VIRY.CZ

Pomáháme v boji s počítačovou havěti!
https://forum.viry.cz:443/

FB virus asi...Pomoc

https://forum.viry.cz:443/viewtopic.php?t=106562

Stránka 1 z 4

FB virus asi...Pomoc

Napsal: 14 lis 2010 18:45
od Hong
Mam problem PC ide pomaly otvoril som nejaky PIC.exe z Facebooku a teraz mamviac virusov v pocitaci a fakt si neviem poradit...davam log


Logfile of random's system information tool 1.08 (written by random/random)
Run by Hong at 2010-11-14 18:44:16
Microsoft Windows XP Professional Service Pack 3
System drive C: has 42 GB (43%) free of 98 GB
Total RAM: 2559 MB (64% free)

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 18:44:24, on 14.11.2010
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\ICQ7.1\ICQ.exe
C:\DOCUME~1\Hong\LOCALS~1\Temp\lsass.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpohmr08.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpoevm08.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Opera\opera.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\Bin\hpoSTS08.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
C:\Program Files\Lavasoft\Ad-Aware\Ad-Aware.exe
C:\Documents and Settings\Hong\Desktop\RSIT.exe
C:\Program Files\trend micro\Hong.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://fullarticles.net
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.games-fusion.net
F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [NVMixerTray] "C:\Program Files\NVIDIA Corporation\NvMixer\NVMixerTray.exe"
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [nwiz] C:\Program Files\NVIDIA Corporation\nView\nwiz.exe /installquiet
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [mupoga] C:\WINDOWS\system32\loosoujouzous.exe
O4 - HKLM\..\Run: [douquoubus] C:\WINDOWS\system32\fawaroodouf.exe
O4 - HKLM\..\Run: [Windows Firewall] C:\DOCUME~1\Hong\LOCALS~1\Temp\lsass.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [ICQ] "C:\Program Files\ICQ7.1\ICQ.exe" silent loginmode=4
O4 - HKCU\..\Run: [Windows Firewall] C:\DOCUME~1\Hong\LOCALS~1\Temp\lsass.exe
O4 - HKCU\..\Run: [MSConfig] C:\Documents and Settings\Hong\mcjmck.exe \u
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: 0ddzppl.exe
O4 - Startup: 1xojk6v.exe
O4 - Startup: 3ll87dz.exe
O4 - Startup: 5n0tup8.exe
O4 - Startup: 5tz06hc.exe
O4 - Startup: 602llrs.exe
O4 - Startup: 65p25br.exe
O4 - Startup: 7upglm9.exe
O4 - Startup: 9n6oo30.exe
O4 - Startup: 9rcxojk.exe
O4 - Startup: a1wssneezq.exe
O4 - Startup: a3mc1ijj.exe
O4 - Startup: avbg3ss3.exe
O4 - Startup: bhxnijjf.exe
O4 - Startup: cxxotup83.exe
O4 - Startup: de02llrsnt.exe
O4 - Startup: dj26vgmr.exe
O4 - Startup: f0lhcc6oo.exe
O4 - Startup: fagg3ss3ee1.exe
O4 - Startup: fll87dz5gh.exe
O4 - Startup: g70hdyy6k.exe
O4 - Startup: hxxojk6v163.exe
O4 - Startup: i3uuklq8.exe
O4 - Startup: i3uuklq860.exe
O4 - Startup: jkag3w9y.exe
O4 - Startup: lwhns3ee1q.exe
O4 - Startup: m9i1up0vrm.exe
O4 - Startup: okfv2wxsyo6.exe
O4 - Startup: riddzpplq3.exe
O4 - Startup: riiduupg.exe
O4 - Startup: rrnddzpplbb.exe
O4 - Startup: s86e81qbcxd.exe
O4 - Startup: uk0g3ss3ee1.exe
O4 - Startup: vmmhyytk.exe
O4 - Startup: w0xnijjfk3.exe
O4 - Startup: whx9ye0k3w.exe
O4 - Startup: y8703g0hxd6.exe
O4 - Startup: zkpa5brnyte.exe
O4 - Global Startup: hp psc 1000 series.lnk = ?
O9 - Extra button: ICQ7.1 - {71BFC818-0CED-42D6-9C87-5142918957EE} - C:\Program Files\ICQ7.1\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ7.1 - {71BFC818-0CED-42D6-9C87-5142918957EE} - C:\Program Files\ICQ7.1\ICQ.exe
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O15 - Trusted Zone: http://asia.msi.com.tw
O15 - Trusted Zone: http://global.msi.com.tw
O15 - Trusted Zone: http://www.msi.com.tw
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} - http://go.microsoft.com/fwlink/?linkid=39204
O17 - HKLM\System\CS2\Services\Tcpip\..\{4E527C7F-B448-47FD-A285-E20A917552BE}: NameServer = 92.245.2.245,92.245.2.162
O17 - HKLM\System\CS3\Services\Tcpip\..\{4E527C7F-B448-47FD-A285-E20A917552BE}: NameServer = 92.245.2.245,92.245.2.162
O17 - HKLM\System\CS4\Services\Tcpip\..\{4E527C7F-B448-47FD-A285-E20A917552BE}: NameServer = 92.2.245.245,92.2.245.162
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: Lavasoft Ad-Aware Service - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: SwitchBoard - Adobe Systems Incorporated - C:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
O23 - Service: PowerUtility TV Recording Reservation (u1thmtecye6) - Unknown owner - C:\WINDOWS\system32\pyhu.exe
O23 - Service: Crystal Report Application Server (uoza4yyk0e9m6) - Unknown owner - C:\WINDOWS\system32\vinysooqu.exe
O23 - Service: Blue Coat K9 Web Protection (vboooobo4) - Unknown owner - C:\WINDOWS\system32\kusoorig.exe

--
End of file - 6780 bytes

======Scheduled tasks folder======

C:\WINDOWS\tasks\Ad-Aware Update (Weekly).job
C:\WINDOWS\tasks\AdobeAAMUpdater-1.0-FAJKOS-Hong.job
C:\WINDOWS\tasks\FRU Task #Hewlett-Packard#hp psc 1200 series#1275498585.job
C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-789336058-839522115-1617979688-1003Core.job
C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-789336058-839522115-1617979688-1003UA.job

======Registry dump======

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"BluetoothAuthenticationAgent"=bthprops.cpl,,BluetoothAuthenticationAgent []
"NVMixerTray"=C:\Program Files\NVIDIA Corporation\NvMixer\NVMixerTray.exe [2004-06-03 131072]
"SoundMan"=C:\WINDOWS\SOUNDMAN.EXE [2007-04-16 577536]
"nwiz"=C:\Program Files\NVIDIA Corporation\nView\nwiz.exe [2010-07-07 1753192]
"NvMediaCenter"=C:\WINDOWS\system32\NvMcTray.dll [2010-07-09 110696]
"NvCplDaemon"=C:\WINDOWS\system32\NvCpl.dll [2010-07-09 13923432]
"Adobe Reader Speed Launcher"=C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe [2010-09-23 35760]
"Adobe ARM"=C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2010-09-20 932288]
"mupoga"=C:\WINDOWS\system32\loosoujouzous.exe [2010-11-14 201216]
"douquoubus"=C:\WINDOWS\system32\fawaroodouf.exe [2010-11-14 201216]
"Windows Firewall"=C:\DOCUME~1\Hong\LOCALS~1\Temp\lsass.exe [2010-11-14 57344]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"=C:\WINDOWS\system32\ctfmon.exe [2008-04-14 15360]
"ICQ"=C:\Program Files\ICQ7.1\ICQ.exe [2010-10-27 133432]
"Windows Firewall"=C:\DOCUME~1\Hong\LOCALS~1\Temp\lsass.exe [2010-11-14 57344]
"MSConfig"=C:\Documents and Settings\Hong\mcjmck.exe [2010-11-14 19456]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2010-09-20 932288]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe [2010-09-23 35760]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AdobeAAMUpdater-1.0]
C:\Program Files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [2010-03-06 500208]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AdobeCS4ServiceManager]
C:\Program Files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe [2008-08-14 611712]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AdobeCS5ServiceManager]
C:\Program Files\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe [2010-07-22 402432]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Aim6]
~ []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BDRegion]
C:\Program Files\Cyberlink\Shared files\brs.exe [2010-06-28 75048]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools Lite]
C:\Program Files\DAEMON Tools Lite\DTLite.exe [2010-04-01 357696]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DivXUpdate]
C:\Program Files\DivX\DivX Update\DivXUpdate.exe [2010-04-12 1135912]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Update]
C:\Documents and Settings\Hong\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2009-09-24 133104]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iconcache]
[]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KernelFaultCheck]
C:\WINDOWS\system32\dumprep 0 -k []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LSA Shellu]
C:\Documents and Settings\Hong\lsass.exe []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\msnmsgr]
C:\Program Files\Windows Live\Messenger\msnmsgr.exe [2009-07-26 3883856]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
C:\WINDOWS\system32\NeroCheck.exe [2001-07-09 155648]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NVIDIA nTune]
C:\Program Files\NVIDIA Corporation\nTune\nTuneCmd.exe [2007-09-04 81920]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvMediaCenter]
C:\WINDOWS\system32\NvMcTray.dll [2010-07-09 110696]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nwiz]
nwiz.exe /installquiet []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
C:\Program Files\QuickTime\QTTask.exe [2009-05-26 413696]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RelevantKnowledge]
C:\program files\relevantknowledge\rlvknlg.exe -boot []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RemoteControl10]
D:\PowerDVD10\PDVD10Serv.exe [2010-02-02 87336]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Steam]
c:\program files\steam\steam.exe -silent []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
C:\Program Files\Java\jre6\bin\jusched.exe [2009-02-14 148888]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SwitchBoard]
C:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-02-19 517096]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinampAgent]
C:\Program Files\Winamp\winampa.exe [2010-07-12 74752]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Windows Firewall]
C:\DOCUME~1\Hong\LOCALS~1\Temp\lsass.exe [2010-11-14 57344]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^hpoddt01.exe.lnk]
C:\PROGRA~1\HEWLET~1\DIGITA~1\bin\hpotdd01.exe [2003-04-06 28672]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^Hong^Start Menu^Programs^Startup^0ddzppl.exe]
C:\Documents and Settings\Hong\Start Menu\Programs\Startup\0ddzppl.exe [2010-11-14 60416]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^Hong^Start Menu^Programs^Startup^5n0tup8.exe]
C:\Documents and Settings\Hong\Start Menu\Programs\Startup\5n0tup8.exe [2010-11-14 60416]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^Hong^Start Menu^Programs^Startup^a1wssneezq.exe]
C:\Documents and Settings\Hong\Start Menu\Programs\Startup\a1wssneezq.exe [2010-11-13 60416]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^Hong^Start Menu^Programs^Startup^a3mc1ijj.exe]
C:\Documents and Settings\Hong\Start Menu\Programs\Startup\a3mc1ijj.exe [2010-11-14 60416]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^Hong^Start Menu^Programs^Startup^Adobe Gamma.lnk]
C:\PROGRA~1\COMMON~1\Adobe\CALIBR~1\ADOBEG~1.EXE []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^Hong^Start Menu^Programs^Startup^avbg3ss3.exe]
C:\Documents and Settings\Hong\Start Menu\Programs\Startup\avbg3ss3.exe [2010-11-14 60416]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^Hong^Start Menu^Programs^Startup^bhxnijjf.exe]
C:\Documents and Settings\Hong\Start Menu\Programs\Startup\bhxnijjf.exe [2010-11-14 60416]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^Hong^Start Menu^Programs^Startup^cxxotup83.exe]
C:\Documents and Settings\Hong\Start Menu\Programs\Startup\cxxotup83.exe [2010-11-14 60416]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^Hong^Start Menu^Programs^Startup^fagg3ss3ee1.exe]
C:\Documents and Settings\Hong\Start Menu\Programs\Startup\fagg3ss3ee1.exe [2010-11-14 60416]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^Hong^Start Menu^Programs^Startup^g70hdyy6k.exe]
C:\Documents and Settings\Hong\Start Menu\Programs\Startup\g70hdyy6k.exe [2010-11-13 60416]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^Hong^Start Menu^Programs^Startup^i3uuklq8.exe]
C:\Documents and Settings\Hong\Start Menu\Programs\Startup\i3uuklq8.exe [2010-11-13 60416]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^Hong^Start Menu^Programs^Startup^i3uuklq860.exe]
C:\Documents and Settings\Hong\Start Menu\Programs\Startup\i3uuklq860.exe [2010-11-13 60416]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^Hong^Start Menu^Programs^Startup^lwhns3ee1q.exe]
C:\Documents and Settings\Hong\Start Menu\Programs\Startup\lwhns3ee1q.exe [2010-11-14 60416]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^Hong^Start Menu^Programs^Startup^MagicDisc.lnk]
C:\PROGRA~1\MAGICD~1\MAGICD~1.EXE [2009-02-23 576000]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^Hong^Start Menu^Programs^Startup^OpenOffice.org 3.0.lnk]
C:\PROGRA~1\OPENOF~1.ORG\program\QUICKS~1.EXE [2009-01-15 393216]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^Hong^Start Menu^Programs^Startup^riddzpplq3.exe]
C:\Documents and Settings\Hong\Start Menu\Programs\Startup\riddzpplq3.exe [2010-11-14 60416]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^Hong^Start Menu^Programs^Startup^rrnddzpplbb.exe]
C:\Documents and Settings\Hong\Start Menu\Programs\Startup\rrnddzpplbb.exe [2010-11-13 60416]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^Hong^Start Menu^Programs^Startup^s86e81qbcxd.exe]
C:\Documents and Settings\Hong\Start Menu\Programs\Startup\s86e81qbcxd.exe [2010-11-13 60416]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^Hong^Start Menu^Programs^Startup^uk0g3ss3ee1.exe]
C:\Documents and Settings\Hong\Start Menu\Programs\Startup\uk0g3ss3ee1.exe [2010-11-14 60416]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^Hong^Start Menu^Programs^Startup^vmmhyytk.exe]
C:\Documents and Settings\Hong\Start Menu\Programs\Startup\vmmhyytk.exe [2010-11-13 60416]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^Hong^Start Menu^Programs^Startup^w0xnijjfk3.exe]
C:\Documents and Settings\Hong\Start Menu\Programs\Startup\w0xnijjfk3.exe [2010-11-14 60416]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^Hong^Start Menu^Programs^Startup^whx9ye0k3w.exe]
C:\Documents and Settings\Hong\Start Menu\Programs\Startup\whx9ye0k3w.exe [2010-11-14 60416]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^Hong^Start Menu^Programs^Startup^WinFlip.lnk]
C:\PROGRA~1\WinFlip\WinFlip.exe [2007-10-25 462848]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^Hong^Start Menu^Programs^Startup^y8703g0hxd6.exe]
C:\Documents and Settings\Hong\Start Menu\Programs\Startup\y8703g0hxd6.exe [2010-11-13 60416]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"ose"=3
"idsvc"=3
"ICQ Service"=2
"WZCSVC"=2
"wuauserv"=2
"wscsvc"=2
"JavaQuickStarterService"=2
"NetTcpPortSharing"=2
"WMPNetworkSvc"=3
"gusvc"=2
"gupdate1c9aca3419ed106"=2
"Viewpoint Manager Service"=2
"MDM"=2
"Adobe LM Service"=3
"ServiceLayer"=3
"IDriverT"=3
"fsssvc"=3
"FLEXnet Licensing Service"=3
"nvsvc"=2
"nTuneService"=2
"CachemanXPService"=3

C:\Documents and Settings\All Users\Start Menu\Programs\Startup
hp psc 1000 series.lnk - C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpohmr08.exe

C:\Documents and Settings\Hong\Start Menu\Programs\Startup
0ddzppl.exe
1xojk6v.exe
3ll87dz.exe
5n0tup8.exe
5tz06hc.exe
602llrs.exe
65p25br.exe
7upglm9.exe
9n6oo30.exe
9rcxojk.exe
a1wssneezq.exe
a3mc1ijj.exe
avbg3ss3.exe
bhxnijjf.exe
cxxotup83.exe
de02llrsnt.exe
dj26vgmr.exe
f0lhcc6oo.exe
fagg3ss3ee1.exe
fll87dz5gh.exe
g70hdyy6k.exe
hxxojk6v163.exe
i3uuklq8.exe
i3uuklq860.exe
jkag3w9y.exe
lwhns3ee1q.exe
m9i1up0vrm.exe
okfv2wxsyo6.exe
riddzpplq3.exe
riiduupg.exe
rrnddzpplbb.exe
s86e81qbcxd.exe
uk0g3ss3ee1.exe
vmmhyytk.exe
w0xnijjfk3.exe
whx9ye0k3w.exe
y8703g0hxd6.exe
zkpa5brnyte.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WgaLogon]
WgaLogon.dll []

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll [2006-10-19 133632]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa]
"notification packages"=
scecli
scecli
scecli

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\djqbevax.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\owtnqeks.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\PEVSystemStart]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\procexp90.Sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\djqbevax.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\Lavasoft Ad-Aware Service]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\MSIServer]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\nm]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\nm.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\owtnqeks.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\PEVSystemStart]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\procexp90.Sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\Wdf01000.sys]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=323
"NoDriveAutoRun"=67108863
"NoSMBalloonTip"=0
"NoDesktopCleanupWizard"=1

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"HonorAutoRunSetting"=1
"NoDriveAutoRun"=67108863
"NoDriveTypeAutoRun"=323
"NoDrives"=0
"NoResolveSearch"=1

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\Opera\opera.exe"="C:\Program Files\Opera\opera.exe:*:Enabled:Opera Internet Browser"
"C:\Program Files\uTorrent\uTorrent.exe"="C:\Program Files\uTorrent\uTorrent.exe:*:Enabled:µTorrent"
"C:\Program Files\ICQ7.1\ICQ.exe"="C:\Program Files\ICQ7.1\ICQ.exe:*:Enabled:ICQ7.1"
"C:\Program Files\ICQ7.1\aolload.exe"="C:\Program Files\ICQ7.1\aolload.exe:*:Enabled:aolload.exe"
"C:\Program Files\Pando Networks\Media Booster\PMB.exe"="C:\Program Files\Pando Networks\Media Booster\PMB.exe:*:Enabled:Pando Media Booster"
"C:\Documents and Settings\Hong\My Documents\Downloads\P17535732.JPG-www.facebook.exe"="C:\WINDOWS\nvsvc32.exe:*:Disabled:NVIDIA driver monitor"
"C:\WINDOWS\system32\kouloomorou.exe"="C:\WINDOWS\system32\kouloomorou.exe:*:Enabled:zoufev32"
"C:\WINDOWS\system32\padi.exe"="C:\WINDOWS\system32\padi.exe:*:Enabled:zoufev32"
"C:\WINDOWS\system32\hupy.exe"="C:\WINDOWS\system32\hupy.exe:*:Enabled:zoufev32"
"C:\WINDOWS\system32\loosoujouzous.exe"="C:\WINDOWS\system32\loosoujouzous.exe:*:Enabled:bahyr32"
"C:\WINDOWS\system32\sonoloufow.exe"="C:\WINDOWS\system32\sonoloufow.exe:*:Enabled:bahyr32"
"C:\WINDOWS\system32\joubat.exe"="C:\WINDOWS\system32\joubat.exe:*:Enabled:bahyr32"
"C:\WINDOWS\system32\fohydoudoqu.exe"="C:\WINDOWS\system32\fohydoudoqu.exe:*:Enabled:zoufev32"
"C:\WINDOWS\system32\gezaquou.exe"="C:\WINDOWS\system32\gezaquou.exe:*:Enabled:bahyr32"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\ICQ7.1\ICQ.exe"="C:\Program Files\ICQ7.1\ICQ.exe:*:Enabled:ICQ7.1"
"C:\Program Files\ICQ7.1\aolload.exe"="C:\Program Files\ICQ7.1\aolload.exe:*:Enabled:aolload.exe"
"C:\Program Files\Pando Networks\Media Booster\PMB.exe"="C:\Program Files\Pando Networks\Media Booster\PMB.exe:*:Enabled:Pando Media Booster"

======List of files/folders created in the last 1 months======

2010-11-14 18:44:16 ----D---- C:\rsit
2010-11-14 18:29:16 ----A---- C:\WINDOWS\system32\fanxctrl.dll
2010-11-14 18:28:59 ----A---- C:\WINDOWS\system32\drivers\Lbd.sys
2010-11-14 18:23:48 ----A---- C:\WINDOWS\zip.exe
2010-11-14 18:23:48 ----A---- C:\WINDOWS\SWXCACLS.exe
2010-11-14 18:23:48 ----A---- C:\WINDOWS\SWSC.exe
2010-11-14 18:23:48 ----A---- C:\WINDOWS\SWREG.exe
2010-11-14 18:23:48 ----A---- C:\WINDOWS\sed.exe
2010-11-14 18:23:48 ----A---- C:\WINDOWS\PEV.exe
2010-11-14 18:23:48 ----A---- C:\WINDOWS\NIRCMD.exe
2010-11-14 18:23:48 ----A---- C:\WINDOWS\MBR.exe
2010-11-14 18:23:48 ----A---- C:\WINDOWS\grep.exe
2010-11-14 18:23:23 ----SD---- C:\ComboFix
2010-11-14 18:23:15 ----HDC---- C:\Documents and Settings\All Users\Application Data\{E961CE1B-C3EA-4882-9F67-F859B555D097}
2010-11-14 18:22:58 ----D---- C:\Program Files\Lavasoft
2010-11-14 18:22:58 ----D---- C:\Documents and Settings\All Users\Application Data\Lavasoft
2010-11-14 18:19:23 ----D---- C:\WINDOWS\ERDNT
2010-11-14 18:18:29 ----A---- C:\WINDOWS\system32\CF27787.exe
2010-11-14 18:16:50 ----D---- C:\Qoobox
2010-11-14 17:56:33 ----A---- C:\WINDOWS\system32\tebuheg.exe
2010-11-14 17:51:36 ----A---- C:\WINDOWS\system32\kusoorig.exe
2010-11-14 17:50:47 ----A---- C:\WINDOWS\system32\fawaroodouf.exe
2010-11-14 17:49:13 ----A---- C:\WINDOWS\ntbtlog.txt
2010-11-14 17:45:34 ----A---- C:\WINDOWS\system32\pyhu.exe
2010-11-14 17:44:15 ----A---- C:\WINDOWS\SchedLgU.Txt
2010-11-14 13:10:32 ----A---- C:\WINDOWS\wininit.ini
2010-11-13 19:36:38 ----D---- C:\Program Files\Spybot - Search & Destroy
2010-11-13 19:36:38 ----D---- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2010-11-12 20:21:42 ----A---- C:\WINDOWS\system32\kouloomorou.exe
2010-11-10 20:27:21 ----A---- C:\WINDOWS\system32\drivers\owtnqeks.sys
2010-11-10 16:44:54 ----A---- C:\WINDOWS\system32\gezaquou.exe
2010-11-10 14:10:27 ----A---- C:\WINDOWS\system32\loosoujouzous.exe
2010-11-10 07:35:40 ----A---- C:\WINDOWS\system32\vinysooqu.exe
2010-11-10 07:34:22 ----RSH---- C:\Documents and Settings\Hong\Application Data\juzjf.exe
2010-11-02 17:57:10 ----D---- C:\fotky
2010-10-28 22:42:20 ----D---- C:\Documents and Settings\All Users\Application Data\Trymedia

======List of files/folders modified in the last 1 months======

2010-11-14 18:44:27 ----AD---- C:\WINDOWS\temp
2010-11-14 18:44:24 ----D---- C:\WINDOWS\Prefetch
2010-11-14 18:44:24 ----D---- C:\Program Files\Trend Micro
2010-11-14 18:40:41 ----D---- C:\WINDOWS\system32
2010-11-14 18:40:29 ----SD---- C:\WINDOWS\Tasks
2010-11-14 18:40:04 ----D---- C:\WINDOWS\system32\CatRoot2
2010-11-14 18:31:13 ----D---- C:\WINDOWS
2010-11-14 18:29:16 ----D---- C:\WINDOWS\system32\drivers
2010-11-14 18:29:14 ----HD---- C:\WINDOWS\inf
2010-11-14 18:29:14 ----D---- C:\Program Files\Common Files
2010-11-14 18:28:59 ----DC---- C:\WINDOWS\system32\DRVSTORE
2010-11-14 18:23:15 ----SHD---- C:\WINDOWS\Installer
2010-11-14 18:22:58 ----RD---- C:\Program Files
2010-11-14 18:22:53 ----D---- C:\WINDOWS\WinSxS
2010-11-14 18:15:19 ----SHD---- C:\RECYCLER
2010-11-14 17:49:20 ----SHD---- C:\WINDOWS\CSC
2010-11-14 17:41:58 ----D---- C:\WINDOWS\system32\LogFiles
2010-11-14 17:30:46 ----D---- C:\WINDOWS\system32\appmgmt
2010-11-14 17:13:58 ----RASH---- C:\boot.ini
2010-11-14 17:13:58 ----A---- C:\WINDOWS\win.ini
2010-11-14 17:13:58 ----A---- C:\WINDOWS\system.ini
2010-11-14 17:13:56 ----D---- C:\WINDOWS\pss
2010-11-14 15:58:47 ----D---- C:\Documents and Settings\Hong\Application Data\ICQ
2010-11-12 19:07:06 ----A---- C:\WINDOWS\system32\PerfStringBackup.INI
2010-11-12 11:24:44 ----A---- C:\WINDOWS\NeroDigital.ini
2010-11-10 16:47:27 ----D---- C:\Documents and Settings\All Users\Application Data\Adobe
2010-11-10 16:47:07 ----D---- C:\Program Files\Adobe
2010-11-10 16:46:56 ----D---- C:\Program Files\Common Files\Adobe
2010-11-03 16:24:36 ----D---- C:\Documents and Settings\Hong\Application Data\uTorrent
2010-11-03 14:34:41 ----D---- C:\Documents and Settings\All Users\Application Data\Blizzard Entertainment
2010-11-02 18:52:46 ----D---- C:\Program Files\Common Files\Blizzard Entertainment
2010-10-31 23:24:24 ----D---- C:\Program Files\ICQ7.1
2010-10-28 22:30:23 ----RSD---- C:\WINDOWS\assembly
2010-10-28 22:30:04 ----D---- C:\WINDOWS\system32\DirectX
2010-10-26 15:59:15 ----D---- C:\Documents and Settings\Hong\Application Data\SystemRequirementsLab
2010-10-18 17:32:57 ----D---- C:\Program Files\Opera

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R0 Lbd;Lbd; C:\WINDOWS\system32\DRIVERS\Lbd.sys [2010-09-23 64288]
R0 nv_agp;NVIDIA nForce AGP Bus Filter; C:\WINDOWS\system32\DRIVERS\nv_agp.sys [2004-04-02 21760]
R0 nvatabus;nvatabus; C:\WINDOWS\system32\DRIVERS\nvatabus.sys [2004-06-03 79360]
R0 owtnqeks;owtnqeks; C:\WINDOWS\System32\Drivers\owtnqeks.sys [2010-11-10 40128]
R0 PxHelp20;PxHelp20; C:\WINDOWS\System32\Drivers\PxHelp20.sys [2009-04-28 44944]
R0 sptd;sptd; C:\WINDOWS\System32\Drivers\sptd.sys [2010-04-22 691696]
R0 WudfPf;Windows Driver Foundation - User-mode Driver Framework Platform Driver; C:\WINDOWS\system32\DRIVERS\WudfPf.sys [2008-01-18 77696]
R1 AFS2K;AFS2k; C:\WINDOWS\system32\drivers\AFS2K.sys [2010-06-02 82380]
R1 AmdK8;AMD Processor Driver; C:\WINDOWS\system32\DRIVERS\AmdK8.sys [2006-07-01 36864]
R2 {1BA31E5A-C098-42d8-8F88-3C9F78A2FDDC};Power Control [2010/07/11 13:05:02]; \??\D:\PowerDVD10\NavFilter\000.fcl []
R2 adfs;adfs; C:\WINDOWS\system32\drivers\adfs.sys [2008-08-14 74720]
R2 cpuz132;cpuz132; \??\C:\WINDOWS\system32\drivers\cpuz132_x32.sys []
R2 fssfltr;FssFltr; C:\WINDOWS\system32\DRIVERS\fssfltr_tdi.sys [2009-08-05 54752]
R3 ALCXWDM;Service for Realtek AC97 Audio (WDM); C:\WINDOWS\system32\drivers\ALCXWDM.SYS [2007-04-25 4030144]
R3 Lavasoft Kernexplorer;Lavasoft helper driver; \??\C:\Program Files\Lavasoft\Ad-Aware\KernExplorer.sys []
R3 mcdbus;Driver for MagicISO SCSI Host Controller; C:\WINDOWS\system32\DRIVERS\mcdbus.sys [2009-02-24 116736]
R3 nv;nv; C:\WINDOWS\system32\DRIVERS\nv4_mini.sys [2010-07-09 10604128]
R3 NVENETFD;NVIDIA nForce Networking Controller Driver; C:\WINDOWS\system32\DRIVERS\NVENETFD.sys [2005-04-06 33536]
R3 nvnetbus;NVIDIA Network Bus Enumerator; C:\WINDOWS\system32\DRIVERS\nvnetbus.sys [2005-04-06 12928]
R3 RTL8023xp;Realtek 10/100/1000 PCI NIC Family NDIS XP Driver; C:\WINDOWS\system32\DRIVERS\Rtnicxp.sys [2009-03-25 130432]
S3 ab6la5ra;ab6la5ra; C:\WINDOWS\system32\drivers\ab6la5ra.sys []
S3 BthEnum;Bluetooth Request Block Driver; C:\WINDOWS\system32\DRIVERS\BthEnum.sys [2008-04-14 17024]
S3 BTHMODEM;Bluetooth Modem Communications Driver; C:\WINDOWS\system32\DRIVERS\bthmodem.sys [2008-04-14 37888]
S3 BthPan;Bluetooth Device (Personal Area Network); C:\WINDOWS\system32\DRIVERS\bthpan.sys [2008-04-14 101120]
S3 BTHPORT;Bluetooth Port Driver; C:\WINDOWS\System32\Drivers\BTHport.sys [2008-06-13 272128]
S3 BTHUSB;Bluetooth Radio USB Driver; C:\WINDOWS\System32\Drivers\BTHUSB.sys [2008-04-14 18944]
S3 btkrnl;Bluetooth Bus Enumerator; C:\WINDOWS\system32\DRIVERS\btkrnl.sys []
S3 catchme;catchme; \??\C:\DOCUME~1\Hong\LOCALS~1\Temp\catchme.sys []
S3 EagleNT;EagleNT; \??\C:\WINDOWS\system32\drivers\EagleNT.sys []
S3 GMSIPCI;GMSIPCI; \??\F:\INSTALL\GMSIPCI.SYS []
S3 HPZid412;IEEE-1284.4 Driver HPZid412; C:\WINDOWS\system32\DRIVERS\HPZid412.sys [2003-03-10 51024]
S3 HPZipr12;Print Class Driver for IEEE-1284.4 HPZipr12; C:\WINDOWS\system32\DRIVERS\HPZipr12.sys [2003-03-10 16080]
S3 HPZius12;USB to IEEE-1284.4 Translation Driver HPZius12; C:\WINDOWS\system32\DRIVERS\HPZius12.sys [2003-03-10 21456]
S3 n558;N558 Bluetooth USB Filter Driver; C:\WINDOWS\System32\Drivers\n558.sys [2007-08-15 9600]
S3 nmwcd;Nokia USB Phone Parent; C:\WINDOWS\system32\drivers\ccdcmb.sys [2009-02-09 17664]
S3 nmwcdc;Nokia USB Generic; C:\WINDOWS\system32\drivers\ccdcmbo.sys [2009-02-09 22016]
S3 NVR0Dev;NVR0Dev; \??\C:\WINDOWS\nvoclock.sys []
S3 pccsmcfd;PCCS Mode Change Filter Driver; C:\WINDOWS\system32\DRIVERS\pccsmcfd.sys [2008-08-26 18816]
S3 RFCOMM;Bluetooth Device (RFCOMM Protocol TDI); C:\WINDOWS\system32\DRIVERS\rfcomm.sys [2008-04-14 59136]
S3 rtl8139;Realtek RTL8139(A/B/C)-based PCI Fast Ethernet Adapter NT Driver; C:\WINDOWS\system32\DRIVERS\RTL8139.SYS [2004-08-03 20992]
S3 SONYPVU1;Sony USB Filter Driver (SONYPVU1); C:\WINDOWS\system32\DRIVERS\SONYPVU1.SYS [2001-08-17 7552]
S3 upperdev;upperdev; C:\WINDOWS\system32\DRIVERS\usbser_lowerflt.sys [2009-02-09 7808]
S3 usbccgp;Microsoft USB Generic Parent Driver; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2008-04-14 32128]
S3 usbprint;Microsoft USB PRINTER Class; C:\WINDOWS\system32\DRIVERS\usbprint.sys [2008-04-14 25856]
S3 usbscan;USB Scanner Driver; C:\WINDOWS\system32\DRIVERS\usbscan.sys [2008-04-14 15104]
S3 usbser;USB Modem Driver; C:\WINDOWS\system32\drivers\usbser.sys [2008-04-14 26112]
S3 UsbserFilt;UsbserFilt; C:\WINDOWS\system32\DRIVERS\usbser_lowerfltj.sys [2009-02-09 7808]
S3 USBSTOR;USB Mass Storage Driver; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-14 26368]
S3 Wdf01000;Kernel Mode Driver Frameworks service; C:\WINDOWS\System32\Drivers\wdf01000.sys [2008-03-27 503008]
S3 WpdUsb;WpdUsb; C:\WINDOWS\system32\DRIVERS\wpdusb.sys [2006-10-19 38528]
S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; C:\WINDOWS\system32\DRIVERS\wudfrd.sys [2008-01-18 83328]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 BthServ;Bluetooth Support Service; C:\WINDOWS\system32\svchost.exe [2008-04-14 14336]
R2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service; C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe [2010-09-23 1355928]
R2 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS\system32\svchost.exe [2008-04-14 14336]
S2 u1thmtecye6;PowerUtility TV Recording Reservation; C:\WINDOWS\system32\pyhu.exe [2010-11-14 201216]
S2 uoza4yyk0e9m6;Crystal Report Application Server; C:\WINDOWS\system32\vinysooqu.exe [2010-11-12 201216]
S2 vboooobo4;Blue Coat K9 Web Protection; C:\WINDOWS\system32\kusoorig.exe [2010-11-14 201216]
S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2008-07-25 34312]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2008-07-25 69632]
S3 FontCache3.0.0.0;Windows Presentation Foundation Font Cache 3.0.0.0; C:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe [2008-07-30 46104]
S3 Pml Driver HPZ12;Pml Driver HPZ12; C:\WINDOWS\system32\HPZipm12.exe [2003-03-10 65795]
S3 SwitchBoard;SwitchBoard; C:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-02-19 517096]
S4 CachemanXPService;CachemanXP; C:\Documents and Settings\Hong\Desktop\Hong\CachemanXP.exe []
S4 FLEXnet Licensing Service;FLEXnet Licensing Service; C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe [2009-08-11 655624]
S4 fsssvc;Služba Bezpečnosť rodiny v službe Windows Live; C:\Program Files\Windows Live\Family Safety\fsssvc.exe [2009-08-05 704864]
S4 IDriverT;InstallDriver Table Manager; C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe [2005-11-14 69632]
S4 idsvc;Windows CardSpace; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe [2008-07-30 881664]
S4 JavaQuickStarterService;Java Quick Starter; C:\Program Files\Java\jre6\bin\jqs.exe [2009-02-14 152984]
S4 MDM;Machine Debug Manager; C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE [2003-06-20 322120]
S4 NetTcpPortSharing;Net.Tcp Port Sharing Service; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe [2008-07-30 132096]
S4 nTuneService;nTune Service; C:\Program Files\NVIDIA Corporation\nTune\nTuneService.exe [2007-09-04 131072]
S4 nvsvc;NVIDIA Display Driver Service; C:\WINDOWS\system32\nvsvc32.exe [2010-07-09 155752]
S4 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2003-07-29 89136]
S4 ServiceLayer;ServiceLayer; C:\Program Files\PC Connectivity Solution\ServiceLayer.exe [2009-06-02 637952]
S4 Viewpoint Manager Service;Viewpoint Manager Service; C:\Program Files\Viewpoint\Common\ViewpointService.exe [2007-01-04 24652]
S4 WMPNetworkSvc;Windows Media Player Network Sharing Service; C:\Program Files\Windows Media Player\WMPNetwk.exe [2006-10-19 913408]

-----------------EOF-----------------

Re: FB virus asi...Pomoc

Napsal: 14 lis 2010 18:59
od Marek-26
Rovnou poprosím log z combofixu :wink:

Pozorně přečíst :wink:

http://www.bleepingcomputer.com/combofi ... t-combofix

Konzolu pro zotavení neinstalujte.

Re: FB virus asi...Pomoc

Napsal: 14 lis 2010 19:15
od Hong
ComboFix 10-11-13.01 - Hong 14.11.2010 19:03:25.6.1 - x86
Microsoft Windows XP Professional 5.1.2600.3.1250.421.1033.18.2559.1808 [GMT 1:00]
Running from: c:\documents and settings\Hong\Desktop\ComboFix.exe
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\12gn6id2.exe
C:\Autorun.inf
c:\docume~1\Hong\LOCALS~1\Temp\lsass.exe
c:\documents and settings\Hong\secupdat.dat
c:\program files\Trend Micro\HijackThis\backups\backup-20101110-164232-163-pggbssne.exe
c:\program files\Trend Micro\HijackThis\backups\backup-20101110-164232-309-neezqqlccxo.exe
c:\program files\Trend Micro\HijackThis\backups\backup-20101110-164232-418-mns3te8708.exe
c:\program files\Trend Micro\HijackThis\backups\backup-20101110-164232-589-fa1wssneek.exe
c:\program files\Trend Micro\HijackThis\backups\backup-20101110-164232-655-26gg6ss.exe
c:\program files\Trend Micro\HijackThis\backups\backup-20101110-164232-728-cc6oo6aa6.exe
c:\program files\Trend Micro\HijackThis\backups\backup-20101110-164232-790-cx03te8708x.exe
c:\program files\Trend Micro\HijackThis\backups\backup-20101110-164232-922-3eezqql.exe
c:\program files\Trend Micro\HijackThis\backups\backup-20101110-164232-926-hdttpffb.exe
c:\program files\Trend Micro\HijackThis\backups\backup-20101110-164232-952-okkfwwriid.exe
c:\program files\Trend Micro\HijackThis\backups\backup-20101110-164232-997-91s3te8.exe
c:\program files\Trend Micro\HijackThis\backups\backup-20101113-193335-121-brsndeza.exe
c:\program files\Trend Micro\HijackThis\backups\backup-20101113-193335-159-bh66yjzf2l.exe
c:\program files\Trend Micro\HijackThis\backups\backup-20101113-193335-162-5njefk8.exe
c:\program files\Trend Micro\HijackThis\backups\backup-20101113-193335-170-70hdyy6.exe
c:\program files\Trend Micro\HijackThis\backups\backup-20101113-193335-191-6u81rmn.exe
c:\program files\Trend Micro\HijackThis\backups\backup-20101113-193335-274-6uu6gg6.exe
c:\program files\Trend Micro\HijackThis\backups\backup-20101113-193335-313-2hcc6oo.exe
c:\program files\Trend Micro\HijackThis\backups\backup-20101113-193335-378-0dzuu6g.exe
c:\program files\Trend Micro\HijackThis\backups\backup-20101113-193335-398-70s6ee1.exe
c:\program files\Trend Micro\HijackThis\backups\backup-20101113-193335-423-1qbcxd2.exe
c:\program files\Trend Micro\HijackThis\backups\backup-20101113-193335-445-1sty81k.exe
c:\program files\Trend Micro\HijackThis\backups\backup-20101113-193335-479-3ytjkfb.exe
c:\program files\Trend Micro\HijackThis\backups\backup-20101113-193335-510-b70iioj6pq.exe
c:\program files\Trend Micro\HijackThis\backups\backup-20101113-193335-529-c1t703a6bh.exe
c:\program files\Trend Micro\HijackThis\backups\backup-20101113-193335-615-bmmhxytz670.exe
c:\program files\Trend Micro\HijackThis\backups\backup-20101113-193335-714-bww6ii6uu6g.exe
c:\program files\Trend Micro\HijackThis\backups\backup-20101113-193335-756-6ww6ii6.exe
c:\program files\Trend Micro\HijackThis\backups\backup-20101113-193335-795-0tjp66g.exe
c:\program files\Trend Micro\HijackThis\backups\backup-20101113-193335-832-3w1n70j.exe
c:\program files\Trend Micro\HijackThis\backups\backup-20101113-193335-868-0bxss6e.exe
c:\program files\Trend Micro\HijackThis\backups\backup-20101113-193335-871-aa6mm6yy6.exe
c:\program files\Trend Micro\HijackThis\backups\backup-20101113-193335-876-1gmhxyt.exe
c:\program files\Trend Micro\HijackThis\backups\backup-20101113-193335-931-1okkfww.exe
c:\program files\Trend Micro\HijackThis\backups\backup-20101113-193336-106-cdtzf60h.exe
c:\program files\Trend Micro\HijackThis\backups\backup-20101113-193336-124-q70rnii6u.exe
c:\program files\Trend Micro\HijackThis\backups\backup-20101113-193336-132-s10tjp60r.exe
c:\program files\Trend Micro\HijackThis\backups\backup-20101113-193336-182-gbrsndez.exe
c:\program files\Trend Micro\HijackThis\backups\backup-20101113-193336-187-lmh0ndj6.exe
c:\program files\Trend Micro\HijackThis\backups\backup-20101113-193336-219-pfl66c870kk.exe
c:\program files\Trend Micro\HijackThis\backups\backup-20101113-193336-256-ozvqqw1sytp.exe
c:\program files\Trend Micro\HijackThis\backups\backup-20101113-193336-314-i1eaavm1cy.exe
c:\program files\Trend Micro\HijackThis\backups\backup-20101113-193336-327-pggbssne.exe
c:\program files\Trend Micro\HijackThis\backups\backup-20101113-193336-350-fwwriiduupg.exe
c:\program files\Trend Micro\HijackThis\backups\backup-20101113-193336-395-plb38itokq.exe
c:\program files\Trend Micro\HijackThis\backups\backup-20101113-193336-461-gwxc86o81a.exe
c:\program files\Trend Micro\HijackThis\backups\backup-20101113-193336-478-tkkfwwri.exe
c:\program files\Trend Micro\HijackThis\backups\backup-20101113-193336-488-i6y81kvmm.exe
c:\program files\Trend Micro\HijackThis\backups\backup-20101113-193336-519-ttpflgg6ss6.exe
c:\program files\Trend Micro\HijackThis\backups\backup-20101113-193336-525-nddtz66q86c.exe
c:\program files\Trend Micro\HijackThis\backups\backup-20101113-193336-537-nno70plgw.exe
c:\program files\Trend Micro\HijackThis\backups\backup-20101113-193336-539-cyttkkfwwr.exe
c:\program files\Trend Micro\HijackThis\backups\backup-20101113-193336-548-k70lhcc0t.exe
c:\program files\Trend Micro\HijackThis\backups\backup-20101113-193336-564-hdi86u81.exe
c:\program files\Trend Micro\HijackThis\backups\backup-20101113-193336-605-rmm6yy6kk6w.exe
c:\program files\Trend Micro\HijackThis\backups\backup-20101113-193336-611-hc0jpzvqrw.exe
c:\program files\Trend Micro\HijackThis\backups\backup-20101113-193336-617-snt61vqrw8.exe
c:\program files\Trend Micro\HijackThis\backups\backup-20101113-193336-623-n66e86q8.exe
c:\program files\Trend Micro\HijackThis\backups\backup-20101113-193336-652-ttkkfwwr.exe
c:\program files\Trend Micro\HijackThis\backups\backup-20101113-193336-655-sty81vqrw8.exe
c:\program files\Trend Micro\HijackThis\backups\backup-20101113-193336-671-iyo0pfl6.exe
c:\program files\Trend Micro\HijackThis\backups\backup-20101113-193336-779-uup2rmm6yy.exe
c:\program files\Trend Micro\HijackThis\backups\backup-20101113-193336-789-lmhid09kfvw.exe
c:\program files\Trend Micro\HijackThis\backups\backup-20101113-193336-795-pplbbxnnjzz.exe
c:\program files\Trend Micro\HijackThis\backups\backup-20101113-193336-798-rsndezav081.exe
c:\program files\Trend Micro\HijackThis\backups\backup-20101113-193336-805-iy3aavm1cyy.exe
c:\program files\Trend Micro\HijackThis\backups\backup-20101113-193336-809-jee1a9w1s.exe
c:\program files\Trend Micro\HijackThis\backups\backup-20101113-193336-815-lbbxnnjz.exe
c:\program files\Trend Micro\HijackThis\backups\backup-20101113-193336-819-csty81vqrw.exe
c:\program files\Trend Micro\HijackThis\backups\backup-20101113-193336-829-ntdzuva86m.exe
c:\program files\Trend Micro\HijackThis\backups\backup-20101113-193336-858-vq1miiduup.exe
c:\program files\Trend Micro\HijackThis\backups\backup-20101113-193336-893-hdttp2lgwx.exe
c:\program files\Trend Micro\HijackThis\backups\backup-20101113-193336-924-jjfvvrhhdtt.exe
c:\program files\Trend Micro\HijackThis\backups\backup-20101113-193336-968-oojalgg6.exe
c:\program files\Trend Micro\HijackThis\backups\backup-20101113-193336-970-fvvrhhdttpf.exe
c:\program files\Trend Micro\HijackThis\backups\backup-20101113-193336-971-pggbssneezq.exe
c:\program files\Trend Micro\HijackThis\backups\backup-20101113-193336-998-idzz2fgb0.exe
c:\program files\Trend Micro\HijackThis\backups\backup-20101113-193337-210-vwrsn081kab.exe
c:\program files\Trend Micro\HijackThis\backups\backup-20101113-193337-328-xtoo6aa6.exe
c:\program files\Trend Micro\HijackThis\backups\backup-20101113-193337-339-x0tjp60rm.exe
c:\program files\Trend Micro\HijackThis\backups\backup-20101113-193337-354-xnojzavwr0.exe
c:\program files\Trend Micro\HijackThis\backups\backup-20101113-193337-359-xnozffgb5s.exe
c:\program files\Trend Micro\HijackThis\backups\backup-20101113-193337-406-zpvmcs9ok.exe
c:\program files\Trend Micro\HijackThis\backups\backup-20101113-193337-414-xytppll2rsn.exe
c:\program files\Trend Micro\HijackThis\backups\backup-20101113-193337-562-xtopu86g8.exe
c:\program files\Trend Micro\HijackThis\backups\backup-20101113-193337-566-xytjkfvw.exe
c:\program files\Trend Micro\HijackThis\backups\backup-20101113-193337-591-wmns81ep.exe
c:\program files\Trend Micro\HijackThis\backups\backup-20101113-193337-870-zpa1qrw86oe.exe
c:\windows\system32\_003045_.tmp.dll
c:\windows\system32\_003046_.tmp.dll
c:\windows\system32\_003047_.tmp.dll
c:\windows\system32\_003055_.tmp.dll
c:\windows\system32\_003056_.tmp.dll
c:\windows\system32\_003057_.tmp.dll
c:\windows\system32\_003059_.tmp.dll
c:\windows\system32\_003060_.tmp.dll
c:\windows\system32\_003063_.tmp.dll
c:\windows\system32\_003064_.tmp.dll
c:\windows\system32\_003066_.tmp.dll
c:\windows\system32\_003067_.tmp.dll
c:\windows\system32\_003068_.tmp.dll
c:\windows\system32\_003070_.tmp.dll
c:\windows\system32\_003073_.tmp.dll
c:\windows\system32\_003074_.tmp.dll
c:\windows\system32\_003078_.tmp.dll
c:\windows\system32\_003079_.tmp.dll
c:\windows\system32\_003081_.tmp.dll
c:\windows\system32\_003084_.tmp.dll
c:\windows\system32\_003086_.tmp.dll
c:\windows\system32\_003087_.tmp.dll
c:\windows\system32\_003089_.tmp.dll
c:\windows\system32\_003090_.tmp.dll
c:\windows\system32\_003093_.tmp.dll
c:\windows\system32\_003094_.tmp.dll
c:\windows\system32\_003095_.tmp.dll
c:\windows\system32\_003096_.tmp.dll
c:\windows\system32\_003097_.tmp.dll
c:\windows\system32\_003102_.tmp.dll
c:\windows\system32\_003104_.tmp.dll
c:\windows\system32\_003105_.tmp.dll
c:\windows\system32\Drivers\owtnqeks.sys
c:\windows\system32\fanxctrl.dll
c:\windows\system32\secupdat.dat
c:\windows\system32\sysdm.exe
D:\12gn6id2.exe
D:\autorun.inf

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_owtnqeks
-------\Service_owtnqeks


((((((((((((((((((((((((( Files Created from 2010-10-14 to 2010-11-14 )))))))))))))))))))))))))))))))
.

2010-11-14 17:49 . 2010-09-23 07:46 15880 ----a-w- c:\windows\system32\lsdelete.exe
2010-11-14 17:44 . 2010-11-14 17:44 -------- d-----w- C:\rsit
2010-11-14 17:28 . 2010-09-23 07:46 64288 ----a-w- c:\windows\system32\drivers\Lbd.sys
2010-11-14 17:23 . 2010-11-14 17:23 -------- d-----w- c:\documents and settings\Hong\Local Settings\Application Data\Sunbelt Software
2010-11-14 17:23 . 2010-11-14 17:23 -------- dc-h--w- c:\documents and settings\All Users\Application Data\{E961CE1B-C3EA-4882-9F67-F859B555D097}
2010-11-14 17:22 . 2010-11-14 17:29 -------- d-----w- c:\documents and settings\All Users\Application Data\Lavasoft
2010-11-14 17:22 . 2010-11-14 17:22 -------- d-----w- c:\program files\Lavasoft
2010-11-14 17:18 . 2010-11-14 17:16 389120 ----a-w- c:\windows\system32\CF27787.exe
2010-11-14 16:56 . 2010-11-14 16:56 201216 ----a-w- c:\windows\system32\tebuheg.exe
2010-11-14 16:41 . 2010-11-14 16:41 -------- d-----w- c:\documents and settings\Administrator\Local Settings\Application Data\Apple Computer
2010-11-14 16:28 . 2010-11-14 16:28 -------- d-----w- c:\documents and settings\Administrator\Local Settings\Application Data\ApplicationHistory
2010-11-13 18:36 . 2010-11-14 11:40 -------- d-----w- c:\program files\Spybot - Search & Destroy
2010-11-13 18:36 . 2010-11-13 18:41 -------- d-----w- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2010-11-12 19:21 . 2010-11-12 19:21 201216 ----a-w- c:\windows\system32\kouloomorou.exe
2010-11-10 15:44 . 2010-11-14 16:45 201216 ----a-w- c:\windows\system32\gezaquou.exe
2010-11-02 16:57 . 2010-11-03 13:28 -------- d-----w- C:\fotky
2010-10-28 21:42 . 2010-10-28 21:42 -------- d-----w- c:\documents and settings\All Users\Application Data\Trymedia

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-11-01 22:27 . 2009-02-02 05:22 60416 ----a-w- c:\windows\ALCFDRTM.VER
2010-08-19 11:10 . 2010-08-19 11:10 445016 ----a-w- c:\windows\system32\wrap_oal.dll
2010-08-19 11:10 . 2010-08-19 11:10 109144 ----a-w- c:\windows\system32\OpenAL32.dll
2009-05-01 21:02 . 2009-05-01 21:02 1044480 ----a-w- c:\program files\opera\program\plugins\libdivx.dll
2009-05-01 21:02 . 2009-05-01 21:02 200704 ----a-w- c:\program files\opera\program\plugins\ssldivx.dll
.

------- Sigcheck -------

[7] 2009-12-22 . 5747867041C33E26DA5CC893C9532DB8 . 3071488 . . [6.00.2900.3660] . . c:\windows\$hf_mig$\KB978207\SP2QFE\mshtml.dll
[7] 2009-12-22 . A758F0891A87EE005848A0BC740A5B96 . 3071488 . . [6.00.2900.5921] . . c:\windows\$hf_mig$\KB978207\SP3GDR\mshtml.dll
[7] 2009-12-22 . AD17006339C1934D86449F335C241FF1 . 3073536 . . [6.00.2900.5921] . . c:\windows\$hf_mig$\KB978207\SP3QFE\mshtml.dll
[7] 2008-12-12 . B6DAA74E2ED36C71B502945589A683AE . 3067904 . . [6.00.2900.5726] . . c:\windows\$hf_mig$\KB960714\SP3QFE\mshtml.dll
[7] 2008-12-12 . C828AA1C5469E72251F3D367005E589F . 3067904 . . [6.00.2900.5726] . . c:\windows\SoftwareDistribution\Download\abbfe8992e55aa6ab630ccb81e3b1e56\backup\sp3gdr\mshtml.dll
[7] 2008-12-12 . C828AA1C5469E72251F3D367005E589F . 3067904 . . [6.00.2900.5726] . . c:\windows\SoftwareDistribution\Download\abbfe8992e55aa6ab630ccb81e3b1e56\backup\sp3qfe\mshtml.dll
[-] 2008-12-12 . CFC3D32583AB0EAE13E98A0492A4F5EF . 3444736 . . [6.00.2900.5726] . . c:\windows\system32\mshtml.dll
[7] 2008-10-16 . CC5A2205D37AE67CE23AB7FD3E1FDACA . 3067904 . . [6.00.2900.5694] . . c:\windows\$hf_mig$\KB958215\SP3QFE\mshtml.dll
[7] 2008-04-14 . A706E122B398FE1AB85CB9B75D044223 . 3066880 . . [6.00.2900.5512] . . c:\windows\ServicePackFiles\i386\mshtml.dll
[7] 2008-04-14 . A706E122B398FE1AB85CB9B75D044223 . 3066880 . . [6.00.2900.5512] . . c:\windows\SoftwareDistribution\Download\9866fb57abdc0ea2f5d4e132d055ba4e\mshtml.dll
[7] 2004-08-03 . 376E0843B2356CA91CEC8D9837A56FF7 . 3003392 . . [6.00.2900.2180] . . c:\windows\SoftwareDistribution\Download\2bc0b3c55e0c166e04844934d1c7c342\backup\mshtml.dll

[7] 2009-02-08 . EFE8EACE83EAAD5849A7A548FB75B584 . 2189184 . . [5.1.2600.5755] . . c:\windows\$hf_mig$\KB956572\SP3QFE\ntoskrnl.exe
[7] 2009-02-06 . FACEBB0CA3154F77009CDFEE78A00BBB . 2180480 . . [5.1.2600.3520] . . c:\windows\$NtServicePackUninstall$\ntoskrnl.exe
[7] 2009-02-06 . 7A95B10A73737EBF24139AAA63F5212B . 2189056 . . [5.1.2600.5755] . . c:\windows\$hf_mig$\KB956572\SP3GDR\ntoskrnl.exe
[7] 2009-02-06 . 6A936E9D7BADAF3CAAEED1E1966EC1B0 . 2186112 . . [5.1.2600.3520] . . c:\windows\$hf_mig$\KB956572\SP2QFE\ntoskrnl.exe
[7] 2008-08-15 . 31914172342BFF330063F343AC6958FE . 2189184 . . [5.1.2600.5657] . . c:\windows\$hf_mig$\KB956841\SP3QFE\ntoskrnl.exe
[7] 2008-08-14 . EEAF32F8E15A24F62BECB1BD403BB5C5 . 2189184 . . [5.1.2600.5657] . . c:\windows\Driver Cache\i386\ntoskrnl.exe
[-] 2008-08-14 . 24F1370B92B402AEFE07D50E0668194A . 2197888 . . [5.1.2600.5657] . . c:\windows\system32\ntoskrnl.exe
[7] 2008-04-13 . 0C89243C7C3EE199B96FCC16990E0679 . 2188928 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\ntoskrnl.exe
[7] 2008-04-13 . 0C89243C7C3EE199B96FCC16990E0679 . 2188928 . . [5.1.2600.5512] . . c:\windows\SoftwareDistribution\Download\9866fb57abdc0ea2f5d4e132d055ba4e\ntoskrnl.exe
[7] 2004-08-03 . CE218BC7088681FAA06633E218596CA7 . 2180992 . . [5.1.2600.2180] . . c:\windows\SoftwareDistribution\Download\2bc0b3c55e0c166e04844934d1c7c342\backup\ntoskrnl.exe

[-] 2008-04-14 . BF09E580BA8E3846F9E107B5A7041837 . 4919296 . . [6.00.2900.5512] . . c:\windows\explorer.exe
[-] 2008-04-14 . BF09E580BA8E3846F9E107B5A7041837 . 4919296 . . [6.00.2900.5512] . . c:\windows\ServicePackFiles\i386\explorer.exe
[-] 2008-04-14 . EE5BB6E5C76B793C9F58AAC68ED18D79 . 1480192 . . [6.00.2900.5512] . . c:\windows\VCP_SAVE\explorer.exe
[7] 2008-04-14 . 12896823FB95BFB3DC9B46BCAEDC9923 . 1033728 . . [6.00.2900.5512] . . c:\windows\SoftwareDistribution\Download\9866fb57abdc0ea2f5d4e132d055ba4e\explorer.exe
[7] 2004-08-03 . A0732187050030AE399B241436565E64 . 1032192 . . [6.00.2900.2180] . . c:\windows\$NtServicePackUninstall$\explorer.exe
[7] 2004-08-03 . A0732187050030AE399B241436565E64 . 1032192 . . [6.00.2900.2180] . . c:\windows\SoftwareDistribution\Download\2bc0b3c55e0c166e04844934d1c7c342\backup\explorer.exe

[7] 2009-02-08 . 5BA7F2141BC6DB06100D0E5A732C617A . 2066048 . . [5.1.2600.5755] . . c:\windows\$hf_mig$\KB956572\SP3GDR\ntkrnlpa.exe
[7] 2009-02-06 . 3006410E24772CC6953F0B5C01BEB35F . 2057728 . . [5.1.2600.3520] . . c:\windows\$NtServicePackUninstall$\ntkrnlpa.exe
[7] 2009-02-06 . 607352B9CB3D708C67F6039097801B5A . 2066176 . . [5.1.2600.5755] . . c:\windows\$hf_mig$\KB956572\SP3QFE\ntkrnlpa.exe
[7] 2009-02-06 . 9D832AF3FD1917DB0E1E8B2F000A2E3A . 2062976 . . [5.1.2600.3520] . . c:\windows\$hf_mig$\KB956572\SP2QFE\ntkrnlpa.exe
[7] 2008-08-14 . A25E9B86EFFB2AF33BF51E676B68BFB0 . 2066048 . . [5.1.2600.5657] . . c:\windows\$hf_mig$\KB956841\SP3QFE\ntkrnlpa.exe
[7] 2008-08-14 . 4AC58F03EB94A72809949D757FC39D80 . 2066048 . . [5.1.2600.5657] . . c:\windows\Driver Cache\i386\ntkrnlpa.exe
[-] 2008-08-14 . 0AD2A07C291E051CBCF90EED4F1D87B6 . 2074752 . . [5.1.2600.5657] . . c:\windows\system32\ntkrnlpa.exe
[7] 2008-04-13 . 109F8E3E3C82E337BB71B6BC9B895D61 . 2065792 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\ntkrnlpa.exe
[7] 2008-04-13 . 109F8E3E3C82E337BB71B6BC9B895D61 . 2065792 . . [5.1.2600.5512] . . c:\windows\SoftwareDistribution\Download\9866fb57abdc0ea2f5d4e132d055ba4e\ntkrnlpa.exe
[7] 2004-08-03 . 947FB1D86D14AFCFFDB54BF837EC25D0 . 2056832 . . [5.1.2600.2180] . . c:\windows\SoftwareDistribution\Download\2bc0b3c55e0c166e04844934d1c7c342\backup\ntkrnlpa.exe

[7] 2008-04-14 . 55794B97A7FAABD2910873C85274F409 . 93184 . . [6.00.2900.5512] . . c:\windows\ServicePackFiles\i386\iexplore.exe
[7] 2008-04-14 . 55794B97A7FAABD2910873C85274F409 . 93184 . . [6.00.2900.5512] . . c:\windows\SoftwareDistribution\Download\9866fb57abdc0ea2f5d4e132d055ba4e\iexplore.exe
[7] 2004-08-03 . E7484514C0464642BE7B4DC2689354C8 . 93184 . . [6.00.2900.2180] . . c:\windows\$NtServicePackUninstall$\iexplore.exe
[7] 2004-08-03 . E7484514C0464642BE7B4DC2689354C8 . 93184 . . [6.00.2900.2180] . . c:\windows\SoftwareDistribution\Download\2bc0b3c55e0c166e04844934d1c7c342\backup\iexplore.exe
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"BluetoothAuthenticationAgent"="bthprops.cpl" [2008-04-14 110592]
"NVMixerTray"="c:\program files\NVIDIA Corporation\NvMixer\NVMixerTray.exe" [2004-06-03 131072]
"SoundMan"="SOUNDMAN.EXE" [2007-04-16 577536]
"nwiz"="c:\program files\NVIDIA Corporation\nView\nwiz.exe" [2010-07-07 1753192]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2010-07-09 110696]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2010-07-09 13923432]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2010-09-23 35760]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-09-20 932288]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
hp psc 1000 series.lnk - c:\program files\Hewlett-Packard\Digital Imaging\bin\hpohmr08.exe [2003-4-6 147456]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoSMBalloonTip"= 0 (0x0)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^hpoddt01.exe.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\hpoddt01.exe.lnk
backup=c:\windows\pss\hpoddt01.exe.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^Hong^Start Menu^Programs^Startup^0ddzppl.exe]
path=c:\documents and settings\Hong\Start Menu\Programs\Startup\0ddzppl.exe
backup=c:\windows\pss\0ddzppl.exeStartup

[HKLM\~\startupfolder\C:^Documents and Settings^Hong^Start Menu^Programs^Startup^5n0tup8.exe]
path=c:\documents and settings\Hong\Start Menu\Programs\Startup\5n0tup8.exe
backup=c:\windows\pss\5n0tup8.exeStartup

[HKLM\~\startupfolder\C:^Documents and Settings^Hong^Start Menu^Programs^Startup^a1wssneezq.exe]
path=c:\documents and settings\Hong\Start Menu\Programs\Startup\a1wssneezq.exe
backup=c:\windows\pss\a1wssneezq.exeStartup

[HKLM\~\startupfolder\C:^Documents and Settings^Hong^Start Menu^Programs^Startup^a3mc1ijj.exe]
path=c:\documents and settings\Hong\Start Menu\Programs\Startup\a3mc1ijj.exe
backup=c:\windows\pss\a3mc1ijj.exeStartup

[HKLM\~\startupfolder\C:^Documents and Settings^Hong^Start Menu^Programs^Startup^Adobe Gamma.lnk]
path=c:\documents and settings\Hong\Start Menu\Programs\Startup\Adobe Gamma.lnk
backup=c:\windows\pss\Adobe Gamma.lnkStartup

[HKLM\~\startupfolder\C:^Documents and Settings^Hong^Start Menu^Programs^Startup^avbg3ss3.exe]
path=c:\documents and settings\Hong\Start Menu\Programs\Startup\avbg3ss3.exe
backup=c:\windows\pss\avbg3ss3.exeStartup

[HKLM\~\startupfolder\C:^Documents and Settings^Hong^Start Menu^Programs^Startup^bhxnijjf.exe]
path=c:\documents and settings\Hong\Start Menu\Programs\Startup\bhxnijjf.exe
backup=c:\windows\pss\bhxnijjf.exeStartup

[HKLM\~\startupfolder\C:^Documents and Settings^Hong^Start Menu^Programs^Startup^cxxotup83.exe]
path=c:\documents and settings\Hong\Start Menu\Programs\Startup\cxxotup83.exe
backup=c:\windows\pss\cxxotup83.exeStartup

[HKLM\~\startupfolder\C:^Documents and Settings^Hong^Start Menu^Programs^Startup^fagg3ss3ee1.exe]
path=c:\documents and settings\Hong\Start Menu\Programs\Startup\fagg3ss3ee1.exe
backup=c:\windows\pss\fagg3ss3ee1.exeStartup

[HKLM\~\startupfolder\C:^Documents and Settings^Hong^Start Menu^Programs^Startup^g70hdyy6k.exe]
path=c:\documents and settings\Hong\Start Menu\Programs\Startup\g70hdyy6k.exe
backup=c:\windows\pss\g70hdyy6k.exeStartup

[HKLM\~\startupfolder\C:^Documents and Settings^Hong^Start Menu^Programs^Startup^i3uuklq8.exe]
path=c:\documents and settings\Hong\Start Menu\Programs\Startup\i3uuklq8.exe
backup=c:\windows\pss\i3uuklq8.exeStartup

[HKLM\~\startupfolder\C:^Documents and Settings^Hong^Start Menu^Programs^Startup^i3uuklq860.exe]
path=c:\documents and settings\Hong\Start Menu\Programs\Startup\i3uuklq860.exe
backup=c:\windows\pss\i3uuklq860.exeStartup

[HKLM\~\startupfolder\C:^Documents and Settings^Hong^Start Menu^Programs^Startup^lwhns3ee1q.exe]
path=c:\documents and settings\Hong\Start Menu\Programs\Startup\lwhns3ee1q.exe
backup=c:\windows\pss\lwhns3ee1q.exeStartup

[HKLM\~\startupfolder\C:^Documents and Settings^Hong^Start Menu^Programs^Startup^MagicDisc.lnk]
path=c:\documents and settings\Hong\Start Menu\Programs\Startup\MagicDisc.lnk
backup=c:\windows\pss\MagicDisc.lnkStartup

[HKLM\~\startupfolder\C:^Documents and Settings^Hong^Start Menu^Programs^Startup^OpenOffice.org 3.0.lnk]
path=c:\documents and settings\Hong\Start Menu\Programs\Startup\OpenOffice.org 3.0.lnk
backup=c:\windows\pss\OpenOffice.org 3.0.lnkStartup

[HKLM\~\startupfolder\C:^Documents and Settings^Hong^Start Menu^Programs^Startup^riddzpplq3.exe]
path=c:\documents and settings\Hong\Start Menu\Programs\Startup\riddzpplq3.exe
backup=c:\windows\pss\riddzpplq3.exeStartup

[HKLM\~\startupfolder\C:^Documents and Settings^Hong^Start Menu^Programs^Startup^rrnddzpplbb.exe]
path=c:\documents and settings\Hong\Start Menu\Programs\Startup\rrnddzpplbb.exe
backup=c:\windows\pss\rrnddzpplbb.exeStartup

[HKLM\~\startupfolder\C:^Documents and Settings^Hong^Start Menu^Programs^Startup^s86e81qbcxd.exe]
path=c:\documents and settings\Hong\Start Menu\Programs\Startup\s86e81qbcxd.exe
backup=c:\windows\pss\s86e81qbcxd.exeStartup

[HKLM\~\startupfolder\C:^Documents and Settings^Hong^Start Menu^Programs^Startup^uk0g3ss3ee1.exe]
path=c:\documents and settings\Hong\Start Menu\Programs\Startup\uk0g3ss3ee1.exe
backup=c:\windows\pss\uk0g3ss3ee1.exeStartup

[HKLM\~\startupfolder\C:^Documents and Settings^Hong^Start Menu^Programs^Startup^vmmhyytk.exe]
path=c:\documents and settings\Hong\Start Menu\Programs\Startup\vmmhyytk.exe
backup=c:\windows\pss\vmmhyytk.exeStartup

[HKLM\~\startupfolder\C:^Documents and Settings^Hong^Start Menu^Programs^Startup^w0xnijjfk3.exe]
path=c:\documents and settings\Hong\Start Menu\Programs\Startup\w0xnijjfk3.exe
backup=c:\windows\pss\w0xnijjfk3.exeStartup

[HKLM\~\startupfolder\C:^Documents and Settings^Hong^Start Menu^Programs^Startup^whx9ye0k3w.exe]
path=c:\documents and settings\Hong\Start Menu\Programs\Startup\whx9ye0k3w.exe
backup=c:\windows\pss\whx9ye0k3w.exeStartup

[HKLM\~\startupfolder\C:^Documents and Settings^Hong^Start Menu^Programs^Startup^WinFlip.lnk]
path=c:\documents and settings\Hong\Start Menu\Programs\Startup\WinFlip.lnk
backup=c:\windows\pss\WinFlip.lnkStartup

[HKLM\~\startupfolder\C:^Documents and Settings^Hong^Start Menu^Programs^Startup^y8703g0hxd6.exe]
path=c:\documents and settings\Hong\Start Menu\Programs\Startup\y8703g0hxd6.exe
backup=c:\windows\pss\y8703g0hxd6.exeStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Aim6]
~ [X]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KernelFaultCheck]
c:\windows\system32\dumprep 0 -k [X]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
2010-09-20 22:07 932288 ----a-r- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
2010-09-23 03:47 35760 ----a-w- c:\program files\Adobe\Reader 9.0\Reader\reader_sl.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AdobeAAMUpdater-1.0]
2010-03-06 01:44 500208 ------w- c:\program files\Common Files\Adobe\OOBE\PDApp\UWA\updaterstartuputility.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AdobeCS4ServiceManager]
2008-08-14 05:58 611712 ----a-w- c:\program files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AdobeCS5ServiceManager]
2010-07-22 21:10 402432 ----a-w- c:\program files\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BDRegion]
2010-06-28 20:50 75048 ----a-w- c:\program files\Cyberlink\Shared files\brs.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools Lite]
2010-04-01 09:16 357696 ----a-w- c:\program files\DAEMON Tools Lite\DTLite.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DivXUpdate]
2010-04-12 22:46 1135912 ----a-w- c:\program files\DivX\DivX Update\DivXUpdate.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Update]
2009-09-24 16:57 133104 ----atw- c:\documents and settings\Hong\Local Settings\Application Data\Google\Update\GoogleUpdate.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ICQ]
2010-10-27 12:20 133432 ----a-w- c:\program files\ICQ7.1\ICQ.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\msnmsgr]
2009-07-26 15:44 3883856 ----a-w- c:\program files\Windows Live\Messenger\msnmsgr.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
2001-07-09 19:50 155648 ----a-w- c:\windows\system32\NeroCheck.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NVIDIA nTune]
2007-09-04 18:25 81920 ----a-w- c:\program files\NVIDIA Corporation\nTune\nTuneCmd.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvMediaCenter]
2010-07-09 14:24 110696 ----a-w- c:\windows\system32\nvmctray.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2009-05-26 15:18 413696 ----a-w- c:\program files\QuickTime\QTTask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RemoteControl10]
2010-02-02 22:08 87336 ------w- d:\powerdvd10\PDVD10Serv.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2009-02-14 22:12 148888 ----a-w- c:\program files\Java\jre6\bin\jusched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SwitchBoard]
2010-02-19 11:37 517096 ----a-w- c:\program files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinampAgent]
2010-07-12 16:32 74752 ----a-w- c:\program files\Winamp\winampa.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"ose"=3 (0x3)
"idsvc"=3 (0x3)
"ICQ Service"=2 (0x2)
"WZCSVC"=2 (0x2)
"wuauserv"=2 (0x2)
"wscsvc"=2 (0x2)
"JavaQuickStarterService"=2 (0x2)
"NetTcpPortSharing"=2 (0x2)
"WMPNetworkSvc"=3 (0x3)
"gusvc"=2 (0x2)
"gupdate1c9aca3419ed106"=2 (0x2)
"Viewpoint Manager Service"=2 (0x2)
"MDM"=2 (0x2)
"Adobe LM Service"=3 (0x3)
"ServiceLayer"=3 (0x3)
"IDriverT"=3 (0x3)
"fsssvc"=3 (0x3)
"FLEXnet Licensing Service"=3 (0x3)
"nvsvc"=2 (0x2)
"nTuneService"=2 (0x2)
"CachemanXPService"=3 (0x3)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Opera\\opera.exe"=
"c:\\Program Files\\uTorrent\\uTorrent.exe"=
"c:\\Program Files\\ICQ7.1\\ICQ.exe"=
"c:\\Program Files\\ICQ7.1\\aolload.exe"=
"c:\\Program Files\\Pando Networks\\Media Booster\\PMB.exe"=
"c:\\WINDOWS\\system32\\kouloomorou.exe"=
"c:\\WINDOWS\\system32\\gezaquou.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"57447:TCP"= 57447:TCP:Pando Media Booster
"57447:UDP"= 57447:UDP:Pando Media Booster

R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [14.11.2010 18:28 64288]
R0 sptd;sptd;c:\windows\system32\drivers\sptd.sys [16.2.2009 4:57 691696]
R2 {1BA31E5A-C098-42d8-8F88-3C9F78A2FDDC};Power Control [2010/07/11 13:05];d:\powerdvd10\NavFilter\000.fcl [28.6.2010 21:50 87536]
R2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\Lavasoft\Ad-Aware\AAWService.exe [23.9.2010 8:46 1355928]
S2 u1thmtecye6;PowerUtility TV Recording Reservation;c:\windows\system32\pyhu.exe --> c:\windows\system32\pyhu.exe [?]
S2 uoza4yyk0e9m6;Crystal Report Application Server;c:\windows\system32\vinysooqu.exe --> c:\windows\system32\vinysooqu.exe [?]
S2 vboooobo4;Blue Coat K9 Web Protection;c:\windows\system32\kusoorig.exe --> c:\windows\system32\kusoorig.exe [?]
S3 SwitchBoard;SwitchBoard;c:\program files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [19.2.2010 12:37 517096]
S4 CachemanXPService;CachemanXP;c:\documents and settings\Hong\Desktop\Hong\CachemanXP.exe --> c:\documents and settings\Hong\Desktop\Hong\CachemanXP.exe [?]
S4 Viewpoint Manager Service;Viewpoint Manager Service;c:\program files\Viewpoint\Common\ViewpointService.exe [23.8.2009 15:35 24652]

--- Other Services/Drivers In Memory ---

*NewlyCreated* - LAVASOFT_KERNEXPLORER
.
Contents of the 'Scheduled Tasks' folder

2010-11-14 c:\windows\Tasks\Ad-Aware Update (Weekly).job
- c:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2010-09-23 07:46]

2010-11-13 c:\windows\Tasks\AdobeAAMUpdater-1.0-FAJKOS-Hong.job
- c:\program files\Common Files\Adobe\OOBE\PDApp\UWA\updaterstartuputility.exe [2010-05-13 01:44]

2010-11-14 c:\windows\Tasks\FRU Task 2003-04-06 08:52ewlett-Packard2003-04-06 08:52p psc 1200 series5E771253C1676EBED677BF361FDFC537825E15B8275498585.job
- c:\program files\Hewlett-Packard\Digital Imaging\Bin\hpqfrucl.exe [2003-04-05 22:52]

2010-11-14 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-789336058-839522115-1617979688-1003Core.job
- c:\documents and settings\Hong\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2009-09-24 16:57]

2010-11-14 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-789336058-839522115-1617979688-1003UA.job
- c:\documents and settings\Hong\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2009-09-24 16:57]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://fullarticles.net
mStart Page = hxxp://www.games-fusion.net
IE: {{71BFC818-0CED-42D6-9C87-5142918957EE} - c:\program files\ICQ7.1\ICQ.exe
Trusted Zone: com.tw\asia.msi
Trusted Zone: com.tw\global.msi
Trusted Zone: com.tw\www.msi
FF - ProfilePath - c:\documents and settings\Hong\Application Data\Mozilla\Firefox\Profiles\gb2ngkbk.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.live.com/results.aspx?FORM=IEFM1&q=
FF - prefs.js: browser.search.selectedEngine - ICQ Search
FF - prefs.js: browser.startup.homepage - hxxp://www.facebook.com/
FF - prefs.js: keyword.URL - hxxp://search.icq.com/search/afe_results.php?ch_id=afex&tb_ver=2.0.0.2&q=
FF - prefs.js: network.proxy.type - 2
FF - component: c:\documents and settings\Hong\Application Data\Mozilla\Firefox\Profiles\gb2ngkbk.default\extensions\DTToolbar@toolbarnet.com\components\DTToolbarFF.dll
FF - plugin: c:\documents and settings\Hong\Application Data\Facebook\npfbplugin_1_0_1.dll
FF - plugin: c:\documents and settings\Hong\Application Data\Facebook\npfbplugin_1_0_3.dll
FF - plugin: c:\documents and settings\Hong\Local Settings\Application Data\Google\Update\1.2.183.13\npGoogleOneClick8.dll
FF - plugin: c:\program files\DivX\DivX Plus Web Player\npdivx32.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npViewpoint.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npwachk.dll
FF - plugin: c:\program files\Opera\program\plugins\npdivx32.dll
FF - plugin: c:\program files\Pando Networks\Media Booster\npPandoWebPlugin.dll
FF - plugin: c:\program files\Viewpoint\Viewpoint Media Player\npViewpoint.dll
FF - plugin: c:\program files\Windows Live\Photo Gallery\NPWLPG.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

---- FIREFOX POLICIES ----
FF - user.js: browser.cache.memory.capacity - 65536
FF - user.js: browser.display.show_image_placeholders - true
FF - user.js: browser.chrome.favicons - false
FF - user.js: browser.turbo.enabled - true
FF - user.js: browser.urlbar.autocomplete.enabled - true
FF - user.js: browser.urlbar.autofill - true
FF - user.js: content.interrupt.parsing - true
FF - user.js: content.max.tokenizing.time - 2250000
FF - user.js: content.notify.backoffcount - 5
FF - user.js: content.notify.interval - 750000
FF - user.js: content.notify.ontimer - true
FF - user.js: content.switch.threshold - 750000
FF - user.js: network.http.max-connections - 48
FF - user.js: network.http.max-connections-per-server - 16
FF - user.js: network.http.max-persistent-connections-per-proxy - 16
FF - user.js: network.http.max-persistent-connections-per-server - 8
FF - user.js: network.http.pipelining - true
FF - user.js: network.http.pipelining.firstrequest - true
FF - user.js: network.http.pipelining.maxrequests - 8
FF - user.js: network.http.proxy.pipelining - true
FF - user.js: network.http.request.max-start-delay - 0
FF - user.js: nglayout.initialpaint.delay - 0
FF - user.js: plugin.expose_full_path - true
FF - user.js: ui.submenuDelay - 0
c:\program files\Mozilla Firefox\defaults\pref\firefox-l10n.js - pref("browser.fixup.alternate.suffix", ".sk");
.
- - - - ORPHANS REMOVED - - - -

SafeBoot-djqbevax.sys
SafeBoot-owtnqeks.sys
MSConfigStartUp-LSA Shellu - c:\documents and settings\Hong\lsass.exe
MSConfigStartUp-nwiz - nwiz.exe
MSConfigStartUp-RelevantKnowledge - c:\program files\relevantknowledge\rlvknlg.exe
MSConfigStartUp-Steam - c:\program files\steam\steam.exe
AddRemove-Steam App 211 - c:\program files\Steam\steam.exe
AddRemove-Steam App 4000 - c:\program files\Steam\steam.exe
AddRemove-Steam App 630 - c:\program files\steam\steam.exe
AddRemove-{D2FCA41E-AC01-4DCD-B3A7-DC9E32363065}}_is1 - c:\program files\BRS\unins000.exe



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-11-14 19:09
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\{1BA31E5A-C098-42d8-8F88-3C9F78A2FDDC}]
"ImagePath"="\??\d:\powerdvd10\NavFilter\000.fcl"
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_USERS\S-1-5-21-789336058-839522115-1617979688-1003\Software\Microsoft\SystemCertificates\AddressBook*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(924)
c:\program files\Common Files\Adobe\Adobe Drive CS4\AdobeDriveCS4_NP.dll
c:\windows\system32\cscui.dll

- - - - - - - > 'explorer.exe'(1944)
c:\windows\system32\SETUPAPI.dll
c:\windows\system32\WPDShServiceObj.dll
c:\program files\Nokia\Nokia PC Suite 7\PhoneBrowser.dll
c:\program files\Nokia\Nokia PC Suite 7\NGSCM.DLL
c:\program files\Nokia\Nokia PC Suite 7\Lang\PhoneBrowser_cze.nlr
c:\program files\Nokia\Nokia PC Suite 7\Resource\PhoneBrowser_Nokia.ngr
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
c:\progra~1\MICROS~2\OFFICE11\MCPS.DLL
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\rundll32.exe
c:\windows\SOUNDMAN.EXE
c:\windows\system32\RUNDLL32.EXE
c:\program files\Hewlett-Packard\Digital Imaging\bin\hpoevm08.exe
c:\windows\system32\wbem\unsecapp.exe
c:\windows\system32\wscntfy.exe
c:\program files\Hewlett-Packard\Digital Imaging\Bin\hpoSTS08.exe
c:\program files\Lavasoft\Ad-Aware\AAWTray.exe
c:\program files\Opera\opera.exe
.
**************************************************************************
.
Completion time: 2010-11-14 19:14:41 - machine was rebooted
ComboFix-quarantined-files.txt 2010-11-14 18:14

Pre-Run: 43 984 764 928 bytes free
Post-Run: 43 832 713 216 bytes free

WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
UnsupportedDebug="do not select this" /debug
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect /usepmtimer

Current=1 Default=1 Failed=0 LastKnownGood=5 Sets=1,2,3,4,5
- - End Of File - - 08A972F4E04D6C64176BE67E21EF5ACD

Re: FB virus asi...Pomoc

Napsal: 14 lis 2010 20:02
od Marek-26
Odinstalujte Ad-Aware. Pokud máte instalovaný AdobeCS4 i CS5 jeden odinstalujte :wink:

pokud jste tak jeste neucinil, presunte Combofix na plochu

otevrete si Poznamkovy blok

do nej zkopirujte skript z nasledujiciho okna:

Kód: Vybrat vše

KillAll::

File::
C:\WINDOWS\system32\CF27787.exe
c:\windows\system32\tebuheg.exe
c:\windows\system32\kouloomorou.exe
c:\windows\system32\gezaquou.exe
c:\windows\ALCFDRTM.VER
c:\documents and settings\Hong\Start Menu\Programs\Startup\0ddzppl.exe
c:\windows\pss\0ddzppl.exeStartup
c:\documents and settings\Hong\Start Menu\Programs\Startup\5n0tup8.exe
c:\windows\pss\5n0tup8.exeStartup
c:\documents and settings\Hong\Start Menu\Programs\Startup\a1wssneezq.exe
c:\windows\pss\a1wssneezq.exeStartup
c:\documents and settings\Hong\Start Menu\Programs\Startup\a3mc1ijj.exe
c:\windows\pss\a3mc1ijj.exeStartup
c:\documents and settings\Hong\Start Menu\Programs\Startup\avbg3ss3.exe
c:\windows\pss\avbg3ss3.exeStartup
c:\documents and settings\Hong\Start Menu\Programs\Startup\bhxnijjf.exe
c:\windows\pss\bhxnijjf.exeStartup
c:\documents and settings\Hong\Start Menu\Programs\Startup\cxxotup83.exe
c:\windows\pss\cxxotup83.exeStartup
c:\documents and settings\Hong\Start Menu\Programs\Startup\fagg3ss3ee1.exe
c:\windows\pss\fagg3ss3ee1.exeStartup
c:\documents and settings\Hong\Start Menu\Programs\Startup\g70hdyy6k.exe
c:\windows\pss\g70hdyy6k.exeStartup
c:\documents and settings\Hong\Start Menu\Programs\Startup\i3uuklq8.exe
c:\windows\pss\i3uuklq8.exeStartup
c:\documents and settings\Hong\Start Menu\Programs\Startup\i3uuklq860.exe
c:\windows\pss\i3uuklq860.exeStartup
c:\documents and settings\Hong\Start Menu\Programs\Startup\lwhns3ee1q.exe
c:\windows\pss\lwhns3ee1q.exeStartup
c:\documents and settings\Hong\Start Menu\Programs\Startup\riddzpplq3.exe
c:\windows\pss\riddzpplq3.exeStartup
c:\documents and settings\Hong\Start Menu\Programs\Startup\rrnddzpplbb.exe
c:\windows\pss\rrnddzpplbb.exeStartup
c:\documents and settings\Hong\Start Menu\Programs\Startup\s86e81qbcxd.exe
c:\windows\pss\s86e81qbcxd.exeStartup
c:\documents and settings\Hong\Start Menu\Programs\Startup\uk0g3ss3ee1.exe
c:\windows\pss\uk0g3ss3ee1.exeStartup
c:\documents and settings\Hong\Start Menu\Programs\Startup\vmmhyytk.exe
c:\windows\pss\vmmhyytk.exeStartup
c:\documents and settings\Hong\Start Menu\Programs\Startup\w0xnijjfk3.exe
c:\windows\pss\w0xnijjfk3.exeStartup
c:\documents and settings\Hong\Start Menu\Programs\Startup\whx9ye0k3w.exe
c:\windows\pss\whx9ye0k3w.exeStartup
c:\documents and settings\Hong\Start Menu\Programs\Startup\y8703g0hxd6.exe
c:\windows\pss\y8703g0hxd6.exeStartup


Registry::
[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Aim6]
[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KernelFaultCheck]

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"c:\\WINDOWS\\system32\\kouloomorou.exe"= -
"c:\\WINDOWS\\system32\\gezaquou.exe"= -

ulozte vami vytvoreny textovy soubor jako CFScript.txt na plochu

po ulozeni uchopte vami vytvoreny skript levym tlacitkem mysi a presunte jej nad ikonu Combofixu, nad niz skript upustte:

Obrázek

po aplikaci by na vas mel vybafnout dalsi log, vlozte jej sem :)

Upozorneni: je mozne, ze po aplikaci skriptu a restartu nenabehnou Windows, v takovem pripade znovu restartujte, po restartu mackejte F8 a zvolte Posledni znamou fukncni konfiguraci :)

Re: FB virus asi...Pomoc

Napsal: 14 lis 2010 21:53
od Hong
ComboFix 10-11-13.01 - Hong 14.11.2010 21:43:33.7.1 - x86
Microsoft Windows XP Professional 5.1.2600.3.1250.421.1033.18.2559.1971 [GMT 1:00]
Running from: c:\documents and settings\Hong\Desktop\Hong\Programy\ComboFix.exe
Command switches used :: c:\documents and settings\Hong\Desktop\CFScript.txt

FILE ::
"c:\documents and settings\Hong\Start Menu\Programs\Startup\0ddzppl.exe"
"c:\documents and settings\Hong\Start Menu\Programs\Startup\5n0tup8.exe"
"c:\documents and settings\Hong\Start Menu\Programs\Startup\a1wssneezq.exe"
"c:\documents and settings\Hong\Start Menu\Programs\Startup\a3mc1ijj.exe"
"c:\documents and settings\Hong\Start Menu\Programs\Startup\avbg3ss3.exe"
"c:\documents and settings\Hong\Start Menu\Programs\Startup\bhxnijjf.exe"
"c:\documents and settings\Hong\Start Menu\Programs\Startup\cxxotup83.exe"
"c:\documents and settings\Hong\Start Menu\Programs\Startup\fagg3ss3ee1.exe"
"c:\documents and settings\Hong\Start Menu\Programs\Startup\g70hdyy6k.exe"
"c:\documents and settings\Hong\Start Menu\Programs\Startup\i3uuklq8.exe"
"c:\documents and settings\Hong\Start Menu\Programs\Startup\i3uuklq860.exe"
"c:\documents and settings\Hong\Start Menu\Programs\Startup\lwhns3ee1q.exe"
"c:\documents and settings\Hong\Start Menu\Programs\Startup\riddzpplq3.exe"
"c:\documents and settings\Hong\Start Menu\Programs\Startup\rrnddzpplbb.exe"
"c:\documents and settings\Hong\Start Menu\Programs\Startup\s86e81qbcxd.exe"
"c:\documents and settings\Hong\Start Menu\Programs\Startup\uk0g3ss3ee1.exe"
"c:\documents and settings\Hong\Start Menu\Programs\Startup\vmmhyytk.exe"
"c:\documents and settings\Hong\Start Menu\Programs\Startup\w0xnijjfk3.exe"
"c:\documents and settings\Hong\Start Menu\Programs\Startup\whx9ye0k3w.exe"
"c:\documents and settings\Hong\Start Menu\Programs\Startup\y8703g0hxd6.exe"
"c:\windows\ALCFDRTM.VER"
"c:\windows\pss\0ddzppl.exeStartup"
"c:\windows\pss\5n0tup8.exeStartup"
"c:\windows\pss\a1wssneezq.exeStartup"
"c:\windows\pss\a3mc1ijj.exeStartup"
"c:\windows\pss\avbg3ss3.exeStartup"
"c:\windows\pss\bhxnijjf.exeStartup"
"c:\windows\pss\cxxotup83.exeStartup"
"c:\windows\pss\fagg3ss3ee1.exeStartup"
"c:\windows\pss\g70hdyy6k.exeStartup"
"c:\windows\pss\i3uuklq8.exeStartup"
"c:\windows\pss\i3uuklq860.exeStartup"
"c:\windows\pss\lwhns3ee1q.exeStartup"
"c:\windows\pss\riddzpplq3.exeStartup"
"c:\windows\pss\rrnddzpplbb.exeStartup"
"c:\windows\pss\s86e81qbcxd.exeStartup"
"c:\windows\pss\uk0g3ss3ee1.exeStartup"
"c:\windows\pss\vmmhyytk.exeStartup"
"c:\windows\pss\w0xnijjfk3.exeStartup"
"c:\windows\pss\whx9ye0k3w.exeStartup"
"c:\windows\pss\y8703g0hxd6.exeStartup"
"c:\windows\system32\CF27787.exe"
"c:\windows\system32\gezaquou.exe"
"c:\windows\system32\kouloomorou.exe"
"c:\windows\system32\tebuheg.exe"
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\windows\ALCFDRTM.VER
c:\windows\pss\0ddzppl.exeStartup
c:\windows\pss\5n0tup8.exeStartup
c:\windows\pss\a1wssneezq.exeStartup
c:\windows\pss\a3mc1ijj.exeStartup
c:\windows\pss\avbg3ss3.exeStartup
c:\windows\pss\bhxnijjf.exeStartup
c:\windows\pss\cxxotup83.exeStartup
c:\windows\pss\fagg3ss3ee1.exeStartup
c:\windows\pss\g70hdyy6k.exeStartup
c:\windows\pss\i3uuklq8.exeStartup
c:\windows\pss\i3uuklq860.exeStartup
c:\windows\pss\lwhns3ee1q.exeStartup
c:\windows\pss\riddzpplq3.exeStartup
c:\windows\pss\rrnddzpplbb.exeStartup
c:\windows\pss\s86e81qbcxd.exeStartup
c:\windows\pss\uk0g3ss3ee1.exeStartup
c:\windows\pss\vmmhyytk.exeStartup
c:\windows\pss\w0xnijjfk3.exeStartup
c:\windows\pss\whx9ye0k3w.exeStartup
c:\windows\pss\y8703g0hxd6.exeStartup
c:\windows\system32\CF27787.exe
c:\windows\system32\gezaquou.exe
c:\windows\system32\kouloomorou.exe
c:\windows\system32\tebuheg.exe

.
((((((((((((((((((((((((( Files Created from 2010-10-14 to 2010-11-14 )))))))))))))))))))))))))))))))
.

2010-11-14 17:44 . 2010-11-14 17:44 -------- d-----w- C:\rsit
2010-11-14 17:23 . 2010-11-14 17:23 -------- d-----w- c:\documents and settings\Hong\Local Settings\Application Data\Sunbelt Software
2010-11-14 17:22 . 2010-11-14 20:42 -------- d-----w- c:\documents and settings\All Users\Application Data\Lavasoft
2010-11-14 16:41 . 2010-11-14 16:41 -------- d-----w- c:\documents and settings\Administrator\Local Settings\Application Data\Apple Computer
2010-11-14 16:28 . 2010-11-14 16:28 -------- d-----w- c:\documents and settings\Administrator\Local Settings\Application Data\ApplicationHistory
2010-11-13 18:36 . 2010-11-14 11:40 -------- d-----w- c:\program files\Spybot - Search & Destroy
2010-11-13 18:36 . 2010-11-13 18:41 -------- d-----w- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2010-11-02 16:57 . 2010-11-03 13:28 -------- d-----w- C:\fotky
2010-10-28 21:42 . 2010-10-28 21:42 -------- d-----w- c:\documents and settings\All Users\Application Data\Trymedia

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-08-19 11:10 . 2010-08-19 11:10 445016 ----a-w- c:\windows\system32\wrap_oal.dll
2010-08-19 11:10 . 2010-08-19 11:10 109144 ----a-w- c:\windows\system32\OpenAL32.dll
2009-05-01 21:02 . 2009-05-01 21:02 1044480 ----a-w- c:\program files\opera\program\plugins\libdivx.dll
2009-05-01 21:02 . 2009-05-01 21:02 200704 ----a-w- c:\program files\opera\program\plugins\ssldivx.dll
.

------- Sigcheck -------

[7] 2009-12-22 . 5747867041C33E26DA5CC893C9532DB8 . 3071488 . . [6.00.2900.3660] . . c:\windows\$hf_mig$\KB978207\SP2QFE\mshtml.dll
[7] 2009-12-22 . A758F0891A87EE005848A0BC740A5B96 . 3071488 . . [6.00.2900.5921] . . c:\windows\$hf_mig$\KB978207\SP3GDR\mshtml.dll
[7] 2009-12-22 . AD17006339C1934D86449F335C241FF1 . 3073536 . . [6.00.2900.5921] . . c:\windows\$hf_mig$\KB978207\SP3QFE\mshtml.dll
[7] 2008-12-12 . B6DAA74E2ED36C71B502945589A683AE . 3067904 . . [6.00.2900.5726] . . c:\windows\$hf_mig$\KB960714\SP3QFE\mshtml.dll
[7] 2008-12-12 . C828AA1C5469E72251F3D367005E589F . 3067904 . . [6.00.2900.5726] . . c:\windows\SoftwareDistribution\Download\abbfe8992e55aa6ab630ccb81e3b1e56\backup\sp3gdr\mshtml.dll
[7] 2008-12-12 . C828AA1C5469E72251F3D367005E589F . 3067904 . . [6.00.2900.5726] . . c:\windows\SoftwareDistribution\Download\abbfe8992e55aa6ab630ccb81e3b1e56\backup\sp3qfe\mshtml.dll
[-] 2008-12-12 . CFC3D32583AB0EAE13E98A0492A4F5EF . 3444736 . . [6.00.2900.5726] . . c:\windows\system32\mshtml.dll
[7] 2008-10-16 . CC5A2205D37AE67CE23AB7FD3E1FDACA . 3067904 . . [6.00.2900.5694] . . c:\windows\$hf_mig$\KB958215\SP3QFE\mshtml.dll
[7] 2008-04-14 . A706E122B398FE1AB85CB9B75D044223 . 3066880 . . [6.00.2900.5512] . . c:\windows\ServicePackFiles\i386\mshtml.dll
[7] 2008-04-14 . A706E122B398FE1AB85CB9B75D044223 . 3066880 . . [6.00.2900.5512] . . c:\windows\SoftwareDistribution\Download\9866fb57abdc0ea2f5d4e132d055ba4e\mshtml.dll
[7] 2004-08-03 . 376E0843B2356CA91CEC8D9837A56FF7 . 3003392 . . [6.00.2900.2180] . . c:\windows\SoftwareDistribution\Download\2bc0b3c55e0c166e04844934d1c7c342\backup\mshtml.dll

[7] 2009-02-08 . EFE8EACE83EAAD5849A7A548FB75B584 . 2189184 . . [5.1.2600.5755] . . c:\windows\$hf_mig$\KB956572\SP3QFE\ntoskrnl.exe
[7] 2009-02-06 . FACEBB0CA3154F77009CDFEE78A00BBB . 2180480 . . [5.1.2600.3520] . . c:\windows\$NtServicePackUninstall$\ntoskrnl.exe
[7] 2009-02-06 . 7A95B10A73737EBF24139AAA63F5212B . 2189056 . . [5.1.2600.5755] . . c:\windows\$hf_mig$\KB956572\SP3GDR\ntoskrnl.exe
[7] 2009-02-06 . 6A936E9D7BADAF3CAAEED1E1966EC1B0 . 2186112 . . [5.1.2600.3520] . . c:\windows\$hf_mig$\KB956572\SP2QFE\ntoskrnl.exe
[7] 2008-08-15 . 31914172342BFF330063F343AC6958FE . 2189184 . . [5.1.2600.5657] . . c:\windows\$hf_mig$\KB956841\SP3QFE\ntoskrnl.exe
[7] 2008-08-14 . EEAF32F8E15A24F62BECB1BD403BB5C5 . 2189184 . . [5.1.2600.5657] . . c:\windows\Driver Cache\i386\ntoskrnl.exe
[-] 2008-08-14 . 24F1370B92B402AEFE07D50E0668194A . 2197888 . . [5.1.2600.5657] . . c:\windows\system32\ntoskrnl.exe
[7] 2008-04-13 . 0C89243C7C3EE199B96FCC16990E0679 . 2188928 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\ntoskrnl.exe
[7] 2008-04-13 . 0C89243C7C3EE199B96FCC16990E0679 . 2188928 . . [5.1.2600.5512] . . c:\windows\SoftwareDistribution\Download\9866fb57abdc0ea2f5d4e132d055ba4e\ntoskrnl.exe
[7] 2004-08-03 . CE218BC7088681FAA06633E218596CA7 . 2180992 . . [5.1.2600.2180] . . c:\windows\SoftwareDistribution\Download\2bc0b3c55e0c166e04844934d1c7c342\backup\ntoskrnl.exe

[-] 2008-04-14 . BF09E580BA8E3846F9E107B5A7041837 . 4919296 . . [6.00.2900.5512] . . c:\windows\explorer.exe
[-] 2008-04-14 . BF09E580BA8E3846F9E107B5A7041837 . 4919296 . . [6.00.2900.5512] . . c:\windows\ServicePackFiles\i386\explorer.exe
[-] 2008-04-14 . EE5BB6E5C76B793C9F58AAC68ED18D79 . 1480192 . . [6.00.2900.5512] . . c:\windows\VCP_SAVE\explorer.exe
[7] 2008-04-14 . 12896823FB95BFB3DC9B46BCAEDC9923 . 1033728 . . [6.00.2900.5512] . . c:\windows\SoftwareDistribution\Download\9866fb57abdc0ea2f5d4e132d055ba4e\explorer.exe
[7] 2004-08-03 . A0732187050030AE399B241436565E64 . 1032192 . . [6.00.2900.2180] . . c:\windows\$NtServicePackUninstall$\explorer.exe
[7] 2004-08-03 . A0732187050030AE399B241436565E64 . 1032192 . . [6.00.2900.2180] . . c:\windows\SoftwareDistribution\Download\2bc0b3c55e0c166e04844934d1c7c342\backup\explorer.exe

[7] 2009-02-08 . 5BA7F2141BC6DB06100D0E5A732C617A . 2066048 . . [5.1.2600.5755] . . c:\windows\$hf_mig$\KB956572\SP3GDR\ntkrnlpa.exe
[7] 2009-02-06 . 3006410E24772CC6953F0B5C01BEB35F . 2057728 . . [5.1.2600.3520] . . c:\windows\$NtServicePackUninstall$\ntkrnlpa.exe
[7] 2009-02-06 . 607352B9CB3D708C67F6039097801B5A . 2066176 . . [5.1.2600.5755] . . c:\windows\$hf_mig$\KB956572\SP3QFE\ntkrnlpa.exe
[7] 2009-02-06 . 9D832AF3FD1917DB0E1E8B2F000A2E3A . 2062976 . . [5.1.2600.3520] . . c:\windows\$hf_mig$\KB956572\SP2QFE\ntkrnlpa.exe
[7] 2008-08-14 . A25E9B86EFFB2AF33BF51E676B68BFB0 . 2066048 . . [5.1.2600.5657] . . c:\windows\$hf_mig$\KB956841\SP3QFE\ntkrnlpa.exe
[7] 2008-08-14 . 4AC58F03EB94A72809949D757FC39D80 . 2066048 . . [5.1.2600.5657] . . c:\windows\Driver Cache\i386\ntkrnlpa.exe
[-] 2008-08-14 . 0AD2A07C291E051CBCF90EED4F1D87B6 . 2074752 . . [5.1.2600.5657] . . c:\windows\system32\ntkrnlpa.exe
[7] 2008-04-13 . 109F8E3E3C82E337BB71B6BC9B895D61 . 2065792 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\ntkrnlpa.exe
[7] 2008-04-13 . 109F8E3E3C82E337BB71B6BC9B895D61 . 2065792 . . [5.1.2600.5512] . . c:\windows\SoftwareDistribution\Download\9866fb57abdc0ea2f5d4e132d055ba4e\ntkrnlpa.exe
[7] 2004-08-03 . 947FB1D86D14AFCFFDB54BF837EC25D0 . 2056832 . . [5.1.2600.2180] . . c:\windows\SoftwareDistribution\Download\2bc0b3c55e0c166e04844934d1c7c342\backup\ntkrnlpa.exe

[7] 2008-04-14 . 55794B97A7FAABD2910873C85274F409 . 93184 . . [6.00.2900.5512] . . c:\windows\ServicePackFiles\i386\iexplore.exe
[7] 2008-04-14 . 55794B97A7FAABD2910873C85274F409 . 93184 . . [6.00.2900.5512] . . c:\windows\SoftwareDistribution\Download\9866fb57abdc0ea2f5d4e132d055ba4e\iexplore.exe
[7] 2004-08-03 . E7484514C0464642BE7B4DC2689354C8 . 93184 . . [6.00.2900.2180] . . c:\windows\$NtServicePackUninstall$\iexplore.exe
[7] 2004-08-03 . E7484514C0464642BE7B4DC2689354C8 . 93184 . . [6.00.2900.2180] . . c:\windows\SoftwareDistribution\Download\2bc0b3c55e0c166e04844934d1c7c342\backup\iexplore.exe
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"BluetoothAuthenticationAgent"="bthprops.cpl" [2008-04-14 110592]
"NVMixerTray"="c:\program files\NVIDIA Corporation\NvMixer\NVMixerTray.exe" [2004-06-03 131072]
"SoundMan"="SOUNDMAN.EXE" [2007-04-16 577536]
"nwiz"="c:\program files\NVIDIA Corporation\nView\nwiz.exe" [2010-07-07 1753192]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2010-07-09 110696]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2010-07-09 13923432]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2010-09-23 35760]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-09-20 932288]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
hp psc 1000 series.lnk - c:\program files\Hewlett-Packard\Digital Imaging\bin\hpohmr08.exe [2003-4-6 147456]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoSMBalloonTip"= 0 (0x0)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^hpoddt01.exe.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\hpoddt01.exe.lnk
backup=c:\windows\pss\hpoddt01.exe.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^Hong^Start Menu^Programs^Startup^0ddzppl.exe]
path=c:\documents and settings\Hong\Start Menu\Programs\Startup\0ddzppl.exe
backup=c:\windows\pss\0ddzppl.exeStartup

[HKLM\~\startupfolder\C:^Documents and Settings^Hong^Start Menu^Programs^Startup^5n0tup8.exe]
path=c:\documents and settings\Hong\Start Menu\Programs\Startup\5n0tup8.exe
backup=c:\windows\pss\5n0tup8.exeStartup

[HKLM\~\startupfolder\C:^Documents and Settings^Hong^Start Menu^Programs^Startup^a1wssneezq.exe]
path=c:\documents and settings\Hong\Start Menu\Programs\Startup\a1wssneezq.exe
backup=c:\windows\pss\a1wssneezq.exeStartup

[HKLM\~\startupfolder\C:^Documents and Settings^Hong^Start Menu^Programs^Startup^a3mc1ijj.exe]
path=c:\documents and settings\Hong\Start Menu\Programs\Startup\a3mc1ijj.exe
backup=c:\windows\pss\a3mc1ijj.exeStartup

[HKLM\~\startupfolder\C:^Documents and Settings^Hong^Start Menu^Programs^Startup^Adobe Gamma.lnk]
path=c:\documents and settings\Hong\Start Menu\Programs\Startup\Adobe Gamma.lnk
backup=c:\windows\pss\Adobe Gamma.lnkStartup

[HKLM\~\startupfolder\C:^Documents and Settings^Hong^Start Menu^Programs^Startup^avbg3ss3.exe]
path=c:\documents and settings\Hong\Start Menu\Programs\Startup\avbg3ss3.exe
backup=c:\windows\pss\avbg3ss3.exeStartup

[HKLM\~\startupfolder\C:^Documents and Settings^Hong^Start Menu^Programs^Startup^bhxnijjf.exe]
path=c:\documents and settings\Hong\Start Menu\Programs\Startup\bhxnijjf.exe
backup=c:\windows\pss\bhxnijjf.exeStartup

[HKLM\~\startupfolder\C:^Documents and Settings^Hong^Start Menu^Programs^Startup^cxxotup83.exe]
path=c:\documents and settings\Hong\Start Menu\Programs\Startup\cxxotup83.exe
backup=c:\windows\pss\cxxotup83.exeStartup

[HKLM\~\startupfolder\C:^Documents and Settings^Hong^Start Menu^Programs^Startup^fagg3ss3ee1.exe]
path=c:\documents and settings\Hong\Start Menu\Programs\Startup\fagg3ss3ee1.exe
backup=c:\windows\pss\fagg3ss3ee1.exeStartup

[HKLM\~\startupfolder\C:^Documents and Settings^Hong^Start Menu^Programs^Startup^g70hdyy6k.exe]
path=c:\documents and settings\Hong\Start Menu\Programs\Startup\g70hdyy6k.exe
backup=c:\windows\pss\g70hdyy6k.exeStartup

[HKLM\~\startupfolder\C:^Documents and Settings^Hong^Start Menu^Programs^Startup^i3uuklq8.exe]
path=c:\documents and settings\Hong\Start Menu\Programs\Startup\i3uuklq8.exe
backup=c:\windows\pss\i3uuklq8.exeStartup

[HKLM\~\startupfolder\C:^Documents and Settings^Hong^Start Menu^Programs^Startup^i3uuklq860.exe]
path=c:\documents and settings\Hong\Start Menu\Programs\Startup\i3uuklq860.exe
backup=c:\windows\pss\i3uuklq860.exeStartup

[HKLM\~\startupfolder\C:^Documents and Settings^Hong^Start Menu^Programs^Startup^lwhns3ee1q.exe]
path=c:\documents and settings\Hong\Start Menu\Programs\Startup\lwhns3ee1q.exe
backup=c:\windows\pss\lwhns3ee1q.exeStartup

[HKLM\~\startupfolder\C:^Documents and Settings^Hong^Start Menu^Programs^Startup^MagicDisc.lnk]
path=c:\documents and settings\Hong\Start Menu\Programs\Startup\MagicDisc.lnk
backup=c:\windows\pss\MagicDisc.lnkStartup

[HKLM\~\startupfolder\C:^Documents and Settings^Hong^Start Menu^Programs^Startup^OpenOffice.org 3.0.lnk]
path=c:\documents and settings\Hong\Start Menu\Programs\Startup\OpenOffice.org 3.0.lnk
backup=c:\windows\pss\OpenOffice.org 3.0.lnkStartup

[HKLM\~\startupfolder\C:^Documents and Settings^Hong^Start Menu^Programs^Startup^riddzpplq3.exe]
path=c:\documents and settings\Hong\Start Menu\Programs\Startup\riddzpplq3.exe
backup=c:\windows\pss\riddzpplq3.exeStartup

[HKLM\~\startupfolder\C:^Documents and Settings^Hong^Start Menu^Programs^Startup^rrnddzpplbb.exe]
path=c:\documents and settings\Hong\Start Menu\Programs\Startup\rrnddzpplbb.exe
backup=c:\windows\pss\rrnddzpplbb.exeStartup

[HKLM\~\startupfolder\C:^Documents and Settings^Hong^Start Menu^Programs^Startup^s86e81qbcxd.exe]
path=c:\documents and settings\Hong\Start Menu\Programs\Startup\s86e81qbcxd.exe
backup=c:\windows\pss\s86e81qbcxd.exeStartup

[HKLM\~\startupfolder\C:^Documents and Settings^Hong^Start Menu^Programs^Startup^uk0g3ss3ee1.exe]
path=c:\documents and settings\Hong\Start Menu\Programs\Startup\uk0g3ss3ee1.exe
backup=c:\windows\pss\uk0g3ss3ee1.exeStartup

[HKLM\~\startupfolder\C:^Documents and Settings^Hong^Start Menu^Programs^Startup^vmmhyytk.exe]
path=c:\documents and settings\Hong\Start Menu\Programs\Startup\vmmhyytk.exe
backup=c:\windows\pss\vmmhyytk.exeStartup

[HKLM\~\startupfolder\C:^Documents and Settings^Hong^Start Menu^Programs^Startup^w0xnijjfk3.exe]
path=c:\documents and settings\Hong\Start Menu\Programs\Startup\w0xnijjfk3.exe
backup=c:\windows\pss\w0xnijjfk3.exeStartup

[HKLM\~\startupfolder\C:^Documents and Settings^Hong^Start Menu^Programs^Startup^whx9ye0k3w.exe]
path=c:\documents and settings\Hong\Start Menu\Programs\Startup\whx9ye0k3w.exe
backup=c:\windows\pss\whx9ye0k3w.exeStartup

[HKLM\~\startupfolder\C:^Documents and Settings^Hong^Start Menu^Programs^Startup^WinFlip.lnk]
path=c:\documents and settings\Hong\Start Menu\Programs\Startup\WinFlip.lnk
backup=c:\windows\pss\WinFlip.lnkStartup

[HKLM\~\startupfolder\C:^Documents and Settings^Hong^Start Menu^Programs^Startup^y8703g0hxd6.exe]
path=c:\documents and settings\Hong\Start Menu\Programs\Startup\y8703g0hxd6.exe
backup=c:\windows\pss\y8703g0hxd6.exeStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
2010-09-20 22:07 932288 ----a-r- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
2010-09-23 03:47 35760 ----a-w- c:\program files\Adobe\Reader 9.0\Reader\reader_sl.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AdobeAAMUpdater-1.0]
2010-03-06 01:44 500208 ------w- c:\program files\Common Files\Adobe\OOBE\PDApp\UWA\updaterstartuputility.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AdobeCS4ServiceManager]
2008-08-14 05:58 611712 ----a-w- c:\program files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AdobeCS5ServiceManager]
2010-07-22 21:10 402432 ----a-w- c:\program files\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BDRegion]
2010-06-28 20:50 75048 ----a-w- c:\program files\Cyberlink\Shared files\brs.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools Lite]
2010-04-01 09:16 357696 ----a-w- c:\program files\DAEMON Tools Lite\DTLite.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DivXUpdate]
2010-04-12 22:46 1135912 ----a-w- c:\program files\DivX\DivX Update\DivXUpdate.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Update]
2009-09-24 16:57 133104 ----atw- c:\documents and settings\Hong\Local Settings\Application Data\Google\Update\GoogleUpdate.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ICQ]
2010-10-27 12:20 133432 ----a-w- c:\program files\ICQ7.1\ICQ.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\msnmsgr]
2009-07-26 15:44 3883856 ----a-w- c:\program files\Windows Live\Messenger\msnmsgr.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
2001-07-09 19:50 155648 ----a-w- c:\windows\system32\NeroCheck.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NVIDIA nTune]
2007-09-04 18:25 81920 ----a-w- c:\program files\NVIDIA Corporation\nTune\nTuneCmd.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvMediaCenter]
2010-07-09 14:24 110696 ----a-w- c:\windows\system32\nvmctray.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2009-05-26 15:18 413696 ----a-w- c:\program files\QuickTime\QTTask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RemoteControl10]
2010-02-02 22:08 87336 ------w- d:\powerdvd10\PDVD10Serv.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2009-02-14 22:12 148888 ----a-w- c:\program files\Java\jre6\bin\jusched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SwitchBoard]
2010-02-19 11:37 517096 ----a-w- c:\program files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinampAgent]
2010-07-12 16:32 74752 ----a-w- c:\program files\Winamp\winampa.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"ose"=3 (0x3)
"idsvc"=3 (0x3)
"ICQ Service"=2 (0x2)
"WZCSVC"=2 (0x2)
"wuauserv"=2 (0x2)
"wscsvc"=2 (0x2)
"JavaQuickStarterService"=2 (0x2)
"NetTcpPortSharing"=2 (0x2)
"WMPNetworkSvc"=3 (0x3)
"gusvc"=2 (0x2)
"gupdate1c9aca3419ed106"=2 (0x2)
"Viewpoint Manager Service"=2 (0x2)
"MDM"=2 (0x2)
"Adobe LM Service"=3 (0x3)
"ServiceLayer"=3 (0x3)
"IDriverT"=3 (0x3)
"fsssvc"=3 (0x3)
"FLEXnet Licensing Service"=3 (0x3)
"nvsvc"=2 (0x2)
"nTuneService"=2 (0x2)
"CachemanXPService"=3 (0x3)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Opera\\opera.exe"=
"c:\\Program Files\\uTorrent\\uTorrent.exe"=
"c:\\Program Files\\ICQ7.1\\ICQ.exe"=
"c:\\Program Files\\ICQ7.1\\aolload.exe"=
"c:\\Program Files\\Pando Networks\\Media Booster\\PMB.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"57447:TCP"= 57447:TCP:Pando Media Booster
"57447:UDP"= 57447:UDP:Pando Media Booster

R0 sptd;sptd;c:\windows\system32\drivers\sptd.sys [16.2.2009 4:57 691696]
R2 {1BA31E5A-C098-42d8-8F88-3C9F78A2FDDC};Power Control [2010/07/11 13:05];d:\powerdvd10\NavFilter\000.fcl [28.6.2010 21:50 87536]
S2 u1thmtecye6;PowerUtility TV Recording Reservation;c:\windows\system32\pyhu.exe --> c:\windows\system32\pyhu.exe [?]
S2 uoza4yyk0e9m6;Crystal Report Application Server;c:\windows\system32\vinysooqu.exe --> c:\windows\system32\vinysooqu.exe [?]
S2 vboooobo4;Blue Coat K9 Web Protection;c:\windows\system32\kusoorig.exe --> c:\windows\system32\kusoorig.exe [?]
S3 SwitchBoard;SwitchBoard;c:\program files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [19.2.2010 12:37 517096]
S4 CachemanXPService;CachemanXP;c:\documents and settings\Hong\Desktop\Hong\CachemanXP.exe --> c:\documents and settings\Hong\Desktop\Hong\CachemanXP.exe [?]
S4 Viewpoint Manager Service;Viewpoint Manager Service;c:\program files\Viewpoint\Common\ViewpointService.exe [23.8.2009 15:35 24652]
.
Contents of the 'Scheduled Tasks' folder

2010-11-13 c:\windows\Tasks\AdobeAAMUpdater-1.0-FAJKOS-Hong.job
- c:\program files\Common Files\Adobe\OOBE\PDApp\UWA\updaterstartuputility.exe [2010-05-13 01:44]

2010-11-14 c:\windows\Tasks\FRU Task 2003-04-06 08:52ewlett-Packard2003-04-06 08:52p psc 1200 series5E771253C1676EBED677BF361FDFC537825E15B8275498585.job
- c:\program files\Hewlett-Packard\Digital Imaging\Bin\hpqfrucl.exe [2003-04-05 22:52]

2010-11-14 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-789336058-839522115-1617979688-1003Core.job
- c:\documents and settings\Hong\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2009-09-24 16:57]

2010-11-14 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-789336058-839522115-1617979688-1003UA.job
- c:\documents and settings\Hong\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2009-09-24 16:57]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://fullarticles.net
mStart Page = hxxp://www.games-fusion.net
IE: {{71BFC818-0CED-42D6-9C87-5142918957EE} - c:\program files\ICQ7.1\ICQ.exe
Trusted Zone: com.tw\asia.msi
Trusted Zone: com.tw\global.msi
Trusted Zone: com.tw\www.msi
FF - ProfilePath - c:\documents and settings\Hong\Application Data\Mozilla\Firefox\Profiles\gb2ngkbk.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.live.com/results.aspx?FORM=IEFM1&q=
FF - prefs.js: browser.search.selectedEngine - ICQ Search
FF - prefs.js: browser.startup.homepage - hxxp://www.facebook.com/
FF - prefs.js: keyword.URL - hxxp://search.icq.com/search/afe_results.php?ch_id=afex&tb_ver=2.0.0.2&q=
FF - prefs.js: network.proxy.type - 2
FF - component: c:\documents and settings\Hong\Application Data\Mozilla\Firefox\Profiles\gb2ngkbk.default\extensions\DTToolbar@toolbarnet.com\components\DTToolbarFF.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

---- FIREFOX POLICIES ----
FF - user.js: browser.cache.memory.capacity - 65536
FF - user.js: browser.display.show_image_placeholders - true
FF - user.js: browser.chrome.favicons - false
FF - user.js: browser.turbo.enabled - true
FF - user.js: browser.urlbar.autocomplete.enabled - true
FF - user.js: browser.urlbar.autofill - true
FF - user.js: content.interrupt.parsing - true
FF - user.js: content.max.tokenizing.time - 2250000
FF - user.js: content.notify.backoffcount - 5
FF - user.js: content.notify.interval - 750000
FF - user.js: content.notify.ontimer - true
FF - user.js: content.switch.threshold - 750000
FF - user.js: network.http.max-connections - 48
FF - user.js: network.http.max-connections-per-server - 16
FF - user.js: network.http.max-persistent-connections-per-proxy - 16
FF - user.js: network.http.max-persistent-connections-per-server - 8
FF - user.js: network.http.pipelining - true
FF - user.js: network.http.pipelining.firstrequest - true
FF - user.js: network.http.pipelining.maxrequests - 8
FF - user.js: network.http.proxy.pipelining - true
FF - user.js: network.http.request.max-start-delay - 0
FF - user.js: nglayout.initialpaint.delay - 0
FF - user.js: plugin.expose_full_path - true
FF - user.js: ui.submenuDelay - 0
c:\program files\Mozilla Firefox\defaults\pref\firefox-l10n.js - pref("browser.fixup.alternate.suffix", ".sk");
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-11-14 21:49
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\{1BA31E5A-C098-42d8-8F88-3C9F78A2FDDC}]
"ImagePath"="\??\d:\powerdvd10\NavFilter\000.fcl"
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_USERS\S-1-5-21-789336058-839522115-1617979688-1003\Software\Microsoft\SystemCertificates\AddressBook*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(680)
c:\program files\Common Files\Adobe\Adobe Drive CS4\AdobeDriveCS4_NP.dll
c:\windows\system32\cscui.dll

- - - - - - - > 'explorer.exe'(1952)
c:\windows\system32\SETUPAPI.dll
c:\windows\system32\WPDShServiceObj.dll
c:\program files\Nokia\Nokia PC Suite 7\PhoneBrowser.dll
c:\program files\Nokia\Nokia PC Suite 7\NGSCM.DLL
c:\program files\Nokia\Nokia PC Suite 7\Lang\PhoneBrowser_cze.nlr
c:\program files\Nokia\Nokia PC Suite 7\Resource\PhoneBrowser_Nokia.ngr
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\rundll32.exe
c:\windows\SOUNDMAN.EXE
c:\windows\system32\RUNDLL32.EXE
c:\program files\Hewlett-Packard\Digital Imaging\bin\hpoevm08.exe
c:\program files\Hewlett-Packard\Digital Imaging\Bin\hpoSTS08.exe
c:\windows\system32\wscntfy.exe
.
**************************************************************************
.
Completion time: 2010-11-14 21:52:18 - machine was rebooted
ComboFix-quarantined-files.txt 2010-11-14 20:52
ComboFix2.txt 2010-11-14 18:14

Pre-Run: 44 138 786 816 bytes free
Post-Run: 44 147 535 872 bytes free

Current=1 Default=1 Failed=0 LastKnownGood=5 Sets=1,2,3,4,5
- - End Of File - - 98E648E521097AC46DA5EABE769E65DF

Re: FB virus asi...Pomoc

Napsal: 14 lis 2010 22:26
od Marek-26
Poprosím ještě o aktuální log z HiJackThis :) najdete ho zde C:\Program Files\trend micro\Hong.exe otevřete a zvolte první tlačítko ("Do a system scan and save a logfile") :wink:

Re: FB virus asi...Pomoc

Napsal: 14 lis 2010 22:32
od Hong
Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 22:32:49, on 14.11.2010
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpohmr08.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpoevm08.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\Bin\hpoSTS08.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Opera\opera.exe
D:\World of Warcraft\WoW.exe
C:\Program Files\Trend Micro\Hong.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://fullarticles.net
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.games-fusion.net
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [NVMixerTray] "C:\Program Files\NVIDIA Corporation\NvMixer\NVMixerTray.exe"
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [nwiz] C:\Program Files\NVIDIA Corporation\nView\nwiz.exe /installquiet
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: hp psc 1000 series.lnk = ?
O9 - Extra button: ICQ7.1 - {71BFC818-0CED-42D6-9C87-5142918957EE} - C:\Program Files\ICQ7.1\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ7.1 - {71BFC818-0CED-42D6-9C87-5142918957EE} - C:\Program Files\ICQ7.1\ICQ.exe
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O15 - Trusted Zone: http://asia.msi.com.tw
O15 - Trusted Zone: http://global.msi.com.tw
O15 - Trusted Zone: http://www.msi.com.tw
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} - http://go.microsoft.com/fwlink/?linkid=39204
O17 - HKLM\System\CS2\Services\Tcpip\..\{4E527C7F-B448-47FD-A285-E20A917552BE}: NameServer = 92.245.2.245,92.245.2.162
O17 - HKLM\System\CS3\Services\Tcpip\..\{4E527C7F-B448-47FD-A285-E20A917552BE}: NameServer = 92.245.2.245,92.245.2.162
O17 - HKLM\System\CS4\Services\Tcpip\..\{4E527C7F-B448-47FD-A285-E20A917552BE}: NameServer = 92.2.245.245,92.2.245.162
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: SwitchBoard - Adobe Systems Incorporated - C:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
O23 - Service: PowerUtility TV Recording Reservation (u1thmtecye6) - Unknown owner - C:\WINDOWS\system32\pyhu.exe (file missing)
O23 - Service: Crystal Report Application Server (uoza4yyk0e9m6) - Unknown owner - C:\WINDOWS\system32\vinysooqu.exe (file missing)
O23 - Service: Blue Coat K9 Web Protection (vboooobo4) - Unknown owner - C:\WINDOWS\system32\kusoorig.exe (file missing)

--
End of file - 4686 bytes

Re: FB virus asi...Pomoc

Napsal: 15 lis 2010 08:46
od Marek-26
Ještě klikněte na MBAM v mém podpisu a postupujte dle návodu :) zatím opravdu nic nemažte :wink: Uvidíme zda se někde ještě něco válí.

Toto mi ještě otestujte na virustotal.com:
c:\windows\system32\mshtml.dll
c:\windows\system32\ntoskrnl.exe
c:\windows\explorer.exe
c:\windows\system32\ntkrnlpa.exe

Vložte sem jen odkaz na výsledky :wink:

Re: FB virus asi...Pomoc

Napsal: 15 lis 2010 17:55
od Hoong
TU JE LOG:

Malwarebytes' Anti-Malware 1.44
Verze databáze: 3667
Windows 5.1.2600 Service Pack 3
Internet Explorer 6.0.2900.5512

15.11.2010 17:50:08
mbam-log-2010-11-15 (17-50-08).txt

Typ kontroly: Rychlá kontrola
Zkontrolované objekty: 122396
Uplynulý čas: 4 minute(s), 56 second(s)

Infikované procesy v paměti: 0
Infikované moduly v paměti: 0
Infikované klíče registru: 0
Infikované hodnoty registru: 0
Infikované datové položky registru: 0
Infikované adresáře: 0
Infikované soubory: 0

Infikované procesy v paměti:
(Nebyly nalezeny žádné škodlivé položky)

Infikované moduly v paměti:
(Nebyly nalezeny žádné škodlivé položky)

Infikované klíče registru:
(Nebyly nalezeny žádné škodlivé položky)

Infikované hodnoty registru:
(Nebyly nalezeny žádné škodlivé položky)

Infikované datové položky registru:
(Nebyly nalezeny žádné škodlivé položky)

Infikované adresáře:
(Nebyly nalezeny žádné škodlivé položky)

Infikované soubory:
(Nebyly nalezeny žádné škodlivé položky)


Na virus total com som dal skenovat vsetky subory a je to OK..

Re: FB virus asi...Pomoc

Napsal: 15 lis 2010 20:59
od Marek-26
Takže už jen dočistíme :)

Udělejte ještě jeden nový CFscript :wink: a opakujte postup s ním

Kód: Vybrat vše

Driver::
PowerUtility TV Recording Reservation
Crystal Report Application Server
Blue Coat K9 Web Protection
CachemanXP

Registry::
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupfolder\C:\Documents and Settings\Hong\Start Menu\Programs\Startup\0ddzppl.exe
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupfolder\C:\Documents and Settings\Hong\Start Menu\Programs\Startup\5n0tup8.exe
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupfolder\C:\Documents and Settings\Hong\Start Menu\Programs\Startup\a1wssneezq.exe
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupfolder\C:\Documents and Settings\Hong\Start Menu\Programs\Startup\a3mc1ijj.exe
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupfolder\C:\Documents and Settings\Hong\Start Menu\Programs\Startup\avbg3ss3.exe
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupfolder\C:\Documents and Settings\Hong\Start Menu\Programs\Startup\bhxnijjf.exe
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupfolder\C:\Documents and Settings\Hong\Start Menu\Programs\Startup\cxxotup83.exe
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupfolder\C:\Documents and Settings\Hong\Start Menu\Programs\Startup\fagg3ss3ee1.exe
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupfolder\C:\Documents and Settings\Hong\Start Menu\Programs\Startup\g70hdyy6k.exe
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupfolder\C:\Documents and Settings\Hong\Start Menu\Programs\Startup\i3uuklq8.exe
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupfolder\C:\Documents and Settings\Hong\Start Menu\Programs\Startup\i3uuklq860.exe
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupfolder\C:\Documents and Settings\Hong\Start Menu\Programs\Startup\lwhns3ee1q.exe
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupfolder\C:\Documents and Settings\Hong\Start Menu\Programs\Startup\riddzpplq3.exe
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupfolder\C:\Documents and Settings\Hong\Start Menu\Programs\Startup\rrnddzpplbb.exe
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupfolder\C:\Documents and Settings\Hong\Start Menu\Programs\Startup\s86e81qbcxd.exe
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupfolder\C:\Documents and Settings\Hong\Start Menu\Programs\Startup\uk0g3ss3ee1.exe
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupfolder\C:\Documents and Settings\Hong\Start Menu\Programs\Startup\vmmhyytk.exe
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupfolder\C:\Documents and Settings\Hong\Start Menu\Programs\Startup\w0xnijjfk3.exe
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupfolder\C:\Documents and Settings\Hong\Start Menu\Programs\Startup\whx9ye0k3w.exe
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupfolder\C:\Documents and Settings\Hong\Start Menu\Programs\Startup\y8703g0hxd6.exe

FixCSet::

Re: FB virus asi...Pomoc

Napsal: 15 lis 2010 22:34
od Hoong
ComboFix 10-11-13.01 - Hong 15.11.2010 22:25:30.8.1 - x86
Microsoft Windows XP Professional 5.1.2600.3.1250.421.1033.18.2559.2120 [GMT 1:00]
Running from: c:\documents and settings\Hong\Desktop\Hong\Programy\ComboFix.exe
Command switches used :: c:\documents and settings\Hong\Desktop\CFscript.txt
.

((((((((((((((((((((((((( Files Created from 2010-10-15 to 2010-11-15 )))))))))))))))))))))))))))))))
.

2010-11-14 17:44 . 2010-11-14 17:44 -------- d-----w- C:\rsit
2010-11-14 17:23 . 2010-11-14 17:23 -------- d-----w- c:\documents and settings\Hong\Local Settings\Application Data\Sunbelt Software
2010-11-14 17:22 . 2010-11-14 20:42 -------- d-----w- c:\documents and settings\All Users\Application Data\Lavasoft
2010-11-14 16:41 . 2010-11-14 16:41 -------- d-----w- c:\documents and settings\Administrator\Local Settings\Application Data\Apple Computer
2010-11-14 16:28 . 2010-11-14 16:28 -------- d-----w- c:\documents and settings\Administrator\Local Settings\Application Data\ApplicationHistory
2010-11-13 18:36 . 2010-11-14 11:40 -------- d-----w- c:\program files\Spybot - Search & Destroy
2010-11-13 18:36 . 2010-11-13 18:41 -------- d-----w- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2010-11-02 16:57 . 2010-11-03 13:28 -------- d-----w- C:\fotky
2010-10-28 21:42 . 2010-10-28 21:42 -------- d-----w- c:\documents and settings\All Users\Application Data\Trymedia

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-08-19 11:10 . 2010-08-19 11:10 445016 ----a-w- c:\windows\system32\wrap_oal.dll
2010-08-19 11:10 . 2010-08-19 11:10 109144 ----a-w- c:\windows\system32\OpenAL32.dll
2009-05-01 21:02 . 2009-05-01 21:02 1044480 ----a-w- c:\program files\opera\program\plugins\libdivx.dll
2009-05-01 21:02 . 2009-05-01 21:02 200704 ----a-w- c:\program files\opera\program\plugins\ssldivx.dll
.

------- Sigcheck -------

[7] 2009-12-22 . 5747867041C33E26DA5CC893C9532DB8 . 3071488 . . [6.00.2900.3660] . . c:\windows\$hf_mig$\KB978207\SP2QFE\mshtml.dll
[7] 2009-12-22 . A758F0891A87EE005848A0BC740A5B96 . 3071488 . . [6.00.2900.5921] . . c:\windows\$hf_mig$\KB978207\SP3GDR\mshtml.dll
[7] 2009-12-22 . AD17006339C1934D86449F335C241FF1 . 3073536 . . [6.00.2900.5921] . . c:\windows\$hf_mig$\KB978207\SP3QFE\mshtml.dll
[7] 2008-12-12 . B6DAA74E2ED36C71B502945589A683AE . 3067904 . . [6.00.2900.5726] . . c:\windows\$hf_mig$\KB960714\SP3QFE\mshtml.dll
[7] 2008-12-12 . C828AA1C5469E72251F3D367005E589F . 3067904 . . [6.00.2900.5726] . . c:\windows\SoftwareDistribution\Download\abbfe8992e55aa6ab630ccb81e3b1e56\backup\sp3gdr\mshtml.dll
[7] 2008-12-12 . C828AA1C5469E72251F3D367005E589F . 3067904 . . [6.00.2900.5726] . . c:\windows\SoftwareDistribution\Download\abbfe8992e55aa6ab630ccb81e3b1e56\backup\sp3qfe\mshtml.dll
[-] 2008-12-12 . CFC3D32583AB0EAE13E98A0492A4F5EF . 3444736 . . [6.00.2900.5726] . . c:\windows\system32\mshtml.dll
[7] 2008-10-16 . CC5A2205D37AE67CE23AB7FD3E1FDACA . 3067904 . . [6.00.2900.5694] . . c:\windows\$hf_mig$\KB958215\SP3QFE\mshtml.dll
[7] 2008-04-14 . A706E122B398FE1AB85CB9B75D044223 . 3066880 . . [6.00.2900.5512] . . c:\windows\ServicePackFiles\i386\mshtml.dll
[7] 2008-04-14 . A706E122B398FE1AB85CB9B75D044223 . 3066880 . . [6.00.2900.5512] . . c:\windows\SoftwareDistribution\Download\9866fb57abdc0ea2f5d4e132d055ba4e\mshtml.dll
[7] 2004-08-03 . 376E0843B2356CA91CEC8D9837A56FF7 . 3003392 . . [6.00.2900.2180] . . c:\windows\SoftwareDistribution\Download\2bc0b3c55e0c166e04844934d1c7c342\backup\mshtml.dll

[7] 2009-02-08 . EFE8EACE83EAAD5849A7A548FB75B584 . 2189184 . . [5.1.2600.5755] . . c:\windows\$hf_mig$\KB956572\SP3QFE\ntoskrnl.exe
[7] 2009-02-06 . FACEBB0CA3154F77009CDFEE78A00BBB . 2180480 . . [5.1.2600.3520] . . c:\windows\$NtServicePackUninstall$\ntoskrnl.exe
[7] 2009-02-06 . 7A95B10A73737EBF24139AAA63F5212B . 2189056 . . [5.1.2600.5755] . . c:\windows\$hf_mig$\KB956572\SP3GDR\ntoskrnl.exe
[7] 2009-02-06 . 6A936E9D7BADAF3CAAEED1E1966EC1B0 . 2186112 . . [5.1.2600.3520] . . c:\windows\$hf_mig$\KB956572\SP2QFE\ntoskrnl.exe
[7] 2008-08-15 . 31914172342BFF330063F343AC6958FE . 2189184 . . [5.1.2600.5657] . . c:\windows\$hf_mig$\KB956841\SP3QFE\ntoskrnl.exe
[7] 2008-08-14 . EEAF32F8E15A24F62BECB1BD403BB5C5 . 2189184 . . [5.1.2600.5657] . . c:\windows\Driver Cache\i386\ntoskrnl.exe
[-] 2008-08-14 . 24F1370B92B402AEFE07D50E0668194A . 2197888 . . [5.1.2600.5657] . . c:\windows\system32\ntoskrnl.exe
[7] 2008-04-13 . 0C89243C7C3EE199B96FCC16990E0679 . 2188928 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\ntoskrnl.exe
[7] 2008-04-13 . 0C89243C7C3EE199B96FCC16990E0679 . 2188928 . . [5.1.2600.5512] . . c:\windows\SoftwareDistribution\Download\9866fb57abdc0ea2f5d4e132d055ba4e\ntoskrnl.exe
[7] 2004-08-03 . CE218BC7088681FAA06633E218596CA7 . 2180992 . . [5.1.2600.2180] . . c:\windows\SoftwareDistribution\Download\2bc0b3c55e0c166e04844934d1c7c342\backup\ntoskrnl.exe

[-] 2008-04-14 . BF09E580BA8E3846F9E107B5A7041837 . 4919296 . . [6.00.2900.5512] . . c:\windows\explorer.exe
[-] 2008-04-14 . BF09E580BA8E3846F9E107B5A7041837 . 4919296 . . [6.00.2900.5512] . . c:\windows\ServicePackFiles\i386\explorer.exe
[-] 2008-04-14 . EE5BB6E5C76B793C9F58AAC68ED18D79 . 1480192 . . [6.00.2900.5512] . . c:\windows\VCP_SAVE\explorer.exe
[7] 2008-04-14 . 12896823FB95BFB3DC9B46BCAEDC9923 . 1033728 . . [6.00.2900.5512] . . c:\windows\SoftwareDistribution\Download\9866fb57abdc0ea2f5d4e132d055ba4e\explorer.exe
[7] 2004-08-03 . A0732187050030AE399B241436565E64 . 1032192 . . [6.00.2900.2180] . . c:\windows\$NtServicePackUninstall$\explorer.exe
[7] 2004-08-03 . A0732187050030AE399B241436565E64 . 1032192 . . [6.00.2900.2180] . . c:\windows\SoftwareDistribution\Download\2bc0b3c55e0c166e04844934d1c7c342\backup\explorer.exe

[7] 2009-02-08 . 5BA7F2141BC6DB06100D0E5A732C617A . 2066048 . . [5.1.2600.5755] . . c:\windows\$hf_mig$\KB956572\SP3GDR\ntkrnlpa.exe
[7] 2009-02-06 . 3006410E24772CC6953F0B5C01BEB35F . 2057728 . . [5.1.2600.3520] . . c:\windows\$NtServicePackUninstall$\ntkrnlpa.exe
[7] 2009-02-06 . 607352B9CB3D708C67F6039097801B5A . 2066176 . . [5.1.2600.5755] . . c:\windows\$hf_mig$\KB956572\SP3QFE\ntkrnlpa.exe
[7] 2009-02-06 . 9D832AF3FD1917DB0E1E8B2F000A2E3A . 2062976 . . [5.1.2600.3520] . . c:\windows\$hf_mig$\KB956572\SP2QFE\ntkrnlpa.exe
[7] 2008-08-14 . A25E9B86EFFB2AF33BF51E676B68BFB0 . 2066048 . . [5.1.2600.5657] . . c:\windows\$hf_mig$\KB956841\SP3QFE\ntkrnlpa.exe
[7] 2008-08-14 . 4AC58F03EB94A72809949D757FC39D80 . 2066048 . . [5.1.2600.5657] . . c:\windows\Driver Cache\i386\ntkrnlpa.exe
[-] 2008-08-14 . 0AD2A07C291E051CBCF90EED4F1D87B6 . 2074752 . . [5.1.2600.5657] . . c:\windows\system32\ntkrnlpa.exe
[7] 2008-04-13 . 109F8E3E3C82E337BB71B6BC9B895D61 . 2065792 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\ntkrnlpa.exe
[7] 2008-04-13 . 109F8E3E3C82E337BB71B6BC9B895D61 . 2065792 . . [5.1.2600.5512] . . c:\windows\SoftwareDistribution\Download\9866fb57abdc0ea2f5d4e132d055ba4e\ntkrnlpa.exe
[7] 2004-08-03 . 947FB1D86D14AFCFFDB54BF837EC25D0 . 2056832 . . [5.1.2600.2180] . . c:\windows\SoftwareDistribution\Download\2bc0b3c55e0c166e04844934d1c7c342\backup\ntkrnlpa.exe

[7] 2008-04-14 . 55794B97A7FAABD2910873C85274F409 . 93184 . . [6.00.2900.5512] . . c:\windows\ServicePackFiles\i386\iexplore.exe
[7] 2008-04-14 . 55794B97A7FAABD2910873C85274F409 . 93184 . . [6.00.2900.5512] . . c:\windows\SoftwareDistribution\Download\9866fb57abdc0ea2f5d4e132d055ba4e\iexplore.exe
[7] 2004-08-03 . E7484514C0464642BE7B4DC2689354C8 . 93184 . . [6.00.2900.2180] . . c:\windows\$NtServicePackUninstall$\iexplore.exe
[7] 2004-08-03 . E7484514C0464642BE7B4DC2689354C8 . 93184 . . [6.00.2900.2180] . . c:\windows\SoftwareDistribution\Download\2bc0b3c55e0c166e04844934d1c7c342\backup\iexplore.exe
.
((((((((((((((((((((((((((((( SnapShot@2010-11-14_20.49.06 )))))))))))))))))))))))))))))))))))))))))
.
- 2001-08-23 12:00 . 2010-11-12 18:07 72590 c:\windows\system32\perfc009.dat
+ 2001-08-23 12:00 . 2010-11-15 15:58 72590 c:\windows\system32\perfc009.dat
+ 2001-08-23 12:00 . 2010-11-15 15:58 444524 c:\windows\system32\perfh009.dat
- 2001-08-23 12:00 . 2010-11-12 18:07 444524 c:\windows\system32\perfh009.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"BluetoothAuthenticationAgent"="bthprops.cpl" [2008-04-14 110592]
"NVMixerTray"="c:\program files\NVIDIA Corporation\NvMixer\NVMixerTray.exe" [2004-06-03 131072]
"SoundMan"="SOUNDMAN.EXE" [2007-04-16 577536]
"nwiz"="c:\program files\NVIDIA Corporation\nView\nwiz.exe" [2010-07-07 1753192]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2010-07-09 110696]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2010-07-09 13923432]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2010-09-23 35760]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-09-20 932288]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
hp psc 1000 series.lnk - c:\program files\Hewlett-Packard\Digital Imaging\bin\hpohmr08.exe [2003-4-6 147456]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoSMBalloonTip"= 0 (0x0)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^hpoddt01.exe.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\hpoddt01.exe.lnk
backup=c:\windows\pss\hpoddt01.exe.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^Hong^Start Menu^Programs^Startup^0ddzppl.exe]
path=c:\documents and settings\Hong\Start Menu\Programs\Startup\0ddzppl.exe
backup=c:\windows\pss\0ddzppl.exeStartup

[HKLM\~\startupfolder\C:^Documents and Settings^Hong^Start Menu^Programs^Startup^5n0tup8.exe]
path=c:\documents and settings\Hong\Start Menu\Programs\Startup\5n0tup8.exe
backup=c:\windows\pss\5n0tup8.exeStartup

[HKLM\~\startupfolder\C:^Documents and Settings^Hong^Start Menu^Programs^Startup^a1wssneezq.exe]
path=c:\documents and settings\Hong\Start Menu\Programs\Startup\a1wssneezq.exe
backup=c:\windows\pss\a1wssneezq.exeStartup

[HKLM\~\startupfolder\C:^Documents and Settings^Hong^Start Menu^Programs^Startup^a3mc1ijj.exe]
path=c:\documents and settings\Hong\Start Menu\Programs\Startup\a3mc1ijj.exe
backup=c:\windows\pss\a3mc1ijj.exeStartup

[HKLM\~\startupfolder\C:^Documents and Settings^Hong^Start Menu^Programs^Startup^Adobe Gamma.lnk]
path=c:\documents and settings\Hong\Start Menu\Programs\Startup\Adobe Gamma.lnk
backup=c:\windows\pss\Adobe Gamma.lnkStartup

[HKLM\~\startupfolder\C:^Documents and Settings^Hong^Start Menu^Programs^Startup^avbg3ss3.exe]
path=c:\documents and settings\Hong\Start Menu\Programs\Startup\avbg3ss3.exe
backup=c:\windows\pss\avbg3ss3.exeStartup

[HKLM\~\startupfolder\C:^Documents and Settings^Hong^Start Menu^Programs^Startup^bhxnijjf.exe]
path=c:\documents and settings\Hong\Start Menu\Programs\Startup\bhxnijjf.exe
backup=c:\windows\pss\bhxnijjf.exeStartup

[HKLM\~\startupfolder\C:^Documents and Settings^Hong^Start Menu^Programs^Startup^cxxotup83.exe]
path=c:\documents and settings\Hong\Start Menu\Programs\Startup\cxxotup83.exe
backup=c:\windows\pss\cxxotup83.exeStartup

[HKLM\~\startupfolder\C:^Documents and Settings^Hong^Start Menu^Programs^Startup^fagg3ss3ee1.exe]
path=c:\documents and settings\Hong\Start Menu\Programs\Startup\fagg3ss3ee1.exe
backup=c:\windows\pss\fagg3ss3ee1.exeStartup

[HKLM\~\startupfolder\C:^Documents and Settings^Hong^Start Menu^Programs^Startup^g70hdyy6k.exe]
path=c:\documents and settings\Hong\Start Menu\Programs\Startup\g70hdyy6k.exe
backup=c:\windows\pss\g70hdyy6k.exeStartup

[HKLM\~\startupfolder\C:^Documents and Settings^Hong^Start Menu^Programs^Startup^i3uuklq8.exe]
path=c:\documents and settings\Hong\Start Menu\Programs\Startup\i3uuklq8.exe
backup=c:\windows\pss\i3uuklq8.exeStartup

[HKLM\~\startupfolder\C:^Documents and Settings^Hong^Start Menu^Programs^Startup^i3uuklq860.exe]
path=c:\documents and settings\Hong\Start Menu\Programs\Startup\i3uuklq860.exe
backup=c:\windows\pss\i3uuklq860.exeStartup

[HKLM\~\startupfolder\C:^Documents and Settings^Hong^Start Menu^Programs^Startup^lwhns3ee1q.exe]
path=c:\documents and settings\Hong\Start Menu\Programs\Startup\lwhns3ee1q.exe
backup=c:\windows\pss\lwhns3ee1q.exeStartup

[HKLM\~\startupfolder\C:^Documents and Settings^Hong^Start Menu^Programs^Startup^MagicDisc.lnk]
path=c:\documents and settings\Hong\Start Menu\Programs\Startup\MagicDisc.lnk
backup=c:\windows\pss\MagicDisc.lnkStartup

[HKLM\~\startupfolder\C:^Documents and Settings^Hong^Start Menu^Programs^Startup^OpenOffice.org 3.0.lnk]
path=c:\documents and settings\Hong\Start Menu\Programs\Startup\OpenOffice.org 3.0.lnk
backup=c:\windows\pss\OpenOffice.org 3.0.lnkStartup

[HKLM\~\startupfolder\C:^Documents and Settings^Hong^Start Menu^Programs^Startup^riddzpplq3.exe]
path=c:\documents and settings\Hong\Start Menu\Programs\Startup\riddzpplq3.exe
backup=c:\windows\pss\riddzpplq3.exeStartup

[HKLM\~\startupfolder\C:^Documents and Settings^Hong^Start Menu^Programs^Startup^rrnddzpplbb.exe]
path=c:\documents and settings\Hong\Start Menu\Programs\Startup\rrnddzpplbb.exe
backup=c:\windows\pss\rrnddzpplbb.exeStartup

[HKLM\~\startupfolder\C:^Documents and Settings^Hong^Start Menu^Programs^Startup^s86e81qbcxd.exe]
path=c:\documents and settings\Hong\Start Menu\Programs\Startup\s86e81qbcxd.exe
backup=c:\windows\pss\s86e81qbcxd.exeStartup

[HKLM\~\startupfolder\C:^Documents and Settings^Hong^Start Menu^Programs^Startup^uk0g3ss3ee1.exe]
path=c:\documents and settings\Hong\Start Menu\Programs\Startup\uk0g3ss3ee1.exe
backup=c:\windows\pss\uk0g3ss3ee1.exeStartup

[HKLM\~\startupfolder\C:^Documents and Settings^Hong^Start Menu^Programs^Startup^vmmhyytk.exe]
path=c:\documents and settings\Hong\Start Menu\Programs\Startup\vmmhyytk.exe
backup=c:\windows\pss\vmmhyytk.exeStartup

[HKLM\~\startupfolder\C:^Documents and Settings^Hong^Start Menu^Programs^Startup^w0xnijjfk3.exe]
path=c:\documents and settings\Hong\Start Menu\Programs\Startup\w0xnijjfk3.exe
backup=c:\windows\pss\w0xnijjfk3.exeStartup

[HKLM\~\startupfolder\C:^Documents and Settings^Hong^Start Menu^Programs^Startup^whx9ye0k3w.exe]
path=c:\documents and settings\Hong\Start Menu\Programs\Startup\whx9ye0k3w.exe
backup=c:\windows\pss\whx9ye0k3w.exeStartup

[HKLM\~\startupfolder\C:^Documents and Settings^Hong^Start Menu^Programs^Startup^WinFlip.lnk]
path=c:\documents and settings\Hong\Start Menu\Programs\Startup\WinFlip.lnk
backup=c:\windows\pss\WinFlip.lnkStartup

[HKLM\~\startupfolder\C:^Documents and Settings^Hong^Start Menu^Programs^Startup^y8703g0hxd6.exe]
path=c:\documents and settings\Hong\Start Menu\Programs\Startup\y8703g0hxd6.exe
backup=c:\windows\pss\y8703g0hxd6.exeStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
2010-09-20 22:07 932288 ----a-r- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
2010-09-23 03:47 35760 ----a-w- c:\program files\Adobe\Reader 9.0\Reader\reader_sl.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AdobeAAMUpdater-1.0]
2010-03-06 01:44 500208 ------w- c:\program files\Common Files\Adobe\OOBE\PDApp\UWA\updaterstartuputility.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AdobeCS4ServiceManager]
2008-08-14 05:58 611712 ----a-w- c:\program files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AdobeCS5ServiceManager]
2010-07-22 21:10 402432 ----a-w- c:\program files\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BDRegion]
2010-06-28 20:50 75048 ----a-w- c:\program files\Cyberlink\Shared files\brs.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools Lite]
2010-04-01 09:16 357696 ----a-w- c:\program files\DAEMON Tools Lite\DTLite.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DivXUpdate]
2010-04-12 22:46 1135912 ----a-w- c:\program files\DivX\DivX Update\DivXUpdate.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Update]
2009-09-24 16:57 133104 ----atw- c:\documents and settings\Hong\Local Settings\Application Data\Google\Update\GoogleUpdate.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ICQ]
2010-10-27 12:20 133432 ----a-w- c:\program files\ICQ7.1\ICQ.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\msnmsgr]
2009-07-26 15:44 3883856 ----a-w- c:\program files\Windows Live\Messenger\msnmsgr.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
2001-07-09 19:50 155648 ----a-w- c:\windows\system32\NeroCheck.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NVIDIA nTune]
2007-09-04 18:25 81920 ----a-w- c:\program files\NVIDIA Corporation\nTune\nTuneCmd.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvMediaCenter]
2010-07-09 14:24 110696 ----a-w- c:\windows\system32\nvmctray.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2009-05-26 15:18 413696 ----a-w- c:\program files\QuickTime\QTTask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RemoteControl10]
2010-02-02 22:08 87336 ------w- d:\powerdvd10\PDVD10Serv.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2009-02-14 22:12 148888 ----a-w- c:\program files\Java\jre6\bin\jusched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SwitchBoard]
2010-02-19 11:37 517096 ----a-w- c:\program files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinampAgent]
2010-07-12 16:32 74752 ----a-w- c:\program files\Winamp\winampa.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"ose"=3 (0x3)
"idsvc"=3 (0x3)
"ICQ Service"=2 (0x2)
"WZCSVC"=2 (0x2)
"wuauserv"=2 (0x2)
"wscsvc"=2 (0x2)
"JavaQuickStarterService"=2 (0x2)
"NetTcpPortSharing"=2 (0x2)
"WMPNetworkSvc"=3 (0x3)
"gusvc"=2 (0x2)
"gupdate1c9aca3419ed106"=2 (0x2)
"Viewpoint Manager Service"=2 (0x2)
"MDM"=2 (0x2)
"Adobe LM Service"=3 (0x3)
"ServiceLayer"=3 (0x3)
"IDriverT"=3 (0x3)
"fsssvc"=3 (0x3)
"FLEXnet Licensing Service"=3 (0x3)
"nvsvc"=2 (0x2)
"nTuneService"=2 (0x2)
"CachemanXPService"=3 (0x3)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Opera\\opera.exe"=
"c:\\Program Files\\uTorrent\\uTorrent.exe"=
"c:\\Program Files\\ICQ7.1\\ICQ.exe"=
"c:\\Program Files\\ICQ7.1\\aolload.exe"=
"c:\\Program Files\\Pando Networks\\Media Booster\\PMB.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"57447:TCP"= 57447:TCP:Pando Media Booster
"57447:UDP"= 57447:UDP:Pando Media Booster

R0 sptd;sptd;c:\windows\system32\drivers\sptd.sys [16.2.2009 4:57 691696]
R2 {1BA31E5A-C098-42d8-8F88-3C9F78A2FDDC};Power Control [2010/07/11 13:05];d:\powerdvd10\NavFilter\000.fcl [28.6.2010 21:50 87536]
S2 u1thmtecye6;PowerUtility TV Recording Reservation;c:\windows\system32\pyhu.exe --> c:\windows\system32\pyhu.exe [?]
S2 uoza4yyk0e9m6;Crystal Report Application Server;c:\windows\system32\vinysooqu.exe --> c:\windows\system32\vinysooqu.exe [?]
S2 vboooobo4;Blue Coat K9 Web Protection;c:\windows\system32\kusoorig.exe --> c:\windows\system32\kusoorig.exe [?]
S3 SwitchBoard;SwitchBoard;c:\program files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [19.2.2010 12:37 517096]
S4 CachemanXPService;CachemanXP;c:\documents and settings\Hong\Desktop\Hong\CachemanXP.exe --> c:\documents and settings\Hong\Desktop\Hong\CachemanXP.exe [?]
S4 Viewpoint Manager Service;Viewpoint Manager Service;c:\program files\Viewpoint\Common\ViewpointService.exe [23.8.2009 15:35 24652]
.
Contents of the 'Scheduled Tasks' folder

2010-11-15 c:\windows\Tasks\AdobeAAMUpdater-1.0-FAJKOS-Hong.job
- c:\program files\Common Files\Adobe\OOBE\PDApp\UWA\updaterstartuputility.exe [2010-05-13 01:44]

2010-11-14 c:\windows\Tasks\FRU Task 2003-04-06 08:52ewlett-Packard2003-04-06 08:52p psc 1200 series5E771253C1676EBED677BF361FDFC537825E15B8275498585.job
- c:\program files\Hewlett-Packard\Digital Imaging\Bin\hpqfrucl.exe [2003-04-05 22:52]

2010-11-14 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-789336058-839522115-1617979688-1003Core.job
- c:\documents and settings\Hong\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2009-09-24 16:57]

2010-11-15 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-789336058-839522115-1617979688-1003UA.job
- c:\documents and settings\Hong\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2009-09-24 16:57]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://fullarticles.net
mStart Page = hxxp://www.games-fusion.net
IE: {{71BFC818-0CED-42D6-9C87-5142918957EE} - c:\program files\ICQ7.1\ICQ.exe
Trusted Zone: com.tw\asia.msi
Trusted Zone: com.tw\global.msi
Trusted Zone: com.tw\www.msi
FF - ProfilePath - c:\documents and settings\Hong\Application Data\Mozilla\Firefox\Profiles\gb2ngkbk.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.live.com/results.aspx?FORM=IEFM1&q=
FF - prefs.js: browser.search.selectedEngine - ICQ Search
FF - prefs.js: browser.startup.homepage - hxxp://www.facebook.com/
FF - prefs.js: keyword.URL - hxxp://search.icq.com/search/afe_results.php?ch_id=afex&tb_ver=2.0.0.2&q=
FF - prefs.js: network.proxy.type - 2
FF - component: c:\documents and settings\Hong\Application Data\Mozilla\Firefox\Profiles\gb2ngkbk.default\extensions\DTToolbar@toolbarnet.com\components\DTToolbarFF.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

---- FIREFOX POLICIES ----
FF - user.js: browser.cache.memory.capacity - 65536
FF - user.js: browser.display.show_image_placeholders - true
FF - user.js: browser.chrome.favicons - false
FF - user.js: browser.turbo.enabled - true
FF - user.js: browser.urlbar.autocomplete.enabled - true
FF - user.js: browser.urlbar.autofill - true
FF - user.js: content.interrupt.parsing - true
FF - user.js: content.max.tokenizing.time - 2250000
FF - user.js: content.notify.backoffcount - 5
FF - user.js: content.notify.interval - 750000
FF - user.js: content.notify.ontimer - true
FF - user.js: content.switch.threshold - 750000
FF - user.js: network.http.max-connections - 48
FF - user.js: network.http.max-connections-per-server - 16
FF - user.js: network.http.max-persistent-connections-per-proxy - 16
FF - user.js: network.http.max-persistent-connections-per-server - 8
FF - user.js: network.http.pipelining - true
FF - user.js: network.http.pipelining.firstrequest - true
FF - user.js: network.http.pipelining.maxrequests - 8
FF - user.js: network.http.proxy.pipelining - true
FF - user.js: network.http.request.max-start-delay - 0
FF - user.js: nglayout.initialpaint.delay - 0
FF - user.js: plugin.expose_full_path - true
FF - user.js: ui.submenuDelay - 0
c:\program files\Mozilla Firefox\defaults\pref\firefox-l10n.js - pref("browser.fixup.alternate.suffix", ".sk");
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-11-15 22:31
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\{1BA31E5A-C098-42d8-8F88-3C9F78A2FDDC}]
"ImagePath"="\??\d:\powerdvd10\NavFilter\000.fcl"
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_USERS\S-1-5-21-789336058-839522115-1617979688-1003\Software\Microsoft\SystemCertificates\AddressBook*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(688)
c:\program files\Common Files\Adobe\Adobe Drive CS4\AdobeDriveCS4_NP.dll
c:\windows\system32\cscui.dll

- - - - - - - > 'explorer.exe'(2720)
c:\windows\system32\SETUPAPI.dll
c:\windows\system32\WPDShServiceObj.dll
c:\program files\Nokia\Nokia PC Suite 7\PhoneBrowser.dll
c:\program files\Nokia\Nokia PC Suite 7\NGSCM.DLL
c:\program files\Nokia\Nokia PC Suite 7\Lang\PhoneBrowser_cze.nlr
c:\program files\Nokia\Nokia PC Suite 7\Resource\PhoneBrowser_Nokia.ngr
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
c:\program files\Microsoft Office\OFFICE11\msohev.dll
c:\program files\Common Files\Adobe\Acrobat\ActiveX\PDFShell.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\rundll32.exe
c:\windows\SOUNDMAN.EXE
c:\windows\system32\RUNDLL32.EXE
c:\program files\Hewlett-Packard\Digital Imaging\bin\hpoevm08.exe
c:\program files\Hewlett-Packard\Digital Imaging\Bin\hpoSTS08.exe
c:\windows\system32\wscntfy.exe
.
**************************************************************************
.
Completion time: 2010-11-15 22:34:10 - machine was rebooted
ComboFix-quarantined-files.txt 2010-11-15 21:34
ComboFix2.txt 2010-11-14 20:52
ComboFix3.txt 2010-11-14 18:14

Pre-Run: 43 728 461 824 bytes free
Post-Run: 43 725 656 064 bytes free

- - End Of File - - D86111ABC4205763EE9B15A7E95B3D88

Re: FB virus asi...Pomoc

Napsal: 15 lis 2010 23:57
od Marek-26
Omlouvám se ale v CFScriptu jsem udělal chybku kvůli které se registry nesmazali. Použijte ještě jednou tento:

Kód: Vybrat vše

Registry::
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupfolder\C:\Documents and Settings\Hong\Start Menu\Programs\Startup\0ddzppl.exe]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupfolder\C:\Documents and Settings\Hong\Start Menu\Programs\Startup\5n0tup8.exe]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupfolder\C:\Documents and Settings\Hong\Start Menu\Programs\Startup\a1wssneezq.exe]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupfolder\C:\Documents and Settings\Hong\Start Menu\Programs\Startup\a3mc1ijj.exe]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupfolder\C:\Documents and Settings\Hong\Start Menu\Programs\Startup\avbg3ss3.exe]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupfolder\C:\Documents and Settings\Hong\Start Menu\Programs\Startup\bhxnijjf.exe]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupfolder\C:\Documents and Settings\Hong\Start Menu\Programs\Startup\cxxotup83.exe]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupfolder\C:\Documents and Settings\Hong\Start Menu\Programs\Startup\fagg3ss3ee1.exe]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupfolder\C:\Documents and Settings\Hong\Start Menu\Programs\Startup\g70hdyy6k.exe]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupfolder\C:\Documents and Settings\Hong\Start Menu\Programs\Startup\i3uuklq8.exe]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupfolder\C:\Documents and Settings\Hong\Start Menu\Programs\Startup\i3uuklq860.exe]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupfolder\C:\Documents and Settings\Hong\Start Menu\Programs\Startup\lwhns3ee1q.exe]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupfolder\C:\Documents and Settings\Hong\Start Menu\Programs\Startup\riddzpplq3.exe]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupfolder\C:\Documents and Settings\Hong\Start Menu\Programs\Startup\rrnddzpplbb.exe]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupfolder\C:\Documents and Settings\Hong\Start Menu\Programs\Startup\s86e81qbcxd.exe]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupfolder\C:\Documents and Settings\Hong\Start Menu\Programs\Startup\uk0g3ss3ee1.exe]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupfolder\C:\Documents and Settings\Hong\Start Menu\Programs\Startup\vmmhyytk.exe]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupfolder\C:\Documents and Settings\Hong\Start Menu\Programs\Startup\w0xnijjfk3.exe]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupfolder\C:\Documents and Settings\Hong\Start Menu\Programs\Startup\whx9ye0k3w.exe]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupfolder\C:\Documents and Settings\Hong\Start Menu\Programs\Startup\y8703g0hxd6.exe]

Driver::
u1thmtecye6
uoza4yyk0e9m6
vboooobo4
CachemanXPService

Re: FB virus asi...Pomoc

Napsal: 16 lis 2010 11:39
od Hoong
ComboFix 10-11-13.01 - Hong 16.11.2010 11:28:31.9.1 - x86
Microsoft Windows XP Professional 5.1.2600.3.1250.421.1033.18.2559.2128 [GMT 1:00]
Running from: c:\documents and settings\Hong\Desktop\Hong\Programy\ComboFix.exe
Command switches used :: c:\documents and settings\Hong\Desktop\CFScript.txt
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_CACHEMANXPSERVICE
-------\Legacy_U1THMTECYE6
-------\Legacy_UOZA4YYK0E9M6
-------\Legacy_VBOOOOBO4
-------\Service_CachemanXPService
-------\Service_u1thmtecye6
-------\Service_uoza4yyk0e9m6
-------\Service_vboooobo4


((((((((((((((((((((((((( Files Created from 2010-10-16 to 2010-11-16 )))))))))))))))))))))))))))))))
.

2010-11-15 21:58 . 2010-11-15 21:58 -------- d-----w- c:\documents and settings\Hong\Application Data\TS3Client
2010-11-15 21:57 . 2010-11-15 21:57 -------- d-----w- c:\program files\TeamSpeak 3 Client
2010-11-14 17:44 . 2010-11-14 17:44 -------- d-----w- C:\rsit
2010-11-14 17:23 . 2010-11-14 17:23 -------- d-----w- c:\documents and settings\Hong\Local Settings\Application Data\Sunbelt Software
2010-11-14 17:22 . 2010-11-14 20:42 -------- d-----w- c:\documents and settings\All Users\Application Data\Lavasoft
2010-11-14 16:41 . 2010-11-14 16:41 -------- d-----w- c:\documents and settings\Administrator\Local Settings\Application Data\Apple Computer
2010-11-14 16:28 . 2010-11-14 16:28 -------- d-----w- c:\documents and settings\Administrator\Local Settings\Application Data\ApplicationHistory
2010-11-13 18:36 . 2010-11-14 11:40 -------- d-----w- c:\program files\Spybot - Search & Destroy
2010-11-13 18:36 . 2010-11-13 18:41 -------- d-----w- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2010-11-02 16:57 . 2010-11-03 13:28 -------- d-----w- C:\fotky
2010-10-28 21:42 . 2010-10-28 21:42 -------- d-----w- c:\documents and settings\All Users\Application Data\Trymedia

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-08-19 11:10 . 2010-08-19 11:10 445016 ----a-w- c:\windows\system32\wrap_oal.dll
2010-08-19 11:10 . 2010-08-19 11:10 109144 ----a-w- c:\windows\system32\OpenAL32.dll
2009-05-01 21:02 . 2009-05-01 21:02 1044480 ----a-w- c:\program files\opera\program\plugins\libdivx.dll
2009-05-01 21:02 . 2009-05-01 21:02 200704 ----a-w- c:\program files\opera\program\plugins\ssldivx.dll
.

------- Sigcheck -------

[7] 2009-12-22 . 5747867041C33E26DA5CC893C9532DB8 . 3071488 . . [6.00.2900.3660] . . c:\windows\$hf_mig$\KB978207\SP2QFE\mshtml.dll
[7] 2009-12-22 . A758F0891A87EE005848A0BC740A5B96 . 3071488 . . [6.00.2900.5921] . . c:\windows\$hf_mig$\KB978207\SP3GDR\mshtml.dll
[7] 2009-12-22 . AD17006339C1934D86449F335C241FF1 . 3073536 . . [6.00.2900.5921] . . c:\windows\$hf_mig$\KB978207\SP3QFE\mshtml.dll
[7] 2008-12-12 . B6DAA74E2ED36C71B502945589A683AE . 3067904 . . [6.00.2900.5726] . . c:\windows\$hf_mig$\KB960714\SP3QFE\mshtml.dll
[7] 2008-12-12 . C828AA1C5469E72251F3D367005E589F . 3067904 . . [6.00.2900.5726] . . c:\windows\SoftwareDistribution\Download\abbfe8992e55aa6ab630ccb81e3b1e56\backup\sp3gdr\mshtml.dll
[7] 2008-12-12 . C828AA1C5469E72251F3D367005E589F . 3067904 . . [6.00.2900.5726] . . c:\windows\SoftwareDistribution\Download\abbfe8992e55aa6ab630ccb81e3b1e56\backup\sp3qfe\mshtml.dll
[-] 2008-12-12 . CFC3D32583AB0EAE13E98A0492A4F5EF . 3444736 . . [6.00.2900.5726] . . c:\windows\system32\mshtml.dll
[7] 2008-10-16 . CC5A2205D37AE67CE23AB7FD3E1FDACA . 3067904 . . [6.00.2900.5694] . . c:\windows\$hf_mig$\KB958215\SP3QFE\mshtml.dll
[7] 2008-04-14 . A706E122B398FE1AB85CB9B75D044223 . 3066880 . . [6.00.2900.5512] . . c:\windows\ServicePackFiles\i386\mshtml.dll
[7] 2008-04-14 . A706E122B398FE1AB85CB9B75D044223 . 3066880 . . [6.00.2900.5512] . . c:\windows\SoftwareDistribution\Download\9866fb57abdc0ea2f5d4e132d055ba4e\mshtml.dll
[7] 2004-08-03 . 376E0843B2356CA91CEC8D9837A56FF7 . 3003392 . . [6.00.2900.2180] . . c:\windows\SoftwareDistribution\Download\2bc0b3c55e0c166e04844934d1c7c342\backup\mshtml.dll

[7] 2009-02-08 . EFE8EACE83EAAD5849A7A548FB75B584 . 2189184 . . [5.1.2600.5755] . . c:\windows\$hf_mig$\KB956572\SP3QFE\ntoskrnl.exe
[7] 2009-02-06 . FACEBB0CA3154F77009CDFEE78A00BBB . 2180480 . . [5.1.2600.3520] . . c:\windows\$NtServicePackUninstall$\ntoskrnl.exe
[7] 2009-02-06 . 7A95B10A73737EBF24139AAA63F5212B . 2189056 . . [5.1.2600.5755] . . c:\windows\$hf_mig$\KB956572\SP3GDR\ntoskrnl.exe
[7] 2009-02-06 . 6A936E9D7BADAF3CAAEED1E1966EC1B0 . 2186112 . . [5.1.2600.3520] . . c:\windows\$hf_mig$\KB956572\SP2QFE\ntoskrnl.exe
[7] 2008-08-15 . 31914172342BFF330063F343AC6958FE . 2189184 . . [5.1.2600.5657] . . c:\windows\$hf_mig$\KB956841\SP3QFE\ntoskrnl.exe
[7] 2008-08-14 . EEAF32F8E15A24F62BECB1BD403BB5C5 . 2189184 . . [5.1.2600.5657] . . c:\windows\Driver Cache\i386\ntoskrnl.exe
[-] 2008-08-14 . 24F1370B92B402AEFE07D50E0668194A . 2197888 . . [5.1.2600.5657] . . c:\windows\system32\ntoskrnl.exe
[7] 2008-04-13 . 0C89243C7C3EE199B96FCC16990E0679 . 2188928 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\ntoskrnl.exe
[7] 2008-04-13 . 0C89243C7C3EE199B96FCC16990E0679 . 2188928 . . [5.1.2600.5512] . . c:\windows\SoftwareDistribution\Download\9866fb57abdc0ea2f5d4e132d055ba4e\ntoskrnl.exe
[7] 2004-08-03 . CE218BC7088681FAA06633E218596CA7 . 2180992 . . [5.1.2600.2180] . . c:\windows\SoftwareDistribution\Download\2bc0b3c55e0c166e04844934d1c7c342\backup\ntoskrnl.exe

[-] 2008-04-14 . BF09E580BA8E3846F9E107B5A7041837 . 4919296 . . [6.00.2900.5512] . . c:\windows\explorer.exe
[-] 2008-04-14 . BF09E580BA8E3846F9E107B5A7041837 . 4919296 . . [6.00.2900.5512] . . c:\windows\ServicePackFiles\i386\explorer.exe
[-] 2008-04-14 . EE5BB6E5C76B793C9F58AAC68ED18D79 . 1480192 . . [6.00.2900.5512] . . c:\windows\VCP_SAVE\explorer.exe
[7] 2008-04-14 . 12896823FB95BFB3DC9B46BCAEDC9923 . 1033728 . . [6.00.2900.5512] . . c:\windows\SoftwareDistribution\Download\9866fb57abdc0ea2f5d4e132d055ba4e\explorer.exe
[7] 2004-08-03 . A0732187050030AE399B241436565E64 . 1032192 . . [6.00.2900.2180] . . c:\windows\$NtServicePackUninstall$\explorer.exe
[7] 2004-08-03 . A0732187050030AE399B241436565E64 . 1032192 . . [6.00.2900.2180] . . c:\windows\SoftwareDistribution\Download\2bc0b3c55e0c166e04844934d1c7c342\backup\explorer.exe

[7] 2009-02-08 . 5BA7F2141BC6DB06100D0E5A732C617A . 2066048 . . [5.1.2600.5755] . . c:\windows\$hf_mig$\KB956572\SP3GDR\ntkrnlpa.exe
[7] 2009-02-06 . 3006410E24772CC6953F0B5C01BEB35F . 2057728 . . [5.1.2600.3520] . . c:\windows\$NtServicePackUninstall$\ntkrnlpa.exe
[7] 2009-02-06 . 607352B9CB3D708C67F6039097801B5A . 2066176 . . [5.1.2600.5755] . . c:\windows\$hf_mig$\KB956572\SP3QFE\ntkrnlpa.exe
[7] 2009-02-06 . 9D832AF3FD1917DB0E1E8B2F000A2E3A . 2062976 . . [5.1.2600.3520] . . c:\windows\$hf_mig$\KB956572\SP2QFE\ntkrnlpa.exe
[7] 2008-08-14 . A25E9B86EFFB2AF33BF51E676B68BFB0 . 2066048 . . [5.1.2600.5657] . . c:\windows\$hf_mig$\KB956841\SP3QFE\ntkrnlpa.exe
[7] 2008-08-14 . 4AC58F03EB94A72809949D757FC39D80 . 2066048 . . [5.1.2600.5657] . . c:\windows\Driver Cache\i386\ntkrnlpa.exe
[-] 2008-08-14 . 0AD2A07C291E051CBCF90EED4F1D87B6 . 2074752 . . [5.1.2600.5657] . . c:\windows\system32\ntkrnlpa.exe
[7] 2008-04-13 . 109F8E3E3C82E337BB71B6BC9B895D61 . 2065792 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\ntkrnlpa.exe
[7] 2008-04-13 . 109F8E3E3C82E337BB71B6BC9B895D61 . 2065792 . . [5.1.2600.5512] . . c:\windows\SoftwareDistribution\Download\9866fb57abdc0ea2f5d4e132d055ba4e\ntkrnlpa.exe
[7] 2004-08-03 . 947FB1D86D14AFCFFDB54BF837EC25D0 . 2056832 . . [5.1.2600.2180] . . c:\windows\SoftwareDistribution\Download\2bc0b3c55e0c166e04844934d1c7c342\backup\ntkrnlpa.exe

[7] 2008-04-14 . 55794B97A7FAABD2910873C85274F409 . 93184 . . [6.00.2900.5512] . . c:\windows\ServicePackFiles\i386\iexplore.exe
[7] 2008-04-14 . 55794B97A7FAABD2910873C85274F409 . 93184 . . [6.00.2900.5512] . . c:\windows\SoftwareDistribution\Download\9866fb57abdc0ea2f5d4e132d055ba4e\iexplore.exe
[7] 2004-08-03 . E7484514C0464642BE7B4DC2689354C8 . 93184 . . [6.00.2900.2180] . . c:\windows\$NtServicePackUninstall$\iexplore.exe
[7] 2004-08-03 . E7484514C0464642BE7B4DC2689354C8 . 93184 . . [6.00.2900.2180] . . c:\windows\SoftwareDistribution\Download\2bc0b3c55e0c166e04844934d1c7c342\backup\iexplore.exe
.
((((((((((((((((((((((((((((( SnapShot@2010-11-14_20.49.06 )))))))))))))))))))))))))))))))))))))))))
.
- 2001-08-23 12:00 . 2010-11-12 18:07 72590 c:\windows\system32\perfc009.dat
+ 2001-08-23 12:00 . 2010-11-15 15:58 72590 c:\windows\system32\perfc009.dat
+ 2001-08-23 12:00 . 2010-11-15 15:58 444524 c:\windows\system32\perfh009.dat
- 2001-08-23 12:00 . 2010-11-12 18:07 444524 c:\windows\system32\perfh009.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"BluetoothAuthenticationAgent"="bthprops.cpl" [2008-04-14 110592]
"NVMixerTray"="c:\program files\NVIDIA Corporation\NvMixer\NVMixerTray.exe" [2004-06-03 131072]
"SoundMan"="SOUNDMAN.EXE" [2007-04-16 577536]
"nwiz"="c:\program files\NVIDIA Corporation\nView\nwiz.exe" [2010-07-07 1753192]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2010-07-09 110696]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2010-07-09 13923432]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2010-09-23 35760]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-09-20 932288]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
hp psc 1000 series.lnk - c:\program files\Hewlett-Packard\Digital Imaging\bin\hpohmr08.exe [2003-4-6 147456]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoSMBalloonTip"= 0 (0x0)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^hpoddt01.exe.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\hpoddt01.exe.lnk
backup=c:\windows\pss\hpoddt01.exe.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^Hong^Start Menu^Programs^Startup^0ddzppl.exe]
path=c:\documents and settings\Hong\Start Menu\Programs\Startup\0ddzppl.exe
backup=c:\windows\pss\0ddzppl.exeStartup

[HKLM\~\startupfolder\C:^Documents and Settings^Hong^Start Menu^Programs^Startup^5n0tup8.exe]
path=c:\documents and settings\Hong\Start Menu\Programs\Startup\5n0tup8.exe
backup=c:\windows\pss\5n0tup8.exeStartup

[HKLM\~\startupfolder\C:^Documents and Settings^Hong^Start Menu^Programs^Startup^a1wssneezq.exe]
path=c:\documents and settings\Hong\Start Menu\Programs\Startup\a1wssneezq.exe
backup=c:\windows\pss\a1wssneezq.exeStartup

[HKLM\~\startupfolder\C:^Documents and Settings^Hong^Start Menu^Programs^Startup^a3mc1ijj.exe]
path=c:\documents and settings\Hong\Start Menu\Programs\Startup\a3mc1ijj.exe
backup=c:\windows\pss\a3mc1ijj.exeStartup

[HKLM\~\startupfolder\C:^Documents and Settings^Hong^Start Menu^Programs^Startup^Adobe Gamma.lnk]
path=c:\documents and settings\Hong\Start Menu\Programs\Startup\Adobe Gamma.lnk
backup=c:\windows\pss\Adobe Gamma.lnkStartup

[HKLM\~\startupfolder\C:^Documents and Settings^Hong^Start Menu^Programs^Startup^avbg3ss3.exe]
path=c:\documents and settings\Hong\Start Menu\Programs\Startup\avbg3ss3.exe
backup=c:\windows\pss\avbg3ss3.exeStartup

[HKLM\~\startupfolder\C:^Documents and Settings^Hong^Start Menu^Programs^Startup^bhxnijjf.exe]
path=c:\documents and settings\Hong\Start Menu\Programs\Startup\bhxnijjf.exe
backup=c:\windows\pss\bhxnijjf.exeStartup

[HKLM\~\startupfolder\C:^Documents and Settings^Hong^Start Menu^Programs^Startup^cxxotup83.exe]
path=c:\documents and settings\Hong\Start Menu\Programs\Startup\cxxotup83.exe
backup=c:\windows\pss\cxxotup83.exeStartup

[HKLM\~\startupfolder\C:^Documents and Settings^Hong^Start Menu^Programs^Startup^fagg3ss3ee1.exe]
path=c:\documents and settings\Hong\Start Menu\Programs\Startup\fagg3ss3ee1.exe
backup=c:\windows\pss\fagg3ss3ee1.exeStartup

[HKLM\~\startupfolder\C:^Documents and Settings^Hong^Start Menu^Programs^Startup^g70hdyy6k.exe]
path=c:\documents and settings\Hong\Start Menu\Programs\Startup\g70hdyy6k.exe
backup=c:\windows\pss\g70hdyy6k.exeStartup

[HKLM\~\startupfolder\C:^Documents and Settings^Hong^Start Menu^Programs^Startup^i3uuklq8.exe]
path=c:\documents and settings\Hong\Start Menu\Programs\Startup\i3uuklq8.exe
backup=c:\windows\pss\i3uuklq8.exeStartup

[HKLM\~\startupfolder\C:^Documents and Settings^Hong^Start Menu^Programs^Startup^i3uuklq860.exe]
path=c:\documents and settings\Hong\Start Menu\Programs\Startup\i3uuklq860.exe
backup=c:\windows\pss\i3uuklq860.exeStartup

[HKLM\~\startupfolder\C:^Documents and Settings^Hong^Start Menu^Programs^Startup^lwhns3ee1q.exe]
path=c:\documents and settings\Hong\Start Menu\Programs\Startup\lwhns3ee1q.exe
backup=c:\windows\pss\lwhns3ee1q.exeStartup

[HKLM\~\startupfolder\C:^Documents and Settings^Hong^Start Menu^Programs^Startup^MagicDisc.lnk]
path=c:\documents and settings\Hong\Start Menu\Programs\Startup\MagicDisc.lnk
backup=c:\windows\pss\MagicDisc.lnkStartup

[HKLM\~\startupfolder\C:^Documents and Settings^Hong^Start Menu^Programs^Startup^OpenOffice.org 3.0.lnk]
path=c:\documents and settings\Hong\Start Menu\Programs\Startup\OpenOffice.org 3.0.lnk
backup=c:\windows\pss\OpenOffice.org 3.0.lnkStartup

[HKLM\~\startupfolder\C:^Documents and Settings^Hong^Start Menu^Programs^Startup^riddzpplq3.exe]
path=c:\documents and settings\Hong\Start Menu\Programs\Startup\riddzpplq3.exe
backup=c:\windows\pss\riddzpplq3.exeStartup

[HKLM\~\startupfolder\C:^Documents and Settings^Hong^Start Menu^Programs^Startup^rrnddzpplbb.exe]
path=c:\documents and settings\Hong\Start Menu\Programs\Startup\rrnddzpplbb.exe
backup=c:\windows\pss\rrnddzpplbb.exeStartup

[HKLM\~\startupfolder\C:^Documents and Settings^Hong^Start Menu^Programs^Startup^s86e81qbcxd.exe]
path=c:\documents and settings\Hong\Start Menu\Programs\Startup\s86e81qbcxd.exe
backup=c:\windows\pss\s86e81qbcxd.exeStartup

[HKLM\~\startupfolder\C:^Documents and Settings^Hong^Start Menu^Programs^Startup^uk0g3ss3ee1.exe]
path=c:\documents and settings\Hong\Start Menu\Programs\Startup\uk0g3ss3ee1.exe
backup=c:\windows\pss\uk0g3ss3ee1.exeStartup

[HKLM\~\startupfolder\C:^Documents and Settings^Hong^Start Menu^Programs^Startup^vmmhyytk.exe]
path=c:\documents and settings\Hong\Start Menu\Programs\Startup\vmmhyytk.exe
backup=c:\windows\pss\vmmhyytk.exeStartup

[HKLM\~\startupfolder\C:^Documents and Settings^Hong^Start Menu^Programs^Startup^w0xnijjfk3.exe]
path=c:\documents and settings\Hong\Start Menu\Programs\Startup\w0xnijjfk3.exe
backup=c:\windows\pss\w0xnijjfk3.exeStartup

[HKLM\~\startupfolder\C:^Documents and Settings^Hong^Start Menu^Programs^Startup^whx9ye0k3w.exe]
path=c:\documents and settings\Hong\Start Menu\Programs\Startup\whx9ye0k3w.exe
backup=c:\windows\pss\whx9ye0k3w.exeStartup

[HKLM\~\startupfolder\C:^Documents and Settings^Hong^Start Menu^Programs^Startup^WinFlip.lnk]
path=c:\documents and settings\Hong\Start Menu\Programs\Startup\WinFlip.lnk
backup=c:\windows\pss\WinFlip.lnkStartup

[HKLM\~\startupfolder\C:^Documents and Settings^Hong^Start Menu^Programs^Startup^y8703g0hxd6.exe]
path=c:\documents and settings\Hong\Start Menu\Programs\Startup\y8703g0hxd6.exe
backup=c:\windows\pss\y8703g0hxd6.exeStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
2010-09-20 22:07 932288 ----a-r- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
2010-09-23 03:47 35760 ----a-w- c:\program files\Adobe\Reader 9.0\Reader\reader_sl.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AdobeAAMUpdater-1.0]
2010-03-06 01:44 500208 ------w- c:\program files\Common Files\Adobe\OOBE\PDApp\UWA\updaterstartuputility.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AdobeCS4ServiceManager]
2008-08-14 05:58 611712 ----a-w- c:\program files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AdobeCS5ServiceManager]
2010-07-22 21:10 402432 ----a-w- c:\program files\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BDRegion]
2010-06-28 20:50 75048 ----a-w- c:\program files\Cyberlink\Shared files\brs.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools Lite]
2010-04-01 09:16 357696 ----a-w- c:\program files\DAEMON Tools Lite\DTLite.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DivXUpdate]
2010-04-12 22:46 1135912 ----a-w- c:\program files\DivX\DivX Update\DivXUpdate.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Update]
2009-09-24 16:57 133104 ----atw- c:\documents and settings\Hong\Local Settings\Application Data\Google\Update\GoogleUpdate.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ICQ]
2010-10-27 12:20 133432 ----a-w- c:\program files\ICQ7.1\ICQ.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\msnmsgr]
2009-07-26 15:44 3883856 ----a-w- c:\program files\Windows Live\Messenger\msnmsgr.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
2001-07-09 19:50 155648 ----a-w- c:\windows\system32\NeroCheck.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NVIDIA nTune]
2007-09-04 18:25 81920 ----a-w- c:\program files\NVIDIA Corporation\nTune\nTuneCmd.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvMediaCenter]
2010-07-09 14:24 110696 ----a-w- c:\windows\system32\nvmctray.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2009-05-26 15:18 413696 ----a-w- c:\program files\QuickTime\QTTask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RemoteControl10]
2010-02-02 22:08 87336 ------w- d:\powerdvd10\PDVD10Serv.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2009-02-14 22:12 148888 ----a-w- c:\program files\Java\jre6\bin\jusched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SwitchBoard]
2010-02-19 11:37 517096 ----a-w- c:\program files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinampAgent]
2010-07-12 16:32 74752 ----a-w- c:\program files\Winamp\winampa.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"ose"=3 (0x3)
"idsvc"=3 (0x3)
"ICQ Service"=2 (0x2)
"WZCSVC"=2 (0x2)
"wuauserv"=2 (0x2)
"wscsvc"=2 (0x2)
"JavaQuickStarterService"=2 (0x2)
"NetTcpPortSharing"=2 (0x2)
"WMPNetworkSvc"=3 (0x3)
"gusvc"=2 (0x2)
"gupdate1c9aca3419ed106"=2 (0x2)
"Viewpoint Manager Service"=2 (0x2)
"MDM"=2 (0x2)
"Adobe LM Service"=3 (0x3)
"ServiceLayer"=3 (0x3)
"IDriverT"=3 (0x3)
"fsssvc"=3 (0x3)
"FLEXnet Licensing Service"=3 (0x3)
"nvsvc"=2 (0x2)
"nTuneService"=2 (0x2)
"CachemanXPService"=3 (0x3)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Opera\\opera.exe"=
"c:\\Program Files\\uTorrent\\uTorrent.exe"=
"c:\\Program Files\\ICQ7.1\\ICQ.exe"=
"c:\\Program Files\\ICQ7.1\\aolload.exe"=
"c:\\Program Files\\Pando Networks\\Media Booster\\PMB.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"57447:TCP"= 57447:TCP:Pando Media Booster
"57447:UDP"= 57447:UDP:Pando Media Booster

R0 sptd;sptd;c:\windows\system32\drivers\sptd.sys [16.2.2009 4:57 691696]
R2 {1BA31E5A-C098-42d8-8F88-3C9F78A2FDDC};Power Control [2010/07/11 13:05];d:\powerdvd10\NavFilter\000.fcl [28.6.2010 21:50 87536]
S3 SwitchBoard;SwitchBoard;c:\program files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [19.2.2010 12:37 517096]
S4 Viewpoint Manager Service;Viewpoint Manager Service;c:\program files\Viewpoint\Common\ViewpointService.exe [23.8.2009 15:35 24652]
.
Contents of the 'Scheduled Tasks' folder

2010-11-15 c:\windows\Tasks\AdobeAAMUpdater-1.0-FAJKOS-Hong.job
- c:\program files\Common Files\Adobe\OOBE\PDApp\UWA\updaterstartuputility.exe [2010-05-13 01:44]

2010-11-14 c:\windows\Tasks\FRU Task 2003-04-06 08:52ewlett-Packard2003-04-06 08:52p psc 1200 series5E771253C1676EBED677BF361FDFC537825E15B8275498585.job
- c:\program files\Hewlett-Packard\Digital Imaging\Bin\hpqfrucl.exe [2003-04-05 22:52]

2010-11-14 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-789336058-839522115-1617979688-1003Core.job
- c:\documents and settings\Hong\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2009-09-24 16:57]

2010-11-16 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-789336058-839522115-1617979688-1003UA.job
- c:\documents and settings\Hong\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2009-09-24 16:57]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://fullarticles.net
mStart Page = hxxp://www.games-fusion.net
IE: {{71BFC818-0CED-42D6-9C87-5142918957EE} - c:\program files\ICQ7.1\ICQ.exe
Trusted Zone: com.tw\asia.msi
Trusted Zone: com.tw\global.msi
Trusted Zone: com.tw\www.msi
FF - ProfilePath - c:\documents and settings\Hong\Application Data\Mozilla\Firefox\Profiles\gb2ngkbk.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.live.com/results.aspx?FORM=IEFM1&q=
FF - prefs.js: browser.search.selectedEngine - ICQ Search
FF - prefs.js: browser.startup.homepage - hxxp://www.facebook.com/
FF - prefs.js: keyword.URL - hxxp://search.icq.com/search/afe_results.php?ch_id=afex&tb_ver=2.0.0.2&q=
FF - prefs.js: network.proxy.type - 2
FF - component: c:\documents and settings\Hong\Application Data\Mozilla\Firefox\Profiles\gb2ngkbk.default\extensions\DTToolbar@toolbarnet.com\components\DTToolbarFF.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

---- FIREFOX POLICIES ----
FF - user.js: browser.cache.memory.capacity - 65536
FF - user.js: browser.display.show_image_placeholders - true
FF - user.js: browser.chrome.favicons - false
FF - user.js: browser.turbo.enabled - true
FF - user.js: browser.urlbar.autocomplete.enabled - true
FF - user.js: browser.urlbar.autofill - true
FF - user.js: content.interrupt.parsing - true
FF - user.js: content.max.tokenizing.time - 2250000
FF - user.js: content.notify.backoffcount - 5
FF - user.js: content.notify.interval - 750000
FF - user.js: content.notify.ontimer - true
FF - user.js: content.switch.threshold - 750000
FF - user.js: network.http.max-connections - 48
FF - user.js: network.http.max-connections-per-server - 16
FF - user.js: network.http.max-persistent-connections-per-proxy - 16
FF - user.js: network.http.max-persistent-connections-per-server - 8
FF - user.js: network.http.pipelining - true
FF - user.js: network.http.pipelining.firstrequest - true
FF - user.js: network.http.pipelining.maxrequests - 8
FF - user.js: network.http.proxy.pipelining - true
FF - user.js: network.http.request.max-start-delay - 0
FF - user.js: nglayout.initialpaint.delay - 0
FF - user.js: plugin.expose_full_path - true
FF - user.js: ui.submenuDelay - 0
c:\program files\Mozilla Firefox\defaults\pref\firefox-l10n.js - pref("browser.fixup.alternate.suffix", ".sk");
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-11-16 11:34
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\{1BA31E5A-C098-42d8-8F88-3C9F78A2FDDC}]
"ImagePath"="\??\d:\powerdvd10\NavFilter\000.fcl"
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_USERS\S-1-5-21-789336058-839522115-1617979688-1003\Software\Microsoft\SystemCertificates\AddressBook*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(688)
c:\program files\Common Files\Adobe\Adobe Drive CS4\AdobeDriveCS4_NP.dll
c:\windows\system32\cscui.dll

- - - - - - - > 'explorer.exe'(2420)
c:\windows\system32\SETUPAPI.dll
c:\windows\system32\WPDShServiceObj.dll
c:\program files\Nokia\Nokia PC Suite 7\PhoneBrowser.dll
c:\program files\Nokia\Nokia PC Suite 7\NGSCM.DLL
c:\program files\Nokia\Nokia PC Suite 7\Lang\PhoneBrowser_cze.nlr
c:\program files\Nokia\Nokia PC Suite 7\Resource\PhoneBrowser_Nokia.ngr
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\rundll32.exe
c:\windows\SOUNDMAN.EXE
c:\windows\system32\RUNDLL32.EXE
c:\program files\Hewlett-Packard\Digital Imaging\bin\hpoevm08.exe
c:\windows\system32\wscntfy.exe
c:\program files\Hewlett-Packard\Digital Imaging\Bin\hpoSTS08.exe
.
**************************************************************************
.
Completion time: 2010-11-16 11:37:35 - machine was rebooted
ComboFix-quarantined-files.txt 2010-11-16 10:37
ComboFix2.txt 2010-11-15 21:34
ComboFix3.txt 2010-11-14 20:52
ComboFix4.txt 2010-11-14 18:14

Pre-Run: 43 683 721 216 bytes free
Post-Run: 43 672 170 496 bytes free

- - End Of File - - 47E990D69B59B0B89C0C5EB489FBFFA7

Re: FB virus asi...Pomoc

Napsal: 16 lis 2010 15:50
od Marek-26
Klikněte na CCleaner v mém podpisu a pročistěte registry i soubory

Re: FB virus asi...Pomoc

Napsal: 16 lis 2010 16:49
od Marek-26
A poté vložte nový log z RSIT :wink:
Všechny časy jsou v UTC+01:00
Stránka 1 z 4

Založeno na phpBB® Forum Software © phpBB Limited

Český překlad – phpBB.cz