RootKit epäily koneella!

.
Uutta raahausta ja logia =>

Avaa Muistio ja kopioi/liitä Lainaus: laatikon sisältö sinne:

Koodi:

File::
C:\Documents and Settings\Admin\Local Settings\Temp\awrcqkog.sys

Tallenna nimellä CFScript (itse asiassa combofix tunnistaa tuon vaikka tiedostopääte ei olisi
edes .txt).

* Sulje/ota pois päältä kaikki virustorjunta- ja haittaohjelmien poisto-ohjelmat, jotta ne eivät häiritse ComboFixin ajoa.

Sitten raahaa ja pudota CFScript ComboFix.exeen kuten alla.(Älä klikkaa)



Huom! Älä klikkaile combofixin ikkunaa käytön aikana. Tämä saattaa aiheuttaa ohjelman jumiutumisen.
Käynnistä kone uudelleen, jos niin pyydetään ja lähetä combofix.txt-tiedoston sisältö tänne.

(C:\ComboFix.txt)

Uusi ajo GMERillä ja logi=>

 

En ole varma tekikö Combofix mitään, käynnistyi kyllä mutta oli tosi nopea, ei tullut reboottia tai logia. Nyt oli tosin hälyohjelmat pois päältä.

Tässä gmer-logi:

GMER 1.0.15.15281 - http://www.gmer.net
Rootkit scan 2010-09-18 13:51:30
Windows 5.1.2600 Service Pack 3
Running: gmer.exe; Driver: C:\DOCUME~1\Admin\LOCALS~1\Temp\awrcqkog.sys


---- System - GMER 1.0.15 ----

SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Firewall Pro Sandbox Driver/COMODO) ZwAdjustPrivilegesToken [0xA7B4DC8C]
SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Firewall Pro Sandbox Driver/COMODO) ZwConnectPort [0xA7B4D3C4]
SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Firewall Pro Sandbox Driver/COMODO) ZwCreateFile [0xA7B4D8A0]
SSDT BA71329E ZwCreateKey
SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Firewall Pro Sandbox Driver/COMODO) ZwCreatePort [0xA7B4D080]
SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Firewall Pro Sandbox Driver/COMODO) ZwCreateSection [0xA7B4F084]
SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Firewall Pro Sandbox Driver/COMODO) ZwCreateSymbolicLinkObject [0xA7B4DE72]
SSDT BA713294 ZwCreateThread
SSDT BA7132A3 ZwDeleteKey
SSDT BA7132AD ZwDeleteValueKey
SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Firewall Pro Sandbox Driver/COMODO) ZwDuplicateObject [0xA7B4CB02]
SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Firewall Pro Sandbox Driver/COMODO) ZwLoadDriver [0xA7B4ED24]
SSDT BA7132B2 ZwLoadKey
SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Firewall Pro Sandbox Driver/COMODO) ZwOpenFile [0xA7B4DAB0]
SSDT BA713280 ZwOpenProcess
SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Firewall Pro Sandbox Driver/COMODO) ZwOpenSection [0xA7B4D744]
SSDT BA713285 ZwOpenThread
SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Firewall Pro Sandbox Driver/COMODO) ZwRenameKey [0xA7B4E7F2]
SSDT BA7132BC ZwReplaceKey
SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Firewall Pro Sandbox Driver/COMODO) ZwRequestWaitReplyPort [0xA7B4D196]
SSDT BA7132B7 ZwRestoreKey
SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Firewall Pro Sandbox Driver/COMODO) ZwSecureConnectPort [0xA7B4EAE6]
SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Firewall Pro Sandbox Driver/COMODO) ZwSetSystemInformation [0xA7B4EEC4]
SSDT BA7132A8 ZwSetValueKey
SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Firewall Pro Sandbox Driver/COMODO) ZwShutdownSystem [0xA7B4D5D2]
SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Firewall Pro Sandbox Driver/COMODO) ZwSystemDebugControl [0xA7B4D638]
SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Firewall Pro Sandbox Driver/COMODO) ZwTerminateProcess [0xA7B4CF4A]
SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Firewall Pro Sandbox Driver/COMODO) ZwTerminateThread [0xA7B4CE18]

Code fsdfw.sys (F-Secure Internet Shield Driver/F-Secure Corporation) IoCreateDevice

---- Kernel code sections - GMER 1.0.15 ----

.text ntkrnlpa.exe!ZwCallbackReturn + 26CC 80501F04 4 Bytes JMP CBECA7B4
PAGE ntkrnlpa.exe!IoCreateDevice 8056AB48 5 Bytes JMP B9E02FFA fsdfw.sys (F-Secure Internet Shield Driver/F-Secure Corporation)
PAGENPNP NDIS.SYS!NdisRegisterProtocol B9E1217F 5 Bytes JMP B9E02E0C fsdfw.sys (F-Secure Internet Shield Driver/F-Secure Corporation)
PAGENPNP NDIS.SYS!NdisOpenAdapter B9E12399 5 Bytes JMP B9E03394 fsdfw.sys (F-Secure Internet Shield Driver/F-Secure Corporation)
PAGENPNP NDIS.SYS!NdisCloseAdapter B9E1C642 5 Bytes JMP B9E02F18 fsdfw.sys (F-Secure Internet Shield Driver/F-Secure Corporation)
PAGENPNP NDIS.SYS!NdisDeregisterProtocol B9E1C821 5 Bytes JMP B9E031B0 fsdfw.sys (F-Secure Internet Shield Driver/F-Secure Corporation)
PAGENDSP NDIS.SYS!NdisReturnPackets B9E1F810 5 Bytes JMP B9E03C0C fsdfw.sys (F-Secure Internet Shield Driver/F-Secure Corporation)
PAGENDSP NDIS.SYS!NdisRequest B9E1F97B 5 Bytes JMP B9E035AC fsdfw.sys (F-Secure Internet Shield Driver/F-Secure Corporation)
PAGENDSP NDIS.SYS!NdisSend B9E22986 5 Bytes JMP B9E0458C fsdfw.sys (F-Secure Internet Shield Driver/F-Secure Corporation)
PAGENDSP NDIS.SYS!NdisSendPackets B9E229A3 5 Bytes JMP B9E0465E fsdfw.sys (F-Secure Internet Shield Driver/F-Secure Corporation)
PAGENDSP NDIS.SYS!NdisTransferData B9E229BE 5 Bytes JMP B9E03D0A fsdfw.sys (F-Secure Internet Shield Driver/F-Secure Corporation)
PAGENDCO NDIS.SYS!NdisCoCreateVc B9E29186 5 Bytes JMP B9E02E76 fsdfw.sys (F-Secure Internet Shield Driver/F-Secure Corporation)
PAGENDCO NDIS.SYS!NdisCoDeleteVc B9E2A557 5 Bytes JMP B9E02EE4 fsdfw.sys (F-Secure Internet Shield Driver/F-Secure Corporation)
PAGENDCO NDIS.SYS!NdisCoSendPackets B9E2AAF1 5 Bytes JMP B9E04376 fsdfw.sys (F-Secure Internet Shield Driver/F-Secure Corporation)

---- User code sections - GMER 1.0.15 ----

.text C:\WINDOWS\System32\svchost.exe[160] ntdll.dll!NtClose 7C90CFEE 5 Bytes JMP 10005060 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\System32\svchost.exe[160] ntdll.dll!LdrUnloadDll 7C91738B 5 Bytes JMP 10004F90 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\System32\svchost.exe[160] USER32.dll!EndTask 7E45A0A5 5 Bytes JMP 10004C30 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\System32\svchost.exe[160] USER32.dll!mouse_event 7E46673F 5 Bytes JMP 100016D0 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\System32\svchost.exe[160] USER32.dll!keybd_event 7E466783 5 Bytes JMP 10001550 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\System32\svchost.exe[160] GDI32.dll!BitBlt 77F16F79 5 Bytes JMP 10001860 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\System32\svchost.exe[160] GDI32.dll!CreateDCA 77F1B7D2 5 Bytes JMP 10001230 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\System32\svchost.exe[160] GDI32.dll!CreateDCW 77F1BE38 2 Bytes JMP 100013C0 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\System32\svchost.exe[160] GDI32.dll!CreateDCW + 3 77F1BE3B 2 Bytes [0E, 98] {PUSH CS; CWDE }
.text C:\WINDOWS\System32\svchost.exe[160] ole32.dll!CoCreateInstanceEx 77500526 5 Bytes JMP 10004960 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\System32\svchost.exe[160] ole32.dll!CoGetClassObject 775156C5 5 Bytes JMP 10004AD0 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\locator.exe[340] ntdll.dll!NtClose 7C90CFEE 5 Bytes JMP 10005060 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\locator.exe[340] ntdll.dll!LdrUnloadDll 7C91738B 5 Bytes JMP 10004F90 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\locator.exe[340] USER32.dll!EndTask 7E45A0A5 5 Bytes JMP 10004C30 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\locator.exe[340] USER32.dll!mouse_event 7E46673F 5 Bytes JMP 100016D0 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\locator.exe[340] USER32.dll!keybd_event 7E466783 5 Bytes JMP 10001550 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\locator.exe[340] GDI32.dll!BitBlt 77F16F79 5 Bytes JMP 10001860 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\locator.exe[340] GDI32.dll!CreateDCA 77F1B7D2 5 Bytes JMP 10001230 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\locator.exe[340] GDI32.dll!CreateDCW 77F1BE38 2 Bytes JMP 100013C0 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\locator.exe[340] GDI32.dll!CreateDCW + 3 77F1BE3B 2 Bytes [0E, 98] {PUSH CS; CWDE }
.text C:\WINDOWS\system32\locator.exe[340] ole32.dll!CoCreateInstanceEx 77500526 5 Bytes JMP 10004960 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\locator.exe[340] ole32.dll!CoGetClassObject 775156C5 5 Bytes JMP 10004AD0 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\wdfmgr.exe[396] ntdll.dll!NtClose 7C90CFEE 5 Bytes JMP 10005060 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\wdfmgr.exe[396] ntdll.dll!LdrUnloadDll 7C91738B 5 Bytes JMP 10004F90 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\wdfmgr.exe[396] USER32.dll!EndTask 7E45A0A5 5 Bytes JMP 10004C30 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\wdfmgr.exe[396] USER32.dll!mouse_event 7E46673F 5 Bytes JMP 100016D0 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\wdfmgr.exe[396] USER32.dll!keybd_event 7E466783 5 Bytes JMP 10001550 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\wdfmgr.exe[396] GDI32.dll!BitBlt 77F16F79 5 Bytes JMP 10001860 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\wdfmgr.exe[396] GDI32.dll!CreateDCA 77F1B7D2 5 Bytes JMP 10001230 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\wdfmgr.exe[396] GDI32.dll!CreateDCW 77F1BE38 2 Bytes JMP 100013C0 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\wdfmgr.exe[396] GDI32.dll!CreateDCW + 3 77F1BE3B 2 Bytes [0E, 98] {PUSH CS; CWDE }
.text C:\WINDOWS\system32\wdfmgr.exe[396] ole32.dll!CoCreateInstanceEx 77500526 5 Bytes JMP 10004960 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\wdfmgr.exe[396] ole32.dll!CoGetClassObject 775156C5 5 Bytes JMP 10004AD0 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\winlogon.exe[580] ntdll.dll!NtClose 7C90CFEE 5 Bytes JMP 10005060 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\winlogon.exe[580] ntdll.dll!LdrUnloadDll 7C91738B 5 Bytes JMP 10004F90 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\winlogon.exe[580] USER32.dll!EndTask 7E45A0A5 5 Bytes JMP 10004C30 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\winlogon.exe[580] USER32.dll!mouse_event 7E46673F 5 Bytes JMP 100016D0 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\winlogon.exe[580] USER32.dll!keybd_event 7E466783 5 Bytes JMP 10001550 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\winlogon.exe[580] GDI32.dll!BitBlt 77F16F79 5 Bytes JMP 10001860 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\winlogon.exe[580] GDI32.dll!CreateDCA 77F1B7D2 5 Bytes JMP 10001230 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\winlogon.exe[580] GDI32.dll!CreateDCW 77F1BE38 2 Bytes JMP 100013C0 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\winlogon.exe[580] GDI32.dll!CreateDCW + 3 77F1BE3B 2 Bytes [0E, 98] {PUSH CS; CWDE }
.text C:\WINDOWS\system32\winlogon.exe[580] ole32.dll!CoCreateInstanceEx 77500526 5 Bytes JMP 10004960 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\winlogon.exe[580] ole32.dll!CoGetClassObject 775156C5 5 Bytes JMP 10004AD0 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\services.exe[624] ntdll.dll!NtClose 7C90CFEE 5 Bytes JMP 10005060 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\services.exe[624] ntdll.dll!LdrUnloadDll 7C91738B 5 Bytes JMP 10004F90 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\services.exe[624] USER32.dll!EndTask 7E45A0A5 5 Bytes JMP 10004C30 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\services.exe[624] USER32.dll!mouse_event 7E46673F 5 Bytes JMP 100016D0 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\services.exe[624] USER32.dll!keybd_event 7E466783 5 Bytes JMP 10001550 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\services.exe[624] GDI32.dll!BitBlt 77F16F79 5 Bytes JMP 10001860 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\services.exe[624] GDI32.dll!CreateDCA 77F1B7D2 5 Bytes JMP 10001230 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\services.exe[624] GDI32.dll!CreateDCW 77F1BE38 2 Bytes JMP 100013C0 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\services.exe[624] GDI32.dll!CreateDCW + 3 77F1BE3B 2 Bytes [0E, 98] {PUSH CS; CWDE }
.text C:\WINDOWS\system32\services.exe[624] ole32.dll!CoCreateInstanceEx 77500526 5 Bytes JMP 10004960 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\services.exe[624] ole32.dll!CoGetClassObject 775156C5 5 Bytes JMP 10004AD0 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\lsass.exe[636] ntdll.dll!NtClose 7C90CFEE 5 Bytes JMP 10005060 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\lsass.exe[636] ntdll.dll!LdrUnloadDll 7C91738B 5 Bytes JMP 10004F90 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\lsass.exe[636] USER32.dll!EndTask 7E45A0A5 5 Bytes JMP 10004C30 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\lsass.exe[636] USER32.dll!mouse_event 7E46673F 5 Bytes JMP 100016D0 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\lsass.exe[636] USER32.dll!keybd_event 7E466783 5 Bytes JMP 10001550 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\lsass.exe[636] GDI32.dll!BitBlt 77F16F79 5 Bytes JMP 10001860 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\lsass.exe[636] GDI32.dll!CreateDCA 77F1B7D2 5 Bytes JMP 10001230 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\lsass.exe[636] GDI32.dll!CreateDCW 77F1BE38 2 Bytes JMP 100013C0 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\lsass.exe[636] GDI32.dll!CreateDCW + 3 77F1BE3B 2 Bytes [0E, 98] {PUSH CS; CWDE }
.text C:\WINDOWS\system32\lsass.exe[636] ole32.dll!CoCreateInstanceEx 77500526 5 Bytes JMP 10004960 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\lsass.exe[636] ole32.dll!CoGetClassObject 775156C5 5 Bytes JMP 10004AD0 C:\WINDOWS\system32\guard32.dll
.text D:\Program Files\Avira\AntiVir Desktop\avguard.exe[792] ntdll.dll!NtClose 7C90CFEE 5 Bytes JMP 10005060 C:\WINDOWS\system32\guard32.dll
.text D:\Program Files\Avira\AntiVir Desktop\avguard.exe[792] ntdll.dll!LdrUnloadDll 7C91738B 5 Bytes JMP 10004F90 C:\WINDOWS\system32\guard32.dll
.text D:\Program Files\Avira\AntiVir Desktop\avguard.exe[792] USER32.dll!EndTask 7E45A0A5 5 Bytes JMP 10004C30 C:\WINDOWS\system32\guard32.dll
.text D:\Program Files\Avira\AntiVir Desktop\avguard.exe[792] USER32.dll!mouse_event 7E46673F 5 Bytes JMP 100016D0 C:\WINDOWS\system32\guard32.dll
.text D:\Program Files\Avira\AntiVir Desktop\avguard.exe[792] USER32.dll!keybd_event 7E466783 5 Bytes JMP 10001550 C:\WINDOWS\system32\guard32.dll
.text D:\Program Files\Avira\AntiVir Desktop\avguard.exe[792] GDI32.dll!BitBlt 77F16F79 5 Bytes JMP 10001860 C:\WINDOWS\system32\guard32.dll
.text D:\Program Files\Avira\AntiVir Desktop\avguard.exe[792] GDI32.dll!CreateDCA 77F1B7D2 5 Bytes JMP 10001230 C:\WINDOWS\system32\guard32.dll
.text D:\Program Files\Avira\AntiVir Desktop\avguard.exe[792] GDI32.dll!CreateDCW 77F1BE38 2 Bytes JMP 100013C0 C:\WINDOWS\system32\guard32.dll
.text D:\Program Files\Avira\AntiVir Desktop\avguard.exe[792] GDI32.dll!CreateDCW + 3 77F1BE3B 2 Bytes [0E, 98] {PUSH CS; CWDE }
.text D:\Program Files\Avira\AntiVir Desktop\avguard.exe[792] ole32.dll!CoCreateInstanceEx 77500526 5 Bytes JMP 10004960 C:\WINDOWS\system32\guard32.dll
.text D:\Program Files\Avira\AntiVir Desktop\avguard.exe[792] ole32.dll!CoGetClassObject 775156C5 5 Bytes JMP 10004AD0 C:\WINDOWS\system32\guard32.dll
.text D:\Program Files\Avira\AntiVir Desktop\avshadow.exe[848] ntdll.dll!NtClose 7C90CFEE 5 Bytes JMP 10005060 C:\WINDOWS\system32\guard32.dll
.text D:\Program Files\Avira\AntiVir Desktop\avshadow.exe[848] ntdll.dll!LdrUnloadDll 7C91738B 5 Bytes JMP 10004F90 C:\WINDOWS\system32\guard32.dll
.text D:\Program Files\Avira\AntiVir Desktop\avshadow.exe[848] ole32.dll!CoCreateInstanceEx 77500526 5 Bytes JMP 10004960 C:\WINDOWS\system32\guard32.dll
.text D:\Program Files\Avira\AntiVir Desktop\avshadow.exe[848] ole32.dll!CoGetClassObject 775156C5 5 Bytes JMP 10004AD0 C:\WINDOWS\system32\guard32.dll
.text D:\Program Files\Avira\AntiVir Desktop\avshadow.exe[848] GDI32.dll!BitBlt 77F16F79 5 Bytes JMP 10001860 C:\WINDOWS\system32\guard32.dll
.text D:\Program Files\Avira\AntiVir Desktop\avshadow.exe[848] GDI32.dll!CreateDCA 77F1B7D2 5 Bytes JMP 10001230 C:\WINDOWS\system32\guard32.dll
.text D:\Program Files\Avira\AntiVir Desktop\avshadow.exe[848] GDI32.dll!CreateDCW 77F1BE38 2 Bytes JMP 100013C0 C:\WINDOWS\system32\guard32.dll
.text D:\Program Files\Avira\AntiVir Desktop\avshadow.exe[848] GDI32.dll!CreateDCW + 3 77F1BE3B 2 Bytes [0E, 98] {PUSH CS; CWDE }
.text D:\Program Files\Avira\AntiVir Desktop\avshadow.exe[848] USER32.dll!EndTask 7E45A0A5 5 Bytes JMP 10004C30 C:\WINDOWS\system32\guard32.dll
.text D:\Program Files\Avira\AntiVir Desktop\avshadow.exe[848] USER32.dll!mouse_event 7E46673F 5 Bytes JMP 100016D0 C:\WINDOWS\system32\guard32.dll
.text D:\Program Files\Avira\AntiVir Desktop\avshadow.exe[848] USER32.dll!keybd_event 7E466783 5 Bytes JMP 10001550 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\svchost.exe[1012] ntdll.dll!NtClose 7C90CFEE 5 Bytes JMP 10005060 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\svchost.exe[1012] ntdll.dll!LdrUnloadDll 7C91738B 5 Bytes JMP 10004F90 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\svchost.exe[1012] USER32.dll!EndTask 7E45A0A5 5 Bytes JMP 10004C30 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\svchost.exe[1012] USER32.dll!mouse_event 7E46673F 5 Bytes JMP 100016D0 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\svchost.exe[1012] USER32.dll!keybd_event 7E466783 5 Bytes JMP 10001550 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\svchost.exe[1012] GDI32.dll!BitBlt 77F16F79 5 Bytes JMP 10001860 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\svchost.exe[1012] GDI32.dll!CreateDCA 77F1B7D2 5 Bytes JMP 10001230 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\svchost.exe[1012] GDI32.dll!CreateDCW 77F1BE38 2 Bytes JMP 100013C0 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\svchost.exe[1012] GDI32.dll!CreateDCW + 3 77F1BE3B 2 Bytes [0E, 98] {PUSH CS; CWDE }
.text C:\WINDOWS\system32\svchost.exe[1012] ole32.dll!CoCreateInstanceEx 77500526 5 Bytes JMP 10004960 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\svchost.exe[1012] ole32.dll!CoGetClassObject 775156C5 5 Bytes JMP 10004AD0 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\System32\svchost.exe[1048] ntdll.dll!NtClose 7C90CFEE 5 Bytes JMP 10005060 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\System32\svchost.exe[1048] ntdll.dll!LdrUnloadDll 7C91738B 5 Bytes JMP 10004F90 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\System32\svchost.exe[1048] USER32.dll!EndTask 7E45A0A5 5 Bytes JMP 10004C30 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\System32\svchost.exe[1048] USER32.dll!mouse_event 7E46673F 5 Bytes JMP 100016D0 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\System32\svchost.exe[1048] USER32.dll!keybd_event 7E466783 5 Bytes JMP 10001550 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\System32\svchost.exe[1048] GDI32.dll!BitBlt 77F16F79 5 Bytes JMP 10001860 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\System32\svchost.exe[1048] GDI32.dll!CreateDCA 77F1B7D2 5 Bytes JMP 10001230 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\System32\svchost.exe[1048] GDI32.dll!CreateDCW 77F1BE38 2 Bytes JMP 100013C0 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\System32\svchost.exe[1048] GDI32.dll!CreateDCW + 3 77F1BE3B 2 Bytes [0E, 98] {PUSH CS; CWDE }
.text C:\WINDOWS\System32\svchost.exe[1048] ole32.dll!CoCreateInstanceEx 77500526 5 Bytes JMP 10004960 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\System32\svchost.exe[1048] ole32.dll!CoGetClassObject 775156C5 5 Bytes JMP 10004AD0 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\svchost.exe[1260] ntdll.dll!NtClose 7C90CFEE 5 Bytes JMP 10005060 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\svchost.exe[1260] ntdll.dll!LdrUnloadDll 7C91738B 5 Bytes JMP 10004F90 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\svchost.exe[1260] USER32.dll!EndTask 7E45A0A5 5 Bytes JMP 10004C30 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\svchost.exe[1260] USER32.dll!mouse_event 7E46673F 5 Bytes JMP 100016D0 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\svchost.exe[1260] USER32.dll!keybd_event 7E466783 5 Bytes JMP 10001550 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\svchost.exe[1260] GDI32.dll!BitBlt 77F16F79 5 Bytes JMP 10001860 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\svchost.exe[1260] GDI32.dll!CreateDCA 77F1B7D2 5 Bytes JMP 10001230 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\svchost.exe[1260] GDI32.dll!CreateDCW 77F1BE38 2 Bytes JMP 100013C0 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\svchost.exe[1260] GDI32.dll!CreateDCW + 3 77F1BE3B 2 Bytes [0E, 98] {PUSH CS; CWDE }
.text C:\WINDOWS\system32\svchost.exe[1260] ole32.dll!CoCreateInstanceEx 77500526 5 Bytes JMP 10004960 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\svchost.exe[1260] ole32.dll!CoGetClassObject 775156C5 5 Bytes JMP 10004AD0 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\svchost.exe[1272] ntdll.dll!NtClose 7C90CFEE 5 Bytes JMP 10005060 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\svchost.exe[1272] ntdll.dll!LdrUnloadDll 7C91738B 5 Bytes JMP 10004F90 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\svchost.exe[1272] USER32.dll!EndTask 7E45A0A5 5 Bytes JMP 10004C30 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\svchost.exe[1272] USER32.dll!mouse_event 7E46673F 5 Bytes JMP 100016D0 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\svchost.exe[1272] USER32.dll!keybd_event 7E466783 5 Bytes JMP 10001550 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\svchost.exe[1272] GDI32.dll!BitBlt 77F16F79 5 Bytes JMP 10001860 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\svchost.exe[1272] GDI32.dll!CreateDCA 77F1B7D2 5 Bytes JMP 10001230 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\svchost.exe[1272] GDI32.dll!CreateDCW 77F1BE38 2 Bytes JMP 100013C0 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\svchost.exe[1272] GDI32.dll!CreateDCW + 3 77F1BE3B 2 Bytes [0E, 98] {PUSH CS; CWDE }
.text C:\WINDOWS\system32\svchost.exe[1272] ole32.dll!CoCreateInstanceEx 77500526 5 Bytes JMP 10004960 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\svchost.exe[1272] ole32.dll!CoGetClassObject 775156C5 5 Bytes JMP 10004AD0 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\Explorer.EXE[1308] ntdll.dll!NtClose 7C90CFEE 5 Bytes JMP 10005060 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\Explorer.EXE[1308] ntdll.dll!LdrUnloadDll 7C91738B 5 Bytes JMP 10004F90 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\Explorer.EXE[1308] GDI32.dll!BitBlt 77F16F79 5 Bytes JMP 10001860 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\Explorer.EXE[1308] GDI32.dll!CreateDCA 77F1B7D2 5 Bytes JMP 10001230 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\Explorer.EXE[1308] GDI32.dll!CreateDCW 77F1BE38 2 Bytes JMP 100013C0 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\Explorer.EXE[1308] GDI32.dll!CreateDCW + 3 77F1BE3B 2 Bytes [0E, 98] {PUSH CS; CWDE }
.text C:\WINDOWS\Explorer.EXE[1308] USER32.dll!EndTask 7E45A0A5 5 Bytes JMP 10004C30 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\Explorer.EXE[1308] USER32.dll!mouse_event 7E46673F 5 Bytes JMP 100016D0 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\Explorer.EXE[1308] USER32.dll!keybd_event 7E466783 5 Bytes JMP 10001550 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\Explorer.EXE[1308] ole32.dll!CoCreateInstanceEx 77500526 5 Bytes JMP 10004960 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\Explorer.EXE[1308] ole32.dll!CoGetClassObject 775156C5 5 Bytes JMP 10004AD0 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\spoolsv.exe[1360] ntdll.dll!NtClose 7C90CFEE 5 Bytes JMP 10005060 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\spoolsv.exe[1360] ntdll.dll!LdrUnloadDll 7C91738B 5 Bytes JMP 10004F90 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\spoolsv.exe[1360] GDI32.dll!BitBlt 77F16F79 5 Bytes JMP 10001860 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\spoolsv.exe[1360] GDI32.dll!CreateDCA 77F1B7D2 5 Bytes JMP 10001230 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\spoolsv.exe[1360] GDI32.dll!CreateDCW 77F1BE38 2 Bytes JMP 100013C0 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\spoolsv.exe[1360] GDI32.dll!CreateDCW + 3 77F1BE3B 2 Bytes [0E, 98] {PUSH CS; CWDE }
.text C:\WINDOWS\system32\spoolsv.exe[1360] USER32.dll!EndTask 7E45A0A5 5 Bytes JMP 10004C30 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\spoolsv.exe[1360] USER32.dll!mouse_event 7E46673F 5 Bytes JMP 100016D0 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\spoolsv.exe[1360] USER32.dll!keybd_event 7E466783 5 Bytes JMP 10001550 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\spoolsv.exe[1360] ole32.dll!CoCreateInstanceEx 77500526 5 Bytes JMP 10004960 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\spoolsv.exe[1360] ole32.dll!CoGetClassObject 775156C5 5 Bytes JMP 10004AD0 C:\WINDOWS\system32\guard32.dll
.text D:\Program Files\Avira\AntiVir Desktop\sched.exe[1408] ntdll.dll!NtClose 7C90CFEE 5 Bytes JMP 10005060 C:\WINDOWS\system32\guard32.dll
.text D:\Program Files\Avira\AntiVir Desktop\sched.exe[1408] ntdll.dll!LdrUnloadDll 7C91738B 5 Bytes JMP 10004F90 C:\WINDOWS\system32\guard32.dll
.text D:\Program Files\Avira\AntiVir Desktop\sched.exe[1408] USER32.dll!EndTask 7E45A0A5 5 Bytes JMP 10004C30 C:\WINDOWS\system32\guard32.dll
.text D:\Program Files\Avira\AntiVir Desktop\sched.exe[1408] USER32.dll!mouse_event 7E46673F 5 Bytes JMP 100016D0 C:\WINDOWS\system32\guard32.dll
.text D:\Program Files\Avira\AntiVir Desktop\sched.exe[1408] USER32.dll!keybd_event 7E466783 5 Bytes JMP 10001550 C:\WINDOWS\system32\guard32.dll
.text D:\Program Files\Avira\AntiVir Desktop\sched.exe[1408] GDI32.dll!BitBlt 77F16F79 5 Bytes JMP 10001860 C:\WINDOWS\system32\guard32.dll
.text D:\Program Files\Avira\AntiVir Desktop\sched.exe[1408] GDI32.dll!CreateDCA 77F1B7D2 5 Bytes JMP 10001230 C:\WINDOWS\system32\guard32.dll
.text D:\Program Files\Avira\AntiVir Desktop\sched.exe[1408] GDI32.dll!CreateDCW 77F1BE38 2 Bytes JMP 100013C0 C:\WINDOWS\system32\guard32.dll
.text D:\Program Files\Avira\AntiVir Desktop\sched.exe[1408] GDI32.dll!CreateDCW + 3 77F1BE3B 2 Bytes [0E, 98] {PUSH CS; CWDE }
.text D:\Program Files\Avira\AntiVir Desktop\sched.exe[1408] ole32.dll!CoCreateInstanceEx 77500526 5 Bytes JMP 10004960 C:\WINDOWS\system32\guard32.dll
.text D:\Program Files\Avira\AntiVir Desktop\sched.exe[1408] ole32.dll!CoGetClassObject 775156C5 5 Bytes JMP 10004AD0 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\svchost.exe[1528] ntdll.dll!NtClose 7C90CFEE 5 Bytes JMP 10005060 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\svchost.exe[1528] ntdll.dll!LdrUnloadDll 7C91738B 5 Bytes JMP 10004F90 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\svchost.exe[1528] USER32.dll!EndTask 7E45A0A5 5 Bytes JMP 10004C30 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\svchost.exe[1528] USER32.dll!mouse_event 7E46673F 5 Bytes JMP 100016D0 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\svchost.exe[1528] USER32.dll!keybd_event 7E466783 5 Bytes JMP 10001550 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\svchost.exe[1528] GDI32.dll!BitBlt 77F16F79 5 Bytes JMP 10001860 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\svchost.exe[1528] GDI32.dll!CreateDCA 77F1B7D2 5 Bytes JMP 10001230 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\svchost.exe[1528] GDI32.dll!CreateDCW 77F1BE38 2 Bytes JMP 100013C0 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\svchost.exe[1528] GDI32.dll!CreateDCW + 3 77F1BE3B 2 Bytes [0E, 98] {PUSH CS; CWDE }
.text C:\WINDOWS\system32\svchost.exe[1528] ole32.dll!CoCreateInstanceEx 77500526 5 Bytes JMP 10004960 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\svchost.exe[1528] ole32.dll!CoGetClassObject 775156C5 5 Bytes JMP 10004AD0 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe[1668] ntdll.dll!NtClose 7C90CFEE 5 Bytes JMP 00675060 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe[1668] ntdll.dll!LdrUnloadDll 7C91738B 5 Bytes JMP 00674F90 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe[1668] ole32.dll!CoCreateInstanceEx 77500526 5 Bytes JMP 00674960 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe[1668] ole32.dll!CoGetClassObject 775156C5 5 Bytes JMP 00674AD0 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe[1668] GDI32.dll!BitBlt 77F16F79 5 Bytes JMP 00671860 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe[1668] GDI32.dll!CreateDCA 77F1B7D2 5 Bytes JMP 00671230 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe[1668] GDI32.dll!CreateDCW 77F1BE38 2 Bytes JMP 006713C0 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe[1668] GDI32.dll!CreateDCW + 3 77F1BE3B 2 Bytes [75, 88] {JNZ 0xffffffffffffff8a}
.text C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe[1668] USER32.dll!EndTask 7E45A0A5 5 Bytes JMP 00674C30 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe[1668] USER32.dll!mouse_event 7E46673F 5 Bytes JMP 006716D0 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe[1668] USER32.dll!keybd_event 7E466783 5 Bytes JMP 00671550 C:\WINDOWS\system32\guard32.dll
.text D:\Program Files\Palomuuri\Comodo\Firewall\cmdagent.exe[1728] ntdll.dll!NtClose 7C90CFEE 5 Bytes JMP 10005060 C:\WINDOWS\system32\guard32.dll
.text D:\Program Files\Palomuuri\Comodo\Firewall\cmdagent.exe[1728] ntdll.dll!LdrUnloadDll 7C91738B 5 Bytes JMP 10004F90 C:\WINDOWS\system32\guard32.dll
.text D:\Program Files\Palomuuri\Comodo\Firewall\cmdagent.exe[1728] USER32.dll!EndTask 7E45A0A5 5 Bytes JMP 10004C30 C:\WINDOWS\system32\guard32.dll
.text D:\Program Files\Palomuuri\Comodo\Firewall\cmdagent.exe[1728] USER32.dll!mouse_event 7E46673F 5 Bytes JMP 100016D0 C:\WINDOWS\system32\guard32.dll
.text D:\Program Files\Palomuuri\Comodo\Firewall\cmdagent.exe[1728] USER32.dll!keybd_event 7E466783 5 Bytes JMP 10001550 C:\WINDOWS\system32\guard32.dll
.text D:\Program Files\Palomuuri\Comodo\Firewall\cmdagent.exe[1728] GDI32.dll!BitBlt 77F16F79 5 Bytes JMP 10001860 C:\WINDOWS\system32\guard32.dll
.text D:\Program Files\Palomuuri\Comodo\Firewall\cmdagent.exe[1728] GDI32.dll!CreateDCA 77F1B7D2 5 Bytes JMP 10001230 C:\WINDOWS\system32\guard32.dll
.text D:\Program Files\Palomuuri\Comodo\Firewall\cmdagent.exe[1728] GDI32.dll!CreateDCW 77F1BE38 2 Bytes JMP 100013C0 C:\WINDOWS\system32\guard32.dll
.text D:\Program Files\Palomuuri\Comodo\Firewall\cmdagent.exe[1728] GDI32.dll!CreateDCW + 3 77F1BE3B 2 Bytes [0E, 98] {PUSH CS; CWDE }
.text D:\Program Files\Palomuuri\Comodo\Firewall\cmdagent.exe[1728] ole32.dll!CoCreateInstanceEx 77500526 5 Bytes JMP 10004960 C:\WINDOWS\system32\guard32.dll
.text D:\Program Files\Palomuuri\Comodo\Firewall\cmdagent.exe[1728] ole32.dll!CoGetClassObject 775156C5 5 Bytes JMP 10004AD0 C:\WINDOWS\system32\guard32.dll
.text D:\Program Files\Avira\AntiVir Desktop\avgnt.exe[1968] ntdll.dll!NtClose 7C90CFEE 5 Bytes JMP 10005060 C:\WINDOWS\system32\guard32.dll
.text D:\Program Files\Avira\AntiVir Desktop\avgnt.exe[1968] ntdll.dll!LdrUnloadDll 7C91738B 5 Bytes JMP 10004F90 C:\WINDOWS\system32\guard32.dll
.text D:\Program Files\Avira\AntiVir Desktop\avgnt.exe[1968] USER32.dll!EndTask 7E45A0A5 5 Bytes JMP 10004C30 C:\WINDOWS\system32\guard32.dll
.text D:\Program Files\Avira\AntiVir Desktop\avgnt.exe[1968] USER32.dll!mouse_event 7E46673F 5 Bytes JMP 100016D0 C:\WINDOWS\system32\guard32.dll
.text D:\Program Files\Avira\AntiVir Desktop\avgnt.exe[1968] USER32.dll!keybd_event 7E466783 5 Bytes JMP 10001550 C:\WINDOWS\system32\guard32.dll
.text D:\Program Files\Avira\AntiVir Desktop\avgnt.exe[1968] GDI32.dll!BitBlt 77F16F79 5 Bytes JMP 10001860 C:\WINDOWS\system32\guard32.dll
.text D:\Program Files\Avira\AntiVir Desktop\avgnt.exe[1968] GDI32.dll!CreateDCA 77F1B7D2 5 Bytes JMP 10001230 C:\WINDOWS\system32\guard32.dll
.text D:\Program Files\Avira\AntiVir Desktop\avgnt.exe[1968] GDI32.dll!CreateDCW 77F1BE38 2 Bytes JMP 100013C0 C:\WINDOWS\system32\guard32.dll
.text D:\Program Files\Avira\AntiVir Desktop\avgnt.exe[1968] GDI32.dll!CreateDCW + 3 77F1BE3B 2 Bytes [0E, 98] {PUSH CS; CWDE }
.text D:\Program Files\Avira\AntiVir Desktop\avgnt.exe[1968] ole32.dll!CoCreateInstanceEx 77500526 5 Bytes JMP 10004960 C:\WINDOWS\system32\guard32.dll
.text D:\Program Files\Avira\AntiVir Desktop\avgnt.exe[1968] ole32.dll!CoGetClassObject 775156C5 5 Bytes JMP 10004AD0 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\System32\svchost.exe[2092] ntdll.dll!NtClose 7C90CFEE 5 Bytes JMP 10005060 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\System32\svchost.exe[2092] ntdll.dll!LdrUnloadDll 7C91738B 5 Bytes JMP 10004F90 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\System32\svchost.exe[2092] USER32.dll!EndTask 7E45A0A5 5 Bytes JMP 10004C30 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\System32\svchost.exe[2092] USER32.dll!mouse_event 7E46673F 5 Bytes JMP 100016D0 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\System32\svchost.exe[2092] USER32.dll!keybd_event 7E466783 5 Bytes JMP 10001550 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\System32\svchost.exe[2092] GDI32.dll!BitBlt 77F16F79 5 Bytes JMP 10001860 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\System32\svchost.exe[2092] GDI32.dll!CreateDCA 77F1B7D2 5 Bytes JMP 10001230 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\System32\svchost.exe[2092] GDI32.dll!CreateDCW 77F1BE38 2 Bytes JMP 100013C0 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\System32\svchost.exe[2092] GDI32.dll!CreateDCW + 3 77F1BE3B 2 Bytes [0E, 98] {PUSH CS; CWDE }
.text C:\WINDOWS\System32\svchost.exe[2092] ole32.dll!CoCreateInstanceEx 77500526 5 Bytes JMP 10004960 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\System32\svchost.exe[2092] ole32.dll!CoGetClassObject 775156C5 5 Bytes JMP 10004AD0 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\dllhost.exe[2204] ntdll.dll!NtClose 7C90CFEE 5 Bytes JMP 10005060 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\dllhost.exe[2204] ntdll.dll!LdrUnloadDll 7C91738B 5 Bytes JMP 10004F90 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\dllhost.exe[2204] ole32.dll!CoCreateInstanceEx 77500526 5 Bytes JMP 10004960 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\dllhost.exe[2204] ole32.dll!CoGetClassObject 775156C5 5 Bytes JMP 10004AD0 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\dllhost.exe[2204] GDI32.dll!BitBlt 77F16F79 5 Bytes JMP 10001860 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\dllhost.exe[2204] GDI32.dll!CreateDCA 77F1B7D2 5 Bytes JMP 10001230 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\dllhost.exe[2204] GDI32.dll!CreateDCW 77F1BE38 2 Bytes JMP 100013C0 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\dllhost.exe[2204] GDI32.dll!CreateDCW + 3 77F1BE3B 2 Bytes [0E, 98] {PUSH CS; CWDE }
.text C:\WINDOWS\system32\dllhost.exe[2204] USER32.dll!EndTask 7E45A0A5 5 Bytes JMP 10004C30 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\dllhost.exe[2204] USER32.dll!mouse_event 7E46673F 5 Bytes JMP 100016D0 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\dllhost.exe[2204] USER32.dll!keybd_event 7E466783 5 Bytes JMP 10001550 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\System32\alg.exe[2340] ntdll.dll!NtClose 7C90CFEE 5 Bytes JMP 10005060 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\System32\alg.exe[2340] ntdll.dll!LdrUnloadDll 7C91738B 5 Bytes JMP 10004F90 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\System32\alg.exe[2340] USER32.dll!EndTask 7E45A0A5 5 Bytes JMP 10004C30 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\System32\alg.exe[2340] USER32.dll!mouse_event 7E46673F 5 Bytes JMP 100016D0 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\System32\alg.exe[2340] USER32.dll!keybd_event 7E466783 5 Bytes JMP 10001550 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\System32\alg.exe[2340] GDI32.dll!BitBlt 77F16F79 5 Bytes JMP 10001860 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\System32\alg.exe[2340] GDI32.dll!CreateDCA 77F1B7D2 5 Bytes JMP 10001230 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\System32\alg.exe[2340] GDI32.dll!CreateDCW 77F1BE38 2 Bytes JMP 100013C0 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\System32\alg.exe[2340] GDI32.dll!CreateDCW + 3 77F1BE3B 2 Bytes [0E, 98] {PUSH CS; CWDE }
.text C:\WINDOWS\System32\alg.exe[2340] ole32.dll!CoCreateInstanceEx 77500526 5 Bytes JMP 10004960 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\System32\alg.exe[2340] ole32.dll!CoGetClassObject 775156C5 5 Bytes JMP 10004AD0 C:\WINDOWS\system32\guard32.dll

---- Kernel IAT/EAT - GMER 1.0.15 ----

IAT \SystemRoot\system32\DRIVERS\ndiswan.sys[NDIS.SYS!NdisCloseAdapter] [B9E38710] inspect.sys (COMODO Firewall Pro Firewall Driver/COMODO)
IAT \SystemRoot\system32\DRIVERS\ndiswan.sys[NDIS.SYS!NdisOpenAdapter] [B9E38770] inspect.sys (COMODO Firewall Pro Firewall Driver/COMODO)
IAT \SystemRoot\system32\DRIVERS\ndiswan.sys[NDIS.SYS!NdisDeregisterProtocol] [B9E38990] inspect.sys (COMODO Firewall Pro Firewall Driver/COMODO)
IAT \SystemRoot\system32\DRIVERS\ndiswan.sys[NDIS.SYS!NdisRegisterProtocol] [B9E38950] inspect.sys (COMODO Firewall Pro Firewall Driver/COMODO)
IAT \SystemRoot\system32\DRIVERS\raspppoe.sys[NDIS.SYS!NdisRegisterProtocol] [B9E38950] inspect.sys (COMODO Firewall Pro Firewall Driver/COMODO)
IAT \SystemRoot\system32\DRIVERS\raspppoe.sys[NDIS.SYS!NdisOpenAdapter] [B9E38770] inspect.sys (COMODO Firewall Pro Firewall Driver/COMODO)
IAT \SystemRoot\system32\DRIVERS\raspppoe.sys[NDIS.SYS!NdisCloseAdapter] [B9E38710] inspect.sys (COMODO Firewall Pro Firewall Driver/COMODO)
IAT \SystemRoot\system32\DRIVERS\raspppoe.sys[NDIS.SYS!NdisDeregisterProtocol] [B9E38990] inspect.sys (COMODO Firewall Pro Firewall Driver/COMODO)
IAT \SystemRoot\system32\DRIVERS\psched.sys[NDIS.SYS!NdisDeregisterProtocol] [B9E38990] inspect.sys (COMODO Firewall Pro Firewall Driver/COMODO)
IAT \SystemRoot\system32\DRIVERS\psched.sys[NDIS.SYS!NdisRegisterProtocol] [B9E38950] inspect.sys (COMODO Firewall Pro Firewall Driver/COMODO)
IAT \SystemRoot\system32\DRIVERS\psched.sys[NDIS.SYS!NdisOpenAdapter] [B9E38770] inspect.sys (COMODO Firewall Pro Firewall Driver/COMODO)
IAT \SystemRoot\system32\DRIVERS\psched.sys[NDIS.SYS!NdisCloseAdapter] [B9E38710] inspect.sys (COMODO Firewall Pro Firewall Driver/COMODO)
IAT \SystemRoot\System32\Drivers\NDProxy.SYS[NDIS.SYS!NdisRegisterProtocol] [B9E38950] inspect.sys (COMODO Firewall Pro Firewall Driver/COMODO)
IAT \SystemRoot\System32\Drivers\NDProxy.SYS[NDIS.SYS!NdisDeregisterProtocol] [B9E38990] inspect.sys (COMODO Firewall Pro Firewall Driver/COMODO)
IAT \SystemRoot\System32\Drivers\NDProxy.SYS[NDIS.SYS!NdisCloseAdapter] [B9E38710] inspect.sys (COMODO Firewall Pro Firewall Driver/COMODO)
IAT \SystemRoot\System32\Drivers\NDProxy.SYS[NDIS.SYS!NdisOpenAdapter] [B9E38770] inspect.sys (COMODO Firewall Pro Firewall Driver/COMODO)
IAT \SystemRoot\system32\DRIVERS\tcpip.sys[NDIS.SYS!NdisCloseAdapter] [B9E38710] inspect.sys (COMODO Firewall Pro Firewall Driver/COMODO)
IAT \SystemRoot\system32\DRIVERS\tcpip.sys[NDIS.SYS!NdisOpenAdapter] [B9E38770] inspect.sys (COMODO Firewall Pro Firewall Driver/COMODO)
IAT \SystemRoot\system32\DRIVERS\tcpip.sys[NDIS.SYS!NdisRegisterProtocol] [B9E38950] inspect.sys (COMODO Firewall Pro Firewall Driver/COMODO)
IAT \SystemRoot\system32\DRIVERS\wanarp.sys[NDIS.SYS!NdisDeregisterProtocol] [B9E38990] inspect.sys (COMODO Firewall Pro Firewall Driver/COMODO)
IAT \SystemRoot\system32\DRIVERS\wanarp.sys[NDIS.SYS!NdisRegisterProtocol] [B9E38950] inspect.sys (COMODO Firewall Pro Firewall Driver/COMODO)
IAT \SystemRoot\system32\DRIVERS\wanarp.sys[NDIS.SYS!NdisOpenAdapter] [B9E38770] inspect.sys (COMODO Firewall Pro Firewall Driver/COMODO)
IAT \SystemRoot\system32\DRIVERS\wanarp.sys[NDIS.SYS!NdisCloseAdapter] [B9E38710] inspect.sys (COMODO Firewall Pro Firewall Driver/COMODO)

---- Devices - GMER 1.0.15 ----

Device \Driver\Tcpip \Device\Ip fsdfw.sys (F-Secure Internet Shield Driver/F-Secure Corporation)

AttachedDevice \Driver\Tcpip \Device\Ip cmdhlp.sys (COMODO Firewall Pro Helper Driver/COMODO)
AttachedDevice \Driver\Kbdclass \Device\KeyboardClass0 SynTP.sys (Synaptics Touchpad Driver/Synaptics, Inc.)
AttachedDevice \Driver\Kbdclass \Device\KeyboardClass1 SynTP.sys (Synaptics Touchpad Driver/Synaptics, Inc.)

Device \Driver\Tcpip \Device\Tcp fsdfw.sys (F-Secure Internet Shield Driver/F-Secure Corporation)

AttachedDevice \Driver\Tcpip \Device\Tcp cmdhlp.sys (COMODO Firewall Pro Helper Driver/COMODO)

Device \Driver\Tcpip \Device\Udp fsdfw.sys (F-Secure Internet Shield Driver/F-Secure Corporation)

AttachedDevice \Driver\Tcpip \Device\Udp cmdhlp.sys (COMODO Firewall Pro Helper Driver/COMODO)

Device \Driver\Tcpip \Device\RawIp fsdfw.sys (F-Secure Internet Shield Driver/F-Secure Corporation)

AttachedDevice \Driver\Tcpip \Device\RawIp cmdhlp.sys (COMODO Firewall Pro Helper Driver/COMODO)

Device \Driver\Tcpip \Device\IPMULTICAST fsdfw.sys (F-Secure Internet Shield Driver/F-Secure Corporation)

AttachedDevice \FileSystem\Fastfat \Fat fltmgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)

---- Registry - GMER 1.0.15 ----

Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@u0 0xD4 0xC3 0x97 0x02 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0 0
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12 0x4C 0xC1 0x00 0x92 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@p0 D:\Program Files\DAEMON Tools Lite\
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@hdf12 0x41 0xA3 0xFC 0x3E ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0@hdf12 0x4D 0x3A 0xAB 0x5D ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq1
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq1@hdf12 0x96 0x47 0xC5 0x35 ...
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@u0 0xD4 0xC3 0x97 0x02 ...
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0 0
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12 0x4C 0xC1 0x00 0x92 ...
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@p0 D:\Program Files\DAEMON Tools Lite\
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@hdf12 0x41 0xA3 0xFC 0x3E ...
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0@hdf12 0x4D 0x3A 0xAB 0x5D ...
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq1 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq1@hdf12 0x96 0x47 0xC5 0x35 ...
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows@DeviceNotSelectedTimeout 15
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows@GDIProcessHandleQuota 10000
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows@Spooler yes
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows@swapdisk
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows@TransmissionRetryTimeout 90
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows@USERProcessHandleQuota 10000
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows@AppInit_DLLs C:\WINDOWS\system32\guard32.dll

---- EOF - GMER 1.0.15 ----

 

.
ComboFixin raahaus ei onnistunut.
Tee uudelleen (irroita älä klikkaa)
Lähetä => C:\comboFix.txt

 

Unohdin vapauttaa palomuurin liikenteen ennen Comodon sammutusta, lisää ohjeisiin? Ei antanut varmaan oikeuksia combolle vaikka sammutin sen. Samoin SPyware blasterin disabloin.

ComboFix 10-09-16.07 - Admin 18.09.2010 15:23:06.3.1 - FAT32x86
Running from: c:\documents and settings\Admin\Desktop\Logiohjelmat\ComboFix.exe
Command switches used :: c:\documents and settings\Admin\Desktop\Logiohjelmat\CFScript.txt
AV: AntiVir Desktop *On-access scanning disabled* (Updated) {AD166499-45F9-482A-A743-FDD3350758C7}
AV: avast! Antivirus *On-access scanning enabled* (Outdated) {7591DB91-41F0-48A3-B128-1A293FD8233D}
AV: F-Secure Internet Security 2010 10.00 *On-access scanning disabled* (Updated) {E7512ED5-4245-4B4D-AF3A-382D3F313F15}
FW: COMODO Firewall Pro *enabled* {043803A3-4F86-4ef6-AFC5-F6E02A79969B}
FW: F-Secure Internet Security 2010 10.00 *enabled* {D4747503-0346-49EB-9262-997542F79BF4}
* Created a new restore point

FILE ::
"c:\documents and settings\Admin\Local Settings\Temp\awrcqkog.sys"
.

((((((((((((((((((((((((( Files Created from 2010-08-18 to 2010-09-18 )))))))))))))))))))))))))))))))
.

2010-09-16 21:41 . 2010-09-16 21:41 -------- d-----w- c:\documents and settings\Admin\Application Data\Avira
2010-09-16 21:31 . 2010-03-01 07:05 124784 ----a-w- c:\windows\system32\drivers\avipbb.sys
2010-09-16 21:31 . 2010-02-16 11:24 60936 ----a-w- c:\windows\system32\drivers\avgntflt.sys
2010-09-16 21:31 . 2009-05-11 09:49 45416 ----a-w- c:\windows\system32\drivers\avgntdd.sys
2010-09-16 21:31 . 2009-05-11 09:49 22360 ----a-w- c:\windows\system32\drivers\avgntmgr.sys
2010-09-16 21:31 . 2010-09-16 21:31 -------- d-----w- c:\documents and settings\All Users\Application Data\Avira
2010-09-16 19:45 . 2010-09-16 19:45 -------- d-----w- c:\documents and settings\All Users\Application Data\TEMP
2010-09-15 23:36 . 2010-09-15 23:36 -------- d-----w- c:\documents and settings\Admin\Application Data\Malwarebytes
2010-09-15 23:34 . 2010-04-29 12:39 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-09-15 23:34 . 2010-09-15 23:34 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2010-09-15 23:34 . 2010-04-29 12:39 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-09-14 10:50 . 2010-09-14 10:50 388096 ----a-r- c:\documents and settings\Admin\Application Data\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
2010-09-12 18:06 . 2010-09-12 18:06 -------- d-----w- c:\windows\Internet Logs
2010-09-08 11:21 . 2010-09-08 11:21 -------- d-sh--w- c:\documents and settings\NetworkService\IETldCache
2010-09-07 22:52 . 2010-06-24 12:21 743424 ------w- c:\windows\system32\dllcache\iedvtool.dll
2010-09-07 22:40 . 2010-06-14 14:31 744448 ------w- c:\windows\system32\dllcache\helpsvc.exe
2010-09-03 14:13 . 2010-09-03 14:13 1266056 ----a-w- c:\temp\WindowsXP-KB927891-v3-x86-ENU.exe
2010-09-03 14:12 . 2010-09-03 14:12 3038 ----a-w- c:\temp\fix_svchost.bat
2010-09-03 14:12 . 2010-09-03 14:12 6216032 ----a-w- c:\temp\windowsupdateagent30-x86.exe
2010-09-02 11:41 . 2010-09-02 11:41 -------- d-----w- c:\documents and settings\LocalService\Local Settings\Application Data\Opera
2010-09-02 11:37 . 2010-09-02 11:37 -------- d--h--w- c:\documents and settings\All Users\Application Data\ActiveSMART
2010-09-01 12:26 . 2010-09-01 12:26 -------- d-----w- c:\documents and settings\All Users\Application Data\Comodo Downloader

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-08-30 10:41 . 2010-08-30 10:41 16 ----a-w- c:\documents and settings\NetworkService\Application Data\hngmfc.dat
2010-06-30 12:31 . 1979-12-31 21:00 149504 ----a-w- c:\windows\system32\schannel.dll
2010-06-24 12:22 . 1979-12-31 21:00 916480 ----a-w- c:\windows\system32\wininet.dll
2010-06-23 13:44 . 1979-12-31 21:00 1851904 ------w- c:\windows\system32\win32k.sys
2010-06-21 15:27 . 1979-12-31 21:00 354304 ------w- c:\windows\system32\drivers\srv.sys
2009-08-14 10:33 . 2009-08-14 10:33 652640 ----a-w- c:\program files\mozilla firefox\plugins\sslsdk_b.dll
2009-09-12 20:05 . 2009-09-12 20:05 124240 ----a-w- c:\program files\mozilla firefox\plugins\CCMSDK.dll
2009-09-12 20:06 . 2009-09-12 20:06 40280 ----a-w- c:\program files\mozilla firefox\plugins\icalogon.dll
2009-09-12 20:06 . 2009-09-12 20:06 31064 ----a-w- c:\program files\mozilla firefox\plugins\icafile.dll
2009-09-12 20:07 . 2009-09-12 20:07 255312 ----a-w- c:\program files\mozilla firefox\plugins\ctxmui.dll
2009-09-12 20:06 . 2009-09-12 20:06 22360 ----a-w- c:\program files\mozilla firefox\plugins\ctxlogging.dll
2009-09-12 20:06 . 2009-09-12 20:06 91480 ----a-w- c:\program files\mozilla firefox\plugins\confmgr.dll
2009-09-12 20:06 . 2009-09-12 20:06 13136 ----a-w- c:\program files\mozilla firefox\plugins\cgpcfg.dll
2009-09-12 20:06 . 2009-09-12 20:06 23896 ----a-w- c:\program files\mozilla firefox\plugins\TcpPServ.dll
2009-09-12 20:06 . 2009-09-12 20:06 70488 ----a-w- c:\program files\mozilla firefox\plugins\CgpCore.dll
.

------- Sigcheck -------

[-] 2008-06-20 . AD978A1B783B5719720CFF204B666C8E . 361600 . . [5.1.2600.5625] . . c:\windows\$hf_mig$\KB951748\SP3QFE\tcpip.sys
[-] 2008-06-20 . 9AEFA14BD6B182D61E3119FA5F436D3D . 361600 . . [5.1.2600.5625] . . c:\windows\system32\drivers\tcpip.sys
[-] 2008-06-20 . 9AEFA14BD6B182D61E3119FA5F436D3D . 361600 . . [5.1.2600.5625] . . c:\windows\system32\dllcache\tcpip.sys
[-] 2008-06-20 . 9AEFA14BD6B182D61E3119FA5F436D3D . 361600 . . [5.1.2600.5625] . . c:\windows\$hf_mig$\KB951748\SP3GDR\tcpip.sys
[-] 2008-06-20 . 2A5554FC5B1E04E131230E3CE035C3F9 . 360320 . . [5.1.2600.3394] . . c:\windows\$NtServicePackUninstall$\tcpip.sys
[-] 2008-06-20 . 744E57C99232201AE98C49168B918F48 . 360960 . . [5.1.2600.3394] . . c:\windows\$hf_mig$\KB951748\SP2QFE\tcpip.sys
[7] 2008-04-13 . 93EA8D04EC73A85DB02EB8805988F733 . 361344 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\tcpip.sys
[-] 2007-10-30 . 64798ECFA43D78C7178375FCDD16D8C8 . 360832 . . [5.1.2600.3244] . . c:\windows\$hf_mig$\KB941644\SP2QFE\tcpip.sys
[-] 2006-04-20 . B2220C618B42A2212A59D91EBD6FC4B4 . 360576 . . [5.1.2600.2892] . . c:\windows\$hf_mig$\KB917953\SP2QFE\tcpip.sys
[-] 2006-01-13 . 5562CC0A47B2AEF06D3417B733F3C195 . 360448 . . [5.1.2600.2827] . . c:\windows\$hf_mig$\KB913446\SP2QFE\tcpip.sys
[-] 2005-05-25 . 63FDFEA54EB53DE2D863EE454937CE1E . 359936 . . [5.1.2600.2685] . . c:\windows\$hf_mig$\KB893066\SP2QFE\tcpip.sys

[-] 2009-02-09 . 6B27A5C03DFB94B4245739065431322C . 401408 . . [5.1.2600.5755] . . c:\windows\system32\rpcss.dll
[-] 2009-02-09 . 6B27A5C03DFB94B4245739065431322C . 401408 . . [5.1.2600.5755] . . c:\windows\system32\dllcache\rpcss.dll
[-] 2009-02-09 . 6B27A5C03DFB94B4245739065431322C . 401408 . . [5.1.2600.5755] . . c:\windows\$hf_mig$\KB956572\SP3GDR\rpcss.dll
[-] 2009-02-09 . 9222562D44021B988B9F9F62207FB6F2 . 401408 . . [5.1.2600.5755] . . c:\windows\$hf_mig$\KB956572\SP3QFE\rpcss.dll
[-] 2009-02-09 . 01095FEBF33BEEA00C2A0730B9B3EC28 . 399360 . . [5.1.2600.3520] . . c:\windows\$NtServicePackUninstall$\rpcss.dll
[-] 2009-02-09 . 24B5D53B9ACCC1E2EDCF0A878D6659D4 . 401408 . . [5.1.2600.3520] . . c:\windows\$hf_mig$\KB956572\SP2QFE\rpcss.dll
[7] 2008-04-13 . 2589FE6015A316C0F5D5112B4DA7B509 . 399360 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\rpcss.dll
[-] 2005-07-26 . C369DF215D352B6F3A0B8C3469AA34F8 . 398336 . . [5.1.2600.2726] . . c:\windows\$hf_mig$\KB902400\SP2QFE\rpcss.dll
[-] 2005-04-28 . DA383FB39A6F1C445F3AFC94B3EB1248 . 396288 . . [5.1.2600.2665] . . c:\windows\$hf_mig$\KB894391\SP2QFE\rpcss.dll

[-] 2009-02-06 . 37561F8D4160D62DA86D24AE41FAE8DE . 110592 . . [5.1.2600.3520] . . c:\windows\$NtServicePackUninstall$\services.exe
[-] 2009-02-06 . 65DF52F5B8B6E9BBD183505225C37315 . 110592 . . [5.1.2600.5755] . . c:\windows\system32\services.exe
[-] 2009-02-06 . 65DF52F5B8B6E9BBD183505225C37315 . 110592 . . [5.1.2600.5755] . . c:\windows\system32\dllcache\services.exe
[-] 2009-02-06 . 65DF52F5B8B6E9BBD183505225C37315 . 110592 . . [5.1.2600.5755] . . c:\windows\$hf_mig$\KB956572\SP3GDR\services.exe
[-] 2009-02-06 . 020CEAAEDC8EB655B6506B8C70D53BB6 . 110592 . . [5.1.2600.5755] . . c:\windows\$hf_mig$\KB956572\SP3QFE\services.exe
[-] 2009-02-06 . 4712531AB7A01B7EE059853CA17D39BD . 110592 . . [5.1.2600.3520] . . c:\windows\$hf_mig$\KB956572\SP2QFE\services.exe
[7] 2008-04-13 . 0E776ED5F7CC9F94299E70461B7B8185 . 108544 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\services.exe

[-] 2008-07-07 19:32 . 60D1A6342238378BFB7545C81EE3606C . 253952 . . [2001.12.4414.320] . . c:\windows\$NtServicePackUninstall$\es.dll
[-] 2008-07-07 19:26 . D4991D98F2DB73C60D042F1AEF79EFAE . 253952 . . [2001.12.4414.706] . . c:\windows\system32\es.dll
[-] 2008-07-07 19:26 . D4991D98F2DB73C60D042F1AEF79EFAE . 253952 . . [2001.12.4414.706] . . c:\windows\system32\dllcache\es.dll
[-] 2008-07-07 19:26 . D4991D98F2DB73C60D042F1AEF79EFAE . 253952 . . [2001.12.4414.706] . . c:\windows\$hf_mig$\KB950974\SP3GDR\es.dll
[-] 2008-07-07 19:23 . F17F6226BDC0CD5F0BEF0DAF84D29BEC . 253952 . . [2001.12.4414.706] . . c:\windows\$hf_mig$\KB950974\SP3QFE\es.dll
[-] 2008-07-07 19:06 . A4AB3DCA4A383F0DF4988ABDEB84F9A4 . 253952 . . [2001.12.4414.320] . . c:\windows\$hf_mig$\KB950974\SP2QFE\es.dll
[7] 2008-04-13 23:11 . 19A799805B24990867B00C120D300C3A . 246272 . . [2001.12.4414.701] . . c:\windows\ServicePackFiles\i386\es.dll
[-] 2005-07-26 03:20 . 95F5FEA4C6DE2C3F28784D0DCC8F0DD3 . 243200 . . [2001.12.4414.308] . . c:\windows\$hf_mig$\KB902400\SP2QFE\es.dll

[-] 2009-03-21 . B6ACAED7588295129791E0E6A2B0FADE . 986112 . . [5.1.2600.3541] . . c:\windows\$NtServicePackUninstall$\kernel32.dll
[-] 2009-03-21 . B921FB870C9AC0D509B2CCABBBBE95F3 . 989696 . . [5.1.2600.5781] . . c:\windows\system32\kernel32.dll
[-] 2009-03-21 . B921FB870C9AC0D509B2CCABBBBE95F3 . 989696 . . [5.1.2600.5781] . . c:\windows\system32\dllcache\kernel32.dll
[-] 2009-03-21 . B921FB870C9AC0D509B2CCABBBBE95F3 . 989696 . . [5.1.2600.5781] . . c:\windows\$hf_mig$\KB959426\SP3GDR\kernel32.dll
[-] 2009-03-21 . DA11D9D6ECBDF0F93436A4B7C13F7BEC . 991744 . . [5.1.2600.5781] . . c:\windows\$hf_mig$\KB959426\SP3QFE\kernel32.dll
[-] 2009-03-21 . 80202858D245FF07DAA1739C57A3E19B . 989184 . . [5.1.2600.3541] . . c:\windows\$hf_mig$\KB959426\SP2QFE\kernel32.dll
[7] 2008-04-13 . C24B983D211C34DA8FCC1AC38477971D . 989696 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\kernel32.dll
[-] 2007-04-16 . 09F7CB3687F86EDAA4CA081F7AB66C03 . 986112 . . [5.1.2600.3119] . . c:\windows\$hf_mig$\KB935839\SP2QFE\kernel32.dll
[-] 2006-07-05 . 0FDD84928A5DDE2510761B7EC76CCEC9 . 985088 . . [5.1.2600.2945] . . c:\windows\$hf_mig$\KB917422\SP2QFE\kernel32.dll

[-] 2008-06-20 . 832E4DD8964AB7ACC880B2837CB1ED20 . 245248 . . [5.1.2600.5625] . . c:\windows\system32\mswsock.dll
[-] 2008-06-20 . 832E4DD8964AB7ACC880B2837CB1ED20 . 245248 . . [5.1.2600.5625] . . c:\windows\system32\dllcache\mswsock.dll
[-] 2008-06-20 . 832E4DD8964AB7ACC880B2837CB1ED20 . 245248 . . [5.1.2600.5625] . . c:\windows\$hf_mig$\KB951748\SP3GDR\mswsock.dll
[-] 2008-06-20 . FCEE5FCB99F7C724593365C706D28388 . 245248 . . [5.1.2600.5625] . . c:\windows\$hf_mig$\KB951748\SP3QFE\mswsock.dll
[-] 2008-06-20 . 097722F235A1FB698BF9234E01B52637 . 245248 . . [5.1.2600.3394] . . c:\windows\$NtServicePackUninstall$\mswsock.dll
[-] 2008-06-20 . 1DFCA7713EA5A70D5D93B436AEA0317A . 245248 . . [5.1.2600.3394] . . c:\windows\$hf_mig$\KB951748\SP2QFE\mswsock.dll
[7] 2008-04-13 . B4138E99236F0F57D4CF49BAE98A0746 . 245248 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\mswsock.dll

[-] 2005-01-28 10:44 . 140EF97B64F560FD78643CAE2CDAD838 . 25088 . . [10.0.3790.3802] . . c:\windows\system32\MsPMSNSv.dll
[-] 2005-01-28 10:44 . 140EF97B64F560FD78643CAE2CDAD838 . 25088 . . [10.0.3790.3802] . . c:\windows\system32\dllcache\mspmsnsv.dll
[-] 2005-01-28 10:44 . 140EF97B64F560FD78643CAE2CDAD838 . 25088 . . [10.0.3790.3802] . . c:\windows\RegisteredPackages\{30C7234B-6482-4A55-A11D-ECD9030313F2}\MsPMSNSv.dll
[7] 2004-08-04 02:00 . C086483E3DBA8C1C0A687EC8D5B3D4C1 . 52224 . . [9.0.1.56] . . c:\windows\RegisteredPackages\{30C7234B-6482-4A55-A11D-ECD9030313F2}$BACKUP$\System\MsPMSNSv.dll
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Mobile Partner"="d:\program files\Mobile Partner\Mobile Partner.exe" [2008-01-29 110592]
"SpybotSD TeaTimer"="d:\program files\Spybot - Search & Destroy\TeaTimer.exe" [2009-03-05 2260480]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CtrlVol"="c:\program files\Launch Manager\CtrlVol.exe" [2003-09-16 20480]
"ePowerManagement"="c:\acer\ePM\ePM.exe" [2005-03-15 2893824]
"COMODO Firewall Pro"="d:\program files\Palomuuri\Comodo\Firewall\cfp.exe" [2010-04-15 1655552]
"avgnt"="d:\program files\Avira\AntiVir Desktop\avgnt.exe" [2010-03-02 282792]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-13 15360]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\windows\system32\guard32.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
2009-09-04 09:08 935288 ----a-r- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
2009-10-03 01:08 35696 ----a-w- d:\program files\Adobe\Reader\reader_sl.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ConnectionCenter]
2009-09-12 20:09 103768 ----a-w- c:\program files\Citrix\ICA Client\concentr.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\epm-dm]
2005-06-01 11:17 192512 ----a-w- c:\acer\ePM\epm-dm.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\eRecoveryService]
2005-06-29 14:26 352256 ----a-w- c:\program files\acer\eRecovery\Monitor.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\F-Secure Manager]
2009-07-09 09:34 199264 ----a-w- c:\program files\F-Secure Internet Security\Common\FSM32.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\F-Secure TNB]
2009-07-09 09:32 2349664 ----a-w- c:\program files\F-Secure Internet Security\FSGUI\tnbutil.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HotKeysCmds]
2005-01-23 07:31 126976 ------w- c:\windows\system32\hkcmd.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IgfxTray]
2005-01-23 07:36 155648 ------w- c:\windows\system32\igfxtray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IMJPMIG8.1]
2004-08-04 02:00 208952 ----a-w- c:\windows\ime\imjp8_1\imjpmig.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LaunchAp]
2005-07-25 10:36 32768 ----a-w- c:\program files\Launch Manager\LaunchAp.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LManager]
2005-06-06 08:52 69632 ----a-w- c:\program files\Launch Manager\HotkeyApp.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LMgrOSD]
2005-07-25 07:45 241664 ----a-w- c:\program files\Launch Manager\OSDCtrl.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\News Service]
2005-05-31 11:45 356352 ----a-w- c:\program files\F-Secure Internet Security\FSGUI\ispnews.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PowerKey]
2002-08-30 12:02 94208 ----a-w- c:\program files\Launch Manager\Powerkey.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SoundMan]
2007-04-16 12:28 577536 ----a-w- c:\windows\soundman.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2009-10-11 01:17 149280 ----a-w- c:\program files\Java\jre6\bin\jusched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SynTPEnh]
2005-02-04 08:11 708698 ----a-w- c:\program files\Synaptics\SynTP\SynTPEnh.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SynTPLpr]
2005-02-04 08:12 102490 ----a-w- c:\program files\Synaptics\SynTP\SynTPLpr.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Wbutton]
2005-07-25 10:34 81920 ----a-w- c:\program files\Launch Manager\WButton.exe

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Messenger\\MSMSGS.EXE"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\DC++\\DCPlusPlus.exe"=
"d:\\Program Files\\Opera\\opera.exe"=
"d:\\Program Files\\BitTorrent\\bittorrent.exe"=

R1 mailKmd;mailKmd; [x]
R3 F-Secure Gatekeeper;F-Secure Gatekeeper;c:\program files\F-Secure Internet Security\Anti-Virus\minifilter\fsgk.sys [2010-03-29 111296]
R3 POWERKEY;POWERKEY;c:\program files\Launch Manager\POWERKEY.sys [2000-12-19 2343]
R4 F-Secure Filter;F-Secure File System Filter;c:\program files\F-Secure Internet Security\Anti-Virus\Win2K\FSfilter.sys [2009-07-09 39776]
R4 F-Secure Recognizer;F-Secure File System Recognizer;c:\program files\F-Secure Internet Security\Anti-Virus\Win2K\FSrec.sys [2009-07-09 25184]
R4 FSORSPClient;F-Secure ORSP Client;c:\program files\F-Secure Internet Security\ORSP Client\fsorsp.exe [2010-03-01 55992]
R4 sptd;sptd;c:\windows\system32\Drivers\sptd.sys [2009-11-29 691696]
S0 fsbts;fsbts;c:\windows\system32\Drivers\fsbts.sys [2009-09-25 33920]
S0 FSFW;F-Secure Firewall Driver;c:\windows\System32\drivers\fsdfw.sys [2009-07-09 80000]
S1 cmdGuard;COMODO Firewall Pro Sandbox Driver;c:\windows\system32\DRIVERS\cmdguard.sys [2010-04-15 87056]
S1 cmdHlp;COMODO Firewall Pro Helper Driver;c:\windows\system32\DRIVERS\cmdhlp.sys [2010-04-15 24208]
S1 ctxusbm;Citrix USB Monitor Driver;c:\windows\system32\DRIVERS\ctxusbm.sys [2009-09-08 65584]
S1 F-Secure HIPS;F-Secure HIPS Driver;c:\program files\F-Secure Internet Security\HIPS\drivers\fshs.sys [2009-07-09 68064]
S2 AntiVirSchedulerService;Avira AntiVir Scheduler;d:\program files\Avira\AntiVir Desktop\sched.exe [2010-02-24 135336]


--- Other Services/Drivers In Memory ---

*Deregistered* - awrcqkog

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
getPlusHelper REG_MULTI_SZ getPlusHelper
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.fi/
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: Vie Microsoft E&xceliin - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
LSP: c:\program files\F-Secure Internet Security\FSPS\program\FSLSP.DLL
Trusted Zone: microsoft.com\www.update
FF - ProfilePath - c:\documents and settings\Admin\Application Data\Mozilla\Firefox\Profiles\k8adl0js.default\
FF - component: c:\program files\F-Secure Internet Security\NRS\litmus-ff@f-secure.com\components\litmus-ff.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\np-mswmp.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npicaN.dll
FF - plugin: d:\program files\Adobe\Reader\browser\nppdf32.dll
FF - plugin: d:\program files\Opera\program\plugins\npdsplay.dll
FF - plugin: d:\program files\Opera\program\plugins\npwmsdrm.dll
FF - plugin: d:\program files\Picasa3\npPicasa3.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

---- FIREFOX POLICIES ----
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbaam7a8h", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled", false);
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-09-18 15:32
Windows 5.1.2600 Service Pack 3 FAT NTAPI

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_USERS\S-1-5-21-3845734143-1002380211-3227636783-1005\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*]
"??"=hex:77,3d,25,f7,65,81,ed,6d,17,1b,13,58,01,7e,b0,9a,38,5a,c5,21,64,f5,71,
be,03,7d,f8,f4,10,20,ed,21,b5,d0,5c,70,e1,e5,65,03,e3,76,0f,d4,a3,31,4a,08,\
"??"=hex:50,7c,a2,1e,10,75,48,ba,d8,91,db,8e,f1,c0,17,b8
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(580)
c:\windows\system32\guard32.dll

- - - - - - - > 'lsass.exe'(636)
c:\windows\system32\guard32.dll
c:\program files\F-Secure Internet Security\FSPS\program\FSLSP.DLL

- - - - - - - > 'explorer.exe'(3100)
c:\windows\system32\WININET.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
.
Completion time: 2010-09-18 15:36:30
ComboFix-quarantined-files.txt 2010-09-18 12:36

Pre-Run: 1 953 071 104 bytes free
Post-Run: 1 938 718 720 bytes free

- - End Of File - - 248D7E552A04B9F2F75ED9C6370C38D1


LOPPU
-
-
-
-
-


GMER 1.0.15.15281 - http://www.gmer.net
Rootkit scan 2010-09-18 15:41:33
Windows 5.1.2600 Service Pack 3
Running: gmer.exe; Driver: C:\DOCUME~1\Admin\LOCALS~1\Temp\awrcqkog.sys


---- System - GMER 1.0.15 ----

SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Firewall Pro Sandbox Driver/COMODO) ZwAdjustPrivilegesToken [0xA7B4DC8C]
SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Firewall Pro Sandbox Driver/COMODO) ZwConnectPort [0xA7B4D3C4]
SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Firewall Pro Sandbox Driver/COMODO) ZwCreateFile [0xA7B4D8A0]
SSDT BA71329E ZwCreateKey
SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Firewall Pro Sandbox Driver/COMODO) ZwCreatePort [0xA7B4D080]
SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Firewall Pro Sandbox Driver/COMODO) ZwCreateSection [0xA7B4F084]
SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Firewall Pro Sandbox Driver/COMODO) ZwCreateSymbolicLinkObject [0xA7B4DE72]
SSDT BA713294 ZwCreateThread
SSDT BA7132A3 ZwDeleteKey
SSDT BA7132AD ZwDeleteValueKey
SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Firewall Pro Sandbox Driver/COMODO) ZwDuplicateObject [0xA7B4CB02]
SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Firewall Pro Sandbox Driver/COMODO) ZwLoadDriver [0xA7B4ED24]
SSDT BA7132B2 ZwLoadKey
SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Firewall Pro Sandbox Driver/COMODO) ZwOpenFile [0xA7B4DAB0]
SSDT BA713280 ZwOpenProcess
SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Firewall Pro Sandbox Driver/COMODO) ZwOpenSection [0xA7B4D744]
SSDT BA713285 ZwOpenThread
SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Firewall Pro Sandbox Driver/COMODO) ZwRenameKey [0xA7B4E7F2]
SSDT BA7132BC ZwReplaceKey
SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Firewall Pro Sandbox Driver/COMODO) ZwRequestWaitReplyPort [0xA7B4D196]
SSDT BA7132B7 ZwRestoreKey
SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Firewall Pro Sandbox Driver/COMODO) ZwSecureConnectPort [0xA7B4EAE6]
SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Firewall Pro Sandbox Driver/COMODO) ZwSetSystemInformation [0xA7B4EEC4]
SSDT BA7132A8 ZwSetValueKey
SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Firewall Pro Sandbox Driver/COMODO) ZwShutdownSystem [0xA7B4D5D2]
SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Firewall Pro Sandbox Driver/COMODO) ZwSystemDebugControl [0xA7B4D638]
SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Firewall Pro Sandbox Driver/COMODO) ZwTerminateProcess [0xA7B4CF4A]
SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Firewall Pro Sandbox Driver/COMODO) ZwTerminateThread [0xA7B4CE18]

Code fsdfw.sys (F-Secure Internet Shield Driver/F-Secure Corporation) IoCreateDevice
Code \??\C:\DOCUME~1\Admin\LOCALS~1\Temp\catchme.sys pIofCallDriver

---- Kernel code sections - GMER 1.0.15 ----

.text ntkrnlpa.exe!ZwCallbackReturn + 26CC 80501F04 4 Bytes JMP CBECA7B4
PAGE ntkrnlpa.exe!IoCreateDevice 8056AB48 5 Bytes JMP B9E02FFA fsdfw.sys (F-Secure Internet Shield Driver/F-Secure Corporation)
PAGENPNP NDIS.SYS!NdisRegisterProtocol B9E1217F 5 Bytes JMP B9E02E0C fsdfw.sys (F-Secure Internet Shield Driver/F-Secure Corporation)
PAGENPNP NDIS.SYS!NdisOpenAdapter B9E12399 5 Bytes JMP B9E03394 fsdfw.sys (F-Secure Internet Shield Driver/F-Secure Corporation)
PAGENPNP NDIS.SYS!NdisCloseAdapter B9E1C642 5 Bytes JMP B9E02F18 fsdfw.sys (F-Secure Internet Shield Driver/F-Secure Corporation)
PAGENPNP NDIS.SYS!NdisDeregisterProtocol B9E1C821 5 Bytes JMP B9E031B0 fsdfw.sys (F-Secure Internet Shield Driver/F-Secure Corporation)
PAGENDSP NDIS.SYS!NdisReturnPackets B9E1F810 5 Bytes JMP B9E03C0C fsdfw.sys (F-Secure Internet Shield Driver/F-Secure Corporation)
PAGENDSP NDIS.SYS!NdisRequest B9E1F97B 5 Bytes JMP B9E035AC fsdfw.sys (F-Secure Internet Shield Driver/F-Secure Corporation)
PAGENDSP NDIS.SYS!NdisSend B9E22986 5 Bytes JMP B9E0458C fsdfw.sys (F-Secure Internet Shield Driver/F-Secure Corporation)
PAGENDSP NDIS.SYS!NdisSendPackets B9E229A3 5 Bytes JMP B9E0465E fsdfw.sys (F-Secure Internet Shield Driver/F-Secure Corporation)
PAGENDSP NDIS.SYS!NdisTransferData B9E229BE 5 Bytes JMP B9E03D0A fsdfw.sys (F-Secure Internet Shield Driver/F-Secure Corporation)
PAGENDCO NDIS.SYS!NdisCoCreateVc B9E29186 5 Bytes JMP B9E02E76 fsdfw.sys (F-Secure Internet Shield Driver/F-Secure Corporation)
PAGENDCO NDIS.SYS!NdisCoDeleteVc B9E2A557 5 Bytes JMP B9E02EE4 fsdfw.sys (F-Secure Internet Shield Driver/F-Secure Corporation)
PAGENDCO NDIS.SYS!NdisCoSendPackets B9E2AAF1 5 Bytes JMP B9E04376 fsdfw.sys (F-Secure Internet Shield Driver/F-Secure Corporation)
? C:\WINDOWS\system32\Drivers\PROCEXP113.SYS The system cannot find the file specified. !
? C:\DOCUME~1\Admin\LOCALS~1\Temp\catchme.sys The system cannot find the file specified. !
? C:\DOCUME~1\Admin\LOCALS~1\Temp\mbr.sys The system cannot find the file specified. !

---- User code sections - GMER 1.0.15 ----

.text C:\WINDOWS\System32\svchost.exe[160] ntdll.dll!NtClose 7C90CFEE 5 Bytes JMP 10005060 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\System32\svchost.exe[160] ntdll.dll!LdrUnloadDll 7C91738B 5 Bytes JMP 10004F90 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\System32\svchost.exe[160] USER32.dll!EndTask 7E45A0A5 5 Bytes JMP 10004C30 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\System32\svchost.exe[160] USER32.dll!mouse_event 7E46673F 5 Bytes JMP 100016D0 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\System32\svchost.exe[160] USER32.dll!keybd_event 7E466783 5 Bytes JMP 10001550 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\System32\svchost.exe[160] GDI32.dll!BitBlt 77F16F79 5 Bytes JMP 10001860 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\System32\svchost.exe[160] GDI32.dll!CreateDCA 77F1B7D2 5 Bytes JMP 10001230 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\System32\svchost.exe[160] GDI32.dll!CreateDCW 77F1BE38 2 Bytes JMP 100013C0 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\System32\svchost.exe[160] GDI32.dll!CreateDCW + 3 77F1BE3B 2 Bytes [0E, 98] {PUSH CS; CWDE }
.text C:\WINDOWS\System32\svchost.exe[160] ole32.dll!CoCreateInstanceEx 77500526 5 Bytes JMP 10004960 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\System32\svchost.exe[160] ole32.dll!CoGetClassObject 775156C5 5 Bytes JMP 10004AD0 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\locator.exe[340] ntdll.dll!NtClose 7C90CFEE 5 Bytes JMP 10005060 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\locator.exe[340] ntdll.dll!LdrUnloadDll 7C91738B 5 Bytes JMP 10004F90 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\locator.exe[340] USER32.dll!EndTask 7E45A0A5 5 Bytes JMP 10004C30 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\locator.exe[340] USER32.dll!mouse_event 7E46673F 5 Bytes JMP 100016D0 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\locator.exe[340] USER32.dll!keybd_event 7E466783 5 Bytes JMP 10001550 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\locator.exe[340] GDI32.dll!BitBlt 77F16F79 5 Bytes JMP 10001860 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\locator.exe[340] GDI32.dll!CreateDCA 77F1B7D2 5 Bytes JMP 10001230 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\locator.exe[340] GDI32.dll!CreateDCW 77F1BE38 2 Bytes JMP 100013C0 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\locator.exe[340] GDI32.dll!CreateDCW + 3 77F1BE3B 2 Bytes [0E, 98] {PUSH CS; CWDE }
.text C:\WINDOWS\system32\locator.exe[340] ole32.dll!CoCreateInstanceEx 77500526 5 Bytes JMP 10004960 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\locator.exe[340] ole32.dll!CoGetClassObject 775156C5 5 Bytes JMP 10004AD0 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\wdfmgr.exe[396] ntdll.dll!NtClose 7C90CFEE 5 Bytes JMP 10005060 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\wdfmgr.exe[396] ntdll.dll!LdrUnloadDll 7C91738B 5 Bytes JMP 10004F90 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\wdfmgr.exe[396] USER32.dll!EndTask 7E45A0A5 5 Bytes JMP 10004C30 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\wdfmgr.exe[396] USER32.dll!mouse_event 7E46673F 5 Bytes JMP 100016D0 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\wdfmgr.exe[396] USER32.dll!keybd_event 7E466783 5 Bytes JMP 10001550 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\wdfmgr.exe[396] GDI32.dll!BitBlt 77F16F79 5 Bytes JMP 10001860 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\wdfmgr.exe[396] GDI32.dll!CreateDCA 77F1B7D2 5 Bytes JMP 10001230 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\wdfmgr.exe[396] GDI32.dll!CreateDCW 77F1BE38 2 Bytes JMP 100013C0 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\wdfmgr.exe[396] GDI32.dll!CreateDCW + 3 77F1BE3B 2 Bytes [0E, 98] {PUSH CS; CWDE }
.text C:\WINDOWS\system32\wdfmgr.exe[396] ole32.dll!CoCreateInstanceEx 77500526 5 Bytes JMP 10004960 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\wdfmgr.exe[396] ole32.dll!CoGetClassObject 775156C5 5 Bytes JMP 10004AD0 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\winlogon.exe[580] ntdll.dll!NtClose 7C90CFEE 5 Bytes JMP 10005060 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\winlogon.exe[580] ntdll.dll!LdrUnloadDll 7C91738B 5 Bytes JMP 10004F90 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\winlogon.exe[580] USER32.dll!EndTask 7E45A0A5 5 Bytes JMP 10004C30 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\winlogon.exe[580] USER32.dll!mouse_event 7E46673F 5 Bytes JMP 100016D0 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\winlogon.exe[580] USER32.dll!keybd_event 7E466783 5 Bytes JMP 10001550 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\winlogon.exe[580] GDI32.dll!BitBlt 77F16F79 5 Bytes JMP 10001860 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\winlogon.exe[580] GDI32.dll!CreateDCA 77F1B7D2 5 Bytes JMP 10001230 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\winlogon.exe[580] GDI32.dll!CreateDCW 77F1BE38 2 Bytes JMP 100013C0 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\winlogon.exe[580] GDI32.dll!CreateDCW + 3 77F1BE3B 2 Bytes [0E, 98] {PUSH CS; CWDE }
.text C:\WINDOWS\system32\winlogon.exe[580] ole32.dll!CoCreateInstanceEx 77500526 5 Bytes JMP 10004960 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\winlogon.exe[580] ole32.dll!CoGetClassObject 775156C5 5 Bytes JMP 10004AD0 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\services.exe[624] ntdll.dll!NtClose 7C90CFEE 5 Bytes JMP 10005060 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\services.exe[624] ntdll.dll!LdrUnloadDll 7C91738B 5 Bytes JMP 10004F90 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\services.exe[624] USER32.dll!EndTask 7E45A0A5 5 Bytes JMP 10004C30 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\services.exe[624] USER32.dll!mouse_event 7E46673F 5 Bytes JMP 100016D0 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\services.exe[624] USER32.dll!keybd_event 7E466783 5 Bytes JMP 10001550 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\services.exe[624] GDI32.dll!BitBlt 77F16F79 5 Bytes JMP 10001860 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\services.exe[624] GDI32.dll!CreateDCA 77F1B7D2 5 Bytes JMP 10001230 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\services.exe[624] GDI32.dll!CreateDCW 77F1BE38 2 Bytes JMP 100013C0 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\services.exe[624] GDI32.dll!CreateDCW + 3 77F1BE3B 2 Bytes [0E, 98] {PUSH CS; CWDE }
.text C:\WINDOWS\system32\services.exe[624] ole32.dll!CoCreateInstanceEx 77500526 5 Bytes JMP 10004960 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\services.exe[624] ole32.dll!CoGetClassObject 775156C5 5 Bytes JMP 10004AD0 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\lsass.exe[636] ntdll.dll!NtClose 7C90CFEE 5 Bytes JMP 10005060 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\lsass.exe[636] ntdll.dll!LdrUnloadDll 7C91738B 5 Bytes JMP 10004F90 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\lsass.exe[636] USER32.dll!EndTask 7E45A0A5 5 Bytes JMP 10004C30 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\lsass.exe[636] USER32.dll!mouse_event 7E46673F 5 Bytes JMP 100016D0 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\lsass.exe[636] USER32.dll!keybd_event 7E466783 5 Bytes JMP 10001550 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\lsass.exe[636] GDI32.dll!BitBlt 77F16F79 5 Bytes JMP 10001860 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\lsass.exe[636] GDI32.dll!CreateDCA 77F1B7D2 5 Bytes JMP 10001230 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\lsass.exe[636] GDI32.dll!CreateDCW 77F1BE38 2 Bytes JMP 100013C0 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\lsass.exe[636] GDI32.dll!CreateDCW + 3 77F1BE3B 2 Bytes [0E, 98] {PUSH CS; CWDE }
.text C:\WINDOWS\system32\lsass.exe[636] ole32.dll!CoCreateInstanceEx 77500526 5 Bytes JMP 10004960 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\lsass.exe[636] ole32.dll!CoGetClassObject 775156C5 5 Bytes JMP 10004AD0 C:\WINDOWS\system32\guard32.dll
.text D:\Program Files\Avira\AntiVir Desktop\avguard.exe[792] ntdll.dll!NtClose 7C90CFEE 5 Bytes JMP 10005060 C:\WINDOWS\system32\guard32.dll
.text D:\Program Files\Avira\AntiVir Desktop\avguard.exe[792] ntdll.dll!LdrUnloadDll 7C91738B 5 Bytes JMP 10004F90 C:\WINDOWS\system32\guard32.dll
.text D:\Program Files\Avira\AntiVir Desktop\avguard.exe[792] USER32.dll!EndTask 7E45A0A5 5 Bytes JMP 10004C30 C:\WINDOWS\system32\guard32.dll
.text D:\Program Files\Avira\AntiVir Desktop\avguard.exe[792] USER32.dll!mouse_event 7E46673F 5 Bytes JMP 100016D0 C:\WINDOWS\system32\guard32.dll
.text D:\Program Files\Avira\AntiVir Desktop\avguard.exe[792] USER32.dll!keybd_event 7E466783 5 Bytes JMP 10001550 C:\WINDOWS\system32\guard32.dll
.text D:\Program Files\Avira\AntiVir Desktop\avguard.exe[792] GDI32.dll!BitBlt 77F16F79 5 Bytes JMP 10001860 C:\WINDOWS\system32\guard32.dll
.text D:\Program Files\Avira\AntiVir Desktop\avguard.exe[792] GDI32.dll!CreateDCA 77F1B7D2 5 Bytes JMP 10001230 C:\WINDOWS\system32\guard32.dll
.text D:\Program Files\Avira\AntiVir Desktop\avguard.exe[792] GDI32.dll!CreateDCW 77F1BE38 2 Bytes JMP 100013C0 C:\WINDOWS\system32\guard32.dll
.text D:\Program Files\Avira\AntiVir Desktop\avguard.exe[792] GDI32.dll!CreateDCW + 3 77F1BE3B 2 Bytes [0E, 98] {PUSH CS; CWDE }
.text D:\Program Files\Avira\AntiVir Desktop\avguard.exe[792] ole32.dll!CoCreateInstanceEx 77500526 5 Bytes JMP 10004960 C:\WINDOWS\system32\guard32.dll
.text D:\Program Files\Avira\AntiVir Desktop\avguard.exe[792] ole32.dll!CoGetClassObject 775156C5 5 Bytes JMP 10004AD0 C:\WINDOWS\system32\guard32.dll
.text D:\Program Files\Avira\AntiVir Desktop\avshadow.exe[848] ntdll.dll!NtClose 7C90CFEE 5 Bytes JMP 10005060 C:\WINDOWS\system32\guard32.dll
.text D:\Program Files\Avira\AntiVir Desktop\avshadow.exe[848] ntdll.dll!LdrUnloadDll 7C91738B 5 Bytes JMP 10004F90 C:\WINDOWS\system32\guard32.dll
.text D:\Program Files\Avira\AntiVir Desktop\avshadow.exe[848] ole32.dll!CoCreateInstanceEx 77500526 5 Bytes JMP 10004960 C:\WINDOWS\system32\guard32.dll
.text D:\Program Files\Avira\AntiVir Desktop\avshadow.exe[848] ole32.dll!CoGetClassObject 775156C5 5 Bytes JMP 10004AD0 C:\WINDOWS\system32\guard32.dll
.text D:\Program Files\Avira\AntiVir Desktop\avshadow.exe[848] GDI32.dll!BitBlt 77F16F79 5 Bytes JMP 10001860 C:\WINDOWS\system32\guard32.dll
.text D:\Program Files\Avira\AntiVir Desktop\avshadow.exe[848] GDI32.dll!CreateDCA 77F1B7D2 5 Bytes JMP 10001230 C:\WINDOWS\system32\guard32.dll
.text D:\Program Files\Avira\AntiVir Desktop\avshadow.exe[848] GDI32.dll!CreateDCW 77F1BE38 2 Bytes JMP 100013C0 C:\WINDOWS\system32\guard32.dll
.text D:\Program Files\Avira\AntiVir Desktop\avshadow.exe[848] GDI32.dll!CreateDCW + 3 77F1BE3B 2 Bytes [0E, 98] {PUSH CS; CWDE }
.text D:\Program Files\Avira\AntiVir Desktop\avshadow.exe[848] USER32.dll!EndTask 7E45A0A5 5 Bytes JMP 10004C30 C:\WINDOWS\system32\guard32.dll
.text D:\Program Files\Avira\AntiVir Desktop\avshadow.exe[848] USER32.dll!mouse_event 7E46673F 5 Bytes JMP 100016D0 C:\WINDOWS\system32\guard32.dll
.text D:\Program Files\Avira\AntiVir Desktop\avshadow.exe[848] USER32.dll!keybd_event 7E466783 5 Bytes JMP 10001550 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\svchost.exe[1012] ntdll.dll!NtClose 7C90CFEE 5 Bytes JMP 10005060 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\svchost.exe[1012] ntdll.dll!LdrUnloadDll 7C91738B 5 Bytes JMP 10004F90 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\svchost.exe[1012] USER32.dll!EndTask 7E45A0A5 5 Bytes JMP 10004C30 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\svchost.exe[1012] USER32.dll!mouse_event 7E46673F 5 Bytes JMP 100016D0 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\svchost.exe[1012] USER32.dll!keybd_event 7E466783 5 Bytes JMP 10001550 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\svchost.exe[1012] GDI32.dll!BitBlt 77F16F79 5 Bytes JMP 10001860 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\svchost.exe[1012] GDI32.dll!CreateDCA 77F1B7D2 5 Bytes JMP 10001230 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\svchost.exe[1012] GDI32.dll!CreateDCW 77F1BE38 2 Bytes JMP 100013C0 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\svchost.exe[1012] GDI32.dll!CreateDCW + 3 77F1BE3B 2 Bytes [0E, 98] {PUSH CS; CWDE }
.text C:\WINDOWS\system32\svchost.exe[1012] ole32.dll!CoCreateInstanceEx 77500526 5 Bytes JMP 10004960 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\svchost.exe[1012] ole32.dll!CoGetClassObject 775156C5 5 Bytes JMP 10004AD0 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\System32\svchost.exe[1048] ntdll.dll!NtClose 7C90CFEE 5 Bytes JMP 10005060 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\System32\svchost.exe[1048] ntdll.dll!LdrUnloadDll 7C91738B 5 Bytes JMP 10004F90 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\System32\svchost.exe[1048] USER32.dll!EndTask 7E45A0A5 5 Bytes JMP 10004C30 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\System32\svchost.exe[1048] USER32.dll!mouse_event 7E46673F 5 Bytes JMP 100016D0 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\System32\svchost.exe[1048] USER32.dll!keybd_event 7E466783 5 Bytes JMP 10001550 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\System32\svchost.exe[1048] GDI32.dll!BitBlt 77F16F79 5 Bytes JMP 10001860 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\System32\svchost.exe[1048] GDI32.dll!CreateDCA 77F1B7D2 5 Bytes JMP 10001230 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\System32\svchost.exe[1048] GDI32.dll!CreateDCW 77F1BE38 2 Bytes JMP 100013C0 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\System32\svchost.exe[1048] GDI32.dll!CreateDCW + 3 77F1BE3B 2 Bytes [0E, 98] {PUSH CS; CWDE }
.text C:\WINDOWS\System32\svchost.exe[1048] ole32.dll!CoCreateInstanceEx 77500526 5 Bytes JMP 10004960 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\System32\svchost.exe[1048] ole32.dll!CoGetClassObject 775156C5 5 Bytes JMP 10004AD0 C:\WINDOWS\system32\guard32.dll
.text C:\Documents and Settings\Admin\Desktop\gmer.exe[1204] ntdll.dll!NtClose 7C90CFEE 5 Bytes JMP 10005060 C:\WINDOWS\system32\guard32.dll
.text C:\Documents and Settings\Admin\Desktop\gmer.exe[1204] ntdll.dll!LdrUnloadDll 7C91738B 5 Bytes JMP 10004F90 C:\WINDOWS\system32\guard32.dll
.text C:\Documents and Settings\Admin\Desktop\gmer.exe[1204] GDI32.dll!BitBlt 77F16F79 5 Bytes JMP 10001860 C:\WINDOWS\system32\guard32.dll
.text C:\Documents and Settings\Admin\Desktop\gmer.exe[1204] GDI32.dll!CreateDCA 77F1B7D2 5 Bytes JMP 10001230 C:\WINDOWS\system32\guard32.dll
.text C:\Documents and Settings\Admin\Desktop\gmer.exe[1204] GDI32.dll!CreateDCW 77F1BE38 2 Bytes JMP 100013C0 C:\WINDOWS\system32\guard32.dll
.text C:\Documents and Settings\Admin\Desktop\gmer.exe[1204] GDI32.dll!CreateDCW + 3 77F1BE3B 2 Bytes [0E, 98] {PUSH CS; CWDE }
.text C:\Documents and Settings\Admin\Desktop\gmer.exe[1204] USER32.dll!EndTask 7E45A0A5 5 Bytes JMP 10004C30 C:\WINDOWS\system32\guard32.dll
.text C:\Documents and Settings\Admin\Desktop\gmer.exe[1204] USER32.dll!mouse_event 7E46673F 5 Bytes JMP 100016D0 C:\WINDOWS\system32\guard32.dll
.text C:\Documents and Settings\Admin\Desktop\gmer.exe[1204] USER32.dll!keybd_event 7E466783 5 Bytes JMP 10001550 C:\WINDOWS\system32\guard32.dll
.text C:\Documents and Settings\Admin\Desktop\gmer.exe[1204] ole32.dll!CoCreateInstanceEx 77500526 5 Bytes JMP 10004960 C:\WINDOWS\system32\guard32.dll
.text C:\Documents and Settings\Admin\Desktop\gmer.exe[1204] ole32.dll!CoGetClassObject 775156C5 5 Bytes JMP 10004AD0 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\svchost.exe[1260] ntdll.dll!NtClose 7C90CFEE 5 Bytes JMP 10005060 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\svchost.exe[1260] ntdll.dll!LdrUnloadDll 7C91738B 5 Bytes JMP 10004F90 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\svchost.exe[1260] USER32.dll!EndTask 7E45A0A5 5 Bytes JMP 10004C30 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\svchost.exe[1260] USER32.dll!mouse_event 7E46673F 5 Bytes JMP 100016D0 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\svchost.exe[1260] USER32.dll!keybd_event 7E466783 5 Bytes JMP 10001550 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\svchost.exe[1260] GDI32.dll!BitBlt 77F16F79 5 Bytes JMP 10001860 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\svchost.exe[1260] GDI32.dll!CreateDCA 77F1B7D2 5 Bytes JMP 10001230 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\svchost.exe[1260] GDI32.dll!CreateDCW 77F1BE38 2 Bytes JMP 100013C0 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\svchost.exe[1260] GDI32.dll!CreateDCW + 3 77F1BE3B 2 Bytes [0E, 98] {PUSH CS; CWDE }
.text C:\WINDOWS\system32\svchost.exe[1260] ole32.dll!CoCreateInstanceEx 77500526 5 Bytes JMP 10004960 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\svchost.exe[1260] ole32.dll!CoGetClassObject 775156C5 5 Bytes JMP 10004AD0 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\svchost.exe[1272] ntdll.dll!NtClose 7C90CFEE 5 Bytes JMP 10005060 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\svchost.exe[1272] ntdll.dll!LdrUnloadDll 7C91738B 5 Bytes JMP 10004F90 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\svchost.exe[1272] USER32.dll!EndTask 7E45A0A5 5 Bytes JMP 10004C30 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\svchost.exe[1272] USER32.dll!mouse_event 7E46673F 5 Bytes JMP 100016D0 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\svchost.exe[1272] USER32.dll!keybd_event 7E466783 5 Bytes JMP 10001550 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\svchost.exe[1272] GDI32.dll!BitBlt 77F16F79 5 Bytes JMP 10001860 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\svchost.exe[1272] GDI32.dll!CreateDCA 77F1B7D2 5 Bytes JMP 10001230 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\svchost.exe[1272] GDI32.dll!CreateDCW 77F1BE38 2 Bytes JMP 100013C0 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\svchost.exe[1272] GDI32.dll!CreateDCW + 3 77F1BE3B 2 Bytes [0E, 98] {PUSH CS; CWDE }
.text C:\WINDOWS\system32\svchost.exe[1272] ole32.dll!CoCreateInstanceEx 77500526 5 Bytes JMP 10004960 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\svchost.exe[1272] ole32.dll!CoGetClassObject 775156C5 5 Bytes JMP 10004AD0 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\spoolsv.exe[1360] ntdll.dll!NtClose 7C90CFEE 5 Bytes JMP 10005060 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\spoolsv.exe[1360] ntdll.dll!LdrUnloadDll 7C91738B 5 Bytes JMP 10004F90 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\spoolsv.exe[1360] GDI32.dll!BitBlt 77F16F79 5 Bytes JMP 10001860 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\spoolsv.exe[1360] GDI32.dll!CreateDCA 77F1B7D2 5 Bytes JMP 10001230 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\spoolsv.exe[1360] GDI32.dll!CreateDCW 77F1BE38 2 Bytes JMP 100013C0 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\spoolsv.exe[1360] GDI32.dll!CreateDCW + 3 77F1BE3B 2 Bytes [0E, 98] {PUSH CS; CWDE }
.text C:\WINDOWS\system32\spoolsv.exe[1360] USER32.dll!EndTask 7E45A0A5 5 Bytes JMP 10004C30 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\spoolsv.exe[1360] USER32.dll!mouse_event 7E46673F 5 Bytes JMP 100016D0 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\spoolsv.exe[1360] USER32.dll!keybd_event 7E466783 5 Bytes JMP 10001550 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\spoolsv.exe[1360] ole32.dll!CoCreateInstanceEx 77500526 5 Bytes JMP 10004960 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\spoolsv.exe[1360] ole32.dll!CoGetClassObject 775156C5 5 Bytes JMP 10004AD0 C:\WINDOWS\system32\guard32.dll
.text D:\Program Files\Avira\AntiVir Desktop\sched.exe[1408] ntdll.dll!NtClose 7C90CFEE 5 Bytes JMP 10005060 C:\WINDOWS\system32\guard32.dll
.text D:\Program Files\Avira\AntiVir Desktop\sched.exe[1408] ntdll.dll!LdrUnloadDll 7C91738B 5 Bytes JMP 10004F90 C:\WINDOWS\system32\guard32.dll
.text D:\Program Files\Avira\AntiVir Desktop\sched.exe[1408] USER32.dll!EndTask 7E45A0A5 5 Bytes JMP 10004C30 C:\WINDOWS\system32\guard32.dll
.text D:\Program Files\Avira\AntiVir Desktop\sched.exe[1408] USER32.dll!mouse_event 7E46673F 5 Bytes JMP 100016D0 C:\WINDOWS\system32\guard32.dll
.text D:\Program Files\Avira\AntiVir Desktop\sched.exe[1408] USER32.dll!keybd_event 7E466783 5 Bytes JMP 10001550 C:\WINDOWS\system32\guard32.dll
.text D:\Program Files\Avira\AntiVir Desktop\sched.exe[1408] GDI32.dll!BitBlt 77F16F79 5 Bytes JMP 10001860 C:\WINDOWS\system32\guard32.dll
.text D:\Program Files\Avira\AntiVir Desktop\sched.exe[1408] GDI32.dll!CreateDCA 77F1B7D2 5 Bytes JMP 10001230 C:\WINDOWS\system32\guard32.dll
.text D:\Program Files\Avira\AntiVir Desktop\sched.exe[1408] GDI32.dll!CreateDCW 77F1BE38 2 Bytes JMP 100013C0 C:\WINDOWS\system32\guard32.dll
.text D:\Program Files\Avira\AntiVir Desktop\sched.exe[1408] GDI32.dll!CreateDCW + 3 77F1BE3B 2 Bytes [0E, 98] {PUSH CS; CWDE }
.text D:\Program Files\Avira\AntiVir Desktop\sched.exe[1408] ole32.dll!CoCreateInstanceEx 77500526 5 Bytes JMP 10004960 C:\WINDOWS\system32\guard32.dll
.text D:\Program Files\Avira\AntiVir Desktop\sched.exe[1408] ole32.dll!CoGetClassObject 775156C5 5 Bytes JMP 10004AD0 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\svchost.exe[1528] ntdll.dll!NtClose 7C90CFEE 5 Bytes JMP 10005060 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\svchost.exe[1528] ntdll.dll!LdrUnloadDll 7C91738B 5 Bytes JMP 10004F90 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\svchost.exe[1528] USER32.dll!EndTask 7E45A0A5 5 Bytes JMP 10004C30 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\svchost.exe[1528] USER32.dll!mouse_event 7E46673F 5 Bytes JMP 100016D0 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\svchost.exe[1528] USER32.dll!keybd_event 7E466783 5 Bytes JMP 10001550 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\svchost.exe[1528] GDI32.dll!BitBlt 77F16F79 5 Bytes JMP 10001860 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\svchost.exe[1528] GDI32.dll!CreateDCA 77F1B7D2 5 Bytes JMP 10001230 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\svchost.exe[1528] GDI32.dll!CreateDCW 77F1BE38 2 Bytes JMP 100013C0 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\svchost.exe[1528] GDI32.dll!CreateDCW + 3 77F1BE3B 2 Bytes [0E, 98] {PUSH CS; CWDE }
.text C:\WINDOWS\system32\svchost.exe[1528] ole32.dll!CoCreateInstanceEx 77500526 5 Bytes JMP 10004960 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\svchost.exe[1528] ole32.dll!CoGetClassObject 775156C5 5 Bytes JMP 10004AD0 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe[1668] ntdll.dll!NtClose 7C90CFEE 5 Bytes JMP 00675060 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe[1668] ntdll.dll!LdrUnloadDll 7C91738B 5 Bytes JMP 00674F90 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe[1668] ole32.dll!CoCreateInstanceEx 77500526 5 Bytes JMP 00674960 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe[1668] ole32.dll!CoGetClassObject 775156C5 5 Bytes JMP 00674AD0 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe[1668] GDI32.dll!BitBlt 77F16F79 5 Bytes JMP 00671860 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe[1668] GDI32.dll!CreateDCA 77F1B7D2 5 Bytes JMP 00671230 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe[1668] GDI32.dll!CreateDCW 77F1BE38 2 Bytes JMP 006713C0 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe[1668] GDI32.dll!CreateDCW + 3 77F1BE3B 2 Bytes [75, 88] {JNZ 0xffffffffffffff8a}
.text C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe[1668] USER32.dll!EndTask 7E45A0A5 5 Bytes JMP 00674C30 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe[1668] USER32.dll!mouse_event 7E46673F 5 Bytes JMP 006716D0 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe[1668] USER32.dll!keybd_event 7E466783 5 Bytes JMP 00671550 C:\WINDOWS\system32\guard32.dll
.text D:\Program Files\Palomuuri\Comodo\Firewall\cmdagent.exe[1728] ntdll.dll!NtClose 7C90CFEE 5 Bytes JMP 10005060 C:\WINDOWS\system32\guard32.dll
.text D:\Program Files\Palomuuri\Comodo\Firewall\cmdagent.exe[1728] ntdll.dll!LdrUnloadDll 7C91738B 5 Bytes JMP 10004F90 C:\WINDOWS\system32\guard32.dll
.text D:\Program Files\Palomuuri\Comodo\Firewall\cmdagent.exe[1728] USER32.dll!EndTask 7E45A0A5 5 Bytes JMP 10004C30 C:\WINDOWS\system32\guard32.dll
.text D:\Program Files\Palomuuri\Comodo\Firewall\cmdagent.exe[1728] USER32.dll!mouse_event 7E46673F 5 Bytes JMP 100016D0 C:\WINDOWS\system32\guard32.dll
.text D:\Program Files\Palomuuri\Comodo\Firewall\cmdagent.exe[1728] USER32.dll!keybd_event 7E466783 5 Bytes JMP 10001550 C:\WINDOWS\system32\guard32.dll
.text D:\Program Files\Palomuuri\Comodo\Firewall\cmdagent.exe[1728] GDI32.dll!BitBlt 77F16F79 5 Bytes JMP 10001860 C:\WINDOWS\system32\guard32.dll
.text D:\Program Files\Palomuuri\Comodo\Firewall\cmdagent.exe[1728] GDI32.dll!CreateDCA 77F1B7D2 5 Bytes JMP 10001230 C:\WINDOWS\system32\guard32.dll
.text D:\Program Files\Palomuuri\Comodo\Firewall\cmdagent.exe[1728] GDI32.dll!CreateDCW 77F1BE38 2 Bytes JMP 100013C0 C:\WINDOWS\system32\guard32.dll
.text D:\Program Files\Palomuuri\Comodo\Firewall\cmdagent.exe[1728] GDI32.dll!CreateDCW + 3 77F1BE3B 2 Bytes [0E, 98] {PUSH CS; CWDE }
.text D:\Program Files\Palomuuri\Comodo\Firewall\cmdagent.exe[1728] ole32.dll!CoCreateInstanceEx 77500526 5 Bytes JMP 10004960 C:\WINDOWS\system32\guard32.dll
.text D:\Program Files\Palomuuri\Comodo\Firewall\cmdagent.exe[1728] ole32.dll!CoGetClassObject 775156C5 5 Bytes JMP 10004AD0 C:\WINDOWS\system32\guard32.dll
.text D:\Program Files\Avira\AntiVir Desktop\avgnt.exe[1968] ntdll.dll!NtClose 7C90CFEE 5 Bytes JMP 10005060 C:\WINDOWS\system32\guard32.dll
.text D:\Program Files\Avira\AntiVir Desktop\avgnt.exe[1968] ntdll.dll!LdrUnloadDll 7C91738B 5 Bytes JMP 10004F90 C:\WINDOWS\system32\guard32.dll
.text D:\Program Files\Avira\AntiVir Desktop\avgnt.exe[1968] USER32.dll!EndTask 7E45A0A5 5 Bytes JMP 10004C30 C:\WINDOWS\system32\guard32.dll
.text D:\Program Files\Avira\AntiVir Desktop\avgnt.exe[1968] USER32.dll!mouse_event 7E46673F 5 Bytes JMP 100016D0 C:\WINDOWS\system32\guard32.dll
.text D:\Program Files\Avira\AntiVir Desktop\avgnt.exe[1968] USER32.dll!keybd_event 7E466783 5 Bytes JMP 10001550 C:\WINDOWS\system32\guard32.dll
.text D:\Program Files\Avira\AntiVir Desktop\avgnt.exe[1968] GDI32.dll!BitBlt 77F16F79 5 Bytes JMP 10001860 C:\WINDOWS\system32\guard32.dll
.text D:\Program Files\Avira\AntiVir Desktop\avgnt.exe[1968] GDI32.dll!CreateDCA 77F1B7D2 5 Bytes JMP 10001230 C:\WINDOWS\system32\guard32.dll
.text D:\Program Files\Avira\AntiVir Desktop\avgnt.exe[1968] GDI32.dll!CreateDCW 77F1BE38 2 Bytes JMP 100013C0 C:\WINDOWS\system32\guard32.dll
.text D:\Program Files\Avira\AntiVir Desktop\avgnt.exe[1968] GDI32.dll!CreateDCW + 3 77F1BE3B 2 Bytes [0E, 98] {PUSH CS; CWDE }
.text D:\Program Files\Avira\AntiVir Desktop\avgnt.exe[1968] ole32.dll!CoCreateInstanceEx 77500526 5 Bytes JMP 10004960 C:\WINDOWS\system32\guard32.dll
.text D:\Program Files\Avira\AntiVir Desktop\avgnt.exe[1968] ole32.dll!CoGetClassObject 775156C5 5 Bytes JMP 10004AD0 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\System32\svchost.exe[2092] ntdll.dll!NtClose 7C90CFEE 5 Bytes JMP 10005060 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\System32\svchost.exe[2092] ntdll.dll!LdrUnloadDll 7C91738B 5 Bytes JMP 10004F90 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\System32\svchost.exe[2092] USER32.dll!EndTask 7E45A0A5 5 Bytes JMP 10004C30 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\System32\svchost.exe[2092] USER32.dll!mouse_event 7E46673F 5 Bytes JMP 100016D0 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\System32\svchost.exe[2092] USER32.dll!keybd_event 7E466783 5 Bytes JMP 10001550 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\System32\svchost.exe[2092] GDI32.dll!BitBlt 77F16F79 5 Bytes JMP 10001860 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\System32\svchost.exe[2092] GDI32.dll!CreateDCA 77F1B7D2 5 Bytes JMP 10001230 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\System32\svchost.exe[2092] GDI32.dll!CreateDCW 77F1BE38 2 Bytes JMP 100013C0 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\System32\svchost.exe[2092] GDI32.dll!CreateDCW + 3 77F1BE3B 2 Bytes [0E, 98] {PUSH CS; CWDE }
.text C:\WINDOWS\System32\svchost.exe[2092] ole32.dll!CoCreateInstanceEx 77500526 5 Bytes JMP 10004960 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\System32\svchost.exe[2092] ole32.dll!CoGetClassObject 775156C5 5 Bytes JMP 10004AD0 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\dllhost.exe[2204] ntdll.dll!NtClose 7C90CFEE 5 Bytes JMP 10005060 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\dllhost.exe[2204] ntdll.dll!LdrUnloadDll 7C91738B 5 Bytes JMP 10004F90 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\dllhost.exe[2204] ole32.dll!CoCreateInstanceEx 77500526 5 Bytes JMP 10004960 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\dllhost.exe[2204] ole32.dll!CoGetClassObject 775156C5 5 Bytes JMP 10004AD0 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\dllhost.exe[2204] GDI32.dll!BitBlt 77F16F79 5 Bytes JMP 10001860 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\dllhost.exe[2204] GDI32.dll!CreateDCA 77F1B7D2 5 Bytes JMP 10001230 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\dllhost.exe[2204] GDI32.dll!CreateDCW 77F1BE38 2 Bytes JMP 100013C0 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\dllhost.exe[2204] GDI32.dll!CreateDCW + 3 77F1BE3B 2 Bytes [0E, 98] {PUSH CS; CWDE }
.text C:\WINDOWS\system32\dllhost.exe[2204] USER32.dll!EndTask 7E45A0A5 5 Bytes JMP 10004C30 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\dllhost.exe[2204] USER32.dll!mouse_event 7E46673F 5 Bytes JMP 100016D0 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\dllhost.exe[2204] USER32.dll!keybd_event 7E466783 5 Bytes JMP 10001550 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\System32\alg.exe[2340] ntdll.dll!NtClose 7C90CFEE 5 Bytes JMP 10005060 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\System32\alg.exe[2340] ntdll.dll!LdrUnloadDll 7C91738B 5 Bytes JMP 10004F90 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\System32\alg.exe[2340] USER32.dll!EndTask 7E45A0A5 5 Bytes JMP 10004C30 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\System32\alg.exe[2340] USER32.dll!mouse_event 7E46673F 5 Bytes JMP 100016D0 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\System32\alg.exe[2340] USER32.dll!keybd_event 7E466783 5 Bytes JMP 10001550 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\System32\alg.exe[2340] GDI32.dll!BitBlt 77F16F79 5 Bytes JMP 10001860 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\System32\alg.exe[2340] GDI32.dll!CreateDCA 77F1B7D2 5 Bytes JMP 10001230 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\System32\alg.exe[2340] GDI32.dll!CreateDCW 77F1BE38 2 Bytes JMP 100013C0 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\System32\alg.exe[2340] GDI32.dll!CreateDCW + 3 77F1BE3B 2 Bytes [0E, 98] {PUSH CS; CWDE }
.text C:\WINDOWS\System32\alg.exe[2340] ole32.dll!CoCreateInstanceEx 77500526 5 Bytes JMP 10004960 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\System32\alg.exe[2340] ole32.dll!CoGetClassObject 775156C5 5 Bytes JMP 10004AD0 C:\WINDOWS\system32\guard32.dll

---- Kernel IAT/EAT - GMER 1.0.15 ----

IAT \SystemRoot\system32\DRIVERS\ndiswan.sys[NDIS.SYS!NdisCloseAdapter] [B9E38710] inspect.sys (COMODO Firewall Pro Firewall Driver/COMODO)
IAT \SystemRoot\system32\DRIVERS\ndiswan.sys[NDIS.SYS!NdisOpenAdapter] [B9E38770] inspect.sys (COMODO Firewall Pro Firewall Driver/COMODO)
IAT \SystemRoot\system32\DRIVERS\ndiswan.sys[NDIS.SYS!NdisDeregisterProtocol] [B9E38990] inspect.sys (COMODO Firewall Pro Firewall Driver/COMODO)
IAT \SystemRoot\system32\DRIVERS\ndiswan.sys[NDIS.SYS!NdisRegisterProtocol] [B9E38950] inspect.sys (COMODO Firewall Pro Firewall Driver/COMODO)
IAT \SystemRoot\system32\DRIVERS\raspppoe.sys[NDIS.SYS!NdisRegisterProtocol] [B9E38950] inspect.sys (COMODO Firewall Pro Firewall Driver/COMODO)
IAT \SystemRoot\system32\DRIVERS\raspppoe.sys[NDIS.SYS!NdisOpenAdapter] [B9E38770] inspect.sys (COMODO Firewall Pro Firewall Driver/COMODO)
IAT \SystemRoot\system32\DRIVERS\raspppoe.sys[NDIS.SYS!NdisCloseAdapter] [B9E38710] inspect.sys (COMODO Firewall Pro Firewall Driver/COMODO)
IAT \SystemRoot\system32\DRIVERS\raspppoe.sys[NDIS.SYS!NdisDeregisterProtocol] [B9E38990] inspect.sys (COMODO Firewall Pro Firewall Driver/COMODO)
IAT \SystemRoot\system32\DRIVERS\psched.sys[NDIS.SYS!NdisDeregisterProtocol] [B9E38990] inspect.sys (COMODO Firewall Pro Firewall Driver/COMODO)
IAT \SystemRoot\system32\DRIVERS\psched.sys[NDIS.SYS!NdisRegisterProtocol] [B9E38950] inspect.sys (COMODO Firewall Pro Firewall Driver/COMODO)
IAT \SystemRoot\system32\DRIVERS\psched.sys[NDIS.SYS!NdisOpenAdapter] [B9E38770] inspect.sys (COMODO Firewall Pro Firewall Driver/COMODO)
IAT \SystemRoot\system32\DRIVERS\psched.sys[NDIS.SYS!NdisCloseAdapter] [B9E38710] inspect.sys (COMODO Firewall Pro Firewall Driver/COMODO)
IAT \SystemRoot\System32\Drivers\NDProxy.SYS[NDIS.SYS!NdisRegisterProtocol] [B9E38950] inspect.sys (COMODO Firewall Pro Firewall Driver/COMODO)
IAT \SystemRoot\System32\Drivers\NDProxy.SYS[NDIS.SYS!NdisDeregisterProtocol] [B9E38990] inspect.sys (COMODO Firewall Pro Firewall Driver/COMODO)
IAT \SystemRoot\System32\Drivers\NDProxy.SYS[NDIS.SYS!NdisCloseAdapter] [B9E38710] inspect.sys (COMODO Firewall Pro Firewall Driver/COMODO)
IAT \SystemRoot\System32\Drivers\NDProxy.SYS[NDIS.SYS!NdisOpenAdapter] [B9E38770] inspect.sys (COMODO Firewall Pro Firewall Driver/COMODO)
IAT \SystemRoot\system32\DRIVERS\tcpip.sys[NDIS.SYS!NdisCloseAdapter] [B9E38710] inspect.sys (COMODO Firewall Pro Firewall Driver/COMODO)
IAT \SystemRoot\system32\DRIVERS\tcpip.sys[NDIS.SYS!NdisOpenAdapter] [B9E38770] inspect.sys (COMODO Firewall Pro Firewall Driver/COMODO)
IAT \SystemRoot\system32\DRIVERS\tcpip.sys[NDIS.SYS!NdisRegisterProtocol] [B9E38950] inspect.sys (COMODO Firewall Pro Firewall Driver/COMODO)
IAT \SystemRoot\system32\DRIVERS\wanarp.sys[NDIS.SYS!NdisDeregisterProtocol] [B9E38990] inspect.sys (COMODO Firewall Pro Firewall Driver/COMODO)
IAT \SystemRoot\system32\DRIVERS\wanarp.sys[NDIS.SYS!NdisRegisterProtocol] [B9E38950] inspect.sys (COMODO Firewall Pro Firewall Driver/COMODO)
IAT \SystemRoot\system32\DRIVERS\wanarp.sys[NDIS.SYS!NdisOpenAdapter] [B9E38770] inspect.sys (COMODO Firewall Pro Firewall Driver/COMODO)
IAT \SystemRoot\system32\DRIVERS\wanarp.sys[NDIS.SYS!NdisCloseAdapter] [B9E38710] inspect.sys (COMODO Firewall Pro Firewall Driver/COMODO)

---- Devices - GMER 1.0.15 ----

Device \Driver\Tcpip \Device\Ip fsdfw.sys (F-Secure Internet Shield Driver/F-Secure Corporation)

AttachedDevice \Driver\Tcpip \Device\Ip cmdhlp.sys (COMODO Firewall Pro Helper Driver/COMODO)
AttachedDevice \Driver\Kbdclass \Device\KeyboardClass0 SynTP.sys (Synaptics Touchpad Driver/Synaptics, Inc.)
AttachedDevice \Driver\Kbdclass \Device\KeyboardClass1 SynTP.sys (Synaptics Touchpad Driver/Synaptics, Inc.)

Device \Driver\Tcpip \Device\Tcp fsdfw.sys (F-Secure Internet Shield Driver/F-Secure Corporation)

AttachedDevice \Driver\Tcpip \Device\Tcp cmdhlp.sys (COMODO Firewall Pro Helper Driver/COMODO)

Device \Driver\Tcpip \Device\Udp fsdfw.sys (F-Secure Internet Shield Driver/F-Secure Corporation)

AttachedDevice \Driver\Tcpip \Device\Udp cmdhlp.sys (COMODO Firewall Pro Helper Driver/COMODO)

Device \Driver\Tcpip \Device\RawIp fsdfw.sys (F-Secure Internet Shield Driver/F-Secure Corporation)

AttachedDevice \Driver\Tcpip \Device\RawIp cmdhlp.sys (COMODO Firewall Pro Helper Driver/COMODO)

Device \Driver\Tcpip \Device\IPMULTICAST fsdfw.sys (F-Secure Internet Shield Driver/F-Secure Corporation)

AttachedDevice \FileSystem\Fastfat \Fat fltmgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)

---- Registry - GMER 1.0.15 ----

Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@u0 0xD4 0xC3 0x97 0x02 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0 0
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12 0x4C 0xC1 0x00 0x92 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@p0 D:\Program Files\DAEMON Tools Lite\
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@hdf12 0x41 0xA3 0xFC 0x3E ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0@hdf12 0x4D 0x3A 0xAB 0x5D ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq1
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq1@hdf12 0x96 0x47 0xC5 0x35 ...
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@u0 0xD4 0xC3 0x97 0x02 ...
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0 0
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12 0x4C 0xC1 0x00 0x92 ...
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@p0 D:\Program Files\DAEMON Tools Lite\
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@hdf12 0x41 0xA3 0xFC 0x3E ...
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0@hdf12 0x4D 0x3A 0xAB 0x5D ...
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq1 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq1@hdf12 0x96 0x47 0xC5 0x35 ...

---- EOF - GMER 1.0.15 ----

 

.
Kauanko sinulla riittää metsästys intoa ???

Eka rivi kertoo, että raahaus onnistui =>

Command switches used :: c:\documents and settings\Admin\Desktop\Logiohjelmat\CFScript.txt
AV: AntiVir Desktop *On-access scanning disabled* (Updated) {AD166499-45F9-482A-A743-FDD3350758C7}
AV: avast! Antivirus *On-access scanning enabled* (Outdated) {7591DB91-41F0-48A3-B128-1A293FD8233D}
AV: F-Secure Internet Security 2010 10.00 *On-access scanning disabled* (Updated) {E7512ED5-4245-4B4D-AF3A-382D3F313F15}
FW: COMODO Firewall Pro *enabled* {043803A3-4F86-4ef6-AFC5-F6E02A79969B}
FW: F-Secure Internet Security 2010 10.00 *enabled* {D4747503-0346-49EB-9262-997542F79BF4}
* Created a new restore point

Niinkuin tuosta näkyy nyt samalla tuo sun virus ohjelmat
pitää saattaa kuntoon periaatteella yksi virustuka ja yksi palo muuri.

Pidätkö F-Securen vai luovutko siitä ???
AntiVir on jo koneella OK ja on ihan hyvä.
Comodon voi vaihtaa ilmaiseen niin sekin päivittyy.

Ilmoittele vastauksesi, niin saat siihen vaikka ohjeita.

***************************************************************

jos ei ole ennestään:

* Lataa OTM by OldTimer.
* Tallenna se työpöydällesi.
* Tuplaklikkaa OTM.exe käynnistääksesi sen.
* Kopioi (CTRL+C) alla olevasta laatikosta kaikki teksti.

Koodi:

:Processes
explorer.exe
:files 
C:\DOCUME~1\Admin\LOCALS~1\Temp\awrcqkog.sys
:Commands
[purity]
[emptytemp]
[emptyflash]
[start explorer]
[Reboot]

* Palaa takaisin OtmoveIt3, paina oikeanpuoleista hiiren nappia Paste Instructions for Items to be Move-ikkunassa (Keltaisen palkin alla) ja paina Liitä.
* Paina punaista MoveIt! -nappia.
* Kopioi (CTRL+C) ja liitä (CTRL+V) Results-ikkunaan (Vihreän palkin alla) tullut teksti seuraavaan viestiisi.
* Sulje OTM.

Jos jotain tiedostoa/kansiota ei voitu siirtää heti, ohjelma ehdottaa koneen uudelleenkäynnistystä. Vastaa ehdotukseen Yes, jolloin OtMoveIt käynnistää koneesi uudelleen.

*********************************************************
jos ei ole ennestään:

Lataa SystemLook by. jpshortstuff TÄÄLTÄ. ja tallenna se työpöydälle.

Tupla-klikkaa SystemLook.exe ajaaksesi sen.

Kopioi(CTRL+C) alla olevasta laatikosta kaikki teksti, tekstialueeseen.

Koodi:

:regfind
awrcqkog.sys
awrcqkog

:filefind 
awrcqkog.sys
awrcqkog.*

Klikkaa nappulaa Look aloittaaksesi skannauksen.

Kun skannaus on valmis avautuu muistio joka sisältää lokitiedot
Klikkaa lokia hiiren oikealla painikkeella ja valitse "Valitse kaikki"
Kopio ja liitä se seuraavaan viestiisi.
(Loki löytyy myös työpöydältäsi nimellä SystemLook.txt)

*******************************************************************

Lähetä =>

OTMoveIt logi.
SystemLook.txt
Uusi HJT logi

 

Mulla on Avira, Comodo, SpyBot (Immunized) ja SpywareBlaster päällä (ja hosts päivitetty). Avast on uninstalloitu aikoja sitten, miten saisin rekisterimerkinnät pois? CCleaner ei auta.

F-Secure on disabloitu, mutta ilmeisesti käynyt sama kuin äsken Comodolla, että palomuuri jäänyt päälle ennen sulkemista, eli täytyy avata se ja sallia kaikki liikenne.

Haluaisin pitää nämä mitä nyt päällä + F-Secure disabloituna, varmuuden vuoksi, mutta jos sinulla on parempi ja ilmainen palomuuri tiedossa niin kerro ihmeessä. Nyt on tosin Defence+ päällä mikä varmaan auttaa jotain, mutta onko Comodo vanhentunut kun ei päivity enää?

Zonealarmista hyviä kokemuksia, mutta se taas ei anna asenna itseään, kun F-Secure on asennettuna. Saisiko sitä kierrettyä mitenkään? Tai jos se muurin avaus auttaa siihen..

Metsästysintoa riittää! Hienoa kun sinullakin Tässähän oppii kaikkea uutta, ja voi auttaa kavereita myös. Onko Combofix sellainen, mikä voi aiheuttaa vauriota? Muut ohjelmat turvallisia?

All processes killed
========== PROCESSES ==========
No active process named explorer.exe was found!
========== FILES ==========
File/Folder C:\DOCUME~1\Admin\LOCALS~1\Temp\awrcqkog.sys not found.
========== COMMANDS ==========

[EMPTYTEMP]

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: All Users

User: NetworkService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 67 bytes

User: LocalService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 32835 bytes
->Opera cache emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: Admin
->Temp folder emptied: 81920 bytes
->Temporary Internet Files folder emptied: 918365 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 36747756 bytes
->Opera cache emptied: 240 bytes
->Flash cache emptied: 3715 bytes

User: Administrator
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\dllcache .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 0 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 0 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 0 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 36,00 mb


OTM by OldTimer - Version 3.1.16.1 log created on 09182010_173945

Files moved on Reboot...
C:\Documents and Settings\Admin\Local Settings\Temp\~DFFCB5.tmp moved successfully.

Registry entries deleted on Reboot...

LOPPU
-
-
-
-
-

SystemLook 04.09.10 by jpshortstuff
Log created at 18:03 on 18/09/2010 by Admin
Administrator - Elevation successful

========== regfind ==========

Searching for "awrcqkog.sys"
No data found.

Searching for "awrcqkog"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_AWRCQKOG]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_AWRCQKOG\0000]
"Service"="awrcqkog"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_AWRCQKOG\0000]
"DeviceDesc"="awrcqkog"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Enum\Root\LEGACY_AWRCQKOG]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Enum\Root\LEGACY_AWRCQKOG\0000]
"Service"="awrcqkog"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Enum\Root\LEGACY_AWRCQKOG\0000]
"DeviceDesc"="awrcqkog"
[HKEY_LOCAL_MACHINE\SYSTEM\Software\Comodo\Firewall Pro\Configurations\0\HIPS\Policy\0\Rules\1\Allowed\1]
"Filename"="HKLM\SYSTEM\ControlSet001\Services\awrcqkog"
[HKEY_LOCAL_MACHINE\SYSTEM\Software\Comodo\Firewall Pro\Configurations\0\HIPS\Policy\0\Rules\1\Allowed\1]
"DeviceName"="HKLM\SYSTEM\ControlSet001\Services\awrcqkog"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_AWRCQKOG]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_AWRCQKOG\0000]
"Service"="awrcqkog"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_AWRCQKOG\0000]
"DeviceDesc"="awrcqkog"

========== filefind ==========

Searching for "awrcqkog.sys"
No files found.

Searching for "awrcqkog.*"
No files found.

-= EOF =-

LOPPU
-
-
-
-
-

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 18:08:18, on 18.9.2010
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
D:\Program Files\Avira\AntiVir Desktop\avguard.exe
D:\Program Files\Avira\AntiVir Desktop\avshadow.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
D:\Program Files\Avira\AntiVir Desktop\sched.exe
D:\Program Files\Palomuuri\Comodo\Firewall\cmdagent.exe
C:\WINDOWS\System32\svchost.exe
D:\Program Files\Palomuuri\Comodo\Firewall\cfp.exe
D:\Program Files\Avira\AntiVir Desktop\avgnt.exe
D:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\dllhost.exe
D:\Program Files\Mobile Partner\Mobile Partner.exe
D:\Program Files\Opera\opera.exe
D:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.fi/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - D:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: LitmusBHO - {C6867EB7-8350-4856-877F-93CF8AE3DC9C} - C:\Program Files\F-Secure Internet Security\NRS\iescript\baselitmus.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O3 - Toolbar: Browsing Protection Toolbar - {265EEE8E-3228-44D3-AEA5-F7FDF5860049} - C:\Program Files\F-Secure Internet Security\NRS\iescript\baselitmus.dll
O4 - HKLM\..\Run: [CtrlVol] "C:\Program Files\Launch Manager\CtrlVol.exe"
O4 - HKLM\..\Run: [ePowerManagement] C:\Acer\ePM\ePM.exe boot
O4 - HKLM\..\Run: [COMODO Firewall Pro] "D:\Program Files\Palomuuri\Comodo\Firewall\cfp.exe" -h
O4 - HKLM\..\Run: [avgnt] "D:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min
O4 - HKLM\..\Run: [SpybotSnD] "D:\Program Files\Spybot - Search & Destroy\SpybotSD.exe"
O4 - HKCU\..\Run: [Mobile Partner] "D:\Program Files\Mobile Partner\Mobile Partner.exe"
O4 - HKCU\..\Run: [SpybotSD TeaTimer] D:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKUS\S-1-5-21-3845734143-1002380211-3227636783-1005\..\Run: [Mobile Partner] "D:\Program Files\Mobile Partner\Mobile Partner.exe" (User '?')
O4 - HKUS\S-1-5-21-3845734143-1002380211-3227636783-1005\..\Run: [SpybotSD TeaTimer] D:\Program Files\Spybot - Search & Destroy\TeaTimer.exe (User '?')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User '?')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\WINDOWS\system32\GPhotos.scr/200
O8 - Extra context menu item: Vie Microsoft E&xceliin - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Oheistiedot - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - D:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - D:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=http://www.soneraplaza.fi
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/mic...ls/en/x86/client/muweb_site.cab?1257426773234
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - http://fpdownload2.macromedia.com/get/flashplayer/current/swflash.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{117DD082-98E2-4B81-806F-972E32D209DC}: NameServer = 62.241.198.246 62.241.198.245
O17 - HKLM\System\CS1\Services\Tcpip\..\{117DD082-98E2-4B81-806F-972E32D209DC}: NameServer = 62.241.198.246 62.241.198.245
O20 - AppInit_DLLs: C:\WINDOWS\system32\guard32.dll
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: Notebook Manager Service (anbmService) - OSA Technologies Inc. - C:\Acer\eManager\anbmServ.exe
O23 - Service: Avira AntiVir Scheduler (AntiVirSchedulerService) - Avira GmbH - D:\Program Files\Avira\AntiVir Desktop\sched.exe
O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - D:\Program Files\Avira\AntiVir Desktop\avguard.exe
O23 - Service: Canon Camera Access Library 8 (CCALib8) - Canon Inc. - C:\Program Files\Canon\CAL\CALMAIN.exe
O23 - Service: COMODO Firewall Pro Helper Service (cmdAgent) - Unknown owner - D:\Program Files\Palomuuri\Comodo\Firewall\cmdagent.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe

--
End of file - 6249 bytes

 

.
SRI kun ei jaksais selittää ja kinata jokaiselle samaa asiaa.
- Tietokone vuotaa viruksia niinkuin sun koneesi on tehnyt
Silloinkun Virusohjelmat on sekaisin ja siksi haluaisin
laittaa ne kuntoon nyt ettei tarviis jatkuvasti viruksia siivota.

Mitä enemmän virusohjelmia käynnissä sitä huonompi suoja

Siellä on nyt AntiViirin lisäksi käynnissä =>

O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - D:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: LitmusBHO - {C6867EB7-8350-4856-877F-93CF8AE3DC9C} - C:\Program Files\F-Secure Internet Security\NRS\iescript\baselitmus.dll
O3 - Toolbar: Browsing Protection Toolbar - {265EEE8E-3228-44D3-AEA5-F7FDF5860049} - C:\Program Files\F-Secure Internet Security\NRS\iescript\baselitmus.dll

Antivir tekee kaiken tuon, mutta sulla on kolminkertainen ohjelmisto niitä hoitamassa.

Muista käyttää vain yhtä palomuuria kerrallaan.

On vahvasti suositeltua että käytät vain yhtä anti-virusta kerrallaan. Pitämällä enempää kuin yhtä anti-virus softaa
aktiivisena muistissa käyttää liikaa koneen resursseja ja voi johtaa vääriin hälytyksiin sekä ohjelmien välisiin konflikteihin.
Jos välttämättä haluat asentaa useamman kuin yhden anti-virus ohjelman koneellesi, vain yhden niistä pitää olla aktiivisena
suojaamassa.

------------------------------------------------------

Nuo rekisterissä olevat viimeiset RootKitin jämät ovat
LECASY avaimissa ja eivätkä lähde CCleanerilla.
Niihin tarvitaan erikois työkalut.

 

Poistin SpyBotin ja F-Securen, otin rekisteröintikoodin talteen, saa varmaan uusiksi laitettua jos tarvii? Ei onnistunu ilman tota sun uninstall-työkalua.

Eli nyt on käytössä:

Windows XP SP3 (uusimmat päivitykset)
Avira
Comodo (onko tämä riittävä, vai vaihdanko ZoneAlarmiin tms?)
SpywareBlaster
Hosts-tiedosto
CCleaner
Iobit Advanced Systemcare

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 20:40:36, on 19.9.2010
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
D:\Program Files\Avira\AntiVir Desktop\avguard.exe
D:\Program Files\Avira\AntiVir Desktop\avshadow.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
D:\Program Files\Avira\AntiVir Desktop\sched.exe
C:\WINDOWS\Explorer.EXE
D:\Program Files\Palomuuri\Comodo\Firewall\cmdagent.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\msiexec.exe
D:\Program Files\Palomuuri\Comodo\Firewall\cfp.exe
D:\Program Files\Avira\AntiVir Desktop\avgnt.exe
D:\Program Files\Mobile Partner\Mobile Partner.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\dllhost.exe
D:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.fi/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = proxy.dial.inet.fi:800
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.fi;*.*.fi;*.*.*.fi;<local>
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: LitmusBHO - {C6867EB7-8350-4856-877F-93CF8AE3DC9C} - (no file)
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O3 - Toolbar: (no name) - {265EEE8E-3228-44D3-AEA5-F7FDF5860049} - (no file)
O4 - HKLM\..\Run: [CtrlVol] "C:\Program Files\Launch Manager\CtrlVol.exe"
O4 - HKLM\..\Run: [ePowerManagement] C:\Acer\ePM\ePM.exe boot
O4 - HKLM\..\Run: [COMODO Firewall Pro] "D:\Program Files\Palomuuri\Comodo\Firewall\cfp.exe" -h
O4 - HKLM\..\Run: [avgnt] "D:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min
O4 - HKLM\..\Run: [ConnectionCenter] "C:\Program Files\Citrix\ICA Client\concentr.exe" /startup
O4 - HKCU\..\Run: [Mobile Partner] "D:\Program Files\Mobile Partner\Mobile Partner.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-21-3845734143-1002380211-3227636783-1005\..\Run: [Mobile Partner] "D:\Program Files\Mobile Partner\Mobile Partner.exe" (User '?')
O4 - HKUS\S-1-5-21-3845734143-1002380211-3227636783-1005\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe (User '?')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User '?')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\WINDOWS\system32\GPhotos.scr/200
O8 - Extra context menu item: Vie Microsoft E&xceliin - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Oheistiedot - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=http://www.soneraplaza.fi
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/mic...ls/en/x86/client/muweb_site.cab?1257426773234
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - http://fpdownload2.macromedia.com/get/flashplayer/current/swflash.cab
O20 - AppInit_DLLs: C:\WINDOWS\system32\guard32.dll
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: Notebook Manager Service (anbmService) - OSA Technologies Inc. - C:\Acer\eManager\anbmServ.exe
O23 - Service: Avira AntiVir Scheduler (AntiVirSchedulerService) - Avira GmbH - D:\Program Files\Avira\AntiVir Desktop\sched.exe
O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - D:\Program Files\Avira\AntiVir Desktop\avguard.exe
O23 - Service: Canon Camera Access Library 8 (CCALib8) - Canon Inc. - C:\Program Files\Canon\CAL\CALMAIN.exe
O23 - Service: COMODO Firewall Pro Helper Service (cmdAgent) - Unknown owner - D:\Program Files\Palomuuri\Comodo\Firewall\cmdagent.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe

--
End of file - 5667 bytes

Näyttää aika hyvältä??

 

.
Kyllä tämä tästä ollaan jo voiton puolella !!!

SpyBot voi olla koneella,mutta sen TeaTimer sammutettuna.
Sillä voi scannailla silloinkun haluaa kuvakkeesta, mutta
StartUppiin ei auta laittaa.

Comodo ja ZoneAlarmi ovat molemmat oikeen hyviä !!!

Ymmärsin ettei tämä COMODO Firewall Pro (kaupallinen)
ei päivity joten sen voit vaihtaa jonpaan kunpaan em... muuriin. (FreeWare)

Nämä on OK =>
SpywareBlasteri
Hosts-tiedosto

Iobit sattaa vahingoittaa winukan rekisteriä ???

-----------------------------------------------------------------------------

Lataa netistä Avastin UnInstalleri: TÄÄLTÄ
tallenna se työpöydälle ja käynnistä se.

-------------------------------------------------------------------

Ota ensin Windowssin rekisteristä näin varmuuskopio:

XP =>
Alapalkista > Käynnistä > Suorita -> Kirjoita regedit -> paina OK.

Klikkaa hiirellä omatietokone rivi aktiiviseksi.
Sitten Tiedosto -> Vie. Kirjoita sille Rekisteri Tiedoston nimi ja
Tallennus Kohde sarakkeeseen valitset (C juureen. Vientialueeseen "täppi" kohtaan kaikki.
Klikkaat nappia Tallenna.
Poistu Regeditistä.

--------------------------------------------------------

* Lataa RegASSASSIN työpöydällesi.
* Tupla-klikkaa RegASSASSIN.exe'ä käynnistääksesi sen.
* Ruxit annat olla molemmissa kohdissa.
* Kopioi ja liitä seuraava rivi alapuolelta valkoiseen laatikkoon.

Koodi:

HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_AWRCQKOG

* Klikkaa Delete -nappia.
* Vastaa YES jokaiseen kysymykseen.
Poista myös seuraavat avaimet samalla tavalla.

Koodi:

HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Enum\Root\LEGACY_AWRCQKOG
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_AWRCQKOG

--------------------------------------------------------------------------------

Kyllä se Comodokin on vaurioitunut:

Avaa Muistio ja kopioi/liitä Lainaus: laatikon sisältö sinne:

Koodi:

Driver::
awrcqkog

Registry::
[HKEY_LOCAL_MACHINE\SYSTEM\Software\Comodo\Firewall Pro\Configurations\0\HIPS\Policy\0\Rules\1\Allowed\1]
"Filename"=-
[HKEY_LOCAL_MACHINE\SYSTEM\Software\Comodo\Firewall Pro\Configurations\0\HIPS\Policy\0\Rules\1\Allowed\1]
"DeviceName"=-

Tallenna nimellä CFScript (itse asiassa combofix tunnistaa tuon vaikka tiedostopääte ei olisi
edes .txt).

* Sulje/ota pois päältä kaikki virustorjunta- ja haittaohjelmien poisto-ohjelmat, jotta ne eivät häiritse ComboFixin ajoa.
* Ei palomuuria.

Sitten raahaa ja pudota CFScript ComboFix.exeen kuten alla.(Älä klikkaa)



Huom! Älä klikkaile combofixin ikkunaa käytön aikana. Tämä saattaa aiheuttaa ohjelman jumiutumisen.
Käynnistä kone uudelleen, jos niin pyydetään ja lähetä combofix.txt-tiedoston sisältö tänne.

----------------------------------------------------------------

Nämä voit HJT:llä Fixiä pois =>
O2 - BHO: LitmusBHO - {C6867EB7-8350-4856-877F-93CF8AE3DC9C} - (no file)
O3 - Toolbar: (no name) - {265EEE8E-3228-44D3-AEA5-F7FDF5860049} - (no file)

Lähetä =>
(C:\ComboFix.txt)
Onnistuiko ???

 

Hyvin onnistui! Mulla ei ollut enää Avastia koneella, pelkästään rekisterissä, joten poistin haun avulla kaikki avast-tulokset sieltä regeditillä. Tein noi kaikki muutkin "askeleet", ja poistin vanhan Comodon ja asensin uuden. Kiitos vihjeestä! Luotin download.fi sivustoon, että Pro olisi ainoa Comodon palomuuri.

Tämä uusi Comodo Firewall tuntuu yhtä kevyeltä kuin vanha Pro, ja Avira + Comodo -yhdistelmä on todella paljon kevyempi kuin F-Secure 2010! Ei edes läppärin tuuletin huuda enää surffaillessa Comodo ja Zonealarm vaikuttaa tähän mennessä yhtä kevyiltä, Comodo kyselee vaan paljon enemmän.

Täytyypä käyttää harkiten tuota Iobittia, asensin sen vain Defragia varten, Windowsin oma eheytys ei toimi jostain syystä? Ei tapahdu mitään kun painaa eheytä-nappia. Huomasin, että Iobit tekee samaa jos kone ei ole verkkovirrassa, ja sellainen asetuskin löytyi Iobitin Smart Defrag ohjelmasta (virransäästöominaisuus tms)

Vielä pari kysymystä:

1) Onko googlen kuvahaku vaarallinen? Sitä tulee käytettyä päivittäin.
2) Kumpi on turvallisempi, Opera vai Firefox? Molemmista uusin versio asennettuna, ja SpywareBlaster taitaa suojata vain Firefoxia?
3) Musiikki ei soi hyvin youtubesta tai edes winapista, ääni särkee ja pätkii (kuulokkeilla, kaiuttimilla jne). Päivitin AC97 -ajurit, mutta ei muutosta. Integroitu äänikortti tai äänen ulostulo rikki?

ComboFix 10-09-16.07 - Admin 20.09.2010 19:51:46.4.1 - FAT32x86
Running from: c:\documents and settings\Admin\Desktop\Logiohjelmat\ComboFix.exe
Command switches used :: c:\documents and settings\Admin\Desktop\Logiohjelmat\CFScript.txt
AV: AntiVir Desktop *On-access scanning disabled* (Updated) {AD166499-45F9-482A-A743-FDD3350758C7}
FW: COMODO Firewall Pro *enabled* {043803A3-4F86-4ef6-AFC5-F6E02A79969B}
* Created a new restore point
.

((((((((((((((((((((((((( Files Created from 2010-08-20 to 2010-09-20 )))))))))))))))))))))))))))))))
.

2010-09-20 16:42 . 2010-09-20 16:43 76388260 ----a-w- C:\rekisteri_uusi_avast_poistettu.reg
2010-09-20 16:27 . 2010-09-20 16:28 76545904 ----a-w- C:\rekisteri_20_9_2010.reg
2010-09-20 12:12 . 2010-09-20 12:12 -------- d-----w- c:\windows\LastGood
2010-09-20 12:12 . 2010-09-20 12:12 -------- d-----w- c:\program files\Realtek AC97
2010-09-18 15:47 . 2010-09-18 15:47 -------- d-----w- c:\documents and settings\Admin\Application Data\IObit
2010-09-18 14:39 . 2010-09-18 14:39 -------- d-----w- C:\_OTM
2010-09-16 21:41 . 2010-09-16 21:41 -------- d-----w- c:\documents and settings\Admin\Application Data\Avira
2010-09-16 21:31 . 2010-03-01 07:05 124784 ----a-w- c:\windows\system32\drivers\avipbb.sys
2010-09-16 21:31 . 2010-02-16 11:24 60936 ----a-w- c:\windows\system32\drivers\avgntflt.sys
2010-09-16 21:31 . 2009-05-11 09:49 45416 ----a-w- c:\windows\system32\drivers\avgntdd.sys
2010-09-16 21:31 . 2009-05-11 09:49 22360 ----a-w- c:\windows\system32\drivers\avgntmgr.sys
2010-09-16 21:31 . 2010-09-16 21:31 -------- d-----w- c:\documents and settings\All Users\Application Data\Avira
2010-09-16 19:45 . 2010-09-16 19:45 -------- d-----w- c:\documents and settings\All Users\Application Data\TEMP
2010-09-15 23:36 . 2010-09-15 23:36 -------- d-----w- c:\documents and settings\Admin\Application Data\Malwarebytes
2010-09-15 23:34 . 2010-04-29 12:39 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-09-15 23:34 . 2010-09-15 23:34 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2010-09-15 23:34 . 2010-04-29 12:39 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-09-14 10:50 . 2010-09-14 10:50 388096 ----a-r- c:\documents and settings\Admin\Application Data\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
2010-09-12 18:06 . 2010-09-12 18:06 -------- d-----w- c:\windows\Internet Logs
2010-09-08 11:21 . 2010-09-08 11:21 -------- d-sh--w- c:\documents and settings\NetworkService\IETldCache
2010-09-07 22:52 . 2010-06-24 12:21 743424 ------w- c:\windows\system32\dllcache\iedvtool.dll
2010-09-07 22:40 . 2010-06-14 14:31 744448 ------w- c:\windows\system32\dllcache\helpsvc.exe
2010-09-03 14:13 . 2010-09-03 14:13 1266056 ----a-w- c:\temp\WindowsXP-KB927891-v3-x86-ENU.exe
2010-09-03 14:12 . 2010-09-03 14:12 3038 ----a-w- c:\temp\fix_svchost.bat
2010-09-03 14:12 . 2010-09-03 14:12 6216032 ----a-w- c:\temp\windowsupdateagent30-x86.exe
2010-09-02 11:41 . 2010-09-02 11:41 -------- d-----w- c:\documents and settings\LocalService\Local Settings\Application Data\Opera
2010-09-02 11:37 . 2010-09-02 11:37 -------- d--h--w- c:\documents and settings\All Users\Application Data\ActiveSMART
2010-09-01 12:26 . 2010-09-01 12:26 -------- d-----w- c:\documents and settings\All Users\Application Data\Comodo Downloader

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-09-18 15:10 . 2005-12-20 10:03 45280 ----a-w- c:\documents and settings\Admin\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2010-08-30 10:41 . 2010-08-30 10:41 16 ----a-w- c:\documents and settings\NetworkService\Application Data\hngmfc.dat
2010-06-30 12:31 . 1979-12-31 21:00 149504 ----a-w- c:\windows\system32\schannel.dll
2010-06-24 12:22 . 1979-12-31 21:00 916480 ----a-w- c:\windows\system32\wininet.dll
2010-06-23 13:44 . 1979-12-31 21:00 1851904 ------w- c:\windows\system32\win32k.sys
2009-08-14 10:33 . 2009-08-14 10:33 652640 ----a-w- c:\program files\mozilla firefox\plugins\sslsdk_b.dll
2009-09-12 20:05 . 2009-09-12 20:05 124240 ----a-w- c:\program files\mozilla firefox\plugins\CCMSDK.dll
2009-09-12 20:06 . 2009-09-12 20:06 40280 ----a-w- c:\program files\mozilla firefox\plugins\icalogon.dll
2009-09-12 20:06 . 2009-09-12 20:06 31064 ----a-w- c:\program files\mozilla firefox\plugins\icafile.dll
2009-09-12 20:07 . 2009-09-12 20:07 255312 ----a-w- c:\program files\mozilla firefox\plugins\ctxmui.dll
2009-09-12 20:06 . 2009-09-12 20:06 22360 ----a-w- c:\program files\mozilla firefox\plugins\ctxlogging.dll
2009-09-12 20:06 . 2009-09-12 20:06 91480 ----a-w- c:\program files\mozilla firefox\plugins\confmgr.dll
2009-09-12 20:06 . 2009-09-12 20:06 13136 ----a-w- c:\program files\mozilla firefox\plugins\cgpcfg.dll
2009-09-12 20:06 . 2009-09-12 20:06 23896 ----a-w- c:\program files\mozilla firefox\plugins\TcpPServ.dll
2009-09-12 20:06 . 2009-09-12 20:06 70488 ----a-w- c:\program files\mozilla firefox\plugins\CgpCore.dll
.

------- Sigcheck -------

[-] 2008-06-20 . AD978A1B783B5719720CFF204B666C8E . 361600 . . [5.1.2600.5625] . . c:\windows\$hf_mig$\KB951748\SP3QFE\tcpip.sys
[-] 2008-06-20 . 9AEFA14BD6B182D61E3119FA5F436D3D . 361600 . . [5.1.2600.5625] . . c:\windows\system32\drivers\tcpip.sys
[-] 2008-06-20 . 9AEFA14BD6B182D61E3119FA5F436D3D . 361600 . . [5.1.2600.5625] . . c:\windows\system32\dllcache\tcpip.sys
[-] 2008-06-20 . 9AEFA14BD6B182D61E3119FA5F436D3D . 361600 . . [5.1.2600.5625] . . c:\windows\$hf_mig$\KB951748\SP3GDR\tcpip.sys
[-] 2008-06-20 . 2A5554FC5B1E04E131230E3CE035C3F9 . 360320 . . [5.1.2600.3394] . . c:\windows\$NtServicePackUninstall$\tcpip.sys
[-] 2008-06-20 . 744E57C99232201AE98C49168B918F48 . 360960 . . [5.1.2600.3394] . . c:\windows\$hf_mig$\KB951748\SP2QFE\tcpip.sys
[7] 2008-04-13 . 93EA8D04EC73A85DB02EB8805988F733 . 361344 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\tcpip.sys
[-] 2007-10-30 . 64798ECFA43D78C7178375FCDD16D8C8 . 360832 . . [5.1.2600.3244] . . c:\windows\$hf_mig$\KB941644\SP2QFE\tcpip.sys
[-] 2006-04-20 . B2220C618B42A2212A59D91EBD6FC4B4 . 360576 . . [5.1.2600.2892] . . c:\windows\$hf_mig$\KB917953\SP2QFE\tcpip.sys
[-] 2006-01-13 . 5562CC0A47B2AEF06D3417B733F3C195 . 360448 . . [5.1.2600.2827] . . c:\windows\$hf_mig$\KB913446\SP2QFE\tcpip.sys
[-] 2005-05-25 . 63FDFEA54EB53DE2D863EE454937CE1E . 359936 . . [5.1.2600.2685] . . c:\windows\$hf_mig$\KB893066\SP2QFE\tcpip.sys

[-] 2009-02-09 . 6B27A5C03DFB94B4245739065431322C . 401408 . . [5.1.2600.5755] . . c:\windows\system32\rpcss.dll
[-] 2009-02-09 . 6B27A5C03DFB94B4245739065431322C . 401408 . . [5.1.2600.5755] . . c:\windows\system32\dllcache\rpcss.dll
[-] 2009-02-09 . 6B27A5C03DFB94B4245739065431322C . 401408 . . [5.1.2600.5755] . . c:\windows\$hf_mig$\KB956572\SP3GDR\rpcss.dll
[-] 2009-02-09 . 9222562D44021B988B9F9F62207FB6F2 . 401408 . . [5.1.2600.5755] . . c:\windows\$hf_mig$\KB956572\SP3QFE\rpcss.dll
[-] 2009-02-09 . 01095FEBF33BEEA00C2A0730B9B3EC28 . 399360 . . [5.1.2600.3520] . . c:\windows\$NtServicePackUninstall$\rpcss.dll
[-] 2009-02-09 . 24B5D53B9ACCC1E2EDCF0A878D6659D4 . 401408 . . [5.1.2600.3520] . . c:\windows\$hf_mig$\KB956572\SP2QFE\rpcss.dll
[7] 2008-04-13 . 2589FE6015A316C0F5D5112B4DA7B509 . 399360 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\rpcss.dll
[-] 2005-07-26 . C369DF215D352B6F3A0B8C3469AA34F8 . 398336 . . [5.1.2600.2726] . . c:\windows\$hf_mig$\KB902400\SP2QFE\rpcss.dll
[-] 2005-04-28 . DA383FB39A6F1C445F3AFC94B3EB1248 . 396288 . . [5.1.2600.2665] . . c:\windows\$hf_mig$\KB894391\SP2QFE\rpcss.dll

[-] 2009-02-06 . 37561F8D4160D62DA86D24AE41FAE8DE . 110592 . . [5.1.2600.3520] . . c:\windows\$NtServicePackUninstall$\services.exe
[-] 2009-02-06 . 65DF52F5B8B6E9BBD183505225C37315 . 110592 . . [5.1.2600.5755] . . c:\windows\system32\services.exe
[-] 2009-02-06 . 65DF52F5B8B6E9BBD183505225C37315 . 110592 . . [5.1.2600.5755] . . c:\windows\system32\dllcache\services.exe
[-] 2009-02-06 . 65DF52F5B8B6E9BBD183505225C37315 . 110592 . . [5.1.2600.5755] . . c:\windows\$hf_mig$\KB956572\SP3GDR\services.exe
[-] 2009-02-06 . 020CEAAEDC8EB655B6506B8C70D53BB6 . 110592 . . [5.1.2600.5755] . . c:\windows\$hf_mig$\KB956572\SP3QFE\services.exe
[-] 2009-02-06 . 4712531AB7A01B7EE059853CA17D39BD . 110592 . . [5.1.2600.3520] . . c:\windows\$hf_mig$\KB956572\SP2QFE\services.exe
[7] 2008-04-13 . 0E776ED5F7CC9F94299E70461B7B8185 . 108544 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\services.exe

[-] 2008-07-07 19:32 . 60D1A6342238378BFB7545C81EE3606C . 253952 . . [2001.12.4414.320] . . c:\windows\$NtServicePackUninstall$\es.dll
[-] 2008-07-07 19:26 . D4991D98F2DB73C60D042F1AEF79EFAE . 253952 . . [2001.12.4414.706] . . c:\windows\system32\es.dll
[-] 2008-07-07 19:26 . D4991D98F2DB73C60D042F1AEF79EFAE . 253952 . . [2001.12.4414.706] . . c:\windows\system32\dllcache\es.dll
[-] 2008-07-07 19:26 . D4991D98F2DB73C60D042F1AEF79EFAE . 253952 . . [2001.12.4414.706] . . c:\windows\$hf_mig$\KB950974\SP3GDR\es.dll
[-] 2008-07-07 19:23 . F17F6226BDC0CD5F0BEF0DAF84D29BEC . 253952 . . [2001.12.4414.706] . . c:\windows\$hf_mig$\KB950974\SP3QFE\es.dll
[-] 2008-07-07 19:06 . A4AB3DCA4A383F0DF4988ABDEB84F9A4 . 253952 . . [2001.12.4414.320] . . c:\windows\$hf_mig$\KB950974\SP2QFE\es.dll
[7] 2008-04-13 23:11 . 19A799805B24990867B00C120D300C3A . 246272 . . [2001.12.4414.701] . . c:\windows\ServicePackFiles\i386\es.dll
[-] 2005-07-26 03:20 . 95F5FEA4C6DE2C3F28784D0DCC8F0DD3 . 243200 . . [2001.12.4414.308] . . c:\windows\$hf_mig$\KB902400\SP2QFE\es.dll

[-] 2009-03-21 . B6ACAED7588295129791E0E6A2B0FADE . 986112 . . [5.1.2600.3541] . . c:\windows\$NtServicePackUninstall$\kernel32.dll
[-] 2009-03-21 . B921FB870C9AC0D509B2CCABBBBE95F3 . 989696 . . [5.1.2600.5781] . . c:\windows\system32\kernel32.dll
[-] 2009-03-21 . B921FB870C9AC0D509B2CCABBBBE95F3 . 989696 . . [5.1.2600.5781] . . c:\windows\system32\dllcache\kernel32.dll
[-] 2009-03-21 . B921FB870C9AC0D509B2CCABBBBE95F3 . 989696 . . [5.1.2600.5781] . . c:\windows\$hf_mig$\KB959426\SP3GDR\kernel32.dll
[-] 2009-03-21 . DA11D9D6ECBDF0F93436A4B7C13F7BEC . 991744 . . [5.1.2600.5781] . . c:\windows\$hf_mig$\KB959426\SP3QFE\kernel32.dll
[-] 2009-03-21 . 80202858D245FF07DAA1739C57A3E19B . 989184 . . [5.1.2600.3541] . . c:\windows\$hf_mig$\KB959426\SP2QFE\kernel32.dll
[7] 2008-04-13 . C24B983D211C34DA8FCC1AC38477971D . 989696 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\kernel32.dll
[-] 2007-04-16 . 09F7CB3687F86EDAA4CA081F7AB66C03 . 986112 . . [5.1.2600.3119] . . c:\windows\$hf_mig$\KB935839\SP2QFE\kernel32.dll
[-] 2006-07-05 . 0FDD84928A5DDE2510761B7EC76CCEC9 . 985088 . . [5.1.2600.2945] . . c:\windows\$hf_mig$\KB917422\SP2QFE\kernel32.dll

[-] 2008-06-20 . 832E4DD8964AB7ACC880B2837CB1ED20 . 245248 . . [5.1.2600.5625] . . c:\windows\system32\mswsock.dll
[-] 2008-06-20 . 832E4DD8964AB7ACC880B2837CB1ED20 . 245248 . . [5.1.2600.5625] . . c:\windows\system32\dllcache\mswsock.dll
[-] 2008-06-20 . 832E4DD8964AB7ACC880B2837CB1ED20 . 245248 . . [5.1.2600.5625] . . c:\windows\$hf_mig$\KB951748\SP3GDR\mswsock.dll
[-] 2008-06-20 . FCEE5FCB99F7C724593365C706D28388 . 245248 . . [5.1.2600.5625] . . c:\windows\$hf_mig$\KB951748\SP3QFE\mswsock.dll
[-] 2008-06-20 . 097722F235A1FB698BF9234E01B52637 . 245248 . . [5.1.2600.3394] . . c:\windows\$NtServicePackUninstall$\mswsock.dll
[-] 2008-06-20 . 1DFCA7713EA5A70D5D93B436AEA0317A . 245248 . . [5.1.2600.3394] . . c:\windows\$hf_mig$\KB951748\SP2QFE\mswsock.dll
[7] 2008-04-13 . B4138E99236F0F57D4CF49BAE98A0746 . 245248 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\mswsock.dll

[-] 2005-01-28 10:44 . 140EF97B64F560FD78643CAE2CDAD838 . 25088 . . [10.0.3790.3802] . . c:\windows\system32\MsPMSNSv.dll
[-] 2005-01-28 10:44 . 140EF97B64F560FD78643CAE2CDAD838 . 25088 . . [10.0.3790.3802] . . c:\windows\system32\dllcache\mspmsnsv.dll
[-] 2005-01-28 10:44 . 140EF97B64F560FD78643CAE2CDAD838 . 25088 . . [10.0.3790.3802] . . c:\windows\RegisteredPackages\{30C7234B-6482-4A55-A11D-ECD9030313F2}\MsPMSNSv.dll
[7] 2004-08-04 02:00 . C086483E3DBA8C1C0A687EC8D5B3D4C1 . 52224 . . [9.0.1.56] . . c:\windows\RegisteredPackages\{30C7234B-6482-4A55-A11D-ECD9030313F2}$BACKUP$\System\MsPMSNSv.dll
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Mobile Partner"="d:\program files\Mobile Partner\Mobile Partner.exe" [2008-01-29 110592]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CtrlVol"="c:\program files\Launch Manager\CtrlVol.exe" [2003-09-16 20480]
"ePowerManagement"="c:\acer\ePM\ePM.exe" [2005-03-15 2893824]
"COMODO Firewall Pro"="d:\program files\Palomuuri\Comodo\Firewall\cfp.exe" [2010-04-15 1655552]
"avgnt"="d:\program files\Avira\AntiVir Desktop\avgnt.exe" [2010-03-02 282792]
"ConnectionCenter"="c:\program files\Citrix\ICA Client\concentr.exe" [2009-09-12 103768]
"SoundMan"="SOUNDMAN.EXE" [2007-04-16 577536]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-13 15360]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\windows\system32\guard32.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
2009-09-04 09:08 935288 ----a-r- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
2009-10-03 01:08 35696 ----a-w- d:\program files\Adobe\Reader\reader_sl.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\epm-dm]
2005-06-01 11:17 192512 ----a-w- c:\acer\ePM\epm-dm.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\eRecoveryService]
2005-06-29 14:26 352256 ----a-w- c:\program files\acer\eRecovery\Monitor.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HotKeysCmds]
2005-01-23 07:31 126976 ------w- c:\windows\system32\hkcmd.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IgfxTray]
2005-01-23 07:36 155648 ------w- c:\windows\system32\igfxtray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IMJPMIG8.1]
2004-08-04 02:00 208952 ----a-w- c:\windows\ime\imjp8_1\imjpmig.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LaunchAp]
2005-07-25 10:36 32768 ----a-w- c:\program files\Launch Manager\LaunchAp.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LManager]
2005-06-06 08:52 69632 ----a-w- c:\program files\Launch Manager\HotkeyApp.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LMgrOSD]
2005-07-25 07:45 241664 ----a-w- c:\program files\Launch Manager\OSDCtrl.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PowerKey]
2002-08-30 12:02 94208 ----a-w- c:\program files\Launch Manager\Powerkey.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SoundMan]
2007-04-16 12:28 577536 ----a-w- c:\windows\soundman.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2009-10-11 01:17 149280 ----a-w- c:\program files\Java\jre6\bin\jusched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SynTPEnh]
2005-02-04 08:11 708698 ----a-w- c:\program files\Synaptics\SynTP\SynTPEnh.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SynTPLpr]
2005-02-04 08:12 102490 ----a-w- c:\program files\Synaptics\SynTP\SynTPLpr.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Wbutton]
2005-07-25 10:34 81920 ----a-w- c:\program files\Launch Manager\WButton.exe

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Messenger\\MSMSGS.EXE"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\DC++\\DCPlusPlus.exe"=
"d:\\Program Files\\Opera\\opera.exe"=
"d:\\Program Files\\BitTorrent\\bittorrent.exe"=

R1 mailKmd;mailKmd; [x]
R3 POWERKEY;POWERKEY;c:\program files\Launch Manager\POWERKEY.sys [2000-12-19 2343]
R4 sptd;sptd;c:\windows\system32\Drivers\sptd.sys [2009-11-29 691696]
S1 cmdGuard;COMODO Firewall Pro Sandbox Driver;c:\windows\system32\DRIVERS\cmdguard.sys [2010-04-15 87056]
S1 cmdHlp;COMODO Firewall Pro Helper Driver;c:\windows\system32\DRIVERS\cmdhlp.sys [2010-04-15 24208]
S1 ctxusbm;Citrix USB Monitor Driver;c:\windows\system32\DRIVERS\ctxusbm.sys [2009-09-08 65584]
S2 AntiVirSchedulerService;Avira AntiVir Scheduler;d:\program files\Avira\AntiVir Desktop\sched.exe [2010-02-24 135336]


[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
getPlusHelper REG_MULTI_SZ getPlusHelper
.
Contents of the 'Scheduled Tasks' folder

2010-09-19 c:\windows\Tasks\SmartDefrag.job
- d:\program files\IObit\IObit SmartDefrag\IObit SmartDefrag.exe [2010-09-18 15:08]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.fi/
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: Vie Microsoft E&xceliin - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
Trusted Zone: microsoft.com\www.update
FF - ProfilePath - c:\documents and settings\Admin\Application Data\Mozilla\Firefox\Profiles\k8adl0js.default\
FF - plugin: c:\program files\Mozilla Firefox\plugins\np-mswmp.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npicaN.dll
FF - plugin: d:\program files\Adobe\Reader\browser\nppdf32.dll
FF - plugin: d:\program files\Opera\program\plugins\npdsplay.dll
FF - plugin: d:\program files\Opera\program\plugins\npwmsdrm.dll
FF - plugin: d:\program files\Picasa3\npPicasa3.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

---- FIREFOX POLICIES ----
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbaam7a8h", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled", false);
.
- - - - ORPHANS REMOVED - - - -

MSConfigStartUp-F-Secure Manager - c:\program files\F-Secure Internet Security\Common\FSM32.EXE
MSConfigStartUp-F-Secure TNB - c:\program files\F-Secure Internet Security\FSGUI\TNBUtil.exe
MSConfigStartUp-News Service - c:\program files\F-Secure Internet Security\FSGUI\ispnews.exe
AddRemove-CNXT_MODEM_PCI_VEN_8086&DEV_266D&SUBSYS_006A1025 - c:\program files\CONEXANT\CNXT_MODEM_PCI_VEN_8086&DEV_266D&SUBSYS_006A1025\HXFSETUP.EXE



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-09-20 20:01
Windows 5.1.2600 Service Pack 3 FAT NTAPI

detected NTDLL code modification:
ZwClose

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_USERS\S-1-5-21-3845734143-1002380211-3227636783-1005\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*]
"??"=hex:77,3d,25,f7,65,81,ed,6d,17,1b,13,58,01,7e,b0,9a,38,5a,c5,21,64,f5,71,
be,03,7d,f8,f4,10,20,ed,21,b5,d0,5c,70,e1,e5,65,03,e3,76,0f,d4,a3,31,4a,08,\
"??"=hex:50,7c,a2,1e,10,75,48,ba,d8,91,db,8e,f1,c0,17,b8
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(556)
c:\windows\system32\guard32.dll
c:\windows\system32\igfxsrvc.dll
c:\windows\system32\hccutils.DLL

- - - - - - - > 'lsass.exe'(612)
c:\windows\system32\guard32.dll

- - - - - - - > 'explorer.exe'(1512)
c:\windows\system32\WININET.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
.
Completion time: 2010-09-20 20:05:47
ComboFix-quarantined-files.txt 2010-09-20 17:05

Pre-Run: 2 893 119 488 bytes free
Post-Run: 2 928 148 480 bytes free

- - End Of File - - 37C58139AEF8CC30761B2C327CBF30E2


LOPPU
-
-
-
-

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 21:04:31, on 20.9.2010
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
D:\Program Files\Avira\AntiVir Desktop\avguard.exe
D:\Program Files\Avira\AntiVir Desktop\avshadow.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\svchost.exe
D:\Program Files\Avira\AntiVir Desktop\avgnt.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\SOUNDMAN.EXE
D:\Program Files\Avira\AntiVir Desktop\sched.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\System32\svchost.exe
C:\DOCUME~1\Admin\LOCALS~1\Temp\RtkBtMnt.EXE
D:\Program Files\COMODO\COMODO\COMODO Internet Security\cfp.exe
C:\WINDOWS\System32\svchost.exe
D:\Program Files\COMODO\COMODO\COMODO Internet Security\cmdagent.exe
D:\Program Files\Mobile Partner\Mobile Partner.exe
C:\WINDOWS\system32\wuauclt.exe
D:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.fi/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = proxy.dial.inet.fi:800
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.fi;*.*.fi;*.*.*.fi;<local>
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O4 - HKLM\..\Run: [CtrlVol] "C:\Program Files\Launch Manager\CtrlVol.exe"
O4 - HKLM\..\Run: [ePowerManagement] C:\Acer\ePM\ePM.exe boot
O4 - HKLM\..\Run: [avgnt] "D:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min
O4 - HKLM\..\Run: [ConnectionCenter] "C:\Program Files\Citrix\ICA Client\concentr.exe" /startup
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [COMODO Internet Security] "D:\Program Files\COMODO\COMODO\COMODO Internet Security\cfp.exe" -h
O4 - HKCU\..\Run: [Mobile Partner] "D:\Program Files\Mobile Partner\Mobile Partner.exe"
O4 - HKUS\S-1-5-21-3845734143-1002380211-3227636783-1005\..\Run: [Mobile Partner] "D:\Program Files\Mobile Partner\Mobile Partner.exe" (User '?')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User '?')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\WINDOWS\system32\GPhotos.scr/200
O8 - Extra context menu item: Vie Microsoft E&xceliin - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Oheistiedot - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=http://www.soneraplaza.fi
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/mic...ls/en/x86/client/muweb_site.cab?1257426773234
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - http://fpdownload2.macromedia.com/get/flashplayer/current/swflash.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{117DD082-98E2-4B81-806F-972E32D209DC}: NameServer = 62.241.198.245 62.241.198.246
O17 - HKLM\System\CS1\Services\Tcpip\..\{117DD082-98E2-4B81-806F-972E32D209DC}: NameServer = 62.241.198.245 62.241.198.246
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: Notebook Manager Service (anbmService) - OSA Technologies Inc. - C:\Acer\eManager\anbmServ.exe
O23 - Service: Avira AntiVir Scheduler (AntiVirSchedulerService) - Avira GmbH - D:\Program Files\Avira\AntiVir Desktop\sched.exe
O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - D:\Program Files\Avira\AntiVir Desktop\avguard.exe
O23 - Service: Canon Camera Access Library 8 (CCALib8) - Canon Inc. - C:\Program Files\Canon\CAL\CALMAIN.exe
O23 - Service: COMODO Internet Security Helper Service (cmdAgent) - COMODO - D:\Program Files\COMODO\COMODO\COMODO Internet Security\cmdagent.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe

--
End of file - 5630 bytes

 

.
Huomenta !!!

Disabloitko uudesta Comodosta virustutkan, että jäi
vain palomuuri käyttöön. Comodo ja Zone kyselee aluksi
lupia, mutta hiljenevät opiskeluvaiheen jälkeen.

--------------------------------------------------------------

1) Onko googlen kuvahaku vaarallinen? Sitä tulee käytettyä päivittäin.

- Ei se sen vaarallisempi ole, kuin mikään netissä oleva kuva tiedosto.
JPG ja GIF:iin voidaan piilottaa haittakoodia. Esiintyy yleensä
Sähköpostin liitteissä. Harvemmin Art clip Libraaryissä.

---------------------------------------------------------------

2) Kumpi on turvallisempi, Opera vai Firefox? Molemmista uusin versio asennettuna,
ja SpywareBlaster taitaa suojata vain Firefoxia?

- Oopperaa en tunne. Itellä käytössä FF, IE ja Chrome.
FF on hyvä jos jaksaa ja osaa säätää sitä.
Viimeisin testi väittää Goolen Chromea parhaimmaksi.
(makukysymys) hiiren vasemmalla napilla ne pöpöt tulee.

--------------------------------------------------------------

- HOST tiedoston merkitys on hiljalleen hiipumassa.

Ennakkovaroitin WOT haitallisille nettisivuille menoa estämään.

WOT => TUTUSTU

tuo varoittaa surffaajaa astumasta "Pask..n" HI
Tehoja se ei ole koneestani ottanut kuinkaan, eikä sen olemassaoloa huomaa
muulloin kuin yrittäessä klikata vikapaikaan.

-------------------------------------------------------------

3) Musiikki ei soi hyvin youtubesta tai edes winapista.

- Riittääkö mokkulan ja koneen tehot edes sellaiseen.
Risan äänikortin voi korvata uudella (20€) tai
USBiin tökättävällä äänikortilla.

************************************************************************

Kirjoita windowsin käynnistävalikon suorita-kenttään Combofix /uninstall paina OK

********************************************************

Käynnistä Malwarebytes Sieltä Karanteeni välileti ja tyhjennä roskat.

**********************************************************

Seuraavaksi poistamme kaikki käytetyt työkalut roskineen.

* TuplaklikkaaOTM.exe.
* Klikkaa CleanUp!.
* Valitse Yes kun kysytään "Begin cleanup Process?".
* Jos pyydetään, että saako koneen käynnistää uudeelleen, valitse Yes.
* OTMoveIt poistaa itsensä kun se on valmis, jos näin ei käy poista se itse.

* Poista kaikki muutkin käytetyt työkalut koneelta.
Jos joskus niitä tarvitaan ne on silloin jo vanhentuneita.

----------------------------------------------------------------------------

Tässä pieni ohje, kuinka pienennetään koneen saastumisriskiä

-> Tyhjennä järjestelmänpalautus -> Ohjeet Windows ME - XP
Ohjeet Windows Vista
Tyhjennä järjestelmänpalautuskansio ja luo uusi palautuspiste. Tämä puhdistaa palautuskansion mahdollisista haittaohjelmajäännöksistä.

-> Käytä CCleaneria -> CCleaner
Lataa ja asenna CCleaner. Puhdista väliaikaistiedostot ja -kansiot ohjelmalla säännöllisesti. Ohjelman saa suomenkieliseksi.

-> Käytä Malwarebytes' Anti-Malwarea -> Malwarebytes' Anti-Malware
Lataa ja asenna Malwarebytes' Anti-Malware. Päivitä se ja skannaa konettasi sillä säännöllisesti. Ohjelman saa suomenkieliseksi.

-> Asenna SpywareBlaster -> SpywareBlaster
SpywareBlaster estää haittaohjelmia asentumasta koneellesi. Ei kuluta muistia!
Opas saatavilla suomeksi! Nimimerkki Ad-Awaren opas

-> Asenna MVPS Hosts tiedosto -> MVPS Hosts
Estää koneesi yhteyden haitallisiin sivustoihin. Ei kuluta muistia!
Opas saatavilla suomeksi! Nimimerkki Axelin opas

-> Vaihda selaimesi Firefoxiin -> Firefox
Firefox on nopeampi, turvallisempi ja parempi selain kuin Internet Explorer.

-> Pidä järjestelmäsi ajantasalla. -> Windows Update
Vieraile Windows Updatessa säännöllisesti.

-> Pidä palomuuri ja virustorjunta ajantasalla
Päivitä ja skannaa koneesi säännöllisesti virustorjuntaohjelmallasi.

-> Käytä Windows Vistassa/7:ssa normaalia käyttäjätiliä
Nekon suomenkielinen ohje Käytä päivittäisessä käytössä normaalia käyttäjätiliä

-> Käytä Windows Vistassa/7:ssa UAC:ta
Nekon suomenkielinen ohje Muuta käyttäjätilien valvonnan (UAC) asetuksia

-> Nopeuta tietokonettasi -> Nopeuta tietokonetta -opas
Tietokoneen hidastuminen voi johtua monesta asiasta, mutta yleisesti Keskusmuistin määrästä, Automaattisesti käynnistyvien ohjelmien määrästä, liiallisesta suojauksesta, ylimääräisten tiedostojen poistamattomuudesta taikka levyn pirtoutuneisuudesta. Nekon ohjeista löytyvät helpot ohjeet koneesi kuntoutukseen.

Pysy puhtaana

 

Uudessa Comodossa mulla on asetuksina Firewall: Safe mode ja Defence+: Safe mode. Sandbox on disabled, samoin Internet Security ja Proactive Security eivät ole käytössä, eli pelkkä Firewall Security vaan käytössä. Tätä ilmeisesti tarkoitit? En löytänyt erillistä virustutkaa sieltä..

Suuret kiitokset!! Noi kaikki punaiset kohdat lopussa olenkin jo tehnyt viimeistään tän viikon aikana. Ongelmana oli varmaan tuo vanhentunut Comodo, joka sekin on nyt kunnossa, ja aion skannailla kerran kuussa Anti-Malwarella, CCleanerin ajan päivittäin (pakkomielle Kyllä toimii kone IHAN eri tavalla kuin ennen tätä ketjua, prossun kuormitus idlenä selain päällä on sen 0-20% kun ennen saattoi olla ilman mitään ohjelmia 100% rasitus. Ja silloinkin olin jo karsinut ylimääräiset prosessit taustalta, eli koneessa tosiaan oli viruksia ja ne tekivät koneesta käyttökelvottoman.

Äänihomma vaivaa enää ainoastaan, kone on Acer Aspire 3610, Intel Celeron 1.5GHz, 2GB keskusmuistia (alunperin 512MB, uudet kammatkaan eivät vaikuttaneet vikaan, epäilin aluksi muisteja..), kovo 80GB (eheytetty ja tilaa vapaana nyt reilusti) ja Win XP SP3.

Tuo äänen pätkiminen/rätinä on todella mysteeri, huomasin että ennen se rätisi kun prossun kuormitus kasvoi taskmanagerissa, prossun kuorma meni sykäyksittäin kuin pulssi, nopeasti alas ja ylös. Se johtui varmaankin haittaohjelmista, mutta ääni rätisee vieläkin, tosin vähemmän, vaikka kone on puhdas ja kaikki optimoitu. Asensin äänipiirin ajuritkin uudestaan (AC'97). DirectX vielä uusiksi mutta sitten loppuu keinot, täytyy varmaan kokeilla sitä USB-äänikorttia? Ei tule muuta kuin rautavika enää mieleen.

Vielä kerran kiitoksia! Palaan luultavasti vielä asiaan tuon äitin koneen tiimoilta, sitä on nyt puhdistettu, eheytetty ja osioitu uudelleen, mutta täytyy käydä sekin vielä kunnolla läpi kun aikaa löytyy

 

.
Kuulostaa ihan hyvältä !!!
Ääniä lukuunottamatta.
Palaillaan.