056]
    S1 cmdHlp;COMODO Firewall Pro Helper Driver;c:\windows\system32\DRIVERS\cmdhlp.sys [2010-04-15 24208]
    S1 ctxusbm;Citrix USB Monitor Driver;c:\windows\system32\DRIVERS\ctxusbm.sys [2009-09-08 65584]
    S2 AntiVirSchedulerService;Avira AntiVir Scheduler;d:\program files\Avira\AntiVir Desktop\sched.exe [2010-02-24 135336]


    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
    getPlusHelper REG_MULTI_SZ getPlusHelper
    .
    Contents of the 'Scheduled Tasks' folder

    2010-09-19 c:\windows\Tasks\SmartDefrag.job
    - d:\program files\IObit\IObit SmartDefrag\IObit SmartDefrag.exe [2010-09-18 15:08]
    .
    .
    ------- Supplementary Scan -------
    .
    uStart Page = hxxp://www.google.fi/
    IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
    IE: Vie Microsoft E&xceliin - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
    Trusted Zone: microsoft.com\www.update
    FF - ProfilePath - c:\documents and settings\Admin\Application Data\Mozilla\Firefox\Profiles\k8adl0js.default\
    FF - plugin: c:\program files\Mozilla Firefox\plugins\np-mswmp.dll
    FF - plugin: c:\program files\Mozilla Firefox\plugins\npicaN.dll
    FF - plugin: d:\program files\Adobe\Reader\browser\nppdf32.dll
    FF - plugin: d:\program files\Opera\program\plugins\npdsplay.dll
    FF - plugin: d:\program files\Opera\program\plugins\npwmsdrm.dll
    FF - plugin: d:\program files\Picasa3\npPicasa3.dll
    FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

    ---- FIREFOX POLICIES ----
    c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbaam7a8h", true);
    c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true);
    c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled", false);
    .
    - - - - ORPHANS REMOVED - - - -

    MSConfigStartUp-F-Secure Manager - c:\program files\F-Secure Internet Security\Common\FSM32.EXE
    MSConfigStartUp-F-Secure TNB - c:\program files\F-Secure Internet Security\FSGUI\TNBUtil.exe
    MSConfigStartUp-News Service - c:\program files\F-Secure Internet Security\FSGUI\ispnews.exe
    AddRemove-CNXT_MODEM_PCI_VEN_8086&DEV_266D&SUBSYS_006A1025 - c:\program files\CONEXANT\CNXT_MODEM_PCI_VEN_8086&DEV_266D&SUBSYS_006A1025\HXFSETUP.EXE



    **************************************************************************

    catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2010-09-20 20:01
    Windows 5.1.2600 Service Pack 3 FAT NTAPI

    detected NTDLL code modification:
    ZwClose

    scanning hidden processes ...

    scanning hidden autostart entries ...

    scanning hidden files ...

    scan completed successfully
    hidden files: 0

    **************************************************************************
    .
    --------------------- LOCKED REGISTRY KEYS ---------------------

    [HKEY_USERS\S-1-5-21-3845734143-1002380211-3227636783-1005\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*]
    "??"=hex:77,3d,25,f7,65,81,ed,6d,17,1b,13,58,01,7e,b0,9a,38,5a,c5,21,64,f5,71,
    be,03,7d,f8,f4,10,20,ed,21,b5,d0,5c,70,e1,e5,65,03,e3,76,0f,d4,a3,31,4a,08,\
    "??"=hex:50,7c,a2,1e,10,75,48,ba,d8,91,db,8e,f1,c0,17,b8
    .
    --------------------- DLLs Loaded Under Running Processes ---------------------

    - - - - - - - > 'winlogon.exe'(556)
    c:\windows\system32\guard32.dll
    c:\windows\system32\igfxsrvc.dll
    c:\windows\system32\hccutils.DLL

    - - - - - - - > 'lsass.exe'(612)
    c:\windows\system32\guard32.dll

    - - - - - - - > 'explorer.exe'(1512)
    c:\windows\system32\WININET.dll
    c:\windows\system32\ieframe.dll
    c:\windows\system32\webcheck.dll
    .
    Completion time: 2010-09-20 20:05:47
    ComboFix-quarantined-files.txt 2010-09-20 17:05

    Pre-Run: 2 893 119 488 bytes free
    Post-Run: 2 928 148 480 bytes free

    - - End Of File - - 37C58139AEF8CC30761B2C327CBF30E2


    LOPPU

    -
    -
    -
    -

    Logfile of Trend Micro HijackThis v2.0.4
    Scan saved at 21:04:31, on 20.9.2010
    Platform: Windows XP SP3 (WinNT 5.01.2600)
    MSIE: Internet Explorer v8.00 (8.00.6001.18702)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    D:\Program Files\Avira\AntiVir Desktop\avguard.exe
    D:\Program Files\Avira\AntiVir Desktop\avshadow.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\System32\svchost.exe
    D:\Program Files\Avira\AntiVir Desktop\avgnt.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\SOUNDMAN.EXE
    D:\Program Files\Avira\AntiVir Desktop\sched.exe
    C:\WINDOWS\system32\dllhost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\DOCUME~1\Admin\LOCALS~1\Temp\RtkBtMnt.EXE
    D:\Program Files\COMODO\COMODO\COMODO Internet Security\cfp.exe
    C:\WINDOWS\System32\svchost.exe
    D:\Program Files\COMODO\COMODO\COMODO Internet Security\cmdagent.exe
    D:\Program Files\Mobile Partner\Mobile Partner.exe
    C:\WINDOWS\system32\wuauclt.exe
    D:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.fi/
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = proxy.dial.inet.fi:800
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.fi;*.*.fi;*.*.*.fi;<local>
    O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
    O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
    O4 - HKLM\..\Run: [CtrlVol] "C:\Program Files\Launch Manager\CtrlVol.exe"
    O4 - HKLM\..\Run: [ePowerManagement] C:\Acer\ePM\ePM.exe boot
    O4 - HKLM\..\Run: [avgnt] "D:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min
    O4 - HKLM\..\Run: [ConnectionCenter] "C:\Program Files\Citrix\ICA Client\concentr.exe" /startup
    O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
    O4 - HKLM\..\Run: [COMODO Internet Security] "D:\Program Files\COMODO\COMODO\COMODO Internet Security\cfp.exe" -h
    O4 - HKCU\..\Run: [Mobile Partner] "D:\Program Files\Mobile Partner\Mobile Partner.exe"
    O4 - HKUS\S-1-5-21-3845734143-1002380211-3227636783-1005\..\Run: [Mobile Partner] "D:\Program Files\Mobile Partner\Mobile Partner.exe" (User '?')
    O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User '?')
    O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
    O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\WINDOWS\system32\GPhotos.scr/200
    O8 - Extra context menu item: Vie Microsoft E&xceliin - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
    O9 - Extra button: Oheistiedot - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
    O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O14 - IERESET.INF: START_PAGE_URL=http://www.soneraplaza.fi
    O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/mic...ls/en/x86/client/muweb_site.cab?1257426773234
    O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - http://fpdownload2.macromedia.com/get/flashplayer/current/swflash.cab
    O17 - HKLM\System\CCS\Services\Tcpip\..\{117DD082-98E2-4B81-806F-972E32D209DC}: NameServer = 62.241.198.245 62.241.198.246
    O17 - HKLM\System\CS1\Services\Tcpip\..\{117DD082-98E2-4B81-806F-972E32D209DC}: NameServer = 62.241.198.245 62.241.198.246
    O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
    O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
    O23 - Service: Notebook Manager Service (anbmService) - OSA Technologies Inc. - C:\Acer\eManager\anbmServ.exe
    O23 - Service: Avira AntiVir Scheduler (AntiVirSchedulerService) - Avira GmbH - D:\Program Files\Avira\AntiVir Desktop\sched.exe
    O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - D:\Program Files\Avira\AntiVir Desktop\avguard.exe
    O23 - Service: Canon Camera Access Library 8 (CCALib8) - Canon Inc. - C:\Program Files\Canon\CAL\CALMAIN.exe
    O23 - Service: COMODO Internet Security Helper Service (cmdAgent) - COMODO - D:\Program Files\COMODO\COMODO\COMODO Internet Security\cmdagent.exe
    O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe

    --
    End of file - 5630 bytes
     
  12. kalminen

    kalminen Regular member

    Liittynyt:
    04.05.2007
    Viestejä:
    3,915
    Kiitokset:
    0
    Pisteet:
    46
    .
    Huomenta !!!

    Disabloitko uudesta Comodosta virustutkan, että jäi
    vain palomuuri käyttöön. Comodo ja Zone kyselee aluksi
    lupia, mutta hiljenevät opiskeluvaiheen jälkeen.

    --------------------------------------------------------------

    1) Onko googlen kuvahaku vaarallinen? Sitä tulee käytettyä päivittäin.

    - Ei se sen vaarallisempi ole, kuin mikään netissä oleva kuva tiedosto.
    JPG ja GIF:iin voidaan piilottaa haittakoodia. Esiintyy yleensä
    Sähköpostin liitteissä. Harvemmin Art clip Libraaryissä.

    ---------------------------------------------------------------

    2) Kumpi on turvallisempi, Opera vai Firefox? Molemmista uusin versio asennettuna,
    ja SpywareBlaster taitaa suojata vain Firefoxia?

    - Oopperaa en tunne. Itellä käytössä FF, IE ja Chrome.
    FF on hyvä jos jaksaa ja osaa säätää sitä.
    Viimeisin testi väittää Goolen Chromea parhaimmaksi.
    (makukysymys) hiiren vasemmalla napilla ne pöpöt tulee.

    --------------------------------------------------------------

    - HOST tiedoston merkitys on hiljalleen hiipumassa.

    Ennakkovaroitin WOT haitallisille nettisivuille menoa estämään.

    WOT => TUTUSTU

    tuo varoittaa surffaajaa astumasta "Pask..n" HI
    Tehoja se ei ole koneestani ottanut kuinkaan, eikä sen olemassaoloa huomaa
    muulloin kuin yrittäessä klikata vikapaikaan.

    -------------------------------------------------------------

    3) Musiikki ei soi hyvin youtubesta tai edes winapista.

    - Riittääkö mokkulan ja koneen tehot edes sellaiseen.
    Risan äänikortin voi korvata uudella (20€) tai
    USBiin tökättävällä äänikortilla.

    ************************************************************************

    Kirjoita windowsin käynnistävalikon suorita-kenttään Combofix /uninstall paina OK

    ********************************************************

    Käynnistä Malwarebytes Sieltä Karanteeni välileti ja tyhjennä roskat.

    **********************************************************

    Seuraavaksi poistamme kaikki käytetyt työkalut roskineen.

    * TuplaklikkaaOTM.exe.
    * Klikkaa CleanUp!.
    * Valitse Yes kun kysytään "Begin cleanup Process?".
    * Jos pyydetään, että saako koneen käynnistää uudeelleen, valitse Yes.
    * OTMoveIt poistaa itsensä kun se on valmis, jos näin ei käy poista se itse.

    * Poista kaikki muutkin käytetyt työkalut koneelta.
    Jos joskus niitä tarvitaan ne on silloin jo vanhentuneita.

    ----------------------------------------------------------------------------

    Tässä pieni ohje, kuinka pienennetään koneen saastumisriskiä ;)

    -> Tyhjennä järjestelmänpalautus -> Ohjeet Windows ME - XP
    Ohjeet Windows Vista
    Tyhjennä järjestelmänpalautuskansio ja luo uusi palautuspiste. Tämä puhdistaa palautuskansion mahdollisista haittaohjelmajäännöksistä.

    -> Käytä CCleaneria -> CCleaner
    Lataa ja asenna CCleaner. Puhdista väliaikaistiedostot ja -kansiot ohjelmalla säännöllisesti. Ohjelman saa suomenkieliseksi.

    -> Käytä Malwarebytes' Anti-Malwarea -> Malwarebytes' Anti-Malware
    Lataa ja asenna Malwarebytes' Anti-Malware. Päivitä se ja skannaa konettasi sillä säännöllisesti. Ohjelman saa suomenkieliseksi.

    -> Asenna SpywareBlaster -> SpywareBlaster
    SpywareBlaster estää haittaohjelmia asentumasta koneellesi. Ei kuluta muistia!
    Opas saatavilla suomeksi! Nimimerkki Ad-Awaren opas

    -> Asenna MVPS Hosts tiedosto -> MVPS Hosts
    Estää koneesi yhteyden haitallisiin sivustoihin. Ei kuluta muistia!
    Opas saatavilla suomeksi! Nimimerkki Axelin opas

    -> Vaihda selaimesi Firefoxiin -> Firefox
    Firefox on nopeampi, turvallisempi ja parempi selain kuin Internet Explorer.

    -> Pidä järjestelmäsi ajantasalla. -> Windows Update
    Vieraile Windows Updatessa säännöllisesti.

    -> Pidä palomuuri ja virustorjunta ajantasalla
    Päivitä ja skannaa koneesi säännöllisesti virustorjuntaohjelmallasi.

    -> Käytä Windows Vistassa/7:ssa normaalia käyttäjätiliä
    Nekon suomenkielinen ohje Käytä päivittäisessä käytössä normaalia käyttäjätiliä

    -> Käytä Windows Vistassa/7:ssa UAC:ta
    Nekon suomenkielinen ohje Muuta käyttäjätilien valvonnan (UAC) asetuksia

    -> Nopeuta tietokonettasi -> Nopeuta tietokonetta -opas
    Tietokoneen hidastuminen voi johtua monesta asiasta, mutta yleisesti Keskusmuistin määrästä, Automaattisesti käynnistyvien ohjelmien määrästä, liiallisesta suojauksesta, ylimääräisten tiedostojen poistamattomuudesta taikka levyn pirtoutuneisuudesta. Nekon ohjeista löytyvät helpot ohjeet koneesi kuntoutukseen.

    Pysy puhtaana ;)
    :)
     
  13. Axu83

    Axu83 Member

    Liittynyt:
    19.11.2003
    Viestejä:
    30
    Kiitokset:
    0
    Pisteet:
    16
    Uudessa Comodossa mulla on asetuksina Firewall: Safe mode ja Defence+: Safe mode. Sandbox on disabled, samoin Internet Security ja Proactive Security eivät ole käytössä, eli pelkkä Firewall Security vaan käytössä. Tätä ilmeisesti tarkoitit? En löytänyt erillistä virustutkaa sieltä..

    Suuret kiitokset!! Noi kaikki punaiset kohdat lopussa olenkin jo tehnyt viimeistään tän viikon aikana. Ongelmana oli varmaan tuo vanhentunut Comodo, joka sekin on nyt kunnossa, ja aion skannailla kerran kuussa Anti-Malwarella, CCleanerin ajan päivittäin (pakkomielle :) Kyllä toimii kone IHAN eri tavalla kuin ennen tätä ketjua, prossun kuormitus idlenä selain päällä on sen 0-20% kun ennen saattoi olla ilman mitään ohjelmia 100% rasitus. Ja silloinkin olin jo karsinut ylimääräiset prosessit taustalta, eli koneessa tosiaan oli viruksia ja ne tekivät koneesta käyttökelvottoman.

    Äänihomma vaivaa enää ainoastaan, kone on Acer Aspire 3610, Intel Celeron 1.5GHz, 2GB keskusmuistia (alunperin 512MB, uudet kammatkaan eivät vaikuttaneet vikaan, epäilin aluksi muisteja..), kovo 80GB (eheytetty ja tilaa vapaana nyt reilusti) ja Win XP SP3.

    Tuo äänen pätkiminen/rätinä on todella mysteeri, huomasin että ennen se rätisi kun prossun kuormitus kasvoi taskmanagerissa, prossun kuorma meni sykäyksittäin kuin pulssi, nopeasti alas ja ylös. Se johtui varmaankin haittaohjelmista, mutta ääni rätisee vieläkin, tosin vähemmän, vaikka kone on puhdas ja kaikki optimoitu. Asensin äänipiirin ajuritkin uudestaan (AC'97). DirectX vielä uusiksi mutta sitten loppuu keinot, täytyy varmaan kokeilla sitä USB-äänikorttia? Ei tule muuta kuin rautavika enää mieleen.

    Vielä kerran kiitoksia! Palaan luultavasti vielä asiaan tuon äitin koneen tiimoilta, sitä on nyt puhdistettu, eheytetty ja osioitu uudelleen, mutta täytyy käydä sekin vielä kunnolla läpi kun aikaa löytyy :)
     
  14. kalminen

    kalminen Regular member

    Liittynyt:
    04.05.2007
    Viestejä:
    3,915
    Kiitokset:
    0
    Pisteet:
    46
    .
    Kuulostaa ihan hyvältä !!!
    Ääniä lukuunottamatta.
    Palaillaan.
    :)
     

Jaa tämä sivu