[SpeedRacer]

ComboFix 08-09-15.02 - Tom Stratman 2008-09-16 16:53:08.1 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.184 [GMT -5:00]
Running from: C: \ Documents and Settings \ Tom Stratman \ Skrivebord \ ComboFix.exe
* Opprettet et nytt gjenopprettingspunkt

ADVARSEL-Denne maskinen har ikke gjenopprettingskonsollen INSTALLERT!
.

((((((((((((((((((((((((((((((((((((((( Other slettingene ))))))))) ))))))))))))))))))))))))))))))))))))))))
.

C: \ Documents and Settings \ Tom Stratman \ Application Data \ FNTS ~ 1
C: \ Documents and Settings \ Tom Stratman \ Application Data \ FNTS ~ 1 \ F? NTS \
C: \ Documents and Settings \ Tom Stratman \ Application Data \ SSTEM ~ 1
C: \ Temp \ 1cb
C: \ Temp \ 1cb \ syscheck.log
C: \ Temp \ FSE
C: \ Temp \ FSE \ tmpZTF.log
C: \ test.txt
C: \ WINDOWS \ system32 \ MSINET.oca
C: \ WINDOWS \ SYSTEM32 \ rqtwa.bak1
C: \ WINDOWS \ SYSTEM32 \ rqtwa.bak2
C: \ WINDOWS \ SYSTEM32 \ rqtwa.ini
C: \ WINDOWS \ system32 \ wnstsiit32.exe
C: \ WINDOWS \ SYSTEM32 \ wyadd.bak1
C: \ WINDOWS \ SYSTEM32 \ wyadd.bak2
C: \ WINDOWS \ SYSTEM32 \ wyadd.ini
C: \ WINDOWS \ SYSTEM32 \ wyadd.ini2
C: \ WINDOWS \ SYSTEM32 \ wyadd.tmp

.
((((((((((((((((((((((((((((((((((((((( Drivers / Services )))))))) )))))))))))))))))))))))))))))))))))))))))
.

------- \ Legacy_DOMAINSERVICE


((((((((((((((((((((((((( Files Created fra 2008-08-16 til 2008-09-16 ))))))))))) ))))))))))))))))))))
.

2008-09-16 06:36. 2008-09-16 06:36 <DIR> d -------- C: \ Program Files \ Trend Micro
2008-09-15 21:25. 2008-09-15 21:27 <DIR> d -------- C: \ Program Files \ Malwarebytes 'Anti-Malware
2008-09-15 21:25. 2008-09-15 21:25 <DIR> d -------- C: \ Documents and Settings \ Tom Stratman \ Application Data \ Malwarebytes
2008-09-15 21:25. 2008-09-15 21:25 <DIR> d -------- C: \ Documents and Settings \ All Users \ Application Data \ Malwarebytes
2008-09-15 21:25. 2008-09-10 00:04 38.528 - a ------ C: \ WINDOWS \ system32 \ DRIVERS \ mbamswissarmy.sys
2008-09-15 21:25. 2008-09-10 00:03 17.200 - a ------ C: \ WINDOWS \ system32 \ DRIVERS \ mbam.sys
2008-09-14 11:13. 2008-09-14 11:13 107.888 - a ------ C: \ WINDOWS \ SYSTEM32 \ CmdLineExt.dll
2008-09-10 13:37. 2008-09-10 13:38 <DIR> d -------- C: \ Program Files \ iTunes
2008-09-10 13:37. 2008-09-10 13:38 <DIR> d -------- C: \ Documents and Settings \ All Users \ Application Data \ (3276BE95_AF08_429F_A64F_CA64CB79BCF6)
2008-09-10 13:35. 2008-09-10 13:35 <DIR> d -------- C: \ Program Files \ Bonjour
2008-09-10 13:29. 2008-09-05 22:16 1.900.544 - a ------ C: \ WINDOWS \ SYSTEM32 \ usbaaplrc.dll
2008-09-06 15:09. 2008-09-06 15:09 90.112 - a ------ C: \ WINDOWS \ SYSTEM32 \ QuickTimeVR.qtx
2008-09-06 15:09. 2008-09-06 15:09 57.344 - a ------ C: \ WINDOWS \ SYSTEM32 \ QuickTime.qts
2008-08-29 10:18. 2008-08-29 10:18 87.336 - a ------ C: \ WINDOWS \ SYSTEM32 \ dns-sd.exe
2008-08-29 09:53. 2008-08-29 09:53 61.440 - a ------ C: \ WINDOWS \ SYSTEM32 \ dnssd.dll
2008-08-27 02:30. 2008-08-27 02:56 <DIR> d -------- C: \ WINDOWS \ SYSTEM32 \ CatRoot_bak
2008-08-25 19:08. 2008-08-25 19:08 <DIR> d -------- C: \ Program Files \ 2.5 AviSynth
2008-08-25 19:07. 2008-08-25 19:07 <DIR> d -------- C: \ Program Files \ Red Kawa

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))) ))))))))))))))))))))))))))))))))))))))))))))
.
2008-09-16 21:40 --------- d ----- w C: \ Documents and Settings \ Tom Stratman \ Application Data \ uTorrent
2008-09-16 06:42 --------- d ----- w C: \ Documents and Settings \ All Users \ Application Data \ Google Updater
2008-09-15 20:53 --------- d - h - w C: \ Program Files \ InstallShield Installation Information
2008-09-15 20:53 --------- d ----- w C: \ Program Files \ Electronic Arts
2008-09-10 18:38 --------- d ----- w C: \ Program Files \ iPod
2008-09-10 18:34 --------- d ----- w C: \ Programfiler \ QuickTime
2008-09-10 18:33 --------- d ----- w "C: \ Program Files \ Common Files \ Apple
2008-09-06 03:16 36.864 ---- aw C: \ WINDOWS \ system32 \ drivers \ usbaapl.sys
2008-08-21 21:36 --------- d ----- w C: \ Programfiler \ Apple Software Update
2008-08-11 21:22 --------- d ----- w C: \ Programfiler \ Microsoft Silverlight
2008-08-07 16:37 --------- d ----- w C: \ Programfiler \ Google
2008-03-01 20:28 75.496-c - aw C: \ Documents and Settings \ Tom Stratman \ Application Data \ GDIPFONTCACHEV1.DAT
2007-09-26 01:26 45.422-c - aw C: \ Documents and Settings \ Tom Stratman \ Application Data \ wklnhst.dat
2007-06-28 21:37 7.248-c - aw C: \ Documents and Settings \ All Users \ Application Data \ ypinfo.bin
2007-04-15 04:54 32-c - ar C: \ Documents and Settings \ All Users \ hash.dat
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))) ))))))))))))))))))))))))))))))))))))))))
.
.
* Note * empty entries & legit default entries ikke vises
REGEDIT4

[HKEY_CURRENT_USER \ Software \ Microsoft \ Windows \ Curre ntVersion \ Run]
"DellSupport" = "C: \ Programfiler \ DellSupport \ DSAgnt.exe" [2007-03-15 460784]
"LDM" = "C: \ Program Files \ Logitech \ Desktop Messenger \ 8876480 \ Programfiler \ LogitechDesktopMessenger. Exe" [2007-02-23 67128]
"MSMSGS" = "C: \ Programfiler \ Messenger \ msmsgs.exe" [2004-10-13 1694208]
"DellSupportCenter" = "C: \ Program Files \ Dell Support Center \ bin \ sprtcmd.exe" [2007-11-15 202544]

[HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ Windows \ Curr entVersion \ Run]
"PCMService" = "C: \ Program Files \ Dell \ Media Experience \ PCMService.exe" [2004-04-11 290816]
"DVDLauncher" = "C: \ Program Files \ CyberLink \ PowerDVD \ DVDLauncher.exe" [2004-08-23 57344]
"dla" = "C: \ WINDOWS \ system32 \ dla \ tfswctrl.exe" [2004-08-13 122939]
"igfxtray" = "C: \ WINDOWS \ system32 \ igfxtray.exe" [2005-09-20 94208]
"igfxhkcmd" = "C: \ WINDOWS \ system32 \ hkcmd.exe" [2005-09-20 77824]
"igfxpers" = "C: \ WINDOWS \ system32 \ igfxpers.exe" [2005-09-20 114688]
"CanonMyPrinter" = "C: \ Program Files \ Canon \ MyPrinter \ BJMyPrt.exe" [2006-03-21 1191936]
"SSBkgdUpdate" = "C: \ Program Files \ \ ScanSoft Shared \ SSBkgdUpdate \ SSBkgdupdate.exe" [2003-09-30 155648]
"OpwareSE4" = "C: \ Program Files \ ScanSoft \ OmniPageSE4.0 \ OpwareSE4.exe" [2006-03-21 69632]
"IMJPMIG8.1" = "C: \ WINDOWS \ IME \ imjp8_1 \ IMJPMIG.E XE" [2004-08-04 208952]
"MSPY2002" = "C: \ WINDOWS \ system32 \ IME \ PINTLGNT \ ImScI nst.exe" [2004-08-04 59392]
"PHIME2002ASync" = "C: \ WINDOWS \ system32 \ IME \ TINTLGNT \ TINTSETP.EXE" [2004-08-04 455168]
"PHIME2002A" = "C: \ WINDOWS \ system32 \ IME \ TINTLGNT \ TIN TSETP.EXE" [2004-08-04 455168]
"SoundMAXPnP" = "C: \ Programfiler \ Analog Devices \ Core \ smax4pnp.exe" [2004-10-14 1404928]
"Adobe Reader Speed Launcher" = "C: \ Programfiler \ Adobe \ Reader 8.0 \ Reader \ Reader_sl.exe" [2008-01-11 39792]
"dscactivate" = "C: \ Program Files \ Dell Support Center \ gs_agent \ custom \ dsca.exe" [2007-11-15 16384]
"DellSupportCenter" = "C: \ Program Files \ Dell Support Center \ bin \ sprtcmd.exe" [2007-11-15 202544]
"QuickTime Task" = "C: \ Programfiler \ QuickTime \ QTTask.exe" [2008-09-06 413696]
"AppleSyncNotifier" = "C: \ Program Files \ Common Files \ Apple \ Mobile Device Support \ bin \ AppleSyncNotifier.exe" [2008-09-03 111936]
"iTunesHelper" = "C: \ Program Files \ iTunes \ iTunesHelper.exe" [2008-09-08 289576]
"Logitech Hardware Abstraction Layer" = "KHALMNPR.EXE" [2008-02-29 C: \ WINDOWS \ KHALMNPR.Exe]
"Kernel and Hardware Abstraction Layer" = "KHALMNPR.EXE" [2008-02-29 C: \ WINDOWS \ KHALMNPR.Exe]

[HKEY_USERS \. DEFAULT \ Software \ Microsoft \ Windows \ Cur rentVersion \ Run]
"DWQueuedReporting" = "C: \ progra ~ 1 \ FELLES ~ 1 \ micros ~ 1 \ DW \ dwtrig20.exe" [2007-03-13 39264]

C: \ Documents and Settings \ Tom Stratman \ Start-meny \ Programmer \ Oppstart \
SpywareGuard.lnk - C: \ Program Files \ SpywareGuard \ sgmain.exe [2003-08-29 360448]

C: \ Documents and Settings \ All Users \ Start-meny \ Programmer \ Startup
Logitech Desktop Messenger.lnk - C: \ Program Files \ Logitech \ Desktop Messenger \ 8876480 \ Programfiler \ LogitechDesktopMessenger. Exe [2007-02-23 67128]
Logitech SetPoint.lnk - C: \ Program Files \ Logitech \ SetPoint \ SetPoint.exe [2008-08-09 805392]
Microsoft Office.lnk - C: \ Programfiler \ Microsoft Office \ Office10 \ Osa.exe [2001-02-13 83360]
WinZip Quick Pick.lnk - C: \ Programfiler \ WinZip \ WZQKPICK.EXE [2005-02-11 118784]

[HKEY_LOCAL_MACHINE \ Software \ Microsoft \ Windows NT \ CurrentVersion \ Winlogon \ Notify \ LBTWlgn]
2008-05-02 02:42 72208 c: \ Program Files \ \ Logitech \ Bluetooth \ LBTWLgn.dll

[HKEY_LOCAL_MACHINE \ SYSTEM \ CurrentControlSet \ Contro l \ SafeBoot \ Minimal \ WdfLoadGroup]
@ = ""

[HKLM \ ~ \ Services \ sharedaccess \ Parameters \ firewallpo licy \ standardprofile \ AuthorizedApplications \ List]
"% windir% \ \ system32 \ \ sessmgr.exe" =
"C: \ \ Programfiler \ \ Windows Media Player \ \ Wmplayer.exe" =
"C: \ \ Programfiler \ \ Fellesfiler \ \ AOL \ \ Loader \ \ aolload.exe" =
"C: \ \ Program Files \ \ PopCap Games \ \ Bookworm Deluxe \ \ BookWorm.exe" =
"C: \ \ Program Files \ \ AIM \ \ aim.exe" =
"C: \ \ Program Files \ \ AIM6 \ \ aim6.exe" =
"C: \ \ Program Files \ \ Logitech \ \ Desktop Messenger \ \ 8876480 \ \ Programfiler \ \ LogitechDesktopMessen ger.exe" =
"C: \ \ Program Files \ \ uTorrent \ \ uTorrent.exe" =
"C: \ \ Program Files \ \ Bonjour \ \ mDNSResponder.exe" =
"C: \ \ Program Files \ \ iTunes \ \ iTunes.exe" =

[HKLM \ ~ \ Services \ sharedaccess \ Parameters \ firewallpo licy \ standardprofile \ GloballyOpenPorts \ List]
"17770: TCP" = 17770: TCP: BitComet 17770 TCP
"17770: UDP" = 17770: UDP: BitComet 17770 UDP

R1 aswSP; avast! Self Protection; C: \ WINDOWS \ system32 \ drivers \ aswSP.sys [2008-07-19 78416]
R2 aswFsBlk; aswFsBlk; C: \ WINDOWS \ system32 \ drivers \ aswF sBlk.sys [2008-07-19 20560]
R2 npkcmsvc; npkcmsvc C: \ Nexon \ Mabinogi \ npkcmsvc.exe [2007-08-02 80528]
R2 Viewpoint Manager Service; Viewpoint Manager Service; C: \ Program Files \ Viewpoint \ Common \ ViewpointService.exe [2007-01-04 24652]
S2 DP1112; DP1112 C: \ WINDOWS \ system32 \ drivers \ DP.sys []
S3 FTD2XX; Outlaw Audio Model 990 Device Driver; C: \ WINDOWS \ system32 \ drivers \ FTD2XX.sys [2003-01-24 24197]
S3 XDva020; XDva020 C: \ WINDOWS \ system32 \ XDva020.sys []
.
Innholdet i "Scheduled Tasks"-mappen
.
- - - - Orphans fjernet - - - --

HKCU-Run-updateMgr - C: \ Programfiler \ Adobe \ Acrobat 7.0 \ Reader \ AdobeUpdateManager.exe
HKCU-Run-Aim6 - (no file)


.
------- Tilleggsavtale Scan -------
.
FireFox -: Profile - C: \ Documents and Settings \ Tom Stratman \ Application Data \ Mozilla \ Firefox \ Profiles \ e41ez35c.default \
FireFox -: prefs.js - STARTUP.HOMEPAGE - hxxp: / / dsl.sbc.yahoo.com /
.

************************************************** ************************

CatchMe 0.3.1361 W2K/XP/Vista - rootkit / skjulemodus malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-09-16 17:01:58
Windows 5.1.2600 Service Pack 2 NTFS

skanning skjulte prosesser ...

scanning hidden autostart entries ...

skanning skjulte filer ...

skanning er fullført
skjulte filer: 0

************************************************** ************************
.
------------------------ Other Running Prosesser ----------------------- --
.
C: \ Programfiler \ Windows Defender \ MsMpEng.exe
C: \ Programfiler \ Alwil Software \ Avast4 \ aswUpdSv.exe
C: \ Programfiler \ Alwil Software \ Avast4 \ ashServ.exe
C: \ Programfiler \ Fellesfiler \ Apple \ Mobile Device Support \ bin \ AppleMobileDeviceService.exe
C: \ Programfiler \ Bonjour \ mDNSResponder.exe
C: \ Programfiler \ Google \ Common \ Google Updater \ GoogleUpdaterService.exe
C: \ Program Files \ Dell Support Center \ bin \ sprtsvc.exe
C: \ PROGRA ~ 1 \ WinZip \ WZQKPICK.EXE
C: \ Programfiler \ Alwil Software \ Avast4 \ ashMaiSv.exe
C: \ Programfiler \ Alwil Software \ Avast4 \ ashWebSv.exe
C: \ Program Files \ \ Logishrd \ KHAL2 \ KHALMNPR.exe
C: \ Programfiler \ iPod \ bin \ iPodService.exe
.
************************************************** ************************
.
Completion time: 2008-09-16 17:13:41 - maskinen ble startet på nytt
ComboFix-quarantined-files.txt 2008-09-16 22:13:22

Pre-Run: 263,151,616 bytes free
Post-Run: 674,275,328 bytes free

180 --- EOF --- 2008-09-16 11:27:11


============= END COMBO FOX ==================================


Logfile of Trend Micro HijackThis v2.0.2
Scan lagret på 5:26:48 PM, on 9/16/2008
Plattform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Kjører prosesser:
C: \ WINDOWS \ System32 \ smss.exe
C: \ WINDOWS \ system32 \ Winlogon.exe
C: \ WINDOWS \ system32 \ Services.exe
C: \ WINDOWS \ system32 \ Lsass.exe
C: \ WINDOWS \ system32 \ Svchost.exe
C: \ Programfiler \ Windows Defender \ MsMpEng.exe
C: \ WINDOWS \ system32 \ Svchost.exe
C: \ Programfiler \ Alwil Software \ Avast4 \ aswUpdSv.exe
C: \ Programfiler \ Alwil Software \ Avast4 \ ashServ.exe
C: \ WINDOWS \ system32 \ Spoolsv.exe
C: \ Programfiler \ Fellesfiler \ Apple \ Mobile Device Support \ bin \ AppleMobileDeviceService.exe
C: \ Programfiler \ Bonjour \ mDNSResponder.exe
C: \ Programfiler \ Google \ Common \ Google Updater \ GoogleUpdaterService.exe
C: \ Nexon \ Mabinogi \ npkcmsvc.exe
C: \ Programfiler \ Dell \ Media Experience \ PCMService.exe
C: \ Program Files \ Cyberlink \ PowerDVD \ DVDLauncher.exe
C: \ WINDOWS \ system32 \ dla \ tfswctrl.exe
C: \ WINDOWS \ system32 \ hkcmd.exe
C: \ WINDOWS \ system32 \ igfxpers.exe
C: \ Program Files \ Canon \ MyPrinter \ BJMyPrt.exe
C: \ Program Files \ ScanSoft \ OmniPageSE4.0 \ OpwareSE4.exe
C: \ Program Files \ Dell Support Center \ bin \ sprtsvc.exe
C: \ WINDOWS \ system32 \ Svchost.exe
C: \ Programfiler \ Analog Devices \ Core \ smax4pnp.exe
C: \ Program Files \ Viewpoint \ Common \ ViewpointService.exe
C: \ Program Files \ Dell Support Center \ bin \ sprtcmd.exe
C: \ Programfiler \ QuickTime \ QTTask.exe
C: \ Programfiler \ iTunes \ iTunesHelper.exe
C: \ Programfiler \ DellSupport \ DSAgnt.exe
C: \ Programfiler \ Logitech \ Desktop Messenger \ 8876480 \ Programfiler \ LogitechDesktopMessenger. Exe
C: \ Programfiler \ Messenger \ msmsgs.exe
C: \ Programfiler \ Logitech \ SetPoint \ SetPoint.exe
C: \ Programfiler \ WinZip \ WZQKPICK.EXE
C: \ Programfiler \ SpywareGuard \ sgmain.exe
C: \ Programfiler \ Alwil Software \ Avast4 \ ashMaiSv.exe
C: \ Programfiler \ Alwil Software \ Avast4 \ ashWebSv.exe
C: \ Programfiler \ Fellesfiler \ Logishrd \ KHAL2 \ KHALMNPR.EXE
C: \ Programfiler \ iPod \ bin \ iPodService.exe
C: \ WINDOWS \ system32 \ wuauclt.exe
C: \ WINDOWS \ explorer.exe
C: \ Programfiler \ Mozilla Firefox \ firefox.exe
C: \ Programfiler \ Trend Micro \ HijackThis \ HijackThis.exe

R0 - HKCU \ Software \ Microsoft \ Internet Explorer \ Main, Start Page = http://dsl.sbc.yahoo.com/
R1 - HKLM \ Software \ Microsoft \ Internet Explorer \ Main, Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM \ Software \ Microsoft \ Internet Explorer \ Main, Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM \ Software \ Microsoft \ Internet Explorer \ Main, Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM \ Software \ Microsoft \ Internet Explorer \ Main, Start Page = http://www.dell4me.com/mywaybiz
R1 - HKCU \ Software \ Microsoft \ Windows \ CurrentVersion \ Int ernet Innstillinger ProxyServer = 0.0.0.0
R1 - HKCU \ Software \ Microsoft \ Windows \ CurrentVersion \ Int ernet Settings, ProxyOverride = *. local
R3 - URLSearchHook: Yahoo! Toolbar - (EF99BD32-C1FB-11D2-892F-0090271D4F88) - (no file)
O2 - BHO: Adobe PDF Reader Link Helper - (06849E9F-C8D7-4D59-B87D-784B7D6BE0B3) - C: \ Programfiler \ Fellesfiler \ Adobe \ Acrobat \ ActiveX \ AcroIEHelper.dll
O2 - BHO: Google Toolbar Notifier BHO - (AF69DE43-7D58-4638-B6FA-CE66B5AD205D) - C: \ Programfiler \ Google \ GoogleToolbarNotifier \ 2.1.1119.1736 \ s wg.dll
O3 - Toolbar: (no name) - (BA52B914-B692-46c4-B683-905236F6F655) - (no file)
O3 - Toolbar: (no name) - (E0E899AB-F487-11D5-8D29-0050BA6940E3) - (no file)
O4 - HKLM \ .. \ Run: [PCMService] "C: \ Programfiler \ Dell \ Media Experience \ PCMService.exe"
O4 - HKLM \ .. \ Run: [DVDLauncher] "C: \ Program Files \ Cyberlink \ PowerDVD \ DVDLauncher.exe"
O4 - HKLM \ .. \ Run: [dla] C: \ WINDOWS \ system32 \ dla \ tfswctrl.exe
O4 - HKLM \ .. \ Run: [igfxtray] C: \ WINDOWS \ system32 \ igfxtray.exe
O4 - HKLM \ .. \ Run: [igfxhkcmd] C: \ WINDOWS \ system32 \ hkcmd.exe
O4 - HKLM \ .. \ Run: [igfxpers] C: \ WINDOWS \ system32 \ igfxpers.exe
O4 - HKLM \ .. \ Run: [CanonMyPrinter] C: \ Program Files \ Canon \ MyPrinter \ BJMyPrt.exe / pålogging
O4 - HKLM \ .. \ Run: [SSBkgdUpdate] "C: \ Programfiler \ Fellesfiler \ ScanSoft Shared \ SSBkgdUpdate \ SSBkgdupdate.exe"-Embedding-boot
O4 - HKLM \ .. \ Run: [OpwareSE4] "C: \ Programfiler \ ScanSoft \ OmniPageSE4.0 \ OpwareSE4.exe"
O4 - HKLM \ .. \ Run: [IMJPMIG8.1] "C: \ WINDOWS \ IME \ imjp8_1 \ IMJPMIG.EXE" / Skjem bort / RemAdvDef / Migration32
O4 - HKLM \ .. \ Run: [MSPY2002] C: \ WINDOWS \ system32 \ IME \ PINTLGNT \ ImScInst.exe / SYNC
O4 - HKLM \ .. \ Run: [PHIME2002ASync] C: \ WINDOWS \ system32 \ IME \ TINTLGNT \ TINTSETP.EXE / SYNC
O4 - HKLM \ .. \ Run: [PHIME2002A] C: \ WINDOWS \ system32 \ IME \ TINTLGNT \ TINTSETP.EXE / IMEName
O4 - HKLM \ .. \ Run: [SoundMAXPnP] C: \ Programfiler \ Analog Devices \ Core \ smax4pnp.exe
O4 - HKLM \ .. \ Run: [Logitech Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM \ .. \ Run: [Kernel og Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM \ .. \ Run: [Adobe Reader Speed Launcher] "C: \ Programfiler \ Adobe \ Reader 8.0 \ Reader \ Reader_sl.exe"
O4 - HKLM \ .. \ Run: [dscactivate] "C: \ Program Files \ Dell Support Center \ gs_agent \ tilpasset \ dsca.exe"
O4 - HKLM \ .. \ Run: [DellSupportCenter] "C: \ Program Files \ Dell Support Center \ bin \ sprtcmd.exe" / P DellSupportCenter
O4 - HKLM \ .. \ Run: [QuickTime Task] "C: \ Programfiler \ QuickTime \ QTTask.exe"-atboottime
O4 - HKLM \ .. \ Run: [AppleSyncNotifier] C: \ Programfiler \ Fellesfiler \ Apple \ Mobile Device Support \ bin \ AppleSyncNotifier.exe
O4 - HKLM \ .. \ Run: [iTunesHelper] "C: \ Programfiler \ iTunes \ iTunesHelper.exe"
O4 - HKCU \ .. \ Run: [DellSupport] "C: \ Programfiler \ DellSupport \ DSAgnt.exe" / oppstart
O4 - HKCU \ .. \ Run: [LDM] C: \ Programfiler \ Logitech \ Desktop Messenger \ 8876480 \ Programfiler \ LogitechDesktopMessenger. Exe
O4 - HKCU \ .. \ Run: [MSMSGS] "C: \ Programfiler \ Messenger \ msmsgs.exe" / background
O4 - HKCU \ .. \ Run: [DellSupportCenter] "C: \ Program Files \ Dell Support Center \ bin \ sprtcmd.exe" / P DellSupportCenter
O4 - HKUS \ S-1-5-18 \ .. \ Run: [DWQueuedReporting] "c: \ progra ~ 1 \ FELLES ~ 1 \ micros ~ 1 \ DW \ dwtrig20.exe"-t (User 'SYSTEM')
O4 - HKUS \. DEFAULT \ .. \ Run: [DWQueuedReporting] "c: \ progra ~ 1 \ FELLES ~ 1 \ micros ~ 1 \ DW \ dwtrig20.exe"-t (User 'Default user')
O4 - Startup: SpywareGuard.lnk = C: \ Programfiler \ SpywareGuard \ sgmain.exe
O4 - Global Startup: Logitech Desktop Messenger.lnk = C: \ Programfiler \ Logitech \ Desktop Messenger \ 8876480 \ Programfiler \ LogitechDesktopMessenger. Exe
O4 - Global Startup: Logitech SetPoint.lnk = C: \ Programfiler \ Logitech \ SetPoint \ SetPoint.exe
O4 - Global Startup: Microsoft Office.lnk = C: \ Programfiler \ Microsoft Office \ Office10 \ Osa.exe
O4 - Global Startup: WinZip Quick Pick.lnk = C: \ Programfiler \ WinZip \ WZQKPICK.EXE
O6 - HKCU \ Software \ Policies \ Microsoft \ Internet Explorer \ Control Panel presentere
O8 - Extra sammenheng menyelement: & AIM Search - res: / / C: \ Programfiler \ AIM Toolbar \ AIMBar.dll / aimsearch.htm
O9 - Extra button: (no name) - (08B0E5C0-4FCB-11CF-AAA5-00401C608501) - C: \ Program Files \ Java \ jre1.6.0_01 \ bin \ ssv.dll (file missing)
O9 - Extra 'Tools' MENUITEM: Sun Java Console - (08B0E5C0-4FCB-11CF-AAA5-00401C608501) - C: \ Program Files \ Java \ jre1.6.0_01 \ bin \ ssv.dll (file missing)
O9 - Extra knappen: AIM - (AC9E2541-2814-11d5-BC6D-00B0D0A1DE45) - C: \ Programfiler \ AIM \ aim.exe
O9 - Extra knappen: Musicmatch MX Web Player - (d81ca86b-ef63-42af-bee3-4502d9a03c2d) -- http://wwws.musicmatch.com/mmz/openWebRadio.html (fil mangler)
O9 - Extra knappen: Messenger - (FB5F1910-F110-11d2-BB9E-00C04F795683) - C: \ Programfiler \ Messenger \ msmsgs.exe
O9 - Extra "Verktøy" MENUITEM: Windows Messenger - (FB5F1910-F110-11d2-BB9E-00C04F795683) - C: \ Programfiler \ Messenger \ msmsgs.exe
Ø16 - DPF: (149E45D8-163E-4189-86FC-45022AB2B6C9) (SpinTop DRM Control) - file: / / C: \ Program Files \ Scrabble \ Images \ stg_drm.ocx
O16 - DPF: (17492023-C23A-453E-A040-C7C580BBF700) (Windows Genuine Advantage Validation Tool) -- http://go.microsoft.com/fwlink/?linkid=39204
Ø16 - DPF: (288C5F13-7E52-4ADA-A32E-F5BF9D125F98) (CR64Loader Object) -- http://miniclip.com/platypus/miniclipGameLoader.dll
O16 - DPF: (30528230-99f7-4bb4-88d8-fa1d4f56a2ab) (Installation Support) - C: \ Programfiler \ Yahoo! \ Common \ Yinsthelper.dll
O16 - DPF: (406B5949-7190-4245-91A9-30A17DE16AD0) (Snapfish Activia) -- http://photo.walgreens.com/WalgreensActivia.cab
O16 - DPF: (48884C41-EFAC-433D-958A-9FADAC41408E) (EGamesPlugin klasse) -- https: / / www.e-games.com.my/com/EGamesPlugin.cab
Ø16 - DPF: (5F5F9FB8-878E-4455-95E0-F64B2314288A) -- http://gamedownload.ijjimax.com/game...lugin11USA.cab
O16 - DPF: (5F8469B4-B055-49DD-83F7-62B522420ECC) (Facebook Photo Uploader Control) -- http://upload.facebook.com/controls/...toUploader.cab
Ø16 - DPF: (CC450D71-CC90-424C-8638-1F2DBAC87A54) (ArmHelper Control) - file: / / C: \ Program Files \ Scrabble \ Images \ armhelper.ocx
Ø16 - DPF: (CD995117-98E5-4169-9920-6C12D4C0B548) -- http://gamedownload.ijjimax.com/game...Plugin9USA.cab
O18 - Protocol: bwfile-8876480 - (9462A756-7B47-47BC-8C80-C34B9B80B32B) - C: \ Programfiler \ Logitech \ Desktop Messenger \ 8876480 \ Programfiler \ GAPlugProtocol-8876480.dll
O23 - Service: Apple Mobile Device - Apple Inc. - C: \ Programfiler \ Fellesfiler \ Apple \ Mobile Device Support \ bin \ AppleMobileDeviceService.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C: \ Programfiler \ Alwil Software \ Avast4 \ aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C: \ Programfiler \ Alwil Software \ Avast4 \ ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C: \ Programfiler \ Alwil Software \ Avast4 \ ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C: \ Programfiler \ Alwil Software \ Avast4 \ ashWebSv.exe
O23 - Service: Bonjour Service - Apple Inc. - C: \ Programfiler \ Bonjour \ mDNSResponder.exe
O23 - Service: DSBrokerService - Unknown owner - C: \ Programfiler \ DellSupport \ brkrsvc.exe
O23 - Service: Google Updater Service (gusvc) - Google - C: \ Programfiler \ Google \ Common \ Google Updater \ GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C: \ Programfiler \ Fellesfiler \ InstallShield \ Driver \ 11 \ Intel 32 \ IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C: \ Programfiler \ iPod \ bin \ iPodService.exe
O23 - Service: Logitech Bluetooth Service (LBTServ) - Logitech, Inc. - C: \ Programfiler \ Fellesfiler \ Logitech \ Bluetooth \ LBTServ.exe
O23 - Service: Intel sokkelen NetService (NetSvc) - Intel (R) Corporation - C: \ Programfiler \ Intel \ PROSetWired \ sokkelen \ Sync \ NetSvc.exe
O23 - Service: npkcmsvc - INCA Internett Co, Ltd - C: \ Nexon \ Mabinogi \ npkcmsvc.exe
O23 - Service: SupportSoft Sprocket Service (dellsupportcenter) (sprtsvc_dellsupportcenter) - SupportSoft, Inc. - C: \ Program Files \ Dell Support Center \ bin \ sprtsvc.exe
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C: \ Program Files \ Viewpoint \ Common \ ViewpointService.exe

--
End of file - 10675 bytes

[evilfantasy]

• Klikk START så RUN
• Nå kan du skrive Combofix / u i runbox
• Kontroller at det er et mellomrom mellom Combofix og / u
• Trykk Angi.

• Ovennevnte prosedyre skal:
• Slett følgende:
• ComboFix og dets tilhørende filer og mapper.
• Tilbakestill Klokkeinnstillingene.
• Skjul filetternavn, om nødvendig.
• Skjule System / Skjulte filer, om nødvendig.
• Angi en ny, ren Restore Point.

----------

Laste ned ViewpointKiller.zip

• Unzip programmet og hele innholdet i ViewpointKiller.zip til et sted som for eksempel skrivebordet.
• Dobbeltklikk ViewpointKiller ikonet for å kjøre ViewpointKiller.exe.
• Velg Fil menyen, og velg Sjekk om du har Viewpoint installert.
• Hvis ViewpointKiller indikerer at noen av Viewpoint variantene er installert, velger du riktig Drepe alternativ i Fil menyen.

• Følg instruksjonene og instruksjonene svært nøye, svarer Ja eller Nei avhengig av hvilke valg du er mest komfortabel med.
• Msconfig instruksjonene er svært viktig, så sørg for å lese dem nøye.

• Merk: Når du er ferdig med ViewpointKiller høyreklikk og slette alle filer som ble unzipped.

----------

Java er utdatert.

Eldre versjoner har sårbarheter som skadelige nettsteder kan bruke til å infisere maskinen.

Først installerer den nye Sun Java Runtime Environment

Husk å lukke alle webleservinduer før du begynner å installere.

Fjern den gamle versjonen (e)

• Last ned JavaRa og pakke ut filen på skrivebordet.
  
• Åpne JavaRA.exe og velge Fjern eldre versjoner
  
• Når avkjørsel JavaRA og slette programmet.
  
• Kjør CCleaner.

----------

Laste ned ATF Cleaner ved Atribune til skrivebordet ditt.

Alternative nedlastingskoblingen

Merk: Vista-brukere må bruke Kjør som Administrator

• Under Hovedbilde: Velg filer til Slett Velg: Velg alle.
• Klikk Empty Selected knappen.
• Hvis du bruker nettleseren Firefox Klikk Firefox øverst og velge: Velg alle
• Klikk Empty Selected knappen.
  Hvis du vil beholde det lagrede passord klikk Nei ved ledeteksten.
• Hvis du bruker Opera nettleseren Klikk Opera øverst og velge: Velg alle
• Klikk Empty Selected knappen.
  Hvis du vil beholde det lagrede passord klikk Nei ved ledeteksten.
• Klikk Avslutt på hovedmenyen for å lukke programmet.

Merk at systemet vil fungere tregere for en omstart eller to etter å ha brukt dette verktøyet så ikke få panikk.

Viktig: Start maskinen på nytt før du fortsetter.

----------

Kjør dette online scan. Krever Internet Explorer

Bruk ESET nod32 Online Scanner

1. Merk av for Ja, jeg godtar vilkårene for bruk.
2. Klikk Start
3. Når de blir spurt, at ActiveX-kontrollen til å installere
4. Klikk Start
5. Sørg for at alternativet Fjern funnet trusler og valget Scan uønskede programmer er å kontrollere merket.
6. Klikk Scan
7. Vent på skanning for å fullføre
8. Bruk Notisblokk til å åpne logfile plassert på C: \ Programfiler \ EsetOnlineScanner \ Log.txt
9. Legge til den, det C: \ Programfiler \ EsetOnlineScanner \ Log.txt Modchip neste svar

[SpeedRacer]

# Version = 4 # OnlineScanner.ocx = 1.0.0.635 # OnlineScannerDLLA.dll = 1, 0, 0, 79 # OnlineScannerDLLW.dll = 1, 0, 0, 78 # OnlineScannerUninstaller.exe = 1, 0, 0, 49 # vers_standard_module = 3447 (20080916) # vers_arch_module = 1,064 (20080214) # vers_adv_heur_module = 1,064 (20070717) # EOSSerial = 8983b3a42701b342bf8e75ec7f82c98f # end = ferdig # remove_checked = true # unwanted_checked = true # utc_time = 2008-09-17 05:39:16 # local_time = 2008-09-17 12:39:16 (-0600, Central Daylight Time) # country = "United States" # OSVer = 5.1.2600 NT Service Pack 2 # skannet = 226155 # funnet = 0 # scan_time = 4934

[evilfantasy]

Still et nytt gjenopprettingspunkt for å unngå mulige reinfeksjon fra en gammel en
Sette et nytt gjenopprettingspunkt etter rengjøring systemet vil gjøre det mulig for maskinen å rulle tilbake til en ren arbeidstilstand om nødvendig.

• Gå til Start > Programmer > Tilbehør > Systemverktøy og klikk Systemgjenoppretting
• Velg alternativknappen markert Opprett et gjenopprettingspunkt på det første skjermbildet deretter Neste Gi gjenopprettingspunktet et navn og klikk Opprett.
• Den nye gjenopprettingspunktet bli stemplet med gjeldende dato og klokkeslett. Ha en logg med denne slik at du kan finne det lett hvis du trenger å bruke Systemgjenoppretting.
• Neste går til Start > Løpe og skriver Cleanmgr
• Klikk OK
• Klikk Flere alternativer Tab.
• Klikk Clean Up i Systemgjenoppretting-delen for å fjerne alle tidligere gjenopprettingspunkt bortsett fra den nyopprettede ren en.

Du finner instruksjoner om hvordan du aktiverer og aktiverer systemgjenopprettingspunkt her:

Windows XP Systemgjenoppretting Guide eller Windows Vista Systemgjenoppretting Guide

----------

Bruk Secunia Software Inspector for å se etter utdatert programvare.
Utdatert programvare har sikkerhetsproblemer som ondsinnet programvare kan utnytte.

• Klikk Start nå
• Merk av for Aktiver grundig system inspeksjon.
• Klikk Start
• Tillat skanningen er ferdig, og bla ned for å se om noen oppdateringer er nødvendig.
• Update noe oppført.

----------

Gå til Microsoft Windows Update og få alle kritiske oppdateringer.

----------

Her er noen gode gratis verktøy som hjelper deg å holde fra å bli smittet igjen. Disse verktøyene brukes lite eller ingen ressurser så vil ikke påvirke din PC.

Bekymret Browser Security? Vurder å bruke Mozilla Firefox 3.0.

Å hindre ukjente programmer blir installert på datamaskinen installere WinPatrol 2008
* Bruke Winpatrol beskytte datamaskinen mot skadelig programvare

Jeg vil foreslå at du bruker SiteAdvisor. SiteAdvisor priser webområdene virksomhetspraksis og spam. Sikkerhetsgraderinger fra McAfee SiteAdvisor er basert på automatisert miljø tester av nettsteder.

SpywareBlaster - Secure Internet Explorer for å gjøre det vanskeligere for disse ActiveX-programmer til å kjøre på datamaskinen. Også stoppe bestemte informasjonskapsler fra å bli lagt til din datamaskin når du kjører Mozilla-baserte nettlesere som Firefox.
* Bruke SpywareBlaster beskytte datamaskinen mot Spyware og Malware
* Hvis du ikke vet hva ActiveX-kontroller, se her

Sjekk ut Keeping Yourself trygt På Internett for tips og gratis verktøy for å holde deg trygg i fremtiden.

Se også Treg maskin? Det er kanskje ikke Malware gratis renhold / vedlikehold av verktøy for å holde datamaskinen kjører glatt.

Bruk bare klarerte sikkerhetsprogramvare som programmene som er oppført på denne siden. Trusted sikkerhet verktøy og ressurser

[SpeedRacer]

Jeg kan ikke takke dere nok. Jeg føler meg mye tryggere om datamaskinen min nå, takket være deg.
Jeg er ekstremt imponert på overflod av kunnskap på dette området og vil fortsette å bruke det for min databruk.

[evilfantasy]

Glad det fungerte.

Sikker surfing ...