"Hbtools"-kuvake työpöydällä - ei lähde veks!

TeleHell · Jun 22, 2007

Kaverin koneen työpöydälle ilmaantunut joidenkin ajureiden päivityksen mukana tuollainen Hbtools kuvake, kun sitä yrittää poistaa, sanoo ettei voi poistaa koska kohde on käytössä. Ei sitä kyllä voi avatakkaan.
Escanilla ajoin eilen ja löyty 4 virusta/troijalaista, se poisti ne olettaakseni.
Eikä lähde vikasietotilassakaan. Eikä ole programmeissa hbtools;ia.

Tullut vastaan kelläkään? Ainakin Haku kertoi, että joillakin vastaavanlainen, muttei tämä lähde siellä vikasietotilassa.
Tässä vielä hjt;

Logfile of HijackThis v1.99.1
Scan saved at 15:35:12, on 22.6.2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16473)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Sygate\SPF\smc.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe
C:\WINDOWS\VM_STI.EXE
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\ATI Technologies\ATI.ACE\CLI.EXE
C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe
C:\WINDOWS\system32\oodag.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\HJT\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Linkit
O2 - BHO: Adobe PDF Reader -linkkiavustaja - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [SmcService] C:\PROGRA~1\Sygate\SPF\smc.exe -startgui
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe"
O4 - HKLM\..\Run: [BigDogPath] C:\WINDOWS\VM_STI.EXE VIMICRO USB PC Camera
O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\CLIStart.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Safevga] C:\DOCUME~1\RAIMOE~1\APPLIC~1\onefive\Listopen.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe
O4 - Global Startup: Adobe Reader Synchronizer.lnk = C:\Program Files\Adobe\Reader 8.0\Reader\AdobeCollabSync.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O11 - Options group: [INTERNATIONAL] International*
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: BlueSoleil Hid Service - Unknown owner - C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe
O23 - Service: O&O Defrag - O&O Software GmbH - C:\WINDOWS\system32\oodag.exe
O23 - Service: Sygate Personal Firewall (SmcService) - Sygate Technologies, Inc. - C:\Program Files\Sygate\SPF\smc.exe
O23 - Service: SysEnforce - Unknown owner - C:\PROGRA~1\TRISNA~1\SSI\SYSENF~1.EXE (file missing)

Hujo · Jun 22, 2007

Lataa NoLop työpöydällesi yhdestä seuraavista linkeistä...
Linkki1
Linkki2
Linkki3

1.Sulje kaikki ohjelmat, koska tämä vaihe vaatii uudelleenkäynnistyksen
2.Tuplaklikkaa NoLop.exe ajaaksesi sen
3.Klikkaa nappulaa "Search and Destroy"
<<Tietokoneesi skannataan saastuneiden tiedostojen osalta>>
4, Kun skannaus on valmis, sinua pyydetään käynnistämään kone uudestaan, jos infektio löytyy. Klikkaa OK
5. Klikkaa "REBOOT"-painiketta.
6. NoLopin pitäisi antaa viesti. Jos ei, tuplaklikkaa ohjelmaa ja se valmistuu. Lähetä C:\NoLop.log-tiedoston sisältö uuden HijackThis-lokin kera.
-- Jos saat seuraavan virheen, "mscomctl.ocx or one of its dependencies are not correctly registered," lataa mscomctl.ocx ja tallenna se system32-hakemistoosi (yleensä c:\Windows\system32). Tämän jälkeen aja ohjelma uudestaan.

=================

Lataa RustBFix by ejvindh http://www.uploads.ejvindh.net/rustbfix.exe
ja tallenna se työpöydällesi.

Tuplaklikkaa tiedostoa rustbfix.exe. Jos löytyy Rustock.b-infektio, sinua pyydetään pian käynnistämään kone uudelleen. Uudelleenkäynnistyminen saattaa kestää hetken ja joudut ehkä käynnistämään koneen vielä toisenkin kerran. Kaikki tämä tapahtuu automaattisesti. Uudelleenkäynnistyksen jälkeen kaksi lokitiedostoa avautuu (%root%\avenger.txt & %root%\rustbfix\pelog.txt).

Kopioi ja liitä nämä kaksi lokitiedostoa seuraavaan vastaukseesi uuden HijackThis lokin kera.

Auttaja · Jun 23, 2007

mihin hujon rust analyysi perustuu?

TeleHell · Jun 23, 2007

Tässäpä uus HJT loki sekä noLopin loki;

Logfile of HijackThis v1.99.1
Scan saved at 15:15:32, on 23.6.2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16473)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Sygate\SPF\smc.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe
C:\WINDOWS\VM_STI.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\ATI Technologies\ATI.ACE\CLI.EXE
C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe
C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe
C:\WINDOWS\system32\oodag.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\WINDOWS\system32\wuauclt.exe
C:\HJT\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Linkit
O2 - BHO: Adobe PDF Reader -linkkiavustaja - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [SmcService] C:\PROGRA~1\Sygate\SPF\smc.exe -startgui
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe"
O4 - HKLM\..\Run: [BigDogPath] C:\WINDOWS\VM_STI.EXE VIMICRO USB PC Camera
O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\CLIStart.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Safevga] C:\DOCUME~1\RAIMOE~1\APPLIC~1\onefive\Listopen.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe
O4 - Global Startup: Adobe Reader Synchronizer.lnk = C:\Program Files\Adobe\Reader 8.0\Reader\AdobeCollabSync.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O11 - Options group: [INTERNATIONAL] International*
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: BlueSoleil Hid Service - Unknown owner - C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe
O23 - Service: O&O Defrag - O&O Software GmbH - C:\WINDOWS\system32\oodag.exe
O23 - Service: Sygate Personal Firewall (SmcService) - Sygate Technologies, Inc. - C:\Program Files\Sygate\SPF\smc.exe
O23 - Service: SysEnforce - Unknown owner - C:\PROGRA~1\TRISNA~1\SSI\SYSENF~1.EXE (file missing)

---------

Ja noLop;

NoLop! Log by Skate_Punk_21

Fix running from: C:\Documents and Settings\raimo ehrukainen\Työpöytä
[23.6.2007]
[13:23:16]

---Infection Files Found/Removed---
C:\WINDOWS\tasks\B05B1953939C8BA3.job

Beginning Removal...
Rebooting...
Removing Lop's Leftover Files/Folders...
Editing Registry...
**Fix Complete!**

---Listing AppData sub directories---

C:\Documents and Settings\All Users\Application Data\Adobe
C:\Documents and Settings\All Users\Application Data\Adobe Systems
C:\Documents and Settings\All Users\Application Data\Apple Computer
C:\Documents and Settings\All Users\Application Data\Avg7 -- EMPTY Directory
C:\Documents and Settings\All Users\Application Data\Bluetooth
C:\Documents and Settings\All Users\Application Data\Cyberlink
C:\Documents and Settings\All Users\Application Data\Dvd Shrink
C:\Documents and Settings\All Users\Application Data\Microsoft
C:\Documents and Settings\All Users\Application Data\Office Genuine Advantage
C:\Documents and Settings\All Users\Application Data\Quicktime
C:\Documents and Settings\All Users\Application Data\Synthetic Reality
C:\Documents and Settings\All Users\Application Data\Trymedia
C:\Documents and Settings\All Users\Application Data\Windows Genuine Advantage
C:\Documents and Settings\All Users.windows\Application Data\Adobe
C:\Documents and Settings\All Users.windows\Application Data\Apple Computer
C:\Documents and Settings\All Users.windows\Application Data\Bluetooth
C:\Documents and Settings\All Users.windows\Application Data\Microsoft
C:\Documents and Settings\All Users.windows\Application Data\Trymedia
C:\Documents and Settings\All Users.windows\Application Data\Uploadlessheartlog
C:\Documents and Settings\All Users.windows\Application Data\Windows Genuine Advantage
C:\Documents and Settings\Default User\Application Data\Microsoft
C:\Documents and Settings\Default User.windows\Application Data\Microsoft
C:\Documents and Settings\Järjestelmänvalvoja\Application Data\Microsoft
C:\Documents and Settings\Järjestelmänvalvoja.raimo-bb4ebf8b1\Application Data\Microsoft
C:\Documents and Settings\Localservice\Application Data\Microsoft
C:\Documents and Settings\Localservice.nt-hallinta\Application Data\Microsoft
C:\Documents and Settings\Networkservice\Application Data\Microsoft
C:\Documents and Settings\Networkservice\Application Data\Mozilla
C:\Documents and Settings\Networkservice.nt-hallinta\Application Data\Macromedia
C:\Documents and Settings\Networkservice.nt-hallinta\Application Data\Microsoft
C:\Documents and Settings\Networkservice.nt-hallinta\Application Data\Mozilla
C:\Documents and Settings\Raimo\Application Data\.abc 3.01
C:\Documents and Settings\Raimo\Application Data\Adobe
C:\Documents and Settings\Raimo\Application Data\Adobeum -- EMPTY Directory
C:\Documents and Settings\Raimo\Application Data\Ahead
C:\Documents and Settings\Raimo\Application Data\Apple Computer
C:\Documents and Settings\Raimo\Application Data\Ati
C:\Documents and Settings\Raimo\Application Data\Azureus
C:\Documents and Settings\Raimo\Application Data\Google -- EMPTY Directory
C:\Documents and Settings\Raimo\Application Data\Help
C:\Documents and Settings\Raimo\Application Data\Identities
C:\Documents and Settings\Raimo\Application Data\Lavasoft
C:\Documents and Settings\Raimo\Application Data\Macromedia
C:\Documents and Settings\Raimo\Application Data\Microsoft
C:\Documents and Settings\Raimo\Application Data\Mozilla
C:\Documents and Settings\Raimo\Application Data\Officeupdate12
C:\Documents and Settings\Raimo\Application Data\Opera
C:\Documents and Settings\Raimo\Application Data\Panasonic
C:\Documents and Settings\Raimo\Application Data\Registry Booster
C:\Documents and Settings\Raimo\Application Data\Sun
C:\Documents and Settings\Raimo\Application Data\Vlc
C:\Documents and Settings\Raimo\Application Data\Vso
C:\Documents and Settings\Raimo Ehrukainen\Application Data\.abc 3.01
C:\Documents and Settings\Raimo Ehrukainen\Application Data\7wonders
C:\Documents and Settings\Raimo Ehrukainen\Application Data\Adobe
C:\Documents and Settings\Raimo Ehrukainen\Application Data\Adobeaum
C:\Documents and Settings\Raimo Ehrukainen\Application Data\Adobeum -- EMPTY Directory
C:\Documents and Settings\Raimo Ehrukainen\Application Data\Apple Computer
C:\Documents and Settings\Raimo Ehrukainen\Application Data\Ati
C:\Documents and Settings\Raimo Ehrukainen\Application Data\Divx
C:\Documents and Settings\Raimo Ehrukainen\Application Data\Getrighttogo
C:\Documents and Settings\Raimo Ehrukainen\Application Data\Identities
C:\Documents and Settings\Raimo Ehrukainen\Application Data\Lavasoft
C:\Documents and Settings\Raimo Ehrukainen\Application Data\Leadertech
C:\Documents and Settings\Raimo Ehrukainen\Application Data\Macromedia
C:\Documents and Settings\Raimo Ehrukainen\Application Data\Microsoft
C:\Documents and Settings\Raimo Ehrukainen\Application Data\Mozilla
C:\Documents and Settings\Raimo Ehrukainen\Application Data\Onefive
C:\Documents and Settings\Raimo Ehrukainen\Application Data\Real
C:\Documents and Settings\Raimo Ehrukainen\Application Data\Registry Booster
C:\Documents and Settings\Raimo Ehrukainen\Application Data\Sun
C:\Documents and Settings\Raimo Ehrukainen\Application Data\Vso

--------

Ja rusti ei löytänyt mitään.
Ja hbtools kuvake on tiukasti edelleen työpöydällä..

Auttaja · Jun 23, 2007

Hijackthissillä muut ohjelmat suljettuna!

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O4 - HKCU\..\Run: [Safevga] C:\DOCUME~1\RAIMOE~1\APPLIC~1\onefive\Listopen.exe

Merkkaa nuo rivit ja paina FIX CHECKED

=========

Lataa ATF Cleaner
http://www.atribune.org/ccount/click.php?id=1

Tupla-klikkaa ATF-Cleaner.exe käynnistääksesi ohjelman. Main:n alla valitse: Select All
Klikkaa Empty Selected valintaa.
Jos käytät FireFoxia selaimenasi Klikkaa Firefox yläpuolelta ja valitse: Select All
Klikkaa Empty Selected valintaa.
HUOMIO: Jos haluaisit pitää tallennetut salasanasi, klikkaa No kun se sitä kysyy.
Jos käytät Operaa selaimenasi Klikkaa Opera yläpuolelta ja valitse: Select All
Klikkaa Empty Selected valintaa taas.
HUOMIO: Jos haluaisit pitää tallennetut salasanasi, klikkaa No kun se sitä kysyy.
Klikkaa Exit päävalikosta sulkeaksesi ohjelman.
Teknistä tukea tulee jos tupla-klikkaat sähköpostiosoitetta joka sijaitsee jokaisen menun alapuolella kyseisessä työkalussa. (Huomatkaa että se tuki on sitten englanniksi)

==========

Laita piilotiedostot näkyviin ja poiston jälkeen piiloon takaisin

Poista nämä kansiot/tiedostot

C:\DOCUME~1\RAIMOE~1\APPLIC~1\onefive

=========
'
Tarkista koneesi F-Securen online skannerilla

Huom, skanneri toimii vain Internet Explorer selaimella

* Lue sivun ohjeet huolella läpi
* Klikkaa Start scanning
* Mikäli saat Internet Explorer -suojausvaroituksen, klikkaa Asenna
* Klikkaa Accept
* Klikkaa Custom Scan
* Säädä asetukset seuraavasti

o "Virus Scan Option" kohdasta valitse Scan whole system
o "Other Scan Option" kohdasta valitse Scan All Files
o Valitse Scan whole system for rootkits
o Valitse Scan whole system for spyware
o Laita ruksi kohtaan Scan inside archives
o Varmista että Use advanced heuristics on valittuna

* Klikkaa Start
* Skannaus käynnistyy kun tarvittavat tiedostot/päivitykset on ladattu
* Odota kärsivällisesti
* Kun sakannaus on suoritettu, klikkaa Automatic cleaning
* Klikkaa Show Report
* Raportti aukeaa selaimessa, kopioi teksti kokonaan
* Liitä kopioitu teksti esim. muistioon tai Wordiin ja tallenna työpöydälle
* Voit sulkea skannerin
* Lähetä raportti viestiketjuusi

=====0

1. Lataa combofix.exe työpöydällesi jommastakummasta linkistä:
http://www.techsupportforum.com/sectools/sUBs/ComboFix.exe
http://download.bleepingcomputer.com/sUBs/ComboFix.exe

2. Tuplaklikkaa combofix.exe tiedostoa ja seuraa ohjeistuksia.
3. Kun työkalu on valmis, se tuottaa lokin. (C:\ComboFix.txt) Lähetä tämä loki viesti ketjuusi.
Huom! Älä klikkaile combofixin ikkunaa käytön aikana. Tämä saattaa aiheuttaa ohjelman jumiutumisen.

Myös uusi HIJACKTHISlogi

TeleHell · Jun 23, 2007

F-securen scanneri ei löytänyt mitään.

Ja tässä on combon loki;

ComboFix 07-06-18.2 - C:\Documents and Settings\raimo ehrukainen\Ty”p”yt„\ComboFix.exe
"raimo ehrukainen" - 2007-06-23 18:47:49 - Service Pack 2 NTFS

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

C:\DOCUME~1\RAIMOE~1\TYPYT~1.\internet explorer.lnk

((((((((((((((((((((((((( Files Created from 2007-05-23 to 2007-06-23 )))))))))))))))))))))))))))))))

2007-06-23 18:47 49,152 --a------ C:\WINDOWS\nircmd.exe
2007-06-23 15:23 <KANSIO> d-------- C:\WINDOWS\LastGood
2007-06-22 15:23 <KANSIO> d-------- C:\Program Files\Trisnap Technologies
2007-06-21 22:31 364,544 --------- C:\WINDOWS\system32\TwnLib4.dll
2007-06-21 22:31 127,488 --------- C:\WINDOWS\system32\drivers\imagesrv.sys
2007-06-21 22:31 106,496 --a------ C:\WINDOWS\system32\TwnLib20.dll
2007-06-21 22:30 476,320 --------- C:\WINDOWS\system32\ImagXpr7.dll
2007-06-21 22:30 471,040 --------- C:\WINDOWS\system32\ImagXRA7.dll
2007-06-21 22:30 262,144 --------- C:\WINDOWS\system32\ImagXR7.dll
2007-06-21 22:30 1,568,768 --------- C:\WINDOWS\system32\ImagX7.dll
2007-06-21 22:00 524,288 --ah----- C:\DOCUME~1\JRJEST~1.RAI\NTUSER.DAT
2007-06-21 22:00 <KANSIO> dr------- C:\DOCUME~1\JRJEST~1.RAI\K„ynnist„-valikko
2007-06-21 22:00 <KANSIO> d--h----- C:\DOCUME~1\JRJEST~1.RAI\Verkkoymp„rist”
2007-06-21 22:00 <KANSIO> d--h----- C:\DOCUME~1\JRJEST~1.RAI\Tulostinymp„rist”
2007-06-21 22:00 <KANSIO> d--h----- C:\DOCUME~1\JRJEST~1.RAI\Mallit
2007-06-21 22:00 <KANSIO> d-------- C:\DOCUME~1\JRJEST~1.RAI\Ty”p”yt„
2007-06-21 22:00 <KANSIO> d-------- C:\DOCUME~1\JRJEST~1.RAI\Suosikit
2007-06-19 20:17 <KANSIO> d-------- C:\Program Files\Trymedia
2007-06-19 20:11 <KANSIO> d-------- C:\Program Files\Restaurant Empire
2007-06-19 16:54 <KANSIO> d-------- C:\Program Files\Alawar
2007-06-19 11:16 <KANSIO> d-------- C:\Program Files\Windows Live Safety Center
2007-06-11 18:55 221,184 --a------ C:\WINDOWS\system32\wmpns.dll
2007-06-10 21:12 740,442 --a------ C:\WINDOWS\system32\divx.dll
2007-06-10 21:12 73,728 --a------ C:\WINDOWS\system32\dpl100.dll
2007-06-10 21:12 593,920 --a------ C:\WINDOWS\system32\xvidcore.dll
2007-06-10 21:12 3,596,288 --a------ C:\WINDOWS\system32\qt-dx331.dll
2007-06-10 21:12 217,088 --a------ C:\WINDOWS\system32\yv12vfw.dll
2007-06-10 21:12 180,224 --a------ C:\WINDOWS\system32\xvidvfw.dll
2007-06-10 21:12 <KANSIO> d-------- C:\Program Files\K-Lite Codec Pack
2007-06-03 17:51 664 --a------ C:\WINDOWS\desctemp.dat
2007-06-01 15:09 <KANSIO> d-------- C:\DOCUME~1\RAIMOE~1\.onnet

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

2007-06-22 11:38:46 -------- d-----w C:\Program Files\DC++
2007-06-21 18:11:47 -------- d-----w C:\DOCUME~1\RAIMOE~1\APPLIC~1\Vso
2007-06-19 16:44:36 -------- d-----w C:\Program Files\PeerGuardian2
2007-06-18 17:15:09 -------- d-----w C:\Program Files\Diablo II
2007-06-18 17:10:22 -------- d-----w C:\Program Files\Windows Media Connect 2
2007-06-17 17:14:34 21,840 ----atw C:\WINDOWS\system32\SIntfNT.dll
2007-06-17 17:14:34 17,212 ----atw C:\WINDOWS\system32\SIntf32.dll
2007-06-17 17:14:34 12,067 ----atw C:\WINDOWS\system32\SIntf16.dll
2007-06-04 17:31:23 -------- d-----w C:\Program Files\eMule
2007-05-16 15:14:02 683,520 ----a-w C:\WINDOWS\system32\inetcomm.dll
2007-05-15 17:41:50 1,953 ----a-w C:\WINDOWS\mozver.dat
2007-05-05 09:22:38 -------- d-----w C:\Program Files\MSN Messenger
2007-04-30 15:46:10 745,600 ----a-w C:\WINDOWS\system32\aswBoot.exe
2007-04-30 15:41:55 85,952 ----a-w C:\WINDOWS\system32\drivers\aswmon.sys
2007-04-30 15:41:42 94,552 ----a-w C:\WINDOWS\system32\drivers\aswmon2.sys
2007-04-30 15:39:41 23,416 ----a-w C:\WINDOWS\system32\drivers\aswRdr.sys
2007-04-30 15:38:51 43,176 ----a-w C:\WINDOWS\system32\drivers\aswTdi.sys
2007-04-30 15:37:23 26,888 ----a-w C:\WINDOWS\system32\drivers\aavmker4.sys
2007-04-30 15:35:28 95,872 ----a-w C:\WINDOWS\system32\AVASTSS.scr
2007-04-25 14:22:38 144,896 ----a-w C:\WINDOWS\system32\schannel.dll
2007-04-23 19:58:02 -------- d-----w C:\Program Files\Common Files\Real
2007-04-23 19:58:01 -------- d-----w C:\DOCUME~1\RAIMOE~1\APPLIC~1\Real
2007-04-22 10:41:27 18,232 ----a-w C:\DOCUME~1\RAIMOE~1\APPLIC~1\GDIPFONTCACHEV1.DAT
2007-04-18 16:14:18 2,854,400 ----a-w C:\WINDOWS\system32\msi.dll
2007-04-16 19:47:36 33,624 ----a-w C:\WINDOWS\system32\wups.dll
2007-04-16 19:45:54 1,710,936 ----a-w C:\WINDOWS\system32\wuaueng.dll
2007-04-16 19:45:48 549,720 ----a-w C:\WINDOWS\system32\wuapi.dll
2007-04-16 19:45:42 325,976 ----a-w C:\WINDOWS\system32\wucltui.dll
2007-04-16 19:45:36 203,096 ----a-w C:\WINDOWS\system32\wuweb.dll
2007-04-16 19:45:28 92,504 ----a-w C:\WINDOWS\system32\cdm.dll
2007-04-16 19:45:20 53,080 ----a-w C:\WINDOWS\system32\wuauclt.exe
2007-04-16 19:45:20 43,352 ----a-w C:\WINDOWS\system32\wups2.dll
2007-03-26 17:02:57 34,950 ----a-w C:\WINDOWS\DIIUnin.dat
2007-03-26 16:53:27 94,208 ----a-w C:\WINDOWS\DIIUnin.exe
2007-03-26 16:53:27 2,829 ----a-w C:\WINDOWS\DIIUnin.pif
2007-03-26 15:26:41 43,520 ----a-w C:\WINDOWS\system32\CmdLineExt03.dll
2007-03-25 08:39:25 75,928 ----a-w C:\WINDOWS\system32\perfc00B.dat
2007-03-25 08:39:25 375,328 ----a-w C:\WINDOWS\system32\perfh00B.dat

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

*Note* empty entries & legit default entries are not shown

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects]
{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}=C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll [2007-03-14 03:43]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"avast!"="C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [2007-04-30 18:42]
"SmcService"="C:\PROGRA~1\Sygate\SPF\smc.exe" [2004-10-15 19:40]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe" [2007-03-14 03:43]
"ATICCC"="C:\Program Files\ATI Technologies\ATI.ACE\CLIStart.exe" [2006-09-25 10:12]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"@"="" []
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-09-15 15:00]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"StartCCC"=C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe
"DAEMON Tools"="C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033
"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" /background
"msnmsgr"="C:\Program Files\MSN Messenger\msnmsgr.exe" /background

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"Cmaudio"=RunDll32 cmicnfg.cpl,CMICtrlWnd
"BluetoothAuthenticationAgent"=rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
"NeroCheck"=C:\WINDOWS\system32\NeroCheck.exe
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" -atboottime

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
bthsvcs BthServ

*Newly Created Service* - F-SECURE_STANDALONE_MINIFILTER

**************************************************************************

catchme 0.3.721 W2K/XP/Vista - userland rootkit detector by Gmer, http://www.gmer.net
Rootkit scan 2007-06-23 18:49:27
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

cmd.exe [1196]

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\BTHPORT\Parameters\Services\{00001000-0000-1000-8000-00805f9b34fb}]

[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\BTHPORT\Parameters\Services\{00001105-0000-1000-8000-00805f9b34fb}]

[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\BTHPORT\Parameters\Services\{00001115-0000-1000-8000-00805f9b34fb}]

Completion time: 2007-06-23 18:50:10
C:\ComboFix-quarantined-files.txt ... 2007-06-23 18:49

--- E O F ---

Ja uusi hjt loki

Logfile of HijackThis v1.99.1
Scan saved at 18:54:05, on 23.6.2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16473)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Sygate\SPF\smc.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe
C:\WINDOWS\VM_STI.EXE
C:\Program Files\ATI Technologies\ATI.ACE\CLI.EXE
C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe
C:\WINDOWS\system32\oodag.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\HJT\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Linkit
O2 - BHO: Adobe PDF Reader -linkkiavustaja - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [SmcService] C:\PROGRA~1\Sygate\SPF\smc.exe -startgui
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe"
O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\CLIStart.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe
O4 - Global Startup: Adobe Reader Synchronizer.lnk = C:\Program Files\Adobe\Reader 8.0\Reader\AdobeCollabSync.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O11 - Options group: [INTERNATIONAL] International*
O16 - DPF: {0B79F48A-E8D6-11DB-9283-E25056D89593} (F-Secure Online Scanner 3.1) - http://support.f-secure.com/ols/fscax.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: BlueSoleil Hid Service - Unknown owner - C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe
O23 - Service: O&O Defrag - O&O Software GmbH - C:\WINDOWS\system32\oodag.exe
O23 - Service: Sygate Personal Firewall (SmcService) - Sygate Technologies, Inc. - C:\Program Files\Sygate\SPF\smc.exe
O23 - Service: SysEnforce - Unknown owner - C:\PROGRA~1\TRISNA~1\SSI\SYSENF~1.EXE (file missing)

Auttaja · Jun 23, 2007

Lataa GMER ja tallenna se työpöydällesi:
[*]Pura se työpöydälle ja tuplaklikkaa tiedostoa GMER.exe
[*]Klikkaa rootkit-välilehteä ja sitten klikkaa scan.
[*]Älä rastita "Show All" boksia skannauksen aikana!
[*]Kun skannaus on valmis, klikkaa Copy.
[*]Tämä kopioi lokin leikepöydälle (voit tallentaa lokin varmuuden vuoksi tekstitiedostoon).
[*]Liitä loki sitten viestiketjuusi.

TeleHell · Jun 24, 2007

Tässäpä sen loki;

GMER 1.0.12.12244 - http://www.gmer.net
Rootkit scan 2007-06-23 20:15:50
Windows 5.1.2600 Service Pack 2

---- System - GMER 1.0.12 ----

SSDT \??\C:\WINDOWS\system32\drivers\wpsdrvnt.sys ZwAllocateVirtualMemory
SSDT sptd.sys ZwCreateKey
SSDT \??\C:\WINDOWS\system32\drivers\wpsdrvnt.sys ZwCreateThread
SSDT sptd.sys ZwEnumerateKey
SSDT sptd.sys ZwEnumerateValueKey
SSDT \??\C:\WINDOWS\system32\drivers\wpsdrvnt.sys ZwMapViewOfSection
SSDT sptd.sys ZwOpenKey
SSDT \??\C:\WINDOWS\system32\drivers\wpsdrvnt.sys ZwProtectVirtualMemory
SSDT sptd.sys ZwQueryKey
SSDT sptd.sys ZwQueryValueKey
SSDT sptd.sys ZwSetValueKey
SSDT \??\C:\WINDOWS\system32\drivers\wpsdrvnt.sys ZwShutdownSystem
SSDT \??\C:\WINDOWS\system32\drivers\wpsdrvnt.sys ZwTerminateProcess
SSDT \??\C:\WINDOWS\system32\drivers\wpsdrvnt.sys ZwWriteVirtualMemory

---- Kernel code sections - GMER 1.0.12 ----

? C:\WINDOWS\system32\drivers\sptd.sys Prosessi ei voi käyttää tiedostoa, koska se on toisen prosessin käytössä.
.text USBPORT.SYS!DllUnload F76BF62C 5 Bytes JMP 82010960
? System32\Drivers\amuw9413.SYS Määritettyä tiedostoa ei löydy.
? C:\WINDOWS\system32\DRIVERS\update.sys
.text tcpip.sys!IPTransmit + 10BC BAF28CFA 6 Bytes CALL F8295E50 Teefer.sys
.text tcpip.sys!IPTransmit + 2810 BAF2A44E 6 Bytes CALL F8295E50 Teefer.sys
.text tcpip.sys!ARPRcv + 506D BAF2F4E0 6 Bytes CALL F8295E50 Teefer.sys
.text wanarp.sys F86EB3FD 4 Bytes CALL F8295FA0 Teefer.sys
.text wanarp.sys F86EB402 2 Bytes [ 90, 90 ]
? C:\WINDOWS\system32\Drivers\PROCEXP90.SYS Määritettyä tiedostoa ei löydy.

---- Devices - GMER 1.0.12 ----

Device \FileSystem\Ntfs \Ntfs IRP_MJ_CREATE 823681E8
Device \FileSystem\Ntfs \Ntfs IRP_MJ_CLOSE 823681E8
Device \FileSystem\Ntfs \Ntfs IRP_MJ_READ 823681E8
Device \FileSystem\Ntfs \Ntfs IRP_MJ_WRITE 823681E8
Device \FileSystem\Ntfs \Ntfs IRP_MJ_QUERY_INFORMATION 823681E8
Device \FileSystem\Ntfs \Ntfs IRP_MJ_SET_INFORMATION 823681E8
Device \FileSystem\Ntfs \Ntfs IRP_MJ_QUERY_EA 823681E8
Device \FileSystem\Ntfs \Ntfs IRP_MJ_SET_EA 823681E8
Device \FileSystem\Ntfs \Ntfs IRP_MJ_FLUSH_BUFFERS 823681E8
Device \FileSystem\Ntfs \Ntfs IRP_MJ_QUERY_VOLUME_INFORMATION 823681E8
Device \FileSystem\Ntfs \Ntfs IRP_MJ_SET_VOLUME_INFORMATION 823681E8
Device \FileSystem\Ntfs \Ntfs IRP_MJ_DIRECTORY_CONTROL 823681E8
Device \FileSystem\Ntfs \Ntfs IRP_MJ_FILE_SYSTEM_CONTROL 823681E8
Device \FileSystem\Ntfs \Ntfs IRP_MJ_DEVICE_CONTROL 823681E8
Device \FileSystem\Ntfs \Ntfs IRP_MJ_SHUTDOWN 823681E8
Device \FileSystem\Ntfs \Ntfs IRP_MJ_LOCK_CONTROL 823681E8
Device \FileSystem\Ntfs \Ntfs IRP_MJ_CLEANUP 823681E8
Device \FileSystem\Ntfs \Ntfs IRP_MJ_QUERY_SECURITY 823681E8
Device \FileSystem\Ntfs \Ntfs IRP_MJ_SET_SECURITY 823681E8
Device \FileSystem\Ntfs \Ntfs IRP_MJ_QUERY_QUOTA 823681E8
Device \FileSystem\Ntfs \Ntfs IRP_MJ_SET_QUOTA 823681E8
Device \FileSystem\Ntfs \Ntfs IRP_MJ_PNP 823681E8
Device \Driver\Tcpip \Device\Ip IRP_MJ_CREATE [F85C7220] wpsdrvnt.sys
Device \Driver\Tcpip \Device\Ip IRP_MJ_CLOSE [F85C7480] wpsdrvnt.sys
Device \Driver\Tcpip \Device\Ip IRP_MJ_DEVICE_CONTROL [F85C75A0] wpsdrvnt.sys
Device \Driver\Tcpip \Device\Ip IRP_MJ_INTERNAL_DEVICE_CONTROL [F85C75D0] wpsdrvnt.sys
Device \Driver\usbohci \Device\USBPDO-0 IRP_MJ_CREATE 8200F6B8
Device \Driver\usbohci \Device\USBPDO-0 IRP_MJ_CLOSE 8200F6B8
Device \Driver\usbohci \Device\USBPDO-0 IRP_MJ_DEVICE_CONTROL 8200F6B8
Device \Driver\usbohci \Device\USBPDO-0 IRP_MJ_INTERNAL_DEVICE_CONTROL 8200F6B8
Device \Driver\usbohci \Device\USBPDO-0 IRP_MJ_POWER 8200F6B8
Device \Driver\usbohci \Device\USBPDO-0 IRP_MJ_SYSTEM_CONTROL 8200F6B8
Device \Driver\usbohci \Device\USBPDO-0 IRP_MJ_PNP 8200F6B8
Device \Driver\usbohci \Device\USBPDO-1 IRP_MJ_CREATE 8200F6B8
Device \Driver\usbohci \Device\USBPDO-1 IRP_MJ_CLOSE 8200F6B8
Device \Driver\usbohci \Device\USBPDO-1 IRP_MJ_DEVICE_CONTROL 8200F6B8
Device \Driver\usbohci \Device\USBPDO-1 IRP_MJ_INTERNAL_DEVICE_CONTROL 8200F6B8
Device \Driver\usbohci \Device\USBPDO-1 IRP_MJ_POWER 8200F6B8
Device \Driver\usbohci \Device\USBPDO-1 IRP_MJ_SYSTEM_CONTROL 8200F6B8
Device \Driver\usbohci \Device\USBPDO-1 IRP_MJ_PNP 8200F6B8
Device \Driver\usbohci \Device\USBPDO-2 IRP_MJ_CREATE 8200F6B8
Device \Driver\usbohci \Device\USBPDO-2 IRP_MJ_CLOSE 8200F6B8
Device \Driver\usbohci \Device\USBPDO-2 IRP_MJ_DEVICE_CONTROL 8200F6B8
Device \Driver\usbohci \Device\USBPDO-2 IRP_MJ_INTERNAL_DEVICE_CONTROL 8200F6B8
Device \Driver\usbohci \Device\USBPDO-2 IRP_MJ_POWER 8200F6B8
Device \Driver\usbohci \Device\USBPDO-2 IRP_MJ_SYSTEM_CONTROL 8200F6B8
Device \Driver\usbohci \Device\USBPDO-2 IRP_MJ_PNP 8200F6B8
Device \Driver\usbehci \Device\USBPDO-3 IRP_MJ_CREATE 8209F1E8
Device \Driver\usbehci \Device\USBPDO-3 IRP_MJ_CLOSE 8209F1E8
Device \Driver\usbehci \Device\USBPDO-3 IRP_MJ_DEVICE_CONTROL 8209F1E8
Device \Driver\usbehci \Device\USBPDO-3 IRP_MJ_INTERNAL_DEVICE_CONTROL 8209F1E8
Device \Driver\usbehci \Device\USBPDO-3 IRP_MJ_POWER 8209F1E8
Device \Driver\usbehci \Device\USBPDO-3 IRP_MJ_SYSTEM_CONTROL 8209F1E8
Device \Driver\usbehci \Device\USBPDO-3 IRP_MJ_PNP 8209F1E8
Device \Driver\Tcpip \Device\Tcp IRP_MJ_CREATE [F85C7220] wpsdrvnt.sys
Device \Driver\Tcpip \Device\Tcp IRP_MJ_CLOSE [F85C7480] wpsdrvnt.sys
Device \Driver\Tcpip \Device\Tcp IRP_MJ_DEVICE_CONTROL [F85C75A0] wpsdrvnt.sys
Device \Driver\Tcpip \Device\Tcp IRP_MJ_INTERNAL_DEVICE_CONTROL [F85C75D0] wpsdrvnt.sys
Device \Driver\Ftdisk \Device\HarddiskVolume1 IRP_MJ_CREATE 823D71E8
Device \Driver\Ftdisk \Device\HarddiskVolume1 IRP_MJ_READ 823D71E8
Device \Driver\Ftdisk \Device\HarddiskVolume1 IRP_MJ_WRITE 823D71E8
Device \Driver\Ftdisk \Device\HarddiskVolume1 IRP_MJ_FLUSH_BUFFERS 823D71E8
Device \Driver\Ftdisk \Device\HarddiskVolume1 IRP_MJ_DEVICE_CONTROL 823D71E8
Device \Driver\Ftdisk \Device\HarddiskVolume1 IRP_MJ_INTERNAL_DEVICE_CONTROL 823D71E8
Device \Driver\Ftdisk \Device\HarddiskVolume1 IRP_MJ_SHUTDOWN 823D71E8
Device \Driver\Ftdisk \Device\HarddiskVolume1 IRP_MJ_CLEANUP 823D71E8
Device \Driver\Ftdisk \Device\HarddiskVolume1 IRP_MJ_POWER 823D71E8
Device \Driver\Ftdisk \Device\HarddiskVolume1 IRP_MJ_SYSTEM_CONTROL 823D71E8
Device \Driver\Ftdisk \Device\HarddiskVolume1 IRP_MJ_PNP 823D71E8
Device \Driver\Ftdisk \Device\HarddiskVolume2 IRP_MJ_CREATE 823D71E8
Device \Driver\Ftdisk \Device\HarddiskVolume2 IRP_MJ_READ 823D71E8
Device \Driver\Ftdisk \Device\HarddiskVolume2 IRP_MJ_WRITE 823D71E8
Device \Driver\Ftdisk \Device\HarddiskVolume2 IRP_MJ_FLUSH_BUFFERS 823D71E8
Device \Driver\Ftdisk \Device\HarddiskVolume2 IRP_MJ_DEVICE_CONTROL 823D71E8
Device \Driver\Ftdisk \Device\HarddiskVolume2 IRP_MJ_INTERNAL_DEVICE_CONTROL 823D71E8
Device \Driver\Ftdisk \Device\HarddiskVolume2 IRP_MJ_SHUTDOWN 823D71E8
Device \Driver\Ftdisk \Device\HarddiskVolume2 IRP_MJ_CLEANUP 823D71E8
Device \Driver\Ftdisk \Device\HarddiskVolume2 IRP_MJ_POWER 823D71E8
Device \Driver\Ftdisk \Device\HarddiskVolume2 IRP_MJ_SYSTEM_CONTROL 823D71E8
Device \Driver\Ftdisk \Device\HarddiskVolume2 IRP_MJ_PNP 823D71E8
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_CREATE 820E6980
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_CLOSE 820E6980
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_READ 820E6980
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_WRITE 820E6980
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_FLUSH_BUFFERS 820E6980
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_DEVICE_CONTROL 820E6980
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_INTERNAL_DEVICE_CONTROL 820E6980
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_SHUTDOWN 820E6980
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_POWER 820E6980
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_SYSTEM_CONTROL 820E6980
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_PNP 820E6980
Device \Driver\NetBT \Device\NetBT_Tcpip_{436F55A0-DE6C-4A9D-A147-BC34334A072C} IRP_MJ_CREATE 81F581E8
Device \Driver\NetBT \Device\NetBT_Tcpip_{436F55A0-DE6C-4A9D-A147-BC34334A072C} IRP_MJ_CLOSE 81F581E8
Device \Driver\NetBT \Device\NetBT_Tcpip_{436F55A0-DE6C-4A9D-A147-BC34334A072C} IRP_MJ_DEVICE_CONTROL 81F581E8
Device \Driver\NetBT \Device\NetBT_Tcpip_{436F55A0-DE6C-4A9D-A147-BC34334A072C} IRP_MJ_INTERNAL_DEVICE_CONTROL 81F581E8
Device \Driver\NetBT \Device\NetBT_Tcpip_{436F55A0-DE6C-4A9D-A147-BC34334A072C} IRP_MJ_CLEANUP 81F581E8
Device \Driver\NetBT \Device\NetBT_Tcpip_{436F55A0-DE6C-4A9D-A147-BC34334A072C} IRP_MJ_PNP 81F581E8
Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_CREATE 820E6980
Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_CLOSE 820E6980
Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_READ 820E6980
Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_WRITE 820E6980
Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_FLUSH_BUFFERS 820E6980
Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_DEVICE_CONTROL 820E6980
Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_INTERNAL_DEVICE_CONTROL 820E6980
Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_SHUTDOWN 820E6980
Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_POWER 820E6980
Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_SYSTEM_CONTROL 820E6980
Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_PNP 820E6980
Device \Driver\atapi \Device\Ide\IdeDeviceP1T1L0-17 IRP_MJ_CREATE 823691E8
Device \Driver\atapi \Device\Ide\IdeDeviceP1T1L0-17 IRP_MJ_CLOSE 823691E8
Device \Driver\atapi \Device\Ide\IdeDeviceP1T1L0-17 IRP_MJ_DEVICE_CONTROL 823691E8
Device \Driver\atapi \Device\Ide\IdeDeviceP1T1L0-17 IRP_MJ_INTERNAL_DEVICE_CONTROL 823691E8
Device \Driver\atapi \Device\Ide\IdeDeviceP1T1L0-17 IRP_MJ_POWER 823691E8
Device \Driver\atapi \Device\Ide\IdeDeviceP1T1L0-17 IRP_MJ_SYSTEM_CONTROL 823691E8
Device \Driver\atapi \Device\Ide\IdeDeviceP1T1L0-17 IRP_MJ_PNP 823691E8
Device \Driver\atapi \Device\Ide\IdePort0 IRP_MJ_CREATE 823691E8
Device \Driver\atapi \Device\Ide\IdePort0 IRP_MJ_CLOSE 823691E8
Device \Driver\atapi \Device\Ide\IdePort0 IRP_MJ_DEVICE_CONTROL 823691E8
Device \Driver\atapi \Device\Ide\IdePort0 IRP_MJ_INTERNAL_DEVICE_CONTROL 823691E8
Device \Driver\atapi \Device\Ide\IdePort0 IRP_MJ_POWER 823691E8
Device \Driver\atapi \Device\Ide\IdePort0 IRP_MJ_SYSTEM_CONTROL 823691E8
Device \Driver\atapi \Device\Ide\IdePort0 IRP_MJ_PNP 823691E8
Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-3 IRP_MJ_CREATE 823691E8
Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-3 IRP_MJ_CLOSE 823691E8
Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-3 IRP_MJ_DEVICE_CONTROL 823691E8
Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-3 IRP_MJ_INTERNAL_DEVICE_CONTROL 823691E8
Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-3 IRP_MJ_POWER 823691E8
Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-3 IRP_MJ_SYSTEM_CONTROL 823691E8
Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-3 IRP_MJ_PNP 823691E8
Device \Driver\atapi \Device\Ide\IdePort1 IRP_MJ_CREATE 823691E8
Device \Driver\atapi \Device\Ide\IdePort1 IRP_MJ_CLOSE 823691E8
Device \Driver\atapi \Device\Ide\IdePort1 IRP_MJ_DEVICE_CONTROL 823691E8
Device \Driver\atapi \Device\Ide\IdePort1 IRP_MJ_INTERNAL_DEVICE_CONTROL 823691E8
Device \Driver\atapi \Device\Ide\IdePort1 IRP_MJ_POWER 823691E8
Device \Driver\atapi \Device\Ide\IdePort1 IRP_MJ_SYSTEM_CONTROL 823691E8
Device \Driver\atapi \Device\Ide\IdePort1 IRP_MJ_PNP 823691E8
Device \Driver\atapi \Device\Ide\IdeDeviceP1T0L0-f IRP_MJ_CREATE 823691E8
Device \Driver\atapi \Device\Ide\IdeDeviceP1T0L0-f IRP_MJ_CLOSE 823691E8
Device \Driver\atapi \Device\Ide\IdeDeviceP1T0L0-f IRP_MJ_DEVICE_CONTROL 823691E8
Device \Driver\atapi \Device\Ide\IdeDeviceP1T0L0-f IRP_MJ_INTERNAL_DEVICE_CONTROL 823691E8
Device \Driver\atapi \Device\Ide\IdeDeviceP1T0L0-f IRP_MJ_POWER 823691E8
Device \Driver\atapi \Device\Ide\IdeDeviceP1T0L0-f IRP_MJ_SYSTEM_CONTROL 823691E8
Device \Driver\atapi \Device\Ide\IdeDeviceP1T0L0-f IRP_MJ_PNP 823691E8
Device \Driver\Cdrom \Device\CdRom2 IRP_MJ_CREATE 820E6980
Device \Driver\Cdrom \Device\CdRom2 IRP_MJ_CLOSE 820E6980
Device \Driver\Cdrom \Device\CdRom2 IRP_MJ_READ 820E6980
Device \Driver\Cdrom \Device\CdRom2 IRP_MJ_WRITE 820E6980
Device \Driver\Cdrom \Device\CdRom2 IRP_MJ_FLUSH_BUFFERS 820E6980
Device \Driver\Cdrom \Device\CdRom2 IRP_MJ_DEVICE_CONTROL 820E6980
Device \Driver\Cdrom \Device\CdRom2 IRP_MJ_INTERNAL_DEVICE_CONTROL 820E6980
Device \Driver\Cdrom \Device\CdRom2 IRP_MJ_SHUTDOWN 820E6980
Device \Driver\Cdrom \Device\CdRom2 IRP_MJ_POWER 820E6980
Device \Driver\Cdrom \Device\CdRom2 IRP_MJ_SYSTEM_CONTROL 820E6980
Device \Driver\Cdrom \Device\CdRom2 IRP_MJ_PNP 820E6980
Device \Driver\Cdrom \Device\CdRom3 IRP_MJ_CREATE 820E6980
Device \Driver\Cdrom \Device\CdRom3 IRP_MJ_CLOSE 820E6980
Device \Driver\Cdrom \Device\CdRom3 IRP_MJ_READ 820E6980
Device \Driver\Cdrom \Device\CdRom3 IRP_MJ_WRITE 820E6980
Device \Driver\Cdrom \Device\CdRom3 IRP_MJ_FLUSH_BUFFERS 820E6980
Device \Driver\Cdrom \Device\CdRom3 IRP_MJ_DEVICE_CONTROL 820E6980
Device \Driver\Cdrom \Device\CdRom3 IRP_MJ_INTERNAL_DEVICE_CONTROL 820E6980
Device \Driver\Cdrom \Device\CdRom3 IRP_MJ_SHUTDOWN 820E6980
Device \Driver\Cdrom \Device\CdRom3 IRP_MJ_POWER 820E6980
Device \Driver\Cdrom \Device\CdRom3 IRP_MJ_SYSTEM_CONTROL 820E6980
Device \Driver\Cdrom \Device\CdRom3 IRP_MJ_PNP 820E6980
Device \Driver\Cdrom \Device\CdRom4 IRP_MJ_CREATE 820E6980
Device \Driver\Cdrom \Device\CdRom4 IRP_MJ_CLOSE 820E6980
Device \Driver\Cdrom \Device\CdRom4 IRP_MJ_READ 820E6980
Device \Driver\Cdrom \Device\CdRom4 IRP_MJ_WRITE 820E6980
Device \Driver\Cdrom \Device\CdRom4 IRP_MJ_FLUSH_BUFFERS 820E6980
Device \Driver\Cdrom \Device\CdRom4 IRP_MJ_DEVICE_CONTROL 820E6980
Device \Driver\Cdrom \Device\CdRom4 IRP_MJ_INTERNAL_DEVICE_CONTROL 820E6980
Device \Driver\Cdrom \Device\CdRom4 IRP_MJ_SHUTDOWN 820E6980
Device \Driver\Cdrom \Device\CdRom4 IRP_MJ_POWER 820E6980
Device \Driver\Cdrom \Device\CdRom4 IRP_MJ_SYSTEM_CONTROL 820E6980
Device \Driver\Cdrom \Device\CdRom4 IRP_MJ_PNP 820E6980
Device \Driver\Cdrom \Device\CdRom5 IRP_MJ_CREATE 820E6980
Device \Driver\Cdrom \Device\CdRom5 IRP_MJ_CLOSE 820E6980
Device \Driver\Cdrom \Device\CdRom5 IRP_MJ_READ 820E6980
Device \Driver\Cdrom \Device\CdRom5 IRP_MJ_WRITE 820E6980
Device \Driver\Cdrom \Device\CdRom5 IRP_MJ_FLUSH_BUFFERS 820E6980
Device \Driver\Cdrom \Device\CdRom5 IRP_MJ_DEVICE_CONTROL 820E6980
Device \Driver\Cdrom \Device\CdRom5 IRP_MJ_INTERNAL_DEVICE_CONTROL 820E6980
Device \Driver\Cdrom \Device\CdRom5 IRP_MJ_SHUTDOWN 820E6980
Device \Driver\Cdrom \Device\CdRom5 IRP_MJ_POWER 820E6980
Device \Driver\Cdrom \Device\CdRom5 IRP_MJ_SYSTEM_CONTROL 820E6980
Device \Driver\Cdrom \Device\CdRom5 IRP_MJ_PNP 820E6980
Device \Driver\NetBT \Device\NetBt_Wins_Export IRP_MJ_CREATE 81F581E8
Device \Driver\NetBT \Device\NetBt_Wins_Export IRP_MJ_CLOSE 81F581E8
Device \Driver\NetBT \Device\NetBt_Wins_Export IRP_MJ_DEVICE_CONTROL 81F581E8
Device \Driver\NetBT \Device\NetBt_Wins_Export IRP_MJ_INTERNAL_DEVICE_CONTROL 81F581E8
Device \Driver\NetBT \Device\NetBt_Wins_Export IRP_MJ_CLEANUP 81F581E8
Device \Driver\NetBT \Device\NetBt_Wins_Export IRP_MJ_PNP 81F581E8
Device \Driver\NetBT \Device\NetbiosSmb IRP_MJ_CREATE 81F581E8
Device \Driver\NetBT \Device\NetbiosSmb IRP_MJ_CLOSE 81F581E8
Device \Driver\NetBT \Device\NetbiosSmb IRP_MJ_DEVICE_CONTROL 81F581E8
Device \Driver\NetBT \Device\NetbiosSmb IRP_MJ_INTERNAL_DEVICE_CONTROL 81F581E8
Device \Driver\NetBT \Device\NetbiosSmb IRP_MJ_CLEANUP 81F581E8
Device \Driver\NetBT \Device\NetbiosSmb IRP_MJ_PNP 81F581E8
Device \Driver\PCI_NTPNP8236 \Device\0000005c IRP_MJ_CREATE [F8468F18] sptd.sys
Device \Driver\PCI_NTPNP8236 \Device\0000005c IRP_MJ_CREATE_NAMED_PIPE [F8468F18] sptd.sys
Device \Driver\PCI_NTPNP8236 \Device\0000005c IRP_MJ_CLOSE [F8468F18] sptd.sys
Device \Driver\PCI_NTPNP8236 \Device\0000005c IRP_MJ_READ [F8468F18] sptd.sys
Device \Driver\PCI_NTPNP8236 \Device\0000005c IRP_MJ_WRITE [F8468F18] sptd.sys
Device \Driver\PCI_NTPNP8236 \Device\0000005c IRP_MJ_QUERY_INFORMATION [F8468F18] sptd.sys
Device \Driver\PCI_NTPNP8236 \Device\0000005c IRP_MJ_SET_INFORMATION [F8468F18] sptd.sys
Device \Driver\PCI_NTPNP8236 \Device\0000005c IRP_MJ_QUERY_EA [F8468F18] sptd.sys
Device \Driver\PCI_NTPNP8236 \Device\0000005c IRP_MJ_SET_EA [F8468F18] sptd.sys
Device \Driver\PCI_NTPNP8236 \Device\0000005c IRP_MJ_FLUSH_BUFFERS [F8468F18] sptd.sys
Device \Driver\PCI_NTPNP8236 \Device\0000005c IRP_MJ_QUERY_VOLUME_INFORMATION [F8468F18] sptd.sys
Device \Driver\PCI_NTPNP8236 \Device\0000005c IRP_MJ_SET_VOLUME_INFORMATION [F8468F18] sptd.sys
Device \Driver\PCI_NTPNP8236 \Device\0000005c IRP_MJ_DIRECTORY_CONTROL [F8468F18] sptd.sys
Device \Driver\PCI_NTPNP8236 \Device\0000005c IRP_MJ_FILE_SYSTEM_CONTROL [F8468F18] sptd.sys
Device \Driver\PCI_NTPNP8236 \Device\0000005c IRP_MJ_DEVICE_CONTROL [F8468F18] sptd.sys
Device \Driver\PCI_NTPNP8236 \Device\0000005c IRP_MJ_INTERNAL_DEVICE_CONTROL [F8468F18] sptd.sys
Device \Driver\PCI_NTPNP8236 \Device\0000005c IRP_MJ_SHUTDOWN [F8468F18] sptd.sys
Device \Driver\PCI_NTPNP8236 \Device\0000005c IRP_MJ_LOCK_CONTROL [F8468F18] sptd.sys
Device \Driver\PCI_NTPNP8236 \Device\0000005c IRP_MJ_CLEANUP [F8468F18] sptd.sys
Device \Driver\PCI_NTPNP8236 \Device\0000005c IRP_MJ_CREATE_MAILSLOT [F8468F18] sptd.sys
Device \Driver\PCI_NTPNP8236 \Device\0000005c IRP_MJ_QUERY_SECURITY [F8468F18] sptd.sys
Device \Driver\PCI_NTPNP8236 \Device\0000005c IRP_MJ_SET_SECURITY [F8468F18] sptd.sys
Device \Driver\PCI_NTPNP8236 \Device\0000005c IRP_MJ_POWER [F844ADB8] sptd.sys
Device \Driver\PCI_NTPNP8236 \Device\0000005c IRP_MJ_SYSTEM_CONTROL [F8465344] sptd.sys
Device \Driver\PCI_NTPNP8236 \Device\0000005c IRP_MJ_DEVICE_CHANGE [F8468F18] sptd.sys
Device \Driver\PCI_NTPNP8236 \Device\0000005c IRP_MJ_QUERY_QUOTA [F8468F18] sptd.sys
Device \Driver\PCI_NTPNP8236 \Device\0000005c IRP_MJ_SET_QUOTA [F8468F18] sptd.sys
Device \Driver\PCI_NTPNP8236 \Device\0000005c IRP_MJ_PNP [F84662D0] sptd.sys
Device \Driver\Tcpip \Device\Udp IRP_MJ_CREATE [F85C7220] wpsdrvnt.sys
Device \Driver\Tcpip \Device\Udp IRP_MJ_CLOSE [F85C7480] wpsdrvnt.sys
Device \Driver\Tcpip \Device\Udp IRP_MJ_DEVICE_CONTROL [F85C75A0] wpsdrvnt.sys
Device \Driver\Tcpip \Device\Udp IRP_MJ_INTERNAL_DEVICE_CONTROL [F85C75D0] wpsdrvnt.sys
Device \Driver\Tcpip \Device\RawIp IRP_MJ_CREATE [F85C7220] wpsdrvnt.sys
Device \Driver\Tcpip \Device\RawIp IRP_MJ_CLOSE [F85C7480] wpsdrvnt.sys
Device \Driver\Tcpip \Device\RawIp IRP_MJ_DEVICE_CONTROL [F85C75A0] wpsdrvnt.sys
Device \Driver\Tcpip \Device\RawIp IRP_MJ_INTERNAL_DEVICE_CONTROL [F85C75D0] wpsdrvnt.sys
Device \Driver\usbohci \Device\USBFDO-0 IRP_MJ_CREATE 8200F6B8
Device \Driver\usbohci \Device\USBFDO-0 IRP_MJ_CLOSE 8200F6B8
Device \Driver\usbohci \Device\USBFDO-0 IRP_MJ_DEVICE_CONTROL 8200F6B8
Device \Driver\usbohci \Device\USBFDO-0 IRP_MJ_INTERNAL_DEVICE_CONTROL 8200F6B8
Device \Driver\usbohci \Device\USBFDO-0 IRP_MJ_POWER 8200F6B8
Device \Driver\usbohci \Device\USBFDO-0 IRP_MJ_SYSTEM_CONTROL 8200F6B8
Device \Driver\usbohci \Device\USBFDO-0 IRP_MJ_PNP 8200F6B8
Device \Driver\usbohci \Device\USBFDO-1 IRP_MJ_CREATE 8200F6B8
Device \Driver\usbohci \Device\USBFDO-1 IRP_MJ_CLOSE 8200F6B8
Device \Driver\usbohci \Device\USBFDO-1 IRP_MJ_DEVICE_CONTROL 8200F6B8
Device \Driver\usbohci \Device\USBFDO-1 IRP_MJ_INTERNAL_DEVICE_CONTROL 8200F6B8
Device \Driver\usbohci \Device\USBFDO-1 IRP_MJ_POWER 8200F6B8
Device \Driver\usbohci \Device\USBFDO-1 IRP_MJ_SYSTEM_CONTROL 8200F6B8
Device \Driver\usbohci \Device\USBFDO-1 IRP_MJ_PNP 8200F6B8
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_CREATE 81ECF980
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_CREATE_NAMED_PIPE 81ECF980
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_CLOSE 81ECF980
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_READ 81ECF980
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_WRITE 81ECF980
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_QUERY_INFORMATION 81ECF980
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_SET_INFORMATION 81ECF980
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_QUERY_EA 81ECF980
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_SET_EA 81ECF980
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_FLUSH_BUFFERS 81ECF980
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_QUERY_VOLUME_INFORMATION 81ECF980
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_SET_VOLUME_INFORMATION 81ECF980
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_DIRECTORY_CONTROL 81ECF980
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_FILE_SYSTEM_CONTROL 81ECF980
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_DEVICE_CONTROL 81ECF980
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_INTERNAL_DEVICE_CONTROL 81ECF980
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_SHUTDOWN 81ECF980
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_LOCK_CONTROL 81ECF980
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_CLEANUP 81ECF980
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_CREATE_MAILSLOT 81ECF980
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_QUERY_SECURITY 81ECF980
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_SET_SECURITY 81ECF980
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_POWER 81ECF980
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_SYSTEM_CONTROL 81ECF980
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_DEVICE_CHANGE 81ECF980
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_QUERY_QUOTA 81ECF980
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_SET_QUOTA 81ECF980
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_PNP 81ECF980
Device \Driver\Tcpip \Device\IPMULTICAST IRP_MJ_CREATE [F85C7220] wpsdrvnt.sys
Device \Driver\Tcpip \Device\IPMULTICAST IRP_MJ_CLOSE [F85C7480] wpsdrvnt.sys
Device \Driver\Tcpip \Device\IPMULTICAST IRP_MJ_DEVICE_CONTROL [F85C75A0] wpsdrvnt.sys
Device \Driver\Tcpip \Device\IPMULTICAST IRP_MJ_INTERNAL_DEVICE_CONTROL [F85C75D0] wpsdrvnt.sys
Device \Driver\usbohci \Device\USBFDO-2 IRP_MJ_CREATE 8200F6B8
Device \Driver\usbohci \Device\USBFDO-2 IRP_MJ_CLOSE 8200F6B8
Device \Driver\usbohci \Device\USBFDO-2 IRP_MJ_DEVICE_CONTROL 8200F6B8
Device \Driver\usbohci \Device\USBFDO-2 IRP_MJ_INTERNAL_DEVICE_CONTROL 8200F6B8
Device \Driver\usbohci \Device\USBFDO-2 IRP_MJ_POWER 8200F6B8
Device \Driver\usbohci \Device\USBFDO-2 IRP_MJ_SYSTEM_CONTROL 8200F6B8
Device \Driver\usbohci \Device\USBFDO-2 IRP_MJ_PNP 8200F6B8
Device \Driver\NetBT \Device\NetBT_Tcpip_{CF172D12-38F2-4B78-9958-4C1F1B77EE91} IRP_MJ_CREATE 81F581E8
Device \Driver\NetBT \Device\NetBT_Tcpip_{CF172D12-38F2-4B78-9958-4C1F1B77EE91} IRP_MJ_CLOSE 81F581E8
Device \Driver\NetBT \Device\NetBT_Tcpip_{CF172D12-38F2-4B78-9958-4C1F1B77EE91} IRP_MJ_DEVICE_CONTROL 81F581E8
Device \Driver\NetBT \Device\NetBT_Tcpip_{CF172D12-38F2-4B78-9958-4C1F1B77EE91} IRP_MJ_INTERNAL_DEVICE_CONTROL 81F581E8
Device \Driver\NetBT \Device\NetBT_Tcpip_{CF172D12-38F2-4B78-9958-4C1F1B77EE91} IRP_MJ_CLEANUP 81F581E8
Device \Driver\NetBT \Device\NetBT_Tcpip_{CF172D12-38F2-4B78-9958-4C1F1B77EE91} IRP_MJ_PNP 81F581E8
Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_CREATE 81ECF980
Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_CREATE_NAMED_PIPE 81ECF980
Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_CLOSE 81ECF980
Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_READ 81ECF980
Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_WRITE 81ECF980
Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_QUERY_INFORMATION 81ECF980
Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_SET_INFORMATION 81ECF980
Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_QUERY_EA 81ECF980
Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_SET_EA 81ECF980
Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_FLUSH_BUFFERS 81ECF980
Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_QUERY_VOLUME_INFORMATION 81ECF980
Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_SET_VOLUME_INFORMATION 81ECF980
Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_DIRECTORY_CONTROL 81ECF980
Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_FILE_SYSTEM_CONTROL 81ECF980
Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_DEVICE_CONTROL 81ECF980
Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_INTERNAL_DEVICE_CONTROL 81ECF980
Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_SHUTDOWN 81ECF980
Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_LOCK_CONTROL 81ECF980
Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_CLEANUP 81ECF980
Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_CREATE_MAILSLOT 81ECF980
Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_QUERY_SECURITY 81ECF980
Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_SET_SECURITY 81ECF980
Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_POWER 81ECF980
Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_SYSTEM_CONTROL 81ECF980
Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_DEVICE_CHANGE 81ECF980
Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_QUERY_QUOTA 81ECF980
Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_SET_QUOTA 81ECF980
Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_PNP 81ECF980
Device \Driver\usbehci \Device\USBFDO-3 IRP_MJ_CREATE 8209F1E8
Device \Driver\usbehci \Device\USBFDO-3 IRP_MJ_CLOSE 8209F1E8
Device \Driver\usbehci \Device\USBFDO-3 IRP_MJ_DEVICE_CONTROL 8209F1E8
Device \Driver\usbehci \Device\USBFDO-3 IRP_MJ_INTERNAL_DEVICE_CONTROL 8209F1E8
Device \Driver\usbehci \Device\USBFDO-3 IRP_MJ_POWER 8209F1E8
Device \Driver\usbehci \Device\USBFDO-3 IRP_MJ_SYSTEM_CONTROL 8209F1E8
Device \Driver\usbehci \Device\USBFDO-3 IRP_MJ_PNP 8209F1E8
Device \Driver\Ftdisk \Device\FtControl IRP_MJ_CREATE 823D71E8
Device \Driver\Ftdisk \Device\FtControl IRP_MJ_READ 823D71E8
Device \Driver\Ftdisk \Device\FtControl IRP_MJ_WRITE 823D71E8
Device \Driver\Ftdisk \Device\FtControl IRP_MJ_FLUSH_BUFFERS 823D71E8
Device \Driver\Ftdisk \Device\FtControl IRP_MJ_DEVICE_CONTROL 823D71E8
Device \Driver\Ftdisk \Device\FtControl IRP_MJ_INTERNAL_DEVICE_CONTROL 823D71E8
Device \Driver\Ftdisk \Device\FtControl IRP_MJ_SHUTDOWN 823D71E8
Device \Driver\Ftdisk \Device\FtControl IRP_MJ_CLEANUP 823D71E8
Device \Driver\Ftdisk \Device\FtControl IRP_MJ_POWER 823D71E8
Device \Driver\Ftdisk \Device\FtControl IRP_MJ_SYSTEM_CONTROL 823D71E8
Device \Driver\Ftdisk \Device\FtControl IRP_MJ_PNP 823D71E8
Device \Driver\amuw9413 \Device\Scsi\amuw94131Port2Path0Target3Lun0 IRP_MJ_CREATE 820961E8
Device \Driver\amuw9413 \Device\Scsi\amuw94131Port2Path0Target3Lun0 IRP_MJ_CLOSE 820961E8
Device \Driver\amuw9413 \Device\Scsi\amuw94131Port2Path0Target3Lun0 IRP_MJ_DEVICE_CONTROL 820961E8
Device \Driver\amuw9413 \Device\Scsi\amuw94131Port2Path0Target3Lun0 IRP_MJ_INTERNAL_DEVICE_CONTROL 820961E8
Device \Driver\amuw9413 \Device\Scsi\amuw94131Port2Path0Target3Lun0 IRP_MJ_POWER 820961E8
Device \Driver\amuw9413 \Device\Scsi\amuw94131Port2Path0Target3Lun0 IRP_MJ_SYSTEM_CONTROL 820961E8
Device \Driver\amuw9413 \Device\Scsi\amuw94131Port2Path0Target3Lun0 IRP_MJ_PNP 820961E8
Device \Driver\amuw9413 \Device\Scsi\amuw94131Port2Path0Target0Lun0 IRP_MJ_CREATE 820961E8
Device \Driver\amuw9413 \Device\Scsi\amuw94131Port2Path0Target0Lun0 IRP_MJ_CLOSE 820961E8
Device \Driver\amuw9413 \Device\Scsi\amuw94131Port2Path0Target0Lun0 IRP_MJ_DEVICE_CONTROL 820961E8
Device \Driver\amuw9413 \Device\Scsi\amuw94131Port2Path0Target0Lun0 IRP_MJ_INTERNAL_DEVICE_CONTROL 820961E8
Device \Driver\amuw9413 \Device\Scsi\amuw94131Port2Path0Target0Lun0 IRP_MJ_POWER 820961E8
Device \Driver\amuw9413 \Device\Scsi\amuw94131Port2Path0Target0Lun0 IRP_MJ_SYSTEM_CONTROL 820961E8
Device \Driver\amuw9413 \Device\Scsi\amuw94131Port2Path0Target0Lun0 IRP_MJ_PNP 820961E8
Device \Driver\amuw9413 \Device\Scsi\amuw94131Port2Path0Target2Lun0 IRP_MJ_CREATE 820961E8
Device \Driver\amuw9413 \Device\Scsi\amuw94131Port2Path0Target2Lun0 IRP_MJ_CLOSE 820961E8
Device \Driver\amuw9413 \Device\Scsi\amuw94131Port2Path0Target2Lun0 IRP_MJ_DEVICE_CONTROL 820961E8
Device \Driver\amuw9413 \Device\Scsi\amuw94131Port2Path0Target2Lun0 IRP_MJ_INTERNAL_DEVICE_CONTROL 820961E8
Device \Driver\amuw9413 \Device\Scsi\amuw94131Port2Path0Target2Lun0 IRP_MJ_POWER 820961E8
Device \Driver\amuw9413 \Device\Scsi\amuw94131Port2Path0Target2Lun0 IRP_MJ_SYSTEM_CONTROL 820961E8
Device \Driver\amuw9413 \Device\Scsi\amuw94131Port2Path0Target2Lun0 IRP_MJ_PNP 820961E8
Device \Driver\amuw9413 \Device\Scsi\amuw94131 IRP_MJ_CREATE 820961E8
Device \Driver\amuw9413 \Device\Scsi\amuw94131 IRP_MJ_CLOSE 820961E8
Device \Driver\amuw9413 \Device\Scsi\amuw94131 IRP_MJ_DEVICE_CONTROL 820961E8
Device \Driver\amuw9413 \Device\Scsi\amuw94131 IRP_MJ_INTERNAL_DEVICE_CONTROL 820961E8
Device \Driver\amuw9413 \Device\Scsi\amuw94131 IRP_MJ_POWER 820961E8
Device \Driver\amuw9413 \Device\Scsi\amuw94131 IRP_MJ_SYSTEM_CONTROL 820961E8
Device \Driver\amuw9413 \Device\Scsi\amuw94131 IRP_MJ_PNP 820961E8
Device \Driver\amuw9413 \Device\Scsi\amuw94131Port2Path0Target1Lun0 IRP_MJ_CREATE 820961E8
Device \Driver\amuw9413 \Device\Scsi\amuw94131Port2Path0Target1Lun0 IRP_MJ_CLOSE 820961E8
Device \Driver\amuw9413 \Device\Scsi\amuw94131Port2Path0Target1Lun0 IRP_MJ_DEVICE_CONTROL 820961E8
Device \Driver\amuw9413 \Device\Scsi\amuw94131Port2Path0Target1Lun0 IRP_MJ_INTERNAL_DEVICE_CONTROL 820961E8
Device \Driver\amuw9413 \Device\Scsi\amuw94131Port2Path0Target1Lun0 IRP_MJ_POWER 820961E8
Device \Driver\amuw9413 \Device\Scsi\amuw94131Port2Path0Target1Lun0 IRP_MJ_SYSTEM_CONTROL 820961E8
Device \Driver\amuw9413 \Device\Scsi\amuw94131Port2Path0Target1Lun0 IRP_MJ_PNP 820961E8
Device \FileSystem\Cdfs \Cdfs IRP_MJ_CREATE 81E8B980
Device \FileSystem\Cdfs \Cdfs IRP_MJ_CLOSE 81E8B980
Device \FileSystem\Cdfs \Cdfs IRP_MJ_READ 81E8B980
Device \FileSystem\Cdfs \Cdfs IRP_MJ_QUERY_INFORMATION 81E8B980
Device \FileSystem\Cdfs \Cdfs IRP_MJ_SET_INFORMATION 81E8B980
Device \FileSystem\Cdfs \Cdfs IRP_MJ_QUERY_VOLUME_INFORMATION 81E8B980
Device \FileSystem\Cdfs \Cdfs IRP_MJ_DIRECTORY_CONTROL 81E8B980
Device \FileSystem\Cdfs \Cdfs IRP_MJ_FILE_SYSTEM_CONTROL 81E8B980
Device \FileSystem\Cdfs \Cdfs IRP_MJ_DEVICE_CONTROL 81E8B980
Device \FileSystem\Cdfs \Cdfs IRP_MJ_SHUTDOWN 81E8B980
Device \FileSystem\Cdfs \Cdfs IRP_MJ_LOCK_CONTROL 81E8B980
Device \FileSystem\Cdfs \Cdfs IRP_MJ_CLEANUP 81E8B980
Device \FileSystem\Cdfs \Cdfs IRP_MJ_PNP 81E8B980

---- Registry - GMER 1.0.12 ----

Reg \Registry\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\System@OODEFRAG08.00.00.01WORKSTATION 4EDA8EA4C2C125D0A26C5CBC799FF2CF6E16EB352630883E30697
89C699A399F52B64D58352CC7C23505
E0DF947180E1BFDCF9C9862B6A9C7CDA68246A890538D3A145A7F7
C194B54A8AD1B1CDEC84B7D3B0568D05B75434B4C99F156362147
9774E009B101476066EF2E628E2F7EB2A41EE8A86B830
D27997969AA26596B717C643083027C71FC3920B5D2D360E68C38
349232B5C0639164A7955EDA32902F52CDA6D56089701AF8CF075
9D4DBBEDFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC
74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74C8E
DD5E5BE2F6E667C038D530D6
EB3452A6171C11EC38DE3DBA7FD869164D6794AC7FEF276C8B8F0
AC32E2ACD7302924955148E9512D3DE16509300BEBE733977A5CC
B0EE55EA962FA2A49BC452B3C05990D4497FE288401F2E8D6C37B
D5622EEECABC79DD1B1054E0FF7E6DC4062FAB904FAA8F52D033E
10205E93BC5722A71322DF06
5D890488F4855623EE52EDC7F6A73EA7A013795297BD64F86ADC8
4D9D4961213D51CACE872B3CE3ED613554161273A99ACAC460DA8
4D65F0DD1153DC65514EE93B97177EDBFDD8F57601C0958FE3EA2
14D84E911F75007263B2C05E93E0E0558BD0355B608FBCDDEB28D
790659723538381A07940174
D515275B374C99380B0216561B12947969E0721EECE9DC1BDC2AA
5DF64E5012240104EBDA86475F

---- EOF - GMER 1.0.12 ----

Auttaja · Jun 23, 2007

Lataa Dr.Web CureIt työpöydälle:
ftp://ftp.drweb.com/pub/drweb/cureit/drweb-cureit.exe

[*]Tuplaklikkaa drweb-cureit.exe ja anna sen tehdä express scan
[*]Se skannaa käynnissä olevat ohjelmat ja jos jotain löytyy, klikkaa yes kun se kysyy haluatko poistaa sen. Tämä on vain lyhyt scan.
[*]Kun scan on valmis, merkkaa asemat, jotka haluat scannata.
[*]Valitse kaikki asemat. Punainen piste osoittaa, mitkä asemat on valittu.
[*]Klikaa vihreää nuolta oikealla ja scan alkaa.
[*]Klikkaa 'Yes to all', jos kysytään haluatko poistaa/siirtää tiedoston.
[*]Kun scan on valmis, katso voitko klikata next-kuvaketta löytyneiden tiedostojen vieressä:
[*]Jos asia on niin, klikkaa sitä ja sitten klikkaa next-kuvaketta oikealla alhaalla ja valitse Move incurable kuten alla olevalla kuvassa:

Tämä siirtää sen %userprofile%\DoctorWeb\quarantine-hakemistoon.
[*]Tämän jälkeen klikkaa Dr.Web CureIt-valikossa file ja valitse save report list
[*]Tallenna raportti työpöydälle. Raportin nimi on DrWeb.csv
[*]Sulje Dr.Web Cureit.
[*]Käynnistä kone uudelleen !! Tämä siksi, että käytössä olevat tiedostot poistetaan/siirretään käynnistyksen yhteydessä.
[*]Käynnistyksen jälkeen liitä Dr.Web-lokin, jonka tallensit aiemmin, sisältö seuraavaan vastaukseesi.

TeleHell · Jun 24, 2007

No eipä se tuokaan mitään löytänyt.. Mikähän sitä hbtools;ia sitten käyttää, kun ei ne ajuritkaan tällä koneella ole, kun eivät käyneet.

Auttaja · Jun 24, 2007

hmm

kato onko tosta jotain apua

http://www.against-spyware.com/remove-hotbar

TeleHell · Jun 24, 2007

jahhas.. no nyt se lähti sitten. siirsin vain suoraan roskakoriin sen työpöydältä ja tyhjensin roskakorin. ihme vain kun ei ennen lähtenyt ..ainakin on puhdas kone!

jospa se tästä, kiitokset avusta!

Auttaja · Jun 24, 2007

Lataa Deckard's System Scanner Työpöydällesi.

Huomioi: Sinulla tulee olla Järjestelmänvalvojan oikeudet ajaaksesi ohjelman.

[*]Sulje kaikki avoimet ikkunat ja ohjelmat.
[*]Tupla Klikkaa Dss.exe tiedostoa ajaaksesi ohjelman, seuraa ohjeita.
[*]Kun Scannaus on valmis 2 textitiedostoa pitäisi avautua, Main.txt ja extra.txt
[*]Näppäile Kopioi ( CTRL+A -> CTRL + C ) ja liitä ( CTRL + V )
[*]kopioi ja liitä Extra.txt & Main.txt sisältö seuraavaan vastaukseesi.

tarkistetaan vaan

TeleHell · Jun 24, 2007

Nojoo .. siinäpä se;

Deckard's System Scanner v20070611.50
Run by raimo ehrukainen on 2007-06-24 at 20:50:48
Computer is in Normal Mode.
--------------------------------------------------------------------------------

-- System Restore --------------------------------------------------------------

Successfully created a Deckard's System Scanner Restore Point.

-- Last 5 Restore Point(s) --
5: 2007-06-24 17:50:56 UTC - RP129 - Deckard's System Scanner Restore Point
4: 2007-06-23 20:24:38 UTC - RP128 - Installed Adobe Photoshop CS2
3: 2007-06-23 12:23:11 UTC - RP127 - Software Distribution Service 3.0
2: 2007-06-23 08:46:48 UTC - RP126 - Järjestelmän tarkistuspiste
1: 2007-06-22 07:56:05 UTC - RP125 - Järjestelmän tarkistuspiste

Backed up registry hives.

Performed disk cleanup.

-- HijackThis (run as raimo ehrukainen.exe) ------------------------------------

Logfile of HijackThis v1.99.1
Scan saved at 20:51:32, on 24.6.2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16473)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Sygate\SPF\smc.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe
C:\WINDOWS\system32\oodag.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\MSN Messenger\usnsvc.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Winamp\winamp.exe
C:\Documents and Settings\raimo ehrukainen\Työpöytä\dss.exe
C:\HJT\raimo ehrukainen.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Linkit
O2 - BHO: Adobe PDF Reader -linkkiavustaja - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [SmcService] C:\PROGRA~1\Sygate\SPF\smc.exe -startgui
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O11 - Options group: [INTERNATIONAL] International*
O16 - DPF: {0B79F48A-E8D6-11DB-9283-E25056D89593} (F-Secure Online Scanner 3.1) - http://support.f-secure.com/ols/fscax.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: BlueSoleil Hid Service - Unknown owner - C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe
O23 - Service: O&O Defrag - O&O Software GmbH - C:\WINDOWS\system32\oodag.exe
O23 - Service: Sygate Personal Firewall (SmcService) - Sygate Technologies, Inc. - C:\Program Files\Sygate\SPF\smc.exe

-- HijackThis Fixed Entries (C:\HJT\backups\) ----------------------------------

backup-20060304-112558-323 O4 - HKCU\..\Run: [Safevga] C:\DOCUME~1\Raimo\APPLIC~1\onefive\Listopen.exe
backup-20060304-112558-419 O2 - BHO: (no name) - {6B54056F-339F-8E44-32C2-F4652C4EA914} - (no file)
backup-20060304-112558-439 R3 - Default URLSearchHook is missing
backup-20060304-135723-311 O4 - HKLM\..\Run: [MessengerPlus3] "C:\Program Files\MessengerPlus! 3\MsgPlus.exe"
backup-20060423-154706-444 O4 - HKLM\..\Run: [F-Secure Startup Wizard] "C:\Program Files\F-Secure Internet Security\FSGUI\FSSW.EXE" /reboot
backup-20060423-154706-664 O4 - HKLM\..\Run: [F-Secure TNB] "C:\Program Files\F-Secure Internet Security\TNB\TNBUtil.exe" /CHECKALL /WAITFORSW
backup-20060423-154706-839 O16 - DPF: {8EB3FF4E-86A1-4717-884D-7BA2D38272CB} (F-Secure Online Scanner) - http://support.f-secure.com/ols/fscax.cab
backup-20060423-154706-847 O23 - Service: F-Secure Management Agent (FSMA) - F-Secure Corporation - C:\Program Files\F-Secure Internet Security\Common\FSMA32.EXE
backup-20060423-154706-937 O4 - HKLM\..\Run: [F-Secure Manager] "C:\Program Files\F-Secure Internet Security\Common\FSM32.EXE" /splash
backup-20060516-182452-210 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
backup-20060516-182452-230 R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
backup-20070623-155528-155 R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
backup-20070623-155528-185 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
backup-20070623-155528-288 O4 - HKCU\..\Run: [Safevga] C:\DOCUME~1\RAIMOE~1\APPLIC~1\onefive\Listopen.exe
backup-20070623-155528-790 R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
backup-20070623-155528-822 O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)

-- File Associations -----------------------------------------------------------

All associations okay.

-- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled ---------------------

R0 BTHidMgr (Bluetooth HID Manager Service) - c:\windows\system32\drivers\bthidmgr.sys <Not Verified; IVT Corporation; BlueSoleil(c)>
R0 Teefer (Teefer for NT) - c:\windows\system32\drivers\teefer.sys <Not Verified; Sygate Technologies, Inc.; Sygate Teefer Driver>
R1 wpsdrvnt - c:\windows\system32\drivers\wpsdrvnt.sys <Not Verified; Sygate Technologies, Inc.; wpsdrvnt>
R3 BlueletAudio (Bluetooth Audio Service) - c:\windows\system32\drivers\blueletaudio.sys <Not Verified; IVT Corporation; Windows (R) 2000 DDK driver>
R3 BlueletSCOAudio (Bluetooth SCO Audio Service) - c:\windows\system32\drivers\blueletscoaudio.sys <Not Verified; IVT Corporation; Windows (R) 2000 DDK driver>
R3 BT (Bluetooth PAN Network Adapter) - c:\windows\system32\drivers\btnetdrv.sys <Not Verified; IVT Corporation; BlueSoleil>
R3 Btcsrusb (Bluetooth USB For Bluetooth Service) - c:\windows\system32\drivers\btcusb.sys <Not Verified; IVT Corporation; Bluetooth USB Device Driver>
R3 BTHidEnum (Bluetooth HID Enumerator) - c:\windows\system32\drivers\vbtenum.sys
R3 VComm (Virtual Serial port driver) - c:\windows\system32\drivers\vcomm.sys <Not Verified; IVT Corporation; BlueSoleil>
R3 VcommMgr (Bluetooth VComm Manager Service) - c:\windows\system32\drivers\vcommmgr.sys <Not Verified; IVT Corporation; BlueSoleil>

S3 BTNetFilter (Bluetooth Network Filter) - c:\windows\system32\drivers\btnetfilter.sys
S3 mcdbus (Driver for MagicISO SCSI Host Controller) - c:\windows\system32\drivers\mcdbus.sys (file missing)
S3 TVICHW32 - c:\windows\system32\drivers\tvichw32.sys <Not Verified; EnTech Taiwan; TVicHW32 Generic Device Driver for Windows 95/98/ME/NT/2000/2003/XP/XP64>
S3 ZSMC301b (VIMICRO USB PC Camera) - c:\windows\system32\drivers\usbvm31b.sys <Not Verified; VM; >

-- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled --------------------

R2 BlueSoleil Hid Service - c:\program files\ivt corporation\bluesoleil\btntservice.exe
R2 O&O Defrag - c:\windows\system32\oodag.exe <Not Verified; O&O Software GmbH; O&O Defrag>

S2 SysEnforce -

-- Files created between 2007-05-24 and 2007-06-24 -----------------------------

2007-06-24 13:35:26 66515060 --a------ C:\BackupRegistry(20070624).reg
2007-06-24 11:21:07 0 d-------- C:\Documents and Settings\raimo ehrukainen\DoctorWeb
2007-06-23 23:26:13 0 d-------- C:\Documents and Settings\All Users.WINDOWS\Application Data\Adobe Systems
2007-06-23 19:39:27 0 d-------- C:\Adobe_Photoshop_Pro_CS2_v9
2007-06-23 19:36:04 0 d-------- C:\Adobe_Photoshop_CS3_FULL_Incl_Crack
2007-06-21 22:31:00 364544 -----n--- C:\WINDOWS\system32\TwnLib4.dll <Not Verified; Pegasus Imaging Corp.; TwnLib4>
2007-06-21 22:31:00 106496 --a------ C:\WINDOWS\system32\TwnLib20.dll <Not Verified; Pegasus Software; TWNLIB20>
2007-06-21 22:30:57 471040 -----n--- C:\WINDOWS\system32\ImagXRA7.dll <Not Verified; Pegasus Imaging Corp.; ImagXpress7>
2007-06-21 22:30:57 262144 -----n--- C:\WINDOWS\system32\ImagXR7.dll <Not Verified; Pegasus Imaging Corp.; ImagXpress7>
2007-06-21 22:30:56 1568768 -----n--- C:\WINDOWS\system32\ImagX7.dll <Not Verified; Pegasus Imaging Corp.; ImagXpress7>
2007-06-21 22:00:44 0 d--h----- C:\Documents and Settings\Järjestelmänvalvoja.RAIMO-BB4EBF8B1\Verkkoympäristö
2007-06-21 22:00:44 0 d-------- C:\Documents and Settings\Järjestelmänvalvoja.RAIMO-BB4EBF8B1\Työpöytä
2007-06-21 22:00:44 0 d--h----- C:\Documents and Settings\Järjestelmänvalvoja.RAIMO-BB4EBF8B1\Tulostinympäristö
2007-06-21 22:00:44 0 d-------- C:\Documents and Settings\Järjestelmänvalvoja.RAIMO-BB4EBF8B1\Suosikit
2007-06-21 22:00:44 0 dr-h----- C:\Documents and Settings\Järjestelmänvalvoja.RAIMO-BB4EBF8B1\SendTo
2007-06-21 22:00:44 0 d--h----- C:\Documents and Settings\Järjestelmänvalvoja.RAIMO-BB4EBF8B1\Recent
2007-06-21 22:00:44 524288 --ah----- C:\Documents and Settings\Järjestelmänvalvoja.RAIMO-BB4EBF8B1\NTUSER.DAT
2007-06-21 22:00:44 0 d--h----- C:\Documents and Settings\Järjestelmänvalvoja.RAIMO-BB4EBF8B1\Mallit
2007-06-21 22:00:44 0 d--h----- C:\Documents and Settings\Järjestelmänvalvoja.RAIMO-BB4EBF8B1\Local Settings
2007-06-21 22:00:44 0 dr------- C:\Documents and Settings\Järjestelmänvalvoja.RAIMO-BB4EBF8B1\Käynnistä-valikko
2007-06-21 22:00:44 0 d--hs---- C:\Documents and Settings\Järjestelmänvalvoja.RAIMO-BB4EBF8B1\Cookies
2007-06-21 22:00:44 0 dr-h----- C:\Documents and Settings\Järjestelmänvalvoja.RAIMO-BB4EBF8B1\Application Data
2007-06-21 22:00:44 0 d---s---- C:\Documents and Settings\Järjestelmänvalvoja.RAIMO-BB4EBF8B1\Application Data\Microsoft
2007-06-19 20:17:35 0 d-------- C:\Program Files\Trymedia
2007-06-19 20:11:15 0 d-------- C:\Program Files\Restaurant Empire
2007-06-19 16:54:15 0 d-------- C:\Program Files\Alawar
2007-06-19 11:16:44 0 d-------- C:\Program Files\Windows Live Safety Center
2007-06-10 21:12:19 217088 --a------ C:\WINDOWS\system32\yv12vfw.dll <Not Verified; www.helixcommunity.org; Helix YV12 YUV Codec>
2007-06-10 21:12:18 180224 --a------ C:\WINDOWS\system32\xvidvfw.dll
2007-06-10 21:12:18 593920 --a------ C:\WINDOWS\system32\xvidcore.dll
2007-06-10 21:12:16 3596288 --a------ C:\WINDOWS\system32\qt-dx331.dll
2007-06-10 21:12:16 73728 --a------ C:\WINDOWS\system32\dpl100.dll <Not Verified; DivX, Inc.; DivX, Inc. dpl100>
2007-06-10 21:12:15 740442 --a------ C:\WINDOWS\system32\divx.dll <Not Verified; DivX, Inc.; DivX®>
2007-06-10 21:12:12 0 d-------- C:\Program Files\K-Lite Codec Pack
2007-06-01 15:09:43 0 d-------- C:\Documents and Settings\raimo ehrukainen\.onnet

-- Find3M Report ---------------------------------------------------------------

2007-06-24 20:27:38 0 d-------- C:\Program Files\DC++
2007-06-23 23:51:04 0 d-------- C:\Documents and Settings\raimo ehrukainen\Application Data\Adobe
2007-06-23 23:03:42 0 d-------- C:\Documents and Settings\raimo ehrukainen\Application Data\Vso
2007-06-23 22:41:00 0 d-------- C:\Program Files\PeerGuardian2
2007-06-18 20:15:09 0 d-------- C:\Program Files\Diablo II
2007-06-18 20:10:22 0 d-------- C:\Program Files\Windows Media Connect 2
2007-06-17 20:14:34 21840 --a-----t C:\WINDOWS\system32\SIntfNT.dll
2007-06-17 20:14:34 17212 --a-----t C:\WINDOWS\system32\SIntf32.dll
2007-06-17 20:14:34 12067 --a-----t C:\WINDOWS\system32\SIntf16.dll
2007-06-15 19:21:31 0 d-------- C:\Program Files\Common Files\Adobe
2007-06-04 20:31:23 0 d-------- C:\Program Files\eMule
2007-05-15 20:41:50 1953 --a------ C:\WINDOWS\mozver.dat
2007-05-06 10:53:39 0 d-------- C:\Program Files\Java
2007-05-05 12:22:38 0 d-------- C:\Program Files\MSN Messenger
2007-04-22 13:41:27 18232 --a------ C:\Documents and Settings\raimo ehrukainen\Application Data\GDIPFONTCACHEV1.DAT
2007-03-26 20:02:57 34950 --a------ C:\WINDOWS\DIIUnin.dat
2007-03-26 19:53:27 2829 --a------ C:\WINDOWS\DIIUnin.pif
2007-03-26 19:53:27 94208 --a------ C:\WINDOWS\DIIUnin.exe <Not Verified; Blizzard Entertainment; Diablo II Uninstaller>
2007-03-26 18:26:41 43520 --a------ C:\WINDOWS\system32\CmdLineExt03.dll
2007-03-25 11:39:25 375328 --a------ C:\WINDOWS\system32\perfh00B.dat
2007-03-25 11:39:25 75928 --a------ C:\WINDOWS\system32\perfc00B.dat

-- Registry Dump ---------------------------------------------------------------

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects]
{761497BB-D6F0-462C-B6EB-D4DAF1D92D43} C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run]
"avast!"="C:\\PROGRA~1\\ALWILS~1\\Avast4\\ashDisp.exe"
"SmcService"="C:\\PROGRA~1\\Sygate\\SPF\\smc.exe -startgui"
"Adobe Reader Speed Launcher"="\"C:\\Program Files\\Adobe\\Reader 8.0\\Reader\\Reader_sl.exe\""

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run]
@=""
"msnmsgr"="\"C:\\Program Files\\MSN Messenger\\msnmsgr.exe\" /background"
"ctfmon.exe"="C:\\WINDOWS\\system32\\ctfmon.exe"

HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa
Authentication Packages REG_MULTI_SZ msv1_0\0\0
Security Packages REG_MULTI_SZ kerberos\0msv1_0\0schannel\0wdigest\0\0
Notification Packages REG_MULTI_SZ scecli\0\0

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"StartCCC"="C:\\Program Files\\ATI Technologies\\ATI.ACE\\Core-Static\\CLIStart.exe"
"DAEMON Tools"="\"C:\\Program Files\\DAEMON Tools\\daemon.exe\" -lang 1033"
"MSMSGS"="\"C:\\Program Files\\Messenger\\msmsgs.exe\" /background"
"msnmsgr"="\"C:\\Program Files\\MSN Messenger\\msnmsgr.exe\" /background"
"ctfmon.exe"="C:\\WINDOWS\\system32\\ctfmon.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"Cmaudio"="RunDll32 cmicnfg.cpl,CMICtrlWnd"
"BluetoothAuthenticationAgent"="rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent"
"NeroCheck"="C:\\WINDOWS\\system32\\NeroCheck.exe"
"QuickTime Task"="\"C:\\Program Files\\QuickTime\\qttask.exe\" -atboottime"
"SunJavaUpdateSched"="\"C:\\Program Files\\Java\\jre1.6.0_01\\bin\\jusched.exe\""
"ATICCC"="\"C:\\Program Files\\ATI Technologies\\ATI.ACE\\CLIStart.exe\""

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Svchost]
HTTPFilter REG_MULTI_SZ HTTPFilter\0\0
LocalService REG_MULTI_SZ Alerter\0WebClient\0LmHosts\0RemoteRegistry\0upnphost\0SSDPSRV\0\0
NetworkService REG_MULTI_SZ DnsCache\0\0
DcomLaunch REG_MULTI_SZ DcomLaunch\0TermService\0\0
rpcss REG_MULTI_SZ RpcSs\0\0
bthsvcs REG_MULTI_SZ BthServ\0\0
imgsvc REG_MULTI_SZ StiSvc\0\0
termsvcs REG_MULTI_SZ TermService\0\0
WudfServiceGroup REG_MULTI_SZ WUDFSvc\0\0

-- Hosts -----------------------------------------------------------------------

127.0.0.1 bin.errorprotector.com ## added by CiD
127.0.0.1 br.errorsafe.com ## added by CiD
127.0.0.1 br.winantivirus.com ## added by CiD
127.0.0.1 br.winfixer.com ## added by CiD
127.0.0.1 cdn.drivecleaner.com ## added by CiD
127.0.0.1 cdn.errorsafe.com ## added by CiD
127.0.0.1 cdn.winsoftware.com ## added by CiD
127.0.0.1 de.errorsafe.com ## added by CiD
127.0.0.1 de.winantivirus.com ## added by CiD
127.0.0.1 download.cdn.drivecleaner.com ## added by CiD

60 more entries in hosts file.

-- End of Deckard's System Scanner: finished at 2007-06-24 at 20:53:35 ---------

Tää ekstra viel:

Deckard's System Scanner v20070611.50
Extra logfile - please post this as an attachment with your post.
--------------------------------------------------------------------------------

-- System Information ----------------------------------------------------------

Microsoft Windows XP Home Edition (build 2600) SP 2.0
Architecture: X86; Language: Other (040B) - see http://preview.tinyurl.com/mhhp6

CPU 0: AMD Sempron(tm) 2400+
Percentage of Memory in Use: 46%
Physical Memory (total/avail): 511.36 MiB / 273.16 MiB
Pagefile Memory (total/avail): 1249.59 MiB / 937.66 MiB
Virtual Memory (total/avail): 2047.88 MiB / 1970.25 MiB

A: is Removable (Unformatted)
C: is Fixed (NTFS) - 32.46 GiB total, 4.1 GiB free.
D: is Fixed (NTFS) - 44.23 GiB total, 4.55 GiB free.
E: is CDROM (No Media)
F: is CDROM (No Media)
G: is CDROM (No Media)
H: is CDROM (No Media)
I: is CDROM (No Media)
J: is CDROM (No Media)

-- Security Center -------------------------------------------------------------

AUOptions is scheduled to auto-install.
Windows Internal Firewall is disabled.

FirstRunDisabled is set.

FW: Sygate Personal Firewall v4.6 (Sygate Technologies, Inc.)
AV: avast! antivirus 4.7.1001 [VPS 000751-5] v4.7.1001 (ALWIL Software)

[HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\\Program Files\\IVT Corporation\\BlueSoleil\\BlueSoleil.exe"="C:\\Program Files\\IVT Corporation\\BlueSoleil\\BlueSoleil.exe:*:Enabled:BlueSoleil"

-- Environment Variables -------------------------------------------------------

ALLUSERSPROFILE=C:\Documents and Settings\All Users.WINDOWS
APPDATA=C:\Documents and Settings\raimo ehrukainen\Application Data
CLASSPATH=.;C:\Program Files\Java\jre1.5.0_11\lib\ext\QTJava.zip
CLIENTNAME=Console
CommonProgramFiles=C:\Program Files\Common Files
COMPUTERNAME=RAIMO-BB4EBF8B1
ComSpec=C:\WINDOWS\system32\cmd.exe
FP_NO_HOST_CHECK=NO
HOMEDRIVE=C:
HOMEPATH=\Documents and Settings\raimo ehrukainen
LOGONSERVER=\\RAIMO-BB4EBF8B1
NUMBER_OF_PROCESSORS=1
OS=Windows_NT
Path=C:\WINDOWS\system32;C:\WINDOWS;C:\WINDOWS\System32\Wbem;C:\Program Files\ATI Technologies\ATI.ACE\Core-Static;C:\Program Files\QuickTime\QTSystem\;C:\Program Files\ATI Technologies\ATI.ACE\;C:\Program Files\Common Files\Adobe\AGL
PATHEXT=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
PROCESSOR_ARCHITECTURE=x86
PROCESSOR_IDENTIFIER=x86 Family 6 Model 8 Stepping 1, AuthenticAMD
PROCESSOR_LEVEL=6
PROCESSOR_REVISION=0801
ProgramFiles=C:\Program Files
PROMPT=$P$G
QTJAVA=C:\Program Files\Java\jre1.5.0_11\lib\ext\QTJava.zip
SESSIONNAME=Console
SystemDrive=C:
SystemRoot=C:\WINDOWS
TEMP=C:\DOCUME~1\RAIMOE~1\LOCALS~1\Temp
TMP=C:\DOCUME~1\RAIMOE~1\LOCALS~1\Temp
USERDOMAIN=RAIMO-BB4EBF8B1
USERNAME=raimo ehrukainen
USERPROFILE=C:\Documents and Settings\raimo ehrukainen
windir=C:\WINDOWS

-- User Profiles ---------------------------------------------------------------

raimo ehrukainen (admin)
Järjestelmänvalvoja.RAIMO-BB4EBF8B1 (new local, admin)

-- Add/Remove Programs ---------------------------------------------------------

--> rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf
Adobe Bridge 1.0 --> MsiExec.exe /I{B74D4E10-1033-0000-0000-000000000001}
Adobe Common File Installer --> MsiExec.exe /I{8EDBA74D-0686-4C99-BFDD-F894678E5B39}
Adobe Flash Player 9 ActiveX --> C:\WINDOWS\system32\Macromed\Flash\FlashUtil9b.exe -uninstallDelete
Adobe Help Center 1.0 --> MsiExec.exe /I{E9787678-1033-0000-8E67-000000000001}
Adobe Photoshop CS 2 - Finnish langauge files --> C:\Program Files\Adobe\Adobe Photoshop CS2\Uninstal.exe
Adobe Photoshop CS2 --> msiexec /I {236BB7C4-4419-42FD-0409-1E257A25E34D}
Adobe Reader 8.1.0 --> MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-A81000000003}
Adobe Reader 8.1.0 - Suomi --> MsiExec.exe /I{AC76BA86-7AD7-1035-7B44-A81000000003}
Adobe Stock Photos 1.0 --> MsiExec.exe /I{786C5747-1033-0000-B58E-000000000001}
ATI - Software Uninstall Utility --> C:\Program Files\ATI Technologies\UninstallAll\AtiCimUn.exe
ATI Catalyst Control Center --> MsiExec.exe /I{B7777E08-1344-42E8-975B-6F541F9ADBD8}
ATI Catalyst Control Center --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{055EE59D-217B-43A7-ABFF-507B966405D8}\setup.exe" -l0x0
ATI Display Driver --> rundll32 C:\WINDOWS\system32\atiiiexx.dll,_InfEngUnInstallINFFile_RunDLL@16 -force_restart -flags:0x2010001 -inf_classISPLAY -clean
avast! Antivirus --> rundll32 C:\PROGRA~1\ALWILS~1\Avast4\Setup\setiface.dll,RunSetup
BlueSoleil --> MsiExec.exe /X{63D1A44F-E1FD-4460-BE0A-8745012F67EF}
BSPlayer --> "C:\Program Files\Webteh\BSplayer\uninstall.exe"
Bubble Bobble Nostalgie --> C:\Program Files\Alawar\Bubble Bobble Nostalgie\uninstal.exe
C-Media WDM Audio Driver --> C:\WINDOWS\system32\cmirmdrv.exe
Colin McRae Rally 2 --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{19B72AA9-985A-11D4-9C8A-00D0B75D1498}\setup.exe"
DC++ 0.681 --> "C:\Program Files\DC++\uninstall.exe"
Diablo II --> C:\WINDOWS\DIIUnin.exe C:\WINDOWS\DIIUnin.dat
ffdshow [rev 610] [2006-12-01] --> "C:\Program Files\ffdshow\unins000.exe"
HijackThis 1.99.1 --> C:\HJT\HijackThis.exe /uninstall
Hotfix-päivitys Windows XP:lle (KB914440) --> "C:\WINDOWS\$NtUninstallKB914440$\spuninst\spuninst.exe"
Hotfix for Windows Media Format 11 SDK (KB929399) --> "C:\WINDOWS\$NtUninstallKB929399$\spuninst\spuninst.exe"
J2SE Runtime Environment 5.0 Update 11 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0150110}
Java(TM) SE Runtime Environment 6 Update 1 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160010}
K-Lite Codec Pack 3.1.5 Full --> "C:\Program Files\K-Lite Codec Pack\unins000.exe"
Lara Croft Tomb Raider: The Angel Of Darkness --> C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\7\INTEL3~1\IDriver.exe /M{93656878-FF8B-4935-99BB-F3F260037C57}
Microsoft Compression Client Pack 1.0 for Windows XP --> "C:\WINDOWS\$NtUninstallMSCompPackV1$\spuninst\spuninst.exe"
Microsoft Office XP Professional ja FrontPage --> MsiExec.exe /I{9028040B-6000-11D3-8CFE-0050048383C9}
Microsoft User-Mode Driver Framework Feature Pack 1.0 --> "C:\WINDOWS\$NtUninstallWudf01000$\spuninst\spuninst.exe"
Mozilla Firefox (2.0.0.4) --> C:\Program Files\Mozilla Firefox\uninstall\helper.exe
Nero 6 Ultra Edition --> C:\Program Files\Ahead\nero\uninstall\UNNERO.exe /UNINSTALL
O&O Defrag Professional Edition --> MsiExec.exe /I{53480370-6CA2-47EC-BC05-02B4B9271C31}
Päivitys Windows XP:lle (KB894391) --> "C:\WINDOWS\$NtUninstallKB894391$\spuninst\spuninst.exe"
Päivitys Windows XP:lle (KB898461) --> "C:\WINDOWS\$NtUninstallKB898461$\spuninst\spuninst.exe"
Päivitys Windows XP:lle (KB900485) --> "C:\WINDOWS\$NtUninstallKB900485$\spuninst\spuninst.exe"
Päivitys Windows XP:lle (KB904942) --> "C:\WINDOWS\$NtUninstallKB904942$\spuninst\spuninst.exe"
Päivitys Windows XP:lle (KB908531) --> "C:\WINDOWS\$NtUninstallKB908531$\spuninst\spuninst.exe"
Päivitys Windows XP:lle (KB910437) --> "C:\WINDOWS\$NtUninstallKB910437$\spuninst\spuninst.exe"
Päivitys Windows XP:lle (KB911280) --> "C:\WINDOWS\$NtUninstallKB911280$\spuninst\spuninst.exe"
Päivitys Windows XP:lle (KB916595) --> "C:\WINDOWS\$NtUninstallKB916595$\spuninst\spuninst.exe"
Päivitys Windows XP:lle (KB920872) --> "C:\WINDOWS\$NtUninstallKB920872$\spuninst\spuninst.exe"
Päivitys Windows XP:lle (KB922582) --> "C:\WINDOWS\$NtUninstallKB922582$\spuninst\spuninst.exe"
Päivitys Windows XP:lle (KB925876) --> "C:\WINDOWS\$NtUninstallKB925876$\spuninst\spuninst.exe"
Päivitys Windows XP:lle (KB927891) --> "C:\WINDOWS\$NtUninstallKB927891$\spuninst\spuninst.exe"
Päivitys Windows XP:lle (KB929338) --> "C:\WINDOWS\$NtUninstallKB929338$\spuninst\spuninst.exe"
Päivitys Windows XP:lle (KB930916) --> "C:\WINDOWS\$NtUninstallKB930916$\spuninst\spuninst.exe"
Päivitys Windows XP:lle (KB931836) --> "C:\WINDOWS\$NtUninstallKB931836$\spuninst\spuninst.exe"
QuickTime --> MsiExec.exe /I{5E863175-E85D-44A6-8968-82507D34AE7F}
Restaurant Empire (remove only) --> "C:\Program Files\Restaurant Empire\Uninstall.exe"
Spelling Dictionaries Support For Adobe Reader 8 --> MsiExec.exe /I{AC76BA86-7AD7-5464-3428-800000000003}
Suojauspäivitys ohjelmistolle Windows XP (KB923689) --> "C:\WINDOWS\$NtUninstallKB923689$\spuninst\spuninst.exe"
Suojauspäivitys Windows XP:lle (KB893756) --> "C:\WINDOWS\$NtUninstallKB893756$\spuninst\spuninst.exe"
Suojauspäivitys Windows XP:lle (KB896358) --> "C:\WINDOWS\$NtUninstallKB896358$\spuninst\spuninst.exe"
Suojauspäivitys Windows XP:lle (KB896423) --> "C:\WINDOWS\$NtUninstallKB896423$\spuninst\spuninst.exe"
Suojauspäivitys Windows XP:lle (KB896424) --> "C:\WINDOWS\$NtUninstallKB896424$\spuninst\spuninst.exe"
Suojauspäivitys Windows XP:lle (KB896428) --> "C:\WINDOWS\$NtUninstallKB896428$\spuninst\spuninst.exe"
Suojauspäivitys Windows XP:lle (KB899587) --> "C:\WINDOWS\$NtUninstallKB899587$\spuninst\spuninst.exe"
Suojauspäivitys Windows XP:lle (KB899591) --> "C:\WINDOWS\$NtUninstallKB899591$\spuninst\spuninst.exe"
Suojauspäivitys Windows XP:lle (KB900725) --> "C:\WINDOWS\$NtUninstallKB900725$\spuninst\spuninst.exe"
Suojauspäivitys Windows XP:lle (KB901017) --> "C:\WINDOWS\$NtUninstallKB901017$\spuninst\spuninst.exe"
Suojauspäivitys Windows XP:lle (KB901214) --> "C:\WINDOWS\$NtUninstallKB901214$\spuninst\spuninst.exe"
Suojauspäivitys Windows XP:lle (KB902400) --> "C:\WINDOWS\$NtUninstallKB902400$\spuninst\spuninst.exe"
Suojauspäivitys Windows XP:lle (KB904706) --> "C:\WINDOWS\$NtUninstallKB904706$\spuninst\spuninst.exe"
Suojauspäivitys Windows XP:lle (KB905414) --> "C:\WINDOWS\$NtUninstallKB905414$\spuninst\spuninst.exe"
Suojauspäivitys Windows XP:lle (KB905749) --> "C:\WINDOWS\$NtUninstallKB905749$\spuninst\spuninst.exe"
Suojauspäivitys Windows XP:lle (KB908519) --> "C:\WINDOWS\$NtUninstallKB908519$\spuninst\spuninst.exe"
Suojauspäivitys Windows XP:lle (KB911562) --> "C:\WINDOWS\$NtUninstallKB911562$\spuninst\spuninst.exe"
Suojauspäivitys Windows XP:lle (KB911927) --> "C:\WINDOWS\$NtUninstallKB911927$\spuninst\spuninst.exe"
Suojauspäivitys Windows XP:lle (KB912919) --> "C:\WINDOWS\$NtUninstallKB912919$\spuninst\spuninst.exe"
Suojauspäivitys Windows XP:lle (KB913580) --> "C:\WINDOWS\$NtUninstallKB913580$\spuninst\spuninst.exe"
Suojauspäivitys Windows XP:lle (KB914388) --> "C:\WINDOWS\$NtUninstallKB914388$\spuninst\spuninst.exe"
Suojauspäivitys Windows XP:lle (KB914389) --> "C:\WINDOWS\$NtUninstallKB914389$\spuninst\spuninst.exe"
Suojauspäivitys Windows XP:lle (KB917344) --> "C:\WINDOWS\$NtUninstallKB917344$\spuninst\spuninst.exe"
Suojauspäivitys Windows XP:lle (KB917422) --> "C:\WINDOWS\$NtUninstallKB917422$\spuninst\spuninst.exe"
Suojauspäivitys Windows XP:lle (KB917953) --> "C:\WINDOWS\$NtUninstallKB917953$\spuninst\spuninst.exe"
Suojauspäivitys Windows XP:lle (KB918118) --> "C:\WINDOWS\$NtUninstallKB918118$\spuninst\spuninst.exe"
Suojauspäivitys Windows XP:lle (KB918439) --> "C:\WINDOWS\$NtUninstallKB918439$\spuninst\spuninst.exe"
Suojauspäivitys Windows XP:lle (KB919007) --> "C:\WINDOWS\$NtUninstallKB919007$\spuninst\spuninst.exe"
Suojauspäivitys Windows XP:lle (KB920213) --> "C:\WINDOWS\$NtUninstallKB920213$\spuninst\spuninst.exe"
Suojauspäivitys Windows XP:lle (KB920670) --> "C:\WINDOWS\$NtUninstallKB920670$\spuninst\spuninst.exe"
Suojauspäivitys Windows XP:lle (KB920683) --> "C:\WINDOWS\$NtUninstallKB920683$\spuninst\spuninst.exe"
Suojauspäivitys Windows XP:lle (KB920685) --> "C:\WINDOWS\$NtUninstallKB920685$\spuninst\spuninst.exe"
Suojauspäivitys Windows XP:lle (KB922819) --> "C:\WINDOWS\$NtUninstallKB922819$\spuninst\spuninst.exe"
Suojauspäivitys Windows XP:lle (KB923191) --> "C:\WINDOWS\$NtUninstallKB923191$\spuninst\spuninst.exe"
Suojauspäivitys Windows XP:lle (KB923414) --> "C:\WINDOWS\$NtUninstallKB923414$\spuninst\spuninst.exe"
Suojauspäivitys Windows XP:lle (KB923694) --> "C:\WINDOWS\$NtUninstallKB923694$\spuninst\spuninst.exe"
Suojauspäivitys Windows XP:lle (KB923789) --> C:\WINDOWS\system32\MacroMed\Flash\genuinst.exe C:\WINDOWS\system32\MacroMed\Flash\KB923789.inf
Suojauspäivitys Windows XP:lle (KB923980) --> "C:\WINDOWS\$NtUninstallKB923980$\spuninst\spuninst.exe"
Suojauspäivitys Windows XP:lle (KB924191) --> "C:\WINDOWS\$NtUninstallKB924191$\spuninst\spuninst.exe"
Suojauspäivitys Windows XP:lle (KB924270) --> "C:\WINDOWS\$NtUninstallKB924270$\spuninst\spuninst.exe"
Suojauspäivitys Windows XP:lle (KB924496) --> "C:\WINDOWS\$NtUninstallKB924496$\spuninst\spuninst.exe"
Suojauspäivitys Windows XP:lle (KB924667) --> "C:\WINDOWS\$NtUninstallKB924667$\spuninst\spuninst.exe"
Suojauspäivitys Windows XP:lle (KB925902) --> "C:\WINDOWS\$NtUninstallKB925902$\spuninst\spuninst.exe"
Suojauspäivitys Windows XP:lle (KB926255) --> "C:\WINDOWS\$NtUninstallKB926255$\spuninst\spuninst.exe"
Suojauspäivitys Windows XP:lle (KB926436) --> "C:\WINDOWS\$NtUninstallKB926436$\spuninst\spuninst.exe"
Suojauspäivitys Windows XP:lle (KB927779) --> "C:\WINDOWS\$NtUninstallKB927779$\spuninst\spuninst.exe"
Suojauspäivitys Windows XP:lle (KB927802) --> "C:\WINDOWS\$NtUninstallKB927802$\spuninst\spuninst.exe"
Suojauspäivitys Windows XP:lle (KB928255) --> "C:\WINDOWS\$NtUninstallKB928255$\spuninst\spuninst.exe"
Suojauspäivitys Windows XP:lle (KB928843) --> "C:\WINDOWS\$NtUninstallKB928843$\spuninst\spuninst.exe"
Suojauspäivitys Windows XP:lle (KB929123) --> "C:\WINDOWS\$NtUninstallKB929123$\spuninst\spuninst.exe"
Suojauspäivitys Windows XP:lle (KB930178) --> "C:\WINDOWS\$NtUninstallKB930178$\spuninst\spuninst.exe"
Suojauspäivitys Windows XP:lle (KB931261) --> "C:\WINDOWS\$NtUninstallKB931261$\spuninst\spuninst.exe"
Suojauspäivitys Windows XP:lle (KB931784) --> "C:\WINDOWS\$NtUninstallKB931784$\spuninst\spuninst.exe"
Suojauspäivitys Windows XP:lle (KB932168) --> "C:\WINDOWS\$NtUninstallKB932168$\spuninst\spuninst.exe"
Suojauspäivitys Windows XP:lle (KB935839) --> "C:\WINDOWS\$NtUninstallKB935839$\spuninst\spuninst.exe"
Suojauspäivitys Windows XP:lle (KB935840) --> "C:\WINDOWS\$NtUninstallKB935840$\spuninst\spuninst.exe"
Sygate Personal Firewall --> MsiExec.exe /I{F34D9A5F-484A-4E31-A9D3-908CB265B289}
The Sims 2 --> C:\Program Files\EA GAMES\The Sims 2\EAUninstall.exe
The Sims 2 - Kauppa auki --> C:\Program Files\EA GAMES\The Sims 2 - Kauppa auki\EAUninstall.exe
VIMICRO USB PC Camera --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{8AD824A5-1CCC-4BB7-82C9-E6FB25CC0479}\setup.exe" -l0x804
Winamp (remove only) --> "C:\Program Files\Winamp\UninstWA.exe"
Windows Live Messenger --> MsiExec.exe /I{DF6FEB75-A0D1-44E5-A754-0072D4967734}
Windows Live OneCare safety scanner --> RunDll32.exe "C:\Program Files\Windows Live Safety Center\wlscCore.dll",UninstallFunction WLSC_SCANNER_PRODUCT
Windows Media Format 11 runtime --> "C:\WINDOWS\$NtUninstallWMFDist11$\spuninst\spuninst.exe"
Windows Media Format SDK Hotfix - KB891122 --> "C:\WINDOWS\$NtUninstallKB891122$\spuninst\spuninst.exe"
WinRAR archiver --> C:\Program Files\WinRAR\uninstall.exe

-- End of Deckard's System Scanner: finished at 2007-06-24 at 20:53:35 ---------

Ja tälläne viel tul

Directories/Files moved to C:\Deckard\System Scanner\backup

2007-06-24 11:55:42 0 d-------- C:\DOCUME~1\RAIMOE~1\LOCALS~1\Temp\Adobelm_Cleanup.0001.dir.0001
2007-06-24 11:55:42 0 d-------- C:\DOCUME~1\RAIMOE~1\LOCALS~1\Temp\Adobelm_Cleanup.0001.dir.0002
2007-06-23 23:51:04 0 d-------- C:\DOCUME~1\RAIMOE~1\LOCALS~1\Temp\CopyFileList
2007-06-24 20:44:50 0 d-------- C:\DOCUME~1\RAIMOE~1\LOCALS~1\Temp\MessengerCache
2007-06-24 11:55:42 0 d-------- C:\DOCUME~1\RAIMOE~1\LOCALS~1\Temp\Rar$EX00.641
2007-06-24 11:55:56 0 d-------- C:\DOCUME~1\RAIMOE~1\LOCALS~1\Temp\RarSFX2
2007-06-24 13:58:47 595 --a------ C:\DOCUME~1\RAIMOE~1\LOCALS~1\Temp\RunTime.ini
2007-06-24 11:55:56 0 d-------- C:\DOCUME~1\RAIMOE~1\LOCALS~1\Temp\WER1053.dir00
2007-06-24 11:55:56 0 d-------- C:\DOCUME~1\RAIMOE~1\LOCALS~1\Temp\WER118a.dir00
2007-06-24 11:55:56 0 d-------- C:\DOCUME~1\RAIMOE~1\LOCALS~1\Temp\WER1d59.dir00
2007-06-24 11:55:57 0 d-------- C:\DOCUME~1\RAIMOE~1\LOCALS~1\Temp\WER1d9d.dir00
2007-06-24 11:55:57 0 d-------- C:\DOCUME~1\RAIMOE~1\LOCALS~1\Temp\WER2197.dir00
2007-06-24 11:55:57 0 d-------- C:\DOCUME~1\RAIMOE~1\LOCALS~1\Temp\WER25e6.dir00
2007-06-24 11:55:57 0 d-------- C:\DOCUME~1\RAIMOE~1\LOCALS~1\Temp\WER28a3.dir00
2007-06-24 11:55:57 0 d-------- C:\DOCUME~1\RAIMOE~1\LOCALS~1\Temp\WER2f66.dir00
2007-06-24 11:55:58 0 d-------- C:\DOCUME~1\RAIMOE~1\LOCALS~1\Temp\WERa01d.dir00
2007-06-24 15:19:03 0 d-------- C:\DOCUME~1\RAIMOE~1\LOCALS~1\Temp\WPDNSE
2007-06-23 23:32:31 0 d-------- C:\DOCUME~1\RAIMOE~1\LOCALS~1\Temp\_avast4_
2007-06-23 23:26:30 0 d-------- C:\DOCUME~1\RAIMOE~1\LOCALS~1\Temp\{236BB7C4-4419-42FD-0409-1E257A25E34D}
2007-06-24 13:59:29 526 --a------ C:\DOCUME~1\RAIMOE~1\LOCALS~1\Temp\{AC76BA86-7AD7-1033-7B44-A81000000003}.ini
2007-06-24 14:00:56 526 --a------ C:\DOCUME~1\RAIMOE~1\LOCALS~1\Temp\{AC76BA86-7AD7-1035-7B44-A81000000003}.ini
2007-06-24 11:55:58 0 d-------- C:\DOCUME~1\RAIMOE~1\LOCALS~1\Temp\{E9787678-1033-0000-8E67-000000000001}
2007-06-24 14:05:55 0 --a-----t C:\WINDOWS\temp\JET76F5.tmp
2007-06-24 14:06:00 16384 --a-----t C:\WINDOWS\temp\Perflib_Perfdata_5e4.dat
2007-06-24 15:18:55 255 --a------ C:\WINDOWS\temp\WGAErrLog.txt
2007-06-24 15:19:29 409 --a------ C:\WINDOWS\temp\WGANotify.settings
2007-05-07 16:38:46 500120 --a------ C:\WINDOWS\Downloaded Program Files\daas_s.dll <Verified; F-Secure Corporation; F-Secure Corporation daas>
2007-05-07 16:39:00 192920 --a------ C:\WINDOWS\Downloaded Program Files\fsauc.dll <Verified; FS; FS bwcli>
2007-05-07 16:39:24 254360 --a------ C:\WINDOWS\Downloaded Program Files\fscax.dll <Verified; F-Secure Corporation; F-Secure Online Scanner>

-*- End of Logfile -*-

Auttaja · Jun 24, 2007

Ookoo

J2SE Runtime Environment 5.0 Update 11 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0150110}

eli tollasen voi poistaa jos on 6.1 javakin

krakut kantsii poistaa

=====

hosteja sorkitaa vähä

Lataa HostsXpert.zip:
[*]Pura HostsXpert sopivaan kansioon, kuten C:\Hoster
[*]Aja HostsXpert.exe sen uudesta kansiosta
[*]Klikkaa "Make Hosts Writable?" oikeassa yläkulmassa (jos toiminnassa)
[*]Klikkaa "Restore Microsoft's Hosts File" ja sitten OK
[*]Sulje ohjelma.a
Huomaa: JOS käytit mukautettuja Hosts-filuja, sinun täytyy laitta
a yksikin niistä riveistä itse takaisin.

========

ja ei muuta ku

Pysy puhtaana

-> Tyhjennä järjestelmänpalautus Ohjeet
Tyhjennä järjestelmänpalautuskansio ja luo uusi palautuspiste. Tämä puhdistaa palautuskansion mahdollisista haittaohjelmajäännöksistä.

-> Käytä CCleaneria -> CCleaner
Lataa ja asenna CCleaner. Puhdista väliaikaistiedostot ja -kansiot ohjelmalla säännöllisesti.

-> Asenna SpywareBlaster -> SpywareBlaster
SpywareBlaster estää haittaohjelmia asentumasta koneellesi. Ei kuluta muistia!
Opas saatavilla suomeksi! Nimimerkki Ad-Awaren opas

-> Asenna MVPS Hosts tiedosto -> MVPS Hosts
Estää koneesi yhteyden haitallisiin sivustoihin.
Opas saatavilla suomeksi! Nimimerkki Axelin opas

-> Vaihda selaimesi Firefoxiin -> Firefox
Firefox on nopeampi, turvallisempi ja parempi selain kuin Internet Explorer.

-> Pidä järjestelmäsi ajantasalla. -> Windows Update
Vieraile Windows Updatessa säännöllisesti.

-> Pidä palomuuri ja virustorjunta ajantasalla
Päivitä ja skannaa koneesi säännöllisesti virustorjuntaohjelmallasi.
ja hyvä myös escan http://koti.mbnet.fi/pattaya1/escanmwav.htm

->Pidä ohjelmistosi ajantasalla. -> Secunia Software Inspector
Secunia Software Inspector tutkii sinun järjestälmäsi ja ohjelmistosi puuttuvien turvallisuuspäivityksien osalta. Tavallinen tutkinta kestää normaalisti 5-40 sekuntia, kun läpikotainen (thorough system inspection) voi kestää useita minuutteja.

->Seuraa säännöllisesti viestintäviraston tietoja uusista haavoittuvuuksista -> CERT-FI

-> Rekistöröidy. -> Virustorjunta.net
Virustorjunta.net on suomalainen haittaohjelmien poistoon keskittyvä sivusto joka kykenee auttamaan sinua mitä erilaisimmissa ongelmissa. Lisäksi siellä on suomen ainut HJT-koulu. Koulussa syvennytään HJT-ohjelman tuottaman informaation analysoimiseen sekä analysoinnin jälkeiseen tietokoneen puhdistamiseen.

Jos tulevaisuudessa tulee haittaohjelmien kanssa ongelmia, älä epäröi laittaa Hijackthis-logia tarkistettavaksi!

TeleHell · Jun 24, 2007

Selevä juttu!
Kiitokset jelpistä ja myöhäset jussit =D!

Log in or Sign up

"Hbtools"-kuvake työpöydällä - ei lähde veks!

TeleHell Regular member

Hujo Guest

Auttaja Guest

TeleHell Regular member

Auttaja Guest

TeleHell Regular member

Auttaja Guest

TeleHell Regular member

Auttaja Guest

TeleHell Regular member

Auttaja Guest

TeleHell Regular member

Auttaja Guest

TeleHell Regular member

Auttaja Guest

TeleHell Regular member

Share This Page

Log in or Sign up

"Hbtools"-kuvake työpöydällä - ei lähde veks!

TeleHell Regular member

Hujo Guest

Auttaja Guest

TeleHell Regular member

Auttaja Guest

TeleHell Regular member

Auttaja Guest

TeleHell Regular member

Auttaja Guest

TeleHell Regular member

Auttaja Guest

TeleHell Regular member

Auttaja Guest

TeleHell Regular member

Auttaja Guest

TeleHell Regular member

Share This Page

Useful Searches