Windows Vista Won't Update

**Bubba** · #1 23 mai 2009, 09:33

Jeg er på en venner datamaskin, Vista og Windows vil ikke oppdateringen. Så langt jeg har funnet og fjernet Internet Anti-Virus, Win32Adload.r og video.exe. De hadde også at kupongen spyware og sønnen holdt Loading LimeWire. Jeg fjernet begge (LOL LimeWire installerer seg selv i 400 steder, jeg måtte gå gjennom alle mappen og filen å bli kvitt det). Men fortsatt vinduer vil ikke oppdateringen. Jeg får en kode 80072efd som sier det er en brannmur hindrer vinduet fra updating. Jeg kan ikke finne noen brannmur enn Windows, og jeg har sett i hver mappe. Her er de tre logger, jeg kan ikke finne noe, har jeg gått glipp av noe?

NOTE: Jeg kan ikke laste opp en av de tre logger. Jeg blir ugyldig fil fra området. Hva skjer med det? Må jeg har for mange opplastinger her? La meg prøve en kopi lim:

SUPERAntiSpyware Scan Log
http://www.superantispyware.com

Generated 05/23/2009 at 04:42

Application Version: 4.26.1002

Core Rules Database Version: 3908
Trace Rules Database Version: 1852

Scan type: Complete Scan
Total Scan Time: 03:45:40

Minne eks skannet: 831
Minne trusler oppdages: 0
Registerelementene skannet: 6407
Registerverdi trusler oppdages: 0
Fil eks skannet: 326608
Fil trusler oppdages: 78

Adware.Tracking Cookie
C: \ Users \ Shirley \ AppData \ Roaming \ Microsoft \ Windows \ Cookies \ Shirley @ 2o7 [2]. Txt
C: \ Users \ Shirley \ AppData \ Roaming \ Microsoft \ Windows \ Cookies \ Shirley @ interclick [1]. Txt
C: \ Users \ Shirley \ AppData \ Roaming \ Microsoft \ Windows \ Cookies \ shirley@msnportal.112.2o7 [1]. Txt
C: \ Users \ Shirley \ AppData \ Roaming \ Microsoft \ Windows \ Cookies \ Shirley @ tribalfusion [1]. Txt
C: \ Users \ Shirley \ AppData \ Roaming \ Microsoft \ Windows \ Cookies \ Shirley @ RealMedia [2]. Txt
C: \ Users \ Shirley \ AppData \ Roaming \ Microsoft \ Windows \ Cookies \ shirley@ad.yieldmanager [2]. Txt
C: \ Users \ Shirley \ AppData \ Roaming \ Microsoft \ Windows \ Cookies \ shirley@adopt.specificclick [1]. Txt
C: \ Users \ Shirley \ AppData \ Roaming \ Microsoft \ Windows \ Cookies \ shirley@microsoftinternetexplorer.112.2o7 [1]. Txt
C: \ Users \ Shirley \ AppData \ Roaming \ Microsoft \ Windows \ Cookies \ Shirley @ specificclick [1]. Txt
C: \ Users \ Shirley \ AppData \ Roaming \ Microsoft \ Windows \ Cookies \ shirley@msnservices.112.2o7 [1]. Txt
C: \ Users \ Shirley \ AppData \ Roaming \ Microsoft \ Windows \ Cookies \ Shirley @ media6degrees [1]. Txt
C: \ Users \ Shirley \ AppData \ Roaming \ Microsoft \ Windows \ Cookies \ Shirley @ revsci [1]. Txt
C: \ Users \ Shirley \ AppData \ Roaming \ Microsoft \ Windows \ Cookies \ shirley@microsoftwindows.112.2o7 [1]. Txt
C: \ Documents and Settings \ Shirley \ AppData \ Roaming \ Microsoft \ Windows \ Cookies \ Shirley @ 2o7 [2]. Txt
C: \ Documents and Settings \ Shirley \ AppData \ Roaming \ Microsoft \ Windows \ Cookies \ shirley@ad.yieldmanager [2]. Txt
C: \ Documents and Settings \ Shirley \ AppData \ Roaming \ Microsoft \ Windows \ Cookies \ shirley@adopt.specificclick [1]. Txt
C: \ Documents and Settings \ Shirley \ AppData \ Roaming \ Microsoft \ Windows \ Cookies \ Shirley @ interclick [1]. Txt
C: \ Documents and Settings \ Shirley \ AppData \ Roaming \ Microsoft \ Windows \ Cookies \ Shirley @ media6degrees [1]. Txt
C: \ Documents and Settings \ Shirley \ AppData \ Roaming \ Microsoft \ Windows \ Cookies \ shirley@microsoftinternetexplorer.112.2o7 [1]. Txt
C: \ Documents and Settings \ Shirley \ AppData \ Roaming \ Microsoft \ Windows \ Cookies \ shirley@microsoftwindows.112.2o7 [1]. Txt
C: \ Documents and Settings \ Shirley \ AppData \ Roaming \ Microsoft \ Windows \ Cookies \ shirley@msnportal.112.2o7 [1]. Txt
C: \ Documents and Settings \ Shirley \ AppData \ Roaming \ Microsoft \ Windows \ Cookies \ shirley@msnservices.112.2o7 [1]. Txt
C: \ Documents and Settings \ Shirley \ AppData \ Roaming \ Microsoft \ Windows \ Cookies \ Shirley @ RealMedia [2]. Txt
C: \ Documents and Settings \ Shirley \ AppData \ Roaming \ Microsoft \ Windows \ Cookies \ Shirley @ revsci [1]. Txt
C: \ Documents and Settings \ Shirley \ AppData \ Roaming \ Microsoft \ Windows \ Cookies \ Shirley @ specificclick [1]. Txt
C: \ Documents and Settings \ Shirley \ AppData \ Roaming \ Microsoft \ Windows \ Cookies \ Shirley @ tribalfusion [1]. Txt
C: \ Documents and Settings \ Shirley \ Application Data \ Microsoft \ Windows \ Cookies \ Shirley @ 2o7 [2]. Txt
C: \ Documents and Settings \ Shirley \ Application Data \ Microsoft \ Windows \ Cookies \ shirley@ad.yieldman Ager [2]. Txt
C: \ Documents and Settings \ Shirley \ Application Data \ Microsoft \ Windows \ Cookies \ shirley@adopt.speci ficclick [1]. Txt
C: \ Documents and Settings \ Shirley \ Application Data \ Microsoft \ Windows \ Cookies \ Shirley @ interclick [1]. Txt
C: \ Documents and Settings \ Shirley \ Application Data \ Microsoft \ Windows \ Cookies \ Shirley @ media6degre es [1]. Txt
C: \ Documents and Settings \ Shirley \ Application Data \ Microsoft \ Windows \ Cookies \ Shirley @ microsoftin ternetexplorer.112.2o7 [1]. Txt
C: \ Documents and Settings \ Shirley \ Application Data \ Microsoft \ Windows \ Cookies \ Shirley @ microsoftwi ndows.112.2o7 [1]. Txt
C: \ Documents and Settings \ Shirley \ Application Data \ Microsoft \ Windows \ Cookies \ shirley@msnportal.1 12.2o7 [1]. Txt
C: \ Documents and Settings \ Shirley \ Application Data \ Microsoft \ Windows \ Cookies \ Shirley @ msnservices .112.2 o7 [1]. Txt
C: \ Documents and Settings \ Shirley \ Application Data \ Microsoft \ Windows \ Cookies \ Shirley @ RealMedia [2]. Txt
C: \ Documents and Settings \ Shirley \ Application Data \ Microsoft \ Windows \ Cookies \ Shirley @ revsci [1]. Txt
C: \ Documents and Settings \ Shirley \ Application Data \ Microsoft \ Windows \ Cookies \ Shirley @ specificcli ck [1]. Txt
C: \ Documents and Settings \ Shirley \ Application Data \ Microsoft \ Windows \ Cookies \ Shirley @ tribalfusio n [1]. Txt
C: \ Documents and Settings \ Shirley \ Cookies \ Shirley @ 2o7 [2]. Txt
C: \ Documents and Settings \ Shirley \ Cookies \ shirley@ad.yieldmanager [2]. Txt
C: \ Documents and Settings \ Shirley \ Cookies \ shirley@adopt.specificcli ck [1]. Txt
C: \ Documents and Settings \ Shirley \ Cookies \ Shirley @ interclick [1]. Txt
C: \ Documents and Settings \ Shirley \ Cookies \ Shirley @ media6degrees [1]. Txt
C: \ Documents and Settings \ Shirley \ Cookies \ Shirley @ microsoftinternet explorer.112.2o7 [1]. Txt
C: \ Documents and Settings \ Shirley \ Cookies \ Shirley @ microsoftwindows. 112.2o7 [1]. Txt
C: \ Documents and Settings \ Shirley \ Cookies \ shirley@msnportal.112.2o7 [1]. Txt
C: \ Documents and Settings \ Shirley \ Cookies \ shirley@msnservices.112.2 o7 [1]. Txt
C: \ Documents and Settings \ Shirley \ Cookies \ Shirley @ RealMedia [2]. Txt
C: \ Documents and Settings \ Shirley \ Cookies \ Shirley @ revsci [1]. Txt
C: \ Documents and Settings \ Shirley \ Cookies \ Shirley @ specificclick [1]. Txt
C: \ Documents and Settings \ Shirley \ Cookies \ Shirley @ tribalfusion [1]. Txt
C: \ Users \ Shirley \ Application Data \ Microsoft \ Windows \ Cookies \ Shirley @ 2o7 [2]. Txt
C: \ Users \ Shirley \ Application Data \ Microsoft \ Windows \ Cookies \ shirley@ad.yieldman Ager [2]. Txt
C: \ Users \ Shirley \ Application Data \ Microsoft \ Windows \ Cookies \ shirley@adopt.speci ficclick [1]. Txt
C: \ Users \ Shirley \ Application Data \ Microsoft \ Windows \ Cookies \ Shirley @ interclick [1]. Txt
C: \ Users \ Shirley \ Application Data \ Microsoft \ Windows \ Cookies \ Shirley @ media6degre es [1]. Txt
C: \ Users \ Shirley \ Application Data \ Microsoft \ Windows \ Cookies \ Shirley @ microsoftin ternetexplorer.112.2o7 [1]. Txt
C: \ Users \ Shirley \ Application Data \ Microsoft \ Windows \ Cookies \ Shirley @ microsoftwi ndows.112.2o7 [1]. Txt
C: \ Users \ Shirley \ Application Data \ Microsoft \ Windows \ Cookies \ shirley@msnportal.1 12.2o7 [1]. Txt
C: \ Users \ Shirley \ Application Data \ Microsoft \ Windows \ Cookies \ Shirley @ msnservices .112.2 o7 [1]. Txt
C: \ Users \ Shirley \ Application Data \ Microsoft \ Windows \ Cookies \ Shirley @ RealMedia [2]. Txt
C: \ Users \ Shirley \ Application Data \ Microsoft \ Windows \ Cookies \ Shirley @ revsci [1]. Txt
C: \ Users \ Shirley \ Application Data \ Microsoft \ Windows \ Cookies \ Shirley @ specificcli ck [1]. Txt
C: \ Users \ Shirley \ Application Data \ Microsoft \ Windows \ Cookies \ Shirley @ tribalfusio n [1]. Txt
C: \ Users \ Shirley \ Cookies \ Shirley @ 2o7 [2]. Txt
C: \ Users \ Shirley \ Cookies \ shirley@ad.yieldmanager [2]. Txt
C: \ Users \ Shirley \ Cookies \ shirley@adopt.specificcli ck [1]. Txt
C: \ Users \ Shirley \ Cookies \ Shirley @ interclick [1]. Txt
C: \ Users \ Shirley \ Cookies \ Shirley @ media6degrees [1]. Txt
C: \ Users \ Shirley \ Cookies \ Shirley @ microsoftinternet explorer.112.2o7 [1]. Txt
C: \ Users \ Shirley \ Cookies \ Shirley @ microsoftwindows. 112.2o7 [1]. Txt
C: \ Users \ Shirley \ Cookies \ shirley@msnportal.112.2o7 [1]. Txt
C: \ Users \ Shirley \ Cookies \ shirley@msnservices.112.2 o7 [1]. Txt
C: \ Users \ Shirley \ Cookies \ Shirley @ RealMedia [2]. Txt
C: \ Users \ Shirley \ Cookies \ Shirley @ revsci [1]. Txt
C: \ Users \ Shirley \ Cookies \ Shirley @ specificclick [1]. Txt
C: \ Users \ Shirley \ Cookies \ Shirley @ tribalfusion [1]. Txt

Malwarebytes' Anti-Malware 1.36
Database versjon: 2150
Windows 6.0.6001 Service Pack 1

5/19/2009 8:40:58 AM
mbam-log-2009-05-19 (08-40-58). txt

Scan type: Quick Scan
Objekter skannet: 71524
Tid brukt: 3 minute (s), 23 sekund (er)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registernøkler Infected: 13
Registry Values Infected: 0
Registry Data Items Infected: 3
Folders Infected: 3
Files Infected: 11

Memory Processes Infected:
(Ingen skadelige eks oppdaget)

Memory Modules Infected:
(Ingen skadelige eks oppdaget)

Registernøkler Infected:
HKEY_CLASSES_ROOT \ fe345.fe345mgr (Trojan.FakeAlert) -> karantene og slettet.
HKEY_CLASSES_ROOT \ CLSID \ (65768b48-b004-4b26-9bac-a3bac39643d1) (Trojan.FakeAlert) -> karantene og slettet.
HKEY_CURRENT_USER \ SOFTWARE \ Microsoft \ Windows \ Curre ntVersion \ Ext \ Stats \ (65768b48-b004-4b26-9bac-a3bac39643d1) (Trojan.FakeAlert) -> karantene og slettet.
HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ Windows \ Curr entVersion \ Explorer \ Browser Helper Objects \ (65768b48-b004-4b26-9bac-a3bac39643d1) (Trojan.FakeAlert) -> karantene og slettet.
HKEY_CLASSES_ROOT \ fe345.fe345mgr.1 (Trojan.FakeAlert) -> karantene og slettet.
HKEY_CLASSES_ROOT \ y537.y537mgr (Trojan.BHO) -> karantene og slettet.
HKEY_CLASSES_ROOT \ TypeLib \ (e63648f7-3933-440e-b4f6-a8584dd7b7eb) (Trojan.BHO) -> karantene og slettet.
HKEY_CLASSES_ROOT \ Interface \ (f7d09218-46d7-4d3d-9b7f-315204cd0836) (Trojan.BHO) -> karantene og slettet.
HKEY_CLASSES_ROOT \ CLSID \ (e7f15ac4-e0a9-43f0-921b-70dfea621220) (Trojan.BHO) -> karantene og slettet.
HKEY_CURRENT_USER \ SOFTWARE \ Microsoft \ Windows \ Curre ntVersion \ Ext \ Stats \ (e7f15ac4-e0a9-43f0-921b-70dfea621220) (Trojan.BHO) -> karantene og slettet.
HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ Windows \ Curr entVersion \ Explorer \ Browser Helper Objects \ (e7f15ac4-e0a9-43f0-921b-70dfea621220) (Trojan.BHO) -> karantene og slettet.
HKEY_CLASSES_ROOT \ y537.y537mgr.1 (Trojan.BHO) -> karantene og slettet.
HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ Windows \ Curr entVersion \ Uninstall \ Internet antivirus pro_is1 (Rogue.InternetAntivirus) -> karantene og slettet.

Registry Values Infected:
(Ingen skadelige eks oppdaget)

Registry Data Items Infected:
HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ Security Center \ AntiVirusDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> karantene og slettet.
HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ Security Center \ FirewallDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> karantene og slettet.
HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ Security Center \ UpdatesDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> karantene og slettet.

Folders Infected:
C: \ Windows \ System32 \ 199638 (Trojan.FakeAlert) -> karantene og slettet.
C: \ Programfiler \ websrvx (Trojan.Downloader) -> karantene og slettet.
C: \ Windows \ System32 \ 796525 (Trojan.BHO) -> karantene og slettet.

Files Infected:
C: \ Windows \ System32 \ 199638 \ 199638.dll (Trojan.FakeAlert) -> karantene og slettet.
C: \ Windows \ System32 \ 796525 \ 796525.dll (Trojan.BHO) -> karantene og slettet.
C: \ Users \ Shirley \ AppData \ Local \ Temp \ jopaxx_1241669 819.exe (Worm.KoobFace) -> karantene og slettet.
C: \ Programfiler \ Fellesfiler \ InternetAntivirusPro.exe (Rogue.InternetAntivirus) -> karantene og slettet.
C: \ Windows \ msmark2.dat (Worm.KoobFace) -> karantene og slettet.
C: \ Windows \ t55ft2668f44.dat (Worm.KoobFace) -> karantene og slettet.
C: \ Windows \ t55ft2695f44.dat (Worm.KoobFace) -> karantene og slettet.
C: \ Windows \ t55ft3105f44.dat (Worm.KoobFace) -> karantene og slettet.
C: \ Windows \ 9g2234wesdf3dfgjf23 (Worm.KoobFace) -> karantene og slettet.
C: \ Windows \ f5087.dat (Worm.KoobFace) -> karantene og slettet.
C: \ Windows \ f23567.dat (Worm.KoobFace) -> karantene og slettet.
(ovenfor var den første loggen, nedenfor den nåværende)

Malwarebytes' Anti-Malware 1.36
Database versjon: 2150
Windows 6.0.6001 Service Pack 1

5/23/2009 9:03:23 AM
mbam-log-2009-05-23 (09-03-23). txt

Scan type: Quick Scan
Objekter skannet: 70234
Tid brukt: 2 minutt (er), 28 sekund (er)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registernøkler Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(Ingen skadelige eks oppdaget)

Memory Modules Infected:
(Ingen skadelige eks oppdaget)

Registernøkler Infected:
(Ingen skadelige eks oppdaget)

Registry Values Infected:
(Ingen skadelige eks oppdaget)

Registry Data Items Infected:
(Ingen skadelige eks oppdaget)

Folders Infected:
(Ingen skadelige eks oppdaget)

Files Infected:
(Ingen skadelige eks oppdaget)

Logfile of Trend Micro HijackThis v2.0.2
Scan lagret 9:09:09 AM, on 5/23/2009
Plattform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Kjører prosesser:
C: \ Windows \ system32 \ Dwm.exe
C: \ Windows \ system32 \ taskeng.exe
C: \ Windows \ Explorer.exe
C: \ Programfiler \ Windows Media Player \ wmpnscfg.exe
C: \ Programfiler \ Windows Defender \ MSASCui.exe
C: \ Windows \ RtHDVCpl.exe
C: \ Programfiler \ NewTech Infosystems \ NTI Backup Now 5 \ BkupTray.exe
C: \ Acer \ Styrke Technology \ SysMonitor.exe
C: \ Programfiler \ Motorola \ SMSERIAL \ sm56hlpr.exe
C: \ Windows \ System32 \ nvraidservice.exe
C: \ Program Files \ Lexmark 4300 Series \ lxcemon.exe
C: \ Program Files \ Lexmark 4300 Series \ ezprint.exe
C: \ Programfiler \ Fellesfiler \ ArcSoft \ Connection Service \ Bin \ ACDaemon.exe
C: \ Programfiler \ iTunes \ iTunesHelper.exe
C: \ Programfiler \ Java \ jre6 \ bin \ jusched.exe
C: \ Programfiler \ BillP Studios \ WinPatrol \ WinPatrol.exe
C: \ Windows \ System32 \ rundll32.exe
C: \ Programfiler \ Alwil Software \ Avast4 \ ashDisp.exe
C: \ Programfiler \ Google \ GoogleToolbarNotifier \ GoogleToolbarNo tifier.exe
C: \ Windows \ ehome \ ehtray.exe
C: \ Programfiler \ Olympus \ Olympus Master 2 \ MMonitor.exe
C: \ Programfiler \ Spybot - Search & Destroy \ TeaTimer.exe
C: \ Program Files \ Eraser \ Eraser.exe
C: \ Programfiler \ SUPERAntiSpyware \ SUPERAntiSpyware.exe
C: \ Programfiler \ Kodak \ Kodak EasyShare programvare \ bin \ EasyShare.exe
C: \ Windows \ system32 \ wbem \ Unsecapp.exe
C: \ Acer \ Styrke Technology \ ACER.EMPOWERING.FRAMEWORK.SUPERVISOR.EX E
C: \ Acer \ Styrke Technology \ eRecovery \ ERAGENT.EXE
C: \ Windows \ ehome \ ehmsas.exe
C: \ Users \ Shirley \ Skrivebord \ HiJackThis.exe

R0 - HKCU \ Software \ Microsoft \ Internet Explorer \ Main, Start Page = http://www.yahoo.com/
R1 - HKLM \ Software \ Microsoft \ Internet Explorer \ Main, Default_Page_URL = http://en.us.acer.yahoo.com
R1 - HKLM \ Software \ Microsoft \ Internet Explorer \ Main, Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM \ Software \ Microsoft \ Internet Explorer \ Main, Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM \ Software \ Microsoft \ Internet Explorer \ Main, Start Page = http://en.us.acer.yahoo.com
R0 - HKLM \ Software \ Microsoft \ Internet Explorer \ Search, SearchAssistant =
R0 - HKLM \ Software \ Microsoft \ Internet Explorer \ Search, CustomizeSearch =
R1 - HKCU \ Software \ Microsoft \ Windows \ CurrentVersion \ Int ernet Innstillinger ProxyServer = http = localhost: 7171
R0 - HKCU \ Software \ Microsoft \ Internet Explorer \ Toolbar, LinksFolderName =
O1 - Hosts::: 1 localhost
O2 - BHO: (no name) - (02478D38-C3F9-4efb-9B51-7695ECA05670) - (no file)
O2 - BHO: AcroIEHelperStub - (18DF081C-E8AD-4283-A596-FA578C2EBDC3) - C: \ Programfiler \ Fellesfiler \ Adobe \ Acrobat \ ActiveX \ AcroIEHelperShim.dll
O2 - BHO: Spybot-S & D IE Protection - (53707962-6F74-2D53-2644-206D7942484F) - C: \ progra ~ 1 \ Spybot ~ 1 \ SDHelper.dll
O2 - BHO: (no name) - (602ADB0E-4AFF-4217-8AA1-95DAC4DFA408) - (no file)
O2 - BHO: SSVHelper Class - (761497BB-D6F0-462C-B6EB-D4DAF1D92D43) - C: \ Programfiler \ Java \ jre6 \ bin \ ssv.dll
O2 - BHO: (no name) - (83A2F9B1-01A2-4AA5-87D1-45B6B8505E96) - (no file)
O2 - BHO: Google Toolbar Helper - (AA58ED58-01DD-4d91-8333-CF10577473F7) - C: \ Programfiler \ Google \ Google Toolbar \ GoogleToolbar.dll
O2 - BHO: Google Toolbar Notifier BHO - (AF69DE43-7D58-4638-B6FA-CE66B5AD205D) - C: \ Programfiler \ Google \ GoogleToolbarNotifier \ 5.1.1309.3572 \ s wg.dll
O2 - BHO: Google Dictionary Komprimeringsfeil sdch - (C84D72FE-E17D-4195-BB24-76C02E2E7C4E) - C: \ Programfiler \ Google \ Google Toolbar \ Component \ fastsearch_A8904FB862BD9564.dll
O2 - BHO: Java (tm) Plug-in 2 SSV Helper - (DBC80044-A445-435b-BC74-9C25C1C588A9) - C: \ Programfiler \ Java \ jre6 \ bin \ jp2ssv.dll
O3 - Toolbar: Google Toolbar - (2318C2B1-4965-11D4-9B18-009027A5CD4F) - C: \ Programfiler \ Google \ Google Toolbar \ GoogleToolbar.dll
O4 - HKLM \ .. \ Run: [Windows Defender]% ProgramFiles% \ Windows Defender \ MSASCui.exe-hide
O4 - HKLM \ .. \ Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM \ .. \ Run: [BkupTray] "C: \ Programfiler \ NewTech Infosystems \ NTI Backup Now 5 \ BkupTray.exe"
O4 - HKLM \ .. \ Run: [Acer Styrke Technology Monitor] C: \ Acer \ Styrke Technology \ SysMonitor.exe
O4 - HKLM \ .. \ Run: [SMSERIAL] C: \ Programfiler \ Motorola \ SMSERIAL \ sm56hlpr.exe
O4 - HKLM \ .. \ Run: [Acer Produkt Registrering] "C: \ Program Files \ Acer Registration \ ACE1.exe" / oppstart
O4 - HKLM \ .. \ Run: [NVRaidService] C: \ Windows \ system32 \ nvraidservice.exe
O4 - HKLM \ .. \ Run: [LXCECATS] rundll32 C: \ Windows \ system32 \ Spool \ drivers \ W32X86 \ 3 \ LXCEtim e.dll, _RunDLLEntry @ 16
O4 - HKLM \ .. \ Run: [lxcemon.exe] "C: \ Program Files \ Lexmark 4300 Series \ lxcemon.exe"
O4 - HKLM \ .. \ Run: [EzPrint] "C: \ Program Files \ Lexmark 4300 Series \ ezprint.exe"
O4 - HKLM \ .. \ Run: [ArcSoft Connection Service] C: \ Programfiler \ Fellesfiler \ ArcSoft \ Connection Service \ Bin \ ACDaemon.exe
O4 - HKLM \ .. \ Run: [QuickTime Task] "C: \ Programfiler \ QuickTime \ QTTask.exe"-atboottime
O4 - HKLM \ .. \ Run: [iTunesHelper] "C: \ Programfiler \ iTunes \ iTunesHelper.exe"
O4 - HKLM \ .. \ Run: [SunJavaUpdateSched] "C: \ Programfiler \ Java \ jre6 \ bin \ jusched.exe"
O4 - HKLM \ .. \ Run: [Adobe Reader Speed Launcher] "C: \ Programfiler \ Adobe \ Reader 9.0 \ Reader \ Reader_sl.exe"
O4 - HKLM \ .. \ Run: [WinPatrol] C: \ Programfiler \ BillP Studios \ WinPatrol \ winpatrol.exe-expressboot
O4 - HKLM \ .. \ Run: [NvCplDaemon] rundll32.exe C: \ Windows \ system32 \ NvCpl.dll, NvStartup
O4 - HKLM \ .. \ Run: [NvMediaCenter] rundll32.exe C: \ Windows \ system32 \ NvMcTray.dll, NvTaskbarInit
O4 - HKLM \ .. \ Run: [avast!] C: \ progra ~ 1 \ ALWILS ~ 1 \ Avast4 \ ashDisp.exe
O4 - HKCU \ .. \ Run: [swg] C: \ Programfiler \ Google \ GoogleToolbarNotifier \ GoogleToolbarNo tifier.exe
O4 - HKCU \ .. \ Run: [ehTray.exe] C: \ Windows \ ehome \ ehTray.exe
O4 - HKCU \ .. \ Run: [OM2_Monitor] "C: \ Programfiler \ Olympus \ Olympus Master 2 \ MMonitor.exe"
O4 - HKCU \ .. \ Run: [WMPNSCFG] C: \ Programfiler \ Windows Media Player \ WMPNSCFG.exe
O4 - HKCU \ .. \ Run: [SpybotSD TeaTimer] C: \ Programfiler \ Spybot - Search & Destroy \ TeaTimer.exe
O4 - HKCU \ .. \ Run: [Eraser] C: \ Program Files \ Eraser \ Eraser.exe-hide
O4 - HKCU \ .. \ Run: [SUPERAntiSpyware] C: \ Programfiler \ SUPERAntiSpyware \ SUPERAntiSpyware.exe
O4 - HKUS \ S-1-5-19 \ .. \ Run: [Sidebar]% ProgramFiles% \ Windows Sidebar \ Sidebar.exe / detectMem (User 'LOCAL SERVICE')
O4 - HKUS \ S-1-5-19 \ .. \ Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll, ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS \ S-1-5-20 \ .. \ Run: [Sidebar]% ProgramFiles% \ Windows Sidebar \ Sidebar.exe / detectMem (User 'NETWORK SERVICE')
O4 - Global Startup: Styrke Technology Launcher.lnk =?
O4 - Global Startup: Kodak EasyShare software.lnk = C: \ Programfiler \ Kodak \ Kodak EasyShare programvare \ bin \ EasyShare.exe
O8 - Extra sammenheng menyelement: E & ksporter til Microsoft Excel - res: / / c: \ progra ~ 1 \ micros ~ 2 \ Office12 \ EXCEL.EXE/3000
O9 - Extra knappen: Send til OneNote - (2670000A-7350-4f3c-8081-5663EE0C6C49) - C: \ progra ~ 1 \ micros ~ 2 \ Office12 \ ONBttnIE.dll
O9 - Extra "Verktøy" MENUITEM: S & end til OneNote - (2670000A-7350-4f3c-8081-5663EE0C6C49) - C: \ progra ~ 1 \ micros ~ 2 \ Office12 \ ONBttnIE.dll
O9 - Extra knappen: Research - (92780B25-18CC-41C8-B9BE-3C9C571A8263) - C: \ progra ~ 1 \ micros ~ 2 \ Office12 \ REFIEBAR.DLL
O9 - Extra knappen: (no name) - (DFB852A3-47F8-48C4-a200-58CAB36FD2A2) - C: \ progra ~ 1 \ Spybot ~ 1 \ SDHelper.dll
O9 - Extra "Verktøy" MENUITEM: Spybot - Search & Destroy Configuration - (DFB852A3-47F8-48C4-a200-58CAB36FD2A2) - C: \ progra ~ 1 \ Spybot ~ 1 \ SDHelper.dll
O13 - Gopher Prefix:
O16 - DPF: (3860DD98-0549-4D50-AA72-5D17D200EE10) --
O18 - Filter: x-sdch - (B1759355-3EEC-4C1E-B0F1-B719FE26E377) - C: \ Programfiler \ Google \ Google Toolbar \ Component \ fastsearch_A8904FB862BD9564.dll
O20 - Winlogon Notify:! SASWinLogon - C: \ Programfiler \ SUPERAntiSpyware \ SASWINLO.dll
O23 - Service: ArcSoft Connect Daemon (ACDaemon) - ArcSoft Inc. - C: \ Programfiler \ Fellesfiler \ ArcSoft \ Connection Service \ Bin \ ACService.exe
O23 - Service: ePerformance Service (AcerMemUsageCheckService) - Unknown owner - C: \ Acer \ Styrke Technology \ ePerformance \ MemCheck.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C: \ Programfiler \ Fellesfiler \ Apple \ Mobile Device Support \ bin \ AppleMobileDeviceService.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C: \ Programfiler \ Alwil Software \ Avast4 \ aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C: \ Programfiler \ Alwil Software \ Avast4 \ ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C: \ Programfiler \ Alwil Software \ Avast4 \ ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C: \ Programfiler \ Alwil Software \ Avast4 \ ashWebSv.exe
O23 - Service: Bonjour Service - Apple Inc. - C: \ Programfiler \ Bonjour \ mDNSResponder.exe
O23 - Service: NTI Backup Now 5 Agent Service (BUNAgentSvc) - NewTech Infosystems, Inc. - C: \ Programfiler \ NewTech Infosystems \ NTI Backup Now 5 \ Client \ Agentsvc.exe
O23 - Service: eRecovery Service (eRecoveryService) - Acer Inc. - C: \ Acer \ Styrke Technology \ eRecovery \ eRecoveryService.exe
O23 - Service: eSettings Service (eSettingsService) - Unknown owner - C: \ Acer \ Styrke Technology \ eSettings \ Service \ capuserv.exe
O23 - Service: Google Software Updater (gusvc) - Google - C: \ Programfiler \ Google \ Common \ Google Updater \ GoogleUpdaterService.exe
O23 - Service: iPod Service - Apple Inc. - C: \ Programfiler \ iPod \ bin \ iPodService.exe
O23 - Service: lxce_device - - C: \ Windows \ system32 \ lxcecoms.exe
O23 - Service: NTI Backup Now 5 Backup Service (NTIBackupSvc) - NewTech InfoSystems, Inc. - C: \ Programfiler \ NewTech Infosystems \ NTI Backup Now 5 \ BackupSvc.exe
O23 - Service: NTI Backup Now 5 Scheduler Service (NTISchedulerSvc) - Unknown owner - C: \ Programfiler \ NewTech Infosystems \ NTI Backup Now 5 \ SchedulerSvc.exe
O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C: \ Windows \ system32 \ nvvsvc.exe
O23 - Service: SBSD Security Center Service (SBSDWSCService) - Sikrere Nettverk Ltd - C: \ Programfiler \ Spybot - Search & Destroy \ SDWinSec.exe

--
End of file - 9919 bytes

**sjb007** · #2 23 mai 2009, 23:45

Hei Bubba ....

Vi trenger å deaktivere din TeaTimer som det kan forstyrre feilrettingsfilene at vi må gjøre.

1) Kjør Spybot-S & D
2) Gå til menyen Modus, og sørg for "Advanced Mode" er valgt
3) På venstre side, velg Verktøy -> Resident
4) Fjern "Resident TeaTimer" og OK noen ledetekster
5) Start maskinen på nytt.

Laste ned ResetTeaTimer.bat ved å høyreklikke på linken og velge Lagre som.

* Lagre den på skrivebordet ditt.
* Dobbeltklikk ResetTeaTimer.zip
* Dobbeltklikk ResetTeaTimer.bat og klikk Kjør for å fjerne alle oppføringer satt av TeaTimer.

Etter alle reparasjonene er fullført er det svært viktig at du aktiverer TeaTimer igjen, vil jeg gi deg beskjed når det er trygt å gjøre det.

A Tutorial for Tea Tidtaker finnes her -> http://russelltexas.com/malware/teatimer.htm

==========================================\u0

Last ned og skanne med ComboFix.exe. Kan du gå til denne siden for nedlasting koblinger, og instruksjonene for å kjøre verktøyet:

http://www.bleepingcomputer.com/comb...o-use-combofix

Kontroller at du har deaktivert alle anti-virus og anti malware-programmene inkludert winpatrol slik at de ikke forstyrrer driften av ComboFix.

Ta med C: \ ComboFix.txt i neste svare for videre vurdering.

==========================================\u0

Gå til Start-menyen > Velg Løpe og kopier / lim inn følgende i Kjør-boksen og klikker OK:

C: \ Qoobox \ Add-Fjern Programs.txt

En tekstfil skal åpne. Vær innlegget innholdet i denne filen i neste svaret.

**Bubba** · #3 24 mai 2009, 02:33

Et par ting før jeg legger loggene:

1. I Tea tidtaker opplæringen du er tilknyttet, det sa også deaktivere bosatt SDHelper slik jeg gjorde.
2. ComboFix ikke vise sikkerhetskopiere regisdtry skjermen med mindre det er en rask skjerm, og jeg savnet det mens du ser på min datamaskin (husk at dette er en venner). Det gav ikke koble fra internett heller ikke jeg merke det skiftende tiden. Begge ikonene var synlig mens kombinasjonsboksen feilrettingsfil ble publisert. Er dette et problem? Også, etter å ha kjørt Combofix, bakgrunnsbilde ble forvrengt, så jeg omstartet. Når computerstarted sikkerhetskopierer, bakgrunnsbilde var borte, Firefox ikke lenger var standard nettleser og en melding popped opp at IE hjemmeside hadde blitt endret til MSN (tror jeg). Er dette normalt? Dessuten Winpatrol anføres at en ny tjeneste hadde lagt inn: appmgmts.dll.

3. Før du svarte på dette, fikk jeg kvitt Google Toolbar. Flere av HJT oppføringer så rart. I 018 for eksempel, den ble kalt x-sdCH stedet for x-sdHC .......... Dessuten lol, jeg hater verktøyet barer og de alltid kan legge den tilbake hvis de ønsker det. Uansett, som endret HJT logg. Jeg har også fått kvitt de 2 - 02 som ikke hadde noen fil tilknyttet.

4. Hva er vi på jakt etter i Combofix? LOL jeg begynte å laste ned og kjøre det før jeg postet denne tråden, men bestemte jeg vet vet nok ennå å rote med det.

Og uten videre larm:

ComboFix 09-05-23.04 - Shirley 05/24/2009 4:48.1 - NTFSx86
Microsoft ® Windows Vista ™ Home Premium 6.0.6001.1.1252.1.1033.18.2814.1916 [GMT -4:00]
Kjører fra: c: \ brukere \ Shirley \ Skrivebord \ ComboFix.exe
SP: Spybot - Search and Destroy * deaktivert * (Outdated) (ED588FAF-1B8F-43B4-ACA8-8E3C85DADBE9)
SP: SUPERAntiSpyware * deaktivert * (Oppdatert) (222A897C-5018-402e-943F-7E7AC8560DA7)
SP: Windows Defender * aktivert * (Oppdatert) (D68DDC3A-831F-4FAE-9E44-DA132C1ACF46)
.

((((((((((((((((((((((((( Files Created fra 2009-04-24 til 2009-05-24 ))))))))))) ))))))))))))))))))))
.

2009-05-22 23:57. 2009-05-24 08:40 117760 ---- aw C: \ Users \ Shirley \ AppData \ Roaming \ SUPERAntiSpyware. com \ SUPERAntiSpyware \ SDDLLS \ UIREPAIR.DLL
2009-05-22 23:56. 2009-05-22 23:56 -------- d ----- wc: \ Programdata \ SUPERAntiSpyware.com
2009-05-22 23:52. 2009-05-22 23:52 -------- d ----- wc: \ Programfiler \ SUPERAntiSpyware
2009-05-22 23:52. 2009-05-22 23:52 -------- d ----- wc: \ Users \ Shirley \ AppData \ Roaming \ SUPERAntiSpyware. com
2009-05-22 20:36. 2009-05-22 20:36 -------- d ----- wc: \ Programfiler \ Fellesfiler \ Wise Installation Wizard
2009-05-22 15:06. 2009-02-05 20:06 51376 ---- aw C: \ Windows \ system32 \ drivers \ aswTdi.sys
2009-05-22 15:06. 2009-02-05 20:06 23152 ---- aw C: \ Windows \ system32 \ drivers \ aswRdr.sys
2009-05-22 15:06. 2009-02-05 20:07 114768 ---- aw C: \ Windows \ system32 \ drivers \ aswSP.sys
2009-05-22 15:06. 2009-02-05 20:07 20560 ---- aw C: \ Windows \ system32 \ drivers \ aswFsBlk.sys
2009-05-22 15:06. 2009-02-05 20:04 97480 ---- aw C: \ Windows \ system32 \ AvastSS.scr
2009-05-22 15:06. 2009-02-05 20:11 1256296 ---- aw C: \ Windows \ system32 \ aswBoot.exe
2009-05-22 15:06. 2009-02-05 20:06 51792 ---- aw C: \ Windows \ system32 \ drivers \ aswMonFlt.sys
2009-05-22 15:06. 2009-05-22 15:06 -------- d ----- wc: \ Programfiler \ Alwil Software
2009-05-22 04:38. 2009-05-22 04:38 738120 ---- aw C: \ Programdata \ Microsoft \ eHome \ Pakker \ MCESpotlig HT \ MCESpotlight \ SpotlightResources.dll
2009-05-20 12:43. 2008-06-20 01:14 97800 ---- aw C: \ Windows \ system32 \ infocardapi.dll
2009-05-20 12:43. 2008-06-20 01:14 105016 ---- aw C: \ Windows \ system32 \ PresentationCFFRasterizerNativ e_v0300.dll
2009-05-20 12:43. 2008-06-20 01:14 11264 ---- aw C: \ Windows \ system32 \ icardres.dll
2009-05-20 12:43. 2008-06-20 01:14 622080 ---- aw C: \ Windows \ system32 \ icardagt.exe
2009-05-20 12:43. 2008-06-20 01:14 43544 ---- aw C: \ Windows \ system32 \ PresentationHostProxy.dll
2009-05-20 12:43. 2008-06-20 01:14 781344 ---- aw C: \ Windows \ system32 \ PresentationNative_v0300.dll
2009-05-20 12:43. 2008-06-20 01:14 326160 ---- aw C: \ Windows \ system32 \ PresentationHost.exe
2009-05-20 12:33. 2008-07-27 18:03 96760 ---- aw C: \ Windows \ system32 \ dfshim.dll
2009-05-20 12:33. 2008-07-27 18:03 282112 ---- aw C: \ Windows \ system32 \ mscoree.dll
2009-05-20 12:33. 2008-07-27 18:03 41984 ---- aw C: \ Windows \ system32 \ netfxperf.dll
2009-05-20 12:32. 2008-07-27 18:03 158720 ---- aw C: \ Windows \ system32 \ mscorier.dll
2009-05-20 12:32. 2008-07-27 18:03 83968 ---- aw C: \ Windows \ system32 \ mscories.dll
2009-05-20 11:39. 2009-05-20 11:39 -------- d ----- wc: \ Programfiler \ Microsoft Silverlight
2009-05-20 04:03. 2009-05-20 11:00 -------- d ----- wc: \ Programfiler \ Windows Live Safety Center
2009-05-19 23:20. 2009-05-19 23:20 -------- d ----- wc: \ Users \ Shirley \ AppData \ Local \ Acer DV magiker
2009-05-19 23:10. 2009-05-19 23:10 -------- d ----- wc: \ windows \ søndag
2009-05-19 20:40. 2009-05-19 20:40 -------- d ----- wc: \ Users \ Shirley \ AppData \ Roaming \ com.adobe.mauby.4 875E02D9FB21EE389F73B8D1702B320485DF8CE.1
2009-05-19 20:40. 2009-05-19 11:41 38200 ---- aw C: \ Users \ Shirley \ AppData \ Roaming \ Macromedia \ Flash Player \www.macromedia.com \ bin \ airappinstaller \ airappinsta ller.exe
2009-05-19 18:24. 2009-05-24 08:38 -------- d ----- wc: \ Users \ Shirley \ AppData \ Local \ Eraser
2009-05-19 18:24. 2009-05-19 18:24 -------- d - h - wc: \ Users \ Shirley \ AppData \ Local \ (A25FEDC1-F6D7-440C-BCE2-B71F595F6646)
2009-05-19 18:24. 2009-05-19 18:24 -------- d ----- wc: \ Program Files \ Eraser
2009-05-19 17:20. 2009-05-19 17:20 -------- d ----- wc: \ Users \ Shirley \ AppData \ Roaming \ eSobi
2009-05-19 17:11. 2008-07-10 06:32 538 ---- aw C: \ Windows \ system32 \ RegRaidSedona.bat
2009-05-19 17:07. 2009-05-19 17:07 -------- d ----- w C: \ NVIDIA
2009-05-19 14:04. 2009-05-19 14:05 -------- d ----- wc: \ Programfiler \ Spybot - Search & Destroy
2009-05-19 14:04. 2009-05-19 14:05 -------- d ----- wc: \ Programdata \ Spybot - Search & Destroy
2009-05-19 13:01. 2009-05-19 13:01 -------- d ----- wc: \ Users \ Shirley \ AppData \ Roaming \ WinPatrol
2009-05-19 13:01. 2006-09-18 21:43 10 ---- aw C: \ Users \ Shirley \ AppData \ Roaming \ WinPatrol \ Config. sys
2009-05-19 13:01. 2006-09-18 21:43 24 ---- aw C: \ Users \ Shirley \ AppData \ Roaming \ WinPatrol \ Autoexe c.bat
2009-05-19 13:01. 2009-05-19 13:01 -------- d ----- wc: \ Programfiler \ BillP Studios
2009-05-19 12:26. 2009-05-19 12:26 -------- d ----- wc: \ Users \ Shirley \ AppData \ Roaming \ Malwarebytes
2009-05-19 12:26. 2009-04-06 19:32 15504 ---- aw C: \ Windows \ system32 \ drivers \ mbam.sys
2009-05-19 12:26. 2009-04-06 19:32 38496 ---- aw C: \ Windows \ system32 \ drivers \ mbamswissarmy.sys
2009-05-19 12:26. 2009-05-19 13:22 -------- d ----- wc: \ Programfiler \ Malwarebytes' Anti-Malware
2009-05-19 12:26. 2009-05-19 12:26 -------- d ----- wc: \ Programdata \ Malwarebytes
2009-05-19 11:53. 2009-05-19 11:53 0 ---- aw C: \ Windows \ nsreg.dat
2009-05-19 11:53. 2009-05-19 11:53 -------- d ----- wc: \ Users \ Shirley \ AppData \ Local \ Mozilla
2009-05-19 11:41. 2009-05-19 11:41 -------- d ----- wc: \ Programfiler \ Fellesfiler \ Adobe AIR
2009-05-19 11:38. 2009-05-19 12:45 -------- d ----- wc: \ Programdata \ NOS
2009-05-19 11:29. 2009-05-19 11:29 -------- d ----- wc: \ Users \ Shirley \ AppData \ Local \ Seven Zip
2009-05-19 10:41. 2009-03-19 20:32 23400 ---- aw C: \ Windows \ system32 \ drivers \ GEARAspiWDM.sys
2009-05-19 10:41. 2008-04-17 16:12 107368 ---- aw C: \ Windows \ system32 \ GEARAspi.dll
2009-05-19 10:41. 2009-05-20 01:10 -------- d ----- wc: \ Programfiler \ iPod
2009-05-19 10:41. 2009-05-19 10:41 -------- d ----- wc: \ Programdata \ (8CD7F5AF-ECFA-4793-BF40-D8F42DBFF906)
2009-05-19 10:41. 2009-05-19 10:41 -------- d ----- wc: \ Programfiler \ iTunes
2009-05-19 10:38. 2009-05-19 10:38 -------- d ----- wc: \ Programfiler \ QuickTime
2009-05-19 10:34. 2009-05-19 10:34 75048 ---- aw C: \ Programdata \ Apple Computer \ Installer Cache \ iTunes 8.1.1.10 \ SetupAdmin.exe
2009-05-19 10:34. 2009-05-19 10:34 -------- d ----- wc: \ Programfiler \ Bonjour
2009-05-19 10:33. 2009-05-19 10:33 416128 ---- aw C: \ Programdata \ Microsoft \ eHome \ Pakker \ NetTV \ Brow se \ NetTVResources.dll
2009-05-19 10:29. 2009-05-19 10:29 410984 ---- aw C: \ Windows \ system32 \ deploytk.dll
2009-05-12 02:36. 2009-05-12 02:36 2930 --- h - wc: \ windows \ ms49f4d98.dat
2009-05-11 23:55. 2009-04-14 00:39 4656976 ---- aw C: \ Programdata \ Microsoft \ Windows Defender \ definisjonsoppdateringer \ (DD7D9A19-5FB4-4855-A8E0-F0A00524AD5E) \ mpengine.dll

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))) ))))))))))))))))))))))))))))))))))))))))))))
.
2009-05-24 08:39. 2009-02-17 13:54 602 ---- aw C: \ Programdata \ ArcSoft \ Kodak-printcreations-22-080812-oem \ acforall.dll
2009-05-24 04:22. 2008-09-12 01:46 -------- d ----- wc: \ Programfiler \ Google
2009-05-20 11:55. 2008-09-11 17:01 104472 ---- aw C: \ Users \ Shirley \ AppData \ Local \ GDIPFONTCACHEV1.DAT
2009-05-20 11:51. 2008-02-05 19:30 -------- d ----- wc: \ Programdata \ Microsoft Help
2009-05-20 11:49. 2008-02-05 19:31 -------- d ----- wc: \ Programfiler \ Microsoft Works
2009-05-20 03:54. 2008-09-12 14:01 -------- d ----- wc: \ Programfiler \ Lx_cats
2009-05-20 00:42. 2008-02-05 20:19 -------- d ----- wc: \ Programfiler \ Fellesfiler \ Adobe
2009-05-19 23:28. 2008-02-05 19:26 -------- d - h - wc: \ Programfiler \ InstallShield Installasjonsinformasjon
2009-05-19 23:27. 2008-02-05 19:49 -------- d ----- wc: \ Program Files \ Acer Arcade Live
2009-05-19 23:20. 2008-09-15 23:24 -------- d ----- wc: \ Users \ Shirley \ AppData \ Roaming \ Cyberlink
2009-05-19 21:38. 2008-09-12 20:56 -------- d ----- wc: \ Programfiler \ Fellesfiler \ SureThing Delt
2009-05-19 21:04. 2008-09-12 14:09 1664 ---- aw C: \ Users \ Shirley \ AppData \ Roaming \ wklnhst.dat
2009-05-19 17:29. 2009-03-04 15:55 -------- d ----- wc: \ Users \ Shirley \ AppData \ Roaming \ Sony
2009-05-19 17:20. 2008-02-05 19:22 -------- d ----- wc: \ Programdata \ NVIDIA
2009-05-19 16:54. 2008-02-05 18:03 36864 ---- aw C: \ Windows \ system32 \ nvcod100.dll
2009-05-19 16:54. 2007-10-25 11:02 147456 ---- aw C: \ Windows \ system32 \ nvcolor.exe
2009-05-19 16:13. 2008-09-12 01:47 -------- d ----- wc: \ Users \ Shirley \ AppData \ Roaming \ LimeWire
2009-05-19 11:32. 2008-02-05 20:08 -------- d ----- wc: \ Programfiler \ Yahoo!
2009-05-19 11:05. 2008-09-12 01:45 -------- d ----- wc: \ Programfiler \ Java
2009-05-19 10:41. 2008-09-13 03:14 -------- d ----- wc: \ Programfiler \ Fellesfiler \ Apple
2009-05-19 10:38. 2008-09-13 03:15 -------- d ----- wc: \ Programdata \ Apple Computer
2009-05-11 12:10. 2009-05-11 12:10 78260 ---- aw C: \ Programdata \ SPL23D4.tmp
2009-04-17 10:12. 2006-11-02 11:18 -------- d ----- wc: \ Program Files \ Windows Mail
2009-04-02 22:13. 2009-04-02 22:13 702127 ---- aw C: \ Programdata \ SPLFB91.tmp
2009-03-19 20:32. 2009-03-19 20:32 23400 ---- aw C: \ Programdata \ (8CD7F5AF-ECFA-4793-BF40-D8F42DBFF906) \ x86 \ x86 \ GEARAspiWDM.sys
2009-03-17 03:38. 2009-04-17 05:22 13824 ---- aw C: \ Windows \ system32 \ apilogen.dll
2009-03-17 03:38. 2009-04-17 05:22 24064 ---- aw C: \ Windows \ system32 \ amxread.dll
2009-03-08 11:34. 2009-05-20 03:47 914944 ---- aw C: \ Windows \ system32 \ Wininet.dll
2009-03-08 11:34. 2009-05-20 03:47 43008 ---- aw C: \ Windows \ system32 \ licmgr10.dll
2009-03-08 11:33. 2009-05-20 03:47 18944 ---- aw C: \ Windows \ system32 \ corpol.dll
2009-03-08 11:33. 2009-05-20 03:47 109056 ---- aw C: \ Windows \ system32 \ iesysprep.dll
2009-03-08 11:33. 2009-05-20 03:47 109568 ---- aw C: \ Windows \ system32 \ PDMSetup.exe
2009-03-08 11:33. 2009-05-20 03:47 107520 ---- aw C: \ Windows \ system32 \ RegisterIEPKEYs.exe
2009-03-08 11:33. 2009-05-20 03:47 103936 ---- aw C: \ Windows \ system32 \ SetDepNx.exe
2009-03-08 11:33. 2009-05-20 03:47 132608 ---- aw C: \ Windows \ system32 \ ieUnatt.exe
2009-03-08 11:33. 2009-05-20 03:47 107008 ---- aw C: \ Windows \ system32 \ SetIEInstalledDate.exe
2009-03-08 11:33. 2009-05-20 03:47 420352 ---- aw C: \ Windows \ system32 \ vbscript.dll
2009-03-08 11:32. 2009-05-20 03:47 72704 ---- aw C: \ Windows \ system32 \ admparse.dll
2009-03-08 11:32. 2009-05-20 03:47 71680 ---- aw C: \ Windows \ system32 \ iesetup.dll
2009-03-08 11:32. 2009-05-20 03:47 66560 ---- aw C: \ Windows \ system32 \ wextract.exe
2009-03-08 11:32. 2009-05-20 03:47 169472 ---- aw C: \ Windows \ system32 \ iexpress.exe
2009-03-08 11:31. 2009-05-20 03:47 34816 ---- aw C: \ Windows \ system32 \ imgutil.dll
2009-03-08 11:31. 2009-05-20 03:47 48128 ---- aw C: \ Windows \ system32 \ Mshtmler.dll
2009-03-08 11:31. 2009-05-20 03:47 45568 ---- aw C: \ Windows \ system32 \ Mshta.exe
2009-03-08 11:22. 2009-05-20 03:47 156160 ---- aw C: \ Windows \ system32 \ msls31.dll
2009-03-03 04:46. 2009-04-17 05:22 3599328 ---- aw C: \ Windows \ system32 \ ntkrnlpa.exe
2009-03-03 04:46. 2009-04-17 05:22 3547632 ---- aw C: \ Windows \ system32 \ ntoskrnl.exe
2009-03-03 04:39. 2009-04-17 05:22 183296 ---- aw C: \ Windows \ system32 \ sdohlp.dll
2009-03-03 04:39. 2009-04-17 05:22 551424 ---- aw C: \ Windows \ system32 \ Rpcss.dll
2009-03-03 04:39. 2009-04-17 05:22 26112 ---- aw C: \ Windows \ system32 \ printfilterpipelineprxy.dll
2009-03-03 04:37. 2009-04-17 05:22 98304 ---- aw C: \ Windows \ system32 \ iasrecst.dll
2009-03-03 04:37. 2009-04-17 05:22 54784 ---- aw C: \ Windows \ system32 \ iasads.dll
2009-03-03 04:37. 2009-04-17 05:22 44032 ---- aw C: \ Windows \ system32 \ iasdatastore.dll
2009-03-03 03:04. 2009-04-17 05:22 666624 ---- aw C: \ Windows \ system32 \ printfilterpipelinesvc.exe
2009-03-03 02:38. 2009-04-17 05:22 17408 ---- aw C: \ Windows \ system32 \ iashost.exe
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))) ))))))))))))))))))))))))))))))))))))))))
.
.
* Note * empty entries & legit default entries ikke vises
REGEDIT4

[HKEY_CURRENT_USER \ Software \ Microsoft \ Windows \ Curre ntVersion \ Run]
"ehTray.exe" = "c: \ windows \ ehome \ ehTray.exe" [2008-01-21 125952]
"OM2_Monitor" = "C: \ Program Files \ Olympus \ Olympus Master 2 \ MMonitor.exe" [2008-11-07 95536]
"WMPNSCFG" = "C: \ Program Files \ Windows Media Player \ WMPNSCFG.exe" [2008-01-21 202240]
"Eraser" = "C: \ Program Files \ Eraser \ Eraser.exe" [2007-12-22 916240]
"SUPERAntiSpyware" = "C: \ Program Files \ SUPERAntiSpyware \ SUPERAntiSpyware.exe" [2009-05-14 1830128]

[HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ Windows \ Curr entVersion \ Run]
"BkupTray" = "C: \ Program Files \ NewTech Infosystems \ NTI Backup Now 5 \ BkupTray.exe" [2007-12-30 34552]
"Acer Styrke Technology Monitor" = "c: \ Acer \ Styrke Technology \ SysMonitor.exe" [2008-01-10 326176]
"SMSERIAL" = "C: \ Program Files \ Motorola \ SMSERIAL \ sm56hlpr.exe" [2007-02-02 630784]
"Acer Product Registration" = "C: \ Program Files \ Acer Registration \ ACE1.exe" [2007-10-15 3387392]
"NVRaidService" = "c: \ windows \ system32 \ nvraidservice. Exe" [2008-11-12 203296]
"LXCECATS" = "c: \ windows \ system32 \ Spool \ drivers \ W32X 86 \ 3 \ LXCEtime.dll" [2007-02-22 73728]
"lxcemon.exe" = "C: \ Program Files \ Lexmark 4300 Series \ lxcemon.exe" [2007-05-17 205744]
"EzPrint" = "C: \ Program Files \ Lexmark 4300 Series \ ezprint.exe" [2007-05-17 103344]
"ArcSoft Connection Service" = "C: \ Programfiler \ Fellesfiler \ ArcSoft \ Connection Service \ Bin \ ACDaemon.exe" [2009-04-29 188728]
"QuickTime Task" = "c: \ Programfiler \ QuickTime \ QTTask.exe" [2009-01-05 413696]
"iTunesHelper" = "C: \ Program Files \ iTunes \ iTunesHelper.exe" [2009-04-02 342312]
"SunJavaUpdateSched" = "C: \ Program Files \ Java \ jre6 \ bin \ jusched.exe" [2009-05-19 148888]
"Adobe Reader Speed Launcher" = "C: \ Program Files \ Adobe \ Reader 9.0 \ Reader \ Reader_sl.exe" [2009-02-27 35696]
"WinPatrol" = "C: \ Program Files \ BillP Studios \ WinPatrol \ winpatrol.exe" [2009-04-20 337216]
"NvCplDaemon" = "c: \ windows \ system32 \ NvCpl.dll" [2009-01-16 13683232]
"NvMediaCenter" = "c: \ windows \ system32 \ NvMcTray. Dll" [2009-01-16 92704]
"avast!" = "c: \ progra ~ 1 \ ALWILS ~ 1 \ Avast4 \ ashDisp. exe" [2009-02-05 81000]
"RtHDVCpl" = "RtHDVCpl.exe" - C: \ Windows \ RtHDVCpl.exe [2007-10-11 4702208]

c: \ Programdata \ Microsoft \ Windows \ Start-meny \ Programmer \ Startup
Styrke Technology Launcher.lnk - c: \ Acer \ Styrke Technology \ eAPLauncher.exe [2008-2-5 535336]
Kodak EasyShare software.lnk - c: \ Programfiler \ Kodak \ Kodak EasyShare programvare \ bin \ EasyShare.exe [2008-10-30 282624]

[HKEY_LOCAL_MACHINE \ Software \ Microsoft \ Windows \ curr entversion \ policies \ system]
"EnableUIADesktopToggle" = 0 (0x0)
"EnableLUA" = 0 (0x0)

[HKEY_LOCAL_MACHINE \ Software \ Microsoft \ Windows \ curr entversion \ Explorer \ ShellExecuteHooks]
"(5AE067D3-9AFB-48E0-853A-EBB7F4A000DA)" = "C: \ Program Files \ SUPERAntiSpyware \ SASSEH.DLL" [2008-05-13 77824]

[HKEY_LOCAL_MACHINE \ Software \ Microsoft \ Windows NT \ CurrentVersion \ Winlogon \ Notify \! SASWinLogon]
2008-12-22 16:05 356352 ---- aw C: \ Program Files \ SUPERAntiSpyware \ SASWINLO.dll

HKEY_LOCAL_MACHINE \ Software \ Microsoft \ Windows NT \ CurrentVersion \ drivers32
"wave2" = serwvdrv.dll

[HKEY_LOCAL_MACHINE \ SYSTEM \ CurrentControlSet \ Contro l \ SafeBoot \ Minimal \ WinDefend]
@ = "Service"

[HKEY_LOCAL_MACHINE \ Software \ Microsoft \ security center \ Monitoring]
"DisableMonitoring" = dword: 00000001

[HKEY_LOCAL_MACHINE \ Software \ Microsoft \ security center \ Monitoring \ SymantecAntiVirus]
"DisableMonitoring" = dword: 00000001

[HKEY_LOCAL_MACHINE \ Software \ Microsoft \ security center \ Monitoring \ SymantecFirewall]
"DisableMonitoring" = dword: 00000001

[HKLM \ ~ \ Services \ sharedaccess \ Parameters \ firewallpo licy \ FirewallRules]
"(2E9A4533-1359-46B6-B326-2B899D73FD10)" = UDP: C: \ Program Files \ Microsoft Office \ Office12 \ ONENOTE.EXE: Microsoft Office OneNote
"(ADE9CF49-7A0E-4076-9B85-7648EC5E7736)" = TCP: C: \ Program Files \ Microsoft Office \ Office12 \ ONENOTE.EXE: Microsoft Office OneNote
"(6299EEE5-1856-4B10-9916-798B1C1AEF89)" = UDP: C: \ Program Files \ NewTech Infosystems \ NTI Backup Now 5 \ BackupSvc.exe: BackupSvc.exe
"(F3CFA48D-Æ6Å-482E-96D7-2390C5C0FDF5)" = UDP: C: \ Program Files \ NewTech Infosystems \ NTI Backup Now 5 \ Client \ Agentsvc.exe: AgentSvc.exe
"(D430641B-178B-4C39-B53C-F6B3221DB01A)" = TCP: C: \ Program Files \ NewTech Infosystems \ NTI Backup Now 5 \ BackupSvc.exe: BackupSvc.exe
"(948000F3-8719-4206-B4C5-6506B663184F)" = TCP: C: \ Program Files \ NewTech Infosystems \ NTI Backup Now 5 \ Client \ Agentsvc.exe: AgentSvc.exe
"(8BCD640B-594A-465F-8A9E-E5A6C07DC081)" = UDP: C: \ Program Files \ NewTech Infosystems \ NTI Backup Now 5 \ SchedulerSvc.exe: SchedulerSvc.exe
"(7B6B3B53-9D2B-40C9-B91F-FE85E1D6A25A)" = TCP: C: \ Program Files \ NewTech Infosystems \ NTI Backup Now 5 \ SchedulerSvc.exe: SchedulerSvc.exe
"(CA5E49E2-2662-4B15-BE6C-0FC7F1CC3A1B)" = UDP: c: \ windows \ system32 \ lxcecoms.exe: Lexmark Communications System
"(61DAEE1D-D19E-4F1A-B41E-603246AF524C)" = TCP: c: \ windows \ system32 \ lxcecoms.exe: Lexmark Communications System
"(EB8798E6-358B-4DDA-a219-21BBC5D3C79A)" = UDP: C: \ WINDOWS \ System32 \ Spool \ drivers \ w32x86 \ 3 \ lxc epswx.exe: skriverstatus Window
"(C513D5EB-73E1-4ED7-A04C-C37C9E69B4B0)" = TCP: C: \ Windows \ System32 \ Spool \ drivers \ w32x86 \ 3 \ lxc epswx.exe: skriverstatus Window
"(99976595-B4E1-4C9A-A3DE-A67AEDEE9B55)" = C: \ Program Files \ Acer Arcade Live \ Acer Arcade Live Hovedside \ Acer Arcade Live.exe: Acer Arcade Live
"(7A37205C-E643-4464-8C27-FAFCC859102D)" = UDP: C: \ Program Files \ Microsoft Office \ Office12 \ ONENOTE.EXE: Microsoft Office OneNote
"(1DF156D1-94E3-4B3D-A91E-724DFC89819E)" = TCP: C: \ Program Files \ Microsoft Office \ Office12 \ ONENOTE.EXE: Microsoft Office OneNote
"(B7DA4A0B-FA80-40F6-A9A6-B737F64A2D2D)" = UDP: C: \ Program Files \ Bonjour \ mDNSResponder.exe: Bonjour
"(D7D156E3-7B84-41F2-9FD8-CF9860453F65)" = TCP: C: \ Program Files \ Bonjour \ mDNSResponder.exe: Bonjour
"(F8CDA590-0FD3-4E40-8A6C-9850B1E5C2AB)" = UDP: C: \ Program Files \ iTunes \ iTunes.exe: iTunes
"(F6A110DE-6630-4823-B892-60950EB9ED71)" = TCP: C: \ Program Files \ iTunes \ iTunes.exe: iTunes
"(8640BFAB-1B85-48CC-95D5-9AABB44E4D95)" = UDP: C: \ Program Files \ BillP Studios \ WinPatrol \ WinPatrol.exe: WinPatrol
"(6CC4A3BE-8F00-4983-B199-3050D54509B8)" = TCP: C: \ Program Files \ BillP Studios \ WinPatrol \ WinPatrol.exe: WinPatrol
"(1EA08720-DA12-4CDE-8A5A-AF15D91C1E5F)" = UDP: C: \ Program Files \ Malwarebytes' Anti-Malware \ mbam.exe: Malwarebytes' Anti-Malware
"(DDDCF108-71DF-48CD-AD53-71D17C3F2C5C)" = TCP: C: \ Program Files \ Malwarebytes' Anti-Malware \ mbam.exe: Malwarebytes' Anti-Malware
"(F98C3B13-2099-40EC-B504-2445C9C5B1B0)" = UDP: C: \ Program Files \ Spybot - Search & Destroy \ SpybotSD.exe: Spybot - Search & Destroy
"(3DB81CCD-4E96-40B3-8CA9-0089C89C294B)" = TCP: C: \ Program Files \ Spybot - Search & Destroy \ SpybotSD.exe: Spybot - Search & Destroy
"(918FE1A4-6957-4640-97D9-C85BED212614)" = UDP: C: \ Program Files \ Spybot - Search & Destroy \ SDUpdate.exe: Oppdatering Spybot-S & D
"(877DB07F-9298-486A-BB5B-930AF3A683AA)" = TCP: C: \ Program Files \ Spybot - Search & Destroy \ SDUpdate.exe: Oppdatering Spybot-S & D
"(5A664831-D250-4805-BB75-32612C9742F8)" = UDP: C: \ Windows \ ehome \ ehshell.exe: Windows Media Center
"(2A157C0E-5966-4B7E-8D49-178D75EA6009)" = TCP: C: \ Windows \ ehome \ ehshell.exe: Windows Media Center

[HKLM \ ~ \ Services \ sharedaccess \ Parameters \ firewallpo licy \ StandardProfile]
"EnableFirewall" = 0 (0x0)

R1 aswSP; avast! Self Protection; c: \ windows \ system32 \ drivers \ aswSP.sys [5/22/2009 11:06 AM 114768]
R1 FAMv4; FAMv4; c: \ windows \ system32 \ drivers \ FAMv4.sys [12/14/2007 3:35 PM 132120]
R1 SASDIFSV; SASDIFSV; C: \ Program Files \ SUPERAntiSpyware \ sasdifsv.sys [5/14/2009 2:22 PM 9968]
R1 SASKUTIL; SASKUTIL; C: \ Program Files \ SUPERAntiSpyware \ SASKUTIL.SYS [5/14/2009 2:22 PM 72944]
R2 aswFsBlk; aswFsBlk; c: \ windows \ system32 \ drivers \ aswF sBlk.sys [5/22/2009 11:06 AM 20560]
R2 aswMonFlt; aswMonFlt; c: \ windows \ system32 \ drivers \ som wMonFlt.sys [5/22/2009 11:06 AM 51792]
R2 BUNAgentSvc; NTI Backup Now 5 Agent Service; C: \ Program Files \ NewTech Infosystems \ NTI Backup Now 5 \ Client \ Agentsvc.exe [12/30/2007 5:54 PM 21752]
R2 NTIBackupSvc; NTI Backup Now 5 Backup Service; C: \ Program Files \ NewTech Infosystems \ NTI Backup Now 5 \ BackupSvc.exe [12/30/2007 5:55 PM 54520]
R2 NTISchedulerSvc; NTI Backup Now 5 Scheduler Service; C: \ Program Files \ NewTech Infosystems \ NTI Backup Now 5 \ SchedulerSvc.exe [12/30/2007 5:54 PM 136440]
R2 SBSDWSCService; SBSD Security Center Service; C: \ Program Files \ Spybot - Search & Destroy \ SDWinSec.exe [5/19/2009 10:04 AM 1153368]
R3 SASENUM; SASENUM; C: \ Program Files \ SUPERAntiSpyware \ SASENUM.SYS [5/14/2009 2:22 PM 7408]

[HKEY_LOCAL_MACHINE \ Software \ Microsoft \ Active Setup \ Installed Components \> (60B49E34-C7CC-11D0-8953-00A0C90347FF)]
"c: \ windows \ system32 \ rundll32.exe" "c: \ windows \ system32 \ iedkcs32.dll", BrandIEActiveSe tup Påmelding
.
- - - - Orphans fjernet - - - --

SafeBoot-procexp90.Sys

.
------- Tilleggsavtale Scan -------
.
uStart Page = hxxp: / / www.yahoo.com/
mStart Page = hxxp: / / en.us.acer.yahoo.com
uInternet Settings, ProxyOverride = <local>, *. lokale
uInternet Innstillinger ProxyServer = http = localhost: 7171
IE: E & ksporter til Microsoft Excel - c: \ progra ~ 1 \ micros ~ 2 \ Office12 \ EXCEL.EXE/3000
Trusted Zone: microsoft.com \ update
Trusted Zone: microsoft.com \ WindowsUpdate
FF - ProfilePath - c: \ brukere \ Shirley \ AppData \ Roaming \ Mozilla \ Firefox \ P rofiles \ j0dqrqc6.default \
FF - prefs.js: browser.startup.homepage - hxxp: / / en.us.acer.yahoo.com /
.

************************************************** ************************

CatchMe 0.3.1398 W2K/XP/Vista - rootkit / skjulemodus malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-05-24 04:54
Windows 6.0.6001 Service Pack 1 NTFS

skanning skjulte prosesser ...

scanning hidden autostart entries ...

HKLM \ Software \ Microsoft \ Windows \ CurrentVersion \ Run
LXCECATS = rundll32 c: \ windows \ system32 \ Spool \ drivers \ W32X86 \ 3 \ LXCEtim e.dll, _RunDLLEntry @ 16 ???????????????????????? ????? ?????????????????????????????????????????????????? ?????????????????????????????????????????????????? ??????????????????????????????????????????????????

skanning skjulte filer ...

skanning er fullført
skjulte filer: 0

************************************************** ************************
.
--------------------- Lukket registernøklene ---------------------

[HKEY_LOCAL_MACHINE \ SYSTEM \ ControlSet001 \ Control \ Cl ræva \ (4D36E96D-E325-11CE-BFC1-08002BE10318) \0000 \ AllUserSettings]
@ Denied: (A) (Brukere)
@ Denied: (A) (alle)
@ Tillatt: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial" = dword: 00000000
.
Fullføringstidspunkt: 2009-05-24 4:55
ComboFix-karantene-files.txt 2009-05-24 08:55

Pre-Run: 173756547072 bytes gratis
Post-Run: 173859581952 bytes gratis

269 --- EOF --- 2009-05-17 10:04

Legg til / fjern programmer

Microsoft Office Delt MUI (engelsk) 2007
Microsoft Office Delt Setup Metadata MUI (engelsk) 2007
Microsoft Office Word MUI (engelsk) 2007
Microsoft Silverlight
Microsoft Visual C + + 2005 Redistributable
Microsoft Visual C + + 2008 Redistributable - x86 9.0.30729.17
Microsoft Works
Motorola SM56 Høyttalertelefon Modem
Mozilla Firefox (3.0.10)
MSXML 4.0 SP2 (KB936181)
MSXML 4.0 SP2 (KB941833)
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 Parser og SDK
Mystery Case Files - Huntsville
Mystery Solitaire - Secret Island
netbrdg
NTI Backup Now 5
NTI Backup Now Standard
NTI Media Maker 8
NTI Open File Manager (fjern bare)
NVIDIA Drivers
OfotoXMI
Olympus Master 2
Olympus muvee theaterPack
PCDADDIN
PCDHELP
QuickTime
Realtek High Definition Audio Driver
Sikkerhetsoppdatering for Microsoft Office PowerPoint 2007 (KB957789)
SFR
Shasta
skin0001
SKINXSDK
Spybot - Search & Destroy
staticcr
SUPERAntiSpyware Free Edition
verktøytips
Turbo Pizza
Oppdatering for 2007 Microsoft Office System (KB967642)
Oppdatering for Microsoft Office 2007-hjelp for felles funksjoner (KB963673)
Oppdatering for Microsoft Office Excel 2007 Hjelp (KB963678)
Oppdatering for Microsoft Office OneNote 2007 Hjelp (KB963670)
Oppdatering for Microsoft Office PowerPoint 2007 Help (KB963669)
Oppdatering for Microsoft Office Skriptredigering Hjelp (KB963671)
Oppdatering for Microsoft Office Word 2007 Help (KB963665)
VPRINTOL
Windows Live OneCare sikkerhets-scanner
WinPatrol 2009
TRÅDLØS
Zuma Deluxe

EDIT: Tre flere spørsmål: Jeg la merke til en LimeWire DLL, kan vi drepe det?

Selv LTI er en legitim programmet, er det nødvendig? Jeg tror det kom sammen med denne dumme Acer datamaskinen (man gjøre de laster disse tingene opp med søppelpost), og er gjort overflødig av bygget i Microsoft-program.

LT Cats, er en innebygd spyware fra lprinter produsent Lenmark. Jeg trodde jeg fikk den relevante deler ut, men jeg var ikke sikker på hvor mye du skal øks uten å deaktivere skriveren. Kan flere gå eller er det som er igjen i orden?

**sjb007** · #4 24 mai 2009, 04:03

Hei Bubba

Please dont spille med HJT mindre du forstår hvordan den. Du må huske at HJT er faktisk en Registerredigering verktøyet i en annen sammenheng. Jeg ville hate deg å slå på PC i et dyrt dørstokken! De to 02 oppføringer som du slettet er legit, men rapporter filen som mangler, dette er ikke alltid tilfelle. HJT er kjent for å misreport bestemte oppføringer.

Angående LimeWire, har du avinstallerte det via kontrollpanelet? Hvis det er slik kan vi flush et par flere redundante elementer som er igjen.

Jeg ser noen biter som er relatert til Norton, var sammen på PC-en på en gang? Kjør Norton Removal Tool til å rense ut reminants. Du finner verktøyet her: Norton Removal Tool

Når gjort ......

Combofix

Lukk alle åpne nettlesere.
Lukk sikkerhets-programmer (Antivirus, Antimalware etc..)
Åpen notisblokk og kopiere / lime inn tekst i boksen nedenfor i den:

Sitat:

DDS::
uInternet Settings, ProxyOverride = <local>, *. lokale
uInternet Innstillinger ProxyServer = http = localhost: 7171

RegLock::
[HKEY_LOCAL_MACHINE \ SYSTEM \ ControlSet001 \ Control \ Cl ræva \ (4D36E96D-E325-11CE-BFC1-08002BE10318) \ 0000 \ AllUserSettings]

Ser på bildet nedenfor som eksempel

Lagre dette som CFScript.txt, På samme sted som ComboFix.exe

Henvise til bildet over, flytter CFScript onto ComboFix.exe.

Når du er ferdig, vil den produsere en logg for deg "C: \ ComboFix.txt"

Ikke mouseclick combofix's vinduet mens det kjører. Dette kan føre til stall.

FORSIKTIG! Alle andre som tenker på å bruke over script gjør det på eget ansvar - du kan ende opp med å måtte re-installere Windows!

Vennligst post loggen C: \ ComboFix.txt for videre vurdering.

=====================================

Jeg merker at avinstallere loggen ble avskåret på toppen, kan du repost det for meg, takk. Også holde meg oppdatert på hvordan ting er systemet klok

**Bubba** · #5 24 mai 2009, 04:53

LimeWire vil ikke vises i programmene og funksjonen for å avinstallere. filene til "kjøre" det jeg fant var app filer, ikke exe, så jeg trudged gjennom C-stasjonen og slettet alt jeg kunne finne. Jeg ser jeg tapte minst en i registret skjønt.

Som for Norton ........ yeah, Acer lastes en prøveversjon på. Jeg har avinstallert den via Kontrollpanel og deretter brukt Norton Removal Tool. (Det var den første jeg gjorde, selv før jeg lastet Spybot, Winpatrol, og resten av innholdet.) Når jeg gikk gjennom stasjon C filer, jeg holdt finne flere rester av Norton og slettet dem mens jeg gikk. Det har aldri skjedd for meg å kjøre den på nytt, men jeg vil gjøre det nå.

LOL De tre filer i Combofix ble de tre jeg var mest nysgjerrig på. Det bør ikke være en proxy host, heller ikke jeg tror profilene skal være låst til alle. Men jeg har ikke studert Combofix ennå og det er derfor jeg ikke bruker den selv, slik jeg var clueless om hva som skal gjøres med de tre, eller om de var faktisk "dårlig".

Beklager kutte hodet av avinstallasjonen logg, hva som er dumt er at jeg så på den to ganger siden den hadde ingen innstilling, og savnet min feil begge ganger.

EDIT: og jeg glemte å legge det ut:

2007 Microsoft Office Suite Service Pack 2 (SP2)
Acer Arcade Live Hovedside
Acer Styrke Technology
Acer ePerformance Management
Acer eSettings Management
Acer GameZone Console DTV 2.0.1.1
Acer Registrering
Acrobat.com
Adobe AIR
Adobe Flash Player 10 ActiveX
Adobe Flash Player 10 Plugin
Adobe Reader 9.1.1
Adobe Shockwave Player 11.5
Agatha Christie Døden på Nilen
Alice Greenfingers
Apple Mobile Device Support
Apple Software Update
ArcSoft Skriv ut Creations
ArcSoft Skriv ut Creations - albumsiden
ArcSoft Skriv ut Creations - Funhouse
ArcSoft Skriv ut Creations - Kort
ArcSoft Skriv ut Creations - bildebok
ArcSoft Skriv ut Creations - Fotokalender
ArcSoft Skriv ut Creations - Scrapbook
ArcSoft Skriv ut Creations - Slimline Card
avast! Antivirus
Azada
Backspin Biljard
Big Kahuna Reef
Bonjour
Bookworm Deluxe
Murstein av Egypt
Cake Mania
CCScore
Chicken Invaders 3
Chuzzle
Diner Dash Flo på farten
Viskelær
ESSBrwr
ESSCDBK
ESScore
ESSgui
ESSini
ESSPCD
ESSPDock
ESSTOOLS
essvatgt
Flip Words 2
HijackThis 2.0.2
Hurtigreparasjon for Microsoft. NET Framework 3.5 SP1 (KB953595)
Hurtigreparasjon for Microsoft. NET Framework 3.5 SP1 (KB958484)
iTunes
Java (TM) 6 Update 13
Jewel Quest Solitaire
kgcbaby
kgchday
kgchlwn
kgcinvt
kgckids
kgcmove
kgcvday
Kick N Rush
Kodak EasyShare programvare
KODAK Gallery Last Software
Lexmark 4300 Series
Mahjong Escape Ancient China
Mahjongg artifakter
Malwarebytes' Anti-Malware
Memorex exPressit Label Design Studio
Microsoft. NET Framework 3.5 SP1
Microsoft Office Excel MUI (engelsk) 2007
Microsoft Office Home and Student 2007
Microsoft Office OneNote MUI (engelsk) 2007
Microsoft Office PowerPoint MUI (engelsk) 2007
Microsoft Office Proof (engelsk) 2007
Microsoft Office Proof (fransk) 2007
Microsoft Office Proof (Spansk) 2007
Microsoft Office Korrekturverktøy (England) 2007
Microsoft Office Delt MUI (engelsk) 2007
Microsoft Office Delt Setup Metadata MUI (engelsk) 2007
Microsoft Office Word MUI (engelsk) 2007
Microsoft Silverlight
Microsoft Visual C + + 2005 Redistributable
Microsoft Visual C + + 2008 Redistributable - x86 9.0.30729.17
Microsoft Works
Motorola SM56 Høyttalertelefon Modem
Mozilla Firefox (3.0.10)
MSXML 4.0 SP2 (KB936181)
MSXML 4.0 SP2 (KB941833)
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 Parser og SDK
Mystery Case Files - Huntsville
Mystery Solitaire - Secret Island
netbrdg
NTI Backup Now 5
NTI Backup Now Standard
NTI Media Maker 8
NTI Open File Manager (fjern bare)
NVIDIA Drivers
OfotoXMI
Olympus Master 2
Olympus muvee theaterPack
PCDADDIN
PCDHELP
QuickTime
Realtek High Definition Audio Driver
Sikkerhetsoppdatering for Microsoft Office PowerPoint 2007 (KB957789)
SFR
Shasta
skin0001
SKINXSDK
Spybot - Search & Destroy
staticcr
SUPERAntiSpyware Free Edition
verktøytips
Turbo Pizza
Oppdatering for 2007 Microsoft Office System (KB967642)
Oppdatering for Microsoft Office 2007-hjelp for felles funksjoner (KB963673)
Oppdatering for Microsoft Office Excel 2007 Hjelp (KB963678)
Oppdatering for Microsoft Office OneNote 2007 Hjelp (KB963670)
Oppdatering for Microsoft Office PowerPoint 2007 Help (KB963669)
Oppdatering for Microsoft Office Skriptredigering Hjelp (KB963671)
Oppdatering for Microsoft Office Word 2007 Help (KB963665)
VPRINTOL
Windows Live OneCare sikkerhets-scanner
WinPatrol 2009
TRÅDLØS
Zuma Deluxe

**sjb007** · #6 24 mai 2009, 05:58

Hei Bubba

Takk for oppdatert avinstallere listen - kan du legge inn den nye combofix loggen for meg som forespurt.

Sitat:

Hva er vi på jakt etter i Combofix?

Utgangspunktet bare noe ondsinnet, combofix er hovedsakelig en avansert analyseverktøyet som gir oss mer informasjon enn HJT

Angående LTCats:
Fra hva jeg kan si dette er en gyldig, men er klassifisert som 'user's choice "på om det kjører på oppstart

Angående LimeWire:
Jeg kan se et par oppføringer som fremdeles er der, men vi kan ge dem med neste kjøring av combofix

**Bubba** · #7 24 mai 2009, 07:03

Au, datamaskinen låses opp og stenge ned som det så ut som Combofix var i ferd med å avslutte. Det omstartet og jeg valgte safemode. Jeg tror ikke det opprettet loggen, men jeg vet ikke sikkert. Her er Microsoft popup.

Windows er gjenopprettet etter en uventet avslutning.

Problem signatur:
Problem Event Name: Blue Screen
OS Version: 6.0.6001.2.1.0.768.3
Locale ID: 1033

Tilleggsinformasjon om problemet:

BCCode: 50
BCP1: E0858E9B
BCP2: 00000000
BCP3: 9B9D2D10
BCP4: 00000002
OS Version: 6_6_6001
Service Pack: 1_0
Product: 768_1

FILENE som beskriver problemet:

C \ Windows \ Minidump \ mini052409-01.dmp
C \ Users \ Shirley \ AppData \ temp \ Wer-85644-0.systemdata.xml
C \ Users \ Shirley \ AppData \ Local \ Temp \ WERC6C7.tmp.ver sion.txt

Jeg har forlatt at datamaskinen på skjermen i safemode. Hva vil du at jeg skal gjøre med den? Jeg forlater den i safemode inntil jeg hører noe, må jeg gå film nå være tilbake i ca 3 timer. Man det er fint å jobbe på andres datamaskiner slik at jeg har mine skal fortsatt få hjelp her på.

EDIT: Jeg har ikke prøvd, men jeg er sikker på at jeg kan få de samme filene i safemode hvis du trenger å vite hva de sier, men jeg vet ikke hvordan jeg skal åpne en XML-fil.

**sjb007** · #8 24 mai 2009, 07:11

Hei Bubba

Prøv omstart for å se om det støvler lykkes igjen, hvis ikke prøve å trykke F8 for å få tilgang til boot skjermen på oppstart og velge alternativet Siste fungerende konfigurasjon.

**Bubba** · #9 24 mai 2009, 07:50

Det oppstart og det var en ComboFix2 logge der, det er ganske identisk med det første, men det er 10:04 tidsstempelet henvise til en karantene logg. Den quarentine loggen er tom. Her er filen, jeg vet ikke om det er fullført, eller hva du ønsker. NÅ har jeg å splitte.

ComboFix 09-05-23.04 - Shirley 05/24/2009 4:48.1 - NTFSx86
Microsoft ® Windows Vista ™ Home Premium 6.0.6001.1.1252.1.1033.18.2814.1916 [GMT -4:00]
Kjører fra: c: \ brukere \ Shirley \ Skrivebord \ ComboFix.exe
SP: Spybot - Search and Destroy * deaktivert * (Outdated) (ED588FAF-1B8F-43B4-ACA8-8E3C85DADBE9)
SP: SUPERAntiSpyware * deaktivert * (Oppdatert) (222A897C-5018-402e-943F-7E7AC8560DA7)
SP: Windows Defender * aktivert * (Oppdatert) (D68DDC3A-831F-4FAE-9E44-DA132C1ACF46)
.

((((((((((((((((((((((((( Files Created fra 2009-04-24 til 2009-05-24 ))))))))))) ))))))))))))))))))))
.

2009-05-22 23:57. 2009-05-24 08:40 117760 ---- aw C: \ Users \ Shirley \ AppData \ Roaming \ SUPERAntiSpyware. com \ SUPERAntiSpyware \ SDDLLS \ UIREPAIR.DLL
2009-05-22 23:56. 2009-05-22 23:56 -------- d ----- wc: \ Programdata \ SUPERAntiSpyware.com
2009-05-22 23:52. 2009-05-22 23:52 -------- d ----- wc: \ Programfiler \ SUPERAntiSpyware
2009-05-22 23:52. 2009-05-22 23:52 -------- d ----- wc: \ Users \ Shirley \ AppData \ Roaming \ SUPERAntiSpyware. com
2009-05-22 20:36. 2009-05-22 20:36 -------- d ----- wc: \ Programfiler \ Fellesfiler \ Wise Installation Wizard
2009-05-22 15:06. 2009-02-05 20:06 51376 ---- aw C: \ Windows \ system32 \ drivers \ aswTdi.sys
2009-05-22 15:06. 2009-02-05 20:06 23152 ---- aw C: \ Windows \ system32 \ drivers \ aswRdr.sys
2009-05-22 15:06. 2009-02-05 20:07 114768 ---- aw C: \ Windows \ system32 \ drivers \ aswSP.sys
2009-05-22 15:06. 2009-02-05 20:07 20560 ---- aw C: \ Windows \ system32 \ drivers \ aswFsBlk.sys
2009-05-22 15:06. 2009-02-05 20:04 97480 ---- aw C: \ Windows \ system32 \ AvastSS.scr
2009-05-22 15:06. 2009-02-05 20:11 1256296 ---- aw C: \ Windows \ system32 \ aswBoot.exe
2009-05-22 15:06. 2009-02-05 20:06 51792 ---- aw C: \ Windows \ system32 \ drivers \ aswMonFlt.sys
2009-05-22 15:06. 2009-05-22 15:06 -------- d ----- wc: \ Programfiler \ Alwil Software
2009-05-22 04:38. 2009-05-22 04:38 738120 ---- aw C: \ Programdata \ Microsoft \ eHome \ Pakker \ MCESpotlig HT \ MCESpotlight \ SpotlightResources.dll
2009-05-20 12:43. 2008-06-20 01:14 97800 ---- aw C: \ Windows \ system32 \ infocardapi.dll
2009-05-20 12:43. 2008-06-20 01:14 105016 ---- aw C: \ Windows \ system32 \ PresentationCFFRasterizerNativ e_v0300.dll
2009-05-20 12:43. 2008-06-20 01:14 11264 ---- aw C: \ Windows \ system32 \ icardres.dll
2009-05-20 12:43. 2008-06-20 01:14 622080 ---- aw C: \ Windows \ system32 \ icardagt.exe
2009-05-20 12:43. 2008-06-20 01:14 43544 ---- aw C: \ Windows \ system32 \ PresentationHostProxy.dll
2009-05-20 12:43. 2008-06-20 01:14 781344 ---- aw C: \ Windows \ system32 \ PresentationNative_v0300.dll
2009-05-20 12:43. 2008-06-20 01:14 326160 ---- aw C: \ Windows \ system32 \ PresentationHost.exe
2009-05-20 12:33. 2008-07-27 18:03 96760 ---- aw C: \ Windows \ system32 \ dfshim.dll
2009-05-20 12:33. 2008-07-27 18:03 282112 ---- aw C: \ Windows \ system32 \ mscoree.dll
2009-05-20 12:33. 2008-07-27 18:03 41984 ---- aw C: \ Windows \ system32 \ netfxperf.dll
2009-05-20 12:32. 2008-07-27 18:03 158720 ---- aw C: \ Windows \ system32 \ mscorier.dll
2009-05-20 12:32. 2008-07-27 18:03 83968 ---- aw C: \ Windows \ system32 \ mscories.dll
2009-05-20 11:39. 2009-05-20 11:39 -------- d ----- wc: \ Programfiler \ Microsoft Silverlight
2009-05-20 04:03. 2009-05-20 11:00 -------- d ----- wc: \ Programfiler \ Windows Live Safety Center
2009-05-19 23:20. 2009-05-19 23:20 -------- d ----- wc: \ Users \ Shirley \ AppData \ Local \ Acer DV magiker
2009-05-19 23:10. 2009-05-19 23:10 -------- d ----- wc: \ windows \ søndag
2009-05-19 20:40. 2009-05-19 20:40 -------- d ----- wc: \ Users \ Shirley \ AppData \ Roaming \ com.adobe.mauby.4 875E02D9FB21EE389F73B8D1702B320485DF8CE.1
2009-05-19 20:40. 2009-05-19 11:41 38200 ---- aw C: \ Users \ Shirley \ AppData \ Roaming \ Macromedia \ Flash Player \http://www.macromedia.com \ bin \ airapp ... pinstaller.exe
2009-05-19 18:24. 2009-05-24 08:38 -------- d ----- wc: \ Users \ Shirley \ AppData \ Local \ Eraser
2009-05-19 18:24. 2009-05-19 18:24 -------- d - h - wc: \ Users \ Shirley \ AppData \ Local \ (A25FEDC1-F6D7-440C-BCE2-B71F595F6646)
2009-05-19 18:24. 2009-05-19 18:24 -------- d ----- wc: \ Program Files \ Eraser
2009-05-19 17:20. 2009-05-19 17:20 -------- d ----- wc: \ Users \ Shirley \ AppData \ Roaming \ eSobi
2009-05-19 17:11. 2008-07-10 06:32 538 ---- aw C: \ Windows \ system32 \ RegRaidSedona.bat
2009-05-19 17:07. 2009-05-19 17:07 -------- d ----- w C: \ NVIDIA
2009-05-19 14:04. 2009-05-19 14:05 -------- d ----- wc: \ Programfiler \ Spybot - Search & Destroy
2009-05-19 14:04. 2009-05-19 14:05 -------- d ----- wc: \ Programdata \ Spybot - Search & Destroy
2009-05-19 13:01. 2009-05-19 13:01 -------- d ----- wc: \ Users \ Shirley \ AppData \ Roaming \ WinPatrol
2009-05-19 13:01. 2006-09-18 21:43 10 ---- aw C: \ Users \ Shirley \ AppData \ Roaming \ WinPatrol \ Config. sys
2009-05-19 13:01. 2006-09-18 21:43 24 ---- aw C: \ Users \ Shirley \ AppData \ Roaming \ WinPatrol \ Autoexe c.bat
2009-05-19 13:01. 2009-05-19 13:01 -------- d ----- wc: \ Programfiler \ BillP Studios
2009-05-19 12:26. 2009-05-19 12:26 -------- d ----- wc: \ Users \ Shirley \ AppData \ Roaming \ Malwarebytes
2009-05-19 12:26. 2009-04-06 19:32 15504 ---- aw C: \ Windows \ system32 \ drivers \ mbam.sys
2009-05-19 12:26. 2009-04-06 19:32 38496 ---- aw C: \ Windows \ system32 \ drivers \ mbamswissarmy.sys
2009-05-19 12:26. 2009-05-19 13:22 -------- d ----- wc: \ Programfiler \ Malwarebytes' Anti-Malware
2009-05-19 12:26. 2009-05-19 12:26 -------- d ----- wc: \ Programdata \ Malwarebytes
2009-05-19 11:53. 2009-05-19 11:53 0 ---- aw C: \ Windows \ nsreg.dat
2009-05-19 11:53. 2009-05-19 11:53 -------- d ----- wc: \ Users \ Shirley \ AppData \ Local \ Mozilla
2009-05-19 11:41. 2009-05-19 11:41 -------- d ----- wc: \ Programfiler \ Fellesfiler \ Adobe AIR
2009-05-19 11:38. 2009-05-19 12:45 -------- d ----- wc: \ Programdata \ NOS
2009-05-19 11:29. 2009-05-19 11:29 -------- d ----- wc: \ Users \ Shirley \ AppData \ Local \ Seven Zip
2009-05-19 10:41. 2009-03-19 20:32 23400 ---- aw C: \ Windows \ system32 \ drivers \ GEARAspiWDM.sys
2009-05-19 10:41. 2008-04-17 16:12 107368 ---- aw C: \ Windows \ system32 \ GEARAspi.dll
2009-05-19 10:41. 2009-05-20 01:10 -------- d ----- wc: \ Programfiler \ iPod
2009-05-19 10:41. 2009-05-19 10:41 -------- d ----- wc: \ Programdata \ (8CD7F5AF-ECFA-4793-BF40-D8F42DBFF906)
2009-05-19 10:41. 2009-05-19 10:41 -------- d ----- wc: \ Programfiler \ iTunes
2009-05-19 10:38. 2009-05-19 10:38 -------- d ----- wc: \ Programfiler \ QuickTime
2009-05-19 10:34. 2009-05-19 10:34 75048 ---- aw C: \ Programdata \ Apple Computer \ Installer Cache \ iTunes 8.1.1.10 \ SetupAdmin.exe
2009-05-19 10:34. 2009-05-19 10:34 -------- d ----- wc: \ Programfiler \ Bonjour
2009-05-19 10:33. 2009-05-19 10:33 416128 ---- aw C: \ Programdata \ Microsoft \ eHome \ Pakker \ NetTV \ Brow se \ NetTVResources.dll
2009-05-19 10:29. 2009-05-19 10:29 410984 ---- aw C: \ Windows \ system32 \ deploytk.dll
2009-05-12 02:36. 2009-05-12 02:36 2930 --- h - wc: \ windows \ ms49f4d98.dat
2009-05-11 23:55. 2009-04-14 00:39 4656976 ---- aw C: \ Programdata \ Microsoft \ Windows Defender \ definisjonsoppdateringer \ (DD7D9A19-5FB4-4855-A8E0-F0A00524AD5E) \ mpengine.dll

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))) ))))))))))))))))))))))))))))))))))))))))))))
.
2009-05-24 08:39. 2009-02-17 13:54 602 ---- aw C: \ Programdata \ ArcSoft \ Kodak-printcreations-22-080812-oem \ acforall.dll
2009-05-24 04:22. 2008-09-12 01:46 -------- d ----- wc: \ Programfiler \ Google
2009-05-20 11:55. 2008-09-11 17:01 104472 ---- aw C: \ Users \ Shirley \ AppData \ Local \ GDIPFONTCACHEV1.DAT
2009-05-20 11:51. 2008-02-05 19:30 -------- d ----- wc: \ Programdata \ Microsoft Help
2009-05-20 11:49. 2008-02-05 19:31 -------- d ----- wc: \ Programfiler \ Microsoft Works
2009-05-20 03:54. 2008-09-12 14:01 -------- d ----- wc: \ Programfiler \ Lx_cats
2009-05-20 00:42. 2008-02-05 20:19 -------- d ----- wc: \ Programfiler \ Fellesfiler \ Adobe
2009-05-19 23:28. 2008-02-05 19:26 -------- d - h - wc: \ Programfiler \ InstallShield Installasjonsinformasjon
2009-05-19 23:27. 2008-02-05 19:49 -------- d ----- wc: \ Program Files \ Acer Arcade Live
2009-05-19 23:20. 2008-09-15 23:24 -------- d ----- wc: \ Users \ Shirley \ AppData \ Roaming \ Cyberlink
2009-05-19 21:38. 2008-09-12 20:56 -------- d ----- wc: \ Programfiler \ Fellesfiler \ SureThing Delt
2009-05-19 21:04. 2008-09-12 14:09 1664 ---- aw C: \ Users \ Shirley \ AppData \ Roaming \ wklnhst.dat
2009-05-19 17:29. 2009-03-04 15:55 -------- d ----- wc: \ Users \ Shirley \ AppData \ Roaming \ Sony
2009-05-19 17:20. 2008-02-05 19:22 -------- d ----- wc: \ Programdata \ NVIDIA
2009-05-19 16:54. 2008-02-05 18:03 36864 ---- aw C: \ Windows \ system32 \ nvcod100.dll
2009-05-19 16:54. 2007-10-25 11:02 147456 ---- aw C: \ Windows \ system32 \ nvcolor.exe
2009-05-19 16:13. 2008-09-12 01:47 -------- d ----- wc: \ Users \ Shirley \ AppData \ Roaming \ LimeWire
2009-05-19 11:32. 2008-02-05 20:08 -------- d ----- wc: \ Programfiler \ Yahoo!
2009-05-19 11:05. 2008-09-12 01:45 -------- d ----- wc: \ Programfiler \ Java
2009-05-19 10:41. 2008-09-13 03:14 -------- d ----- wc: \ Programfiler \ Fellesfiler \ Apple
2009-05-19 10:38. 2008-09-13 03:15 -------- d ----- wc: \ Programdata \ Apple Computer
2009-05-11 12:10. 2009-05-11 12:10 78260 ---- aw C: \ Programdata \ SPL23D4.tmp
2009-04-17 10:12. 2006-11-02 11:18 -------- d ----- wc: \ Program Files \ Windows Mail
2009-04-02 22:13. 2009-04-02 22:13 702127 ---- aw C: \ Programdata \ SPLFB91.tmp
2009-03-19 20:32. 2009-03-19 20:32 23400 ---- aw C: \ Programdata \ (8CD7F5AF-ECFA-4793-BF40-D8F42DBFF906) \ x86 \ x86 \ GEARAspiWDM.sys
2009-03-17 03:38. 2009-04-17 05:22 13824 ---- aw C: \ Windows \ system32 \ apilogen.dll
2009-03-17 03:38. 2009-04-17 05:22 24064 ---- aw C: \ Windows \ system32 \ amxread.dll
2009-03-08 11:34. 2009-05-20 03:47 914944 ---- aw C: \ Windows \ system32 \ Wininet.dll
2009-03-08 11:34. 2009-05-20 03:47 43008 ---- aw C: \ Windows \ system32 \ licmgr10.dll
2009-03-08 11:33. 2009-05-20 03:47 18944 ---- aw C: \ Windows \ system32 \ corpol.dll
2009-03-08 11:33. 2009-05-20 03:47 109056 ---- aw C: \ Windows \ system32 \ iesysprep.dll
2009-03-08 11:33. 2009-05-20 03:47 109568 ---- aw C: \ Windows \ system32 \ PDMSetup.exe
2009-03-08 11:33. 2009-05-20 03:47 107520 ---- aw C: \ Windows \ system32 \ RegisterIEPKEYs.exe
2009-03-08 11:33. 2009-05-20 03:47 103936 ---- aw C: \ Windows \ system32 \ SetDepNx.exe
2009-03-08 11:33. 2009-05-20 03:47 132608 ---- aw C: \ Windows \ system32 \ ieUnatt.exe
2009-03-08 11:33. 2009-05-20 03:47 107008 ---- aw C: \ Windows \ system32 \ SetIEInstalledDate.exe
2009-03-08 11:33. 2009-05-20 03:47 420352 ---- aw C: \ Windows \ system32 \ vbscript.dll
2009-03-08 11:32. 2009-05-20 03:47 72704 ---- aw C: \ Windows \ system32 \ admparse.dll
2009-03-08 11:32. 2009-05-20 03:47 71680 ---- aw C: \ Windows \ system32 \ iesetup.dll
2009-03-08 11:32. 2009-05-20 03:47 66560 ---- aw C: \ Windows \ system32 \ wextract.exe
2009-03-08 11:32. 2009-05-20 03:47 169472 ---- aw C: \ Windows \ system32 \ iexpress.exe
2009-03-08 11:31. 2009-05-20 03:47 34816 ---- aw C: \ Windows \ system32 \ imgutil.dll
2009-03-08 11:31. 2009-05-20 03:47 48128 ---- aw C: \ Windows \ system32 \ Mshtmler.dll
2009-03-08 11:31. 2009-05-20 03:47 45568 ---- aw C: \ Windows \ system32 \ Mshta.exe
2009-03-08 11:22. 2009-05-20 03:47 156160 ---- aw C: \ Windows \ system32 \ msls31.dll
2009-03-03 04:46. 2009-04-17 05:22 3599328 ---- aw C: \ Windows \ system32 \ ntkrnlpa.exe
2009-03-03 04:46. 2009-04-17 05:22 3547632 ---- aw C: \ Windows \ system32 \ ntoskrnl.exe
2009-03-03 04:39. 2009-04-17 05:22 183296 ---- aw C: \ Windows \ system32 \ sdohlp.dll
2009-03-03 04:39. 2009-04-17 05:22 551424 ---- aw C: \ Windows \ system32 \ Rpcss.dll
2009-03-03 04:39. 2009-04-17 05:22 26112 ---- aw C: \ Windows \ system32 \ printfilterpipelineprxy.dll
2009-03-03 04:37. 2009-04-17 05:22 98304 ---- aw C: \ Windows \ system32 \ iasrecst.dll
2009-03-03 04:37. 2009-04-17 05:22 54784 ---- aw C: \ Windows \ system32 \ iasads.dll
2009-03-03 04:37. 2009-04-17 05:22 44032 ---- aw C: \ Windows \ system32 \ iasdatastore.dll
2009-03-03 03:04. 2009-04-17 05:22 666624 ---- aw C: \ Windows \ system32 \ printfilterpipelinesvc.exe
2009-03-03 02:38. 2009-04-17 05:22 17408 ---- aw C: \ Windows \ system32 \ iashost.exe
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))) ))))))))))))))))))))))))))))))))))))))))
.
.
* Note * empty entries & legit default entries ikke vises
REGEDIT4

[HKEY_CURRENT_USER \ Software \ Microsoft \ Windows \ Curre ntVersion \ Run]
"ehTray.exe" = "c: \ windows \ ehome \ ehTray.exe" [2008-01-21 125952]
"OM2_Monitor" = "C: \ Program Files \ Olympus \ Olympus Master 2 \ MMonitor.exe" [2008-11-07 95536]
"WMPNSCFG" = "C: \ Program Files \ Windows Media Player \ WMPNSCFG.exe" [2008-01-21 202240]
"Eraser" = "C: \ Program Files \ Eraser \ Eraser.exe" [2007-12-22 916240]
"SUPERAntiSpyware" = "C: \ Program Files \ SUPERAntiSpyware \ SUPERAntiSpyware.exe" [2009-05-14 1830128]

[HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ Windows \ Curr entVersion \ Run]
"BkupTray" = "C: \ Program Files \ NewTech Infosystems \ NTI Backup Now 5 \ BkupTray.exe" [2007-12-30 34552]
"Acer Styrke Technology Monitor" = "c: \ Acer \ Styrke Technology \ SysMonitor.exe" [2008-01-10 326176]
"SMSERIAL" = "C: \ Program Files \ Motorola \ SMSERIAL \ sm56hlpr.exe" [2007-02-02 630784]
"Acer Product Registration" = "C: \ Program Files \ Acer Registration \ ACE1.exe" [2007-10-15 3387392]
"NVRaidService" = "c: \ windows \ system32 \ nvraidservice. Exe" [2008-11-12 203296]
"LXCECATS" = "c: \ windows \ system32 \ Spool \ drivers \ W32X 86 \ 3 \ LXCEtime.dll" [2007-02-22 73728]
"lxcemon.exe" = "C: \ Program Files \ Lexmark 4300 Series \ lxcemon.exe" [2007-05-17 205744]
"EzPrint" = "C: \ Program Files \ Lexmark 4300 Series \ ezprint.exe" [2007-05-17 103344]
"ArcSoft Connection Service" = "C: \ Programfiler \ Fellesfiler \ ArcSoft \ Connection Service \ Bin \ ACDaemon.exe" [2009-04-29 188728]
"QuickTime Task" = "c: \ Programfiler \ QuickTime \ QTTask.exe" [2009-01-05 413696]
"iTunesHelper" = "C: \ Program Files \ iTunes \ iTunesHelper.exe" [2009-04-02 342312]
"SunJavaUpdateSched" = "C: \ Program Files \ Java \ jre6 \ bin \ jusched.exe" [2009-05-19 148888]
"Adobe Reader Speed Launcher" = "C: \ Program Files \ Adobe \ Reader 9.0 \ Reader \ Reader_sl.exe" [2009-02-27 35696]
"WinPatrol" = "C: \ Program Files \ BillP Studios \ WinPatrol \ winpatrol.exe" [2009-04-20 337216]
"NvCplDaemon" = "c: \ windows \ system32 \ NvCpl.dll" [2009-01-16 13683232]
"NvMediaCenter" = "c: \ windows \ system32 \ NvMcTray. Dll" [2009-01-16 92704]
"avast!" = "c: \ progra ~ 1 \ ALWILS ~ 1 \ Avast4 \ ashDisp. exe" [2009-02-05 81000]
"RtHDVCpl" = "RtHDVCpl.exe" - C: \ Windows \ RtHDVCpl.exe [2007-10-11 4702208]

c: \ Programdata \ Microsoft \ Windows \ Start-meny \ Programmer \ Startup
Styrke Technology Launcher.lnk - c: \ Acer \ Styrke Technology \ eAPLauncher.exe [2008-2-5 535336]
Kodak EasyShare software.lnk - c: \ Programfiler \ Kodak \ Kodak EasyShare programvare \ bin \ EasyShare.exe [2008-10-30 282624]

[HKEY_LOCAL_MACHINE \ Software \ Microsoft \ Windows \ curr entversion \ policies \ system]
"EnableUIADesktopToggle" = 0 (0x0)
"EnableLUA" = 0 (0x0)

[HKEY_LOCAL_MACHINE \ Software \ Microsoft \ Windows \ curr entversion \ Explorer \ ShellExecuteHooks]
"(5AE067D3-9AFB-48E0-853A-EBB7F4A000DA)" = "C: \ Program Files \ SUPERAntiSpyware \ SASSEH.DLL" [2008-05-13 77824]

[HKEY_LOCAL_MACHINE \ Software \ Microsoft \ Windows NT \ CurrentVersion \ Winlogon \ Notify \! SASWinLogon]
2008-12-22 16:05 356352 ---- aw C: \ Program Files \ SUPERAntiSpyware \ SASWINLO.dll

HKEY_LOCAL_MACHINE \ Software \ Microsoft \ Windows NT \ CurrentVersion \ drivers32
"wave2" = serwvdrv.dll

[HKEY_LOCAL_MACHINE \ SYSTEM \ CurrentControlSet \ Contro l \ SafeBoot \ Minimal \ WinDefend]
@ = "Service"

[HKEY_LOCAL_MACHINE \ Software \ Microsoft \ security center \ Monitoring]
"DisableMonitoring" = dword: 00000001

[HKEY_LOCAL_MACHINE \ Software \ Microsoft \ security center \ Monitoring \ SymantecAntiVirus]
"DisableMonitoring" = dword: 00000001

[HKEY_LOCAL_MACHINE \ Software \ Microsoft \ security center \ Monitoring \ SymantecFirewall]
"DisableMonitoring" = dword: 00000001

[HKLM \ ~ \ Services \ sharedaccess \ Parameters \ firewallpo licy \ FirewallRules]
"(2E9A4533-1359-46B6-B326-2B899D73FD10)" = UDP: C: \ Program Files \ Microsoft Office \ Office12 \ ONENOTE.EXE: Microsoft Office OneNote
"(ADE9CF49-7A0E-4076-9B85-7648EC5E7736)" = TCP: C: \ Program Files \ Microsoft Office \ Office12 \ ONENOTE.EXE: Microsoft Office OneNote
"(6299EEE5-1856-4B10-9916-798B1C1AEF89)" = UDP: C: \ Program Files \ NewTech Infosystems \ NTI Backup Now 5 \ BackupSvc.exe: BackupSvc.exe
"(F3CFA48D-Æ6Å-482E-96D7-2390C5C0FDF5)" = UDP: C: \ Program Files \ NewTech Infosystems \ NTI Backup Now 5 \ Client \ Agentsvc.exe: AgentSvc.exe
"(D430641B-178B-4C39-B53C-F6B3221DB01A)" = TCP: C: \ Program Files \ NewTech Infosystems \ NTI Backup Now 5 \ BackupSvc.exe: BackupSvc.exe
"(948000F3-8719-4206-B4C5-6506B663184F)" = TCP: C: \ Program Files \ NewTech Infosystems \ NTI Backup Now 5 \ Client \ Agentsvc.exe: AgentSvc.exe
"(8BCD640B-594A-465F-8A9E-E5A6C07DC081)" = UDP: C: \ Program Files \ NewTech Infosystems \ NTI Backup Now 5 \ SchedulerSvc.exe: SchedulerSvc.exe
"(7B6B3B53-9D2B-40C9-B91F-FE85E1D6A25A)" = TCP: C: \ Program Files \ NewTech Infosystems \ NTI Backup Now 5 \ SchedulerSvc.exe: SchedulerSvc.exe
"(CA5E49E2-2662-4B15-BE6C-0FC7F1CC3A1B)" = UDP: c: \ windows \ system32 \ lxcecoms.exe: Lexmark Communications System
"(61DAEE1D-D19E-4F1A-B41E-603246AF524C)" = TCP: c: \ windows \ system32 \ lxcecoms.exe: Lexmark Communications System
"(EB8798E6-358B-4DDA-a219-21BBC5D3C79A)" = UDP: C: \ WINDOWS \ System32 \ Spool \ drivers \ w32x86 \ 3 \ lxc epswx.exe: skriverstatus Window
"(C513D5EB-73E1-4ED7-A04C-C37C9E69B4B0)" = TCP: C: \ Windows \ System32 \ Spool \ drivers \ w32x86 \ 3 \ lxc epswx.exe: skriverstatus Window
"(99976595-B4E1-4C9A-A3DE-A67AEDEE9B55)" = C: \ Program Files \ Acer Arcade Live \ Acer Arcade Live Hovedside \ Acer Arcade Live.exe: Acer Arcade Live
"(7A37205C-E643-4464-8C27-FAFCC859102D)" = UDP: C: \ Program Files \ Microsoft Office \ Office12 \ ONENOTE.EXE: Microsoft Office OneNote
"(1DF156D1-94E3-4B3D-A91E-724DFC89819E)" = TCP: C: \ Program Files \ Microsoft Office \ Office12 \ ONENOTE.EXE: Microsoft Office OneNote
"(B7DA4A0B-FA80-40F6-A9A6-B737F64A2D2D)" = UDP: C: \ Program Files \ Bonjour \ mDNSResponder.exe: Bonjour
"(D7D156E3-7B84-41F2-9FD8-CF9860453F65)" = TCP: C: \ Program Files \ Bonjour \ mDNSResponder.exe: Bonjour
"(F8CDA590-0FD3-4E40-8A6C-9850B1E5C2AB)" = UDP: C: \ Program Files \ iTunes \ iTunes.exe: iTunes
"(F6A110DE-6630-4823-B892-60950EB9ED71)" = TCP: C: \ Program Files \ iTunes \ iTunes.exe: iTunes
"(8640BFAB-1B85-48CC-95D5-9AABB44E4D95)" = UDP: C: \ Program Files \ BillP Studios \ WinPatrol \ WinPatrol.exe: WinPatrol
"(6CC4A3BE-8F00-4983-B199-3050D54509B8)" = TCP: C: \ Program Files \ BillP Studios \ WinPatrol \ WinPatrol.exe: WinPatrol
"(1EA08720-DA12-4CDE-8A5A-AF15D91C1E5F)" = UDP: C: \ Program Files \ Malwarebytes' Anti-Malware \ mbam.exe: Malwarebytes' Anti-Malware
"(DDDCF108-71DF-48CD-AD53-71D17C3F2C5C)" = TCP: C: \ Program Files \ Malwarebytes' Anti-Malware \ mbam.exe: Malwarebytes' Anti-Malware
"(F98C3B13-2099-40EC-B504-2445C9C5B1B0)" = UDP: C: \ Program Files \ Spybot - Search & Destroy \ SpybotSD.exe: Spybot - Search & Destroy
"(3DB81CCD-4E96-40B3-8CA9-0089C89C294B)" = TCP: C: \ Program Files \ Spybot - Search & Destroy \ SpybotSD.exe: Spybot - Search & Destroy
"(918FE1A4-6957-4640-97D9-C85BED212614)" = UDP: C: \ Program Files \ Spybot - Search & Destroy \ SDUpdate.exe: Oppdatering Spybot-S & D
"(877DB07F-9298-486A-BB5B-930AF3A683AA)" = TCP: C: \ Program Files \ Spybot - Search & Destroy \ SDUpdate.exe: Oppdatering Spybot-S & D
"(5A664831-D250-4805-BB75-32612C9742F8)" = UDP: C: \ Windows \ ehome \ ehshell.exe: Windows Media Center
"(2A157C0E-5966-4B7E-8D49-178D75EA6009)" = TCP: C: \ Windows \ ehome \ ehshell.exe: Windows Media Center

[HKLM \ ~ \ Services \ sharedaccess \ Parameters \ firewallpo licy \ StandardProfile]
"EnableFirewall" = 0 (0x0)

R1 aswSP; avast! Self Protection; c: \ windows \ system32 \ drivers \ aswSP.sys [5/22/2009 11:06 AM 114768]
R1 FAMv4; FAMv4; c: \ windows \ system32 \ drivers \ FAMv4.sys [12/14/2007 3:35 PM 132120]
R1 SASDIFSV; SASDIFSV; C: \ Program Files \ SUPERAntiSpyware \ sasdifsv.sys [5/14/2009 2:22 PM 9968]
R1 SASKUTIL; SASKUTIL; C: \ Program Files \ SUPERAntiSpyware \ SASKUTIL.SYS [5/14/2009 2:22 PM 72944]
R2 aswFsBlk; aswFsBlk; c: \ windows \ system32 \ drivers \ aswF sBlk.sys [5/22/2009 11:06 AM 20560]
R2 aswMonFlt; aswMonFlt; c: \ windows \ system32 \ drivers \ som wMonFlt.sys [5/22/2009 11:06 AM 51792]
R2 BUNAgentSvc; NTI Backup Now 5 Agent Service; C: \ Program Files \ NewTech Infosystems \ NTI Backup Now 5 \ Client \ Agentsvc.exe [12/30/2007 5:54 PM 21752]
R2 NTIBackupSvc; NTI Backup Now 5 Backup Service; C: \ Program Files \ NewTech Infosystems \ NTI Backup Now 5 \ BackupSvc.exe [12/30/2007 5:55 PM 54520]
R2 NTISchedulerSvc; NTI Backup Now 5 Scheduler Service; C: \ Program Files \ NewTech Infosystems \ NTI Backup Now 5 \ SchedulerSvc.exe [12/30/2007 5:54 PM 136440]
R2 SBSDWSCService; SBSD Security Center Service; C: \ Program Files \ Spybot - Search & Destroy \ SDWinSec.exe [5/19/2009 10:04 AM 1153368]
R3 SASENUM; SASENUM; C: \ Program Files \ SUPERAntiSpyware \ SASENUM.SYS [5/14/2009 2:22 PM 7408]

[HKEY_LOCAL_MACHINE \ Software \ Microsoft \ Active Setup \ Installed Components \> (60B49E34-C7CC-11D0-8953-00A0C90347FF)]
"c: \ windows \ system32 \ rundll32.exe" "c: \ windows \ system32 \ iedkcs32.dll", BrandIEActiveSe tup Påmelding
.
- - - - Orphans fjernet - - - --

SafeBoot-procexp90.Sys

.
------- Tilleggsavtale Scan -------
.
uStart Page = hxxp: / / www.yahoo.com/
mStart Page = hxxp: / / en.us.acer.yahoo.com
uInternet Settings, ProxyOverride = <local>, *. lokale
uInternet Innstillinger ProxyServer = http = localhost: 7171
IE: E & ksporter til Microsoft Excel - c: \ progra ~ 1 \ micros ~ 2 \ Office12 \ EXCEL.EXE/3000
Trusted Zone: microsoft.com \ update
Trusted Zone: microsoft.com \ WindowsUpdate
FF - ProfilePath - c: \ brukere \ Shirley \ AppData \ Roaming \ Mozilla \ Firefox \ P rofiles \ j0dqrqc6.default \
FF - prefs.js: browser.startup.homepage - hxxp: / / en.us.acer.yahoo.com /
.

************************************************** ************************

CatchMe 0.3.1398 W2K/XP/Vista - rootkit / skjulemodus malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-05-24 04:54
Windows 6.0.6001 Service Pack 1 NTFS

skanning skjulte prosesser ...

scanning hidden autostart entries ...

HKLM \ Software \ Microsoft \ Windows \ CurrentVersion \ Run
LXCECATS = rundll32 c: \ windows \ system32 \ Spool \ drivers \ W32X86 \ 3 \ LXCEtim e.dll, _RunDLLEntry @ 16 ???????????????????????? ????? ?????????????????????????????????????????????????? ?????????????????????????????????????????????????? ??????????????????????????????????????????????????

skanning skjulte filer ...

skanning er fullført
skjulte filer: 0

************************************************** ************************
.
--------------------- Lukket registernøklene ---------------------

[HKEY_LOCAL_MACHINE \ SYSTEM \ ControlSet001 \ Control \ Cl ræva \ (4D36E96D-E325-11CE-BFC1-08002BE10318) \0000 \ AllUserSettings]
@ Denied: (A) (Brukere)
@ Denied: (A) (alle)
@ Tillatt: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial" = dword: 00000000
.
Fullføringstidspunkt: 2009-05-24 4:55
ComboFix-karantene-files.txt 2009-05-24 08:55

Pre-Run: 173756547072 bytes gratis
Post-Run: 173859581952 bytes gratis

269 --- EOF --- 2009-05-17 10:04

EDIT: Nope, rask sammenligning av de første, Jeg tror det er identiske.

**sjb007** · #10 24 mai 2009, 10:38

Hei Bubba,

Sitat:

EDIT: Nope, rask sammenligning av de første, Jeg tror det er identiske.

Ja du har rett - det er fra den første kjøring av combofix

Gjeldende loggen kan finnes på C: / combofix.txt.

Lignende Tråder
Tråd	Tråd startet	Forum	Svar	Siste innlegg
Vista-oppdatering stopper Windows fra Booting	mrdaveyk	Windows-operativsystemer	1	8 oktober 2009 02:27
Windows Vista Will Not Update	gamiseta	Windows-operativsystemer	6	4 feb 2009 11:44
Windows Vista Update problemer - KB36330 - KB950759	katiecoos	Windows-operativsystemer	3	18 juni 2008 16:08
Windows Vista Update Error	robina80	Windows-operativsystemer	1	12 juni 2008 09:09
Vista Windows Update	Shocker	Windows-operativsystemer	1	13 januar 2008 11:26