Windows Vista Nebude Update

**Bubba** · #1 23. mája 2009, 09:33

Mám na počítači priatelia, Vista a Windows nebudú aktualizovať. Zatiaľ som našiel a odstráni Internet Anti-Virus, Win32Adload.r a video.exe. Mali aj kupón, ktorý spyware a ich syn priebežne nakládky LimeWire. I odstránené oba (LOL Limewire instaluje sama v 400 miestach, musel som prejsť každú zložku a súbor sa zbaviť, že). Ale stále okien nebude aktualizovať. Sa mi 80072efd kód, ktorý hovorí, že je firewall bráni z okna aktualizovať. Nemôžem nájsť žiadne firewall iného ako Windows a já se podíval v každej zložke. Tu sú tri protokoly, nemôžem nájsť nič, som vynechal niečo?

POZNÁMKA: Nemôžem nahrať akékoľvek z týchto troch protokolov. I neustále neplatný súbor z webu. Čo sa deje s tým? Mám príliš veľa obrázky tu? dovoľte mi pokúsiť kópiu vložte:

SuperAntiSpyware Scan Prihlásenie
http://www.superantispyware.com

Generated 05.23.2009 v 04:42

Verzia aplikácie: 4.26.1002

Pravidlá databázy Core Version: 3908
Stopový Pravidlá databázy Version: 1852

Vyhľadávať typ: Kompletná Scan
Celkom Scan Time: 03:45:40

Memory položiek skenovaná: 831
Memory ohrozenia odhalené: 0
Položky databázy Registry skenovaná: 6407
Registre ohrozenia odhalené: 0
Súbor položiek skenovaná: 326608
Súbor zistených ohrozenia: 78

Adware.Tracking Cookie
C: \ Users \ Shirley \ AppData \ Roaming \ Microsoft \ Windows \ Cookies \ Shirley @ 2o7 [2]. Txt
C: \ Users \ Shirley \ AppData \ Roaming \ Microsoft \ Windows \ Cookies \ Shirley @ interclick [1]. Txt
C: \ Users \ Shirley \ AppData \ Roaming \ Microsoft \ Windows \ Cookies \ shirley@msnportal.112.2o7 [1]. Txt
C: \ Users \ Shirley \ AppData \ Roaming \ Microsoft \ Windows \ Cookies \ Shirley @ tribalfusion [1]. Txt
C: \ Users \ Shirley \ AppData \ Roaming \ Microsoft \ Windows \ Cookies \ @ Shirley RealMedia [2]. Txt
C: \ Users \ Shirley \ AppData \ Roaming \ Microsoft \ Windows \ Cookies \ shirley@ad.yieldmanager [2]. Txt
C: \ Users \ Shirley \ AppData \ Roaming \ Microsoft \ Windows \ Cookies \ shirley@adopt.specificclick [1]. Txt
C: \ Users \ Shirley \ AppData \ Roaming \ Microsoft \ Windows \ Cookies \ shirley@microsoftinternetexplorer.112.2o7 [1]. Txt
C: \ Users \ Shirley \ AppData \ Roaming \ Microsoft \ Windows \ Cookies \ Shirley @ specificclick [1]. Txt
C: \ Users \ Shirley \ AppData \ Roaming \ Microsoft \ Windows \ Cookies \ shirley@msnservices.112.2o7 [1]. Txt
C: \ Users \ Shirley \ AppData \ Roaming \ Microsoft \ Windows \ Cookies \ Shirley @ media6degrees [1]. Txt
C: \ Users \ Shirley \ AppData \ Roaming \ Microsoft \ Windows \ Cookies \ Shirley @ revsci [1]. Txt
C: \ Users \ Shirley \ AppData \ Roaming \ Microsoft \ Windows \ Cookies \ shirley@microsoftwindows.112.2o7 [1]. Txt
C: \ Documents and Settings \ Shirley \ AppData \ Roaming \ Microsoft \ Windows \ Cookies \ Shirley @ 2o7 [2]. Txt
C: \ Documents and Settings \ Shirley \ AppData \ Roaming \ Microsoft \ Windows \ Cookies \ shirley@ad.yieldmanager [2]. Txt
C: \ Documents and Settings \ Shirley \ AppData \ Roaming \ Microsoft \ Windows \ Cookies \ shirley@adopt.specificclick [1]. Txt
C: \ Documents and Settings \ Shirley \ AppData \ Roaming \ Microsoft \ Windows \ Cookies \ Shirley @ interclick [1]. Txt
C: \ Documents and Settings \ Shirley \ AppData \ Roaming \ Microsoft \ Windows \ Cookies \ Shirley @ media6degrees [1]. Txt
C: \ Documents and Settings \ Shirley \ AppData \ Roaming \ Microsoft \ Windows \ Cookies \ shirley@microsoftinternetexplorer.112.2o7 [1]. Txt
C: \ Documents and Settings \ Shirley \ AppData \ Roaming \ Microsoft \ Windows \ Cookies \ shirley@microsoftwindows.112.2o7 [1]. Txt
C: \ Documents and Settings \ Shirley \ AppData \ Roaming \ Microsoft \ Windows \ Cookies \ shirley@msnportal.112.2o7 [1]. Txt
C: \ Documents and Settings \ Shirley \ AppData \ Roaming \ Microsoft \ Windows \ Cookies \ shirley@msnservices.112.2o7 [1]. Txt
C: \ Documents and Settings \ Shirley \ AppData \ Roaming \ Microsoft \ Windows \ Cookies \ @ Shirley RealMedia [2]. Txt
C: \ Documents and Settings \ Shirley \ AppData \ Roaming \ Microsoft \ Windows \ Cookies \ Shirley @ revsci [1]. Txt
C: \ Documents and Settings \ Shirley \ AppData \ Roaming \ Microsoft \ Windows \ Cookies \ Shirley @ specificclick [1]. Txt
C: \ Documents and Settings \ Shirley \ AppData \ Roaming \ Microsoft \ Windows \ Cookies \ Shirley @ tribalfusion [1]. Txt
C: \ Documents and Settings \ Shirley \ Data aplikací \ Microsoft \ Windows \ Cookies \ Shirley @ 2o7 [2]. Txt
C: \ Documents and Settings \ Shirley \ Data aplikací \ Microsoft \ Windows \ Cookies \ shirley@ad.yieldman AGER [2]. Txt
C: \ Documents and Settings \ Shirley \ Data aplikací \ Microsoft \ Windows \ Cookies \ shirley@adopt.speci ficclick [1]. Txt
C: \ Documents and Settings \ Shirley \ Data aplikací \ Microsoft \ Windows \ Cookies \ Shirley @ interclick [1]. Txt
C: \ Documents and Settings \ Shirley \ Data aplikací \ Microsoft \ Windows \ Cookies \ Shirley @ media6degre es [1]. Txt
C: \ Documents and Settings \ Shirley \ Data aplikací \ Microsoft \ Windows \ Cookies \ Shirley @ microsoftin ternetexplorer.112.2o7 [1]. Txt
C: \ Documents and Settings \ Shirley \ Data aplikací \ Microsoft \ Windows \ Cookies \ Shirley @ microsoftwi ndows.112.2o7 [1]. Txt
C: \ Documents and Settings \ Shirley \ Data aplikací \ Microsoft \ Windows \ Cookies \ shirley@msnportal.1 12.2o7 [1]. Txt
C: \ Documents and Settings \ Shirley \ Data aplikací \ Microsoft \ Windows \ Cookies \ Shirley @ msnservices .112.2 O7 [1]. Txt
C: \ Documents and Settings \ Shirley \ Data aplikací \ Microsoft \ Windows \ Cookies \ @ Shirley RealMedia [2]. Txt
C: \ Documents and Settings \ Shirley \ Data aplikací \ Microsoft \ Windows \ Cookies \ Shirley @ revsci [1]. Txt
C: \ Documents and Settings \ Shirley \ Data aplikací \ Microsoft \ Windows \ Cookies \ Shirley @ specificcli ck [1]. Txt
C: \ Documents and Settings \ Shirley \ Data aplikací \ Microsoft \ Windows \ Cookies \ Shirley tribalfusio @ n [1]. Txt
C: \ Documents and Settings \ Shirley \ Cookies \ Shirley @ 2o7 [2]. Txt
C: \ Documents and Settings \ Shirley \ Cookies \ shirley@ad.yieldmanager [2]. Txt
C: \ Documents and Settings \ Shirley \ Cookies \ shirley@adopt.specificcli ck [1]. Txt
C: \ Documents and Settings \ Shirley \ Cookies \ Shirley @ interclick [1]. Txt
C: \ Documents and Settings \ Shirley \ Cookies \ Shirley @ media6degrees [1]. Txt
C: \ Documents and Settings \ Shirley \ Cookies \ Shirley @ microsoftinternet explorer.112.2o7 [1]. Txt
C: \ Documents and Settings \ Shirley \ Cookies \ Shirley @ microsoftwindows. 112.2o7 [1]. Txt
C: \ Documents and Settings \ Shirley \ Cookies \ shirley@msnportal.112.2o7 [1]. Txt
C: \ Documents and Settings \ Shirley \ Cookies \ shirley@msnservices.112.2 O7 [1]. Txt
C: \ Documents and Settings \ Shirley \ Cookies \ @ Shirley RealMedia [2]. Txt
C: \ Documents and Settings \ Shirley \ Cookies \ Shirley @ revsci [1]. Txt
C: \ Documents and Settings \ Shirley \ Cookies \ Shirley @ specificclick [1]. Txt
C: \ Documents and Settings \ Shirley \ Cookies \ Shirley @ tribalfusion [1]. Txt
C: \ Users \ Shirley \ Data aplikací \ Microsoft \ Windows \ Cookies \ Shirley @ 2o7 [2]. Txt
C: \ Users \ Shirley \ Data aplikací \ Microsoft \ Windows \ Cookies \ shirley@ad.yieldman AGER [2]. Txt
C: \ Users \ Shirley \ Data aplikací \ Microsoft \ Windows \ Cookies \ shirley@adopt.speci ficclick [1]. Txt
C: \ Users \ Shirley \ Data aplikací \ Microsoft \ Windows \ Cookies \ Shirley @ interclick [1]. Txt
C: \ Users \ Shirley \ Data aplikací \ Microsoft \ Windows \ Cookies \ Shirley @ media6degre es [1]. Txt
C: \ Users \ Shirley \ Data aplikací \ Microsoft \ Windows \ Cookies \ Shirley @ microsoftin ternetexplorer.112.2o7 [1]. Txt
C: \ Users \ Shirley \ Data aplikací \ Microsoft \ Windows \ Cookies \ Shirley @ microsoftwi ndows.112.2o7 [1]. Txt
C: \ Users \ Shirley \ Data aplikací \ Microsoft \ Windows \ Cookies \ shirley@msnportal.1 12.2o7 [1]. Txt
C: \ Users \ Shirley \ Data aplikací \ Microsoft \ Windows \ Cookies \ Shirley @ msnservices .112.2 O7 [1]. Txt
C: \ Users \ Shirley \ Data aplikací \ Microsoft \ Windows \ Cookies \ @ Shirley RealMedia [2]. Txt
C: \ Users \ Shirley \ Data aplikací \ Microsoft \ Windows \ Cookies \ Shirley @ revsci [1]. Txt
C: \ Users \ Shirley \ Data aplikací \ Microsoft \ Windows \ Cookies \ Shirley @ specificcli ck [1]. Txt
C: \ Users \ Shirley \ Data aplikací \ Microsoft \ Windows \ Cookies \ Shirley tribalfusio @ n [1]. Txt
C: \ Users \ Shirley \ Cookies \ Shirley @ 2o7 [2]. Txt
C: \ Users \ Shirley \ Cookies \ shirley@ad.yieldmanager [2]. Txt
C: \ Users \ Shirley \ Cookies \ shirley@adopt.specificcli ck [1]. Txt
C: \ Users \ Shirley \ Cookies \ Shirley @ interclick [1]. Txt
C: \ Users \ Shirley \ Cookies \ Shirley @ media6degrees [1]. Txt
C: \ Users \ Shirley \ Cookies \ Shirley @ microsoftinternet explorer.112.2o7 [1]. Txt
C: \ Users \ Shirley \ Cookies \ Shirley @ microsoftwindows. 112.2o7 [1]. Txt
C: \ Users \ Shirley \ Cookies \ shirley@msnportal.112.2o7 [1]. Txt
C: \ Users \ Shirley \ Cookies \ shirley@msnservices.112.2 O7 [1]. Txt
C: \ Users \ Shirley \ Cookies \ @ Shirley RealMedia [2]. Txt
C: \ Users \ Shirley \ Cookies \ Shirley @ revsci [1]. Txt
C: \ Users \ Shirley \ Cookies \ Shirley @ specificclick [1]. Txt
C: \ Users \ Shirley \ Cookies \ Shirley @ tribalfusion [1]. Txt

Malwarebytes' Anti-Malware 1.36
Verzia databázy: 2150
Windows 6.0.6001 Service Pack 1

5/19/2009 8:40:58 AM
mbam-log-2009-05-19 (08-40-58). txt

Vyhľadávať typ: Quick Scan
Objekty skenovanej: 71524
Čas letu: 3 minute (s), 23 sekúnd (y)

Pamäťové procesy Infikovaná: 0
Infikované pamäťové moduly: 0
Registry Keys Infikovaná: 13
Infikované hodnoty databázy Registry: 0
Infikované položky dat registru: 3
Infikované zložky: 3
Infikované súbory: 11

Infikované pamäťové procesy:
(Žiadne položky zistený škodlivý)

Infikované pamäťové moduly:
(Žiadne položky zistený škodlivý)

Infikované kľúče databázy Registry:
HKEY_CLASSES_ROOT \ fe345.fe345mgr (Trojan.FakeAlert) -> karanténe a úspešne vymazaná.
HKEY_CLASSES_ROOT \ CLSID \ (65768b48-b004-4b26-9bac-a3bac39643d1) (Trojan.FakeAlert) -> karanténe a úspešne vymazaná.
HKEY_CURRENT_USER \ SOFTWARE \ Microsoft \ Windows \ Curr ntVersion \ Ext \ Štatistika \ (65768b48-b004-4b26-9bac-a3bac39643d1) (Trojan.FakeAlert) -> karanténe a úspešne vymazaná.
HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ Windows \ Curr entVersion \ Explorer \ Browser Helper Objects \ (65768b48-b004-4b26-9bac-a3bac39643d1) (Trojan.FakeAlert) -> karanténe a úspešne vymazaná.
HKEY_CLASSES_ROOT \ fe345.fe345mgr.1 (Trojan.FakeAlert) -> karanténe a úspešne vymazaná.
HKEY_CLASSES_ROOT \ y537.y537mgr (Trojan.BHO) -> karanténe a úspešne vymazaná.
HKEY_CLASSES_ROOT \ TypeLib \ (e63648f7-3933-440e-b4f6-a8584dd7b7eb) (Trojan.BHO) -> karanténe a úspešne vymazaná.
HKEY_CLASSES_ROOT \ Interface \ (f7d09218-46d7-4d3d-9b7f-315204cd0836) (Trojan.BHO) -> karanténe a úspešne vymazaná.
HKEY_CLASSES_ROOT \ CLSID \ (e7f15ac4-e0a9-43f0-921b-70dfea621220) (Trojan.BHO) -> karanténe a úspešne vymazaná.
HKEY_CURRENT_USER \ SOFTWARE \ Microsoft \ Windows \ Curr ntVersion \ Ext \ Štatistika \ (e7f15ac4-e0a9-43f0-921b-70dfea621220) (Trojan.BHO) -> karanténe a úspešne vymazaná.
HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ Windows \ Curr entVersion \ Explorer \ Browser Helper Objects \ (e7f15ac4-e0a9-43f0-921b-70dfea621220) (Trojan.BHO) -> karanténe a úspešne vymazaná.
HKEY_CLASSES_ROOT \ y537.y537mgr.1 (Trojan.BHO) -> karanténe a úspešne vymazaná.
HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ Windows \ Curr entVersion \ Uninstall \ Internet antivírus pro_is1 (Rogue.InternetAntivirus) -> karanténe a úspešne vymazaná.

Infikované hodnoty databázy Registry:
(Žiadne položky zistený škodlivý)

Infikované položky údajov databázy Registry:
HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ Security Center \ AntiVirusDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Dobrý: (0) -> karanténe a úspešne vymazaná.
HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ Security Center \ FirewallDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Dobrý: (0) -> karanténe a úspešne vymazaná.
HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ Security Center \ UpdatesDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Dobrý: (0) -> karanténe a úspešne vymazaná.

Infikované zložky:
C: \ Windows \ System32 \ 199638 (Trojan.FakeAlert) -> karanténe a úspešne vymazaná.
C: \ Program Files \ websrvx (Trojan.Downloader) -> karanténe a úspešne vymazaná.
C: \ Windows \ System32 \ 796525 (Trojan.BHO) -> karanténe a úspešne vymazaná.

Infikované súbory:
C: \ Windows \ System32 \ 199638 \ 199638.dll (Trojan.FakeAlert) -> karanténe a úspešne vymazaná.
C: \ Windows \ System32 \ 796525 \ 796525.dll (Trojan.BHO) -> karanténe a úspešne vymazaná.
C: \ Users \ Shirley \ AppData \ Local \ Temp \ jopaxx_1241669 819.exe (Worm.KoobFace) -> karanténe a úspešne vymazaná.
C: \ Program Files \ Common Files \ InternetAntivirusPro.exe (Rogue.InternetAntivirus) -> karanténe a úspešne vymazaná.
C: \ Windows \ msmark2.dat (Worm.KoobFace) -> karanténe a úspešne vymazaná.
C: \ Windows \ t55ft2668f44.dat (Worm.KoobFace) -> karanténe a úspešne vymazaná.
C: \ Windows \ t55ft2695f44.dat (Worm.KoobFace) -> karanténe a úspešne vymazaná.
C: \ Windows \ t55ft3105f44.dat (Worm.KoobFace) -> karanténe a úspešne vymazaná.
C: \ Windows \ 9g2234wesdf3dfgjf23 (Worm.KoobFace) -> karanténe a úspešne vymazaná.
C: \ Windows \ f5087.dat (Worm.KoobFace) -> karanténe a úspešne vymazaná.
C: \ Windows \ f23567.dat (Worm.KoobFace) -> karanténe a úspešne vymazaná.
(nahoře je prvá log, čo je menej ako je súčasná)

Malwarebytes' Anti-Malware 1.36
Verzia databázy: 2150
Windows 6.0.6001 Service Pack 1

5/23/2009 9:03:23 AM
mbam-log-2009-05-23 (09-03-23). txt

Vyhľadávať typ: Quick Scan
Objekty skenovanej: 70234
Doba letu: 2 minute (s), 28 sekúnd (y)

Pamäťové procesy Infikovaná: 0
Infikované pamäťové moduly: 0
Infikované kľúče databázy Registry: 0
Infikované hodnoty databázy Registry: 0
Infikované položky dat registru: 0
Infikované zložky: 0
Infikované súbory: 0

Infikované pamäťové procesy:
(Žiadne položky zistený škodlivý)

Infikované pamäťové moduly:
(Žiadne položky zistený škodlivý)

Infikované kľúče databázy Registry:
(Žiadne položky zistený škodlivý)

Infikované hodnoty databázy Registry:
(Žiadne položky zistený škodlivý)

Infikované položky údajov databázy Registry:
(Žiadne položky zistený škodlivý)

Infikované zložky:
(Žiadne položky zistený škodlivý)

Infikované súbory:
(Žiadne položky zistený škodlivý)

Logfile Trend Micro HijackThis v2.0.2
Scan uložené na 9:09:09 AM, na 5.23.2009
Platforma: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Zavádzacia mód: Normálny

Bežiace procesy:
C: \ Windows \ system32 \ Dwm.exe
C: \ Windows \ system32 \ taskeng.exe
C: \ Windows \ Explorer.exe
C: \ Program Files \ Windows Media Player \ wmpnscfg.exe
C: \ Program Files \ Windows Defender \ MSASCui.exe
C: \ Windows \ RtHDVCpl.exe
C: \ Program Files \ Newt Infosystems \ PATRENIA Zálohovanie Teraz 5 \ BkupTray.exe
C: \ Acer \ Empowering Technology \ SysMonitor.exe
C: \ Program Files \ Motorola \ SMSERIAL \ sm56hlpr.exe
C: \ Windows \ System32 \ nvraidservice.exe
C: \ Program Files \ Lexmark 4300 Series \ lxcemon.exe
C: \ Program Files \ Lexmark 4300 Series \ ezprint.exe
C: \ Program Files \ Common Files \ ArcSoft \ Connection Service \ Bin \ ACDaemon.exe
C: \ Program Files \ iTunes \ iTunesHelper.exe
C: \ Program Files \ Java \ jre6 \ bin \ jusched.exe
C: \ Program Files \ BillP Studios \ WinPatrol \ WinPatrol.exe
C: \ Windows \ System32 \ rundll32.exe
C: \ Program Files \ Alwil Software \ Avast4 \ ashDisp.exe
C: \ Program Files \ Google \ GoogleToolbarNotifier \ GoogleToolbarNo tifier.exe
C: \ Windows \ ehome \ ehtray.exe
C: \ Program Files \ OLYMPUS \ OLYMPUS Master 2 \ MMonitor.exe
C: \ Program Files \ Spybot - Search & Destroy \ TeaTimer.exe
C: \ Program Files \ Eraser \ Eraser.exe
C: \ Program Files \ SuperAntiSpyware \ SUPERAntiSpyware.exe
C: \ Program Files \ Kodak \ Kodak EasyShare software \ bin \ EasyShare.exe
C: \ Windows \ system32 \ softvéru WBEM \ unsecapp.exe
C: \ Acer \ Empowering Technology \ ACER.EMPOWERING.FRAMEWORK.SUPERVISOR.EX E
C: \ Acer \ Empowering Technology \ eRecovery \ ERAGENT.EXE
C: \ Windows \ ehome \ ehmsas.exe
C: \ Users \ Shirley \ Desktop \ HiJackThis.exe

R0 - HKCU \ Software \ Microsoft \ Internet Explorer \ Main, Start Page = http://www.yahoo.com/
R1 - HKLM \ Software \ Microsoft \ Internet Explorer \ Main, Default_Page_URL = http://en.us.acer.yahoo.com
R1 - HKLM \ Software \ Microsoft \ Internet Explorer \ Main, Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM \ Software \ Microsoft \ Internet Explorer \ Main, Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM \ Software \ Microsoft \ Internet Explorer \ Main, Start Page = http://en.us.acer.yahoo.com
R0 - HKLM \ Software \ Microsoft \ Internet Explorer \ Search, SearchAssistant =
R0 - HKLM \ Software \ Microsoft \ Internet Explorer \ Search, CustomizeSearch =
R1 - HKCU \ Software \ Microsoft \ Windows \ CurrentVersion \ Int ernet Nastavenia, ProxyServer = http = localhost: 7171
R0 - HKCU \ Software \ Microsoft \ Internet Explorer \ Toolbar, LinksFolderName =
O1 - Hosts::: 1 localhost
O2 - BHO: (bez názvu) - (02478D38-C3F9-4EFB-9B51-7695ECA05670) - (ne obrázok)
O2 - BHO: AcroIEHelperStub - (18DF081C-E8AD-4283-A596-FA578C2EBDC3) - C: \ Program Files \ Common Files \ Adobe \ Acrobat \ ActiveX \ AcroIEHelperShim.dll
O2 - BHO: Spybot-S & D IE Protection - (53707962-6F74-2D53-2644-206D7942484F) - C: \ PROGRA ~ 1 \ Spybot ~ 1 \ SDHelper.dll
O2 - BHO: (bez názvu) - (602ADB0E-4AFF-4217-8AA1-95DAC4DFA408) - (ne obrázok)
O2 - BHO: SSVHelper triedy - (761497BB-D6F0-462C-B6EB-D4DAF1D92D43) - C: \ Program Files \ Java \ jre6 \ bin \ ssv.dll
O2 - BHO: (bez názvu) - (83A2F9B1-01A2-4AA5-87D1-45B6B8505E96) - (ne obrázok)
O2 - BHO: Google Toolbar Helper - (AA58ED58-01DD-4d91-8333-CF10577473F7) - C: \ Program Files \ Google \ Google Toolbar \ GoogleToolbar.dll
O2 - BHO: Google Toolbar Notifier BHO - (AF69DE43-7D58-4638-B6FA-CE66B5AD205D) - C: \ Program Files \ Google \ GoogleToolbarNotifier \ 5.1.1309.3572 \ s wg.dll
O2 - BHO: Google Slovník kompresie sdch - (C84D72FE-E17D-4195-BB24-76C02E2E7C4E) - C: \ Program Files \ Google \ Google Toolbar \ Zložkové \ fastsearch_A8904FB862BD9564.dll
O2 - BHO: Java (tm) Plug-In 2 SSV Helper - (DBC80044-A445-435b-BC74-9C25C1C588A9) - C: \ Program Files \ Java \ jre6 \ bin \ jp2ssv.dll
O3 - Toolbar: Google Toolbar - (2318C2B1-4965-11D4-9B18-009027A5CD4F) - C: \ Program Files \ Google \ Google Toolbar \ GoogleToolbar.dll
O4 - HKLM \ .. \ Run: [Windows Defender]% ProgramFiles% \ Windows Defender \ MSASCui.exe-hide
O4 - HKLM \ .. \ Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM \ .. \ Run: [BkupTray] "C: \ Program Files \ Newt Infosystems \ PATRENIA Zálohovanie Teraz 5 \ BkupTray.exe"
O4 - HKLM \ .. \ Run: [Acer Empowering Technology Monitor] C: \ Acer \ Empowering Technology \ SysMonitor.exe
O4 - HKLM \ .. \ Run: [SMSERIAL] C: \ Program Files \ Motorola \ SMSERIAL \ sm56hlpr.exe
O4 - HKLM \ .. \ Run: [Acer Product Registrácia] "C: \ Program Files \ Acer Registrácia \ ACE1.exe" / štarte
O4 - HKLM \ .. \ Run: [NVRaidService] C: \ Windows \ system32 \ nvraidservice.exe
O4 - HKLM \ .. \ Run: [LXCECATS] rundll32 C: \ Windows \ system32 \ spool \ DRIVERS \ w32x86 \ 3 \ LXCEtim e.dll, _RunDLLEntry @ 16
O4 - HKLM \ .. \ Run: [lxcemon.exe] "C: \ Program Files \ Lexmark 4300 Series \ lxcemon.exe"
O4 - HKLM \ .. \ Run: [EzPrint] "C: \ Program Files \ Lexmark 4300 Series \ ezprint.exe"
O4 - HKLM \ .. \ Run: [ArcSoft pripojenie Service] C: \ Program Files \ Common Files \ ArcSoft \ Connection Service \ Bin \ ACDaemon.exe
O4 - HKLM \ .. \ Run: [QuickTime Úloha] "C: \ Program Files \ QuickTime \ QTTask.exe"-atboottime
O4 - HKLM \ .. \ Run: [iTunesHelper] "C: \ Program Files \ iTunes \ iTunesHelper.exe"
O4 - HKLM \ .. \ Run: [SunJavaUpdateSched] "C: \ Program Files \ Java \ jre6 \ bin \ jusched.exe"
O4 - HKLM \ .. \ Run: [Adobe Reader Speed Launcher] "C: \ Program Files \ Adobe \ Reader 9.0 \ Reader \ reader_sl.exe"
O4 - HKLM \ .. \ Run: [WinPatrol] C: \ Program Files \ BillP Studios \ WinPatrol \ winpatrol.exe-expressboot
O4 - HKLM \ .. \ Run: [NvCplDaemon] rundll32.exe C: \ Windows \ system32 \ NvCpl.dll, NvStartup
O4 - HKLM \ .. \ Run: [NvMediaCenter] rundll32.exe C: \ Windows \ system32 \ NvMcTray.dll, NvTaskbarInit
O4 - HKLM \ .. \ Run: [avast!] C: \ PROGRA ~ 1 \ ALWILS ~ 1 \ Avast4 \ ashDisp.exe
O4 - HKCU \ .. \ Run: [SWG] C: \ Program Files \ Google \ GoogleToolbarNotifier \ GoogleToolbarNo tifier.exe
O4 - HKCU \ .. \ Run: [ehTray.exe] C: \ Windows \ ehome \ ehTray.exe
O4 - HKCU \ .. \ Run: [OM2_Monitor] "C: \ Program Files \ OLYMPUS \ OLYMPUS Master 2 \ MMonitor.exe"
O4 - HKCU \ .. \ Run: [WMPNSCFG] C: \ Program Files \ Windows Media Player \ WMPNSCFG.exe
O4 - HKCU \ .. \ Run: [SpybotSD TeaTimer] C: \ Program Files \ Spybot - Search & Destroy \ TeaTimer.exe
O4 - HKCU \ .. \ Run: [Guma] C: \ Program Files \ Eraser \ Eraser.exe-hide
O4 - HKCU \ .. \ Run: [SuperAntiSpyware] C: \ Program Files \ SuperAntiSpyware \ SUPERAntiSpyware.exe
O4 - HKUS \ S-1-5-19 \ .. \ Run: [Bočný panel]% ProgramFiles% \ Windows Bočný panel \ Sidebar.exe / detectMem (User 'miestnych')
O4 - HKUS \ S-1-5-19 \ .. \ Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll, ShowWelcomeCenter (User 'miestnych')
O4 - HKUS \ S-1-5-20 \ .. \ Run: [Bočný panel]% ProgramFiles% \ Windows Bočný panel \ Sidebar.exe / detectMem (User 'Network Service')
O4 - Global spustení: Technológia Empowering Launcher.lnk =?
O4 - Global spustení: Kodak EasyShare software.lnk = C: \ Program Files \ Kodak \ Kodak EasyShare software \ bin \ EasyShare.exe
O8 - Extra kontextového menu položku: E & xportovať do programu Microsoft Excel - res: / / C: \ PROGRA ~ 1 \ micros ~ 2 \ Office12 \ EXCEL.EXE/3000
O9 - Extra tlačidlá: Send to OneNote - (2670000A-7350-4f3c-8081-5663EE0C6C49) - C: \ PROGRA ~ 1 \ micros ~ 2 \ Office12 \ ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S & konca OneNote - (2670000A-7350-4f3c-8081-5663EE0C6C49) - C: \ PROGRA ~ 1 \ micros ~ 2 \ Office12 \ ONBttnIE.dll
O9 - Extra tlačidlá: Výskum - (92780B25-18CC-41C8-B9BE-3C9C571A8263) - C: \ PROGRA ~ 1 \ micros ~ 2 \ Office12 \ REFIEBAR.DLL
O9 - Extra tlačidlá: (bez názvu) - (DFB852A3-47F8-48C4-A200-58CAB36FD2A2) - C: \ PROGRA ~ 1 \ Spybot ~ 1 \ SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Konfigurácia - (DFB852A3-47F8-48C4-A200-58CAB36FD2A2) - C: \ PROGRA ~ 1 \ Spybot ~ 1 \ SDHelper.dll
O13 - Gopher predčíslia:
O16 - DPF: (3860DD98-0549-4D50-AA72-5D17D200EE10) --
O18 - Filter: x-sdch - (B1759355-3EEC-4C1E-B0F1-B719FE26E377) - C: \ Program Files \ Google \ Google Toolbar \ Zložkové \ fastsearch_A8904FB862BD9564.dll
O20 - Winlogon Upozornenie:! SASWinLogon - C: \ Program Files \ SuperAntiSpyware \ SASWINLO.dll
O23 - Service: ArcSoft Pripojte Daemon (ACDaemon) - ArcSoft Inc - C: \ Program Files \ Common Files \ ArcSoft \ Connection Service \ Bin \ ACService.exe
O23 - Service: ePerformance Service (AcerMemUsageCheckService) - Neznámy vlastník - C: \ Acer \ Empowering Technology \ ePerformance \ MemCheck.exe
O23 - Service: Apple Mobile Device - Apple Inc - C: \ Program Files \ Common Files \ Apple \ Mobile Device Support \ bin \ AppleMobileDeviceService.exe
O23 - Service: avast! iAVS4 kontrolu Service (aswUpdSv) - ALWIL Software - C: \ Program Files \ Alwil Software \ Avast4 \ aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C: \ Program Files \ Alwil Software \ Avast4 \ ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C: \ Program Files \ Alwil Software \ Avast4 \ ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C: \ Program Files \ Alwil Software \ Avast4 \ ashWebSv.exe
O23 - Service: Bonjour Service - Apple Inc - C: \ Program Files \ Bonjour \ mDNSResponder.exe
O23 - Service: PATRENIA Zálohovanie Teraz 5 Agent Service (BUNAgentSvc) - Newt Infosystems, Inc - C: \ Program Files \ Newt Infosystems \ PATRENIA Zálohovanie teraz 5 \ Client \ Agentsvc.exe
O23 - Service: eRecovery Service (eRecoveryService) - Acer Inc - C: \ Acer \ Empowering Technology \ eRecovery \ eRecoveryService.exe
O23 - Service: eSettings Service (eSettingsService) - Neznámy vlastník - C: \ Acer \ Empowering Technology \ eSettings \ Service \ capuserv.exe
O23 - Service: Google Software Updater (gusvc) - Google - C: \ Program Files \ Google \ Common \ Google Updater \ GoogleUpdaterService.exe
O23 - Service: iPod Service - Apple Inc - C: \ Program Files \ iPod \ bin \ iPodService.exe
O23 - Service: lxce_device - - C: \ Windows \ system32 \ lxcecoms.exe
O23 - Service: PATRENIA Zálohovanie teraz 5 záloh Service (NTIBackupSvc) - Newt InfoSystems, Inc - C: \ Program Files \ Newt Infosystems \ PATRENIA Zálohovanie teraz 5 \ BackupSvc.exe
O23 - Service: PATRENIA Zálohovanie teraz 5 Plánovač Service (NTISchedulerSvc) - Neznámy vlastník - C: \ Program Files \ Newt Infosystems \ PATRENIA Zálohovanie teraz 5 \ SchedulerSvc.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C: \ Windows \ system32 \ nvvsvc.exe
O23 - Service: Centrum zabezpečenia SBSD Service (SBSDWSCService) - Safer Sítě sro - C: \ Program Files \ Spybot - Search & Destroy \ SDWinSec.exe

--
Koniec súboru - 9919 bytes

**sjb007** · #2 23. mája 2009, 23:45

Ahoj Bubba ....

Musíme zrušiť váš TeaTimer pretože môže zasahovať do opravy, ktoré musíme urobiť.

1) Spustiť Spybot-S & D
2) Choď do režimu menu, a uistite sa, že "Advanced Mode" je vybratá
3) Na ľavej strane vyberte Nástroje -> Rezidentný
4) odznačte "tuzemského TeaTimer" a OK akékoľvek výzvy
5) Reštartujte počítač.

Stiahnuť ResetTeaTimer.bat pravým-kliknutím na odkaz a zvolenie Uložiť ako.

* Uložte ho na plochu.
* Double-kliknite ResetTeaTimer.zip
* Double-kliknite ResetTeaTimer.bat a na príkaz Spustiť odstrániť všetky položky uvedené TeaTimer.

Po všetky opravy sú kompletné, pretože je veľmi dôležité, aby vám umožní TeaTimer znovu, budem vás informovať, keď je v bezpečí, aby tak urobili.

A návod na čaj Časovač je možné nájsť tu -> http://russelltexas.com/malware/teatimer.htm

==========================================\u0

Stiahnite si a skenovanie s ComboFix.exe. Prosím, navštívte túto webovú stránku pre odkazy, a pokyny na spustenie nástroja:

http://www.bleepingcomputer.com/comb...o-use-combofix

Zabezpečiť ste zakázali všetky proti vírusom a proti malware programy vrátane WinPatrol takže neruší Beh ComboFix.

Uveďte prosím C: \ ComboFix.txt V ďalšej odpovedi na ďalšie preskúmanie.

==========================================\u0

Prejsť na Start menu > Vybrať Plynúť a kopírovať / vložiť po Beh do poľa a kliknite na tlačidlo OK:

C: \ Qoobox \ Přidat-odebrat Programs.txt

Textový súbor by mal otvoriť. Prosím post obsah tohto súboru na vaše ďalšie odpoveď.

**Bubba** · #3 24. mája 2009, 02:33

Pár vecí, ako som post protokoly:

1. V Čaj časovač tutorial vás súvisí, je vraj tiež vypnúť rezidentný SDHelper tak som to urobil.
2. ComboFix nepredstavujú pre zálohovanie regisdtry obrazovky, ak je to rýchle obrazovky a som ju, kým sa pozrieme na mojom počítači (zapamätajte si to je priatelia). Neukázalo sa odpojiť od internetu, ani som oznámenie, že zmena času. Obe ikony boli viditeľné a zároveň combo oprava bola spustená. Je to problém? Tiež po spustení ComboFix, tapety bola narušená, tak jsem restartoval. Keď computerstarted späť hore, tapety bola preč, Firefox už nie je nastavená ako predvolený prehliadač a správu bouchnutý sa, že IE homepage bol zmenený na MSN (myslím). Je tohle normální? Tiež WinPatrol poznamenať, že nová služba bol pridaný: appmgmts.dll.

3. Ako ste reagovali na to, mám zbaviť Google toolbar. Niekoľko poznámok k hjt pohleděv odd. V 018 bolo napríklad nazýva x-sdCH miesto x-SDHC .......... Okrem lol, nesnáším nástroj Bary a oni ho vždy pridať späť, ak si to želajú. Bez ohľadu na to, že zmenil hjt log. Tiež som dostal zbaviť sa od 2 do 02 to, že nemal žiadny súbor s nimi spojených.

4. Čo sme hľadali v ComboFix? LOL som začal sťahovať a spúšťať ho prv, než som vyslaný tento vlákno, ale rozhodol som len vedieť, vím dost ešte bordel s ním.

A bez ďalšieho povyku:

ComboFix 09-05-23.04 - Shirley 05/24/2009 4:48.1 - NTFSx86
Microsoft ® Windows Vista ™ Home Premium 6.0.6001.1.1252.1.1033.18.2814.1916 [GMT -4:00]
Spustenie z: C: \ Users \ Shirley \ Desktop \ ComboFix.exe
SP: Spybot - Search a Destroy * postihnutých * (staršieho) (ED588FAF-1B8F-43B4-ACA8-8E3C85DADBE9)
SP: SuperAntiSpyware * * postihnutých (Aktualizované) (222A897C-5018-402e-943F-7E7AC8560DA7)
PS: Windows Defender * zapnuto * (Aktualizované) (D68DDC3A-831F-4FAE-9E44-DA132C1ACF46)
.

((((((((((((((((((((((((( Súbory vytvorené od 2009-04-24 do 2009-05-24 ))))))))))) ))))))))))))))))))))
.

2009-05-22 23:57. 2009-05-24 08:40 117760 ---- aw C: \ Users \ Shirley \ AppData \ Roaming \ SuperAntiSpyware. com \ SuperAntiSpyware \ SDDLLS \ UIREPAIR.DLL
2009-05-22 23:56. 2009-05-22 23:56 -------- d ----- wc: \ programdata \ SUPERAntiSpyware.com
2009-05-22 23:52. 2009-05-22 23:52 -------- d ----- wc: \ Program Files \ SuperAntiSpyware
2009-05-22 23:52. 2009-05-22 23:52 -------- d ----- wc: \ users \ Shirley \ AppData \ Roaming \ SuperAntiSpyware. com
2009-05-22 20:36. 2009-05-22 20:36 -------- d ----- wc: \ Program Files \ Common Files \ Wise Sprievodca inštaláciou
2009-05-22 15:06. 2009-02-05 20:06 51376 ---- aw C: \ windows \ system32 \ drivers \ aswTdi.sys
2009-05-22 15:06. 2009-02-05 20:06 23152 ---- aw C: \ windows \ system32 \ drivers \ aswRdr.sys
2009-05-22 15:06. 2009-02-05 20:07 114768 ---- aw C: \ windows \ system32 \ drivers \ aswSP.sys
2009-05-22 15:06. 2009-02-05 20:07 20560 ---- aw C: \ windows \ system32 \ drivers \ aswFsBlk.sys
2009-05-22 15:06. 2009-02-05 20:04 97480 ---- aw C: \ windows \ system32 \ AvastSS.scr
2009-05-22 15:06. 2009-02-05 20:11 1256296 ---- aw C: \ windows \ system32 \ aswBoot.exe
2009-05-22 15:06. 2009-02-05 20:06 51792 ---- aw C: \ windows \ system32 \ drivers \ aswMonFlt.sys
2009-05-22 15:06. 2009-05-22 15:06 -------- d ----- wc: \ Program Files \ Alwil Software
2009-05-22 04:38. 2009-05-22 04:38 738120 ---- aw C: \ programdata \ Microsoft \ eHome \ Packages \ MCESpotlig ht \ MCESpotlight \ SpotlightResources.dll
2009-05-20 12:43. 2008-06-20 01:14 97800 ---- aw C: \ windows \ system32 \ infocardapi.dll
2009-05-20 12:43. 2008-06-20 01:14 105016 ---- aw C: \ windows \ system32 \ PresentationCFFRasterizerNativ e_v0300.dll
2009-05-20 12:43. 2008-06-20 01:14 11264 ---- aw C: \ windows \ system32 \ icardres.dll
2009-05-20 12:43. 2008-06-20 01:14 622080 ---- aw C: \ windows \ system32 \ icardagt.exe
2009-05-20 12:43. 2008-06-20 01:14 43544 ---- aw C: \ windows \ system32 \ PresentationHostProxy.dll
2009-05-20 12:43. 2008-06-20 01:14 781344 ---- aw C: \ windows \ system32 \ PresentationNative_v0300.dll
2009-05-20 12:43. 2008-06-20 01:14 326160 ---- aw C: \ windows \ system32 \ PresentationHost.exe
2009-05-20 12:33. 2008-07-27 18:03 96760 ---- aw C: \ windows \ system32 \ dfshim.dll
2009-05-20 12:33. 2008-07-27 18:03 282112 ---- aw C: \ windows \ system32 \ mscoree.dll
2009-05-20 12:33. 2008-07-27 18:03 41984 ---- aw C: \ windows \ system32 \ netfxperf.dll
2009-05-20 12:32. 2008-07-27 18:03 158720 ---- aw C: \ windows \ system32 \ mscorier.dll
2009-05-20 12:32. 2008-07-27 18:03 83968 ---- aw C: \ windows \ system32 \ mscories.dll
2009-05-20 11:39. 2009-05-20 11:39 -------- d ----- wc: \ Program Files \ Microsoft Silverlight
2009-05-20 04:03. 2009-05-20 11:00 -------- d ----- wc: \ Program Files \ Windows Live Bezpečnostné centrum
2009-05-19 23:20. 2009-05-19 23:20 -------- d ----- wc: \ users \ Shirley \ AppData \ Local \ Acer DV kúzelník
2009-05-19 23:10. 2009-05-19 23:10 -------- d ----- wc: \ windows \ nedeľa
2009-05-19 20:40. 2009-05-19 20:40 -------- d ----- wc: \ users \ Shirley \ AppData \ Roaming \ com.adobe.mauby.4 875E02D9FB21EE389F73B8D1702B320485DF8CE.1
2009-05-19 20:40. 2009-05-19 11:41 38200 ---- aw C: \ Users \ Shirley \ AppData \ Roaming \ Macromedia \ Flash Player \www.macromedia.com \ bin \ airappinstaller \ airappinsta ller.exe
2009-05-19 18:24. 2009-05-24 08:38 -------- d ----- wc: \ users \ Shirley \ AppData \ Local \ Eraser
2009-05-19 18:24. 2009-05-19 18:24 -------- d - h - wc: \ users \ Shirley \ AppData \ Local \ (A25FEDC1-F6D7-440C-BCE2-B71F595F6646)
2009-05-19 18:24. 2009-05-19 18:24 -------- d ----- wc: \ Program Files \ Eraser
2009-05-19 17:20. 2009-05-19 17:20 -------- d ----- wc: \ users \ Shirley \ AppData \ Roaming \ eSobi
2009-05-19 17:11. 2008-07-10 06:32 538 ---- aw C: \ windows \ system32 \ RegRaidSedona.bat
2009-05-19 17:07. 2009-05-19 17:07 -------- d ----- w C: \ NVIDIA
2009-05-19 14:04. 2009-05-19 14:05 -------- d ----- wc: \ Program Files \ Spybot - Search & Destroy
2009-05-19 14:04. 2009-05-19 14:05 -------- d ----- wc: \ programdata \ Spybot - Search & Destroy
2009-05-19 13:01. 2009-05-19 13:01 -------- d ----- wc: \ users \ Shirley \ AppData \ Roaming \ WinPatrol
2009-05-19 13:01. 2006-09-18 21:43 10 ---- aw C: \ Users \ Shirley \ AppData \ Roaming \ WinPatrol \ Config. sys
2009-05-19 13:01. 2006-09-18 21:43 24 ---- aw C: \ Users \ Shirley \ AppData \ Roaming \ WinPatrol \ Autoexe c.bat
2009-05-19 13:01. 2009-05-19 13:01 -------- d ----- wc: \ Program Files \ BillP Studios
2009-05-19 12:26. 2009-05-19 12:26 -------- d ----- wc: \ users \ Shirley \ AppData \ Roaming \ Malwarebytes
2009-05-19 12:26. 2009-04-06 19:32 15504 ---- aw C: \ windows \ system32 \ drivers \ mbam.sys
2009-05-19 12:26. 2009-04-06 19:32 38496 ---- aw C: \ windows \ system32 \ drivers \ mbamswissarmy.sys
2009-05-19 12:26. 2009-05-19 13:22 -------- d ----- wc: \ Program Files \ Malwarebytes' Anti-Malware
2009-05-19 12:26. 2009-05-19 12:26 -------- d ----- wc: \ programdata \ Malwarebytes
2009-05-19 11:53. 2009-05-19 11:53 0 ---- aw C: \ Windows \ nsreg.dat
2009-05-19 11:53. 2009-05-19 11:53 -------- d ----- wc: \ users \ Shirley \ AppData \ Local \ Mozilla
2009-05-19 11:41. 2009-05-19 11:41 -------- d ----- wc: \ Program Files \ Common Files \ Adobe AIR
2009-05-19 11:38. 2009-05-19 12:45 -------- d ----- wc: \ programdata \ NOS
2009-05-19 11:29. 2009-05-19 11:29 -------- d ----- wc: \ users \ Shirley \ AppData \ Local \ Sedem Zip
2009-05-19 10:41. 2009-03-19 20:32 23400 ---- aw C: \ windows \ system32 \ drivers \ GEARAspiWDM.sys
2009-05-19 10:41. 2008-04-17 16:12 107368 ---- aw C: \ windows \ system32 \ GEARAspi.dll
2009-05-19 10:41. 2009-05-20 01:10 -------- d ----- wc: \ Program Files \ iPod
2009-05-19 10:41. 2009-05-19 10:41 -------- d ----- wc: \ programdata \ (8CD7F5AF-ECFA-4793-BF40-D8F42DBFF906)
2009-05-19 10:41. 2009-05-19 10:41 -------- d ----- wc: \ Program Files \ iTunes
2009-05-19 10:38. 2009-05-19 10:38 -------- d ----- wc: \ Program Files \ QuickTime
2009-05-19 10:34. 2009-05-19 10:34 75048 ---- aw C: \ programdata \ Apple Computer \ Installer Cache \ iTunes 8.1.1.10 \ SetupAdmin.exe
2009-05-19 10:34. 2009-05-19 10:34 -------- d ----- wc: \ Program Files \ Bonjour
2009-05-19 10:33. 2009-05-19 10:33 416128 ---- aw C: \ programdata \ Microsoft \ eHome \ Packages \ NetTV \ Brow sa \ NetTVResources.dll
2009-05-19 10:29. 2009-05-19 10:29 410984 ---- aw C: \ windows \ system32 \ deploytk.dll
2009-05-12 02:36. 2009-05-12 02:36 2930 --- h - wc: \ windows \ ms49f4d98.dat
2009-05-11 23:55. 2009-04-14 00:39 4656976 ---- aw C: \ programdata \ Microsoft \ Windows Defender \ Definition Updates \ (DD7D9A19-5FB4-4855-A8E0-F0A00524AD5E) \ mpengine.dll

.
(((((((((((((((((((((((((((((((((((((((( Find3M Správa )))))))) ))))))))))))))))))))))))))))))))))))))))))))
.
2009-05-24 08:39. 2009-02-17 13:54 602 ---- aw C: \ programdata \ ArcSoft \ kodak-printcreations-22-080812-oem \ acforall.dll
2009-05-24 04:22. 2008-09-12 01:46 -------- d ----- wc: \ Program Files \ Google
2009-05-20 11:55. 2008-09-11 17:01 104472 ---- aw C: \ Users \ Shirley \ AppData \ Local \ GDIPFONTCACHEV1.DAT
2009-05-20 11:51. 2008-02-05 19:30 -------- d ----- wc: \ programdata \ Microsoft Help
2009-05-20 11:49. 2008-02-05 19:31 -------- d ----- wc: \ Program Files \ Microsoft Works
2009-05-20 03:54. 2008-09-12 14:01 -------- d ----- wc: \ Program Files \ Lx_cats
2009-05-20 00:42. 2008-02-05 20:19 -------- d ----- wc: \ Program Files \ Common Files \ Adobe
2009-05-19 23:28. 2008-02-05 19:26 -------- d - h - wc: \ Program Files \ InstallShield Informácie o inštalácii
2009-05-19 23:27. 2008-02-05 19:49 -------- d ----- wc: \ Program Files \ Acer Arcade Live
2009-05-19 23:20. 2008-09-15 23:24 -------- d ----- wc: \ users \ Shirley \ AppData \ Roaming \ Cyberlink
2009-05-19 21:38. 2008-09-12 20:56 -------- d ----- wc: \ Program Files \ Common Files \ SureThing Zdieľaná
2009-05-19 21:04. 2008-09-12 14:09 1664 ---- aw C: \ Users \ Shirley \ AppData \ Roaming \ wklnhst.dat
2009-05-19 17:29. 2009-03-04 15:55 -------- d ----- wc: \ users \ Shirley \ AppData \ Roaming \ Sony
2009-05-19 17:20. 2008-02-05 19:22 -------- d ----- wc: \ programdata \ NVIDIA
2009-05-19 16:54. 2008-02-05 18:03 36864 ---- aw C: \ windows \ system32 \ nvcod100.dll
2009-05-19 16:54. 2007-10-25 11:02 147456 ---- aw C: \ windows \ system32 \ nvcolor.exe
2009-05-19 16:13. 2008-09-12 01:47 -------- d ----- wc: \ users \ Shirley \ AppData \ Roaming \ LimeWire
2009-05-19 11:32. 2008-02-05 20:08 -------- d ----- wc: \ Program Files \ Yahoo!
2009-05-19 11:05. 2008-09-12 01:45 -------- d ----- wc: \ Program Files \ Java
2009-05-19 10:41. 2008-09-13 03:14 -------- d ----- wc: \ Program Files \ Common Files \ Apple
2009-05-19 10:38. 2008-09-13 03:15 -------- d ----- wc: \ programdata \ Apple Computer
2009-05-11 12:10. 2009-05-11 12:10 78260 ---- aw C: \ programdata \ SPL23D4.tmp
2009-04-17 10:12. 2006-11-02 11:18 -------- d ----- wc: \ Program Files \ Windows Mail
2009-04-02 22:13. 2009-04-02 22:13 702127 ---- aw C: \ programdata \ SPLFB91.tmp
2009-03-19 20:32. 2009-03-19 20:32 23400 ---- aw C: \ programdata \ (8CD7F5AF-ECFA-4793-BF40-D8F42DBFF906) \ x86 \ x86 \ GEARAspiWDM.sys
2009-03-17 03:38. 2009-04-17 05:22 13824 ---- aw C: \ windows \ system32 \ apilogen.dll
2009-03-17 03:38. 2009-04-17 05:22 24064 ---- aw C: \ windows \ system32 \ amxread.dll
2009-03-08 11:34. 2009-05-20 03:47 914944 ---- aw C: \ windows \ system32 \ Wininet.dll
2009-03-08 11:34. 2009-05-20 03:47 43008 ---- aw C: \ windows \ system32 \ licmgr10.dll
2009-03-08 11:33. 2009-05-20 03:47 18944 ---- aw C: \ windows \ system32 \ corpol.dll
2009-03-08 11:33. 2009-05-20 03:47 109056 ---- aw C: \ windows \ system32 \ iesysprep.dll
2009-03-08 11:33. 2009-05-20 03:47 109568 ---- aw C: \ windows \ system32 \ PDMSetup.exe
2009-03-08 11:33. 2009-05-20 03:47 107520 ---- aw C: \ windows \ system32 \ RegisterIEPKEYs.exe
2009-03-08 11:33. 2009-05-20 03:47 103936 ---- aw C: \ windows \ system32 \ SetDepNx.exe
2009-03-08 11:33. 2009-05-20 03:47 132608 ---- aw C: \ windows \ system32 \ ieUnatt.exe
2009-03-08 11:33. 2009-05-20 03:47 107008 ---- aw C: \ windows \ system32 \ SetIEInstalledDate.exe
2009-03-08 11:33. 2009-05-20 03:47 420352 ---- aw C: \ windows \ system32 \ Vbscript.dll
2009-03-08 11:32. 2009-05-20 03:47 72704 ---- aw C: \ windows \ system32 \ admparse.dll
2009-03-08 11:32. 2009-05-20 03:47 71680 ---- aw C: \ windows \ system32 \ iesetup.dll
2009-03-08 11:32. 2009-05-20 03:47 66560 ---- aw C: \ windows \ system32 \ wextract.exe
2009-03-08 11:32. 2009-05-20 03:47 169472 ---- aw C: \ windows \ system32 \ iexpress.exe
2009-03-08 11:31. 2009-05-20 03:47 34816 ---- aw C: \ windows \ system32 \ imgutil.dll
2009-03-08 11:31. 2009-05-20 03:47 48128 ---- aw C: \ windows \ system32 \ mshtmler.dll
2009-03-08 11:31. 2009-05-20 03:47 45568 ---- aw C: \ windows \ system32 \ mshta.exe
2009-03-08 11:22. 2009-05-20 03:47 156160 ---- aw C: \ windows \ system32 \ msls31.dll
2009-03-03 04:46. 2009-04-17 05:22 3599328 ---- aw C: \ windows \ system32 \ ntkrnlpa.exe
2009-03-03 04:46. 2009-04-17 05:22 3547632 ---- aw C: \ windows \ system32 \ ntoskrnl.exe
2009-03-03 04:39. 2009-04-17 05:22 183296 ---- aw C: \ windows \ system32 \ sdohlp.dll
2009-03-03 04:39. 2009-04-17 05:22 551424 ---- aw C: \ windows \ system32 \ Rpcss.dll
2009-03-03 04:39. 2009-04-17 05:22 26112 ---- aw C: \ windows \ system32 \ printfilterpipelineprxy.dll
2009-03-03 04:37. 2009-04-17 05:22 98304 ---- aw C: \ windows \ system32 \ iasrecst.dll
2009-03-03 04:37. 2009-04-17 05:22 54784 ---- aw C: \ windows \ system32 \ iasads.dll
2009-03-03 04:37. 2009-04-17 05:22 44032 ---- aw C: \ windows \ system32 \ iasdatastore.dll
2009-03-03 03:04. 2009-04-17 05:22 666624 ---- aw C: \ windows \ system32 \ printfilterpipelinesvc.exe
2009-03-03 02:38. 2009-04-17 05:22 17408 ---- aw C: \ windows \ system32 \ iashost.exe
.

((((((((((((((((((((((((((((((((((((( Reg Načítavam Body )))))))))) ))))))))))))))))))))))))))))))))))))))))
.
.
* Poznámka * prázdné záznamy & dôveryhodne východiskové údaje nie sú zobrazené
REGEDIT4

[HKEY_CURRENT_USER \ SOFTWARE \ Microsoft \ Windows \ Curr ntVersion \ Run]
"ehTray.exe" = "c: \ windows \ ehome \ ehTray.exe" [2008-01-21 125952]
"OM2_Monitor" = "C: \ Program Files \ OLYMPUS \ OLYMPUS Master 2 \ MMonitor.exe" [2008-11-07 95536]
"WMPNSCFG" = "C: \ Program Files \ Windows Media Player \ WMPNSCFG.exe" [2008-01-21 202240]
"Eraser" = "C: \ Program Files \ Eraser \ Eraser.exe" [2007-12-22 916240]
"SuperAntiSpyware" = "C: \ Program Files \ SuperAntiSpyware \ SUPERAntiSpyware.exe" [2009-05-14 1830128]

[HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ Windows \ Curr entVersion \ Run]
"BkupTray" = "C: \ Program Files \ Newt Infosystems \ PATRENIA Zálohovanie Teraz 5 \ BkupTray.exe" [2007-12-30 34552]
"Acer Empowering Technology Monitor" = "c: \ acer \ Empowering Technology \ SysMonitor.exe" [2008-01-10 326176]
"SMSERIAL" = "C: \ Program Files \ Motorola \ SMSERIAL \ sm56hlpr.exe" [2007-02-02 630784]
"Acer Registrácia produktu" = "C: \ Program Files \ Acer Registrácia \ ACE1.exe" [2007-10-15 3387392]
"NVRaidService" = "c: \ windows \ system32 \ nvraidservice. Exe" [2008-11-12 203296]
"LXCECATS" = "c: \ windows \ system32 \ spool \ DRIVERS \ W32X 86 \ 3 \ LXCEtime.dll" [2007-02-22 73728]
"lxcemon.exe" = "C: \ Program Files \ Lexmark 4300 Series \ lxcemon.exe" [2007-05-17 205744]
"EzPrint" = "C: \ Program Files \ Lexmark 4300 Series \ ezprint.exe" [2007-05-17 103344]
"ArcSoft pripojenie Service" = "C: \ Program Files \ Common Files \ ArcSoft \ Connection Service \ Bin \ ACDaemon.exe" [2009-04-29 188728]
"QuickTime Úloha" = "C: \ Program Files \ QuickTime \ QTTask.exe" [2009-01-05 413696]
"iTunesHelper" = "C: \ Program Files \ iTunes \ iTunesHelper.exe" [2009-04-02 342312]
"SunJavaUpdateSched" = "C: \ Program Files \ Java \ jre6 \ bin \ jusched.exe" [2009-05-19 148888]
"Adobe Reader Speed Launcher" = "C: \ Program Files \ Adobe \ Reader 9.0 \ Reader \ reader_sl.exe" [2009-02-27 35696]
"WinPatrol" = "C: \ Program Files \ BillP Studios \ WinPatrol \ winpatrol.exe" [2009-04-20 337216]
"NvCplDaemon" = "c: \ windows \ system32 \ NvCpl.dll" [2009-01-16 13683232]
"NvMediaCenter" = "c: \ windows \ system32 \ NvMcTray. Dll" [2009-01-16 92704]
"avast!" = "c: \ PROGRA ~ 1 \ ALWILS ~ 1 \ Avast4 \ ashDisp. exe" [2009-02-05 81000]
"RtHDVCpl" = "RtHDVCpl.exe" - C: \ Windows \ RtHDVCpl.exe [2007-10-11 4702208]

c: \ programdata \ Microsoft \ Windows \ Start Menu \ Programs \ Startup \
Technológia Empowering Launcher.lnk - c: \ acer \ Empowering Technology \ eAPLauncher.exe [2008-2-5 535336]
Kodak EasyShare software.lnk - C: \ Program Files \ Kodak \ Kodak EasyShare software \ bin \ EasyShare.exe [2008-10-30 282624]

[HKEY_LOCAL_MACHINE \ Software \ Microsoft \ Windows \ Curr entversion \ policies \ system]
"EnableUIADesktopToggle" = 0 (0x0)
"EnableLUA" = 0 (0x0)

[HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ Windows \ Curr entversion \ Explorer \ ShellExecuteHooks]
"(5AE067D3-9AFB-48E0-853A-EBB7F4A000DA)" = "C: \ Program Files \ SuperAntiSpyware \ SASSEH.DLL" [2008-05-13 77824]

[HKEY_LOCAL_MACHINE \ Software \ Microsoft \ Windows NT \ CurrentVersion \ Winlogon \ oznámiť \! SASWinLogon]
2008-12-22 16:05 356352 ---- aw C: \ Program Files \ SuperAntiSpyware \ SASWINLO.dll

HKEY_LOCAL_MACHINE \ Software \ Microsoft \ Windows NT \ CurrentVersion \ drivers32
"wave2" = serwvdrv.dll

[HKEY_LOCAL_MACHINE \ SYSTEM \ CurrentControlSet \ contro l \ safeboot \ Minimálna \ WinDefend]
@ = "Service"

[HKEY_LOCAL_MACHINE \ Software \ Microsoft \ security center \ Kontrola]
"DisableMonitoring" = dword: 00000001

[HKEY_LOCAL_MACHINE \ Software \ Microsoft \ security center \ Monitorovanie \ SymantecAntiVirus]
"DisableMonitoring" = dword: 00000001

[HKEY_LOCAL_MACHINE \ Software \ Microsoft \ security center \ Monitorovanie \ SymantecFirewall]
"DisableMonitoring" = dword: 00000001

[HKLM \ ~ \ services \ sharedaccess \ Parameters \ firewallpo antonny \ FirewallRules]
"(2E9A4533-1359-46B6-B326-2B899D73FD10)" = UDP: C: \ Program Files \ Microsoft Office \ Office12 \ ONENOTE.EXE: Microsoft Office OneNote
"(ADE9CF49-7A0E-4076-9B85-7648EC5E7736)" = TCP: C: \ Program Files \ Microsoft Office \ Office12 \ ONENOTE.EXE: Microsoft Office OneNote
"(6299EEE5-1856-4B10-9916-798B1C1AEF89)" = UDP: C: \ Program Files \ Newt Infosystems \ PATRENIA Zálohovanie Teraz 5 \ BackupSvc.exe: BackupSvc.exe
"(F3CFA48D-AE6A-482E-96D7-2390C5C0FDF5)" = UDP: C: \ Program Files \ Newt Infosystems \ PATRENIA Zálohovanie Teraz 5 \ Client \ Agentsvc.exe: AgentSvc.exe
"(D430641B-178B-4C39-B53C-F6B3221DB01A)" = TCP: C: \ Program Files \ Newt Infosystems \ PATRENIA Zálohovanie Teraz 5 \ BackupSvc.exe: BackupSvc.exe
"(948000F3-8719-4206-B4C5-6506B663184F)" = TCP: C: \ Program Files \ Newt Infosystems \ PATRENIA Zálohovanie Teraz 5 \ Client \ Agentsvc.exe: AgentSvc.exe
"(8BCD640B-594A-465F-8A9E-E5A6C07DC081)" = UDP: C: \ Program Files \ Newt Infosystems \ PATRENIA Zálohovanie Teraz 5 \ SchedulerSvc.exe: SchedulerSvc.exe
"(7B6B3B53-9D2B-40C9-B91F-FE85E1D6A25A)" = TCP: C: \ Program Files \ Newt Infosystems \ PATRENIA Zálohovanie Teraz 5 \ SchedulerSvc.exe: SchedulerSvc.exe
"(CA5E49E2-2662-4B15-BE6C-0FC7F1CC3A1B)" = UDP: C: \ Windows \ System32 \ lxcecoms.exe: Lexmark Komunikačný systém
"(61DAEE1D-D19E-4F1A-B41E-603246AF524C)" = TCP: C: \ Windows \ System32 \ lxcecoms.exe: Lexmark Komunikačný systém
"(EB8798E6-358B-4DDA-A219-21BBC5D3C79A)" = UDP: C: \ windows \ system32 \ spool \ drivers \ w32x86 \ 3 \ lxc epswx.exe: Tlačiareň Status Window
"(C513D5EB-73E1-4ED7-A04C-C37C9E69B4B0)" = TCP: C: \ Windows \ System32 \ spool \ drivers \ w32x86 \ 3 \ lxc epswx.exe: Tlačiareň Status Window
"(99976595-B4E1-4C9A-A3DE-A67AEDEE9B55)" = C: \ Program Files \ Acer Arcade Live \ Acer Arcade Live Hlavná stránka \ Acer Arcade Live.exe: Acer Arcade Live
"(7A37205C-E643-4464-8C27-FAFCC859102D)" = UDP: C: \ Program Files \ Microsoft Office \ Office12 \ ONENOTE.EXE: Microsoft Office OneNote
"(1DF156D1-94E3-4B3D-A91E-724DFC89819E)" = TCP: C: \ Program Files \ Microsoft Office \ Office12 \ ONENOTE.EXE: Microsoft Office OneNote
"(B7DA4A0B-FA80-40F6-A9A6-B737F64A2D2D)" = UDP: C: \ Program Files \ Bonjour \ mDNSResponder.exe: Bonjour
"(D7D156E3-7B84-41F2-9FD8-CF9860453F65)" = TCP: C: \ Program Files \ Bonjour \ mDNSResponder.exe: Bonjour
"(F8CDA590-0FD3-4E40-8A6C-9850B1E5C2AB)" = UDP: C: \ Program Files \ iTunes \ iTunes.exe: iTunes
"(F6A110DE-6630-4823-B892-60950EB9ED71)" = TCP: C: \ Program Files \ iTunes \ iTunes.exe: iTunes
"(8640BFAB-48CC-1B85-95D5-9AABB44E4D95)" = UDP: C: \ Program Files \ BillP Studios \ WinPatrol \ WinPatrol.exe: WinPatrol
"(6CC4A3BE-8F00-4983-B199-3050D54509B8)" = TCP: C: \ Program Files \ BillP Studios \ WinPatrol \ WinPatrol.exe: WinPatrol
"(1EA08720-DA12-4CDE-8A5A-AF15D91C1E5F)" = UDP: C: \ Program Files \ Malwarebytes' Anti-Malware \ mbam.exe: Malwarebytes' Anti-Malware
"(DDDCF108-71DF-48CD-AD53-71D17C3F2C5C)" = TCP: C: \ Program Files \ Malwarebytes' Anti-Malware \ mbam.exe: Malwarebytes' Anti-Malware
"(F98C3B13-2099-40EC-B504-2445C9C5B1B0)" = UDP: C: \ Program Files \ Spybot - Search & Destroy \ SpybotSD.exe: Spybot - Search & Destroy
"(3DB81CCD-4E96-40B3-8CA9-0089C89C294B)" = TCP: C: \ Program Files \ Spybot - Search & Destroy \ SpybotSD.exe: Spybot - Search & Destroy
"(918FE1A4-6957-4640-97D9-C85BED212614)" = UDP: C: \ Program Files \ Spybot - Search & Destroy \ SDUpdate.exe: aktualizácia Spybot-S & D
"(877DB07F-9298-486A-BB5B-930AF3A683AA)" = TCP: C: \ Program Files \ Spybot - Search & Destroy \ SDUpdate.exe: aktualizácia Spybot-S & D
"(5A664831-D250-4805-BB75-32612C9742F8)" = UDP: C: \ Windows \ ehome \ ehshell.exe: Windows Media Center
"(2A157C0E-5966-4B7E-8D49-178D75EA6009)" = TCP: C: \ Windows \ ehome \ ehshell.exe: Windows Media Center

[HKLM \ ~ \ services \ sharedaccess \ Parameters \ firewallpo antonny \ StandardProfile]
"EnableFirewall" = 0 (0x0)

R1 aswSP; avast! Vlastnej ochrany, c: \ windows \ system32 \ drivers \ aswSP.sys [5.22.2009 11:06 114768]
R1 FAMv4; FAMv4, c: \ windows \ system32 \ drivers \ FAMv4.sys [12/14/2007 3:35 PM 132120]
R1 SASDIFSV; SASDIFSV, C: \ Program Files \ SuperAntiSpyware \ sasdifsv.sys [5/14/2009 2:22 AM 9968]
R1 SASKUTIL; SASKUTIL, C: \ Program Files \ SuperAntiSpyware \ SASKUTIL.SYS [5/14/2009 2:22 AM 72944]
R2 aswFsBlk; aswFsBlk; c: \ windows \ system32 \ drivers \ aswF sBlk.sys [5.22.2009 11:06 20560]
R2 aswMonFlt; aswMonFlt, c: \ windows \ system32 \ drivers \ ako wMonFlt.sys [5.22.2009 11:06 51792]
R2 BUNAgentSvc; PATRENIA Zálohovanie Teraz 5 Agent Service; C: \ Program Files \ Newt Infosystems \ PATRENIA Zálohovanie Teraz 5 \ Client \ Agentsvc.exe [12/30/2007 5:54 PM 21752]
R2 NTIBackupSvc; PATRENIA Zálohovanie Teraz 5 záloh Service, C: \ Program Files \ Newt Infosystems \ PATRENIA Zálohovanie Teraz 5 \ BackupSvc.exe [12/30/2007 5:55 PM 54520]
R2 NTISchedulerSvc; PATRENIA Zálohovanie Teraz 5 Plánovač Service, C: \ Program Files \ Newt Infosystems \ PATRENIA Zálohovanie Teraz 5 \ SchedulerSvc.exe [12/30/2007 5:54 PM 136440]
R2 SBSDWSCService; SBSD Centrum zabezpečenia Service, C: \ Program Files \ Spybot - Search & Destroy \ SDWinSec.exe [5.19.2009 10:04 1153368]
R3 SASENUM; SASENUM, C: \ Program Files \ SuperAntiSpyware \ SASENUM.SYS [5/14/2009 2:22 AM 7408]

[HKEY_LOCAL_MACHINE \ Software \ Microsoft \ Active Setup \ Installed Components \> (60B49E34-C7CC-11D0-8953-00A0C90347FF)]
"c: \ windows \ system32 \ rundll32.exe" "c: \ windows \ system32 \ iedkcs32.dll", BrandIEActiveSe baran Signup
.
- - - - SIROTY ZNEŠKODNENIU - - - --

Safeboot-procexp90.Sys

.
------- Doplnkový Scan -------
.
uStart Page = hxxp: / / www.yahoo.com/
mStart Page = hxxp: / / en.us.acer.yahoo.com
uInternet Nastavenia, ProxyOverride = <local>; *. miestnej
uInternet Nastavenia, ProxyServer = http = localhost: 7171
IE: E & xportovať do programu Microsoft Excel - C: \ PROGRA ~ 1 \ micros ~ 2 \ Office12 \ EXCEL.EXE/3000
Zóna Dôveryhodné: microsoft.com \ aktualizácia
Zóna Dôveryhodné: microsoft.com \ WindowsUpdate
FF - ProfilePath - c: \ users \ Shirley \ AppData \ Roaming \ Mozilla \ Firefox \ P rofiles \ j0dqrqc6.default \
FF - prefs.js: browser.startup.homepage - hxxp: / / en.us.acer.yahoo.com /
.

************************************************** ************************

catchme 0.3.1398 W2K/XP/Vista - rootkit / stealth malware detektor by Gmer, http://www.gmer.net
Rootkit scan 2009-05-24 04:54
Windows 6.0.6001 Service Pack 1 NTFS

skenování skrytých procesov ...

skenování skrytých položiek autostart ...

HKLM \ Software \ Microsoft \ Windows \ CurrentVersion \ Run
LXCECATS = rundll32 C: \ windows \ system32 \ spool \ DRIVERS \ w32x86 \ 3 \ LXCEtim e.dll, _RunDLLEntry @ 16 ???????????????????????? ????? ?????????????????????????????????????????????????? ?????????????????????????????????????????????????? ??????????????????????????????????????????????????

skenování skrytých súborov ...

scan úspešne dokončená
skryté súbory: 0

************************************************** ************************
.
--------------------- Strážené kľúčov registra ---------------------

[HKEY_LOCAL_MACHINE \ SYSTEM \ ControlSet001 \ Control \ Cl zadok \ (4D36E96D-E325-11CE-BFC1-08002BE10318) \0000 \ AllUserSettings]
@ Zakázané: (A) (Užívatelia)
@ Zakázané: (A) (všetci)
Povolené @: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial" = dword: 00000000
.
Dokončenie čas: 2009-05-24 4:55
ComboFix-karantény-files.txt 2009-05-24 08:55

Pre-Spustiť: +173756547072 bytov zdarma
Post-Spustiť: +173859581952 bytov zdarma

269 --- EOF --- 2009-05-17 10:04

PRIDAŤ odstrániť programy

Microsoft Office Shared MUI (Slovak) 2007
Microsoft Office Setup Metadata Spoločný MUI (Slovak) 2007
Microsoft Office Word MUI (Slovak) 2007
Microsoft Silverlight
Microsoft Visual C + + 2005 Redistribuovateľný
Microsoft Visual C + + 2008 Redistribuovateľný - x86 9.0.30729.17
Microsoft Works
Motorola SM56 reproduktora modemu
Mozilla Firefox (3.0.10)
MSXML 4.0 SP2 (KB936181)
MSXML 4.0 SP2 (KB941833)
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 Parser a SDK
Mystery Case Files - Huntsville
Mystery Solitaire - Secret Island
netbrdg
PATRENIA Zálohovanie Teraz 5
PATRENIA Zálohovanie teraz standard
PATRENIA Media Maker 8
PATRENIA Open File Manager (len odstrániť)
NVIDIA Ovládače
OfotoXMI
OLYMPUS Master 2
OLYMPUS muvee theaterPack
PCDADDIN
PCDHELP
QuickTime
Realtek High Definition Audio Driver
Aktualizácia zabezpečenia programu Microsoft Office PowerPoint 2007 (KB957789)
Sfr
Shasta
skin0001
SKINXSDK
Spybot - Search & Destroy
staticcr
SuperAntiSpyware Free Edition
bublinový Pomocníka
Turbo Pizza
Aktualizácia pre systém Microsoft Office 2007 (KB967642)
Aktualizácia pre Microsoft Office 2007 Pomoc na Spoločné rysy (KB963673)
Aktualizácia pre Microsoft Office Excel 2007 pomocníka (KB963678)
Aktualizácia pre Microsoft Office OneNote 2007 pomocníka (KB963670)
Aktualizácia pre Microsoft Office PowerPoint 2007 pomocníka (KB963669)
Aktualizácia pre Microsoft Office Script Editor Pomoc (KB963671)
Aktualizácia pre Microsoft Office Word 2007 pomocníka (KB963665)
VPRINTOL
Windows Live OneCare bezpečnostné skener
WinPatrol 2009
WIRELESS
Zuma Deluxe

EDIT: Ďalšie tri otázky: I všiml Limewire DLL, môžeme zabiť, že?

Hoci LTI je legitímny program, je to potrebné? Myslím, že to prišlo zviazané s týmto blbej počítač Acer (človek sa tam nahrať tieto veci s junk), a je nadbytočný, ktoré vybudoval v programe Microsoft.

LT Mačky, je postavený v spywaru z lprinter výrobcu Lenmark. Myslel som, že mám to relevantné časti sa ale nebola istá, ako moc sa sekerou bez vypnutia tlačiarne. Môže ísť viac alebo je to, čo je ponechané pokutu?

**sjb007** · #4 24. mája 2009, 04:03

Ahoj Bubba

Prosím dont hrať s hjt, ak ste pochopili fungovanie ju. Musíte pamätať na to, že hjt je v podstate nástroj Editor databázy Registry v inom kontexte. Já bych ťa nenávidia, aby sa na PC do drahé dverami! Dvaja 02 položiek, ktoré ste zrušili, sa dôveryhodne, aj keď sa ohlási chýbajúci súbor ako to nie je vždy. Hjt je známe, že nesprávne hlásiť niektoré údaje.

Pokiaľ ide o LimeWire ste odinštalovať pomocou ovládacieho panela? Ak áno, potom môžeme spláchnuť pár viac redundantných položiek, ktoré sú po ľavej.

Vidím niekoľko bitov, ktoré sa vzťahujú k Norton, bol tento dodávaným na PC naraz? Spustite Norton odobratie nástroj na očistenie o reminants. Nájdete tu nástroje: Norton Nástroj pre odstránenie

Potom, čo urobiť ......

ComboFix

Zavrieť všetky otvorené prehliadačov.
Zatvorte akékoľvek bezpečnostné aplikácie (Antivirus, Antimalware atď.)
Otvoriť notepad a kopírovať / vložiť text do rámčeku nižšie do neho:

Citácia:

DDS::
uInternet Nastavenia, ProxyOverride = <local>; *. miestnej
uInternet Nastavenia, ProxyServer = http = localhost: 7171

RegLock::
[HKEY_LOCAL_MACHINE \ SYSTEM \ ControlSet001 \ Control \ Cl zadok \ (4D36E96D-E325-11CE-BFC1-08002BE10318) \ 0000 \ AllUserSettings]

Podíváme-li se na obrázok nižšie ako príklad

Uložiť ako CFScript.txt, V tom istom mieste ako ComboFix.exe

S odvolaním na obrázku vyššie, pretiahnite CFScript na ComboFix.exe.

Po skončení sa vytvorí log pre vás "C: \ ComboFix.txt"

Don't mouseclick ComboFix okná a zároveň je to beží. To môže spôsobiť, že na stánku.

POZOR! Ktokoľvek iný myslenia pomocou vyššie uvedeného skriptu robí tak na vlastné riziko - môžete skončiť s znovu-inštaláciu systému Windows!

Prosím po prihlásení C: \ ComboFix.txt na opätovné preskúmanie.

=====================================

I vedomie, že odinštalovať log bol vyobcován na vrchole, môžeš repost je pre mňa, prosím. Tiež ma zaktualizovaný o tom, ako veci sú múdri systém

**Bubba** · #5 24. mája 2009, 04:53

Limewire nebude zobrazovať v programoch a funkcie panela odinštalovať. súborov na "spustiť", že som bola app súborov, nie exe, tak jsem plahočil prostredníctvom C riadiť a vymazať všetko, čo som mohol nájsť. Vidím som aspoň jeden v registri hoci.

Pokiaľ ide o Norton ........ jo, Acer naložený skúšobnú verziu. I odinstalování prostredníctvom ovládacieho panela a potom použili Norton odstránenie nástroj. (To bola prvá vec som ešte pred tým, než som nabita Spybot, WinPatrol, a zvyšok sa tak.) Keď som išiel cez C disku súbory, som si nájsť viac zvyšky Norton a vymazávajú nich jsem šel. Nikdy sa mi to spustiť znova, ale já to teraz.

LOL Tieto tri súbory v ComboFix boli tri som bol najviac zvedavý. Nemala by proxy hostiteľa, a ani já si myslím, že by sa profily mali byť uzamknuté, aby všetci. Ale nebola skúmaná ComboFix zatiaľ to je dôvod, prečo som nepoužil to sám, ako taký, bol som bezradný, čo urobiť s tými, tri, alebo dokonca aj keby boli v skutočnosti "zlé".

Omlouvám se za prerušenie odvrátiť odinštalácia log, čo je hlúpe sa podíval jsem se na to dvakrát, pretože nemá žiadne nastavenia, a vynechal moje chyba oboch časov.

EDIT: I STILL a zabudli, že post:

Microsoft Office Suite 2007 Service Pack 2 (SP2)
Acer Arcade Live Hlavná strana
Technológia Acer Empowering
Acer ePerformance management
Acer eSettings management
Acer GameZone Console DTV 2.0.1.1
Acer Registrácia
Acrobat.com
Adobe AIR
Adobe Flash Player 10 ActiveX
Adobe Flash Player 10 Plugin
Adobe Reader 9.1.1
Adobe Shockwave Player 11.5
Agatha Christie Smrť na Níle
Alice Greenfingers
Apple Mobile Device Podpora
Apple Software Update
ArcSoft Tlač Creations
ArcSoft Tlač Creations - Album Page
ArcSoft Tlač Creations - Funhouse
ArcSoft Tlač Creations - blahopřání
ArcSoft Tlač Creations - Foto Book
ArcSoft Tlač Creations - Foto kalendár
ArcSoft Tlač Creations - Zápisník
ArcSoft Tlač Creations - úzky karta
avast! Antivirus
Azad
Backspin Biliard
Big Kahuna Reef
Bonjour
Knihomol Deluxe
Tehly z Egypta
Cake Mania
CCScore
Kuracie Invaders 3
Chuzzle
Diner Dash Flo on the Go
Guma
ESSBrwr
ESSCDBK
ESScore
ESSgui
ESSini
ESSPCD
ESSPDock
ESSTOOLS
essvatgt
Flip slov 2
HijackThis 2.0.2
Hotfix pre Microsoft. NET Framework 3.5 SP1 (KB953595)
Hotfix pre Microsoft. NET Framework 3.5 SP1 (KB958484)
iTunes
Java (TM) 6 Update 13
Jewel Quest Solitaire
kgcbaby
kgchday
kgchlwn
kgcinvt
kgckids
kgcmove
kgcvday
Kick N Rush
Kodak EasyShare software
KODAK galérií Upload Software
Lexmark 4300 Series
Mahjong Escape starovekej Číny
Mahjongg Artefakty
Malwarebytes' Anti-Malware
Memorex exPressit Label Design Studio
Microsoft. NET Framework 3.5 SP1
Microsoft Office Excel MUI (Slovak) 2007
Microsoft Office Home a Student 2007
Microsoft Office OneNote MUI (Slovak) 2007
Microsoft Office PowerPoint MUI (Slovak) 2007
Microsoft Office Dôkaz (anglicky) 2007
Microsoft Office Dôkaz (francúzske) 2007
Microsoft Office Dôkaz (Španielsky) 2007
Microsoft Office Proofing (Slovak) 2007
Microsoft Office Shared MUI (Slovak) 2007
Microsoft Office Setup Metadata Spoločný MUI (Slovak) 2007
Microsoft Office Word MUI (Slovak) 2007
Microsoft Silverlight
Microsoft Visual C + + 2005 Redistribuovateľný
Microsoft Visual C + + 2008 Redistribuovateľný - x86 9.0.30729.17
Microsoft Works
Motorola SM56 reproduktora modemu
Mozilla Firefox (3.0.10)
MSXML 4.0 SP2 (KB936181)
MSXML 4.0 SP2 (KB941833)
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 Parser a SDK
Mystery Case Files - Huntsville
Mystery Solitaire - Secret Island
netbrdg
PATRENIA Zálohovanie Teraz 5
PATRENIA Zálohovanie teraz standard
PATRENIA Media Maker 8
PATRENIA Open File Manager (len odstrániť)
NVIDIA Ovládače
OfotoXMI
OLYMPUS Master 2
OLYMPUS muvee theaterPack
PCDADDIN
PCDHELP
QuickTime
Realtek High Definition Audio Driver
Aktualizácia zabezpečenia programu Microsoft Office PowerPoint 2007 (KB957789)
Sfr
Shasta
skin0001
SKINXSDK
Spybot - Search & Destroy
staticcr
SuperAntiSpyware Free Edition
bublinový Pomocníka
Turbo Pizza
Aktualizácia pre systém Microsoft Office 2007 (KB967642)
Aktualizácia pre Microsoft Office 2007 Pomoc na Spoločné rysy (KB963673)
Aktualizácia pre Microsoft Office Excel 2007 pomocníka (KB963678)
Aktualizácia pre Microsoft Office OneNote 2007 pomocníka (KB963670)
Aktualizácia pre Microsoft Office PowerPoint 2007 pomocníka (KB963669)
Aktualizácia pre Microsoft Office Script Editor Pomoc (KB963671)
Aktualizácia pre Microsoft Office Word 2007 pomocníka (KB963665)
VPRINTOL
Windows Live OneCare bezpečnostné skener
WinPatrol 2009
WIRELESS
Zuma Deluxe

**sjb007** · #6 24. mája 2009, 05:58

Ahoj Bubba

Vďaka za aktualizovaný zoznam odinštalovať - môžete odoslať nové ComboFix log pre mňa, ako to vyžaduje.

Citácia:

Čo sme hľadali v ComboFix?

V podstate len niečo škodlivého, ComboFix je predovšetkým pre pokročilé analýzy nástrojom, ktorý nám dáva viac informácií ako hjt

Pokiaľ ide o LTCats:
Z toho, čo môžem povedať je to platné vstupe, ale je klasifikovaná ako 'užívateľské voľby' na to, či beží o zakladanie

Pokiaľ ide o Limewire:
Vidím pár poznámok, ktoré sú stále tam, ale môžeme im ge s ďalším spustení ComboFix

**Bubba** · #7 24. mája 2009, 07:03

Ouch, počítač uzamknutý a vypínať, ako to vyzeralo, ako ComboFix bol asi až do konca. To jsem restartoval a vybrané safemode. Nemyslím si, že vytvoril log, ale nevím jistě. Tu je Microsoft popup.

Windows opäť z nečekané vypnutí.

Problem signature:
Problem Event Name: modrá obrazovka
OS Version: 6.0.6001.2.1.0.768.3
Locale ID: 1033

Ďalšie informácie o probléme:

BCCode: 50
BCP1: E0858E9B
BCP2: 00000000
BCP3: 9B9D2D10
BCP4: 00000002
OS Version: 6_6_6001
Service Pack: 1_0
VÝROBOK: 768_1

Súbory, ktoré popisujú problém:

C \ Windows \ Minidump \ mini052409-01.dmp
C \ Users \ Shirley \ AppData \ temp \ Wer-85644-0.systemdata.xml
C \ Users \ Shirley \ AppData \ Local \ Temp \ WERC6C7.tmp.ver sion.txt

I opustili, že počítač, na ktoré obrazovke safemode. Čo mám robiť? Som na výstupe v safemode, kým som počuť niečo, já musím ísť film hneď, sa vráti v cca 3 hodiny. Muž je to hezké prácu na niekoho iného počítača, takže som to ešte moje pomôžu dostať sa na všetky.

EDIT: I Nenašli vyskúšali, ale som si istý môžem dostať tých súborov v safemode, ak potrebujete vedieť, čo hovoria, ale aj nevedia, ako otvoriť súbor XML.

**sjb007** · #8 24. mája 2009, 07:11

Ahoj Bubba

Skúste reštartu a zistiť, či je obuv úspešne znovu, ak nie skúste stlačením F8 pre prístup k boot obrazovky na start a vyberte možnosť Posledná známa funkčná konfigurácia.

**Bubba** · #9 24. mája 2009, 07:50

Je štartoval a bol ComboFix2 log tam je pomerne zhodné s prvou, ale existuje 10:04 časovú odkazuje na karanténu log. V quarentine log je prázdny. Tu je obrázok, nevím, jestli je kompletný, alebo to, čo chcete. Teraz musím rozdeliť.

ComboFix 09-05-23.04 - Shirley 05/24/2009 4:48.1 - NTFSx86
Microsoft ® Windows Vista ™ Home Premium 6.0.6001.1.1252.1.1033.18.2814.1916 [GMT -4:00]
Spustenie z: C: \ Users \ Shirley \ Desktop \ ComboFix.exe
SP: Spybot - Search a Destroy * postihnutých * (staršieho) (ED588FAF-1B8F-43B4-ACA8-8E3C85DADBE9)
SP: SuperAntiSpyware * * postihnutých (Aktualizované) (222A897C-5018-402e-943F-7E7AC8560DA7)
PS: Windows Defender * zapnuto * (Aktualizované) (D68DDC3A-831F-4FAE-9E44-DA132C1ACF46)
.

((((((((((((((((((((((((( Súbory vytvorené od 2009-04-24 do 2009-05-24 ))))))))))) ))))))))))))))))))))
.

2009-05-22 23:57. 2009-05-24 08:40 117760 ---- aw C: \ Users \ Shirley \ AppData \ Roaming \ SuperAntiSpyware. com \ SuperAntiSpyware \ SDDLLS \ UIREPAIR.DLL
2009-05-22 23:56. 2009-05-22 23:56 -------- d ----- wc: \ programdata \ SUPERAntiSpyware.com
2009-05-22 23:52. 2009-05-22 23:52 -------- d ----- wc: \ Program Files \ SuperAntiSpyware
2009-05-22 23:52. 2009-05-22 23:52 -------- d ----- wc: \ users \ Shirley \ AppData \ Roaming \ SuperAntiSpyware. com
2009-05-22 20:36. 2009-05-22 20:36 -------- d ----- wc: \ Program Files \ Common Files \ Wise Sprievodca inštaláciou
2009-05-22 15:06. 2009-02-05 20:06 51376 ---- aw C: \ windows \ system32 \ drivers \ aswTdi.sys
2009-05-22 15:06. 2009-02-05 20:06 23152 ---- aw C: \ windows \ system32 \ drivers \ aswRdr.sys
2009-05-22 15:06. 2009-02-05 20:07 114768 ---- aw C: \ windows \ system32 \ drivers \ aswSP.sys
2009-05-22 15:06. 2009-02-05 20:07 20560 ---- aw C: \ windows \ system32 \ drivers \ aswFsBlk.sys
2009-05-22 15:06. 2009-02-05 20:04 97480 ---- aw C: \ windows \ system32 \ AvastSS.scr
2009-05-22 15:06. 2009-02-05 20:11 1256296 ---- aw C: \ windows \ system32 \ aswBoot.exe
2009-05-22 15:06. 2009-02-05 20:06 51792 ---- aw C: \ windows \ system32 \ drivers \ aswMonFlt.sys
2009-05-22 15:06. 2009-05-22 15:06 -------- d ----- wc: \ Program Files \ Alwil Software
2009-05-22 04:38. 2009-05-22 04:38 738120 ---- aw C: \ programdata \ Microsoft \ eHome \ Packages \ MCESpotlig ht \ MCESpotlight \ SpotlightResources.dll
2009-05-20 12:43. 2008-06-20 01:14 97800 ---- aw C: \ windows \ system32 \ infocardapi.dll
2009-05-20 12:43. 2008-06-20 01:14 105016 ---- aw C: \ windows \ system32 \ PresentationCFFRasterizerNativ e_v0300.dll
2009-05-20 12:43. 2008-06-20 01:14 11264 ---- aw C: \ windows \ system32 \ icardres.dll
2009-05-20 12:43. 2008-06-20 01:14 622080 ---- aw C: \ windows \ system32 \ icardagt.exe
2009-05-20 12:43. 2008-06-20 01:14 43544 ---- aw C: \ windows \ system32 \ PresentationHostProxy.dll
2009-05-20 12:43. 2008-06-20 01:14 781344 ---- aw C: \ windows \ system32 \ PresentationNative_v0300.dll
2009-05-20 12:43. 2008-06-20 01:14 326160 ---- aw C: \ windows \ system32 \ PresentationHost.exe
2009-05-20 12:33. 2008-07-27 18:03 96760 ---- aw C: \ windows \ system32 \ dfshim.dll
2009-05-20 12:33. 2008-07-27 18:03 282112 ---- aw C: \ windows \ system32 \ mscoree.dll
2009-05-20 12:33. 2008-07-27 18:03 41984 ---- aw C: \ windows \ system32 \ netfxperf.dll
2009-05-20 12:32. 2008-07-27 18:03 158720 ---- aw C: \ windows \ system32 \ mscorier.dll
2009-05-20 12:32. 2008-07-27 18:03 83968 ---- aw C: \ windows \ system32 \ mscories.dll
2009-05-20 11:39. 2009-05-20 11:39 -------- d ----- wc: \ Program Files \ Microsoft Silverlight
2009-05-20 04:03. 2009-05-20 11:00 -------- d ----- wc: \ Program Files \ Windows Live Bezpečnostné centrum
2009-05-19 23:20. 2009-05-19 23:20 -------- d ----- wc: \ users \ Shirley \ AppData \ Local \ Acer DV kúzelník
2009-05-19 23:10. 2009-05-19 23:10 -------- d ----- wc: \ windows \ nedeľa
2009-05-19 20:40. 2009-05-19 20:40 -------- d ----- wc: \ users \ Shirley \ AppData \ Roaming \ com.adobe.mauby.4 875E02D9FB21EE389F73B8D1702B320485DF8CE.1
2009-05-19 20:40. 2009-05-19 11:41 38200 ---- aw C: \ Users \ Shirley \ AppData \ Roaming \ Macromedia \ Flash Player \http://www.macromedia.com \ bin \ airapp ... pinstaller.exe
2009-05-19 18:24. 2009-05-24 08:38 -------- d ----- wc: \ users \ Shirley \ AppData \ Local \ Eraser
2009-05-19 18:24. 2009-05-19 18:24 -------- d - h - wc: \ users \ Shirley \ AppData \ Local \ (A25FEDC1-F6D7-440C-BCE2-B71F595F6646)
2009-05-19 18:24. 2009-05-19 18:24 -------- d ----- wc: \ Program Files \ Eraser
2009-05-19 17:20. 2009-05-19 17:20 -------- d ----- wc: \ users \ Shirley \ AppData \ Roaming \ eSobi
2009-05-19 17:11. 2008-07-10 06:32 538 ---- aw C: \ windows \ system32 \ RegRaidSedona.bat
2009-05-19 17:07. 2009-05-19 17:07 -------- d ----- w C: \ NVIDIA
2009-05-19 14:04. 2009-05-19 14:05 -------- d ----- wc: \ Program Files \ Spybot - Search & Destroy
2009-05-19 14:04. 2009-05-19 14:05 -------- d ----- wc: \ programdata \ Spybot - Search & Destroy
2009-05-19 13:01. 2009-05-19 13:01 -------- d ----- wc: \ users \ Shirley \ AppData \ Roaming \ WinPatrol
2009-05-19 13:01. 2006-09-18 21:43 10 ---- aw C: \ Users \ Shirley \ AppData \ Roaming \ WinPatrol \ Config. sys
2009-05-19 13:01. 2006-09-18 21:43 24 ---- aw C: \ Users \ Shirley \ AppData \ Roaming \ WinPatrol \ Autoexe c.bat
2009-05-19 13:01. 2009-05-19 13:01 -------- d ----- wc: \ Program Files \ BillP Studios
2009-05-19 12:26. 2009-05-19 12:26 -------- d ----- wc: \ users \ Shirley \ AppData \ Roaming \ Malwarebytes
2009-05-19 12:26. 2009-04-06 19:32 15504 ---- aw C: \ windows \ system32 \ drivers \ mbam.sys
2009-05-19 12:26. 2009-04-06 19:32 38496 ---- aw C: \ windows \ system32 \ drivers \ mbamswissarmy.sys
2009-05-19 12:26. 2009-05-19 13:22 -------- d ----- wc: \ Program Files \ Malwarebytes' Anti-Malware
2009-05-19 12:26. 2009-05-19 12:26 -------- d ----- wc: \ programdata \ Malwarebytes
2009-05-19 11:53. 2009-05-19 11:53 0 ---- aw C: \ Windows \ nsreg.dat
2009-05-19 11:53. 2009-05-19 11:53 -------- d ----- wc: \ users \ Shirley \ AppData \ Local \ Mozilla
2009-05-19 11:41. 2009-05-19 11:41 -------- d ----- wc: \ Program Files \ Common Files \ Adobe AIR
2009-05-19 11:38. 2009-05-19 12:45 -------- d ----- wc: \ programdata \ NOS
2009-05-19 11:29. 2009-05-19 11:29 -------- d ----- wc: \ users \ Shirley \ AppData \ Local \ Sedem Zip
2009-05-19 10:41. 2009-03-19 20:32 23400 ---- aw C: \ windows \ system32 \ drivers \ GEARAspiWDM.sys
2009-05-19 10:41. 2008-04-17 16:12 107368 ---- aw C: \ windows \ system32 \ GEARAspi.dll
2009-05-19 10:41. 2009-05-20 01:10 -------- d ----- wc: \ Program Files \ iPod
2009-05-19 10:41. 2009-05-19 10:41 -------- d ----- wc: \ programdata \ (8CD7F5AF-ECFA-4793-BF40-D8F42DBFF906)
2009-05-19 10:41. 2009-05-19 10:41 -------- d ----- wc: \ Program Files \ iTunes
2009-05-19 10:38. 2009-05-19 10:38 -------- d ----- wc: \ Program Files \ QuickTime
2009-05-19 10:34. 2009-05-19 10:34 75048 ---- aw C: \ programdata \ Apple Computer \ Installer Cache \ iTunes 8.1.1.10 \ SetupAdmin.exe
2009-05-19 10:34. 2009-05-19 10:34 -------- d ----- wc: \ Program Files \ Bonjour
2009-05-19 10:33. 2009-05-19 10:33 416128 ---- aw C: \ programdata \ Microsoft \ eHome \ Packages \ NetTV \ Brow sa \ NetTVResources.dll
2009-05-19 10:29. 2009-05-19 10:29 410984 ---- aw C: \ windows \ system32 \ deploytk.dll
2009-05-12 02:36. 2009-05-12 02:36 2930 --- h - wc: \ windows \ ms49f4d98.dat
2009-05-11 23:55. 2009-04-14 00:39 4656976 ---- aw C: \ programdata \ Microsoft \ Windows Defender \ Definition Updates \ (DD7D9A19-5FB4-4855-A8E0-F0A00524AD5E) \ mpengine.dll

.
(((((((((((((((((((((((((((((((((((((((( Find3M Správa )))))))) ))))))))))))))))))))))))))))))))))))))))))))
.
2009-05-24 08:39. 2009-02-17 13:54 602 ---- aw C: \ programdata \ ArcSoft \ kodak-printcreations-22-080812-oem \ acforall.dll
2009-05-24 04:22. 2008-09-12 01:46 -------- d ----- wc: \ Program Files \ Google
2009-05-20 11:55. 2008-09-11 17:01 104472 ---- aw C: \ Users \ Shirley \ AppData \ Local \ GDIPFONTCACHEV1.DAT
2009-05-20 11:51. 2008-02-05 19:30 -------- d ----- wc: \ programdata \ Microsoft Help
2009-05-20 11:49. 2008-02-05 19:31 -------- d ----- wc: \ Program Files \ Microsoft Works
2009-05-20 03:54. 2008-09-12 14:01 -------- d ----- wc: \ Program Files \ Lx_cats
2009-05-20 00:42. 2008-02-05 20:19 -------- d ----- wc: \ Program Files \ Common Files \ Adobe
2009-05-19 23:28. 2008-02-05 19:26 -------- d - h - wc: \ Program Files \ InstallShield Informácie o inštalácii
2009-05-19 23:27. 2008-02-05 19:49 -------- d ----- wc: \ Program Files \ Acer Arcade Live
2009-05-19 23:20. 2008-09-15 23:24 -------- d ----- wc: \ users \ Shirley \ AppData \ Roaming \ Cyberlink
2009-05-19 21:38. 2008-09-12 20:56 -------- d ----- wc: \ Program Files \ Common Files \ SureThing Zdieľaná
2009-05-19 21:04. 2008-09-12 14:09 1664 ---- aw C: \ Users \ Shirley \ AppData \ Roaming \ wklnhst.dat
2009-05-19 17:29. 2009-03-04 15:55 -------- d ----- wc: \ users \ Shirley \ AppData \ Roaming \ Sony
2009-05-19 17:20. 2008-02-05 19:22 -------- d ----- wc: \ programdata \ NVIDIA
2009-05-19 16:54. 2008-02-05 18:03 36864 ---- aw C: \ windows \ system32 \ nvcod100.dll
2009-05-19 16:54. 2007-10-25 11:02 147456 ---- aw C: \ windows \ system32 \ nvcolor.exe
2009-05-19 16:13. 2008-09-12 01:47 -------- d ----- wc: \ users \ Shirley \ AppData \ Roaming \ LimeWire
2009-05-19 11:32. 2008-02-05 20:08 -------- d ----- wc: \ Program Files \ Yahoo!
2009-05-19 11:05. 2008-09-12 01:45 -------- d ----- wc: \ Program Files \ Java
2009-05-19 10:41. 2008-09-13 03:14 -------- d ----- wc: \ Program Files \ Common Files \ Apple
2009-05-19 10:38. 2008-09-13 03:15 -------- d ----- wc: \ programdata \ Apple Computer
2009-05-11 12:10. 2009-05-11 12:10 78260 ---- aw C: \ programdata \ SPL23D4.tmp
2009-04-17 10:12. 2006-11-02 11:18 -------- d ----- wc: \ Program Files \ Windows Mail
2009-04-02 22:13. 2009-04-02 22:13 702127 ---- aw C: \ programdata \ SPLFB91.tmp
2009-03-19 20:32. 2009-03-19 20:32 23400 ---- aw C: \ programdata \ (8CD7F5AF-ECFA-4793-BF40-D8F42DBFF906) \ x86 \ x86 \ GEARAspiWDM.sys
2009-03-17 03:38. 2009-04-17 05:22 13824 ---- aw C: \ windows \ system32 \ apilogen.dll
2009-03-17 03:38. 2009-04-17 05:22 24064 ---- aw C: \ windows \ system32 \ amxread.dll
2009-03-08 11:34. 2009-05-20 03:47 914944 ---- aw C: \ windows \ system32 \ Wininet.dll
2009-03-08 11:34. 2009-05-20 03:47 43008 ---- aw C: \ windows \ system32 \ licmgr10.dll
2009-03-08 11:33. 2009-05-20 03:47 18944 ---- aw C: \ windows \ system32 \ corpol.dll
2009-03-08 11:33. 2009-05-20 03:47 109056 ---- aw C: \ windows \ system32 \ iesysprep.dll
2009-03-08 11:33. 2009-05-20 03:47 109568 ---- aw C: \ windows \ system32 \ PDMSetup.exe
2009-03-08 11:33. 2009-05-20 03:47 107520 ---- aw C: \ windows \ system32 \ RegisterIEPKEYs.exe
2009-03-08 11:33. 2009-05-20 03:47 103936 ---- aw C: \ windows \ system32 \ SetDepNx.exe
2009-03-08 11:33. 2009-05-20 03:47 132608 ---- aw C: \ windows \ system32 \ ieUnatt.exe
2009-03-08 11:33. 2009-05-20 03:47 107008 ---- aw C: \ windows \ system32 \ SetIEInstalledDate.exe
2009-03-08 11:33. 2009-05-20 03:47 420352 ---- aw C: \ windows \ system32 \ Vbscript.dll
2009-03-08 11:32. 2009-05-20 03:47 72704 ---- aw C: \ windows \ system32 \ admparse.dll
2009-03-08 11:32. 2009-05-20 03:47 71680 ---- aw C: \ windows \ system32 \ iesetup.dll
2009-03-08 11:32. 2009-05-20 03:47 66560 ---- aw C: \ windows \ system32 \ wextract.exe
2009-03-08 11:32. 2009-05-20 03:47 169472 ---- aw C: \ windows \ system32 \ iexpress.exe
2009-03-08 11:31. 2009-05-20 03:47 34816 ---- aw C: \ windows \ system32 \ imgutil.dll
2009-03-08 11:31. 2009-05-20 03:47 48128 ---- aw C: \ windows \ system32 \ mshtmler.dll
2009-03-08 11:31. 2009-05-20 03:47 45568 ---- aw C: \ windows \ system32 \ mshta.exe
2009-03-08 11:22. 2009-05-20 03:47 156160 ---- aw C: \ windows \ system32 \ msls31.dll
2009-03-03 04:46. 2009-04-17 05:22 3599328 ---- aw C: \ windows \ system32 \ ntkrnlpa.exe
2009-03-03 04:46. 2009-04-17 05:22 3547632 ---- aw C: \ windows \ system32 \ ntoskrnl.exe
2009-03-03 04:39. 2009-04-17 05:22 183296 ---- aw C: \ windows \ system32 \ sdohlp.dll
2009-03-03 04:39. 2009-04-17 05:22 551424 ---- aw C: \ windows \ system32 \ Rpcss.dll
2009-03-03 04:39. 2009-04-17 05:22 26112 ---- aw C: \ windows \ system32 \ printfilterpipelineprxy.dll
2009-03-03 04:37. 2009-04-17 05:22 98304 ---- aw C: \ windows \ system32 \ iasrecst.dll
2009-03-03 04:37. 2009-04-17 05:22 54784 ---- aw C: \ windows \ system32 \ iasads.dll
2009-03-03 04:37. 2009-04-17 05:22 44032 ---- aw C: \ windows \ system32 \ iasdatastore.dll
2009-03-03 03:04. 2009-04-17 05:22 666624 ---- aw C: \ windows \ system32 \ printfilterpipelinesvc.exe
2009-03-03 02:38. 2009-04-17 05:22 17408 ---- aw C: \ windows \ system32 \ iashost.exe
.

((((((((((((((((((((((((((((((((((((( Reg Načítavam Body )))))))))) ))))))))))))))))))))))))))))))))))))))))
.
.
* Poznámka * prázdné záznamy & dôveryhodne východiskové údaje nie sú zobrazené
REGEDIT4

[HKEY_CURRENT_USER \ SOFTWARE \ Microsoft \ Windows \ Curr ntVersion \ Run]
"ehTray.exe" = "c: \ windows \ ehome \ ehTray.exe" [2008-01-21 125952]
"OM2_Monitor" = "C: \ Program Files \ OLYMPUS \ OLYMPUS Master 2 \ MMonitor.exe" [2008-11-07 95536]
"WMPNSCFG" = "C: \ Program Files \ Windows Media Player \ WMPNSCFG.exe" [2008-01-21 202240]
"Eraser" = "C: \ Program Files \ Eraser \ Eraser.exe" [2007-12-22 916240]
"SuperAntiSpyware" = "C: \ Program Files \ SuperAntiSpyware \ SUPERAntiSpyware.exe" [2009-05-14 1830128]

[HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ Windows \ Curr entVersion \ Run]
"BkupTray" = "C: \ Program Files \ Newt Infosystems \ PATRENIA Zálohovanie Teraz 5 \ BkupTray.exe" [2007-12-30 34552]
"Acer Empowering Technology Monitor" = "c: \ acer \ Empowering Technology \ SysMonitor.exe" [2008-01-10 326176]
"SMSERIAL" = "C: \ Program Files \ Motorola \ SMSERIAL \ sm56hlpr.exe" [2007-02-02 630784]
"Acer Registrácia produktu" = "C: \ Program Files \ Acer Registrácia \ ACE1.exe" [2007-10-15 3387392]
"NVRaidService" = "c: \ windows \ system32 \ nvraidservice. Exe" [2008-11-12 203296]
"LXCECATS" = "c: \ windows \ system32 \ spool \ DRIVERS \ W32X 86 \ 3 \ LXCEtime.dll" [2007-02-22 73728]
"lxcemon.exe" = "C: \ Program Files \ Lexmark 4300 Series \ lxcemon.exe" [2007-05-17 205744]
"EzPrint" = "C: \ Program Files \ Lexmark 4300 Series \ ezprint.exe" [2007-05-17 103344]
"ArcSoft pripojenie Service" = "C: \ Program Files \ Common Files \ ArcSoft \ Connection Service \ Bin \ ACDaemon.exe" [2009-04-29 188728]
"QuickTime Úloha" = "C: \ Program Files \ QuickTime \ QTTask.exe" [2009-01-05 413696]
"iTunesHelper" = "C: \ Program Files \ iTunes \ iTunesHelper.exe" [2009-04-02 342312]
"SunJavaUpdateSched" = "C: \ Program Files \ Java \ jre6 \ bin \ jusched.exe" [2009-05-19 148888]
"Adobe Reader Speed Launcher" = "C: \ Program Files \ Adobe \ Reader 9.0 \ Reader \ reader_sl.exe" [2009-02-27 35696]
"WinPatrol" = "C: \ Program Files \ BillP Studios \ WinPatrol \ winpatrol.exe" [2009-04-20 337216]
"NvCplDaemon" = "c: \ windows \ system32 \ NvCpl.dll" [2009-01-16 13683232]
"NvMediaCenter" = "c: \ windows \ system32 \ NvMcTray. Dll" [2009-01-16 92704]
"avast!" = "c: \ PROGRA ~ 1 \ ALWILS ~ 1 \ Avast4 \ ashDisp. exe" [2009-02-05 81000]
"RtHDVCpl" = "RtHDVCpl.exe" - C: \ Windows \ RtHDVCpl.exe [2007-10-11 4702208]

c: \ programdata \ Microsoft \ Windows \ Start Menu \ Programs \ Startup \
Technológia Empowering Launcher.lnk - c: \ acer \ Empowering Technology \ eAPLauncher.exe [2008-2-5 535336]
Kodak EasyShare software.lnk - C: \ Program Files \ Kodak \ Kodak EasyShare software \ bin \ EasyShare.exe [2008-10-30 282624]

[HKEY_LOCAL_MACHINE \ Software \ Microsoft \ Windows \ Curr entversion \ policies \ system]
"EnableUIADesktopToggle" = 0 (0x0)
"EnableLUA" = 0 (0x0)

[HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ Windows \ Curr entversion \ Explorer \ ShellExecuteHooks]
"(5AE067D3-9AFB-48E0-853A-EBB7F4A000DA)" = "C: \ Program Files \ SuperAntiSpyware \ SASSEH.DLL" [2008-05-13 77824]

[HKEY_LOCAL_MACHINE \ Software \ Microsoft \ Windows NT \ CurrentVersion \ Winlogon \ oznámiť \! SASWinLogon]
2008-12-22 16:05 356352 ---- aw C: \ Program Files \ SuperAntiSpyware \ SASWINLO.dll

HKEY_LOCAL_MACHINE \ Software \ Microsoft \ Windows NT \ CurrentVersion \ drivers32
"wave2" = serwvdrv.dll

[HKEY_LOCAL_MACHINE \ SYSTEM \ CurrentControlSet \ contro l \ safeboot \ Minimálna \ WinDefend]
@ = "Service"

[HKEY_LOCAL_MACHINE \ Software \ Microsoft \ security center \ Kontrola]
"DisableMonitoring" = dword: 00000001

[HKEY_LOCAL_MACHINE \ Software \ Microsoft \ security center \ Monitorovanie \ SymantecAntiVirus]
"DisableMonitoring" = dword: 00000001

[HKEY_LOCAL_MACHINE \ Software \ Microsoft \ security center \ Monitorovanie \ SymantecFirewall]
"DisableMonitoring" = dword: 00000001

[HKLM \ ~ \ services \ sharedaccess \ Parameters \ firewallpo antonny \ FirewallRules]
"(2E9A4533-1359-46B6-B326-2B899D73FD10)" = UDP: C: \ Program Files \ Microsoft Office \ Office12 \ ONENOTE.EXE: Microsoft Office OneNote
"(ADE9CF49-7A0E-4076-9B85-7648EC5E7736)" = TCP: C: \ Program Files \ Microsoft Office \ Office12 \ ONENOTE.EXE: Microsoft Office OneNote
"(6299EEE5-1856-4B10-9916-798B1C1AEF89)" = UDP: C: \ Program Files \ Newt Infosystems \ PATRENIA Zálohovanie Teraz 5 \ BackupSvc.exe: BackupSvc.exe
"(F3CFA48D-AE6A-482E-96D7-2390C5C0FDF5)" = UDP: C: \ Program Files \ Newt Infosystems \ PATRENIA Zálohovanie Teraz 5 \ Client \ Agentsvc.exe: AgentSvc.exe
"(D430641B-178B-4C39-B53C-F6B3221DB01A)" = TCP: C: \ Program Files \ Newt Infosystems \ PATRENIA Zálohovanie Teraz 5 \ BackupSvc.exe: BackupSvc.exe
"(948000F3-8719-4206-B4C5-6506B663184F)" = TCP: C: \ Program Files \ Newt Infosystems \ PATRENIA Zálohovanie Teraz 5 \ Client \ Agentsvc.exe: AgentSvc.exe
"(8BCD640B-594A-465F-8A9E-E5A6C07DC081)" = UDP: C: \ Program Files \ Newt Infosystems \ PATRENIA Zálohovanie Teraz 5 \ SchedulerSvc.exe: SchedulerSvc.exe
"(7B6B3B53-9D2B-40C9-B91F-FE85E1D6A25A)" = TCP: C: \ Program Files \ Newt Infosystems \ PATRENIA Zálohovanie Teraz 5 \ SchedulerSvc.exe: SchedulerSvc.exe
"(CA5E49E2-2662-4B15-BE6C-0FC7F1CC3A1B)" = UDP: C: \ Windows \ System32 \ lxcecoms.exe: Lexmark Komunikačný systém
"(61DAEE1D-D19E-4F1A-B41E-603246AF524C)" = TCP: C: \ Windows \ System32 \ lxcecoms.exe: Lexmark Komunikačný systém
"(EB8798E6-358B-4DDA-A219-21BBC5D3C79A)" = UDP: C: \ windows \ system32 \ spool \ drivers \ w32x86 \ 3 \ lxc epswx.exe: Tlačiareň Status Window
"(C513D5EB-73E1-4ED7-A04C-C37C9E69B4B0)" = TCP: C: \ Windows \ System32 \ spool \ drivers \ w32x86 \ 3 \ lxc epswx.exe: Tlačiareň Status Window
"(99976595-B4E1-4C9A-A3DE-A67AEDEE9B55)" = C: \ Program Files \ Acer Arcade Live \ Acer Arcade Live Hlavná stránka \ Acer Arcade Live.exe: Acer Arcade Live
"(7A37205C-E643-4464-8C27-FAFCC859102D)" = UDP: C: \ Program Files \ Microsoft Office \ Office12 \ ONENOTE.EXE: Microsoft Office OneNote
"(1DF156D1-94E3-4B3D-A91E-724DFC89819E)" = TCP: C: \ Program Files \ Microsoft Office \ Office12 \ ONENOTE.EXE: Microsoft Office OneNote
"(B7DA4A0B-FA80-40F6-A9A6-B737F64A2D2D)" = UDP: C: \ Program Files \ Bonjour \ mDNSResponder.exe: Bonjour
"(D7D156E3-7B84-41F2-9FD8-CF9860453F65)" = TCP: C: \ Program Files \ Bonjour \ mDNSResponder.exe: Bonjour
"(F8CDA590-0FD3-4E40-8A6C-9850B1E5C2AB)" = UDP: C: \ Program Files \ iTunes \ iTunes.exe: iTunes
"(F6A110DE-6630-4823-B892-60950EB9ED71)" = TCP: C: \ Program Files \ iTunes \ iTunes.exe: iTunes
"(8640BFAB-48CC-1B85-95D5-9AABB44E4D95)" = UDP: C: \ Program Files \ BillP Studios \ WinPatrol \ WinPatrol.exe: WinPatrol
"(6CC4A3BE-8F00-4983-B199-3050D54509B8)" = TCP: C: \ Program Files \ BillP Studios \ WinPatrol \ WinPatrol.exe: WinPatrol
"(1EA08720-DA12-4CDE-8A5A-AF15D91C1E5F)" = UDP: C: \ Program Files \ Malwarebytes' Anti-Malware \ mbam.exe: Malwarebytes' Anti-Malware
"(DDDCF108-71DF-48CD-AD53-71D17C3F2C5C)" = TCP: C: \ Program Files \ Malwarebytes' Anti-Malware \ mbam.exe: Malwarebytes' Anti-Malware
"(F98C3B13-2099-40EC-B504-2445C9C5B1B0)" = UDP: C: \ Program Files \ Spybot - Search & Destroy \ SpybotSD.exe: Spybot - Search & Destroy
"(3DB81CCD-4E96-40B3-8CA9-0089C89C294B)" = TCP: C: \ Program Files \ Spybot - Search & Destroy \ SpybotSD.exe: Spybot - Search & Destroy
"(918FE1A4-6957-4640-97D9-C85BED212614)" = UDP: C: \ Program Files \ Spybot - Search & Destroy \ SDUpdate.exe: aktualizácia Spybot-S & D
"(877DB07F-9298-486A-BB5B-930AF3A683AA)" = TCP: C: \ Program Files \ Spybot - Search & Destroy \ SDUpdate.exe: aktualizácia Spybot-S & D
"(5A664831-D250-4805-BB75-32612C9742F8)" = UDP: C: \ Windows \ ehome \ ehshell.exe: Windows Media Center
"(2A157C0E-5966-4B7E-8D49-178D75EA6009)" = TCP: C: \ Windows \ ehome \ ehshell.exe: Windows Media Center

[HKLM \ ~ \ services \ sharedaccess \ Parameters \ firewallpo antonny \ StandardProfile]
"EnableFirewall" = 0 (0x0)

R1 aswSP; avast! Vlastnej ochrany, c: \ windows \ system32 \ drivers \ aswSP.sys [5.22.2009 11:06 114768]
R1 FAMv4; FAMv4, c: \ windows \ system32 \ drivers \ FAMv4.sys [12/14/2007 3:35 PM 132120]
R1 SASDIFSV; SASDIFSV, C: \ Program Files \ SuperAntiSpyware \ sasdifsv.sys [5/14/2009 2:22 AM 9968]
R1 SASKUTIL; SASKUTIL, C: \ Program Files \ SuperAntiSpyware \ SASKUTIL.SYS [5/14/2009 2:22 AM 72944]
R2 aswFsBlk; aswFsBlk; c: \ windows \ system32 \ drivers \ aswF sBlk.sys [5.22.2009 11:06 20560]
R2 aswMonFlt; aswMonFlt, c: \ windows \ system32 \ drivers \ ako wMonFlt.sys [5.22.2009 11:06 51792]
R2 BUNAgentSvc; PATRENIA Zálohovanie Teraz 5 Agent Service; C: \ Program Files \ Newt Infosystems \ PATRENIA Zálohovanie Teraz 5 \ Client \ Agentsvc.exe [12/30/2007 5:54 PM 21752]
R2 NTIBackupSvc; PATRENIA Zálohovanie Teraz 5 záloh Service, C: \ Program Files \ Newt Infosystems \ PATRENIA Zálohovanie Teraz 5 \ BackupSvc.exe [12/30/2007 5:55 PM 54520]
R2 NTISchedulerSvc; PATRENIA Zálohovanie Teraz 5 Plánovač Service, C: \ Program Files \ Newt Infosystems \ PATRENIA Zálohovanie Teraz 5 \ SchedulerSvc.exe [12/30/2007 5:54 PM 136440]
R2 SBSDWSCService; SBSD Centrum zabezpečenia Service, C: \ Program Files \ Spybot - Search & Destroy \ SDWinSec.exe [5.19.2009 10:04 1153368]
R3 SASENUM; SASENUM, C: \ Program Files \ SuperAntiSpyware \ SASENUM.SYS [5/14/2009 2:22 AM 7408]

[HKEY_LOCAL_MACHINE \ Software \ Microsoft \ Active Setup \ Installed Components \> (60B49E34-C7CC-11D0-8953-00A0C90347FF)]
"c: \ windows \ system32 \ rundll32.exe" "c: \ windows \ system32 \ iedkcs32.dll", BrandIEActiveSe baran Signup
.
- - - - SIROTY ZNEŠKODNENIU - - - --

Safeboot-procexp90.Sys

.
------- Doplnkový Scan -------
.
uStart Page = hxxp: / / www.yahoo.com/
mStart Page = hxxp: / / en.us.acer.yahoo.com
uInternet Nastavenia, ProxyOverride = <local>; *. miestnej
uInternet Nastavenia, ProxyServer = http = localhost: 7171
IE: E & xportovať do programu Microsoft Excel - C: \ PROGRA ~ 1 \ micros ~ 2 \ Office12 \ EXCEL.EXE/3000
Zóna Dôveryhodné: microsoft.com \ aktualizácia
Zóna Dôveryhodné: microsoft.com \ WindowsUpdate
FF - ProfilePath - c: \ users \ Shirley \ AppData \ Roaming \ Mozilla \ Firefox \ P rofiles \ j0dqrqc6.default \
FF - prefs.js: browser.startup.homepage - hxxp: / / en.us.acer.yahoo.com /
.

************************************************** ************************

catchme 0.3.1398 W2K/XP/Vista - rootkit / stealth malware detektor by Gmer, http://www.gmer.net
Rootkit scan 2009-05-24 04:54
Windows 6.0.6001 Service Pack 1 NTFS

skenování skrytých procesov ...

skenování skrytých položiek autostart ...

HKLM \ Software \ Microsoft \ Windows \ CurrentVersion \ Run
LXCECATS = rundll32 C: \ windows \ system32 \ spool \ DRIVERS \ w32x86 \ 3 \ LXCEtim e.dll, _RunDLLEntry @ 16 ???????????????????????? ????? ?????????????????????????????????????????????????? ?????????????????????????????????????????????????? ??????????????????????????????????????????????????

skenování skrytých súborov ...

scan úspešne dokončená
skryté súbory: 0

************************************************** ************************
.
--------------------- Strážené kľúčov registra ---------------------

[HKEY_LOCAL_MACHINE \ SYSTEM \ ControlSet001 \ Control \ Cl zadok \ (4D36E96D-E325-11CE-BFC1-08002BE10318) \0000 \ AllUserSettings]
@ Zakázané: (A) (Užívatelia)
@ Zakázané: (A) (všetci)
Povolené @: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial" = dword: 00000000
.
Dokončenie čas: 2009-05-24 4:55
ComboFix-karantény-files.txt 2009-05-24 08:55

Pre-Spustiť: +173756547072 bytov zdarma
Post-Spustiť: +173859581952 bytov zdarma

269 --- EOF --- 2009-05-17 10:04

EDIT: Nope, rýchle porovnanie prvé, myslím, že je to rovnaké.