[SpeedRacer]

ComboFix 08-09-15.02 - Tom Stratman 2008-09-16 16:53:08.1 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.184 [GMT -5:00]
Sākot no: C: \ Documents and Settings \ Toms Stratman \ Desktop \ ComboFix.exe
* Izveido jaunu atjaunošanas punktu

WARNING, šī mašīna nav atkop Installed!
.

((((((((((((((((((((((((((((((((((((((( Citi Svītrojumi ))))))))) ))))))))))))))))))))))))))))))))))))))))
.

C: \ Documents and Settings \ Toms Stratman \ Application Data \ FNTS ~ 1
C: \ Documents and Settings \ Toms Stratman \ Application Data \ FNTS ~ 1 \ F? NTS \
C: \ Documents and Settings \ Toms Stratman \ Application Data \ SSTEM ~ 1
C: \ Temp \ 1cb
C: \ Temp \ 1cb \ syscheck.log
C: \ Temp \ FSE
C: \ Temp \ FSE \ tmpZTF.log
C: \ test.txt
C: \ WINDOWS \ system32 \ MSINET.oca
C: \ WINDOWS \ SYSTEM32 \ rqtwa.bak1
C: \ WINDOWS \ SYSTEM32 \ rqtwa.bak2
C: \ WINDOWS \ SYSTEM32 \ rqtwa.ini
C: \ WINDOWS \ system32 \ wnstsiit32.exe
C: \ WINDOWS \ SYSTEM32 \ wyadd.bak1
C: \ WINDOWS \ SYSTEM32 \ wyadd.bak2
C: \ WINDOWS \ SYSTEM32 \ wyadd.ini
C: \ WINDOWS \ SYSTEM32 \ wyadd.ini2
C: \ WINDOWS \ SYSTEM32 \ wyadd.tmp

.
((((((((((((((((((((((((((((((((((((((( Drivers / Pakalpojumi )))))))) )))))))))))))))))))))))))))))))))))))))))
.

------- \ Legacy_DOMAINSERVICE


((((((((((((((((((((((((( Faili Created no 2008/08/16 līdz 2008/09/16 ))))))))))) ))))))))))))))))))))
.

2008/09/16 06:36. 2008/09/16 06:36 <DIR> d -------- C: \ Program Files \ Trend Micro
2008/09/15 21:25. 2008/09/15 21:27 <DIR> d -------- C: \ Program Files \ Malwarebytes "Anti-Malware
2008/09/15 21:25. 2008/09/15 21:25 <DIR> d -------- C: \ Documents and Settings \ Toms Stratman \ Application Data \ Malwarebytes
2008/09/15 21:25. 2008/09/15 21:25 <DIR> d -------- C: \ Documents and Settings \ All Users \ Application Data \ Malwarebytes
2008/09/15 21:25. 2008/09/10 00:04 38.528 - ------ C: \ WINDOWS \ system32 \ drivers \ mbamswissarmy.sys
2008/09/15 21:25. 2008/09/10 00:03 17.200 - ------ C: \ WINDOWS \ system32 \ drivers \ mbam.sys
2008/09/14 11:13. 2008/09/14 11:13 107.888 - ------ C: \ WINDOWS \ SYSTEM32 \ CmdLineExt.dll
2008/09/10 13:37. 2008/09/10 13:38 <DIR> d -------- C: \ Program Files \ iTunes
2008/09/10 13:37. 2008/09/10 13:38 <DIR> d -------- C: \ Documents and Settings \ All Users \ Application Data \ (3276BE95_AF08_429F_A64F_CA64CB79BCF6)
2008/09/10 13:35. 2008/09/10 13:35 <DIR> d -------- C: \ Program Files \ Bonjour
2008/09/10 13:29. 2008/09/05 22:16 1.900.544 - ------ C: \ WINDOWS \ SYSTEM32 \ usbaaplrc.dll
2008/09/06 15:09. 2008/09/06 15:09 90.112 - ------ C: \ WINDOWS \ SYSTEM32 \ QuickTimeVR.qtx
2008/09/06 15:09. 2008/09/06 15:09 57.344 - ------ C: \ WINDOWS \ SYSTEM32 \ QuickTime.qts
2008/08/29 10:18. 2008/08/29 10:18 87.336 - ------ C: \ WINDOWS \ SYSTEM32 \ dns-sd.exe
2008/08/29 09:53. 2008/08/29 09:53 61.440 - ------ C: \ WINDOWS \ SYSTEM32 \ dnssd.dll
2008/08/27 02:30. 2008/08/27 02:56 <DIR> d -------- C: \ WINDOWS \ SYSTEM32 \ CatRoot_bak
2008/08/25 19:08. 2008/08/25 19:08 <DIR> d -------- C: \ Program Files \ AviSynth 2,5
2008/08/25 19:07. 2008/08/25 19:07 <DIR> d -------- C: \ Program Files \ Red Kawa

.
(((((((((((((((((((((((((((((((((((((((( Find3M Ziņojums )))))))) ))))))))))))))))))))))))))))))))))))))))))))
.
2008/09/16 21:40 --------- d ----- w C: \ Documents and Settings \ Toms Stratman \ Application Data \ uTorrent
2008/09/16 06:42 --------- d ----- w C: \ Documents and Settings \ All Users \ Application Data \ Google Updater
2008/09/15 20:53 --------- d - h - w C: \ Program Files \ InstallShield Installation Information
2008/09/15 20:53 --------- d ----- w C: \ Program Files \ Electronic Arts
2008/09/10 18:38 --------- d ----- w C: \ Program Files \ iPod
2008/09/10 18:34 --------- d ----- w C: \ Program Files \ QuickTime
2008/09/10 18:33 --------- d ----- w C: \ Program Files \ Common Files \ Apple
2008/09/06 03:16 36.864 ---- aw C: \ WINDOWS \ system32 \ drivers \ usbaapl.sys
2008/08/21 21:36 --------- d ----- w C: \ Program Files \ Apple Software Update
2008/08/11 21:22 --------- d ----- w C: \ Program Files \ Microsoft Silverlight
2008/08/07 16:37 --------- d ----- w C: \ Program Files \ Google
2008/03/01 20:28 75.496-c - aw C: \ Documents and Settings \ Toms Stratman \ Application Data \ GDIPFONTCACHEV1.DAT
2007/09/26 01:26 45.422-c - aw C: \ Documents and Settings \ Toms Stratman \ Application Data \ wklnhst.dat
2007/06/28 21:37 7.248-c - aw C: \ Documents and Settings \ All Users \ Application Data \ ypinfo.bin
2007/04/15 04:54 32-c - ar C: \ Documents and Settings \ All Users \ hash.dat
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))) ))))))))))))))))))))))))))))))))))))))))
.
.
* Piezīme * tukši ieraksti & legit default ieraksti netiek parādīti
REGEDIT4

[HKEY_CURRENT_USER \ SOFTWARE \ Microsoft \ Windows \ Curre ntVersion \ Run]
"DellSupport" = "C: \ Program Files \ DellSupport \ DSAgnt.exe" [2007/03/15 460.784]
"LDM" = "C: \ Program Files \ Logitech \ Desktop Messenger \ 8876480 \ Program \ LogitechDesktopMessenger. Exe" [2007/02/23 67.128]
"MSMSGS" = "C: \ Program Files \ Messenger \ msmsgs.exe" [2004/10/13 1.694.208]
"DellSupportCenter" = "C: \ Program Files \ Dell atbalsta centrs \ bin \ sprtcmd.exe" [2007/11/15 202.544]

[HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ Windows \ Curr entVersion \ Run]
"PCMService" = "C: \ Program Files \ Dell \ Media Experience \ PCMService.exe" [2004/04/11 290.816]
"DVDLauncher" = "C: \ Program Files \ CyberLink \ PowerDVD \ DVDLauncher.exe" [2004/08/23 57.344]
"dla" = "C: \ WINDOWS \ system32 \ dla \ tfswctrl.exe" [2004/08/13 122.939]
"igfxtray" = "C: \ WINDOWS \ system32 \ igfxtray.exe" [2005/09/20 94.208]
"igfxhkcmd" = "C: \ WINDOWS \ system32 \ hkcmd.exe" [2005/09/20 77.824]
"igfxpers" = "C: \ WINDOWS \ system32 \ igfxpers.exe" [2005/09/20 114.688]
"CanonMyPrinter" = "C: \ Program Files \ Canon \ MyPrinter \ BJMyPrt.exe" [2006/03/21 1.191.936]
"SSBkgdUpdate" = "C: \ Program Files \ Common Files \ ScanSoft Shared \ SSBkgdUpdate \ SSBkgdupdate.exe" [2003/09/30 155.648]
"OpwareSE4" = "C: \ Program Files \ ScanSoft \ OmniPageSE4.0 \ OpwareSE4.exe" [2006/03/21 69.632]
"IMJPMIG8.1" = "C: \ WINDOWS \ IME \ imjp8_1 \ IMJPMIG.E XE" [2004/08/04 208.952]
"MSPY2002" = "C: \ WINDOWS \ system32 \ IME \ PINTLGNT \ ImScI nst.exe" [2004/08/04 59.392]
"PHIME2002ASync" = "C: \ WINDOWS \ system32 \ IME \ TINTLGNT \ TINTSETP.EXE" [2004/08/04 455.168]
"PHIME2002A" = "C: \ WINDOWS \ system32 \ IME \ TINTLGNT \ TIN TSETP.EXE" [2004/08/04 455.168]
"SoundMAXPnP" = "C: \ Program Files \ Analog Devices \ Core \ smax4pnp.exe" [2004/10/14 1.404.928]
"Adobe Reader Speed Launcher" = "C: \ Program Files \ Adobe \ Reader 8,0 \ Reader \ Reader_sl.exe" [2008/01/11 39.792]
"dscactivate" = "C: \ Program Files \ Dell atbalsta centrs \ gs_agent \ custom \ dsca.exe" [2007/11/15 16.384]
"DellSupportCenter" = "C: \ Program Files \ Dell atbalsta centrs \ bin \ sprtcmd.exe" [2007/11/15 202.544]
"QuickTime Task" = "C: \ Program Files \ QuickTime \ QTTask.exe" [2008/09/06 413.696]
"AppleSyncNotifier" = "C: \ Program Files \ Common Files \ Apple \ Mobile Device Support \ bin \ AppleSyncNotifier.exe" [2008/09/03 111.936]
"iTunesHelper" = "C: \ Program Files \ iTunes \ iTunesHelper.exe" [2008/09/08 289.576]
"Logitech Hardware Abstraction Layer" = "KHALMNPR.EXE" [2008/02/29 C: \ WINDOWS \ KHALMNPR.Exe]
"Kernel un Hardware Abstraction Layer" = "KHALMNPR.EXE" [2008/02/29 C: \ WINDOWS \ KHALMNPR.Exe]

[HKEY_USERS \. DEFAULT \ Software \ Microsoft \ Windows \ Cur rentVersion \ Run]
"DWQueuedReporting" = "C: \ PROGRA ~ 1 \ Common ~ 1 \ Micros ~ 1 \ DW \ dwtrig20.exe" [2007/03/13 39.264]

C: \ Documents and Settings \ Toms Stratman \ Start Menu \ Programs \ Startup \
SpywareGuard.lnk - C: \ Program Files \ SpywareGuard \ sgmain.exe [2003/08/29 360.448]

C: \ Documents and Settings \ All Users \ Start Menu \ Programs \ Startup \
Logitech Desktop Messenger.lnk - C: \ Program Files \ Logitech \ Desktop Messenger \ 8876480 \ Program \ LogitechDesktopMessenger. Exe [2007/02/23 67.128]
Logitech SetPoint.lnk - C: \ Program Files \ Logitech \ SetPoint \ SetPoint.exe [2008/08/09 805.392]
Microsoft Office.lnk - C: \ Program Files \ Microsoft Office \ Office10 \ OSA.EXE [2001/02/13 83.360]
WinZip Quick Pick.lnk - C: \ Program Files \ WinZip \ WZQKPICK.EXE [2005/02/11 118.784]

[HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ Windows NT \ CurrentVersion \ Winlogon \ paziņot \ LBTWlgn]
2008/05/02 02:42 72.208 c: \ Program Files \ Common Files \ Logitech \ Bluetooth \ LBTWLgn.dll

[HKEY_LOCAL_MACHINE \ SYSTEM \ CurrentControlSet \ contro l \ SafeBoot \ Minimal \ WdfLoadGroup]
@ = ""

[HKLM \ ~ \ Services \ sharedaccess \ Parameters \ firewallpo licy \ standardprofile \ AuthorizedApplications \ List]
"% windir% \ \ system32 \ \ sessmgr.exe" =
"C: \ \ Program Files \ \ Windows Media Player \ \ wmplayer.exe" =
"C: \ \ Program Files \ \ Common Files \ \ AOL \ \ Loader \ \ aolload.exe" =
"C: \ \ Program Files \ \ PopCap Games \ \ grāmatu tārps Deluxe \ \ BookWorm.exe" =
"C: \ \ Program Files \ \ AIM \ \ aim.exe" =
"C: \ \ Program Files \ \ AIM6 \ \ aim6.exe" =
"C: \ \ Program Files \ \ Logitech \ \ Desktop Messenger \ \ 8876480 \ \ Program \ \ LogitechDesktopMessen ger.exe" =
"C: \ \ Program Files \ \ uTorrent \ \ uTorrent.exe" =
"C: \ \ Program Files \ \ Bonjour \ \ mDNSResponder.exe" =
"C: \ \ Program Files \ \ iTunes \ \ iTunes.exe" =

[HKLM \ ~ \ Services \ sharedaccess \ Parameters \ firewallpo licy \ standardprofile \ GloballyOpenPorts \ List]
"17.770: TCP" = 17.770: TCP: BitComet 17.770 TCP
"17.770: UDP" = 17.770: UDP: BitComet 17.770 UDP

R1 aswSP; Avast! Pašaizsardzībai, C: \ WINDOWS \ system32 \ drivers \ aswSP.sys [2008/07/19 78.416]
R2 aswFsBlk; aswFsBlk, C: \ WINDOWS \ system32 \ drivers \ aswF sBlk.sys [2008/07/19 20.560]
R2 npkcmsvc; npkcmsvc, C: \ Nexon \ Mabinogi \ npkcmsvc.exe [2007/08/02 80.528]
R2 Viewpoint Manager Service; Viewpoint Manager Service, C: \ Program Files \ Viewpoint \ Common \ ViewpointService.exe [2007/01/04 24.652]
S2 DP1112, DP1112, C: \ WINDOWS \ System32 \ Drivers \ DP.sys []
S3 FTD2XX; Outlaw Audio Model 990 Device Driver, C: \ WINDOWS \ System32 \ Drivers \ FTD2XX.sys [2003/01/24 24.197]
S3 XDva020; XDva020, C: \ WINDOWS \ system32 \ XDva020.sys []
.
Saturs "Scheduled Tasks" mape
.
- - - - Bāreņiem likvidētas - - - --

HKCU-Run-updateMgr - C: \ Program Files \ Adobe \ Acrobat 7,0 \ Reader \ AdobeUpdateManager.exe
HKCU-Run-Aim6 - (no file)


.
------- Papildu Scan -------
.
FireFox -: Profile - C: \ Documents and Settings \ Toms Stratman \ Application Data \ Mozilla \ Firefox \ Profiles \ e41ez35c.default \
FireFox -: prefs.js - STARTUP.HOMEPAGE - hxxp: / / dsl.sbc.yahoo.com /
.

************************************************** ************************

catchme 0.3.1361 W2K/XP/Vista - rootkit / Stealth malware detektoru, ar Gmer, http://www.gmer.net
Rootkit scan 2008/09/16 17:01:58
Windows 5.1.2600 Service Pack 2 NTFS

skenēšana slēptās procesi ...

skenēšana slēptās palaišana ieraksti ...

skenēšana slēptos failus ...

scan sekmīgi pabeigta
slēptos failus: 0

************************************************** ************************
.
------------------------ Citi Running Processes ----------------------- --
.
C: \ Program Files \ Windows Defender \ MsMpEng.exe
C: \ Program Files \ Alwil Software \ Avast4 \ aswUpdSv.exe
C: \ Program Files \ Alwil Software \ Avast4 \ ashServ.exe
C: \ Program Files \ Common Files \ Apple \ Mobile Device Support \ bin \ AppleMobileDeviceService.exe
C: \ Program Files \ Bonjour \ mDNSResponder.exe
C: \ Program Files \ Google \ Common \ Google Updater \ GoogleUpdaterService.exe
C: \ Program Files \ Dell atbalsta centrs \ bin \ sprtsvc.exe
C: \ PROGRA ~ 1 \ WinZip \ WZQKPICK.EXE
C: \ Program Files \ Alwil Software \ Avast4 \ ashMaiSv.exe
C: \ Program Files \ Alwil Software \ Avast4 \ ashWebSv.exe
C: \ Program Files \ Common Files \ Logishrd \ KHAL2 \ KHALMNPR.exe
C: \ Program Files \ iPod \ bin \ iPodService.exe
.
************************************************** ************************
.
Izpildes laiks: 2008-09-16 17:13:41 - mašīna bija rebooted
ComboFix-karantīnā-files.txt 2008/09/16 22:13:22

Pre-Run: 263.151.616 bytes free
Post-Run: 674.275.328 bytes free

180 --- EOF --- 2008/09/16 11:27:11


============= END COMBO FOX ==================================


Logfile of Trend Micro HijackThis v2.0.2
Scan saglabāts 5:26:48 gada 9/16/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running procesiem:
C: \ WINDOWS \ System32 \ Smss.exe
C: \ WINDOWS \ system32 \ winlogon.exe
C: \ WINDOWS \ system32 \ services.exe
C: \ WINDOWS \ system32 \ lsass.exe
C: \ WINDOWS \ system32 \ svchost.exe
C: \ Program Files \ Windows Defender \ MsMpEng.exe
C: \ WINDOWS \ System32 \ svchost.exe
C: \ Program Files \ Alwil Software \ Avast4 \ aswUpdSv.exe
C: \ Program Files \ Alwil Software \ Avast4 \ ashServ.exe
C: \ WINDOWS \ system32 \ Spoolsv.exe
C: \ Program Files \ Common Files \ Apple \ Mobile Device Support \ bin \ AppleMobileDeviceService.exe
C: \ Program Files \ Bonjour \ mDNSResponder.exe
C: \ Program Files \ Google \ Common \ Google Updater \ GoogleUpdaterService.exe
C: \ Nexon \ Mabinogi \ npkcmsvc.exe
C: \ Program Files \ Dell \ Media Experience \ PCMService.exe
C: \ Program Files \ CyberLink \ PowerDVD \ DVDLauncher.exe
C: \ WINDOWS \ system32 \ dla \ tfswctrl.exe
C: \ WINDOWS \ system32 \ hkcmd.exe
C: \ WINDOWS \ system32 \ igfxpers.exe
C: \ Program Files \ Canon \ MyPrinter \ BJMyPrt.exe
C: \ Program Files \ ScanSoft \ OmniPageSE4.0 \ OpwareSE4.exe
C: \ Program Files \ Dell atbalsta centrs \ bin \ sprtsvc.exe
C: \ WINDOWS \ system32 \ svchost.exe
C: \ Program Files \ Analog Devices \ Core \ smax4pnp.exe
C: \ Program Files \ Viewpoint \ Common \ ViewpointService.exe
C: \ Program Files \ Dell atbalsta centrs \ bin \ sprtcmd.exe
C: \ Program Files \ QuickTime \ QTTask.exe
C: \ Program Files \ iTunes \ iTunesHelper.exe
C: \ Program Files \ DellSupport \ DSAgnt.exe
C: \ Program Files \ Logitech \ Desktop Messenger \ 8876480 \ Program \ LogitechDesktopMessenger. Exe
C: \ Program Files \ Messenger \ msmsgs.exe
C: \ Program Files \ Logitech \ SetPoint \ SetPoint.exe
C: \ Program Files \ WinZip \ WZQKPICK.EXE
C: \ Program Files \ SpywareGuard \ sgmain.exe
C: \ Program Files \ Alwil Software \ Avast4 \ ashMaiSv.exe
C: \ Program Files \ Alwil Software \ Avast4 \ ashWebSv.exe
C: \ Program Files \ Common Files \ Logishrd \ KHAL2 \ KHALMNPR.EXE
C: \ Program Files \ iPod \ bin \ iPodService.exe
C: \ WINDOWS \ system32 \ wuauclt.exe
C: \ WINDOWS \ explorer.exe
C: \ Program Files \ Mozilla Firefox \ firefox.exe
C: \ Program Files \ Trend Micro \ HijackThis \ HijackThis.exe

R0 - HKCU \ Software \ Microsoft \ Internet Explorer \ Main, Start Page = http://dsl.sbc.yahoo.com/
R1 - HKLM \ Software \ Microsoft \ Internet Explorer \ Main, Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM \ Software \ Microsoft \ Internet Explorer \ Main, Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM \ Software \ Microsoft \ Internet Explorer \ Main, Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM \ Software \ Microsoft \ Internet Explorer \ Main, Start Page = http://www.dell4me.com/mywaybiz
R1 - HKCU \ Software \ Microsoft \ Windows \ CurrentVersion \ Int ernet iestatījumi ProxyServer = 0.0.0.0
R1 - HKCU \ Software \ Microsoft \ Windows \ CurrentVersion \ Int ernet iestatījumi ProxyOverride = *. vietējo
R3 - URLSearchHook: Yahoo! Toolbar - (EF99BD32-C1FB-11D2-892F-0090271D4F88) - (no file)
O2 - BHO: Adobe PDF Reader Link Helper - (06849E9F-C8D7-4D59-B87D-784B7D6BE0B3) - C: \ Program Files \ Common Files \ Adobe \ Acrobat \ ActiveX \ AcroIEHelper.dll
O2 - BHO: Google Toolbar Notifier BHO - (AF69DE43-7D58-4.638-B6FA-CE66B5AD205D) - C: \ Program Files \ Google \ GoogleToolbarNotifier \ 2.1.1119.1736 \ s wg.dll
O3 - Toolbar: (no name) - (BA52B914-B692-46c4-B683-905236F6F655) - (no file)
O3 - Toolbar: (no name) - (E0E899AB-F487-11D5-8D29-0050BA6940E3) - (no file)
O4 - HKLM \ .. \ Run: [PCMService] "C: \ Program Files \ Dell \ Media Experience \ PCMService.exe"
O4 - HKLM \ .. \ Run: [DVDLauncher] "C: \ Program Files \ CyberLink \ PowerDVD \ DVDLauncher.exe"
O4 - HKLM \ .. \ Run: [dla] C: \ WINDOWS \ system32 \ dla \ tfswctrl.exe
O4 - HKLM \ .. \ Run: [igfxtray] C: \ WINDOWS \ system32 \ igfxtray.exe
O4 - HKLM \ .. \ Run: [igfxhkcmd] C: \ WINDOWS \ system32 \ hkcmd.exe
O4 - HKLM \ .. \ Run: [igfxpers] C: \ WINDOWS \ system32 \ igfxpers.exe
O4 - HKLM \ .. \ Run: [CanonMyPrinter] C: \ Program Files \ Canon \ MyPrinter \ BJMyPrt.exe / pieteikšanās
O4 - HKLM \ .. \ Run: [SSBkgdUpdate] "C: \ Program Files \ Common Files \ ScanSoft Shared \ SSBkgdUpdate \ SSBkgdupdate.exe"-Embedding-boot
O4 - HKLM \ .. \ Run: [OpwareSE4] "C: \ Program Files \ ScanSoft \ OmniPageSE4.0 \ OpwareSE4.exe"
O4 - HKLM \ .. \ Run: [IMJPMIG8.1] "C: \ WINDOWS \ IME \ imjp8_1 \ IMJPMIG.EXE" / Spoil / RemAdvDef / Migration32
O4 - HKLM \ .. \ Run: [MSPY2002] C: \ WINDOWS \ system32 \ IME \ PINTLGNT \ ImScInst.exe / SYNC
O4 - HKLM \ .. \ Run: [PHIME2002ASync] C: \ WINDOWS \ system32 \ IME \ TINTLGNT \ TINTSETP.EXE / SYNC
O4 - HKLM \ .. \ Run: [PHIME2002A] C: \ WINDOWS \ system32 \ IME \ TINTLGNT \ TINTSETP.EXE / IMEName
O4 - HKLM \ .. \ Run: [SoundMAXPnP] C: \ Program Files \ Analog Devices \ Core \ smax4pnp.exe
O4 - HKLM \ .. \ Run: [Logitech Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM \ .. \ Run: [Kernel un Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM \ .. \ Run: [Adobe Reader Speed Launcher] "C: \ Program Files \ Adobe \ Reader 8,0 \ Reader \ Reader_sl.exe"
O4 - HKLM \ .. \ Run: [dscactivate] "C: \ Program Files \ Dell atbalsta centrs \ gs_agent \ custom \ dsca.exe"
O4 - HKLM \ .. \ Run: [DellSupportCenter] "C: \ Program Files \ Dell atbalsta centrs \ bin \ sprtcmd.exe" / P DellSupportCenter
O4 - HKLM \ .. \ Run: [QuickTime Task] "C: \ Program Files \ QuickTime \ QTTask.exe"-atboottime
O4 - HKLM \ .. \ Run: [AppleSyncNotifier] C: \ Program Files \ Common Files \ Apple \ Mobile Device Support \ bin \ AppleSyncNotifier.exe
O4 - HKLM \ .. \ Run: [iTunesHelper] "C: \ Program Files \ iTunes \ iTunesHelper.exe"
O4 - HKCU \ .. \ Run: [DellSupport] "C: \ Program Files \ DellSupport \ DSAgnt.exe" / starta
O4 - HKCU \ .. \ Run: [LDM] C: \ Program Files \ Logitech \ Desktop Messenger \ 8.876.480 \ Program \ LogitechDesktopMessenger. Exe
O4 - HKCU \ .. \ Run: [MSMSGS] "C: \ Program Files \ Messenger \ msmsgs.exe" / background
O4 - HKCU \ .. \ Run: [DellSupportCenter] "C: \ Program Files \ Dell atbalsta centrs \ bin \ sprtcmd.exe" / P DellSupportCenter
O4 - HKUS \ S-1-5-18 \ .. \ Run: [DWQueuedReporting] "C: \ PROGRA ~ 1 \ Common ~ 1 \ Micros ~ 1 \ DW \ dwtrig20.exe"-t (User "SISTĒMA")
O4 - HKUS \. DEFAULT \ .. \ Run: [DWQueuedReporting] "C: \ PROGRA ~ 1 \ Common ~ 1 \ Micros ~ 1 \ DW \ dwtrig20.exe"-t (User 'Default user')
O4 - Startup: SpywareGuard.lnk = C: \ Program Files \ SpywareGuard \ sgmain.exe
O4 - Global Startup: Logitech Desktop Messenger.lnk = C: \ Program Files \ Logitech \ Desktop Messenger \ 8.876.480 \ Program \ LogitechDesktopMessenger. Exe
O4 - Global Startup: Logitech SetPoint.lnk = C: \ Program Files \ Logitech \ SetPoint \ SetPoint.exe
O4 - Global Startup: Microsoft Office.lnk = C: \ Program Files \ Microsoft Office \ Office10 \ OSA.EXE
O4 - Global Startup: WinZip Quick Pick.lnk = C: \ Program Files \ WinZip \ WZQKPICK.EXE
O6 - HKLM \ Software \ Policies \ Microsoft \ Internet Explorer \ Control Panel klāt
Ø8 - ārpus konteksta menu item: & AIM Meklēt - res: / / C: \ Program Files \ AIM rīkjoslu \ AIMBar.dll / aimsearch.htm
Ø9 - Extra button: (no name) - (08B0E5C0-4FCB-11CF-AAA5-00401C608501) - C: \ Program Files \ Java \ jre1.6.0_01 \ bin \ ssv.dll (file missing)
Ø9 - Extra 'Tools' MENUITEM: Sun Java Console - (08B0E5C0-4FCB-11CF-AAA5-00401C608501) - C: \ Program Files \ Java \ jre1.6.0_01 \ bin \ ssv.dll (file missing)
Ø9 - Extra button: AIM - (AC9E2541-2.814-11d5-BC6D-00B0D0A1DE45) - C: \ Program Files \ AIM \ aim.exe
Ø9 - Extra button: MusicMatch MX Web Player - (d81ca86b-ef63-42af-bee3-4502d9a03c2d) -- http://wwws.musicmatch.com/mmz/openWebRadio.html (file missing)
Ø9 - Extra button: Messenger - (FB5F1910-F110-11d2-BB9E-00C04F795683) - C: \ Program Files \ Messenger \ msmsgs.exe
Ø9 - Extra 'Tools' MENUITEM: Windows Messenger - (FB5F1910-F110-11d2-BB9E-00C04F795683) - C: \ Program Files \ Messenger \ msmsgs.exe
Ø16 - DPF: (149E45D8-163E-4189-86FC-45022AB2B6C9) (SpinTop DRM Control) - file: / / C: \ Program Files \ Scrabble \ images \ stg_drm.ocx
Ø16 - DPF: (17.492.023-C23A-453E-A040-C7C580BBF700) (Windows Genuine Advantage Validation Tool) -- http://go.microsoft.com/fwlink/?linkid=39204
Ø16 - DPF: (288C5F13-7E52-4ADA-A32E-F5BF9D125F98) (CR64Loader Object) -- http://miniclip.com/platypus/miniclipGameLoader.dll
Ø16 - DPF: (30.528.230-99f7-4bb4-88d8-fa1d4f56a2ab) (INSTALLATION SUPPORT) - C: \ Program Files \ Yahoo! \ Common \ Yinsthelper.dll
Ø16 - DPF: (406B5949-7.190-4.245-91A9-30A17DE16AD0) (Snapfish Activia) -- http://photo.walgreens.com/WalgreensActivia.cab
Ø16 - DPF: (48884C41-EFAC-433D-958A-9FADAC41408E) (EGamesPlugin klase) -- https: / / www.e-games.com.my/com/EGamesPlugin.cab
Ø16 - DPF: (5F5F9FB8-878E-4455-95E0-F64B2314288A) -- http://gamedownload.ijjimax.com/game...lugin11USA.cab
Ø16 - DPF: (5F8469B4-B055-49DD-83F7-62B522420ECC) (Facebook Photo Uploader Control) -- http://upload.facebook.com/controls/...toUploader.cab
Ø16 - DPF: (CC450D71-CC90-424C-8.638-1F2DBAC87A54) (ArmHelper Control) - file: / / C: \ Program Files \ Scrabble \ images \ armhelper.ocx
Ø16 - DPF: (CD995117-98E5-4.169-9.920-6C12D4C0B548) -- http://gamedownload.ijjimax.com/game...Plugin9USA.cab
O18 - Protocol: bwfile-8.876.480 - (9462A756-7B47-47BC-8C80-C34B9B80B32B) - C: \ Program Files \ Logitech \ Desktop Messenger \ 8.876.480 \ Program \ GAPlugProtocol-8876480.dll
O23 - Service: Apple Mobile Device - Apple Inc - C: \ Program Files \ Common Files \ Apple \ Mobile Device Support \ bin \ AppleMobileDeviceService.exe
O23 - Service: Avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C: \ Program Files \ Alwil Software \ Avast4 \ aswUpdSv.exe
O23 - Service: Avast! Antivirus - ALWIL Software - C: \ Program Files \ Alwil Software \ Avast4 \ ashServ.exe
O23 - Service: Avast! Mail Scanner - ALWIL Software - C: \ Program Files \ Alwil Software \ Avast4 \ ashMaiSv.exe
O23 - Service: Avast! Web Scanner - ALWIL Software - C: \ Program Files \ Alwil Software \ Avast4 \ ashWebSv.exe
O23 - Service: Bonjour Service - Apple Inc - C: \ Program Files \ Bonjour \ mDNSResponder.exe
O23 - Service: DSBrokerService - Unknown īpašnieks - C: \ Program Files \ DellSupport \ brkrsvc.exe
O23 - Service: Google Updater Service (gusvc) - Google - C: \ Program Files \ Google \ Common \ Google Updater \ GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C: \ Program Files \ Common Files \ InstallShield \ Driver \ 11 \ Intel 32 \ IDriverT.exe
O23 - Service: iPod Service - Apple Inc - C: \ Program Files \ iPod \ bin \ iPodService.exe
O23 - Service: Logitech Bluetooth Service (LBTServ) - Logitech, Inc - C: \ Program Files \ Common Files \ Logitech \ Bluetooth \ LBTServ.exe
O23 - Service: Intel NCS NetService (NetSvc) - Intel (R) Corporation - C: \ Program Files \ Intel \ PROSetWired \ NCS \ Sync \ NetSvc.exe
O23 - Service: npkcmsvc - INCA interneta Co Ltd - C: \ Nexon \ Mabinogi \ npkcmsvc.exe
O23 - Service: SupportSoft zobs Service (dellsupportcenter) (sprtsvc_dellsupportcenter) - SupportSoft, Inc - C: \ Program Files \ Dell atbalsta centrs \ bin \ sprtsvc.exe
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C: \ Program Files \ Viewpoint \ Common \ ViewpointService.exe

--
End of failu - 10.675 bytes

[evilfantasy]

• Click START tad RUN
• Tagad tips Combofix / u in runbox
• Pārliecinieties, ka tur starp Combofix un telpas / u
• Tad hit Enter.

• Iepriekš minēto procedūru paredz:
• Dzēst tekstu:
• ComboFix un ar to saistītos failus un mapes.
• Reset pulksteņa uzstādījumus.
• Paslēpt failu paplašinājumus, ja nepieciešams.
• Paslēpt System / Hidden failus, ja nepieciešams.
• Uzstādīt jaunu, tīru Restore Point.

----------

Lejupielādēt ViewpointKiller.zip

• Unzip programmas un visus saturs ViewpointKiller.zip uz atrašanās vietu, piemēram, darbvirsmas.
• Dubultklikšķi ViewpointKiller ikonas rādīt ViewpointKiller.exe.
• Izvēlieties Fails izvēlne, un izvēlieties Pārbaudiet, vai jums ir Viewpoint uzstādītas.
• Ja ViewpointKiller norāda, ka kāds no Viewpoint variantiem ir instalēta programma, izvēlieties atbilstošu Nogalināt iespēja Fails izvēlnē.

• Sekojiet komandas un instrukciju ļoti uzmanīgi, atbildot uz Jā vai Nē atkarībā no tā, kurš variants Jums ir visērtāk.
• Msconfig instrukcijas ir ļoti svarīgs, tāpēc pārliecinieties, izlasiet tos uzmanīgi.

• Piezīme: Kad darīts ar ViewpointKiller labo klikšķi un dzēst visus failus, kas tika unzipped.

----------

Java ir novecojis.

Vecākas versijas ir ievainojamības, ka ļaunprātīgas vietnes var izmantot, lai inficēt jūsu sistēmā.

Vispirms instalēt jaunu Sun Java Runtime Environment

Noteikti aizvērt visus pārlūkprogrammas logus, pirms sākt uzstādīšanu.

Noņemt veco versiju (s)

• Download JavaRa un Atarhivējiet failu uz darbvirsmas.
  
• Open JavaRA.exe un izvēlēties Remove Older Versions
  
• Kad pabeigta izvešanas JavaRA un izdzēst programmu.
  
• Run CCleaner.

----------

Lejupielādēt ATF Apkopēja ar Atribune uz Jūsu rakstāmgalda.

Alternate download link

Piezīme: Vista lietotājiem jāizmanto Run As Administrator

• Zem Galvena: Izvēlieties faili Dzēst izvēlas: Atlasīt visu.
• Click Empty Selected pogu.
• Ja izmantojat Firefox pārlūkprogrammā noklikšķiniet uz Firefox uz augšu un izvēlieties: Atlasīt visu
• Click Empty Selected pogu.
  Ja vēlaties, lai jūsu saglabātās paroles klikšķi Nē par ātru.
• Ja Jūs lietojat Opera pārlūku noklikšķiniet uz Opera uz augšu un izvēlieties: Atlasīt visu
• Click Empty Selected pogu.
  Ja vēlaties, lai jūsu saglabātās paroles klikšķi Nē par ātru.
• Click Iziet uz Main menu lai aizvērtu programmu.

Ņemiet vērā, ka sistēma darbosies lēnāk par reboot vai divas pēc tam izmanto šo rīku, lai nav panika.

Svarīgi: Restartēt datoru, pirms turpināt.

----------

Palaist šo online scan. Pieprasa Internet Explorer

Lietošanai ESET Nod32 Online Scanner

1. Pārbaudiet lodziņu blakus Jā, es piekrītu Lietošanas noteikumi.
2. Click Sākums
3. Jautāti, ļauj ActiveX kontroli, lai instalētu
4. Click Sākums
5. Pārliecinieties, ka opcija Noņemt atrasts draudi un izvēle Scan nevēlamas programmas tikai jāpārbauda marked.
6. Click Scan
7. Sagaidiet scan pabeigt
8. Lietot notepad atvērt logfile atrodas C: \ Program Files \ EsetOnlineScanner \ log.txt
9. Pievienot C: \ Program Files \ EsetOnlineScanner \ log.txt Piesakieties savā nākamajā atbilde

[SpeedRacer]

# Version = 4 # OnlineScanner.ocx = 1.0.0.635 # OnlineScannerDLLA.dll = 1, 0, 0, 79 # OnlineScannerDLLW.dll = 1, 0, 0, 78 # OnlineScannerUninstaller.exe = 1, 0, 0, 49 # vers_standard_module = 3447 (20080916) # vers_arch_module = 1,064 (20.080.214) # vers_adv_heur_module = 1,064 (20.070.717) # EOSSerial = 8983b3a42701b342bf8e75ec7f82c98f # end = gatavo # remove_checked = true # unwanted_checked = true # utc_time = 2008/09/17 05:39:16 # local_time = 2008/09/17 12:39:16 (-0.600, Central Daylight Time) # country = "United States" # osver = 5.1.2600 NT Service Pack 2 # skenēta = 226.155 # atrasts = 0 # scan_time = 4.934

[evilfantasy]

Set New Restore Point ir novērst iespējamo reinfection no vecā
Nosakot jaunu atjaunošanas punktu pēc tīrīšanas jūsu sistēma ļaus jūsu datoru, lai apgāšanās atpakaļ uz tīras darba stāvoklī, ja nepieciešams.

• Doties uz Sākums > Programmas > Piederumi > System Tools un noklikšķiniet uz System Restore
• Izvēlieties radio pogu ar nosaukumu Izveidot Atjaunot Point gada pirmajā ekrānā noklikšķiniet uz Nākamais Dot Restore Point vārdu tam noklikšķiniet uz Izveidot.
• Jauns atjaunot punkts būs apzīmogo ar pašreizējo datumu un laiku. Uzturēt reģistru par šo, lai jūs varētu atrast viegli, būtu nepieciešams izmantot System Restore.
• Blakus iet uz Sākums > Skriet un tips Cleanmgr
• Click OK
• Click Papildu opcijas Tab.
• Click Clean Up in System Restore sadaļu, lai likvidētu visus iepriekšējos atjaunošanas punktus, izņemot jaunizveidotā tīru vienu.

Jūs varat atrast instrukcijas par to, kā iespējot un no jauna aktivizētu sistēmu atjaunot šeit:

Windows XP System Restore Guide vai Windows Vista System Restore Guide

----------

Lietošanai Secunia Software Inspector lai pārbaudītu novecojis programmatūru.
Novecojis programmatūra ir drošības ievainojamības, ka ļaundabīgās programmas var izmantot.

• Click Start Now
• Pārbaudiet lodziņu blakus Enable pilnīgu sistēmu pārbaudi.
• Click Sākums
• Ļaut skenēt pabeigt un ritiniet uz leju, lai redzētu, vai jebkādu šo ziņu atjauninājumu, ir nepieciešama.
• Update kaut kas uzskaitīti.

----------

Doties uz Microsoft Windows Update un saņemt visus kritiskos atjauninājumus.

----------

Šeit ir daži lielu bezmaksas rīki, kas palīdz jums uzturēt no nokļūst inficētas vēlreiz. Šos instrumentus izmantot gandrīz nemaz vai resursus, lai nepalēninātu datoru.

Pauž bažas par Pārlūka drošība? Jāapsver iespēja izmantot Mozilla Firefox 3.0.

Lai novērstu nezināms pieteikumi tiek instalēta datorā instalēt WinPatrol 2.008
* Izmantojot Winpatrol, lai aizsargātu Jūsu datoru no ļaunprātīgas programmatūras

Es gribētu ierosināt, izmantojot SiteAdvisor. SiteAdvisor likmes vietās uzņēmējdarbības prakses un surogātpastu. Drošības reitingu no McAfee SiteAdvisor ir balstīti uz automatizētu drošības testus Web vietu.

SpywareBlaster - Nodrošināt programmas Internet Explorer apgrūtina šo ActiveX programmām darboties datorā. Arī pārtraukt dažu sīkdatnes no kuras tiek pievienotas datoram, braucot Mozilla pamatā pārlūkprogrammās, piemēram, Firefox.
* Izmantojot SpywareBlaster, lai aizsargātu datoru pret spiegprogrammatūru un ļaunprātīgu programmatūru
* Ja jūs nezināt, kas ActiveX vadīklas ir sk šeit

Izbraukšana Uzturētu sevi droši On Web par padomiem un bezmaksas rīki, lai saglabātu jums droši nākotnē.

Apskatiet arī Lēns dators? To nedrīkst Malware bezmaksas tīrīšanas / uzkopšanas līdzekļus, lai palīdzētu saglabāt jūsu datorā, kurā darbojas gluda.

Izmantojiet tikai uzticamus drošības programmatūru, piemēram, programmas, kas uzskaitītas šajā lapā. Trusted drošības rīkus un resursus,

[SpeedRacer]

Es nevaru pateikties jums pietiekami. Es jūtos daudz drošāka par savu datoru tagad paldies jums.
Es esmu ļoti iespaidu uz zināšanu pārpilnību par šo mājas lapu un turpinās izmantot to par savu skaitļošanas vajadzībām.

[evilfantasy]

Glad to strādāja.

Drošu sērfošanu ...