VIRY.CZ

zdravim vsetko bolo ok...ale moja sestra zas klikla na ten link vtedy som to bol ja ::/ zabudol som jej o tom povedat na FB chate a mam tiez problemy znova pridavam log z RSIT

Logfile of random's system information tool 1.08 (written by random/random)
Run by Hong at 2010-11-22 18:44:30
Microsoft Windows XP Professional Service Pack 3
System drive C: has 45 GB (46%) free of 98 GB
Total RAM: 2559 MB (78% free)

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 18:44:36, on 22.11.2010
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
C:\WINDOWS\system32\loosoujouzous.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpohmr08.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpoevm08.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\Bin\hpoSTS08.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Opera\opera.exe
C:\Documents and Settings\Hong\Desktop\RSIT.exe
C:\Program Files\trend micro\Hong.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://fullarticles.net
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.games-fusion.net
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [NVMixerTray] "C:\Program Files\NVIDIA Corporation\NvMixer\NVMixerTray.exe"
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [nwiz] C:\Program Files\NVIDIA Corporation\nView\nwiz.exe /installquiet
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [mupoga] C:\WINDOWS\system32\loosoujouzous.exe
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: 0o65u1l.exe
O4 - Startup: 0ttzpgw.exe
O4 - Startup: 0x0nt20.exe
O4 - Startup: 5nyj26a.exe
O4 - Startup: 69o1pvg.exe
O4 - Startup: bwsidte0k6.exe
O4 - Startup: c8tzpgwr.exe
O4 - Startup: cc8tzpgwr26.exe
O4 - Startup: ffwrrns7.exe
O4 - Startup: hsydup6a0h.exe
O4 - Startup: ie0aa5b0.exe
O4 - Startup: iy0uk0vgw0.exe
O4 - Startup: lh5syz2k1.exe
O4 - Startup: qb271z2k1g.exe
O4 - Startup: r60ttzpgw.exe
O4 - Startup: rc3oo3avbm0.exe
O4 - Startup: rw3ii3uu.exe
O4 - Startup: rxc3oo3avbm.exe
O4 - Startup: xidzzvlr.exe
O4 - Startup: xy0o3avb.exe
O4 - Global Startup: hp psc 1000 series.lnk = ?
O9 - Extra button: ICQ7.1 - {71BFC818-0CED-42D6-9C87-5142918957EE} - C:\Program Files\ICQ7.1\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ7.1 - {71BFC818-0CED-42D6-9C87-5142918957EE} - C:\Program Files\ICQ7.1\ICQ.exe
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O15 - Trusted Zone: http://asia.msi.com.tw
O15 - Trusted Zone: http://global.msi.com.tw
O15 - Trusted Zone: http://www.msi.com.tw
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} - http://go.microsoft.com/fwlink/?linkid=39204
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: SwitchBoard - Adobe Systems Incorporated - C:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
O23 - Service: PowerUtility TV Recording Reservation (u1thmtecye6) - Unknown owner - C:\WINDOWS\system32\pyhu.exe

--
End of file - 4812 bytes

======Scheduled tasks folder======

C:\WINDOWS\tasks\AdobeAAMUpdater-1.0-FAJKOS-Hong.job
C:\WINDOWS\tasks\FRU Task #Hewlett-Packard#hp psc 1200 series#1275498585.job
C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-789336058-839522115-1617979688-1003Core.job
C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-789336058-839522115-1617979688-1003UA.job

======Registry dump======

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"BluetoothAuthenticationAgent"=bthprops.cpl,,BluetoothAuthenticationAgent []
"NVMixerTray"=C:\Program Files\NVIDIA Corporation\NvMixer\NVMixerTray.exe [2004-06-03 131072]
"SoundMan"=C:\WINDOWS\SOUNDMAN.EXE [2007-04-16 577536]
"nwiz"=C:\Program Files\NVIDIA Corporation\nView\nwiz.exe [2010-07-07 1753192]
"NvMediaCenter"=C:\WINDOWS\system32\NvMcTray.dll [2010-07-09 110696]
"NvCplDaemon"=C:\WINDOWS\system32\NvCpl.dll [2010-07-09 13923432]
"Adobe Reader Speed Launcher"=C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe [2010-09-23 35760]
"Adobe ARM"=C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2010-09-20 932288]
"mupoga"=C:\WINDOWS\system32\loosoujouzous.exe [2010-11-22 201216]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2010-09-20 932288]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe [2010-09-23 35760]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AdobeAAMUpdater-1.0]
C:\Program Files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [2010-03-06 500208]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AdobeCS4ServiceManager]
C:\Program Files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe [2008-08-14 611712]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AdobeCS5ServiceManager]
C:\Program Files\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe [2010-07-22 402432]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BDRegion]
C:\Program Files\Cyberlink\Shared files\brs.exe [2010-06-28 75048]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools Lite]
C:\Program Files\DAEMON Tools Lite\DTLite.exe [2010-04-01 357696]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DivXUpdate]
C:\Program Files\DivX\DivX Update\DivXUpdate.exe [2010-04-12 1135912]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Update]
C:\Documents and Settings\Hong\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2009-09-24 133104]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ICQ]
C:\Program Files\ICQ7.1\ICQ.exe [2010-10-27 133432]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\msnmsgr]
C:\Program Files\Windows Live\Messenger\msnmsgr.exe [2009-07-26 3883856]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
C:\WINDOWS\system32\NeroCheck.exe [2001-07-09 155648]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NVIDIA nTune]
C:\Program Files\NVIDIA Corporation\nTune\nTuneCmd.exe [2007-09-04 81920]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvMediaCenter]
C:\WINDOWS\system32\NvMcTray.dll [2010-07-09 110696]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
C:\Program Files\QuickTime\QTTask.exe [2009-05-26 413696]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RemoteControl10]
D:\PowerDVD10\PDVD10Serv.exe [2010-02-02 87336]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
C:\Program Files\Java\jre6\bin\jusched.exe [2009-02-14 148888]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SwitchBoard]
C:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-02-19 517096]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinampAgent]
C:\Program Files\Winamp\winampa.exe [2010-07-12 74752]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^hpoddt01.exe.lnk]
C:\PROGRA~1\HEWLET~1\DIGITA~1\bin\hpotdd01.exe [2003-04-06 28672]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^Hong^Start Menu^Programs^Startup^0ddzppl.exe]
C:\Documents and Settings\Hong\Start Menu\Programs\Startup\0ddzppl.exe []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^Hong^Start Menu^Programs^Startup^5n0tup8.exe]
C:\Documents and Settings\Hong\Start Menu\Programs\Startup\5n0tup8.exe []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^Hong^Start Menu^Programs^Startup^a1wssneezq.exe]
C:\Documents and Settings\Hong\Start Menu\Programs\Startup\a1wssneezq.exe []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^Hong^Start Menu^Programs^Startup^a3mc1ijj.exe]
C:\Documents and Settings\Hong\Start Menu\Programs\Startup\a3mc1ijj.exe []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^Hong^Start Menu^Programs^Startup^Adobe Gamma.lnk]
C:\PROGRA~1\COMMON~1\Adobe\CALIBR~1\ADOBEG~1.EXE []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^Hong^Start Menu^Programs^Startup^avbg3ss3.exe]
C:\Documents and Settings\Hong\Start Menu\Programs\Startup\avbg3ss3.exe []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^Hong^Start Menu^Programs^Startup^bhxnijjf.exe]
C:\Documents and Settings\Hong\Start Menu\Programs\Startup\bhxnijjf.exe []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^Hong^Start Menu^Programs^Startup^cxxotup83.exe]
C:\Documents and Settings\Hong\Start Menu\Programs\Startup\cxxotup83.exe []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^Hong^Start Menu^Programs^Startup^fagg3ss3ee1.exe]
C:\Documents and Settings\Hong\Start Menu\Programs\Startup\fagg3ss3ee1.exe []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^Hong^Start Menu^Programs^Startup^g70hdyy6k.exe]
C:\Documents and Settings\Hong\Start Menu\Programs\Startup\g70hdyy6k.exe []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^Hong^Start Menu^Programs^Startup^i3uuklq8.exe]
C:\Documents and Settings\Hong\Start Menu\Programs\Startup\i3uuklq8.exe []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^Hong^Start Menu^Programs^Startup^i3uuklq860.exe]
C:\Documents and Settings\Hong\Start Menu\Programs\Startup\i3uuklq860.exe []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^Hong^Start Menu^Programs^Startup^lwhns3ee1q.exe]
C:\Documents and Settings\Hong\Start Menu\Programs\Startup\lwhns3ee1q.exe []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^Hong^Start Menu^Programs^Startup^MagicDisc.lnk]
C:\PROGRA~1\MAGICD~1\MAGICD~1.EXE [2009-02-23 576000]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^Hong^Start Menu^Programs^Startup^OpenOffice.org 3.0.lnk]
C:\PROGRA~1\OPENOF~1.ORG\program\QUICKS~1.EXE [2009-01-15 393216]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^Hong^Start Menu^Programs^Startup^riddzpplq3.exe]
C:\Documents and Settings\Hong\Start Menu\Programs\Startup\riddzpplq3.exe []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^Hong^Start Menu^Programs^Startup^rrnddzpplbb.exe]
C:\Documents and Settings\Hong\Start Menu\Programs\Startup\rrnddzpplbb.exe []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^Hong^Start Menu^Programs^Startup^s86e81qbcxd.exe]
C:\Documents and Settings\Hong\Start Menu\Programs\Startup\s86e81qbcxd.exe []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^Hong^Start Menu^Programs^Startup^uk0g3ss3ee1.exe]
C:\Documents and Settings\Hong\Start Menu\Programs\Startup\uk0g3ss3ee1.exe []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^Hong^Start Menu^Programs^Startup^vmmhyytk.exe]
C:\Documents and Settings\Hong\Start Menu\Programs\Startup\vmmhyytk.exe []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^Hong^Start Menu^Programs^Startup^w0xnijjfk3.exe]
C:\Documents and Settings\Hong\Start Menu\Programs\Startup\w0xnijjfk3.exe []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^Hong^Start Menu^Programs^Startup^whx9ye0k3w.exe]
C:\Documents and Settings\Hong\Start Menu\Programs\Startup\whx9ye0k3w.exe []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^Hong^Start Menu^Programs^Startup^WinFlip.lnk]
C:\PROGRA~1\WinFlip\WinFlip.exe [2007-10-25 462848]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^Hong^Start Menu^Programs^Startup^y8703g0hxd6.exe]
C:\Documents and Settings\Hong\Start Menu\Programs\Startup\y8703g0hxd6.exe []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"ose"=3
"idsvc"=3
"ICQ Service"=2
"WZCSVC"=2
"wuauserv"=2
"wscsvc"=2
"JavaQuickStarterService"=2
"NetTcpPortSharing"=2
"WMPNetworkSvc"=3
"gusvc"=2
"gupdate1c9aca3419ed106"=2
"Viewpoint Manager Service"=2
"MDM"=2
"Adobe LM Service"=3
"ServiceLayer"=3
"IDriverT"=3
"fsssvc"=3
"FLEXnet Licensing Service"=3
"nvsvc"=2
"nTuneService"=2
"CachemanXPService"=3

C:\Documents and Settings\All Users\Start Menu\Programs\Startup
hp psc 1000 series.lnk - C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpohmr08.exe

C:\Documents and Settings\Hong\Start Menu\Programs\Startup
0o65u1l.exe
0ttzpgw.exe
0x0nt20.exe
5nyj26a.exe
69o1pvg.exe
bwsidte0k6.exe
c8tzpgwr.exe
cc8tzpgwr26.exe
ffwrrns7.exe
hsydup6a0h.exe
ie0aa5b0.exe
iy0uk0vgw0.exe
lh5syz2k1.exe
qb271z2k1g.exe
r60ttzpgw.exe
rc3oo3avbm0.exe
rw3ii3uu.exe
rxc3oo3avbm.exe
xidzzvlr.exe
xy0o3avb.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WgaLogon]
WgaLogon.dll []

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll [2006-10-19 133632]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\MSIServer]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\Wdf01000.sys]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=323
"NoDriveAutoRun"=67108863
"NoSMBalloonTip"=0
"NoDesktopCleanupWizard"=1
"NoDrives"=0

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"HonorAutoRunSetting"=1
"NoDriveAutoRun"=67108863
"NoDriveTypeAutoRun"=323
"NoDrives"=0
"NoResolveSearch"=1

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\Opera\opera.exe"="C:\Program Files\Opera\opera.exe:*:Enabled:Opera Internet Browser"
"C:\Program Files\uTorrent\uTorrent.exe"="C:\Program Files\uTorrent\uTorrent.exe:*:Enabled:µTorrent"
"C:\Program Files\ICQ7.1\ICQ.exe"="C:\Program Files\ICQ7.1\ICQ.exe:*:Enabled:ICQ7.1"
"C:\Program Files\ICQ7.1\aolload.exe"="C:\Program Files\ICQ7.1\aolload.exe:*:Enabled:aolload.exe"
"C:\Program Files\Pando Networks\Media Booster\PMB.exe"="C:\Program Files\Pando Networks\Media Booster\PMB.exe:*:Enabled:Pando Media Booster"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\ICQ7.1\ICQ.exe"="C:\Program Files\ICQ7.1\ICQ.exe:*:Enabled:ICQ7.1"
"C:\Program Files\ICQ7.1\aolload.exe"="C:\Program Files\ICQ7.1\aolload.exe:*:Enabled:aolload.exe"
"C:\Program Files\Pando Networks\Media Booster\PMB.exe"="C:\Program Files\Pando Networks\Media Booster\PMB.exe:*:Enabled:Pando Media Booster"

======List of files/folders created in the last 1 months======

2010-11-22 18:42:01 ----D---- C:\WINDOWS\temp
2010-11-22 18:41:59 ----A---- C:\ComboFix.txt
2010-11-22 15:56:40 ----A---- C:\WINDOWS\system32\pyhu.exe
2010-11-22 15:56:24 ----RA---- C:\Documents and Settings\Hong\Application Data\BG0Ai.txt
2010-11-22 15:56:23 ----A---- C:\WINDOWS\system32\loosoujouzous.exe
2010-11-21 18:50:36 ----D---- C:\Documents and Settings\Hong\Application Data\Mumble
2010-11-21 18:50:03 ----D---- C:\Program Files\Mumble
2010-11-20 22:17:16 ----D---- C:\Program Files\The KMPlayer
2010-11-16 19:48:08 ----A---- C:\WINDOWS\IE4 Error Log.txt
2010-11-15 22:58:12 ----D---- C:\Documents and Settings\Hong\Application Data\TS3Client
2010-11-15 22:57:55 ----D---- C:\Program Files\TeamSpeak 3 Client
2010-11-14 21:42:33 ----D---- C:\Config.Msi
2010-11-14 19:02:10 ----RASHD---- C:\cmdcons
2010-11-14 18:44:16 ----D---- C:\rsit
2010-11-14 18:23:48 ----A---- C:\WINDOWS\zip.exe
2010-11-14 18:23:48 ----A---- C:\WINDOWS\SWXCACLS.exe
2010-11-14 18:23:48 ----A---- C:\WINDOWS\SWSC.exe
2010-11-14 18:23:48 ----A---- C:\WINDOWS\SWREG.exe
2010-11-14 18:23:48 ----A---- C:\WINDOWS\sed.exe
2010-11-14 18:23:48 ----A---- C:\WINDOWS\PEV.exe
2010-11-14 18:23:48 ----A---- C:\WINDOWS\NIRCMD.exe
2010-11-14 18:23:48 ----A---- C:\WINDOWS\MBR.exe
2010-11-14 18:23:48 ----A---- C:\WINDOWS\grep.exe
2010-11-14 18:22:58 ----D---- C:\Documents and Settings\All Users\Application Data\Lavasoft
2010-11-14 18:19:23 ----D---- C:\WINDOWS\ERDNT
2010-11-14 18:16:50 ----AD---- C:\Qoobox
2010-11-14 17:49:13 ----A---- C:\WINDOWS\ntbtlog.txt
2010-11-14 17:44:15 ----A---- C:\WINDOWS\SchedLgU.Txt
2010-11-14 13:10:32 ----A---- C:\WINDOWS\wininit.ini
2010-11-13 19:36:38 ----D---- C:\Program Files\Spybot - Search & Destroy
2010-11-13 19:36:38 ----D---- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2010-10-28 22:42:20 ----D---- C:\Documents and Settings\All Users\Application Data\Trymedia

======List of files/folders modified in the last 1 months======

2010-11-22 18:44:32 ----D---- C:\Program Files\Trend Micro
2010-11-22 18:42:01 ----D---- C:\WINDOWS\system32\drivers
2010-11-22 18:42:01 ----D---- C:\WINDOWS
2010-11-22 18:40:05 ----D---- C:\WINDOWS\system32\CatRoot2
2010-11-22 18:37:39 ----A---- C:\WINDOWS\system.ini
2010-11-22 18:37:19 ----D---- C:\WINDOWS\system32\drivers\etc
2010-11-22 18:34:20 ----D---- C:\WINDOWS\system32
2010-11-22 18:34:20 ----D---- C:\WINDOWS\AppPatch
2010-11-22 18:34:19 ----D---- C:\Program Files\Common Files
2010-11-22 18:20:45 ----D---- C:\WINDOWS\system32\config
2010-11-22 18:01:07 ----D---- C:\WINDOWS\Prefetch
2010-11-22 15:20:21 ----D---- C:\Documents and Settings\Hong\Application Data\ICQ
2010-11-21 20:44:09 ----A---- C:\WINDOWS\win.ini
2010-11-21 18:50:03 ----RD---- C:\Program Files
2010-11-20 22:15:36 ----D---- C:\Documents and Settings\Hong\Application Data\vlc
2010-11-18 21:21:35 ----SD---- C:\WINDOWS\Tasks
2010-11-18 11:25:37 ----A---- C:\WINDOWS\system32\PerfStringBackup.INI
2010-11-14 21:47:45 ----D---- C:\WINDOWS\pss
2010-11-14 21:42:39 ----SHD---- C:\WINDOWS\Installer
2010-11-14 21:42:28 ----DC---- C:\WINDOWS\system32\DRVSTORE
2010-11-14 19:02:16 ----RASH---- C:\boot.ini
2010-11-14 18:29:14 ----HD---- C:\WINDOWS\inf
2010-11-14 18:22:53 ----D---- C:\WINDOWS\WinSxS
2010-11-14 17:49:20 ----SHD---- C:\WINDOWS\CSC
2010-11-14 17:41:58 ----D---- C:\WINDOWS\system32\LogFiles
2010-11-14 17:30:46 ----D---- C:\WINDOWS\system32\appmgmt
2010-11-14 17:13:58 ----A---- C:\Boot.bak
2010-11-12 11:24:44 ----A---- C:\WINDOWS\NeroDigital.ini
2010-11-10 16:47:27 ----D---- C:\Documents and Settings\All Users\Application Data\Adobe
2010-11-10 16:47:07 ----D---- C:\Program Files\Adobe
2010-11-10 16:46:56 ----D---- C:\Program Files\Common Files\Adobe
2010-11-03 16:24:36 ----D---- C:\Documents and Settings\Hong\Application Data\uTorrent
2010-11-03 14:34:41 ----D---- C:\Documents and Settings\All Users\Application Data\Blizzard Entertainment
2010-11-02 18:52:46 ----D---- C:\Program Files\Common Files\Blizzard Entertainment
2010-10-31 23:24:24 ----D---- C:\Program Files\ICQ7.1
2010-10-28 22:30:23 ----RSD---- C:\WINDOWS\assembly
2010-10-28 22:30:04 ----D---- C:\WINDOWS\system32\DirectX
2010-10-26 15:59:15 ----D---- C:\Documents and Settings\Hong\Application Data\SystemRequirementsLab

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R0 nv_agp;NVIDIA nForce AGP Bus Filter; C:\WINDOWS\system32\DRIVERS\nv_agp.sys [2004-04-02 21760]
R0 nvatabus;nvatabus; C:\WINDOWS\system32\DRIVERS\nvatabus.sys [2004-06-03 79360]
R0 PxHelp20;PxHelp20; C:\WINDOWS\System32\Drivers\PxHelp20.sys [2009-04-28 44944]
R0 sptd;sptd; C:\WINDOWS\System32\Drivers\sptd.sys [2010-04-22 691696]
R0 WudfPf;Windows Driver Foundation - User-mode Driver Framework Platform Driver; C:\WINDOWS\system32\DRIVERS\WudfPf.sys [2008-01-18 77696]
R1 AFS2K;AFS2k; C:\WINDOWS\system32\drivers\AFS2K.sys [2010-06-02 82380]
R1 AmdK8;AMD Processor Driver; C:\WINDOWS\system32\DRIVERS\AmdK8.sys [2006-07-01 36864]
R2 {1BA31E5A-C098-42d8-8F88-3C9F78A2FDDC};Power Control [2010/07/11 13:05:02]; \??\D:\PowerDVD10\NavFilter\000.fcl []
R2 adfs;adfs; C:\WINDOWS\system32\drivers\adfs.sys [2008-08-14 74720]
R2 cpuz132;cpuz132; \??\C:\WINDOWS\system32\drivers\cpuz132_x32.sys []
R2 fssfltr;FssFltr; C:\WINDOWS\system32\DRIVERS\fssfltr_tdi.sys [2009-08-05 54752]
R3 ALCXWDM;Service for Realtek AC97 Audio (WDM); C:\WINDOWS\system32\drivers\ALCXWDM.SYS [2007-04-25 4030144]
R3 catchme;catchme; \??\C:\ComboFix\catchme.sys []
R3 mcdbus;Driver for MagicISO SCSI Host Controller; C:\WINDOWS\system32\DRIVERS\mcdbus.sys [2009-02-24 116736]
R3 nv;nv; C:\WINDOWS\system32\DRIVERS\nv4_mini.sys [2010-07-09 10604128]
R3 NVENETFD;NVIDIA nForce Networking Controller Driver; C:\WINDOWS\system32\DRIVERS\NVENETFD.sys [2005-04-06 33536]
R3 nvnetbus;NVIDIA Network Bus Enumerator; C:\WINDOWS\system32\DRIVERS\nvnetbus.sys [2005-04-06 12928]
R3 RTL8023xp;Realtek 10/100/1000 PCI NIC Family NDIS XP Driver; C:\WINDOWS\system32\DRIVERS\Rtnicxp.sys [2009-03-25 130432]
S3 afxzvxs2;afxzvxs2; C:\WINDOWS\system32\drivers\afxzvxs2.sys []
S3 BthEnum;Bluetooth Request Block Driver; C:\WINDOWS\system32\DRIVERS\BthEnum.sys [2008-04-14 17024]
S3 BTHMODEM;Bluetooth Modem Communications Driver; C:\WINDOWS\system32\DRIVERS\bthmodem.sys [2008-04-14 37888]
S3 BthPan;Bluetooth Device (Personal Area Network); C:\WINDOWS\system32\DRIVERS\bthpan.sys [2008-04-14 101120]
S3 BTHPORT;Bluetooth Port Driver; C:\WINDOWS\System32\Drivers\BTHport.sys [2008-06-13 272128]
S3 BTHUSB;Bluetooth Radio USB Driver; C:\WINDOWS\System32\Drivers\BTHUSB.sys [2008-04-14 18944]
S3 btkrnl;Bluetooth Bus Enumerator; C:\WINDOWS\system32\DRIVERS\btkrnl.sys []
S3 EagleNT;EagleNT; \??\C:\WINDOWS\system32\drivers\EagleNT.sys []
S3 GMSIPCI;GMSIPCI; \??\F:\INSTALL\GMSIPCI.SYS []
S3 HPZid412;IEEE-1284.4 Driver HPZid412; C:\WINDOWS\system32\DRIVERS\HPZid412.sys [2003-03-10 51024]
S3 HPZipr12;Print Class Driver for IEEE-1284.4 HPZipr12; C:\WINDOWS\system32\DRIVERS\HPZipr12.sys [2003-03-10 16080]
S3 HPZius12;USB to IEEE-1284.4 Translation Driver HPZius12; C:\WINDOWS\system32\DRIVERS\HPZius12.sys [2003-03-10 21456]
S3 mbr;mbr; \??\C:\DOCUME~1\Hong\LOCALS~1\Temp\mbr.sys []
S3 n558;N558 Bluetooth USB Filter Driver; C:\WINDOWS\System32\Drivers\n558.sys [2007-08-15 9600]
S3 nmwcd;Nokia USB Phone Parent; C:\WINDOWS\system32\drivers\ccdcmb.sys [2009-02-09 17664]
S3 nmwcdc;Nokia USB Generic; C:\WINDOWS\system32\drivers\ccdcmbo.sys [2009-02-09 22016]
S3 NVR0Dev;NVR0Dev; \??\C:\WINDOWS\nvoclock.sys []
S3 pccsmcfd;PCCS Mode Change Filter Driver; C:\WINDOWS\system32\DRIVERS\pccsmcfd.sys [2008-08-26 18816]
S3 RFCOMM;Bluetooth Device (RFCOMM Protocol TDI); C:\WINDOWS\system32\DRIVERS\rfcomm.sys [2008-04-14 59136]
S3 rtl8139;Realtek RTL8139(A/B/C)-based PCI Fast Ethernet Adapter NT Driver; C:\WINDOWS\system32\DRIVERS\RTL8139.SYS [2004-08-03 20992]
S3 SONYPVU1;Sony USB Filter Driver (SONYPVU1); C:\WINDOWS\system32\DRIVERS\SONYPVU1.SYS [2001-08-17 7552]
S3 upperdev;upperdev; C:\WINDOWS\system32\DRIVERS\usbser_lowerflt.sys [2009-02-09 7808]
S3 usbccgp;Microsoft USB Generic Parent Driver; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2008-04-14 32128]
S3 usbprint;Microsoft USB PRINTER Class; C:\WINDOWS\system32\DRIVERS\usbprint.sys [2008-04-14 25856]
S3 usbscan;USB Scanner Driver; C:\WINDOWS\system32\DRIVERS\usbscan.sys [2008-04-14 15104]
S3 usbser;USB Modem Driver; C:\WINDOWS\system32\drivers\usbser.sys [2008-04-14 26112]
S3 UsbserFilt;UsbserFilt; C:\WINDOWS\system32\DRIVERS\usbser_lowerfltj.sys [2009-02-09 7808]
S3 USBSTOR;USB Mass Storage Driver; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-14 26368]
S3 Wdf01000;Kernel Mode Driver Frameworks service; C:\WINDOWS\System32\Drivers\wdf01000.sys [2008-03-27 503008]
S3 WpdUsb;WpdUsb; C:\WINDOWS\system32\DRIVERS\wpdusb.sys [2006-10-19 38528]
S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; C:\WINDOWS\system32\DRIVERS\wudfrd.sys [2008-01-18 83328]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 BthServ;Bluetooth Support Service; C:\WINDOWS\system32\svchost.exe [2008-04-14 14336]
R2 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS\system32\svchost.exe [2008-04-14 14336]
S2 u1thmtecye6;PowerUtility TV Recording Reservation; C:\WINDOWS\system32\pyhu.exe [2010-11-22 201216]
S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2008-07-25 34312]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2008-07-25 69632]
S3 FontCache3.0.0.0;Windows Presentation Foundation Font Cache 3.0.0.0; C:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe [2008-07-30 46104]
S3 Pml Driver HPZ12;Pml Driver HPZ12; C:\WINDOWS\system32\HPZipm12.exe [2003-03-10 65795]
S3 SwitchBoard;SwitchBoard; C:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-02-19 517096]
S4 FLEXnet Licensing Service;FLEXnet Licensing Service; C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe [2009-08-11 655624]
S4 fsssvc;Služba Bezpečnosť rodiny v službe Windows Live; C:\Program Files\Windows Live\Family Safety\fsssvc.exe [2009-08-05 704864]
S4 IDriverT;InstallDriver Table Manager; C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe [2005-11-14 69632]
S4 idsvc;Windows CardSpace; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe [2008-07-30 881664]
S4 JavaQuickStarterService;Java Quick Starter; C:\Program Files\Java\jre6\bin\jqs.exe [2009-02-14 152984]
S4 MDM;Machine Debug Manager; C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE [2003-06-20 322120]
S4 NetTcpPortSharing;Net.Tcp Port Sharing Service; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe [2008-07-30 132096]
S4 nTuneService;nTune Service; C:\Program Files\NVIDIA Corporation\nTune\nTuneService.exe [2007-09-04 131072]
S4 nvsvc;NVIDIA Display Driver Service; C:\WINDOWS\system32\nvsvc32.exe [2010-07-09 155752]
S4 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2003-07-29 89136]
S4 ServiceLayer;ServiceLayer; C:\Program Files\PC Connectivity Solution\ServiceLayer.exe [2009-06-02 637952]
S4 Viewpoint Manager Service;Viewpoint Manager Service; C:\Program Files\Viewpoint\Common\ViewpointService.exe [2007-01-04 24652]
S4 WMPNetworkSvc;Windows Media Player Network Sharing Service; C:\Program Files\Windows Media Player\WMPNetwk.exe [2006-10-19 913408]

-----------------EOF-----------------

Znova poprosím o log z combofixu

ComboFix 10-11-22.05 - Hong 23.11.2010 15:51:36.13.1 - x86
Microsoft Windows XP Professional 5.1.2600.3.1250.421.1033.18.2559.2095 [GMT 1:00]
Running from: c:\documents and settings\Hong\Desktop\ComboFix.exe
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\Hong\Application Data\BG0Ai.txt
c:\windows\system32\loosoujouzous.exe
c:\windows\system32\pyhu.exe
c:\windows\system32\vinysooqu.exe

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_u1thmtecye6
-------\Legacy_uoza4yyk0e9m6
-------\Service_u1thmtecye6
-------\Service_uoza4yyk0e9m6


((((((((((((((((((((((((( Files Created from 2010-10-23 to 2010-11-23 )))))))))))))))))))))))))))))))
.

2010-11-21 17:50 . 2010-11-21 18:11 -------- d-----w- c:\documents and settings\Hong\Application Data\Mumble
2010-11-21 17:50 . 2010-11-21 17:50 -------- d-----w- c:\program files\Mumble
2010-11-20 21:17 . 2010-11-20 21:18 -------- d-----w- c:\program files\The KMPlayer
2010-11-15 21:58 . 2010-11-15 21:58 -------- d-----w- c:\documents and settings\Hong\Application Data\TS3Client
2010-11-15 21:57 . 2010-11-15 21:57 -------- d-----w- c:\program files\TeamSpeak 3 Client
2010-11-14 17:44 . 2010-11-14 17:44 -------- d-----w- C:\rsit
2010-11-14 17:23 . 2010-11-14 17:23 -------- d-----w- c:\documents and settings\Hong\Local Settings\Application Data\Sunbelt Software
2010-11-14 17:22 . 2010-11-14 20:42 -------- d-----w- c:\documents and settings\All Users\Application Data\Lavasoft
2010-11-14 16:41 . 2010-11-14 16:41 -------- d-----w- c:\documents and settings\Administrator\Local Settings\Application Data\Apple Computer
2010-11-14 16:28 . 2010-11-14 16:28 -------- d-----w- c:\documents and settings\Administrator\Local Settings\Application Data\ApplicationHistory
2010-11-13 18:36 . 2010-11-22 22:30 -------- d-----w- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2010-11-13 18:36 . 2010-11-14 11:40 -------- d-----w- c:\program files\Spybot - Search & Destroy
2010-10-28 21:42 . 2010-10-28 21:42 -------- d-----w- c:\documents and settings\All Users\Application Data\Trymedia

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-05-01 21:02 . 2009-05-01 21:02 1044480 ----a-w- c:\program files\opera\program\plugins\libdivx.dll
2009-05-01 21:02 . 2009-05-01 21:02 200704 ----a-w- c:\program files\opera\program\plugins\ssldivx.dll
.

------- Sigcheck -------

[7] 2009-12-22 . 5747867041C33E26DA5CC893C9532DB8 . 3071488 . . [6.00.2900.3660] . . c:\windows\$hf_mig$\KB978207\SP2QFE\mshtml.dll
[7] 2009-12-22 . A758F0891A87EE005848A0BC740A5B96 . 3071488 . . [6.00.2900.5921] . . c:\windows\$hf_mig$\KB978207\SP3GDR\mshtml.dll
[7] 2009-12-22 . AD17006339C1934D86449F335C241FF1 . 3073536 . . [6.00.2900.5921] . . c:\windows\$hf_mig$\KB978207\SP3QFE\mshtml.dll
[7] 2008-12-12 . B6DAA74E2ED36C71B502945589A683AE . 3067904 . . [6.00.2900.5726] . . c:\windows\$hf_mig$\KB960714\SP3QFE\mshtml.dll
[7] 2008-12-12 . C828AA1C5469E72251F3D367005E589F . 3067904 . . [6.00.2900.5726] . . c:\windows\SoftwareDistribution\Download\abbfe8992e55aa6ab630ccb81e3b1e56\backup\sp3gdr\mshtml.dll
[7] 2008-12-12 . C828AA1C5469E72251F3D367005E589F . 3067904 . . [6.00.2900.5726] . . c:\windows\SoftwareDistribution\Download\abbfe8992e55aa6ab630ccb81e3b1e56\backup\sp3qfe\mshtml.dll
[-] 2008-12-12 . CFC3D32583AB0EAE13E98A0492A4F5EF . 3444736 . . [6.00.2900.5726] . . c:\windows\system32\mshtml.dll
[7] 2008-10-16 . CC5A2205D37AE67CE23AB7FD3E1FDACA . 3067904 . . [6.00.2900.5694] . . c:\windows\$hf_mig$\KB958215\SP3QFE\mshtml.dll
[7] 2008-04-14 . A706E122B398FE1AB85CB9B75D044223 . 3066880 . . [6.00.2900.5512] . . c:\windows\ServicePackFiles\i386\mshtml.dll
[7] 2008-04-14 . A706E122B398FE1AB85CB9B75D044223 . 3066880 . . [6.00.2900.5512] . . c:\windows\SoftwareDistribution\Download\9866fb57abdc0ea2f5d4e132d055ba4e\mshtml.dll
[7] 2004-08-03 . 376E0843B2356CA91CEC8D9837A56FF7 . 3003392 . . [6.00.2900.2180] . . c:\windows\SoftwareDistribution\Download\2bc0b3c55e0c166e04844934d1c7c342\backup\mshtml.dll

[7] 2009-02-08 . EFE8EACE83EAAD5849A7A548FB75B584 . 2189184 . . [5.1.2600.5755] . . c:\windows\$hf_mig$\KB956572\SP3QFE\ntoskrnl.exe
[7] 2009-02-06 . FACEBB0CA3154F77009CDFEE78A00BBB . 2180480 . . [5.1.2600.3520] . . c:\windows\$NtServicePackUninstall$\ntoskrnl.exe
[7] 2009-02-06 . 7A95B10A73737EBF24139AAA63F5212B . 2189056 . . [5.1.2600.5755] . . c:\windows\$hf_mig$\KB956572\SP3GDR\ntoskrnl.exe
[7] 2009-02-06 . 6A936E9D7BADAF3CAAEED1E1966EC1B0 . 2186112 . . [5.1.2600.3520] . . c:\windows\$hf_mig$\KB956572\SP2QFE\ntoskrnl.exe
[7] 2008-08-15 . 31914172342BFF330063F343AC6958FE . 2189184 . . [5.1.2600.5657] . . c:\windows\$hf_mig$\KB956841\SP3QFE\ntoskrnl.exe
[7] 2008-08-14 . EEAF32F8E15A24F62BECB1BD403BB5C5 . 2189184 . . [5.1.2600.5657] . . c:\windows\Driver Cache\i386\ntoskrnl.exe
[-] 2008-08-14 . 24F1370B92B402AEFE07D50E0668194A . 2197888 . . [5.1.2600.5657] . . c:\windows\system32\ntoskrnl.exe
[7] 2008-04-13 . 0C89243C7C3EE199B96FCC16990E0679 . 2188928 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\ntoskrnl.exe
[7] 2008-04-13 . 0C89243C7C3EE199B96FCC16990E0679 . 2188928 . . [5.1.2600.5512] . . c:\windows\SoftwareDistribution\Download\9866fb57abdc0ea2f5d4e132d055ba4e\ntoskrnl.exe
[7] 2004-08-03 . CE218BC7088681FAA06633E218596CA7 . 2180992 . . [5.1.2600.2180] . . c:\windows\SoftwareDistribution\Download\2bc0b3c55e0c166e04844934d1c7c342\backup\ntoskrnl.exe

[-] 2008-04-14 . BF09E580BA8E3846F9E107B5A7041837 . 4919296 . . [6.00.2900.5512] . . c:\windows\explorer.exe
[-] 2008-04-14 . BF09E580BA8E3846F9E107B5A7041837 . 4919296 . . [6.00.2900.5512] . . c:\windows\ServicePackFiles\i386\explorer.exe
[-] 2008-04-14 . EE5BB6E5C76B793C9F58AAC68ED18D79 . 1480192 . . [6.00.2900.5512] . . c:\windows\VCP_SAVE\explorer.exe
[7] 2008-04-14 . 12896823FB95BFB3DC9B46BCAEDC9923 . 1033728 . . [6.00.2900.5512] . . c:\windows\SoftwareDistribution\Download\9866fb57abdc0ea2f5d4e132d055ba4e\explorer.exe
[7] 2004-08-03 . A0732187050030AE399B241436565E64 . 1032192 . . [6.00.2900.2180] . . c:\windows\$NtServicePackUninstall$\explorer.exe
[7] 2004-08-03 . A0732187050030AE399B241436565E64 . 1032192 . . [6.00.2900.2180] . . c:\windows\SoftwareDistribution\Download\2bc0b3c55e0c166e04844934d1c7c342\backup\explorer.exe

[7] 2009-02-08 . 5BA7F2141BC6DB06100D0E5A732C617A . 2066048 . . [5.1.2600.5755] . . c:\windows\$hf_mig$\KB956572\SP3GDR\ntkrnlpa.exe
[7] 2009-02-06 . 3006410E24772CC6953F0B5C01BEB35F . 2057728 . . [5.1.2600.3520] . . c:\windows\$NtServicePackUninstall$\ntkrnlpa.exe
[7] 2009-02-06 . 607352B9CB3D708C67F6039097801B5A . 2066176 . . [5.1.2600.5755] . . c:\windows\$hf_mig$\KB956572\SP3QFE\ntkrnlpa.exe
[7] 2009-02-06 . 9D832AF3FD1917DB0E1E8B2F000A2E3A . 2062976 . . [5.1.2600.3520] . . c:\windows\$hf_mig$\KB956572\SP2QFE\ntkrnlpa.exe
[7] 2008-08-14 . A25E9B86EFFB2AF33BF51E676B68BFB0 . 2066048 . . [5.1.2600.5657] . . c:\windows\$hf_mig$\KB956841\SP3QFE\ntkrnlpa.exe
[7] 2008-08-14 . 4AC58F03EB94A72809949D757FC39D80 . 2066048 . . [5.1.2600.5657] . . c:\windows\Driver Cache\i386\ntkrnlpa.exe
[-] 2008-08-14 . 0AD2A07C291E051CBCF90EED4F1D87B6 . 2074752 . . [5.1.2600.5657] . . c:\windows\system32\ntkrnlpa.exe
[7] 2008-04-13 . 109F8E3E3C82E337BB71B6BC9B895D61 . 2065792 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\ntkrnlpa.exe
[7] 2008-04-13 . 109F8E3E3C82E337BB71B6BC9B895D61 . 2065792 . . [5.1.2600.5512] . . c:\windows\SoftwareDistribution\Download\9866fb57abdc0ea2f5d4e132d055ba4e\ntkrnlpa.exe
[7] 2004-08-03 . 947FB1D86D14AFCFFDB54BF837EC25D0 . 2056832 . . [5.1.2600.2180] . . c:\windows\SoftwareDistribution\Download\2bc0b3c55e0c166e04844934d1c7c342\backup\ntkrnlpa.exe

[7] 2008-04-14 . 55794B97A7FAABD2910873C85274F409 . 93184 . . [6.00.2900.5512] . . c:\windows\ServicePackFiles\i386\iexplore.exe
[7] 2008-04-14 . 55794B97A7FAABD2910873C85274F409 . 93184 . . [6.00.2900.5512] . . c:\windows\SoftwareDistribution\Download\9866fb57abdc0ea2f5d4e132d055ba4e\iexplore.exe
[7] 2004-08-03 . E7484514C0464642BE7B4DC2689354C8 . 93184 . . [6.00.2900.2180] . . c:\windows\$NtServicePackUninstall$\iexplore.exe
[7] 2004-08-03 . E7484514C0464642BE7B4DC2689354C8 . 93184 . . [6.00.2900.2180] . . c:\windows\SoftwareDistribution\Download\2bc0b3c55e0c166e04844934d1c7c342\backup\iexplore.exe
.
((((((((((((((((((((((((((((( SnapShot@2010-11-14_20.49.06 )))))))))))))))))))))))))))))))))))))))))
.
- 2001-08-23 12:00 . 2010-11-12 18:07 72590 c:\windows\system32\perfc009.dat
+ 2001-08-23 12:00 . 2010-11-23 10:20 72590 c:\windows\system32\perfc009.dat
+ 2001-08-23 12:00 . 2010-11-23 10:20 444524 c:\windows\system32\perfh009.dat
- 2001-08-23 12:00 . 2010-11-12 18:07 444524 c:\windows\system32\perfh009.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"BluetoothAuthenticationAgent"="bthprops.cpl" [2008-04-14 110592]
"NVMixerTray"="c:\program files\NVIDIA Corporation\NvMixer\NVMixerTray.exe" [2004-06-03 131072]
"SoundMan"="SOUNDMAN.EXE" [2007-04-16 577536]
"nwiz"="c:\program files\NVIDIA Corporation\nView\nwiz.exe" [2010-07-07 1753192]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2010-07-09 110696]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2010-07-09 13923432]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2010-09-23 35760]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-09-20 932288]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
hp psc 1000 series.lnk - c:\program files\Hewlett-Packard\Digital Imaging\bin\hpohmr08.exe [2003-4-6 147456]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoSMBalloonTip"= 0 (0x0)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^hpoddt01.exe.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\hpoddt01.exe.lnk
backup=c:\windows\pss\hpoddt01.exe.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^Hong^Start Menu^Programs^Startup^0ddzppl.exe]
path=c:\documents and settings\Hong\Start Menu\Programs\Startup\0ddzppl.exe
backup=c:\windows\pss\0ddzppl.exeStartup

[HKLM\~\startupfolder\C:^Documents and Settings^Hong^Start Menu^Programs^Startup^5n0tup8.exe]
path=c:\documents and settings\Hong\Start Menu\Programs\Startup\5n0tup8.exe
backup=c:\windows\pss\5n0tup8.exeStartup

[HKLM\~\startupfolder\C:^Documents and Settings^Hong^Start Menu^Programs^Startup^a1wssneezq.exe]
path=c:\documents and settings\Hong\Start Menu\Programs\Startup\a1wssneezq.exe
backup=c:\windows\pss\a1wssneezq.exeStartup

[HKLM\~\startupfolder\C:^Documents and Settings^Hong^Start Menu^Programs^Startup^a3mc1ijj.exe]
path=c:\documents and settings\Hong\Start Menu\Programs\Startup\a3mc1ijj.exe
backup=c:\windows\pss\a3mc1ijj.exeStartup

[HKLM\~\startupfolder\C:^Documents and Settings^Hong^Start Menu^Programs^Startup^Adobe Gamma.lnk]
path=c:\documents and settings\Hong\Start Menu\Programs\Startup\Adobe Gamma.lnk
backup=c:\windows\pss\Adobe Gamma.lnkStartup

[HKLM\~\startupfolder\C:^Documents and Settings^Hong^Start Menu^Programs^Startup^avbg3ss3.exe]
path=c:\documents and settings\Hong\Start Menu\Programs\Startup\avbg3ss3.exe
backup=c:\windows\pss\avbg3ss3.exeStartup

[HKLM\~\startupfolder\C:^Documents and Settings^Hong^Start Menu^Programs^Startup^bhxnijjf.exe]
path=c:\documents and settings\Hong\Start Menu\Programs\Startup\bhxnijjf.exe
backup=c:\windows\pss\bhxnijjf.exeStartup

[HKLM\~\startupfolder\C:^Documents and Settings^Hong^Start Menu^Programs^Startup^cxxotup83.exe]
path=c:\documents and settings\Hong\Start Menu\Programs\Startup\cxxotup83.exe
backup=c:\windows\pss\cxxotup83.exeStartup

[HKLM\~\startupfolder\C:^Documents and Settings^Hong^Start Menu^Programs^Startup^fagg3ss3ee1.exe]
path=c:\documents and settings\Hong\Start Menu\Programs\Startup\fagg3ss3ee1.exe
backup=c:\windows\pss\fagg3ss3ee1.exeStartup

[HKLM\~\startupfolder\C:^Documents and Settings^Hong^Start Menu^Programs^Startup^g70hdyy6k.exe]
path=c:\documents and settings\Hong\Start Menu\Programs\Startup\g70hdyy6k.exe
backup=c:\windows\pss\g70hdyy6k.exeStartup

[HKLM\~\startupfolder\C:^Documents and Settings^Hong^Start Menu^Programs^Startup^i3uuklq8.exe]
path=c:\documents and settings\Hong\Start Menu\Programs\Startup\i3uuklq8.exe
backup=c:\windows\pss\i3uuklq8.exeStartup

[HKLM\~\startupfolder\C:^Documents and Settings^Hong^Start Menu^Programs^Startup^i3uuklq860.exe]
path=c:\documents and settings\Hong\Start Menu\Programs\Startup\i3uuklq860.exe
backup=c:\windows\pss\i3uuklq860.exeStartup

[HKLM\~\startupfolder\C:^Documents and Settings^Hong^Start Menu^Programs^Startup^lwhns3ee1q.exe]
path=c:\documents and settings\Hong\Start Menu\Programs\Startup\lwhns3ee1q.exe
backup=c:\windows\pss\lwhns3ee1q.exeStartup

[HKLM\~\startupfolder\C:^Documents and Settings^Hong^Start Menu^Programs^Startup^MagicDisc.lnk]
path=c:\documents and settings\Hong\Start Menu\Programs\Startup\MagicDisc.lnk
backup=c:\windows\pss\MagicDisc.lnkStartup

[HKLM\~\startupfolder\C:^Documents and Settings^Hong^Start Menu^Programs^Startup^OpenOffice.org 3.0.lnk]
path=c:\documents and settings\Hong\Start Menu\Programs\Startup\OpenOffice.org 3.0.lnk
backup=c:\windows\pss\OpenOffice.org 3.0.lnkStartup

[HKLM\~\startupfolder\C:^Documents and Settings^Hong^Start Menu^Programs^Startup^riddzpplq3.exe]
path=c:\documents and settings\Hong\Start Menu\Programs\Startup\riddzpplq3.exe
backup=c:\windows\pss\riddzpplq3.exeStartup

[HKLM\~\startupfolder\C:^Documents and Settings^Hong^Start Menu^Programs^Startup^rrnddzpplbb.exe]
path=c:\documents and settings\Hong\Start Menu\Programs\Startup\rrnddzpplbb.exe
backup=c:\windows\pss\rrnddzpplbb.exeStartup

[HKLM\~\startupfolder\C:^Documents and Settings^Hong^Start Menu^Programs^Startup^s86e81qbcxd.exe]
path=c:\documents and settings\Hong\Start Menu\Programs\Startup\s86e81qbcxd.exe
backup=c:\windows\pss\s86e81qbcxd.exeStartup

[HKLM\~\startupfolder\C:^Documents and Settings^Hong^Start Menu^Programs^Startup^uk0g3ss3ee1.exe]
path=c:\documents and settings\Hong\Start Menu\Programs\Startup\uk0g3ss3ee1.exe
backup=c:\windows\pss\uk0g3ss3ee1.exeStartup

[HKLM\~\startupfolder\C:^Documents and Settings^Hong^Start Menu^Programs^Startup^vmmhyytk.exe]
path=c:\documents and settings\Hong\Start Menu\Programs\Startup\vmmhyytk.exe
backup=c:\windows\pss\vmmhyytk.exeStartup

[HKLM\~\startupfolder\C:^Documents and Settings^Hong^Start Menu^Programs^Startup^w0xnijjfk3.exe]
path=c:\documents and settings\Hong\Start Menu\Programs\Startup\w0xnijjfk3.exe
backup=c:\windows\pss\w0xnijjfk3.exeStartup

[HKLM\~\startupfolder\C:^Documents and Settings^Hong^Start Menu^Programs^Startup^whx9ye0k3w.exe]
path=c:\documents and settings\Hong\Start Menu\Programs\Startup\whx9ye0k3w.exe
backup=c:\windows\pss\whx9ye0k3w.exeStartup

[HKLM\~\startupfolder\C:^Documents and Settings^Hong^Start Menu^Programs^Startup^WinFlip.lnk]
path=c:\documents and settings\Hong\Start Menu\Programs\Startup\WinFlip.lnk
backup=c:\windows\pss\WinFlip.lnkStartup

[HKLM\~\startupfolder\C:^Documents and Settings^Hong^Start Menu^Programs^Startup^y8703g0hxd6.exe]
path=c:\documents and settings\Hong\Start Menu\Programs\Startup\y8703g0hxd6.exe
backup=c:\windows\pss\y8703g0hxd6.exeStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
2010-09-20 22:07 932288 ----a-r- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
2010-09-23 03:47 35760 ----a-w- c:\program files\Adobe\Reader 9.0\Reader\reader_sl.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AdobeAAMUpdater-1.0]
2010-03-06 01:44 500208 ------w- c:\program files\Common Files\Adobe\OOBE\PDApp\UWA\updaterstartuputility.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AdobeCS4ServiceManager]
2008-08-14 05:58 611712 ----a-w- c:\program files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AdobeCS5ServiceManager]
2010-07-22 21:10 402432 ----a-w- c:\program files\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BDRegion]
2010-06-28 20:50 75048 ----a-w- c:\program files\Cyberlink\Shared files\brs.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools Lite]
2010-04-01 09:16 357696 ----a-w- c:\program files\DAEMON Tools Lite\DTLite.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DivXUpdate]
2010-04-12 22:46 1135912 ----a-w- c:\program files\DivX\DivX Update\DivXUpdate.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Update]
2009-09-24 16:57 133104 ----atw- c:\documents and settings\Hong\Local Settings\Application Data\Google\Update\GoogleUpdate.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ICQ]
2010-10-27 12:20 133432 ----a-w- c:\program files\ICQ7.1\ICQ.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\msnmsgr]
2009-07-26 15:44 3883856 ----a-w- c:\program files\Windows Live\Messenger\msnmsgr.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
2001-07-09 19:50 155648 ----a-w- c:\windows\system32\NeroCheck.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NVIDIA nTune]
2007-09-04 18:25 81920 ----a-w- c:\program files\NVIDIA Corporation\nTune\nTuneCmd.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvMediaCenter]
2010-07-09 14:24 110696 ----a-w- c:\windows\system32\nvmctray.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2009-05-26 15:18 413696 ----a-w- c:\program files\QuickTime\QTTask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RemoteControl10]
2010-02-02 22:08 87336 ------w- d:\powerdvd10\PDVD10Serv.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2009-02-14 22:12 148888 ----a-w- c:\program files\Java\jre6\bin\jusched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SwitchBoard]
2010-02-19 11:37 517096 ----a-w- c:\program files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinampAgent]
2010-07-12 16:32 74752 ----a-w- c:\program files\Winamp\winampa.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"ose"=3 (0x3)
"idsvc"=3 (0x3)
"ICQ Service"=2 (0x2)
"WZCSVC"=2 (0x2)
"wuauserv"=2 (0x2)
"wscsvc"=2 (0x2)
"JavaQuickStarterService"=2 (0x2)
"NetTcpPortSharing"=2 (0x2)
"WMPNetworkSvc"=3 (0x3)
"gusvc"=2 (0x2)
"gupdate1c9aca3419ed106"=2 (0x2)
"Viewpoint Manager Service"=2 (0x2)
"MDM"=2 (0x2)
"Adobe LM Service"=3 (0x3)
"ServiceLayer"=3 (0x3)
"IDriverT"=3 (0x3)
"fsssvc"=3 (0x3)
"FLEXnet Licensing Service"=3 (0x3)
"nvsvc"=2 (0x2)
"nTuneService"=2 (0x2)
"CachemanXPService"=3 (0x3)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Opera\\opera.exe"=
"c:\\Program Files\\uTorrent\\uTorrent.exe"=
"c:\\Program Files\\ICQ7.1\\ICQ.exe"=
"c:\\Program Files\\ICQ7.1\\aolload.exe"=
"c:\\Program Files\\Pando Networks\\Media Booster\\PMB.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"57447:TCP"= 57447:TCP:Pando Media Booster
"57447:UDP"= 57447:UDP:Pando Media Booster

R0 sptd;sptd;c:\windows\system32\drivers\sptd.sys [16.2.2009 4:57 691696]
R2 {1BA31E5A-C098-42d8-8F88-3C9F78A2FDDC};Power Control [2010/07/11 13:05];d:\powerdvd10\NavFilter\000.fcl [28.6.2010 21:50 87536]
S3 SwitchBoard;SwitchBoard;c:\program files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [19.2.2010 12:37 517096]
S4 Viewpoint Manager Service;Viewpoint Manager Service;c:\program files\Viewpoint\Common\ViewpointService.exe [23.8.2009 15:35 24652]
.
Contents of the 'Scheduled Tasks' folder

2010-11-21 c:\windows\Tasks\AdobeAAMUpdater-1.0-FAJKOS-Hong.job
- c:\program files\Common Files\Adobe\OOBE\PDApp\UWA\updaterstartuputility.exe [2010-05-13 01:44]

2010-11-14 c:\windows\Tasks\FRU Task 2003-04-06 08:52ewlett-Packard2003-04-06 08:52p psc 1200 series5E771253C1676EBED677BF361FDFC537825E15B8275498585.job
- c:\program files\Hewlett-Packard\Digital Imaging\Bin\hpqfrucl.exe [2003-04-05 22:52]

2010-11-23 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-789336058-839522115-1617979688-1003Core.job
- c:\documents and settings\Hong\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2009-09-24 16:57]

2010-11-23 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-789336058-839522115-1617979688-1003UA.job
- c:\documents and settings\Hong\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2009-09-24 16:57]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://fullarticles.net
mStart Page = hxxp://www.games-fusion.net
IE: {{71BFC818-0CED-42D6-9C87-5142918957EE} - c:\program files\ICQ7.1\ICQ.exe
Trusted Zone: com.tw\asia.msi
Trusted Zone: com.tw\global.msi
Trusted Zone: com.tw\www.msi
FF - ProfilePath - c:\documents and settings\Hong\Application Data\Mozilla\Firefox\Profiles\gb2ngkbk.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.live.com/results.aspx?FORM=IEFM1&q=
FF - prefs.js: browser.search.selectedEngine - ICQ Search
FF - prefs.js: browser.startup.homepage - hxxp://www.facebook.com/
FF - prefs.js: keyword.URL - hxxp://search.icq.com/search/afe_results.php?ch_id=afex&tb_ver=2.0.0.2&q=
FF - prefs.js: network.proxy.type - 2
FF - component: c:\documents and settings\Hong\Application Data\Mozilla\Firefox\Profiles\gb2ngkbk.default\extensions\DTToolbar@toolbarnet.com\components\DTToolbarFF.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

---- FIREFOX POLICIES ----
FF - user.js: browser.cache.memory.capacity - 65536
FF - user.js: browser.display.show_image_placeholders - true
FF - user.js: browser.chrome.favicons - false
FF - user.js: browser.turbo.enabled - true
FF - user.js: browser.urlbar.autocomplete.enabled - true
FF - user.js: browser.urlbar.autofill - true
FF - user.js: content.interrupt.parsing - true
FF - user.js: content.max.tokenizing.time - 2250000
FF - user.js: content.notify.backoffcount - 5
FF - user.js: content.notify.interval - 750000
FF - user.js: content.notify.ontimer - true
FF - user.js: content.switch.threshold - 750000
FF - user.js: network.http.max-connections - 48
FF - user.js: network.http.max-connections-per-server - 16
FF - user.js: network.http.max-persistent-connections-per-proxy - 16
FF - user.js: network.http.max-persistent-connections-per-server - 8
FF - user.js: network.http.pipelining - true
FF - user.js: network.http.pipelining.firstrequest - true
FF - user.js: network.http.pipelining.maxrequests - 8
FF - user.js: network.http.proxy.pipelining - true
FF - user.js: network.http.request.max-start-delay - 0
FF - user.js: nglayout.initialpaint.delay - 0
FF - user.js: plugin.expose_full_path - true
FF - user.js: ui.submenuDelay - 0
c:\program files\Mozilla Firefox\defaults\pref\firefox-l10n.js - pref("browser.fixup.alternate.suffix", ".sk");
.
- - - - ORPHANS REMOVED - - - -

HKLM-Run-mupoga - c:\windows\system32\loosoujouzous.exe
HKLM-Run-jyku - c:\windows\system32\kouloomorou.exe



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-11-23 15:58
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\System\ControlSet005\Services\{1BA31E5A-C098-42d8-8F88-3C9F78A2FDDC}]
"ImagePath"="\??\d:\powerdvd10\NavFilter\000.fcl"
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_USERS\S-1-5-21-789336058-839522115-1617979688-1003\Software\Microsoft\SystemCertificates\AddressBook*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(924)
c:\program files\Common Files\Adobe\Adobe Drive CS4\AdobeDriveCS4_NP.dll
c:\windows\system32\cscui.dll

- - - - - - - > 'explorer.exe'(3192)
c:\windows\system32\SETUPAPI.dll
c:\windows\system32\WPDShServiceObj.dll
c:\program files\Nokia\Nokia PC Suite 7\PhoneBrowser.dll
c:\program files\Nokia\Nokia PC Suite 7\NGSCM.DLL
c:\program files\Nokia\Nokia PC Suite 7\Lang\PhoneBrowser_cze.nlr
c:\program files\Nokia\Nokia PC Suite 7\Resource\PhoneBrowser_Nokia.ngr
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\rundll32.exe
c:\windows\SOUNDMAN.EXE
c:\windows\system32\RUNDLL32.EXE
c:\program files\Hewlett-Packard\Digital Imaging\bin\hpoevm08.exe
c:\windows\system32\wscntfy.exe
c:\program files\Hewlett-Packard\Digital Imaging\Bin\hpoSTS08.exe
.
**************************************************************************
.
Completion time: 2010-11-23 16:03:44 - machine was rebooted
ComboFix-quarantined-files.txt 2010-11-23 15:03
ComboFix2.txt 2010-11-22 17:41
ComboFix3.txt 2010-11-22 17:26
ComboFix4.txt 2010-11-22 17:09
ComboFix5.txt 2010-11-23 14:49

Pre-Run: 46 376 607 744 bytes free
Post-Run: 46 361 382 912 bytes free

- - End Of File - - 11AA335B702FF683CB4F341AC5FABD7A

Krom zbytkových záznamů v registrech čisto Jak se chová PC?

Poprosím vás ještě o toto:
Dejte Start -> Spustit -> vepište"regedit" a klikněte na OK.
Otevře se Vám okno regeditu a tam proveďte následující -> Nalevo ve stromové struktuře se dostaňte na toto:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupfolder
Až budete mít kliknuto na startupfolder dejte nahoře Soubor -> Exportovat a uložte třeba jako 123.reg
Poté buď otevřete soubor v poznámkovém bloku a jeho obsah vložte sem a nebo zabalte do zipu a můžete ho nahrát sem na fórum k příspěvku.

Windows Registry Editor Version 5.00

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupfolder]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^hpoddt01.exe.lnk]
"path"="C:\\Documents and Settings\\All Users\\Start Menu\\Programs\\Startup\\hpoddt01.exe.lnk"
"backup"="C:\\WINDOWS\\pss\\hpoddt01.exe.lnkCommon Startup"
"location"="Common Startup"
"command"="C:\\PROGRA~1\\HEWLET~1\\DIGITA~1\\bin\\hpotdd01.exe "
"item"="hpoddt01.exe"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupfolder\C:^Documents and Settings^Hong^Start Menu^Programs^Startup^0ddzppl.exe]
"path"="C:\\Documents and Settings\\Hong\\Start Menu\\Programs\\Startup\\0ddzppl.exe"
"backup"="C:\\WINDOWS\\pss\\0ddzppl.exeStartup"
"location"="Startup"
"command"="C:\\Documents and Settings\\Hong\\Start Menu\\Programs\\Startup\\0ddzppl.exe"
"item"="0ddzppl"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupfolder\C:^Documents and Settings^Hong^Start Menu^Programs^Startup^5n0tup8.exe]
"path"="C:\\Documents and Settings\\Hong\\Start Menu\\Programs\\Startup\\5n0tup8.exe"
"backup"="C:\\WINDOWS\\pss\\5n0tup8.exeStartup"
"location"="Startup"
"command"="C:\\Documents and Settings\\Hong\\Start Menu\\Programs\\Startup\\5n0tup8.exe"
"item"="5n0tup8"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupfolder\C:^Documents and Settings^Hong^Start Menu^Programs^Startup^a1wssneezq.exe]
"path"="C:\\Documents and Settings\\Hong\\Start Menu\\Programs\\Startup\\a1wssneezq.exe"
"backup"="C:\\WINDOWS\\pss\\a1wssneezq.exeStartup"
"location"="Startup"
"command"="C:\\Documents and Settings\\Hong\\Start Menu\\Programs\\Startup\\a1wssneezq.exe"
"item"="a1wssneezq"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupfolder\C:^Documents and Settings^Hong^Start Menu^Programs^Startup^a3mc1ijj.exe]
"path"="C:\\Documents and Settings\\Hong\\Start Menu\\Programs\\Startup\\a3mc1ijj.exe"
"backup"="C:\\WINDOWS\\pss\\a3mc1ijj.exeStartup"
"location"="Startup"
"command"="C:\\Documents and Settings\\Hong\\Start Menu\\Programs\\Startup\\a3mc1ijj.exe"
"item"="a3mc1ijj"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupfolder\C:^Documents and Settings^Hong^Start Menu^Programs^Startup^Adobe Gamma.lnk]
"item"="Adobe Gamma"
"path"="C:\\Documents and Settings\\Hong\\Start Menu\\Programs\\Startup\\Adobe Gamma.lnk"
"backup"="C:\\WINDOWS\\pss\\Adobe Gamma.lnkStartup"
"location"="Startup"
"command"="C:\\PROGRA~1\\COMMON~1\\Adobe\\CALIBR~1\\ADOBEG~1.EXE"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupfolder\C:^Documents and Settings^Hong^Start Menu^Programs^Startup^avbg3ss3.exe]
"path"="C:\\Documents and Settings\\Hong\\Start Menu\\Programs\\Startup\\avbg3ss3.exe"
"backup"="C:\\WINDOWS\\pss\\avbg3ss3.exeStartup"
"location"="Startup"
"command"="C:\\Documents and Settings\\Hong\\Start Menu\\Programs\\Startup\\avbg3ss3.exe"
"item"="avbg3ss3"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupfolder\C:^Documents and Settings^Hong^Start Menu^Programs^Startup^bhxnijjf.exe]
"path"="C:\\Documents and Settings\\Hong\\Start Menu\\Programs\\Startup\\bhxnijjf.exe"
"backup"="C:\\WINDOWS\\pss\\bhxnijjf.exeStartup"
"location"="Startup"
"command"="C:\\Documents and Settings\\Hong\\Start Menu\\Programs\\Startup\\bhxnijjf.exe"
"item"="bhxnijjf"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupfolder\C:^Documents and Settings^Hong^Start Menu^Programs^Startup^cxxotup83.exe]
"path"="C:\\Documents and Settings\\Hong\\Start Menu\\Programs\\Startup\\cxxotup83.exe"
"backup"="C:\\WINDOWS\\pss\\cxxotup83.exeStartup"
"location"="Startup"
"command"="C:\\Documents and Settings\\Hong\\Start Menu\\Programs\\Startup\\cxxotup83.exe"
"item"="cxxotup83"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupfolder\C:^Documents and Settings^Hong^Start Menu^Programs^Startup^fagg3ss3ee1.exe]
"path"="C:\\Documents and Settings\\Hong\\Start Menu\\Programs\\Startup\\fagg3ss3ee1.exe"
"backup"="C:\\WINDOWS\\pss\\fagg3ss3ee1.exeStartup"
"location"="Startup"
"command"="C:\\Documents and Settings\\Hong\\Start Menu\\Programs\\Startup\\fagg3ss3ee1.exe"
"item"="fagg3ss3ee1"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupfolder\C:^Documents and Settings^Hong^Start Menu^Programs^Startup^g70hdyy6k.exe]
"path"="C:\\Documents and Settings\\Hong\\Start Menu\\Programs\\Startup\\g70hdyy6k.exe"
"backup"="C:\\WINDOWS\\pss\\g70hdyy6k.exeStartup"
"location"="Startup"
"command"="C:\\Documents and Settings\\Hong\\Start Menu\\Programs\\Startup\\g70hdyy6k.exe"
"item"="g70hdyy6k"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupfolder\C:^Documents and Settings^Hong^Start Menu^Programs^Startup^i3uuklq8.exe]
"path"="C:\\Documents and Settings\\Hong\\Start Menu\\Programs\\Startup\\i3uuklq8.exe"
"backup"="C:\\WINDOWS\\pss\\i3uuklq8.exeStartup"
"location"="Startup"
"command"="C:\\Documents and Settings\\Hong\\Start Menu\\Programs\\Startup\\i3uuklq8.exe"
"item"="i3uuklq8"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupfolder\C:^Documents and Settings^Hong^Start Menu^Programs^Startup^i3uuklq860.exe]
"path"="C:\\Documents and Settings\\Hong\\Start Menu\\Programs\\Startup\\i3uuklq860.exe"
"backup"="C:\\WINDOWS\\pss\\i3uuklq860.exeStartup"
"location"="Startup"
"command"="C:\\Documents and Settings\\Hong\\Start Menu\\Programs\\Startup\\i3uuklq860.exe"
"item"="i3uuklq860"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupfolder\C:^Documents and Settings^Hong^Start Menu^Programs^Startup^lwhns3ee1q.exe]
"path"="C:\\Documents and Settings\\Hong\\Start Menu\\Programs\\Startup\\lwhns3ee1q.exe"
"backup"="C:\\WINDOWS\\pss\\lwhns3ee1q.exeStartup"
"location"="Startup"
"command"="C:\\Documents and Settings\\Hong\\Start Menu\\Programs\\Startup\\lwhns3ee1q.exe"
"item"="lwhns3ee1q"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupfolder\C:^Documents and Settings^Hong^Start Menu^Programs^Startup^MagicDisc.lnk]
"item"="MagicDisc"
"path"="C:\\Documents and Settings\\Hong\\Start Menu\\Programs\\Startup\\MagicDisc.lnk"
"backup"="C:\\WINDOWS\\pss\\MagicDisc.lnkStartup"
"location"="Startup"
"command"="C:\\PROGRA~1\\MAGICD~1\\MAGICD~1.EXE"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupfolder\C:^Documents and Settings^Hong^Start Menu^Programs^Startup^OpenOffice.org 3.0.lnk]
"path"="C:\\Documents and Settings\\Hong\\Start Menu\\Programs\\Startup\\OpenOffice.org 3.0.lnk"
"backup"="C:\\WINDOWS\\pss\\OpenOffice.org 3.0.lnkStartup"
"location"="Startup"
"command"="C:\\PROGRA~1\\OPENOF~1.ORG\\program\\QUICKS~1.EXE "
"item"="OpenOffice.org 3.0"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupfolder\C:^Documents and Settings^Hong^Start Menu^Programs^Startup^riddzpplq3.exe]
"path"="C:\\Documents and Settings\\Hong\\Start Menu\\Programs\\Startup\\riddzpplq3.exe"
"backup"="C:\\WINDOWS\\pss\\riddzpplq3.exeStartup"
"location"="Startup"
"command"="C:\\Documents and Settings\\Hong\\Start Menu\\Programs\\Startup\\riddzpplq3.exe"
"item"="riddzpplq3"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupfolder\C:^Documents and Settings^Hong^Start Menu^Programs^Startup^rrnddzpplbb.exe]
"path"="C:\\Documents and Settings\\Hong\\Start Menu\\Programs\\Startup\\rrnddzpplbb.exe"
"backup"="C:\\WINDOWS\\pss\\rrnddzpplbb.exeStartup"
"location"="Startup"
"command"="C:\\Documents and Settings\\Hong\\Start Menu\\Programs\\Startup\\rrnddzpplbb.exe"
"item"="rrnddzpplbb"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupfolder\C:^Documents and Settings^Hong^Start Menu^Programs^Startup^s86e81qbcxd.exe]
"path"="C:\\Documents and Settings\\Hong\\Start Menu\\Programs\\Startup\\s86e81qbcxd.exe"
"backup"="C:\\WINDOWS\\pss\\s86e81qbcxd.exeStartup"
"location"="Startup"
"command"="C:\\Documents and Settings\\Hong\\Start Menu\\Programs\\Startup\\s86e81qbcxd.exe"
"item"="s86e81qbcxd"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupfolder\C:^Documents and Settings^Hong^Start Menu^Programs^Startup^uk0g3ss3ee1.exe]
"path"="C:\\Documents and Settings\\Hong\\Start Menu\\Programs\\Startup\\uk0g3ss3ee1.exe"
"backup"="C:\\WINDOWS\\pss\\uk0g3ss3ee1.exeStartup"
"location"="Startup"
"command"="C:\\Documents and Settings\\Hong\\Start Menu\\Programs\\Startup\\uk0g3ss3ee1.exe"
"item"="uk0g3ss3ee1"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupfolder\C:^Documents and Settings^Hong^Start Menu^Programs^Startup^vmmhyytk.exe]
"path"="C:\\Documents and Settings\\Hong\\Start Menu\\Programs\\Startup\\vmmhyytk.exe"
"backup"="C:\\WINDOWS\\pss\\vmmhyytk.exeStartup"
"location"="Startup"
"command"="C:\\Documents and Settings\\Hong\\Start Menu\\Programs\\Startup\\vmmhyytk.exe"
"item"="vmmhyytk"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupfolder\C:^Documents and Settings^Hong^Start Menu^Programs^Startup^w0xnijjfk3.exe]
"path"="C:\\Documents and Settings\\Hong\\Start Menu\\Programs\\Startup\\w0xnijjfk3.exe"
"backup"="C:\\WINDOWS\\pss\\w0xnijjfk3.exeStartup"
"location"="Startup"
"command"="C:\\Documents and Settings\\Hong\\Start Menu\\Programs\\Startup\\w0xnijjfk3.exe"
"item"="w0xnijjfk3"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupfolder\C:^Documents and Settings^Hong^Start Menu^Programs^Startup^whx9ye0k3w.exe]
"path"="C:\\Documents and Settings\\Hong\\Start Menu\\Programs\\Startup\\whx9ye0k3w.exe"
"backup"="C:\\WINDOWS\\pss\\whx9ye0k3w.exeStartup"
"location"="Startup"
"command"="C:\\Documents and Settings\\Hong\\Start Menu\\Programs\\Startup\\whx9ye0k3w.exe"
"item"="whx9ye0k3w"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupfolder\C:^Documents and Settings^Hong^Start Menu^Programs^Startup^WinFlip.lnk]
"item"="WinFlip"
"path"="C:\\Documents and Settings\\Hong\\Start Menu\\Programs\\Startup\\WinFlip.lnk"
"backup"="C:\\WINDOWS\\pss\\WinFlip.lnkStartup"
"location"="Startup"
"command"="C:\\PROGRA~1\\WinFlip\\WinFlip.exe"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupfolder\C:^Documents and Settings^Hong^Start Menu^Programs^Startup^y8703g0hxd6.exe]
"path"="C:\\Documents and Settings\\Hong\\Start Menu\\Programs\\Startup\\y8703g0hxd6.exe"
"backup"="C:\\WINDOWS\\pss\\y8703g0hxd6.exeStartup"
"location"="Startup"
"command"="C:\\Documents and Settings\\Hong\\Start Menu\\Programs\\Startup\\y8703g0hxd6.exe"
"item"="y8703g0hxd6"

Text níže vložte do poznámkového bloku a uložte jako 123.reg a poté tento soubor otevřete a povolte přidání do registru Poté vložte nový log z RSIT. Dále můžete kliknout na MBAM v mém podpisu a udělat scan dle návodu. Zvolte "provést úplný scan" a log vložte opět sem.

RSIT LOG :::


Logfile of random's system information tool 1.08 (written by random/random)
Run by Hong at 2010-11-25 23:10:34
Microsoft Windows XP Professional Service Pack 3
System drive C: has 43 GB (44%) free of 98 GB
Total RAM: 2559 MB (77% free)

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 23:10:43, on 25.11.2010
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpohmr08.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpoevm08.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\Bin\hpoSTS08.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Documents and Settings\Hong\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Program Files\uTorrent\uTorrent.exe
C:\Documents and Settings\Hong\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Hong\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Hong\Desktop\RSIT.exe
C:\Program Files\trend micro\Hong.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://fullarticles.net
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.games-fusion.net
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (file missing)
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [NVMixerTray] "C:\Program Files\NVIDIA Corporation\NvMixer\NVMixerTray.exe"
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [nwiz] C:\Program Files\NVIDIA Corporation\nView\nwiz.exe /installquiet
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: hp psc 1000 series.lnk = ?
O9 - Extra button: ICQ7.1 - {71BFC818-0CED-42D6-9C87-5142918957EE} - C:\Program Files\ICQ7.1\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ7.1 - {71BFC818-0CED-42D6-9C87-5142918957EE} - C:\Program Files\ICQ7.1\ICQ.exe
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O15 - Trusted Zone: http://asia.msi.com.tw
O15 - Trusted Zone: http://global.msi.com.tw
O15 - Trusted Zone: http://www.msi.com.tw
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} - http://go.microsoft.com/fwlink/?linkid=39204
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: SwitchBoard - Adobe Systems Incorporated - C:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe

--
End of file - 4461 bytes

======Scheduled tasks folder======

C:\WINDOWS\tasks\AdobeAAMUpdater-1.0-FAJKOS-Hong.job
C:\WINDOWS\tasks\FRU Task #Hewlett-Packard#hp psc 1200 series#1275498585.job
C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-789336058-839522115-1617979688-1003Core.job
C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-789336058-839522115-1617979688-1003UA.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}]
Adobe PDF Link Helper - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll []

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"BluetoothAuthenticationAgent"=bthprops.cpl,,BluetoothAuthenticationAgent []
"NVMixerTray"=C:\Program Files\NVIDIA Corporation\NvMixer\NVMixerTray.exe [2004-06-03 131072]
"SoundMan"=C:\WINDOWS\SOUNDMAN.EXE [2007-04-16 577536]
"nwiz"=C:\Program Files\NVIDIA Corporation\nView\nwiz.exe [2010-07-07 1753192]
"NvMediaCenter"=C:\WINDOWS\system32\NvMcTray.dll [2010-07-09 110696]
"NvCplDaemon"=C:\WINDOWS\system32\NvCpl.dll [2010-07-09 13923432]
"Adobe Reader Speed Launcher"=C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe [2010-09-23 35760]
"Adobe ARM"=C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2010-09-20 932288]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2010-09-20 932288]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe [2010-09-23 35760]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AdobeAAMUpdater-1.0]
C:\Program Files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [2010-03-06 500208]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AdobeCS4ServiceManager]
C:\Program Files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe [2008-08-14 611712]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AdobeCS5ServiceManager]
C:\Program Files\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe [2010-07-22 402432]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BDRegion]
C:\Program Files\Cyberlink\Shared files\brs.exe [2010-06-28 75048]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools Lite]
C:\Program Files\DAEMON Tools Lite\DTLite.exe [2010-04-01 357696]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DivXUpdate]
C:\Program Files\DivX\DivX Update\DivXUpdate.exe [2010-04-12 1135912]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Update]
C:\Documents and Settings\Hong\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2009-09-24 133104]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ICQ]
C:\Program Files\ICQ7.1\ICQ.exe [2010-10-27 133432]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\msnmsgr]
C:\Program Files\Windows Live\Messenger\msnmsgr.exe [2009-07-26 3883856]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
C:\WINDOWS\system32\NeroCheck.exe [2001-07-09 155648]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NVIDIA nTune]
C:\Program Files\NVIDIA Corporation\nTune\nTuneCmd.exe [2007-09-04 81920]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvMediaCenter]
C:\WINDOWS\system32\NvMcTray.dll [2010-07-09 110696]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
C:\Program Files\QuickTime\QTTask.exe [2009-05-26 413696]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RemoteControl10]
D:\PowerDVD10\PDVD10Serv.exe [2010-02-02 87336]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
C:\Program Files\Java\jre6\bin\jusched.exe [2009-02-14 148888]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SwitchBoard]
C:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-02-19 517096]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinampAgent]
C:\Program Files\Winamp\winampa.exe [2010-07-12 74752]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^hpoddt01.exe.lnk]
C:\PROGRA~1\HEWLET~1\DIGITA~1\bin\hpotdd01.exe [2003-04-06 28672]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^Hong^Start Menu^Programs^Startup^Adobe Gamma.lnk]
C:\PROGRA~1\COMMON~1\Adobe\CALIBR~1\ADOBEG~1.EXE []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^Hong^Start Menu^Programs^Startup^MagicDisc.lnk]
C:\PROGRA~1\MAGICD~1\MAGICD~1.EXE [2009-02-23 576000]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^Hong^Start Menu^Programs^Startup^OpenOffice.org 3.0.lnk]
C:\PROGRA~1\OPENOF~1.ORG\program\QUICKS~1.EXE [2009-01-15 393216]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^Hong^Start Menu^Programs^Startup^WinFlip.lnk]
C:\PROGRA~1\WinFlip\WinFlip.exe [2007-10-25 462848]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"ose"=3
"idsvc"=3
"ICQ Service"=2
"WZCSVC"=2
"wuauserv"=2
"wscsvc"=2
"JavaQuickStarterService"=2
"NetTcpPortSharing"=2
"WMPNetworkSvc"=3
"gusvc"=2
"gupdate1c9aca3419ed106"=2
"Viewpoint Manager Service"=2
"MDM"=2
"Adobe LM Service"=3
"ServiceLayer"=3
"IDriverT"=3
"fsssvc"=3
"FLEXnet Licensing Service"=3
"nvsvc"=2
"nTuneService"=2
"CachemanXPService"=3

C:\Documents and Settings\All Users\Start Menu\Programs\Startup
hp psc 1000 series.lnk - C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpohmr08.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WgaLogon]
WgaLogon.dll []

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll [2006-10-19 133632]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\MSIServer]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\nm]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\nm.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\Wdf01000.sys]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=323
"NoDriveAutoRun"=67108863
"NoSMBalloonTip"=0
"NoDesktopCleanupWizard"=1
"NoDrives"=0

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"HonorAutoRunSetting"=1
"NoDriveAutoRun"=67108863
"NoDriveTypeAutoRun"=323
"NoDrives"=0
"NoResolveSearch"=1

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\Opera\opera.exe"="C:\Program Files\Opera\opera.exe:*:Enabled:Opera Internet Browser"
"C:\Program Files\uTorrent\uTorrent.exe"="C:\Program Files\uTorrent\uTorrent.exe:*:Enabled:µTorrent"
"C:\Program Files\ICQ7.1\ICQ.exe"="C:\Program Files\ICQ7.1\ICQ.exe:*:Enabled:ICQ7.1"
"C:\Program Files\ICQ7.1\aolload.exe"="C:\Program Files\ICQ7.1\aolload.exe:*:Enabled:aolload.exe"
"C:\Program Files\Pando Networks\Media Booster\PMB.exe"="C:\Program Files\Pando Networks\Media Booster\PMB.exe:*:Enabled:Pando Media Booster"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\ICQ7.1\ICQ.exe"="C:\Program Files\ICQ7.1\ICQ.exe:*:Enabled:ICQ7.1"
"C:\Program Files\ICQ7.1\aolload.exe"="C:\Program Files\ICQ7.1\aolload.exe:*:Enabled:aolload.exe"
"C:\Program Files\Pando Networks\Media Booster\PMB.exe"="C:\Program Files\Pando Networks\Media Booster\PMB.exe:*:Enabled:Pando Media Booster"

======List of files/folders created in the last 1 months======

2010-11-25 14:19:50 ----A---- C:\WINDOWS\system32\drivers\mouhid.sys
2010-11-24 00:59:05 ----SHD---- C:\RECYCLER
2010-11-23 21:26:14 ----A---- C:\WINDOWS\system32\drivers\hidusb.sys
2010-11-23 16:03:46 ----D---- C:\WINDOWS\temp
2010-11-23 16:03:44 ----A---- C:\ComboFix.txt
2010-11-21 18:50:36 ----D---- C:\Documents and Settings\Hong\Application Data\Mumble
2010-11-21 18:50:03 ----D---- C:\Program Files\Mumble
2010-11-20 22:17:16 ----D---- C:\Program Files\The KMPlayer
2010-11-15 22:58:12 ----D---- C:\Documents and Settings\Hong\Application Data\TS3Client
2010-11-15 22:57:55 ----D---- C:\Program Files\TeamSpeak 3 Client
2010-11-14 19:02:10 ----RASHD---- C:\cmdcons
2010-11-14 18:44:16 ----D---- C:\rsit
2010-11-14 18:23:48 ----A---- C:\WINDOWS\zip.exe
2010-11-14 18:23:48 ----A---- C:\WINDOWS\SWXCACLS.exe
2010-11-14 18:23:48 ----A---- C:\WINDOWS\SWSC.exe
2010-11-14 18:23:48 ----A---- C:\WINDOWS\SWREG.exe
2010-11-14 18:23:48 ----A---- C:\WINDOWS\sed.exe
2010-11-14 18:23:48 ----A---- C:\WINDOWS\PEV.exe
2010-11-14 18:23:48 ----A---- C:\WINDOWS\NIRCMD.exe
2010-11-14 18:23:48 ----A---- C:\WINDOWS\MBR.exe
2010-11-14 18:23:48 ----A---- C:\WINDOWS\grep.exe
2010-11-14 18:22:58 ----D---- C:\Documents and Settings\All Users\Application Data\Lavasoft
2010-11-14 18:19:23 ----D---- C:\WINDOWS\ERDNT
2010-11-14 18:16:50 ----AD---- C:\Qoobox
2010-11-14 17:44:15 ----A---- C:\WINDOWS\SchedLgU.Txt
2010-11-14 13:10:32 ----A---- C:\WINDOWS\wininit.ini
2010-11-13 19:36:38 ----D---- C:\Program Files\Spybot - Search & Destroy
2010-11-13 19:36:38 ----D---- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2010-10-28 22:42:20 ----D---- C:\Documents and Settings\All Users\Application Data\Trymedia

======List of files/folders modified in the last 1 months======

2010-11-25 23:10:36 ----D---- C:\Program Files\Trend Micro
2010-11-25 23:10:30 ----D---- C:\Documents and Settings\Hong\Application Data\uTorrent
2010-11-25 23:07:17 ----D---- C:\Documents and Settings\Hong\Application Data\ICQ
2010-11-25 14:32:38 ----D---- C:\WINDOWS
2010-11-25 14:19:55 ----RSHDC---- C:\WINDOWS\system32\dllcache
2010-11-25 14:19:50 ----D---- C:\WINDOWS\system32\drivers
2010-11-25 14:19:46 ----D---- C:\WINDOWS\system32\CatRoot2
2010-11-25 14:03:55 ----D---- C:\WINDOWS\system32
2010-11-25 14:03:55 ----A---- C:\WINDOWS\system32\PerfStringBackup.INI
2010-11-24 14:00:46 ----D---- C:\WINDOWS\Prefetch
2010-11-24 08:09:05 ----SHD---- C:\WINDOWS\Installer
2010-11-24 00:13:40 ----D---- C:\WINDOWS\system32\ias
2010-11-23 23:45:51 ----SD---- C:\Documents and Settings\Hong\Application Data\Microsoft
2010-11-23 22:37:44 ----D---- C:\WINDOWS\Debug
2010-11-23 22:24:59 ----A---- C:\WINDOWS\NeroDigital.ini
2010-11-23 22:24:32 ----D---- C:\Documents and Settings\Hong\Application Data\vlc
2010-11-23 21:26:10 ----HD---- C:\WINDOWS\inf
2010-11-23 15:58:22 ----A---- C:\WINDOWS\system.ini
2010-11-23 15:58:10 ----D---- C:\WINDOWS\system32\drivers\etc
2010-11-23 15:56:37 ----D---- C:\WINDOWS\system32\config
2010-11-23 15:54:45 ----D---- C:\WINDOWS\AppPatch
2010-11-23 15:54:44 ----D---- C:\Program Files\Common Files
2010-11-21 20:44:09 ----A---- C:\WINDOWS\win.ini
2010-11-21 18:50:03 ----RD---- C:\Program Files
2010-11-18 21:21:35 ----SD---- C:\WINDOWS\Tasks
2010-11-14 21:47:45 ----D---- C:\WINDOWS\pss
2010-11-14 21:42:28 ----DC---- C:\WINDOWS\system32\DRVSTORE
2010-11-14 19:02:16 ----RASH---- C:\boot.ini
2010-11-14 18:22:53 ----D---- C:\WINDOWS\WinSxS
2010-11-14 17:49:20 ----SHD---- C:\WINDOWS\CSC
2010-11-14 17:41:58 ----D---- C:\WINDOWS\system32\LogFiles
2010-11-14 17:30:46 ----D---- C:\WINDOWS\system32\appmgmt
2010-11-14 17:13:58 ----A---- C:\Boot.bak
2010-11-10 16:47:27 ----D---- C:\Documents and Settings\All Users\Application Data\Adobe
2010-11-10 16:47:07 ----D---- C:\Program Files\Adobe
2010-11-10 16:46:56 ----D---- C:\Program Files\Common Files\Adobe
2010-11-03 14:34:41 ----D---- C:\Documents and Settings\All Users\Application Data\Blizzard Entertainment
2010-11-02 18:52:46 ----D---- C:\Program Files\Common Files\Blizzard Entertainment
2010-10-31 23:24:24 ----D---- C:\Program Files\ICQ7.1
2010-10-28 22:30:23 ----RSD---- C:\WINDOWS\assembly
2010-10-28 22:30:04 ----D---- C:\WINDOWS\system32\DirectX
2010-10-26 15:59:15 ----D---- C:\Documents and Settings\Hong\Application Data\SystemRequirementsLab

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R0 nv_agp;NVIDIA nForce AGP Bus Filter; C:\WINDOWS\system32\DRIVERS\nv_agp.sys [2004-04-02 21760]
R0 nvatabus;nvatabus; C:\WINDOWS\system32\DRIVERS\nvatabus.sys [2004-06-03 79360]
R0 PxHelp20;PxHelp20; C:\WINDOWS\System32\Drivers\PxHelp20.sys [2009-04-28 44944]
R0 sptd;sptd; C:\WINDOWS\System32\Drivers\sptd.sys [2010-04-22 691696]
R0 WudfPf;Windows Driver Foundation - User-mode Driver Framework Platform Driver; C:\WINDOWS\system32\DRIVERS\WudfPf.sys [2008-01-18 77696]
R1 AFS2K;AFS2k; C:\WINDOWS\system32\drivers\AFS2K.sys [2010-06-02 82380]
R1 AmdK8;AMD Processor Driver; C:\WINDOWS\system32\DRIVERS\AmdK8.sys [2006-07-01 36864]
R2 {1BA31E5A-C098-42d8-8F88-3C9F78A2FDDC};Power Control [2010/07/11 13:05:02]; \??\D:\PowerDVD10\NavFilter\000.fcl []
R2 adfs;adfs; C:\WINDOWS\system32\drivers\adfs.sys [2008-08-14 74720]
R2 cpuz132;cpuz132; \??\C:\WINDOWS\system32\drivers\cpuz132_x32.sys []
R2 fssfltr;FssFltr; C:\WINDOWS\system32\DRIVERS\fssfltr_tdi.sys [2009-08-05 54752]
R3 ALCXWDM;Service for Realtek AC97 Audio (WDM); C:\WINDOWS\system32\drivers\ALCXWDM.SYS [2007-04-25 4030144]
R3 HidUsb;Microsoft HID Class Driver; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2008-04-14 10368]
R3 mcdbus;Driver for MagicISO SCSI Host Controller; C:\WINDOWS\system32\DRIVERS\mcdbus.sys [2009-02-24 116736]
R3 mouhid;Mouse HID Driver; C:\WINDOWS\system32\DRIVERS\mouhid.sys [2001-08-17 12160]
R3 nv;nv; C:\WINDOWS\system32\DRIVERS\nv4_mini.sys [2010-07-09 10604128]
R3 NVENETFD;NVIDIA nForce Networking Controller Driver; C:\WINDOWS\system32\DRIVERS\NVENETFD.sys [2005-04-06 33536]
R3 nvnetbus;NVIDIA Network Bus Enumerator; C:\WINDOWS\system32\DRIVERS\nvnetbus.sys [2005-04-06 12928]
R3 RTL8023xp;Realtek 10/100/1000 PCI NIC Family NDIS XP Driver; C:\WINDOWS\system32\DRIVERS\Rtnicxp.sys [2009-03-25 130432]
S3 agmmjxdy;agmmjxdy; C:\WINDOWS\system32\drivers\agmmjxdy.sys []
S3 BthEnum;Bluetooth Request Block Driver; C:\WINDOWS\system32\DRIVERS\BthEnum.sys [2008-04-14 17024]
S3 BTHMODEM;Bluetooth Modem Communications Driver; C:\WINDOWS\system32\DRIVERS\bthmodem.sys [2008-04-14 37888]
S3 BthPan;Bluetooth Device (Personal Area Network); C:\WINDOWS\system32\DRIVERS\bthpan.sys [2008-04-14 101120]
S3 BTHPORT;Bluetooth Port Driver; C:\WINDOWS\System32\Drivers\BTHport.sys [2008-06-13 272128]
S3 BTHUSB;Bluetooth Radio USB Driver; C:\WINDOWS\System32\Drivers\BTHUSB.sys [2008-04-14 18944]
S3 btkrnl;Bluetooth Bus Enumerator; C:\WINDOWS\system32\DRIVERS\btkrnl.sys []
S3 catchme;catchme; \??\C:\ComboFix\catchme.sys []
S3 EagleNT;EagleNT; \??\C:\WINDOWS\system32\drivers\EagleNT.sys []
S3 GMSIPCI;GMSIPCI; \??\F:\INSTALL\GMSIPCI.SYS []
S3 HPZid412;IEEE-1284.4 Driver HPZid412; C:\WINDOWS\system32\DRIVERS\HPZid412.sys [2003-03-10 51024]
S3 HPZipr12;Print Class Driver for IEEE-1284.4 HPZipr12; C:\WINDOWS\system32\DRIVERS\HPZipr12.sys [2003-03-10 16080]
S3 HPZius12;USB to IEEE-1284.4 Translation Driver HPZius12; C:\WINDOWS\system32\DRIVERS\HPZius12.sys [2003-03-10 21456]
S3 n558;N558 Bluetooth USB Filter Driver; C:\WINDOWS\System32\Drivers\n558.sys [2007-08-15 9600]
S3 nmwcd;Nokia USB Phone Parent; C:\WINDOWS\system32\drivers\ccdcmb.sys [2009-02-09 17664]
S3 nmwcdc;Nokia USB Generic; C:\WINDOWS\system32\drivers\ccdcmbo.sys [2009-02-09 22016]
S3 NVR0Dev;NVR0Dev; \??\C:\WINDOWS\nvoclock.sys []
S3 pccsmcfd;PCCS Mode Change Filter Driver; C:\WINDOWS\system32\DRIVERS\pccsmcfd.sys [2008-08-26 18816]
S3 RFCOMM;Bluetooth Device (RFCOMM Protocol TDI); C:\WINDOWS\system32\DRIVERS\rfcomm.sys [2008-04-14 59136]
S3 rtl8139;Realtek RTL8139(A/B/C)-based PCI Fast Ethernet Adapter NT Driver; C:\WINDOWS\system32\DRIVERS\RTL8139.SYS [2004-08-03 20992]
S3 SONYPVU1;Sony USB Filter Driver (SONYPVU1); C:\WINDOWS\system32\DRIVERS\SONYPVU1.SYS [2001-08-17 7552]
S3 upperdev;upperdev; C:\WINDOWS\system32\DRIVERS\usbser_lowerflt.sys [2009-02-09 7808]
S3 usbccgp;Microsoft USB Generic Parent Driver; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2008-04-14 32128]
S3 usbprint;Microsoft USB PRINTER Class; C:\WINDOWS\system32\DRIVERS\usbprint.sys [2008-04-14 25856]
S3 usbscan;USB Scanner Driver; C:\WINDOWS\system32\DRIVERS\usbscan.sys [2008-04-14 15104]
S3 usbser;USB Modem Driver; C:\WINDOWS\system32\drivers\usbser.sys [2008-04-14 26112]
S3 UsbserFilt;UsbserFilt; C:\WINDOWS\system32\DRIVERS\usbser_lowerfltj.sys [2009-02-09 7808]
S3 USBSTOR;USB Mass Storage Driver; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-14 26368]
S3 Wdf01000;Kernel Mode Driver Frameworks service; C:\WINDOWS\System32\Drivers\wdf01000.sys [2008-03-27 503008]
S3 WpdUsb;WpdUsb; C:\WINDOWS\system32\DRIVERS\wpdusb.sys [2006-10-19 38528]
S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; C:\WINDOWS\system32\DRIVERS\wudfrd.sys [2008-01-18 83328]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 BthServ;Bluetooth Support Service; C:\WINDOWS\system32\svchost.exe [2008-04-14 14336]
R2 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS\system32\svchost.exe [2008-04-14 14336]
S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2008-07-25 34312]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2008-07-25 69632]
S3 FontCache3.0.0.0;Windows Presentation Foundation Font Cache 3.0.0.0; C:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe [2008-07-30 46104]
S3 Pml Driver HPZ12;Pml Driver HPZ12; C:\WINDOWS\system32\HPZipm12.exe [2003-03-10 65795]
S3 SwitchBoard;SwitchBoard; C:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-02-19 517096]
S4 FLEXnet Licensing Service;FLEXnet Licensing Service; C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe [2009-08-11 655624]
S4 fsssvc;Služba Bezpečnosť rodiny v službe Windows Live; C:\Program Files\Windows Live\Family Safety\fsssvc.exe [2009-08-05 704864]
S4 IDriverT;InstallDriver Table Manager; C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe [2005-11-14 69632]
S4 idsvc;Windows CardSpace; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe [2008-07-30 881664]
S4 JavaQuickStarterService;Java Quick Starter; C:\Program Files\Java\jre6\bin\jqs.exe [2009-02-14 152984]
S4 MDM;Machine Debug Manager; C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE [2003-06-20 322120]
S4 NetTcpPortSharing;Net.Tcp Port Sharing Service; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe [2008-07-30 132096]
S4 nTuneService;nTune Service; C:\Program Files\NVIDIA Corporation\nTune\nTuneService.exe [2007-09-04 131072]
S4 nvsvc;NVIDIA Display Driver Service; C:\WINDOWS\system32\nvsvc32.exe [2010-07-09 155752]
S4 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2003-07-29 89136]
S4 ServiceLayer;ServiceLayer; C:\Program Files\PC Connectivity Solution\ServiceLayer.exe [2009-06-02 637952]
S4 Viewpoint Manager Service;Viewpoint Manager Service; C:\Program Files\Viewpoint\Common\ViewpointService.exe [2007-01-04 24652]
S4 WMPNetworkSvc;Windows Media Player Network Sharing Service; C:\Program Files\Windows Media Player\WMPNetwk.exe [2006-10-19 913408]

-----------------EOF-----------------

Malwarebytes' Anti-Malware 1.44
Verze databáze: 3667
Windows 5.1.2600 Service Pack 3
Internet Explorer 6.0.2900.5512

26.11.2010 1:27:59
mbam-log-2010-11-26 (01-27-52).txt

Typ kontroly: Kompletní kontrola (C:\|D:\|)
Zkontrolované objekty: 151055
Uplynulý čas: 2 hour(s), 15 minute(s), 8 second(s)

Infikované procesy v paměti: 0
Infikované moduly v paměti: 0
Infikované klíče registru: 0
Infikované hodnoty registru: 0
Infikované datové položky registru: 0
Infikované adresáře: 0
Infikované soubory: 53

Infikované procesy v paměti:
(Nebyly nalezeny žádné škodlivé položky)

Infikované moduly v paměti:
(Nebyly nalezeny žádné škodlivé položky)

Infikované klíče registru:
(Nebyly nalezeny žádné škodlivé položky)

Infikované hodnoty registru:
(Nebyly nalezeny žádné škodlivé položky)

Infikované datové položky registru:
(Nebyly nalezeny žádné škodlivé položky)

Infikované adresáře:
(Nebyly nalezeny žádné škodlivé položky)

Infikované soubory:
C:\Qoobox\Quarantine\C\WINDOWS\pss\g70hdyy6k.exeStartup.vir (Malware.Trace) -> No action taken.
C:\Qoobox\Quarantine\C\WINDOWS\pss\0ddzppl.exeStartup.vir (Malware.Trace) -> No action taken.
C:\Qoobox\Quarantine\C\WINDOWS\pss\5n0tup8.exeStartup.vir (Malware.Trace) -> No action taken.
C:\Qoobox\Quarantine\C\WINDOWS\pss\a1wssneezq.exeStartup.vir (Malware.Trace) -> No action taken.
C:\Qoobox\Quarantine\C\WINDOWS\pss\a3mc1ijj.exeStartup.vir (Malware.Trace) -> No action taken.
C:\Qoobox\Quarantine\C\WINDOWS\pss\avbg3ss3.exeStartup.vir (Malware.Trace) -> No action taken.
C:\Qoobox\Quarantine\C\WINDOWS\pss\bhxnijjf.exeStartup.vir (Malware.Trace) -> No action taken.
C:\Qoobox\Quarantine\C\WINDOWS\pss\cxxotup83.exeStartup.vir (Malware.Trace) -> No action taken.
C:\Qoobox\Quarantine\C\WINDOWS\pss\fagg3ss3ee1.exeStartup.vir (Malware.Trace) -> No action taken.
C:\Qoobox\Quarantine\C\WINDOWS\pss\i3uuklq8.exeStartup.vir (Malware.Trace) -> No action taken.
C:\Qoobox\Quarantine\C\WINDOWS\pss\i3uuklq860.exeStartup.vir (Malware.Trace) -> No action taken.
C:\Qoobox\Quarantine\C\WINDOWS\pss\lwhns3ee1q.exeStartup.vir (Malware.Trace) -> No action taken.
C:\Qoobox\Quarantine\C\WINDOWS\pss\riddzpplq3.exeStartup.vir (Malware.Trace) -> No action taken.
C:\Qoobox\Quarantine\C\WINDOWS\pss\rrnddzpplbb.exeStartup.vir (Malware.Trace) -> No action taken.
C:\Qoobox\Quarantine\C\WINDOWS\pss\s86e81qbcxd.exeStartup.vir (Malware.Trace) -> No action taken.
C:\Qoobox\Quarantine\C\WINDOWS\pss\uk0g3ss3ee1.exeStartup.vir (Malware.Trace) -> No action taken.
C:\Qoobox\Quarantine\C\WINDOWS\pss\vmmhyytk.exeStartup.vir (Malware.Trace) -> No action taken.
C:\Qoobox\Quarantine\C\WINDOWS\pss\w0xnijjfk3.exeStartup.vir (Malware.Trace) -> No action taken.
C:\Qoobox\Quarantine\C\WINDOWS\pss\whx9ye0k3w.exeStartup.vir (Malware.Trace) -> No action taken.
C:\Qoobox\Quarantine\C\WINDOWS\pss\y8703g0hxd6.exeStartup.vir (Malware.Trace) -> No action taken.
C:\Qoobox\Quarantine\C\WINDOWS\system32\CF27787.exe.vir (Malware.Trace) -> No action taken.
C:\Qoobox\Quarantine\C\WINDOWS\system32\gezaquou.exe.vir (Malware.Trace) -> No action taken.
C:\Qoobox\Quarantine\C\WINDOWS\system32\kouloomorou.exe.vir (Malware.Trace) -> No action taken.
C:\Qoobox\Quarantine\C\WINDOWS\system32\tebuheg.exe.vir (Malware.Trace) -> No action taken.
C:\Qoobox\Quarantine\C\WINDOWS\system32\drivers\fdvfmnvf.sys.vir (Trojan.Agent) -> No action taken.
C:\Qoobox\Quarantine\C\WINDOWS\system32\drivers\owtnqeks.sys.vir (Malware.Trace) -> No action taken.
C:\Qoobox\Quarantine\C\WINDOWS\system32\drivers\xusruues.sys.vir (Trojan.Agent) -> No action taken.
C:\System Volume Information\_restore{08E58EBA-EA84-45CA-9569-30259170C2D0}\RP444\A0186375.sys (Malware.Trace) -> No action taken.
C:\System Volume Information\_restore{08E58EBA-EA84-45CA-9569-30259170C2D0}\RP444\A0188277.sys (Malware.Trace) -> No action taken.
C:\System Volume Information\_restore{08E58EBA-EA84-45CA-9569-30259170C2D0}\RP444\A0188311.com (Adware.Swizzor) -> No action taken.
C:\System Volume Information\_restore{08E58EBA-EA84-45CA-9569-30259170C2D0}\RP444\A0188653.com (Adware.Swizzor) -> No action taken.
C:\System Volume Information\_restore{08E58EBA-EA84-45CA-9569-30259170C2D0}\RP444\A0188596.sys (Malware.Trace) -> No action taken.
C:\System Volume Information\_restore{08E58EBA-EA84-45CA-9569-30259170C2D0}\RP444\A0188623.sys (Malware.Trace) -> No action taken.
C:\System Volume Information\_restore{08E58EBA-EA84-45CA-9569-30259170C2D0}\RP445\A0188846.sys (Malware.Trace) -> No action taken.
C:\System Volume Information\_restore{08E58EBA-EA84-45CA-9569-30259170C2D0}\RP445\A0188874.com (Adware.Swizzor) -> No action taken.
C:\System Volume Information\_restore{08E58EBA-EA84-45CA-9569-30259170C2D0}\RP446\A0189049.com (Adware.Swizzor) -> No action taken.
C:\System Volume Information\_restore{08E58EBA-EA84-45CA-9569-30259170C2D0}\RP446\A0189021.sys (Malware.Trace) -> No action taken.
C:\System Volume Information\_restore{08E58EBA-EA84-45CA-9569-30259170C2D0}\RP446\A0189137.sys (Malware.Trace) -> No action taken.
C:\System Volume Information\_restore{08E58EBA-EA84-45CA-9569-30259170C2D0}\RP446\A0189165.com (Adware.Swizzor) -> No action taken.
C:\System Volume Information\_restore{08E58EBA-EA84-45CA-9569-30259170C2D0}\RP450\A0195514.sys (Malware.Trace) -> No action taken.
C:\System Volume Information\_restore{08E58EBA-EA84-45CA-9569-30259170C2D0}\RP450\A0195544.com (Adware.Swizzor) -> No action taken.
C:\System Volume Information\_restore{08E58EBA-EA84-45CA-9569-30259170C2D0}\RP450\A0195574.sys (Malware.Trace) -> No action taken.
C:\System Volume Information\_restore{08E58EBA-EA84-45CA-9569-30259170C2D0}\RP450\A0195613.com (Adware.Swizzor) -> No action taken.
C:\System Volume Information\_restore{08E58EBA-EA84-45CA-9569-30259170C2D0}\RP450\A0195662.sys (Trojan.Agent) -> No action taken.
C:\System Volume Information\_restore{08E58EBA-EA84-45CA-9569-30259170C2D0}\RP450\A0195663.sys (Trojan.Agent) -> No action taken.
C:\System Volume Information\_restore{08E58EBA-EA84-45CA-9569-30259170C2D0}\RP450\A0195697.sys (Malware.Trace) -> No action taken.
C:\System Volume Information\_restore{08E58EBA-EA84-45CA-9569-30259170C2D0}\RP450\A0195725.com (Adware.Swizzor) -> No action taken.
C:\System Volume Information\_restore{08E58EBA-EA84-45CA-9569-30259170C2D0}\RP450\A0195827.com (Adware.Swizzor) -> No action taken.
C:\System Volume Information\_restore{08E58EBA-EA84-45CA-9569-30259170C2D0}\RP450\A0195799.sys (Malware.Trace) -> No action taken.
C:\System Volume Information\_restore{08E58EBA-EA84-45CA-9569-30259170C2D0}\RP450\A0197129.sys (Malware.Trace) -> No action taken.
C:\System Volume Information\_restore{08E58EBA-EA84-45CA-9569-30259170C2D0}\RP450\A0197168.com (Adware.Swizzor) -> No action taken.
C:\System Volume Information\_restore{08E58EBA-EA84-45CA-9569-30259170C2D0}\RP450\A0197251.sys (Malware.Trace) -> No action taken.
C:\System Volume Information\_restore{08E58EBA-EA84-45CA-9569-30259170C2D0}\RP450\A0197279.com (Adware.Swizzor) -> No action taken.

Vše co našel MBAM pomocí něj smažte

Poté klikněte na T-Cleaner v mém podpisu, stáhněte ho a spusťte.

Spybot - Search & Destroy můžete také odinstalovat. Tento program je už dávno za zenitem

Jinak by mělo být čisto. Ještě doinstalujte antivir

hotovo dakujem aj tak mi pc ide nejako divne ...o tyzden pojde na Upgrade a reinstall win takze este raz vdaka

Hoong píše:hotovo dakujem aj tak mi pc ide nejako divne ...o tyzden pojde na Upgrade a reinstall win takze este raz vdaka

Mohl by jste rozvést ide nejako divne? Něco konkrétního?

sekanie v hrach take malicke...niekedy sekanie aj vo windowse a na videach youtube napr....

Zkoušel jste ještě něco provádět a nebo jste se vrhnul na reinstal?

nic som este neskusal

To zadrhávání se děje náhodně? Nebo při nějaké vyšší zátěží na grafickou kartu? Nebo např. v pravidelných časových intervalech?