1. Tämä sivusto käyttää keksejä (cookie). Jatkamalla sivuston käyttämistä hyväksyt keksien käyttämisen. Lue lisää.

Broidin tyttöystävän kone.

Viestiketju Virukset ja haittaohjelmat - HijackThis -logit -osiossa. Ketjun avasi infs 30.11.2006.

Viestiketjun tila:
Viestiketju on suljettu.
  1. infs

    infs Member

    Liittynyt:
    30.11.2006
    Viestejä:
    83
    Kiitokset:
    0
    Pisteet:
    16
    Noniin. Melkeen vaikeuksia pysyä perässä ku niin vauhdikasta. Mutta keräilin tossa lusikoita nurkista ja. tein kaikki toimen piteet mitä neuvoitte. Jopa sen kemistin neuvoman kansion poistin. Viimeisin tuotti vaikeuksia kun ei halunnu kauaa pysyä edes vikasieto päällä. komentokehotteen kautta onnistuin ton rpcc.dll poistamaan ja winstallia ei siellä ollutkaan. HijackThis ilmeisesti poisti sen jo korjauksessaan.

    Mutta tässä uusi logi:

    Logfile of HijackThis v1.99.1
    Scan saved at 18:45, on 06-12-07
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\Explorer.EXE
    C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
    C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
    C:\Program Files\Alwil Software\Avast4\ashServ.exe
    C:\Acer\Empowering Technology\admServ.exe
    C:\WINDOWS\system32\CTsvcCDA.EXE
    C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
    C:\WINDOWS\system32\igfxtray.exe
    C:\WINDOWS\system32\hkcmd.exe
    C:\WINDOWS\system32\igfxpers.exe
    C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
    C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
    C:\WINDOWS\SOUNDMAN.EXE
    C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
    C:\Program Files\Launch Manager\LaunchAp.exe
    C:\Program Files\Launch Manager\PowerKey.exe
    C:\Program Files\Launch Manager\HotkeyApp.exe
    C:\Program Files\Launch Manager\OSDCtrl.exe
    C:\Program Files\Launch Manager\Wbutton.exe
    C:\acer\Empowering Technology\ePower\epm-dm.exe
    C:\Acer\Empowering Technology\eRecovery\Monitor.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Acer\Empowering Technology\admtray.exe
    C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe
    C:\Program Files\Musicmatch\Musicmatch Jukebox\mm_tray.exe
    C:\Program Files\Musicmatch\Musicmatch Jukebox\mmtask.exe
    C:\Program Files\Microsoft IntelliPoint\point32.exe
    C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
    C:\Program Files\Java\jre1.5.0_09\bin\jusched.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\Messenger\msmsgs.exe
    C:\Program Files\Creative\MediaSource\Detector\CTDetect.exe
    C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
    C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\wuauclt.exe
    C:\HijackThis\HijackThis_v1.99.1.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.fi/
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://global.acer.com/
    R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://global.acer.com/
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Linkit
    O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
    O2 - BHO: PEDEV_IEListener Class - {E1412445-4FF8-410e-8D24-F2CF86B171A4} - C:\Program Files\PeDevice\PeDev.dll
    O3 - Toolbar: Acer eDataSecurity Management - {0E1230F8-EA50-42A9-983C-D22ABC2EED3B} - C:\WINDOWS\system32\ToolBand.dll
    O4 - HKLM\..\Run: [preload] C:\Windows\RUNXMLPL.exe
    O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
    O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC
    O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
    O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
    O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
    O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
    O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
    O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
    O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
    O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
    O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
    O4 - HKLM\..\Run: [LaunchAp] "C:\Program Files\Launch Manager\LaunchAp.exe"
    O4 - HKLM\..\Run: [PowerKey] "C:\Program Files\Launch Manager\PowerKey.exe"
    O4 - HKLM\..\Run: [LManager] "C:\Program Files\Launch Manager\HotkeyApp.exe"
    O4 - HKLM\..\Run: [CtrlVol] "C:\Program Files\Launch Manager\CtrlVol.exe"
    O4 - HKLM\..\Run: [LMgrOSD] "C:\Program Files\Launch Manager\OSDCtrl.exe"
    O4 - HKLM\..\Run: [Wbutton] "C:\Program Files\Launch Manager\Wbutton.exe"
    O4 - HKLM\..\Run: [EPM-DM] c:\acer\Empowering Technology\ePower\epm-dm.exe
    O4 - HKLM\..\Run: [Acer ePower Management] C:\Acer\Empowering Technology\ePower\Acer ePower Management.exe boot
    O4 - HKLM\..\Run: [eRecoveryService] C:\Acer\Empowering Technology\eRecovery\Monitor.exe
    O4 - HKLM\..\Run: [ADMTray.exe] "C:\Acer\Empowering Technology\admtray.exe"
    O4 - HKLM\..\Run: [eDataSecurity Loader] C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe
    O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
    O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
    O4 - HKLM\..\Run: [MMTray] "C:\Program Files\Musicmatch\Musicmatch Jukebox\mm_tray.exe"
    O4 - HKLM\..\Run: [mmtask] "C:\Program Files\Musicmatch\Musicmatch Jukebox\mmtask.exe"
    O4 - HKLM\..\Run: [IntelliPoint] "C:\Program Files\Microsoft IntelliPoint\point32.exe"
    O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_09\bin\jusched.exe"
    O4 - HKLM\..\Run: [Nfo] C:\WINDOWS\system32\nfomon\nfomon.exe
    O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
    O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
    O4 - HKCU\..\Run: [Creative Detector] C:\Program Files\Creative\MediaSource\Detector\CTDetect.exe /R
    O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
    O8 - Extra context menu item: &Sample Toolband Serach - res://C:\WINDOWS\system32\ToolBand.dll/MENUSEARCH.HTM
    O8 - Extra context menu item: Vie Microsoft E&xceliin - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
    O9 - Extra button: Oheistiedot - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O16 - DPF: {0F2F3121-75E2-4C60-9977-C1ADC3D5F3DC} (IFIUploader Control) - http://web1.ifi.fi/WebUpload/ActiveX/IfiUploader.cab
    O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxdev.dll
    O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
    O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
    O23 - Service: avast! Antivirus - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashServ.exe
    O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
    O23 - Service: AdminWorks Agent X6 (AWService) - Avocent Inc. - C:\Acer\Empowering Technology\admServ.exe
    O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.EXE

     
  2.  
  3. Hujo

    Hujo Guest

    laitoiko windowsin palomuurin päälle?
     
  4. infs

    infs Member

    Liittynyt:
    30.11.2006
    Viestejä:
    83
    Kiitokset:
    0
    Pisteet:
    16
    juu ... tossa aina ollukki se päällä.

    EDIT. Tai ainakin toi tietoturvakeskus väittää että se on päällä. tosin kun koitan sitä palomuuria katella ni "Tunnistamattoman ongelman vuoksi Windows ei voi näyttää Windowsin palomuurin asetuksia." =D
     
    Viimeksi muokattu: 07.12.2006
  5. Hujo

    Hujo Guest

    lataa palomuuri ja ota se wintoosan oma pois päältä.
    laita sitten uusi hjt loki.
     
    Moderaattorin viimeksi muokkaama: 07.12.2006
  6. infs

    infs Member

    Liittynyt:
    30.11.2006
    Viestejä:
    83
    Kiitokset:
    0
    Pisteet:
    16
    Laitoin Zonen =/

    Logfile of HijackThis v1.99.1
    Scan saved at 19:21, on 06-12-07
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\ZONELABS\vsmon.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
    C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
    C:\Program Files\Alwil Software\Avast4\ashServ.exe
    C:\Acer\Empowering Technology\admServ.exe
    C:\WINDOWS\system32\CTsvcCDA.EXE
    C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
    C:\WINDOWS\system32\igfxtray.exe
    C:\WINDOWS\system32\hkcmd.exe
    C:\WINDOWS\system32\igfxpers.exe
    C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
    C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
    C:\WINDOWS\SOUNDMAN.EXE
    C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
    C:\Program Files\Launch Manager\LaunchAp.exe
    C:\Program Files\Launch Manager\PowerKey.exe
    C:\Program Files\Launch Manager\HotkeyApp.exe
    C:\Program Files\Launch Manager\OSDCtrl.exe
    C:\Program Files\Launch Manager\Wbutton.exe
    C:\acer\Empowering Technology\ePower\epm-dm.exe
    C:\Acer\Empowering Technology\eRecovery\Monitor.exe
    C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe
    C:\Program Files\Musicmatch\Musicmatch Jukebox\mm_tray.exe
    C:\Program Files\Musicmatch\Musicmatch Jukebox\mmtask.exe
    C:\Program Files\Microsoft IntelliPoint\point32.exe
    C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
    C:\Program Files\Java\jre1.5.0_09\bin\jusched.exe
    C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\Messenger\msmsgs.exe
    C:\Program Files\Creative\MediaSource\Detector\CTDetect.exe
    C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
    C:\WINDOWS\system32\wuauclt.exe
    C:\HijackThis\HijackThis_v1.99.1.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.fi/
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://global.acer.com/
    R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://global.acer.com/
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Linkit
    O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
    O2 - BHO: PEDEV_IEListener Class - {E1412445-4FF8-410e-8D24-F2CF86B171A4} - C:\Program Files\PeDevice\PeDev.dll
    O3 - Toolbar: Acer eDataSecurity Management - {0E1230F8-EA50-42A9-983C-D22ABC2EED3B} - C:\WINDOWS\system32\ToolBand.dll
    O4 - HKLM\..\Run: [preload] C:\Windows\RUNXMLPL.exe
    O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
    O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC
    O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
    O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
    O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
    O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
    O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
    O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
    O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
    O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
    O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
    O4 - HKLM\..\Run: [LaunchAp] "C:\Program Files\Launch Manager\LaunchAp.exe"
    O4 - HKLM\..\Run: [PowerKey] "C:\Program Files\Launch Manager\PowerKey.exe"
    O4 - HKLM\..\Run: [LManager] "C:\Program Files\Launch Manager\HotkeyApp.exe"
    O4 - HKLM\..\Run: [CtrlVol] "C:\Program Files\Launch Manager\CtrlVol.exe"
    O4 - HKLM\..\Run: [LMgrOSD] "C:\Program Files\Launch Manager\OSDCtrl.exe"
    O4 - HKLM\..\Run: [Wbutton] "C:\Program Files\Launch Manager\Wbutton.exe"
    O4 - HKLM\..\Run: [EPM-DM] c:\acer\Empowering Technology\ePower\epm-dm.exe
    O4 - HKLM\..\Run: [Acer ePower Management] C:\Acer\Empowering Technology\ePower\Acer ePower Management.exe boot
    O4 - HKLM\..\Run: [eRecoveryService] C:\Acer\Empowering Technology\eRecovery\Monitor.exe
    O4 - HKLM\..\Run: [ADMTray.exe] "C:\Acer\Empowering Technology\admtray.exe"
    O4 - HKLM\..\Run: [eDataSecurity Loader] C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe
    O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
    O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
    O4 - HKLM\..\Run: [MMTray] "C:\Program Files\Musicmatch\Musicmatch Jukebox\mm_tray.exe"
    O4 - HKLM\..\Run: [mmtask] "C:\Program Files\Musicmatch\Musicmatch Jukebox\mmtask.exe"
    O4 - HKLM\..\Run: [IntelliPoint] "C:\Program Files\Microsoft IntelliPoint\point32.exe"
    O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_09\bin\jusched.exe"
    O4 - HKLM\..\Run: [Nfo] C:\WINDOWS\system32\nfomon\nfomon.exe
    O4 - HKLM\..\Run: [Zone Labs Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
    O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
    O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
    O4 - HKCU\..\Run: [Creative Detector] C:\Program Files\Creative\MediaSource\Detector\CTDetect.exe /R
    O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
    O8 - Extra context menu item: &Sample Toolband Serach - res://C:\WINDOWS\system32\ToolBand.dll/MENUSEARCH.HTM
    O8 - Extra context menu item: Vie Microsoft E&xceliin - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
    O9 - Extra button: Oheistiedot - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O16 - DPF: {0F2F3121-75E2-4C60-9977-C1ADC3D5F3DC} (IFIUploader Control) - http://web1.ifi.fi/WebUpload/ActiveX/IfiUploader.cab
    O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxdev.dll
    O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
    O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
    O23 - Service: avast! Antivirus - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashServ.exe
    O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
    O23 - Service: AdminWorks Agent X6 (AWService) - Avocent Inc. - C:\Acer\Empowering Technology\admServ.exe
    O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.EXE
    O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZONELABS\vsmon.exe

     
  7. Hujo

    Hujo Guest

    lisää poista sovelutuksesta

    poista jos löytyy
    PeDevice

    scannaa hjt:llä merkkaa paina fix checked

    O2 - BHO: PEDEV_IEListener Class - {E1412445-4FF8-410e-8D24-F2CF86B171A4} - C:\Program Files\PeDevice\PeDev.dll

    Poista vikasiedossa kansio
    C:\Program Files\PeDevice

    aja tossa muutama ohjelma

    Lataa SmitfraudFix (c) S!Ri http://siri.urz.free.fr/Fix/SmitfraudFix.zip
    Pura sisältö (kansio nimeltä SmitfraudFix) työpöydällesi:

    Avaa SmitfraudFix kansio ja tupla-klikkaa smitfraudfix.cmd
    Valitse optio #1 - Search kirjoittamalla 1 ja painamalla "Enter"; tekstitiedosto avautuu, joka listaa tarttuneet tiedostot (jos olemassa).
    Postita tämän tekstitiedoston sisältö viestiketjuusi.

    Huomaa : process.exe filun tunnistaa jotkut Anti-virus ohjelmat (AntiVir, Dr.Web, Kaspersky) "Haittakaluna"; se ei ole virus, vaan ohjelma joka pysäyttää prosesseja. A/V ohjelmat eivät pysty tunnistamaan hyvän ja pahan käytön tälläisten ohjelmian väliltä, silloin ne saattavat varoittaa käyttäjää.

    -----------------------

    Lataa VundoFix.exe
    http://www.atribune.org/ccount/click.php?id=4 työpöydällesi.

    • Tupla-klikkaa VundoFix.exe ajaaksesi sen.
    • Klikkaa Scan for Vundo valintaa.
    • Kun skannaus on valmis, klikkaa Remove Vundo valintaa.
    • Sinulta kysytään haluatko poistaa filut - klikkaa YES.
    • Kun olet klikannut yes, työpöytäsi tyhjenee kun se alkaa poistamaan Vundoa.
    • Kun se on valmis, fiksi ilmoittaa käynnistäväsi koneesi uudelleen, klikkaa OK.
    • Postita C:\vundofix.txt lokin sekä tuoreen HijackThis lokin sisältö.

    --------------------------

    lähetä noista raportit
    uusi hjt loki myös
     
  8. infs

    infs Member

    Liittynyt:
    30.11.2006
    Viestejä:
    83
    Kiitokset:
    0
    Pisteet:
    16
    Mielenkiintoista kyllä on, että sillä sekunnilla kun tolla kannettavalla avaa c:\windows\system32\ kansion, bluescreen ja reboot. Vois yrittää pausella saada ton ruudun näkyyn kauemmin et näkee mitä se sanoo =/
     
    Viimeksi muokattu: 07.12.2006
  9. leksi

    leksi Regular member

    Liittynyt:
    11.06.2013
    Viestejä:
    281
    Kiitokset:
    0
    Pisteet:
    26
    Tuon bluescreenin saat näkymään menemällä oman tietokoneen päälle ja painamalla oikeata näppäintä aukeaa vaihtoehtoja joista valitset ominaistuudet. Sieltä lisäasetukset. Sitten valitset käynnistäminen ja palauttaminen. Ja sitten sieltä järjestelmävirheen alta ruksi pois kohdasta käynnistä tietokone automaattisesti uudelleen
     
  10. infs

    infs Member

    Liittynyt:
    30.11.2006
    Viestejä:
    83
    Kiitokset:
    0
    Pisteet:
    16
    pitikö skannaukset ajaa vikasiedossa? Vundoa skannatessa nimittäin tulee tuo kriittinenvirhe ja kone reboottaa. Tämä samainen ongelma ilmaantui sillon kuin koneella ajetteen combo. ja on virusskannauksen yhteydessä tuota samaa jatkanut. ilmeisesti system32 kansiossa on joku mätä joka ei sidä katselua

    smit raportti:

    SmitFraudFix v2.128

    Scan done at 20:16:55.78, 06-12-07
    Run from C:\Documents and Settings\Anna-Maija\Ty”p”yt„\SmitfraudFix
    OS: Microsoft Windows XP [versio 5.1.2600] - Windows_NT
    The filesystem type is FAT32
    Fix run in normal mode

    »»»»»»»»»»»»»»»»»»»»»»»» C:\


    »»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS


    »»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system


    »»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\Web


    »»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system32


    »»»»»»»»»»»»»»»»»»»»»»»» C:\Documents and Settings\Anna-Maija


    »»»»»»»»»»»»»»»»»»»»»»»» C:\Documents and Settings\Anna-Maija\Application Data


    »»»»»»»»»»»»»»»»»»»»»»»» Start Menu


    »»»»»»»»»»»»»»»»»»»»»»»»


    »»»»»»»»»»»»»»»»»»»»»»»» Desktop


    »»»»»»»»»»»»»»»»»»»»»»»» C:\Program Files


    »»»»»»»»»»»»»»»»»»»»»»»» Corrupted keys


    »»»»»»»»»»»»»»»»»»»»»»»» Desktop Components

    [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Desktop\Components\0]
    "Source"="About:Home"
    "SubscribedURL"="About:Home"
    "FriendlyName"="Nykyinen kotisivu"


    »»»»»»»»»»»»»»»»»»»»»»»» Sharedtaskscheduler
    !!!Attention, following keys are not inevitably infected!!!

    SrchSTS.exe by S!Ri
    Search SharedTaskScheduler's .dll


    »»»»»»»»»»»»»»»»»»»»»»»» AppInit_DLLs
    !!!Attention, following keys are not inevitably infected!!!

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
    "AppInit_DLLs"=""


    »»»»»»»»»»»»»»»»»»»»»»»» Winlogon.System
    !!!Attention, following keys are not inevitably infected!!!

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
    "System"=""


    »»»»»»»»»»»»»»»»»»»»»»»» pe386-msguard-lzx32

    pe386 detected, use a Rootkit scanner

    »»»»»»»»»»»»»»»»»»»»»»»» Scanning wininet.dll infection


    »»»»»»»»»»»»»»»»»»»»»»»» End

     
  11. infs

    infs Member

    Liittynyt:
    30.11.2006
    Viestejä:
    83
    Kiitokset:
    0
    Pisteet:
    16
    niin ja bluescreenin tapahtuman yhteydessä työpöydältä hävisi nämä molemmat skannaus ohjelmat. onnenksi tallensin ne eri kansioon myöskin.

    Ja HjT:

    Logfile of HijackThis v1.99.1
    Scan saved at 20:19, on 06-12-07
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\ZONELABS\vsmon.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
    C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
    C:\Program Files\Alwil Software\Avast4\ashServ.exe
    C:\Acer\Empowering Technology\admServ.exe
    C:\WINDOWS\system32\CTsvcCDA.EXE
    C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
    C:\WINDOWS\system32\igfxtray.exe
    C:\WINDOWS\system32\hkcmd.exe
    C:\WINDOWS\system32\igfxpers.exe
    C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
    C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
    C:\WINDOWS\SOUNDMAN.EXE
    C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
    C:\Program Files\Launch Manager\LaunchAp.exe
    C:\Program Files\Launch Manager\PowerKey.exe
    C:\Program Files\Launch Manager\HotkeyApp.exe
    C:\Program Files\Launch Manager\OSDCtrl.exe
    C:\Program Files\Launch Manager\Wbutton.exe
    C:\acer\Empowering Technology\ePower\epm-dm.exe
    C:\Acer\Empowering Technology\eRecovery\Monitor.exe
    C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe
    C:\Program Files\Musicmatch\Musicmatch Jukebox\mm_tray.exe
    C:\Program Files\Musicmatch\Musicmatch Jukebox\mmtask.exe
    C:\Program Files\Microsoft IntelliPoint\point32.exe
    C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
    C:\Program Files\Java\jre1.5.0_09\bin\jusched.exe
    C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\Messenger\msmsgs.exe
    C:\Program Files\Creative\MediaSource\Detector\CTDetect.exe
    C:\HijackThis\HijackThis_v1.99.1.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.fi/
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://global.acer.com/
    R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://global.acer.com/
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Linkit
    O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
    O3 - Toolbar: Acer eDataSecurity Management - {0E1230F8-EA50-42A9-983C-D22ABC2EED3B} - C:\WINDOWS\system32\ToolBand.dll
    O4 - HKLM\..\Run: [preload] C:\Windows\RUNXMLPL.exe
    O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
    O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC
    O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
    O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
    O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
    O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
    O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
    O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
    O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
    O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
    O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
    O4 - HKLM\..\Run: [LaunchAp] "C:\Program Files\Launch Manager\LaunchAp.exe"
    O4 - HKLM\..\Run: [PowerKey] "C:\Program Files\Launch Manager\PowerKey.exe"
    O4 - HKLM\..\Run: [LManager] "C:\Program Files\Launch Manager\HotkeyApp.exe"
    O4 - HKLM\..\Run: [CtrlVol] "C:\Program Files\Launch Manager\CtrlVol.exe"
    O4 - HKLM\..\Run: [LMgrOSD] "C:\Program Files\Launch Manager\OSDCtrl.exe"
    O4 - HKLM\..\Run: [Wbutton] "C:\Program Files\Launch Manager\Wbutton.exe"
    O4 - HKLM\..\Run: [EPM-DM] c:\acer\Empowering Technology\ePower\epm-dm.exe
    O4 - HKLM\..\Run: [Acer ePower Management] C:\Acer\Empowering Technology\ePower\Acer ePower Management.exe boot
    O4 - HKLM\..\Run: [eRecoveryService] C:\Acer\Empowering Technology\eRecovery\Monitor.exe
    O4 - HKLM\..\Run: [ADMTray.exe] "C:\Acer\Empowering Technology\admtray.exe"
    O4 - HKLM\..\Run: [eDataSecurity Loader] C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe
    O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
    O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
    O4 - HKLM\..\Run: [MMTray] "C:\Program Files\Musicmatch\Musicmatch Jukebox\mm_tray.exe"
    O4 - HKLM\..\Run: [mmtask] "C:\Program Files\Musicmatch\Musicmatch Jukebox\mmtask.exe"
    O4 - HKLM\..\Run: [IntelliPoint] "C:\Program Files\Microsoft IntelliPoint\point32.exe"
    O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_09\bin\jusched.exe"
    O4 - HKLM\..\Run: [Nfo] C:\WINDOWS\system32\nfomon\nfomon.exe
    O4 - HKLM\..\Run: [Zone Labs Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
    O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
    O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
    O4 - HKCU\..\Run: [Creative Detector] C:\Program Files\Creative\MediaSource\Detector\CTDetect.exe /R
    O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
    O8 - Extra context menu item: &Sample Toolband Serach - res://C:\WINDOWS\system32\ToolBand.dll/MENUSEARCH.HTM
    O8 - Extra context menu item: Vie Microsoft E&xceliin - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
    O9 - Extra button: Oheistiedot - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O16 - DPF: {0F2F3121-75E2-4C60-9977-C1ADC3D5F3DC} (IFIUploader Control) - http://web1.ifi.fi/WebUpload/ActiveX/IfiUploader.cab
    O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxdev.dll
    O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
    O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
    O23 - Service: avast! Antivirus - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashServ.exe
    O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
    O23 - Service: AdminWorks Agent X6 (AWService) - Avocent Inc. - C:\Acer\Empowering Technology\admServ.exe
    O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.EXE
    O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZONELABS\vsmon.exe

     
  12. Hujo

    Hujo Guest

    kokeiles ajaa

    1.Lataa combofix.exe http://download.bleepingcomputer.com/sUBs/combofix.exe
    tiedosto työpöydällesi.
    2. Tuplaklikkaa combofix.exe tiedostoa ja seuraa ohjeistuksia.
    3. Kun työkalu on valmis, se tuottaa lokin. Lähetä tämä loki viesti ketjuusi.
    Huom! Älä klikkaile combofixin ikkunaa käytön aikana. Tämä saattaa aiheuttaa ohjelman jumiutumisen.


    se näyttää kiukuttelevan kunnolla
     
  13. -kemisti-

    -kemisti- Active member

    Liittynyt:
    06.06.2005
    Viestejä:
    6,305
    Kiitokset:
    0
    Pisteet:
    96
    hmmm

    pe386 detected, use a Rootkit scanner -> Rustock.b

    Lataa RustBFix by ejvindh ja tallenna se työpöydällesi.

    Tuplaklikkaa tiedostoa rustbfix.exe. Jos löytyy Rustock.b-infektio, sinua pyydetään pian käynnistämään kone uudelleen. Uudelleenkäynnistyminen saattaa kestää hetken ja joudut ehkä käynnistämään koneen vielä toisenkin kerran. Kaikki tämä tapahtuu automaattisesti. Uudelleenkäynnistyksen jälkeen kaksi lokitiedostoa avautuu (%root%\avenger.txt & %root%\rustbfix\pelog.txt).

    Kopioi ja liitä nämä kaksi lokitiedostoa seuraavaan vastaukseesi uuden HijackThis lokin kera.

    @Hujo: combofix ei poista pe386/lzx32.sys/msguard.sysiä, se vaan kertoo onko se läsnä.
     
    Viimeksi muokattu: 07.12.2006
  14. infs

    infs Member

    Liittynyt:
    30.11.2006
    Viestejä:
    83
    Kiitokset:
    0
    Pisteet:
    16
    Skannatessaan Combofixi tuottaa tuon saman errorin. tällä kertaa ei kuitenkaan jatka fixaamista bootin jälkeen kuten aivan ketjun alussa tekii jolloin kone kaatui jatkuvalla toistolla. Blue screen on muotoa:

    Havaittiin ongelma, ja Windows sammutettiin tietokoneelle aiheutuvien vahinkojen
    välttämiseksi.

    MULTIPLE_IRP_COMPLETE_REQUESTS

    Jos tämä on ensimmäinen kerta, kun pysäytyvirhenäyttö tulee
    näkyviin, käynnistä tietokone uudelleen. Jos näyttö tulee näkyviin
    uudelleen, suorita toimet:

    Tarkista, että uudet laitteet ja ohjelmat on asennettu oikein.
    Jos tämä on uusi asennus, pyydää laitteisto- tai ohjelmistovalmistajalta tarvitta
    vat
    Windows-päivitykset.

    Jos ongelmat jatkuvat, poista käytöstä tai poista äskettäin asennetut
    laitteet ja ohjelmat. Posta käytöstä BIOSin muistiasetukset, kuten varjoalueen
    tai välimuistin käyttö.
    Jos sinun on käytettävä vikasietotilaa poistaaksesi komponentteja, käynnitä tie
    tokone uudelleen,
    valitse käynnistyksen lisäasetukset painamalla F8 ja valitsemalla sen jälkeen vikasietotila.

    Tekniset tiedot:

    *** STOP: 0x00000044 (0x81BA44B8, 0x00000D62, 0x00000000, 0x00000000)


    Aloitetaan fyysisen muistin vedostus
    Fyysisen muistin vedostus on suoritettu.
    Ota yhteyttä järjestelmävalvojaan tai
    tuotetukeen.
     
  15. Hujo

    Hujo Guest

    @-kemisti- niinhän tuo kertookin smitfradfix x)
    täytyy visiin juua pannullinen kahvia, että silmät aukee.
    meinasin jo ehottaa soppalusikoiten nurkkaan nakkaamista.
     
  16. infs

    infs Member

    Liittynyt:
    30.11.2006
    Viestejä:
    83
    Kiitokset:
    0
    Pisteet:
    16
    Pelog:


    ************************* Rustock.b-fix -- By ejvindh *************************
    06-12-07 21:08:25.04


    ******************* Pre-run Status of system *******************

    Rootkit driver PE386 is found. Starting the unload-procedure....
    Examine the Avenger-logfile in order to assess the success of the unload-procedure

    Rustock.b-ADS attached to the System32-folder:
    No streams found.


    ******************* Post-run Status of system *******************

    Rustock.b-driver on the system: NONE!

    Rustock.b-ADS attached to the System32-folder:
    No streams found.


    ******************************* End of Logfile ********************************

    _________

    Avenger:

    Logfile of The Avenger version 1, by Swandog46
    Running from registry key:
    \Registry\Machine\System\CurrentControlSet\Services\jrsmwg^m

    *******************

    Script file located at: \??\C:\WINDOWS\bveprndx.txt
    Script file opened successfully.

    Script file read successfully

    Backups directory opened successfully at C:\Avenger

    *******************

    Beginning to process script file:

    Driver PE386 unloaded successfully.
    Program C:\Rustbfix\2run.bat successfully set up to run once on reboot.

    Completed script processing.

    *******************

    Finished! Terminate.

    ________

    HjT:

    Logfile of HijackThis v1.99.1
    Scan saved at 21:14, on 06-12-07
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\ZONELABS\vsmon.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\NOTEPAD.EXE
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
    C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
    C:\Program Files\Alwil Software\Avast4\ashServ.exe
    C:\Acer\Empowering Technology\admServ.exe
    C:\WINDOWS\system32\CTsvcCDA.EXE
    C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
    C:\WINDOWS\system32\igfxtray.exe
    C:\WINDOWS\system32\hkcmd.exe
    C:\WINDOWS\system32\igfxpers.exe
    C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
    C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
    C:\WINDOWS\SOUNDMAN.EXE
    C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
    C:\Program Files\Launch Manager\LaunchAp.exe
    C:\Program Files\Launch Manager\PowerKey.exe
    C:\Program Files\Launch Manager\HotkeyApp.exe
    C:\Program Files\Launch Manager\OSDCtrl.exe
    C:\Program Files\Launch Manager\Wbutton.exe
    C:\acer\Empowering Technology\ePower\epm-dm.exe
    C:\Acer\Empowering Technology\eRecovery\Monitor.exe
    C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe
    C:\Program Files\Musicmatch\Musicmatch Jukebox\mm_tray.exe
    C:\Program Files\Musicmatch\Musicmatch Jukebox\mmtask.exe
    C:\Program Files\Microsoft IntelliPoint\point32.exe
    C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
    C:\Program Files\Java\jre1.5.0_09\bin\jusched.exe
    C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\Messenger\msmsgs.exe
    C:\Program Files\Creative\MediaSource\Detector\CTDetect.exe
    C:\WINDOWS\system32\notepad.exe
    C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
    C:\WINDOWS\system32\wuauclt.exe
    C:\HijackThis\HijackThis_v1.99.1.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.fi/
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://global.acer.com/
    R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://global.acer.com/
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Linkit
    O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
    O3 - Toolbar: Acer eDataSecurity Management - {0E1230F8-EA50-42A9-983C-D22ABC2EED3B} - C:\WINDOWS\system32\ToolBand.dll
    O4 - HKLM\..\Run: [preload] C:\Windows\RUNXMLPL.exe
    O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
    O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC
    O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
    O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
    O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
    O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
    O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
    O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
    O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
    O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
    O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
    O4 - HKLM\..\Run: [LaunchAp] "C:\Program Files\Launch Manager\LaunchAp.exe"
    O4 - HKLM\..\Run: [PowerKey] "C:\Program Files\Launch Manager\PowerKey.exe"
    O4 - HKLM\..\Run: [LManager] "C:\Program Files\Launch Manager\HotkeyApp.exe"
    O4 - HKLM\..\Run: [CtrlVol] "C:\Program Files\Launch Manager\CtrlVol.exe"
    O4 - HKLM\..\Run: [LMgrOSD] "C:\Program Files\Launch Manager\OSDCtrl.exe"
    O4 - HKLM\..\Run: [Wbutton] "C:\Program Files\Launch Manager\Wbutton.exe"
    O4 - HKLM\..\Run: [EPM-DM] c:\acer\Empowering Technology\ePower\epm-dm.exe
    O4 - HKLM\..\Run: [Acer ePower Management] C:\Acer\Empowering Technology\ePower\Acer ePower Management.exe boot
    O4 - HKLM\..\Run: [eRecoveryService] C:\Acer\Empowering Technology\eRecovery\Monitor.exe
    O4 - HKLM\..\Run: [ADMTray.exe] "C:\Acer\Empowering Technology\admtray.exe"
    O4 - HKLM\..\Run: [eDataSecurity Loader] C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe
    O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
    O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
    O4 - HKLM\..\Run: [MMTray] "C:\Program Files\Musicmatch\Musicmatch Jukebox\mm_tray.exe"
    O4 - HKLM\..\Run: [mmtask] "C:\Program Files\Musicmatch\Musicmatch Jukebox\mmtask.exe"
    O4 - HKLM\..\Run: [IntelliPoint] "C:\Program Files\Microsoft IntelliPoint\point32.exe"
    O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_09\bin\jusched.exe"
    O4 - HKLM\..\Run: [Nfo] C:\WINDOWS\system32\nfomon\nfomon.exe
    O4 - HKLM\..\Run: [Zone Labs Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
    O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
    O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
    O4 - HKCU\..\Run: [Creative Detector] C:\Program Files\Creative\MediaSource\Detector\CTDetect.exe /R
    O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
    O8 - Extra context menu item: &Sample Toolband Serach - res://C:\WINDOWS\system32\ToolBand.dll/MENUSEARCH.HTM
    O8 - Extra context menu item: Vie Microsoft E&xceliin - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
    O9 - Extra button: Oheistiedot - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O16 - DPF: {0F2F3121-75E2-4C60-9977-C1ADC3D5F3DC} (IFIUploader Control) - http://web1.ifi.fi/WebUpload/ActiveX/IfiUploader.cab
    O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxdev.dll
    O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
    O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
    O23 - Service: avast! Antivirus - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashServ.exe
    O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
    O23 - Service: AdminWorks Agent X6 (AWService) - Avocent Inc. - C:\Acer\Empowering Technology\admServ.exe
    O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.EXE
    O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZONELABS\vsmon.exe

     
  17. infs

    infs Member

    Liittynyt:
    30.11.2006
    Viestejä:
    83
    Kiitokset:
    0
    Pisteet:
    16
    Nii ja vaihtakaa ihmeessä kahvi asennuskaljaan. Mä tein just sen tossa hetki sitte =p Tarjoaisin jos tietäisin mihin lähettää.
     
  18. infs

    infs Member

    Liittynyt:
    30.11.2006
    Viestejä:
    83
    Kiitokset:
    0
    Pisteet:
    16
    kestää ainakin ton \system32\ kansion selailun nytte. Eli oisko combo- ja vundofixin paikka vielä? vai joko se muka parani?
     
  19. Hujo

    Hujo Guest

    pistä testiin kummatkin
     
  20. infs

    infs Member

    Liittynyt:
    30.11.2006
    Viestejä:
    83
    Kiitokset:
    0
    Pisteet:
    16
    Laitan vundon login kuha se saa valmistuu. tällä kertaa combo toimi eli ei kaatunu kone ja loginki teki oikein hienon.

    ...vundoki valmistu ni pistän sen login toho ekaks


    VundoFix V6.2.13

    Checking Java version...

    Java version is 1.5.0.9

    Scan started at 21:56:03 7.12.2006

    Listing files found while scanning....

    No infected files were found.

    _______________

    Combon logi:

    Anna-Maija - 06-12-07 21:49:34.59 Service Pack 2
    ComboFix 06.11.27W - Running from: "C:\Documents and Settings\Anna-Maija\Ty”p”yt„"

    (((((((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))


    C:\Program Files\Inetget2
    C:\Program Files\Common Files\{38271BDE-05D9-1035-1215-051222200166}
    C:\Program Files\Common Files\{38271BDE-05D8-1035-1215-051222200166}
    C:\Program Files\Common Files\{18271BDE-05D8-1035-1215-051222200166}
    C:\Program Files\Common Files\{18271BDE-05D9-1035-1215-051222200166}
    C:\Program Files\Common Files\{18271BDE-05D9-1035-1215-051222200166}
    C:\Program Files\Common Files\{18271BDE-05D9-1035-1215-051222200166}
    C:\Program Files\Common Files\{18271BDE-05D9-1035-1215-051222200166}
    C:\Program Files\Common Files\{18271BDE-05D9-1035-1215-051222200166}
    C:\Program Files\Common Files\{18271BDE-05D9-1035-1215-051222200166}
    C:\Program Files\Inetget2
    C:\Program Files\Common Files\{38271BDE-05D8-1035-1215-051222200001}
    C:\Program Files\Common Files\{18271BDE-05D9-1035-1215-051222200166}


    ((((((((((((((((((((((((((((((( Files Created from 2006-11-01 to 2006-12-01 ))))))))))))))))))))))))))))))))))


    2006-12-07 21:12 <KANSIO> d-------- C:\avenger
    2006-12-07 21:08 <KANSIO> d-------- C:\Rustbfix
    2006-12-07 20:53 <KANSIO> d--hs---- C:\FOUND.008
    2006-12-07 20:06 5,492 --a------ C:\WINDOWS\system32\tmp.reg
    2006-12-07 20:05 79,360 --a------ C:\WINDOWS\system32\swxcacls.exe
    2006-12-07 20:05 53,248 --a------ C:\WINDOWS\system32\Process.exe
    2006-12-07 20:05 51,200 --a------ C:\WINDOWS\system32\dumphive.exe
    2006-12-07 20:05 40,960 --a------ C:\WINDOWS\system32\swsc.exe
    2006-12-07 20:05 288,417 --a------ C:\WINDOWS\system32\SrchSTS.exe
    2006-12-07 20:05 135,168 --a------ C:\WINDOWS\system32\swreg.exe
    2006-12-07 19:14 <KANSIO> d-------- C:\WINDOWS\system32\ZoneLabs
    2006-12-07 19:14 <KANSIO> d-------- C:\Program Files\Zone Labs
    2006-12-07 19:13 <KANSIO> d-------- C:\WINDOWS\Internet Logs
    2006-12-07 18:15 <KANSIO> d-------- C:\Program Files\PeDevice
    2006-12-07 17:09 <KANSIO> d--hs---- C:\FOUND.007
    2006-12-07 16:51 <KANSIO> d--h----- C:\WINDOWS\system32\nfomon
    2006-12-07 16:51 <KANSIO> d--h----- C:\Documents and Settings\All Users\Application Data\nfo
    2006-12-07 16:50 <KANSIO> d--h----- C:\WINDOWS\system32\vidmon
    2006-12-07 16:50 <KANSIO> d--h----- C:\Program Files\Common Files\Uninstall Information
    2006-12-07 16:50 <KANSIO> d--h----- C:\Documents and Settings\All Users\Application Data\vidmon
    2006-12-07 16:46 <KANSIO> d--hs---- C:\FOUND.006
    2006-12-07 16:44 <KANSIO> d-------- C:\korjausta
    2006-12-07 15:26 <KANSIO> d-------- C:\HijackThis
    2006-12-05 22:15 <KANSIO> d--hs---- C:\Config.Msi
    2006-12-02 21:33 8,570 --a------ C:\WINDOWS\system32\telebos.exe
    2006-12-02 21:33 8,570 --a------ C:\Documents and Settings\Anna-Maija\telebos.exe
    2006-12-02 21:33 77,824 --a------ C:\WINDOWS\system32\gotgo.exe
    2006-12-02 21:33 77,824 --a------ C:\Documents and Settings\Anna-Maija\gotgo.exe
    2006-12-02 21:33 138,565 --a------ C:\WINDOWS\system32\mcc.exe
    2006-12-02 21:33 138,565 --a------ C:\Documents and Settings\Anna-Maija\mcc.exe
    2006-12-02 21:33 122,880 --a------ C:\WINDOWS\system32\winstall.exe
    2006-12-02 21:32 <KANSIO> d--hs---- C:\FOUND.005
    2006-12-01 11:23 <KANSIO> d--hs---- C:\FOUND.004
    2006-12-01 11:23 <KANSIO> d--hs---- C:\FOUND.004
    2006-12-01 11:14 <KANSIO> d--hs---- C:\FOUND.003
    2006-12-01 11:14 <KANSIO> d--hs---- C:\FOUND.003
    2006-12-01 11:07 <KANSIO> d--hs---- C:\FOUND.002
    2006-12-01 11:07 <KANSIO> d--hs---- C:\FOUND.002
    2006-12-01 11:02 381,398 --a------ C:\combofix.exe
    2006-12-01 11:02 381,398 --a------ C:\combofix.exe
    2006-11-30 23:20 52,161 --a------ C:\Documents and Settings\Anna-Maija\mt-uninstaller.exe
    2006-11-30 22:45 218,112 --a------ C:\HijackThis_v1.99.1.exe
    2006-11-30 22:45 218,112 --a------ C:\HijackThis_v1.99.1.exe
    2006-11-30 19:29 1,617 --a------ C:\Documents and Settings\Anna-Maija\jsetup.exe
    2006-11-29 21:46 29,696 --a------ C:\WINDOWS\system32\rpcc.dll
    2006-11-29 21:46 29,696 --a------ C:\WINDOWS\system32\rpcc.dll
    2006-11-29 21:46 29,696 --a------ C:\WINDOWS\system32\rpcc.dll
    2006-11-29 21:46 29,696 --a------ C:\WINDOWS\system32\rpcc.dll
    2006-11-29 21:45 3,584 --a------ C:\WINDOWS\system32\msasvc.exe
    2006-11-29 21:45 3,584 --a------ C:\WINDOWS\system32\msasvc.exe
    2006-11-29 21:45 3,584 --a------ C:\WINDOWS\system32\msasvc.exe
    2006-11-29 21:45 3,584 --a------ C:\WINDOWS\system32\msasvc.exe
    2006-11-29 21:45 3,584 --a------ C:\WINDOWS\system32\msasvc.exe
    2006-11-29 21:44 75,776 --a------ C:\ecjavycq.exe
    2006-11-29 21:44 75,776 --a------ C:\ecjavycq.exe
    2006-11-29 21:44 75,776 --a------ C:\ecjavycq.exe
    2006-11-29 21:43 <KANSIO> d--hs---- C:\FOUND.001
    2006-11-29 21:43 <KANSIO> d--hs---- C:\FOUND.001
    2006-11-29 21:43 <KANSIO> d-------- C:\WINDOWS\Minidump
    2006-11-29 21:43 <KANSIO> d-------- C:\WINDOWS\Minidump
    2006-11-29 21:43 <KANSIO> d-------- C:\WINDOWS\Minidump
    2006-11-29 21:43 <KANSIO> d-------- C:\WINDOWS\Minidump
    2006-11-29 21:38 8,570 --a------ C:\WINDOWS\system32\tell.exe
    2006-11-29 21:38 8,570 --a------ C:\WINDOWS\system32\tell.exe
    2006-11-29 21:38 8,570 --a------ C:\WINDOWS\system32\tell.exe
    2006-11-29 21:38 8,570 --a------ C:\WINDOWS\system32\tell.exe
    2006-11-29 21:38 8,570 --a------ C:\WINDOWS\system32\tell.exe
    2006-11-29 21:38 8,570 --a------ C:\Documents and Settings\Anna-Maija\tell.exe
    2006-11-29 21:38 138,565 --a------ C:\WINDOWS\system32\mcnew.exe
    2006-11-29 21:38 138,565 --a------ C:\WINDOWS\system32\mcnew.exe
    2006-11-29 21:38 138,565 --a------ C:\WINDOWS\system32\mcnew.exe
    2006-11-29 21:38 138,565 --a------ C:\WINDOWS\system32\mcnew.exe
    2006-11-29 21:38 138,565 --a------ C:\WINDOWS\system32\mcnew.exe
    2006-11-29 21:38 138,565 --a------ C:\Documents and Settings\Anna-Maija\mcnew.exe
    2006-11-29 21:22 70,724 --a------ C:\WINDOWS\system32\lzx32.sys
    2006-11-29 21:22 17,920 --a------ C:\WINDOWS\system32\ntio256.sys
    2006-11-29 21:22 17,920 --a------ C:\WINDOWS\system32\ntio256.sys
    2006-11-29 21:22 17,920 --a------ C:\WINDOWS\system32\ntio256.sys
    2006-11-29 21:22 17,920 --a------ C:\WINDOWS\system32\ntio256.sys
    2006-11-29 21:22 17,920 --a------ C:\WINDOWS\system32\ntio256.sys
    2006-11-29 21:21 1,941 --a------ C:\ylcx.exe
    2006-11-29 21:21 1,941 --a------ C:\ylcx.exe
    2006-11-29 21:21 1,941 --a------ C:\ylcx.exe
    2006-11-22 20:24 <KANSIO> d-------- C:\Documents and Settings\Anna-Maija\Application Data\DivX
    2006-11-22 20:22 <KANSIO> d-------- C:\Program Files\DivX
    2006-11-20 22:30 <KANSIO> d-------- C:\WINDOWS\Sun
    2006-11-20 22:30 <KANSIO> d-------- C:\WINDOWS\Sun
    2006-11-20 22:30 <KANSIO> d-------- C:\WINDOWS\Sun
    2006-11-20 22:30 <KANSIO> d-------- C:\WINDOWS\Sun
    2006-11-20 22:30 <KANSIO> d-------- C:\Documents and Settings\Anna-Maija\Application Data\Sun
    2006-11-20 22:29 <KANSIO> d-------- C:\Program Files\Java
    2006-11-20 22:26 <KANSIO> d-------- C:\Program Files\Common Files\Java
    2006-11-13 20:15 3,836,577 --a------ C:\Program Files\DCPlusPlus-0.698.exe
    2006-11-13 16:50 90,112 --a------ C:\WINDOWS\system32\AVASTSS.scr
    2006-11-13 16:50 90,112 --a------ C:\WINDOWS\system32\AVASTSS.scr
    2006-11-13 16:50 90,112 --a------ C:\WINDOWS\system32\AVASTSS.scr
    2006-11-13 16:50 90,112 --a------ C:\WINDOWS\system32\AVASTSS.scr
    2006-11-13 16:50 90,112 --a------ C:\WINDOWS\system32\AVASTSS.scr
    2006-11-13 16:50 87,424 --a------ C:\WINDOWS\system32\drivers\aswmon2.sys
    2006-11-13 16:50 87,424 --a------ C:\WINDOWS\system32\drivers\aswmon2.sys
    2006-11-13 16:50 87,424 --a------ C:\WINDOWS\system32\drivers\aswmon2.sys
    2006-11-13 16:50 87,424 --a------ C:\WINDOWS\system32\drivers\aswmon2.sys
    2006-11-13 16:50 87,424 --a------ C:\WINDOWS\system32\drivers\aswmon2.sys
    2006-11-13 16:50 87,424 --a------ C:\WINDOWS\system32\drivers\aswmon2.sys
    2006-11-13 16:50 85,952 --a------ C:\WINDOWS\system32\drivers\aswmon.sys
    2006-11-13 16:50 85,952 --a------ C:\WINDOWS\system32\drivers\aswmon.sys
    2006-11-13 16:50 85,952 --a------ C:\WINDOWS\system32\drivers\aswmon.sys
    2006-11-13 16:50 85,952 --a------ C:\WINDOWS\system32\drivers\aswmon.sys
    2006-11-13 16:50 85,952 --a------ C:\WINDOWS\system32\drivers\aswmon.sys
    2006-11-13 16:50 85,952 --a------ C:\WINDOWS\system32\drivers\aswmon.sys
    2006-11-13 16:50 666,240 --a------ C:\WINDOWS\system32\aswBoot.exe
    2006-11-13 16:50 666,240 --a------ C:\WINDOWS\system32\aswBoot.exe
    2006-11-13 16:50 666,240 --a------ C:\WINDOWS\system32\aswBoot.exe
    2006-11-13 16:50 666,240 --a------ C:\WINDOWS\system32\aswBoot.exe
    2006-11-13 16:50 666,240 --a------ C:\WINDOWS\system32\aswBoot.exe
    2006-11-13 16:50 36,176 --a------ C:\WINDOWS\system32\drivers\aswTdi.sys
    2006-11-13 16:50 36,176 --a------ C:\WINDOWS\system32\drivers\aswTdi.sys
    2006-11-13 16:50 36,176 --a------ C:\WINDOWS\system32\drivers\aswTdi.sys
    2006-11-13 16:50 36,176 --a------ C:\WINDOWS\system32\drivers\aswTdi.sys
    2006-11-13 16:50 36,176 --a------ C:\WINDOWS\system32\drivers\aswTdi.sys
    2006-11-13 16:50 36,176 --a------ C:\WINDOWS\system32\drivers\aswTdi.sys
    2006-11-13 16:50 24,560 --a------ C:\WINDOWS\system32\drivers\aavmker4.sys
    2006-11-13 16:50 24,560 --a------ C:\WINDOWS\system32\drivers\aavmker4.sys
    2006-11-13 16:50 24,560 --a------ C:\WINDOWS\system32\drivers\aavmker4.sys
    2006-11-13 16:50 24,560 --a------ C:\WINDOWS\system32\drivers\aavmker4.sys
    2006-11-13 16:50 24,560 --a------ C:\WINDOWS\system32\drivers\aavmker4.sys
    2006-11-13 16:50 24,560 --a------ C:\WINDOWS\system32\drivers\aavmker4.sys
    2006-11-13 16:50 16,352 --a------ C:\WINDOWS\system32\drivers\aswRdr.sys
    2006-11-13 16:50 16,352 --a------ C:\WINDOWS\system32\drivers\aswRdr.sys
    2006-11-13 16:50 16,352 --a------ C:\WINDOWS\system32\drivers\aswRdr.sys
    2006-11-13 16:50 16,352 --a------ C:\WINDOWS\system32\drivers\aswRdr.sys
    2006-11-13 16:50 16,352 --a------ C:\WINDOWS\system32\drivers\aswRdr.sys
    2006-11-13 16:50 16,352 --a------ C:\WINDOWS\system32\drivers\aswRdr.sys
    2006-11-13 16:50 <KANSIO> d-------- C:\Program Files\Alwil Software
    2006-11-06 11:35 <KANSIO> d-------- C:\BlueByte
    2006-11-06 11:35 <KANSIO> d-------- C:\BlueByte
    2006-11-06 11:34 0 -rahs---- C:\MSDOS.SYS
    2006-11-06 11:34 0 -rahs---- C:\MSDOS.SYS
    2006-11-06 11:34 0 -rahs---- C:\MSDOS.SYS
    2006-11-06 11:34 0 -rahs---- C:\IO.SYS
    2006-11-06 11:34 0 -rahs---- C:\IO.SYS
    2006-11-06 11:34 0 -rahs---- C:\IO.SYS
    2006-11-06 11:34 <KANSIO> d-------- C:\Documents and Settings\Anna-Maija\WINDOWS


    (((((((((((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))))


    2006-10-13 14:37 142336 --a------ C:\WINDOWS\system32\nwprovau.dll
    2006-10-02 21:04 806912 --a------ C:\WINDOWS\system32\divx_xx0c.dll
    2006-10-02 21:04 806912 --a------ C:\WINDOWS\system32\divx_xx07.dll
    2006-10-02 21:04 790528 --a------ C:\WINDOWS\system32\divx_xx11.dll
    2006-10-02 21:04 635486 --a------ C:\WINDOWS\system32\DivX.dll
    2006-09-13 08:03 1084416 --a------ C:\WINDOWS\system32\msxml3.dll


    (((((((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))

    *Note* empty entries are not shown

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run]
    "CTFMON.EXE"="C:\\WINDOWS\\system32\\ctfmon.exe"
    "MSMSGS"="\"C:\\Program Files\\Messenger\\msmsgs.exe\" /background"
    "MsnMsgr"="\"C:\\Program Files\\MSN Messenger\\MsnMsgr.Exe\" /background"
    "Creative Detector"="C:\\Program Files\\Creative\\MediaSource\\Detector\\CTDetect.exe /R"

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run]
    "preload"="C:\\Windows\\RUNXMLPL.exe"
    "IMJPMIG8.1"="\"C:\\WINDOWS\\IME\\imjp8_1\\IMJPMIG.EXE\" /Spoil /RemAdvDef /Migration32"
    "MSPY2002"="C:\\WINDOWS\\system32\\IME\\PINTLGNT\\ImScInst.exe /SYNC"
    "PHIME2002ASync"="C:\\WINDOWS\\system32\\IME\\TINTLGNT\\TINTSETP.EXE /SYNC"
    "PHIME2002A"="C:\\WINDOWS\\system32\\IME\\TINTLGNT\\TINTSETP.EXE /IMEName"
    "igfxtray"="C:\\WINDOWS\\system32\\igfxtray.exe"
    "igfxhkcmd"="C:\\WINDOWS\\system32\\hkcmd.exe"
    "igfxpers"="C:\\WINDOWS\\system32\\igfxpers.exe"
    "SynTPLpr"="C:\\Program Files\\Synaptics\\SynTP\\SynTPLpr.exe"
    "SynTPEnh"="C:\\Program Files\\Synaptics\\SynTP\\SynTPEnh.exe"
    "SoundMan"="SOUNDMAN.EXE"
    "RemoteControl"="\"C:\\Program Files\\CyberLink\\PowerDVD\\PDVDServ.exe\""
    "LaunchAp"="\"C:\\Program Files\\Launch Manager\\LaunchAp.exe\""
    "PowerKey"="\"C:\\Program Files\\Launch Manager\\PowerKey.exe\""
    "LManager"="\"C:\\Program Files\\Launch Manager\\HotkeyApp.exe\""
    "CtrlVol"="\"C:\\Program Files\\Launch Manager\\CtrlVol.exe\""
    "LMgrOSD"="\"C:\\Program Files\\Launch Manager\\OSDCtrl.exe\""
    "Wbutton"="\"C:\\Program Files\\Launch Manager\\Wbutton.exe\""
    "EPM-DM"="c:\\acer\\Empowering Technology\\ePower\\epm-dm.exe"
    "Acer ePower Management"="C:\\Acer\\Empowering Technology\\ePower\\Acer ePower Management.exe boot"
    "eRecoveryService"="C:\\Acer\\Empowering Technology\\eRecovery\\Monitor.exe"
    "ADMTray.exe"="\"C:\\Acer\\Empowering Technology\\admtray.exe\""
    "eDataSecurity Loader"="C:\\Acer\\Empowering Technology\\eDataSecurity\\eDSloader.exe"
    "ccApp"="\"C:\\Program Files\\Common Files\\Symantec Shared\\ccApp.exe\""
    "Symantec NetDriver Monitor"="C:\\PROGRA~1\\SYMNET~1\\SNDMon.exe /Consumer"
    "MMTray"="\"C:\\Program Files\\Musicmatch\\Musicmatch Jukebox\\mm_tray.exe\""
    "mmtask"="\"C:\\Program Files\\Musicmatch\\Musicmatch Jukebox\\mmtask.exe\""
    "IntelliPoint"="\"C:\\Program Files\\Microsoft IntelliPoint\\point32.exe\""
    "avast!"="C:\\PROGRA~1\\ALWILS~1\\Avast4\\ashDisp.exe"
    "SunJavaUpdateSched"="\"C:\\Program Files\\Java\\jre1.5.0_09\\bin\\jusched.exe\""
    "Nfo"="C:\\WINDOWS\\system32\\nfomon\\nfomon.exe"
    "Zone Labs Client"="\"C:\\Program Files\\Zone Labs\\ZoneAlarm\\zlclient.exe\""

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents]
    @=""

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\IMAIL]
    @=""
    "Installed"="1"

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MAPI]
    @=""
    "Installed"="1"
    "NoChange"="1"

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MSFS]
    @=""
    "Installed"="1"

    [HKEY_CURRENT_USER\software\microsoft\internet explorer\desktop\components]
    "DeskHtmlVersion"=dword:00000110
    "DeskHtmlMinorVersion"=dword:00000005
    "Settings"=dword:00000001
    "GeneralFlags"=dword:00000001

    [HKEY_CURRENT_USER\software\microsoft\internet explorer\desktop\components\0]
    "Source"="About:Home"
    "SubscribedURL"="About:Home"
    "FriendlyName"="Nykyinen kotisivu"
    "Flags"=dword:00000002
    "Position"=hex:2c,00,00,00,00,01,00,00,00,00,00,00,00,04,00,00,02,03,00,00,00,\
    00,00,00,01,00,00,00,01,00,00,00,01,00,00,00,00,00,00,00,00,00,00,00
    "CurrentState"=hex:04,00,00,40
    "OriginalStateInfo"=hex:18,00,00,00,ff,ff,00,00,ff,ff,00,00,ff,ff,ff,ff,ff,ff,\
    ff,ff,04,00,00,00
    "RestoredStateInfo"=hex:18,00,00,00,6a,02,00,00,23,00,00,00,a4,00,00,00,9a,00,\
    00,00,01,00,00,00

    [HKEY_USERS\.default\software\microsoft\windows\currentversion\run]
    "CTFMON.EXE"="C:\\WINDOWS\\system32\\CTFMON.EXE"

    [HKEY_USERS\s-1-5-18\software\microsoft\windows\currentversion\run]
    "CTFMON.EXE"="C:\\WINDOWS\\system32\\CTFMON.EXE"

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\sharedtaskscheduler]
    "{438755C2-A8BA-11D1-B96B-00A0C90312E1}"="Browseui preloader"
    "{8C7461EF-2B13-11d2-BE35-3078302C2030}"="Component Categories cache daemon"

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
    "{AEB6717E-7E19-11d0-97EE-00C04FD91972}"=""

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
    "NoDriveTypeAutoRun"=dword:00000091

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer\Run]

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
    "dontdisplaylastusername"=dword:00000000
    "legalnoticecaption"=""
    "legalnoticetext"=""
    "shutdownwithoutlogon"=dword:00000001
    "undockwithoutlogon"=dword:00000001

    [HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]
    "NoDriveTypeAutoRun"=dword:00000091

    [HKEY_USERS\s-1-5-18\software\microsoft\windows\currentversion\policies\explorer]
    "NoDriveTypeAutoRun"=dword:00000091

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\shellserviceobjectdelayload]
    "PostBootReminder"="{7849596a-48ea-486e-8937-a2a3009f31a9}"
    "CDBurn"="{fbeb8a05-beee-4442-804e-409d6c4515e9}"
    "WebCheck"="{E6FB5E20-DE35-11CF-9C87-00AA005127ED}"
    "SysTray"="{35CEC8A3-2BE6-11D2-8773-92E220524153}"

    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
    "SecurityProviders"="msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll"

    Completion time: 06-12-07 21:51:01.85
    C:\ComboFix2.txt ... 06-12-07 20:50
    C:\ComboFix.txt ... 06-12-07 21:51
    C:\ComboFix3.txt ... 06-12-01 11:27
     
  21. infs

    infs Member

    Liittynyt:
    30.11.2006
    Viestejä:
    83
    Kiitokset:
    0
    Pisteet:
    16
    ja lisäksi tässä HjT logi:

    Logfile of HijackThis v1.99.1
    Scan saved at 22:03:13, on 7.12.2006
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\ZONELABS\vsmon.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
    C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
    C:\Program Files\Alwil Software\Avast4\ashServ.exe
    C:\Acer\Empowering Technology\admServ.exe
    C:\WINDOWS\system32\CTsvcCDA.EXE
    C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\igfxtray.exe
    C:\WINDOWS\system32\hkcmd.exe
    C:\WINDOWS\system32\igfxpers.exe
    C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
    C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
    C:\WINDOWS\SOUNDMAN.EXE
    C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
    C:\Program Files\Launch Manager\LaunchAp.exe
    C:\Program Files\Launch Manager\PowerKey.exe
    C:\Program Files\Launch Manager\HotkeyApp.exe
    C:\Program Files\Launch Manager\OSDCtrl.exe
    C:\Program Files\Launch Manager\Wbutton.exe
    C:\acer\Empowering Technology\ePower\epm-dm.exe
    C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
    C:\Acer\Empowering Technology\eRecovery\Monitor.exe
    C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe
    C:\Program Files\Musicmatch\Musicmatch Jukebox\mm_tray.exe
    C:\Program Files\Musicmatch\Musicmatch Jukebox\mmtask.exe
    C:\Program Files\Microsoft IntelliPoint\point32.exe
    C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
    C:\Program Files\Java\jre1.5.0_09\bin\jusched.exe
    C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\Messenger\msmsgs.exe
    C:\Program Files\Creative\MediaSource\Detector\CTDetect.exe
    C:\WINDOWS\System32\svchost.exe
    C:\HijackThis\HijackThis_v1.99.1.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.fi/
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://global.acer.com/
    R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://global.acer.com/
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Linkit
    O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
    O3 - Toolbar: Acer eDataSecurity Management - {0E1230F8-EA50-42A9-983C-D22ABC2EED3B} - C:\WINDOWS\system32\ToolBand.dll
    O4 - HKLM\..\Run: [preload] C:\Windows\RUNXMLPL.exe
    O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
    O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC
    O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
    O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
    O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
    O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
    O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
    O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
    O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
    O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
    O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
    O4 - HKLM\..\Run: [LaunchAp] "C:\Program Files\Launch Manager\LaunchAp.exe"
    O4 - HKLM\..\Run: [PowerKey] "C:\Program Files\Launch Manager\PowerKey.exe"
    O4 - HKLM\..\Run: [LManager] "C:\Program Files\Launch Manager\HotkeyApp.exe"
    O4 - HKLM\..\Run: [CtrlVol] "C:\Program Files\Launch Manager\CtrlVol.exe"
    O4 - HKLM\..\Run: [LMgrOSD] "C:\Program Files\Launch Manager\OSDCtrl.exe"
    O4 - HKLM\..\Run: [Wbutton] "C:\Program Files\Launch Manager\Wbutton.exe"
    O4 - HKLM\..\Run: [EPM-DM] c:\acer\Empowering Technology\ePower\epm-dm.exe
    O4 - HKLM\..\Run: [Acer ePower Management] C:\Acer\Empowering Technology\ePower\Acer ePower Management.exe boot
    O4 - HKLM\..\Run: [eRecoveryService] C:\Acer\Empowering Technology\eRecovery\Monitor.exe
    O4 - HKLM\..\Run: [ADMTray.exe] "C:\Acer\Empowering Technology\admtray.exe"
    O4 - HKLM\..\Run: [eDataSecurity Loader] C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe
    O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
    O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
    O4 - HKLM\..\Run: [MMTray] "C:\Program Files\Musicmatch\Musicmatch Jukebox\mm_tray.exe"
    O4 - HKLM\..\Run: [mmtask] "C:\Program Files\Musicmatch\Musicmatch Jukebox\mmtask.exe"
    O4 - HKLM\..\Run: [IntelliPoint] "C:\Program Files\Microsoft IntelliPoint\point32.exe"
    O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_09\bin\jusched.exe"
    O4 - HKLM\..\Run: [Nfo] C:\WINDOWS\system32\nfomon\nfomon.exe
    O4 - HKLM\..\Run: [Zone Labs Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
    O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
    O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
    O4 - HKCU\..\Run: [Creative Detector] C:\Program Files\Creative\MediaSource\Detector\CTDetect.exe /R
    O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
    O8 - Extra context menu item: &Sample Toolband Serach - res://C:\WINDOWS\system32\ToolBand.dll/MENUSEARCH.HTM
    O8 - Extra context menu item: Vie Microsoft E&xceliin - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
    O9 - Extra button: Oheistiedot - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O16 - DPF: {0F2F3121-75E2-4C60-9977-C1ADC3D5F3DC} (IFIUploader Control) - http://web1.ifi.fi/WebUpload/ActiveX/IfiUploader.cab
    O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxdev.dll
    O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
    O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
    O23 - Service: avast! Antivirus - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashServ.exe
    O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
    O23 - Service: AdminWorks Agent X6 (AWService) - Avocent Inc. - C:\Acer\Empowering Technology\admServ.exe
    O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.EXE
    O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZONELABS\vsmon.exe

     
Viestiketjun tila:
Viestiketju on suljettu.

Jaa tämä sivu