[Bubba]

Sunt prieteni pe un computer, Vista şi Windows nu va actualizare. Până în prezent, am găsit şi scos Internet Anti-Virus, Win32Adload.r, şi video.exe. Au avut, de asemenea, că cupon spyware şi fiul lor păstrate încărcare LimeWire. Am scos ambele (LOL LimeWire instalează în sine 400 de locuri, a trebuit să treacă printr-o dată la dosar şi fişier de a scăpa de acest lucru). Dar încă nu va actualizare Windows. Sunt obtinerea unui cod 80072efd care spune că nu există un paravan de protecţie a preveni actualizarea de la fereastra. Nu pot găsi nici un firewall, altul decât Windows şi am privit în fiecare dosar. Aici sunt cele trei jurnale, nu găsesc nimic, am pierdut ceva?

NOTĂ: Nu pot încărca oricare din cele trei jurnale. Mă tot obtinerea invalid fişier de pe site-ul. Ce-i cu asta? Am prea multe imagini aici? Lasa-ma sa incerc o copie de pastă:

SUPERAntiSpyware Scan Log
http://www.superantispyware.com

Generat 05.23.2009 la 04:42

Application Version: 4.26.1002

Reguli de bază pentru baze de date Version: 3908
Trace Regulamentul Database Version: 1852

Scan type: Complete Scan
Total Scan Ora: 03:45:40

Memorie articole scanate: 831
Memorie ameninţările detectate: 0
Registrul articole scanate: 6407
Registrul ameninţările detectate: 0
Elemente de fişiere scanate: 326608
File ameninţările detectate: 78

Adware.Tracking Cookie
C: \ Users \ Shirley \ AppData \ Roaming \ Microsoft \ Windows \ Cookies \ Shirley @ 2o7 [2]. Txt
C: \ Users \ Shirley \ AppData \ Roaming \ Microsoft \ Windows \ Cookies \ Shirley @ interclick [1]. Txt
C: \ Users \ Shirley \ AppData \ Roaming \ Microsoft \ Windows \ Cookies \ shirley@msnportal.112.2o7 [1]. Txt
C: \ Users \ Shirley \ AppData \ Roaming \ Microsoft \ Windows \ Cookies \ Shirley @ tribalfusion [1]. Txt
C: \ Users \ Shirley \ AppData \ Roaming \ Microsoft \ Windows \ Cookies \ Shirley @ realmedia [2]. Txt
C: \ Users \ Shirley \ AppData \ Roaming \ Microsoft \ Windows \ Cookies \ shirley@ad.yieldmanager [2]. Txt
C: \ Users \ Shirley \ AppData \ Roaming \ Microsoft \ Windows \ Cookies \ shirley@adopt.specificclick [1]. Txt
C: \ Users \ Shirley \ AppData \ Roaming \ Microsoft \ Windows \ Cookies \ shirley@microsoftinternetexplorer.112.2o7 [1]. Txt
C: \ Users \ Shirley \ AppData \ Roaming \ Microsoft \ Windows \ Cookies \ Shirley @ specificclick [1]. Txt
C: \ Users \ Shirley \ AppData \ Roaming \ Microsoft \ Windows \ Cookies \ shirley@msnservices.112.2o7 [1]. Txt
C: \ Users \ Shirley \ AppData \ Roaming \ Microsoft \ Windows \ Cookies \ Shirley @ media6degrees [1]. Txt
C: \ Users \ Shirley \ AppData \ Roaming \ Microsoft \ Windows \ Cookies \ Shirley @ revsci [1]. Txt
C: \ Users \ Shirley \ AppData \ Roaming \ Microsoft \ Windows \ Cookies \ shirley@microsoftwindows.112.2o7 [1]. Txt
C: \ Documents and Settings \ Shirley \ AppData \ Roaming \ Microsoft \ Windows \ Cookies \ Shirley @ 2o7 [2]. Txt
C: \ Documents and Settings \ Shirley \ AppData \ Roaming \ Microsoft \ Windows \ Cookies \ shirley@ad.yieldmanager [2]. Txt
C: \ Documents and Settings \ Shirley \ AppData \ Roaming \ Microsoft \ Windows \ Cookies \ shirley@adopt.specificclick [1]. Txt
C: \ Documents and Settings \ Shirley \ AppData \ Roaming \ Microsoft \ Windows \ Cookies \ Shirley @ interclick [1]. Txt
C: \ Documents and Settings \ Shirley \ AppData \ Roaming \ Microsoft \ Windows \ Cookies \ Shirley @ media6degrees [1]. Txt
C: \ Documents and Settings \ Shirley \ AppData \ Roaming \ Microsoft \ Windows \ Cookies \ shirley@microsoftinternetexplorer.112.2o7 [1]. Txt
C: \ Documents and Settings \ Shirley \ AppData \ Roaming \ Microsoft \ Windows \ Cookies \ shirley@microsoftwindows.112.2o7 [1]. Txt
C: \ Documents and Settings \ Shirley \ AppData \ Roaming \ Microsoft \ Windows \ Cookies \ shirley@msnportal.112.2o7 [1]. Txt
C: \ Documents and Settings \ Shirley \ AppData \ Roaming \ Microsoft \ Windows \ Cookies \ shirley@msnservices.112.2o7 [1]. Txt
C: \ Documents and Settings \ Shirley \ AppData \ Roaming \ Microsoft \ Windows \ Cookies \ Shirley @ realmedia [2]. Txt
C: \ Documents and Settings \ Shirley \ AppData \ Roaming \ Microsoft \ Windows \ Cookies \ Shirley @ revsci [1]. Txt
C: \ Documents and Settings \ Shirley \ AppData \ Roaming \ Microsoft \ Windows \ Cookies \ Shirley @ specificclick [1]. Txt
C: \ Documents and Settings \ Shirley \ AppData \ Roaming \ Microsoft \ Windows \ Cookies \ Shirley @ tribalfusion [1]. Txt
C: \ Documents and Settings \ Shirley \ Application Data \ Microsoft \ Windows \ Cookies \ Shirley @ 2o7 [2]. Txt
C: \ Documents and Settings \ Shirley \ Application Data \ Microsoft \ Windows \ Cookies \ shirley@ad.yieldman AGER [2]. Txt
C: \ Documents and Settings \ Shirley \ Application Data \ Microsoft \ Windows \ Cookies \ shirley@adopt.speci ficclick [1]. Txt
C: \ Documents and Settings \ Shirley \ Application Data \ Microsoft \ Windows \ Cookies \ Shirley @ interclick [1]. Txt
C: \ Documents and Settings \ Shirley \ Application Data \ Microsoft \ Windows \ Cookies \ Shirley @ media6degre es [1]. Txt
C: \ Documents and Settings \ Shirley \ Application Data \ Microsoft \ Windows \ Cookies \ Shirley @ microsoftin ternetexplorer.112.2o7 [1]. Txt
C: \ Documents and Settings \ Shirley \ Application Data \ Microsoft \ Windows \ Cookies \ Shirley @ microsoftwi ndows.112.2o7 [1]. Txt
C: \ Documents and Settings \ Shirley \ Application Data \ Microsoft \ Windows \ Cookies \ shirley@msnportal.1 12.2o7 [1]. Txt
C: \ Documents and Settings \ Shirley \ Application Data \ Microsoft \ Windows \ Cookies \ Shirley @ msnservices .112.2 O7 [1]. Txt
C: \ Documents and Settings \ Shirley \ Application Data \ Microsoft \ Windows \ Cookies \ Shirley @ realmedia [2]. Txt
C: \ Documents and Settings \ Shirley \ Application Data \ Microsoft \ Windows \ Cookies \ Shirley @ revsci [1]. Txt
C: \ Documents and Settings \ Shirley \ Application Data \ Microsoft \ Windows \ Cookies \ Shirley specificcli @ ck [1]. Txt
C: \ Documents and Settings \ Shirley \ Application Data \ Microsoft \ Windows \ Cookies \ Shirley @ tribalfusio n [1]. Txt
C: \ Documents and Settings \ Shirley \ Cookies \ Shirley @ 2o7 [2]. Txt
C: \ Documents and Settings \ Shirley \ Cookies \ shirley@ad.yieldmanager [2]. Txt
C: \ Documents and Settings \ Shirley \ Cookies \ shirley@adopt.specificcli CK [1]. Txt
C: \ Documents and Settings \ Shirley \ Cookies \ Shirley @ interclick [1]. Txt
C: \ Documents and Settings \ Shirley \ Cookies \ Shirley @ media6degrees [1]. Txt
C: \ Documents and Settings \ Shirley \ Cookies \ Shirley @ microsoftinternet explorer.112.2o7 [1]. Txt
C: \ Documents and Settings \ Shirley \ Cookies \ Shirley @ microsoftwindows. 112.2o7 [1]. Txt
C: \ Documents and Settings \ Shirley \ Cookies \ shirley@msnportal.112.2o7 [1]. Txt
C: \ Documents and Settings \ Shirley \ Cookies \ shirley@msnservices.112.2 O7 [1]. Txt
C: \ Documents and Settings \ Shirley \ Cookies \ Shirley @ realmedia [2]. Txt
C: \ Documents and Settings \ Shirley \ Cookies \ Shirley @ revsci [1]. Txt
C: \ Documents and Settings \ Shirley \ Cookies \ Shirley @ specificclick [1]. Txt
C: \ Documents and Settings \ Shirley \ Cookies \ Shirley @ tribalfusion [1]. Txt
C: \ Users \ Shirley \ Application Data \ Microsoft \ Windows \ Cookies \ Shirley @ 2o7 [2]. Txt
C: \ Users \ Shirley \ Application Data \ Microsoft \ Windows \ Cookies \ shirley@ad.yieldman AGER [2]. Txt
C: \ Users \ Shirley \ Application Data \ Microsoft \ Windows \ Cookies \ shirley@adopt.speci ficclick [1]. Txt
C: \ Users \ Shirley \ Application Data \ Microsoft \ Windows \ Cookies \ Shirley @ interclick [1]. Txt
C: \ Users \ Shirley \ Application Data \ Microsoft \ Windows \ Cookies \ Shirley @ media6degre es [1]. Txt
C: \ Users \ Shirley \ Application Data \ Microsoft \ Windows \ Cookies \ Shirley @ microsoftin ternetexplorer.112.2o7 [1]. Txt
C: \ Users \ Shirley \ Application Data \ Microsoft \ Windows \ Cookies \ Shirley @ microsoftwi ndows.112.2o7 [1]. Txt
C: \ Users \ Shirley \ Application Data \ Microsoft \ Windows \ Cookies \ shirley@msnportal.1 12.2o7 [1]. Txt
C: \ Users \ Shirley \ Application Data \ Microsoft \ Windows \ Cookies \ Shirley @ msnservices .112.2 O7 [1]. Txt
C: \ Users \ Shirley \ Application Data \ Microsoft \ Windows \ Cookies \ Shirley @ realmedia [2]. Txt
C: \ Users \ Shirley \ Application Data \ Microsoft \ Windows \ Cookies \ Shirley @ revsci [1]. Txt
C: \ Users \ Shirley \ Application Data \ Microsoft \ Windows \ Cookies \ Shirley specificcli @ ck [1]. Txt
C: \ Users \ Shirley \ Application Data \ Microsoft \ Windows \ Cookies \ Shirley @ tribalfusio n [1]. Txt
C: \ Users \ Shirley \ Cookies \ Shirley @ 2o7 [2]. Txt
C: \ Users \ Shirley \ Cookies \ shirley@ad.yieldmanager [2]. Txt
C: \ Users \ Shirley \ Cookies \ shirley@adopt.specificcli CK [1]. Txt
C: \ Users \ Shirley \ Cookies \ Shirley @ interclick [1]. Txt
C: \ Users \ Shirley \ Cookies \ Shirley @ media6degrees [1]. Txt
C: \ Users \ Shirley \ Cookies \ Shirley @ microsoftinternet explorer.112.2o7 [1]. Txt
C: \ Users \ Shirley \ Cookies \ Shirley @ microsoftwindows. 112.2o7 [1]. Txt
C: \ Users \ Shirley \ Cookies \ shirley@msnportal.112.2o7 [1]. Txt
C: \ Users \ Shirley \ Cookies \ shirley@msnservices.112.2 O7 [1]. Txt
C: \ Users \ Shirley \ Cookies \ Shirley @ realmedia [2]. Txt
C: \ Users \ Shirley \ Cookies \ Shirley @ revsci [1]. Txt
C: \ Users \ Shirley \ Cookies \ Shirley @ specificclick [1]. Txt
C: \ Users \ Shirley \ Cookies \ Shirley @ tribalfusion [1]. Txt

Malwarebytes' Anti-Malware 1.36
Baza de date versiune: 2150
Windows 6.0.6001 Service Pack 1

5/19/2009 8:40:58 AM
mbam-log-2009-05-19 (08-40-58). txt

Scan type: Quick Scan
Obiecte scanate: 71524
Timpul scurs: 3 minute (s), 23 secunde (s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Chei de Registry Infected: 13
Registry Values Infected: 0
Registrul de date Elemente Infected: 3
Folders Infected: 3
Fişiere infectate: 11

Memory Processes Infected:
(Nici un rău elemente detectat)

Memory Modules Infected:
(Nici un rău elemente detectat)

Chei de Registry Infected:
HKEY_CLASSES_ROOT \ fe345.fe345mgr (Trojan.FakeAlert) -> carantină şi a fost şters cu succes.
HKEY_CLASSES_ROOT \ CLSID \ (65768b48-b004-4b26-9bac-a3bac39643d1) (Trojan.FakeAlert) -> carantină şi a fost şters cu succes.
HKEY_CURRENT_USER \ SOFTWARE \ Microsoft \ Windows \ Curre ntVersion \ Ext \ Stats \ (65768b48-b004-4b26-9bac-a3bac39643d1) (Trojan.FakeAlert) -> carantină şi a fost şters cu succes.
HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ Windows \ Curr entVersion \ Explorer \ Browser Helper Objects \ (65768b48-b004-4b26-9bac-a3bac39643d1) (Trojan.FakeAlert) -> carantină şi a fost şters cu succes.
HKEY_CLASSES_ROOT \ fe345.fe345mgr.1 (Trojan.FakeAlert) -> carantină şi a fost şters cu succes.
HKEY_CLASSES_ROOT \ y537.y537mgr (Trojan.BHO) -> carantină şi a fost şters cu succes.
HKEY_CLASSES_ROOT \ TypeLib \ (e63648f7-3933-440e-b4f6-a8584dd7b7eb) (Trojan.BHO) -> carantină şi a fost şters cu succes.
HKEY_CLASSES_ROOT \ Interface \ (f7d09218-46d7-4d3d-9b7f-315204cd0836) (Trojan.BHO) -> carantină şi a fost şters cu succes.
HKEY_CLASSES_ROOT \ CLSID \ (e7f15ac4-e0a9-43f0-921b-70dfea621220) (Trojan.BHO) -> carantină şi a fost şters cu succes.
HKEY_CURRENT_USER \ SOFTWARE \ Microsoft \ Windows \ Curre ntVersion \ Ext \ Stats \ (e7f15ac4-e0a9-43f0-921b-70dfea621220) (Trojan.BHO) -> carantină şi a fost şters cu succes.
HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ Windows \ Curr entVersion \ Explorer \ Browser Helper Objects \ (e7f15ac4-e0a9-43f0-921b-70dfea621220) (Trojan.BHO) -> carantină şi a fost şters cu succes.
HKEY_CLASSES_ROOT \ y537.y537mgr.1 (Trojan.BHO) -> carantină şi a fost şters cu succes.
HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ Windows \ Curr entVersion \ Uninstall \ Internet antivirus pro_is1 (Rogue.InternetAntivirus) -> carantină şi a fost şters cu succes.

Registry Values Infected:
(Nici un rău elemente detectat)

Registrul de date Elemente Infected:
HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ Security Center \ AntiVirusDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> carantină şi a fost şters cu succes.
HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ Security Center \ FirewallDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> carantină şi a fost şters cu succes.
HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ Security Center \ UpdatesDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> carantină şi a fost şters cu succes.

Folders Infected:
C: \ Windows \ System32 \ 199638 (Trojan.FakeAlert) -> carantină şi a fost şters cu succes.
C: \ Program Files \ websrvx (Trojan.Downloader) -> carantină şi a fost şters cu succes.
C: \ Windows \ System32 \ 796525 (Trojan.BHO) -> carantină şi a fost şters cu succes.

Files Infected:
C: \ Windows \ System32 \ 199638 \ 199638.dll (Trojan.FakeAlert) -> carantină şi a fost şters cu succes.
C: \ Windows \ System32 \ 796525 \ 796525.dll (Trojan.BHO) -> carantină şi a fost şters cu succes.
C: \ Users \ Shirley \ AppData \ Local \ Temp \ jopaxx_1241669 819.exe (Worm.KoobFace) -> carantină şi a fost şters cu succes.
C: \ Program Files \ Common Files \ InternetAntivirusPro.exe (Rogue.InternetAntivirus) -> carantină şi a fost şters cu succes.
C: \ Windows \ msmark2.dat (Worm.KoobFace) -> carantină şi a fost şters cu succes.
C: \ Windows \ t55ft2668f44.dat (Worm.KoobFace) -> carantină şi a fost şters cu succes.
C: \ Windows \ t55ft2695f44.dat (Worm.KoobFace) -> carantină şi a fost şters cu succes.
C: \ Windows \ t55ft3105f44.dat (Worm.KoobFace) -> carantină şi a fost şters cu succes.
C: \ Windows \ 9g2234wesdf3dfgjf23 (Worm.KoobFace) -> carantină şi a fost şters cu succes.
C: \ Windows \ f5087.dat (Worm.KoobFace) -> carantină şi a fost şters cu succes.
C: \ Windows \ f23567.dat (Worm.KoobFace) -> carantină şi a fost şters cu succes.
(de mai sus a fost primul jurnal, de mai jos este cea curentă)

Malwarebytes' Anti-Malware 1.36
Baza de date versiune: 2150
Windows 6.0.6001 Service Pack 1

5/23/2009 9:03:23 AM
mbam-log-2009-05-23 (09-03-23). txt

Scan type: Quick Scan
Obiecte scanate: 70234
Timpul scurs: 2 minute (s), 28 secunde (s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Chei de Registry Infected: 0
Registry Values Infected: 0
Registrul de date Elemente Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(Nici un rău elemente detectat)

Memory Modules Infected:
(Nici un rău elemente detectat)

Chei de Registry Infected:
(Nici un rău elemente detectat)

Registry Values Infected:
(Nici un rău elemente detectat)

Registrul de date Elemente Infected:
(Nici un rău elemente detectat)

Folders Infected:
(Nici un rău elemente detectat)

Files Infected:
(Nici un rău elemente detectat)

Logfile de Trend Micro HijackThis v2.0.2
Scan salvat de la 9:09:09, pe 5.23.2009
Platforma: Windows Vista SP1 (WINNT 6.00.1905)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Rularea procese:
C: \ Windows \ system32 \ Dwm.exe
C: \ Windows \ system32 \ taskeng.exe
C: \ Windows \ Explorer.exe
C: \ Program Files \ Windows Media Player \ wmpnscfg.exe
C: \ Program Files \ Windows Defender \ MSASCui.exe
C: \ Windows \ RtHDVCpl.exe
C: \ Program Files \ NewTech Infosystems \ NTI Backup Acum 5 \ BkupTray.exe
C: \ Acer \ putere Tehnologie \ SysMonitor.exe
C: \ Program Files \ Motorola \ SMSERIAL \ sm56hlpr.exe
C: \ Windows \ System32 \ nvraidservice.exe
C: \ Program Files \ Lexmark 4300 Series \ lxcemon.exe
C: \ Program Files \ Lexmark 4300 Series \ ezprint.exe
C: \ Program Files \ Common Files \ ArcSoft \ Connection Service \ bin \ ACDaemon.exe
C: \ Program Files \ iTunes \ iTunesHelper.exe
C: \ Program Files \ Java \ jre6 \ bin \ jusched.exe
C: \ Program Files \ BillP Studios \ WinPatrol \ WinPatrol.exe
C: \ Windows \ System32 \ rundll32.exe
C: \ Program Files \ Alwil Software \ Avast4 \ ashDisp.exe
C: \ Program Files \ Google \ GoogleToolbarNotifier \ GoogleToolbarNo tifier.exe
C: \ Windows \ ehome \ ehtray.exe
C: \ Program Files \ OLYMPUS \ OLYMPUS Master 2 \ MMonitor.exe
C: \ Program Files \ Spybot - Search & Destroy \ TeaTimer.exe
C: \ Program Files \ Eraser \ Eraser.exe
C: \ Program Files \ SUPERAntiSpyware \ SUPERAntiSpyware.exe
C: \ Program Files \ Kodak \ Kodak EasyShare software \ bin \ EasyShare.exe
C: \ Windows \ system32 \ wbem \ unsecapp.exe
C: \ Acer \ putere Tehnologie \ ACER.EMPOWERING.FRAMEWORK.SUPERVISOR.EX E
C: \ Acer \ putere Technology \ eRecovery \ ERAGENT.EXE
C: \ Windows \ ehome \ ehmsas.exe
C: \ Users \ Shirley \ Desktop \ HiJackThis.exe

R0 - HKCU \ Software \ Microsoft \ Internet Explorer \ Main, Start Page = http://www.yahoo.com/
R1 - HKLM \ SOFTWARE \ Microsoft \ Internet Explorer \ Main, Default_Page_URL = http://en.us.acer.yahoo.com
R1 - HKLM \ SOFTWARE \ Microsoft \ Internet Explorer \ Main, Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM \ SOFTWARE \ Microsoft \ Internet Explorer \ Main, Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM \ SOFTWARE \ Microsoft \ Internet Explorer \ Main, Start Page = http://en.us.acer.yahoo.com
R0 - HKLM \ SOFTWARE \ Microsoft \ Internet Explorer \ Search, SearchAssistant =
R0 - HKLM \ SOFTWARE \ Microsoft \ Internet Explorer \ Search, CustomizeSearch =
R1 - HKCU \ Software \ Microsoft \ Windows \ CurrentVersion \ Int ernet Setări, ProxyServer = http = localhost: 7171
R0 - HKCU \ Software \ Microsoft \ Internet Explorer \ Toolbar, LinksFolderName =
O1 - Hosts::: 1 localhost
O2 - BHO: (no name) - (02478D38-C3F9-4efb-9B51-7695ECA05670) - (no file)
O2 - BHO: AcroIEHelperStub - (18DF081C-E8AD-4283-A596-FA578C2EBDC3) - C: \ Program Files \ Common Files \ Adobe \ Acrobat \ ActiveX \ AcroIEHelperShim.dll
O2 - BHO: Spybot-S & D IE Protecţia - (53707962-6F74-2D53-2644-206D7942484F) - C: \ PROGRA ~ 1 \ Spybot ~ 1 \ SDHelper.dll
O2 - BHO: (no name) - (602ADB0E-4AFF-4217-8AA1-95DAC4DFA408) - (no file)
O2 - BHO: SSVHelper Class - (761497BB-D6F0-462C-B6EB-D4DAF1D92D43) - C: \ Program Files \ Java \ jre6 \ bin \ ssv.dll
O2 - BHO: (no name) - (83A2F9B1-01A2-4AA5-87D1-45B6B8505E96) - (no file)
O2 - BHO: Google Toolbar Helper - (AA58ED58-01DD-4d91-8333-CF10577473F7) - C: \ Program Files \ Google \ Google Toolbar \ GoogleToolbar.dll
O2 - BHO: Google Toolbar Notifier BHO - (AF69DE43-7D58-4638-B6FA-CE66B5AD205D) - C: \ Program Files \ Google \ GoogleToolbarNotifier \ 5.1.1309.3572 \ s wg.dll
O2 - BHO: Google Dictionar de comprimare sdch - (C84D72FE-E17D-4195-BB24-76C02E2E7C4E) - C: \ Program Files \ Google \ Google Toolbar \ Component \ fastsearch_A8904FB862BD9564.dll
O2 - BHO: Java (tm) Plug-in 2 SSV Helper - (DBC80044-A445-435b-BC74-9C25C1C588A9) - C: \ Program Files \ Java \ jre6 \ bin \ jp2ssv.dll
O3 - Toolbar: Google Toolbar - (2318C2B1-4965-11d4-9B18-009027A5CD4F) - C: \ Program Files \ Google \ Google Toolbar \ GoogleToolbar.dll
O4 - HKLM \ .. \ Run: [Windows Defender]% ProgramFiles% \ Windows Defender \ MSASCui.exe-a ascunde
O4 - HKLM \ .. \ Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM \ .. \ Run: [BkupTray] "C: \ Program Files \ NewTech Infosystems \ NTI Backup Acum 5 \ BkupTray.exe"
O4 - HKLM \ .. \ Run: [Acer Imputernicirea Tehnologie Monitorul] C: \ Acer \ Imputernicirea Tehnologie \ SysMonitor.exe
O4 - HKLM \ .. \ Run: [SMSERIAL] C: \ Program Files \ Motorola \ SMSERIAL \ sm56hlpr.exe
O4 - HKLM \ .. \ Run: [Acer Înregistrare produs] "C: \ Program Files \ Acer inregistrare \ ACE1.exe" / pornire
O4 - HKLM \ .. \ Run: [NVRaidService] C: \ Windows \ system32 \ nvraidservice.exe
O4 - HKLM \ .. \ Run: [LXCECATS] rundll32 C: \ Windows \ system32 \ bobina \ DRIVERS \ W32X86 \ 3 \ LXCEtim e.dll, _RunDLLEntry @ 16
O4 - HKLM \ .. \ Run: [lxcemon.exe] "C: \ Program Files \ Lexmark 4300 Series \ lxcemon.exe"
O4 - HKLM \ .. \ Run: [EzPrint] "C: \ Program Files \ Lexmark 4300 Series \ ezprint.exe"
O4 - HKLM \ .. \ Run: [ArcSoft Connection Service] C: \ Program Files \ Common Files \ ArcSoft \ Connection Service \ bin \ ACDaemon.exe
O4 - HKLM \ .. \ Run: [QuickTime Task] "C: \ Program Files \ QuickTime \ QTTask.exe"-atboottime
O4 - HKLM \ .. \ Run: [iTunesHelper] "C: \ Program Files \ iTunes \ iTunesHelper.exe"
O4 - HKLM \ .. \ Run: [SunJavaUpdateSched] "C: \ Program Files \ Java \ jre6 \ bin \ jusched.exe"
O4 - HKLM \ .. \ Run: [Adobe Reader Speed Launcher] "C: \ Program Files \ Adobe \ Reader 9.0 \ Reader \ Reader_sl.exe"
O4 - HKLM \ .. \ Run: [WinPatrol] C: \ Program Files \ BillP Studios \ WinPatrol \ winpatrol.exe-expressboot
O4 - HKLM \ .. \ Run: [NvCplDaemon] RUNDLL32.EXE C: \ Windows \ system32 \ NvCpl.dll, NvStartup
O4 - HKLM \ .. \ Run: [NvMediaCenter] RUNDLL32.EXE C: \ Windows \ system32 \ NvMcTray.dll, NvTaskbarInit
O4 - HKLM \ .. \ Run: [stai!] C: \ PROGRA ~ 1 \ ALWILS ~ 1 \ Avast4 \ ashDisp.exe
O4 - HKCU \ .. \ Run: [swg] C: \ Program Files \ Google \ GoogleToolbarNotifier \ GoogleToolbarNo tifier.exe
O4 - HKCU \ .. \ Run: [ehTray.exe] C: \ Windows \ ehome \ ehTray.exe
O4 - HKCU \ .. \ Run: [OM2_Monitor] "C: \ Program Files \ OLYMPUS \ OLYMPUS Master 2 \ MMonitor.exe"
O4 - HKCU \ .. \ Run: [WMPNSCFG] C: \ Program Files \ Windows Media Player \ WMPNSCFG.exe
O4 - HKCU \ .. \ Run: [SpybotSD TeaTimer] C: \ Program Files \ Spybot - Search & Destroy \ TeaTimer.exe
O4 - HKCU \ .. \ Run: [Eraser] C: \ Program Files \ Eraser \ Eraser.exe-a ascunde
O4 - HKCU \ .. \ Run: [SUPERAntiSpyware] C: \ Program Files \ SUPERAntiSpyware \ SUPERAntiSpyware.exe
O4 - HKUS \ S-1-5-19 \ .. \ Run: [Sidebar]% ProgramFiles% \ Windows Sidebar \ Sidebar.exe / detectMem (User 'LOCAL SERVICE')
O4 - HKUS \ S-1-5-19 \ .. \ Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll, ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS \ S-1-5-20 \ .. \ Run: [Sidebar]% ProgramFiles% \ Windows Sidebar \ Sidebar.exe / detectMem (User 'NETWORK SERVICE')
O4 - Global Startup: Imputernicirea Tehnologie Launcher.lnk =?
O4 - Global Startup: Kodak EasyShare software.lnk = C: \ Program Files \ Kodak \ Kodak EasyShare software \ bin \ EasyShare.exe
O8 - Extra context menu item: E & xportaţi la Microsoft Excel - res: / / C: \ PROGRA ~ 1 \ milionimi ~ 2 \ Office12 \ EXCEL.EXE/3000
O9 - Extra button: Send to OneNote - (2670000A-7350-4f3c-8081-5663EE0C6C49) - C: \ PROGRA ~ 1 \ milionimi ~ 2 \ Office12 \ ONBttnIE.dll
O9 - Extra 'Tools' MENUITEM: S & la sfârşitul OneNote - (2670000A-7350-4f3c-8081-5663EE0C6C49) - C: \ PROGRA ~ 1 \ milionimi ~ 2 \ Office12 \ ONBttnIE.dll
O9 - Extra button: Cercetare - (92780B25-18CC-41C8-B9BE-3C9C571A8263) - C: \ PROGRA ~ 1 \ milionimi ~ 2 \ Office12 \ REFIEBAR.DLL
O9 - Extra button: (no name) - (DFB852A3-47F8-48C4-A200-58CAB36FD2A2) - C: \ PROGRA ~ 1 \ Spybot ~ 1 \ SDHelper.dll
O9 - Extra 'Tools' MENUITEM: Spybot - Search & Destroy Configuration - (DFB852A3-47F8-48C4-A200-58CAB36FD2A2) - C: \ PROGRA ~ 1 \ Spybot ~ 1 \ SDHelper.dll
O13 - Gopher Prefix:
O16 - DPF: (3860DD98-0549-4D50-AA72-5D17D200EE10) --
O18 - Filter: x-sdch - (B1759355-3EEC-4C1E-B0F1-B719FE26E377) - C: \ Program Files \ Google \ Google Toolbar \ Component \ fastsearch_A8904FB862BD9564.dll
O20 - Winlogon Notify:! SASWinLogon - C: \ Program Files \ SUPERAntiSpyware \ SASWINLO.dll
O23 - Service: ArcSoft Conectaţi Daemon (ACDaemon) - ArcSoft Inc - C: \ Program Files \ Common Files \ ArcSoft \ Connection Service \ bin \ ACService.exe
O23 - Service: ePerformance Service (AcerMemUsageCheckService) - Unknown owner - C: \ Acer \ putere Tehnologie \ ePerformance \ MemCheck.exe
O23 - Service: Apple Mobile Device - Apple Inc - C: \ Program Files \ Common Files \ Apple \ Mobile Device Support \ bin \ AppleMobileDeviceService.exe
O23 - Service: stai! iAVS4 serviciu de control (aswUpdSv) - ALWIL Software - C: \ Program Files \ Alwil Software \ Avast4 \ aswUpdSv.exe
O23 - Service: stai! Antivirus - ALWIL Software - C: \ Program Files \ Alwil Software \ Avast4 \ ashServ.exe
O23 - Service: stai! Mail Scanner - ALWIL Software - C: \ Program Files \ Alwil Software \ Avast4 \ ashMaiSv.exe
O23 - Service: stai! Web Scanner - ALWIL Software - C: \ Program Files \ Alwil Software \ Avast4 \ ashWebSv.exe
O23 - Service: Bonjour Service - Apple Inc - C: \ Program Files \ Bonjour \ mDNSResponder.exe
O23 - Service: NTI Backup Acum 5 Agent Service (BUNAgentSvc) - NewTech Infosystems, Inc - C: \ Program Files \ NewTech Infosystems \ NTI Backup Acum 5 \ Client \ Agentsvc.exe
O23 - Service: eRecovery Service (eRecoveryService) - Acer Inc - C: \ Acer \ putere Technology \ eRecovery \ eRecoveryService.exe
O23 - Service: eSettings Service (eSettingsService) - Unknown owner - C: \ Acer \ putere Tehnologie \ eSettings \ Service \ capuserv.exe
O23 - Service: Google Software Updater (gusvc) - Google - C: \ Program Files \ Google \ Common \ Google Updater \ GoogleUpdaterService.exe
O23 - Service: iPod Service - Apple Inc - C: \ Program Files \ iPod \ bin \ iPodService.exe
O23 - Service: lxce_device - - C: \ Windows \ system32 \ lxcecoms.exe
O23 - Service: NTI Backup Acum 5 Backup Service (NTIBackupSvc) - NewTech InfoSystems, Inc - C: \ Program Files \ NewTech Infosystems \ NTI Backup Acum 5 \ BackupSvc.exe
O23 - Service: NTI Backup Acum 5 Scheduler Service (NTISchedulerSvc) - Unknown owner - C: \ Program Files \ NewTech Infosystems \ NTI Backup Acum 5 \ SchedulerSvc.exe
O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C: \ Windows \ system32 \ nvvsvc.exe
O23 - Service: SBSD Security Center Service (SBSDWSCService) - Safer Networking Ltd. - C: \ Program Files \ Spybot - Search & Destroy \ SDWinSec.exe

--
Sfârşit de fişier - 9919 bytes

[sjb007]

Max Bubba ....

Avem nevoie de dumneavoastră pentru a dezactiva TeaTimer ca s-ar putea interfera cu remedierile de care avem nevoie pentru a face.

1) Run Spybot-S & D
2) Du-te la meniul Mode, şi asiguraţi-vă că "Modul Avansat" este selectat
3) în partea stângă, selectaţi Tools -> Rezident
4) Debifaţi "Resident TeaTimer" OK şi orice prompturi
5) Reporniţi computerul.

Descărca ResetTeaTimer.bat făcând clic dreapta pe link-ul, şi alegând Save As.

* Salvaţi-l pe Desktop.
* Faceţi dublu-clic pe ResetTeaTimer.zip
* Faceţi dublu-clic pe ResetTeaTimer.bat şi faceţi clic pe Executare pentru a elimina toate intrările set de TeaTimer.

După toate remedierile sunt complete, este foarte important să permită TeaTimer, din nou, voi lăsa să ştii, când acesta este în siguranţă pentru a face acest lucru.

A Tutorial pentru Tea Timer poate fi găsit aici -> http://russelltexas.com/malware/teatimer.htm

==========================================\u0

Descărcaţi şi scanare cu ComboFix.exe. Vă rugăm să vizitaţi această pagină web pentru download-uri utile, precum şi instrucţiuni pentru rularea instrument:

http://www.bleepingcomputer.com/comb...o-use-combofix

Asiguraţi-vă aţi dezactivat toate anti-virus si anti malware-ului, inclusiv programe de winpatrol astfel încât acestea să nu interfereze cu funcţionarea ComboFix.

Vă rugăm să includeţi în C: \ ComboFix.txt în următoarea replică pentru revizuire.

==========================================\u0

Du-te la Meniul Start > Selectaţi Fugi şi copie / inseraţi următorul în caseta Run şi faceţi clic pe OK:

C: \ Qoobox \ Add-Remove Programs.txt

Un fişier text ar trebui să se deschidă. Vă rugăm să posta conţinutul că fişierul în următoarea replică.

[Bubba]

O serie de lucruri înainte de a-mi posta jurnalele:

1. În timp Ceai tutorial ai legate, el a spus de asemenea, dezactiva rezident SDHelper asa ca am facut-o.
2. ComboFix nu a afişa o copie de rezervă regisdtry ecran cu excepţia cazului în care este un ecran de repede şi am ratat-o în timp ce se uită la meu calculator (amintiţi-vă acest lucru este o pe prieteni). Acesta nu a deconecta de la internet şi nici nu am observat-o schimbare în timp. Ambele icoane au fost vizibile în timp ce Combo fixa a fost să fie difuzate. Este asta o problemă? De asemenea, după ce a fost lansat Combofix, pe tapet a fost distorsionat, asa ca am rebooted. În cazul în care computerstarted înapoi în sus, pe tapet a fost plecat, nu a mai fost Firefox browser implicit şi un mesaj popped sus că IE pagina a fost schimbat la MSN (cred). Este normal acest lucru? De asemenea, Winpatrol remarcat faptul că un nou serviciu a fost adaugat: appmgmts.dll.

3. Înainte de a răspuns la acest lucru, am scăpat de la Google Toolbar. Mai multe de HJT intrări privit ciudat. În 018 de exemplu, a fost numit x-sdCH loc de x-sdHC .......... In afara de lol, urasc instrument baruri şi ei pot tot timpul sa-l adauge înapoi în cazul în care vrei. Indiferent, care a schimbat HJT log. De asemenea, am scăpat de la 2 la 02 de faptul că nu a avut nici un fişier asociate cu ele.

4. Ce ne caută în Combofix? LOL Am început să descărcaţi şi să îl rulaţi de mai înainte am postat acest thread, dar am decis doar cunosc ştiu încă destul de pui cu ea.

Şi fără alte formalităţi:

ComboFix 09-05-23.04 - Shirley 05/24/2009 4:48.1 - NTFSx86
Microsoft ® Windows Vista ™ Home Premium 6.0.6001.1.1252.1.1033.18.2814.1916 [GMT -4:00]
Rularea de la: C: \ users \ Shirley \ Desktop \ ComboFix.exe
SP: Spybot - Search si Distruge handicap * * (expirată) (ED588FAF-1B8F-43B4-ACA8-8E3C85DADBE9)
SP: SUPERAntiSpyware * * handicap (Actualizat) (222A897C-5018-402e-943F-7E7AC8560DA7)
SP: Windows Defender activat * * (Actualizat) (D68DDC3A-831F-4FAE-9E44-DA132C1ACF46)
.

((((((((((((((((((((((((( Fişierele create de 2009-04-24 la 2009-05-24 ))))))))))) ))))))))))))))))))))
.

2009-05-22 23:57. 2009-05-24 08:40 117760 ---- Aw c: \ users \ Shirley \ AppData \ Roaming \ SUPERAntiSpyware. com \ SUPERAntiSpyware \ SDDLLS \ UIREPAIR.DLL
2009-05-22 23:56. 2009-05-22 23:56 -------- ----- wc d: \ programdata \ SUPERAntiSpyware.com
2009-05-22 23:52. 2009-05-22 23:52 -------- ----- wc d: \ Program Files \ SUPERAntiSpyware
2009-05-22 23:52. 2009-05-22 23:52 -------- ----- wc d: \ users \ Shirley \ AppData \ Roaming \ SUPERAntiSpyware. com
2009-05-22 20:36. 2009-05-22 20:36 -------- ----- wc d: \ Program Files \ Common Files \ Wise Installation Wizard
2009-05-22 15:06. 2009-02-05 20:06 51376 ---- Aw c: \ windows \ system32 \ drivers \ aswTdi.sys
2009-05-22 15:06. 2009-02-05 20:06 23152 ---- Aw c: \ windows \ system32 \ drivers \ aswRdr.sys
2009-05-22 15:06. 2009-02-05 20:07 114768 ---- Aw c: \ windows \ system32 \ drivers \ aswSP.sys
2009-05-22 15:06. 2009-02-05 20:07 20560 ---- Aw c: \ windows \ system32 \ drivers \ aswFsBlk.sys
2009-05-22 15:06. 2009-02-05 20:04 97480 ---- Aw c: \ windows \ system32 \ AvastSS.scr
2009-05-22 15:06. 2009-02-05 20:11 1256296 ---- Aw c: \ windows \ system32 \ aswBoot.exe
2009-05-22 15:06. 2009-02-05 20:06 51792 ---- Aw c: \ windows \ system32 \ drivers \ aswMonFlt.sys
2009-05-22 15:06. 2009-05-22 15:06 -------- ----- wc d: \ Program Files \ Alwil Software
2009-05-22 04:38. 2009-05-22 04:38 738120 ---- Aw C: \ programdata \ Microsoft \ eHome \ Packages \ MCESpotlig HT \ MCESpotlight \ SpotlightResources.dll
2009-05-20 12:43. 2008-06-20 01:14 97800 ---- Aw c: \ windows \ system32 \ infocardapi.dll
2009-05-20 12:43. 2008-06-20 01:14 105016 ---- Aw c: \ windows \ system32 \ PresentationCFFRasterizerNativ e_v0300.dll
2009-05-20 12:43. 2008-06-20 01:14 11264 ---- Aw c: \ windows \ system32 \ icardres.dll
2009-05-20 12:43. 2008-06-20 01:14 622080 ---- Aw c: \ windows \ system32 \ icardagt.exe
2009-05-20 12:43. 2008-06-20 01:14 43544 ---- Aw c: \ windows \ system32 \ PresentationHostProxy.dll
2009-05-20 12:43. 2008-06-20 01:14 781344 ---- Aw c: \ windows \ system32 \ PresentationNative_v0300.dll
2009-05-20 12:43. 2008-06-20 01:14 326160 ---- Aw c: \ windows \ system32 \ PresentationHost.exe
2009-05-20 12:33. 2008-07-27 18:03 96760 ---- Aw c: \ windows \ system32 \ dfshim.dll
2009-05-20 12:33. 2008-07-27 18:03 282112 ---- Aw c: \ windows \ system32 \ mscoree.dll
2009-05-20 12:33. 2008-07-27 18:03 41984 ---- Aw c: \ windows \ system32 \ netfxperf.dll
2009-05-20 12:32. 2008-07-27 18:03 158720 ---- Aw c: \ windows \ system32 \ mscorier.dll
2009-05-20 12:32. 2008-07-27 18:03 83968 ---- Aw c: \ windows \ system32 \ mscories.dll
2009-05-20 11:39. 2009-05-20 11:39 -------- ----- wc d: \ Program Files \ Microsoft Silverlight
2009-05-20 04:03. 2009-05-20 11:00 -------- ----- wc d: \ Program Files \ Windows Live siguranţă Center
2009-05-19 23:20. 2009-05-19 23:20 -------- ----- wc d: \ users \ Shirley \ AppData \ Local \ Acer DV Magicianul
2009-05-19 23:10. 2009-05-19 23:10 -------- ----- wc d: \ windows \ duminică
2009-05-19 20:40. 2009-05-19 20:40 -------- ----- wc d: \ users \ Shirley \ AppData \ Roaming \ com.adobe.mauby.4 875E02D9FB21EE389F73B8D1702B320485DF8CE.1
2009-05-19 20:40. 2009-05-19 11:41 38200 ---- Aw c: \ users \ Shirley \ AppData \ Roaming \ Macromedia \ Flash Player \www.macromedia.com \ bin \ airappinstaller \ airappinsta ller.exe
2009-05-19 18:24. 2009-05-24 08:38 -------- ----- wc d: \ users \ Shirley \ AppData \ Local \ Eraser
2009-05-19 18:24. 2009-05-19 18:24 -------- d - h - wc: \ users \ Shirley \ AppData \ Local \ (A25FEDC1-F6D7-440C-BCE2-B71F595F6646)
2009-05-19 18:24. 2009-05-19 18:24 -------- ----- wc d: \ Program Files \ Eraser
2009-05-19 17:20. 2009-05-19 17:20 -------- ----- wc d: \ users \ Shirley \ AppData \ Roaming \ eSobi
2009-05-19 17:11. 2008-07-10 06:32 538 ---- Aw c: \ windows \ system32 \ RegRaidSedona.bat
2009-05-19 17:07. 2009-05-19 17:07 -------- d ----- w C: \ NVIDIA
2009-05-19 14:04. 2009-05-19 14:05 -------- ----- wc d: \ Program Files \ Spybot - Search & Destroy
2009-05-19 14:04. 2009-05-19 14:05 -------- ----- wc d: \ programdata \ Spybot - Search & Destroy
2009-05-19 13:01. 2009-05-19 13:01 -------- ----- wc d: \ users \ Shirley \ AppData \ Roaming \ WinPatrol
2009-05-19 13:01. 2006-09-18 21:43 10 ---- Aw c: \ users \ Shirley \ AppData \ Roaming \ WinPatrol \ Config. sys
2009-05-19 13:01. 2006-09-18 21:43 24 ---- Aw c: \ users \ Shirley \ AppData \ Roaming \ WinPatrol \ Autoexe c.bat
2009-05-19 13:01. 2009-05-19 13:01 -------- ----- wc d: \ Program Files \ BillP Studios
2009-05-19 12:26. 2009-05-19 12:26 -------- ----- wc d: \ users \ Shirley \ AppData \ Roaming \ Malwarebytes
2009-05-19 12:26. 2009-04-06 19:32 15504 ---- Aw c: \ windows \ system32 \ drivers \ mbam.sys
2009-05-19 12:26. 2009-04-06 19:32 38496 ---- Aw c: \ windows \ system32 \ drivers \ mbamswissarmy.sys
2009-05-19 12:26. 2009-05-19 13:22 -------- ----- wc d: \ Program Files \ Malwarebytes' Anti-Malware
2009-05-19 12:26. 2009-05-19 12:26 -------- ----- wc d: \ programdata \ Malwarebytes
2009-05-19 11:53. 2009-05-19 11:53 0 ---- Aw c: \ windows \ nsreg.dat
2009-05-19 11:53. 2009-05-19 11:53 -------- ----- wc d: \ users \ Shirley \ AppData \ Local \ Mozilla
2009-05-19 11:41. 2009-05-19 11:41 -------- ----- wc d: \ Program Files \ Common Files \ Adobe AIR
2009-05-19 11:38. 2009-05-19 12:45 -------- ----- wc d: \ programdata \ NOS
2009-05-19 11:29. 2009-05-19 11:29 -------- ----- wc d: \ users \ Shirley \ AppData \ Local \ Şapte Zip
2009-05-19 10:41. 2009-03-19 20:32 23400 ---- Aw c: \ windows \ system32 \ drivers \ GEARAspiWDM.sys
2009-05-19 10:41. 2008-04-17 16:12 107368 ---- Aw c: \ windows \ system32 \ GEARAspi.dll
2009-05-19 10:41. 2009-05-20 01:10 -------- ----- wc d: \ Program Files \ iPod
2009-05-19 10:41. 2009-05-19 10:41 -------- ----- wc d: \ programdata \ (8CD7F5AF-ECFA-4793-BF40-D8F42DBFF906)
2009-05-19 10:41. 2009-05-19 10:41 -------- ----- wc d: \ Program Files \ iTunes
2009-05-19 10:38. 2009-05-19 10:38 -------- ----- wc d: \ Program Files \ QuickTime
2009-05-19 10:34. 2009-05-19 10:34 75048 ---- Aw C: \ programdata \ Apple Computer \ Installer Cache \ iTunes 8.1.1.10 \ SetupAdmin.exe
2009-05-19 10:34. 2009-05-19 10:34 -------- ----- wc d: \ Program Files \ Bonjour
2009-05-19 10:33. 2009-05-19 10:33 416128 ---- Aw C: \ programdata \ Microsoft \ eHome \ Packages \ NetTV \ frunţii se \ NetTVResources.dll
2009-05-19 10:29. 2009-05-19 10:29 410984 ---- Aw c: \ windows \ system32 \ deploytk.dll
2009-05-12 02:36. 2009-05-12 02:36 2930 --- h - wc: \ windows \ ms49f4d98.dat
2009-05-11 23:55. 2009-04-14 00:39 4656976 ---- Aw C: \ programdata \ Microsoft \ Windows Defender \ Definitie Updates \ (DD7D9A19-5FB4-4855-A8E0-F0A00524AD5E) \ mpengine.dll

.
(((((((((((((((((((((((((((((((((((((((( Find3M Raport )))))))) ))))))))))))))))))))))))))))))))))))))))))))
.
2009-05-24 08:39. 2009-02-17 13:54 602 Aw ---- C: \ programdata \ ArcSoft \ Kodak-printcreations-22-080812-oem \ acforall.dll
2009-05-24 04:22. 2008-09-12 01:46 -------- ----- wc d: \ Program Files \ Google
2009-05-20 11:55. 2008-09-11 17:01 104472 ---- Aw c: \ users \ Shirley \ AppData \ Local \ GDIPFONTCACHEV1.DAT
2009-05-20 11:51. 2008-02-05 19:30 -------- ----- wc d: \ programdata \ Microsoft Ajutor
2009-05-20 11:49. 2008-02-05 19:31 -------- ----- wc d: \ Program Files \ Microsoft Works
2009-05-20 03:54. 2008-09-12 14:01 -------- ----- wc d: \ Program Files \ Lx_cats
2009-05-20 00:42. 2008-02-05 20:19 -------- ----- wc d: \ Program Files \ Common Files \ Adobe
2009-05-19 23:28. 2008-02-05 19:26 -------- d - h - wc: \ Program Files \ InstallShield Installation Information
2009-05-19 23:27. 2008-02-05 19:49 -------- ----- wc d: \ Program Files \ Acer Arcade Live
2009-05-19 23:20. 2008-09-15 23:24 -------- ----- wc d: \ users \ Shirley \ AppData \ Roaming \ CyberLink
2009-05-19 21:38. 2008-09-12 20:56 -------- ----- wc d: \ Program Files \ Common Files \ SureThing partajate
2009-05-19 21:04. 2008-09-12 14:09 1664 ---- Aw c: \ users \ Shirley \ AppData \ Roaming \ wklnhst.dat
2009-05-19 17:29. 2009-03-04 15:55 -------- ----- wc d: \ users \ Shirley \ AppData \ Roaming \ Sony
2009-05-19 17:20. 2008-02-05 19:22 -------- ----- wc d: \ programdata \ NVIDIA
2009-05-19 16:54. 2008-02-05 18:03 36864 ---- Aw c: \ windows \ system32 \ nvcod100.dll
2009-05-19 16:54. 2007-10-25 11:02 147456 ---- Aw c: \ windows \ system32 \ nvcolor.exe
2009-05-19 16:13. 2008-09-12 01:47 -------- ----- wc d: \ users \ Shirley \ AppData \ Roaming \ LimeWire
2009-05-19 11:32. 2008-02-05 20:08 -------- ----- wc d: \ Program Files \ Yahoo!
2009-05-19 11:05. 2008-09-12 01:45 -------- ----- wc d: \ Program Files \ Java
2009-05-19 10:41. 2008-09-13 03:14 -------- ----- wc d: \ Program Files \ Common Files \ Apple
2009-05-19 10:38. 2008-09-13 03:15 -------- ----- wc d: \ programdata \ Apple Computer
2009-05-11 12:10. 2009-05-11 12:10 78260 ---- Aw C: \ programdata \ SPL23D4.tmp
2009-04-17 10:12. 2006-11-02 11:18 -------- ----- wc d: \ Program Files \ Windows Mail
2009-04-02 22:13. 2009-04-02 22:13 702127 ---- Aw C: \ programdata \ SPLFB91.tmp
2009-03-19 20:32. 2009-03-19 20:32 23400 ---- Aw C: \ programdata \ (8CD7F5AF-ECFA-4793-BF40-D8F42DBFF906) \ x86 \ x86 \ GEARAspiWDM.sys
2009-03-17 03:38. 2009-04-17 05:22 13824 ---- Aw c: \ windows \ system32 \ apilogen.dll
2009-03-17 03:38. 2009-04-17 05:22 24064 ---- Aw c: \ windows \ system32 \ amxread.dll
2009-03-08 11:34. 2009-05-20 03:47 914944 ---- Aw c: \ windows \ system32 \ Wininet.dll
2009-03-08 11:34. 2009-05-20 03:47 43008 ---- Aw c: \ windows \ system32 \ licmgr10.dll
2009-03-08 11:33. 2009-05-20 03:47 18944 ---- Aw c: \ windows \ system32 \ corpol.dll
2009-03-08 11:33. 2009-05-20 03:47 109056 ---- Aw c: \ windows \ system32 \ iesysprep.dll
2009-03-08 11:33. 2009-05-20 03:47 109568 ---- Aw c: \ windows \ system32 \ PDMSetup.exe
2009-03-08 11:33. 2009-05-20 03:47 107520 ---- Aw c: \ windows \ system32 \ RegisterIEPKEYs.exe
2009-03-08 11:33. 2009-05-20 03:47 103936 ---- Aw c: \ windows \ system32 \ SetDepNx.exe
2009-03-08 11:33. 2009-05-20 03:47 132608 ---- Aw c: \ windows \ system32 \ ieUnatt.exe
2009-03-08 11:33. 2009-05-20 03:47 107008 ---- Aw c: \ windows \ system32 \ SetIEInstalledDate.exe
2009-03-08 11:33. 2009-05-20 03:47 420352 ---- Aw c: \ windows \ system32 \ vbscript.dll
2009-03-08 11:32. 2009-05-20 03:47 72704 ---- Aw c: \ windows \ system32 \ admparse.dll
2009-03-08 11:32. 2009-05-20 03:47 71680 ---- Aw c: \ windows \ system32 \ iesetup.dll
2009-03-08 11:32. 2009-05-20 03:47 66560 ---- Aw c: \ windows \ system32 \ wextract.exe
2009-03-08 11:32. 2009-05-20 03:47 169472 ---- Aw c: \ windows \ system32 \ iexpress.exe
2009-03-08 11:31. 2009-05-20 03:47 34816 ---- Aw c: \ windows \ system32 \ imgutil.dll
2009-03-08 11:31. 2009-05-20 03:47 48128 ---- Aw c: \ windows \ system32 \ mshtmler.dll
2009-03-08 11:31. 2009-05-20 03:47 45568 ---- Aw c: \ windows \ system32 \ mshta.exe
2009-03-08 11:22. 2009-05-20 03:47 156160 ---- Aw c: \ windows \ system32 \ msls31.dll
2009-03-03 04:46. 2009-04-17 05:22 3599328 ---- Aw c: \ windows \ system32 \ ntkrnlpa.exe
2009-03-03 04:46. 2009-04-17 05:22 3547632 ---- Aw c: \ windows \ system32 \ ntoskrnl.exe
2009-03-03 04:39. 2009-04-17 05:22 183296 ---- Aw c: \ windows \ system32 \ sdohlp.dll
2009-03-03 04:39. 2009-04-17 05:22 551424 ---- Aw c: \ windows \ system32 \ rpcss.dll
2009-03-03 04:39. 2009-04-17 05:22 26112 ---- Aw c: \ windows \ system32 \ printfilterpipelineprxy.dll
2009-03-03 04:37. 2009-04-17 05:22 98304 ---- Aw c: \ windows \ system32 \ iasrecst.dll
2009-03-03 04:37. 2009-04-17 05:22 54784 ---- Aw c: \ windows \ system32 \ iasads.dll
2009-03-03 04:37. 2009-04-17 05:22 44032 ---- Aw c: \ windows \ system32 \ iasdatastore.dll
2009-03-03 03:04. 2009-04-17 05:22 666624 ---- Aw c: \ windows \ system32 \ printfilterpipelinesvc.exe
2009-03-03 02:38. 2009-04-17 05:22 17408 ---- Aw c: \ windows \ system32 \ iashost.exe
.

((((((((((((((((((((((((((((((((((((( Reg Se incarca Puncte )))))))))) ))))))))))))))))))))))))))))))))))))))))
.
.
* Nota * gol intrări & legit default intrări nu sunt afişate
REGEDIT4

[HKEY_CURRENT_USER \ SOFTWARE \ Microsoft \ Windows \ Curre ntVersion \ Run]
"ehTray.exe" = "c: \ windows \ ehome \ ehTray.exe" [2008-01-21 125952]
"OM2_Monitor" = "C: \ Program Files \ OLYMPUS \ OLYMPUS Master 2 \ MMonitor.exe" [2008-11-07 95536]
"WMPNSCFG" = "C: \ Program Files \ Windows Media Player \ WMPNSCFG.exe" [2008-01-21 202240]
"Eraser" = "C: \ Program Files \ Eraser \ Eraser.exe" [2007-12-22 916240]
"SUPERAntiSpyware" = "C: \ Program Files \ SUPERAntiSpyware \ SUPERAntiSpyware.exe" [2009-05-14 1830128]

[HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ Windows \ Curr entVersion \ Run]
"BkupTray" = "C: \ Program Files \ NewTech Infosystems \ NTI Backup Acum 5 \ BkupTray.exe" [2007-12-30 34552]
"Acer putere Tehnologie Monitor" = "C: \ Acer \ putere Tehnologie \ SysMonitor.exe" [2008-01-10 326176]
"SMSERIAL" = "C: \ Program Files \ Motorola \ SMSERIAL \ sm56hlpr.exe" [2007-02-02 630784]
"Acer Înregistrare produs" = "C: \ Program Files \ Acer inregistrare \ ACE1.exe" [2007-10-15 3387392]
"NVRaidService" = "c: \ windows \ system32 \ nvraidservice. Exe" [2008-11-12 203296]
"LXCECATS" = "c: \ windows \ system32 \ bobina \ DRIVERS \ W32X 86 \ 3 \ LXCEtime.dll" [2007-02-22 73728]
"lxcemon.exe" = "C: \ Program Files \ Lexmark 4300 Series \ lxcemon.exe" [2007-05-17 205744]
"EzPrint" = "C: \ Program Files \ Lexmark 4300 Series \ ezprint.exe" [2007-05-17 103344]
"Connection ArcSoft Service" = "C: \ Program Files \ Common Files \ ArcSoft \ Connection Service \ bin \ ACDaemon.exe" [2009-04-29 188728]
"QuickTime Task" = "C: \ Program Files \ QuickTime \ QTTask.exe" [2009-01-05 413696]
"iTunesHelper" = "C: \ Program Files \ iTunes \ iTunesHelper.exe" [2009-04-02 342312]
"SunJavaUpdateSched" = "C: \ Program Files \ Java \ jre6 \ bin \ jusched.exe" [2009-05-19 148888]
"Adobe Reader Speed Launcher" = "C: \ Program Files \ Adobe \ Reader 9.0 \ Reader \ Reader_sl.exe" [2009-02-27 35696]
"WinPatrol" = "C: \ Program Files \ BillP Studios \ WinPatrol \ winpatrol.exe" [2009-04-20 337216]
"NvCplDaemon" = "c: \ windows \ system32 \ NvCpl.dll" [2009-01-16 13683232]
"NvMediaCenter" = "c: \ windows \ system32 \ NvMcTray. Dll" [2009-01-16 92704]
"stai!" = "c: \ progra ~ 1 \ ALWILS ~ 1 \ Avast4 \ ashDisp. exe" [2009-02-05 81000]
"RtHDVCpl" = "RtHDVCpl.exe" - c: \ windows \ RtHDVCpl.exe [2007-10-11 4702208]

C: \ programdata \ Microsoft \ Windows \ Start Menu \ Programs \ Startup \
Imputernicirea Tehnologie Launcher.lnk - C: \ Acer \ Imputernicirea Tehnologie \ eAPLauncher.exe [2008-2-5 535336]
Kodak EasyShare software.lnk - C: \ Program Files \ Kodak \ Kodak EasyShare software \ bin \ EasyShare.exe [2008-10-30 282624]

[HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ windows \ curr entversion \ policies \ system]
"EnableUIADesktopToggle" = 0 (0x0)
"EnableLUA" = 0 (0x0)

[HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ windows \ curr entversion \ Explorer \ ShellExecuteHooks]
"(5AE067D3-9AFB-48E0-853A-EBB7F4A000DA)" = "C: \ Program Files \ SUPERAntiSpyware \ SASSEH.DLL" [2008-05-13 77824]

[HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ Windows NT \ CurrentVersion \ Winlogon \ notifice \! SASWinLogon]
2008-12-22 16:05 356352 ---- Aw C: \ Program Files \ SUPERAntiSpyware \ SASWINLO.dll

HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ Windows NT \ CurrentVersion \ drivers32
"wave2" = serwvdrv.dll

[HKEY_LOCAL_MACHINE \ SYSTEM \ CurrentControlSet \ Contro l \ SafeBoot \ Minimal \ WinDefend]
@ = "Service"

[HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ Security Center \ Monitorizarea]
"DisableMonitoring" = dword: 00000001

[HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ Security Center \ Monitorizarea \ SymantecAntiVirus]
"DisableMonitoring" = dword: 00000001

[HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ Security Center \ Monitorizarea \ SymantecFirewall]
"DisableMonitoring" = dword: 00000001

[HKLM \ ~ \ Services \ sharedaccess \ Parameters \ firewallpo licy \ FirewallRules]
"(2E9A4533-1359-46B6-B326-2B899D73FD10)" = UDP: C: \ Program Files \ Microsoft Office \ Office12 \ ONENOTE.EXE: Microsoft Office OneNote
"(ADE9CF49-7A0E-4076-9B85-7648EC5E7736)" = TCP: C: \ Program Files \ Microsoft Office \ Office12 \ ONENOTE.EXE: Microsoft Office OneNote
"(6299EEE5-1856-4B10-9916-798B1C1AEF89)" = UDP: C: \ Program Files \ NewTech Infosystems \ NTI Backup Acum 5 \ BackupSvc.exe: BackupSvc.exe
"(F3CFA48D-AE6A-482E-96D7-2390C5C0FDF5)" = UDP: C: \ Program Files \ NewTech Infosystems \ NTI Backup Acum 5 \ Client \ Agentsvc.exe: AgentSvc.exe
"(D430641B-178B-4C39-B53C-F6B3221DB01A)" = TCP: C: \ Program Files \ NewTech Infosystems \ NTI Backup Acum 5 \ BackupSvc.exe: BackupSvc.exe
"(948000F3-8719-4206-B4C5-6506B663184F)" = TCP: C: \ Program Files \ NewTech Infosystems \ NTI Backup Acum 5 \ Client \ Agentsvc.exe: AgentSvc.exe
"(8BCD640B-594A-465F-8A9E-E5A6C07DC081)" = UDP: C: \ Program Files \ NewTech Infosystems \ NTI Backup Acum 5 \ SchedulerSvc.exe: SchedulerSvc.exe
"(7B6B3B53-9D2B-40C9-B91F-FE85E1D6A25A)" = TCP: C: \ Program Files \ NewTech Infosystems \ NTI Backup Acum 5 \ SchedulerSvc.exe: SchedulerSvc.exe
"(CA5E49E2-2662-4B15-BE6C-0FC7F1CC3A1B)" = UDP: c: \ windows \ system32 \ lxcecoms.exe: Lexmark Communications System
"(61DAEE1D-D19E-4F1A-B41E-603246AF524C)" = TCP: c: \ windows \ system32 \ lxcecoms.exe: Lexmark Communications System
"(EB8798E6-358B-4DDA-A219-21BBC5D3C79A)" = UDP: c: \ windows \ system32 \ bobina \ drivers \ w32x86 \ 3 \ lxc epswx.exe: starea imprimantei Window
"(C513D5EB-73E1-4ED7-A04C-C37C9E69B4B0)" = TCP: c: \ windows \ system32 \ bobina \ drivers \ w32x86 \ 3 \ lxc epswx.exe: starea imprimantei Window
"(99976595-B4E1-4C9A-A3DE-A67AEDEE9B55)" = C: \ Program Files \ Acer Arcade Live \ Acer Arcade Live Pagina principală \ Acer Arcade Live.exe: Acer Arcade Live
"(7A37205C-E643-4464-8C27-FAFCC859102D)" = UDP: C: \ Program Files \ Microsoft Office \ Office12 \ ONENOTE.EXE: Microsoft Office OneNote
"(1DF156D1-94E3-4B3D-A91E-724DFC89819E)" = TCP: C: \ Program Files \ Microsoft Office \ Office12 \ ONENOTE.EXE: Microsoft Office OneNote
"(B7DA4A0B-FA80-40F6-A9A6-B737F64A2D2D)" = UDP: C: \ Program Files \ Bonjour \ mDNSResponder.exe: Bonjour
"(D7D156E3-7B84-41F2-9FD8-CF9860453F65)" = TCP: C: \ Program Files \ Bonjour \ mDNSResponder.exe: Bonjour
"(F8CDA590-0FD3-4E40-8A6C-9850B1E5C2AB)" = UDP: C: \ Program Files \ iTunes \ iTunes.exe: iTunes
"(F6A110DE-6630-4823-B892-60950EB9ED71)" = TCP: C: \ Program Files \ iTunes \ iTunes.exe: iTunes
"(8640BFAB-48CC-1B85-95D5-9AABB44E4D95)" = UDP: C: \ Program Files \ BillP Studios \ WinPatrol \ WinPatrol.exe: WinPatrol
"(6CC4A3BE-8F00-4983-B199-3050D54509B8)" = TCP: C: \ Program Files \ BillP Studios \ WinPatrol \ WinPatrol.exe: WinPatrol
"(1EA08720-DA12-4CDE-8A5A-AF15D91C1E5F)" = UDP: C: \ Program Files \ Malwarebytes' Anti-Malware \ mbam.exe: Malwarebytes' Anti-Malware
"(DDDCF108-71DF-48CD-AD53-71D17C3F2C5C)" = TCP: C: \ Program Files \ Malwarebytes' Anti-Malware \ mbam.exe: Malwarebytes' Anti-Malware
"(F98C3B13-2099-40EC-B504-2445C9C5B1B0)" = UDP: C: \ Program Files \ Spybot - Search & Destroy \ SpybotSD.exe: Spybot - Search & Destroy
"(3DB81CCD-4E96-40B3-8CA9-0089C89C294B)" = TCP: C: \ Program Files \ Spybot - Search & Destroy \ SpybotSD.exe: Spybot - Search & Destroy
"(918FE1A4-6957-4640-97D9-C85BED212614)" = UDP: C: \ Program Files \ Spybot - Search & Destroy \ SDUpdate.exe: Update Spybot-S & D
"(877DB07F-9298-486A-BB5B-930AF3A683AA)" = TCP: C: \ Program Files \ Spybot - Search & Destroy \ SDUpdate.exe: Update Spybot-S & D
"(5A664831-D250-4805-BB75-32612C9742F8)" = UDP: c: \ windows \ ehome \ ehshell.exe: Windows Media Center
"(2A157C0E-5966-4B7E-8D49-178D75EA6009)" = TCP: c: \ windows \ ehome \ ehshell.exe: Windows Media Center

[HKLM \ ~ \ Services \ sharedaccess \ Parameters \ firewallpo licy \ StandardProfile]
"EnableFirewall" = 0 (0x0)

R1 aswSP; stai! Self Protecţia; C: \ windows \ system32 \ drivers \ aswSP.sys [5.22.2009 11:06 114768]
R1 FAMv4; FAMv4; c: \ windows \ system32 \ drivers \ FAMv4.sys [12.14.2007 3:35 132120]
R1 SASDIFSV; SASDIFSV; C: \ Program Files \ SUPERAntiSpyware \ sasdifsv.sys [5.14.2009 2:22 9968]
R1 SASKUTIL; SASKUTIL; C: \ Program Files \ SUPERAntiSpyware \ SASKUTIL.SYS [5.14.2009 2:22 72944]
R2 aswFsBlk; aswFsBlk; c: \ windows \ system32 \ drivers \ aswF sBlk.sys [5.22.2009 11:06 20560]
R2 aswMonFlt; aswMonFlt; c: \ windows \ system32 \ drivers \ ca wMonFlt.sys [5.22.2009 11:06 51792]
R2 BUNAgentSvc; NTI Backup Acum 5 Agent de servicii; C: \ Program Files \ NewTech Infosystems \ NTI Backup Acum 5 \ Client \ Agentsvc.exe [12.30.2007 5:54 21752]
R2 NTIBackupSvc; NTI Backup Acum 5 Backup Service; C: \ Program Files \ NewTech Infosystems \ NTI Backup Acum 5 \ BackupSvc.exe [12.30.2007 5:55 54520]
R2 NTISchedulerSvc; NTI Backup Acum 5 Scheduler Service; C: \ Program Files \ NewTech Infosystems \ NTI Backup Acum 5 \ SchedulerSvc.exe [12.30.2007 5:54 136440]
R2 SBSDWSCService; SBSD Security Center Service; C: \ Program Files \ Spybot - Search & Destroy \ SDWinSec.exe [5.19.2009 10:04 1153368]
R3 SASENUM; SASENUM; C: \ Program Files \ SUPERAntiSpyware \ SASENUM.SYS [5.14.2009 2:22 7408]

[HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ Active Setup \ instalate componente \> (60B49E34-C7CC-11D0-8953-00A0C90347FF)]
"c: \ windows \ system32 \ rundll32.exe" "c: \ windows \ system32 \ iedkcs32.dll", BrandIEActiveSe mârli Înscriere
.
- - - - ORFANI ELIMINAT - - - --

SafeBoot-procexp90.Sys


.
------- Suplimentare Scan -------
.
uStart Page = hxxp: / / www.yahoo.com/
mStart Page = hxxp: / / en.us.acer.yahoo.com
uInternet Setări, ProxyOverride = <local>; *. locale
uInternet Setări, ProxyServer = http = localhost: 7171
IE: E & xportaţi la Microsoft Excel - c: \ progra ~ 1 \ milionimi ~ 2 \ Office12 \ EXCEL.EXE/3000
Zona de încredere: microsoft.com \ actualizare
Zona de încredere: microsoft.com \ WindowsUpdate
FF - ProfilePath - c: \ users \ Shirley \ AppData \ Roaming \ Mozilla \ Firefox \ rofiles P \ j0dqrqc6.default \
FF - prefs.js: browser.startup.homepage - hxxp: / / en.us.acer.yahoo.com /
.

************************************************** ************************

catchme 0.3.1398 W2K/XP/Vista - rootkit / stealth malware detector de Gmer, http://www.gmer.net
Rootkit scan 2009-05-24 04:54
Windows 6.0.6001 Service Pack 1 NTFS

scanare ascuns procese ...

scanare ascuns autostart intrări ...

HKLM \ Software \ Microsoft \ Windows \ CurrentVersion \ Run
LXCECATS = rundll32 C: \ windows \ system32 \ bobina \ DRIVERS \ W32X86 \ 3 \ LXCEtim e.dll, _RunDLLEntry @ 16 ???????????????????????? ????? ?????????????????????????????????????????????????? ?????????????????????????????????????????????????? ??????????????????????????????????????????????????

scanare fişiere ascunse ...

scanare sa finalizat cu succes
fişiere ascunse: 0

************************************************** ************************
.
--------------------- Blocat chei din registri ---------------------

[HKEY_LOCAL_MACHINE \ SYSTEM \ ControlSet001 \ Control \ Cl cur \ (4D36E96D-E325-11CE-BFC1-08002BE10318) \0000 \ AllUserSettings]
@ Refuzul: (A) (Utilizatorii)
@ Refuzul: (A) (Toti)
@ Permise: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial" = dword: 00000000
.
Completion time: 2009-05-24 4:55
ComboFix-carantină-files.txt 2009-05-24 08:55

Pre-Run: 173756547072 bytes liber
Post-Run: 173859581952 bytes liber

269 --- EOF --- 2009-05-17 10:04

ADAUGA Remove Programs

Microsoft Office Shared MUI (în limba engleză) 2007
Microsoft Office Shared Metadata MUI Setup (în limba engleză) 2007
Microsoft Office Word MUI (în limba engleză) 2007
Microsoft Silverlight
Microsoft Visual C + + 2005 redistribuibil
Microsoft Visual C + + 2008 redistribuibil - x86 9.0.30729.17
Microsoft Works
Motorola SM56 difuzorul Modem
Mozilla Firefox (3.0.10)
MSXML 4.0 SP2 (KB936181)
MSXML 4.0 SP2 (KB941833)
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 Parser SP2 şi SDK
Mystery Case Files - Huntsville
Mystery Solitaire - Secret Island
netbrdg
NTI Backup Acum 5
NTI Backup Acum Standard
NTI Media Maker 8
NTI Open File Manager (elimina numai)
NVIDIA Drivere
OfotoXMI
OLYMPUS Master 2
OLYMPUS muvee theaterPack
PCDADDIN
PCDHELP
QuickTime
Realtek High Definition Audio Driver
Actualizare de securitate pentru Microsoft Office PowerPoint 2007 (KB957789)
SFR
Shasta
skin0001
SKINXSDK
Spybot - Search & Destroy
staticcr
SUPERAntiSpyware Free Edition
tooltips
Turbo Pizza
Actualizare pentru Microsoft Office 2007 System (KB967642)
Actualizare pentru Microsoft Office 2007 Ajutor pentru caracteristicile comune (KB963673)
Actualizare pentru Microsoft Office Excel 2007 de Ajutor (KB963678)
Actualizare pentru Microsoft Office OneNote 2007 Ajutor (KB963670)
Actualizare pentru Microsoft Office PowerPoint 2007 de Ajutor (KB963669)
Actualizare pentru Microsoft Office Script Editor Ajutor (KB963671)
Actualizare pentru Microsoft Office Word 2007 de Ajutor (KB963665)
VPRINTOL
Windows Live OneCare siguranţă scanerului
WinPatrol 2009
WIRELESS
Zuma Deluxe

EDIT: Trei mai multe întrebări: Am observat LimeWire DLL, poate că ne omoare?

LTI Deşi este un program, este necesar? Cred că a venit cu acest pachet de prost Acer calculator (om nu-i aşa încărcătură aceste lucruri cu drog), şi este care au fost concediaţi de la Microsoft, construit in program.

LT Pisici, este construit in spyware lprinter de la producător, Lenmark. Am crezut ca am luat-o pertinente părţi, dar nu am fost sigur cât de mult pentru a topor fără dezactivarea imprimantă. Putem merge mai este sau ceea ce este bine stânga?

[sjb007]

Max Bubba

Vă rugăm să se joace cu dont HJT cu excepţia cazului în care aţi înţeles lucrările de ea. Trebuie să-ţi aminteşti că HJT este în vigoare un Registry Editor instrument într-un alt context. I-ar te urăsc pentru a transforma PC-ul într-o scump la usa! Cele două intrări 02 pe care le elimină sunt legit, deşi rapoartele de fişier lipseşte ca acest lucru nu este întotdeauna cazul. HJT este cunoscut pentru misreport anumite puncte.

În ceea ce priveşte LimeWire, aţi dezinstalat-o prin panoul de control? Dacă este aşa, atunci ne putem îmbujora un cuplu de mai multe elemente care sunt redundante stânga peste.

Văd câteva biţi care se referă la Norton, acest pachet a fost de pe PC la un moment dat? Vă rugăm să rula norton eliminarea instrument pentru a înlătura de reminants. Puteţi găsi aici instrument: Norton Eliminarea Unealtă

Odată ce face ......

Combofix

• Închideţi orice deschide browsere.
• Închideţi orice aplicatiile de securitate (antivirus, Antimalware, etc.)
• Deschide notepad şi copie / lipi textul în caseta de mai jos în el:

Citat:

DDS::
uInternet Setări, ProxyOverride = <local>; *. locale
uInternet Setări, ProxyServer = http = localhost: 7171

RegLock::
[HKEY_LOCAL_MACHINE \ SYSTEM \ ControlSet001 \ Control \ Cl cur \ (4D36E96D-E325-11CE-BFC1-08002BE10318) \ 0000 \ AllUserSettings]

Privind la imaginea de mai jos ca exemplu



Salvaţi-l ca CFScript.txt, În aceeaşi locaţie ca ComboFix.exe



Referindu-se la poza de mai sus, glisaţi CFScript pe ComboFix.exe.

Când aţi terminat, se va produce un jurnal pentru tine la "C: \ ComboFix.txt"

Nu mouseclick combofix fereastra în timp ce se execută. Acest lucru poate cauza aceasta pentru a se bloca.

ATENTIE! Altcineva gândire de a folosi script-ul de mai sus face acest lucru pe propria răspundere - s-ar putea să sfârşesc prin a avea de a re-instala Windows!

Vă rugăm să post de jurnal C: \ ComboFix.txt pentru mai mult de revizuire.

=====================================

Am vazut ca a dezinstala jurnal a fost tăiat în partea de sus, poti sa-l repost pentru mine te rog. De asemenea, să-mi actualizat la data de lucruri cum sunt sistemul de înţelept

[Bubba]

LimeWire nu ar apărea în cadrul programelor şi caracteristică panou pentru a dezinstala. fişierele la "Run" Am găsit-o a fost app imagini, nu exe, asa ca am trudged prin C conduce vehicule sau de a sterge tot ce am putut găsi. Văd că am pierdut cel puţin unul din registry totusi.

Ca şi pentru Norton ........ Da, Acer încărcate pe o versiune de încercare. Am dezinstalat-o prin intermediul panoului de control şi apoi utilizat de Norton eliminarea instrument. (Asta a fost primul lucru care l-am facut-o, chiar înainte de a-mi încărcate spybot, Winpatrol, iar restul de lucruri.) Când am fost trecerea prin C conduce imagini, am pastrat a găsi mai multe resturi de Norton si sterge-le ca m-am dus. Aceasta nu a avut loc la mine pentru a executa din nou, dar voi face acest lucru acum.

LOL Cei trei imagini în Combofix au fost cele trei am fost cel mai curios. Nu ar trebui să existe un proxy gazdă, nici nu cred că ar trebui să fie blocat profile pentru toată lumea. Dar eu nu s-au studiat încă Combofix acesta fiind motivul pentru care nu am să-l utilizaţi mine, ca atare, am fost clueless ca la ceea ce-a face cu cele trei, sau chiar în cazul în care acestea au fost, de fapt, "rău".

Îmi pare rău de tăiere capul de dezinstalare jurnal, ceea ce este o prostie este M-am uitat la ea de două ori, deoarece acesta nu a avut nici un setare, şi a pierdut ambele ori greseala mea.

EDIT: şi încă a uitat să-l post:

Suita Microsoft Office 2007 Service Pack 2 (SP2)
Acer Arcade Live Pagina principală
Acer Imputernicirea Tehnologie
Acer ePerformance Management
Acer eSettings Management
Acer GameZone Consola DTV 2.0.1.1
Acer de inregistrare
Acrobat.com
Adobe AIR
Adobe Flash Player 10 ActiveX
Adobe Flash Player 10 Plugin
Adobe Reader 9.1.1
Adobe Shockwave Player 11.5
Agatha Christie Moarte pe Nil
Alice Greenfingers
Apple Mobile Device Support
Apple Software Update
ArcSoft Print Creations
ArcSoft Print Creations - album Page
ArcSoft Print Creations - Funhouse
ArcSoft Print Creations - Felicitare
ArcSoft Print Creations - foto de carte
ArcSoft Print Creations - foto Calendar
ArcSoft Print Creations - album
ArcSoft Print Creations - Slimline Card
stai! Antivirus
Azada
Backspin Billiards
Big Kahuna Reef
Bonjour
Şoarece de bibliotecă Deluxe
Caramizi din Egipt
Cake Mania
CCScore
Chicken Invaders 3
Chuzzle
Diner Dash Flo pe Go
Eraser
ESSBrwr
ESSCDBK
ESScore
ESSgui
ESSini
ESSPCD
ESSPDock
ESSTOOLS
essvatgt
Flip Words 2
HijackThis 2.0.2
Remediere rapidă pentru Microsoft. NET Framework 3.5 SP1 (KB953595)
Remediere rapidă pentru Microsoft. NET Framework 3.5 SP1 (KB958484)
iTunes
Java (TM) 6 Update 13
Jewel Quest Solitaire
kgcbaby
kgchday
kgchlwn
kgcinvt
kgckids
kgcmove
kgcvday
Kick N Rush
Kodak EasyShare software
Kodak Gallery Upload Software
Lexmark 4300 Series
Mahjong Escape China antică
Mahjongg artifacts
Malwarebytes' Anti-Malware
Memorex exPressit Label Design Studio
Microsoft. NET Framework 3.5 SP1
Microsoft Office Excel MUI (în limba engleză) 2007
Microsoft Office Home and Student 2007
Microsoft Office OneNote MUI (în limba engleză) 2007
Microsoft Office PowerPoint MUI (în limba engleză) 2007
Dovada Microsoft Office (în limba engleză) 2007
Microsoft Office Dovada (franceză) 2007
Microsoft Office Dovada (spaniolă) 2007
Microsoft Office Proofing (în limba engleză) 2007
Microsoft Office Shared MUI (în limba engleză) 2007
Microsoft Office Shared Metadata MUI Setup (în limba engleză) 2007
Microsoft Office Word MUI (în limba engleză) 2007
Microsoft Silverlight
Microsoft Visual C + + 2005 redistribuibil
Microsoft Visual C + + 2008 redistribuibil - x86 9.0.30729.17
Microsoft Works
Motorola SM56 difuzorul Modem
Mozilla Firefox (3.0.10)
MSXML 4.0 SP2 (KB936181)
MSXML 4.0 SP2 (KB941833)
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 Parser SP2 şi SDK
Mystery Case Files - Huntsville
Mystery Solitaire - Secret Island
netbrdg
NTI Backup Acum 5
NTI Backup Acum Standard
NTI Media Maker 8
NTI Open File Manager (elimina numai)
NVIDIA Drivere
OfotoXMI
OLYMPUS Master 2
OLYMPUS muvee theaterPack
PCDADDIN
PCDHELP
QuickTime
Realtek High Definition Audio Driver
Actualizare de securitate pentru Microsoft Office PowerPoint 2007 (KB957789)
SFR
Shasta
skin0001
SKINXSDK
Spybot - Search & Destroy
staticcr
SUPERAntiSpyware Free Edition
tooltips
Turbo Pizza
Actualizare pentru Microsoft Office 2007 System (KB967642)
Actualizare pentru Microsoft Office 2007 Ajutor pentru caracteristicile comune (KB963673)
Actualizare pentru Microsoft Office Excel 2007 de Ajutor (KB963678)
Actualizare pentru Microsoft Office OneNote 2007 Ajutor (KB963670)
Actualizare pentru Microsoft Office PowerPoint 2007 de Ajutor (KB963669)
Actualizare pentru Microsoft Office Script Editor Ajutor (KB963671)
Actualizare pentru Microsoft Office Word 2007 de Ajutor (KB963665)
VPRINTOL
Windows Live OneCare siguranţă scanerului
WinPatrol 2009
WIRELESS
Zuma Deluxe

[sjb007]

Salut Bubba

Multumesc pentru lista actualizata a dezinstala - poti posta noi combofix jurnal pentru mine, astfel cum a fost solicitat.

Citat:

Ce ne caută în Combofix?

Practic doar nimic rău, combofix este în principal un instrument de analiză avansate, care ne oferă mai multe informaţii decât HJT

În ceea ce priveşte LTCats:
Din ceea ce am putea spune acest lucru este valabil de intrare, dar este clasificat ca "utilizator alegere" dacă-l rulează pe porni

În ceea ce priveşte LimeWire:
Nu pot vedea o serie de intrări, care sunt încă acolo, dar putem ge-le cu următorul fugi de combofix

[Bubba]

Ouch, computerul închis şi închide ca Parea ca Combofix a fost pe cale de a termina. Este rebooted şi am selectat safemode. Nu cred că a creat jurnal, dar nu ştiu sigur. Aici este Microsoft popup.

Windows a recuperat de la o închidere neaşteptată.

Problema semnătura:
Problema Eveniment Nume: ecran albastru
OS Version: 6.0.6001.2.1.0.768.3
Localizării ID: 1033

Informaţii suplimentare despre această problemă:

BCCode: 50
BCP1: E0858E9B
BCP2: 00000000
BCP3: 9B9D2D10
BCP4: 00000002
OS Version: 6_6_6001
Service Pack: 1_0
Produs: 768_1

Fişierele care descrie problema:

C \ Windows \ Minidump \ mini052409-01.dmp
C \ Users \ Shirley \ AppData \ temp \ WER-85644-0.systemdata.xml
C \ Users \ Shirley \ AppData \ Local \ Temp \ WERC6C7.tmp.ver sion.txt

Am plecat de pe acel computer care ecran în safemode. Ce vrei să faci cu ea? Sunt lăsând în safemode, până când am auzit ceva, trebuie să plec de film acum, se întoarce în aproximativ 3 ore. Omul este frumos lucru pe altcineva de calculator, aşa că am fi a mea de a mai primi ajutor pe aici.

EDIT: nu am incercat, dar sunt sigur că-mi pot lua aceste fişiere în safemode, dacă aveţi nevoie să ştii ce se spune, dar am de asemenea, nu ştiu cum să deschideţi un fişier XML.

[sjb007]

Max Bubba

Încercaţi repornirea vedea şi în cazul în care acesta cizme cu succes, din nou, dacă nu încercaţi apăsând F8 pentru a accesa de boot de pe ecran începe să ia cuvântul şi să aleagă opţiunea de Last Known Good Configuration.

[Bubba]

Este bootat şi acolo a fost un jurnal ComboFix2 acolo, este destul de identic cu primul, dar există o 10:04 timestamp referindu-se la o unitate de carantină jurnal. De quarentine jurnal este gol. Here is the file, nu ştiu dacă acesta este complet, sau ce vrei tu. Acum trebuie sa divizat.

ComboFix 09-05-23.04 - Shirley 05/24/2009 4:48.1 - NTFSx86
Microsoft ® Windows Vista ™ Home Premium 6.0.6001.1.1252.1.1033.18.2814.1916 [GMT -4:00]
Rularea de la: C: \ users \ Shirley \ Desktop \ ComboFix.exe
SP: Spybot - Search si Distruge handicap * * (expirată) (ED588FAF-1B8F-43B4-ACA8-8E3C85DADBE9)
SP: SUPERAntiSpyware * * handicap (Actualizat) (222A897C-5018-402e-943F-7E7AC8560DA7)
SP: Windows Defender activat * * (Actualizat) (D68DDC3A-831F-4FAE-9E44-DA132C1ACF46)
.

((((((((((((((((((((((((( Fişierele create de 2009-04-24 la 2009-05-24 ))))))))))) ))))))))))))))))))))
.

2009-05-22 23:57. 2009-05-24 08:40 117760 ---- Aw c: \ users \ Shirley \ AppData \ Roaming \ SUPERAntiSpyware. com \ SUPERAntiSpyware \ SDDLLS \ UIREPAIR.DLL
2009-05-22 23:56. 2009-05-22 23:56 -------- ----- wc d: \ programdata \ SUPERAntiSpyware.com
2009-05-22 23:52. 2009-05-22 23:52 -------- ----- wc d: \ Program Files \ SUPERAntiSpyware
2009-05-22 23:52. 2009-05-22 23:52 -------- ----- wc d: \ users \ Shirley \ AppData \ Roaming \ SUPERAntiSpyware. com
2009-05-22 20:36. 2009-05-22 20:36 -------- ----- wc d: \ Program Files \ Common Files \ Wise Installation Wizard
2009-05-22 15:06. 2009-02-05 20:06 51376 ---- Aw c: \ windows \ system32 \ drivers \ aswTdi.sys
2009-05-22 15:06. 2009-02-05 20:06 23152 ---- Aw c: \ windows \ system32 \ drivers \ aswRdr.sys
2009-05-22 15:06. 2009-02-05 20:07 114768 ---- Aw c: \ windows \ system32 \ drivers \ aswSP.sys
2009-05-22 15:06. 2009-02-05 20:07 20560 ---- Aw c: \ windows \ system32 \ drivers \ aswFsBlk.sys
2009-05-22 15:06. 2009-02-05 20:04 97480 ---- Aw c: \ windows \ system32 \ AvastSS.scr
2009-05-22 15:06. 2009-02-05 20:11 1256296 ---- Aw c: \ windows \ system32 \ aswBoot.exe
2009-05-22 15:06. 2009-02-05 20:06 51792 ---- Aw c: \ windows \ system32 \ drivers \ aswMonFlt.sys
2009-05-22 15:06. 2009-05-22 15:06 -------- ----- wc d: \ Program Files \ Alwil Software
2009-05-22 04:38. 2009-05-22 04:38 738120 ---- Aw C: \ programdata \ Microsoft \ eHome \ Packages \ MCESpotlig HT \ MCESpotlight \ SpotlightResources.dll
2009-05-20 12:43. 2008-06-20 01:14 97800 ---- Aw c: \ windows \ system32 \ infocardapi.dll
2009-05-20 12:43. 2008-06-20 01:14 105016 ---- Aw c: \ windows \ system32 \ PresentationCFFRasterizerNativ e_v0300.dll
2009-05-20 12:43. 2008-06-20 01:14 11264 ---- Aw c: \ windows \ system32 \ icardres.dll
2009-05-20 12:43. 2008-06-20 01:14 622080 ---- Aw c: \ windows \ system32 \ icardagt.exe
2009-05-20 12:43. 2008-06-20 01:14 43544 ---- Aw c: \ windows \ system32 \ PresentationHostProxy.dll
2009-05-20 12:43. 2008-06-20 01:14 781344 ---- Aw c: \ windows \ system32 \ PresentationNative_v0300.dll
2009-05-20 12:43. 2008-06-20 01:14 326160 ---- Aw c: \ windows \ system32 \ PresentationHost.exe
2009-05-20 12:33. 2008-07-27 18:03 96760 ---- Aw c: \ windows \ system32 \ dfshim.dll
2009-05-20 12:33. 2008-07-27 18:03 282112 ---- Aw c: \ windows \ system32 \ mscoree.dll
2009-05-20 12:33. 2008-07-27 18:03 41984 ---- Aw c: \ windows \ system32 \ netfxperf.dll
2009-05-20 12:32. 2008-07-27 18:03 158720 ---- Aw c: \ windows \ system32 \ mscorier.dll
2009-05-20 12:32. 2008-07-27 18:03 83968 ---- Aw c: \ windows \ system32 \ mscories.dll
2009-05-20 11:39. 2009-05-20 11:39 -------- ----- wc d: \ Program Files \ Microsoft Silverlight
2009-05-20 04:03. 2009-05-20 11:00 -------- ----- wc d: \ Program Files \ Windows Live siguranţă Center
2009-05-19 23:20. 2009-05-19 23:20 -------- ----- wc d: \ users \ Shirley \ AppData \ Local \ Acer DV Magicianul
2009-05-19 23:10. 2009-05-19 23:10 -------- ----- wc d: \ windows \ duminică
2009-05-19 20:40. 2009-05-19 20:40 -------- ----- wc d: \ users \ Shirley \ AppData \ Roaming \ com.adobe.mauby.4 875E02D9FB21EE389F73B8D1702B320485DF8CE.1
2009-05-19 20:40. 2009-05-19 11:41 38200 ---- Aw c: \ users \ Shirley \ AppData \ Roaming \ Macromedia \ Flash Player \http://www.macromedia.com \ bin \ airapp ... pinstaller.exe
2009-05-19 18:24. 2009-05-24 08:38 -------- ----- wc d: \ users \ Shirley \ AppData \ Local \ Eraser
2009-05-19 18:24. 2009-05-19 18:24 -------- d - h - wc: \ users \ Shirley \ AppData \ Local \ (A25FEDC1-F6D7-440C-BCE2-B71F595F6646)
2009-05-19 18:24. 2009-05-19 18:24 -------- ----- wc d: \ Program Files \ Eraser
2009-05-19 17:20. 2009-05-19 17:20 -------- ----- wc d: \ users \ Shirley \ AppData \ Roaming \ eSobi
2009-05-19 17:11. 2008-07-10 06:32 538 ---- Aw c: \ windows \ system32 \ RegRaidSedona.bat
2009-05-19 17:07. 2009-05-19 17:07 -------- d ----- w C: \ NVIDIA
2009-05-19 14:04. 2009-05-19 14:05 -------- ----- wc d: \ Program Files \ Spybot - Search & Destroy
2009-05-19 14:04. 2009-05-19 14:05 -------- ----- wc d: \ programdata \ Spybot - Search & Destroy
2009-05-19 13:01. 2009-05-19 13:01 -------- ----- wc d: \ users \ Shirley \ AppData \ Roaming \ WinPatrol
2009-05-19 13:01. 2006-09-18 21:43 10 ---- Aw c: \ users \ Shirley \ AppData \ Roaming \ WinPatrol \ Config. sys
2009-05-19 13:01. 2006-09-18 21:43 24 ---- Aw c: \ users \ Shirley \ AppData \ Roaming \ WinPatrol \ Autoexe c.bat
2009-05-19 13:01. 2009-05-19 13:01 -------- ----- wc d: \ Program Files \ BillP Studios
2009-05-19 12:26. 2009-05-19 12:26 -------- ----- wc d: \ users \ Shirley \ AppData \ Roaming \ Malwarebytes
2009-05-19 12:26. 2009-04-06 19:32 15504 ---- Aw c: \ windows \ system32 \ drivers \ mbam.sys
2009-05-19 12:26. 2009-04-06 19:32 38496 ---- Aw c: \ windows \ system32 \ drivers \ mbamswissarmy.sys
2009-05-19 12:26. 2009-05-19 13:22 -------- ----- wc d: \ Program Files \ Malwarebytes' Anti-Malware
2009-05-19 12:26. 2009-05-19 12:26 -------- ----- wc d: \ programdata \ Malwarebytes
2009-05-19 11:53. 2009-05-19 11:53 0 ---- Aw c: \ windows \ nsreg.dat
2009-05-19 11:53. 2009-05-19 11:53 -------- ----- wc d: \ users \ Shirley \ AppData \ Local \ Mozilla
2009-05-19 11:41. 2009-05-19 11:41 -------- ----- wc d: \ Program Files \ Common Files \ Adobe AIR
2009-05-19 11:38. 2009-05-19 12:45 -------- ----- wc d: \ programdata \ NOS
2009-05-19 11:29. 2009-05-19 11:29 -------- ----- wc d: \ users \ Shirley \ AppData \ Local \ Şapte Zip
2009-05-19 10:41. 2009-03-19 20:32 23400 ---- Aw c: \ windows \ system32 \ drivers \ GEARAspiWDM.sys
2009-05-19 10:41. 2008-04-17 16:12 107368 ---- Aw c: \ windows \ system32 \ GEARAspi.dll
2009-05-19 10:41. 2009-05-20 01:10 -------- ----- wc d: \ Program Files \ iPod
2009-05-19 10:41. 2009-05-19 10:41 -------- ----- wc d: \ programdata \ (8CD7F5AF-ECFA-4793-BF40-D8F42DBFF906)
2009-05-19 10:41. 2009-05-19 10:41 -------- ----- wc d: \ Program Files \ iTunes
2009-05-19 10:38. 2009-05-19 10:38 -------- ----- wc d: \ Program Files \ QuickTime
2009-05-19 10:34. 2009-05-19 10:34 75048 ---- Aw C: \ programdata \ Apple Computer \ Installer Cache \ iTunes 8.1.1.10 \ SetupAdmin.exe
2009-05-19 10:34. 2009-05-19 10:34 -------- ----- wc d: \ Program Files \ Bonjour
2009-05-19 10:33. 2009-05-19 10:33 416128 ---- Aw C: \ programdata \ Microsoft \ eHome \ Packages \ NetTV \ frunţii se \ NetTVResources.dll
2009-05-19 10:29. 2009-05-19 10:29 410984 ---- Aw c: \ windows \ system32 \ deploytk.dll
2009-05-12 02:36. 2009-05-12 02:36 2930 --- h - wc: \ windows \ ms49f4d98.dat
2009-05-11 23:55. 2009-04-14 00:39 4656976 ---- Aw C: \ programdata \ Microsoft \ Windows Defender \ Definitie Updates \ (DD7D9A19-5FB4-4855-A8E0-F0A00524AD5E) \ mpengine.dll

.
(((((((((((((((((((((((((((((((((((((((( Find3M Raport )))))))) ))))))))))))))))))))))))))))))))))))))))))))
.
2009-05-24 08:39. 2009-02-17 13:54 602 Aw ---- C: \ programdata \ ArcSoft \ Kodak-printcreations-22-080812-oem \ acforall.dll
2009-05-24 04:22. 2008-09-12 01:46 -------- ----- wc d: \ Program Files \ Google
2009-05-20 11:55. 2008-09-11 17:01 104472 ---- Aw c: \ users \ Shirley \ AppData \ Local \ GDIPFONTCACHEV1.DAT
2009-05-20 11:51. 2008-02-05 19:30 -------- ----- wc d: \ programdata \ Microsoft Ajutor
2009-05-20 11:49. 2008-02-05 19:31 -------- ----- wc d: \ Program Files \ Microsoft Works
2009-05-20 03:54. 2008-09-12 14:01 -------- ----- wc d: \ Program Files \ Lx_cats
2009-05-20 00:42. 2008-02-05 20:19 -------- ----- wc d: \ Program Files \ Common Files \ Adobe
2009-05-19 23:28. 2008-02-05 19:26 -------- d - h - wc: \ Program Files \ InstallShield Installation Information
2009-05-19 23:27. 2008-02-05 19:49 -------- ----- wc d: \ Program Files \ Acer Arcade Live
2009-05-19 23:20. 2008-09-15 23:24 -------- ----- wc d: \ users \ Shirley \ AppData \ Roaming \ CyberLink
2009-05-19 21:38. 2008-09-12 20:56 -------- ----- wc d: \ Program Files \ Common Files \ SureThing partajate
2009-05-19 21:04. 2008-09-12 14:09 1664 ---- Aw c: \ users \ Shirley \ AppData \ Roaming \ wklnhst.dat
2009-05-19 17:29. 2009-03-04 15:55 -------- ----- wc d: \ users \ Shirley \ AppData \ Roaming \ Sony
2009-05-19 17:20. 2008-02-05 19:22 -------- ----- wc d: \ programdata \ NVIDIA
2009-05-19 16:54. 2008-02-05 18:03 36864 ---- Aw c: \ windows \ system32 \ nvcod100.dll
2009-05-19 16:54. 2007-10-25 11:02 147456 ---- Aw c: \ windows \ system32 \ nvcolor.exe
2009-05-19 16:13. 2008-09-12 01:47 -------- ----- wc d: \ users \ Shirley \ AppData \ Roaming \ LimeWire
2009-05-19 11:32. 2008-02-05 20:08 -------- ----- wc d: \ Program Files \ Yahoo!
2009-05-19 11:05. 2008-09-12 01:45 -------- ----- wc d: \ Program Files \ Java
2009-05-19 10:41. 2008-09-13 03:14 -------- ----- wc d: \ Program Files \ Common Files \ Apple
2009-05-19 10:38. 2008-09-13 03:15 -------- ----- wc d: \ programdata \ Apple Computer
2009-05-11 12:10. 2009-05-11 12:10 78260 ---- Aw C: \ programdata \ SPL23D4.tmp
2009-04-17 10:12. 2006-11-02 11:18 -------- ----- wc d: \ Program Files \ Windows Mail
2009-04-02 22:13. 2009-04-02 22:13 702127 ---- Aw C: \ programdata \ SPLFB91.tmp
2009-03-19 20:32. 2009-03-19 20:32 23400 ---- Aw C: \ programdata \ (8CD7F5AF-ECFA-4793-BF40-D8F42DBFF906) \ x86 \ x86 \ GEARAspiWDM.sys
2009-03-17 03:38. 2009-04-17 05:22 13824 ---- Aw c: \ windows \ system32 \ apilogen.dll
2009-03-17 03:38. 2009-04-17 05:22 24064 ---- Aw c: \ windows \ system32 \ amxread.dll
2009-03-08 11:34. 2009-05-20 03:47 914944 ---- Aw c: \ windows \ system32 \ Wininet.dll
2009-03-08 11:34. 2009-05-20 03:47 43008 ---- Aw c: \ windows \ system32 \ licmgr10.dll
2009-03-08 11:33. 2009-05-20 03:47 18944 ---- Aw c: \ windows \ system32 \ corpol.dll
2009-03-08 11:33. 2009-05-20 03:47 109056 ---- Aw c: \ windows \ system32 \ iesysprep.dll
2009-03-08 11:33. 2009-05-20 03:47 109568 ---- Aw c: \ windows \ system32 \ PDMSetup.exe
2009-03-08 11:33. 2009-05-20 03:47 107520 ---- Aw c: \ windows \ system32 \ RegisterIEPKEYs.exe
2009-03-08 11:33. 2009-05-20 03:47 103936 ---- Aw c: \ windows \ system32 \ SetDepNx.exe
2009-03-08 11:33. 2009-05-20 03:47 132608 ---- Aw c: \ windows \ system32 \ ieUnatt.exe
2009-03-08 11:33. 2009-05-20 03:47 107008 ---- Aw c: \ windows \ system32 \ SetIEInstalledDate.exe
2009-03-08 11:33. 2009-05-20 03:47 420352 ---- Aw c: \ windows \ system32 \ vbscript.dll
2009-03-08 11:32. 2009-05-20 03:47 72704 ---- Aw c: \ windows \ system32 \ admparse.dll
2009-03-08 11:32. 2009-05-20 03:47 71680 ---- Aw c: \ windows \ system32 \ iesetup.dll
2009-03-08 11:32. 2009-05-20 03:47 66560 ---- Aw c: \ windows \ system32 \ wextract.exe
2009-03-08 11:32. 2009-05-20 03:47 169472 ---- Aw c: \ windows \ system32 \ iexpress.exe
2009-03-08 11:31. 2009-05-20 03:47 34816 ---- Aw c: \ windows \ system32 \ imgutil.dll
2009-03-08 11:31. 2009-05-20 03:47 48128 ---- Aw c: \ windows \ system32 \ mshtmler.dll
2009-03-08 11:31. 2009-05-20 03:47 45568 ---- Aw c: \ windows \ system32 \ mshta.exe
2009-03-08 11:22. 2009-05-20 03:47 156160 ---- Aw c: \ windows \ system32 \ msls31.dll
2009-03-03 04:46. 2009-04-17 05:22 3599328 ---- Aw c: \ windows \ system32 \ ntkrnlpa.exe
2009-03-03 04:46. 2009-04-17 05:22 3547632 ---- Aw c: \ windows \ system32 \ ntoskrnl.exe
2009-03-03 04:39. 2009-04-17 05:22 183296 ---- Aw c: \ windows \ system32 \ sdohlp.dll
2009-03-03 04:39. 2009-04-17 05:22 551424 ---- Aw c: \ windows \ system32 \ rpcss.dll
2009-03-03 04:39. 2009-04-17 05:22 26112 ---- Aw c: \ windows \ system32 \ printfilterpipelineprxy.dll
2009-03-03 04:37. 2009-04-17 05:22 98304 ---- Aw c: \ windows \ system32 \ iasrecst.dll
2009-03-03 04:37. 2009-04-17 05:22 54784 ---- Aw c: \ windows \ system32 \ iasads.dll
2009-03-03 04:37. 2009-04-17 05:22 44032 ---- Aw c: \ windows \ system32 \ iasdatastore.dll
2009-03-03 03:04. 2009-04-17 05:22 666624 ---- Aw c: \ windows \ system32 \ printfilterpipelinesvc.exe
2009-03-03 02:38. 2009-04-17 05:22 17408 ---- Aw c: \ windows \ system32 \ iashost.exe
.

((((((((((((((((((((((((((((((((((((( Reg Se incarca Puncte )))))))))) ))))))))))))))))))))))))))))))))))))))))
.
.
* Nota * gol intrări & legit default intrări nu sunt afişate
REGEDIT4

[HKEY_CURRENT_USER \ SOFTWARE \ Microsoft \ Windows \ Curre ntVersion \ Run]
"ehTray.exe" = "c: \ windows \ ehome \ ehTray.exe" [2008-01-21 125952]
"OM2_Monitor" = "C: \ Program Files \ OLYMPUS \ OLYMPUS Master 2 \ MMonitor.exe" [2008-11-07 95536]
"WMPNSCFG" = "C: \ Program Files \ Windows Media Player \ WMPNSCFG.exe" [2008-01-21 202240]
"Eraser" = "C: \ Program Files \ Eraser \ Eraser.exe" [2007-12-22 916240]
"SUPERAntiSpyware" = "C: \ Program Files \ SUPERAntiSpyware \ SUPERAntiSpyware.exe" [2009-05-14 1830128]

[HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ Windows \ Curr entVersion \ Run]
"BkupTray" = "C: \ Program Files \ NewTech Infosystems \ NTI Backup Acum 5 \ BkupTray.exe" [2007-12-30 34552]
"Acer putere Tehnologie Monitor" = "C: \ Acer \ putere Tehnologie \ SysMonitor.exe" [2008-01-10 326176]
"SMSERIAL" = "C: \ Program Files \ Motorola \ SMSERIAL \ sm56hlpr.exe" [2007-02-02 630784]
"Acer Înregistrare produs" = "C: \ Program Files \ Acer inregistrare \ ACE1.exe" [2007-10-15 3387392]
"NVRaidService" = "c: \ windows \ system32 \ nvraidservice. Exe" [2008-11-12 203296]
"LXCECATS" = "c: \ windows \ system32 \ bobina \ DRIVERS \ W32X 86 \ 3 \ LXCEtime.dll" [2007-02-22 73728]
"lxcemon.exe" = "C: \ Program Files \ Lexmark 4300 Series \ lxcemon.exe" [2007-05-17 205744]
"EzPrint" = "C: \ Program Files \ Lexmark 4300 Series \ ezprint.exe" [2007-05-17 103344]
"Connection ArcSoft Service" = "C: \ Program Files \ Common Files \ ArcSoft \ Connection Service \ bin \ ACDaemon.exe" [2009-04-29 188728]
"QuickTime Task" = "C: \ Program Files \ QuickTime \ QTTask.exe" [2009-01-05 413696]
"iTunesHelper" = "C: \ Program Files \ iTunes \ iTunesHelper.exe" [2009-04-02 342312]
"SunJavaUpdateSched" = "C: \ Program Files \ Java \ jre6 \ bin \ jusched.exe" [2009-05-19 148888]
"Adobe Reader Speed Launcher" = "C: \ Program Files \ Adobe \ Reader 9.0 \ Reader \ Reader_sl.exe" [2009-02-27 35696]
"WinPatrol" = "C: \ Program Files \ BillP Studios \ WinPatrol \ winpatrol.exe" [2009-04-20 337216]
"NvCplDaemon" = "c: \ windows \ system32 \ NvCpl.dll" [2009-01-16 13683232]
"NvMediaCenter" = "c: \ windows \ system32 \ NvMcTray. Dll" [2009-01-16 92704]
"stai!" = "c: \ progra ~ 1 \ ALWILS ~ 1 \ Avast4 \ ashDisp. exe" [2009-02-05 81000]
"RtHDVCpl" = "RtHDVCpl.exe" - c: \ windows \ RtHDVCpl.exe [2007-10-11 4702208]

C: \ programdata \ Microsoft \ Windows \ Start Menu \ Programs \ Startup \
Imputernicirea Tehnologie Launcher.lnk - C: \ Acer \ Imputernicirea Tehnologie \ eAPLauncher.exe [2008-2-5 535336]
Kodak EasyShare software.lnk - C: \ Program Files \ Kodak \ Kodak EasyShare software \ bin \ EasyShare.exe [2008-10-30 282624]

[HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ windows \ curr entversion \ policies \ system]
"EnableUIADesktopToggle" = 0 (0x0)
"EnableLUA" = 0 (0x0)

[HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ windows \ curr entversion \ Explorer \ ShellExecuteHooks]
"(5AE067D3-9AFB-48E0-853A-EBB7F4A000DA)" = "C: \ Program Files \ SUPERAntiSpyware \ SASSEH.DLL" [2008-05-13 77824]

[HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ Windows NT \ CurrentVersion \ Winlogon \ notifice \! SASWinLogon]
2008-12-22 16:05 356352 ---- Aw C: \ Program Files \ SUPERAntiSpyware \ SASWINLO.dll

HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ Windows NT \ CurrentVersion \ drivers32
"wave2" = serwvdrv.dll

[HKEY_LOCAL_MACHINE \ SYSTEM \ CurrentControlSet \ Contro l \ SafeBoot \ Minimal \ WinDefend]
@ = "Service"

[HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ Security Center \ Monitorizarea]
"DisableMonitoring" = dword: 00000001

[HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ Security Center \ Monitorizarea \ SymantecAntiVirus]
"DisableMonitoring" = dword: 00000001

[HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ Security Center \ Monitorizarea \ SymantecFirewall]
"DisableMonitoring" = dword: 00000001

[HKLM \ ~ \ Services \ sharedaccess \ Parameters \ firewallpo licy \ FirewallRules]
"(2E9A4533-1359-46B6-B326-2B899D73FD10)" = UDP: C: \ Program Files \ Microsoft Office \ Office12 \ ONENOTE.EXE: Microsoft Office OneNote
"(ADE9CF49-7A0E-4076-9B85-7648EC5E7736)" = TCP: C: \ Program Files \ Microsoft Office \ Office12 \ ONENOTE.EXE: Microsoft Office OneNote
"(6299EEE5-1856-4B10-9916-798B1C1AEF89)" = UDP: C: \ Program Files \ NewTech Infosystems \ NTI Backup Acum 5 \ BackupSvc.exe: BackupSvc.exe
"(F3CFA48D-AE6A-482E-96D7-2390C5C0FDF5)" = UDP: C: \ Program Files \ NewTech Infosystems \ NTI Backup Acum 5 \ Client \ Agentsvc.exe: AgentSvc.exe
"(D430641B-178B-4C39-B53C-F6B3221DB01A)" = TCP: C: \ Program Files \ NewTech Infosystems \ NTI Backup Acum 5 \ BackupSvc.exe: BackupSvc.exe
"(948000F3-8719-4206-B4C5-6506B663184F)" = TCP: C: \ Program Files \ NewTech Infosystems \ NTI Backup Acum 5 \ Client \ Agentsvc.exe: AgentSvc.exe
"(8BCD640B-594A-465F-8A9E-E5A6C07DC081)" = UDP: C: \ Program Files \ NewTech Infosystems \ NTI Backup Acum 5 \ SchedulerSvc.exe: SchedulerSvc.exe
"(7B6B3B53-9D2B-40C9-B91F-FE85E1D6A25A)" = TCP: C: \ Program Files \ NewTech Infosystems \ NTI Backup Acum 5 \ SchedulerSvc.exe: SchedulerSvc.exe
"(CA5E49E2-2662-4B15-BE6C-0FC7F1CC3A1B)" = UDP: c: \ windows \ system32 \ lxcecoms.exe: Lexmark Communications System
"(61DAEE1D-D19E-4F1A-B41E-603246AF524C)" = TCP: c: \ windows \ system32 \ lxcecoms.exe: Lexmark Communications System
"(EB8798E6-358B-4DDA-A219-21BBC5D3C79A)" = UDP: c: \ windows \ system32 \ bobina \ drivers \ w32x86 \ 3 \ lxc epswx.exe: starea imprimantei Window
"(C513D5EB-73E1-4ED7-A04C-C37C9E69B4B0)" = TCP: c: \ windows \ system32 \ bobina \ drivers \ w32x86 \ 3 \ lxc epswx.exe: starea imprimantei Window
"(99976595-B4E1-4C9A-A3DE-A67AEDEE9B55)" = C: \ Program Files \ Acer Arcade Live \ Acer Arcade Live Pagina principală \ Acer Arcade Live.exe: Acer Arcade Live
"(7A37205C-E643-4464-8C27-FAFCC859102D)" = UDP: C: \ Program Files \ Microsoft Office \ Office12 \ ONENOTE.EXE: Microsoft Office OneNote
"(1DF156D1-94E3-4B3D-A91E-724DFC89819E)" = TCP: C: \ Program Files \ Microsoft Office \ Office12 \ ONENOTE.EXE: Microsoft Office OneNote
"(B7DA4A0B-FA80-40F6-A9A6-B737F64A2D2D)" = UDP: C: \ Program Files \ Bonjour \ mDNSResponder.exe: Bonjour
"(D7D156E3-7B84-41F2-9FD8-CF9860453F65)" = TCP: C: \ Program Files \ Bonjour \ mDNSResponder.exe: Bonjour
"(F8CDA590-0FD3-4E40-8A6C-9850B1E5C2AB)" = UDP: C: \ Program Files \ iTunes \ iTunes.exe: iTunes
"(F6A110DE-6630-4823-B892-60950EB9ED71)" = TCP: C: \ Program Files \ iTunes \ iTunes.exe: iTunes
"(8640BFAB-48CC-1B85-95D5-9AABB44E4D95)" = UDP: C: \ Program Files \ BillP Studios \ WinPatrol \ WinPatrol.exe: WinPatrol
"(6CC4A3BE-8F00-4983-B199-3050D54509B8)" = TCP: C: \ Program Files \ BillP Studios \ WinPatrol \ WinPatrol.exe: WinPatrol
"(1EA08720-DA12-4CDE-8A5A-AF15D91C1E5F)" = UDP: C: \ Program Files \ Malwarebytes' Anti-Malware \ mbam.exe: Malwarebytes' Anti-Malware
"(DDDCF108-71DF-48CD-AD53-71D17C3F2C5C)" = TCP: C: \ Program Files \ Malwarebytes' Anti-Malware \ mbam.exe: Malwarebytes' Anti-Malware
"(F98C3B13-2099-40EC-B504-2445C9C5B1B0)" = UDP: C: \ Program Files \ Spybot - Search & Destroy \ SpybotSD.exe: Spybot - Search & Destroy
"(3DB81CCD-4E96-40B3-8CA9-0089C89C294B)" = TCP: C: \ Program Files \ Spybot - Search & Destroy \ SpybotSD.exe: Spybot - Search & Destroy
"(918FE1A4-6957-4640-97D9-C85BED212614)" = UDP: C: \ Program Files \ Spybot - Search & Destroy \ SDUpdate.exe: Update Spybot-S & D
"(877DB07F-9298-486A-BB5B-930AF3A683AA)" = TCP: C: \ Program Files \ Spybot - Search & Destroy \ SDUpdate.exe: Update Spybot-S & D
"(5A664831-D250-4805-BB75-32612C9742F8)" = UDP: c: \ windows \ ehome \ ehshell.exe: Windows Media Center
"(2A157C0E-5966-4B7E-8D49-178D75EA6009)" = TCP: c: \ windows \ ehome \ ehshell.exe: Windows Media Center

[HKLM \ ~ \ Services \ sharedaccess \ Parameters \ firewallpo licy \ StandardProfile]
"EnableFirewall" = 0 (0x0)

R1 aswSP; stai! Self Protecţia; C: \ windows \ system32 \ drivers \ aswSP.sys [5.22.2009 11:06 114768]
R1 FAMv4; FAMv4; c: \ windows \ system32 \ drivers \ FAMv4.sys [12.14.2007 3:35 132120]
R1 SASDIFSV; SASDIFSV; C: \ Program Files \ SUPERAntiSpyware \ sasdifsv.sys [5.14.2009 2:22 9968]
R1 SASKUTIL; SASKUTIL; C: \ Program Files \ SUPERAntiSpyware \ SASKUTIL.SYS [5.14.2009 2:22 72944]
R2 aswFsBlk; aswFsBlk; c: \ windows \ system32 \ drivers \ aswF sBlk.sys [5.22.2009 11:06 20560]
R2 aswMonFlt; aswMonFlt; c: \ windows \ system32 \ drivers \ ca wMonFlt.sys [5.22.2009 11:06 51792]
R2 BUNAgentSvc; NTI Backup Acum 5 Agent de servicii; C: \ Program Files \ NewTech Infosystems \ NTI Backup Acum 5 \ Client \ Agentsvc.exe [12.30.2007 5:54 21752]
R2 NTIBackupSvc; NTI Backup Acum 5 Backup Service; C: \ Program Files \ NewTech Infosystems \ NTI Backup Acum 5 \ BackupSvc.exe [12.30.2007 5:55 54520]
R2 NTISchedulerSvc; NTI Backup Acum 5 Scheduler Service; C: \ Program Files \ NewTech Infosystems \ NTI Backup Acum 5 \ SchedulerSvc.exe [12.30.2007 5:54 136440]
R2 SBSDWSCService; SBSD Security Center Service; C: \ Program Files \ Spybot - Search & Destroy \ SDWinSec.exe [5.19.2009 10:04 1153368]
R3 SASENUM; SASENUM; C: \ Program Files \ SUPERAntiSpyware \ SASENUM.SYS [5.14.2009 2:22 7408]

[HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ Active Setup \ instalate componente \> (60B49E34-C7CC-11D0-8953-00A0C90347FF)]
"c: \ windows \ system32 \ rundll32.exe" "c: \ windows \ system32 \ iedkcs32.dll", BrandIEActiveSe mârli Înscriere
.
- - - - ORFANI ELIMINAT - - - --

SafeBoot-procexp90.Sys


.
------- Suplimentare Scan -------
.
uStart Page = hxxp: / / www.yahoo.com/
mStart Page = hxxp: / / en.us.acer.yahoo.com
uInternet Setări, ProxyOverride = <local>; *. locale
uInternet Setări, ProxyServer = http = localhost: 7171
IE: E & xportaţi la Microsoft Excel - c: \ progra ~ 1 \ milionimi ~ 2 \ Office12 \ EXCEL.EXE/3000
Zona de încredere: microsoft.com \ actualizare
Zona de încredere: microsoft.com \ WindowsUpdate
FF - ProfilePath - c: \ users \ Shirley \ AppData \ Roaming \ Mozilla \ Firefox \ rofiles P \ j0dqrqc6.default \
FF - prefs.js: browser.startup.homepage - hxxp: / / en.us.acer.yahoo.com /
.

************************************************** ************************

catchme 0.3.1398 W2K/XP/Vista - rootkit / stealth malware detector de Gmer, http://www.gmer.net
Rootkit scan 2009-05-24 04:54
Windows 6.0.6001 Service Pack 1 NTFS

scanare ascuns procese ...

scanare ascuns autostart intrări ...

HKLM \ Software \ Microsoft \ Windows \ CurrentVersion \ Run
LXCECATS = rundll32 C: \ windows \ system32 \ bobina \ DRIVERS \ W32X86 \ 3 \ LXCEtim e.dll, _RunDLLEntry @ 16 ???????????????????????? ????? ?????????????????????????????????????????????????? ?????????????????????????????????????????????????? ??????????????????????????????????????????????????

scanare fişiere ascunse ...

scanare sa finalizat cu succes
fişiere ascunse: 0

************************************************** ************************
.
--------------------- Blocat chei din registri ---------------------

[HKEY_LOCAL_MACHINE \ SYSTEM \ ControlSet001 \ Control \ Cl cur \ (4D36E96D-E325-11CE-BFC1-08002BE10318) \0000 \ AllUserSettings]
@ Refuzul: (A) (Utilizatorii)
@ Refuzul: (A) (Toti)
@ Permise: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial" = dword: 00000000
.
Completion time: 2009-05-24 4:55
ComboFix-carantină-files.txt 2009-05-24 08:55

Pre-Run: 173756547072 bytes liber
Post-Run: 173859581952 bytes liber

269 --- EOF --- 2009-05-17 10:04

EDIT: Nu, de rapid comparativ cu primul şi, cred că este identic.

[sjb007]

Max Bubba,

Citat:

EDIT: Nu, de rapid comparativ cu primul şi, cred că este identic.

Da ai dreptate - că este de la prima faza a combofix

Actuala jurnal poate fi găsit la C: / combofix.txt.