HiJackthis logi tarkastettavaksi

Niksulas · May 28, 2007

Elikkä kone nakkelee firefox:illa surfaillessa ihan omia ikkunoita esiin ja välillä f-secure löytelee troijalaisia....

Logfile of Trend Micro HijackThis v2.0.0 (BETA)
Scan saved at 14:48:02, on 28.5.2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\arservice.exe
C:\PROGRA~1\F-Secure\BackWeb\7681197\Program\SERVIC~1.EXE
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\F-Secure\Anti-Virus\fsgk32st.exe
C:\Program Files\F-Secure\Anti-Virus\FSGK32.EXE
C:\Program Files\F-Secure\BackWeb\7681197\program\fsbwsys.exe
C:\Program Files\F-Secure\Anti-Virus\fssm32.exe
C:\Program Files\F-Secure\Common\FSMA32.EXE
C:\Program Files\F-Secure\Common\FSMB32.EXE
C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\F-Secure\Common\FCH32.EXE
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\CAP3RSK.EXE
C:\Program Files\F-Secure\Common\FAMEH32.EXE
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\F-Secure\Common\FNRB32.EXE
C:\WINDOWS\system32\dllhost.exe
C:\Program Files\F-Secure\Common\FIH32.EXE
C:\Program Files\F-Secure\Anti-Virus\fsav32.exe
C:\Program Files\F-Secure\FWES\Program\fsdfwd.exe
C:\WINDOWS\ehome\ehtray.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe
C:\WINDOWS\ARPWRMSG.EXE
C:\WINDOWS\eHome\ehmsas.exe
C:\Program Files\HP DigitalMedia Archive\DMAScheduler.exe
C:\Program Files\HP\HP Software Update\HPwuSchd2.exe
C:\Program Files\F-Secure\Common\FSM32.EXE
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe
C:\Program Files\F-Secure\BackWeb\7681197\Program\F-Secure Automatic Update.exe
C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
C:\Program Files\F-Secure\FSGUI\fsguiexe.exe
C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe
C:\WINDOWS\system32\spool\drivers\w32x86\3\CAP3LAK.EXE
C:\WINDOWS\SYSTEM32\SPOOL\DRIVERS\W32X86\3\CAP3SWK.EXE
C:\HP\KBD\KBD.EXE
c:\windows\system\hpsysdrv.exe
C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\Niko\Desktop\scanner.exe.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=FI_FI&c=64&bd=PAVILION&pf=desktop
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=FI_FI&c=64&bd=PAVILION&pf=desktop
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=FI_FI&c=64&bd=PAVILION&pf=desktop
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=FI_FI&c=64&bd=PAVILION&pf=desktop
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=FI_FI&c=64&bd=PAVILION&pf=desktop
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=FI_FI&c=64&bd=PAVILION&pf=desktop
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=FI_FI&c=64&bd=PAVILION&pf=desktop
O2 - BHO: Adobe PDF Reader -linkkiavustaja - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {4B646AFB-9341-4330-8FD1-C32485AEE619} - C:\WINDOWS\system32\godshaxj.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: (no name) - {B5A2FE0A-844B-4EE9-A3D1-474B44E0496C} - C:\WINDOWS\system32\cbxursq.dll
O2 - BHO: (no name) - {B88893D4-6932-4B3E-B96B-C11B156B0A87} - C:\WINDOWS\system32\pmkjk.dll
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [ftutil2] rundll32.exe ftutil2.dll,SetWriteCacheMode
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe
O4 - HKLM\..\Run: [AlwaysReady Power Message APP] ARPWRMSG.EXE
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /installquiet /keeploaded /nodetect
O4 - HKLM\..\Run: [DMAScheduler] "c:\Program Files\HP DigitalMedia Archive\DMAScheduler.exe"
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [HPBootOp] "C:\Program Files\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe" /run
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPwuSchd2.exe
O4 - HKLM\..\Run: [F-Secure Manager] "C:\Program Files\F-Secure\Common\FSM32.EXE" /splash
O4 - HKLM\..\Run: [F-Secure TNB] "C:\Program Files\F-Secure\TNB\TNBUtil.exe" /CHECKALL /WAITFORSW
O4 - HKLM\..\Run: [CAP3ON] C:\WINDOWS\system32\spool\drivers\w32x86\3\CAP3ONN.EXE
O4 - HKLM\..\Run: [PCSuiteTrayApplication] C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe -startup
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [setup] rundll32.exe "C:\WINDOWS\system32\oghlqokl.dll",realset
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"
O4 - HKUS\S-1-5-18\..\Run: [Nokia.PCSync] C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [Nokia.PCSync] C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog (User 'Default user')
O4 - .DEFAULT User Startup: Pin.lnk = C:\hp\bin\CLOAKER.EXE (User 'Default user')
O4 - .DEFAULT User Startup: PinMcLnk.lnk = C:\hp\bin\cloaker.exe (User 'Default user')
O4 - Startup: PinMcLnk.lnk = C:\hp\bin\cloaker.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe
O4 - Global Startup: Adobe Reader Synchronizer.lnk = C:\Program Files\Adobe\Reader 8.0\Reader\AdobeCollabSync.exe
O4 - Global Startup: Canon LASER SHOT LBP-1120 - Tilaikkuna.LNK = C:\WINDOWS\system32\spool\drivers\w32x86\3\CAP3LAK.EXE
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: Vie Microsoft E&xceliin - res://C:\PROGRA~1\MICROS~3\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra button: Yhteysohje - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm
O9 - Extra 'Tools' menuitem: Yhteysohje - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O20 - Winlogon Notify: cbxursq - C:\WINDOWS\SYSTEM32\cbxursq.dll
O20 - Winlogon Notify: pmkjk - C:\WINDOWS\system32\pmkjk.dll
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: F-Secure Automatic Update (BackWeb Plug-in - 7681197) - Unknown owner - C:\PROGRA~1\F-Secure\BackWeb\7681197\Program\SERVIC~1.EXE
O23 - Service: F-Secure Gatekeeper Handler Starter - Unknown owner - C:\Program Files\F-Secure\Anti-Virus\fsgk32st.exe
O23 - Service: F-Secure Network Request Broker - F-Secure Corporation - C:\Program Files\F-Secure\Common\FNRB32.EXE
O23 - Service: fsbwsys - Unknown owner - C:\Program Files\F-Secure\BackWeb\7681197\program\fsbwsys.exe
O23 - Service: F-Secure Anti-Virus Firewall Daemon (FSDFWD) - F-Secure Corporation - C:\Program Files\F-Secure\FWES\Program\fsdfwd.exe
O23 - Service: F-Secure Management Agent (FSMA) - F-Secure Corporation - C:\Program Files\F-Secure\Common\FSMA32.EXE
O23 - Service: Intel(R) Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe

--
End of file - 9437 bytes

yamaneko · May 28, 2007

Lataa Deckard's System Scanner Työpöydällesi.

Huomioi: Sinulla tulee olla Järjestelmänvalvojan oikeudet ajaaksesi ohjelman.

[*]Sulje kaikki avoimet ikkunat ja ohjelmat.
[*]Tupla Klikkaa Dss.exe tiedostoa ajaaksesi ohjelman, seuraa ohjeita.
[*]Kun Scannaus on valmis 2 textitiedostoa pitäisi avautua, Main.txt ja extra.txt
[*]Näppäile Kopioi ( CTRL+A -> CTRL + C ) ja liitä ( CTRL + V )
[*]kopioi ja liitä main.txt ja extra.txt sisältö seuraavaan vastaukseesi.

Niksulas · May 28, 2007

Deckard's System Scanner v20070426.43
Run by Niko on 2007-05-28 at 15:03:11
Computer is in Normal Mode.
--------------------------------------------------------------------------------

-- System Restore --------------------------------------------------------------

Successfully created a Deckard's System Scanner Restore Point.

-- Last 5 Restore Point(s) --
51: 2007-05-28 12:03:18 UTC - RP51 - Deckard's System Scanner Restore Point
50: 2007-05-26 19:32:42 UTC - RP50 - Järjestelmän tarkistuspiste
49: 2007-05-23 12:23:11 UTC - RP49 - Software Distribution Service 2.0
48: 2007-05-18 10:32:49 UTC - RP48 - Järjestelmän tarkistuspiste
47: 2007-05-16 18:25:15 UTC - RP47 - Järjestelmän tarkistuspiste

-- First Restore Point --
1: 2007-03-10 12:58:59 UTC - RP1 - F-Secure Anti-Virus Client Security 5.55 Installation

Backed up registry hives.

Performed disk cleanup.

-- HijackThis Clone ------------------------------------------------------------

Emulating logfile of HijackThis v1.99.1
Scan saved at 2007-05-28 15:04:59
Platform: Windows XP Service Pack 2 (5.01.2600)
MSIE: Internet Explorer (6.0.2900.2180)

Running processes:
C:\WINDOWS\system32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\arservice.exe
C:\Program Files\F-Secure\BackWeb\7681197\program\ServiceWrapper-7681197.exe
C:\WINDOWS\ehome\ehrecvr.exe
C:\WINDOWS\ehome\ehSched.exe
C:\Program Files\F-Secure\Anti-Virus\fsgk32st.exe
C:\Program Files\F-Secure\Anti-Virus\fsgk32.exe
C:\Program Files\F-Secure\BackWeb\7681197\program\fsbwsys.exe
C:\Program Files\F-Secure\Anti-Virus\fssm32.exe
C:\Program Files\F-Secure\common\FSMA32.EXE
C:\Program Files\F-Secure\common\FSMB32.EXE
C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\F-Secure\common\FCH32.EXE
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\CAP3RSK.EXE
C:\Program Files\F-Secure\common\FAMEH32.EXE
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\explorer.exe
C:\Program Files\F-Secure\common\FNRB32.exe
C:\WINDOWS\system32\dllhost.exe
C:\Program Files\F-Secure\common\FIH32.exe
C:\Program Files\F-Secure\Anti-Virus\FSAV32.exe
C:\Program Files\F-Secure\FWES\program\fsdfwd.exe
C:\WINDOWS\ehome\ehtray.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
C:\WINDOWS\arpwrmsg.exe
C:\WINDOWS\ehome\ehmsas.exe
C:\Program Files\HP DigitalMedia Archive\DMAScheduler.exe
C:\Program Files\HP\HP Software Update\hpwuSchd2.exe
C:\Program Files\F-Secure\common\FSM32.EXE
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe
C:\Program Files\F-Secure\BackWeb\7681197\program\F-Secure Automatic Update.exe
C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
C:\Program Files\F-Secure\FSGUI\fsguiexe.exe
C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe
C:\WINDOWS\system32\spool\drivers\w32x86\3\CAP3LAK.EXE
C:\WINDOWS\system32\spool\drivers\w32x86\3\CAP3SWK.EXE
C:\hp\KBD\kbd.exe
C:\WINDOWS\system\hpsysdrv.exe
C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe
C:\Documents and Settings\Niko\Desktop\dss.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=FI_FI&c=64&bd=PAVILION&pf=desktop
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=FI_FI&c=64&bd=PAVILION&pf=desktop
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.google.com/ie
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=FI_FI&c=64&bd=PAVILION&pf=desktop
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://www.google.com/search?q=%s
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=FI_FI&c=64&bd=PAVILION&pf=desktop
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.google.com/ie
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=FI_FI&c=64&bd=PAVILION&pf=desktop
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=FI_FI&c=64&bd=PAVILION&pf=desktop
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=FI_FI&c=64&bd=PAVILION&pf=desktop
R1 - HKLM\Software\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie
R1 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie
O2 - BHO: Adobe PDF Reader -linkkiavustaja - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {4B646AFB-9341-4330-8FD1-C32485AEE619} - C:\WINDOWS\system32\godshaxj.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: (no name) - {B5A2FE0A-844B-4EE9-A3D1-474B44E0496C} - C:\WINDOWS\system32\cbxursq.dll
O2 - BHO: (no name) - {B88893D4-6932-4B3E-B96B-C11B156B0A87} - C:\WINDOWS\system32\pmkjk.dll
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [ftutil2] rundll32.exe ftutil2.dll,SetWriteCacheMode
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe
O4 - HKLM\..\Run: [AlwaysReady Power Message APP] ARPWRMSG.EXE
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /installquiet /keeploaded /nodetect
O4 - HKLM\..\Run: [DMAScheduler] "c:\Program Files\HP DigitalMedia Archive\DMAScheduler.exe"
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [HPBootOp] "C:\Program Files\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe" /run
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPwuSchd2.exe
O4 - HKLM\..\Run: [F-Secure Manager] "C:\Program Files\F-Secure\Common\FSM32.EXE" /splash
O4 - HKLM\..\Run: [F-Secure TNB] "C:\Program Files\F-Secure\TNB\TNBUtil.exe" /CHECKALL /WAITFORSW
O4 - HKLM\..\Run: [CAP3ON] C:\WINDOWS\system32\spool\drivers\w32x86\3\CAP3ONN.EXE
O4 - HKLM\..\Run: [PCSuiteTrayApplication] C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe -startup
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [setup] rundll32.exe "C:\WINDOWS\system32\oghlqokl.dll",realset
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"
O4 - Startup: PinMcLnk.lnk = C:\hp\bin\cloaker.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe
O4 - Global Startup: Adobe Reader Synchronizer.lnk = C:\Program Files\Adobe\Reader 8.0\Reader\AdobeCollabSync.exe
O4 - Global Startup: Canon LASER SHOT LBP-1120 - Tilaikkuna.LNK = C:\WINDOWS\system32\spool\drivers\w32x86\3\CAP3LAK.EXE
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: Vie Microsoft E&xceliin - res://C:\PROGRA~1\MICROS~3\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra button: Yhteysohje - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\pchealth\helpctr\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm
O9 - Extra 'Tools' menuitem: Yhteysohje - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\pchealth\helpctr\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O18 - Protocol: cdo - {CD00020A-8B95-11D1-82DB-00C04FB1625D} - C:\Program Files\Common Files\Microsoft Shared\Web Folders\PKMCDO.DLL
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\MSN Messenger\msgrapp.8.1.0178.00.dll
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\MSN Messenger\msgrapp.8.1.0178.00.dll
O18 - Protocol: mso-offdap - {3D9F03FA-7A94-11D3-BE81-0050048385D1} - C:\Program Files\Common Files\Microsoft Shared\Web Components\10\OWC10.DLL
O20 - Winlogon Notify: cbxursq - C:\WINDOWS\system32\cbxursq.dll
O20 - Winlogon Notify: pmkjk - C:\WINDOWS\system32\pmkjk.dll
O23 - Service: ARSVC - Microsoft - C:\WINDOWS\arservice.exe
O23 - Service: F-Secure Automatic Update (BackWeb Plug-in - 7681197) - Unknown owner - C:\Program Files\F-Secure\BackWeb\7681197\program\ServiceWrapper-7681197.exe
O23 - Service: Logical Disk Manager Administrative Service (dmadmin) - Microsoft Corp., Veritas Software - C:\WINDOWS\System32\dmadmin.exe /com
O23 - Service: F-Secure Gatekeeper Handler Starter - F-Secure Corp. - "C:\Program Files\F-Secure\Anti-Virus\fsgk32st.exe"
O23 - Service: F-Secure Network Request Broker - F-Secure Corporation - "C:\Program Files\F-Secure\Common\FNRB32.EXE"
O23 - Service: fsbwsys - F-Secure Corp. - "C:\Program Files\F-Secure\BackWeb\7681197\program\fsbwsys.exe"
O23 - Service: F-Secure Anti-Virus Firewall Daemon (FSDFWD) - F-Secure Corporation - "C:\Program Files\F-Secure\FWES\Program\fsdfwd.exe"
O23 - Service: F-Secure Management Agent (FSMA) - F-Secure Corporation - "C:\Program Files\F-Secure\Common\FSMA32.EXE"
O23 - Service: Intel(R) Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - "C:\Program Files\Common Files\LightScribe\LSSrvc.exe"
O23 - Service: NMIndexingService - Nero AG - "C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe"
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: ServiceLayer - Nokia. - "C:\Program Files\PC Connectivity Solution\ServiceLayer.exe"

-- File Associations -----------------------------------------------------------

All associations okay.

-- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled ---------------------

R0 FSFW (F-Secure Firewall Driver) - c:\windows\system32\drivers\fsdfw.sys <Not Verified; F-Secure Corporation; F-Secure Anti-Virus Internet Shield>
R2 F-Secure Filter (F-Secure File System Filter) - c:\program files\f-secure\anti-virus\win2k\fsfilter.sys
R2 F-Secure Gatekeeper - c:\program files\f-secure\anti-virus\win2k\fsgk.sys
R2 F-Secure Recognizer (F-Secure File System Recognizer) - c:\program files\f-secure\anti-virus\win2k\fsrec.sys
R3 pcouffin (VSO Software pcouffin) - c:\windows\system32\drivers\pcouffin.sys <Not Verified; VSO Software; Patin couffin engine>

-- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled --------------------

R2 BackWeb Plug-in - 7681197 (F-Secure Automatic Update) - c:\progra~1\f-secure\backweb\7681197\program\servic~1.exe
R2 fsbwsys - "c:\program files\f-secure\backweb\7681197\program\fsbwsys.exe" <Not Verified; F-Secure Corp.; F-Secure BackWeb>
R2 F-Secure Gatekeeper Handler Starter - "c:\program files\f-secure\anti-virus\fsgk32st.exe" <Not Verified; F-Secure Corp.; F-Secure Corp. Startup service>
R2 FSMA (F-Secure Management Agent) - "c:\program files\f-secure\common\fsma32.exe" <Not Verified; F-Secure Corporation; F-Secure Management Agent>
R3 FSDFWD (F-Secure Anti-Virus Firewall Daemon) - "c:\program files\f-secure\fwes\program\fsdfwd.exe" <Not Verified; F-Secure Corporation; F-Secure Anti-Virus Internet Shield>
R3 F-Secure Network Request Broker - "c:\program files\f-secure\common\fnrb32.exe" <Not Verified; F-Secure Corporation; F-Secure Management Agent>

S3 ServiceLayer - "c:\program files\pc connectivity solution\servicelayer.exe" <Not Verified; Nokia.; PC Connectivity Solution>

-- Scheduled Tasks -------------------------------------------------------------

2007-05-28 13:49:15 568 --a------ C:\WINDOWS\Tasks\Scheduled scanning task.job

-- Files created between 2007-04-28 and 2007-05-28 -----------------------------

2007-05-28 14:35:37 0 dr-h----- C:\Documents and Settings\Niko\Recent
2007-05-27 15:50:18 723126 ---hs---- C:\WINDOWS\system32\kjkmp.bak2
2007-05-25 20:55:12 50745 --a------ C:\WINDOWS\system32\godshaxj.dll
2007-05-25 20:54:59 262708 -----n--- C:\WINDOWS\system32\pmkjk.dll
2007-05-25 13:54:12 0 d-------- C:\Program Files\SpywareBlaster
2007-05-25 13:44:41 0 d-------- C:\Documents and Settings\All Users\Application Data\Windows Genuine Advantage
2007-05-25 13:32:34 723206 ---hs---- C:\WINDOWS\system32\ttvwa.bak1
2007-05-25 12:43:20 0 dr-h----- C:\Documents and Settings\Tarja\Recent
2007-05-25 12:42:18 0 dr-h----- C:\Documents and Settings\HP_Administrator\Recent
2007-05-19 13:52:47 724965 ---hs---- C:\WINDOWS\system32\ttvwa.ini2
2007-05-19 13:12:29 132660 --a------ C:\WINDOWS\system32\oghlqokl.dll
2007-05-18 18:51:59 262708 -----n--- C:\WINDOWS\system32\awvtt.dll
2007-05-14 21:55:20 0 d-------- C:\Program Files\Nero 7
2007-05-14 21:55:19 0 d-------- C:\Program Files\Common Files\Ahead
2007-05-14 21:55:19 0 d-------- C:\Documents and Settings\All Users\Application Data\Nero
2007-05-13 21:15:23 0 d--h----- C:\WINDOWS\PIF
2007-05-13 16:33:02 0 d-------- C:\TempDVD
2007-05-13 16:32:58 0 d-------- C:\dvdsanta
2007-05-13 16:09:53 0 d-------- C:\Documents and Settings\All Users\Application Data\DVD Shrink
2007-05-13 15:15:26 46560 --a------ C:\Documents and Settings\Tarja\Application Data\GDIPFONTCACHEV1.DAT
2007-05-13 13:02:22 26678 -----n--- C:\WINDOWS\system32\cbxursq.dll
2007-05-12 22:00:37 0 d-------- C:\Documents and Settings\All Users\Application Data\vsosdk
2007-05-12 21:27:09 0 d-------- C:\Documents and Settings\All Users\Application Data\Nokia
2007-05-12 20:41:18 217127 --a------ C:\WINDOWS\system32\drv43260.dll <Not Verified; RealNetworks, Inc.; RealVideo 9 (32-bit)>
2007-05-12 20:41:18 208935 --a------ C:\WINDOWS\system32\drv33260.dll <Not Verified; RealNetworks, Inc.; RealVideo 8 (32-bit)>
2007-05-12 20:41:18 176165 --a------ C:\WINDOWS\system32\drv23260.dll <Not Verified; RealNetworks, Inc.; RealVideo G2 (32-bit)>
2007-05-12 20:41:17 0 d-------- C:\Program Files\vso
2007-05-12 20:41:15 0 d-------- C:\Program Files\ConvertXtoDVD
2007-05-12 19:24:05 47360 --a------ C:\WINDOWS\system32\drivers\pcouffin.sys <Not Verified; VSO Software; Patin couffin engine>
2007-05-12 19:24:05 0 d-------- C:\Documents and Settings\Niko\Application Data\Vso
2007-05-12 19:24:05 47360 --a------ C:\Documents and Settings\Niko\Application Data\pcouffin.sys <Not Verified; VSO Software; Patin couffin engine>
2007-05-05 15:56:10 7296 --a------ C:\WINDOWS\system32\drivers\grmnusb.sys <Not Verified; GARMIN Corp.; Garmin USB GPS>
2007-05-05 15:56:10 17024 --a------ C:\WINDOWS\system32\drivers\grmngen.sys <Not Verified; Walter Oney Software; >
2007-05-05 15:56:10 11776 --a------ C:\WINDOWS\system32\drivers\grmn1200.sys <Not Verified; GARMIN Corp.; grmn1200>
2007-05-05 15:56:10 16512 --a------ C:\WINDOWS\system32\drivers\grmn0400.sys <Not Verified; GARMIN Corp.; GARMIN USB HS DATACARD PROGRAMMER (install) W4R3>
2007-05-05 15:56:10 17536 --a------ C:\WINDOWS\system32\drivers\grmn0200.sys <Not Verified; GARMIN Corp.; grmn0200>
2007-05-05 14:42:02 0 d-------- C:\Garmin
2007-04-30 20:25:27 0 d-------- C:\Documents and Settings\HP_Administrator\Phone Browser
2007-04-30 20:16:57 0 d-------- C:\Documents and Settings\HP_Administrator\Application Data\Winamp
2007-04-30 20:12:47 0 d-------- C:\Documents and Settings\HP_Administrator\Application Data\Nokia

-- Find3M Report ---------------------------------------------------------------

2007-05-28 15:01:10 0 d-------- C:\Program Files\Mozilla Thunderbird
2007-05-27 16:31:18 0 d-------- C:\Program Files\RevConnect
2007-05-12 21:27:07 0 d-------- C:\Program Files\Common Files\Nokia
2007-05-12 21:27:05 0 d-------- C:\Program Files\Nokia
2007-05-12 20:41:22 34 --a------ C:\Documents and Settings\Niko\Application Data\pcouffin.log
2007-05-12 20:41:19 1144 --a------ C:\Documents and Settings\Niko\Application Data\pcouffin.inf
2007-05-12 20:41:19 7887 --a------ C:\Documents and Settings\Niko\Application Data\pcouffin.cat
2007-04-22 22:40:12 240289 --a------ C:\Documents and Settings\Niko\Application Data\NMM-MetaData.db
2007-04-22 21:55:27 0 d-------- C:\Documents and Settings\Niko\Application Data\Nokia
2007-04-22 21:53:13 0 d-------- C:\Program Files\DIFX
2007-04-22 21:52:55 0 d-------- C:\Program Files\Common Files\PCSuite
2007-04-22 21:51:54 0 d-------- C:\Program Files\PC Connectivity Solution
2007-04-22 10:56:13 0 d-------- C:\Documents and Settings\Niko\Application Data\Adobe
2007-04-10 16:36:27 0 d-------- C:\Documents and Settings\Niko\Application Data\bang
2007-04-05 20:24:26 0 d-------- C:\Documents and Settings\Niko\Application Data\CyberLink
2007-04-05 18:40:09 0 d-------- C:\Documents and Settings\Niko\Application Data\Macromedia
2007-04-05 07:51:53 0 d-------- C:\Program Files\CCleaner
2007-04-01 11:52:05 0 d-------- C:\Program Files\B2BPOKER
2007-04-01 10:38:22 0 d-------- C:\Program Files\Java
2007-04-01 10:37:56 0 d-------- C:\Program Files\Common Files\Java
2007-04-01 10:31:41 0 d-------- C:\Documents and Settings\Niko\Application Data\Sun
2007-03-31 20:47:01 0 d-------- C:\Program Files\VSAdd-in
2007-03-28 18:41:46 0 d-------- C:\Program Files\Common Files\Adobe
2007-03-10 20:07:23 4210 --a------ C:\WINDOWS\mozver.dat
2007-03-10 16:19:17 0 --a------ C:\WINDOWS\nsreg.dat

-- Registry Dump ---------------------------------------------------------------

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects]
{4B646AFB-9341-4330-8FD1-C32485AEE619} C:\WINDOWS\system32\godshaxj.dll
{761497BB-D6F0-462C-B6EB-D4DAF1D92D43} C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
{9030D464-4C02-4ABF-8ECC-5164760863C6} C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
{B5A2FE0A-844B-4EE9-A3D1-474B44E0496C} C:\WINDOWS\system32\cbxursq.dll
{B88893D4-6932-4B3E-B96B-C11B156B0A87} C:\WINDOWS\system32\pmkjk.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run]
"ehTray"="C:\\WINDOWS\\ehome\\ehtray.exe"
"ftutil2"="rundll32.exe ftutil2.dll,SetWriteCacheMode"
"RTHDCPL"="RTHDCPL.EXE"
"IAAnotif"="C:\\Program Files\\Intel\\Intel Matrix Storage Manager\\Iaanotif.exe"
"AlwaysReady Power Message APP"="ARPWRMSG.EXE"
"NvCplDaemon"="RUNDLL32.EXE C:\\WINDOWS\\system32\\NvCpl.dll,NvStartup"
"nwiz"="nwiz.exe /installquiet /keeploaded /nodetect"
"DMAScheduler"="\"c:\\Program Files\\HP DigitalMedia Archive\\DMAScheduler.exe\""
"Recguard"="C:\\WINDOWS\\SMINST\\RECGUARD.EXE"
"HPBootOp"="\"C:\\Program Files\\Hewlett-Packard\\HP Boot Optimizer\\HPBootOp.exe\" /run"
"HP Software Update"=hex(2):43,3a,5c,50,72,6f,67,72,61,6d,20,46,69,6c,65,73,5c,\
"F-Secure Manager"="\"C:\\Program Files\\F-Secure\\Common\\FSM32.EXE\" /splash"
"F-Secure TNB"="\"C:\\Program Files\\F-Secure\\TNB\\TNBUtil.exe\" /CHECKALL /WAITFORSW"
"CAP3ON"="C:\\WINDOWS\\system32\\spool\\drivers\\w32x86\\3\\CAP3ONN.EXE"
"PCSuiteTrayApplication"="C:\\Program Files\\Nokia\\Nokia PC Suite 6\\LaunchApplication.exe -startup"
"NeroFilterCheck"="C:\\Program Files\\Common Files\\Ahead\\Lib\\NeroCheck.exe"
"setup"="rundll32.exe \"C:\\WINDOWS\\system32\\oghlqokl.dll\",realset"

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="\"C:\\Program Files\\Common Files\\Ahead\\Lib\\NMBgMonitor.exe\""

[HKEY_USERS\.default\software\microsoft\windows\currentversion\run]
"Nokia.PCSync"="C:\\Program Files\\Nokia\\Nokia PC Suite 6\\PcSync2.exe /NoDialog"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"InstallVisualStyle"=hex(2):43,3a,5c,57,49,4e,44,4f,57,53,5c,52,65,73,6f,75,72,\
63,65,73,5c,54,68,65,6d,65,73,5c,52,6f,79,61,6c,65,5c,52,6f,79,61,6c,65,2e,\
6d,73,73,74,79,6c,65,73,00
"InstallTheme"=hex(2):43,3a,5c,57,49,4e,44,4f,57,53,5c,52,65,73,6f,75,72,63,65,\
73,5c,54,68,65,6d,65,73,5c,52,6f,79,61,6c,65,2e,74,68,65,6d,65,00

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"DisableRegistryTools"=dword:00000000

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"NoCDBurning"=dword:00000000

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
"{10AEBEF4-5D09-4044-8397-6DC3A5F125B0}"=""
"{B5A2FE0A-844B-4EE9-A3D1-474B44E0496C}"=""

HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\cbxursq
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\pmkjk

HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa
Authentication Packages REG_MULTI_SZ msv1_0\0\0
Security Packages REG_MULTI_SZ kerberos\0msv1_0\0schannel\0wdigest\0\0
Notification Packages REG_MULTI_SZ scecli\0\0

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Svchost]
HTTPFilter REG_MULTI_SZ HTTPFilter\0\0
LocalService REG_MULTI_SZ Alerter\0WebClient\0LmHosts\0RemoteRegistry\0upnphost\0SSDPSRV\0\0
NetworkService REG_MULTI_SZ DnsCache\0\0
DcomLaunch REG_MULTI_SZ DcomLaunch\0TermService\0\0
rpcss REG_MULTI_SZ RpcSs\0\0
imgsvc REG_MULTI_SZ StiSvc\0\0
termsvcs REG_MULTI_SZ TermService\0\0

-- End of Deckard's System Scanner: finished at 2007-05-28 at 15:05:31 ---------

Deckard's System Scanner v20070426.43
Extra logfile - please post this as an attachment with your post.
--------------------------------------------------------------------------------

-- System Information ----------------------------------------------------------

Microsoft Windows XP Professional (build 2600) SP 2.0
Architecture: X86; Language: English

CPU 0: Intel(R) Pentium(R) 4 CPU 3.00GHz
CPU 1: Intel(R) Pentium(R) 4 CPU 3.00GHz
Percentage of Memory in Use: 25%
Physical Memory (total/avail): 2046.39 MiB / 1529.55 MiB
Pagefile Memory (total/avail): 3938.1 MiB / 3527.01 MiB
Virtual Memory (total/avail): 2047.88 MiB / 1966.46 MiB

C: is Fixed (NTFS) - 179.44 GiB total, 143.57 GiB free.
D: is Fixed (FAT32) - 6.84 GiB total, 1.27 GiB free.
E: is CDROM (No Media)
F: is Removable (No Media)
G: is Removable (No Media)
H: is Removable (No Media)
I: is Removable (No Media)

-- Security Center -------------------------------------------------------------

AUOptions is scheduled to auto-install.
Windows Internal Firewall is enabled.

FirstRunDisabled is set.

FW: F-Secure Anti-Virus Client Security 5.55 v5.55 (F-Secure Corporation)
AV: F-Secure Anti-Virus Client Security 5.55 v5.55 (F-Secure Corporation)

-- Environment Variables -------------------------------------------------------

ALLUSERSPROFILE=C:\Documents and Settings\All Users
APPDATA=C:\Documents and Settings\Niko\Application Data
CLIENTNAME=Console
CommonProgramFiles=C:\Program Files\Common Files
COMPUTERNAME=JARVELAUUSI
ComSpec=C:\WINDOWS\system32\cmd.exe
FP_NO_HOST_CHECK=NO
HOMEDRIVE=C:
HOMEPATH=\Documents and Settings\Niko
LOGONSERVER=\\JARVELAUUSI
NUMBER_OF_PROCESSORS=2
OS=Windows_NT
Path=C:\Program Files\PC Connectivity Solution\;C:\WINDOWS\system32;C:\WINDOWS;C:\WINDOWS\System32\Wbem;c:\Python22;C:\Program Files\Common Files\Ahead\Lib\
PATHEXT=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
PROCESSOR_ARCHITECTURE=x86
PROCESSOR_IDENTIFIER=x86 Family 15 Model 4 Stepping 9, GenuineIntel
PROCESSOR_LEVEL=15
PROCESSOR_REVISION=0409
ProgramFiles=C:\Program Files
PROMPT=$P$G
SESSIONNAME=Console
SonicCentral=c:\Program Files\Common Files\Sonic Shared\Sonic Central\
SystemDrive=C:
SystemRoot=C:\WINDOWS
TEMP=C:\DOCUME~1\Niko\LOCALS~1\Temp
TMP=C:\DOCUME~1\Niko\LOCALS~1\Temp
USERDOMAIN=JARVELAUUSI
USERNAME=Niko
USERPROFILE=C:\Documents and Settings\Niko
windir=C:\WINDOWS
__COMPAT_LAYER=EnableNXShowUI

-- User Profiles ---------------------------------------------------------------

HP_Administrator (admin)
Tarja
Niko (admin)
Administrator (admin)

-- Add/Remove Programs ---------------------------------------------------------

--> "C:\Program Files\F-Secure\fsuninst.exe" /UninstRegKey:"F-Secure Anti-Virus Client Security Installer"
--> "C:\Program Files\F-Secure\fsuninst.exe" /UninstRegKey:"F-Secure DAAS"
--> "C:\Program Files\F-Secure\fsuninst.exe" /UninstRegKey:"F-Secure Diagnostics"
--> "C:\Program Files\F-Secure\fsuninst.exe" /UninstRegKey:"F-Secure FWES"
--> "C:\Program Files\F-Secure\fsuninst.exe" /UninstRegKey:"F-Secure GUI"
--> "C:\Program Files\F-Secure\fsuninst.exe" /UninstRegKey:"F-Secure Management Agent"
--> "C:\Program Files\F-Secure\fsuninst.exe" /UninstRegKey:"F-Secure Policy Manager Support"
--> "C:\Program Files\F-Secure\fsuninst.exe" /UninstRegKey:"F-Secure TNB"
--> C:\Program Files\Nero 7\\nero\uninstall\UNNERO.exe /UNINSTALL
--> C:\WINDOWS\BWUnin-6.3.2.62-7681197L.exe -AppId 7681197
--> c:\WINDOWS\system32\\MSIEXEC.EXE /x {075473F5-846A-448B-BCB3-104AA1760205}
--> c:\WINDOWS\system32\\MSIEXEC.EXE /x {AB708C9B-97C8-4AC9-899B-DBF226AC9382}
--> c:\WINDOWS\system32\\MSIEXEC.EXE /x {B12665F4-4E93-4AB4-B7FC-37053B524629}
--> c:\WINDOWS\system32\\MSIEXEC.EXE /x {F80239D8-7811-4D5E-B033-0D0BBFE32920}
--> rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf
Adobe Reader 8 - Suomi --> MsiExec.exe /I{AC76BA86-7AD7-1035-7B44-A80000000000}
Adobe Shockwave Player --> C:\WINDOWS\system32\Macromed\SHOCKW~1\UNWISE.EXE C:\WINDOWS\system32\Macromed\SHOCKW~1\Install.log
Canon LASER SHOT LBP-1120 --> C:\WINDOWS\system32\spool\drivers\w32x86\3\CAP3UNIK.EXE
CCleaner (remove only) --> "C:\Program Files\CCleaner\uninst.exe"
ConvertXtoDVD 2.1.18.242 --> "C:\Program Files\ConvertXtoDVD\unins000.exe"
Enhanced Multimedia Keyboard Solution --> C:\HP\KBD\Install.exe /u
F-Secure Anti-Virus Client Security - Automatic Update Agent --> "C:\Program Files\F-Secure\fsuninst.exe" /UninstRegKey:"F-Secure Backweb"
F-Secure Anti-Virus Client Security - Internet-suojaus --> "C:\Program Files\F-Secure\fsuninst.exe" /UninstRegKey:"F-Secure Internet Shield"
F-Secure Anti-Virus Client Security - Sähköpostitarkistus --> "C:\Program Files\F-Secure\fsuninst.exe" /UninstRegKey:"F-Secure E-mail Scanning"
F-Secure Anti-Virus Client Security - Virustentorjunta --> "C:\Program Files\F-Secure\fsuninst.exe" /UninstRegKey:"F-Secure Anti-Virus"
ffdshow [rev 1006] [2007-03-07] --> "C:\Program Files\ffdshow\unins000.exe"
Garmin City Navigator Europe NT v9 --> MsiExec.exe /X{29EA075F-2C61-472F-B01D-80E8D8F023F1}
Garmin WebUpdater --> MsiExec.exe /X{7D25A304-C82D-41C3-85A8-3BEF84E04887}
GemMaster Mystic --> "C:\Program Files\GemMaster\uninstallgemmaster.exe"
GOM Player --> "C:\Program Files\GRETECH\GomPlayer\Uninstall.exe"
High Definition Audio Driver Package - KB888111 --> "C:\WINDOWS\$NtUninstallKB888111WXPSP2$\spuninst\spuninst.exe"
HijackThis 2.0.0 --> "C:\Documents and Settings\Niko\Desktop\HijackThis.exe" /uninstall
HP Boot Optimizer --> MsiExec.exe /X{1341D838-719C-4A05-B50F-49420CA1B4BB}
HP DigitalMedia Archive --> MsiExec.exe /X{F80239D8-7811-4D5E-B033-0D0BBFE32920}
HP DVD Play 2.1 --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{45D707E9-F3C4-11D9-A373-0050BAE317E1}\Setup.exe" -uninstall
HP Imaging Device Functions 7.0 --> C:\Program Files\HP\Digital Imaging\DeviceManagement\hpzscr01.exe -datfile hpqbud01.dat
HP Photosmart for Media Center PC --> c:\Program Files\HP\Digital Imaging\bin\mcpc\setupmcl.exe /u
HP Photosmart Premier Software 6.5 --> C:\Program Files\HP\Digital Imaging\uninstall\hpzscr01.exe -datfile hpqscr01.dat
HP Software Update --> MsiExec.exe /X{BB85ED9C-AFC9-43BD-B8DC-258C3C7DF72E}
Intel(R) Matrix Storage Manager --> C:\WINDOWS\System32\Imsmudlg.exe
Intel(R) PRO Network Connections Drivers --> Prounstl.exe
Java(TM) SE Runtime Environment 6 Update 1 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160010}
Localization Pack for Microsoft Windows XP Media Center Edition --> MsiExec.exe /I{9E667C7C-F80C-4B91-BCBA-01CBA164A5E9}
Macromedia Flash Player 8 --> C:\WINDOWS\system32\Macromed\Flash\UninstFl.exe
MainConcept for Software Encoder --> C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\9\INTEL3~1\IDriver.exe /M{E7A02A01-C75A-4490-A168-5CA709A3D862}
Microsoft Away Mode -->
Microsoft Office XP Professional ja FrontPage --> MsiExec.exe /I{9028040B-6000-11D3-8CFE-0050048383C9}
Microsoft Works --> MsiExec.exe /I{2EF8368A-5670-45C0-82F1-D7B00F7E7AB8}
Mozilla Firefox (2.0.0.3) --> C:\Program Files\Mozilla Firefox\uninstall\helper.exe
Mozilla Thunderbird (1.5) --> C:\Program Files\Mozilla Thunderbird\uninstall\uninstall.exe /ua "1.5 (fi)"
MUI Help Package - FIN --> C:\WINDOWS\$NtUninstallKB841625_FIN$\spuninst\spuninst.exe
Nero 7 --> MsiExec.exe /I{43FFE159-3199-4188-A1CD-629166AD1035}
neroxml --> MsiExec.exe /I{56C049BE-79E9-4502-BEA7-9754A3E60F9B}
Nokia Connectivity Cable Driver --> MsiExec.exe /X{972B1D9B-0EAD-49E8-B7D6-3B83FD5665B1}
Nokia PC Suite --> C:\Documents and Settings\All Users\Application Data\Installations\{57A48477-92F0-4C1F-ADF9-4806C4EC3CF2}\Nokia_PC_Suite_683_rel_14_1_fin.exe /LANG="1035"
Nokia PC Suite --> MsiExec.exe /I{57A48477-92F0-4C1F-ADF9-4806C4EC3CF2}
Nokia Software Updater --> MsiExec.exe /X{95F2AFB0-8BC9-4E40-A4E1-B9066D2469C0}
NVIDIA Drivers --> C:\WINDOWS\system32\nvudisp.exe UninstallGUI
Otto --> "C:\Program Files\EnglishOtto\uninstallotto.exe"
PC-Doctor 5 for Windows --> C:\Program Files\PC-Doctor 5 for Windows\uninst.exe
PC Connectivity Solution --> MsiExec.exe /I{066D65EA-ED53-44E4-A96A-F81B6E409D2E}
Python 2.2 pywin32 extensions (build 203) --> "C:\Python22\Removepywin32.exe" -u "C:\Python22\pywin32-wininst.log"
Python 2.2.3 --> C:\Python22\UNWISE.EXE C:\Python22\INSTALL.LOG
Realtek High Definition Audio Driver --> RtlUpd.exe -r -m
Sonic Express Labeler --> MsiExec.exe /X{6675CA7F-E51B-4F6A-99D4-F8F0124C6EAA}
Sonic MyDVD Plus --> MsiExec.exe /X{21657574-BD54-48A2-9450-EB03B2C7FC29}
Sonic RecordNow Audio --> MsiExec.exe /X{AB708C9B-97C8-4AC9-899B-DBF226AC9382}
Sonic RecordNow Copy --> MsiExec.exe /X{B12665F4-4E93-4AB4-B7FC-37053B524629}
Sonic RecordNow Data --> MsiExec.exe /X{075473F5-846A-448B-BCB3-104AA1760205}
Sonic Update Manager --> MsiExec.exe /X{30465B6C-B53F-49A1-9EBA-A3F187AD502E}
SpywareBlaster v3.5.1 --> "C:\Program Files\SpywareBlaster\unins000.exe"
Update Rollup 2 for Windows XP Media Center Edition 2005 -->
Winamp (remove only) --> "C:\Program Files\Winamp\UninstWA.exe"
Windows Driver Package - Nokia (WUDFRd) WPD (03/19/2007 6.83.31.1) --> C:\PROGRA~1\DIFX\D6ACC4BE676423A2B130B78A4B627FC457D98997\dpinst.exe /u C:\WINDOWS\system32\DRVSTORE\pccswpddri_039E7E24575DBAE6A389611AF28F4EB97729D33E\pccswpddriver.inf
Windows Driver Package - Nokia Modem (02/15/2007 3.1) --> C:\PROGRA~1\DIFX\D6ACC4BE676423A2B130B78A4B627FC457D98997\dpinst.exe /u C:\WINDOWS\system32\DRVSTORE\pccs_bluet_8B37DC72918CCD58A6EC20373AF6242B037A293B\pccs_bluetooth.inf
Windows Live Messenger --> MsiExec.exe /I{DF6FEB75-A0D1-44E5-A754-0072D4967734}
Windows Live Sign-in Assistant --> MsiExec.exe /I{49672EC2-171B-47B4-8CE7-50D7806360D7}
Windows XP Media Center Edition 2005 KB912067 --> "C:\WINDOWS\$NtUninstallKB912067$\spuninst\spuninst.exe"
Windowsin ohjainpaketti - Nokia Modem (11/03/2006 6.82.0.1) --> C:\PROGRA~1\DIFX\270581355A767BF1\dpinst.exe /u C:\WINDOWS\system32\DRVSTORE\nokbtmdm_4EFFAAE27A08EDFDE145390033D8EF099DA65567\nokbtmdm.inf
WinRAR archiver --> C:\Program Files\WinRAR\uninstall.exe

-- End of Deckard's System Scanner: finished at 2007-05-28 at 15:05:31 ---------

yamaneko · May 28, 2007

1.
Lataa VundoFix.exe työpöydällesi.
[*]Tupla-klikkaa VundoFix.exe ajaaksesi sen.
[*]Klikkaa Scan for Vundo valintaa.
[*]Kun skannaus on valmis, klikkaa Remove Vundo valintaa.
[*]Sinulta kysytään haluatko poistaa filut - klikkaa YES.
[*]Kun olet klikannut yes, työpöytäsi tyhjenee kun se alkaa poistamaan Vundoa.
[*]Kun se on valmis, fiksi ilmoittaa käynnistäväsi koneesi uudelleen, klikkaa OK.
[*]Postita C:\vundofix.txt lokin sekä tuoreen HijackThis lokin sisältö.

Huomaa: Se on mahdollista että VundoFix löysi tiedoston jota se ei pystynyt poistamaan.
Tässä tilanteessa, VundoFix ajaa itsensä rebootissa, seuraa vain yläpuolelle olevia ohjeita alkaen kohdasta "Klikkaa Scan for Vundo valintaa." kun VundoFix ilmaantuu uudelleenkäynnistyksen yhteydessä.

2.
1. Lataa combofix.exe työpöydällesi jommastakummasta linkistä:
combofix.exe
combofix.exe

2. Tuplaklikkaa combofix.exe tiedostoa ja seuraa ohjeistuksia.
3. Kun työkalu on valmis, se tuottaa lokin. (C:\ComboFix.txt) Lähetä tämä loki viesti ketjuusi.
Huom! Älä klikkaile combofixin ikkunaa käytön aikana. Tämä saattaa aiheuttaa ohjelman jumiutumisen.

3.
Ei käytetä Hijackthis 2.0 betaa, vaan edellistä. Jos sinulla ei sitä ole, hae se osoitteesta http://koti.mbnet.fi/pattaya1/HijackThis.exe

Siirrä Hijackthis omaan kansioonsa, esim. C:\Hijackthis. Tämä on tärkeää, jotta Hijackthis toimisi oikein.

Ota uusi loki ja postita se yhdessä vundofix.txt:n ja ComboFix.txt:n kanssa.

Niksulas · May 28, 2007

VundoFix V6.4.1

Checking Java version...

Scan started at 15:31:43 28.5.2007

Listing files found while scanning....

C:\WINDOWS\system32\awvtt.dll
C:\WINDOWS\system32\cbxursq.dll
C:\WINDOWS\system32\kjkmp.bak2
C:\WINDOWS\system32\kjkmp.ini
C:\WINDOWS\system32\lkoqlhgo.ini
C:\WINDOWS\system32\oghlqokl.dll
C:\WINDOWS\system32\pmkjk.dll
C:\WINDOWS\system32\ttvwa.bak1
C:\WINDOWS\system32\ttvwa.ini
C:\WINDOWS\system32\ttvwa.ini2
C:\WINDOWS\system32\ttvwa.tmp

Beginning removal...

Attempting to delete C:\WINDOWS\system32\awvtt.dll
C:\WINDOWS\system32\awvtt.dll Has been deleted!

Attempting to delete C:\WINDOWS\system32\cbxursq.dll
C:\WINDOWS\system32\cbxursq.dll Could not be deleted.

Attempting to delete C:\WINDOWS\system32\kjkmp.bak2
C:\WINDOWS\system32\kjkmp.bak2 Has been deleted!

Attempting to delete C:\WINDOWS\system32\kjkmp.ini
C:\WINDOWS\system32\kjkmp.ini Has been deleted!

Attempting to delete C:\WINDOWS\system32\lkoqlhgo.ini
C:\WINDOWS\system32\lkoqlhgo.ini Has been deleted!

Attempting to delete C:\WINDOWS\system32\oghlqokl.dll
C:\WINDOWS\system32\oghlqokl.dll Has been deleted!

Attempting to delete C:\WINDOWS\system32\pmkjk.dll
C:\WINDOWS\system32\pmkjk.dll Has been deleted!

Attempting to delete C:\WINDOWS\system32\ttvwa.bak1
C:\WINDOWS\system32\ttvwa.bak1 Has been deleted!

Attempting to delete C:\WINDOWS\system32\ttvwa.ini
C:\WINDOWS\system32\ttvwa.ini Has been deleted!

Attempting to delete C:\WINDOWS\system32\ttvwa.ini2
C:\WINDOWS\system32\ttvwa.ini2 Has been deleted!

Attempting to delete C:\WINDOWS\system32\ttvwa.tmp
C:\WINDOWS\system32\ttvwa.tmp Has been deleted!

Performing Repairs to the registry.
Done!

VundoFix V6.4.1

Checking Java version...

Scan started at 15:55:18 28.5.2007

Listing files found while scanning....

C:\WINDOWS\system32\cbxursq.dll

Beginning removal...

Attempting to delete C:\WINDOWS\system32\cbxursq.dll
C:\WINDOWS\system32\cbxursq.dll Has been deleted!

Performing Repairs to the registry.
Done!

"Niko" - 2007-05-28 16:15:40 Service Pack 2
ComboFix 07-05.27.V - Running from: "C:\Documents and Settings\Niko\Desktop\"

(((((((((((((((((((((((((((((((((((((((((((((((((( V Log )))))))))))))))))))))))))))))))))))))))))))))))))))))))

C:\WINDOWS\system32\godshaxj.dll

* * * POST RUN FILES/FOLDERS * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * *

(((((((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

"C:\Program Files\vsadd-in"

((((((((((((((((((((((((((((((( Files Created from 2007-04-28 to 2007-05-28 ))))))))))))))))))))))))))))))))))

2007-05-28 16:14 <KANSIO> d-------- C:\HijackThis
2007-05-28 15:31 <KANSIO> d-------- C:\VundoFix Backups
2007-05-28 15:03 <KANSIO> d-------- C:\Deckard
2007-05-25 13:54 <KANSIO> d-------- C:\Program Files\SpywareBlaster
2007-05-25 13:44 <KANSIO> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Windows Genuine Advantage
2007-05-14 21:55 <KANSIO> d-------- C:\Program Files\Nero 7
2007-05-14 21:55 <KANSIO> d-------- C:\Program Files\Common Files\Ahead
2007-05-14 21:55 <KANSIO> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Nero
2007-05-13 21:15 <KANSIO> d--h----- C:\WINDOWS\PIF
2007-05-13 16:33 <KANSIO> d-------- C:\TempDVD
2007-05-13 16:32 <KANSIO> d-------- C:\dvdsanta
2007-05-13 16:09 <KANSIO> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\DVD Shrink
2007-05-13 15:15 46,560 --a------ C:\DOCUME~1\Tarja\APPLIC~1\GDIPFONTCACHEV1.DAT
2007-05-12 22:00 <KANSIO> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\vsosdk
2007-05-12 21:27 <KANSIO> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Nokia
2007-05-12 20:41 217,127 --a------ C:\WINDOWS\system32\drv43260.dll
2007-05-12 20:41 208,935 --a------ C:\WINDOWS\system32\drv33260.dll
2007-05-12 20:41 176,165 --a------ C:\WINDOWS\system32\drv23260.dll
2007-05-12 20:41 <KANSIO> d-------- C:\Program Files\vso
2007-05-12 20:41 <KANSIO> d-------- C:\Program Files\ConvertXtoDVD
2007-05-12 19:24 87,608 --a------ C:\DOCUME~1\Niko\APPLIC~1\inst.exe
2007-05-12 19:24 47,360 --a------ C:\WINDOWS\system32\drivers\pcouffin.sys
2007-05-12 19:24 47,360 --a------ C:\DOCUME~1\Niko\APPLIC~1\pcouffin.sys
2007-05-12 19:24 <KANSIO> d-------- C:\DOCUME~1\Niko\APPLIC~1\Vso
2007-05-05 15:56 7,296 --a------ C:\WINDOWS\system32\drivers\grmnusb.sys
2007-05-05 15:56 17,536 --a------ C:\WINDOWS\system32\drivers\grmn0200.sys
2007-05-05 15:56 17,024 --a------ C:\WINDOWS\system32\drivers\grmngen.sys
2007-05-05 15:56 16,512 --a------ C:\WINDOWS\system32\drivers\grmn0400.sys
2007-05-05 15:56 11,776 --a------ C:\WINDOWS\system32\drivers\grmn1200.sys
2007-05-05 14:42 <KANSIO> d-------- C:\Garmin
2007-04-30 20:25 <KANSIO> d-------- C:\DOCUME~1\HP_ADM~1\Phone Browser
2007-04-30 20:16 <KANSIO> d-------- C:\DOCUME~1\HP_ADM~1\APPLIC~1\Winamp
2007-04-30 20:12 <KANSIO> d-------- C:\DOCUME~1\HP_ADM~1\APPLIC~1\Nokia

(((((((((((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))))

2007-05-28 12:09:45 -------- d-----w C:\Program Files\Mozilla Thunderbird
2007-05-27 13:31:18 -------- d-----w C:\Program Files\RevConnect
2007-05-12 18:27:07 -------- d-----w C:\Program Files\Common Files\Nokia
2007-05-12 18:27:05 -------- d-----w C:\Program Files\Nokia
2007-04-22 18:55:27 -------- d-----w C:\DOCUME~1\Niko\APPLIC~1\Nokia
2007-04-22 18:53:13 -------- d-----w C:\Program Files\DIFX
2007-04-22 18:52:55 -------- d-----w C:\Program Files\Common Files\PCSuite
2007-04-22 18:51:54 -------- d-----w C:\Program Files\PC Connectivity Solution
2007-04-18 16:12:23 2,854,400 ----a-w C:\WINDOWS\system32\msi.dll
2007-04-10 13:36:27 -------- d-----w C:\DOCUME~1\Niko\APPLIC~1\bang
2007-04-05 17:24:26 -------- d-----w C:\DOCUME~1\Niko\APPLIC~1\CyberLink
2007-04-05 04:51:53 -------- d-----w C:\Program Files\CCleaner
2007-04-01 08:52:05 -------- d-----w C:\Program Files\B2BPOKER
2007-03-17 13:43:01 292,864 ----a-w C:\WINDOWS\system32\winsrv.dll
2007-03-14 16:19:56 95,864 ----a-w C:\WINDOWS\system32\NeroCo.dll
2007-03-10 17:07:23 4,210 ----a-w C:\WINDOWS\mozver.dat
2007-03-10 13:19:17 0 ----a-w C:\WINDOWS\nsreg.dat
2007-03-10 12:59:23 118,784 ------r C:\WINDOWS\bwUnin-6.3.2.62-7681197L.exe
2007-03-08 15:36:28 577,536 ----a-w C:\WINDOWS\system32\user32.dll
2007-03-08 15:36:28 40,960 ----a-w C:\WINDOWS\system32\mf3216.dll
2007-03-08 15:36:28 281,600 ----a-w C:\WINDOWS\system32\gdi32.dll
2007-03-08 13:47:48 1,843,584 ----a-w C:\WINDOWS\system32\win32k.sys

(((((((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))

*Note* empty entries & legit default entries are not shown

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects]
{4B646AFB-9341-4330-8FD1-C32485AEE619}=C:\WINDOWS\system32\godshaxj.dll []
{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}=C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll [2007-03-14 03:43]
{9030D464-4C02-4ABF-8ECC-5164760863C6}=C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2006-08-31 21:33]
{B88893D4-6932-4B3E-B96B-C11B156B0A87}=C:\WINDOWS\system32\pmkjk.dll []

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ehTray"="C:\WINDOWS\ehome\ehtray.exe" [2005-08-06 00:56]
"ftutil2"="ftutil2.dll" [2004-06-07 17:05 C:\WINDOWS\system32\ftutil2.dll]
"RTHDCPL"="RTHDCPL.EXE" []
"IAAnotif"="C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe" [2006-02-21 20:59]
"AlwaysReady Power Message APP"="ARPWRMSG.EXE" []
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2006-06-20 20:06]
"nwiz"="nwiz.exe" [2006-06-20 20:06 C:\WINDOWS\system32\nwiz.exe]
"DMAScheduler"="c:\Program Files\HP DigitalMedia Archive\DMAScheduler.exe" [2006-04-13 03:05]
"Recguard"="C:\WINDOWS\SMINST\RECGUARD.EXE" [2005-07-22 16:14]
"HPBootOp"="C:\Program Files\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe" [2006-02-15 16:34]
"HP Software Update"="C:\Program Files\HP\HP Software Update\HPwuSchd2.exe" [2005-02-17 00:11]
"F-Secure Manager"="C:\Program Files\F-Secure\Common\FSM32.exe" [2004-09-09 12:03]
"F-Secure TNB"="C:\Program Files\F-Secure\TNB\TNBUtil.exe" [2004-05-27 11:57]
"CAP3ON"="C:\WINDOWS\system32\spool\drivers\w32x86\3\CAP3ONN.EXE" [2002-08-05 18:00]
"PCSuiteTrayApplication"="C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe" [2007-03-23 13:20]
"NeroFilterCheck"="C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe" [2007-03-09 18:53]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe" [2007-03-12 13:49]

[HKEY_USERS\.default\software\microsoft\windows\currentversion\run]
"Nokia.PCSync"=C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"InstallVisualStyle"=C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles
"InstallTheme"=C:\WINDOWS\Resources\Themes\Royale.theme

*Newly Created Service* -PROCEXP90

Contents of the 'Scheduled Tasks' folder
2007-05-28 10:49:15 C:\WINDOWS\tasks\Scheduled scanning task.job

********************************************************************

catchme 0.3.681 W2K/XP/Vista - userland rootkit detector by Gmer, http://www.gmer.net
Rootkit scan 2007-05-28 16:16:56
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

********************************************************************

Completion time: 2007-05-28 16:17:27
C:\ComboFix-quarantined-files.txt ... 2007-05-28 16:17

--- E O F ---

Logfile of HijackThis v1.99.1
Scan saved at 16:19:35, on 28.5.2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\ehome\ehtray.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe
C:\Program Files\HP DigitalMedia Archive\DMAScheduler.exe
C:\Program Files\HP\HP Software Update\HPwuSchd2.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\F-Secure\Common\FSM32.EXE
C:\WINDOWS\system32\CAP3RSK.EXE
C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe
C:\WINDOWS\SYSTEM32\SPOOL\DRIVERS\W32X86\3\CAP3SWK.EXE
C:\WINDOWS\arservice.exe
C:\WINDOWS\system32\spool\drivers\w32x86\3\CAP3LAK.EXE
C:\PROGRA~1\F-Secure\BackWeb\7681197\Program\SERVIC~1.EXE
C:\WINDOWS\eHome\ehRecvr.exe
C:\Program Files\F-Secure\BackWeb\7681197\Program\F-Secure Automatic Update.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\F-Secure\Anti-Virus\fsgk32st.exe
C:\Program Files\F-Secure\Anti-Virus\FSGK32.EXE
C:\Program Files\F-Secure\BackWeb\7681197\program\fsbwsys.exe
C:\Program Files\F-Secure\Anti-Virus\fssm32.exe
C:\Program Files\F-Secure\Common\FSMA32.EXE
C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
C:\Program Files\F-Secure\Common\FSMB32.EXE
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\F-Secure\Common\FCH32.EXE
C:\WINDOWS\system32\svchost.exe
C:\Program Files\F-Secure\Common\FAMEH32.EXE
C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
C:\WINDOWS\system32\dllhost.exe
C:\Program Files\F-Secure\Common\FNRB32.EXE
C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe
C:\Program Files\F-Secure\FWES\Program\fsdfwd.exe
C:\Program Files\F-Secure\Common\FIH32.EXE
C:\Program Files\F-Secure\Anti-Virus\fsav32.exe
C:\Program Files\F-Secure\FSGUI\fsguiexe.exe
C:\WINDOWS\eHome\ehmsas.exe
C:\HP\KBD\KBD.EXE
C:\Program Files\Mozilla Firefox\firefox.exe
c:\windows\system\hpsysdrv.exe
C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\explorer.exe
C:\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=FI_FI&c=64&bd=PAVILION&pf=desktop
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=FI_FI&c=64&bd=PAVILION&pf=desktop
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=FI_FI&c=64&bd=PAVILION&pf=desktop
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=FI_FI&c=64&bd=PAVILION&pf=desktop
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=FI_FI&c=64&bd=PAVILION&pf=desktop
O2 - BHO: Adobe PDF Reader -linkkiavustaja - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {4B646AFB-9341-4330-8FD1-C32485AEE619} - C:\WINDOWS\system32\godshaxj.dll (file missing)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: (no name) - {B88893D4-6932-4B3E-B96B-C11B156B0A87} - C:\WINDOWS\system32\pmkjk.dll (file missing)
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [ftutil2] rundll32.exe ftutil2.dll,SetWriteCacheMode
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe
O4 - HKLM\..\Run: [AlwaysReady Power Message APP] ARPWRMSG.EXE
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /installquiet /keeploaded /nodetect
O4 - HKLM\..\Run: [DMAScheduler] "c:\Program Files\HP DigitalMedia Archive\DMAScheduler.exe"
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [HPBootOp] "C:\Program Files\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe" /run
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPwuSchd2.exe
O4 - HKLM\..\Run: [F-Secure Manager] "C:\Program Files\F-Secure\Common\FSM32.EXE" /splash
O4 - HKLM\..\Run: [F-Secure TNB] "C:\Program Files\F-Secure\TNB\TNBUtil.exe" /CHECKALL /WAITFORSW
O4 - HKLM\..\Run: [CAP3ON] C:\WINDOWS\system32\spool\drivers\w32x86\3\CAP3ONN.EXE
O4 - HKLM\..\Run: [PCSuiteTrayApplication] C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe -startup
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"
O4 - Startup: PinMcLnk.lnk = C:\hp\bin\cloaker.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe
O4 - Global Startup: Adobe Reader Synchronizer.lnk = C:\Program Files\Adobe\Reader 8.0\Reader\AdobeCollabSync.exe
O4 - Global Startup: Canon LASER SHOT LBP-1120 - Tilaikkuna.LNK = C:\WINDOWS\system32\spool\drivers\w32x86\3\CAP3LAK.EXE
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: Vie Microsoft E&xceliin - res://C:\PROGRA~1\MICROS~3\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra button: Yhteysohje - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm
O9 - Extra 'Tools' menuitem: Yhteysohje - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O23 - Service: F-Secure Automatic Update (BackWeb Plug-in - 7681197) - Unknown owner - C:\PROGRA~1\F-Secure\BackWeb\7681197\Program\SERVIC~1.EXE
O23 - Service: F-Secure Gatekeeper Handler Starter - F-Secure Corp. - C:\Program Files\F-Secure\Anti-Virus\fsgk32st.exe
O23 - Service: F-Secure Network Request Broker - F-Secure Corporation - C:\Program Files\F-Secure\Common\FNRB32.EXE
O23 - Service: fsbwsys - F-Secure Corp. - C:\Program Files\F-Secure\BackWeb\7681197\program\fsbwsys.exe
O23 - Service: F-Secure Anti-Virus Firewall Daemon (FSDFWD) - F-Secure Corporation - C:\Program Files\F-Secure\FWES\Program\fsdfwd.exe
O23 - Service: F-Secure Management Agent (FSMA) - F-Secure Corporation - C:\Program Files\F-Secure\Common\FSMA32.EXE
O23 - Service: Intel(R) Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe

yamaneko · May 28, 2007

1.
Siirrä Hijackthis omaan kansioonsa (ellei jo ole), esim. C:\Hijackthis. Tämä on tärkeää, jotta Hijackthis toimisi oikein.

Käynnistä C:\Hijackthis\hijackthis.exe ja valitse Do a system scan only
Valitse seuraavat rivit (ne jotka löytyvät):

O2 - BHO: (no name) - {4B646AFB-9341-4330-8FD1-C32485AEE619} - C:\WINDOWS\system32\godshaxj.dll (file missing)
O2 - BHO: (no name) - {B88893D4-6932-4B3E-B96B-C11B156B0A87} - C:\WINDOWS\system32\pmkjk.dll (file missing)

Valitse lopuksi Fix checked

2.
Tallenna nämä ohjeet tekstitiedostoon tai tulosta nämä, muuten et pääse niihin käsiksi vikasietotilasta

Lataa AVG Anti-Spyware 7.5 ja tallenna ohjelma työpöydällesi.
[*]Kun olet ladannut ohjelman, kaksoisklikkaa asennuohjelman pikakuvaketta työpöydälläsi, asennus alkaa.
[*]Asennuksen jälkeen täytyy ohjelma käynnistää ja sen tunnisteet päivittää.
[*]Käynnistä AVG Anti-Spyware.
[*]Klikkaa "Update" kuvaketta päävalikossa. Sen jälkeen klikkaa "Update now" painiketta.
[*]Sitten klikkaa "Start Update" kuvaketta jolloin päivitys alkaa.

[*]Kun päivitykset on ladattu, klikkaa "Scanner" kuvaketta ikkunan ylälaidassa. Valitse sitten "Settings" välilehti.
[*]Kun "Settings" valikko on auennut, klikkaa "Recommended actions" ja sitten valitse "Quarantine".
[*]Sitten "Reports" valikon alta:
[*]Laita täppi kohtaan "Automatically generate report after every scan"
[*]Ota täppi pois kohdasta"Only if threats were found"

[*]Sitten klikkaa "Shield" kuvaketta ikkunan ylälaidassa
[*]"Resident shield is", muuta tila active:sta inactive:ksi
[*]Sulje ohjelma, ÄLÄ skannaa vielä.
Käynnistä koneesi vikasietotilaan, Ohje!

HUOM! Älä käytä muita ohjelmia AVG skannauksen aikana, tämä saattaa häiritä skannausta.
[*]Kun vikasietotilassa, käynnistä AVG Anti-Spyware.
[*]Klikkaa "Scanner" kuvaketta ikkunan ylälaidassa ja valitse "Scan" välilehti. Sitten klikkaa "Complete System Scan".
[*]AVG aloittaa nyt tietokoneen skannaamisen, ole kärsivällinen sillä skannaus vie aikaa.

Kun skannaus on valmis:
TÄRKEÄÄ : Älä klikkaa "Save Scan Report" ennen kuin klikkaat "Apply all Actions"
[*]Varmistu, että Set all elements to: näyttää Quarantine (1), jos ei, klikkaa linkkiä ja valitse Quarantine popup-valikosta.
[*]Sinulta kysytään mitä tehdä jos infektioita löytyi, valitse silloin "Apply all actions"

[*]Sitten klikkaa "Reports" kuvaketta ohjelma yläosasta.
[*]Klikkaa "Save report as" painiketta ikkunan vasemmassa alalaidassa ja tallenna raportti työpöydälle.
[*]Sulje ohjelma, käynnistä kone normaalisti ja lähetä AVG Anti-Spyware:n raportti viestikejuusi.

HUOM! Jos automaattipäivitys ei jostain syystä toimi, niin tunnisteet voi ladata manuaalisesti http://www.ewido.net/en/download/updates/ -linkin takaa.

Niksulas · May 29, 2007

---------------------------------------------------------
AVG Anti-Spyware - Scan Report
---------------------------------------------------------

+ Created at: 14:30:06 29.5.2007

+ Scan result:

C:\System Volume Information\_restore{106CF321-99A3-4E3A-9103-1BD027606A99}\RP51\A0014310.dll -> Adware.Virtumonde : Cleaned with backup (quarantined).
C:\VundoFix Backups\cbxursq.dll.bad -> Adware.Virtumonde : Cleaned with backup (quarantined).
C:\Documents and Settings\Tarja\Local Settings\Temp\OHKQULXG.0LL -> Logger.VBStat.h : Cleaned with backup (quarantined).
C:\Documents and Settings\Tarja\Local Settings\Temp\ynflsfgi.dll -> Logger.VBStat.h : Cleaned with backup (quarantined).
:mozilla.38:C:\Documents and Settings\Tarja\Application Data\Mozilla\Firefox\Profiles\hu9o2h2r.default\cookies.txt -> TrackingCookie.Adtech : Cleaned.
:mozilla.39:C:\Documents and Settings\Tarja\Application Data\Mozilla\Firefox\Profiles\hu9o2h2r.default\cookies.txt -> TrackingCookie.Adtech : Cleaned.
:mozilla.56:C:\Documents and Settings\Tarja\Application Data\Mozilla\Firefox\Profiles\hu9o2h2r.default\cookies.txt -> TrackingCookie.Advertising : Cleaned.
:mozilla.57:C:\Documents and Settings\Tarja\Application Data\Mozilla\Firefox\Profiles\hu9o2h2r.default\cookies.txt -> TrackingCookie.Advertising : Cleaned.
:mozilla.58:C:\Documents and Settings\Tarja\Application Data\Mozilla\Firefox\Profiles\hu9o2h2r.default\cookies.txt -> TrackingCookie.Advertising : Cleaned.
C:\Documents and Settings\HP_Administrator\Cookies\hp_administrator@cpvfeed[2].txt -> TrackingCookie.Cpvfeed : Cleaned.
C:\Documents and Settings\Tarja\Cookies\tarja@cpvfeed[2].txt -> TrackingCookie.Cpvfeed : Cleaned.
:mozilla.16:C:\Documents and Settings\Tarja\Application Data\Mozilla\Firefox\Profiles\hu9o2h2r.default\cookies.txt -> TrackingCookie.Doubleclick : Cleaned.
C:\Documents and Settings\HP_Administrator\Cookies\hp_administrator@mediaplex[1].txt -> TrackingCookie.Mediaplex : Cleaned.
C:\Documents and Settings\Tarja\Cookies\tarja@mediaplex[1].txt -> TrackingCookie.Mediaplex : Cleaned.
:mozilla.59:C:\Documents and Settings\Tarja\Application Data\Mozilla\Firefox\Profiles\hu9o2h2r.default\cookies.txt -> TrackingCookie.Sitestat : Cleaned.
:mozilla.10:C:\Documents and Settings\Tarja\Application Data\Mozilla\Firefox\Profiles\hu9o2h2r.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned.
:mozilla.18:C:\Documents and Settings\Tarja\Application Data\Mozilla\Firefox\Profiles\hu9o2h2r.default\cookies.txt -> TrackingCookie.Statistik-gallup : Cleaned.
:mozilla.35:C:\Documents and Settings\Tarja\Application Data\Mozilla\Firefox\Profiles\hu9o2h2r.default\cookies.txt -> TrackingCookie.Tradedoubler : Cleaned.
:mozilla.36:C:\Documents and Settings\Tarja\Application Data\Mozilla\Firefox\Profiles\hu9o2h2r.default\cookies.txt -> TrackingCookie.Tradedoubler : Cleaned.

::Report end

yamaneko · May 29, 2007

Miltä kone nyt tuntuu, vieläkö on ongelmia?

Nyt kun olet puhdas, seuraavaksi pari vinkkiä kuinka pienennetään saastumisriskiä. Kaikista on saatavilla joko suomenkielinen versio sekä/tai suomenkielinen opas.

-> Taistele vastaan!!-> Malware Complaints
Sivusto antaa haittaohjelmien uhreille mahdollisuuden kertoa tarinansa ja tehdä valituksen asiasta. Taistellaan yhdessä haittaohjelmien tekijöitä vastaan!

-> Tyhjennä järjestelmänpalautus -> Ohjeet
Tyhjennä järjestelmänpalautuskansio ja luo uusi palautuspiste. Tämä puhdistaa palautuskansion mahdollisista haittaohjelmajäännöksistä.

-> Käytä CCleaneria -> CCleaner
Lataa ja asenna CCleaner. Puhdista väliaikaistiedostot ja -kansiot ohjelmalla säännöllisesti.

-> Käytä Ad-Awarea -> Ad-Aware
Lataa ja asenna Ad-Aware. Päivitä se ja skannaa konettasi sillä säännöllisesti.
Opas saatavilla suomeksi! Nimimerkki Ad-Awaren opas

-> Käytä AVG Anti-Spywarea -> AVG Anti-Spyware
Lataa ja asenna AVG Anti-Spyware. Päivitä se ja skannaa konettasi sillä säännöllisesti
Opas saatavilla suomeksi! (Ewido ulkoasulla) Nimimerkki Axelin opas

-> Asenna SpywareBlaster -> SpywareBlaster
SpywareBlaster estää haittaohjelmia asentumasta koneellesi. Ei kuluta muistia!
Opas saatavilla suomeksi! Nimimerkki Ad-Awaren opas

-> Asenna MVPS Hosts tiedosto -> MVPS Hosts
Estää koneesi yhteyden haitallisiin sivustoihin.
Opas saatavilla suomeksi! Nimimerkki Axelin opas

-> Vaihda selaimesi Firefoxiin -> Firefox
Firefox on nopeampi, turvallisempi ja parempi selain kuin Internet Explorer.

-> Pidä järjestelmäsi ajantasalla. -> Windows Update
Vieraile Windows Updatessa säännöllisesti.

-> Pidä palomuuri ja virustorjunta ajantasalla
Päivitä ja skannaa koneesi säännöllisesti virustorjuntaohjelmallasi.

Pysy puhtaana

Log in or Sign up

HiJackthis logi tarkastettavaksi

Niksulas Member

yamaneko Senior member

Niksulas Member

yamaneko Senior member

Niksulas Member

yamaneko Senior member

Niksulas Member

yamaneko Senior member

Share This Page

Log in or Sign up

HiJackthis logi tarkastettavaksi

Niksulas Member

yamaneko Senior member

Niksulas Member

yamaneko Senior member

Niksulas Member

yamaneko Senior member

Niksulas Member

yamaneko Senior member

Share This Page

Useful Searches