Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Cannont update Windows


  • This topic is locked This topic is locked
2 replies to this topic

#1 peter hinrichsen

peter hinrichsen

  • Members
  • 1 posts
  • OFFLINE
  •  
  • Local time:01:42 AM

Posted 12 December 2009 - 08:01 AM

Windows says: Problem 0x80040154



ComboFix 09-12-11.05 - Peter Hinrichsen 12.12.2009 13:08:20.1.4 - x86
Microsoft® Windows Vistaâ„¢ Ultimate 6.0.6001.1.1252.49.1031.18.3070.1703 [GMT 1:00]
ausgeführt von:: c:\users\Peter Hinrichsen\Downloads\ComboFix.exe
SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
.

(((((((((((((((((((((((((((((((((((( Weitere Löschungen ))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\users\Peter Hinrichsen\AppData\Roaming\EurekaLog
c:\users\Peter Hinrichsen\AppData\Roaming\EurekaLog\IBP\IBP.elf

.
((((((((((((((((((((((( Dateien erstellt von 2009-11-12 bis 2009-12-12 ))))))))))))))))))))))))))))))
.

2009-12-12 12:23 . 2009-12-12 12:24 -------- d-----w- c:\users\Peter Hinrichsen\AppData\Local\temp
2009-12-12 12:23 . 2009-12-12 12:23 -------- d-----w- c:\users\Default\AppData\Local\temp
2009-12-12 12:00 . 2009-12-12 12:05 -------- d-----w- C:\32788R22FWJFW
2009-12-12 11:18 . 2009-04-08 03:02 427280 ----a-w- c:\users\Peter Hinrichsen\AppData\Roaming\ESTsoft\ALUpdate\ALUpdate\newfile\PRODUCTROOT\en-US.dll
2009-12-12 11:18 . 2009-04-08 03:01 871184 ----a-w- c:\users\Peter Hinrichsen\AppData\Roaming\ESTsoft\ALUpdate\ALUpdate\newfile\PRODUCTROOT\AZMain.dll
2009-12-12 11:18 . 2009-04-08 03:01 226808 ----a-w- c:\users\Peter Hinrichsen\AppData\Roaming\ESTsoft\ALUpdate\ALUpdate\newfile\PRODUCTROOT\ALUpExt.exe
2009-12-12 11:18 . 2009-04-08 02:49 795920 ----a-w- c:\users\Peter Hinrichsen\AppData\Roaming\ESTsoft\ALUpdate\ALUpdate\newfile\PRODUCTROOT\ALUpdate.exe
2009-12-12 10:45 . 2009-12-12 10:45 -------- d-----w- c:\program files\7-Zip
2009-12-12 08:11 . 2009-08-25 08:00 1647984 ----a-w- c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20091211.024\NAVEX32A.DLL
2009-12-12 08:11 . 2009-12-09 09:00 2747440 ----a-w- c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20091211.024\CCERASER.DLL
2009-12-12 08:11 . 2009-09-22 08:00 259440 ----a-w- c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20091211.024\ECMSVR32.DLL
2009-12-12 08:11 . 2009-08-26 08:00 371248 ----a-w- c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20091211.024\EECTRL.SYS
2009-12-12 08:11 . 2009-08-26 08:00 102448 ----a-w- c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20091211.024\ERASER.SYS
2009-12-12 08:11 . 2009-08-25 08:00 84912 ----a-w- c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20091211.024\NAVENG.SYS
2009-12-12 08:11 . 2009-08-25 08:00 177520 ----a-w- c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20091211.024\NAVENG32.DLL
2009-12-12 08:11 . 2009-08-25 08:00 1323568 ----a-w- c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20091211.024\NAVEX15.SYS
2009-12-09 22:52 . 2009-12-12 11:21 56252 ----a-w- c:\windows\system32\GlyphInfo.bin
2009-12-09 22:52 . 2009-12-12 11:21 191236 ----a-w- c:\windows\system32\FontInfo.bin
2009-12-09 10:55 . 2009-12-09 10:55 -------- d-----w- c:\users\Peter Hinrichsen\AppData\Roaming\ESTsoft
2009-12-09 09:31 . 2009-12-09 09:31 -------- d-----w- c:\program files\QuickTime
2009-12-09 09:29 . 2009-12-09 09:31 -------- d-----w- c:\users\Peter Hinrichsen\.SunDownloadManager
2009-12-07 15:44 . 2009-12-07 15:52 -------- d-----w- c:\users\Peter Hinrichsen\AppData\Roaming\Facebook
2009-11-22 02:57 . 2009-11-22 02:57 -------- d-----w- c:\programdata\TVU Networks
2009-11-12 21:19 . 2009-10-28 22:37 343088 ----a-w- c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\20091111.001\IDSvix86.sys
2009-11-12 21:19 . 2009-10-28 22:37 329592 ----a-w- c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\20091111.001\IDSXpx86.sys
2009-11-12 21:19 . 2009-10-28 22:37 811896 ----a-w- c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\20091111.001\Scxpx86.dll
2009-11-12 21:19 . 2009-10-28 22:37 488312 ----a-w- c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\20091111.001\IDSxpx86.dll
2009-11-12 21:19 . 2009-10-28 22:37 466992 ----a-w- c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\20091111.001\IDSviA64.sys

.
(((((((((((((((((((((((((((((((((((( Find3M Bericht ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-12-12 11:27 . 2009-09-01 06:58 15240 ----a-w- c:\users\Peter Hinrichsen\AppData\Roaming\Microsoft\IdentityCRL\ppcrlconfig.dll
2009-12-12 11:26 . 2008-11-06 11:21 45056 ----a-w- c:\windows\system32\acovcnt.exe
2009-12-12 11:20 . 2008-10-20 01:54 12 ----a-w- c:\windows\bthservsdp.dat
2009-12-12 09:00 . 2009-05-06 09:57 -------- d-----w- c:\users\Peter Hinrichsen\AppData\Roaming\Spamihilator
2009-12-12 08:37 . 2009-01-16 15:02 -------- d-----w- c:\users\Peter Hinrichsen\AppData\Roaming\Skype
2009-12-12 08:18 . 2009-03-04 12:02 -------- d-----w- c:\program files\gnucash
2009-12-12 08:10 . 2009-10-03 10:42 -------- d-----w- c:\program files\VMware
2009-12-12 08:09 . 2009-08-30 18:52 -------- d-----w- c:\programdata\VMware
2009-12-12 08:00 . 2009-01-16 15:07 -------- d-----w- c:\users\Peter Hinrichsen\AppData\Roaming\skypePM
2009-12-11 20:35 . 2008-11-21 11:08 -------- d-----w- c:\program files\Nokia
2009-12-11 19:46 . 2009-11-01 13:51 -------- d-----w- c:\program files\Microsoft Office Communicator
2009-12-10 07:30 . 2009-05-22 08:39 8268 ----a-w- c:\users\Peter Hinrichsen\AppData\Local\d3d9caps.dat
2009-12-09 22:51 . 2009-12-09 22:51 -------- d-----w- c:\program files\LEAD Technologies
2009-12-09 22:51 . 2008-10-20 02:15 -------- d--h--w- c:\program files\InstallShield Installation Information
2009-12-09 20:43 . 2009-05-06 09:57 -------- d-----w- c:\program files\Spamihilator
2009-12-09 10:56 . 2009-06-08 11:16 -------- d-----w- c:\program files\ESTsoft
2009-12-09 09:43 . 2009-06-14 15:31 -------- d-----w- c:\program files\Java
2009-12-09 09:30 . 2008-11-11 19:57 -------- d-----w- c:\programdata\Apple Computer
2009-12-09 09:21 . 2008-11-11 19:56 -------- d-----w- c:\program files\Common Files\Apple
2009-12-09 09:21 . 2008-11-08 20:35 122572 ----a-w- c:\programdata\nvModes.dat
2009-12-07 16:06 . 2009-02-02 13:02 -------- d-----w- c:\program files\Norton SystemWorks Premier Edition
2009-12-05 19:10 . 2009-07-22 12:11 -------- d-----w- c:\users\Peter Hinrichsen\AppData\Roaming\IBP
2009-11-27 20:58 . 2009-10-28 15:54 -------- d-----w- c:\programdata\RFA_Backups
2009-11-22 02:57 . 2008-11-25 20:23 -------- d-----w- c:\program files\TVUPlayer
2009-11-22 02:55 . 2008-11-25 20:23 -------- d-----w- c:\users\Peter Hinrichsen\AppData\Roaming\TVU Networks
2009-11-19 11:01 . 2008-11-06 16:38 77944 ----a-w- c:\windows\system32\perfc006.dat
2009-11-19 11:01 . 2008-11-06 16:38 457670 ----a-w- c:\windows\system32\perfh006.dat
2009-11-19 11:01 . 2008-04-16 16:21 659556 ----a-w- c:\windows\system32\perfh013.dat
2009-11-19 11:01 . 2008-04-16 16:21 127108 ----a-w- c:\windows\system32\perfc013.dat
2009-11-19 11:01 . 2008-04-16 16:14 655938 ----a-w- c:\windows\system32\perfh010.dat
2009-11-19 11:01 . 2008-04-16 16:14 120594 ----a-w- c:\windows\system32\perfc010.dat
2009-11-19 11:01 . 2008-04-16 16:09 662084 ----a-w- c:\windows\system32\perfh00C.dat
2009-11-19 11:01 . 2008-04-16 16:09 123820 ----a-w- c:\windows\system32\perfc00C.dat
2009-11-19 11:01 . 2008-04-16 16:04 621952 ----a-w- c:\windows\system32\perfh007.dat
2009-11-19 11:01 . 2008-04-16 16:04 123852 ----a-w- c:\windows\system32\perfc007.dat
2009-11-09 19:38 . 2009-07-22 12:11 -------- d-----w- c:\program files\IBP 11
2009-11-08 09:27 . 2009-11-08 09:27 -------- d-----w- c:\program files\Secunia
2009-11-07 16:54 . 2009-11-07 16:54 -------- d-----w- c:\users\Peter Hinrichsen\AppData\Roaming\VSRevoGroup
2009-11-07 15:26 . 2009-08-21 13:26 -------- d-----w- c:\program files\Studio V5
2009-11-07 15:18 . 2009-03-06 15:01 -------- d-----w- c:\program files\MAGIX
2009-11-07 15:12 . 2009-03-06 15:01 -------- d-----w- c:\programdata\MAGIX
2009-11-03 00:19 . 2009-11-02 18:26 -------- d-----w- c:\users\Peter Hinrichsen\AppData\Roaming\FileZilla
2009-11-02 19:42 . 2009-11-07 11:52 195456 ------w- c:\windows\system32\MpSigStub.exe
2009-11-02 18:25 . 2009-11-02 18:25 -------- d-----w- c:\program files\FileZilla FTP Client
2009-11-01 13:51 . 2009-11-01 13:51 -------- d-----w- c:\programdata\Applications
2009-10-28 22:37 . 2009-11-11 19:41 343088 ----a-w- c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\20091107.001\IDSvix86.sys
2009-10-28 22:37 . 2009-11-11 19:41 329592 ----a-w- c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\20091107.001\IDSXpx86.sys
2009-10-28 22:37 . 2009-10-28 22:37 343088 ----a-w- c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\BinHub\IDSvix86.sys
2009-10-28 22:37 . 2009-10-28 22:37 329592 ----a-w- c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\BinHub\IDSXpx86.sys
2009-10-28 22:37 . 2009-11-11 19:41 811896 ----a-w- c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\20091107.001\Scxpx86.dll
2009-10-28 22:37 . 2009-11-11 19:41 488312 ----a-w- c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\20091107.001\IDSxpx86.dll
2009-10-28 22:37 . 2009-11-11 19:41 466992 ----a-w- c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\20091107.001\IDSviA64.sys
2009-10-28 22:37 . 2009-10-28 22:37 811896 ----a-w- c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\BinHub\Scxpx86.dll
2009-10-28 22:37 . 2009-10-28 22:37 488312 ----a-w- c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\BinHub\IDSxpx86.dll
2009-10-28 22:37 . 2009-10-28 22:37 466992 ----a-w- c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\BinHub\IDSviA64.sys
2009-10-28 22:25 . 2009-02-05 11:59 -------- d-----w- c:\program files\Sun
2009-10-28 22:10 . 2008-11-24 15:23 -------- d-----w- c:\program files\Microsoft Silverlight
2009-10-28 16:21 . 2009-10-28 16:21 165688 ----a-w- c:\programdata\Skype\Plugins\Plugins\93A3278FC5534A96AA7AE7D497C4F263\NVSkypePluginMeet.dll
2009-10-28 16:19 . 2009-10-28 16:12 -------- d-----w- c:\program files\Netviewer
2009-10-28 16:14 . 2009-10-28 16:14 165688 ----a-w- c:\programdata\Skype\Plugins\Plugins\FDC1583A5D6E4F3FA167728C7542A7EC\NVSkypePluginSupport.dll
2009-10-28 15:54 . 2009-10-28 15:54 -------- d-----w- c:\program files\RFA
2009-10-24 16:58 . 2009-08-30 21:44 -------- d-----w- c:\users\Peter Hinrichsen\AppData\Roaming\VMware
2009-10-21 12:01 . 2009-03-06 15:09 57344 ----a-w- c:\windows\VidTest.exe
2009-10-21 12:01 . 2009-03-06 15:09 4480 ----a-w- c:\windows\system32\SysCNTio.sys
2009-10-21 12:01 . 2009-03-06 15:09 274516 ----a-w- c:\windows\SyscheckMiniView.exe
2009-10-21 12:01 . 2009-03-06 15:09 24576 ----a-w- c:\windows\AsioTest.exe
2009-10-21 12:01 . 2009-03-06 15:09 73728 ----a-w- c:\windows\CDTest.exe
2009-10-21 10:43 . 2008-12-29 23:19 -------- d-----w- c:\users\Peter Hinrichsen\AppData\Roaming\uTorrent
2009-10-21 09:40 . 2009-10-20 17:34 -------- d-----w- c:\programdata\SecTaskMan
2009-10-21 09:32 . 2007-06-06 05:00 -------- d---a-w- c:\program files\totalcmd
2009-10-21 09:20 . 2009-10-21 09:20 -------- d-----w- c:\program files\VS Revo Group
2009-10-21 07:38 . 2009-10-21 07:38 -------- d-----w- c:\program files\Trend Micro
2009-10-20 17:34 . 2009-10-20 17:34 -------- d-----w- c:\program files\Security Task Manager
2009-10-20 17:14 . 2009-10-20 17:14 -------- d-----w- c:\users\Peter Hinrichsen\AppData\Roaming\Uniblue
2009-10-16 07:50 . 2009-10-16 07:50 2520888 ----a-w- c:\users\Peter Hinrichsen\AppData\Roaming\Mozilla\Firefox\Profiles\p9iuwwgg.default\extensions\firefox@tvunetworks.com\plugins\npTVUAx.dll
2009-10-15 18:56 . 2009-07-27 19:32 -------- d-----w- c:\program files\Poedit
2009-10-11 18:20 . 2009-10-11 18:13 910 ----a-w- c:\windows\eReg.dat
2009-10-11 03:17 . 2009-06-14 16:33 411368 ----a-w- c:\windows\system32\deploytk.dll
2009-09-14 07:06 . 2009-09-14 07:06 1187576 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight\SpotlightResources.dll
2008-08-08 21:48 . 2008-08-08 21:48 90112 ----a-w- c:\program files\Common Files\CPInstallAction.dll
2008-05-22 16:35 . 2008-05-22 16:35 51962 ----a-w- c:\program files\Common Files\banner.jpg
2007-06-12 17:34 . 2007-06-12 17:34 35822 ----a-w- c:\program files\Common Files\ASPG_icon.ico
2008-06-30 12:44 . 2008-11-18 12:13 324976 ----a-w- c:\program files\mozilla firefox\components\coFFPlgn.dll
.

(((((((((((((((((((((((((((( Autostartpunkte der Registrierung ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\01FotoBank]
@="{489d8d66-38d6-4dd3-83d5-9a7e07b65904}"
[HKEY_CLASSES_ROOT\CLSID\{489d8d66-38d6-4dd3-83d5-9a7e07b65904}]
2008-06-04 20:40 1461848 ----a-w- c:\program files\FAST Gigabank\FotoBanker.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\02FotoBank]
@="{489d8d67-38d6-4dd3-83d5-9a7e07b65904}"
[HKEY_CLASSES_ROOT\CLSID\{489d8d67-38d6-4dd3-83d5-9a7e07b65904}]
2008-06-04 20:40 1461848 ----a-w- c:\program files\FAST Gigabank\FotoBanker.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\03FotoBank]
@="{489d8d68-38d6-4dd3-83d5-9a7e07b65904}"
[HKEY_CLASSES_ROOT\CLSID\{489d8d68-38d6-4dd3-83d5-9a7e07b65904}]
2008-06-04 20:40 1461848 ----a-w- c:\program files\FAST Gigabank\FotoBanker.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\04FotoBank]
@="{489d8d6A-38d6-4dd3-83d5-9a7e07b65904}"
[HKEY_CLASSES_ROOT\CLSID\{489d8d6A-38d6-4dd3-83d5-9a7e07b65904}]
2008-06-04 20:40 1461848 ----a-w- c:\program files\FAST Gigabank\FotoBanker.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\05FotoBank]
@="{489d8d6B-38d6-4dd3-83d5-9a7e07b65904}"
[HKEY_CLASSES_ROOT\CLSID\{489d8d6B-38d6-4dd3-83d5-9a7e07b65904}]
2008-06-04 20:40 1461848 ----a-w- c:\program files\FAST Gigabank\FotoBanker.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\06FotoBank]
@="{489d8d6C-38d6-4dd3-83d5-9a7e07b65904}"
[HKEY_CLASSES_ROOT\CLSID\{489d8d6C-38d6-4dd3-83d5-9a7e07b65904}]
2008-06-04 20:40 1461848 ----a-w- c:\program files\FAST Gigabank\FotoBanker.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\07FotoBank]
@="{489d8d6D-38d6-4dd3-83d5-9a7e07b65904}"
[HKEY_CLASSES_ROOT\CLSID\{489d8d6D-38d6-4dd3-83d5-9a7e07b65904}]
2008-06-04 20:40 1461848 ----a-w- c:\program files\FAST Gigabank\FotoBanker.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\08FotoBank]
@="{489d8d6E-38d6-4dd3-83d5-9a7e07b65904}"
[HKEY_CLASSES_ROOT\CLSID\{489d8d6E-38d6-4dd3-83d5-9a7e07b65904}]
2008-06-04 20:40 1461848 ----a-w- c:\program files\FAST Gigabank\FotoBanker.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ADSMOverlayIcon1]
@="{A8D448F4-0431-45AC-9F5E-E1B434AB2249}"
[HKEY_CLASSES_ROOT\CLSID\{A8D448F4-0431-45AC-9F5E-E1B434AB2249}]
2007-06-02 00:08 143360 ----a-w- c:\program files\ASUS\ASUS Data Security Manager\OverlayIconShlExt1.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ISUSPM Startup"="c:\progra~1\COMMON~1\INSTAL~1\UPDATE~1\isuspm.exe" [2005-02-16 221184]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Windows Defender"="c:\program files\Windows Defender\MSASCui.exe" [2008-01-21 1008184]
"CLMLServer"="c:\program files\CyberLink\Power2Go\CLMLSvc.exe" [2008-07-19 104936]
"P2Go_Menu"="c:\program files\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe" [2008-06-14 210216]
"HControlUser"="c:\program files\ASUS\ATK Hotkey\HControlUser.exe" [2008-08-18 98304]
"ATKOSD2"="c:\program files\ATKOSD2\ATKOSD2.exe" [2008-01-23 7766016]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-08-06 13548064]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2008-08-06 92704]
"RtHDVCpl"="RtHDVCpl.exe" [2008-08-12 6265376]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2007-12-06 1029416]
"Copperhead"="c:\program files\Razer\Copperhead\razerhid.exe" [2005-11-25 155648]
"DirectConsole2"="c:\program files\ASUS\Direct Console\Direct Console.exe" [2008-08-20 2705976]
"ChkMail"="c:\program files\ChkMail\ChkMail\ChkMail.exe" [2007-07-14 741376]
"NeroFilterCheck"="c:\program files\Common Files\Nero\Lib\NeroCheck.exe" [2007-03-01 153136]
"PDFHook"="c:\program files\Nuance\PDF Professional 5\pdfpro5hook.exe" [2008-02-02 795936]
"PDF5 Registry Controller"="c:\program files\Nuance\PDF Professional 5\RegistryController.exe" [2008-02-02 58656]
"SSBkgdUpdate"="c:\program files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" [2007-03-26 210472]
"ISUSScheduler"="c:\program files\Common Files\InstallShield\UpdateService\issch.exe" [2005-02-16 81920]
"Nuance PDF Professional 5-reminder"="c:\program files\Nuance\PDF Professional 5\Ereg\Ereg.exe" [2007-08-31 328992]
"NswUiTray"="c:\program files\Norton SystemWorks Premier Edition\NswUiTray.exe" [2008-09-25 85360]
"Norton Save and Restore 2.0"="c:\program files\Norton Save and Restore\Agent\VProTray.exe" [2008-09-29 2037088]
"Spamihilator"="c:\program files\Spamihilator\spamihilator.exe" [2008-12-23 1321984]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2009-07-13 292128]
"rfagent"="c:\program files\RFA\rfagent.exe" [2007-06-10 616544]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-10-11 149280]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2009-09-05 417792]

c:\users\Peter Hinrichsen\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Gigabank.lnk - c:\program files\FAST Gigabank\Gigabank.exe [2009-9-2 1666648]
Norton Disk Doctor.lnk - c:\program files\Norton SystemWorks Premier Edition\SrtStub.exe [2008-9-25 71536]
Norton System Doctor.lnk - c:\program files\Norton SystemWorks Premier Edition\SrtStub.exe [2008-9-25 71536]

c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Bluetooth.lnk - c:\program files\WIDCOMM\Bluetooth Software\BTTray.exe [2008-7-30 752168]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SymEFA.sys]
@="FSFilter Activity Monitor"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

R0 lullaby;lullaby;c:\windows\System32\drivers\lullaby.sys [20.10.2008 05:00 15416]
R0 SymEFA;Symantec Extended File Attributes;c:\windows\System32\drivers\NAV\1007020.00B\SymEFA.sys [09.09.2009 07:32 310320]
R1 BHDrvx86;Symantec Heuristics Driver;c:\windows\System32\drivers\NAV\1007020.00B\BHDrvx86.sys [09.09.2009 07:32 259632]
R1 ccHP;Symantec Hash Provider;c:\windows\System32\drivers\NAV\1007020.00B\cchpx86.sys [09.09.2009 07:32 482432]
R1 FSLX;FSLX;c:\windows\System32\drivers\fslx.sys [08.12.2008 07:06 194816]
R1 IDSVix86;IDSVix86;c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\20091111.001\IDSvix86.sys [12.11.2009 22:19 343088]
R2 DbgSvc;Debug Diagnostic Service;c:\program files\DebugDiag\DbgSvc.exe [16.01.2007 09:10 316256]
R2 Norton AntiVirus;Norton AntiVirus;c:\program files\Norton AntiVirus\Engine\16.7.2.11\ccSvcHst.exe [09.09.2009 07:32 117640]
R2 Norton Save and Restore;Norton Save and Restore;c:\program files\Norton Save and Restore\Agent\VProSvc.exe [29.09.2008 12:07 3425632]
R2 PDFProFiltSrv;PDFProFiltSrv;c:\program files\Nuance\PDF Professional 5\PDFProFiltSrv.exe [02.02.2008 02:20 144672]
R2 regi;regi;c:\windows\System32\drivers\regi.sys [17.04.2007 20:09 11032]
R3 avmaudio;AVM Audio;c:\windows\System32\drivers\avmaudio.sys [04.02.2009 11:56 101248]
R3 dfmirage;dfmirage;c:\windows\System32\drivers\dfmirage.sys [25.11.2005 17:43 31896]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [16.11.2009 18:18 102448]
R3 itecir;ITECIR Infrared Receiver;c:\windows\System32\drivers\itecir.sys [20.10.2008 04:56 54784]
R3 NETw5v32;Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 32 Bit;c:\windows\System32\drivers\NETw5v32.sys [08.03.2009 12:17 3664384]
R3 NVHDA;Service for NVIDIA High Definition Audio Driver;c:\windows\System32\drivers\nvhda32v.sys [14.04.2009 12:20 44576]
R3 PSI;PSI;c:\windows\System32\drivers\psi_mf.sys [17.06.2009 13:20 12648]
R3 SYMNDISV;Symantec Network Filter Driver;c:\windows\System32\drivers\NAV\1007020.00B\symndisv.sys [09.09.2009 07:32 48688]
S2 CGVPNCliSrvc;CyberGhost VPN Client;c:\program files\S.A.D\CyberGhost VPN\CGVPNCliService.exe --> c:\program files\S.A.D\CyberGhost VPN\CGVPNCliService.exe [?]
S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [02.08.2009 17:54 133104]
S3 btwl2cap;Bluetooth L2CAP Service;c:\windows\System32\drivers\btwl2cap.sys [20.10.2008 04:39 29736]
S3 fssfltr;FssFltr;c:\windows\System32\drivers\fssfltr.sys [20.05.2009 09:13 55280]
S3 fsssvc;Windows Live Family Safety;c:\program files\Windows Live\Family Safety\fsssvc.exe [06.02.2009 17:08 533360]
S3 UsbFltr;Razer Copperhead Driver;c:\windows\System32\drivers\copperhd.sys [20.10.2008 04:57 11596]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
bthsvcs REG_MULTI_SZ BthServ

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{7070D8E0-650A-46b3-B03C-9497582E6A74}]
2008-04-11 16:23 38400 ----a-w- c:\windows\System32\SoundSchemes.exe

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{B3688A53-AB2A-4b1d-8CEF-8F93D8C51C24}]
2008-08-28 09:50 30720 ----a-w- c:\windows\System32\soundschemes2.exe
.
------- Zusätzlicher Suchlauf -------
.
uStart Page = hxxp://www.asus.com
uLocal Page = c:\program files\VMware\VMware Workstation\help\wwhelp\wwhimpl\common\html\blank.htm
uInternet Settings,ProxyOverride = *.local
IE: Mit Nuance PDF Converter 5.0 öffnen - c:\program files\Nuance\PDF Professional 5\cnvres_ger.dll /100
FF - ProfilePath - c:\users\Peter Hinrichsen\AppData\Roaming\Mozilla\Firefox\Profiles\p9iuwwgg.default\
FF - prefs.js: keyword.URL - hxxp://recovery.alexa.com/helper/?aid=nuhI91fVec00qf&plugin=spkyf-1.4.7&reason=keyword&location=
FF - component: c:\program files\Google\Google Gears\Firefox\lib\ff35\gears.dll
FF - component: c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\IPSFFPlgn\components\IPSFFPl.dll
FF - plugin: c:\program files\Common Files\fluxDVD\APIX\NPAPIX.dll
FF - plugin: c:\program files\Common Files\fluxDVD\BrowserIntegration\NPFluxBrowserHelper.dll
FF - plugin: c:\program files\Common Files\mpDRM\NPMPDRM.dll
FF - plugin: c:\program files\Common Files\mpDRM\NPWMDRMWrapper.dll
FF - plugin: c:\program files\Google\Update\1.2.183.7\npGoogleOneClick8.dll
FF - plugin: c:\program files\Microsoft\Office Live\npOLW.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\np-mswmp.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\NPAPIX.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\NPFluxBrowserHelper.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\NPMPDRM.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\NPWMDRMWrapper.dll
FF - plugin: c:\program files\Windows Live\Photo Gallery\NPWLPG.dll
FF - plugin: c:\users\Peter Hinrichsen\AppData\Roaming\Mozilla\Firefox\Profiles\p9iuwwgg.default\extensions\firefox@tvunetworks.com\plugins\npTVUAx.dll
FF - plugin: c:\users\Peter Hinrichsen\AppData\Roaming\Mozilla\Firefox\Profiles\p9iuwwgg.default\extensions\turntoolviewer@turntool.com\plugins\nptnt.dll

---- FIREFOX Richtlinien ----
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl3.rsa_seed_sha", true);
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -

HKCU-Run-IBP - (no file)
AddRemove-Spamihilator - c:\program files\Spamihilator\uninstall.exe



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-12-12 13:24
Windows 6.0.6001 Service Pack 1 NTFS

Scanne versteckte Prozesse...

Scanne versteckte Autostarteinträge...

Scanne versteckte Dateien...

Scan erfolgreich abgeschlossen
versteckte Dateien: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Norton AntiVirus]
"ImagePath"="\"c:\program files\Norton AntiVirus\Engine\16.7.2.11\ccSvcHst.exe\" /s \"Norton AntiVirus\" /m \"c:\program files\Norton AntiVirus\Engine\16.7.2.11\diMaster.dll\" /prefetch:1"
.
--------------------- Gesperrte Registrierungsschluessel ---------------------

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
Zeit der Fertigstellung: 2009-12-12 13:32:59
ComboFix-quarantined-files.txt 2009-12-12 12:32

Vor Suchlauf: 13 Verzeichnis(se), 184.121.638.912 Bytes frei
Nach Suchlauf: 20 Verzeichnis(se), 185.475.272.704 Bytes frei

- - End Of File - - 4B2BEC97E0A67634BDF26690E0963377

Edited by peter hinrichsen, 12 December 2009 - 08:35 AM.


BC AdBot (Login to Remove)

 


#2 etavares

etavares

    Bleepin' Remover


  • Malware Response Team
  • 15,514 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:08:42 PM

Posted 24 December 2009 - 08:04 AM

Hello and welcome to Bleeping Computer

We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.

If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine.

If you have not done so, include a clear description of the problems you're having, along with any steps you may have performed so far.

Upon completing the steps below another staff member will review and take the steps necessary with you to get your machine back in working order clean and free of malware.

If you have already posted a DDS log, please do so again, as your situation may have changed.
Use the 'Add Reply' and add the new log to this thread.


Thanks and again sorry for the delay.

We need to see some information about what is happening in your machine. Please perform the following scan:
  • Download DDS by sUBs from one of the following links. Save it to your desktop.
  • Double click on the DDS icon, allow it to run.
  • A small box will open, with an explaination about the tool. No input is needed, the scan is running.
  • Notepad will open with the results.
  • Follow the instructions that pop up for posting the results.
  • Close the program window, and delete the program from your desktop.
Please note: You may have to disable any script protection running if the scan fails to run. After downloading the tool, disconnect from the internet and disable all antivirus protection. Run the scan, enable your A/V and reconnect to the internet.

Also, please subscribe to this topic, so you are notified when someone replies. Please continue to check manually on occasion, as every now and then the email may be caught by your spam filter.
To enable topic notifications you should do the following:
  • Click on the My Controls link at the top of the page to enter your control panel.
  • Scroll down to the Options category in the left hand side menu bar and click on the Email Settings link.
  • Put a checkmark in the checkbox labeled Enable 'Email Notification' by default?.
  • Set the If ticked, choose default type: menu option to Immediate Email Notification to have an email sent immediately when someone replied.
Information on A/V control HERE


If I don't respond within 2 days, please feel free to PM me.
Please don't ask for help via PM. The forums are there for a reason. Please post in the forums so others may benefit as well.

Posted Image
Unified Network of Instructors and Trusted Eliminators
 


#3 SpySentinel

SpySentinel

  • Members
  • 2,090 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:The United States
  • Local time:07:42 PM

Posted 31 December 2009 - 12:20 PM

Due to lack of feedback, this topic has been closed.

If you need this topic reopened, please contact me or another staff member.

Everyone else please start a new thread.
Posted Image
Unified Network of Instructors and Trained Eliminators

Posted Image

My help is always free, but if you can, please Posted Image to help me continue the fight against malware.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users