troijalaisia?

miggu · 03.04.2007

Skannasin avg anti-spywarella ja tässä raportti:

---------------------------------------------------------
AVG Anti-Spyware - Scan Report
---------------------------------------------------------

+ Created at: 0:48:53 4.4.2007

+ Scan result:

C:\WINDOWS\system32\qommjij.dll -> Adware.Virtumonde : No action taken.
C:\Documents and Settings\Vierailijat\Cookies\vierailijat@com[1].txt -> TrackingCookie.Com : No action taken.
E:\System Volume Information\_restore{2724331E-22AB-4C24-A7E8-DCB650D63967}\RP12\A0001592.exe -> Trojan.QQPass.ly : No action taken.

::Report end

Poistin nämä "örkit" quarantine asetuksella. Itseä ainakin ihmetyttää tuo Trojan.QQPass.ly, mikähän se on? Poistuikohan nämä nyt kokonaan koneelta?
Ad-Awarellakin skannasin läpi koko järjestelmän ja löytyi 7 kriittistä kohdetta. Miten saan koneeni nyt varmasti puhtaaksi?

AfterDawn

hannu71 · 03.04.2007

Lataa http://koti.mbnet.fi/pattaya1/lataus/hijackthis_self.exe

asenna

naputtele numerojärjestyksessä(tuossa kuva http://koti.mbnet.fi/pattaya1/hijackthis_self.jpg )

1.Unzip
2.OK
3.Close

Paina nappia Do a system scan and save a logfile

Laita ponnahtava muistio tänne ( Hjt-loki )

Lataa VundoFix.exe työpöydällesi.

Tupla-klikkaa VundoFix.exe ajaaksesi sen.

Klikkaa Scan for Vundo valintaa.

Kun skannaus on valmis, klikkaa Remove Vundo valintaa.

Sinulta kysytään haluatko poistaa filut - klikkaa YES.

Kun olet klikannut yes, työpöytäsi tyhjenee kun se alkaa poistamaan Vundoa.

Kun se on valmis, fiksi ilmoittaa käynnistäväsi koneesi uudelleen, klikkaa OK.

Postita C:\vundofix.txt lokin sekä tuoreen HijackThis lokin sisältö.

Huomaa: Se on mahdollista että VundoFix löysi tiedoston jota se ei pystynyt poistamaan.
Tässä tilanteessa, VundoFix ajaa itsensä rebootissa, seuraa vain yläpuolelle olevia ohjeita alkaen kohdasta "Klikkaa Scan for Vundo valintaa." kun VundoFix ilmaantuu uudelleenkäynnistyksen yhteydessä.

miggu · 04.04.2007

Kiitos vastauksesta.
Tässä hjt loki:

Logfile of HijackThis v1.99.1
Scan saved at 9:33:16, on 4.4.2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16414)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Ahead\InCD\InCDsrv.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\SOUNDMAN.EXE
C:\WINDOWS\system32\RunDLL32.exe
C:\Program Files\CyberLink DVD Solution\PowerDVD\PDVDServ.exe
C:\Program Files\Ahead\InCD\InCD.exe
C:\Program Files\BAANA TIETOTURVA\Common\FSM32.EXE
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\WINDOWS\system32\rundll32.exe
C:\PROGRA~1\COMMON~1\PCSuite\DATALA~1\DATALA~1.EXE
C:\PROGRA~1\Nokia\NOKIAP~1\TRAYAP~1.EXE
C:\WINDOWS\Dit.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Java\jre1.6.0\bin\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\PROGRA~1\COMMON~1\PCSuite\Services\SERVIC~1.EXE
C:\WINDOWS\DitExp.exe
C:\Program Files\MSI\BToes Bluetooth-ohjelmisto\BTTray.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\PROGRA~1\BAANAT~1\backweb\9683872\Program\SERVIC~1.EXE
C:\Program Files\MSI\BToes Bluetooth-ohjelmisto\bin\btwdins.exe
C:\Program Files\BAANA TIETOTURVA\Anti-Virus\fsgk32st.exe
C:\Program Files\BAANA TIETOTURVA\backweb\9683872\program\fsbwsys.exe
C:\Program Files\BAANA TIETOTURVA\Anti-Virus\FSGK32.EXE
C:\Program Files\HP\Digital Imaging\bin\hpqimzone.exe
C:\Program Files\BAANA TIETOTURVA\Common\FSMA32.EXE
C:\Program Files\BAANA TIETOTURVA\Anti-Virus\fssm32.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\BAANA TIETOTURVA\Common\FSMB32.EXE
C:\PROGRA~1\MSI\BTOESB~1\BTSTAC~1.EXE
C:\Program Files\BAANA TIETOTURVA\Common\FCH32.EXE
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\BAANA TIETOTURVA\backweb\9683872\Program\OPOY-Tietoturva.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\BAANA TIETOTURVA\Common\FAMEH32.EXE
C:\Program Files\BAANA TIETOTURVA\Anti-Virus\fsqh.exe
C:\Program Files\BAANA TIETOTURVA\Anti-Virus\fsrw.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files\BAANA TIETOTURVA\Anti-Virus\fsav32.exe
C:\Program Files\BAANA TIETOTURVA\FWES\Program\fsdfwd.exe
C:\PROGRA~1\BAANAT~1\ANTI-S~1\fsaw.exe
C:\Program Files\BAANA TIETOTURVA\FSGUI\fsguidll.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Opera\Opera.exe
C:\HJT\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.fi/
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [NvCplDaemon] "RUNDLL32.EXE" C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] "nwiz.exe" /install
O4 - HKLM\..\Run: [NvMediaCenter] RunDLL32.exe NvMCTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink DVD Solution\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [InCD] "C:\Program Files\Ahead\InCD\InCD.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [F-Secure Manager] "C:\Program Files\BAANA TIETOTURVA\Common\FSM32.EXE" /splash
O4 - HKLM\..\Run: [F-Secure TNB] "C:\Program Files\BAANA TIETOTURVA\TNB\TNBUtil.exe" /CHECKALL /WAITFORSW
O4 - HKLM\..\Run: [F-Secure Startup Wizard] "C:\Program Files\BAANA TIETOTURVA\FSGUI\FSSW.EXE" /reboot
O4 - HKLM\..\Run: [News Service] "C:\Program Files\BAANA TIETOTURVA\FSGUI\ispnews.exe"
O4 - HKLM\..\Run: [HP Software Update] "C:\Program Files\HP\HP Software Update\HPWuSchd2.exe"
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] "rundll32.exe" bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [DataLayer] C:\PROGRA~1\COMMON~1\PCSuite\DATALA~1\DATALA~1.EXE
O4 - HKLM\..\Run: [PCSuiteTrayApplication] C:\PROGRA~1\Nokia\NOKIAP~1\TRAYAP~1.EXE
O4 - HKLM\..\Run: [Dit] Dit.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0\bin\jusched.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [NBJ] "C:\Program Files\Ahead\Nero BackItUp\NBJ.exe"
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: AutoCAD Startup Accelerator.lnk = C:\Program Files\Common Files\Autodesk Shared\acstart17.exe
O4 - Global Startup: BAANA TIETOTURVA.lnk = C:\Program Files\BAANA TIETOTURVA\backweb\9683872\Program\OPOY-Tietoturva.exe
O4 - Global Startup: BTTray.lnk = ?
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: HP Image Zone -pikakäynnistys.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: &Estä tämä kohoikkuna - C:\Program Files\BAANA TIETOTURVA\Anti-Spyware\blockpopups.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Lähetä &Bluetooth-laitteeseen - C:\Program Files\MSI\BToes Bluetooth-ohjelmisto\btsendto_ie_ctx.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0\bin\ssv.dll
O9 - Extra button: IE-suojaus - {300DB664-75B5-47c0-8B45-A44ACCF73C00} - C:\Program Files\BAANA TIETOTURVA\Anti-Spyware\ieshield.dll
O9 - Extra 'Tools' menuitem: IE-suojaus... - {300DB664-75B5-47c0-8B45-A44ACCF73C00} - C:\Program Files\BAANA TIETOTURVA\Anti-Spyware\ieshield.dll
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\MSI\BToes Bluetooth-ohjelmisto\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-4017 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\MSI\BToes Bluetooth-ohjelmisto\btsendto_ie.htm
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O11 - Options group: [INTERNATIONAL] International*
O16 - DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} (Office Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=58813
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://miikapaka.spaces.live.com//PhotoUpload/MsnPUpld.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{8F04B2B5-B5A1-4040-81F2-D675457CEE06}: NameServer = 213.139.190.3 212.50.131.153
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O20 - Winlogon Notify: WRNotifier - WRLogonNTF.dll (file missing)
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: Autodesk Licensing Service - Autodesk - C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: BAANA TIETOTURVA (BackWeb Plug-in - 9683872) - BackWeb Technologies Inc. - C:\PROGRA~1\BAANAT~1\backweb\9683872\Program\SERVIC~1.EXE
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\MSI\BToes Bluetooth-ohjelmisto\bin\btwdins.exe
O23 - Service: FSGKHS (F-Secure Gatekeeper Handler Starter) - F-Secure Corporation - C:\Program Files\BAANA TIETOTURVA\Anti-Virus\fsgk32st.exe
O23 - Service: FSBWSYS - F-Secure Corp. - C:\Program Files\BAANA TIETOTURVA\backweb\9683872\program\fsbwsys.exe
O23 - Service: F-Secure Anti-Virus Firewall Daemon (FSDFWD) - F-Secure Corporation - C:\Program Files\BAANA TIETOTURVA\FWES\Program\fsdfwd.exe
O23 - Service: FSMA - F-Secure Corporation - C:\Program Files\BAANA TIETOTURVA\Common\FSMA32.EXE
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InCD Helper (InCDsrv) - Nero AG - C:\Program Files\Ahead\InCD\InCDsrv.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - Unknown owner - %ProgramFiles%\WinPcap\rpcapd.exe" -d -f "%ProgramFiles%\WinPcap\rpcapd.ini (file missing)

Vundo.fix multa löytyikin jo koneelta ja se ei löytänyt mitään.

hannu71 · 04.04.2007

Avaa HijackThis, klikkaa do a system scan only, merkkaa nämä rivit. Sitten sulje kaikki muut ikkunat ja paina fix checked.
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)<-- jos Windows Live Messenger ei oo enään koneelle asennettuna

C:\WINDOWS\system32\qommjij.dll -> Adware.Virtumonde : No action taken.
C:\Documents and Settings\Vierailijat\Cookies\vierailijat@com[1].txt -> TrackingCookie.Com : No action taken.
E:\System Volume Information\_restore{2724331E-22AB-4C24-A7E8-DCB650D63967}\RP12\A0001592.exe -> Trojan.QQPass.ly : No action taken.

Laajenna...

oot vissiin ajanut sen vundo fixin ton avg:n ajamisen jälkeen? kun tossa hjt-lokiss sitä ei enään näy

ton Trojan.QQPass.ly saat lopullisesti pois koneesta tyhjentämällä järjestelmän palautuksen.

Putsaa järjestelmänpalautus:

1. Klikkaa oikealla käynnistävalikon My Computer- tai oma tietokone-kuvaketta
2. Valitse Ominaisuudet.
3. Valitse Järjestelmän palauttaminen- välilehti.
4. Valitse "Poista järjestelmän palauttaminen käytöstä".
5. Paina Käytä.
6. Paina OK.
7. Käynnistä kone uudelleen
8. Tee kohdat 1.-3.
9. Ota rasti pois kohdasta "Poista järjestelmän palauttaminen käytöstä"
10. Tee kohdat 5. ja 6.

tee uusi palautus piste.

muuten lokisi oli ihan ok

miggu · 04.04.2007

tee uusi palautus piste.
Laajenna...

öö..Mitenhän tämä tehdään??

oot vissiin ajanut sen vundo fixin ton avg:n ajamisen jälkeen?
Laajenna...

joo, ajoin vundon avg:n jälkeen ja myös ennen, ja kummallakaan kerralla se ei mitää löytänyt.

hannu71 · 05.04.2007

uusi palautuspiste:
käynnistä-> kaikki ohjelmat->apuohjelmat->järjestelmä työkalut->järjestelmän palauttaminen-> täppi kohtaan luo palautuspiste.

ton vundofixin voisit varmuuden vuoksi ajaa uudestaa, kun toi avg:n as löysi sen eikä poistanut sitä.Tossa linkissa mikä on aikaisemmassa viestissä on uusin versio

miggu · 05.04.2007

Dodiih, nyt kun päivitin ton vundofixin ni alkoi löytymään. Tässä raportti:

VundoFix V6.3.19

Checking Java version...

Scan started at 23:51:36 5.4.2007

Listing files found while scanning....

C:\WINDOWS\system32\elcaswkh.exe
C:\WINDOWS\system32\kujpgqfp.dll
C:\WINDOWS\system32\pfqgpjuk.ini

Beginning removal...

Attempting to delete C:\WINDOWS\system32\elcaswkh.exe
C:\WINDOWS\system32\elcaswkh.exe Has been deleted!

Attempting to delete C:\WINDOWS\system32\kujpgqfp.dll
C:\WINDOWS\system32\kujpgqfp.dll Has been deleted!

Attempting to delete C:\WINDOWS\system32\pfqgpjuk.ini
C:\WINDOWS\system32\pfqgpjuk.ini Has been deleted!

Performing Repairs to the registry.
Done!

Ilmeisesti tuo vundo pystyi nuo poistamaan..

hannu71 · 06.04.2007

Tupla-klikkaa VundoFix.exe ajaaksesi sen.

Klikkaa Scan for Vundo valintaa.

Kun skannaus on valmis, oikea-klikkaa kyseisen listaboksin sisällä (valkoinen laatikko jossa on löydetyt tiedostot listattu) ja valitse Add more files

Kopioi ja liitä seuraavat 2 riviä kahteen ylimmäiseen boksiin

C:\WINDOWS\system32\qommjij.dll

C:\WINDOWS\system32\jijmmoq.*

Klikkaa Add Files ja sitten klikkaa Close Window.

Kun skannaus on valmis, klikkaa Remove Vundo valintaa.

Sinulta kysytään haluatko poistaa filut - klikkaa YES.

Kun olet klikannut yes, työpöytäsi tyhjenee kun se alkaa poistamaan Vundoa.

Kun se on valmis, fiksi ilmoittaa käynnistäväsi koneesi uudelleen, klikkaa OK.

Postita C:\vundofix.txt lokin sekä tuoreen HijackThis lokin sisältö.

Huomaa: Se on mahdollista että VundoFix löysi tiedoston jota se ei pystynyt poistamaan.
Tässä tilanteessa, VundoFix ajaa itsensä rebootissa, seuraa vain yläpuolelle olevia ohjeita alkaen kohdasta "Klikkaa Scan for Vundo valintaa." kun VundoFix ilmaantuu uudelleenkäynnistyksen yhteydessä.

uudelleen nimeä C:\HJT\HijackThis.exe vaikka miggu:ksi

päivitä ja aja avg:n antispyware vikasitotilassa ohje

laita avg:n täpit tuon sivun mukaan http://aaxxeell.googlepages.com/ewido4

aja hijackthis (miggu) uudestaan

lähetä:
vundo fix loki
hjt (miggu.exen) loki
avg:n antispywaren loki

miggu · 08.04.2007

[*]Kun skannaus on valmis, oikea-klikkaa kyseisen listaboksin sisällä (valkoinen laatikko jossa on löydetyt tiedostot listattu) ja valitse Add more files
[*]Kopioi ja liitä seuraavat 2 riviä kahteen ylimmäiseen boksiin

C:\WINDOWS\system32\qommjij.dll

C:\WINDOWS\system32\jijmmoq.*

[*]Klikkaa Add Files ja sitten klikkaa Close Window.
Laajenna...

Vundofix ei löytänyt mitään, eli en voinut tehdä tuota. Loki:

Beginning removal...

VundoFix V6.3.19

Checking Java version...

Scan started at 10:56:34 8.4.2007

Listing files found while scanning....

No infected files were found.

AVG ei myöskään löytänyt enään mitään. Loki:

---------------------------------------------------------
AVG Anti-Spyware - Scan Report
---------------------------------------------------------

+ Created at: 11:44:41 8.4.2007

+ Scan result:

Nothing found.

::Report end

Ja hjt-loki migguksi nimeämisen jälkeen:

Logfile of HijackThis v1.99.1
Scan saved at 11:48:14, on 8.4.2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16414)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Ahead\InCD\InCDsrv.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\SOUNDMAN.EXE
C:\WINDOWS\system32\RunDLL32.exe
C:\Program Files\CyberLink DVD Solution\PowerDVD\PDVDServ.exe
C:\Program Files\Ahead\InCD\InCD.exe
C:\Program Files\BAANA TIETOTURVA\Common\FSM32.EXE
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\WINDOWS\system32\rundll32.exe
C:\PROGRA~1\COMMON~1\PCSuite\DATALA~1\DATALA~1.EXE
C:\PROGRA~1\Nokia\NOKIAP~1\TRAYAP~1.EXE
C:\WINDOWS\Dit.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Java\jre1.6.0\bin\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\DitExp.exe
C:\PROGRA~1\COMMON~1\PCSuite\Services\SERVIC~1.EXE
C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
C:\Program Files\MSI\BToes Bluetooth-ohjelmisto\BTTray.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\HP\Digital Imaging\bin\hpqimzone.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\PROGRA~1\BAANAT~1\backweb\9683872\Program\SERVIC~1.EXE
C:\Program Files\MSI\BToes Bluetooth-ohjelmisto\bin\btwdins.exe
C:\Program Files\BAANA TIETOTURVA\Anti-Virus\fsgk32st.exe
C:\Program Files\BAANA TIETOTURVA\backweb\9683872\program\fsbwsys.exe
C:\Program Files\BAANA TIETOTURVA\Anti-Virus\FSGK32.EXE
C:\Program Files\BAANA TIETOTURVA\Common\FSMA32.EXE
C:\Program Files\BAANA TIETOTURVA\Anti-Virus\fssm32.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\BAANA TIETOTURVA\Common\FSMB32.EXE
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\Program Files\BAANA TIETOTURVA\backweb\9683872\Program\OPOY-Tietoturva.exe
C:\Program Files\BAANA TIETOTURVA\Common\FCH32.EXE
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\PROGRA~1\MSI\BTOESB~1\BTSTAC~1.EXE
C:\Program Files\BAANA TIETOTURVA\Common\FAMEH32.EXE
C:\Program Files\BAANA TIETOTURVA\Anti-Virus\fsqh.exe
C:\Program Files\BAANA TIETOTURVA\Anti-Virus\fsrw.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files\BAANA TIETOTURVA\FWES\Program\fsdfwd.exe
C:\Program Files\BAANA TIETOTURVA\Anti-Virus\fsav32.exe
C:\PROGRA~1\BAANAT~1\ANTI-S~1\fsaw.exe
C:\Program Files\BAANA TIETOTURVA\FSGUI\fsguidll.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\wuauclt.exe
C:\HJT\miggu.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.fi/
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [NvCplDaemon] "RUNDLL32.EXE" C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] "nwiz.exe" /install
O4 - HKLM\..\Run: [NvMediaCenter] RunDLL32.exe NvMCTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink DVD Solution\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [InCD] "C:\Program Files\Ahead\InCD\InCD.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [F-Secure Manager] "C:\Program Files\BAANA TIETOTURVA\Common\FSM32.EXE" /splash
O4 - HKLM\..\Run: [F-Secure TNB] "C:\Program Files\BAANA TIETOTURVA\TNB\TNBUtil.exe" /CHECKALL /WAITFORSW
O4 - HKLM\..\Run: [F-Secure Startup Wizard] "C:\Program Files\BAANA TIETOTURVA\FSGUI\FSSW.EXE" /reboot
O4 - HKLM\..\Run: [News Service] "C:\Program Files\BAANA TIETOTURVA\FSGUI\ispnews.exe"
O4 - HKLM\..\Run: [HP Software Update] "C:\Program Files\HP\HP Software Update\HPWuSchd2.exe"
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] "rundll32.exe" bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [DataLayer] C:\PROGRA~1\COMMON~1\PCSuite\DATALA~1\DATALA~1.EXE
O4 - HKLM\..\Run: [PCSuiteTrayApplication] C:\PROGRA~1\Nokia\NOKIAP~1\TRAYAP~1.EXE
O4 - HKLM\..\Run: [Dit] Dit.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0\bin\jusched.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [NBJ] "C:\Program Files\Ahead\Nero BackItUp\NBJ.exe"
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: BAANA TIETOTURVA.lnk = C:\Program Files\BAANA TIETOTURVA\backweb\9683872\Program\OPOY-Tietoturva.exe
O4 - Global Startup: BTTray.lnk = ?
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: HP Image Zone -pikakäynnistys.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: &Estä tämä kohoikkuna - C:\Program Files\BAANA TIETOTURVA\Anti-Spyware\blockpopups.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Lähetä &Bluetooth-laitteeseen - C:\Program Files\MSI\BToes Bluetooth-ohjelmisto\btsendto_ie_ctx.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0\bin\ssv.dll
O9 - Extra button: IE-suojaus - {300DB664-75B5-47c0-8B45-A44ACCF73C00} - C:\Program Files\BAANA TIETOTURVA\Anti-Spyware\ieshield.dll
O9 - Extra 'Tools' menuitem: IE-suojaus... - {300DB664-75B5-47c0-8B45-A44ACCF73C00} - C:\Program Files\BAANA TIETOTURVA\Anti-Spyware\ieshield.dll
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\MSI\BToes Bluetooth-ohjelmisto\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-4017 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\MSI\BToes Bluetooth-ohjelmisto\btsendto_ie.htm
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O11 - Options group: [INTERNATIONAL] International*
O16 - DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} (Office Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=58813
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://miikapaka.spaces.live.com//PhotoUpload/MsnPUpld.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{8F04B2B5-B5A1-4040-81F2-D675457CEE06}: NameServer = 213.139.190.3 212.50.131.153
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O20 - Winlogon Notify: WRNotifier - WRLogonNTF.dll (file missing)
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: Autodesk Licensing Service - Autodesk - C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: BAANA TIETOTURVA (BackWeb Plug-in - 9683872) - BackWeb Technologies Inc. - C:\PROGRA~1\BAANAT~1\backweb\9683872\Program\SERVIC~1.EXE
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\MSI\BToes Bluetooth-ohjelmisto\bin\btwdins.exe
O23 - Service: FSGKHS (F-Secure Gatekeeper Handler Starter) - F-Secure Corporation - C:\Program Files\BAANA TIETOTURVA\Anti-Virus\fsgk32st.exe
O23 - Service: FSBWSYS - F-Secure Corp. - C:\Program Files\BAANA TIETOTURVA\backweb\9683872\program\fsbwsys.exe
O23 - Service: F-Secure Anti-Virus Firewall Daemon (FSDFWD) - F-Secure Corporation - C:\Program Files\BAANA TIETOTURVA\FWES\Program\fsdfwd.exe
O23 - Service: FSMA - F-Secure Corporation - C:\Program Files\BAANA TIETOTURVA\Common\FSMA32.EXE
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InCD Helper (InCDsrv) - Nero AG - C:\Program Files\Ahead\InCD\InCDsrv.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - Unknown owner - %ProgramFiles%\WinPcap\rpcapd.exe" -d -f "%ProgramFiles%\WinPcap\rpcapd.ini (file missing)

hannu71 · 08.04.2007

1. Lataa combofix.exe työpöydällesi jommastakummasta linkistä:
combofix.exe
combofix.exe

2. Tuplaklikkaa combofix.exe tiedostoa ja seuraa ohjeistuksia.
3. Kun työkalu on valmis, se tuottaa lokin. (C:\ComboFix.txt) Lähetä tämä loki viesti ketjuusi.
Huom! Älä klikkaile combofixin ikkunaa käytön aikana. Tämä saattaa aiheuttaa ohjelman jumiutumisen.

Avaa HijackThis, klikkaa do a system scan only, merkkaa nämä rivit. Sitten sulje kaikki muut ikkunat ja paina fix checked.
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O20 - Winlogon Notify: WRNotifier - WRLogonNTF.dll (file missing) <--SpySweeperin testiaika jo ohi? jos on niin merkkaa tämäkin rivi

lähetä:
combofixin loki
uus hjt-loki "miggu"

miggu · 08.04.2007

ComboFixin loki:

"Miika" - 07-04-08 20:42:37 Service Pack 2
ComboFix 07-04-05 - Running from: "C:\Documents and Settings\Miika\Ty”p”yt„"

(((((((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

C:\WINDOWS\system32\media\AvidRender.wav
C:\WINDOWS\system32\awtqo.dll
C:\WINDOWS\system32\media

((((((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))

-------\nm

((((((((((((((((((((((((((((((( Files Created from 2007-03-08 to 2007-04-08 ))))))))))))))))))))))))))))))))))

2007-04-07 22:30 <KANSIO> d-------- C:\Program Files\AutoCAD 2006
2007-04-04 09:24 <KANSIO> d-------- C:\HJT
2007-04-01 10:35 <KANSIO> d-------- C:\Program Files\WinPcap
2007-03-30 21:21 664 --a------ C:\WINDOWS\system32\d3d9caps.dat
2007-03-28 18:58 <KANSIO> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\WinZip
2007-03-27 21:45 <KANSIO> d-------- C:\DOCUME~1\Miika\APPLIC~1\Downloaded Installations
2007-03-27 21:17 <KANSIO> d-------- C:\Program Files\AnswerWorks 4.0
2007-03-27 21:16 <KANSIO> d-------- C:\DOCUME~1\Miika\APPLIC~1\Autodesk
2007-03-27 21:16 <KANSIO> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Autodesk
2007-03-27 21:12 <KANSIO> d-------- C:\Program Files\Common Files\Autodesk Shared
2007-03-27 21:11 <KANSIO> d-------- C:\Program Files\Autodesk
2007-03-18 23:15 <KANSIO> d-------- C:\DOCUME~1\Miika\APPLIC~1\Screenshot Sender
2007-03-17 22:57 905,290 --a------ C:\WINDOWS\system32\libmmd.dll
2007-03-17 22:57 73,728 --a------ C:\WINDOWS\system32\xmltok.dll
2007-03-17 22:57 7,962,624 --a------ C:\WINDOWS\system32\SVI.dll
2007-03-17 22:57 655,360 --a------ C:\WINDOWS\system32\MMClient.dll
2007-03-17 22:57 614,400 --a------ C:\WINDOWS\system32\AvOmfToolkit.dll
2007-03-17 22:57 61,440 --a------ C:\WINDOWS\system32\libjpegV4.dll
2007-03-17 22:57 61,440 --a------ C:\WINDOWS\system32\AvidQTUpdater.dll
2007-03-17 22:57 54,272 --a------ C:\WINDOWS\system32\drivers\AvidXPSerial.sys
2007-03-17 22:57 53,248 --a------ C:\WINDOWS\system32\ipl.dll
2007-03-17 22:57 5,600 --a------ C:\WINDOWS\system\winaspi.dll
2007-03-17 22:57 466,944 --a------ C:\WINDOWS\system32\ommclient.dll
2007-03-17 22:57 40,960 --a------ C:\WINDOWS\system32\INETTransportLibrary.dll
2007-03-17 22:57 4,672 --a------ C:\WINDOWS\system\wowpost.exe
2007-03-17 22:57 36,864 --a------ C:\WINDOWS\system32\xmlparse.dll
2007-03-17 22:57 25,244 --a------ C:\WINDOWS\system32\drivers\aspi32.sys
2007-03-17 22:57 2,981,888 --a------ C:\WINDOWS\system32\iplw7.dll
2007-03-17 22:57 2,973,696 --a------ C:\WINDOWS\system32\iplA6.dll
2007-03-17 22:57 2,785,280 --a------ C:\WINDOWS\system32\iplM6.dll
2007-03-17 22:57 2,686,976 --a------ C:\WINDOWS\system32\iplM5.dll
2007-03-17 22:57 2,531,328 --a------ C:\WINDOWS\system32\iplP6.dll
2007-03-17 22:57 2,502,656 --a------ C:\WINDOWS\system32\iplPX.dll
2007-03-17 22:57 19,968 --a------ C:\WINDOWS\system32\Cpuinf32.dll
2007-03-17 22:57 188,416 --a------ C:\WINDOWS\system32\AvidSDM.dll
2007-03-17 22:57 155,648 --a------ C:\WINDOWS\system32\AvidAVICodec.dll
2007-03-17 22:57 141,312 --a------ C:\WINDOWS\system32\FFBTN32.dll
2007-03-17 22:57 102,400 --a------ C:\WINDOWS\system32\Dac32.dll
2007-03-17 18:08 45,056 --a------ C:\WINDOWS\system32\wnaspi32.dll
2007-03-17 18:08 180,276 --a------ C:\WINDOWS\system32\Mspdb50.dll
2007-03-16 22:58 5,248 --a------ C:\WINDOWS\system32\drivers\d347prt.sys
2007-03-16 22:58 155,136 --a------ C:\WINDOWS\system32\drivers\d347bus.sys
2007-03-16 18:38 <KANSIO> d-------- C:\DOCUME~1\Miika\avidemux
2007-03-08 20:39 <KANSIO> d-------- C:\Program Files\Common Files\Java

(((((((((((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))))

2007-03-28 20:40 75832 --a------ C:\WINDOWS\system32\perfc00b.dat
2007-03-28 20:40 375932 --a------ C:\WINDOWS\system32\perfh00b.dat
2007-03-18 23:14 -------- d-------- C:\Program Files\messenger plus! live
2007-03-17 22:57 -------- d--h----- C:\Program Files\installshield installation information
2007-03-12 18:16 -------- d-------- C:\Program Files\quicktime
2007-03-10 00:47 -------- d-------- C:\Program Files\windows media connect 2
2007-03-08 21:21 -------- d-------- C:\Program Files\java
2007-03-08 18:38 578048 --a------ C:\WINDOWS\system32\user32.dll
2007-03-08 18:37 40960 --a------ C:\WINDOWS\system32\mf3216.dll
2007-03-08 18:37 281600 --a------ C:\WINDOWS\system32\gdi32.dll
2007-03-08 18:34 1843840 --a------ C:\WINDOWS\system32\win32k.sys
2007-03-04 12:25 -------- d-------- C:\Program Files\ccleaner
2007-03-03 01:06 -------- d-------- C:\Program Files\divx
2007-02-27 00:58 -------- d-------- C:\DOCUME~1\Miika\APPLIC~1\bsplayer
2007-02-27 00:21 -------- d-------- C:\DOCUME~1\Miika\APPLIC~1\bsplayer pro
2007-02-24 20:16 278528 --a------ C:\WINDOWS\system32\livesnth.dll
2007-02-24 20:16 203776 --a------ C:\WINDOWS\system32\clrviddc.dll
2007-02-23 07:29 524288 --a------ C:\WINDOWS\system32\divxsm.exe
2007-02-23 07:29 36624 --------- C:\WINDOWS\system32\drivers\pxhelp20.sys
2007-02-23 07:29 3596288 --a------ C:\WINDOWS\system32\qt-dx331.dll
2007-02-23 07:29 2560 --------- C:\WINDOWS\system32\drivers\cdralw2k.sys
2007-02-23 07:29 2432 --------- C:\WINDOWS\system32\drivers\cdr4_xp.sys
2007-02-23 07:29 200704 --a------ C:\WINDOWS\system32\ssldivx.dll
2007-02-23 07:29 129784 --------- C:\WINDOWS\system32\pxafs.dll
2007-02-23 07:29 118520 --------- C:\WINDOWS\system32\pxinsi64.exe
2007-02-23 07:29 116472 --------- C:\WINDOWS\system32\pxcpyi64.exe
2007-02-23 07:29 1044480 --a------ C:\WINDOWS\system32\libdivx.dll
2007-02-23 07:25 823296 --a------ C:\WINDOWS\system32\divx_xx0c.dll
2007-02-23 07:25 823296 --a------ C:\WINDOWS\system32\divx_xx07.dll
2007-02-23 07:25 802816 --a------ C:\WINDOWS\system32\divx_xx11.dll
2007-02-23 07:25 73728 --a------ C:\WINDOWS\system32\dpl100.dll
2007-02-23 07:25 639066 --a------ C:\WINDOWS\system32\divx.dll
2007-02-23 07:25 593920 --a------ C:\WINDOWS\system32\dpugui11.dll
2007-02-23 07:25 57344 --a------ C:\WINDOWS\system32\dpv11.dll
2007-02-23 07:25 53248 --a------ C:\WINDOWS\system32\dpugui10.dll
2007-02-23 07:25 344064 --a------ C:\WINDOWS\system32\dpus11.dll
2007-02-23 07:25 294912 --a------ C:\WINDOWS\system32\dpu11.dll
2007-02-23 07:25 294912 --a------ C:\WINDOWS\system32\dpu10.dll
2007-02-23 07:25 196608 --a------ C:\WINDOWS\system32\dtu100.dll
2007-02-16 17:37 25040 --a------ C:\DOCUME~1\Miika\APPLIC~1\gdipfontcachev1.dat
2007-02-16 04:40 124472 --a------ C:\WINDOWS\system32\divxcodecupdatechecker.exe
2007-02-08 20:37 -------- d-------- C:\Program Files\msn messenger
2007-02-04 23:29 112271 --a------ C:\WINDOWS\hpoins07.dat
2007-01-25 20:31 88952 --a------ C:\WINDOWS\system32\packet.dll
2007-01-25 20:31 68480 --a------ C:\WINDOWS\system32\wanpacket.dll
2007-01-25 20:31 53299 --a------ C:\WINDOWS\system32\pthreadvc.dll
2007-01-25 20:31 240496 --a------ C:\WINDOWS\system32\wpcap.dll
2007-01-19 13:53 51056 --a------ C:\WINDOWS\system32\sirenacm.dll
2007-01-14 00:02 56 --a------ C:\Program Files\mwav.log
2007-01-11 15:36 1231872 --a------ C:\Program Files\winscp382.exe
2007-01-08 20:01 17408 --a------ C:\WINDOWS\system32\corpol.dll

(((((((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))

*Note* empty entries & legit default entries are not shown

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run]
"CTFMON.EXE"="C:\\WINDOWS\\system32\\ctfmon.exe"
"PowerBar"=""
"NBJ"="\"C:\\Program Files\\Ahead\\Nero BackItUp\\NBJ.exe\""

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run]
"SoundMan"="SOUNDMAN.EXE"
"NvCplDaemon"="\"RUNDLL32.EXE\" C:\\WINDOWS\\system32\\NvCpl.dll,NvStartup"
"nwiz"="\"nwiz.exe\" /install"
"NvMediaCenter"="RunDLL32.exe NvMCTray.dll,NvTaskbarInit"
"RemoteControl"="\"C:\\Program Files\\CyberLink DVD Solution\\PowerDVD\\PDVDServ.exe\""
"InCD"="\"C:\\Program Files\\Ahead\\InCD\\InCD.exe\""
"NeroFilterCheck"="C:\\WINDOWS\\system32\\NeroCheck.exe"
"F-Secure Manager"="\"C:\\Program Files\\BAANA TIETOTURVA\\Common\\FSM32.EXE\" /splash"
"F-Secure TNB"="\"C:\\Program Files\\BAANA TIETOTURVA\\TNB\\TNBUtil.exe\" /CHECKALL /WAITFORSW"
"F-Secure Startup Wizard"="\"C:\\Program Files\\BAANA TIETOTURVA\\FSGUI\\FSSW.EXE\" /reboot"
"News Service"="\"C:\\Program Files\\BAANA TIETOTURVA\\FSGUI\\ispnews.exe\""
"HP Software Update"="\"C:\\Program Files\\HP\\HP Software Update\\HPWuSchd2.exe\""
"BluetoothAuthenticationAgent"="\"rundll32.exe\" bthprops.cpl,,BluetoothAuthenticationAgent"
"DataLayer"="C:\\PROGRA~1\\COMMON~1\\PCSuite\\DATALA~1\\DATALA~1.EXE"
"PCSuiteTrayApplication"="C:\\PROGRA~1\\Nokia\\NOKIAP~1\\TRAYAP~1.EXE"
"Dit"="Dit.exe"
"TkBellExe"="\"C:\\Program Files\\Common Files\\Real\\Update_OB\\realsched.exe\" -osboot"
"SunJavaUpdateSched"="\"C:\\Program Files\\Java\\jre1.6.0\\bin\\jusched.exe\""
"QuickTime Task"="\"C:\\Program Files\\QuickTime\\qttask.exe\" -atboottime"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\IMAIL]
"Installed"="1"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MAPI]
"Installed"="1"
"NoChange"="1"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MSFS]
"Installed"="1"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
"{57B86673-276A-48B2-BAE7-C6DBB3020EB8}"="AVG Anti-Spyware 7.5"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\shellserviceobjectdelayload]
"UPnPMonitor"="{e57ce738-33e8-4c51-8354-bb4de9d215d1}"
"WPDShServiceObj"="{AAA288BA-9A4C-45B0-95D7-94D524869DB5}"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
"SecurityProviders"="msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll"

HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa
Authentication Packages REG_MULTI_SZ msv1_0\0\0
Security Packages REG_MULTI_SZ kerberos\0msv1_0\0schannel\0wdigest\0\0
Notification Packages REG_MULTI_SZ scecli\0\0

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Svchost]
HTTPFilter REG_MULTI_SZ HTTPFilter\0\0
LocalService REG_MULTI_SZ Alerter\0WebClient\0LmHosts\0RemoteRegistry\0upnphost\0SSDPSRV\0\0
NetworkService REG_MULTI_SZ DnsCache\0\0
DcomLaunch REG_MULTI_SZ DcomLaunch\0TermService\0\0
rpcss REG_MULTI_SZ RpcSs\0\0
imgsvc REG_MULTI_SZ StiSvc\0\0
termsvcs REG_MULTI_SZ TermService\0\0
bthsvcs REG_MULTI_SZ BthServ\0\0
WudfServiceGroup REG_MULTI_SZ WUDFSvc\0\0

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{162dcb4f-6ace-11db-999a-806d6172696f}]
Shell\AutoRun\command D:\Autorun.exe root.ini

Contents of the 'Scheduled Tasks' folder
C:\WINDOWS\tasks\AppleSoftwareUpdate.job
C:\WINDOWS\tasks\Scheduled scanning task.job

********************************************************************

catchme 0.2 W2K/XP/Vista - userland rootkit detector by Gmer, 17 October 2006
http://www.gmer.net

scanning hidden processes ...

scanning hidden services ...

scanning hidden autostart entries ...

HKCU\Software\Microsoft\Windows\CurrentVersion\Run
PowerBar = ????????????l?@?l?@?D??????w???????????????wl?@?l?@????? ???????????g??w???w???????w???wx??????????w???????? ??????????????|x???0???????????? pt???w????????????????=?]?2???????????l?@?l?@????????w????t?@?????l?@?8?@?l?@?3??s????????????????????8?@?_??s8?@?8?@
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
PowerBar = ????????????l?@?l?@?D??????w???????????????wl?@?l?@????? ???????????g??w???w???????w???wx??????????w???????? ??????????????|x???0???????????? pt???w????????????????=?]?2???????????l?@?l?@????????w????t?@?????l?@?8?@?l?@?3??s????????????????????8?@?_??s8?@?8?@

scanning hidden files ...

scan completed successfully
hidden processes: 0
hidden services: 0
hidden files: 0

********************************************************************

Completion time: 07-04-08 20:44:45
C:\ComboFix-quarantined-files.txt ... 07-04-08 20:44
C:\ComboFix2.txt ... 07-01-15 19:53
C:\ComboFix3.txt ... 07-01-14 15:38

O20 - Winlogon Notify: WRNotifier - WRLogonNTF.dll (file missing) <--SpySweeperin testiaika jo ohi? jos on niin merkkaa tämäkin rivi
Laajenna...

SpySweeperiä mulla ei pitäs olla koneella enää ollenkaan, koska olen sen poistanut. Eli merkkasin tuonkin.
Tässä hjt-loki:

Logfile of HijackThis v1.99.1
Scan saved at 20:57:39, on 8.4.2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16414)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Ahead\InCD\InCDsrv.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\CyberLink DVD Solution\PowerDVD\PDVDServ.exe
C:\Program Files\Ahead\InCD\InCD.exe
C:\Program Files\BAANA TIETOTURVA\Common\FSM32.EXE
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\PROGRA~1\COMMON~1\PCSuite\DATALA~1\DATALA~1.EXE
C:\PROGRA~1\Nokia\NOKIAP~1\TRAYAP~1.EXE
C:\WINDOWS\Dit.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Java\jre1.6.0\bin\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\DitExp.exe
C:\PROGRA~1\COMMON~1\PCSuite\Services\SERVIC~1.EXE
C:\Program Files\MSI\BToes Bluetooth-ohjelmisto\BTTray.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\HP\Digital Imaging\bin\hpqimzone.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\PROGRA~1\BAANAT~1\backweb\9683872\Program\SERVIC~1.EXE
C:\Program Files\MSI\BToes Bluetooth-ohjelmisto\bin\btwdins.exe
C:\Program Files\BAANA TIETOTURVA\Anti-Virus\fsgk32st.exe
C:\Program Files\BAANA TIETOTURVA\backweb\9683872\program\fsbwsys.exe
C:\Program Files\BAANA TIETOTURVA\Anti-Virus\FSGK32.EXE
C:\Program Files\BAANA TIETOTURVA\Common\FSMA32.EXE
C:\Program Files\BAANA TIETOTURVA\Anti-Virus\fssm32.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\BAANA TIETOTURVA\Common\FSMB32.EXE
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\Program Files\BAANA TIETOTURVA\backweb\9683872\Program\OPOY-Tietoturva.exe
C:\Program Files\BAANA TIETOTURVA\Common\FCH32.EXE
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\PROGRA~1\MSI\BTOESB~1\BTSTAC~1.EXE
C:\Program Files\BAANA TIETOTURVA\Common\FAMEH32.EXE
C:\Program Files\BAANA TIETOTURVA\Anti-Virus\fsqh.exe
C:\Program Files\BAANA TIETOTURVA\Anti-Virus\fsrw.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files\BAANA TIETOTURVA\FWES\Program\fsdfwd.exe
C:\Program Files\BAANA TIETOTURVA\Anti-Virus\fsav32.exe
C:\PROGRA~1\BAANAT~1\ANTI-S~1\fsaw.exe
C:\Program Files\BAANA TIETOTURVA\FSGUI\fsguidll.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\MSN Messenger\usnsvc.exe
C:\Program Files\Opera\Opera.exe
C:\HJT\miggu.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.fi/
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [NvCplDaemon] "RUNDLL32.EXE" C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] "nwiz.exe" /install
O4 - HKLM\..\Run: [NvMediaCenter] RunDLL32.exe NvMCTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink DVD Solution\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [InCD] "C:\Program Files\Ahead\InCD\InCD.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [F-Secure Manager] "C:\Program Files\BAANA TIETOTURVA\Common\FSM32.EXE" /splash
O4 - HKLM\..\Run: [F-Secure TNB] "C:\Program Files\BAANA TIETOTURVA\TNB\TNBUtil.exe" /CHECKALL /WAITFORSW
O4 - HKLM\..\Run: [F-Secure Startup Wizard] "C:\Program Files\BAANA TIETOTURVA\FSGUI\FSSW.EXE" /reboot
O4 - HKLM\..\Run: [News Service] "C:\Program Files\BAANA TIETOTURVA\FSGUI\ispnews.exe"
O4 - HKLM\..\Run: [HP Software Update] "C:\Program Files\HP\HP Software Update\HPWuSchd2.exe"
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] "rundll32.exe" bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [DataLayer] C:\PROGRA~1\COMMON~1\PCSuite\DATALA~1\DATALA~1.EXE
O4 - HKLM\..\Run: [PCSuiteTrayApplication] C:\PROGRA~1\Nokia\NOKIAP~1\TRAYAP~1.EXE
O4 - HKLM\..\Run: [Dit] Dit.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0\bin\jusched.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [NBJ] "C:\Program Files\Ahead\Nero BackItUp\NBJ.exe"
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: BAANA TIETOTURVA.lnk = C:\Program Files\BAANA TIETOTURVA\backweb\9683872\Program\OPOY-Tietoturva.exe
O4 - Global Startup: BTTray.lnk = ?
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: HP Image Zone -pikakäynnistys.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: &Estä tämä kohoikkuna - C:\Program Files\BAANA TIETOTURVA\Anti-Spyware\blockpopups.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Lähetä &Bluetooth-laitteeseen - C:\Program Files\MSI\BToes Bluetooth-ohjelmisto\btsendto_ie_ctx.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0\bin\ssv.dll
O9 - Extra button: IE-suojaus - {300DB664-75B5-47c0-8B45-A44ACCF73C00} - C:\Program Files\BAANA TIETOTURVA\Anti-Spyware\ieshield.dll
O9 - Extra 'Tools' menuitem: IE-suojaus... - {300DB664-75B5-47c0-8B45-A44ACCF73C00} - C:\Program Files\BAANA TIETOTURVA\Anti-Spyware\ieshield.dll
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\MSI\BToes Bluetooth-ohjelmisto\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-4017 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\MSI\BToes Bluetooth-ohjelmisto\btsendto_ie.htm
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O11 - Options group: [INTERNATIONAL] International*
O16 - DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} (Office Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=58813
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://miikapaka.spaces.live.com//PhotoUpload/MsnPUpld.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{8F04B2B5-B5A1-4040-81F2-D675457CEE06}: NameServer = 213.139.190.3 212.50.131.153
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: Autodesk Licensing Service - Autodesk - C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: BAANA TIETOTURVA (BackWeb Plug-in - 9683872) - BackWeb Technologies Inc. - C:\PROGRA~1\BAANAT~1\backweb\9683872\Program\SERVIC~1.EXE
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\MSI\BToes Bluetooth-ohjelmisto\bin\btwdins.exe
O23 - Service: FSGKHS (F-Secure Gatekeeper Handler Starter) - F-Secure Corporation - C:\Program Files\BAANA TIETOTURVA\Anti-Virus\fsgk32st.exe
O23 - Service: FSBWSYS - F-Secure Corp. - C:\Program Files\BAANA TIETOTURVA\backweb\9683872\program\fsbwsys.exe
O23 - Service: F-Secure Anti-Virus Firewall Daemon (FSDFWD) - F-Secure Corporation - C:\Program Files\BAANA TIETOTURVA\FWES\Program\fsdfwd.exe
O23 - Service: FSMA - F-Secure Corporation - C:\Program Files\BAANA TIETOTURVA\Common\FSMA32.EXE
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InCD Helper (InCDsrv) - Nero AG - C:\Program Files\Ahead\InCD\InCDsrv.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - Unknown owner - %ProgramFiles%\WinPcap\rpcapd.exe" -d -f "%ProgramFiles%\WinPcap\rpcapd.ini (file missing)

miggu · 08.04.2007

En tiedä johtuuko näistä asioista, mutta nyt kun aukaisen messengerin, tulee windowsin suojausvaroitusikkuna, jossa sanotaan:

Tietoturvan edistämiseksi Windowsin palomuuri on estänyt osaa tämän ohjelman ominaisuuksista toimimasta.
Haluatko, että ohjelma estetään jatkossakin?

Ja vaihtoehtoina on että jatka estämistä, pura esto tai kysy myöhemmin. Miten kannattaa tehdä?

miggu · 08.04.2007

Ja kun käynnistin koneen uudelleen, tuli toinen samanlainen windowsin suojausvaroitusikkuna, nimenä oli nyt tällainen: "BackWeb Runner Application"... kysyy että estetäänkö vai puretaanko esto? Itse en tiedä yhtään mikä tämä on?

hannu71 · 08.04.2007

hmm nyt saattoi käydä niin , jotta combofix käynnisti sun windowsin palomuurin. Ota se pois käytöstä.

käynnistä->ohjauspaneeli->tietoturvakeskus->windowsin palomuurin ota se pois käytöstä.

Lataa GMER ja tallenna se työpöydällesi:

Pura se työpöydälle ja tuplaklikkaa tiedostoa GMER.exe

Klikkaa rootkit-välilehteä ja sitten klikkaa scan.

Älä rastita "Show All" boksia skannauksen aikana!

Kun skannaus on valmis, klikkaa Copy.

Tämä kopioi lokin leikepöydälle (voit tallentaa lokin varmuuden vuoksi tekstitiedostoon).

Liitä loki sitten viestiketjuusi.

miggu · 08.04.2007

Kun yritän ajaa tuota gmer.exe:ä niin tulee aina virheraportti ja ohjelma sulkeutuu...

hannu71 · 08.04.2007

mitä siinä virhe raportissa lukee, voitko postata sen

tai kokeille ajaa se vikasitotilassa
mene vikasietotilaan. ohje

ja aja gmer siellä

miggu · 08.04.2007

Vikasietotilassa onnistui ajaminen. Tässä loki:

GMER 1.0.12.12086 - http://www.gmer.net
Rootkit scan 2007-04-08 22:47:04
Windows 5.1.2600 Service Pack 2

---- System - GMER 1.0.12 ----

SSDT d347bus.sys ZwClose
SSDT d347bus.sys ZwCreateKey
SSDT d347bus.sys ZwCreatePagingFile
SSDT \WINDOWS\System32\drivers\fsndis5.sys ZwCreateProcess
SSDT \WINDOWS\System32\drivers\fsndis5.sys ZwCreateProcessEx
SSDT \WINDOWS\System32\drivers\fsndis5.sys ZwCreateSection
SSDT \WINDOWS\System32\drivers\fsndis5.sys ZwCreateThread
SSDT d347bus.sys ZwEnumerateKey
SSDT d347bus.sys ZwEnumerateValueKey
SSDT d347bus.sys ZwOpenKey
SSDT d347bus.sys ZwQueryKey
SSDT d347bus.sys ZwQueryValueKey
SSDT d347bus.sys ZwSetSystemPowerState
SSDT \WINDOWS\System32\drivers\fsndis5.sys ZwWriteVirtualMemory

Code \WINDOWS\System32\drivers\fsndis5.sys IoCreateDevice

---- Kernel code sections - GMER 1.0.12 ----

PAGE ntoskrnl.exe!IoCreateDevice 8059F4A5 5 Bytes JMP F788FFD0 \WINDOWS\System32\drivers\fsndis5.sys
PAGENPNP NDIS.SYS!NdisRegisterProtocol F761317D 5 Bytes JMP F788FC49 \WINDOWS\System32\drivers\fsndis5.sys
PAGENPNP NDIS.SYS!NdisOpenAdapter F7613397 5 Bytes JMP F788FEB4 \WINDOWS\System32\drivers\fsndis5.sys
PAGENPNP NDIS.SYS!NdisCloseAdapter F761D61E 5 Bytes JMP F788FEE4 \WINDOWS\System32\drivers\fsndis5.sys
PAGENPNP NDIS.SYS!NdisDeregisterProtocol F761D7FD 5 Bytes JMP F788FCB0 \WINDOWS\System32\drivers\fsndis5.sys

---- Devices - GMER 1.0.12 ----

Device \FileSystem\Ntfs \Ntfs IRP_MJ_READ 8670951C
Device \FileSystem\Fastfat \FatCdrom IRP_MJ_READ 86381CCC
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_CREATE 86535848
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_CREATE_NAMED_PIPE 86535848
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_CLOSE 86535848
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_READ 86535848
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_WRITE 86535848
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_QUERY_INFORMATION 86535848
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_SET_INFORMATION 86535848
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_QUERY_EA 86535848
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_SET_EA 86535848
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_FLUSH_BUFFERS 86535848
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_QUERY_VOLUME_INFORMATION 86535848
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_SET_VOLUME_INFORMATION 86535848
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_DIRECTORY_CONTROL 86535848
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_FILE_SYSTEM_CONTROL 86535848
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_DEVICE_CONTROL 86535848
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_INTERNAL_DEVICE_CONTROL 86535848
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_SHUTDOWN 86535848
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_LOCK_CONTROL 86535848
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_CLEANUP 86535848
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_CREATE_MAILSLOT 86535848
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_QUERY_SECURITY 86535848
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_SET_SECURITY 86535848
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_POWER 86535848
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_SYSTEM_CONTROL 86535848
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_DEVICE_CHANGE 86535848
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_QUERY_QUOTA 86535848
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_SET_QUOTA 86535848
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_PNP 86535848
Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_CREATE 86535848
Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_CREATE_NAMED_PIPE 86535848
Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_CLOSE 86535848
Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_READ 86535848
Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_WRITE 86535848
Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_QUERY_INFORMATION 86535848
Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_SET_INFORMATION 86535848
Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_QUERY_EA 86535848
Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_SET_EA 86535848
Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_FLUSH_BUFFERS 86535848
Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_QUERY_VOLUME_INFORMATION 86535848
Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_SET_VOLUME_INFORMATION 86535848
Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_DIRECTORY_CONTROL 86535848
Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_FILE_SYSTEM_CONTROL 86535848
Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_DEVICE_CONTROL 86535848
Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_INTERNAL_DEVICE_CONTROL 86535848
Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_SHUTDOWN 86535848
Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_LOCK_CONTROL 86535848
Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_CLEANUP 86535848
Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_CREATE_MAILSLOT 86535848
Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_QUERY_SECURITY 86535848
Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_SET_SECURITY 86535848
Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_POWER 86535848
Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_SYSTEM_CONTROL 86535848
Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_DEVICE_CHANGE 86535848
Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_QUERY_QUOTA 86535848
Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_SET_QUOTA 86535848
Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_PNP 86535848
Device \Driver\Cdrom \Device\CdRom2 IRP_MJ_CREATE 86535848
Device \Driver\Cdrom \Device\CdRom2 IRP_MJ_CREATE_NAMED_PIPE 86535848
Device \Driver\Cdrom \Device\CdRom2 IRP_MJ_CLOSE 86535848
Device \Driver\Cdrom \Device\CdRom2 IRP_MJ_READ 86535848
Device \Driver\Cdrom \Device\CdRom2 IRP_MJ_WRITE 86535848
Device \Driver\Cdrom \Device\CdRom2 IRP_MJ_QUERY_INFORMATION 86535848
Device \Driver\Cdrom \Device\CdRom2 IRP_MJ_SET_INFORMATION 86535848
Device \Driver\Cdrom \Device\CdRom2 IRP_MJ_QUERY_EA 86535848
Device \Driver\Cdrom \Device\CdRom2 IRP_MJ_SET_EA 86535848
Device \Driver\Cdrom \Device\CdRom2 IRP_MJ_FLUSH_BUFFERS 86535848
Device \Driver\Cdrom \Device\CdRom2 IRP_MJ_QUERY_VOLUME_INFORMATION 86535848
Device \Driver\Cdrom \Device\CdRom2 IRP_MJ_SET_VOLUME_INFORMATION 86535848
Device \Driver\Cdrom \Device\CdRom2 IRP_MJ_DIRECTORY_CONTROL 86535848
Device \Driver\Cdrom \Device\CdRom2 IRP_MJ_FILE_SYSTEM_CONTROL 86535848
Device \Driver\Cdrom \Device\CdRom2 IRP_MJ_DEVICE_CONTROL 86535848
Device \Driver\Cdrom \Device\CdRom2 IRP_MJ_INTERNAL_DEVICE_CONTROL 86535848
Device \Driver\Cdrom \Device\CdRom2 IRP_MJ_SHUTDOWN 86535848
Device \Driver\Cdrom \Device\CdRom2 IRP_MJ_LOCK_CONTROL 86535848
Device \Driver\Cdrom \Device\CdRom2 IRP_MJ_CLEANUP 86535848
Device \Driver\Cdrom \Device\CdRom2 IRP_MJ_CREATE_MAILSLOT 86535848
Device \Driver\Cdrom \Device\CdRom2 IRP_MJ_QUERY_SECURITY 86535848
Device \Driver\Cdrom \Device\CdRom2 IRP_MJ_SET_SECURITY 86535848
Device \Driver\Cdrom \Device\CdRom2 IRP_MJ_POWER 86535848
Device \Driver\Cdrom \Device\CdRom2 IRP_MJ_SYSTEM_CONTROL 86535848
Device \Driver\Cdrom \Device\CdRom2 IRP_MJ_DEVICE_CHANGE 86535848
Device \Driver\Cdrom \Device\CdRom2 IRP_MJ_QUERY_QUOTA 86535848
Device \Driver\Cdrom \Device\CdRom2 IRP_MJ_SET_QUOTA 86535848
Device \Driver\Cdrom \Device\CdRom2 IRP_MJ_PNP 86535848
Device \Driver\prohlp02 \Device\ProHlp02 IRP_MJ_CREATE E14D59D0
Device \Driver\prohlp02 \Device\ProHlp02 IRP_MJ_CLOSE E14D59D0
Device \Driver\prohlp02 \Device\ProHlp02 IRP_MJ_DEVICE_CONTROL E14D59D0
Device \Driver\nvata \Device\00000078 IRP_MJ_CREATE 86554530
Device \Driver\nvata \Device\00000078 IRP_MJ_CREATE_NAMED_PIPE 86554530
Device \Driver\nvata \Device\00000078 IRP_MJ_CLOSE 86554530
Device \Driver\nvata \Device\00000078 IRP_MJ_READ 86554530
Device \Driver\nvata \Device\00000078 IRP_MJ_WRITE 86554530
Device \Driver\nvata \Device\00000078 IRP_MJ_QUERY_INFORMATION 86554530
Device \Driver\nvata \Device\00000078 IRP_MJ_SET_INFORMATION 86554530
Device \Driver\nvata \Device\00000078 IRP_MJ_QUERY_EA 86554530
Device \Driver\nvata \Device\00000078 IRP_MJ_SET_EA 86554530
Device \Driver\nvata \Device\00000078 IRP_MJ_FLUSH_BUFFERS 86554530
Device \Driver\nvata \Device\00000078 IRP_MJ_QUERY_VOLUME_INFORMATION 86554530
Device \Driver\nvata \Device\00000078 IRP_MJ_SET_VOLUME_INFORMATION 86554530
Device \Driver\nvata \Device\00000078 IRP_MJ_DIRECTORY_CONTROL 86554530
Device \Driver\nvata \Device\00000078 IRP_MJ_FILE_SYSTEM_CONTROL 86554530
Device \Driver\nvata \Device\00000078 IRP_MJ_DEVICE_CONTROL 86554530
Device \Driver\nvata \Device\00000078 IRP_MJ_INTERNAL_DEVICE_CONTROL 86554530
Device \Driver\nvata \Device\00000078 IRP_MJ_SHUTDOWN 86554530
Device \Driver\nvata \Device\00000078 IRP_MJ_LOCK_CONTROL 86554530
Device \Driver\nvata \Device\00000078 IRP_MJ_CLEANUP 86554530
Device \Driver\nvata \Device\00000078 IRP_MJ_CREATE_MAILSLOT 86554530
Device \Driver\nvata \Device\00000078 IRP_MJ_QUERY_SECURITY 86554530
Device \Driver\nvata \Device\00000078 IRP_MJ_SET_SECURITY 86554530
Device \Driver\nvata \Device\00000078 IRP_MJ_POWER 86554530
Device \Driver\nvata \Device\00000078 IRP_MJ_SYSTEM_CONTROL 86554530
Device \Driver\nvata \Device\00000078 IRP_MJ_DEVICE_CHANGE 86554530
Device \Driver\nvata \Device\00000078 IRP_MJ_QUERY_QUOTA 86554530
Device \Driver\nvata \Device\00000078 IRP_MJ_SET_QUOTA 86554530
Device \Driver\nvata \Device\00000078 IRP_MJ_PNP 86554530
Device \Driver\nvata \Device\NvAta0 IRP_MJ_CREATE 86554530
Device \Driver\nvata \Device\NvAta0 IRP_MJ_CREATE_NAMED_PIPE 86554530
Device \Driver\nvata \Device\NvAta0 IRP_MJ_CLOSE 86554530
Device \Driver\nvata \Device\NvAta0 IRP_MJ_READ 86554530
Device \Driver\nvata \Device\NvAta0 IRP_MJ_WRITE 86554530
Device \Driver\nvata \Device\NvAta0 IRP_MJ_QUERY_INFORMATION 86554530
Device \Driver\nvata \Device\NvAta0 IRP_MJ_SET_INFORMATION 86554530
Device \Driver\nvata \Device\NvAta0 IRP_MJ_QUERY_EA 86554530
Device \Driver\nvata \Device\NvAta0 IRP_MJ_SET_EA 86554530
Device \Driver\nvata \Device\NvAta0 IRP_MJ_FLUSH_BUFFERS 86554530
Device \Driver\nvata \Device\NvAta0 IRP_MJ_QUERY_VOLUME_INFORMATION 86554530
Device \Driver\nvata \Device\NvAta0 IRP_MJ_SET_VOLUME_INFORMATION 86554530
Device \Driver\nvata \Device\NvAta0 IRP_MJ_DIRECTORY_CONTROL 86554530
Device \Driver\nvata \Device\NvAta0 IRP_MJ_FILE_SYSTEM_CONTROL 86554530
Device \Driver\nvata \Device\NvAta0 IRP_MJ_DEVICE_CONTROL 86554530
Device \Driver\nvata \Device\NvAta0 IRP_MJ_INTERNAL_DEVICE_CONTROL 86554530
Device \Driver\nvata \Device\NvAta0 IRP_MJ_SHUTDOWN 86554530
Device \Driver\nvata \Device\NvAta0 IRP_MJ_LOCK_CONTROL 86554530
Device \Driver\nvata \Device\NvAta0 IRP_MJ_CLEANUP 86554530
Device \Driver\nvata \Device\NvAta0 IRP_MJ_CREATE_MAILSLOT 86554530
Device \Driver\nvata \Device\NvAta0 IRP_MJ_QUERY_SECURITY 86554530
Device \Driver\nvata \Device\NvAta0 IRP_MJ_SET_SECURITY 86554530
Device \Driver\nvata \Device\NvAta0 IRP_MJ_POWER 86554530
Device \Driver\nvata \Device\NvAta0 IRP_MJ_SYSTEM_CONTROL 86554530
Device \Driver\nvata \Device\NvAta0 IRP_MJ_DEVICE_CHANGE 86554530
Device \Driver\nvata \Device\NvAta0 IRP_MJ_QUERY_QUOTA 86554530
Device \Driver\nvata \Device\NvAta0 IRP_MJ_SET_QUOTA 86554530
Device \Driver\nvata \Device\NvAta0 IRP_MJ_PNP 86554530
Device \Driver\nvata \Device\0000007a IRP_MJ_CREATE 86554530
Device \Driver\nvata \Device\0000007a IRP_MJ_CREATE_NAMED_PIPE 86554530
Device \Driver\nvata \Device\0000007a IRP_MJ_CLOSE 86554530
Device \Driver\nvata \Device\0000007a IRP_MJ_READ 86554530
Device \Driver\nvata \Device\0000007a IRP_MJ_WRITE 86554530
Device \Driver\nvata \Device\0000007a IRP_MJ_QUERY_INFORMATION 86554530
Device \Driver\nvata \Device\0000007a IRP_MJ_SET_INFORMATION 86554530
Device \Driver\nvata \Device\0000007a IRP_MJ_QUERY_EA 86554530
Device \Driver\nvata \Device\0000007a IRP_MJ_SET_EA 86554530
Device \Driver\nvata \Device\0000007a IRP_MJ_FLUSH_BUFFERS 86554530
Device \Driver\nvata \Device\0000007a IRP_MJ_QUERY_VOLUME_INFORMATION 86554530
Device \Driver\nvata \Device\0000007a IRP_MJ_SET_VOLUME_INFORMATION 86554530
Device \Driver\nvata \Device\0000007a IRP_MJ_DIRECTORY_CONTROL 86554530
Device \Driver\nvata \Device\0000007a IRP_MJ_FILE_SYSTEM_CONTROL 86554530
Device \Driver\nvata \Device\0000007a IRP_MJ_DEVICE_CONTROL 86554530
Device \Driver\nvata \Device\0000007a IRP_MJ_INTERNAL_DEVICE_CONTROL 86554530
Device \Driver\nvata \Device\0000007a IRP_MJ_SHUTDOWN 86554530
Device \Driver\nvata \Device\0000007a IRP_MJ_LOCK_CONTROL 86554530
Device \Driver\nvata \Device\0000007a IRP_MJ_CLEANUP 86554530
Device \Driver\nvata \Device\0000007a IRP_MJ_CREATE_MAILSLOT 86554530
Device \Driver\nvata \Device\0000007a IRP_MJ_QUERY_SECURITY 86554530
Device \Driver\nvata \Device\0000007a IRP_MJ_SET_SECURITY 86554530
Device \Driver\nvata \Device\0000007a IRP_MJ_POWER 86554530
Device \Driver\nvata \Device\0000007a IRP_MJ_SYSTEM_CONTROL 86554530
Device \Driver\nvata \Device\0000007a IRP_MJ_DEVICE_CHANGE 86554530
Device \Driver\nvata \Device\0000007a IRP_MJ_QUERY_QUOTA 86554530
Device \Driver\nvata \Device\0000007a IRP_MJ_SET_QUOTA 86554530
Device \Driver\nvata \Device\0000007a IRP_MJ_PNP 86554530
Device \Driver\nvata \Device\NvAta1 IRP_MJ_CREATE 86554530
Device \Driver\nvata \Device\NvAta1 IRP_MJ_CREATE_NAMED_PIPE 86554530
Device \Driver\nvata \Device\NvAta1 IRP_MJ_CLOSE 86554530
Device \Driver\nvata \Device\NvAta1 IRP_MJ_READ 86554530
Device \Driver\nvata \Device\NvAta1 IRP_MJ_WRITE 86554530
Device \Driver\nvata \Device\NvAta1 IRP_MJ_QUERY_INFORMATION 86554530
Device \Driver\nvata \Device\NvAta1 IRP_MJ_SET_INFORMATION 86554530
Device \Driver\nvata \Device\NvAta1 IRP_MJ_QUERY_EA 86554530
Device \Driver\nvata \Device\NvAta1 IRP_MJ_SET_EA 86554530
Device \Driver\nvata \Device\NvAta1 IRP_MJ_FLUSH_BUFFERS 86554530
Device \Driver\nvata \Device\NvAta1 IRP_MJ_QUERY_VOLUME_INFORMATION 86554530
Device \Driver\nvata \Device\NvAta1 IRP_MJ_SET_VOLUME_INFORMATION 86554530
Device \Driver\nvata \Device\NvAta1 IRP_MJ_DIRECTORY_CONTROL 86554530
Device \Driver\nvata \Device\NvAta1 IRP_MJ_FILE_SYSTEM_CONTROL 86554530
Device \Driver\nvata \Device\NvAta1 IRP_MJ_DEVICE_CONTROL 86554530
Device \Driver\nvata \Device\NvAta1 IRP_MJ_INTERNAL_DEVICE_CONTROL 86554530
Device \Driver\nvata \Device\NvAta1 IRP_MJ_SHUTDOWN 86554530
Device \Driver\nvata \Device\NvAta1 IRP_MJ_LOCK_CONTROL 86554530
Device \Driver\nvata \Device\NvAta1 IRP_MJ_CLEANUP 86554530
Device \Driver\nvata \Device\NvAta1 IRP_MJ_CREATE_MAILSLOT 86554530
Device \Driver\nvata \Device\NvAta1 IRP_MJ_QUERY_SECURITY 86554530
Device \Driver\nvata \Device\NvAta1 IRP_MJ_SET_SECURITY 86554530
Device \Driver\nvata \Device\NvAta1 IRP_MJ_POWER 86554530
Device \Driver\nvata \Device\NvAta1 IRP_MJ_SYSTEM_CONTROL 86554530
Device \Driver\nvata \Device\NvAta1 IRP_MJ_DEVICE_CHANGE 86554530
Device \Driver\nvata \Device\NvAta1 IRP_MJ_QUERY_QUOTA 86554530
Device \Driver\nvata \Device\NvAta1 IRP_MJ_SET_QUOTA 86554530
Device \Driver\nvata \Device\NvAta1 IRP_MJ_PNP 86554530
Device \Driver\nvata \Device\NvAta2 IRP_MJ_CREATE 86554530
Device \Driver\nvata \Device\NvAta2 IRP_MJ_CREATE_NAMED_PIPE 86554530
Device \Driver\nvata \Device\NvAta2 IRP_MJ_CLOSE 86554530
Device \Driver\nvata \Device\NvAta2 IRP_MJ_READ 86554530
Device \Driver\nvata \Device\NvAta2 IRP_MJ_WRITE 86554530
Device \Driver\nvata \Device\NvAta2 IRP_MJ_QUERY_INFORMATION 86554530
Device \Driver\nvata \Device\NvAta2 IRP_MJ_SET_INFORMATION 86554530
Device \Driver\nvata \Device\NvAta2 IRP_MJ_QUERY_EA 86554530
Device \Driver\nvata \Device\NvAta2 IRP_MJ_SET_EA 86554530
Device \Driver\nvata \Device\NvAta2 IRP_MJ_FLUSH_BUFFERS 86554530
Device \Driver\nvata \Device\NvAta2 IRP_MJ_QUERY_VOLUME_INFORMATION 86554530
Device \Driver\nvata \Device\NvAta2 IRP_MJ_SET_VOLUME_INFORMATION 86554530
Device \Driver\nvata \Device\NvAta2 IRP_MJ_DIRECTORY_CONTROL 86554530
Device \Driver\nvata \Device\NvAta2 IRP_MJ_FILE_SYSTEM_CONTROL 86554530
Device \Driver\nvata \Device\NvAta2 IRP_MJ_DEVICE_CONTROL 86554530
Device \Driver\nvata \Device\NvAta2 IRP_MJ_INTERNAL_DEVICE_CONTROL 86554530
Device \Driver\nvata \Device\NvAta2 IRP_MJ_SHUTDOWN 86554530
Device \Driver\nvata \Device\NvAta2 IRP_MJ_LOCK_CONTROL 86554530
Device \Driver\nvata \Device\NvAta2 IRP_MJ_CLEANUP 86554530
Device \Driver\nvata \Device\NvAta2 IRP_MJ_CREATE_MAILSLOT 86554530
Device \Driver\nvata \Device\NvAta2 IRP_MJ_QUERY_SECURITY 86554530
Device \Driver\nvata \Device\NvAta2 IRP_MJ_SET_SECURITY 86554530
Device \Driver\nvata \Device\NvAta2 IRP_MJ_POWER 86554530
Device \Driver\nvata \Device\NvAta2 IRP_MJ_SYSTEM_CONTROL 86554530
Device \Driver\nvata \Device\NvAta2 IRP_MJ_DEVICE_CHANGE 86554530
Device \Driver\nvata \Device\NvAta2 IRP_MJ_QUERY_QUOTA 86554530
Device \Driver\nvata \Device\NvAta2 IRP_MJ_SET_QUOTA 86554530
Device \Driver\nvata \Device\NvAta2 IRP_MJ_PNP 86554530
Device \FileSystem\Npfs \Device\NamedPipe IRP_MJ_READ 8647721C
Device \FileSystem\Msfs \Device\Mailslot IRP_MJ_READ 8647ABC4
Device \Driver\xmasscsi \Device\Scsi\xmasscsi1 IRP_MJ_CREATE 865238A0
Device \Driver\xmasscsi \Device\Scsi\xmasscsi1 IRP_MJ_CREATE_NAMED_PIPE 865238A0
Device \Driver\xmasscsi \Device\Scsi\xmasscsi1 IRP_MJ_CLOSE 865238A0
Device \Driver\xmasscsi \Device\Scsi\xmasscsi1 IRP_MJ_READ 865238A0
Device \Driver\xmasscsi \Device\Scsi\xmasscsi1 IRP_MJ_WRITE 865238A0
Device \Driver\xmasscsi \Device\Scsi\xmasscsi1 IRP_MJ_QUERY_INFORMATION 865238A0
Device \Driver\xmasscsi \Device\Scsi\xmasscsi1 IRP_MJ_SET_INFORMATION 865238A0
Device \Driver\xmasscsi \Device\Scsi\xmasscsi1 IRP_MJ_QUERY_EA 865238A0
Device \Driver\xmasscsi \Device\Scsi\xmasscsi1 IRP_MJ_SET_EA 865238A0
Device \Driver\xmasscsi \Device\Scsi\xmasscsi1 IRP_MJ_FLUSH_BUFFERS 865238A0
Device \Driver\xmasscsi \Device\Scsi\xmasscsi1 IRP_MJ_QUERY_VOLUME_INFORMATION 865238A0
Device \Driver\xmasscsi \Device\Scsi\xmasscsi1 IRP_MJ_SET_VOLUME_INFORMATION 865238A0
Device \Driver\xmasscsi \Device\Scsi\xmasscsi1 IRP_MJ_DIRECTORY_CONTROL 865238A0
Device \Driver\xmasscsi \Device\Scsi\xmasscsi1 IRP_MJ_FILE_SYSTEM_CONTROL 865238A0
Device \Driver\xmasscsi \Device\Scsi\xmasscsi1 IRP_MJ_DEVICE_CONTROL 865238A0
Device \Driver\xmasscsi \Device\Scsi\xmasscsi1 IRP_MJ_INTERNAL_DEVICE_CONTROL 865238A0
Device \Driver\xmasscsi \Device\Scsi\xmasscsi1 IRP_MJ_SHUTDOWN 865238A0
Device \Driver\xmasscsi \Device\Scsi\xmasscsi1 IRP_MJ_LOCK_CONTROL 865238A0
Device \Driver\xmasscsi \Device\Scsi\xmasscsi1 IRP_MJ_CLEANUP 865238A0
Device \Driver\xmasscsi \Device\Scsi\xmasscsi1 IRP_MJ_CREATE_MAILSLOT 865238A0
Device \Driver\xmasscsi \Device\Scsi\xmasscsi1 IRP_MJ_QUERY_SECURITY 865238A0
Device \Driver\xmasscsi \Device\Scsi\xmasscsi1 IRP_MJ_SET_SECURITY 865238A0
Device \Driver\xmasscsi \Device\Scsi\xmasscsi1 IRP_MJ_POWER 865238A0
Device \Driver\xmasscsi \Device\Scsi\xmasscsi1 IRP_MJ_SYSTEM_CONTROL 865238A0
Device \Driver\xmasscsi \Device\Scsi\xmasscsi1 IRP_MJ_DEVICE_CHANGE 865238A0
Device \Driver\xmasscsi \Device\Scsi\xmasscsi1 IRP_MJ_QUERY_QUOTA 865238A0
Device \Driver\xmasscsi \Device\Scsi\xmasscsi1 IRP_MJ_SET_QUOTA 865238A0
Device \Driver\xmasscsi \Device\Scsi\xmasscsi1 IRP_MJ_PNP 865238A0
Device \Driver\d347prt \Device\Scsi\d347prt1Port4Path0Target0Lun0 IRP_MJ_CREATE 8674B008
Device \Driver\d347prt \Device\Scsi\d347prt1Port4Path0Target0Lun0 IRP_MJ_CREATE_NAMED_PIPE 8674B008
Device \Driver\d347prt \Device\Scsi\d347prt1Port4Path0Target0Lun0 IRP_MJ_CLOSE 8674B008
Device \Driver\d347prt \Device\Scsi\d347prt1Port4Path0Target0Lun0 IRP_MJ_READ 8674B008
Device \Driver\d347prt \Device\Scsi\d347prt1Port4Path0Target0Lun0 IRP_MJ_WRITE 8674B008
Device \Driver\d347prt \Device\Scsi\d347prt1Port4Path0Target0Lun0 IRP_MJ_QUERY_INFORMATION 8674B008
Device \Driver\d347prt \Device\Scsi\d347prt1Port4Path0Target0Lun0 IRP_MJ_SET_INFORMATION 8674B008
Device \Driver\d347prt \Device\Scsi\d347prt1Port4Path0Target0Lun0 IRP_MJ_QUERY_EA 8674B008
Device \Driver\d347prt \Device\Scsi\d347prt1Port4Path0Target0Lun0 IRP_MJ_SET_EA 8674B008
Device \Driver\d347prt \Device\Scsi\d347prt1Port4Path0Target0Lun0 IRP_MJ_FLUSH_BUFFERS 8674B008
Device \Driver\d347prt \Device\Scsi\d347prt1Port4Path0Target0Lun0 IRP_MJ_QUERY_VOLUME_INFORMATION 8674B008
Device \Driver\d347prt \Device\Scsi\d347prt1Port4Path0Target0Lun0 IRP_MJ_SET_VOLUME_INFORMATION 8674B008
Device \Driver\d347prt \Device\Scsi\d347prt1Port4Path0Target0Lun0 IRP_MJ_DIRECTORY_CONTROL 8674B008
Device \Driver\d347prt \Device\Scsi\d347prt1Port4Path0Target0Lun0 IRP_MJ_FILE_SYSTEM_CONTROL 8674B008
Device \Driver\d347prt \Device\Scsi\d347prt1Port4Path0Target0Lun0 IRP_MJ_DEVICE_CONTROL 8674B008
Device \Driver\d347prt \Device\Scsi\d347prt1Port4Path0Target0Lun0 IRP_MJ_INTERNAL_DEVICE_CONTROL 8674B008
Device \Driver\d347prt \Device\Scsi\d347prt1Port4Path0Target0Lun0 IRP_MJ_SHUTDOWN 8674B008
Device \Driver\d347prt \Device\Scsi\d347prt1Port4Path0Target0Lun0 IRP_MJ_LOCK_CONTROL 8674B008
Device \Driver\d347prt \Device\Scsi\d347prt1Port4Path0Target0Lun0 IRP_MJ_CLEANUP 8674B008
Device \Driver\d347prt \Device\Scsi\d347prt1Port4Path0Target0Lun0 IRP_MJ_CREATE_MAILSLOT 8674B008
Device \Driver\d347prt \Device\Scsi\d347prt1Port4Path0Target0Lun0 IRP_MJ_QUERY_SECURITY 8674B008
Device \Driver\d347prt \Device\Scsi\d347prt1Port4Path0Target0Lun0 IRP_MJ_SET_SECURITY 8674B008
Device \Driver\d347prt \Device\Scsi\d347prt1Port4Path0Target0Lun0 IRP_MJ_POWER 8674B008
Device \Driver\d347prt \Device\Scsi\d347prt1Port4Path0Target0Lun0 IRP_MJ_SYSTEM_CONTROL 8674B008
Device \Driver\d347prt \Device\Scsi\d347prt1Port4Path0Target0Lun0 IRP_MJ_DEVICE_CHANGE 8674B008
Device \Driver\d347prt \Device\Scsi\d347prt1Port4Path0Target0Lun0 IRP_MJ_QUERY_QUOTA 8674B008
Device \Driver\d347prt \Device\Scsi\d347prt1Port4Path0Target0Lun0 IRP_MJ_SET_QUOTA 8674B008
Device \Driver\d347prt \Device\Scsi\d347prt1Port4Path0Target0Lun0 IRP_MJ_PNP 8674B008
Device \Driver\xmasscsi \Device\Scsi\xmasscsi1Port3Path0Target0Lun0 IRP_MJ_CREATE 865238A0
Device \Driver\xmasscsi \Device\Scsi\xmasscsi1Port3Path0Target0Lun0 IRP_MJ_CREATE_NAMED_PIPE 865238A0
Device \Driver\xmasscsi \Device\Scsi\xmasscsi1Port3Path0Target0Lun0 IRP_MJ_CLOSE 865238A0
Device \Driver\xmasscsi \Device\Scsi\xmasscsi1Port3Path0Target0Lun0 IRP_MJ_READ 865238A0
Device \Driver\xmasscsi \Device\Scsi\xmasscsi1Port3Path0Target0Lun0 IRP_MJ_WRITE 865238A0
Device \Driver\xmasscsi \Device\Scsi\xmasscsi1Port3Path0Target0Lun0 IRP_MJ_QUERY_INFORMATION 865238A0
Device \Driver\xmasscsi \Device\Scsi\xmasscsi1Port3Path0Target0Lun0 IRP_MJ_SET_INFORMATION 865238A0
Device \Driver\xmasscsi \Device\Scsi\xmasscsi1Port3Path0Target0Lun0 IRP_MJ_QUERY_EA 865238A0
Device \Driver\xmasscsi \Device\Scsi\xmasscsi1Port3Path0Target0Lun0 IRP_MJ_SET_EA 865238A0
Device \Driver\xmasscsi \Device\Scsi\xmasscsi1Port3Path0Target0Lun0 IRP_MJ_FLUSH_BUFFERS 865238A0
Device \Driver\xmasscsi \Device\Scsi\xmasscsi1Port3Path0Target0Lun0 IRP_MJ_QUERY_VOLUME_INFORMATION 865238A0
Device \Driver\xmasscsi \Device\Scsi\xmasscsi1Port3Path0Target0Lun0 IRP_MJ_SET_VOLUME_INFORMATION 865238A0
Device \Driver\xmasscsi \Device\Scsi\xmasscsi1Port3Path0Target0Lun0 IRP_MJ_DIRECTORY_CONTROL 865238A0
Device \Driver\xmasscsi \Device\Scsi\xmasscsi1Port3Path0Target0Lun0 IRP_MJ_FILE_SYSTEM_CONTROL 865238A0
Device \Driver\xmasscsi \Device\Scsi\xmasscsi1Port3Path0Target0Lun0 IRP_MJ_DEVICE_CONTROL 865238A0
Device \Driver\xmasscsi \Device\Scsi\xmasscsi1Port3Path0Target0Lun0 IRP_MJ_INTERNAL_DEVICE_CONTROL 865238A0
Device \Driver\xmasscsi \Device\Scsi\xmasscsi1Port3Path0Target0Lun0 IRP_MJ_SHUTDOWN 865238A0
Device \Driver\xmasscsi \Device\Scsi\xmasscsi1Port3Path0Target0Lun0 IRP_MJ_LOCK_CONTROL 865238A0
Device \Driver\xmasscsi \Device\Scsi\xmasscsi1Port3Path0Target0Lun0 IRP_MJ_CLEANUP 865238A0
Device \Driver\xmasscsi \Device\Scsi\xmasscsi1Port3Path0Target0Lun0 IRP_MJ_CREATE_MAILSLOT 865238A0
Device \Driver\xmasscsi \Device\Scsi\xmasscsi1Port3Path0Target0Lun0 IRP_MJ_QUERY_SECURITY 865238A0
Device \Driver\xmasscsi \Device\Scsi\xmasscsi1Port3Path0Target0Lun0 IRP_MJ_SET_SECURITY 865238A0
Device \Driver\xmasscsi \Device\Scsi\xmasscsi1Port3Path0Target0Lun0 IRP_MJ_POWER 865238A0
Device \Driver\xmasscsi \Device\Scsi\xmasscsi1Port3Path0Target0Lun0 IRP_MJ_SYSTEM_CONTROL 865238A0
Device \Driver\xmasscsi \Device\Scsi\xmasscsi1Port3Path0Target0Lun0 IRP_MJ_DEVICE_CHANGE 865238A0
Device \Driver\xmasscsi \Device\Scsi\xmasscsi1Port3Path0Target0Lun0 IRP_MJ_QUERY_QUOTA 865238A0
Device \Driver\xmasscsi \Device\Scsi\xmasscsi1Port3Path0Target0Lun0 IRP_MJ_SET_QUOTA 865238A0
Device \Driver\xmasscsi \Device\Scsi\xmasscsi1Port3Path0Target0Lun0 IRP_MJ_PNP 865238A0
Device \Driver\d347prt \Device\Scsi\d347prt1 IRP_MJ_CREATE 8674B008
Device \Driver\d347prt \Device\Scsi\d347prt1 IRP_MJ_CREATE_NAMED_PIPE 8674B008
Device \Driver\d347prt \Device\Scsi\d347prt1 IRP_MJ_CLOSE 8674B008
Device \Driver\d347prt \Device\Scsi\d347prt1 IRP_MJ_READ 8674B008
Device \Driver\d347prt \Device\Scsi\d347prt1 IRP_MJ_WRITE 8674B008
Device \Driver\d347prt \Device\Scsi\d347prt1 IRP_MJ_QUERY_INFORMATION 8674B008
Device \Driver\d347prt \Device\Scsi\d347prt1 IRP_MJ_SET_INFORMATION 8674B008
Device \Driver\d347prt \Device\Scsi\d347prt1 IRP_MJ_QUERY_EA 8674B008
Device \Driver\d347prt \Device\Scsi\d347prt1 IRP_MJ_SET_EA 8674B008
Device \Driver\d347prt \Device\Scsi\d347prt1 IRP_MJ_FLUSH_BUFFERS 8674B008
Device \Driver\d347prt \Device\Scsi\d347prt1 IRP_MJ_QUERY_VOLUME_INFORMATION 8674B008
Device \Driver\d347prt \Device\Scsi\d347prt1 IRP_MJ_SET_VOLUME_INFORMATION 8674B008
Device \Driver\d347prt \Device\Scsi\d347prt1 IRP_MJ_DIRECTORY_CONTROL 8674B008
Device \Driver\d347prt \Device\Scsi\d347prt1 IRP_MJ_FILE_SYSTEM_CONTROL 8674B008
Device \Driver\d347prt \Device\Scsi\d347prt1 IRP_MJ_DEVICE_CONTROL 8674B008
Device \Driver\d347prt \Device\Scsi\d347prt1 IRP_MJ_INTERNAL_DEVICE_CONTROL 8674B008
Device \Driver\d347prt \Device\Scsi\d347prt1 IRP_MJ_SHUTDOWN 8674B008
Device \Driver\d347prt \Device\Scsi\d347prt1 IRP_MJ_LOCK_CONTROL 8674B008
Device \Driver\d347prt \Device\Scsi\d347prt1 IRP_MJ_CLEANUP 8674B008
Device \Driver\d347prt \Device\Scsi\d347prt1 IRP_MJ_CREATE_MAILSLOT 8674B008
Device \Driver\d347prt \Device\Scsi\d347prt1 IRP_MJ_QUERY_SECURITY 8674B008
Device \Driver\d347prt \Device\Scsi\d347prt1 IRP_MJ_SET_SECURITY 8674B008
Device \Driver\d347prt \Device\Scsi\d347prt1 IRP_MJ_POWER 8674B008
Device \Driver\d347prt \Device\Scsi\d347prt1 IRP_MJ_SYSTEM_CONTROL 8674B008
Device \Driver\d347prt \Device\Scsi\d347prt1 IRP_MJ_DEVICE_CHANGE 8674B008
Device \Driver\d347prt \Device\Scsi\d347prt1 IRP_MJ_QUERY_QUOTA 8674B008
Device \Driver\d347prt \Device\Scsi\d347prt1 IRP_MJ_SET_QUOTA 8674B008
Device \Driver\d347prt \Device\Scsi\d347prt1 IRP_MJ_PNP 8674B008
Device \FileSystem\Fastfat \Fat IRP_MJ_READ 86381CCC
Device \FileSystem\Fs_Rec \FileSystem\UdfsCdRomRecognizer IRP_MJ_READ 86711604
Device \FileSystem\Fs_Rec \FileSystem\FatCdRomRecognizer IRP_MJ_READ 86711604
Device \FileSystem\Fs_Rec \FileSystem\CdfsRecognizer IRP_MJ_READ 86711604
Device \FileSystem\Fs_Rec \FileSystem\FatDiskRecognizer IRP_MJ_READ 86711604
Device \FileSystem\Fs_Rec \FileSystem\UdfsDiskRecognizer IRP_MJ_READ 86711604
Device \FileSystem\Cdfs \Cdfs IRP_MJ_READ 8645C50C

---- Files - GMER 1.0.12 ----

ADS C:\Documents and Settings\Miika\Local Settings\Application Data\Microsoft\Messenger\miikajp86@hotmail.com\SharingMetadata\samppapak72@hotmail.com\DFSR\Staging\CS{31F49BB6-56D0-DF5B-7433-FAE1C79D2A09}\01\10-{31F49BB6-56D0-DF5B-7433-FAE1C79D2A09}-v1-{A98BD47F-0E44-463D-9223-1251C9463778}-v10-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS
ADS C:\Documents and Settings\Miika\Local Settings\Application Data\Microsoft\Messenger\miikajp86@hotmail.com\SharingMetadata\samppapak72@hotmail.com\DFSR\Staging\CS{31F49BB6-56D0-DF5B-7433-FAE1C79D2A09}\11\11-{059DFC5D-AD50-4181-8422-46DB13230E94}-v11-{059DFC5D-AD50-4181-8422-46DB13230E94}-v11-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS
ADS C:\Documents and Settings\Miika\Local Settings\Application Data\Microsoft\Messenger\miikajp86@hotmail.com\SharingMetadata\samppapak72@hotmail.com\DFSR\Staging\CS{31F49BB6-56D0-DF5B-7433-FAE1C79D2A09}\13\13-{A98BD47F-0E44-463D-9223-1251C9463778}-v13-{A98BD47F-0E44-463D-9223-1251C9463778}-v13-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.rdc.1
ADS C:\Documents and Settings\Miika\Local Settings\Application Data\Microsoft\Messenger\miikajp86@hotmail.com\SharingMetadata\samppapak72@hotmail.com\DFSR\Staging\CS{31F49BB6-56D0-DF5B-7433-FAE1C79D2A09}\13\13-{A98BD47F-0E44-463D-9223-1251C9463778}-v13-{A98BD47F-0E44-463D-9223-1251C9463778}-v13-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.rdc.2
ADS C:\Documents and Settings\Miika\Local Settings\Application Data\Microsoft\Messenger\miikajp86@hotmail.com\SharingMetadata\samppapak72@hotmail.com\DFSR\Staging\CS{31F49BB6-56D0-DF5B-7433-FAE1C79D2A09}\13\13-{A98BD47F-0E44-463D-9223-1251C9463778}-v13-{A98BD47F-0E44-463D-9223-1251C9463778}-v13-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS
ADS C:\Documents and Settings\Miika\Local Settings\Application Data\Microsoft\Messenger\miikajp86@hotmail.com\SharingMetadata\samppapak72@hotmail.com\DFSR\Staging\CS{31F49BB6-56D0-DF5B-7433-FAE1C79D2A09}\15\15-{A98BD47F-0E44-463D-9223-1251C9463778}-v15-{A98BD47F-0E44-463D-9223-1251C9463778}-v15-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.rdc.1
ADS C:\Documents and Settings\Miika\Local Settings\Application Data\Microsoft\Messenger\miikajp86@hotmail.com\SharingMetadata\samppapak72@hotmail.com\DFSR\Staging\CS{31F49BB6-56D0-DF5B-7433-FAE1C79D2A09}\15\15-{A98BD47F-0E44-463D-9223-1251C9463778}-v15-{A98BD47F-0E44-463D-9223-1251C9463778}-v15-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.rdc.2
ADS C:\Documents and Settings\Miika\Local Settings\Application Data\Microsoft\Messenger\miikajp86@hotmail.com\SharingMetadata\samppapak72@hotmail.com\DFSR\Staging\CS{31F49BB6-56D0-DF5B-7433-FAE1C79D2A09}\15\15-{A98BD47F-0E44-463D-9223-1251C9463778}-v15-{A98BD47F-0E44-463D-9223-1251C9463778}-v15-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS
ADS C:\Documents and Settings\Miika\Local Settings\Application Data\Microsoft\Messenger\miikajp86@hotmail.com\SharingMetadata\samppapak72@hotmail.com\DFSR\Staging\CS{31F49BB6-56D0-DF5B-7433-FAE1C79D2A09}\16\16-{A98BD47F-0E44-463D-9223-1251C9463778}-v16-{A98BD47F-0E44-463D-9223-1251C9463778}-v16-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.rdc.1
ADS C:\Documents and Settings\Miika\Local Settings\Application Data\Microsoft\Messenger\miikajp86@hotmail.com\SharingMetadata\samppapak72@hotmail.com\DFSR\Staging\CS{31F49BB6-56D0-DF5B-7433-FAE1C79D2A09}\16\16-{A98BD47F-0E44-463D-9223-1251C9463778}-v16-{A98BD47F-0E44-463D-9223-1251C9463778}-v16-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.rdc.2
ADS C:\Documents and Settings\Miika\Local Settings\Application Data\Microsoft\Messenger\miikajp86@hotmail.com\SharingMetadata\samppapak72@hotmail.com\DFSR\Staging\CS{31F49BB6-56D0-DF5B-7433-FAE1C79D2A09}\16\16-{A98BD47F-0E44-463D-9223-1251C9463778}-v16-{A98BD47F-0E44-463D-9223-1251C9463778}-v16-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS
ADS C:\Documents and Settings\Miika\Local Settings\Application Data\Microsoft\Messenger\miikajp86@hotmail.com\SharingMetadata\samppapak72@hotmail.com\DFSR\Staging\CS{31F49BB6-56D0-DF5B-7433-FAE1C79D2A09}\19\20-{A98BD47F-0E44-463D-9223-1251C9463778}-v19-{A98BD47F-0E44-463D-9223-1251C9463778}-v20-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.rdc.1
ADS C:\Documents and Settings\Miika\Local Settings\Application Data\Microsoft\Messenger\miikajp86@hotmail.com\SharingMetadata\samppapak72@hotmail.com\DFSR\Staging\CS{31F49BB6-56D0-DF5B-7433-FAE1C79D2A09}\19\20-{A98BD47F-0E44-463D-9223-1251C9463778}-v19-{A98BD47F-0E44-463D-9223-1251C9463778}-v20-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.rdc.2
ADS C:\Documents and Settings\Miika\Local Settings\Application Data\Microsoft\Messenger\miikajp86@hotmail.com\SharingMetadata\samppapak72@hotmail.com\DFSR\Staging\CS{31F49BB6-56D0-DF5B-7433-FAE1C79D2A09}\19\20-{A98BD47F-0E44-463D-9223-1251C9463778}-v19-{A98BD47F-0E44-463D-9223-1251C9463778}-v20-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS
ADS C:\Documents and Settings\Miika\Local Settings\Application Data\Microsoft\Messenger\miikajp86@hotmail.com\SharingMetadata\samppapak72@hotmail.com\DFSR\Staging\CS{31F49BB6-56D0-DF5B-7433-FAE1C79D2A09}\21\22-{A98BD47F-0E44-463D-9223-1251C9463778}-v21-{A98BD47F-0E44-463D-9223-1251C9463778}-v22-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.rdc.1
ADS C:\Documents and Settings\Miika\Local Settings\Application Data\Microsoft\Messenger\miikajp86@hotmail.com\SharingMetadata\samppapak72@hotmail.com\DFSR\Staging\CS{31F49BB6-56D0-DF5B-7433-FAE1C79D2A09}\21\22-{A98BD47F-0E44-463D-9223-1251C9463778}-v21-{A98BD47F-0E44-463D-9223-1251C9463778}-v22-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.rdc.2
ADS C:\Documents and Settings\Miika\Local Settings\Application Data\Microsoft\Messenger\miikajp86@hotmail.com\SharingMetadata\samppapak72@hotmail.com\DFSR\Staging\CS{31F49BB6-56D0-DF5B-7433-FAE1C79D2A09}\21\22-{A98BD47F-0E44-463D-9223-1251C9463778}-v21-{A98BD47F-0E44-463D-9223-1251C9463778}-v22-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS

---- EOF - GMER 1.0.12 ----

Ja kyllä ne suojausvaroitukset johtui siitä windowsin palomuurista, enään niitä eitule kun otin sen pois käytöstä.

miggu · 08.04.2007

Vikasietotilassa onnistui ajaminen. Tässä loki:

GMER 1.0.12.12086 - http://www.gmer.net
Rootkit scan 2007-04-08 22:47:04
Windows 5.1.2600 Service Pack 2

---- System - GMER 1.0.12 ----

SSDT d347bus.sys ZwClose
SSDT d347bus.sys ZwCreateKey
SSDT d347bus.sys ZwCreatePagingFile
SSDT \WINDOWS\System32\drivers\fsndis5.sys ZwCreateProcess
SSDT \WINDOWS\System32\drivers\fsndis5.sys ZwCreateProcessEx
SSDT \WINDOWS\System32\drivers\fsndis5.sys ZwCreateSection
SSDT \WINDOWS\System32\drivers\fsndis5.sys ZwCreateThread
SSDT d347bus.sys ZwEnumerateKey
SSDT d347bus.sys ZwEnumerateValueKey
SSDT d347bus.sys ZwOpenKey
SSDT d347bus.sys ZwQueryKey
SSDT d347bus.sys ZwQueryValueKey
SSDT d347bus.sys ZwSetSystemPowerState
SSDT \WINDOWS\System32\drivers\fsndis5.sys ZwWriteVirtualMemory

Code \WINDOWS\System32\drivers\fsndis5.sys IoCreateDevice

---- Kernel code sections - GMER 1.0.12 ----

PAGE ntoskrnl.exe!IoCreateDevice 8059F4A5 5 Bytes JMP F788FFD0 \WINDOWS\System32\drivers\fsndis5.sys
PAGENPNP NDIS.SYS!NdisRegisterProtocol F761317D 5 Bytes JMP F788FC49 \WINDOWS\System32\drivers\fsndis5.sys
PAGENPNP NDIS.SYS!NdisOpenAdapter F7613397 5 Bytes JMP F788FEB4 \WINDOWS\System32\drivers\fsndis5.sys
PAGENPNP NDIS.SYS!NdisCloseAdapter F761D61E 5 Bytes JMP F788FEE4 \WINDOWS\System32\drivers\fsndis5.sys
PAGENPNP NDIS.SYS!NdisDeregisterProtocol F761D7FD 5 Bytes JMP F788FCB0 \WINDOWS\System32\drivers\fsndis5.sys

---- Devices - GMER 1.0.12 ----

Device \FileSystem\Ntfs \Ntfs IRP_MJ_READ 8670951C
Device \FileSystem\Fastfat \FatCdrom IRP_MJ_READ 86381CCC
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_CREATE 86535848
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_CREATE_NAMED_PIPE 86535848
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_CLOSE 86535848
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_READ 86535848
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_WRITE 86535848
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_QUERY_INFORMATION 86535848
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_SET_INFORMATION 86535848
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_QUERY_EA 86535848
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_SET_EA 86535848
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_FLUSH_BUFFERS 86535848
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_QUERY_VOLUME_INFORMATION 86535848
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_SET_VOLUME_INFORMATION 86535848
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_DIRECTORY_CONTROL 86535848
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_FILE_SYSTEM_CONTROL 86535848
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_DEVICE_CONTROL 86535848
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_INTERNAL_DEVICE_CONTROL 86535848
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_SHUTDOWN 86535848
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_LOCK_CONTROL 86535848
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_CLEANUP 86535848
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_CREATE_MAILSLOT 86535848
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_QUERY_SECURITY 86535848
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_SET_SECURITY 86535848
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_POWER 86535848
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_SYSTEM_CONTROL 86535848
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_DEVICE_CHANGE 86535848
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_QUERY_QUOTA 86535848
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_SET_QUOTA 86535848
Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_PNP 86535848
Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_CREATE 86535848
Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_CREATE_NAMED_PIPE 86535848
Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_CLOSE 86535848
Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_READ 86535848
Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_WRITE 86535848
Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_QUERY_INFORMATION 86535848
Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_SET_INFORMATION 86535848
Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_QUERY_EA 86535848
Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_SET_EA 86535848
Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_FLUSH_BUFFERS 86535848
Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_QUERY_VOLUME_INFORMATION 86535848
Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_SET_VOLUME_INFORMATION 86535848
Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_DIRECTORY_CONTROL 86535848
Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_FILE_SYSTEM_CONTROL 86535848
Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_DEVICE_CONTROL 86535848
Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_INTERNAL_DEVICE_CONTROL 86535848
Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_SHUTDOWN 86535848
Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_LOCK_CONTROL 86535848
Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_CLEANUP 86535848
Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_CREATE_MAILSLOT 86535848
Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_QUERY_SECURITY 86535848
Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_SET_SECURITY 86535848
Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_POWER 86535848
Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_SYSTEM_CONTROL 86535848
Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_DEVICE_CHANGE 86535848
Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_QUERY_QUOTA 86535848
Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_SET_QUOTA 86535848
Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_PNP 86535848
Device \Driver\Cdrom \Device\CdRom2 IRP_MJ_CREATE 86535848
Device \Driver\Cdrom \Device\CdRom2 IRP_MJ_CREATE_NAMED_PIPE 86535848
Device \Driver\Cdrom \Device\CdRom2 IRP_MJ_CLOSE 86535848
Device \Driver\Cdrom \Device\CdRom2 IRP_MJ_READ 86535848
Device \Driver\Cdrom \Device\CdRom2 IRP_MJ_WRITE 86535848
Device \Driver\Cdrom \Device\CdRom2 IRP_MJ_QUERY_INFORMATION 86535848
Device \Driver\Cdrom \Device\CdRom2 IRP_MJ_SET_INFORMATION 86535848
Device \Driver\Cdrom \Device\CdRom2 IRP_MJ_QUERY_EA 86535848
Device \Driver\Cdrom \Device\CdRom2 IRP_MJ_SET_EA 86535848
Device \Driver\Cdrom \Device\CdRom2 IRP_MJ_FLUSH_BUFFERS 86535848
Device \Driver\Cdrom \Device\CdRom2 IRP_MJ_QUERY_VOLUME_INFORMATION 86535848
Device \Driver\Cdrom \Device\CdRom2 IRP_MJ_SET_VOLUME_INFORMATION 86535848
Device \Driver\Cdrom \Device\CdRom2 IRP_MJ_DIRECTORY_CONTROL 86535848
Device \Driver\Cdrom \Device\CdRom2 IRP_MJ_FILE_SYSTEM_CONTROL 86535848
Device \Driver\Cdrom \Device\CdRom2 IRP_MJ_DEVICE_CONTROL 86535848
Device \Driver\Cdrom \Device\CdRom2 IRP_MJ_INTERNAL_DEVICE_CONTROL 86535848
Device \Driver\Cdrom \Device\CdRom2 IRP_MJ_SHUTDOWN 86535848
Device \Driver\Cdrom \Device\CdRom2 IRP_MJ_LOCK_CONTROL 86535848
Device \Driver\Cdrom \Device\CdRom2 IRP_MJ_CLEANUP 86535848
Device \Driver\Cdrom \Device\CdRom2 IRP_MJ_CREATE_MAILSLOT 86535848
Device \Driver\Cdrom \Device\CdRom2 IRP_MJ_QUERY_SECURITY 86535848
Device \Driver\Cdrom \Device\CdRom2 IRP_MJ_SET_SECURITY 86535848
Device \Driver\Cdrom \Device\CdRom2 IRP_MJ_POWER 86535848
Device \Driver\Cdrom \Device\CdRom2 IRP_MJ_SYSTEM_CONTROL 86535848
Device \Driver\Cdrom \Device\CdRom2 IRP_MJ_DEVICE_CHANGE 86535848
Device \Driver\Cdrom \Device\CdRom2 IRP_MJ_QUERY_QUOTA 86535848
Device \Driver\Cdrom \Device\CdRom2 IRP_MJ_SET_QUOTA 86535848
Device \Driver\Cdrom \Device\CdRom2 IRP_MJ_PNP 86535848
Device \Driver\prohlp02 \Device\ProHlp02 IRP_MJ_CREATE E14D59D0
Device \Driver\prohlp02 \Device\ProHlp02 IRP_MJ_CLOSE E14D59D0
Device \Driver\prohlp02 \Device\ProHlp02 IRP_MJ_DEVICE_CONTROL E14D59D0
Device \Driver\nvata \Device\00000078 IRP_MJ_CREATE 86554530
Device \Driver\nvata \Device\00000078 IRP_MJ_CREATE_NAMED_PIPE 86554530
Device \Driver\nvata \Device\00000078 IRP_MJ_CLOSE 86554530
Device \Driver\nvata \Device\00000078 IRP_MJ_READ 86554530
Device \Driver\nvata \Device\00000078 IRP_MJ_WRITE 86554530
Device \Driver\nvata \Device\00000078 IRP_MJ_QUERY_INFORMATION 86554530
Device \Driver\nvata \Device\00000078 IRP_MJ_SET_INFORMATION 86554530
Device \Driver\nvata \Device\00000078 IRP_MJ_QUERY_EA 86554530
Device \Driver\nvata \Device\00000078 IRP_MJ_SET_EA 86554530
Device \Driver\nvata \Device\00000078 IRP_MJ_FLUSH_BUFFERS 86554530
Device \Driver\nvata \Device\00000078 IRP_MJ_QUERY_VOLUME_INFORMATION 86554530
Device \Driver\nvata \Device\00000078 IRP_MJ_SET_VOLUME_INFORMATION 86554530
Device \Driver\nvata \Device\00000078 IRP_MJ_DIRECTORY_CONTROL 86554530
Device \Driver\nvata \Device\00000078 IRP_MJ_FILE_SYSTEM_CONTROL 86554530
Device \Driver\nvata \Device\00000078 IRP_MJ_DEVICE_CONTROL 86554530
Device \Driver\nvata \Device\00000078 IRP_MJ_INTERNAL_DEVICE_CONTROL 86554530
Device \Driver\nvata \Device\00000078 IRP_MJ_SHUTDOWN 86554530
Device \Driver\nvata \Device\00000078 IRP_MJ_LOCK_CONTROL 86554530
Device \Driver\nvata \Device\00000078 IRP_MJ_CLEANUP 86554530
Device \Driver\nvata \Device\00000078 IRP_MJ_CREATE_MAILSLOT 86554530
Device \Driver\nvata \Device\00000078 IRP_MJ_QUERY_SECURITY 86554530
Device \Driver\nvata \Device\00000078 IRP_MJ_SET_SECURITY 86554530
Device \Driver\nvata \Device\00000078 IRP_MJ_POWER 86554530
Device \Driver\nvata \Device\00000078 IRP_MJ_SYSTEM_CONTROL 86554530
Device \Driver\nvata \Device\00000078 IRP_MJ_DEVICE_CHANGE 86554530
Device \Driver\nvata \Device\00000078 IRP_MJ_QUERY_QUOTA 86554530
Device \Driver\nvata \Device\00000078 IRP_MJ_SET_QUOTA 86554530
Device \Driver\nvata \Device\00000078 IRP_MJ_PNP 86554530
Device \Driver\nvata \Device\NvAta0 IRP_MJ_CREATE 86554530
Device \Driver\nvata \Device\NvAta0 IRP_MJ_CREATE_NAMED_PIPE 86554530
Device \Driver\nvata \Device\NvAta0 IRP_MJ_CLOSE 86554530
Device \Driver\nvata \Device\NvAta0 IRP_MJ_READ 86554530
Device \Driver\nvata \Device\NvAta0 IRP_MJ_WRITE 86554530
Device \Driver\nvata \Device\NvAta0 IRP_MJ_QUERY_INFORMATION 86554530
Device \Driver\nvata \Device\NvAta0 IRP_MJ_SET_INFORMATION 86554530
Device \Driver\nvata \Device\NvAta0 IRP_MJ_QUERY_EA 86554530
Device \Driver\nvata \Device\NvAta0 IRP_MJ_SET_EA 86554530
Device \Driver\nvata \Device\NvAta0 IRP_MJ_FLUSH_BUFFERS 86554530
Device \Driver\nvata \Device\NvAta0 IRP_MJ_QUERY_VOLUME_INFORMATION 86554530
Device \Driver\nvata \Device\NvAta0 IRP_MJ_SET_VOLUME_INFORMATION 86554530
Device \Driver\nvata \Device\NvAta0 IRP_MJ_DIRECTORY_CONTROL 86554530
Device \Driver\nvata \Device\NvAta0 IRP_MJ_FILE_SYSTEM_CONTROL 86554530
Device \Driver\nvata \Device\NvAta0 IRP_MJ_DEVICE_CONTROL 86554530
Device \Driver\nvata \Device\NvAta0 IRP_MJ_INTERNAL_DEVICE_CONTROL 86554530
Device \Driver\nvata \Device\NvAta0 IRP_MJ_SHUTDOWN 86554530
Device \Driver\nvata \Device\NvAta0 IRP_MJ_LOCK_CONTROL 86554530
Device \Driver\nvata \Device\NvAta0 IRP_MJ_CLEANUP 86554530
Device \Driver\nvata \Device\NvAta0 IRP_MJ_CREATE_MAILSLOT 86554530
Device \Driver\nvata \Device\NvAta0 IRP_MJ_QUERY_SECURITY 86554530
Device \Driver\nvata \Device\NvAta0 IRP_MJ_SET_SECURITY 86554530
Device \Driver\nvata \Device\NvAta0 IRP_MJ_POWER 86554530
Device \Driver\nvata \Device\NvAta0 IRP_MJ_SYSTEM_CONTROL 86554530
Device \Driver\nvata \Device\NvAta0 IRP_MJ_DEVICE_CHANGE 86554530
Device \Driver\nvata \Device\NvAta0 IRP_MJ_QUERY_QUOTA 86554530
Device \Driver\nvata \Device\NvAta0 IRP_MJ_SET_QUOTA 86554530
Device \Driver\nvata \Device\NvAta0 IRP_MJ_PNP 86554530
Device \Driver\nvata \Device\0000007a IRP_MJ_CREATE 86554530
Device \Driver\nvata \Device\0000007a IRP_MJ_CREATE_NAMED_PIPE 86554530
Device \Driver\nvata \Device\0000007a IRP_MJ_CLOSE 86554530
Device \Driver\nvata \Device\0000007a IRP_MJ_READ 86554530
Device \Driver\nvata \Device\0000007a IRP_MJ_WRITE 86554530
Device \Driver\nvata \Device\0000007a IRP_MJ_QUERY_INFORMATION 86554530
Device \Driver\nvata \Device\0000007a IRP_MJ_SET_INFORMATION 86554530
Device \Driver\nvata \Device\0000007a IRP_MJ_QUERY_EA 86554530
Device \Driver\nvata \Device\0000007a IRP_MJ_SET_EA 86554530
Device \Driver\nvata \Device\0000007a IRP_MJ_FLUSH_BUFFERS 86554530
Device \Driver\nvata \Device\0000007a IRP_MJ_QUERY_VOLUME_INFORMATION 86554530
Device \Driver\nvata \Device\0000007a IRP_MJ_SET_VOLUME_INFORMATION 86554530
Device \Driver\nvata \Device\0000007a IRP_MJ_DIRECTORY_CONTROL 86554530
Device \Driver\nvata \Device\0000007a IRP_MJ_FILE_SYSTEM_CONTROL 86554530
Device \Driver\nvata \Device\0000007a IRP_MJ_DEVICE_CONTROL 86554530
Device \Driver\nvata \Device\0000007a IRP_MJ_INTERNAL_DEVICE_CONTROL 86554530
Device \Driver\nvata \Device\0000007a IRP_MJ_SHUTDOWN 86554530
Device \Driver\nvata \Device\0000007a IRP_MJ_LOCK_CONTROL 86554530
Device \Driver\nvata \Device\0000007a IRP_MJ_CLEANUP 86554530
Device \Driver\nvata \Device\0000007a IRP_MJ_CREATE_MAILSLOT 86554530
Device \Driver\nvata \Device\0000007a IRP_MJ_QUERY_SECURITY 86554530
Device \Driver\nvata \Device\0000007a IRP_MJ_SET_SECURITY 86554530
Device \Driver\nvata \Device\0000007a IRP_MJ_POWER 86554530
Device \Driver\nvata \Device\0000007a IRP_MJ_SYSTEM_CONTROL 86554530
Device \Driver\nvata \Device\0000007a IRP_MJ_DEVICE_CHANGE 86554530
Device \Driver\nvata \Device\0000007a IRP_MJ_QUERY_QUOTA 86554530
Device \Driver\nvata \Device\0000007a IRP_MJ_SET_QUOTA 86554530
Device \Driver\nvata \Device\0000007a IRP_MJ_PNP 86554530
Device \Driver\nvata \Device\NvAta1 IRP_MJ_CREATE 86554530
Device \Driver\nvata \Device\NvAta1 IRP_MJ_CREATE_NAMED_PIPE 86554530
Device \Driver\nvata \Device\NvAta1 IRP_MJ_CLOSE 86554530
Device \Driver\nvata \Device\NvAta1 IRP_MJ_READ 86554530
Device \Driver\nvata \Device\NvAta1 IRP_MJ_WRITE 86554530
Device \Driver\nvata \Device\NvAta1 IRP_MJ_QUERY_INFORMATION 86554530
Device \Driver\nvata \Device\NvAta1 IRP_MJ_SET_INFORMATION 86554530
Device \Driver\nvata \Device\NvAta1 IRP_MJ_QUERY_EA 86554530
Device \Driver\nvata \Device\NvAta1 IRP_MJ_SET_EA 86554530
Device \Driver\nvata \Device\NvAta1 IRP_MJ_FLUSH_BUFFERS 86554530
Device \Driver\nvata \Device\NvAta1 IRP_MJ_QUERY_VOLUME_INFORMATION 86554530
Device \Driver\nvata \Device\NvAta1 IRP_MJ_SET_VOLUME_INFORMATION 86554530
Device \Driver\nvata \Device\NvAta1 IRP_MJ_DIRECTORY_CONTROL 86554530
Device \Driver\nvata \Device\NvAta1 IRP_MJ_FILE_SYSTEM_CONTROL 86554530
Device \Driver\nvata \Device\NvAta1 IRP_MJ_DEVICE_CONTROL 86554530
Device \Driver\nvata \Device\NvAta1 IRP_MJ_INTERNAL_DEVICE_CONTROL 86554530
Device \Driver\nvata \Device\NvAta1 IRP_MJ_SHUTDOWN 86554530
Device \Driver\nvata \Device\NvAta1 IRP_MJ_LOCK_CONTROL 86554530
Device \Driver\nvata \Device\NvAta1 IRP_MJ_CLEANUP 86554530
Device \Driver\nvata \Device\NvAta1 IRP_MJ_CREATE_MAILSLOT 86554530
Device \Driver\nvata \Device\NvAta1 IRP_MJ_QUERY_SECURITY 86554530
Device \Driver\nvata \Device\NvAta1 IRP_MJ_SET_SECURITY 86554530
Device \Driver\nvata \Device\NvAta1 IRP_MJ_POWER 86554530
Device \Driver\nvata \Device\NvAta1 IRP_MJ_SYSTEM_CONTROL 86554530
Device \Driver\nvata \Device\NvAta1 IRP_MJ_DEVICE_CHANGE 86554530
Device \Driver\nvata \Device\NvAta1 IRP_MJ_QUERY_QUOTA 86554530
Device \Driver\nvata \Device\NvAta1 IRP_MJ_SET_QUOTA 86554530
Device \Driver\nvata \Device\NvAta1 IRP_MJ_PNP 86554530
Device \Driver\nvata \Device\NvAta2 IRP_MJ_CREATE 86554530
Device \Driver\nvata \Device\NvAta2 IRP_MJ_CREATE_NAMED_PIPE 86554530
Device \Driver\nvata \Device\NvAta2 IRP_MJ_CLOSE 86554530
Device \Driver\nvata \Device\NvAta2 IRP_MJ_READ 86554530
Device \Driver\nvata \Device\NvAta2 IRP_MJ_WRITE 86554530
Device \Driver\nvata \Device\NvAta2 IRP_MJ_QUERY_INFORMATION 86554530
Device \Driver\nvata \Device\NvAta2 IRP_MJ_SET_INFORMATION 86554530
Device \Driver\nvata \Device\NvAta2 IRP_MJ_QUERY_EA 86554530
Device \Driver\nvata \Device\NvAta2 IRP_MJ_SET_EA 86554530
Device \Driver\nvata \Device\NvAta2 IRP_MJ_FLUSH_BUFFERS 86554530
Device \Driver\nvata \Device\NvAta2 IRP_MJ_QUERY_VOLUME_INFORMATION 86554530
Device \Driver\nvata \Device\NvAta2 IRP_MJ_SET_VOLUME_INFORMATION 86554530
Device \Driver\nvata \Device\NvAta2 IRP_MJ_DIRECTORY_CONTROL 86554530
Device \Driver\nvata \Device\NvAta2 IRP_MJ_FILE_SYSTEM_CONTROL 86554530
Device \Driver\nvata \Device\NvAta2 IRP_MJ_DEVICE_CONTROL 86554530
Device \Driver\nvata \Device\NvAta2 IRP_MJ_INTERNAL_DEVICE_CONTROL 86554530
Device \Driver\nvata \Device\NvAta2 IRP_MJ_SHUTDOWN 86554530
Device \Driver\nvata \Device\NvAta2 IRP_MJ_LOCK_CONTROL 86554530
Device \Driver\nvata \Device\NvAta2 IRP_MJ_CLEANUP 86554530
Device \Driver\nvata \Device\NvAta2 IRP_MJ_CREATE_MAILSLOT 86554530
Device \Driver\nvata \Device\NvAta2 IRP_MJ_QUERY_SECURITY 86554530
Device \Driver\nvata \Device\NvAta2 IRP_MJ_SET_SECURITY 86554530
Device \Driver\nvata \Device\NvAta2 IRP_MJ_POWER 86554530
Device \Driver\nvata \Device\NvAta2 IRP_MJ_SYSTEM_CONTROL 86554530
Device \Driver\nvata \Device\NvAta2 IRP_MJ_DEVICE_CHANGE 86554530
Device \Driver\nvata \Device\NvAta2 IRP_MJ_QUERY_QUOTA 86554530
Device \Driver\nvata \Device\NvAta2 IRP_MJ_SET_QUOTA 86554530
Device \Driver\nvata \Device\NvAta2 IRP_MJ_PNP 86554530
Device \FileSystem\Npfs \Device\NamedPipe IRP_MJ_READ 8647721C
Device \FileSystem\Msfs \Device\Mailslot IRP_MJ_READ 8647ABC4
Device \Driver\xmasscsi \Device\Scsi\xmasscsi1 IRP_MJ_CREATE 865238A0
Device \Driver\xmasscsi \Device\Scsi\xmasscsi1 IRP_MJ_CREATE_NAMED_PIPE 865238A0
Device \Driver\xmasscsi \Device\Scsi\xmasscsi1 IRP_MJ_CLOSE 865238A0
Device \Driver\xmasscsi \Device\Scsi\xmasscsi1 IRP_MJ_READ 865238A0
Device \Driver\xmasscsi \Device\Scsi\xmasscsi1 IRP_MJ_WRITE 865238A0
Device \Driver\xmasscsi \Device\Scsi\xmasscsi1 IRP_MJ_QUERY_INFORMATION 865238A0
Device \Driver\xmasscsi \Device\Scsi\xmasscsi1 IRP_MJ_SET_INFORMATION 865238A0
Device \Driver\xmasscsi \Device\Scsi\xmasscsi1 IRP_MJ_QUERY_EA 865238A0
Device \Driver\xmasscsi \Device\Scsi\xmasscsi1 IRP_MJ_SET_EA 865238A0
Device \Driver\xmasscsi \Device\Scsi\xmasscsi1 IRP_MJ_FLUSH_BUFFERS 865238A0
Device \Driver\xmasscsi \Device\Scsi\xmasscsi1 IRP_MJ_QUERY_VOLUME_INFORMATION 865238A0
Device \Driver\xmasscsi \Device\Scsi\xmasscsi1 IRP_MJ_SET_VOLUME_INFORMATION 865238A0
Device \Driver\xmasscsi \Device\Scsi\xmasscsi1 IRP_MJ_DIRECTORY_CONTROL 865238A0
Device \Driver\xmasscsi \Device\Scsi\xmasscsi1 IRP_MJ_FILE_SYSTEM_CONTROL 865238A0
Device \Driver\xmasscsi \Device\Scsi\xmasscsi1 IRP_MJ_DEVICE_CONTROL 865238A0
Device \Driver\xmasscsi \Device\Scsi\xmasscsi1 IRP_MJ_INTERNAL_DEVICE_CONTROL 865238A0
Device \Driver\xmasscsi \Device\Scsi\xmasscsi1 IRP_MJ_SHUTDOWN 865238A0
Device \Driver\xmasscsi \Device\Scsi\xmasscsi1 IRP_MJ_LOCK_CONTROL 865238A0
Device \Driver\xmasscsi \Device\Scsi\xmasscsi1 IRP_MJ_CLEANUP 865238A0
Device \Driver\xmasscsi \Device\Scsi\xmasscsi1 IRP_MJ_CREATE_MAILSLOT 865238A0
Device \Driver\xmasscsi \Device\Scsi\xmasscsi1 IRP_MJ_QUERY_SECURITY 865238A0
Device \Driver\xmasscsi \Device\Scsi\xmasscsi1 IRP_MJ_SET_SECURITY 865238A0
Device \Driver\xmasscsi \Device\Scsi\xmasscsi1 IRP_MJ_POWER 865238A0
Device \Driver\xmasscsi \Device\Scsi\xmasscsi1 IRP_MJ_SYSTEM_CONTROL 865238A0
Device \Driver\xmasscsi \Device\Scsi\xmasscsi1 IRP_MJ_DEVICE_CHANGE 865238A0
Device \Driver\xmasscsi \Device\Scsi\xmasscsi1 IRP_MJ_QUERY_QUOTA 865238A0
Device \Driver\xmasscsi \Device\Scsi\xmasscsi1 IRP_MJ_SET_QUOTA 865238A0
Device \Driver\xmasscsi \Device\Scsi\xmasscsi1 IRP_MJ_PNP 865238A0
Device \Driver\d347prt \Device\Scsi\d347prt1Port4Path0Target0Lun0 IRP_MJ_CREATE 8674B008
Device \Driver\d347prt \Device\Scsi\d347prt1Port4Path0Target0Lun0 IRP_MJ_CREATE_NAMED_PIPE 8674B008
Device \Driver\d347prt \Device\Scsi\d347prt1Port4Path0Target0Lun0 IRP_MJ_CLOSE 8674B008
Device \Driver\d347prt \Device\Scsi\d347prt1Port4Path0Target0Lun0 IRP_MJ_READ 8674B008
Device \Driver\d347prt \Device\Scsi\d347prt1Port4Path0Target0Lun0 IRP_MJ_WRITE 8674B008
Device \Driver\d347prt \Device\Scsi\d347prt1Port4Path0Target0Lun0 IRP_MJ_QUERY_INFORMATION 8674B008
Device \Driver\d347prt \Device\Scsi\d347prt1Port4Path0Target0Lun0 IRP_MJ_SET_INFORMATION 8674B008
Device \Driver\d347prt \Device\Scsi\d347prt1Port4Path0Target0Lun0 IRP_MJ_QUERY_EA 8674B008
Device \Driver\d347prt \Device\Scsi\d347prt1Port4Path0Target0Lun0 IRP_MJ_SET_EA 8674B008
Device \Driver\d347prt \Device\Scsi\d347prt1Port4Path0Target0Lun0 IRP_MJ_FLUSH_BUFFERS 8674B008
Device \Driver\d347prt \Device\Scsi\d347prt1Port4Path0Target0Lun0 IRP_MJ_QUERY_VOLUME_INFORMATION 8674B008
Device \Driver\d347prt \Device\Scsi\d347prt1Port4Path0Target0Lun0 IRP_MJ_SET_VOLUME_INFORMATION 8674B008
Device \Driver\d347prt \Device\Scsi\d347prt1Port4Path0Target0Lun0 IRP_MJ_DIRECTORY_CONTROL 8674B008
Device \Driver\d347prt \Device\Scsi\d347prt1Port4Path0Target0Lun0 IRP_MJ_FILE_SYSTEM_CONTROL 8674B008
Device \Driver\d347prt \Device\Scsi\d347prt1Port4Path0Target0Lun0 IRP_MJ_DEVICE_CONTROL 8674B008
Device \Driver\d347prt \Device\Scsi\d347prt1Port4Path0Target0Lun0 IRP_MJ_INTERNAL_DEVICE_CONTROL 8674B008
Device \Driver\d347prt \Device\Scsi\d347prt1Port4Path0Target0Lun0 IRP_MJ_SHUTDOWN 8674B008
Device \Driver\d347prt \Device\Scsi\d347prt1Port4Path0Target0Lun0 IRP_MJ_LOCK_CONTROL 8674B008
Device \Driver\d347prt \Device\Scsi\d347prt1Port4Path0Target0Lun0 IRP_MJ_CLEANUP 8674B008
Device \Driver\d347prt \Device\Scsi\d347prt1Port4Path0Target0Lun0 IRP_MJ_CREATE_MAILSLOT 8674B008
Device \Driver\d347prt \Device\Scsi\d347prt1Port4Path0Target0Lun0 IRP_MJ_QUERY_SECURITY 8674B008
Device \Driver\d347prt \Device\Scsi\d347prt1Port4Path0Target0Lun0 IRP_MJ_SET_SECURITY 8674B008
Device \Driver\d347prt \Device\Scsi\d347prt1Port4Path0Target0Lun0 IRP_MJ_POWER 8674B008
Device \Driver\d347prt \Device\Scsi\d347prt1Port4Path0Target0Lun0 IRP_MJ_SYSTEM_CONTROL 8674B008
Device \Driver\d347prt \Device\Scsi\d347prt1Port4Path0Target0Lun0 IRP_MJ_DEVICE_CHANGE 8674B008
Device \Driver\d347prt \Device\Scsi\d347prt1Port4Path0Target0Lun0 IRP_MJ_QUERY_QUOTA 8674B008
Device \Driver\d347prt \Device\Scsi\d347prt1Port4Path0Target0Lun0 IRP_MJ_SET_QUOTA 8674B008
Device \Driver\d347prt \Device\Scsi\d347prt1Port4Path0Target0Lun0 IRP_MJ_PNP 8674B008
Device \Driver\xmasscsi \Device\Scsi\xmasscsi1Port3Path0Target0Lun0 IRP_MJ_CREATE 865238A0
Device \Driver\xmasscsi \Device\Scsi\xmasscsi1Port3Path0Target0Lun0 IRP_MJ_CREATE_NAMED_PIPE 865238A0
Device \Driver\xmasscsi \Device\Scsi\xmasscsi1Port3Path0Target0Lun0 IRP_MJ_CLOSE 865238A0
Device \Driver\xmasscsi \Device\Scsi\xmasscsi1Port3Path0Target0Lun0 IRP_MJ_READ 865238A0
Device \Driver\xmasscsi \Device\Scsi\xmasscsi1Port3Path0Target0Lun0 IRP_MJ_WRITE 865238A0
Device \Driver\xmasscsi \Device\Scsi\xmasscsi1Port3Path0Target0Lun0 IRP_MJ_QUERY_INFORMATION 865238A0
Device \Driver\xmasscsi \Device\Scsi\xmasscsi1Port3Path0Target0Lun0 IRP_MJ_SET_INFORMATION 865238A0
Device \Driver\xmasscsi \Device\Scsi\xmasscsi1Port3Path0Target0Lun0 IRP_MJ_QUERY_EA 865238A0
Device \Driver\xmasscsi \Device\Scsi\xmasscsi1Port3Path0Target0Lun0 IRP_MJ_SET_EA 865238A0
Device \Driver\xmasscsi \Device\Scsi\xmasscsi1Port3Path0Target0Lun0 IRP_MJ_FLUSH_BUFFERS 865238A0
Device \Driver\xmasscsi \Device\Scsi\xmasscsi1Port3Path0Target0Lun0 IRP_MJ_QUERY_VOLUME_INFORMATION 865238A0
Device \Driver\xmasscsi \Device\Scsi\xmasscsi1Port3Path0Target0Lun0 IRP_MJ_SET_VOLUME_INFORMATION 865238A0
Device \Driver\xmasscsi \Device\Scsi\xmasscsi1Port3Path0Target0Lun0 IRP_MJ_DIRECTORY_CONTROL 865238A0
Device \Driver\xmasscsi \Device\Scsi\xmasscsi1Port3Path0Target0Lun0 IRP_MJ_FILE_SYSTEM_CONTROL 865238A0
Device \Driver\xmasscsi \Device\Scsi\xmasscsi1Port3Path0Target0Lun0 IRP_MJ_DEVICE_CONTROL 865238A0
Device \Driver\xmasscsi \Device\Scsi\xmasscsi1Port3Path0Target0Lun0 IRP_MJ_INTERNAL_DEVICE_CONTROL 865238A0
Device \Driver\xmasscsi \Device\Scsi\xmasscsi1Port3Path0Target0Lun0 IRP_MJ_SHUTDOWN 865238A0
Device \Driver\xmasscsi \Device\Scsi\xmasscsi1Port3Path0Target0Lun0 IRP_MJ_LOCK_CONTROL 865238A0
Device \Driver\xmasscsi \Device\Scsi\xmasscsi1Port3Path0Target0Lun0 IRP_MJ_CLEANUP 865238A0
Device \Driver\xmasscsi \Device\Scsi\xmasscsi1Port3Path0Target0Lun0 IRP_MJ_CREATE_MAILSLOT 865238A0
Device \Driver\xmasscsi \Device\Scsi\xmasscsi1Port3Path0Target0Lun0 IRP_MJ_QUERY_SECURITY 865238A0
Device \Driver\xmasscsi \Device\Scsi\xmasscsi1Port3Path0Target0Lun0 IRP_MJ_SET_SECURITY 865238A0
Device \Driver\xmasscsi \Device\Scsi\xmasscsi1Port3Path0Target0Lun0 IRP_MJ_POWER 865238A0
Device \Driver\xmasscsi \Device\Scsi\xmasscsi1Port3Path0Target0Lun0 IRP_MJ_SYSTEM_CONTROL 865238A0
Device \Driver\xmasscsi \Device\Scsi\xmasscsi1Port3Path0Target0Lun0 IRP_MJ_DEVICE_CHANGE 865238A0
Device \Driver\xmasscsi \Device\Scsi\xmasscsi1Port3Path0Target0Lun0 IRP_MJ_QUERY_QUOTA 865238A0
Device \Driver\xmasscsi \Device\Scsi\xmasscsi1Port3Path0Target0Lun0 IRP_MJ_SET_QUOTA 865238A0
Device \Driver\xmasscsi \Device\Scsi\xmasscsi1Port3Path0Target0Lun0 IRP_MJ_PNP 865238A0
Device \Driver\d347prt \Device\Scsi\d347prt1 IRP_MJ_CREATE 8674B008
Device \Driver\d347prt \Device\Scsi\d347prt1 IRP_MJ_CREATE_NAMED_PIPE 8674B008
Device \Driver\d347prt \Device\Scsi\d347prt1 IRP_MJ_CLOSE 8674B008
Device \Driver\d347prt \Device\Scsi\d347prt1 IRP_MJ_READ 8674B008
Device \Driver\d347prt \Device\Scsi\d347prt1 IRP_MJ_WRITE 8674B008
Device \Driver\d347prt \Device\Scsi\d347prt1 IRP_MJ_QUERY_INFORMATION 8674B008
Device \Driver\d347prt \Device\Scsi\d347prt1 IRP_MJ_SET_INFORMATION 8674B008
Device \Driver\d347prt \Device\Scsi\d347prt1 IRP_MJ_QUERY_EA 8674B008
Device \Driver\d347prt \Device\Scsi\d347prt1 IRP_MJ_SET_EA 8674B008
Device \Driver\d347prt \Device\Scsi\d347prt1 IRP_MJ_FLUSH_BUFFERS 8674B008
Device \Driver\d347prt \Device\Scsi\d347prt1 IRP_MJ_QUERY_VOLUME_INFORMATION 8674B008
Device \Driver\d347prt \Device\Scsi\d347prt1 IRP_MJ_SET_VOLUME_INFORMATION 8674B008
Device \Driver\d347prt \Device\Scsi\d347prt1 IRP_MJ_DIRECTORY_CONTROL 8674B008
Device \Driver\d347prt \Device\Scsi\d347prt1 IRP_MJ_FILE_SYSTEM_CONTROL 8674B008
Device \Driver\d347prt \Device\Scsi\d347prt1 IRP_MJ_DEVICE_CONTROL 8674B008
Device \Driver\d347prt \Device\Scsi\d347prt1 IRP_MJ_INTERNAL_DEVICE_CONTROL 8674B008
Device \Driver\d347prt \Device\Scsi\d347prt1 IRP_MJ_SHUTDOWN 8674B008
Device \Driver\d347prt \Device\Scsi\d347prt1 IRP_MJ_LOCK_CONTROL 8674B008
Device \Driver\d347prt \Device\Scsi\d347prt1 IRP_MJ_CLEANUP 8674B008
Device \Driver\d347prt \Device\Scsi\d347prt1 IRP_MJ_CREATE_MAILSLOT 8674B008
Device \Driver\d347prt \Device\Scsi\d347prt1 IRP_MJ_QUERY_SECURITY 8674B008
Device \Driver\d347prt \Device\Scsi\d347prt1 IRP_MJ_SET_SECURITY 8674B008
Device \Driver\d347prt \Device\Scsi\d347prt1 IRP_MJ_POWER 8674B008
Device \Driver\d347prt \Device\Scsi\d347prt1 IRP_MJ_SYSTEM_CONTROL 8674B008
Device \Driver\d347prt \Device\Scsi\d347prt1 IRP_MJ_DEVICE_CHANGE 8674B008
Device \Driver\d347prt \Device\Scsi\d347prt1 IRP_MJ_QUERY_QUOTA 8674B008
Device \Driver\d347prt \Device\Scsi\d347prt1 IRP_MJ_SET_QUOTA 8674B008
Device \Driver\d347prt \Device\Scsi\d347prt1 IRP_MJ_PNP 8674B008
Device \FileSystem\Fastfat \Fat IRP_MJ_READ 86381CCC
Device \FileSystem\Fs_Rec \FileSystem\UdfsCdRomRecognizer IRP_MJ_READ 86711604
Device \FileSystem\Fs_Rec \FileSystem\FatCdRomRecognizer IRP_MJ_READ 86711604
Device \FileSystem\Fs_Rec \FileSystem\CdfsRecognizer IRP_MJ_READ 86711604
Device \FileSystem\Fs_Rec \FileSystem\FatDiskRecognizer IRP_MJ_READ 86711604
Device \FileSystem\Fs_Rec \FileSystem\UdfsDiskRecognizer IRP_MJ_READ 86711604
Device \FileSystem\Cdfs \Cdfs IRP_MJ_READ 8645C50C

---- Files - GMER 1.0.12 ----

ADS C:\Documents and Settings\Miika\Local Settings\Application Data\Microsoft\Messenger\miikajp86@hotmail.com\SharingMetadata\samppapak72@hotmail.com\DFSR\Staging\CS{31F49BB6-56D0-DF5B-7433-FAE1C79D2A09}\01\10-{31F49BB6-56D0-DF5B-7433-FAE1C79D2A09}-v1-{A98BD47F-0E44-463D-9223-1251C9463778}-v10-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS
ADS C:\Documents and Settings\Miika\Local Settings\Application Data\Microsoft\Messenger\miikajp86@hotmail.com\SharingMetadata\samppapak72@hotmail.com\DFSR\Staging\CS{31F49BB6-56D0-DF5B-7433-FAE1C79D2A09}\11\11-{059DFC5D-AD50-4181-8422-46DB13230E94}-v11-{059DFC5D-AD50-4181-8422-46DB13230E94}-v11-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS
ADS C:\Documents and Settings\Miika\Local Settings\Application Data\Microsoft\Messenger\miikajp86@hotmail.com\SharingMetadata\samppapak72@hotmail.com\DFSR\Staging\CS{31F49BB6-56D0-DF5B-7433-FAE1C79D2A09}\13\13-{A98BD47F-0E44-463D-9223-1251C9463778}-v13-{A98BD47F-0E44-463D-9223-1251C9463778}-v13-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.rdc.1
ADS C:\Documents and Settings\Miika\Local Settings\Application Data\Microsoft\Messenger\miikajp86@hotmail.com\SharingMetadata\samppapak72@hotmail.com\DFSR\Staging\CS{31F49BB6-56D0-DF5B-7433-FAE1C79D2A09}\13\13-{A98BD47F-0E44-463D-9223-1251C9463778}-v13-{A98BD47F-0E44-463D-9223-1251C9463778}-v13-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.rdc.2
ADS C:\Documents and Settings\Miika\Local Settings\Application Data\Microsoft\Messenger\miikajp86@hotmail.com\SharingMetadata\samppapak72@hotmail.com\DFSR\Staging\CS{31F49BB6-56D0-DF5B-7433-FAE1C79D2A09}\13\13-{A98BD47F-0E44-463D-9223-1251C9463778}-v13-{A98BD47F-0E44-463D-9223-1251C9463778}-v13-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS
ADS C:\Documents and Settings\Miika\Local Settings\Application Data\Microsoft\Messenger\miikajp86@hotmail.com\SharingMetadata\samppapak72@hotmail.com\DFSR\Staging\CS{31F49BB6-56D0-DF5B-7433-FAE1C79D2A09}\15\15-{A98BD47F-0E44-463D-9223-1251C9463778}-v15-{A98BD47F-0E44-463D-9223-1251C9463778}-v15-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.rdc.1
ADS C:\Documents and Settings\Miika\Local Settings\Application Data\Microsoft\Messenger\miikajp86@hotmail.com\SharingMetadata\samppapak72@hotmail.com\DFSR\Staging\CS{31F49BB6-56D0-DF5B-7433-FAE1C79D2A09}\15\15-{A98BD47F-0E44-463D-9223-1251C9463778}-v15-{A98BD47F-0E44-463D-9223-1251C9463778}-v15-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.rdc.2
ADS C:\Documents and Settings\Miika\Local Settings\Application Data\Microsoft\Messenger\miikajp86@hotmail.com\SharingMetadata\samppapak72@hotmail.com\DFSR\Staging\CS{31F49BB6-56D0-DF5B-7433-FAE1C79D2A09}\15\15-{A98BD47F-0E44-463D-9223-1251C9463778}-v15-{A98BD47F-0E44-463D-9223-1251C9463778}-v15-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS
ADS C:\Documents and Settings\Miika\Local Settings\Application Data\Microsoft\Messenger\miikajp86@hotmail.com\SharingMetadata\samppapak72@hotmail.com\DFSR\Staging\CS{31F49BB6-56D0-DF5B-7433-FAE1C79D2A09}\16\16-{A98BD47F-0E44-463D-9223-1251C9463778}-v16-{A98BD47F-0E44-463D-9223-1251C9463778}-v16-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.rdc.1
ADS C:\Documents and Settings\Miika\Local Settings\Application Data\Microsoft\Messenger\miikajp86@hotmail.com\SharingMetadata\samppapak72@hotmail.com\DFSR\Staging\CS{31F49BB6-56D0-DF5B-7433-FAE1C79D2A09}\16\16-{A98BD47F-0E44-463D-9223-1251C9463778}-v16-{A98BD47F-0E44-463D-9223-1251C9463778}-v16-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.rdc.2
ADS C:\Documents and Settings\Miika\Local Settings\Application Data\Microsoft\Messenger\miikajp86@hotmail.com\SharingMetadata\samppapak72@hotmail.com\DFSR\Staging\CS{31F49BB6-56D0-DF5B-7433-FAE1C79D2A09}\16\16-{A98BD47F-0E44-463D-9223-1251C9463778}-v16-{A98BD47F-0E44-463D-9223-1251C9463778}-v16-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS
ADS C:\Documents and Settings\Miika\Local Settings\Application Data\Microsoft\Messenger\miikajp86@hotmail.com\SharingMetadata\samppapak72@hotmail.com\DFSR\Staging\CS{31F49BB6-56D0-DF5B-7433-FAE1C79D2A09}\19\20-{A98BD47F-0E44-463D-9223-1251C9463778}-v19-{A98BD47F-0E44-463D-9223-1251C9463778}-v20-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.rdc.1
ADS C:\Documents and Settings\Miika\Local Settings\Application Data\Microsoft\Messenger\miikajp86@hotmail.com\SharingMetadata\samppapak72@hotmail.com\DFSR\Staging\CS{31F49BB6-56D0-DF5B-7433-FAE1C79D2A09}\19\20-{A98BD47F-0E44-463D-9223-1251C9463778}-v19-{A98BD47F-0E44-463D-9223-1251C9463778}-v20-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.rdc.2
ADS C:\Documents and Settings\Miika\Local Settings\Application Data\Microsoft\Messenger\miikajp86@hotmail.com\SharingMetadata\samppapak72@hotmail.com\DFSR\Staging\CS{31F49BB6-56D0-DF5B-7433-FAE1C79D2A09}\19\20-{A98BD47F-0E44-463D-9223-1251C9463778}-v19-{A98BD47F-0E44-463D-9223-1251C9463778}-v20-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS
ADS C:\Documents and Settings\Miika\Local Settings\Application Data\Microsoft\Messenger\miikajp86@hotmail.com\SharingMetadata\samppapak72@hotmail.com\DFSR\Staging\CS{31F49BB6-56D0-DF5B-7433-FAE1C79D2A09}\21\22-{A98BD47F-0E44-463D-9223-1251C9463778}-v21-{A98BD47F-0E44-463D-9223-1251C9463778}-v22-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.rdc.1
ADS C:\Documents and Settings\Miika\Local Settings\Application Data\Microsoft\Messenger\miikajp86@hotmail.com\SharingMetadata\samppapak72@hotmail.com\DFSR\Staging\CS{31F49BB6-56D0-DF5B-7433-FAE1C79D2A09}\21\22-{A98BD47F-0E44-463D-9223-1251C9463778}-v21-{A98BD47F-0E44-463D-9223-1251C9463778}-v22-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.rdc.2
ADS C:\Documents and Settings\Miika\Local Settings\Application Data\Microsoft\Messenger\miikajp86@hotmail.com\SharingMetadata\samppapak72@hotmail.com\DFSR\Staging\CS{31F49BB6-56D0-DF5B-7433-FAE1C79D2A09}\21\22-{A98BD47F-0E44-463D-9223-1251C9463778}-v21-{A98BD47F-0E44-463D-9223-1251C9463778}-v22-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS

---- EOF - GMER 1.0.12 ----

Ja kyllä ne suojausvaroitukset johtui siitä windowsin palomuurista, enään niitä eitule kun otin sen pois käytöstä.

hannu71 · 08.04.2007

logis on puhas. hyvää pääsiäisen rippeitä oulun seudulle

miggu · 08.04.2007

Suuret kiitokset avusta ja hyvät pääsiäisen jatkot sinnekkin.
(Sori, tuli näköjään vahingossa kaks kertaa tuo edellinen viesti).

KIITOS!

Kirjaudu tai liity jäseneksi

troijalaisia?

miggu Member

hannu71 Regular member

miggu Member

hannu71 Regular member

miggu Member

hannu71 Regular member

miggu Member

hannu71 Regular member

miggu Member

hannu71 Regular member

miggu Member

miggu Member

miggu Member

hannu71 Regular member

miggu Member

hannu71 Regular member

miggu Member

miggu Member

hannu71 Regular member

miggu Member

Jaa tämä sivu

Kirjaudu tai liity jäseneksi

troijalaisia?

miggu Member

hannu71 Regular member

miggu Member

hannu71 Regular member

miggu Member

hannu71 Regular member

miggu Member

hannu71 Regular member

miggu Member

hannu71 Regular member

miggu Member

miggu Member

miggu Member

hannu71 Regular member

miggu Member

hannu71 Regular member

miggu Member

miggu Member

hannu71 Regular member

miggu Member

Jaa tämä sivu

Hyödyllisiä hakuja