LSASSMGR.exe (& muut) tartunnan! Kaikki info / apua?

teddynicholas · #1 9. Sep 2008, 10:31

Hei kaikki,

Olen hyvin uusi sivustoosi mutta äärettömän kiitollinen siitä, että olet täällä. I kompastellut sitä siksi, että viime tartunnan äitini n kannettava tietokone (jaamme sen) ja olen epävarma siitä, miten ratkaista se.

Noin neljä päivää sitten, IE ikkunoita ponnahdusikkunamainoksia yhtäkkiä tapahtuu ilmapalloa minun Deskbar, jossa lukee, "Spyware havaittu! Click here to download anti-spyware"

Juoksin Symantec JA Spybot S & D Koko skannaa (ei varma, miten tämä virus liukastui näiden kahden) ja he eivät löydä mitään! Sitten alkoi Google-hakuja ja ladata Malwarebyte n Anti-Malware ja juoksi sen. Se havaitsi joitakin juttuja, mutta se ei korjaa ongelmaa.

Latasin PrevxCSI mutta minulla ei ole tarpeeksi $ $ $ vielä ostaa License (mutta jos tarvetta on), ja siinä luetellaan seuraavat:

C: \ WINDOWS \ system32 \ ds fmon.dll - haittaohjelmien
C: \ WINDOWS \ system32 \ CSRLT.exe - Malware Dropper
C: \ WINDOWS \ MSBLT.exe - Malware Dropper
C: \ WINDOWS \ system32 \ LSASSMGR.exe - Peitetty Malware
C: \ Program Files \ Mozilla Firefox \ firefoxe.exe - Peitetty Malware
C: \ Program Files \ Internet Explorer \ iexplor.exe - Peitetty Malware
C: \ WINDOWS \ system32 \ spool.exe - Peitetty Malware
C: \ WINDOWS \ system32 \ srtsrv32.exe - Peitetty Malware
C: \ WINDOWS \ system32 \ LSSMON.exe - Malware Dropper
C: \ WINDOWS \ divx32.dll - Malware Dropper
C: \ WINDOWS \ system32 \ msupd32.exe - Malware Dropper
C: \ WINDOWS \ system32 \ upd01.exe - Malware Dropper

Se näyttää ja kuulostaa isolta minulle ja olen erittäin huolissani.

Onko kellään mitään hyödyllisiä ehdotuksia minulle? Olenko joutuu käyttämään paljon rahaa korjata?

Kiitos paljon!

**evilfantasy** · #2 9. Sep 2008, 11:32

Hei teddynicholas. Tervetuloa CJ.

Lataa ComboFix jonka Subs jonkin alle linkkejä. Olla varma alkuun tallentaa ne Desktop.

Linkki # 1
Linkki # 2

** Huomautus: On tärkeää, että se on tallennettu suoraan Desktopin

Sulje kaikki avoimet Internet-selaimissa. (Firefox, Internet Explorer jne.) ennen ComboFix.

Väliaikaisesti poistaa käytöstä sinun antivirus, Ja mikä tahansa AntiSpyware reaaliaikainen suoja ennen suorittamalla skannata. Valitse linkki nähdä luettelon tietoturvaohjelmia, että otetaan huomioon myös vammaisten ja miten poistaa ne käytöstä.

Kaksoisnapsauta combofix.exe ja seuraa ohjeita.
Kun olet valmis ComboFix tuottaa lokin sinulle.
Postata ComboFix loki näkyy seuraavassa vastausta.

Tärkeää: Älä mouseclick ComboFix ikkunassa, kun se on käynnissä. Tämä saattaa aiheuttaa sen, pilttuu.

Muista uudelleen käyttöön virustentorjuntaohjelmasi ja antispyware suojelun ComboFix on valmis.

teddynicholas · #3 16. Sep 2008, 14:27

ComboFix 08-09-15.02 - Teddy 2008-09-16 16:34:04.1 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.550 [GMT -4:00]
Running from: C: \ Documents and Settings \ Teddy \ Desktop \ ComboFix.exe
* Luonut uuden palautuspisteen

VAROITUS-Tämä kone ei ole RECOVERY CONSOLE asennettuna!
.

((((((((((((((((((((((((((((((((((((((( Muut Poistetut ))))))))) ))))))))))))))))))))))))))))))))))))))))
.

C: \ Documents and Settings \ LocalService \ Cookies \ system@ad.yieldmanag er [1]. Txt
C: \ Documents and Settings \ Teddy \ Cookies \ teddy@ad.yieldmanager [1]. Txt
C: \ WINDOWS \ Downloaded Program Files \ setup.inf
C: \ WINDOWS \ system32 \ spool.exe

.
((((((((((((((((((((((((( Files luotu 2008-08-16 ja 2008-09-16 ))))))))))) ))))))))))))))))))))
.

2008-09-16 16:21. 2008-09-16 16:50 <DIR> d -------- C: \ WINDOWS \ system32 \ CatRoot_bak
2008-09-16 13:23. 2008-09-16 13:23 <DIR> d -------- C: \ WINDOWS \ LastGood
2008-09-13 13:19. 2008-09-13 13:19 <DIR> d -------- C: \ Program Files \ iTunes
2008-09-13 13:19. 2008-09-13 13:19 <DIR> d -------- C: \ Program Files \ iPod
2008-09-13 13:19. 2008-09-13 13:19 <DIR> d -------- C: \ Documents and Settings \ All Users \ Application Data \ (3276BE95_AF08_429F_A64F_CA64CB79BCF6)
2008-09-13 13:12. 2008-09-13 13:16 <DIR> d -------- C: \ Program Files \ Common Files \ Apple
2008-09-08 16:10. 2008-09-08 16:10 <DIR> d -------- C: \ Program Files \ Easy SpyRemover
2008-09-08 15:45. 2008-09-06 00:59 741.376 - a ------ C: \ WINDOWS \ system32 \ LSSMON.EXE
2008-09-08 15:45. 2008-09-04 21:59 17.920 - a ------ C: \ WINDOWS \ system32 \ LSASSMGR.EXE
2008-09-07 22:34. 2008-09-02 00:16 38.528 - a ------ C: \ WINDOWS \ system32 \ drivers \ mbamswissarmy.sys
2008-09-07 22:33. 2008-09-07 22:34 <DIR> d -------- C: \ Program Files \ Malwarebytes' Anti-Malware
2008-09-07 22:33. 2008-09-07 22:33 <DIR> d -------- C: \ Documents and Settings \ Teddy \ Application Data \ Malwarebytes
2008-09-07 22:33. 2008-09-07 22:33 <DIR> d -------- C: \ Documents and Settings \ All Users \ Application Data \ Malwarebytes
2008-09-07 22:33. 2008-09-02 00:16 17.200 - a ------ C: \ WINDOWS \ system32 \ drivers \ mbam.sys
2008-09-06 15:09. 2008-09-06 15:09 90.112 - a ------ C: \ WINDOWS \ system32 \ QuickTimeVR.qtx
2008-09-06 15:09. 2008-09-06 15:09 57.344 - a ------ C: \ WINDOWS \ system32 \ QuickTime.qts
2008-09-05 10:44. 2008-09-06 00:59 741.376 - a ------ C: \ WINDOWS \ system32 \ msupd32.exe
2008-09-04 21:59. 2008-09-07 12:59 741.376 - a ------ C: \ WINDOWS \ system32 \ upd01.exe
2008-09-04 21:59. 2008-09-06 00:59 741.376 - a ------ C: \ WINDOWS \ divx32.dll
2008-09-04 21:59. 2008-09-04 21:59 17.920 - a ------ C: \ WINDOWS \ system32 \ srtsrv32.exe
2008-09-04 21:59. 2008-09-16 16:24 5.903 - a ------ C: \ WINDOWS \ system32 \ mssc32.dll
2008-09-04 21:59. 2008-09-16 16:24 5.903 - a ------ C: \ WINDOWS \ system32 \ bsc32.dll
2008-09-02 13:23. 2008-09-02 13:23 <DIR> d -------- C: \ Program Files \ PrevxCSI
2008-09-02 13:23. 2008-09-16 13:32 <DIR> d -------- C: \ Documents and Settings \ All Users \ Application Data \ PrevxCSI
2008-09-02 13:23. 2008-09-02 13:23 17.408 - a ------ C: \ WINDOWS \ system32 \ drivers \ pxark.sys
2008-09-01 01:30. 2008-09-02 13:10 <DIR> da ------ C: \ Documents and Settings \ All Users \ Application Data \ TEMP
2008-09-01 01:20. 2008-09-07 22:19 0 - a ------ C: \ WINDOWS \ system32 \ sc02.sc
2008-08-31 01:46. 2007-02-20 16:04 2.463.976 - a ------ C: \ WINDOWS \ system32 \ NPSWF32.dll
2008-08-31 01:46. 2007-02-20 16:04 190.696 - a ------ C: \ WINDOWS \ system32 \ NPSWF32_FlashUtil.exe
2008-08-30 09:59. 2008-08-30 21:34 <DIR> d -------- C: \ Program Files \ Macromedia
2008-08-30 09:59. 2008-08-30 21:27 <DIR> d -------- C: \ Program Files \ Common Files \ Macromedia
2008-08-30 01:25. 2008-09-13 13:18 <DIR> d -------- C: \ Program Files \ Bonjour
2008-08-29 14:33. 2006-09-18 17:55 109.744 - a ------ C: \ WINDOWS \ system32 \ drivers \ SYMEVENT.SYS
2008-08-29 14:33. 2006-09-18 17:55 48.816 - a ------ C: \ WINDOWS \ system32 \ S32EVNT1.DLL
2008-08-29 10:18. 2008-08-29 10:18 87.336 - a ------ C: \ WINDOWS \ system32 \ dns-sd.exe
2008-08-29 09:53. 2008-08-29 09:53 61.440 - a ------ C: \ WINDOWS \ system32 \ dnssd.dll
2008-08-27 04:05. 2008-04-07 05:38 45.392-ra ------ C: \ WINDOWS \ system32 \ AdobePDF.dll
2008-08-27 04:05. 2008-04-07 05:38 22.872-ra ------ C: \ WINDOWS \ system32 \ AdobePDFUI.dll

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))) ))))))))))))))))))))))))))))))))))))))))))))
.
2008-09-16 20:53 --------- d ----- w C: \ Program Files \ Symantec AntiVirus
2008-09-13 17:17 --------- d ----- w C: \ Program Files \ QuickTime
2008-09-13 17:13 --------- d ----- w C: \ Program Files \ Apple Software Update
2008-09-08 18:53 249.956 ---- aw C: \ WINDOWS \ system32 \ dsfMon.dll
2008-09-01 07:50 --------- d ----- w C: \ Documents and Settings \ All Users \ Application Data \ Spybot - Search & Destroy
2008-09-01 05:56 --------- d ----- w C: \ Program Files \ Spybot - Search & Destroy
2008-08-30 05:24 --------- d ----- w C: \ Program Files \ Common Files \ Adobe
2008-08-29 18:34 --------- d ----- w C: \ Program Files \ Common Files \ Symantec Shared
2008-08-29 18:33 --------- d ----- w C: \ Program Files \ Symantec
2008-08-29 18:32 --------- d ----- w C: \ Documents and Settings \ All Users \ Application Data \ Symantec
2008-08-27 08:22 --------- d ----- w C: \ Documents and Settings \ All Users \ Application Data \ FLEXnet
2008-08-26 00:52 --------- d ----- w C: \ Documents and Settings \ Teddy \ Application Data \ OpenOffice.org2
2008-08-13 21:33 --------- d ----- w C: \ Program Files \ Microsoft Silverlight
2008-08-12 02:46 --------- d ----- w C: \ Program Files \ PHM
2008-07-26 08:55 --------- d ----- w C: \ Program Files \ OpenOffice.org 2.4
2008-07-26 08:54 --------- d ----- w C: \ Program Files \ Java
2008-07-19 02:10 94.920 ---- aw C: \ WINDOWS \ system32 \ cdm.dll
2008-07-19 02:10 53.448 ---- aw C: \ WINDOWS \ system32 \ wuauclt.exe
2008-07-19 02:09 563.912 ---- aw C: \ WINDOWS \ system32 \ wuapi.dll
2008-07-19 02:09 325.832 ---- aw C: \ WINDOWS \ system32 \ wucltui.dll
2008-07-19 02:09 205.000 ---- aw C: \ WINDOWS \ system32 \ wuweb.dll
2008-07-19 02:09 1.811.656 ---- aw C: \ WINDOWS \ system32 \ Wuaueng.dll
2008-07-07 20:32 253.952 ---- aw C: \ WINDOWS \ system32 \ es.dll
2008-06-24 22:12 295.936 ------ w C: \ WINDOWS \ system32 \ wmpeffects.dll
2008-06-24 16:23 74.240 ---- aw C: \ WINDOWS \ system32 \ mscms.dll
2008-06-23 16:57 826.368 ---- aw C: \ WINDOWS \ system32 \ Wininet.dll
2008-06-20 17:41 245.248 ---- aw C: \ WINDOWS \ system32 \ mswsock.dll
2008-04-19 16:57 32 ---- aw C: \ Documents and Settings \ All Users \ Application Data \ ezsid.dat
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))) ))))))))))))))))))))))))))))))))))))))))
.
.
* Note * empty entries & legit default merkinnät eivät näy
REGEDIT4

[HKEY_CURRENT_USER \ SOFTWARE \ Microsoft \ Windows \ Curre ntVersion \ Run]
"swg" = "C: \ Program Files \ Google \ GoogleToolbarNotifier \ GoogleToolbarNo tifier.exe" [2007-04-02 68856]
"QuickTime Task" = "C: \ Program Files \ QuickTime \ qttask.exe" [2008-09-06 413696]
"H / PC Connection Agent" = "C: \ Program Files \ Microsoft ActiveSync \ wcescomm.exe" [2006-11-13 1289000]
"Ctfmon.exe" = "C: \ WINDOWS \ system32 \ Ctfmon.exe" [2004-08-04 15360]
"IndxStoreSvr_ (79662E04-7C6C-4d9f-84C7-88D8A56B10AA)" = "C: \ Program Files \ Common Files \ Nero \ Lib \ NMIndexStoreSvr.exe" [2008-02-28 1828136]
"SpybotSD TeaTimer" = "C: \ Program Files \ Spybot - Search & Destroy \ TeaTimer.exe" [2008-08-18 1832272]

[HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ Windows \ curr entVersion \ Run]
"RemoteControl" = "C: \ Program Files \ Cyberlink \ PowerDVD \ PDVDServ.exe" [2004-05-14 32768]
"RoxioEngineUtility" = "C: \ Program Files \ Common Files \ Roxio Shared \ System \ EngUtil.exe" [2003-05-01 65536]
"RoxioAudioCentral" = "C: \ Program Files \ Roxio \ Easy CD Creator 6 \ AudioCentral \ RxMon.exe" [2003-07-15 319488]
"SiS Windows KeyHook" = "C: \ WINDOWS \ system32 \ keyhook.exe" [2004-09-02 249856]
"SiSUSBRG" = "C: \ WINDOWS \ SiSUSBrg.exe" [2004-09-22 106496]
"Apoint" = "C: \ Program Files \ Apoint2K \ Apoint.exe" [2003-12-05 159744]
"SunJavaUpdateSched" = "C: \ Program Files \ Java \ jre1.6.0_07 \ bin \ jusched.exe" [2008-06-10 144784]
"DSFHost" = "C: \ Program Files \ Sinkilät \ easyprint \ dsfhost.exe" [2006-01-05 2142301]
"Synchronization Manager" = "C: \ WINDOWS \ system32 \ mobsync.exe" [2004-08-04 143360]
"Zune Launcher" = "C: \ Program Files \ Zune \ ZuneLauncher.exe" [2007-03-14 24104]
"GrooveMonitor" = "C: \ Program Files \ Microsoft Office \ Office12 \ GrooveMonitor.exe" [2006-10-27 31016]
"Adobe Reader Speed Launcher" = "C: \ Program Files \ Adobe \ Reader 8.0 \ Reader \ Reader_sl.exe" [2008-01-11 39792]
"NeroFilterCheck" = "C: \ Program Files \ Common Files \ Nero \ Lib \ NeroCheck.exe" [2008-02-28 570664]
"NBKeyScan" = "C: \ Program Files \ Nero \ Nero8 \ Nero BackItUp \ NBKeyScan.exe" [2008-02-18 2221352]
"Adobe Acrobat Speed Launcher" = "C: \ Program Files \ Adobe \ Acrobat 9.0 \ Acrobat \ Acrobat_sl.exe" [2008-06-12 37232]
"ccApp" = "C: \ Program Files \ Common Files \ Symantec Shared \ ccApp.exe" [2006-07-19 52896]
"vptray" = "C: \ PROGRA ~ 1 \ SYMANT ~ 1 \ VPTray.exe" [2006-09-27 125168]
"Layersecurity Servicemonitor" = "C: \ WINDOWS \ system32 \ LSSMON.EXE" [2008-09-06 741376]
"iTunesHelper" = "C: \ Program Files \ iTunes \ iTunesHelper.exe" [2008-09-10 289576]
"SoundMan" = "SOUNDMAN.EXE" [2004-09-22 C: \ WINDOWS \ SOUNDMAN.EXE]
'AGRSMMSG "=" AGRSMMSG.exe "[2004-09-22 C: \ WINDOWS \ AGRSMMSG.exe]
"SiSPower" = "SiSPower.dll" [2004-09-22 C: \ WINDOWS \ system32 \ SiSPower.dll]

C: \ Documents and Settings \ Teddy \ Käynnistä-valikko \ Ohjelmat \ Startup \
Adobe Gamma.lnk - C: \ Program Files \ Common Files \ Adobe \ Calibration \ Adobe Gamma Loader.exe [2005-03-16 113664]
OneNote 2007 Screen Clipper ja Launcher.lnk - C: \ Program Files \ Microsoft Office \ Office12 \ ONENOTEM.EXE [2006-10-26 98632]

C: \ Documents and Settings \ All Users \ Start Menu \ Programs \ Startup \
Windows Desktop Search.lnk - C: \ Program Files \ Windows Desktop Search \ WindowsSearch.exe [2007-02-05 118784]

[HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ Windows \ curr entversion \ Explorer \ ShellExecuteHooks]
"(56F9679E-7826-4C84-81F3-532071A8BCC5)" = "C: \ Program Files \ Windows Desktop Search \ MSNLNamespaceMgr.dll" [2007-02-05 294400]

[HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ Windows NT \ CurrentVersion \ Windows]
"AppInit_DLLs" = acaptuser32.dll

[HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ Windows NT \ CurrentVersion \ kuvatiedosto toteuttamisen vaihtoehtoja \ firefox.exe]
"Debugger" = C: \ Program Files \ Mozilla Firefox \ firefoxe.exe

[HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ Windows NT \ CurrentVersion \ kuvatiedosto suorittamisen options \ iexplore.exe]
"Debugger" = C: \ Program Files \ Internet Explorer \ iexplor.exe

[HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ Windows NT \ CurrentVersion \ kuvatiedosto suorittamisen options \ spoolsv.exe]
"Debugger" = C: \ WINDOWS \ system32 \ spool.exe

[HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ Security Center \ Monitoring \ SymantecAntiVirus]
"DisableMonitoring" = dword: 00000001

[HKLM \ ~ \ Services \ sharedaccess \ Parameters \ firewallpo licy \ standardprofile \ AuthorizedApplications \ List]
"% windir% \ \ system32 \ \ sessmgr.exe" =
"C: \ Program Files \ \ Common Files \ \ AOL \ \ Loader \ \ aolload.exe" =
"C: \ Program Files \ \ BitLord \ \ BitLord.exe" =
"C: \ Program Files \ \ Soulseek \ \ slsk.exe" =
"C: \ Program Files \ \ Mozilla Firefox \ \ firefox.exe" =
"C: \ \ StubInstaller.exe" =
"C: \ Program Files \ \ LimeWire \ \ LimeWire.exe" =
"% windir% \ \ Network Diagnostic \ \ xpnetdiag.exe" =
"C: \ Program Files \ \ Messenger \ \ msmsgs.exe" =
"C: \ Program Files \ \ AIM \ \ aim.exe" =
"C: \ Program Files \ Microsoft ActiveSync \ rapimgr.exe" = C: \ Program Files \ Microsoft ActiveSync \ rapimgr.exe: 169.254.2.0/255.255.255.0: Enabled: ActiveSync RAPI Manager
"C: \ Program Files \ Microsoft ActiveSync \ wcescomm.exe" = C: \ Program Files \ Microsoft ActiveSync \ wcescomm.exe: 169.254.2.0/255.255.255.0: Enabled: ActiveSync Connection Manager
"C: \ Program Files \ Microsoft ActiveSync \ WCESMgr.exe" = C: \ Program Files \ Microsoft ActiveSync \ WCESMgr.exe: 169.254.2.0/255.255.255.0: Enabled: ActiveSync Application
"C: \ Program Files \ \ Microsoft Office \ \ Office12 \ \ Outlook.exe" =
"C: \ Program Files \ \ Microsoft Office \ \ Office12 \ \ GROOVE.EXE" =
"C: \ Program Files \ \ Microsoft Office \ \ Office12 \ \ ONENOTE.EXE" =
"C: \ Program Files \ \ Isadora \ \ isadora.exe" =
"C: \ Program Files \ \ Skype \ \ Phone \ \ Skype.exe" =
"C: \ Program Files \ \ Bonjour \ \ mDNSResponder.exe" =
"C: \ Program Files \ \ iTunes \ \ iTunes.exe" =

[HKLM \ ~ \ Services \ sharedaccess \ Parameters \ firewallpo licy \ standardprofile \ GloballyOpenPorts \ List]
"3389: TCP" = 3389: TCP: @ xpsp2res.dll, -22009
"1500: TCP" = 1500: TCP: Turvatut Access Agent Port
"26675: TCP" = 26675: TCP: 169.254.2.0/255.255.255.0: Enabled: ActiveSync Service

* Newly Created Service * - CATCHME
* Newly Created Service * - PROCEXP90
.
Contents of the 'Scheduled Tasks-kansioon
.
- - - - Orvolla poistettu - - - --

HKLM-Run-CSRLT.EXE - C: \ WINDOWS \ system32 \ CSRLT.EXE

.
------- Supplementary Scan -------
.
FireFox -: Profile - C: \ Documents and Settings \ Teddy \ Application Data \ Mozilla \ Firefox \ Profiles \ 6xzfp0sa.default \
FireFox -: prefs.js - SEARCH.DEFAULTURL - hxxp: / / www.google.com/search?lr=&ie=UTF-8&oe=UTF-8&q =
.

************************************************** ************************

catchme 0.3.1361 W2K/XP/Vista - rootkit / varkain haittaohjelmien detektori on Gmer, http://www.gmer.net
Rootkit scan 2008-09-16 16:51:46
Windows 5.1.2600 Service Pack 2 NTFS

skannaus piilotettu prosessien ...

skannaus piilotettu Autostart merkinnät ...

skannaus piilotetut tiedostot ...

scan loppuun onnistuneesti
piilotetut tiedostot: 0

************************************************** ************************
.
Täydennys-aika: 2008-09-16 17:15:59
ComboFix-karanteenissa-files.txt 2008-09-16 21:15:16

Pre-Run: 10478669824 tavua vapaata
Post-Run: 10446106624 tavua vapaata

190 --- EOF --- 2008-09-11 20:07:51

**evilfantasy** · #4 16. Sep 2008, 14:45

Huom: seuraavat ohjeet on luotu erityisesti tälle käyttäjälle. Jos et ole tämän käyttäjän, ÄLÄ noudattaa näitä ohjeita, koska ne saattavat vahingoittaa toimintaa järjestelmän

Poista nämä tiedostot / kansiot, seuraavasti:

1. Siirry Alku > Juosta > Tyyppi Notepad.exe ja napsauta OK Avaa Muistio.
Se täytyä on Muistiossa ei Wordpad.
2. Kopioi teksti jäljempänä koodi ruutuun korostamalla kaiken tekstin ja painamalla Ctrl + C

Code:

Killall: Tiedosto: C: \ Program Files \ Easy SpyRemover C: \ WINDOWS \ system32 \ LSSMON.EXE C: \ WINDOWS \ system32 \ LSASSMGR.EXE C: \ WINDOWS \ system32 \ msupd32.exe C: \ WINDOWS \ system32 \ upd01.exe C: \ WINDOWS \ system32 \ srtsrv32.exe C: \ WINDOWS \ system32 \ mssc32.dll C: \ WINDOWS \ system32 \ bsc32.dll Registry:: [HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ Windows NT \ CurrentVersion \ kuva tiedoston suorittamisen options \ iexplore.exe] "Debugger" =- [HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ Windows NT \ CurrentVersion \ kuvatiedosto toteuttamisen vaihtoehtoja \ spoolsv.exe] "Debugger" =-

3. Go to Notepadia ikkunasta ja napsauta Muokkaa > Liitä
4. Valitse sitten Tiedosto > Tallentaa
5. Nimeä tiedosto CFScript.txt - Tallenna tiedosto Desktop
6. Vedä CFScript (Pidä vasenta hiiren painiketta, kun vetämällä tiedosto) ja pudottaa sen (vapauta hiiren vasen painike) osaksi ComboFix.exe kuten näette kuvakaappaus alla. Tärkeää: Tehdään tämä ohje huolellisesti!

ComboFix alkaa toteuttaa, seuraa ohjeita.
After reboot (jos se kysyy käynnistää), se tuottaa lokin sinulle.
Post että log (Combofix.txt) näkyy seuraavassa vastausta.

Huom: Älä mouseclick ComboFix ikkunassa, kun se on käynnissä. Tämä voi aiheuttaa järjestelmän jäätyä

teddynicholas · #5 16. Sep 2008, 15:32

ComboFix 08-09-15.02 - Teddy 2008-09-16 17:49:20.2 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.850 [GMT -4:00]
Running from: C: \ Documents and Settings \ Teddy \ Desktop \ ComboFix.exe
Command valitsimia käytetään:: C: \ Documents and Settings \ Teddy \ Desktop \ CFScript.txt
* Luonut uuden palautuspisteen

VAROITUS-Tämä kone ei ole RECOVERY CONSOLE asennettuna!
.

((((((((((((((((((((((((((((((((((((((( Muut Poistetut ))))))))) ))))))))))))))))))))))))))))))))))))))))
.

C: \ WINDOWS \ system32 \ bsc32.dll
C: \ WINDOWS \ system32 \ LSASSMGR.EXE
C: \ WINDOWS \ system32 \ LSSMON.EXE
C: \ WINDOWS \ system32 \ mssc32.dll
C: \ WINDOWS \ system32 \ msupd32.exe
C: \ WINDOWS \ system32 \ spool.exe
C: \ WINDOWS \ system32 \ srtsrv32.exe
C: \ WINDOWS \ system32 \ upd01.exe

.
((((((((((((((((((((((((( Files luotu 2008-08-16 ja 2008-09-16 ))))))))))) ))))))))))))))))))))
.

2008-09-16 16:21. 2008-09-16 16:50 <DIR> d -------- C: \ WINDOWS \ system32 \ CatRoot_bak
2008-09-13 13:19. 2008-09-13 13:19 <DIR> d -------- C: \ Program Files \ iTunes
2008-09-13 13:19. 2008-09-13 13:19 <DIR> d -------- C: \ Program Files \ iPod
2008-09-13 13:19. 2008-09-13 13:19 <DIR> d -------- C: \ Documents and Settings \ All Users \ Application Data \ (3276BE95_AF08_429F_A64F_CA64CB79BCF6)
2008-09-13 13:12. 2008-09-13 13:16 <DIR> d -------- C: \ Program Files \ Common Files \ Apple
2008-09-08 16:10. 2008-09-08 16:10 <DIR> d -------- C: \ Program Files \ Easy SpyRemover
2008-09-07 22:34. 2008-09-02 00:16 38.528 - a ------ C: \ WINDOWS \ system32 \ drivers \ mbamswissarmy.sys
2008-09-07 22:33. 2008-09-07 22:34 <DIR> d -------- C: \ Program Files \ Malwarebytes' Anti-Malware
2008-09-07 22:33. 2008-09-07 22:33 <DIR> d -------- C: \ Documents and Settings \ Teddy \ Application Data \ Malwarebytes
2008-09-07 22:33. 2008-09-07 22:33 <DIR> d -------- C: \ Documents and Settings \ All Users \ Application Data \ Malwarebytes
2008-09-07 22:33. 2008-09-02 00:16 17.200 - a ------ C: \ WINDOWS \ system32 \ drivers \ mbam.sys
2008-09-06 15:09. 2008-09-06 15:09 90.112 - a ------ C: \ WINDOWS \ system32 \ QuickTimeVR.qtx
2008-09-06 15:09. 2008-09-06 15:09 57.344 - a ------ C: \ WINDOWS \ system32 \ QuickTime.qts
2008-09-04 21:59. 2008-09-06 00:59 741.376 - a ------ C: \ WINDOWS \ divx32.dll
2008-09-02 13:23. 2008-09-02 13:23 <DIR> d -------- C: \ Program Files \ PrevxCSI
2008-09-02 13:23. 2008-09-16 13:32 <DIR> d -------- C: \ Documents and Settings \ All Users \ Application Data \ PrevxCSI
2008-09-02 13:23. 2008-09-02 13:23 17.408 - a ------ C: \ WINDOWS \ system32 \ drivers \ pxark.sys
2008-09-01 01:30. 2008-09-02 13:10 <DIR> da ------ C: \ Documents and Settings \ All Users \ Application Data \ TEMP
2008-09-01 01:20. 2008-09-07 22:19 0 - a ------ C: \ WINDOWS \ system32 \ sc02.sc
2008-08-31 01:46. 2007-02-20 16:04 2.463.976 - a ------ C: \ WINDOWS \ system32 \ NPSWF32.dll
2008-08-31 01:46. 2007-02-20 16:04 190.696 - a ------ C: \ WINDOWS \ system32 \ NPSWF32_FlashUtil.exe
2008-08-30 09:59. 2008-08-30 21:34 <DIR> d -------- C: \ Program Files \ Macromedia
2008-08-30 09:59. 2008-08-30 21:27 <DIR> d -------- C: \ Program Files \ Common Files \ Macromedia
2008-08-30 01:25. 2008-09-13 13:18 <DIR> d -------- C: \ Program Files \ Bonjour
2008-08-29 14:33. 2006-09-18 17:55 109.744 - a ------ C: \ WINDOWS \ system32 \ drivers \ SYMEVENT.SYS
2008-08-29 14:33. 2006-09-18 17:55 48.816 - a ------ C: \ WINDOWS \ system32 \ S32EVNT1.DLL
2008-08-29 10:18. 2008-08-29 10:18 87.336 - a ------ C: \ WINDOWS \ system32 \ dns-sd.exe
2008-08-29 09:53. 2008-08-29 09:53 61.440 - a ------ C: \ WINDOWS \ system32 \ dnssd.dll
2008-08-27 04:05. 2008-04-07 05:38 45.392-ra ------ C: \ WINDOWS \ system32 \ AdobePDF.dll
2008-08-27 04:05. 2008-04-07 05:38 22.872-ra ------ C: \ WINDOWS \ system32 \ AdobePDFUI.dll

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))) ))))))))))))))))))))))))))))))))))))))))))))
.
2008-09-16 21:33 --------- d ----- w C: \ Program Files \ Symantec AntiVirus
2008-09-13 17:17 --------- d ----- w C: \ Program Files \ QuickTime
2008-09-13 17:13 --------- d ----- w C: \ Program Files \ Apple Software Update
2008-09-01 07:50 --------- d ----- w C: \ Documents and Settings \ All Users \ Application Data \ Spybot - Search & Destroy
2008-09-01 05:56 --------- d ----- w C: \ Program Files \ Spybot - Search & Destroy
2008-08-30 05:24 --------- d ----- w C: \ Program Files \ Common Files \ Adobe
2008-08-29 18:34 --------- d ----- w C: \ Program Files \ Common Files \ Symantec Shared
2008-08-29 18:33 --------- d ----- w C: \ Program Files \ Symantec
2008-08-29 18:32 --------- d ----- w C: \ Documents and Settings \ All Users \ Application Data \ Symantec
2008-08-27 08:22 --------- d ----- w C: \ Documents and Settings \ All Users \ Application Data \ FLEXnet
2008-08-26 00:52 --------- d ----- w C: \ Documents and Settings \ Teddy \ Application Data \ OpenOffice.org2
2008-08-13 21:33 --------- d ----- w C: \ Program Files \ Microsoft Silverlight
2008-08-12 02:46 --------- d ----- w C: \ Program Files \ PHM
2008-07-26 08:55 --------- d ----- w C: \ Program Files \ OpenOffice.org 2.4
2008-07-26 08:54 --------- d ----- w C: \ Program Files \ Java
2008-04-19 16:57 32 ---- aw C: \ Documents and Settings \ All Users \ Application Data \ ezsid.dat
.

((((((((((((((((((((((((((((( Snapshot@2008-09-16_17.03.48.82 )))))))))) )))))))))))))))))))))))))))))))
.
- 2007-07-30 23:18:40 33.624-c - aw C: \ WINDOWS \ system32 \ dllcache \ wups.dll
+ 2008-07-19 02:10:20 36.552-c - aw C: \ WINDOWS \ system32 \ dllcache \ wups.dll
- 2007-07-30 23:18:40 33.624 ---- aw C: \ WINDOWS \ system32 \ wups.dll
+ 2008-07-19 02:10:20 36.552 ---- aw C: \ WINDOWS \ system32 \ wups.dll
- 2007-07-30 23:19:12 43.352 ---- aw C: \ WINDOWS \ system32 \ wups2.dll
+ 2008-07-19 02:10:40 45.768 ---- aw C: \ WINDOWS \ system32 \ wups2.dll
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))) ))))))))))))))))))))))))))))))))))))))))
.
.
* Note * empty entries & legit default merkinnät eivät näy
REGEDIT4

[HKEY_CURRENT_USER \ SOFTWARE \ Microsoft \ Windows \ Curre ntVersion \ Run]
"swg" = "C: \ Program Files \ Google \ GoogleToolbarNotifier \ GoogleToolbarNo tifier.exe" [2007-04-02 68856]
"QuickTime Task" = "C: \ Program Files \ QuickTime \ qttask.exe" [2008-09-06 413696]
"H / PC Connection Agent" = "C: \ Program Files \ Microsoft ActiveSync \ wcescomm.exe" [2006-11-13 1289000]
"Ctfmon.exe" = "C: \ WINDOWS \ system32 \ Ctfmon.exe" [2004-08-04 15360]
"IndxStoreSvr_ (79662E04-7C6C-4d9f-84C7-88D8A56B10AA)" = "C: \ Program Files \ Common Files \ Nero \ Lib \ NMIndexStoreSvr.exe" [2008-02-28 1828136]
"SpybotSD TeaTimer" = "C: \ Program Files \ Spybot - Search & Destroy \ TeaTimer.exe" [2008-08-18 1832272]

[HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ Windows \ curr entVersion \ Run]
"RemoteControl" = "C: \ Program Files \ Cyberlink \ PowerDVD \ PDVDServ.exe" [2004-05-14 32768]
"RoxioEngineUtility" = "C: \ Program Files \ Common Files \ Roxio Shared \ System \ EngUtil.exe" [2003-05-01 65536]
"RoxioAudioCentral" = "C: \ Program Files \ Roxio \ Easy CD Creator 6 \ AudioCentral \ RxMon.exe" [2003-07-15 319488]
"SiS Windows KeyHook" = "C: \ WINDOWS \ system32 \ keyhook.exe" [2004-09-02 249856]
"SiSUSBRG" = "C: \ WINDOWS \ SiSUSBrg.exe" [2004-09-22 106496]
"Apoint" = "C: \ Program Files \ Apoint2K \ Apoint.exe" [2003-12-05 159744]
"SunJavaUpdateSched" = "C: \ Program Files \ Java \ jre1.6.0_07 \ bin \ jusched.exe" [2008-06-10 144784]
"DSFHost" = "C: \ Program Files \ Sinkilät \ easyprint \ dsfhost.exe" [2006-01-05 2142301]
"Synchronization Manager" = "C: \ WINDOWS \ system32 \ mobsync.exe" [2004-08-04 143360]
"Zune Launcher" = "C: \ Program Files \ Zune \ ZuneLauncher.exe" [2007-03-14 24104]
"GrooveMonitor" = "C: \ Program Files \ Microsoft Office \ Office12 \ GrooveMonitor.exe" [2006-10-27 31016]
"Adobe Reader Speed Launcher" = "C: \ Program Files \ Adobe \ Reader 8.0 \ Reader \ Reader_sl.exe" [2008-01-11 39792]
"NeroFilterCheck" = "C: \ Program Files \ Common Files \ Nero \ Lib \ NeroCheck.exe" [2008-02-28 570664]
"NBKeyScan" = "C: \ Program Files \ Nero \ Nero8 \ Nero BackItUp \ NBKeyScan.exe" [2008-02-18 2221352]
"Adobe Acrobat Speed Launcher" = "C: \ Program Files \ Adobe \ Acrobat 9.0 \ Acrobat \ Acrobat_sl.exe" [2008-06-12 37232]
"ccApp" = "C: \ Program Files \ Common Files \ Symantec Shared \ ccApp.exe" [2006-07-19 52896]
"vptray" = "C: \ PROGRA ~ 1 \ SYMANT ~ 1 \ VPTray.exe" [2006-09-27 125168]
"iTunesHelper" = "C: \ Program Files \ iTunes \ iTunesHelper.exe" [2008-09-10 289576]
"CSRLT.EXE" = "C: \ WINDOWS \ system32 \ CSRLT.EXE" [BU]
"SoundMan" = "SOUNDMAN.EXE" [2004-09-22 C: \ WINDOWS \ SOUNDMAN.EXE]
'AGRSMMSG "=" AGRSMMSG.exe "[2004-09-22 C: \ WINDOWS \ AGRSMMSG.exe]
"SiSPower" = "SiSPower.dll" [2004-09-22 C: \ WINDOWS \ system32 \ SiSPower.dll]

C: \ Documents and Settings \ Teddy \ Käynnistä-valikko \ Ohjelmat \ Startup \
Adobe Gamma.lnk - C: \ Program Files \ Common Files \ Adobe \ Calibration \ Adobe Gamma Loader.exe [2005-03-16 113664]
OneNote 2007 Screen Clipper ja Launcher.lnk - C: \ Program Files \ Microsoft Office \ Office12 \ ONENOTEM.EXE [2006-10-26 98632]

C: \ Documents and Settings \ All Users \ Start Menu \ Programs \ Startup \
Windows Desktop Search.lnk - C: \ Program Files \ Windows Desktop Search \ WindowsSearch.exe [2007-02-05 118784]

[HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ Windows \ curr entversion \ Explorer \ ShellExecuteHooks]
"(56F9679E-7826-4C84-81F3-532071A8BCC5)" = "C: \ Program Files \ Windows Desktop Search \ MSNLNamespaceMgr.dll" [2007-02-05 294400]

[HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ Windows NT \ CurrentVersion \ Windows]
"AppInit_DLLs" = acaptuser32.dll

[HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ Windows NT \ CurrentVersion \ kuvatiedosto toteuttamisen vaihtoehtoja \ firefox.exe]
"Debugger" = C: \ Program Files \ Mozilla Firefox \ firefoxe.exe

[HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ Security Center \ Monitoring \ SymantecAntiVirus]
"DisableMonitoring" = dword: 00000001

[HKLM \ ~ \ Services \ sharedaccess \ Parameters \ firewallpo licy \ standardprofile \ AuthorizedApplications \ List]
"% windir% \ \ system32 \ \ sessmgr.exe" =
"C: \ Program Files \ \ Common Files \ \ AOL \ \ Loader \ \ aolload.exe" =
"C: \ Program Files \ \ BitLord \ \ BitLord.exe" =
"C: \ Program Files \ \ Soulseek \ \ slsk.exe" =
"C: \ Program Files \ \ Mozilla Firefox \ \ firefox.exe" =
"C: \ \ StubInstaller.exe" =
"C: \ Program Files \ \ LimeWire \ \ LimeWire.exe" =
"% windir% \ \ Network Diagnostic \ \ xpnetdiag.exe" =
"C: \ Program Files \ \ Messenger \ \ msmsgs.exe" =
"C: \ Program Files \ \ AIM \ \ aim.exe" =
"C: \ Program Files \ Microsoft ActiveSync \ rapimgr.exe" = C: \ Program Files \ Microsoft ActiveSync \ rapimgr.exe: 169.254.2.0/255.255.255.0: Enabled: ActiveSync RAPI Manager
"C: \ Program Files \ Microsoft ActiveSync \ wcescomm.exe" = C: \ Program Files \ Microsoft ActiveSync \ wcescomm.exe: 169.254.2.0/255.255.255.0: Enabled: ActiveSync Connection Manager
"C: \ Program Files \ Microsoft ActiveSync \ WCESMgr.exe" = C: \ Program Files \ Microsoft ActiveSync \ WCESMgr.exe: 169.254.2.0/255.255.255.0: Enabled: ActiveSync Application
"C: \ Program Files \ \ Microsoft Office \ \ Office12 \ \ Outlook.exe" =
"C: \ Program Files \ \ Microsoft Office \ \ Office12 \ \ GROOVE.EXE" =
"C: \ Program Files \ \ Microsoft Office \ \ Office12 \ \ ONENOTE.EXE" =
"C: \ Program Files \ \ Isadora \ \ isadora.exe" =
"C: \ Program Files \ \ Skype \ \ Phone \ \ Skype.exe" =
"C: \ Program Files \ \ Bonjour \ \ mDNSResponder.exe" =
"C: \ Program Files \ \ iTunes \ \ iTunes.exe" =

[HKLM \ ~ \ Services \ sharedaccess \ Parameters \ firewallpo licy \ standardprofile \ GloballyOpenPorts \ List]
"3389: TCP" = 3389: TCP: @ xpsp2res.dll, -22009
"1500: TCP" = 1500: TCP: Turvatut Access Agent Port
"26675: TCP" = 26675: TCP: 169.254.2.0/255.255.255.0: Enabled: ActiveSync Service

R0 pxark; pxark, C: \ WINDOWS \ system32 \ drivers \ pxark.sys [2008-09-02 17408]
R2 CSIScanner; CSIScanner, C: \ Program Files \ PrevxCSI \ prevxcsi.exe [2008-09-02 618040]
R2 SafeAccessAgent; turvallinen pääsy Agent; C: \ Program Files \ StillSecure \ turvallinen pääsy Agent \ SAService.exe [2006-01-27 880640]
R2 näkökulmasta Manager Service; näkökulmasta Manager Service, C: \ Program Files \ näkökulmasta \ Common \ ViewpointService.exe [2007-01-04 24652]
S3 HwIOctl; HwIOctl, C: \ Documents and Settings \ Omistaja \ Desktop \ HwIOctl.sys []
S3 Ktp3; Elantech Touchpad (KTP3), C: \ WINDOWS \ system32 \ DRIVERS \ Ktp3.sy s [2004-09-22 24704]
S3 Memctl; Memctl, C: \ Documents and Settings \ Omistaja \ Desktop \ Memctl.sys []
.
Contents of the 'Scheduled Tasks-kansioon
.
- - - - Orvolla poistettu - - - --

HKLM-Run-Layersecurity Servicemonitor - C: \ WINDOWS \ system32 \ LSSMON.EXE
HKLM-RunOnce-MSBLT.EXE - C: \ WINDOWS \ MSBLT.EXE

************************************************** ************************

catchme 0.3.1361 W2K/XP/Vista - rootkit / varkain haittaohjelmien detektori on Gmer, http://www.gmer.net
Rootkit scan 2008-09-16 18:00:27
Windows 5.1.2600 Service Pack 2 NTFS

skannaus piilotettu prosessien ...

skannaus piilotettu Autostart merkinnät ...

skannaus piilotetut tiedostot ...

************************************************** ************************
.
------------------------ Other Running Processes ----------------------- --
.
C: \ Program Files \ Common Files \ Symantec Shared \ ccSetMgr.exe
C: \ Program Files \ Common Files \ Symantec Shared \ ccEvtMgr.exe
C: \ Program Files \ Common Files \ Symantec Shared \ SPBBC \ SPBBCSvc.exe
C: \ Program Files \ Lavasoft \ Ad-Aware 2007 \ aawservice.exe
C: \ Program Files \ Common Files \ Apple \ Mobile Device Support \ bin \ AppleMobileDeviceService.exe
C: \ Program Files \ Symantec \ LiveUpdaten \ AluSchedulerSvc.exe
C: \ Program Files \ Bonjour \ mDNSResponder.exe
C: \ Program Files \ Symantec AntiVirus \ DefWatch.exe
C: \ Program Files \ Nero \ Nero8 \ Nero BackItUp \ NBService.exe
C: \ WINDOWS \ system32 \ IoctlSvc.exe
C: \ WINDOWS \ system32 \ MsPMSPSv.exe
C: \ WINDOWS \ system32 \ searchindexer.exe
C: \ Program Files \ näkökulmasta \ näkökulmasta Manager \ ViewMgr.exe
C: \ WINDOWS \ system32 \ rundll32.exe
C: \ PROGRA ~ 1 \ mikros ~ 3 \ rapimgr.exe
C: \ Program Files \ Roxio \ Easy CD Creator 6 \ AudioCentral \ Playlist.exe
C: \ Program Files \ Apoint2K \ ApntEx.exe
C: \ Program Files \ Common Files \ Nero \ Lib \ NMIndexingService.exe
C: \ Program Files \ iPod \ bin \ iPodService.exe
C: \ WINDOWS \ system32 \ searchprotocolhost.exe
C: \ WINDOWS \ system32 \ searchfilterhost.exe
.
************************************************** ************************
.
Täydennys-aika: 2008-09-16 18:24:56 - kone käynnistettiin uudelleen
ComboFix-karanteenissa-files.txt 2008-09-16 22:23:49
ComboFix2.txt 2008-09-16 21:16:14

Pre-Run: 10626510848 tavua vapaata
Post-Run: 10616803328 tavua vapaata

205 --- EOF --- 2008-09-11 20:07:51

**evilfantasy** · #6 16. Sep 2008, 15:50

Ladata TrendMicro HijackThis.exe (HJT) muuttamisesta Desktop.

Kaksoisnapsauta HJTInstall.
Klikkaa Asenna painiketta.
Se automaattisesti HJT vuonna C: \ Program Files \ TrendMicro \ HijackThis \ HijackThis.exe.
Kun asentaa, HijackThis pitäisi avata sinulle.
Klikkaa Onko järjestelmä skannaa ja tallentaa lokitiedoston painiketta
HijackThis tarkistaa ja sen jälkeen loki avautuu muistioon.
Kopioi ja liitä koko sisältöä, kirjaudu blogitekstiisi.
Älä on HijackThis vahvistaa mitään vielä. Suurin osa siitä, mitä se havaitsee on harmittomia tai jopa vaaditaan.

teddynicholas · #7 23. Sep 2008, 09:24

Logfile ja Trend Micro HijackThis v2.0.2
Scan tallennettu klo 12:21:04, on 9.23.2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16705)
Boot mode: Normal

Käynnissä olevista prosesseista:
C: \ WINDOWS \ System32 \ smss.exe
C: \ WINDOWS \ system32 \ Winlogon.exe
C: \ WINDOWS \ system32 \ Services.exe
C: \ WINDOWS \ system32 \ Lsass.exe
C: \ WINDOWS \ system32 \ Svchost.exe
C: \ WINDOWS \ System32 \ Svchost.exe
C: \ WINDOWS \ system32 \ Svchost.exe
C: \ Program Files \ Common Files \ Symantec Shared \ ccSetMgr.exe
C: \ Program Files \ Common Files \ Symantec Shared \ ccEvtMgr.exe
C: \ Program Files \ Common Files \ Symantec Shared \ SPBBC \ SPBBCSvc.exe
C: \ Program Files \ Lavasoft \ Ad-Aware 2007 \ aawservice.exe
C: \ WINDOWS \ system32 \ spoolsv.exe
C: \ Program Files \ Common Files \ Apple \ Mobile Device Support \ bin \ AppleMobileDeviceService.exe
C: \ Program Files \ Symantec \ LiveUpdaten \ ALUSchedulerSvc.exe
C: \ Program Files \ PrevxCSI \ prevxcsi.exe
C: \ Program Files \ Symantec AntiVirus \ DefWatch.exe
C: \ Program Files \ Nero \ Nero8 \ Nero BackItUp \ NBService.exe
C: \ WINDOWS \ system32 \ IoctlSvc.exe
C: \ Program Files \ StillSecure \ turvallinen pääsy Agent \ SAService.exe
C: \ WINDOWS \ system32 \ Svchost.exe
C: \ Program Files \ näkökulmasta \ Common \ ViewpointService.exe
C: \ WINDOWS \ system32 \ MsPMSPSv.exe
C: \ WINDOWS \ system32 \ SearchIndexer.exe
C: \ WINDOWS \ Explorer.exe
C: \ Program Files \ PrevxCSI \ prevxcsi.exe
C: \ WINDOWS \ System32 \ Svchost.exe
C: \ Program Files \ Cyberlink \ PowerDVD \ PDVDServ.exe
C: \ WINDOWS \ SOUNDMAN.EXE
C: \ WINDOWS \ system32 \ keyhook.exe
C: \ Program Files \ Apoint2K \ Apoint.exe
C: \ Program Files \ Java \ jre1.6.0_07 \ bin \ jusched.exe
C: \ Program Files \ Sinkilät \ easyprint \ dsfhost.exe
C: \ Program Files \ Zune \ ZuneLauncher.exe
C: \ Program Files \ Microsoft Office \ Office12 \ GrooveMonitor.exe
C: \ Program Files \ Common Files \ Symantec Shared \ ccApp.exe
C: \ Program Files \ iTunes \ iTunesHelper.exe
C: \ Program Files \ Apoint2K \ Apntex.exe
C: \ Program Files \ Google \ GoogleToolbarNotifier \ GoogleToolbarNo tifier.exe
C: \ Program Files \ Microsoft ActiveSync \ wcescomm.exe
C: \ Program Files \ Common Files \ Nero \ Lib \ NMIndexStoreSvr.exe
C: \ PROGRA ~ 1 \ mikros ~ 3 \ rapimgr.exe
C: \ Program Files \ Common Files \ Nero \ Lib \ NMIndexingService.exe
C: \ Program Files \ iPod \ bin \ iPodService.exe
C: \ Program Files \ näkökulmasta \ näkökulmasta Manager \ ViewMgr.exe
C: \ Program Files \ Adobe \ Acrobat 9.0 \ Acrobat \ AcroTray.exe
C: \ Program Files \ Common Files \ Macrovision Shared \ FLEXnet Publisher \ FNPLicensingService.exe
C: \ WINDOWS \ system32 \ taskmgr.exe
C: \ WINDOWS \ Lsass.exe
C: \ WINDOWS \ system32 \ SPOOLER.EXE
C: \ WINDOWS \ system32 \ wscntfy.exe
C: \ WINDOWS \ system32 \ Ctfmon.exe
C: \ Program Files \ Trend Micro \ HijackThis \ HijackThis.exe
C: \ WINDOWS \ system32 \ SearchProtocolHost.exe

R0 - HKCU \ Software \ Microsoft \ Internet Explorer \ Main, Start Page = http://www.averatec.com
R1 - HKLM \ Software \ Microsoft \ Internet Explorer \ Main, Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM \ Software \ Microsoft \ Internet Explorer \ Main, Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM \ Software \ Microsoft \ Internet Explorer \ Main, Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM \ Software \ Microsoft \ Internet Explorer \ Main, Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU \ Software \ Microsoft \ Internet Connection Wizard, ShellNext = http://oqaserver-a/
R1 - HKCU \ Software \ Microsoft \ Windows \ CurrentVersion \ Int ernet Asetukset, ProxyOverride = *. paikallisten
O2 - BHO: Yahoo! Toolbar Helper - (02478D38-C3F9-4EFB-9B51-7695ECA05670) - C: \ Program Files \ Yahoo! \ Companion \ Installs \ CPN \ yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - (06849E9F-C8D7-4D59-B87D-784B7D6BE0B3) - C: \ Program Files \ Common Files \ Adobe \ Acrobat \ ActiveX \ AcroIEHelper.dll
O2 - BHO: AcroIEHelperStub - (18DF081C-E8AD-4283-A596-FA578C2EBDC3) - C: \ Program Files \ Common Files \ Adobe \ Acrobat \ ActiveX \ AcroIEHelperShim.dll
O2 - BHO: Spybot-S & D IE Protection - (53707962-6F74-2D53-2644-206D7942484F) - C: \ PROGRA ~ 1 \ Spybot ~ 1 \ SDHelper.dll
O2 - BHO: Groove GFS Browser Helper - (72853161-30C5-4D22-B7F9-0BBC1D38A37E) - C: \ PROGRA ~ 1 \ mikros ~ 4 \ Office12 \ GRA8E1 ~ 1.DLL
O2 - BHO: SSVHelper Class - (761497BB-D6F0-462C-B6EB-D4DAF1D92D43) - C: \ Program Files \ Java \ jre1.6.0_07 \ bin \ ssv.dll
O2 - BHO: AOL Toolbar Launcher - (7C554162-8CB7-45A4-B8F4-8EA1C75885F9) - C: \ Program Files \ AOL \ AOL Toolbar 2.0 \ aoltb.dll
O2 - BHO: näkökulmasta Toolbar BHO - (A7327C09-B521-4EDB-8509-7D2660C9EC98) - C: \ Program Files \ näkökulmasta \ näkökulmasta Toolbar \ 3.8.0 \ ViewBarBHO.dll
O2 - BHO: Google Toolbar Helper - (AA58ED58-01DD-4d91-8333-CF10577473F7) - c: \ program files \ google \ googletoolbar2.dll
O2 - BHO: Adobe PDF Conversion Toolbar Helper - (AE7CD045-E861-484f-8273-0445EE161910) - C: \ Program Files \ Common Files \ Adobe \ Acrobat \ ActiveX \ AcroIEFavClient.dll
O2 - BHO: Google Toolbar Notifier BHO - (AF69DE43-7D58-4638-B6FA-CE66B5AD205D) - C: \ Program Files \ Google \ GoogleToolbarNotifier \ 3.1.807.1746 \ sw g.dll
O2 - BHO: SmartSelect - (F4971EE7-DAA0-4053-9964-665D8EE6A077) - C: \ Program Files \ Common Files \ Adobe \ Acrobat \ ActiveX \ AcroIEFavClient.dll
O3 - Toolbar: Yahoo! Toolbar - (EF99BD32-C1FB-11D2-892F-0090271D4F88) - C: \ Program Files \ Yahoo! \ Companion \ Installs \ CPN \ yt.dll
O3 - Toolbar: & Google - (2318C2B1-4965-11D4-9B18-009027A5CD4F) - c: \ program files \ google \ googletoolbar2.dll
O3 - Toolbar: AOL Toolbar - (DE9C389F-3316-41A7-809B-AA305ED9D922) - C: \ Program Files \ AOL \ AOL Toolbar 2.0 \ aoltb.dll
O3 - Toolbar: näkökulmasta Toolbar - (F8AD5AA5-D966-4667-9DAF-2561D68B2012) - C: \ Program Files \ Common Files \ näkökulmasta \ Toolbar Kesto \ 3.8.0 \ IEViewBar.dll
O3 - Toolbar: Adobe PDF - (47833539-D0C5-4125-9FA8-0819E2EAAC93) - C: \ Program Files \ Common Files \ Adobe \ Acrobat \ ActiveX \ AcroIEFavClient.dll
O4 - HKLM \ .. \ Run: [RemoteControl] "C: \ Program Files \ Cyberlink \ PowerDVD \ PDVDServ.exe"
O4 - HKLM \ .. \ Run: [RoxioEngineUtility] "C: \ Program Files \ Common Files \ Roxio Shared \ System \ EngUtil.exe"
O4 - HKLM \ .. \ Run: [RoxioAudioCentral] "C: \ Program Files \ Roxio \ Easy CD Creator 6 \ AudioCentral \ RxMon.exe"
O4 - HKLM \ .. \ Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM \ .. \ Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM \ .. \ Run: [SiSPower] rundll32.exe SiSPower.dll, ModeAgent
O4 - HKLM \ .. \ Run: [SiS Windows KeyHook] C: \ WINDOWS \ system32 \ keyhook.exe
O4 - HKLM \ .. \ Run: [SiSUSBRG] C: \ WINDOWS \ SiSUSBrg.exe
O4 - HKLM \ .. \ Run: [Apoint] C: \ Program Files \ Apoint2K \ Apoint.exe
O4 - HKLM \ .. \ Run: [SunJavaUpdateSched] "C: \ Program Files \ Java \ jre1.6.0_07 \ bin \ jusched.exe"
O4 - HKLM \ .. \ Run: [DSFHost] C: \ Program Files \ Sinkilät \ easyprint \ dsfhost.exe
O4 - HKLM \ .. \ Run: [Synchronization Manager]% SystemRoot% \ system32 \ mobsync.exe / kirjautumisen
O4 - HKLM \ .. \ Run: [Zune Launcher] "C: \ Program Files \ Zune \ ZuneLauncher.exe"
O4 - HKLM \ .. \ Run: [GrooveMonitor] "C: \ Program Files \ Microsoft Office \ Office12 \ GrooveMonitor.exe"
O4 - HKLM \ .. \ Run: [Adobe Reader Speed Launcher] "C: \ Program Files \ Adobe \ Reader 8.0 \ Reader \ Reader_sl.exe"
O4 - HKLM \ .. \ Run: [NeroFilterCheck] C: \ Program Files \ Common Files \ Nero \ Lib \ NeroCheck.exe
O4 - HKLM \ .. \ Run: [NBKeyScan] "C: \ Program Files \ Nero \ Nero8 \ Nero BackItUp \ NBKeyScan.exe"
O4 - HKLM \ .. \ Run: [Adobe Acrobat Speed Launcher] "C: \ Program Files \ Adobe \ Acrobat 9.0 \ Acrobat \ Acrobat_sl.exe"
O4 - HKLM \ .. \ Run: [ccApp] "C: \ Program Files \ Common Files \ Symantec Shared \ ccApp.exe"
O4 - HKLM \ .. \ Run: [vptray] C: \ PROGRA ~ 1 \ SYMANT ~ 1 \ VPTray.exe
O4 - HKLM \ .. \ Run: [iTunesHelper] "C: \ Program Files \ iTunes \ iTunesHelper.exe"
O4 - HKLM \ .. \ Run: [Layersecurity Servicemonitor] C: \ WINDOWS \ system32 \ LSSMON.EXE
O4 - HKLM \ .. \ Run: [taustatulostuspalvelun] C: \ WINDOWS \ system32 \ SPOOLER.EXE
O4 - HKCU \ .. \ Run: [swg] C: \ Program Files \ Google \ GoogleToolbarNotifier \ GoogleToolbarNo tifier.exe
O4 - HKCU \ .. \ Run: [QuickTime Task] "C: \ Program Files \ QuickTime \ qttask.exe"-atboottime
O4 - HKCU \ .. \ Run: [H / PC Connection Agent] "C: \ Program Files \ Microsoft ActiveSync \ wcescomm.exe"
O4 - HKCU \ .. \ Run: [Ctfmon.exe] C: \ WINDOWS \ system32 \ Ctfmon.exe
O4 - HKCU \ .. \ Run: [IndxStoreSvr_ (79662E04-7C6C-4d9f-84C7-88D8A56B10AA)] "C: \ Program Files \ Common Files \ Nero \ Lib \ NMIndexStoreSvr.exe" ASO-616B5711-6DAE-4795-A05F -39A1E5104020
O4 - HKCU \ .. \ Run: [SpybotSD TeaTimer] C: \ Program Files \ Spybot - Search & Destroy \ TeaTimer.exe
O4 - HKCU \ .. \ Run: [AdobeUpdater] C: \ Program Files \ Common Files \ Adobe \ Updater \ AdobeUpdater.exe
O4 - HKLM \ .. \ Policies \ Explorer \ Run: [LocalSecurityAuthoritySubsystem] C: \ WINDOWS \ Lsass.exe
O4 - Startup: Adobe Gamma.lnk = C: \ Program Files \ Common Files \ Adobe \ Calibration \ Adobe Gamma Loader.exe
O4 - Startup: OneNote 2007 Screen Clipper ja Launcher.lnk = C: \ Program Files \ Microsoft Office \ Office12 \ ONENOTEM.EXE
O4 - Global Startup: Windows Desktop Search.lnk = C: \ Program Files \ Windows Desktop Search \ WindowsSearch.exe
O8 - Extra yhteydessä valikkotoimintoa: & AOL Toolbar Search - C: \ Program Files \ AOL \ AOL työkalurivin 2.0 \ resurssit \ fi-fi \ Local \ search.html
O8 - Extra yhteydessä valikkotoimintoa: Append Linkki Tavoite Nykyiset PDF - res: / / C: \ Program Files \ Common Files \ Adobe \ Acrobat \ ActiveX \ AcroIEFavClient.dll / AcroIEAppendSelLinks.html
O8 - Extra yhteydessä valikkotoimintoa: Append nykyiseen PDF - res: / / C: \ Program Files \ Common Files \ Adobe \ Acrobat \ ActiveX \ AcroIEFavClient.dll / AcroIEAppend.html
O8 - Extra yhteydessä valikkotoimintoa: Muunna Linkki Tavoite Adobe PDF - res: / / C: \ Program Files \ Common Files \ Adobe \ Acrobat \ ActiveX \ AcroIEFavClient.dll / AcroIECaptureSelLinks.html
O8 - Extra yhteydessä valikkotoimintoa: Muunna Adobe PDF - res: / / C: \ Program Files \ Common Files \ Adobe \ Acrobat \ ActiveX \ AcroIEFavClient.dll / AcroIECapture.html
O8 - Extra yhteydessä valikkotoimintoa: E & Vie Microsoft Excel - res: / / C: \ PROGRA ~ 1 \ mikros ~ 4 \ Office12 \ EXCEL.EXE/3000
O9 - Extra button: (no name) - (08B0E5C0-4FCB-11CF-AAA5-00401C608501) - C: \ Program Files \ Java \ jre1.6.0_07 \ bin \ ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - (08B0E5C0-4FCB-11CF-AAA5-00401C608501) - C: \ Program Files \ Java \ jre1.6.0_07 \ bin \ ssv.dll
O9 - Extra button: Send to OneNote - (2670000A-7350-4f3c-8081-5663EE0C6C49) - C: \ PROGRA ~ 1 \ mikros ~ 4 \ Office12 \ ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S & loppu OneNote - (2670000A-7350-4f3c-8081-5663EE0C6C49) - C: \ PROGRA ~ 1 \ mikros ~ 4 \ Office12 \ ONBttnIE.dll
O9 - Extra button: Create Mobile Favorite - (2EAF5BB1-070F-11D3-9307-00C04FAE2D4F) - C: \ PROGRA ~ 1 \ mikros ~ 3 \ INetRepl.dll
O9 - Extra button: (no name) - (2EAF5BB2-070F-11D3-9307-00C04FAE2D4F) - C: \ PROGRA ~ 1 \ mikros ~ 3 \ INetRepl.dll
O9 - Extra 'Tools' menuitem: Create Mobile Favorite ... - (2EAF5BB2-070F-11D3-9307-00C04FAE2D4F) - C: \ PROGRA ~ 1 \ mikros ~ 3 \ INetRepl.dll
O9 - Extra button: AOL Toolbar - (3369AF0D-62E9-4bda-8103-B4C75499B578) - C: \ Program Files \ AOL \ AOL Toolbar 2.0 \ aoltb.dll
O9 - Extra button: Research - (92780B25-18CC-41C8-B9BE-3C9C571A8263) - C: \ PROGRA ~ 1 \ MIC273 ~ 1 \ Office12 \ REFIEBAR.DLL
O9 - Extra button: AIM - (AC9E2541-2814-11d5-BC6D-00B0D0A1DE45) - C: \ Program Files \ AIM \ aim.exe
O9 - Extra button: (no name) - (DFB852A3-47F8-48C4-A200-58CAB36FD2A2) - C: \ PROGRA ~ 1 \ Spybot ~ 1 \ SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - (DFB852A3-47F8-48C4-A200-58CAB36FD2A2) - C: \ PROGRA ~ 1 \ Spybot ~ 1 \ SDHelper.dll
O9 - Extra button: Messenger - (FB5F1910-F110-11D2-BB9E-00C04F795683) - C: \ Program Files \ Messenger \ msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - (FB5F1910-F110-11D2-BB9E-00C04F795683) - C: \ Program Files \ Messenger \ msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL = http://www.averatec.com
O16 - DPF: (0D6BB8B8-0257-420C-B9EB-CFA90DB1026C) -- http://svrnsec01.purchase.edu:88/setup.cab
O16 - DPF: (6414512B-B978-451D-A0D8-FCFDF33E833C) (WUWebControl Class) -- http://v5.windowsupdate.microsoft.co...?1096453339343
O18 - Protocol: grooveLocalGWS - (88FED34C-F0CA-4636-A375-3CB6248B04CD) - C: \ PROGRA ~ 1 \ mikros ~ 4 \ Office12 \ GR99D3 ~ 1.DLL
O18 - Protocol: skype4com - (FFC8B962-9B40-4DFF-9458-1830C7DD7F5D) - C: \ PROGRA ~ 1 \ Common ~ 1 \ Skype \ SKYPE4 ~ 1.DLL
O20 - AppInit_DLLs: acaptuser32.dll
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C: \ Program Files \ Lavasoft \ Ad-Aware 2007 \ aawservice.exe
O23 - Service: Adobe LM Service - Adobe Systems - C: \ Program Files \ Common Files \ Adobe Systems Shared \ Service \ Adobelmsvc.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C: \ Program Files \ Common Files \ Apple \ Mobile Device Support \ bin \ AppleMobileDeviceService.exe
O23 - Service: Automaattinen LiveUpdaten Scheduler - Symantec Corporation - C: \ Program Files \ Symantec \ LiveUpdaten \ ALUSchedulerSvc.exe
O23 - Service: Bonjour Service - Apple Inc. - C: \ Program Files \ Bonjour \ mDNSResponder.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C: \ Program Files \ Common Files \ Symantec Shared \ ccEvtMgr.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C: \ Program Files \ Common Files \ Symantec Shared \ ccSetMgr.exe
O23 - Service: CSIScanner - Prevx - C: \ Program Files \ PrevxCSI \ prevxcsi.exe
O23 - Service: Symantec AntiVirus Definition Watcher (DefWatch) - Symantec Corporation - C: \ Program Files \ Symantec AntiVirus \ DefWatch.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd - C: \ Program Files \ Common Files \ Macrovision Shared \ FLEXnet Publisher \ FNPLicensingService.exe
O23 - Service: Google Updater Service (gusvc) - Google - C: \ Program Files \ Google \ Common \ Google Updater \ GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C: \ Program Files \ Common Files \ InstallShield \ Driver \ 11 \ Intel 32 \ IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C: \ Program Files \ iPod \ bin \ iPodService.exe
O23 - Service: LiveUpdaten - Symantec Corporation - C: \ PROGRA ~ 1 \ Symantec \ LIVEUP ~ 1 \ LUCOMS ~ 1.EXE
O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - C: \ Program Files \ Nero \ Nero8 \ Nero BackItUp \ NBService.exe
O23 - Service: NMIndexingService - Nero AG - C: \ Program Files \ Common Files \ Nero \ Lib \ NMIndexingService.exe
O23 - Service: PLFlash DeviceIoControl Service - Prolific Technology Inc. - C: \ WINDOWS \ system32 \ IoctlSvc.exe
O23 - Service: Turvatut Access Agent (SafeAccessAgent) - StillSecure - C: \ Program Files \ StillSecure \ turvallinen pääsy Agent \ SAService.exe
O23 - Service: SAVRoam (SavRoam) - Symantec - C: \ Program Files \ Symantec AntiVirus \ SavRoam.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C: \ Program Files \ Common Files \ Symantec Shared \ SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C: \ Program Files \ Common Files \ Symantec Shared \ SPBBC \ SPBBCSvc.exe
O23 - Service: Symantec AntiVirus - Symantec Corporation - C: \ Program Files \ Symantec AntiVirus \ Rtvscan.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C: \ Program Files \ Common Files \ Symantec Shared \ Security Center \ SymWSC.exe
O23 - Service: näkökulmasta Manager Service - näkökulmasta Corporation - C: \ Program Files \ näkökulmasta \ Common \ ViewpointService.exe

--
End of file - 14719 bytes

**evilfantasy** · #8 23. Sep 2008, 10:25

Ladata Malwarebytes' Anti-Malware (MBAM)

Kaksoisnapsauta mbam-setup.exe ja seuraa ohjeita asentaaksesi ohjelman.
Lopussa, varmista, että yksi tarkistusmerkkiä on viereen seuraavasti:
- Päivitä Malwarebytes' Anti-Malware
- Launch Malwarebytes' Anti-Malware
Valitse sitten Maali.
Jos päivitys löytyy, se lataa ja asentaa uusimman version.
Kun ohjelma on ladattu, valitse Suorittaa Quick ScanValitse sitten Scan.
Kun skannaus on valmis, valitse OK, Sitten Näytä tulokset Voit tarkastella tuloksia.
Olla varma, että kaikki on valittu, ja napsauta Poista valitut.
Kun desinfiointi on valmis, loki avautuu Muistioon ja sinua saatetaan kehottaa uudelleen. (Katso Extra huomautus)
Loki on automaattisesti tallennetaan MBAM ja voi tarkastella napsauttamalla Lokit välilehti MBAM.
Kopioi ja liitä koko raportin seuraavan vastauksen.

Extra Huomautus: Jos MBAM kohtaa tiedoston, joka on vaikea poistaa, näytetään 1 2 kehotteita, OK joko ja anna MBAM edetä desinfiointiin prosessi, jos pyydetään käynnistämään tietokone uudelleen, tee niin välittömästi.

----------

Nyt luoda uuden HijackThis scan ja post lokin yhdessä MBAM loki.

Samanlaisia Threads
Kierre	Thread Starter	Forum	Vastaukset	Last Post
Ohje puhdistus tartunnan PC	veritas9	Virusten, vakoiluohjelmien & Security	52	11. Jan 2009 15:12
Lsassmgr.exe	Lovelyeyes	Virusten, vakoiluohjelmien & Security	4	21. Joulukuu 2008 13:28
LSASSMGR.exe	Sparky1567	Virusten, vakoiluohjelmien & Security	1	16. Sep 2008 11:48
LSSMON.exe LSASSMGR.exe ja srtsrv.exe	krellda	Virusten, vakoiluohjelmien & Security	8	15 Sep 2008 12:58

Thread Tools
Näytä Tulostettava versio Lähetä tämä sivu