|
|
|
Keskustelualueet
Keskustelualueet
|
|
|
Tietokone ei käynnisty
|
|
Member
|
22. toukokuuta 2007 @ 12:24 |
Linkki tähän viestiin
|
|
Juu tuli kai joku viirus koneelle äskettäin. Tuli tonne kellon viereen sellainen kuvake jossa on valkonen ruksi punasella taustalla ja se valitti jotain, että"Spyware detected, download antivirus program." Sitten käynnistin koneen uudestaan ja kun se käynnistyi tuli sininen ruutu jossa luki valkoisella suunnilleen "Windowsin käynnistyminen epäonnistui" ja loppuun tuli joku "fyysisen laitteiston tarkastus valmis" ja tilttas siihen. Suljin koneen ja koitin käynnistää uudestaan, mutta koneppa ei käynnistynyt, Tuuletin kyllä surisee, mutta näytössä lukee vain no signal. Mitäs pitäis tehdä vai vienkö koneen vain takuuhuoltoon?
edit:siirtäkää, jos väärä alue.
Ei se aina lähe, ei ees joka kerta.
Viestiä on muokattu lähettämisen jälkeen. Viimeisin muokkaus 22. toukokuuta 2007 @ 12:24
|
|
Auttaja
Suspended permanently
|
22. toukokuuta 2007 @ 12:27 |
Linkki tähän viestiin
|
|
Ihan oikee alue, smitfraudhan se sielä, mitenköhän ton nyt sais käynnistettyä :| ootko koittanu rämpyttää alussa F8?
|
Member
|
22. toukokuuta 2007 @ 13:12 |
Linkki tähän viestiin
|
|
Mukavaa, kone ei lähde enään edes käyntiin :S
Ei se aina lähe, ei ees joka kerta.
|
|
Auttaja
Suspended permanently
|
22. toukokuuta 2007 @ 13:23 |
Linkki tähän viestiin
|
|
Kysy tuolla windowsongelmien puolella mitä keksivät, kuulostaa vähän laitteistovialta (lisäksi haittaohjelmia).
|
Member
|
22. toukokuuta 2007 @ 16:59 |
Linkki tähän viestiin
|
|
Noniin nyt käynnistyi tietokone, mutta jää jumiin siihen windows logon ja kirjautumis ikkunan väliin.Mitä teen?
Ei se aina lähe, ei ees joka kerta.
|
|
kelari
Senior Member
|
22. toukokuuta 2007 @ 17:44 |
Linkki tähän viestiin
|
|
Rämpytä sitä f8:sia että pääset vikasietotilaan.
|
Member
|
23. toukokuuta 2007 @ 08:34 |
Linkki tähän viestiin
|
|
Noniin, pääsin vikasietotilaan. Jos se kerran on tuo smitfraud niin miten poistan sen?
Edit: Menin vikasietotilaan, mutta kirjautumisruudussa tuli ilmoitus, että Järjestelmä sammutetaan. Siinä on 50 sek aikaa ja se ilmottelee siinä kanssa että tallenna kaikki keskeneräiset jutut ja sitten lopussa oli joku järjestelmän sammuttaja NT-HALLINTA/SYSTEM.Mikä avuksi?
Ei se aina lähe, ei ees joka kerta.
Viestiä on muokattu lähettämisen jälkeen. Viimeisin muokkaus 23. toukokuuta 2007 @ 08:40
|
|
Auttaja
Suspended permanently
|
23. toukokuuta 2007 @ 08:44 |
Linkki tähän viestiin
|
jos pääset sinne vikasietoon, täss ohjetta
Lataa SmitfraudFix (by S!Ri) työpöydällesi.
Printtaa ohjeet ulos tai tallenna nämä tekstitiedostoon.
Käynnistä koneesi vikasietotilaan ja valitse tavallinen käyttäjätilisi.
Kun vikasietotilassa, tuplaklikkaa tiedostoa SmitfraudFix.exe
Valitse optio #2 - Clean kirjoittamalla 2 ja painamalla "Enter" poistaaksesi tarttuneet tiedostot.
Sinulta kysytään: "Registry cleaning - Do you want to clean the registry ?"; vastaa "Yes" kirjoittamalla Y ja paina "Enter" poistaaksesi työpöydän taustakuvan ja puhdistaaksesi tarttuneet rekisteriavaimet.
Työkalu tarkistaa jos wininet.dll on tarttunut. Sinua saatetaan pyytää korvaamaan tarttunut .dll (jos löytyy); vastaa "Yes" kirjoittamalla Y ja painamalla "Enter".
Työkalun saattaa tarvita käynnistää kone uudelleen; jos ei tee niin, käynnistä normaaliin Windowsiin.
Tekstitiedosto ilmestyy, puhdistusprosessin jäljiltä; kopioi & liitä tämän raportin tulokset vastaukseesi.
Raportti löytyy paikalliselta levyltäsi, useimmiten C:\rapport.txt.
Viestiä on muokattu lähettämisen jälkeen. Viimeisin muokkaus 23. toukokuuta 2007 @ 08:45
|
Member
|
23. toukokuuta 2007 @ 10:11 |
Linkki tähän viestiin
|
|
Menee hermot. Kun pääsen vikasietotilaan niin se herjaa tuota samaa juttua kokoajan "Järjestelmä sammutetaan plaa plaa plaa, sammuttaja (tai jotain sinne päin) NT-HALLINTA/SYSTEM" Sitten näkyy sekuntikello, 60 sek aikaa. Sitten varoitusruudun lopuksi lukee "Sanoma - Windows täytyy käynnistää uudelleen, koska DCOM-palvelin (tässä oli pari sanaa vielä) järjestelmä-palvelu keskeytyi yllättäen.
Ei se aina lähe, ei ees joka kerta.
Viestiä on muokattu lähettämisen jälkeen. Viimeisin muokkaus 23. toukokuuta 2007 @ 10:12
|
|
Auttaja
Suspended permanently
|
23. toukokuuta 2007 @ 12:22 |
Linkki tähän viestiin
|
|
njaa, joko kyselit tuoll windowsongelmista alkuapua?
|
Member
|
24. toukokuuta 2007 @ 06:03 |
Linkki tähän viestiin
|
Noniin, pääsin vikasietotilaan ja tässä olisi raportti. Laitoin vahingossa tuon smitfraundin meneen 2 kertaa, joten en tiedä vaikuttaakose jotenkin tuohon raporttiin. Laitan nyt vielä HjT-lokin mukaan, että tulee kaikki kura pois samalla.
==========
SmitFraudFix v2.186
Scan done at 23:38:13,26, ke 23.05.2007
Run from D:\Documents and Settings\Temes\Ty?p?yt?\SmitfraudFix
OS: Microsoft Windows XP [versio 5.1.2600] - Windows_NT
The filesystem type is NTFS
Fix run in safe mode
»»»»»»»»»»»»»»»»»»»»»»»» SharedTaskScheduler Before SmitFraudFix
!!!Attention, following keys are not inevitably infected!!!
SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll
»»»»»»»»»»»»»»»»»»»»»»»» Killing process
»»»»»»»»»»»»»»»»»»»»»»»» hosts
127.0.0.1 localhost
»»»»»»»»»»»»»»»»»»»»»»»» Generic Renos Fix
GenericRenosFix by S!Ri
»»»»»»»»»»»»»»»»»»»»»»»» Deleting infected files
»»»»»»»»»»»»»»»»»»»»»»»» DNS
»»»»»»»»»»»»»»»»»»»»»»»» Deleting Temp Files
»»»»»»»»»»»»»»»»»»»»»»»» Winlogon.System
!!!Attention, following keys are not inevitably infected!!!
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
"System"=""
»»»»»»»»»»»»»»»»»»»»»»»» Registry Cleaning
Registry Cleaning done.
»»»»»»»»»»»»»»»»»»»»»»»» SharedTaskScheduler After SmitFraudFix
!!!Attention, following keys are not inevitably infected!!!
SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll
»»»»»»»»»»»»»»»»»»»»»»»» End
==========
Logfile of HijackThis v1.99.1
Scan saved at 10:03:05, on 24.5.2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16441)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Sygate\SPF\smc.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\aspimgr.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
c:\APPS\Powercinema\Kernel\TV\CLCapSvc.exe
c:\APPS\Powercinema\Kernel\CLML_NTService\CLMLServer.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Apps\Softex\OmniPass\Omniserv.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
C:\Program Files\Sonic\DigitalMedia LE v7\MyDVD LE\USBDeviceService.exe
c:\APPS\Powercinema\Kernel\TV\CLSched.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\ServicePackFiles\services.exe
C:\WINDOWS\ServicePackFiles\services.exe
C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
C:\Program Files\Logitech\SetPoint\SetPoint.exe
C:\Program Files\NYKO\Gamepad Mapping Tools\ngpmap.exe
C:\Program Files\Common Files\Logitech\khalshared\KHALMNPR.EXE
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\TEMP\win94.tmp.exe
C:\WINDOWS\system32\cmd.exe
C:\WINDOWS\TEMP\win96.tmp.exe
C:\Program Files\Symantec\LiveUpdate\AUpdate.exe
C:\hijackthis\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://jonneweb.net/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Packard Bell
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Linkit
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O2 - BHO: Octh Class - {000123B4-9B42-4900-B3F7-F4B073EFC214} - C:\Program Files\Orbitdownloader\orbitcth.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {27784E9B-66F4-47EE-A7BF-F80994BF4CDB} - C:\WINDOWS\system32\fccbcab.dll
O2 - BHO: bho3 Class - {58FB2CBB-C874-45FC-A1C9-B62CC9E3BED9} - C:\WINDOWS\ServicePackFiles\522124519.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O3 - Toolbar: (no name) - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - (no file)
O4 - HKLM\..\Run: [xem] C:\WINDOWS\ServicePackFiles\services.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [SManager] smanager.7.exe
O4 - HKLM\..\Run: [CTDrive] rundll32.exe C:\WINDOWS\system32\drvxof.dll,startup
O4 - HKCU\..\Run: [xem] C:\WINDOWS\ServicePackFiles\services.exe
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Startup: NYKO Gamepad Mapping Tools.lnk = C:\Program Files\NYKO\Gamepad Mapping Tools\ngpmap.exe
O4 - Startup: OneNote 2007 -näyttöleikkeet ja Launcher.lnk = C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
O4 - Global Startup: Logitech SetPoint.lnk = ?
O8 - Extra context menu item: &Download by Orbit - res://C:\Program Files\Orbitdownloader\orbitmxt.dll/201
O8 - Extra context menu item: &Grab video by Orbit - res://C:\Program Files\Orbitdownloader\orbitmxt.dll/204
O8 - Extra context menu item: Do&wnload selected by Orbit - res://C:\Program Files\Orbitdownloader\orbitmxt.dll/203
O8 - Extra context menu item: Down&load all by Orbit - res://C:\Program Files\Orbitdownloader\orbitmxt.dll/202
O8 - Extra context menu item: Lataa FlashGetillä - C:\Program Files\FlashGet\jc_link.htm
O8 - Extra context menu item: Lataa kaikki FlashGetillä - C:\Program Files\FlashGet\jc_all.htm
O8 - Extra context menu item: V&ie Microsoft Exceliin - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra button: Lähetä OneNoteen - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: Läh&etä OneNoteen - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\flashget.exe (file missing)
O9 - Extra 'Tools' menuitem: &FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\flashget.exe (file missing)
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O11 - Options group: [INTERNATIONAL] International*
O14 - IERESET.INF: START_PAGE_URL=file://C:\APPS\IE\offline\fin.htm
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab31267.cab
O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Mes...nt.cab31267.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Mes...nt.cab31267.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://messenger.zone.msn.com/binary/ZIntro.cab53083.cab
O16 - DPF: {CD995117-98E5-4169-9920-6C12D4C0B548} (HGPlugin9USA Class) - http://gamedownload.ijjimax.com/gamedown...GPlugin9USA.cab
O16 - DPF: {D1E7CBDA-E60E-4970-A01C-37301EF7BF98} (Measurement Services Client v.3.11) - http://gameadvisor.futuremark.com/global/msc311.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{4A916D6D-55F7-4F22-AF53-F46CB7522975}: NameServer = 143.166.82.252
O17 - HKLM\System\CCS\Services\Tcpip\..\{50D0E0B9-218B-4EFA-A131-6E6B79354BED}: NameServer = 143.166.82.252
O17 - HKLM\System\CCS\Services\Tcpip\..\{DCD548C5-1EDB-4AEE-B53B-AD8DBDE5F678}: NameServer = 143.166.82.252
O17 - HKLM\System\CCS\Services\Tcpip\..\{DE738E05-0F03-494F-9A55-B36CF80991ED}: NameServer = 143.166.82.252
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~2\Office12\GR99D3~1.DLL
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Filter hijack: text/xml - {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL
O21 - SSODL: GFgHsRPxFq - {E861A950-42CB-03FA-684F-83A0BDC6D77A} - C:\WINDOWS\system32\zc.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Microsoft ASPI Manager (aspimgr) - Unknown owner - C:\WINDOWS\system32\aspimgr.exe
O23 - Service: Automattinen LiveUpdate-ajastustoiminto - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: CyberLink Background Capture Service (CBCS) (CLCapSvc) - Unknown owner - c:\APPS\Powercinema\Kernel\TV\CLCapSvc.exe
O23 - Service: CyberLink Task Scheduler (CTS) (CLSched) - Unknown owner - c:\APPS\Powercinema\Kernel\TV\CLSched.exe
O23 - Service: CyberLink Media Library Service - Cyberlink - c:\APPS\Powercinema\Kernel\CLML_NTService\CLMLServer.exe
O23 - Service: ICF - Unknown owner - C:\WINDOWS\system32\svchost.exe:exe.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: LicCtrl Service (LicCtrlService) - Unknown owner - C:\WINDOWS\runservice.exe (file missing)
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Softex OmniPass Service (omniserv) - Softex Inc. - C:\Apps\Softex\OmniPass\Omniserv.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: SF FrontLine Drivers Auto Removal (v1) (sfrem01) - Protection Technology (StarForce) - C:\WINDOWS\system32\sfrem01.exe
O23 - Service: Sygate Personal Firewall (SmcService) - Sygate Technologies, Inc. - C:\Program Files\Sygate\SPF\smc.exe
O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
O23 - Service: USBDeviceService - Unknown owner - C:\Program Files\Sonic\DigitalMedia LE v7\MyDVD LE\USBDeviceService.exe
O23 - Service: SecuROM User Access Service (V7) (UserAccess7) - Unknown owner - C:\WINDOWS\system32\UAService7.exe (file missing)
Ei se aina lähe, ei ees joka kerta.
|
|
Auttaja
Suspended permanently
|
24. toukokuuta 2007 @ 06:38 |
Linkki tähän viestiin
|
Lataa VundoFix.exe työpöydällesi.
*Tupla-klikkaa VundoFix.exe ajaaksesi sen.
*Klikkaa Scan for Vundo valintaa.
*Kun skannaus on valmis, klikkaa Remove Vundo valintaa.
*Sinulta kysytään haluatko poistaa filut - klikkaa YES.
*Kun olet klikannut yes, työpöytäsi tyhjenee kun se alkaa poistamaan Vundoa.
*Kun se on valmis, fiksi ilmoittaa käynnistäväsi koneesi uudelleen, klikkaa OK.
Huomaa: Se on mahdollista että VundoFix löysi tiedoston jota se ei pystynyt poistamaan.
Tässä tilanteessa, VundoFix ajaa itsensä rebootissa, seuraa vain yläpuolelle olevia ohjeita alkaen kohdasta "Klikkaa Scan for Vundo valintaa." kun VundoFix ilmaantuu uudelleenkäynnistyksen yhteydessä.
==========
1. Lataa combofix.exe työpöydällesi jommastakummasta linkistä:
http://www.techsupportforum.com/sectools/sUBs/ComboFix.exe
http://download.bleepingcomputer.com/sUBs/ComboFix.exe
2. Tuplaklikkaa combofix.exe tiedostoa ja seuraa ohjeistuksia.
3. Kun työkalu on valmis, se tuottaa lokin. (C:\ComboFix.txt) Lähetä tämä loki viesti ketjuusi.
Huom! Älä klikkaile combofixin ikkunaa käytön aikana. Tämä saattaa aiheuttaa ohjelman jumiutumisen.
Laita uusi HijackThis logi sekä tämän tiedoston sisältö C:\vundofix.txt ja (C:\ComboFix.txt) sisältö
Viestiä on muokattu lähettämisen jälkeen. Viimeisin muokkaus 24. toukokuuta 2007 @ 06:41
|
Member
|
24. toukokuuta 2007 @ 11:44 |
Linkki tähän viestiin
|
Noniin, tässä olis:
==========
Logfile of HijackThis v1.99.1
Scan saved at 15:42:48, on 24.5.2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16441)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Sygate\SPF\smc.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\aspimgr.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
c:\APPS\Powercinema\Kernel\TV\CLCapSvc.exe
c:\APPS\Powercinema\Kernel\CLML_NTService\CLMLServer.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Apps\Softex\OmniPass\Omniserv.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
C:\Program Files\Sonic\DigitalMedia LE v7\MyDVD LE\USBDeviceService.exe
c:\APPS\Powercinema\Kernel\TV\CLSched.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
C:\Program Files\Logitech\SetPoint\SetPoint.exe
C:\Program Files\NYKO\Gamepad Mapping Tools\ngpmap.exe
C:\Program Files\Common Files\Logitech\khalshared\KHALMNPR.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\TEMP\winF1.tmp.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\hijackthis\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://jonneweb.net/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Linkit
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O2 - BHO: Octh Class - {000123B4-9B42-4900-B3F7-F4B073EFC214} - C:\Program Files\Orbitdownloader\orbitcth.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: bho3 Class - {58FB2CBB-C874-45FC-A1C9-B62CC9E3BED9} - C:\WINDOWS\ServicePackFiles\522124519.dll (file missing)
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O3 - Toolbar: (no name) - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - (no file)
O4 - HKLM\..\Run: [xem] C:\WINDOWS\ServicePackFiles\services.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [SManager] smanager.7.exe
O4 - HKCU\..\Run: [xem] C:\WINDOWS\ServicePackFiles\services.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Startup: NYKO Gamepad Mapping Tools.lnk = C:\Program Files\NYKO\Gamepad Mapping Tools\ngpmap.exe
O4 - Startup: OneNote 2007 -näyttöleikkeet ja Launcher.lnk = C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
O4 - Global Startup: Logitech SetPoint.lnk = ?
O8 - Extra context menu item: &Download by Orbit - res://C:\Program Files\Orbitdownloader\orbitmxt.dll/201
O8 - Extra context menu item: &Grab video by Orbit - res://C:\Program Files\Orbitdownloader\orbitmxt.dll/204
O8 - Extra context menu item: Do&wnload selected by Orbit - res://C:\Program Files\Orbitdownloader\orbitmxt.dll/203
O8 - Extra context menu item: Down&load all by Orbit - res://C:\Program Files\Orbitdownloader\orbitmxt.dll/202
O8 - Extra context menu item: Lataa FlashGetillä - C:\Program Files\FlashGet\jc_link.htm
O8 - Extra context menu item: Lataa kaikki FlashGetillä - C:\Program Files\FlashGet\jc_all.htm
O8 - Extra context menu item: V&ie Microsoft Exceliin - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra button: Lähetä OneNoteen - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: Läh&etä OneNoteen - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\flashget.exe (file missing)
O9 - Extra 'Tools' menuitem: &FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\flashget.exe (file missing)
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O11 - Options group: [INTERNATIONAL] International*
O14 - IERESET.INF: START_PAGE_URL=file://C:\APPS\IE\offline\fin.htm
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab31267.cab
O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Mes...nt.cab31267.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Mes...nt.cab31267.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://messenger.zone.msn.com/binary/ZIntro.cab53083.cab
O16 - DPF: {CD995117-98E5-4169-9920-6C12D4C0B548} (HGPlugin9USA Class) - http://gamedownload.ijjimax.com/gamedown...GPlugin9USA.cab
O16 - DPF: {D1E7CBDA-E60E-4970-A01C-37301EF7BF98} (Measurement Services Client v.3.11) - http://gameadvisor.futuremark.com/global/msc311.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{4A916D6D-55F7-4F22-AF53-F46CB7522975}: NameServer = 143.166.82.252
O17 - HKLM\System\CCS\Services\Tcpip\..\{50D0E0B9-218B-4EFA-A131-6E6B79354BED}: NameServer = 143.166.82.252
O17 - HKLM\System\CCS\Services\Tcpip\..\{DCD548C5-1EDB-4AEE-B53B-AD8DBDE5F678}: NameServer = 143.166.82.252
O17 - HKLM\System\CCS\Services\Tcpip\..\{DE738E05-0F03-494F-9A55-B36CF80991ED}: NameServer = 143.166.82.252
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~2\Office12\GR99D3~1.DLL
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Filter hijack: text/xml - {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL
O20 - Winlogon Notify: OPXPGina - C:\Apps\Softex\OmniPass\opxpgina.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O20 - Winlogon Notify: winhld32 - winhld32.dll (file missing)
O20 - Winlogon Notify: winmfu32 - C:\WINDOWS\SYSTEM32\winmfu32.dll
O21 - SSODL: GFgHsRPxFq - {E861A950-42CB-03FA-684F-83A0BDC6D77A} - C:\WINDOWS\system32\zc.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Microsoft ASPI Manager (aspimgr) - Unknown owner - C:\WINDOWS\system32\aspimgr.exe
O23 - Service: Automattinen LiveUpdate-ajastustoiminto - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: CyberLink Background Capture Service (CBCS) (CLCapSvc) - Unknown owner - c:\APPS\Powercinema\Kernel\TV\CLCapSvc.exe
O23 - Service: CyberLink Task Scheduler (CTS) (CLSched) - Unknown owner - c:\APPS\Powercinema\Kernel\TV\CLSched.exe
O23 - Service: CyberLink Media Library Service - Cyberlink - c:\APPS\Powercinema\Kernel\CLML_NTService\CLMLServer.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: LicCtrl Service (LicCtrlService) - Unknown owner - C:\WINDOWS\runservice.exe (file missing)
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Softex OmniPass Service (omniserv) - Softex Inc. - C:\Apps\Softex\OmniPass\Omniserv.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: SF FrontLine Drivers Auto Removal (v1) (sfrem01) - Protection Technology (StarForce) - C:\WINDOWS\system32\sfrem01.exe
O23 - Service: Sygate Personal Firewall (SmcService) - Sygate Technologies, Inc. - C:\Program Files\Sygate\SPF\smc.exe
O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
O23 - Service: USBDeviceService - Unknown owner - C:\Program Files\Sonic\DigitalMedia LE v7\MyDVD LE\USBDeviceService.exe
O23 - Service: SecuROM User Access Service (V7) (UserAccess7) - Unknown owner - C:\WINDOWS\system32\UAService7.exe (file missing)
O23 - Service: VundoFix Service (VundoFixSvc) - Atribune.org - C:\WINDOWS\SYSTEM32\VundoFixSVC.exe
==========
"Temes" - 2007-05-24 14:46:55 Service Pack 2
ComboFix 07-05.24.4.V - Running from: "D:\Documents and Settings\Temes\Ty?p?yt?\"
Rootkit driver pe386 is present. ... attempting disinfection
[color=blue] pe386 ...... driver unloaded successfully.[/color]
ADS removed - system32: deleted 145160 bytes in 2 streams.
(((((((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
"C:\WINDOWS\system32\alt.exe.exe"
"C:\WINDOWS\system32\pee.exe.exe"
"C:\WINDOWS\servicepackfiles\522124519.dll"
"C:\WINDOWS\servicepackfiles\services.exe"
"C:\WINDOWS\servicepackfiles\www.google.com\favicon.ico"
"C:\WINDOWS\servicepackfiles\www.google.com\index.html"
"C:\WINDOWS\servicepackfiles\www.google.com\thank.html"
"C:\WINDOWS\servicepackfiles\www.google.com\Google_files\hp0.gif"
"C:\WINDOWS\servicepackfiles\www.google.com\Google_files\hp1.gif"
"C:\WINDOWS\servicepackfiles\www.google.com\Google_files\hp2.gif"
"C:\WINDOWS\servicepackfiles\www.google.com\Google_files\hp3.gif"
"C:\WINDOWS\system32\arcac.exe"
"C:\WINDOWS\system32\v7.exe"
"C:\WINDOWS\system32\wincom32.ini"
"C:\WINDOWS\system32\wincom32.sys"
"C:\WINDOWS\system32\winsub.xml"
"C:\i"
"C:\install.log"
"C:\WINDOWS\s32.txt"
"C:\WINDOWS\servicepackfiles\free.exe"
"C:\WINDOWS\winvip.exe"
"C:\WINDOWS\ws386.ini"
"C:\WINDOWS\ServicePackFiles\killer.exe"
"C:\WINDOWS\ServicePackFiles\socks.exe"
"C:\WINDOWS\system32\lzx32.sys"
"C:\WINDOWS\servicepackfiles\www.google.com"
"C:\WINDOWS\system32\setlink.dll"
"C:\WINDOWS\system32\ksl48.bin"
"C:\WINDOWS\system32\xartcd5.dll"
"C:\WINDOWS\system32\xartcd7.sys"
"C:\WINDOWS\system32\windev-3c52-2083.sys"
"C:\WINDOWS\system32\windev-peers.ini"
((((((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
-------\LEGACY_ICF
-------\LEGACY_WINCOM32
-------\LEGACY_XARTCD7
-------\ICF
-------\xartcd7
-------\windev-3c52-2083
((((((((((((((((((((((((((((((( Files Created from 2007-04-05 to 2007-05-24 ))))))))))))))))))))))))))))))))))
2007-05-24 14:18 24,576 --a------ C:\WINDOWS\system32\VundoFixSVC.exe
2007-05-24 13:57 <KANSIO> d-------- C:\VundoFix Backups
2007-05-24 10:00 93,696 --a------ C:\WINDOWS\system32\drvxof.dll
2007-05-23 23:22 970 --a------ C:\WINDOWS\system32\tmp.reg
2007-05-22 15:48 133,684 --a------ C:\WINDOWS\system32\alt.exe
2007-05-22 15:45 46,080 --a------ D:\DOCUME~1\ALLUSE~1\APPLIC~1\fkjwfeds.exe
2007-05-22 15:44 9,216 --a------ C:\ecri.exe
2007-05-22 15:44 82,944 --a------ C:\cwainda.exe
2007-05-22 15:44 61,440 --a------ C:\WINDOWS\system32\aspimgr.exe
2007-05-22 15:44 <KANSIO> d-------- C:\WINDOWS\ServicePackFiles
2007-05-22 15:43 93,696 --a------ C:\WINDOWS\system32\drvpev.dll
2007-05-22 15:43 18,944 --a------ C:\WINDOWS\system32\winmfu32.dll
2007-05-21 19:56 <KANSIO> d-------- D:\DOCUME~1\Temes\APPLIC~1\Sonic Foundry
2007-05-21 19:55 665,424 --a------ C:\WINDOWS\system32\wmv8dmoe.dll
2007-05-21 19:55 566,272 --a------ C:\WINDOWS\system32\wmvdmoe.dll
2007-05-21 19:55 438,608 --a------ C:\WINDOWS\system32\wmv8dmod.dll
2007-05-21 19:55 1,683,792 --a------ C:\WINDOWS\system32\wmvcore2.dll
2007-05-21 19:55 <KANSIO> d-------- C:\Program Files\Sonic Foundry Setup
2007-05-21 19:55 <KANSIO> d-------- C:\Program Files\Sonic Foundry
2007-05-20 22:34 <KANSIO> d-------- C:\Program Files\Kreatives.org
2007-05-17 14:30 <KANSIO> d-------- D:\DOCUME~1\Temes\APPLIC~1\fretsonfire
2007-05-16 15:02 <KANSIO> d-------- C:\Program Files\Common Files\NSV
2007-05-15 16:07 <KANSIO> d-------- D:\DOCUME~1\Temes\APPLIC~1\Nokia Multimedia Player
2007-05-15 15:53 <KANSIO> d-------- C:\Program Files\Common Files\PCSuite
2007-05-15 15:53 <KANSIO> d-------- C:\Program Files\Common Files\Nokia
2007-05-15 15:51 8,320 --a------ C:\WINDOWS\system32\drivers\nmwcdc.sys
2007-05-15 15:51 65,536 --a------ C:\WINDOWS\system32\nmwcdcocls.dll
2007-05-15 15:51 137,216 --a------ C:\WINDOWS\system32\drivers\nmwcd.sys
2007-05-15 15:51 12,288 --a------ C:\WINDOWS\system32\drivers\nmwcdcm.sys
2007-05-15 15:51 12,288 --a------ C:\WINDOWS\system32\drivers\nmwcdcj.sys
2007-05-15 15:51 <KANSIO> d-------- C:\Program Files\PC Connectivity Solution
2007-05-15 15:42 <KANSIO> d-------- D:\DOCUME~1\ALLUSE~1\APPLIC~1\Installations
2007-05-13 18:52 73,728 --a------ C:\WINDOWS\system\WS2_32.DLL
2007-05-13 18:51 <KANSIO> d-------- C:\Program Files\Yahoo!
2007-05-13 14:52 152,576 --a------ C:\WINDOWS\system\CNCS32.DLL
2007-05-12 22:24 <KANSIO> d-------- D:\DOCUME~1\Temes\APPLIC~1\Orbit
2007-05-12 22:24 <KANSIO> d-------- C:\Program Files\Orbitdownloader
2007-05-12 15:57 <KANSIO> d-------- D:\DOCUME~1\Temes\.jogl_ext
2007-05-11 22:42 69,632 --a------ C:\WINDOWS\system32\KemXML.dll
2007-05-11 22:42 163,840 --a------ C:\WINDOWS\system32\kemutb.dll
2007-05-11 22:42 135,168 --a------ C:\WINDOWS\system32\KemUtil.dll
2007-05-11 22:42 110,592 --a------ C:\WINDOWS\system32\KemWnd.dll
2007-05-11 22:42 101,136 --a------ C:\WINDOWS\KHALMNPR.Exe
2007-05-11 22:42 <KANSIO> d-------- D:\DOCUME~1\ALLUSE~1\APPLIC~1\Logitech
2007-05-09 17:20 <KANSIO> d-------- C:\Program Files\Microsoft CAPICOM 2.1.0.2
2007-05-05 21:12 <KANSIO> dr------- D:\DOCUME~1\NETWOR~1\Suosikit
2007-05-03 16:46 83,096 --a------ C:\WINDOWS\system32\SSSensor.dll
2007-05-03 16:46 60,496 --a------ C:\WINDOWS\system32\drivers\Teefer.sys
2007-05-03 16:46 21,075 --a------ C:\WINDOWS\system32\drivers\wpsdrvnt.sys
2007-05-03 16:46 14,568 --a------ C:\WINDOWS\system32\drivers\wg6n.sys
2007-05-03 16:46 14,568 --a------ C:\WINDOWS\system32\drivers\wg5n.sys
2007-05-03 16:46 14,568 --a------ C:\WINDOWS\system32\drivers\wg4n.sys
2007-05-03 16:46 14,568 --a------ C:\WINDOWS\system32\drivers\wg3n.sys
2007-05-03 16:46 <KANSIO> d-------- C:\Program Files\Sygate
2007-05-03 16:46 <KANSIO> d-------- C:\Program Files\Common Files\Wise Installation Wizard
2007-05-03 13:06 <KANSIO> d-------- D:\DOCUME~1\Temes\APPLIC~1\Uniblue
2007-05-03 12:44 499,712 --a------ C:\WINDOWS\system\MSVCP71.DLL
2007-05-03 12:41 348,160 --a------ C:\WINDOWS\system\MSVCR71.dll
2007-05-02 20:35 <KANSIO> d-------- C:\Program Files\NVIDIA Corporation
2007-04-30 18:19 765,952 --a------ C:\WINDOWS\system32\xvidcore.dll
2007-04-30 18:19 180,224 --a------ C:\WINDOWS\system32\xvidvfw.dll
2007-04-30 18:19 <KANSIO> d-------- C:\Program Files\Xvid
2007-04-24 13:35 4,682 --a------ C:\WINDOWS\system32\npptNT2.sys
2007-04-24 13:35 152,833 --a------ C:\WINDOWS\system32\drivers\dump_wmimmc.sys
2007-04-24 13:25 <KANSIO> d--h----- C:\WINDOWS\HUL
2007-04-24 13:19 <KANSIO> d-------- C:\ijji
2007-04-24 09:31 967 --a------ C:\WINDOWS\ScUnin.pif
2007-04-24 09:31 94,208 --a------ C:\WINDOWS\ScUnin.exe
2007-04-24 09:31 11,868 --a------ C:\WINDOWS\scunin.dat
(((((((((((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))))
2007-05-22 12:44:38 14,336 ----a-w C:\WINDOWS\system32\svchost.exe
2007-05-22 10:50:07 817 --sha-w C:\WINDOWS\system32\mmf.sys
2007-05-21 15:19:31 -------- d-----w C:\Program Files\MSN Messenger
2007-05-16 15:08:00 -------- d-----w C:\Program Files\RevConnect
2007-05-15 13:05:56 -------- d-----w D:\DOCUME~1\Temes\APPLIC~1\Nokia
2007-05-15 12:51:06 -------- d-----w C:\Program Files\Nokia
2007-05-11 19:42:20 -------- d-----w C:\Program Files\Common Files\Logitech
2007-05-06 09:11:06 -------- d-----w D:\DOCUME~1\Temes\APPLIC~1\foobar2000
2007-05-04 08:49:06 5,355 ----a-w C:\WINDOWS\mozver.dat
2007-05-03 13:47:49 -------- d-----w C:\Program Files\Common Files\Symantec Shared
2007-05-03 13:23:38 -------- d-----w C:\Program Files\Symantec
2007-05-02 17:35:16 -------- d--h--w C:\Program Files\InstallShield Installation Information
2007-04-30 19:11:46 -------- d-----w D:\DOCUME~1\Temes\APPLIC~1\uTorrent
2007-04-30 17:00:49 -------- d-----w C:\Program Files\VSO
2007-04-30 17:00:47 -------- d-----w D:\DOCUME~1\Temes\APPLIC~1\Vso
2007-04-23 18:41:32 -------- d-----w C:\Program Files\Futuremark
2007-04-23 11:20:31 -------- d-----w C:\Program Files\Common Files\3DO Shared
2007-04-23 11:18:34 -------- d-----w C:\Program Files\3DO
2007-04-16 14:06:46 -------- d-----w C:\Program Files\MagicISO
2007-04-08 19:32:40 -------- d-----w D:\DOCUME~1\Temes\APPLIC~1\LEGO Company
2007-04-08 08:09:25 -------- d-----w C:\Program Files\SnapTrack
2007-04-08 07:38:49 -------- d-----w C:\Program Files\ASCII
2007-04-07 19:13:51 -------- d-----w C:\Program Files\Tracker 2000
2007-04-06 14:57:00 -------- d-----w D:\DOCUME~1\Temes\APPLIC~1\CyberLink
2007-04-05 12:46:42 -------- d-----w C:\Program Files\CDBurnerXP Pro 3
2007-04-02 14:00:27 16 ----a-w C:\WINDOWS\popcinfo.dat
2007-03-29 20:02:06 -------- d-----w D:\DOCUME~1\Temes\APPLIC~1\Hamachi
2007-03-29 12:57:06 -------- d-----w D:\DOCUME~1\Temes\APPLIC~1\X-Chat 2
2007-03-29 09:20:16 -------- d-----w C:\Program Files\QuickTime
2007-03-29 09:20:14 -------- d-----w C:\Program Files\Xilisoft
2007-03-29 09:19:48 -------- d-----w C:\Program Files\ImTOO
2007-03-28 20:22:20 -------- d-----w D:\DOCUME~1\Temes\APPLIC~1\DivX
2007-03-28 19:21:29 -------- d-----w C:\Program Files\DivX
2007-03-28 19:10:00 -------- d-----w C:\Program Files\Winamp
2007-03-28 18:31:52 -------- d-----w C:\Program Files\Taksi
2007-03-28 10:55:27 -------- d-----w C:\Program Files\DVDFab Decrypter 3
2007-03-28 10:40:03 -------- d-----w C:\Program Files\DVD Decrypter
2007-03-28 10:00:24 76,958 ----a-w C:\WINDOWS\system32\perfc00B.dat
2007-03-28 10:00:24 379,216 ----a-w C:\WINDOWS\system32\perfh00B.dat
2007-03-27 18:51:08 -------- d-----w C:\Program Files\Last.fm
2007-03-27 17:13:32 -------- d-----w C:\Program Files\Microsoft Works
2007-03-27 17:13:22 -------- d-----w C:\Program Files\MSBuild
2007-03-27 17:12:07 -------- d-----w C:\Program Files\Microsoft.NET
2007-03-27 17:10:01 -------- d-----w C:\Program Files\Microsoft Visual Studio 8
2007-03-26 14:42:00 -------- d-----w C:\Program Files\Mozilla Thunderbird
2007-03-24 08:36:49 -------- d-----w D:\DOCUME~1\Temes\APPLIC~1\Dexpot
2007-03-24 08:29:24 -------- d-----w C:\Program Files\Dexpot
2007-03-22 14:56:43 98,304 ----a-w C:\WINDOWS\system32\CmdLineExt.dll
2007-03-21 17:24:37 4,096 ----a-w C:\WINDOWS\d3dx.dat
2007-03-21 15:15:00 -------- d-----w C:\Program Files\mIRC
2007-03-21 15:14:55 -------- d-----w C:\Program Files\X-Chat 2
2007-03-21 08:46:13 -------- d-----w C:\Program Files\Hamachi
2007-03-21 08:45:39 17,480 ----a-w C:\WINDOWS\system32\drivers\hamachi.sys
2007-03-19 13:09:18 -------- d-----w C:\Program Files\Sprite Explorer
2007-03-17 13:44:51 292,864 ----a-w C:\WINDOWS\system32\winsrv.dll
2007-03-14 15:16:26 -------- d-----w D:\DOCUME~1\Temes\APPLIC~1\Screenshot Sender
2007-03-14 15:16:10 -------- d-----w C:\Program Files\Messenger Plus! Live
2007-03-09 20:07:07 -------- d-----w C:\Program Files\ILoveSteam
2007-03-09 19:59:56 -------- d--h--w C:\Program Files\Zero G Registry
2007-03-09 15:14:26 -------- d-----w C:\Program Files\CDex_170b2
2007-03-08 21:04:31 -------- d-----w D:\DOCUME~1\Temes\APPLIC~1\DataLayer
2007-03-08 20:19:56 -------- d-----w D:\DOCUME~1\Temes\APPLIC~1\PC Suite
2007-03-08 20:19:52 -------- d-----w C:\Program Files\DIFX
2007-03-08 15:38:00 578,048 ----a-w C:\WINDOWS\system32\user32.dll
2007-03-08 15:37:59 40,960 ----a-w C:\WINDOWS\system32\mf3216.dll
2007-03-08 15:37:59 281,600 ----a-w C:\WINDOWS\system32\gdi32.dll
2007-03-08 15:34:26 1,843,840 ----a-w C:\WINDOWS\system32\win32k.sys
2007-02-23 04:29:58 524,288 ----a-w C:\WINDOWS\system32\DivXsm.exe
2007-02-23 04:29:56 3,596,288 ----a-w C:\WINDOWS\system32\qt-dx331.dll
2007-02-23 04:29:52 129,784 ----a-w C:\WINDOWS\system32\pxafs.dll
2007-02-23 04:29:52 118,520 ------w C:\WINDOWS\system32\pxinsi64.exe
2007-02-23 04:29:52 116,472 ------w C:\WINDOWS\system32\pxcpyi64.exe
2007-02-23 04:29:49 200,704 ----a-w C:\WINDOWS\system32\ssldivx.dll
2007-02-23 04:29:49 1,044,480 ----a-w C:\WINDOWS\system32\libdivx.dll
2007-02-23 04:25:24 73,728 ----a-w C:\WINDOWS\system32\dpl100.dll
2007-02-23 04:25:24 196,608 ----a-w C:\WINDOWS\system32\dtu100.dll
2007-02-23 04:25:23 53,248 ----a-w C:\WINDOWS\system32\dpuGUI10.dll
2007-02-23 04:25:22 593,920 ----a-w C:\WINDOWS\system32\dpuGUI11.dll
2007-02-23 04:25:22 57,344 ----a-w C:\WINDOWS\system32\dpv11.dll
2007-02-23 04:25:22 344,064 ----a-w C:\WINDOWS\system32\dpus11.dll
2007-02-23 04:25:22 294,912 ----a-w C:\WINDOWS\system32\dpu11.dll
2007-02-23 04:25:22 294,912 ----a-w C:\WINDOWS\system32\dpu10.dll
2007-02-23 04:25:19 823,296 ----a-w C:\WINDOWS\system32\divx_xx0c.dll
2007-02-23 04:25:19 823,296 ----a-w C:\WINDOWS\system32\divx_xx07.dll
2007-02-23 04:25:19 802,816 ----a-w C:\WINDOWS\system32\divx_xx11.dll
2007-02-23 04:25:19 639,066 ----a-w C:\WINDOWS\system32\DivX.dll
2007-02-22 07:15:12 90,624 ----a-w C:\WINDOWS\system32\nmwcdcls.dll
2007-02-16 01:40:35 124,472 ----a-w C:\WINDOWS\system32\DivXCodecUpdateChecker.exe
2007-02-14 23:08:38 127,034 ------r C:\WINDOWS\bwUnin-8.1.1.50-8876480SL.exe
2007-02-05 20:19:01 185,344 ----a-w C:\WINDOWS\system32\upnphost.dll
2006-10-26 15:23:40 -------- --sha-w C:\WINDOWS\system32\KGyGaAvL.sys
2006-10-26 15:23:32 -------- --sh--r C:\WINDOWS\system32\699BF083FD.sys
(((((((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))
*Note* empty entries & legit default entries are not shown
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects]
{000123B4-9B42-4900-B3F7-F4B073EFC214}=C:\Program Files\Orbitdownloader\orbitcth.dll [2007-04-20 11:43]
{58FB2CBB-C874-45FC-A1C9-B62CC9E3BED9}=C:\WINDOWS\ServicePackFiles\522124519.dll []
{72853161-30C5-4D22-B7F9-0BBC1D38A37E}=C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL [2006-10-27 00:48]
{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}=C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll [2007-03-14 03:43]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"xem"="C:\WINDOWS\ServicePackFiles\services.exe" []
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2005-12-01 14:02]
"SManager"="smanager.7.exe" []
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"xem"="C:\WINDOWS\ServicePackFiles\services.exe" []
[HKEY_USERS\.default\software\microsoft\windows\currentversion\run]
"Nokia.PCSync"=C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{57B86673-276A-48B2-BAE7-C6DBB3020EB8}"="C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\shellexecutehook.dll" [2006-09-28 17:13]
"{B5A7F190-DDA6-4420-B3BA-52453494E6CD}"="C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL" [2006-10-27 00:48]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
"{E861A950-42CB-03FA-684F-83A0BDC6D77A}"="C:\WINDOWS\system32\zc.dll" [2006-05-22 15:45]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\OPXPGina]
C:\Apps\Softex\OmniPass\opxpgina.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\winhld32]
winhld32.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\winmfu32]
winmfu32.dll
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\safeboot\minimal\WdfLoadGroup]
********************************************************************
catchme 0.3.681 W2K/XP/Vista - userland rootkit detector by Gmer, http://www.gmer.net
Rootkit scan 2007-05-24 15:30:18
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
********************************************************************
Completion time: 2007-05-24 15:31:14 - machine was rebooted
C:\ComboFix-quarantined-files.txt ... 2007-05-24 15:31
--- E O F ---
==========
Ei se aina lähe, ei ees joka kerta.
|
|
Auttaja
Suspended permanently
|
24. toukokuuta 2007 @ 11:51 |
Linkki tähän viestiin
|
Lataa RustBFix by ejvindh jommastakummasta linkistä ja tallenna se työpöydällesi:
rustbfix.exe
rustbfix.exe
Tuplaklikkaa tiedostoa rustbfix.exe. Jos löytyy Rustock.b-infektio, sinua pyydetään pian käynnistämään kone uudelleen. Uudelleenkäynnistyminen saattaa kestää hetken ja joudut ehkä käynnistämään koneen vielä toisenkin kerran. Kaikki tämä tapahtuu automaattisesti. Uudelleenkäynnistyksen jälkeen kaksi lokitiedostoa avautuu (%root%\avenger.txt & %root%\rustbfix\pelog.txt).
Kopioi ja liitä nämä kaksi lokitiedostoa seuraavaan vastaukseesi
=======0
Lataa SDFix by AndyManchesta http://downloads.andymanchesta.com/RemovalTools/SDFix.zip ja tallenna se työpöydällesi.
Käynnistä koneesi vikasietotilaan ja valitse tavallinen käyttäjätilisi:
* Käynnistä tietokone
* Kun kuulet koneen piippaavan, paina F8, kuitenkin ennen Windowsin logon esiintuloa
* Seuraavaksi pitäisi ilmestyä valikko
* Valitse valikosta vikasietotila.
* Kun vikasietotilassa, pura tiedoston SDFix.zip sisältö (SDFix.exe) työpöydälle. Tuplakilikkaa työpöydälle ilmestynyttä sdfix.exe tiedostoa. Tiedosto purkaantuu ja asentaa itsensä siihen levyasemaan, minne on käyttöjärjestelmä on asennettu ja juureen ilmestyy kansio SDFix, ESIM C:\SDFix
* Avaa SDFix-kansio ja tuplaklikkaa tiedostoa RunThis.bat käynnistääksesi ohjelman.
* Paina Y käynnistääksesi skriptin.
* Työkalu puhdistaa troijalaisen palvelut ja tekee myös joitakin korjauksia rekisteriin. Lopuksi se pyytää käynnistämään koneen uudelleen, "Press any key to Reboot".
* Paina mitä tahansa näppäintä ja kone käynnistyy uudelleen.
* Käynnistyminen kestää normaalia kauemmin sillä SDFix puhdistaa konetta.
* Kun kone on käynnistynyt ja työpöytä latautunut, SDFix kertoo että puhdistus on suoritettu, "Finished".
* Paina sitten mitä tahansa näppäintä sulkeaksesi skriptin ja ladataksesi pikakuvakkeet työpöydälle.
* Lopuksi avaa SDFix kansio ja kopioi & liitä tiedoston Report.txt sisältö viestiketjuusi
uuden HijackThis lokin kera.
|
Member
|
24. toukokuuta 2007 @ 12:43 |
Linkki tähän viestiin
|
RustBFix ei löytänyt mitään, mutta tässä SDFix ja HjT-lokit:
==========
SDFix: Version 1.84
Run by Temes - to 24.05.2007 - 16:25:13,75
Microsoft Windows XP [versio 5.1.2600]
Running From: C:\SDFix
Safe Mode:
Checking Services:
Restoring Windows Registry Values
Restoring Windows Default Hosts File
Restoring Missing Security Center Service
==========
Logfile of HijackThis v1.99.1
Scan saved at 16:43:15, on 24.5.2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16441)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Sygate\SPF\smc.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\aspimgr.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
c:\APPS\Powercinema\Kernel\TV\CLCapSvc.exe
c:\APPS\Powercinema\Kernel\CLML_NTService\CLMLServer.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Apps\Softex\OmniPass\Omniserv.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
C:\Program Files\Sonic\DigitalMedia LE v7\MyDVD LE\USBDeviceService.exe
c:\APPS\Powercinema\Kernel\TV\CLSched.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
C:\Program Files\Logitech\SetPoint\SetPoint.exe
C:\Program Files\NYKO\Gamepad Mapping Tools\ngpmap.exe
C:\Program Files\Common Files\Logitech\khalshared\KHALMNPR.EXE
C:\Program Files\Mozilla Firefox\firefox.exe
C:\hijackthis\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://jonneweb.net/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Linkit
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O2 - BHO: Octh Class - {000123B4-9B42-4900-B3F7-F4B073EFC214} - C:\Program Files\Orbitdownloader\orbitcth.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: bho3 Class - {58FB2CBB-C874-45FC-A1C9-B62CC9E3BED9} - C:\WINDOWS\ServicePackFiles\522124519.dll (file missing)
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O3 - Toolbar: (no name) - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - (no file)
O4 - HKLM\..\Run: [xem] C:\WINDOWS\ServicePackFiles\services.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKCU\..\Run: [xem] C:\WINDOWS\ServicePackFiles\services.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Startup: NYKO Gamepad Mapping Tools.lnk = C:\Program Files\NYKO\Gamepad Mapping Tools\ngpmap.exe
O4 - Startup: OneNote 2007 -näyttöleikkeet ja Launcher.lnk = C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
O4 - Global Startup: Logitech SetPoint.lnk = ?
O8 - Extra context menu item: &Download by Orbit - res://C:\Program Files\Orbitdownloader\orbitmxt.dll/201
O8 - Extra context menu item: &Grab video by Orbit - res://C:\Program Files\Orbitdownloader\orbitmxt.dll/204
O8 - Extra context menu item: Do&wnload selected by Orbit - res://C:\Program Files\Orbitdownloader\orbitmxt.dll/203
O8 - Extra context menu item: Down&load all by Orbit - res://C:\Program Files\Orbitdownloader\orbitmxt.dll/202
O8 - Extra context menu item: Lataa FlashGetillä - C:\Program Files\FlashGet\jc_link.htm
O8 - Extra context menu item: Lataa kaikki FlashGetillä - C:\Program Files\FlashGet\jc_all.htm
O8 - Extra context menu item: V&ie Microsoft Exceliin - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra button: Lähetä OneNoteen - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: Läh&etä OneNoteen - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\flashget.exe (file missing)
O9 - Extra 'Tools' menuitem: &FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\flashget.exe (file missing)
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O11 - Options group: [INTERNATIONAL] International*
O14 - IERESET.INF: START_PAGE_URL=file://C:\APPS\IE\offline\fin.htm
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab31267.cab
O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Mes...nt.cab31267.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Mes...nt.cab31267.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://messenger.zone.msn.com/binary/ZIntro.cab53083.cab
O16 - DPF: {CD995117-98E5-4169-9920-6C12D4C0B548} (HGPlugin9USA Class) - http://gamedownload.ijjimax.com/gamedown...GPlugin9USA.cab
O16 - DPF: {D1E7CBDA-E60E-4970-A01C-37301EF7BF98} (Measurement Services Client v.3.11) - http://gameadvisor.futuremark.com/global/msc311.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{4A916D6D-55F7-4F22-AF53-F46CB7522975}: NameServer = 143.166.82.252
O17 - HKLM\System\CCS\Services\Tcpip\..\{50D0E0B9-218B-4EFA-A131-6E6B79354BED}: NameServer = 143.166.82.252
O17 - HKLM\System\CCS\Services\Tcpip\..\{DCD548C5-1EDB-4AEE-B53B-AD8DBDE5F678}: NameServer = 143.166.82.252
O17 - HKLM\System\CCS\Services\Tcpip\..\{DE738E05-0F03-494F-9A55-B36CF80991ED}: NameServer = 143.166.82.252
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~2\Office12\GR99D3~1.DLL
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Filter hijack: text/xml - {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL
O20 - Winlogon Notify: OPXPGina - C:\Apps\Softex\OmniPass\opxpgina.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O20 - Winlogon Notify: winhld32 - winhld32.dll (file missing)
O20 - Winlogon Notify: winmfu32 - C:\WINDOWS\SYSTEM32\winmfu32.dll
O21 - SSODL: GFgHsRPxFq - {E861A950-42CB-03FA-684F-83A0BDC6D77A} - C:\WINDOWS\system32\zc.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Microsoft ASPI Manager (aspimgr) - Unknown owner - C:\WINDOWS\system32\aspimgr.exe
O23 - Service: Automattinen LiveUpdate-ajastustoiminto - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: CyberLink Background Capture Service (CBCS) (CLCapSvc) - Unknown owner - c:\APPS\Powercinema\Kernel\TV\CLCapSvc.exe
O23 - Service: CyberLink Task Scheduler (CTS) (CLSched) - Unknown owner - c:\APPS\Powercinema\Kernel\TV\CLSched.exe
O23 - Service: CyberLink Media Library Service - Cyberlink - c:\APPS\Powercinema\Kernel\CLML_NTService\CLMLServer.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: LicCtrl Service (LicCtrlService) - Unknown owner - C:\WINDOWS\runservice.exe (file missing)
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Softex OmniPass Service (omniserv) - Softex Inc. - C:\Apps\Softex\OmniPass\Omniserv.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: SF FrontLine Drivers Auto Removal (v1) (sfrem01) - Protection Technology (StarForce) - C:\WINDOWS\system32\sfrem01.exe
O23 - Service: Sygate Personal Firewall (SmcService) - Sygate Technologies, Inc. - C:\Program Files\Sygate\SPF\smc.exe
O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
O23 - Service: USBDeviceService - Unknown owner - C:\Program Files\Sonic\DigitalMedia LE v7\MyDVD LE\USBDeviceService.exe
O23 - Service: SecuROM User Access Service (V7) (UserAccess7) - Unknown owner - C:\WINDOWS\system32\UAService7.exe (file missing)
O23 - Service: VundoFix Service (VundoFixSvc) - Atribune.org - C:\WINDOWS\SYSTEM32\VundoFixSVC.exe
==========
Ei se aina lähe, ei ees joka kerta.
|
|
Auttaja
Suspended permanently
|
24. toukokuuta 2007 @ 12:55 |
Linkki tähän viestiin
|
[*]Tupla-klikkaa VundoFix.exe ajaaksesi sen.
[*]Kun Vundofix uudelleenaukeaa, klikkaa Scan for Vundo valintaa.
[*]Kun skannaus on valmis, oikea-klikkaa kyseisen listaboksin sisällä (valkoinen laatikko jossa on löydetyt tiedostot listattu) ja valitse Add more files
[*]Kopioi ja liitä seuraavat 2 riviä kahteen ylimmäiseen boksiin
[*]C:\WINDOWS\SYSTEM32\winmfu32.dll
[*]C:\WINDOWS\system32\zc.dll
[*]Klikkaa Add Files ja sitten klikkaa Close Window.
[*]Klikkaa Remove Vundo valintaa.
[*]Saat viestin jossa kysytään haluatko poistaa valitut tiedostot, klikkaa YES.
[*]Kun klikkaat yes, työpöytäsi tyhjenee kun työkalu alkaa poistamaan Vundoa.
[*]Kun valmis, saat viestin jossa pyydetään sammuttamaan tietokone, klikkaa OK.
[*]Käynnistä koneesi uudelleen.
[*]Postita C:\vundofix.txt sisältö
========
kopioi seuraavat rivit esim notepad:in
Lainaus:
@echo off
sc stop "Microsoft ASPI Manager"
sc delete "Microsoft ASPI Manager"
Tallenna nimellä FIX.BAT työpöydälle muotoon kaikki tiedostot
tuplaklikka hiirellä FIX.BAT :a
Laita uusi HijackThis logi
Viestiä on muokattu lähettämisen jälkeen. Viimeisin muokkaus 24. toukokuuta 2007 @ 12:56
|
Member
|
24. toukokuuta 2007 @ 13:52 |
Linkki tähän viestiin
|
Tässä olis:
==========
VundoFix V6.4.1
Checking Java version...
Java version is 1.5.0.6
Old versions of java are exploitable and should be removed.
Java version is 1.5.0.8
Old versions of java are exploitable and should be removed.
Java version is 1.5.0.10
Scan started at 13:57:15 24.5.2007
Listing files found while scanning....
C:\WINDOWS\system32\fccbcab.dll
C:\WINDOWS\system32\khfcbcd.dll
Beginning removal...
Attempting to delete C:\WINDOWS\system32\fccbcab.dll
C:\WINDOWS\system32\fccbcab.dll Could not be deleted.
Attempting to delete C:\WINDOWS\system32\khfcbcd.dll
C:\WINDOWS\system32\khfcbcd.dll Has been deleted!
Performing Repairs to the registry.
Done!
VundoFix V6.4.1
Checking Java version...
Java version is 1.5.0.6
Old versions of java are exploitable and should be removed.
Java version is 1.5.0.8
Old versions of java are exploitable and should be removed.
Java version is 1.5.0.10
Scan started at 14:15:04 24.5.2007
Listing files found while scanning....
C:\WINDOWS\system32\fccbcab.dll
Beginning removal...
VundoFix V6.4.1
Checking Java version...
Java version is 1.5.0.6
Old versions of java are exploitable and should be removed.
Java version is 1.5.0.8
Old versions of java are exploitable and should be removed.
Java version is 1.5.0.10
Scan started at 14:21:43 24.5.2007
Listing files found while scanning....
No infected files were found.
Beginning removal...
VundoFix V6.4.1
Checking Java version...
Java version is 1.5.0.6
Old versions of java are exploitable and should be removed.
Java version is 1.5.0.8
Old versions of java are exploitable and should be removed.
Java version is 1.5.0.10
Scan started at 17:25:13 24.5.2007
Listing files found while scanning....
No infected files were found.
Beginning removal...
Attempting to delete C:\WINDOWS\SYSTEM32\winmfu32.dll
C:\WINDOWS\SYSTEM32\winmfu32.dll Could not be deleted.
Attempting to delete C:\WINDOWS\system32\zc.dll
C:\WINDOWS\system32\zc.dll Has been deleted!
Performing Repairs to the registry.
Done!
Beginning removal...
Attempting to delete C:\WINDOWS\SYSTEM32\winmfu32.dll
C:\WINDOWS\SYSTEM32\winmfu32.dll Has been deleted!
Performing Repairs to the registry.
Done!
==========
Logfile of HijackThis v1.99.1
Scan saved at 17:52:24, on 24.5.2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16441)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Sygate\SPF\smc.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\aspimgr.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
c:\APPS\Powercinema\Kernel\TV\CLCapSvc.exe
c:\APPS\Powercinema\Kernel\CLML_NTService\CLMLServer.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Apps\Softex\OmniPass\Omniserv.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
C:\Program Files\Sonic\DigitalMedia LE v7\MyDVD LE\USBDeviceService.exe
c:\APPS\Powercinema\Kernel\TV\CLSched.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
C:\Program Files\Logitech\SetPoint\SetPoint.exe
C:\Program Files\NYKO\Gamepad Mapping Tools\ngpmap.exe
C:\Program Files\Common Files\Logitech\khalshared\KHALMNPR.EXE
C:\Program Files\Mozilla Firefox\firefox.exe
C:\hijackthis\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://jonneweb.net/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Linkit
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O2 - BHO: Octh Class - {000123B4-9B42-4900-B3F7-F4B073EFC214} - C:\Program Files\Orbitdownloader\orbitcth.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: bho3 Class - {58FB2CBB-C874-45FC-A1C9-B62CC9E3BED9} - C:\WINDOWS\ServicePackFiles\522124519.dll (file missing)
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O3 - Toolbar: (no name) - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - (no file)
O4 - HKLM\..\Run: [xem] C:\WINDOWS\ServicePackFiles\services.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKCU\..\Run: [xem] C:\WINDOWS\ServicePackFiles\services.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Startup: NYKO Gamepad Mapping Tools.lnk = C:\Program Files\NYKO\Gamepad Mapping Tools\ngpmap.exe
O4 - Startup: OneNote 2007 -näyttöleikkeet ja Launcher.lnk = C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
O4 - Global Startup: Logitech SetPoint.lnk = ?
O8 - Extra context menu item: &Download by Orbit - res://C:\Program Files\Orbitdownloader\orbitmxt.dll/201
O8 - Extra context menu item: &Grab video by Orbit - res://C:\Program Files\Orbitdownloader\orbitmxt.dll/204
O8 - Extra context menu item: Do&wnload selected by Orbit - res://C:\Program Files\Orbitdownloader\orbitmxt.dll/203
O8 - Extra context menu item: Down&load all by Orbit - res://C:\Program Files\Orbitdownloader\orbitmxt.dll/202
O8 - Extra context menu item: Lataa FlashGetillä - C:\Program Files\FlashGet\jc_link.htm
O8 - Extra context menu item: Lataa kaikki FlashGetillä - C:\Program Files\FlashGet\jc_all.htm
O8 - Extra context menu item: V&ie Microsoft Exceliin - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra button: Lähetä OneNoteen - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: Läh&etä OneNoteen - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\flashget.exe (file missing)
O9 - Extra 'Tools' menuitem: &FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\flashget.exe (file missing)
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O11 - Options group: [INTERNATIONAL] International*
O14 - IERESET.INF: START_PAGE_URL=file://C:\APPS\IE\offline\fin.htm
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab31267.cab
O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Mes...nt.cab31267.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Mes...nt.cab31267.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://messenger.zone.msn.com/binary/ZIntro.cab53083.cab
O16 - DPF: {CD995117-98E5-4169-9920-6C12D4C0B548} (HGPlugin9USA Class) - http://gamedownload.ijjimax.com/gamedown...GPlugin9USA.cab
O16 - DPF: {D1E7CBDA-E60E-4970-A01C-37301EF7BF98} (Measurement Services Client v.3.11) - http://gameadvisor.futuremark.com/global/msc311.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{4A916D6D-55F7-4F22-AF53-F46CB7522975}: NameServer = 143.166.82.252
O17 - HKLM\System\CCS\Services\Tcpip\..\{50D0E0B9-218B-4EFA-A131-6E6B79354BED}: NameServer = 143.166.82.252
O17 - HKLM\System\CCS\Services\Tcpip\..\{DCD548C5-1EDB-4AEE-B53B-AD8DBDE5F678}: NameServer = 143.166.82.252
O17 - HKLM\System\CCS\Services\Tcpip\..\{DE738E05-0F03-494F-9A55-B36CF80991ED}: NameServer = 143.166.82.252
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~2\Office12\GR99D3~1.DLL
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Filter hijack: text/xml - {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL
O20 - Winlogon Notify: OPXPGina - C:\Apps\Softex\OmniPass\opxpgina.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O20 - Winlogon Notify: winhld32 - winhld32.dll (file missing)
O21 - SSODL: GFgHsRPxFq - {E861A950-42CB-03FA-684F-83A0BDC6D77A} - C:\WINDOWS\system32\zc.dll (file missing)
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Microsoft ASPI Manager (aspimgr) - Unknown owner - C:\WINDOWS\system32\aspimgr.exe
O23 - Service: Automattinen LiveUpdate-ajastustoiminto - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: CyberLink Background Capture Service (CBCS) (CLCapSvc) - Unknown owner - c:\APPS\Powercinema\Kernel\TV\CLCapSvc.exe
O23 - Service: CyberLink Task Scheduler (CTS) (CLSched) - Unknown owner - c:\APPS\Powercinema\Kernel\TV\CLSched.exe
O23 - Service: CyberLink Media Library Service - Cyberlink - c:\APPS\Powercinema\Kernel\CLML_NTService\CLMLServer.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: LicCtrl Service (LicCtrlService) - Unknown owner - C:\WINDOWS\runservice.exe (file missing)
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Softex OmniPass Service (omniserv) - Softex Inc. - C:\Apps\Softex\OmniPass\Omniserv.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: SF FrontLine Drivers Auto Removal (v1) (sfrem01) - Protection Technology (StarForce) - C:\WINDOWS\system32\sfrem01.exe
O23 - Service: Sygate Personal Firewall (SmcService) - Sygate Technologies, Inc. - C:\Program Files\Sygate\SPF\smc.exe
O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
O23 - Service: USBDeviceService - Unknown owner - C:\Program Files\Sonic\DigitalMedia LE v7\MyDVD LE\USBDeviceService.exe
O23 - Service: SecuROM User Access Service (V7) (UserAccess7) - Unknown owner - C:\WINDOWS\system32\UAService7.exe (file missing)
==========
Ei se aina lähe, ei ees joka kerta.
|
|
Auttaja
Suspended permanently
|
24. toukokuuta 2007 @ 16:08 |
Linkki tähän viestiin
|
Checking Java version...
Java version is 1.5.0.6
Old versions of java are exploitable and should be removed.
Java version is 1.5.0.8
Old versions of java are exploitable and should be removed.
========
Tallena nämä ohjeet teksitiedostoon sillä et voi lukea niitä muuten vikasietotilassa.
==========
Avaa HijackThis merkkaa seuraavat rivi(t) ja paina fix checked, sulje muut ohjelmat siksi aikaa.
O2 - BHO: bho3 Class - {58FB2CBB-C874-45FC-A1C9-B62CC9E3BED9} - C:\WINDOWS\ServicePackFiles\522124519.dll (file missing)
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O3 - Toolbar: (no name) - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - (no file)
O4 - HKLM\..\Run: [xem] C:\WINDOWS\ServicePackFiles\services.exe
O4 - HKCU\..\Run: [xem] C:\WINDOWS\ServicePackFiles\services.exe
O20 - Winlogon Notify: winhld32 - winhld32.dll (file missing)
O21 - SSODL: GFgHsRPxFq - {E861A950-42CB-03FA-684F-83A0BDC6D77A} - C:\WINDOWS\system32\zc.dll (file missing)
Tässä ohje miten merkataan:
=========
kopioi seuraavat rivit esim notepad:in
Lainaus:
@echo off
sc stop "Microsoft ASPI Manager"
sc delete "Microsoft ASPI Manager"
Tallenna nimellä FIX.BAT työpöydälle muotoon kaikki tiedostot
tuplaklikka hiirellä FIX.BAT :a
=========
Lataa Killbox Option^Explicitiltä.
Huomaa: Jos sinulla on jo Killbox, tämä on uusi versio joka sinun tulee asentaa. Poista aikaisempi.
[*]Tallenna työpöydällesi.
[*] Tupla-klikkaa Killbox.exe ajaaksesi ohjelman.
[*] Valitse: [*]Delete on Reboot[*] sitten klikkaa All Files valintaa.
[*]Kopioi ja liitä alapuolella olevat tiedostopolut leikepöydälle mustaamalla KAIKKI ne ja painamalla CTRL + C (tai, mustaamisen jälkeen, oikea klikki hiirellä ja valitse kopioi):
C:\WINDOWS\ServicePackFiles\services.exe
C:\WINDOWS\system32\aspimgr.exe
[*] Palaa Killboxiin, mene File valikkoon, ja valitse Paste from Clipboard.
[*]Klikkaa puna-valkoista Delete File valintaa. Klikkaa Yes "Delete on Reboot" pyyntöön. Klikkaa OK mihin vain PendingFileRenameOperations pyyntöön (ja anna fixaajan tietää jos jokin tälläinen tulee!).
Käynnistä koneesi itse jos se ei sitä automaattisesti tee
Jos saat tälläisen viestin: "Component 'MsComCtl.ocx' or one of its dependencies not correctly registered: a file is missing or invalid." Kun yrität ajaa KillBoxia, klikkaa tätä ladataksesi ja ajaaksesi Missingfilessetup.exe;n. Sitten koita KillBoxia uudestaan.
==========
1. Lataa AVG Anti-Spyware 7.5 ja tallenna ohjelma työpöydällesi. Jos sinulla on jo kyseinen ohjelma siirry suoraan kohtaan 2!
[*]Kun olet ladannut ohjelman, kaksoisklikkaa asennuohjelman pikakuvaketta työpöydälläsi, asennus alkaa.
[*]Asennuksen jälkeen täytyy ohjelma käynnistää ja sen tunnisteet päivittää.
2. [*]Käynnistä AVG Anti-Spyware.
[*]Klikkaa "Update" kuvaketta päävalikossa. Sen jälkeen klikkaa "Update now" painiketta.
[*]Sitten klikkaa "Start Update" kuvaketta jolloin päivitys alkaa.
[*]Paina hetken kuluttua uudestaan "Start Update" , jos päivitykset eivät heti onnistu
[*]Jos automaattipäivitys ei jostain syystä toimi, niin tunnisteet voi ladata manuaalisesti http://www.ewido.net/en/download/updates/ -linkin takaa.
[*]Kun päivitykset on ladattu, klikkaa "Scanner" kuvaketta ikkunan ylälaidassa. Valitse sitten "Settings" välilehti.
[*]Kun "Settings" valikko on auennut, klikkaa "Recommended actions" ja sitten valitse "Quarantine".
[*]Sitten "Reports" valikon alta:a
[*]Laita täppi kohtaan "Automatically generate report after every scan"
[*]Ota täppi pois kohdasta"Only if threats were found"
[*]Sitten klikkaa "Shield" kuvaketta ikkunan ylälaidassa
[*]"Resident shield is", muuta tila active:sta inactive:ksi
[*]Sulje ohjelma, ÄLÄ skannaa vielä.
Käynnistä tietokoneesi vikasietotilaan
HUOM! Älä käytä muita ohjelmia AVG skannauksen aikana, tämä saattaa häiritä skannausta.
[*]Kun vikasietotilassa, käynnistä AVG Anti-Spyware.
[*]Klikkaa "Scanner" kuvaketta ikkunan ylälaidassa ja valitse "Scan" välilehti. Sitten klikkaa "Complete System Scan".
[*]AVG aloittaa nyt tietokoneen skannaamisen, ole kärsivällinen sillä skannaus vie aikaa.
Kun skannaus on valmis:
TÄRKEÄÄ : Älä klikkaa "Save Scan Report" ennen kuin klikkaat "Apply all Actions"
[*]Varmistu, että Set all elements to: näyttää Quarantine (1), jos ei, klikkaa linkkiä ja valitse Quarantine popup-valikosta.
[*]Sinulta kysytään mitä tehdä jos infektioita löytyi, valitse silloin "Apply all actions"
[*]Sitten klikkaa "Reports" kuvaketta ohjelma yläosasta.
[*]Klikkaa "Save report as" painiketta ikkunan vasemmassa alalaidassa ja tallenna raportti työpöydälle.
[*]Sulje ohjelma, käynnistä kone normaalisti ja lähetä AVG:n raportti viestiketjuusi.
==========
Tämä jos tunnet tietokoneesi olevan hitaan puoleinen, etkä ole eheyttänyt pitkään aikaan:
Avaa Oma tietokone
-> Tee seuraava toimenpide kaikille Paikallisille levyille
==========
Lataa CCleaner ja asenna se:
Avaa "Options", sieltä "Language" ja valitse "Suomi (Finnish)"
Avaa "Virheet" kohta, paina "Etsi rekisterin virheitä", paina "Korjaa valitut rekisterin virheet..". Paina "Kyllä", kun ohjelma kysyy "Haluatko varmuuskopioida muutokset rekisteriin", tallenna tiedosto esim. työpöydälle.
Avaa "Puhdistaja", paina "Tutki" ja tämän jälkeen "Aja Ccleaner". Puhdista väliaikaistiedostot ja -kansiot ohjelmalla säännöllisesti
==========
Uusi HijackThis logi ja onko ongelmia?
|
Member
|
24. toukokuuta 2007 @ 18:37 |
Linkki tähän viestiin
|
Näyttää toimivan jo paremmin.
==========
Logfile of HijackThis v1.99.1
Scan saved at 22:36:03, on 24.5.2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16441)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Sygate\SPF\smc.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
c:\APPS\Powercinema\Kernel\TV\CLCapSvc.exe
c:\APPS\Powercinema\Kernel\CLML_NTService\CLMLServer.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Apps\Softex\OmniPass\Omniserv.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
C:\Program Files\Sonic\DigitalMedia LE v7\MyDVD LE\USBDeviceService.exe
c:\APPS\Powercinema\Kernel\TV\CLSched.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
C:\Program Files\Logitech\SetPoint\SetPoint.exe
C:\Program Files\NYKO\Gamepad Mapping Tools\ngpmap.exe
C:\Program Files\Common Files\Logitech\khalshared\KHALMNPR.EXE
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\wuauclt.exe
C:\hijackthis\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://jonneweb.net/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Linkit
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O2 - BHO: Octh Class - {000123B4-9B42-4900-B3F7-F4B073EFC214} - C:\Program Files\Orbitdownloader\orbitcth.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Startup: NYKO Gamepad Mapping Tools.lnk = C:\Program Files\NYKO\Gamepad Mapping Tools\ngpmap.exe
O4 - Startup: OneNote 2007 -näyttöleikkeet ja Launcher.lnk = C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
O4 - Global Startup: Logitech SetPoint.lnk = ?
O8 - Extra context menu item: &Download by Orbit - res://C:\Program Files\Orbitdownloader\orbitmxt.dll/201
O8 - Extra context menu item: &Grab video by Orbit - res://C:\Program Files\Orbitdownloader\orbitmxt.dll/204
O8 - Extra context menu item: Do&wnload selected by Orbit - res://C:\Program Files\Orbitdownloader\orbitmxt.dll/203
O8 - Extra context menu item: Down&load all by Orbit - res://C:\Program Files\Orbitdownloader\orbitmxt.dll/202
O8 - Extra context menu item: Lataa FlashGetillä - C:\Program Files\FlashGet\jc_link.htm
O8 - Extra context menu item: Lataa kaikki FlashGetillä - C:\Program Files\FlashGet\jc_all.htm
O8 - Extra context menu item: V&ie Microsoft Exceliin - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra button: Lähetä OneNoteen - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: Läh&etä OneNoteen - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\flashget.exe (file missing)
O9 - Extra 'Tools' menuitem: &FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\flashget.exe (file missing)
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O11 - Options group: [INTERNATIONAL] International*
O14 - IERESET.INF: START_PAGE_URL=file://C:\APPS\IE\offline\fin.htm
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab31267.cab
O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Mes...nt.cab31267.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Mes...nt.cab31267.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://messenger.zone.msn.com/binary/ZIntro.cab53083.cab
O16 - DPF: {CD995117-98E5-4169-9920-6C12D4C0B548} (HGPlugin9USA Class) - http://gamedownload.ijjimax.com/gamedown...GPlugin9USA.cab
O16 - DPF: {D1E7CBDA-E60E-4970-A01C-37301EF7BF98} (Measurement Services Client v.3.11) - http://gameadvisor.futuremark.com/global/msc311.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{4A916D6D-55F7-4F22-AF53-F46CB7522975}: NameServer = 143.166.82.252
O17 - HKLM\System\CCS\Services\Tcpip\..\{50D0E0B9-218B-4EFA-A131-6E6B79354BED}: NameServer = 143.166.82.252
O17 - HKLM\System\CCS\Services\Tcpip\..\{DCD548C5-1EDB-4AEE-B53B-AD8DBDE5F678}: NameServer = 143.166.82.252
O17 - HKLM\System\CCS\Services\Tcpip\..\{DE738E05-0F03-494F-9A55-B36CF80991ED}: NameServer = 143.166.82.252
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~2\Office12\GR99D3~1.DLL
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Filter hijack: text/xml - {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL
O20 - Winlogon Notify: OPXPGina - C:\Apps\Softex\OmniPass\opxpgina.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Microsoft ASPI Manager (aspimgr) - Unknown owner - C:\WINDOWS\system32\aspimgr.exe (file missing)
O23 - Service: Automattinen LiveUpdate-ajastustoiminto - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: CyberLink Background Capture Service (CBCS) (CLCapSvc) - Unknown owner - c:\APPS\Powercinema\Kernel\TV\CLCapSvc.exe
O23 - Service: CyberLink Task Scheduler (CTS) (CLSched) - Unknown owner - c:\APPS\Powercinema\Kernel\TV\CLSched.exe
O23 - Service: CyberLink Media Library Service - Cyberlink - c:\APPS\Powercinema\Kernel\CLML_NTService\CLMLServer.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: LicCtrl Service (LicCtrlService) - Unknown owner - C:\WINDOWS\runservice.exe (file missing)
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Softex OmniPass Service (omniserv) - Softex Inc. - C:\Apps\Softex\OmniPass\Omniserv.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: SF FrontLine Drivers Auto Removal (v1) (sfrem01) - Protection Technology (StarForce) - C:\WINDOWS\system32\sfrem01.exe
O23 - Service: Sygate Personal Firewall (SmcService) - Sygate Technologies, Inc. - C:\Program Files\Sygate\SPF\smc.exe
O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
O23 - Service: USBDeviceService - Unknown owner - C:\Program Files\Sonic\DigitalMedia LE v7\MyDVD LE\USBDeviceService.exe
O23 - Service: SecuROM User Access Service (V7) (UserAccess7) - Unknown owner - C:\WINDOWS\system32\UAService7.exe (file missing)
==========
---------------------------------------------------------
AVG Anti-Spyware - Scan Report
---------------------------------------------------------
+ Created at: 22:26:31 24.5.2007
+ Scan result:
HKLM\SYSTEM\CurrentControlSet\Enum\NMWCD\VID_0421&PID_04B8&IF_OBX\6&11084b85&0&01\\Class -> Adware.MarketScore : Error during cleaning.
C:\System Volume Information\_restore{214986C9-2D86-4D74-8DFD-F9201943C32C}\RP307\A0081250.dll -> Adware.Virtumonde : Cleaned with backup (quarantined).
C:\VundoFix Backups\fccbcab.dll.bad -> Adware.Virtumonde : Cleaned with backup (quarantined).
C:\QooBox\Quarantine\C\WINDOWS\system32\setlink.dll.vir -> Downloader.Agent.bga : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{214986C9-2D86-4D74-8DFD-F9201943C32C}\RP308\A0082297.dll -> Downloader.Agent.bga : Cleaned with backup (quarantined).
C:\SDFix\backups\winF1.tmp.exe -> Downloader.Alphabet : Cleaned with backup (quarantined).
C:\WINDOWS\smanager.7.exe~ -> Downloader.Alphabet : Cleaned with backup (quarantined).
C:\QooBox\Quarantine\C\WINDOWS\ServicePackFiles\services.exe.vir -> Downloader.CWS.am : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{214986C9-2D86-4D74-8DFD-F9201943C32C}\RP308\A0082276.exe -> Downloader.CWS.am : Cleaned with backup (quarantined).
C:\QooBox\Quarantine\C\WINDOWS\ServicePackFiles\522124519.dll.vir -> Hijacker.Agent.hz : Cleaned with backup (quarantined).
C:\QooBox\Quarantine\C\WINDOWS\system32\arcac.exe.vir -> Hijacker.Agent.hz : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{214986C9-2D86-4D74-8DFD-F9201943C32C}\RP308\A0082275.dll -> Hijacker.Agent.hz : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{214986C9-2D86-4D74-8DFD-F9201943C32C}\RP308\A0082278.exe -> Hijacker.Agent.hz : Cleaned with backup (quarantined).
C:\QooBox\Quarantine\C\WINDOWS\system32\v7.exe.vir -> Hijacker.Agent.jc : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{214986C9-2D86-4D74-8DFD-F9201943C32C}\RP308\A0082279.exe -> Hijacker.Agent.jc : Cleaned with backup (quarantined).
C:\QooBox\Quarantine\catchme2007-05-24_153017.29.zip/xpdt.sys -> Hijacker.Costrat.at : Cleaned with backup (quarantined).
C:\cwainda.exe -> Hijacker.Costrat.at : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{214986C9-2D86-4D74-8DFD-F9201943C32C}\RP307\A0081221.exe -> Not-A-Virus.Hoax.Win32.Renos.hn : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{214986C9-2D86-4D74-8DFD-F9201943C32C}\RP309\A0083440.exe -> Proxy.Mitglieder.cm : Cleaned with backup (quarantined).
:mozilla.21:D:\Documents and Settings\Temes\Application Data\Mozilla\Firefox\Profiles\7p5qodao.default\cookies.txt -> TrackingCookie.Imrworldwide : Cleaned.
:mozilla.22:D:\Documents and Settings\Temes\Application Data\Mozilla\Firefox\Profiles\7p5qodao.default\cookies.txt -> TrackingCookie.Imrworldwide : Cleaned.
:mozilla.43:D:\Documents and Settings\Vieras\Application Data\Mozilla\Firefox\Profiles\b2mk8ja7.default\cookies.txt -> TrackingCookie.Imrworldwide : Cleaned.
:mozilla.6:D:\Documents and Settings\Vieras\Application Data\Mozilla\Firefox\Profiles\b2mk8ja7.default\cookies.txt -> TrackingCookie.Statistik-gallup : Cleaned.
:mozilla.7:D:\Documents and Settings\Vieras\Application Data\Mozilla\Firefox\Profiles\b2mk8ja7.default\cookies.txt -> TrackingCookie.Statistik-gallup : Cleaned.
:mozilla.9:D:\Documents and Settings\Temes\Application Data\Mozilla\Firefox\Profiles\7p5qodao.default\cookies.txt -> TrackingCookie.Statistik-gallup : Cleaned.
D:\Documents and Settings\Vieras\Cookies\vieras@statistik-gallup[1].txt -> TrackingCookie.Statistik-gallup : Cleaned.
C:\System Volume Information\_restore{214986C9-2D86-4D74-8DFD-F9201943C32C}\RP309\A0083441.dll -> Trojan.Agent.qt : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{214986C9-2D86-4D74-8DFD-F9201943C32C}\RP309\A0083442.dll -> Trojan.Agent.qt : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{214986C9-2D86-4D74-8DFD-F9201943C32C}\RP309\A0083387.dll -> Trojan.Dialer.qn : Cleaned with backup (quarantined).
C:\VundoFix Backups\winmfu32.dll.bad -> Trojan.Dialer.qn : Cleaned with backup (quarantined).
C:\QooBox\Quarantine\C\WINDOWS\system32\wincom32.sys.vir -> Trojan.Tibs.w : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{214986C9-2D86-4D74-8DFD-F9201943C32C}\RP308\A0082281.sys -> Trojan.Tibs.w : Cleaned with backup (quarantined).
::Report end
==========
Ei se aina lähe, ei ees joka kerta.
|
|
Auttaja
Suspended permanently
|
24. toukokuuta 2007 @ 19:12 |
Linkki tähän viestiin
|
Missäs tietokoneen virustorjunta?
Avira Antivir paras ilmanen siihen
=======
Käynnistä -> Suorita -> Kirjoita seuraava ruutuun ja paina OK; services.msc
Rullaa seuraavan palvelun kohdalle:
Microsoft ASPI Manager (aspimgr)
Klikkaa sitä hiiren oikealla näppäimellä ja valitse valikosta Pysäytä.
Sitten paina "Ominaisuudet". Vaihda käynnistymistavaksi Ei käytössä
Paina OK ja sulje ikkuna.
=======
Avaa HijackThis ja fixaa tämä rivi
O23 - Service: Microsoft ASPI Manager (aspimgr) - Unknown owner - C:\WINDOWS\system32\aspimgr.exe (file missing)
=========0
Lataa MWav eScan työpöydälle.
Tuplaklikkaa mwav.exeä, aukeaa lisenssisopimus, hyväksy se.
Merkitse seuraavat kohdat ennen scannausta.
[*]Muisti
[*]Käynnistyskansiot
[*]Asema - Kaikki paikalliset levyt
[*]Kansio - Paina selaa ja vaihda hakemistoksi C:\
[*]Rekisteri
[*]Järjestelmäkansiot
[*]Palvelut
[*]Vain skannaa
[*]Sisällä alikansiot
[*]Skannaa kaikki tiedostot
Varmistu että kaikki edellämainitut kohdat ovat varmasti merkattu, paina Vain Skannaa.
Huom. eScan voi näyttää siltä että se olisi valmis, mutta se ei välttämättä ole. Ohjelma ilmoittaa kun on valmis.
eScan listaa alempaan ikkunaan saastuneet tiedostot kun scannaus on valmis, kopio(CTRL+C) ja liitä(CTRL+V) kaikki mitä boksiin tulee seuraavaan viestiisi.
========
Uusi hijackthislogi jos viel jaksat :D
|
Member
|
25. toukokuuta 2007 @ 20:41 |
Linkki tähän viestiin
|
Joo täs olis taas:
==========
Tiedosto D:\Documents and Settings\Temes\Työpöytä\SmitfraudFix\Reboot.exe merkitty "not-a-virus:RiskTool.Win32.Reboot.f":ksi. Tehty toiminto: Ei toimintoa.
Tiedosto D:\Documents and Settings\Temes\Työpöytä\SmitfraudFix.exe//data.rar/SmitfraudFix\Reboot.exe merkitty "not-a-virus:RiskTool.Win32.Reboot.f":ksi. Tehty toiminto: Ei toimintoa.
Objekti "maxsearch Adware" löytynyt tiedostojärjestelmästä! Tehty toiminto: Ei toimintoa.
Objekti "grokster Spyware/Adware" löytynyt tiedostojärjestelmästä! Tehty toiminto: Ei toimintoa.
Objekti "wareout Adware" löytynyt tiedostojärjestelmästä! Tehty toiminto: Ei toimintoa.
Objekti "grokster Spyware/Adware" löytynyt tiedostojärjestelmästä! Tehty toiminto: Ei toimintoa.
Objekti "trojan-downloader.bat.ftp.ab Trojan-Downloader" löytynyt tiedostojärjestelmästä! Tehty toiminto: Ei toimintoa.
Objekti "trojan-downloader.bat.ftp.ab Trojan-Downloader" löytynyt tiedostojärjestelmästä! Tehty toiminto: Ei toimintoa.
Objekti "trojan-downloader.bat.ftp.ab Trojan-Downloader" löytynyt tiedostojärjestelmästä! Tehty toiminto: Ei toimintoa.
Objekti "trojan-downloader.bat.ftp.ab Trojan-Downloader" löytynyt tiedostojärjestelmästä! Tehty toiminto: Ei toimintoa.
Objekti "trojan-downloader.bat.ftp.ab Trojan-Downloader" löytynyt tiedostojärjestelmästä! Tehty toiminto: Ei toimintoa.
Objekti "xtractor plus Spyware/Adware" löytynyt tiedostojärjestelmästä! Tehty toiminto: Ei toimintoa.
Objekti "trojan-downloader.bat.ftp.ab Trojan-Downloader" löytynyt tiedostojärjestelmästä! Tehty toiminto: Ei toimintoa.
Objekti "trojan-downloader.bat.ftp.ab Trojan-Downloader" löytynyt tiedostojärjestelmästä! Tehty toiminto: Ei toimintoa.
Objekti "trojan-downloader.bat.ftp.ab Trojan-Downloader" löytynyt tiedostojärjestelmästä! Tehty toiminto: Ei toimintoa.
Objekti "trojan-downloader.bat.ftp.ab Trojan-Downloader" löytynyt tiedostojärjestelmästä! Tehty toiminto: Ei toimintoa.
Objekti "trojan-downloader.bat.ftp.ab Trojan-Downloader" löytynyt tiedostojärjestelmästä! Tehty toiminto: Ei toimintoa.
Objekti "trojan-downloader.bat.ftp.ab Trojan-Downloader" löytynyt tiedostojärjestelmästä! Tehty toiminto: Ei toimintoa.
Objekti "winfixer/errorsafe Adware" löytynyt tiedostojärjestelmästä! Tehty toiminto: Ei toimintoa.
Objekti "lop.com Spyware/Adware" löytynyt tiedostojärjestelmästä! Tehty toiminto: Ei toimintoa.
Objekti "lop.com Spyware/Adware" löytynyt tiedostojärjestelmästä! Tehty toiminto: Ei toimintoa.
Objekti "lop.com Spyware/Adware" löytynyt tiedostojärjestelmästä! Tehty toiminto: Ei toimintoa.
Objekti "lop.com Spyware/Adware" löytynyt tiedostojärjestelmästä! Tehty toiminto: Ei toimintoa.
Objekti "lop.com Spyware/Adware" löytynyt tiedostojärjestelmästä! Tehty toiminto: Ei toimintoa.
Objekti "lop.com Spyware/Adware" löytynyt tiedostojärjestelmästä! Tehty toiminto: Ei toimintoa.
Objekti "lop.com Spyware/Adware" löytynyt tiedostojärjestelmästä! Tehty toiminto: Ei toimintoa.
Objekti "lop.com Spyware/Adware" löytynyt tiedostojärjestelmästä! Tehty toiminto: Ei toimintoa.
Objekti "peopleonpage Spyware/Adware" löytynyt tiedostojärjestelmästä! Tehty toiminto: Ei toimintoa.
Asetus "HKCR\CddbCdda.CddbCddaProducer" viittaa virheelliseen objektiin "{AD6F944A-9903-47FE-90BA-59C1F9303B47}". Tehty tominto: Ei toimintoa.
Asetus "HKCR\CddbCdda.CddbCddaProducer.1" viittaa virheelliseen objektiin "{AD6F944A-9903-47FE-90BA-59C1F9303B47}". Tehty tominto: Ei toimintoa.
Asetus "HKCR\CDDBControlWinamp.CddbDisc" viittaa virheelliseen objektiin "{fba38bcf-e23d-4979-811e-1326bbadb8c8}". Tehty tominto: Ei toimintoa.
Asetus "HKCR\CDDBControlWinamp.CddbDisc.1" viittaa virheelliseen objektiin "{fba38bcf-e23d-4979-811e-1326bbadb8c8}". Tehty tominto: Ei toimintoa.
Asetus "HKCR\CDDBControlWinamp.CddbFullName.1" viittaa virheelliseen objektiin "{d4387178-98ca-4929-b8e3-a11cd2f333a6}". Tehty tominto: Ei toimintoa.
Asetus "HKCR\CDDBControlWinamp.CddbTrackManager" viittaa virheelliseen objektiin "{43918f8f-f3be-4760-b4bb-6c89d9d91487}". Tehty tominto: Ei toimintoa.
Asetus "HKCR\CDDBControlWinamp.CddbTrackManager.1" viittaa virheelliseen objektiin "{43918f8f-f3be-4760-b4bb-6c89d9d91487}". Tehty tominto: Ei toimintoa.
Asetus "HKCR\CDDBControlWinamp.CDDBWinampControl" viittaa virheelliseen objektiin "{44b09a5f-5dee-4539-8001-d4b2d45c2876}". Tehty tominto: Ei toimintoa.
Asetus "HKCR\CDDBControlWinamp.CDDBWinampControl.1" viittaa virheelliseen objektiin "{44b09a5f-5dee-4539-8001-d4b2d45c2876}". Tehty tominto: Ei toimintoa.
Asetus "HKCR\CDDBControlWinamp.FullName" viittaa virheelliseen objektiin "{d4387178-98ca-4929-b8e3-a11cd2f333a6}". Tehty tominto: Ei toimintoa.
Asetus "HKCR\CDDBUIControlWinamp.CddbWinampUI" viittaa virheelliseen objektiin "{96632d1e-f3eb-4f54-ba79-9969692db659}". Tehty tominto: Ei toimintoa.
Asetus "HKCR\CDDBUIControlWinamp.CddbWinampUI.1" viittaa virheelliseen objektiin "{96632d1e-f3eb-4f54-ba79-9969692db659}". Tehty tominto: Ei toimintoa.
Asetus "HKCR\JavaWebStart.isInstalled.1.5.0.0" viittaa virheelliseen objektiin "{5852F5ED-8BF4-11D4-A245-0080C6F74284}". Tehty tominto: Ei toimintoa.
Asetus "HKCU\Software\Netscape\Netscape Navigator\User Trusted External Applications" viittaa virheelliseen objektiin "C:\PROGRA~1\QUICKT~1\QuickTimePlayer.exe". Tehty tominto: Ei toimintoa.
Asetus "HKCU\Software\Netscape\Netscape Navigator\User Trusted External Applications" viittaa virheelliseen objektiin "C:\PROGRA~1\QUICKT~1\PictureViewer.exe". Tehty tominto: Ei toimintoa.
Asetus "HKCU\Software\Netscape\Netscape Navigator\User Trusted External Applications" viittaa virheelliseen objektiin "C:\Program Files\Logitech\Desktop Messenger\8876480\7.2.0.137-8876480SL\Program\PrvCnt.exe". Tehty tominto: Ei toimintoa.
Asetus "HKCU\Software\Netscape\Netscape Navigator\User Trusted External Applications" viittaa virheelliseen objektiin ""C:\Program Files\Java\jre1.5.0_06\bin\javaws.exe"". Tehty tominto: Ei toimintoa.
Asetus "HKCU\Software\Netscape\Netscape Navigator\User Trusted External Applications" viittaa virheelliseen objektiin "C:\Program Files\Logitech\Desktop Messenger\8876480\7.2.0.157-8876480SL\Program\PrvCnt.exe". Tehty tominto: Ei toimintoa.
Asetus "HKCU\Software\Netscape\Netscape Navigator\User Trusted External Applications" viittaa virheelliseen objektiin ""C:\Program Files\Java\jre1.5.0_10\bin\javaws.exe"". Tehty tominto: Ei toimintoa.
Asetus "HKCU\Software\Netscape\Netscape Navigator\User Trusted External Applications" viittaa virheelliseen objektiin "C:\Program Files\Logitech\Desktop Messenger\8876480\8.1.1.50-8876480SL\Program\PrvCnt.exe". Tehty tominto: Ei toimintoa.
Asetus "HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts" viittaa virheelliseen objektiin ".cda". Tehty tominto: Ei toimintoa.
Tiedoston C:\WINDOWS\system32\alt.exe on saastuttanut virus "Packed.Win32.Tibs.y". Tehty toiminto: Ei toimintoa.
Tiedosto C:\Program Files\mIRC\mirc.exe merkitty not-a-virus:Client-IRC.Win32.mIRC.62. Ei toimintoa.
Tiedoston C:\QooBox\Quarantine\C\WINDOWS\ServicePackFiles\free.exe.vir//PE_Patch.UPX//UPX on saastuttanut virus "Trojan.Win32.Agent.ws". Tehty toiminto: Ei toimintoa.
Tiedosto C:\QooBox\Quarantine\C\WINDOWS\ServicePackFiles\killer.exe.vir merkitty "not-a-virus:RiskTool.Win32.PsKill.j":ksi. Tehty toiminto: Ei toimintoa.
Tiedoston C:\QooBox\Quarantine\C\WINDOWS\system32\alt.exe.exe.vir on saastuttanut virus "Packed.Win32.Tibs.y". Tehty toiminto: Ei toimintoa.
Tiedoston C:\QooBox\Quarantine\C\WINDOWS\system32\pee.exe.exe.vir on saastuttanut virus "Packed.Win32.Tibs.y". Tehty toiminto: Ei toimintoa.
Tiedoston C:\QooBox\Quarantine\C\WINDOWS\system32\windev-3c52-2083.sys.vir on saastuttanut virus "Packed.Win32.Tibs.w". Tehty toiminto: Ei toimintoa.
Tiedoston C:\QooBox\Quarantine\C\WINDOWS\system32\xartcd5.dll.vir//PE_Patch.UPX//UPX on saastuttanut virus "Trojan-Spy.Win32.Goldun.ma". Tehty toiminto: Ei toimintoa.
Tiedoston C:\QooBox\Quarantine\C\WINDOWS\winvip.exe.vir//PE_Patch.UPX//UPX on saastuttanut virus "Trojan.Win32.Conycspa.p". Tehty toiminto: Ei toimintoa.
Tiedoston C:\System Volume Information\_restore{214986C9-2D86-4D74-8DFD-F9201943C32C}\RP284\A0075481.exe on saastuttanut virus "Exe.Corrupted". Tehty toiminto: Ei toimintoa.
Tiedoston C:\System Volume Information\_restore{214986C9-2D86-4D74-8DFD-F9201943C32C}\RP285\A0075512.exe on saastuttanut virus "Exe.Corrupted". Tehty toiminto: Ei toimintoa.
Tiedoston C:\System Volume Information\_restore{214986C9-2D86-4D74-8DFD-F9201943C32C}\RP286\A0075561.exe on saastuttanut virus "Exe.Corrupted". Tehty toiminto: Ei toimintoa.
Tiedoston C:\System Volume Information\_restore{214986C9-2D86-4D74-8DFD-F9201943C32C}\RP286\A0075570.exe on saastuttanut virus "Exe.Corrupted". Tehty toiminto: Ei toimintoa.
Tiedoston C:\System Volume Information\_restore{214986C9-2D86-4D74-8DFD-F9201943C32C}\RP286\A0075672.exe on saastuttanut virus "Exe.Corrupted". Tehty toiminto: Ei toimintoa.
Tiedoston C:\System Volume Information\_restore{214986C9-2D86-4D74-8DFD-F9201943C32C}\RP296\A0076741.exe on saastuttanut virus "Exe.Corrupted". Tehty toiminto: Ei toimintoa.
Tiedoston C:\System Volume Information\_restore{214986C9-2D86-4D74-8DFD-F9201943C32C}\RP300\A0077509.exe on saastuttanut virus "Exe.Corrupted". Tehty toiminto: Ei toimintoa.
Tiedoston C:\System Volume Information\_restore{214986C9-2D86-4D74-8DFD-F9201943C32C}\RP301\A0077539.exe on saastuttanut virus "Exe.Corrupted". Tehty toiminto: Ei toimintoa.
Tiedoston C:\System Volume Information\_restore{214986C9-2D86-4D74-8DFD-F9201943C32C}\RP302\A0077654.exe on saastuttanut virus "Exe.Corrupted". Tehty toiminto: Ei toimintoa.
Tiedosto C:\System Volume Information\_restore{214986C9-2D86-4D74-8DFD-F9201943C32C}\RP307\A0081245.dll merkitty "not-a-virus:AdWare.Win32.Virtumonde.jp":ksi. Tehty toiminto: Ei toimintoa.
Tiedoston C:\System Volume Information\_restore{214986C9-2D86-4D74-8DFD-F9201943C32C}\RP308\A0082273.exe on saastuttanut virus "Packed.Win32.Tibs.y". Tehty toiminto: Ei toimintoa.
Tiedoston C:\System Volume Information\_restore{214986C9-2D86-4D74-8DFD-F9201943C32C}\RP308\A0082274.exe on saastuttanut virus "Packed.Win32.Tibs.y". Tehty toiminto: Ei toimintoa.
Tiedoston C:\System Volume Information\_restore{214986C9-2D86-4D74-8DFD-F9201943C32C}\RP308\A0082282.exe//PE_Patch.UPX//UPX on saastuttanut virus "Trojan.Win32.Agent.ws". Tehty toiminto: Ei toimintoa.
Tiedoston C:\System Volume Information\_restore{214986C9-2D86-4D74-8DFD-F9201943C32C}\RP308\A0082283.exe//PE_Patch.UPX//UPX on saastuttanut virus "Trojan.Win32.Conycspa.p". Tehty toiminto: Ei toimintoa.
Tiedosto C:\System Volume Information\_restore{214986C9-2D86-4D74-8DFD-F9201943C32C}\RP308\A0082285.exe merkitty "not-a-virus:RiskTool.Win32.PsKill.j":ksi. Tehty toiminto: Ei toimintoa.
Tiedoston C:\System Volume Information\_restore{214986C9-2D86-4D74-8DFD-F9201943C32C}\RP308\A0083260.dll//PE_Patch.UPX//UPX on saastuttanut virus "Trojan-Spy.Win32.Goldun.ma". Tehty toiminto: Ei toimintoa.
Tiedoston C:\System Volume Information\_restore{214986C9-2D86-4D74-8DFD-F9201943C32C}\RP308\A0083262.sys on saastuttanut virus "Packed.Win32.Tibs.w". Tehty toiminto: Ei toimintoa.
Tiedoston C:\System Volume Information\_restore{214986C9-2D86-4D74-8DFD-F9201943C32C}\RP309\A0083483.exe on saastuttanut virus "Trojan-Clicker.Win32.Costrat.at". Tehty toiminto: Ei toimintoa.
Tiedoston C:\System Volume Information\_restore{214986C9-2D86-4D74-8DFD-F9201943C32C}\RP309\A0083484.exe//PE_Patch.PECompact//PecBundle//PECompact on saastuttanut virus "Trojan-Downloader.Win32.Alphabet.gen". Tehty toiminto: Ei toimintoa.
Tiedosto C:\VundoFix Backups\khfcbcd.dll.bad merkitty "not-a-virus:AdWare.Win32.Virtumonde.jp":ksi. Tehty toiminto: Ei toimintoa.
Tiedoston C:\WINDOWS\Installer\{066D65EA-ED53-44E4-A96A-F81B6E409D2E}\ARPPRODUCTICON.exe on saastuttanut virus "Exe.Corrupted". Tehty toiminto: Ei toimintoa.
Tiedoston C:\WINDOWS\Installer\{174D5678-D941-433C-BD23-58A5C7B0D36D}\ARPPRODUCTICON.exe on saastuttanut virus "Exe.Corrupted". Tehty toiminto: Ei toimintoa.
Tiedoston C:\WINDOWS\Installer\{1A15507A-8551-4626-915D-3D5FA095CC1B}\ARPPRODUCTICON.exe on saastuttanut virus "Exe.Corrupted". Tehty toiminto: Ei toimintoa.
Tiedoston C:\WINDOWS\Installer\{57A48477-92F0-4C1F-ADF9-4806C4EC3CF2}\ARPPRODUCTICON.exe on saastuttanut virus "Exe.Corrupted". Tehty toiminto: Ei toimintoa.
Tiedoston C:\WINDOWS\Installer\{57A48477-92F0-4C1F-ADF9-4806C4EC3CF2}\EXTUI_UninstallPCSui_0F854AC05AF149EFBE65492233B7B5AD.exe on saastuttanut virus "Exe.Corrupted". Tehty toiminto: Ei toimintoa.
Tiedoston C:\WINDOWS\Installer\{972B1D9B-0EAD-49E8-B7D6-3B83FD5665B1}\ARPPRODUCTICON.exe on saastuttanut virus "Exe.Corrupted". Tehty toiminto: Ei toimintoa.
Tiedoston C:\WINDOWS\Installer\{AC76BA86-7AD7-1035-7B44-A70900000002}\SC_Reader.exe on saastuttanut virus "Exe.Corrupted". Tehty toiminto: Ei toimintoa.
Tiedoston C:\WINDOWS\Installer\{DF6FEB75-A0D1-44E5-A754-0072D4967734}\MsblIco.Exe on saastuttanut virus "Exe.Corrupted". Tehty toiminto: Ei toimintoa.
Tiedoston C:\WINDOWS\Installer\{E914A24F-2412-4374-B420-86D21D6D444A}\ARPPRODUCTICON.exe on saastuttanut virus "Exe.Corrupted". Tehty toiminto: Ei toimintoa.
Tiedoston C:\WINDOWS\Installer\{E914A24F-2412-4374-B420-86D21D6D444A}\Uninstall_LEGO_Star__E914A24F24124374B42086D21D6D444A.exe on saastuttanut virus "Exe.Corrupted". Tehty toiminto: Ei toimintoa.
Tiedoston C:\WINDOWS\Installer\{EBB794ED-D282-4334-92FB-254481EFF514}\ARPPRODUCTICON.exe on saastuttanut virus "Exe.Corrupted". Tehty toiminto: Ei toimintoa.
Tiedoston C:\WINDOWS\system32\alt.exe on saastuttanut virus "Packed.Win32.Tibs.y". Tehty toiminto: Ei toimintoa.
Tiedoston C:\WINDOWS\system32\Macromed\Director\M5drvr32.exe on saastuttanut virus "Exe.Corrupted". Tehty toiminto: Ei toimintoa.
Tiedoston D:\Documents and Settings\All Users\Application Data\fkjwfeds.exe//UPX on saastuttanut virus "Trojan.Win32.Obfuscated.ev". Tehty toiminto: Ei toimintoa.
Tiedoston D:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\01356134.exe on saastuttanut virus "Exe.Corrupted". Tehty toiminto: Ei toimintoa.
Tiedoston D:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\08B84A20.exe on saastuttanut virus "Exe.Corrupted". Tehty toiminto: Ei toimintoa.
Tiedoston D:\Documents and Settings\Temes\Application Data\Microsoft\Installer\{091F4E7D-6E50-4CD3-A0C3-94DE96287065}\ARPPRODUCTICON.exe on saastuttanut virus "Exe.Corrupted". Tehty toiminto: Ei toimintoa.
Tiedoston D:\Documents and Settings\Temes\Application Data\Microsoft\Installer\{5E77082C-5DFC-42EF-9B16-64AD165F6BE2}\ARPPRODUCTICON.exe on saastuttanut virus "Exe.Corrupted". Tehty toiminto: Ei toimintoa.
Tiedoston D:\Documents and Settings\Temes\Application Data\Microsoft\Installer\{5E77082C-5DFC-42EF-9B16-64AD165F6BE2}\NewShortcut11_BBE18EBDCD444C518BC5577ECCCEC68F.exe on saastuttanut virus "Exe.Corrupted". Tehty toiminto: Ei toimintoa.
Tiedoston D:\Documents and Settings\Temes\Application Data\Microsoft\Installer\{5E77082C-5DFC-42EF-9B16-64AD165F6BE2}\NewShortcut1_BBE18EBDCD444C518BC5577ECCCEC68F.exe on saastuttanut virus "Exe.Corrupted". Tehty toiminto: Ei toimintoa.
Tiedoston D:\Documents and Settings\Temes\Application Data\Microsoft\Installer\{5E77082C-5DFC-42EF-9B16-64AD165F6BE2}\Uninstall_inc_rotu_D43C71BACE6645969EF4962C724CF3F3.exe on saastuttanut virus "Exe.Corrupted". Tehty toiminto: Ei toimintoa.
Tiedoston D:\Documents and Settings\Temes\Application Data\Microsoft\Installer\{7F9129B6-C438-4CCB-80CB-A97E9F3B6B8C}\_26e91eb.exe on saastuttanut virus "Exe.Corrupted". Tehty toiminto: Ei toimintoa.
Tiedoston D:\Documents and Settings\Temes\Application Data\Microsoft\Installer\{7F9129B6-C438-4CCB-80CB-A97E9F3B6B8C}\_5af141bb.exe on saastuttanut virus "Exe.Corrupted". Tehty toiminto: Ei toimintoa.
Tiedoston D:\Documents and Settings\Temes\Application Data\Microsoft\Installer\{7F9129B6-C438-4CCB-80CB-A97E9F3B6B8C}\_bb32ea6.exe on saastuttanut virus "Exe.Corrupted". Tehty toiminto: Ei toimintoa.
Tiedoston D:\Documents and Settings\Temes\Application Data\Microsoft\Installer\{8CC990CD-87C8-475C-AC32-8A7984E2FCFA}\ARPPRODUCTICON.exe on saastuttanut virus "Exe.Corrupted". Tehty toiminto: Ei toimintoa.
Tiedoston D:\Documents and Settings\Temes\Application Data\Microsoft\Installer\{9559F7CA-5E34-4237-A2D9-D856464AD727}\Uninstall_Project64__9559F7CA5E344237A2D9D856464AD727.exe on saastuttanut virus "Exe.Corrupted". Tehty toiminto: Ei toimintoa.
Tiedoston D:\Documents and Settings\Temes\Application Data\Microsoft\Installer\{C884B05A-F5D9-4AE4-9D84-E6BD9F6E7890}\ARPPRODUCTICON.exe on saastuttanut virus "Exe.Corrupted". Tehty toiminto: Ei toimintoa.
Tiedoston D:\Documents and Settings\Temes\Application Data\Microsoft\Installer\{C884B05A-F5D9-4AE4-9D84-E6BD9F6E7890}\NewShortcut5_C884B05AF5D94AE49D84E6BD9F6E7890.exe on saastuttanut virus "Exe.Corrupted". Tehty toiminto: Ei toimintoa.
Tiedoston D:\Documents and Settings\Temes\Application Data\Microsoft\Installer\{C884B05A-F5D9-4AE4-9D84-E6BD9F6E7890}\Uninstall_FlatOut2_C884B05AF5D94AE49D84E6BD9F6E7890.exe on saastuttanut virus "Exe.Corrupted". Tehty toiminto: Ei toimintoa.
Tiedoston D:\Documents and Settings\Temes\Application Data\Microsoft\Installer\{C89C8D86-4423-4A58-AA40-DD259ACE07C1}\ARPPRODUCTICON.exe on saastuttanut virus "Exe.Corrupted". Tehty toiminto: Ei toimintoa.
Tiedosto D:\Documents and Settings\Temes\Omat tiedostot\Nokia\Nokia_S40_Theme_Studio_1_2\Nokia_S40_TS_1_2_Install.exe//InstallerData/Disk1/InstData/Resource1.zip/$UIT_1_2_PROJECT_SHARE$/installer/mod/Nokia_Update_Manager_2.0.iam.zip/$IA_MERGE_RESOURCES$/Nokia Upda... merkitty "not-a-virus:RiskTool.Win32.PsKill.103":ksi. Tehty toiminto: Ei toimintoa.
Tiedosto D:\Documents and Settings\Temes\Omat tiedostot\Nokia\Nokia_S40_Theme_Studio_1_2.zip/Nokia_S40_TS_1_2_Install.exe//InstallerData/Disk1/InstData/Resource1.zip/$UIT_1_2_PROJECT_SHARE$/installer/mod/Nokia_Update_Manager_2.0.iam.zip/$IA_MERGE_RESOURCES$/Nokia ... merkitty "not-a-virus:RiskTool.Win32.PsKill.103":ksi. Tehty toiminto: Ei toimintoa.
Tiedosto D:\Documents and Settings\Temes\Omat tiedostot\ohmelat\mirc62.exe//stream//data0006 merkitty not-a-virus:Client-IRC.Win32.mIRC.62. Ei toimintoa.
Tiedoston D:\Documents and Settings\Temes\Omat tiedostot\pelit\pes6_demo.exe on saastuttanut virus "Exe.Corrupted". Tehty toiminto: Ei toimintoa.
Tiedosto D:\Documents and Settings\Temes\Työpöytä\SmitfraudFix\Reboot.exe merkitty "not-a-virus:RiskTool.Win32.Reboot.f":ksi. Tehty toiminto: Ei toimintoa.
Tiedosto D:\Documents and Settings\Temes\Työpöytä\SmitfraudFix.exe//data.rar/SmitfraudFix\Reboot.exe merkitty "not-a-virus:RiskTool.Win32.Reboot.f":ksi. Tehty toiminto: Ei toimintoa.
Tiedosto C:\Program Files\mIRC\mirc.exe merkitty not-a-virus:Client-IRC.Win32.mIRC.62. Ei toimintoa.
Tiedoston C:\QooBox\Quarantine\C\WINDOWS\ServicePackFiles\free.exe.vir//PE_Patch.UPX//UPX on saastuttanut virus "Trojan.Win32.Agent.ws". Tehty toiminto: Ei toimintoa.
Tiedosto C:\QooBox\Quarantine\C\WINDOWS\ServicePackFiles\killer.exe.vir merkitty "not-a-virus:RiskTool.Win32.PsKill.j":ksi. Tehty toiminto: Ei toimintoa.
Tiedoston C:\QooBox\Quarantine\C\WINDOWS\system32\alt.exe.exe.vir on saastuttanut virus "Packed.Win32.Tibs.y". Tehty toiminto: Ei toimintoa.
Tiedoston C:\QooBox\Quarantine\C\WINDOWS\system32\pee.exe.exe.vir on saastuttanut virus "Packed.Win32.Tibs.y". Tehty toiminto: Ei toimintoa.
Tiedoston C:\QooBox\Quarantine\C\WINDOWS\system32\windev-3c52-2083.sys.vir on saastuttanut virus "Packed.Win32.Tibs.w". Tehty toiminto: Ei toimintoa.
Tiedoston C:\QooBox\Quarantine\C\WINDOWS\system32\xartcd5.dll.vir//PE_Patch.UPX//UPX on saastuttanut virus "Trojan-Spy.Win32.Goldun.ma". Tehty toiminto: Ei toimintoa.
Tiedoston C:\QooBox\Quarantine\C\WINDOWS\winvip.exe.vir//PE_Patch.UPX//UPX on saastuttanut virus "Trojan.Win32.Conycspa.p". Tehty toiminto: Ei toimintoa.
Tiedoston C:\System Volume Information\_restore{214986C9-2D86-4D74-8DFD-F9201943C32C}\RP284\A0075481.exe on saastuttanut virus "Exe.Corrupted". Tehty toiminto: Ei toimintoa.
Tiedoston C:\System Volume Information\_restore{214986C9-2D86-4D74-8DFD-F9201943C32C}\RP285\A0075512.exe on saastuttanut virus "Exe.Corrupted". Tehty toiminto: Ei toimintoa.
Tiedoston C:\System Volume Information\_restore{214986C9-2D86-4D74-8DFD-F9201943C32C}\RP286\A0075561.exe on saastuttanut virus "Exe.Corrupted". Tehty toiminto: Ei toimintoa.
Tiedoston C:\System Volume Information\_restore{214986C9-2D86-4D74-8DFD-F9201943C32C}\RP286\A0075570.exe on saastuttanut virus "Exe.Corrupted". Tehty toiminto: Ei toimintoa.
Tiedoston C:\System Volume Information\_restore{214986C9-2D86-4D74-8DFD-F9201943C32C}\RP286\A0075672.exe on saastuttanut virus "Exe.Corrupted". Tehty toiminto: Ei toimintoa.
Tiedoston C:\System Volume Information\_restore{214986C9-2D86-4D74-8DFD-F9201943C32C}\RP296\A0076741.exe on saastuttanut virus "Exe.Corrupted". Tehty toiminto: Ei toimintoa.
Tiedoston C:\System Volume Information\_restore{214986C9-2D86-4D74-8DFD-F9201943C32C}\RP300\A0077509.exe on saastuttanut virus "Exe.Corrupted". Tehty toiminto: Ei toimintoa.
Tiedoston C:\System Volume Information\_restore{214986C9-2D86-4D74-8DFD-F9201943C32C}\RP301\A0077539.exe on saastuttanut virus "Exe.Corrupted". Tehty toiminto: Ei toimintoa.
Tiedoston C:\System Volume Information\_restore{214986C9-2D86-4D74-8DFD-F9201943C32C}\RP302\A0077654.exe on saastuttanut virus "Exe.Corrupted". Tehty toiminto: Ei toimintoa.
Tiedosto C:\System Volume Information\_restore{214986C9-2D86-4D74-8DFD-F9201943C32C}\RP307\A0081245.dll merkitty "not-a-virus:AdWare.Win32.Virtumonde.jp":ksi. Tehty toiminto: Ei toimintoa.
Tiedoston C:\System Volume Information\_restore{214986C9-2D86-4D74-8DFD-F9201943C32C}\RP308\A0082273.exe on saastuttanut virus "Packed.Win32.Tibs.y". Tehty toiminto: Ei toimintoa.
Tiedoston C:\System Volume Information\_restore{214986C9-2D86-4D74-8DFD-F9201943C32C}\RP308\A0082274.exe on saastuttanut virus "Packed.Win32.Tibs.y". Tehty toiminto: Ei toimintoa.
Tiedoston C:\System Volume Information\_restore{214986C9-2D86-4D74-8DFD-F9201943C32C}\RP308\A0082282.exe//PE_Patch.UPX//UPX on saastuttanut virus "Trojan.Win32.Agent.ws". Tehty toiminto: Ei toimintoa.
Tiedoston C:\System Volume Information\_restore{214986C9-2D86-4D74-8DFD-F9201943C32C}\RP308\A0082283.exe//PE_Patch.UPX//UPX on saastuttanut virus "Trojan.Win32.Conycspa.p". Tehty toiminto: Ei toimintoa.
Tiedosto C:\System Volume Information\_restore{214986C9-2D86-4D74-8DFD-F9201943C32C}\RP308\A0082285.exe merkitty "not-a-virus:RiskTool.Win32.PsKill.j":ksi. Tehty toiminto: Ei toimintoa.
Tiedoston C:\System Volume Information\_restore{214986C9-2D86-4D74-8DFD-F9201943C32C}\RP308\A0083260.dll//PE_Patch.UPX//UPX on saastuttanut virus "Trojan-Spy.Win32.Goldun.ma". Tehty toiminto: Ei toimintoa.
Tiedoston C:\System Volume Information\_restore{214986C9-2D86-4D74-8DFD-F9201943C32C}\RP308\A0083262.sys on saastuttanut virus "Packed.Win32.Tibs.w". Tehty toiminto: Ei toimintoa.
Tiedoston C:\System Volume Information\_restore{214986C9-2D86-4D74-8DFD-F9201943C32C}\RP309\A0083483.exe on saastuttanut virus "Trojan-Clicker.Win32.Costrat.at". Tehty toiminto: Ei toimintoa.
Tiedoston C:\System Volume Information\_restore{214986C9-2D86-4D74-8DFD-F9201943C32C}\RP309\A0083484.exe//PE_Patch.PECompact//PecBundle//PECompact on saastuttanut virus "Trojan-Downloader.Win32.Alphabet.gen". Tehty toiminto: Ei toimintoa.
Tiedosto C:\VundoFix Backups\khfcbcd.dll.bad merkitty "not-a-virus:AdWare.Win32.Virtumonde.jp":ksi. Tehty toiminto: Ei toimintoa.
Tiedoston C:\WINDOWS\Installer\{066D65EA-ED53-44E4-A96A-F81B6E409D2E}\ARPPRODUCTICON.exe on saastuttanut virus "Exe.Corrupted". Tehty toiminto: Ei toimintoa.
Tiedoston C:\WINDOWS\Installer\{174D5678-D941-433C-BD23-58A5C7B0D36D}\ARPPRODUCTICON.exe on saastuttanut virus "Exe.Corrupted". Tehty toiminto: Ei toimintoa.
Tiedoston C:\WINDOWS\Installer\{1A15507A-8551-4626-915D-3D5FA095CC1B}\ARPPRODUCTICON.exe on saastuttanut virus "Exe.Corrupted". Tehty toiminto: Ei toimintoa.
Tiedoston C:\WINDOWS\Installer\{57A48477-92F0-4C1F-ADF9-4806C4EC3CF2}\ARPPRODUCTICON.exe on saastuttanut virus "Exe.Corrupted". Tehty toiminto: Ei toimintoa.
Tiedoston C:\WINDOWS\Installer\{57A48477-92F0-4C1F-ADF9-4806C4EC3CF2}\EXTUI_UninstallPCSui_0F854AC05AF149EFBE65492233B7B5AD.exe on saastuttanut virus "Exe.Corrupted". Tehty toiminto: Ei toimintoa.
Tiedoston C:\WINDOWS\Installer\{972B1D9B-0EAD-49E8-B7D6-3B83FD5665B1}\ARPPRODUCTICON.exe on saastuttanut virus "Exe.Corrupted". Tehty toiminto: Ei toimintoa.
Tiedoston C:\WINDOWS\Installer\{AC76BA86-7AD7-1035-7B44-A70900000002}\SC_Reader.exe on saastuttanut virus "Exe.Corrupted". Tehty toiminto: Ei toimintoa.
Tiedoston C:\WINDOWS\Installer\{DF6FEB75-A0D1-44E5-A754-0072D4967734}\MsblIco.Exe on saastuttanut virus "Exe.Corrupted". Tehty toiminto: Ei toimintoa.
Tiedoston C:\WINDOWS\Installer\{E914A24F-2412-4374-B420-86D21D6D444A}\ARPPRODUCTICON.exe on saastuttanut virus "Exe.Corrupted". Tehty toiminto: Ei toimintoa.
Tiedoston C:\WINDOWS\Installer\{E914A24F-2412-4374-B420-86D21D6D444A}\Uninstall_LEGO_Star__E914A24F24124374B42086D21D6D444A.exe on saastuttanut virus "Exe.Corrupted". Tehty toiminto: Ei toimintoa.
Tiedoston C:\WINDOWS\Installer\{EBB794ED-D282-4334-92FB-254481EFF514}\ARPPRODUCTICON.exe on saastuttanut virus "Exe.Corrupted". Tehty toiminto: Ei toimintoa.
Tiedoston C:\WINDOWS\system32\alt.exe on saastuttanut virus "Packed.Win32.Tibs.y". Tehty toiminto: Ei toimintoa.
Tiedoston C:\WINDOWS\system32\Macromed\Director\M5drvr32.exe on saastuttanut virus "Exe.Corrupted". Tehty toiminto: Ei toimintoa.
==========
Logfile of HijackThis v1.99.1
Scan saved at 0:40:56, on 26.5.2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16441)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Sygate\SPF\smc.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
c:\APPS\Powercinema\Kernel\TV\CLCapSvc.exe
c:\APPS\Powercinema\Kernel\CLML_NTService\CLMLServer.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Apps\Softex\OmniPass\Omniserv.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
C:\Program Files\Sonic\DigitalMedia LE v7\MyDVD LE\USBDeviceService.exe
c:\APPS\Powercinema\Kernel\TV\CLSched.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
C:\Program Files\Logitech\SetPoint\SetPoint.exe
C:\Program Files\NYKO\Gamepad Mapping Tools\ngpmap.exe
C:\Program Files\Common Files\Logitech\khalshared\KHALMNPR.EXE
C:\Program Files\Mozilla Firefox\firefox.exe
C:\hijackthis\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://jonneweb.net/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Linkit
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O2 - BHO: Octh Class - {000123B4-9B42-4900-B3F7-F4B073EFC214} - C:\Program Files\Orbitdownloader\orbitcth.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Startup: NYKO Gamepad Mapping Tools.lnk = C:\Program Files\NYKO\Gamepad Mapping Tools\ngpmap.exe
O4 - Startup: OneNote 2007 -näyttöleikkeet ja Launcher.lnk = C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
O4 - Global Startup: Logitech SetPoint.lnk = ?
O8 - Extra context menu item: &Download by Orbit - res://C:\Program Files\Orbitdownloader\orbitmxt.dll/201
O8 - Extra context menu item: &Grab video by Orbit - res://C:\Program Files\Orbitdownloader\orbitmxt.dll/204
O8 - Extra context menu item: Do&wnload selected by Orbit - res://C:\Program Files\Orbitdownloader\orbitmxt.dll/203
O8 - Extra context menu item: Down&load all by Orbit - res://C:\Program Files\Orbitdownloader\orbitmxt.dll/202
O8 - Extra context menu item: Lataa FlashGetillä - C:\Program Files\FlashGet\jc_link.htm
O8 - Extra context menu item: Lataa kaikki FlashGetillä - C:\Program Files\FlashGet\jc_all.htm
O8 - Extra context menu item: V&ie Microsoft Exceliin - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: Lähetä OneNoteen - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: Läh&etä OneNoteen - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\flashget.exe (file missing)
O9 - Extra 'Tools' menuitem: &FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\flashget.exe (file missing)
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O11 - Options group: [INTERNATIONAL] International*
O14 - IERESET.INF: START_PAGE_URL=file://C:\APPS\IE\offline\fin.htm
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab31267.cab
O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Mes...nt.cab31267.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Mes...nt.cab31267.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://messenger.zone.msn.com/binary/ZIntro.cab53083.cab
O16 - DPF: {CD995117-98E5-4169-9920-6C12D4C0B548} (HGPlugin9USA Class) - http://gamedownload.ijjimax.com/gamedown...GPlugin9USA.cab
O16 - DPF: {D1E7CBDA-E60E-4970-A01C-37301EF7BF98} (Measurement Services Client v.3.11) - http://gameadvisor.futuremark.com/global/msc311.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{4A916D6D-55F7-4F22-AF53-F46CB7522975}: NameServer = 143.166.82.252
O17 - HKLM\System\CCS\Services\Tcpip\..\{50D0E0B9-218B-4EFA-A131-6E6B79354BED}: NameServer = 143.166.82.252
O17 - HKLM\System\CCS\Services\Tcpip\..\{DCD548C5-1EDB-4AEE-B53B-AD8DBDE5F678}: NameServer = 143.166.82.252
O17 - HKLM\System\CCS\Services\Tcpip\..\{DE738E05-0F03-494F-9A55-B36CF80991ED}: NameServer = 143.166.82.252
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~2\Office12\GR99D3~1.DLL
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Filter hijack: text/xml - {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL
O20 - Winlogon Notify: OPXPGina - C:\Apps\Softex\OmniPass\opxpgina.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Automattinen LiveUpdate-ajastustoiminto - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: CyberLink Background Capture Service (CBCS) (CLCapSvc) - Unknown owner - c:\APPS\Powercinema\Kernel\TV\CLCapSvc.exe
O23 - Service: CyberLink Task Scheduler (CTS) (CLSched) - Unknown owner - c:\APPS\Powercinema\Kernel\TV\CLSched.exe
O23 - Service: CyberLink Media Library Service - Cyberlink - c:\APPS\Powercinema\Kernel\CLML_NTService\CLMLServer.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: LicCtrl Service (LicCtrlService) - Unknown owner - C:\WINDOWS\runservice.exe (file missing)
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Softex OmniPass Service (omniserv) - Softex Inc. - C:\Apps\Softex\OmniPass\Omniserv.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: SF FrontLine Drivers Auto Removal (v1) (sfrem01) - Protection Technology (StarForce) - C:\WINDOWS\system32\sfrem01.exe
O23 - Service: Sygate Personal Firewall (SmcService) - Sygate Technologies, Inc. - C:\Program Files\Sygate\SPF\smc.exe
O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
O23 - Service: USBDeviceService - Unknown owner - C:\Program Files\Sonic\DigitalMedia LE v7\MyDVD LE\USBDeviceService.exe
O23 - Service: SecuROM User Access Service (V7) (UserAccess7) - Unknown owner - C:\WINDOWS\system32\UAService7.exe (file missing)
==========
EDIT: Voisitkohan auttaa toisessakin ongelmassa. Alkoi ihmetyttään kun aluksi tuo AVG Anti-Spyware ei suostunut päivittymään ohjelman kautta, joten piti hakea ne päivitykset netistä ja nyt tuo Avira Antivirkään ei ala latamaan niitä. Se vaan yrittää connectaa ja jonkin ajan päästä lopettaa kun ei saa yhteyttä. MSN Messenger on myös tehnyt lakon ja kun menen messengerin kautta vianmääritykseen se valittaa tällaista:
Korjaa-napin painaminenkaan ei auta asiassa.
EDIT2:Ja mitäs palomuuria suosittelisit? Mulla on tällä hetkellä tuo Sygate Personal Firewall, mutta kannattaako sitä käyttää jos sitä ei kerran päivitetä enään?
Ei se aina lähe, ei ees joka kerta.
Viestiä on muokattu lähettämisen jälkeen. Viimeisin muokkaus 26. toukokuuta 2007 @ 07:38
|
|
Auttaja
Suspended permanently
|
26. toukokuuta 2007 @ 13:49 |
Linkki tähän viestiin
|
EDIT2:Ja mitäs palomuuria suosittelisit? Mulla on tällä hetkellä tuo Sygate Personal Firewall, mutta kannattaako sitä käyttää jos sitä ei kerran päivitetä enään?
=======
Tarvitseeko tuohon siis lisenssin? Jos sinulta on siinä mielessä aika loppu kannattaa vaihtaa ilmaseen kuten ZoneAlarm ja se Antivirus ohelma olisi todella hyvä asentaa koneelle
=====
Lataa Killbox Option^Explicitiltä.
Huomaa: Jos sinulla on jo Killbox, tämä on uusi versio joka sinun tulee asentaa. Poista aikaisempi.
[*]Tallenna työpöydällesi.
[*] Tupla-klikkaa Killbox.exe ajaaksesi ohjelman.
[*] Valitse: [*]Delete on Reboot[*] sitten klikkaa All Files valintaa.
[*]Kopioi ja liitä alapuolella olevat tiedostopolut leikepöydälle mustaamalla KAIKKI ne ja painamalla CTRL + C (tai, mustaamisen jälkeen, oikea klikki hiirellä ja valitse kopioi):
C:\WINDOWS\system32\alt.exe
[*] Palaa Killboxiin, mene File valikkoon, ja valitse Paste from Clipboard.
[*]Klikkaa puna-valkoista Delete File valintaa. Klikkaa Yes "Delete on Reboot" pyyntöön. Klikkaa OK mihin vain PendingFileRenameOperations pyyntöön (ja anna fixaajan tietää jos jokin tälläinen tulee!).
Käynnistä koneesi itse jos se ei sitä automaattisesti tee
Jos saat tälläisen viestin: "Component 'MsComCtl.ocx' or one of its dependencies not correctly registered: a file is missing or invalid." Kun yrität ajaa KillBoxia, klikkaa tätä ladataksesi ja ajaaksesi Missingfilessetup.exe;n. Sitten koita KillBoxia uudestaan.
=======
Poista nämä kansiot
C:\QooBox\Quarantine
C:\VundoFix Backups
'
=====0
Voihan tietysti olla että palomuurin asetukset estää noita yhdistämästä
=======
Tai sitten joku rootkit
Lataa GMER ja tallenna se työpöydällesi:
[*]Pura se työpöydälle ja tuplaklikkaa tiedostoa GMER.exe
[*]Klikkaa rootkit-välilehteä ja sitten klikkaa scan.
[*]Älä rastita "Show All" boksia skannauksen aikana!
[*]Kun skannaus on valmis, klikkaa Copy.
[*]Tämä kopioi lokin leikepöydälle (voit tallentaa lokin varmuuden vuoksi tekstitiedostoon).
[*]Liitä loki sitten viestiketjuusi.
Jos toi on liian iso tiedosto niin uppaa jonnekin kuten esim www.tallenna.com tai rapidshare
Laita myös uusi HJTlogi
|
Member
|
26. toukokuuta 2007 @ 16:25 |
Linkki tähän viestiin
|
Ei se aina lähe, ei ees joka kerta.
|
Member
|
26. toukokuuta 2007 @ 16:31 |
Linkki tähän viestiin
|
GMER 1.0.12.12244 - http://www.gmer.net
Rootkit scan 2007-05-26 20:06:23
Windows 5.1.2600 Service Pack 2
---- System - GMER 1.0.12 ----
SSDT \??\C:\WINDOWS\system32\drivers\wpsdrvnt.sys ZwAllocateVirtualMemory
SSDT a347bus.sys ZwClose
SSDT a347bus.sys ZwCreateKey
SSDT a347bus.sys ZwCreatePagingFile
SSDT \??\C:\WINDOWS\system32\drivers\wpsdrvnt.sys ZwCreateThread
SSDT a347bus.sys ZwEnumerateKey
SSDT a347bus.sys ZwEnumerateValueKey
SSDT \??\C:\WINDOWS\system32\drivers\wpsdrvnt.sys ZwMapViewOfSection
SSDT a347bus.sys ZwOpenFile
SSDT a347bus.sys ZwOpenKey
SSDT \??\C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.sys ZwOpenProcess
SSDT \??\C:\WINDOWS\system32\drivers\wpsdrvnt.sys ZwProtectVirtualMemory
SSDT a347bus.sys ZwQueryKey
SSDT a347bus.sys ZwQueryValueKey
SSDT a347bus.sys ZwSetSystemPowerState
SSDT sptd.sys ZwSetValueKey
SSDT \??\C:\WINDOWS\system32\drivers\wpsdrvnt.sys ZwShutdownSystem
SSDT \??\C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.sys ZwTerminateProcess
SSDT \??\C:\WINDOWS\system32\drivers\wpsdrvnt.sys ZwWriteVirtualMemory
---- Kernel code sections - GMER 1.0.12 ----
? C:\WINDOWS\system32\drivers\sptd.sys Prosessi ei voi käyttää tiedostoa, koska se on toisen prosessin käytössä.
? C:\WINDOWS\System32\Drivers\SPTD9885.SYS Prosessi ei voi käyttää tiedostoa, koska se on toisen prosessin käytössä.
? C:\WINDOWS\System32\Drivers\dtscsi.sys Prosessi ei voi käyttää tiedostoa, koska se on toisen prosessin käytössä.
? C:\WINDOWS\system32\DRIVERS\update.sys
.text tcpip.sys!IPTransmit + 10BC F3EF2CFA 6 Bytes CALL F71E8E50 Teefer.sys
.text tcpip.sys!IPTransmit + 2810 F3EF444E 6 Bytes CALL F71E8E50 Teefer.sys
.text tcpip.sys!ARPRcv + 506D F3EF94E0 6 Bytes CALL F71E8E50 Teefer.sys
.text wanarp.sys F6B5B3FD 7 Bytes CALL F71E8FA0 Teefer.sys
---- User code sections - GMER 1.0.12 ----
.text C:\WINDOWS\explorer.exe[2380] kernel32.dll!CreateFileW 7C810760 5 Bytes JMP 029F4780 C:\Apps\Softex\OmniPass\opfolderext.dll
.text C:\WINDOWS\explorer.exe[2380] kernel32.dll!DeleteFileW 7C831F31 5 Bytes JMP 029F4DF0 C:\Apps\Softex\OmniPass\opfolderext.dll
---- Devices - GMER 1.0.12 ----
Device \FileSystem\Ntfs \Ntfs IRP_MJ_CREATE 83985C78
Device \FileSystem\Ntfs \Ntfs IRP_MJ_CLOSE 83985C78
Device \FileSystem\Ntfs \Ntfs IRP_MJ_READ 83985C78
Device \FileSystem\Ntfs \Ntfs IRP_MJ_WRITE 83985C78
Device \FileSystem\Ntfs \Ntfs IRP_MJ_QUERY_INFORMATION 83985C78
Device \FileSystem\Ntfs \Ntfs IRP_MJ_SET_INFORMATION 83985C78
Device \FileSystem\Ntfs \Ntfs IRP_MJ_QUERY_EA 83985C78
Device \FileSystem\Ntfs \Ntfs IRP_MJ_SET_EA 83985C78
Device \FileSystem\Ntfs \Ntfs IRP_MJ_FLUSH_BUFFERS 83985C78
Device \FileSystem\Ntfs \Ntfs IRP_MJ_QUERY_VOLUME_INFORMATION 83985C78
Device \FileSystem\Ntfs \Ntfs IRP_MJ_SET_VOLUME_INFORMATION 83985C78
Device \FileSystem\Ntfs \Ntfs IRP_MJ_DIRECTORY_CONTROL 83985C78
Device \FileSystem\Ntfs \Ntfs IRP_MJ_FILE_SYSTEM_CONTROL 83985C78
Device \FileSystem\Ntfs \Ntfs IRP_MJ_DEVICE_CONTROL 83985C78
Device \FileSystem\Ntfs \Ntfs IRP_MJ_SHUTDOWN 83985C78
Device \FileSystem\Ntfs \Ntfs IRP_MJ_LOCK_CONTROL 83985C78
Device \FileSystem\Ntfs \Ntfs IRP_MJ_CLEANUP 83985C78
Device \FileSystem\Ntfs \Ntfs IRP_MJ_QUERY_SECURITY 83985C78
Device \FileSystem\Ntfs \Ntfs IRP_MJ_SET_SECURITY 83985C78
Device \FileSystem\Ntfs \Ntfs IRP_MJ_QUERY_QUOTA 83985C78
Device \FileSystem\Ntfs \Ntfs IRP_MJ_SET_QUOTA 83985C78
Device \FileSystem\Ntfs \Ntfs IRP_MJ_PNP 83985C78
Device \Driver\Tcpip \Device\Ip IRP_MJ_CREATE [F6B67220] wpsdrvnt.sys
Device \Driver\Tcpip \Device\Ip IRP_MJ_CLOSE [F6B67480] wpsdrvnt.sys
Device \Driver\Tcpip \Device\Ip IRP_MJ_DEVICE_CONTROL [F6B675A0] wpsdrvnt.sys
Device \Driver\Tcpip \Device\Ip IRP_MJ_INTERNAL_DEVICE_CONTROL [F6B675D0] wpsdrvnt.sys
Device \Driver\Tcpip \Device\Tcp IRP_MJ_CREATE [F6B67220] wpsdrvnt.sys
Device \Driver\Tcpip \Device\Tcp IRP_MJ_CLOSE [F6B67480] wpsdrvnt.sys
Device \Driver\Tcpip \Device\Tcp IRP_MJ_DEVICE_CONTROL [F6B675A0] wpsdrvnt.sys
Device \Driver\Tcpip \Device\Tcp IRP_MJ_INTERNAL_DEVICE_CONTROL [F6B675D0] wpsdrvnt.sys
Device \Driver\Ftdisk \Device\HarddiskVolume1 IRP_MJ_CREATE 839880E8
Device \Driver\Ftdisk \Device\HarddiskVolume1 IRP_MJ_READ 839880E8
Device \Driver\Ftdisk \Device\HarddiskVolume1 IRP_MJ_WRITE 839880E8
Device \Driver\Ftdisk \Device\HarddiskVolume1 IRP_MJ_FLUSH_BUFFERS 839880E8
Device \Driver\Ftdisk \Device\HarddiskVolume1 IRP_MJ_DEVICE_CONTROL 839880E8
Device \Driver\Ftdisk \Device\HarddiskVolume1 IRP_MJ_INTERNAL_DEVICE_CONTROL 839880E8
Device \Driver\Ftdisk \Device\HarddiskVolume1 IRP_MJ_SHUTDOWN 839880E8
Device \Driver\Ftdisk \Device\HarddiskVolume1 IRP_MJ_CLEANUP 839880E8
Device \Driver\Ftdisk \Device\HarddiskVolume1 IRP_MJ_POWER 839880E8
Device \Driver\Ftdisk \Device\HarddiskVolume1 IRP_MJ_SYSTEM_CONTROL 839880E8
Device \Driver\Ftdisk \Device\HarddiskVolume1 IRP_MJ_PNP 839880E8
Device \Driver\Ftdisk \Device\HarddiskVolume2 IRP_MJ_CREATE 839880E8
Device \Driver\Ftdisk \Device\HarddiskVolume2 IRP_MJ_READ 839880E8
Device \Driver\Ftdisk \Device\HarddiskVolume2 IRP_MJ_WRITE 839880E8
Device \Driver\Ftdisk \Device\HarddiskVolume2 IRP_MJ_FLUSH_BUFFERS 839880E8
Device \Driver\Ftdisk \Device\HarddiskVolume2 IRP_MJ_DEVICE_CONTROL 839880E8
Device \Driver\Ftdisk \Device\HarddiskVolume2 IRP_MJ_INTERNAL_DEVICE_CONTROL 839880E8
Device \Driver\Ftdisk \Device\HarddiskVolume2 IRP_MJ_SHUTDOWN 839880E8
Device \Driver\Ftdisk \Device\HarddiskVolume2 IRP_MJ_CLEANUP 839880E8
Device \Driver\Ftdisk \Device\HarddiskVolume2 IRP_MJ_POWER 839880E8
Device \Driver\Ftdisk \Device\HarddiskVolume2 IRP_MJ_SYSTEM_CONTROL 839880E8
Device \Driver\Ftdisk \Device\HarddiskVolume2 IRP_MJ_PNP 839880E8
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_CREATE 82DCF1C8
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_CREATE_NAMED_PIPE 82DCF1C8
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_CLOSE 82DCF1C8
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_READ 82DCF1C8
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_WRITE 82DCF1C8
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_QUERY_INFORMATION 82DCF1C8
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_SET_INFORMATION 82DCF1C8
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_QUERY_EA 82DCF1C8
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_SET_EA 82DCF1C8
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_FLUSH_BUFFERS 82DCF1C8
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_QUERY_VOLUME_INFORMATION 82DCF1C8
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_SET_VOLUME_INFORMATION 82DCF1C8
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_DIRECTORY_CONTROL 82DCF1C8
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_FILE_SYSTEM_CONTROL 82DCF1C8
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_DEVICE_CONTROL 82DCF1C8
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_INTERNAL_DEVICE_CONTROL 82DCF1C8
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_SHUTDOWN 82DCF1C8
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_LOCK_CONTROL 82DCF1C8
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_CLEANUP 82DCF1C8
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_CREATE_MAILSLOT 82DCF1C8
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_QUERY_SECURITY 82DCF1C8
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_SET_SECURITY 82DCF1C8
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_POWER 82DCF1C8
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_SYSTEM_CONTROL 82DCF1C8
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_DEVICE_CHANGE 82DCF1C8
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_QUERY_QUOTA 82DCF1C8
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_SET_QUOTA 82DCF1C8
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_PNP 82DCF1C8
Device \Driver\USBSTOR \Device\000000b0 IRP_MJ_CREATE 824DF7F8
Device \Driver\USBSTOR \Device\000000b0 IRP_MJ_CLOSE 824DF7F8
Device \Driver\USBSTOR \Device\000000b0 IRP_MJ_READ 824DF7F8
Device \Driver\USBSTOR \Device\000000b0 IRP_MJ_WRITE 824DF7F8
Device \Driver\USBSTOR \Device\000000b0 IRP_MJ_DEVICE_CONTROL 824DF7F8
Device \Driver\USBSTOR \Device\000000b0 IRP_MJ_INTERNAL_DEVICE_CONTROL [F76318B4] sfsync02.sys
Device \Driver\USBSTOR \Device\000000b0 IRP_MJ_POWER 824DF7F8
Device \Driver\USBSTOR \Device\000000b0 IRP_MJ_SYSTEM_CONTROL 824DF7F8
Device \Driver\USBSTOR \Device\000000b0 IRP_MJ_PNP 824DF7F8
Device \FileSystem\Rdbss \Device\FsWrap IRP_MJ_CREATE 824F07F8
Device \FileSystem\Rdbss \Device\FsWrap IRP_MJ_CREATE_NAMED_PIPE 824F07F8
Device \FileSystem\Rdbss \Device\FsWrap IRP_MJ_CLOSE 824F07F8
Device \FileSystem\Rdbss \Device\FsWrap IRP_MJ_READ 8283A650
Device \FileSystem\Rdbss \Device\FsWrap IRP_MJ_WRITE 824F07F8
Device \FileSystem\Rdbss \Device\FsWrap IRP_MJ_QUERY_INFORMATION 824F07F8
Device \FileSystem\Rdbss \Device\FsWrap IRP_MJ_SET_INFORMATION 824F07F8
Device \FileSystem\Rdbss \Device\FsWrap IRP_MJ_QUERY_EA 824F07F8
Device \FileSystem\Rdbss \Device\FsWrap IRP_MJ_SET_EA 824F07F8
Device \FileSystem\Rdbss \Device\FsWrap IRP_MJ_FLUSH_BUFFERS 824F07F8
Device \FileSystem\Rdbss \Device\FsWrap IRP_MJ_QUERY_VOLUME_INFORMATION 824F07F8
Device \FileSystem\Rdbss \Device\FsWrap IRP_MJ_SET_VOLUME_INFORMATION 824F07F8
Device \FileSystem\Rdbss \Device\FsWrap IRP_MJ_DIRECTORY_CONTROL 824F07F8
Device \FileSystem\Rdbss \Device\FsWrap IRP_MJ_FILE_SYSTEM_CONTROL 824F07F8
Device \FileSystem\Rdbss \Device\FsWrap IRP_MJ_DEVICE_CONTROL 824F07F8
Device \FileSystem\Rdbss \Device\FsWrap IRP_MJ_INTERNAL_DEVICE_CONTROL 824F07F8
Device \FileSystem\Rdbss \Device\FsWrap IRP_MJ_SHUTDOWN 824F07F8
Device \FileSystem\Rdbss \Device\FsWrap IRP_MJ_LOCK_CONTROL 824F07F8
Device \FileSystem\Rdbss \Device\FsWrap IRP_MJ_CLEANUP 824F07F8
Device \FileSystem\Rdbss \Device\FsWrap IRP_MJ_CREATE_MAILSLOT 824F07F8
Device \FileSystem\Rdbss \Device\FsWrap IRP_MJ_QUERY_SECURITY 824F07F8
Device \FileSystem\Rdbss \Device\FsWrap IRP_MJ_SET_SECURITY 824F07F8
Device \FileSystem\Rdbss \Device\FsWrap IRP_MJ_POWER 824F07F8
Device \FileSystem\Rdbss \Device\FsWrap IRP_MJ_SYSTEM_CONTROL 824F07F8
Device \FileSystem\Rdbss \Device\FsWrap IRP_MJ_DEVICE_CHANGE 824F07F8
Device \FileSystem\Rdbss \Device\FsWrap IRP_MJ_QUERY_QUOTA 824F07F8
Device \FileSystem\Rdbss \Device\FsWrap IRP_MJ_SET_QUOTA 824F07F8
Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_CREATE 82DCF1C8
Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_CREATE_NAMED_PIPE 82DCF1C8
Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_CLOSE 82DCF1C8
Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_READ 82DCF1C8
Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_WRITE 82DCF1C8
Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_QUERY_INFORMATION 82DCF1C8
Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_SET_INFORMATION 82DCF1C8
Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_QUERY_EA 82DCF1C8
Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_SET_EA 82DCF1C8
Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_FLUSH_BUFFERS 82DCF1C8
Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_QUERY_VOLUME_INFORMATION 82DCF1C8
Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_SET_VOLUME_INFORMATION 82DCF1C8
Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_DIRECTORY_CONTROL 82DCF1C8
Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_FILE_SYSTEM_CONTROL 82DCF1C8
Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_DEVICE_CONTROL 82DCF1C8
Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_INTERNAL_DEVICE_CONTROL 82DCF1C8
Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_SHUTDOWN 82DCF1C8
Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_LOCK_CONTROL 82DCF1C8
Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_CLEANUP 82DCF1C8
Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_CREATE_MAILSLOT 82DCF1C8
Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_QUERY_SECURITY 82DCF1C8
Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_SET_SECURITY 82DCF1C8
Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_POWER 82DCF1C8
Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_SYSTEM_CONTROL 82DCF1C8
Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_DEVICE_CHANGE 82DCF1C8
Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_QUERY_QUOTA 82DCF1C8
Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_SET_QUOTA 82DCF1C8
Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_PNP 82DCF1C8
Device \Driver\Ftdisk \Device\HarddiskVolume3 IRP_MJ_CREATE 839880E8
Device \Driver\Ftdisk \Device\HarddiskVolume3 IRP_MJ_READ 839880E8
Device \Driver\Ftdisk \Device\HarddiskVolume3 IRP_MJ_WRITE 839880E8
Device \Driver\Ftdisk \Device\HarddiskVolume3 IRP_MJ_FLUSH_BUFFERS 839880E8
Device \Driver\Ftdisk \Device\HarddiskVolume3 IRP_MJ_DEVICE_CONTROL 839880E8
Device \Driver\Ftdisk \Device\HarddiskVolume3 IRP_MJ_INTERNAL_DEVICE_CONTROL 839880E8
Device \Driver\Ftdisk \Device\HarddiskVolume3 IRP_MJ_SHUTDOWN 839880E8
Device \Driver\Ftdisk \Device\HarddiskVolume3 IRP_MJ_CLEANUP 839880E8
Device \Driver\Ftdisk \Device\HarddiskVolume3 IRP_MJ_POWER 839880E8
Device \Driver\Ftdisk \Device\HarddiskVolume3 IRP_MJ_SYSTEM_CONTROL 839880E8
Device \Driver\Ftdisk \Device\HarddiskVolume3 IRP_MJ_PNP 839880E8
Device \Driver\atapi \Device\Ide\IdePort0 IRP_MJ_CREATE 82DD77A0
Device \Driver\atapi \Device\Ide\IdePort0 IRP_MJ_CREATE_NAMED_PIPE 82DD77A0
Device \Driver\atapi \Device\Ide\IdePort0 IRP_MJ_CLOSE 82DD77A0
Device \Driver\atapi \Device\Ide\IdePort0 IRP_MJ_READ 82DD77A0
Device \Driver\atapi \Device\Ide\IdePort0 IRP_MJ_WRITE 82DD77A0
Device \Driver\atapi \Device\Ide\IdePort0 IRP_MJ_QUERY_INFORMATION 82DD77A0
Device \Driver\atapi \Device\Ide\IdePort0 IRP_MJ_SET_INFORMATION 82DD77A0
Device \Driver\atapi \Device\Ide\IdePort0 IRP_MJ_QUERY_EA 82DD77A0
Device \Driver\atapi \Device\Ide\IdePort0 IRP_MJ_SET_EA 82DD77A0
Device \Driver\atapi \Device\Ide\IdePort0 IRP_MJ_FLUSH_BUFFERS 82DD77A0
Device \Driver\atapi \Device\Ide\IdePort0 IRP_MJ_QUERY_VOLUME_INFORMATION 82DD77A0
Device \Driver\atapi \Device\Ide\IdePort0 IRP_MJ_SET_VOLUME_INFORMATION 82DD77A0
Device \Driver\atapi \Device\Ide\IdePort0 IRP_MJ_DIRECTORY_CONTROL 82DD77A0
Device \Driver\atapi \Device\Ide\IdePort0 IRP_MJ_FILE_SYSTEM_CONTROL 82DD77A0
Device \Driver\atapi \Device\Ide\IdePort0 IRP_MJ_DEVICE_CONTROL 82DD77A0
Device \Driver\atapi \Device\Ide\IdePort0 IRP_MJ_INTERNAL_DEVICE_CONTROL 82DD77A0
Device \Driver\atapi \Device\Ide\IdePort0 IRP_MJ_SHUTDOWN 82DD77A0
Device \Driver\atapi \Device\Ide\IdePort0 IRP_MJ_LOCK_CONTROL 82DD77A0
Device \Driver\atapi \Device\Ide\IdePort0 IRP_MJ_CLEANUP 82DD77A0
Device \Driver\atapi \Device\Ide\IdePort0 IRP_MJ_CREATE_MAILSLOT 82DD77A0
Device \Driver\atapi \Device\Ide\IdePort0 IRP_MJ_QUERY_SECURITY 82DD77A0
Device \Driver\atapi \Device\Ide\IdePort0 IRP_MJ_SET_SECURITY 82DD77A0
Device \Driver\atapi \Device\Ide\IdePort0 IRP_MJ_POWER 82DD77A0
Device \Driver\atapi \Device\Ide\IdePort0 IRP_MJ_SYSTEM_CONTROL 82DD77A0
Device \Driver\atapi \Device\Ide\IdePort0 IRP_MJ_DEVICE_CHANGE 82DD77A0
Device \Driver\atapi \Device\Ide\IdePort0 IRP_MJ_QUERY_QUOTA 82DD77A0
Device \Driver\atapi \Device\Ide\IdePort0 IRP_MJ_SET_QUOTA 82DD77A0
Device \Driver\atapi \Device\Ide\IdePort0 IRP_MJ_PNP 82DD77A0
Device \Driver\atapi \Device\Ide\IdePort1 IRP_MJ_CREATE 82DD77A0
Device \Driver\atapi \Device\Ide\IdePort1 IRP_MJ_CREATE_NAMED_PIPE 82DD77A0
Device \Driver\atapi \Device\Ide\IdePort1 IRP_MJ_CLOSE 82DD77A0
Device \Driver\atapi \Device\Ide\IdePort1 IRP_MJ_READ 82DD77A0
Device \Driver\atapi \Device\Ide\IdePort1 IRP_MJ_WRITE 82DD77A0
Device \Driver\atapi \Device\Ide\IdePort1 IRP_MJ_QUERY_INFORMATION 82DD77A0
Device \Driver\atapi \Device\Ide\IdePort1 IRP_MJ_SET_INFORMATION 82DD77A0
Device \Driver\atapi \Device\Ide\IdePort1 IRP_MJ_QUERY_EA 82DD77A0
Device \Driver\atapi \Device\Ide\IdePort1 IRP_MJ_SET_EA 82DD77A0
Device \Driver\atapi \Device\Ide\IdePort1 IRP_MJ_FLUSH_BUFFERS 82DD77A0
Device \Driver\atapi \Device\Ide\IdePort1 IRP_MJ_QUERY_VOLUME_INFORMATION 82DD77A0
Device \Driver\atapi \Device\Ide\IdePort1 IRP_MJ_SET_VOLUME_INFORMATION 82DD77A0
Device \Driver\atapi \Device\Ide\IdePort1 IRP_MJ_DIRECTORY_CONTROL 82DD77A0
Device \Driver\atapi \Device\Ide\IdePort1 IRP_MJ_FILE_SYSTEM_CONTROL 82DD77A0
Device \Driver\atapi \Device\Ide\IdePort1 IRP_MJ_DEVICE_CONTROL 82DD77A0
Device \Driver\atapi \Device\Ide\IdePort1 IRP_MJ_INTERNAL_DEVICE_CONTROL 82DD77A0
Device \Driver\atapi \Device\Ide\IdePort1 IRP_MJ_SHUTDOWN 82DD77A0
Device \Driver\atapi \Device\Ide\IdePort1 IRP_MJ_LOCK_CONTROL 82DD77A0
Device \Driver\atapi \Device\Ide\IdePort1 IRP_MJ_CLEANUP 82DD77A0
Device \Driver\atapi \Device\Ide\IdePort1 IRP_MJ_CREATE_MAILSLOT 82DD77A0
Device \Driver\atapi \Device\Ide\IdePort1 IRP_MJ_QUERY_SECURITY 82DD77A0
Device \Driver\atapi \Device\Ide\IdePort1 IRP_MJ_SET_SECURITY 82DD77A0
Device \Driver\atapi \Device\Ide\IdePort1 IRP_MJ_POWER 82DD77A0
Device \Driver\atapi \Device\Ide\IdePort1 IRP_MJ_SYSTEM_CONTROL 82DD77A0
Device \Driver\atapi \Device\Ide\IdePort1 IRP_MJ_DEVICE_CHANGE 82DD77A0
Device \Driver\atapi \Device\Ide\IdePort1 IRP_MJ_QUERY_QUOTA 82DD77A0
Device \Driver\atapi \Device\Ide\IdePort1 IRP_MJ_SET_QUOTA 82DD77A0
Device \Driver\atapi \Device\Ide\IdePort1 IRP_MJ_PNP 82DD77A0
Device \Driver\atapi \Device\Ide\IdeDeviceP1T0L0-5 IRP_MJ_CREATE 82DD77A0
Device \Driver\atapi \Device\Ide\IdeDeviceP1T0L0-5 IRP_MJ_CREATE_NAMED_PIPE 82DD77A0
Device \Driver\atapi \Device\Ide\IdeDeviceP1T0L0-5 IRP_MJ_CLOSE 82DD77A0
Device \Driver\atapi \Device\Ide\IdeDeviceP1T0L0-5 IRP_MJ_READ 82DD77A0
Device \Driver\atapi \Device\Ide\IdeDeviceP1T0L0-5 IRP_MJ_WRITE 82DD77A0
Device \Driver\atapi \Device\Ide\IdeDeviceP1T0L0-5 IRP_MJ_QUERY_INFORMATION 82DD77A0
Device \Driver\atapi \Device\Ide\IdeDeviceP1T0L0-5 IRP_MJ_SET_INFORMATION 82DD77A0
Device \Driver\atapi \Device\Ide\IdeDeviceP1T0L0-5 IRP_MJ_QUERY_EA 82DD77A0
Device \Driver\atapi \Device\Ide\IdeDeviceP1T0L0-5 IRP_MJ_SET_EA 82DD77A0
Device \Driver\atapi \Device\Ide\IdeDeviceP1T0L0-5 IRP_MJ_FLUSH_BUFFERS 82DD77A0
Device \Driver\atapi \Device\Ide\IdeDeviceP1T0L0-5 IRP_MJ_QUERY_VOLUME_INFORMATION 82DD77A0
Device \Driver\atapi \Device\Ide\IdeDeviceP1T0L0-5 IRP_MJ_SET_VOLUME_INFORMATION 82DD77A0
Device \Driver\atapi \Device\Ide\IdeDeviceP1T0L0-5 IRP_MJ_DIRECTORY_CONTROL 82DD77A0
Device \Driver\atapi \Device\Ide\IdeDeviceP1T0L0-5 IRP_MJ_FILE_SYSTEM_CONTROL 82DD77A0
Device \Driver\atapi \Device\Ide\IdeDeviceP1T0L0-5 IRP_MJ_DEVICE_CONTROL 82DD77A0
Device \Driver\atapi \Device\Ide\IdeDeviceP1T0L0-5 IRP_MJ_INTERNAL_DEVICE_CONTROL 82DD77A0
Device \Driver\atapi \Device\Ide\IdeDeviceP1T0L0-5 IRP_MJ_SHUTDOWN 82DD77A0
Device \Driver\atapi \Device\Ide\IdeDeviceP1T0L0-5 IRP_MJ_LOCK_CONTROL 82DD77A0
Device \Driver\atapi \Device\Ide\IdeDeviceP1T0L0-5 IRP_MJ_CLEANUP 82DD77A0
Device \Driver\atapi \Device\Ide\IdeDeviceP1T0L0-5 IRP_MJ_CREATE_MAILSLOT 82DD77A0
Device \Driver\atapi \Device\Ide\IdeDeviceP1T0L0-5 IRP_MJ_QUERY_SECURITY 82DD77A0
Device \Driver\atapi \Device\Ide\IdeDeviceP1T0L0-5 IRP_MJ_SET_SECURITY 82DD77A0
Device \Driver\atapi \Device\Ide\IdeDeviceP1T0L0-5 IRP_MJ_POWER 82DD77A0
Device \Driver\atapi \Device\Ide\IdeDeviceP1T0L0-5 IRP_MJ_SYSTEM_CONTROL 82DD77A0
Device \Driver\atapi \Device\Ide\IdeDeviceP1T0L0-5 IRP_MJ_DEVICE_CHANGE 82DD77A0
Device \Driver\atapi \Device\Ide\IdeDeviceP1T0L0-5 IRP_MJ_QUERY_QUOTA 82DD77A0
Device \Driver\atapi \Device\Ide\IdeDeviceP1T0L0-5 IRP_MJ_SET_QUOTA 82DD77A0
Device \Driver\atapi \Device\Ide\IdeDeviceP1T0L0-5 IRP_MJ_PNP 82DD77A0
Device \Driver\USBSTOR \Device\000000b1 IRP_MJ_CREATE 824DF7F8
Device \Driver\USBSTOR \Device\000000b1 IRP_MJ_CLOSE 824DF7F8
Device \Driver\USBSTOR \Device\000000b1 IRP_MJ_READ 824DF7F8
Device \Driver\USBSTOR \Device\000000b1 IRP_MJ_WRITE 824DF7F8
Device \Driver\USBSTOR \Device\000000b1 IRP_MJ_DEVICE_CONTROL 824DF7F8
Device \Driver\USBSTOR \Device\000000b1 IRP_MJ_INTERNAL_DEVICE_CONTROL [F76318B4] sfsync02.sys
Device \Driver\USBSTOR \Device\000000b1 IRP_MJ_POWER 824DF7F8
Device \Driver\USBSTOR \Device\000000b1 IRP_MJ_SYSTEM_CONTROL 824DF7F8
Device \Driver\USBSTOR \Device\000000b1 IRP_MJ_PNP 824DF7F8
Device \Driver\nvata \Device\000000a5 IRP_MJ_CREATE 839CE4D0
Device \Driver\nvata \Device\000000a5 IRP_MJ_CREATE_NAMED_PIPE 839CE4D0
Device \Driver\nvata \Device\000000a5 IRP_MJ_CLOSE 839CE4D0
Device \Driver\nvata \Device\000000a5 IRP_MJ_READ 839CE4D0
Device \Driver\nvata \Device\000000a5 IRP_MJ_WRITE 839CE4D0
Device \Driver\nvata \Device\000000a5 IRP_MJ_QUERY_INFORMATION 839CE4D0
Device \Driver\nvata \Device\000000a5 IRP_MJ_SET_INFORMATION 839CE4D0
Device \Driver\nvata \Device\000000a5 IRP_MJ_QUERY_EA 839CE4D0
Device \Driver\nvata \Device\000000a5 IRP_MJ_SET_EA 839CE4D0
Device \Driver\nvata \Device\000000a5 IRP_MJ_FLUSH_BUFFERS 839CE4D0
Device \Driver\nvata \Device\000000a5 IRP_MJ_QUERY_VOLUME_INFORMATION 839CE4D0
Device \Driver\nvata \Device\000000a5 IRP_MJ_SET_VOLUME_INFORMATION 839CE4D0
Device \Driver\nvata \Device\000000a5 IRP_MJ_DIRECTORY_CONTROL 839CE4D0
Device \Driver\nvata \Device\000000a5 IRP_MJ_FILE_SYSTEM_CONTROL 839CE4D0
Device \Driver\nvata \Device\000000a5 IRP_MJ_DEVICE_CONTROL 839CE4D0
Device \Driver\nvata \Device\000000a5 IRP_MJ_INTERNAL_DEVICE_CONTROL [F76318B4] sfsync02.sys
Device \Driver\nvata \Device\000000a5 IRP_MJ_SHUTDOWN 839CE4D0
Device \Driver\nvata \Device\000000a5 IRP_MJ_LOCK_CONTROL 839CE4D0
Device \Driver\nvata \Device\000000a5 IRP_MJ_CLEANUP 839CE4D0
Device \Driver\nvata \Device\000000a5 IRP_MJ_CREATE_MAILSLOT 839CE4D0
Device \Driver\nvata \Device\000000a5 IRP_MJ_QUERY_SECURITY 839CE4D0
Device \Driver\nvata \Device\000000a5 IRP_MJ_SET_SECURITY 839CE4D0
Device \Driver\nvata \Device\000000a5 IRP_MJ_POWER 839CE4D0
Device \Driver\nvata \Device\000000a5 IRP_MJ_SYSTEM_CONTROL 839CE4D0
Device \Driver\nvata \Device\000000a5 IRP_MJ_DEVICE_CHANGE 839CE4D0
Device \Driver\nvata \Device\000000a5 IRP_MJ_QUERY_QUOTA 839CE4D0
Device \Driver\nvata \Device\000000a5 IRP_MJ_SET_QUOTA 839CE4D0
Device \Driver\nvata \Device\000000a5 IRP_MJ_PNP 839CE4D0
Device \Driver\NetBT \Device\NetBt_Wins_Export IRP_MJ_CREATE 8295D7E0
Device \Driver\NetBT \Device\NetBt_Wins_Export IRP_MJ_CLOSE 8295D7E0
Device \Driver\NetBT \Device\NetBt_Wins_Export IRP_MJ_DEVICE_CONTROL 8295D7E0
Device \Driver\NetBT \Device\NetBt_Wins_Export IRP_MJ_INTERNAL_DEVICE_CONTROL 8295D7E0
Device \Driver\NetBT \Device\NetBt_Wins_Export IRP_MJ_CLEANUP 8295D7E0
Device \Driver\NetBT \Device\NetBt_Wins_Export IRP_MJ_PNP 8295D7E0
Device \Driver\00000049 \Device\00000083 IRP_MJ_POWER [F744AF68] sptd.sys
Device \Driver\00000049 \Device\00000083 IRP_MJ_SYSTEM_CONTROL [F745FA70] sptd.sys
Device \Driver\00000049 \Device\00000083 IRP_MJ_PNP [F7458728] sptd.sys
Device \Driver\NetBT \Device\NetbiosSmb IRP_MJ_CREATE 8295D7E0
Device \Driver\NetBT \Device\NetbiosSmb IRP_MJ_CLOSE 8295D7E0
Device \Driver\NetBT \Device\NetbiosSmb IRP_MJ_DEVICE_CONTROL 8295D7E0
Device \Driver\NetBT \Device\NetbiosSmb IRP_MJ_INTERNAL_DEVICE_CONTROL 8295D7E0
Device \Driver\NetBT \Device\NetbiosSmb IRP_MJ_CLEANUP 8295D7E0
Device \Driver\NetBT \Device\NetbiosSmb IRP_MJ_PNP 8295D7E0
Device \FileSystem\Srv \Device\LanmanServer IRP_MJ_READ 820DA2C8
Device \Driver\Tcpip \Device\Udp IRP_MJ_CREATE [F6B67220] wpsdrvnt.sys
Device \Driver\Tcpip \Device\Udp IRP_MJ_CLOSE [F6B67480] wpsdrvnt.sys
Device \Driver\Tcpip \Device\Udp IRP_MJ_DEVICE_CONTROL [F6B675A0] wpsdrvnt.sys
Device \Driver\Tcpip \Device\Udp IRP_MJ_INTERNAL_DEVICE_CONTROL [F6B675D0] wpsdrvnt.sys
Device \Driver\NetBT \Device\NetBT_Tcpip_{DE738E05-0F03-494F-9A55-B36CF80991ED} IRP_MJ_CREATE 8295D7E0
Device \Driver\NetBT \Device\NetBT_Tcpip_{DE738E05-0F03-494F-9A55-B36CF80991ED} IRP_MJ_CLOSE 8295D7E0
Device \Driver\NetBT \Device\NetBT_Tcpip_{DE738E05-0F03-494F-9A55-B36CF80991ED} IRP_MJ_DEVICE_CONTROL 8295D7E0
Device \Driver\NetBT \Device\NetBT_Tcpip_{DE738E05-0F03-494F-9A55-B36CF80991ED} IRP_MJ_INTERNAL_DEVICE_CONTROL 8295D7E0
Device \Driver\NetBT \Device\NetBT_Tcpip_{DE738E05-0F03-494F-9A55-B36CF80991ED} IRP_MJ_CLEANUP 8295D7E0
Device \Driver\NetBT \Device\NetBT_Tcpip_{DE738E05-0F03-494F-9A55-B36CF80991ED} IRP_MJ_PNP 8295D7E0
Device \Driver\Disk \Device\Harddisk0\DR0 IRP_MJ_CREATE 83985EB0
Device \Driver\Disk \Device\Harddisk0\DR0 IRP_MJ_CLOSE 83985EB0
Device \Driver\Disk \Device\Harddisk0\DR0 IRP_MJ_READ 83985EB0
Device \Driver\Disk \Device\Harddisk0\DR0 IRP_MJ_WRITE 83985EB0
Device \Driver\Disk \Device\Harddisk0\DR0 IRP_MJ_FLUSH_BUFFERS 83985EB0
Device \Driver\Disk \Device\Harddisk0\DR0 IRP_MJ_DEVICE_CONTROL 83985EB0
Device \Driver\Disk \Device\Harddisk0\DR0 IRP_MJ_INTERNAL_DEVICE_CONTROL 83985EB0
Device \Driver\Disk \Device\Harddisk0\DR0 IRP_MJ_SHUTDOWN 83985EB0
Device \Driver\Disk \Device\Harddisk0\DR0 IRP_MJ_POWER 83985EB0
Device \Driver\Disk \Device\Harddisk0\DR0 IRP_MJ_SYSTEM_CONTROL 83985EB0
Device \Driver\Disk \Device\Harddisk0\DR0 IRP_MJ_PNP 83985EB0
Device \Driver\Tcpip \Device\RawIp IRP_MJ_CREATE [F6B67220] wpsdrvnt.sys
Device \Driver\Tcpip \Device\RawIp IRP_MJ_CLOSE [F6B67480] wpsdrvnt.sys
Device \Driver\Tcpip \Device\RawIp IRP_MJ_DEVICE_CONTROL [F6B675A0] wpsdrvnt.sys
Device \Driver\Tcpip \Device\RawIp IRP_MJ_INTERNAL_DEVICE_CONTROL [F6B675D0] wpsdrvnt.sys
Device \Driver\Disk \Device\Harddisk1\DR4 IRP_MJ_CREATE 83985EB0
Device \Driver\Disk \Device\Harddisk1\DR4 IRP_MJ_CLOSE 83985EB0
Device \Driver\Disk \Device\Harddisk1\DR4 IRP_MJ_READ 83985EB0
Device \Driver\Disk \Device\Harddisk1\DR4 IRP_MJ_WRITE 83985EB0
Device \Driver\Disk \Device\Harddisk1\DR4 IRP_MJ_FLUSH_BUFFERS 83985EB0
Device \Driver\Disk \Device\Harddisk1\DR4 IRP_MJ_DEVICE_CONTROL 83985EB0
Device \Driver\Disk \Device\Harddisk1\DR4 IRP_MJ_INTERNAL_DEVICE_CONTROL 83985EB0
Device \Driver\Disk \Device\Harddisk1\DR4 IRP_MJ_SHUTDOWN 83985EB0
Device \Driver\Disk \Device\Harddisk1\DR4 IRP_MJ_POWER 83985EB0
Device \Driver\Disk \Device\Harddisk1\DR4 IRP_MJ_SYSTEM_CONTROL 83985EB0
Device \Driver\Disk \Device\Harddisk1\DR4 IRP_MJ_PNP 83985EB0
Device \Driver\Disk \Device\Harddisk1\DP(1)0-0+8 IRP_MJ_CREATE 83985EB0
Device \Driver\Disk \Device\Harddisk1\DP(1)0-0+8 IRP_MJ_CLOSE 83985EB0
Device \Driver\Disk \Device\Harddisk1\DP(1)0-0+8 IRP_MJ_READ 83985EB0
Device \Driver\Disk \Device\Harddisk1\DP(1)0-0+8 IRP_MJ_WRITE 83985EB0
Device \Driver\Disk \Device\Harddisk1\DP(1)0-0+8 IRP_MJ_FLUSH_BUFFERS 83985EB0
Device \Driver\Disk \Device\Harddisk1\DP(1)0-0+8 IRP_MJ_DEVICE_CONTROL 83985EB0
Device \Driver\Disk \Device\Harddisk1\DP(1)0-0+8 IRP_MJ_INTERNAL_DEVICE_CONTROL 83985EB0
Device \Driver\Disk \Device\Harddisk1\DP(1)0-0+8 IRP_MJ_SHUTDOWN 83985EB0
Device \Driver\Disk \Device\Harddisk1\DP(1)0-0+8 IRP_MJ_POWER 83985EB0
Device \Driver\Disk \Device\Harddisk1\DP(1)0-0+8 IRP_MJ_SYSTEM_CONTROL 83985EB0
Device \Driver\Disk \Device\Harddisk1\DP(1)0-0+8 IRP_MJ_PNP 83985EB0
Device \Driver\Disk \Device\Harddisk2\DR5 IRP_MJ_CREATE 83985EB0
Device \Driver\Disk \Device\Harddisk2\DR5 IRP_MJ_CLOSE 83985EB0
Device \Driver\Disk \Device\Harddisk2\DR5 IRP_MJ_READ 83985EB0
Device \Driver\Disk \Device\Harddisk2\DR5 IRP_MJ_WRITE 83985EB0
Device \Driver\Disk \Device\Harddisk2\DR5 IRP_MJ_FLUSH_BUFFERS 83985EB0
Device \Driver\Disk \Device\Harddisk2\DR5 IRP_MJ_DEVICE_CONTROL 83985EB0
Device \Driver\Disk \Device\Harddisk2\DR5 IRP_MJ_INTERNAL_DEVICE_CONTROL 83985EB0
Device \Driver\Disk \Device\Harddisk2\DR5 IRP_MJ_SHUTDOWN 83985EB0
Device \Driver\Disk \Device\Harddisk2\DR5 IRP_MJ_POWER 83985EB0
Device \Driver\Disk \Device\Harddisk2\DR5 IRP_MJ_SYSTEM_CONTROL 83985EB0
Device \Driver\Disk \Device\Harddisk2\DR5 IRP_MJ_PNP 83985EB0
Device \Driver\Disk \Device\Harddisk2\DP(1)0-0+9 IRP_MJ_CREATE 83985EB0
Device \Driver\Disk \Device\Harddisk2\DP(1)0-0+9 IRP_MJ_CLOSE 83985EB0
Device \Driver\Disk \Device\Harddisk2\DP(1)0-0+9 IRP_MJ_READ 83985EB0
Device \Driver\Disk \Device\Harddisk2\DP(1)0-0+9 IRP_MJ_WRITE 83985EB0
Device \Driver\Disk \Device\Harddisk2\DP(1)0-0+9 IRP_MJ_FLUSH_BUFFERS 83985EB0
Device \Driver\Disk \Device\Harddisk2\DP(1)0-0+9 IRP_MJ_DEVICE_CONTROL 83985EB0
Device \Driver\Disk \Device\Harddisk2\DP(1)0-0+9 IRP_MJ_INTERNAL_DEVICE_CONTROL 83985EB0
Device \Driver\Disk \Device\Harddisk2\DP(1)0-0+9 IRP_MJ_SHUTDOWN 83985EB0
Device \Driver\Disk \Device\Harddisk2\DP(1)0-0+9 IRP_MJ_POWER 83985EB0
Device \Driver\Disk \Device\Harddisk2\DP(1)0-0+9 IRP_MJ_SYSTEM_CONTROL 83985EB0
Device \Driver\Disk \Device\Harddisk2\DP(1)0-0+9 IRP_MJ_PNP 83985EB0
Device \Driver\Disk \Device\Harddisk3\DP(1)0-0+a IRP_MJ_CREATE 83985EB0
Device \Driver\Disk \Device\Harddisk3\DP(1)0-0+a IRP_MJ_CLOSE 83985EB0
Device \Driver\Disk \Device\Harddisk3\DP(1)0-0+a IRP_MJ_READ 83985EB0
Device \Driver\Disk \Device\Harddisk3\DP(1)0-0+a IRP_MJ_WRITE 83985EB0
Device \Driver\Disk \Device\Harddisk3\DP(1)0-0+a IRP_MJ_FLUSH_BUFFERS 83985EB0
Device \Driver\Disk \Device\Harddisk3\DP(1)0-0+a IRP_MJ_DEVICE_CONTROL 83985EB0
Device \Driver\Disk \Device\Harddisk3\DP(1)0-0+a IRP_MJ_INTERNAL_DEVICE_CONTROL 83985EB0
Device \Driver\Disk \Device\Harddisk3\DP(1)0-0+a IRP_MJ_SHUTDOWN 83985EB0
Device \Driver\Disk \Device\Harddisk3\DP(1)0-0+a IRP_MJ_POWER 83985EB0
Device \Driver\Disk \Device\Harddisk3\DP(1)0-0+a IRP_MJ_SYSTEM_CONTROL 83985EB0
Device \Driver\Disk \Device\Harddisk3\DP(1)0-0+a IRP_MJ_PNP 83985EB0
Device \Driver\Disk \Device\Harddisk3\DR6 IRP_MJ_CREATE 83985EB0
Device \Driver\Disk \Device\Harddisk3\DR6 IRP_MJ_CLOSE 83985EB0
Device \Driver\Disk \Device\Harddisk3\DR6 IRP_MJ_READ 83985EB0
Device \Driver\Disk \Device\Harddisk3\DR6 IRP_MJ_WRITE 83985EB0
Device \Driver\Disk \Device\Harddisk3\DR6 IRP_MJ_FLUSH_BUFFERS 83985EB0
Device \Driver\Disk \Device\Harddisk3\DR6 IRP_MJ_DEVICE_CONTROL 83985EB0
Device \Driver\Disk \Device\Harddisk3\DR6 IRP_MJ_INTERNAL_DEVICE_CONTROL 83985EB0
Device \Driver\Disk \Device\Harddisk3\DR6 IRP_MJ_SHUTDOWN 83985EB0
Device \Driver\Disk \Device\Harddisk3\DR6 IRP_MJ_POWER 83985EB0
Device \Driver\Disk \Device\Harddisk3\DR6 IRP_MJ_SYSTEM_CONTROL 83985EB0
Device \Driver\Disk \Device\Harddisk3\DR6 IRP_MJ_PNP 83985EB0
Device \Driver\nvata \Device\NvAta0 IRP_MJ_CREATE 839CE4D0
Device \Driver\nvata \Device\NvAta0 IRP_MJ_CREATE_NAMED_PIPE 839CE4D0
Device \Driver\nvata \Device\NvAta0 IRP_MJ_CLOSE 839CE4D0
Device \Driver\nvata \Device\NvAta0 IRP_MJ_READ 839CE4D0
Device \Driver\nvata \Device\NvAta0 IRP_MJ_WRITE 839CE4D0
Device \Driver\nvata \Device\NvAta0 IRP_MJ_QUERY_INFORMATION 839CE4D0
Device \Driver\nvata \Device\NvAta0 IRP_MJ_SET_INFORMATION 839CE4D0
Device \Driver\nvata \Device\NvAta0 IRP_MJ_QUERY_EA 839CE4D0
Device \Driver\nvata \Device\NvAta0 IRP_MJ_SET_EA 839CE4D0
Device \Driver\nvata \Device\NvAta0 IRP_MJ_FLUSH_BUFFERS 839CE4D0
Device \Driver\nvata \Device\NvAta0 IRP_MJ_QUERY_VOLUME_INFORMATION 839CE4D0
Device \Driver\nvata \Device\NvAta0 IRP_MJ_SET_VOLUME_INFORMATION 839CE4D0
Device \Driver\nvata \Device\NvAta0 IRP_MJ_DIRECTORY_CONTROL 839CE4D0
Device \Driver\nvata \Device\NvAta0 IRP_MJ_FILE_SYSTEM_CONTROL 839CE4D0
Device \Driver\nvata \Device\NvAta0 IRP_MJ_DEVICE_CONTROL 839CE4D0
Device \Driver\nvata \Device\NvAta0 IRP_MJ_INTERNAL_DEVICE_CONTROL [F76318B4] sfsync02.sys
Device \Driver\nvata \Device\NvAta0 IRP_MJ_SHUTDOWN 839CE4D0
Device \Driver\nvata \Device\NvAta0 IRP_MJ_LOCK_CONTROL 839CE4D0
Device \Driver\nvata \Device\NvAta0 IRP_MJ_CLEANUP 839CE4D0
Device \Driver\nvata \Device\NvAta0 IRP_MJ_CREATE_MAILSLOT 839CE4D0
Device \Driver\nvata \Device\NvAta0 IRP_MJ_QUERY_SECURITY 839CE4D0
Device \Driver\nvata \Device\NvAta0 IRP_MJ_SET_SECURITY 839CE4D0
Device \Driver\nvata \Device\NvAta0 IRP_MJ_POWER 839CE4D0
Device \Driver\nvata \Device\NvAta0 IRP_MJ_SYSTEM_CONTROL 839CE4D0
Device \Driver\nvata \Device\NvAta0 IRP_MJ_DEVICE_CHANGE 839CE4D0
Device \Driver\nvata \Device\NvAta0 IRP_MJ_QUERY_QUOTA 839CE4D0
Device \Driver\nvata \Device\NvAta0 IRP_MJ_SET_QUOTA 839CE4D0
Device \Driver\nvata \Device\NvAta0 IRP_MJ_PNP 839CE4D0
Device \Driver\Disk \Device\Harddisk4\DP(1)0-0+b IRP_MJ_CREATE 83985EB0
Device \Driver\Disk \Device\Harddisk4\DP(1)0-0+b IRP_MJ_CLOSE 83985EB0
Device \Driver\Disk \Device\Harddisk4\DP(1)0-0+b IRP_MJ_READ 83985EB0
Device \Driver\Disk \Device\Harddisk4\DP(1)0-0+b IRP_MJ_WRITE 83985EB0
Device \Driver\Disk \Device\Harddisk4\DP(1)0-0+b IRP_MJ_FLUSH_BUFFERS 83985EB0
Device \Driver\Disk \Device\Harddisk4\DP(1)0-0+b IRP_MJ_DEVICE_CONTROL 83985EB0
Device \Driver\Disk \Device\Harddisk4\DP(1)0-0+b IRP_MJ_INTERNAL_DEVICE_CONTROL 83985EB0
Device \Driver\Disk \Device\Harddisk4\DP(1)0-0+b IRP_MJ_SHUTDOWN 83985EB0
Device \Driver\Disk \Device\Harddisk4\DP(1)0-0+b IRP_MJ_POWER 83985EB0
Device \Driver\Disk \Device\Harddisk4\DP(1)0-0+b IRP_MJ_SYSTEM_CONTROL 83985EB0
Device \Driver\Disk \Device\Harddisk4\DP(1)0-0+b IRP_MJ_PNP 83985EB0
Device \Driver\Disk \Device\Harddisk4\DR7 IRP_MJ_CREATE 83985EB0
Device \Driver\Disk \Device\Harddisk4\DR7 IRP_MJ_CLOSE 83985EB0
Device \Driver\Disk \Device\Harddisk4\DR7 IRP_MJ_READ 83985EB0
Device \Driver\Disk \Device\Harddisk4\DR7 IRP_MJ_WRITE 83985EB0
Device \Driver\Disk \Device\Harddisk4\DR7 IRP_MJ_FLUSH_BUFFERS 83985EB0
Device \Driver\Disk \Device\Harddisk4\DR7 IRP_MJ_DEVICE_CONTROL 83985EB0
Device \Driver\Disk \Device\Harddisk4\DR7 IRP_MJ_INTERNAL_DEVICE_CONTROL 83985EB0
Device \Driver\Disk \Device\Harddisk4\DR7 IRP_MJ_SHUTDOWN 83985EB0
Device \Driver\Disk \Device\Harddisk4\DR7 IRP_MJ_POWER 83985EB0
Device \Driver\Disk \Device\Harddisk4\DR7 IRP_MJ_SYSTEM_CONTROL 83985EB0
Device \Driver\Disk \Device\Harddisk4\DR7 IRP_MJ_PNP 83985EB0
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_CREATE 824D77F8
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_CREATE_NAMED_PIPE 824D77F8
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_CLOSE 824D77F8
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_READ 829677C8
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_WRITE 824D77F8
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_QUERY_INFORMATION 824D77F8
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_SET_INFORMATION 824D77F8
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_QUERY_EA 824D77F8
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_SET_EA 824D77F8
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_FLUSH_BUFFERS 824D77F8
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_QUERY_VOLUME_INFORMATION 824D77F8
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_SET_VOLUME_INFORMATION 824D77F8
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_DIRECTORY_CONTROL 824D77F8
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_FILE_SYSTEM_CONTROL 824D77F8
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_DEVICE_CONTROL 824D77F8
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_INTERNAL_DEVICE_CONTROL 824D77F8
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_SHUTDOWN 824D77F8
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_LOCK_CONTROL 824D77F8
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_CLEANUP 824D77F8
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_CREATE_MAILSLOT 824D77F8
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_QUERY_SECURITY 824D77F8
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_SET_SECURITY 824D77F8
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_POWER 824D77F8
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_SYSTEM_CONTROL 824D77F8
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_DEVICE_CHANGE 824D77F8
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_QUERY_QUOTA 824D77F8
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_SET_QUOTA 824D77F8
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_PNP 824D77F8
Device \Driver\USBSTOR \Device\000000ad IRP_MJ_CREATE 824DF7F8
Device \Driver\USBSTOR \Device\000000ad IRP_MJ_CLOSE 824DF7F8
Device \Driver\USBSTOR \Device\000000ad IRP_MJ_READ 824DF7F8
Device \Driver\USBSTOR \Device\000000ad IRP_MJ_WRITE 824DF7F8
Device \Driver\USBSTOR \Device\000000ad IRP_MJ_DEVICE_CONTROL 824DF7F8
Device \Driver\USBSTOR \Device\000000ad IRP_MJ_INTERNAL_DEVICE_CONTROL [F76318B4] sfsync02.sys
Device \Driver\USBSTOR \Device\000000ad IRP_MJ_POWER 824DF7F8
Device \Driver\USBSTOR \Device\000000ad IRP_MJ_SYSTEM_CONTROL 824DF7F8
Device \Driver\USBSTOR \Device\000000ad IRP_MJ_PNP 824DF7F8
Device \Driver\Tcpip \Device\IPMULTICAST IRP_MJ_CREATE [F6B67220] wpsdrvnt.sys
Device \Driver\Tcpip \Device\IPMULTICAST IRP_MJ_CLOSE [F6B67480] wpsdrvnt.sys
Device \Driver\Tcpip \Device\IPMULTICAST IRP_MJ_DEVICE_CONTROL [F6B675A0] wpsdrvnt.sys
Device \Driver\Tcpip \Device\IPMULTICAST IRP_MJ_INTERNAL_DEVICE_CONTROL [F6B675D0] wpsdrvnt.sys
Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_CREATE 824D77F8
Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_CREATE_NAMED_PIPE 824D77F8
Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_CLOSE 824D77F8
Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_READ 829677C8
Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_WRITE 824D77F8
Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_QUERY_INFORMATION 824D77F8
Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_SET_INFORMATION 824D77F8
Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_QUERY_EA 824D77F8
Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_SET_EA 824D77F8
Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_FLUSH_BUFFERS 824D77F8
Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_QUERY_VOLUME_INFORMATION 824D77F8
Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_SET_VOLUME_INFORMATION 824D77F8
Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_DIRECTORY_CONTROL 824D77F8
Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_FILE_SYSTEM_CONTROL 824D77F8
Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_DEVICE_CONTROL 824D77F8
Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_INTERNAL_DEVICE_CONTROL 824D77F8
Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_SHUTDOWN 824D77F8
Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_LOCK_CONTROL 824D77F8
Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_CLEANUP 824D77F8
Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_CREATE_MAILSLOT 824D77F8
Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_QUERY_SECURITY 824D77F8
Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_SET_SECURITY 824D77F8
Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_POWER 824D77F8
Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_SYSTEM_CONTROL 824D77F8
Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_DEVICE_CHANGE 824D77F8
Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_QUERY_QUOTA 824D77F8
Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_SET_QUOTA 824D77F8
Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_PNP 824D77F8
Device \Driver\USBSTOR \Device\000000ae IRP_MJ_CREATE 824DF7F8
Device \Driver\USBSTOR \Device\000000ae IRP_MJ_CLOSE 824DF7F8
Device \Driver\USBSTOR \Device\000000ae IRP_MJ_READ 824DF7F8
Device \Driver\USBSTOR \Device\000000ae IRP_MJ_WRITE 824DF7F8
Device \Driver\USBSTOR \Device\000000ae IRP_MJ_DEVICE_CONTROL 824DF7F8
Device \Driver\USBSTOR \Device\000000ae IRP_MJ_INTERNAL_DEVICE_CONTROL [F76318B4] sfsync02.sys
Device \Driver\USBSTOR \Device\000000ae IRP_MJ_POWER 824DF7F8
Device \Driver\USBSTOR \Device\000000ae IRP_MJ_SYSTEM_CONTROL 824DF7F8
Device \Driver\USBSTOR \Device\000000ae IRP_MJ_PNP 824DF7F8
Device \FileSystem\Npfs \Device\NamedPipe IRP_MJ_CREATE 829837E0
Device \FileSystem\Npfs \Device\NamedPipe IRP_MJ_CREATE_NAMED_PIPE 829837E0
Device \FileSystem\Npfs \Device\NamedPipe IRP_MJ_CLOSE 829837E0
Device \FileSystem\Npfs \Device\NamedPipe IRP_MJ_READ 82A0A788
Device \FileSystem\Npfs \Device\NamedPipe IRP_MJ_WRITE 829837E0
Device \FileSystem\Npfs \Device\NamedPipe IRP_MJ_QUERY_INFORMATION 829837E0
Device \FileSystem\Npfs \Device\NamedPipe IRP_MJ_SET_INFORMATION 829837E0
Device \FileSystem\Npfs \Device\NamedPipe IRP_MJ_FLUSH_BUFFERS 829837E0
Device \FileSystem\Npfs \Device\NamedPipe IRP_MJ_QUERY_VOLUME_INFORMATION 829837E0
Device \FileSystem\Npfs \Device\NamedPipe IRP_MJ_DIRECTORY_CONTROL 829837E0
Device \FileSystem\Npfs \Device\NamedPipe IRP_MJ_FILE_SYSTEM_CONTROL 829837E0
Device \FileSystem\Npfs \Device\NamedPipe IRP_MJ_CLEANUP 829837E0
Device \FileSystem\Npfs \Device\NamedPipe IRP_MJ_QUERY_SECURITY 829837E0
Device \FileSystem\Npfs \Device\NamedPipe IRP_MJ_SET_SECURITY 829837E0
Device \Driver\USBSTOR \Device\000000af IRP_MJ_CREATE 824DF7F8
Device \Driver\USBSTOR \Device\000000af IRP_MJ_CLOSE 824DF7F8
Device \Driver\USBSTOR \Device\000000af IRP_MJ_READ 824DF7F8
Device \Driver\USBSTOR \Device\000000af IRP_MJ_WRITE 824DF7F8
Device \Driver\USBSTOR \Device\000000af IRP_MJ_DEVICE_CONTROL 824DF7F8
Device \Driver\USBSTOR \Device\000000af IRP_MJ_INTERNAL_DEVICE_CONTROL [F76318B4] sfsync02.sys
Device \Driver\USBSTOR \Device\000000af IRP_MJ_POWER 824DF7F8
Device \Driver\USBSTOR \Device\000000af IRP_MJ_SYSTEM_CONTROL 824DF7F8
Device \Driver\USBSTOR \Device\000000af IRP_MJ_PNP 824DF7F8
Device \Driver\Ftdisk \Device\FtControl IRP_MJ_CREATE 839880E8
Device \Driver\Ftdisk \Device\FtControl IRP_MJ_READ 839880E8
Device \Driver\Ftdisk \Device\FtControl IRP_MJ_WRITE 839880E8
Device \Driver\Ftdisk \Device\FtControl IRP_MJ_FLUSH_BUFFERS 839880E8
Device \Driver\Ftdisk \Device\FtControl IRP_MJ_DEVICE_CONTROL 839880E8
Device \Driver\Ftdisk \Device\FtControl IRP_MJ_INTERNAL_DEVICE_CONTROL 839880E8
Device \Driver\Ftdisk \Device\FtControl IRP_MJ_SHUTDOWN 839880E8
Device \Driver\Ftdisk \Device\FtControl IRP_MJ_CLEANUP 839880E8
Device \Driver\Ftdisk \Device\FtControl IRP_MJ_POWER 839880E8
Device \Driver\Ftdisk \Device\FtControl IRP_MJ_SYSTEM_CONTROL 839880E8
Device \Driver\Ftdisk \Device\FtControl IRP_MJ_PNP 839880E8
Device \FileSystem\Msfs \Device\Mailslot IRP_MJ_CREATE 82D765C0
Device \FileSystem\Msfs \Device\Mailslot IRP_MJ_CLOSE 82D765C0
Device \FileSystem\Msfs \Device\Mailslot IRP_MJ_READ 829717C0
Device \FileSystem\Msfs \Device\Mailslot IRP_MJ_WRITE 82D765C0
Device \FileSystem\Msfs \Device\Mailslot IRP_MJ_QUERY_INFORMATION 82D765C0
Device \FileSystem\Msfs \Device\Mailslot IRP_MJ_SET_INFORMATION 82D765C0
Device \FileSystem\Msfs \Device\Mailslot IRP_MJ_QUERY_VOLUME_INFORMATION 82D765C0
Device \FileSystem\Msfs \Device\Mailslot IRP_MJ_DIRECTORY_CONTROL 82D765C0
Device \FileSystem\Msfs \Device\Mailslot IRP_MJ_FILE_SYSTEM_CONTROL 82D765C0
Device \FileSystem\Msfs \Device\Mailslot IRP_MJ_CLEANUP 82D765C0
Device \FileSystem\Msfs \Device\Mailslot IRP_MJ_CREATE_MAILSLOT 82D765C0
Device \FileSystem\Msfs \Device\Mailslot IRP_MJ_QUERY_SECURITY 82D765C0
Device \FileSystem\Msfs \Device\Mailslot IRP_MJ_SET_SECURITY 82D765C0
Device \Driver\a347scsi \Device\Scsi\a347scsi1Port4Path0Target0Lun0 IRP_MJ_CREATE 827C4720
Device \Driver\a347scsi \Device\Scsi\a347scsi1Port4Path0Target0Lun0 IRP_MJ_CREATE_NAMED_PIPE 827C4720
Device \Driver\a347scsi \Device\Scsi\a347scsi1Port4Path0Target0Lun0 IRP_MJ_CLOSE 827C4720
Device \Driver\a347scsi \Device\Scsi\a347scsi1Port4Path0Target0Lun0 IRP_MJ_READ 827C4720
Device \Driver\a347scsi \Device\Scsi\a347scsi1Port4Path0Target0Lun0 IRP_MJ_WRITE 827C4720
Device \Driver\a347scsi \Device\Scsi\a347scsi1Port4Path0Target0Lun0 IRP_MJ_QUERY_INFORMATION 827C4720
Device \Driver\a347scsi \Device\Scsi\a347scsi1Port4Path0Target0Lun0 IRP_MJ_SET_INFORMATION 827C4720
Device \Driver\a347scsi \Device\Scsi\a347scsi1Port4Path0Target0Lun0 IRP_MJ_QUERY_EA 827C4720
Device \Driver\a347scsi \Device\Scsi\a347scsi1Port4Path0Target0Lun0 IRP_MJ_SET_EA 827C4720
Device \Driver\a347scsi \Device\Scsi\a347scsi1Port4Path0Target0Lun0 IRP_MJ_FLUSH_BUFFERS 827C4720
Device \Driver\a347scsi \Device\Scsi\a347scsi1Port4Path0Target0Lun0 IRP_MJ_QUERY_VOLUME_INFORMATION 827C4720
Device \Driver\a347scsi \Device\Scsi\a347scsi1Port4Path0Target0Lun0 IRP_MJ_SET_VOLUME_INFORMATION 827C4720
Device \Driver\a347scsi \Device\Scsi\a347scsi1Port4Path0Target0Lun0 IRP_MJ_DIRECTORY_CONTROL 827C4720
Device \Driver\a347scsi \Device\Scsi\a347scsi1Port4Path0Target0Lun0 IRP_MJ_FILE_SYSTEM_CONTROL 827C4720
Device \Driver\a347scsi \Device\Scsi\a347scsi1Port4Path0Target0Lun0 IRP_MJ_DEVICE_CONTROL 827C4720
Device \Driver\a347scsi \Device\Scsi\a347scsi1Port4Path0Target0Lun0 IRP_MJ_INTERNAL_DEVICE_CONTROL 827C4720
Device \Driver\a347scsi \Device\Scsi\a347scsi1Port4Path0Target0Lun0 IRP_MJ_SHUTDOWN 827C4720
Device \Driver\a347scsi \Device\Scsi\a347scsi1Port4Path0Target0Lun0 IRP_MJ_LOCK_CONTROL 827C4720
Device \Driver\a347scsi \Device\Scsi\a347scsi1Port4Path0Target0Lun0 IRP_MJ_CLEANUP 827C4720
Device \Driver\a347scsi \Device\Scsi\a347scsi1Port4Path0Target0Lun0 IRP_MJ_CREATE_MAILSLOT 827C4720
Device \Driver\a347scsi \Device\Scsi\a347scsi1Port4Path0Target0Lun0 IRP_MJ_QUERY_SECURITY 827C4720
Device \Driver\a347scsi \Device\Scsi\a347scsi1Port4Path0Target0Lun0 IRP_MJ_SET_SECURITY 827C4720
Device \Driver\a347scsi \Device\Scsi\a347scsi1Port4Path0Target0Lun0 IRP_MJ_POWER 827C4720
Device \Driver\a347scsi \Device\Scsi\a347scsi1Port4Path0Target0Lun0 IRP_MJ_SYSTEM_CONTROL 827C4720
Device \Driver\a347scsi \Device\Scsi\a347scsi1Port4Path0Target0Lun0 IRP_MJ_DEVICE_CHANGE 827C4720
Device \Driver\a347scsi \Device\Scsi\a347scsi1Port4Path0Target0Lun0 IRP_MJ_QUERY_QUOTA 827C4720
Device \Driver\a347scsi \Device\Scsi\a347scsi1Port4Path0Target0Lun0 IRP_MJ_SET_QUOTA 827C4720
Device \Driver\a347scsi \Device\Scsi\a347scsi1Port4Path0Target0Lun0 IRP_MJ_PNP 827C4720
Device \Driver\a347scsi \Device\Scsi\a347scsi1 IRP_MJ_CREATE 827C4720
Device \Driver\a347scsi \Device\Scsi\a347scsi1 IRP_MJ_CREATE_NAMED_PIPE 827C4720
Device \Driver\a347scsi \Device\Scsi\a347scsi1 IRP_MJ_CLOSE 827C4720
Device \Driver\a347scsi \Device\Scsi\a347scsi1 IRP_MJ_READ 827C4720
Device \Driver\a347scsi \Device\Scsi\a347scsi1 IRP_MJ_WRITE 827C4720
Device \Driver\a347scsi \Device\Scsi\a347scsi1 IRP_MJ_QUERY_INFORMATION 827C4720
Device \Driver\a347scsi \Device\Scsi\a347scsi1 IRP_MJ_SET_INFORMATION 827C4720
Device \Driver\a347scsi \Device\Scsi\a347scsi1 IRP_MJ_QUERY_EA 827C4720
Device \Driver\a347scsi \Device\Scsi\a347scsi1 IRP_MJ_SET_EA 827C4720
Device \Driver\a347scsi \Device\Scsi\a347scsi1 IRP_MJ_FLUSH_BUFFERS 827C4720
Device \Driver\a347scsi \Device\Scsi\a347scsi1 IRP_MJ_QUERY_VOLUME_INFORMATION 827C4720
Device \Driver\a347scsi \Device\Scsi\a347scsi1 IRP_MJ_SET_VOLUME_INFORMATION 827C4720
Device \Driver\a347scsi \Device\Scsi\a347scsi1 IRP_MJ_DIRECTORY_CONTROL 827C4720
Device \Driver\a347scsi \Device\Scsi\a347scsi1 IRP_MJ_FILE_SYSTEM_CONTROL 827C4720
Device \Driver\a347scsi \Device\Scsi\a347scsi1 IRP_MJ_DEVICE_CONTROL 827C4720
Device \Driver\a347scsi \Device\Scsi\a347scsi1 IRP_MJ_INTERNAL_DEVICE_CONTROL 827C4720
Device \Driver\a347scsi \Device\Scsi\a347scsi1 IRP_MJ_SHUTDOWN 827C4720
Device \Driver\a347scsi \Device\Scsi\a347scsi1 IRP_MJ_LOCK_CONTROL 827C4720
Device \Driver\a347scsi \Device\Scsi\a347scsi1 IRP_MJ_CLEANUP 827C4720
Device \Driver\a347scsi \Device\Scsi\a347scsi1 IRP_MJ_CREATE_MAILSLOT 827C4720
Device \Driver\a347scsi \Device\Scsi\a347scsi1 IRP_MJ_QUERY_SECURITY 827C4720
Device \Driver\a347scsi \Device\Scsi\a347scsi1 IRP_MJ_SET_SECURITY 827C4720
Device \Driver\a347scsi \Device\Scsi\a347scsi1 IRP_MJ_POWER 827C4720
Device \Driver\a347scsi \Device\Scsi\a347scsi1 IRP_MJ_SYSTEM_CONTROL 827C4720
Device \Driver\a347scsi \Device\Scsi\a347scsi1 IRP_MJ_DEVICE_CHANGE 827C4720
Device \Driver\a347scsi \Device\Scsi\a347scsi1 IRP_MJ_QUERY_QUOTA 827C4720
Device \Driver\a347scsi \Device\Scsi\a347scsi1 IRP_MJ_SET_QUOTA 827C4720
Device \Driver\a347scsi \Device\Scsi\a347scsi1 IRP_MJ_PNP 827C4720
Device \Driver\dtscsi \Device\Scsi\dtscsi1 IRP_MJ_CREATE 839260E8
Device \Driver\dtscsi \Device\Scsi\dtscsi1 IRP_MJ_CLOSE 839260E8
Device \Driver\dtscsi \Device\Scsi\dtscsi1 IRP_MJ_DEVICE_CONTROL 839260E8
Device \Driver\dtscsi \Device\Scsi\dtscsi1 IRP_MJ_INTERNAL_DEVICE_CONTROL 839260E8
Device \Driver\dtscsi \Device\Scsi\dtscsi1 IRP_MJ_POWER 839260E8
Device \Driver\dtscsi \Device\Scsi\dtscsi1 IRP_MJ_SYSTEM_CONTROL 839260E8
Device \Driver\dtscsi \Device\Scsi\dtscsi1 IRP_MJ_PNP 839260E8
Device \FileSystem\Fastfat \Fat IRP_MJ_CREATE 82831898
Device \FileSystem\Fastfat \Fat IRP_MJ_CLOSE 82831898
Device \FileSystem\Fastfat \Fat IRP_MJ_READ 821BB5D0
Device \FileSystem\Fastfat \Fat IRP_MJ_WRITE 82831898
Device \FileSystem\Fastfat \Fat IRP_MJ_QUERY_INFORMATION 82831898
Device \FileSystem\Fastfat \Fat IRP_MJ_SET_INFORMATION 82831898
Device \FileSystem\Fastfat \Fat IRP_MJ_QUERY_EA 82831898
Device \FileSystem\Fastfat \Fat IRP_MJ_SET_EA 82831898
Device \FileSystem\Fastfat \Fat IRP_MJ_FLUSH_BUFFERS 82831898
Device \FileSystem\Fastfat \Fat IRP_MJ_QUERY_VOLUME_INFORMATION 82831898
Device \FileSystem\Fastfat \Fat IRP_MJ_SET_VOLUME_INFORMATION 82831898
Device \FileSystem\Fastfat \Fat IRP_MJ_DIRECTORY_CONTROL 82831898
Device \FileSystem\Fastfat \Fat IRP_MJ_FILE_SYSTEM_CONTROL 82831898
Device \FileSystem\Fastfat \Fat IRP_MJ_DEVICE_CONTROL 82831898
Device \FileSystem\Fastfat \Fat IRP_MJ_SHUTDOWN 82831898
Device \FileSystem\Fastfat \Fat IRP_MJ_LOCK_CONTROL 82831898
Device \FileSystem\Fastfat \Fat IRP_MJ_CLEANUP 82831898
Device \FileSystem\Fastfat \Fat IRP_MJ_PNP 82831898
Device \FileSystem\Fastfat \Fat FastIoCheckIfPossible B72A11F9
Device \FileSystem\Fs_Rec \FileSystem\UdfsCdRomRecognizer IRP_MJ_READ 82992708
Device \FileSystem\Fs_Rec \FileSystem\FatCdRomRecognizer IRP_MJ_READ 82992708
Device \FileSystem\Fs_Rec \FileSystem\CdfsRecognizer IRP_MJ_READ 82992708
Device \FileSystem\Fs_Rec \FileSystem\FatDiskRecognizer IRP_MJ_READ 82992708
Device \FileSystem\Fs_Rec \FileSystem\UdfsDiskRecognizer IRP_MJ_READ 82992708
Device \FileSystem\Cdfs \Cdfs IRP_MJ_CREATE 82805898
Device \FileSystem\Cdfs \Cdfs IRP_MJ_CLOSE 82805898
Device \FileSystem\Cdfs \Cdfs IRP_MJ_READ 824D9858
Device \FileSystem\Cdfs \Cdfs IRP_MJ_QUERY_INFORMATION 82805898
Device \FileSystem\Cdfs \Cdfs IRP_MJ_SET_INFORMATION 82805898
Device \FileSystem\Cdfs \Cdfs IRP_MJ_QUERY_VOLUME_INFORMATION 82805898
Device \FileSystem\Cdfs \Cdfs IRP_MJ_DIRECTORY_CONTROL 82805898
Device \FileSystem\Cdfs \Cdfs IRP_MJ_FILE_SYSTEM_CONTROL 82805898
Device \FileSystem\Cdfs \Cdfs IRP_MJ_DEVICE_CONTROL 82805898
Device \FileSystem\Cdfs \Cdfs IRP_MJ_SHUTDOWN 82805898
Device \FileSystem\Cdfs \Cdfs IRP_MJ_LOCK_CONTROL 82805898
Device \FileSystem\Cdfs \Cdfs IRP_MJ_CLEANUP 82805898
Device \FileSystem\Cdfs \Cdfs IRP_MJ_PNP 82805898
---- Modules - GMER 1.0.12 ----
Module _________ F735E000-F7376000 (98304 bytes)
---- Registry - GMER 1.0.12 ----
Reg \Registry\MACHINE\SOFTWARE\LicCtrl\LicCtrl\LicCtrl\LicCtrl
---- Files - GMER 1.0.12 ----
ADS C:\WINDOWS\system32\svchost.exe:exe.exe
ADS D:\Documents and Settings\Temes\Local Settings\Application Data\Microsoft\Messenger\jussisiikakoski@hotmail.com\SharingMetadata\tepi__91@hotmail.com\DFSR\Staging\CS{BE6F757F-E5ED-2B8C-2CE8-4D4BDC9BE313}\01\10-{BE6F757F-E5ED-2B8C-2CE8-4D4BDC9BE313}-v1-{27DE1DE1-FF80-44A1-9740-19FA0C3DC1A5}-v10-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS
ADS D:\Documents and Settings\Temes\Local Settings\Application Data\Microsoft\Messenger\jussisiikakoski@hotmail.com\SharingMetadata\tepi__91@hotmail.com\DFSR\Staging\CS{BE6F757F-E5ED-2B8C-2CE8-4D4BDC9BE313}\25\28-{A99C2602-3689-40EE-8CA9-28929D82C044}-v25-{A99C2602-3689-40EE-8CA9-28929D82C044}-v28-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS
ADS D:\Documents and Settings\Temes\Local Settings\Application Data\Microsoft\Messenger\jussisiikakoski@hotmail.com\SharingMetadata\tepi__91@hotmail.com\DFSR\Staging\CS{BE6F757F-E5ED-2B8C-2CE8-4D4BDC9BE313}\26\29-{A99C2602-3689-40EE-8CA9-28929D82C044}-v26-{A99C2602-3689-40EE-8CA9-28929D82C044}-v29-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS
---- EOF - GMER 1.0.12 ----
==========
Logfile of HijackThis v1.99.1
Scan saved at 20:10:18, on 26.5.2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16441)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Sygate\SPF\smc.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\AntiVir PersonalEdition Classic\avguard.exe
C:\Program Files\AntiVir PersonalEdition Classic\sched.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
c:\APPS\Powercinema\Kernel\TV\CLCapSvc.exe
c:\APPS\Powercinema\Kernel\CLML_NTService\CLMLServer.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Apps\Softex\OmniPass\Omniserv.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
C:\Program Files\Sonic\DigitalMedia LE v7\MyDVD LE\USBDeviceService.exe
c:\APPS\Powercinema\Kernel\TV\CLSched.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\AntiVir PersonalEdition Classic\avgnt.exe
C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
C:\Program Files\Logitech\SetPoint\SetPoint.exe
C:\Program Files\NYKO\Gamepad Mapping Tools\ngpmap.exe
C:\Program Files\Common Files\Logitech\khalshared\KHALMNPR.EXE
C:\Program Files\Mozilla Firefox\firefox.exe
C:\hijackthis\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://jonneweb.net/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Linkit
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O2 - BHO: Octh Class - {000123B4-9B42-4900-B3F7-F4B073EFC214} - C:\Program Files\Orbitdownloader\orbitcth.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Startup: NYKO Gamepad Mapping Tools.lnk = C:\Program Files\NYKO\Gamepad Mapping Tools\ngpmap.exe
O4 - Startup: OneNote 2007 -näyttöleikkeet ja Launcher.lnk = C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
O4 - Global Startup: Logitech SetPoint.lnk = ?
O8 - Extra context menu item: &Download by Orbit - res://C:\Program Files\Orbitdownloader\orbitmxt.dll/201
O8 - Extra context menu item: &Grab video by Orbit - res://C:\Program Files\Orbitdownloader\orbitmxt.dll/204
O8 - Extra context menu item: Do&wnload selected by Orbit - res://C:\Program Files\Orbitdownloader\orbitmxt.dll/203
O8 - Extra context menu item: Down&load all by Orbit - res://C:\Program Files\Orbitdownloader\orbitmxt.dll/202
O8 - Extra context menu item: Lataa FlashGetillä - C:\Program Files\FlashGet\jc_link.htm
O8 - Extra context menu item: Lataa kaikki FlashGetillä - C:\Program Files\FlashGet\jc_all.htm
O8 - Extra context menu item: V&ie Microsoft Exceliin - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\npjpi160_01.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\npjpi160_01.dll
O9 - Extra button: Lähetä OneNoteen - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: Läh&etä OneNoteen - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\flashget.exe (file missing)
O9 - Extra 'Tools' menuitem: &FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\flashget.exe (file missing)
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O11 - Options group: [INTERNATIONAL] International*
O14 - IERESET.INF: START_PAGE_URL=file://C:\APPS\IE\offline\fin.htm
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab31267.cab
O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Mes...nt.cab31267.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Mes...nt.cab31267.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://messenger.zone.msn.com/binary/ZIntro.cab53083.cab
O16 - DPF: {CD995117-98E5-4169-9920-6C12D4C0B548} (HGPlugin9USA Class) - http://gamedownload.ijjimax.com/gamedown...GPlugin9USA.cab
O16 - DPF: {D1E7CBDA-E60E-4970-A01C-37301EF7BF98} (Measurement Services Client v.3.11) - http://gameadvisor.futuremark.com/global/msc311.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{4A916D6D-55F7-4F22-AF53-F46CB7522975}: NameServer = 143.166.82.252
O17 - HKLM\System\CCS\Services\Tcpip\..\{50D0E0B9-218B-4EFA-A131-6E6B79354BED}: NameServer = 143.166.82.252
O17 - HKLM\System\CCS\Services\Tcpip\..\{DCD548C5-1EDB-4AEE-B53B-AD8DBDE5F678}: NameServer = 143.166.82.252
O17 - HKLM\System\CCS\Services\Tcpip\..\{DE738E05-0F03-494F-9A55-B36CF80991ED}: NameServer = 143.166.82.252
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~2\Office12\GR99D3~1.DLL
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Filter hijack: text/xml - {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL
O20 - Winlogon Notify: OPXPGina - C:\Apps\Softex\OmniPass\opxpgina.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: AntiVir PersonalEdition Classic Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - Avira GmbH - C:\Program Files\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: Automattinen LiveUpdate-ajastustoiminto - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: CyberLink Background Capture Service (CBCS) (CLCapSvc) - Unknown owner - c:\APPS\Powercinema\Kernel\TV\CLCapSvc.exe
O23 - Service: CyberLink Task Scheduler (CTS) (CLSched) - Unknown owner - c:\APPS\Powercinema\Kernel\TV\CLSched.exe
O23 - Service: CyberLink Media Library Service - Cyberlink - c:\APPS\Powercinema\Kernel\CLML_NTService\CLMLServer.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: LicCtrl Service (LicCtrlService) - Unknown owner - C:\WINDOWS\runservice.exe (file missing)
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Softex OmniPass Service (omniserv) - Softex Inc. - C:\Apps\Softex\OmniPass\Omniserv.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: SF FrontLine Drivers Auto Removal (v1) (sfrem01) - Protection Technology (StarForce) - C:\WINDOWS\system32\sfrem01.exe
O23 - Service: Sygate Personal Firewall (SmcService) - Sygate Technologies, Inc. - C:\Program Files\Sygate\SPF\smc.exe
O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
O23 - Service: USBDeviceService - Unknown owner - C:\Program Files\Sonic\DigitalMedia LE v7\MyDVD LE\USBDeviceService.exe
O23 - Service: SecuROM User Access Service (V7) (UserAccess7) - Unknown owner - C:\WINDOWS\system32\UAService7.exe (file missing)
==========
Ei se aina lähe, ei ees joka kerta.
|
|
Mainos
|
|
|
|
Auttaja
Suspended permanently
|
26. toukokuuta 2007 @ 16:54 |
Linkki tähän viestiin
|
|
|
