zdravim vsetko bolo ok...ale moja sestra zas klikla na ten link vtedy som to bol ja ::/ zabudol som jej o tom povedat na FB chate a mam tiez problemy znova pridavam log z RSIT
Logfile of random's system information tool 1.08 (written by random/random)
Run by Hong at 2010-11-22 18:44:30
Microsoft Windows XP Professional Service Pack 3
System drive C: has 45 GB (46%) free of 98 GB
Total RAM: 2559 MB (78% free)
Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 18:44:36, on 22.11.2010
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
C:\WINDOWS\system32\loosoujouzous.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpohmr08.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpoevm08.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\Bin\hpoSTS08.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Opera\opera.exe
C:\Documents and Settings\Hong\Desktop\RSIT.exe
C:\Program Files\trend micro\Hong.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://fullarticles.net
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.games-fusion.net
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [NVMixerTray] "C:\Program Files\NVIDIA Corporation\NvMixer\NVMixerTray.exe"
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [nwiz] C:\Program Files\NVIDIA Corporation\nView\nwiz.exe /installquiet
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [mupoga] C:\WINDOWS\system32\loosoujouzous.exe
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: 0o65u1l.exe
O4 - Startup: 0ttzpgw.exe
O4 - Startup: 0x0nt20.exe
O4 - Startup: 5nyj26a.exe
O4 - Startup: 69o1pvg.exe
O4 - Startup: bwsidte0k6.exe
O4 - Startup: c8tzpgwr.exe
O4 - Startup: cc8tzpgwr26.exe
O4 - Startup: ffwrrns7.exe
O4 - Startup: hsydup6a0h.exe
O4 - Startup: ie0aa5b0.exe
O4 - Startup: iy0uk0vgw0.exe
O4 - Startup: lh5syz2k1.exe
O4 - Startup: qb271z2k1g.exe
O4 - Startup: r60ttzpgw.exe
O4 - Startup: rc3oo3avbm0.exe
O4 - Startup: rw3ii3uu.exe
O4 - Startup: rxc3oo3avbm.exe
O4 - Startup: xidzzvlr.exe
O4 - Startup: xy0o3avb.exe
O4 - Global Startup: hp psc 1000 series.lnk = ?
O9 - Extra button: ICQ7.1 - {71BFC818-0CED-42D6-9C87-5142918957EE} - C:\Program Files\ICQ7.1\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ7.1 - {71BFC818-0CED-42D6-9C87-5142918957EE} - C:\Program Files\ICQ7.1\ICQ.exe
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O15 - Trusted Zone: http://asia.msi.com.tw
O15 - Trusted Zone: http://global.msi.com.tw
O15 - Trusted Zone: http://www.msi.com.tw
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} - http://go.microsoft.com/fwlink/?linkid=39204
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: SwitchBoard - Adobe Systems Incorporated - C:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
O23 - Service: PowerUtility TV Recording Reservation (u1thmtecye6) - Unknown owner - C:\WINDOWS\system32\pyhu.exe
--
End of file - 4812 bytes
======Scheduled tasks folder======
C:\WINDOWS\tasks\AdobeAAMUpdater-1.0-FAJKOS-Hong.job
C:\WINDOWS\tasks\FRU Task #Hewlett-Packard#hp psc 1200 series#1275498585.job
C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-789336058-839522115-1617979688-1003Core.job
C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-789336058-839522115-1617979688-1003UA.job
======Registry dump======
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"BluetoothAuthenticationAgent"=bthprops.cpl,,BluetoothAuthenticationAgent []
"NVMixerTray"=C:\Program Files\NVIDIA Corporation\NvMixer\NVMixerTray.exe [2004-06-03 131072]
"SoundMan"=C:\WINDOWS\SOUNDMAN.EXE [2007-04-16 577536]
"nwiz"=C:\Program Files\NVIDIA Corporation\nView\nwiz.exe [2010-07-07 1753192]
"NvMediaCenter"=C:\WINDOWS\system32\NvMcTray.dll [2010-07-09 110696]
"NvCplDaemon"=C:\WINDOWS\system32\NvCpl.dll [2010-07-09 13923432]
"Adobe Reader Speed Launcher"=C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe [2010-09-23 35760]
"Adobe ARM"=C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2010-09-20 932288]
"mupoga"=C:\WINDOWS\system32\loosoujouzous.exe [2010-11-22 201216]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2010-09-20 932288]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe [2010-09-23 35760]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AdobeAAMUpdater-1.0]
C:\Program Files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [2010-03-06 500208]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AdobeCS4ServiceManager]
C:\Program Files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe [2008-08-14 611712]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AdobeCS5ServiceManager]
C:\Program Files\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe [2010-07-22 402432]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BDRegion]
C:\Program Files\Cyberlink\Shared files\brs.exe [2010-06-28 75048]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools Lite]
C:\Program Files\DAEMON Tools Lite\DTLite.exe [2010-04-01 357696]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DivXUpdate]
C:\Program Files\DivX\DivX Update\DivXUpdate.exe [2010-04-12 1135912]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Update]
C:\Documents and Settings\Hong\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2009-09-24 133104]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ICQ]
C:\Program Files\ICQ7.1\ICQ.exe [2010-10-27 133432]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\msnmsgr]
C:\Program Files\Windows Live\Messenger\msnmsgr.exe [2009-07-26 3883856]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
C:\WINDOWS\system32\NeroCheck.exe [2001-07-09 155648]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NVIDIA nTune]
C:\Program Files\NVIDIA Corporation\nTune\nTuneCmd.exe [2007-09-04 81920]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvMediaCenter]
C:\WINDOWS\system32\NvMcTray.dll [2010-07-09 110696]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
C:\Program Files\QuickTime\QTTask.exe [2009-05-26 413696]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RemoteControl10]
D:\PowerDVD10\PDVD10Serv.exe [2010-02-02 87336]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
C:\Program Files\Java\jre6\bin\jusched.exe [2009-02-14 148888]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SwitchBoard]
C:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-02-19 517096]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinampAgent]
C:\Program Files\Winamp\winampa.exe [2010-07-12 74752]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^hpoddt01.exe.lnk]
C:\PROGRA~1\HEWLET~1\DIGITA~1\bin\hpotdd01.exe [2003-04-06 28672]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^Hong^Start Menu^Programs^Startup^0ddzppl.exe]
C:\Documents and Settings\Hong\Start Menu\Programs\Startup\0ddzppl.exe []
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^Hong^Start Menu^Programs^Startup^5n0tup8.exe]
C:\Documents and Settings\Hong\Start Menu\Programs\Startup\5n0tup8.exe []
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^Hong^Start Menu^Programs^Startup^a1wssneezq.exe]
C:\Documents and Settings\Hong\Start Menu\Programs\Startup\a1wssneezq.exe []
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^Hong^Start Menu^Programs^Startup^a3mc1ijj.exe]
C:\Documents and Settings\Hong\Start Menu\Programs\Startup\a3mc1ijj.exe []
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^Hong^Start Menu^Programs^Startup^Adobe Gamma.lnk]
C:\PROGRA~1\COMMON~1\Adobe\CALIBR~1\ADOBEG~1.EXE []
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^Hong^Start Menu^Programs^Startup^avbg3ss3.exe]
C:\Documents and Settings\Hong\Start Menu\Programs\Startup\avbg3ss3.exe []
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^Hong^Start Menu^Programs^Startup^bhxnijjf.exe]
C:\Documents and Settings\Hong\Start Menu\Programs\Startup\bhxnijjf.exe []
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^Hong^Start Menu^Programs^Startup^cxxotup83.exe]
C:\Documents and Settings\Hong\Start Menu\Programs\Startup\cxxotup83.exe []
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^Hong^Start Menu^Programs^Startup^fagg3ss3ee1.exe]
C:\Documents and Settings\Hong\Start Menu\Programs\Startup\fagg3ss3ee1.exe []
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^Hong^Start Menu^Programs^Startup^g70hdyy6k.exe]
C:\Documents and Settings\Hong\Start Menu\Programs\Startup\g70hdyy6k.exe []
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^Hong^Start Menu^Programs^Startup^i3uuklq8.exe]
C:\Documents and Settings\Hong\Start Menu\Programs\Startup\i3uuklq8.exe []
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^Hong^Start Menu^Programs^Startup^i3uuklq860.exe]
C:\Documents and Settings\Hong\Start Menu\Programs\Startup\i3uuklq860.exe []
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^Hong^Start Menu^Programs^Startup^lwhns3ee1q.exe]
C:\Documents and Settings\Hong\Start Menu\Programs\Startup\lwhns3ee1q.exe []
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^Hong^Start Menu^Programs^Startup^MagicDisc.lnk]
C:\PROGRA~1\MAGICD~1\MAGICD~1.EXE [2009-02-23 576000]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^Hong^Start Menu^Programs^Startup^OpenOffice.org 3.0.lnk]
C:\PROGRA~1\OPENOF~1.ORG\program\QUICKS~1.EXE [2009-01-15 393216]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^Hong^Start Menu^Programs^Startup^riddzpplq3.exe]
C:\Documents and Settings\Hong\Start Menu\Programs\Startup\riddzpplq3.exe []
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^Hong^Start Menu^Programs^Startup^rrnddzpplbb.exe]
C:\Documents and Settings\Hong\Start Menu\Programs\Startup\rrnddzpplbb.exe []
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^Hong^Start Menu^Programs^Startup^s86e81qbcxd.exe]
C:\Documents and Settings\Hong\Start Menu\Programs\Startup\s86e81qbcxd.exe []
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^Hong^Start Menu^Programs^Startup^uk0g3ss3ee1.exe]
C:\Documents and Settings\Hong\Start Menu\Programs\Startup\uk0g3ss3ee1.exe []
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^Hong^Start Menu^Programs^Startup^vmmhyytk.exe]
C:\Documents and Settings\Hong\Start Menu\Programs\Startup\vmmhyytk.exe []
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^Hong^Start Menu^Programs^Startup^w0xnijjfk3.exe]
C:\Documents and Settings\Hong\Start Menu\Programs\Startup\w0xnijjfk3.exe []
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^Hong^Start Menu^Programs^Startup^whx9ye0k3w.exe]
C:\Documents and Settings\Hong\Start Menu\Programs\Startup\whx9ye0k3w.exe []
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^Hong^Start Menu^Programs^Startup^WinFlip.lnk]
C:\PROGRA~1\WinFlip\WinFlip.exe [2007-10-25 462848]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^Hong^Start Menu^Programs^Startup^y8703g0hxd6.exe]
C:\Documents and Settings\Hong\Start Menu\Programs\Startup\y8703g0hxd6.exe []
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"ose"=3
"idsvc"=3
"ICQ Service"=2
"WZCSVC"=2
"wuauserv"=2
"wscsvc"=2
"JavaQuickStarterService"=2
"NetTcpPortSharing"=2
"WMPNetworkSvc"=3
"gusvc"=2
"gupdate1c9aca3419ed106"=2
"Viewpoint Manager Service"=2
"MDM"=2
"Adobe LM Service"=3
"ServiceLayer"=3
"IDriverT"=3
"fsssvc"=3
"FLEXnet Licensing Service"=3
"nvsvc"=2
"nTuneService"=2
"CachemanXPService"=3
C:\Documents and Settings\All Users\Start Menu\Programs\Startup
hp psc 1000 series.lnk - C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpohmr08.exe
C:\Documents and Settings\Hong\Start Menu\Programs\Startup
0o65u1l.exe
0ttzpgw.exe
0x0nt20.exe
5nyj26a.exe
69o1pvg.exe
bwsidte0k6.exe
c8tzpgwr.exe
cc8tzpgwr26.exe
ffwrrns7.exe
hsydup6a0h.exe
ie0aa5b0.exe
iy0uk0vgw0.exe
lh5syz2k1.exe
qb271z2k1g.exe
r60ttzpgw.exe
rc3oo3avbm0.exe
rw3ii3uu.exe
rxc3oo3avbm.exe
xidzzvlr.exe
xy0o3avb.exe
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WgaLogon]
WgaLogon.dll []
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll [2006-10-19 133632]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\MSIServer]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\Wdf01000.sys]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=323
"NoDriveAutoRun"=67108863
"NoSMBalloonTip"=0
"NoDesktopCleanupWizard"=1
"NoDrives"=0
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"HonorAutoRunSetting"=1
"NoDriveAutoRun"=67108863
"NoDriveTypeAutoRun"=323
"NoDrives"=0
"NoResolveSearch"=1
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\Opera\opera.exe"="C:\Program Files\Opera\opera.exe:*:Enabled:Opera Internet Browser"
"C:\Program Files\uTorrent\uTorrent.exe"="C:\Program Files\uTorrent\uTorrent.exe:*:Enabled:µTorrent"
"C:\Program Files\ICQ7.1\ICQ.exe"="C:\Program Files\ICQ7.1\ICQ.exe:*:Enabled:ICQ7.1"
"C:\Program Files\ICQ7.1\aolload.exe"="C:\Program Files\ICQ7.1\aolload.exe:*:Enabled:aolload.exe"
"C:\Program Files\Pando Networks\Media Booster\PMB.exe"="C:\Program Files\Pando Networks\Media Booster\PMB.exe:*:Enabled:Pando Media Booster"
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\ICQ7.1\ICQ.exe"="C:\Program Files\ICQ7.1\ICQ.exe:*:Enabled:ICQ7.1"
"C:\Program Files\ICQ7.1\aolload.exe"="C:\Program Files\ICQ7.1\aolload.exe:*:Enabled:aolload.exe"
"C:\Program Files\Pando Networks\Media Booster\PMB.exe"="C:\Program Files\Pando Networks\Media Booster\PMB.exe:*:Enabled:Pando Media Booster"
======List of files/folders created in the last 1 months======
2010-11-22 18:42:01 ----D---- C:\WINDOWS\temp
2010-11-22 18:41:59 ----A---- C:\ComboFix.txt
2010-11-22 15:56:40 ----A---- C:\WINDOWS\system32\pyhu.exe
2010-11-22 15:56:24 ----RA---- C:\Documents and Settings\Hong\Application Data\BG0Ai.txt
2010-11-22 15:56:23 ----A---- C:\WINDOWS\system32\loosoujouzous.exe
2010-11-21 18:50:36 ----D---- C:\Documents and Settings\Hong\Application Data\Mumble
2010-11-21 18:50:03 ----D---- C:\Program Files\Mumble
2010-11-20 22:17:16 ----D---- C:\Program Files\The KMPlayer
2010-11-16 19:48:08 ----A---- C:\WINDOWS\IE4 Error Log.txt
2010-11-15 22:58:12 ----D---- C:\Documents and Settings\Hong\Application Data\TS3Client
2010-11-15 22:57:55 ----D---- C:\Program Files\TeamSpeak 3 Client
2010-11-14 21:42:33 ----D---- C:\Config.Msi
2010-11-14 19:02:10 ----RASHD---- C:\cmdcons
2010-11-14 18:44:16 ----D---- C:\rsit
2010-11-14 18:23:48 ----A---- C:\WINDOWS\zip.exe
2010-11-14 18:23:48 ----A---- C:\WINDOWS\SWXCACLS.exe
2010-11-14 18:23:48 ----A---- C:\WINDOWS\SWSC.exe
2010-11-14 18:23:48 ----A---- C:\WINDOWS\SWREG.exe
2010-11-14 18:23:48 ----A---- C:\WINDOWS\sed.exe
2010-11-14 18:23:48 ----A---- C:\WINDOWS\PEV.exe
2010-11-14 18:23:48 ----A---- C:\WINDOWS\NIRCMD.exe
2010-11-14 18:23:48 ----A---- C:\WINDOWS\MBR.exe
2010-11-14 18:23:48 ----A---- C:\WINDOWS\grep.exe
2010-11-14 18:22:58 ----D---- C:\Documents and Settings\All Users\Application Data\Lavasoft
2010-11-14 18:19:23 ----D---- C:\WINDOWS\ERDNT
2010-11-14 18:16:50 ----AD---- C:\Qoobox
2010-11-14 17:49:13 ----A---- C:\WINDOWS\ntbtlog.txt
2010-11-14 17:44:15 ----A---- C:\WINDOWS\SchedLgU.Txt
2010-11-14 13:10:32 ----A---- C:\WINDOWS\wininit.ini
2010-11-13 19:36:38 ----D---- C:\Program Files\Spybot - Search & Destroy
2010-11-13 19:36:38 ----D---- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2010-10-28 22:42:20 ----D---- C:\Documents and Settings\All Users\Application Data\Trymedia
======List of files/folders modified in the last 1 months======
2010-11-22 18:44:32 ----D---- C:\Program Files\Trend Micro
2010-11-22 18:42:01 ----D---- C:\WINDOWS\system32\drivers
2010-11-22 18:42:01 ----D---- C:\WINDOWS
2010-11-22 18:40:05 ----D---- C:\WINDOWS\system32\CatRoot2
2010-11-22 18:37:39 ----A---- C:\WINDOWS\system.ini
2010-11-22 18:37:19 ----D---- C:\WINDOWS\system32\drivers\etc
2010-11-22 18:34:20 ----D---- C:\WINDOWS\system32
2010-11-22 18:34:20 ----D---- C:\WINDOWS\AppPatch
2010-11-22 18:34:19 ----D---- C:\Program Files\Common Files
2010-11-22 18:20:45 ----D---- C:\WINDOWS\system32\config
2010-11-22 18:01:07 ----D---- C:\WINDOWS\Prefetch
2010-11-22 15:20:21 ----D---- C:\Documents and Settings\Hong\Application Data\ICQ
2010-11-21 20:44:09 ----A---- C:\WINDOWS\win.ini
2010-11-21 18:50:03 ----RD---- C:\Program Files
2010-11-20 22:15:36 ----D---- C:\Documents and Settings\Hong\Application Data\vlc
2010-11-18 21:21:35 ----SD---- C:\WINDOWS\Tasks
2010-11-18 11:25:37 ----A---- C:\WINDOWS\system32\PerfStringBackup.INI
2010-11-14 21:47:45 ----D---- C:\WINDOWS\pss
2010-11-14 21:42:39 ----SHD---- C:\WINDOWS\Installer
2010-11-14 21:42:28 ----DC---- C:\WINDOWS\system32\DRVSTORE
2010-11-14 19:02:16 ----RASH---- C:\boot.ini
2010-11-14 18:29:14 ----HD---- C:\WINDOWS\inf
2010-11-14 18:22:53 ----D---- C:\WINDOWS\WinSxS
2010-11-14 17:49:20 ----SHD---- C:\WINDOWS\CSC
2010-11-14 17:41:58 ----D---- C:\WINDOWS\system32\LogFiles
2010-11-14 17:30:46 ----D---- C:\WINDOWS\system32\appmgmt
2010-11-14 17:13:58 ----A---- C:\Boot.bak
2010-11-12 11:24:44 ----A---- C:\WINDOWS\NeroDigital.ini
2010-11-10 16:47:27 ----D---- C:\Documents and Settings\All Users\Application Data\Adobe
2010-11-10 16:47:07 ----D---- C:\Program Files\Adobe
2010-11-10 16:46:56 ----D---- C:\Program Files\Common Files\Adobe
2010-11-03 16:24:36 ----D---- C:\Documents and Settings\Hong\Application Data\uTorrent
2010-11-03 14:34:41 ----D---- C:\Documents and Settings\All Users\Application Data\Blizzard Entertainment
2010-11-02 18:52:46 ----D---- C:\Program Files\Common Files\Blizzard Entertainment
2010-10-31 23:24:24 ----D---- C:\Program Files\ICQ7.1
2010-10-28 22:30:23 ----RSD---- C:\WINDOWS\assembly
2010-10-28 22:30:04 ----D---- C:\WINDOWS\system32\DirectX
2010-10-26 15:59:15 ----D---- C:\Documents and Settings\Hong\Application Data\SystemRequirementsLab
======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
R0 nv_agp;NVIDIA nForce AGP Bus Filter; C:\WINDOWS\system32\DRIVERS\nv_agp.sys [2004-04-02 21760]
R0 nvatabus;nvatabus; C:\WINDOWS\system32\DRIVERS\nvatabus.sys [2004-06-03 79360]
R0 PxHelp20;PxHelp20; C:\WINDOWS\System32\Drivers\PxHelp20.sys [2009-04-28 44944]
R0 sptd;sptd; C:\WINDOWS\System32\Drivers\sptd.sys [2010-04-22 691696]
R0 WudfPf;Windows Driver Foundation - User-mode Driver Framework Platform Driver; C:\WINDOWS\system32\DRIVERS\WudfPf.sys [2008-01-18 77696]
R1 AFS2K;AFS2k; C:\WINDOWS\system32\drivers\AFS2K.sys [2010-06-02 82380]
R1 AmdK8;AMD Processor Driver; C:\WINDOWS\system32\DRIVERS\AmdK8.sys [2006-07-01 36864]
R2 {1BA31E5A-C098-42d8-8F88-3C9F78A2FDDC};Power Control [2010/07/11 13:05:02]; \??\D:\PowerDVD10\NavFilter\000.fcl []
R2 adfs;adfs; C:\WINDOWS\system32\drivers\adfs.sys [2008-08-14 74720]
R2 cpuz132;cpuz132; \??\C:\WINDOWS\system32\drivers\cpuz132_x32.sys []
R2 fssfltr;FssFltr; C:\WINDOWS\system32\DRIVERS\fssfltr_tdi.sys [2009-08-05 54752]
R3 ALCXWDM;Service for Realtek AC97 Audio (WDM); C:\WINDOWS\system32\drivers\ALCXWDM.SYS [2007-04-25 4030144]
R3 catchme;catchme; \??\C:\ComboFix\catchme.sys []
R3 mcdbus;Driver for MagicISO SCSI Host Controller; C:\WINDOWS\system32\DRIVERS\mcdbus.sys [2009-02-24 116736]
R3 nv;nv; C:\WINDOWS\system32\DRIVERS\nv4_mini.sys [2010-07-09 10604128]
R3 NVENETFD;NVIDIA nForce Networking Controller Driver; C:\WINDOWS\system32\DRIVERS\NVENETFD.sys [2005-04-06 33536]
R3 nvnetbus;NVIDIA Network Bus Enumerator; C:\WINDOWS\system32\DRIVERS\nvnetbus.sys [2005-04-06 12928]
R3 RTL8023xp;Realtek 10/100/1000 PCI NIC Family NDIS XP Driver; C:\WINDOWS\system32\DRIVERS\Rtnicxp.sys [2009-03-25 130432]
S3 afxzvxs2;afxzvxs2; C:\WINDOWS\system32\drivers\afxzvxs2.sys []
S3 BthEnum;Bluetooth Request Block Driver; C:\WINDOWS\system32\DRIVERS\BthEnum.sys [2008-04-14 17024]
S3 BTHMODEM;Bluetooth Modem Communications Driver; C:\WINDOWS\system32\DRIVERS\bthmodem.sys [2008-04-14 37888]
S3 BthPan;Bluetooth Device (Personal Area Network); C:\WINDOWS\system32\DRIVERS\bthpan.sys [2008-04-14 101120]
S3 BTHPORT;Bluetooth Port Driver; C:\WINDOWS\System32\Drivers\BTHport.sys [2008-06-13 272128]
S3 BTHUSB;Bluetooth Radio USB Driver; C:\WINDOWS\System32\Drivers\BTHUSB.sys [2008-04-14 18944]
S3 btkrnl;Bluetooth Bus Enumerator; C:\WINDOWS\system32\DRIVERS\btkrnl.sys []
S3 EagleNT;EagleNT; \??\C:\WINDOWS\system32\drivers\EagleNT.sys []
S3 GMSIPCI;GMSIPCI; \??\F:\INSTALL\GMSIPCI.SYS []
S3 HPZid412;IEEE-1284.4 Driver HPZid412; C:\WINDOWS\system32\DRIVERS\HPZid412.sys [2003-03-10 51024]
S3 HPZipr12;Print Class Driver for IEEE-1284.4 HPZipr12; C:\WINDOWS\system32\DRIVERS\HPZipr12.sys [2003-03-10 16080]
S3 HPZius12;USB to IEEE-1284.4 Translation Driver HPZius12; C:\WINDOWS\system32\DRIVERS\HPZius12.sys [2003-03-10 21456]
S3 mbr;mbr; \??\C:\DOCUME~1\Hong\LOCALS~1\Temp\mbr.sys []
S3 n558;N558 Bluetooth USB Filter Driver; C:\WINDOWS\System32\Drivers\n558.sys [2007-08-15 9600]
S3 nmwcd;Nokia USB Phone Parent; C:\WINDOWS\system32\drivers\ccdcmb.sys [2009-02-09 17664]
S3 nmwcdc;Nokia USB Generic; C:\WINDOWS\system32\drivers\ccdcmbo.sys [2009-02-09 22016]
S3 NVR0Dev;NVR0Dev; \??\C:\WINDOWS\nvoclock.sys []
S3 pccsmcfd;PCCS Mode Change Filter Driver; C:\WINDOWS\system32\DRIVERS\pccsmcfd.sys [2008-08-26 18816]
S3 RFCOMM;Bluetooth Device (RFCOMM Protocol TDI); C:\WINDOWS\system32\DRIVERS\rfcomm.sys [2008-04-14 59136]
S3 rtl8139;Realtek RTL8139(A/B/C)-based PCI Fast Ethernet Adapter NT Driver; C:\WINDOWS\system32\DRIVERS\RTL8139.SYS [2004-08-03 20992]
S3 SONYPVU1;Sony USB Filter Driver (SONYPVU1); C:\WINDOWS\system32\DRIVERS\SONYPVU1.SYS [2001-08-17 7552]
S3 upperdev;upperdev; C:\WINDOWS\system32\DRIVERS\usbser_lowerflt.sys [2009-02-09 7808]
S3 usbccgp;Microsoft USB Generic Parent Driver; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2008-04-14 32128]
S3 usbprint;Microsoft USB PRINTER Class; C:\WINDOWS\system32\DRIVERS\usbprint.sys [2008-04-14 25856]
S3 usbscan;USB Scanner Driver; C:\WINDOWS\system32\DRIVERS\usbscan.sys [2008-04-14 15104]
S3 usbser;USB Modem Driver; C:\WINDOWS\system32\drivers\usbser.sys [2008-04-14 26112]
S3 UsbserFilt;UsbserFilt; C:\WINDOWS\system32\DRIVERS\usbser_lowerfltj.sys [2009-02-09 7808]
S3 USBSTOR;USB Mass Storage Driver; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-14 26368]
S3 Wdf01000;Kernel Mode Driver Frameworks service; C:\WINDOWS\System32\Drivers\wdf01000.sys [2008-03-27 503008]
S3 WpdUsb;WpdUsb; C:\WINDOWS\system32\DRIVERS\wpdusb.sys [2006-10-19 38528]
S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; C:\WINDOWS\system32\DRIVERS\wudfrd.sys [2008-01-18 83328]
======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
R2 BthServ;Bluetooth Support Service; C:\WINDOWS\system32\svchost.exe [2008-04-14 14336]
R2 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS\system32\svchost.exe [2008-04-14 14336]
S2 u1thmtecye6;PowerUtility TV Recording Reservation; C:\WINDOWS\system32\pyhu.exe [2010-11-22 201216]
S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2008-07-25 34312]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2008-07-25 69632]
S3 FontCache3.0.0.0;Windows Presentation Foundation Font Cache 3.0.0.0; C:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe [2008-07-30 46104]
S3 Pml Driver HPZ12;Pml Driver HPZ12; C:\WINDOWS\system32\HPZipm12.exe [2003-03-10 65795]
S3 SwitchBoard;SwitchBoard; C:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-02-19 517096]
S4 FLEXnet Licensing Service;FLEXnet Licensing Service; C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe [2009-08-11 655624]
S4 fsssvc;Služba Bezpečnosť rodiny v službe Windows Live; C:\Program Files\Windows Live\Family Safety\fsssvc.exe [2009-08-05 704864]
S4 IDriverT;InstallDriver Table Manager; C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe [2005-11-14 69632]
S4 idsvc;Windows CardSpace; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe [2008-07-30 881664]
S4 JavaQuickStarterService;Java Quick Starter; C:\Program Files\Java\jre6\bin\jqs.exe [2009-02-14 152984]
S4 MDM;Machine Debug Manager; C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE [2003-06-20 322120]
S4 NetTcpPortSharing;Net.Tcp Port Sharing Service; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe [2008-07-30 132096]
S4 nTuneService;nTune Service; C:\Program Files\NVIDIA Corporation\nTune\nTuneService.exe [2007-09-04 131072]
S4 nvsvc;NVIDIA Display Driver Service; C:\WINDOWS\system32\nvsvc32.exe [2010-07-09 155752]
S4 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2003-07-29 89136]
S4 ServiceLayer;ServiceLayer; C:\Program Files\PC Connectivity Solution\ServiceLayer.exe [2009-06-02 637952]
S4 Viewpoint Manager Service;Viewpoint Manager Service; C:\Program Files\Viewpoint\Common\ViewpointService.exe [2007-01-04 24652]
S4 WMPNetworkSvc;Windows Media Player Network Sharing Service; C:\Program Files\Windows Media Player\WMPNetwk.exe [2006-10-19 913408]
-----------------EOF-----------------
Odvirování PC, zrychlení počítače, vzdálená pomoc prostřednictvím služby neslape.cz
FB virus asi...Pomoc
Moderátor: Moderátoři
Pravidla fóra
Pokud chcete pomoc, vložte log z FRST [návod zde] nebo RSIT [návod zde]
Jednotlivé thready budou po vyřešení uzamčeny. Stejně tak ty, které budou nečinné déle než 14 dní. Vizte Pravidlo o zamykání témat. Děkujeme za pochopení.
!NOVINKA!
Nově lze využívat služby vzdálené pomoci, kdy se k vašemu počítači připojí odborník a bližší informace o problému si od vás získá telefonicky! Více na www.neslape.cz
Pokud chcete pomoc, vložte log z FRST [návod zde] nebo RSIT [návod zde]
Jednotlivé thready budou po vyřešení uzamčeny. Stejně tak ty, které budou nečinné déle než 14 dní. Vizte Pravidlo o zamykání témat. Děkujeme za pochopení.
!NOVINKA!
Nově lze využívat služby vzdálené pomoci, kdy se k vašemu počítači připojí odborník a bližší informace o problému si od vás získá telefonicky! Více na www.neslape.cz
-
Hoong
- Návštěvník
- Příspěvky: 26
- Registrován: 01 led 2009 13:49
- Bydliště: Prešov Slovakia
- Kontaktovat uživatele:
Re: FB virus asi...Pomoc
ComboFix 10-11-22.05 - Hong 23.11.2010 15:51:36.13.1 - x86
Microsoft Windows XP Professional 5.1.2600.3.1250.421.1033.18.2559.2095 [GMT 1:00]
Running from: c:\documents and settings\Hong\Desktop\ComboFix.exe
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\documents and settings\Hong\Application Data\BG0Ai.txt
c:\windows\system32\loosoujouzous.exe
c:\windows\system32\pyhu.exe
c:\windows\system32\vinysooqu.exe
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
-------\Legacy_u1thmtecye6
-------\Legacy_uoza4yyk0e9m6
-------\Service_u1thmtecye6
-------\Service_uoza4yyk0e9m6
((((((((((((((((((((((((( Files Created from 2010-10-23 to 2010-11-23 )))))))))))))))))))))))))))))))
.
2010-11-21 17:50 . 2010-11-21 18:11 -------- d-----w- c:\documents and settings\Hong\Application Data\Mumble
2010-11-21 17:50 . 2010-11-21 17:50 -------- d-----w- c:\program files\Mumble
2010-11-20 21:17 . 2010-11-20 21:18 -------- d-----w- c:\program files\The KMPlayer
2010-11-15 21:58 . 2010-11-15 21:58 -------- d-----w- c:\documents and settings\Hong\Application Data\TS3Client
2010-11-15 21:57 . 2010-11-15 21:57 -------- d-----w- c:\program files\TeamSpeak 3 Client
2010-11-14 17:44 . 2010-11-14 17:44 -------- d-----w- C:\rsit
2010-11-14 17:23 . 2010-11-14 17:23 -------- d-----w- c:\documents and settings\Hong\Local Settings\Application Data\Sunbelt Software
2010-11-14 17:22 . 2010-11-14 20:42 -------- d-----w- c:\documents and settings\All Users\Application Data\Lavasoft
2010-11-14 16:41 . 2010-11-14 16:41 -------- d-----w- c:\documents and settings\Administrator\Local Settings\Application Data\Apple Computer
2010-11-14 16:28 . 2010-11-14 16:28 -------- d-----w- c:\documents and settings\Administrator\Local Settings\Application Data\ApplicationHistory
2010-11-13 18:36 . 2010-11-22 22:30 -------- d-----w- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2010-11-13 18:36 . 2010-11-14 11:40 -------- d-----w- c:\program files\Spybot - Search & Destroy
2010-10-28 21:42 . 2010-10-28 21:42 -------- d-----w- c:\documents and settings\All Users\Application Data\Trymedia
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-05-01 21:02 . 2009-05-01 21:02 1044480 ----a-w- c:\program files\opera\program\plugins\libdivx.dll
2009-05-01 21:02 . 2009-05-01 21:02 200704 ----a-w- c:\program files\opera\program\plugins\ssldivx.dll
.
------- Sigcheck -------
[7] 2009-12-22 . 5747867041C33E26DA5CC893C9532DB8 . 3071488 . . [6.00.2900.3660] . . c:\windows\$hf_mig$\KB978207\SP2QFE\mshtml.dll
[7] 2009-12-22 . A758F0891A87EE005848A0BC740A5B96 . 3071488 . . [6.00.2900.5921] . . c:\windows\$hf_mig$\KB978207\SP3GDR\mshtml.dll
[7] 2009-12-22 . AD17006339C1934D86449F335C241FF1 . 3073536 . . [6.00.2900.5921] . . c:\windows\$hf_mig$\KB978207\SP3QFE\mshtml.dll
[7] 2008-12-12 . B6DAA74E2ED36C71B502945589A683AE . 3067904 . . [6.00.2900.5726] . . c:\windows\$hf_mig$\KB960714\SP3QFE\mshtml.dll
[7] 2008-12-12 . C828AA1C5469E72251F3D367005E589F . 3067904 . . [6.00.2900.5726] . . c:\windows\SoftwareDistribution\Download\abbfe8992e55aa6ab630ccb81e3b1e56\backup\sp3gdr\mshtml.dll
[7] 2008-12-12 . C828AA1C5469E72251F3D367005E589F . 3067904 . . [6.00.2900.5726] . . c:\windows\SoftwareDistribution\Download\abbfe8992e55aa6ab630ccb81e3b1e56\backup\sp3qfe\mshtml.dll
[-] 2008-12-12 . CFC3D32583AB0EAE13E98A0492A4F5EF . 3444736 . . [6.00.2900.5726] . . c:\windows\system32\mshtml.dll
[7] 2008-10-16 . CC5A2205D37AE67CE23AB7FD3E1FDACA . 3067904 . . [6.00.2900.5694] . . c:\windows\$hf_mig$\KB958215\SP3QFE\mshtml.dll
[7] 2008-04-14 . A706E122B398FE1AB85CB9B75D044223 . 3066880 . . [6.00.2900.5512] . . c:\windows\ServicePackFiles\i386\mshtml.dll
[7] 2008-04-14 . A706E122B398FE1AB85CB9B75D044223 . 3066880 . . [6.00.2900.5512] . . c:\windows\SoftwareDistribution\Download\9866fb57abdc0ea2f5d4e132d055ba4e\mshtml.dll
[7] 2004-08-03 . 376E0843B2356CA91CEC8D9837A56FF7 . 3003392 . . [6.00.2900.2180] . . c:\windows\SoftwareDistribution\Download\2bc0b3c55e0c166e04844934d1c7c342\backup\mshtml.dll
[7] 2009-02-08 . EFE8EACE83EAAD5849A7A548FB75B584 . 2189184 . . [5.1.2600.5755] . . c:\windows\$hf_mig$\KB956572\SP3QFE\ntoskrnl.exe
[7] 2009-02-06 . FACEBB0CA3154F77009CDFEE78A00BBB . 2180480 . . [5.1.2600.3520] . . c:\windows\$NtServicePackUninstall$\ntoskrnl.exe
[7] 2009-02-06 . 7A95B10A73737EBF24139AAA63F5212B . 2189056 . . [5.1.2600.5755] . . c:\windows\$hf_mig$\KB956572\SP3GDR\ntoskrnl.exe
[7] 2009-02-06 . 6A936E9D7BADAF3CAAEED1E1966EC1B0 . 2186112 . . [5.1.2600.3520] . . c:\windows\$hf_mig$\KB956572\SP2QFE\ntoskrnl.exe
[7] 2008-08-15 . 31914172342BFF330063F343AC6958FE . 2189184 . . [5.1.2600.5657] . . c:\windows\$hf_mig$\KB956841\SP3QFE\ntoskrnl.exe
[7] 2008-08-14 . EEAF32F8E15A24F62BECB1BD403BB5C5 . 2189184 . . [5.1.2600.5657] . . c:\windows\Driver Cache\i386\ntoskrnl.exe
[-] 2008-08-14 . 24F1370B92B402AEFE07D50E0668194A . 2197888 . . [5.1.2600.5657] . . c:\windows\system32\ntoskrnl.exe
[7] 2008-04-13 . 0C89243C7C3EE199B96FCC16990E0679 . 2188928 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\ntoskrnl.exe
[7] 2008-04-13 . 0C89243C7C3EE199B96FCC16990E0679 . 2188928 . . [5.1.2600.5512] . . c:\windows\SoftwareDistribution\Download\9866fb57abdc0ea2f5d4e132d055ba4e\ntoskrnl.exe
[7] 2004-08-03 . CE218BC7088681FAA06633E218596CA7 . 2180992 . . [5.1.2600.2180] . . c:\windows\SoftwareDistribution\Download\2bc0b3c55e0c166e04844934d1c7c342\backup\ntoskrnl.exe
[-] 2008-04-14 . BF09E580BA8E3846F9E107B5A7041837 . 4919296 . . [6.00.2900.5512] . . c:\windows\explorer.exe
[-] 2008-04-14 . BF09E580BA8E3846F9E107B5A7041837 . 4919296 . . [6.00.2900.5512] . . c:\windows\ServicePackFiles\i386\explorer.exe
[-] 2008-04-14 . EE5BB6E5C76B793C9F58AAC68ED18D79 . 1480192 . . [6.00.2900.5512] . . c:\windows\VCP_SAVE\explorer.exe
[7] 2008-04-14 . 12896823FB95BFB3DC9B46BCAEDC9923 . 1033728 . . [6.00.2900.5512] . . c:\windows\SoftwareDistribution\Download\9866fb57abdc0ea2f5d4e132d055ba4e\explorer.exe
[7] 2004-08-03 . A0732187050030AE399B241436565E64 . 1032192 . . [6.00.2900.2180] . . c:\windows\$NtServicePackUninstall$\explorer.exe
[7] 2004-08-03 . A0732187050030AE399B241436565E64 . 1032192 . . [6.00.2900.2180] . . c:\windows\SoftwareDistribution\Download\2bc0b3c55e0c166e04844934d1c7c342\backup\explorer.exe
[7] 2009-02-08 . 5BA7F2141BC6DB06100D0E5A732C617A . 2066048 . . [5.1.2600.5755] . . c:\windows\$hf_mig$\KB956572\SP3GDR\ntkrnlpa.exe
[7] 2009-02-06 . 3006410E24772CC6953F0B5C01BEB35F . 2057728 . . [5.1.2600.3520] . . c:\windows\$NtServicePackUninstall$\ntkrnlpa.exe
[7] 2009-02-06 . 607352B9CB3D708C67F6039097801B5A . 2066176 . . [5.1.2600.5755] . . c:\windows\$hf_mig$\KB956572\SP3QFE\ntkrnlpa.exe
[7] 2009-02-06 . 9D832AF3FD1917DB0E1E8B2F000A2E3A . 2062976 . . [5.1.2600.3520] . . c:\windows\$hf_mig$\KB956572\SP2QFE\ntkrnlpa.exe
[7] 2008-08-14 . A25E9B86EFFB2AF33BF51E676B68BFB0 . 2066048 . . [5.1.2600.5657] . . c:\windows\$hf_mig$\KB956841\SP3QFE\ntkrnlpa.exe
[7] 2008-08-14 . 4AC58F03EB94A72809949D757FC39D80 . 2066048 . . [5.1.2600.5657] . . c:\windows\Driver Cache\i386\ntkrnlpa.exe
[-] 2008-08-14 . 0AD2A07C291E051CBCF90EED4F1D87B6 . 2074752 . . [5.1.2600.5657] . . c:\windows\system32\ntkrnlpa.exe
[7] 2008-04-13 . 109F8E3E3C82E337BB71B6BC9B895D61 . 2065792 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\ntkrnlpa.exe
[7] 2008-04-13 . 109F8E3E3C82E337BB71B6BC9B895D61 . 2065792 . . [5.1.2600.5512] . . c:\windows\SoftwareDistribution\Download\9866fb57abdc0ea2f5d4e132d055ba4e\ntkrnlpa.exe
[7] 2004-08-03 . 947FB1D86D14AFCFFDB54BF837EC25D0 . 2056832 . . [5.1.2600.2180] . . c:\windows\SoftwareDistribution\Download\2bc0b3c55e0c166e04844934d1c7c342\backup\ntkrnlpa.exe
[7] 2008-04-14 . 55794B97A7FAABD2910873C85274F409 . 93184 . . [6.00.2900.5512] . . c:\windows\ServicePackFiles\i386\iexplore.exe
[7] 2008-04-14 . 55794B97A7FAABD2910873C85274F409 . 93184 . . [6.00.2900.5512] . . c:\windows\SoftwareDistribution\Download\9866fb57abdc0ea2f5d4e132d055ba4e\iexplore.exe
[7] 2004-08-03 . E7484514C0464642BE7B4DC2689354C8 . 93184 . . [6.00.2900.2180] . . c:\windows\$NtServicePackUninstall$\iexplore.exe
[7] 2004-08-03 . E7484514C0464642BE7B4DC2689354C8 . 93184 . . [6.00.2900.2180] . . c:\windows\SoftwareDistribution\Download\2bc0b3c55e0c166e04844934d1c7c342\backup\iexplore.exe
.
((((((((((((((((((((((((((((( SnapShot@2010-11-14_20.49.06 )))))))))))))))))))))))))))))))))))))))))
.
- 2001-08-23 12:00 . 2010-11-12 18:07 72590 c:\windows\system32\perfc009.dat
+ 2001-08-23 12:00 . 2010-11-23 10:20 72590 c:\windows\system32\perfc009.dat
+ 2001-08-23 12:00 . 2010-11-23 10:20 444524 c:\windows\system32\perfh009.dat
- 2001-08-23 12:00 . 2010-11-12 18:07 444524 c:\windows\system32\perfh009.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"BluetoothAuthenticationAgent"="bthprops.cpl" [2008-04-14 110592]
"NVMixerTray"="c:\program files\NVIDIA Corporation\NvMixer\NVMixerTray.exe" [2004-06-03 131072]
"SoundMan"="SOUNDMAN.EXE" [2007-04-16 577536]
"nwiz"="c:\program files\NVIDIA Corporation\nView\nwiz.exe" [2010-07-07 1753192]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2010-07-09 110696]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2010-07-09 13923432]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2010-09-23 35760]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-09-20 932288]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
c:\documents and settings\All Users\Start Menu\Programs\Startup\
hp psc 1000 series.lnk - c:\program files\Hewlett-Packard\Digital Imaging\bin\hpohmr08.exe [2003-4-6 147456]
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoSMBalloonTip"= 0 (0x0)
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^hpoddt01.exe.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\hpoddt01.exe.lnk
backup=c:\windows\pss\hpoddt01.exe.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^Hong^Start Menu^Programs^Startup^0ddzppl.exe]
path=c:\documents and settings\Hong\Start Menu\Programs\Startup\0ddzppl.exe
backup=c:\windows\pss\0ddzppl.exeStartup
[HKLM\~\startupfolder\C:^Documents and Settings^Hong^Start Menu^Programs^Startup^5n0tup8.exe]
path=c:\documents and settings\Hong\Start Menu\Programs\Startup\5n0tup8.exe
backup=c:\windows\pss\5n0tup8.exeStartup
[HKLM\~\startupfolder\C:^Documents and Settings^Hong^Start Menu^Programs^Startup^a1wssneezq.exe]
path=c:\documents and settings\Hong\Start Menu\Programs\Startup\a1wssneezq.exe
backup=c:\windows\pss\a1wssneezq.exeStartup
[HKLM\~\startupfolder\C:^Documents and Settings^Hong^Start Menu^Programs^Startup^a3mc1ijj.exe]
path=c:\documents and settings\Hong\Start Menu\Programs\Startup\a3mc1ijj.exe
backup=c:\windows\pss\a3mc1ijj.exeStartup
[HKLM\~\startupfolder\C:^Documents and Settings^Hong^Start Menu^Programs^Startup^Adobe Gamma.lnk]
path=c:\documents and settings\Hong\Start Menu\Programs\Startup\Adobe Gamma.lnk
backup=c:\windows\pss\Adobe Gamma.lnkStartup
[HKLM\~\startupfolder\C:^Documents and Settings^Hong^Start Menu^Programs^Startup^avbg3ss3.exe]
path=c:\documents and settings\Hong\Start Menu\Programs\Startup\avbg3ss3.exe
backup=c:\windows\pss\avbg3ss3.exeStartup
[HKLM\~\startupfolder\C:^Documents and Settings^Hong^Start Menu^Programs^Startup^bhxnijjf.exe]
path=c:\documents and settings\Hong\Start Menu\Programs\Startup\bhxnijjf.exe
backup=c:\windows\pss\bhxnijjf.exeStartup
[HKLM\~\startupfolder\C:^Documents and Settings^Hong^Start Menu^Programs^Startup^cxxotup83.exe]
path=c:\documents and settings\Hong\Start Menu\Programs\Startup\cxxotup83.exe
backup=c:\windows\pss\cxxotup83.exeStartup
[HKLM\~\startupfolder\C:^Documents and Settings^Hong^Start Menu^Programs^Startup^fagg3ss3ee1.exe]
path=c:\documents and settings\Hong\Start Menu\Programs\Startup\fagg3ss3ee1.exe
backup=c:\windows\pss\fagg3ss3ee1.exeStartup
[HKLM\~\startupfolder\C:^Documents and Settings^Hong^Start Menu^Programs^Startup^g70hdyy6k.exe]
path=c:\documents and settings\Hong\Start Menu\Programs\Startup\g70hdyy6k.exe
backup=c:\windows\pss\g70hdyy6k.exeStartup
[HKLM\~\startupfolder\C:^Documents and Settings^Hong^Start Menu^Programs^Startup^i3uuklq8.exe]
path=c:\documents and settings\Hong\Start Menu\Programs\Startup\i3uuklq8.exe
backup=c:\windows\pss\i3uuklq8.exeStartup
[HKLM\~\startupfolder\C:^Documents and Settings^Hong^Start Menu^Programs^Startup^i3uuklq860.exe]
path=c:\documents and settings\Hong\Start Menu\Programs\Startup\i3uuklq860.exe
backup=c:\windows\pss\i3uuklq860.exeStartup
[HKLM\~\startupfolder\C:^Documents and Settings^Hong^Start Menu^Programs^Startup^lwhns3ee1q.exe]
path=c:\documents and settings\Hong\Start Menu\Programs\Startup\lwhns3ee1q.exe
backup=c:\windows\pss\lwhns3ee1q.exeStartup
[HKLM\~\startupfolder\C:^Documents and Settings^Hong^Start Menu^Programs^Startup^MagicDisc.lnk]
path=c:\documents and settings\Hong\Start Menu\Programs\Startup\MagicDisc.lnk
backup=c:\windows\pss\MagicDisc.lnkStartup
[HKLM\~\startupfolder\C:^Documents and Settings^Hong^Start Menu^Programs^Startup^OpenOffice.org 3.0.lnk]
path=c:\documents and settings\Hong\Start Menu\Programs\Startup\OpenOffice.org 3.0.lnk
backup=c:\windows\pss\OpenOffice.org 3.0.lnkStartup
[HKLM\~\startupfolder\C:^Documents and Settings^Hong^Start Menu^Programs^Startup^riddzpplq3.exe]
path=c:\documents and settings\Hong\Start Menu\Programs\Startup\riddzpplq3.exe
backup=c:\windows\pss\riddzpplq3.exeStartup
[HKLM\~\startupfolder\C:^Documents and Settings^Hong^Start Menu^Programs^Startup^rrnddzpplbb.exe]
path=c:\documents and settings\Hong\Start Menu\Programs\Startup\rrnddzpplbb.exe
backup=c:\windows\pss\rrnddzpplbb.exeStartup
[HKLM\~\startupfolder\C:^Documents and Settings^Hong^Start Menu^Programs^Startup^s86e81qbcxd.exe]
path=c:\documents and settings\Hong\Start Menu\Programs\Startup\s86e81qbcxd.exe
backup=c:\windows\pss\s86e81qbcxd.exeStartup
[HKLM\~\startupfolder\C:^Documents and Settings^Hong^Start Menu^Programs^Startup^uk0g3ss3ee1.exe]
path=c:\documents and settings\Hong\Start Menu\Programs\Startup\uk0g3ss3ee1.exe
backup=c:\windows\pss\uk0g3ss3ee1.exeStartup
[HKLM\~\startupfolder\C:^Documents and Settings^Hong^Start Menu^Programs^Startup^vmmhyytk.exe]
path=c:\documents and settings\Hong\Start Menu\Programs\Startup\vmmhyytk.exe
backup=c:\windows\pss\vmmhyytk.exeStartup
[HKLM\~\startupfolder\C:^Documents and Settings^Hong^Start Menu^Programs^Startup^w0xnijjfk3.exe]
path=c:\documents and settings\Hong\Start Menu\Programs\Startup\w0xnijjfk3.exe
backup=c:\windows\pss\w0xnijjfk3.exeStartup
[HKLM\~\startupfolder\C:^Documents and Settings^Hong^Start Menu^Programs^Startup^whx9ye0k3w.exe]
path=c:\documents and settings\Hong\Start Menu\Programs\Startup\whx9ye0k3w.exe
backup=c:\windows\pss\whx9ye0k3w.exeStartup
[HKLM\~\startupfolder\C:^Documents and Settings^Hong^Start Menu^Programs^Startup^WinFlip.lnk]
path=c:\documents and settings\Hong\Start Menu\Programs\Startup\WinFlip.lnk
backup=c:\windows\pss\WinFlip.lnkStartup
[HKLM\~\startupfolder\C:^Documents and Settings^Hong^Start Menu^Programs^Startup^y8703g0hxd6.exe]
path=c:\documents and settings\Hong\Start Menu\Programs\Startup\y8703g0hxd6.exe
backup=c:\windows\pss\y8703g0hxd6.exeStartup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
2010-09-20 22:07 932288 ----a-r- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
2010-09-23 03:47 35760 ----a-w- c:\program files\Adobe\Reader 9.0\Reader\reader_sl.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AdobeAAMUpdater-1.0]
2010-03-06 01:44 500208 ------w- c:\program files\Common Files\Adobe\OOBE\PDApp\UWA\updaterstartuputility.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AdobeCS4ServiceManager]
2008-08-14 05:58 611712 ----a-w- c:\program files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AdobeCS5ServiceManager]
2010-07-22 21:10 402432 ----a-w- c:\program files\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BDRegion]
2010-06-28 20:50 75048 ----a-w- c:\program files\Cyberlink\Shared files\brs.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools Lite]
2010-04-01 09:16 357696 ----a-w- c:\program files\DAEMON Tools Lite\DTLite.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DivXUpdate]
2010-04-12 22:46 1135912 ----a-w- c:\program files\DivX\DivX Update\DivXUpdate.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Update]
2009-09-24 16:57 133104 ----atw- c:\documents and settings\Hong\Local Settings\Application Data\Google\Update\GoogleUpdate.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ICQ]
2010-10-27 12:20 133432 ----a-w- c:\program files\ICQ7.1\ICQ.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\msnmsgr]
2009-07-26 15:44 3883856 ----a-w- c:\program files\Windows Live\Messenger\msnmsgr.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
2001-07-09 19:50 155648 ----a-w- c:\windows\system32\NeroCheck.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NVIDIA nTune]
2007-09-04 18:25 81920 ----a-w- c:\program files\NVIDIA Corporation\nTune\nTuneCmd.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvMediaCenter]
2010-07-09 14:24 110696 ----a-w- c:\windows\system32\nvmctray.dll
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2009-05-26 15:18 413696 ----a-w- c:\program files\QuickTime\QTTask.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RemoteControl10]
2010-02-02 22:08 87336 ------w- d:\powerdvd10\PDVD10Serv.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2009-02-14 22:12 148888 ----a-w- c:\program files\Java\jre6\bin\jusched.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SwitchBoard]
2010-02-19 11:37 517096 ----a-w- c:\program files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinampAgent]
2010-07-12 16:32 74752 ----a-w- c:\program files\Winamp\winampa.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"ose"=3 (0x3)
"idsvc"=3 (0x3)
"ICQ Service"=2 (0x2)
"WZCSVC"=2 (0x2)
"wuauserv"=2 (0x2)
"wscsvc"=2 (0x2)
"JavaQuickStarterService"=2 (0x2)
"NetTcpPortSharing"=2 (0x2)
"WMPNetworkSvc"=3 (0x3)
"gusvc"=2 (0x2)
"gupdate1c9aca3419ed106"=2 (0x2)
"Viewpoint Manager Service"=2 (0x2)
"MDM"=2 (0x2)
"Adobe LM Service"=3 (0x3)
"ServiceLayer"=3 (0x3)
"IDriverT"=3 (0x3)
"fsssvc"=3 (0x3)
"FLEXnet Licensing Service"=3 (0x3)
"nvsvc"=2 (0x2)
"nTuneService"=2 (0x2)
"CachemanXPService"=3 (0x3)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Opera\\opera.exe"=
"c:\\Program Files\\uTorrent\\uTorrent.exe"=
"c:\\Program Files\\ICQ7.1\\ICQ.exe"=
"c:\\Program Files\\ICQ7.1\\aolload.exe"=
"c:\\Program Files\\Pando Networks\\Media Booster\\PMB.exe"=
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"57447:TCP"= 57447:TCP:Pando Media Booster
"57447:UDP"= 57447:UDP:Pando Media Booster
R0 sptd;sptd;c:\windows\system32\drivers\sptd.sys [16.2.2009 4:57 691696]
R2 {1BA31E5A-C098-42d8-8F88-3C9F78A2FDDC};Power Control [2010/07/11 13:05];d:\powerdvd10\NavFilter\000.fcl [28.6.2010 21:50 87536]
S3 SwitchBoard;SwitchBoard;c:\program files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [19.2.2010 12:37 517096]
S4 Viewpoint Manager Service;Viewpoint Manager Service;c:\program files\Viewpoint\Common\ViewpointService.exe [23.8.2009 15:35 24652]
.
Contents of the 'Scheduled Tasks' folder
2010-11-21 c:\windows\Tasks\AdobeAAMUpdater-1.0-FAJKOS-Hong.job
- c:\program files\Common Files\Adobe\OOBE\PDApp\UWA\updaterstartuputility.exe [2010-05-13 01:44]
2010-11-14 c:\windows\Tasks\FRU Task 2003-04-06 08:52ewlett-Packard2003-04-06 08:52p psc 1200 series5E771253C1676EBED677BF361FDFC537825E15B8275498585.job
- c:\program files\Hewlett-Packard\Digital Imaging\Bin\hpqfrucl.exe [2003-04-05 22:52]
2010-11-23 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-789336058-839522115-1617979688-1003Core.job
- c:\documents and settings\Hong\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2009-09-24 16:57]
2010-11-23 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-789336058-839522115-1617979688-1003UA.job
- c:\documents and settings\Hong\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2009-09-24 16:57]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://fullarticles.net
mStart Page = hxxp://www.games-fusion.net
IE: {{71BFC818-0CED-42D6-9C87-5142918957EE} - c:\program files\ICQ7.1\ICQ.exe
Trusted Zone: com.tw\asia.msi
Trusted Zone: com.tw\global.msi
Trusted Zone: com.tw\www.msi
FF - ProfilePath - c:\documents and settings\Hong\Application Data\Mozilla\Firefox\Profiles\gb2ngkbk.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.live.com/results.aspx?FORM=IEFM1&q=
FF - prefs.js: browser.search.selectedEngine - ICQ Search
FF - prefs.js: browser.startup.homepage - hxxp://www.facebook.com/
FF - prefs.js: keyword.URL - hxxp://search.icq.com/search/afe_results.php?ch_id=afex&tb_ver=2.0.0.2&q=
FF - prefs.js: network.proxy.type - 2
FF - component: c:\documents and settings\Hong\Application Data\Mozilla\Firefox\Profiles\gb2ngkbk.default\extensions\DTToolbar@toolbarnet.com\components\DTToolbarFF.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
---- FIREFOX POLICIES ----
FF - user.js: browser.cache.memory.capacity - 65536
FF - user.js: browser.display.show_image_placeholders - true
FF - user.js: browser.chrome.favicons - false
FF - user.js: browser.turbo.enabled - true
FF - user.js: browser.urlbar.autocomplete.enabled - true
FF - user.js: browser.urlbar.autofill - true
FF - user.js: content.interrupt.parsing - true
FF - user.js: content.max.tokenizing.time - 2250000
FF - user.js: content.notify.backoffcount - 5
FF - user.js: content.notify.interval - 750000
FF - user.js: content.notify.ontimer - true
FF - user.js: content.switch.threshold - 750000
FF - user.js: network.http.max-connections - 48
FF - user.js: network.http.max-connections-per-server - 16
FF - user.js: network.http.max-persistent-connections-per-proxy - 16
FF - user.js: network.http.max-persistent-connections-per-server - 8
FF - user.js: network.http.pipelining - true
FF - user.js: network.http.pipelining.firstrequest - true
FF - user.js: network.http.pipelining.maxrequests - 8
FF - user.js: network.http.proxy.pipelining - true
FF - user.js: network.http.request.max-start-delay - 0
FF - user.js: nglayout.initialpaint.delay - 0
FF - user.js: plugin.expose_full_path - true
FF - user.js: ui.submenuDelay - 0
c:\program files\Mozilla Firefox\defaults\pref\firefox-l10n.js - pref("browser.fixup.alternate.suffix", ".sk");
.
- - - - ORPHANS REMOVED - - - -
HKLM-Run-mupoga - c:\windows\system32\loosoujouzous.exe
HKLM-Run-jyku - c:\windows\system32\kouloomorou.exe
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-11-23 15:58
Windows 5.1.2600 Service Pack 3 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
[HKEY_LOCAL_MACHINE\System\ControlSet005\Services\{1BA31E5A-C098-42d8-8F88-3C9F78A2FDDC}]
"ImagePath"="\??\d:\powerdvd10\NavFilter\000.fcl"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
[HKEY_USERS\S-1-5-21-789336058-839522115-1617979688-1003\Software\Microsoft\SystemCertificates\AddressBook*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)
.
--------------------- DLLs Loaded Under Running Processes ---------------------
- - - - - - - > 'winlogon.exe'(924)
c:\program files\Common Files\Adobe\Adobe Drive CS4\AdobeDriveCS4_NP.dll
c:\windows\system32\cscui.dll
- - - - - - - > 'explorer.exe'(3192)
c:\windows\system32\SETUPAPI.dll
c:\windows\system32\WPDShServiceObj.dll
c:\program files\Nokia\Nokia PC Suite 7\PhoneBrowser.dll
c:\program files\Nokia\Nokia PC Suite 7\NGSCM.DLL
c:\program files\Nokia\Nokia PC Suite 7\Lang\PhoneBrowser_cze.nlr
c:\program files\Nokia\Nokia PC Suite 7\Resource\PhoneBrowser_Nokia.ngr
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\rundll32.exe
c:\windows\SOUNDMAN.EXE
c:\windows\system32\RUNDLL32.EXE
c:\program files\Hewlett-Packard\Digital Imaging\bin\hpoevm08.exe
c:\windows\system32\wscntfy.exe
c:\program files\Hewlett-Packard\Digital Imaging\Bin\hpoSTS08.exe
.
**************************************************************************
.
Completion time: 2010-11-23 16:03:44 - machine was rebooted
ComboFix-quarantined-files.txt 2010-11-23 15:03
ComboFix2.txt 2010-11-22 17:41
ComboFix3.txt 2010-11-22 17:26
ComboFix4.txt 2010-11-22 17:09
ComboFix5.txt 2010-11-23 14:49
Pre-Run: 46 376 607 744 bytes free
Post-Run: 46 361 382 912 bytes free
- - End Of File - - 11AA335B702FF683CB4F341AC5FABD7A
Microsoft Windows XP Professional 5.1.2600.3.1250.421.1033.18.2559.2095 [GMT 1:00]
Running from: c:\documents and settings\Hong\Desktop\ComboFix.exe
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\documents and settings\Hong\Application Data\BG0Ai.txt
c:\windows\system32\loosoujouzous.exe
c:\windows\system32\pyhu.exe
c:\windows\system32\vinysooqu.exe
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
-------\Legacy_u1thmtecye6
-------\Legacy_uoza4yyk0e9m6
-------\Service_u1thmtecye6
-------\Service_uoza4yyk0e9m6
((((((((((((((((((((((((( Files Created from 2010-10-23 to 2010-11-23 )))))))))))))))))))))))))))))))
.
2010-11-21 17:50 . 2010-11-21 18:11 -------- d-----w- c:\documents and settings\Hong\Application Data\Mumble
2010-11-21 17:50 . 2010-11-21 17:50 -------- d-----w- c:\program files\Mumble
2010-11-20 21:17 . 2010-11-20 21:18 -------- d-----w- c:\program files\The KMPlayer
2010-11-15 21:58 . 2010-11-15 21:58 -------- d-----w- c:\documents and settings\Hong\Application Data\TS3Client
2010-11-15 21:57 . 2010-11-15 21:57 -------- d-----w- c:\program files\TeamSpeak 3 Client
2010-11-14 17:44 . 2010-11-14 17:44 -------- d-----w- C:\rsit
2010-11-14 17:23 . 2010-11-14 17:23 -------- d-----w- c:\documents and settings\Hong\Local Settings\Application Data\Sunbelt Software
2010-11-14 17:22 . 2010-11-14 20:42 -------- d-----w- c:\documents and settings\All Users\Application Data\Lavasoft
2010-11-14 16:41 . 2010-11-14 16:41 -------- d-----w- c:\documents and settings\Administrator\Local Settings\Application Data\Apple Computer
2010-11-14 16:28 . 2010-11-14 16:28 -------- d-----w- c:\documents and settings\Administrator\Local Settings\Application Data\ApplicationHistory
2010-11-13 18:36 . 2010-11-22 22:30 -------- d-----w- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2010-11-13 18:36 . 2010-11-14 11:40 -------- d-----w- c:\program files\Spybot - Search & Destroy
2010-10-28 21:42 . 2010-10-28 21:42 -------- d-----w- c:\documents and settings\All Users\Application Data\Trymedia
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-05-01 21:02 . 2009-05-01 21:02 1044480 ----a-w- c:\program files\opera\program\plugins\libdivx.dll
2009-05-01 21:02 . 2009-05-01 21:02 200704 ----a-w- c:\program files\opera\program\plugins\ssldivx.dll
.
------- Sigcheck -------
[7] 2009-12-22 . 5747867041C33E26DA5CC893C9532DB8 . 3071488 . . [6.00.2900.3660] . . c:\windows\$hf_mig$\KB978207\SP2QFE\mshtml.dll
[7] 2009-12-22 . A758F0891A87EE005848A0BC740A5B96 . 3071488 . . [6.00.2900.5921] . . c:\windows\$hf_mig$\KB978207\SP3GDR\mshtml.dll
[7] 2009-12-22 . AD17006339C1934D86449F335C241FF1 . 3073536 . . [6.00.2900.5921] . . c:\windows\$hf_mig$\KB978207\SP3QFE\mshtml.dll
[7] 2008-12-12 . B6DAA74E2ED36C71B502945589A683AE . 3067904 . . [6.00.2900.5726] . . c:\windows\$hf_mig$\KB960714\SP3QFE\mshtml.dll
[7] 2008-12-12 . C828AA1C5469E72251F3D367005E589F . 3067904 . . [6.00.2900.5726] . . c:\windows\SoftwareDistribution\Download\abbfe8992e55aa6ab630ccb81e3b1e56\backup\sp3gdr\mshtml.dll
[7] 2008-12-12 . C828AA1C5469E72251F3D367005E589F . 3067904 . . [6.00.2900.5726] . . c:\windows\SoftwareDistribution\Download\abbfe8992e55aa6ab630ccb81e3b1e56\backup\sp3qfe\mshtml.dll
[-] 2008-12-12 . CFC3D32583AB0EAE13E98A0492A4F5EF . 3444736 . . [6.00.2900.5726] . . c:\windows\system32\mshtml.dll
[7] 2008-10-16 . CC5A2205D37AE67CE23AB7FD3E1FDACA . 3067904 . . [6.00.2900.5694] . . c:\windows\$hf_mig$\KB958215\SP3QFE\mshtml.dll
[7] 2008-04-14 . A706E122B398FE1AB85CB9B75D044223 . 3066880 . . [6.00.2900.5512] . . c:\windows\ServicePackFiles\i386\mshtml.dll
[7] 2008-04-14 . A706E122B398FE1AB85CB9B75D044223 . 3066880 . . [6.00.2900.5512] . . c:\windows\SoftwareDistribution\Download\9866fb57abdc0ea2f5d4e132d055ba4e\mshtml.dll
[7] 2004-08-03 . 376E0843B2356CA91CEC8D9837A56FF7 . 3003392 . . [6.00.2900.2180] . . c:\windows\SoftwareDistribution\Download\2bc0b3c55e0c166e04844934d1c7c342\backup\mshtml.dll
[7] 2009-02-08 . EFE8EACE83EAAD5849A7A548FB75B584 . 2189184 . . [5.1.2600.5755] . . c:\windows\$hf_mig$\KB956572\SP3QFE\ntoskrnl.exe
[7] 2009-02-06 . FACEBB0CA3154F77009CDFEE78A00BBB . 2180480 . . [5.1.2600.3520] . . c:\windows\$NtServicePackUninstall$\ntoskrnl.exe
[7] 2009-02-06 . 7A95B10A73737EBF24139AAA63F5212B . 2189056 . . [5.1.2600.5755] . . c:\windows\$hf_mig$\KB956572\SP3GDR\ntoskrnl.exe
[7] 2009-02-06 . 6A936E9D7BADAF3CAAEED1E1966EC1B0 . 2186112 . . [5.1.2600.3520] . . c:\windows\$hf_mig$\KB956572\SP2QFE\ntoskrnl.exe
[7] 2008-08-15 . 31914172342BFF330063F343AC6958FE . 2189184 . . [5.1.2600.5657] . . c:\windows\$hf_mig$\KB956841\SP3QFE\ntoskrnl.exe
[7] 2008-08-14 . EEAF32F8E15A24F62BECB1BD403BB5C5 . 2189184 . . [5.1.2600.5657] . . c:\windows\Driver Cache\i386\ntoskrnl.exe
[-] 2008-08-14 . 24F1370B92B402AEFE07D50E0668194A . 2197888 . . [5.1.2600.5657] . . c:\windows\system32\ntoskrnl.exe
[7] 2008-04-13 . 0C89243C7C3EE199B96FCC16990E0679 . 2188928 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\ntoskrnl.exe
[7] 2008-04-13 . 0C89243C7C3EE199B96FCC16990E0679 . 2188928 . . [5.1.2600.5512] . . c:\windows\SoftwareDistribution\Download\9866fb57abdc0ea2f5d4e132d055ba4e\ntoskrnl.exe
[7] 2004-08-03 . CE218BC7088681FAA06633E218596CA7 . 2180992 . . [5.1.2600.2180] . . c:\windows\SoftwareDistribution\Download\2bc0b3c55e0c166e04844934d1c7c342\backup\ntoskrnl.exe
[-] 2008-04-14 . BF09E580BA8E3846F9E107B5A7041837 . 4919296 . . [6.00.2900.5512] . . c:\windows\explorer.exe
[-] 2008-04-14 . BF09E580BA8E3846F9E107B5A7041837 . 4919296 . . [6.00.2900.5512] . . c:\windows\ServicePackFiles\i386\explorer.exe
[-] 2008-04-14 . EE5BB6E5C76B793C9F58AAC68ED18D79 . 1480192 . . [6.00.2900.5512] . . c:\windows\VCP_SAVE\explorer.exe
[7] 2008-04-14 . 12896823FB95BFB3DC9B46BCAEDC9923 . 1033728 . . [6.00.2900.5512] . . c:\windows\SoftwareDistribution\Download\9866fb57abdc0ea2f5d4e132d055ba4e\explorer.exe
[7] 2004-08-03 . A0732187050030AE399B241436565E64 . 1032192 . . [6.00.2900.2180] . . c:\windows\$NtServicePackUninstall$\explorer.exe
[7] 2004-08-03 . A0732187050030AE399B241436565E64 . 1032192 . . [6.00.2900.2180] . . c:\windows\SoftwareDistribution\Download\2bc0b3c55e0c166e04844934d1c7c342\backup\explorer.exe
[7] 2009-02-08 . 5BA7F2141BC6DB06100D0E5A732C617A . 2066048 . . [5.1.2600.5755] . . c:\windows\$hf_mig$\KB956572\SP3GDR\ntkrnlpa.exe
[7] 2009-02-06 . 3006410E24772CC6953F0B5C01BEB35F . 2057728 . . [5.1.2600.3520] . . c:\windows\$NtServicePackUninstall$\ntkrnlpa.exe
[7] 2009-02-06 . 607352B9CB3D708C67F6039097801B5A . 2066176 . . [5.1.2600.5755] . . c:\windows\$hf_mig$\KB956572\SP3QFE\ntkrnlpa.exe
[7] 2009-02-06 . 9D832AF3FD1917DB0E1E8B2F000A2E3A . 2062976 . . [5.1.2600.3520] . . c:\windows\$hf_mig$\KB956572\SP2QFE\ntkrnlpa.exe
[7] 2008-08-14 . A25E9B86EFFB2AF33BF51E676B68BFB0 . 2066048 . . [5.1.2600.5657] . . c:\windows\$hf_mig$\KB956841\SP3QFE\ntkrnlpa.exe
[7] 2008-08-14 . 4AC58F03EB94A72809949D757FC39D80 . 2066048 . . [5.1.2600.5657] . . c:\windows\Driver Cache\i386\ntkrnlpa.exe
[-] 2008-08-14 . 0AD2A07C291E051CBCF90EED4F1D87B6 . 2074752 . . [5.1.2600.5657] . . c:\windows\system32\ntkrnlpa.exe
[7] 2008-04-13 . 109F8E3E3C82E337BB71B6BC9B895D61 . 2065792 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\ntkrnlpa.exe
[7] 2008-04-13 . 109F8E3E3C82E337BB71B6BC9B895D61 . 2065792 . . [5.1.2600.5512] . . c:\windows\SoftwareDistribution\Download\9866fb57abdc0ea2f5d4e132d055ba4e\ntkrnlpa.exe
[7] 2004-08-03 . 947FB1D86D14AFCFFDB54BF837EC25D0 . 2056832 . . [5.1.2600.2180] . . c:\windows\SoftwareDistribution\Download\2bc0b3c55e0c166e04844934d1c7c342\backup\ntkrnlpa.exe
[7] 2008-04-14 . 55794B97A7FAABD2910873C85274F409 . 93184 . . [6.00.2900.5512] . . c:\windows\ServicePackFiles\i386\iexplore.exe
[7] 2008-04-14 . 55794B97A7FAABD2910873C85274F409 . 93184 . . [6.00.2900.5512] . . c:\windows\SoftwareDistribution\Download\9866fb57abdc0ea2f5d4e132d055ba4e\iexplore.exe
[7] 2004-08-03 . E7484514C0464642BE7B4DC2689354C8 . 93184 . . [6.00.2900.2180] . . c:\windows\$NtServicePackUninstall$\iexplore.exe
[7] 2004-08-03 . E7484514C0464642BE7B4DC2689354C8 . 93184 . . [6.00.2900.2180] . . c:\windows\SoftwareDistribution\Download\2bc0b3c55e0c166e04844934d1c7c342\backup\iexplore.exe
.
((((((((((((((((((((((((((((( SnapShot@2010-11-14_20.49.06 )))))))))))))))))))))))))))))))))))))))))
.
- 2001-08-23 12:00 . 2010-11-12 18:07 72590 c:\windows\system32\perfc009.dat
+ 2001-08-23 12:00 . 2010-11-23 10:20 72590 c:\windows\system32\perfc009.dat
+ 2001-08-23 12:00 . 2010-11-23 10:20 444524 c:\windows\system32\perfh009.dat
- 2001-08-23 12:00 . 2010-11-12 18:07 444524 c:\windows\system32\perfh009.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"BluetoothAuthenticationAgent"="bthprops.cpl" [2008-04-14 110592]
"NVMixerTray"="c:\program files\NVIDIA Corporation\NvMixer\NVMixerTray.exe" [2004-06-03 131072]
"SoundMan"="SOUNDMAN.EXE" [2007-04-16 577536]
"nwiz"="c:\program files\NVIDIA Corporation\nView\nwiz.exe" [2010-07-07 1753192]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2010-07-09 110696]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2010-07-09 13923432]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2010-09-23 35760]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-09-20 932288]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
c:\documents and settings\All Users\Start Menu\Programs\Startup\
hp psc 1000 series.lnk - c:\program files\Hewlett-Packard\Digital Imaging\bin\hpohmr08.exe [2003-4-6 147456]
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoSMBalloonTip"= 0 (0x0)
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^hpoddt01.exe.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\hpoddt01.exe.lnk
backup=c:\windows\pss\hpoddt01.exe.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^Hong^Start Menu^Programs^Startup^0ddzppl.exe]
path=c:\documents and settings\Hong\Start Menu\Programs\Startup\0ddzppl.exe
backup=c:\windows\pss\0ddzppl.exeStartup
[HKLM\~\startupfolder\C:^Documents and Settings^Hong^Start Menu^Programs^Startup^5n0tup8.exe]
path=c:\documents and settings\Hong\Start Menu\Programs\Startup\5n0tup8.exe
backup=c:\windows\pss\5n0tup8.exeStartup
[HKLM\~\startupfolder\C:^Documents and Settings^Hong^Start Menu^Programs^Startup^a1wssneezq.exe]
path=c:\documents and settings\Hong\Start Menu\Programs\Startup\a1wssneezq.exe
backup=c:\windows\pss\a1wssneezq.exeStartup
[HKLM\~\startupfolder\C:^Documents and Settings^Hong^Start Menu^Programs^Startup^a3mc1ijj.exe]
path=c:\documents and settings\Hong\Start Menu\Programs\Startup\a3mc1ijj.exe
backup=c:\windows\pss\a3mc1ijj.exeStartup
[HKLM\~\startupfolder\C:^Documents and Settings^Hong^Start Menu^Programs^Startup^Adobe Gamma.lnk]
path=c:\documents and settings\Hong\Start Menu\Programs\Startup\Adobe Gamma.lnk
backup=c:\windows\pss\Adobe Gamma.lnkStartup
[HKLM\~\startupfolder\C:^Documents and Settings^Hong^Start Menu^Programs^Startup^avbg3ss3.exe]
path=c:\documents and settings\Hong\Start Menu\Programs\Startup\avbg3ss3.exe
backup=c:\windows\pss\avbg3ss3.exeStartup
[HKLM\~\startupfolder\C:^Documents and Settings^Hong^Start Menu^Programs^Startup^bhxnijjf.exe]
path=c:\documents and settings\Hong\Start Menu\Programs\Startup\bhxnijjf.exe
backup=c:\windows\pss\bhxnijjf.exeStartup
[HKLM\~\startupfolder\C:^Documents and Settings^Hong^Start Menu^Programs^Startup^cxxotup83.exe]
path=c:\documents and settings\Hong\Start Menu\Programs\Startup\cxxotup83.exe
backup=c:\windows\pss\cxxotup83.exeStartup
[HKLM\~\startupfolder\C:^Documents and Settings^Hong^Start Menu^Programs^Startup^fagg3ss3ee1.exe]
path=c:\documents and settings\Hong\Start Menu\Programs\Startup\fagg3ss3ee1.exe
backup=c:\windows\pss\fagg3ss3ee1.exeStartup
[HKLM\~\startupfolder\C:^Documents and Settings^Hong^Start Menu^Programs^Startup^g70hdyy6k.exe]
path=c:\documents and settings\Hong\Start Menu\Programs\Startup\g70hdyy6k.exe
backup=c:\windows\pss\g70hdyy6k.exeStartup
[HKLM\~\startupfolder\C:^Documents and Settings^Hong^Start Menu^Programs^Startup^i3uuklq8.exe]
path=c:\documents and settings\Hong\Start Menu\Programs\Startup\i3uuklq8.exe
backup=c:\windows\pss\i3uuklq8.exeStartup
[HKLM\~\startupfolder\C:^Documents and Settings^Hong^Start Menu^Programs^Startup^i3uuklq860.exe]
path=c:\documents and settings\Hong\Start Menu\Programs\Startup\i3uuklq860.exe
backup=c:\windows\pss\i3uuklq860.exeStartup
[HKLM\~\startupfolder\C:^Documents and Settings^Hong^Start Menu^Programs^Startup^lwhns3ee1q.exe]
path=c:\documents and settings\Hong\Start Menu\Programs\Startup\lwhns3ee1q.exe
backup=c:\windows\pss\lwhns3ee1q.exeStartup
[HKLM\~\startupfolder\C:^Documents and Settings^Hong^Start Menu^Programs^Startup^MagicDisc.lnk]
path=c:\documents and settings\Hong\Start Menu\Programs\Startup\MagicDisc.lnk
backup=c:\windows\pss\MagicDisc.lnkStartup
[HKLM\~\startupfolder\C:^Documents and Settings^Hong^Start Menu^Programs^Startup^OpenOffice.org 3.0.lnk]
path=c:\documents and settings\Hong\Start Menu\Programs\Startup\OpenOffice.org 3.0.lnk
backup=c:\windows\pss\OpenOffice.org 3.0.lnkStartup
[HKLM\~\startupfolder\C:^Documents and Settings^Hong^Start Menu^Programs^Startup^riddzpplq3.exe]
path=c:\documents and settings\Hong\Start Menu\Programs\Startup\riddzpplq3.exe
backup=c:\windows\pss\riddzpplq3.exeStartup
[HKLM\~\startupfolder\C:^Documents and Settings^Hong^Start Menu^Programs^Startup^rrnddzpplbb.exe]
path=c:\documents and settings\Hong\Start Menu\Programs\Startup\rrnddzpplbb.exe
backup=c:\windows\pss\rrnddzpplbb.exeStartup
[HKLM\~\startupfolder\C:^Documents and Settings^Hong^Start Menu^Programs^Startup^s86e81qbcxd.exe]
path=c:\documents and settings\Hong\Start Menu\Programs\Startup\s86e81qbcxd.exe
backup=c:\windows\pss\s86e81qbcxd.exeStartup
[HKLM\~\startupfolder\C:^Documents and Settings^Hong^Start Menu^Programs^Startup^uk0g3ss3ee1.exe]
path=c:\documents and settings\Hong\Start Menu\Programs\Startup\uk0g3ss3ee1.exe
backup=c:\windows\pss\uk0g3ss3ee1.exeStartup
[HKLM\~\startupfolder\C:^Documents and Settings^Hong^Start Menu^Programs^Startup^vmmhyytk.exe]
path=c:\documents and settings\Hong\Start Menu\Programs\Startup\vmmhyytk.exe
backup=c:\windows\pss\vmmhyytk.exeStartup
[HKLM\~\startupfolder\C:^Documents and Settings^Hong^Start Menu^Programs^Startup^w0xnijjfk3.exe]
path=c:\documents and settings\Hong\Start Menu\Programs\Startup\w0xnijjfk3.exe
backup=c:\windows\pss\w0xnijjfk3.exeStartup
[HKLM\~\startupfolder\C:^Documents and Settings^Hong^Start Menu^Programs^Startup^whx9ye0k3w.exe]
path=c:\documents and settings\Hong\Start Menu\Programs\Startup\whx9ye0k3w.exe
backup=c:\windows\pss\whx9ye0k3w.exeStartup
[HKLM\~\startupfolder\C:^Documents and Settings^Hong^Start Menu^Programs^Startup^WinFlip.lnk]
path=c:\documents and settings\Hong\Start Menu\Programs\Startup\WinFlip.lnk
backup=c:\windows\pss\WinFlip.lnkStartup
[HKLM\~\startupfolder\C:^Documents and Settings^Hong^Start Menu^Programs^Startup^y8703g0hxd6.exe]
path=c:\documents and settings\Hong\Start Menu\Programs\Startup\y8703g0hxd6.exe
backup=c:\windows\pss\y8703g0hxd6.exeStartup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
2010-09-20 22:07 932288 ----a-r- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
2010-09-23 03:47 35760 ----a-w- c:\program files\Adobe\Reader 9.0\Reader\reader_sl.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AdobeAAMUpdater-1.0]
2010-03-06 01:44 500208 ------w- c:\program files\Common Files\Adobe\OOBE\PDApp\UWA\updaterstartuputility.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AdobeCS4ServiceManager]
2008-08-14 05:58 611712 ----a-w- c:\program files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AdobeCS5ServiceManager]
2010-07-22 21:10 402432 ----a-w- c:\program files\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BDRegion]
2010-06-28 20:50 75048 ----a-w- c:\program files\Cyberlink\Shared files\brs.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools Lite]
2010-04-01 09:16 357696 ----a-w- c:\program files\DAEMON Tools Lite\DTLite.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DivXUpdate]
2010-04-12 22:46 1135912 ----a-w- c:\program files\DivX\DivX Update\DivXUpdate.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Update]
2009-09-24 16:57 133104 ----atw- c:\documents and settings\Hong\Local Settings\Application Data\Google\Update\GoogleUpdate.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ICQ]
2010-10-27 12:20 133432 ----a-w- c:\program files\ICQ7.1\ICQ.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\msnmsgr]
2009-07-26 15:44 3883856 ----a-w- c:\program files\Windows Live\Messenger\msnmsgr.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
2001-07-09 19:50 155648 ----a-w- c:\windows\system32\NeroCheck.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NVIDIA nTune]
2007-09-04 18:25 81920 ----a-w- c:\program files\NVIDIA Corporation\nTune\nTuneCmd.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvMediaCenter]
2010-07-09 14:24 110696 ----a-w- c:\windows\system32\nvmctray.dll
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2009-05-26 15:18 413696 ----a-w- c:\program files\QuickTime\QTTask.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RemoteControl10]
2010-02-02 22:08 87336 ------w- d:\powerdvd10\PDVD10Serv.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2009-02-14 22:12 148888 ----a-w- c:\program files\Java\jre6\bin\jusched.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SwitchBoard]
2010-02-19 11:37 517096 ----a-w- c:\program files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinampAgent]
2010-07-12 16:32 74752 ----a-w- c:\program files\Winamp\winampa.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"ose"=3 (0x3)
"idsvc"=3 (0x3)
"ICQ Service"=2 (0x2)
"WZCSVC"=2 (0x2)
"wuauserv"=2 (0x2)
"wscsvc"=2 (0x2)
"JavaQuickStarterService"=2 (0x2)
"NetTcpPortSharing"=2 (0x2)
"WMPNetworkSvc"=3 (0x3)
"gusvc"=2 (0x2)
"gupdate1c9aca3419ed106"=2 (0x2)
"Viewpoint Manager Service"=2 (0x2)
"MDM"=2 (0x2)
"Adobe LM Service"=3 (0x3)
"ServiceLayer"=3 (0x3)
"IDriverT"=3 (0x3)
"fsssvc"=3 (0x3)
"FLEXnet Licensing Service"=3 (0x3)
"nvsvc"=2 (0x2)
"nTuneService"=2 (0x2)
"CachemanXPService"=3 (0x3)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Opera\\opera.exe"=
"c:\\Program Files\\uTorrent\\uTorrent.exe"=
"c:\\Program Files\\ICQ7.1\\ICQ.exe"=
"c:\\Program Files\\ICQ7.1\\aolload.exe"=
"c:\\Program Files\\Pando Networks\\Media Booster\\PMB.exe"=
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"57447:TCP"= 57447:TCP:Pando Media Booster
"57447:UDP"= 57447:UDP:Pando Media Booster
R0 sptd;sptd;c:\windows\system32\drivers\sptd.sys [16.2.2009 4:57 691696]
R2 {1BA31E5A-C098-42d8-8F88-3C9F78A2FDDC};Power Control [2010/07/11 13:05];d:\powerdvd10\NavFilter\000.fcl [28.6.2010 21:50 87536]
S3 SwitchBoard;SwitchBoard;c:\program files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [19.2.2010 12:37 517096]
S4 Viewpoint Manager Service;Viewpoint Manager Service;c:\program files\Viewpoint\Common\ViewpointService.exe [23.8.2009 15:35 24652]
.
Contents of the 'Scheduled Tasks' folder
2010-11-21 c:\windows\Tasks\AdobeAAMUpdater-1.0-FAJKOS-Hong.job
- c:\program files\Common Files\Adobe\OOBE\PDApp\UWA\updaterstartuputility.exe [2010-05-13 01:44]
2010-11-14 c:\windows\Tasks\FRU Task 2003-04-06 08:52ewlett-Packard2003-04-06 08:52p psc 1200 series5E771253C1676EBED677BF361FDFC537825E15B8275498585.job
- c:\program files\Hewlett-Packard\Digital Imaging\Bin\hpqfrucl.exe [2003-04-05 22:52]
2010-11-23 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-789336058-839522115-1617979688-1003Core.job
- c:\documents and settings\Hong\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2009-09-24 16:57]
2010-11-23 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-789336058-839522115-1617979688-1003UA.job
- c:\documents and settings\Hong\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2009-09-24 16:57]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://fullarticles.net
mStart Page = hxxp://www.games-fusion.net
IE: {{71BFC818-0CED-42D6-9C87-5142918957EE} - c:\program files\ICQ7.1\ICQ.exe
Trusted Zone: com.tw\asia.msi
Trusted Zone: com.tw\global.msi
Trusted Zone: com.tw\www.msi
FF - ProfilePath - c:\documents and settings\Hong\Application Data\Mozilla\Firefox\Profiles\gb2ngkbk.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.live.com/results.aspx?FORM=IEFM1&q=
FF - prefs.js: browser.search.selectedEngine - ICQ Search
FF - prefs.js: browser.startup.homepage - hxxp://www.facebook.com/
FF - prefs.js: keyword.URL - hxxp://search.icq.com/search/afe_results.php?ch_id=afex&tb_ver=2.0.0.2&q=
FF - prefs.js: network.proxy.type - 2
FF - component: c:\documents and settings\Hong\Application Data\Mozilla\Firefox\Profiles\gb2ngkbk.default\extensions\DTToolbar@toolbarnet.com\components\DTToolbarFF.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
---- FIREFOX POLICIES ----
FF - user.js: browser.cache.memory.capacity - 65536
FF - user.js: browser.display.show_image_placeholders - true
FF - user.js: browser.chrome.favicons - false
FF - user.js: browser.turbo.enabled - true
FF - user.js: browser.urlbar.autocomplete.enabled - true
FF - user.js: browser.urlbar.autofill - true
FF - user.js: content.interrupt.parsing - true
FF - user.js: content.max.tokenizing.time - 2250000
FF - user.js: content.notify.backoffcount - 5
FF - user.js: content.notify.interval - 750000
FF - user.js: content.notify.ontimer - true
FF - user.js: content.switch.threshold - 750000
FF - user.js: network.http.max-connections - 48
FF - user.js: network.http.max-connections-per-server - 16
FF - user.js: network.http.max-persistent-connections-per-proxy - 16
FF - user.js: network.http.max-persistent-connections-per-server - 8
FF - user.js: network.http.pipelining - true
FF - user.js: network.http.pipelining.firstrequest - true
FF - user.js: network.http.pipelining.maxrequests - 8
FF - user.js: network.http.proxy.pipelining - true
FF - user.js: network.http.request.max-start-delay - 0
FF - user.js: nglayout.initialpaint.delay - 0
FF - user.js: plugin.expose_full_path - true
FF - user.js: ui.submenuDelay - 0
c:\program files\Mozilla Firefox\defaults\pref\firefox-l10n.js - pref("browser.fixup.alternate.suffix", ".sk");
.
- - - - ORPHANS REMOVED - - - -
HKLM-Run-mupoga - c:\windows\system32\loosoujouzous.exe
HKLM-Run-jyku - c:\windows\system32\kouloomorou.exe
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-11-23 15:58
Windows 5.1.2600 Service Pack 3 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
[HKEY_LOCAL_MACHINE\System\ControlSet005\Services\{1BA31E5A-C098-42d8-8F88-3C9F78A2FDDC}]
"ImagePath"="\??\d:\powerdvd10\NavFilter\000.fcl"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
[HKEY_USERS\S-1-5-21-789336058-839522115-1617979688-1003\Software\Microsoft\SystemCertificates\AddressBook*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)
.
--------------------- DLLs Loaded Under Running Processes ---------------------
- - - - - - - > 'winlogon.exe'(924)
c:\program files\Common Files\Adobe\Adobe Drive CS4\AdobeDriveCS4_NP.dll
c:\windows\system32\cscui.dll
- - - - - - - > 'explorer.exe'(3192)
c:\windows\system32\SETUPAPI.dll
c:\windows\system32\WPDShServiceObj.dll
c:\program files\Nokia\Nokia PC Suite 7\PhoneBrowser.dll
c:\program files\Nokia\Nokia PC Suite 7\NGSCM.DLL
c:\program files\Nokia\Nokia PC Suite 7\Lang\PhoneBrowser_cze.nlr
c:\program files\Nokia\Nokia PC Suite 7\Resource\PhoneBrowser_Nokia.ngr
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\rundll32.exe
c:\windows\SOUNDMAN.EXE
c:\windows\system32\RUNDLL32.EXE
c:\program files\Hewlett-Packard\Digital Imaging\bin\hpoevm08.exe
c:\windows\system32\wscntfy.exe
c:\program files\Hewlett-Packard\Digital Imaging\Bin\hpoSTS08.exe
.
**************************************************************************
.
Completion time: 2010-11-23 16:03:44 - machine was rebooted
ComboFix-quarantined-files.txt 2010-11-23 15:03
ComboFix2.txt 2010-11-22 17:41
ComboFix3.txt 2010-11-22 17:26
ComboFix4.txt 2010-11-22 17:09
ComboFix5.txt 2010-11-23 14:49
Pre-Run: 46 376 607 744 bytes free
Post-Run: 46 361 382 912 bytes free
- - End Of File - - 11AA335B702FF683CB4F341AC5FABD7A
Re: FB virus asi...Pomoc
Krom zbytkových záznamů v registrech čisto 
Jak se chová PC?
Poprosím vás ještě o toto:
Dejte Start -> Spustit -> vepište"regedit" a klikněte na OK.
Otevře se Vám okno regeditu a tam proveďte následující -> Nalevo ve stromové struktuře se dostaňte na toto:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupfolder
Až budete mít kliknuto na startupfolder dejte nahoře Soubor -> Exportovat a uložte třeba jako 123.reg
Poté buď otevřete soubor v poznámkovém bloku a jeho obsah vložte sem a nebo zabalte do zipu a můžete ho nahrát sem na fórum k příspěvku.
Jak se chová PC?Poprosím vás ještě o toto:
Dejte Start -> Spustit -> vepište"regedit" a klikněte na OK.
Otevře se Vám okno regeditu a tam proveďte následující -> Nalevo ve stromové struktuře se dostaňte na toto:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupfolder
Až budete mít kliknuto na startupfolder dejte nahoře Soubor -> Exportovat a uložte třeba jako 123.reg
Poté buď otevřete soubor v poznámkovém bloku a jeho obsah vložte sem a nebo zabalte do zipu a můžete ho nahrát sem na fórum k příspěvku.
-
Hoong
- Návštěvník
- Příspěvky: 26
- Registrován: 01 led 2009 13:49
- Bydliště: Prešov Slovakia
- Kontaktovat uživatele:
Re: FB virus asi...Pomoc
Windows Registry Editor Version 5.00
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupfolder]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^hpoddt01.exe.lnk]
"path"="C:\\Documents and Settings\\All Users\\Start Menu\\Programs\\Startup\\hpoddt01.exe.lnk"
"backup"="C:\\WINDOWS\\pss\\hpoddt01.exe.lnkCommon Startup"
"location"="Common Startup"
"command"="C:\\PROGRA~1\\HEWLET~1\\DIGITA~1\\bin\\hpotdd01.exe "
"item"="hpoddt01.exe"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupfolder\C:^Documents and Settings^Hong^Start Menu^Programs^Startup^0ddzppl.exe]
"path"="C:\\Documents and Settings\\Hong\\Start Menu\\Programs\\Startup\\0ddzppl.exe"
"backup"="C:\\WINDOWS\\pss\\0ddzppl.exeStartup"
"location"="Startup"
"command"="C:\\Documents and Settings\\Hong\\Start Menu\\Programs\\Startup\\0ddzppl.exe"
"item"="0ddzppl"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupfolder\C:^Documents and Settings^Hong^Start Menu^Programs^Startup^5n0tup8.exe]
"path"="C:\\Documents and Settings\\Hong\\Start Menu\\Programs\\Startup\\5n0tup8.exe"
"backup"="C:\\WINDOWS\\pss\\5n0tup8.exeStartup"
"location"="Startup"
"command"="C:\\Documents and Settings\\Hong\\Start Menu\\Programs\\Startup\\5n0tup8.exe"
"item"="5n0tup8"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupfolder\C:^Documents and Settings^Hong^Start Menu^Programs^Startup^a1wssneezq.exe]
"path"="C:\\Documents and Settings\\Hong\\Start Menu\\Programs\\Startup\\a1wssneezq.exe"
"backup"="C:\\WINDOWS\\pss\\a1wssneezq.exeStartup"
"location"="Startup"
"command"="C:\\Documents and Settings\\Hong\\Start Menu\\Programs\\Startup\\a1wssneezq.exe"
"item"="a1wssneezq"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupfolder\C:^Documents and Settings^Hong^Start Menu^Programs^Startup^a3mc1ijj.exe]
"path"="C:\\Documents and Settings\\Hong\\Start Menu\\Programs\\Startup\\a3mc1ijj.exe"
"backup"="C:\\WINDOWS\\pss\\a3mc1ijj.exeStartup"
"location"="Startup"
"command"="C:\\Documents and Settings\\Hong\\Start Menu\\Programs\\Startup\\a3mc1ijj.exe"
"item"="a3mc1ijj"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupfolder\C:^Documents and Settings^Hong^Start Menu^Programs^Startup^Adobe Gamma.lnk]
"item"="Adobe Gamma"
"path"="C:\\Documents and Settings\\Hong\\Start Menu\\Programs\\Startup\\Adobe Gamma.lnk"
"backup"="C:\\WINDOWS\\pss\\Adobe Gamma.lnkStartup"
"location"="Startup"
"command"="C:\\PROGRA~1\\COMMON~1\\Adobe\\CALIBR~1\\ADOBEG~1.EXE"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupfolder\C:^Documents and Settings^Hong^Start Menu^Programs^Startup^avbg3ss3.exe]
"path"="C:\\Documents and Settings\\Hong\\Start Menu\\Programs\\Startup\\avbg3ss3.exe"
"backup"="C:\\WINDOWS\\pss\\avbg3ss3.exeStartup"
"location"="Startup"
"command"="C:\\Documents and Settings\\Hong\\Start Menu\\Programs\\Startup\\avbg3ss3.exe"
"item"="avbg3ss3"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupfolder\C:^Documents and Settings^Hong^Start Menu^Programs^Startup^bhxnijjf.exe]
"path"="C:\\Documents and Settings\\Hong\\Start Menu\\Programs\\Startup\\bhxnijjf.exe"
"backup"="C:\\WINDOWS\\pss\\bhxnijjf.exeStartup"
"location"="Startup"
"command"="C:\\Documents and Settings\\Hong\\Start Menu\\Programs\\Startup\\bhxnijjf.exe"
"item"="bhxnijjf"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupfolder\C:^Documents and Settings^Hong^Start Menu^Programs^Startup^cxxotup83.exe]
"path"="C:\\Documents and Settings\\Hong\\Start Menu\\Programs\\Startup\\cxxotup83.exe"
"backup"="C:\\WINDOWS\\pss\\cxxotup83.exeStartup"
"location"="Startup"
"command"="C:\\Documents and Settings\\Hong\\Start Menu\\Programs\\Startup\\cxxotup83.exe"
"item"="cxxotup83"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupfolder\C:^Documents and Settings^Hong^Start Menu^Programs^Startup^fagg3ss3ee1.exe]
"path"="C:\\Documents and Settings\\Hong\\Start Menu\\Programs\\Startup\\fagg3ss3ee1.exe"
"backup"="C:\\WINDOWS\\pss\\fagg3ss3ee1.exeStartup"
"location"="Startup"
"command"="C:\\Documents and Settings\\Hong\\Start Menu\\Programs\\Startup\\fagg3ss3ee1.exe"
"item"="fagg3ss3ee1"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupfolder\C:^Documents and Settings^Hong^Start Menu^Programs^Startup^g70hdyy6k.exe]
"path"="C:\\Documents and Settings\\Hong\\Start Menu\\Programs\\Startup\\g70hdyy6k.exe"
"backup"="C:\\WINDOWS\\pss\\g70hdyy6k.exeStartup"
"location"="Startup"
"command"="C:\\Documents and Settings\\Hong\\Start Menu\\Programs\\Startup\\g70hdyy6k.exe"
"item"="g70hdyy6k"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupfolder\C:^Documents and Settings^Hong^Start Menu^Programs^Startup^i3uuklq8.exe]
"path"="C:\\Documents and Settings\\Hong\\Start Menu\\Programs\\Startup\\i3uuklq8.exe"
"backup"="C:\\WINDOWS\\pss\\i3uuklq8.exeStartup"
"location"="Startup"
"command"="C:\\Documents and Settings\\Hong\\Start Menu\\Programs\\Startup\\i3uuklq8.exe"
"item"="i3uuklq8"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupfolder\C:^Documents and Settings^Hong^Start Menu^Programs^Startup^i3uuklq860.exe]
"path"="C:\\Documents and Settings\\Hong\\Start Menu\\Programs\\Startup\\i3uuklq860.exe"
"backup"="C:\\WINDOWS\\pss\\i3uuklq860.exeStartup"
"location"="Startup"
"command"="C:\\Documents and Settings\\Hong\\Start Menu\\Programs\\Startup\\i3uuklq860.exe"
"item"="i3uuklq860"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupfolder\C:^Documents and Settings^Hong^Start Menu^Programs^Startup^lwhns3ee1q.exe]
"path"="C:\\Documents and Settings\\Hong\\Start Menu\\Programs\\Startup\\lwhns3ee1q.exe"
"backup"="C:\\WINDOWS\\pss\\lwhns3ee1q.exeStartup"
"location"="Startup"
"command"="C:\\Documents and Settings\\Hong\\Start Menu\\Programs\\Startup\\lwhns3ee1q.exe"
"item"="lwhns3ee1q"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupfolder\C:^Documents and Settings^Hong^Start Menu^Programs^Startup^MagicDisc.lnk]
"item"="MagicDisc"
"path"="C:\\Documents and Settings\\Hong\\Start Menu\\Programs\\Startup\\MagicDisc.lnk"
"backup"="C:\\WINDOWS\\pss\\MagicDisc.lnkStartup"
"location"="Startup"
"command"="C:\\PROGRA~1\\MAGICD~1\\MAGICD~1.EXE"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupfolder\C:^Documents and Settings^Hong^Start Menu^Programs^Startup^OpenOffice.org 3.0.lnk]
"path"="C:\\Documents and Settings\\Hong\\Start Menu\\Programs\\Startup\\OpenOffice.org 3.0.lnk"
"backup"="C:\\WINDOWS\\pss\\OpenOffice.org 3.0.lnkStartup"
"location"="Startup"
"command"="C:\\PROGRA~1\\OPENOF~1.ORG\\program\\QUICKS~1.EXE "
"item"="OpenOffice.org 3.0"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupfolder\C:^Documents and Settings^Hong^Start Menu^Programs^Startup^riddzpplq3.exe]
"path"="C:\\Documents and Settings\\Hong\\Start Menu\\Programs\\Startup\\riddzpplq3.exe"
"backup"="C:\\WINDOWS\\pss\\riddzpplq3.exeStartup"
"location"="Startup"
"command"="C:\\Documents and Settings\\Hong\\Start Menu\\Programs\\Startup\\riddzpplq3.exe"
"item"="riddzpplq3"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupfolder\C:^Documents and Settings^Hong^Start Menu^Programs^Startup^rrnddzpplbb.exe]
"path"="C:\\Documents and Settings\\Hong\\Start Menu\\Programs\\Startup\\rrnddzpplbb.exe"
"backup"="C:\\WINDOWS\\pss\\rrnddzpplbb.exeStartup"
"location"="Startup"
"command"="C:\\Documents and Settings\\Hong\\Start Menu\\Programs\\Startup\\rrnddzpplbb.exe"
"item"="rrnddzpplbb"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupfolder\C:^Documents and Settings^Hong^Start Menu^Programs^Startup^s86e81qbcxd.exe]
"path"="C:\\Documents and Settings\\Hong\\Start Menu\\Programs\\Startup\\s86e81qbcxd.exe"
"backup"="C:\\WINDOWS\\pss\\s86e81qbcxd.exeStartup"
"location"="Startup"
"command"="C:\\Documents and Settings\\Hong\\Start Menu\\Programs\\Startup\\s86e81qbcxd.exe"
"item"="s86e81qbcxd"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupfolder\C:^Documents and Settings^Hong^Start Menu^Programs^Startup^uk0g3ss3ee1.exe]
"path"="C:\\Documents and Settings\\Hong\\Start Menu\\Programs\\Startup\\uk0g3ss3ee1.exe"
"backup"="C:\\WINDOWS\\pss\\uk0g3ss3ee1.exeStartup"
"location"="Startup"
"command"="C:\\Documents and Settings\\Hong\\Start Menu\\Programs\\Startup\\uk0g3ss3ee1.exe"
"item"="uk0g3ss3ee1"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupfolder\C:^Documents and Settings^Hong^Start Menu^Programs^Startup^vmmhyytk.exe]
"path"="C:\\Documents and Settings\\Hong\\Start Menu\\Programs\\Startup\\vmmhyytk.exe"
"backup"="C:\\WINDOWS\\pss\\vmmhyytk.exeStartup"
"location"="Startup"
"command"="C:\\Documents and Settings\\Hong\\Start Menu\\Programs\\Startup\\vmmhyytk.exe"
"item"="vmmhyytk"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupfolder\C:^Documents and Settings^Hong^Start Menu^Programs^Startup^w0xnijjfk3.exe]
"path"="C:\\Documents and Settings\\Hong\\Start Menu\\Programs\\Startup\\w0xnijjfk3.exe"
"backup"="C:\\WINDOWS\\pss\\w0xnijjfk3.exeStartup"
"location"="Startup"
"command"="C:\\Documents and Settings\\Hong\\Start Menu\\Programs\\Startup\\w0xnijjfk3.exe"
"item"="w0xnijjfk3"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupfolder\C:^Documents and Settings^Hong^Start Menu^Programs^Startup^whx9ye0k3w.exe]
"path"="C:\\Documents and Settings\\Hong\\Start Menu\\Programs\\Startup\\whx9ye0k3w.exe"
"backup"="C:\\WINDOWS\\pss\\whx9ye0k3w.exeStartup"
"location"="Startup"
"command"="C:\\Documents and Settings\\Hong\\Start Menu\\Programs\\Startup\\whx9ye0k3w.exe"
"item"="whx9ye0k3w"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupfolder\C:^Documents and Settings^Hong^Start Menu^Programs^Startup^WinFlip.lnk]
"item"="WinFlip"
"path"="C:\\Documents and Settings\\Hong\\Start Menu\\Programs\\Startup\\WinFlip.lnk"
"backup"="C:\\WINDOWS\\pss\\WinFlip.lnkStartup"
"location"="Startup"
"command"="C:\\PROGRA~1\\WinFlip\\WinFlip.exe"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupfolder\C:^Documents and Settings^Hong^Start Menu^Programs^Startup^y8703g0hxd6.exe]
"path"="C:\\Documents and Settings\\Hong\\Start Menu\\Programs\\Startup\\y8703g0hxd6.exe"
"backup"="C:\\WINDOWS\\pss\\y8703g0hxd6.exeStartup"
"location"="Startup"
"command"="C:\\Documents and Settings\\Hong\\Start Menu\\Programs\\Startup\\y8703g0hxd6.exe"
"item"="y8703g0hxd6"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupfolder]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^hpoddt01.exe.lnk]
"path"="C:\\Documents and Settings\\All Users\\Start Menu\\Programs\\Startup\\hpoddt01.exe.lnk"
"backup"="C:\\WINDOWS\\pss\\hpoddt01.exe.lnkCommon Startup"
"location"="Common Startup"
"command"="C:\\PROGRA~1\\HEWLET~1\\DIGITA~1\\bin\\hpotdd01.exe "
"item"="hpoddt01.exe"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupfolder\C:^Documents and Settings^Hong^Start Menu^Programs^Startup^0ddzppl.exe]
"path"="C:\\Documents and Settings\\Hong\\Start Menu\\Programs\\Startup\\0ddzppl.exe"
"backup"="C:\\WINDOWS\\pss\\0ddzppl.exeStartup"
"location"="Startup"
"command"="C:\\Documents and Settings\\Hong\\Start Menu\\Programs\\Startup\\0ddzppl.exe"
"item"="0ddzppl"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupfolder\C:^Documents and Settings^Hong^Start Menu^Programs^Startup^5n0tup8.exe]
"path"="C:\\Documents and Settings\\Hong\\Start Menu\\Programs\\Startup\\5n0tup8.exe"
"backup"="C:\\WINDOWS\\pss\\5n0tup8.exeStartup"
"location"="Startup"
"command"="C:\\Documents and Settings\\Hong\\Start Menu\\Programs\\Startup\\5n0tup8.exe"
"item"="5n0tup8"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupfolder\C:^Documents and Settings^Hong^Start Menu^Programs^Startup^a1wssneezq.exe]
"path"="C:\\Documents and Settings\\Hong\\Start Menu\\Programs\\Startup\\a1wssneezq.exe"
"backup"="C:\\WINDOWS\\pss\\a1wssneezq.exeStartup"
"location"="Startup"
"command"="C:\\Documents and Settings\\Hong\\Start Menu\\Programs\\Startup\\a1wssneezq.exe"
"item"="a1wssneezq"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupfolder\C:^Documents and Settings^Hong^Start Menu^Programs^Startup^a3mc1ijj.exe]
"path"="C:\\Documents and Settings\\Hong\\Start Menu\\Programs\\Startup\\a3mc1ijj.exe"
"backup"="C:\\WINDOWS\\pss\\a3mc1ijj.exeStartup"
"location"="Startup"
"command"="C:\\Documents and Settings\\Hong\\Start Menu\\Programs\\Startup\\a3mc1ijj.exe"
"item"="a3mc1ijj"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupfolder\C:^Documents and Settings^Hong^Start Menu^Programs^Startup^Adobe Gamma.lnk]
"item"="Adobe Gamma"
"path"="C:\\Documents and Settings\\Hong\\Start Menu\\Programs\\Startup\\Adobe Gamma.lnk"
"backup"="C:\\WINDOWS\\pss\\Adobe Gamma.lnkStartup"
"location"="Startup"
"command"="C:\\PROGRA~1\\COMMON~1\\Adobe\\CALIBR~1\\ADOBEG~1.EXE"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupfolder\C:^Documents and Settings^Hong^Start Menu^Programs^Startup^avbg3ss3.exe]
"path"="C:\\Documents and Settings\\Hong\\Start Menu\\Programs\\Startup\\avbg3ss3.exe"
"backup"="C:\\WINDOWS\\pss\\avbg3ss3.exeStartup"
"location"="Startup"
"command"="C:\\Documents and Settings\\Hong\\Start Menu\\Programs\\Startup\\avbg3ss3.exe"
"item"="avbg3ss3"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupfolder\C:^Documents and Settings^Hong^Start Menu^Programs^Startup^bhxnijjf.exe]
"path"="C:\\Documents and Settings\\Hong\\Start Menu\\Programs\\Startup\\bhxnijjf.exe"
"backup"="C:\\WINDOWS\\pss\\bhxnijjf.exeStartup"
"location"="Startup"
"command"="C:\\Documents and Settings\\Hong\\Start Menu\\Programs\\Startup\\bhxnijjf.exe"
"item"="bhxnijjf"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupfolder\C:^Documents and Settings^Hong^Start Menu^Programs^Startup^cxxotup83.exe]
"path"="C:\\Documents and Settings\\Hong\\Start Menu\\Programs\\Startup\\cxxotup83.exe"
"backup"="C:\\WINDOWS\\pss\\cxxotup83.exeStartup"
"location"="Startup"
"command"="C:\\Documents and Settings\\Hong\\Start Menu\\Programs\\Startup\\cxxotup83.exe"
"item"="cxxotup83"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupfolder\C:^Documents and Settings^Hong^Start Menu^Programs^Startup^fagg3ss3ee1.exe]
"path"="C:\\Documents and Settings\\Hong\\Start Menu\\Programs\\Startup\\fagg3ss3ee1.exe"
"backup"="C:\\WINDOWS\\pss\\fagg3ss3ee1.exeStartup"
"location"="Startup"
"command"="C:\\Documents and Settings\\Hong\\Start Menu\\Programs\\Startup\\fagg3ss3ee1.exe"
"item"="fagg3ss3ee1"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupfolder\C:^Documents and Settings^Hong^Start Menu^Programs^Startup^g70hdyy6k.exe]
"path"="C:\\Documents and Settings\\Hong\\Start Menu\\Programs\\Startup\\g70hdyy6k.exe"
"backup"="C:\\WINDOWS\\pss\\g70hdyy6k.exeStartup"
"location"="Startup"
"command"="C:\\Documents and Settings\\Hong\\Start Menu\\Programs\\Startup\\g70hdyy6k.exe"
"item"="g70hdyy6k"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupfolder\C:^Documents and Settings^Hong^Start Menu^Programs^Startup^i3uuklq8.exe]
"path"="C:\\Documents and Settings\\Hong\\Start Menu\\Programs\\Startup\\i3uuklq8.exe"
"backup"="C:\\WINDOWS\\pss\\i3uuklq8.exeStartup"
"location"="Startup"
"command"="C:\\Documents and Settings\\Hong\\Start Menu\\Programs\\Startup\\i3uuklq8.exe"
"item"="i3uuklq8"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupfolder\C:^Documents and Settings^Hong^Start Menu^Programs^Startup^i3uuklq860.exe]
"path"="C:\\Documents and Settings\\Hong\\Start Menu\\Programs\\Startup\\i3uuklq860.exe"
"backup"="C:\\WINDOWS\\pss\\i3uuklq860.exeStartup"
"location"="Startup"
"command"="C:\\Documents and Settings\\Hong\\Start Menu\\Programs\\Startup\\i3uuklq860.exe"
"item"="i3uuklq860"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupfolder\C:^Documents and Settings^Hong^Start Menu^Programs^Startup^lwhns3ee1q.exe]
"path"="C:\\Documents and Settings\\Hong\\Start Menu\\Programs\\Startup\\lwhns3ee1q.exe"
"backup"="C:\\WINDOWS\\pss\\lwhns3ee1q.exeStartup"
"location"="Startup"
"command"="C:\\Documents and Settings\\Hong\\Start Menu\\Programs\\Startup\\lwhns3ee1q.exe"
"item"="lwhns3ee1q"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupfolder\C:^Documents and Settings^Hong^Start Menu^Programs^Startup^MagicDisc.lnk]
"item"="MagicDisc"
"path"="C:\\Documents and Settings\\Hong\\Start Menu\\Programs\\Startup\\MagicDisc.lnk"
"backup"="C:\\WINDOWS\\pss\\MagicDisc.lnkStartup"
"location"="Startup"
"command"="C:\\PROGRA~1\\MAGICD~1\\MAGICD~1.EXE"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupfolder\C:^Documents and Settings^Hong^Start Menu^Programs^Startup^OpenOffice.org 3.0.lnk]
"path"="C:\\Documents and Settings\\Hong\\Start Menu\\Programs\\Startup\\OpenOffice.org 3.0.lnk"
"backup"="C:\\WINDOWS\\pss\\OpenOffice.org 3.0.lnkStartup"
"location"="Startup"
"command"="C:\\PROGRA~1\\OPENOF~1.ORG\\program\\QUICKS~1.EXE "
"item"="OpenOffice.org 3.0"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupfolder\C:^Documents and Settings^Hong^Start Menu^Programs^Startup^riddzpplq3.exe]
"path"="C:\\Documents and Settings\\Hong\\Start Menu\\Programs\\Startup\\riddzpplq3.exe"
"backup"="C:\\WINDOWS\\pss\\riddzpplq3.exeStartup"
"location"="Startup"
"command"="C:\\Documents and Settings\\Hong\\Start Menu\\Programs\\Startup\\riddzpplq3.exe"
"item"="riddzpplq3"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupfolder\C:^Documents and Settings^Hong^Start Menu^Programs^Startup^rrnddzpplbb.exe]
"path"="C:\\Documents and Settings\\Hong\\Start Menu\\Programs\\Startup\\rrnddzpplbb.exe"
"backup"="C:\\WINDOWS\\pss\\rrnddzpplbb.exeStartup"
"location"="Startup"
"command"="C:\\Documents and Settings\\Hong\\Start Menu\\Programs\\Startup\\rrnddzpplbb.exe"
"item"="rrnddzpplbb"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupfolder\C:^Documents and Settings^Hong^Start Menu^Programs^Startup^s86e81qbcxd.exe]
"path"="C:\\Documents and Settings\\Hong\\Start Menu\\Programs\\Startup\\s86e81qbcxd.exe"
"backup"="C:\\WINDOWS\\pss\\s86e81qbcxd.exeStartup"
"location"="Startup"
"command"="C:\\Documents and Settings\\Hong\\Start Menu\\Programs\\Startup\\s86e81qbcxd.exe"
"item"="s86e81qbcxd"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupfolder\C:^Documents and Settings^Hong^Start Menu^Programs^Startup^uk0g3ss3ee1.exe]
"path"="C:\\Documents and Settings\\Hong\\Start Menu\\Programs\\Startup\\uk0g3ss3ee1.exe"
"backup"="C:\\WINDOWS\\pss\\uk0g3ss3ee1.exeStartup"
"location"="Startup"
"command"="C:\\Documents and Settings\\Hong\\Start Menu\\Programs\\Startup\\uk0g3ss3ee1.exe"
"item"="uk0g3ss3ee1"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupfolder\C:^Documents and Settings^Hong^Start Menu^Programs^Startup^vmmhyytk.exe]
"path"="C:\\Documents and Settings\\Hong\\Start Menu\\Programs\\Startup\\vmmhyytk.exe"
"backup"="C:\\WINDOWS\\pss\\vmmhyytk.exeStartup"
"location"="Startup"
"command"="C:\\Documents and Settings\\Hong\\Start Menu\\Programs\\Startup\\vmmhyytk.exe"
"item"="vmmhyytk"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupfolder\C:^Documents and Settings^Hong^Start Menu^Programs^Startup^w0xnijjfk3.exe]
"path"="C:\\Documents and Settings\\Hong\\Start Menu\\Programs\\Startup\\w0xnijjfk3.exe"
"backup"="C:\\WINDOWS\\pss\\w0xnijjfk3.exeStartup"
"location"="Startup"
"command"="C:\\Documents and Settings\\Hong\\Start Menu\\Programs\\Startup\\w0xnijjfk3.exe"
"item"="w0xnijjfk3"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupfolder\C:^Documents and Settings^Hong^Start Menu^Programs^Startup^whx9ye0k3w.exe]
"path"="C:\\Documents and Settings\\Hong\\Start Menu\\Programs\\Startup\\whx9ye0k3w.exe"
"backup"="C:\\WINDOWS\\pss\\whx9ye0k3w.exeStartup"
"location"="Startup"
"command"="C:\\Documents and Settings\\Hong\\Start Menu\\Programs\\Startup\\whx9ye0k3w.exe"
"item"="whx9ye0k3w"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupfolder\C:^Documents and Settings^Hong^Start Menu^Programs^Startup^WinFlip.lnk]
"item"="WinFlip"
"path"="C:\\Documents and Settings\\Hong\\Start Menu\\Programs\\Startup\\WinFlip.lnk"
"backup"="C:\\WINDOWS\\pss\\WinFlip.lnkStartup"
"location"="Startup"
"command"="C:\\PROGRA~1\\WinFlip\\WinFlip.exe"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupfolder\C:^Documents and Settings^Hong^Start Menu^Programs^Startup^y8703g0hxd6.exe]
"path"="C:\\Documents and Settings\\Hong\\Start Menu\\Programs\\Startup\\y8703g0hxd6.exe"
"backup"="C:\\WINDOWS\\pss\\y8703g0hxd6.exeStartup"
"location"="Startup"
"command"="C:\\Documents and Settings\\Hong\\Start Menu\\Programs\\Startup\\y8703g0hxd6.exe"
"item"="y8703g0hxd6"
Re: FB virus asi...Pomoc
Text níže vložte do poznámkového bloku a uložte jako 123.reg a poté tento soubor otevřete a povolte přidání do registru Poté vložte nový log z RSIT. Dále můžete kliknout na MBAM v mém podpisu a udělat scan dle návodu. Zvolte "provést úplný scan" a log vložte opět sem.
Poté vložte nový log z RSIT. Dále můžete kliknout na MBAM v mém podpisu a udělat scan dle návodu. Zvolte "provést úplný scan" a log vložte opět sem.Kód: Vybrat vše
Windows Registry Editor Version 5.00
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupfolder\C:^Documents and Settings^Hong^Start Menu^Programs^Startup^0ddzppl.exe]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupfolder\C:^Documents and Settings^Hong^Start Menu^Programs^Startup^5n0tup8.exe]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupfolder\C:^Documents and Settings^Hong^Start Menu^Programs^Startup^a1wssneezq.exe]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupfolder\C:^Documents and Settings^Hong^Start Menu^Programs^Startup^a3mc1ijj.exe]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupfolder\C:^Documents and Settings^Hong^Start Menu^Programs^Startup^avbg3ss3.exe]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupfolder\C:^Documents and Settings^Hong^Start Menu^Programs^Startup^bhxnijjf.exe]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupfolder\C:^Documents and Settings^Hong^Start Menu^Programs^Startup^cxxotup83.exe]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupfolder\C:^Documents and Settings^Hong^Start Menu^Programs^Startup^fagg3ss3ee1.exe]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupfolder\C:^Documents and Settings^Hong^Start Menu^Programs^Startup^g70hdyy6k.exe]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupfolder\C:^Documents and Settings^Hong^Start Menu^Programs^Startup^i3uuklq8.exe]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupfolder\C:^Documents and Settings^Hong^Start Menu^Programs^Startup^i3uuklq860.exe]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupfolder\C:^Documents and Settings^Hong^Start Menu^Programs^Startup^lwhns3ee1q.exe]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupfolder\C:^Documents and Settings^Hong^Start Menu^Programs^Startup^riddzpplq3.exe]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupfolder\C:^Documents and Settings^Hong^Start Menu^Programs^Startup^rrnddzpplbb.exe]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupfolder\C:^Documents and Settings^Hong^Start Menu^Programs^Startup^s86e81qbcxd.exe]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupfolder\C:^Documents and Settings^Hong^Start Menu^Programs^Startup^uk0g3ss3ee1.exe]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupfolder\C:^Documents and Settings^Hong^Start Menu^Programs^Startup^vmmhyytk.exe]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupfolder\C:^Documents and Settings^Hong^Start Menu^Programs^Startup^w0xnijjfk3.exe]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupfolder\C:^Documents and Settings^Hong^Start Menu^Programs^Startup^whx9ye0k3w.exe]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupfolder\C:^Documents and Settings^Hong^Start Menu^Programs^Startup^y8703g0hxd6.exe]
-
Hoong
- Návštěvník
- Příspěvky: 26
- Registrován: 01 led 2009 13:49
- Bydliště: Prešov Slovakia
- Kontaktovat uživatele:
Re: FB virus asi...Pomoc
RSIT LOG :::
Logfile of random's system information tool 1.08 (written by random/random)
Run by Hong at 2010-11-25 23:10:34
Microsoft Windows XP Professional Service Pack 3
System drive C: has 43 GB (44%) free of 98 GB
Total RAM: 2559 MB (77% free)
Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 23:10:43, on 25.11.2010
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpohmr08.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpoevm08.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\Bin\hpoSTS08.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Documents and Settings\Hong\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Program Files\uTorrent\uTorrent.exe
C:\Documents and Settings\Hong\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Hong\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Hong\Desktop\RSIT.exe
C:\Program Files\trend micro\Hong.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://fullarticles.net
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.games-fusion.net
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (file missing)
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [NVMixerTray] "C:\Program Files\NVIDIA Corporation\NvMixer\NVMixerTray.exe"
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [nwiz] C:\Program Files\NVIDIA Corporation\nView\nwiz.exe /installquiet
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: hp psc 1000 series.lnk = ?
O9 - Extra button: ICQ7.1 - {71BFC818-0CED-42D6-9C87-5142918957EE} - C:\Program Files\ICQ7.1\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ7.1 - {71BFC818-0CED-42D6-9C87-5142918957EE} - C:\Program Files\ICQ7.1\ICQ.exe
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O15 - Trusted Zone: http://asia.msi.com.tw
O15 - Trusted Zone: http://global.msi.com.tw
O15 - Trusted Zone: http://www.msi.com.tw
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} - http://go.microsoft.com/fwlink/?linkid=39204
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: SwitchBoard - Adobe Systems Incorporated - C:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
--
End of file - 4461 bytes
======Scheduled tasks folder======
C:\WINDOWS\tasks\AdobeAAMUpdater-1.0-FAJKOS-Hong.job
C:\WINDOWS\tasks\FRU Task #Hewlett-Packard#hp psc 1200 series#1275498585.job
C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-789336058-839522115-1617979688-1003Core.job
C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-789336058-839522115-1617979688-1003UA.job
======Registry dump======
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}]
Adobe PDF Link Helper - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll []
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"BluetoothAuthenticationAgent"=bthprops.cpl,,BluetoothAuthenticationAgent []
"NVMixerTray"=C:\Program Files\NVIDIA Corporation\NvMixer\NVMixerTray.exe [2004-06-03 131072]
"SoundMan"=C:\WINDOWS\SOUNDMAN.EXE [2007-04-16 577536]
"nwiz"=C:\Program Files\NVIDIA Corporation\nView\nwiz.exe [2010-07-07 1753192]
"NvMediaCenter"=C:\WINDOWS\system32\NvMcTray.dll [2010-07-09 110696]
"NvCplDaemon"=C:\WINDOWS\system32\NvCpl.dll [2010-07-09 13923432]
"Adobe Reader Speed Launcher"=C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe [2010-09-23 35760]
"Adobe ARM"=C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2010-09-20 932288]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2010-09-20 932288]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe [2010-09-23 35760]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AdobeAAMUpdater-1.0]
C:\Program Files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [2010-03-06 500208]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AdobeCS4ServiceManager]
C:\Program Files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe [2008-08-14 611712]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AdobeCS5ServiceManager]
C:\Program Files\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe [2010-07-22 402432]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BDRegion]
C:\Program Files\Cyberlink\Shared files\brs.exe [2010-06-28 75048]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools Lite]
C:\Program Files\DAEMON Tools Lite\DTLite.exe [2010-04-01 357696]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DivXUpdate]
C:\Program Files\DivX\DivX Update\DivXUpdate.exe [2010-04-12 1135912]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Update]
C:\Documents and Settings\Hong\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2009-09-24 133104]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ICQ]
C:\Program Files\ICQ7.1\ICQ.exe [2010-10-27 133432]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\msnmsgr]
C:\Program Files\Windows Live\Messenger\msnmsgr.exe [2009-07-26 3883856]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
C:\WINDOWS\system32\NeroCheck.exe [2001-07-09 155648]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NVIDIA nTune]
C:\Program Files\NVIDIA Corporation\nTune\nTuneCmd.exe [2007-09-04 81920]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvMediaCenter]
C:\WINDOWS\system32\NvMcTray.dll [2010-07-09 110696]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
C:\Program Files\QuickTime\QTTask.exe [2009-05-26 413696]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RemoteControl10]
D:\PowerDVD10\PDVD10Serv.exe [2010-02-02 87336]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
C:\Program Files\Java\jre6\bin\jusched.exe [2009-02-14 148888]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SwitchBoard]
C:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-02-19 517096]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinampAgent]
C:\Program Files\Winamp\winampa.exe [2010-07-12 74752]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^hpoddt01.exe.lnk]
C:\PROGRA~1\HEWLET~1\DIGITA~1\bin\hpotdd01.exe [2003-04-06 28672]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^Hong^Start Menu^Programs^Startup^Adobe Gamma.lnk]
C:\PROGRA~1\COMMON~1\Adobe\CALIBR~1\ADOBEG~1.EXE []
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^Hong^Start Menu^Programs^Startup^MagicDisc.lnk]
C:\PROGRA~1\MAGICD~1\MAGICD~1.EXE [2009-02-23 576000]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^Hong^Start Menu^Programs^Startup^OpenOffice.org 3.0.lnk]
C:\PROGRA~1\OPENOF~1.ORG\program\QUICKS~1.EXE [2009-01-15 393216]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^Hong^Start Menu^Programs^Startup^WinFlip.lnk]
C:\PROGRA~1\WinFlip\WinFlip.exe [2007-10-25 462848]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"ose"=3
"idsvc"=3
"ICQ Service"=2
"WZCSVC"=2
"wuauserv"=2
"wscsvc"=2
"JavaQuickStarterService"=2
"NetTcpPortSharing"=2
"WMPNetworkSvc"=3
"gusvc"=2
"gupdate1c9aca3419ed106"=2
"Viewpoint Manager Service"=2
"MDM"=2
"Adobe LM Service"=3
"ServiceLayer"=3
"IDriverT"=3
"fsssvc"=3
"FLEXnet Licensing Service"=3
"nvsvc"=2
"nTuneService"=2
"CachemanXPService"=3
C:\Documents and Settings\All Users\Start Menu\Programs\Startup
hp psc 1000 series.lnk - C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpohmr08.exe
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WgaLogon]
WgaLogon.dll []
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll [2006-10-19 133632]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\MSIServer]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\nm]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\nm.sys]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\Wdf01000.sys]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=323
"NoDriveAutoRun"=67108863
"NoSMBalloonTip"=0
"NoDesktopCleanupWizard"=1
"NoDrives"=0
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"HonorAutoRunSetting"=1
"NoDriveAutoRun"=67108863
"NoDriveTypeAutoRun"=323
"NoDrives"=0
"NoResolveSearch"=1
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\Opera\opera.exe"="C:\Program Files\Opera\opera.exe:*:Enabled:Opera Internet Browser"
"C:\Program Files\uTorrent\uTorrent.exe"="C:\Program Files\uTorrent\uTorrent.exe:*:Enabled:µTorrent"
"C:\Program Files\ICQ7.1\ICQ.exe"="C:\Program Files\ICQ7.1\ICQ.exe:*:Enabled:ICQ7.1"
"C:\Program Files\ICQ7.1\aolload.exe"="C:\Program Files\ICQ7.1\aolload.exe:*:Enabled:aolload.exe"
"C:\Program Files\Pando Networks\Media Booster\PMB.exe"="C:\Program Files\Pando Networks\Media Booster\PMB.exe:*:Enabled:Pando Media Booster"
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\ICQ7.1\ICQ.exe"="C:\Program Files\ICQ7.1\ICQ.exe:*:Enabled:ICQ7.1"
"C:\Program Files\ICQ7.1\aolload.exe"="C:\Program Files\ICQ7.1\aolload.exe:*:Enabled:aolload.exe"
"C:\Program Files\Pando Networks\Media Booster\PMB.exe"="C:\Program Files\Pando Networks\Media Booster\PMB.exe:*:Enabled:Pando Media Booster"
======List of files/folders created in the last 1 months======
2010-11-25 14:19:50 ----A---- C:\WINDOWS\system32\drivers\mouhid.sys
2010-11-24 00:59:05 ----SHD---- C:\RECYCLER
2010-11-23 21:26:14 ----A---- C:\WINDOWS\system32\drivers\hidusb.sys
2010-11-23 16:03:46 ----D---- C:\WINDOWS\temp
2010-11-23 16:03:44 ----A---- C:\ComboFix.txt
2010-11-21 18:50:36 ----D---- C:\Documents and Settings\Hong\Application Data\Mumble
2010-11-21 18:50:03 ----D---- C:\Program Files\Mumble
2010-11-20 22:17:16 ----D---- C:\Program Files\The KMPlayer
2010-11-15 22:58:12 ----D---- C:\Documents and Settings\Hong\Application Data\TS3Client
2010-11-15 22:57:55 ----D---- C:\Program Files\TeamSpeak 3 Client
2010-11-14 19:02:10 ----RASHD---- C:\cmdcons
2010-11-14 18:44:16 ----D---- C:\rsit
2010-11-14 18:23:48 ----A---- C:\WINDOWS\zip.exe
2010-11-14 18:23:48 ----A---- C:\WINDOWS\SWXCACLS.exe
2010-11-14 18:23:48 ----A---- C:\WINDOWS\SWSC.exe
2010-11-14 18:23:48 ----A---- C:\WINDOWS\SWREG.exe
2010-11-14 18:23:48 ----A---- C:\WINDOWS\sed.exe
2010-11-14 18:23:48 ----A---- C:\WINDOWS\PEV.exe
2010-11-14 18:23:48 ----A---- C:\WINDOWS\NIRCMD.exe
2010-11-14 18:23:48 ----A---- C:\WINDOWS\MBR.exe
2010-11-14 18:23:48 ----A---- C:\WINDOWS\grep.exe
2010-11-14 18:22:58 ----D---- C:\Documents and Settings\All Users\Application Data\Lavasoft
2010-11-14 18:19:23 ----D---- C:\WINDOWS\ERDNT
2010-11-14 18:16:50 ----AD---- C:\Qoobox
2010-11-14 17:44:15 ----A---- C:\WINDOWS\SchedLgU.Txt
2010-11-14 13:10:32 ----A---- C:\WINDOWS\wininit.ini
2010-11-13 19:36:38 ----D---- C:\Program Files\Spybot - Search & Destroy
2010-11-13 19:36:38 ----D---- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2010-10-28 22:42:20 ----D---- C:\Documents and Settings\All Users\Application Data\Trymedia
======List of files/folders modified in the last 1 months======
2010-11-25 23:10:36 ----D---- C:\Program Files\Trend Micro
2010-11-25 23:10:30 ----D---- C:\Documents and Settings\Hong\Application Data\uTorrent
2010-11-25 23:07:17 ----D---- C:\Documents and Settings\Hong\Application Data\ICQ
2010-11-25 14:32:38 ----D---- C:\WINDOWS
2010-11-25 14:19:55 ----RSHDC---- C:\WINDOWS\system32\dllcache
2010-11-25 14:19:50 ----D---- C:\WINDOWS\system32\drivers
2010-11-25 14:19:46 ----D---- C:\WINDOWS\system32\CatRoot2
2010-11-25 14:03:55 ----D---- C:\WINDOWS\system32
2010-11-25 14:03:55 ----A---- C:\WINDOWS\system32\PerfStringBackup.INI
2010-11-24 14:00:46 ----D---- C:\WINDOWS\Prefetch
2010-11-24 08:09:05 ----SHD---- C:\WINDOWS\Installer
2010-11-24 00:13:40 ----D---- C:\WINDOWS\system32\ias
2010-11-23 23:45:51 ----SD---- C:\Documents and Settings\Hong\Application Data\Microsoft
2010-11-23 22:37:44 ----D---- C:\WINDOWS\Debug
2010-11-23 22:24:59 ----A---- C:\WINDOWS\NeroDigital.ini
2010-11-23 22:24:32 ----D---- C:\Documents and Settings\Hong\Application Data\vlc
2010-11-23 21:26:10 ----HD---- C:\WINDOWS\inf
2010-11-23 15:58:22 ----A---- C:\WINDOWS\system.ini
2010-11-23 15:58:10 ----D---- C:\WINDOWS\system32\drivers\etc
2010-11-23 15:56:37 ----D---- C:\WINDOWS\system32\config
2010-11-23 15:54:45 ----D---- C:\WINDOWS\AppPatch
2010-11-23 15:54:44 ----D---- C:\Program Files\Common Files
2010-11-21 20:44:09 ----A---- C:\WINDOWS\win.ini
2010-11-21 18:50:03 ----RD---- C:\Program Files
2010-11-18 21:21:35 ----SD---- C:\WINDOWS\Tasks
2010-11-14 21:47:45 ----D---- C:\WINDOWS\pss
2010-11-14 21:42:28 ----DC---- C:\WINDOWS\system32\DRVSTORE
2010-11-14 19:02:16 ----RASH---- C:\boot.ini
2010-11-14 18:22:53 ----D---- C:\WINDOWS\WinSxS
2010-11-14 17:49:20 ----SHD---- C:\WINDOWS\CSC
2010-11-14 17:41:58 ----D---- C:\WINDOWS\system32\LogFiles
2010-11-14 17:30:46 ----D---- C:\WINDOWS\system32\appmgmt
2010-11-14 17:13:58 ----A---- C:\Boot.bak
2010-11-10 16:47:27 ----D---- C:\Documents and Settings\All Users\Application Data\Adobe
2010-11-10 16:47:07 ----D---- C:\Program Files\Adobe
2010-11-10 16:46:56 ----D---- C:\Program Files\Common Files\Adobe
2010-11-03 14:34:41 ----D---- C:\Documents and Settings\All Users\Application Data\Blizzard Entertainment
2010-11-02 18:52:46 ----D---- C:\Program Files\Common Files\Blizzard Entertainment
2010-10-31 23:24:24 ----D---- C:\Program Files\ICQ7.1
2010-10-28 22:30:23 ----RSD---- C:\WINDOWS\assembly
2010-10-28 22:30:04 ----D---- C:\WINDOWS\system32\DirectX
2010-10-26 15:59:15 ----D---- C:\Documents and Settings\Hong\Application Data\SystemRequirementsLab
======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
R0 nv_agp;NVIDIA nForce AGP Bus Filter; C:\WINDOWS\system32\DRIVERS\nv_agp.sys [2004-04-02 21760]
R0 nvatabus;nvatabus; C:\WINDOWS\system32\DRIVERS\nvatabus.sys [2004-06-03 79360]
R0 PxHelp20;PxHelp20; C:\WINDOWS\System32\Drivers\PxHelp20.sys [2009-04-28 44944]
R0 sptd;sptd; C:\WINDOWS\System32\Drivers\sptd.sys [2010-04-22 691696]
R0 WudfPf;Windows Driver Foundation - User-mode Driver Framework Platform Driver; C:\WINDOWS\system32\DRIVERS\WudfPf.sys [2008-01-18 77696]
R1 AFS2K;AFS2k; C:\WINDOWS\system32\drivers\AFS2K.sys [2010-06-02 82380]
R1 AmdK8;AMD Processor Driver; C:\WINDOWS\system32\DRIVERS\AmdK8.sys [2006-07-01 36864]
R2 {1BA31E5A-C098-42d8-8F88-3C9F78A2FDDC};Power Control [2010/07/11 13:05:02]; \??\D:\PowerDVD10\NavFilter\000.fcl []
R2 adfs;adfs; C:\WINDOWS\system32\drivers\adfs.sys [2008-08-14 74720]
R2 cpuz132;cpuz132; \??\C:\WINDOWS\system32\drivers\cpuz132_x32.sys []
R2 fssfltr;FssFltr; C:\WINDOWS\system32\DRIVERS\fssfltr_tdi.sys [2009-08-05 54752]
R3 ALCXWDM;Service for Realtek AC97 Audio (WDM); C:\WINDOWS\system32\drivers\ALCXWDM.SYS [2007-04-25 4030144]
R3 HidUsb;Microsoft HID Class Driver; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2008-04-14 10368]
R3 mcdbus;Driver for MagicISO SCSI Host Controller; C:\WINDOWS\system32\DRIVERS\mcdbus.sys [2009-02-24 116736]
R3 mouhid;Mouse HID Driver; C:\WINDOWS\system32\DRIVERS\mouhid.sys [2001-08-17 12160]
R3 nv;nv; C:\WINDOWS\system32\DRIVERS\nv4_mini.sys [2010-07-09 10604128]
R3 NVENETFD;NVIDIA nForce Networking Controller Driver; C:\WINDOWS\system32\DRIVERS\NVENETFD.sys [2005-04-06 33536]
R3 nvnetbus;NVIDIA Network Bus Enumerator; C:\WINDOWS\system32\DRIVERS\nvnetbus.sys [2005-04-06 12928]
R3 RTL8023xp;Realtek 10/100/1000 PCI NIC Family NDIS XP Driver; C:\WINDOWS\system32\DRIVERS\Rtnicxp.sys [2009-03-25 130432]
S3 agmmjxdy;agmmjxdy; C:\WINDOWS\system32\drivers\agmmjxdy.sys []
S3 BthEnum;Bluetooth Request Block Driver; C:\WINDOWS\system32\DRIVERS\BthEnum.sys [2008-04-14 17024]
S3 BTHMODEM;Bluetooth Modem Communications Driver; C:\WINDOWS\system32\DRIVERS\bthmodem.sys [2008-04-14 37888]
S3 BthPan;Bluetooth Device (Personal Area Network); C:\WINDOWS\system32\DRIVERS\bthpan.sys [2008-04-14 101120]
S3 BTHPORT;Bluetooth Port Driver; C:\WINDOWS\System32\Drivers\BTHport.sys [2008-06-13 272128]
S3 BTHUSB;Bluetooth Radio USB Driver; C:\WINDOWS\System32\Drivers\BTHUSB.sys [2008-04-14 18944]
S3 btkrnl;Bluetooth Bus Enumerator; C:\WINDOWS\system32\DRIVERS\btkrnl.sys []
S3 catchme;catchme; \??\C:\ComboFix\catchme.sys []
S3 EagleNT;EagleNT; \??\C:\WINDOWS\system32\drivers\EagleNT.sys []
S3 GMSIPCI;GMSIPCI; \??\F:\INSTALL\GMSIPCI.SYS []
S3 HPZid412;IEEE-1284.4 Driver HPZid412; C:\WINDOWS\system32\DRIVERS\HPZid412.sys [2003-03-10 51024]
S3 HPZipr12;Print Class Driver for IEEE-1284.4 HPZipr12; C:\WINDOWS\system32\DRIVERS\HPZipr12.sys [2003-03-10 16080]
S3 HPZius12;USB to IEEE-1284.4 Translation Driver HPZius12; C:\WINDOWS\system32\DRIVERS\HPZius12.sys [2003-03-10 21456]
S3 n558;N558 Bluetooth USB Filter Driver; C:\WINDOWS\System32\Drivers\n558.sys [2007-08-15 9600]
S3 nmwcd;Nokia USB Phone Parent; C:\WINDOWS\system32\drivers\ccdcmb.sys [2009-02-09 17664]
S3 nmwcdc;Nokia USB Generic; C:\WINDOWS\system32\drivers\ccdcmbo.sys [2009-02-09 22016]
S3 NVR0Dev;NVR0Dev; \??\C:\WINDOWS\nvoclock.sys []
S3 pccsmcfd;PCCS Mode Change Filter Driver; C:\WINDOWS\system32\DRIVERS\pccsmcfd.sys [2008-08-26 18816]
S3 RFCOMM;Bluetooth Device (RFCOMM Protocol TDI); C:\WINDOWS\system32\DRIVERS\rfcomm.sys [2008-04-14 59136]
S3 rtl8139;Realtek RTL8139(A/B/C)-based PCI Fast Ethernet Adapter NT Driver; C:\WINDOWS\system32\DRIVERS\RTL8139.SYS [2004-08-03 20992]
S3 SONYPVU1;Sony USB Filter Driver (SONYPVU1); C:\WINDOWS\system32\DRIVERS\SONYPVU1.SYS [2001-08-17 7552]
S3 upperdev;upperdev; C:\WINDOWS\system32\DRIVERS\usbser_lowerflt.sys [2009-02-09 7808]
S3 usbccgp;Microsoft USB Generic Parent Driver; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2008-04-14 32128]
S3 usbprint;Microsoft USB PRINTER Class; C:\WINDOWS\system32\DRIVERS\usbprint.sys [2008-04-14 25856]
S3 usbscan;USB Scanner Driver; C:\WINDOWS\system32\DRIVERS\usbscan.sys [2008-04-14 15104]
S3 usbser;USB Modem Driver; C:\WINDOWS\system32\drivers\usbser.sys [2008-04-14 26112]
S3 UsbserFilt;UsbserFilt; C:\WINDOWS\system32\DRIVERS\usbser_lowerfltj.sys [2009-02-09 7808]
S3 USBSTOR;USB Mass Storage Driver; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-14 26368]
S3 Wdf01000;Kernel Mode Driver Frameworks service; C:\WINDOWS\System32\Drivers\wdf01000.sys [2008-03-27 503008]
S3 WpdUsb;WpdUsb; C:\WINDOWS\system32\DRIVERS\wpdusb.sys [2006-10-19 38528]
S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; C:\WINDOWS\system32\DRIVERS\wudfrd.sys [2008-01-18 83328]
======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
R2 BthServ;Bluetooth Support Service; C:\WINDOWS\system32\svchost.exe [2008-04-14 14336]
R2 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS\system32\svchost.exe [2008-04-14 14336]
S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2008-07-25 34312]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2008-07-25 69632]
S3 FontCache3.0.0.0;Windows Presentation Foundation Font Cache 3.0.0.0; C:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe [2008-07-30 46104]
S3 Pml Driver HPZ12;Pml Driver HPZ12; C:\WINDOWS\system32\HPZipm12.exe [2003-03-10 65795]
S3 SwitchBoard;SwitchBoard; C:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-02-19 517096]
S4 FLEXnet Licensing Service;FLEXnet Licensing Service; C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe [2009-08-11 655624]
S4 fsssvc;Služba Bezpečnosť rodiny v službe Windows Live; C:\Program Files\Windows Live\Family Safety\fsssvc.exe [2009-08-05 704864]
S4 IDriverT;InstallDriver Table Manager; C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe [2005-11-14 69632]
S4 idsvc;Windows CardSpace; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe [2008-07-30 881664]
S4 JavaQuickStarterService;Java Quick Starter; C:\Program Files\Java\jre6\bin\jqs.exe [2009-02-14 152984]
S4 MDM;Machine Debug Manager; C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE [2003-06-20 322120]
S4 NetTcpPortSharing;Net.Tcp Port Sharing Service; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe [2008-07-30 132096]
S4 nTuneService;nTune Service; C:\Program Files\NVIDIA Corporation\nTune\nTuneService.exe [2007-09-04 131072]
S4 nvsvc;NVIDIA Display Driver Service; C:\WINDOWS\system32\nvsvc32.exe [2010-07-09 155752]
S4 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2003-07-29 89136]
S4 ServiceLayer;ServiceLayer; C:\Program Files\PC Connectivity Solution\ServiceLayer.exe [2009-06-02 637952]
S4 Viewpoint Manager Service;Viewpoint Manager Service; C:\Program Files\Viewpoint\Common\ViewpointService.exe [2007-01-04 24652]
S4 WMPNetworkSvc;Windows Media Player Network Sharing Service; C:\Program Files\Windows Media Player\WMPNetwk.exe [2006-10-19 913408]
-----------------EOF-----------------
Logfile of random's system information tool 1.08 (written by random/random)
Run by Hong at 2010-11-25 23:10:34
Microsoft Windows XP Professional Service Pack 3
System drive C: has 43 GB (44%) free of 98 GB
Total RAM: 2559 MB (77% free)
Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 23:10:43, on 25.11.2010
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpohmr08.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpoevm08.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\Bin\hpoSTS08.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Documents and Settings\Hong\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Program Files\uTorrent\uTorrent.exe
C:\Documents and Settings\Hong\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Hong\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Hong\Desktop\RSIT.exe
C:\Program Files\trend micro\Hong.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://fullarticles.net
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.games-fusion.net
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (file missing)
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [NVMixerTray] "C:\Program Files\NVIDIA Corporation\NvMixer\NVMixerTray.exe"
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [nwiz] C:\Program Files\NVIDIA Corporation\nView\nwiz.exe /installquiet
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: hp psc 1000 series.lnk = ?
O9 - Extra button: ICQ7.1 - {71BFC818-0CED-42D6-9C87-5142918957EE} - C:\Program Files\ICQ7.1\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ7.1 - {71BFC818-0CED-42D6-9C87-5142918957EE} - C:\Program Files\ICQ7.1\ICQ.exe
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O15 - Trusted Zone: http://asia.msi.com.tw
O15 - Trusted Zone: http://global.msi.com.tw
O15 - Trusted Zone: http://www.msi.com.tw
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} - http://go.microsoft.com/fwlink/?linkid=39204
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: SwitchBoard - Adobe Systems Incorporated - C:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
--
End of file - 4461 bytes
======Scheduled tasks folder======
C:\WINDOWS\tasks\AdobeAAMUpdater-1.0-FAJKOS-Hong.job
C:\WINDOWS\tasks\FRU Task #Hewlett-Packard#hp psc 1200 series#1275498585.job
C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-789336058-839522115-1617979688-1003Core.job
C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-789336058-839522115-1617979688-1003UA.job
======Registry dump======
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}]
Adobe PDF Link Helper - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll []
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"BluetoothAuthenticationAgent"=bthprops.cpl,,BluetoothAuthenticationAgent []
"NVMixerTray"=C:\Program Files\NVIDIA Corporation\NvMixer\NVMixerTray.exe [2004-06-03 131072]
"SoundMan"=C:\WINDOWS\SOUNDMAN.EXE [2007-04-16 577536]
"nwiz"=C:\Program Files\NVIDIA Corporation\nView\nwiz.exe [2010-07-07 1753192]
"NvMediaCenter"=C:\WINDOWS\system32\NvMcTray.dll [2010-07-09 110696]
"NvCplDaemon"=C:\WINDOWS\system32\NvCpl.dll [2010-07-09 13923432]
"Adobe Reader Speed Launcher"=C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe [2010-09-23 35760]
"Adobe ARM"=C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2010-09-20 932288]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2010-09-20 932288]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe [2010-09-23 35760]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AdobeAAMUpdater-1.0]
C:\Program Files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [2010-03-06 500208]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AdobeCS4ServiceManager]
C:\Program Files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe [2008-08-14 611712]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AdobeCS5ServiceManager]
C:\Program Files\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe [2010-07-22 402432]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BDRegion]
C:\Program Files\Cyberlink\Shared files\brs.exe [2010-06-28 75048]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools Lite]
C:\Program Files\DAEMON Tools Lite\DTLite.exe [2010-04-01 357696]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DivXUpdate]
C:\Program Files\DivX\DivX Update\DivXUpdate.exe [2010-04-12 1135912]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Update]
C:\Documents and Settings\Hong\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2009-09-24 133104]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ICQ]
C:\Program Files\ICQ7.1\ICQ.exe [2010-10-27 133432]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\msnmsgr]
C:\Program Files\Windows Live\Messenger\msnmsgr.exe [2009-07-26 3883856]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
C:\WINDOWS\system32\NeroCheck.exe [2001-07-09 155648]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NVIDIA nTune]
C:\Program Files\NVIDIA Corporation\nTune\nTuneCmd.exe [2007-09-04 81920]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvMediaCenter]
C:\WINDOWS\system32\NvMcTray.dll [2010-07-09 110696]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
C:\Program Files\QuickTime\QTTask.exe [2009-05-26 413696]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RemoteControl10]
D:\PowerDVD10\PDVD10Serv.exe [2010-02-02 87336]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
C:\Program Files\Java\jre6\bin\jusched.exe [2009-02-14 148888]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SwitchBoard]
C:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-02-19 517096]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinampAgent]
C:\Program Files\Winamp\winampa.exe [2010-07-12 74752]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^hpoddt01.exe.lnk]
C:\PROGRA~1\HEWLET~1\DIGITA~1\bin\hpotdd01.exe [2003-04-06 28672]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^Hong^Start Menu^Programs^Startup^Adobe Gamma.lnk]
C:\PROGRA~1\COMMON~1\Adobe\CALIBR~1\ADOBEG~1.EXE []
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^Hong^Start Menu^Programs^Startup^MagicDisc.lnk]
C:\PROGRA~1\MAGICD~1\MAGICD~1.EXE [2009-02-23 576000]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^Hong^Start Menu^Programs^Startup^OpenOffice.org 3.0.lnk]
C:\PROGRA~1\OPENOF~1.ORG\program\QUICKS~1.EXE [2009-01-15 393216]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^Hong^Start Menu^Programs^Startup^WinFlip.lnk]
C:\PROGRA~1\WinFlip\WinFlip.exe [2007-10-25 462848]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"ose"=3
"idsvc"=3
"ICQ Service"=2
"WZCSVC"=2
"wuauserv"=2
"wscsvc"=2
"JavaQuickStarterService"=2
"NetTcpPortSharing"=2
"WMPNetworkSvc"=3
"gusvc"=2
"gupdate1c9aca3419ed106"=2
"Viewpoint Manager Service"=2
"MDM"=2
"Adobe LM Service"=3
"ServiceLayer"=3
"IDriverT"=3
"fsssvc"=3
"FLEXnet Licensing Service"=3
"nvsvc"=2
"nTuneService"=2
"CachemanXPService"=3
C:\Documents and Settings\All Users\Start Menu\Programs\Startup
hp psc 1000 series.lnk - C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpohmr08.exe
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WgaLogon]
WgaLogon.dll []
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll [2006-10-19 133632]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\MSIServer]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\nm]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\nm.sys]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\Wdf01000.sys]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=323
"NoDriveAutoRun"=67108863
"NoSMBalloonTip"=0
"NoDesktopCleanupWizard"=1
"NoDrives"=0
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"HonorAutoRunSetting"=1
"NoDriveAutoRun"=67108863
"NoDriveTypeAutoRun"=323
"NoDrives"=0
"NoResolveSearch"=1
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\Opera\opera.exe"="C:\Program Files\Opera\opera.exe:*:Enabled:Opera Internet Browser"
"C:\Program Files\uTorrent\uTorrent.exe"="C:\Program Files\uTorrent\uTorrent.exe:*:Enabled:µTorrent"
"C:\Program Files\ICQ7.1\ICQ.exe"="C:\Program Files\ICQ7.1\ICQ.exe:*:Enabled:ICQ7.1"
"C:\Program Files\ICQ7.1\aolload.exe"="C:\Program Files\ICQ7.1\aolload.exe:*:Enabled:aolload.exe"
"C:\Program Files\Pando Networks\Media Booster\PMB.exe"="C:\Program Files\Pando Networks\Media Booster\PMB.exe:*:Enabled:Pando Media Booster"
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\ICQ7.1\ICQ.exe"="C:\Program Files\ICQ7.1\ICQ.exe:*:Enabled:ICQ7.1"
"C:\Program Files\ICQ7.1\aolload.exe"="C:\Program Files\ICQ7.1\aolload.exe:*:Enabled:aolload.exe"
"C:\Program Files\Pando Networks\Media Booster\PMB.exe"="C:\Program Files\Pando Networks\Media Booster\PMB.exe:*:Enabled:Pando Media Booster"
======List of files/folders created in the last 1 months======
2010-11-25 14:19:50 ----A---- C:\WINDOWS\system32\drivers\mouhid.sys
2010-11-24 00:59:05 ----SHD---- C:\RECYCLER
2010-11-23 21:26:14 ----A---- C:\WINDOWS\system32\drivers\hidusb.sys
2010-11-23 16:03:46 ----D---- C:\WINDOWS\temp
2010-11-23 16:03:44 ----A---- C:\ComboFix.txt
2010-11-21 18:50:36 ----D---- C:\Documents and Settings\Hong\Application Data\Mumble
2010-11-21 18:50:03 ----D---- C:\Program Files\Mumble
2010-11-20 22:17:16 ----D---- C:\Program Files\The KMPlayer
2010-11-15 22:58:12 ----D---- C:\Documents and Settings\Hong\Application Data\TS3Client
2010-11-15 22:57:55 ----D---- C:\Program Files\TeamSpeak 3 Client
2010-11-14 19:02:10 ----RASHD---- C:\cmdcons
2010-11-14 18:44:16 ----D---- C:\rsit
2010-11-14 18:23:48 ----A---- C:\WINDOWS\zip.exe
2010-11-14 18:23:48 ----A---- C:\WINDOWS\SWXCACLS.exe
2010-11-14 18:23:48 ----A---- C:\WINDOWS\SWSC.exe
2010-11-14 18:23:48 ----A---- C:\WINDOWS\SWREG.exe
2010-11-14 18:23:48 ----A---- C:\WINDOWS\sed.exe
2010-11-14 18:23:48 ----A---- C:\WINDOWS\PEV.exe
2010-11-14 18:23:48 ----A---- C:\WINDOWS\NIRCMD.exe
2010-11-14 18:23:48 ----A---- C:\WINDOWS\MBR.exe
2010-11-14 18:23:48 ----A---- C:\WINDOWS\grep.exe
2010-11-14 18:22:58 ----D---- C:\Documents and Settings\All Users\Application Data\Lavasoft
2010-11-14 18:19:23 ----D---- C:\WINDOWS\ERDNT
2010-11-14 18:16:50 ----AD---- C:\Qoobox
2010-11-14 17:44:15 ----A---- C:\WINDOWS\SchedLgU.Txt
2010-11-14 13:10:32 ----A---- C:\WINDOWS\wininit.ini
2010-11-13 19:36:38 ----D---- C:\Program Files\Spybot - Search & Destroy
2010-11-13 19:36:38 ----D---- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2010-10-28 22:42:20 ----D---- C:\Documents and Settings\All Users\Application Data\Trymedia
======List of files/folders modified in the last 1 months======
2010-11-25 23:10:36 ----D---- C:\Program Files\Trend Micro
2010-11-25 23:10:30 ----D---- C:\Documents and Settings\Hong\Application Data\uTorrent
2010-11-25 23:07:17 ----D---- C:\Documents and Settings\Hong\Application Data\ICQ
2010-11-25 14:32:38 ----D---- C:\WINDOWS
2010-11-25 14:19:55 ----RSHDC---- C:\WINDOWS\system32\dllcache
2010-11-25 14:19:50 ----D---- C:\WINDOWS\system32\drivers
2010-11-25 14:19:46 ----D---- C:\WINDOWS\system32\CatRoot2
2010-11-25 14:03:55 ----D---- C:\WINDOWS\system32
2010-11-25 14:03:55 ----A---- C:\WINDOWS\system32\PerfStringBackup.INI
2010-11-24 14:00:46 ----D---- C:\WINDOWS\Prefetch
2010-11-24 08:09:05 ----SHD---- C:\WINDOWS\Installer
2010-11-24 00:13:40 ----D---- C:\WINDOWS\system32\ias
2010-11-23 23:45:51 ----SD---- C:\Documents and Settings\Hong\Application Data\Microsoft
2010-11-23 22:37:44 ----D---- C:\WINDOWS\Debug
2010-11-23 22:24:59 ----A---- C:\WINDOWS\NeroDigital.ini
2010-11-23 22:24:32 ----D---- C:\Documents and Settings\Hong\Application Data\vlc
2010-11-23 21:26:10 ----HD---- C:\WINDOWS\inf
2010-11-23 15:58:22 ----A---- C:\WINDOWS\system.ini
2010-11-23 15:58:10 ----D---- C:\WINDOWS\system32\drivers\etc
2010-11-23 15:56:37 ----D---- C:\WINDOWS\system32\config
2010-11-23 15:54:45 ----D---- C:\WINDOWS\AppPatch
2010-11-23 15:54:44 ----D---- C:\Program Files\Common Files
2010-11-21 20:44:09 ----A---- C:\WINDOWS\win.ini
2010-11-21 18:50:03 ----RD---- C:\Program Files
2010-11-18 21:21:35 ----SD---- C:\WINDOWS\Tasks
2010-11-14 21:47:45 ----D---- C:\WINDOWS\pss
2010-11-14 21:42:28 ----DC---- C:\WINDOWS\system32\DRVSTORE
2010-11-14 19:02:16 ----RASH---- C:\boot.ini
2010-11-14 18:22:53 ----D---- C:\WINDOWS\WinSxS
2010-11-14 17:49:20 ----SHD---- C:\WINDOWS\CSC
2010-11-14 17:41:58 ----D---- C:\WINDOWS\system32\LogFiles
2010-11-14 17:30:46 ----D---- C:\WINDOWS\system32\appmgmt
2010-11-14 17:13:58 ----A---- C:\Boot.bak
2010-11-10 16:47:27 ----D---- C:\Documents and Settings\All Users\Application Data\Adobe
2010-11-10 16:47:07 ----D---- C:\Program Files\Adobe
2010-11-10 16:46:56 ----D---- C:\Program Files\Common Files\Adobe
2010-11-03 14:34:41 ----D---- C:\Documents and Settings\All Users\Application Data\Blizzard Entertainment
2010-11-02 18:52:46 ----D---- C:\Program Files\Common Files\Blizzard Entertainment
2010-10-31 23:24:24 ----D---- C:\Program Files\ICQ7.1
2010-10-28 22:30:23 ----RSD---- C:\WINDOWS\assembly
2010-10-28 22:30:04 ----D---- C:\WINDOWS\system32\DirectX
2010-10-26 15:59:15 ----D---- C:\Documents and Settings\Hong\Application Data\SystemRequirementsLab
======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
R0 nv_agp;NVIDIA nForce AGP Bus Filter; C:\WINDOWS\system32\DRIVERS\nv_agp.sys [2004-04-02 21760]
R0 nvatabus;nvatabus; C:\WINDOWS\system32\DRIVERS\nvatabus.sys [2004-06-03 79360]
R0 PxHelp20;PxHelp20; C:\WINDOWS\System32\Drivers\PxHelp20.sys [2009-04-28 44944]
R0 sptd;sptd; C:\WINDOWS\System32\Drivers\sptd.sys [2010-04-22 691696]
R0 WudfPf;Windows Driver Foundation - User-mode Driver Framework Platform Driver; C:\WINDOWS\system32\DRIVERS\WudfPf.sys [2008-01-18 77696]
R1 AFS2K;AFS2k; C:\WINDOWS\system32\drivers\AFS2K.sys [2010-06-02 82380]
R1 AmdK8;AMD Processor Driver; C:\WINDOWS\system32\DRIVERS\AmdK8.sys [2006-07-01 36864]
R2 {1BA31E5A-C098-42d8-8F88-3C9F78A2FDDC};Power Control [2010/07/11 13:05:02]; \??\D:\PowerDVD10\NavFilter\000.fcl []
R2 adfs;adfs; C:\WINDOWS\system32\drivers\adfs.sys [2008-08-14 74720]
R2 cpuz132;cpuz132; \??\C:\WINDOWS\system32\drivers\cpuz132_x32.sys []
R2 fssfltr;FssFltr; C:\WINDOWS\system32\DRIVERS\fssfltr_tdi.sys [2009-08-05 54752]
R3 ALCXWDM;Service for Realtek AC97 Audio (WDM); C:\WINDOWS\system32\drivers\ALCXWDM.SYS [2007-04-25 4030144]
R3 HidUsb;Microsoft HID Class Driver; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2008-04-14 10368]
R3 mcdbus;Driver for MagicISO SCSI Host Controller; C:\WINDOWS\system32\DRIVERS\mcdbus.sys [2009-02-24 116736]
R3 mouhid;Mouse HID Driver; C:\WINDOWS\system32\DRIVERS\mouhid.sys [2001-08-17 12160]
R3 nv;nv; C:\WINDOWS\system32\DRIVERS\nv4_mini.sys [2010-07-09 10604128]
R3 NVENETFD;NVIDIA nForce Networking Controller Driver; C:\WINDOWS\system32\DRIVERS\NVENETFD.sys [2005-04-06 33536]
R3 nvnetbus;NVIDIA Network Bus Enumerator; C:\WINDOWS\system32\DRIVERS\nvnetbus.sys [2005-04-06 12928]
R3 RTL8023xp;Realtek 10/100/1000 PCI NIC Family NDIS XP Driver; C:\WINDOWS\system32\DRIVERS\Rtnicxp.sys [2009-03-25 130432]
S3 agmmjxdy;agmmjxdy; C:\WINDOWS\system32\drivers\agmmjxdy.sys []
S3 BthEnum;Bluetooth Request Block Driver; C:\WINDOWS\system32\DRIVERS\BthEnum.sys [2008-04-14 17024]
S3 BTHMODEM;Bluetooth Modem Communications Driver; C:\WINDOWS\system32\DRIVERS\bthmodem.sys [2008-04-14 37888]
S3 BthPan;Bluetooth Device (Personal Area Network); C:\WINDOWS\system32\DRIVERS\bthpan.sys [2008-04-14 101120]
S3 BTHPORT;Bluetooth Port Driver; C:\WINDOWS\System32\Drivers\BTHport.sys [2008-06-13 272128]
S3 BTHUSB;Bluetooth Radio USB Driver; C:\WINDOWS\System32\Drivers\BTHUSB.sys [2008-04-14 18944]
S3 btkrnl;Bluetooth Bus Enumerator; C:\WINDOWS\system32\DRIVERS\btkrnl.sys []
S3 catchme;catchme; \??\C:\ComboFix\catchme.sys []
S3 EagleNT;EagleNT; \??\C:\WINDOWS\system32\drivers\EagleNT.sys []
S3 GMSIPCI;GMSIPCI; \??\F:\INSTALL\GMSIPCI.SYS []
S3 HPZid412;IEEE-1284.4 Driver HPZid412; C:\WINDOWS\system32\DRIVERS\HPZid412.sys [2003-03-10 51024]
S3 HPZipr12;Print Class Driver for IEEE-1284.4 HPZipr12; C:\WINDOWS\system32\DRIVERS\HPZipr12.sys [2003-03-10 16080]
S3 HPZius12;USB to IEEE-1284.4 Translation Driver HPZius12; C:\WINDOWS\system32\DRIVERS\HPZius12.sys [2003-03-10 21456]
S3 n558;N558 Bluetooth USB Filter Driver; C:\WINDOWS\System32\Drivers\n558.sys [2007-08-15 9600]
S3 nmwcd;Nokia USB Phone Parent; C:\WINDOWS\system32\drivers\ccdcmb.sys [2009-02-09 17664]
S3 nmwcdc;Nokia USB Generic; C:\WINDOWS\system32\drivers\ccdcmbo.sys [2009-02-09 22016]
S3 NVR0Dev;NVR0Dev; \??\C:\WINDOWS\nvoclock.sys []
S3 pccsmcfd;PCCS Mode Change Filter Driver; C:\WINDOWS\system32\DRIVERS\pccsmcfd.sys [2008-08-26 18816]
S3 RFCOMM;Bluetooth Device (RFCOMM Protocol TDI); C:\WINDOWS\system32\DRIVERS\rfcomm.sys [2008-04-14 59136]
S3 rtl8139;Realtek RTL8139(A/B/C)-based PCI Fast Ethernet Adapter NT Driver; C:\WINDOWS\system32\DRIVERS\RTL8139.SYS [2004-08-03 20992]
S3 SONYPVU1;Sony USB Filter Driver (SONYPVU1); C:\WINDOWS\system32\DRIVERS\SONYPVU1.SYS [2001-08-17 7552]
S3 upperdev;upperdev; C:\WINDOWS\system32\DRIVERS\usbser_lowerflt.sys [2009-02-09 7808]
S3 usbccgp;Microsoft USB Generic Parent Driver; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2008-04-14 32128]
S3 usbprint;Microsoft USB PRINTER Class; C:\WINDOWS\system32\DRIVERS\usbprint.sys [2008-04-14 25856]
S3 usbscan;USB Scanner Driver; C:\WINDOWS\system32\DRIVERS\usbscan.sys [2008-04-14 15104]
S3 usbser;USB Modem Driver; C:\WINDOWS\system32\drivers\usbser.sys [2008-04-14 26112]
S3 UsbserFilt;UsbserFilt; C:\WINDOWS\system32\DRIVERS\usbser_lowerfltj.sys [2009-02-09 7808]
S3 USBSTOR;USB Mass Storage Driver; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-14 26368]
S3 Wdf01000;Kernel Mode Driver Frameworks service; C:\WINDOWS\System32\Drivers\wdf01000.sys [2008-03-27 503008]
S3 WpdUsb;WpdUsb; C:\WINDOWS\system32\DRIVERS\wpdusb.sys [2006-10-19 38528]
S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; C:\WINDOWS\system32\DRIVERS\wudfrd.sys [2008-01-18 83328]
======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
R2 BthServ;Bluetooth Support Service; C:\WINDOWS\system32\svchost.exe [2008-04-14 14336]
R2 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS\system32\svchost.exe [2008-04-14 14336]
S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2008-07-25 34312]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2008-07-25 69632]
S3 FontCache3.0.0.0;Windows Presentation Foundation Font Cache 3.0.0.0; C:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe [2008-07-30 46104]
S3 Pml Driver HPZ12;Pml Driver HPZ12; C:\WINDOWS\system32\HPZipm12.exe [2003-03-10 65795]
S3 SwitchBoard;SwitchBoard; C:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-02-19 517096]
S4 FLEXnet Licensing Service;FLEXnet Licensing Service; C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe [2009-08-11 655624]
S4 fsssvc;Služba Bezpečnosť rodiny v službe Windows Live; C:\Program Files\Windows Live\Family Safety\fsssvc.exe [2009-08-05 704864]
S4 IDriverT;InstallDriver Table Manager; C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe [2005-11-14 69632]
S4 idsvc;Windows CardSpace; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe [2008-07-30 881664]
S4 JavaQuickStarterService;Java Quick Starter; C:\Program Files\Java\jre6\bin\jqs.exe [2009-02-14 152984]
S4 MDM;Machine Debug Manager; C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE [2003-06-20 322120]
S4 NetTcpPortSharing;Net.Tcp Port Sharing Service; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe [2008-07-30 132096]
S4 nTuneService;nTune Service; C:\Program Files\NVIDIA Corporation\nTune\nTuneService.exe [2007-09-04 131072]
S4 nvsvc;NVIDIA Display Driver Service; C:\WINDOWS\system32\nvsvc32.exe [2010-07-09 155752]
S4 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2003-07-29 89136]
S4 ServiceLayer;ServiceLayer; C:\Program Files\PC Connectivity Solution\ServiceLayer.exe [2009-06-02 637952]
S4 Viewpoint Manager Service;Viewpoint Manager Service; C:\Program Files\Viewpoint\Common\ViewpointService.exe [2007-01-04 24652]
S4 WMPNetworkSvc;Windows Media Player Network Sharing Service; C:\Program Files\Windows Media Player\WMPNetwk.exe [2006-10-19 913408]
-----------------EOF-----------------
-
Hoong
- Návštěvník
- Příspěvky: 26
- Registrován: 01 led 2009 13:49
- Bydliště: Prešov Slovakia
- Kontaktovat uživatele:
Re: FB virus asi...Pomoc
Malwarebytes' Anti-Malware 1.44
Verze databáze: 3667
Windows 5.1.2600 Service Pack 3
Internet Explorer 6.0.2900.5512
26.11.2010 1:27:59
mbam-log-2010-11-26 (01-27-52).txt
Typ kontroly: Kompletní kontrola (C:\|D:\|)
Zkontrolované objekty: 151055
Uplynulý čas: 2 hour(s), 15 minute(s), 8 second(s)
Infikované procesy v paměti: 0
Infikované moduly v paměti: 0
Infikované klíče registru: 0
Infikované hodnoty registru: 0
Infikované datové položky registru: 0
Infikované adresáře: 0
Infikované soubory: 53
Infikované procesy v paměti:
(Nebyly nalezeny žádné škodlivé položky)
Infikované moduly v paměti:
(Nebyly nalezeny žádné škodlivé položky)
Infikované klíče registru:
(Nebyly nalezeny žádné škodlivé položky)
Infikované hodnoty registru:
(Nebyly nalezeny žádné škodlivé položky)
Infikované datové položky registru:
(Nebyly nalezeny žádné škodlivé položky)
Infikované adresáře:
(Nebyly nalezeny žádné škodlivé položky)
Infikované soubory:
C:\Qoobox\Quarantine\C\WINDOWS\pss\g70hdyy6k.exeStartup.vir (Malware.Trace) -> No action taken.
C:\Qoobox\Quarantine\C\WINDOWS\pss\0ddzppl.exeStartup.vir (Malware.Trace) -> No action taken.
C:\Qoobox\Quarantine\C\WINDOWS\pss\5n0tup8.exeStartup.vir (Malware.Trace) -> No action taken.
C:\Qoobox\Quarantine\C\WINDOWS\pss\a1wssneezq.exeStartup.vir (Malware.Trace) -> No action taken.
C:\Qoobox\Quarantine\C\WINDOWS\pss\a3mc1ijj.exeStartup.vir (Malware.Trace) -> No action taken.
C:\Qoobox\Quarantine\C\WINDOWS\pss\avbg3ss3.exeStartup.vir (Malware.Trace) -> No action taken.
C:\Qoobox\Quarantine\C\WINDOWS\pss\bhxnijjf.exeStartup.vir (Malware.Trace) -> No action taken.
C:\Qoobox\Quarantine\C\WINDOWS\pss\cxxotup83.exeStartup.vir (Malware.Trace) -> No action taken.
C:\Qoobox\Quarantine\C\WINDOWS\pss\fagg3ss3ee1.exeStartup.vir (Malware.Trace) -> No action taken.
C:\Qoobox\Quarantine\C\WINDOWS\pss\i3uuklq8.exeStartup.vir (Malware.Trace) -> No action taken.
C:\Qoobox\Quarantine\C\WINDOWS\pss\i3uuklq860.exeStartup.vir (Malware.Trace) -> No action taken.
C:\Qoobox\Quarantine\C\WINDOWS\pss\lwhns3ee1q.exeStartup.vir (Malware.Trace) -> No action taken.
C:\Qoobox\Quarantine\C\WINDOWS\pss\riddzpplq3.exeStartup.vir (Malware.Trace) -> No action taken.
C:\Qoobox\Quarantine\C\WINDOWS\pss\rrnddzpplbb.exeStartup.vir (Malware.Trace) -> No action taken.
C:\Qoobox\Quarantine\C\WINDOWS\pss\s86e81qbcxd.exeStartup.vir (Malware.Trace) -> No action taken.
C:\Qoobox\Quarantine\C\WINDOWS\pss\uk0g3ss3ee1.exeStartup.vir (Malware.Trace) -> No action taken.
C:\Qoobox\Quarantine\C\WINDOWS\pss\vmmhyytk.exeStartup.vir (Malware.Trace) -> No action taken.
C:\Qoobox\Quarantine\C\WINDOWS\pss\w0xnijjfk3.exeStartup.vir (Malware.Trace) -> No action taken.
C:\Qoobox\Quarantine\C\WINDOWS\pss\whx9ye0k3w.exeStartup.vir (Malware.Trace) -> No action taken.
C:\Qoobox\Quarantine\C\WINDOWS\pss\y8703g0hxd6.exeStartup.vir (Malware.Trace) -> No action taken.
C:\Qoobox\Quarantine\C\WINDOWS\system32\CF27787.exe.vir (Malware.Trace) -> No action taken.
C:\Qoobox\Quarantine\C\WINDOWS\system32\gezaquou.exe.vir (Malware.Trace) -> No action taken.
C:\Qoobox\Quarantine\C\WINDOWS\system32\kouloomorou.exe.vir (Malware.Trace) -> No action taken.
C:\Qoobox\Quarantine\C\WINDOWS\system32\tebuheg.exe.vir (Malware.Trace) -> No action taken.
C:\Qoobox\Quarantine\C\WINDOWS\system32\drivers\fdvfmnvf.sys.vir (Trojan.Agent) -> No action taken.
C:\Qoobox\Quarantine\C\WINDOWS\system32\drivers\owtnqeks.sys.vir (Malware.Trace) -> No action taken.
C:\Qoobox\Quarantine\C\WINDOWS\system32\drivers\xusruues.sys.vir (Trojan.Agent) -> No action taken.
C:\System Volume Information\_restore{08E58EBA-EA84-45CA-9569-30259170C2D0}\RP444\A0186375.sys (Malware.Trace) -> No action taken.
C:\System Volume Information\_restore{08E58EBA-EA84-45CA-9569-30259170C2D0}\RP444\A0188277.sys (Malware.Trace) -> No action taken.
C:\System Volume Information\_restore{08E58EBA-EA84-45CA-9569-30259170C2D0}\RP444\A0188311.com (Adware.Swizzor) -> No action taken.
C:\System Volume Information\_restore{08E58EBA-EA84-45CA-9569-30259170C2D0}\RP444\A0188653.com (Adware.Swizzor) -> No action taken.
C:\System Volume Information\_restore{08E58EBA-EA84-45CA-9569-30259170C2D0}\RP444\A0188596.sys (Malware.Trace) -> No action taken.
C:\System Volume Information\_restore{08E58EBA-EA84-45CA-9569-30259170C2D0}\RP444\A0188623.sys (Malware.Trace) -> No action taken.
C:\System Volume Information\_restore{08E58EBA-EA84-45CA-9569-30259170C2D0}\RP445\A0188846.sys (Malware.Trace) -> No action taken.
C:\System Volume Information\_restore{08E58EBA-EA84-45CA-9569-30259170C2D0}\RP445\A0188874.com (Adware.Swizzor) -> No action taken.
C:\System Volume Information\_restore{08E58EBA-EA84-45CA-9569-30259170C2D0}\RP446\A0189049.com (Adware.Swizzor) -> No action taken.
C:\System Volume Information\_restore{08E58EBA-EA84-45CA-9569-30259170C2D0}\RP446\A0189021.sys (Malware.Trace) -> No action taken.
C:\System Volume Information\_restore{08E58EBA-EA84-45CA-9569-30259170C2D0}\RP446\A0189137.sys (Malware.Trace) -> No action taken.
C:\System Volume Information\_restore{08E58EBA-EA84-45CA-9569-30259170C2D0}\RP446\A0189165.com (Adware.Swizzor) -> No action taken.
C:\System Volume Information\_restore{08E58EBA-EA84-45CA-9569-30259170C2D0}\RP450\A0195514.sys (Malware.Trace) -> No action taken.
C:\System Volume Information\_restore{08E58EBA-EA84-45CA-9569-30259170C2D0}\RP450\A0195544.com (Adware.Swizzor) -> No action taken.
C:\System Volume Information\_restore{08E58EBA-EA84-45CA-9569-30259170C2D0}\RP450\A0195574.sys (Malware.Trace) -> No action taken.
C:\System Volume Information\_restore{08E58EBA-EA84-45CA-9569-30259170C2D0}\RP450\A0195613.com (Adware.Swizzor) -> No action taken.
C:\System Volume Information\_restore{08E58EBA-EA84-45CA-9569-30259170C2D0}\RP450\A0195662.sys (Trojan.Agent) -> No action taken.
C:\System Volume Information\_restore{08E58EBA-EA84-45CA-9569-30259170C2D0}\RP450\A0195663.sys (Trojan.Agent) -> No action taken.
C:\System Volume Information\_restore{08E58EBA-EA84-45CA-9569-30259170C2D0}\RP450\A0195697.sys (Malware.Trace) -> No action taken.
C:\System Volume Information\_restore{08E58EBA-EA84-45CA-9569-30259170C2D0}\RP450\A0195725.com (Adware.Swizzor) -> No action taken.
C:\System Volume Information\_restore{08E58EBA-EA84-45CA-9569-30259170C2D0}\RP450\A0195827.com (Adware.Swizzor) -> No action taken.
C:\System Volume Information\_restore{08E58EBA-EA84-45CA-9569-30259170C2D0}\RP450\A0195799.sys (Malware.Trace) -> No action taken.
C:\System Volume Information\_restore{08E58EBA-EA84-45CA-9569-30259170C2D0}\RP450\A0197129.sys (Malware.Trace) -> No action taken.
C:\System Volume Information\_restore{08E58EBA-EA84-45CA-9569-30259170C2D0}\RP450\A0197168.com (Adware.Swizzor) -> No action taken.
C:\System Volume Information\_restore{08E58EBA-EA84-45CA-9569-30259170C2D0}\RP450\A0197251.sys (Malware.Trace) -> No action taken.
C:\System Volume Information\_restore{08E58EBA-EA84-45CA-9569-30259170C2D0}\RP450\A0197279.com (Adware.Swizzor) -> No action taken.
Verze databáze: 3667
Windows 5.1.2600 Service Pack 3
Internet Explorer 6.0.2900.5512
26.11.2010 1:27:59
mbam-log-2010-11-26 (01-27-52).txt
Typ kontroly: Kompletní kontrola (C:\|D:\|)
Zkontrolované objekty: 151055
Uplynulý čas: 2 hour(s), 15 minute(s), 8 second(s)
Infikované procesy v paměti: 0
Infikované moduly v paměti: 0
Infikované klíče registru: 0
Infikované hodnoty registru: 0
Infikované datové položky registru: 0
Infikované adresáře: 0
Infikované soubory: 53
Infikované procesy v paměti:
(Nebyly nalezeny žádné škodlivé položky)
Infikované moduly v paměti:
(Nebyly nalezeny žádné škodlivé položky)
Infikované klíče registru:
(Nebyly nalezeny žádné škodlivé položky)
Infikované hodnoty registru:
(Nebyly nalezeny žádné škodlivé položky)
Infikované datové položky registru:
(Nebyly nalezeny žádné škodlivé položky)
Infikované adresáře:
(Nebyly nalezeny žádné škodlivé položky)
Infikované soubory:
C:\Qoobox\Quarantine\C\WINDOWS\pss\g70hdyy6k.exeStartup.vir (Malware.Trace) -> No action taken.
C:\Qoobox\Quarantine\C\WINDOWS\pss\0ddzppl.exeStartup.vir (Malware.Trace) -> No action taken.
C:\Qoobox\Quarantine\C\WINDOWS\pss\5n0tup8.exeStartup.vir (Malware.Trace) -> No action taken.
C:\Qoobox\Quarantine\C\WINDOWS\pss\a1wssneezq.exeStartup.vir (Malware.Trace) -> No action taken.
C:\Qoobox\Quarantine\C\WINDOWS\pss\a3mc1ijj.exeStartup.vir (Malware.Trace) -> No action taken.
C:\Qoobox\Quarantine\C\WINDOWS\pss\avbg3ss3.exeStartup.vir (Malware.Trace) -> No action taken.
C:\Qoobox\Quarantine\C\WINDOWS\pss\bhxnijjf.exeStartup.vir (Malware.Trace) -> No action taken.
C:\Qoobox\Quarantine\C\WINDOWS\pss\cxxotup83.exeStartup.vir (Malware.Trace) -> No action taken.
C:\Qoobox\Quarantine\C\WINDOWS\pss\fagg3ss3ee1.exeStartup.vir (Malware.Trace) -> No action taken.
C:\Qoobox\Quarantine\C\WINDOWS\pss\i3uuklq8.exeStartup.vir (Malware.Trace) -> No action taken.
C:\Qoobox\Quarantine\C\WINDOWS\pss\i3uuklq860.exeStartup.vir (Malware.Trace) -> No action taken.
C:\Qoobox\Quarantine\C\WINDOWS\pss\lwhns3ee1q.exeStartup.vir (Malware.Trace) -> No action taken.
C:\Qoobox\Quarantine\C\WINDOWS\pss\riddzpplq3.exeStartup.vir (Malware.Trace) -> No action taken.
C:\Qoobox\Quarantine\C\WINDOWS\pss\rrnddzpplbb.exeStartup.vir (Malware.Trace) -> No action taken.
C:\Qoobox\Quarantine\C\WINDOWS\pss\s86e81qbcxd.exeStartup.vir (Malware.Trace) -> No action taken.
C:\Qoobox\Quarantine\C\WINDOWS\pss\uk0g3ss3ee1.exeStartup.vir (Malware.Trace) -> No action taken.
C:\Qoobox\Quarantine\C\WINDOWS\pss\vmmhyytk.exeStartup.vir (Malware.Trace) -> No action taken.
C:\Qoobox\Quarantine\C\WINDOWS\pss\w0xnijjfk3.exeStartup.vir (Malware.Trace) -> No action taken.
C:\Qoobox\Quarantine\C\WINDOWS\pss\whx9ye0k3w.exeStartup.vir (Malware.Trace) -> No action taken.
C:\Qoobox\Quarantine\C\WINDOWS\pss\y8703g0hxd6.exeStartup.vir (Malware.Trace) -> No action taken.
C:\Qoobox\Quarantine\C\WINDOWS\system32\CF27787.exe.vir (Malware.Trace) -> No action taken.
C:\Qoobox\Quarantine\C\WINDOWS\system32\gezaquou.exe.vir (Malware.Trace) -> No action taken.
C:\Qoobox\Quarantine\C\WINDOWS\system32\kouloomorou.exe.vir (Malware.Trace) -> No action taken.
C:\Qoobox\Quarantine\C\WINDOWS\system32\tebuheg.exe.vir (Malware.Trace) -> No action taken.
C:\Qoobox\Quarantine\C\WINDOWS\system32\drivers\fdvfmnvf.sys.vir (Trojan.Agent) -> No action taken.
C:\Qoobox\Quarantine\C\WINDOWS\system32\drivers\owtnqeks.sys.vir (Malware.Trace) -> No action taken.
C:\Qoobox\Quarantine\C\WINDOWS\system32\drivers\xusruues.sys.vir (Trojan.Agent) -> No action taken.
C:\System Volume Information\_restore{08E58EBA-EA84-45CA-9569-30259170C2D0}\RP444\A0186375.sys (Malware.Trace) -> No action taken.
C:\System Volume Information\_restore{08E58EBA-EA84-45CA-9569-30259170C2D0}\RP444\A0188277.sys (Malware.Trace) -> No action taken.
C:\System Volume Information\_restore{08E58EBA-EA84-45CA-9569-30259170C2D0}\RP444\A0188311.com (Adware.Swizzor) -> No action taken.
C:\System Volume Information\_restore{08E58EBA-EA84-45CA-9569-30259170C2D0}\RP444\A0188653.com (Adware.Swizzor) -> No action taken.
C:\System Volume Information\_restore{08E58EBA-EA84-45CA-9569-30259170C2D0}\RP444\A0188596.sys (Malware.Trace) -> No action taken.
C:\System Volume Information\_restore{08E58EBA-EA84-45CA-9569-30259170C2D0}\RP444\A0188623.sys (Malware.Trace) -> No action taken.
C:\System Volume Information\_restore{08E58EBA-EA84-45CA-9569-30259170C2D0}\RP445\A0188846.sys (Malware.Trace) -> No action taken.
C:\System Volume Information\_restore{08E58EBA-EA84-45CA-9569-30259170C2D0}\RP445\A0188874.com (Adware.Swizzor) -> No action taken.
C:\System Volume Information\_restore{08E58EBA-EA84-45CA-9569-30259170C2D0}\RP446\A0189049.com (Adware.Swizzor) -> No action taken.
C:\System Volume Information\_restore{08E58EBA-EA84-45CA-9569-30259170C2D0}\RP446\A0189021.sys (Malware.Trace) -> No action taken.
C:\System Volume Information\_restore{08E58EBA-EA84-45CA-9569-30259170C2D0}\RP446\A0189137.sys (Malware.Trace) -> No action taken.
C:\System Volume Information\_restore{08E58EBA-EA84-45CA-9569-30259170C2D0}\RP446\A0189165.com (Adware.Swizzor) -> No action taken.
C:\System Volume Information\_restore{08E58EBA-EA84-45CA-9569-30259170C2D0}\RP450\A0195514.sys (Malware.Trace) -> No action taken.
C:\System Volume Information\_restore{08E58EBA-EA84-45CA-9569-30259170C2D0}\RP450\A0195544.com (Adware.Swizzor) -> No action taken.
C:\System Volume Information\_restore{08E58EBA-EA84-45CA-9569-30259170C2D0}\RP450\A0195574.sys (Malware.Trace) -> No action taken.
C:\System Volume Information\_restore{08E58EBA-EA84-45CA-9569-30259170C2D0}\RP450\A0195613.com (Adware.Swizzor) -> No action taken.
C:\System Volume Information\_restore{08E58EBA-EA84-45CA-9569-30259170C2D0}\RP450\A0195662.sys (Trojan.Agent) -> No action taken.
C:\System Volume Information\_restore{08E58EBA-EA84-45CA-9569-30259170C2D0}\RP450\A0195663.sys (Trojan.Agent) -> No action taken.
C:\System Volume Information\_restore{08E58EBA-EA84-45CA-9569-30259170C2D0}\RP450\A0195697.sys (Malware.Trace) -> No action taken.
C:\System Volume Information\_restore{08E58EBA-EA84-45CA-9569-30259170C2D0}\RP450\A0195725.com (Adware.Swizzor) -> No action taken.
C:\System Volume Information\_restore{08E58EBA-EA84-45CA-9569-30259170C2D0}\RP450\A0195827.com (Adware.Swizzor) -> No action taken.
C:\System Volume Information\_restore{08E58EBA-EA84-45CA-9569-30259170C2D0}\RP450\A0195799.sys (Malware.Trace) -> No action taken.
C:\System Volume Information\_restore{08E58EBA-EA84-45CA-9569-30259170C2D0}\RP450\A0197129.sys (Malware.Trace) -> No action taken.
C:\System Volume Information\_restore{08E58EBA-EA84-45CA-9569-30259170C2D0}\RP450\A0197168.com (Adware.Swizzor) -> No action taken.
C:\System Volume Information\_restore{08E58EBA-EA84-45CA-9569-30259170C2D0}\RP450\A0197251.sys (Malware.Trace) -> No action taken.
C:\System Volume Information\_restore{08E58EBA-EA84-45CA-9569-30259170C2D0}\RP450\A0197279.com (Adware.Swizzor) -> No action taken.
Re: FB virus asi...Pomoc
Vše co našel MBAM pomocí něj smažte
Poté klikněte na T-Cleaner v mém podpisu, stáhněte ho a spusťte.
Spybot - Search & Destroy můžete také odinstalovat. Tento program je už dávno za zenitem
Jinak by mělo být čisto. Ještě doinstalujte antivir
Poté klikněte na T-Cleaner v mém podpisu, stáhněte ho a spusťte.
Spybot - Search & Destroy můžete také odinstalovat. Tento program je už dávno za zenitem
Jinak by mělo být čisto. Ještě doinstalujte antivir
-
Hoong
- Návštěvník
- Příspěvky: 26
- Registrován: 01 led 2009 13:49
- Bydliště: Prešov Slovakia
- Kontaktovat uživatele:
Re: FB virus asi...Pomoc
hotovo dakujem aj tak mi pc ide nejako divne ...o tyzden pojde na Upgrade a reinstall win takze este raz vdaka
aj tak mi pc ide nejako divne ...o tyzden pojde na Upgrade a reinstall win takze este raz vdaka -
Hoong
- Návštěvník
- Příspěvky: 26
- Registrován: 01 led 2009 13:49
- Bydliště: Prešov Slovakia
- Kontaktovat uživatele:
Re: FB virus asi...Pomoc
sekanie v hrach take malicke...niekedy sekanie aj vo windowse a na videach youtube napr....
-
Hoong
- Návštěvník
- Příspěvky: 26
- Registrován: 01 led 2009 13:49
- Bydliště: Prešov Slovakia
- Kontaktovat uživatele:
Re: FB virus asi...Pomoc
nic som este neskusal
Přispějete na provoz fóra?