Apua, satuin löytämään C:-asemasta jonkun sovelluksen nimeltä fdsgsdg342gd.exe. Nimi vaikutti sen verran epäilyttävältä, että ajattelin kysäistä, onko tämä jokin virus? Ei ole vielä avast alkanut huutaa. Paitsi tietysti vähän aikaa sitten tuli avastilta viesti että jokin virus jolla oli myös sekava nimi oli ilmaantunut esille. Mitäs ihmettä tämä on?
Skannataan kone mbam ja katsotaan löytääkö mitään erikoista. Lataa Malwarebytes' Anti-Malware työpöydällesi. * Tuplaklikkaa mbam-setup.exe ja seuraa ohjeita asentaaksesi ohjelman. * Lopuksi varmistu, että seuraavat on valittu: Päivitä Malwarebytes' Anti-Malware ja Käynnistä Malwarebytes' Anti-Malware ja sen jälkeen klikkaa Lopeta. * Jos päivitys löytyy. ohjelma lataa ja asentaa uusimman version. * Kun ohjelma on latautunut, valitse Suorita täysi tarkistus ja klikkaa Tarkista. * Kun skanni on valmis, klikkaa OK ja sitten Näytä tulokset nähdäksesi tulokset. * Varmistu, että kaikki on merkitty ja klikkaa Poista valitut. * Tämän jälkeen loki avautuu muistioon. Tallenna se paikkaan, josta löydät sen helposti. Loki löytyy myös täältä: C:\Documents and Settings\Käyttäjänimi\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\log-päiväys.txt * Lähetä lokin sisältö seuraavassa viestissäsi + uusi hjt-loki.
Vedin vahingossa erikseen nuo haut. Mutta kuitenkin... C:\ Malwarebytes' Anti-Malware 1.29 Tietokantaversio: 1289 Windows 6.0.6001 Service Pack 1 19.10.2008 18:36:39 mbam-log-2008-10-19 (18-36-39).txt Tarkistustyyppi: Pikatarkistus Tarkistetut kohteet: 46876 Kulunut aika: 5 minute(s), 22 second(s) Saastuneita muistiprosesseja: 0 Saastuneita muistimoduuleja: 0 Saastuneita rekisteriavaimia: 0 Saastuneita rekisteriarvoja: 1 Saastuneita rekisterikohteita: 0 Saastuneita hakemistoja: 0 Saastuneita tiedostoja: 1 Saastuneita muistiprosesseja: (Haitallisia kohteita ei löydetty) Saastuneita muistimoduuleja: (Haitallisia kohteita ei löydetty) Saastuneita rekisteriavaimia: (Haitallisia kohteita ei löydetty) Saastuneita rekisteriarvoja: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\MSN (Backdoor.Bot) -> Quarantined and deleted successfully. Saastuneita rekisterikohteita: (Haitallisia kohteita ei löydetty) Saastuneita hakemistoja: (Haitallisia kohteita ei löydetty) Saastuneita tiedostoja: C:\Windows\dllhost.exe (Backdoor.Bot) -> Delete on reboot. --------------------- D:\ Malwarebytes' Anti-Malware 1.29 Tietokantaversio: 1289 Windows 6.0.6001 Service Pack 1 19.10.2008 19:52:10 mbam-log-2008-10-19 (19-52-10).txt Tarkistustyyppi: Täysi tarkistus (D:\|) Tarkistetut kohteet: 151065 Kulunut aika: 49 minute(s), 1 second(s) Saastuneita muistiprosesseja: 1 Saastuneita muistimoduuleja: 0 Saastuneita rekisteriavaimia: 0 Saastuneita rekisteriarvoja: 0 Saastuneita rekisterikohteita: 0 Saastuneita hakemistoja: 0 Saastuneita tiedostoja: 2 Saastuneita muistiprosesseja: C:\Windows\dllhost.exe (Heuristics.Reserved.Word.Exploit) -> Unloaded process successfully. Saastuneita muistimoduuleja: (Haitallisia kohteita ei löydetty) Saastuneita rekisteriavaimia: (Haitallisia kohteita ei löydetty) Saastuneita rekisteriarvoja: (Haitallisia kohteita ei löydetty) Saastuneita rekisterikohteita: (Haitallisia kohteita ei löydetty) Saastuneita hakemistoja: (Haitallisia kohteita ei löydetty) Saastuneita tiedostoja: D:\Blockland\Old_Add-Ons\Bloxel\bloxelRender.exe (Trojan.Agent) -> Quarantined and deleted successfully. C:\Windows\dllhost.exe (Heuristics.Reserved.Word.Exploit) -> Delete on reboot.
Ainiin, HJT-loki vielä: Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 19:56:48, on 19.10.2008 Platform: Windows Vista SP1 (WinNT 6.00.1905) MSIE: Internet Explorer v7.00 (7.00.6001.18000) Boot mode: Normal Running processes: C:\Windows\system32\Dwm.exe C:\Program Files\Windows Defender\MSASCui.exe C:\Windows\RtHDVCpl.exe C:\Acer\Empowering Technology\eDataSecurity\eDSLoader.exe C:\Program Files\Launch Manager\LManager.exe C:\Program Files\Acer Arcade Deluxe\Play Movie\PMVService.exe C:\Program Files\Apoint2K\Apoint.exe C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe C:\Program Files\Alwil Software\Avast4\ashDisp.exe C:\Windows\System32\hkcmd.exe C:\Windows\System32\igfxpers.exe D:\VirtualCloneDrive\VCDDaemon.exe C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe C:\Program Files\TortoiseSVN\bin\TSVNCache.exe C:\Windows\system32\taskeng.exe C:\Windows\system32\wbem\unsecapp.exe C:\Windows\system32\igfxsrvc.exe C:\Acer\Empowering Technology\EPOWER\EPOWER_DMC.EXE C:\Program Files\Apoint2K\ApMsgFwd.exe C:\Acer\Empowering Technology\eRecovery\ERAGENT.EXE C:\Windows\system32\igfxext.exe C:\Program Files\Apoint2K\Apntex.exe C:\Users\-\AppData\Local\Temp\RtkBtMnt.exe C:\Program Files\Windows Media Player\wmpnscfg.exe C:\Windows\system32\conime.exe C:\Windows\Explorer.EXE C:\Program Files\Mozilla Firefox\firefox.exe D:\HJT\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.fi/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://fi.intl.acer.yahoo.com R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://fi.intl.acer.yahoo.com R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://uk.rd.yahoo.com/customize/ycomp/defaults/su/*http://uk.yahoo.com R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file) O2 - BHO: ShowBarObj Class - {83A2F9B1-01A2-4AA5-87D1-45B6B8505E96} - C:\Windows\system32\ActiveToolBand.dll O2 - BHO: Windows Liven kirjautumisapuohjelma - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll O2 - BHO: McAfee SiteAdvisor BHO - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll O3 - Toolbar: Acer eDataSecurity Management - {5CBE3B7C-1E47-477e-A7DD-396DB0476E29} - C:\Windows\system32\eDStoolbar.dll O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll O3 - Toolbar: McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe O4 - HKLM\..\Run: [eDataSecurity Loader] C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe O4 - HKLM\..\Run: [SetPanel] C:\Acer\APanel\APanel.cmd O4 - HKLM\..\Run: [LManager] C:\PROGRA~1\LAUNCH~1\LManager.exe O4 - HKLM\..\Run: [PlayMovie] "C:\Program Files\Acer Arcade Deluxe\Play Movie\PMVService.exe" O4 - HKLM\..\Run: [WarReg_PopUp] C:\Acer\WR_PopUp\WarReg_PopUp.exe O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint2K\Apoint.exe O4 - HKLM\..\Run: [Acer Tour Reminder] C:\Acer\AcerTour\Reminder.exe O4 - HKLM\..\Run: [Symantec PIF AlertEng] "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /a /m "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\AlertEng.dll" O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe" O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" O4 - HKLM\..\Run: [IgfxTray] C:\Windows\system32\igfxtray.exe O4 - HKLM\..\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe O4 - HKLM\..\Run: [Persistence] C:\Windows\system32\igfxpers.exe O4 - HKLM\..\Run: [VirtualCloneDrive] "D:\VirtualCloneDrive\VCDDaemon.exe" /s O4 - HKLM\..\Run: [WinampAgent] D:\Winamp\winampa.exe O4 - HKLM\..\Run: [Malwarebytes Anti-Malware (reboot)] "C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript O4 - HKLM\..\RunOnce: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'Paikallinen palvelu') O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'Paikallinen palvelu') O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'Verkkopalvelu') O4 - HKUS\S-1-5-18\..\Run: [Acer Tour Reminder] C:\Acer\AcerTour\Reminder.exe (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [Acer Tour Reminder] C:\Acer\AcerTour\Reminder.exe (User 'Default user') O4 - Startup: OpenOffice.org 2.4.lnk = C:\Program Files\OpenOffice.org 2.4\program\quickstart.exe O4 - Global Startup: ClientManagerV.lnk = C:\Program Files\BUFFALO\clientmgrv\bin\cmvMain.exe O4 - Global Startup: Empowering Technology Launcher.lnk = ? O8 - Extra context menu item: V&ie Microsoft Exceliin - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\PROGRA~1\Java\JRE16~2.0_0\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\PROGRA~1\Java\JRE16~2.0_0\bin\ssv.dll O9 - Extra button: Lähetä OneNoteen - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll O9 - Extra 'Tools' menuitem: Läh&etä OneNoteen - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL O13 - Gopher Prefix: O16 - DPF: {67A5F8DC-1A4B-4D66-9F24-A704AD929EEE} (System Requirements Lab) - http://www.systemrequirementslab.com/sysreqlab2.cab O18 - Protocol: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll O23 - Service: Agere Modem Call Progress Audio (AgereModemAudio) - Agere Systems - C:\Windows\system32\agrsmsvc.exe O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe O23 - Service: BWH32S - BUFFALO INC. - C:\Program Files\BUFFALO\clientmgrv\bin\BWH32S.exe O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (file missing) O23 - Service: eDSService.exe (eDataSecurity Service) - HiTRSUT - C:\Acer\Empowering Technology\eDataSecurity\eDSService.exe O23 - Service: eLock Service (eLockService) - Acer Inc. - C:\Acer\Empowering Technology\eLock\Service\eLockServ.exe O23 - Service: eNet Service - Acer Inc. - C:\Acer\Empowering Technology\eNet\eNet Service.exe O23 - Service: eRecovery Service (eRecoveryService) - Acer Inc. - C:\Acer\Empowering Technology\eRecovery\eRecoveryService.exe O23 - Service: eSettings Service (eSettingsService) - Unknown owner - C:\Acer\Empowering Technology\eSettings\Service\capuserv.exe O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe O23 - Service: LiveUpdate Notice Service Ex (LiveUpdate Notice Ex) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (file missing) O23 - Service: LiveUpdate Notice Service - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe O23 - Service: McAfee SiteAdvisor Service - Unknown owner - C:\Program Files\McAfee\SiteAdvisor\McSACore.exe O23 - Service: MobilityService - Unknown owner - C:\Acer\Mobility Center\MobilityService.exe O23 - Service: PnkBstrA - Unknown owner - C:\Windows\system32\PnkBstrA.exe O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files\Common Files\Steam\SteamService.exe O23 - Service: ePower Service (WMIService) - acer - C:\Acer\Empowering Technology\ePower\ePowerSvc.exe O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe -- End of file - 10530 bytes
1. Lataa Nortonin poisto työkalu ja tallenna se työpöydällesi. 2. Aja Norton_Removal_Tool.exe työpöydältäsi. 3. Seuraa näyttöön tulevia ohjeita Huom! jos ohjelma pyytää asentaa Nortonin takaisin älä asenna. Lähetä uusi Hijackthis loki.
Todennäköisesti kyseessä ei siis ole mikään haitallinen tiedosto. Lataa tästä random's system information tool (RSIT) by random/random ja tallenna se työpöydälle Tuplaklikkaa RSIT.exeä ajaaksesi RSITin Klikkaa Continue. Kun RSIT on valmis, kaksi lokia avautuu muistioon. Lähetä sekä log.txt:n (< avautuu suurennettuna) että info.txt:n (< avautuu pienennettynä) sisältö seuraavassa viestissäsi.[/list]
Log.txt: -------- Logfile of random's system information tool 1.04 (written by random/random) Run by - at 2008-10-21 14:41:31 Microsoft® Windows Vista™ Home Premium Service Pack 1 System drive C: has 38 GB (34%) free of 114 GB Total RAM: 2037 MB (42% free) Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 14:41:46, on 21.10.2008 Platform: Windows Vista SP1 (WinNT 6.00.1905) MSIE: Internet Explorer v7.00 (7.00.6001.18000) Boot mode: Normal Running processes: C:\Windows\system32\Dwm.exe C:\Program Files\Windows Defender\MSASCui.exe C:\Windows\RtHDVCpl.exe C:\Acer\Empowering Technology\eDataSecurity\eDSLoader.exe C:\Program Files\Launch Manager\LManager.exe C:\Program Files\Acer Arcade Deluxe\Play Movie\PMVService.exe C:\Program Files\Apoint2K\Apoint.exe C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe C:\Program Files\TortoiseSVN\bin\TSVNCache.exe C:\Program Files\Alwil Software\Avast4\ashDisp.exe C:\Windows\System32\hkcmd.exe C:\Windows\System32\igfxpers.exe D:\VirtualCloneDrive\VCDDaemon.exe C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe C:\Windows\system32\taskeng.exe C:\Acer\Empowering Technology\EPOWER\EPOWER_DMC.EXE C:\Acer\Empowering Technology\eRecovery\ERAGENT.EXE C:\Program Files\Apoint2K\ApMsgFwd.exe C:\Windows\system32\igfxsrvc.exe C:\Windows\system32\wbem\unsecapp.exe C:\Program Files\Apoint2K\Apntex.exe C:\Windows\system32\igfxext.exe C:\Users\-\AppData\Local\Temp\RtkBtMnt.exe C:\Program Files\Windows Media Player\wmpnscfg.exe C:\Windows\explorer.exe C:\Windows\system32\conime.exe C:\Program Files\Windows Live\Messenger\msnmsgr.exe C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Paint.NET\PaintDotNet.exe D:\RSIT.exe D:\HJT\-.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.fi/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://fi.intl.acer.yahoo.com R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://fi.intl.acer.yahoo.com R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://uk.rd.yahoo.com/customize/ycomp/defaults/su/*http://uk.yahoo.com R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file) O2 - BHO: ShowBarObj Class - {83A2F9B1-01A2-4AA5-87D1-45B6B8505E96} - C:\Windows\system32\ActiveToolBand.dll O2 - BHO: Windows Liven kirjautumisapuohjelma - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll O2 - BHO: McAfee SiteAdvisor BHO - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll O3 - Toolbar: Acer eDataSecurity Management - {5CBE3B7C-1E47-477e-A7DD-396DB0476E29} - C:\Windows\system32\eDStoolbar.dll O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll O3 - Toolbar: McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe O4 - HKLM\..\Run: [eDataSecurity Loader] C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe O4 - HKLM\..\Run: [SetPanel] C:\Acer\APanel\APanel.cmd O4 - HKLM\..\Run: [LManager] C:\PROGRA~1\LAUNCH~1\LManager.exe O4 - HKLM\..\Run: [PlayMovie] "C:\Program Files\Acer Arcade Deluxe\Play Movie\PMVService.exe" O4 - HKLM\..\Run: [WarReg_PopUp] C:\Acer\WR_PopUp\WarReg_PopUp.exe O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint2K\Apoint.exe O4 - HKLM\..\Run: [Acer Tour Reminder] C:\Acer\AcerTour\Reminder.exe O4 - HKLM\..\Run: [Symantec PIF AlertEng] "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /a /m "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\AlertEng.dll" O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe" O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" O4 - HKLM\..\Run: [IgfxTray] C:\Windows\system32\igfxtray.exe O4 - HKLM\..\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe O4 - HKLM\..\Run: [Persistence] C:\Windows\system32\igfxpers.exe O4 - HKLM\..\Run: [VirtualCloneDrive] "D:\VirtualCloneDrive\VCDDaemon.exe" /s O4 - HKLM\..\Run: [WinampAgent] D:\Winamp\winampa.exe O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'Paikallinen palvelu') O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'Paikallinen palvelu') O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'Verkkopalvelu') O4 - HKUS\S-1-5-18\..\Run: [Acer Tour Reminder] C:\Acer\AcerTour\Reminder.exe (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [Acer Tour Reminder] C:\Acer\AcerTour\Reminder.exe (User 'Default user') O4 - Global Startup: Empowering Technology Launcher.lnk = ? O8 - Extra context menu item: V&ie Microsoft Exceliin - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\PROGRA~1\Java\JRE16~2.0_0\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\PROGRA~1\Java\JRE16~2.0_0\bin\ssv.dll O9 - Extra button: Lähetä OneNoteen - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll O9 - Extra 'Tools' menuitem: Läh&etä OneNoteen - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL O13 - Gopher Prefix: O16 - DPF: {67A5F8DC-1A4B-4D66-9F24-A704AD929EEE} (System Requirements Lab) - http://www.systemrequirementslab.com/sysreqlab2.cab O18 - Protocol: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll O23 - Service: Agere Modem Call Progress Audio (AgereModemAudio) - Agere Systems - C:\Windows\system32\agrsmsvc.exe O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe O23 - Service: BWH32S - BUFFALO INC. - C:\Program Files\BUFFALO\clientmgrv\bin\BWH32S.exe O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (file missing) O23 - Service: eDSService.exe (eDataSecurity Service) - HiTRSUT - C:\Acer\Empowering Technology\eDataSecurity\eDSService.exe O23 - Service: eLock Service (eLockService) - Acer Inc. - C:\Acer\Empowering Technology\eLock\Service\eLockServ.exe O23 - Service: eNet Service - Acer Inc. - C:\Acer\Empowering Technology\eNet\eNet Service.exe O23 - Service: eRecovery Service (eRecoveryService) - Acer Inc. - C:\Acer\Empowering Technology\eRecovery\eRecoveryService.exe O23 - Service: eSettings Service (eSettingsService) - Unknown owner - C:\Acer\Empowering Technology\eSettings\Service\capuserv.exe O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe O23 - Service: LiveUpdate Notice Service Ex (LiveUpdate Notice Ex) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (file missing) O23 - Service: LiveUpdate Notice Service - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe O23 - Service: McAfee SiteAdvisor Service - Unknown owner - C:\Program Files\McAfee\SiteAdvisor\McSACore.exe O23 - Service: MobilityService - Unknown owner - C:\Acer\Mobility Center\MobilityService.exe O23 - Service: PnkBstrA - Unknown owner - C:\Windows\system32\PnkBstrA.exe O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files\Common Files\Steam\SteamService.exe O23 - Service: ePower Service (WMIService) - acer - C:\Acer\Empowering Technology\ePower\ePowerSvc.exe O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe -- End of file - 10212 bytes ======Registry dump====== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4EFB-9B51-7695ECA05670}] Yahoo! Toolbar Helper - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll [2006-11-29 436288] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}] Adobe PDF Reader Link Helper - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll [2006-10-22 62080] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}] SSVHelper Class - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll [2008-06-10 509328] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{7E853D72-626A-48EC-A868-BA8D5E23E045}] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{83A2F9B1-01A2-4AA5-87D1-45B6B8505E96}] ShowBarObj Class - C:\Windows\system32\ActiveToolBand.dll [2007-04-25 299008] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}] Windows Liven kirjautumisapuohjelma - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2007-09-20 328752] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AA58ED58-01DD-4d91-8333-CF10577473F7}] Google Toolbar Helper - c:\program files\google\googletoolbar1.dll [2008-08-19 2423872] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{B164E929-A1B6-4A06-B104-2CD0E90A88FF}] McAfee SiteAdvisor BHO - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll [2008-09-04 121632] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar] {5CBE3B7C-1E47-477e-A7DD-396DB0476E29} - Acer eDataSecurity Management - C:\Windows\system32\eDStoolbar.dll [2007-04-25 151552] {EF99BD32-C1FB-11D2-892F-0090271D4F88} - Yahoo! Toolbar - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll [2006-11-29 436288] {2318C2B1-4965-11d4-9B18-009027A5CD4F} - &Google - c:\program files\google\googletoolbar1.dll [2008-08-19 2423872] {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - McAfee SiteAdvisor Toolbar - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll [2008-09-04 121632] [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run] "Windows Defender"=C:\Program Files\Windows Defender\MSASCui.exe [2008-01-19 1008184] "RtHDVCpl"=C:\Windows\RtHDVCpl.exe [2007-07-06 4669440] "eDataSecurity Loader"=C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe [2007-04-25 457216] "Acer Tour"= [] "SetPanel"=C:\Acer\APanel\APanel.cmd [] "LManager"=C:\PROGRA~1\LAUNCH~1\LManager.exe [2007-07-16 768520] "PlayMovie"=C:\Program Files\Acer Arcade Deluxe\Play Movie\PMVService.exe [2007-05-24 206952] "WarReg_PopUp"=C:\Acer\WR_PopUp\WarReg_PopUp.exe [2006-11-05 57344] "Apoint"=C:\Program Files\Apoint2K\Apoint.exe [2007-06-06 159744] "eRecoveryService"= [] "Acer Tour Reminder"=C:\Acer\AcerTour\Reminder.exe [2007-05-22 151552] "Symantec PIF AlertEng"=C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe [2008-01-29 583048] "SunJavaUpdateSched"=C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe [2008-06-10 144784] "avast!"=C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe [2008-07-19 78008] "Adobe Reader Speed Launcher"=C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe [2008-01-11 39792] "IgfxTray"=C:\Windows\system32\igfxtray.exe [2008-02-11 141848] "HotKeysCmds"=C:\Windows\system32\hkcmd.exe [2008-02-11 166424] "Persistence"=C:\Windows\system32\igfxpers.exe [2008-02-11 133656] "VirtualCloneDrive"=D:\VirtualCloneDrive\VCDDaemon.exe [2008-06-30 52168] "WinampAgent"=D:\Winamp\winampa.exe [] [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run] "Sidebar"=C:\Program Files\Windows Sidebar\sidebar.exe [2008-01-19 1233920] "Acer Tour Reminder"= [] "swg"=C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe [2008-08-19 171448] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^ClientManagerV.lnk] C:\PROGRA~1\BUFFALO\CLIENT~1\bin\cmvMain.exe [2007-04-17 138808] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Users^-^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^OpenOffice.org 2.4.lnk] C:\PROGRA~1\OPENOF~1.4\program\QUICKS~1.EXE [2008-05-30 393216] C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup Empowering Technology Launcher.lnk - C:\Acer\Empowering Technology\eAPLauncher.exe [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\igfxcui] C:\Windows\system32\igfxdev.dll [2008-02-11 204800] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\Wdf01000.sys] [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System] "EnableLUA"=0 "dontdisplaylastusername"=0 "legalnoticecaption"= "legalnoticetext"= "shutdownwithoutlogon"=1 "undockwithoutlogon"=1 "EnableUIADesktopToggle"=0 [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer] "NoDriveTypeAutoRun"=255 [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list] [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list] [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{c0d7aaab-7cb9-11dd-8001-001b386e0f59}] shell\AutoRun\command - F:\setup.exe shell\dinstall\command - F:\Quake3\directx7\dxsetup.exe ======List of files/folders created in the last 1 months====== 2008-10-21 14:41:31 ----D---- C:\rsit 2008-10-20 13:37:25 ----D---- C:\Windows\pss 2008-10-19 18:28:45 ----D---- C:\Users\-\AppData\Roaming\Malwarebytes 2008-10-19 18:28:37 ----D---- C:\ProgramData\Malwarebytes 2008-10-19 18:28:36 ----D---- C:\Program Files\Malwarebytes' Anti-Malware 2008-10-19 14:09:16 ----A---- C:\Windows\lol43.exe 2008-10-18 13:39:37 ----A---- C:\Windows\system32\XAudio2_2.dll 2008-10-18 13:39:37 ----A---- C:\Windows\system32\XAPOFX1_1.dll 2008-10-18 13:39:36 ----A---- C:\Windows\system32\xactengine3_2.dll 2008-10-18 13:39:36 ----A---- C:\Windows\system32\d3dx10_39.dll 2008-10-18 13:39:36 ----A---- C:\Windows\system32\D3DCompiler_39.dll 2008-10-18 13:39:35 ----A---- C:\Windows\system32\D3DX9_39.dll 2008-10-18 13:39:34 ----A---- C:\Windows\system32\XAudio2_1.dll 2008-10-18 13:39:34 ----A---- C:\Windows\system32\XAPOFX1_0.dll 2008-10-18 13:39:34 ----A---- C:\Windows\system32\xactengine3_1.dll 2008-10-18 13:39:34 ----A---- C:\Windows\system32\X3DAudio1_4.dll 2008-10-18 13:39:33 ----A---- C:\Windows\system32\d3dx10_38.dll 2008-10-18 13:39:33 ----A---- C:\Windows\system32\D3DCompiler_38.dll 2008-10-18 13:39:32 ----A---- C:\Windows\system32\D3DX9_38.dll 2008-10-18 13:39:31 ----A---- C:\Windows\system32\XAudio2_0.dll 2008-10-18 13:39:31 ----A---- C:\Windows\system32\xactengine3_0.dll 2008-10-18 13:39:31 ----A---- C:\Windows\system32\X3DAudio1_3.dll 2008-10-18 13:39:30 ----A---- C:\Windows\system32\d3dx10_37.dll 2008-10-18 13:39:30 ----A---- C:\Windows\system32\D3DCompiler_37.dll 2008-10-18 13:39:29 ----A---- C:\Windows\system32\xactengine2_10.dll 2008-10-18 13:39:29 ----A---- C:\Windows\system32\D3DX9_37.dll 2008-10-18 13:39:28 ----A---- C:\Windows\system32\d3dx10_36.dll 2008-10-18 13:39:28 ----A---- C:\Windows\system32\D3DCompiler_36.dll 2008-10-18 13:39:27 ----A---- C:\Windows\system32\d3dx9_36.dll 2008-10-18 13:39:26 ----A---- C:\Windows\system32\xactengine2_9.dll 2008-10-18 13:39:26 ----A---- C:\Windows\system32\d3dx10_35.dll 2008-10-18 13:39:26 ----A---- C:\Windows\system32\D3DCompiler_35.dll 2008-10-18 13:39:25 ----A---- C:\Windows\system32\d3dx9_35.dll 2008-10-18 13:39:24 ----A---- C:\Windows\system32\xactengine2_8.dll 2008-10-18 13:39:24 ----A---- C:\Windows\system32\X3DAudio1_2.dll 2008-10-18 13:39:24 ----A---- C:\Windows\system32\d3dx10_34.dll 2008-10-18 13:39:23 ----A---- C:\Windows\system32\d3dx9_34.dll 2008-10-18 13:39:23 ----A---- C:\Windows\system32\D3DCompiler_34.dll 2008-10-18 13:39:22 ----A---- C:\Windows\system32\xinput1_3.dll 2008-10-18 13:39:22 ----A---- C:\Windows\system32\xactengine2_7.dll 2008-10-18 13:39:21 ----A---- C:\Windows\system32\d3dx10_33.dll 2008-10-18 13:39:21 ----A---- C:\Windows\system32\D3DCompiler_33.dll 2008-10-18 13:39:20 ----A---- C:\Windows\system32\xactengine2_6.dll 2008-10-18 13:39:20 ----A---- C:\Windows\system32\d3dx9_33.dll 2008-10-18 13:39:19 ----A---- C:\Windows\system32\xactengine2_5.dll 2008-10-18 13:39:19 ----A---- C:\Windows\system32\d3dx10.dll 2008-10-18 13:39:17 ----A---- C:\Windows\system32\xactengine2_4.dll 2008-10-18 13:39:17 ----A---- C:\Windows\system32\x3daudio1_1.dll 2008-10-18 13:39:17 ----A---- C:\Windows\system32\d3dx9_32.dll 2008-10-18 13:39:16 ----A---- C:\Windows\system32\xinput1_2.dll 2008-10-18 13:39:16 ----A---- C:\Windows\system32\xactengine2_3.dll 2008-10-18 13:39:16 ----A---- C:\Windows\system32\d3dx9_31.dll 2008-10-18 13:39:15 ----A---- C:\Windows\system32\xinput1_1.dll 2008-10-18 13:39:15 ----A---- C:\Windows\system32\xactengine2_2.dll 2008-10-18 13:39:15 ----A---- C:\Windows\system32\xactengine2_1.dll 2008-10-18 13:39:10 ----A---- C:\Windows\system32\xactengine2_0.dll 2008-10-18 13:39:10 ----A---- C:\Windows\system32\d3dx9_30.dll 2008-10-18 13:39:09 ----A---- C:\Windows\system32\x3daudio1_0.dll 2008-10-18 13:39:09 ----A---- C:\Windows\system32\d3dx9_29.dll 2008-10-18 13:39:08 ----A---- C:\Windows\system32\d3dx9_28.dll 2008-10-18 13:39:07 ----A---- C:\Windows\system32\d3dx9_27.dll 2008-10-18 13:39:07 ----A---- C:\Windows\system32\d3dx9_26.dll 2008-10-18 13:39:06 ----A---- C:\Windows\system32\d3dx9_25.dll 2008-10-18 13:39:05 ----A---- C:\Windows\system32\d3dx9_24.dll 2008-10-18 13:35:04 ----HD---- C:\Windows\msdownld.tmp 2008-10-18 13:35:00 ----D---- C:\Windows\system32\directx 2008-10-17 12:23:43 ----A---- C:\Windows\system32\MRT.INI 2008-10-16 14:33:15 ----A---- C:\Windows\system32\ntoskrnl.exe 2008-10-16 14:33:15 ----A---- C:\Windows\system32\ntkrnlpa.exe 2008-10-16 14:33:05 ----A---- C:\Windows\system32\mshtml.dll 2008-10-16 14:33:04 ----A---- C:\Windows\system32\ieframe.dll 2008-10-16 14:33:01 ----A---- C:\Windows\system32\urlmon.dll 2008-10-16 14:33:00 ----A---- C:\Windows\system32\wininet.dll 2008-10-16 14:32:59 ----A---- C:\Windows\system32\iertutil.dll 2008-10-16 14:32:58 ----A---- C:\Windows\system32\mstime.dll 2008-10-16 14:32:56 ----A---- C:\Windows\system32\jsproxy.dll 2008-10-16 02:22:25 ----D---- C:\ProgramData\Xerox 2008-10-12 15:16:26 ----A---- C:\Windows\unvise32.exe 2008-10-12 15:15:40 ----D---- C:\Program Files\Mplayer 2008-10-12 15:14:28 ----A---- C:\Windows\QIII.INI 2008-10-12 02:32:45 ----D---- C:\Program Files\Common Files\SWF Studio 2008-10-12 01:40:11 ----A---- C:\fdsgsdg342gd.exe 2008-10-08 21:38:13 ----D---- C:\Program Files\Roblox 2008-10-08 17:40:58 ----D---- C:\Users\-\AppData\Roaming\TortoiseSVN 2008-10-08 17:36:25 ----D---- C:\Users\-\AppData\Roaming\Subversion 2008-10-08 17:35:26 ----D---- C:\Program Files\TortoiseSVN 2008-10-08 17:35:26 ----D---- C:\Program Files\Common Files\TortoiseOverlays 2008-10-06 20:53:20 ----D---- C:\ProgramData\MumboJumbo 2008-10-03 20:47:05 ----D---- C:\Program Files\Common Files\Thraex Software 2008-10-03 01:50:16 ----A---- C:\Windows\system32\frapsvid.dll 2008-10-01 21:44:32 ----D---- C:\Program Files\Common Files\McAfee 2008-10-01 21:43:31 ----D---- C:\Program Files\McAfee 2008-09-29 16:55:20 ----A---- C:\Windows\IsUninst.exe 2008-09-27 01:14:20 ----D---- C:\Program Files\There ======List of files/folders modified in the last 1 months====== 2008-10-21 14:41:33 ----D---- C:\Windows\Temp 2008-10-21 14:34:10 ----RSD---- C:\Windows\Fonts 2008-10-21 14:33:12 ----D---- C:\Program Files\Mozilla Firefox 2008-10-21 13:03:05 ----D---- C:\Windows\System32 2008-10-21 13:03:05 ----D---- C:\Windows\inf 2008-10-21 13:03:05 ----A---- C:\Windows\system32\PerfStringBackup.INI 2008-10-20 18:03:06 ----D---- C:\Program Files\Steam 2008-10-20 13:37:25 ----D---- C:\Windows 2008-10-20 13:27:50 ----D---- C:\Users\-\AppData\Roaming\OpenOffice.org2 2008-10-20 13:25:59 ----D---- C:\Windows\system32\drivers 2008-10-19 18:28:37 ----HD---- C:\ProgramData 2008-10-19 18:28:36 ----RD---- C:\Program Files 2008-10-19 16:45:00 ----SD---- C:\ProgramData\Microsoft 2008-10-19 16:13:13 ----AD---- C:\ProgramData\TEMP 2008-10-18 13:39:15 ----RSD---- C:\Windows\assembly 2008-10-18 13:38:54 ----D---- C:\Windows\Microsoft.NET 2008-10-18 13:38:40 ----SHD---- C:\System Volume Information 2008-10-18 13:35:00 ----D---- C:\Windows\Logs 2008-10-18 13:10:57 ----D---- C:\Windows\Prefetch 2008-10-17 14:17:57 ----D---- C:\Windows\winsxs 2008-10-17 14:07:48 ----D---- C:\Windows\system32\catroot 2008-10-17 13:01:45 ----D---- C:\Program Files\Windows Mail 2008-10-17 13:01:44 ----D---- C:\Windows\system32\migration 2008-10-17 12:21:25 ----SHD---- C:\Windows\Installer 2008-10-17 12:21:17 ----D---- C:\ProgramData\Microsoft Help 2008-10-16 22:46:27 ----A---- C:\Windows\system32\PnkBstrB.exe 2008-10-16 14:31:23 ----D---- C:\Windows\system32\catroot2 2008-10-14 18:53:57 ----D---- C:\Users\-\AppData\Roaming\Publish Providers 2008-10-14 00:09:58 ----D---- C:\Users\-\AppData\Roaming\Sony 2008-10-12 15:22:04 ----D---- C:\Windows\system 2008-10-12 02:32:45 ----D---- C:\Program Files\Common Files 2008-10-12 02:32:40 ----HD---- C:\Program Files\InstallShield Installation Information 2008-10-07 22:19:40 ----A---- C:\Windows\system32\mrt.exe 2008-10-04 13:55:20 ----D---- C:\Program Files\Common Files\Steam 2008-10-02 15:07:41 ----D---- C:\Program Files\SiteAdvisor 2008-10-01 21:44:53 ----D---- C:\ProgramData\SiteAdvisor 2008-10-01 21:44:35 ----D---- C:\ProgramData\McAfee 2008-09-29 15:48:13 ----D---- C:\Users\-\AppData\Roaming\gtk-2.0 2008-09-22 16:15:20 ----D---- C:\Program Files\Sony Setup ======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)====== R1 aswRdr;aswRdr; C:\Windows\system32\drivers\aswRdr.sys [2008-07-19 23152] R1 aswSP;avast! Self Protection; C:\Windows\system32\drivers\aswSP.sys [2008-07-19 78416] R1 aswTdi;avast! Network Shield Support; C:\Windows\system32\drivers\aswTdi.sys [2008-07-19 42912] R1 DritekPortIO;Dritek General Port I/O; \??\C:\PROGRA~1\LAUNCH~1\DPortIO.sys [2006-11-02 20112] R1 ElbyCDIO;ElbyCDIO Driver; C:\Windows\System32\Drivers\ElbyCDIO.sys [2008-07-21 24392] R2 {49DE1C67-83F8-4102-99E0-C16DCC7EEC796};{49DE1C67-83F8-4102-99E0-C16DCC7EEC796}; \??\C:\Program Files\Acer Arcade Deluxe\Play Movie\000.fcl [2006-11-02 13560] R2 aswFsBlk;aswFsBlk; C:\Windows\system32\DRIVERS\aswFsBlk.sys [2008-07-19 20560] R2 aswMonFlt;aswMonFlt; C:\Windows\system32\DRIVERS\aswMonFlt.sys [2008-07-19 51280] R2 int15;int15; \??\C:\Acer\Empowering Technology\eRecovery\int15.sys [2006-12-07 76584] R2 mdmxsdk;mdmxsdk; C:\Windows\system32\DRIVERS\mdmxsdk.sys [2006-06-19 12672] R2 XAudio;XAudio; C:\Windows\system32\DRIVERS\xaudio.sys [2007-01-30 8704] R3 AgereSoftModem;Agere Systems Soft Modem; C:\Windows\system32\DRIVERS\AGRSM.sys [2007-03-09 1163616] R3 ApfiltrService;Alps Pointing-device Filter Driver; C:\Windows\system32\DRIVERS\Apfiltr.sys [2007-06-14 154624] R3 athr;Atheros Extensible Wireless LAN device driver; C:\Windows\system32\DRIVERS\athr.sys [2008-08-18 921600] R3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0; C:\Windows\system32\DRIVERS\b57nd60x.sys [2007-06-05 179712] R3 CmBatt;Microsoft ACPI Control Method Battery Driver; C:\Windows\system32\DRIVERS\CmBatt.sys [2008-01-19 14208] R3 DKbFltr;Dritek Keyboard Filter Driver; C:\Windows\system32\DRIVERS\DKbFltr.sys [2006-11-02 21264] R3 igfx;igfx; C:\Windows\system32\DRIVERS\igdkmd32.sys [2008-02-11 2302976] R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\Windows\system32\drivers\RTKVHDA.sys [2007-07-10 1792792] R3 NTIDrvr;Upper Class Filter Driver; C:\Windows\system32\DRIVERS\NTIDrvr.sys [2007-08-04 6144] R3 StillCam;Still Serial Digital Camera Driver; C:\Windows\system32\DRIVERS\serscan.sys [2008-01-19 9216] R3 VClone;VClone; C:\Windows\system32\DRIVERS\VClone.sys [2008-07-17 28672] R3 WmiAcpi;Microsoft Windows Management Interface for ACPI; C:\Windows\system32\DRIVERS\wmiacpi.sys [2008-01-19 11264] S3 Bufeap;BUFFALO EAP Driver; C:\Windows\system32\DRIVERS\bufeap.sys [2007-02-21 14848] S3 drmkaud;Microsoft Kernel DRM Audio Descrambler; C:\Windows\system32\drivers\drmkaud.sys [2008-01-19 5632] S3 EagleNT;EagleNT; \??\C:\Windows\system32\drivers\EagleNT.sys [] S3 HdAudAddService;Microsoft 1.1 UAA Function Driver for High Definition Audio -palvelu; C:\Windows\system32\drivers\HdAudio.sys [2006-11-02 235520] S3 HSF_DPV;HSF_DPV; C:\Windows\system32\DRIVERS\HSX_DPV.sys [2007-04-26 984064] S3 HSFHWAZL;HSFHWAZL; C:\Windows\system32\DRIVERS\VSTAZL3.SYS [2006-11-02 200704] S3 HSXHWAZL;HSXHWAZL; C:\Windows\system32\DRIVERS\HSXHWAZL.sys [2007-04-26 208384] S3 MSKSSRV;Microsoft Streaming Service -välityspalvelin; C:\Windows\system32\drivers\MSKSSRV.sys [2008-01-19 8192] S3 MSPCLOCK;Microsoft Streaming Clock Proxy; C:\Windows\system32\drivers\MSPCLOCK.sys [2008-01-19 5888] S3 MSPQM;Microsoft Streaming Quality Manager Proxy; C:\Windows\system32\drivers\MSPQM.sys [2008-01-19 5504] S3 MSTEE;Microsoft Streaming Tee/Sink-to-Sink -muunnin; C:\Windows\system32\drivers\MSTEE.sys [2008-01-19 6016] S3 Ser2pl;Prolific2 Serial port driver; C:\Windows\system32\DRIVERS\ser2pl.sys [2005-11-04 48640] S3 winachsf;winachsf; C:\Windows\system32\DRIVERS\HSX_CNXT.sys [2007-04-26 660480] S3 WpdUsb;WpdUsb; C:\Windows\system32\DRIVERS\wpdusb.sys [2008-01-19 39936] S3 WUDFRd;WUDFRd; C:\Windows\system32\DRIVERS\WUDFRd.sys [2008-01-19 83328] ======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)====== R2 AgereModemAudio;Agere Modem Call Progress Audio; C:\Windows\system32\agrsmsvc.exe [2006-10-05 9216] R2 aswUpdSv;avast! iAVS4 Control Service; C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe [2008-07-19 16056] R2 avast! Antivirus;avast! Antivirus; C:\Program Files\Alwil Software\Avast4\ashServ.exe [2008-07-19 147640] R2 BWH32S;BWH32S; C:\Program Files\BUFFALO\clientmgrv\bin\BWH32S.exe [2007-04-17 57912] R2 eDataSecurity Service;eDSService.exe; C:\Acer\Empowering Technology\eDataSecurity\eDSService.exe [2007-04-25 457512] R2 eLockService;eLock Service; C:\Acer\Empowering Technology\eLock\Service\eLockServ.exe [2007-03-14 24576] R2 eNet Service;eNet Service; C:\Acer\Empowering Technology\eNet\eNet Service.exe [2007-05-22 135168] R2 eRecoveryService;eRecovery Service; C:\Acer\Empowering Technology\eRecovery\eRecoveryService.exe [2007-02-13 53248] R2 eSettingsService;eSettings Service; C:\Acer\Empowering Technology\eSettings\Service\capuserv.exe [2007-05-10 24576] R2 LightScribeService;LightScribeService Direct Disc Labeling Service; C:\Program Files\Common Files\LightScribe\LSSrvc.exe [2007-01-17 61440] R2 LiveUpdate Notice Service;LiveUpdate Notice Service; C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe [2008-01-29 583048] R2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service; C:\Program Files\McAfee\SiteAdvisor\McSACore.exe [2008-09-08 198944] R2 MobilityService;MobilityService; C:\Acer\Mobility Center\MobilityService.exe [2006-11-24 107008] R2 PnkBstrA;PnkBstrA; C:\Windows\system32\PnkBstrA.exe [2008-09-18 66872] R2 RichVideo;Cyberlink RichVideo Service(CRVS); C:\Program Files\CyberLink\Shared Files\RichVideo.exe [2007-01-23 266343] R2 WMIService;ePower Service; C:\Acer\Empowering Technology\ePower\ePowerSvc.exe [2007-05-16 163840] R2 XAudioService;XAudioService; C:\Windows\system32\DRIVERS\xaudio.exe [2007-01-30 386560] R3 avast! Mail Scanner;avast! Mail Scanner; C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe [2008-07-19 250040] R3 avast! Web Scanner;avast! Web Scanner; C:\Program Files\Alwil Software\Avast4\ashWebSv.exe [2008-07-23 348344] R3 usnjsvc;Messengerin jaettavien kansioiden USN Journal -lokin lukupalvelu; C:\Program Files\Windows Live\Messenger\usnsvc.exe [2007-10-18 98328] S2 CLTNetCnService;Symantec Lic NetConnect service; C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe /h ccCommon [] S2 LiveUpdate Notice Ex;LiveUpdate Notice Service Ex; C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe /h ccCommon [] S3 gusvc;Google Updater Service; C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe [2008-08-19 138168] S3 odserv;Microsoft Office Diagnostics Service; C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE [2007-08-24 443776] S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2006-10-26 145184] S3 Steam Client Service;Steam Client Service; C:\Program Files\Common Files\Steam\SteamService.exe [2008-07-17 87288] S3 WLSetupSvc;Windows Live Setup Service; C:\Program Files\Windows Live\installer\WLSetupSvc.exe [2007-10-25 266240] -----------------EOF----------------- info.txt: --------- info.txt logfile of random's system information tool 1.04 2008-10-21 14:41:50 ======Uninstall list====== -->C:\Windows\IsUninst.exe -f\"D:\Final Fantasy VII\Uninst.isu" -->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{31403E22-2FDB-452F-AE9E-20854633226D}\Setup.EXE" -uninst -->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{A450831D-25F6-4F42-9662-D000B25E0D82}\setup.exe" -uninstall -->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{AA4BF92B-2AAF-11DA-9D78-000129760D75}\setup.exe" -uninstall -->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{B145EC69-66F5-11D8-9D75-000129760D75}\setup.exe" -uninstall -->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{B804C424-B66D-447A-84BD-C6B88C392C3A}\setup.exe" -uninstall -->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{F79A208D-D929-11D9-9D77-000129760D75}\setup.exe" -uninstall 2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-0016-040B-0000-0000000FF1CE} /uninstall {E2697EE8-D953-4482-8A30-D6A4D07DE5FB} 2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-0018-040B-0000-0000000FF1CE} /uninstall {E2697EE8-D953-4482-8A30-D6A4D07DE5FB} 2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-001B-040B-0000-0000000FF1CE} /uninstall {E2697EE8-D953-4482-8A30-D6A4D07DE5FB} 2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-001F-0407-0000-0000000FF1CE} /uninstall {2AB528A5-BB1B-4EBE-8E51-AD0C4CD33CA9} 2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-001F-0409-0000-0000000FF1CE} /uninstall {3EC77D26-799B-4CD8-914F-C1565E796173} 2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-001F-040B-0000-0000000FF1CE} /uninstall {F14C929B-E0E6-4EB5-8BFD-FC71AAC7D39C} 2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-001F-041D-0000-0000000FF1CE} /uninstall {A8626CEF-CB0A-4BC2-8F51-210A43B6158D} 2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-006E-040B-0000-0000000FF1CE} /uninstall {E8865B68-C2A1-4B9D-BBA7-782E8FC2E52F} 2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {90120000-00A1-040B-0000-0000000FF1CE} /uninstall {E2697EE8-D953-4482-8A30-D6A4D07DE5FB} 2007 Microsoft Office Suite Service Pack 1 (SP1)-->msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {BEE75E01-DD3F-4D5F-B96C-609E6538D419} Acer Arcade Deluxe-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{EFBDC2B0-FAA8-4B78-8DE1-AEBE7958FA37}\setup.exe" -uninstall Acer eDataSecurity Management-->C:\Acer\Empowering Technology\eDataSecurity\eDSnstHelper.exe -Operation UNINSTALL Acer eLock Management-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{116FF17B-1A30-4FC2-9B01-5BC5BD46B0B3}\setup.exe" -l0x9 -removeonly Acer Empowering Technology-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{AB6097D9-D722-4987-BD9E-A076E2848EE2}\setup.exe" -l0xb -removeonly Acer eNet Management-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{C06554A1-2C1E-4D20-B613-EE62C79927CC}\setup.exe" -l0xb -removeonly Acer ePower Management-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{58E5844B-7CE2-413D-83D1-99294BF6C74F}\setup.exe" -l0xb -removeonly Acer ePresentation Management-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{BF839132-BD43-4056-ACBF-4377F4A88E2A}\setup.exe" -l0x9 -removeonly Acer eSettings Management-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{CE65A9A0-9686-45C6-9098-3C9543A412F0}\setup.exe" -l0xb -removeonly Acer GridVista-->C:\Windows\UnInst32.exe GridV.UNI Acer Mobility Center Plug-In-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{11316260-6666-467B-AC34-183FCB5D4335}\setup.exe" -l0x9 -removeonly Acer ScreenSaver-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{79DD56FC-DB8B-47F5-9C80-78B62E05F9BC}\setup.exe" -l0x9 -removeonly Acer Tour-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{94389919-B0AA-4882-9BE8-9F0B004ECA35}\setup.exe" -l0x9 -removeonly Activation Assistant for the 2007 Microsoft Office suites-->"C:\ProgramData\{174892B1-CBE7-44F5-86FF-AB555EFD73A3}\Microsoft Office Activation Assistant.exe" REMOVE=TRUE MODIFY=FALSE Adobe Acrobat and Reader 8.1.2 Security Update 1 (KB403742)-->MsiExec.exe /X{6846389C-BAC0-4374-808E-B120F86AF5D7} Adobe Flash Player 9 ActiveX-->C:\Windows\system32\Macromed\Flash\FlashUtil9b.exe -uninstallDelete Adobe Flash Player ActiveX-->C:\Windows\system32\Macromed\Flash\uninstall_activeX.exe Adobe Flash Player Plugin-->C:\Windows\system32\Macromed\Flash\uninstall_plugin.exe Adobe Reader 8.1.2-->MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-A81200000003} Adobe Shockwave Player 11-->C:\Windows\system32\adobe\SHOCKW~1\UNWISE.EXE C:\Windows\system32\Adobe\SHOCKW~1\Install.log Agere Systems HDA Modem-->agrsmdel ALPS Touch Pad Driver-->C:\Program Files\Apoint2K\Uninstap.exe ADDREMOVE Audacity 1.2.6-->"D:\Audacity\unins000.exe" avast! Antivirus-->C:\Program Files\Alwil Software\Avast4\aswRunDll.exe "C:\Program Files\Alwil Software\Avast4\Setup\setiface.dll",RunSetup Base Goldsrc Shared Content-->"C:\Program Files\Steam\steam.exe" steam://uninstall/1 Big Kahuna Reef 2-->"C:\Program Files\Acer GameZone\Big Kahuna Reef 2\Uninstall.exe" "C:\Program Files\Acer GameZone\Big Kahuna Reef 2\install.log" Blaze Media Pro-->"C:\ProgramData\{436FF568-C03A-41B5-B97A-23CADCB7E6C9}\setup_blazemp.exe" REMOVE=TRUE MODIFY=FALSE Blaze Media Pro-->C:\ProgramData\{436FF568-C03A-41B5-B97A-23CADCB7E6C9}\setup_blazemp.exe Blender (remove only)-->"D:\Blender\uninstall.exe" Blockland-->"D:\Blockland\uninstall.exe" Bricks of Egypt-->"C:\Program Files\Acer GameZone\Bricks of Egypt\Uninstall.exe" "C:\Program Files\Acer GameZone\Bricks of Egypt\install.log" BUFFALO Client Manager V-->C:\Windows\UN900119.EXE /U Cheat Engine 5.4-->"D:\Cheat Engine\unins000.exe" Chipamp-->D:\Winamp\uninstall_chipamp.exe Combat Arms-->"C:\ProgramData\NexonUS\NGM\NGM.exe" -mode:uninstall -dll:ngm.nexon.net/ngm/NGM/Bin/NGMDll.dll -game:33563143 -locale:US Counter-Strike: Source-->"C:\Program Files\Steam\steam.exe" steam://uninstall/240 Counter-Strike: Source-->MsiExec.exe /I{9580813D-94B1-4C28-9426-A441E2BB29A5} Day of Defeat: Source-->"C:\Program Files\Steam\steam.exe" steam://uninstall/300 Dynasty-->"C:\Program Files\Acer GameZone\Dynasty\Uninstall.exe" "C:\Program Files\Acer GameZone\Dynasty\install.log" Final Fantasy VII - Ultima Edition-->"D:\Final Fantasy VII\unins000.exe" Fraps (remove only)-->"D:\Fraps\uninstall.exe" Galapago-->"C:\Program Files\Acer GameZone\Galapago\Uninstall.exe" "C:\Program Files\Acer GameZone\Galapago\install.log" Game Maker 7.0-->D:\Game_Maker7\Uninstal.exe Genetica Viewer 2.5-->MsiExec.exe /X{FA0BA6CD-4C7A-44CA-9028-E8055FD650A5} GIMP 2.4.7-->"D:\GIMP-2.0\setup\unins000.exe" GoldWave v5.25-->"D:\GoldWave\unstall.exe" "GoldWave v5.25" "D:\GoldWave\unstall.log" Google Toolbar for Internet Explorer-->MsiExec.exe /I{DBEA1034-5882-4A88-8033-81C4EF0CFA29} Google Toolbar for Internet Explorer-->regsvr32 /u /s "c:\program files\google\googletoolbar1.dll" G-steam-->C:\Program Files\G-steam\Uninstall.exe Half-Life 2: Deathmatch-->"C:\Program Files\Steam\steam.exe" steam://uninstall/320 Half-Life 2: Lost Coast-->"C:\Program Files\Steam\steam.exe" steam://uninstall/340 Hard Hat III-->"D:\Hard Hat III\unins000.exe" HijackThis 2.0.2-->"D:\HJT\HijackThis.exe" /uninstall HyperCam 2-->d:\HyperCam\\UnHyCam2.exe Intel(R) Graphics Media Accelerator Driver-->C:\Windows\system32\igxpun.exe -uninstall ISO Recorder-->MsiExec.exe /I{39600969-41C3-4658-876E-16F108FC5C92} Java(TM) 6 Update 5-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160050} Java(TM) 6 Update 7-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160070} Jewel Quest Solitaire-->"C:\Program Files\Acer GameZone\Jewel Quest Solitaire\Uninstall.exe" "C:\Program Files\Acer GameZone\Jewel Quest Solitaire\install.log" Launch Manager-->C:\Windows\UnInst32.exe LManager.UNI LiveUpdate Notice (Symantec Corporation)-->MsiExec.exe /X{DBA4DB9D-EE51-4944-A419-98AB1F1249C8} Luxor 2-->"C:\Program Files\Acer GameZone\Luxor 2\Uninstall.exe" "C:\Program Files\Acer GameZone\Luxor 2\install.log" Macromedia Extension Manager-->MsiExec.exe /I{5546CDB5-2CE2-498B-B059-5B3BF81FC41F} Macromedia Flash 8 Video Encoder-->MsiExec.exe /X{8BF2C401-02CE-424D-BC26-6C4F9FB446B6} Macromedia Flash 8-->MsiExec.exe /I{2BD5C305-1B27-4D41-B690-7A61172D2FEB} Malwarebytes' Anti-Malware-->"C:\Program Files\Malwarebytes' Anti-Malware\unins000.exe" Mario Forever 4.0-->D:\Mario Forever\uninst.exe McAfee SiteAdvisor-->C:\Program Files\McAfee\SiteAdvisor\Uninstall.exe Mega Game I-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{ED81B0E7-0685-4F58-B9C5-3B3E754DE34E}\setup.exe" Mega Game II-->D:\Addgames\Mega Game II\setup.exe uninstall Messenger Plus! Live-->"C:\Program Files\Messenger Plus! Live\Uninstall.exe" Microsoft Midtown Madness 2-->"D:\Midtown Madness 2\UNINSTAL.EXE" /runtemp /addremove Microsoft Office Excel MUI (Finnish) 2007-->MsiExec.exe /X{90120000-0016-040B-0000-0000000FF1CE} Microsoft Office Home and Student 2007-->"C:\Program Files\Common Files\Microsoft Shared\OFFICE12\Office Setup Controller\setup.exe" /uninstall HOMESTUDENTR /dll OSETUP.DLL Microsoft Office Home and Student 2007-->MsiExec.exe /X{91120000-002F-0000-0000-0000000FF1CE} Microsoft Office OneNote MUI (Finnish) 2007-->MsiExec.exe /X{90120000-00A1-040B-0000-0000000FF1CE} Microsoft Office PowerPoint MUI (Finnish) 2007-->MsiExec.exe /X{90120000-0018-040B-0000-0000000FF1CE} Microsoft Office Proof (English) 2007-->MsiExec.exe /X{90120000-001F-0409-0000-0000000FF1CE} Microsoft Office Proof (Finnish) 2007-->MsiExec.exe /X{90120000-001F-040B-0000-0000000FF1CE} Microsoft Office Proof (German) 2007-->MsiExec.exe /X{90120000-001F-0407-0000-0000000FF1CE} Microsoft Office Proof (Swedish) 2007-->MsiExec.exe /X{90120000-001F-041D-0000-0000000FF1CE} Microsoft Office Proofing (Finnish) 2007-->MsiExec.exe /X{90120000-002C-040B-0000-0000000FF1CE} Microsoft Office Shared MUI (Finnish) 2007-->MsiExec.exe /X{90120000-006E-040B-0000-0000000FF1CE} Microsoft Office Word MUI (Finnish) 2007-->MsiExec.exe /X{90120000-001B-040B-0000-0000000FF1CE} Microsoft Silverlight-->MsiExec.exe /I{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00} Microsoft Visual C++ 2005 Redistributable-->MsiExec.exe /X{7299052b-02a4-4627-81f2-1818da5d550d} Microsoft Works-->MsiExec.exe /I{6495D83E-3A5B-4674-A17F-3A6DDCDC0F89} MilkShape 3D 1.8.2-->"C:\Program Files\MilkShape 3D 1.8.2\uninstall.exe" ModPlug Tracker-->"D:\ModPlug Tracker\unins000.exe" Mozilla Firefox (3.0.3)-->C:\Program Files\Mozilla Firefox\uninstall\helper.exe MP3 Converter Simple-->C:\PROGRA~1\MP3CON~1\UNWISE.EXE C:\PROGRA~1\MP3CON~1\INSTALL.LOG MSXML 4.0 SP2 (KB936181)-->MsiExec.exe /I{C04E32E0-0416-434D-AFB9-6969D703A9EF} MSXML 4.0 SP2 (KB941833)-->MsiExec.exe /I{C523D256-313D-4866-B36A-F3DE528246EF} Mystery Case Files - Prime Suspects-->"C:\Program Files\Acer GameZone\Mystery Case Files - Prime Suspects\Uninstall.exe" "C:\Program Files\Acer GameZone\Mystery Case Files - Prime Suspects\install.log" Mystery Case Files Ravenhearst-->"C:\Program Files\Acer GameZone\Mystery Case Files Ravenhearst\Uninstall.exe" "C:\Program Files\Acer GameZone\Mystery Case Files Ravenhearst\install.log" Notepad++-->D:\Notepad++\uninstall.exe NTI Backup NOW! 4.7-->"C:\Program Files\InstallShield Installation Information\{1598034D-7147-432C-8CA8-888E0632D124}\setup.exe" -removeonly NTI Backup NOW! 4.7-->C:\Program Files\InstallShield Installation Information\{1598034D-7147-432C-8CA8-888E0632D124}\setup.exe -runfromtemp -l0x040b NTI CD & DVD-Maker-->C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\7\INTEL3~1\IDriver.exe /M{1577A05B-EE62-4BBC-9DB7-FE748FA44EC2} /l1035 CDM7 OpenOffice.org 2.4-->MsiExec.exe /I{B41C03CD-E55C-4C1A-ADBC-CF50ED5000B9} Paint.NET v3.36-->MsiExec.exe /X{43602F34-1AA3-44FB-AEB2-D08C2C73743F} PowerProducer 3.72-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{B7A0CE06-068E-11D6-97FD-0050BACBF861}\Setup.EXE" -uninstall Project64 1.6-->MsiExec.exe /X{9559F7CA-5E34-4237-A2D9-D856464AD727} PSP Video 9 2.25-->D:\Red Kawa\Video Converter\uninstaller.exe Quake III Arena Point Release 1.32-->C:\Windows\unvise32.exe D:\q3arena\\uninstal5.log Quake III Arena-->C:\Windows\IsUninst.exe -f"d:\Quake III Arena\QIII.isu" QuickTime Alternative 2.6.0-->"C:\Program Files\QuickTime Alternative\unins000.exe" Realtek High Definition Audio Driver-->RtlUpd.exe -r -m Roblox-->"C:\Program Files\Roblox\Versions\version-da138397bfad41d6\Roblox.exe" -uninstall -alluser ROBLOX-->MsiExec.exe /X{272C2E66-6D29-4FB3-835B-05A4ED8E63FD} RPG Maker VX RTP-->"D:\Enterbrain\RGSS2\RPGVX\unins000.exe" RPG Maker VX-->"D:\Enterbrain\RPGVX\unins000.exe" Security Update for 2007 Microsoft Office System (KB951944)-->msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {797AE457-BA17-4BBC-B501-25FB3A0103C7} Security Update for 2007 Microsoft Office System (KB955936)-->msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {1D94099C-2BBA-440E-BD5E-093BBDF8F028} Security Update for Microsoft Office Excel 2007 (KB955470)-->msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {6E8637D8-10D6-4568-AA06-E2706F31685E} Security Update for Microsoft Office OneNote 2007 (KB950130)-->msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {F1B2401C-B610-4BF2-AA1C-52C55827A8F4} Security Update for Microsoft Office PowerPoint 2007 (KB951338)-->msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {558B709B-821B-4FC5-90FC-9A8890641E77} Security Update for Microsoft Office system 2007 (KB951808)-->msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {8F375E11-4FD6-4B89-9E2B-A76D48B51E00} Security Update for Microsoft Office system 2007 (KB954326)-->msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {5F7F6FFF-395D-480E-8450-64F385D82C5F} Security Update for Microsoft Office Word 2007 (KB950113)-->msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {AD72BABE-C733-4FCF-9674-4314466191B9} Shader Mod 2 Gold Edition for Midtown Madness 2-->"D:\Midtown Madness 2\unins000.exe" SIEMENS USB Data Cable-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{A542D955-9F05-4C74-8866-25DDC0DB15DB}\Setup.exe" -l0xb Soldat 1.4.2-->"D:\Soldat\unins000.exe" Sony Vegas Pro 8.0-->MsiExec.exe /X{7C9AD221-994C-45B2-B46D-26F5735158CF} Source SDK Base-->"C:\Program Files\Steam\steam.exe" steam://uninstall/215 Steam(TM)-->MsiExec.exe /X{048298C9-A4D3-490B-9FF9-AB023A9238F3} System Requirements Lab-->C:\Program Files\SystemRequirementsLab\Uninstall.exe The Wonderful End of the World Demo-->"C:\Program Files\Steam\steam.exe" steam://uninstall/15510 There-->"C:\Program Files\There\ThereClientUninst.exe" TortoiseSVN 1.5.3.13783 (32 bit)-->MsiExec.exe /X{8922F418-1066-4FED-AF92-278EAF8DE5B2} Toy Story 2 Action Game-->"C:\Windows\\Toy Story 2 Action Game\\uninstall.exe" "/U:C:\Windows\\Toy Story 2 Action Game\uninstall.xml" Treasures of the Deep-->"C:\Program Files\Acer GameZone\Treasures of the Deep\Uninstall.exe" "C:\Program Files\Acer GameZone\Treasures of the Deep\install.log" Update for Office 2007 (KB946691)-->msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {A420F522-7395-4872-9882-C591B4B92278} WarRock-->C:\Program Files\InstallShield Installation Information\{00D15456-F679-4AD4-8BD2-56450D4C3F72}\setup.exe -runfromtemp -l0x0009 -removeonly VideoLAN VLC media player 0.8.6i-->D:\VideoLAN\VLC\uninstall.exe Winamp-->"D:\Winamp\UninstWA.exe" Windows Live installer-->MsiExec.exe /X{5C29C5F5-A9C9-4E89-A606-13E165E7C55F} Windows Live Messenger-->MsiExec.exe /X{A9174A72-1B46-445B-B3CF-90ED2C63D83B} Windows Liven kirjautumisavustaja-->MsiExec.exe /I{AFA4E5FD-ED70-4D92-99D0-162FD56DC986} Windows Media Player Firefox Plugin-->MsiExec.exe /I{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4} WinRAR archiver-->C:\Program Files\WinRAR\uninstall.exe WinUHA 2.0 RC1 (2005.02.27)-->"C:\Program Files\WinUHA\unins000.exe" VirtualCloneDrive-->"D:\VirtualCloneDrive\vcd-uninst.exe" /D="D:\VirtualCloneDrive" vixy converter uninstall-->"D:\vixy.net\unins000.exe" Wolfenstein - Enemy Territory-->D:\Enemy Territory\uninst.exe Worms 4 Mayhem-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{45E7C481-3EF4-4FCB-AF0B-19F70D618F0C}\setup.exe" -l0x9 -removeonly Yahoo! Toolbar-->C:\PROGRA~1\Yahoo!\common\unyt.exe zbattle.net 1.09 SR-1 beta-->D:\zbattle.net\unins000.exe Zuma Deluxe-->"C:\Program Files\Acer GameZone\Zuma Deluxe\Uninstall.exe" "C:\Program Files\Acer GameZone\Zuma Deluxe\install.log" ======Security center information====== AV: avast! antivirus 4.8.1229 [VPS 081020-0] AS: Windows Defender (disabled) AS: avast! antivirus 4.8.1229 [VPS 081020-0] ======Environment variables====== "ComSpec"=%SystemRoot%\system32\cmd.exe "FP_NO_HOST_CHECK"=NO "OS"=Windows_NT "Path"=%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem;C:\Program Files\TortoiseSVN\bin "PATHEXT"=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH;.MSC "PROCESSOR_ARCHITECTURE"=x86 "TEMP"=%SystemRoot%\TEMP "TMP"=%SystemRoot%\TEMP "USERNAME"=SYSTEM "windir"=%SystemRoot% "PROCESSOR_LEVEL"=6 "PROCESSOR_IDENTIFIER"=x86 Family 6 Model 22 Stepping 1, GenuineIntel "PROCESSOR_REVISION"=1601 "NUMBER_OF_PROCESSORS"=1 -----------------EOF----------------- Siinä.
Kiitos. Sieltä löytyi lisää mielenkiintoisia tiedostoja. Tehdäämpä niin, että lähetät alla olevat tiedostot ThreatExpertille (yksitellen) C:\Windows\lol43.exe C:\fdsgsdg342gd.exe http://www.threatexpert.com/submit.aspx Kopioi ja liitä tiedostopolku File to submit -kohtaan. Anna sähköpostiosoitteesi Your E-mail address -kohtaan. Laita ruksia "I agree" ruutuun ja napsauta Submit. ThreatExpert lähettää skannauksen tulokset sähköpostiisi jonkin ajan kuluttua. Pistä tänne linkkiä sitten niihin tuloksiin (Submission Summary).
Lataa Otmoveit3 by OldTimer ja tallenna se työpöydälle. Tuplaklikkaa OTMoveIt3.exe käynnistääksesi ohjelman. Kopioi (CTRL+C) alla olevasta laatikosta kaikki teksti. Koodi: :files C:\Windows\lol43.exe C:\fdsgsdg342gd.exe :commands [emptytemp] Palaa takaisin OtmoveIt3, paina oikeanpuoleista hiiren nappia Paste List Of Files/Folders to Move-ikkunassa (Keltaisen palkin alla) ja paina Liitä. Paina punaista MoveIt! -nappia. Kopioi (CTRL+C) ja liitä (CTRL+V) Results-ikkunaan (Vihreän palkin alla) tullut teksti seuraavaan viestiisi. Sulje OTMoveIt3. Jos jotain tiedostoa/kansiota ei voitu siirtää heti, ohjelma ehdottaa koneen uudelleenkäynnistystä. Vastaa ehdotukseen Yes, jolloin OtMoveIt käynnistää koneesi uudelleen.
Ennen reboottaamista: ========== FILES ========== C:\Windows\lol43.exe moved successfully. C:\fdsgsdg342gd.exe moved successfully. ========== COMMANDS ========== File delete failed. C:\Users\-\AppData\Local\Temp\etilqs_4IkSYt7pDRcWkIlDQVfd scheduled to be deleted on reboot. File delete failed. C:\Users\-\AppData\Local\Temp\RtkBtMnt.exe scheduled to be deleted on reboot. File delete failed. C:\Users\-\AppData\Local\Temp\~DF391B.tmp scheduled to be deleted on reboot. File delete failed. C:\Users\-\AppData\Local\Temp\~DF392E.tmp scheduled to be deleted on reboot. File delete failed. C:\Users\-\AppData\Local\Temp\~DF4094.tmp scheduled to be deleted on reboot. File delete failed. C:\Users\-\AppData\Local\Temp\~DF409E.tmp scheduled to be deleted on reboot. User's Temp folder emptied. User's Temporary Internet Files folder emptied. User's Internet Explorer cache folder emptied. Local Service Temp folder emptied. Local Service Temporary Internet Files folder emptied. File delete failed. C:\Windows\temp\_avast4_\Webshlock.txt scheduled to be deleted on reboot. File delete failed. C:\Windows\temp\sqlite_5bFudEuEYAhibSD scheduled to be deleted on reboot. File delete failed. C:\Windows\temp\sqlite_BTCmZseYBKQP226 scheduled to be deleted on reboot. File delete failed. C:\Windows\temp\sqlite_ukSKN5nhiGZ6TIG scheduled to be deleted on reboot. Windows Temp folder emptied. File delete failed. C:\Users\-\AppData\Local\Mozilla\Firefox\Profiles\73x0u1x5.default\Cache\_CACHE_001_ scheduled to be deleted on reboot. File delete failed. C:\Users\-\AppData\Local\Mozilla\Firefox\Profiles\73x0u1x5.default\Cache\_CACHE_002_ scheduled to be deleted on reboot. File delete failed. C:\Users\-\AppData\Local\Mozilla\Firefox\Profiles\73x0u1x5.default\Cache\_CACHE_003_ scheduled to be deleted on reboot. File delete failed. C:\Users\-\AppData\Local\Mozilla\Firefox\Profiles\73x0u1x5.default\Cache\_CACHE_MAP_ scheduled to be deleted on reboot. File delete failed. C:\Users\-\AppData\Local\Mozilla\Firefox\Profiles\73x0u1x5.default\urlclassifier3.sqlite scheduled to be deleted on reboot. File delete failed. C:\Users\-\AppData\Local\Mozilla\Firefox\Profiles\73x0u1x5.default\XUL.mfl scheduled to be deleted on reboot. FireFox cache emptied. Temp folders emptied. OTMoveIt3 by OldTimer - Version 1.0.5.0 log created on 10212008_185353 ----------- Reboottaamisen jälkeen tullut logi: File delete failed. C:\Users\-\AppData\Local\Temp\~DF409E.tmp scheduled to be deleted on reboot. User's Temp folder emptied. User's Temporary Internet Files folder emptied. User's Internet Explorer cache folder emptied. Local Service Temp folder emptied. Local Service Temporary Internet Files folder emptied. File delete failed. C:\Windows\temp\_avast4_\Webshlock.txt scheduled to be deleted on reboot. File delete failed. C:\Windows\temp\sqlite_5bFudEuEYAhibSD scheduled to be deleted on reboot. File delete failed. C:\Windows\temp\sqlite_BTCmZseYBKQP226 scheduled to be deleted on reboot. File delete failed. C:\Windows\temp\sqlite_ukSKN5nhiGZ6TIG scheduled to be deleted on reboot. Windows Temp folder emptied. File delete failed. C:\Users\-\AppData\Local\Mozilla\Firefox\Profiles\73x0u1x5.default\Cache\_CACHE_001_ scheduled to be deleted on reboot. File delete failed. C:\Users\-\AppData\Local\Mozilla\Firefox\Profiles\73x0u1x5.default\Cache\_CACHE_002_ scheduled to be deleted on reboot. File delete failed. C:\Users\-\AppData\Local\Mozilla\Firefox\Profiles\73x0u1x5.default\Cache\_CACHE_003_ scheduled to be deleted on reboot. File delete failed. C:\Users\-\AppData\Local\Mozilla\Firefox\Profiles\73x0u1x5.default\Cache\_CACHE_MAP_ scheduled to be deleted on reboot. File delete failed. C:\Users\-\AppData\Local\Mozilla\Firefox\Profiles\73x0u1x5.default\urlclassifier3.sqlite scheduled to be deleted on reboot. File delete failed. C:\Users\-\AppData\Local\Mozilla\Firefox\Profiles\73x0u1x5.default\XUL.mfl scheduled to be deleted on reboot. FireFox cache emptied. Temp folders emptied. OTMoveIt3 by OldTimer - Version 1.0.5.0 log created on 10212008_185353 Files moved on Reboot... File C:\Users\-\AppData\Local\Temp\etilqs_4IkSYt7pDRcWkIlDQVfd not found! C:\Users\-\AppData\Local\Temp\RtkBtMnt.exe moved successfully. File C:\Users\-\AppData\Local\Temp\~DF391B.tmp not found! File C:\Users\-\AppData\Local\Temp\~DF392E.tmp not found! File C:\Users\-\AppData\Local\Temp\~DF4094.tmp not found! File C:\Users\-\AppData\Local\Temp\~DF409E.tmp not found! File move failed. C:\Windows\temp\_avast4_\Webshlock.txt scheduled to be moved on reboot. C:\Windows\temp\sqlite_5bFudEuEYAhibSD moved successfully. C:\Windows\temp\sqlite_BTCmZseYBKQP226 moved successfully. C:\Windows\temp\sqlite_ukSKN5nhiGZ6TIG moved successfully. C:\Users\-\AppData\Local\Mozilla\Firefox\Profiles\73x0u1x5.default\Cache\_CACHE_001_ moved successfully. C:\Users\-\AppData\Local\Mozilla\Firefox\Profiles\73x0u1x5.default\Cache\_CACHE_002_ moved successfully. C:\Users\-\AppData\Local\Mozilla\Firefox\Profiles\73x0u1x5.default\Cache\_CACHE_003_ moved successfully. C:\Users\-\AppData\Local\Mozilla\Firefox\Profiles\73x0u1x5.default\Cache\_CACHE_MAP_ moved successfully. C:\Users\-\AppData\Local\Mozilla\Firefox\Profiles\73x0u1x5.default\urlclassifier3.sqlite moved successfully. C:\Users\-\AppData\Local\Mozilla\Firefox\Profiles\73x0u1x5.default\XUL.mfl moved successfully. Tämmönen tuli. Sensuroin tuon nimen noista kun sattuu yhteinen kone olemaan.
Hienoa. Tehdään vielä tarkistus Kasperskyn online skannerilla. Skannaa koneesi Kaspersky Online Skannerilla Lue läpi vaatimukset ja yksityisyyssäännökset ja klikkaa Accept. Skannerin ja virustietokannan lataus alkaa. Sinulta kysytään sallitko Kasperskyltä tulevan ohjelman asentamisen. Klikkaa Aja/Run. Kun lataus on valmis, klikkaa Settings. Varmistu, että seuraavat kohdat on valittu. Jos ne eivät ole, valitse ne ja klikkaa Save: Spyware, Adware, Dialers, and other potentially dangerous programs Archives Klikkaa Oma Tietokone, My Computer Scan-kohdan alapuolelta. Kun tarkistus on valmis, tulokset näytetään. Klikkaa View Scan Report. Näet listan saastuneista kohteista. Klikkaa Save Report As.... Tallenna tiedosto työpöydällesi. Muuta Tiedostotyyppi/Files of type muotoon Tekstitiedosto/Text file(.txt) ennen kuin klikkaat Save. Kopioi ja liitä tiedoston sisältö seuraavaan vastaukseesi uuden HijackThis-lokin kera
