ONGELMIA!! kaappausko??

Discussion in 'Virukset ja haittaohjelmat' started by hatari1, Jun 4, 2006.

  1. hatari1

    hatari1 Member

    Joined:
    Jun 4, 2006
    Messages:
    4
    Likes Received:
    0
    Trophy Points:
    11
    Kotisivun tilalle tulee vaan http://www.securityuptodate.net/
    Jossa varoitetaan että joku on kaapannu mun koneen!!!
    Mikä neuvoksi?? näitä afterdown
    sivuja jo selasin sen verran että sain ladattua nuo hjt-jutut...joku niistä kai ymmärtää??
    Ajettu jo ewidoa.ad-awarea ja spybotia.antiwir:kin tarkistanut jo monta kertaa,ilman että löytää enää mitään.
    AUTTAKAA!!!

    Tähän perään se hjt (tai mikä se nyt onkaan)
    Ennen tätä päivää kaikki toimi ihan ok...


    Logfile of HijackThis v1.99.1
    Scan saved at 0:27:44, on 5.6.2006
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\AntiVir PersonalEdition Classic\sched.exe
    C:\Program Files\AntiVir PersonalEdition Classic\avguard.exe
    C:\Program Files\ewido anti-malware\ewidoctrl.exe
    C:\WINDOWS\system32\slserv.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\UAService7.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\system32\hkcmd.exe
    C:\WINDOWS\SOUNDMAN.EXE
    C:\WINDOWS\system32\LVCOMSX.EXE
    C:\Program Files\Logitech\Video\LogiTray.exe
    C:\Program Files\Java\jre1.5.0_04\bin\jusched.exe
    C:\Program Files\Common Files\Real\Update_OB\realsched.exe
    C:\Program Files\Common Files\Logitech\QCDriver\LVCOMS.EXE
    C:\Program Files\AntiVir PersonalEdition Classic\avgnt.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
    C:\Program Files\Skype\Phone\Skype.exe
    C:\Program Files\Logitech\Video\FxSvr2.exe
    C:\WINDOWS\system32\cisvc.exe
    C:\WINDOWS\system32\cidaemon.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Documents and Settings\Hanski.YOUR-4072ISAQUB\Local Settings\Temporary Internet Files\Content.IE5\QJIRUXEZ\HijackThis[1].exe
    C:\WINDOWS\system32\NOTEPAD.EXE
    C:\Program Files\Internet Explorer\iexplore.exe

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://g.msn.fi/0SEFIFI/SAOS01?FORM=TOOLBR
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://g.msn.fi/0SEFIFI/SAOS01?FORM=TOOLBR
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.suomi24.fi/
    R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://g.msn.fi/0SEFIFI/SAOS01?FORM=TOOLBR
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Linkit
    O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
    O2 - BHO: Shareaza Web Download Hook - {0EEDB912-C5FA-486F-8334-57288578C627} - C:\Program Files\Shareaza\Plugins\RazaWebHook.dll
    O2 - BHO: Nothing - {6ab7158b-4bff-4160-ad7d-4d622df548cf} - C:\WINDOWS\system32\hp100.tmp
    O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
    O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
    O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
    O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
    O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\system32\LVCOMSX.EXE
    O4 - HKLM\..\Run: [LogitechVideoRepair] C:\Program Files\Logitech\Video\ISStart.exe
    O4 - HKLM\..\Run: [LogitechVideoTray] C:\Program Files\Logitech\Video\LogiTray.exe
    O4 - HKLM\..\Run: [Norman ZANDA] C:\Norman\Nvc\BIN\ZLH.EXE /LOAD /SPLASH
    O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_04\bin\jusched.exe
    O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
    O4 - HKLM\..\Run: [LVCOMS] C:\Program Files\Common Files\Logitech\QCDriver\LVCOMS.EXE
    O4 - HKLM\..\Run: [avgnt] "C:\Program Files\AntiVir PersonalEdition Classic\avgnt.exe" /min
    O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [LogitechSoftwareUpdate] "C:\Program Files\Logitech\Video\ManifestEngine.exe" boot
    O4 - HKCU\..\Run: [LDM] C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
    O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
    O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe
    O8 - Extra context menu item: &Search - http://bar.mywebsearch.com/menusearch.html?p=ZNxdm414YYFI
    O8 - Extra context menu item: Download with &Shareaza - res://C:\Program Files\Shareaza\Plugins\RazaWebHook.dll/3000
    O8 - Extra context menu item: Vie Microsoft E&xceliin - res://C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
    O9 - Extra button: Oheistiedot - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
    O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} - http://software-dl.real.com/02afea8c003bf651dc23/netzip/RdxIE601.cab
    O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1126598216421
    O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1126768449593
    O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMessengerSetupDownloader.cab
    O16 - DPF: {BB21F850-63F4-4EC9-BF9D-565BD30C9AE9} (ASquaredScanForm Element) - http://www.windowsecurity.com/trojanscan/axscan.cab
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = Hannun_kone
    O17 - HKLM\Software\..\Telephony: DomainName = Hannun_kone
    O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = Hannun_kone
    O18 - Protocol: bw+0 - {194BABB3-420B-4AAB-8DB8-C47306B7039F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw+0s - {194BABB3-420B-4AAB-8DB8-C47306B7039F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw-0 - {194BABB3-420B-4AAB-8DB8-C47306B7039F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw-0s - {194BABB3-420B-4AAB-8DB8-C47306B7039F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw00 - {194BABB3-420B-4AAB-8DB8-C47306B7039F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw00s - {194BABB3-420B-4AAB-8DB8-C47306B7039F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw10 - {194BABB3-420B-4AAB-8DB8-C47306B7039F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw10s - {194BABB3-420B-4AAB-8DB8-C47306B7039F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw20 - {194BABB3-420B-4AAB-8DB8-C47306B7039F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw20s - {194BABB3-420B-4AAB-8DB8-C47306B7039F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw30 - {194BABB3-420B-4AAB-8DB8-C47306B7039F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw30s - {194BABB3-420B-4AAB-8DB8-C47306B7039F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw40 - {194BABB3-420B-4AAB-8DB8-C47306B7039F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw40s - {194BABB3-420B-4AAB-8DB8-C47306B7039F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw50 - {194BABB3-420B-4AAB-8DB8-C47306B7039F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw50s - {194BABB3-420B-4AAB-8DB8-C47306B7039F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw60 - {194BABB3-420B-4AAB-8DB8-C47306B7039F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw60s - {194BABB3-420B-4AAB-8DB8-C47306B7039F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw70 - {194BABB3-420B-4AAB-8DB8-C47306B7039F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw70s - {194BABB3-420B-4AAB-8DB8-C47306B7039F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw80 - {194BABB3-420B-4AAB-8DB8-C47306B7039F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw80s - {194BABB3-420B-4AAB-8DB8-C47306B7039F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw90 - {194BABB3-420B-4AAB-8DB8-C47306B7039F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw90s - {194BABB3-420B-4AAB-8DB8-C47306B7039F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwa0 - {194BABB3-420B-4AAB-8DB8-C47306B7039F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwa0s - {194BABB3-420B-4AAB-8DB8-C47306B7039F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwb0 - {194BABB3-420B-4AAB-8DB8-C47306B7039F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwb0s - {194BABB3-420B-4AAB-8DB8-C47306B7039F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwc0 - {194BABB3-420B-4AAB-8DB8-C47306B7039F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwc0s - {194BABB3-420B-4AAB-8DB8-C47306B7039F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwd0 - {194BABB3-420B-4AAB-8DB8-C47306B7039F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwd0s - {194BABB3-420B-4AAB-8DB8-C47306B7039F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwe0 - {194BABB3-420B-4AAB-8DB8-C47306B7039F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwe0s - {194BABB3-420B-4AAB-8DB8-C47306B7039F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwf0 - {194BABB3-420B-4AAB-8DB8-C47306B7039F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwf0s - {194BABB3-420B-4AAB-8DB8-C47306B7039F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
    O18 - Protocol: bwg0 - {194BABB3-420B-4AAB-8DB8-C47306B7039F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwg0s - {194BABB3-420B-4AAB-8DB8-C47306B7039F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwh0 - {194BABB3-420B-4AAB-8DB8-C47306B7039F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwh0s - {194BABB3-420B-4AAB-8DB8-C47306B7039F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwi0 - {194BABB3-420B-4AAB-8DB8-C47306B7039F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwi0s - {194BABB3-420B-4AAB-8DB8-C47306B7039F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwj0 - {194BABB3-420B-4AAB-8DB8-C47306B7039F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwj0s - {194BABB3-420B-4AAB-8DB8-C47306B7039F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwk0 - {194BABB3-420B-4AAB-8DB8-C47306B7039F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwk0s - {194BABB3-420B-4AAB-8DB8-C47306B7039F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwl0 - {194BABB3-420B-4AAB-8DB8-C47306B7039F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwl0s - {194BABB3-420B-4AAB-8DB8-C47306B7039F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwm0 - {194BABB3-420B-4AAB-8DB8-C47306B7039F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwm0s - {194BABB3-420B-4AAB-8DB8-C47306B7039F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwn0 - {194BABB3-420B-4AAB-8DB8-C47306B7039F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwn0s - {194BABB3-420B-4AAB-8DB8-C47306B7039F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwo0 - {194BABB3-420B-4AAB-8DB8-C47306B7039F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwo0s - {194BABB3-420B-4AAB-8DB8-C47306B7039F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwp0 - {194BABB3-420B-4AAB-8DB8-C47306B7039F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwp0s - {194BABB3-420B-4AAB-8DB8-C47306B7039F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwq0 - {194BABB3-420B-4AAB-8DB8-C47306B7039F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwq0s - {194BABB3-420B-4AAB-8DB8-C47306B7039F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwr0 - {194BABB3-420B-4AAB-8DB8-C47306B7039F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwr0s - {194BABB3-420B-4AAB-8DB8-C47306B7039F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bws0 - {194BABB3-420B-4AAB-8DB8-C47306B7039F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bws0s - {194BABB3-420B-4AAB-8DB8-C47306B7039F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwt0 - {194BABB3-420B-4AAB-8DB8-C47306B7039F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwt0s - {194BABB3-420B-4AAB-8DB8-C47306B7039F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwu0 - {194BABB3-420B-4AAB-8DB8-C47306B7039F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwu0s - {194BABB3-420B-4AAB-8DB8-C47306B7039F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwv0 - {194BABB3-420B-4AAB-8DB8-C47306B7039F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwv0s - {194BABB3-420B-4AAB-8DB8-C47306B7039F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bww0 - {194BABB3-420B-4AAB-8DB8-C47306B7039F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bww0s - {194BABB3-420B-4AAB-8DB8-C47306B7039F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwx0 - {194BABB3-420B-4AAB-8DB8-C47306B7039F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwx0s - {194BABB3-420B-4AAB-8DB8-C47306B7039F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwy0 - {194BABB3-420B-4AAB-8DB8-C47306B7039F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwy0s - {194BABB3-420B-4AAB-8DB8-C47306B7039F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwz0 - {194BABB3-420B-4AAB-8DB8-C47306B7039F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwz0s - {194BABB3-420B-4AAB-8DB8-C47306B7039F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
    O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
    O18 - Protocol: offline-8876480 - {194BABB3-420B-4AAB-8DB8-C47306B7039F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
    O23 - Service: AntiVir Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\AntiVir PersonalEdition Classic\sched.exe
    O23 - Service: AntiVir PersonalEdition Classic Service (AntiVirService) - AVIRA GmbH - C:\Program Files\AntiVir PersonalEdition Classic\avguard.exe
    O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido anti-malware\ewidoctrl.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
    O23 - Service: Norman NJeeves - Unknown owner - C:\NORMAN\Nvc\BIN\NJEEVES.EXE (file missing)
    O23 - Service: Norman Type-R - Unknown owner - C:\Norman\Norman\Nvc\BIN\NPFSVICE.EXE (file missing)
    O23 - Service: Norman ZANDA - Unknown owner - C:\Norman\Nvc\BIN\Zanda.exe (file missing)
    O23 - Service: Norman Virus Control Scheduler (NVCScheduler) - Unknown owner - C:\NORMAN\Nvc\BIN\NVCSCHED.EXE (file missing)
    O23 - Service: SmartLinkService (SLService) - - C:\WINDOWS\SYSTEM32\slserv.exe
    O23 - Service: SecuROM User Access Service (V7) (UserAccess7) - Sony DADC Austria AG. - C:\WINDOWS\system32\UAService7.exe
     
    hatari1, Jun 4, 2006
    #1
  2. blade81

    blade81 Active member

    Joined:
    Jul 28, 2003
    Messages:
    1,287
    Likes Received:
    0
    Trophy Points:
    66
    Vain yksi virustorjuntaohjelma/palomuuri per työasema. Sinulla näyttäis olevan sekä Antivir että Norman.

    Lataa SmitfraudFix (c) S!Ri (http://siri.urz.free.fr/Fix/SmitfraudFix.zip)
    Pura sisältö (kansio nimeltä SmitfraudFix) työpöydällesi:

    Avaa SmitfraudFix kansio ja tupla-klikkaa smitfraudfix.cmd
    Valitse optio #1 - Search kirjoittamalla 1 ja painamalla "Enter"; tekstitiedosto avautuu, joka listaa tarttuneet tiedostot (jos olemassa).
    Postita tämän tekstitiedoston sisältö viestiketjuusi.

    Huomaa : process.exe filun tunnistaa jotkut Anti-virus ohjelmat (AntiVir, Dr.Web, Kaspersky) "Haittakaluna"; se ei ole virus, vaan ohjelma joka pysäyttää prosesseja. A/V ohjelmat eivät pysty tunnistamaan hyvän ja pahan käytön tälläisten ohjelmian väliltä, silloin ne saattavat varoittaa käyttäjää.
    http://www.beyondlogic.org/consulting/processutil/processutil.htm
     
    blade81, Jun 4, 2006
    #2
  3. hatari1

    hatari1 Member

    Joined:
    Jun 4, 2006
    Messages:
    4
    Likes Received:
    0
    Trophy Points:
    11
    Aiemmasta Normanista tainnu jäädä jotain koneelle..
    Nykyinen Antiwir kyllä toiminu moitteettomasti.
    Taitaa olla viisainta buutata koko kone.
    Varsinkaan kun en oo tämän alan haka..
    Mutta tässä kuitenkin se lista mukaan.


    SmitFraudFix v2.54

    Scan done at 12:35:12,87, ma 05.06.2006
    Run from C:\Documents and Settings\Hanski.YOUR-4072ISAQUB\Ty”p”yt„\SmitfraudFix\SmitfraudFix
    OS: Microsoft Windows XP [versio 5.1.2600] - Windows_NT
    Fix ran in normal mode

    »»»»»»»»»»»»»»»»»»»»»»»» C:\


    »»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS


    »»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system


    »»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\Web


    »»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system32

    C:\WINDOWS\system32\dcomcfg.exe FOUND !
    C:\WINDOWS\system32\hp???.tmp FOUND !
    C:\WINDOWS\system32\hp????.tmp FOUND !
    C:\WINDOWS\system32\ld????.tmp FOUND !
    C:\WINDOWS\system32\ot.ico FOUND !
    C:\WINDOWS\system32\regperf.exe FOUND !
    C:\WINDOWS\system32\simpole.tlb FOUND !
    C:\WINDOWS\system32\stdole3.tlb FOUND !
    C:\WINDOWS\system32\1024\ FOUND !

    »»»»»»»»»»»»»»»»»»»»»»»» C:\Documents and Settings\Hanski.YOUR-4072ISAQUB\Application Data


    »»»»»»»»»»»»»»»»»»»»»»»» Start Menu


    »»»»»»»»»»»»»»»»»»»»»»»» C:\DOCUME~1\HANSKI~1.YOU\Suosikit

    C:\DOCUME~1\HANSKI~1.YOU\Suosikit\Antivirus Test Online.url FOUND !

    »»»»»»»»»»»»»»»»»»»»»»»» Desktop


    »»»»»»»»»»»»»»»»»»»»»»»» C:\Program Files


    »»»»»»»»»»»»»»»»»»»»»»»» Corrupted keys


    »»»»»»»»»»»»»»»»»»»»»»»» Desktop Components

    [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Desktop\Components\0]
    "Source"="About:Home"
    "SubscribedURL"="About:Home"
    "FriendlyName"="Nykyinen kotisivu"


    »»»»»»»»»»»»»»»»»»»»»»»» Sharedtaskscheduler
    !!!Attention, following keys are not inevitably infected!!!

    SrchSTS.exe by S!Ri
    Search SharedTaskScheduler's .dll

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler]
    "{e5b1e382-817e-4b74-8a96-ec78751e6acf}"="incatenate"

    [HKEY_CLASSES_ROOT\CLSID\{e5b1e382-817e-4b74-8a96-ec78751e6acf}\InProcServer32]
    @="C:\WINDOWS\system32\imfdfcj.dll"

    [HKEY_CURRENT_USER\Software\Classes\CLSID\{e5b1e382-817e-4b74-8a96-ec78751e6acf}\InProcServer32]
    @="C:\WINDOWS\system32\imfdfcj.dll"


    »»»»»»»»»»»»»»»»»»»»»»»» Scanning wininet.dll infection


    »»»»»»»»»»»»»»»»»»»»»»»» End

     
    hatari1, Jun 5, 2006
    #3
  4. blade81

    blade81 Active member

    Joined:
    Jul 28, 2003
    Messages:
    1,287
    Likes Received:
    0
    Trophy Points:
    66
    Jahas, no sitten tarvitset palomuurin, sillä Antivirissä sitä ei ole. Hae joku ilmainen täältä -> http://keskustelu.afterdawn.com/thread_view.cfm/162275. Zonealarm on turvallinen valinta.

    Sitten Smitfraudin poistoon..


    Printtaa ohjeet ulos.

    Käynnistä koneesi vikasietotilaan ja valitse tavallinen käyttäjätilisi.

    Kun vikasietotilassa, avaa SmitfraudFix kansio ja tupla-klikkaa smitfraudfix.cmd
    Valitse optio #2 - Clean kirjoittamalla 2 ja painamalla "Enter" poistaaksesi tarttuneet tiedostot.

    Sinulta kysytään: "Registry cleaning - Do you want to clean the registry ?"; vastaa "Yes" kirjoittamalla Y ja paina "Enter" poistaaksesi työpöydän taustakuvan ja puhdistaaksesi tarttuneet rekisteriavaimet.

    Työkalu tarkistaa jos wininet.dll on tarttunut. Sinua saatetaan pyytää korvaamaan tarttunut .dll (jos löytyy); vastaa "Yes" kirjoittamalla Y ja painamalla "Enter".

    Työkalun saattaa tarvita käynnistää kone uudelleen; jos ei tee niin, käynnistä normaaliin Windowsiin. Tekstitiedosto ilmestyy, puhdistusprosessin jäljiltä; kopioi & liitä tämän raportin tulokset vastaukseesi. Raportti löytyy paikalliselta levyltäsi, useimmiten C:\rapport.txt. Laita myös uusi hjt-loki.

    Varoitus : Ajamalla optio 2:n EI-tarttuneessa tietokoneessa, poistaa sinun työpöytäsi taustakuvan.
     
    blade81, Jun 5, 2006
    #4
  5. hatari1

    hatari1 Member

    Joined:
    Jun 4, 2006
    Messages:
    4
    Likes Received:
    0
    Trophy Points:
    11
    Kiitosssss..
    Tässähän tuntee itsensä kohta jo nörtiksi ;)
    Ei vaiskaan,helppohan sitä on tehdä kun joku antaa vaan oikeat ohjeet.Ja onneksi on tälläinen paikka josta niitä saa!!
    Kone palautui ennalleen ja "Smitfraud"??kai poistui.

    Sanoit palomuurista....Eikö windowsin palomuurilla tee mitään?
    Ainakin se on tietoturvan mukaan käytössä.
    Ja verkkopäätteessä on puhelin yhtiön mukaan myös jonkinlainen palomuuri. Yhteydet kyllä pelaa moitteettomasti,joten onkohan niitä oikeasti ollenkaan..

    Tässä taas sit listaa mukaan...

    SmitFraudFix v2.54

    Scan done at 0:53:24,64, ti 06.06.2006
    Run from C:\Documents and Settings\Hanski.YOUR-4072ISAQUB\Ty”p”yt„\SmitfraudFix\SmitfraudFix
    OS: Microsoft Windows XP [versio 5.1.2600] - Windows_NT
    Fix ran in safe mode

    »»»»»»»»»»»»»»»»»»»»»»»» Before SmitFraudFix
    !!!Attention, following keys are not inevitably infected!!!

    SrchSTS.exe by S!Ri
    Search SharedTaskScheduler's .dll

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler]
    "{e5b1e382-817e-4b74-8a96-ec78751e6acf}"="incatenate"

    [HKEY_CLASSES_ROOT\CLSID\{e5b1e382-817e-4b74-8a96-ec78751e6acf}\InProcServer32]
    @="C:\WINDOWS\system32\imfdfcj.dll"

    [HKEY_CURRENT_USER\Software\Classes\CLSID\{e5b1e382-817e-4b74-8a96-ec78751e6acf}\InProcServer32]
    @="C:\WINDOWS\system32\imfdfcj.dll"


    »»»»»»»»»»»»»»»»»»»»»»»» Killing process


    »»»»»»»»»»»»»»»»»»»»»»»» Deleting infected files

    C:\WINDOWS\system32\dcomcfg.exe Deleted
    C:\WINDOWS\system32\hp???.tmp Deleted
    C:\WINDOWS\system32\ld????.tmp Deleted
    C:\WINDOWS\system32\ot.ico Deleted
    C:\WINDOWS\system32\regperf.exe Deleted
    C:\WINDOWS\system32\simpole.tlb Deleted
    C:\WINDOWS\system32\stdole3.tlb Deleted
    C:\WINDOWS\system32\1024\ Deleted
    C:\DOCUME~1\HANSKI~1.YOU\Suosikit\Antivirus Test Online.url Deleted

    »»»»»»»»»»»»»»»»»»»»»»»» Generic Renos Fix

    GenericRenosFix by S!Ri

    C:\WINDOWS\system32\imfdfcj.dll -> Missing File


    »»»»»»»»»»»»»»»»»»»»»»»» Deleting Temp Files


    »»»»»»»»»»»»»»»»»»»»»»»» Registry Cleaning

    Registry Cleaning done.

    »»»»»»»»»»»»»»»»»»»»»»»» After SmitFraudFix
    !!!Attention, following keys are not inevitably infected!!!

    SrchSTS.exe by S!Ri
    Search SharedTaskScheduler's .dll


    »»»»»»»»»»»»»»»»»»»»»»»» End

     
    hatari1, Jun 5, 2006
    #5
  6. blade81

    blade81 Active member

    Joined:
    Jul 28, 2003
    Messages:
    1,287
    Likes Received:
    0
    Trophy Points:
    66
    Joo, tuo Winkkarin muuri ei ole kovinkaan kummoinen. Hae vaikka ilmainen Zonealarm (http://www.zonelabs.com) siihen tilalle.

    Smitfraudin loki ok. Laita vielä uusi hjt-loki, niin katsotaan mitä muuta siivottavaa löytyy.
     
    blade81, Jun 5, 2006
    #6
  7. hatari1

    hatari1 Member

    Joined:
    Jun 4, 2006
    Messages:
    4
    Likes Received:
    0
    Trophy Points:
    11
    No niin...

    Kone tuntuis tottelevan muuten ihan kivasti mutta..
    Zone alarm ei suostunu asentumaan..joku proseduuri puuttuu??
    Vai johtuisko niistä Normanin jäänteistä? Luin täältä että niitä vaikea poistaa,ja kunnon ohjeetkin Lontoota :(
    Eikä windows update sivusto aukea..ilmoittaa vaan virheen sivustossa.
    Palautus pisteeseen ei suostu menemään...

    Joko olis viisainta aloittaa "puhtaalta pöydältä"?
    Onhan siinäkin vähän hommaa..mutta sittenhän löytyis kaikki
    mitä kuuluukin.

    Tässä nyt kuitenkin vielä se uus loki mukaan...

    Logfile of HijackThis v1.99.1
    Scan saved at 12:00:30, on 6.6.2006
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\Explorer.EXE
    C:\Program Files\AntiVir PersonalEdition Classic\sched.exe
    C:\Program Files\AntiVir PersonalEdition Classic\avguard.exe
    C:\WINDOWS\system32\cisvc.exe
    C:\Program Files\ewido anti-malware\ewidoctrl.exe
    C:\WINDOWS\system32\slserv.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\UAService7.exe
    C:\WINDOWS\system32\hkcmd.exe
    C:\WINDOWS\SOUNDMAN.EXE
    C:\WINDOWS\system32\LVCOMSX.EXE
    C:\Program Files\Logitech\Video\LogiTray.exe
    C:\Program Files\Java\jre1.5.0_04\bin\jusched.exe
    C:\Program Files\Common Files\Real\Update_OB\realsched.exe
    C:\Program Files\Common Files\Logitech\QCDriver\LVCOMS.EXE
    C:\Program Files\AntiVir PersonalEdition Classic\avgnt.exe
    C:\Program Files\Logitech\Video\FxSvr2.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
    C:\Program Files\Skype\Phone\Skype.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\WINDOWS\system32\cidaemon.exe
    C:\Documents and Settings\Hanski.YOUR-4072ISAQUB\Työpöytä\HijackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.suomi24.fi/
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Linkit
    O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
    O2 - BHO: Shareaza Web Download Hook - {0EEDB912-C5FA-486F-8334-57288578C627} - C:\Program Files\Shareaza\Plugins\RazaWebHook.dll
    O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
    O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
    O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
    O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
    O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\system32\LVCOMSX.EXE
    O4 - HKLM\..\Run: [LogitechVideoRepair] C:\Program Files\Logitech\Video\ISStart.exe
    O4 - HKLM\..\Run: [LogitechVideoTray] C:\Program Files\Logitech\Video\LogiTray.exe
    O4 - HKLM\..\Run: [Norman ZANDA] C:\Norman\Nvc\BIN\ZLH.EXE /LOAD /SPLASH
    O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_04\bin\jusched.exe
    O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
    O4 - HKLM\..\Run: [LVCOMS] C:\Program Files\Common Files\Logitech\QCDriver\LVCOMS.EXE
    O4 - HKLM\..\Run: [avgnt] "C:\Program Files\AntiVir PersonalEdition Classic\avgnt.exe" /min
    O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [LogitechSoftwareUpdate] "C:\Program Files\Logitech\Video\ManifestEngine.exe" boot
    O4 - HKCU\..\Run: [LDM] C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
    O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
    O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe
    O8 - Extra context menu item: &Search - http://bar.mywebsearch.com/menusearch.html?p=ZNxdm414YYFI
    O8 - Extra context menu item: Download with &Shareaza - res://C:\Program Files\Shareaza\Plugins\RazaWebHook.dll/3000
    O8 - Extra context menu item: Vie Microsoft E&xceliin - res://C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
    O9 - Extra button: Oheistiedot - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
    O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} - http://software-dl.real.com/02afea8c003bf651dc23/netzip/RdxIE601.cab
    O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1126598216421
    O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1126768449593
    O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMessengerSetupDownloader.cab
    O16 - DPF: {BB21F850-63F4-4EC9-BF9D-565BD30C9AE9} (ASquaredScanForm Element) - http://www.windowsecurity.com/trojanscan/axscan.cab
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = Hannun_kone
    O17 - HKLM\Software\..\Telephony: DomainName = Hannun_kone
    O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = Hannun_kone
    O18 - Protocol: bw+0 - {194BABB3-420B-4AAB-8DB8-C47306B7039F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw+0s - {194BABB3-420B-4AAB-8DB8-C47306B7039F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw-0 - {194BABB3-420B-4AAB-8DB8-C47306B7039F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw-0s - {194BABB3-420B-4AAB-8DB8-C47306B7039F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw00 - {194BABB3-420B-4AAB-8DB8-C47306B7039F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw00s - {194BABB3-420B-4AAB-8DB8-C47306B7039F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw10 - {194BABB3-420B-4AAB-8DB8-C47306B7039F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw10s - {194BABB3-420B-4AAB-8DB8-C47306B7039F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw20 - {194BABB3-420B-4AAB-8DB8-C47306B7039F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw20s - {194BABB3-420B-4AAB-8DB8-C47306B7039F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw30 - {194BABB3-420B-4AAB-8DB8-C47306B7039F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw30s - {194BABB3-420B-4AAB-8DB8-C47306B7039F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw40 - {194BABB3-420B-4AAB-8DB8-C47306B7039F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw40s - {194BABB3-420B-4AAB-8DB8-C47306B7039F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw50 - {194BABB3-420B-4AAB-8DB8-C47306B7039F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw50s - {194BABB3-420B-4AAB-8DB8-C47306B7039F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw60 - {194BABB3-420B-4AAB-8DB8-C47306B7039F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw60s - {194BABB3-420B-4AAB-8DB8-C47306B7039F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw70 - {194BABB3-420B-4AAB-8DB8-C47306B7039F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw70s - {194BABB3-420B-4AAB-8DB8-C47306B7039F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw80 - {194BABB3-420B-4AAB-8DB8-C47306B7039F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw80s - {194BABB3-420B-4AAB-8DB8-C47306B7039F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw90 - {194BABB3-420B-4AAB-8DB8-C47306B7039F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bw90s - {194BABB3-420B-4AAB-8DB8-C47306B7039F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwa0 - {194BABB3-420B-4AAB-8DB8-C47306B7039F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwa0s - {194BABB3-420B-4AAB-8DB8-C47306B7039F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwb0 - {194BABB3-420B-4AAB-8DB8-C47306B7039F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwb0s - {194BABB3-420B-4AAB-8DB8-C47306B7039F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwc0 - {194BABB3-420B-4AAB-8DB8-C47306B7039F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwc0s - {194BABB3-420B-4AAB-8DB8-C47306B7039F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwd0 - {194BABB3-420B-4AAB-8DB8-C47306B7039F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwd0s - {194BABB3-420B-4AAB-8DB8-C47306B7039F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwe0 - {194BABB3-420B-4AAB-8DB8-C47306B7039F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwe0s - {194BABB3-420B-4AAB-8DB8-C47306B7039F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwf0 - {194BABB3-420B-4AAB-8DB8-C47306B7039F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwf0s - {194BABB3-420B-4AAB-8DB8-C47306B7039F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
    O18 - Protocol: bwg0 - {194BABB3-420B-4AAB-8DB8-C47306B7039F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwg0s - {194BABB3-420B-4AAB-8DB8-C47306B7039F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwh0 - {194BABB3-420B-4AAB-8DB8-C47306B7039F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwh0s - {194BABB3-420B-4AAB-8DB8-C47306B7039F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwi0 - {194BABB3-420B-4AAB-8DB8-C47306B7039F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwi0s - {194BABB3-420B-4AAB-8DB8-C47306B7039F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwj0 - {194BABB3-420B-4AAB-8DB8-C47306B7039F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwj0s - {194BABB3-420B-4AAB-8DB8-C47306B7039F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwk0 - {194BABB3-420B-4AAB-8DB8-C47306B7039F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwk0s - {194BABB3-420B-4AAB-8DB8-C47306B7039F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwl0 - {194BABB3-420B-4AAB-8DB8-C47306B7039F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwl0s - {194BABB3-420B-4AAB-8DB8-C47306B7039F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwm0 - {194BABB3-420B-4AAB-8DB8-C47306B7039F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwm0s - {194BABB3-420B-4AAB-8DB8-C47306B7039F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwn0 - {194BABB3-420B-4AAB-8DB8-C47306B7039F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwn0s - {194BABB3-420B-4AAB-8DB8-C47306B7039F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwo0 - {194BABB3-420B-4AAB-8DB8-C47306B7039F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwo0s - {194BABB3-420B-4AAB-8DB8-C47306B7039F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwp0 - {194BABB3-420B-4AAB-8DB8-C47306B7039F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwp0s - {194BABB3-420B-4AAB-8DB8-C47306B7039F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwq0 - {194BABB3-420B-4AAB-8DB8-C47306B7039F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwq0s - {194BABB3-420B-4AAB-8DB8-C47306B7039F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwr0 - {194BABB3-420B-4AAB-8DB8-C47306B7039F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwr0s - {194BABB3-420B-4AAB-8DB8-C47306B7039F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bws0 - {194BABB3-420B-4AAB-8DB8-C47306B7039F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bws0s - {194BABB3-420B-4AAB-8DB8-C47306B7039F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwt0 - {194BABB3-420B-4AAB-8DB8-C47306B7039F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwt0s - {194BABB3-420B-4AAB-8DB8-C47306B7039F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwu0 - {194BABB3-420B-4AAB-8DB8-C47306B7039F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwu0s - {194BABB3-420B-4AAB-8DB8-C47306B7039F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwv0 - {194BABB3-420B-4AAB-8DB8-C47306B7039F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwv0s - {194BABB3-420B-4AAB-8DB8-C47306B7039F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bww0 - {194BABB3-420B-4AAB-8DB8-C47306B7039F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bww0s - {194BABB3-420B-4AAB-8DB8-C47306B7039F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwx0 - {194BABB3-420B-4AAB-8DB8-C47306B7039F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwx0s - {194BABB3-420B-4AAB-8DB8-C47306B7039F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwy0 - {194BABB3-420B-4AAB-8DB8-C47306B7039F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwy0s - {194BABB3-420B-4AAB-8DB8-C47306B7039F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwz0 - {194BABB3-420B-4AAB-8DB8-C47306B7039F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: bwz0s - {194BABB3-420B-4AAB-8DB8-C47306B7039F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
    O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
    O18 - Protocol: offline-8876480 - {194BABB3-420B-4AAB-8DB8-C47306B7039F} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
    O23 - Service: AntiVir Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\AntiVir PersonalEdition Classic\sched.exe
    O23 - Service: AntiVir PersonalEdition Classic Service (AntiVirService) - AVIRA GmbH - C:\Program Files\AntiVir PersonalEdition Classic\avguard.exe
    O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido anti-malware\ewidoctrl.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
    O23 - Service: Norman NJeeves - Unknown owner - C:\NORMAN\Nvc\BIN\NJEEVES.EXE (file missing)
    O23 - Service: Norman Type-R - Unknown owner - C:\Norman\Norman\Nvc\BIN\NPFSVICE.EXE (file missing)
    O23 - Service: Norman ZANDA - Unknown owner - C:\Norman\Nvc\BIN\Zanda.exe (file missing)
    O23 - Service: Norman Virus Control Scheduler (NVCScheduler) - Unknown owner - C:\NORMAN\Nvc\BIN\NVCSCHED.EXE (file missing)
    O23 - Service: SmartLinkService (SLService) - - C:\WINDOWS\SYSTEM32\slserv.exe
    O23 - Service: SecuROM User Access Service (V7) (UserAccess7) - Sony DADC Austria AG. - C:\WINDOWS\system32\UAService7.exe

     
    hatari1, Jun 6, 2006
    #7
  8. Werewolf_

    Werewolf_ Regular member

    Joined:
    Dec 24, 2005
    Messages:
    279
    Likes Received:
    0
    Trophy Points:
    26
    kokeiles rekisterin putsausta, jos olisi jäänyt turhia filuja sinne. se onnistuu helpoiten Ccleaner http://ccleaner.com/ softalla. sieltä vaan rekisteriä putsaamaan ja kokeiles uudelleen.

    ja noi filut normanilta jäänyt vielä joita kannattas fixailla
    [bold]
    O23 - Service: Norman NJeeves - Unknown owner - C:\NORMAN\Nvc\BIN\NJEEVES.EXE (file missing)
    O23 - Service: Norman Type-R - Unknown owner - C:\Norman\Norman\Nvc\BIN\NPFSVICE.EXE (file missing)
    O23 - Service: Norman ZANDA - Unknown owner - C:\Norman\Nvc\BIN\Zanda.exe (file missing)
    O23 - Service: Norman Virus Control Scheduler (NVCScheduler) - Unknown owner - C:\NORMAN\Nvc\BIN\NVCSCHED.EXE (file missing)
    [/bold]

    EDIT: ja vielä tämä on käsittääkseni normanilta jäänyt filu jonka voi fixata[bold]
    O4 - HKLM\..\Run: [Norman ZANDA] C:\Norman\Nvc\BIN\ZLH.EXE /LOAD /SPLASH
    [/bold]
    ainakin voisi kuvitella niin jos kerta on norman poistettu :)
    ja nämä voi poistaa jos haluaa, vievät vain tehoja:

    O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
    O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe

    silmään pisti vielä tuo[bold]
    O8 - Extra context menu item: &Search - http://bar.mywebsearch.com/menusearch.html?p=ZNxdm414YYFI[/bold]
    eikös kyseessä ole mywebsearch tuholainen?

    vielä tämä hieman mietityttää, ellet sitten itse ole Shareazaa ladannut ja tuota laittanut :)[bold]
    O8 - Extra context menu item: Download with &Shareaza - res://C:\Program Files\Shareaza\Plugins\RazaWebHook.dll/3000[/bold]

    MyWebSearch poisto:

    Poista ohjauspaneelista(lisää/poista sovellus)
    MyWebSearch <--- kaikki mitkä alkaa noin

    ja aja vielä joku virus skanneri läpi :)
     
    Last edited: Jun 6, 2006
    Werewolf_, Jun 6, 2006
    #8
  9. blade81

    blade81 Active member

    Joined:
    Jul 28, 2003
    Messages:
    1,287
    Likes Received:
    0
    Trophy Points:
    66
    Jees. Vähän tiivistän noita Werewolfin huomioita. Eli käy hakemassa tosiaan tuo ccleaner ja vedä kone sillä läpi. Yritä saada Zonealarm asennettua.

    Käynnistä hjt, klikkaa do a system scan only, merkkaa:
    O4 - HKLM\..\Run: [Norman ZANDA] C:\Norman\Nvc\BIN\ZLH.EXE /LOAD /SPLASH
    O8 - Extra context menu item: &Search - http://bar.mywebsearch.com/menusearch.html?p=ZNxdm414YYFI
    O23 - Service: Norman NJeeves - Unknown owner - C:\NORMAN\Nvc\BIN\NJEEVES.EXE (file missing)
    O23 - Service: Norman Type-R - Unknown owner - C:\Norman\Norman\Nvc\BIN\NPFSVICE.EXE (file missing)
    O23 - Service: Norman ZANDA - Unknown owner - C:\Norman\Nvc\BIN\Zanda.exe (file missing)
    O23 - Service: Norman Virus Control Scheduler (NVCScheduler) - Unknown owner - C:\NORMAN\Nvc\BIN\NVCSCHED.EXE (file missing)

    Klikkaa fix checked.

    Sinulla on kaiken lisäksi vanha Java versio. Päivitä se seuraavien ohjeiden mukaisesti.


    Javan päivitys ja välimuistin tyhjennys


    1. Klikkaa Käynnistä > Ohjauspaneeli ja tupla-klikkaa Java kuvaketta (kahvikuppi) Ohjauspaneelissa.
    2. Mene "Update" -välilehteen Java asetusikkunassasi. Päivitä Javasi klikkaamalla "Update Now" ja sitten käynnistä uudelleen.
    3. Jos et pysty päivittämään automaattisesti, hae manuaalisesti täältä:

    http://www.java.com/en/download/manual.jsp

    4. Käynnistyksen jälkeen, mene takaisin Ohjauspaneeliin ja siitä Java asetuksiisi.
    5. Temporary Internet Files -osion alla, klikkaa Delete Files nappia.
    6. Varmista että kaikki kolme valintaa ovat rastitettuja:

    Downloaded Applets
    Downloaded Applications
    Other Files

    7. Klikkaa OK "Delete Temporary Internet Files" -ikkunassasi.
    Huomaa: Tämä poistaa kaikki ladatut sovellukset ja appletit VÄLIMUISTISTA.
    8. Klikkaa OK jättääksesi Java asetusikkunasi.


    Laita kaiken tämän jälkeen uutta hjt-lokia, niin nähdään ovatko tulokset halutunlaiset.
     
    blade81, Jun 6, 2006
    #9

Share This Page