Vista ja Vistan viat

Kuin myös.

Tässä se taas nähdään. Hieman ajankäyttöä ja oikeat ohjeet, niin varmasti homma hoituu ilman kovalevyjen tyhjentelyä. Ajoin tuon ComboFixin ja sen löysi aika epäilyttäviä tiedostoja. Nämä tiedostot poistettuaan kone toimii jälleen kuin unelma. Norton- ja tietoturvakeskusongelmat ovat poissa

Tässä vielä ComboFixin logia näytille:

ComboFix 09-02-04.01 - Jari 2009-02-05 9:37:31.1 - NTFSx86
Microsoft® Windows Vista™ Home Premium 6.0.6001.1.1252.1.1035.18.3070.2036 [GMT 2:00]
Sijainti: c:\users\Jari\Desktop\ComboFix.exe
* Uusi palautuspiste luotu
.

(((((((((((((((((((((((((((((((((((((( Muut poistot ))))))))))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\windows\system32\ahtn.htm
c:\windows\system32\drivers\senekahniqbutx.sys
c:\windows\system32\ntdll64.exe
c:\windows\system32\senekabqbmoxmc.dll
c:\windows\system32\senekaeefirxdw.dat
c:\windows\system32\senekamaxxdvnm.dll
c:\windows\system32\senekaqpgtpppb.dll
c:\windows\system32\senekasbrtsjsa.dat
c:\windows\system32\test.ttt
c:\windows\system32\uniq.tll
c:\windows\system32\warning.gif
c:\windows\system32\winlogon2.exe

.
((((((((((((((((((((((((((((((((((((((( Ajurit/Palvelut )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Service_SENEKA
-------\Service_SENEKA


((((( Tiedostot, jotka on luotu seuraavalla aikavälillä: 2009-01-05 to 2009-02-05 )))))))))))))))))
.

2100-02-16 15:09 . 2001-02-16 14:37 62 --a------ c:\windows\System32\LXBOUSCI.INI
2009-02-05 09:41 . 2009-02-05 09:41 1,408 --a------ c:\windows\System32\senekanrbtycei.dat
2009-02-05 09:41 . 2009-02-05 09:41 0 --a------ c:\windows\System32\senekapop.dll
2009-02-05 09:41 . 2009-02-05 09:41 0 --a------ c:\windows\System32\drivers\seneka.sys
2009-02-04 19:25 . 2009-02-04 19:25 <KANSIO> d-------- c:\program files\Symantec
2009-02-04 19:25 . 2009-02-04 19:25 124,464 --a------ c:\windows\System32\drivers\SYMEVENT.SYS
2009-02-04 19:25 . 2009-02-04 19:24 25,136 -ra------ c:\windows\System32\drivers\SymIMV.sys
2009-02-04 19:24 . 2009-02-04 19:24 <KANSIO> d-------- c:\windows\System32\drivers\NIS
2009-02-04 19:24 . 2009-02-04 19:24 <KANSIO> d-------- c:\program files\Norton Internet Security
2009-02-04 19:15 . 2009-02-04 19:15 <KANSIO> d-------- c:\users\All Users\PCSettings
2009-02-04 19:15 . 2009-02-04 19:15 <KANSIO> d-------- c:\programdata\PCSettings
2009-02-04 19:14 . 2009-02-04 19:14 <KANSIO> d-------- c:\users\All Users\NortonInstaller
2009-02-04 19:14 . 2009-02-04 19:26 <KANSIO> d-------- c:\users\All Users\Norton
2009-02-04 19:14 . 2009-02-04 19:14 <KANSIO> d-------- c:\programdata\NortonInstaller
2009-02-04 19:14 . 2009-02-04 19:26 <KANSIO> d-------- c:\programdata\Norton
2009-02-04 19:14 . 2009-02-04 19:14 <KANSIO> d-------- c:\program files\NortonInstaller
2009-02-01 12:15 . 2009-02-01 12:15 <KANSIO> d-------- C:\VundoFix Backups
2009-02-01 02:23 . 2009-02-01 02:25 <KANSIO> d-------- c:\program files\Unlocker
2009-02-01 01:19 . 2009-02-01 01:19 0 --a------ c:\windows\System32\drivers\senekaoyjmhnqk.sys
2009-01-31 23:06 . 2009-01-31 23:06 0 --ah----- C:\ntuser.dat.LOG2
2009-01-31 23:06 . 2009-01-31 23:06 0 --ah----- C:\ntuser.dat.LOG1
2009-01-31 23:06 . 2009-01-31 23:06 0 --a------ C:\ntuser.dat
2009-01-31 22:17 . 2009-01-31 22:17 <KANSIO> d-------- c:\program files\RealVNC
2009-01-31 17:03 . 2009-01-31 17:03 <KANSIO> d-------- c:\users\All Users\Electronic Arts
2009-01-31 17:03 . 2009-01-31 17:03 <KANSIO> d-------- c:\programdata\Electronic Arts
2009-01-30 15:01 . 2009-01-30 15:04 <KANSIO> d-------- c:\users\Jari\AppData\Roaming\DVD Flick
2009-01-30 15:01 . 2003-01-26 13:41 40,960 --a------ c:\windows\System32\ssubtmr6.dll
2009-01-30 15:01 . 2007-08-31 18:36 36,864 --a------ c:\windows\System32\trayicon_handler.ocx
2009-01-30 15:01 . 2008-08-31 13:27 28,672 --a------ c:\windows\System32\mousewheel.ocx
2009-01-24 23:43 . 2009-01-24 23:43 <KANSIO> d-------- c:\program files\Rockstar Games
2009-01-24 23:43 . 2009-01-24 23:43 <KANSIO> d-------- c:\program files\Krucial MindGames Entertainment
2009-01-23 23:00 . 2009-01-23 23:00 <KANSIO> d-------- c:\windows\System32\AGEIA
2009-01-23 23:00 . 2009-01-23 23:00 <KANSIO> d-------- c:\program files\AGEIA Technologies
2009-01-23 15:21 . 2009-01-23 16:03 <KANSIO> d-------- c:\users\Jari\AppData\Roaming\Mount&Blade
2009-01-23 14:35 . 2009-01-23 14:35 <KANSIO> d-------- c:\users\All Users\Apple Computer
2009-01-23 14:35 . 2009-01-23 14:35 <KANSIO> d-------- c:\programdata\Apple Computer
2009-01-23 14:35 . 2009-01-23 14:36 <KANSIO> d-------- c:\program files\QuickTime
2009-01-22 21:34 . 2009-01-23 12:36 <KANSIO> d-------- c:\users\Jari\AppData\Roaming\Dropbox
2009-01-22 21:34 . 2009-01-22 21:35 <KANSIO> d-------- c:\program files\Dropbox
2009-01-22 18:54 . 2009-01-23 18:03 <KANSIO> d-------- C:\Games
2009-01-17 11:18 . 2009-01-17 11:18 <KANSIO> d-------- c:\program files\K-Lite Codec Pack
2009-01-17 11:18 . 2008-09-24 20:41 839,680 --a------ c:\windows\System32\lameACM.acm
2009-01-17 11:18 . 2008-12-07 20:08 795,648 --a------ c:\windows\System32\xvidcore.dll
2009-01-17 11:18 . 2008-11-06 18:33 684,032 --a------ c:\windows\System32\divx.dll
2009-01-17 11:18 . 2004-01-25 18:18 217,088 --a------ c:\windows\System32\yv12vfw.dll
2009-01-17 11:18 . 2008-09-16 21:23 168,448 --a------ c:\windows\System32\unrar.dll
2009-01-17 11:18 . 2008-12-07 20:08 130,048 --a------ c:\windows\System32\xvidvfw.dll
2009-01-17 11:18 . 2007-09-21 02:52 118,784 --a------ c:\windows\System32\ac3acm.acm
2009-01-17 11:18 . 2008-12-08 13:53 57,344 --a------ c:\windows\System32\ff_vfw.dll
2009-01-17 11:18 . 2007-07-10 18:10 547 --a------ c:\windows\System32\ff_vfw.dll.manifest
2009-01-17 11:18 . 2008-10-03 14:30 414 --a------ c:\windows\System32\lame_acm.xml
2009-01-17 00:01 . 2007-02-20 16:04 2,463,976 --a------ c:\windows\System32\NPSWF32.dll
2009-01-17 00:01 . 2007-02-20 16:04 190,696 --a------ c:\windows\System32\NPSWF32_FlashUtil.exe
2009-01-14 15:52 . 2009-01-14 15:53 <KANSIO> d-------- c:\program files\Microsoft Games for Windows - LIVE
2009-01-14 09:13 . 2008-12-16 04:42 288,768 --a------ c:\windows\System32\drivers\srv.sys
2009-01-09 19:14 . 2009-01-09 19:19 <KANSIO> d-------- c:\users\Jari\AppData\Roaming\Crayon Physics Deluxe
2009-01-08 18:58 . 2009-01-08 18:58 <KANSIO> d-------- c:\users\Jari\AppData\Roaming\Leadertech
2009-01-05 16:18 . 2009-01-05 16:18 90,112 --a------ c:\windows\System32\QuickTimeVR.qtx
2009-01-05 16:18 . 2009-01-05 16:18 57,344 --a------ c:\windows\System32\QuickTime.qts

.
(((((((((((((((((((((((((((((((((((( Find3M-raportti ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-02-05 07:30 --------- d-----w c:\users\Jari\AppData\Roaming\uTorrent
2009-02-04 19:56 --------- d-----w c:\users\Jari\AppData\Roaming\OpenOffice.org2
2009-02-04 17:31 --------- d-----w c:\program files\Common Files\Symantec Shared
2009-02-04 17:27 --------- d-----w c:\programdata\Symantec
2009-02-04 17:25 806 ----a-w c:\windows\system32\drivers\SYMEVENT.INF
2009-02-04 17:25 10,635 ----a-w c:\windows\system32\drivers\SYMEVENT.CAT
2009-02-04 17:22 --------- d-----w c:\users\Jari\AppData\Roaming\Orbit
2009-02-03 20:13 --------- d-----w c:\users\Jari\AppData\Roaming\.purple
2009-02-03 20:00 --------- d-----w c:\users\Jari\AppData\Roaming\FileZilla
2009-02-01 00:01 --------- d-----w c:\programdata\Microsoft Help
2009-02-01 00:01 --------- d-----w c:\program files\PC Connectivity Solution
2009-02-01 00:01 --------- d-----w c:\program files\Microsoft Works
2009-02-01 00:01 --------- d-----w c:\program files\Google
2009-02-01 00:01 --------- d-----w c:\program files\Common Files\Skype
2009-01-30 12:48 --------- d-----w c:\users\Jari\AppData\Roaming\Nero
2009-01-23 20:59 --------- d-----w c:\program files\Common Files\Wise Installation Wizard
2009-01-17 09:14 --------- d-----w c:\program files\DivX
2009-01-16 23:24 --------- d-----w c:\program files\Common Files\Macromedia
2009-01-14 17:44 --------- d-----w c:\program files\Windows Mail
2009-01-13 15:43 140,216 ----a-w c:\windows\system32\drivers\PnkBstrK.sys
2009-01-13 10:51 --------- d-----w c:\program files\CCleaner
2009-01-09 18:29 31 ----a-w c:\users\Jari\jagex_runescape_preferences.dat
2009-01-06 11:42 --------- d-----w c:\users\Jari\AppData\Roaming\Skype
2009-01-05 13:53 --------- d-----w c:\users\Jari\AppData\Roaming\gtk-2.0
2009-01-05 11:56 1,682 --sha-w c:\users\All Users\KGyGaAvL.sys
2009-01-05 11:56 1,682 --sha-w c:\programdata\KGyGaAvL.sys
2009-01-04 23:20 --------- d-----w c:\users\Jari\AppData\Roaming\mIRC
2009-01-04 13:27 --------- d-----w c:\users\Jari\AppData\Roaming\PC Suite
2009-01-02 19:32 --------- d--h--w c:\program files\InstallShield Installation Information
2009-01-01 13:31 --------- d-----r c:\users\Jari\AppData\Roaming\Brother
2008-12-30 11:19 88 --sh--r c:\users\All Users\DB1FEAAF5E.sys
2008-12-30 11:19 88 --sh--r c:\programdata\DB1FEAAF5E.sys
2008-12-30 11:17 --------- d-----w c:\program files\Enterbrain
2008-12-30 11:16 --------- d-----w c:\program files\Common Files\Enterbrain
2008-12-30 09:52 --------- d-----w c:\users\Jari\AppData\Roaming\skypePM
2008-12-29 16:45 56 ---ha-w c:\users\All Users\ezsidmv.dat
2008-12-29 16:45 56 ---ha-w c:\programdata\ezsidmv.dat
2008-12-29 16:41 --------- d-----w c:\programdata\Skype
2008-12-29 16:41 --------- d-----w c:\program files\Skype
2008-12-26 16:11 --------- d-----w c:\program files\Common Files\Steam
2008-12-26 15:44 --------- d-----w c:\program files\Common Files\SWF Studio
2008-12-25 12:26 --------- d-----w c:\programdata\ScanSoft
2008-12-24 19:20 --------- d-----w c:\program files\Brother
2008-12-24 19:17 --------- d-----w c:\users\Jari\AppData\Roaming\InstallShield
2008-12-24 19:17 --------- d-----w c:\program files\Nuance
2008-12-24 19:15 --------- d-----w c:\programdata\InstallShield
2008-12-24 19:15 --------- d-----w c:\program files\Common Files\ScanSoft Shared
2008-12-24 19:15 --------- d-----w c:\program files\Common Files\InstallShield
2008-12-24 19:14 --------- d-----w c:\program files\ScanSoft
2008-12-24 19:13 --------- d-----w c:\programdata\Brother
2008-12-23 09:22 --------- d-----w c:\users\Jari\AppData\Roaming\LimeWire
2008-12-20 09:41 --------- d-----w c:\users\Jari\AppData\Roaming\BitZipper
2008-12-19 11:35 --------- d-----w c:\users\Jari\AppData\Roaming\Nokia
2008-12-19 11:32 0 ---ha-w c:\windows\system32\drivers\Msft_User_PCCSWpdDriver_01_05_00.Wdf
2008-12-19 11:31 0 ---ha-w c:\windows\system32\drivers\Msft_Kernel_ccdcmb_01007.Wdf
2008-12-19 11:31 --------- d-----w c:\programdata\PC Suite
2008-12-19 11:30 --------- d-----w c:\program files\DIFX
2008-12-19 11:30 --------- d-----w c:\program files\Common Files\PCSuite
2008-12-19 11:30 --------- d-----w c:\program files\Common Files\Nokia
2008-12-19 11:27 --------- d-----w c:\program files\Nokia
2008-12-19 11:26 --------- d-----w c:\programdata\Installations
2008-12-19 11:17 --------- d-----w c:\programdata\Nokia
2008-12-11 07:16 --------- d-----w c:\programdata\Lavasoft
2008-12-11 07:15 --------- d-----w c:\program files\Lavasoft
2008-12-11 07:11 --------- d---a-w c:\programdata\TEMP
2008-12-10 12:46 --------- d-----w c:\users\Jari\AppData\Roaming\SPORE
2008-12-07 16:11 --------- d-----w c:\programdata\FLEXnet
2008-12-07 16:07 --------- d-----w c:\program files\Common Files\Adobe
2008-12-07 16:07 --------- d-----w c:\program files\Bonjour
2008-12-07 16:00 --------- d-----w c:\program files\Common Files\Macrovision Shared
2008-12-06 23:52 --------- d-----w c:\programdata\Media Center Programs
2008-12-06 23:26 --------- d-----w c:\program files\Tomb Raider - Anniversary
2008-11-21 18:35 52,736 ----a-w c:\windows\ipuninst.exe
2008-11-09 15:02 286,720 ----a-w c:\windows\iun506.exe
2008-01-21 02:43 174 --sha-w c:\program files\desktop.ini
2008-09-16 14:18 56 --sh--r c:\windows\System32\26A77A9094.sys
2008-09-16 08:00 32,768 --sha-w c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\MSHist012008091620080917\index.dat
.

(((((((((((((((((((((((((((((( Rekisterin käynnistyskohteet )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Huom* Tyhjiä arvoja ja laillisia oletusarvoja ei näytetä
REGEDIT4

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{32099AAC-C132-4136-9E9A-4E364A424E17}"= "c:\program files\DAEMON Tools Toolbar\DTToolbar.dll" [2008-10-14 863688]

[HKEY_CLASSES_ROOT\clsid\{32099aac-c132-4136-9e9a-4e364a424e17}]
[HKEY_CLASSES_ROOT\DTToolbar.ToolBandObj.1]
[HKEY_CLASSES_ROOT\TypeLib\{3E288F79-03E4-4983-A48E-0D879B51FF19}]
[HKEY_CLASSES_ROOT\DTToolbar.ToolBandObj]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{32099AAC-C132-4136-9E9A-4E364A424E17}"= "c:\program files\DAEMON Tools Toolbar\DTToolbar.dll" [2008-10-14 863688]

[HKEY_CLASSES_ROOT\clsid\{32099aac-c132-4136-9e9a-4e364a424e17}]
[HKEY_CLASSES_ROOT\DTToolbar.ToolBandObj.1]
[HKEY_CLASSES_ROOT\TypeLib\{3E288F79-03E4-4983-A48E-0D879B51FF19}]
[HKEY_CLASSES_ROOT\DTToolbar.ToolBandObj]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2008-09-07 09:20 143360 --a------ c:\program files\Dropbox\DropboxExt.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2008-09-07 09:20 143360 --a------ c:\program files\Dropbox\DropboxExt.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2008-09-07 09:20 143360 --a------ c:\program files\Dropbox\DropboxExt.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2008-01-21 1233920]
"fsc-reg"="c:\programdata\fsc-reg\fscreg.exe" [2007-11-08 470288]
"MsnMsgr"="c:\program files\Windows Live\Messenger\MsnMsgr.Exe" [2007-10-18 5724184]
"wscsvc"="D:\wscsvc.bat" [2009-02-01 15]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-21 202240]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"fsc-reg"="c:\programdata\fsc-reg\fscreg.exe" [2007-11-08 470288]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)

[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]
"NoSetActiveDesktop"= 1 (0x1)
"NoActiveDesktopChanges"= 1 (0x1)

[HKLM\~\startupfolder\C:^Users^Jari^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Dropbox.lnk]
path=c:\users\Jari\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
backup=c:\windows\pss\Dropbox.lnk.Startup
backupExtension=.Startup

[HKLM\~\startupfolder\C:^Users^Jari^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^OneNote 2007 -näyttöleikkeet ja Launcher.lnk]
path=c:\users\Jari\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2007 -näyttöleikkeet ja Launcher.lnk
backup=c:\windows\pss\OneNote 2007 -näyttöleikkeet ja Launcher.lnk.Startup
backupExtension=.Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BtTray]
--a------ 2008-08-04 18:04 226816 c:\program files\IVT Corporation\BlueSoleil\BtTray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ControlCenter3]
--------- 2007-01-26 15:58 65536 c:\program files\Brother\ControlCenter3\BrCtrCen.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ehTray.exe]
--a------ 2008-01-21 04:25 125952 c:\windows\ehome\ehtray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PC Suite Tray]
--a------ 2008-12-03 12:47 1205760 d:\ohjelmat\Pc Suite\Nokia PC Suite 7\PCSuite.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PrinTray]
--a------ 2002-09-19 02:52 36864 c:\windows\System32\spool\drivers\w32x86\3\printray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
--a------ 2009-01-05 16:18 413696 c:\program files\QuickTime\QTTask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SSBkgdUpdate]
--a------ 2006-10-25 09:03 210472 c:\program files\Common Files\ScanSoft Shared\SSBkgdUpdate\SSBkgdUpdate.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]
--a------ 2008-09-26 13:23 171448 c:\program files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\DomainProfile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]
"{FC76F7C1-E2F8-46CC-A8FE-F3A1BB8F7866}"= UDP:c:\program files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote
"{E7A0C9A3-3D43-4546-AC5E-5A3BAF694B9C}"= TCP:c:\program files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote
"{5281D344-910D-476B-A4B7-04C24C073AE8}"= UDP:c:\program files\uTorrent\uTorrent.exe:µTorrent (TCP-In)
"{B4375A90-CE61-4E00-8ABB-47F68F51EC71}"= TCP:c:\program files\uTorrent\uTorrent.exe:µTorrent (UDP-In)
"{C32F344D-9F24-442D-BBC8-04B36AC47DF9}"= UDP:d:\pelit\Bfield\BF2.exe:Battlefield 2
"{6CDDCF10-2214-4101-A976-D9ED61574244}"= TCP:d:\pelit\Bfield\BF2.exe:Battlefield 2
"{AEB74E27-55B5-4F58-9FD4-7D319F232D8D}"= UDP:d:\pelit\S.T.A.L.K.E.R. - Shadow of Chernobyl\bin\XR_3DA.exe:S.T.A.L.K.E.R. - Shadow of Chernobyl (CLI)
"{502C1894-DA45-4286-8294-5766C8C29589}"= TCP:d:\pelit\S.T.A.L.K.E.R. - Shadow of Chernobyl\bin\XR_3DA.exe:S.T.A.L.K.E.R. - Shadow of Chernobyl (CLI)
"{1F6D2536-09A7-4D41-BA4D-7E9D2560CEBE}"= UDP:d:\pelit\S.T.A.L.K.E.R. - Shadow of Chernobyl\bin\dedicated\XR_3DA.exe:S.T.A.L.K.E.R. - Shadow of Chernobyl (SRV)
"{6FCAFE63-33E1-4DE2-8704-A62DC5685B2A}"= TCP:d:\pelit\S.T.A.L.K.E.R. - Shadow of Chernobyl\bin\dedicated\XR_3DA.exe:S.T.A.L.K.E.R. - Shadow of Chernobyl (SRV)
"{2C30395C-6E5B-49C7-BF05-01F1960A8813}"= c:\program files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
"{A60E526F-FC00-4B95-8AED-A6F3B7F6DC3B}"= UDP:d:\pelit\Battlefield 2 + Special Forces\BF2.exe:Battlefield 2
"{81D56F07-B916-40E4-9907-027E9DDC7136}"= TCP:d:\pelit\Battlefield 2 + Special Forces\BF2.exe:Battlefield 2
"{1B8A8EDE-65FE-4AA6-836E-2D4724215B37}"= UDP:c:\program files\IVT Corporation\BlueSoleil\BlueSoleilCS.exe:BlueSoleilCS
"{B641667D-F302-4C8B-B279-B92474C46658}"= TCP:c:\program files\IVT Corporation\BlueSoleil\BlueSoleilCS.exe:BlueSoleilCS
"{12A0EFCA-490D-4F2D-A688-67CE9DB04428}"= UDP:c:\program files\IVT Corporation\BlueSoleil\BlueSoleilCS.exe:BlueSoleilCS
"{253DE5D1-514F-4715-ABCC-FD84872CC53B}"= TCP:c:\program files\IVT Corporation\BlueSoleil\BlueSoleilCS.exe:BlueSoleilCS
"{411B9642-4F90-4283-9CCC-C955ED38589D}"= UDP:d:\pelit\Far Cry 2\bin\FarCry2.exe:Far Cry 2
"{13E5B86F-8EBF-4B47-AF32-AD4075101F10}"= TCP:d:\pelit\Far Cry 2\bin\FarCry2.exe:Far Cry 2
"{BD603A40-7C9E-4AB6-A79B-54B83BA28471}"= UDP:d:\pelit\Far Cry 2\bin\FC2Launcher.exe:Far Cry 2 Updater
"{A673ED02-6BD6-4593-A936-C93113198DBE}"= TCP:d:\pelit\Far Cry 2\bin\FC2Launcher.exe:Far Cry 2 Updater
"{1685B91E-0A32-4908-95F6-A6FC5F64E736}"= UDP:d:\pelit\Far Cry 2\bin\FC2Editor.exe:Editor
"{F15B89DE-3374-4899-BCCC-4D18C2B75488}"= TCP:d:\pelit\Far Cry 2\bin\FC2Editor.exe:Editor
"{9A6602B9-ACA0-40CB-9779-D0BE3DBDFEE9}"= c:\program files\Skype\Phone\Skype.exe:Skype
"{C901C55C-0C79-4625-80DE-A58191966172}"= UDP:d:\pelit\mirrors edge\Binaries\MirrorsEdge.exe:Mirror's Edge™
"{A8772A98-8BFA-4DE9-AEA7-FF1B88B9FC25}"= TCP:d:\pelit\mirrors edge\Binaries\MirrorsEdge.exe:Mirror's Edge™

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\PublicProfile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\StandardProfile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\StandardProfile\AuthorizedApplications\List]
"c:\\Program Files\\Orbitdownloader\\orbitdm.exe"= c:\program files\Orbitdownloader\orbitdm.exe:*:Enabled:Orbit
"c:\\Program Files\\Orbitdownloader\\orbitnet.exe"= c:\program files\Orbitdownloader\orbitnet.exe:*:Enabled:Orbit

R0 BtHidBus;Bluetooth HID Bus Service;c:\windows\System32\drivers\BtHidBus.sys [2008-07-31 20616]
R0 SymEFA;Symantec Extended File Attributes;c:\windows\System32\drivers\NIS\1002000.007\SymEFA.sys [2009-02-04 309296]
R1 BHDrvx86;Symantec Heuristics Driver;c:\windows\System32\drivers\NIS\1002000.007\BHDrvx86.sys [2009-02-04 255536]
R1 ccHP;Symantec Hash Provider;c:\windows\System32\drivers\NIS\1002000.007\cchpx86.sys [2009-02-04 362544]
R1 IDSVix86;IDSVix86;c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\20090129.005\IDSvix86.sys [2009-01-29 292912]
R1 VBoxDrv;VirtualBox Service;c:\windows\System32\drivers\VBoxDrv.sys [2008-10-27 96016]
R1 VBoxUSBMon;VirtualBox USB Monitor Driver;c:\windows\System32\drivers\VBoxUSBMon.sys [2008-10-27 41744]
R2 BsMobileCS;BsMobileCS;c:\program files\IVT Corporation\BlueSoleil\BsMobileCS.exe [2008-08-01 143467]
R2 Norton Internet Security;Norton Internet Security;c:\program files\Norton Internet Security\Engine\16.2.0.7\ccSvcHst.exe [2009-02-04 115560]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2009-02-04 99376]
R3 IvtBtBUs;IVT Bluetooth Bus Service;c:\windows\System32\drivers\IvtBtBus.sys [2008-07-02 26248]
R3 SYMNDISV;SYMNDISV;c:\windows\System32\drivers\NIS\1002000.007\symndisv.sys [2009-02-04 40496]
S2 Apache2.2;Apache2.2;"d:\ohjelmat\xampp\apache\bin\apache.exe" -k runservice --> d:\ohjelmat\xampp\apache\bin\apache.exe [?]
S2 XAMPP;XAMPP Service;d:\ohjelmat\xampp\service.exe --> d:\ohjelmat\xampp\service.exe [?]
S3 nmwcdnsu;Nokia USB Flashing Phone Parent;c:\windows\System32\drivers\nmwcdnsu.sys [2008-02-01 138112]
S3 nmwcdnsuc;Nokia USB Flashing Generic;c:\windows\System32\drivers\nmwcdnsuc.sys [2008-02-01 8320]
S3 VBoxUSB;VirtualBox USB;c:\windows\System32\drivers\VBoxUSB.sys [2008-10-23 31824]

--- Muut muistissa olevat ajurit/palvelut ---

*Deregistered* - sptd

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
bthsvcs REG_MULTI_SZ BthServ

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{59f37959-b87f-11dd-b190-002185062853}]
\shell\AutoRun\command - L:\Launcher.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{aa674bf8-83fd-11dd-a7a5-002185062853}]
\shell\AutoRun\command - m:\ohjelmat\PStart\PStart.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{f51e4fdc-8fae-11dd-b5a5-002185062853}]
\shell\AutoRun\command - K:\setup.exe
.
'Ajoitetut tehtävät'-kansion sisältö

2009-02-02 c:\windows\Tasks\Norton Internet Security - Suorita täysi järjestelmäntarkistus - Jari.job
- c:\program files\Norton Internet Security\Norton AntiVirus\Navw32.exe []
.
- - - - POISTETUT JÄMÄRIVIT - - - -

HKCU-Run-norton - c:\program files\Common Files\Symantec Shared\NPC\2.0\uiStub2.exe
MSConfigStartUp-DAEMON Tools Lite - d:\lataus\Uusi kansio\DAEMON Tools Lite\daemon.exe
MSConfigStartUp-LogitechSetup - c:\program files\Logitech\QuickCamWebInstall\Setup\Setup.exe


.
------- Täydentävä tarkistus -------
.
uInternet Settings,ProxyOverride = *.local
IE: &Download by Orbit - c:\program files\Orbitdownloader\orbitmxt.dll/201
IE: &Grab video by Orbit - c:\program files\Orbitdownloader\orbitmxt.dll/204
IE: Bluetoothin lähettämä - c:\program files\IVT Corporation\BlueSoleil\TransSend\IE\tsinfo.htm
IE: Do&wnload selected by Orbit - c:\program files\Orbitdownloader\orbitmxt.dll/203
IE: Down&load all by Orbit - c:\program files\Orbitdownloader\orbitmxt.dll/202
IE: Lähetä viestissä(&M)... - c:\program files\IVT Corporation\BlueSoleil\TransSend\IE\tssms.htm
IE: V&ie Microsoft Exceliin - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
Handler: symres - {AA1061FE-6C41-421f-9344-69640C9732AB} - c:\program files\Norton Internet Security\Engine\16.2.0.7\CoIEPlg.dll
FF - ProfilePath - c:\users\Jari\AppData\Roaming\Mozilla\Firefox\Profiles\2hovvtku.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.fi
FF - component: c:\program files\DAEMON Tools Toolbar\FirefoxDTT\components\DTToolbarFF.dll
FF - component: c:\program files\Mozilla Firefox\extensions\{B13721C7-F507-4982-B2E5-502A71474FED}\components\NPComponent.dll
FF - component: c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\coFFPlgn\components\coFFPlgn.dll
FF - component: c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\IPSFFPlgn\components\IPSFFPl.dll
FF - component: d:\ohjelmat\Pc Suite\Nokia PC Suite 7\bkmrksync\components\BkMrkExt.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\np-mswmp.dll
FF - plugin: c:\users\Jari\AppData\Roaming\Mozilla\Firefox\Profiles\2hovvtku.default\extensions\yyginstantplay@yoyogames.com\plugins\NPYYGInstantPlay.dll
.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-02-05 09:44:03
Windows 6.0.6001 Service Pack 1 NTFS

tarkistaa piilotettuja prosesseja ...

tarkistaa piilotettuja käynnistysarvoja ...

tarkistaa piilotettuja tiedostoja ...

tarkistus on valmis
piilotetut tiedostot: 0

**************************************************************************
.
--------------------- Prosesseihin ladatut DLLt ---------------------

- - - - - - - > 'Explorer.exe'(2188)
c:\program files\Dropbox\DropboxExt.dll
c:\windows\system32\BsMobileSDK.dll
c:\windows\system32\BsLangInDepRes.dll
c:\windows\system32\Bs2Res.dll
d:\ohjelmat\Pc Suite\Nokia PC Suite 7\PhoneBrowser.dll
d:\ohjelmat\Pc Suite\Nokia PC Suite 7\NGSCM.DLL
d:\ohjelmat\Pc Suite\Nokia PC Suite 7\Lang\PhoneBrowser_fin.nlr
d:\ohjelmat\Pc Suite\Nokia PC Suite 7\Resource\PhoneBrowser_Nokia.ngr
d:\ohjelmat\WinSCP3\DragExt.dll
.
------------------------ Muut prosessit ------------------------
.
c:\windows\System32\Ati2evxx.exe
c:\windows\System32\audiodg.exe
c:\windows\System32\Ati2evxx.exe
c:\program files\Lavasoft\Ad-Aware\aawservice.exe
c:\program files\IVT Corporation\BlueSoleil\BlueSoleilCS.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\Common Files\microsoft shared\VS7Debug\mdm.exe
c:\program files\Nero\Nero8\Nero BackItUp\NBService.exe
c:\windows\System32\PnkBstrA.exe
c:\program files\Fujitsu Siemens Computers\SystemDiagnostics\OnlineDiagnostic\TestManager\TestHandler.exe
c:\program files\RealVNC\VNC4\winvnc4.exe
c:\program files\IVT Corporation\BlueSoleil\BsHelpCS.exe
c:\windows\servicing\TrustedInstaller.exe
c:\windows\System32\conime.exe
c:\program files\Windows Media Player\wmpnetwk.exe
.
**************************************************************************
.
Valmistumisajankohta: 2009-02-05 9:48:42 - kone käynnistettiin uudelleen
ComboFix-quarantined-files.txt 2009-02-05 07:48:27

Ennen ajoa: 65,317,580,800 tavua vapaana
Ajon jälkeen: 65,294,188,544 tavua vapaana

379 --- E O F --- 2009-02-03 10:00:50

 

scannaa uusi hjt:n loki

 

Mitäs meidän pikkupoju osaa?
Se mitä olet täällä selittänyt antaa sen kuvan että et tajua pask**kaan winukan rekisteristä.

Et ole yhtään järkevää ohjetta kyennyt antamaan tänne etkä varmaan ole ikinä putsannut kenenkään käyttistä.

Tässä tapauksessa näkee hyvin kuinka eräs "koulutettu" ihminen tekee.
Ekan ongelman jälkeen pissii housuun ja asentaa uudelleen oppimatta mitään.
Fiksummat putsaa taikka pahemman ongelman kohdatessa asentaa uudelleen ja sitten tekee levykuvan jollei tarvitsi asentaa uudelleen kuten jotkut "koulutetut" tekee varmaankin kerran kuukaudessa

P.S.
Menit aika hiljaiseksi kun sinun "koulutettuja" ohjeita ja näkemyksiä murskasin

 

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 15:00:36, on 5.2.2009
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v7.00 (7.00.6001.18000)
Boot mode: Normal

Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\Norton Internet Security\Engine\16.2.0.7\ccSvcHst.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\uTorrent\uTorrent.exe
M:\Ohjelmat\HiJackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (file missing)
O2 - BHO: btorbit.com - {000123B4-9B42-4900-B3F7-F4B073EFC214} - C:\Program Files\Orbitdownloader\orbitcth.dll
O2 - BHO: Adobe PDF Reader -linkkiavustaja - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Symantec NCO BHO - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files\Norton Internet Security\Engine\16.2.0.7\coIEPlg.dll
O2 - BHO: Symantec Intrusion Prevention - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files\Norton Internet Security\Engine\16.2.0.7\IPSBHO.DLL
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Liven kirjautumisapuohjelma - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O3 - Toolbar: Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Norton Internet Security\Engine\16.2.0.7\coIEPlg.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: DAEMON Tools Toolbar - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Program Files\DAEMON Tools Toolbar\DTToolbar.dll
O3 - Toolbar: Grab Pro - {C55BBCD6-41AD-48AD-9953-3609C48EACC7} - C:\Program Files\Orbitdownloader\GrabPro.dll
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [fsc-reg] C:\ProgramData\fsc-reg\fscreg.exe 20090114
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKUS\S-1-5-18\..\Run: [fsc-reg] C:\ProgramData\fsc-reg\fscreg.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [fsc-reg] C:\ProgramData\fsc-reg\fscreg.exe (User 'Default user')
O8 - Extra context menu item: &Download by Orbit - res://C:\Program Files\Orbitdownloader\orbitmxt.dll/201
O8 - Extra context menu item: &Grab video by Orbit - res://C:\Program Files\Orbitdownloader\orbitmxt.dll/204
O8 - Extra context menu item: Bluetoothin lähettämä - C:\Program Files\IVT Corporation\BlueSoleil\TransSend\IE\tsinfo.htm
O8 - Extra context menu item: Do&wnload selected by Orbit - res://C:\Program Files\Orbitdownloader\orbitmxt.dll/203
O8 - Extra context menu item: Down&load all by Orbit - res://C:\Program Files\Orbitdownloader\orbitmxt.dll/202
O8 - Extra context menu item: Lähetä viestissä(&M)... - C:\Program Files\IVT Corporation\BlueSoleil\TransSend\IE\tssms.htm
O8 - Extra context menu item: V&ie Microsoft Exceliin - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: Lähetä OneNoteen - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: Läh&etä OneNoteen - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O13 - Gopher Prefix:
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O18 - Protocol: symres - {AA1061FE-6C41-421F-9344-69640C9732AB} - C:\Program Files\Norton Internet Security\Engine\16.2.0.7\coIEPlg.dll
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
O23 - Service: Apache2.2 - Unknown owner - D:\Ohjelmat\xampp\apache\bin\apache.exe (file missing)
O23 - Service: Ati External Event Utility - ATI Technologies Inc. - C:\Windows\system32\Ati2evxx.exe
O23 - Service: BlueSoleilCS - Unknown owner - C:\Program Files\IVT Corporation\BlueSoleil\BlueSoleilCS.exe
O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: BsHelpCS - Unknown owner - C:\Program Files\IVT Corporation\BlueSoleil\BsHelpCS.exe
O23 - Service: BsMobileCS - Unknown owner - C:\Program Files\IVT Corporation\BlueSoleil\BsMobileCS.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Process Monitor (LVPrcSrv) - Unknown owner - c:\program files\common files\logishrd\lvmvfm\LVPrcSrv.exe (file missing)
O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
O23 - Service: Norton Internet Security - Symantec Corporation - C:\Program Files\Norton Internet Security\Engine\16.2.0.7\ccSvcHst.exe
O23 - Service: PnkBstrA - Unknown owner - C:\Windows\system32\PnkBstrA.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files\Common Files\Steam\SteamService.exe
O23 - Service: Symantec RemoteAssist - Symantec, Inc. - C:\Program Files\Common Files\Symantec Shared\Support Controls\ssrc.exe
O23 - Service: Fujitsu Siemens Computers Diagnostic Testhandler (TestHandler) - Fujitsu Siemens Computers - C:\Program Files\Fujitsu Siemens Computers\SystemDiagnostics\OnlineDiagnostic\TestManager\TestHandler.exe
O23 - Service: VNC Server Version 4 (WinVNC4) - RealVNC Ltd. - C:\Program Files\RealVNC\VNC4\WinVNC4.exe
O23 - Service: XAMPP Service (XAMPP) - Unknown owner - D:\Ohjelmat\xampp\service.exe (file missing)

--
End of file - 7720 bytes

 

scannaa hjt:llä merkkaa paina Fix checked

R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (file missing)
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)

==============

Nyt tuon alla olevan lainauksen sisällön Kopioit / liität Tyhjään muistioon
käynnistä nappi >apuohjelmat > muistio

Tallenna se nimellä CFScript.txt työpöydälle

Sitten raahaa CFScript ComboFix.exeen kuten alla.



Laita tuleva loki tänne.

Sammutat ja käynnistät koneen

=============

Laitas se Malwarebytes' Anti-Malware loki
katon että kuinka tuore se on päivityksiltään.

=============

Mikälainen on tilanne nortonin suhteen

 

Et tainnut lukea viimeisintä viestiäni vai luitko? Norton toimii taas

Tuossa on uusi ComboFix-logi:
ComboFix 09-02-04.04 - Jari 2009-02-05 16:13:37.2 - NTFSx86
Microsoft® Windows Vista™ Home Premium 6.0.6001.1.1252.1.1035.18.3070.2114 [GMT 2:00]
Sijainti: c:\users\Jari\Desktop\ComboFix.exe
Käytetyt komentorivivalitsimet :: c:\users\Jari\Desktop\CFScript.txt
* Uusi palautuspiste luotu

FILE ::
c:\windows\System32\senekanrbtycei.dat
c:\windows\System32\senekapop.dll
D:\wscsvc.bat
.

(((((((((((((((((((((((((((((((((((((( Muut poistot ))))))))))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\VundoFix Backups
D:\wscsvc.bat

.
((((((((((((((((((((((((((((((((((((((( Ajurit/Palvelut )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Service_seneka


((((( Tiedostot, jotka on luotu seuraavalla aikavälillä: 2009-01-05 to 2009-02-05 )))))))))))))))))
.

2100-02-16 15:09 . 2001-02-16 14:37 62 --a------ c:\windows\System32\LXBOUSCI.INI
2009-02-04 19:25 . 2009-02-04 19:25 <KANSIO> d-------- c:\program files\Symantec
2009-02-04 19:25 . 2009-02-04 19:25 124,464 --a------ c:\windows\System32\drivers\SYMEVENT.SYS
2009-02-04 19:25 . 2009-02-04 19:24 25,136 -ra------ c:\windows\System32\drivers\SymIMV.sys
2009-02-04 19:24 . 2009-02-04 19:24 <KANSIO> d-------- c:\windows\System32\drivers\NIS
2009-02-04 19:24 . 2009-02-04 19:24 <KANSIO> d-------- c:\program files\Norton Internet Security
2009-02-04 19:15 . 2009-02-04 19:15 <KANSIO> d-------- c:\users\All Users\PCSettings
2009-02-04 19:15 . 2009-02-04 19:15 <KANSIO> d-------- c:\programdata\PCSettings
2009-02-04 19:14 . 2009-02-04 19:14 <KANSIO> d-------- c:\users\All Users\NortonInstaller
2009-02-04 19:14 . 2009-02-04 19:26 <KANSIO> d-------- c:\users\All Users\Norton
2009-02-04 19:14 . 2009-02-04 19:14 <KANSIO> d-------- c:\programdata\NortonInstaller
2009-02-04 19:14 . 2009-02-04 19:26 <KANSIO> d-------- c:\programdata\Norton
2009-02-04 19:14 . 2009-02-04 19:14 <KANSIO> d-------- c:\program files\NortonInstaller
2009-02-01 02:23 . 2009-02-01 02:25 <KANSIO> d-------- c:\program files\Unlocker
2009-01-31 23:06 . 2009-01-31 23:06 0 --ah----- C:\ntuser.dat.LOG2
2009-01-31 23:06 . 2009-01-31 23:06 0 --ah----- C:\ntuser.dat.LOG1
2009-01-31 23:06 . 2009-01-31 23:06 0 --a------ C:\ntuser.dat
2009-01-31 22:17 . 2009-01-31 22:17 <KANSIO> d-------- c:\program files\RealVNC
2009-01-31 17:03 . 2009-01-31 17:03 <KANSIO> d-------- c:\users\All Users\Electronic Arts
2009-01-31 17:03 . 2009-01-31 17:03 <KANSIO> d-------- c:\programdata\Electronic Arts
2009-01-30 15:01 . 2009-01-30 15:04 <KANSIO> d-------- c:\users\Jari\AppData\Roaming\DVD Flick
2009-01-30 15:01 . 2003-01-26 13:41 40,960 --a------ c:\windows\System32\ssubtmr6.dll
2009-01-30 15:01 . 2007-08-31 18:36 36,864 --a------ c:\windows\System32\trayicon_handler.ocx
2009-01-30 15:01 . 2008-08-31 13:27 28,672 --a------ c:\windows\System32\mousewheel.ocx
2009-01-24 23:43 . 2009-01-24 23:43 <KANSIO> d-------- c:\program files\Rockstar Games
2009-01-24 23:43 . 2009-01-24 23:43 <KANSIO> d-------- c:\program files\Krucial MindGames Entertainment
2009-01-23 23:00 . 2009-01-23 23:00 <KANSIO> d-------- c:\windows\System32\AGEIA
2009-01-23 23:00 . 2009-01-23 23:00 <KANSIO> d-------- c:\program files\AGEIA Technologies
2009-01-23 15:21 . 2009-01-23 16:03 <KANSIO> d-------- c:\users\Jari\AppData\Roaming\Mount&Blade
2009-01-23 14:35 . 2009-01-23 14:35 <KANSIO> d-------- c:\users\All Users\Apple Computer
2009-01-23 14:35 . 2009-01-23 14:35 <KANSIO> d-------- c:\programdata\Apple Computer
2009-01-23 14:35 . 2009-01-23 14:36 <KANSIO> d-------- c:\program files\QuickTime
2009-01-22 21:34 . 2009-01-23 12:36 <KANSIO> d-------- c:\users\Jari\AppData\Roaming\Dropbox
2009-01-22 21:34 . 2009-01-22 21:35 <KANSIO> d-------- c:\program files\Dropbox
2009-01-22 18:54 . 2009-01-23 18:03 <KANSIO> d-------- C:\Games
2009-01-17 11:18 . 2009-01-17 11:18 <KANSIO> d-------- c:\program files\K-Lite Codec Pack
2009-01-17 11:18 . 2008-09-24 20:41 839,680 --a------ c:\windows\System32\lameACM.acm
2009-01-17 11:18 . 2008-12-07 20:08 795,648 --a------ c:\windows\System32\xvidcore.dll
2009-01-17 11:18 . 2008-11-06 18:33 684,032 --a------ c:\windows\System32\divx.dll
2009-01-17 11:18 . 2004-01-25 18:18 217,088 --a------ c:\windows\System32\yv12vfw.dll
2009-01-17 11:18 . 2008-09-16 21:23 168,448 --a------ c:\windows\System32\unrar.dll
2009-01-17 11:18 . 2008-12-07 20:08 130,048 --a------ c:\windows\System32\xvidvfw.dll
2009-01-17 11:18 . 2007-09-21 02:52 118,784 --a------ c:\windows\System32\ac3acm.acm
2009-01-17 11:18 . 2008-12-08 13:53 57,344 --a------ c:\windows\System32\ff_vfw.dll
2009-01-17 11:18 . 2007-07-10 18:10 547 --a------ c:\windows\System32\ff_vfw.dll.manifest
2009-01-17 11:18 . 2008-10-03 14:30 414 --a------ c:\windows\System32\lame_acm.xml
2009-01-17 00:01 . 2007-02-20 16:04 2,463,976 --a------ c:\windows\System32\NPSWF32.dll
2009-01-17 00:01 . 2007-02-20 16:04 190,696 --a------ c:\windows\System32\NPSWF32_FlashUtil.exe
2009-01-14 15:52 . 2009-01-14 15:53 <KANSIO> d-------- c:\program files\Microsoft Games for Windows - LIVE
2009-01-14 09:13 . 2008-12-16 04:42 288,768 --a------ c:\windows\System32\drivers\srv.sys
2009-01-09 19:14 . 2009-01-09 19:19 <KANSIO> d-------- c:\users\Jari\AppData\Roaming\Crayon Physics Deluxe
2009-01-08 18:58 . 2009-01-08 18:58 <KANSIO> d-------- c:\users\Jari\AppData\Roaming\Leadertech
2009-01-05 16:18 . 2009-01-05 16:18 90,112 --a------ c:\windows\System32\QuickTimeVR.qtx
2009-01-05 16:18 . 2009-01-05 16:18 57,344 --a------ c:\windows\System32\QuickTime.qts

.
(((((((((((((((((((((((((((((((((((( Find3M-raportti ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-02-05 14:17 --------- d-----w c:\users\Jari\AppData\Roaming\uTorrent
2009-02-05 13:56 --------- d-----w c:\users\Jari\AppData\Roaming\OpenOffice.org2
2009-02-04 17:31 --------- d-----w c:\program files\Common Files\Symantec Shared
2009-02-04 17:27 --------- d-----w c:\programdata\Symantec
2009-02-04 17:25 806 ----a-w c:\windows\system32\drivers\SYMEVENT.INF
2009-02-04 17:25 10,635 ----a-w c:\windows\system32\drivers\SYMEVENT.CAT
2009-02-04 17:22 --------- d-----w c:\users\Jari\AppData\Roaming\Orbit
2009-02-03 20:13 --------- d-----w c:\users\Jari\AppData\Roaming\.purple
2009-02-03 20:00 --------- d-----w c:\users\Jari\AppData\Roaming\FileZilla
2009-02-01 14:59 1,682 --sha-w c:\windows\System32\KGyGaAvL.sys
2009-02-01 00:01 --------- d-----w c:\programdata\Microsoft Help
2009-02-01 00:01 --------- d-----w c:\program files\PC Connectivity Solution
2009-02-01 00:01 --------- d-----w c:\program files\Microsoft Works
2009-02-01 00:01 --------- d-----w c:\program files\Google
2009-02-01 00:01 --------- d-----w c:\program files\Common Files\Skype
2009-01-30 12:48 --------- d-----w c:\users\Jari\AppData\Roaming\Nero
2009-01-23 20:59 --------- d-----w c:\program files\Common Files\Wise Installation Wizard
2009-01-17 09:14 --------- d-----w c:\program files\DivX
2009-01-16 23:24 --------- d-----w c:\program files\Common Files\Macromedia
2009-01-14 17:44 --------- d-----w c:\program files\Windows Mail
2009-01-13 15:43 201,352 ----a-w c:\windows\System32\PnkBstrB.exe
2009-01-13 15:43 140,216 ----a-w c:\windows\system32\drivers\PnkBstrK.sys
2009-01-13 10:51 --------- d-----w c:\program files\CCleaner
2009-01-09 18:29 31 ----a-w c:\users\Jari\jagex_runescape_preferences.dat
2009-01-07 16:53 21,840 ----atw c:\windows\System32\SIntfNT.dll
2009-01-07 16:53 17,212 ----atw c:\windows\System32\SIntf32.dll
2009-01-07 16:53 12,067 ----atw c:\windows\System32\SIntf16.dll
2009-01-06 11:42 --------- d-----w c:\users\Jari\AppData\Roaming\Skype
2009-01-05 13:53 --------- d-----w c:\users\Jari\AppData\Roaming\gtk-2.0
2009-01-05 11:56 1,682 --sha-w c:\users\All Users\KGyGaAvL.sys
2009-01-05 11:56 1,682 --sha-w c:\programdata\KGyGaAvL.sys
2009-01-04 23:20 --------- d-----w c:\users\Jari\AppData\Roaming\mIRC
2009-01-04 13:27 --------- d-----w c:\users\Jari\AppData\Roaming\PC Suite
2009-01-02 19:32 --------- d--h--w c:\program files\InstallShield Installation Information
2009-01-01 13:31 --------- d-----r c:\users\Jari\AppData\Roaming\Brother
2008-12-30 11:19 88 --sh--r c:\users\All Users\DB1FEAAF5E.sys
2008-12-30 11:19 88 --sh--r c:\programdata\DB1FEAAF5E.sys
2008-12-30 11:17 --------- d-----w c:\program files\Enterbrain
2008-12-30 11:16 --------- d-----w c:\program files\Common Files\Enterbrain
2008-12-30 09:52 --------- d-----w c:\users\Jari\AppData\Roaming\skypePM
2008-12-29 16:45 56 ---ha-w c:\users\All Users\ezsidmv.dat
2008-12-29 16:45 56 ---ha-w c:\programdata\ezsidmv.dat
2008-12-29 16:41 --------- d-----w c:\programdata\Skype
2008-12-29 16:41 --------- d-----w c:\program files\Skype
2008-12-26 16:11 --------- d-----w c:\program files\Common Files\Steam
2008-12-26 15:44 --------- d-----w c:\program files\Common Files\SWF Studio
2008-12-25 12:26 --------- d-----w c:\programdata\ScanSoft
2008-12-24 19:20 --------- d-----w c:\program files\Brother
2008-12-24 19:17 --------- d-----w c:\users\Jari\AppData\Roaming\InstallShield
2008-12-24 19:17 --------- d-----w c:\program files\Nuance
2008-12-24 19:15 --------- d-----w c:\programdata\InstallShield
2008-12-24 19:15 --------- d-----w c:\program files\Common Files\ScanSoft Shared
2008-12-24 19:15 --------- d-----w c:\program files\Common Files\InstallShield
2008-12-24 19:14 --------- d-----w c:\program files\ScanSoft
2008-12-24 19:13 --------- d-----w c:\programdata\Brother
2008-12-23 09:22 --------- d-----w c:\users\Jari\AppData\Roaming\LimeWire
2008-12-20 09:41 --------- d-----w c:\users\Jari\AppData\Roaming\BitZipper
2008-12-19 11:35 --------- d-----w c:\users\Jari\AppData\Roaming\Nokia
2008-12-19 11:32 0 ---ha-w c:\windows\system32\drivers\Msft_User_PCCSWpdDriver_01_05_00.Wdf
2008-12-19 11:31 0 ---ha-w c:\windows\system32\drivers\Msft_Kernel_ccdcmb_01007.Wdf
2008-12-19 11:31 --------- d-----w c:\programdata\PC Suite
2008-12-19 11:30 --------- d-----w c:\program files\DIFX
2008-12-19 11:30 --------- d-----w c:\program files\Common Files\PCSuite
2008-12-19 11:30 --------- d-----w c:\program files\Common Files\Nokia
2008-12-19 11:27 --------- d-----w c:\program files\Nokia
2008-12-19 11:26 --------- d-----w c:\programdata\Installations
2008-12-19 11:17 --------- d-----w c:\programdata\Nokia
2008-12-11 07:16 --------- d-----w c:\programdata\Lavasoft
2008-12-11 07:15 --------- d-----w c:\program files\Lavasoft
2008-12-11 07:11 --------- d---a-w c:\programdata\TEMP
2008-12-11 00:33 86,016 ----a-w c:\windows\System32\dpl100.dll
2008-12-10 12:46 --------- d-----w c:\users\Jari\AppData\Roaming\SPORE
2008-12-07 16:11 --------- d-----w c:\programdata\FLEXnet
2008-12-07 16:07 --------- d-----w c:\program files\Common Files\Adobe
2008-12-07 16:07 --------- d-----w c:\program files\Bonjour
2008-12-07 16:00 --------- d-----w c:\program files\Common Files\Macrovision Shared
2008-12-06 23:52 --------- d-----w c:\programdata\Media Center Programs
2008-12-06 23:26 --------- d-----w c:\program files\Tomb Raider - Anniversary
2008-11-21 18:35 52,736 ----a-w c:\windows\ipuninst.exe
2008-11-10 03:43 410,984 ----a-w c:\windows\System32\deploytk.dll
2008-11-09 15:02 286,720 ----a-w c:\windows\iun506.exe
2008-11-07 15:20 107,888 ----a-w c:\windows\System32\CmdLineExt.dll
2008-11-06 16:37 3,596,288 ----a-w c:\windows\System32\qt-dx331.dll
2008-01-21 02:43 174 --sha-w c:\program files\desktop.ini
2008-09-16 14:18 56 --sh--r c:\windows\System32\26A77A9094.sys
2008-09-16 08:00 32,768 --sha-w c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\MSHist012008091620080917\index.dat
.

((((((((((((((((((((((((((((( snapshot@2009-02-05_ 9.47.43.82 )))))))))))))))))))))))))))))))))))))))))
.
+ 2005-10-20 18:02:28 163,328 ----a-w c:\windows\ERDNT\subs\ERDNT.EXE
- 2009-02-05 07:43:33 2,048 --sha-w c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
+ 2009-02-05 14:19:31 2,048 --sha-w c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
+ 2009-02-05 14:19:31 2,048 --sha-w c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
- 2009-02-05 07:44:52 262,144 --sha-w c:\windows\ServiceProfiles\LocalService\NTUSER.DAT
+ 2009-02-05 14:20:02 262,144 --sha-w c:\windows\ServiceProfiles\LocalService\NTUSER.DAT
- 2009-02-05 07:44:23 262,144 --sha-w c:\windows\ServiceProfiles\NetworkService\NTUSER.DAT
+ 2009-02-05 14:20:01 262,144 --sha-w c:\windows\ServiceProfiles\NetworkService\NTUSER.DAT
+ 2009-02-05 14:20:01 262,144 ---ha-w c:\windows\ServiceProfiles\NetworkService\ntuser.dat.LOG1
- 2009-02-05 07:32:30 262,144 ----a-w c:\windows\System32\config\systemprofile\ntuser.dat
+ 2009-02-05 14:07:42 262,144 ----a-w c:\windows\System32\config\systemprofile\ntuser.dat
- 2009-02-03 20:16:41 105,078 ----a-w c:\windows\System32\perfc009.dat
+ 2009-02-05 14:02:54 105,078 ----a-w c:\windows\System32\perfc009.dat
- 2009-02-03 20:16:41 85,622 ----a-w c:\windows\System32\perfc00B.dat
+ 2009-02-05 14:02:54 85,622 ----a-w c:\windows\System32\perfc00B.dat
- 2009-02-03 20:16:41 595,748 ----a-w c:\windows\System32\perfh009.dat
+ 2009-02-05 14:02:54 595,748 ----a-w c:\windows\System32\perfh009.dat
- 2009-02-03 20:16:41 444,278 ----a-w c:\windows\System32\perfh00B.dat
+ 2009-02-05 14:02:54 444,278 ----a-w c:\windows\System32\perfh00B.dat
- 2009-02-05 07:45:23 8,710 ----a-w c:\windows\System32\WDI\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-1680319468-494080855-680667910-1000_UserData.bin
+ 2009-02-05 14:21:28 8,898 ----a-w c:\windows\System32\WDI\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-1680319468-494080855-680667910-1000_UserData.bin
- 2009-02-05 07:45:22 95,400 ----a-w c:\windows\System32\WDI\BootPerformanceDiagnostics_SystemData.bin
+ 2009-02-05 14:21:27 95,708 ----a-w c:\windows\System32\WDI\BootPerformanceDiagnostics_SystemData.bin
- 2009-02-05 07:45:17 51,274 ----a-w c:\windows\System32\WDI\ShutdownPerformanceDiagnostics_SystemData.bin
+ 2009-02-05 08:31:26 51,464 ----a-w c:\windows\System32\WDI\ShutdownPerformanceDiagnostics_SystemData.bin
- 2009-01-31 12:38:12 387,750 ----a-w c:\windows\System32\WDI\SuspendPerformanceDiagnostics_SystemData_FastS4.bin
+ 2009-02-05 11:32:26 391,100 ----a-w c:\windows\System32\WDI\SuspendPerformanceDiagnostics_SystemData_FastS4.bin
- 2009-01-22 10:27:46 292,828 ----a-w c:\windows\System32\WDI\SuspendPerformanceDiagnostics_SystemData_S4.bin
+ 2009-02-05 11:34:17 296,090 ----a-w c:\windows\System32\WDI\SuspendPerformanceDiagnostics_SystemData_S4.bin
.
-- Snapshot nollattu tähän hetkeen --
.
(((((((((((((((((((((((((((((( Rekisterin käynnistyskohteet )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Huom* Tyhjiä arvoja ja laillisia oletusarvoja ei näytetä
REGEDIT4

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2008-09-07 09:20 143360 --a------ c:\program files\Dropbox\DropboxExt.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2008-09-07 09:20 143360 --a------ c:\program files\Dropbox\DropboxExt.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2008-09-07 09:20 143360 --a------ c:\program files\Dropbox\DropboxExt.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2008-01-21 1233920]
"fsc-reg"="c:\programdata\fsc-reg\fscreg.exe" [2007-11-08 470288]
"MsnMsgr"="c:\program files\Windows Live\Messenger\MsnMsgr.Exe" [2007-10-18 5724184]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-21 202240]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"fsc-reg"="c:\programdata\fsc-reg\fscreg.exe" [2007-11-08 470288]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)

[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]
"NoSetActiveDesktop"= 1 (0x1)
"NoActiveDesktopChanges"= 1 (0x1)

[HKLM\~\startupfolder\C:^Users^Jari^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Dropbox.lnk]
path=c:\users\Jari\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
backup=c:\windows\pss\Dropbox.lnk.Startup
backupExtension=.Startup

[HKLM\~\startupfolder\C:^Users^Jari^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^OneNote 2007 -näyttöleikkeet ja Launcher.lnk]
path=c:\users\Jari\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2007 -näyttöleikkeet ja Launcher.lnk
backup=c:\windows\pss\OneNote 2007 -näyttöleikkeet ja Launcher.lnk.Startup
backupExtension=.Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BtTray]
--a------ 2008-08-04 18:04 226816 c:\program files\IVT Corporation\BlueSoleil\BtTray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ControlCenter3]
--------- 2007-01-26 15:58 65536 c:\program files\Brother\ControlCenter3\BrCtrCen.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ehTray.exe]
--a------ 2008-01-21 04:25 125952 c:\windows\ehome\ehtray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PC Suite Tray]
--a------ 2008-12-03 12:47 1205760 d:\ohjelmat\Pc Suite\Nokia PC Suite 7\PCSuite.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PrinTray]
--a------ 2002-09-19 02:52 36864 c:\windows\System32\spool\drivers\w32x86\3\printray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
--a------ 2009-01-05 16:18 413696 c:\program files\QuickTime\QTTask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SSBkgdUpdate]
--a------ 2006-10-25 09:03 210472 c:\program files\Common Files\ScanSoft Shared\SSBkgdUpdate\SSBkgdUpdate.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]
--a------ 2008-09-26 13:23 171448 c:\program files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\DomainProfile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]
"{FC76F7C1-E2F8-46CC-A8FE-F3A1BB8F7866}"= UDP:c:\program files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote
"{E7A0C9A3-3D43-4546-AC5E-5A3BAF694B9C}"= TCP:c:\program files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote
"{5281D344-910D-476B-A4B7-04C24C073AE8}"= UDP:c:\program files\uTorrent\uTorrent.exe:µTorrent (TCP-In)
"{B4375A90-CE61-4E00-8ABB-47F68F51EC71}"= TCP:c:\program files\uTorrent\uTorrent.exe:µTorrent (UDP-In)
"{C32F344D-9F24-442D-BBC8-04B36AC47DF9}"= UDP:d:\pelit\Bfield\BF2.exe:Battlefield 2
"{6CDDCF10-2214-4101-A976-D9ED61574244}"= TCP:d:\pelit\Bfield\BF2.exe:Battlefield 2
"{AEB74E27-55B5-4F58-9FD4-7D319F232D8D}"= UDP:d:\pelit\S.T.A.L.K.E.R. - Shadow of Chernobyl\bin\XR_3DA.exe:S.T.A.L.K.E.R. - Shadow of Chernobyl (CLI)
"{502C1894-DA45-4286-8294-5766C8C29589}"= TCP:d:\pelit\S.T.A.L.K.E.R. - Shadow of Chernobyl\bin\XR_3DA.exe:S.T.A.L.K.E.R. - Shadow of Chernobyl (CLI)
"{1F6D2536-09A7-4D41-BA4D-7E9D2560CEBE}"= UDP:d:\pelit\S.T.A.L.K.E.R. - Shadow of Chernobyl\bin\dedicated\XR_3DA.exe:S.T.A.L.K.E.R. - Shadow of Chernobyl (SRV)
"{6FCAFE63-33E1-4DE2-8704-A62DC5685B2A}"= TCP:d:\pelit\S.T.A.L.K.E.R. - Shadow of Chernobyl\bin\dedicated\XR_3DA.exe:S.T.A.L.K.E.R. - Shadow of Chernobyl (SRV)
"{2C30395C-6E5B-49C7-BF05-01F1960A8813}"= c:\program files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
"{A60E526F-FC00-4B95-8AED-A6F3B7F6DC3B}"= UDP:d:\pelit\Battlefield 2 + Special Forces\BF2.exe:Battlefield 2
"{81D56F07-B916-40E4-9907-027E9DDC7136}"= TCP:d:\pelit\Battlefield 2 + Special Forces\BF2.exe:Battlefield 2
"{1B8A8EDE-65FE-4AA6-836E-2D4724215B37}"= UDP:c:\program files\IVT Corporation\BlueSoleil\BlueSoleilCS.exe:BlueSoleilCS
"{B641667D-F302-4C8B-B279-B92474C46658}"= TCP:c:\program files\IVT Corporation\BlueSoleil\BlueSoleilCS.exe:BlueSoleilCS
"{12A0EFCA-490D-4F2D-A688-67CE9DB04428}"= UDP:c:\program files\IVT Corporation\BlueSoleil\BlueSoleilCS.exe:BlueSoleilCS
"{253DE5D1-514F-4715-ABCC-FD84872CC53B}"= TCP:c:\program files\IVT Corporation\BlueSoleil\BlueSoleilCS.exe:BlueSoleilCS
"{411B9642-4F90-4283-9CCC-C955ED38589D}"= UDP:d:\pelit\Far Cry 2\bin\FarCry2.exe:Far Cry 2
"{13E5B86F-8EBF-4B47-AF32-AD4075101F10}"= TCP:d:\pelit\Far Cry 2\bin\FarCry2.exe:Far Cry 2
"{BD603A40-7C9E-4AB6-A79B-54B83BA28471}"= UDP:d:\pelit\Far Cry 2\bin\FC2Launcher.exe:Far Cry 2 Updater
"{A673ED02-6BD6-4593-A936-C93113198DBE}"= TCP:d:\pelit\Far Cry 2\bin\FC2Launcher.exe:Far Cry 2 Updater
"{1685B91E-0A32-4908-95F6-A6FC5F64E736}"= UDP:d:\pelit\Far Cry 2\bin\FC2Editor.exe:Editor
"{F15B89DE-3374-4899-BCCC-4D18C2B75488}"= TCP:d:\pelit\Far Cry 2\bin\FC2Editor.exe:Editor
"{9A6602B9-ACA0-40CB-9779-D0BE3DBDFEE9}"= c:\program files\Skype\Phone\Skype.exe:Skype
"{C901C55C-0C79-4625-80DE-A58191966172}"= UDP:d:\pelit\mirrors edge\Binaries\MirrorsEdge.exe:Mirror's Edge™
"{A8772A98-8BFA-4DE9-AEA7-FF1B88B9FC25}"= TCP:d:\pelit\mirrors edge\Binaries\MirrorsEdge.exe:Mirror's Edge™

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\PublicProfile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\StandardProfile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\StandardProfile\AuthorizedApplications\List]
"c:\\Program Files\\Orbitdownloader\\orbitdm.exe"= c:\program files\Orbitdownloader\orbitdm.exe:*:Enabled:Orbit
"c:\\Program Files\\Orbitdownloader\\orbitnet.exe"= c:\program files\Orbitdownloader\orbitnet.exe:*:Enabled:Orbit

R0 BtHidBus;Bluetooth HID Bus Service;c:\windows\System32\drivers\BtHidBus.sys [2008-07-31 20616]
R0 SymEFA;Symantec Extended File Attributes;c:\windows\System32\drivers\NIS\1002000.007\SymEFA.sys [2009-02-04 309296]
R1 BHDrvx86;Symantec Heuristics Driver;c:\windows\System32\drivers\NIS\1002000.007\BHDrvx86.sys [2009-02-04 255536]
R1 ccHP;Symantec Hash Provider;c:\windows\System32\drivers\NIS\1002000.007\cchpx86.sys [2009-02-04 362544]
R1 IDSVix86;IDSVix86;c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\20090129.005\IDSvix86.sys [2009-01-29 292912]
R1 VBoxDrv;VirtualBox Service;c:\windows\System32\drivers\VBoxDrv.sys [2008-10-27 96016]
R1 VBoxUSBMon;VirtualBox USB Monitor Driver;c:\windows\System32\drivers\VBoxUSBMon.sys [2008-10-27 41744]
R2 BsMobileCS;BsMobileCS;c:\program files\IVT Corporation\BlueSoleil\BsMobileCS.exe [2008-08-01 143467]
R2 Norton Internet Security;Norton Internet Security;c:\program files\Norton Internet Security\Engine\16.2.0.7\ccSvcHst.exe [2009-02-04 115560]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2009-02-04 99376]
R3 IvtBtBUs;IVT Bluetooth Bus Service;c:\windows\System32\drivers\IvtBtBus.sys [2008-07-02 26248]
R3 SYMNDISV;SYMNDISV;c:\windows\System32\drivers\NIS\1002000.007\symndisv.sys [2009-02-04 40496]
S2 Apache2.2;Apache2.2;"d:\ohjelmat\xampp\apache\bin\apache.exe" -k runservice --> d:\ohjelmat\xampp\apache\bin\apache.exe [?]
S2 XAMPP;XAMPP Service;d:\ohjelmat\xampp\service.exe --> d:\ohjelmat\xampp\service.exe [?]
S3 nmwcdnsu;Nokia USB Flashing Phone Parent;c:\windows\System32\drivers\nmwcdnsu.sys [2008-02-01 138112]
S3 nmwcdnsuc;Nokia USB Flashing Generic;c:\windows\System32\drivers\nmwcdnsuc.sys [2008-02-01 8320]
S3 VBoxUSB;VirtualBox USB;c:\windows\System32\drivers\VBoxUSB.sys [2008-10-23 31824]

--- Muut muistissa olevat ajurit/palvelut ---

*Deregistered* - sptd

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
bthsvcs REG_MULTI_SZ BthServ

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{59f37959-b87f-11dd-b190-002185062853}]
\shell\AutoRun\command - L:\Launcher.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{aa674bf8-83fd-11dd-a7a5-002185062853}]
\shell\AutoRun\command - m:\ohjelmat\PStart\PStart.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{f51e4fdc-8fae-11dd-b5a5-002185062853}]
\shell\AutoRun\command - K:\setup.exe
.
'Ajoitetut tehtävät'-kansion sisältö

2009-02-02 c:\windows\Tasks\Norton Internet Security - Suorita täysi järjestelmäntarkistus - Jari.job
- c:\program files\Norton Internet Security\Norton AntiVirus\Navw32.exe []
.
.
------- Täydentävä tarkistus -------
.
uInternet Settings,ProxyOverride = *.local
IE: &Download by Orbit - c:\program files\Orbitdownloader\orbitmxt.dll/201
IE: &Grab video by Orbit - c:\program files\Orbitdownloader\orbitmxt.dll/204
IE: Bluetoothin lähettämä - c:\program files\IVT Corporation\BlueSoleil\TransSend\IE\tsinfo.htm
IE: Do&wnload selected by Orbit - c:\program files\Orbitdownloader\orbitmxt.dll/203
IE: Down&load all by Orbit - c:\program files\Orbitdownloader\orbitmxt.dll/202
IE: Lähetä viestissä(&M)... - c:\program files\IVT Corporation\BlueSoleil\TransSend\IE\tssms.htm
IE: V&ie Microsoft Exceliin - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
Handler: symres - {AA1061FE-6C41-421f-9344-69640C9732AB} - c:\program files\Norton Internet Security\Engine\16.2.0.7\CoIEPlg.dll
FF - ProfilePath - c:\users\Jari\AppData\Roaming\Mozilla\Firefox\Profiles\2hovvtku.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.fi
FF - component: c:\program files\DAEMON Tools Toolbar\FirefoxDTT\components\DTToolbarFF.dll
FF - component: c:\program files\Mozilla Firefox\extensions\{B13721C7-F507-4982-B2E5-502A71474FED}\components\NPComponent.dll
FF - component: c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\coFFPlgn\components\coFFPlgn.dll
FF - component: c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\IPSFFPlgn\components\IPSFFPl.dll
FF - component: d:\ohjelmat\Pc Suite\Nokia PC Suite 7\bkmrksync\components\BkMrkExt.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\np-mswmp.dll
FF - plugin: c:\users\Jari\AppData\Roaming\Mozilla\Firefox\Profiles\2hovvtku.default\extensions\yyginstantplay@yoyogames.com\plugins\NPYYGInstantPlay.dll
.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-02-05 16:20:04
Windows 6.0.6001 Service Pack 1 NTFS

tarkistaa piilotettuja prosesseja ...

tarkistaa piilotettuja käynnistysarvoja ...

tarkistaa piilotettuja tiedostoja ...

tarkistus on valmis
piilotetut tiedostot: 0

**************************************************************************
.
--------------------- Prosesseihin ladatut DLLt ---------------------

- - - - - - - > 'Explorer.exe'(764)
c:\program files\Dropbox\DropboxExt.dll
c:\windows\system32\BsMobileSDK.dll
c:\windows\system32\BsLangInDepRes.dll
c:\windows\system32\Bs2Res.dll
.
------------------------ Muut prosessit ------------------------
.
c:\windows\System32\Ati2evxx.exe
c:\windows\System32\audiodg.exe
c:\windows\System32\Ati2evxx.exe
c:\program files\Lavasoft\Ad-Aware\aawservice.exe
c:\program files\IVT Corporation\BlueSoleil\BlueSoleilCS.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\Common Files\microsoft shared\VS7Debug\mdm.exe
c:\program files\Nero\Nero8\Nero BackItUp\NBService.exe
c:\windows\System32\PnkBstrA.exe
c:\program files\Fujitsu Siemens Computers\SystemDiagnostics\OnlineDiagnostic\TestManager\TestHandler.exe
c:\program files\RealVNC\VNC4\winvnc4.exe
c:\windows\servicing\TrustedInstaller.exe
c:\program files\IVT Corporation\BlueSoleil\BsHelpCS.exe
c:\windows\System32\conime.exe
c:\program files\Windows Media Player\wmpnetwk.exe
c:\windows\System32\dllhost.exe
.
**************************************************************************
.
Valmistumisajankohta: 2009-02-05 16:26:28 - kone käynnistettiin uudelleen [Jari]
ComboFix-quarantined-files.txt 2009-02-05 14:26:22
ComboFix2.txt 2009-02-05 07:48:43

Ennen ajoa: 64,705,593,344 tavua vapaana
Ajon jälkeen: 64,219,701,248 tavua vapaana

391 --- E O F --- 2009-02-03 10:00:50

Antimalwaren logia minulle ei enään ole, kun ohjelma ei sitä jostain syystä tallentanut sinne minne olisi pitänyt. Itse kyllä uskon että riskit tältä erää oli tässä.

 

Tässä jälleen nähdään, miten parilla ohjelmalla saa näin vaivattomasti ongelmat pois, toisin kuin formatoinnilla

Olin kokonaiset 4 vuotta f-securen käyttäjä. Omistin joku '05 vuoden securen, joka oli niin syvästä suosta että oksat pois, se ei löytänyt koskaan viruksen virusta. Nettioperaattorin vaihdon jälkeen n. vuosi sitten sain ilmaiseksi kaupan päälle F-Secure PC protection plus version, joka löysi ensimmäisessä skannissa about 20 vakoiluohjelmaa + kymmenisen virusta. Ja pari kk sitten vaihdoin avastiin, joka löysi kymmenisen haittaohjelmaa. Että mikä on oma mielipiteeni f-securesta, sen kanssa saa tapella ja virukset sen läpi pääsee.

@OngelmaPC

Lataa Tästä Ccleaner
CCleaner v 2.14.750.- Standard Build, ÄLÄ aseenna Yahoo toolbaria!
Asennuksessa poista merkki/rasti kohdasta "asenna Yahoo! toolbar/työkalupalkki".
Asennuksen jälkeen aukaise CCleaneri.
Valitse vasemmalta pystyrivistä Options.
Valitse viereisestä pystyrivistä Settings.
Language kohtaan valitse Suomi.

Puhdistaja
Valitse vasemmalta pystyrivistä Puhdistaja.
Paina alhaalta Tutki.
Nyt CCleaneri tutkii, mitä voidaan poistaa (tempit, cookiessit jne.).
Kun tutkiminen on valmis, paina Aja CCleaner.
Nyt CCleaneri poistaa löydetyt tempit, cookiessit jne.

Rekisterin virheiden korjaus
Valitse vasemmalta pystyrivistä Rekisteri.
Paina alhaalta Etsi rekisterin virheitä.
Kun etsintä on valmis ja olet varma, että haluat korjata ne rivit jotka ovat merkattuja, niin paina Korjaa valitut rekisterin virheet.
Sinulta kysytään "haluatko varmuuskopioida muutokset rekisteriin", paina Kyllä. Tallenna varmuuskopio vaikka "Omat tiedostot" -kansioon.
Klikkaa uudesta aukeavasta ikkunasta Korjaa kaikki valitut virheet.
Saat vielä varmistus kysymyksen, paina Ok.
Kun virheet on korjattu, paina Sulje.
Nyt voit sulkea CCleanerin painamalla oikealta ylhäältä punaista rastia.

 

c:\users\All Users\DB1FEAAF5E.sys
c:\programdata\DB1FEAAF5E.sys
c:\windows\System32\26A77A9094.sys

Laitas piilotiedostot näkyville ja pistä tuonne tarkistukseen tuosta yäpuolelta kaikki yksitellen
tutkis mille ne kuuluu ominaisuuksista

Lähetetääni tiedosto Virustotaliin
virustotal

1 Klikkaa Selaa... nappia
2 Selaa sitten siihen tämä tiedosto: c:\users\All Users\DB1FEAAF5E.sys
3 Klikkaa Avaa nappia
4 Klikkaa Send nappia
5 Sivusto scannaa tiedostoa hetken, tallenna sitten tulokset jotka saat vaikka muistioon.

Jos ei tuo vörki niin sitten tuonne

Jotti näytti oleen tuolla ruhkaa

 

Kiitos tästä, mutta olen ollut jo vuosia CCleanerin onnellinen käyttäjä

Tuo ensimmäinen palvelu ei ainakaan tällä koneella toiminut , mutta toinen näyttäisi toimivan.