Windows Vista vil ikke opdatere

**Bubba** · #1 23. maj 2009, 09:33

Jeg er på en venner computer, Vista og Windows vil ikke opdatere. Indtil videre har jeg fundet og fjernet Internet Anti-Virus, Win32Adload.r og video.exe. De havde også denne kupon spyware og deres søn holdt lastning LimeWire. Jeg fjernet begge (LOL LimeWire installerer sig selv i 400 steder, jeg var nødt til at gå gennem hver mappe og fil for at slippe af med, at). Men stadig Windows vil ikke opdatere. Jeg får en kode 80072efd, som siger, at der er en firewall forhindrer vindue fra ajourføring. Jeg kan ikke finde nogen firewall andre end Windows, og jeg har set i hver mappe. Her er de tre logs, jeg kan ikke finde noget, har jeg glemt noget?

BEMÆRK: Jeg kan ikke uploade nogen af de tre logfiler. Jeg bliver ved med at få ugyldig fil fra webstedet. Hvad med det? Jeg har for mange uploads her? Lad mig prøve en kopi indsætte:

SUPERAntiSpyware Scan Log
http://www.superantispyware.com

Generated 05/23/2009 at 04:42

Application Version: 4.26.1002

Core Rules Database Version: 3908
Trace Rules Database Version: 1852

Scan type: Complete Scan
Total Scan Time: 03:45:40

Memory poster scannet: 831
Memory trusler opdaget: 0
Topdomæneadministratoren poster scannet: 6407
Topdomæneadministratoren trusler opdaget: 0
File poster skannet: 326608
File trusler opdaget: 78

Adware.Tracking Cookie
C: \ Users \ Shirley \ AppData \ Roaming \ Microsoft \ Windows \ Cookies \ Shirley @ 2o7 [2]. Txt
C: \ Users \ Shirley \ AppData \ Roaming \ Microsoft \ Windows \ Cookies \ Shirley @ interclick [1]. Txt
C: \ Users \ Shirley \ AppData \ Roaming \ Microsoft \ Windows \ Cookies \ shirley@msnportal.112.2o7 [1]. Txt
C: \ Users \ Shirley \ AppData \ Roaming \ Microsoft \ Windows \ Cookies \ Shirley @ tribalfusion [1]. Txt
C: \ Users \ Shirley \ AppData \ Roaming \ Microsoft \ Windows \ Cookies \ Shirley @ RealMedia [2]. Txt
C: \ Users \ Shirley \ AppData \ Roaming \ Microsoft \ Windows \ Cookies \ shirley@ad.yieldmanager [2]. Txt
C: \ Users \ Shirley \ AppData \ Roaming \ Microsoft \ Windows \ Cookies \ shirley@adopt.specificclick [1]. Txt
C: \ Users \ Shirley \ AppData \ Roaming \ Microsoft \ Windows \ Cookies \ shirley@microsoftinternetexplorer.112.2o7 [1]. Txt
C: \ Users \ Shirley \ AppData \ Roaming \ Microsoft \ Windows \ Cookies \ Shirley @ specificclick [1]. Txt
C: \ Users \ Shirley \ AppData \ Roaming \ Microsoft \ Windows \ Cookies \ shirley@msnservices.112.2o7 [1]. Txt
C: \ Users \ Shirley \ AppData \ Roaming \ Microsoft \ Windows \ Cookies \ Shirley @ media6degrees [1]. Txt
C: \ Users \ Shirley \ AppData \ Roaming \ Microsoft \ Windows \ Cookies \ Shirley @ revsci [1]. Txt
C: \ Users \ Shirley \ AppData \ Roaming \ Microsoft \ Windows \ Cookies \ shirley@microsoftwindows.112.2o7 [1]. Txt
C: \ Documents and Settings \ Shirley \ AppData \ Roaming \ Microsoft \ Windows \ Cookies \ Shirley @ 2o7 [2]. Txt
C: \ Documents and Settings \ Shirley \ AppData \ Roaming \ Microsoft \ Windows \ Cookies \ shirley@ad.yieldmanager [2]. Txt
C: \ Documents and Settings \ Shirley \ AppData \ Roaming \ Microsoft \ Windows \ Cookies \ shirley@adopt.specificclick [1]. Txt
C: \ Documents and Settings \ Shirley \ AppData \ Roaming \ Microsoft \ Windows \ Cookies \ Shirley @ interclick [1]. Txt
C: \ Documents and Settings \ Shirley \ AppData \ Roaming \ Microsoft \ Windows \ Cookies \ Shirley @ media6degrees [1]. Txt
C: \ Documents and Settings \ Shirley \ AppData \ Roaming \ Microsoft \ Windows \ Cookies \ shirley@microsoftinternetexplorer.112.2o7 [1]. Txt
C: \ Documents and Settings \ Shirley \ AppData \ Roaming \ Microsoft \ Windows \ Cookies \ shirley@microsoftwindows.112.2o7 [1]. Txt
C: \ Documents and Settings \ Shirley \ AppData \ Roaming \ Microsoft \ Windows \ Cookies \ shirley@msnportal.112.2o7 [1]. Txt
C: \ Documents and Settings \ Shirley \ AppData \ Roaming \ Microsoft \ Windows \ Cookies \ shirley@msnservices.112.2o7 [1]. Txt
C: \ Documents and Settings \ Shirley \ AppData \ Roaming \ Microsoft \ Windows \ Cookies \ Shirley @ RealMedia [2]. Txt
C: \ Documents and Settings \ Shirley \ AppData \ Roaming \ Microsoft \ Windows \ Cookies \ Shirley @ revsci [1]. Txt
C: \ Documents and Settings \ Shirley \ AppData \ Roaming \ Microsoft \ Windows \ Cookies \ Shirley @ specificclick [1]. Txt
C: \ Documents and Settings \ Shirley \ AppData \ Roaming \ Microsoft \ Windows \ Cookies \ Shirley @ tribalfusion [1]. Txt
C: \ Documents and Settings \ Shirley \ Application Data \ Microsoft \ Windows \ Cookies \ Shirley @ 2o7 [2]. Txt
C: \ Documents and Settings \ Shirley \ Application Data \ Microsoft \ Windows \ Cookies \ shirley@ad.yieldman Ager [2]. Txt
C: \ Documents and Settings \ Shirley \ Application Data \ Microsoft \ Windows \ Cookies \ shirley@adopt.speci ficclick [1]. Txt
C: \ Documents and Settings \ Shirley \ Application Data \ Microsoft \ Windows \ Cookies \ Shirley @ interclick [1]. Txt
C: \ Documents and Settings \ Shirley \ Application Data \ Microsoft \ Windows \ Cookies \ Shirley @ media6degre es [1]. Txt
C: \ Documents and Settings \ Shirley \ Application Data \ Microsoft \ Windows \ Cookies \ Shirley @ microsoftin ternetexplorer.112.2o7 [1]. Txt
C: \ Documents and Settings \ Shirley \ Application Data \ Microsoft \ Windows \ Cookies \ Shirley @ microsoftwi ndows.112.2o7 [1]. Txt
C: \ Documents and Settings \ Shirley \ Application Data \ Microsoft \ Windows \ Cookies \ shirley@msnportal.1 12.2o7 [1]. Txt
C: \ Documents and Settings \ Shirley \ Application Data \ Microsoft \ Windows \ Cookies \ Shirley @ msnservices .112.2 O7 [1]. Txt
C: \ Documents and Settings \ Shirley \ Application Data \ Microsoft \ Windows \ Cookies \ Shirley @ RealMedia [2]. Txt
C: \ Documents and Settings \ Shirley \ Application Data \ Microsoft \ Windows \ Cookies \ Shirley @ revsci [1]. Txt
C: \ Documents and Settings \ Shirley \ Application Data \ Microsoft \ Windows \ Cookies \ Shirley @ specificcli gb [1]. Txt
C: \ Documents and Settings \ Shirley \ Application Data \ Microsoft \ Windows \ Cookies \ Shirley @ tribalfusio n [1]. Txt
C: \ Documents and Settings \ Shirley \ Cookies \ Shirley @ 2o7 [2]. Txt
C: \ Documents and Settings \ Shirley \ Cookies \ shirley@ad.yieldmanager [2]. Txt
C: \ Documents and Settings \ Shirley \ Cookies \ shirley@adopt.specificcli gb [1]. Txt
C: \ Documents and Settings \ Shirley \ Cookies \ Shirley @ interclick [1]. Txt
C: \ Documents and Settings \ Shirley \ Cookies \ Shirley @ media6degrees [1]. Txt
C: \ Documents and Settings \ Shirley \ Cookies \ Shirley @ microsoftinternet explorer.112.2o7 [1]. Txt
C: \ Documents and Settings \ Shirley \ Cookies \ Shirley @ microsoftwindows. 112.2o7 [1]. Txt
C: \ Documents and Settings \ Shirley \ Cookies \ shirley@msnportal.112.2o7 [1]. Txt
C: \ Documents and Settings \ Shirley \ Cookies \ shirley@msnservices.112.2 O7 [1]. Txt
C: \ Documents and Settings \ Shirley \ Cookies \ Shirley @ RealMedia [2]. Txt
C: \ Documents and Settings \ Shirley \ Cookies \ Shirley @ revsci [1]. Txt
C: \ Documents and Settings \ Shirley \ Cookies \ Shirley @ specificclick [1]. Txt
C: \ Documents and Settings \ Shirley \ Cookies \ Shirley @ tribalfusion [1]. Txt
C: \ Users \ Shirley \ Application Data \ Microsoft \ Windows \ Cookies \ Shirley @ 2o7 [2]. Txt
C: \ Users \ Shirley \ Application Data \ Microsoft \ Windows \ Cookies \ shirley@ad.yieldman Ager [2]. Txt
C: \ Users \ Shirley \ Application Data \ Microsoft \ Windows \ Cookies \ shirley@adopt.speci ficclick [1]. Txt
C: \ Users \ Shirley \ Application Data \ Microsoft \ Windows \ Cookies \ Shirley @ interclick [1]. Txt
C: \ Users \ Shirley \ Application Data \ Microsoft \ Windows \ Cookies \ Shirley @ media6degre es [1]. Txt
C: \ Users \ Shirley \ Application Data \ Microsoft \ Windows \ Cookies \ Shirley @ microsoftin ternetexplorer.112.2o7 [1]. Txt
C: \ Users \ Shirley \ Application Data \ Microsoft \ Windows \ Cookies \ Shirley @ microsoftwi ndows.112.2o7 [1]. Txt
C: \ Users \ Shirley \ Application Data \ Microsoft \ Windows \ Cookies \ shirley@msnportal.1 12.2o7 [1]. Txt
C: \ Users \ Shirley \ Application Data \ Microsoft \ Windows \ Cookies \ Shirley @ msnservices .112.2 O7 [1]. Txt
C: \ Users \ Shirley \ Application Data \ Microsoft \ Windows \ Cookies \ Shirley @ RealMedia [2]. Txt
C: \ Users \ Shirley \ Application Data \ Microsoft \ Windows \ Cookies \ Shirley @ revsci [1]. Txt
C: \ Users \ Shirley \ Application Data \ Microsoft \ Windows \ Cookies \ Shirley @ specificcli gb [1]. Txt
C: \ Users \ Shirley \ Application Data \ Microsoft \ Windows \ Cookies \ Shirley @ tribalfusio n [1]. Txt
C: \ Users \ Shirley \ Cookies \ Shirley @ 2o7 [2]. Txt
C: \ Users \ Shirley \ Cookies \ shirley@ad.yieldmanager [2]. Txt
C: \ Users \ Shirley \ Cookies \ shirley@adopt.specificcli gb [1]. Txt
C: \ Users \ Shirley \ Cookies \ Shirley @ interclick [1]. Txt
C: \ Users \ Shirley \ Cookies \ Shirley @ media6degrees [1]. Txt
C: \ Users \ Shirley \ Cookies \ Shirley @ microsoftinternet explorer.112.2o7 [1]. Txt
C: \ Users \ Shirley \ Cookies \ Shirley @ microsoftwindows. 112.2o7 [1]. Txt
C: \ Users \ Shirley \ Cookies \ shirley@msnportal.112.2o7 [1]. Txt
C: \ Users \ Shirley \ Cookies \ shirley@msnservices.112.2 O7 [1]. Txt
C: \ Users \ Shirley \ Cookies \ Shirley @ RealMedia [2]. Txt
C: \ Users \ Shirley \ Cookies \ Shirley @ revsci [1]. Txt
C: \ Users \ Shirley \ Cookies \ Shirley @ specificclick [1]. Txt
C: \ Users \ Shirley \ Cookies \ Shirley @ tribalfusion [1]. Txt

Malwarebytes' Anti-Malware 1.36
Database version: 2150
Windows 6.0.6001 Service Pack 1

5/19/2009 8:40:58 AM
mbam-log-2009-05-19 (08-40-58). txt

Scan type: Quick Scan
Objekter skannet: 71524
Tidsforbrug: 3 minut (s), 23 sekund (s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registreringsdatabasenøgler Inficerede: 13
Registry Values Infected: 0
Registry Data Items Infected: 3
Folders Infected: 3
Files Infected: 11

Memory Processes Infected:
(Nr. ondsindede elementer opdaget)

Memory Modules Infected:
(Nr. ondsindede elementer opdaget)

Registreringsdatabasenøgler Inficerede:
HKEY_CLASSES_ROOT \ fe345.fe345mgr (Trojan.FakeAlert) -> karantæne og slettet.
HKEY_CLASSES_ROOT \ CLSID \ (65768b48-b004-4b26-9bac-a3bac39643d1) (Trojan.FakeAlert) -> karantæne og slettet.
HKEY_CURRENT_USER \ SOFTWARE \ Microsoft \ Windows \ Curre ntVersion \ Ext \ Stats \ (65768b48-b004-4b26-9bac-a3bac39643d1) (Trojan.FakeAlert) -> karantæne og slettet.
HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ Windows \ Curr entVersion \ Explorer \ Browser Helper Objects \ (65768b48-b004-4b26-9bac-a3bac39643d1) (Trojan.FakeAlert) -> karantæne og slettet.
HKEY_CLASSES_ROOT \ fe345.fe345mgr.1 (Trojan.FakeAlert) -> karantæne og slettet.
HKEY_CLASSES_ROOT \ y537.y537mgr (Trojan.BHO) -> karantæne og slettet.
HKEY_CLASSES_ROOT \ TypeLib \ (e63648f7-3933-440e-b4f6-a8584dd7b7eb) (Trojan.BHO) -> karantæne og slettet.
HKEY_CLASSES_ROOT \ Interface \ (f7d09218-46d7-4d3d-9b7f-315204cd0836) (Trojan.BHO) -> karantæne og slettet.
HKEY_CLASSES_ROOT \ CLSID \ (e7f15ac4-e0a9-43f0-921b-70dfea621220) (Trojan.BHO) -> karantæne og slettet.
HKEY_CURRENT_USER \ SOFTWARE \ Microsoft \ Windows \ Curre ntVersion \ Ext \ Stats \ (e7f15ac4-e0a9-43f0-921b-70dfea621220) (Trojan.BHO) -> karantæne og slettet.
HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ Windows \ Curr entVersion \ Explorer \ Browser Helper Objects \ (e7f15ac4-e0a9-43f0-921b-70dfea621220) (Trojan.BHO) -> karantæne og slettet.
HKEY_CLASSES_ROOT \ y537.y537mgr.1 (Trojan.BHO) -> karantæne og slettet.
HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ Windows \ Curr entVersion \ Uninstall \ Internet antivirus pro_is1 (Rogue.InternetAntivirus) -> karantæne og slettet.

Registry Values Infected:
(Nr. ondsindede elementer opdaget)

Registry Data Items Infected:
HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ Security Center \ AntiVirusDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> karantæne og slettet.
HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ Security Center \ FirewallDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> karantæne og slettet.
HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ Security Center \ UpdatesDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> karantæne og slettet.

Folders Infected:
C: \ Windows \ System32 \ 199638 (Trojan.FakeAlert) -> karantæne og slettet.
C: \ Programmer \ websrvx (Trojan.Downloader) -> karantæne og slettet.
C: \ Windows \ System32 \ 796525 (Trojan.BHO) -> karantæne og slettet.

Files Infected:
C: \ Windows \ System32 \ 199638 \ 199638.dll (Trojan.FakeAlert) -> karantæne og slettet.
C: \ Windows \ System32 \ 796525 \ 796525.dll (Trojan.BHO) -> karantæne og slettet.
C: \ Users \ Shirley \ AppData \ Local \ Temp \ jopaxx_1241669 819.exe (Worm.KoobFace) -> karantæne og slettet.
C: \ Programmer \ Common Files \ InternetAntivirusPro.exe (Rogue.InternetAntivirus) -> karantæne og slettet.
C: \ Windows \ msmark2.dat (Worm.KoobFace) -> karantæne og slettet.
C: \ Windows \ t55ft2668f44.dat (Worm.KoobFace) -> karantæne og slettet.
C: \ Windows \ t55ft2695f44.dat (Worm.KoobFace) -> karantæne og slettet.
C: \ Windows \ t55ft3105f44.dat (Worm.KoobFace) -> karantæne og slettet.
C: \ Windows \ 9g2234wesdf3dfgjf23 (Worm.KoobFace) -> karantæne og slettet.
C: \ Windows \ f5087.dat (Worm.KoobFace) -> karantæne og slettet.
C: \ Windows \ f23567.dat (Worm.KoobFace) -> karantæne og slettet.
(ovenfor var den første log, nedenfor, er den nuværende)

Malwarebytes' Anti-Malware 1.36
Database version: 2150
Windows 6.0.6001 Service Pack 1

5/23/2009 9:03:23 AM
mbam-log-2009-05-23 (09-03-23). txt

Scan type: Quick Scan
Objekter skannet: 70234
Tidsforbrug: 2 minut (ter), 28 sekund (s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registreringsdatabasenøgler Inficerede: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(Nr. ondsindede elementer opdaget)

Memory Modules Infected:
(Nr. ondsindede elementer opdaget)

Registreringsdatabasenøgler Inficerede:
(Nr. ondsindede elementer opdaget)

Registry Values Infected:
(Nr. ondsindede elementer opdaget)

Registry Data Items Infected:
(Nr. ondsindede elementer opdaget)

Folders Infected:
(Nr. ondsindede elementer opdaget)

Files Infected:
(Nr. ondsindede elementer opdaget)

Logfile af Trend Micro HijackThis v2.0.2
Scan gemt på 9:09:09 AM, den 5/23/2009
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Kørende processer:
C: \ Windows \ system32 \ Dwm.exe
C: \ Windows \ system32 \ taskeng.exe
C: \ Windows \ Explorer.EXE
C: \ Programmer \ Windows Media Player \ wmpnscfg.exe
C: \ Programmer \ Windows Defender \ MSASCui.exe
C: \ Windows \ RtHDVCpl.exe
C: \ Programmer \ NewTech Infosystems \ NTI Backup Now 5 \ BkupTray.exe
C: \ Acer \ Stærke Technology \ SysMonitor.exe
C: \ Programmer \ Motorola \ SMSERIAL \ sm56hlpr.exe
C: \ Windows \ System32 \ nvraidservice.exe
C: \ Programmer \ Lexmark 4300 Series \ lxcemon.exe
C: \ Programmer \ Lexmark 4300 Series \ ezprint.exe
C: \ Programmer \ Fælles filer \ ArcSoft \ Connection Service \ Bin \ ACDaemon.exe
C: \ Programmer \ iTunes \ iTunesHelper.exe
C: \ Programmer \ Java \ jre6 \ bin \ jusched.exe
C: \ Programmer \ BillP Studios \ WinPatrol \ WinPatrol.exe
C: \ Windows \ System32 \ rundll32.exe
C: \ Programmer \ Alwil Software \ Avast4 \ ashDisp.exe
C: \ Programmer \ Google \ GoogleToolbarNotifier \ GoogleToolbarNo tifier.exe
C: \ Windows \ ehome \ ehtray.exe
C: \ Programmer \ Olympus \ Olympus Master 2 \ MMonitor.exe
C: \ Programmer \ Spybot - Search & Destroy \ TeaTimer.exe
C: \ Programmer \ Eraser \ Eraser.exe
C: \ Programmer \ SUPERAntiSpyware \ SUPERAntiSpyware.exe
C: \ Programmer \ Kodak \ Kodak EasyShare software \ bin \ EasyShare.exe
C: \ Windows \ System32 \ Wbem \ Unsecapp.exe
C: \ Acer \ Stærke Technology \ ACER.EMPOWERING.FRAMEWORK.SUPERVISOR.EX E
C: \ Acer \ Stærke Technology \ eRecovery \ ERAGENT.EXE
C: \ Windows \ ehome \ ehmsas.exe
C: \ Users \ Shirley \ Desktop \ HiJackThis.exe

R0 - HKCU \ Software \ Microsoft \ Internet Explorer \ Main, Start Page = http://www.yahoo.com/
R1 - HKLM \ Software \ Microsoft \ Internet Explorer \ Main, Default_Page_URL = http://en.us.acer.yahoo.com
R1 - HKLM \ Software \ Microsoft \ Internet Explorer \ Main, Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM \ Software \ Microsoft \ Internet Explorer \ Main, Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM \ Software \ Microsoft \ Internet Explorer \ Main, Start Page = http://en.us.acer.yahoo.com
R0 - HKLM \ Software \ Microsoft \ Internet Explorer \ Search, SearchAssistant =
R0 - HKLM \ Software \ Microsoft \ Internet Explorer \ Search, CustomizeSearch =
R1 - HKCU \ Software \ Microsoft \ Windows \ CurrentVersion \ Int ernet Settings, ProxyServer = http = localhost: 7171
R0 - HKCU \ Software \ Microsoft \ Internet Explorer \ Toolbar, LinksFolderName =
O1 - Hosts::: 1 localhost
O2 - BHO: (no name) - (02478D38-C3F9-4efb-9B51-7695ECA05670) - (no file)
O2 - BHO: AcroIEHelperStub - (18DF081C-E8AD-4283-A596-FA578C2EBDC3) - C: \ Programmer \ Common Files \ Adobe \ Acrobat \ ActiveX \ AcroIEHelperShim.dll
O2 - BHO: Spybot-S & D IE Protection - (53707962-6F74-2D53-2644-206D7942484F) - C: \ PROGRA ~ 1 \ Spybot ~ 1 \ SDHelper.dll
O2 - BHO: (no name) - (602ADB0E-4AFF-4217-8AA1-95DAC4DFA408) - (no file)
O2 - BHO: SSVHelper Class - (761497BB-D6F0-462C-B6EB-D4DAF1D92D43) - C: \ Programmer \ Java \ jre6 \ bin \ ssv.dll
O2 - BHO: (no name) - (83A2F9B1-01A2-4AA5-87D1-45B6B8505E96) - (no file)
O2 - BHO: Google Toolbar Helper - (AA58ED58-01DD-4d91-8333-CF10577473F7) - C: \ Programmer \ Google \ Google Toolbar \ GoogleToolbar.dll
O2 - BHO: Google Toolbar Notifier BHO - (AF69DE43-7D58-4638-B6FA-CE66B5AD205D) - C: \ Programmer \ Google \ GoogleToolbarNotifier \ 5.1.1309.3572 \ s wg.dll
O2 - BHO: Google Ordbog Compression sdch - (C84D72FE-E17D-4195-BB24-76C02E2E7C4E) - C: \ Programmer \ Google \ Google Toolbar \ Component \ fastsearch_A8904FB862BD9564.dll
O2 - BHO: Java (tm) Plug-In 2 SSV Helper - (DBC80044-A445-435b-BC74-9C25C1C588A9) - C: \ Programmer \ Java \ jre6 \ bin \ jp2ssv.dll
O3 - Toolbar: Google Toolbar - (2318C2B1-4965-11D4-9B18-009027A5CD4F) - C: \ Programmer \ Google \ Google Toolbar \ GoogleToolbar.dll
O4 - HKLM \ .. \ Run: [Windows Defender]% ProgramFiles% \ Windows Defender \ MSASCui.exe-hide
O4 - HKLM \ .. \ Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM \ .. \ Run: [BkupTray] "C: \ Programmer \ NewTech Infosystems \ NTI Backup Now 5 \ BkupTray.exe"
O4 - HKLM \ .. \ Run: [Acer Stærke Technology Monitor] C: \ Acer \ Stærke Technology \ SysMonitor.exe
O4 - HKLM \ .. \ Run: [SMSERIAL] C: \ Programmer \ Motorola \ SMSERIAL \ sm56hlpr.exe
O4 - HKLM \ .. \ Run: [Acer Product Registration] "C: \ Programmer \ Acer Registration \ ACE1.exe" / start
O4 - HKLM \ .. \ Run: [NVRaidService] C: \ Windows \ system32 \ nvraidservice.exe
O4 - HKLM \ .. \ Run: [LXCECATS] rundll32 C: \ Windows \ system32 \ spool \ DRIVERS \ W32X86 \ 3 \ LXCEtim e.dll, _RunDLLEntry @ 16
O4 - HKLM \ .. \ Run: [lxcemon.exe] "C: \ Programmer \ Lexmark 4300 Series \ lxcemon.exe"
O4 - HKLM \ .. \ Run: [EzPrint] "C: \ Programmer \ Lexmark 4300 Series \ ezprint.exe"
O4 - HKLM \ .. \ Run: [ArcSoft Connection Service] C: \ Programmer \ Fælles filer \ ArcSoft \ Connection Service \ Bin \ ACDaemon.exe
O4 - HKLM \ .. \ Run: [QuickTime Task] "C: \ Programmer \ QuickTime \ QTTask.exe"-atboottime
O4 - HKLM \ .. \ Run: [iTunesHelper] "C: \ Programmer \ iTunes \ iTunesHelper.exe"
O4 - HKLM \ .. \ Run: [SunJavaUpdateSched] "C: \ Programmer \ Java \ jre6 \ bin \ jusched.exe"
O4 - HKLM \ .. \ Run: [Adobe Reader Speed Launcher] "C: \ Programmer \ Adobe \ Reader 9.0 \ Reader \ Reader_sl.exe"
O4 - HKLM \ .. \ Run: [WinPatrol] C: \ Programmer \ BillP Studios \ WinPatrol \ winpatrol.exe-expressboot
O4 - HKLM \ .. \ Run: [NvCplDaemon] rundll32.exe C: \ Windows \ system32 \ NvCpl.dll, NvStartup
O4 - HKLM \ .. \ Run: [NvMediaCenter] rundll32.exe C: \ Windows \ system32 \ NvMcTray.dll, NvTaskbarInit
O4 - HKLM \ .. \ Run: [avast!] C: \ PROGRA ~ 1 \ ALWILS ~ 1 \ Avast4 \ ashDisp.exe
O4 - HKCU \ .. \ Run: [SWG] C: \ Programmer \ Google \ GoogleToolbarNotifier \ GoogleToolbarNo tifier.exe
O4 - HKCU \ .. \ Run: [ehTray.exe] C: \ Windows \ ehome \ ehTray.exe
O4 - HKCU \ .. \ Run: [OM2_Monitor] "C: \ Programmer \ Olympus \ Olympus Master 2 \ MMonitor.exe"
O4 - HKCU \ .. \ Run: [WMPNSCFG] C: \ Programmer \ Windows Media Player \ WMPNSCFG.exe
O4 - HKCU \ .. \ Run: [SpybotSD TeaTimer] C: \ Programmer \ Spybot - Search & Destroy \ TeaTimer.exe
O4 - HKCU \ .. \ Run: [Eraser] C: \ Programmer \ Eraser \ Eraser.exe-skjul
O4 - HKCU \ .. \ Run: [SUPERAntiSpyware] C: \ Programmer \ SUPERAntiSpyware \ SUPERAntiSpyware.exe
O4 - HKUS \ S-1-5-19 \ .. \ Run: [Sidebar]% ProgramFiles% \ Windows Sidebar \ Sidebar.exe / detectMem (User 'LOCAL SERVICE')
O4 - HKUS \ S-1-5-19 \ .. \ Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll, ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS \ S-1-5-20 \ .. \ Run: [Sidebar]% ProgramFiles% \ Windows Sidebar \ Sidebar.exe / detectMem (User 'NETWORK SERVICE')
O4 - Global Startup: Stærke Technology Launcher.lnk =?
O4 - Global Startup: Kodak EasyShare software.lnk = C: \ Programmer \ Kodak \ Kodak EasyShare software \ bin \ EasyShare.exe
O8 - Extra sammenhæng menupunktet: E & ksporter til Microsoft Excel - res: / / C: \ PROGRA ~ 1 \ mikroer ~ 2 \ Office12 \ EXCEL.EXE/3000
O9 - Ekstra knap: Send til OneNote - (2670000A-7350-4f3c-8081-5663EE0C6C49) - C: \ PROGRA ~ 1 \ mikroer ~ 2 \ Office12 \ ONBttnIE.dll
O9 - Extra 'Tools' MENUITEM: S & ende til OneNote - (2670000A-7350-4f3c-8081-5663EE0C6C49) - C: \ PROGRA ~ 1 \ mikroer ~ 2 \ Office12 \ ONBttnIE.dll
O9 - Ekstra knap: Research - (92780B25-18CC-41C8-B9BE-3C9C571A8263) - C: \ PROGRA ~ 1 \ mikroer ~ 2 \ Office12 \ REFIEBAR.DLL
O9 - Extra knappen: (no name) - (DFB852A3-47F8-48C4-A200-58CAB36FD2A2) - C: \ PROGRA ~ 1 \ Spybot ~ 1 \ SDHelper.dll
O9 - Extra 'Tools' MENUITEM: Spybot - Search & Destroy Configuration - (DFB852A3-47F8-48C4-A200-58CAB36FD2A2) - C: \ PROGRA ~ 1 \ Spybot ~ 1 \ SDHelper.dll
O13 - Gopher Prefix:
O16 - DPF: (3860DD98-0549-4D50-AA72-5D17D200EE10) --
O18 - Filter: x-sdch - (B1759355-3EEC-4C1E-B0F1-B719FE26E377) - C: \ Programmer \ Google \ Google Toolbar \ Component \ fastsearch_A8904FB862BD9564.dll
O20 - Winlogon Notify:! SASWinLogon - C: \ Programmer \ SUPERAntiSpyware \ SASWINLO.dll
O23 - Service: ArcSoft Connect Daemon (ACDaemon) - ArcSoft Inc. - C: \ Programmer \ Fælles filer \ ArcSoft \ Connection Service \ Bin \ ACService.exe
O23 - Service: ePerformance Service (AcerMemUsageCheckService) - Ukendt ejer - C: \ Acer \ Stærke Technology \ ePerformance \ MemCheck.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C: \ Programmer \ Common Files \ Apple \ Mobile Device Support \ bin \ AppleMobileDeviceService.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C: \ Programmer \ Alwil Software \ Avast4 \ aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C: \ Programmer \ Alwil Software \ Avast4 \ ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C: \ Programmer \ Alwil Software \ Avast4 \ ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C: \ Programmer \ Alwil Software \ Avast4 \ ashWebSv.exe
O23 - Service: Bonjour Service - Apple Inc. - C: \ Programmer \ Bonjour \ mDNSResponder.exe
O23 - Service: NTI Backup Now 5 Agent Service (BUNAgentSvc) - NewTech Infosystems, Inc. - C: \ Programmer \ NewTech Infosystems \ NTI Backup Now 5 \ Client \ Agentsvc.exe
O23 - Service: eRecovery Service (eRecoveryService) - Acer Inc. - C: \ Acer \ Stærke Technology \ eRecovery \ eRecoveryService.exe
O23 - Service: eSettings Service (eSettingsService) - Ukendt ejer - C: \ Acer \ Stærke Technology \ eSettings \ Service \ capuserv.exe
O23 - Service: Google Software Updater (gusvc) - Google - C: \ Programmer \ Google \ Common \ Google Updater \ GoogleUpdaterService.exe
O23 - Service: iPod Service - Apple Inc. - C: \ Programmer \ iPod \ bin \ iPodService.exe
O23 - Service: lxce_device - - C: \ Windows \ system32 \ lxcecoms.exe
O23 - Service: NTI Backup Now 5 Backup Service (NTIBackupSvc) - NewTech InfoSystems, Inc. - C: \ Programmer \ NewTech Infosystems \ NTI Backup Now 5 \ BackupSvc.exe
O23 - Service: NTI Backup Now 5 Scheduler Service (NTISchedulerSvc) - Ukendt ejer - C: \ Programmer \ NewTech Infosystems \ NTI Backup Now 5 \ SchedulerSvc.exe
O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C: \ Windows \ system32 \ nvvsvc.exe
O23 - Service: SBSD Security Center Service (SBSDWSCService) - Safer Networking Ltd - C: \ Programmer \ Spybot - Search & Destroy \ SDWinSec.exe

--
End of file - 9919 bytes

**sjb007** · #2 23. maj 2009, 23:45

Hej Bubba ....

Vi er nødt til at deaktivere din TeaTimer da det kan interferere med de rettelser, vi skal gøre.

1) Kør Spybot-S & D
2) Gå til Mode-menuen, og sørg for at "Advanced Mode" er valgt
3) På venstre side, vælg Funktioner -> Resident
4) Fjern markeringen "Resident TeaTimer" og OK enhver anledning
5) Genstart computeren.

Downloade ResetTeaTimer.bat ved at højreklikke på linket og vælge Gem som.

* Gem på dit skrivebord.
* Dobbeltklik på ResetTeaTimer.zip
* Dobbeltklik på ResetTeaTimer.bat og klik på Kør for at fjerne alle indtastninger er fastsat af TeaTimer.

Efter alle de rettelser er afsluttet, er det meget vigtigt, at du aktiverer TeaTimer igen, vil jeg lade dig vide, hvornår det er sikkert at gøre det.

Et selvstudium for Tea Timer kan findes her -> http://russelltexas.com/malware/teatimer.htm

==========================================\u0

Download og scanning med ComboFix.exe. Kan du besøge denne webside for download links, og instruktioner for at køre værktøjet:

http://www.bleepingcomputer.com/comb...o-use-combofix

Sikre, at du har slået alle anti-virus og anti malware-programmer, herunder winpatrol så de ikke interfererer med driften af ComboFix.

Angiv venligst også C: \ ComboFix.txt i dit næste svar med yderligere revision.

==========================================\u0

Gå til Start-menuen > Vælg Løbe og kopiere / indsætte følgende i boksen Kør, og klik OK:

C: \ Qoobox \ Add-Fjern Programs.txt

En tekstfil skal åbne. Please post indholdet af denne fil i dit næste svar.

**Bubba** · #3 24. maj 2009, 02:33

Et par ting, før jeg sender Kævlerne:

1. På Tea Timer tutorial dig sammen, det siges at også deaktivere den residente SDHelper så jeg gjorde.
2. ComboFix ikke vise bagsiden op regisdtry skærmen, medmindre det er en hurtig skærm, og jeg mistede den, mens man ser på min computer (husk dette på er venner). Det har ikke afbryde forbindelsen til internettet heller ikke jeg mærke til det ændrede tiden. Begge ikoner blev synligt, mens combo rettelse var kører. Er det et problem? Også, efter at have kørt Combofix, tapetet var fordrejet, så jeg genstartet. Når computerstarted sikkerhedskopierer, tapetet var borte, Firefox ikke længere var standard-browser og en besked poppet op at IE hjemmeside var blevet ændret til MSN (jeg tror). Er det normalt? Også, Winpatrol bemærkes, at en ny tjeneste, var blevet tilføjet: appmgmts.dll.

3. Før du reagerede på denne, jeg sluppet af Google Toolbar. Flere af de HJT poster kiggede underligt. I 018 for eksempel, var det kaldes x-sdCH stedet for x-SDHC .......... Foruden lol, jeg hader værktøjslinjer og de kan altid tilføje det igen, hvis de ønsker det. Uanset, at ændrede HJT log. Jeg er også sluppet af 2 - 02's, der var ingen fil er forbundet med dem.

4. Hvad er det, vi søger efter i Combofix? LOL jeg begyndte at downloade og køre det, før jeg indsendt denne tråd, men besluttede jeg bare vide ved nok endnu ikke rodet med det.

Og uden omsvøb:

ComboFix 09-05-23.04 - Shirley 05/24/2009 4:48.1 - NTFSx86
Microsoft ® Windows Vista ™ Home Premium 6.0.6001.1.1252.1.1033.18.2814.1916 [GMT -4:00]
Kører fra: c: \ users \ Shirley \ Desktop \ ComboFix.exe
SP: Spybot - Search and Destroy * handicappede * (forældet) (ED588FAF-1B8F-43B4-ACA8-8E3C85DADBE9)
SP: SUPERAntiSpyware * handicappede * (Opdateret) (222A897C-5018-402e-943F-7E7AC8560DA7)
SP: Windows Defender * aktiveret * (Opdateret) (D68DDC3A-831F-4FAE-9E44-DA132C1ACF46)
.

((((((((((((((((((((((((( Files Created fra 2009-04-24 til 2009-05-24 ))))))))))) ))))))))))))))))))))
.

2009-05-22 23:57. 2009-05-24 08:40 117760 ---- aw C: \ Users \ Shirley \ AppData \ Roaming \ SUPERAntiSpyware. dk \ SUPERAntiSpyware \ SDDLLS \ UIREPAIR.DLL
2009-05-22 23:56. 2009-05-22 23:56 -------- d ----- WC: \ programdata \ SUPERAntiSpyware.com
2009-05-22 23:52. 2009-05-22 23:52 -------- d ----- WC: \ Programmer \ SUPERAntiSpyware
2009-05-22 23:52. 2009-05-22 23:52 -------- d ----- WC: \ users \ Shirley \ AppData \ Roaming \ SUPERAntiSpyware. dk
2009-05-22 20:36. 2009-05-22 20:36 -------- d ----- WC: \ Programmer \ Common Files \ Wise Installation Wizard
2009-05-22 15:06. 2009-02-05 20:06 51376 ---- aw C: \ Windows \ system32 \ drivers \ aswTdi.sys
2009-05-22 15:06. 2009-02-05 20:06 23152 ---- aw C: \ Windows \ system32 \ drivers \ aswRdr.sys
2009-05-22 15:06. 2009-02-05 20:07 114768 ---- aw C: \ Windows \ system32 \ drivers \ aswSP.sys
2009-05-22 15:06. 2009-02-05 20:07 20560 ---- aw C: \ Windows \ system32 \ drivers \ aswFsBlk.sys
2009-05-22 15:06. 2009-02-05 20:04 97480 ---- aw C: \ Windows \ system32 \ AvastSS.scr
2009-05-22 15:06. 2009-02-05 20:11 1256296 ---- aw C: \ Windows \ system32 \ aswBoot.exe
2009-05-22 15:06. 2009-02-05 20:06 51792 ---- aw C: \ Windows \ system32 \ drivers \ aswMonFlt.sys
2009-05-22 15:06. 2009-05-22 15:06 -------- d ----- WC: \ Programmer \ Alwil Software
2009-05-22 04:38. 2009-05-22 04:38 738120 ---- aw C: \ programdata \ Microsoft \ eHome \ Packages \ MCESpotlig HT \ MCESpotlight \ SpotlightResources.dll
2009-05-20 12:43. 2008-06-20 01:14 97800 ---- aw C: \ Windows \ system32 \ infocardapi.dll
2009-05-20 12:43. 2008-06-20 01:14 105016 ---- aw C: \ Windows \ system32 \ PresentationCFFRasterizerNativ e_v0300.dll
2009-05-20 12:43. 2008-06-20 01:14 11264 ---- aw C: \ Windows \ system32 \ icardres.dll
2009-05-20 12:43. 2008-06-20 01:14 622080 ---- aw C: \ Windows \ system32 \ icardagt.exe
2009-05-20 12:43. 2008-06-20 01:14 43544 ---- aw C: \ Windows \ system32 \ PresentationHostProxy.dll
2009-05-20 12:43. 2008-06-20 01:14 781344 ---- aw C: \ Windows \ system32 \ PresentationNative_v0300.dll
2009-05-20 12:43. 2008-06-20 01:14 326160 ---- aw C: \ Windows \ system32 \ PresentationHost.exe
2009-05-20 12:33. 2008-07-27 18:03 96760 ---- aw C: \ Windows \ system32 \ dfshim.dll
2009-05-20 12:33. 2008-07-27 18:03 282112 ---- aw C: \ Windows \ system32 \ mscoree.dll
2009-05-20 12:33. 2008-07-27 18:03 41984 ---- aw C: \ Windows \ system32 \ netfxperf.dll
2009-05-20 12:32. 2008-07-27 18:03 158720 ---- aw C: \ Windows \ system32 \ mscorier.dll
2009-05-20 12:32. 2008-07-27 18:03 83968 ---- aw C: \ Windows \ system32 \ mscories.dll
2009-05-20 11:39. 2009-05-20 11:39 -------- d ----- WC: \ Programmer \ Microsoft Silverlight
2009-05-20 04:03. 2009-05-20 11:00 -------- d ----- WC: \ Programmer \ Windows Live Safety Center
2009-05-19 23:20. 2009-05-19 23:20 -------- d ----- WC: \ users \ Shirley \ AppData \ Local \ Acer DV trolden
2009-05-19 23:10. 2009-05-19 23:10 -------- d ----- WC: \ Windows \ søndag
2009-05-19 20:40. 2009-05-19 20:40 -------- d ----- WC: \ users \ Shirley \ AppData \ Roaming \ com.adobe.mauby.4 875E02D9FB21EE389F73B8D1702B320485DF8CE.1
2009-05-19 20:40. 2009-05-19 11:41 38200 ---- aw C: \ Users \ Shirley \ AppData \ Roaming \ Macromedia \ Flash Player \www.macromedia.com \ bin \ airappinstaller \ airappinsta ller.exe
2009-05-19 18:24. 2009-05-24 08:38 -------- d ----- WC: \ users \ Shirley \ AppData \ Local \ Eraser
2009-05-19 18:24. 2009-05-19 18:24 -------- d - h - WC: \ users \ Shirley \ AppData \ Local \ (A25FEDC1-F6D7-440C-BCE2-B71F595F6646)
2009-05-19 18:24. 2009-05-19 18:24 -------- d ----- WC: \ Programmer \ Eraser
2009-05-19 17:20. 2009-05-19 17:20 -------- d ----- WC: \ users \ Shirley \ AppData \ Roaming \ eSobi
2009-05-19 17:11. 2008-07-10 06:32 538 ---- aw C: \ Windows \ system32 \ RegRaidSedona.bat
2009-05-19 17:07. 2009-05-19 17:07 -------- d ----- w C: \ NVIDIA
2009-05-19 14:04. 2009-05-19 14:05 -------- d ----- WC: \ Programmer \ Spybot - Search & Destroy
2009-05-19 14:04. 2009-05-19 14:05 -------- d ----- WC: \ programdata \ Spybot - Search & Destroy
2009-05-19 13:01. 2009-05-19 13:01 -------- d ----- WC: \ users \ Shirley \ AppData \ Roaming \ WinPatrol
2009-05-19 13:01. 2006-09-18 21:43 10 ---- aw C: \ Users \ Shirley \ AppData \ Roaming \ WinPatrol \ Config. sys
2009-05-19 13:01. 2006-09-18 21:43 24 ---- aw C: \ Users \ Shirley \ AppData \ Roaming \ WinPatrol \ Autoexe c.bat
2009-05-19 13:01. 2009-05-19 13:01 -------- d ----- WC: \ Programmer \ BillP Studios
2009-05-19 12:26. 2009-05-19 12:26 -------- d ----- WC: \ users \ Shirley \ AppData \ Roaming \ Malwarebytes
2009-05-19 12:26. 2009-04-06 19:32 15504 ---- aw C: \ Windows \ system32 \ drivers \ mbam.sys
2009-05-19 12:26. 2009-04-06 19:32 38496 ---- aw C: \ Windows \ system32 \ drivers \ mbamswissarmy.sys
2009-05-19 12:26. 2009-05-19 13:22 -------- d ----- WC: \ Programmer \ Malwarebytes' Anti-Malware
2009-05-19 12:26. 2009-05-19 12:26 -------- d ----- WC: \ programdata \ Malwarebytes
2009-05-19 11:53. 2009-05-19 11:53 0 ---- aw C: \ Windows \ nsreg.dat
2009-05-19 11:53. 2009-05-19 11:53 -------- d ----- WC: \ users \ Shirley \ AppData \ Local \ Mozilla
2009-05-19 11:41. 2009-05-19 11:41 -------- d ----- WC: \ Programmer \ Common Files \ Adobe AIR
2009-05-19 11:38. 2009-05-19 12:45 -------- d ----- WC: \ programdata \ NOS
2009-05-19 11:29. 2009-05-19 11:29 -------- d ----- WC: \ users \ Shirley \ AppData \ Local \ Syv Zip
2009-05-19 10:41. 2009-03-19 20:32 23400 ---- aw C: \ Windows \ system32 \ drivers \ GEARAspiWDM.sys
2009-05-19 10:41. 2008-04-17 16:12 107368 ---- aw C: \ Windows \ system32 \ GEARAspi.dll
2009-05-19 10:41. 2009-05-20 01:10 -------- d ----- WC: \ Programmer \ iPod
2009-05-19 10:41. 2009-05-19 10:41 -------- d ----- WC: \ programdata \ (8CD7F5AF-ECFA-4793-BF40-D8F42DBFF906)
2009-05-19 10:41. 2009-05-19 10:41 -------- d ----- WC: \ Programmer \ iTunes
2009-05-19 10:38. 2009-05-19 10:38 -------- d ----- WC: \ Programmer \ QuickTime
2009-05-19 10:34. 2009-05-19 10:34 75048 ---- aw C: \ programdata \ Apple Computer \ Installer Cache \ iTunes 8.1.1.10 \ SetupAdmin.exe
2009-05-19 10:34. 2009-05-19 10:34 -------- d ----- WC: \ Programmer \ Bonjour
2009-05-19 10:33. 2009-05-19 10:33 416128 ---- aw C: \ programdata \ Microsoft \ eHome \ Packages \ NetTV \ panden se \ NetTVResources.dll
2009-05-19 10:29. 2009-05-19 10:29 410984 ---- aw C: \ Windows \ system32 \ deploytk.dll
2009-05-12 02:36. 2009-05-12 02:36 2930 --- h - WC: \ Windows \ ms49f4d98.dat
2009-05-11 23:55. 2009-04-14 00:39 4656976 ---- aw C: \ programdata \ Microsoft \ Windows Defender \ Definition Updates \ (DD7D9A19-5FB4-4855-A8E0-F0A00524AD5E) \ mpengine.dll

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))) ))))))))))))))))))))))))))))))))))))))))))))
.
2009-05-24 08:39. 2009-02-17 13:54 602 ---- aw C: \ programdata \ ArcSoft \ Kodak-printcreations-22-080812-oem \ acforall.dll
2009-05-24 04:22. 2008-09-12 01:46 -------- d ----- WC: \ Programmer \ Google
2009-05-20 11:55. 2008-09-11 17:01 104472 ---- aw C: \ Users \ Shirley \ AppData \ Local \ GDIPFONTCACHEV1.DAT
2009-05-20 11:51. 2008-02-05 19:30 -------- d ----- WC: \ programdata \ Microsoft Hjælp
2009-05-20 11:49. 2008-02-05 19:31 -------- d ----- WC: \ Programmer \ Microsoft Works
2009-05-20 03:54. 2008-09-12 14:01 -------- d ----- WC: \ Programmer \ Lx_cats
2009-05-20 00:42. 2008-02-05 20:19 -------- d ----- WC: \ Programmer \ Common Files \ Adobe
2009-05-19 23:28. 2008-02-05 19:26 -------- d - h - WC: \ Programmer \ InstallShield Installation Information
2009-05-19 23:27. 2008-02-05 19:49 -------- d ----- WC: \ Programmer \ Acer Arcade Live
2009-05-19 23:20. 2008-09-15 23:24 -------- d ----- WC: \ users \ Shirley \ AppData \ Roaming \ Cyberlink
2009-05-19 21:38. 2008-09-12 20:56 -------- d ----- WC: \ Programmer \ Common Files \ SureThing Shared
2009-05-19 21:04. 2008-09-12 14:09 1664 ---- aw C: \ Users \ Shirley \ AppData \ Roaming \ wklnhst.dat
2009-05-19 17:29. 2009-03-04 15:55 -------- d ----- WC: \ users \ Shirley \ AppData \ Roaming \ Sony
2009-05-19 17:20. 2008-02-05 19:22 -------- d ----- WC: \ programdata \ NVIDIA
2009-05-19 16:54. 2008-02-05 18:03 36864 ---- aw C: \ Windows \ system32 \ nvcod100.dll
2009-05-19 16:54. 2007-10-25 11:02 147456 ---- aw C: \ Windows \ system32 \ nvcolor.exe
2009-05-19 16:13. 2008-09-12 01:47 -------- d ----- WC: \ users \ Shirley \ AppData \ Roaming \ LimeWire
2009-05-19 11:32. 2008-02-05 20:08 -------- d ----- WC: \ Programmer \ Yahoo!
2009-05-19 11:05. 2008-09-12 01:45 -------- d ----- WC: \ Programmer \ Java
2009-05-19 10:41. 2008-09-13 03:14 -------- d ----- WC: \ Programmer \ Common Files \ Apple
2009-05-19 10:38. 2008-09-13 03:15 -------- d ----- WC: \ programdata \ Apple Computer
2009-05-11 12:10. 2009-05-11 12:10 78260 ---- aw C: \ programdata \ SPL23D4.tmp
2009-04-17 10:12. 2006-11-02 11:18 -------- d ----- WC: \ Programmer \ Windows Mail
2009-04-02 22:13. 2009-04-02 22:13 702127 ---- aw C: \ programdata \ SPLFB91.tmp
2009-03-19 20:32. 2009-03-19 20:32 23400 ---- aw C: \ programdata \ (8CD7F5AF-ECFA-4793-BF40-D8F42DBFF906) \ x86 \ x86 \ GEARAspiWDM.sys
2009-03-17 03:38. 2009-04-17 05:22 13824 ---- aw C: \ Windows \ system32 \ apilogen.dll
2009-03-17 03:38. 2009-04-17 05:22 24064 ---- aw C: \ Windows \ system32 \ amxread.dll
2009-03-08 11:34. 2009-05-20 03:47 914944 ---- aw C: \ Windows \ system32 \ Wininet.dll
2009-03-08 11:34. 2009-05-20 03:47 43008 ---- aw C: \ Windows \ system32 \ licmgr10.dll
2009-03-08 11:33. 2009-05-20 03:47 18944 ---- aw C: \ Windows \ system32 \ corpol.dll
2009-03-08 11:33. 2009-05-20 03:47 109056 ---- aw C: \ Windows \ system32 \ iesysprep.dll
2009-03-08 11:33. 2009-05-20 03:47 109568 ---- aw C: \ Windows \ system32 \ PDMSetup.exe
2009-03-08 11:33. 2009-05-20 03:47 107520 ---- aw C: \ Windows \ system32 \ RegisterIEPKEYs.exe
2009-03-08 11:33. 2009-05-20 03:47 103936 ---- aw C: \ Windows \ system32 \ SetDepNx.exe
2009-03-08 11:33. 2009-05-20 03:47 132608 ---- aw C: \ Windows \ system32 \ ieUnatt.exe
2009-03-08 11:33. 2009-05-20 03:47 107008 ---- aw C: \ Windows \ system32 \ SetIEInstalledDate.exe
2009-03-08 11:33. 2009-05-20 03:47 420352 ---- aw C: \ Windows \ system32 \ vbscript.dll
2009-03-08 11:32. 2009-05-20 03:47 72704 ---- aw C: \ Windows \ system32 \ admparse.dll
2009-03-08 11:32. 2009-05-20 03:47 71680 ---- aw C: \ Windows \ system32 \ iesetup.dll
2009-03-08 11:32. 2009-05-20 03:47 66560 ---- aw C: \ Windows \ system32 \ wextract.exe
2009-03-08 11:32. 2009-05-20 03:47 169472 ---- aw C: \ Windows \ system32 \ iexpress.exe
2009-03-08 11:31. 2009-05-20 03:47 34816 ---- aw C: \ Windows \ system32 \ imgutil.dll
2009-03-08 11:31. 2009-05-20 03:47 48128 ---- aw C: \ Windows \ system32 \ Mshtmler.dll
2009-03-08 11:31. 2009-05-20 03:47 45568 ---- aw C: \ Windows \ system32 \ Mshta.exe
2009-03-08 11:22. 2009-05-20 03:47 156160 ---- aw C: \ Windows \ system32 \ msls31.dll
2009-03-03 04:46. 2009-04-17 05:22 3599328 ---- aw C: \ Windows \ system32 \ ntkrnlpa.exe
2009-03-03 04:46. 2009-04-17 05:22 3547632 ---- aw C: \ Windows \ system32 \ ntoskrnl.exe
2009-03-03 04:39. 2009-04-17 05:22 183296 ---- aw C: \ Windows \ system32 \ sdohlp.dll
2009-03-03 04:39. 2009-04-17 05:22 551424 ---- aw C: \ Windows \ system32 \ Rpcss.dll
2009-03-03 04:39. 2009-04-17 05:22 26112 ---- aw C: \ Windows \ system32 \ printfilterpipelineprxy.dll
2009-03-03 04:37. 2009-04-17 05:22 98304 ---- aw C: \ Windows \ system32 \ iasrecst.dll
2009-03-03 04:37. 2009-04-17 05:22 54784 ---- aw C: \ Windows \ system32 \ iasads.dll
2009-03-03 04:37. 2009-04-17 05:22 44032 ---- aw C: \ Windows \ system32 \ iasdatastore.dll
2009-03-03 03:04. 2009-04-17 05:22 666624 ---- aw C: \ Windows \ system32 \ printfilterpipelinesvc.exe
2009-03-03 02:38. 2009-04-17 05:22 17408 ---- aw C: \ Windows \ system32 \ iashost.exe
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))) ))))))))))))))))))))))))))))))))))))))))
.
.
* Note * empty entries & legit default entries er ikke vist
REGEDIT4

[HKEY_CURRENT_USER \ SOFTWARE \ Microsoft \ Windows \ Curre ntVersion \ Run]
"ehTray.exe" = "C: \ Windows \ ehome \ ehTray.exe" [2008-01-21 125952]
"OM2_Monitor" = "c: \ Programmer \ Olympus \ Olympus Master 2 \ MMonitor.exe" [2008-11-07 95536]
"WMPNSCFG" = "c: \ Programmer \ Windows Media Player \ WMPNSCFG.exe" [2008-01-21 202240]
"Eraser" = "c: \ Programmer \ Eraser \ Eraser.exe" [2007-12-22 916240]
"SUPERAntiSpyware" = "c: \ Programmer \ SUPERAntiSpyware \ SUPERAntiSpyware.exe" [2009-05-14 1830128]

[HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ Windows \ Curr entVersion \ Run]
"BkupTray" = "c: \ Programmer \ NewTech Infosystems \ NTI Backup Now 5 \ BkupTray.exe" [2007-12-30 34552]
"Acer Stærke Technology Monitor" = "c: \ acer \ Stærke Technology \ SysMonitor.exe" [2008-01-10 326176]
"SMSERIAL" = "c: \ Programmer \ Motorola \ SMSERIAL \ sm56hlpr.exe" [2007-02-02 630784]
"Acer Product Registration" = "c: \ program files \ Acer Registration \ ACE1.exe" [2007-10-15 3387392]
"NVRaidService" = "C: \ Windows \ system32 \ nvraidservice. Exe" [2008-11-12 203296]
"LXCECATS" = "C: \ Windows \ system32 \ spool \ DRIVERS \ W32X 86 \ 3 \ LXCEtime.dll" [2007-02-22 73728]
"lxcemon.exe" = "c: \ Programmer \ Lexmark 4300 Series \ lxcemon.exe" [2007-05-17 205744]
"EzPrint" = "c: \ Programmer \ Lexmark 4300 Series \ ezprint.exe" [2007-05-17 103344]
"ArcSoft Connection Service" = "c: \ Programmer \ Fælles filer \ ArcSoft \ Connection Service \ Bin \ ACDaemon.exe" [2009-04-29 188728]
"QuickTime Task" = "c: \ Programmer \ QuickTime \ QTTask.exe" [2009-01-05 413696]
"iTunesHelper" = "c: \ Programmer \ iTunes \ iTunesHelper.exe" [2009-04-02 342312]
"SunJavaUpdateSched" = "c: \ Programmer \ Java \ jre6 \ bin \ jusched.exe" [2009-05-19 148888]
"Adobe Reader Speed Launcher" = "c: \ Programmer \ Adobe \ Reader 9.0 \ Reader \ Reader_sl.exe" [2009-02-27 35696]
"WinPatrol" = "c: \ program files \ BillP Studios \ WinPatrol \ winpatrol.exe" [2009-04-20 337216]
"NvCplDaemon" = "C: \ Windows \ system32 \ NvCpl.dll" [2009-01-16 13683232]
"NvMediaCenter" = "C: \ Windows \ system32 \ NvMcTray. Dll" [2009-01-16 92704]
"avast!" = "c: \ progra ~ 1 \ ALWILS ~ 1 \ Avast4 \ ashDisp. exe" [2009-02-05 81000]
"RtHDVCpl" = "RtHDVCpl.exe" - C: \ Windows \ RtHDVCpl.exe [2007-10-11 4702208]

c: \ programdata \ Microsoft \ Windows \ Menuen Start \ Programmer \ Start \
Stærke Technology Launcher.lnk - C: \ acer \ Stærke Technology \ eAPLauncher.exe [2008-2-5 535336]
Kodak EasyShare software.lnk - c: \ Programmer \ Kodak \ Kodak EasyShare software \ bin \ EasyShare.exe [2008-10-30 282624]

[HKEY_LOCAL_MACHINE \ Software \ Microsoft \ Windows \ Curr entversion \ policies \ system]
"EnableUIADesktopToggle" = 0 (0x0)
"EnableLUA" = 0 (0x0)

[HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ Windows \ Curr entversion \ Explorer \ ShellExecuteHooks]
"(5AE067D3-9AFB-48E0-853A-EBB7F4A000DA)" = "c: \ Programmer \ SUPERAntiSpyware \ SASSEH.DLL" [2008-05-13 77824]

[HKEY_LOCAL_MACHINE \ Software \ Microsoft \ Windows NT \ CurrentVersion \ Winlogon \ anmelde \! SASWinLogon]
2008-12-22 16:05 356352 ---- aw C: \ Programmer \ SUPERAntiSpyware \ SASWINLO.dll

HKEY_LOCAL_MACHINE \ Software \ Microsoft \ Windows NT \ CurrentVersion \ drivers32
"wave2" = serwvdrv.dll

[HKEY_LOCAL_MACHINE \ SYSTEM \ CurrentControlSet \ Contro l \ SafeBoot \ Minimal \ WinDefend]
@ = "Service"

[HKEY_LOCAL_MACHINE \ Software \ Microsoft \ Security Center \ Monitoring]
"DisableMonitoring" = dword: 00000001

[HKEY_LOCAL_MACHINE \ Software \ Microsoft \ Security Center \ Monitoring \ SymantecAntiVirus]
"DisableMonitoring" = dword: 00000001

[HKEY_LOCAL_MACHINE \ Software \ Microsoft \ Security Center \ Monitoring \ SymantecFirewall]
"DisableMonitoring" = dword: 00000001

[HKLM \ ~ \ Services \ sharedaccess \ Parameters \ firewallpo licy \ FirewallRules]
"(2E9A4533-1359-46B6-B326-2B899D73FD10)" = UDP: C: \ Program Files \ Microsoft Office \ Office12 \ ONENOTE.EXE: Microsoft Office OneNote
"(ADE9CF49-7A0E-4076-9B85-7648EC5E7736)" = TCP: C: \ Program Files \ Microsoft Office \ Office12 \ ONENOTE.EXE: Microsoft Office OneNote
"(6299EEE5-1856-4B10-9916-798B1C1AEF89)" = UDP: C: \ Programmer \ NewTech Infosystems \ NTI Backup Now 5 \ BackupSvc.exe: BackupSvc.exe
"(F3CFA48D-AE6A-482E-96D7-2390C5C0FDF5)" = UDP: C: \ Programmer \ NewTech Infosystems \ NTI Backup Now 5 \ Client \ Agentsvc.exe: AgentSvc.exe
"(D430641B-178B-4C39-B53C-F6B3221DB01A)" = TCP: C: \ Programmer \ NewTech Infosystems \ NTI Backup Now 5 \ BackupSvc.exe: BackupSvc.exe
"(948000F3-8719-4206-B4C5-6506B663184F)" = TCP: C: \ Programmer \ NewTech Infosystems \ NTI Backup Now 5 \ Client \ Agentsvc.exe: AgentSvc.exe
"(8BCD640B-594A-465F-8A9E-E5A6C07DC081)" = UDP: C: \ Programmer \ NewTech Infosystems \ NTI Backup Now 5 \ SchedulerSvc.exe: SchedulerSvc.exe
"(7B6B3B53-9D2B-40C9-B91F-FE85E1D6A25A)" = TCP: C: \ Programmer \ NewTech Infosystems \ NTI Backup Now 5 \ SchedulerSvc.exe: SchedulerSvc.exe
"(CA5E49E2-2662-4B15-BE6C-0FC7F1CC3A1B)" = UDP: C: \ Windows \ System32 \ lxcecoms.exe: Lexmark Communications System
"(61DAEE1D-D19E-4F1A-B41E-603246AF524C)" = TCP: C: \ Windows \ System32 \ lxcecoms.exe: Lexmark Communications System
"(EB8798E6-358B-4DDA-A219-21BBC5D3C79A)" = UDP: C: \ Windows \ System32 \ spool \ drivers \ w32x86 \ 3 \ lxc epswx.exe: Printer Status Window
"(C513D5EB-73E1-4ED7-A04C-C37C9E69B4B0)" = TCP: C: \ Windows \ System32 \ spool \ drivers \ w32x86 \ 3 \ lxc epswx.exe: Printer Status Window
"(99976595-B4E1-4C9A-A3DE-A67AEDEE9B55)" = C: \ Program Files \ Acer Arcade Live \ Acer Arcade Live Main Page \ Acer Arcade Live.exe: Acer Arcade Live
"(7A37205C-E643-4464-8C27-FAFCC859102D)" = UDP: C: \ Program Files \ Microsoft Office \ Office12 \ ONENOTE.EXE: Microsoft Office OneNote
"(1DF156D1-94E3-4B3D-A91E-724DFC89819E)" = TCP: C: \ Program Files \ Microsoft Office \ Office12 \ ONENOTE.EXE: Microsoft Office OneNote
"(B7DA4A0B-FA80-40F6-A9A6-B737F64A2D2D)" = UDP: C: \ Programmer \ Bonjour \ mDNSResponder.exe: Bonjour
"(D7D156E3-7B84-41F2-9FD8-CF9860453F65)" = TCP: C: \ Programmer \ Bonjour \ mDNSResponder.exe: Bonjour
"(F8CDA590-0FD3-4E40-8A6C-9850B1E5C2AB)" = UDP: C: \ Programmer \ iTunes \ iTunes.exe: iTunes
"(F6A110DE-6630-4823-B892-60950EB9ED71)" = TCP: C: \ Programmer \ iTunes \ iTunes.exe: iTunes
"(8640BFAB-1B85-48CC-95D5-9AABB44E4D95)" = UDP: C: \ Programmer \ BillP Studios \ WinPatrol \ WinPatrol.exe: WinPatrol
"(6CC4A3BE-8F00-4983-B199-3050D54509B8)" = TCP: C: \ Programmer \ BillP Studios \ WinPatrol \ WinPatrol.exe: WinPatrol
"(1EA08720-DA12-4CDE-8A5A-AF15D91C1E5F)" = UDP: C: \ Programmer \ Malwarebytes' Anti-Malware \ mbam.exe: Malwarebytes' Anti-Malware
"(DDDCF108-71DF-48CD-AD53-71D17C3F2C5C)" = TCP: C: \ Programmer \ Malwarebytes' Anti-Malware \ mbam.exe: Malwarebytes' Anti-Malware
"(F98C3B13-2099-40EC-B504-2445C9C5B1B0)" = UDP: C: \ Programmer \ Spybot - Search & Destroy \ SpybotSD.exe: Spybot - Search & Destroy
"(3DB81CCD-4E96-40B3-8CA9-0089C89C294B)" = TCP: C: \ Programmer \ Spybot - Search & Destroy \ SpybotSD.exe: Spybot - Search & Destroy
"(918FE1A4-6957-4640-97D9-C85BED212614)" = UDP: C: \ Programmer \ Spybot - Search & Destroy \ SDUpdate.exe: Update Spybot-S & D
"(877DB07F-9298-486A-BB5B-930AF3A683AA)" = TCP: C: \ Programmer \ Spybot - Search & Destroy \ SDUpdate.exe: Update Spybot-S & D
"(5A664831-D250-4805-BB75-32612C9742F8)" = UDP: C: \ Windows \ ehome \ ehshell.exe: Windows Media Center
"(2A157C0E-5966-4B7E-8D49-178D75EA6009)" = TCP: C: \ Windows \ ehome \ ehshell.exe: Windows Media Center

[HKLM \ ~ \ Services \ sharedaccess \ Parameters \ firewallpo licy \ StandardProfile]
"EnableFirewall" = 0 (0x0)

R1 aswSP; avast! Self Protection; C: \ Windows \ System32 \ drivers \ aswSP.sys [5/22/2009 11:06 AM 114768]
R1 FAMv4; FAMv4; C: \ Windows \ System32 \ drivers \ FAMv4.sys [12/14/2007 3:35 PM 132120]
R1 SASDIFSV; SASDIFSV c: \ Programmer \ SUPERAntiSpyware \ sasdifsv.sys [5/14/2009 2:22 PM 9968]
R1 SASKUTIL; SASKUTIL c: \ Programmer \ SUPERAntiSpyware \ SASKUTIL.SYS [5/14/2009 2:22 PM 72944]
R2 aswFsBlk; aswFsBlk; C: \ Windows \ System32 \ drivers \ aswF sBlk.sys [5/22/2009 11:06 AM 20560]
R2 aswMonFlt; aswMonFlt; C: \ Windows \ System32 \ drivers \ som wMonFlt.sys [5/22/2009 11:06 AM 51792]
R2 BUNAgentSvc; NTI Backup Now 5 Agent Service c: \ Programmer \ NewTech Infosystems \ NTI Backup Now 5 \ Client \ Agentsvc.exe [12/30/2007 5:54 PM 21752]
R2 NTIBackupSvc; NTI Backup Now 5 Backup Service c: \ Programmer \ NewTech Infosystems \ NTI Backup Now 5 \ BackupSvc.exe [12/30/2007 5:55 PM 54520]
R2 NTISchedulerSvc; NTI Backup Now 5 Scheduler Service c: \ Programmer \ NewTech Infosystems \ NTI Backup Now 5 \ SchedulerSvc.exe [12/30/2007 5:54 PM 136440]
R2 SBSDWSCService; SBSD Security Center Service c: \ Programmer \ Spybot - Search & Destroy \ SDWinSec.exe [5/19/2009 10:04 AM 1153368]
R3 SASENUM; SASENUM c: \ Programmer \ SUPERAntiSpyware \ SASENUM.SYS [5/14/2009 2:22 PM 7408]

[HKEY_LOCAL_MACHINE \ Software \ Microsoft \ Active Setup \ Installed Components \> (60B49E34-C7CC-11D0-8953-00A0C90347FF)]
"C: \ Windows \ System32 \ rundll32.exe" "C: \ Windows \ System32 \ iedkcs32.dll", BrandIEActiveSe TUP SignUp
.
- - - - Forældreløse FJERNES - - - --

SafeBoot-procexp90.Sys

.
------- Supplerende Scan -------
.
uStart Page = hxxp: / / www.yahoo.com/
mStart Page = hxxp: / / en.us.acer.yahoo.com
uInternet Settings, ProxyOverride = <local>; *. lokale
uInternet Settings, ProxyServer = http = localhost: 7171
IE: E & ksporter til Microsoft Excel - c: \ progra ~ 1 \ mikroer ~ 2 \ Office12 \ EXCEL.EXE/3000
Trusted Zone: microsoft.com \ opdatering
Trusted Zone: microsoft.com \ WindowsUpdate
FF - ProfilePath - c: \ users \ Shirley \ AppData \ Roaming \ Mozilla \ Firefox \ P rofiles \ j0dqrqc6.default \
FF - prefs.js: browser.startup.homepage - hxxp: / / en.us.acer.yahoo.com /
.

************************************************** ************************

catchme 0.3.1398 W2K/XP/Vista - rootkit / stealth malware detector ved Gmer, http://www.gmer.net
Rootkit scan 2009-05-24 04:54
Windows 6.0.6001 Service Pack 1 NTFS

scanning skjulte processer ...

scanning skjulte autostart entries ...

HKLM \ Software \ Microsoft \ Windows \ CurrentVersion \ Run
LXCECATS = rundll32 C: \ Windows \ system32 \ spool \ DRIVERS \ W32X86 \ 3 \ LXCEtim e.dll, _RunDLLEntry @ 16 ???????????????????????? ????? ?????????????????????????????????????????????????? ?????????????????????????????????????????????????? ??????????????????????????????????????????????????

scanning skjulte filer ...

scanning afsluttet med succes
skjulte filer: 0

************************************************** ************************
.
--------------------- LOCKED registreringsdatabasenøgler ---------------------

[HKEY_LOCAL_MACHINE \ SYSTEM \ ControlSet001 \ Control \ Cl røv \ (4D36E96D-E325-11CE-BFC1-08002BE10318) \0000 \ AllUserSettings]
@ Denied: (A) (Brugere)
@ Denied: (A) (Alle)
@ Tilladt: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial" = dword: 00000000
.
Afslutning tid: 2009-05-24 4:55
ComboFix-karantæne-files.txt 2009-05-24 08:55

Pre-Run: 173756547072 bytes fri
Post-Run: 173859581952 bytes fri

269 --- EOF --- 2009-05-17 10:04

Tilføj / fjern programmer

Microsoft Office Shared MUI (English) 2007
Microsoft Office Shared Setup Metadata MUI (English) 2007
Microsoft Office Word MUI (English) 2007
Microsoft Silverlight
Microsoft Visual C + + 2005 Redistributable
Microsoft Visual C + + 2008 Redistributable - x86 9.0.30729.17
Microsoft Works
Motorola SM56 Højttalertelefon Modem
Mozilla Firefox (3.0.10)
MSXML 4.0 SP2 (KB936181)
MSXML 4.0 SP2 (KB941833)
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 Parser og SDK
Mystery sag Files - Huntsville
Mystery Solitaire - Secret Island
netbrdg
NTI Backup Now 5
NTI Backup Now Standard
NTI Media Maker 8
NTI Open File Manager (fjerne only)
NVIDIA Drivers
OfotoXMI
Olympus Master 2
Olympus muvee theaterPack
PCDADDIN
PCDHELP
QuickTime
Realtek High Definition Audio Driver
Sikkerhedsopdatering til Microsoft Office PowerPoint 2007 (KB957789)
SFR
Shasta
skin0001
SKINXSDK
Spybot - Search & Destroy
staticcr
SUPERAntiSpyware Free Edition
tooltips
Turbo Pizza
Sikkerhedsopdatering til 2007 Microsoft Office System (KB967642)
Opdatering til Microsoft Office 2007 Hjælp til fælles funktioner (KB963673)
Opdatering til Microsoft Office Excel 2007 Hjælp (KB963678)
Opdatering til Microsoft Office OneNote 2007 Hjælp (KB963670)
Opdatering til Microsoft Office PowerPoint 2007 Hjælp (KB963669)
Opdatering til Microsoft Office Script Editor Hjælp (KB963671)
Opdatering til Microsoft Office Word 2007 Hjælp (KB963665)
VPRINTOL
Windows Live OneCare sikkerheds-scanner
WinPatrol 2009
WIRELESS
Zuma Deluxe

EDIT: Tre flere spørgsmål: Jeg har bemærket en LimeWire DLL, kan vi få has på det?

Selv om LTI er et legitimt program, er det nødvendigt? Jeg tror, det kom bundtet med denne dumme Acer computer (mand gøre de belastning disse ting op med junk), og der er blevet afskediget af den indbyggede i Microsoft program.

LT Katte, er en indbygget spyware fra lprinter fabrikanten, Lenmark. Jeg troede, at jeg fik det relevante dele ud, men jeg var ikke sikker på hvor meget der skal økse uden invaliderende printeren. Kan mere gå eller er det, der er tilbage bøde?

**sjb007** · #4 24. maj 2009, 04:03

Hej Bubba

Please dont spille med HJT medmindre du forstår funktionen af den. Du skal huske, at HJT er i realiteten et Registreringseditor værktøj i en anden sammenhæng. Jeg hader dig at tænde pc'en i en dyr dør! De to 02 poster, som du har slettet, er lovlige, selv om det rapporter filen som mangler dette er ikke altid tilfældet. HJT er kendt for at misreport visse poster.

Hvad angår LimeWire, har du afinstallerede det via kontrolpanelet? Hvis ja så kan vi flush et par mere overflødige elementer, der er til overs.

Jeg kan se et par bits som vedrører Norton, blev denne bundtet på pc'en på én gang? Kør Norton Removal Tool til at rense ud reminants. Du kan finde værktøjet her: Norton Removal Tool

Når det er gjort ......

Combofix

Luk alle åbne browsere.
Luk alle sikkerhedsprogrammer (Antivirus, Antimalware mv.)
Åben notepad og kopiere / indsætte teksten i boksen nedenfor til det:

Citat:

DDS::
uInternet Settings, ProxyOverride = <local>; *. lokale
uInternet Settings, ProxyServer = http = localhost: 7171

RegLock::
[HKEY_LOCAL_MACHINE \ SYSTEM \ ControlSet001 \ Control \ Cl røv \ (4D36E96D-E325-11CE-BFC1-08002BE10318) \ 0000 \ AllUserSettings]

Når man ser på billedet nedenfor som et eksempel

Gem som CFScript.txtI den samme placering som ComboFix.exe

Med henvisning til billedet ovenfor, skal du trække CFScript på ComboFix.exe.

Når du er færdig, vil den udarbejde en log for dig på "C: \ ComboFix.txt"

Må ikke mouseclick combofix vindue mens det kører. Dette kan få det til at stå.

FORSIGTIG! Alle andre tænker på ved hjælp af ovenstående script gør det på egen risiko - du kan ende op med at re-installere Windows!

Please post loggen C: \ ComboFix.txt for en yderligere gennemgang.

=====================================

Jeg har bemærket, at afinstallere log blev skåret af i toppen, kan du repost det for mig, tak. Også holde mig opdateret om, hvordan tingene er systemet klog

**Bubba** · #5 24. maj 2009, 04:53

LimeWire ikke ville dukke op i de programmer og funktionspakker panel for at afinstallere. filerne til at "køre" det jeg fandt var app filer, ikke exe, så jeg trudged gennem drev C og slettet alt, hvad jeg kunne finde. Jeg ser jeg savnede mindst én i registreringsdatabasen selv.

Som for Norton ........ yeah, Acer indlæses en prøveversion på. Jeg afinstallerede det via kontrolpanelet og derefter anvendes Norton Removal Tool. (Det var den første, jeg gjorde, endda før jeg lastet Spybot, Winpatrol, og resten af ting og sager.) Da jeg var i gang med drev C-filer, jeg holdt finde flere rester af Norton og slettet dem, da jeg gik. Det aldrig sket for mig at køre den igen, men jeg vil gøre det nu.

LOL Disse tre filer i Combofix blev de tre Jeg var meget nysgerrig. Der bør ikke være en proxy vært, heller ikke jeg tror, at profilerne bør låst til alle. Men jeg har ikke undersøgt Combofix endnu hvorfor jeg ikke bruge det mig, som sådan, jeg var clueless med hensyn til hvad der skal ske med de tre, eller selv om de i virkeligheden var "dårlige".

Beklager om at skære hovedet off afinstallationen log, hvad der er dum er jeg så på den to gange, da det ikke havde nogen indstilling, og mistede min fejl begge gange.

EDIT: og jeg stadig har glemt at skrive det:

2007 Microsoft Office Suite Service Pack 2 (SP2)
Acer Arcade Live Main Page
Acer Stærke Technology
Acer ePerformance Management
Acer eSettings Management
Acer GameZone Console DTV 2.0.1.1
Acer Registrering
Acrobat.com
Adobe AIR
Adobe Flash Player 10 ActiveX
Adobe Flash Player 10 Plugin
Adobe Reader 9.1.1
Adobe Shockwave Player 11.5
Agatha Christie Døden på Nilen
Alice Greenfingers
Apple Mobile Device Support
Apple Software Update
ArcSoft Print Creations
ArcSoft Print Creations - Album Page
ArcSoft Print Creations - Funhouse
ArcSoft Print Creations - Lykønskningskort
ArcSoft Print Creations - Photo Book
ArcSoft Print Creations - Fotokalender
ArcSoft Print Creations - Scrapbog
ArcSoft Print Creations - Slimline Card
avast! Antivirus
Azada
Backspin Billiards
Big Kahuna Reef
Bonjour
Bookworm Deluxe
Mursten Egypten
Cake Mania
CCScore
Chicken Invaders 3
Chuzzle
Diner Dash Flo på farten
Eraser
ESSBrwr
ESSCDBK
ESScore
ESSgui
ESSini
ESSPCD
ESSPDock
ESSTOOLS
essvatgt
Flip Words 2
HijackThis 2.0.2
Hotfix til Microsoft. NET Framework 3.5 SP1 (KB953595)
Hotfix til Microsoft. NET Framework 3.5 SP1 (KB958484)
iTunes
Java (TM) 6 Update 13
Jewel Quest Solitaire
kgcbaby
kgchday
kgchlwn
kgcinvt
kgckids
kgcmove
kgcvday
Kick N Rush
Kodak EasyShare software
KODAK Galleri Upload Software
Lexmark 4300 Series
Mahjong Escape Ancient Kina
Mahjongg Artifacts
Malwarebytes' Anti-Malware
Memorex exPressit Label Design Studio
Microsoft. NET Framework 3.5 SP1
Microsoft Office Excel MUI (English) 2007
Microsoft Office Home og Student 2007
Microsoft Office OneNote MUI (English) 2007
Microsoft Office PowerPoint MUI (English) 2007
Microsoft Office Proof (English) 2007
Microsoft Office Proof (French) 2007
Microsoft Office Proof (Spanish) 2007
Microsoft Office Proofing (English) 2007
Microsoft Office Shared MUI (English) 2007
Microsoft Office Shared Setup Metadata MUI (English) 2007
Microsoft Office Word MUI (English) 2007
Microsoft Silverlight
Microsoft Visual C + + 2005 Redistributable
Microsoft Visual C + + 2008 Redistributable - x86 9.0.30729.17
Microsoft Works
Motorola SM56 Højttalertelefon Modem
Mozilla Firefox (3.0.10)
MSXML 4.0 SP2 (KB936181)
MSXML 4.0 SP2 (KB941833)
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 Parser og SDK
Mystery sag Files - Huntsville
Mystery Solitaire - Secret Island
netbrdg
NTI Backup Now 5
NTI Backup Now Standard
NTI Media Maker 8
NTI Open File Manager (fjerne only)
NVIDIA Drivers
OfotoXMI
Olympus Master 2
Olympus muvee theaterPack
PCDADDIN
PCDHELP
QuickTime
Realtek High Definition Audio Driver
Sikkerhedsopdatering til Microsoft Office PowerPoint 2007 (KB957789)
SFR
Shasta
skin0001
SKINXSDK
Spybot - Search & Destroy
staticcr
SUPERAntiSpyware Free Edition
tooltips
Turbo Pizza
Sikkerhedsopdatering til 2007 Microsoft Office System (KB967642)
Opdatering til Microsoft Office 2007 Hjælp til fælles funktioner (KB963673)
Opdatering til Microsoft Office Excel 2007 Hjælp (KB963678)
Opdatering til Microsoft Office OneNote 2007 Hjælp (KB963670)
Opdatering til Microsoft Office PowerPoint 2007 Hjælp (KB963669)
Opdatering til Microsoft Office Script Editor Hjælp (KB963671)
Opdatering til Microsoft Office Word 2007 Hjælp (KB963665)
VPRINTOL
Windows Live OneCare sikkerheds-scanner
WinPatrol 2009
WIRELESS
Zuma Deluxe

**sjb007** · #6 24. maj 2009, 05:58

Hej der Bubba

Tak for opdatering afinstallere listen - kan du sende den nye combofix log for mig som ønsket.

Citat:

Hvad er det, vi søger efter i Combofix?

Egentlig bare noget ondsindet, combofix er primært tale om en avanceret analyse redskab, som giver os mere info end HJT

Hvad angår LTCats:
Fra hvad jeg kan sige dette er en gyldig post, men er klassificeret som »brugerens valg 'af, om det kører på opstart

Hvad angår LimeWire:
Jeg kan se et par poster, der er stadig derinde, men vi kan ge dem den næste løber af combofix

**Bubba** · #7 24. maj 2009, 07:03

Ouch, computeren låses op og lukke ned, da det så ud som Combofix var ved at slutte op. Det genstartet og jeg valgte safemode. Jeg tror ikke, at det skabte log, men jeg ved ikke med sikkerhed. Her er Microsoft popup.

Windows er genoprettet efter en uventet lukning.

Problem signatur:
Problem Event Name: Blue Screen
OS Version: 6.0.6001.2.1.0.768.3
Landestandard-id: 1033

Yderligere oplysninger om problemet:

BCCODE: 50
BCP1: E0858E9B
BCP2: 00000000
BCP3: 9B9D2D10
BCP4: 00000002
OS Version: 6_6_6001
Service Pack: 1_0
PRODUKT: 768_1

FILER der beskriver problemet:

C \ Windows \ Minidump \ mini052409-01.dmp
C \ Users \ Shirley \ appdata \ Temp \ WER-85644-0.systemdata.xml
C \ Users \ Shirley \ AppData \ Local \ Temp \ WERC6C7.tmp.ver sion.txt

Jeg har forladt denne computer på, at skærmen i safemode. Hvad vil du have mig med det at gøre? Jeg overlader det i safemode, indtil jeg hører noget, jeg har at gå film nu være tilbage i omkring 3 timer. Mennesket er det rart at arbejde på en andens computer, så jeg har mine stadig at få hjælp her på.

EDIT: Jeg har ikke prøvet, men jeg er sikker på, at jeg kan få disse filer i safemode, hvis du har brug for at vide hvad de siger, men jeg ved ikke, hvordan man åbner en XML-fil.

**sjb007** · #8 24. maj 2009, 07:11

Hej Bubba

Prøv at genstarte computeren og se om det støvler held igen, hvis ikke prøve at trykke på F8 for at få adgang til boot skærm på Start og vælge indstillingen for Sidste kendte fungerende konfiguration.

**Bubba** · #9 24. maj 2009, 07:50

Det startede op, og der var en ComboFix2 log dér, det er temmelig identiske med den første, men der er en 10:04 tidsstempel der henvises til en karantæne log. Den quarentine log er tom. Her er den fil, jeg ved ikke, hvis den er fuldstændig, eller hvad du ønsker. Nu har jeg til at splitte.

ComboFix 09-05-23.04 - Shirley 05/24/2009 4:48.1 - NTFSx86
Microsoft ® Windows Vista ™ Home Premium 6.0.6001.1.1252.1.1033.18.2814.1916 [GMT -4:00]
Kører fra: c: \ users \ Shirley \ Desktop \ ComboFix.exe
SP: Spybot - Search and Destroy * handicappede * (forældet) (ED588FAF-1B8F-43B4-ACA8-8E3C85DADBE9)
SP: SUPERAntiSpyware * handicappede * (Opdateret) (222A897C-5018-402e-943F-7E7AC8560DA7)
SP: Windows Defender * aktiveret * (Opdateret) (D68DDC3A-831F-4FAE-9E44-DA132C1ACF46)
.

((((((((((((((((((((((((( Files Created fra 2009-04-24 til 2009-05-24 ))))))))))) ))))))))))))))))))))
.

2009-05-22 23:57. 2009-05-24 08:40 117760 ---- aw C: \ Users \ Shirley \ AppData \ Roaming \ SUPERAntiSpyware. dk \ SUPERAntiSpyware \ SDDLLS \ UIREPAIR.DLL
2009-05-22 23:56. 2009-05-22 23:56 -------- d ----- WC: \ programdata \ SUPERAntiSpyware.com
2009-05-22 23:52. 2009-05-22 23:52 -------- d ----- WC: \ Programmer \ SUPERAntiSpyware
2009-05-22 23:52. 2009-05-22 23:52 -------- d ----- WC: \ users \ Shirley \ AppData \ Roaming \ SUPERAntiSpyware. dk
2009-05-22 20:36. 2009-05-22 20:36 -------- d ----- WC: \ Programmer \ Common Files \ Wise Installation Wizard
2009-05-22 15:06. 2009-02-05 20:06 51376 ---- aw C: \ Windows \ system32 \ drivers \ aswTdi.sys
2009-05-22 15:06. 2009-02-05 20:06 23152 ---- aw C: \ Windows \ system32 \ drivers \ aswRdr.sys
2009-05-22 15:06. 2009-02-05 20:07 114768 ---- aw C: \ Windows \ system32 \ drivers \ aswSP.sys
2009-05-22 15:06. 2009-02-05 20:07 20560 ---- aw C: \ Windows \ system32 \ drivers \ aswFsBlk.sys
2009-05-22 15:06. 2009-02-05 20:04 97480 ---- aw C: \ Windows \ system32 \ AvastSS.scr
2009-05-22 15:06. 2009-02-05 20:11 1256296 ---- aw C: \ Windows \ system32 \ aswBoot.exe
2009-05-22 15:06. 2009-02-05 20:06 51792 ---- aw C: \ Windows \ system32 \ drivers \ aswMonFlt.sys
2009-05-22 15:06. 2009-05-22 15:06 -------- d ----- WC: \ Programmer \ Alwil Software
2009-05-22 04:38. 2009-05-22 04:38 738120 ---- aw C: \ programdata \ Microsoft \ eHome \ Packages \ MCESpotlig HT \ MCESpotlight \ SpotlightResources.dll
2009-05-20 12:43. 2008-06-20 01:14 97800 ---- aw C: \ Windows \ system32 \ infocardapi.dll
2009-05-20 12:43. 2008-06-20 01:14 105016 ---- aw C: \ Windows \ system32 \ PresentationCFFRasterizerNativ e_v0300.dll
2009-05-20 12:43. 2008-06-20 01:14 11264 ---- aw C: \ Windows \ system32 \ icardres.dll
2009-05-20 12:43. 2008-06-20 01:14 622080 ---- aw C: \ Windows \ system32 \ icardagt.exe
2009-05-20 12:43. 2008-06-20 01:14 43544 ---- aw C: \ Windows \ system32 \ PresentationHostProxy.dll
2009-05-20 12:43. 2008-06-20 01:14 781344 ---- aw C: \ Windows \ system32 \ PresentationNative_v0300.dll
2009-05-20 12:43. 2008-06-20 01:14 326160 ---- aw C: \ Windows \ system32 \ PresentationHost.exe
2009-05-20 12:33. 2008-07-27 18:03 96760 ---- aw C: \ Windows \ system32 \ dfshim.dll
2009-05-20 12:33. 2008-07-27 18:03 282112 ---- aw C: \ Windows \ system32 \ mscoree.dll
2009-05-20 12:33. 2008-07-27 18:03 41984 ---- aw C: \ Windows \ system32 \ netfxperf.dll
2009-05-20 12:32. 2008-07-27 18:03 158720 ---- aw C: \ Windows \ system32 \ mscorier.dll
2009-05-20 12:32. 2008-07-27 18:03 83968 ---- aw C: \ Windows \ system32 \ mscories.dll
2009-05-20 11:39. 2009-05-20 11:39 -------- d ----- WC: \ Programmer \ Microsoft Silverlight
2009-05-20 04:03. 2009-05-20 11:00 -------- d ----- WC: \ Programmer \ Windows Live Safety Center
2009-05-19 23:20. 2009-05-19 23:20 -------- d ----- WC: \ users \ Shirley \ AppData \ Local \ Acer DV trolden
2009-05-19 23:10. 2009-05-19 23:10 -------- d ----- WC: \ Windows \ søndag
2009-05-19 20:40. 2009-05-19 20:40 -------- d ----- WC: \ users \ Shirley \ AppData \ Roaming \ com.adobe.mauby.4 875E02D9FB21EE389F73B8D1702B320485DF8CE.1
2009-05-19 20:40. 2009-05-19 11:41 38200 ---- aw C: \ Users \ Shirley \ AppData \ Roaming \ Macromedia \ Flash Player \http://www.macromedia.com \ bin \ airapp ... pinstaller.exe
2009-05-19 18:24. 2009-05-24 08:38 -------- d ----- WC: \ users \ Shirley \ AppData \ Local \ Eraser
2009-05-19 18:24. 2009-05-19 18:24 -------- d - h - WC: \ users \ Shirley \ AppData \ Local \ (A25FEDC1-F6D7-440C-BCE2-B71F595F6646)
2009-05-19 18:24. 2009-05-19 18:24 -------- d ----- WC: \ Programmer \ Eraser
2009-05-19 17:20. 2009-05-19 17:20 -------- d ----- WC: \ users \ Shirley \ AppData \ Roaming \ eSobi
2009-05-19 17:11. 2008-07-10 06:32 538 ---- aw C: \ Windows \ system32 \ RegRaidSedona.bat
2009-05-19 17:07. 2009-05-19 17:07 -------- d ----- w C: \ NVIDIA
2009-05-19 14:04. 2009-05-19 14:05 -------- d ----- WC: \ Programmer \ Spybot - Search & Destroy
2009-05-19 14:04. 2009-05-19 14:05 -------- d ----- WC: \ programdata \ Spybot - Search & Destroy
2009-05-19 13:01. 2009-05-19 13:01 -------- d ----- WC: \ users \ Shirley \ AppData \ Roaming \ WinPatrol
2009-05-19 13:01. 2006-09-18 21:43 10 ---- aw C: \ Users \ Shirley \ AppData \ Roaming \ WinPatrol \ Config. sys
2009-05-19 13:01. 2006-09-18 21:43 24 ---- aw C: \ Users \ Shirley \ AppData \ Roaming \ WinPatrol \ Autoexe c.bat
2009-05-19 13:01. 2009-05-19 13:01 -------- d ----- WC: \ Programmer \ BillP Studios
2009-05-19 12:26. 2009-05-19 12:26 -------- d ----- WC: \ users \ Shirley \ AppData \ Roaming \ Malwarebytes
2009-05-19 12:26. 2009-04-06 19:32 15504 ---- aw C: \ Windows \ system32 \ drivers \ mbam.sys
2009-05-19 12:26. 2009-04-06 19:32 38496 ---- aw C: \ Windows \ system32 \ drivers \ mbamswissarmy.sys
2009-05-19 12:26. 2009-05-19 13:22 -------- d ----- WC: \ Programmer \ Malwarebytes' Anti-Malware
2009-05-19 12:26. 2009-05-19 12:26 -------- d ----- WC: \ programdata \ Malwarebytes
2009-05-19 11:53. 2009-05-19 11:53 0 ---- aw C: \ Windows \ nsreg.dat
2009-05-19 11:53. 2009-05-19 11:53 -------- d ----- WC: \ users \ Shirley \ AppData \ Local \ Mozilla
2009-05-19 11:41. 2009-05-19 11:41 -------- d ----- WC: \ Programmer \ Common Files \ Adobe AIR
2009-05-19 11:38. 2009-05-19 12:45 -------- d ----- WC: \ programdata \ NOS
2009-05-19 11:29. 2009-05-19 11:29 -------- d ----- WC: \ users \ Shirley \ AppData \ Local \ Syv Zip
2009-05-19 10:41. 2009-03-19 20:32 23400 ---- aw C: \ Windows \ system32 \ drivers \ GEARAspiWDM.sys
2009-05-19 10:41. 2008-04-17 16:12 107368 ---- aw C: \ Windows \ system32 \ GEARAspi.dll
2009-05-19 10:41. 2009-05-20 01:10 -------- d ----- WC: \ Programmer \ iPod
2009-05-19 10:41. 2009-05-19 10:41 -------- d ----- WC: \ programdata \ (8CD7F5AF-ECFA-4793-BF40-D8F42DBFF906)
2009-05-19 10:41. 2009-05-19 10:41 -------- d ----- WC: \ Programmer \ iTunes
2009-05-19 10:38. 2009-05-19 10:38 -------- d ----- WC: \ Programmer \ QuickTime
2009-05-19 10:34. 2009-05-19 10:34 75048 ---- aw C: \ programdata \ Apple Computer \ Installer Cache \ iTunes 8.1.1.10 \ SetupAdmin.exe
2009-05-19 10:34. 2009-05-19 10:34 -------- d ----- WC: \ Programmer \ Bonjour
2009-05-19 10:33. 2009-05-19 10:33 416128 ---- aw C: \ programdata \ Microsoft \ eHome \ Packages \ NetTV \ panden se \ NetTVResources.dll
2009-05-19 10:29. 2009-05-19 10:29 410984 ---- aw C: \ Windows \ system32 \ deploytk.dll
2009-05-12 02:36. 2009-05-12 02:36 2930 --- h - WC: \ Windows \ ms49f4d98.dat
2009-05-11 23:55. 2009-04-14 00:39 4656976 ---- aw C: \ programdata \ Microsoft \ Windows Defender \ Definition Updates \ (DD7D9A19-5FB4-4855-A8E0-F0A00524AD5E) \ mpengine.dll

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))) ))))))))))))))))))))))))))))))))))))))))))))
.
2009-05-24 08:39. 2009-02-17 13:54 602 ---- aw C: \ programdata \ ArcSoft \ Kodak-printcreations-22-080812-oem \ acforall.dll
2009-05-24 04:22. 2008-09-12 01:46 -------- d ----- WC: \ Programmer \ Google
2009-05-20 11:55. 2008-09-11 17:01 104472 ---- aw C: \ Users \ Shirley \ AppData \ Local \ GDIPFONTCACHEV1.DAT
2009-05-20 11:51. 2008-02-05 19:30 -------- d ----- WC: \ programdata \ Microsoft Hjælp
2009-05-20 11:49. 2008-02-05 19:31 -------- d ----- WC: \ Programmer \ Microsoft Works
2009-05-20 03:54. 2008-09-12 14:01 -------- d ----- WC: \ Programmer \ Lx_cats
2009-05-20 00:42. 2008-02-05 20:19 -------- d ----- WC: \ Programmer \ Common Files \ Adobe
2009-05-19 23:28. 2008-02-05 19:26 -------- d - h - WC: \ Programmer \ InstallShield Installation Information
2009-05-19 23:27. 2008-02-05 19:49 -------- d ----- WC: \ Programmer \ Acer Arcade Live
2009-05-19 23:20. 2008-09-15 23:24 -------- d ----- WC: \ users \ Shirley \ AppData \ Roaming \ Cyberlink
2009-05-19 21:38. 2008-09-12 20:56 -------- d ----- WC: \ Programmer \ Common Files \ SureThing Shared
2009-05-19 21:04. 2008-09-12 14:09 1664 ---- aw C: \ Users \ Shirley \ AppData \ Roaming \ wklnhst.dat
2009-05-19 17:29. 2009-03-04 15:55 -------- d ----- WC: \ users \ Shirley \ AppData \ Roaming \ Sony
2009-05-19 17:20. 2008-02-05 19:22 -------- d ----- WC: \ programdata \ NVIDIA
2009-05-19 16:54. 2008-02-05 18:03 36864 ---- aw C: \ Windows \ system32 \ nvcod100.dll
2009-05-19 16:54. 2007-10-25 11:02 147456 ---- aw C: \ Windows \ system32 \ nvcolor.exe
2009-05-19 16:13. 2008-09-12 01:47 -------- d ----- WC: \ users \ Shirley \ AppData \ Roaming \ LimeWire
2009-05-19 11:32. 2008-02-05 20:08 -------- d ----- WC: \ Programmer \ Yahoo!
2009-05-19 11:05. 2008-09-12 01:45 -------- d ----- WC: \ Programmer \ Java
2009-05-19 10:41. 2008-09-13 03:14 -------- d ----- WC: \ Programmer \ Common Files \ Apple
2009-05-19 10:38. 2008-09-13 03:15 -------- d ----- WC: \ programdata \ Apple Computer
2009-05-11 12:10. 2009-05-11 12:10 78260 ---- aw C: \ programdata \ SPL23D4.tmp
2009-04-17 10:12. 2006-11-02 11:18 -------- d ----- WC: \ Programmer \ Windows Mail
2009-04-02 22:13. 2009-04-02 22:13 702127 ---- aw C: \ programdata \ SPLFB91.tmp
2009-03-19 20:32. 2009-03-19 20:32 23400 ---- aw C: \ programdata \ (8CD7F5AF-ECFA-4793-BF40-D8F42DBFF906) \ x86 \ x86 \ GEARAspiWDM.sys
2009-03-17 03:38. 2009-04-17 05:22 13824 ---- aw C: \ Windows \ system32 \ apilogen.dll
2009-03-17 03:38. 2009-04-17 05:22 24064 ---- aw C: \ Windows \ system32 \ amxread.dll
2009-03-08 11:34. 2009-05-20 03:47 914944 ---- aw C: \ Windows \ system32 \ Wininet.dll
2009-03-08 11:34. 2009-05-20 03:47 43008 ---- aw C: \ Windows \ system32 \ licmgr10.dll
2009-03-08 11:33. 2009-05-20 03:47 18944 ---- aw C: \ Windows \ system32 \ corpol.dll
2009-03-08 11:33. 2009-05-20 03:47 109056 ---- aw C: \ Windows \ system32 \ iesysprep.dll
2009-03-08 11:33. 2009-05-20 03:47 109568 ---- aw C: \ Windows \ system32 \ PDMSetup.exe
2009-03-08 11:33. 2009-05-20 03:47 107520 ---- aw C: \ Windows \ system32 \ RegisterIEPKEYs.exe
2009-03-08 11:33. 2009-05-20 03:47 103936 ---- aw C: \ Windows \ system32 \ SetDepNx.exe
2009-03-08 11:33. 2009-05-20 03:47 132608 ---- aw C: \ Windows \ system32 \ ieUnatt.exe
2009-03-08 11:33. 2009-05-20 03:47 107008 ---- aw C: \ Windows \ system32 \ SetIEInstalledDate.exe
2009-03-08 11:33. 2009-05-20 03:47 420352 ---- aw C: \ Windows \ system32 \ vbscript.dll
2009-03-08 11:32. 2009-05-20 03:47 72704 ---- aw C: \ Windows \ system32 \ admparse.dll
2009-03-08 11:32. 2009-05-20 03:47 71680 ---- aw C: \ Windows \ system32 \ iesetup.dll
2009-03-08 11:32. 2009-05-20 03:47 66560 ---- aw C: \ Windows \ system32 \ wextract.exe
2009-03-08 11:32. 2009-05-20 03:47 169472 ---- aw C: \ Windows \ system32 \ iexpress.exe
2009-03-08 11:31. 2009-05-20 03:47 34816 ---- aw C: \ Windows \ system32 \ imgutil.dll
2009-03-08 11:31. 2009-05-20 03:47 48128 ---- aw C: \ Windows \ system32 \ Mshtmler.dll
2009-03-08 11:31. 2009-05-20 03:47 45568 ---- aw C: \ Windows \ system32 \ Mshta.exe
2009-03-08 11:22. 2009-05-20 03:47 156160 ---- aw C: \ Windows \ system32 \ msls31.dll
2009-03-03 04:46. 2009-04-17 05:22 3599328 ---- aw C: \ Windows \ system32 \ ntkrnlpa.exe
2009-03-03 04:46. 2009-04-17 05:22 3547632 ---- aw C: \ Windows \ system32 \ ntoskrnl.exe
2009-03-03 04:39. 2009-04-17 05:22 183296 ---- aw C: \ Windows \ system32 \ sdohlp.dll
2009-03-03 04:39. 2009-04-17 05:22 551424 ---- aw C: \ Windows \ system32 \ Rpcss.dll
2009-03-03 04:39. 2009-04-17 05:22 26112 ---- aw C: \ Windows \ system32 \ printfilterpipelineprxy.dll
2009-03-03 04:37. 2009-04-17 05:22 98304 ---- aw C: \ Windows \ system32 \ iasrecst.dll
2009-03-03 04:37. 2009-04-17 05:22 54784 ---- aw C: \ Windows \ system32 \ iasads.dll
2009-03-03 04:37. 2009-04-17 05:22 44032 ---- aw C: \ Windows \ system32 \ iasdatastore.dll
2009-03-03 03:04. 2009-04-17 05:22 666624 ---- aw C: \ Windows \ system32 \ printfilterpipelinesvc.exe
2009-03-03 02:38. 2009-04-17 05:22 17408 ---- aw C: \ Windows \ system32 \ iashost.exe
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))) ))))))))))))))))))))))))))))))))))))))))
.
.
* Note * empty entries & legit default entries er ikke vist
REGEDIT4

[HKEY_CURRENT_USER \ SOFTWARE \ Microsoft \ Windows \ Curre ntVersion \ Run]
"ehTray.exe" = "C: \ Windows \ ehome \ ehTray.exe" [2008-01-21 125952]
"OM2_Monitor" = "c: \ Programmer \ Olympus \ Olympus Master 2 \ MMonitor.exe" [2008-11-07 95536]
"WMPNSCFG" = "c: \ Programmer \ Windows Media Player \ WMPNSCFG.exe" [2008-01-21 202240]
"Eraser" = "c: \ Programmer \ Eraser \ Eraser.exe" [2007-12-22 916240]
"SUPERAntiSpyware" = "c: \ Programmer \ SUPERAntiSpyware \ SUPERAntiSpyware.exe" [2009-05-14 1830128]

[HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ Windows \ Curr entVersion \ Run]
"BkupTray" = "c: \ Programmer \ NewTech Infosystems \ NTI Backup Now 5 \ BkupTray.exe" [2007-12-30 34552]
"Acer Stærke Technology Monitor" = "c: \ acer \ Stærke Technology \ SysMonitor.exe" [2008-01-10 326176]
"SMSERIAL" = "c: \ Programmer \ Motorola \ SMSERIAL \ sm56hlpr.exe" [2007-02-02 630784]
"Acer Product Registration" = "c: \ program files \ Acer Registration \ ACE1.exe" [2007-10-15 3387392]
"NVRaidService" = "C: \ Windows \ system32 \ nvraidservice. Exe" [2008-11-12 203296]
"LXCECATS" = "C: \ Windows \ system32 \ spool \ DRIVERS \ W32X 86 \ 3 \ LXCEtime.dll" [2007-02-22 73728]
"lxcemon.exe" = "c: \ Programmer \ Lexmark 4300 Series \ lxcemon.exe" [2007-05-17 205744]
"EzPrint" = "c: \ Programmer \ Lexmark 4300 Series \ ezprint.exe" [2007-05-17 103344]
"ArcSoft Connection Service" = "c: \ Programmer \ Fælles filer \ ArcSoft \ Connection Service \ Bin \ ACDaemon.exe" [2009-04-29 188728]
"QuickTime Task" = "c: \ Programmer \ QuickTime \ QTTask.exe" [2009-01-05 413696]
"iTunesHelper" = "c: \ Programmer \ iTunes \ iTunesHelper.exe" [2009-04-02 342312]
"SunJavaUpdateSched" = "c: \ Programmer \ Java \ jre6 \ bin \ jusched.exe" [2009-05-19 148888]
"Adobe Reader Speed Launcher" = "c: \ Programmer \ Adobe \ Reader 9.0 \ Reader \ Reader_sl.exe" [2009-02-27 35696]
"WinPatrol" = "c: \ program files \ BillP Studios \ WinPatrol \ winpatrol.exe" [2009-04-20 337216]
"NvCplDaemon" = "C: \ Windows \ system32 \ NvCpl.dll" [2009-01-16 13683232]
"NvMediaCenter" = "C: \ Windows \ system32 \ NvMcTray. Dll" [2009-01-16 92704]
"avast!" = "c: \ progra ~ 1 \ ALWILS ~ 1 \ Avast4 \ ashDisp. exe" [2009-02-05 81000]
"RtHDVCpl" = "RtHDVCpl.exe" - C: \ Windows \ RtHDVCpl.exe [2007-10-11 4702208]

c: \ programdata \ Microsoft \ Windows \ Menuen Start \ Programmer \ Start \
Stærke Technology Launcher.lnk - C: \ acer \ Stærke Technology \ eAPLauncher.exe [2008-2-5 535336]
Kodak EasyShare software.lnk - c: \ Programmer \ Kodak \ Kodak EasyShare software \ bin \ EasyShare.exe [2008-10-30 282624]

[HKEY_LOCAL_MACHINE \ Software \ Microsoft \ Windows \ Curr entversion \ policies \ system]
"EnableUIADesktopToggle" = 0 (0x0)
"EnableLUA" = 0 (0x0)

[HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ Windows \ Curr entversion \ Explorer \ ShellExecuteHooks]
"(5AE067D3-9AFB-48E0-853A-EBB7F4A000DA)" = "c: \ Programmer \ SUPERAntiSpyware \ SASSEH.DLL" [2008-05-13 77824]

[HKEY_LOCAL_MACHINE \ Software \ Microsoft \ Windows NT \ CurrentVersion \ Winlogon \ anmelde \! SASWinLogon]
2008-12-22 16:05 356352 ---- aw C: \ Programmer \ SUPERAntiSpyware \ SASWINLO.dll

HKEY_LOCAL_MACHINE \ Software \ Microsoft \ Windows NT \ CurrentVersion \ drivers32
"wave2" = serwvdrv.dll

[HKEY_LOCAL_MACHINE \ SYSTEM \ CurrentControlSet \ Contro l \ SafeBoot \ Minimal \ WinDefend]
@ = "Service"

[HKEY_LOCAL_MACHINE \ Software \ Microsoft \ Security Center \ Monitoring]
"DisableMonitoring" = dword: 00000001

[HKEY_LOCAL_MACHINE \ Software \ Microsoft \ Security Center \ Monitoring \ SymantecAntiVirus]
"DisableMonitoring" = dword: 00000001

[HKEY_LOCAL_MACHINE \ Software \ Microsoft \ Security Center \ Monitoring \ SymantecFirewall]
"DisableMonitoring" = dword: 00000001

[HKLM \ ~ \ Services \ sharedaccess \ Parameters \ firewallpo licy \ FirewallRules]
"(2E9A4533-1359-46B6-B326-2B899D73FD10)" = UDP: C: \ Program Files \ Microsoft Office \ Office12 \ ONENOTE.EXE: Microsoft Office OneNote
"(ADE9CF49-7A0E-4076-9B85-7648EC5E7736)" = TCP: C: \ Program Files \ Microsoft Office \ Office12 \ ONENOTE.EXE: Microsoft Office OneNote
"(6299EEE5-1856-4B10-9916-798B1C1AEF89)" = UDP: C: \ Programmer \ NewTech Infosystems \ NTI Backup Now 5 \ BackupSvc.exe: BackupSvc.exe
"(F3CFA48D-AE6A-482E-96D7-2390C5C0FDF5)" = UDP: C: \ Programmer \ NewTech Infosystems \ NTI Backup Now 5 \ Client \ Agentsvc.exe: AgentSvc.exe
"(D430641B-178B-4C39-B53C-F6B3221DB01A)" = TCP: C: \ Programmer \ NewTech Infosystems \ NTI Backup Now 5 \ BackupSvc.exe: BackupSvc.exe
"(948000F3-8719-4206-B4C5-6506B663184F)" = TCP: C: \ Programmer \ NewTech Infosystems \ NTI Backup Now 5 \ Client \ Agentsvc.exe: AgentSvc.exe
"(8BCD640B-594A-465F-8A9E-E5A6C07DC081)" = UDP: C: \ Programmer \ NewTech Infosystems \ NTI Backup Now 5 \ SchedulerSvc.exe: SchedulerSvc.exe
"(7B6B3B53-9D2B-40C9-B91F-FE85E1D6A25A)" = TCP: C: \ Programmer \ NewTech Infosystems \ NTI Backup Now 5 \ SchedulerSvc.exe: SchedulerSvc.exe
"(CA5E49E2-2662-4B15-BE6C-0FC7F1CC3A1B)" = UDP: C: \ Windows \ System32 \ lxcecoms.exe: Lexmark Communications System
"(61DAEE1D-D19E-4F1A-B41E-603246AF524C)" = TCP: C: \ Windows \ System32 \ lxcecoms.exe: Lexmark Communications System
"(EB8798E6-358B-4DDA-A219-21BBC5D3C79A)" = UDP: C: \ Windows \ System32 \ spool \ drivers \ w32x86 \ 3 \ lxc epswx.exe: Printer Status Window
"(C513D5EB-73E1-4ED7-A04C-C37C9E69B4B0)" = TCP: C: \ Windows \ System32 \ spool \ drivers \ w32x86 \ 3 \ lxc epswx.exe: Printer Status Window
"(99976595-B4E1-4C9A-A3DE-A67AEDEE9B55)" = C: \ Program Files \ Acer Arcade Live \ Acer Arcade Live Main Page \ Acer Arcade Live.exe: Acer Arcade Live
"(7A37205C-E643-4464-8C27-FAFCC859102D)" = UDP: C: \ Program Files \ Microsoft Office \ Office12 \ ONENOTE.EXE: Microsoft Office OneNote
"(1DF156D1-94E3-4B3D-A91E-724DFC89819E)" = TCP: C: \ Program Files \ Microsoft Office \ Office12 \ ONENOTE.EXE: Microsoft Office OneNote
"(B7DA4A0B-FA80-40F6-A9A6-B737F64A2D2D)" = UDP: C: \ Programmer \ Bonjour \ mDNSResponder.exe: Bonjour
"(D7D156E3-7B84-41F2-9FD8-CF9860453F65)" = TCP: C: \ Programmer \ Bonjour \ mDNSResponder.exe: Bonjour
"(F8CDA590-0FD3-4E40-8A6C-9850B1E5C2AB)" = UDP: C: \ Programmer \ iTunes \ iTunes.exe: iTunes
"(F6A110DE-6630-4823-B892-60950EB9ED71)" = TCP: C: \ Programmer \ iTunes \ iTunes.exe: iTunes
"(8640BFAB-1B85-48CC-95D5-9AABB44E4D95)" = UDP: C: \ Programmer \ BillP Studios \ WinPatrol \ WinPatrol.exe: WinPatrol
"(6CC4A3BE-8F00-4983-B199-3050D54509B8)" = TCP: C: \ Programmer \ BillP Studios \ WinPatrol \ WinPatrol.exe: WinPatrol
"(1EA08720-DA12-4CDE-8A5A-AF15D91C1E5F)" = UDP: C: \ Programmer \ Malwarebytes' Anti-Malware \ mbam.exe: Malwarebytes' Anti-Malware
"(DDDCF108-71DF-48CD-AD53-71D17C3F2C5C)" = TCP: C: \ Programmer \ Malwarebytes' Anti-Malware \ mbam.exe: Malwarebytes' Anti-Malware
"(F98C3B13-2099-40EC-B504-2445C9C5B1B0)" = UDP: C: \ Programmer \ Spybot - Search & Destroy \ SpybotSD.exe: Spybot - Search & Destroy
"(3DB81CCD-4E96-40B3-8CA9-0089C89C294B)" = TCP: C: \ Programmer \ Spybot - Search & Destroy \ SpybotSD.exe: Spybot - Search & Destroy
"(918FE1A4-6957-4640-97D9-C85BED212614)" = UDP: C: \ Programmer \ Spybot - Search & Destroy \ SDUpdate.exe: Update Spybot-S & D
"(877DB07F-9298-486A-BB5B-930AF3A683AA)" = TCP: C: \ Programmer \ Spybot - Search & Destroy \ SDUpdate.exe: Update Spybot-S & D
"(5A664831-D250-4805-BB75-32612C9742F8)" = UDP: C: \ Windows \ ehome \ ehshell.exe: Windows Media Center
"(2A157C0E-5966-4B7E-8D49-178D75EA6009)" = TCP: C: \ Windows \ ehome \ ehshell.exe: Windows Media Center

[HKLM \ ~ \ Services \ sharedaccess \ Parameters \ firewallpo licy \ StandardProfile]
"EnableFirewall" = 0 (0x0)

R1 aswSP; avast! Self Protection; C: \ Windows \ System32 \ drivers \ aswSP.sys [5/22/2009 11:06 AM 114768]
R1 FAMv4; FAMv4; C: \ Windows \ System32 \ drivers \ FAMv4.sys [12/14/2007 3:35 PM 132120]
R1 SASDIFSV; SASDIFSV c: \ Programmer \ SUPERAntiSpyware \ sasdifsv.sys [5/14/2009 2:22 PM 9968]
R1 SASKUTIL; SASKUTIL c: \ Programmer \ SUPERAntiSpyware \ SASKUTIL.SYS [5/14/2009 2:22 PM 72944]
R2 aswFsBlk; aswFsBlk; C: \ Windows \ System32 \ drivers \ aswF sBlk.sys [5/22/2009 11:06 AM 20560]
R2 aswMonFlt; aswMonFlt; C: \ Windows \ System32 \ drivers \ som wMonFlt.sys [5/22/2009 11:06 AM 51792]
R2 BUNAgentSvc; NTI Backup Now 5 Agent Service c: \ Programmer \ NewTech Infosystems \ NTI Backup Now 5 \ Client \ Agentsvc.exe [12/30/2007 5:54 PM 21752]
R2 NTIBackupSvc; NTI Backup Now 5 Backup Service c: \ Programmer \ NewTech Infosystems \ NTI Backup Now 5 \ BackupSvc.exe [12/30/2007 5:55 PM 54520]
R2 NTISchedulerSvc; NTI Backup Now 5 Scheduler Service c: \ Programmer \ NewTech Infosystems \ NTI Backup Now 5 \ SchedulerSvc.exe [12/30/2007 5:54 PM 136440]
R2 SBSDWSCService; SBSD Security Center Service c: \ Programmer \ Spybot - Search & Destroy \ SDWinSec.exe [5/19/2009 10:04 AM 1153368]
R3 SASENUM; SASENUM c: \ Programmer \ SUPERAntiSpyware \ SASENUM.SYS [5/14/2009 2:22 PM 7408]

[HKEY_LOCAL_MACHINE \ Software \ Microsoft \ Active Setup \ Installed Components \> (60B49E34-C7CC-11D0-8953-00A0C90347FF)]
"C: \ Windows \ System32 \ rundll32.exe" "C: \ Windows \ System32 \ iedkcs32.dll", BrandIEActiveSe TUP SignUp
.
- - - - Forældreløse FJERNES - - - --

SafeBoot-procexp90.Sys

.
------- Supplerende Scan -------
.
uStart Page = hxxp: / / www.yahoo.com/
mStart Page = hxxp: / / en.us.acer.yahoo.com
uInternet Settings, ProxyOverride = <local>; *. lokale
uInternet Settings, ProxyServer = http = localhost: 7171
IE: E & ksporter til Microsoft Excel - c: \ progra ~ 1 \ mikroer ~ 2 \ Office12 \ EXCEL.EXE/3000
Trusted Zone: microsoft.com \ opdatering
Trusted Zone: microsoft.com \ WindowsUpdate
FF - ProfilePath - c: \ users \ Shirley \ AppData \ Roaming \ Mozilla \ Firefox \ P rofiles \ j0dqrqc6.default \
FF - prefs.js: browser.startup.homepage - hxxp: / / en.us.acer.yahoo.com /
.

************************************************** ************************

catchme 0.3.1398 W2K/XP/Vista - rootkit / stealth malware detector ved Gmer, http://www.gmer.net
Rootkit scan 2009-05-24 04:54
Windows 6.0.6001 Service Pack 1 NTFS

scanning skjulte processer ...

scanning skjulte autostart entries ...

HKLM \ Software \ Microsoft \ Windows \ CurrentVersion \ Run
LXCECATS = rundll32 C: \ Windows \ system32 \ spool \ DRIVERS \ W32X86 \ 3 \ LXCEtim e.dll, _RunDLLEntry @ 16 ???????????????????????? ????? ?????????????????????????????????????????????????? ?????????????????????????????????????????????????? ??????????????????????????????????????????????????

scanning skjulte filer ...

scanning afsluttet med succes
skjulte filer: 0

************************************************** ************************
.
--------------------- LOCKED registreringsdatabasenøgler ---------------------

[HKEY_LOCAL_MACHINE \ SYSTEM \ ControlSet001 \ Control \ Cl røv \ (4D36E96D-E325-11CE-BFC1-08002BE10318) \0000 \ AllUserSettings]
@ Denied: (A) (Brugere)
@ Denied: (A) (Alle)
@ Tilladt: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial" = dword: 00000000
.
Afslutning tid: 2009-05-24 4:55
ComboFix-karantæne-files.txt 2009-05-24 08:55

Pre-Run: 173756547072 bytes fri
Post-Run: 173859581952 bytes fri

269 --- EOF --- 2009-05-17 10:04

EDIT: nope, hurtig sammenligning af den første, jeg synes det er identiske.

**sjb007** · #10 24. maj 2009, 10:38

Hej Bubba,

Citat:

EDIT: nope, hurtig sammenligning af den første, jeg synes det er identiske.

Ja du har ret i - det er fra den første løber af combofix

Den nuværende log kan findes på C: / combofix.txt.

Lignende Tråde
Tråd	Thread Starter	Forum	Svar	Last Post
Vista Update Stopper Windows fra Opstart	mrdaveyk	Windows-operativsystemer	1	8 oktober 2009 02:27
Windows Vista vil ikke opdatere	gamiseta	Windows-operativsystemer	6	4 februar 2009 11:44
Windows Vista Update Problemer - KB36330 - KB950759	katiecoos	Windows-operativsystemer	3	18 juni 2008 16:08
Windows Vista Update Error	robina80	Windows-operativsystemer	1	12 juni 2008 09:09
Vista Windows Update	Shocker	Windows-operativsystemer	1	13 januar 2008 11:26