koneelle tuli when u save ja hjt-log

lasolii · 19.04.2008

Eli jotain apua tarvittais

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 23:36:21, on 19.4.2008
Platform: Windows Vista (WinNT 6.00.1904)
MSIE: Internet Explorer v7.00 (7.00.6000.16643)
Boot mode: Normal

Running processes:
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Windows Defender\MSASCui.exe
C:\Windows\RtHDVCpl.exe
C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
C:\Program Files\F-Secure Internet Security\Common\FSM32.EXE
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe
C:\Program Files\Elisa\Avustaja\Elisa.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.EXE
C:\Program Files\F-Secure Internet Security\FSGUI\fsguidll.exe
C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe
C:\Windows\system32\conime.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Users\Käyttäjä\Program Files\DNA\btdna.exe
C:\Program Files\BitTorrent\bittorrent.exe
C:\Windows\system32\taskeng.exe
C:\Users\KYTTJ~1\AppData\Local\Temp\avi0.16.exe
C:\Program Files\Windows Media Player\WMPNSCFG.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O1 - Hosts: ::1 localhost
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Adobe PDF Reader -linkkiavustaja - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Liven kirjautumisapuohjelma - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Elisa Avustaja Plugin - {DB87CDE1-EF9C-44EB-A42F-6D0B3C72C516} - C:\Program Files\Elisa\Avustaja\IEFixItNowPlugin.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [Skytel] Skytel.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [F-Secure Manager] "C:\Program Files\F-Secure Internet Security\Common\FSM32.EXE" /splash
O4 - HKLM\..\Run: [F-Secure TNB] "C:\Program Files\F-Secure Internet Security\FSGUI\TNBUtil.exe" /CHECKALL /WAITFORSW
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter
O4 - HKCU\..\Run: [StartCCC] C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [Elisa Avustaja] "C:\Program Files\Elisa\Avustaja\Elisa.exe"
O4 - HKCU\..\Run: [AdobeUpdater] C:\Program Files\Common Files\Adobe\Updater5\AdobeUpdater.exe
O4 - HKCU\..\Run: [BitTorrent DNA] "C:\Users\Käyttäjä\Program Files\DNA\btdna.exe"
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'Paikallinen palvelu')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'Paikallinen palvelu')
O4 - HKUS\S-1-5-19\..\Run: [Elisa Avustaja] "C:\Program Files\Elisa\Avustaja\Elisa.exe" (User 'Paikallinen palvelu')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'Verkkopalvelu')
O4 - HKUS\S-1-5-18\..\Run: [Elisa Avustaja] "C:\Program Files\Elisa\Avustaja\Elisa.exe" (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [Elisa Avustaja] "C:\Program Files\Elisa\Avustaja\Elisa.exe" (User 'Default user')
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O13 - Gopher Prefix:
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O23 - Service: Ati External Event Utility - ATI Technologies Inc. - C:\Windows\system32\Ati2evxx.exe
O23 - Service: FSGKHS (F-Secure Gatekeeper Handler Starter) - F-Secure Corporation - C:\Program Files\F-Secure Internet Security\Anti-Virus\fsgk32st.exe
O23 - Service: F-Secure Automatic Update Agent (FSAUA) - F-Secure Corporation - C:\Program Files\F-Secure Internet Security\FSAUA\program\fsaua.exe
O23 - Service: F-Secure Anti-Virus Firewall Daemon (FSDFWD) - F-Secure Corporation - C:\Program Files\F-Secure Internet Security\FWES\Program\fsdfwd.exe
O23 - Service: F-Secure Management Agent (FSMA) - F-Secure Corporation - C:\Program Files\F-Secure Internet Security\Common\FSMA32.EXE
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
O23 - Service: SBSD Security Center Service (SBSDWSCService) - Safer Networking Ltd. - C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\pctsAuxs.exe
O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\pctsSvc.exe

--
End of file - 7937 bytes

AfterDawn

Hujo · 19.04.2008

Lataa Malwarebytes' Anti-Malware työpöydällesi.

1. Tuplaklikkaa mbam-setup.exe ja seuraa ohjeita asentaaksesi ohjelman.
2. Lopuksi varmistu, että seuraavat on valittu: Update Malwarebytes', Anti-Malwareja
Launch Malwarebytes' Anti-Malware ja sen jälkeen klikkaaFinish.
3. Jos päivitys löytyy. ohjelma lataa ja asentaa uusimman version.
4. Kun ohjelma on latautunut, valitse Perform full scan ja klikkaa Scan.
5. Kun skanni on valmis, klikkaa OK ja sitten Show Results nähdäksesi tulokset.
6. Varmistu, että kaikki on merkitty ja klikkaa Remove Selected.
7. Tämän jälkeen loki avautuu muistioon. Tallenna se paikkaan, josta löydät sen helposti. Loki
löytyy myös täältä: C:\Documents and Settings\Käyttäjänimi\Application
Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\log-päiväys.txt
8. Lähetä lokin sisältö seuraavassa viestissäsi.

=============

1.Lataa combofix.exe työpöydällesi yhdestä linkistä:
combofix1
combofix2

2. Tuplaklikkaa combofix.exe tiedostoa ja seuraa ohjeistuksia.
3. Kun työkalu on valmis, se tuottaa lokin. Lähetä tämä loki viesti ketjuusi.
Huom! Älä klikkaile combofixin ikkunaa käytön aikana. Tämä saattaa aiheuttaa ohjelman jumiutumisen.

lasolii · 20.04.2008

Malwarebytes' Anti-Malware 1.11
Tietokantaversio: 656

Tarkistustyyppi: Täysi tarkistus (C:\|)
Tarkistetut kohteet: 106525
Kulunut aika: 30 minute(s), 0 second(s)

Saastuneita muistiprosesseja: 0
Saastuneita muistimoduuleja: 0
Saastuneita rekisteriavaimia: 0
Saastuneita rekisteriarvoja: 0
Saastuneita rekisterikohteita: 0
Saastuneita hakemistoja: 9
Saastuneita tiedostoja: 246

Saastuneita muistiprosesseja:
(Haitallisia kohteita ei löydetty)

Saastuneita muistimoduuleja:
(Haitallisia kohteita ei löydetty)

Saastuneita rekisteriavaimia:
(Haitallisia kohteita ei löydetty)

Saastuneita rekisteriarvoja:
(Haitallisia kohteita ei löydetty)

Saastuneita rekisterikohteita:
(Haitallisia kohteita ei löydetty)

Saastuneita hakemistoja:
C:\Casino (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\PAF Diamond Poker (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\PAF Diamond Poker\data (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\PAF Diamond Poker\history (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\PAF Diamond Poker\logs (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\PAF Diamond Poker\promo (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\PAF Diamond Poker\sfx (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\PAF Diamond Poker\xrs (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\PAF Diamond Poker\history\1854877 (Adware.Casino) -> Quarantined and deleted successfully.

Saastuneita tiedostoja:
C:\Casino\PAF Diamond Poker\blackjack.dll (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\PAF Diamond Poker\browser.exe (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\PAF Diamond Poker\cacerts.crt (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\PAF Diamond Poker\cam.cas (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\PAF Diamond Poker\cardlib.dll (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\PAF Diamond Poker\common.dll (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\PAF Diamond Poker\countries.lst (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\PAF Diamond Poker\creditdebit.dll (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\PAF Diamond Poker\db.dll (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\PAF Diamond Poker\devlib.dll (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\PAF Diamond Poker\devlibcomm.dll (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\PAF Diamond Poker\filemap.lst (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\PAF Diamond Poker\fivecard.dll (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\PAF Diamond Poker\games.xrs (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\PAF Diamond Poker\gsid.txt (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\PAF Diamond Poker\id.xrs (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\PAF Diamond Poker\INSTALL.LOG (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\PAF Diamond Poker\languages.xrs (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\PAF Diamond Poker\libeay32.dll (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\PAF Diamond Poker\licens.txt (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\PAF Diamond Poker\mfc80.dll (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\PAF Diamond Poker\microsoft.vc80.crt.manifest (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\PAF Diamond Poker\microsoft.vc80.mfc.manifest (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\PAF Diamond Poker\modstatus.lst (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\PAF Diamond Poker\mp3dec.asi (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\PAF Diamond Poker\mss32.dll (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\PAF Diamond Poker\msvcp80.dll (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\PAF Diamond Poker\msvcr80.dll (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\PAF Diamond Poker\navigator.dll (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\PAF Diamond Poker\omaha.dll (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\PAF Diamond Poker\options.cfg (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\PAF Diamond Poker\poker.dll (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\PAF Diamond Poker\poker.exe (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\PAF Diamond Poker\sc.dll (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\PAF Diamond Poker\srvmap.lst (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\PAF Diamond Poker\ssleay32.dll (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\PAF Diamond Poker\texas.dll (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\PAF Diamond Poker\UNWISE.EXE (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\PAF Diamond Poker\update.exe (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\PAF Diamond Poker\xml.dll (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\PAF Diamond Poker\data\0.gif (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\PAF Diamond Poker\data\1.gif (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\PAF Diamond Poker\data\10.gif (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\PAF Diamond Poker\data\11.gif (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\PAF Diamond Poker\data\12.gif (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\PAF Diamond Poker\data\13.gif (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\PAF Diamond Poker\data\14.gif (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\PAF Diamond Poker\data\15.gif (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\PAF Diamond Poker\data\16.gif (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\PAF Diamond Poker\data\17.gif (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\PAF Diamond Poker\data\18.gif (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\PAF Diamond Poker\data\19.gif (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\PAF Diamond Poker\data\2.gif (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\PAF Diamond Poker\data\20.gif (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\PAF Diamond Poker\data\21.gif (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\PAF Diamond Poker\data\22.gif (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\PAF Diamond Poker\data\23.gif (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\PAF Diamond Poker\data\24.gif (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\PAF Diamond Poker\data\25.gif (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\PAF Diamond Poker\data\26.gif (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\PAF Diamond Poker\data\27.gif (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\PAF Diamond Poker\data\28.gif (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\PAF Diamond Poker\data\29.gif (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\PAF Diamond Poker\data\3.gif (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\PAF Diamond Poker\data\30.gif (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\PAF Diamond Poker\data\31.gif (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\PAF Diamond Poker\data\32.gif (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\PAF Diamond Poker\data\33.gif (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\PAF Diamond Poker\data\34.gif (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\PAF Diamond Poker\data\35.gif (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\PAF Diamond Poker\data\36.gif (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\PAF Diamond Poker\data\37.gif (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\PAF Diamond Poker\data\38.gif (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\PAF Diamond Poker\data\39.gif (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\PAF Diamond Poker\data\4.gif (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\PAF Diamond Poker\data\40.gif (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\PAF Diamond Poker\data\41.gif (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\PAF Diamond Poker\data\42.gif (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\PAF Diamond Poker\data\43.gif (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\PAF Diamond Poker\data\44.gif (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\PAF Diamond Poker\data\45.gif (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\PAF Diamond Poker\data\46.gif (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\PAF Diamond Poker\data\47.gif (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\PAF Diamond Poker\data\48.gif (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\PAF Diamond Poker\data\49.gif (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\PAF Diamond Poker\data\5.gif (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\PAF Diamond Poker\data\50.gif (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\PAF Diamond Poker\data\51.gif (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\PAF Diamond Poker\data\6.gif (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\PAF Diamond Poker\data\7.gif (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\PAF Diamond Poker\data\8.gif (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\PAF Diamond Poker\data\9.gif (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\PAF Diamond Poker\data\allin_popup.bmp (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\PAF Diamond Poker\data\archive.xsl (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\PAF Diamond Poker\data\archive_ff.xsl (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\PAF Diamond Poker\data\avatar.bmp (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\PAF Diamond Poker\data\b.gif (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\PAF Diamond Poker\data\base.css (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\PAF Diamond Poker\data\bj_bkg.jpg (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\PAF Diamond Poker\data\bkg.gif (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\PAF Diamond Poker\data\browserdetect.js (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\PAF Diamond Poker\data\but_blackjack.png (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\PAF Diamond Poker\data\but_cashier.bmp (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\PAF Diamond Poker\data\but_close.bmp (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\PAF Diamond Poker\data\but_filters_big.bmp (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\PAF Diamond Poker\data\but_filters_small.bmp (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\PAF Diamond Poker\data\but_game.bmp (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\PAF Diamond Poker\data\but_general.bmp (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\PAF Diamond Poker\data\but_join.bmp (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\PAF Diamond Poker\data\but_main.bmp (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\PAF Diamond Poker\data\but_medium.bmp (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\PAF Diamond Poker\data\but_minmax.bmp (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\PAF Diamond Poker\data\but_sublevels_big.bmp (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\PAF Diamond Poker\data\but_sublevels_small.bmp (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\PAF Diamond Poker\data\caret.bmp (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\PAF Diamond Poker\data\chatbubble.bmp (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\PAF Diamond Poker\data\chips.bmp (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\PAF Diamond Poker\data\decktype_settings.bmp (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\PAF Diamond Poker\data\edit.bmp (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\PAF Diamond Poker\data\gamelimits1.bmp (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\PAF Diamond Poker\data\gamelimits2.bmp (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\PAF Diamond Poker\data\gamelimits3.bmp (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\PAF Diamond Poker\data\game_bjframe.bmp (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\PAF Diamond Poker\data\game_blackjack.png (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\PAF Diamond Poker\data\game_summary.bmp (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\PAF Diamond Poker\data\gre_font_11p_regular.xbf (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\PAF Diamond Poker\data\hand.html (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\PAF Diamond Poker\data\hand.xsl (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\PAF Diamond Poker\data\hand_cursor.bmp (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\PAF Diamond Poker\data\hand_ff.xsl (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\PAF Diamond Poker\data\harrow.cur (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\PAF Diamond Poker\data\headers_bkg.bmp (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\PAF Diamond Poker\data\headers_text.bmp (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\PAF Diamond Poker\data\history.html (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\PAF Diamond Poker\data\history.xsl (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\PAF Diamond Poker\data\history_ff.xsl (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\PAF Diamond Poker\data\input_additional.bmp (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\PAF Diamond Poker\data\input_boxes.bmp (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\PAF Diamond Poker\data\input_lists.bmp (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\PAF Diamond Poker\data\language.xml (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\PAF Diamond Poker\data\language.xsl (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\PAF Diamond Poker\data\languages.bmp (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\PAF Diamond Poker\data\language_ff.xsl (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\PAF Diamond Poker\data\main.js (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\PAF Diamond Poker\data\main_bkg.jpg (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\PAF Diamond Poker\data\main_listhi.bmp (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\PAF Diamond Poker\data\navigator_bg.bmp (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\PAF Diamond Poker\data\navigator_buttons.bmp (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\PAF Diamond Poker\data\navigator_moneytext.jpg (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\PAF Diamond Poker\data\navigator_timer.bmp (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\PAF Diamond Poker\data\panel_big.bmp (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\PAF Diamond Poker\data\panel_bottom.bmp (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\PAF Diamond Poker\data\panel_game_big.bmp (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\PAF Diamond Poker\data\panel_game_small.bmp (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\PAF Diamond Poker\data\panel_game_top.bmp (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\PAF Diamond Poker\data\panel_left.bmp (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\PAF Diamond Poker\data\panel_medium.bmp (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\PAF Diamond Poker\data\panel_moretables.bmp (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\PAF Diamond Poker\data\panel_texts.bmp (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\PAF Diamond Poker\data\panel_top.bmp (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\PAF Diamond Poker\data\pointer.bmp (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\PAF Diamond Poker\data\poker_cardback.bmp (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\PAF Diamond Poker\data\poker_cards.bmp (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\PAF Diamond Poker\data\poker_cards_4c.bmp (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\PAF Diamond Poker\data\poker_cards_large.bmp (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\PAF Diamond Poker\data\poker_cards_large_4c.bmp (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\PAF Diamond Poker\data\poker_deckside.jpg (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\PAF Diamond Poker\data\poker_font_11p_bold.xbf (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\PAF Diamond Poker\data\poker_font_11p_regular.xbf (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\PAF Diamond Poker\data\poker_makechoice.bmp (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\PAF Diamond Poker\data\poker_pucks.bmp (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\PAF Diamond Poker\data\pol_font_11p_regular.xbf (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\PAF Diamond Poker\data\popups.bmp (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\PAF Diamond Poker\data\position_actions.png (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\PAF Diamond Poker\data\position_active.bmp (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\PAF Diamond Poker\data\position_inactive.bmp (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\PAF Diamond Poker\data\position_mute.bmp (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\PAF Diamond Poker\data\position_note.bmp (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\PAF Diamond Poker\data\position_numbers.bmp (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\PAF Diamond Poker\data\pot_bets.bmp (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\PAF Diamond Poker\data\progress_ani.bmp (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\PAF Diamond Poker\data\promo-test1.jpg (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\PAF Diamond Poker\data\rus_font_11p_regular.xbf (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\PAF Diamond Poker\data\sc_bkg8.jpg (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\PAF Diamond Poker\data\tabs_big.bmp (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\PAF Diamond Poker\data\tabs_cashier.bmp (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\PAF Diamond Poker\data\tabs_small.bmp (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\PAF Diamond Poker\data\text.gif (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\PAF Diamond Poker\data\timeslider.bmp (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\PAF Diamond Poker\data\tur_font_11p_regular.xbf (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\PAF Diamond Poker\data\tx_bkg10.jpg (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\PAF Diamond Poker\data\tx_bkg5.jpg (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\PAF Diamond Poker\data\user.xsl (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\PAF Diamond Poker\data\user_ff.xsl (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\PAF Diamond Poker\data\white_line.bmp (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\PAF Diamond Poker\data\win_graphics.bmp (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\PAF Diamond Poker\data\xml.gif (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\PAF Diamond Poker\data\xml_decoder.js (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\PAF Diamond Poker\history\1854877\archive.xml (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\PAF Diamond Poker\history\1854877\history_0811.xml (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\PAF Diamond Poker\history\1854877\session166365299.xml (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\PAF Diamond Poker\history\1854877\session166368632.xml (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\PAF Diamond Poker\history\1854877\session166375373.xml (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\PAF Diamond Poker\history\1854877\stats_GAME_THM.xml (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\PAF Diamond Poker\promo\ppc2008.jpg (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\PAF Diamond Poker\sfx\c_button.wav (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\PAF Diamond Poker\sfx\c_chip.wav (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\PAF Diamond Poker\sfx\c_deal.mp3 (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\PAF Diamond Poker\sfx\p_alert.wav (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\PAF Diamond Poker\sfx\p_checkknock.wav (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\PAF Diamond Poker\xrs\blackjack_game_panel.xrs (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\PAF Diamond Poker\xrs\blackjack_main.xrs (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\PAF Diamond Poker\xrs\common.xrs (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\PAF Diamond Poker\xrs\creditdebit.xrs (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\PAF Diamond Poker\xrs\ext_clientspecific.xrs (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\PAF Diamond Poker\xrs\ext_creditdebit.xrs (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\PAF Diamond Poker\xrs\ext_game.xrs (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\PAF Diamond Poker\xrs\ext_general.xrs (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\PAF Diamond Poker\xrs\ext_mc_main.xrs (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\PAF Diamond Poker\xrs\ext_navigator.xrs (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\PAF Diamond Poker\xrs\fcs_main.xrs (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\PAF Diamond Poker\xrs\fc_join.xrs (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\PAF Diamond Poker\xrs\fc_main.xrs (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\PAF Diamond Poker\xrs\filemap.xrs (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\PAF Diamond Poker\xrs\filerefs.xrs (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\PAF Diamond Poker\xrs\gameclient.xrs (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\PAF Diamond Poker\xrs\game_common.xrs (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\PAF Diamond Poker\xrs\game_common_message.xrs (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\PAF Diamond Poker\xrs\game_panel.xrs (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\PAF Diamond Poker\xrs\gizmo.xrs (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\PAF Diamond Poker\xrs\mc_main.xrs (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\PAF Diamond Poker\xrs\message.xrs (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\PAF Diamond Poker\xrs\mtt_join.xrs (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\PAF Diamond Poker\xrs\mtt_lobby.xrs (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\PAF Diamond Poker\xrs\navigator.xrs (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\PAF Diamond Poker\xrs\omaha_join.xrs (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\PAF Diamond Poker\xrs\omaha_main.xrs (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\PAF Diamond Poker\xrs\optdef.xrs (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\PAF Diamond Poker\xrs\poker_limits.xrs (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\PAF Diamond Poker\xrs\sc_join.xrs (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\PAF Diamond Poker\xrs\sc_main.xrs (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\PAF Diamond Poker\xrs\soko_main.xrs (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\PAF Diamond Poker\xrs\tel_main.xrs (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\PAF Diamond Poker\xrs\texas_join.xrs (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\PAF Diamond Poker\xrs\texas_main.xrs (Adware.Casino) -> Quarantined and deleted successfully.
C:\Casino\PAF Diamond Poker\xrs\tournament_join.xrs (Adware.Casino) -> Quarantined and deleted successfully.

ComboFix 08-04-18.3 - Käyttäjä 2008-04-20 0:45:00.1 - NTFSx86
Microsoft® Windows Vista™ Home Premium 6.0.6000.0.1252.1.1035.18.1084 [GMT 3:00]
Running from: C:\Users\Käyttäjä\Desktop\ComboFix.exe
* Created a new restore point
* Resident AV is active

.

((((( Tiedostot, jotka on luotu seuraavalla aikavälillä: 2008-03-19 to 2008-04-19 )))))))))))))))))
.

Tiedostoja ei ole luotu tällä aikavälillä

.
(((((((((((((((((((((((((((((((((((( Find3M-raportti ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-04-19 21:48 3,145,728 --sha-w C:\Users\Käyttäjä\NTUSER.DAT
2008-04-19 21:48 3,145,728 --sha-w C:\Users\Käyttäjä\NTUSER.DAT
2008-04-19 21:39 --------- d-----w C:\Users\Käyttäjä\AppData\Roaming\DNA
2008-04-19 20:49 --------- d-----w C:\Users\Käyttäjä\AppData\Roaming\Malwarebytes
2008-04-19 20:48 --------- d-----w C:\ProgramData\Malwarebytes
2008-04-19 20:48 --------- d-----w C:\Program Files\Malwarebytes' Anti-Malware
2008-04-19 20:39 --------- d-----w C:\Users\Käyttäjä\AppData\Roaming\BitTorrent
2008-04-19 20:36 --------- d-----w C:\Program Files\Trend Micro
2008-04-19 20:26 --------- d---a-w C:\ProgramData\TEMP
2008-04-19 20:18 --------- d-----w C:\Program Files\Spyware Doctor
2008-04-19 20:16 --------- d-----w C:\Users\Käyttäjä\AppData\Roaming\PC Tools
2008-04-19 20:15 --------- d-----w C:\Users\Käyttäjä\AppData\Roaming\BSplayer
2008-04-19 20:15 --------- d-----w C:\Program Files\Webteh
2008-04-19 20:10 --------- d-----w C:\Users\Käyttäjä\AppData\Roaming\vlc
2008-04-19 20:06 --------- d-----w C:\Program Files\VideoLAN
2008-04-19 19:58 --------- d-----w C:\Program Files\AdVantage
2008-04-19 19:54 --------- d-----w C:\Program Files\ffdshow
2008-04-19 19:52 --------- d-----w C:\Program Files\Xvid
2008-04-19 19:51 --------- d-----w C:\Program Files\DivX
2008-04-19 19:51 --------- d-----w C:\Program Files\Common Files\PX Storage Engine
2008-04-19 19:50 --------- d-----w C:\Program Files\AC3Filter
2008-04-19 19:46 --------- d-s---w C:\Users\Käyttäjä\AppData\Roaming\Microsoft
2008-04-19 19:45 --------- dcsh--w C:\Program Files\Common Files\WindowsLiveInstaller
2008-04-19 19:45 --------- d-----w C:\Program Files\Windows Live
2008-04-19 19:42 --------- d-----w C:\ProgramData\WLInstaller
2008-04-19 19:38 --------- d-----w C:\ProgramData\Yahoo! Companion
2008-04-19 19:33 --------- d-----w C:\Users\Käyttäjä\AppData\Roaming\BSplayer PRO
2008-04-19 19:24 --------- d-----w C:\Users\Käyttäjä\AppData\Roaming\WinRAR
2008-04-19 18:47 --------- d-----w C:\Program Files\Yahoo!
2008-04-19 18:47 --------- d-----w C:\Program Files\CCleaner
2008-04-19 18:35 --------- d-----w C:\Users\Käyttäjä\AppData\Roaming\Mozilla
2008-04-19 18:19 --------- d-----w C:\Program Files\DNA
2008-04-19 18:19 --------- d-----w C:\Program Files\BitTorrent
2008-04-18 08:13 --------- d-----w C:\Users\Käyttäjä\AppData\Roaming\Real
2008-04-18 08:11 499,712 ----a-w C:\Windows\System32\msvcp71.dll
2008-04-18 08:11 348,160 ----a-w C:\Windows\System32\msvcr71.dll
2008-04-18 08:11 --------- d-----w C:\Program Files\Real
2008-04-18 08:11 --------- d-----w C:\Program Files\Common Files\xing shared
2008-04-18 08:11 --------- d-----w C:\Program Files\Common Files\Real
2008-04-10 00:09 --------- d-----w C:\Program Files\Windows Mail
2008-04-08 11:30 --------- d-----w C:\Program Files\F-Secure Internet Security
2008-04-07 19:14 --------- d-----w C:\Users\Käyttäjä\AppData\Roaming\Adobe
2008-03-31 21:25 831,488 ----a-w C:\Windows\System32\divx_xx0a.dll
2008-03-31 21:25 823,296 ----a-w C:\Windows\System32\divx_xx0c.dll
2008-03-31 21:25 823,296 ----a-w C:\Windows\System32\divx_xx07.dll
2008-03-31 21:25 802,816 ----a-w C:\Windows\System32\divx_xx11.dll
2008-03-31 21:25 682,496 ----a-w C:\Windows\System32\DivX.dll
2008-03-31 21:25 161,096 ----a-w C:\Windows\System32\DivXCodecVersionChecker.exe
2008-03-28 16:41 7,680 ----a-w C:\Windows\System32\ff_vfw.dll
2008-03-21 20:30 524,288 ----a-w C:\Windows\System32\DivXsm.exe
2008-03-21 20:30 3,596,288 ----a-w C:\Windows\System32\qt-dx331.dll
2008-03-21 20:30 200,704 ----a-w C:\Windows\System32\ssldivx.dll
2008-03-21 20:30 1,044,480 ----a-w C:\Windows\System32\libdivx.dll
2008-03-21 20:28 81,920 ----a-w C:\Windows\System32\dpl100.dll
2008-03-21 20:28 593,920 ----a-w C:\Windows\System32\dpuGUI11.dll
2008-03-21 20:28 57,344 ----a-w C:\Windows\System32\dpv11.dll
2008-03-21 20:28 53,248 ----a-w C:\Windows\System32\dpuGUI10.dll
2008-03-21 20:28 344,064 ----a-w C:\Windows\System32\dpus11.dll
2008-03-21 20:28 294,912 ----a-w C:\Windows\System32\dpu11.dll
2008-03-21 20:28 294,912 ----a-w C:\Windows\System32\dpu10.dll
2008-03-21 20:28 196,608 ----a-w C:\Windows\System32\dtu100.dll
2008-03-21 20:28 12,288 ----a-w C:\Windows\System32\DivXWMPExtType.dll
2008-03-17 10:52 60,064 ----a-w C:\Windows\system32\drivers\fsdfw.sys
2008-02-29 06:51 19,000 ----a-w C:\Windows\System32\kd1394.dll
2008-02-29 06:39 40,960 ----a-w C:\Windows\System32\srclient.dll
2008-02-29 06:39 371,712 ----a-w C:\Windows\System32\srcore.dll
2008-02-29 06:38 313,856 ----a-w C:\Windows\System32\rstrui.exe
2008-02-29 06:38 16,384 ----a-w C:\Windows\System32\srdelayed.exe
2008-02-29 06:35 6,656 ----a-w C:\Windows\System32\kbd106n.dll
2008-02-29 06:34 7,168 ----a-w C:\Windows\System32\f3ahvoas.dll
2008-02-29 04:16 2,027,008 ----a-w C:\Windows\System32\win32k.sys
2008-02-26 01:10 194,560 ----a-w C:\Windows\System32\WebClnt.dll
2008-02-26 01:10 110,080 ----a-w C:\Windows\system32\drivers\mrxdav.sys
2008-02-26 01:06 803,328 ----a-w C:\Windows\system32\drivers\tcpip.sys
2008-02-26 01:05 537,600 ----a-w C:\Windows\AppPatch\AcLayers.dll
2008-02-26 01:05 4,247,552 ----a-w C:\Windows\System32\GameUXLegacyGDFs.dll
2008-02-26 01:05 173,056 ----a-w C:\Windows\AppPatch\AcXtrnal.dll
2008-02-26 01:05 1,686,528 ----a-w C:\Windows\System32\gameux.dll
2008-02-26 01:05 --------- d-----w C:\Program Files\MSXML 4.0
2008-02-26 01:01 1,244,672 ----a-w C:\Windows\System32\mcmde.dll
2008-02-25 11:19 --------- d-----w C:\ProgramData\Emotum
2008-02-25 07:37 --------- d-----w C:\Users\Käyttäjä\AppData\Roaming\PeerNetworking
2008-02-24 14:04 --------- d-----w C:\Program Files\World of Warcraft
2008-02-24 14:04 --------- d-----w C:\Program Files\Common Files\Blizzard Entertainment
2008-02-21 14:54 --------- d-----w C:\ProgramData\Symantec
2008-02-21 04:43 826,368 ----a-w C:\Windows\System32\wininet.dll
2008-02-21 04:43 56,320 ----a-w C:\Windows\System32\iesetup.dll
2008-02-21 04:43 52,736 ----a-w C:\Windows\AppPatch\iebrshim.dll
2008-02-21 04:43 296,448 ----a-w C:\Windows\System32\gdi32.dll
2008-02-21 04:43 26,624 ----a-w C:\Windows\System32\ieUnatt.exe
2008-02-19 05:10 620,088 ----a-w C:\Windows\System32\ci.dll
2008-02-16 15:04 107,888 ----a-w C:\Windows\System32\CmdLineExt.dll
2008-02-14 23:19 944,184 ----a-w C:\Windows\System32\winload.exe
2008-02-09 08:30 229,888 ----a-w C:\Windows\System32\msshsq.dll
2008-02-09 01:09 174 --sha-w C:\Program Files\desktop.ini
2008-02-08 15:22 7,307,264 ----a-w C:\Windows\System32\atioglxx.dll
2008-02-08 15:22 565,248 ----a-w C:\Windows\System32\Ati2evxx.exe
2008-02-08 15:22 42,496 ----a-w C:\Windows\System32\ati2edxx.dll
2008-02-08 15:22 307,200 ----a-w C:\Windows\System32\ATIDEMGX.dll
2008-02-08 15:22 241,664 ----a-w C:\Windows\System32\atipdlxx.dll
.

(((((((((((((((((((((((((((((( Rekisterin käynnistyskohteet )))))))))))))))))))))))))))))))))))))))))))))
.
.
REGEDIT4
*Huom* Tyhjiä arvoja ja laillisia oletusarvoja ei näytetä

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="C:\Program Files\Windows Sidebar\sidebar.exe" [2008-02-08 17:00 1232896]
"WindowsWelcomeCenter"="oobefldr.dll" [2006-11-02 15:34 2159104 C:\Windows\System32\oobefldr.dll]
"StartCCC"="C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2006-11-10 14:35 90112]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe" [2007-03-12 14:49 153136]
"Elisa Avustaja"="C:\Program Files\Elisa\Avustaja\Elisa.exe" [2007-10-22 16:15 189768]
"AdobeUpdater"="C:\Program Files\Common Files\Adobe\Updater5\AdobeUpdater.exe" [2007-03-01 11:37 2321600]
"BitTorrent DNA"="C:\Users\Käyttäjä\Program Files\DNA\btdna.exe" [2008-04-19 21:19 288576]
"MsnMsgr"="C:\Program Files\Windows Live\Messenger\MsnMsgr.exe" [2007-10-18 11:34 5724184]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Windows Defender"="C:\Program Files\Windows Defender\MSASCui.exe" [2008-02-08 17:08 1006264]
"RtHDVCpl"="RtHDVCpl.exe" [2008-01-29 19:51 4911104 C:\Windows\RtHDVCpl.exe]
"Skytel"="Skytel.exe" [2007-11-20 19:15 1826816 C:\Windows\SkyTel.exe]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" [2008-02-22 05:25 144784]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2007-05-11 04:06 40048]
"F-Secure Manager"="C:\Program Files\F-Secure Internet Security\Common\FSM32.exe" [2007-05-25 16:12 183208]
"F-Secure TNB"="C:\Program Files\F-Secure Internet Security\FSGUI\TNBUtil.exe" [2007-05-25 16:11 740208]
"NeroFilterCheck"="C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe" [2007-03-09 19:53 153136]
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [2008-04-18 11:11 185896]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"Elisa Avustaja"="C:\Program Files\Elisa\Avustaja\Elisa.exe" [2007-10-22 16:15 189768]

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\DomainProfile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]
"{ED8470B3-6955-497D-81AF-A193E6817029}"= %ProgramFiles%\Elisa\Avustaja\Elisa.exe:Elisa Avustaja
"TCP Query User{81256454-1F0E-44D4-92D7-DDA25267CEC5}C:\\pelit\\world of warcraft\\wow-2.3.0-engb-downloader.exe"= UDP:C:\pelit\world of warcraft\wow-2.3.0-engb-downloader.exe:Blizzard Downloader
"UDP Query User{2ED3ABD0-C4E0-4F64-9AE5-48A9573636AA}C:\\pelit\\world of warcraft\\wow-2.3.0-engb-downloader.exe"= TCP:C:\pelit\world of warcraft\wow-2.3.0-engb-downloader.exe:Blizzard Downloader
"TCP Query User{D34D4BD2-386D-41DF-A533-2288FA9A83E6}C:\\pelit\\world of warcraft\\backgrounddownloader.exe"= UDP:C:\pelit\world of warcraft\backgrounddownloader.exe:Blizzard Downloader
"UDP Query User{85A43BAD-9A9E-4C4D-BAD8-7386E83A7D47}C:\\pelit\\world of warcraft\\backgrounddownloader.exe"= TCP:C:\pelit\world of warcraft\backgrounddownloader.exe:Blizzard Downloader
"TCP Query User{12407362-71D2-45F8-9253-F82976AEEA07}C:\\program files\\real\\realplayer\\realplay.exe"= UDP:C:\program files\real\realplayer\realplay.exe:RealPlayer
"UDP Query User{BBC6DC7E-7B1C-450A-A114-6417C1ABADC0}C:\\program files\\real\\realplayer\\realplay.exe"= TCP:C:\program files\real\realplayer\realplay.exe:RealPlayer
"{2DCE3AFD-16E4-4BB9-BFFF-D2C54D9807D2}"= UDP:C:\Program Files\DNA\btdna.exeNA
"{F9ADC635-9E6D-44FC-97C1-EF14292FF4C4}"= TCP:C:\Program Files\DNA\btdna.exeNA
"{D7765372-9A01-4643-80DF-73D348C523C0}"= UDP:C:\Program Files\BitTorrent\bittorrent.exe:BitTorrent
"{14D594DF-6556-4F9F-927B-A67D4B2FEB7C}"= TCP:C:\Program Files\BitTorrent\bittorrent.exe:BitTorrent
"TCP Query User{7516BD08-D31B-4358-B1EC-67FC813D45A7}C:\\users\\käyttäjä\\program files\\dna\\btdna.exe"= UDP:C:\users\käyttäjä\program files\dna\btdna.exe:btdna.exe
"UDP Query User{E337CFDD-AB62-4F0A-ACD9-985BF373EAE0}C:\\users\\käyttäjä\\program files\\dna\\btdna.exe"= TCP:C:\users\käyttäjä\program files\dna\btdna.exe:btdna.exe
"{51A397D1-01D1-496A-B05A-947274594B4D}"= C:\Program Files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\PublicProfile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\RestrictedServices\Static\System]
"DFSR-1"= RPort=5722|UDP:%SystemRoot%\system32\svchost.exe|Svc=DFSR:Allow inbound TCP traffic|

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\StandardProfile\AuthorizedApplications\List]
"C:\\Program Files\\BitTorrent\\bittorrent.exe"= C:\Program Files\BitTorrent\bittorrent.exe:*:Enabled:BitTorrent

R1 F-Secure HIPS;F-Secure HIPS;C:\Program Files\F-Secure Internet Security\HIPS\fshs.sys [2008-02-25 14:18]
R1 FSES;F-Secure Email Scanning Driver;C:\Windows\system32\drivers\fses.sys [2007-05-25 16:09]
R1 FSFW;F-Secure Firewall Driver;C:\Windows\system32\drivers\fsdfw.sys [2008-03-17 13:52]
R1 fsvista;F-Secure Vista Support Driver;C:\Program Files\F-Secure Internet Security\Anti-Virus\minifilter\fsvista.sys [2007-05-25 16:08]
R2 SBSDWSCService;SBSD Security Center Service;C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe [2008-01-28 12:43]
R3 AtcL001;NDIS Miniport Driver for Attansic L1 Gigabit Ethernet Controller;C:\Windows\system32\DRIVERS\atl01v32.sys [2007-04-12 16:29]
R3 atikmdag;atikmdag;C:\Windows\system32\DRIVERS\atikmdag.sys [2008-02-08 18:22]
R3 F-Secure Gatekeeper;F-Secure Gatekeeper;C:\Program Files\F-Secure Internet Security\Anti-Virus\minifilter\fsgk.sys [2007-05-25 16:08]
R3 RTHDMIAzAudService;Service for HDMI;C:\Windows\system32\drivers\RtHDMIV.sys [2007-05-14 11:10]
S4 F-Secure Filter;F-Secure File System Filter;C:\Program Files\F-Secure Internet Security\Anti-Virus\Win2K\FSfilter.sys [2007-05-25 16:09]
S4 F-Secure Recognizer;F-Secure File System Recognizer;C:\Program Files\F-Secure Internet Security\Anti-Virus\Win2K\FSrec.sys [2007-05-25 16:09]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{c584aec1-d63d-11dc-be1a-806e6f6e6963}]
\shell\AutoRun\command - D:\AUTORUN.EXE

*Newly Created Service* - CATCHME
.
**************************************************************************

catchme 0.3.1353 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-04-20 00:48:43
Windows 6.0.6000 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2008-04-20 0:49:30
ComboFix-quarantined-files.txt 2008-04-19 21:49:25

Järjestelmä ei löydä sanomaa numerolle 0x2379 ohjelman Application sanomatiedostossa.
Järjestelmä ei löydä sanomaa numerolle 0x2379 ohjelman Application sanomatiedostossa.

192 --- E O F --- 2008-04-18 07:38:56

Hujo · 20.04.2008

Lataa Tästä Ccleaner
CCleaner v2.05.555- Standard Build, ÄLÄ aseenna Yahoo toolbaria!

laita asetukset näin:
Valinnat --> Lisäasetukset --> Ota ruksi pois kohdasta Poista vain yli 48 tuntia vanhat tilapäistiedostot.

aja Puhdistaja > tutki nappi > aja ccleaner nappi oikea alakulma
aja Virheet > etsi rekisteri virheitä nappi > Korjaa rekisteri virheet. nappi

Kirjaudu tai liity jäseneksi

koneelle tuli when u save ja hjt-log

lasolii Member

Hujo Guest

lasolii Member

Hujo Guest

Jaa tämä sivu

Kirjaudu tai liity jäseneksi

koneelle tuli when u save ja hjt-log

lasolii Member

Hujo Guest

lasolii Member

Hujo Guest

Jaa tämä sivu

Hyödyllisiä hakuja