Saastuneen koneen HijackThis loki

Avaa Muistio ja kopioi/liitä quoteboxin sisältö sinne:

Nyt tuon punasella merkityn laitat tyhjään muistioon
käynnistä nappi >apuohjelmat > muistio


Sittten vasemmasta ylä reunasta tiedosto > tallenna nimellä

Kohde: työpöytä

Tiedostonnimi: CFScript.txt

Tallenusmuoto: kaikki tiedostot

sitten raahaat sen kuvan osoitamalla tavalla Työpöydällä Combofix.exe:een ja pudotat sen sinne



combofix työstää tulee sininen taulu paina numeroa 1 ja enter

pistä siintä tuleva loki tänne

 

ComboFix 08-09-16.05 - HP_Omistaja 2008-09-19 3:12:25.2 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1035.18.157 [GMT 3:00]
Sijainti: C:\Documents and Settings\HP_Omistaja\Työpöytä\ComboFix.exe
Command switches used :: C:\Documents and Settings\HP_Omistaja\Työpöytä\CFScript.txt
* Uusi palautuspiste luotu

VAROITUS - PALAUTUSKONSOLIA EI OLE ASENNETTU !!
.

(((((((((((((((((((((((((((((((((((((( Muut poistot ))))))))))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Documents and Settings\All Users\Application Data\Avg8
C:\Documents and Settings\All Users\Application Data\comodo
C:\Documents and Settings\All Users\Application Data\comodo\common\db\sigsdb.db
C:\Documents and Settings\All Users\Application Data\comodo\common\MarkSafe\MarkSafeList.txt
C:\Documents and Settings\All Users\Application Data\comodo\common\Pending\PendingList.txt
C:\Documents and Settings\All Users\Application Data\comodo\common\tvl\trusted.tvl
C:\Documents and Settings\All Users\Application Data\comodo\Firewall Pro\cfplogdb.sdb
C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
C:\Documents and Settings\All Users\Application Data\Symantec
C:\Documents and Settings\All Users\Application Data\Symantec\LiveSubscribe\Catalog.LiveSubscribe
C:\Documents and Settings\All Users\Application Data\Symantec\LiveUpdate\Product.Catalog.LiveUpdate
C:\Documents and Settings\All Users\Application Data\Symantec\LiveUpdate\Settings.LiveUpdate
C:\Documents and Settings\HP_Omistaja\Application Data\Comodo
C:\Documents and Settings\HP_Omistaja\Application Data\Comodo\Firewall Pro\Data\ResFiles\Activeconnections.ico
C:\Documents and Settings\HP_Omistaja\Application Data\Comodo\Firewall Pro\Data\ResFiles\Activeprocesslist.ico
C:\Documents and Settings\HP_Omistaja\Application Data\Comodo\Firewall Pro\Data\ResFiles\activity.ico
C:\Documents and Settings\HP_Omistaja\Application Data\Comodo\Firewall Pro\Data\ResFiles\alert.ico
C:\Documents and Settings\HP_Omistaja\Application Data\Comodo\Firewall Pro\Data\ResFiles\AutoFileSubmitCaption.ico
C:\Documents and Settings\HP_Omistaja\Application Data\Comodo\Firewall Pro\Data\ResFiles\AutoFileSubmitTrayIcon.ico
C:\Documents and Settings\HP_Omistaja\Application Data\Comodo\Firewall Pro\Data\ResFiles\backarrow.ico
C:\Documents and Settings\HP_Omistaja\Application Data\Comodo\Firewall Pro\Data\ResFiles\cfg_dlg_btn_delete.ico
C:\Documents and Settings\HP_Omistaja\Application Data\Comodo\Firewall Pro\Data\ResFiles\cfg_dlg_btn_export.ico
C:\Documents and Settings\HP_Omistaja\Application Data\Comodo\Firewall Pro\Data\ResFiles\cfg_dlg_btn_import.ico
C:\Documents and Settings\HP_Omistaja\Application Data\Comodo\Firewall Pro\Data\ResFiles\cfg_dlg_btn_select.ico
C:\Documents and Settings\HP_Omistaja\Application Data\Comodo\Firewall Pro\Data\ResFiles\cfp-updater1.ico
C:\Documents and Settings\HP_Omistaja\Application Data\Comodo\Firewall Pro\Data\ResFiles\cfp-updater2.ico
C:\Documents and Settings\HP_Omistaja\Application Data\Comodo\Firewall Pro\Data\ResFiles\cfp-updater3.ico
C:\Documents and Settings\HP_Omistaja\Application Data\Comodo\Firewall Pro\Data\ResFiles\checkbox_icon0.ico
C:\Documents and Settings\HP_Omistaja\Application Data\Comodo\Firewall Pro\Data\ResFiles\checkbox_icon1.ico
C:\Documents and Settings\HP_Omistaja\Application Data\Comodo\Firewall Pro\Data\ResFiles\checkbox_icon2.ico
C:\Documents and Settings\HP_Omistaja\Application Data\Comodo\Firewall Pro\Data\ResFiles\Config.ini
C:\Documents and Settings\HP_Omistaja\Application Data\Comodo\Firewall Pro\Data\ResFiles\configure_defense_settings.ico
C:\Documents and Settings\HP_Omistaja\Application Data\Comodo\Firewall Pro\Data\ResFiles\configure_Learning_Apps.ico
C:\Documents and Settings\HP_Omistaja\Application Data\Comodo\Firewall Pro\Data\ResFiles\configure_profile_settings.ico
C:\Documents and Settings\HP_Omistaja\Application Data\Comodo\Firewall Pro\Data\ResFiles\configure_stealth_settings.ico
C:\Documents and Settings\HP_Omistaja\Application Data\Comodo\Firewall Pro\Data\ResFiles\configure_Welcome.ico
C:\Documents and Settings\HP_Omistaja\Application Data\Comodo\Firewall Pro\Data\ResFiles\defense+.ico
C:\Documents and Settings\HP_Omistaja\Application Data\Comodo\Firewall Pro\Data\ResFiles\Defense+events.ico
C:\Documents and Settings\HP_Omistaja\Application Data\Comodo\Firewall Pro\Data\ResFiles\DefenseTaks_ViewPendingFiles.ico
C:\Documents and Settings\HP_Omistaja\Application Data\Comodo\Firewall Pro\Data\ResFiles\DefenseTasks_MySafeFiles.ico
C:\Documents and Settings\HP_Omistaja\Application Data\Comodo\Firewall Pro\Data\ResFiles\diagnose.ico
C:\Documents and Settings\HP_Omistaja\Application Data\Comodo\Firewall Pro\Data\ResFiles\dn0_up0.ico
C:\Documents and Settings\HP_Omistaja\Application Data\Comodo\Firewall Pro\Data\ResFiles\dn0_up1.ico
C:\Documents and Settings\HP_Omistaja\Application Data\Comodo\Firewall Pro\Data\ResFiles\dn0_up2.ico
C:\Documents and Settings\HP_Omistaja\Application Data\Comodo\Firewall Pro\Data\ResFiles\dn0_up3.ico
C:\Documents and Settings\HP_Omistaja\Application Data\Comodo\Firewall Pro\Data\ResFiles\dn0_up4.ico
C:\Documents and Settings\HP_Omistaja\Application Data\Comodo\Firewall Pro\Data\ResFiles\dn1_up0.ico
C:\Documents and Settings\HP_Omistaja\Application Data\Comodo\Firewall Pro\Data\ResFiles\dn1_up1.ico
C:\Documents and Settings\HP_Omistaja\Application Data\Comodo\Firewall Pro\Data\ResFiles\dn1_up2.ico
C:\Documents and Settings\HP_Omistaja\Application Data\Comodo\Firewall Pro\Data\ResFiles\dn1_up3.ico
C:\Documents and Settings\HP_Omistaja\Application Data\Comodo\Firewall Pro\Data\ResFiles\dn1_up4.ico
C:\Documents and Settings\HP_Omistaja\Application Data\Comodo\Firewall Pro\Data\ResFiles\dn2_up0.ico
C:\Documents and Settings\HP_Omistaja\Application Data\Comodo\Firewall Pro\Data\ResFiles\dn2_up1.ico
C:\Documents and Settings\HP_Omistaja\Application Data\Comodo\Firewall Pro\Data\ResFiles\dn2_up2.ico
C:\Documents and Settings\HP_Omistaja\Application Data\Comodo\Firewall Pro\Data\ResFiles\dn2_up3.ico
C:\Documents and Settings\HP_Omistaja\Application Data\Comodo\Firewall Pro\Data\ResFiles\dn2_up4.ico
C:\Documents and Settings\HP_Omistaja\Application Data\Comodo\Firewall Pro\Data\ResFiles\dn3_up0.ico
C:\Documents and Settings\HP_Omistaja\Application Data\Comodo\Firewall Pro\Data\ResFiles\dn3_up1.ico
C:\Documents and Settings\HP_Omistaja\Application Data\Comodo\Firewall Pro\Data\ResFiles\dn3_up2.ico
C:\Documents and Settings\HP_Omistaja\Application Data\Comodo\Firewall Pro\Data\ResFiles\dn3_up3.ico
C:\Documents and Settings\HP_Omistaja\Application Data\Comodo\Firewall Pro\Data\ResFiles\dn3_up4.ico
C:\Documents and Settings\HP_Omistaja\Application Data\Comodo\Firewall Pro\Data\ResFiles\dn4_up0.ico
C:\Documents and Settings\HP_Omistaja\Application Data\Comodo\Firewall Pro\Data\ResFiles\dn4_up1.ico
C:\Documents and Settings\HP_Omistaja\Application Data\Comodo\Firewall Pro\Data\ResFiles\dn4_up2.ico
C:\Documents and Settings\HP_Omistaja\Application Data\Comodo\Firewall Pro\Data\ResFiles\dn4_up3.ico
C:\Documents and Settings\HP_Omistaja\Application Data\Comodo\Firewall Pro\Data\ResFiles\dn4_up4.ico
C:\Documents and Settings\HP_Omistaja\Application Data\Comodo\Firewall Pro\Data\ResFiles\firewall.ico
C:\Documents and Settings\HP_Omistaja\Application Data\Comodo\Firewall Pro\Data\ResFiles\Firewallevents.ico
C:\Documents and Settings\HP_Omistaja\Application Data\Comodo\Firewall Pro\Data\ResFiles\firewallsummary.ico
C:\Documents and Settings\HP_Omistaja\Application Data\Comodo\Firewall Pro\Data\ResFiles\fw-adv-advancd.ico
C:\Documents and Settings\HP_Omistaja\Application Data\Comodo\Firewall Pro\Data\ResFiles\fw-adv-comtasks.ico
C:\Documents and Settings\HP_Omistaja\Application Data\Comodo\Firewall Pro\Data\ResFiles\fw-tasks-bannapp.ico
C:\Documents and Settings\HP_Omistaja\Application Data\Comodo\Firewall Pro\Data\ResFiles\fw-tasks-blkd-nzone.ico
C:\Documents and Settings\HP_Omistaja\Application Data\Comodo\Firewall Pro\Data\ResFiles\fw-tasks-myport.ico
C:\Documents and Settings\HP_Omistaja\Application Data\Comodo\Firewall Pro\Data\ResFiles\fw-tasks-netzone.ico
C:\Documents and Settings\HP_Omistaja\Application Data\Comodo\Firewall Pro\Data\ResFiles\fw-tasks-trustap.ico
C:\Documents and Settings\HP_Omistaja\Application Data\Comodo\Firewall Pro\Data\ResFiles\fw-tasks-trustdn.ico
C:\Documents and Settings\HP_Omistaja\Application Data\Comodo\Firewall Pro\Data\ResFiles\highlites.ico
C:\Documents and Settings\HP_Omistaja\Application Data\Comodo\Firewall Pro\Data\ResFiles\hips-adv-imgcnt.ico
C:\Documents and Settings\HP_Omistaja\Application Data\Comodo\Firewall Pro\Data\ResFiles\hips-adv-prfine-plcy.ico
C:\Documents and Settings\HP_Omistaja\Application Data\Comodo\Firewall Pro\Data\ResFiles\hips-adv-proac-set.ico
C:\Documents and Settings\HP_Omistaja\Application Data\Comodo\Firewall Pro\Data\ResFiles\hips-adv-secu-plcy.ico
C:\Documents and Settings\HP_Omistaja\Application Data\Comodo\Firewall Pro\Data\ResFiles\hips-tsks-com-grps.ico
C:\Documents and Settings\HP_Omistaja\Application Data\Comodo\Firewall Pro\Data\ResFiles\hips-tsks-com.ico
C:\Documents and Settings\HP_Omistaja\Application Data\Comodo\Firewall Pro\Data\ResFiles\hips-tsks_grpfiles.ico
C:\Documents and Settings\HP_Omistaja\Application Data\Comodo\Firewall Pro\Data\ResFiles\hips-tsks_reggrps.ico
C:\Documents and Settings\HP_Omistaja\Application Data\Comodo\Firewall Pro\Data\ResFiles\hips_tasks_protdocs_32.ico
C:\Documents and Settings\HP_Omistaja\Application Data\Comodo\Firewall Pro\Data\ResFiles\hips_tasks_quarfiles_32.ico
C:\Documents and Settings\HP_Omistaja\Application Data\Comodo\Firewall Pro\Data\ResFiles\hips_tasks_regiskeys_32.ico
C:\Documents and Settings\HP_Omistaja\Application Data\Comodo\Firewall Pro\Data\ResFiles\hipsarrow_down.ico
C:\Documents and Settings\HP_Omistaja\Application Data\Comodo\Firewall Pro\Data\ResFiles\hipsarrow_up.ico
C:\Documents and Settings\HP_Omistaja\Application Data\Comodo\Firewall Pro\Data\ResFiles\leftarrow_disabled.ico
C:\Documents and Settings\HP_Omistaja\Application Data\Comodo\Firewall Pro\Data\ResFiles\leftarrow_hover.ico
C:\Documents and Settings\HP_Omistaja\Application Data\Comodo\Firewall Pro\Data\ResFiles\leftarrow_normal.ico
C:\Documents and Settings\HP_Omistaja\Application Data\Comodo\Firewall Pro\Data\ResFiles\leftarrow_pressed.ico
C:\Documents and Settings\HP_Omistaja\Application Data\Comodo\Firewall Pro\Data\ResFiles\LogDefenceAllTime.ico
C:\Documents and Settings\HP_Omistaja\Application Data\Comodo\Firewall Pro\Data\ResFiles\LogDefenceLog.ico
C:\Documents and Settings\HP_Omistaja\Application Data\Comodo\Firewall Pro\Data\ResFiles\LogDefenceThisMonth.ico
C:\Documents and Settings\HP_Omistaja\Application Data\Comodo\Firewall Pro\Data\ResFiles\LogDefenceThisWeek.ico
C:\Documents and Settings\HP_Omistaja\Application Data\Comodo\Firewall Pro\Data\ResFiles\LogDefenceToday.ico
C:\Documents and Settings\HP_Omistaja\Application Data\Comodo\Firewall Pro\Data\ResFiles\LogFirewallAllTime.ico
C:\Documents and Settings\HP_Omistaja\Application Data\Comodo\Firewall Pro\Data\ResFiles\LogFirewallLog.ico
C:\Documents and Settings\HP_Omistaja\Application Data\Comodo\Firewall Pro\Data\ResFiles\LogFirewallThisMonth.ico
C:\Documents and Settings\HP_Omistaja\Application Data\Comodo\Firewall Pro\Data\ResFiles\LogFirewallThisWeek.ico
C:\Documents and Settings\HP_Omistaja\Application Data\Comodo\Firewall Pro\Data\ResFiles\LogFirewallToday.ico
C:\Documents and Settings\HP_Omistaja\Application Data\Comodo\Firewall Pro\Data\ResFiles\main-firewall-advanced_advattack.ico
C:\Documents and Settings\HP_Omistaja\Application Data\Comodo\Firewall Pro\Data\ResFiles\main-firewall-advanced_fbehaviour.ico
C:\Documents and Settings\HP_Omistaja\Application Data\Comodo\Firewall Pro\Data\ResFiles\main-firewall-advanced_network.ico
C:\Documents and Settings\HP_Omistaja\Application Data\Comodo\Firewall Pro\Data\ResFiles\main-firewall-advanced_securitylevel.ico
C:\Documents and Settings\HP_Omistaja\Application Data\Comodo\Firewall Pro\Data\ResFiles\mainsummary.ico
C:\Documents and Settings\HP_Omistaja\Application Data\Comodo\Firewall Pro\Data\ResFiles\ManageSafeExport.ico
C:\Documents and Settings\HP_Omistaja\Application Data\Comodo\Firewall Pro\Data\ResFiles\ManageSafeImport.ico
C:\Documents and Settings\HP_Omistaja\Application Data\Comodo\Firewall Pro\Data\ResFiles\misc.ico
C:\Documents and Settings\HP_Omistaja\Application Data\Comodo\Firewall Pro\Data\ResFiles\misc_adbout.ico
C:\Documents and Settings\HP_Omistaja\Application Data\Comodo\Firewall Pro\Data\ResFiles\misc_browseforums.ico
C:\Documents and Settings\HP_Omistaja\Application Data\Comodo\Firewall Pro\Data\ResFiles\misc_btn.ico
C:\Documents and Settings\HP_Omistaja\Application Data\Comodo\Firewall Pro\Data\ResFiles\misc_chkupdates.ico
C:\Documents and Settings\HP_Omistaja\Application Data\Comodo\Firewall Pro\Data\ResFiles\misc_helpbig.ico
C:\Documents and Settings\HP_Omistaja\Application Data\Comodo\Firewall Pro\Data\ResFiles\misc_imp_exp_config.ico
C:\Documents and Settings\HP_Omistaja\Application Data\Comodo\Firewall Pro\Data\ResFiles\misc_marksafelist.ico
C:\Documents and Settings\HP_Omistaja\Application Data\Comodo\Firewall Pro\Data\ResFiles\misc_setings.ico
C:\Documents and Settings\HP_Omistaja\Application Data\Comodo\Firewall Pro\Data\ResFiles\MyTrustedSoftwareVendors.ico
C:\Documents and Settings\HP_Omistaja\Application Data\Comodo\Firewall Pro\Data\ResFiles\NewZoneDetected.ico
C:\Documents and Settings\HP_Omistaja\Application Data\Comodo\Firewall Pro\Data\ResFiles\nextarrow.ico
C:\Documents and Settings\HP_Omistaja\Application Data\Comodo\Firewall Pro\Data\ResFiles\pleasewait_32.ico
C:\Documents and Settings\HP_Omistaja\Application Data\Comodo\Firewall Pro\Data\ResFiles\prd_logo_16_16.ico
C:\Documents and Settings\HP_Omistaja\Application Data\Comodo\Firewall Pro\Data\ResFiles\prd_logo_24_24.ico
C:\Documents and Settings\HP_Omistaja\Application Data\Comodo\Firewall Pro\Data\ResFiles\prdinfo.ini
C:\Documents and Settings\HP_Omistaja\Application Data\Comodo\Firewall Pro\Data\ResFiles\proactive.ico
C:\Documents and Settings\HP_Omistaja\Application Data\Comodo\Firewall Pro\Data\ResFiles\question.ico
C:\Documents and Settings\HP_Omistaja\Application Data\Comodo\Firewall Pro\Data\ResFiles\reminder_dlg_pleasewait.ico
C:\Documents and Settings\HP_Omistaja\Application Data\Comodo\Firewall Pro\Data\ResFiles\rightarrow_disabled.ico
C:\Documents and Settings\HP_Omistaja\Application Data\Comodo\Firewall Pro\Data\ResFiles\rightarrow_hover.ico
C:\Documents and Settings\HP_Omistaja\Application Data\Comodo\Firewall Pro\Data\ResFiles\rightarrow_normal.ico
C:\Documents and Settings\HP_Omistaja\Application Data\Comodo\Firewall Pro\Data\ResFiles\rightarrow_pressed.ico
C:\Documents and Settings\HP_Omistaja\Application Data\Comodo\Firewall Pro\Data\ResFiles\ScanSystem.ico
C:\Documents and Settings\HP_Omistaja\Application Data\Comodo\Firewall Pro\Data\ResFiles\shield.ico
C:\Documents and Settings\HP_Omistaja\Application Data\Comodo\Firewall Pro\Data\ResFiles\summary_highlites.ico
C:\Documents and Settings\HP_Omistaja\Application Data\Comodo\Firewall Pro\Data\ResFiles\Summary_NW_Defense.ico
C:\Documents and Settings\HP_Omistaja\Application Data\Comodo\Firewall Pro\Data\ResFiles\Summary_NW_Down.ico
C:\Documents and Settings\HP_Omistaja\Application Data\Comodo\Firewall Pro\Data\ResFiles\Summary_NW_UP.ico
C:\Documents and Settings\HP_Omistaja\Application Data\Comodo\Firewall Pro\Data\ResFiles\Summary_proactive.ico
C:\Documents and Settings\HP_Omistaja\Application Data\Comodo\Firewall Pro\Data\ResFiles\Summary_Proactive_Active.ico
C:\Documents and Settings\HP_Omistaja\Application Data\Comodo\Firewall Pro\Data\ResFiles\Summary_Proactive_Init_Mode.ico
C:\Documents and Settings\HP_Omistaja\Application Data\Comodo\Firewall Pro\Data\ResFiles\Summary_Proactive_Prev_Mode.ico
C:\Documents and Settings\HP_Omistaja\Application Data\Comodo\Firewall Pro\Data\ResFiles\Summary_Proactive_Suspicious.ico
C:\Documents and Settings\HP_Omistaja\Application Data\Comodo\Firewall Pro\Data\ResFiles\Summary_RestoreAll.ico
C:\Documents and Settings\HP_Omistaja\Application Data\Comodo\Firewall Pro\Data\ResFiles\Summary_StopAll.ico
C:\Documents and Settings\HP_Omistaja\Application Data\Comodo\Firewall Pro\Data\ResFiles\summaryFirewall.ico
C:\Documents and Settings\HP_Omistaja\Application Data\Comodo\Firewall Pro\Data\ResFiles\summarysummary.ico
C:\Documents and Settings\HP_Omistaja\Application Data\Comodo\Firewall Pro\Data\ResFiles\SummarySystemStatus_Active.ico
C:\Documents and Settings\HP_Omistaja\Application Data\Comodo\Firewall Pro\Data\ResFiles\SummarySystemStatus_InActive.ico
C:\Documents and Settings\HP_Omistaja\Application Data\Comodo\Firewall Pro\Data\ResFiles\SummarySystemStatus_Init.ico
C:\Documents and Settings\HP_Omistaja\Application Data\Comodo\Firewall Pro\Data\ResFiles\tipoftheday.ico
C:\Documents and Settings\HP_Omistaja\Application Data\Comodo\Firewall Pro\Data\ResFiles\traffic.ico
C:\Documents and Settings\HP_Omistaja\Application Data\Comodo\Firewall Pro\Data\ResFiles\TrayPopuoCloseButton.ico
C:\Documents and Settings\HP_Omistaja\Application Data\SUPERAntiSpyware.com
C:\Documents and Settings\HP_Omistaja\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\AppLogs\SUPERANTISPYWARE-9-7-2008( 20-42-42 ).SDB
C:\Documents and Settings\HP_Omistaja\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\AppLogs\SUPERANTISPYWARE-9-8-2008( 13-52-41 ).SDB
C:\Documents and Settings\HP_Omistaja\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\AppLogs\SUPERANTISPYWARE-9-8-2008( 17-32-21 ).SDB
C:\Documents and Settings\HP_Omistaja\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\AppLogs\SUPERANTISPYWARE-9-8-2008( 18-53-37 ).SDB
C:\Documents and Settings\HP_Omistaja\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\AppLogs\SUPERANTISPYWARE-9-8-2008( 18-58-18 ).SDB
C:\Documents and Settings\HP_Omistaja\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\AppLogs\SUPERANTISPYWARE-9-8-2008( 22-26-3 ).SDB
C:\Documents and Settings\Vieras\Application Data\Symantec
C:\Documents and Settings\Vieras\Application Data\Symantec\Shared\Options.VcPref
C:\Program Files\Symantec

.
((((( Tiedostot, jotka on luotu seuraavalla aikavälillä: 2008-08-19 to 2008-09-19 )))))))))))))))))
.

2008-09-19 02:46 . 2008-09-19 02:46 <KANSIO> d-------- C:\Program Files\CCleaner
2008-09-19 02:16 . 2008-09-19 02:16 <KANSIO> d--h----- C:\Documents and Settings\HP_Omistaja\Verkkoympäristö
2008-09-19 01:13 . 2008-09-19 01:13 <KANSIO> d-------- C:\Program Files\Common Files\FotoWire
2008-09-19 01:13 . 2008-09-19 01:13 <KANSIO> d-------- C:\Documents and Settings\HP_Omistaja\Application Data\FotoWire
2008-09-19 00:13 . 2008-09-19 00:13 <KANSIO> d-------- C:\Documents and Settings\HP_Omistaja\Application Data\Malwarebytes
2008-09-19 00:08 . 2008-09-19 00:13 <KANSIO> d-------- C:\Program Files\Malwarebytes' Anti-Malware
2008-09-19 00:08 . 2008-09-19 00:08 <KANSIO> d-------- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2008-09-19 00:08 . 2008-09-08 00:11 38,528 --a------ C:\WINDOWS\system32\drivers\mbamswissarmy.sys
2008-09-19 00:08 . 2008-09-08 00:11 17,200 --a------ C:\WINDOWS\system32\drivers\mbam.sys
2008-09-18 23:45 . 2008-09-18 23:45 579,072 --a--c--- C:\WINDOWS\system32\dllcache\user32.dll
2008-09-18 23:44 . 2008-09-18 23:45 <KANSIO> d-------- C:\WINDOWS\ERUNT
2008-09-18 23:25 . 2008-09-18 23:25 <KANSIO> d-------- C:\Documents and Settings\Jõrjestelmõnvalvoja
2008-09-18 20:08 . 2008-09-18 20:08 <KANSIO> d-------- C:\Program Files\Trend Micro
2008-09-18 17:59 . 2008-09-19 03:09 <KANSIO> dr------- C:\Documents and Settings\HP_Omistaja\Suosikit
2008-09-18 17:52 . 2008-09-19 02:47 <KANSIO> dr------- C:\Documents and Settings\HP_Omistaja\Omat tiedostot
2008-09-18 17:48 . 2008-09-19 01:12 <KANSIO> d-------- C:\SXS
2008-09-18 17:47 . 2008-09-18 17:47 <KANSIO> dr------- C:\Documents and Settings\HP_Omistaja\Käynnistä-valikko
2008-09-18 17:47 . 2008-09-18 17:47 <KANSIO> d-------- C:\Documents and Settings\HP_Omistaja\Incomplete
2008-09-18 17:47 . 2008-09-18 17:47 <KANSIO> d-------- C:\Documents and Settings\HP_Omistaja\Contacts
2008-09-18 17:47 . 2008-09-18 17:47 <KANSIO> d-------- C:\Documents and Settings\HP_Omistaja\Application Data\zweitgeist
2008-09-18 17:47 . 2008-09-18 17:47 <KANSIO> d-------- C:\Documents and Settings\HP_Omistaja\Application Data\Template
2008-09-18 17:47 . 2008-09-18 17:47 <KANSIO> d-------- C:\Documents and Settings\HP_Omistaja\Application Data\Symantec
2008-09-18 17:47 . 2008-09-18 17:47 <KANSIO> d-------- C:\Documents and Settings\HP_Omistaja\Application Data\Sonic
2008-09-18 17:47 . 2008-09-18 17:47 <KANSIO> d-------- C:\Documents and Settings\HP_Omistaja\Application Data\ShredderChess
2008-09-18 17:47 . 2008-09-18 17:47 <KANSIO> d-------- C:\Documents and Settings\HP_Omistaja\Application Data\SampleView
2008-09-18 17:47 . 2008-09-18 17:47 <KANSIO> d-------- C:\Documents and Settings\HP_Omistaja\Application Data\Orbit
2008-09-18 17:47 . 2008-09-18 17:47 <KANSIO> d-------- C:\Documents and Settings\HP_Omistaja\Application Data\OpenOffice.org2
2008-09-18 17:47 . 2008-09-18 17:47 <KANSIO> d-------- C:\Documents and Settings\HP_Omistaja\Application Data\Nero
2008-09-18 17:47 . 2008-09-18 17:47 <KANSIO> d-------- C:\Documents and Settings\HP_Omistaja\Application Data\MSN6
2008-09-18 17:47 . 2008-09-18 17:47 <KANSIO> d-------- C:\Documents and Settings\HP_Omistaja\Application Data\Media Player Classic
2008-09-18 17:47 . 2008-09-18 17:47 <KANSIO> d-------- C:\Documents and Settings\HP_Omistaja\Application Data\LimeWire
2008-09-18 17:47 . 2008-09-18 17:47 <KANSIO> d-------- C:\Documents and Settings\HP_Omistaja\Application Data\Leadertech
2008-09-18 17:47 . 2008-09-18 17:47 <KANSIO> d-------- C:\Documents and Settings\HP_Omistaja\Application Data\Intervideo
2008-09-18 17:47 . 2008-09-18 17:47 <KANSIO> d-------- C:\Documents and Settings\HP_Omistaja\Application Data\GrabPro
2008-09-18 17:47 . 2008-09-18 17:47 <KANSIO> d-------- C:\Documents and Settings\HP_Omistaja\Application Data\FrostWire
2008-09-18 17:47 . 2008-09-18 17:47 <KANSIO> d-------- C:\Documents and Settings\HP_Omistaja\Application Data\DivX
2008-09-18 17:47 . 2008-09-19 00:32 <KANSIO> d-------- C:\Documents and Settings\HP_Omistaja\Application Data\Desktopicon
2008-09-18 17:47 . 2008-09-18 17:47 <KANSIO> d-------- C:\Documents and Settings\HP_Omistaja\Application Data\BSplayer Pro
2008-09-18 17:47 . 2008-09-18 17:47 <KANSIO> d-------- C:\Documents and Settings\HP_Omistaja\Application Data\BSplayer
2008-09-18 17:47 . 2008-09-18 17:47 <KANSIO> d-------- C:\Documents and Settings\HP_Omistaja\Application Data\AVS4YOU
2008-09-18 17:47 . 2008-09-18 17:47 <KANSIO> d-------- C:\Documents and Settings\HP_Omistaja\Application Data\ArcSoft
2008-09-18 17:47 . 2008-09-18 17:47 <KANSIO> d-------- C:\Documents and Settings\HP_Omistaja\Application Data\Apple Computer
2008-09-18 17:47 . 2008-09-18 17:47 <KANSIO> d-------- C:\Documents and Settings\HP_Omistaja\Application Data\AdobeUM
2008-09-18 17:47 . 2008-09-18 17:47 <KANSIO> d-------- C:\Documents and Settings\HP_Omistaja\Application Data\.wyzo
2008-09-18 17:46 . 2008-09-18 17:46 <KANSIO> d-------- C:\Documents and Settings\HP_Omistaja\WINDOWS
2008-09-18 17:46 . 2008-09-19 01:52 <KANSIO> d--hs---- C:\Documents and Settings\HP_Omistaja\UserData
2008-09-18 17:46 . 2008-09-19 03:12 <KANSIO> d-------- C:\Documents and Settings\HP_Omistaja\Työpöytä
2008-09-18 17:46 . 2008-09-18 17:46 <KANSIO> d--h----- C:\Documents and Settings\HP_Omistaja\Tulostinympäristö
2008-09-18 17:46 . 2008-09-18 17:46 <KANSIO> d--h----- C:\Documents and Settings\HP_Omistaja\Mallit
2008-09-18 17:46 . 2008-09-19 02:47 <KANSIO> d-------- C:\Documents and Settings\HP_Omistaja
2008-09-18 17:43 . 2008-09-18 17:46 <KANSIO> d-------- C:\Documents and Settings\Netta\Suosikit
2008-09-18 17:43 . 2008-09-18 17:46 <KANSIO> d-------- C:\Documents and Settings\Netta\Omat tiedostot
2008-09-18 17:43 . 2008-09-18 17:46 <KANSIO> d-------- C:\Documents and Settings\Netta\Mallit
2008-09-18 17:43 . 2004-01-01 12:34 <KANSIO> d-------- C:\Documents and Settings\Netta\Application Data\Intervideo
2008-09-18 17:43 . 2008-09-18 17:46 <KANSIO> d---s---- C:\Documents and Settings\Netta
2008-09-18 15:13 . 2008-09-18 15:13 <KANSIO> d-------- C:\Documents and Settings\Vieras\Application Data\Nero
2008-09-18 15:12 . 2004-01-01 12:42 <KANSIO> d-------- C:\Documents and Settings\Vieras\WINDOWS
2008-09-18 15:12 . 2004-01-01 09:20 <KANSIO> d--h----- C:\Documents and Settings\Vieras\Verkkoympäristö
2008-09-18 15:12 . 2004-01-01 09:20 <KANSIO> d-------- C:\Documents and Settings\Vieras\Työpöytä
2008-09-18 15:12 . 2004-01-01 09:20 <KANSIO> d--h----- C:\Documents and Settings\Vieras\Tulostinympäristö
2008-09-18 15:12 . 2008-09-18 17:58 <KANSIO> dr------- C:\Documents and Settings\Vieras\Suosikit
2008-09-18 15:12 . 2008-09-18 15:12 <KANSIO> dr------- C:\Documents and Settings\Vieras\Omat tiedostot
2008-09-18 15:12 . 2008-08-29 20:38 <KANSIO> d--h----- C:\Documents and Settings\Vieras\Mallit
2008-09-18 15:12 . 2008-08-29 20:37 <KANSIO> dr------- C:\Documents and Settings\Vieras\Käynnistä-valikko
2008-09-18 15:12 . 2004-01-01 13:09 <KANSIO> d-------- C:\Documents and Settings\Vieras\Application Data\SampleView
2008-09-18 15:12 . 2004-01-01 12:34 <KANSIO> d-------- C:\Documents and Settings\Vieras\Application Data\Intervideo
2008-09-18 15:12 . 2004-01-01 12:42 <KANSIO> d-------- C:\Documents and Settings\Vieras\Application Data\Apple Computer
2008-09-18 15:12 . 2008-09-18 17:49 <KANSIO> d-------- C:\Documents and Settings\Vieras
2008-09-17 22:49 . 2008-09-17 22:49 244 --ah----- C:\sqmnoopt05.sqm
2008-09-17 22:49 . 2008-09-17 22:49 232 --ah----- C:\sqmdata05.sqm
2008-09-17 19:36 . 2008-07-04 09:34 860,160 --a------ C:\WINDOWS\system32\lameACM.acm
2008-09-17 19:36 . 2008-01-10 15:15 755,027 --a------ C:\WINDOWS\system32\xvidcore.dll
2008-09-17 19:36 . 2004-01-25 19:18 217,088 --a------ C:\WINDOWS\system32\yv12vfw.dll
2008-09-17 19:36 . 2007-09-04 19:56 164,352 --a------ C:\WINDOWS\system32\unrar.dll
2008-09-17 19:36 . 2008-01-10 15:16 159,839 --a------ C:\WINDOWS\system32\xvidvfw.dll
2008-09-17 19:36 . 2007-09-21 03:52 118,784 --a------ C:\WINDOWS\system32\ac3acm.acm
2008-09-17 19:36 . 2007-10-03 18:03 414 --a------ C:\WINDOWS\system32\lame_acm.xml
2008-09-17 19:36 . 2008-07-30 22:09 38 --a------ C:\WINDOWS\avisplitter.ini
2008-09-17 19:35 . 2008-07-23 19:50 3,596,288 --a------ C:\WINDOWS\system32\qt-dx331.dll
2008-09-17 19:35 . 2008-07-25 11:34 683,520 --a------ C:\WINDOWS\system32\divx.dll
2008-09-17 19:35 . 2008-07-25 11:34 81,920 --a------ C:\WINDOWS\system32\dpl100.dll
2008-09-17 19:35 . 2008-06-12 21:36 7,680 --a------ C:\WINDOWS\system32\ff_vfw.dll
2008-09-17 19:35 . 2007-07-10 19:10 547 --a------ C:\WINDOWS\system32\ff_vfw.dll.manifest
2008-09-17 18:53 . 2008-09-17 18:53 244 --ah----- C:\sqmnoopt04.sqm
2008-09-17 18:53 . 2008-09-17 18:53 232 --ah----- C:\sqmdata04.sqm
2008-09-17 13:29 . 2008-09-17 13:29 <KANSIO> d-------- C:\WINDOWS\system32\mC02
2008-09-17 13:29 . 2008-09-17 13:29 <KANSIO> d-------- C:\Temp\mtc2
2008-09-17 13:29 . 2008-09-17 13:29 <KANSIO> d-------- C:\Temp
2008-09-17 09:05 . 2008-09-17 09:05 244 --ah----- C:\sqmnoopt03.sqm
2008-09-17 09:05 . 2008-09-17 09:05 232 --ah----- C:\sqmdata03.sqm
2008-09-16 20:51 . 2008-09-16 20:51 244 --ah----- C:\sqmnoopt02.sqm
2008-09-16 20:51 . 2008-09-16 20:51 232 --ah----- C:\sqmdata02.sqm
2008-09-16 15:25 . 2008-09-18 23:12 <KANSIO> d-------- C:\Program Files\COMODO
2008-09-16 15:25 . 2008-09-16 15:24 249,592 --a------ C:\WINDOWS\system32\cssdll32.dll
2008-09-16 15:23 . 2008-09-16 15:23 87,056 --a------ C:\WINDOWS\system32\drivers\cmdguard.sys
2008-09-16 15:23 . 2008-09-16 15:23 24,208 --a------ C:\WINDOWS\system32\drivers\cmdhlp.sys
2008-09-16 11:52 . 2008-09-16 11:52 <KANSIO> d-------- C:\Program Files\Microsoft CAPICOM 2.1.0.2
2008-09-16 11:44 . 2008-07-18 22:07 270,880 --a------ C:\WINDOWS\system32\mucltui.dll
2008-09-16 11:44 . 2008-07-18 22:07 210,976 --a------ C:\WINDOWS\system32\muweb.dll
2008-09-16 11:44 . 2008-07-18 22:07 29,728 --a------ C:\WINDOWS\system32\mucltui.dll.mui
2008-09-16 03:56 . 2008-09-16 03:56 244 --ah----- C:\sqmnoopt01.sqm
2008-09-16 03:56 . 2008-09-16 03:56 232 --ah----- C:\sqmdata01.sqm
2008-09-16 02:54 . 2008-09-16 15:23 143,104 --a------ C:\WINDOWS\system32\guard32.dll
2008-09-15 23:46 . 2008-09-15 23:46 0 --a------ C:\WINDOWS\nsreg.dat
2008-09-15 21:42 . 2008-09-15 21:42 268 --ah----- C:\sqmdata00.sqm
2008-09-15 21:42 . 2008-09-15 21:42 244 --ah----- C:\sqmnoopt00.sqm
2008-09-15 20:06 . 2008-09-18 01:57 <KANSIO> d-------- C:\Program Files\Windows Live
2008-09-15 20:06 . 2008-09-15 20:09 <KANSIO> d--hsc--- C:\Program Files\Common Files\WindowsLiveInstaller
2008-09-15 20:05 . 2008-09-15 20:05 <KANSIO> d-------- C:\Documents and Settings\All Users\Application Data\WLInstaller
2008-09-15 18:05 . 2008-06-10 02:32 73,728 --a------ C:\WINDOWS\system32\javacpl.cpl
2008-09-15 17:51 . 2008-09-15 17:51 <KANSIO> d-------- C:\WINDOWS\Sun
2008-09-14 23:34 . 2008-09-14 23:34 <KANSIO> d-------- C:\Program Files\Common Files\Adobe
2008-09-14 23:34 . 2008-09-14 23:32 286,720 --a------ C:\WINDOWS\iun504.exe
2008-09-14 21:07 . 2002-12-20 19:12 41,984 --a------ C:\WINDOWS\UnGins.exe
2008-09-14 19:31 . 2008-09-14 19:31 <KANSIO> d-------- C:\TETRISC
2008-09-08 23:37 . 2008-09-15 20:11 <KANSIO> d----c--- C:\WINDOWS\system32\DRVSTORE
2008-09-08 18:55 . 2004-01-01 12:42 <KANSIO> d-------- C:\Documents and Settings\Järjestelmänvalvoja\WINDOWS
2008-09-08 18:55 . 2004-01-01 12:42 <KANSIO> d-------- C:\Documents and Settings\Järjestelmänvalvoja\WINDOWS
2008-09-08 18:55 . 2004-01-01 09:20 <KANSIO> d--h----- C:\Documents and Settings\Järjestelmänvalvoja\Verkkoympäristö
2008-09-08 18:55 . 2004-01-01 09:20 <KANSIO> d--h----- C:\Documents and Settings\Järjestelmänvalvoja\Verkkoympäristö
2008-09-08 18:55 . 2008-09-18 17:47 <KANSIO> d-------- C:\Documents and Settings\Järjestelmänvalvoja\Työpöytä
2008-09-08 18:55 . 2008-09-18 17:47 <KANSIO> d-------- C:\Documents and Settings\Järjestelmänvalvoja\Työpöytä
2008-09-08 18:55 . 2004-01-01 09:20 <KANSIO> d--h----- C:\Documents and Settings\Järjestelmänvalvoja\Tulostinympäristö
2008-09-08 18:55 . 2004-01-01 09:20 <KANSIO> d--h----- C:\Documents and Settings\Järjestelmänvalvoja\Tulostinympäristö
2008-09-08 18:55 . 2008-08-29 20:37 <KANSIO> dr------- C:\Documents and Settings\Järjestelmänvalvoja\Suosikit

.
(((((((((((((((((((((((((((((((((((( Find3M-raportti ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-09-17 22:46 --------- d-----w C:\Documents and Settings\All Users\Application Data\Apple Computer
2008-09-17 22:43 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-09-15 15:05 --------- d-----w C:\Program Files\Java
2008-09-09 00:13 --------- d-----w C:\Program Files\Easy Internet signup
2008-09-08 19:57 --------- d-----w C:\Documents and Settings\All Users\Application Data\QuickTime
2008-08-29 09:30 --------- d-----w C:\Program Files\Common Files\Symantec Shared
2008-08-29 07:46 --------- d-----w C:\Program Files\InterVideo
2008-07-23 16:50 43,528 ------w C:\WINDOWS\system32\drivers\pxhelp20.sys
2008-07-18 19:10 94,920 ----a-w C:\WINDOWS\system32\cdm.dll
2008-07-18 19:10 53,448 ----a-w C:\WINDOWS\system32\wuauclt.exe
2008-07-18 19:10 45,768 ----a-w C:\WINDOWS\system32\wups2.dll
2008-07-18 19:10 36,552 ----a-w C:\WINDOWS\system32\wups.dll
2008-07-18 19:09 563,912 ----a-w C:\WINDOWS\system32\wuapi.dll
2008-07-18 19:09 325,832 ----a-w C:\WINDOWS\system32\wucltui.dll
2008-07-18 19:09 205,000 ----a-w C:\WINDOWS\system32\wuweb.dll
2008-07-18 19:09 1,811,656 ----a-w C:\WINDOWS\system32\wuaueng.dll
2008-07-07 20:28 253,952 ----a-w C:\WINDOWS\system32\es.dll
2008-06-24 16:44 74,240 ----a-w C:\WINDOWS\system32\mscms.dll
2008-06-24 15:12 295,936 ------w C:\WINDOWS\system32\wmpeffects.dll
2008-06-24 13:06 972,072 ----a-w C:\WINDOWS\UNNeroMediaHome.exe
2008-06-23 16:29 826,368 ----a-w C:\WINDOWS\system32\wininet.dll
2008-06-20 17:47 246,784 ----a-w C:\WINDOWS\system32\mswsock.dll
.

((((((((((((((((((((((((((((( snapshot@2008-09-18_23.25.00.92 )))))))))))))))))))))))))))))))))))))))))
.
+ 2008-08-07 13:27:04 163,328 ----a-w C:\WINDOWS\ERUNT\SDFIX\ERDNT.EXE
+ 2008-09-18 20:45:16 4,407,296 ----a-w C:\WINDOWS\ERUNT\SDFIX\Users\00000001\ntuser.dat
+ 2008-09-18 20:45:16 237,568 ----a-w C:\WINDOWS\ERUNT\SDFIX\Users\00000002\UsrClass.dat
+ 2008-08-07 13:27:04 163,328 ----a-w C:\WINDOWS\ERUNT\SDFIX_First_Run\ERDNT.EXE
+ 2008-09-18 20:45:04 4,407,296 ----a-w C:\WINDOWS\ERUNT\SDFIX_First_Run\Users\00000001\ntuser.dat
+ 2008-09-18 20:45:04 237,568 ----a-w C:\WINDOWS\ERUNT\SDFIX_First_Run\Users\00000002\UsrClass.dat
- 2008-08-30 18:10:32 25,214 ----a-r C:\WINDOWS\Installer\{A488D63E-B3DD-4423-892F-2F2EC8909518}\MainApp.exe
+ 2008-09-18 22:12:39 25,214 ----a-r C:\WINDOWS\Installer\{A488D63E-B3DD-4423-892F-2F2EC8909518}\MainApp.exe
+ 2008-09-18 23:11:13 16,384 ----atw C:\WINDOWS\Temp\Perflib_Perfdata_674.dat
.
(((((((((((((((((((((((((((((( Rekisterin käynnistyskohteet )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Huom* Tyhjiä arvoja ja laillisia oletusarvoja ei näytetä
REGEDIT4

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{2C688203-7EB3-4327-9995-1CB417BA23F9}"= "C:\Program Files\BS.Player ControlBar\BSToolbar.dll" [2008-08-11 757192]

[HKEY_CLASSES_ROOT\clsid\{2c688203-7eb3-4327-9995-1cb417ba23f9}]
[HKEY_CLASSES_ROOT\BSToolbar.ToolBandObj.1]
[HKEY_CLASSES_ROOT\TypeLib\{1FC79FB5-E4BD-48c8-B2E9-B8E74DB2C3A9}]
[HKEY_CLASSES_ROOT\BSToolbar.ToolBandObj]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{2C688203-7EB3-4327-9995-1CB417BA23F9}"= "C:\Program Files\BS.Player ControlBar\BSToolbar.dll" [2008-08-11 757192]

[HKEY_CLASSES_ROOT\clsid\{2c688203-7eb3-4327-9995-1cb417ba23f9}]
[HKEY_CLASSES_ROOT\BSToolbar.ToolBandObj.1]
[HKEY_CLASSES_ROOT\TypeLib\{1FC79FB5-E4BD-48c8-B2E9-B8E74DB2C3A9}]
[HKEY_CLASSES_ROOT\BSToolbar.ToolBandObj]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe" [2008-06-24 1840424]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2008-04-14 15360]
"WMPNSCFG"="C:\Program Files\Windows Media Player\WMPNSCFG.exe" [2006-11-15 204288]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"hpsysdrv"="c:\windows\system\hpsysdrv.exe" [1998-05-07 52736]
"KBD"="C:\HP\KBD\KBD.EXE" [2003-02-11 61440]
"Recguard"="C:\WINDOWS\SMINST\RECGUARD.EXE" [2004-04-14 233472]
"PS2"="C:\WINDOWS\system32\ps2.exe" [2002-10-16 81920]
"LogitechVideoRepair"="C:\Program Files\Logitech\Video\ISStart.exe" [2003-12-16 188416]
"LogitechVideoTray"="C:\Program Files\Logitech\Video\LogiTray.exe" [2003-12-16 77824]
"LogitechGalleryRepair"="C:\Program Files\Logitech\Video\ISStart.exe" [2003-12-16 188416]
"VTTimer"="VTTimer.exe" [2004-03-26 C:\WINDOWS\system32\VTTimer.exe]
"AGRSMMSG"="AGRSMMSG.exe" [2004-06-29 C:\WINDOWS\AGRSMMSG.exe]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"NoResolveSearch"= 1 (0x1)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"= C:\WINDOWS\system32\guard32.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"VIDC.YV12"= yv12vfw.dll
"msacm.enc"= ITIG726.acm

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\Messenger\\msmsgs.exe"=

R1 aswSP;avast! Self Protection;C:\WINDOWS\system32\drivers\aswSP.sys [2008-07-19 78416]
R1 cmdGuard;COMODO Firewall Pro Sandbox Driver;C:\WINDOWS\system32\DRIVERS\cmdguard.sys [2008-09-16 87056]
R1 cmdHlp;COMODO Firewall Pro Helper Driver;C:\WINDOWS\system32\DRIVERS\cmdhlp.sys [2008-09-16 24208]
R2 aswFsBlk;aswFsBlk;C:\WINDOWS\system32\DRIVERS\aswFsBlk.sys [2008-07-19 20560]
.

**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-09-19 03:15:01
Windows 5.1.2600 Service Pack 3 NTFS

tarkistaa piilotettuja prosesseja ...

tarkistaa piilotettuja käynnistysarvoja ...

tarkistaa piilotettuja tiedostoja ...

tarkistus on valmis
piilotetut tiedostot: 0

**************************************************************************
.
--------------------- Prosesseihin ladatut DLLt ---------------------

PROSESSI: C:\WINDOWS\system32\winlogon.exe
-> C:\WINDOWS\system32\guard32.dll

PROSESSI: C:\WINDOWS\system32\lsass.exe
-> C:\WINDOWS\system32\guard32.dll
.
Valmistumisajankohta: 2008-09-19 3:15:51
ComboFix-quarantined-files.txt 2008-09-19 00:15:47
ComboFix2.txt 2008-09-18 20:25:34

Pre-Run: 186,830,942,208 tavua vapaana
Post-Run: 186,832,404,480 tavua vapaana

410 --- E O F --- 2008-09-16 08:53:05

 

tais jäähä vielä yksi tuonne et kai ole vielä asentanut palomuuria

 

En oo.

 

Avaa Muistio ja kopioi/liitä quoteboxin sisältö sinne:

Nyt tuon punasella merkityn laitat tyhjään muistioon
käynnistä nappi >apuohjelmat > muistio

sittten vasemmasta ylä reunasta tiedosto > tallenna nimellä

Kohde: työpöytä

Tiedoston nimi: CFScript.txt

tallenusmuoto kaikki tiedostot

sitten raahaat sen kuvan osoitamalla tavalla. Työpöydällä Combofix.exe:een ja pudotat sen sinne.



combofix työstää tulee sininen taulu paina numeroa 1 ja enter

Pistä siintä tuleva loki tänne.

===============

sammuta ja käynnistä

 

ComboFix 08-09-16.05 - HP_Omistaja 2008-09-19 3:53:08.3 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1035.18.146 [GMT 3:00]
Sijainti: C:\Documents and Settings\HP_Omistaja\Työpöytä\ComboFix.exe
Command switches used :: C:\Documents and Settings\HP_Omistaja\Työpöytä\CFScript.txt
* Uusi palautuspiste luotu

VAROITUS - PALAUTUSKONSOLIA EI OLE ASENNETTU !!
.

(((((((((((((((((((((((((((((((((((((( Muut poistot ))))))))))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Program Files\COMODO

.
((((( Tiedostot, jotka on luotu seuraavalla aikavälillä: 2008-08-19 to 2008-09-19 )))))))))))))))))
.

2008-09-19 02:46 . 2008-09-19 02:46 <KANSIO> d-------- C:\Program Files\CCleaner
2008-09-19 02:16 . 2008-09-19 02:16 <KANSIO> d--h----- C:\Documents and Settings\HP_Omistaja\Verkkoympäristö
2008-09-19 01:13 . 2008-09-19 01:13 <KANSIO> d-------- C:\Program Files\Common Files\FotoWire
2008-09-19 01:13 . 2008-09-19 01:13 <KANSIO> d-------- C:\Documents and Settings\HP_Omistaja\Application Data\FotoWire
2008-09-19 00:13 . 2008-09-19 00:13 <KANSIO> d-------- C:\Documents and Settings\HP_Omistaja\Application Data\Malwarebytes
2008-09-19 00:08 . 2008-09-19 00:13 <KANSIO> d-------- C:\Program Files\Malwarebytes' Anti-Malware
2008-09-19 00:08 . 2008-09-19 00:08 <KANSIO> d-------- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2008-09-19 00:08 . 2008-09-08 00:11 38,528 --a------ C:\WINDOWS\system32\drivers\mbamswissarmy.sys
2008-09-19 00:08 . 2008-09-08 00:11 17,200 --a------ C:\WINDOWS\system32\drivers\mbam.sys
2008-09-18 23:45 . 2008-09-18 23:45 579,072 --a--c--- C:\WINDOWS\system32\dllcache\user32.dll
2008-09-18 23:44 . 2008-09-18 23:45 <KANSIO> d-------- C:\WINDOWS\ERUNT
2008-09-18 23:25 . 2008-09-18 23:25 <KANSIO> d-------- C:\Documents and Settings\Jõrjestelmõnvalvoja
2008-09-18 20:08 . 2008-09-18 20:08 <KANSIO> d-------- C:\Program Files\Trend Micro
2008-09-18 17:59 . 2008-09-19 03:09 <KANSIO> dr------- C:\Documents and Settings\HP_Omistaja\Suosikit
2008-09-18 17:52 . 2008-09-19 03:45 <KANSIO> dr------- C:\Documents and Settings\HP_Omistaja\Omat tiedostot
2008-09-18 17:48 . 2008-09-19 01:12 <KANSIO> d-------- C:\SXS
2008-09-18 17:47 . 2008-09-18 17:47 <KANSIO> dr------- C:\Documents and Settings\HP_Omistaja\Käynnistä-valikko
2008-09-18 17:47 . 2008-09-18 17:47 <KANSIO> d-------- C:\Documents and Settings\HP_Omistaja\Incomplete
2008-09-18 17:47 . 2008-09-18 17:47 <KANSIO> d-------- C:\Documents and Settings\HP_Omistaja\Contacts
2008-09-18 17:47 . 2008-09-18 17:47 <KANSIO> d-------- C:\Documents and Settings\HP_Omistaja\Application Data\zweitgeist
2008-09-18 17:47 . 2008-09-18 17:47 <KANSIO> d-------- C:\Documents and Settings\HP_Omistaja\Application Data\Template
2008-09-18 17:47 . 2008-09-18 17:47 <KANSIO> d-------- C:\Documents and Settings\HP_Omistaja\Application Data\Symantec
2008-09-18 17:47 . 2008-09-18 17:47 <KANSIO> d-------- C:\Documents and Settings\HP_Omistaja\Application Data\Sonic
2008-09-18 17:47 . 2008-09-18 17:47 <KANSIO> d-------- C:\Documents and Settings\HP_Omistaja\Application Data\ShredderChess
2008-09-18 17:47 . 2008-09-18 17:47 <KANSIO> d-------- C:\Documents and Settings\HP_Omistaja\Application Data\SampleView
2008-09-18 17:47 . 2008-09-18 17:47 <KANSIO> d-------- C:\Documents and Settings\HP_Omistaja\Application Data\Orbit
2008-09-18 17:47 . 2008-09-18 17:47 <KANSIO> d-------- C:\Documents and Settings\HP_Omistaja\Application Data\OpenOffice.org2
2008-09-18 17:47 . 2008-09-18 17:47 <KANSIO> d-------- C:\Documents and Settings\HP_Omistaja\Application Data\Nero
2008-09-18 17:47 . 2008-09-18 17:47 <KANSIO> d-------- C:\Documents and Settings\HP_Omistaja\Application Data\MSN6
2008-09-18 17:47 . 2008-09-18 17:47 <KANSIO> d-------- C:\Documents and Settings\HP_Omistaja\Application Data\Media Player Classic
2008-09-18 17:47 . 2008-09-18 17:47 <KANSIO> d-------- C:\Documents and Settings\HP_Omistaja\Application Data\LimeWire
2008-09-18 17:47 . 2008-09-18 17:47 <KANSIO> d-------- C:\Documents and Settings\HP_Omistaja\Application Data\Leadertech
2008-09-18 17:47 . 2008-09-18 17:47 <KANSIO> d-------- C:\Documents and Settings\HP_Omistaja\Application Data\Intervideo
2008-09-18 17:47 . 2008-09-18 17:47 <KANSIO> d-------- C:\Documents and Settings\HP_Omistaja\Application Data\GrabPro
2008-09-18 17:47 . 2008-09-18 17:47 <KANSIO> d-------- C:\Documents and Settings\HP_Omistaja\Application Data\FrostWire
2008-09-18 17:47 . 2008-09-18 17:47 <KANSIO> d-------- C:\Documents and Settings\HP_Omistaja\Application Data\DivX
2008-09-18 17:47 . 2008-09-19 00:32 <KANSIO> d-------- C:\Documents and Settings\HP_Omistaja\Application Data\Desktopicon
2008-09-18 17:47 . 2008-09-18 17:47 <KANSIO> d-------- C:\Documents and Settings\HP_Omistaja\Application Data\BSplayer Pro
2008-09-18 17:47 . 2008-09-18 17:47 <KANSIO> d-------- C:\Documents and Settings\HP_Omistaja\Application Data\BSplayer
2008-09-18 17:47 . 2008-09-18 17:47 <KANSIO> d-------- C:\Documents and Settings\HP_Omistaja\Application Data\AVS4YOU
2008-09-18 17:47 . 2008-09-18 17:47 <KANSIO> d-------- C:\Documents and Settings\HP_Omistaja\Application Data\ArcSoft
2008-09-18 17:47 . 2008-09-18 17:47 <KANSIO> d-------- C:\Documents and Settings\HP_Omistaja\Application Data\Apple Computer
2008-09-18 17:47 . 2008-09-18 17:47 <KANSIO> d-------- C:\Documents and Settings\HP_Omistaja\Application Data\AdobeUM
2008-09-18 17:47 . 2008-09-18 17:47 <KANSIO> d-------- C:\Documents and Settings\HP_Omistaja\Application Data\.wyzo
2008-09-18 17:46 . 2008-09-18 17:46 <KANSIO> d-------- C:\Documents and Settings\HP_Omistaja\WINDOWS
2008-09-18 17:46 . 2008-09-19 01:52 <KANSIO> d--hs---- C:\Documents and Settings\HP_Omistaja\UserData
2008-09-18 17:46 . 2008-09-19 03:53 <KANSIO> d-------- C:\Documents and Settings\HP_Omistaja\Työpöytä
2008-09-18 17:46 . 2008-09-18 17:46 <KANSIO> d--h----- C:\Documents and Settings\HP_Omistaja\Tulostinympäristö
2008-09-18 17:46 . 2008-09-18 17:46 <KANSIO> d--h----- C:\Documents and Settings\HP_Omistaja\Mallit
2008-09-18 17:46 . 2008-09-19 02:47 <KANSIO> d-------- C:\Documents and Settings\HP_Omistaja
2008-09-18 17:43 . 2008-09-18 17:46 <KANSIO> d-------- C:\Documents and Settings\Netta\Suosikit
2008-09-18 17:43 . 2008-09-18 17:46 <KANSIO> d-------- C:\Documents and Settings\Netta\Omat tiedostot
2008-09-18 17:43 . 2008-09-18 17:46 <KANSIO> d-------- C:\Documents and Settings\Netta\Mallit
2008-09-18 17:43 . 2004-01-01 12:34 <KANSIO> d-------- C:\Documents and Settings\Netta\Application Data\Intervideo
2008-09-18 17:43 . 2008-09-18 17:46 <KANSIO> d---s---- C:\Documents and Settings\Netta
2008-09-18 15:13 . 2008-09-18 15:13 <KANSIO> d-------- C:\Documents and Settings\Vieras\Application Data\Nero
2008-09-18 15:12 . 2004-01-01 12:42 <KANSIO> d-------- C:\Documents and Settings\Vieras\WINDOWS
2008-09-18 15:12 . 2004-01-01 09:20 <KANSIO> d--h----- C:\Documents and Settings\Vieras\Verkkoympäristö
2008-09-18 15:12 . 2004-01-01 09:20 <KANSIO> d-------- C:\Documents and Settings\Vieras\Työpöytä
2008-09-18 15:12 . 2004-01-01 09:20 <KANSIO> d--h----- C:\Documents and Settings\Vieras\Tulostinympäristö
2008-09-18 15:12 . 2008-09-18 17:58 <KANSIO> dr------- C:\Documents and Settings\Vieras\Suosikit
2008-09-18 15:12 . 2008-09-18 15:12 <KANSIO> dr------- C:\Documents and Settings\Vieras\Omat tiedostot
2008-09-18 15:12 . 2008-08-29 20:38 <KANSIO> d--h----- C:\Documents and Settings\Vieras\Mallit
2008-09-18 15:12 . 2008-08-29 20:37 <KANSIO> dr------- C:\Documents and Settings\Vieras\Käynnistä-valikko
2008-09-18 15:12 . 2004-01-01 13:09 <KANSIO> d-------- C:\Documents and Settings\Vieras\Application Data\SampleView
2008-09-18 15:12 . 2004-01-01 12:34 <KANSIO> d-------- C:\Documents and Settings\Vieras\Application Data\Intervideo
2008-09-18 15:12 . 2004-01-01 12:42 <KANSIO> d-------- C:\Documents and Settings\Vieras\Application Data\Apple Computer
2008-09-18 15:12 . 2008-09-18 17:49 <KANSIO> d-------- C:\Documents and Settings\Vieras
2008-09-17 22:49 . 2008-09-17 22:49 244 --ah----- C:\sqmnoopt05.sqm
2008-09-17 22:49 . 2008-09-17 22:49 232 --ah----- C:\sqmdata05.sqm
2008-09-17 19:36 . 2008-07-04 09:34 860,160 --a------ C:\WINDOWS\system32\lameACM.acm
2008-09-17 19:36 . 2008-01-10 15:15 755,027 --a------ C:\WINDOWS\system32\xvidcore.dll
2008-09-17 19:36 . 2004-01-25 19:18 217,088 --a------ C:\WINDOWS\system32\yv12vfw.dll
2008-09-17 19:36 . 2007-09-04 19:56 164,352 --a------ C:\WINDOWS\system32\unrar.dll
2008-09-17 19:36 . 2008-01-10 15:16 159,839 --a------ C:\WINDOWS\system32\xvidvfw.dll
2008-09-17 19:36 . 2007-09-21 03:52 118,784 --a------ C:\WINDOWS\system32\ac3acm.acm
2008-09-17 19:36 . 2007-10-03 18:03 414 --a------ C:\WINDOWS\system32\lame_acm.xml
2008-09-17 19:36 . 2008-07-30 22:09 38 --a------ C:\WINDOWS\avisplitter.ini
2008-09-17 19:35 . 2008-07-23 19:50 3,596,288 --a------ C:\WINDOWS\system32\qt-dx331.dll
2008-09-17 19:35 . 2008-07-25 11:34 683,520 --a------ C:\WINDOWS\system32\divx.dll
2008-09-17 19:35 . 2008-07-25 11:34 81,920 --a------ C:\WINDOWS\system32\dpl100.dll
2008-09-17 19:35 . 2008-06-12 21:36 7,680 --a------ C:\WINDOWS\system32\ff_vfw.dll
2008-09-17 19:35 . 2007-07-10 19:10 547 --a------ C:\WINDOWS\system32\ff_vfw.dll.manifest
2008-09-17 18:53 . 2008-09-17 18:53 244 --ah----- C:\sqmnoopt04.sqm
2008-09-17 18:53 . 2008-09-17 18:53 232 --ah----- C:\sqmdata04.sqm
2008-09-17 13:29 . 2008-09-17 13:29 <KANSIO> d-------- C:\WINDOWS\system32\mC02
2008-09-17 13:29 . 2008-09-17 13:29 <KANSIO> d-------- C:\Temp\mtc2
2008-09-17 13:29 . 2008-09-17 13:29 <KANSIO> d-------- C:\Temp
2008-09-17 09:05 . 2008-09-17 09:05 244 --ah----- C:\sqmnoopt03.sqm
2008-09-17 09:05 . 2008-09-17 09:05 232 --ah----- C:\sqmdata03.sqm
2008-09-16 20:51 . 2008-09-16 20:51 244 --ah----- C:\sqmnoopt02.sqm
2008-09-16 20:51 . 2008-09-16 20:51 232 --ah----- C:\sqmdata02.sqm
2008-09-16 15:25 . 2008-09-16 15:24 249,592 --a------ C:\WINDOWS\system32\cssdll32.dll
2008-09-16 15:23 . 2008-09-16 15:23 87,056 --a------ C:\WINDOWS\system32\drivers\cmdguard.sys
2008-09-16 15:23 . 2008-09-16 15:23 24,208 --a------ C:\WINDOWS\system32\drivers\cmdhlp.sys
2008-09-16 11:52 . 2008-09-16 11:52 <KANSIO> d-------- C:\Program Files\Microsoft CAPICOM 2.1.0.2
2008-09-16 11:44 . 2008-07-18 22:07 270,880 --a------ C:\WINDOWS\system32\mucltui.dll
2008-09-16 11:44 . 2008-07-18 22:07 210,976 --a------ C:\WINDOWS\system32\muweb.dll
2008-09-16 11:44 . 2008-07-18 22:07 29,728 --a------ C:\WINDOWS\system32\mucltui.dll.mui
2008-09-16 03:56 . 2008-09-16 03:56 244 --ah----- C:\sqmnoopt01.sqm
2008-09-16 03:56 . 2008-09-16 03:56 232 --ah----- C:\sqmdata01.sqm
2008-09-16 02:54 . 2008-09-16 15:23 143,104 --a------ C:\WINDOWS\system32\guard32.dll
2008-09-15 23:46 . 2008-09-15 23:46 0 --a------ C:\WINDOWS\nsreg.dat
2008-09-15 21:42 . 2008-09-15 21:42 268 --ah----- C:\sqmdata00.sqm
2008-09-15 21:42 . 2008-09-15 21:42 244 --ah----- C:\sqmnoopt00.sqm
2008-09-15 20:06 . 2008-09-18 01:57 <KANSIO> d-------- C:\Program Files\Windows Live
2008-09-15 20:06 . 2008-09-15 20:09 <KANSIO> d--hsc--- C:\Program Files\Common Files\WindowsLiveInstaller
2008-09-15 20:05 . 2008-09-15 20:05 <KANSIO> d-------- C:\Documents and Settings\All Users\Application Data\WLInstaller
2008-09-15 18:05 . 2008-06-10 02:32 73,728 --a------ C:\WINDOWS\system32\javacpl.cpl
2008-09-15 17:51 . 2008-09-15 17:51 <KANSIO> d-------- C:\WINDOWS\Sun
2008-09-14 23:34 . 2008-09-14 23:34 <KANSIO> d-------- C:\Program Files\Common Files\Adobe
2008-09-14 23:34 . 2008-09-14 23:32 286,720 --a------ C:\WINDOWS\iun504.exe
2008-09-14 21:07 . 2002-12-20 19:12 41,984 --a------ C:\WINDOWS\UnGins.exe
2008-09-14 19:31 . 2008-09-14 19:31 <KANSIO> d-------- C:\TETRISC
2008-09-08 23:37 . 2008-09-15 20:11 <KANSIO> d----c--- C:\WINDOWS\system32\DRVSTORE
2008-09-08 18:55 . 2004-01-01 12:42 <KANSIO> d-------- C:\Documents and Settings\Järjestelmänvalvoja\WINDOWS
2008-09-08 18:55 . 2004-01-01 12:42 <KANSIO> d-------- C:\Documents and Settings\Järjestelmänvalvoja\WINDOWS
2008-09-08 18:55 . 2004-01-01 09:20 <KANSIO> d--h----- C:\Documents and Settings\Järjestelmänvalvoja\Verkkoympäristö
2008-09-08 18:55 . 2004-01-01 09:20 <KANSIO> d--h----- C:\Documents and Settings\Järjestelmänvalvoja\Verkkoympäristö
2008-09-08 18:55 . 2008-09-18 17:47 <KANSIO> d-------- C:\Documents and Settings\Järjestelmänvalvoja\Työpöytä
2008-09-08 18:55 . 2008-09-18 17:47 <KANSIO> d-------- C:\Documents and Settings\Järjestelmänvalvoja\Työpöytä
2008-09-08 18:55 . 2004-01-01 09:20 <KANSIO> d--h----- C:\Documents and Settings\Järjestelmänvalvoja\Tulostinympäristö
2008-09-08 18:55 . 2004-01-01 09:20 <KANSIO> d--h----- C:\Documents and Settings\Järjestelmänvalvoja\Tulostinympäristö
2008-09-08 18:55 . 2008-08-29 20:37 <KANSIO> dr------- C:\Documents and Settings\Järjestelmänvalvoja\Suosikit
2008-09-08 18:55 . 2008-08-29 20:37 <KANSIO> dr------- C:\Documents and Settings\Järjestelmänvalvoja\Suosikit

.
(((((((((((((((((((((((((((((((((((( Find3M-raportti ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-09-17 22:46 --------- d-----w C:\Documents and Settings\All Users\Application Data\Apple Computer
2008-09-17 22:43 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-09-15 15:05 --------- d-----w C:\Program Files\Java
2008-09-09 00:13 --------- d-----w C:\Program Files\Easy Internet signup
2008-09-08 19:57 --------- d-----w C:\Documents and Settings\All Users\Application Data\QuickTime
2008-08-29 09:30 --------- d-----w C:\Program Files\Common Files\Symantec Shared
2008-08-29 07:46 --------- d-----w C:\Program Files\InterVideo
2008-07-23 16:50 43,528 ------w C:\WINDOWS\system32\drivers\pxhelp20.sys
2008-07-18 19:10 94,920 ----a-w C:\WINDOWS\system32\cdm.dll
2008-07-18 19:10 53,448 ----a-w C:\WINDOWS\system32\wuauclt.exe
2008-07-18 19:10 45,768 ----a-w C:\WINDOWS\system32\wups2.dll
2008-07-18 19:10 36,552 ----a-w C:\WINDOWS\system32\wups.dll
2008-07-18 19:09 563,912 ----a-w C:\WINDOWS\system32\wuapi.dll
2008-07-18 19:09 325,832 ----a-w C:\WINDOWS\system32\wucltui.dll
2008-07-18 19:09 205,000 ----a-w C:\WINDOWS\system32\wuweb.dll
2008-07-18 19:09 1,811,656 ----a-w C:\WINDOWS\system32\wuaueng.dll
2008-07-07 20:28 253,952 ----a-w C:\WINDOWS\system32\es.dll
2008-06-24 16:44 74,240 ----a-w C:\WINDOWS\system32\mscms.dll
2008-06-24 15:12 295,936 ------w C:\WINDOWS\system32\wmpeffects.dll
2008-06-24 13:06 972,072 ----a-w C:\WINDOWS\UNNeroMediaHome.exe
2008-06-23 16:29 826,368 ----a-w C:\WINDOWS\system32\wininet.dll
2008-06-20 17:47 246,784 ----a-w C:\WINDOWS\system32\mswsock.dll
.

((((((((((((((((((((((((((((( snapshot@2008-09-18_23.25.00.92 )))))))))))))))))))))))))))))))))))))))))
.
+ 2008-08-07 13:27:04 163,328 ----a-w C:\WINDOWS\ERUNT\SDFIX\ERDNT.EXE
+ 2008-09-18 20:45:16 4,407,296 ----a-w C:\WINDOWS\ERUNT\SDFIX\Users\00000001\ntuser.dat
+ 2008-09-18 20:45:16 237,568 ----a-w C:\WINDOWS\ERUNT\SDFIX\Users\00000002\UsrClass.dat
+ 2008-08-07 13:27:04 163,328 ----a-w C:\WINDOWS\ERUNT\SDFIX_First_Run\ERDNT.EXE
+ 2008-09-18 20:45:04 4,407,296 ----a-w C:\WINDOWS\ERUNT\SDFIX_First_Run\Users\00000001\ntuser.dat
+ 2008-09-18 20:45:04 237,568 ----a-w C:\WINDOWS\ERUNT\SDFIX_First_Run\Users\00000002\UsrClass.dat
- 2008-08-30 18:10:32 25,214 ----a-r C:\WINDOWS\Installer\{A488D63E-B3DD-4423-892F-2F2EC8909518}\MainApp.exe
+ 2008-09-18 22:12:39 25,214 ----a-r C:\WINDOWS\Installer\{A488D63E-B3DD-4423-892F-2F2EC8909518}\MainApp.exe
+ 2008-09-18 23:11:13 16,384 ----atw C:\WINDOWS\Temp\Perflib_Perfdata_674.dat
.
(((((((((((((((((((((((((((((( Rekisterin käynnistyskohteet )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Huom* Tyhjiä arvoja ja laillisia oletusarvoja ei näytetä
REGEDIT4

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{2C688203-7EB3-4327-9995-1CB417BA23F9}"= "C:\Program Files\BS.Player ControlBar\BSToolbar.dll" [2008-08-11 757192]

[HKEY_CLASSES_ROOT\clsid\{2c688203-7eb3-4327-9995-1cb417ba23f9}]
[HKEY_CLASSES_ROOT\BSToolbar.ToolBandObj.1]
[HKEY_CLASSES_ROOT\TypeLib\{1FC79FB5-E4BD-48c8-B2E9-B8E74DB2C3A9}]
[HKEY_CLASSES_ROOT\BSToolbar.ToolBandObj]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{2C688203-7EB3-4327-9995-1CB417BA23F9}"= "C:\Program Files\BS.Player ControlBar\BSToolbar.dll" [2008-08-11 757192]

[HKEY_CLASSES_ROOT\clsid\{2c688203-7eb3-4327-9995-1cb417ba23f9}]
[HKEY_CLASSES_ROOT\BSToolbar.ToolBandObj.1]
[HKEY_CLASSES_ROOT\TypeLib\{1FC79FB5-E4BD-48c8-B2E9-B8E74DB2C3A9}]
[HKEY_CLASSES_ROOT\BSToolbar.ToolBandObj]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe" [2008-06-24 1840424]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2008-04-14 15360]
"WMPNSCFG"="C:\Program Files\Windows Media Player\WMPNSCFG.exe" [2006-11-15 204288]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"hpsysdrv"="c:\windows\system\hpsysdrv.exe" [1998-05-07 52736]
"KBD"="C:\HP\KBD\KBD.EXE" [2003-02-11 61440]
"Recguard"="C:\WINDOWS\SMINST\RECGUARD.EXE" [2004-04-14 233472]
"PS2"="C:\WINDOWS\system32\ps2.exe" [2002-10-16 81920]
"LogitechVideoRepair"="C:\Program Files\Logitech\Video\ISStart.exe" [2003-12-16 188416]
"LogitechVideoTray"="C:\Program Files\Logitech\Video\LogiTray.exe" [2003-12-16 77824]
"LogitechGalleryRepair"="C:\Program Files\Logitech\Video\ISStart.exe" [2003-12-16 188416]
"VTTimer"="VTTimer.exe" [2004-03-26 C:\WINDOWS\system32\VTTimer.exe]
"AGRSMMSG"="AGRSMMSG.exe" [2004-06-29 C:\WINDOWS\AGRSMMSG.exe]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"NoResolveSearch"= 1 (0x1)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"= C:\WINDOWS\system32\guard32.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"VIDC.YV12"= yv12vfw.dll
"msacm.enc"= ITIG726.acm

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\Messenger\\msmsgs.exe"=
"C:\\Program Files\\Malwarebytes' Anti-Malware\\mbam.exe"=

R1 aswSP;avast! Self Protection;C:\WINDOWS\system32\drivers\aswSP.sys [2008-07-19 78416]
R1 cmdGuard;COMODO Firewall Pro Sandbox Driver;C:\WINDOWS\system32\DRIVERS\cmdguard.sys [2008-09-16 87056]
R1 cmdHlp;COMODO Firewall Pro Helper Driver;C:\WINDOWS\system32\DRIVERS\cmdhlp.sys [2008-09-16 24208]
R2 aswFsBlk;aswFsBlk;C:\WINDOWS\system32\DRIVERS\aswFsBlk.sys [2008-07-19 20560]
.

**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-09-19 03:54:48
Windows 5.1.2600 Service Pack 3 NTFS

tarkistaa piilotettuja prosesseja ...

tarkistaa piilotettuja käynnistysarvoja ...

tarkistaa piilotettuja tiedostoja ...

tarkistus on valmis
piilotetut tiedostot: 0

**************************************************************************
.
--------------------- Prosesseihin ladatut DLLt ---------------------

PROSESSI: C:\WINDOWS\system32\winlogon.exe
-> C:\WINDOWS\system32\guard32.dll

PROSESSI: C:\WINDOWS\system32\lsass.exe
-> C:\WINDOWS\system32\guard32.dll
.
Valmistumisajankohta: 2008-09-19 3:55:35
ComboFix-quarantined-files.txt 2008-09-19 00:55:31
ComboFix2.txt 2008-09-19 00:15:52
ComboFix3.txt 2008-09-18 20:25:34

Pre-Run: 186,804,957,184 tavua vapaana
Post-Run: 186,802,552,832 tavua vapaana

247 --- E O F --- 2008-09-16 08:53:05

 

Mikäs on tilanne
Malwarebytes' Anti-Malware joko on uusin versio
ja täysi scannaus päivitykset onnistuu

 

On ainakin uudempi versio. Kai uusin on 1.28 ?

Pistin sen nyt töihin (täyteen tarkastukseen).

Oonko nyt tehny, kuten piti?

 

kun aukaset sen ja klikkaat välilehteä päivitys

onko siellä

Tietokanta versio 1171

versio 1.28

Jos on niin ei muuta kuin tarkistusta käyntiin ja täysi tarkistus

 

Ei ole. Tuolla lukee, että tietokantaversio 1134.

Ja kun valitsee, että tarkista päivitykset, tulee tämä:



Palomuuri ei ole missään vaiheessa kysyny tuosta ohjelmasta mitään. Kaippa se palomuuri kuitenkin on tällä koneella, kun tt-keskus niin näyttää.

Kokeilin tuota ko. ohjelmaa tuonne windowsin palomuurin poikkeuksiin, että se sallis sen, muttei se (ilmeisesti) sallinut.

 

katos tietoturva asetuksista mitä se väittää palomuuriksi

ohjauspanelista

 

Käsittääkseni tuota Windowsin omaa muuria.

Kun painaa tuosta palomuurista, se ei näytä tarkkoja tietoja, vaan sanoo, että ainakin yksi asennetuista palomuureista on käytössä.

Mutta jos painaa virusten torjunnasta, niin se kertoo, mikä ohjelma on käytössä.

En oikein keksi, miten sais selville, mikä palomuuri on käytössä.

 

jeps .....

Poista lisää poista sovelutuksesta

Malwarebytes' Anti-Malware

Poista kansio vikasiedossa

C:\Program Files\Malwarebytes' Anti-Malware

=================

Nyt tuon punasella merkityn Kopioit / liität Tyhjään muistioon
käynnistä nappi >apuohjelmat > muistio

Sittten vasemmasta yläreunasta tiedosto > tallenna nimellä

Kohde: työpöytä

Tiedostonimi: CFScript.txt

Tallenusmuoto kaikki tiedostot

Tallena nappi

Sitten raahaat sen kuvan osoitamalla tavalla. Työpöydällä Combofix.exe:een ja pudotat sen sinne.



combofix työstää tulee sininen taulu paina numeroa 1 ja enter

Laita loki tänne

========

Sammuta ja käynnistä

 

Kun pudotin muistion ComboFixiin, tuli tällanen ikkuna:

Windows ei voi käyttää määritettyä laitetta, polkua tai tiedostoa. Sinulla ei ehkä ole tarvittavia käyttöoikeuksia.

 

Johan menee huumoriksi..

scannaa uusi hjt:n loki oiskohan siihen tarvittavat oikeudet.

 

No juu =) Komia ketjukin ollaan saatu aikaseksi.

Varmaankin tarkotit tän tänne laitettavaks:


Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 05:31:44, on 19.9.2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16705)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\windows\system\hpsysdrv.exe
C:\HP\KBD\KBD.EXE
C:\WINDOWS\system32\VTTimer.exe
C:\WINDOWS\AGRSMMSG.exe
C:\Program Files\Logitech\Video\LogiTray.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Windows Media Player\WMPNSCFG.exe
C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
C:\WINDOWS\system32\IoctlSvc.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\internet explorer\iexplore.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=FI_FI&c=Q404&bd=pavilion&pf=desktop
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.fi/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=FI_FI&c=Q404&bd=pavilion&pf=desktop
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Linkit
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O3 - Toolbar: HP-näkymä - {B2847E28-5D7D-4DEB-8B67-05D28BCF79F5} - c:\Program Files\HP\Digital Imaging\bin\HPDTLK02.dll
O3 - Toolbar: BS.Player ControlBar - {2C688203-7EB3-4327-9995-1CB417BA23F9} - C:\Program Files\BS.Player ControlBar\BSToolbar.dll
O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe
O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD.EXE
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [VTTimer] VTTimer.exe
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [PS2] C:\WINDOWS\system32\ps2.exe
O4 - HKLM\..\Run: [LogitechVideoRepair] C:\Program Files\Logitech\Video\ISStart.exe
O4 - HKLM\..\Run: [LogitechVideoTray] C:\Program Files\Logitech\Video\LogiTray.exe
O4 - HKLM\..\Run: [LogitechGalleryRepair] C:\Program Files\Logitech\Video\ISStart.exe
O4 - HKCU\..\Run: [IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe" ASO-616B5711-6DAE-4795-A05F-39A1E5104020
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Paikallinen palve')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Verkkopalve')
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O20 - AppInit_DLLs: C:\WINDOWS\system32\guard32.dll
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
O23 - Service: PLFlash DeviceIoControl Service - Prolific Technology Inc. - C:\WINDOWS\system32\IoctlSvc.exe

--
End of file - 5321 bytes

 

scannaa hjt:llä merkkaa paina Fix checked

O20 - AppInit_DLLs: C:\WINDOWS\system32\guard32.dll

Lataa KillBox http://www.killbox.net/downloads/KillBox.exe

Tallenna työpöydälle. Jolloin ilmestyy kuvake KillBox.exe

Avaa KillBox ja laita "täppi" kohtaan Delete on Reboot sekä paina kohdasta All Files niin ,että se alkaa "vilkkumaan" vihreänä.

Kopioi tuosta alta kaikki yhtäaikkaa

C:\WINDOWS\system32\guard32.dll

Valitse ylhäältä valikosta File ja sitten Paste from Clipboard.

Riville Full Path of File to Delete ilmestyy jokin annetuista poluista ja tiedosto näkyy rivin alapuolella sinisellä merkittynä jos se löytyy koneelta.Paina tämän jälkeen oikealla olevaa punaista ympyrää jossa on valkoinen rasti.

Haluatko buutata nyt ? Vastaa tähän Kyllä

Tämän jälkeen kone buuttaa itsensä. Jos ei buuttaa niin suorita toimenpide itse "käsin".


onkos sulla toi

Malwarebytes' Anti-Malware hommissa koko ajan

 

Nuo sujui ongelmitta.

Ei oo Malwarebytes hommissa.
Eikö se ohjelma poistettu jossain vaiheessa?

Asensin uudestaan, mutta taas sama laulu.

Nyt muuten toimii tuon muistion tiputtaminen ComboFix.exeen.
Laitanko lokin?

 

hei katos mitä tohon ylös laitoin
Malwarebytes' Anti-Malware

Laita vain mutta on sen koneen käyttöjärjestelmä kiikerällä pohjalla...

Nyt pitäis jo avastin pallo olla pois kellon vierestä.

Onkos siihen yritetty vistaa tai onko vista poistettu ja xp tilalle

 

ComboFix 08-09-16.05 - HP_Omistaja 2008-09-19 5:55:17.4 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1035.18.173 [GMT 3:00]
Sijainti: C:\Documents and Settings\HP_Omistaja\Työpöytä\ComboFix.exe.exe
Command switches used :: C:\Documents and Settings\HP_Omistaja\Työpöytä\CFScript.txt.txt
* Uusi palautuspiste luotu

VAROITUS - PALAUTUSKONSOLIA EI OLE ASENNETTU !!
.

(((((((((((((((((((((((((((((((((((((( Muut poistot ))))))))))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Documents and Settings\All Users\Application Data\Malwarebytes
C:\Documents and Settings\All Users\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\ignore.dat
C:\Documents and Settings\HP_Omistaja\Application Data\Malwarebytes
C:\Documents and Settings\HP_Omistaja\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\mbam-log-2008-09-19 (00-32-09).txt
C:\Documents and Settings\HP_Omistaja\Application Data\Symantec
C:\Documents and Settings\HP_Omistaja\Application Data\Symantec\Shared\Options.VcPref
C:\Program Files\Common Files\Symantec Shared
C:\Program Files\Common Files\Symantec Shared\AdBlocking\PxyLog.dll
C:\Program Files\Common Files\Symantec Shared\Help\I_AutoLU.chm
C:\Program Files\Common Files\Symantec Shared\Help\IDS.chm
C:\Program Files\Common Files\Symantec Shared\Help\location.chm
C:\Program Files\Common Files\Symantec Shared\Help\NIS_acc.chm
C:\Program Files\Common Files\Symantec Shared\Help\NIS_dis.chm
C:\Program Files\Common Files\Symantec Shared\Help\NIS_mon.chm
C:\Program Files\Common Files\Symantec Shared\Help\NIS_opts.chm
C:\Program Files\Common Files\Symantec Shared\Help\NIS_task.chm
C:\Program Files\Common Files\Symantec Shared\Help\NIS_unin.chm
C:\Program Files\Common Files\Symantec Shared\Help\privctrl.chm
C:\Program Files\Common Files\Symantec Shared\IraLsClt.dll
C:\Program Files\Common Files\Symantec Shared\LiveReg\Catalog.LiveSubscribe
C:\Program Files\Common Files\Symantec Shared\LiveReg\Defaults.liveReg
C:\Program Files\Common Files\Symantec Shared\LiveReg\iraDefA2.dll
C:\Program Files\Common Files\Symantec Shared\LiveReg\IraLrShl.exe
C:\Program Files\Common Files\Symantec Shared\LiveReg\iraLSCl2.dll
C:\Program Files\Common Files\Symantec Shared\LiveReg\iraLSUI.dll
C:\Program Files\Common Files\Symantec Shared\LiveReg\IraVcLc3.dll
C:\Program Files\Common Files\Symantec Shared\LiveReg\IraVcObj.dll
C:\Program Files\Common Files\Symantec Shared\LiveReg\LRCtrl.dll
C:\Program Files\Common Files\Symantec Shared\LiveReg\LRRes.dll
C:\Program Files\Common Files\Symantec Shared\LiveReg\LrResEN.dll
C:\Program Files\Common Files\Symantec Shared\LiveReg\LRWebWnd.dll
C:\Program Files\Common Files\Symantec Shared\LiveReg\LSCtrl.dll
C:\Program Files\Common Files\Symantec Shared\LiveReg\LSPlugin.dll
C:\Program Files\Common Files\Symantec Shared\LiveReg\symcsub.exe
C:\Program Files\Common Files\Symantec Shared\LiveReg\Watermrk.gif
C:\Program Files\Common Files\Symantec Shared\LiveReg\VcCleanUp.exe
C:\Program Files\Common Files\Symantec Shared\LiveReg\VcResEN.dll
C:\Program Files\Common Files\Symantec Shared\LiveReg\VcSetup.exe
C:\WINDOWS\system32\cssdll32.dll

.
((((( Tiedostot, jotka on luotu seuraavalla aikavälillä: 2008-08-19 to 2008-09-19 )))))))))))))))))
.

2008-09-19 05:47 . 2008-09-19 05:48 <KANSIO> d-------- C:\!KillBox
2008-09-19 02:46 . 2008-09-19 02:46 <KANSIO> d-------- C:\Program Files\CCleaner
2008-09-19 02:16 . 2008-09-19 02:16 <KANSIO> d--h----- C:\Documents and Settings\HP_Omistaja\Verkkoympäristö
2008-09-19 01:13 . 2008-09-19 01:13 <KANSIO> d-------- C:\Program Files\Common Files\FotoWire
2008-09-19 01:13 . 2008-09-19 01:13 <KANSIO> d-------- C:\Documents and Settings\HP_Omistaja\Application Data\FotoWire
2008-09-18 23:45 . 2008-09-18 23:45 579,072 --a--c--- C:\WINDOWS\system32\dllcache\user32.dll
2008-09-18 23:44 . 2008-09-18 23:45 <KANSIO> d-------- C:\WINDOWS\ERUNT
2008-09-18 23:25 . 2008-09-18 23:25 <KANSIO> d-------- C:\Documents and Settings\Jõrjestelmõnvalvoja
2008-09-18 20:08 . 2008-09-18 20:08 <KANSIO> d-------- C:\Program Files\Trend Micro
2008-09-18 17:59 . 2008-09-19 05:50 <KANSIO> dr------- C:\Documents and Settings\HP_Omistaja\Suosikit
2008-09-18 17:52 . 2008-09-19 05:44 <KANSIO> dr------- C:\Documents and Settings\HP_Omistaja\Omat tiedostot
2008-09-18 17:48 . 2008-09-19 01:12 <KANSIO> d-------- C:\SXS
2008-09-18 17:47 . 2008-09-18 17:47 <KANSIO> dr------- C:\Documents and Settings\HP_Omistaja\Käynnistä-valikko
2008-09-18 17:47 . 2008-09-18 17:47 <KANSIO> d-------- C:\Documents and Settings\HP_Omistaja\Incomplete
2008-09-18 17:47 . 2008-09-18 17:47 <KANSIO> d-------- C:\Documents and Settings\HP_Omistaja\Contacts
2008-09-18 17:47 . 2008-09-18 17:47 <KANSIO> d-------- C:\Documents and Settings\HP_Omistaja\Application Data\zweitgeist
2008-09-18 17:47 . 2008-09-18 17:47 <KANSIO> d-------- C:\Documents and Settings\HP_Omistaja\Application Data\Template
2008-09-18 17:47 . 2008-09-18 17:47 <KANSIO> d-------- C:\Documents and Settings\HP_Omistaja\Application Data\Sonic
2008-09-18 17:47 . 2008-09-18 17:47 <KANSIO> d-------- C:\Documents and Settings\HP_Omistaja\Application Data\ShredderChess
2008-09-18 17:47 . 2008-09-18 17:47 <KANSIO> d-------- C:\Documents and Settings\HP_Omistaja\Application Data\SampleView
2008-09-18 17:47 . 2008-09-18 17:47 <KANSIO> d-------- C:\Documents and Settings\HP_Omistaja\Application Data\Orbit
2008-09-18 17:47 . 2008-09-18 17:47 <KANSIO> d-------- C:\Documents and Settings\HP_Omistaja\Application Data\OpenOffice.org2
2008-09-18 17:47 . 2008-09-18 17:47 <KANSIO> d-------- C:\Documents and Settings\HP_Omistaja\Application Data\Nero
2008-09-18 17:47 . 2008-09-18 17:47 <KANSIO> d-------- C:\Documents and Settings\HP_Omistaja\Application Data\MSN6
2008-09-18 17:47 . 2008-09-18 17:47 <KANSIO> d-------- C:\Documents and Settings\HP_Omistaja\Application Data\Media Player Classic
2008-09-18 17:47 . 2008-09-18 17:47 <KANSIO> d-------- C:\Documents and Settings\HP_Omistaja\Application Data\LimeWire
2008-09-18 17:47 . 2008-09-18 17:47 <KANSIO> d-------- C:\Documents and Settings\HP_Omistaja\Application Data\Leadertech
2008-09-18 17:47 . 2008-09-18 17:47 <KANSIO> d-------- C:\Documents and Settings\HP_Omistaja\Application Data\Intervideo
2008-09-18 17:47 . 2008-09-18 17:47 <KANSIO> d-------- C:\Documents and Settings\HP_Omistaja\Application Data\GrabPro
2008-09-18 17:47 . 2008-09-18 17:47 <KANSIO> d-------- C:\Documents and Settings\HP_Omistaja\Application Data\FrostWire
2008-09-18 17:47 . 2008-09-18 17:47 <KANSIO> d-------- C:\Documents and Settings\HP_Omistaja\Application Data\DivX
2008-09-18 17:47 . 2008-09-19 00:32 <KANSIO> d-------- C:\Documents and Settings\HP_Omistaja\Application Data\Desktopicon
2008-09-18 17:47 . 2008-09-18 17:47 <KANSIO> d-------- C:\Documents and Settings\HP_Omistaja\Application Data\BSplayer Pro
2008-09-18 17:47 . 2008-09-18 17:47 <KANSIO> d-------- C:\Documents and Settings\HP_Omistaja\Application Data\BSplayer
2008-09-18 17:47 . 2008-09-18 17:47 <KANSIO> d-------- C:\Documents and Settings\HP_Omistaja\Application Data\AVS4YOU
2008-09-18 17:47 . 2008-09-18 17:47 <KANSIO> d-------- C:\Documents and Settings\HP_Omistaja\Application Data\ArcSoft
2008-09-18 17:47 . 2008-09-18 17:47 <KANSIO> d-------- C:\Documents and Settings\HP_Omistaja\Application Data\Apple Computer
2008-09-18 17:47 . 2008-09-18 17:47 <KANSIO> d-------- C:\Documents and Settings\HP_Omistaja\Application Data\AdobeUM
2008-09-18 17:47 . 2008-09-18 17:47 <KANSIO> d-------- C:\Documents and Settings\HP_Omistaja\Application Data\.wyzo
2008-09-18 17:46 . 2008-09-18 17:46 <KANSIO> d-------- C:\Documents and Settings\HP_Omistaja\WINDOWS
2008-09-18 17:46 . 2008-09-19 01:52 <KANSIO> d--hs---- C:\Documents and Settings\HP_Omistaja\UserData
2008-09-18 17:46 . 2008-09-19 05:55 <KANSIO> d-------- C:\Documents and Settings\HP_Omistaja\Työpöytä
2008-09-18 17:46 . 2008-09-18 17:46 <KANSIO> d--h----- C:\Documents and Settings\HP_Omistaja\Tulostinympäristö
2008-09-18 17:46 . 2008-09-18 17:46 <KANSIO> d--h----- C:\Documents and Settings\HP_Omistaja\Mallit
2008-09-18 17:46 . 2008-09-19 02:47 <KANSIO> d-------- C:\Documents and Settings\HP_Omistaja
2008-09-18 17:43 . 2008-09-18 17:46 <KANSIO> d-------- C:\Documents and Settings\Netta\Suosikit
2008-09-18 17:43 . 2008-09-18 17:46 <KANSIO> d-------- C:\Documents and Settings\Netta\Omat tiedostot
2008-09-18 17:43 . 2008-09-18 17:46 <KANSIO> d-------- C:\Documents and Settings\Netta\Mallit
2008-09-18 17:43 . 2004-01-01 12:34 <KANSIO> d-------- C:\Documents and Settings\Netta\Application Data\Intervideo
2008-09-18 17:43 . 2008-09-18 17:46 <KANSIO> d---s---- C:\Documents and Settings\Netta
2008-09-18 15:13 . 2008-09-18 15:13 <KANSIO> d-------- C:\Documents and Settings\Vieras\Application Data\Nero
2008-09-18 15:12 . 2004-01-01 12:42 <KANSIO> d-------- C:\Documents and Settings\Vieras\WINDOWS
2008-09-18 15:12 . 2004-01-01 09:20 <KANSIO> d--h----- C:\Documents and Settings\Vieras\Verkkoympäristö
2008-09-18 15:12 . 2004-01-01 09:20 <KANSIO> d-------- C:\Documents and Settings\Vieras\Työpöytä
2008-09-18 15:12 . 2004-01-01 09:20 <KANSIO> d--h----- C:\Documents and Settings\Vieras\Tulostinympäristö
2008-09-18 15:12 . 2008-09-18 17:58 <KANSIO> dr------- C:\Documents and Settings\Vieras\Suosikit
2008-09-18 15:12 . 2008-09-18 15:12 <KANSIO> dr------- C:\Documents and Settings\Vieras\Omat tiedostot
2008-09-18 15:12 . 2008-08-29 20:38 <KANSIO> d--h----- C:\Documents and Settings\Vieras\Mallit
2008-09-18 15:12 . 2008-08-29 20:37 <KANSIO> dr------- C:\Documents and Settings\Vieras\Käynnistä-valikko
2008-09-18 15:12 . 2004-01-01 13:09 <KANSIO> d-------- C:\Documents and Settings\Vieras\Application Data\SampleView
2008-09-18 15:12 . 2004-01-01 12:34 <KANSIO> d-------- C:\Documents and Settings\Vieras\Application Data\Intervideo
2008-09-18 15:12 . 2004-01-01 12:42 <KANSIO> d-------- C:\Documents and Settings\Vieras\Application Data\Apple Computer
2008-09-18 15:12 . 2008-09-18 17:49 <KANSIO> d-------- C:\Documents and Settings\Vieras
2008-09-17 22:49 . 2008-09-17 22:49 244 --ah----- C:\sqmnoopt05.sqm
2008-09-17 22:49 . 2008-09-17 22:49 232 --ah----- C:\sqmdata05.sqm
2008-09-17 19:36 . 2008-07-04 09:34 860,160 --a------ C:\WINDOWS\system32\lameACM.acm
2008-09-17 19:36 . 2008-01-10 15:15 755,027 --a------ C:\WINDOWS\system32\xvidcore.dll
2008-09-17 19:36 . 2004-01-25 19:18 217,088 --a------ C:\WINDOWS\system32\yv12vfw.dll
2008-09-17 19:36 . 2007-09-04 19:56 164,352 --a------ C:\WINDOWS\system32\unrar.dll
2008-09-17 19:36 . 2008-01-10 15:16 159,839 --a------ C:\WINDOWS\system32\xvidvfw.dll
2008-09-17 19:36 . 2007-09-21 03:52 118,784 --a------ C:\WINDOWS\system32\ac3acm.acm
2008-09-17 19:36 . 2007-10-03 18:03 414 --a------ C:\WINDOWS\system32\lame_acm.xml
2008-09-17 19:36 . 2008-07-30 22:09 38 --a------ C:\WINDOWS\avisplitter.ini
2008-09-17 19:35 . 2008-07-23 19:50 3,596,288 --a------ C:\WINDOWS\system32\qt-dx331.dll
2008-09-17 19:35 . 2008-07-25 11:34 683,520 --a------ C:\WINDOWS\system32\divx.dll
2008-09-17 19:35 . 2008-07-25 11:34 81,920 --a------ C:\WINDOWS\system32\dpl100.dll
2008-09-17 19:35 . 2008-06-12 21:36 7,680 --a------ C:\WINDOWS\system32\ff_vfw.dll
2008-09-17 19:35 . 2007-07-10 19:10 547 --a------ C:\WINDOWS\system32\ff_vfw.dll.manifest
2008-09-17 18:53 . 2008-09-17 18:53 244 --ah----- C:\sqmnoopt04.sqm
2008-09-17 18:53 . 2008-09-17 18:53 232 --ah----- C:\sqmdata04.sqm
2008-09-17 13:29 . 2008-09-17 13:29 <KANSIO> d-------- C:\WINDOWS\system32\mC02
2008-09-17 13:29 . 2008-09-17 13:29 <KANSIO> d-------- C:\Temp\mtc2
2008-09-17 13:29 . 2008-09-17 13:29 <KANSIO> d-------- C:\Temp
2008-09-17 09:05 . 2008-09-17 09:05 244 --ah----- C:\sqmnoopt03.sqm
2008-09-17 09:05 . 2008-09-17 09:05 232 --ah----- C:\sqmdata03.sqm
2008-09-16 20:51 . 2008-09-16 20:51 244 --ah----- C:\sqmnoopt02.sqm
2008-09-16 20:51 . 2008-09-16 20:51 232 --ah----- C:\sqmdata02.sqm
2008-09-16 15:23 . 2008-09-16 15:23 87,056 --a------ C:\WINDOWS\system32\drivers\cmdguard.sys
2008-09-16 15:23 . 2008-09-16 15:23 24,208 --a------ C:\WINDOWS\system32\drivers\cmdhlp.sys
2008-09-16 11:52 . 2008-09-16 11:52 <KANSIO> d-------- C:\Program Files\Microsoft CAPICOM 2.1.0.2
2008-09-16 11:44 . 2008-07-18 22:07 270,880 --a------ C:\WINDOWS\system32\mucltui.dll
2008-09-16 11:44 . 2008-07-18 22:07 210,976 --a------ C:\WINDOWS\system32\muweb.dll
2008-09-16 11:44 . 2008-07-18 22:07 29,728 --a------ C:\WINDOWS\system32\mucltui.dll.mui
2008-09-16 03:56 . 2008-09-16 03:56 244 --ah----- C:\sqmnoopt01.sqm
2008-09-16 03:56 . 2008-09-16 03:56 232 --ah----- C:\sqmdata01.sqm
2008-09-15 23:46 . 2008-09-15 23:46 0 --a------ C:\WINDOWS\nsreg.dat
2008-09-15 21:42 . 2008-09-15 21:42 268 --ah----- C:\sqmdata00.sqm
2008-09-15 21:42 . 2008-09-15 21:42 244 --ah----- C:\sqmnoopt00.sqm
2008-09-15 20:06 . 2008-09-18 01:57 <KANSIO> d-------- C:\Program Files\Windows Live
2008-09-15 20:06 . 2008-09-15 20:09 <KANSIO> d--hsc--- C:\Program Files\Common Files\WindowsLiveInstaller
2008-09-15 20:05 . 2008-09-15 20:05 <KANSIO> d-------- C:\Documents and Settings\All Users\Application Data\WLInstaller
2008-09-15 18:05 . 2008-06-10 02:32 73,728 --a------ C:\WINDOWS\system32\javacpl.cpl
2008-09-15 17:51 . 2008-09-15 17:51 <KANSIO> d-------- C:\WINDOWS\Sun
2008-09-14 23:34 . 2008-09-14 23:34 <KANSIO> d-------- C:\Program Files\Common Files\Adobe
2008-09-14 23:34 . 2008-09-14 23:32 286,720 --a------ C:\WINDOWS\iun504.exe
2008-09-14 21:07 . 2002-12-20 19:12 41,984 --a------ C:\WINDOWS\UnGins.exe
2008-09-14 19:31 . 2008-09-14 19:31 <KANSIO> d-------- C:\TETRISC
2008-09-08 23:37 . 2008-09-15 20:11 <KANSIO> d----c--- C:\WINDOWS\system32\DRVSTORE
2008-09-08 18:55 . 2004-01-01 12:42 <KANSIO> d-------- C:\Documents and Settings\Järjestelmänvalvoja\WINDOWS
2008-09-08 18:55 . 2004-01-01 12:42 <KANSIO> d-------- C:\Documents and Settings\Järjestelmänvalvoja\WINDOWS
2008-09-08 18:55 . 2004-01-01 09:20 <KANSIO> d--h----- C:\Documents and Settings\Järjestelmänvalvoja\Verkkoympäristö
2008-09-08 18:55 . 2004-01-01 09:20 <KANSIO> d--h----- C:\Documents and Settings\Järjestelmänvalvoja\Verkkoympäristö
2008-09-08 18:55 . 2008-09-18 17:47 <KANSIO> d-------- C:\Documents and Settings\Järjestelmänvalvoja\Työpöytä
2008-09-08 18:55 . 2008-09-18 17:47 <KANSIO> d-------- C:\Documents and Settings\Järjestelmänvalvoja\Työpöytä
2008-09-08 18:55 . 2004-01-01 09:20 <KANSIO> d--h----- C:\Documents and Settings\Järjestelmänvalvoja\Tulostinympäristö
2008-09-08 18:55 . 2004-01-01 09:20 <KANSIO> d--h----- C:\Documents and Settings\Järjestelmänvalvoja\Tulostinympäristö
2008-09-08 18:55 . 2008-08-29 20:37 <KANSIO> dr------- C:\Documents and Settings\Järjestelmänvalvoja\Suosikit
2008-09-08 18:55 . 2008-08-29 20:37 <KANSIO> dr------- C:\Documents and Settings\Järjestelmänvalvoja\Suosikit
2008-09-08 18:55 . 2008-08-29 20:37 <KANSIO> dr------- C:\Documents and Settings\Järjestelmänvalvoja\Omat tiedostot
2008-09-08 18:55 . 2008-08-29 20:37 <KANSIO> dr------- C:\Documents and Settings\Järjestelmänvalvoja\Omat tiedostot
2008-09-08 18:55 . 2008-08-29 20:38 <KANSIO> d--h----- C:\Documents and Settings\Järjestelmänvalvoja\Mallit
2008-09-08 18:55 . 2008-08-29 20:38 <KANSIO> d--h----- C:\Documents and Settings\Järjestelmänvalvoja\Mallit
2008-09-08 18:55 . 2008-08-29 20:37 <KANSIO> dr------- C:\Documents and Settings\Järjestelmänvalvoja\Käynnistä-valikko
2008-09-08 18:55 . 2008-08-29 20:37 <KANSIO> dr------- C:\Documents and Settings\Järjestelmänvalvoja\Käynnistä-valikko
2008-09-08 18:55 . 2004-01-01 09:04 <KANSIO> d-------- C:\Documents and Settings\Järjestelmänvalvoja\Application Data\Symantec

.
(((((((((((((((((((((((((((((((((((( Find3M-raportti ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-09-17 22:46 --------- d-----w C:\Documents and Settings\All Users\Application Data\Apple Computer
2008-09-17 22:43 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-09-15 15:05 --------- d-----w C:\Program Files\Java
2008-09-09 00:13 --------- d-----w C:\Program Files\Easy Internet signup
2008-09-08 19:57 --------- d-----w C:\Documents and Settings\All Users\Application Data\QuickTime
2008-08-29 07:46 --------- d-----w C:\Program Files\InterVideo
2008-07-23 16:50 43,528 ------w C:\WINDOWS\system32\drivers\pxhelp20.sys
2008-07-18 19:10 94,920 ----a-w C:\WINDOWS\system32\cdm.dll
2008-07-18 19:10 53,448 ----a-w C:\WINDOWS\system32\wuauclt.exe
2008-07-18 19:10 45,768 ----a-w C:\WINDOWS\system32\wups2.dll
2008-07-18 19:10 36,552 ----a-w C:\WINDOWS\system32\wups.dll
2008-07-18 19:09 563,912 ----a-w C:\WINDOWS\system32\wuapi.dll
2008-07-18 19:09 325,832 ----a-w C:\WINDOWS\system32\wucltui.dll
2008-07-18 19:09 205,000 ----a-w C:\WINDOWS\system32\wuweb.dll
2008-07-18 19:09 1,811,656 ----a-w C:\WINDOWS\system32\wuaueng.dll
2008-07-07 20:28 253,952 ----a-w C:\WINDOWS\system32\es.dll
2008-06-24 16:44 74,240 ----a-w C:\WINDOWS\system32\mscms.dll
2008-06-24 15:12 295,936 ------w C:\WINDOWS\system32\wmpeffects.dll
2008-06-24 13:06 972,072 ----a-w C:\WINDOWS\UNNeroMediaHome.exe
2008-06-23 16:29 826,368 ----a-w C:\WINDOWS\system32\wininet.dll
2008-06-20 17:47 246,784 ----a-w C:\WINDOWS\system32\mswsock.dll
.

((((((((((((((((((((((((((((( snapshot@2008-09-18_23.25.00.92 )))))))))))))))))))))))))))))))))))))))))
.
+ 2008-08-07 13:27:04 163,328 ----a-w C:\WINDOWS\ERUNT\SDFIX\ERDNT.EXE
+ 2008-09-18 20:45:16 4,407,296 ----a-w C:\WINDOWS\ERUNT\SDFIX\Users\00000001\ntuser.dat
+ 2008-09-18 20:45:16 237,568 ----a-w C:\WINDOWS\ERUNT\SDFIX\Users\00000002\UsrClass.dat
+ 2008-08-07 13:27:04 163,328 ----a-w C:\WINDOWS\ERUNT\SDFIX_First_Run\ERDNT.EXE
+ 2008-09-18 20:45:04 4,407,296 ----a-w C:\WINDOWS\ERUNT\SDFIX_First_Run\Users\00000001\ntuser.dat
+ 2008-09-18 20:45:04 237,568 ----a-w C:\WINDOWS\ERUNT\SDFIX_First_Run\Users\00000002\UsrClass.dat
- 2008-08-30 18:10:32 25,214 ----a-r C:\WINDOWS\Installer\{A488D63E-B3DD-4423-892F-2F2EC8909518}\MainApp.exe
+ 2008-09-18 22:12:39 25,214 ----a-r C:\WINDOWS\Installer\{A488D63E-B3DD-4423-892F-2F2EC8909518}\MainApp.exe
+ 2008-09-19 02:49:55 16,384 ----atw C:\WINDOWS\Temp\Perflib_Perfdata_6a4.dat
.
(((((((((((((((((((((((((((((( Rekisterin käynnistyskohteet )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Huom* Tyhjiä arvoja ja laillisia oletusarvoja ei näytetä
REGEDIT4

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{2C688203-7EB3-4327-9995-1CB417BA23F9}"= "C:\Program Files\BS.Player ControlBar\BSToolbar.dll" [2008-08-11 757192]

[HKEY_CLASSES_ROOT\clsid\{2c688203-7eb3-4327-9995-1cb417ba23f9}]
[HKEY_CLASSES_ROOT\BSToolbar.ToolBandObj.1]
[HKEY_CLASSES_ROOT\TypeLib\{1FC79FB5-E4BD-48c8-B2E9-B8E74DB2C3A9}]
[HKEY_CLASSES_ROOT\BSToolbar.ToolBandObj]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{2C688203-7EB3-4327-9995-1CB417BA23F9}"= "C:\Program Files\BS.Player ControlBar\BSToolbar.dll" [2008-08-11 757192]

[HKEY_CLASSES_ROOT\clsid\{2c688203-7eb3-4327-9995-1cb417ba23f9}]
[HKEY_CLASSES_ROOT\BSToolbar.ToolBandObj.1]
[HKEY_CLASSES_ROOT\TypeLib\{1FC79FB5-E4BD-48c8-B2E9-B8E74DB2C3A9}]
[HKEY_CLASSES_ROOT\BSToolbar.ToolBandObj]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe" [2008-06-24 1840424]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2008-04-14 15360]
"WMPNSCFG"="C:\Program Files\Windows Media Player\WMPNSCFG.exe" [2006-11-15 204288]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"hpsysdrv"="c:\windows\system\hpsysdrv.exe" [1998-05-07 52736]
"KBD"="C:\HP\KBD\KBD.EXE" [2003-02-11 61440]
"Recguard"="C:\WINDOWS\SMINST\RECGUARD.EXE" [2004-04-14 233472]
"PS2"="C:\WINDOWS\system32\ps2.exe" [2002-10-16 81920]
"LogitechVideoRepair"="C:\Program Files\Logitech\Video\ISStart.exe" [2003-12-16 188416]
"LogitechVideoTray"="C:\Program Files\Logitech\Video\LogiTray.exe" [2003-12-16 77824]
"LogitechGalleryRepair"="C:\Program Files\Logitech\Video\ISStart.exe" [2003-12-16 188416]
"VTTimer"="VTTimer.exe" [2004-03-26 C:\WINDOWS\system32\VTTimer.exe]
"AGRSMMSG"="AGRSMMSG.exe" [2004-06-29 C:\WINDOWS\AGRSMMSG.exe]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"NoResolveSearch"= 1 (0x1)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"= C:\WINDOWS\system32\guard32.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"VIDC.YV12"= yv12vfw.dll
"msacm.enc"= ITIG726.acm

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\Messenger\\msmsgs.exe"=

R1 aswSP;avast! Self Protection;C:\WINDOWS\system32\drivers\aswSP.sys [2008-07-19 78416]
R1 cmdGuard;COMODO Firewall Pro Sandbox Driver;C:\WINDOWS\system32\DRIVERS\cmdguard.sys [2008-09-16 87056]
R1 cmdHlp;COMODO Firewall Pro Helper Driver;C:\WINDOWS\system32\DRIVERS\cmdhlp.sys [2008-09-16 24208]
R2 aswFsBlk;aswFsBlk;C:\WINDOWS\system32\DRIVERS\aswFsBlk.sys [2008-07-19 20560]
.

**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-09-19 05:57:07
Windows 5.1.2600 Service Pack 3 NTFS

tarkistaa piilotettuja prosesseja ...

tarkistaa piilotettuja käynnistysarvoja ...

tarkistaa piilotettuja tiedostoja ...

tarkistus on valmis
piilotetut tiedostot: 0

**************************************************************************
.
Valmistumisajankohta: 2008-09-19 5:57:53
ComboFix-quarantined-files.txt 2008-09-19 02:57:49
ComboFix2.txt 2008-09-19 00:55:36
ComboFix3.txt 2008-09-19 00:15:52
ComboFix4.txt 2008-09-18 20:25:34

Pre-Run: 186,765,623,296 tavua vapaana
Post-Run: 186,768,134,144 tavua vapaana

278 --- E O F --- 2008-09-16 08:53:05


Ei tää kone oo ollu Vistan kanssa missään tekemisissä. Mitäs tarkotat, että on kiikerällä pohjalla? Ei ainakaan kuulosta hyvältä =| Avastin palloa ei ole näkynyt pitkään aikaan