Kone on tuon takia mennyt aivan sekaisin, Norman lähettää jatkuvasti ilmoitusta "Norman Virus Control detected a commercial and moved it to the quarantine. Location: c:\windows\system32\qomcbayw.dll Commercial: W32/Virtumonde.WVC", kone hidastelee niin että käyttö on lähes mahdotonta ja mainoksia välähtää näytölle kun nettiä yrittää käyttää.

Ps. Neuvokaa niin, että tällainen puupääkin ymmärtää :|

1. Lataa Combofix.exe työpöydällesi jommastakummasta linkistä:
Combofix.exe
Combofix.exe

Avaa Combofix.exe ja seuraa näyttöön tulevia ohjeita

Huom! Älä klikkaile combofixin ikkunaa käytön aikana. Tämä saattaa aiheuttaa ohjelman jumiutumisen.
Käynnistä kone uudelleen, jos niin pyydetään ja lähetä combofix.txt-tiedoston sisältö tänne.

Tyhjennä roskakori ja käynnistä koneesi uudelleen.

Postita tänne seuraavat lokit:
* Tuore HijackThis loki (Otetaan viimeisenä ennen postitusta)
* (C:\ComboFix.txt) raportti
*

Niin mikä tuo HiJackThis oikein on?

HijackThis on tehokas, mutta asiantuntemusta vaativa haittaohjelmien etsimis- ja poisto-ohjelma.

Eli ohjelma jolla konetta putsaava henkilö näkee onko koneessa viruksi/haittaohjelmia.

No tässä olis nyt se ComboFix -raportti:

ComboFix 08-06-12.2 - Omistaja 2008-06-15 19:42:10.2 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1035.18.424 [GMT 3:00]
Running from: C:\Documents and Settings\Omistaja\Työpöytä\ComboFix.exe
* Resident AV is active


WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.

(((((((((((((((((((((((((((((((((((((( Muut poistot ))))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
---- Previous Run -------
.
C:\Program Files\VirusHeat 4.3
C:\Program Files\VirusHeat 4.3\sdebug.log
C:\WINDOWS\BM7fa79b77.xml
C:\WINDOWS\cookies.ini
C:\WINDOWS\Downloaded Program Files\setup.inf
C:\WINDOWS\Fonts\CALIBRIB.TTF
C:\WINDOWS\pskt.ini
C:\WINDOWS\system32\aigxwjnw.dll
C:\WINDOWS\system32\aqdhmhpv.dll
C:\WINDOWS\system32\ddwylojh.dll
C:\WINDOWS\system32\eilpujym.ini
C:\WINDOWS\system32\fffomcbj.dll
C:\WINDOWS\system32\hjolywdd.ini
C:\WINDOWS\system32\hrlkygij.dll
C:\WINDOWS\system32\jigyklrh.ini
C:\WINDOWS\system32\mcrh.tmp
C:\WINDOWS\system32\mlfgqids.dll
C:\WINDOWS\system32\rxibfmpo.ini
C:\WINDOWS\system32\tbofovvy.ini
C:\WINDOWS\system32\urkmyybq.dll
C:\WINDOWS\system32\WyabcMoq.ini
C:\WINDOWS\system32\WyabcMoq.ini2
C:\WINDOWS\system32\xputftdr.dll
C:\WINDOWS\system32\yjtviucv.dll
C:\WINDOWS\system32\yvvofobt.dll

.
((((( Tiedostot, jotka on luotu seuraavalla aikavälillä: 2008-05-15 to 2008-06-15 )))))))))))))))))
.

2008-06-15 19:37 . 2008-06-15 19:37 <KANSIO> d-------- C:\WINDOWS\LastGood
2008-06-06 18:02 . 2008-06-06 18:02 8 --a------ C:\WINDOWS\system32\7c94ba65
2008-06-06 17:36 . 2008-01-01 19:45 <KANSIO> d--h----- C:\Documents and Settings\Järjestelmänvalvoja\Verkkoympäristö
2008-06-06 17:36 . 2008-01-01 19:45 <KANSIO> d--h----- C:\Documents and Settings\Järjestelmänvalvoja\Verkkoympäristö
2008-06-06 17:36 . 2008-01-01 18:02 <KANSIO> d-------- C:\Documents and Settings\Järjestelmänvalvoja\Työpöytä
2008-06-06 17:36 . 2008-01-01 18:02 <KANSIO> d-------- C:\Documents and Settings\Järjestelmänvalvoja\Työpöytä
2008-06-06 17:36 . 2008-01-01 19:45 <KANSIO> d--h----- C:\Documents and Settings\Järjestelmänvalvoja\Tulostinympäristö
2008-06-06 17:36 . 2008-01-01 19:45 <KANSIO> d--h----- C:\Documents and Settings\Järjestelmänvalvoja\Tulostinympäristö
2008-06-06 17:36 . 2008-01-01 19:45 <KANSIO> d-------- C:\Documents and Settings\Järjestelmänvalvoja\Suosikit
2008-06-06 17:36 . 2008-01-01 19:45 <KANSIO> d-------- C:\Documents and Settings\Järjestelmänvalvoja\Suosikit
2008-06-06 17:36 . 2008-01-01 17:55 <KANSIO> d--h----- C:\Documents and Settings\Järjestelmänvalvoja\Mallit
2008-06-06 17:36 . 2008-01-01 17:55 <KANSIO> d--h----- C:\Documents and Settings\Järjestelmänvalvoja\Mallit
2008-06-06 17:36 . 2008-01-01 19:45 <KANSIO> dr------- C:\Documents and Settings\Järjestelmänvalvoja\Käynnistä-valikko
2008-06-06 17:36 . 2008-01-01 19:45 <KANSIO> dr------- C:\Documents and Settings\Järjestelmänvalvoja\Käynnistä-valikko
2008-06-06 17:36 . 2008-06-06 18:27 <KANSIO> d-------- C:\Documents and Settings\Järjestelmänvalvoja
2008-06-03 12:50 . 2008-06-03 12:50 <KANSIO> d-------- C:\Documents and Settings\Omistaja\Application Data\TurvaPC
2008-06-03 12:45 . 2008-06-03 12:45 <KANSIO> d-------- C:\Documents and Settings\All Users\Application Data\TurvaPC
2008-06-02 23:04 . 2008-06-02 23:04 7,680 --ahs---- C:\WINDOWS\Thumbs.db
2008-06-02 22:58 . 2008-06-02 22:58 244 --ah----- C:\sqmnoopt05.sqm
2008-06-02 22:58 . 2008-06-02 22:58 232 --ah----- C:\sqmdata05.sqm
2008-06-02 22:31 . 2008-06-02 22:58 97,116 --a------ C:\WINDOWS\DC5177176.zip
2008-06-02 21:17 . 2008-06-02 23:46 <KANSIO> d-------- C:\Program Files\Windows Installer Clean Up
2008-06-02 21:17 . 2008-06-02 21:17 <KANSIO> d-------- C:\Program Files\MSECACHE
2008-06-02 21:06 . 2008-03-25 02:37 69,632 --a------ C:\WINDOWS\system32\javacpl.cpl
2008-06-02 21:03 . 2008-06-02 21:03 <KANSIO> d-------- C:\Program Files\Common Files\Java
2008-06-01 17:08 . 2008-06-01 17:08 <KANSIO> d-------- C:\WINDOWS\Sun
2008-06-01 17:08 . 2008-06-02 21:06 <KANSIO> d-------- C:\Program Files\Java
2008-05-31 11:24 . 2008-05-31 11:24 0 --a------ C:\WINDOWS\system32\REN24.tmp
2008-05-31 11:24 . 2008-05-31 11:24 0 --a------ C:\WINDOWS\system32\REN23.tmp
2008-05-31 11:24 . 2008-05-31 11:24 0 --a------ C:\WINDOWS\system32\REN22.tmp
2008-05-31 10:51 . 2008-05-31 10:51 <KANSIO> d-------- C:\VivoxLogs
2008-05-30 16:41 . 2008-05-30 16:53 <KANSIO> d-------- C:\Documents and Settings\Omistaja\Application Data\OpenOffice.org2
2008-05-27 14:39 . 2008-05-27 14:39 <KANSIO> d--hs---- C:\WINDOWS\ftpcache
2008-05-25 09:08 . 2008-05-25 09:08 <KANSIO> d-------- C:\Documents and Settings\NetworkService\Application Data\Xfire
2008-05-21 12:00 . 2008-05-21 14:10 <KANSIO> d-------- C:\WINDOWS\system32\Adobe
2008-05-17 13:07 . 2008-05-17 13:07 118 --a------ C:\WINDOWS\system32\MRT.INI

.
(((((((((((((((((((((((((((((((((((( Find3M-raportti ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-06-15 16:31 --------- d-----w C:\Program Files\Norman
2008-06-13 07:46 --------- d-----w C:\Program Files\Common Files\Symantec Shared
2008-06-06 15:00 --------- d-----w C:\Program Files\Norton Security Scan
2008-06-03 06:06 22,328 ----a-w C:\WINDOWS\system32\drivers\PnkBstrK.sys
2008-06-03 06:06 107,832 ----a-w C:\WINDOWS\system32\PnkBstrB.exe
2008-06-02 20:28 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-05-31 09:38 --------- d-----w C:\Program Files\Common Files\Adobe
2008-05-30 14:00 --------- d-----w C:\Program Files\Microsoft Works
2008-05-30 14:00 --------- d-----w C:\Documents and Settings\All Users\Application Data\Microsoft Help
2008-05-27 10:27 --------- d-----w C:\Program Files\PicLensIE
2008-05-24 20:37 --------- d-----w C:\Program Files\WarRock
2008-05-09 12:18 40,960 ----a-w C:\WINDOWS\Gorillaz Albumsaver.dll
2008-05-09 12:18 265,388 ----a-w C:\WINDOWS\Gorillaz Albumsaver.scr
2008-05-09 12:18 1,581,226 ----a-w C:\WINDOWS\Gorillaz Albumsaver.exe
2008-05-06 19:19 --------- d-----w C:\Documents and Settings\Omistaja\Application Data\Skype
2008-05-06 13:19 --------- d-----w C:\Documents and Settings\Omistaja\Application Data\skypePM
2008-05-04 16:40 --------- d-----w C:\Documents and Settings\Omistaja\Application Data\LimeWire
2008-05-01 13:22 --------- d-----w C:\Program Files\EA GAMES
2008-04-26 12:21 --------- d-----w C:\Program Files\Maxis
2008-03-25 04:51 621,344 ----a-w C:\WINDOWS\system32\mswstr10.dll
2008-03-25 04:51 166,688 ----a-w C:\WINDOWS\system32\msjint40.dll
2008-03-20 08:09 1,845,504 ----a-w C:\WINDOWS\system32\win32k.sys
2008-02-17 17:36 21,769,888 ----a-w C:\Documents and Settings\sanrox\Nokia_PC_Suite_6_84_10_3_fin_web.exe
2008-01-06 13:29 0 ----a-w C:\Documents and Settings\Omistaja\Application Data\wklnhst.dat
2008-01-04 16:11 32 ----a-w C:\Documents and Settings\All Users\Application Data\ezsid.dat
.

((((((((((((((((((((((((((((( snapshot@2008-06-15_19.38.52.01 )))))))))))))))))))))))))))))))))))))))))
.
.
(((((((((((((((((((((((((((((( Rekisterin käynnistyskohteet )))))))))))))))))))))))))))))))))))))))))))))
.
.
REGEDIT4
*Huom* Tyhjiä arvoja ja laillisia oletusarvoja ei näytetä

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{387039A9-5C4B-432A-B7D7-915460856985}]
C:\WINDOWS\system32\qoMcbayW.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-09-15 15:00 15360]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe" [2008-01-04 16:34 171448]
"MsnMsgr"="C:\Documents and Settings\Omistaja\Työpöytä\msnmsgr.exe" [2007-10-18 12:34 5724184]
"WinBejSetup.exe"="C:\DOWNLO~1\WINBEJ~1.exe" [ ]
"PC Suite Tray"="C:\Program Files\Nokia\Nokia PC Suite 6\PCSuite.exe" [2007-12-10 11:12 695808]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"High Definition Audio Property Page Shortcut"="HDAShCut.exe" [2004-10-27 16:21 61952 C:\WINDOWS\system32\HdAShCut.exe]
"igfxtray"="C:\WINDOWS\system32\igfxtray.exe" [2005-07-19 12:09 94208]
"igfxhkcmd"="C:\WINDOWS\system32\hkcmd.exe" [2005-07-19 12:06 77824]
"igfxpers"="C:\WINDOWS\system32\igfxpers.exe" [2005-07-19 12:10 114688]
"SoundMan"="SOUNDMAN.EXE" [2005-09-21 11:24 86016 C:\WINDOWS\SoundMan.exe]
"AlcWzrd"="ALCWZRD.EXE" [2005-09-21 16:32 2807808 C:\WINDOWS\alcwzrd.exe]
"SynTPEnh"="C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" [2005-04-15 09:48 708697]
"Norman ZANDA"="C:\Program Files\Norman\Npm\bin\ZLH.exe" [2007-08-09 15:40 183352]
"SMSERIAL"="sm56hlpr.exe" [2005-08-12 12:09 552960 C:\WINDOWS\sm56hlpr.exe]
"Creative WebCam Tray"="C:\Program Files\Creative\Shared Files\CAMTRAY.EXE" [2003-06-26 04:02 184320]
"Adobe Photo Downloader"="C:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe" [2007-03-09 12:09 63712]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 23:16 39792]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2008-02-01 00:13 385024]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2008-02-19 14:10 267048]
"Windows svchost"="service.exe" []
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_06\bin\jusched.exe" [2008-03-25 04:28 144784]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-09-15 15:00 15360]
"Nokia.PCSync"="C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe" [2007-11-07 18:35 1294336]

C:\Documents and Settings\All Users\K„ynnist„-valikko\Ohjelmat\K„ynnistys\
InterVideo WinCinema Manager.lnk - C:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe [2008-01-04 16:46:47 184320]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\rqRLDwwV]
rqRLDwwV.dll

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\Messenger\\msmsgs.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=
"C:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"C:\\Program Files\\uTorrent\\uTorrent.exe"=
"C:\\Nexon\\MapleStory\\MapleStory.exe"=
"C:\\Program Files\\Activision\\Rome - Total War\\RomeTW.exe"=
"C:\\Program Files\\iTunes\\iTunes.exe"=
"C:\\Program Files\\Internet Explorer\\iexplore.exe"=
"C:\\Program Files\\Skype\\Phone\\Skype.exe"=

R2 Ndiskio;Ndiskio;C:\Program Files\Norman\Nse\bin\NDISKIO.SYS [2007-01-02 11:55]
R3 NvcMFlt;NvcMFlt;C:\WINDOWS\system32\DRIVERS\nvcw32mf.sys [2008-02-11 15:56]
R3 nvcoas;Norman Virus Control on-access component;C:\Program Files\Norman\Nvc\bin\nvcoas.exe [2007-12-12 12:45]
R3 NVCScheduler;Norman Virus Control Scheduler;C:\Program Files\Norman\Nvc\BIN\NVCSCHED.EXE [2007-05-23 14:23]
S3 EraserUtilDrv10741;EraserUtilDrv10741;C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilDrv10741.sys []

.
'Ajoitetut tehtävät'-kansion sisältö
"2008-03-24 06:48:22 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe
"2008-06-06 15:26:51 C:\WINDOWS\Tasks\Norton Security Scan.job"
- C:\Program Files\Norton Security Scan\Nss.exe
"2008-06-15 16:40:00 C:\WINDOWS\Tasks\Tarkistetaan Windows Live -työkalurivin päivitykset.job"
- C:\Program Files\Windows Live Toolbar\MSNTBUP.EXE
.
**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-06-15 19:43:41
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2008-06-15 19:45:05
ComboFix-quarantined-files.txt 2008-06-15 16:44:22

Pre-Run: 95,534,538,752 tavua vapaana
Post-Run: 95,526,080,512 tavua vapaana

186 --- E O F --- 2008-05-28 07:17:22

Ja samaan sykkyyn vielä se HiJackThis-logi:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 19:55:54, on 15.6.2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16640)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Norman\Npm\Bin\eLogsvc.exe
C:\Program Files\Norman\Npm\Bin\Zanda.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Norman\Npm\bin\ZLH.EXE
C:\WINDOWS\sm56hlpr.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Java\jre1.6.0_06\bin\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Documents and Settings\Omistaja\Työpöytä\msnmsgr.exe
C:\Program Files\Nokia\Nokia PC Suite 6\PCSuite.exe
C:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe
C:\Program Files\Norman\Nvc\BIN\NIP.EXE
C:\WINDOWS\system32\PnkBstrB.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Norman\Npm\bin\NJEEVES.EXE
C:\Program Files\Norman\Nvc\BIN\NVCSCHED.EXE
C:\Program Files\Norman\Nvc\bin\nvcoas.exe
C:\Program Files\Norman\Nvc\bin\cclaw.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
C:\Program Files\PC Connectivity Solution\Transports\NclUSBSrv.exe
C:\Program Files\PC Connectivity Solution\Transports\NclRSSrv.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\Program Files\WinRAR\WinRAR.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.fi/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Linkit
O2 - BHO: (no name) - {387039A9-5C4B-432A-B7D7-915460856985} - C:\WINDOWS\system32\qoMcbayW.dll (file missing)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O2 - BHO: Windows Liven kirjautumisapuohjelma - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: (no name) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - (no file)
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: (no name) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - (no file)
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O4 - HKLM\..\Run: [High Definition Audio Property Page Shortcut] HDAShCut.exe
O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [AlcWzrd] ALCWZRD.EXE
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [Norman ZANDA] C:\Program Files\Norman\Npm\bin\ZLH.EXE /LOAD /SPLASH
O4 - HKLM\..\Run: [SMSERIAL] sm56hlpr.exe
O4 - HKLM\..\Run: [Creative WebCam Tray] C:\Program Files\Creative\Shared Files\CAMTRAY.EXE
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [Windows svchost] service.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_06\bin\jusched.exe"
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Documents and Settings\Omistaja\Työpöytä\msnmsgr.exe" /background
O4 - HKCU\..\Run: [WinBejSetup.exe] C:\DOWNLO~1\WINBEJ~1.EXE /r
O4 - HKCU\..\Run: [PC Suite Tray] "C:\Program Files\Nokia\Nokia PC Suite 6\PCSuite.exe" -onlytray
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Paikallinen palve')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Verkkopalve')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: InterVideo WinCinema Manager.lnk = C:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: Latauslinkki käyttäen Mega Manageria... - C:\Program Files\Megaupload\Mega Manager\mm_file.htm
O8 - Extra context menu item: V&ie Microsoft Exceliin - res://C:\PROGRA~1\MICROS~4\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O9 - Extra button: Launch PicLens - {3437D640-C91A-458f-89F5-B9095EA4C28B} - C:\Program Files\PicLensIE\PicLens.dll
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {3DCEC959-378A-4922-AD7E-FD5C925D927F} (Disney Online Games ActiveX Control) - http://disney.go.com/pirates/online/test...OnlineGames.cab
O16 - DPF: {67A5F8DC-1A4B-4D66-9F24-A704AD929EEE} (System Requirements Lab) - http://www.systemrequirementslab.com/sysreqlab2.cab
O16 - DPF: {B33E9AC8-169E-4346-BCD9-C98A8BE3F1E9} - http://affiliates.piclens.com/shared/plinstll.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - Winlogon Notify: rqRLDwwV - rqRLDwwV.dll (file missing)
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Norman eLogger service 6 (eLoggerSvc6) - Norman ASA - C:\Program Files\Norman\Npm\Bin\eLogsvc.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: iPod-palvelu (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Norman NJeeves - Unknown owner - C:\Program Files\Norman\Npm\bin\NJEEVES.EXE
O23 - Service: Norman ZANDA - Norman ASA - C:\Program Files\Norman\Npm\Bin\Zanda.exe
O23 - Service: Norman Virus Control on-access component (nvcoas) - Norman ASA - C:\Program Files\Norman\Nvc\bin\nvcoas.exe
O23 - Service: Norman Virus Control Scheduler (NVCScheduler) - Norman ASA - C:\Program Files\Norman\Nvc\BIN\NVCSCHED.EXE
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: PnkBstrB - Unknown owner - C:\WINDOWS\system32\PnkBstrB.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe

--
End of file - 9321 bytes

1. Lataa Combofix.exe työpöydällesi jommastakummasta linkistä:
Combofix.exe
Combofix.exe

Avaa Muistio ja kopioi/liitä Lainaus: laatikon sisältö sinne:

Lainaus:

---

File::
C:\WINDOWS\service.exe
C:\WINDOWS\DC5177176.zip
C:\sqmdata05.sqm
C:\sqmnoopt05.sqm
Folder::
C:\Documents and Settings\Omistaja\Application Data\TurvaPC
C:\Documents and Settings\All Users\Application Data\TurvaPC

---

Tallenna nimellä CFScript (itse asiassa combofix tunnistaa tuon vaikka tiedostopääte ei olisi
edes .txt).

Sitten raahaa ja pudota CFScript ComboFix.exeen kuten alla.(Älä klikkaa)





Huom! Älä klikkaile combofixin ikkunaa käytön aikana. Tämä saattaa aiheuttaa ohjelman jumiutumisen.
Käynnistä kone uudelleen, jos niin pyydetään ja lähetä combofix.txt-tiedoston sisältö tänne.

Sammuta selain ja muut ohjelmat Fixin ajaksi. (ei virustorjuntaa)
Käynnistä HijackThis:ja Scan ja ruksaa seuraavat punaisella listatut tiedostot sekä poista ne.(fix Chekked)


O2 - BHO: (no name) - {387039A9-5C4B-432A-B7D7-915460856985} - C:\WINDOWS\system32\qoMcbayW.dll (file missing)
O2 - BHO: (no name) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - (no file)
O3 - Toolbar: (no name) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - (no file)
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Windows svchost] service.exe
O20 - Winlogon Notify: rqRLDwwV - rqRLDwwV.dll (file missing)



Tyhjennä roskakori ja käynnistä koneesi uudelleen.

Postita tänne seuraavat lokit:
* Tuore HijackThis loki (Otetaan viimeisenä ennen postitusta)
* (C:\ComboFix.txt) raportti
*

Tuossa ComboFix:

ComboFix 08-06-12.2 - Omistaja 2008-06-15 21:17:14.4 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1035.18.424 [GMT 3:00]
Running from: C:\Documents and Settings\Omistaja\Työpöytä\ComboFix.exe
Command switches used :: C:\Documents and Settings\Omistaja\Työpöytä\CFScript.txt
* Created a new restore point
* Resident AV is active


WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!

FILE ::
C:\sqmdata05.sqm
C:\sqmnoopt05.sqm
C:\WINDOWS\DC5177176.zip
C:\WINDOWS\service.exe
.

((((( Tiedostot, jotka on luotu seuraavalla aikavälillä: 2008-05-15 to 2008-06-15 )))))))))))))))))
.

2008-06-15 19:55 . 2008-06-15 19:55 <KANSIO> d-------- C:\Program Files\Trend Micro
2008-06-15 19:37 . 2008-06-15 19:37 <KANSIO> d-------- C:\WINDOWS\LastGood
2008-06-06 18:02 . 2008-06-06 18:02 8 --a------ C:\WINDOWS\system32\7c94ba65
2008-06-06 17:36 . 2008-01-01 19:45 <KANSIO> d--h----- C:\Documents and Settings\Järjestelmänvalvoja\Verkkoympäristö
2008-06-06 17:36 . 2008-01-01 19:45 <KANSIO> d--h----- C:\Documents and Settings\Järjestelmänvalvoja\Verkkoympäristö
2008-06-06 17:36 . 2008-01-01 18:02 <KANSIO> d-------- C:\Documents and Settings\Järjestelmänvalvoja\Työpöytä
2008-06-06 17:36 . 2008-01-01 18:02 <KANSIO> d-------- C:\Documents and Settings\Järjestelmänvalvoja\Työpöytä
2008-06-06 17:36 . 2008-01-01 19:45 <KANSIO> d--h----- C:\Documents and Settings\Järjestelmänvalvoja\Tulostinympäristö
2008-06-06 17:36 . 2008-01-01 19:45 <KANSIO> d--h----- C:\Documents and Settings\Järjestelmänvalvoja\Tulostinympäristö
2008-06-06 17:36 . 2008-01-01 19:45 <KANSIO> d-------- C:\Documents and Settings\Järjestelmänvalvoja\Suosikit
2008-06-06 17:36 . 2008-01-01 19:45 <KANSIO> d-------- C:\Documents and Settings\Järjestelmänvalvoja\Suosikit
2008-06-06 17:36 . 2008-01-01 17:55 <KANSIO> d--h----- C:\Documents and Settings\Järjestelmänvalvoja\Mallit
2008-06-06 17:36 . 2008-01-01 17:55 <KANSIO> d--h----- C:\Documents and Settings\Järjestelmänvalvoja\Mallit
2008-06-06 17:36 . 2008-01-01 19:45 <KANSIO> dr------- C:\Documents and Settings\Järjestelmänvalvoja\Käynnistä-valikko
2008-06-06 17:36 . 2008-01-01 19:45 <KANSIO> dr------- C:\Documents and Settings\Järjestelmänvalvoja\Käynnistä-valikko
2008-06-06 17:36 . 2008-06-06 18:27 <KANSIO> d-------- C:\Documents and Settings\Järjestelmänvalvoja
2008-06-02 23:04 . 2008-06-02 23:04 7,680 --ahs---- C:\WINDOWS\Thumbs.db
2008-06-02 21:17 . 2008-06-02 23:46 <KANSIO> d-------- C:\Program Files\Windows Installer Clean Up
2008-06-02 21:17 . 2008-06-02 21:17 <KANSIO> d-------- C:\Program Files\MSECACHE
2008-06-02 21:06 . 2008-03-25 02:37 69,632 --a------ C:\WINDOWS\system32\javacpl.cpl
2008-06-02 21:03 . 2008-06-02 21:03 <KANSIO> d-------- C:\Program Files\Common Files\Java
2008-06-01 17:08 . 2008-06-01 17:08 <KANSIO> d-------- C:\WINDOWS\Sun
2008-06-01 17:08 . 2008-06-02 21:06 <KANSIO> d-------- C:\Program Files\Java
2008-05-31 11:24 . 2008-05-31 11:24 0 --a------ C:\WINDOWS\system32\REN24.tmp
2008-05-31 11:24 . 2008-05-31 11:24 0 --a------ C:\WINDOWS\system32\REN23.tmp
2008-05-31 11:24 . 2008-05-31 11:24 0 --a------ C:\WINDOWS\system32\REN22.tmp
2008-05-31 10:51 . 2008-05-31 10:51 <KANSIO> d-------- C:\VivoxLogs
2008-05-30 16:41 . 2008-05-30 16:53 <KANSIO> d-------- C:\Documents and Settings\Omistaja\Application Data\OpenOffice.org2
2008-05-27 14:39 . 2008-05-27 14:39 <KANSIO> d--hs---- C:\WINDOWS\ftpcache
2008-05-25 09:08 . 2008-05-25 09:08 <KANSIO> d-------- C:\Documents and Settings\NetworkService\Application Data\Xfire
2008-05-21 12:00 . 2008-05-21 14:10 <KANSIO> d-------- C:\WINDOWS\system32\Adobe
2008-05-17 13:07 . 2008-05-17 13:07 118 --a------ C:\WINDOWS\system32\MRT.INI

.
(((((((((((((((((((((((((((((((((((( Find3M-raportti ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-06-15 16:31 --------- d-----w C:\Program Files\Norman
2008-06-13 07:46 --------- d-----w C:\Program Files\Common Files\Symantec Shared
2008-06-06 15:00 --------- d-----w C:\Program Files\Norton Security Scan
2008-06-03 06:06 22,328 ----a-w C:\WINDOWS\system32\drivers\PnkBstrK.sys
2008-06-03 06:06 107,832 ----a-w C:\WINDOWS\system32\PnkBstrB.exe
2008-06-02 20:28 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-05-31 09:38 --------- d-----w C:\Program Files\Common Files\Adobe
2008-05-30 14:00 --------- d-----w C:\Program Files\Microsoft Works
2008-05-30 14:00 --------- d-----w C:\Documents and Settings\All Users\Application Data\Microsoft Help
2008-05-27 10:27 --------- d-----w C:\Program Files\PicLensIE
2008-05-24 20:37 --------- d-----w C:\Program Files\WarRock
2008-05-09 12:18 40,960 ----a-w C:\WINDOWS\Gorillaz Albumsaver.dll
2008-05-09 12:18 265,388 ----a-w C:\WINDOWS\Gorillaz Albumsaver.scr
2008-05-09 12:18 1,581,226 ----a-w C:\WINDOWS\Gorillaz Albumsaver.exe
2008-05-06 19:19 --------- d-----w C:\Documents and Settings\Omistaja\Application Data\Skype
2008-05-06 13:19 --------- d-----w C:\Documents and Settings\Omistaja\Application Data\skypePM
2008-05-04 16:40 --------- d-----w C:\Documents and Settings\Omistaja\Application Data\LimeWire
2008-05-01 13:22 --------- d-----w C:\Program Files\EA GAMES
2008-04-26 12:21 --------- d-----w C:\Program Files\Maxis
2008-03-25 04:51 621,344 ----a-w C:\WINDOWS\system32\mswstr10.dll
2008-03-25 04:51 166,688 ----a-w C:\WINDOWS\system32\msjint40.dll
2008-03-20 08:09 1,845,504 ----a-w C:\WINDOWS\system32\win32k.sys
2008-02-17 17:36 21,769,888 ----a-w C:\Documents and Settings\sanrox\Nokia_PC_Suite_6_84_10_3_fin_web.exe
2008-01-06 13:29 0 ----a-w C:\Documents and Settings\Omistaja\Application Data\wklnhst.dat
2008-01-04 16:11 32 ----a-w C:\Documents and Settings\All Users\Application Data\ezsid.dat
.

((((((((((((((((((((((((((((( snapshot@2008-06-15_19.38.52.01 )))))))))))))))))))))))))))))))))))))))))
.
.
(((((((((((((((((((((((((((((( Rekisterin käynnistyskohteet )))))))))))))))))))))))))))))))))))))))))))))
.
.
REGEDIT4
*Huom* Tyhjiä arvoja ja laillisia oletusarvoja ei näytetä

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{387039A9-5C4B-432A-B7D7-915460856985}]
C:\WINDOWS\system32\qoMcbayW.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-09-15 15:00 15360]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe" [2008-01-04 16:34 171448]
"MsnMsgr"="C:\Documents and Settings\Omistaja\Työpöytä\msnmsgr.exe" [2007-10-18 12:34 5724184]
"WinBejSetup.exe"="C:\DOWNLO~1\WINBEJ~1.exe" [ ]
"PC Suite Tray"="C:\Program Files\Nokia\Nokia PC Suite 6\PCSuite.exe" [2007-12-10 11:12 695808]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"High Definition Audio Property Page Shortcut"="HDAShCut.exe" [2004-10-27 16:21 61952 C:\WINDOWS\system32\HdAShCut.exe]
"igfxtray"="C:\WINDOWS\system32\igfxtray.exe" [2005-07-19 12:09 94208]
"igfxhkcmd"="C:\WINDOWS\system32\hkcmd.exe" [2005-07-19 12:06 77824]
"igfxpers"="C:\WINDOWS\system32\igfxpers.exe" [2005-07-19 12:10 114688]
"SoundMan"="SOUNDMAN.EXE" [2005-09-21 11:24 86016 C:\WINDOWS\SoundMan.exe]
"AlcWzrd"="ALCWZRD.EXE" [2005-09-21 16:32 2807808 C:\WINDOWS\alcwzrd.exe]
"SynTPEnh"="C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" [2005-04-15 09:48 708697]
"Norman ZANDA"="C:\Program Files\Norman\Npm\bin\ZLH.exe" [2007-08-09 15:40 183352]
"SMSERIAL"="sm56hlpr.exe" [2005-08-12 12:09 552960 C:\WINDOWS\sm56hlpr.exe]
"Creative WebCam Tray"="C:\Program Files\Creative\Shared Files\CAMTRAY.EXE" [2003-06-26 04:02 184320]
"Adobe Photo Downloader"="C:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe" [2007-03-09 12:09 63712]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 23:16 39792]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2008-02-01 00:13 385024]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2008-02-19 14:10 267048]
"Windows svchost"="service.exe" []
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_06\bin\jusched.exe" [2008-03-25 04:28 144784]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-09-15 15:00 15360]
"Nokia.PCSync"="C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe" [2007-11-07 18:35 1294336]

C:\Documents and Settings\All Users\K„ynnist„-valikko\Ohjelmat\K„ynnistys\
InterVideo WinCinema Manager.lnk - C:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe [2008-01-04 16:46:47 184320]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\rqRLDwwV]
rqRLDwwV.dll

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\Messenger\\msmsgs.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=
"C:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"C:\\Program Files\\uTorrent\\uTorrent.exe"=
"C:\\Nexon\\MapleStory\\MapleStory.exe"=
"C:\\Program Files\\Activision\\Rome - Total War\\RomeTW.exe"=
"C:\\Program Files\\iTunes\\iTunes.exe"=
"C:\\Program Files\\Internet Explorer\\iexplore.exe"=
"C:\\Program Files\\Skype\\Phone\\Skype.exe"=
"C:\\Documents and Settings\\Omistaja\\Työpöytä\\msnmsgr.exe"=

R2 Ndiskio;Ndiskio;C:\Program Files\Norman\Nse\bin\NDISKIO.SYS [2007-01-02 11:55]
R3 NvcMFlt;NvcMFlt;C:\WINDOWS\system32\DRIVERS\nvcw32mf.sys [2008-02-11 15:56]
R3 nvcoas;Norman Virus Control on-access component;C:\Program Files\Norman\Nvc\bin\nvcoas.exe [2007-12-12 12:45]
R3 NVCScheduler;Norman Virus Control Scheduler;C:\Program Files\Norman\Nvc\BIN\NVCSCHED.EXE [2007-05-23 14:23]
S3 EraserUtilDrv10741;EraserUtilDrv10741;C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilDrv10741.sys []

.
'Ajoitetut tehtävät'-kansion sisältö
"2008-03-24 06:48:22 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe
"2008-06-06 15:26:51 C:\WINDOWS\Tasks\Norton Security Scan.job"
- C:\Program Files\Norton Security Scan\Nss.exe
"2008-06-15 17:40:01 C:\WINDOWS\Tasks\Tarkistetaan Windows Live -työkalurivin päivitykset.job"
- C:\Program Files\Windows Live Toolbar\MSNTBUP.EXE
.
**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-06-15 21:18:35
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2008-06-15 21:19:56
ComboFix-quarantined-files.txt 2008-06-15 18:19:16
ComboFix2.txt 2008-06-15 18:07:35
ComboFix3.txt 2008-06-15 16:45:06

Pre-Run: 95,484,227,584 tavua vapaana
Post-Run: 95,475,798,016 tavua vapaana

161 --- E O F --- 2008-05-28 07:17:22

Ja HiJackThis-logi:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 21:52:37, on 15.6.2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16640)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Norman\Npm\Bin\eLogsvc.exe
C:\Program Files\Norman\Npm\Bin\Zanda.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\WINDOWS\system32\PnkBstrB.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Norman\Npm\bin\NJEEVES.EXE
C:\Program Files\Norman\Nvc\BIN\NVCSCHED.EXE
C:\Program Files\Norman\Nvc\bin\nvcoas.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Norman\Npm\bin\ZLH.EXE
C:\WINDOWS\sm56hlpr.exe
C:\Program Files\Creative\Shared Files\CAMTRAY.EXE
C:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Java\jre1.6.0_06\bin\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Norman\Nvc\BIN\NIP.EXE
C:\Documents and Settings\Omistaja\Työpöytä\msnmsgr.exe
C:\Program Files\Nokia\Nokia PC Suite 6\PCSuite.exe
C:\Program Files\Norman\Nvc\bin\cclaw.exe
C:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe
C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\PC Connectivity Solution\Transports\NclUSBSrv.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\PC Connectivity Solution\Transports\NclRSSrv.exe
C:\Program Files\Windows Live\Messenger\usnsvc.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.fi/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Linkit
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O2 - BHO: Windows Liven kirjautumisapuohjelma - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O4 - HKLM\..\Run: [High Definition Audio Property Page Shortcut] HDAShCut.exe
O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [AlcWzrd] ALCWZRD.EXE
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [Norman ZANDA] C:\Program Files\Norman\Npm\bin\ZLH.EXE /LOAD /SPLASH
O4 - HKLM\..\Run: [SMSERIAL] sm56hlpr.exe
O4 - HKLM\..\Run: [Creative WebCam Tray] C:\Program Files\Creative\Shared Files\CAMTRAY.EXE
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe"
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_06\bin\jusched.exe"
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Documents and Settings\Omistaja\Työpöytä\msnmsgr.exe" /background
O4 - HKCU\..\Run: [WinBejSetup.exe] C:\DOWNLO~1\WINBEJ~1.EXE /r
O4 - HKCU\..\Run: [PC Suite Tray] "C:\Program Files\Nokia\Nokia PC Suite 6\PCSuite.exe" -onlytray
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Paikallinen palve')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Verkkopalve')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: InterVideo WinCinema Manager.lnk = C:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: Latauslinkki käyttäen Mega Manageria... - C:\Program Files\Megaupload\Mega Manager\mm_file.htm
O8 - Extra context menu item: V&ie Microsoft Exceliin - res://C:\PROGRA~1\MICROS~4\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O9 - Extra button: Launch PicLens - {3437D640-C91A-458f-89F5-B9095EA4C28B} - C:\Program Files\PicLensIE\PicLens.dll
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {3DCEC959-378A-4922-AD7E-FD5C925D927F} (Disney Online Games ActiveX Control) - http://disney.go.com/pirates/online/test...OnlineGames.cab
O16 - DPF: {67A5F8DC-1A4B-4D66-9F24-A704AD929EEE} (System Requirements Lab) - http://www.systemrequirementslab.com/sysreqlab2.cab
O16 - DPF: {B33E9AC8-169E-4346-BCD9-C98A8BE3F1E9} - http://affiliates.piclens.com/shared/plinstll.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Norman eLogger service 6 (eLoggerSvc6) - Norman ASA - C:\Program Files\Norman\Npm\Bin\eLogsvc.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: iPod-palvelu (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Norman NJeeves - Unknown owner - C:\Program Files\Norman\Npm\bin\NJEEVES.EXE
O23 - Service: Norman ZANDA - Norman ASA - C:\Program Files\Norman\Npm\Bin\Zanda.exe
O23 - Service: Norman Virus Control on-access component (nvcoas) - Norman ASA - C:\Program Files\Norman\Nvc\bin\nvcoas.exe
O23 - Service: Norman Virus Control Scheduler (NVCScheduler) - Norman ASA - C:\Program Files\Norman\Nvc\BIN\NVCSCHED.EXE
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: PnkBstrB - Unknown owner - C:\WINDOWS\system32\PnkBstrB.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe

--
End of file - 8926 bytes

Lataa Malwarebytes' Anti-Malware työpöydällesi.

* Tuplaklikkaa mbam-setup.exe ja seuraa ohjeita asentaaksesi ohjelman.
* Lopuksi varmistu, että seuraavat on valittu: Päivitä Malwarebytes' Anti-Malware ja Käynnistä Malwarebytes' Anti-Malware ja sen jälkeen klikkaa Lopeta.
* Jos päivitys löytyy. ohjelma lataa ja asentaa uusimman version.
* Kun ohjelma on latautunut, valitse Suorita täysi tarkistus ja klikkaa Tarkista.
* Kun skanni on valmis, klikkaa OK ja sitten Näytä tulokset nähdäksesi tulokset.
* Varmistu, että kaikki on merkitty ja klikkaa Poista valitut.
* Tämän jälkeen loki avautuu muistioon. Tallenna se paikkaan, josta löydät sen helposti. Loki löytyy myös
täältä: C:\Documents and Settings\Käyttäjänimi\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\log-päiväys.txt
* Lähetä lokin sisältö seuraavassa viestissäsi + uusi hjt-loki.

Tuossa tuo:

Malwarebytes' Anti-Malware 1.17
Tietokantaversio: 857

0:00:15 16.6.2008
mbam-log-6-16-2008 (00-00-15).txt

Tarkistustyyppi: Täysi tarkistus (C:\|D:\|)
Tarkistetut kohteet: 168699
Kulunut aika: 48 minute(s), 26 second(s)

Saastuneita muistiprosesseja: 0
Saastuneita muistimoduuleja: 0
Saastuneita rekisteriavaimia: 4
Saastuneita rekisteriarvoja: 0
Saastuneita rekisterikohteita: 0
Saastuneita hakemistoja: 0
Saastuneita tiedostoja: 15

Saastuneita muistiprosesseja:
(Haitallisia kohteita ei löydetty)

Saastuneita muistimoduuleja:
(Haitallisia kohteita ei löydetty)

Saastuneita rekisteriavaimia:
HKEY_CURRENT_USER\Software\Trymedia Systems (Adware.Trymedia) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Software\Microsoft\affri (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\affri (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MS Juan (Malware.Trace) -> Quarantined and deleted successfully.

Saastuneita rekisteriarvoja:
(Haitallisia kohteita ei löydetty)

Saastuneita rekisterikohteita:
(Haitallisia kohteita ei löydetty)

Saastuneita hakemistoja:
(Haitallisia kohteita ei löydetty)

Saastuneita tiedostoja:
C:\QooBox\Quarantine\C\WINDOWS\system32\aqdhmhpv.dll.vir (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\QooBox\Quarantine\C\WINDOWS\system32\ddwylojh.dll.vir (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\QooBox\Quarantine\C\WINDOWS\system32\hrlkygij.dll.vir (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\QooBox\Quarantine\C\WINDOWS\system32\yvvofobt.dll.vir (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{FDDC13AF-41F7-4A33-B530-05BAB7CA520B}\RP174\A0034213.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{FDDC13AF-41F7-4A33-B530-05BAB7CA520B}\RP174\A0034214.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{FDDC13AF-41F7-4A33-B530-05BAB7CA520B}\RP174\A0034216.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{FDDC13AF-41F7-4A33-B530-05BAB7CA520B}\RP174\A0034221.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{FDDC13AF-41F7-4A33-B530-05BAB7CA520B}\RP174\A0034237.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{FDDC13AF-41F7-4A33-B530-05BAB7CA520B}(2)\RP170\A0033891.exe (Backdoor.Bot) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{FDDC13AF-41F7-4A33-B530-05BAB7CA520B}(2)\RP170\A0033903.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{FDDC13AF-41F7-4A33-B530-05BAB7CA520B}(2)\RP171\A0034129.exe (Backdoor.Bot) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{FDDC13AF-41F7-4A33-B530-05BAB7CA520B}(2)\RP171\A0034146.dll (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{FDDC13AF-41F7-4A33-B530-05BAB7CA520B}(2)\RP171\A0034147.exe (Backdoor.Bot) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\clkcnt.txt (Trojan.Vundo) -> Quarantined and deleted successfully.

...ja päälle hjt-logi:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 0:04:33, on 16.6.2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16640)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Norman\Npm\Bin\eLogsvc.exe
C:\Program Files\Norman\Npm\Bin\Zanda.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\WINDOWS\system32\PnkBstrB.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Norman\Npm\bin\NJEEVES.EXE
C:\Program Files\Norman\Nvc\BIN\NVCSCHED.EXE
C:\Program Files\Norman\Nvc\bin\nvcoas.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Norman\Npm\bin\ZLH.EXE
C:\WINDOWS\sm56hlpr.exe
C:\Program Files\Creative\Shared Files\CAMTRAY.EXE
C:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Java\jre1.6.0_06\bin\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Norman\Nvc\BIN\NIP.EXE
C:\Documents and Settings\Omistaja\Työpöytä\msnmsgr.exe
C:\Program Files\Nokia\Nokia PC Suite 6\PCSuite.exe
C:\Program Files\Norman\Nvc\bin\cclaw.exe
C:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe
C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\PC Connectivity Solution\Transports\NclUSBSrv.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\PC Connectivity Solution\Transports\NclRSSrv.exe
C:\Program Files\Windows Live\Messenger\usnsvc.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\Program Files\Windows Live Toolbar\msn_sl.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.fi/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Linkit
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O2 - BHO: Windows Liven kirjautumisapuohjelma - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O4 - HKLM\..\Run: [High Definition Audio Property Page Shortcut] HDAShCut.exe
O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [AlcWzrd] ALCWZRD.EXE
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [Norman ZANDA] C:\Program Files\Norman\Npm\bin\ZLH.EXE /LOAD /SPLASH
O4 - HKLM\..\Run: [SMSERIAL] sm56hlpr.exe
O4 - HKLM\..\Run: [Creative WebCam Tray] C:\Program Files\Creative\Shared Files\CAMTRAY.EXE
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe"
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_06\bin\jusched.exe"
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Documents and Settings\Omistaja\Työpöytä\msnmsgr.exe" /background
O4 - HKCU\..\Run: [WinBejSetup.exe] C:\DOWNLO~1\WINBEJ~1.EXE /r
O4 - HKCU\..\Run: [PC Suite Tray] "C:\Program Files\Nokia\Nokia PC Suite 6\PCSuite.exe" -onlytray
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Paikallinen palve')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Verkkopalve')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: InterVideo WinCinema Manager.lnk = C:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: Latauslinkki käyttäen Mega Manageria... - C:\Program Files\Megaupload\Mega Manager\mm_file.htm
O8 - Extra context menu item: V&ie Microsoft Exceliin - res://C:\PROGRA~1\MICROS~4\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O9 - Extra button: Launch PicLens - {3437D640-C91A-458f-89F5-B9095EA4C28B} - C:\Program Files\PicLensIE\PicLens.dll
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {3DCEC959-378A-4922-AD7E-FD5C925D927F} (Disney Online Games ActiveX Control) - http://disney.go.com/pirates/online/test...OnlineGames.cab
O16 - DPF: {67A5F8DC-1A4B-4D66-9F24-A704AD929EEE} (System Requirements Lab) - http://www.systemrequirementslab.com/sysreqlab2.cab
O16 - DPF: {B33E9AC8-169E-4346-BCD9-C98A8BE3F1E9} - http://affiliates.piclens.com/shared/plinstll.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Norman eLogger service 6 (eLoggerSvc6) - Norman ASA - C:\Program Files\Norman\Npm\Bin\eLogsvc.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: iPod-palvelu (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Norman NJeeves - Unknown owner - C:\Program Files\Norman\Npm\bin\NJEEVES.EXE
O23 - Service: Norman ZANDA - Norman ASA - C:\Program Files\Norman\Npm\Bin\Zanda.exe
O23 - Service: Norman Virus Control on-access component (nvcoas) - Norman ASA - C:\Program Files\Norman\Nvc\bin\nvcoas.exe
O23 - Service: Norman Virus Control Scheduler (NVCScheduler) - Norman ASA - C:\Program Files\Norman\Nvc\BIN\NVCSCHED.EXE
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: PnkBstrB - Unknown owner - C:\WINDOWS\system32\PnkBstrB.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe

--
End of file - 8975 bytes

Vieläkös Norman herjaa?

Järjestelmän palauttamisen poistaminen käytöstä
Voit poistaa järjestelmän palauttamisen käytöstä seuraavasti:

1.Napsauta Käynnistä-painiketta, napsauta Oma tietokone -kuvaketta hiiren kakkospainikkeella ja valitse sitten Ominaisuudet.

2.Valitse Järjestelmän palauttaminen -välilehti.

3.Valitse Poista järjestelmän palauttaminen käytöstä -valintaruutu (tai Poista järjestelmän palauttaminen käytöstä kaikissa asemissa -valintaruutu) ja valitse sitten OK.

4.Valitse Kyllä, kun näyttöön tulee kehote järjestelmän palauttamisen poistamisesta käytöstä.

Käynnistä kone uudelleen tuon toimen piteen jälkeen.


Lataa Atribunen ATF Cleaner

Ohjeet:

Tupla-klikkaa ATF-Cleaner.exe käynnistääksesi ohjelman.
Main:n alla valitse: Select All
Klikkaa Empty Selected valintaa.

Jos käytät FireFoxia selaimenasi
Klikkaa Firefox yläpuolelta ja valitse: Select All
Klikkaa Empty Selected valintaa.
HUOMIO: Jos haluaisit pitää tallennetut salasanasi, klikkaa No kun se sitä kysyy.

Jos käytät Operaa selaimenasi
Klikkaa Opera yläpuolelta ja valitse: Select All
Klikkaa Empty Selected valintaa taas.
HUOMIO: Jos haluaisit pitää tallennetut salasanasi, klikkaa No kun se sitä kysyy.
Klikkaa Exit päävalikosta sulkeaksesi ohjelman.

Skannaa tämän jälkeen viellä kertaalleen Malwarebytesillä.

Malwarebytes ei löytänyt enää mitään. Ja näyttäis kone rullaavan paremmin kuin aikoihin. Jos ei jälkeenpäin enää ilmene mitään ongelmia, niin tuhannet kiitokset avusta. Mahtavaa kun osaatte auttaa tälläisiä newbieitä. Kiitoksia vielä kertaalleen!

Ole hyvä vain :D