|
|
#1
23 maj 2009, 09:33
| |||
| |||
| Jag är på ett vänner dator, Vista och Windows kommer inte att uppdatera. Hittills har jag hittat och tagit bort Internet Anti-Virus, Win32Adload.r och video.exe. De hade också att kupong spionprogram och deras son hållas lastning LimeWire. Jag bort båda (LOL Limewire installerar sig i 400 platser, jag var tvungen att gå igenom alla mappar och filer för att bli av med det). Men fortfarande windows inte uppdateringen. Jag får en kod 80072efd som säger att det är en brandvägg hindrar fönstret från uppdatering. Jag kan inte hitta någon brandvägg än Windows och jag har tittat i varje mapp. Här är tre stockar, jag kan inte hitta något, har jag missat något? OBS: Jag kan inte lägga upp någon av de tre stockar. Jag får ogiltig fil från webbplatsen. Vad är upp med det? Har jag för många inlagda här? Låt mig försöka en kopia klistra: SUPERAntiSpyware Scan Log http://www.superantispyware.com Generated 05/23/2009 vid 04:42 Application Version: 4.26.1002 Core Rules Database Version: 3908 Trace Rules Database Version: 1852 Scan type: Complete Scan Total Scan Time: 03:45:40 Memory ex skannade: 831 Memory hot upptäcks: 0 Registreringsenheten ex skannade: 6407 Registreringsenheten hot upptäcks: 0 Arkiv ex skannade: 326608 Arkiv hot upptäcktes: 78 Adware.Tracking Cookie C: \ Users \ Shirley \ AppData \ Roaming \ Microsoft \ Windows \ Cookies \ Shirley @ 2o7 [2]. Txt C: \ Users \ Shirley \ AppData \ Roaming \ Microsoft \ Windows \ Cookies \ Shirley @ interclick [1]. Txt C: \ Users \ Shirley \ AppData \ Roaming \ Microsoft \ Windows \ Cookies \ shirley@msnportal.112.2o7 [1]. Txt C: \ Users \ Shirley \ AppData \ Roaming \ Microsoft \ Windows \ Cookies \ Shirley @ tribalfusion [1]. Txt C: \ Users \ Shirley \ AppData \ Roaming \ Microsoft \ Windows \ Cookies \ Shirley @ RealMedia [2]. Txt C: \ Users \ Shirley \ AppData \ Roaming \ Microsoft \ Windows \ Cookies \ shirley@ad.yieldmanager [2]. Txt C: \ Users \ Shirley \ AppData \ Roaming \ Microsoft \ Windows \ Cookies \ shirley@adopt.specificclick [1]. Txt C: \ Users \ Shirley \ AppData \ Roaming \ Microsoft \ Windows \ Cookies \ shirley@microsoftinternetexplorer.112.2o7 [1]. Txt C: \ Users \ Shirley \ AppData \ Roaming \ Microsoft \ Windows \ Cookies \ Shirley @ specificclick [1]. Txt C: \ Users \ Shirley \ AppData \ Roaming \ Microsoft \ Windows \ Cookies \ shirley@msnservices.112.2o7 [1]. Txt C: \ Users \ Shirley \ AppData \ Roaming \ Microsoft \ Windows \ Cookies \ Shirley @ media6degrees [1]. Txt C: \ Users \ Shirley \ AppData \ Roaming \ Microsoft \ Windows \ Cookies \ Shirley @ revsci [1]. Txt C: \ Users \ Shirley \ AppData \ Roaming \ Microsoft \ Windows \ Cookies \ shirley@microsoftwindows.112.2o7 [1]. Txt C: \ Documents and Settings \ Shirley \ AppData \ Roaming \ Microsoft \ Windows \ Cookies \ Shirley @ 2o7 [2]. Txt C: \ Documents and Settings \ Shirley \ AppData \ Roaming \ Microsoft \ Windows \ Cookies \ shirley@ad.yieldmanager [2]. Txt C: \ Documents and Settings \ Shirley \ AppData \ Roaming \ Microsoft \ Windows \ Cookies \ shirley@adopt.specificclick [1]. Txt C: \ Documents and Settings \ Shirley \ AppData \ Roaming \ Microsoft \ Windows \ Cookies \ Shirley @ interclick [1]. Txt C: \ Documents and Settings \ Shirley \ AppData \ Roaming \ Microsoft \ Windows \ Cookies \ Shirley @ media6degrees [1]. Txt C: \ Documents and Settings \ Shirley \ AppData \ Roaming \ Microsoft \ Windows \ Cookies \ shirley@microsoftinternetexplorer.112.2o7 [1]. Txt C: \ Documents and Settings \ Shirley \ AppData \ Roaming \ Microsoft \ Windows \ Cookies \ shirley@microsoftwindows.112.2o7 [1]. Txt C: \ Documents and Settings \ Shirley \ AppData \ Roaming \ Microsoft \ Windows \ Cookies \ shirley@msnportal.112.2o7 [1]. Txt C: \ Documents and Settings \ Shirley \ AppData \ Roaming \ Microsoft \ Windows \ Cookies \ shirley@msnservices.112.2o7 [1]. Txt C: \ Documents and Settings \ Shirley \ AppData \ Roaming \ Microsoft \ Windows \ Cookies \ Shirley @ RealMedia [2]. Txt C: \ Documents and Settings \ Shirley \ AppData \ Roaming \ Microsoft \ Windows \ Cookies \ Shirley @ revsci [1]. Txt C: \ Documents and Settings \ Shirley \ AppData \ Roaming \ Microsoft \ Windows \ Cookies \ Shirley @ specificclick [1]. Txt C: \ Documents and Settings \ Shirley \ AppData \ Roaming \ Microsoft \ Windows \ Cookies \ Shirley @ tribalfusion [1]. Txt C: \ Documents and Settings \ Shirley \ Application Data \ Microsoft \ Windows \ Cookies \ Shirley @ 2o7 [2]. Txt C: \ Documents and Settings \ Shirley \ Application Data \ Microsoft \ Windows \ Cookies \ shirley@ad.yieldman Ager [2]. Txt C: \ Documents and Settings \ Shirley \ Application Data \ Microsoft \ Windows \ Cookies \ shirley@adopt.speci ficclick [1]. Txt C: \ Documents and Settings \ Shirley \ Application Data \ Microsoft \ Windows \ Cookies \ Shirley @ interclick [1]. Txt C: \ Documents and Settings \ Shirley \ Application Data \ Microsoft \ Windows \ Cookies \ Shirley @ media6degre es [1]. Txt C: \ Documents and Settings \ Shirley \ Application Data \ Microsoft \ Windows \ Cookies \ Shirley @ microsoftin ternetexplorer.112.2o7 [1]. Txt C: \ Documents and Settings \ Shirley \ Application Data \ Microsoft \ Windows \ Cookies \ Shirley @ microsoftwi ndows.112.2o7 [1]. Txt C: \ Documents and Settings \ Shirley \ Application Data \ Microsoft \ Windows \ Cookies \ shirley@msnportal.1 12.2o7 [1]. Txt C: \ Documents and Settings \ Shirley \ Application Data \ Microsoft \ Windows \ Cookies \ Shirley @ msnservices .112.2 O7 [1]. Txt C: \ Documents and Settings \ Shirley \ Application Data \ Microsoft \ Windows \ Cookies \ Shirley @ RealMedia [2]. Txt C: \ Documents and Settings \ Shirley \ Application Data \ Microsoft \ Windows \ Cookies \ Shirley @ revsci [1]. Txt C: \ Documents and Settings \ Shirley \ Application Data \ Microsoft \ Windows \ Cookies \ Shirley @ specificcli ck [1]. Txt C: \ Documents and Settings \ Shirley \ Application Data \ Microsoft \ Windows \ Cookies \ Shirley @ tribalfusio n [1]. Txt C: \ Documents and Settings \ Shirley \ Cookies \ Shirley @ 2o7 [2]. Txt C: \ Documents and Settings \ Shirley \ Cookies \ shirley@ad.yieldmanager [2]. Txt C: \ Documents and Settings \ Shirley \ Cookies \ shirley@adopt.specificcli ck [1]. Txt C: \ Documents and Settings \ Shirley \ Cookies \ Shirley @ interclick [1]. Txt C: \ Documents and Settings \ Shirley \ Cookies \ Shirley @ media6degrees [1]. Txt C: \ Documents and Settings \ Shirley \ Cookies \ Shirley @ microsoftinternet explorer.112.2o7 [1]. Txt C: \ Documents and Settings \ Shirley \ Cookies \ Shirley @ Microsoft Windows. 112.2o7 [1]. Txt C: \ Documents and Settings \ Shirley \ Cookies \ shirley@msnportal.112.2o7 [1]. Txt C: \ Documents and Settings \ Shirley \ Cookies \ shirley@msnservices.112.2 O7 [1]. Txt C: \ Documents and Settings \ Shirley \ Cookies \ Shirley @ RealMedia [2]. Txt C: \ Documents and Settings \ Shirley \ Cookies \ Shirley @ revsci [1]. Txt C: \ Documents and Settings \ Shirley \ Cookies \ Shirley @ specificclick [1]. Txt C: \ Documents and Settings \ Shirley \ Cookies \ Shirley @ tribalfusion [1]. Txt C: \ Users \ Shirley \ Application Data \ Microsoft \ Windows \ Cookies \ Shirley @ 2o7 [2]. Txt C: \ Users \ Shirley \ Application Data \ Microsoft \ Windows \ Cookies \ shirley@ad.yieldman Ager [2]. Txt C: \ Users \ Shirley \ Application Data \ Microsoft \ Windows \ Cookies \ shirley@adopt.speci ficclick [1]. Txt C: \ Users \ Shirley \ Application Data \ Microsoft \ Windows \ Cookies \ Shirley @ interclick [1]. Txt C: \ Users \ Shirley \ Application Data \ Microsoft \ Windows \ Cookies \ Shirley @ media6degre es [1]. Txt C: \ Users \ Shirley \ Application Data \ Microsoft \ Windows \ Cookies \ Shirley @ microsoftin ternetexplorer.112.2o7 [1]. Txt C: \ Users \ Shirley \ Application Data \ Microsoft \ Windows \ Cookies \ Shirley @ microsoftwi ndows.112.2o7 [1]. Txt C: \ Users \ Shirley \ Application Data \ Microsoft \ Windows \ Cookies \ shirley@msnportal.1 12.2o7 [1]. Txt C: \ Users \ Shirley \ Application Data \ Microsoft \ Windows \ Cookies \ Shirley @ msnservices .112.2 O7 [1]. Txt C: \ Users \ Shirley \ Application Data \ Microsoft \ Windows \ Cookies \ Shirley @ RealMedia [2]. Txt C: \ Users \ Shirley \ Application Data \ Microsoft \ Windows \ Cookies \ Shirley @ revsci [1]. Txt C: \ Users \ Shirley \ Application Data \ Microsoft \ Windows \ Cookies \ Shirley @ specificcli ck [1]. Txt C: \ Users \ Shirley \ Application Data \ Microsoft \ Windows \ Cookies \ Shirley @ tribalfusio n [1]. Txt C: \ Users \ Shirley \ Cookies \ Shirley @ 2o7 [2]. Txt C: \ Users \ Shirley \ Cookies \ shirley@ad.yieldmanager [2]. Txt C: \ Users \ Shirley \ Cookies \ shirley@adopt.specificcli ck [1]. Txt C: \ Users \ Shirley \ Cookies \ Shirley @ interclick [1]. Txt C: \ Users \ Shirley \ Cookies \ Shirley @ media6degrees [1]. Txt C: \ Users \ Shirley \ Cookies \ Shirley @ microsoftinternet explorer.112.2o7 [1]. Txt C: \ Users \ Shirley \ Cookies \ Shirley @ Microsoft Windows. 112.2o7 [1]. Txt C: \ Users \ Shirley \ Cookies \ shirley@msnportal.112.2o7 [1]. Txt C: \ Users \ Shirley \ Cookies \ shirley@msnservices.112.2 O7 [1]. Txt C: \ Users \ Shirley \ Cookies \ Shirley @ RealMedia [2]. Txt C: \ Users \ Shirley \ Cookies \ Shirley @ revsci [1]. Txt C: \ Users \ Shirley \ Cookies \ Shirley @ specificclick [1]. Txt C: \ Users \ Shirley \ Cookies \ Shirley @ tribalfusion [1]. Txt Malwarebytes' Anti-Malware 1.36 Database version: 2150 Windows 6.0.6001 Service Pack 1 5/19/2009 8:40:58 AM mbam-log-2009-05-19 (08-40-58). txt Scan type: Quick Scan Objekt skannade: 71524 Tid som förflutit: 3 minute (s), 23 sekund (er) Memory Processes Infekterade: 0 Minnesmoduler Infekterade: 0 Registernycklar Infekterade: 13 Registervärdena Infekterade: 0 Registry Data Items Infekterade: 3 Mappar Infekterade: 3 Filer Infekterade: 11 Memory Processes Infekterade: (Inga illasinnade poster upptäcks) Minnesmoduler Infekterade: (Inga illasinnade poster upptäcks) Registernycklar Infekterade: HKEY_CLASSES_ROOT \ fe345.fe345mgr (Trojan.FakeAlert) -> karantän och raderades. HKEY_CLASSES_ROOT \ CLSID \ (65768b48-b004-4b26-9bac-a3bac39643d1) (Trojan.FakeAlert) -> karantän och raderades. HKEY_CURRENT_USER \ SOFTWARE \ Microsoft \ Windows \ Curre ntVersion \ Ext \ Stats \ (65768b48-b004-4b26-9bac-a3bac39643d1) (Trojan.FakeAlert) -> karantän och raderades. HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ Windows \ Curr entVersion \ Explorer \ Browser Helper Objects \ (65768b48-b004-4b26-9bac-a3bac39643d1) (Trojan.FakeAlert) -> karantän och raderades. HKEY_CLASSES_ROOT \ fe345.fe345mgr.1 (Trojan.FakeAlert) -> karantän och raderades. HKEY_CLASSES_ROOT \ y537.y537mgr (Trojan.BHO) -> karantän och raderades. HKEY_CLASSES_ROOT \ TypeLib \ (e63648f7-3933-440e-b4f6-a8584dd7b7eb) (Trojan.BHO) -> karantän och raderades. HKEY_CLASSES_ROOT \ Interface \ (f7d09218-46d7-4d3d-9b7f-315204cd0836) (Trojan.BHO) -> karantän och raderades. HKEY_CLASSES_ROOT \ CLSID \ (e7f15ac4-e0a9-43f0-921b-70dfea621220) (Trojan.BHO) -> karantän och raderades. HKEY_CURRENT_USER \ SOFTWARE \ Microsoft \ Windows \ Curre ntVersion \ Ext \ Stats \ (e7f15ac4-e0a9-43f0-921b-70dfea621220) (Trojan.BHO) -> karantän och raderades. HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ Windows \ Curr entVersion \ Explorer \ Browser Helper Objects \ (e7f15ac4-e0a9-43f0-921b-70dfea621220) (Trojan.BHO) -> karantän och raderades. HKEY_CLASSES_ROOT \ y537.y537mgr.1 (Trojan.BHO) -> karantän och raderades. HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ Windows \ Curr entVersion \ Uninstall \ Internet antivirus pro_is1 (Rogue.InternetAntivirus) -> karantän och raderades. Registervärdena Infekterade: (Inga illasinnade poster upptäcks) Registry Data Items Infekterade: HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ Security Center \ AntiVirusDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> karantän och raderades. HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ Security Center \ FirewallDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> karantän och raderades. HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ Security Center \ UpdatesDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> karantän och raderades. Mappar Infekterade: C: \ Windows \ System32 \ 199638 (Trojan.FakeAlert) -> karantän och raderades. C: \ Program Files \ websrvx (Trojan.Downloader) -> karantän och raderades. C: \ Windows \ System32 \ 796525 (Trojan.BHO) -> karantän och raderades. Filer Infekterade: C: \ Windows \ System32 \ 199638 \ 199638.dll (Trojan.FakeAlert) -> karantän och raderades. C: \ Windows \ System32 \ 796525 \ 796525.dll (Trojan.BHO) -> karantän och raderades. C: \ Users \ Shirley \ AppData \ Local \ Temp \ jopaxx_1241669 819.exe (Worm.KoobFace) -> karantän och raderades. C: \ Program Files \ Common Files \ InternetAntivirusPro.exe (Rogue.InternetAntivirus) -> karantän och raderades. C: \ Windows \ msmark2.dat (Worm.KoobFace) -> karantän och raderades. C: \ Windows \ t55ft2668f44.dat (Worm.KoobFace) -> karantän och raderades. C: \ Windows \ t55ft2695f44.dat (Worm.KoobFace) -> karantän och raderades. C: \ Windows \ t55ft3105f44.dat (Worm.KoobFace) -> karantän och raderades. C: \ Windows \ 9g2234wesdf3dfgjf23 (Worm.KoobFace) -> karantän och raderades. C: \ Windows \ f5087.dat (Worm.KoobFace) -> karantän och raderades. C: \ Windows \ f23567.dat (Worm.KoobFace) -> karantän och raderades. (ovan var det första loggen nedan är den nuvarande) Malwarebytes' Anti-Malware 1.36 Database version: 2150 Windows 6.0.6001 Service Pack 1 5/23/2009 9:03:23 AM mbam-log-2009-05-23 (09-03-23). txt Scan type: Quick Scan Objekt skannade: 70234 Tid som förflutit: 2 minute (s), 28 sekund (er) Memory Processes Infekterade: 0 Minnesmoduler Infekterade: 0 Registernycklar Infekterade: 0 Registervärdena Infekterade: 0 Registry Data Items Infekterade: 0 Mappar Infekterade: 0 Filer Infekterade: 0 Memory Processes Infekterade: (Inga illasinnade poster upptäcks) Minnesmoduler Infekterade: (Inga illasinnade poster upptäcks) Registernycklar Infekterade: (Inga illasinnade poster upptäcks) Registervärdena Infekterade: (Inga illasinnade poster upptäcks) Registry Data Items Infekterade: (Inga illasinnade poster upptäcks) Mappar Infekterade: (Inga illasinnade poster upptäcks) Filer Infekterade: (Inga illasinnade poster upptäcks) Loggfil av Trend Micro HijackThis v2.0.2 Scan sparas på 9:09:09 AM den 5/23/2009 Plattform: Windows Vista SP1 (WinNT 6.00.1905) MSIE: Internet Explorer v8.00 (8.00.6001.18702) Boot mode: Normal Kör processer: C: \ Windows \ system32 \ Dwm.exe C: \ Windows \ system32 \ taskeng.exe C: \ Windows \ Explorer.EXE C: \ Program Files \ Windows Media Player \ wmpnscfg.exe C: \ Program Files \ Windows Defender \ MSASCui.exe C: \ Windows \ RtHDVCpl.exe C: \ Program Files \ NewTech Infosystems \ NTI Backup Nu 5 \ BkupTray.exe C: \ Acer \ Empowering Technology \ SysMonitor.exe C: \ Program Files \ Motorola \ SMSERIAL \ sm56hlpr.exe C: \ Windows \ System32 \ nvraidservice.exe C: \ Program Files \ Lexmark 4300 Series \ lxcemon.exe C: \ Program Files \ Lexmark 4300 Series \ ezprint.exe C: \ Program Files \ Common Files \ ArcSoft \ Connection Service \ bin \ ACDaemon.exe C: \ Program Files \ iTunes \ iTunesHelper.exe C: \ Program \ Java \ jre6 \ bin \ jusched.exe C: \ Program Files \ BillP Studios \ WinPatrol \ WinPatrol.exe C: \ Windows \ System32 \ rundll32.exe C: \ Program Files \ Alwil Software \ Avast4 \ ashDisp.exe C: \ Program \ Google \ GoogleToolbarNotifier \ GoogleToolbarNo tifier.exe C: \ Windows \ ehome \ ehtray.exe C: \ Program Files \ OLYMPUS \ OLYMPUS Master 2 \ MMonitor.exe C: \ Program Files \ Spybot - Search & Destroy \ TeaTimer.exe C: \ Program \ Eraser \ Eraser.exe C: \ Program Files \ SUPERAntiSpyware \ SUPERAntiSpyware.exe C: \ Program \ Kodak \ Kodak EasyShare software \ bin \ EasyShare.exe C: \ Windows \ system32 \ wbem \ unsecapp.exe C: \ Acer \ Empowering Technology \ ACER.EMPOWERING.FRAMEWORK.SUPERVISOR.EX E C: \ Acer \ Empowering Technology \ eRecovery \ ERAGENT.EXE C: \ Windows \ ehome \ ehmsas.exe C: \ Users \ Shirley \ Desktop \ HiJackThis.exe R0 - HKCU \ Software \ Microsoft \ Internet Explorer \ Main, Start Page = http://www.yahoo.com/ R1 - HKLM \ Software \ Microsoft \ Internet Explorer \ Main, Default_Page_URL = http://en.us.acer.yahoo.com R1 - HKLM \ Software \ Microsoft \ Internet Explorer \ Main, Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM \ Software \ Microsoft \ Internet Explorer \ Main, Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM \ Software \ Microsoft \ Internet Explorer \ Main, Start Page = http://en.us.acer.yahoo.com R0 - HKLM \ Software \ Microsoft \ Internet Explorer \ Search, SearchAssistant = R0 - HKLM \ Software \ Microsoft \ Internet Explorer \ Search, CustomizeSearch = R1 - HKCU \ Software \ Microsoft \ Windows \ CurrentVersion \ Int ernet Settings, Proxyserver = http = localhost: 7171 R0 - HKCU \ Software \ Microsoft \ Internet Explorer \ Toolbar, LinksFolderName = O1 - Hosts::: 1 localhost O2 - BHO: (inget namn) - (02478D38-C3F9-4efb-9B51-7695ECA05670) - (no file) O2 - BHO: AcroIEHelperStub - (18DF081C-E8AD-4283-A596-FA578C2EBDC3) - C: \ Program Files \ Common Files \ Adobe \ Acrobat \ ActiveX \ AcroIEHelperShim.dll O2 - BHO: Spybot-S & D IE Protection - (53707962-6F74-2D53-2644-206D7942484F) - C: \ progra ~ 1 \ Spybot ~ 1 \ SDHelper.dll O2 - BHO: (inget namn) - (602ADB0E-4AFF-4217-8AA1-95DAC4DFA408) - (no file) O2 - BHO: SSVHelper Class - (761497BB-D6F0-462C-B6EB-D4DAF1D92D43) - C: \ Program \ Java \ jre6 \ bin \ ssv.dll O2 - BHO: (inget namn) - (83A2F9B1-01A2-4AA5-87D1-45B6B8505E96) - (no file) O2 - BHO: Google Toolbar Helper - (AA58ED58-01DD-4d91-8333-CF10577473F7) - C: \ Program \ Google \ Google Toolbar \ GoogleToolbar.dll O2 - BHO: Google Toolbar Notifier BHO - (AF69DE43-7D58-4638-B6FA-CE66B5AD205D) - C: \ Program \ Google \ GoogleToolbarNotifier \ 5.1.1309.3572 \ s wg.dll O2 - BHO: Google Dictionary Komprimering sdch - (C84D72FE-E17D-4195-BB24-76C02E2E7C4E) - C: \ Program \ Google \ Google Toolbar \ Component \ fastsearch_A8904FB862BD9564.dll O2 - BHO: Java (tm) Plug-In 2 SSV Helper - (DBC80044-A445-435b-BC74-9C25C1C588A9) - C: \ Program \ Java \ jre6 \ bin \ jp2ssv.dll O3 - Toolbar: Google Toolbar - (2318C2B1-4965-11D4-9B18-009027A5CD4F) - C: \ Program \ Google \ Google Toolbar \ GoogleToolbar.dll O4 - HKLM \ .. \ Run: [Windows Defender]% program% \ Windows Defender \ MSASCui.exe-hide O4 - HKLM \ .. \ Run: [RtHDVCpl] RtHDVCpl.exe O4 - HKLM \ .. \ Run: [BkupTray] "C: \ Program Files \ NewTech Infosystems \ NTI Backup Nu 5 \ BkupTray.exe" O4 - HKLM \ .. \ Run: [Acer Empowering Technology Monitor] C: \ Acer \ Empowering Technology \ SysMonitor.exe O4 - HKLM \ .. \ Run: [SMSERIAL] C: \ Program Files \ Motorola \ SMSERIAL \ sm56hlpr.exe O4 - HKLM \ .. \ Run: [Acer Produkt Registrering] "C: \ Program Files \ Acer Registration \ ACE1.exe" / start O4 - HKLM \ .. \ Run: [NVRaidService] C: \ Windows \ system32 \ nvraidservice.exe O4 - HKLM \ .. \ Run: [LXCECATS] rundll32 C: \ Windows \ system32 \ spool \ DRIVERS \ W32X86 \ 3 \ LXCEtim e.dll, _RunDLLEntry @ 16 O4 - HKLM \ .. \ Run: [lxcemon.exe] "C: \ Program Files \ Lexmark 4300 Series \ lxcemon.exe" O4 - HKLM \ .. \ Run: [EzPrint] "C: \ Program Files \ Lexmark 4300 Series \ ezprint.exe" O4 - HKLM \ .. \ Run: [ArcSoft Connection Service] C: \ Program Files \ Common Files \ ArcSoft \ Connection Service \ bin \ ACDaemon.exe O4 - HKLM \ .. \ Run: [QuickTime Task] "C: \ Program \ QuickTime \ QTTask.exe"-atboottime O4 - HKLM \ .. \ Run: [iTunesHelper] "C: \ Program Files \ iTunes \ iTunesHelper.exe" O4 - HKLM \ .. \ Run: [SunJavaUpdateSched] "C: \ Program \ Java \ jre6 \ bin \ jusched.exe" O4 - HKLM \ .. \ Run: [Adobe Reader Speed Launcher] "C: \ Program Files \ Adobe \ Reader 9.0 \ Reader \ Reader_sl.exe" O4 - HKLM \ .. \ Run: [WinPatrol] C: \ Program Files \ BillP Studios \ WinPatrol \ winpatrol.exe-expressboot O4 - HKLM \ .. \ Run: [NvCplDaemon] rundll32.exe C: \ Windows \ system32 \ NvCpl.dll, NvStartup O4 - HKLM \ .. \ Run: [NvMediaCenter] rundll32.exe C: \ Windows \ system32 \ NvMcTray.dll, NvTaskbarInit O4 - HKLM \ .. \ Run: [avast!] C: \ progra ~ 1 \ ALWILS ~ 1 \ Avast4 \ ashDisp.exe O4 - HKCU \ .. \ Run: [SWG] C: \ Program \ Google \ GoogleToolbarNotifier \ GoogleToolbarNo tifier.exe O4 - HKCU \ .. \ Run: [ehTray.exe] C: \ Windows \ ehome \ ehTray.exe O4 - HKCU \ .. \ Run: [OM2_Monitor] "C: \ Program Files \ OLYMPUS \ OLYMPUS Master 2 \ MMonitor.exe" O4 - HKCU \ .. \ Run: [WMPNSCFG] C: \ Program Files \ Windows Media Player \ WMPNSCFG.exe O4 - HKCU \ .. \ Run: [SpybotSD TeaTimer] C: \ Program Files \ Spybot - Search & Destroy \ TeaTimer.exe O4 - HKCU \ .. \ Run: [Eraser] C: \ Program \ Eraser \ Eraser.exe-gömma O4 - HKCU \ .. \ Run: [SUPERAntiSpyware] C: \ Program Files \ SUPERAntiSpyware \ SUPERAntiSpyware.exe O4 - HKUS \ S-1-5-19 \ .. \ Run: [Sidebar]% program% \ Windows Sidebar \ Sidebar.exe / detectMem (User 'LOCAL SERVICE') O4 - HKUS \ S-1-5-19 \ .. \ Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll, ShowWelcomeCenter (User 'LOCAL SERVICE') O4 - HKUS \ S-1-5-20 \ .. \ Run: [Sidebar]% program% \ Windows Sidebar \ Sidebar.exe / detectMem (User 'NETWORK SERVICE') O4 - Global Startup: Empowering Technology Launcher.lnk =? O4 - Global Startup: Kodak EasyShare software.lnk = C: \ Program \ Kodak \ Kodak EasyShare software \ bin \ EasyShare.exe O8 - Extra sammanhang menyobjektet: E & xportera till Microsoft Excel - res: / / C: \ progra ~ 1 \ mikro ~ 2 \ Office12 \ EXCEL.EXE/3000 Ø9 - Extra button: Skicka till OneNote - (2670000A-7350-4f3c-8081-5663EE0C6C49) - C: \ progra ~ 1 \ mikro ~ 2 \ Office12 \ ONBttnIE.dll Ø9 - Extra 'Tools' MENUITEM: S & stopp för OneNote - (2670000A-7350-4f3c-8081-5663EE0C6C49) - C: \ progra ~ 1 \ mikro ~ 2 \ Office12 \ ONBttnIE.dll Ø9 - Extra button: Research - (92780B25-18CC-41C8-B9BE-3C9C571A8263) - C: \ progra ~ 1 \ mikro ~ 2 \ Office12 \ REFIEBAR.DLL Ø9 - Extra button: (inget namn) - (DFB852A3-47F8-48C4-A200-58CAB36FD2A2) - C: \ progra ~ 1 \ Spybot ~ 1 \ SDHelper.dll Ø9 - Extra 'Tools' MENUITEM: Spybot - Search & Destroy Configuration - (DFB852A3-47F8-48C4-A200-58CAB36FD2A2) - C: \ progra ~ 1 \ Spybot ~ 1 \ SDHelper.dll O13 - Gopher Prefix: O16 - DPF: (3860DD98-0549-4D50-AA72-5D17D200EE10) -- O18 - Filter: x-sdch - (B1759355-3EEC-4C1E-B0F1-B719FE26E377) - C: \ Program \ Google \ Google Toolbar \ Component \ fastsearch_A8904FB862BD9564.dll O20 - Winlogon Notify:! SASWinLogon - C: \ Program Files \ SUPERAntiSpyware \ SASWINLO.dll O23 - Service: ArcSoft Anslut Daemon (ACDaemon) - ArcSoft Inc. - C: \ Program Files \ Common Files \ ArcSoft \ Connection Service \ bin \ ACService.exe O23 - Service: ePerformance Service (AcerMemUsageCheckService) - Unknown ägaren - C: \ Acer \ Empowering Technology \ ePerformance \ MemCheck.exe O23 - Service: Apple Mobile Device - Apple Inc. - C: \ Program Files \ Common Files \ Apple \ Mobile Device Support \ bin \ AppleMobileDeviceService.exe O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C: \ Program Files \ Alwil Software \ Avast4 \ aswUpdSv.exe O23 - Service: avast! Antivirus - ALWIL Software - C: \ Program Files \ Alwil Software \ Avast4 \ ashServ.exe O23 - Service: avast! Mail Scanner - ALWIL Software - C: \ Program Files \ Alwil Software \ Avast4 \ ashMaiSv.exe O23 - Service: avast! Web Scanner - ALWIL Software - C: \ Program Files \ Alwil Software \ Avast4 \ ashWebSv.exe O23 - Service: Bonjour Service - Apple Inc. - C: \ Program Files \ Bonjour \ mDNSResponder.exe O23 - Service: NTI Backup Now 5 Agent Service (BUNAgentSvc) - NewTech Infosystems, Inc. - C: \ Program Files \ NewTech Infosystems \ NTI Backup Now 5 \ Client \ Agentsvc.exe O23 - Service: eRecovery Service (eRecoveryService) - Acer Inc. - C: \ Acer \ Empowering Technology \ eRecovery \ eRecoveryService.exe O23 - Service: eSettings Service (eSettingsService) - Unknown ägaren - C: \ Acer \ Empowering Technology \ eSettings \ Service \ capuserv.exe O23 - Service: Google Software Updater (gusvc) - Google - C: \ Program Files \ Google \ Common \ Google Updater \ GoogleUpdaterService.exe O23 - Service: iPod Service - Apple Inc. - C: \ Program Files \ iPod \ bin \ iPodService.exe O23 - Service: lxce_device - - C: \ Windows \ system32 \ lxcecoms.exe O23 - Service: NTI Backup Now 5 Backup Service (NTIBackupSvc) - NewTech InfoSystems, Inc. - C: \ Program Files \ NewTech Infosystems \ NTI Backup Now 5 \ BackupSvc.exe O23 - Service: NTI Backup Now 5 Scheduler Service (NTISchedulerSvc) - Unknown ägaren - C: \ Program Files \ NewTech Infosystems \ NTI Backup Now 5 \ SchedulerSvc.exe O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C: \ Windows \ system32 \ nvvsvc.exe O23 - Service: SBSD Security Center Service (SBSDWSCService) - Safer Networking Ltd - C: \ Program Files \ Spybot - Search & Destroy \ SDWinSec.exe -- End of file - 9919 bytes |
|
#2
23 maj 2009, 23:45
| ||||||||||||
| ||||||||||||
| Hej Bubba .... Vi måste inaktivera TeaTimer eftersom det kan störa de korrigeringar som vi måste göra. 1) Kör Spybot-S & D 2) Gå till Mode-menyn och se till att "Advanced Mode" är markerat 3) till vänster, välj Verktyg -> Resident 4) Avmarkera "Resident TeaTimer" och OK alla uppmanas 5) Starta om datorn. Hämta ResetTeaTimer.bat genom att högerklicka på länken och välja Spara som. * Spara den på skrivbordet. * Dubbelklicka ResetTeaTimer.zip * Dubbelklicka ResetTeaTimer.bat och klicka på Kör för att ta bort alla poster som fastställts av TeaTimer. Efter samtliga korrigeringar är kompletta är det mycket viktigt att du aktiverar TeaTimer igen kommer jag att meddela dig när det är riskfritt att göra det. En handbok för Tea Timer finns här -> http://russelltexas.com/malware/teatimer.htm ==========================================\u0 Ladda ner och scanna med ComboFix.exe. Gå till denna sida för nedladdning länkar och anvisningar för att köra verktyget: http://www.bleepingcomputer.com/comb...o-use-combofix Se till att du har stängt av alla anti-virus och anti malware program inklusive winpatrol så att de inte stör driften av ComboFix. Inkludera C: \ ComboFix.txt i ditt nästa svar för ytterligare granskning. ==========================================\u0 Gå till Start-menyn > Välj Springa och kopiera / klistra in följande i rutan Kör och klicka på OK: C: \ Qoobox \ Add-Ta Programs.txt En textfil öppnas. Vänligen skicka innehållet i filen i ditt nästa svar.
__________________
__________________
Stolt medlem i ASAP & UNITE Mitt System: Steves Rigg
|
|
#3
24 maj 2009, 02:33
| |||
| |||
| Ett par saker innan jag lägger upp loggarna: 1. I Tea timer tutorial du länkade, det sägs också inaktivera bosatt SDHelper så jag gjorde. 2. ComboFix inte visa säkerhetskopiera regisdtry skärmen om det inte är en snabb skärm, och jag missade det samtidigt som du tittar på min dator (kom ihåg att detta är ett vänner). Det har inte koppla ner från internet och inte heller har jag märker det att ändra tiden. Båda ikonerna var synliga medan combo fastställa var igång. Är detta ett problem? Även efter att ha kört Combofix, bakgrundsbild var förvrängd, så jag omstart. När computerstarted säkerhetskopierar, bakgrundsbild var borta, Firefox inte längre var den standardwebbläsare och ett meddelande popped upp att IE hemsida hade ändrats till MSN (tror jag). Är detta normalt? Även Winpatrol noteras att en ny tjänst har lagts till: appmgmts.dll. 3. Innan du reagerat på detta, jag gjorde sig av Googles verktygsfält. Flera av de HJT poster tittade konstigt. I 018 till exempel, var det som kallas X-sdCH istället för x-SDHC .......... Förutom lol, jag hatar verktyg barer och de kan alltid lägga tillbaka den om de vill det. Oavsett, som ändrade HJT log. Jag vill också göra sig av med det 02-2 är det inte hade något ärende är associerade med dem. 4. Vad är det vi letar efter i Combofix? LOL jag började ladda ner och köra det innan jag postat denna tråd, men beslöt jag bara vet vet tillräckligt ännu inte bråka med den. Och utan vidare: ComboFix 09-05-23.04 - Shirley 05/24/2009 4:48.1 - NTFSx86 Microsoft ® Windows Vista ™ Home Premium 6.0.6001.1.1252.1.1033.18.2814.1916 [GMT -4:00] Running from: C: \ Users \ Shirley \ Desktop \ ComboFix.exe SP: Spybot - Search and Destroy * funktionshindrade * (Gamla) (ED588FAF-1B8F-43B4-ACA8-8E3C85DADBE9) SP: SUPERAntiSpyware * funktionshindrade * (Uppdaterad) (222A897C-5018-402e-943F-7E7AC8560DA7) SP: Windows Defender * aktiverat * (Uppdaterad) (D68DDC3A-831F-4FAE-9E44-DA132C1ACF46) . ((((((((((((((((((((((((( Files Created från 2009-04-24 till 2009-05-24 ))))))))))) )))))))))))))))))))) . 2009-05-22 23:57. 2009-05-24 08:40 117760 ---- aw C: \ Users \ Shirley \ AppData \ Roaming \ SUPERAntiSpyware. com \ SUPERAntiSpyware \ SDDLLS \ UIREPAIR.DLL 2009-05-22 23:56. 2009-05-22 23:56 -------- d ----- wc: \ Programdata \ SUPERAntiSpyware.com 2009-05-22 23:52. 2009-05-22 23:52 -------- d ----- WC: \ Program \ SUPERAntiSpyware 2009-05-22 23:52. 2009-05-22 23:52 -------- d ----- wc: \ Users \ Shirley \ AppData \ Roaming \ SUPERAntiSpyware. com 2009-05-22 20:36. 2009-05-22 20:36 -------- d ----- WC: \ Program Files \ Common Files \ Wise Installation Wizard 2009-05-22 15:06. 2009-02-05 20:06 51376 ---- aw C: \ Windows \ system32 \ drivers \ aswTdi.sys 2009-05-22 15:06. 2009-02-05 20:06 23152 ---- aw C: \ Windows \ system32 \ drivers \ aswRdr.sys 2009-05-22 15:06. 2009-02-05 20:07 114768 ---- aw C: \ Windows \ system32 \ drivers \ aswSP.sys 2009-05-22 15:06. 2009-02-05 20:07 20560 ---- aw C: \ Windows \ system32 \ drivers \ aswFsBlk.sys 2009-05-22 15:06. 2009-02-05 20:04 97480 ---- aw C: \ Windows \ system32 \ AvastSS.scr 2009-05-22 15:06. 2009-02-05 20:11 1256296 ---- aw C: \ Windows \ system32 \ aswBoot.exe 2009-05-22 15:06. 2009-02-05 20:06 51792 ---- aw C: \ Windows \ system32 \ drivers \ aswMonFlt.sys 2009-05-22 15:06. 2009-05-22 15:06 -------- d ----- WC: \ Program \ Alwil Software 2009-05-22 04:38. 2009-05-22 04:38 738120 ---- aw C: \ Programdata \ Microsoft \ eHome \ Packages \ MCESpotlig HT \ MCESpotlight \ SpotlightResources.dll 2009-05-20 12:43. 2008-06-20 01:14 97800 ---- aw C: \ Windows \ system32 \ infocardapi.dll 2009-05-20 12:43. 2008-06-20 01:14 105016 ---- aw C: \ Windows \ system32 \ PresentationCFFRasterizerNativ e_v0300.dll 2009-05-20 12:43. 2008-06-20 01:14 11264 ---- aw C: \ Windows \ system32 \ icardres.dll 2009-05-20 12:43. 2008-06-20 01:14 622080 ---- aw C: \ Windows \ system32 \ icardagt.exe 2009-05-20 12:43. 2008-06-20 01:14 43544 ---- aw C: \ Windows \ system32 \ PresentationHostProxy.dll 2009-05-20 12:43. 2008-06-20 01:14 781344 ---- aw C: \ Windows \ system32 \ PresentationNative_v0300.dll 2009-05-20 12:43. 2008-06-20 01:14 326160 ---- aw C: \ Windows \ system32 \ PresentationHost.exe 2009-05-20 12:33. 2008-07-27 18:03 96760 ---- aw C: \ Windows \ system32 \ dfshim.dll 2009-05-20 12:33. 2008-07-27 18:03 282112 ---- aw C: \ Windows \ system32 \ mscoree.dll 2009-05-20 12:33. 2008-07-27 18:03 41984 ---- aw C: \ Windows \ system32 \ netfxperf.dll 2009-05-20 12:32. 2008-07-27 18:03 158720 ---- aw C: \ Windows \ system32 \ mscorier.dll 2009-05-20 12:32. 2008-07-27 18:03 83968 ---- aw C: \ Windows \ system32 \ mscories.dll 2009-05-20 11:39. 2009-05-20 11:39 -------- d ----- WC: \ Program \ Microsoft Silverlight 2009-05-20 04:03. 2009-05-20 11:00 -------- d ----- WC: \ Program \ Windows Live Safety Center 2009-05-19 23:20. 2009-05-19 23:20 -------- d ----- wc: \ Users \ Shirley \ AppData \ Local \ Acer DV Magician 2009-05-19 23:10. 2009-05-19 23:10 -------- d ----- wc: \ windows \ söndag 2009-05-19 20:40. 2009-05-19 20:40 -------- d ----- wc: \ Users \ Shirley \ AppData \ Roaming \ com.adobe.mauby.4 875E02D9FB21EE389F73B8D1702B320485DF8CE.1 2009-05-19 20:40. 2009-05-19 11:41 38200 ---- aw C: \ Users \ Shirley \ AppData \ Roaming \ Macromedia \ Flash Player \www.macromedia.com \ bin \ airappinstaller \ airappinsta ller.exe 2009-05-19 18:24. 2009-05-24 08:38 -------- d ----- wc: \ Users \ Shirley \ AppData \ Local \ Eraser 2009-05-19 18:24. 2009-05-19 18:24 -------- d - h - wc: \ Users \ Shirley \ AppData \ Local \ (A25FEDC1-F6D7-440C-BCE2-B71F595F6646) 2009-05-19 18:24. 2009-05-19 18:24 -------- d ----- WC: \ Program \ Eraser 2009-05-19 17:20. 2009-05-19 17:20 -------- d ----- wc: \ Users \ Shirley \ AppData \ Roaming \ eSobi 2009-05-19 17:11. 2008-07-10 06:32 538 ---- aw C: \ Windows \ system32 \ RegRaidSedona.bat 2009-05-19 17:07. 2009-05-19 17:07 -------- d ----- w C: \ NVIDIA 2009-05-19 14:04. 2009-05-19 14:05 -------- d ----- WC: \ Program \ Spybot - Search & Destroy 2009-05-19 14:04. 2009-05-19 14:05 -------- d ----- wc: \ Programdata \ Spybot - Search & Destroy 2009-05-19 13:01. 2009-05-19 13:01 -------- d ----- wc: \ Users \ Shirley \ AppData \ Roaming \ WinPatrol 2009-05-19 13:01. 2006-09-18 21:43 10 ---- aw C: \ Users \ Shirley \ AppData \ Roaming \ WinPatrol \ Config. sys 2009-05-19 13:01. 2006-09-18 21:43 24 ---- aw C: \ Users \ Shirley \ AppData \ Roaming \ WinPatrol \ Autoexe c.bat 2009-05-19 13:01. 2009-05-19 13:01 -------- d ----- WC: \ Program \ BillP Studios 2009-05-19 12:26. 2009-05-19 12:26 -------- d ----- wc: \ Users \ Shirley \ AppData \ Roaming \ Malwarebytes 2009-05-19 12:26. 2009-04-06 19:32 15504 ---- aw C: \ Windows \ system32 \ drivers \ mbam.sys 2009-05-19 12:26. 2009-04-06 19:32 38496 ---- aw C: \ Windows \ system32 \ drivers \ mbamswissarmy.sys 2009-05-19 12:26. 2009-05-19 13:22 -------- d ----- WC: \ Program \ Malwarebytes' Anti-Malware 2009-05-19 12:26. 2009-05-19 12:26 -------- d ----- wc: \ Programdata \ Malwarebytes 2009-05-19 11:53. 2009-05-19 11:53 0 ---- aw C: \ Windows \ nsreg.dat 2009-05-19 11:53. 2009-05-19 11:53 -------- d ----- wc: \ Users \ Shirley \ AppData \ Local \ Mozilla 2009-05-19 11:41. 2009-05-19 11:41 -------- d ----- WC: \ Program Files \ Common Files \ Adobe AIR 2009-05-19 11:38. 2009-05-19 12:45 -------- d ----- wc: \ Programdata \ NOS 2009-05-19 11:29. 2009-05-19 11:29 -------- d ----- wc: \ Users \ Shirley \ AppData \ Local \ Sju Zip 2009-05-19 10:41. 2009-03-19 20:32 23400 ---- aw C: \ Windows \ system32 \ drivers \ GEARAspiWDM.sys 2009-05-19 10:41. 2008-04-17 16:12 107368 ---- aw C: \ Windows \ system32 \ GEARAspi.dll 2009-05-19 10:41. 2009-05-20 01:10 -------- d ----- WC: \ Program \ iPod 2009-05-19 10:41. 2009-05-19 10:41 -------- d ----- wc: \ Programdata \ (8CD7F5AF-ECFA-4793-BF40-D8F42DBFF906) 2009-05-19 10:41. 2009-05-19 10:41 -------- d ----- WC: \ Program \ iTunes 2009-05-19 10:38. 2009-05-19 10:38 -------- d ----- WC: \ Program \ QuickTime 2009-05-19 10:34. 2009-05-19 10:34 75048 ---- aw C: \ Programdata \ Apple Computer \ Installer Cache \ iTunes 8.1.1.10 \ SetupAdmin.exe 2009-05-19 10:34. 2009-05-19 10:34 -------- d ----- WC: \ Program \ Bonjour 2009-05-19 10:33. 2009-05-19 10:33 416128 ---- aw C: \ Programdata \ Microsoft \ eHome \ Packages \ NetTV \ panna se \ NetTVResources.dll 2009-05-19 10:29. 2009-05-19 10:29 410984 ---- aw C: \ Windows \ system32 \ deploytk.dll 2009-05-12 02:36. 2009-05-12 02:36 2930 --- h - wc: \ windows \ ms49f4d98.dat 2009-05-11 23:55. 2009-04-14 00:39 4656976 ---- aw C: \ Programdata \ Microsoft \ Windows Defender \ Definition Updates \ (DD7D9A19-5FB4-4855-A8E0-F0A00524AD5E) \ mpengine.dll . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))) )))))))))))))))))))))))))))))))))))))))))))) . 2009-05-24 08:39. 2009-02-17 13:54 602 ---- aw C: \ Programdata \ ArcSoft \ Kodak-printcreations-22-080812-oem \ acforall.dll 2009-05-24 04:22. 2008-09-12 01:46 -------- d ----- WC: \ Program \ Google 2009-05-20 11:55. 2008-09-11 17:01 104472 ---- aw C: \ Users \ Shirley \ AppData \ Local \ GDIPFONTCACHEV1.DAT 2009-05-20 11:51. 2008-02-05 19:30 -------- d ----- wc: \ Programdata \ Microsoft Hjälp 2009-05-20 11:49. 2008-02-05 19:31 -------- d ----- WC: \ Program \ Microsoft Works 2009-05-20 03:54. 2008-09-12 14:01 -------- d ----- WC: \ Program \ Lx_cats 2009-05-20 00:42. 2008-02-05 20:19 -------- d ----- WC: \ Program Files \ Common Files \ Adobe 2009-05-19 23:28. 2008-02-05 19:26 -------- d - h - WC: \ Program \ InstallShield Installation Information 2009-05-19 23:27. 2008-02-05 19:49 -------- d ----- WC: \ Program Files \ Acer Arcade Live 2009-05-19 23:20. 2008-09-15 23:24 -------- d ----- wc: \ Users \ Shirley \ AppData \ Roaming \ CyberLink 2009-05-19 21:38. 2008-09-12 20:56 -------- d ----- WC: \ Program Files \ Common Files \ SureThing Delad 2009-05-19 21:04. 2008-09-12 14:09 1664 ---- aw C: \ Users \ Shirley \ AppData \ Roaming \ wklnhst.dat 2009-05-19 17:29. 2009-03-04 15:55 -------- d ----- wc: \ Users \ Shirley \ AppData \ Roaming \ Sony 2009-05-19 17:20. 2008-02-05 19:22 -------- d ----- wc: \ Programdata \ NVIDIA 2009-05-19 16:54. 2008-02-05 18:03 36,864 ---- aw C: \ Windows \ system32 \ nvcod100.dll 2009-05-19 16:54. 2007-10-25 11:02 147,456 ---- aw C: \ Windows \ system32 \ nvcolor.exe 2009-05-19 16:13. 2008-09-12 01:47 -------- d ----- wc: \ Users \ Shirley \ AppData \ Roaming \ LimeWire 2009-05-19 11:32. 2008-02-05 20:08 -------- d ----- WC: \ Program \ Yahoo! 2009-05-19 11:05. 2008-09-12 01:45 -------- d ----- WC: \ Program \ Java 2009-05-19 10:41. 2008-09-13 03:14 -------- d ----- WC: \ Program Files \ Common Files \ Apple 2009-05-19 10:38. 2008-09-13 03:15 -------- d ----- wc: \ Programdata \ Apple Computer 2009-05-11 12:10. 2009-05-11 12:10 78260 ---- aw C: \ Programdata \ SPL23D4.tmp 2009-04-17 10:12. 2006-11-02 11:18 -------- d ----- WC: \ Program Files \ Windows Mail 2009-04-02 22:13. 2009-04-02 22:13 702127 ---- aw C: \ Programdata \ SPLFB91.tmp 2009-03-19 20:32. 2009-03-19 20:32 23400 ---- aw C: \ Programdata \ (8CD7F5AF-ECFA-4793-BF40-D8F42DBFF906) \ x86 \ x86 \ GEARAspiWDM.sys 2009-03-17 03:38. 2009-04-17 05:22 13824 ---- aw C: \ Windows \ system32 \ apilogen.dll 2009-03-17 03:38. 2009-04-17 05:22 24064 ---- aw C: \ Windows \ system32 \ amxread.dll 2009-03-08 11:34. 2009-05-20 03:47 914944 ---- aw C: \ Windows \ system32 \ wininet.dll 2009-03-08 11:34. 2009-05-20 03:47 43008 ---- aw C: \ Windows \ system32 \ licmgr10.dll 2009-03-08 11:33. 2009-05-20 03:47 18944 ---- aw C: \ Windows \ system32 \ corpol.dll 2009-03-08 11:33. 2009-05-20 03:47 109056 ---- aw C: \ Windows \ system32 \ iesysprep.dll 2009-03-08 11:33. 2009-05-20 03:47 109568 ---- aw C: \ Windows \ system32 \ PDMSetup.exe 2009-03-08 11:33. 2009-05-20 03:47 107520 ---- aw C: \ Windows \ system32 \ RegisterIEPKEYs.exe 2009-03-08 11:33. 2009-05-20 03:47 103936 ---- aw C: \ Windows \ system32 \ SetDepNx.exe 2009-03-08 11:33. 2009-05-20 03:47 132608 ---- aw C: \ Windows \ system32 \ ieUnatt.exe 2009-03-08 11:33. 2009-05-20 03:47 107008 ---- aw C: \ Windows \ system32 \ SetIEInstalledDate.exe 2009-03-08 11:33. 2009-05-20 03:47 420352 ---- aw C: \ Windows \ system32 \ Vbscript.dll 2009-03-08 11:32. 2009-05-20 03:47 72704 ---- aw C: \ Windows \ system32 \ admparse.dll 2009-03-08 11:32. 2009-05-20 03:47 71680 ---- aw C: \ Windows \ system32 \ iesetup.dll 2009-03-08 11:32. 2009-05-20 03:47 66560 ---- aw C: \ Windows \ system32 \ wextract.exe 2009-03-08 11:32. 2009-05-20 03:47 169472 ---- aw C: \ Windows \ system32 \ iexpress.exe 2009-03-08 11:31. 2009-05-20 03:47 34816 ---- aw C: \ Windows \ system32 \ imgutil.dll 2009-03-08 11:31. 2009-05-20 03:47 48128 ---- aw C: \ Windows \ system32 \ Mshtmler.dll 2009-03-08 11:31. 2009-05-20 03:47 45568 ---- aw C: \ Windows \ system32 \ Mshta.exe 2009-03-08 11:22. 2009-05-20 03:47 156160 ---- aw C: \ Windows \ system32 \ msls31.dll 2009-03-03 04:46. 2009-04-17 05:22 3599328 ---- aw C: \ Windows \ system32 \ Ntkrnlpa.exe 2009-03-03 04:46. 2009-04-17 05:22 3547632 ---- aw C: \ Windows \ system32 \ ntoskrnl.exe 2009-03-03 04:39. 2009-04-17 05:22 183296 ---- aw C: \ Windows \ system32 \ sdohlp.dll 2009-03-03 04:39. 2009-04-17 05:22 551424 ---- aw C: \ Windows \ system32 \ Rpcss.dll 2009-03-03 04:39. 2009-04-17 05:22 26112 ---- aw C: \ Windows \ system32 \ printfilterpipelineprxy.dll 2009-03-03 04:37. 2009-04-17 05:22 98304 ---- aw C: \ Windows \ system32 \ iasrecst.dll 2009-03-03 04:37. 2009-04-17 05:22 54784 ---- aw C: \ Windows \ system32 \ iasads.dll 2009-03-03 04:37. 2009-04-17 05:22 44032 ---- aw C: \ Windows \ system32 \ iasdatastore.dll 2009-03-03 03:04. 2009-04-17 05:22 666624 ---- aw C: \ Windows \ system32 \ printfilterpipelinesvc.exe 2009-03-03 02:38. 2009-04-17 05:22 17408 ---- aw C: \ Windows \ system32 \ iashost.exe . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))) )))))))))))))))))))))))))))))))))))))))) . . * Not * tomma poster & legit default poster visas inte REGEDIT4 [HKEY_CURRENT_USER \ SOFTWARE \ Microsoft \ Windows \ Curre ntVersion \ Run] "ehTray.exe" = "C: \ Windows \ ehome \ ehTray.exe" [2008-01-21 125952] "OM2_Monitor" = "C: \ Program Files \ OLYMPUS \ OLYMPUS Master 2 \ MMonitor.exe" [2008-11-07 95536] "WMPNSCFG" = "C: \ Program Files \ Windows Media Player \ WMPNSCFG.exe" [2008-01-21 202240] "Eraser" = "C: \ Program Files \ Eraser \ Eraser.exe" [2007-12-22 916240] "SUPERAntiSpyware" = "C: \ Program Files \ SUPERAntiSpyware \ SUPERAntiSpyware.exe" [2009-05-14 1830128] [HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ Windows \ Curr entVersion \ Run] "BkupTray" = "C: \ Program Files \ NewTech Infosystems \ NTI Backup Nu 5 \ BkupTray.exe" [2007-12-30 34552] "Acer Empowering Technology Monitor" = "C: \ Acer \ Empowering Technology \ SysMonitor.exe" [2008-01-10 326176] "SMSERIAL" = "C: \ Program Files \ Motorola \ SMSERIAL \ sm56hlpr.exe" [2007-02-02 630784] "Acer Produkt Registrering" = "C: \ Program Files \ Acer Registration \ ACE1.exe" [2007-10-15 3387392] "NVRaidService" = "c: \ windows \ system32 \ nvraidservice. Exe" [2008-11-12 203296] "LXCECATS" = "c: \ windows \ system32 \ spool \ DRIVERS \ W32X 86 \ 3 \ LXCEtime.dll" [2007-02-22 73728] "lxcemon.exe" = "C: \ Program Files \ Lexmark 4300 Series \ lxcemon.exe" [2007-05-17 205744] "EzPrint" = "C: \ Program Files \ Lexmark 4300 Series \ ezprint.exe" [2007-05-17 103344] "ArcSoft Connection Service" = "C: \ Program Files \ Common Files \ ArcSoft \ Connection Service \ bin \ ACDaemon.exe" [2009-04-29 188728] "QuickTime Task" = "C: \ Program Files \ QuickTime \ QTTask.exe" [2009-01-05 413696] "iTunesHelper" = "C: \ Program Files \ iTunes \ iTunesHelper.exe" [2009-04-02 342312] "SunJavaUpdateSched" = "C: \ Program Files \ Java \ jre6 \ bin \ jusched.exe" [2009-05-19 148888] "Adobe Reader Speed Launcher" = "C: \ Program Files \ Adobe \ Reader 9.0 \ Reader \ Reader_sl.exe" [2009-02-27 35696] "WinPatrol" = "C: \ Program Files \ BillP Studios \ WinPatrol \ winpatrol.exe" [2009-04-20 337216] "NvCplDaemon" = "c: \ windows \ system32 \ NvCpl.dll" [2009-01-16 13683232] "NvMediaCenter" = "c: \ windows \ system32 \ NvMcTray. Dll" [2009-01-16 92704] "avast!" = "c: \ progra ~ 1 \ ALWILS ~ 1 \ Avast4 \ ashDisp. exe" [2009-02-05 81000] "RtHDVCpl" = "RtHDVCpl.exe" - C: \ Windows \ RtHDVCpl.exe [2007-10-11 4702208] c: \ Programdata \ Microsoft \ Windows \ Start-meny \ Program \ Autostart \ Empowering Technology Launcher.lnk - C: \ Acer \ Empowering Technology \ eAPLauncher.exe [2008-2-5 535336] Kodak EasyShare software.lnk - C: \ Program Files \ Kodak \ Kodak EasyShare software \ bin \ EasyShare.exe [2008-10-30 282624] [HKEY_LOCAL_MACHINE \ Software \ Microsoft \ Windows \ Curr entversion \ Policies \ System] "EnableUIADesktopToggle" = 0 (0x0) "EnableLUA" = 0 (0x0) [HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ Windows \ Curr entversion \ Explorer \ ShellExecuteHooks] "(5AE067D3-9AFB-48E0-853A-EBB7F4A000DA)" = "C: \ Program Files \ SUPERAntiSpyware \ SASSEH.DLL" [2008-05-13 77824] [HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ Windows NT \ CurrentVersion \ Winlogon \ anmäla \! SASWinLogon] 2008-12-22 16:05 356352 ---- aw C: \ Program Files \ SUPERAntiSpyware \ SASWINLO.dll HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ Windows NT \ CurrentVersion \ drivers32 "wave2" = serwvdrv.dll [HKEY_LOCAL_MACHINE \ SYSTEM \ CurrentControlSet \ contro l \ SafeBoot \ Minimal \ WinDefend] @ = "Service" [HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ Security Center \ Monitoring] "DisableMonitoring" = dword: 00000001 [HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ Security Center \ Monitoring \ SymantecAntiVirus] "DisableMonitoring" = dword: 00000001 [HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ Security Center \ Monitoring \ SymantecFirewall] "DisableMonitoring" = dword: 00000001 [HKLM \ ~ \ Services \ SharedAccess \ Parameters \ firewallpo licy \ FirewallRules] "(2E9A4533-1359-46B6-B326-2B899D73FD10)" = UDP: C: \ Program Files \ Microsoft Office \ Office12 \ ONENOTE.EXE: Microsoft Office OneNote "(ADE9CF49-7A0E-4076-9B85-7648EC5E7736)" = TCP: C: \ Program Files \ Microsoft Office \ Office12 \ ONENOTE.EXE: Microsoft Office OneNote "(6299EEE5-1856-4B10-9916-798B1C1AEF89)" = UDP: C: \ Program Files \ NewTech Infosystems \ NTI Backup Nu 5 \ BackupSvc.exe: BackupSvc.exe "(F3CFA48D-AE6A-482E-96D7-2390C5C0FDF5)" = UDP: C: \ Program Files \ NewTech Infosystems \ NTI Backup Nu 5 \ Client \ Agentsvc.exe: AgentSvc.exe "(D430641B-178B-4C39-B53C-F6B3221DB01A)" = TCP: C: \ Program Files \ NewTech Infosystems \ NTI Backup Nu 5 \ BackupSvc.exe: BackupSvc.exe "(948000F3-8719-4206-B4C5-6506B663184F)" = TCP: C: \ Program Files \ NewTech Infosystems \ NTI Backup Nu 5 \ Client \ Agentsvc.exe: AgentSvc.exe "(8BCD640B-594A-465F-8A9E-E5A6C07DC081)" = UDP: C: \ Program Files \ NewTech Infosystems \ NTI Backup Nu 5 \ SchedulerSvc.exe: SchedulerSvc.exe "(7B6B3B53-9D2B-40C9-B91F-FE85E1D6A25A)" = TCP: C: \ Program Files \ NewTech Infosystems \ NTI Backup Nu 5 \ SchedulerSvc.exe: SchedulerSvc.exe "(CA5E49E2-2662-4B15-BE6C-0FC7F1CC3A1B)" = UDP: C: \ Windows \ System32 \ lxcecoms.exe: Lexmark Communications System "(61DAEE1D-D19E-4F1A-B41E-603246AF524C)" = TCP: C: \ Windows \ System32 \ lxcecoms.exe: Lexmark Communications System "(EB8798E6-358B-4DDA-a219-21BBC5D3C79A)" = UDP: C: \ Windows \ System32 \ spool \ drivers \ w32x86 \ 3 \ lxc epswx.exe: Printer Status Window "(C513D5EB-73E1-4ED7-A04C-C37C9E69B4B0)" = TCP: C: \ Windows \ System32 \ spool \ drivers \ w32x86 \ 3 \ lxc epswx.exe: Printer Status Window "(99976595-B4E1-4C9A-A3DE-A67AEDEE9B55)" = C: \ Program Files \ Acer Arcade Live \ Acer Arcade Live Main Page \ Acer Arcade Live.exe: Acer Arcade Live "(7A37205C-E643-4464-8C27-FAFCC859102D)" = UDP: C: \ Program Files \ Microsoft Office \ Office12 \ ONENOTE.EXE: Microsoft Office OneNote "(1DF156D1-94E3-4B3D-A91E-724DFC89819E)" = TCP: C: \ Program Files \ Microsoft Office \ Office12 \ ONENOTE.EXE: Microsoft Office OneNote "(B7DA4A0B-FA80-40F6-A9A6-B737F64A2D2D)" = UDP: C: \ Program Files \ Bonjour \ mDNSResponder.exe: Bonjour "(D7D156E3-7B84-41F2-9FD8-CF9860453F65)" = TCP: C: \ Program Files \ Bonjour \ mDNSResponder.exe: Bonjour "(F8CDA590-0FD3-4E40-8A6C-9850B1E5C2AB)" = UDP: C: \ Program Files \ iTunes \ iTunes.exe: iTunes "(F6A110DE-6630-4823-B892-60950EB9ED71)" = TCP: C: \ Program Files \ iTunes \ iTunes.exe: iTunes "(8640BFAB-1B85-48CC-95D5-9AABB44E4D95)" = UDP: C: \ Program Files \ BillP Studios \ WinPatrol \ WinPatrol.exe: WinPatrol "(6CC4A3BE-8F00-4983-B199-3050D54509B8)" = TCP: C: \ Program Files \ BillP Studios \ WinPatrol \ WinPatrol.exe: WinPatrol "(1EA08720-DA12-4CDE-8A5A-AF15D91C1E5F)" = UDP: C: \ Program Files \ Malwarebytes' Anti-Malware \ mbam.exe: Malwarebytes' Anti-Malware "(DDDCF108-71DF-48CD-AD53-71D17C3F2C5C)" = TCP: C: \ Program Files \ Malwarebytes' Anti-Malware \ mbam.exe: Malwarebytes' Anti-Malware "(F98C3B13-2099-40EC-B504-2445C9C5B1B0)" = UDP: C: \ Program Files \ Spybot - Search & Destroy \ SpybotSD.exe: Spybot - Search & Destroy "(3DB81CCD-4E96-40B3-8CA9-0089C89C294B)" = TCP: C: \ Program Files \ Spybot - Search & Destroy \ SpybotSD.exe: Spybot - Search & Destroy "(918FE1A4-6957-4640-97D9-C85BED212614)" = UDP: C: \ Program Files \ Spybot - Search & Destroy \ SDUpdate.exe: Uppdatera Spybot-S & D "(877DB07F-9298-486A-BB5B-930AF3A683AA)" = TCP: C: \ Program Files \ Spybot - Search & Destroy \ SDUpdate.exe: Uppdatera Spybot-S & D "(5A664831-d250-4805-BB75-32612C9742F8)" = UDP: C: \ Windows \ ehome \ ehshell.exe: Windows Media Center "(2A157C0E-5966-4B7E-8D49-178D75EA6009)" = TCP: C: \ Windows \ ehome \ ehshell.exe: Windows Media Center [HKLM \ ~ \ Services \ SharedAccess \ Parameters \ firewallpo licy \ StandardProfile] "EnableFirewall" = 0 (0x0) R1 aswSP, avast! Self Protection, c: \ windows \ system32 \ drivers \ aswSP.sys [5/22/2009 11:06 AM 114768] R1 FAMv4; FAMv4, c: \ windows \ system32 \ drivers \ FAMv4.sys [12/14/2007 3:35 PM 132120] R1 SASDIFSV; SASDIFSV, C: \ Program Files \ SUPERAntiSpyware \ sasdifsv.sys [5/14/2009 2:22 PM 9968] R1 SASKUTIL; SASKUTIL, C: \ Program Files \ SUPERAntiSpyware \ SASKUTIL.SYS [5/14/2009 2:22 PM 72944] R2 aswFsBlk; aswFsBlk, c: \ windows \ system32 \ drivers \ aswF sBlk.sys [5/22/2009 11:06 AM 20560] R2 aswMonFlt; aswMonFlt, c: \ windows \ system32 \ drivers \ som wMonFlt.sys [5/22/2009 11:06 AM 51792] R2 BUNAgentSvc, NTI Backup Now 5 Agent Service, c: \ program \ NewTech Infosystems \ NTI Backup Now 5 \ Client \ Agentsvc.exe [12/30/2007 5:54 PM 21752] R2 NTIBackupSvc, NTI Backup Now 5 Backup Service, c: \ program \ NewTech Infosystems \ NTI Backup Now 5 \ BackupSvc.exe [12/30/2007 5:55 PM 54520] R2 NTISchedulerSvc, NTI Backup Now 5 Scheduler Service, c: \ program \ NewTech Infosystems \ NTI Backup Now 5 \ SchedulerSvc.exe [12/30/2007 5:54 PM 136440] R2 SBSDWSCService; SBSD Security Center Service; C: \ Program Files \ Spybot - Search & Destroy \ SDWinSec.exe [5/19/2009 10:04 AM 1153368] R3 SASENUM; SASENUM, C: \ Program Files \ SUPERAntiSpyware \ SASENUM.SYS [5/14/2009 2:22 PM 7408] [HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ Active Setup \ Installed Components \> (60B49E34-C7CC-11D0-8953-00A0C90347FF)] "C: \ Windows \ System32 \ rundll32.exe" c: \ windows \ System32 \ Iedkcs32.dll "BrandIEActiveSe gumse Anmäl dig . - - - - Föräldralösa BORT - - - -- SafeBoot-procexp90.Sys . ------- Supplementary Scan ------- . uStart Page = hxxp: / / www.yahoo.com/ mStart Page = hxxp: / / en.us.acer.yahoo.com uInternet Settings, ProxyOverride = <local>; *. lokala uInternet Inställningar Proxyserver = http = localhost: 7171 IE: E & xportera till Microsoft Excel - C: \ progra ~ 1 \ mikro ~ 2 \ Office12 \ EXCEL.EXE/3000 Trusted Zone: microsoft.com \ uppdatering Trusted Zone: microsoft.com \ WindowsUpdate FF - ProfilePath - c: \ Users \ Shirley \ AppData \ Roaming \ Mozilla \ Firefox \ P rofiles \ j0dqrqc6.default \ FF - prefs.js: browser.startup.homepage - hxxp: / / en.us.acer.yahoo.com / . ************************************************** ************************ CatchMe 0.3.1398 W2K/XP/Vista - rootkit / stealth malware detector av Gmer, http://www.gmer.net Rootkit scan 2009-05-24 04:54 Windows 6.0.6001 Service Pack 1 NTFS scanning dolda processer ... scanning dold autostart poster ... HKLM \ Software \ Microsoft \ Windows \ CurrentVersion \ Run LXCECATS = rundll32 C: \ Windows \ system32 \ spool \ DRIVERS \ W32X86 \ 3 \ LXCEtim e.dll, _RunDLLEntry @ 16 ???????????????????????? ????? ?????????????????????????????????????????????????? ?????????????????????????????????????????????????? ?????????????????????????????????????????????????? scanning dolda filer ... scan completed successfully dolda filer: 0 ************************************************** ************************ . --------------------- LOCKED Registernycklar --------------------- [HKEY_LOCAL_MACHINE \ SYSTEM \ ControlSet001 \ Control \ Cl ass \ (4D36E96D-E325-11CE-BFC1-08002BE10318) \0000 \ AllUserSettings] @ Denied: (A) (Användare) @ Denied: (A) (Alla) @ Allowed (B 1 2 3 4 5) (S-1-5-20) "BlindDial" = dword: 00000000 . Slutförande temne: 2009-05-24 4:55 ComboFix-karantän-files.txt 2009-05-24 08:55 Pre-Run: 173756547072 bytes gratis Post-Run: 173859581952 bytes gratis 269 --- EOF --- 2009-05-17 10:04 ADD ta bort program Microsoft Office Shared MUI (engelska) 2007 Microsoft Office Shared Setup Metadata MUI (engelska) 2007 Microsoft Office Word MUI (engelska) 2007 Microsoft Silverlight Microsoft Visual C + + 2005 Redistributable Microsoft Visual C + + 2008 Redistributable - x86 9.0.30729.17 Microsoft Works Motorola SM56 Speakerphone Modem Mozilla Firefox (3.0.10) MSXML 4.0 SP2 (KB936181) MSXML 4.0 SP2 (KB941833) MSXML 4.0 SP2 (KB954430) MSXML 4.0 SP2 Parser och SDK Mystery Case Files - Huntsville Mystery Solitaire - Secret Island netbrdg NTI Backup Nu 5 NTI Backup Nu Standard NTI Media Maker 8 NTI Open File Manager (ta bort bara) NVIDIA Drivers OfotoXMI OLYMPUS Master 2 OLYMPUS muvee theaterPack PCDADDIN PCDHELP QuickTime Realtek High Definition Audio Driver Säkerhetsuppdatering för Microsoft Office PowerPoint 2007 (KB957789) SFR Shasta skin0001 SKINXSDK Spybot - Search & Destroy staticcr SUPERAntiSpyware Free Edition verktygstips Turbo Pizza Uppdatering för 2007 Microsoft Office System (KB967642) Uppdatering för Microsoft Office 2007 Hjälp för gemensamma funktioner (KB963673) Uppdatering för Microsoft Office Excel 2007 Hjälp (KB963678) Uppdatering för Microsoft Office OneNote 2007 Hjälp (KB963670) Uppdatering för Microsoft Office PowerPoint 2007 Hjälp (KB963669) Uppdatering för Microsoft Office Manusredigerare Hjälp (KB963671) Uppdatering för Microsoft Office Word 2007 Hjälp (KB963665) VPRINTOL Windows Live OneCare säkerhet scanner WinPatrol 2009 TRÅDLÖST Zuma Deluxe EDIT: Tre frågor: Jag märkte en Limewire DLL kan vi döda det? Även LTI är ett legitimt program, är det nödvändigt? Jag tror att det kom ett paket med denna dumma Acer dator (man göra de belastning dessa saker med skräp) och sker genom det byggs i Microsoft program. LT Cats är ett inbyggt spionprogram från lprinter tillverkare, Lenmark. Jag trodde att jag fick den relevanta delar ut men jag var inte säker på hur mycket yxa utan handikappande skrivaren. Kan mer gå eller är det som är kvar bra? |
|
#4
24 maj 2009, 04:03
| |||
| |||
| Hej Bubba Please dont leka med HJT om du inte förstå hur den. Du måste komma ihåg att HJT i själva verket är en Registereditorn verktyg i ett annat sammanhang. Jag hatar dig att förvandla datorn till en dyr dörren! De två 02-poster som du har raderat är legit, men rapporter filen som saknas här är inte alltid fallet. HJT är känt för att misreport vissa poster. Beträffande LimeWire, har du avinstallerat via kontrollpanelen? Om så är fallet så kan vi spola ett par mer överflödiga föremål som är kvar. Jag ser ett par bitar som rör Norton, var detta paketerat på datorn på en gång? Kör Norton Removal Tool för att rensa ut reminants. Du hittar verktyget här: Norton Removal Tool När göras ...... Combofix
Citat:
 Spara denna som CFScript.txt, På samma plats som ComboFix.exe  Med hänvisning till bilden ovan, drar CFScript på ComboFix.exe. När du är klar kommer det fram en logga för dig "C: \ ComboFix.txt" Don't mouseclick combofix fönster medan det är igång. Detta kan medföra att stanna. VARNING! Någon annan som funderar på att använda dessa skript gör det på egen risk - du kan sluta med att åter installera Windows! Vänligen skicka loggen C: \ ComboFix.txt för ytterligare granskning. ===================================== Jag märker att avinstallera log var avskurna i toppen, kan du repost det för mig snälla. Också hålla mig uppdaterad om hur det system klokt
__________________ Stolt medlem i ASAP & UNITE |
|
#5
24 maj 2009, 04:53
| |||
| |||
| Limewire inte skulle dyka upp i program och inslag panel att avinstallera. filerna till "kör" det jag tyckte var app-filer, inte exe, så jag trudged genom C-enheten och raderas allt jag kunde hitta. Jag ser att jag missade åtminstone en i registret dock. När Norton ........ Ja, Acer lastade en testversion på. Jag avinstallerade det genom kontrollpanelen och sedan använt Norton borttagningsverktyget. (Det var det första jag gjorde, även innan jag lastas spybot, Winpatrol, och resten av grejerna.) När jag gick igenom C köra filer Jag hållas hitta mer rester av Norton och raderas dem som jag gick. Det har aldrig inträffat för mig att köra det igen, men jag kommer att göra det nu. LOL Dessa tre filer i Combofix var tre Jag var mest nyfiken på. Det ska inte finnas en fullmakt värd, inte heller jag tror att profilerna ska vara låst för alla. Men jag har inte studerat Combofix ännu och det är därför som jag inte använder det själv, så var jag borta om vad att göra med dessa tre, eller även om de i själva verket var "dåliga". Ledsen för att klippa huvudet av avinstallationen log, vad dum är jag tittade på det två gånger eftersom den inte hade någon inställning och missade mitt fel båda gångerna. EDIT: och jag ändå glömt att skriva det: 2007 Microsoft Office Suite Service Pack 2 (SP2) Acer Arcade Live Huvudsida Acer Empowering Technology Acer ePerformance Management Acer eSettings Management Acer GameZone Console DTV 2.0.1.1 Acer Registrering Acrobat.com Adobe AIR Adobe Flash Player 10 ActiveX Adobe Flash Player 10 Plugin Adobe Reader 9.1.1 Adobe Shockwave Player 11.5 Agatha Christie Döden på Nilen Alice Greenfingers Apple Mobile Device Support Apple Software Update ArcSoft Skriv Creations ArcSoft Skriv Creations - Album Page ArcSoft Skriv Creations - Funhouse ArcSoft Skriv Creations - Gratulationskort ArcSoft Skriv Creations - fotobok ArcSoft Skriv Creations - Fotokalender ArcSoft Skriv Creations - Klippbok ArcSoft Skriv Creations - Slimline Card avast! Antivirus Azada Underskruv Biljard Big Kahuna Reef Bonjour Bookworm Deluxe Murstenar av Egypten Cake Mania CCScore Chicken Invaders 3 Chuzzle Diner Dash Flo on the Go Eraser ESSBrwr ESSCDBK ESScore ESSgui ESSini ESSPCD ESSPDock ESSTOOLS essvatgt Flip Words 2 HijackThis 2.0.2 Snabbkorrigering för Microsoft. NET Framework 3.5 Service Pack 1 (KB953595) Snabbkorrigering för Microsoft. NET Framework 3.5 Service Pack 1 (KB958484) iTunes Java (TM) 6 Update 13 Jewel Quest Solitaire kgcbaby kgchday kgchlwn kgcinvt kgckids kgcmove kgcvday Kick N Rush Kodak EasyShare programvara KODAK Gallery Upload Software Lexmark 4300 Series Mahjong Escape Ancient Kina Mahjongg artifacts Malwarebytes' Anti-Malware Memorex exPressit Label Design Studio Microsoft. NET Framework 3.5 SP1 Microsoft Office Excel MUI (engelska) 2007 Microsoft Office Home and Student 2007 Microsoft Office OneNote MUI (engelska) 2007 Microsoft Office PowerPoint MUI (engelska) 2007 Microsoft Office Proof (engelska) 2007 Microsoft Office Proof (franska) 2007 Microsoft Office Proof (spanska) 2007 Microsoft Office Proofing (engelska) 2007 Microsoft Office Shared MUI (engelska) 2007 Microsoft Office Shared Setup Metadata MUI (engelska) 2007 Microsoft Office Word MUI (engelska) 2007 Microsoft Silverlight Microsoft Visual C + + 2005 Redistributable Microsoft Visual C + + 2008 Redistributable - x86 9.0.30729.17 Microsoft Works Motorola SM56 Speakerphone Modem Mozilla Firefox (3.0.10) MSXML 4.0 SP2 (KB936181) MSXML 4.0 SP2 (KB941833) MSXML 4.0 SP2 (KB954430) MSXML 4.0 SP2 Parser och SDK Mystery Case Files - Huntsville Mystery Solitaire - Secret Island netbrdg NTI Backup Nu 5 NTI Backup Nu Standard NTI Media Maker 8 NTI Open File Manager (ta bort bara) NVIDIA Drivers OfotoXMI OLYMPUS Master 2 OLYMPUS muvee theaterPack PCDADDIN PCDHELP QuickTime Realtek High Definition Audio Driver Säkerhetsuppdatering för Microsoft Office PowerPoint 2007 (KB957789) SFR Shasta skin0001 SKINXSDK Spybot - Search & Destroy staticcr SUPERAntiSpyware Free Edition verktygstips Turbo Pizza Uppdatering för 2007 Microsoft Office System (KB967642) Uppdatering för Microsoft Office 2007 Hjälp för gemensamma funktioner (KB963673) Uppdatering för Microsoft Office Excel 2007 Hjälp (KB963678) Uppdatering för Microsoft Office OneNote 2007 Hjälp (KB963670) Uppdatering för Microsoft Office PowerPoint 2007 Hjälp (KB963669) Uppdatering för Microsoft Office Manusredigerare Hjälp (KB963671) Uppdatering för Microsoft Office Word 2007 Hjälp (KB963665) VPRINTOL Windows Live OneCare säkerhet scanner WinPatrol 2009 TRÅDLÖST Zuma Deluxe |
|
#6
24 maj 2009, 05:58
| |||
| |||
| Hej Bubba Tack för uppdatering avinstallera listan - kan du skicka den nya combofix log för mig som begärts. Citat:
När det gäller LTCats: Från vad jag kan säga detta är en giltig post, men är klassad som "användarens val på om den körs på starta Beträffande Limewire: Jag kan se ett par poster som fortfarande där, men vi kan ge dem med nästa upplaga på combofix
__________________ Stolt medlem i ASAP & UNITE |
|
#7
24 maj 2009, 07:03
| |||
| |||
| Aj, datorn låst upp och stänga av eftersom det såg ut Combofix var på väg att avsluta. Det startas om och jag valde safemode. Jag tror inte att det skapas loggen, men jag vet inte säkert. Här är Microsoft popup. Windows har återställts efter en oväntad avslutning. Problem signatur: Problem Event Namn: Blue Screen OS Version: 6.0.6001.2.1.0.768.3 Språk-ID: 1033 Ytterligare information om problemet: BCCODE: 50 BCP1: E0858E9B BCP2: 00000000 BCP3: 9B9D2D10 BCP4: 00000002 OS-version: 6_6_6001 Service Pack: 1_0 Product: 768_1 FILES som beskriver problemet: C \ Windows \ Minidump \ mini052409-01.dmp C \ Users \ Shirley \ AppData \ Temp \ Wer-85644-0.systemdata.xml C \ Users \ Shirley \ AppData \ Local \ Temp \ WERC6C7.tmp.ver sion.txt Jag har lämnat datorn på skärmen i safemode. Vad vill du att jag ska göra med den? Jag lämnar den i safemode tills jag hör något, jag måste gå film nu vara tillbaka i ca 3 timmar. Man det är trevligt att arbeta med någon annans dator så jag har min fortfarande få hjälp här. EDIT: Jag har inte provat, men jag är säker på att jag kan få dessa filer i safemode om du måste veta vad de säger, men jag vet inte hur man öppnar en XML-fil. |
|
#8
24 maj 2009, 07:11
| |||
| |||
| Hej Bubba Prova att starta om och se om det stövlar framgångsrikt igen, om inte försöka trycka på F8 för att komma åt boot skärmen på start och välj alternativet för senast fungerande konfiguration.
__________________ Stolt medlem i ASAP & UNITE |
|
#9
24 maj 2009, 07:50
| |||
| |||
| Det startas upp och det fanns en ComboFix2 log där, det är ganska identiskt med den första men det finns en 10:04 tidsstämpeln hänvisar till en karantän logg. Den quarentine loggen är tom. Här är den fil, jag vet inte om det är komplett eller vad du vill. Nu har jag att dela. ComboFix 09-05-23.04 - Shirley 05/24/2009 4:48.1 - NTFSx86 Microsoft ® Windows Vista ™ Home Premium 6.0.6001.1.1252.1.1033.18.2814.1916 [GMT -4:00] Running from: C: \ Users \ Shirley \ Desktop \ ComboFix.exe SP: Spybot - Search and Destroy * funktionshindrade * (Gamla) (ED588FAF-1B8F-43B4-ACA8-8E3C85DADBE9) SP: SUPERAntiSpyware * funktionshindrade * (Uppdaterad) (222A897C-5018-402e-943F-7E7AC8560DA7) SP: Windows Defender * aktiverat * (Uppdaterad) (D68DDC3A-831F-4FAE-9E44-DA132C1ACF46) . ((((((((((((((((((((((((( Files Created från 2009-04-24 till 2009-05-24 ))))))))))) )))))))))))))))))))) . 2009-05-22 23:57. 2009-05-24 08:40 117760 ---- aw C: \ Users \ Shirley \ AppData \ Roaming \ SUPERAntiSpyware. com \ SUPERAntiSpyware \ SDDLLS \ UIREPAIR.DLL 2009-05-22 23:56. 2009-05-22 23:56 -------- d ----- wc: \ Programdata \ SUPERAntiSpyware.com 2009-05-22 23:52. 2009-05-22 23:52 -------- d ----- WC: \ Program \ SUPERAntiSpyware 2009-05-22 23:52. 2009-05-22 23:52 -------- d ----- wc: \ Users \ Shirley \ AppData \ Roaming \ SUPERAntiSpyware. com 2009-05-22 20:36. 2009-05-22 20:36 -------- d ----- WC: \ Program Files \ Common Files \ Wise Installation Wizard 2009-05-22 15:06. 2009-02-05 20:06 51376 ---- aw C: \ Windows \ system32 \ drivers \ aswTdi.sys 2009-05-22 15:06. 2009-02-05 20:06 23152 ---- aw C: \ Windows \ system32 \ drivers \ aswRdr.sys 2009-05-22 15:06. 2009-02-05 20:07 114768 ---- aw C: \ Windows \ system32 \ drivers \ aswSP.sys 2009-05-22 15:06. 2009-02-05 20:07 20560 ---- aw C: \ Windows \ system32 \ drivers \ aswFsBlk.sys 2009-05-22 15:06. 2009-02-05 20:04 97480 ---- aw C: \ Windows \ system32 \ AvastSS.scr 2009-05-22 15:06. 2009-02-05 20:11 1256296 ---- aw C: \ Windows \ system32 \ aswBoot.exe 2009-05-22 15:06. 2009-02-05 20:06 51792 ---- aw C: \ Windows \ system32 \ drivers \ aswMonFlt.sys 2009-05-22 15:06. 2009-05-22 15:06 -------- d ----- WC: \ Program \ Alwil Software 2009-05-22 04:38. 2009-05-22 04:38 738120 ---- aw C: \ Programdata \ Microsoft \ eHome \ Packages \ MCESpotlig HT \ MCESpotlight \ SpotlightResources.dll 2009-05-20 12:43. 2008-06-20 01:14 97800 ---- aw C: \ Windows \ system32 \ infocardapi.dll 2009-05-20 12:43. 2008-06-20 01:14 105016 ---- aw C: \ Windows \ system32 \ PresentationCFFRasterizerNativ e_v0300.dll 2009-05-20 12:43. 2008-06-20 01:14 11264 ---- aw C: \ Windows \ system32 \ icardres.dll 2009-05-20 12:43. 2008-06-20 01:14 622080 ---- aw C: \ Windows \ system32 \ icardagt.exe 2009-05-20 12:43. 2008-06-20 01:14 43544 ---- aw C: \ Windows \ system32 \ PresentationHostProxy.dll 2009-05-20 12:43. 2008-06-20 01:14 781344 ---- aw C: \ Windows \ system32 \ PresentationNative_v0300.dll 2009-05-20 12:43. 2008-06-20 01:14 326160 ---- aw C: \ Windows \ system32 \ PresentationHost.exe 2009-05-20 12:33. 2008-07-27 18:03 96760 ---- aw C: \ Windows \ system32 \ dfshim.dll 2009-05-20 12:33. 2008-07-27 18:03 282112 ---- aw C: \ Windows \ system32 \ mscoree.dll 2009-05-20 12:33. 2008-07-27 18:03 41984 ---- aw C: \ Windows \ system32 \ netfxperf.dll 2009-05-20 12:32. 2008-07-27 18:03 158720 ---- aw C: \ Windows \ system32 \ mscorier.dll 2009-05-20 12:32. 2008-07-27 18:03 83968 ---- aw C: \ Windows \ system32 \ mscories.dll 2009-05-20 11:39. 2009-05-20 11:39 -------- d ----- WC: \ Program \ Microsoft Silverlight 2009-05-20 04:03. 2009-05-20 11:00 -------- d ----- WC: \ Program \ Windows Live Safety Center 2009-05-19 23:20. 2009-05-19 23:20 -------- d ----- wc: \ Users \ Shirley \ AppData \ Local \ Acer DV Magician 2009-05-19 23:10. 2009-05-19 23:10 -------- d ----- wc: \ windows \ söndag 2009-05-19 20:40. 2009-05-19 20:40 -------- d ----- wc: \ Users \ Shirley \ AppData \ Roaming \ com.adobe.mauby.4 875E02D9FB21EE389F73B8D1702B320485DF8CE.1 2009-05-19 20:40. 2009-05-19 11:41 38200 ---- aw C: \ Users \ Shirley \ AppData \ Roaming \ Macromedia \ Flash Player \http://www.macromedia.com \ bin \ airapp ... pinstaller.exe 2009-05-19 18:24. 2009-05-24 08:38 -------- d ----- wc: \ Users \ Shirley \ AppData \ Local \ Eraser 2009-05-19 18:24. 2009-05-19 18:24 -------- d - h - wc: \ Users \ Shirley \ AppData \ Local \ (A25FEDC1-F6D7-440C-BCE2-B71F595F6646) 2009-05-19 18:24. 2009-05-19 18:24 -------- d ----- WC: \ Program \ Eraser 2009-05-19 17:20. 2009-05-19 17:20 -------- d ----- wc: \ Users \ Shirley \ AppData \ Roaming \ eSobi 2009-05-19 17:11. 2008-07-10 06:32 538 ---- aw C: \ Windows \ system32 \ RegRaidSedona.bat 2009-05-19 17:07. 2009-05-19 17:07 -------- d ----- w C: \ NVIDIA 2009-05-19 14:04. 2009-05-19 14:05 -------- d ----- WC: \ Program \ Spybot - Search & Destroy 2009-05-19 14:04. 2009-05-19 14:05 -------- d ----- wc: \ Programdata \ Spybot - Search & Destroy 2009-05-19 13:01. 2009-05-19 13:01 -------- d ----- wc: \ Users \ Shirley \ AppData \ Roaming \ WinPatrol 2009-05-19 13:01. 2006-09-18 21:43 10 ---- aw C: \ Users \ Shirley \ AppData \ Roaming \ WinPatrol \ Config. sys 2009-05-19 13:01. 2006-09-18 21:43 24 ---- aw C: \ Users \ Shirley \ AppData \ Roaming \ WinPatrol \ Autoexe c.bat 2009-05-19 13:01. 2009-05-19 13:01 -------- d ----- WC: \ Program \ BillP Studios 2009-05-19 12:26. 2009-05-19 12:26 -------- d ----- wc: \ Users \ Shirley \ AppData \ Roaming \ Malwarebytes 2009-05-19 12:26. 2009-04-06 19:32 15504 ---- aw C: \ Windows \ system32 \ drivers \ mbam.sys 2009-05-19 12:26. 2009-04-06 19:32 38496 ---- aw C: \ Windows \ system32 \ drivers \ mbamswissarmy.sys 2009-05-19 12:26. 2009-05-19 13:22 -------- d ----- WC: \ Program \ Malwarebytes' Anti-Malware 2009-05-19 12:26. 2009-05-19 12:26 -------- d ----- wc: \ Programdata \ Malwarebytes 2009-05-19 11:53. 2009-05-19 11:53 0 ---- aw C: \ Windows \ nsreg.dat 2009-05-19 11:53. 2009-05-19 11:53 -------- d ----- wc: \ Users \ Shirley \ AppData \ Local \ Mozilla 2009-05-19 11:41. 2009-05-19 11:41 -------- d ----- WC: \ Program Files \ Common Files \ Adobe AIR 2009-05-19 11:38. 2009-05-19 12:45 -------- d ----- wc: \ Programdata \ NOS 2009-05-19 11:29. 2009-05-19 11:29 -------- d ----- wc: \ Users \ Shirley \ AppData \ Local \ Sju Zip 2009-05-19 10:41. 2009-03-19 20:32 23400 ---- aw C: \ Windows \ system32 \ drivers \ GEARAspiWDM.sys 2009-05-19 10:41. 2008-04-17 16:12 107368 ---- aw C: \ Windows \ system32 \ GEARAspi.dll 2009-05-19 10:41. 2009-05-20 01:10 -------- d ----- WC: \ Program \ iPod 2009-05-19 10:41. 2009-05-19 10:41 -------- d ----- wc: \ Programdata \ (8CD7F5AF-ECFA-4793-BF40-D8F42DBFF906) 2009-05-19 10:41. 2009-05-19 10:41 -------- d ----- WC: \ Program \ iTunes 2009-05-19 10:38. 2009-05-19 10:38 -------- d ----- WC: \ Program \ QuickTime 2009-05-19 10:34. 2009-05-19 10:34 75048 ---- aw C: \ Programdata \ Apple Computer \ Installer Cache \ iTunes 8.1.1.10 \ SetupAdmin.exe 2009-05-19 10:34. 2009-05-19 10:34 -------- d ----- WC: \ Program \ Bonjour 2009-05-19 10:33. 2009-05-19 10:33 416128 ---- aw C: \ Programdata \ Microsoft \ eHome \ Packages \ NetTV \ panna se \ NetTVResources.dll 2009-05-19 10:29. 2009-05-19 10:29 410984 ---- aw C: \ Windows \ system32 \ deploytk.dll 2009-05-12 02:36. 2009-05-12 02:36 2930 --- h - wc: \ windows \ ms49f4d98.dat 2009-05-11 23:55. 2009-04-14 00:39 4656976 ---- aw C: \ Programdata \ Microsoft \ Windows Defender \ Definition Updates \ (DD7D9A19-5FB4-4855-A8E0-F0A00524AD5E) \ mpengine.dll . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))) )))))))))))))))))))))))))))))))))))))))))))) . 2009-05-24 08:39. 2009-02-17 13:54 602 ---- aw C: \ Programdata \ ArcSoft \ Kodak-printcreations-22-080812-oem \ acforall.dll 2009-05-24 04:22. 2008-09-12 01:46 -------- d ----- WC: \ Program \ Google 2009-05-20 11:55. 2008-09-11 17:01 104472 ---- aw C: \ Users \ Shirley \ AppData \ Local \ GDIPFONTCACHEV1.DAT 2009-05-20 11:51. 2008-02-05 19:30 -------- d ----- wc: \ Programdata \ Microsoft Hjälp 2009-05-20 11:49. 2008-02-05 19:31 -------- d ----- WC: \ Program \ Microsoft Works 2009-05-20 03:54. 2008-09-12 14:01 -------- d ----- WC: \ Program \ Lx_cats 2009-05-20 00:42. 2008-02-05 20:19 -------- d ----- WC: \ Program Files \ Common Files \ Adobe 2009-05-19 23:28. 2008-02-05 19:26 -------- d - h - WC: \ Program \ InstallShield Installation Information 2009-05-19 23:27. 2008-02-05 19:49 -------- d ----- WC: \ Program Files \ Acer Arcade Live 2009-05-19 23:20. 2008-09-15 23:24 -------- d ----- wc: \ Users \ Shirley \ AppData \ Roaming \ CyberLink 2009-05-19 21:38. 2008-09-12 20:56 -------- d ----- WC: \ Program Files \ Common Files \ SureThing Delad 2009-05-19 21:04. 2008-09-12 14:09 1664 ---- aw C: \ Users \ Shirley \ AppData \ Roaming \ wklnhst.dat 2009-05-19 17:29. 2009-03-04 15:55 -------- d ----- wc: \ Users \ Shirley \ AppData \ Roaming \ Sony 2009-05-19 17:20. 2008-02-05 19:22 -------- d ----- wc: \ Programdata \ NVIDIA 2009-05-19 16:54. 2008-02-05 18:03 36,864 ---- aw C: \ Windows \ system32 \ nvcod100.dll 2009-05-19 16:54. 2007-10-25 11:02 147,456 ---- aw C: \ Windows \ system32 \ nvcolor.exe 2009-05-19 16:13. 2008-09-12 01:47 -------- d ----- wc: \ Users \ Shirley \ AppData \ Roaming \ LimeWire 2009-05-19 11:32. 2008-02-05 20:08 -------- d ----- WC: \ Program \ Yahoo! 2009-05-19 11:05. 2008-09-12 01:45 -------- d ----- WC: \ Program \ Java 2009-05-19 10:41. 2008-09-13 03:14 -------- d ----- WC: \ Program Files \ Common Files \ Apple 2009-05-19 10:38. 2008-09-13 03:15 -------- d ----- wc: \ Programdata \ Apple Computer 2009-05-11 12:10. 2009-05-11 12:10 78260 ---- aw C: \ Programdata \ SPL23D4.tmp 2009-04-17 10:12. 2006-11-02 11:18 -------- d ----- WC: \ Program Files \ Windows Mail 2009-04-02 22:13. 2009-04-02 22:13 702127 ---- aw C: \ Programdata \ SPLFB91.tmp 2009-03-19 20:32. 2009-03-19 20:32 23400 ---- aw C: \ Programdata \ (8CD7F5AF-ECFA-4793-BF40-D8F42DBFF906) \ x86 \ x86 \ GEARAspiWDM.sys 2009-03-17 03:38. 2009-04-17 05:22 13824 ---- aw C: \ Windows \ system32 \ apilogen.dll 2009-03-17 03:38. 2009-04-17 05:22 24064 ---- aw C: \ Windows \ system32 \ amxread.dll 2009-03-08 11:34. 2009-05-20 03:47 914944 ---- aw C: \ Windows \ system32 \ wininet.dll 2009-03-08 11:34. 2009-05-20 03:47 43008 ---- aw C: \ Windows \ system32 \ licmgr10.dll 2009-03-08 11:33. 2009-05-20 03:47 18944 ---- aw C: \ Windows \ system32 \ corpol.dll 2009-03-08 11:33. 2009-05-20 03:47 109056 ---- aw C: \ Windows \ system32 \ iesysprep.dll 2009-03-08 11:33. 2009-05-20 03:47 109568 ---- aw C: \ Windows \ system32 \ PDMSetup.exe 2009-03-08 11:33. 2009-05-20 03:47 107520 ---- aw C: \ Windows \ system32 \ RegisterIEPKEYs.exe 2009-03-08 11:33. 2009-05-20 03:47 103936 ---- aw C: \ Windows \ system32 \ SetDepNx.exe 2009-03-08 11:33. 2009-05-20 03:47 132608 ---- aw C: \ Windows \ system32 \ ieUnatt.exe 2009-03-08 11:33. 2009-05-20 03:47 107008 ---- aw C: \ Windows \ system32 \ SetIEInstalledDate.exe 2009-03-08 11:33. 2009-05-20 03:47 420352 ---- aw C: \ Windows \ system32 \ Vbscript.dll 2009-03-08 11:32. 2009-05-20 03:47 72704 ---- aw C: \ Windows \ system32 \ admparse.dll 2009-03-08 11:32. 2009-05-20 03:47 71680 ---- aw C: \ Windows \ system32 \ iesetup.dll 2009-03-08 11:32. 2009-05-20 03:47 66560 ---- aw C: \ Windows \ system32 \ wextract.exe 2009-03-08 11:32. 2009-05-20 03:47 169472 ---- aw C: \ Windows \ system32 \ iexpress.exe 2009-03-08 11:31. 2009-05-20 03:47 34816 ---- aw C: \ Windows \ system32 \ imgutil.dll 2009-03-08 11:31. 2009-05-20 03:47 48128 ---- aw C: \ Windows \ system32 \ Mshtmler.dll 2009-03-08 11:31. 2009-05-20 03:47 45568 ---- aw C: \ Windows \ system32 \ Mshta.exe 2009-03-08 11:22. 2009-05-20 03:47 156160 ---- aw C: \ Windows \ system32 \ msls31.dll 2009-03-03 04:46. 2009-04-17 05:22 3599328 ---- aw C: \ Windows \ system32 \ Ntkrnlpa.exe 2009-03-03 04:46. 2009-04-17 05:22 3547632 ---- aw C: \ Windows \ system32 \ ntoskrnl.exe 2009-03-03 04:39. 2009-04-17 05:22 183296 ---- aw C: \ Windows \ system32 \ sdohlp.dll 2009-03-03 04:39. 2009-04-17 05:22 551424 ---- aw C: \ Windows \ system32 \ Rpcss.dll 2009-03-03 04:39. 2009-04-17 05:22 26112 ---- aw C: \ Windows \ system32 \ printfilterpipelineprxy.dll 2009-03-03 04:37. 2009-04-17 05:22 98304 ---- aw C: \ Windows \ system32 \ iasrecst.dll 2009-03-03 04:37. 2009-04-17 05:22 54784 ---- aw C: \ Windows \ system32 \ iasads.dll 2009-03-03 04:37. 2009-04-17 05:22 44032 ---- aw C: \ Windows \ system32 \ iasdatastore.dll 2009-03-03 03:04. 2009-04-17 05:22 666624 ---- aw C: \ Windows \ system32 \ printfilterpipelinesvc.exe 2009-03-03 02:38. 2009-04-17 05:22 17408 ---- aw C: \ Windows \ system32 \ iashost.exe . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))) )))))))))))))))))))))))))))))))))))))))) . . * Not * tomma poster & legit default poster visas inte REGEDIT4 [HKEY_CURRENT_USER \ SOFTWARE \ Microsoft \ Windows \ Curre ntVersion \ Run] "ehTray.exe" = "C: \ Windows \ ehome \ ehTray.exe" [2008-01-21 125952] "OM2_Monitor" = "C: \ Program Files \ OLYMPUS \ OLYMPUS Master 2 \ MMonitor.exe" [2008-11-07 95536] "WMPNSCFG" = "C: \ Program Files \ Windows Media Player \ WMPNSCFG.exe" [2008-01-21 202240] "Eraser" = "C: \ Program Files \ Eraser \ Eraser.exe" [2007-12-22 916240] "SUPERAntiSpyware" = "C: \ Program Files \ SUPERAntiSpyware \ SUPERAntiSpyware.exe" [2009-05-14 1830128] [HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ Windows \ Curr entVersion \ Run] "BkupTray" = "C: \ Program Files \ NewTech Infosystems \ NTI Backup Nu 5 \ BkupTray.exe" [2007-12-30 34552] "Acer Empowering Technology Monitor" = "C: \ Acer \ Empowering Technology \ SysMonitor.exe" [2008-01-10 326176] "SMSERIAL" = "C: \ Program Files \ Motorola \ SMSERIAL \ sm56hlpr.exe" [2007-02-02 630784] "Acer Produkt Registrering" = "C: \ Program Files \ Acer Registration \ ACE1.exe" [2007-10-15 3387392] "NVRaidService" = "c: \ windows \ system32 \ nvraidservice. Exe" [2008-11-12 203296] "LXCECATS" = "c: \ windows \ system32 \ spool \ DRIVERS \ W32X 86 \ 3 \ LXCEtime.dll" [2007-02-22 73728] "lxcemon.exe" = "C: \ Program Files \ Lexmark 4300 Series \ lxcemon.exe" [2007-05-17 205744] "EzPrint" = "C: \ Program Files \ Lexmark 4300 Series \ ezprint.exe" [2007-05-17 103344] "ArcSoft Connection Service" = "C: \ Program Files \ Common Files \ ArcSoft \ Connection Service \ bin \ ACDaemon.exe" [2009-04-29 188728] "QuickTime Task" = "C: \ Program Files \ QuickTime \ QTTask.exe" [2009-01-05 413696] "iTunesHelper" = "C: \ Program Files \ iTunes \ iTunesHelper.exe" [2009-04-02 342312] "SunJavaUpdateSched" = "C: \ Program Files \ Java \ jre6 \ bin \ jusched.exe" [2009-05-19 148888] "Adobe Reader Speed Launcher" = "C: \ Program Files \ Adobe \ Reader 9.0 \ Reader \ Reader_sl.exe" [2009-02-27 35696] "WinPatrol" = "C: \ Program Files \ BillP Studios \ WinPatrol \ winpatrol.exe" [2009-04-20 337216] "NvCplDaemon" = "c: \ windows \ system32 \ NvCpl.dll" [2009-01-16 13683232] "NvMediaCenter" = "c: \ windows \ system32 \ NvMcTray. Dll" [2009-01-16 92704] "avast!" = "c: \ progra ~ 1 \ ALWILS ~ 1 \ Avast4 \ ashDisp. exe" [2009-02-05 81000] "RtHDVCpl" = "RtHDVCpl.exe" - C: \ Windows \ RtHDVCpl.exe [2007-10-11 4702208] c: \ Programdata \ Microsoft \ Windows \ Start-meny \ Program \ Autostart \ Empowering Technology Launcher.lnk - C: \ Acer \ Empowering Technology \ eAPLauncher.exe [2008-2-5 535336] Kodak EasyShare software.lnk - C: \ Program Files \ Kodak \ Kodak EasyShare software \ bin \ EasyShare.exe [2008-10-30 282624] [HKEY_LOCAL_MACHINE \ Software \ Microsoft \ Windows \ Curr entversion \ Policies \ System] "EnableUIADesktopToggle" = 0 (0x0) "EnableLUA" = 0 (0x0) [HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ Windows \ Curr entversion \ Explorer \ ShellExecuteHooks] "(5AE067D3-9AFB-48E0-853A-EBB7F4A000DA)" = "C: \ Program Files \ SUPERAntiSpyware \ SASSEH.DLL" [2008-05-13 77824] [HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ Windows NT \ CurrentVersion \ Winlogon \ anmäla \! SASWinLogon] 2008-12-22 16:05 356352 ---- aw C: \ Program Files \ SUPERAntiSpyware \ SASWINLO.dll HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ Windows NT \ CurrentVersion \ drivers32 "wave2" = serwvdrv.dll [HKEY_LOCAL_MACHINE \ SYSTEM \ CurrentControlSet \ contro l \ SafeBoot \ Minimal \ WinDefend] @ = "Service" [HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ Security Center \ Monitoring] "DisableMonitoring" = dword: 00000001 [HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ Security Center \ Monitoring \ SymantecAntiVirus] "DisableMonitoring" = dword: 00000001 [HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ Security Center \ Monitoring \ SymantecFirewall] "DisableMonitoring" = dword: 00000001 [HKLM \ ~ \ Services \ SharedAccess \ Parameters \ firewallpo licy \ FirewallRules] "(2E9A4533-1359-46B6-B326-2B899D73FD10)" = UDP: C: \ Program Files \ Microsoft Office \ Office12 \ ONENOTE.EXE: Microsoft Office OneNote "(ADE9CF49-7A0E-4076-9B85-7648EC5E7736)" = TCP: C: \ Program Files \ Microsoft Office \ Office12 \ ONENOTE.EXE: Microsoft Office OneNote "(6299EEE5-1856-4B10-9916-798B1C1AEF89)" = UDP: C: \ Program Files \ NewTech Infosystems \ NTI Backup Nu 5 \ BackupSvc.exe: BackupSvc.exe "(F3CFA48D-AE6A-482E-96D7-2390C5C0FDF5)" = UDP: C: \ Program Files \ NewTech Infosystems \ NTI Backup Nu 5 \ Client \ Agentsvc.exe: AgentSvc.exe "(D430641B-178B-4C39-B53C-F6B3221DB01A)" = TCP: C: \ Program Files \ NewTech Infosystems \ NTI Backup Nu 5 \ BackupSvc.exe: BackupSvc.exe "(948000F3-8719-4206-B4C5-6506B663184F)" = TCP: C: \ Program Files \ NewTech Infosystems \ NTI Backup Nu 5 \ Client \ Agentsvc.exe: AgentSvc.exe "(8BCD640B-594A-465F-8A9E-E5A6C07DC081)" = UDP: C: \ Program Files \ NewTech Infosystems \ NTI Backup Nu 5 \ SchedulerSvc.exe: SchedulerSvc.exe "(7B6B3B53-9D2B-40C9-B91F-FE85E1D6A25A)" = TCP: C: \ Program Files \ NewTech Infosystems \ NTI Backup Nu 5 \ SchedulerSvc.exe: SchedulerSvc.exe "(CA5E49E2-2662-4B15-BE6C-0FC7F1CC3A1B)" = UDP: C: \ Windows \ System32 \ lxcecoms.exe: Lexmark Communications System "(61DAEE1D-D19E-4F1A-B41E-603246AF524C)" = TCP: C: \ Windows \ System32 \ lxcecoms.exe: Lexmark Communications System "(EB8798E6-358B-4DDA-a219-21BBC5D3C79A)" = UDP: C: \ Windows \ System32 \ spool \ drivers \ w32x86 \ 3 \ lxc epswx.exe: Printer Status Window "(C513D5EB-73E1-4ED7-A04C-C37C9E69B4B0)" = TCP: C: \ Windows \ System32 \ spool \ drivers \ w32x86 \ 3 \ lxc epswx.exe: Printer Status Window "(99976595-B4E1-4C9A-A3DE-A67AEDEE9B55)" = C: \ Program Files \ Acer Arcade Live \ Acer Arcade Live Main Page \ Acer Arcade Live.exe: Acer Arcade Live "(7A37205C-E643-4464-8C27-FAFCC859102D)" = UDP: C: \ Program Files \ Microsoft Office \ Office12 \ ONENOTE.EXE: Microsoft Office OneNote "(1DF156D1-94E3-4B3D-A91E-724DFC89819E)" = TCP: C: \ Program Files \ Microsoft Office \ Office12 \ ONENOTE.EXE: Microsoft Office OneNote "(B7DA4A0B-FA80-40F6-A9A6-B737F64A2D2D)" = UDP: C: \ Program Files \ Bonjour \ mDNSResponder.exe: Bonjour "(D7D156E3-7B84-41F2-9FD8-CF9860453F65)" = TCP: C: \ Program Files \ Bonjour \ mDNSResponder.exe: Bonjour "(F8CDA590-0FD3-4E40-8A6C-9850B1E5C2AB)" = UDP: C: \ Program Files \ iTunes \ iTunes.exe: iTunes "(F6A110DE-6630-4823-B892-60950EB9ED71)" = TCP: C: \ Program Files \ iTunes \ iTunes.exe: iTunes "(8640BFAB-1B85-48CC-95D5-9AABB44E4D95)" = UDP: C: \ Program Files \ BillP Studios \ WinPatrol \ WinPatrol.exe: WinPatrol "(6CC4A3BE-8F00-4983-B199-3050D54509B8)" = TCP: C: \ Program Files \ BillP Studios \ WinPatrol \ WinPatrol.exe: WinPatrol "(1EA08720-DA12-4CDE-8A5A-AF15D91C1E5F)" = UDP: C: \ Program Files \ Malwarebytes' Anti-Malware \ mbam.exe: Malwarebytes' Anti-Malware "(DDDCF108-71DF-48CD-AD53-71D17C3F2C5C)" = TCP: C: \ Program Files \ Malwarebytes' Anti-Malware \ mbam.exe: Malwarebytes' Anti-Malware "(F98C3B13-2099-40EC-B504-2445C9C5B1B0)" = UDP: C: \ Program Files \ Spybot - Search & Destroy \ SpybotSD.exe: Spybot - Search & Destroy "(3DB81CCD-4E96-40B3-8CA9-0089C89C294B)" = TCP: C: \ Program Files \ Spybot - Search & Destroy \ SpybotSD.exe: Spybot - Search & Destroy "(918FE1A4-6957-4640-97D9-C85BED212614)" = UDP: C: \ Program Files \ Spybot - Search & Destroy \ SDUpdate.exe: Uppdatera Spybot-S & D "(877DB07F-9298-486A-BB5B-930AF3A683AA)" = TCP: C: \ Program Files \ Spybot - Search & Destroy \ SDUpdate.exe: Uppdatera Spybot-S & D "(5A664831-d250-4805-BB75-32612C9742F8)" = UDP: C: \ Windows \ ehome \ ehshell.exe: Windows Media Center "(2A157C0E-5966-4B7E-8D49-178D75EA6009)" = TCP: C: \ Windows \ ehome \ ehshell.exe: Windows Media Center [HKLM \ ~ \ Services \ SharedAccess \ Parameters \ firewallpo licy \ StandardProfile] "EnableFirewall" = 0 (0x0) R1 aswSP, avast! Self Protection, c: \ windows \ system32 \ drivers \ aswSP.sys [5/22/2009 11:06 AM 114768] R1 FAMv4; FAMv4, c: \ windows \ system32 \ drivers \ FAMv4.sys [12/14/2007 3:35 PM 132120] R1 SASDIFSV; SASDIFSV, C: \ Program Files \ SUPERAntiSpyware \ sasdifsv.sys [5/14/2009 2:22 PM 9968] R1 SASKUTIL; SASKUTIL, C: \ Program Files \ SUPERAntiSpyware \ SASKUTIL.SYS [5/14/2009 2:22 PM 72944] R2 aswFsBlk; aswFsBlk, c: \ windows \ system32 \ drivers \ aswF sBlk.sys [5/22/2009 11:06 AM 20560] R2 aswMonFlt; aswMonFlt, c: \ windows \ system32 \ drivers \ som wMonFlt.sys [5/22/2009 11:06 AM 51792] R2 BUNAgentSvc, NTI Backup Now 5 Agent Service, c: \ program \ NewTech Infosystems \ NTI Backup Now 5 \ Client \ Agentsvc.exe [12/30/2007 5:54 PM 21752] R2 NTIBackupSvc, NTI Backup Now 5 Backup Service, c: \ program \ NewTech Infosystems \ NTI Backup Now 5 \ BackupSvc.exe [12/30/2007 5:55 PM 54520] R2 NTISchedulerSvc, NTI Backup Now 5 Scheduler Service, c: \ program \ NewTech Infosystems \ NTI Backup Now 5 \ SchedulerSvc.exe [12/30/2007 5:54 PM 136440] R2 SBSDWSCService; SBSD Security Center Service; C: \ Program Files \ Spybot - Search & Destroy \ SDWinSec.exe [5/19/2009 10:04 AM 1153368] R3 SASENUM; SASENUM, C: \ Program Files \ SUPERAntiSpyware \ SASENUM.SYS [5/14/2009 2:22 PM 7408] [HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ Active Setup \ Installed Components \> (60B49E34-C7CC-11D0-8953-00A0C90347FF)] "C: \ Windows \ System32 \ rundll32.exe" c: \ windows \ System32 \ Iedkcs32.dll "BrandIEActiveSe gumse Anmäl dig . - - - - Föräldralösa BORT - - - -- SafeBoot-procexp90.Sys . ------- Supplementary Scan ------- . uStart Page = hxxp: / / www.yahoo.com/ mStart Page = hxxp: / / en.us.acer.yahoo.com uInternet Settings, ProxyOverride = <local>; *. lokala uInternet Inställningar Proxyserver = http = localhost: 7171 IE: E & xportera till Microsoft Excel - C: \ progra ~ 1 \ mikro ~ 2 \ Office12 \ EXCEL.EXE/3000 Trusted Zone: microsoft.com \ uppdatering Trusted Zone: microsoft.com \ WindowsUpdate FF - ProfilePath - c: \ Users \ Shirley \ AppData \ Roaming \ Mozilla \ Firefox \ P rofiles \ j0dqrqc6.default \ FF - prefs.js: browser.startup.homepage - hxxp: / / en.us.acer.yahoo.com / . ************************************************** ************************ CatchMe 0.3.1398 W2K/XP/Vista - rootkit / stealth malware detector av Gmer, http://www.gmer.net Rootkit scan 2009-05-24 04:54 Windows 6.0.6001 Service Pack 1 NTFS scanning dolda processer ... scanning dold autostart poster ... HKLM \ Software \ Microsoft \ Windows \ CurrentVersion \ Run LXCECATS = rundll32 C: \ Windows \ system32 \ spool \ DRIVERS \ W32X86 \ 3 \ LXCEtim e.dll, _RunDLLEntry @ 16 ???????????????????????? ????? ?????????????????????????????????????????????????? ?????????????????????????????????????????????????? ?????????????????????????????????????????????????? scanning dolda filer ... scan completed successfully dolda filer: 0 ************************************************** ************************ . --------------------- LOCKED Registernycklar --------------------- [HKEY_LOCAL_MACHINE \ SYSTEM \ ControlSet001 \ Control \ Cl ass \ (4D36E96D-E325-11CE-BFC1-08002BE10318) \0000 \ AllUserSettings] @ Denied: (A) (Användare) @ Denied: (A) (Alla) @ Allowed (B 1 2 3 4 5) (S-1-5-20) "BlindDial" = dword: 00000000 . Slutförande temne: 2009-05-24 4:55 ComboFix-karantän-files.txt 2009-05-24 08:55 Pre-Run: 173756547072 bytes gratis Post-Run: 173859581952 bytes gratis 269 --- EOF --- 2009-05-17 10:04 EDIT: Nope, snabb jämförelse av den första, jag tycker att det är identiska. |
|
#10
24 maj 2009, 10:38
| |||
| |||
| Hej Bubba, Citat:
Den nuvarande logga finns på C: / combofix.txt.
__________________ Stolt medlem i ASAP & UNITE |
