Mesematonen vierailulla...

meikalainen

2008-06-02 18:57:27

Niin kuten otsikostakin huomaa niin menin tietämättömyytttäni aukaiseen linkin, jossa oli jotain että "onko sinun kuvasi?" :( No eihän se minun kuva ollut :D

Voisiko joku auttaa! Alla loki, KIITOS jo etukäteen...

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 17:17:25, on 2.6.2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16640)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Nero Express\InCD\InCDsrv.exe
C:\Norman\Npm\bin\ELOGSVC.EXE
C:\Norman\Npm\Bin\Zanda.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\Norman\Npf\BIN\NPFSVICE.EXE
C:\WINDOWS\system32\HPZipm12.exe
C:\WINDOWS\system32\svchost.exe
C:\Norman\Npm\bin\NJEEVES.EXE
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\WINDOWS\AGRSMMSG.exe
C:\Program Files\ltmoh\Ltmoh.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\GlobespanVirata\XPFix.exe
C:\Program Files\HP\hpcoretech\hpcmpmgr.exe
C:\Norman\Npm\bin\ZLH.EXE
C:\Nero Express\InCD\InCD.exe
C:\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe
C:\Program Files\Macrogaming\SweetIM\SweetIM.exe
C:\WINDOWS\system32\LVCOMSX.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\Norman\Npf\BIN\npfmsg2.exe
C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkCalRem.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\HP\hpcoretech\comp\hptskmgr.exe
D:\Need\WinRAR.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.fi/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://g.msn.fi/0SEFIFI/SAOS01?FORM=TOOLBR
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = ftp=proxy.wlannet.com:3128;http=proxy.wlannet.com:3128;https=proxy.wlannet.com:3128
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Linkit
R3 - URLSearchHook: (no name) - {BC4FFE41-DE9F-46fa-B455-AAD49B9F9938} - (no file)
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [LtMoh] C:\Program Files\ltmoh\Ltmoh.exe
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [XPFix] C:\Program Files\GlobespanVirata\XPFix.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe"
O4 - HKLM\..\Run: [Norman ZANDA] C:\Norman\Npm\bin\ZLH.EXE /LOAD /SPLASH
O4 - HKLM\..\Run: [InCD] C:\Nero Express\InCD\InCD.exe
O4 - HKLM\..\Run: [HP Software Update] C:\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe"
O4 - HKLM\..\Run: [SweetIM] C:\Program Files\Macrogaming\SweetIM\SweetIM.exe
O4 - HKLM\..\Run: [QuickTime Task] "D:\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\system32\LVCOMSX.EXE
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Windows UDP Control] winudspm.exe
O4 - HKLM\..\Run: [BM2330e164] Rundll32.exe "C:\WINDOWS\system32\klealwty.dll",s
O4 - HKLM\..\Run: [2003d2f8] rundll32.exe "C:\WINDOWS\system32\bjyqtuwp.dll",b
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [SweetIM] C:\Program Files\Macrogaming\SweetIM\SweetIM.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Paikallinen palve')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Verkkopalve')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: WKCALREM.LNK = C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkCalRem.exe
O4 - Global Startup: Microsoft Office.lnk = D:\front\Office10\OSA.EXE
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra button: Lisää tämä blogiin - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Lisää tämä blogiin tuotteessa Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: EmpirePoker - {77E68763-4284-41d6-B7E7-B6E1F053A9E7} - D:\Reppu\Pelit\EmpirePoker.exe (file missing)
O9 - Extra 'Tools' menuitem: EmpirePoker - {77E68763-4284-41d6-B7E7-B6E1F053A9E7} - D:\Reppu\Pelit\EmpirePoker.exe (file missing)
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: @C:\Program Files\Messenger\Msgslang.dll,-61144 - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: @C:\Program Files\Messenger\Msgslang.dll,-61144 - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Object) - http://appldnld.apple.com.edgesuite.net/content.info.apple.com/QuickTime/qtactivex/qtplugin.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by124w.bay124.mail.live.com/mail/resources/MsnPUpld.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
O16 - DPF: {97E71027-0BA2-44F2-97DB-F84D808ED0B6} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab55762.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMessengerSetupDownloader.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://messenger.zone.msn.com/binary/ZIntro.cab55579.cab
O16 - DPF: {BD393C14-72AD-4790-A095-76522973D6B8} (CBreakshotControl Class) - http://messenger.zone.msn.com/binary/Bankshot.cab31267.cab
O16 - DPF: {BDBDE413-7B1C-4C68-A8FF-C5B2B4090876} (F-Secure Online Scanner 3.3) - http://support.f-secure.com/ols/fscax.cab
O23 - Service: Automattinen LiveUpdate-ajastustoiminto - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: Norman eLogger service 6 (eLoggerSvc6) - Norman ASA - C:\Norman\Npm\bin\ELOGSVC.EXE
O23 - Service: InCD Helper (InCDsrv) - Nero AG - C:\Nero Express\InCD\InCDsrv.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: Norman NJeeves - Unknown owner - C:\Norman\Npm\bin\NJEEVES.EXE
O23 - Service: Norman Type-R - Unknown owner - C:\Norman\Npf\BIN\NPFSVICE.EXE
O23 - Service: Norman ZANDA - Norman ASA - C:\Norman\Npm\Bin\Zanda.exe
O23 - Service: Norman Virus Control on-access component (nvcoas) - Norman ASA - C:\Norman\Nvc\bin\nvcoas.exe
O23 - Service: Norman Virus Control Scheduler (NVCScheduler) - Norman ASA - C:\Norman\Nvc\BIN\NVCSCHED.EXE
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe

--
End of file - 8615 bytes

618

Äänestä

Vastaukset

meikalainen
2008-06-05 07:56:28
Voisiko joku oikeesti auttaa kun en meinaa millään saada virusta pois, eikä haluais tyhjentää koko konetta..! Helppiä!!!!??
FixFix
2008-06-05 08:36:38
joo.. se on sitä

1.Lataa combofix.exe työpöydällesi yhdestä, kahdesta klinkistä:
http://download.bleepingcomputer.com/sUBs/ComboFix.exe
http://subs.geekstogo.com/ComboFix.exe

2. Tuplaklikkaa combofix.exe tiedostoa ja seuraa ohjeistuksia.
3. Kun työkalu on valmis, se tuottaa lokin. Lähetä tämä loki viesti ketjuusi.
Huom! Älä klikkaile combofixin ikkunaa käytön aikana. Tämä saattaa aiheuttaa ohjelman jumiutumisen.
- meikalainen
  2008-06-05 21:27:30
  Tällanen loki tuli... Heti ComboFixin ajettuani virus ei ole vaivannut yhtään! Eikä ole ilmennyt mitään siihen viittaavaa! Joten todella suuri kiitos sinulle! Toivottavasti se on pysyvästi poissa :) Ilmeisesti minun e tarvi mitään muuta tehdä, vai?
  
  ComboFix 08-06-05.2 - Omistaja 2008-06-05 20:44:01.1 - NTFSx86
  Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1035.18.162 [GMT 3:00]
  Running from: C:\Documents and Settings\Omistaja\Työpöytä\ComboFix.exe
  * Created a new restore point
  
  [color=red][b]WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !![/b][/color]
  .
  
  (((((((((((((((((((((((((((((((((((((( Muut poistot ))))))))))))))))))))))))))))))))))))))))))))))))))))))))
  .
  
  C:\bot.exe
  C:\setup.exe
  C:\WINDOWS\BM2330e164.xml
  C:\WINDOWS\hosts
  C:\WINDOWS\pskt.ini
  C:\WINDOWS\service.exe
  C:\WINDOWS\system32\awelovlv.ini
  C:\WINDOWS\system32\byXPFUKc.dll
  C:\WINDOWS\system32\cbXOFxvU.dll
  C:\WINDOWS\system32\ddcAtqPi.dll
  C:\WINDOWS\system32\ddfMVvut.ini
  C:\WINDOWS\system32\ddfMVvut.ini2
  C:\WINDOWS\system32\duhxbyge.exe
  C:\WINDOWS\system32\eicxyjes.exe
  C:\WINDOWS\system32\fnixbvsm.ini
  C:\WINDOWS\system32\geBssqNG.dll
  C:\WINDOWS\system32\iifdcYro.dll
  C:\WINDOWS\system32\iipvohjg.ini
  C:\WINDOWS\system32\irkjarcv.ini
  C:\WINDOWS\system32\iuysgehw.exe
  C:\WINDOWS\system32\jihlyntu.ini
  C:\WINDOWS\system32\jtnsmspl.dll
  C:\WINDOWS\system32\jxbahifr.ini
  C:\WINDOWS\system32\klealwty.dll
  C:\WINDOWS\system32\kutsprfo.dll
  C:\WINDOWS\system32\larsttrm.exe
  C:\WINDOWS\system32\lSYaaGgh.ini
  C:\WINDOWS\system32\lSYaaGgh.ini2
  C:\WINDOWS\system32\mcrh.tmp
  C:\WINDOWS\system32\mdm.exe
  C:\WINDOWS\system32\msvbxinf.dll
  C:\WINDOWS\system32\nfbkwwme.dll
  C:\WINDOWS\system32\nnnnLeBu.dll
  C:\WINDOWS\system32\ocvhwxln.dll
  C:\WINDOWS\system32\orYcdfii.ini
  C:\WINDOWS\system32\orYcdfii.ini2
  C:\WINDOWS\system32\pwutqyjb.ini
  C:\WINDOWS\system32\quygaclr.dll
  C:\WINDOWS\system32\qyeqmibc.dll
  C:\WINDOWS\system32\qyvfsvuy.dll
  C:\WINDOWS\system32\rexrxfns.exe
  C:\WINDOWS\system32\rlcagyuq.ini2
  C:\WINDOWS\system32\rlcagyuq.tmp
  C:\WINDOWS\system32\rqRHwULe.dll
  C:\WINDOWS\system32\sooawahn.dll
  C:\WINDOWS\system32\TAcJkUvw.ini
  C:\WINDOWS\system32\TAcJkUvw.ini2
  C:\WINDOWS\system32\UvDdcccf.ini
  C:\WINDOWS\system32\UvDdcccf.ini2
  C:\WINDOWS\system32\vcrajkri.dll
  C:\WINDOWS\system32\viqmgwrf.exe
  C:\WINDOWS\system32\xFikknpo.ini
  C:\WINDOWS\system32\xFikknpo.ini2
  C:\WINDOWS\system32\xoaiynnq.dll
  C:\WINDOWS\system32\xxyywwxV.dll
  C:\WINDOWS\system32\xxyyxvwv.dll
  C:\WINDOWS\system32\ytigippo.dll
  
  .
  ((((( Tiedostot, jotka on luotu seuraavalla aikav„lill„: 2008-05-05 to 2008-06-05 )))))))))))))))))
  .
  
  2008-06-05 20:51 . 2008-06-05 20:51   294   ---hsc---   C:\WINDOWS\system32\jxbahifr.ini
  2008-06-05 20:50 . 2008-06-05 20:50   109,807   --a--c---   C:\WINDOWS\BM2330e164.xml
  2008-06-05 20:35 . 2008-06-05 20:35   126,976   --a------   C:\WINDOWS\system32\ohpxicpg.dll
  2008-06-05 17:06 . 2008-06-05 17:06   147,456   --a------   C:\WINDOWS\system32\rfihabxj.dll
  2008-06-05 16:57 . 2008-06-05 16:57   180,224   --a------   C:\WINDOWS\system32\rmtptlrm.dll
  2008-06-05 16:51 . 2008-06-05 16:51   156,160   --a------   C:\WINDOWS\system32\haohoauw.dll
  2008-06-04 14:40 . 2008-06-04 14:40   132,608   --a------   C:\WINDOWS\system32\kpergtyr.dll
  2008-06-04 14:40 . 2008-06-04 14:40   126,976   --a------   C:\WINDOWS\system32\cathhryt.dll
  2008-06-04 14:39 . 2008-06-04 18:11   3,424   --a--c---   C:\is155400.exe
  2008-06-03 19:00 . 2008-06-03 19:00   52,331   --a--c---   C:\f.bat
  2008-06-03 18:36 . 2008-06-03 21:22   86,548   --a------   C:\Documents and Settings\Omistaja\setupa.exe
  2008-06-03 18:09 . 2008-06-03 22:10   86,548   --a--c---   C:\ssetup.exe
  2008-06-03 17:50 . 2008-06-04 16:03   3,424   --a------   C:\Documents and Settings\Omistaja\setup.exe
  2008-06-03 16:26 . 2008-06-03 16:26   96,950   -r-hsc---   C:\WINDOWS\mservice.exe
  2008-06-02 17:17 . 2008-06-02 17:17      d----c---   C:\Program Files\Trend Micro
  2008-06-02 09:19 . 2008-06-03 21:30   4,217   --a--c---   C:\WINDOWS\is154890.exe
  2008-05-30 13:50 . 2008-05-30 13:50   96,768   -----c---   C:\is154890.exe
  2008-05-29 21:23 . 2008-05-29 21:23      d----c---   C:\fsaua.data
  2008-05-29 20:46 . 2008-05-29 20:46   60,132   --a--c---   C:\ddc.exe
  2008-05-29 20:32 . 2008-05-29 20:45      d-a--c---   C:\MSNFix
  2008-05-29 20:27 . 2008-06-05 16:50   501   --a--c---   C:\WINDOWS\wininit.ini
  2008-05-29 20:18 . 2008-05-29 20:18   86,340   --a--c---   C:\img.com
  2008-05-29 20:01 . 2008-05-29 20:01      d----c---   C:\Program Files\CCleaner
  2008-05-29 19:46 . 2008-05-29 19:46      d----c---   C:\Program Files\Spybot - Search & Destroy
  2008-05-29 19:46 . 2008-05-29 19:47      d----c---   C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
  2008-05-29 17:15 . 2008-05-29 17:35   102,664   --a--c---   C:\WINDOWS\system32\drivers\tmcomm.sys
  2008-05-29 17:12 . 2008-05-29 17:35      d--------   C:\Documents and Settings\Omistaja\.housecall6.6
  2008-05-29 17:11 . 2008-05-29 18:53   687   --a--c---   C:\WINDOWS\cookies.MSNFix
  2008-05-29 15:14 . 2008-05-29 18:13   56,832   --a--c---   C:\fa.com
  2008-05-28 20:31 . 2008-05-29 16:29   3,424   --a--c---   C:\dci.MSNFix
  
  .
  (((((((((((((((((((((((((((((((((((( Find3M-raportti ))))))))))))))))))))))))))))))))))))))))))))))))))))))
  .
  2008-06-05 17:51   5   -c--a-w   C:\NPF_USER.DAT
  2008-06-03 15:36   ---------   dc----w   C:\Documents and Settings\All Users\Application Data\NPF
  2007-03-13 09:36   822   ----a-w   C:\Documents and Settings\Omistaja\Application Data\wklnhst.dat
  2006-01-30 18:20   560   -c--a-w   C:\Documents and Settings\Omistaja\Application Data\ViewerApp.dat
  2005-06-03 13:31   380   -c--a-w   C:\Documents and Settings\Omistaja\GlobalData.dat
  1999-06-09 14:51   99,840   -c--a-w   C:\Program Files\Common Files\IRAABOUT.DLL
  1998-12-09 00:53   70,144   -c--a-w   C:\Program Files\Common Files\IRAMDMTR.DLL
  1998-12-09 00:53   48,640   -c--a-w   C:\Program Files\Common Files\IRALPTTR.DLL
  1998-12-09 00:53   31,744   -c--a-w   C:\Program Files\Common Files\IRAWEBTR.DLL
  1998-12-09 00:53   186,368   -c--a-w   C:\Program Files\Common Files\IRAREG.DLL
  1998-12-09 00:53   17,920   -c--a-w   C:\Program Files\Common Files\IRASRIAL.DLL
  .
  
  (((((((((((((((((((((((((((((( Rekisterin k„ynnistyskohteet )))))))))))))))))))))))))))))))))))))))))))))
  .
  .
  REGEDIT4
  *Huom* Tyhji„ arvoja ja laillisia oletusarvoja ei n„ytet„
  
  [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{54f4a651-e2ae-4672-b8ef-35673677f2eb}]
  2008-06-05 16:57   180224   --a------   C:\WINDOWS\system32\rmtptlrm.dll
  
  [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{DBFEAEE4-AE46-4834-A520-8B58F1C6537F}]
           C:\WINDOWS\system32\wvUkJcAT.dll
  
  [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{E004BC66-64AD-435A-83AA-19A41F1B7AB7}]
           C:\WINDOWS\system32\opnkkiFx.dll
  
  [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
  "CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-09-15 15:00 15360]
  "SweetIM"="C:\Program Files\Macrogaming\SweetIM\SweetIM.exe" [2006-12-27 17:53 73840]
  
  [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
  "IgfxTray"="C:\WINDOWS\system32\igfxtray.exe" [2004-07-02 03:02 155648]
  "HotKeysCmds"="C:\WINDOWS\system32\hkcmd.exe" [2004-07-02 02:58 118784]
  "SoundMan"="SOUNDMAN.EXE" [2004-12-22 10:09 77824 C:\WINDOWS\SOUNDMAN.EXE]
  "AGRSMMSG"="AGRSMMSG.exe" [2004-02-21 05:00 88363 C:\WINDOWS\AGRSMMSG.exe]
  "LtMoh"="C:\Program Files\ltmoh\Ltmoh.exe" [2003-04-29 06:08 184320]
  "SynTPLpr"="C:\Program Files\Synaptics\SynTP\SynTPLpr.exe" [2004-07-24 05:49 102400]
  "SynTPEnh"="C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" [2004-07-24 05:49 684032]
  "XPFix"="C:\Program Files\GlobespanVirata\XPFix.exe" [2004-07-23 18:25 217188]
  "NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [2001-07-09 11:50 155648]
  "HP Component Manager"="C:\Program Files\HP\hpcoretech\hpcmpmgr.exe" [2005-01-12 15:54 241664]
  "Norman ZANDA"="C:\Norman\Npm\bin\ZLH.exe" [2007-04-27 13:58 183352]
  "InCD"="C:\Nero Express\InCD\InCD.exe" [2005-07-25 12:01 1397760]
  "HP Software Update"="C:\HP\HP Software Update\HPWuSchd2.exe" [2005-02-17 00:11 49152]
  "SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe" [2007-03-14 03:43 83608]
  "SweetIM"="C:\Program Files\Macrogaming\SweetIM\SweetIM.exe" [2006-12-27 17:53 73840]
  "QuickTime Task"="D:\QuickTime\qttask.exe" [2007-11-11 16:42 286720]
  "LVCOMSX"="C:\WINDOWS\system32\LVCOMSX.EXE" [2005-07-19 18:32 221184]
  "Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 23:16 39792]
  "Windows UDP Control"="winudspm.exe" []
  "Windows svchost"="service.exe" []
  "2003d2f8"="C:\WINDOWS\system32\rfihabxj.dll" [2008-06-05 17:06 147456]
  "BM2330e164"="C:\WINDOWS\system32\ohpxicpg.dll" [2008-06-05 20:35 126976]
  
  [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
  "CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-09-15 15:00 15360]
  
  [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
  "vidc.ffds"= D:\IMUROI~1\FFDSHO~1\ffdshow.ax
  
  [HKEY_LOCAL_MACHINE\software\microsoft\security center]
  "AntiVirusDisableNotify"=dword:00000001
  "UpdatesDisableNotify"=dword:00000001
  
  [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
  "DisableMonitoring"=dword:00000001
  
  [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
  "EnableFirewall"= 0 (0x0)
  
  [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
  "%windir%\\system32\\sessmgr.exe"=
  "C:\\Program Files\\Messenger\\msmsgs.exe"=
  "D:\\Imurointi\\eMule\\emule.exe"=
  "%windir%\\Network Diagnostic\\xpnetdiag.exe"=
  "D:\\Skype\\Phone\\Skype.exe"=
  "C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
  "C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=
  
  R0 NDIS_RD;Firewall Engine Type-R2;C:\WINDOWS\system32\drivers\NDIS_RD.sys [2004-12-06 10:18]
  R1 TDI_RD;Firewall Engine Type-R;C:\WINDOWS\system32\drivers\tdi_rd.sys [2004-10-13 22:01]
  R2 Automattinen LiveUpdate-ajastustoiminto;Automattinen LiveUpdate-ajastustoiminto;"C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe" [2006-08-03 17:58]
  R2 Ndiskio;Ndiskio;C:\Norman\Nse\bin\NDISKIO.SYS [2007-01-02 10:55]
  R3 PRISM_A00;PRISM 802.11 Driver;C:\WINDOWS\system32\DRIVERS\PRISMA00.sys [2004-07-20 20:16]
  S3 ADM8511;ADMtek ADM8511/AN986 USB To Fast Ethernet Converter;C:\WINDOWS\system32\DRIVERS\ADM8511.SYS [2001-08-17 20:11]
  S3 NvcMFlt;NvcMFlt;C:\WINDOWS\system32\DRIVERS\nvcw32mf.sys [2008-02-11 15:56]
  
  .
  'Ajoitetut teht„v„t'-kansion sis„lt”
  "2008-06-05 15:18:00 C:\WINDOWS\Tasks\Tarkistetaan Windows Live -työkalurivin päivitykset.job"
- FixFix
  2008-06-05 22:36:29
  meikalainen kirjoitti:
  Tällanen loki tuli... Heti ComboFixin ajettuani virus ei ole vaivannut yhtään! Eikä ole ilmennyt mitään siihen viittaavaa! Joten todella suuri kiitos sinulle! Toivottavasti se on pysyvästi poissa :) Ilmeisesti minun e tarvi mitään muuta tehdä, vai?
  
  ComboFix 08-06-05.2 - Omistaja 2008-06-05 20:44:01.1 - NTFSx86
  Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1035.18.162 [GMT 3:00]
  Running from: C:\Documents and Settings\Omistaja\Työpöytä\ComboFix.exe
  * Created a new restore point
  
  [color=red][b]WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !![/b][/color]
  .
  
  (((((((((((((((((((((((((((((((((((((( Muut poistot ))))))))))))))))))))))))))))))))))))))))))))))))))))))))
  .
  
  C:\bot.exe
  C:\setup.exe
  C:\WINDOWS\BM2330e164.xml
  C:\WINDOWS\hosts
  C:\WINDOWS\pskt.ini
  C:\WINDOWS\service.exe
  C:\WINDOWS\system32\awelovlv.ini
  C:\WINDOWS\system32\byXPFUKc.dll
  C:\WINDOWS\system32\cbXOFxvU.dll
  C:\WINDOWS\system32\ddcAtqPi.dll
  C:\WINDOWS\system32\ddfMVvut.ini
  C:\WINDOWS\system32\ddfMVvut.ini2
  C:\WINDOWS\system32\duhxbyge.exe
  C:\WINDOWS\system32\eicxyjes.exe
  C:\WINDOWS\system32\fnixbvsm.ini
  C:\WINDOWS\system32\geBssqNG.dll
  C:\WINDOWS\system32\iifdcYro.dll
  C:\WINDOWS\system32\iipvohjg.ini
  C:\WINDOWS\system32\irkjarcv.ini
  C:\WINDOWS\system32\iuysgehw.exe
  C:\WINDOWS\system32\jihlyntu.ini
  C:\WINDOWS\system32\jtnsmspl.dll
  C:\WINDOWS\system32\jxbahifr.ini
  C:\WINDOWS\system32\klealwty.dll
  C:\WINDOWS\system32\kutsprfo.dll
  C:\WINDOWS\system32\larsttrm.exe
  C:\WINDOWS\system32\lSYaaGgh.ini
  C:\WINDOWS\system32\lSYaaGgh.ini2
  C:\WINDOWS\system32\mcrh.tmp
  C:\WINDOWS\system32\mdm.exe
  C:\WINDOWS\system32\msvbxinf.dll
  C:\WINDOWS\system32\nfbkwwme.dll
  C:\WINDOWS\system32\nnnnLeBu.dll
  C:\WINDOWS\system32\ocvhwxln.dll
  C:\WINDOWS\system32\orYcdfii.ini
  C:\WINDOWS\system32\orYcdfii.ini2
  C:\WINDOWS\system32\pwutqyjb.ini
  C:\WINDOWS\system32\quygaclr.dll
  C:\WINDOWS\system32\qyeqmibc.dll
  C:\WINDOWS\system32\qyvfsvuy.dll
  C:\WINDOWS\system32\rexrxfns.exe
  C:\WINDOWS\system32\rlcagyuq.ini2
  C:\WINDOWS\system32\rlcagyuq.tmp
  C:\WINDOWS\system32\rqRHwULe.dll
  C:\WINDOWS\system32\sooawahn.dll
  C:\WINDOWS\system32\TAcJkUvw.ini
  C:\WINDOWS\system32\TAcJkUvw.ini2
  C:\WINDOWS\system32\UvDdcccf.ini
  C:\WINDOWS\system32\UvDdcccf.ini2
  C:\WINDOWS\system32\vcrajkri.dll
  C:\WINDOWS\system32\viqmgwrf.exe
  C:\WINDOWS\system32\xFikknpo.ini
  C:\WINDOWS\system32\xFikknpo.ini2
  C:\WINDOWS\system32\xoaiynnq.dll
  C:\WINDOWS\system32\xxyywwxV.dll
  C:\WINDOWS\system32\xxyyxvwv.dll
  C:\WINDOWS\system32\ytigippo.dll
  
  .
  ((((( Tiedostot, jotka on luotu seuraavalla aikav„lill„: 2008-05-05 to 2008-06-05 )))))))))))))))))
  .
  
  2008-06-05 20:51 . 2008-06-05 20:51   294   ---hsc---   C:\WINDOWS\system32\jxbahifr.ini
  2008-06-05 20:50 . 2008-06-05 20:50   109,807   --a--c---   C:\WINDOWS\BM2330e164.xml
  2008-06-05 20:35 . 2008-06-05 20:35   126,976   --a------   C:\WINDOWS\system32\ohpxicpg.dll
  2008-06-05 17:06 . 2008-06-05 17:06   147,456   --a------   C:\WINDOWS\system32\rfihabxj.dll
  2008-06-05 16:57 . 2008-06-05 16:57   180,224   --a------   C:\WINDOWS\system32\rmtptlrm.dll
  2008-06-05 16:51 . 2008-06-05 16:51   156,160   --a------   C:\WINDOWS\system32\haohoauw.dll
  2008-06-04 14:40 . 2008-06-04 14:40   132,608   --a------   C:\WINDOWS\system32\kpergtyr.dll
  2008-06-04 14:40 . 2008-06-04 14:40   126,976   --a------   C:\WINDOWS\system32\cathhryt.dll
  2008-06-04 14:39 . 2008-06-04 18:11   3,424   --a--c---   C:\is155400.exe
  2008-06-03 19:00 . 2008-06-03 19:00   52,331   --a--c---   C:\f.bat
  2008-06-03 18:36 . 2008-06-03 21:22   86,548   --a------   C:\Documents and Settings\Omistaja\setupa.exe
  2008-06-03 18:09 . 2008-06-03 22:10   86,548   --a--c---   C:\ssetup.exe
  2008-06-03 17:50 . 2008-06-04 16:03   3,424   --a------   C:\Documents and Settings\Omistaja\setup.exe
  2008-06-03 16:26 . 2008-06-03 16:26   96,950   -r-hsc---   C:\WINDOWS\mservice.exe
  2008-06-02 17:17 . 2008-06-02 17:17      d----c---   C:\Program Files\Trend Micro
  2008-06-02 09:19 . 2008-06-03 21:30   4,217   --a--c---   C:\WINDOWS\is154890.exe
  2008-05-30 13:50 . 2008-05-30 13:50   96,768   -----c---   C:\is154890.exe
  2008-05-29 21:23 . 2008-05-29 21:23      d----c---   C:\fsaua.data
  2008-05-29 20:46 . 2008-05-29 20:46   60,132   --a--c---   C:\ddc.exe
  2008-05-29 20:32 . 2008-05-29 20:45      d-a--c---   C:\MSNFix
  2008-05-29 20:27 . 2008-06-05 16:50   501   --a--c---   C:\WINDOWS\wininit.ini
  2008-05-29 20:18 . 2008-05-29 20:18   86,340   --a--c---   C:\img.com
  2008-05-29 20:01 . 2008-05-29 20:01      d----c---   C:\Program Files\CCleaner
  2008-05-29 19:46 . 2008-05-29 19:46      d----c---   C:\Program Files\Spybot - Search & Destroy
  2008-05-29 19:46 . 2008-05-29 19:47      d----c---   C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
  2008-05-29 17:15 . 2008-05-29 17:35   102,664   --a--c---   C:\WINDOWS\system32\drivers\tmcomm.sys
  2008-05-29 17:12 . 2008-05-29 17:35      d--------   C:\Documents and Settings\Omistaja\.housecall6.6
  2008-05-29 17:11 . 2008-05-29 18:53   687   --a--c---   C:\WINDOWS\cookies.MSNFix
  2008-05-29 15:14 . 2008-05-29 18:13   56,832   --a--c---   C:\fa.com
  2008-05-28 20:31 . 2008-05-29 16:29   3,424   --a--c---   C:\dci.MSNFix
  
  .
  (((((((((((((((((((((((((((((((((((( Find3M-raportti ))))))))))))))))))))))))))))))))))))))))))))))))))))))
  .
  2008-06-05 17:51   5   -c--a-w   C:\NPF_USER.DAT
  2008-06-03 15:36   ---------   dc----w   C:\Documents and Settings\All Users\Application Data\NPF
  2007-03-13 09:36   822   ----a-w   C:\Documents and Settings\Omistaja\Application Data\wklnhst.dat
  2006-01-30 18:20   560   -c--a-w   C:\Documents and Settings\Omistaja\Application Data\ViewerApp.dat
  2005-06-03 13:31   380   -c--a-w   C:\Documents and Settings\Omistaja\GlobalData.dat
  1999-06-09 14:51   99,840   -c--a-w   C:\Program Files\Common Files\IRAABOUT.DLL
  1998-12-09 00:53   70,144   -c--a-w   C:\Program Files\Common Files\IRAMDMTR.DLL
  1998-12-09 00:53   48,640   -c--a-w   C:\Program Files\Common Files\IRALPTTR.DLL
  1998-12-09 00:53   31,744   -c--a-w   C:\Program Files\Common Files\IRAWEBTR.DLL
  1998-12-09 00:53   186,368   -c--a-w   C:\Program Files\Common Files\IRAREG.DLL
  1998-12-09 00:53   17,920   -c--a-w   C:\Program Files\Common Files\IRASRIAL.DLL
  .
  
  (((((((((((((((((((((((((((((( Rekisterin k„ynnistyskohteet )))))))))))))))))))))))))))))))))))))))))))))
  .
  .
  REGEDIT4
  *Huom* Tyhji„ arvoja ja laillisia oletusarvoja ei n„ytet„
  
  [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{54f4a651-e2ae-4672-b8ef-35673677f2eb}]
  2008-06-05 16:57   180224   --a------   C:\WINDOWS\system32\rmtptlrm.dll
  
  [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{DBFEAEE4-AE46-4834-A520-8B58F1C6537F}]
           C:\WINDOWS\system32\wvUkJcAT.dll
  
  [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{E004BC66-64AD-435A-83AA-19A41F1B7AB7}]
           C:\WINDOWS\system32\opnkkiFx.dll
  
  [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
  "CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-09-15 15:00 15360]
  "SweetIM"="C:\Program Files\Macrogaming\SweetIM\SweetIM.exe" [2006-12-27 17:53 73840]
  
  [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
  "IgfxTray"="C:\WINDOWS\system32\igfxtray.exe" [2004-07-02 03:02 155648]
  "HotKeysCmds"="C:\WINDOWS\system32\hkcmd.exe" [2004-07-02 02:58 118784]
  "SoundMan"="SOUNDMAN.EXE" [2004-12-22 10:09 77824 C:\WINDOWS\SOUNDMAN.EXE]
  "AGRSMMSG"="AGRSMMSG.exe" [2004-02-21 05:00 88363 C:\WINDOWS\AGRSMMSG.exe]
  "LtMoh"="C:\Program Files\ltmoh\Ltmoh.exe" [2003-04-29 06:08 184320]
  "SynTPLpr"="C:\Program Files\Synaptics\SynTP\SynTPLpr.exe" [2004-07-24 05:49 102400]
  "SynTPEnh"="C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" [2004-07-24 05:49 684032]
  "XPFix"="C:\Program Files\GlobespanVirata\XPFix.exe" [2004-07-23 18:25 217188]
  "NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [2001-07-09 11:50 155648]
  "HP Component Manager"="C:\Program Files\HP\hpcoretech\hpcmpmgr.exe" [2005-01-12 15:54 241664]
  "Norman ZANDA"="C:\Norman\Npm\bin\ZLH.exe" [2007-04-27 13:58 183352]
  "InCD"="C:\Nero Express\InCD\InCD.exe" [2005-07-25 12:01 1397760]
  "HP Software Update"="C:\HP\HP Software Update\HPWuSchd2.exe" [2005-02-17 00:11 49152]
  "SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe" [2007-03-14 03:43 83608]
  "SweetIM"="C:\Program Files\Macrogaming\SweetIM\SweetIM.exe" [2006-12-27 17:53 73840]
  "QuickTime Task"="D:\QuickTime\qttask.exe" [2007-11-11 16:42 286720]
  "LVCOMSX"="C:\WINDOWS\system32\LVCOMSX.EXE" [2005-07-19 18:32 221184]
  "Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 23:16 39792]
  "Windows UDP Control"="winudspm.exe" []
  "Windows svchost"="service.exe" []
  "2003d2f8"="C:\WINDOWS\system32\rfihabxj.dll" [2008-06-05 17:06 147456]
  "BM2330e164"="C:\WINDOWS\system32\ohpxicpg.dll" [2008-06-05 20:35 126976]
  
  [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
  "CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-09-15 15:00 15360]
  
  [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
  "vidc.ffds"= D:\IMUROI~1\FFDSHO~1\ffdshow.ax
  
  [HKEY_LOCAL_MACHINE\software\microsoft\security center]
  "AntiVirusDisableNotify"=dword:00000001
  "UpdatesDisableNotify"=dword:00000001
  
  [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
  "DisableMonitoring"=dword:00000001
  
  [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
  "EnableFirewall"= 0 (0x0)
  
  [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
  "%windir%\\system32\\sessmgr.exe"=
  "C:\\Program Files\\Messenger\\msmsgs.exe"=
  "D:\\Imurointi\\eMule\\emule.exe"=
  "%windir%\\Network Diagnostic\\xpnetdiag.exe"=
  "D:\\Skype\\Phone\\Skype.exe"=
  "C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
  "C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=
  
  R0 NDIS_RD;Firewall Engine Type-R2;C:\WINDOWS\system32\drivers\NDIS_RD.sys [2004-12-06 10:18]
  R1 TDI_RD;Firewall Engine Type-R;C:\WINDOWS\system32\drivers\tdi_rd.sys [2004-10-13 22:01]
  R2 Automattinen LiveUpdate-ajastustoiminto;Automattinen LiveUpdate-ajastustoiminto;"C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe" [2006-08-03 17:58]
  R2 Ndiskio;Ndiskio;C:\Norman\Nse\bin\NDISKIO.SYS [2007-01-02 10:55]
  R3 PRISM_A00;PRISM 802.11 Driver;C:\WINDOWS\system32\DRIVERS\PRISMA00.sys [2004-07-20 20:16]
  S3 ADM8511;ADMtek ADM8511/AN986 USB To Fast Ethernet Converter;C:\WINDOWS\system32\DRIVERS\ADM8511.SYS [2001-08-17 20:11]
  S3 NvcMFlt;NvcMFlt;C:\WINDOWS\system32\DRIVERS\nvcw32mf.sys [2008-02-11 15:56]
  
  .
  'Ajoitetut teht„v„t'-kansion sis„lt”
  "2008-06-05 15:18:00 C:\WINDOWS\Tasks\Tarkistetaan Windows Live -työkalurivin päivitykset.job"
  Poista kansio vikasiedossa
  
  C:\Program Files\==>Macrogaming
- meikalainen
  2008-06-07 15:09:42
  FixFix kirjoitti:
  Poista kansio vikasiedossa
  
  C:\Program Files\==>Macrogaming
  Yritin tehdä niinkuin neuvoit... Toivottavasti se meni sitten oikein :) Ei tainnut virus ainakaan vielä lähteä kun se heittää edelleen joitain casino-mainoksia ja nortton sanoo että jokin yrittää käyttää konetta tai jotain vastaavaa... Alla combofix.txt sisältö!
  
  ComboFix 08-06-05.2 - Omistaja 2008-06-07 14:55:12.3 - NTFSx86 MINIMAL
  Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1035.18.281 [GMT 3:00]
  Running from: C:\Documents and Settings\Omistaja\Työpöytä\Virus-ohjelmia\ComboFix.exe
  Command switches used :: C:\Documents and Settings\Omistaja\Työpöytä\Virus-ohjelmia\CFScript.txt
  
  [color=red][b]WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !![/b][/color]
  
  FILE ::
  C:\img.com
  C:\is154890.exe
  C:\is155400.exe
  C:\WINDOWS\is154890.exe
  C:\WINDOWS\mservice.exe
  C:\WINDOWS\service.exe
  C:\WINDOWS\system32\bjyqtuwp.dll
  C:\WINDOWS\system32\kiealwty.dll
  C:\WINDOWS\winudspm.exe
  .
  
  (((((((((((((((((((((((((((((((((((((( Muut poistot ))))))))))))))))))))))))))))))))))))))))))))))))))))))))
  .
  
  C:\img.com
  C:\is154890.exe
  C:\is155400.exe
  C:\WINDOWS\BM2330e164.xml
  C:\WINDOWS\is154890.exe
  C:\WINDOWS\mservice.exe
  C:\WINDOWS\pskt.ini
  
  .
  ((((( Tiedostot, jotka on luotu seuraavalla aikavälillä: 2008-05-07 to 2008-06-07 )))))))))))))))))
  .
  
  2008-06-07 14:24 . 2008-06-07 14:24   294   ---hsc---   C:\WINDOWS\system32\jxbahifr.ini
  2008-06-05 20:35 . 2008-06-05 20:35   126,976   --a------   C:\WINDOWS\system32\ohpxicpg.dll
  2008-06-05 17:06 . 2008-06-05 17:06   147,456   --a------   C:\WINDOWS\system32\rfihabxj.dll
  2008-06-05 16:57 . 2008-06-05 16:57   180,224   --a------   C:\WINDOWS\system32\rmtptlrm.dll
  2008-06-05 16:51 . 2008-06-05 16:51   156,160   --a------   C:\WINDOWS\system32\haohoauw.dll
  2008-06-04 14:40 . 2008-06-04 14:40   132,608   --a------   C:\WINDOWS\system32\kpergtyr.dll
  2008-06-04 14:40 . 2008-06-04 14:40   126,976   --a------   C:\WINDOWS\system32\cathhryt.dll
  2008-06-03 19:00 . 2008-06-03 19:00   52,331   --a--c---   C:\f.bat
  2008-06-03 18:36 . 2008-06-03 21:22   86,548   --a------   C:\Documents and Settings\Omistaja\setupa.exe
  2008-06-03 18:09 . 2008-06-03 22:10   86,548   --a--c---   C:\ssetup.exe
  2008-06-03 17:50 . 2008-06-04 16:03   3,424   --a------   C:\Documents and Settings\Omistaja\setup.exe
  2008-06-02 17:17 . 2008-06-02 17:17      d----c---   C:\Program Files\Trend Micro
  2008-05-29 21:23 . 2008-05-29 21:23      d----c---   C:\fsaua.data
  2008-05-29 20:46 . 2008-05-29 20:46   60,132   --a--c---   C:\ddc.exe
  2008-05-29 20:32 . 2008-05-29 20:45      d-a--c---   C:\MSNFix
  2008-05-29 20:27 . 2008-06-05 16:50   501   --a--c---   C:\WINDOWS\wininit.ini
  2008-05-29 20:01 . 2008-05-29 20:01      d----c---   C:\Program Files\CCleaner
  2008-05-29 19:46 . 2008-05-29 19:46      d----c---   C:\Program Files\Spybot - Search & Destroy
  2008-05-29 19:46 . 2008-05-29 19:47      d----c---   C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
  2008-05-29 17:15 . 2008-05-29 17:35   102,664   --a--c---   C:\WINDOWS\system32\drivers\tmcomm.sys
  2008-05-29 17:12 . 2008-05-29 17:35      d--------   C:\Documents and Settings\Omistaja\.housecall6.6
  2008-05-29 17:11 . 2008-05-29 18:53   687   --a--c---   C:\WINDOWS\cookies.MSNFix
  2008-05-29 15:14 . 2008-05-29 18:13   56,832   --a--c---   C:\fa.com
  2008-05-28 20:31 . 2008-05-29 16:29   3,424   --a--c---   C:\dci.MSNFix
  
  .
  (((((((((((((((((((((((((((((((((((( Find3M-raportti ))))))))))))))))))))))))))))))))))))))))))))))))))))))
  .
  2008-06-07 11:24   5   -c--a-w   C:\NPF_USER.DAT
  2008-06-03 15:36   ---------   dc----w   C:\Documents and Settings\All Users\Application Data\NPF
  2008-03-25 04:51   621,344   -c--a-w   C:\WINDOWS\system32\mswstr10.dll
  2008-03-25 04:51   166,688   -c--a-w   C:\WINDOWS\system32\msjint40.dll
  2008-03-20 08:09   1,845,504   -c--a-w   C:\WINDOWS\system32\win32k.sys
  2007-03-13 09:36   822   ----a-w   C:\Documents and Settings\Omistaja\Application Data\wklnhst.dat
  2006-01-30 18:20   560   -c--a-w   C:\Documents and Settings\Omistaja\Application Data\ViewerApp.dat
  2005-06-03 13:31   380   -c--a-w   C:\Documents and Settings\Omistaja\GlobalData.dat
  1999-06-09 14:51   99,840   -c--a-w   C:\Program Files\Common Files\IRAABOUT.DLL
  1998-12-09 00:53   70,144   -c--a-w   C:\Program Files\Common Files\IRAMDMTR.DLL
  1998-12-09 00:53   48,640   -c--a-w   C:\Program Files\Common Files\IRALPTTR.DLL
  1998-12-09 00:53   31,744   -c--a-w   C:\Program Files\Common Files\IRAWEBTR.DLL
  1998-12-09 00:53   186,368   -c--a-w   C:\Program Files\Common Files\IRAREG.DLL
  1998-12-09 00:53   17,920   -c--a-w   C:\Program Files\Common Files\IRASRIAL.DLL
  .
  
  ((((((((((((((((((((((((((((( snapshot@2008-06-05_20.56.00.47 )))))))))))))))))))))))))))))))))))))))))
  .
  2008-02-26 11:49:28   297,984   -c--a-w   C:\WINDOWS\$hf_mig$\KB932823-v3\SP2QFE\msctf.dll
  2007-03-06 01:31:09   14,048   -c--a-w   C:\WINDOWS\$hf_mig$\KB932823-v3\spmsg.dll
  2007-03-06 01:31:14   214,752   -c--a-w   C:\WINDOWS\$hf_mig$\KB932823-v3\spuninst.exe
  2007-03-06 01:31:07   22,752   -c--a-w   C:\WINDOWS\$hf_mig$\KB932823-v3\update\spcustom.dll
  2007-03-06 01:31:32   717,536   -c--a-w   C:\WINDOWS\$hf_mig$\KB932823-v3\update\update.exe
  2007-03-06 01:32:23   380,640   -c--a-w   C:\WINDOWS\$hf_mig$\KB932823-v3\update\updspapi.dll
  - 2008-06-05 17:50:00   2,048   --s-a-w   C:\WINDOWS\bootstat.dat
  2008-06-07 11:33:21   2,048   --s-a-w   C:\WINDOWS\bootstat.dat
  - 2004-09-15 12:00:00   294,400   -c--a-w   C:\WINDOWS\system32\dllcache\msctf.dll
  2008-02-26 12:00:47   294,912   -c--a-w   C:\WINDOWS\system32\dllcache\msctf.dll
  - 2004-09-15 12:00:00   294,400   ----a-w   C:\WINDOWS\system32\MSCTF.dll
  2008-02-26 12:00:47   294,912   -c--a-w   C:\WINDOWS\system32\msctf.dll
  .
  (((((((((((((((((((((((((((((( Rekisterin käynnistyskohteet )))))))))))))))))))))))))))))))))))))))))))))
  .
  .
  REGEDIT4
  *Huom* Tyhjiä arvoja ja laillisia oletusarvoja ei näytetä
  
  [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{54f4a651-e2ae-4672-b8ef-35673677f2eb}]
  2008-06-05 16:57   180224   --a------   C:\WINDOWS\system32\rmtptlrm.dll
  
  [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{DBFEAEE4-AE46-4834-A520-8B58F1C6537F}]
           C:\WINDOWS\system32\wvUkJcAT.dll
  
  [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{E004BC66-64AD-435A-83AA-19A41F1B7AB7}]
           C:\WINDOWS\system32\opnkkiFx.dll
  
  [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
  "CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-09-15 15:00 15360]
  
  [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
  "IgfxTray"="C:\WINDOWS\system32\igfxtray.exe" [2004-07-02 03:02 155648]
  "HotKeysCmds"="C:\WINDOWS\system32\hkcmd.exe" [2004-07-02 02:58 118784]
  "SoundMan"="SOUNDMAN.EXE" [2004-12-22 10:09 77824 C:\WINDOWS\SOUNDMAN.EXE]
  "AGRSMMSG"="AGRSMMSG.exe" [2004-02-21 05:00 88363 C:\WINDOWS\AGRSMMSG.exe]
  "LtMoh"="C:\Program Files\ltmoh\Ltmoh.exe" [2003-04-29 06:08 184320]
  "SynTPLpr"="C:\Program Files\Synaptics\SynTP\SynTPLpr.exe" [2004-07-24 05:49 102400]
  "SynTPEnh"="C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" [2004-07-24 05:49 684032]
  "XPFix"="C:\Program Files\GlobespanVirata\XPFix.exe" [2004-07-23 18:25 217188]
  "NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [2001-07-09 11:50 155648]
  "HP Component Manager"="C:\Program Files\HP\hpcoretech\hpcmpmgr.exe" [2005-01-12 15:54 241664]
  "Norman ZANDA"="C:\Norman\Npm\bin\ZLH.exe" [2007-04-27 13:58 183352]
  "InCD"="C:\Nero Express\InCD\InCD.exe" [2005-07-25 12:01 1397760]
  "HP Software Update"="C:\HP\HP Software Update\HPWuSchd2.exe" [2005-02-17 00:11 49152]
  "SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe" [2007-03-14 03:43 83608]
  "QuickTime Task"="D:\QuickTime\qttask.exe" [2007-11-11 16:42 286720]
  "LVCOMSX"="C:\WINDOWS\system32\LVCOMSX.EXE" [2005-07-19 18:32 221184]
  "Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 23:16 39792]
  "Windows UDP Control"="winudspm.exe" []
  "Windows svchost"="service.exe" []
  "2003d2f8"="C:\WINDOWS\system32\rfihabxj.dll" [2008-06-05 17:06 147456]
  "BM2330e164"="C:\WINDOWS\system32\ohpxicpg.dll" [2008-06-05 20:35 126976]
  
  [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
  "CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-09-15 15:00 15360]
  
  C:\Documents and Settings\Omistaja\K„ynnist„-valikko\Ohjelmat\K„ynnistys\
  WKCALREM.LNK - C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkCalRem.exe [2004-07-12 04:54:24 15360]
  
  C:\Documents and Settings\All Users\K„ynnist„-valikko\Ohjelmat\K„ynnistys\
  Microsoft Office.lnk - D:\front\Office10\OSA.EXE [2001-02-13 02:01:04 83360]
  
  [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
  "vidc.ffds"= D:\IMUROI~1\FFDSHO~1\ffdshow.ax
  
  [HKEY_LOCAL_MACHINE\software\microsoft\security center]
  "AntiVirusDisableNotify"=dword:00000001
  "UpdatesDisableNotify"=dword:00000001
  
  [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
  "DisableMonitoring"=dword:00000001
  
  [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
  "EnableFirewall"= 0 (0x0)
  
  [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
  "%windir%\\system32\\sessmgr.exe"=
  "C:\\Program Files\\Messenger\\msmsgs.exe"=
  "D:\\Imurointi\\eMule\\emule.exe"=
  "%windir%\\Network Diagnostic\\xpnetdiag.exe"=
  "D:\\Skype\\Phone\\Skype.exe"=
  "C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
  "C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=
  
  R0 NDIS_RD;Firewall Engine Type-R2;C:\WINDOWS\system32\drivers\NDIS_RD.sys [2004-12-06 10:18]
  S1 TDI_RD;Firewall Engine Type-R;C:\WINDOWS\system32\drivers\tdi_rd.sys [2004-10-13 22:01]
  S2 Automattinen LiveUpdate-ajastustoiminto;Automattinen LiveUpdate-ajastustoiminto;"C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe" [2006-08-03 17:58]
  S2 Ndiskio;Ndiskio;C:\Norman\Nse\bin\NDISKIO.SYS [2007-01-02 10:55]
  S3 ADM8511;ADMtek ADM8511/AN986 USB To Fast Ethernet Converter;C:\WINDOWS\system32\DRIVERS\ADM8511.SYS [2001-08-17 20:11]
  S3 NvcMFlt;NvcMFlt;C:\WINDOWS\system32\DRIVERS\nvcw32mf.sys [2008-02-11 15:56]
  S3 nvcoas;Norman Virus Control on-access component;C:\Norman\Nvc\bin\nvcoas.exe [2007-12-12 12:45]
  S3 NVCScheduler;Norman Virus Control Scheduler;C:\Norman\Nvc\BIN\NVCSCHED.EXE [2007-03-15 11:48]
  S3 PRISM_A00;PRISM 802.11 Driver;C:\WINDOWS\system32\DRIVERS\PRISMA00.sys [2004-07-20 20:16]
  
  *Newly Created Service* - PARPORT
  .
  'Ajoitetut tehtävät'-kansion sisältö
  "2008-06-06 10:18:00 C:\WINDOWS\Tasks\Tarkistetaan Windows Live -työkalurivin päivitykset.job"
  - C:\Program Files\Windows Live Toolbar\MSNTBUP.EXE
  .
  **************************************************************************
  
  catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
  Rootkit scan 2008-06-07 14:56:52
  Windows 5.1.2600 Service Pack 2 NTFS
  
  scanning hidden processes ...
  
  scanning hidden autostart entries ...
  
  scanning hidden files ...
  
  scan completed successfully
  hidden files: 0
  
  **************************************************************************
  .
  Completion time: 2008-06-07 14:58:25
  ComboFix-quarantined-files.txt 2008-06-07 11:57:58
  ComboFix2.txt 2008-06-07 10:02:18
  
  Pre-Run: 551,370,752 tavua vapaana
  Post-Run: 548,691,968 tavua vapaana
  
  174   --- E O F ---   2008-06-05 17:58:03
- Fix.fix
  2008-06-07 16:17:34
  meikalainen kirjoitti:
  Yritin tehdä niinkuin neuvoit... Toivottavasti se meni sitten oikein :) Ei tainnut virus ainakaan vielä lähteä kun se heittää edelleen joitain casino-mainoksia ja nortton sanoo että jokin yrittää käyttää konetta tai jotain vastaavaa... Alla combofix.txt sisältö!
  
  ComboFix 08-06-05.2 - Omistaja 2008-06-07 14:55:12.3 - NTFSx86 MINIMAL
  Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1035.18.281 [GMT 3:00]
  Running from: C:\Documents and Settings\Omistaja\Työpöytä\Virus-ohjelmia\ComboFix.exe
  Command switches used :: C:\Documents and Settings\Omistaja\Työpöytä\Virus-ohjelmia\CFScript.txt
  
  [color=red][b]WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !![/b][/color]
  
  FILE ::
  C:\img.com
  C:\is154890.exe
  C:\is155400.exe
  C:\WINDOWS\is154890.exe
  C:\WINDOWS\mservice.exe
  C:\WINDOWS\service.exe
  C:\WINDOWS\system32\bjyqtuwp.dll
  C:\WINDOWS\system32\kiealwty.dll
  C:\WINDOWS\winudspm.exe
  .
  
  (((((((((((((((((((((((((((((((((((((( Muut poistot ))))))))))))))))))))))))))))))))))))))))))))))))))))))))
  .
  
  C:\img.com
  C:\is154890.exe
  C:\is155400.exe
  C:\WINDOWS\BM2330e164.xml
  C:\WINDOWS\is154890.exe
  C:\WINDOWS\mservice.exe
  C:\WINDOWS\pskt.ini
  
  .
  ((((( Tiedostot, jotka on luotu seuraavalla aikavälillä: 2008-05-07 to 2008-06-07 )))))))))))))))))
  .
  
  2008-06-07 14:24 . 2008-06-07 14:24   294   ---hsc---   C:\WINDOWS\system32\jxbahifr.ini
  2008-06-05 20:35 . 2008-06-05 20:35   126,976   --a------   C:\WINDOWS\system32\ohpxicpg.dll
  2008-06-05 17:06 . 2008-06-05 17:06   147,456   --a------   C:\WINDOWS\system32\rfihabxj.dll
  2008-06-05 16:57 . 2008-06-05 16:57   180,224   --a------   C:\WINDOWS\system32\rmtptlrm.dll
  2008-06-05 16:51 . 2008-06-05 16:51   156,160   --a------   C:\WINDOWS\system32\haohoauw.dll
  2008-06-04 14:40 . 2008-06-04 14:40   132,608   --a------   C:\WINDOWS\system32\kpergtyr.dll
  2008-06-04 14:40 . 2008-06-04 14:40   126,976   --a------   C:\WINDOWS\system32\cathhryt.dll
  2008-06-03 19:00 . 2008-06-03 19:00   52,331   --a--c---   C:\f.bat
  2008-06-03 18:36 . 2008-06-03 21:22   86,548   --a------   C:\Documents and Settings\Omistaja\setupa.exe
  2008-06-03 18:09 . 2008-06-03 22:10   86,548   --a--c---   C:\ssetup.exe
  2008-06-03 17:50 . 2008-06-04 16:03   3,424   --a------   C:\Documents and Settings\Omistaja\setup.exe
  2008-06-02 17:17 . 2008-06-02 17:17      d----c---   C:\Program Files\Trend Micro
  2008-05-29 21:23 . 2008-05-29 21:23      d----c---   C:\fsaua.data
  2008-05-29 20:46 . 2008-05-29 20:46   60,132   --a--c---   C:\ddc.exe
  2008-05-29 20:32 . 2008-05-29 20:45      d-a--c---   C:\MSNFix
  2008-05-29 20:27 . 2008-06-05 16:50   501   --a--c---   C:\WINDOWS\wininit.ini
  2008-05-29 20:01 . 2008-05-29 20:01      d----c---   C:\Program Files\CCleaner
  2008-05-29 19:46 . 2008-05-29 19:46      d----c---   C:\Program Files\Spybot - Search & Destroy
  2008-05-29 19:46 . 2008-05-29 19:47      d----c---   C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
  2008-05-29 17:15 . 2008-05-29 17:35   102,664   --a--c---   C:\WINDOWS\system32\drivers\tmcomm.sys
  2008-05-29 17:12 . 2008-05-29 17:35      d--------   C:\Documents and Settings\Omistaja\.housecall6.6
  2008-05-29 17:11 . 2008-05-29 18:53   687   --a--c---   C:\WINDOWS\cookies.MSNFix
  2008-05-29 15:14 . 2008-05-29 18:13   56,832   --a--c---   C:\fa.com
  2008-05-28 20:31 . 2008-05-29 16:29   3,424   --a--c---   C:\dci.MSNFix
  
  .
  (((((((((((((((((((((((((((((((((((( Find3M-raportti ))))))))))))))))))))))))))))))))))))))))))))))))))))))
  .
  2008-06-07 11:24   5   -c--a-w   C:\NPF_USER.DAT
  2008-06-03 15:36   ---------   dc----w   C:\Documents and Settings\All Users\Application Data\NPF
  2008-03-25 04:51   621,344   -c--a-w   C:\WINDOWS\system32\mswstr10.dll
  2008-03-25 04:51   166,688   -c--a-w   C:\WINDOWS\system32\msjint40.dll
  2008-03-20 08:09   1,845,504   -c--a-w   C:\WINDOWS\system32\win32k.sys
  2007-03-13 09:36   822   ----a-w   C:\Documents and Settings\Omistaja\Application Data\wklnhst.dat
  2006-01-30 18:20   560   -c--a-w   C:\Documents and Settings\Omistaja\Application Data\ViewerApp.dat
  2005-06-03 13:31   380   -c--a-w   C:\Documents and Settings\Omistaja\GlobalData.dat
  1999-06-09 14:51   99,840   -c--a-w   C:\Program Files\Common Files\IRAABOUT.DLL
  1998-12-09 00:53   70,144   -c--a-w   C:\Program Files\Common Files\IRAMDMTR.DLL
  1998-12-09 00:53   48,640   -c--a-w   C:\Program Files\Common Files\IRALPTTR.DLL
  1998-12-09 00:53   31,744   -c--a-w   C:\Program Files\Common Files\IRAWEBTR.DLL
  1998-12-09 00:53   186,368   -c--a-w   C:\Program Files\Common Files\IRAREG.DLL
  1998-12-09 00:53   17,920   -c--a-w   C:\Program Files\Common Files\IRASRIAL.DLL
  .
  
  ((((((((((((((((((((((((((((( snapshot@2008-06-05_20.56.00.47 )))))))))))))))))))))))))))))))))))))))))
  .
  2008-02-26 11:49:28   297,984   -c--a-w   C:\WINDOWS\$hf_mig$\KB932823-v3\SP2QFE\msctf.dll
  2007-03-06 01:31:09   14,048   -c--a-w   C:\WINDOWS\$hf_mig$\KB932823-v3\spmsg.dll
  2007-03-06 01:31:14   214,752   -c--a-w   C:\WINDOWS\$hf_mig$\KB932823-v3\spuninst.exe
  2007-03-06 01:31:07   22,752   -c--a-w   C:\WINDOWS\$hf_mig$\KB932823-v3\update\spcustom.dll
  2007-03-06 01:31:32   717,536   -c--a-w   C:\WINDOWS\$hf_mig$\KB932823-v3\update\update.exe
  2007-03-06 01:32:23   380,640   -c--a-w   C:\WINDOWS\$hf_mig$\KB932823-v3\update\updspapi.dll
  - 2008-06-05 17:50:00   2,048   --s-a-w   C:\WINDOWS\bootstat.dat
  2008-06-07 11:33:21   2,048   --s-a-w   C:\WINDOWS\bootstat.dat
  - 2004-09-15 12:00:00   294,400   -c--a-w   C:\WINDOWS\system32\dllcache\msctf.dll
  2008-02-26 12:00:47   294,912   -c--a-w   C:\WINDOWS\system32\dllcache\msctf.dll
  - 2004-09-15 12:00:00   294,400   ----a-w   C:\WINDOWS\system32\MSCTF.dll
  2008-02-26 12:00:47   294,912   -c--a-w   C:\WINDOWS\system32\msctf.dll
  .
  (((((((((((((((((((((((((((((( Rekisterin käynnistyskohteet )))))))))))))))))))))))))))))))))))))))))))))
  .
  .
  REGEDIT4
  *Huom* Tyhjiä arvoja ja laillisia oletusarvoja ei näytetä
  
  [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{54f4a651-e2ae-4672-b8ef-35673677f2eb}]
  2008-06-05 16:57   180224   --a------   C:\WINDOWS\system32\rmtptlrm.dll
  
  [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{DBFEAEE4-AE46-4834-A520-8B58F1C6537F}]
           C:\WINDOWS\system32\wvUkJcAT.dll
  
  [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{E004BC66-64AD-435A-83AA-19A41F1B7AB7}]
           C:\WINDOWS\system32\opnkkiFx.dll
  
  [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
  "CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-09-15 15:00 15360]
  
  [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
  "IgfxTray"="C:\WINDOWS\system32\igfxtray.exe" [2004-07-02 03:02 155648]
  "HotKeysCmds"="C:\WINDOWS\system32\hkcmd.exe" [2004-07-02 02:58 118784]
  "SoundMan"="SOUNDMAN.EXE" [2004-12-22 10:09 77824 C:\WINDOWS\SOUNDMAN.EXE]
  "AGRSMMSG"="AGRSMMSG.exe" [2004-02-21 05:00 88363 C:\WINDOWS\AGRSMMSG.exe]
  "LtMoh"="C:\Program Files\ltmoh\Ltmoh.exe" [2003-04-29 06:08 184320]
  "SynTPLpr"="C:\Program Files\Synaptics\SynTP\SynTPLpr.exe" [2004-07-24 05:49 102400]
  "SynTPEnh"="C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" [2004-07-24 05:49 684032]
  "XPFix"="C:\Program Files\GlobespanVirata\XPFix.exe" [2004-07-23 18:25 217188]
  "NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [2001-07-09 11:50 155648]
  "HP Component Manager"="C:\Program Files\HP\hpcoretech\hpcmpmgr.exe" [2005-01-12 15:54 241664]
  "Norman ZANDA"="C:\Norman\Npm\bin\ZLH.exe" [2007-04-27 13:58 183352]
  "InCD"="C:\Nero Express\InCD\InCD.exe" [2005-07-25 12:01 1397760]
  "HP Software Update"="C:\HP\HP Software Update\HPWuSchd2.exe" [2005-02-17 00:11 49152]
  "SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe" [2007-03-14 03:43 83608]
  "QuickTime Task"="D:\QuickTime\qttask.exe" [2007-11-11 16:42 286720]
  "LVCOMSX"="C:\WINDOWS\system32\LVCOMSX.EXE" [2005-07-19 18:32 221184]
  "Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 23:16 39792]
  "Windows UDP Control"="winudspm.exe" []
  "Windows svchost"="service.exe" []
  "2003d2f8"="C:\WINDOWS\system32\rfihabxj.dll" [2008-06-05 17:06 147456]
  "BM2330e164"="C:\WINDOWS\system32\ohpxicpg.dll" [2008-06-05 20:35 126976]
  
  [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
  "CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-09-15 15:00 15360]
  
  C:\Documents and Settings\Omistaja\K„ynnist„-valikko\Ohjelmat\K„ynnistys\
  WKCALREM.LNK - C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkCalRem.exe [2004-07-12 04:54:24 15360]
  
  C:\Documents and Settings\All Users\K„ynnist„-valikko\Ohjelmat\K„ynnistys\
  Microsoft Office.lnk - D:\front\Office10\OSA.EXE [2001-02-13 02:01:04 83360]
  
  [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
  "vidc.ffds"= D:\IMUROI~1\FFDSHO~1\ffdshow.ax
  
  [HKEY_LOCAL_MACHINE\software\microsoft\security center]
  "AntiVirusDisableNotify"=dword:00000001
  "UpdatesDisableNotify"=dword:00000001
  
  [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
  "DisableMonitoring"=dword:00000001
  
  [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
  "EnableFirewall"= 0 (0x0)
  
  [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
  "%windir%\\system32\\sessmgr.exe"=
  "C:\\Program Files\\Messenger\\msmsgs.exe"=
  "D:\\Imurointi\\eMule\\emule.exe"=
  "%windir%\\Network Diagnostic\\xpnetdiag.exe"=
  "D:\\Skype\\Phone\\Skype.exe"=
  "C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
  "C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=
  
  R0 NDIS_RD;Firewall Engine Type-R2;C:\WINDOWS\system32\drivers\NDIS_RD.sys [2004-12-06 10:18]
  S1 TDI_RD;Firewall Engine Type-R;C:\WINDOWS\system32\drivers\tdi_rd.sys [2004-10-13 22:01]
  S2 Automattinen LiveUpdate-ajastustoiminto;Automattinen LiveUpdate-ajastustoiminto;"C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe" [2006-08-03 17:58]
  S2 Ndiskio;Ndiskio;C:\Norman\Nse\bin\NDISKIO.SYS [2007-01-02 10:55]
  S3 ADM8511;ADMtek ADM8511/AN986 USB To Fast Ethernet Converter;C:\WINDOWS\system32\DRIVERS\ADM8511.SYS [2001-08-17 20:11]
  S3 NvcMFlt;NvcMFlt;C:\WINDOWS\system32\DRIVERS\nvcw32mf.sys [2008-02-11 15:56]
  S3 nvcoas;Norman Virus Control on-access component;C:\Norman\Nvc\bin\nvcoas.exe [2007-12-12 12:45]
  S3 NVCScheduler;Norman Virus Control Scheduler;C:\Norman\Nvc\BIN\NVCSCHED.EXE [2007-03-15 11:48]
  S3 PRISM_A00;PRISM 802.11 Driver;C:\WINDOWS\system32\DRIVERS\PRISMA00.sys [2004-07-20 20:16]
  
  *Newly Created Service* - PARPORT
  .
  'Ajoitetut tehtävät'-kansion sisältö
  "2008-06-06 10:18:00 C:\WINDOWS\Tasks\Tarkistetaan Windows Live -työkalurivin päivitykset.job"
  - C:\Program Files\Windows Live Toolbar\MSNTBUP.EXE
  .
  **************************************************************************
  
  catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
  Rootkit scan 2008-06-07 14:56:52
  Windows 5.1.2600 Service Pack 2 NTFS
  
  scanning hidden processes ...
  
  scanning hidden autostart entries ...
  
  scanning hidden files ...
  
  scan completed successfully
  hidden files: 0
  
  **************************************************************************
  .
  Completion time: 2008-06-07 14:58:25
  ComboFix-quarantined-files.txt 2008-06-07 11:57:58
  ComboFix2.txt 2008-06-07 10:02:18
  
  Pre-Run: 551,370,752 tavua vapaana
  Post-Run: 548,691,968 tavua vapaana
  
  174   --- E O F ---   2008-06-05 17:58:03
  Avaa Muistio ja kopioi/liitä quoteboxin sisältö sinne:
  
  [quote]
  
  File::
  C:\ssetup.exe
  C:\ddc.exe
  C:\fa.com
  C:\dci.MSNFix
  C:\MSNFix
  C:\WINDOWS\system32\klealwty.dll
  C:\WINDOWS\system32\bjyqtuwp.dll
  
  [/quote]
  
  Tallenna se nimellä CFScript.txt
  
  Sitten raahaa CFScript ComboFix.exeen kuten alla.
  [img]http://users.pandora.be/bluepatchy/miekiemoes/images/CFScript.gif[/img]
  
  Käynnistä tietokone uudelleen pyydettäessä ja lähetä combofix.txt-tiedoston sisältö tänne.
  
  *****
  
  scannaa myös uusi hjt:n loki
- meikalainen
  2008-06-07 17:12:32
  Fix.fix kirjoitti:
  Avaa Muistio ja kopioi/liitä quoteboxin sisältö sinne:
  
  [quote]
  
  File::
  C:\ssetup.exe
  C:\ddc.exe
  C:\fa.com
  C:\dci.MSNFix
  C:\MSNFix
  C:\WINDOWS\system32\klealwty.dll
  C:\WINDOWS\system32\bjyqtuwp.dll
  
  [/quote]
  
  Tallenna se nimellä CFScript.txt
  
  Sitten raahaa CFScript ComboFix.exeen kuten alla.
  [img]http://users.pandora.be/bluepatchy/miekiemoes/images/CFScript.gif[/img]
  
  Käynnistä tietokone uudelleen pyydettäessä ja lähetä combofix.txt-tiedoston sisältö tänne.
  
  *****
  
  scannaa myös uusi hjt:n loki
  Noniin tässä on uus hjt-loki sekä sen alla combofix.txt
  
  Logfile of Trend Micro HijackThis v2.0.2
  Scan saved at 17:08:44, on 7.6.2008
  Platform: Windows XP SP2 (WinNT 5.01.2600)
  MSIE: Internet Explorer v7.00 (7.00.6000.16640)
  Boot mode: Normal
  
  Running processes:
  C:\WINDOWS\System32\smss.exe
  C:\WINDOWS\system32\winlogon.exe
  C:\WINDOWS\system32\services.exe
  C:\WINDOWS\system32\lsass.exe
  C:\WINDOWS\system32\svchost.exe
  C:\WINDOWS\System32\svchost.exe
  C:\Nero Express\InCD\InCDsrv.exe
  C:\Norman\Npm\bin\ELOGSVC.EXE
  C:\Norman\Npm\Bin\Zanda.exe
  C:\WINDOWS\system32\spoolsv.exe
  C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
  C:\Norman\Npf\BIN\NPFSVICE.EXE
  C:\WINDOWS\system32\HPZipm12.exe
  C:\WINDOWS\system32\svchost.exe
  C:\WINDOWS\system32\hkcmd.exe
  C:\WINDOWS\SOUNDMAN.EXE
  C:\WINDOWS\AGRSMMSG.exe
  C:\Program Files\ltmoh\Ltmoh.exe
  C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
  C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
  C:\Program Files\HP\hpcoretech\hpcmpmgr.exe
  C:\Norman\Npm\bin\ZLH.EXE
  C:\Nero Express\InCD\InCD.exe
  C:\HP\HP Software Update\HPWuSchd2.exe
  C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe
  C:\WINDOWS\system32\LVCOMSX.EXE
  C:\WINDOWS\system32\ctfmon.exe
  C:\Norman\Npf\BIN\npfmsg2.exe
  C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkCalRem.exe
  C:\Norman\Npm\bin\NJEEVES.EXE
  C:\Program Files\HP\hpcoretech\comp\hptskmgr.exe
  C:\WINDOWS\explorer.exe
  C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
  
  R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.fi/
  R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
  R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
  R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
  R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
  R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://g.msn.fi/0SEFIFI/SAOS01?FORM=TOOLBR
  R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = ftp=proxy.wlannet.com:3128;http=proxy.wlannet.com:3128;https=proxy.wlannet.com:3128
  R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Linkit
  O2 - BHO: {be2f7763-7653-fe8b-2764-ea2e156a4f45} - {54f4a651-e2ae-4672-b8ef-35673677f2eb} - C:\WINDOWS\system32\rmtptlrm.dll
  O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
  O2 - BHO: Windows Liven kirjautumisapuohjelma - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
  O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
  O2 - BHO: (no name) - {DBFEAEE4-AE46-4834-A520-8B58F1C6537F} - C:\WINDOWS\system32\wvUkJcAT.dll (file missing)
  O2 - BHO: (no name) - {E004BC66-64AD-435A-83AA-19A41F1B7AB7} - C:\WINDOWS\system32\opnkkiFx.dll (file missing)
  O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
  O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
  O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
  O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
  O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
  O4 - HKLM\..\Run: [LtMoh] C:\Program Files\ltmoh\Ltmoh.exe
  O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
  O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
  O4 - HKLM\..\Run: [XPFix] C:\Program Files\GlobespanVirata\XPFix.exe
  O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
  O4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe"
  O4 - HKLM\..\Run: [Norman ZANDA] C:\Norman\Npm\bin\ZLH.EXE /LOAD /SPLASH
  O4 - HKLM\..\Run: [InCD] C:\Nero Express\InCD\InCD.exe
  O4 - HKLM\..\Run: [HP Software Update] C:\HP\HP Software Update\HPWuSchd2.exe
  O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe"
  O4 - HKLM\..\Run: [QuickTime Task] "D:\QuickTime\qttask.exe" -atboottime
  O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\system32\LVCOMSX.EXE
  O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
  O4 - HKLM\..\Run: [Windows UDP Control] winudspm.exe
  O4 - HKLM\..\Run: [Windows svchost] service.exe
  O4 - HKLM\..\Run: [2003d2f8] rundll32.exe "C:\WINDOWS\system32\rfihabxj.dll",b
  O4 - HKLM\..\Run: [BM2330e164] Rundll32.exe "C:\WINDOWS\system32\ohpxicpg.dll",s
  O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
  O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Paikallinen palve')
  O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Verkkopalve')
  O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
  O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
  O4 - Startup: WKCALREM.LNK = C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkCalRem.exe
  O4 - Global Startup: Microsoft Office.lnk = D:\front\Office10\OSA.EXE
  O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
  O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
  O9 - Extra button: Lisää tämä blogiin - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
  O9 - Extra 'Tools' menuitem: &Lisää tämä blogiin tuotteessa Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
  O9 - Extra button: EmpirePoker - {77E68763-4284-41d6-B7E7-B6E1F053A9E7} - D:\Reppu\Pelit\EmpirePoker.exe (file missing)
  O9 - Extra 'Tools' menuitem: EmpirePoker - {77E68763-4284-41d6-B7E7-B6E1F053A9E7} - D:\Reppu\Pelit\EmpirePoker.exe (file missing)
  O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
  O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
  O9 - Extra button: @C:\Program Files\Messenger\Msgslang.dll,-61144 - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
  O9 - Extra 'Tools' menuitem: @C:\Program Files\Messenger\Msgslang.dll,-61144 - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
  O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Object) - http://appldnld.apple.com.edgesuite.net/content.info.apple.com/QuickTime/qtactivex/qtplugin.cab
  O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by124w.bay124.mail.live.com/mail/resources/MsnPUpld.cab
  O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
  O16 - DPF: {97E71027-0BA2-44F2-97DB-F84D808ED0B6} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab55762.cab
  O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMessengerSetupDownloader.cab
  O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://messenger.zone.msn.com/binary/ZIntro.cab55579.cab
  O16 - DPF: {BD393C14-72AD-4790-A095-76522973D6B8} (CBreakshotControl Class) - http://messenger.zone.msn.com/binary/Bankshot.cab31267.cab
  O16 - DPF: {BDBDE413-7B1C-4C68-A8FF-C5B2B4090876} (F-Secure Online Scanner 3.3) - http://support.f-secure.com/ols/fscax.cab
  O23 - Service: Automattinen LiveUpdate-ajastustoiminto - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
  O23 - Service: Norman eLogger service 6 (eLoggerSvc6) - Norman ASA - C:\Norman\Npm\bin\ELOGSVC.EXE
  O23 - Service: InCD Helper (InCDsrv) - Nero AG - C:\Nero Express\InCD\InCDsrv.exe
  O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
  O23 - Service: Norman NJeeves - Unknown owner - C:\Norman\Npm\bin\NJEEVES.EXE
  O23 - Service: Norman Type-R - Unknown owner - C:\Norman\Npf\BIN\NPFSVICE.EXE
  O23 - Service: Norman ZANDA - Norman ASA - C:\Norman\Npm\Bin\Zanda.exe
  O23 - Service: Norman Virus Control on-access component (nvcoas) - Norman ASA - C:\Norman\Nvc\bin\nvcoas.exe
  O23 - Service: Norman Virus Control Scheduler (NVCScheduler) - Norman ASA - C:\Norman\Nvc\BIN\NVCSCHED.EXE
  O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
  
  --
  End of file - 8849 bytes
  
  -------------------------------------
  
  ComboFix 08-06-05.2 - Omistaja 2008-06-07 17:01:38.4 - NTFSx86
  Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1035.18.129 [GMT 3:00]
  Running from: C:\Documents and Settings\Omistaja\Työpöytä\Virus-ohjelmia\ComboFix.exe
  Command switches used :: C:\Documents and Settings\Omistaja\Työpöytä\Virus-ohjelmia\CFScript.txt
  * Created a new restore point
  
  [color=red][b]WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !![/b][/color]
  
  FILE ::
  C:\dci.MSNFix
  C:\ddc.exe
  C:\fa.com
  C:\MSNFix
  C:\ssetup.exe
  C:\WINDOWS\system32\bjyqtuwp.dll
  C:\WINDOWS\system32\klealwty.dll
  .
  
  (((((((((((((((((((((((((((((((((((((( Muut poistot ))))))))))))))))))))))))))))))))))))))))))))))))))))))))
  .
  
  C:\dci.MSNFix
  C:\ddc.exe
  C:\fa.com
  C:\ssetup.exe
  C:\WINDOWS\BM2330e164.xml
  C:\WINDOWS\pskt.ini
  
  .
  ((((( Tiedostot, jotka on luotu seuraavalla aikavälillä: 2008-05-07 to 2008-06-07 )))))))))))))))))
  .
  
  2008-06-07 14:24 . 2008-06-07 15:04   354   ---hsc---   C:\WINDOWS\system32\jxbahifr.ini
  2008-06-05 20:35 . 2008-06-05 20:35   126,976   --a------   C:\WINDOWS\system32\ohpxicpg.dll
  2008-06-05 17:06 . 2008-06-05 17:06   147,456   --a------   C:\WINDOWS\system32\rfihabxj.dll
  2008-06-05 16:57 . 2008-06-05 16:57   180,224   --a------   C:\WINDOWS\system32\rmtptlrm.dll
  2008-06-05 16:51 . 2008-06-05 16:51   156,160   --a------   C:\WINDOWS\system32\haohoauw.dll
  2008-06-04 14:40 . 2008-06-04 14:40   132,608   --a------   C:\WINDOWS\system32\kpergtyr.dll
  2008-06-04 14:40 . 2008-06-04 14:40   126,976   --a------   C:\WINDOWS\system32\cathhryt.dll
  2008-06-03 19:00 . 2008-06-03 19:00   52,331   --a--c---   C:\f.bat
  2008-06-03 18:36 . 2008-06-03 21:22   86,548   --a------   C:\Documents and Settings\Omistaja\setupa.exe
  2008-06-03 17:50 . 2008-06-04 16:03   3,424   --a------   C:\Documents and Settings\Omistaja\setup.exe
  2008-06-02 17:17 . 2008-06-02 17:17      d----c---   C:\Program Files\Trend Micro
  2008-05-29 21:23 . 2008-05-29 21:23      d----c---   C:\fsaua.data
  2008-05-29 20:32 . 2008-05-29 20:45      d-a--c---   C:\MSNFix
  2008-05-29 20:27 . 2008-06-05 16:50   501   --a--c---   C:\WINDOWS\wininit.ini
  2008-05-29 20:01 . 2008-05-29 20:01      d----c---   C:\Program Files\CCleaner
  2008-05-29 19:46 . 2008-05-29 19:46      d----c---   C:\Program Files\Spybot - Search & Destroy
  2008-05-29 19:46 . 2008-05-29 19:47      d----c---   C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
  2008-05-29 17:15 . 2008-05-29 17:35   102,664   --a--c---   C:\WINDOWS\system32\drivers\tmcomm.sys
  2008-05-29 17:12 . 2008-05-29 17:35      d--------   C:\Documents and Settings\Omistaja\.housecall6.6
  2008-05-29 17:11 . 2008-05-29 18:53   687   --a--c---   C:\WINDOWS\cookies.MSNFix
  
  .
  (((((((((((((((((((((((((((((((((((( Find3M-raportti ))))))))))))))))))))))))))))))))))))))))))))))))))))))
  .
  2008-06-07 12:04   5   -c--a-w   C:\NPF_USER.DAT
  2008-06-03 15:36   ---------   dc----w   C:\Documents and Settings\All Users\Application Data\NPF
  2008-03-25 04:51   621,344   -c--a-w   C:\WINDOWS\system32\mswstr10.dll
  2008-03-25 04:51   166,688   -c--a-w   C:\WINDOWS\system32\msjint40.dll
  2008-03-20 08:09   1,845,504   -c--a-w   C:\WINDOWS\system32\win32k.sys
  2007-03-13 09:36   822   ----a-w   C:\Documents and Settings\Omistaja\Application Data\wklnhst.dat
  2006-01-30 18:20   560   -c--a-w   C:\Documents and Settings\Omistaja\Application Data\ViewerApp.dat
  2005-06-03 13:31   380   -c--a-w   C:\Documents and Settings\Omistaja\GlobalData.dat
  1999-06-09 14:51   99,840   -c--a-w   C:\Program Files\Common Files\IRAABOUT.DLL
  1998-12-09 00:53   70,144   -c--a-w   C:\Program Files\Common Files\IRAMDMTR.DLL
  1998-12-09 00:53   48,640   -c--a-w   C:\Program Files\Common Files\IRALPTTR.DLL
  1998-12-09 00:53   31,744   -c--a-w   C:\Program Files\Common Files\IRAWEBTR.DLL
  1998-12-09 00:53   186,368   -c--a-w   C:\Program Files\Common Files\IRAREG.DLL
  1998-12-09 00:53   17,920   -c--a-w   C:\Program Files\Common Files\IRASRIAL.DLL
  .
  
  ((((((((((((((((((((((((((((( snapshot@2008-06-05_20.56.00.47 )))))))))))))))))))))))))))))))))))))))))
  .
  2008-02-26 11:49:28   297,984   -c--a-w   C:\WINDOWS\$hf_mig$\KB932823-v3\SP2QFE\msctf.dll
  2007-03-06 01:31:09   14,048   -c--a-w   C:\WINDOWS\$hf_mig$\KB932823-v3\spmsg.dll
  2007-03-06 01:31:14   214,752   -c--a-w   C:\WINDOWS\$hf_mig$\KB932823-v3\spuninst.exe
  2007-03-06 01:31:07   22,752   -c--a-w   C:\WINDOWS\$hf_mig$\KB932823-v3\update\spcustom.dll
  2007-03-06 01:31:32   717,536   -c--a-w   C:\WINDOWS\$hf_mig$\KB932823-v3\update\update.exe
  2007-03-06 01:32:23   380,640   -c--a-w   C:\WINDOWS\$hf_mig$\KB932823-v3\update\updspapi.dll
  - 2008-06-05 17:50:00   2,048   --s-a-w   C:\WINDOWS\bootstat.dat
  2008-06-07 12:03:54   2,048   --s-a-w   C:\WINDOWS\bootstat.dat
  - 2004-09-15 12:00:00   294,400   -c--a-w   C:\WINDOWS\system32\dllcache\msctf.dll
  2008-02-26 12:00:47   294,912   -c--a-w   C:\WINDOWS\system32\dllcache\msctf.dll
  - 2004-09-15 12:00:00   294,400   ----a-w   C:\WINDOWS\system32\MSCTF.dll
  2008-02-26 12:00:47   294,912   -c--a-w   C:\WINDOWS\system32\msctf.dll
  .
  (((((((((((((((((((((((((((((( Rekisterin käynnistyskohteet )))))))))))))))))))))))))))))))))))))))))))))
  .
  .
  REGEDIT4
  *Huom* Tyhjiä arvoja ja laillisia oletusarvoja ei näytetä
  
  [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{54f4a651-e2ae-4672-b8ef-35673677f2eb}]
  2008-06-05 16:57   180224   --a------   C:\WINDOWS\system32\rmtptlrm.dll
  
  [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{DBFEAEE4-AE46-4834-A520-8B58F1C6537F}]
           C:\WINDOWS\system32\wvUkJcAT.dll
  
  [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{E004BC66-64AD-435A-83AA-19A41F1B7AB7}]
           C:\WINDOWS\system32\opnkkiFx.dll
  
  [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
  "CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-09-15 15:00 15360]
  
  [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
  "IgfxTray"="C:\WINDOWS\system32\igfxtray.exe" [2004-07-02 03:02 155648]
  "HotKeysCmds"="C:\WINDOWS\system32\hkcmd.exe" [2004-07-02 02:58 118784]
  "SoundMan"="SOUNDMAN.EXE" [2004-12-22 10:09 77824 C:\WINDOWS\SOUNDMAN.EXE]
  "AGRSMMSG"="AGRSMMSG.exe" [2004-02-21 05:00 88363 C:\WINDOWS\AGRSMMSG.exe]
  "LtMoh"="C:\Program Files\ltmoh\Ltmoh.exe" [2003-04-29 06:08 184320]
  "SynTPLpr"="C:\Program Files\Synaptics\SynTP\SynTPLpr.exe" [2004-07-24 05:49 102400]
  "SynTPEnh"="C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" [2004-07-24 05:49 684032]
  "XPFix"="C:\Program Files\GlobespanVirata\XPFix.exe" [2004-07-23 18:25 217188]
  "NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [2001-07-09 11:50 155648]
  "HP Component Manager"="C:\Program Files\HP\hpcoretech\hpcmpmgr.exe" [2005-01-12 15:54 241664]
  "Norman ZANDA"="C:\Norman\Npm\bin\ZLH.exe" [2007-04-27 13:58 183352]
  "InCD"="C:\Nero Express\InCD\InCD.exe" [2005-07-25 12:01 1397760]
  "HP Software Update"="C:\HP\HP Software Update\HPWuSchd2.exe" [2005-02-17 00:11 49152]
  "SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe" [2007-03-14 03:43 83608]
  "QuickTime Task"="D:\QuickTime\qttask.exe" [2007-11-11 16:42 286720]
  "LVCOMSX"="C:\WINDOWS\system32\LVCOMSX.EXE" [2005-07-19 18:32 221184]
  "Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 23:16 39792]
  "Windows UDP Control"="winudspm.exe" []
  "Windows svchost"="service.exe" []
  "2003d2f8"="C:\WINDOWS\system32\rfihabxj.dll" [2008-06-05 17:06 147456]
  "BM2330e164"="C:\WINDOWS\system32\ohpxicpg.dll" [2008-06-05 20:35 126976]
  
  [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
  "CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-09-15 15:00 15360]
  
  C:\Documents and Settings\Omistaja\K„ynnist„-valikko\Ohjelmat\K„ynnistys\
  WKCALREM.LNK - C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkCalRem.exe [2004-07-12 04:54:24 15360]
  
  C:\Documents and Settings\All Users\K„ynnist„-valikko\Ohjelmat\K„ynnistys\
  Microsoft Office.lnk - D:\front\Office10\OSA.EXE [2001-02-13 02:01:04 83360]
  
  [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
  "vidc.ffds"= D:\IMUROI~1\FFDSHO~1\ffdshow.ax
  
  [HKEY_LOCAL_MACHINE\software\microsoft\security center]
  "AntiVirusDisableNotify"=dword:00000001
  "UpdatesDisableNotify"=dword:00000001
  
  [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
  "DisableMonitoring"=dword:00000001
  
  [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
  "EnableFirewall"= 0 (0x0)
  
  [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
  "%windir%\\system32\\sessmgr.exe"=
  "C:\\Program Files\\Messenger\\msmsgs.exe"=
  "D:\\Imurointi\\eMule\\emule.exe"=
  "%windir%\\Network Diagnostic\\xpnetdiag.exe"=
  "D:\\Skype\\Phone\\Skype.exe"=
  "C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
  "C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=
  
  R0 NDIS_RD;Firewall Engine Type-R2;C:\WINDOWS\system32\drivers\NDIS_RD.sys [2004-12-06 10:18]
  R1 TDI_RD;Firewall Engine Type-R;C:\WINDOWS\system32\drivers\tdi_rd.sys [2004-10-13 22:01]
  R2 Automattinen LiveUpdate-ajastustoiminto;Automattinen LiveUpdate-ajastustoiminto;"C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe" [2006-08-03 17:58]
  R2 Ndiskio;Ndiskio;C:\Norman\Nse\bin\NDISKIO.SYS [2007-01-02 10:55]
  R3 PRISM_A00;PRISM 802.11 Driver;C:\WINDOWS\system32\DRIVERS\PRISMA00.sys [2004-07-20 20:16]
  S3 ADM8511;ADMtek ADM8511/AN986 USB To Fast Ethernet Converter;C:\WINDOWS\system32\DRIVERS\ADM8511.SYS [2001-08-17 20:11]
  S3 NvcMFlt;NvcMFlt;C:\WINDOWS\system32\DRIVERS\nvcw32mf.sys [2008-02-11 15:56]
  S3 nvcoas;Norman Virus Control on-access component;C:\Norman\Nvc\bin\nvcoas.exe [2007-12-12 12:45]
  S3 NVCScheduler;Norman Virus Control Scheduler;C:\Norman\Nvc\BIN\NVCSCHED.EXE [2007-03-15 11:48]
  
  .
  'Ajoitetut tehtävät'-kansion sisältö
  "2008-06-07 13:18:00 C:\WINDOWS\Tasks\Tarkistetaan Windows Live -työkalurivin päivitykset.job"
  - C:\Program Files\Windows Live Toolbar\MSNTBUP.EXE
  .
  **************************************************************************
  
  catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
  Rootkit scan 2008-06-07 17:03:00
  Windows 5.1.2600 Service Pack 2 NTFS
  
  scanning hidden processes ...
  
  scanning hidden autostart entries ...
  
  scanning hidden files ...
  
  scan completed successfully
  hidden files: 0
  
  **************************************************************************
  .
  Completion time: 2008-06-07 17:04:14
  ComboFix-quarantined-files.txt 2008-06-07 14:03:49
  ComboFix2.txt 2008-06-07 11:58:26
  ComboFix3.txt 2008-06-07 10:02:18
  
  Pre-Run: 483,766,272 tavua vapaana
  Post-Run: 485,736,448 tavua vapaana
  
  168   --- E O F ---   2008-06-05 17:58:03
- Fix.fix
  2008-06-07 17:42:16
  meikalainen kirjoitti:
  Noniin tässä on uus hjt-loki sekä sen alla combofix.txt
  
  Logfile of Trend Micro HijackThis v2.0.2
  Scan saved at 17:08:44, on 7.6.2008
  Platform: Windows XP SP2 (WinNT 5.01.2600)
  MSIE: Internet Explorer v7.00 (7.00.6000.16640)
  Boot mode: Normal
  
  Running processes:
  C:\WINDOWS\System32\smss.exe
  C:\WINDOWS\system32\winlogon.exe
  C:\WINDOWS\system32\services.exe
  C:\WINDOWS\system32\lsass.exe
  C:\WINDOWS\system32\svchost.exe
  C:\WINDOWS\System32\svchost.exe
  C:\Nero Express\InCD\InCDsrv.exe
  C:\Norman\Npm\bin\ELOGSVC.EXE
  C:\Norman\Npm\Bin\Zanda.exe
  C:\WINDOWS\system32\spoolsv.exe
  C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
  C:\Norman\Npf\BIN\NPFSVICE.EXE
  C:\WINDOWS\system32\HPZipm12.exe
  C:\WINDOWS\system32\svchost.exe
  C:\WINDOWS\system32\hkcmd.exe
  C:\WINDOWS\SOUNDMAN.EXE
  C:\WINDOWS\AGRSMMSG.exe
  C:\Program Files\ltmoh\Ltmoh.exe
  C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
  C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
  C:\Program Files\HP\hpcoretech\hpcmpmgr.exe
  C:\Norman\Npm\bin\ZLH.EXE
  C:\Nero Express\InCD\InCD.exe
  C:\HP\HP Software Update\HPWuSchd2.exe
  C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe
  C:\WINDOWS\system32\LVCOMSX.EXE
  C:\WINDOWS\system32\ctfmon.exe
  C:\Norman\Npf\BIN\npfmsg2.exe
  C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkCalRem.exe
  C:\Norman\Npm\bin\NJEEVES.EXE
  C:\Program Files\HP\hpcoretech\comp\hptskmgr.exe
  C:\WINDOWS\explorer.exe
  C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
  
  R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.fi/
  R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
  R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
  R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
  R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
  R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://g.msn.fi/0SEFIFI/SAOS01?FORM=TOOLBR
  R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = ftp=proxy.wlannet.com:3128;http=proxy.wlannet.com:3128;https=proxy.wlannet.com:3128
  R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Linkit
  O2 - BHO: {be2f7763-7653-fe8b-2764-ea2e156a4f45} - {54f4a651-e2ae-4672-b8ef-35673677f2eb} - C:\WINDOWS\system32\rmtptlrm.dll
  O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
  O2 - BHO: Windows Liven kirjautumisapuohjelma - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
  O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
  O2 - BHO: (no name) - {DBFEAEE4-AE46-4834-A520-8B58F1C6537F} - C:\WINDOWS\system32\wvUkJcAT.dll (file missing)
  O2 - BHO: (no name) - {E004BC66-64AD-435A-83AA-19A41F1B7AB7} - C:\WINDOWS\system32\opnkkiFx.dll (file missing)
  O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
  O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
  O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
  O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
  O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
  O4 - HKLM\..\Run: [LtMoh] C:\Program Files\ltmoh\Ltmoh.exe
  O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
  O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
  O4 - HKLM\..\Run: [XPFix] C:\Program Files\GlobespanVirata\XPFix.exe
  O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
  O4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe"
  O4 - HKLM\..\Run: [Norman ZANDA] C:\Norman\Npm\bin\ZLH.EXE /LOAD /SPLASH
  O4 - HKLM\..\Run: [InCD] C:\Nero Express\InCD\InCD.exe
  O4 - HKLM\..\Run: [HP Software Update] C:\HP\HP Software Update\HPWuSchd2.exe
  O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe"
  O4 - HKLM\..\Run: [QuickTime Task] "D:\QuickTime\qttask.exe" -atboottime
  O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\system32\LVCOMSX.EXE
  O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
  O4 - HKLM\..\Run: [Windows UDP Control] winudspm.exe
  O4 - HKLM\..\Run: [Windows svchost] service.exe
  O4 - HKLM\..\Run: [2003d2f8] rundll32.exe "C:\WINDOWS\system32\rfihabxj.dll",b
  O4 - HKLM\..\Run: [BM2330e164] Rundll32.exe "C:\WINDOWS\system32\ohpxicpg.dll",s
  O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
  O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Paikallinen palve')
  O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Verkkopalve')
  O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
  O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
  O4 - Startup: WKCALREM.LNK = C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkCalRem.exe
  O4 - Global Startup: Microsoft Office.lnk = D:\front\Office10\OSA.EXE
  O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
  O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
  O9 - Extra button: Lisää tämä blogiin - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
  O9 - Extra 'Tools' menuitem: &Lisää tämä blogiin tuotteessa Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
  O9 - Extra button: EmpirePoker - {77E68763-4284-41d6-B7E7-B6E1F053A9E7} - D:\Reppu\Pelit\EmpirePoker.exe (file missing)
  O9 - Extra 'Tools' menuitem: EmpirePoker - {77E68763-4284-41d6-B7E7-B6E1F053A9E7} - D:\Reppu\Pelit\EmpirePoker.exe (file missing)
  O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
  O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
  O9 - Extra button: @C:\Program Files\Messenger\Msgslang.dll,-61144 - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
  O9 - Extra 'Tools' menuitem: @C:\Program Files\Messenger\Msgslang.dll,-61144 - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
  O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Object) - http://appldnld.apple.com.edgesuite.net/content.info.apple.com/QuickTime/qtactivex/qtplugin.cab
  O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by124w.bay124.mail.live.com/mail/resources/MsnPUpld.cab
  O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
  O16 - DPF: {97E71027-0BA2-44F2-97DB-F84D808ED0B6} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab55762.cab
  O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMessengerSetupDownloader.cab
  O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://messenger.zone.msn.com/binary/ZIntro.cab55579.cab
  O16 - DPF: {BD393C14-72AD-4790-A095-76522973D6B8} (CBreakshotControl Class) - http://messenger.zone.msn.com/binary/Bankshot.cab31267.cab
  O16 - DPF: {BDBDE413-7B1C-4C68-A8FF-C5B2B4090876} (F-Secure Online Scanner 3.3) - http://support.f-secure.com/ols/fscax.cab
  O23 - Service: Automattinen LiveUpdate-ajastustoiminto - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
  O23 - Service: Norman eLogger service 6 (eLoggerSvc6) - Norman ASA - C:\Norman\Npm\bin\ELOGSVC.EXE
  O23 - Service: InCD Helper (InCDsrv) - Nero AG - C:\Nero Express\InCD\InCDsrv.exe
  O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
  O23 - Service: Norman NJeeves - Unknown owner - C:\Norman\Npm\bin\NJEEVES.EXE
  O23 - Service: Norman Type-R - Unknown owner - C:\Norman\Npf\BIN\NPFSVICE.EXE
  O23 - Service: Norman ZANDA - Norman ASA - C:\Norman\Npm\Bin\Zanda.exe
  O23 - Service: Norman Virus Control on-access component (nvcoas) - Norman ASA - C:\Norman\Nvc\bin\nvcoas.exe
  O23 - Service: Norman Virus Control Scheduler (NVCScheduler) - Norman ASA - C:\Norman\Nvc\BIN\NVCSCHED.EXE
  O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
  
  --
  End of file - 8849 bytes
  
  -------------------------------------
  
  ComboFix 08-06-05.2 - Omistaja 2008-06-07 17:01:38.4 - NTFSx86
  Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1035.18.129 [GMT 3:00]
  Running from: C:\Documents and Settings\Omistaja\Työpöytä\Virus-ohjelmia\ComboFix.exe
  Command switches used :: C:\Documents and Settings\Omistaja\Työpöytä\Virus-ohjelmia\CFScript.txt
  * Created a new restore point
  
  [color=red][b]WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !![/b][/color]
  
  FILE ::
  C:\dci.MSNFix
  C:\ddc.exe
  C:\fa.com
  C:\MSNFix
  C:\ssetup.exe
  C:\WINDOWS\system32\bjyqtuwp.dll
  C:\WINDOWS\system32\klealwty.dll
  .
  
  (((((((((((((((((((((((((((((((((((((( Muut poistot ))))))))))))))))))))))))))))))))))))))))))))))))))))))))
  .
  
  C:\dci.MSNFix
  C:\ddc.exe
  C:\fa.com
  C:\ssetup.exe
  C:\WINDOWS\BM2330e164.xml
  C:\WINDOWS\pskt.ini
  
  .
  ((((( Tiedostot, jotka on luotu seuraavalla aikavälillä: 2008-05-07 to 2008-06-07 )))))))))))))))))
  .
  
  2008-06-07 14:24 . 2008-06-07 15:04   354   ---hsc---   C:\WINDOWS\system32\jxbahifr.ini
  2008-06-05 20:35 . 2008-06-05 20:35   126,976   --a------   C:\WINDOWS\system32\ohpxicpg.dll
  2008-06-05 17:06 . 2008-06-05 17:06   147,456   --a------   C:\WINDOWS\system32\rfihabxj.dll
  2008-06-05 16:57 . 2008-06-05 16:57   180,224   --a------   C:\WINDOWS\system32\rmtptlrm.dll
  2008-06-05 16:51 . 2008-06-05 16:51   156,160   --a------   C:\WINDOWS\system32\haohoauw.dll
  2008-06-04 14:40 . 2008-06-04 14:40   132,608   --a------   C:\WINDOWS\system32\kpergtyr.dll
  2008-06-04 14:40 . 2008-06-04 14:40   126,976   --a------   C:\WINDOWS\system32\cathhryt.dll
  2008-06-03 19:00 . 2008-06-03 19:00   52,331   --a--c---   C:\f.bat
  2008-06-03 18:36 . 2008-06-03 21:22   86,548   --a------   C:\Documents and Settings\Omistaja\setupa.exe
  2008-06-03 17:50 . 2008-06-04 16:03   3,424   --a------   C:\Documents and Settings\Omistaja\setup.exe
  2008-06-02 17:17 . 2008-06-02 17:17      d----c---   C:\Program Files\Trend Micro
  2008-05-29 21:23 . 2008-05-29 21:23      d----c---   C:\fsaua.data
  2008-05-29 20:32 . 2008-05-29 20:45      d-a--c---   C:\MSNFix
  2008-05-29 20:27 . 2008-06-05 16:50   501   --a--c---   C:\WINDOWS\wininit.ini
  2008-05-29 20:01 . 2008-05-29 20:01      d----c---   C:\Program Files\CCleaner
  2008-05-29 19:46 . 2008-05-29 19:46      d----c---   C:\Program Files\Spybot - Search & Destroy
  2008-05-29 19:46 . 2008-05-29 19:47      d----c---   C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
  2008-05-29 17:15 . 2008-05-29 17:35   102,664   --a--c---   C:\WINDOWS\system32\drivers\tmcomm.sys
  2008-05-29 17:12 . 2008-05-29 17:35      d--------   C:\Documents and Settings\Omistaja\.housecall6.6
  2008-05-29 17:11 . 2008-05-29 18:53   687   --a--c---   C:\WINDOWS\cookies.MSNFix
  
  .
  (((((((((((((((((((((((((((((((((((( Find3M-raportti ))))))))))))))))))))))))))))))))))))))))))))))))))))))
  .
  2008-06-07 12:04   5   -c--a-w   C:\NPF_USER.DAT
  2008-06-03 15:36   ---------   dc----w   C:\Documents and Settings\All Users\Application Data\NPF
  2008-03-25 04:51   621,344   -c--a-w   C:\WINDOWS\system32\mswstr10.dll
  2008-03-25 04:51   166,688   -c--a-w   C:\WINDOWS\system32\msjint40.dll
  2008-03-20 08:09   1,845,504   -c--a-w   C:\WINDOWS\system32\win32k.sys
  2007-03-13 09:36   822   ----a-w   C:\Documents and Settings\Omistaja\Application Data\wklnhst.dat
  2006-01-30 18:20   560   -c--a-w   C:\Documents and Settings\Omistaja\Application Data\ViewerApp.dat
  2005-06-03 13:31   380   -c--a-w   C:\Documents and Settings\Omistaja\GlobalData.dat
  1999-06-09 14:51   99,840   -c--a-w   C:\Program Files\Common Files\IRAABOUT.DLL
  1998-12-09 00:53   70,144   -c--a-w   C:\Program Files\Common Files\IRAMDMTR.DLL
  1998-12-09 00:53   48,640   -c--a-w   C:\Program Files\Common Files\IRALPTTR.DLL
  1998-12-09 00:53   31,744   -c--a-w   C:\Program Files\Common Files\IRAWEBTR.DLL
  1998-12-09 00:53   186,368   -c--a-w   C:\Program Files\Common Files\IRAREG.DLL
  1998-12-09 00:53   17,920   -c--a-w   C:\Program Files\Common Files\IRASRIAL.DLL
  .
  
  ((((((((((((((((((((((((((((( snapshot@2008-06-05_20.56.00.47 )))))))))))))))))))))))))))))))))))))))))
  .
  2008-02-26 11:49:28   297,984   -c--a-w   C:\WINDOWS\$hf_mig$\KB932823-v3\SP2QFE\msctf.dll
  2007-03-06 01:31:09   14,048   -c--a-w   C:\WINDOWS\$hf_mig$\KB932823-v3\spmsg.dll
  2007-03-06 01:31:14   214,752   -c--a-w   C:\WINDOWS\$hf_mig$\KB932823-v3\spuninst.exe
  2007-03-06 01:31:07   22,752   -c--a-w   C:\WINDOWS\$hf_mig$\KB932823-v3\update\spcustom.dll
  2007-03-06 01:31:32   717,536   -c--a-w   C:\WINDOWS\$hf_mig$\KB932823-v3\update\update.exe
  2007-03-06 01:32:23   380,640   -c--a-w   C:\WINDOWS\$hf_mig$\KB932823-v3\update\updspapi.dll
  - 2008-06-05 17:50:00   2,048   --s-a-w   C:\WINDOWS\bootstat.dat
  2008-06-07 12:03:54   2,048   --s-a-w   C:\WINDOWS\bootstat.dat
  - 2004-09-15 12:00:00   294,400   -c--a-w   C:\WINDOWS\system32\dllcache\msctf.dll
  2008-02-26 12:00:47   294,912   -c--a-w   C:\WINDOWS\system32\dllcache\msctf.dll
  - 2004-09-15 12:00:00   294,400   ----a-w   C:\WINDOWS\system32\MSCTF.dll
  2008-02-26 12:00:47   294,912   -c--a-w   C:\WINDOWS\system32\msctf.dll
  .
  (((((((((((((((((((((((((((((( Rekisterin käynnistyskohteet )))))))))))))))))))))))))))))))))))))))))))))
  .
  .
  REGEDIT4
  *Huom* Tyhjiä arvoja ja laillisia oletusarvoja ei näytetä
  
  [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{54f4a651-e2ae-4672-b8ef-35673677f2eb}]
  2008-06-05 16:57   180224   --a------   C:\WINDOWS\system32\rmtptlrm.dll
  
  [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{DBFEAEE4-AE46-4834-A520-8B58F1C6537F}]
           C:\WINDOWS\system32\wvUkJcAT.dll
  
  [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{E004BC66-64AD-435A-83AA-19A41F1B7AB7}]
           C:\WINDOWS\system32\opnkkiFx.dll
  
  [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
  "CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-09-15 15:00 15360]
  
  [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
  "IgfxTray"="C:\WINDOWS\system32\igfxtray.exe" [2004-07-02 03:02 155648]
  "HotKeysCmds"="C:\WINDOWS\system32\hkcmd.exe" [2004-07-02 02:58 118784]
  "SoundMan"="SOUNDMAN.EXE" [2004-12-22 10:09 77824 C:\WINDOWS\SOUNDMAN.EXE]
  "AGRSMMSG"="AGRSMMSG.exe" [2004-02-21 05:00 88363 C:\WINDOWS\AGRSMMSG.exe]
  "LtMoh"="C:\Program Files\ltmoh\Ltmoh.exe" [2003-04-29 06:08 184320]
  "SynTPLpr"="C:\Program Files\Synaptics\SynTP\SynTPLpr.exe" [2004-07-24 05:49 102400]
  "SynTPEnh"="C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" [2004-07-24 05:49 684032]
  "XPFix"="C:\Program Files\GlobespanVirata\XPFix.exe" [2004-07-23 18:25 217188]
  "NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [2001-07-09 11:50 155648]
  "HP Component Manager"="C:\Program Files\HP\hpcoretech\hpcmpmgr.exe" [2005-01-12 15:54 241664]
  "Norman ZANDA"="C:\Norman\Npm\bin\ZLH.exe" [2007-04-27 13:58 183352]
  "InCD"="C:\Nero Express\InCD\InCD.exe" [2005-07-25 12:01 1397760]
  "HP Software Update"="C:\HP\HP Software Update\HPWuSchd2.exe" [2005-02-17 00:11 49152]
  "SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe" [2007-03-14 03:43 83608]
  "QuickTime Task"="D:\QuickTime\qttask.exe" [2007-11-11 16:42 286720]
  "LVCOMSX"="C:\WINDOWS\system32\LVCOMSX.EXE" [2005-07-19 18:32 221184]
  "Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 23:16 39792]
  "Windows UDP Control"="winudspm.exe" []
  "Windows svchost"="service.exe" []
  "2003d2f8"="C:\WINDOWS\system32\rfihabxj.dll" [2008-06-05 17:06 147456]
  "BM2330e164"="C:\WINDOWS\system32\ohpxicpg.dll" [2008-06-05 20:35 126976]
  
  [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
  "CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-09-15 15:00 15360]
  
  C:\Documents and Settings\Omistaja\K„ynnist„-valikko\Ohjelmat\K„ynnistys\
  WKCALREM.LNK - C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkCalRem.exe [2004-07-12 04:54:24 15360]
  
  C:\Documents and Settings\All Users\K„ynnist„-valikko\Ohjelmat\K„ynnistys\
  Microsoft Office.lnk - D:\front\Office10\OSA.EXE [2001-02-13 02:01:04 83360]
  
  [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
  "vidc.ffds"= D:\IMUROI~1\FFDSHO~1\ffdshow.ax
  
  [HKEY_LOCAL_MACHINE\software\microsoft\security center]
  "AntiVirusDisableNotify"=dword:00000001
  "UpdatesDisableNotify"=dword:00000001
  
  [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
  "DisableMonitoring"=dword:00000001
  
  [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
  "EnableFirewall"= 0 (0x0)
  
  [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
  "%windir%\\system32\\sessmgr.exe"=
  "C:\\Program Files\\Messenger\\msmsgs.exe"=
  "D:\\Imurointi\\eMule\\emule.exe"=
  "%windir%\\Network Diagnostic\\xpnetdiag.exe"=
  "D:\\Skype\\Phone\\Skype.exe"=
  "C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
  "C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=
  
  R0 NDIS_RD;Firewall Engine Type-R2;C:\WINDOWS\system32\drivers\NDIS_RD.sys [2004-12-06 10:18]
  R1 TDI_RD;Firewall Engine Type-R;C:\WINDOWS\system32\drivers\tdi_rd.sys [2004-10-13 22:01]
  R2 Automattinen LiveUpdate-ajastustoiminto;Automattinen LiveUpdate-ajastustoiminto;"C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe" [2006-08-03 17:58]
  R2 Ndiskio;Ndiskio;C:\Norman\Nse\bin\NDISKIO.SYS [2007-01-02 10:55]
  R3 PRISM_A00;PRISM 802.11 Driver;C:\WINDOWS\system32\DRIVERS\PRISMA00.sys [2004-07-20 20:16]
  S3 ADM8511;ADMtek ADM8511/AN986 USB To Fast Ethernet Converter;C:\WINDOWS\system32\DRIVERS\ADM8511.SYS [2001-08-17 20:11]
  S3 NvcMFlt;NvcMFlt;C:\WINDOWS\system32\DRIVERS\nvcw32mf.sys [2008-02-11 15:56]
  S3 nvcoas;Norman Virus Control on-access component;C:\Norman\Nvc\bin\nvcoas.exe [2007-12-12 12:45]
  S3 NVCScheduler;Norman Virus Control Scheduler;C:\Norman\Nvc\BIN\NVCSCHED.EXE [2007-03-15 11:48]
  
  .
  'Ajoitetut tehtävät'-kansion sisältö
  "2008-06-07 13:18:00 C:\WINDOWS\Tasks\Tarkistetaan Windows Live -työkalurivin päivitykset.job"
  - C:\Program Files\Windows Live Toolbar\MSNTBUP.EXE
  .
  **************************************************************************
  
  catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
  Rootkit scan 2008-06-07 17:03:00
  Windows 5.1.2600 Service Pack 2 NTFS
  
  scanning hidden processes ...
  
  scanning hidden autostart entries ...
  
  scanning hidden files ...
  
  scan completed successfully
  hidden files: 0
  
  **************************************************************************
  .
  Completion time: 2008-06-07 17:04:14
  ComboFix-quarantined-files.txt 2008-06-07 14:03:49
  ComboFix2.txt 2008-06-07 11:58:26
  ComboFix3.txt 2008-06-07 10:02:18
  
  Pre-Run: 483,766,272 tavua vapaana
  Post-Run: 485,736,448 tavua vapaana
  
  168   --- E O F ---   2008-06-05 17:58:03
  Avaa Muistio ja kopioi/liitä quoteboxin sisältö sinne:
  
  [quote]
  
  File::
  C:\WINDOWS\system32\rmtptlrm.dll
  C:\WINDOWS\system32\wvUkJcAT.dll
  C:\WINDOWS\system32\opnkkiFx.dll
  C:\WINDOWS\system32\rfihabxj.dl
  C:\WINDOWS\system32\ohpxicpg.dll
  C:\MSNFix
  
  [/quote]
  
  Tallenna se nimellä CFScript.txt
  
  Sitten raahaa CFScript ComboFix.exeen kuten alla.
  [img]http://users.pandora.be/bluepatchy/miekiemoes/images/CFScript.gif[/img]
  
  Käynnistä tietokone uudelleen pyydettäessä ja lähetä combofix.txt-tiedoston sisältö tänne.
  
  *******
  
  scannaa hjt:llä merkkaa paina Fix checked
  
  O2 - BHO: {be2f7763-7653-fe8b-2764-ea2e156a4f45} - {54f4a651-e2ae-4672-b8ef-35673677f2eb} - C:\WINDOWS\system32\rmtptlrm.dll
  O2 - BHO: (no name) - {DBFEAEE4-AE46-4834-A520-8B58F1C6537F} - C:\WINDOWS\system32\wvUkJcAT.dll (file missing)
  O2 - BHO: (no name) - {E004BC66-64AD-435A-83AA-19A41F1B7AB7} - C:\WINDOWS\system32\opnkkiFx.dll (file missing)
  O4 - HKLM\..\Run: [Windows UDP Control] winudspm.exe
  O4 - HKLM\..\Run: [Windows svchost] service.exe
  O4 - HKLM\..\Run: [2003d2f8] rundll32.exe "C:\WINDOWS\system32\rfihabxj.dll",b
  O4 - HKLM\..\Run: [BM2330e164] Rundll32.exe "C:\WINDOWS\system32\ohpxicpg.dll",s
  
  **********
  
  Javan päivitys ja välimuistin tyhjennys:
  
  1. Klikkaa Käynnistä -> Ohjauspaneeli ja tupla-klikkaa Lisää tai poista sovellus Ohjauspaneelissa.
  2. Etsi listasta kaikki entiset Java versiosi. (J2SE Runtime Environment.... )
  Niissä pitäisi olla seuraava kuva vieressä:
  http://users.telenet.be/bluepatchy/miekiemoes/images/javaicon.jpg
  3. Valitse kaikki entiset Java versiosi ja valitse Poista.
  4. Asenna uusin Java päivitys seuraavasta linkistä..
  5. Käynnistä kone uudelleen asennuksen jälkeen:
  http://java.sun.com/javase/downloads/index.jsp
  Rullaa alas kohteeseen Java Runtime Environment (JRE) 6u6
  Paina Download
  Ruksaa Accept, ota offline installation, tallenna vaikka työpöydälle ja asenna se.
  6. Käynnistyksen jälkeen, mene takaisin Ohjauspaneeliin ja avaa Java asetuksesi (Muita Ohjauspaneelin asetuksia -> Java kahvikuppi).
  7. General Settings -osion alla, vedä liukusäädintä (Disk Space) pienemmälle, ja klikkaa Delete Files -nappia.
  
  (Jotkut javapohjaiset ohjelmat saattavat tarvita enemmän levytilaa.
  Jos huomaat säädön pienentämisen jälkeen koneessa hitautta, siirrä liukusäädintä isommalle).
  
  8. Varmista että kaikki kaksi valintaa ovat rastitettuja:
  *Applications and Applets
  *Trace and Log Files
  Ja paina OK -nappia
  9. Klikkaa OK "Temporary Files Settings" -ikkunassasi.
  10. Klikkaa OK jättääksesi Java asetusikkunasi.
  
  *******
  
  Lataa Malwarebytes' Anti-Malware työpöydällesi.
  http://www.besttechie.net/tools/mbam-setup.exe
  •   Tuplaklikkaa mbam-setup.exe ja seuraa ohjeita asentaaksesi ohjelman.
  •   Lopuksi varmistu, että seuraavat on valittu: Update Malwarebytes' Anti-Malware ja Launch Malwarebytes' Anti-Malware ja sen jälkeen klikkaa Finish.
  •   Jos päivitys löytyy. ohjelma lataa ja asentaa uusimman version.
  •   Kun ohjelma on latautunut, valitse Perform full scan ja klikkaa Scan.
  •   Kun skanni on valmis, klikkaa OK ja sitten Show Results nähdäksesi tulokset.
  •   Varmistu, että kaikki on merkitty ja klikkaa Remove Selected.
  •   Tämän jälkeen loki avautuu muistioon. Tallenna se paikkaan, josta löydät sen helposti. Loki löytyy myös täältä: C:\Documents and Settings\Käyttäjänimi\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\log-päiväys.txt
  •   Lähetä lokin sisältö seuraavassa viestissäsi.
- meikalainen
  2008-06-07 19:07:43
  Fix.fix kirjoitti:
  Avaa Muistio ja kopioi/liitä quoteboxin sisältö sinne:
  
  [quote]
  
  File::
  C:\WINDOWS\system32\rmtptlrm.dll
  C:\WINDOWS\system32\wvUkJcAT.dll
  C:\WINDOWS\system32\opnkkiFx.dll
  C:\WINDOWS\system32\rfihabxj.dl
  C:\WINDOWS\system32\ohpxicpg.dll
  C:\MSNFix
  
  [/quote]
  
  Tallenna se nimellä CFScript.txt
  
  Sitten raahaa CFScript ComboFix.exeen kuten alla.
  [img]http://users.pandora.be/bluepatchy/miekiemoes/images/CFScript.gif[/img]
  
  Käynnistä tietokone uudelleen pyydettäessä ja lähetä combofix.txt-tiedoston sisältö tänne.
  
  *******
  
  scannaa hjt:llä merkkaa paina Fix checked
  
  O2 - BHO: {be2f7763-7653-fe8b-2764-ea2e156a4f45} - {54f4a651-e2ae-4672-b8ef-35673677f2eb} - C:\WINDOWS\system32\rmtptlrm.dll
  O2 - BHO: (no name) - {DBFEAEE4-AE46-4834-A520-8B58F1C6537F} - C:\WINDOWS\system32\wvUkJcAT.dll (file missing)
  O2 - BHO: (no name) - {E004BC66-64AD-435A-83AA-19A41F1B7AB7} - C:\WINDOWS\system32\opnkkiFx.dll (file missing)
  O4 - HKLM\..\Run: [Windows UDP Control] winudspm.exe
  O4 - HKLM\..\Run: [Windows svchost] service.exe
  O4 - HKLM\..\Run: [2003d2f8] rundll32.exe "C:\WINDOWS\system32\rfihabxj.dll",b
  O4 - HKLM\..\Run: [BM2330e164] Rundll32.exe "C:\WINDOWS\system32\ohpxicpg.dll",s
  
  **********
  
  Javan päivitys ja välimuistin tyhjennys:
  
  1. Klikkaa Käynnistä -> Ohjauspaneeli ja tupla-klikkaa Lisää tai poista sovellus Ohjauspaneelissa.
  2. Etsi listasta kaikki entiset Java versiosi. (J2SE Runtime Environment.... )
  Niissä pitäisi olla seuraava kuva vieressä:
  http://users.telenet.be/bluepatchy/miekiemoes/images/javaicon.jpg
  3. Valitse kaikki entiset Java versiosi ja valitse Poista.
  4. Asenna uusin Java päivitys seuraavasta linkistä..
  5. Käynnistä kone uudelleen asennuksen jälkeen:
  http://java.sun.com/javase/downloads/index.jsp
  Rullaa alas kohteeseen Java Runtime Environment (JRE) 6u6
  Paina Download
  Ruksaa Accept, ota offline installation, tallenna vaikka työpöydälle ja asenna se.
  6. Käynnistyksen jälkeen, mene takaisin Ohjauspaneeliin ja avaa Java asetuksesi (Muita Ohjauspaneelin asetuksia -> Java kahvikuppi).
  7. General Settings -osion alla, vedä liukusäädintä (Disk Space) pienemmälle, ja klikkaa Delete Files -nappia.
  
  (Jotkut javapohjaiset ohjelmat saattavat tarvita enemmän levytilaa.
  Jos huomaat säädön pienentämisen jälkeen koneessa hitautta, siirrä liukusäädintä isommalle).
  
  8. Varmista että kaikki kaksi valintaa ovat rastitettuja:
  *Applications and Applets
  *Trace and Log Files
  Ja paina OK -nappia
  9. Klikkaa OK "Temporary Files Settings" -ikkunassasi.
  10. Klikkaa OK jättääksesi Java asetusikkunasi.
  
  *******
  
  Lataa Malwarebytes' Anti-Malware työpöydällesi.
  http://www.besttechie.net/tools/mbam-setup.exe
  •   Tuplaklikkaa mbam-setup.exe ja seuraa ohjeita asentaaksesi ohjelman.
  •   Lopuksi varmistu, että seuraavat on valittu: Update Malwarebytes' Anti-Malware ja Launch Malwarebytes' Anti-Malware ja sen jälkeen klikkaa Finish.
  •   Jos päivitys löytyy. ohjelma lataa ja asentaa uusimman version.
  •   Kun ohjelma on latautunut, valitse Perform full scan ja klikkaa Scan.
  •   Kun skanni on valmis, klikkaa OK ja sitten Show Results nähdäksesi tulokset.
  •   Varmistu, että kaikki on merkitty ja klikkaa Remove Selected.
  •   Tämän jälkeen loki avautuu muistioon. Tallenna se paikkaan, josta löydät sen helposti. Loki löytyy myös täältä: C:\Documents and Settings\Käyttäjänimi\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\log-päiväys.txt
  •   Lähetä lokin sisältö seuraavassa viestissäsi.
  Huh huh kylläpäs sieltä löyty :D Tässä tulee lokit:
  
  ------------------------------------------------
  Malware:
  
  Malwarebytes' Anti-Malware 1.15
  Tietokantaversio: 838
  
  19:00:47 2008-06-07
  mbam-log-6-7-2008 (19-00-47).txt
  
  Tarkistustyyppi: Täysi tarkistus (C:\|D:\|)
  Tarkistetut kohteet: 110878
  Kulunut aika: 32 minute(s), 14 second(s)
  
  Saastuneita muistiprosesseja: 0
  Saastuneita muistimoduuleja: 0
  Saastuneita rekisteriavaimia: 8
  Saastuneita rekisteriarvoja: 0
  Saastuneita rekisterikohteita: 0
  Saastuneita hakemistoja: 0
  Saastuneita tiedostoja: 68
  
  Saastuneita muistiprosesseja:
  (Haitallisia kohteita ei löydetty)
  
  Saastuneita muistimoduuleja:
  (Haitallisia kohteita ei löydetty)
  
  Saastuneita rekisteriavaimia:
  HKEY_CLASSES_ROOT\Interface\{e4e3e0f8-cd30-4380-8ce9-b96904bdefca} (Adware.PopCap) -> Quarantined and deleted successfully.
  HKEY_CLASSES_ROOT\Interface\{fe8a736f-4124-4d9c-b4b1-3b12381efabe} (Adware.PopCap) -> Quarantined and deleted successfully.
  HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\aoprndtws (Malware.Trace) -> Quarantined and deleted successfully.
  HKEY_CURRENT_USER\Software\Microsoft\affri (Malware.Trace) -> Quarantined and deleted successfully.
  HKEY_CURRENT_USER\Software\Microsoft\rdfa (Trojan.Vundo) -> Quarantined and deleted successfully.
  HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\affri (Malware.Trace) -> Quarantined and deleted successfully.
  HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MS Juan (Malware.Trace) -> Quarantined and deleted successfully.
  HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Multimedia\WMPlayer\Schemes\f3pss (Adware.MyWebSearch) -> Quarantined and deleted successfully.
  
  Saastuneita rekisteriarvoja:
  (Haitallisia kohteita ei löydetty)
  
  Saastuneita rekisterikohteita:
  (Haitallisia kohteita ei löydetty)
  
  Saastuneita hakemistoja:
  (Haitallisia kohteita ei löydetty)
  
  Saastuneita tiedostoja:
  C:\WINDOWS\system32\rfihabxj.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
  C:\WINDOWS\system32\jxbahifr.ini (Trojan.Vundo) -> Quarantined and deleted successfully.
  C:\QooBox\Quarantine\C\ddc.exe.vir (Backdoor.Bot) -> Quarantined and deleted successfully.
  C:\QooBox\Quarantine\C\fa.com.vir (Backdoor.Bot) -> Quarantined and deleted successfully.
  C:\QooBox\Quarantine\C\img.com.vir (Backdoor.Bot) -> Quarantined and deleted successfully.
  C:\QooBox\Quarantine\C\WINDOWS\mservice.exe.vir (Backdoor.Bot) -> Quarantined and deleted successfully.
  C:\QooBox\Quarantine\C\WINDOWS\system32\byXPFUKc.dll.vir (Trojan.FakeAlert) -> Quarantined and deleted successfully.
  C:\QooBox\Quarantine\C\WINDOWS\system32\ddcAtqPi.dll.vir (Trojan.FakeAlert) -> Quarantined and deleted successfully.
  C:\QooBox\Quarantine\C\WINDOWS\system32\duhxbyge.exe.vir (Trojan.LowZones) -> Quarantined and deleted successfully.
  C:\QooBox\Quarantine\C\WINDOWS\system32\eicxyjes.exe.vir (Trojan.LowZones) -> Quarantined and deleted successfully.
  C:\QooBox\Quarantine\C\WINDOWS\system32\geBssqNG.dll.vir (Trojan.FakeAlert) -> Quarantined and deleted successfully.
  C:\QooBox\Quarantine\C\WINDOWS\system32\iuysgehw.exe.vir (Trojan.LowZones) -> Quarantined and deleted successfully.
  C:\QooBox\Quarantine\C\WINDOWS\system32\larsttrm.exe.vir (Trojan.LowZones) -> Quarantined and deleted successfully.
  C:\QooBox\Quarantine\C\WINDOWS\system32\msvbxinf.dll.vir (Trojan.Vundo) -> Quarantined and deleted successfully.
  C:\QooBox\Quarantine\C\WINDOWS\system32\qyeqmibc.dll.vir (Trojan.Vundo) -> Quarantined and deleted successfully.
  C:\QooBox\Quarantine\C\WINDOWS\system32\rexrxfns.exe.vir (Trojan.LowZones) -> Quarantined and deleted successfully.
  C:\QooBox\Quarantine\C\WINDOWS\system32\sooawahn.dll.vir (Trojan.Vundo) -> Quarantined and deleted successfully.
  C:\QooBox\Quarantine\C\WINDOWS\system32\vcrajkri.dll.vir (Trojan.Vundo) -> Quarantined and deleted successfully.
  C:\QooBox\Quarantine\C\WINDOWS\system32\viqmgwrf.exe.vir (Trojan.LowZones) -> Quarantined and deleted successfully.
  C:\QooBox\Quarantine\C\WINDOWS\system32\xoaiynnq.dll.vir (Trojan.Vundo) -> Quarantined and deleted successfully.
  C:\QooBox\Quarantine\C\WINDOWS\system32\xxyyxvwv.dll.vir (Trojan.Vundo) -> Quarantined and deleted successfully.
  C:\System Volume Information\_restore{E8075B55-4EDF-42E0-937E-F2C3A02DD1D2}\RP957\A0064544.com (Backdoor.Bot) -> Quarantined and deleted successfully.
  C:\System Volume Information\_restore{E8075B55-4EDF-42E0-937E-F2C3A02DD1D2}\RP958\A0064574.exe (Backdoor.Bot) -> Quarantined and deleted successfully.
  C:\System Volume Information\_restore{E8075B55-4EDF-42E0-937E-F2C3A02DD1D2}\RP958\A0064580.exe (Backdoor.Bot) -> Quarantined and deleted successfully.
  C:\System Volume Information\_restore{E8075B55-4EDF-42E0-937E-F2C3A02DD1D2}\RP958\A0065577.exe (Backdoor.Bot) -> Quarantined and deleted successfully.
  C:\System Volume Information\_restore{E8075B55-4EDF-42E0-937E-F2C3A02DD1D2}\RP958\A0065600.com (Backdoor.Bot) -> Quarantined and deleted successfully.
  C:\System Volume Information\_restore{E8075B55-4EDF-42E0-937E-F2C3A02DD1D2}\RP958\A0066750.exe (Backdoor.Bot) -> Quarantined and deleted successfully.
  C:\System Volume Information\_restore{E8075B55-4EDF-42E0-937E-F2C3A02DD1D2}\RP958\A0066811.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
  C:\System Volume Information\_restore{E8075B55-4EDF-42E0-937E-F2C3A02DD1D2}\RP958\A0066823.exe (Backdoor.Bot) -> Quarantined and deleted successfully.
  C:\System Volume Information\_restore{E8075B55-4EDF-42E0-937E-F2C3A02DD1D2}\RP958\A0066824.exe (Backdoor.Bot) -> Quarantined and deleted successfully.
  C:\System Volume Information\_restore{E8075B55-4EDF-42E0-937E-F2C3A02DD1D2}\RP958\A0066831.exe (Backdoor.Bot) -> Quarantined and deleted successfully.
  C:\System Volume Information\_restore{E8075B55-4EDF-42E0-937E-F2C3A02DD1D2}\RP958\A0066832.exe (Backdoor.Bot) -> Quarantined and deleted successfully.
  C:\System Volume Information\_restore{E8075B55-4EDF-42E0-937E-F2C3A02DD1D2}\RP958\A0066847.exe (Backdoor.Bot) -> Quarantined and deleted successfully.
  C:\System Volume Information\_restore{E8075B55-4EDF-42E0-937E-F2C3A02DD1D2}\RP958\A0067816.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
  C:\System Volume Information\_restore{E8075B55-4EDF-42E0-937E-F2C3A02DD1D2}\RP958\A0067832.exe (Backdoor.Bot) -> Quarantined and deleted successfully.
  C:\System Volume Information\_restore{E8075B55-4EDF-42E0-937E-F2C3A02DD1D2}\RP961\A0068907.exe (Trojan.Agent) -> Quarantined and deleted successfully.
  C:\System Volume Information\_restore{E8075B55-4EDF-42E0-937E-F2C3A02DD1D2}\RP961\A0068908.exe (Backdoor.Bot) -> Quarantined and deleted successfully.
  C:\System Volume Information\_restore{E8075B55-4EDF-42E0-937E-F2C3A02DD1D2}\RP962\A0068914.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
  C:\System Volume Information\_restore{E8075B55-4EDF-42E0-937E-F2C3A02DD1D2}\RP962\A0068924.exe (Backdoor.Bot) -> Quarantined and deleted successfully.
  C:\System Volume Information\_restore{E8075B55-4EDF-42E0-937E-F2C3A02DD1D2}\RP962\A0068925.exe (Backdoor.Bot) -> Quarantined and deleted successfully.
  C:\System Volume Information\_restore{E8075B55-4EDF-42E0-937E-F2C3A02DD1D2}\RP962\A0068927.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
  C:\System Volume Information\_restore{E8075B55-4EDF-42E0-937E-F2C3A02DD1D2}\RP963\A0069920.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
  C:\System Volume Information\_restore{E8075B55-4EDF-42E0-937E-F2C3A02DD1D2}\RP963\A0069930.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
  C:\System Volume Information\_restore{E8075B55-4EDF-42E0-937E-F2C3A02DD1D2}\RP964\A0069952.dll (Trojan.FakeAlert) -> Quarantined and deleted successfully.
  C:\System Volume Information\_restore{E8075B55-4EDF-42E0-937E-F2C3A02DD1D2}\RP964\A0069954.dll (Trojan.FakeAlert) -> Quarantined and deleted successfully.
  C:\System Volume Information\_restore{E8075B55-4EDF-42E0-937E-F2C3A02DD1D2}\RP964\A0069955.exe (Trojan.LowZones) -> Quarantined and deleted successfully.
  C:\System Volume Information\_restore{E8075B55-4EDF-42E0-937E-F2C3A02DD1D2}\RP964\A0069956.exe (Trojan.LowZones) -> Quarantined and deleted successfully.
  C:\System Volume Information\_restore{E8075B55-4EDF-42E0-937E-F2C3A02DD1D2}\RP964\A0069957.dll (Trojan.FakeAlert) -> Quarantined and deleted successfully.
  C:\System Volume Information\_restore{E8075B55-4EDF-42E0-937E-F2C3A02DD1D2}\RP964\A0069959.exe (Trojan.LowZones) -> Quarantined and deleted successfully.
  C:\System Volume Information\_restore{E8075B55-4EDF-42E0-937E-F2C3A02DD1D2}\RP964\A0069963.exe (Trojan.LowZones) -> Quarantined and deleted successfully.
  C:\System Volume Information\_restore{E8075B55-4EDF-42E0-937E-F2C3A02DD1D2}\RP964\A0069964.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
  C:\System Volume Information\_restore{E8075B55-4EDF-42E0-937E-F2C3A02DD1D2}\RP964\A0069969.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
  C:\System Volume Information\_restore{E8075B55-4EDF-42E0-937E-F2C3A02DD1D2}\RP964\A0069971.exe (Trojan.LowZones) -> Quarantined and deleted successfully.
  C:\System Volume Information\_restore{E8075B55-4EDF-42E0-937E-F2C3A02DD1D2}\RP964\A0069973.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
  C:\System Volume Information\_restore{E8075B55-4EDF-42E0-937E-F2C3A02DD1D2}\RP964\A0069974.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
  C:\System Volume Information\_restore{E8075B55-4EDF-42E0-937E-F2C3A02DD1D2}\RP964\A0069975.exe (Trojan.LowZones) -> Quarantined and deleted successfully.
  C:\System Volume Information\_restore{E8075B55-4EDF-42E0-937E-F2C3A02DD1D2}\RP964\A0069976.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
  C:\System Volume Information\_restore{E8075B55-4EDF-42E0-937E-F2C3A02DD1D2}\RP964\A0069978.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
  C:\System Volume Information\_restore{E8075B55-4EDF-42E0-937E-F2C3A02DD1D2}\RP965\A0070088.exe (Backdoor.Bot) -> Quarantined and deleted successfully.
  C:\System Volume Information\_restore{E8075B55-4EDF-42E0-937E-F2C3A02DD1D2}\RP965\A0070133.com (Backdoor.Bot) -> Quarantined and deleted successfully.
  C:\System Volume Information\_restore{E8075B55-4EDF-42E0-937E-F2C3A02DD1D2}\RP965\A0070137.exe (Backdoor.Bot) -> Quarantined and deleted successfully.
  C:\System Volume Information\_restore{E8075B55-4EDF-42E0-937E-F2C3A02DD1D2}\RP967\A0070201.exe (Backdoor.Bot) -> Quarantined and deleted successfully.
  C:\System Volume Information\_restore{E8075B55-4EDF-42E0-937E-F2C3A02DD1D2}\RP967\A0070202.com (Backdoor.Bot) -> Quarantined and deleted successfully.
  C:\WINDOWS\system32\haohoauw.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
  C:\WINDOWS\Fonts\brandy.zip (Trojan.Downloader) -> Quarantined and deleted successfully.
  C:\WINDOWS\Fonts\catwalk.zip (Trojan.Downloader) -> Quarantined and deleted successfully.
  C:\WINDOWS\system32\clkcnt.txt (Trojan.Vundo) -> Quarantined and deleted successfully.
  C:\Documents and Settings\Omistaja\setup.exe (Trojan.Agent) -> Quarantined and deleted successfully.
  
  -------------------------------------------------
  HTJ:
  
  Logfile of Trend Micro HijackThis v2.0.2
  Scan saved at 18:11, on 2008-06-07
  Platform: Windows XP SP2 (WinNT 5.01.2600)
  MSIE: Internet Explorer v7.00 (7.00.6000.16640)
  Boot mode: Normal
  
  Running processes:
  C:\WINDOWS\System32\smss.exe
  C:\WINDOWS\system32\winlogon.exe
  C:\WINDOWS\system32\services.exe
  C:\WINDOWS\system32\lsass.exe
  C:\WINDOWS\system32\svchost.exe
  C:\WINDOWS\System32\svchost.exe
  C:\Nero Express\InCD\InCDsrv.exe
  C:\Norman\Npm\bin\ELOGSVC.EXE
  C:\Norman\Npm\Bin\Zanda.exe
  C:\WINDOWS\Explorer.EXE
  C:\WINDOWS\system32\spoolsv.exe
  C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
  C:\Norman\Npf\BIN\NPFSVICE.EXE
  C:\WINDOWS\system32\HPZipm12.exe
  C:\WINDOWS\system32\svchost.exe
  C:\Norman\Npm\bin\NJEEVES.EXE
  C:\WINDOWS\system32\hkcmd.exe
  C:\WINDOWS\SOUNDMAN.EXE
  C:\WINDOWS\AGRSMMSG.exe
  C:\Program Files\ltmoh\Ltmoh.exe
  C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
  C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
  C:\Program Files\GlobespanVirata\XPFix.exe
  C:\Program Files\HP\hpcoretech\hpcmpmgr.exe
  C:\Norman\Npm\bin\ZLH.EXE
  C:\Nero Express\InCD\InCD.exe
  C:\HP\HP Software Update\HPWuSchd2.exe
  C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe
  C:\WINDOWS\system32\LVCOMSX.EXE
  C:\WINDOWS\system32\rundll32.exe
  C:\WINDOWS\system32\ctfmon.exe
  C:\Norman\Npf\BIN\npfmsg2.exe
  C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkCalRem.exe
  C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe
  C:\Program Files\Internet Explorer\iexplore.exe
  C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
  
  R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.fi/
  R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
  R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
  R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
  R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
  R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://g.msn.fi/0SEFIFI/SAOS01?FORM=TOOLBR
  R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = ftp=proxy.wlannet.com:3128;http=proxy.wlannet.com:3128;https=proxy.wlannet.com:3128
  R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Linkit
  O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
  O2 - BHO: Windows Liven kirjautumisapuohjelma - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
  O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
  O2 - BHO: (no name) - {DBFEAEE4-AE46-4834-A520-8B58F1C6537F} - C:\WINDOWS\system32\wvUkJcAT.dll (file missing)
  O2 - BHO: (no name) - {E004BC66-64AD-435A-83AA-19A41F1B7AB7} - C:\WINDOWS\system32\opnkkiFx.dll (file missing)
  O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
  O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
  O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
  O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
  O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
  O4 - HKLM\..\Run: [LtMoh] C:\Program Files\ltmoh\Ltmoh.exe
  O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
  O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
  O4 - HKLM\..\Run: [XPFix] C:\Program Files\GlobespanVirata\XPFix.exe
  O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
  O4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe"
  O4 - HKLM\..\Run: [Norman ZANDA] C:\Norman\Npm\bin\ZLH.EXE /LOAD /SPLASH
  O4 - HKLM\..\Run: [InCD] C:\Nero Express\InCD\InCD.exe
  O4 - HKLM\..\Run: [HP Software Update] C:\HP\HP Software Update\HPWuSchd2.exe
  O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe"
  O4 - HKLM\..\Run: [QuickTime Task] "D:\QuickTime\qttask.exe" -atboottime
  O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\system32\LVCOMSX.EXE
  O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
  O4 - HKLM\..\Run: [Windows UDP Control] winudspm.exe
  O4 - HKLM\..\Run: [Windows svchost] service.exe
  O4 - HKLM\..\Run: [2003d2f8] rundll32.exe "C:\WINDOWS\system32\rfihabxj.dll",b
  O4 - HKLM\..\Run: [BM2330e164] Rundll32.exe "C:\WINDOWS\system32\ohpxicpg.dll",s
  O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
  O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Paikallinen palve')
  O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Verkkopalve')
  O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
  O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
  O4 - Startup: WKCALREM.LNK = C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkCalRem.exe
  O4 - Global Startup: Microsoft Office.lnk = D:\front\Office10\OSA.EXE
  O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
  O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
  O9 - Extra button: Lisää tämä blogiin - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
  O9 - Extra 'Tools' menuitem: &Lisää tämä blogiin tuotteessa Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
  O9 - Extra button: EmpirePoker - {77E68763-4284-41d6-B7E7-B6E1F053A9E7} - D:\Reppu\Pelit\EmpirePoker.exe (file missing)
  O9 - Extra 'Tools' menuitem: EmpirePoker - {77E68763-4284-41d6-B7E7-B6E1F053A9E7} - D:\Reppu\Pelit\EmpirePoker.exe (file missing)
  O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
  O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
  O9 - Extra button: @C:\Program Files\Messenger\Msgslang.dll,-61144 - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
  O9 - Extra 'Tools' menuitem: @C:\Program Files\Messenger\Msgslang.dll,-61144 - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
  O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Object) - http://appldnld.apple.com.edgesuite.net/content.info.apple.com/QuickTime/qtactivex/qtplugin.cab
  O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by124w.bay124.mail.live.com/mail/resources/MsnPUpld.cab
  O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
  O16 - DPF: {97E71027-0BA2-44F2-97DB-F84D808ED0B6} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab55762.cab
  O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMessengerSetupDownloader.cab
  O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://messenger.zone.msn.com/binary/ZIntro.cab55579.cab
  O16 - DPF: {BD393C14-72AD-4790-A095-76522973D6B8} (CBreakshotControl Class) - http://messenger.zone.msn.com/binary/Bankshot.cab31267.cab
  O16 - DPF: {BDBDE413-7B1C-4C68-A8FF-C5B2B4090876} (F-Secure Online Scanner 3.3) - http://support.f-secure.com/ols/fscax.cab
  O23 - Service: Automattinen LiveUpdate-ajastustoiminto - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
  O23 - Service: Norman eLogger service 6 (eLoggerSvc6) - Norman ASA - C:\Norman\Npm\bin\ELOGSVC.EXE
  O23 - Service: InCD Helper (InCDsrv) - Nero AG - C:\Nero Express\InCD\InCDsrv.exe
  O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
  O23 - Service: Norman NJeeves - Unknown owner - C:\Norman\Npm\bin\NJEEVES.EXE
  O23 - Service: Norman Type-R - Unknown owner - C:\Norman\Npf\BIN\NPFSVICE.EXE
  O23 - Service: Norman ZANDA - Norman ASA - C:\Norman\Npm\Bin\Zanda.exe
  O23 - Service: Norman Virus Control on-access component (nvcoas) - Norman ASA - C:\Norman\Nvc\bin\nvcoas.exe
  O23 - Service: Norman Virus Control Scheduler (NVCScheduler) - Norman ASA - C:\Norman\Nvc\BIN\NVCSCHED.EXE
  O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
  
  --
  End of file - 8877 bytes
  
  -------------------------------------------------
  ComboFix:
  
  ComboFix 08-06-05.2 - Omistaja 2008-06-07 17:55:14.5 - NTFSx86
  Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1035.18.138 [GMT 3:00]
  Running from: C:\Documents and Settings\Omistaja\Työpöytä\Virus-ohjelmia\ComboFix.exe
  Command switches used :: C:\Documents and Settings\Omistaja\Työpöytä\Virus-ohjelmia\CFScript.txt
  * Created a new restore point
  
  [color=red][b]WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !![/b][/color]
  
  FILE ::
  C:\MSNFix
  C:\WINDOWS\system32\ohpxicpg.dll
  C:\WINDOWS\system32\opnkkiFx.dll
  C:\WINDOWS\system32\rfihabxj.dl
  C:\WINDOWS\system32\rmtptlrm.dll
  C:\WINDOWS\system32\wvUkJcAT.dll
  .
  
  (((((((((((((((((((((((((((((((((((((( Muut poistot ))))))))))))))))))))))))))))))))))))))))))))))))))))))))
  .
  
  C:\WINDOWS\BM2330e164.xml
  C:\WINDOWS\pskt.ini
  C:\WINDOWS\system32\ohpxicpg.dll
  C:\WINDOWS\system32\rmtptlrm.dll
  
  .
  ((((( Tiedostot, jotka on luotu seuraavalla aikav„lill„: 2008-05-07 to 2008-06-07 )))))))))))))))))
  .
  
  2008-06-07 14:24 . 2008-06-07 17:59   474   ---hsc---   C:\WINDOWS\system32\jxbahifr.ini
  2008-06-05 17:06 . 2008-06-05 17:06   147,456   --a------   C:\WINDOWS\system32\rfihabxj.dll
  2008-06-05 16:51 . 2008-06-05 16:51   156,160   --a------   C:\WINDOWS\system32\haohoauw.dll
  2008-06-04 14:40 . 2008-06-04 14:40   132,608   --a------   C:\WINDOWS\system32\kpergtyr.dll
  2008-06-04 14:40 . 2008-06-04 14:40   126,976   --a------   C:\WINDOWS\system32\cathhryt.dll
  2008-06-03 19:00 . 2008-06-03 19:00   52,331   --a--c---   C:\f.bat
  2008-06-03 18:36 . 2008-06-03 21:22   86,548   --a------   C:\Documents and Settings\Omistaja\setupa.exe
  2008-06-03 17:50 . 2008-06-04 16:03   3,424   --a------   C:\Documents and Settings\Omistaja\setup.exe
  2008-06-02 17:17 . 2008-06-02 17:17      d----c---   C:\Program Files\Trend Micro
  2008-05-29 21:23 . 2008-05-29 21:23      d----c---   C:\fsaua.data
  2008-05-29 20:32 . 2008-05-29 20:45      d-a--c---   C:\MSNFix
  2008-05-29 20:27 . 2008-06-05 16:50   501   --a--c---   C:\WINDOWS\wininit.ini
  2008-05-29 20:01 . 2008-05-29 20:01      d----c---   C:\Program Files\CCleaner
  2008-05-29 19:46 . 2008-05-29 19:46      d----c---   C:\Program Files\Spybot - Search & Destroy
  2008-05-29 19:46 . 2008-05-29 19:47      d----c---   C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
  2008-05-29 17:15 . 2008-05-29 17:35   102,664   --a--c---   C:\WINDOWS\system32\drivers\tmcomm.sys
  2008-05-29 17:12 . 2008-05-29 17:35      d--------   C:\Documents and Settings\Omistaja\.housecall6.6
  2008-05-29 17:11 . 2008-05-29 18:53   687   --a--c---   C:\WINDOWS\cookies.MSNFix
  
  .
  (((((((((((((((((((((((((((((((((((( Find3M-raportti ))))))))))))))))))))))))))))))))))))))))))))))))))))))
  .
  2008-06-07 15:00   5   -c--a-w   C:\NPF_USER.DAT
  2008-06-03 15:36   ---------   dc----w   C:\Documents and Settings\All Users\Application Data\NPF
  2007-03-13 09:36   822   ----a-w   C:\Documents and Settings\Omistaja\Application Data\wklnhst.dat
  2006-01-30 18:20   560   -c--a-w   C:\Documents and Settings\Omistaja\Application Data\ViewerApp.dat
  2005-06-03 13:31   380   -c--a-w   C:\Documents and Settings\Omistaja\GlobalData.dat
  1999-06-09 14:51   99,840   -c--a-w   C:\Program Files\Common Files\IRAABOUT.DLL
  1998-12-09 00:53   70,144   -c--a-w   C:\Program Files\Common Files\IRAMDMTR.DLL
  1998-12-09 00:53   48,640   -c--a-w   C:\Program Files\Common Files\IRALPTTR.DLL
  1998-12-09 00:53   31,744   -c--a-w   C:\Program Files\Common Files\IRAWEBTR.DLL
  1998-12-09 00:53   186,368   -c--a-w   C:\Program Files\Common Files\IRAREG.DLL
  1998-12-09 00:53   17,920   -c--a-w   C:\Program Files\Common Files\IRASRIAL.DLL
  .
  
  ((((((((((((((((((((((((((((( snapshot@2008-06-05_20.56.00.47 )))))))))))))))))))))))))))))))))))))))))
  .
  2008-02-26 11:49:28   297,984   -c--a-w   C:\WINDOWS\$hf_mig$\KB932823-v3\SP2QFE\msctf.dll
  2007-03-06 01:31:09   14,048   -c--a-w   C:\WINDOWS\$hf_mig$\KB932823-v3\spmsg.dll
  2007-03-06 01:31:14   214,752   -c--a-w   C:\WINDOWS\$hf_mig$\KB932823-v3\spuninst.exe
  2007-03-06 01:31:07   22,752   -c--a-w   C:\WINDOWS\$hf_mig$\KB932823-v3\update\spcustom.dll
  2007-03-06 01:31:32   717,536   -c--a-w   C:\WINDOWS\$hf_mig$\KB932823-v3\update\update.exe
  2007-03-06 01:32:23   380,640   -c--a-w   C:\WINDOWS\$hf_mig$\KB932823-v3\update\updspapi.dll
  - 2008-06-05 17:50:00   2,048   --s-a-w   C:\WINDOWS\bootstat.dat
  2008-06-07 14:58:34   2,048   --s-a-w   C:\WINDOWS\bootstat.dat
  - 2004-09-15 12:00:00   294,400   -c--a-w   C:\WINDOWS\system32\dllcache\msctf.dll
  2008-02-26 12:00:47   294,912   -c--a-w   C:\WINDOWS\system32\dllcache\msctf.dll
  - 2004-09-15 12:00:00   294,400   ----a-w   C:\WINDOWS\system32\MSCTF.dll
  2008-02-26 12:00:47   294,912   -c--a-w   C:\WINDOWS\system32\msctf.dll
  - 2008-06-05 17:50:12   16,384   -c--atw   C:\WINDOWS\TEMP\Perflib_Perfdata_440.dat
  2008-06-07 14:58:46   16,384   -c--atw   C:\WINDOWS\TEMP\Perflib_Perfdata_440.dat
  .
  (((((((((((((((((((((((((((((( Rekisterin k„ynnistyskohteet )))))))))))))))))))))))))))))))))))))))))))))
  .
  .
  REGEDIT4
  *Huom* Tyhji„ arvoja ja laillisia oletusarvoja ei n„ytet„
  
  [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{DBFEAEE4-AE46-4834-A520-8B58F1C6537F}]
           C:\WINDOWS\system32\wvUkJcAT.dll
  
  [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{E004BC66-64AD-435A-83AA-19A41F1B7AB7}]
           C:\WINDOWS\system32\opnkkiFx.dll
  
  [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
  "CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-09-15 15:00 15360]
  
  [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
  "IgfxTray"="C:\WINDOWS\system32\igfxtray.exe" [2004-07-02 03:02 155648]
  "HotKeysCmds"="C:\WINDOWS\system32\hkcmd.exe" [2004-07-02 02:58 118784]
  "SoundMan"="SOUNDMAN.EXE" [2004-12-22 10:09 77824 C:\WINDOWS\SOUNDMAN.EXE]
  "AGRSMMSG"="AGRSMMSG.exe" [2004-02-21 05:00 88363 C:\WINDOWS\AGRSMMSG.exe]
  "LtMoh"="C:\Program Files\ltmoh\Ltmoh.exe" [2003-04-29 06:08 184320]
  "SynTPLpr"="C:\Program Files\Synaptics\SynTP\SynTPLpr.exe" [2004-07-24 05:49 102400]
  "SynTPEnh"="C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" [2004-07-24 05:49 684032]
  "XPFix"="C:\Program Files\GlobespanVirata\XPFix.exe" [2004-07-23 18:25 217188]
  "NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [2001-07-09 11:50 155648]
  "HP Component Manager"="C:\Program Files\HP\hpcoretech\hpcmpmgr.exe" [2005-01-12 15:54 241664]
  "Norman ZANDA"="C:\Norman\Npm\bin\ZLH.exe" [2007-04-27 13:58 183352]
  "InCD"="C:\Nero Express\InCD\InCD.exe" [2005-07-25 12:01 1397760]
  "HP Software Update"="C:\HP\HP Software Update\HPWuSchd2.exe" [2005-02-17 00:11 49152]
  "SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe" [2007-03-14 03:43 83608]
  "QuickTime Task"="D:\QuickTime\qttask.exe" [2007-11-11 16:42 286720]
  "LVCOMSX"="C:\WINDOWS\system32\LVCOMSX.EXE" [2005-07-19 18:32 221184]
  "Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 23:16 39792]
  "Windows UDP Control"="winudspm.exe" []
  "Windows svchost"="service.exe" []
  "2003d2f8"="C:\WINDOWS\system32\rfihabxj.dll" [2008-06-05 17:06 147456]
  "BM2330e164"="C:\WINDOWS\system32\ohpxicpg.dll" [ ]
  
  [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
  "CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-09-15 15:00 15360]
  
  [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
  "vidc.ffds"= D:\IMUROI~1\FFDSHO~1\ffdshow.ax
  
  [HKEY_LOCAL_MACHINE\software\microsoft\security center]
  "AntiVirusDisableNotify"=dword:00000001
  "UpdatesDisableNotify"=dword:00000001
  
  [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
  "DisableMonitoring"=dword:00000001
  
  [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
  "EnableFirewall"= 0 (0x0)
  
  [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
  "%windir%\\system32\\sessmgr.exe"=
  "C:\\Program Files\\Messenger\\msmsgs.exe"=
  "D:\\Imurointi\\eMule\\emule.exe"=
  "%windir%\\Network Diagnostic\\xpnetdiag.exe"=
  "D:\\Skype\\Phone\\Skype.exe"=
  "C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
  "C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=
  
  R0 NDIS_RD;Firewall Engine Type-R2;C:\WINDOWS\system32\drivers\NDIS_RD.sys [2004-12-06 10:18]
  R1 TDI_RD;Firewall Engine Type-R;C:\WINDOWS\system32\drivers\tdi_rd.sys [2004-10-13 22:01]
  R2 Automattinen LiveUpdate-ajastustoiminto;Automattinen LiveUpdate-ajastustoiminto;"C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe" [2006-08-03 17:58]
  R2 Ndiskio;Ndiskio;C:\Norman\Nse\bin\NDISKIO.SYS [2007-01-02 10:55]
  R3 PRISM_A00;PRISM 802.11 Driver;C:\WINDOWS\system32\DRIVERS\PRISMA00.sys [2004-07-20 20:16]
  S3 ADM8511;ADMtek ADM8511/AN986 USB To Fast Ethernet Converter;C:\WINDOWS\system32\DRIVERS\ADM8511.SYS [2001-08-17 20:11]
  S3 NvcMFlt;NvcMFlt;C:\WINDOWS\system32\DRIVERS\nvcw32mf.sys [2008-02-11 15:56]
  S3 nvcoas;Norman Virus Control on-access component;C:\Norman\Nvc\bin\nvcoas.exe [2007-12-12 12:45]
  S3 NVCScheduler;Norman Virus Control Scheduler;C:\Norman\Nvc\BIN\NVCSCHED.EXE [2007-03-15 11:48]
  
  .
  'Ajoitetut teht„v„t'-kansion sis„lt”
  "2008-06-07 14:18:00 C:\WINDOWS\Tasks\Tarkistetaan Windows Live -työkalurivin päivitykset.job"
- FixFix
  2008-06-07 20:23:59
  meikalainen kirjoitti:
  Huh huh kylläpäs sieltä löyty :D Tässä tulee lokit:
  
  ------------------------------------------------
  Malware:
  
  Malwarebytes' Anti-Malware 1.15
  Tietokantaversio: 838
  
  19:00:47 2008-06-07
  mbam-log-6-7-2008 (19-00-47).txt
  
  Tarkistustyyppi: Täysi tarkistus (C:\|D:\|)
  Tarkistetut kohteet: 110878
  Kulunut aika: 32 minute(s), 14 second(s)
  
  Saastuneita muistiprosesseja: 0
  Saastuneita muistimoduuleja: 0
  Saastuneita rekisteriavaimia: 8
  Saastuneita rekisteriarvoja: 0
  Saastuneita rekisterikohteita: 0
  Saastuneita hakemistoja: 0
  Saastuneita tiedostoja: 68
  
  Saastuneita muistiprosesseja:
  (Haitallisia kohteita ei löydetty)
  
  Saastuneita muistimoduuleja:
  (Haitallisia kohteita ei löydetty)
  
  Saastuneita rekisteriavaimia:
  HKEY_CLASSES_ROOT\Interface\{e4e3e0f8-cd30-4380-8ce9-b96904bdefca} (Adware.PopCap) -> Quarantined and deleted successfully.
  HKEY_CLASSES_ROOT\Interface\{fe8a736f-4124-4d9c-b4b1-3b12381efabe} (Adware.PopCap) -> Quarantined and deleted successfully.
  HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\aoprndtws (Malware.Trace) -> Quarantined and deleted successfully.
  HKEY_CURRENT_USER\Software\Microsoft\affri (Malware.Trace) -> Quarantined and deleted successfully.
  HKEY_CURRENT_USER\Software\Microsoft\rdfa (Trojan.Vundo) -> Quarantined and deleted successfully.
  HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\affri (Malware.Trace) -> Quarantined and deleted successfully.
  HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MS Juan (Malware.Trace) -> Quarantined and deleted successfully.
  HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Multimedia\WMPlayer\Schemes\f3pss (Adware.MyWebSearch) -> Quarantined and deleted successfully.
  
  Saastuneita rekisteriarvoja:
  (Haitallisia kohteita ei löydetty)
  
  Saastuneita rekisterikohteita:
  (Haitallisia kohteita ei löydetty)
  
  Saastuneita hakemistoja:
  (Haitallisia kohteita ei löydetty)
  
  Saastuneita tiedostoja:
  C:\WINDOWS\system32\rfihabxj.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
  C:\WINDOWS\system32\jxbahifr.ini (Trojan.Vundo) -> Quarantined and deleted successfully.
  C:\QooBox\Quarantine\C\ddc.exe.vir (Backdoor.Bot) -> Quarantined and deleted successfully.
  C:\QooBox\Quarantine\C\fa.com.vir (Backdoor.Bot) -> Quarantined and deleted successfully.
  C:\QooBox\Quarantine\C\img.com.vir (Backdoor.Bot) -> Quarantined and deleted successfully.
  C:\QooBox\Quarantine\C\WINDOWS\mservice.exe.vir (Backdoor.Bot) -> Quarantined and deleted successfully.
  C:\QooBox\Quarantine\C\WINDOWS\system32\byXPFUKc.dll.vir (Trojan.FakeAlert) -> Quarantined and deleted successfully.
  C:\QooBox\Quarantine\C\WINDOWS\system32\ddcAtqPi.dll.vir (Trojan.FakeAlert) -> Quarantined and deleted successfully.
  C:\QooBox\Quarantine\C\WINDOWS\system32\duhxbyge.exe.vir (Trojan.LowZones) -> Quarantined and deleted successfully.
  C:\QooBox\Quarantine\C\WINDOWS\system32\eicxyjes.exe.vir (Trojan.LowZones) -> Quarantined and deleted successfully.
  C:\QooBox\Quarantine\C\WINDOWS\system32\geBssqNG.dll.vir (Trojan.FakeAlert) -> Quarantined and deleted successfully.
  C:\QooBox\Quarantine\C\WINDOWS\system32\iuysgehw.exe.vir (Trojan.LowZones) -> Quarantined and deleted successfully.
  C:\QooBox\Quarantine\C\WINDOWS\system32\larsttrm.exe.vir (Trojan.LowZones) -> Quarantined and deleted successfully.
  C:\QooBox\Quarantine\C\WINDOWS\system32\msvbxinf.dll.vir (Trojan.Vundo) -> Quarantined and deleted successfully.
  C:\QooBox\Quarantine\C\WINDOWS\system32\qyeqmibc.dll.vir (Trojan.Vundo) -> Quarantined and deleted successfully.
  C:\QooBox\Quarantine\C\WINDOWS\system32\rexrxfns.exe.vir (Trojan.LowZones) -> Quarantined and deleted successfully.
  C:\QooBox\Quarantine\C\WINDOWS\system32\sooawahn.dll.vir (Trojan.Vundo) -> Quarantined and deleted successfully.
  C:\QooBox\Quarantine\C\WINDOWS\system32\vcrajkri.dll.vir (Trojan.Vundo) -> Quarantined and deleted successfully.
  C:\QooBox\Quarantine\C\WINDOWS\system32\viqmgwrf.exe.vir (Trojan.LowZones) -> Quarantined and deleted successfully.
  C:\QooBox\Quarantine\C\WINDOWS\system32\xoaiynnq.dll.vir (Trojan.Vundo) -> Quarantined and deleted successfully.
  C:\QooBox\Quarantine\C\WINDOWS\system32\xxyyxvwv.dll.vir (Trojan.Vundo) -> Quarantined and deleted successfully.
  C:\System Volume Information\_restore{E8075B55-4EDF-42E0-937E-F2C3A02DD1D2}\RP957\A0064544.com (Backdoor.Bot) -> Quarantined and deleted successfully.
  C:\System Volume Information\_restore{E8075B55-4EDF-42E0-937E-F2C3A02DD1D2}\RP958\A0064574.exe (Backdoor.Bot) -> Quarantined and deleted successfully.
  C:\System Volume Information\_restore{E8075B55-4EDF-42E0-937E-F2C3A02DD1D2}\RP958\A0064580.exe (Backdoor.Bot) -> Quarantined and deleted successfully.
  C:\System Volume Information\_restore{E8075B55-4EDF-42E0-937E-F2C3A02DD1D2}\RP958\A0065577.exe (Backdoor.Bot) -> Quarantined and deleted successfully.
  C:\System Volume Information\_restore{E8075B55-4EDF-42E0-937E-F2C3A02DD1D2}\RP958\A0065600.com (Backdoor.Bot) -> Quarantined and deleted successfully.
  C:\System Volume Information\_restore{E8075B55-4EDF-42E0-937E-F2C3A02DD1D2}\RP958\A0066750.exe (Backdoor.Bot) -> Quarantined and deleted successfully.
  C:\System Volume Information\_restore{E8075B55-4EDF-42E0-937E-F2C3A02DD1D2}\RP958\A0066811.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
  C:\System Volume Information\_restore{E8075B55-4EDF-42E0-937E-F2C3A02DD1D2}\RP958\A0066823.exe (Backdoor.Bot) -> Quarantined and deleted successfully.
  C:\System Volume Information\_restore{E8075B55-4EDF-42E0-937E-F2C3A02DD1D2}\RP958\A0066824.exe (Backdoor.Bot) -> Quarantined and deleted successfully.
  C:\System Volume Information\_restore{E8075B55-4EDF-42E0-937E-F2C3A02DD1D2}\RP958\A0066831.exe (Backdoor.Bot) -> Quarantined and deleted successfully.
  C:\System Volume Information\_restore{E8075B55-4EDF-42E0-937E-F2C3A02DD1D2}\RP958\A0066832.exe (Backdoor.Bot) -> Quarantined and deleted successfully.
  C:\System Volume Information\_restore{E8075B55-4EDF-42E0-937E-F2C3A02DD1D2}\RP958\A0066847.exe (Backdoor.Bot) -> Quarantined and deleted successfully.
  C:\System Volume Information\_restore{E8075B55-4EDF-42E0-937E-F2C3A02DD1D2}\RP958\A0067816.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
  C:\System Volume Information\_restore{E8075B55-4EDF-42E0-937E-F2C3A02DD1D2}\RP958\A0067832.exe (Backdoor.Bot) -> Quarantined and deleted successfully.
  C:\System Volume Information\_restore{E8075B55-4EDF-42E0-937E-F2C3A02DD1D2}\RP961\A0068907.exe (Trojan.Agent) -> Quarantined and deleted successfully.
  C:\System Volume Information\_restore{E8075B55-4EDF-42E0-937E-F2C3A02DD1D2}\RP961\A0068908.exe (Backdoor.Bot) -> Quarantined and deleted successfully.
  C:\System Volume Information\_restore{E8075B55-4EDF-42E0-937E-F2C3A02DD1D2}\RP962\A0068914.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
  C:\System Volume Information\_restore{E8075B55-4EDF-42E0-937E-F2C3A02DD1D2}\RP962\A0068924.exe (Backdoor.Bot) -> Quarantined and deleted successfully.
  C:\System Volume Information\_restore{E8075B55-4EDF-42E0-937E-F2C3A02DD1D2}\RP962\A0068925.exe (Backdoor.Bot) -> Quarantined and deleted successfully.
  C:\System Volume Information\_restore{E8075B55-4EDF-42E0-937E-F2C3A02DD1D2}\RP962\A0068927.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
  C:\System Volume Information\_restore{E8075B55-4EDF-42E0-937E-F2C3A02DD1D2}\RP963\A0069920.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
  C:\System Volume Information\_restore{E8075B55-4EDF-42E0-937E-F2C3A02DD1D2}\RP963\A0069930.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
  C:\System Volume Information\_restore{E8075B55-4EDF-42E0-937E-F2C3A02DD1D2}\RP964\A0069952.dll (Trojan.FakeAlert) -> Quarantined and deleted successfully.
  C:\System Volume Information\_restore{E8075B55-4EDF-42E0-937E-F2C3A02DD1D2}\RP964\A0069954.dll (Trojan.FakeAlert) -> Quarantined and deleted successfully.
  C:\System Volume Information\_restore{E8075B55-4EDF-42E0-937E-F2C3A02DD1D2}\RP964\A0069955.exe (Trojan.LowZones) -> Quarantined and deleted successfully.
  C:\System Volume Information\_restore{E8075B55-4EDF-42E0-937E-F2C3A02DD1D2}\RP964\A0069956.exe (Trojan.LowZones) -> Quarantined and deleted successfully.
  C:\System Volume Information\_restore{E8075B55-4EDF-42E0-937E-F2C3A02DD1D2}\RP964\A0069957.dll (Trojan.FakeAlert) -> Quarantined and deleted successfully.
  C:\System Volume Information\_restore{E8075B55-4EDF-42E0-937E-F2C3A02DD1D2}\RP964\A0069959.exe (Trojan.LowZones) -> Quarantined and deleted successfully.
  C:\System Volume Information\_restore{E8075B55-4EDF-42E0-937E-F2C3A02DD1D2}\RP964\A0069963.exe (Trojan.LowZones) -> Quarantined and deleted successfully.
  C:\System Volume Information\_restore{E8075B55-4EDF-42E0-937E-F2C3A02DD1D2}\RP964\A0069964.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
  C:\System Volume Information\_restore{E8075B55-4EDF-42E0-937E-F2C3A02DD1D2}\RP964\A0069969.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
  C:\System Volume Information\_restore{E8075B55-4EDF-42E0-937E-F2C3A02DD1D2}\RP964\A0069971.exe (Trojan.LowZones) -> Quarantined and deleted successfully.
  C:\System Volume Information\_restore{E8075B55-4EDF-42E0-937E-F2C3A02DD1D2}\RP964\A0069973.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
  C:\System Volume Information\_restore{E8075B55-4EDF-42E0-937E-F2C3A02DD1D2}\RP964\A0069974.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
  C:\System Volume Information\_restore{E8075B55-4EDF-42E0-937E-F2C3A02DD1D2}\RP964\A0069975.exe (Trojan.LowZones) -> Quarantined and deleted successfully.
  C:\System Volume Information\_restore{E8075B55-4EDF-42E0-937E-F2C3A02DD1D2}\RP964\A0069976.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
  C:\System Volume Information\_restore{E8075B55-4EDF-42E0-937E-F2C3A02DD1D2}\RP964\A0069978.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
  C:\System Volume Information\_restore{E8075B55-4EDF-42E0-937E-F2C3A02DD1D2}\RP965\A0070088.exe (Backdoor.Bot) -> Quarantined and deleted successfully.
  C:\System Volume Information\_restore{E8075B55-4EDF-42E0-937E-F2C3A02DD1D2}\RP965\A0070133.com (Backdoor.Bot) -> Quarantined and deleted successfully.
  C:\System Volume Information\_restore{E8075B55-4EDF-42E0-937E-F2C3A02DD1D2}\RP965\A0070137.exe (Backdoor.Bot) -> Quarantined and deleted successfully.
  C:\System Volume Information\_restore{E8075B55-4EDF-42E0-937E-F2C3A02DD1D2}\RP967\A0070201.exe (Backdoor.Bot) -> Quarantined and deleted successfully.
  C:\System Volume Information\_restore{E8075B55-4EDF-42E0-937E-F2C3A02DD1D2}\RP967\A0070202.com (Backdoor.Bot) -> Quarantined and deleted successfully.
  C:\WINDOWS\system32\haohoauw.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
  C:\WINDOWS\Fonts\brandy.zip (Trojan.Downloader) -> Quarantined and deleted successfully.
  C:\WINDOWS\Fonts\catwalk.zip (Trojan.Downloader) -> Quarantined and deleted successfully.
  C:\WINDOWS\system32\clkcnt.txt (Trojan.Vundo) -> Quarantined and deleted successfully.
  C:\Documents and Settings\Omistaja\setup.exe (Trojan.Agent) -> Quarantined and deleted successfully.
  
  -------------------------------------------------
  HTJ:
  
  Logfile of Trend Micro HijackThis v2.0.2
  Scan saved at 18:11, on 2008-06-07
  Platform: Windows XP SP2 (WinNT 5.01.2600)
  MSIE: Internet Explorer v7.00 (7.00.6000.16640)
  Boot mode: Normal
  
  Running processes:
  C:\WINDOWS\System32\smss.exe
  C:\WINDOWS\system32\winlogon.exe
  C:\WINDOWS\system32\services.exe
  C:\WINDOWS\system32\lsass.exe
  C:\WINDOWS\system32\svchost.exe
  C:\WINDOWS\System32\svchost.exe
  C:\Nero Express\InCD\InCDsrv.exe
  C:\Norman\Npm\bin\ELOGSVC.EXE
  C:\Norman\Npm\Bin\Zanda.exe
  C:\WINDOWS\Explorer.EXE
  C:\WINDOWS\system32\spoolsv.exe
  C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
  C:\Norman\Npf\BIN\NPFSVICE.EXE
  C:\WINDOWS\system32\HPZipm12.exe
  C:\WINDOWS\system32\svchost.exe
  C:\Norman\Npm\bin\NJEEVES.EXE
  C:\WINDOWS\system32\hkcmd.exe
  C:\WINDOWS\SOUNDMAN.EXE
  C:\WINDOWS\AGRSMMSG.exe
  C:\Program Files\ltmoh\Ltmoh.exe
  C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
  C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
  C:\Program Files\GlobespanVirata\XPFix.exe
  C:\Program Files\HP\hpcoretech\hpcmpmgr.exe
  C:\Norman\Npm\bin\ZLH.EXE
  C:\Nero Express\InCD\InCD.exe
  C:\HP\HP Software Update\HPWuSchd2.exe
  C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe
  C:\WINDOWS\system32\LVCOMSX.EXE
  C:\WINDOWS\system32\rundll32.exe
  C:\WINDOWS\system32\ctfmon.exe
  C:\Norman\Npf\BIN\npfmsg2.exe
  C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkCalRem.exe
  C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe
  C:\Program Files\Internet Explorer\iexplore.exe
  C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
  
  R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.fi/
  R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
  R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
  R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
  R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
  R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://g.msn.fi/0SEFIFI/SAOS01?FORM=TOOLBR
  R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = ftp=proxy.wlannet.com:3128;http=proxy.wlannet.com:3128;https=proxy.wlannet.com:3128
  R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Linkit
  O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
  O2 - BHO: Windows Liven kirjautumisapuohjelma - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
  O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
  O2 - BHO: (no name) - {DBFEAEE4-AE46-4834-A520-8B58F1C6537F} - C:\WINDOWS\system32\wvUkJcAT.dll (file missing)
  O2 - BHO: (no name) - {E004BC66-64AD-435A-83AA-19A41F1B7AB7} - C:\WINDOWS\system32\opnkkiFx.dll (file missing)
  O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
  O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
  O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
  O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
  O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
  O4 - HKLM\..\Run: [LtMoh] C:\Program Files\ltmoh\Ltmoh.exe
  O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
  O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
  O4 - HKLM\..\Run: [XPFix] C:\Program Files\GlobespanVirata\XPFix.exe
  O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
  O4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe"
  O4 - HKLM\..\Run: [Norman ZANDA] C:\Norman\Npm\bin\ZLH.EXE /LOAD /SPLASH
  O4 - HKLM\..\Run: [InCD] C:\Nero Express\InCD\InCD.exe
  O4 - HKLM\..\Run: [HP Software Update] C:\HP\HP Software Update\HPWuSchd2.exe
  O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe"
  O4 - HKLM\..\Run: [QuickTime Task] "D:\QuickTime\qttask.exe" -atboottime
  O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\system32\LVCOMSX.EXE
  O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
  O4 - HKLM\..\Run: [Windows UDP Control] winudspm.exe
  O4 - HKLM\..\Run: [Windows svchost] service.exe
  O4 - HKLM\..\Run: [2003d2f8] rundll32.exe "C:\WINDOWS\system32\rfihabxj.dll",b
  O4 - HKLM\..\Run: [BM2330e164] Rundll32.exe "C:\WINDOWS\system32\ohpxicpg.dll",s
  O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
  O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Paikallinen palve')
  O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Verkkopalve')
  O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
  O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
  O4 - Startup: WKCALREM.LNK = C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkCalRem.exe
  O4 - Global Startup: Microsoft Office.lnk = D:\front\Office10\OSA.EXE
  O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
  O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
  O9 - Extra button: Lisää tämä blogiin - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
  O9 - Extra 'Tools' menuitem: &Lisää tämä blogiin tuotteessa Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
  O9 - Extra button: EmpirePoker - {77E68763-4284-41d6-B7E7-B6E1F053A9E7} - D:\Reppu\Pelit\EmpirePoker.exe (file missing)
  O9 - Extra 'Tools' menuitem: EmpirePoker - {77E68763-4284-41d6-B7E7-B6E1F053A9E7} - D:\Reppu\Pelit\EmpirePoker.exe (file missing)
  O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
  O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
  O9 - Extra button: @C:\Program Files\Messenger\Msgslang.dll,-61144 - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
  O9 - Extra 'Tools' menuitem: @C:\Program Files\Messenger\Msgslang.dll,-61144 - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
  O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Object) - http://appldnld.apple.com.edgesuite.net/content.info.apple.com/QuickTime/qtactivex/qtplugin.cab
  O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by124w.bay124.mail.live.com/mail/resources/MsnPUpld.cab
  O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
  O16 - DPF: {97E71027-0BA2-44F2-97DB-F84D808ED0B6} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab55762.cab
  O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMessengerSetupDownloader.cab
  O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://messenger.zone.msn.com/binary/ZIntro.cab55579.cab
  O16 - DPF: {BD393C14-72AD-4790-A095-76522973D6B8} (CBreakshotControl Class) - http://messenger.zone.msn.com/binary/Bankshot.cab31267.cab
  O16 - DPF: {BDBDE413-7B1C-4C68-A8FF-C5B2B4090876} (F-Secure Online Scanner 3.3) - http://support.f-secure.com/ols/fscax.cab
  O23 - Service: Automattinen LiveUpdate-ajastustoiminto - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
  O23 - Service: Norman eLogger service 6 (eLoggerSvc6) - Norman ASA - C:\Norman\Npm\bin\ELOGSVC.EXE
  O23 - Service: InCD Helper (InCDsrv) - Nero AG - C:\Nero Express\InCD\InCDsrv.exe
  O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
  O23 - Service: Norman NJeeves - Unknown owner - C:\Norman\Npm\bin\NJEEVES.EXE
  O23 - Service: Norman Type-R - Unknown owner - C:\Norman\Npf\BIN\NPFSVICE.EXE
  O23 - Service: Norman ZANDA - Norman ASA - C:\Norman\Npm\Bin\Zanda.exe
  O23 - Service: Norman Virus Control on-access component (nvcoas) - Norman ASA - C:\Norman\Nvc\bin\nvcoas.exe
  O23 - Service: Norman Virus Control Scheduler (NVCScheduler) - Norman ASA - C:\Norman\Nvc\BIN\NVCSCHED.EXE
  O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
  
  --
  End of file - 8877 bytes
  
  -------------------------------------------------
  ComboFix:
  
  ComboFix 08-06-05.2 - Omistaja 2008-06-07 17:55:14.5 - NTFSx86
  Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1035.18.138 [GMT 3:00]
  Running from: C:\Documents and Settings\Omistaja\Työpöytä\Virus-ohjelmia\ComboFix.exe
  Command switches used :: C:\Documents and Settings\Omistaja\Työpöytä\Virus-ohjelmia\CFScript.txt
  * Created a new restore point
  
  [color=red][b]WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !![/b][/color]
  
  FILE ::
  C:\MSNFix
  C:\WINDOWS\system32\ohpxicpg.dll
  C:\WINDOWS\system32\opnkkiFx.dll
  C:\WINDOWS\system32\rfihabxj.dl
  C:\WINDOWS\system32\rmtptlrm.dll
  C:\WINDOWS\system32\wvUkJcAT.dll
  .
  
  (((((((((((((((((((((((((((((((((((((( Muut poistot ))))))))))))))))))))))))))))))))))))))))))))))))))))))))
  .
  
  C:\WINDOWS\BM2330e164.xml
  C:\WINDOWS\pskt.ini
  C:\WINDOWS\system32\ohpxicpg.dll
  C:\WINDOWS\system32\rmtptlrm.dll
  
  .
  ((((( Tiedostot, jotka on luotu seuraavalla aikav„lill„: 2008-05-07 to 2008-06-07 )))))))))))))))))
  .
  
  2008-06-07 14:24 . 2008-06-07 17:59   474   ---hsc---   C:\WINDOWS\system32\jxbahifr.ini
  2008-06-05 17:06 . 2008-06-05 17:06   147,456   --a------   C:\WINDOWS\system32\rfihabxj.dll
  2008-06-05 16:51 . 2008-06-05 16:51   156,160   --a------   C:\WINDOWS\system32\haohoauw.dll
  2008-06-04 14:40 . 2008-06-04 14:40   132,608   --a------   C:\WINDOWS\system32\kpergtyr.dll
  2008-06-04 14:40 . 2008-06-04 14:40   126,976   --a------   C:\WINDOWS\system32\cathhryt.dll
  2008-06-03 19:00 . 2008-06-03 19:00   52,331   --a--c---   C:\f.bat
  2008-06-03 18:36 . 2008-06-03 21:22   86,548   --a------   C:\Documents and Settings\Omistaja\setupa.exe
  2008-06-03 17:50 . 2008-06-04 16:03   3,424   --a------   C:\Documents and Settings\Omistaja\setup.exe
  2008-06-02 17:17 . 2008-06-02 17:17      d----c---   C:\Program Files\Trend Micro
  2008-05-29 21:23 . 2008-05-29 21:23      d----c---   C:\fsaua.data
  2008-05-29 20:32 . 2008-05-29 20:45      d-a--c---   C:\MSNFix
  2008-05-29 20:27 . 2008-06-05 16:50   501   --a--c---   C:\WINDOWS\wininit.ini
  2008-05-29 20:01 . 2008-05-29 20:01      d----c---   C:\Program Files\CCleaner
  2008-05-29 19:46 . 2008-05-29 19:46      d----c---   C:\Program Files\Spybot - Search & Destroy
  2008-05-29 19:46 . 2008-05-29 19:47      d----c---   C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
  2008-05-29 17:15 . 2008-05-29 17:35   102,664   --a--c---   C:\WINDOWS\system32\drivers\tmcomm.sys
  2008-05-29 17:12 . 2008-05-29 17:35      d--------   C:\Documents and Settings\Omistaja\.housecall6.6
  2008-05-29 17:11 . 2008-05-29 18:53   687   --a--c---   C:\WINDOWS\cookies.MSNFix
  
  .
  (((((((((((((((((((((((((((((((((((( Find3M-raportti ))))))))))))))))))))))))))))))))))))))))))))))))))))))
  .
  2008-06-07 15:00   5   -c--a-w   C:\NPF_USER.DAT
  2008-06-03 15:36   ---------   dc----w   C:\Documents and Settings\All Users\Application Data\NPF
  2007-03-13 09:36   822   ----a-w   C:\Documents and Settings\Omistaja\Application Data\wklnhst.dat
  2006-01-30 18:20   560   -c--a-w   C:\Documents and Settings\Omistaja\Application Data\ViewerApp.dat
  2005-06-03 13:31   380   -c--a-w   C:\Documents and Settings\Omistaja\GlobalData.dat
  1999-06-09 14:51   99,840   -c--a-w   C:\Program Files\Common Files\IRAABOUT.DLL
  1998-12-09 00:53   70,144   -c--a-w   C:\Program Files\Common Files\IRAMDMTR.DLL
  1998-12-09 00:53   48,640   -c--a-w   C:\Program Files\Common Files\IRALPTTR.DLL
  1998-12-09 00:53   31,744   -c--a-w   C:\Program Files\Common Files\IRAWEBTR.DLL
  1998-12-09 00:53   186,368   -c--a-w   C:\Program Files\Common Files\IRAREG.DLL
  1998-12-09 00:53   17,920   -c--a-w   C:\Program Files\Common Files\IRASRIAL.DLL
  .
  
  ((((((((((((((((((((((((((((( snapshot@2008-06-05_20.56.00.47 )))))))))))))))))))))))))))))))))))))))))
  .
  2008-02-26 11:49:28   297,984   -c--a-w   C:\WINDOWS\$hf_mig$\KB932823-v3\SP2QFE\msctf.dll
  2007-03-06 01:31:09   14,048   -c--a-w   C:\WINDOWS\$hf_mig$\KB932823-v3\spmsg.dll
  2007-03-06 01:31:14   214,752   -c--a-w   C:\WINDOWS\$hf_mig$\KB932823-v3\spuninst.exe
  2007-03-06 01:31:07   22,752   -c--a-w   C:\WINDOWS\$hf_mig$\KB932823-v3\update\spcustom.dll
  2007-03-06 01:31:32   717,536   -c--a-w   C:\WINDOWS\$hf_mig$\KB932823-v3\update\update.exe
  2007-03-06 01:32:23   380,640   -c--a-w   C:\WINDOWS\$hf_mig$\KB932823-v3\update\updspapi.dll
  - 2008-06-05 17:50:00   2,048   --s-a-w   C:\WINDOWS\bootstat.dat
  2008-06-07 14:58:34   2,048   --s-a-w   C:\WINDOWS\bootstat.dat
  - 2004-09-15 12:00:00   294,400   -c--a-w   C:\WINDOWS\system32\dllcache\msctf.dll
  2008-02-26 12:00:47   294,912   -c--a-w   C:\WINDOWS\system32\dllcache\msctf.dll
  - 2004-09-15 12:00:00   294,400   ----a-w   C:\WINDOWS\system32\MSCTF.dll
  2008-02-26 12:00:47   294,912   -c--a-w   C:\WINDOWS\system32\msctf.dll
  - 2008-06-05 17:50:12   16,384   -c--atw   C:\WINDOWS\TEMP\Perflib_Perfdata_440.dat
  2008-06-07 14:58:46   16,384   -c--atw   C:\WINDOWS\TEMP\Perflib_Perfdata_440.dat
  .
  (((((((((((((((((((((((((((((( Rekisterin k„ynnistyskohteet )))))))))))))))))))))))))))))))))))))))))))))
  .
  .
  REGEDIT4
  *Huom* Tyhji„ arvoja ja laillisia oletusarvoja ei n„ytet„
  
  [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{DBFEAEE4-AE46-4834-A520-8B58F1C6537F}]
           C:\WINDOWS\system32\wvUkJcAT.dll
  
  [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{E004BC66-64AD-435A-83AA-19A41F1B7AB7}]
           C:\WINDOWS\system32\opnkkiFx.dll
  
  [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
  "CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-09-15 15:00 15360]
  
  [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
  "IgfxTray"="C:\WINDOWS\system32\igfxtray.exe" [2004-07-02 03:02 155648]
  "HotKeysCmds"="C:\WINDOWS\system32\hkcmd.exe" [2004-07-02 02:58 118784]
  "SoundMan"="SOUNDMAN.EXE" [2004-12-22 10:09 77824 C:\WINDOWS\SOUNDMAN.EXE]
  "AGRSMMSG"="AGRSMMSG.exe" [2004-02-21 05:00 88363 C:\WINDOWS\AGRSMMSG.exe]
  "LtMoh"="C:\Program Files\ltmoh\Ltmoh.exe" [2003-04-29 06:08 184320]
  "SynTPLpr"="C:\Program Files\Synaptics\SynTP\SynTPLpr.exe" [2004-07-24 05:49 102400]
  "SynTPEnh"="C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" [2004-07-24 05:49 684032]
  "XPFix"="C:\Program Files\GlobespanVirata\XPFix.exe" [2004-07-23 18:25 217188]
  "NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [2001-07-09 11:50 155648]
  "HP Component Manager"="C:\Program Files\HP\hpcoretech\hpcmpmgr.exe" [2005-01-12 15:54 241664]
  "Norman ZANDA"="C:\Norman\Npm\bin\ZLH.exe" [2007-04-27 13:58 183352]
  "InCD"="C:\Nero Express\InCD\InCD.exe" [2005-07-25 12:01 1397760]
  "HP Software Update"="C:\HP\HP Software Update\HPWuSchd2.exe" [2005-02-17 00:11 49152]
  "SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe" [2007-03-14 03:43 83608]
  "QuickTime Task"="D:\QuickTime\qttask.exe" [2007-11-11 16:42 286720]
  "LVCOMSX"="C:\WINDOWS\system32\LVCOMSX.EXE" [2005-07-19 18:32 221184]
  "Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 23:16 39792]
  "Windows UDP Control"="winudspm.exe" []
  "Windows svchost"="service.exe" []
  "2003d2f8"="C:\WINDOWS\system32\rfihabxj.dll" [2008-06-05 17:06 147456]
  "BM2330e164"="C:\WINDOWS\system32\ohpxicpg.dll" [ ]
  
  [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
  "CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-09-15 15:00 15360]
  
  [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
  "vidc.ffds"= D:\IMUROI~1\FFDSHO~1\ffdshow.ax
  
  [HKEY_LOCAL_MACHINE\software\microsoft\security center]
  "AntiVirusDisableNotify"=dword:00000001
  "UpdatesDisableNotify"=dword:00000001
  
  [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
  "DisableMonitoring"=dword:00000001
  
  [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
  "EnableFirewall"= 0 (0x0)
  
  [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
  "%windir%\\system32\\sessmgr.exe"=
  "C:\\Program Files\\Messenger\\msmsgs.exe"=
  "D:\\Imurointi\\eMule\\emule.exe"=
  "%windir%\\Network Diagnostic\\xpnetdiag.exe"=
  "D:\\Skype\\Phone\\Skype.exe"=
  "C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
  "C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=
  
  R0 NDIS_RD;Firewall Engine Type-R2;C:\WINDOWS\system32\drivers\NDIS_RD.sys [2004-12-06 10:18]
  R1 TDI_RD;Firewall Engine Type-R;C:\WINDOWS\system32\drivers\tdi_rd.sys [2004-10-13 22:01]
  R2 Automattinen LiveUpdate-ajastustoiminto;Automattinen LiveUpdate-ajastustoiminto;"C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe" [2006-08-03 17:58]
  R2 Ndiskio;Ndiskio;C:\Norman\Nse\bin\NDISKIO.SYS [2007-01-02 10:55]
  R3 PRISM_A00;PRISM 802.11 Driver;C:\WINDOWS\system32\DRIVERS\PRISMA00.sys [2004-07-20 20:16]
  S3 ADM8511;ADMtek ADM8511/AN986 USB To Fast Ethernet Converter;C:\WINDOWS\system32\DRIVERS\ADM8511.SYS [2001-08-17 20:11]
  S3 NvcMFlt;NvcMFlt;C:\WINDOWS\system32\DRIVERS\nvcw32mf.sys [2008-02-11 15:56]
  S3 nvcoas;Norman Virus Control on-access component;C:\Norman\Nvc\bin\nvcoas.exe [2007-12-12 12:45]
  S3 NVCScheduler;Norman Virus Control Scheduler;C:\Norman\Nvc\BIN\NVCSCHED.EXE [2007-03-15 11:48]
  
  .
  'Ajoitetut teht„v„t'-kansion sis„lt”
  "2008-06-07 14:18:00 C:\WINDOWS\Tasks\Tarkistetaan Windows Live -työkalurivin päivitykset.job"
  että näin
  
  sammuta ja käynnistä
  
  scannaa combofix loki
  
  ja viimisenä uusi hjt:n loki
meikalainen
2008-06-07 21:04:24
Täältä pesee....

ComboFix 08-06-05.2 - Omistaja 2008-06-07 20:58:03.6 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1035.18.144 [GMT 3:00]
Running from: C:\Documents and Settings\Omistaja\Työpöytä\Virus-ohjelmia\ComboFix.exe

[color=red][b]WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !![/b][/color]
.

(((((((((((((((((((((((((((((((((((((( Muut poistot ))))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
---- Previous Run -------
.
C:\WINDOWS\BM2330e164.xml
C:\WINDOWS\pskt.ini
C:\WINDOWS\system32\ohpxicpg.dll
C:\WINDOWS\system32\rmtptlrm.dll

.
((((( Tiedostot, jotka on luotu seuraavalla aikavälillä: 2008-05-07 to 2008-06-07 )))))))))))))))))
.

2008-06-07 19:13 . 2008-03-25 02:37   69,632   --a--c---   C:\WINDOWS\system32\javacpl.cpl
2008-06-07 19:12 . 2008-06-07 19:13      d----c---   C:\Program Files\Java
2008-06-07 19:11 . 2008-06-07 19:11      d----c---   C:\Program Files\Common Files\Java
2008-06-07 18:23 . 2008-06-07 18:25      d----c---   C:\Malwarebytes' Anti-Malware
2008-06-07 18:23 . 2008-06-07 18:23      d--------   C:\Documents and Settings\Omistaja\Application Data\Malwarebytes
2008-06-07 18:23 . 2008-06-07 18:23      d----c---   C:\Documents and Settings\All Users\Application Data\Malwarebytes
2008-06-07 18:23 . 2008-06-05 16:04   34,296   --a--c---   C:\WINDOWS\system32\drivers\mbamcatchme.sys
2008-06-07 18:23 . 2008-06-05 16:04   15,864   --a--c---   C:\WINDOWS\system32\drivers\mbam.sys
2008-06-04 14:40 . 2008-06-04 14:40   132,608   --a------   C:\WINDOWS\system32\kpergtyr.dll
2008-06-04 14:40 . 2008-06-04 14:40   126,976   --a------   C:\WINDOWS\system32\cathhryt.dll
2008-06-03 19:00 . 2008-06-03 19:00   52,331   --a--c---   C:\f.bat
2008-06-03 18:36 . 2008-06-03 21:22   86,548   --a------   C:\Documents and Settings\Omistaja\setupa.exe
2008-06-02 17:17 . 2008-06-02 17:17      d----c---   C:\Program Files\Trend Micro
2008-05-29 21:23 . 2008-05-29 21:23      d----c---   C:\fsaua.data
2008-05-29 20:32 . 2008-05-29 20:45      d-a--c---   C:\MSNFix
2008-05-29 20:27 . 2008-06-05 16:50   501   --a--c---   C:\WINDOWS\wininit.ini
2008-05-29 20:01 . 2008-05-29 20:01      d----c---   C:\Program Files\CCleaner
2008-05-29 19:46 . 2008-05-29 19:46      d----c---   C:\Program Files\Spybot - Search & Destroy
2008-05-29 19:46 . 2008-05-29 19:47      d----c---   C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-05-29 17:15 . 2008-05-29 17:35   102,664   --a--c---   C:\WINDOWS\system32\drivers\tmcomm.sys
2008-05-29 17:12 . 2008-05-29 17:35      d--------   C:\Documents and Settings\Omistaja\.housecall6.6
2008-05-29 17:11 . 2008-05-29 18:53   687   --a--c---   C:\WINDOWS\cookies.MSNFix

.
(((((((((((((((((((((((((((((((((((( Find3M-raportti ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-06-07 17:56   5   -c--a-w   C:\NPF_USER.DAT
2008-06-07 16:29   ---------   dc----w   C:\Documents and Settings\All Users\Application Data\NPF
2008-06-07 16:19   ---------   dc----w   C:\Program Files\Google
2008-03-25 04:51   621,344   -c--a-w   C:\WINDOWS\system32\mswstr10.dll
2008-03-25 04:51   166,688   -c--a-w   C:\WINDOWS\system32\msjint40.dll
2008-03-20 08:09   1,845,504   -c--a-w   C:\WINDOWS\system32\win32k.sys
2007-03-13 09:36   822   ----a-w   C:\Documents and Settings\Omistaja\Application Data\wklnhst.dat
2006-01-30 18:20   560   -c--a-w   C:\Documents and Settings\Omistaja\Application Data\ViewerApp.dat
2005-06-03 13:31   380   -c--a-w   C:\Documents and Settings\Omistaja\GlobalData.dat
1999-06-09 14:51   99,840   -c--a-w   C:\Program Files\Common Files\IRAABOUT.DLL
1998-12-09 00:53   70,144   -c--a-w   C:\Program Files\Common Files\IRAMDMTR.DLL
1998-12-09 00:53   48,640   -c--a-w   C:\Program Files\Common Files\IRALPTTR.DLL
1998-12-09 00:53   31,744   -c--a-w   C:\Program Files\Common Files\IRAWEBTR.DLL
1998-12-09 00:53   186,368   -c--a-w   C:\Program Files\Common Files\IRAREG.DLL
1998-12-09 00:53   17,920   -c--a-w   C:\Program Files\Common Files\IRASRIAL.DLL
.

((((((((((((((((((((((((((((( snapshot@2008-06-05_20.56.00.47 )))))))))))))))))))))))))))))))))))))))))
.
2008-02-26 11:49:28   297,984   -c--a-w   C:\WINDOWS\$hf_mig$\KB932823-v3\SP2QFE\msctf.dll
2007-03-06 01:31:09   14,048   -c--a-w   C:\WINDOWS\$hf_mig$\KB932823-v3\spmsg.dll
2007-03-06 01:31:14   214,752   -c--a-w   C:\WINDOWS\$hf_mig$\KB932823-v3\spuninst.exe
2007-03-06 01:31:07   22,752   -c--a-w   C:\WINDOWS\$hf_mig$\KB932823-v3\update\spcustom.dll
2007-03-06 01:31:32   717,536   -c--a-w   C:\WINDOWS\$hf_mig$\KB932823-v3\update\update.exe
2007-03-06 01:32:23   380,640   -c--a-w   C:\WINDOWS\$hf_mig$\KB932823-v3\update\updspapi.dll
- 2008-06-05 17:50:00   2,048   --s-a-w   C:\WINDOWS\bootstat.dat
2008-06-07 17:56:32   2,048   --s-a-w   C:\WINDOWS\bootstat.dat
- 2004-09-15 12:00:00   294,400   -c--a-w   C:\WINDOWS\system32\dllcache\msctf.dll
2008-02-26 12:00:47   294,912   -c--a-w   C:\WINDOWS\system32\dllcache\msctf.dll
- 2007-03-13 21:31:24   135,168   -c--a-w   C:\WINDOWS\system32\java.exe
2008-03-24 22:28:39   135,168   -c--a-w   C:\WINDOWS\system32\java.exe
- 2007-03-13 21:31:28   135,168   -c--a-w   C:\WINDOWS\system32\javaw.exe
2008-03-24 22:28:43   135,168   -c--a-w   C:\WINDOWS\system32\javaw.exe
- 2007-03-13 23:04:46   139,264   -c--a-w   C:\WINDOWS\system32\javaws.exe
2008-03-24 23:37:01   139,264   -c--a-w   C:\WINDOWS\system32\javaws.exe
- 2004-09-15 12:00:00   294,400   ----a-w   C:\WINDOWS\system32\MSCTF.dll
2008-02-26 12:00:47   294,912   -c--a-w   C:\WINDOWS\system32\msctf.dll
.
(((((((((((((((((((((((((((((( Rekisterin käynnistyskohteet )))))))))))))))))))))))))))))))))))))))))))))
.
.
REGEDIT4
*Huom* Tyhjiä arvoja ja laillisia oletusarvoja ei näytetä

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-09-15 15:00 15360]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe" [2008-06-07 19:15 171448]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="C:\WINDOWS\system32\igfxtray.exe" [2004-07-02 03:02 155648]
"HotKeysCmds"="C:\WINDOWS\system32\hkcmd.exe" [2004-07-02 02:58 118784]
"SoundMan"="SOUNDMAN.EXE" [2004-12-22 10:09 77824 C:\WINDOWS\SOUNDMAN.EXE]
"AGRSMMSG"="AGRSMMSG.exe" [2004-02-21 05:00 88363 C:\WINDOWS\AGRSMMSG.exe]
"LtMoh"="C:\Program Files\ltmoh\Ltmoh.exe" [2003-04-29 06:08 184320]
"SynTPLpr"="C:\Program Files\Synaptics\SynTP\SynTPLpr.exe" [2004-07-24 05:49 102400]
"SynTPEnh"="C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" [2004-07-24 05:49 684032]
"XPFix"="C:\Program Files\GlobespanVirata\XPFix.exe" [2004-07-23 18:25 217188]
"NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [2001-07-09 11:50 155648]
"HP Component Manager"="C:\Program Files\HP\hpcoretech\hpcmpmgr.exe" [2005-01-12 15:54 241664]
"Norman ZANDA"="C:\Norman\Npm\bin\ZLH.exe" [2007-04-27 13:58 183352]
"InCD"="C:\Nero Express\InCD\InCD.exe" [2005-07-25 12:01 1397760]
"HP Software Update"="C:\HP\HP Software Update\HPWuSchd2.exe" [2005-02-17 00:11 49152]
"QuickTime Task"="D:\QuickTime\qttask.exe" [2007-11-11 16:42 286720]
"LVCOMSX"="C:\WINDOWS\system32\LVCOMSX.EXE" [2005-07-19 18:32 221184]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 23:16 39792]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_06\bin\jusched.exe" [2008-03-25 04:28 144784]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-09-15 15:00 15360]

C:\Documents and Settings\Omistaja\K„ynnist„-valikko\Ohjelmat\K„ynnistys\
WKCALREM.LNK - C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkCalRem.exe [2004-07-12 04:54:24 15360]

C:\Documents and Settings\All Users\K„ynnist„-valikko\Ohjelmat\K„ynnistys\
Microsoft Office.lnk - D:\front\Office10\OSA.EXE [2001-02-13 02:01:04 83360]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"vidc.ffds"= D:\IMUROI~1\FFDSHO~1\ffdshow.ax

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000001
"UpdatesDisableNotify"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\Messenger\\msmsgs.exe"=
"D:\\Imurointi\\eMule\\emule.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"D:\\Skype\\Phone\\Skype.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=

R0 NDIS_RD;Firewall Engine Type-R2;C:\WINDOWS\system32\drivers\NDIS_RD.sys [2004-12-06 10:18]
R1 TDI_RD;Firewall Engine Type-R;C:\WINDOWS\system32\drivers\tdi_rd.sys [2004-10-13 22:01]
R2 Automattinen LiveUpdate-ajastustoiminto;Automattinen LiveUpdate-ajastustoiminto;"C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe" [2006-08-03 17:58]
R2 Ndiskio;Ndiskio;C:\Norman\Nse\bin\NDISKIO.SYS [2007-01-02 10:55]
R3 PRISM_A00;PRISM 802.11 Driver;C:\WINDOWS\system32\DRIVERS\PRISMA00.sys [2004-07-20 20:16]
S3 ADM8511;ADMtek ADM8511/AN986 USB To Fast Ethernet Converter;C:\WINDOWS\system32\DRIVERS\ADM8511.SYS [2001-08-17 20:11]
S3 NvcMFlt;NvcMFlt;C:\WINDOWS\system32\DRIVERS\nvcw32mf.sys [2008-02-11 15:56]
S3 nvcoas;Norman Virus Control on-access component;C:\Norman\Nvc\bin\nvcoas.exe [2007-12-12 12:45]
S3 NVCScheduler;Norman Virus Control Scheduler;C:\Norman\Nvc\BIN\NVCSCHED.EXE [2007-03-15 11:48]

.
'Ajoitetut tehtävät'-kansion sisältö
"2008-06-07 17:18:01 C:\WINDOWS\Tasks\Tarkistetaan Windows Live -työkalurivin päivitykset.job"
- C:\Program Files\Windows Live Toolbar\MSNTBUP.EXE
.
**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-06-07 20:59:44
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2008-06-07 21:01:08
ComboFix-quarantined-files.txt 2008-06-07 18:00:43
ComboFix2.txt 2008-06-07 14:04:15
ComboFix3.txt 2008-06-07 11:58:26
ComboFix4.txt 2008-06-07 10:02:18

Pre-Run: 372,064,256 tavua vapaana
Post-Run: 382,291,968 tavua vapaana

160   --- E O F ---   2008-06-05 17:58:03

-----------------------------------------------

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 21:03:52, on 7.6.2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16640)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Nero Express\InCD\InCDsrv.exe
C:\Norman\Npm\bin\ELOGSVC.EXE
C:\Norman\Npm\Bin\Zanda.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\Norman\Npf\BIN\NPFSVICE.EXE
C:\WINDOWS\system32\HPZipm12.exe
C:\WINDOWS\system32\svchost.exe
C:\Norman\Npm\bin\NJEEVES.EXE
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\WINDOWS\AGRSMMSG.exe
C:\Program Files\ltmoh\Ltmoh.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\HP\hpcoretech\hpcmpmgr.exe
C:\Norman\Npm\bin\ZLH.EXE
C:\Nero Express\InCD\InCD.exe
C:\HP\HP Software Update\HPWuSchd2.exe
C:\WINDOWS\system32\LVCOMSX.EXE
C:\Program Files\Java\jre1.6.0_06\bin\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
C:\Norman\Npf\BIN\npfmsg2.exe
C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkCalRem.exe
C:\Program Files\HP\hpcoretech\comp\hptskmgr.exe
C:\WINDOWS\explorer.exe
C:\Program Files\internet explorer\iexplore.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.fi/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://g.msn.fi/0SEFIFI/SAOS01?FORM=TOOLBR
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = ftp=proxy.wlannet.com:3128;http=proxy.wlannet.com:3128;https=proxy.wlannet.com:3128
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Linkit
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O2 - BHO: Windows Liven kirjautumisapuohjelma - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: (no name) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - (no file)
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: (no name) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - (no file)
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [LtMoh] C:\Program Files\ltmoh\Ltmoh.exe
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [XPFix] C:\Program Files\GlobespanVirata\XPFix.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe"
O4 - HKLM\..\Run: [Norman ZANDA] C:\Norman\Npm\bin\ZLH.EXE /LOAD /SPLASH
O4 - HKLM\..\Run: [InCD] C:\Nero Express\InCD\InCD.exe
O4 - HKLM\..\Run: [HP Software Update] C:\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [QuickTime Task] "D:\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\system32\LVCOMSX.EXE
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_06\bin\jusched.exe"
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Paikallinen palve')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Verkkopalve')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: WKCALREM.LNK = C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkCalRem.exe
O4 - Global Startup: Microsoft Office.lnk = D:\front\Office10\OSA.EXE
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O9 - Extra button: Lisää tämä blogiin - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Lisää tämä blogiin tuotteessa Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: EmpirePoker - {77E68763-4284-41d6-B7E7-B6E1F053A9E7} - D:\Reppu\Pelit\EmpirePoker.exe (file missing)
O9 - Extra 'Tools' menuitem: EmpirePoker - {77E68763-4284-41d6-B7E7-B6E1F053A9E7} - D:\Reppu\Pelit\EmpirePoker.exe (file missing)
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: @C:\Program Files\Messenger\Msgslang.dll,-61144 - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: @C:\Program Files\Messenger\Msgslang.dll,-61144 - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Object) - http://appldnld.apple.com.edgesuite.net/content.info.apple.com/QuickTime/qtactivex/qtplugin.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by124w.bay124.mail.live.com/mail/resources/MsnPUpld.cab
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Runtime Environment 1.6.0) - http://dl8-cdn-01.sun.com/s/ESD42/JSCDL/jre/6u6-b90/jinstall-6u6-windows-i586-jc.cab?e=1212855168364&h=6d1a3554bf537f8c6549d124798eb02e/&filename=jinstall-6u6-windows-i586-jc.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
O16 - DPF: {97E71027-0BA2-44F2-97DB-F84D808ED0B6} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab55762.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMessengerSetupDownloader.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://messenger.zone.msn.com/binary/ZIntro.cab55579.cab
O16 - DPF: {BD393C14-72AD-4790-A095-76522973D6B8} (CBreakshotControl Class) - http://messenger.zone.msn.com/binary/Bankshot.cab31267.cab
O16 - DPF: {BDBDE413-7B1C-4C68-A8FF-C5B2B4090876} (F-Secure Online Scanner 3.3) - http://support.f-secure.com/ols/fscax.cab
O23 - Service: Automattinen LiveUpdate-ajastustoiminto - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: Norman eLogger service 6 (eLoggerSvc6) - Norman ASA - C:\Norman\Npm\bin\ELOGSVC.EXE
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InCD Helper (InCDsrv) - Nero AG - C:\Nero Express\InCD\InCDsrv.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: Norman NJeeves - Unknown owner - C:\Norman\Npm\bin\NJEEVES.EXE
O23 - Service: Norman Type-R - Unknown owner - C:\Norman\Npf\BIN\NPFSVICE.EXE
O23 - Service: Norman ZANDA - Norman ASA - C:\Norman\Npm\Bin\Zanda.exe
O23 - Service: Norman Virus Control on-access component (nvcoas) - Norman ASA - C:\Norman\Nvc\bin\nvcoas.exe
O23 - Service: Norman Virus Control Scheduler (NVCScheduler) - Norman ASA - C:\Norman\Nvc\BIN\NVCSCHED.EXE
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe

--
End of file - 9105 bytes
- FixFix
  2008-06-07 21:49:19
  no no
  
  scannaa hjt:llä merkkaa paina Fix checked
  
  O2 - BHO: (no name) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - (no file)
  O3 - Toolbar: (no name) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - (no file)
  
  ==============
  sitten laitas tämä
  
  Luo poistolista:
  •   Avaa HiJackThis
  •   Klikkaa "Configure" valintaa oikealla alhaalla
  •   Klikkaa "Misc Tools"
  •   Klikkaa boxia joka sanoo "Uninstall Manager"
  •   Klikkaa valintaa "Save list"
  •   Kopioi ja liitä kyseinen lista muistiosta postiisi
- meikalainen
  2008-06-07 22:12:09
  FixFix kirjoitti:
  no no
  
  scannaa hjt:llä merkkaa paina Fix checked
  
  O2 - BHO: (no name) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - (no file)
  O3 - Toolbar: (no name) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - (no file)
  
  ==============
  sitten laitas tämä
  
  Luo poistolista:
  •   Avaa HiJackThis
  •   Klikkaa "Configure" valintaa oikealla alhaalla
  •   Klikkaa "Misc Tools"
  •   Klikkaa boxia joka sanoo "Uninstall Manager"
  •   Klikkaa valintaa "Save list"
  •   Kopioi ja liitä kyseinen lista muistiosta postiisi
  Tässä tulee taas listaa :D
  
  Adobe Flash Player ActiveX
  Adobe Reader 8.1.2 - Suomi
  Adobe Shockwave Player
  Agere Systems AC'97 Modem
  APSW Instant Convertor
  Automaattiset valikot (Windows Live Toolbar)
  CCleaner (remove only)
  Command & Conquer Red Alert 2
  Elasto Mania
  eMule
  ffdshow (remove only)
  GdiplusUpgrade
  Google Toolbar for Internet Explorer
  Google Toolbar for Internet Explorer
  Heroes of Might and Magic IV
  HijackThis 2.0.2
  Hotfix for Windows Media Format 11 SDK (KB929399)
  Hotfix for Windows XP (KB915865)
  Hotfix for Windows XP (KB926239)
  Hotfix-korjauspäivitys Windows Media Player 11:lle (KB939683)
  Hotfix-päivitys Windows Internet Explorer 7:lle (KB947864)
  Hotfix-päivitys Windows XP:lle (KB893357)
  Hotfix-päivitys Windows XP:lle (KB914440)
  HP Image Zone 4.2
  HP PSC & OfficeJet 4.2
  HP Software Update
  ImageMixer VCD2
  InCD
  Intel(R) Extreme Graphics 2 Driver
  InterVideo WinDVD
  Java(TM) 6 Update 6
  LiveUpdate 3.0 (Symantec Corporation)
  Logitech® Camera -ohjain
  Macrogaming SweetIM 2.0
  Malwarebytes' Anti-Malware
  Microsoft .NET Framework 1.1
  Microsoft .NET Framework 1.1
  Microsoft .NET Framework 1.1 Finnish Language Pack
  Microsoft .NET Framework 1.1 Hotfix (KB928366)
  Microsoft .NET Framework 2.0 Service Pack 1
  Microsoft Compression Client Pack 1.0 for Windows XP
  Microsoft FrontPage 2000
  Microsoft Internationalized Domain Names Mitigation APIs
  Microsoft National Language Support Downlevel APIs
  Microsoft Office 2000 Professional
  Microsoft Office 2000:n levy 2
  Microsoft Office XP Professional with FrontPage
  Microsoft SQL Server 2005 Compact Edition [ENU]
  Microsoft User-Mode Driver Framework Feature Pack 1.0
  Microsoft Works
  MSXML 4.0 SP2 (KB927978)
  MSXML 4.0 SP2 (KB936181)
  Need for Speed Underground 2
  Nero Digital
  Nero Media Player
  Nero OEM
  Nokia Connectivity Cable Driver
  Norman Internet Control
  OneCare Advisor (Windows Live Toolbar)
  Outlook-työkalurivi (Windows Live Toolbar)
  overland
  Picture Package
  Ponnahdusikkunoiden esto (Windows Live Toolbar)
  PRISM 802.11 Adapter
  Päivitys Windows XP:lle (KB894391)
  Päivitys Windows XP:lle (KB896727)
  Päivitys Windows XP:lle (KB898461)
  Päivitys Windows XP:lle (KB900485)
  Päivitys Windows XP:lle (KB900930)
  Päivitys Windows XP:lle (KB904942)
  Päivitys Windows XP:lle (KB910437)
  Päivitys Windows XP:lle (KB916595)
  Päivitys Windows XP:lle (KB920872)
  Päivitys Windows XP:lle (KB922582)
  Päivitys Windows XP:lle (KB927891)
  Päivitys Windows XP:lle (KB929338)
  Päivitys Windows XP:lle (KB930916)
  Päivitys Windows XP:lle (KB931836)
  Päivitys Windows XP:lle (KB932823-v3)
  Päivitys Windows XP:lle (KB933360)
  Päivitys Windows XP:lle (KB936357)
  Päivitys Windows XP:lle (KB938828)
  Päivitys Windows XP:lle (KB942763)
  Rakennuskasino
  Realtek AC'97 Audio
  Security Update for CAPICOM (KB931906)
  Security Update for CAPICOM (KB931906)
  Serif PhotoPlus 6.0
  S-kanavan Kuvapalvelu
  Skype 2.5
  Sony USB Driver
  Spybot - Search & Destroy
  Suojauspäivitys ohjelmistolle Windows XP (KB923689)
  Suojauspäivitys ohjelmistolle Windows XP (KB941569)
  Suojauspäivitys Windows Internet Explorer 7:lle (KB928090)
  Suojauspäivitys Windows Internet Explorer 7:lle (KB929969)
  Suojauspäivitys Windows Internet Explorer 7:lle (KB931768)
  Suojauspäivitys Windows Internet Explorer 7:lle (KB933566)
  Suojauspäivitys Windows Internet Explorer 7:lle (KB937143)
  Suojauspäivitys Windows Internet Explorer 7:lle (KB938127)
  Suojauspäivitys Windows Internet Explorer 7:lle (KB939653)
  Suojauspäivitys Windows Internet Explorer 7:lle (KB942615)
  Suojauspäivitys Windows Internet Explorer 7:lle (KB944533)
  Suojauspäivitys Windows Media Player 10:lle (KB911565)
  Suojauspäivitys Windows Media Player 10:lle (KB917734)
  Suojauspäivitys Windows Media Player 11:lle (KB936782)
  Suojauspäivitys Windows Media Player 6.4:lle (KB925398)
  Suojauspäivitys Windows Media Playerille (KB911564)
  Suojauspäivitys Windows XP:lle (KB883939)
  Suojauspäivitys Windows XP:lle (KB890046)
  Suojauspäivitys Windows XP:lle (KB893066)
  Suojauspäivitys Windows XP:lle (KB893756)
  Suojauspäivitys Windows XP:lle (KB896358)
  Suojauspäivitys Windows XP:lle (KB896422)
  Suojauspäivitys Windows XP:lle (KB896423)
  Suojauspäivitys Windows XP:lle (KB896424)
  Suojauspäivitys Windows XP:lle (KB896428)
  Suojauspäivitys Windows XP:lle (KB896688)
  Suojauspäivitys Windows XP:lle (KB899587)
  Suojauspäivitys Windows XP:lle (KB899588)
  Suojauspäivitys Windows XP:lle (KB899591)
  Suojauspäivitys Windows XP:lle (KB900725)
  Suojauspäivitys Windows XP:lle (KB901017)
  Suojauspäivitys Windows XP:lle (KB901214)
  Suojauspäivitys Windows XP:lle (KB902400)
  Suojauspäivitys Windows XP:lle (KB903235)
  Suojauspäivitys Windows XP:lle (KB904706)
  Suojauspäivitys Windows XP:lle (KB905414)
  Suojauspäivitys Windows XP:lle (KB905749)
  Suojauspäivitys Windows XP:lle (KB905915)
  Suojauspäivitys Windows XP:lle (KB908519)
  Suojauspäivitys Windows XP:lle (KB908531)
  Suojauspäivitys Windows XP:lle (KB911280)
  Suojauspäivitys Windows XP:lle (KB911562)
  Suojauspäivitys Windows XP:lle (KB911567)
  Suojauspäivitys Windows XP:lle (KB911927)
  Suojauspäivitys Windows XP:lle (KB912812)
  Suojauspäivitys Windows XP:lle (KB912919)
  Suojauspäivitys Windows XP:lle (KB913446)
  Suojauspäivitys Windows XP:lle (KB913580)
  Suojauspäivitys Windows XP:lle (KB914388)
  Suojauspäivitys Windows XP:lle (KB914389)
  Suojauspäivitys Windows XP:lle (KB916281)
  Suojauspäivitys Windows XP:lle (KB917159)
  Suojauspäivitys Windows XP:lle (KB917344)
  Suojauspäivitys Windows XP:lle (KB917422)
  Suojauspäivitys Windows XP:lle (KB917953)
  Suojauspäivitys Windows XP:lle (KB918118)
  Suojauspäivitys Windows XP:lle (KB918439)
  Suojauspäivitys Windows XP:lle (KB918899)
  Suojauspäivitys Windows XP:lle (KB919007)
  Suojauspäivitys Windows XP:lle (KB920213)
  Suojauspäivitys Windows XP:lle (KB920214)
  Suojauspäivitys Windows XP:lle (KB920670)
  Suojauspäivitys Windows XP:lle (KB920683)
  Suojauspäivitys Windows XP:lle (KB920685)
  Suojauspäivitys Windows XP:lle (KB921398)
  Suojauspäivitys Windows XP:lle (KB921503)
  Suojauspäivitys Windows XP:lle (KB921883)
  Suojauspäivitys Windows XP:lle (KB922616)
  Suojauspäivitys Windows XP:lle (KB922760)
  Suojauspäivitys Windows XP:lle (KB922819)
  Suojauspäivitys Windows XP:lle (KB923191)
  Suojauspäivitys Windows XP:lle (KB923414)
  Suojauspäivitys Windows XP:lle (KB923694)
  Suojauspäivitys Windows XP:lle (KB923980)
  Suojauspäivitys Windows XP:lle (KB924191)
  Suojauspäivitys Windows XP:lle (KB924270)
  Suojauspäivitys Windows XP:lle (KB924496)
  Suojauspäivitys Windows XP:lle (KB924667)
  Suojauspäivitys Windows XP:lle (KB925486)
  Suojauspäivitys Windows XP:lle (KB925902)
  Suojauspäivitys Windows XP:lle (KB926255)
  Suojauspäivitys Windows XP:lle (KB926436)
  Suojauspäivitys Windows XP:lle (KB927779)
  Suojauspäivitys Windows XP:lle (KB927802)
  Suojauspäivitys Windows XP:lle (KB928255)
  Suojauspäivitys Windows XP:lle (KB928843)
  Suojauspäivitys Windows XP:lle (KB929123)
  Suojauspäivitys Windows XP:lle (KB930178)
  Suojauspäivitys Windows XP:lle (KB931261)
  Suojauspäivitys Windows XP:lle (KB931784)
  Suojauspäivitys Windows XP:lle (KB932168)
  Suojauspäivitys Windows XP:lle (KB933729)
  Suojauspäivitys Windows XP:lle (KB935839)
  Suojauspäivitys Windows XP:lle (KB935840)
  Suojauspäivitys Windows XP:lle (KB936021)
  Suojauspäivitys Windows XP:lle (KB938829)
  Suojauspäivitys Windows XP:lle (KB941202)
  Suojauspäivitys Windows XP:lle (KB941568)
  Suojauspäivitys Windows XP:lle (KB941644)
  Suojauspäivitys Windows XP:lle (KB941693)
  Suojauspäivitys Windows XP:lle (KB943055)
  Suojauspäivitys Windows XP:lle (KB943460)
  Suojauspäivitys Windows XP:lle (KB943485)
  Suojauspäivitys Windows XP:lle (KB944653)
  Suojauspäivitys Windows XP:lle (KB945553)
  Suojauspäivitys Windows XP:lle (KB946026)
  Suojauspäivitys Windows XP:lle (KB948590)
  Suojauspäivitys Windows XP:lle (KB948881)
  Suojauspäivitys Windows XP:lle (KB950749)
  SweetIM For Internet Explorer 3.0b
  Synaptics Pointing Device Driver
  Syötteen tunnistus (Windows Live Toolbar)
  Westwood Shared Internet Components
  Windows Genuine Advantage v1.3.0254.0
  Windows Imaging Component
  Windows Installer 3.1 (KB893803)
  Windows Internet Explorer 7
  Windows Live installer
  Windows Live Messenger
  Windows Live Toolbar
  Windows Live Toolbar
  Windows Live Toolbarin laajennus (Windows Live Toolbar)
  Windows Live Writer
  Windows Liven kirjautumisavustaja
  Windows Liven sähköposti
  Windows Liven valokuvavalikoima
  Windows Media Format 11 runtime
  Windows Media Format 11 runtime
  Windows Media Player 11
  Windows Media Player 11
  Windows Messenger 5.1
  Windows XP Hotfix - KB873333
  Windows XP Hotfix - KB873339
  Windows XP Hotfix - KB883667
  Windows XP Hotfix - KB885250
  Windows XP Hotfix - KB885835
  Windows XP Hotfix - KB885836
  Windows XP Hotfix - KB885884
  Windows XP Hotfix - KB886185
  Windows XP Hotfix - KB887472
  Windows XP Hotfix - KB887742
  Windows XP Hotfix - KB887797
  Windows XP Hotfix - KB888113
  Windows XP Hotfix - KB888302
  Windows XP Hotfix - KB890175
  Windows XP Hotfix - KB890859
  Windows XP Hotfix - KB891781
  Windows XP Hotfix - KB893086
  WinRAR archiver
  Worms World Party
  Xvid 1.1.2 final uninstall
- FixFix
  2008-06-07 22:33:48
  meikalainen kirjoitti:
  Tässä tulee taas listaa :D
  
  Adobe Flash Player ActiveX
  Adobe Reader 8.1.2 - Suomi
  Adobe Shockwave Player
  Agere Systems AC'97 Modem
  APSW Instant Convertor
  Automaattiset valikot (Windows Live Toolbar)
  CCleaner (remove only)
  Command & Conquer Red Alert 2
  Elasto Mania
  eMule
  ffdshow (remove only)
  GdiplusUpgrade
  Google Toolbar for Internet Explorer
  Google Toolbar for Internet Explorer
  Heroes of Might and Magic IV
  HijackThis 2.0.2
  Hotfix for Windows Media Format 11 SDK (KB929399)
  Hotfix for Windows XP (KB915865)
  Hotfix for Windows XP (KB926239)
  Hotfix-korjauspäivitys Windows Media Player 11:lle (KB939683)
  Hotfix-päivitys Windows Internet Explorer 7:lle (KB947864)
  Hotfix-päivitys Windows XP:lle (KB893357)
  Hotfix-päivitys Windows XP:lle (KB914440)
  HP Image Zone 4.2
  HP PSC & OfficeJet 4.2
  HP Software Update
  ImageMixer VCD2
  InCD
  Intel(R) Extreme Graphics 2 Driver
  InterVideo WinDVD
  Java(TM) 6 Update 6
  LiveUpdate 3.0 (Symantec Corporation)
  Logitech® Camera -ohjain
  Macrogaming SweetIM 2.0
  Malwarebytes' Anti-Malware
  Microsoft .NET Framework 1.1
  Microsoft .NET Framework 1.1
  Microsoft .NET Framework 1.1 Finnish Language Pack
  Microsoft .NET Framework 1.1 Hotfix (KB928366)
  Microsoft .NET Framework 2.0 Service Pack 1
  Microsoft Compression Client Pack 1.0 for Windows XP
  Microsoft FrontPage 2000
  Microsoft Internationalized Domain Names Mitigation APIs
  Microsoft National Language Support Downlevel APIs
  Microsoft Office 2000 Professional
  Microsoft Office 2000:n levy 2
  Microsoft Office XP Professional with FrontPage
  Microsoft SQL Server 2005 Compact Edition [ENU]
  Microsoft User-Mode Driver Framework Feature Pack 1.0
  Microsoft Works
  MSXML 4.0 SP2 (KB927978)
  MSXML 4.0 SP2 (KB936181)
  Need for Speed Underground 2
  Nero Digital
  Nero Media Player
  Nero OEM
  Nokia Connectivity Cable Driver
  Norman Internet Control
  OneCare Advisor (Windows Live Toolbar)
  Outlook-työkalurivi (Windows Live Toolbar)
  overland
  Picture Package
  Ponnahdusikkunoiden esto (Windows Live Toolbar)
  PRISM 802.11 Adapter
  Päivitys Windows XP:lle (KB894391)
  Päivitys Windows XP:lle (KB896727)
  Päivitys Windows XP:lle (KB898461)
  Päivitys Windows XP:lle (KB900485)
  Päivitys Windows XP:lle (KB900930)
  Päivitys Windows XP:lle (KB904942)
  Päivitys Windows XP:lle (KB910437)
  Päivitys Windows XP:lle (KB916595)
  Päivitys Windows XP:lle (KB920872)
  Päivitys Windows XP:lle (KB922582)
  Päivitys Windows XP:lle (KB927891)
  Päivitys Windows XP:lle (KB929338)
  Päivitys Windows XP:lle (KB930916)
  Päivitys Windows XP:lle (KB931836)
  Päivitys Windows XP:lle (KB932823-v3)
  Päivitys Windows XP:lle (KB933360)
  Päivitys Windows XP:lle (KB936357)
  Päivitys Windows XP:lle (KB938828)
  Päivitys Windows XP:lle (KB942763)
  Rakennuskasino
  Realtek AC'97 Audio
  Security Update for CAPICOM (KB931906)
  Security Update for CAPICOM (KB931906)
  Serif PhotoPlus 6.0
  S-kanavan Kuvapalvelu
  Skype 2.5
  Sony USB Driver
  Spybot - Search & Destroy
  Suojauspäivitys ohjelmistolle Windows XP (KB923689)
  Suojauspäivitys ohjelmistolle Windows XP (KB941569)
  Suojauspäivitys Windows Internet Explorer 7:lle (KB928090)
  Suojauspäivitys Windows Internet Explorer 7:lle (KB929969)
  Suojauspäivitys Windows Internet Explorer 7:lle (KB931768)
  Suojauspäivitys Windows Internet Explorer 7:lle (KB933566)
  Suojauspäivitys Windows Internet Explorer 7:lle (KB937143)
  Suojauspäivitys Windows Internet Explorer 7:lle (KB938127)
  Suojauspäivitys Windows Internet Explorer 7:lle (KB939653)
  Suojauspäivitys Windows Internet Explorer 7:lle (KB942615)
  Suojauspäivitys Windows Internet Explorer 7:lle (KB944533)
  Suojauspäivitys Windows Media Player 10:lle (KB911565)
  Suojauspäivitys Windows Media Player 10:lle (KB917734)
  Suojauspäivitys Windows Media Player 11:lle (KB936782)
  Suojauspäivitys Windows Media Player 6.4:lle (KB925398)
  Suojauspäivitys Windows Media Playerille (KB911564)
  Suojauspäivitys Windows XP:lle (KB883939)
  Suojauspäivitys Windows XP:lle (KB890046)
  Suojauspäivitys Windows XP:lle (KB893066)
  Suojauspäivitys Windows XP:lle (KB893756)
  Suojauspäivitys Windows XP:lle (KB896358)
  Suojauspäivitys Windows XP:lle (KB896422)
  Suojauspäivitys Windows XP:lle (KB896423)
  Suojauspäivitys Windows XP:lle (KB896424)
  Suojauspäivitys Windows XP:lle (KB896428)
  Suojauspäivitys Windows XP:lle (KB896688)
  Suojauspäivitys Windows XP:lle (KB899587)
  Suojauspäivitys Windows XP:lle (KB899588)
  Suojauspäivitys Windows XP:lle (KB899591)
  Suojauspäivitys Windows XP:lle (KB900725)
  Suojauspäivitys Windows XP:lle (KB901017)
  Suojauspäivitys Windows XP:lle (KB901214)
  Suojauspäivitys Windows XP:lle (KB902400)
  Suojauspäivitys Windows XP:lle (KB903235)
  Suojauspäivitys Windows XP:lle (KB904706)
  Suojauspäivitys Windows XP:lle (KB905414)
  Suojauspäivitys Windows XP:lle (KB905749)
  Suojauspäivitys Windows XP:lle (KB905915)
  Suojauspäivitys Windows XP:lle (KB908519)
  Suojauspäivitys Windows XP:lle (KB908531)
  Suojauspäivitys Windows XP:lle (KB911280)
  Suojauspäivitys Windows XP:lle (KB911562)
  Suojauspäivitys Windows XP:lle (KB911567)
  Suojauspäivitys Windows XP:lle (KB911927)
  Suojauspäivitys Windows XP:lle (KB912812)
  Suojauspäivitys Windows XP:lle (KB912919)
  Suojauspäivitys Windows XP:lle (KB913446)
  Suojauspäivitys Windows XP:lle (KB913580)
  Suojauspäivitys Windows XP:lle (KB914388)
  Suojauspäivitys Windows XP:lle (KB914389)
  Suojauspäivitys Windows XP:lle (KB916281)
  Suojauspäivitys Windows XP:lle (KB917159)
  Suojauspäivitys Windows XP:lle (KB917344)
  Suojauspäivitys Windows XP:lle (KB917422)
  Suojauspäivitys Windows XP:lle (KB917953)
  Suojauspäivitys Windows XP:lle (KB918118)
  Suojauspäivitys Windows XP:lle (KB918439)
  Suojauspäivitys Windows XP:lle (KB918899)
  Suojauspäivitys Windows XP:lle (KB919007)
  Suojauspäivitys Windows XP:lle (KB920213)
  Suojauspäivitys Windows XP:lle (KB920214)
  Suojauspäivitys Windows XP:lle (KB920670)
  Suojauspäivitys Windows XP:lle (KB920683)
  Suojauspäivitys Windows XP:lle (KB920685)
  Suojauspäivitys Windows XP:lle (KB921398)
  Suojauspäivitys Windows XP:lle (KB921503)
  Suojauspäivitys Windows XP:lle (KB921883)
  Suojauspäivitys Windows XP:lle (KB922616)
  Suojauspäivitys Windows XP:lle (KB922760)
  Suojauspäivitys Windows XP:lle (KB922819)
  Suojauspäivitys Windows XP:lle (KB923191)
  Suojauspäivitys Windows XP:lle (KB923414)
  Suojauspäivitys Windows XP:lle (KB923694)
  Suojauspäivitys Windows XP:lle (KB923980)
  Suojauspäivitys Windows XP:lle (KB924191)
  Suojauspäivitys Windows XP:lle (KB924270)
  Suojauspäivitys Windows XP:lle (KB924496)
  Suojauspäivitys Windows XP:lle (KB924667)
  Suojauspäivitys Windows XP:lle (KB925486)
  Suojauspäivitys Windows XP:lle (KB925902)
  Suojauspäivitys Windows XP:lle (KB926255)
  Suojauspäivitys Windows XP:lle (KB926436)
  Suojauspäivitys Windows XP:lle (KB927779)
  Suojauspäivitys Windows XP:lle (KB927802)
  Suojauspäivitys Windows XP:lle (KB928255)
  Suojauspäivitys Windows XP:lle (KB928843)
  Suojauspäivitys Windows XP:lle (KB929123)
  Suojauspäivitys Windows XP:lle (KB930178)
  Suojauspäivitys Windows XP:lle (KB931261)
  Suojauspäivitys Windows XP:lle (KB931784)
  Suojauspäivitys Windows XP:lle (KB932168)
  Suojauspäivitys Windows XP:lle (KB933729)
  Suojauspäivitys Windows XP:lle (KB935839)
  Suojauspäivitys Windows XP:lle (KB935840)
  Suojauspäivitys Windows XP:lle (KB936021)
  Suojauspäivitys Windows XP:lle (KB938829)
  Suojauspäivitys Windows XP:lle (KB941202)
  Suojauspäivitys Windows XP:lle (KB941568)
  Suojauspäivitys Windows XP:lle (KB941644)
  Suojauspäivitys Windows XP:lle (KB941693)
  Suojauspäivitys Windows XP:lle (KB943055)
  Suojauspäivitys Windows XP:lle (KB943460)
  Suojauspäivitys Windows XP:lle (KB943485)
  Suojauspäivitys Windows XP:lle (KB944653)
  Suojauspäivitys Windows XP:lle (KB945553)
  Suojauspäivitys Windows XP:lle (KB946026)
  Suojauspäivitys Windows XP:lle (KB948590)
  Suojauspäivitys Windows XP:lle (KB948881)
  Suojauspäivitys Windows XP:lle (KB950749)
  SweetIM For Internet Explorer 3.0b
  Synaptics Pointing Device Driver
  Syötteen tunnistus (Windows Live Toolbar)
  Westwood Shared Internet Components
  Windows Genuine Advantage v1.3.0254.0
  Windows Imaging Component
  Windows Installer 3.1 (KB893803)
  Windows Internet Explorer 7
  Windows Live installer
  Windows Live Messenger
  Windows Live Toolbar
  Windows Live Toolbar
  Windows Live Toolbarin laajennus (Windows Live Toolbar)
  Windows Live Writer
  Windows Liven kirjautumisavustaja
  Windows Liven sähköposti
  Windows Liven valokuvavalikoima
  Windows Media Format 11 runtime
  Windows Media Format 11 runtime
  Windows Media Player 11
  Windows Media Player 11
  Windows Messenger 5.1
  Windows XP Hotfix - KB873333
  Windows XP Hotfix - KB873339
  Windows XP Hotfix - KB883667
  Windows XP Hotfix - KB885250
  Windows XP Hotfix - KB885835
  Windows XP Hotfix - KB885836
  Windows XP Hotfix - KB885884
  Windows XP Hotfix - KB886185
  Windows XP Hotfix - KB887472
  Windows XP Hotfix - KB887742
  Windows XP Hotfix - KB887797
  Windows XP Hotfix - KB888113
  Windows XP Hotfix - KB888302
  Windows XP Hotfix - KB890175
  Windows XP Hotfix - KB890859
  Windows XP Hotfix - KB891781
  Windows XP Hotfix - KB893086
  WinRAR archiver
  Worms World Party
  Xvid 1.1.2 final uninstall
  sulla on norman koneella
  
  poistetaan siloin lisää poista sovelutuksesta
  
  Macrogaming SweetIM 2.0
  LiveUpdate 3.0 (Symantec Corporation)
  SweetIM For Internet Explorer 3.0b
  
  ===================
  
  1. Klikkaa käynnistä > Oma tietokone oikean puoleisella hiiren napilla
  2. Valitse ominaisuudet
  3. Valitse järjestelmän palauttaminen välilehti
  4. Ruksi eteen ¤ poista järjestelmän palauttaminen kaikissa asemissa
  5. Paina Käytä
  6. Paina ok
  7. Sammuta ja käynnistä
  8. Ota ruksi pois ¤ poista järjestelmän palauttaminen kaikissa asemissa
  9. Käytä ja OK
  
  ============
  
  scannaa uudelleen
  Malwarebytes' Anti-Malware
- meikalainen
  2008-06-07 23:55:30
  FixFix kirjoitti:
  sulla on norman koneella
  
  poistetaan siloin lisää poista sovelutuksesta
  
  Macrogaming SweetIM 2.0
  LiveUpdate 3.0 (Symantec Corporation)
  SweetIM For Internet Explorer 3.0b
  
  ===================
  
  1. Klikkaa käynnistä > Oma tietokone oikean puoleisella hiiren napilla
  2. Valitse ominaisuudet
  3. Valitse järjestelmän palauttaminen välilehti
  4. Ruksi eteen ¤ poista järjestelmän palauttaminen kaikissa asemissa
  5. Paina Käytä
  6. Paina ok
  7. Sammuta ja käynnistä
  8. Ota ruksi pois ¤ poista järjestelmän palauttaminen kaikissa asemissa
  9. Käytä ja OK
  
  ============
  
  scannaa uudelleen
  Malwarebytes' Anti-Malware
  eipä tuossa ole paljon lukemista... :)
  
  Malwarebytes' Anti-Malware 1.15
  Tietokantaversio: 838
  
  23:50:28 7.6.2008
  mbam-log-6-7-2008 (23-50-28).txt
  
  Tarkistustyyppi: Täysi tarkistus (C:\|D:\|)
  Tarkistetut kohteet: 109559
  Kulunut aika: 31 minute(s), 23 second(s)
  
  Saastuneita muistiprosesseja: 0
  Saastuneita muistimoduuleja: 0
  Saastuneita rekisteriavaimia: 0
  Saastuneita rekisteriarvoja: 0
  Saastuneita rekisterikohteita: 0
  Saastuneita hakemistoja: 0
  Saastuneita tiedostoja: 0
  
  Saastuneita muistiprosesseja:
  (Haitallisia kohteita ei löydetty)
  
  Saastuneita muistimoduuleja:
  (Haitallisia kohteita ei löydetty)
  
  Saastuneita rekisteriavaimia:
  (Haitallisia kohteita ei löydetty)
  
  Saastuneita rekisteriarvoja:
  (Haitallisia kohteita ei löydetty)
  
  Saastuneita rekisterikohteita:
  (Haitallisia kohteita ei löydetty)
  
  Saastuneita hakemistoja:
  (Haitallisia kohteita ei löydetty)
  
  Saastuneita tiedostoja:
  (Haitallisia kohteita ei löydetty)
- meikalainen
  2008-06-08 00:03:36
  meikalainen kirjoitti:
  eipä tuossa ole paljon lukemista... :)
  
  Malwarebytes' Anti-Malware 1.15
  Tietokantaversio: 838
  
  23:50:28 7.6.2008
  mbam-log-6-7-2008 (23-50-28).txt
  
  Tarkistustyyppi: Täysi tarkistus (C:\|D:\|)
  Tarkistetut kohteet: 109559
  Kulunut aika: 31 minute(s), 23 second(s)
  
  Saastuneita muistiprosesseja: 0
  Saastuneita muistimoduuleja: 0
  Saastuneita rekisteriavaimia: 0
  Saastuneita rekisteriarvoja: 0
  Saastuneita rekisterikohteita: 0
  Saastuneita hakemistoja: 0
  Saastuneita tiedostoja: 0
  
  Saastuneita muistiprosesseja:
  (Haitallisia kohteita ei löydetty)
  
  Saastuneita muistimoduuleja:
  (Haitallisia kohteita ei löydetty)
  
  Saastuneita rekisteriavaimia:
  (Haitallisia kohteita ei löydetty)
  
  Saastuneita rekisteriarvoja:
  (Haitallisia kohteita ei löydetty)
  
  Saastuneita rekisterikohteita:
  (Haitallisia kohteita ei löydetty)
  
  Saastuneita hakemistoja:
  (Haitallisia kohteita ei löydetty)
  
  Saastuneita tiedostoja:
  (Haitallisia kohteita ei löydetty)
  laitan kohta uuden lokin kun jostain syystä skannasin sen ennenkun poistin nuo tietytohjelmat... Kohta tulee listaa...
- meikalainen
  2008-06-08 00:25:46
  meikalainen kirjoitti:
  laitan kohta uuden lokin kun jostain syystä skannasin sen ennenkun poistin nuo tietytohjelmat... Kohta tulee listaa...
  Noh, samanlainen tulee... Ei tullu muutoksia. :(
  
  Malwarebytes' Anti-Malware 1.15
  Tietokantaversio: 838
  
  0:17:31 8.6.2008
  mbam-log-6-8-2008 (00-17-31).txt
  
  Tarkistustyyppi: Täysi tarkistus (C:\|D:\|)
  Tarkistetut kohteet: 50233
  Kulunut aika: 15 minute(s), 44 second(s)
  
  Saastuneita muistiprosesseja: 0
  Saastuneita muistimoduuleja: 0
  Saastuneita rekisteriavaimia: 0
  Saastuneita rekisteriarvoja: 0
  Saastuneita rekisterikohteita: 0
  Saastuneita hakemistoja: 0
  Saastuneita tiedostoja: 0
  
  Saastuneita muistiprosesseja:
  (Haitallisia kohteita ei löydetty)
  
  Saastuneita muistimoduuleja:
  (Haitallisia kohteita ei löydetty)
  
  Saastuneita rekisteriavaimia:
  (Haitallisia kohteita ei löydetty)
  
  Saastuneita rekisteriarvoja:
  (Haitallisia kohteita ei löydetty)
  
  Saastuneita rekisterikohteita:
  (Haitallisia kohteita ei löydetty)
  
  Saastuneita hakemistoja:
  (Haitallisia kohteita ei löydetty)
  
  Saastuneita tiedostoja:
  (Haitallisia kohteita ei löydetty)
- Fix.fix
  2008-06-08 01:03:56
  meikalainen kirjoitti:
  Noh, samanlainen tulee... Ei tullu muutoksia. :(
  
  Malwarebytes' Anti-Malware 1.15
  Tietokantaversio: 838
  
  0:17:31 8.6.2008
  mbam-log-6-8-2008 (00-17-31).txt
  
  Tarkistustyyppi: Täysi tarkistus (C:\|D:\|)
  Tarkistetut kohteet: 50233
  Kulunut aika: 15 minute(s), 44 second(s)
  
  Saastuneita muistiprosesseja: 0
  Saastuneita muistimoduuleja: 0
  Saastuneita rekisteriavaimia: 0
  Saastuneita rekisteriarvoja: 0
  Saastuneita rekisterikohteita: 0
  Saastuneita hakemistoja: 0
  Saastuneita tiedostoja: 0
  
  Saastuneita muistiprosesseja:
  (Haitallisia kohteita ei löydetty)
  
  Saastuneita muistimoduuleja:
  (Haitallisia kohteita ei löydetty)
  
  Saastuneita rekisteriavaimia:
  (Haitallisia kohteita ei löydetty)
  
  Saastuneita rekisteriarvoja:
  (Haitallisia kohteita ei löydetty)
  
  Saastuneita rekisterikohteita:
  (Haitallisia kohteita ei löydetty)
  
  Saastuneita hakemistoja:
  (Haitallisia kohteita ei löydetty)
  
  Saastuneita tiedostoja:
  (Haitallisia kohteita ei löydetty)
  ehkä päätös tälle
  
  scannaa combofix loki
  
  ja hjt:n loki
- meikalainen
  2008-06-08 10:37:44
  Fix.fix kirjoitti:
  ehkä päätös tälle
  
  scannaa combofix loki
  
  ja hjt:n loki
  Tässä nyt combifix ja hijac this...
  
  ComboFix 08-06-05.2 - Omistaja 2008-06-08 10:29:00.7 - NTFSx86
  Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1035.18.119 [GMT 3:00]
  Running from: C:\Documents and Settings\Omistaja\Työpöytä\Virus-ohjelmia\ComboFix.exe
  
  [color=red][b]WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !![/b][/color]
  .
  
  ((((( Tiedostot, jotka on luotu seuraavalla aikavälillä: 2008-05-08 to 2008-06-08 )))))))))))))))))
  .
  
  2008-06-07 19:13 . 2008-03-25 02:37   69,632   --a--c---   C:\WINDOWS\system32\javacpl.cpl
  2008-06-07 19:12 . 2008-06-07 19:13      d----c---   C:\Program Files\Java
  2008-06-07 19:11 . 2008-06-07 19:11      d----c---   C:\Program Files\Common Files\Java
  2008-06-07 18:23 . 2008-06-07 18:25      d----c---   C:\Malwarebytes' Anti-Malware
  2008-06-07 18:23 . 2008-06-07 18:23      d--------   C:\Documents and Settings\Omistaja\Application Data\Malwarebytes
  2008-06-07 18:23 . 2008-06-07 18:23      d----c---   C:\Documents and Settings\All Users\Application Data\Malwarebytes
  2008-06-07 18:23 . 2008-06-05 16:04   34,296   --a--c---   C:\WINDOWS\system32\drivers\mbamcatchme.sys
  2008-06-07 18:23 . 2008-06-05 16:04   15,864   --a--c---   C:\WINDOWS\system32\drivers\mbam.sys
  2008-06-04 14:40 . 2008-06-04 14:40   132,608   --a------   C:\WINDOWS\system32\kpergtyr.dll
  2008-06-04 14:40 . 2008-06-04 14:40   126,976   --a------   C:\WINDOWS\system32\cathhryt.dll
  2008-06-03 19:00 . 2008-06-03 19:00   52,331   --a--c---   C:\f.bat
  2008-06-03 18:36 . 2008-06-03 21:22   86,548   --a------   C:\Documents and Settings\Omistaja\setupa.exe
  2008-06-02 17:17 . 2008-06-02 17:17      d----c---   C:\Program Files\Trend Micro
  2008-05-29 21:23 . 2008-05-29 21:23      d----c---   C:\fsaua.data
  2008-05-29 20:32 . 2008-05-29 20:45      d-a--c---   C:\MSNFix
  2008-05-29 20:27 . 2008-06-05 16:50   501   --a--c---   C:\WINDOWS\wininit.ini
  2008-05-29 20:01 . 2008-05-29 20:01      d----c---   C:\Program Files\CCleaner
  2008-05-29 19:46 . 2008-05-29 19:46      d----c---   C:\Program Files\Spybot - Search & Destroy
  2008-05-29 19:46 . 2008-05-29 19:47      d----c---   C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
  2008-05-29 17:15 . 2008-05-29 17:35   102,664   --a--c---   C:\WINDOWS\system32\drivers\tmcomm.sys
  2008-05-29 17:12 . 2008-05-29 17:35      d--------   C:\Documents and Settings\Omistaja\.housecall6.6
  2008-05-29 17:11 . 2008-05-29 18:53   687   --a--c---   C:\WINDOWS\cookies.MSNFix
  
  .
  (((((((((((((((((((((((((((((((((((( Find3M-raportti ))))))))))))))))))))))))))))))))))))))))))))))))))))))
  .
  2008-06-08 07:24   5   -c--a-w   C:\NPF_USER.DAT
  2008-06-07 20:58   ---------   dc----w   C:\Program Files\Common Files\Symantec Shared
  2008-06-07 16:29   ---------   dc----w   C:\Documents and Settings\All Users\Application Data\NPF
  2008-06-07 16:19   ---------   dc----w   C:\Program Files\Google
  2008-03-25 04:51   621,344   -c--a-w   C:\WINDOWS\system32\mswstr10.dll
  2008-03-25 04:51   166,688   -c--a-w   C:\WINDOWS\system32\msjint40.dll
  2008-03-20 08:09   1,845,504   -c--a-w   C:\WINDOWS\system32\win32k.sys
  2007-03-13 09:36   822   ----a-w   C:\Documents and Settings\Omistaja\Application Data\wklnhst.dat
  2006-01-30 18:20   560   -c--a-w   C:\Documents and Settings\Omistaja\Application Data\ViewerApp.dat
  2005-06-03 13:31   380   -c--a-w   C:\Documents and Settings\Omistaja\GlobalData.dat
  1999-06-09 14:51   99,840   -c--a-w   C:\Program Files\Common Files\IRAABOUT.DLL
  1998-12-09 00:53   70,144   -c--a-w   C:\Program Files\Common Files\IRAMDMTR.DLL
  1998-12-09 00:53   48,640   -c--a-w   C:\Program Files\Common Files\IRALPTTR.DLL
  1998-12-09 00:53   31,744   -c--a-w   C:\Program Files\Common Files\IRAWEBTR.DLL
  1998-12-09 00:53   186,368   -c--a-w   C:\Program Files\Common Files\IRAREG.DLL
  1998-12-09 00:53   17,920   -c--a-w   C:\Program Files\Common Files\IRASRIAL.DLL
  .
  
  ((((((((((((((((((((((((((((( snapshot@2008-06-05_20.56.00.47 )))))))))))))))))))))))))))))))))))))))))
  .
  2008-02-26 11:49:28   297,984   -c--a-w   C:\WINDOWS\$hf_mig$\KB932823-v3\SP2QFE\msctf.dll
  2007-03-06 01:31:09   14,048   -c--a-w   C:\WINDOWS\$hf_mig$\KB932823-v3\spmsg.dll
  2007-03-06 01:31:14   214,752   -c--a-w   C:\WINDOWS\$hf_mig$\KB932823-v3\spuninst.exe
  2007-03-06 01:31:07   22,752   -c--a-w   C:\WINDOWS\$hf_mig$\KB932823-v3\update\spcustom.dll
  2007-03-06 01:31:32   717,536   -c--a-w   C:\WINDOWS\$hf_mig$\KB932823-v3\update\update.exe
  2007-03-06 01:32:23   380,640   -c--a-w   C:\WINDOWS\$hf_mig$\KB932823-v3\update\updspapi.dll
  - 2008-06-05 17:50:00   2,048   --s-a-w   C:\WINDOWS\bootstat.dat
  2008-06-08 07:24:17   2,048   --s-a-w   C:\WINDOWS\bootstat.dat
  - 2004-09-15 12:00:00   294,400   -c--a-w   C:\WINDOWS\system32\dllcache\msctf.dll
  2008-02-26 12:00:47   294,912   -c--a-w   C:\WINDOWS\system32\dllcache\msctf.dll
  - 2007-03-13 21:31:24   135,168   -c--a-w   C:\WINDOWS\system32\java.exe
  2008-03-24 22:28:39   135,168   -c--a-w   C:\WINDOWS\system32\java.exe
  - 2007-03-13 21:31:28   135,168   -c--a-w   C:\WINDOWS\system32\javaw.exe
  2008-03-24 22:28:43   135,168   -c--a-w   C:\WINDOWS\system32\javaw.exe
  - 2007-03-13 23:04:46   139,264   -c--a-w   C:\WINDOWS\system32\javaws.exe
  2008-03-24 23:37:01   139,264   -c--a-w   C:\WINDOWS\system32\javaws.exe
  - 2004-09-15 12:00:00   294,400   ----a-w   C:\WINDOWS\system32\MSCTF.dll
  2008-02-26 12:00:47   294,912   -c--a-w   C:\WINDOWS\system32\msctf.dll
  .
  (((((((((((((((((((((((((((((( Rekisterin käynnistyskohteet )))))))))))))))))))))))))))))))))))))))))))))
  .
  .
  REGEDIT4
  *Huom* Tyhjiä arvoja ja laillisia oletusarvoja ei näytetä
  
  [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
  "CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-09-15 15:00 15360]
  "swg"="C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe" [2008-06-07 19:15 171448]
  
  [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
  "IgfxTray"="C:\WINDOWS\system32\igfxtray.exe" [2004-07-02 03:02 155648]
  "HotKeysCmds"="C:\WINDOWS\system32\hkcmd.exe" [2004-07-02 02:58 118784]
  "SoundMan"="SOUNDMAN.EXE" [2004-12-22 10:09 77824 C:\WINDOWS\SOUNDMAN.EXE]
  "AGRSMMSG"="AGRSMMSG.exe" [2004-02-21 05:00 88363 C:\WINDOWS\AGRSMMSG.exe]
  "LtMoh"="C:\Program Files\ltmoh\Ltmoh.exe" [2003-04-29 06:08 184320]
  "SynTPLpr"="C:\Program Files\Synaptics\SynTP\SynTPLpr.exe" [2004-07-24 05:49 102400]
  "SynTPEnh"="C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" [2004-07-24 05:49 684032]
  "XPFix"="C:\Program Files\GlobespanVirata\XPFix.exe" [2004-07-23 18:25 217188]
  "NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [2001-07-09 11:50 155648]
  "HP Component Manager"="C:\Program Files\HP\hpcoretech\hpcmpmgr.exe" [2005-01-12 15:54 241664]
  "Norman ZANDA"="C:\Norman\Npm\bin\ZLH.exe" [2007-04-27 13:58 183352]
  "InCD"="C:\Nero Express\InCD\InCD.exe" [2005-07-25 12:01 1397760]
  "HP Software Update"="C:\HP\HP Software Update\HPWuSchd2.exe" [2005-02-17 00:11 49152]
  "QuickTime Task"="D:\QuickTime\qttask.exe" [2007-11-11 16:42 286720]
  "LVCOMSX"="C:\WINDOWS\system32\LVCOMSX.EXE" [2005-07-19 18:32 221184]
  "Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 23:16 39792]
  "SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_06\bin\jusched.exe" [2008-03-25 04:28 144784]
  
  [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
  "CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-09-15 15:00 15360]
  
  C:\Documents and Settings\Omistaja\K„ynnist„-valikko\Ohjelmat\K„ynnistys\
  WKCALREM.LNK - C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkCalRem.exe [2004-07-12 04:54:24 15360]
  
  C:\Documents and Settings\All Users\K„ynnist„-valikko\Ohjelmat\K„ynnistys\
  Microsoft Office.lnk - D:\front\Office10\OSA.EXE [2001-02-13 02:01:04 83360]
  
  [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
  "vidc.ffds"= D:\IMUROI~1\FFDSHO~1\ffdshow.ax
  
  [HKEY_LOCAL_MACHINE\software\microsoft\security center]
  "AntiVirusDisableNotify"=dword:00000001
  "UpdatesDisableNotify"=dword:00000001
  
  [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
  "DisableMonitoring"=dword:00000001
  
  [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
  "EnableFirewall"= 0 (0x0)
  
  [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
  "%windir%\\system32\\sessmgr.exe"=
  "C:\\Program Files\\Messenger\\msmsgs.exe"=
  "D:\\Imurointi\\eMule\\emule.exe"=
  "%windir%\\Network Diagnostic\\xpnetdiag.exe"=
  "D:\\Skype\\Phone\\Skype.exe"=
  "C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
  "C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=
  
  R0 NDIS_RD;Firewall Engine Type-R2;C:\WINDOWS\system32\drivers\NDIS_RD.sys [2004-12-06 10:18]
  R1 TDI_RD;Firewall Engine Type-R;C:\WINDOWS\system32\drivers\tdi_rd.sys [2004-10-13 22:01]
  R2 Ndiskio;Ndiskio;C:\Norman\Nse\bin\NDISKIO.SYS [2007-01-02 10:55]
  R3 PRISM_A00;PRISM 802.11 Driver;C:\WINDOWS\system32\DRIVERS\PRISMA00.sys [2004-07-20 20:16]
  S3 ADM8511;ADMtek ADM8511/AN986 USB To Fast Ethernet Converter;C:\WINDOWS\system32\DRIVERS\ADM8511.SYS [2001-08-17 20:11]
  S3 NvcMFlt;NvcMFlt;C:\WINDOWS\system32\DRIVERS\nvcw32mf.sys [2008-02-11 15:56]
  S3 nvcoas;Norman Virus Control on-access component;C:\Norman\Nvc\bin\nvcoas.exe [2007-12-12 12:45]
  S3 NVCScheduler;Norman Virus Control Scheduler;C:\Norman\Nvc\BIN\NVCSCHED.EXE [2007-03-15 11:48]
  
  .
  'Ajoitetut tehtävät'-kansion sisältö
  "2008-06-08 03:18:00 C:\WINDOWS\Tasks\Tarkistetaan Windows Live -työkalurivin päivitykset.job"
  - C:\Program Files\Windows Live Toolbar\MSNTBUP.EXE
  .
  **************************************************************************
  
  catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
  Rootkit scan 2008-06-08 10:30:36
  Windows 5.1.2600 Service Pack 2 NTFS
  
  scanning hidden processes ...
  
  scanning hidden autostart entries ...
  
  scanning hidden files ...
  
  scan completed successfully
  hidden files: 0
  
  **************************************************************************
  .
  Completion time: 2008-06-08 10:32:02
  ComboFix-quarantined-files.txt 2008-06-08 07:31:34
  ComboFix2.txt 2008-06-07 18:01:09
  ComboFix3.txt 2008-06-07 14:04:15
  ComboFix4.txt 2008-06-07 11:58:26
  ComboFix5.txt 2008-06-07 10:02:18
  
  Pre-Run: 827,736,064 tavua vapaana
  Post-Run: 833,413,120 tavua vapaana
  
  151   --- E O F ---   2008-06-05 17:58:03
  
  ------------------------------------------------
  
  Logfile of Trend Micro HijackThis v2.0.2
  Scan saved at 10:34:21, on 8.6.2008
  Platform: Windows XP SP2 (WinNT 5.01.2600)
  MSIE: Internet Explorer v7.00 (7.00.6000.16640)
  Boot mode: Normal
  
  Running processes:
  C:\WINDOWS\System32\smss.exe
  C:\WINDOWS\system32\winlogon.exe
  C:\WINDOWS\system32\services.exe
  C:\WINDOWS\system32\lsass.exe
  C:\WINDOWS\system32\svchost.exe
  C:\WINDOWS\System32\svchost.exe
  C:\Nero Express\InCD\InCDsrv.exe
  C:\Norman\Npm\bin\ELOGSVC.EXE
  C:\Norman\Npm\Bin\Zanda.exe
  C:\WINDOWS\system32\spoolsv.exe
  C:\Norman\Npf\BIN\NPFSVICE.EXE
  C:\WINDOWS\system32\HPZipm12.exe
  C:\WINDOWS\system32\svchost.exe
  C:\Norman\Npm\bin\NJEEVES.EXE
  C:\WINDOWS\system32\hkcmd.exe
  C:\WINDOWS\SOUNDMAN.EXE
  C:\WINDOWS\AGRSMMSG.exe
  C:\Program Files\ltmoh\Ltmoh.exe
  C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
  C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
  C:\Program Files\HP\hpcoretech\hpcmpmgr.exe
  C:\Norman\Npm\bin\ZLH.EXE
  C:\Nero Express\InCD\InCD.exe
  C:\HP\HP Software Update\HPWuSchd2.exe
  C:\WINDOWS\system32\LVCOMSX.EXE
  C:\Program Files\Java\jre1.6.0_06\bin\jusched.exe
  C:\WINDOWS\system32\ctfmon.exe
  C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
  C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkCalRem.exe
  C:\Norman\Npf\BIN\npfmsg2.exe
  C:\WINDOWS\explorer.exe
  C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
  
  R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.fi/
  R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
  R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
  R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
  R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
  R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://g.msn.fi/0SEFIFI/SAOS01?FORM=TOOLBR
  R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = ftp=proxy.wlannet.com:3128;http=proxy.wlannet.com:3128;https=proxy.wlannet.com:3128
  R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Linkit
  O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
  O2 - BHO: Windows Liven kirjautumisapuohjelma - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
  O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
  O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
  O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
  O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
  O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
  O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
  O4 - HKLM\..\Run: [LtMoh] C:\Program Files\ltmoh\Ltmoh.exe
  O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
  O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
  O4 - HKLM\..\Run: [XPFix] C:\Program Files\GlobespanVirata\XPFix.exe
  O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
  O4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe"
  O4 - HKLM\..\Run: [Norman ZANDA] C:\Norman\Npm\bin\ZLH.EXE /LOAD /SPLASH
  O4 - HKLM\..\Run: [InCD] C:\Nero Express\InCD\InCD.exe
  O4 - HKLM\..\Run: [HP Software Update] C:\HP\HP Software Update\HPWuSchd2.exe
  O4 - HKLM\..\Run: [QuickTime Task] "D:\QuickTime\qttask.exe" -atboottime
  O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\system32\LVCOMSX.EXE
  O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
  O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_06\bin\jusched.exe"
  O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
  O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
  O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Paikallinen palve')
  O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Verkkopalve')
  O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
  O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
  O4 - Startup: WKCALREM.LNK = C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkCalRem.exe
  O4 - Global Startup: Microsoft Office.lnk = D:\front\Office10\OSA.EXE
  O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
  O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
  O9 - Extra button: Lisää tämä blogiin - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
  O9 - Extra 'Tools' menuitem: &Lisää tämä blogiin tuotteessa Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
  O9 - Extra button: EmpirePoker - {77E68763-4284-41d6-B7E7-B6E1F053A9E7} - D:\Reppu\Pelit\EmpirePoker.exe (file missing)
  O9 - Extra 'Tools' menuitem: EmpirePoker - {77E68763-4284-41d6-B7E7-B6E1F053A9E7} - D:\Reppu\Pelit\EmpirePoker.exe (file missing)
  O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
  O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
  O9 - Extra button: @C:\Program Files\Messenger\Msgslang.dll,-61144 - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
  O9 - Extra 'Tools' menuitem: @C:\Program Files\Messenger\Msgslang.dll,-61144 - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
  O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Object) - http://appldnld.apple.com.edgesuite.net/content.info.apple.com/QuickTime/qtactivex/qtplugin.cab
  O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by124w.bay124.mail.live.com/mail/resources/MsnPUpld.cab
  O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Runtime Environment 1.6.0) - http://dl8-cdn-01.sun.com/s/ESD42/JSCDL/jre/6u6-b90/jinstall-6u6-windows-i586-jc.cab?e=1212855168364&h=6d1a3554bf537f8c6549d124798eb02e/&filename=jinstall-6u6-windows-i586-jc.cab
  O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
  O16 - DPF: {97E71027-0BA2-44F2-97DB-F84D808ED0B6} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab55762.cab
  O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMessengerSetupDownloader.cab
  O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://messenger.zone.msn.com/binary/ZIntro.cab55579.cab
  O16 - DPF: {BD393C14-72AD-4790-A095-76522973D6B8} (CBreakshotControl Class) - http://messenger.zone.msn.com/binary/Bankshot.cab31267.cab
  O16 - DPF: {BDBDE413-7B1C-4C68-A8FF-C5B2B4090876} (F-Secure Online Scanner 3.3) - http://support.f-secure.com/ols/fscax.cab
  O23 - Service: Norman eLogger service 6 (eLoggerSvc6) - Norman ASA - C:\Norman\Npm\bin\ELOGSVC.EXE
  O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
  O23 - Service: InCD Helper (InCDsrv) - Nero AG - C:\Nero Express\InCD\InCDsrv.exe
  O23 - Service: Norman NJeeves - Unknown owner - C:\Norman\Npm\bin\NJEEVES.EXE
  O23 - Service: Norman Type-R - Unknown owner - C:\Norman\Npf\BIN\NPFSVICE.EXE
  O23 - Service: Norman ZANDA - Norman ASA - C:\Norman\Npm\Bin\Zanda.exe
  O23 - Service: Norman Virus Control on-access component (nvcoas) - Norman ASA - C:\Norman\Nvc\bin\nvcoas.exe
  O23 - Service: Norman Virus Control Scheduler (NVCScheduler) - Norman ASA - C:\Norman\Nvc\BIN\NVCSCHED.EXE
  O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
  
  --
  End of file - 8485 bytes
- FixFix
  2008-06-08 14:17:02
  meikalainen kirjoitti:
  Tässä nyt combifix ja hijac this...
  
  ComboFix 08-06-05.2 - Omistaja 2008-06-08 10:29:00.7 - NTFSx86
  Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1035.18.119 [GMT 3:00]
  Running from: C:\Documents and Settings\Omistaja\Työpöytä\Virus-ohjelmia\ComboFix.exe
  
  [color=red][b]WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !![/b][/color]
  .
  
  ((((( Tiedostot, jotka on luotu seuraavalla aikavälillä: 2008-05-08 to 2008-06-08 )))))))))))))))))
  .
  
  2008-06-07 19:13 . 2008-03-25 02:37   69,632   --a--c---   C:\WINDOWS\system32\javacpl.cpl
  2008-06-07 19:12 . 2008-06-07 19:13      d----c---   C:\Program Files\Java
  2008-06-07 19:11 . 2008-06-07 19:11      d----c---   C:\Program Files\Common Files\Java
  2008-06-07 18:23 . 2008-06-07 18:25      d----c---   C:\Malwarebytes' Anti-Malware
  2008-06-07 18:23 . 2008-06-07 18:23      d--------   C:\Documents and Settings\Omistaja\Application Data\Malwarebytes
  2008-06-07 18:23 . 2008-06-07 18:23      d----c---   C:\Documents and Settings\All Users\Application Data\Malwarebytes
  2008-06-07 18:23 . 2008-06-05 16:04   34,296   --a--c---   C:\WINDOWS\system32\drivers\mbamcatchme.sys
  2008-06-07 18:23 . 2008-06-05 16:04   15,864   --a--c---   C:\WINDOWS\system32\drivers\mbam.sys
  2008-06-04 14:40 . 2008-06-04 14:40   132,608   --a------   C:\WINDOWS\system32\kpergtyr.dll
  2008-06-04 14:40 . 2008-06-04 14:40   126,976   --a------   C:\WINDOWS\system32\cathhryt.dll
  2008-06-03 19:00 . 2008-06-03 19:00   52,331   --a--c---   C:\f.bat
  2008-06-03 18:36 . 2008-06-03 21:22   86,548   --a------   C:\Documents and Settings\Omistaja\setupa.exe
  2008-06-02 17:17 . 2008-06-02 17:17      d----c---   C:\Program Files\Trend Micro
  2008-05-29 21:23 . 2008-05-29 21:23      d----c---   C:\fsaua.data
  2008-05-29 20:32 . 2008-05-29 20:45      d-a--c---   C:\MSNFix
  2008-05-29 20:27 . 2008-06-05 16:50   501   --a--c---   C:\WINDOWS\wininit.ini
  2008-05-29 20:01 . 2008-05-29 20:01      d----c---   C:\Program Files\CCleaner
  2008-05-29 19:46 . 2008-05-29 19:46      d----c---   C:\Program Files\Spybot - Search & Destroy
  2008-05-29 19:46 . 2008-05-29 19:47      d----c---   C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
  2008-05-29 17:15 . 2008-05-29 17:35   102,664   --a--c---   C:\WINDOWS\system32\drivers\tmcomm.sys
  2008-05-29 17:12 . 2008-05-29 17:35      d--------   C:\Documents and Settings\Omistaja\.housecall6.6
  2008-05-29 17:11 . 2008-05-29 18:53   687   --a--c---   C:\WINDOWS\cookies.MSNFix
  
  .
  (((((((((((((((((((((((((((((((((((( Find3M-raportti ))))))))))))))))))))))))))))))))))))))))))))))))))))))
  .
  2008-06-08 07:24   5   -c--a-w   C:\NPF_USER.DAT
  2008-06-07 20:58   ---------   dc----w   C:\Program Files\Common Files\Symantec Shared
  2008-06-07 16:29   ---------   dc----w   C:\Documents and Settings\All Users\Application Data\NPF
  2008-06-07 16:19   ---------   dc----w   C:\Program Files\Google
  2008-03-25 04:51   621,344   -c--a-w   C:\WINDOWS\system32\mswstr10.dll
  2008-03-25 04:51   166,688   -c--a-w   C:\WINDOWS\system32\msjint40.dll
  2008-03-20 08:09   1,845,504   -c--a-w   C:\WINDOWS\system32\win32k.sys
  2007-03-13 09:36   822   ----a-w   C:\Documents and Settings\Omistaja\Application Data\wklnhst.dat
  2006-01-30 18:20   560   -c--a-w   C:\Documents and Settings\Omistaja\Application Data\ViewerApp.dat
  2005-06-03 13:31   380   -c--a-w   C:\Documents and Settings\Omistaja\GlobalData.dat
  1999-06-09 14:51   99,840   -c--a-w   C:\Program Files\Common Files\IRAABOUT.DLL
  1998-12-09 00:53   70,144   -c--a-w   C:\Program Files\Common Files\IRAMDMTR.DLL
  1998-12-09 00:53   48,640   -c--a-w   C:\Program Files\Common Files\IRALPTTR.DLL
  1998-12-09 00:53   31,744   -c--a-w   C:\Program Files\Common Files\IRAWEBTR.DLL
  1998-12-09 00:53   186,368   -c--a-w   C:\Program Files\Common Files\IRAREG.DLL
  1998-12-09 00:53   17,920   -c--a-w   C:\Program Files\Common Files\IRASRIAL.DLL
  .
  
  ((((((((((((((((((((((((((((( snapshot@2008-06-05_20.56.00.47 )))))))))))))))))))))))))))))))))))))))))
  .
  2008-02-26 11:49:28   297,984   -c--a-w   C:\WINDOWS\$hf_mig$\KB932823-v3\SP2QFE\msctf.dll
  2007-03-06 01:31:09   14,048   -c--a-w   C:\WINDOWS\$hf_mig$\KB932823-v3\spmsg.dll
  2007-03-06 01:31:14   214,752   -c--a-w   C:\WINDOWS\$hf_mig$\KB932823-v3\spuninst.exe
  2007-03-06 01:31:07   22,752   -c--a-w   C:\WINDOWS\$hf_mig$\KB932823-v3\update\spcustom.dll
  2007-03-06 01:31:32   717,536   -c--a-w   C:\WINDOWS\$hf_mig$\KB932823-v3\update\update.exe
  2007-03-06 01:32:23   380,640   -c--a-w   C:\WINDOWS\$hf_mig$\KB932823-v3\update\updspapi.dll
  - 2008-06-05 17:50:00   2,048   --s-a-w   C:\WINDOWS\bootstat.dat
  2008-06-08 07:24:17   2,048   --s-a-w   C:\WINDOWS\bootstat.dat
  - 2004-09-15 12:00:00   294,400   -c--a-w   C:\WINDOWS\system32\dllcache\msctf.dll
  2008-02-26 12:00:47   294,912   -c--a-w   C:\WINDOWS\system32\dllcache\msctf.dll
  - 2007-03-13 21:31:24   135,168   -c--a-w   C:\WINDOWS\system32\java.exe
  2008-03-24 22:28:39   135,168   -c--a-w   C:\WINDOWS\system32\java.exe
  - 2007-03-13 21:31:28   135,168   -c--a-w   C:\WINDOWS\system32\javaw.exe
  2008-03-24 22:28:43   135,168   -c--a-w   C:\WINDOWS\system32\javaw.exe
  - 2007-03-13 23:04:46   139,264   -c--a-w   C:\WINDOWS\system32\javaws.exe
  2008-03-24 23:37:01   139,264   -c--a-w   C:\WINDOWS\system32\javaws.exe
  - 2004-09-15 12:00:00   294,400   ----a-w   C:\WINDOWS\system32\MSCTF.dll
  2008-02-26 12:00:47   294,912   -c--a-w   C:\WINDOWS\system32\msctf.dll
  .
  (((((((((((((((((((((((((((((( Rekisterin käynnistyskohteet )))))))))))))))))))))))))))))))))))))))))))))
  .
  .
  REGEDIT4
  *Huom* Tyhjiä arvoja ja laillisia oletusarvoja ei näytetä
  
  [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
  "CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-09-15 15:00 15360]
  "swg"="C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe" [2008-06-07 19:15 171448]
  
  [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
  "IgfxTray"="C:\WINDOWS\system32\igfxtray.exe" [2004-07-02 03:02 155648]
  "HotKeysCmds"="C:\WINDOWS\system32\hkcmd.exe" [2004-07-02 02:58 118784]
  "SoundMan"="SOUNDMAN.EXE" [2004-12-22 10:09 77824 C:\WINDOWS\SOUNDMAN.EXE]
  "AGRSMMSG"="AGRSMMSG.exe" [2004-02-21 05:00 88363 C:\WINDOWS\AGRSMMSG.exe]
  "LtMoh"="C:\Program Files\ltmoh\Ltmoh.exe" [2003-04-29 06:08 184320]
  "SynTPLpr"="C:\Program Files\Synaptics\SynTP\SynTPLpr.exe" [2004-07-24 05:49 102400]
  "SynTPEnh"="C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" [2004-07-24 05:49 684032]
  "XPFix"="C:\Program Files\GlobespanVirata\XPFix.exe" [2004-07-23 18:25 217188]
  "NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [2001-07-09 11:50 155648]
  "HP Component Manager"="C:\Program Files\HP\hpcoretech\hpcmpmgr.exe" [2005-01-12 15:54 241664]
  "Norman ZANDA"="C:\Norman\Npm\bin\ZLH.exe" [2007-04-27 13:58 183352]
  "InCD"="C:\Nero Express\InCD\InCD.exe" [2005-07-25 12:01 1397760]
  "HP Software Update"="C:\HP\HP Software Update\HPWuSchd2.exe" [2005-02-17 00:11 49152]
  "QuickTime Task"="D:\QuickTime\qttask.exe" [2007-11-11 16:42 286720]
  "LVCOMSX"="C:\WINDOWS\system32\LVCOMSX.EXE" [2005-07-19 18:32 221184]
  "Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 23:16 39792]
  "SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_06\bin\jusched.exe" [2008-03-25 04:28 144784]
  
  [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
  "CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-09-15 15:00 15360]
  
  C:\Documents and Settings\Omistaja\K„ynnist„-valikko\Ohjelmat\K„ynnistys\
  WKCALREM.LNK - C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkCalRem.exe [2004-07-12 04:54:24 15360]
  
  C:\Documents and Settings\All Users\K„ynnist„-valikko\Ohjelmat\K„ynnistys\
  Microsoft Office.lnk - D:\front\Office10\OSA.EXE [2001-02-13 02:01:04 83360]
  
  [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
  "vidc.ffds"= D:\IMUROI~1\FFDSHO~1\ffdshow.ax
  
  [HKEY_LOCAL_MACHINE\software\microsoft\security center]
  "AntiVirusDisableNotify"=dword:00000001
  "UpdatesDisableNotify"=dword:00000001
  
  [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
  "DisableMonitoring"=dword:00000001
  
  [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
  "EnableFirewall"= 0 (0x0)
  
  [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
  "%windir%\\system32\\sessmgr.exe"=
  "C:\\Program Files\\Messenger\\msmsgs.exe"=
  "D:\\Imurointi\\eMule\\emule.exe"=
  "%windir%\\Network Diagnostic\\xpnetdiag.exe"=
  "D:\\Skype\\Phone\\Skype.exe"=
  "C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
  "C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=
  
  R0 NDIS_RD;Firewall Engine Type-R2;C:\WINDOWS\system32\drivers\NDIS_RD.sys [2004-12-06 10:18]
  R1 TDI_RD;Firewall Engine Type-R;C:\WINDOWS\system32\drivers\tdi_rd.sys [2004-10-13 22:01]
  R2 Ndiskio;Ndiskio;C:\Norman\Nse\bin\NDISKIO.SYS [2007-01-02 10:55]
  R3 PRISM_A00;PRISM 802.11 Driver;C:\WINDOWS\system32\DRIVERS\PRISMA00.sys [2004-07-20 20:16]
  S3 ADM8511;ADMtek ADM8511/AN986 USB To Fast Ethernet Converter;C:\WINDOWS\system32\DRIVERS\ADM8511.SYS [2001-08-17 20:11]
  S3 NvcMFlt;NvcMFlt;C:\WINDOWS\system32\DRIVERS\nvcw32mf.sys [2008-02-11 15:56]
  S3 nvcoas;Norman Virus Control on-access component;C:\Norman\Nvc\bin\nvcoas.exe [2007-12-12 12:45]
  S3 NVCScheduler;Norman Virus Control Scheduler;C:\Norman\Nvc\BIN\NVCSCHED.EXE [2007-03-15 11:48]
  
  .
  'Ajoitetut tehtävät'-kansion sisältö
  "2008-06-08 03:18:00 C:\WINDOWS\Tasks\Tarkistetaan Windows Live -työkalurivin päivitykset.job"
  - C:\Program Files\Windows Live Toolbar\MSNTBUP.EXE
  .
  **************************************************************************
  
  catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
  Rootkit scan 2008-06-08 10:30:36
  Windows 5.1.2600 Service Pack 2 NTFS
  
  scanning hidden processes ...
  
  scanning hidden autostart entries ...
  
  scanning hidden files ...
  
  scan completed successfully
  hidden files: 0
  
  **************************************************************************
  .
  Completion time: 2008-06-08 10:32:02
  ComboFix-quarantined-files.txt 2008-06-08 07:31:34
  ComboFix2.txt 2008-06-07 18:01:09
  ComboFix3.txt 2008-06-07 14:04:15
  ComboFix4.txt 2008-06-07 11:58:26
  ComboFix5.txt 2008-06-07 10:02:18
  
  Pre-Run: 827,736,064 tavua vapaana
  Post-Run: 833,413,120 tavua vapaana
  
  151   --- E O F ---   2008-06-05 17:58:03
  
  ------------------------------------------------
  
  Logfile of Trend Micro HijackThis v2.0.2
  Scan saved at 10:34:21, on 8.6.2008
  Platform: Windows XP SP2 (WinNT 5.01.2600)
  MSIE: Internet Explorer v7.00 (7.00.6000.16640)
  Boot mode: Normal
  
  Running processes:
  C:\WINDOWS\System32\smss.exe
  C:\WINDOWS\system32\winlogon.exe
  C:\WINDOWS\system32\services.exe
  C:\WINDOWS\system32\lsass.exe
  C:\WINDOWS\system32\svchost.exe
  C:\WINDOWS\System32\svchost.exe
  C:\Nero Express\InCD\InCDsrv.exe
  C:\Norman\Npm\bin\ELOGSVC.EXE
  C:\Norman\Npm\Bin\Zanda.exe
  C:\WINDOWS\system32\spoolsv.exe
  C:\Norman\Npf\BIN\NPFSVICE.EXE
  C:\WINDOWS\system32\HPZipm12.exe
  C:\WINDOWS\system32\svchost.exe
  C:\Norman\Npm\bin\NJEEVES.EXE
  C:\WINDOWS\system32\hkcmd.exe
  C:\WINDOWS\SOUNDMAN.EXE
  C:\WINDOWS\AGRSMMSG.exe
  C:\Program Files\ltmoh\Ltmoh.exe
  C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
  C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
  C:\Program Files\HP\hpcoretech\hpcmpmgr.exe
  C:\Norman\Npm\bin\ZLH.EXE
  C:\Nero Express\InCD\InCD.exe
  C:\HP\HP Software Update\HPWuSchd2.exe
  C:\WINDOWS\system32\LVCOMSX.EXE
  C:\Program Files\Java\jre1.6.0_06\bin\jusched.exe
  C:\WINDOWS\system32\ctfmon.exe
  C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
  C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkCalRem.exe
  C:\Norman\Npf\BIN\npfmsg2.exe
  C:\WINDOWS\explorer.exe
  C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
  
  R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.fi/
  R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
  R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
  R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
  R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
  R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://g.msn.fi/0SEFIFI/SAOS01?FORM=TOOLBR
  R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = ftp=proxy.wlannet.com:3128;http=proxy.wlannet.com:3128;https=proxy.wlannet.com:3128
  R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Linkit
  O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
  O2 - BHO: Windows Liven kirjautumisapuohjelma - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
  O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
  O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
  O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
  O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
  O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
  O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
  O4 - HKLM\..\Run: [LtMoh] C:\Program Files\ltmoh\Ltmoh.exe
  O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
  O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
  O4 - HKLM\..\Run: [XPFix] C:\Program Files\GlobespanVirata\XPFix.exe
  O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
  O4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe"
  O4 - HKLM\..\Run: [Norman ZANDA] C:\Norman\Npm\bin\ZLH.EXE /LOAD /SPLASH
  O4 - HKLM\..\Run: [InCD] C:\Nero Express\InCD\InCD.exe
  O4 - HKLM\..\Run: [HP Software Update] C:\HP\HP Software Update\HPWuSchd2.exe
  O4 - HKLM\..\Run: [QuickTime Task] "D:\QuickTime\qttask.exe" -atboottime
  O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\system32\LVCOMSX.EXE
  O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
  O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_06\bin\jusched.exe"
  O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
  O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
  O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Paikallinen palve')
  O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Verkkopalve')
  O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
  O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
  O4 - Startup: WKCALREM.LNK = C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkCalRem.exe
  O4 - Global Startup: Microsoft Office.lnk = D:\front\Office10\OSA.EXE
  O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
  O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
  O9 - Extra button: Lisää tämä blogiin - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
  O9 - Extra 'Tools' menuitem: &Lisää tämä blogiin tuotteessa Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
  O9 - Extra button: EmpirePoker - {77E68763-4284-41d6-B7E7-B6E1F053A9E7} - D:\Reppu\Pelit\EmpirePoker.exe (file missing)
  O9 - Extra 'Tools' menuitem: EmpirePoker - {77E68763-4284-41d6-B7E7-B6E1F053A9E7} - D:\Reppu\Pelit\EmpirePoker.exe (file missing)
  O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
  O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
  O9 - Extra button: @C:\Program Files\Messenger\Msgslang.dll,-61144 - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
  O9 - Extra 'Tools' menuitem: @C:\Program Files\Messenger\Msgslang.dll,-61144 - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
  O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Object) - http://appldnld.apple.com.edgesuite.net/content.info.apple.com/QuickTime/qtactivex/qtplugin.cab
  O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by124w.bay124.mail.live.com/mail/resources/MsnPUpld.cab
  O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Runtime Environment 1.6.0) - http://dl8-cdn-01.sun.com/s/ESD42/JSCDL/jre/6u6-b90/jinstall-6u6-windows-i586-jc.cab?e=1212855168364&h=6d1a3554bf537f8c6549d124798eb02e/&filename=jinstall-6u6-windows-i586-jc.cab
  O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
  O16 - DPF: {97E71027-0BA2-44F2-97DB-F84D808ED0B6} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab55762.cab
  O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMessengerSetupDownloader.cab
  O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://messenger.zone.msn.com/binary/ZIntro.cab55579.cab
  O16 - DPF: {BD393C14-72AD-4790-A095-76522973D6B8} (CBreakshotControl Class) - http://messenger.zone.msn.com/binary/Bankshot.cab31267.cab
  O16 - DPF: {BDBDE413-7B1C-4C68-A8FF-C5B2B4090876} (F-Secure Online Scanner 3.3) - http://support.f-secure.com/ols/fscax.cab
  O23 - Service: Norman eLogger service 6 (eLoggerSvc6) - Norman ASA - C:\Norman\Npm\bin\ELOGSVC.EXE
  O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
  O23 - Service: InCD Helper (InCDsrv) - Nero AG - C:\Nero Express\InCD\InCDsrv.exe
  O23 - Service: Norman NJeeves - Unknown owner - C:\Norman\Npm\bin\NJEEVES.EXE
  O23 - Service: Norman Type-R - Unknown owner - C:\Norman\Npf\BIN\NPFSVICE.EXE
  O23 - Service: Norman ZANDA - Norman ASA - C:\Norman\Npm\Bin\Zanda.exe
  O23 - Service: Norman Virus Control on-access component (nvcoas) - Norman ASA - C:\Norman\Nvc\bin\nvcoas.exe
  O23 - Service: Norman Virus Control Scheduler (NVCScheduler) - Norman ASA - C:\Norman\Nvc\BIN\NVCSCHED.EXE
  O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
  
  --
  End of file - 8485 bytes
  C:\==> MSNFix cookies.MSNFix f.bat
- meikalainen
  2008-06-08 14:40:36
  FixFix kirjoitti:
  C:\==> MSNFix cookies.MSNFix f.bat
  ComboFix 08-06-05.2 - Omistaja 2008-06-08 14:36:35.8 - NTFSx86
  Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1035.18.112 [GMT 3:00]
  Running from: C:\Documents and Settings\Omistaja\Työpöytä\Virus-ohjelmia\ComboFix.exe
  
  [color=red][b]WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !![/b][/color]
  .
  
  ((((( Tiedostot, jotka on luotu seuraavalla aikavälillä: 2008-05-08 to 2008-06-08 )))))))))))))))))
  .
  
  2008-06-07 19:13 . 2008-03-25 02:37   69,632   --a--c---   C:\WINDOWS\system32\javacpl.cpl
  2008-06-07 19:12 . 2008-06-07 19:13      d----c---   C:\Program Files\Java
  2008-06-07 19:11 . 2008-06-07 19:11      d----c---   C:\Program Files\Common Files\Java
  2008-06-07 18:23 . 2008-06-07 18:25      d----c---   C:\Malwarebytes' Anti-Malware
  2008-06-07 18:23 . 2008-06-07 18:23      d--------   C:\Documents and Settings\Omistaja\Application Data\Malwarebytes
  2008-06-07 18:23 . 2008-06-07 18:23      d----c---   C:\Documents and Settings\All Users\Application Data\Malwarebytes
  2008-06-07 18:23 . 2008-06-05 16:04   34,296   --a--c---   C:\WINDOWS\system32\drivers\mbamcatchme.sys
  2008-06-07 18:23 . 2008-06-05 16:04   15,864   --a--c---   C:\WINDOWS\system32\drivers\mbam.sys
  2008-06-04 14:40 . 2008-06-04 14:40   132,608   --a------   C:\WINDOWS\system32\kpergtyr.dll
  2008-06-04 14:40 . 2008-06-04 14:40   126,976   --a------   C:\WINDOWS\system32\cathhryt.dll
  2008-06-03 18:36 . 2008-06-03 21:22   86,548   --a------   C:\Documents and Settings\Omistaja\setupa.exe
  2008-06-02 17:17 . 2008-06-02 17:17      d----c---   C:\Program Files\Trend Micro
  2008-05-29 21:23 . 2008-05-29 21:23      d----c---   C:\fsaua.data
  2008-05-29 20:27 . 2008-06-05 16:50   501   --a--c---   C:\WINDOWS\wininit.ini
  2008-05-29 20:01 . 2008-05-29 20:01      d----c---   C:\Program Files\CCleaner
  2008-05-29 19:46 . 2008-05-29 19:46      d----c---   C:\Program Files\Spybot - Search & Destroy
  2008-05-29 19:46 . 2008-05-29 19:47      d----c---   C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
  2008-05-29 17:15 . 2008-05-29 17:35   102,664   --a--c---   C:\WINDOWS\system32\drivers\tmcomm.sys
  2008-05-29 17:12 . 2008-05-29 17:35      d--------   C:\Documents and Settings\Omistaja\.housecall6.6
  
  .
  (((((((((((((((((((((((((((((((((((( Find3M-raportti ))))))))))))))))))))))))))))))))))))))))))))))))))))))
  .
  2008-06-08 07:24   5   -c--a-w   C:\NPF_USER.DAT
  2008-06-07 20:58   ---------   dc----w   C:\Program Files\Common Files\Symantec Shared
  2008-06-07 16:29   ---------   dc----w   C:\Documents and Settings\All Users\Application Data\NPF
  2008-06-07 16:19   ---------   dc----w   C:\Program Files\Google
  2008-03-25 04:51   621,344   -c--a-w   C:\WINDOWS\system32\mswstr10.dll
  2008-03-25 04:51   166,688   -c--a-w   C:\WINDOWS\system32\msjint40.dll
  2008-03-20 08:09   1,845,504   -c--a-w   C:\WINDOWS\system32\win32k.sys
  2007-03-13 09:36   822   ----a-w   C:\Documents and Settings\Omistaja\Application Data\wklnhst.dat
  2006-01-30 18:20   560   -c--a-w   C:\Documents and Settings\Omistaja\Application Data\ViewerApp.dat
  2005-06-03 13:31   380   -c--a-w   C:\Documents and Settings\Omistaja\GlobalData.dat
  1999-06-09 14:51   99,840   -c--a-w   C:\Program Files\Common Files\IRAABOUT.DLL
  1998-12-09 00:53   70,144   -c--a-w   C:\Program Files\Common Files\IRAMDMTR.DLL
  1998-12-09 00:53   48,640   -c--a-w   C:\Program Files\Common Files\IRALPTTR.DLL
  1998-12-09 00:53   31,744   -c--a-w   C:\Program Files\Common Files\IRAWEBTR.DLL
  1998-12-09 00:53   186,368   -c--a-w   C:\Program Files\Common Files\IRAREG.DLL
  1998-12-09 00:53   17,920   -c--a-w   C:\Program Files\Common Files\IRASRIAL.DLL
  .
  
  ((((((((((((((((((((((((((((( snapshot@2008-06-05_20.56.00.47 )))))))))))))))))))))))))))))))))))))))))
  .
  2008-02-26 11:49:28   297,984   -c--a-w   C:\WINDOWS\$hf_mig$\KB932823-v3\SP2QFE\msctf.dll
  2007-03-06 01:31:09   14,048   -c--a-w   C:\WINDOWS\$hf_mig$\KB932823-v3\spmsg.dll
  2007-03-06 01:31:14   214,752   -c--a-w   C:\WINDOWS\$hf_mig$\KB932823-v3\spuninst.exe
  2007-03-06 01:31:07   22,752   -c--a-w   C:\WINDOWS\$hf_mig$\KB932823-v3\update\spcustom.dll
  2007-03-06 01:31:32   717,536   -c--a-w   C:\WINDOWS\$hf_mig$\KB932823-v3\update\update.exe
  2007-03-06 01:32:23   380,640   -c--a-w   C:\WINDOWS\$hf_mig$\KB932823-v3\update\updspapi.dll
  - 2008-06-05 17:50:00   2,048   --s-a-w   C:\WINDOWS\bootstat.dat
  2008-06-08 07:24:17   2,048   --s-a-w   C:\WINDOWS\bootstat.dat
  - 2004-09-15 12:00:00   294,400   -c--a-w   C:\WINDOWS\system32\dllcache\msctf.dll
  2008-02-26 12:00:47   294,912   -c--a-w   C:\WINDOWS\system32\dllcache\msctf.dll
  - 2007-03-13 21:31:24   135,168   -c--a-w   C:\WINDOWS\system32\java.exe
  2008-03-24 22:28:39   135,168   -c--a-w   C:\WINDOWS\system32\java.exe
  - 2007-03-13 21:31:28   135,168   -c--a-w   C:\WINDOWS\system32\javaw.exe
  2008-03-24 22:28:43   135,168   -c--a-w   C:\WINDOWS\system32\javaw.exe
  - 2007-03-13 23:04:46   139,264   -c--a-w   C:\WINDOWS\system32\javaws.exe
  2008-03-24 23:37:01   139,264   -c--a-w   C:\WINDOWS\system32\javaws.exe
  - 2004-09-15 12:00:00   294,400   ----a-w   C:\WINDOWS\system32\MSCTF.dll
  2008-02-26 12:00:47   294,912   -c--a-w   C:\WINDOWS\system32\msctf.dll
  .
  (((((((((((((((((((((((((((((( Rekisterin käynnistyskohteet )))))))))))))))))))))))))))))))))))))))))))))
  .
  .
  REGEDIT4
  *Huom* Tyhjiä arvoja ja laillisia oletusarvoja ei näytetä
  
  [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
  "CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-09-15 15:00 15360]
  "swg"="C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe" [2008-06-07 19:15 171448]
  
  [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
  "IgfxTray"="C:\WINDOWS\system32\igfxtray.exe" [2004-07-02 03:02 155648]
  "HotKeysCmds"="C:\WINDOWS\system32\hkcmd.exe" [2004-07-02 02:58 118784]
  "SoundMan"="SOUNDMAN.EXE" [2004-12-22 10:09 77824 C:\WINDOWS\SOUNDMAN.EXE]
  "AGRSMMSG"="AGRSMMSG.exe" [2004-02-21 05:00 88363 C:\WINDOWS\AGRSMMSG.exe]
  "LtMoh"="C:\Program Files\ltmoh\Ltmoh.exe" [2003-04-29 06:08 184320]
  "SynTPLpr"="C:\Program Files\Synaptics\SynTP\SynTPLpr.exe" [2004-07-24 05:49 102400]
  "SynTPEnh"="C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" [2004-07-24 05:49 684032]
  "XPFix"="C:\Program Files\GlobespanVirata\XPFix.exe" [2004-07-23 18:25 217188]
  "NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [2001-07-09 11:50 155648]
  "HP Component Manager"="C:\Program Files\HP\hpcoretech\hpcmpmgr.exe" [2005-01-12 15:54 241664]
  "Norman ZANDA"="C:\Norman\Npm\bin\ZLH.exe" [2007-04-27 13:58 183352]
  "InCD"="C:\Nero Express\InCD\InCD.exe" [2005-07-25 12:01 1397760]
  "HP Software Update"="C:\HP\HP Software Update\HPWuSchd2.exe" [2005-02-17 00:11 49152]
  "QuickTime Task"="D:\QuickTime\qttask.exe" [2007-11-11 16:42 286720]
  "LVCOMSX"="C:\WINDOWS\system32\LVCOMSX.EXE" [2005-07-19 18:32 221184]
  "Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 23:16 39792]
  "SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_06\bin\jusched.exe" [2008-03-25 04:28 144784]
  
  [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
  "CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-09-15 15:00 15360]
  
  C:\Documents and Settings\Omistaja\K„ynnist„-valikko\Ohjelmat\K„ynnistys\
  WKCALREM.LNK - C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkCalRem.exe [2004-07-12 04:54:24 15360]
  
  C:\Documents and Settings\All Users\K„ynnist„-valikko\Ohjelmat\K„ynnistys\
  Microsoft Office.lnk - D:\front\Office10\OSA.EXE [2001-02-13 02:01:04 83360]
  
  [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
  "vidc.ffds"= D:\IMUROI~1\FFDSHO~1\ffdshow.ax
  
  [HKEY_LOCAL_MACHINE\software\microsoft\security center]
  "AntiVirusDisableNotify"=dword:00000001
  "UpdatesDisableNotify"=dword:00000001
  
  [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
  "DisableMonitoring"=dword:00000001
  
  [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
  "EnableFirewall"= 0 (0x0)
  
  [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
  "%windir%\\system32\\sessmgr.exe"=
  "C:\\Program Files\\Messenger\\msmsgs.exe"=
  "D:\\Imurointi\\eMule\\emule.exe"=
  "%windir%\\Network Diagnostic\\xpnetdiag.exe"=
  "D:\\Skype\\Phone\\Skype.exe"=
  "C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
  "C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=
  
  R0 NDIS_RD;Firewall Engine Type-R2;C:\WINDOWS\system32\drivers\NDIS_RD.sys [2004-12-06 10:18]
  R1 TDI_RD;Firewall Engine Type-R;C:\WINDOWS\system32\drivers\tdi_rd.sys [2004-10-13 22:01]
  R2 Ndiskio;Ndiskio;C:\Norman\Nse\bin\NDISKIO.SYS [2007-01-02 10:55]
  R3 PRISM_A00;PRISM 802.11 Driver;C:\WINDOWS\system32\DRIVERS\PRISMA00.sys [2004-07-20 20:16]
  S3 ADM8511;ADMtek ADM8511/AN986 USB To Fast Ethernet Converter;C:\WINDOWS\system32\DRIVERS\ADM8511.SYS [2001-08-17 20:11]
  S3 NvcMFlt;NvcMFlt;C:\WINDOWS\system32\DRIVERS\nvcw32mf.sys [2008-02-11 15:56]
  S3 nvcoas;Norman Virus Control on-access component;C:\Norman\Nvc\bin\nvcoas.exe [2007-12-12 12:45]
  S3 NVCScheduler;Norman Virus Control Scheduler;C:\Norman\Nvc\BIN\NVCSCHED.EXE [2007-03-15 11:48]
  
  .
  'Ajoitetut tehtävät'-kansion sisältö
  "2008-06-08 11:18:00 C:\WINDOWS\Tasks\Tarkistetaan Windows Live -työkalurivin päivitykset.job"
  - C:\Program Files\Windows Live Toolbar\MSNTBUP.EXE
  .
  **************************************************************************
  
  catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
  Rootkit scan 2008-06-08 14:37:46
  Windows 5.1.2600 Service Pack 2 NTFS
  
  scanning hidden processes ...
  
  scanning hidden autostart entries ...
  
  scanning hidden files ...
  
  scan completed successfully
  hidden files: 0
  
  **************************************************************************
  .
  Completion time: 2008-06-08 14:39:06
  ComboFix-quarantined-files.txt 2008-06-08 11:38:42
  ComboFix2.txt 2008-06-08 07:32:03
  ComboFix3.txt 2008-06-07 18:01:09
  ComboFix4.txt 2008-06-07 14:04:15
  ComboFix5.txt 2008-06-07 11:58:26
  
  Pre-Run: 828,403,712 tavua vapaana
  Post-Run: 833,929,216 tavua vapaana
  
  148   --- E O F ---   2008-06-05 17:58:03
- FixFix
  2008-06-08 15:25:44
  meikalainen kirjoitti:
  ComboFix 08-06-05.2 - Omistaja 2008-06-08 14:36:35.8 - NTFSx86
  Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1035.18.112 [GMT 3:00]
  Running from: C:\Documents and Settings\Omistaja\Työpöytä\Virus-ohjelmia\ComboFix.exe
  
  [color=red][b]WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !![/b][/color]
  .
  
  ((((( Tiedostot, jotka on luotu seuraavalla aikavälillä: 2008-05-08 to 2008-06-08 )))))))))))))))))
  .
  
  2008-06-07 19:13 . 2008-03-25 02:37   69,632   --a--c---   C:\WINDOWS\system32\javacpl.cpl
  2008-06-07 19:12 . 2008-06-07 19:13      d----c---   C:\Program Files\Java
  2008-06-07 19:11 . 2008-06-07 19:11      d----c---   C:\Program Files\Common Files\Java
  2008-06-07 18:23 . 2008-06-07 18:25      d----c---   C:\Malwarebytes' Anti-Malware
  2008-06-07 18:23 . 2008-06-07 18:23      d--------   C:\Documents and Settings\Omistaja\Application Data\Malwarebytes
  2008-06-07 18:23 . 2008-06-07 18:23      d----c---   C:\Documents and Settings\All Users\Application Data\Malwarebytes
  2008-06-07 18:23 . 2008-06-05 16:04   34,296   --a--c---   C:\WINDOWS\system32\drivers\mbamcatchme.sys
  2008-06-07 18:23 . 2008-06-05 16:04   15,864   --a--c---   C:\WINDOWS\system32\drivers\mbam.sys
  2008-06-04 14:40 . 2008-06-04 14:40   132,608   --a------   C:\WINDOWS\system32\kpergtyr.dll
  2008-06-04 14:40 . 2008-06-04 14:40   126,976   --a------   C:\WINDOWS\system32\cathhryt.dll
  2008-06-03 18:36 . 2008-06-03 21:22   86,548   --a------   C:\Documents and Settings\Omistaja\setupa.exe
  2008-06-02 17:17 . 2008-06-02 17:17      d----c---   C:\Program Files\Trend Micro
  2008-05-29 21:23 . 2008-05-29 21:23      d----c---   C:\fsaua.data
  2008-05-29 20:27 . 2008-06-05 16:50   501   --a--c---   C:\WINDOWS\wininit.ini
  2008-05-29 20:01 . 2008-05-29 20:01      d----c---   C:\Program Files\CCleaner
  2008-05-29 19:46 . 2008-05-29 19:46      d----c---   C:\Program Files\Spybot - Search & Destroy
  2008-05-29 19:46 . 2008-05-29 19:47      d----c---   C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
  2008-05-29 17:15 . 2008-05-29 17:35   102,664   --a--c---   C:\WINDOWS\system32\drivers\tmcomm.sys
  2008-05-29 17:12 . 2008-05-29 17:35      d--------   C:\Documents and Settings\Omistaja\.housecall6.6
  
  .
  (((((((((((((((((((((((((((((((((((( Find3M-raportti ))))))))))))))))))))))))))))))))))))))))))))))))))))))
  .
  2008-06-08 07:24   5   -c--a-w   C:\NPF_USER.DAT
  2008-06-07 20:58   ---------   dc----w   C:\Program Files\Common Files\Symantec Shared
  2008-06-07 16:29   ---------   dc----w   C:\Documents and Settings\All Users\Application Data\NPF
  2008-06-07 16:19   ---------   dc----w   C:\Program Files\Google
  2008-03-25 04:51   621,344   -c--a-w   C:\WINDOWS\system32\mswstr10.dll
  2008-03-25 04:51   166,688   -c--a-w   C:\WINDOWS\system32\msjint40.dll
  2008-03-20 08:09   1,845,504   -c--a-w   C:\WINDOWS\system32\win32k.sys
  2007-03-13 09:36   822   ----a-w   C:\Documents and Settings\Omistaja\Application Data\wklnhst.dat
  2006-01-30 18:20   560   -c--a-w   C:\Documents and Settings\Omistaja\Application Data\ViewerApp.dat
  2005-06-03 13:31   380   -c--a-w   C:\Documents and Settings\Omistaja\GlobalData.dat
  1999-06-09 14:51   99,840   -c--a-w   C:\Program Files\Common Files\IRAABOUT.DLL
  1998-12-09 00:53   70,144   -c--a-w   C:\Program Files\Common Files\IRAMDMTR.DLL
  1998-12-09 00:53   48,640   -c--a-w   C:\Program Files\Common Files\IRALPTTR.DLL
  1998-12-09 00:53   31,744   -c--a-w   C:\Program Files\Common Files\IRAWEBTR.DLL
  1998-12-09 00:53   186,368   -c--a-w   C:\Program Files\Common Files\IRAREG.DLL
  1998-12-09 00:53   17,920   -c--a-w   C:\Program Files\Common Files\IRASRIAL.DLL
  .
  
  ((((((((((((((((((((((((((((( snapshot@2008-06-05_20.56.00.47 )))))))))))))))))))))))))))))))))))))))))
  .
  2008-02-26 11:49:28   297,984   -c--a-w   C:\WINDOWS\$hf_mig$\KB932823-v3\SP2QFE\msctf.dll
  2007-03-06 01:31:09   14,048   -c--a-w   C:\WINDOWS\$hf_mig$\KB932823-v3\spmsg.dll
  2007-03-06 01:31:14   214,752   -c--a-w   C:\WINDOWS\$hf_mig$\KB932823-v3\spuninst.exe
  2007-03-06 01:31:07   22,752   -c--a-w   C:\WINDOWS\$hf_mig$\KB932823-v3\update\spcustom.dll
  2007-03-06 01:31:32   717,536   -c--a-w   C:\WINDOWS\$hf_mig$\KB932823-v3\update\update.exe
  2007-03-06 01:32:23   380,640   -c--a-w   C:\WINDOWS\$hf_mig$\KB932823-v3\update\updspapi.dll
  - 2008-06-05 17:50:00   2,048   --s-a-w   C:\WINDOWS\bootstat.dat
  2008-06-08 07:24:17   2,048   --s-a-w   C:\WINDOWS\bootstat.dat
  - 2004-09-15 12:00:00   294,400   -c--a-w   C:\WINDOWS\system32\dllcache\msctf.dll
  2008-02-26 12:00:47   294,912   -c--a-w   C:\WINDOWS\system32\dllcache\msctf.dll
  - 2007-03-13 21:31:24   135,168   -c--a-w   C:\WINDOWS\system32\java.exe
  2008-03-24 22:28:39   135,168   -c--a-w   C:\WINDOWS\system32\java.exe
  - 2007-03-13 21:31:28   135,168   -c--a-w   C:\WINDOWS\system32\javaw.exe
  2008-03-24 22:28:43   135,168   -c--a-w   C:\WINDOWS\system32\javaw.exe
  - 2007-03-13 23:04:46   139,264   -c--a-w   C:\WINDOWS\system32\javaws.exe
  2008-03-24 23:37:01   139,264   -c--a-w   C:\WINDOWS\system32\javaws.exe
  - 2004-09-15 12:00:00   294,400   ----a-w   C:\WINDOWS\system32\MSCTF.dll
  2008-02-26 12:00:47   294,912   -c--a-w   C:\WINDOWS\system32\msctf.dll
  .
  (((((((((((((((((((((((((((((( Rekisterin käynnistyskohteet )))))))))))))))))))))))))))))))))))))))))))))
  .
  .
  REGEDIT4
  *Huom* Tyhjiä arvoja ja laillisia oletusarvoja ei näytetä
  
  [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
  "CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-09-15 15:00 15360]
  "swg"="C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe" [2008-06-07 19:15 171448]
  
  [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
  "IgfxTray"="C:\WINDOWS\system32\igfxtray.exe" [2004-07-02 03:02 155648]
  "HotKeysCmds"="C:\WINDOWS\system32\hkcmd.exe" [2004-07-02 02:58 118784]
  "SoundMan"="SOUNDMAN.EXE" [2004-12-22 10:09 77824 C:\WINDOWS\SOUNDMAN.EXE]
  "AGRSMMSG"="AGRSMMSG.exe" [2004-02-21 05:00 88363 C:\WINDOWS\AGRSMMSG.exe]
  "LtMoh"="C:\Program Files\ltmoh\Ltmoh.exe" [2003-04-29 06:08 184320]
  "SynTPLpr"="C:\Program Files\Synaptics\SynTP\SynTPLpr.exe" [2004-07-24 05:49 102400]
  "SynTPEnh"="C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" [2004-07-24 05:49 684032]
  "XPFix"="C:\Program Files\GlobespanVirata\XPFix.exe" [2004-07-23 18:25 217188]
  "NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [2001-07-09 11:50 155648]
  "HP Component Manager"="C:\Program Files\HP\hpcoretech\hpcmpmgr.exe" [2005-01-12 15:54 241664]
  "Norman ZANDA"="C:\Norman\Npm\bin\ZLH.exe" [2007-04-27 13:58 183352]
  "InCD"="C:\Nero Express\InCD\InCD.exe" [2005-07-25 12:01 1397760]
  "HP Software Update"="C:\HP\HP Software Update\HPWuSchd2.exe" [2005-02-17 00:11 49152]
  "QuickTime Task"="D:\QuickTime\qttask.exe" [2007-11-11 16:42 286720]
  "LVCOMSX"="C:\WINDOWS\system32\LVCOMSX.EXE" [2005-07-19 18:32 221184]
  "Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 23:16 39792]
  "SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_06\bin\jusched.exe" [2008-03-25 04:28 144784]
  
  [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
  "CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-09-15 15:00 15360]
  
  C:\Documents and Settings\Omistaja\K„ynnist„-valikko\Ohjelmat\K„ynnistys\
  WKCALREM.LNK - C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkCalRem.exe [2004-07-12 04:54:24 15360]
  
  C:\Documents and Settings\All Users\K„ynnist„-valikko\Ohjelmat\K„ynnistys\
  Microsoft Office.lnk - D:\front\Office10\OSA.EXE [2001-02-13 02:01:04 83360]
  
  [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
  "vidc.ffds"= D:\IMUROI~1\FFDSHO~1\ffdshow.ax
  
  [HKEY_LOCAL_MACHINE\software\microsoft\security center]
  "AntiVirusDisableNotify"=dword:00000001
  "UpdatesDisableNotify"=dword:00000001
  
  [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
  "DisableMonitoring"=dword:00000001
  
  [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
  "EnableFirewall"= 0 (0x0)
  
  [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
  "%windir%\\system32\\sessmgr.exe"=
  "C:\\Program Files\\Messenger\\msmsgs.exe"=
  "D:\\Imurointi\\eMule\\emule.exe"=
  "%windir%\\Network Diagnostic\\xpnetdiag.exe"=
  "D:\\Skype\\Phone\\Skype.exe"=
  "C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
  "C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=
  
  R0 NDIS_RD;Firewall Engine Type-R2;C:\WINDOWS\system32\drivers\NDIS_RD.sys [2004-12-06 10:18]
  R1 TDI_RD;Firewall Engine Type-R;C:\WINDOWS\system32\drivers\tdi_rd.sys [2004-10-13 22:01]
  R2 Ndiskio;Ndiskio;C:\Norman\Nse\bin\NDISKIO.SYS [2007-01-02 10:55]
  R3 PRISM_A00;PRISM 802.11 Driver;C:\WINDOWS\system32\DRIVERS\PRISMA00.sys [2004-07-20 20:16]
  S3 ADM8511;ADMtek ADM8511/AN986 USB To Fast Ethernet Converter;C:\WINDOWS\system32\DRIVERS\ADM8511.SYS [2001-08-17 20:11]
  S3 NvcMFlt;NvcMFlt;C:\WINDOWS\system32\DRIVERS\nvcw32mf.sys [2008-02-11 15:56]
  S3 nvcoas;Norman Virus Control on-access component;C:\Norman\Nvc\bin\nvcoas.exe [2007-12-12 12:45]
  S3 NVCScheduler;Norman Virus Control Scheduler;C:\Norman\Nvc\BIN\NVCSCHED.EXE [2007-03-15 11:48]
  
  .
  'Ajoitetut tehtävät'-kansion sisältö
  "2008-06-08 11:18:00 C:\WINDOWS\Tasks\Tarkistetaan Windows Live -työkalurivin päivitykset.job"
  - C:\Program Files\Windows Live Toolbar\MSNTBUP.EXE
  .
  **************************************************************************
  
  catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
  Rootkit scan 2008-06-08 14:37:46
  Windows 5.1.2600 Service Pack 2 NTFS
  
  scanning hidden processes ...
  
  scanning hidden autostart entries ...
  
  scanning hidden files ...
  
  scan completed successfully
  hidden files: 0
  
  **************************************************************************
  .
  Completion time: 2008-06-08 14:39:06
  ComboFix-quarantined-files.txt 2008-06-08 11:38:42
  ComboFix2.txt 2008-06-08 07:32:03
  ComboFix3.txt 2008-06-07 18:01:09
  ComboFix4.txt 2008-06-07 14:04:15
  ComboFix5.txt 2008-06-07 11:58:26
  
  Pre-Run: 828,403,712 tavua vapaana
  Post-Run: 833,929,216 tavua vapaana
  
  148   --- E O F ---   2008-06-05 17:58:03
  roiskuu
  
  Avaa Muistio ja kopioi/liitä quoteboxin sisältö sinne:
  
  [quote]
  
  Folder::
  C:\fsaua.data
  
  [/quote]
  
  Tallenna se nimellä CFScript.txt
  
  Sitten raahaa CFScript ComboFix.exeen kuten alla.
  [img]http://users.pandora.be/bluepatchy/miekiemoes/images/CFScript.gif[/img]
  
  Käynnistä tietokone uudelleen pyydettäessä ja lähetä combofix.txt-tiedoston sisältö tänne.
- meikalainen
  2008-06-08 15:53:40
  FixFix kirjoitti:
  roiskuu
  
  Avaa Muistio ja kopioi/liitä quoteboxin sisältö sinne:
  
  [quote]
  
  Folder::
  C:\fsaua.data
  
  [/quote]
  
  Tallenna se nimellä CFScript.txt
  
  Sitten raahaa CFScript ComboFix.exeen kuten alla.
  [img]http://users.pandora.be/bluepatchy/miekiemoes/images/CFScript.gif[/img]
  
  Käynnistä tietokone uudelleen pyydettäessä ja lähetä combofix.txt-tiedoston sisältö tänne.
  ComboFix 08-06-05.2 - Omistaja 2008-06-08 15:47:00.9 - NTFSx86
  Running from: C:\Documents and Settings\Omistaja\Työpöytä\Virus-ohjelmia\ComboFix.exe
  Command switches used :: C:\Documents and Settings\Omistaja\Työpöytä\Virus-ohjelmia\CFScript.txt
  * Created a new restore point
  
  [color=red][b]WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !![/b][/color]
  .
  
  (((((((((((((((((((((((((((((((((((((( Muut poistot ))))))))))))))))))))))))))))))))))))))))))))))))))))))))
  .
  
  C:\fsaua.data
  
  .
  ((((( Tiedostot, jotka on luotu seuraavalla aikavälillä: 2008-05-08 to 2008-06-08 )))))))))))))))))
  .
  
  2008-06-07 19:13 . 2008-03-25 02:37   69,632   --a--c---   C:\WINDOWS\system32\javacpl.cpl
  2008-06-07 19:12 . 2008-06-07 19:13      d----c---   C:\Program Files\Java
  2008-06-07 19:11 . 2008-06-07 19:11      d----c---   C:\Program Files\Common Files\Java
  2008-06-07 18:23 . 2008-06-07 18:25      d----c---   C:\Malwarebytes' Anti-Malware
  2008-06-07 18:23 . 2008-06-07 18:23      d--------   C:\Documents and Settings\Omistaja\Application Data\Malwarebytes
  2008-06-07 18:23 . 2008-06-07 18:23      d----c---   C:\Documents and Settings\All Users\Application Data\Malwarebytes
  2008-06-07 18:23 . 2008-06-05 16:04   34,296   --a--c---   C:\WINDOWS\system32\drivers\mbamcatchme.sys
  2008-06-07 18:23 . 2008-06-05 16:04   15,864   --a--c---   C:\WINDOWS\system32\drivers\mbam.sys
  2008-06-04 14:40 . 2008-06-04 14:40   132,608   --a------   C:\WINDOWS\system32\kpergtyr.dll
  2008-06-04 14:40 . 2008-06-04 14:40   126,976   --a------   C:\WINDOWS\system32\cathhryt.dll
  2008-06-03 18:36 . 2008-06-03 21:22   86,548   --a------   C:\Documents and Settings\Omistaja\setupa.exe
  2008-06-02 17:17 . 2008-06-02 17:17      d----c---   C:\Program Files\Trend Micro
  2008-05-29 20:27 . 2008-06-05 16:50   501   --a--c---   C:\WINDOWS\wininit.ini
  2008-05-29 20:01 . 2008-05-29 20:01      d----c---   C:\Program Files\CCleaner
  2008-05-29 19:46 . 2008-05-29 19:46      d----c---   C:\Program Files\Spybot - Search & Destroy
  2008-05-29 19:46 . 2008-05-29 19:47      d----c---   C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
  2008-05-29 17:15 . 2008-05-29 17:35   102,664   --a--c---   C:\WINDOWS\system32\drivers\tmcomm.sys
  2008-05-29 17:12 . 2008-05-29 17:35      d--------   C:\Documents and Settings\Omistaja\.housecall6.6
  
  .
  (((((((((((((((((((((((((((((((((((( Find3M-raportti ))))))))))))))))))))))))))))))))))))))))))))))))))))))
  .
  2008-06-08 07:24   5   -c--a-w   C:\NPF_USER.DAT
  2008-06-07 20:58   ---------   dc----w   C:\Program Files\Common Files\Symantec Shared
  2008-06-07 16:29   ---------   dc----w   C:\Documents and Settings\All Users\Application Data\NPF
  2008-06-07 16:19   ---------   dc----w   C:\Program Files\Google
  2008-03-25 04:51   621,344   -c--a-w   C:\WINDOWS\system32\mswstr10.dll
  2008-03-25 04:51   166,688   -c--a-w   C:\WINDOWS\system32\msjint40.dll
  2008-03-20 08:09   1,845,504   -c--a-w   C:\WINDOWS\system32\win32k.sys
  2007-03-13 09:36   822   ----a-w   C:\Documents and Settings\Omistaja\Application Data\wklnhst.dat
  2006-01-30 18:20   560   -c--a-w   C:\Documents and Settings\Omistaja\Application Data\ViewerApp.dat
  2005-06-03 13:31   380   -c--a-w   C:\Documents and Settings\Omistaja\GlobalData.dat
  1999-06-09 14:51   99,840   -c--a-w   C:\Program Files\Common Files\IRAABOUT.DLL
  1998-12-09 00:53   70,144   -c--a-w   C:\Program Files\Common Files\IRAMDMTR.DLL
  1998-12-09 00:53   48,640   -c--a-w   C:\Program Files\Common Files\IRALPTTR.DLL
  1998-12-09 00:53   31,744   -c--a-w   C:\Program Files\Common Files\IRAWEBTR.DLL
  1998-12-09 00:53   186,368   -c--a-w   C:\Program Files\Common Files\IRAREG.DLL
  1998-12-09 00:53   17,920   -c--a-w   C:\Program Files\Common Files\IRASRIAL.DLL
  .
  
  ((((((((((((((((((((((((((((( snapshot@2008-06-05_20.56.00.47 )))))))))))))))))))))))))))))))))))))))))
  .
  2008-02-26 11:49:28   297,984   -c--a-w   C:\WINDOWS\$hf_mig$\KB932823-v3\SP2QFE\msctf.dll
  2007-03-06 01:31:09   14,048   -c--a-w   C:\WINDOWS\$hf_mig$\KB932823-v3\spmsg.dll
  2007-03-06 01:31:14   214,752   -c--a-w   C:\WINDOWS\$hf_mig$\KB932823-v3\spuninst.exe
  2007-03-06 01:31:07   22,752   -c--a-w   C:\WINDOWS\$hf_mig$\KB932823-v3\update\spcustom.dll
  2007-03-06 01:31:32   717,536   -c--a-w   C:\WINDOWS\$hf_mig$\KB932823-v3\update\update.exe
  2007-03-06 01:32:23   380,640   -c--a-w   C:\WINDOWS\$hf_mig$\KB932823-v3\update\updspapi.dll
  - 2008-06-05 17:50:00   2,048   --s-a-w   C:\WINDOWS\bootstat.dat
  2008-06-08 07:24:17   2,048   --s-a-w   C:\WINDOWS\bootstat.dat
  - 2004-09-15 12:00:00   294,400   -c--a-w   C:\WINDOWS\system32\dllcache\msctf.dll
  2008-02-26 12:00:47   294,912   -c--a-w   C:\WINDOWS\system32\dllcache\msctf.dll
  - 2007-03-13 21:31:24   135,168   -c--a-w   C:\WINDOWS\system32\java.exe
  2008-03-24 22:28:39   135,168   -c--a-w   C:\WINDOWS\system32\java.exe
  - 2007-03-13 21:31:28   135,168   -c--a-w   C:\WINDOWS\system32\javaw.exe
  2008-03-24 22:28:43   135,168   -c--a-w   C:\WINDOWS\system32\javaw.exe
  - 2007-03-13 23:04:46   139,264   -c--a-w   C:\WINDOWS\system32\javaws.exe
  2008-03-24 23:37:01   139,264   -c--a-w   C:\WINDOWS\system32\javaws.exe
  - 2004-09-15 12:00:00   294,400   ----a-w   C:\WINDOWS\system32\MSCTF.dll
  2008-02-26 12:00:47   294,912   -c--a-w   C:\WINDOWS\system32\msctf.dll
  .
  (((((((((((((((((((((((((((((( Rekisterin käynnistyskohteet )))))))))))))))))))))))))))))))))))))))))))))
  .
  .
  REGEDIT4
  *Huom* Tyhjiä arvoja ja laillisia oletusarvoja ei näytetä
  
  [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
  "CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-09-15 15:00 15360]
  "swg"="C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe" [2008-06-07 19:15 171448]
  
  [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
  "IgfxTray"="C:\WINDOWS\system32\igfxtray.exe" [2004-07-02 03:02 155648]
  "HotKeysCmds"="C:\WINDOWS\system32\hkcmd.exe" [2004-07-02 02:58 118784]
  "SoundMan"="SOUNDMAN.EXE" [2004-12-22 10:09 77824 C:\WINDOWS\SOUNDMAN.EXE]
  "AGRSMMSG"="AGRSMMSG.exe" [2004-02-21 05:00 88363 C:\WINDOWS\AGRSMMSG.exe]
  "LtMoh"="C:\Program Files\ltmoh\Ltmoh.exe" [2003-04-29 06:08 184320]
  "SynTPLpr"="C:\Program Files\Synaptics\SynTP\SynTPLpr.exe" [2004-07-24 05:49 102400]
  "SynTPEnh"="C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" [2004-07-24 05:49 684032]
  "XPFix"="C:\Program Files\GlobespanVirata\XPFix.exe" [2004-07-23 18:25 217188]
  "NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [2001-07-09 11:50 155648]
  "HP Component Manager"="C:\Program Files\HP\hpcoretech\hpcmpmgr.exe" [2005-01-12 15:54 241664]
  "Norman ZANDA"="C:\Norman\Npm\bin\ZLH.exe" [2007-04-27 13:58 183352]
  "InCD"="C:\Nero Express\InCD\InCD.exe" [2005-07-25 12:01 1397760]
  "HP Software Update"="C:\HP\HP Software Update\HPWuSchd2.exe" [2005-02-17 00:11 49152]
  "QuickTime Task"="D:\QuickTime\qttask.exe" [2007-11-11 16:42 286720]
  "LVCOMSX"="C:\WINDOWS\system32\LVCOMSX.EXE" [2005-07-19 18:32 221184]
  "Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 23:16 39792]
  "SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_06\bin\jusched.exe" [2008-03-25 04:28 144784]
  
  [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
  "CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-09-15 15:00 15360]
  
  C:\Documents and Settings\Omistaja\K„ynnist„-valikko\Ohjelmat\K„ynnistys\
  WKCALREM.LNK - C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkCalRem.exe [2004-07-12 04:54:24 15360]
  
  C:\Documents and Settings\All Users\K„ynnist„-valikko\Ohjelmat\K„ynnistys\
  Microsoft Office.lnk - D:\front\Office10\OSA.EXE [2001-02-13 02:01:04 83360]
  
  [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
  "vidc.ffds"= D:\IMUROI~1\FFDSHO~1\ffdshow.ax
  
  [HKEY_LOCAL_MACHINE\software\microsoft\security center]
  "AntiVirusDisableNotify"=dword:00000001
  "UpdatesDisableNotify"=dword:00000001
  
  [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
  "DisableMonitoring"=dword:00000001
  
  [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
  "EnableFirewall"= 0 (0x0)
  
  [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
  "%windir%\\system32\\sessmgr.exe"=
  "C:\\Program Files\\Messenger\\msmsgs.exe"=
  "D:\\Imurointi\\eMule\\emule.exe"=
  "%windir%\\Network Diagnostic\\xpnetdiag.exe"=
  "D:\\Skype\\Phone\\Skype.exe"=
  "C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
  "C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=
  
  R0 NDIS_RD;Firewall Engine Type-R2;C:\WINDOWS\system32\drivers\NDIS_RD.sys [2004-12-06 10:18]
  R1 TDI_RD;Firewall Engine Type-R;C:\WINDOWS\system32\drivers\tdi_rd.sys [2004-10-13 22:01]
  R2 Ndiskio;Ndiskio;C:\Norman\Nse\bin\NDISKIO.SYS [2007-01-02 10:55]
  R3 PRISM_A00;PRISM 802.11 Driver;C:\WINDOWS\system32\DRIVERS\PRISMA00.sys [2004-07-20 20:16]
  S3 ADM8511;ADMtek ADM8511/AN986 USB To Fast Ethernet Converter;C:\WINDOWS\system32\DRIVERS\ADM8511.SYS [2001-08-17 20:11]
  S3 NvcMFlt;NvcMFlt;C:\WINDOWS\system32\DRIVERS\nvcw32mf.sys [2008-02-11 15:56]
  S3 nvcoas;Norman Virus Control on-access component;C:\Norman\Nvc\bin\nvcoas.exe [2007-12-12 12:45]
  S3 NVCScheduler;Norman Virus Control Scheduler;C:\Norman\Nvc\BIN\NVCSCHED.EXE [2007-03-15 11:48]
  
  .
  'Ajoitetut tehtävät'-kansion sisältö
  "2008-06-08 12:18:00 C:\WINDOWS\Tasks\Tarkistetaan Windows Live -työkalurivin päivitykset.job"
  - C:\Program Files\Windows Live Toolbar\MSNTBUP.EXE
  .
  **************************************************************************
  
  catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
  Rootkit scan 2008-06-08 15:48:24
  Windows 5.1.2600 Service Pack 2 NTFS
  
  scanning hidden processes ...
  
  scanning hidden autostart entries ...
  
  scanning hidden files ...
  
  scan completed successfully
  hidden files: 0
  
  **************************************************************************
  .
  Completion time: 2008-06-08 15:49:40
  ComboFix-quarantined-files.txt 2008-06-08 12:49:13
  ComboFix2.txt 2008-06-08 11:39:07
  ComboFix3.txt 2008-06-08 07:32:03
  ComboFix4.txt 2008-06-07 18:01:09
  ComboFix5.txt 2008-06-07 14:04:15
  
  Pre-Run: 798,670,848 tavua vapaana
  Post-Run: 804,319,232 tavua vapaana
  
  152   --- E O F ---   2008-06-05 17:58:03
- FixFix
  2008-06-08 16:22:57
  meikalainen kirjoitti:
  ComboFix 08-06-05.2 - Omistaja 2008-06-08 15:47:00.9 - NTFSx86
  Running from: C:\Documents and Settings\Omistaja\Työpöytä\Virus-ohjelmia\ComboFix.exe
  Command switches used :: C:\Documents and Settings\Omistaja\Työpöytä\Virus-ohjelmia\CFScript.txt
  * Created a new restore point
  
  [color=red][b]WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !![/b][/color]
  .
  
  (((((((((((((((((((((((((((((((((((((( Muut poistot ))))))))))))))))))))))))))))))))))))))))))))))))))))))))
  .
  
  C:\fsaua.data
  
  .
  ((((( Tiedostot, jotka on luotu seuraavalla aikavälillä: 2008-05-08 to 2008-06-08 )))))))))))))))))
  .
  
  2008-06-07 19:13 . 2008-03-25 02:37   69,632   --a--c---   C:\WINDOWS\system32\javacpl.cpl
  2008-06-07 19:12 . 2008-06-07 19:13      d----c---   C:\Program Files\Java
  2008-06-07 19:11 . 2008-06-07 19:11      d----c---   C:\Program Files\Common Files\Java
  2008-06-07 18:23 . 2008-06-07 18:25      d----c---   C:\Malwarebytes' Anti-Malware
  2008-06-07 18:23 . 2008-06-07 18:23      d--------   C:\Documents and Settings\Omistaja\Application Data\Malwarebytes
  2008-06-07 18:23 . 2008-06-07 18:23      d----c---   C:\Documents and Settings\All Users\Application Data\Malwarebytes
  2008-06-07 18:23 . 2008-06-05 16:04   34,296   --a--c---   C:\WINDOWS\system32\drivers\mbamcatchme.sys
  2008-06-07 18:23 . 2008-06-05 16:04   15,864   --a--c---   C:\WINDOWS\system32\drivers\mbam.sys
  2008-06-04 14:40 . 2008-06-04 14:40   132,608   --a------   C:\WINDOWS\system32\kpergtyr.dll
  2008-06-04 14:40 . 2008-06-04 14:40   126,976   --a------   C:\WINDOWS\system32\cathhryt.dll
  2008-06-03 18:36 . 2008-06-03 21:22   86,548   --a------   C:\Documents and Settings\Omistaja\setupa.exe
  2008-06-02 17:17 . 2008-06-02 17:17      d----c---   C:\Program Files\Trend Micro
  2008-05-29 20:27 . 2008-06-05 16:50   501   --a--c---   C:\WINDOWS\wininit.ini
  2008-05-29 20:01 . 2008-05-29 20:01      d----c---   C:\Program Files\CCleaner
  2008-05-29 19:46 . 2008-05-29 19:46      d----c---   C:\Program Files\Spybot - Search & Destroy
  2008-05-29 19:46 . 2008-05-29 19:47      d----c---   C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
  2008-05-29 17:15 . 2008-05-29 17:35   102,664   --a--c---   C:\WINDOWS\system32\drivers\tmcomm.sys
  2008-05-29 17:12 . 2008-05-29 17:35      d--------   C:\Documents and Settings\Omistaja\.housecall6.6
  
  .
  (((((((((((((((((((((((((((((((((((( Find3M-raportti ))))))))))))))))))))))))))))))))))))))))))))))))))))))
  .
  2008-06-08 07:24   5   -c--a-w   C:\NPF_USER.DAT
  2008-06-07 20:58   ---------   dc----w   C:\Program Files\Common Files\Symantec Shared
  2008-06-07 16:29   ---------   dc----w   C:\Documents and Settings\All Users\Application Data\NPF
  2008-06-07 16:19   ---------   dc----w   C:\Program Files\Google
  2008-03-25 04:51   621,344   -c--a-w   C:\WINDOWS\system32\mswstr10.dll
  2008-03-25 04:51   166,688   -c--a-w   C:\WINDOWS\system32\msjint40.dll
  2008-03-20 08:09   1,845,504   -c--a-w   C:\WINDOWS\system32\win32k.sys
  2007-03-13 09:36   822   ----a-w   C:\Documents and Settings\Omistaja\Application Data\wklnhst.dat
  2006-01-30 18:20   560   -c--a-w   C:\Documents and Settings\Omistaja\Application Data\ViewerApp.dat
  2005-06-03 13:31   380   -c--a-w   C:\Documents and Settings\Omistaja\GlobalData.dat
  1999-06-09 14:51   99,840   -c--a-w   C:\Program Files\Common Files\IRAABOUT.DLL
  1998-12-09 00:53   70,144   -c--a-w   C:\Program Files\Common Files\IRAMDMTR.DLL
  1998-12-09 00:53   48,640   -c--a-w   C:\Program Files\Common Files\IRALPTTR.DLL
  1998-12-09 00:53   31,744   -c--a-w   C:\Program Files\Common Files\IRAWEBTR.DLL
  1998-12-09 00:53   186,368   -c--a-w   C:\Program Files\Common Files\IRAREG.DLL
  1998-12-09 00:53   17,920   -c--a-w   C:\Program Files\Common Files\IRASRIAL.DLL
  .
  
  ((((((((((((((((((((((((((((( snapshot@2008-06-05_20.56.00.47 )))))))))))))))))))))))))))))))))))))))))
  .
  2008-02-26 11:49:28   297,984   -c--a-w   C:\WINDOWS\$hf_mig$\KB932823-v3\SP2QFE\msctf.dll
  2007-03-06 01:31:09   14,048   -c--a-w   C:\WINDOWS\$hf_mig$\KB932823-v3\spmsg.dll
  2007-03-06 01:31:14   214,752   -c--a-w   C:\WINDOWS\$hf_mig$\KB932823-v3\spuninst.exe
  2007-03-06 01:31:07   22,752   -c--a-w   C:\WINDOWS\$hf_mig$\KB932823-v3\update\spcustom.dll
  2007-03-06 01:31:32   717,536   -c--a-w   C:\WINDOWS\$hf_mig$\KB932823-v3\update\update.exe
  2007-03-06 01:32:23   380,640   -c--a-w   C:\WINDOWS\$hf_mig$\KB932823-v3\update\updspapi.dll
  - 2008-06-05 17:50:00   2,048   --s-a-w   C:\WINDOWS\bootstat.dat
  2008-06-08 07:24:17   2,048   --s-a-w   C:\WINDOWS\bootstat.dat
  - 2004-09-15 12:00:00   294,400   -c--a-w   C:\WINDOWS\system32\dllcache\msctf.dll
  2008-02-26 12:00:47   294,912   -c--a-w   C:\WINDOWS\system32\dllcache\msctf.dll
  - 2007-03-13 21:31:24   135,168   -c--a-w   C:\WINDOWS\system32\java.exe
  2008-03-24 22:28:39   135,168   -c--a-w   C:\WINDOWS\system32\java.exe
  - 2007-03-13 21:31:28   135,168   -c--a-w   C:\WINDOWS\system32\javaw.exe
  2008-03-24 22:28:43   135,168   -c--a-w   C:\WINDOWS\system32\javaw.exe
  - 2007-03-13 23:04:46   139,264   -c--a-w   C:\WINDOWS\system32\javaws.exe
  2008-03-24 23:37:01   139,264   -c--a-w   C:\WINDOWS\system32\javaws.exe
  - 2004-09-15 12:00:00   294,400   ----a-w   C:\WINDOWS\system32\MSCTF.dll
  2008-02-26 12:00:47   294,912   -c--a-w   C:\WINDOWS\system32\msctf.dll
  .
  (((((((((((((((((((((((((((((( Rekisterin käynnistyskohteet )))))))))))))))))))))))))))))))))))))))))))))
  .
  .
  REGEDIT4
  *Huom* Tyhjiä arvoja ja laillisia oletusarvoja ei näytetä
  
  [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
  "CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-09-15 15:00 15360]
  "swg"="C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe" [2008-06-07 19:15 171448]
  
  [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
  "IgfxTray"="C:\WINDOWS\system32\igfxtray.exe" [2004-07-02 03:02 155648]
  "HotKeysCmds"="C:\WINDOWS\system32\hkcmd.exe" [2004-07-02 02:58 118784]
  "SoundMan"="SOUNDMAN.EXE" [2004-12-22 10:09 77824 C:\WINDOWS\SOUNDMAN.EXE]
  "AGRSMMSG"="AGRSMMSG.exe" [2004-02-21 05:00 88363 C:\WINDOWS\AGRSMMSG.exe]
  "LtMoh"="C:\Program Files\ltmoh\Ltmoh.exe" [2003-04-29 06:08 184320]
  "SynTPLpr"="C:\Program Files\Synaptics\SynTP\SynTPLpr.exe" [2004-07-24 05:49 102400]
  "SynTPEnh"="C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" [2004-07-24 05:49 684032]
  "XPFix"="C:\Program Files\GlobespanVirata\XPFix.exe" [2004-07-23 18:25 217188]
  "NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [2001-07-09 11:50 155648]
  "HP Component Manager"="C:\Program Files\HP\hpcoretech\hpcmpmgr.exe" [2005-01-12 15:54 241664]
  "Norman ZANDA"="C:\Norman\Npm\bin\ZLH.exe" [2007-04-27 13:58 183352]
  "InCD"="C:\Nero Express\InCD\InCD.exe" [2005-07-25 12:01 1397760]
  "HP Software Update"="C:\HP\HP Software Update\HPWuSchd2.exe" [2005-02-17 00:11 49152]
  "QuickTime Task"="D:\QuickTime\qttask.exe" [2007-11-11 16:42 286720]
  "LVCOMSX"="C:\WINDOWS\system32\LVCOMSX.EXE" [2005-07-19 18:32 221184]
  "Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 23:16 39792]
  "SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_06\bin\jusched.exe" [2008-03-25 04:28 144784]
  
  [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
  "CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-09-15 15:00 15360]
  
  C:\Documents and Settings\Omistaja\K„ynnist„-valikko\Ohjelmat\K„ynnistys\
  WKCALREM.LNK - C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkCalRem.exe [2004-07-12 04:54:24 15360]
  
  C:\Documents and Settings\All Users\K„ynnist„-valikko\Ohjelmat\K„ynnistys\
  Microsoft Office.lnk - D:\front\Office10\OSA.EXE [2001-02-13 02:01:04 83360]
  
  [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
  "vidc.ffds"= D:\IMUROI~1\FFDSHO~1\ffdshow.ax
  
  [HKEY_LOCAL_MACHINE\software\microsoft\security center]
  "AntiVirusDisableNotify"=dword:00000001
  "UpdatesDisableNotify"=dword:00000001
  
  [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
  "DisableMonitoring"=dword:00000001
  
  [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
  "EnableFirewall"= 0 (0x0)
  
  [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
  "%windir%\\system32\\sessmgr.exe"=
  "C:\\Program Files\\Messenger\\msmsgs.exe"=
  "D:\\Imurointi\\eMule\\emule.exe"=
  "%windir%\\Network Diagnostic\\xpnetdiag.exe"=
  "D:\\Skype\\Phone\\Skype.exe"=
  "C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
  "C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=
  
  R0 NDIS_RD;Firewall Engine Type-R2;C:\WINDOWS\system32\drivers\NDIS_RD.sys [2004-12-06 10:18]
  R1 TDI_RD;Firewall Engine Type-R;C:\WINDOWS\system32\drivers\tdi_rd.sys [2004-10-13 22:01]
  R2 Ndiskio;Ndiskio;C:\Norman\Nse\bin\NDISKIO.SYS [2007-01-02 10:55]
  R3 PRISM_A00;PRISM 802.11 Driver;C:\WINDOWS\system32\DRIVERS\PRISMA00.sys [2004-07-20 20:16]
  S3 ADM8511;ADMtek ADM8511/AN986 USB To Fast Ethernet Converter;C:\WINDOWS\system32\DRIVERS\ADM8511.SYS [2001-08-17 20:11]
  S3 NvcMFlt;NvcMFlt;C:\WINDOWS\system32\DRIVERS\nvcw32mf.sys [2008-02-11 15:56]
  S3 nvcoas;Norman Virus Control on-access component;C:\Norman\Nvc\bin\nvcoas.exe [2007-12-12 12:45]
  S3 NVCScheduler;Norman Virus Control Scheduler;C:\Norman\Nvc\BIN\NVCSCHED.EXE [2007-03-15 11:48]
  
  .
  'Ajoitetut tehtävät'-kansion sisältö
  "2008-06-08 12:18:00 C:\WINDOWS\Tasks\Tarkistetaan Windows Live -työkalurivin päivitykset.job"
  - C:\Program Files\Windows Live Toolbar\MSNTBUP.EXE
  .
  **************************************************************************
  
  catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
  Rootkit scan 2008-06-08 15:48:24
  Windows 5.1.2600 Service Pack 2 NTFS
  
  scanning hidden processes ...
  
  scanning hidden autostart entries ...
  
  scanning hidden files ...
  
  scan completed successfully
  hidden files: 0
  
  **************************************************************************
  .
  Completion time: 2008-06-08 15:49:40
  ComboFix-quarantined-files.txt 2008-06-08 12:49:13
  ComboFix2.txt 2008-06-08 11:39:07
  ComboFix3.txt 2008-06-08 07:32:03
  ComboFix4.txt 2008-06-07 18:01:09
  ComboFix5.txt 2008-06-07 14:04:15
  
  Pre-Run: 798,670,848 tavua vapaana
  Post-Run: 804,319,232 tavua vapaana
  
  152   --- E O F ---   2008-06-05 17:58:03
  poikooo
  
  mites kone toimii
- meikalainen
  2008-06-08 17:01:25
  FixFix kirjoitti:
  poikooo
  
  mites kone toimii
  Ei ole enää merkkiäkään viruksesta! Se ei ennen päästäny esim hotmailiin ja facebookiin, mutta nyt päästää!! Eikä ole ponnahdusikkunoitakaan tullu tai muutenkaan juminu. Eli hyvä hyvä... Suuri kiitos sulle että sain viruksen pois! Pelkäsin jo että joudun asentaan kaiken uudeleen, mutta kiitos sinun.. :)

Ketjusta on poistettu 0 sääntöjenvastaista viestiä.

Takaisin ylös

Luetuimmat keskustelut

Tärkeä kysymys!
Haluatko sinä, mies, minut?
17.05.2024 19:06Ikävä
91
1445
Asiallinen lähestyminen
Mitä on asiallinen lähestyminen?? Tietääkö tai tajuaako kukaan, varsinkaan miehet??? Eilen NELJÄNNEN kerran jouduin isk
17.05.2024 15:01Sinkut
154
1137
En tiedä..
Yhtään minkälainen miesmaku sinulla on. itse arvioin sinua moneenkin otteeseen ja joka kerta päädyin samaan lopputulokse
18.05.2024 14:21Ikävä
103
1020
Jennika Vikman avoimena - Isosisko Erika Vikman ohjeisti napakasti Tähdet, tähdet -kisaan: "Älä.."
Jennika ja Erika - niin ovat kuin kaksi marjaa! Ilmeiltään, ääneltään ja eleiltään hyvinkin samanlaiset - toinen on kyll
17.05.2024 08:43Suomalaiset julkkikset
15
877
Mitäs nainen
Meinaat tehdä viikonloppuna.
17.05.2024 20:29Ikävä
82
850
Suhde asiaa
Miksi et halua suhdetta kanssani?
18.05.2024 18:59Ikävä
64
760
Milloin viimeksi näit ikäväsi kohteen?
Oliko helppo tunnistaa hänet? Millaisia tunteita tuo näkeminen herätti sinussa?
18.05.2024 15:22Ikävä
40
747
Vedalainen metafysiikka
Termi ”metafysiikka” kuuluu Aristoteleelle. Metafysiikka tarkoittaa ”fysiikan jälkeen” eli tietoa siitä, mikä on tavalli
17.05.2024 02:10Hindulaisuus
289
733
Ai jaa sinä oletkin ahnas
Ja romanttinen luonne, nyt vasta hiffasin että olet naarastiikeri. Parempi myöhään kuin ei milloinkaan.
17.05.2024 00:27Ikävä
107
728
En oikeastaan usko että sinä tai kukaan
Olisi oikeasti ihastunut tai rakastunut. Se on joku harhakuva joka minusta miehestä syntyi. Ja kun se särkyy, niin "tunt
17.05.2024 01:23Ikävä
44
692

Vastaukset

meikalainen kirjoitti:

FixFix kirjoitti:

meikalainen kirjoitti:

Fix.fix kirjoitti:

meikalainen kirjoitti:

Fix.fix kirjoitti:

meikalainen kirjoitti:

FixFix kirjoitti:

meikalainen kirjoitti:

FixFix kirjoitti:

meikalainen kirjoitti:

meikalainen kirjoitti:

meikalainen kirjoitti:

Fix.fix kirjoitti:

meikalainen kirjoitti:

FixFix kirjoitti:

meikalainen kirjoitti:

FixFix kirjoitti:

meikalainen kirjoitti:

FixFix kirjoitti:

Luetuimmat keskustelut

Tärkeä kysymys!

Asiallinen lähestyminen

En tiedä..

Jennika Vikman avoimena - Isosisko Erika Vikman ohjeisti napakasti Tähdet, tähdet -kisaan: "Älä.."

Mitäs nainen

Suhde asiaa

Milloin viimeksi näit ikäväsi kohteen?

Vedalainen metafysiikka

Ai jaa sinä oletkin ahnas

En oikeastaan usko että sinä tai kukaan