|
| |||||||
| Rekisteröidy | Sivustokartta Spy | Käyttäjälista | Lahjoita | Haku | Today's Posts | Mark Forums Read | Foorumin säännöt |
 |
 |
| | Thread Tools |
|
#1
23. päivästä toukokuuta 2009, 09:33
| |||
| |||
| Windows Vista ei Update Minulla on ystäviä tietokone, Vista-ja Windows ei päivitys. Tähän mennessä olen löytänyt ja poistaa Internet Anti-Virus, Win32Adload.r ja video.exe. He myös, että kuponki vakoiluohjelmia ja heidän poikansa pidetään lastaus LimeWire. I poistettu molemmat (LOL Limewire asentaa itse 400 paikkaan, minun täytyi käydä läpi jokaisen kansion ja tiedoston päästä eroon että). Mutta vielä ikkunat ei päivitys. Saan koodi 80072efd, jossa sanotaan, on palomuuri estää ikkunan alkaen updating. En löydä mitään palomuurin muita kuin Windows-ja olen katsonut joka kansioon. Tässä ovat ne kolme lokit En löydä mitään, olen menettänyt mitään? HUOM: En voi ladata minkä tahansa kolmen lokit. Minun pitää saada kelpaa tiedosto sivustoon. What's up with that? Minulla on liian monta lisätty täällä? haluaisin yrittää kopioida liitä: SUPERAntiSpyware Scan Log http://www.superantispyware.com Muodostettu 05.23.2009 klo 04:42 Application Version: 4.26.1002 Core Rules Database Version: 3908 Trace Rules Database Version: 1852 Scan type: Complete Scan Total Scan Time: 03:45:40 Muisti erät skannattu: 831 Muisti uhkia havaittu: 0 Rekisterin kohteita skannattavan: 6407 Rekisterin uhkia havaittu: 0 Tiedoston kohteita skannattavan: 326608 Tiedoston uhkia havaittu: 78 Adware.Tracking Cookie C: \ Users \ Shirley \ AppData \ Roaming \ Microsoft \ Windows \ Cookies \ Shirley @ 2o7 [2]. Txt C: \ Users \ Shirley \ AppData \ Roaming \ Microsoft \ Windows \ Cookies \ Shirley @ interclick [1]. Txt C: \ Users \ Shirley \ AppData \ Roaming \ Microsoft \ Windows \ Cookies \ shirley@msnportal.112.2o7 [1]. Txt C: \ Users \ Shirley \ AppData \ Roaming \ Microsoft \ Windows \ Cookies \ Shirley @ tribalfusion [1]. Txt C: \ Users \ Shirley \ AppData \ Roaming \ Microsoft \ Windows \ Cookies \ Shirley @ RealMedia [2]. Txt C: \ Users \ Shirley \ AppData \ Roaming \ Microsoft \ Windows \ Cookies \ shirley@ad.yieldmanager [2]. Txt C: \ Users \ Shirley \ AppData \ Roaming \ Microsoft \ Windows \ Cookies \ shirley@adopt.specificclick [1]. Txt C: \ Users \ Shirley \ AppData \ Roaming \ Microsoft \ Windows \ Cookies \ shirley@microsoftinternetexplorer.112.2o7 [1]. Txt C: \ Users \ Shirley \ AppData \ Roaming \ Microsoft \ Windows \ Cookies \ Shirley @ specificclick [1]. Txt C: \ Users \ Shirley \ AppData \ Roaming \ Microsoft \ Windows \ Cookies \ shirley@msnservices.112.2o7 [1]. Txt C: \ Users \ Shirley \ AppData \ Roaming \ Microsoft \ Windows \ Cookies \ Shirley @ media6degrees [1]. Txt C: \ Users \ Shirley \ AppData \ Roaming \ Microsoft \ Windows \ Cookies \ Shirley @ revsci [1]. Txt C: \ Users \ Shirley \ AppData \ Roaming \ Microsoft \ Windows \ Cookies \ shirley@microsoftwindows.112.2o7 [1]. Txt C: \ Documents and Settings \ Shirley \ AppData \ Roaming \ Microsoft \ Windows \ Cookies \ Shirley @ 2o7 [2]. Txt C: \ Documents and Settings \ Shirley \ AppData \ Roaming \ Microsoft \ Windows \ Cookies \ shirley@ad.yieldmanager [2]. Txt C: \ Documents and Settings \ Shirley \ AppData \ Roaming \ Microsoft \ Windows \ Cookies \ shirley@adopt.specificclick [1]. Txt C: \ Documents and Settings \ Shirley \ AppData \ Roaming \ Microsoft \ Windows \ Cookies \ Shirley @ interclick [1]. Txt C: \ Documents and Settings \ Shirley \ AppData \ Roaming \ Microsoft \ Windows \ Cookies \ Shirley @ media6degrees [1]. Txt C: \ Documents and Settings \ Shirley \ AppData \ Roaming \ Microsoft \ Windows \ Cookies \ shirley@microsoftinternetexplorer.112.2o7 [1]. Txt C: \ Documents and Settings \ Shirley \ AppData \ Roaming \ Microsoft \ Windows \ Cookies \ shirley@microsoftwindows.112.2o7 [1]. Txt C: \ Documents and Settings \ Shirley \ AppData \ Roaming \ Microsoft \ Windows \ Cookies \ shirley@msnportal.112.2o7 [1]. Txt C: \ Documents and Settings \ Shirley \ AppData \ Roaming \ Microsoft \ Windows \ Cookies \ shirley@msnservices.112.2o7 [1]. Txt C: \ Documents and Settings \ Shirley \ AppData \ Roaming \ Microsoft \ Windows \ Cookies \ Shirley @ RealMedia [2]. Txt C: \ Documents and Settings \ Shirley \ AppData \ Roaming \ Microsoft \ Windows \ Cookies \ Shirley @ revsci [1]. Txt C: \ Documents and Settings \ Shirley \ AppData \ Roaming \ Microsoft \ Windows \ Cookies \ Shirley @ specificclick [1]. Txt C: \ Documents and Settings \ Shirley \ AppData \ Roaming \ Microsoft \ Windows \ Cookies \ Shirley @ tribalfusion [1]. Txt C: \ Documents and Settings \ Shirley \ Application Data \ Microsoft \ Windows \ Cookies \ Shirley @ 2o7 [2]. Txt C: \ Documents and Settings \ Shirley \ Application Data \ Microsoft \ Windows \ Cookies \ shirley@ad.yieldman ager [2]. Txt C: \ Documents and Settings \ Shirley \ Application Data \ Microsoft \ Windows \ Cookies \ shirley@adopt.speci ficclick [1]. Txt C: \ Documents and Settings \ Shirley \ Application Data \ Microsoft \ Windows \ Cookies \ Shirley @ interclick [1]. Txt C: \ Documents and Settings \ Shirley \ Application Data \ Microsoft \ Windows \ Cookies \ Shirley @ media6degre es [1]. Txt C: \ Documents and Settings \ Shirley \ Application Data \ Microsoft \ Windows \ Cookies \ Shirley @ microsoftin ternetexplorer.112.2o7 [1]. Txt C: \ Documents and Settings \ Shirley \ Application Data \ Microsoft \ Windows \ Cookies \ Shirley @ microsoftwi ndows.112.2o7 [1]. Txt C: \ Documents and Settings \ Shirley \ Application Data \ Microsoft \ Windows \ Cookies \ shirley@msnportal.1 12.2o7 [1]. Txt C: \ Documents and Settings \ Shirley \ Application Data \ Microsoft \ Windows \ Cookies \ Shirley @ msnservices .112.2 O7 [1]. Txt C: \ Documents and Settings \ Shirley \ Application Data \ Microsoft \ Windows \ Cookies \ Shirley @ RealMedia [2]. Txt C: \ Documents and Settings \ Shirley \ Application Data \ Microsoft \ Windows \ Cookies \ Shirley @ revsci [1]. Txt C: \ Documents and Settings \ Shirley \ Application Data \ Microsoft \ Windows \ Cookies \ Shirley @ specificcli ck [1]. Txt C: \ Documents and Settings \ Shirley \ Application Data \ Microsoft \ Windows \ Cookies \ Shirley @ tribalfusio n [1]. Txt C: \ Documents and Settings \ Shirley \ Cookies \ Shirley @ 2o7 [2]. Txt C: \ Documents and Settings \ Shirley \ Cookies \ shirley@ad.yieldmanager [2]. Txt C: \ Documents and Settings \ Shirley \ Cookies \ shirley@adopt.specificcli ck [1]. Txt C: \ Documents and Settings \ Shirley \ Cookies \ Shirley @ interclick [1]. Txt C: \ Documents and Settings \ Shirley \ Cookies \ Shirley @ media6degrees [1]. Txt C: \ Documents and Settings \ Shirley \ Cookies \ Shirley @ microsoftinternet explorer.112.2o7 [1]. Txt C: \ Documents and Settings \ Shirley \ Cookies \ Shirley @ microsoftwindows. 112.2o7 [1]. Txt C: \ Documents and Settings \ Shirley \ Cookies \ shirley@msnportal.112.2o7 [1]. Txt C: \ Documents and Settings \ Shirley \ Cookies \ shirley@msnservices.112.2 O7 [1]. Txt C: \ Documents and Settings \ Shirley \ Cookies \ Shirley @ RealMedia [2]. Txt C: \ Documents and Settings \ Shirley \ Cookies \ Shirley @ revsci [1]. Txt C: \ Documents and Settings \ Shirley \ Cookies \ Shirley @ specificclick [1]. Txt C: \ Documents and Settings \ Shirley \ Cookies \ Shirley @ tribalfusion [1]. Txt C: \ Users \ Shirley \ Application Data \ Microsoft \ Windows \ Cookies \ Shirley @ 2o7 [2]. Txt C: \ Users \ Shirley \ Application Data \ Microsoft \ Windows \ Cookies \ shirley@ad.yieldman ager [2]. Txt C: \ Users \ Shirley \ Application Data \ Microsoft \ Windows \ Cookies \ shirley@adopt.speci ficclick [1]. Txt C: \ Users \ Shirley \ Application Data \ Microsoft \ Windows \ Cookies \ Shirley @ interclick [1]. Txt C: \ Users \ Shirley \ Application Data \ Microsoft \ Windows \ Cookies \ Shirley @ media6degre es [1]. Txt C: \ Users \ Shirley \ Application Data \ Microsoft \ Windows \ Cookies \ Shirley @ microsoftin ternetexplorer.112.2o7 [1]. Txt C: \ Users \ Shirley \ Application Data \ Microsoft \ Windows \ Cookies \ Shirley @ microsoftwi ndows.112.2o7 [1]. Txt C: \ Users \ Shirley \ Application Data \ Microsoft \ Windows \ Cookies \ shirley@msnportal.1 12.2o7 [1]. Txt C: \ Users \ Shirley \ Application Data \ Microsoft \ Windows \ Cookies \ Shirley @ msnservices .112.2 O7 [1]. Txt C: \ Users \ Shirley \ Application Data \ Microsoft \ Windows \ Cookies \ Shirley @ RealMedia [2]. Txt C: \ Users \ Shirley \ Application Data \ Microsoft \ Windows \ Cookies \ Shirley @ revsci [1]. Txt C: \ Users \ Shirley \ Application Data \ Microsoft \ Windows \ Cookies \ Shirley @ specificcli ck [1]. Txt C: \ Users \ Shirley \ Application Data \ Microsoft \ Windows \ Cookies \ Shirley @ tribalfusio n [1]. Txt C: \ Users \ Shirley \ Cookies \ Shirley @ 2o7 [2]. Txt C: \ Users \ Shirley \ Cookies \ shirley@ad.yieldmanager [2]. Txt C: \ Users \ Shirley \ Cookies \ shirley@adopt.specificcli ck [1]. Txt C: \ Users \ Shirley \ Cookies \ Shirley @ interclick [1]. Txt C: \ Users \ Shirley \ Cookies \ Shirley @ media6degrees [1]. Txt C: \ Users \ Shirley \ Cookies \ Shirley @ microsoftinternet explorer.112.2o7 [1]. Txt C: \ Users \ Shirley \ Cookies \ Shirley @ microsoftwindows. 112.2o7 [1]. Txt C: \ Users \ Shirley \ Cookies \ shirley@msnportal.112.2o7 [1]. Txt C: \ Users \ Shirley \ Cookies \ shirley@msnservices.112.2 O7 [1]. Txt C: \ Users \ Shirley \ Cookies \ Shirley @ RealMedia [2]. Txt C: \ Users \ Shirley \ Cookies \ Shirley @ revsci [1]. Txt C: \ Users \ Shirley \ Cookies \ Shirley @ specificclick [1]. Txt C: \ Users \ Shirley \ Cookies \ Shirley @ tribalfusion [1]. Txt Malwarebytes' Anti-Malware 1.36 Tietokannan versio: 2150 Windows 6.0.6001 Service Pack 1 5/19/2009 8:40:58 AM mbam-log-2009-05-19 (08-40-58). txt Scan type: Quick Scan Objektit skannattavan: 71524 Kulunut aika: 3 minute (s), 23 toinen (t) Memory Processes Infected: 0 Memory Modules Infected: 0 Rekisteriavaimista Infected: 13 Registry Values Infected: 0 Registry Data Items Infected: 3 Kansiot Infected: 3 Files Infected: 11 Memory Processes Infected: (Ei haittaohjelmia kohteet havaitaan) Memory Modules Infected: (Ei haittaohjelmia kohteet havaitaan) Rekisteriavaimista Infected: HKEY_CLASSES_ROOT \ fe345.fe345mgr (Trojan.FakeAlert) -> Quarantined ja poistaminen onnistui. HKEY_CLASSES_ROOT \ CLSID \ (65768b48-b004-4b26-9bac-a3bac39643d1) (Trojan.FakeAlert) -> Quarantined ja poistaminen onnistui. HKEY_CURRENT_USER \ SOFTWARE \ Microsoft \ Windows \ Curre ntVersion \ Ext \ Stats \ (65768b48-b004-4b26-9bac-a3bac39643d1) (Trojan.FakeAlert) -> Quarantined ja poistaminen onnistui. HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ Windows \ curr entVersion \ Explorer \ Browser Helper Objects \ (65768b48-b004-4b26-9bac-a3bac39643d1) (Trojan.FakeAlert) -> Quarantined ja poistaminen onnistui. HKEY_CLASSES_ROOT \ fe345.fe345mgr.1 (Trojan.FakeAlert) -> Quarantined ja poistaminen onnistui. HKEY_CLASSES_ROOT \ y537.y537mgr (Trojan.BHO) -> Quarantined ja poistaminen onnistui. HKEY_CLASSES_ROOT \ TypeLib \ (e63648f7-3933-440e-b4f6-a8584dd7b7eb) (Trojan.BHO) -> Quarantined ja poistaminen onnistui. HKEY_CLASSES_ROOT \ Interface \ (f7d09218-46d7-4d3d-9b7f-315204cd0836) (Trojan.BHO) -> Quarantined ja poistaminen onnistui. HKEY_CLASSES_ROOT \ CLSID \ (e7f15ac4-e0a9-43f0-921b-70dfea621220) (Trojan.BHO) -> Quarantined ja poistaminen onnistui. HKEY_CURRENT_USER \ SOFTWARE \ Microsoft \ Windows \ Curre ntVersion \ Ext \ Stats \ (e7f15ac4-e0a9-43f0-921b-70dfea621220) (Trojan.BHO) -> Quarantined ja poistaminen onnistui. HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ Windows \ curr entVersion \ Explorer \ Browser Helper Objects \ (e7f15ac4-e0a9-43f0-921b-70dfea621220) (Trojan.BHO) -> Quarantined ja poistaminen onnistui. HKEY_CLASSES_ROOT \ y537.y537mgr.1 (Trojan.BHO) -> Quarantined ja poistaminen onnistui. HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ Windows \ curr entVersion \ Uninstall \ Internet antivirus pro_is1 (Rogue.InternetAntivirus) -> Quarantined ja poistaminen onnistui. Registry Values Infected: (Ei haittaohjelmia kohteet havaitaan) Registry Data Items Infected: HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ Security Center \ AntiVirusDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined ja poistaminen onnistui. HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ Security Center \ FirewallDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined ja poistaminen onnistui. HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ Security Center \ UpdatesDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined ja poistaminen onnistui. Kansiot Infected: C: \ Windows \ System32 \ 199638 (Trojan.FakeAlert) -> Quarantined ja poistaminen onnistui. C: \ Program Files \ websrvx (Trojan.Downloader) -> Quarantined ja poistaminen onnistui. C: \ Windows \ System32 \ 796525 (Trojan.BHO) -> Quarantined ja poistaminen onnistui. Files Infected: C: \ Windows \ System32 \ 199638 \ 199638.dll (Trojan.FakeAlert) -> Quarantined ja poistaminen onnistui. C: \ Windows \ System32 \ 796525 \ 796525.dll (Trojan.BHO) -> Quarantined ja poistaminen onnistui. C: \ Users \ Shirley \ AppData \ Local \ Temp \ jopaxx_1241669 819.exe (Worm.KoobFace) -> Quarantined ja poistaminen onnistui. C: \ Program Files \ Common Files \ InternetAntivirusPro.exe (Rogue.InternetAntivirus) -> Quarantined ja poistaminen onnistui. C: \ Windows \ msmark2.dat (Worm.KoobFace) -> Quarantined ja poistaminen onnistui. C: \ Windows \ t55ft2668f44.dat (Worm.KoobFace) -> Quarantined ja poistaminen onnistui. C: \ Windows \ t55ft2695f44.dat (Worm.KoobFace) -> Quarantined ja poistaminen onnistui. C: \ Windows \ t55ft3105f44.dat (Worm.KoobFace) -> Quarantined ja poistaminen onnistui. C: \ Windows \ 9g2234wesdf3dfgjf23 (Worm.KoobFace) -> Quarantined ja poistaminen onnistui. C: \ Windows \ f5087.dat (Worm.KoobFace) -> Quarantined ja poistaminen onnistui. C: \ Windows \ f23567.dat (Worm.KoobFace) -> Quarantined ja poistaminen onnistui. (ennen oli ensimmäinen loki alla on tällä hetkellä yksi) Malwarebytes' Anti-Malware 1.36 Tietokannan versio: 2150 Windows 6.0.6001 Service Pack 1 5/23/2009 9:03:23 AM mbam-log-2009-05-23 (09-03-23). txt Scan type: Quick Scan Objektit skannattavan: 70234 Kulunut aika: 2 minute (s), 28 toinen (t) Memory Processes Infected: 0 Memory Modules Infected: 0 Rekisteriavaimista Infected: 0 Registry Values Infected: 0 Registry Data Items Infected: 0 Folders Infected: 0 Files Infected: 0 Memory Processes Infected: (Ei haittaohjelmia kohteet havaitaan) Memory Modules Infected: (Ei haittaohjelmia kohteet havaitaan) Rekisteriavaimista Infected: (Ei haittaohjelmia kohteet havaitaan) Registry Values Infected: (Ei haittaohjelmia kohteet havaitaan) Registry Data Items Infected: (Ei haittaohjelmia kohteet havaitaan) Kansiot Infected: (Ei haittaohjelmia kohteet havaitaan) Files Infected: (Ei haittaohjelmia kohteet havaitaan) Logfile ja Trend Micro HijackThis v2.0.2 Scan tallennettu klo 9:09:09 AM, annettu 5.23.2009 Platform: Windows Vista SP1 (WinNT 6.00.1905) MSIE: Internet Explorer v8.00 (8.00.6001.18702) Boot mode: Normal Käynnissä olevista prosesseista: C: \ Windows \ system32 \ Dwm.exe C: \ Windows \ system32 \ taskeng.exe C: \ Windows \ Explorer.exe C: \ Program Files \ Windows Media Player \ wmpnscfg.exe C: \ Program Files \ Windows Defender \ MSASCui.exe C: \ Windows \ RtHDVCpl.exe C: \ Program Files \ Newtech Infosystems \ NTI Backup Now 5 \ BkupTray.exe C: \ Acer \ Itsenäistä Technology \ SysMonitor.exe C: \ Program Files \ Motorola \ SMSERIAL \ sm56hlpr.exe C: \ Windows \ System32 \ nvraidservice.exe C: \ Program Files \ Lexmark 4300 Series \ lxcemon.exe C: \ Program Files \ Lexmark 4300 Series \ ezprint.exe C: \ Program Files \ Common Files \ ArcSoft \ Connection Service \ Bin \ ACDaemon.exe C: \ Program Files \ iTunes \ iTunesHelper.exe C: \ Program Files \ Java \ jre6 \ bin \ jusched.exe C: \ Program Files \ BillP Studios \ WinPatrol \ WinPatrol.exe C: \ Windows \ System32 \ rundll32.exe C: \ Program Files \ ALWIL Software \ Avast4 \ ashDisp.exe C: \ Program Files \ Google \ GoogleToolbarNotifier \ GoogleToolbarNo tifier.exe C: \ Windows \ ehome \ ehtray.exe C: \ Program Files \ OLYMPUS \ OLYMPUS Master 2 \ MMonitor.exe C: \ Program Files \ Spybot - Search & Destroy \ TeaTimer.exe C: \ Program Files \ Eraser \ Eraser.exe C: \ Program Files \ SUPERAntiSpyware \ SUPERAntiSpyware.exe C: \ Program Files \ Kodak \ Kodak EasyShare Software \ bin \ EasyShare.exe C: \ Windows \ system32 \ wbem \ Unsecapp.exe C: \ Acer \ Itsenäistä Technology \ ACER.EMPOWERING.FRAMEWORK.SUPERVISOR.EX E C: \ Acer \ Itsenäistä Technology \ eRecovery \ ERAGENT.EXE C: \ Windows \ ehome \ ehmsas.exe C: \ Users \ Shirley \ Desktop \ HiJackThis.exe R0 - HKCU \ Software \ Microsoft \ Internet Explorer \ Main, Start Page = http://www.yahoo.com/ R1 - HKLM \ Software \ Microsoft \ Internet Explorer \ Main, Default_Page_URL = http://en.us.acer.yahoo.com R1 - HKLM \ Software \ Microsoft \ Internet Explorer \ Main, Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM \ Software \ Microsoft \ Internet Explorer \ Main, Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM \ Software \ Microsoft \ Internet Explorer \ Main, Start Page = http://en.us.acer.yahoo.com R0 - HKLM \ Software \ Microsoft \ Internet Explorer \ Search, SearchAssistant = R0 - HKLM \ Software \ Microsoft \ Internet Explorer \ Search, CustomizeSearch = R1 - HKCU \ Software \ Microsoft \ Windows \ CurrentVersion \ Int ernet Asetukset, ProxyServer = http = localhost: 7171 R0 - HKCU \ Software \ Microsoft \ Internet Explorer \ Toolbar, LinksFolderName = O1 - Hosts::: 1 localhost O2 - BHO: (no name) - (02478D38-C3F9-4efb-9B51-7695ECA05670) - (no file) O2 - BHO: AcroIEHelperStub - (18DF081C-E8AD-4283-A596-FA578C2EBDC3) - C: \ Program Files \ Common Files \ Adobe \ Acrobat \ ActiveX \ AcroIEHelperShim.dll O2 - BHO: Spybot-S & D IE Protection - (53707962-6F74-2D53-2644-206D7942484F) - C: \ PROGRA ~ 1 \ Spybot ~ 1 \ SDHelper.dll O2 - BHO: (no name) - (602ADB0E-4AFF-4217-8AA1-95DAC4DFA408) - (no file) O2 - BHO: SSVHelper Class - (761497BB-D6F0-462C-B6EB-D4DAF1D92D43) - C: \ Program Files \ Java \ jre6 \ bin \ ssv.dll O2 - BHO: (no name) - (83A2F9B1-01A2-4AA5-87D1-45B6B8505E96) - (no file) O2 - BHO: Google Toolbar Helper - (AA58ED58-01DD-4d91-8333-CF10577473F7) - C: \ Program Files \ Google \ Google Toolbar \ GoogleToolbar.dll O2 - BHO: Google Toolbar Notifier BHO - (AF69DE43-7D58-4638-B6FA-CE66B5AD205D) - C: \ Program Files \ Google \ GoogleToolbarNotifier \ 5.1.1309.3572 \ s wg.dll O2 - BHO: Google Sanakirja Compression sdch - (C84D72FE-E17D-4195-BB24-76C02E2E7C4E) - C: \ Program Files \ Google \ Google Toolbar \ Component \ fastsearch_A8904FB862BD9564.dll O2 - BHO: Java (tm) Plug-In 2 SSV Helper - (DBC80044-A445-435b-BC74-9C25C1C588A9) - C: \ Program Files \ Java \ jre6 \ bin \ jp2ssv.dll O3 - Toolbar: Google Toolbar - (2318C2B1-4965-11D4-9B18-009027A5CD4F) - C: \ Program Files \ Google \ Google Toolbar \ GoogleToolbar.dll O4 - HKLM \ .. \ Run: [Windows Defender]% ProgramFiles% \ Windows Defender \ MSASCui.exe piilotus O4 - HKLM \ .. \ Run: [RtHDVCpl] RtHDVCpl.exe O4 - HKLM \ .. \ Run: [BkupTray] "C: \ Program Files \ Newtech Infosystems \ NTI Backup Now 5 \ BkupTray.exe" O4 - HKLM \ .. \ Run: [Acer Itsenäistä Technology Monitor] C: \ Acer \ Itsenäistä Technology \ SysMonitor.exe O4 - HKLM \ .. \ Run: [SMSERIAL] C: \ Program Files \ Motorola \ SMSERIAL \ sm56hlpr.exe O4 - HKLM \ .. \ Run: [Acer Product Registration] "C: \ Program Files \ Acer rekisterihallitus \ ACE1.exe" / käynnistys O4 - HKLM \ .. \ Run: [NVRaidService] C: \ Windows \ system32 \ nvraidservice.exe O4 - HKLM \ .. \ Run: [LXCECATS] rundll32 C: \ Windows \ system32 \ spool \ DRIVERS \ W32X86 \ 3 \ LXCEtim e.dll, _RunDLLEntry @ 16 O4 - HKLM \ .. \ Run: [lxcemon.exe] "C: \ Program Files \ Lexmark 4300 Series \ lxcemon.exe" O4 - HKLM \ .. \ Run: [EzPrint] "C: \ Program Files \ Lexmark 4300 Series \ ezprint.exe" O4 - HKLM \ .. \ Run: [ArcSoft Connection Service] C: \ Program Files \ Common Files \ ArcSoft \ Connection Service \ Bin \ ACDaemon.exe O4 - HKLM \ .. \ Run: [QuickTime Task] "C: \ Program Files \ QuickTime \ QTTask.exe"-atboottime O4 - HKLM \ .. \ Run: [iTunesHelper] "C: \ Program Files \ iTunes \ iTunesHelper.exe" O4 - HKLM \ .. \ Run: [SunJavaUpdateSched] "C: \ Program Files \ Java \ jre6 \ bin \ jusched.exe" O4 - HKLM \ .. \ Run: [Adobe Reader Speed Launcher] "C: \ Program Files \ Adobe \ Reader 9.0 \ Reader \ Reader_sl.exe" O4 - HKLM \ .. \ Run: [WinPatrol] C: \ Program Files \ BillP Studios \ WinPatrol \ winpatrol.exe-expressboot O4 - HKLM \ .. \ Run: [NvCplDaemon] rundll32.exe C: \ Windows \ system32 \ NvCpl.dll, NvStartup O4 - HKLM \ .. \ Run: [NvMediaCenter] rundll32.exe C: \ Windows \ system32 \ NvMcTray.dll, NvTaskbarInit O4 - HKLM \ .. \ Run: [avast!] C: \ PROGRA ~ 1 \ ALWILS ~ 1 \ Avast4 \ ashDisp.exe O4 - HKCU \ .. \ Run: [swg] C: \ Program Files \ Google \ GoogleToolbarNotifier \ GoogleToolbarNo tifier.exe O4 - HKCU \ .. \ Run: [ehTray.exe] C: \ Windows \ ehome \ ehTray.exe O4 - HKCU \ .. \ Run: [OM2_Monitor] "C: \ Program Files \ OLYMPUS \ OLYMPUS Master 2 \ MMonitor.exe" O4 - HKCU \ .. \ Run: [WMPNSCFG] C: \ Program Files \ Windows Media Player \ WMPNSCFG.exe O4 - HKCU \ .. \ Run: [SpybotSD TeaTimer] C: \ Program Files \ Spybot - Search & Destroy \ TeaTimer.exe O4 - HKCU \ .. \ Run: [Eraser] C: \ Program Files \ Eraser \ Eraser.exe piilotus O4 - HKCU \ .. \ Run: [SUPERAntiSpyware] C: \ Program Files \ SUPERAntiSpyware \ SUPERAntiSpyware.exe O4 - HKUS \ S-1-5-19 \ .. \ Run: [Sidebar]% ProgramFiles% \ Windows Sidebar \ Sidebar.exe / detectMem (User 'LOCAL SERVICE') O4 - HKUS \ S-1-5-19 \ .. \ Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll, ShowWelcomeCenter (User 'LOCAL SERVICE') O4 - HKUS \ S-1-5-20 \ .. \ Run: [Sidebar]% ProgramFiles% \ Windows Sidebar \ Sidebar.exe / detectMem (User 'NETWORK SERVICE') O4 - Global Startup: Itsenäistä Technology Launcher.lnk =? O4 - Global Startup: Kodak Easyshare software.lnk = C: \ Program Files \ Kodak \ Kodak EasyShare Software \ bin \ EasyShare.exe O8 - Extra yhteydessä valikkotoimintoa: E & Vie Microsoft Excel - res: / / C: \ PROGRA ~ 1 \ mikros ~ 2 \ Office12 \ EXCEL.EXE/3000 O9 - Extra button: Send to OneNote - (2670000A-7350-4f3c-8081-5663EE0C6C49) - C: \ PROGRA ~ 1 \ mikros ~ 2 \ Office12 \ ONBttnIE.dll O9 - Extra 'Tools' menuitem: S & loppu OneNote - (2670000A-7350-4f3c-8081-5663EE0C6C49) - C: \ PROGRA ~ 1 \ mikros ~ 2 \ Office12 \ ONBttnIE.dll O9 - Extra button: Research - (92780B25-18CC-41C8-B9BE-3C9C571A8263) - C: \ PROGRA ~ 1 \ mikros ~ 2 \ Office12 \ REFIEBAR.DLL O9 - Extra button: (no name) - (DFB852A3-47F8-48C4-A200-58CAB36FD2A2) - C: \ PROGRA ~ 1 \ Spybot ~ 1 \ SDHelper.dll O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - (DFB852A3-47F8-48C4-A200-58CAB36FD2A2) - C: \ PROGRA ~ 1 \ Spybot ~ 1 \ SDHelper.dll O13 - Gopher Prefix: O16 - DPF: (3860DD98-0549-4D50-AA72-5D17D200EE10) -- O18 - Filter: x-sdch - (B1759355-3EEC-4C1E-B0F1-B719FE26E377) - C: \ Program Files \ Google \ Google Toolbar \ Component \ fastsearch_A8904FB862BD9564.dll O20 - Winlogon Notify:! SASWinLogon - C: \ Program Files \ SUPERAntiSpyware \ SASWINLO.dll O23 - Service: ArcSoft Connect Daemon (ACDaemon) - ArcSoft Inc. - C: \ Program Files \ Common Files \ ArcSoft \ Connection Service \ Bin \ ACService.exe O23 - Service: ePerformance Service (AcerMemUsageCheckService) - Unknown owner - C: \ Acer \ Itsenäistä Technology \ ePerformance \ MemCheck.exe O23 - Service: Apple Mobile Device - Apple Inc. - C: \ Program Files \ Common Files \ Apple \ Mobile Device Support \ bin \ AppleMobileDeviceService.exe O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C: \ Program Files \ ALWIL Software \ Avast4 \ aswUpdSv.exe O23 - Service: avast! Antivirus - ALWIL Software - C: \ Program Files \ ALWIL Software \ Avast4 \ ashServ.exe O23 - Service: avast! Mail Scanner - ALWIL Software - C: \ Program Files \ ALWIL Software \ Avast4 \ ashMaiSv.exe O23 - Service: avast! Web Scanner - ALWIL Software - C: \ Program Files \ ALWIL Software \ Avast4 \ ashWebSv.exe O23 - Service: Bonjour Service - Apple Inc. - C: \ Program Files \ Bonjour \ mDNSResponder.exe O23 - Service: NTI Backup Now 5 Agent Service (BUNAgentSvc) - Newtech Infosystems, Inc. - C: \ Program Files \ Newtech Infosystems \ NTI Backup Now 5 \ Client \ Agentsvc.exe O23 - Service: eRecovery Service (eRecoveryService) - Acer Inc. - C: \ Acer \ Itsenäistä Technology \ eRecovery \ eRecoveryService.exe O23 - Service: eSettings Service (eSettingsService) - Unknown owner - C: \ Acer \ Itsenäistä Technology \ eSettings \ Service \ capuserv.exe O23 - Service: Google Software Updater (gusvc) - Google - C: \ Program Files \ Google \ Common \ Google Updater \ GoogleUpdaterService.exe O23 - Service: iPod Service - Apple Inc. - C: \ Program Files \ iPod \ bin \ iPodService.exe O23 - Service: lxce_device - - C: \ Windows \ system32 \ lxcecoms.exe O23 - Service: NTI Backup Now 5 Backup Service (NTIBackupSvc) - Newtech InfoSystems, Inc. - C: \ Program Files \ Newtech Infosystems \ NTI Backup Now 5 \ BackupSvc.exe O23 - Service: NTI Backup Now 5 Scheduler Service (NTISchedulerSvc) - Unknown owner - C: \ Program Files \ Newtech Infosystems \ NTI Backup Now 5 \ SchedulerSvc.exe O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C: \ Windows \ system32 \ nvvsvc.exe O23 - Service: SBSD Security Center Service (SBSDWSCService) - Safer Networking Ltd - C: \ Program Files \ Spybot - Search & Destroy \ SDWinSec.exe -- End of file - 9919 bytes |
|
#2
23. päivästä toukokuuta 2009, 23:45
| ||||||||||||
| ||||||||||||
| Windows Vista ei Update Hei Bubba .... Meidän täytyy poistaa käytöstä TeaTimer koska se voi häiritä korjaukset, että meidän täytyy tehdä. 1) Käynnistä Spybot-S & D 2) Go to Mode-valikko ja varmista, että "Advanced Mode" on valittu 3) Vasemmalla puolella, valitse Työkalut -> Asukas 4) Poista "Resident TeaTimer" ja OK mitään kehotteita 5) Käynnistä tietokone uudelleen. Ladata ResetTeaTimer.bat oikealla klikkaamalla linkkiä ja valitsemalla Tallenna nimellä. * Tallenna se työpöydälle. * Kaksoisnapsauta ResetTeaTimer.zip * Kaksoisnapsauta ResetTeaTimer.bat ja valitse Suorita poistaa kaikki merkinnät asettamat TeaTimer. Kun kaikki korjaukset on kokonaisuudessaan on erittäin tärkeää, että otat TeaTimer uudelleen, aion kertoa sinulle, kun se on turvallista tehdä niin. A opastus Tea Timer löydät täältä -> http://russelltexas.com/malware/teatimer.htm ==========================================\u0 Lataa ja skannata kanssa ComboFix.exe. Käy tämän Web-Noutolinkit, ja ohjeet käynnissä työkalu: http://www.bleepingcomputer.com/comb...o-use-combofix Varmista, olet poistanut kaikki anti-virus ja anti haittaohjelmien ohjelmat mukaan lukien winpatrol joten ne eivät häiritse vanhentumisajan ComboFix. Lisää C: \ ComboFix.txt näkyy seuraavassa vastaus tarkastella edelleen. ==========================================\u0 Siirry Käynnistä-valikko > Valitse Juosta ja kopioi / liitä seuraava Suorita-ruutuun ja valitse sitten OK: C: \ Qoobox \ Lisää-Poista Programs.txt A Tekstitiedostossa pitäisi avata. Lähetä sisällön että tiedoston seuraavan vastauksen.
__________________
__________________
Ylpeä jäseneksi ASAP & UNITE My System: Steves Poraustornin
|
|
#3
24. päivästä toukokuuta 2009, 02:33
| |||
| |||
| Windows Vista ei Update Muutamia asioita, ennen kuin voin lähettää logs: 1. Kun Tea ajastin opetusohjelma olet yhteydessä, se sanoi myös poistaa asukas SDHelper niin olen tehnyt. 2. ComboFix ei näytä varmuuskopioida regisdtry näytöllä, ellei se on nopea näytön ja kaipasin sitä samalla, kun katsot minun tietokone (muista tämä on ystäviä). Se ei katkaista Internet enkä huomaa muuttuvat ajan. Molemmat symbolit ovat näkyvissä, kun yhdistelmäruudussa vahvistaa oli käynnissä. Onko tämä ongelma? Myös sen jälkeen, kun käynnissä Combofix, taustakuva oli vääristynyt, joten rebooted. Kun computerstarted takaisin ylös, taustakuva oli mennyt, Firefox ei enää oletusselain ja viestin piipahti jopa, että IE etusivu oli vaihdettu MSN (mielestäni). Onko tämä normaalia? Myös Winpatrol huomattava, että uusi palvelu oli lisätty: appmgmts.dll. 3. Ennen kuin vastasi tähän, sain eroon Google-työkalupalkkiin. Useat näistä HJT merkinnät näytti oudolta. Vuonna 018 esimerkiksi se oli x-sdCH sijaan x-sdHC .......... Lisäksi lol, Vihaan Toolbars ja he voivat aina lisätä sen takaisin, jos he haluavat sitä. Riippumatta, jotka ovat muuttaneet HJT loki. Olen myös päässyt eroon myös 02-2: n että ei ollut tiedosto liittyvät niiden kanssa. 4. Mihin me tässä Combofix? LOL i alkoi ladata ja suorittaa sitä ennen lähetetty tämän säikeen, mutta päätti juuri tiedä tiedä tarpeeksi vielä touhuta sen kanssa. Ja pitemmittä puheitta: ComboFix 09-05-23.04 - Shirley 05/24/2009 4:48.1 - NTFSx86 Microsoft ® Windows Vista ™ Home Premium 6.0.6001.1.1252.1.1033.18.2814.1916 [GMT -4:00] Running from: C: \ Users \ Shirley \ Desktop \ ComboFix.exe SP: Spybot - Search and Destroy * vammaisten * (Vanhentunut) (ED588FAF-1B8F-43B4-ACA8-8E3C85DADBE9) SP: SUPERAntiSpyware * vammaisten * (Päivitetty) (222A897C-5018-402e-943F-7E7AC8560DA7) SP: Windows Defender * käytössä * (Päivitetty) (D68DDC3A-831f-4FAE-9E44-DA132C1ACF46) . ((((((((((((((((((((((((( Files luotu 2009-04-24 ja 2009-05-24 ))))))))))) )))))))))))))))))))) . 2009-05-22 23:57. 2009-05-24 08:40 117760 ---- aw C: \ Users \ Shirley \ AppData \ Roaming \ SUPERAntiSpyware. com \ SUPERAntiSpyware \ SDDLLS \ UIREPAIR.DLL 2009-05-22 23:56. 2009-05-22 23:56 -------- d ----- wc: \ programdata \ SUPERAntiSpyware.com 2009-05-22 23:52. 2009-05-22 23:52 -------- d ----- wc: \ Program Files \ SUPERAntiSpyware 2009-05-22 23:52. 2009-05-22 23:52 -------- d ----- wc: \ Users \ Shirley \ AppData \ Roaming \ SUPERAntiSpyware. com 2009-05-22 20:36. 2009-05-22 20:36 -------- d ----- wc: \ Program Files \ Common Files \ Wise Installation Wizard 2009-05-22 15:06. 2009-02-05 20:06 51376 ---- aw C: \ Windows \ system32 \ drivers \ aswTdi.sys 2009-05-22 15:06. 2009-02-05 20:06 23152 ---- aw C: \ Windows \ system32 \ drivers \ aswRdr.sys 2009-05-22 15:06. 2009-02-05 20:07 114768 ---- aw C: \ Windows \ system32 \ drivers \ aswSP.sys 2009-05-22 15:06. 2009-02-05 20:07 20560 ---- aw C: \ Windows \ system32 \ drivers \ aswFsBlk.sys 2009-05-22 15:06. 2009-02-05 20:04 97480 ---- aw C: \ Windows \ system32 \ AvastSS.scr 2009-05-22 15:06. 2009-02-05 20:11 1256296 ---- aw C: \ Windows \ system32 \ aswBoot.exe 2009-05-22 15:06. 2009-02-05 20:06 51792 ---- aw C: \ Windows \ system32 \ drivers \ aswMonFlt.sys 2009-05-22 15:06. 2009-05-22 15:06 -------- d ----- wc: \ program files \ ALWIL Software 2009-05-22 04:38. 2009-05-22 04:38 738120 ---- aw C: \ programdata \ Microsoft \ eHome \ Packages \ MCESpotlig ht \ MCESpotlight \ SpotlightResources.dll 2009-05-20 12:43. 2008-06-20 01:14 97800 ---- aw C: \ Windows \ system32 \ infocardapi.dll 2009-05-20 12:43. 2008-06-20 01:14 105016 ---- aw C: \ Windows \ system32 \ PresentationCFFRasterizerNativ e_v0300.dll 2009-05-20 12:43. 2008-06-20 01:14 11264 ---- aw C: \ Windows \ system32 \ icardres.dll 2009-05-20 12:43. 2008-06-20 01:14 622080 ---- aw C: \ Windows \ system32 \ icardagt.exe 2009-05-20 12:43. 2008-06-20 01:14 43544 ---- aw C: \ Windows \ system32 \ PresentationHostProxy.dll 2009-05-20 12:43. 2008-06-20 01:14 781344 ---- aw C: \ Windows \ system32 \ PresentationNative_v0300.dll 2009-05-20 12:43. 2008-06-20 01:14 326160 ---- aw C: \ Windows \ system32 \ PresentationHost.exe 2009-05-20 12:33. 2008-07-27 18:03 96760 ---- aw C: \ Windows \ system32 \ dfshim.dll 2009-05-20 12:33. 2008-07-27 18:03 282112 ---- aw C: \ Windows \ system32 \ mscoree.dll 2009-05-20 12:33. 2008-07-27 18:03 41984 ---- aw C: \ Windows \ system32 \ netfxperf.dll 2009-05-20 12:32. 2008-07-27 18:03 158720 ---- aw C: \ Windows \ system32 \ mscorier.dll 2009-05-20 12:32. 2008-07-27 18:03 83968 ---- aw C: \ Windows \ system32 \ mscories.dll 2009-05-20 11:39. 2009-05-20 11:39 -------- d ----- wc: \ Program Files \ Microsoft Silverlight 2009-05-20 04:03. 2009-05-20 11:00 -------- d ----- wc: \ Program Files \ Windows Live Safety Center 2009-05-19 23:20. 2009-05-19 23:20 -------- d ----- wc: \ Users \ Shirley \ AppData \ Local \ Acer DV Magician 2009-05-19 23:10. 2009-05-19 23:10 -------- d ----- wc: \ windows \ Sun 2009-05-19 20:40. 2009-05-19 20:40 -------- d ----- wc: \ Users \ Shirley \ AppData \ Roaming \ com.adobe.mauby.4 875E02D9FB21EE389F73B8D1702B320485DF8CE.1 2009-05-19 20:40. 2009-05-19 11:41 38200 ---- aw C: \ Users \ Shirley \ AppData \ Roaming \ Macromedia \ Flash Player \www.macromedia.com \ bin \ airappinstaller \ airappinsta ller.exe 2009-05-19 18:24. 2009-05-24 08:38 -------- d ----- wc: \ Users \ Shirley \ AppData \ Local \ Eraser 2009-05-19 18:24. 2009-05-19 18:24 -------- d - h - wc: \ Users \ Shirley \ AppData \ Local \ (A25FEDC1-F6D7-440C-BCE2-B71F595F6646) 2009-05-19 18:24. 2009-05-19 18:24 -------- d ----- wc: \ Program Files \ Eraser 2009-05-19 17:20. 2009-05-19 17:20 -------- d ----- wc: \ Users \ Shirley \ AppData \ Roaming \ eSobi 2009-05-19 17:11. 2008-07-10 06:32 538 ---- aw C: \ Windows \ system32 \ RegRaidSedona.bat 2009-05-19 17:07. 2009-05-19 17:07 -------- d ----- w C: \ NVIDIA 2009-05-19 14:04. 2009-05-19 14:05 -------- d ----- wc: \ Program Files \ Spybot - Search & Destroy 2009-05-19 14:04. 2009-05-19 14:05 -------- d ----- wc: \ programdata \ Spybot - Search & Destroy 2009-05-19 13:01. 2009-05-19 13:01 -------- d ----- wc: \ Users \ Shirley \ AppData \ Roaming \ WinPatrol 2009-05-19 13:01. 2006-09-18 21:43 10 ---- aw C: \ Users \ Shirley \ AppData \ Roaming \ WinPatrol \ Config. sys 2009-05-19 13:01. 2006-09-18 21:43 24 ---- aw C: \ Users \ Shirley \ AppData \ Roaming \ WinPatrol \ Autoexe c.bat 2009-05-19 13:01. 2009-05-19 13:01 -------- d ----- wc: \ program files \ BillP Studios 2009-05-19 12:26. 2009-05-19 12:26 -------- d ----- wc: \ Users \ Shirley \ AppData \ Roaming \ Malwarebytes 2009-05-19 12:26. 2009-04-06 19:32 15504 ---- aw C: \ Windows \ system32 \ drivers \ mbam.sys 2009-05-19 12:26. 2009-04-06 19:32 38496 ---- aw C: \ Windows \ system32 \ drivers \ mbamswissarmy.sys 2009-05-19 12:26. 2009-05-19 13:22 -------- d ----- wc: \ Program Files \ Malwarebytes' Anti-Malware 2009-05-19 12:26. 2009-05-19 12:26 -------- d ----- wc: \ programdata \ Malwarebytes 2009-05-19 11:53. 2009-05-19 11:53 0 ---- aw C: \ Windows \ nsreg.dat 2009-05-19 11:53. 2009-05-19 11:53 -------- d ----- wc: \ Users \ Shirley \ AppData \ Local \ Mozilla 2009-05-19 11:41. 2009-05-19 11:41 -------- d ----- wc: \ Program Files \ Common Files \ Adobe AIR 2009-05-19 11:38. 2009-05-19 12:45 -------- d ----- wc: \ programdata \ NOS 2009-05-19 11:29. 2009-05-19 11:29 -------- d ----- wc: \ Users \ Shirley \ AppData \ Local \ Seven Zip 2009-05-19 10:41. 2009-03-19 20:32 23400 ---- aw C: \ Windows \ system32 \ drivers \ GEARAspiWDM.sys 2009-05-19 10:41. 2008-04-17 16:12 107368 ---- aw C: \ Windows \ system32 \ GEARAspi.dll 2009-05-19 10:41. 2009-05-20 01:10 -------- d ----- wc: \ Program Files \ iPod 2009-05-19 10:41. 2009-05-19 10:41 -------- d ----- wc: \ programdata \ (8CD7F5AF-ECFA-4793-BF40-D8F42DBFF906) 2009-05-19 10:41. 2009-05-19 10:41 -------- d ----- wc: \ Program Files \ iTunes 2009-05-19 10:38. 2009-05-19 10:38 -------- d ----- wc: \ Program Files \ QuickTime 2009-05-19 10:34. 2009-05-19 10:34 75048 ---- aw C: \ programdata \ Apple Computer \ Installer Cache \ iTunes 8.1.1.10 \ SetupAdmin.exe 2009-05-19 10:34. 2009-05-19 10:34 -------- d ----- wc: \ Program Files \ Bonjour 2009-05-19 10:33. 2009-05-19 10:33 416128 ---- aw C: \ programdata \ Microsoft \ eHome \ Packages \ NetTV \ Brow se \ NetTVResources.dll 2009-05-19 10:29. 2009-05-19 10:29 410984 ---- aw C: \ Windows \ system32 \ deploytk.dll 2009-05-12 02:36. 2009-05-12 02:36 2930 --- h - wc: \ windows \ ms49f4d98.dat 2009-05-11 23:55. 2009-04-14 00:39 4656976 ---- aw C: \ programdata \ Microsoft \ Windows Defender \ Määritelmä Updates \ (DD7D9A19-5FB4-4855-A8E0-F0A00524AD5E) \ mpengine.dll . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))) )))))))))))))))))))))))))))))))))))))))))))) . 2009-05-24 08:39. 2009-02-17 13:54 602 ---- aw C: \ programdata \ ArcSoft \ Kodak-printcreations-22-080812-oem \ acforall.dll 2009-05-24 04:22. 2008-09-12 01:46 -------- d ----- wc: \ Program Files \ Google 2009-05-20 11:55. 2008-09-11 17:01 104472 ---- aw C: \ Users \ Shirley \ AppData \ Local \ GDIPFONTCACHEV1.DAT 2009-05-20 11:51. 2008-02-05 19:30 -------- d ----- wc: \ programdata \ Microsoft Ohje 2009-05-20 11:49. 2008-02-05 19:31 -------- d ----- wc: \ Program Files \ Microsoft Works 2009-05-20 03:54. 2008-09-12 14:01 -------- d ----- wc: \ program files \ Lx_cats 2009-05-20 00:42. 2008-02-05 20:19 -------- d ----- wc: \ Program Files \ Common Files \ Adobe 2009-05-19 23:28. 2008-02-05 19:26 -------- d - h - wc: \ Program Files \ InstallShield Installation Information 2009-05-19 23:27. 2008-02-05 19:49 -------- d ----- wc: \ Program Files \ Acer Arcade Live 2009-05-19 23:20. 2008-09-15 23:24 -------- d ----- wc: \ Users \ Shirley \ AppData \ Roaming \ Cyberlink 2009-05-19 21:38. 2008-09-12 20:56 -------- d ----- wc: \ Program Files \ Common Files \ SureThing Shared 2009-05-19 21:04. 2008-09-12 14:09 1664 ---- aw C: \ Users \ Shirley \ AppData \ Roaming \ wklnhst.dat 2009-05-19 17:29. 2009-03-04 15:55 -------- d ----- wc: \ Users \ Shirley \ AppData \ Roaming \ Sony 2009-05-19 17:20. 2008-02-05 19:22 -------- d ----- wc: \ programdata \ NVIDIA 2009-05-19 16:54. 2008-02-05 18:03 36864 ---- aw C: \ Windows \ system32 \ nvcod100.dll 2009-05-19 16:54. 2007-10-25 11:02 147456 ---- aw C: \ Windows \ system32 \ nvcolor.exe 2009-05-19 16:13. 2008-09-12 01:47 -------- d ----- wc: \ Users \ Shirley \ AppData \ Roaming \ LimeWire 2009-05-19 11:32. 2008-02-05 20:08 -------- d ----- wc: \ Program Files \ Yahoo! 2009-05-19 11:05. 2008-09-12 01:45 -------- d ----- wc: \ Program Files \ Java 2009-05-19 10:41. 2008-09-13 03:14 -------- d ----- wc: \ Program Files \ Common Files \ Apple 2009-05-19 10:38. 2008-09-13 03:15 -------- d ----- wc: \ programdata \ Apple Computer 2009-05-11 12:10. 2009-05-11 12:10 78260 ---- aw C: \ programdata \ SPL23D4.tmp 2009-04-17 10:12. 2006-11-02 11:18 -------- d ----- wc: \ Program Files \ Windows Mail 2009-04-02 22:13. 2009-04-02 22:13 702127 ---- aw C: \ programdata \ SPLFB91.tmp 2009-03-19 20:32. 2009-03-19 20:32 23400 ---- aw C: \ programdata \ (8CD7F5AF-ECFA-4793-BF40-D8F42DBFF906) \ x86 \ x86 \ GEARAspiWDM.sys 2009-03-17 03:38. 2009-04-17 05:22 13824 ---- aw C: \ Windows \ system32 \ apilogen.dll 2009-03-17 03:38. 2009-04-17 05:22 24064 ---- aw C: \ Windows \ system32 \ amxread.dll 2009-03-08 11:34. 2009-05-20 03:47 914944 ---- aw C: \ Windows \ system32 \ Wininet.dll 2009-03-08 11:34. 2009-05-20 03:47 43008 ---- aw C: \ Windows \ system32 \ licmgr10.dll 2009-03-08 11:33. 2009-05-20 03:47 18944 ---- aw C: \ Windows \ system32 \ corpol.dll 2009-03-08 11:33. 2009-05-20 03:47 109056 ---- aw C: \ Windows \ system32 \ iesysprep.dll 2009-03-08 11:33. 2009-05-20 03:47 109568 ---- aw C: \ Windows \ system32 \ PDMSetup.exe 2009-03-08 11:33. 2009-05-20 03:47 107520 ---- aw C: \ Windows \ system32 \ RegisterIEPKEYs.exe 2009-03-08 11:33. 2009-05-20 03:47 103936 ---- aw C: \ Windows \ system32 \ SetDepNx.exe 2009-03-08 11:33. 2009-05-20 03:47 132608 ---- aw C: \ Windows \ system32 \ ieUnatt.exe 2009-03-08 11:33. 2009-05-20 03:47 107008 ---- aw C: \ Windows \ system32 \ SetIEInstalledDate.exe 2009-03-08 11:33. 2009-05-20 03:47 420352 ---- aw C: \ Windows \ system32 \ vbscript.dll 2009-03-08 11:32. 2009-05-20 03:47 72704 ---- aw C: \ Windows \ system32 \ admparse.dll 2009-03-08 11:32. 2009-05-20 03:47 71680 ---- aw C: \ Windows \ system32 \ iesetup.dll 2009-03-08 11:32. 2009-05-20 03:47 66560 ---- aw C: \ Windows \ system32 \ wextract.exe 2009-03-08 11:32. 2009-05-20 03:47 169472 ---- aw C: \ Windows \ system32 \ iexpress.exe 2009-03-08 11:31. 2009-05-20 03:47 34816 ---- aw C: \ Windows \ system32 \ imgutil.dll 2009-03-08 11:31. 2009-05-20 03:47 48128 ---- aw C: \ Windows \ system32 \ Mshtmler.dll 2009-03-08 11:31. 2009-05-20 03:47 45568 ---- aw C: \ Windows \ system32 \ Mshta.exe 2009-03-08 11:22. 2009-05-20 03:47 156160 ---- aw C: \ Windows \ system32 \ msls31.dll 2009-03-03 04:46. 2009-04-17 05:22 3599328 ---- aw C: \ Windows \ system32 \ ntkrnlpa.exe 2009-03-03 04:46. 2009-04-17 05:22 3547632 ---- aw C: \ Windows \ system32 \ ntoskrnl.exe 2009-03-03 04:39. 2009-04-17 05:22 183296 ---- aw C: \ Windows \ system32 \ sdohlp.dll 2009-03-03 04:39. 2009-04-17 05:22 551424 ---- aw C: \ Windows \ system32 \ Rpcss.dll 2009-03-03 04:39. 2009-04-17 05:22 26112 ---- aw C: \ Windows \ system32 \ printfilterpipelineprxy.dll 2009-03-03 04:37. 2009-04-17 05:22 98304 ---- aw C: \ Windows \ system32 \ iasrecst.dll 2009-03-03 04:37. 2009-04-17 05:22 54784 ---- aw C: \ Windows \ system32 \ iasads.dll 2009-03-03 04:37. 2009-04-17 05:22 44032 ---- aw C: \ Windows \ system32 \ iasdatastore.dll 2009-03-03 03:04. 2009-04-17 05:22 666624 ---- aw C: \ Windows \ system32 \ printfilterpipelinesvc.exe 2009-03-03 02:38. 2009-04-17 05:22 17408 ---- aw C: \ Windows \ system32 \ iashost.exe . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))) )))))))))))))))))))))))))))))))))))))))) . . * Note * empty entries & legit default merkinnät eivät näy REGEDIT4 [HKEY_CURRENT_USER \ SOFTWARE \ Microsoft \ Windows \ Curre ntVersion \ Run] "ehTray.exe" = "C: \ Windows \ ehome \ ehTray.exe" [2008-01-21 125952] "OM2_Monitor" = "C: \ Program Files \ OLYMPUS \ OLYMPUS Master 2 \ MMonitor.exe" [2008-11-07 95536] "WMPNSCFG" = "C: \ Program Files \ Windows Media Player \ WMPNSCFG.exe" [2008-01-21 202240] "Eraser" = "C: \ Program Files \ Eraser \ Eraser.exe" [2007-12-22 916240] "SUPERAntiSpyware" = "C: \ Program Files \ SUPERAntiSpyware \ SUPERAntiSpyware.exe" [2009-05-14 1830128] [HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ Windows \ curr entVersion \ Run] "BkupTray" = "c: \ program files \ Newtech Infosystems \ NTI Backup Now 5 \ BkupTray.exe" [2007-12-30 34552] "Acer Itsenäistä Technology Monitor" = "c: \ acer \ Itsenäistä Technology \ SysMonitor.exe" [2008-01-10 326176] "SMSERIAL" = "C: \ Program Files \ Motorola \ SMSERIAL \ sm56hlpr.exe" [2007-02-02 630784] "Acer Product Registration" = "c: \ program files \ Acer rekisterihallitus \ ACE1.exe" [2007-10-15 3387392] "NVRaidService" = "c: \ windows \ system32 \ nvraidservice. Exe" [2008-11-12 203296] "LXCECATS" = "c: \ windows \ system32 \ spool \ DRIVERS \ W32X 86 \ 3 \ LXCEtime.dll" [2007-02-22 73728] "lxcemon.exe" = "C: \ Program Files \ Lexmark 4300 Series \ lxcemon.exe" [2007-05-17 205744] "EzPrint" = "C: \ Program Files \ Lexmark 4300 Series \ ezprint.exe" [2007-05-17 103344] "ArcSoft Connection Service" = "C: \ Program Files \ Common Files \ ArcSoft \ Connection Service \ Bin \ ACDaemon.exe" [2009-04-29 188728] "QuickTime Task" = "C: \ Program Files \ QuickTime \ QTTask.exe" [2009-01-05 413696] "iTunesHelper" = "C: \ Program Files \ iTunes \ iTunesHelper.exe" [2009-04-02 342312] "SunJavaUpdateSched" = "C: \ Program Files \ Java \ jre6 \ bin \ jusched.exe" [2009-05-19 148888] "Adobe Reader Speed Launcher" = "C: \ Program Files \ Adobe \ Reader 9.0 \ Reader \ Reader_sl.exe" [2009-02-27 35696] "WinPatrol" = "c: \ program files \ BillP Studios \ WinPatrol \ winpatrol.exe" [2009-04-20 337216] "NvCplDaemon" = "c: \ windows \ system32 \ NvCpl.dll" [2009-01-16 13683232] "NvMediaCenter" = "c: \ windows \ system32 \ NvMcTray. Dll" [2009-01-16 92704] "avast!" = "c: \ progra ~ 1 \ ALWILS ~ 1 \ Avast4 \ ashDisp. exe" [2009-02-05 81000] "RtHDVCpl" = "RtHDVCpl.exe" - c: \ windows \ RtHDVCpl.exe [2007-10-11 4702208] c: \ programdata \ Microsoft \ Windows \ Start Menu \ Programs \ Startup \ Itsenäistä Technology Launcher.lnk - c: \ acer \ Itsenäistä Technology \ eAPLauncher.exe [2008-2-5 535336] Kodak Easyshare software.lnk - c: \ program files \ Kodak \ Kodak EasyShare Software \ bin \ EasyShare.exe [2008-10-30 282624] [HKEY_LOCAL_MACHINE \ Software \ Microsoft \ Windows \ curr entversion \ policies \ system] "EnableUIADesktopToggle" = 0 (0x0) "EnableLUA" = 0 (0x0) [HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ Windows \ curr entversion \ Explorer \ ShellExecuteHooks] "(5AE067D3-9AFB-48E0-853A-EBB7F4A000DA)" = "C: \ Program Files \ SUPERAntiSpyware \ SASSEH.DLL" [2008-05-13 77824] [HKEY_LOCAL_MACHINE \ Software \ Microsoft \ Windows NT \ CurrentVersion \ Winlogon \ ilmoitettava \! SASWinLogon] 2008-12-22 16:05 356352 ---- aw C: \ Program Files \ SUPERAntiSpyware \ SASWINLO.dll HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ Windows NT \ CurrentVersion \ drivers32 "wave2" = serwvdrv.dll [HKEY_LOCAL_MACHINE \ SYSTEM \ CurrentControlSet \ Contro l \ SafeBoot \ Minimal \ WinDefend] @ = "Service" [HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ Security Center \ Monitoring] "DisableMonitoring" = dword: 00000001 [HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ Security Center \ Monitoring \ SymantecAntiVirus] "DisableMonitoring" = dword: 00000001 [HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ Security Center \ Monitoring \ SymantecFirewall] "DisableMonitoring" = dword: 00000001 [HKLM \ ~ \ Services \ sharedaccess \ Parameters \ firewallpo licy \ FirewallRules] "(2E9A4533-1359-46B6-B326-2B899D73FD10)" = UDP: C: \ Program Files \ Microsoft Office \ Office12 \ ONENOTE.EXE: Microsoft Office OneNote "(ADE9CF49-7A0E-4076-9B85-7648EC5E7736)" = TCP: C: \ Program Files \ Microsoft Office \ Office12 \ ONENOTE.EXE: Microsoft Office OneNote "(6299EEE5-1856-4B10-9916-798B1C1AEF89)" = UDP: C: \ Program Files \ Newtech Infosystems \ NTI Backup Now 5 \ BackupSvc.exe: BackupSvc.exe "(F3CFA48D-AE6A-482E-96D7-2390C5C0FDF5)" = UDP: C: \ Program Files \ Newtech Infosystems \ NTI Backup Now 5 \ Client \ Agentsvc.exe: AgentSvc.exe "(D430641B-178B-4C39-B53C-F6B3221DB01A)" = TCP: C: \ Program Files \ Newtech Infosystems \ NTI Backup Now 5 \ BackupSvc.exe: BackupSvc.exe "(948000F3-8719-4206-B4C5-6506B663184F)" = TCP: C: \ Program Files \ Newtech Infosystems \ NTI Backup Now 5 \ Client \ Agentsvc.exe: AgentSvc.exe "(8BCD640B-594A-465F-8A9E-E5A6C07DC081)" = UDP: C: \ Program Files \ Newtech Infosystems \ NTI Backup Now 5 \ SchedulerSvc.exe: SchedulerSvc.exe "(7B6B3B53-9D2B-40C9-B91F-FE85E1D6A25A)" = TCP: C: \ Program Files \ Newtech Infosystems \ NTI Backup Now 5 \ SchedulerSvc.exe: SchedulerSvc.exe "(CA5E49E2-2662-4B15-BE6C-0FC7F1CC3A1B)" = UDP: C: \ WINDOWS \ System32 \ lxcecoms.exe: Lexmark Communications System "(61DAEE1D-D19E-4F1A-B41E-603246AF524C)" = TCP: C: \ Windows \ System32 \ lxcecoms.exe: Lexmark Communications System "(EB8798E6-358B-4DDA-A219-21BBC5D3C79A)" = UDP: C: \ WINDOWS \ System32 \ spool \ drivers \ w32x86 \ 3 \ lxc epswx.exe: Printer Status-ikkuna "(C513D5EB-73E1-4ED7-A04C-C37C9E69B4B0)" = TCP: C: \ Windows \ System32 \ spool \ drivers \ w32x86 \ 3 \ lxc epswx.exe: Printer Status-ikkuna "(99976595-B4E1-4C9A-A3DE-A67AEDEE9B55)" = C: \ Program Files \ Acer Arcade Live \ Acer Arcade Live Etusivu \ Acer Arcade Live.exe: Acer Arcade Live "(7A37205C-E643-4464-8C27-FAFCC859102D)" = UDP: C: \ Program Files \ Microsoft Office \ Office12 \ ONENOTE.EXE: Microsoft Office OneNote "(1DF156D1-94E3-4B3D-A91E-724DFC89819E)" = TCP: C: \ Program Files \ Microsoft Office \ Office12 \ ONENOTE.EXE: Microsoft Office OneNote "(B7DA4A0B-FA80-40F6-A9A6-B737F64A2D2D)" = UDP: C: \ Program Files \ Bonjour \ mDNSResponder.exe: Bonjour "(D7D156E3-7B84-41F2-9FD8-CF9860453F65)" = TCP: C: \ Program Files \ Bonjour \ mDNSResponder.exe: Bonjour "(F8CDA590-0FD3-4E40-8A6C-9850B1E5C2AB)" = UDP: C: \ Program Files \ iTunes \ iTunes.exe: iTunes "(F6A110DE-6630-4823-B892-60950EB9ED71)" = TCP: C: \ Program Files \ iTunes \ iTunes.exe: iTunes "(8640BFAB-1B85-48CC-95D5-9AABB44E4D95)" = UDP: C: \ Program Files \ BillP Studios \ WinPatrol \ WinPatrol.exe: WinPatrol "(6CC4A3BE-8F00-4983-B199-3050D54509B8)" = TCP: C: \ Program Files \ BillP Studios \ WinPatrol \ WinPatrol.exe: WinPatrol "(1EA08720-DA12-4CDE-8A5A-AF15D91C1E5F)" = UDP: C: \ Program Files \ Malwarebytes' Anti-Malware \ mbam.exe: Malwarebytes' Anti-Malware "(DDDCF108-71DF-48CD-AD53-71D17C3F2C5C)" = TCP: C: \ Program Files \ Malwarebytes' Anti-Malware \ mbam.exe: Malwarebytes' Anti-Malware "(F98C3B13-2099-40EC-B504-2445C9C5B1B0)" = UDP: C: \ Program Files \ Spybot - Search & Destroy \ SpybotSD.exe: Spybot - Search & Destroy "(3DB81CCD-4E96-40B3-8CA9-0089C89C294B)" = TCP: C: \ Program Files \ Spybot - Search & Destroy \ SpybotSD.exe: Spybot - Search & Destroy "(918FE1A4-6957-4640-97D9-C85BED212614)" = UDP: C: \ Program Files \ Spybot - Search & Destroy \ SDUpdate.exe: Päivitä Spybot-S & D "(877DB07F-9298-486A-BB5B-930AF3A683AA)" = TCP: C: \ Program Files \ Spybot - Search & Destroy \ SDUpdate.exe: Päivitä Spybot-S & D "(5A664831-D250-4805-BB75-32612C9742F8)" = UDP: C: \ WINDOWS \ ehome \ ehshell.exe: Windows Media Center "(2A157C0E-5966-4B7E-8D49-178D75EA6009)" = TCP: C: \ Windows \ ehome \ ehshell.exe: Windows Media Center [HKLM \ ~ \ Services \ sharedaccess \ Parameters \ firewallpo licy \ StandardProfile] "EnableFirewall" = 0 (0x0) R1 aswSP; avast! Self Protection; c: \ windows \ system32 \ drivers \ aswSP.sys [5/22/2009 11:06 AM 114768] R1 FAMv4; FAMv4, c: \ windows \ system32 \ drivers \ FAMv4.sys [12/14/2007 3:35 PM 132120] R1 SASDIFSV; SASDIFSV, c: \ program files \ SUPERAntiSpyware \ sasdifsv.sys [5/14/2009 2:22 PM 9968] R1 SASKUTIL; SASKUTIL, c: \ program files \ SUPERAntiSpyware \ SASKUTIL.SYS [5/14/2009 2:22 PM 72944] R2 aswFsBlk; aswFsBlk; c: \ windows \ system32 \ drivers \ aswF sBlk.sys [5/22/2009 11:06 AM 20560] R2 aswMonFlt; aswMonFlt, c: \ windows \ system32 \ drivers \ kuin wMonFlt.sys [5/22/2009 11:06 AM 51792] R2 BUNAgentSvc; NTI Backup Now 5 Agent Service; c: \ program files \ Newtech Infosystems \ NTI Backup Now 5 \ Client \ Agentsvc.exe [12/30/2007 5:54 PM 21752] R2 NTIBackupSvc; NTI Backup Now 5 Backup Service; c: \ program files \ Newtech Infosystems \ NTI Backup Now 5 \ BackupSvc.exe [12/30/2007 5:55 PM 54520] R2 NTISchedulerSvc; NTI Backup Now 5 Scheduler Service; c: \ program files \ Newtech Infosystems \ NTI Backup Now 5 \ SchedulerSvc.exe [12/30/2007 5:54 PM 136440] R2 SBSDWSCService; SBSD Security Center Service; c: \ program files \ Spybot - Search & Destroy \ SDWinSec.exe [5/19/2009 10:04 AM 1153368] R3 SASENUM; SASENUM, c: \ program files \ SUPERAntiSpyware \ SASENUM.SYS [5/14/2009 2:22 PM 7408] [HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ Active Setup \ Installed Components \> (60B49E34-C7CC-11D0-8953-00A0C90347FF)] "c: \ windows \ System32 \ rundll32.exe" "c: \ windows \ System32 \ iedkcs32.dll", BrandIEActiveSe tup Signup . - - - - Orvolla poistettu - - - -- SafeBoot-procexp90.Sys . ------- Supplementary Scan ------- . uStart Page = hxxp: / / www.yahoo.com/ mStart Page = hxxp: / / en.us.acer.yahoo.com uInternet Asetukset, ProxyOverride = <local>, *. paikallisten uInternet Asetukset, ProxyServer = http = localhost: 7171 IE: E & Vie Microsoft Excel - c: \ progra ~ 1 \ mikros ~ 2 \ Office12 \ EXCEL.EXE/3000 Trusted Zone: microsoft.com \ päivitys Trusted Zone: microsoft.com \ WindowsUpdate FF - ProfilePath - c: \ Users \ Shirley \ AppData \ Roaming \ Mozilla \ Firefox \ P rofiles \ j0dqrqc6.default \ FF - prefs.js: browser.startup.homepage - hxxp: / / en.us.acer.yahoo.com / . ************************************************** ************************ catchme 0.3.1398 W2K/XP/Vista - rootkit / varkain haittaohjelmien detektori on Gmer, http://www.gmer.net Rootkit scan 2009-05-24 04:54 Windows 6.0.6001 Service Pack 1 NTFS skannaus piilotettu prosessien ... skannaus piilotettu Autostart merkinnät ... HKLM \ Software \ Microsoft \ Windows \ CurrentVersion \ Run LXCECATS = rundll32 c: \ windows \ system32 \ spool \ DRIVERS \ W32X86 \ 3 \ LXCEtim e.dll, _RunDLLEntry @ 16 ???????????????????????? ????? ?????????????????????????????????????????????????? ?????????????????????????????????????????????????? ?????????????????????????????????????????????????? skannaus piilotetut tiedostot ... scan loppuun onnistuneesti piilotetut tiedostot: 0 ************************************************** ************************ . --------------------- LOCKED rekisteriavaimista --------------------- [HKEY_LOCAL_MACHINE \ SYSTEM \ ControlSet001 \ Control \ Cl ass \ (4D36E96D-E325-11CE-BFC1-08002BE10318) \0000 \ AllUserSettings] @ Denied: (A) (käyttäjät) @ Denied: (A) (Kaikki) @ Sallittuja: (B 1 2 3 4 5) (S-1-5-20) "BlindDial" = dword: 00000000 . Täydennys-aika: 2009-05-24 4:55 ComboFix-karanteenissa-files.txt 2009-05-24 08:55 Pre-Run: 173756547072 tavua vapaata Post-Run: 173859581952 tavua vapaata 269 --- EOF --- 2009-05-17 10:04 ADD poista sovellus Microsoft Office Shared MUI (Englanti) 2007 Microsoft Office Shared Setup Metadata MUI (Englanti) 2007 Microsoft Office Word MUI (Englanti) 2007 Microsoft Silverlight Microsoft Visual C + + 2005 Redistributable Microsoft Visual C + + 2008 Redistributable - x86 9.0.30729.17 Microsoft Works Motorola SM56 Kaiutinpuhelin Modem Mozilla Firefox (3.0.10) MSXML 4.0 SP2 (KB936181) MSXML 4.0 SP2 (KB941833) MSXML 4.0 SP2 (KB954430) MSXML 4.0 SP2 Parser ja SDK Mystery Case Files - Huntsville Mystery Solitaire - Secret Island netbrdg NTI Backup Now 5 NTI Backup Now Standard NTI Media Maker 8 NTI Open File Manager (poista) NVIDIA Drivers OfotoXMI OLYMPUS Master 2 OLYMPUS muvee theaterPack PCDADDIN PCDHELP QuickTime Realtek High Definition Audio Driver Security Update for Microsoft Office PowerPoint 2007 (KB957789) SFR Shasta skin0001 SKINXSDK Spybot - Search & Destroy staticcr SUPERAntiSpyware Free Edition vihjeet Turbo Pizza Päivityksen 2007 Microsoft Office System (KB967642) Microsoft Office 2007 Ohje yhteisen Ominaisuudet (KB963673) Microsoft Office Excel 2007-ohje (KB963678) Microsoft Office OneNote 2007 Ohje (KB963670) Microsoft Office PowerPoint 2007-ohje (KB963669) Microsoft Office Skriptieditori Ohje (KB963671) Microsoft Office Word 2007 Ohje (KB963665) VPRINTOL Windows Live OneCare turvallisuuden skanneri WinPatrol 2009 LANGATON Zuma Deluxe EDIT: kolme kysymystä: huomasin Limewire DLL, voimme tappaa sen? Vaikka LTI on oikeutettu ohjelmaan, se on tarpeellinen? Mielestäni se oli kytköksissä tämän typerän Acer tietokone (mies he kuorma näiden asioiden kanssa junk) ja on irtisanottu on rakennettu Microsoft ohjelman. LT Kissa on rakennettu vakoiluohjelmista alkaen lprinter valmistaja, Lenmark. Luulin, että sain sen olennaisia osia, mutta en ollut varma, miten paljon kirves ilman invaliditeettiin tulostimeen. Voiko enemmän mennä tai mitä on jäljellä sakko? |
|
#4
24. päivästä toukokuuta 2009, 04:03
| |||
| |||
| Windows Vista ei Update Hei Bubba Please dont pelata HJT, ellet ymmärrä, miten se. Teidän on muistettava, että HJT on itse asiassa Rekisterieditori väline muussa yhteydessä. Haluaisin Vihaan sinua kääntää PC osaksi kallis ulottuvillasi! Kaksi 02 merkintöihin, jotka olet poistanut ovat legit, vaikka se antaa kuva puuttuu tämä ei aina tapahdu. HJT tiedetään misreport tietyt merkinnät. Mitä LimeWire, oletko uninstalled kautta ohjauspaneeliin? Jos niin sitten voimme flush pari lisää tarpeettomia kohteita, jotka ovat jääneet jäljelle. Näen muutaman bittiä, jotka liittyvät Norton, oli tämä bundled annetun PC kerralla? Please run pohjanpuoleinen Poistotyökalu puhdistaa pois reminants. Löydät työkalun tässä: Norton Removal Tool Kun tehdään ...... Combofix
Quote:
 Tallenna tämä CFScript.txt, Samassa paikassa kuin ComboFix.exe  Viitaten kuvan yläpuolella, vedä CFScript onto ComboFix.exe. Kun olet valmis, se tuottaa lokin sinun "C: \ ComboFix.txt" Älä mouseclick combofix ikkunassa vaikka se on käynnissä. Tämä saattaa aiheuttaa sen, pilttuu. VAROITUS! Kukaan muu ajattelee käyttäen edellä komentojono tekee sen omalla vastuullaan - saatat päätyä ottaa uudelleen asentaa Windows! Lähetä loki C: \ ComboFix.txt tarkastella edelleen. ===================================== Huomaan, että uninstall log oli katkaistu alkuun, voitteko repost se minulle kiitos. Myös pitää minut ajan tasalla siitä, miten asiat ovat järjestelmän viisas
__________________ Ylpeä jäseneksi ASAP & UNITE |
|
#5
24. päivästä toukokuuta 2009, 04:53
| |||
| |||
| Windows Vista ei Update LimeWire ei näy ohjelmien ja ominaisuus paneelin uninstall. tiedostot "ajaa" se Löysin olivat app. tiedostoja, ei exe, joten trudged kautta C-asemaan ja hävitä kaikki voisin löytää. Näen kaipasin ainakin yksi rekisterin though. Kuten Norton ........ joo, Acer ladattu kokeiluversio päälle. I uninstalled kautta ohjauspaneeliin ja sitten käytetään Norton poistotyökalu. (Tämä oli ensimmäinen asia, josta olen tehnyt, jopa ennen kuin ladattu spybot, Winpatrol, ja loput tavarani.) Kun olin menossa läpi C-aseman tiedostoja, Pidin löytää enemmän jäänteiden Norton ja hävitä ne menin. Se ei koskaan tapahtunut minulle suorittaa sen uudelleen, mutta teen sen nyt. LOL Nämä kolme kuvaa Combofix olivat kolmen olen utelias. Ei pitäisi olla välityspalvelinta isäntä, enkä usko, profiilit olisi lukittu kaikille. En ole kuitenkaan tutkittu Combofix vielä minkä takia en käytä sitä itse, koska minulla oli clueless, mitä tekemistä näiden kolmen, tai vaikka ne olivat itse asiassa "huonoja". Anteeksi leikkaamalla pää pois poistaa lokin, mitä typerä on Katsoin sitä kahdesti, koska se ei ollut käyttöä, ja jääneiden erehdykseni molemmilla kerroilla. EDIT: ja olen edelleen unohti lähettää sen: 2007 Microsoft Office Suite Service Pack 2 (SP2) Acer Arcade Live Etusivu Acer Itsenäistä Technology Acer ePerformance Management Acer eSettings Management Acer GameZone Console DTV 2.0.1.1 Acer rekisterihallitus Acrobat.com Adobe AIR Adobe Flash Player 10 ActiveX Adobe Flash Player 10 Plugin Adobe Reader 9.1.1 Adobe Shockwave Player 11.5 Agatha Christie Death on Niilin Alice Greenfingers Apple Mobile Device Support Apple Software Update ArcSoft Tulosta Creations ArcSoft Tulosta Creations - Albumin Page ArcSoft Tulosta Creations - Funhouse ArcSoft Tulosta Creations - Onnittelukortti ArcSoft Tulosta Creations - Foto Kirja ArcSoft Tulosta Creations - Valokuvakalenteri ArcSoft Tulosta Creations - Leikekirja ArcSoft Tulosta Creations - Slimline Card avast! Antivirus Azada Backspin Biljardi Big Kahuna Reef Bonjour BookWorm Deluxe Tiilet Egyptin Cake Mania CCScore Chicken Invaders 3 Chuzzle Diner Dash Flo kaikkialla Eraser ESSBrwr ESSCDBK ESScore ESSgui ESSini ESSPCD ESSPDock ESSTOOLS essvatgt Flip Words 2 HijackThis 2.0.2 Korjaustiedoston Microsoft. NET Framework 3.5 SP1 (KB953595) Korjaustiedoston Microsoft. NET Framework 3.5 SP1 (KB958484) iTunes Java (TM) 6 Update 13 Jewel Quest Solitaire kgcbaby kgchday kgchlwn kgcinvt kgckids kgcmove kgcvday Kick N Rush Kodak Easyshare ohjelmisto KODAK Galleria Upload Software Lexmark 4300 Series Mahjong Escape Muinainen Kiina Mahjongg esineitä Malwarebytes' Anti-Malware Memorex exPressit Label Design Studio Microsoft. NET Framework 3.5 SP1 Microsoft Office Excel MUI (Englanti) 2007 Microsoft Office Home and Student 2007 Microsoft Office OneNote MUI (Englanti) 2007 Microsoft Office PowerPoint MUI (Englanti) 2007 Microsoft Office Proof (Englanti) 2007 Microsoft Office Proof (Ranska) 2007 Microsoft Office Proof (Espanja) 2007 Microsoft Office Proofing (Englanti) 2007 Microsoft Office Shared MUI (Englanti) 2007 Microsoft Office Shared Setup Metadata MUI (Englanti) 2007 Microsoft Office Word MUI (Englanti) 2007 Microsoft Silverlight Microsoft Visual C + + 2005 Redistributable Microsoft Visual C + + 2008 Redistributable - x86 9.0.30729.17 Microsoft Works Motorola SM56 Kaiutinpuhelin Modem Mozilla Firefox (3.0.10) MSXML 4.0 SP2 (KB936181) MSXML 4.0 SP2 (KB941833) MSXML 4.0 SP2 (KB954430) MSXML 4.0 SP2 Parser ja SDK Mystery Case Files - Huntsville Mystery Solitaire - Secret Island netbrdg NTI Backup Now 5 NTI Backup Now Standard NTI Media Maker 8 NTI Open File Manager (poista) NVIDIA Drivers OfotoXMI OLYMPUS Master 2 OLYMPUS muvee theaterPack PCDADDIN PCDHELP QuickTime Realtek High Definition Audio Driver Security Update for Microsoft Office PowerPoint 2007 (KB957789) SFR Shasta skin0001 SKINXSDK Spybot - Search & Destroy staticcr SUPERAntiSpyware Free Edition vihjeet Turbo Pizza Päivityksen 2007 Microsoft Office System (KB967642) Microsoft Office 2007 Ohje yhteisen Ominaisuudet (KB963673) Microsoft Office Excel 2007-ohje (KB963678) Microsoft Office OneNote 2007 Ohje (KB963670) Microsoft Office PowerPoint 2007-ohje (KB963669) Microsoft Office Skriptieditori Ohje (KB963671) Microsoft Office Word 2007 Ohje (KB963665) VPRINTOL Windows Live OneCare turvallisuuden skanneri WinPatrol 2009 LANGATON Zuma Deluxe |
|
#6
24. päivästä toukokuuta 2009, 05:58
| |||
| |||
| Windows Vista ei Update Hei Bubba Kiitos päivitys poistaa lista - voit lähettää uusi combofix loki minulle pyynnön. Quote:
Mitä LTCats: Mistä voin kertoa tämä ei kelpaa, mutta on luokiteltu "Käyttäjän valinta", onko se toimii käynnisty Mitä Limewire: Näen pari merkinnät, jotka ovat vielä olemassa, mutta voimme ge niitä seuraavan suorittaa combofix
__________________ Ylpeä jäseneksi ASAP & UNITE |
|
#7
24. päivästä toukokuuta 2009, 07:03
| |||
| |||
| Windows Vista ei Update Auts, tietokone lukittu ja sammuttaa, koska se näytti Combofix oli loppuun asti. Se käynnistetään uudelleen ja olen valinnut SafeMode. En usko, että se on luonut kirjautua, mutta en tiedä varmasti. Tässä on Microsoft popup. Windows on toipunut odottamattoman sammutuksen yhteydessä. Ongelma allekirjoitus: Ongelma Tapahtuman nimi: Blue Screen OS Version: 6.0.6001.2.1.0.768.3 Locale ID: 1033 Lisätietoja ongelma: BCCode: 50 BCP1: E0858E9B BCP2: 00000000 BCP3: 9B9D2D10 BCP4: 00000002 OS Version: 6_6_6001 Service Pack: 1_0 TUOTERYHMÄ: 768_1 FILES jotka kuvaavat ONGELMA: C: \ Windows \ Minidump \ mini052409-01.dmp C: \ Users \ Shirley \ AppData \ temp \ WER-85644-0.systemdata.xml C: \ Users \ Shirley \ AppData \ Local \ Temp \ WERC6C7.tmp.ver sion.txt Minulla on jäljellä, että tietokoneella että näytöllä SafeMode. Mitä haluat minun tekevän sen kanssa? Olen jättää sen SafeMode kunnes kuulen jotain, minun pitää mennä elokuva nyt takaisin noin 3 tuntia. Mies on mukava työstää joku muu tietokone joten minun vielä saada apua täällä. EDIT: En ole kokeillut, mutta olen varma, että voin saada ne tiedostot SafeMode jos sinun täytyy tietää, mitä he sanovat, mutta ei myöskään tiedä, kuinka avoin XML-tiedosto. |
|
#8
24. päivästä toukokuuta 2009, 07:11
| |||
| |||
| Windows Vista ei Update Hei Bubba Kokeile käynnistystä ja katso jos se on käynnistynyt onnistuneesti uudelleen, jos ei yritä painamalla F8-näppäintä, jotta pääset boot ruudun käynnistyä ja valitse vaihtoehto Last Known Good Configuration.
__________________ Ylpeä jäseneksi ASAP & UNITE |
|
#9
24. päivästä toukokuuta 2009, 07:50
| |||
| |||
| Windows Vista ei Update Se käynnistynyt, ja on ComboFix2 kirjautua sinne, se on melko samanlainen kuin ensimmäinen, mutta on olemassa 10:04 timestamp viittaavat karanteeniasemalla loki. The quarentine loki on tyhjä. Tässä on tiedoston, en tiedä, jos se on täydellinen tai mitä haluat. NYT olen jakaa. ComboFix 09-05-23.04 - Shirley 05/24/2009 4:48.1 - NTFSx86 Microsoft ® Windows Vista ™ Home Premium 6.0.6001.1.1252.1.1033.18.2814.1916 [GMT -4:00] Running from: C: \ Users \ Shirley \ Desktop \ ComboFix.exe SP: Spybot - Search and Destroy * vammaisten * (Vanhentunut) (ED588FAF-1B8F-43B4-ACA8-8E3C85DADBE9) SP: SUPERAntiSpyware * vammaisten * (Päivitetty) (222A897C-5018-402e-943F-7E7AC8560DA7) SP: Windows Defender * käytössä * (Päivitetty) (D68DDC3A-831f-4FAE-9E44-DA132C1ACF46) . ((((((((((((((((((((((((( Files luotu 2009-04-24 ja 2009-05-24 ))))))))))) )))))))))))))))))))) . 2009-05-22 23:57. 2009-05-24 08:40 117760 ---- aw C: \ Users \ Shirley \ AppData \ Roaming \ SUPERAntiSpyware. com \ SUPERAntiSpyware \ SDDLLS \ UIREPAIR.DLL 2009-05-22 23:56. 2009-05-22 23:56 -------- d ----- wc: \ programdata \ SUPERAntiSpyware.com 2009-05-22 23:52. 2009-05-22 23:52 -------- d ----- wc: \ Program Files \ SUPERAntiSpyware 2009-05-22 23:52. 2009-05-22 23:52 -------- d ----- wc: \ Users \ Shirley \ AppData \ Roaming \ SUPERAntiSpyware. com 2009-05-22 20:36. 2009-05-22 20:36 -------- d ----- wc: \ Program Files \ Common Files \ Wise Installation Wizard 2009-05-22 15:06. 2009-02-05 20:06 51376 ---- aw C: \ Windows \ system32 \ drivers \ aswTdi.sys 2009-05-22 15:06. 2009-02-05 20:06 23152 ---- aw C: \ Windows \ system32 \ drivers \ aswRdr.sys 2009-05-22 15:06. 2009-02-05 20:07 114768 ---- aw C: \ Windows \ system32 \ drivers \ aswSP.sys 2009-05-22 15:06. 2009-02-05 20:07 20560 ---- aw C: \ Windows \ system32 \ drivers \ aswFsBlk.sys 2009-05-22 15:06. 2009-02-05 20:04 97480 ---- aw C: \ Windows \ system32 \ AvastSS.scr 2009-05-22 15:06. 2009-02-05 20:11 1256296 ---- aw C: \ Windows \ system32 \ aswBoot.exe 2009-05-22 15:06. 2009-02-05 20:06 51792 ---- aw C: \ Windows \ system32 \ drivers \ aswMonFlt.sys 2009-05-22 15:06. 2009-05-22 15:06 -------- d ----- wc: \ program files \ ALWIL Software 2009-05-22 04:38. 2009-05-22 04:38 738120 ---- aw C: \ programdata \ Microsoft \ eHome \ Packages \ MCESpotlig ht \ MCESpotlight \ SpotlightResources.dll 2009-05-20 12:43. 2008-06-20 01:14 97800 ---- aw C: \ Windows \ system32 \ infocardapi.dll 2009-05-20 12:43. 2008-06-20 01:14 105016 ---- aw C: \ Windows \ system32 \ PresentationCFFRasterizerNativ e_v0300.dll 2009-05-20 12:43. 2008-06-20 01:14 11264 ---- aw C: \ Windows \ system32 \ icardres.dll 2009-05-20 12:43. 2008-06-20 01:14 622080 ---- aw C: \ Windows \ system32 \ icardagt.exe 2009-05-20 12:43. 2008-06-20 01:14 43544 ---- aw C: \ Windows \ system32 \ PresentationHostProxy.dll 2009-05-20 12:43. 2008-06-20 01:14 781344 ---- aw C: \ Windows \ system32 \ PresentationNative_v0300.dll 2009-05-20 12:43. 2008-06-20 01:14 326160 ---- aw C: \ Windows \ system32 \ PresentationHost.exe 2009-05-20 12:33. 2008-07-27 18:03 96760 ---- aw C: \ Windows \ system32 \ dfshim.dll 2009-05-20 12:33. 2008-07-27 18:03 282112 ---- aw C: \ Windows \ system32 \ mscoree.dll 2009-05-20 12:33. 2008-07-27 18:03 41984 ---- aw C: \ Windows \ system32 \ netfxperf.dll 2009-05-20 12:32. 2008-07-27 18:03 158720 ---- aw C: \ Windows \ system32 \ mscorier.dll 2009-05-20 12:32. 2008-07-27 18:03 83968 ---- aw C: \ Windows \ system32 \ mscories.dll 2009-05-20 11:39. 2009-05-20 11:39 -------- d ----- wc: \ Program Files \ Microsoft Silverlight 2009-05-20 04:03. 2009-05-20 11:00 -------- d ----- wc: \ Program Files \ Windows Live Safety Center 2009-05-19 23:20. 2009-05-19 23:20 -------- d ----- wc: \ Users \ Shirley \ AppData \ Local \ Acer DV Magician 2009-05-19 23:10. 2009-05-19 23:10 -------- d ----- wc: \ windows \ Sun 2009-05-19 20:40. 2009-05-19 20:40 -------- d ----- wc: \ Users \ Shirley \ AppData \ Roaming \ com.adobe.mauby.4 875E02D9FB21EE389F73B8D1702B320485DF8CE.1 2009-05-19 20:40. 2009-05-19 11:41 38200 ---- aw C: \ Users \ Shirley \ AppData \ Roaming \ Macromedia \ Flash Player \http://www.macromedia.com \ bin \ airapp ... pinstaller.exe 2009-05-19 18:24. 2009-05-24 08:38 -------- d ----- wc: \ Users \ Shirley \ AppData \ Local \ Eraser 2009-05-19 18:24. 2009-05-19 18:24 -------- d - h - wc: \ Users \ Shirley \ AppData \ Local \ (A25FEDC1-F6D7-440C-BCE2-B71F595F6646) 2009-05-19 18:24. 2009-05-19 18:24 -------- d ----- wc: \ Program Files \ Eraser 2009-05-19 17:20. 2009-05-19 17:20 -------- d ----- wc: \ Users \ Shirley \ AppData \ Roaming \ eSobi 2009-05-19 17:11. 2008-07-10 06:32 538 ---- aw C: \ Windows \ system32 \ RegRaidSedona.bat 2009-05-19 17:07. 2009-05-19 17:07 -------- d ----- w C: \ NVIDIA 2009-05-19 14:04. 2009-05-19 14:05 -------- d ----- wc: \ Program Files \ Spybot - Search & Destroy 2009-05-19 14:04. 2009-05-19 14:05 -------- d ----- wc: \ programdata \ Spybot - Search & Destroy 2009-05-19 13:01. 2009-05-19 13:01 -------- d ----- wc: \ Users \ Shirley \ AppData \ Roaming \ WinPatrol 2009-05-19 13:01. 2006-09-18 21:43 10 ---- aw C: \ Users \ Shirley \ AppData \ Roaming \ WinPatrol \ Config. sys 2009-05-19 13:01. 2006-09-18 21:43 24 ---- aw C: \ Users \ Shirley \ AppData \ Roaming \ WinPatrol \ Autoexe c.bat 2009-05-19 13:01. 2009-05-19 13:01 -------- d ----- wc: \ program files \ BillP Studios 2009-05-19 12:26. 2009-05-19 12:26 -------- d ----- wc: \ Users \ Shirley \ AppData \ Roaming \ Malwarebytes 2009-05-19 12:26. 2009-04-06 19:32 15504 ---- aw C: \ Windows \ system32 \ drivers \ mbam.sys 2009-05-19 12:26. 2009-04-06 19:32 38496 ---- aw C: \ Windows \ system32 \ drivers \ mbamswissarmy.sys 2009-05-19 12:26. 2009-05-19 13:22 -------- d ----- wc: \ Program Files \ Malwarebytes' Anti-Malware 2009-05-19 12:26. 2009-05-19 12:26 -------- d ----- wc: \ programdata \ Malwarebytes 2009-05-19 11:53. 2009-05-19 11:53 0 ---- aw C: \ Windows \ nsreg.dat 2009-05-19 11:53. 2009-05-19 11:53 -------- d ----- wc: \ Users \ Shirley \ AppData \ Local \ Mozilla 2009-05-19 11:41. 2009-05-19 11:41 -------- d ----- wc: \ Program Files \ Common Files \ Adobe AIR 2009-05-19 11:38. 2009-05-19 12:45 -------- d ----- wc: \ programdata \ NOS 2009-05-19 11:29. 2009-05-19 11:29 -------- d ----- wc: \ Users \ Shirley \ AppData \ Local \ Seven Zip 2009-05-19 10:41. 2009-03-19 20:32 23400 ---- aw C: \ Windows \ system32 \ drivers \ GEARAspiWDM.sys 2009-05-19 10:41. 2008-04-17 16:12 107368 ---- aw C: \ Windows \ system32 \ GEARAspi.dll 2009-05-19 10:41. 2009-05-20 01:10 -------- d ----- wc: \ Program Files \ iPod 2009-05-19 10:41. 2009-05-19 10:41 -------- d ----- wc: \ programdata \ (8CD7F5AF-ECFA-4793-BF40-D8F42DBFF906) 2009-05-19 10:41. 2009-05-19 10:41 -------- d ----- wc: \ Program Files \ iTunes 2009-05-19 10:38. 2009-05-19 10:38 -------- d ----- wc: \ Program Files \ QuickTime 2009-05-19 10:34. 2009-05-19 10:34 75048 ---- aw C: \ programdata \ Apple Computer \ Installer Cache \ iTunes 8.1.1.10 \ SetupAdmin.exe 2009-05-19 10:34. 2009-05-19 10:34 -------- d ----- wc: \ Program Files \ Bonjour 2009-05-19 10:33. 2009-05-19 10:33 416128 ---- aw C: \ programdata \ Microsoft \ eHome \ Packages \ NetTV \ Brow se \ NetTVResources.dll 2009-05-19 10:29. 2009-05-19 10:29 410984 ---- aw C: \ Windows \ system32 \ deploytk.dll 2009-05-12 02:36. 2009-05-12 02:36 2930 --- h - wc: \ windows \ ms49f4d98.dat 2009-05-11 23:55. 2009-04-14 00:39 4656976 ---- aw C: \ programdata \ Microsoft \ Windows Defender \ Määritelmä Updates \ (DD7D9A19-5FB4-4855-A8E0-F0A00524AD5E) \ mpengine.dll . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))) )))))))))))))))))))))))))))))))))))))))))))) . 2009-05-24 08:39. 2009-02-17 13:54 602 ---- aw C: \ programdata \ ArcSoft \ Kodak-printcreations-22-080812-oem \ acforall.dll 2009-05-24 04:22. 2008-09-12 01:46 -------- d ----- wc: \ Program Files \ Google 2009-05-20 11:55. 2008-09-11 17:01 104472 ---- aw C: \ Users \ Shirley \ AppData \ Local \ GDIPFONTCACHEV1.DAT 2009-05-20 11:51. 2008-02-05 19:30 -------- d ----- wc: \ programdata \ Microsoft Ohje 2009-05-20 11:49. 2008-02-05 19:31 -------- d ----- wc: \ Program Files \ Microsoft Works 2009-05-20 03:54. 2008-09-12 14:01 -------- d ----- wc: \ program files \ Lx_cats 2009-05-20 00:42. 2008-02-05 20:19 -------- d ----- wc: \ Program Files \ Common Files \ Adobe 2009-05-19 23:28. 2008-02-05 19:26 -------- d - h - wc: \ Program Files \ InstallShield Installation Information 2009-05-19 23:27. 2008-02-05 19:49 -------- d ----- wc: \ Program Files \ Acer Arcade Live 2009-05-19 23:20. 2008-09-15 23:24 -------- d ----- wc: \ Users \ Shirley \ AppData \ Roaming \ Cyberlink 2009-05-19 21:38. 2008-09-12 20:56 -------- d ----- wc: \ Program Files \ Common Files \ SureThing Shared 2009-05-19 21:04. 2008-09-12 14:09 1664 ---- aw C: \ Users \ Shirley \ AppData \ Roaming \ wklnhst.dat 2009-05-19 17:29. 2009-03-04 15:55 -------- d ----- wc: \ Users \ Shirley \ AppData \ Roaming \ Sony 2009-05-19 17:20. 2008-02-05 19:22 -------- d ----- wc: \ programdata \ NVIDIA 2009-05-19 16:54. 2008-02-05 18:03 36864 ---- aw C: \ Windows \ system32 \ nvcod100.dll 2009-05-19 16:54. 2007-10-25 11:02 147456 ---- aw C: \ Windows \ system32 \ nvcolor.exe 2009-05-19 16:13. 2008-09-12 01:47 -------- d ----- wc: \ Users \ Shirley \ AppData \ Roaming \ LimeWire 2009-05-19 11:32. 2008-02-05 20:08 -------- d ----- wc: \ Program Files \ Yahoo! 2009-05-19 11:05. 2008-09-12 01:45 -------- d ----- wc: \ Program Files \ Java 2009-05-19 10:41. 2008-09-13 03:14 -------- d ----- wc: \ Program Files \ Common Files \ Apple 2009-05-19 10:38. 2008-09-13 03:15 -------- d ----- wc: \ programdata \ Apple Computer 2009-05-11 12:10. 2009-05-11 12:10 78260 ---- aw C: \ programdata \ SPL23D4.tmp 2009-04-17 10:12. 2006-11-02 11:18 -------- d ----- wc: \ Program Files \ Windows Mail 2009-04-02 22:13. 2009-04-02 22:13 702127 ---- aw C: \ programdata \ SPLFB91.tmp 2009-03-19 20:32. 2009-03-19 20:32 23400 ---- aw C: \ programdata \ (8CD7F5AF-ECFA-4793-BF40-D8F42DBFF906) \ x86 \ x86 \ GEARAspiWDM.sys 2009-03-17 03:38. 2009-04-17 05:22 13824 ---- aw C: \ Windows \ system32 \ apilogen.dll 2009-03-17 03:38. 2009-04-17 05:22 24064 ---- aw C: \ Windows \ system32 \ amxread.dll 2009-03-08 11:34. 2009-05-20 03:47 914944 ---- aw C: \ Windows \ system32 \ Wininet.dll 2009-03-08 11:34. 2009-05-20 03:47 43008 ---- aw C: \ Windows \ system32 \ licmgr10.dll 2009-03-08 11:33. 2009-05-20 03:47 18944 ---- aw C: \ Windows \ system32 \ corpol.dll 2009-03-08 11:33. 2009-05-20 03:47 109056 ---- aw C: \ Windows \ system32 \ iesysprep.dll 2009-03-08 11:33. 2009-05-20 03:47 109568 ---- aw C: \ Windows \ system32 \ PDMSetup.exe 2009-03-08 11:33. 2009-05-20 03:47 107520 ---- aw C: \ Windows \ system32 \ RegisterIEPKEYs.exe 2009-03-08 11:33. 2009-05-20 03:47 103936 ---- aw C: \ Windows \ system32 \ SetDepNx.exe 2009-03-08 11:33. 2009-05-20 03:47 132608 ---- aw C: \ Windows \ system32 \ ieUnatt.exe 2009-03-08 11:33. 2009-05-20 03:47 107008 ---- aw C: \ Windows \ system32 \ SetIEInstalledDate.exe 2009-03-08 11:33. 2009-05-20 03:47 420352 ---- aw C: \ Windows \ system32 \ vbscript.dll 2009-03-08 11:32. 2009-05-20 03:47 72704 ---- aw C: \ Windows \ system32 \ admparse.dll 2009-03-08 11:32. 2009-05-20 03:47 71680 ---- aw C: \ Windows \ system32 \ iesetup.dll 2009-03-08 11:32. 2009-05-20 03:47 66560 ---- aw C: \ Windows \ system32 \ wextract.exe 2009-03-08 11:32. 2009-05-20 03:47 169472 ---- aw C: \ Windows \ system32 \ iexpress.exe 2009-03-08 11:31. 2009-05-20 03:47 34816 ---- aw C: \ Windows \ system32 \ imgutil.dll 2009-03-08 11:31. 2009-05-20 03:47 48128 ---- aw C: \ Windows \ system32 \ Mshtmler.dll 2009-03-08 11:31. 2009-05-20 03:47 45568 ---- aw C: \ Windows \ system32 \ Mshta.exe 2009-03-08 11:22. 2009-05-20 03:47 156160 ---- aw C: \ Windows \ system32 \ msls31.dll 2009-03-03 04:46. 2009-04-17 05:22 3599328 ---- aw C: \ Windows \ system32 \ ntkrnlpa.exe 2009-03-03 04:46. 2009-04-17 05:22 3547632 ---- aw C: \ Windows \ system32 \ ntoskrnl.exe 2009-03-03 04:39. 2009-04-17 05:22 183296 ---- aw C: \ Windows \ system32 \ sdohlp.dll 2009-03-03 04:39. 2009-04-17 05:22 551424 ---- aw C: \ Windows \ system32 \ Rpcss.dll 2009-03-03 04:39. 2009-04-17 05:22 26112 ---- aw C: \ Windows \ system32 \ printfilterpipelineprxy.dll 2009-03-03 04:37. 2009-04-17 05:22 98304 ---- aw C: \ Windows \ system32 \ iasrecst.dll 2009-03-03 04:37. 2009-04-17 05:22 54784 ---- aw C: \ Windows \ system32 \ iasads.dll 2009-03-03 04:37. 2009-04-17 05:22 44032 ---- aw C: \ Windows \ system32 \ iasdatastore.dll 2009-03-03 03:04. 2009-04-17 05:22 666624 ---- aw C: \ Windows \ system32 \ printfilterpipelinesvc.exe 2009-03-03 02:38. 2009-04-17 05:22 17408 ---- aw C: \ Windows \ system32 \ iashost.exe . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))) )))))))))))))))))))))))))))))))))))))))) . . * Note * empty entries & legit default merkinnät eivät näy REGEDIT4 [HKEY_CURRENT_USER \ SOFTWARE \ Microsoft \ Windows \ Curre ntVersion \ Run] "ehTray.exe" = "C: \ Windows \ ehome \ ehTray.exe" [2008-01-21 125952] "OM2_Monitor" = "C: \ Program Files \ OLYMPUS \ OLYMPUS Master 2 \ MMonitor.exe" [2008-11-07 95536] "WMPNSCFG" = "C: \ Program Files \ Windows Media Player \ WMPNSCFG.exe" [2008-01-21 202240] "Eraser" = "C: \ Program Files \ Eraser \ Eraser.exe" [2007-12-22 916240] "SUPERAntiSpyware" = "C: \ Program Files \ SUPERAntiSpyware \ SUPERAntiSpyware.exe" [2009-05-14 1830128] [HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ Windows \ curr entVersion \ Run] "BkupTray" = "c: \ program files \ Newtech Infosystems \ NTI Backup Now 5 \ BkupTray.exe" [2007-12-30 34552] "Acer Itsenäistä Technology Monitor" = "c: \ acer \ Itsenäistä Technology \ SysMonitor.exe" [2008-01-10 326176] "SMSERIAL" = "C: \ Program Files \ Motorola \ SMSERIAL \ sm56hlpr.exe" [2007-02-02 630784] "Acer Product Registration" = "c: \ program files \ Acer rekisterihallitus \ ACE1.exe" [2007-10-15 3387392] "NVRaidService" = "c: \ windows \ system32 \ nvraidservice. Exe" [2008-11-12 203296] "LXCECATS" = "c: \ windows \ system32 \ spool \ DRIVERS \ W32X 86 \ 3 \ LXCEtime.dll" [2007-02-22 73728] "lxcemon.exe" = "C: \ Program Files \ Lexmark 4300 Series \ lxcemon.exe" [2007-05-17 205744] "EzPrint" = "C: \ Program Files \ Lexmark 4300 Series \ ezprint.exe" [2007-05-17 103344] "ArcSoft Connection Service" = "C: \ Program Files \ Common Files \ ArcSoft \ Connection Service \ Bin \ ACDaemon.exe" [2009-04-29 188728] "QuickTime Task" = "C: \ Program Files \ QuickTime \ QTTask.exe" [2009-01-05 413696] "iTunesHelper" = "C: \ Program Files \ iTunes \ iTunesHelper.exe" [2009-04-02 342312] "SunJavaUpdateSched" = "C: \ Program Files \ Java \ jre6 \ bin \ jusched.exe" [2009-05-19 148888] "Adobe Reader Speed Launcher" = "C: \ Program Files \ Adobe \ Reader 9.0 \ Reader \ Reader_sl.exe" [2009-02-27 35696] "WinPatrol" = "c: \ program files \ BillP Studios \ WinPatrol \ winpatrol.exe" [2009-04-20 337216] "NvCplDaemon" = "c: \ windows \ system32 \ NvCpl.dll" [2009-01-16 13683232] "NvMediaCenter" = "c: \ windows \ system32 \ NvMcTray. Dll" [2009-01-16 92704] "avast!" = "c: \ progra ~ 1 \ ALWILS ~ 1 \ Avast4 \ ashDisp. exe" [2009-02-05 81000] "RtHDVCpl" = "RtHDVCpl.exe" - c: \ windows \ RtHDVCpl.exe [2007-10-11 4702208] c: \ programdata \ Microsoft \ Windows \ Start Menu \ Programs \ Startup \ Itsenäistä Technology Launcher.lnk - c: \ acer \ Itsenäistä Technology \ eAPLauncher.exe [2008-2-5 535336] Kodak Easyshare software.lnk - c: \ program files \ Kodak \ Kodak EasyShare Software \ bin \ EasyShare.exe [2008-10-30 282624] [HKEY_LOCAL_MACHINE \ Software \ Microsoft \ Windows \ curr entversion \ policies \ system] "EnableUIADesktopToggle" = 0 (0x0) "EnableLUA" = 0 (0x0) [HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ Windows \ curr entversion \ Explorer \ ShellExecuteHooks] "(5AE067D3-9AFB-48E0-853A-EBB7F4A000DA)" = "C: \ Program Files \ SUPERAntiSpyware \ SASSEH.DLL" [2008-05-13 77824] [HKEY_LOCAL_MACHINE \ Software \ Microsoft \ Windows NT \ CurrentVersion \ Winlogon \ ilmoitettava \! SASWinLogon] 2008-12-22 16:05 356352 ---- aw C: \ Program Files \ SUPERAntiSpyware \ SASWINLO.dll HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ Windows NT \ CurrentVersion \ drivers32 "wave2" = serwvdrv.dll [HKEY_LOCAL_MACHINE \ SYSTEM \ CurrentControlSet \ Contro l \ SafeBoot \ Minimal \ WinDefend] @ = "Service" [HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ Security Center \ Monitoring] "DisableMonitoring" = dword: 00000001 [HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ Security Center \ Monitoring \ SymantecAntiVirus] "DisableMonitoring" = dword: 00000001 [HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ Security Center \ Monitoring \ SymantecFirewall] "DisableMonitoring" = dword: 00000001 [HKLM \ ~ \ Services \ sharedaccess \ Parameters \ firewallpo licy \ FirewallRules] "(2E9A4533-1359-46B6-B326-2B899D73FD10)" = UDP: C: \ Program Files \ Microsoft Office \ Office12 \ ONENOTE.EXE: Microsoft Office OneNote "(ADE9CF49-7A0E-4076-9B85-7648EC5E7736)" = TCP: C: \ Program Files \ Microsoft Office \ Office12 \ ONENOTE.EXE: Microsoft Office OneNote "(6299EEE5-1856-4B10-9916-798B1C1AEF89)" = UDP: C: \ Program Files \ Newtech Infosystems \ NTI Backup Now 5 \ BackupSvc.exe: BackupSvc.exe "(F3CFA48D-AE6A-482E-96D7-2390C5C0FDF5)" = UDP: C: \ Program Files \ Newtech Infosystems \ NTI Backup Now 5 \ Client \ Agentsvc.exe: AgentSvc.exe "(D430641B-178B-4C39-B53C-F6B3221DB01A)" = TCP: C: \ Program Files \ Newtech Infosystems \ NTI Backup Now 5 \ BackupSvc.exe: BackupSvc.exe "(948000F3-8719-4206-B4C5-6506B663184F)" = TCP: C: \ Program Files \ Newtech Infosystems \ NTI Backup Now 5 \ Client \ Agentsvc.exe: AgentSvc.exe "(8BCD640B-594A-465F-8A9E-E5A6C07DC081)" = UDP: C: \ Program Files \ Newtech Infosystems \ NTI Backup Now 5 \ SchedulerSvc.exe: SchedulerSvc.exe "(7B6B3B53-9D2B-40C9-B91F-FE85E1D6A25A)" = TCP: C: \ Program Files \ Newtech Infosystems \ NTI Backup Now 5 \ SchedulerSvc.exe: SchedulerSvc.exe "(CA5E49E2-2662-4B15-BE6C-0FC7F1CC3A1B)" = UDP: C: \ WINDOWS \ System32 \ lxcecoms.exe: Lexmark Communications System "(61DAEE1D-D19E-4F1A-B41E-603246AF524C)" = TCP: C: \ Windows \ System32 \ lxcecoms.exe: Lexmark Communications System "(EB8798E6-358B-4DDA-A219-21BBC5D3C79A)" = UDP: C: \ WINDOWS \ System32 \ spool \ drivers \ w32x86 \ 3 \ lxc epswx.exe: Printer Status-ikkuna "(C513D5EB-73E1-4ED7-A04C-C37C9E69B4B0)" = TCP: C: \ Windows \ System32 \ spool \ drivers \ w32x86 \ 3 \ lxc epswx.exe: Printer Status-ikkuna "(99976595-B4E1-4C9A-A3DE-A67AEDEE9B55)" = C: \ Program Files \ Acer Arcade Live \ Acer Arcade Live Etusivu \ Acer Arcade Live.exe: Acer Arcade Live "(7A37205C-E643-4464-8C27-FAFCC859102D)" = UDP: C: \ Program Files \ Microsoft Office \ Office12 \ ONENOTE.EXE: Microsoft Office OneNote "(1DF156D1-94E3-4B3D-A91E-724DFC89819E)" = TCP: C: \ Program Files \ Microsoft Office \ Office12 \ ONENOTE.EXE: Microsoft Office OneNote "(B7DA4A0B-FA80-40F6-A9A6-B737F64A2D2D)" = UDP: C: \ Program Files \ Bonjour \ mDNSResponder.exe: Bonjour "(D7D156E3-7B84-41F2-9FD8-CF9860453F65)" = TCP: C: \ Program Files \ Bonjour \ mDNSResponder.exe: Bonjour "(F8CDA590-0FD3-4E40-8A6C-9850B1E5C2AB)" = UDP: C: \ Program Files \ iTunes \ iTunes.exe: iTunes "(F6A110DE-6630-4823-B892-60950EB9ED71)" = TCP: C: \ Program Files \ iTunes \ iTunes.exe: iTunes "(8640BFAB-1B85-48CC-95D5-9AABB44E4D95)" = UDP: C: \ Program Files \ BillP Studios \ WinPatrol \ WinPatrol.exe: WinPatrol "(6CC4A3BE-8F00-4983-B199-3050D54509B8)" = TCP: C: \ Program Files \ BillP Studios \ WinPatrol \ WinPatrol.exe: WinPatrol "(1EA08720-DA12-4CDE-8A5A-AF15D91C1E5F)" = UDP: C: \ Program Files \ Malwarebytes' Anti-Malware \ mbam.exe: Malwarebytes' Anti-Malware "(DDDCF108-71DF-48CD-AD53-71D17C3F2C5C)" = TCP: C: \ Program Files \ Malwarebytes' Anti-Malware \ mbam.exe: Malwarebytes' Anti-Malware "(F98C3B13-2099-40EC-B504-2445C9C5B1B0)" = UDP: C: \ Program Files \ Spybot - Search & Destroy \ SpybotSD.exe: Spybot - Search & Destroy "(3DB81CCD-4E96-40B3-8CA9-0089C89C294B)" = TCP: C: \ Program Files \ Spybot - Search & Destroy \ SpybotSD.exe: Spybot - Search & Destroy "(918FE1A4-6957-4640-97D9-C85BED212614)" = UDP: C: \ Program Files \ Spybot - Search & Destroy \ SDUpdate.exe: Päivitä Spybot-S & D "(877DB07F-9298-486A-BB5B-930AF3A683AA)" = TCP: C: \ Program Files \ Spybot - Search & Destroy \ SDUpdate.exe: Päivitä Spybot-S & D "(5A664831-D250-4805-BB75-32612C9742F8)" = UDP: C: \ WINDOWS \ ehome \ ehshell.exe: Windows Media Center "(2A157C0E-5966-4B7E-8D49-178D75EA6009)" = TCP: C: \ Windows \ ehome \ ehshell.exe: Windows Media Center [HKLM \ ~ \ Services \ sharedaccess \ Parameters \ firewallpo licy \ StandardProfile] "EnableFirewall" = 0 (0x0) R1 aswSP; avast! Self Protection; c: \ windows \ system32 \ drivers \ aswSP.sys [5/22/2009 11:06 AM 114768] R1 FAMv4; FAMv4, c: \ windows \ system32 \ drivers \ FAMv4.sys [12/14/2007 3:35 PM 132120] R1 SASDIFSV; SASDIFSV, c: \ program files \ SUPERAntiSpyware \ sasdifsv.sys [5/14/2009 2:22 PM 9968] R1 SASKUTIL; SASKUTIL, c: \ program files \ SUPERAntiSpyware \ SASKUTIL.SYS [5/14/2009 2:22 PM 72944] R2 aswFsBlk; aswFsBlk; c: \ windows \ system32 \ drivers \ aswF sBlk.sys [5/22/2009 11:06 AM 20560] R2 aswMonFlt; aswMonFlt, c: \ windows \ system32 \ drivers \ kuin wMonFlt.sys [5/22/2009 11:06 AM 51792] R2 BUNAgentSvc; NTI Backup Now 5 Agent Service; c: \ program files \ Newtech Infosystems \ NTI Backup Now 5 \ Client \ Agentsvc.exe [12/30/2007 5:54 PM 21752] R2 NTIBackupSvc; NTI Backup Now 5 Backup Service; c: \ program files \ Newtech Infosystems \ NTI Backup Now 5 \ BackupSvc.exe [12/30/2007 5:55 PM 54520] R2 NTISchedulerSvc; NTI Backup Now 5 Scheduler Service; c: \ program files \ Newtech Infosystems \ NTI Backup Now 5 \ SchedulerSvc.exe [12/30/2007 5:54 PM 136440] R2 SBSDWSCService; SBSD Security Center Service; c: \ program files \ Spybot - Search & Destroy \ SDWinSec.exe [5/19/2009 10:04 AM 1153368] R3 SASENUM; SASENUM, c: \ program files \ SUPERAntiSpyware \ SASENUM.SYS [5/14/2009 2:22 PM 7408] [HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ Active Setup \ Installed Components \> (60B49E34-C7CC-11D0-8953-00A0C90347FF)] "c: \ windows \ System32 \ rundll32.exe" "c: \ windows \ System32 \ iedkcs32.dll", BrandIEActiveSe tup Signup . - - - - Orvolla poistettu - - - -- SafeBoot-procexp90.Sys . ------- Supplementary Scan ------- . uStart Page = hxxp: / / www.yahoo.com/ mStart Page = hxxp: / / en.us.acer.yahoo.com uInternet Asetukset, ProxyOverride = <local>, *. paikallisten uInternet Asetukset, ProxyServer = http = localhost: 7171 IE: E & Vie Microsoft Excel - c: \ progra ~ 1 \ mikros ~ 2 \ Office12 \ EXCEL.EXE/3000 Trusted Zone: microsoft.com \ päivitys Trusted Zone: microsoft.com \ WindowsUpdate FF - ProfilePath - c: \ Users \ Shirley \ AppData \ Roaming \ Mozilla \ Firefox \ P rofiles \ j0dqrqc6.default \ FF - prefs.js: browser.startup.homepage - hxxp: / / en.us.acer.yahoo.com / . ************************************************** ************************ catchme 0.3.1398 W2K/XP/Vista - rootkit / varkain haittaohjelmien detektori on Gmer, http://www.gmer.net Rootkit scan 2009-05-24 04:54 Windows 6.0.6001 Service Pack 1 NTFS skannaus piilotettu prosessien ... skannaus piilotettu Autostart merkinnät ... HKLM \ Software \ Microsoft \ Windows \ CurrentVersion \ Run LXCECATS = rundll32 c: \ windows \ system32 \ spool \ DRIVERS \ W32X86 \ 3 \ LXCEtim e.dll, _RunDLLEntry @ 16 ???????????????????????? ????? ?????????????????????????????????????????????????? ?????????????????????????????????????????????????? ?????????????????????????????????????????????????? skannaus piilotetut tiedostot ... scan loppuun onnistuneesti piilotetut tiedostot: 0 ************************************************** ************************ . --------------------- LOCKED rekisteriavaimista --------------------- [HKEY_LOCAL_MACHINE \ SYSTEM \ ControlSet001 \ Control \ Cl ass \ (4D36E96D-E325-11CE-BFC1-08002BE10318) \0000 \ AllUserSettings] @ Denied: (A) (käyttäjät) @ Denied: (A) (Kaikki) @ Sallittuja: (B 1 2 3 4 5) (S-1-5-20) "BlindDial" = dword: 00000000 . Täydennys-aika: 2009-05-24 4:55 ComboFix-karanteenissa-files.txt 2009-05-24 08:55 Pre-Run: 173756547072 tavua vapaata Post-Run: 173859581952 tavua vapaata 269 --- EOF --- 2009-05-17 10:04 EDIT: Nope, nopea vertailu ensimmäinen, mielestäni se on sama. |
|
#10
24. päivästä toukokuuta 2009, 10:38
| |||
| |||
| Windows Vista ei Update Hei Bubba, Quote:
Nykyinen loki löytyy osoitteesta C: / combofix.txt.
__________________ Ylpeä jäseneksi ASAP & UNITE |
