Компьютер ужасно тормозит…

This topic has 7 ответов, 2 участника, and was last updated 16 years, 1 month назад by Admin.

Просмотр 8 сообщений - с 1 по 8 (из 8 всего)

Автор

Сообщения
13 марта, 2009 в 5:33 дп #16409
kimmy456
Participant
- Темы:1
- Сообщений:4
Когда включается компьютер, грузится 10 минут…

log.txt
Logfile of random’s system information tool 1.05 (written by random/random)
Run by VanHieu at 2009-03-13 07:54:48
Microsoft Windows XP Professional Service Pack 2
System drive C: has 1 GB (5%) free of 19 GB
Total RAM: 495 MB (32% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 7:55:34, on 13.03.2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:WINDOWSSystem32smss.exe
C:WINDOWSsystem32winlogon.exe
C:WINDOWSsystem32services.exe
C:WINDOWSsystem32lsass.exe
C:WINDOWSsystem32svchost.exe
C:WINDOWSSystem32svchost.exe
C:WINDOWSsystem32spoolsv.exe
C:WINDOWSExplorer.EXE
C:WINDOWSsystem32DVDRAMSV.exe
C:Program FilesJavajre6binjqs.exe
C:WINDOWSsystem32svchost.exe
C:Program FilesWindows EmbeddedRemote Boot Servicetftpd.exe
C:WINDOWSSystem32svchost.exe
C:WINDOWSsystem32wscntfy.exe
C:WINDOWSsystem32hkcmd.exe
C:WINDOWSsystem32igfxpers.exe
C:Program FilesQuickTimeqttask.exe
C:WINDOWSsystem32LVCOMSX.EXE
C:Program FilesLogitechVideoLogiTray.exe
C:WINDOWSsystem32dlatfswctrl.exe
C:Program FilesHP CD-DVDUmbrellahpcdtray.exe
C:Program FilesSamsungSamsung Media Studio 5SMSTray.exe
C:Program FilesCommon FilesRealUpdate_OBrealsched.exe
C:Program FilesJavajre6binjusched.exe
C:Program FilesWebMoney Agentwmagent.exe
C:Program FilesYahoo!MessengerYahooMessenger.exe
C:WINDOWSsystem32ctfmon.exe
C:Program FilesMessengermsmsgs.exe
C:Program FilesDNAbtdna.exe
C:Documents and SettingsVanHieuLocal SettingsApplication DataGoogleUpdateGoogleUpdate.exe
C:Program FilesSkypePhoneSkype.exe
C:WINDOWSsystem32wuauclt.exe
C:WINDOWSsystem32RAMASST.exe
C:Program FilesMicrosoft SQL Server80ToolsBinnsqlmangr.exe
C:Program FilesLogitechVideoFxSvr2.exe
C:Program FilesSkypePlugin ManagerskypePM.exe
C:Documents and SettingsVanHieuMy DocumentsDownloadsRSIT.exe
C:Program Filestrend microVanHieu.exe

R3 — URLSearchHook: ICQ Toolbar — {855F3B16-6D32-4fe6-8A56-BBB695989046} — C:PROGRA~1ICQTOO~1toolbaru.dll (file missing)
O2 — BHO: (no name) — {02478D38-C3F9-4efb-9B51-7695ECA05670} — (no file)
O2 — BHO: AcroIEHlprObj Class — {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} — C:Program FilesAdobeAcrobat 7.0ActiveXAcroIEHelper.dll
O2 — BHO: Skype add-on (mastermind) — {22BF413B-C6D2-4d91-82A9-A0F997BA588C} — C:Program FilesSkypeToolbarsInternet ExplorerSkypeIEPlugin.dll
O2 — BHO: RealPlayer Download and Record Plugin for Internet Explorer — {3049C3E9-B461-4BC5-8870-4C09146192CA} — C:Program FilesRealRealPlayerrpbrowserrecordplugin.dll
O2 — BHO: Yahoo! IE Services Button — {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} — C:Program FilesYahoo!Commonyiesrvc.dll
O2 — BHO: Java(tm) Plug-In SSV Helper — {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} — C:Program FilesJavajre6binssv.dll
O2 — BHO: QUICKfind BHO Object — {C08DF07A-3E49-4E25-9AB0-D3882835F153} — C:PROGRA~1IDMQUICKF~1PlugInsIEHelp.dll
O2 — BHO: Java(tm) Plug-In 2 SSV Helper — {DBC80044-A445-435b-BC74-9C25C1C588A9} — C:Program FilesJavajre6binjp2ssv.dll
O2 — BHO: JQSIEStartDetectorImpl — {E7E6F031-17CE-4C07-BC86-EABFE594F69C} — C:Program FilesJavajre6libdeployjqsiejqs_plugin.dll
O2 — BHO: Ask Toolbar BHO — {FE063DB1-4EC0-403e-8DD8-394C54984B2C} — C:Program FilesAskTBarbar1.binASKTBAR.DLL (file missing)
O3 — Toolbar: ICQ Toolbar — {855F3B16-6D32-4fe6-8A56-BBB695989046} — C:PROGRA~1ICQTOO~1toolbaru.dll (file missing)
O3 — Toolbar: Ask Toolbar — {FE063DB9-4EC0-403e-8DD8-394C54984B2C} — C:Program FilesAskTBarbar1.binASKTBAR.DLL (file missing)
O4 — HKLM..Run: [igfxtray] C:WINDOWSsystem32igfxtray.exe
O4 — HKLM..Run: [igfxhkcmd] C:WINDOWSsystem32hkcmd.exe
O4 — HKLM..Run: [igfxpers] C:WINDOWSsystem32igfxpers.exe
O4 — HKLM..Run: [QuickTime Task] «C:Program FilesQuickTimeqttask.exe» -atboottime
O4 — HKLM..Run: [LVCOMSX] C:WINDOWSsystem32LVCOMSX.EXE
O4 — HKLM..Run: [LogitechVideoRepair] C:Program FilesLogitechVideoISStart.exe
O4 — HKLM..Run: [LogitechVideoTray] C:Program FilesLogitechVideoLogiTray.exe
O4 — HKLM..Run: [dla] C:WINDOWSsystem32dlatfswctrl.exe
O4 — HKLM..Run: [DVDBitSet] «C:Program FilesHP CD-DVDUmbrellaDVDBitSet.exe» /NOUI
O4 — HKLM..Run: [HPCDTray] «C:Program FilesHP CD-DVDUmbrellahpcdtray.exe»
O4 — HKLM..Run: [SMSTray] C:Program FilesSamsungSamsung Media Studio 5SMSTray.exe
O4 — HKLM..Run: [TkBellExe] «C:Program FilesCommon FilesRealUpdate_OBrealsched.exe» -osboot
O4 — HKLM..Run: [hpppta] C:Program FilesHewlett-PackardHP PrecisionScanPrecisionScan Prohpppta.exe /ICON
O4 — HKLM..Run: [SunJavaUpdateSched] «C:Program FilesJavajre6binjusched.exe»
O4 — HKLM..Run: [wmagent.exe] «C:Program FilesWebMoney Agentwmagent.exe»
O4 — HKLM..Run: [NeroFilterCheck] C:WINDOWSsystem32NeroCheck.exe
O4 — HKLM..Run: [IMJPMIG8.1] «C:WINDOWSIMEimjp8_1IMJPMIG.EXE» /Spoil /RemAdvDef /Migration32
O4 — HKLM..Run: [MSPY2002] C:WINDOWSsystem32IMEPINTLGNTImScInst.exe /SYNC
O4 — HKLM..Run: [PHIME2002ASync] C:WINDOWSsystem32IMETINTLGNTTINTSETP.EXE /SYNC
O4 — HKLM..Run: [PHIME2002A] C:WINDOWSsystem32IMETINTLGNTTINTSETP.EXE /IMEName
O4 — HKLM..Run: [BkavFw] C:Program FilesBkav2006Bkav2006.exe TASKBAR
O4 — HKCU..Run: [STYLEXP] C:Program FilesTGTSoftStyleXPStyleXP.exe -Hide
O4 — HKCU..Run: [UniKey] C:Program FilesUnikey 3.6UniKeyNT.exe
O4 — HKCU..Run: [Messenger (Yahoo!)] «C:Program FilesYahoo!MessengerYahooMessenger.exe» -quiet
O4 — HKCU..Run: [ctfmon.exe] C:WINDOWSsystem32ctfmon.exe
O4 — HKCU..Run: [MSMSGS] «C:Program FilesMessengermsmsgs.exe» /background
O4 — HKCU..Run: [LDM] C:Program FilesLogitechDesktop Messenger8876480ProgramBackWeb-8876480.exe
O4 — HKCU..Run: [BitTorrent DNA] «C:Program FilesDNAbtdna.exe»
O4 — HKCU..Run: [Google Update] «C:Documents and SettingsVanHieuLocal SettingsApplication DataGoogleUpdateGoogleUpdate.exe» /c
O4 — HKCU..Run: [Skype] «C:Program FilesSkypePhoneSkype.exe» /nosplash /minimized
O4 — HKUSS-1-5-19..Run: [CTFMON.EXE] C:WINDOWSsystem32CTFMON.EXE (User ‘LOCAL SERVICE’)
O4 — HKUSS-1-5-20..Run: [CTFMON.EXE] C:WINDOWSsystem32CTFMON.EXE (User ‘NETWORK SERVICE’)
O4 — HKUSS-1-5-18..Run: [CTFMON.EXE] C:WINDOWSsystem32CTFMON.EXE (User ‘SYSTEM’)
O4 — HKUS.DEFAULT..Run: [CTFMON.EXE] C:WINDOWSsystem32CTFMON.EXE (User ‘Default user’)
O4 — Startup: PowerReg Scheduler.exe
O4 — Global Startup: Logitech Desktop Messenger.lnk = C:Program FilesLogitechDesktop Messenger8876480ProgramLDMConf.exe
O4 — Global Startup: RAMASST.lnk = C:WINDOWSsystem32RAMASST.exe
O4 — Global Startup: Service Manager.lnk = C:Program FilesMicrosoft SQL Server80ToolsBinnsqlmangr.exe
O8 — Extra context menu item: E&xport to Microsoft Excel — res://C:PROGRA~1MICROS~2OFFICE11EXCEL.EXE/3000
O9 — Extra button: Yahoo! Services — {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} — C:Program FilesYahoo!Commonyiesrvc.dll
O9 — Extra button: Skype — {77BF5300-1474-4EC7-9980-D32B190E9B07} — C:Program FilesSkypeToolbarsInternet ExplorerSkypeIEPlugin.dll
O9 — Extra button: Research — {92780B25-18CC-41C8-B9BE-3C9C571A8263} — C:PROGRA~1MICROS~2OFFICE11REFIEBAR.DLL
O9 — Extra button: ICQ6 — {E59EB121-F339-4851-A3BA-FE49C35617C2} — C:Program FilesICQ6ICQ.exe
O9 — Extra ‘Tools’ menuitem: ICQ6 — {E59EB121-F339-4851-A3BA-FE49C35617C2} — C:Program FilesICQ6ICQ.exe
O9 — Extra button: More Information — {FB5A1911-A111-12d3-BB8E-12C04F845654} — mailto:VanHieu_vl@Yahoo.com?Subject=More Information (file missing)
O9 — Extra ‘Tools’ menuitem: More Information — {FB5A1911-A111-12d3-BB8E-12C04F845654} — mailto:VanHieu_vl@Yahoo.com?Subject=More Information (file missing)
O9 — Extra button: Messenger — {FB5F1910-F110-11d2-BB9E-00C04F795683} — C:Program FilesMessengermsmsgs.exe
O9 — Extra ‘Tools’ menuitem: Windows Messenger — {FB5F1910-F110-11d2-BB9E-00C04F795683} — C:Program FilesMessengermsmsgs.exe
O17 — HKLMSystemCCSServicesTcpip..{24F87B78-2B3A-4A7E-B707-28AA5E8723EE}: NameServer = 194.67.160.3,194.67.161.1
O17 — HKLMSystemCS1ServicesTcpip..{24F87B78-2B3A-4A7E-B707-28AA5E8723EE}: NameServer = 194.67.160.3,194.67.161.1
O18 — Protocol: skype4com — {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} — C:PROGRA~1COMMON~1SkypeSKYPE4~1.DLL
O18 — Filter: text/xml; charset=iso-8859-1 — {32F66A26-7614-11D4-BD11-00104BD3F987} — C:Program FilesDesign ScienceMathPlayerMathMLMimer.dll
O18 — Filter: text/xml; charset=utf-8 — {32F66A26-7614-11D4-BD11-00104BD3F987} — C:Program FilesDesign ScienceMathPlayerMathMLMimer.dll
O23 — Service: DVD-RAM_Service — Matsushita Electric Industrial Co., Ltd. — C:WINDOWSsystem32DVDRAMSV.exe
O23 — Service: Java Quick Starter (JavaQuickStarterService) — Sun Microsystems, Inc. — C:Program FilesJavajre6binjqs.exe
O23 — Service: StyleXPService — Unknown owner — C:Program FilesTGTSoftStyleXPStyleXPService.exe

—
End of file — 8945 bytes

======Scheduled tasks folder======

C:WINDOWStasksGoogleUpdateTaskUserS-1-5-21-1993962763-764733703-1060284298-1003.job

======Registry dump======

[HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionExplorerBrowser Helper Objects{02478D38-C3F9-4efb-9B51-7695ECA05670}]

[HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionExplorerBrowser Helper Objects{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]
AcroIEHlprObj Class — C:Program FilesAdobeAcrobat 7.0ActiveXAcroIEHelper.dll [2004-12-14 63136]

[HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionExplorerBrowser Helper Objects{22BF413B-C6D2-4d91-82A9-A0F997BA588C}]
Skype add-on (mastermind) — C:Program FilesSkypeToolbarsInternet ExplorerSkypeIEPlugin.dll [2009-01-29 1088296]

[HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionExplorerBrowser Helper Objects{3049C3E9-B461-4BC5-8870-4C09146192CA}]
RealPlayer Download and Record Plugin for Internet Explorer — C:Program FilesRealRealPlayerrpbrowserrecordplugin.dll [2008-09-18 308856]

[HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionExplorerBrowser Helper Objects{5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897}]
Yahoo! IE Services Button — C:Program FilesYahoo!Commonyiesrvc.dll [2007-12-13 222448]

[HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionExplorerBrowser Helper Objects{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
Java(tm) Plug-In SSV Helper — C:Program FilesJavajre6binssv.dll [2009-01-03 320920]

[HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionExplorerBrowser Helper Objects{C08DF07A-3E49-4E25-9AB0-D3882835F153}]
QUICKfind BHO Object — C:PROGRA~1IDMQUICKF~1PlugInsIEHelp.dll [2003-06-30 337920]

[HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionExplorerBrowser Helper Objects{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper — C:Program FilesJavajre6binjp2ssv.dll [2009-01-03 34816]

[HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionExplorerBrowser Helper Objects{E7E6F031-17CE-4C07-BC86-EABFE594F69C}]
JQSIEStartDetectorImpl Class — C:Program FilesJavajre6libdeployjqsiejqs_plugin.dll [2009-01-03 73728]

[HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionExplorerBrowser Helper Objects{FE063DB1-4EC0-403e-8DD8-394C54984B2C}]
Ask Toolbar BHO — C:Program FilesAskTBarbar1.binASKTBAR.DLL []

[HKEY_LOCAL_MACHINESOFTWAREMicrosoftInternet ExplorerToolbar]
{855F3B16-6D32-4fe6-8A56-BBB695989046} — ICQ Toolbar — C:PROGRA~1ICQTOO~1toolbaru.dll []
{FE063DB9-4EC0-403e-8DD8-394C54984B2C} — Ask Toolbar — C:Program FilesAskTBarbar1.binASKTBAR.DLL []

[HKEY_LOCAL_MACHINESoftwareMicrosoftWindowsCurrentVersionRun]
«igfxtray»=C:WINDOWSsystem32igfxtray.exe [2005-09-20 94208]
«igfxhkcmd»=C:WINDOWSsystem32hkcmd.exe [2005-09-20 77824]
«igfxpers»=C:WINDOWSsystem32igfxpers.exe [2005-09-20 114688]
«QuickTime Task»=C:Program FilesQuickTimeqttask.exe [2008-07-13 98304]
«LVCOMSX»=C:WINDOWSsystem32LVCOMSX.EXE [2004-02-25 221184]
«LogitechVideoRepair»=C:Program FilesLogitechVideoISStart.exe [2004-02-25 454656]
«LogitechVideoTray»=C:Program FilesLogitechVideoLogiTray.exe [2004-02-25 212992]
«dla»=C:WINDOWSsystem32dlatfswctrl.exe [2002-05-09 102455]
«DVDBitSet»=C:Program FilesHP CD-DVDUmbrellaDVDBitSet.exe [2002-05-01 200704]
«HPCDTray»=C:Program FilesHP CD-DVDUmbrellahpcdtray.exe [2001-10-17 69632]
«SMSTray»=C:Program FilesSamsungSamsung Media Studio 5SMSTray.exe [2007-12-14 132624]
«TkBellExe»=C:Program FilesCommon FilesRealUpdate_OBrealsched.exe [2008-09-18 185896]
«hpppta»=C:Program FilesHewlett-PackardHP PrecisionScanPrecisionScan Prohpppta.exe [2000-06-02 86016]
«SunJavaUpdateSched»=C:Program FilesJavajre6binjusched.exe [2009-01-03 136600]
«wmagent.exe»=C:Program FilesWebMoney Agentwmagent.exe [2008-10-01 209376]
«NeroFilterCheck»=C:WINDOWSsystem32NeroCheck.exe [2006-01-12 155648]
«IMJPMIG8.1″=C:WINDOWSIMEimjp8_1IMJPMIG.EXE [2004-08-03 208952]
«MSPY2002″=C:WINDOWSsystem32IMEPINTLGNTImScInst.exe [2004-08-03 59392]
«PHIME2002ASync»=C:WINDOWSsystem32IMETINTLGNTTINTSETP.EXE [2004-08-03 455168]
«PHIME2002A»=C:WINDOWSsystem32IMETINTLGNTTINTSETP.EXE [2004-08-03 455168]
«BkavFw»=C:Program FilesBkav2006Bkav2006.exe [2009-03-11 16999424]

[HKEY_CURRENT_USERSoftwareMicrosoftWindowsCurrentVersionRun]
«STYLEXP»=C:Program FilesTGTSoftStyleXPStyleXP.exe [2005-07-21 1359872]
«UniKey»=C:Program FilesUnikey 3.6UniKeyNT.exe [2003-01-29 77824]
«Messenger (Yahoo!)»=C:Program FilesYahoo!MessengerYahooMessenger.exe [2008-11-05 4347120]
«ctfmon.exe»=C:WINDOWSsystem32ctfmon.exe [2004-08-04 15360]
«MSMSGS»=C:Program FilesMessengermsmsgs.exe [2004-08-04 1667584]
«LDM»=C:Program FilesLogitechDesktop Messenger8876480ProgramBackWeb-8876480.exe []
«BitTorrent DNA»=C:Program FilesDNAbtdna.exe [2008-12-19 342848]
«Google Update»=C:Documents and SettingsVanHieuLocal SettingsApplication DataGoogleUpdateGoogleUpdate.exe [2008-11-05 133104]
«Skype»=C:Program FilesSkypePhoneSkype.exe [2009-01-29 23975720]

[HKEY_LOCAL_MACHINEsoftwaremicrosoftshared toolsmsconfigstartupregmtd2002Svr]
C:Program Filesmtd2002mtdserver.exe [2002-10-05 544768]

[HKEY_LOCAL_MACHINEsoftwaremicrosoftshared toolsmsconfigstartupregSTYLEXP]
C:Program FilesTGTSoftStyleXPStyleXP.exe [2005-07-21 1359872]

C:Documents and SettingsAll UsersStart MenuProgramsStartup
Logitech Desktop Messenger.lnk — C:Program FilesLogitechDesktop Messenger8876480ProgramLDMConf.exe
RAMASST.lnk — C:WINDOWSsystem32RAMASST.exe
Service Manager.lnk — C:Program FilesMicrosoft SQL Server80ToolsBinnsqlmangr.exe

C:Documents and SettingsVanHieuStart MenuProgramsStartup
PowerReg Scheduler.exe

[HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows NTCurrentVersionWinlogonNotifyigfxcui]
C:WINDOWSsystem32igfxdev.dll [2005-09-20 135168]

[HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionExplorerShellExecuteHooks]
«{C5F43BEF-CE2F-46D8-AFE6-A647BACD1F09}»=C:WINDOWSsystem32haozs1.dll [2004-08-04 78848]

[HKEY_LOCAL_MACHINESoftwareMicrosoftWindowsCurrentVersionPoliciesSystem]
«dontdisplaylastusername»=0
«legalnoticecaption»=
«legalnoticetext»=
«shutdownwithoutlogon»=1
«undockwithoutlogon»=1

[HKEY_CURRENT_USERSoftwareMicrosoftWindowsCurrentVersionPoliciesexplorer]
«NoDriveTypeAutoRun»=223
«NoDriveAutoRun»=FC0F0000

[HKEY_LOCAL_MACHINEsystemcurrentcontrolsetservicessharedaccessparametersfirewallpolicystandardprofileauthorizedapplicationslist]
«C:Program Filesmtd2002mtdserver.exe»=»C:Program Filesmtd2002mtdserver.exe:*:Disabled:mtdServer»
«C:WINDOWSsystem32sessmgr.exe»=»C:WINDOWSsystem32sessmgr.exe:*:Disabled:@xpsp2res.dll,-22019»
«C:Program FilesYahoo!MessengerYahooMessenger.exe»=»C:Program FilesYahoo!MessengerYahooMessenger.exe:*:Enabled:Yahoo! Messenger»
«C:Program FilesICQ6ICQ.exe»=»C:Program FilesICQ6ICQ.exe:*:Enabled:ICQ6»
«C:Program FilesYahoo!MessengerYServer.exe»=»C:Program FilesYahoo!MessengerYServer.exe:*:Enabled:Yahoo! FT Server»
«C:Program FilesOperaopera.exe»=»C:Program FilesOperaopera.exe:*:Enabled:Opera Internet Browser»
«C:Program FilesLogitechDesktop Messenger8876480ProgrambackWeb-8876480.exe»=»C:Program FilesLogitechDesktop Messenger8876480ProgrambackWeb-8876480.exe:*:Enabled:backWeb-8876480»
«C:Program FilesDNAbtdna.exe»=»C:Program FilesDNAbtdna.exe:*:Enabled:DNA»
«C:Program FilesBitTorrentbittorrent.exe»=»C:Program FilesBitTorrentbittorrent.exe:*:Enabled:BitTorrent»
«C:WINDOWSSystem32muzapp.exe»=»C:WINDOWSSystem32muzapp.exe:*:Enabled:MUZ AOD APP player»
«C:Program FilesVeoh NetworksVeohWebPlayerveohwebplayer.exe»=»C:Program FilesVeoh NetworksVeohWebPlayerveohwebplayer.exe:*:Enabled:Veoh Web Player «
«C:Program FilesVideoLANVLCvlc.exe»=»C:Program FilesVideoLANVLCvlc.exe:*:Enabled:VLC media player»
«%windir%system32sessmgr.exe»=»%windir%system32sessmgr.exe:*:enabled:@xpsp2res.dll,-22019»
«C:Program FilesTVAntsTvants.exe»=»C:Program FilesTVAntsTvants.exe:*:Enabled:TVAnts»
«C:Program FilesSkypePhoneSkype.exe»=»C:Program FilesSkypePhoneSkype.exe:*:Enabled:Skype»

[HKEY_LOCAL_MACHINEsystemcurrentcontrolsetservicessharedaccessparametersfirewallpolicydomainprofileauthorizedapplicationslist]
«%windir%system32sessmgr.exe»=»%windir%system32sessmgr.exe:*:enabled:@xpsp2res.dll,-22019»

[HKEY_CURRENT_USERsoftwaremicrosoftwindowscurrentversionexplorermountpoints2{926b9300-500b-11dd-8aa5-00080d046837}]
shellAutoRuncommand — nqgcd.com
shellexplorecommand — nqgcd.com
shellopencommand — nqgcd.com

[HKEY_CURRENT_USERsoftwaremicrosoftwindowscurrentversionexplorermountpoints2{9e719050-5809-11dd-8ab2-00080d046837}]
shellAutoRuncommand — G:dbrxubcw.com
shellopencommand — G:dbrxubcw.com

======List of files/folders created in the last 1 months======

2009-03-13 07:54:50 —-D—- C:Program Filestrend micro
2009-03-13 07:54:48 —-D—- C:rsit
2009-03-11 20:08:27 —-D—- C:Documents and SettingsVanHieuApplication DataMalwarebytes
2009-03-11 20:07:56 —-D—- C:Program FilesMalwarebytes’ Anti-Malware
2009-03-11 20:07:56 —-D—- C:Documents and SettingsAll UsersApplication DataMalwarebytes
2009-03-11 19:25:17 —-D—- C:VundoFix Backups
2009-03-11 19:25:17 —-A—- C:VundoFix.txt
2009-03-11 14:10:48 —-D—- C:Program FilesBkav2006
2009-03-11 12:05:38 —-SHD—- C:FOUND.006
2009-03-11 07:18:02 —-RSH—- C:cb.exe
2009-03-10 20:04:03 —-RSH—- C:k80wh3.exe
2009-03-10 18:44:41 —-RSH—- C:dl3yf.bat
2009-03-10 06:56:41 —-RSH—- C:u.com
2009-03-09 21:14:13 —-D—- C:Documents and SettingsVanHieuApplication DataSamsung
2009-03-09 16:09:02 —-D—- C:Program FilesTVAnts
2009-03-09 16:06:06 —-RSH—- C:ssx16.exe
2009-03-08 08:51:07 —-RSH—- C:WINDOWSsystem32uweyiwe1.dll
2009-03-08 08:50:23 —-N—- C:WINDOWSsystem32uweyiwe0.dll
2009-03-07 23:56:23 —-A—- C:WINDOWSsystem32framedyn.dll
2009-03-07 23:55:17 —-D—- C:WINDOWSsystem32Samsung_USB_Drivers
2009-03-07 23:15:20 —-D—- C:Program FilesHelaBasa
2009-03-07 20:05:09 —-D—- C:Program FilesReadWrite Korean
2009-03-07 19:53:29 —-D—- C:Program FilesKorean HakGyo
2009-03-07 19:46:38 —-D—- C:Documents and SettingsAll UsersApplication DataTavultesoft
2009-03-07 19:45:54 —-RSH—- C:i.com
2009-03-07 19:12:39 —-D—- C:Documents and SettingsVanHieuApplication DataTavultesoft
2009-03-07 19:12:29 —-D—- C:Program FilesCommon FilesTavultesoft
2009-03-07 19:12:05 —-D—- C:Program FilesTavultesoft
2009-03-07 18:01:23 —-A—- C:memory.txt
2009-03-07 18:01:20 —-D—- C:Program FilesAgilingua
2009-03-07 18:00:38 —-D—- C:WINDOWSFlash Card Factory
2009-03-07 18:00:38 —-D—- C:Program FilesFlash Card Factory
2009-03-07 18:00:29 —-A—- C:WINDOWSFlash Card Factory Setup Log.txt
2009-03-07 16:28:14 —-A—- C:WINDOWSsystem32msir3jp.dll
2009-03-07 16:28:14 —-A—- C:WINDOWSsystem32korwbrkr.dll
2009-03-07 16:28:14 —-A—- C:WINDOWSsystem32chtbrkr.dll
2009-03-07 16:28:14 —-A—- C:WINDOWSsystem32chsbrkr.dll
2009-03-07 16:28:02 —-A—- C:WINDOWSsystem32c_g18030.dll
2009-03-07 16:28:01 —-A—- C:WINDOWSsystem32kbd101a.dll
2009-03-07 16:27:55 —-A—- C:WINDOWSsystem32kbdnecNT.dll
2009-03-07 16:27:55 —-A—- C:WINDOWSsystem32kbdnecAT.dll
2009-03-07 16:27:55 —-A—- C:WINDOWSsystem32kbdnec95.dll
2009-03-07 16:27:55 —-A—- C:WINDOWSsystem32kbdlk41j.dll
2009-03-07 16:27:55 —-A—- C:WINDOWSsystem32kbdlk41a.dll
2009-03-07 16:27:55 —-A—- C:WINDOWSsystem32kbdibm02.dll
2009-03-07 16:27:55 —-A—- C:WINDOWSsystem32kbdax2.dll
2009-03-07 16:27:55 —-A—- C:WINDOWSsystem32kbd106n.dll
2009-03-07 16:27:55 —-A—- C:WINDOWSsystem32kbd101.dll
2009-03-07 16:27:55 —-A—- C:WINDOWSsystem32f3ahvoas.dll
2009-03-07 16:22:53 —-D—- C:WINDOWSSxsCaPendDel
2009-03-07 15:43:45 —-RSH—- C:2.bat
2009-03-07 15:19:22 —-A—- C:WINDOWSMegaManager.INI
2009-03-06 19:40:24 —-A—- C:WINDOWSsystem32c_is2022.dll
2009-03-06 13:11:10 —-A—- C:WINDOWSsystem32WMErrRUS.dll
2009-03-06 13:11:09 —-D—- C:WINDOWSsystem321049
2009-03-06 13:10:05 —-HD—- C:WINDOWS$NtUninstallKB841625_RUS$
2009-03-06 13:08:17 —-HD—- C:WINDOWS$NtUninstallKB841625_KOR$
2009-03-06 08:12:26 —-N—- C:WINDOWSsystem32dbmsqlgc.dll
2009-03-06 08:12:26 —-N—- C:WINDOWSsystem32dbmsgnet.dll
2009-03-06 08:12:09 —-D—- C:Program FilesMicrosoft SQL Server
2009-03-06 01:31:23 —-D—- C:Program FilesWindows Embedded
2009-03-05 22:07:59 —-D—- C:WINDOWSPrefetch
2009-03-05 22:05:46 —-A—- C:WINDOWSsetuplog.txt
2009-03-05 22:04:55 —-N—- C:WINDOWSsystem32smtpapi.dll
2009-03-05 22:04:55 —-N—- C:WINDOWSsystem32rwnh.dll
2009-03-05 22:04:55 —-N—- C:WINDOWSsystem32comsdupd.exe
2009-03-05 22:04:49 —-N—- C:WINDOWSsystem32ativvaxx.dll
2009-03-05 22:04:49 —-N—- C:WINDOWSsystem32ativtmxx.dll
2009-03-05 22:04:49 —-N—- C:WINDOWSsystem32ati3duag.dll
2009-03-05 22:04:49 —-N—- C:WINDOWSsystem32ati3d1ag.dll
2009-03-05 22:04:49 —-N—- C:WINDOWSsystem32ati2dvag.dll
2009-03-05 22:04:49 —-N—- C:WINDOWSsystem32ati2dvaa.dll
2009-03-05 22:04:49 —-N—- C:WINDOWSsystem32ati2cqag.dll
2009-03-05 22:04:48 —-N—- C:WINDOWSsystem32slgen.dll
2009-03-05 22:04:48 —-N—- C:WINDOWSsystem32slextspk.dll
2009-03-05 22:04:48 —-N—- C:WINDOWSsystem32slcoinst.dll
2009-03-05 22:04:48 —-N—- C:WINDOWSsystem32s3gnb.dll
2009-03-05 22:04:48 —-N—- C:WINDOWSsystem32nv4_disp.dll
2009-03-05 22:04:48 —-N—- C:WINDOWSsystem32mtxparhd.dll
2009-03-05 22:04:48 —-N—- C:WINDOWSsystem32mdmxsdk.dll
2009-03-05 22:04:48 —-N—- C:WINDOWSsystem32hsfcisp2.dll
2009-03-05 22:04:47 —-N—- C:WINDOWSsystem32slserv.exe
2009-03-05 22:04:47 —-N—- C:WINDOWSsystem32slrundll.exe
2009-03-05 22:04:47 —-N—- C:WINDOWSslrundll.exe
2009-03-05 22:04:41 —-A—- C:WINDOWSsystem32uniime.dll
2009-03-05 22:04:41 —-A—- C:WINDOWSsystem32imjp81k.dll
2009-03-05 22:01:48 —-D—- C:WINDOWSServicePackFiles
2009-03-05 22:01:02 —-N—- C:WINDOWSsystem32spmsg.dll
2009-03-05 22:00:56 —-A—- C:WINDOWS00001_.tmp
2009-03-05 22:00:33 —-A—- C:WINDOWSsystem32spupdsvc.exe
2009-03-05 00:44:57 —-RASH—- C:autorun.inf.bak
2009-03-04 19:14:57 —-RSH—- C:dbrxubcw.com
2009-03-03 15:25:58 —-D—- C:Documents and SettingsVanHieuApplication DataDivX
2009-03-03 15:23:56 —-N—- C:WINDOWSsystem32pxinsi64.exe
2009-03-03 15:23:56 —-N—- C:WINDOWSsystem32pxinsa64.exe
2009-03-03 15:23:56 —-N—- C:WINDOWSsystem32pxcpyi64.exe
2009-03-03 15:23:56 —-N—- C:WINDOWSsystem32pxcpya64.exe
2009-03-03 15:23:55 —-N—- C:WINDOWSsystem32pxsfs.dll
2009-03-03 15:23:55 —-N—- C:WINDOWSsystem32pxafs.dll
2009-03-02 16:29:35 —-RSH—- C:a1agmur.cmd
2009-03-02 09:52:11 —-D—- C:Program FilesAimersoft
2009-02-26 09:19:22 —-RSH—- C:wx8o0bt1.com
2009-02-25 09:42:12 —-RSH—- C:qxty9be.cmd
2009-02-25 03:29:12 —-SHD—- C:FOUND.005
2009-02-24 08:43:56 —-RSH—- C:jeorels.cmd
2009-02-23 13:49:34 —-D—- C:Documents and SettingsVanHieuApplication Datavlc
2009-02-23 13:48:42 —-D—- C:Program FilesVideoLAN
2009-02-22 22:24:36 —-A—- C:WINDOWSIsUn0419.exe
2009-02-22 22:08:19 —-A—- C:WINDOWSIsUninstR.Exe
2009-02-22 19:53:56 —-D—- C:Program FilesOnline TV Player 4
2009-02-20 20:00:46 —-A—- C:WINDOWSSubCreator.INI
2009-02-20 19:33:30 —-D—- C:Program FilesURUSoft
2009-02-20 06:34:56 —-SHD—- C:FOUND.004
2009-02-18 18:59:13 —-RSH—- C:WINDOWSsystem32nmdfgds0.dll
2009-02-17 21:29:28 —-SHD—- C:FOUND.003
2009-02-17 21:20:34 —-SHD—- C:FOUND.002
2009-02-14 17:55:46 —-SHD—- C:FOUND.001
2009-02-14 16:28:27 —-A—- C:WINDOWSsystem32wmpns.dll

======List of files/folders modified in the last 1 months======

2009-03-12 23:52:00 —-A—- C:WINDOWSSchedLgU.Txt
2009-03-12 13:48:58 —-A—- C:WINDOWSNeroDigital.ini
2009-03-12 08:18:18 —-A—- C:WINDOWSwinamp.ini
2009-03-09 11:38:30 —-RSH—- C:WINDOWSsystem32nmdfgds1.dll
2009-03-07 18:40:34 —-A—- C:WINDOWSsystem.ini
2009-03-07 16:43:46 —-A—- C:WINDOWSimsins.BAK
2009-03-07 15:21:26 —-A—- C:Documents and SettingsVanHieuApplication Datainst.exe
2009-03-06 13:22:34 —-A—- C:WINDOWSsystem32PerfStringBackup.INI
2009-03-05 22:08:40 —-A—- C:WINDOWSOEWABLog.txt
2009-03-05 22:08:34 —-A—- C:WINDOWSwin.ini
2009-03-05 22:05:48 —-RASH—- C:boot.ini
2009-02-28 18:42:32 —-A—- C:WINDOWSavisplitter.INI
2009-02-27 08:25:52 —-A—- C:Log.txt

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 FsVga;FsVga; C:WINDOWSsystem32DRIVERSfsvga.sys [2004-08-04 12160]
R1 hpcd2k;hpcd2k; C:WINDOWSsystem32drivershpcd2k.sys [2000-10-23 4421]
R1 intelppm;Intel Processor Driver; C:WINDOWSsystem32DRIVERSintelppm.sys [2004-08-04 36096]
R1 meiudf;meiudf; C:WINDOWSSystem32Driversmeiudf.sys [2003-01-31 90416]
R1 sscdbhk5;sscdbhk5; C:WINDOWSsystem32driverssscdbhk5.sys [2002-01-28 5589]
R1 ssrtln;ssrtln; C:WINDOWSsystem32driversssrtln.sys [2002-01-28 22963]
R1 StarOpen;StarOpen; C:WINDOWSsystem32driversStarOpen.sys [2006-07-24 5632]
R1 StyleXPHelper;StyleXPHelper; ??C:Program FilesTGTSoftStyleXPStyleXPHelper.exe []
R1 SysLib;SysLib; C:WINDOWSsystem32driversSysLib.sys [2009-03-13 56772182]
R2 drvnddm;drvnddm; C:WINDOWSsystem32driversdrvnddm.sys [2002-02-12 40096]
R2 tfsnboio;tfsnboio; C:WINDOWSsystem32dlatfsnboio.sys [2002-05-09 23607]
R2 tfsncofs;tfsncofs; C:WINDOWSsystem32dlatfsncofs.sys [2002-05-09 34743]
R2 tfsndrct;tfsndrct; C:WINDOWSsystem32dlatfsndrct.sys [2002-05-09 4119]
R2 tfsndres;tfsndres; C:WINDOWSsystem32dlatfsndres.sys [2002-05-09 2203]
R2 tfsnifs;tfsnifs; C:WINDOWSsystem32dlatfsnifs.sys [2002-05-09 52790]
R2 tfsnopio;tfsnopio; C:WINDOWSsystem32dlatfsnopio.sys [2002-05-09 13847]
R2 tfsnpool;tfsnpool; C:WINDOWSsystem32dlatfsnpool.sys [2002-05-09 6327]
R2 tfsnudf;tfsnudf; C:WINDOWSsystem32dlatfsnudf.sys [2002-05-09 88758]
R2 tfsnudfa;tfsnudfa; C:WINDOWSsystem32dlatfsnudfa.sys [2002-05-09 94679]
R3 ac97intc;Intel(r) 82801DB/DBM Audio Driver Service (WDM); C:WINDOWSsystem32driversac97ich4.sys [2006-02-21 107776]
R3 CmBatt;Microsoft ACPI Control Method Battery Driver; C:WINDOWSsystem32DRIVERSCmBatt.sys [2004-08-03 14080]
R3 E100B;Intel(R) PRO Network Connection Driver; C:WINDOWSsystem32DRIVERSe100b325.sys [2006-10-31 165760]
R3 HidUsb;Microsoft HID Class Driver; C:WINDOWSsystem32DRIVERShidusb.sys [2001-08-17 9600]
R3 ialm;ialm; C:WINDOWSsystem32DRIVERSialmnt5.sys [2005-09-20 1302332]
R3 mouhid;Mouse HID Driver; C:WINDOWSsystem32DRIVERSmouhid.sys [2001-08-17 12160]
R3 pfc;Padus ASPI Shell; C:WINDOWSsystem32driverspfc.sys [2002-03-08 13780]
R3 usbehci;Microsoft USB 2.0 Enhanced Host Controller Miniport Driver; C:WINDOWSsystem32DRIVERSusbehci.sys [2004-08-03 26624]
R3 usbhub;USB2 Enabled Hub; C:WINDOWSsystem32DRIVERSusbhub.sys [2004-08-03 57600]
R3 usbohci;Microsoft USB Open Host Controller Miniport Driver; C:WINDOWSsystem32DRIVERSusbohci.sys [2004-08-03 17024]
R3 usbuhci;Microsoft USB Universal Host Controller Miniport Driver; C:WINDOWSsystem32DRIVERSusbuhci.sys [2004-08-03 20480]
S1 P3;Intel PentiumIII Processor Driver; C:WINDOWSsystem32DRIVERSp3.sys [2004-08-04 42496]
S3 atimpab;atimpab; C:WINDOWSsystem32DRIVERSatimpab.sys [2001-08-17 289664]
S3 CCDECODE;Closed Caption Decoder; C:WINDOWSsystem32DRIVERSCCDECODE.sys [2004-08-03 17024]
S3 cwcspud;Crystal SoundFusion(tm) Driver; C:WINDOWSsystem32driverscwcspud.sys [2001-08-17 111872]
S3 cwcwdm;Crystal SoundFusion(tm) WDM Driver; C:WINDOWSsystem32driverscwcwdm.sys [2001-08-17 93952]
S3 MSTEE;Microsoft Streaming Tee/Sink-to-Sink Converter; C:WINDOWSsystem32driversMSTEE.sys [2004-08-03 5504]
S3 NABTSFEC;NABTS/FEC VBI Codec; C:WINDOWSsystem32DRIVERSNABTSFEC.sys [2004-08-03 85376]
S3 NdisIP;Microsoft TV/Video Connection; C:WINDOWSsystem32DRIVERSNdisIP.sys [2004-08-03 10880]
S3 NSCIRDA;NSC Infrared Device Driver; C:WINDOWSsystem32DRIVERSnscirda.sys [2004-08-03 28672]
S3 pcouffin;VSO Software pcouffin; C:WINDOWSSystem32Driverspcouffin.sys [2009-01-17 47360]
S3 PhilCam8116;Logitech QuickCam Pro 3000(PID_08B0); C:WINDOWSsystem32DRIVERSCamDrL21.sys [2004-02-14 244096]
S3 Rasirda;WAN Miniport (IrDA); C:WINDOWSsystem32DRIVERSrasirda.sys [2001-08-17 19584]
S3 SLIP;BDA Slip De-Framer; C:WINDOWSsystem32DRIVERSSLIP.sys [2004-08-03 11136]
S3 ssm_bus;SAMSUNG Mobile USB Device II 1.0 driver (WDM); C:WINDOWSsystem32DRIVERSssm_bus.sys [2005-08-30 58320]
S3 ssm_mdfl;SAMSUNG Mobile USB Modem II 1.0 Filter; C:WINDOWSsystem32DRIVERSssm_mdfl.sys [2005-08-30 8336]
S3 ssm_mdm;SAMSUNG Mobile USB Modem II 1.0 Drivers; C:WINDOWSsystem32DRIVERSssm_mdm.sys [2005-08-30 94000]
S3 streamip;BDA IPSink; C:WINDOWSsystem32DRIVERSStreamIP.sys [2004-08-03 15360]
S3 TwoTrack;IBM PS/2 TrackPoint Filter Driver; C:WINDOWSsystem32DRIVERSTwoTrack.sys [2001-08-17 11520]
S3 usbaudio;USB Audio Driver (WDM); C:WINDOWSsystem32driversusbaudio.sys [2004-08-03 59264]
S3 usbccgp;Microsoft USB Generic Parent Driver; C:WINDOWSsystem32DRIVERSusbccgp.sys [2004-08-03 31616]
S3 usbprint;Microsoft USB PRINTER Class; C:WINDOWSsystem32DRIVERSusbprint.sys [2004-08-03 25856]
S3 usbscan;USB Scanner Driver; C:WINDOWSsystem32DRIVERSusbscan.sys [2004-08-03 15104]
S3 USBSTOR;USB Mass Storage Driver; C:WINDOWSsystem32DRIVERSUSBSTOR.SYS [2004-08-03 26496]
S3 WpdUsb;WpdUsb; C:WINDOWSSystem32Driverswpdusb.sys [2005-01-28 18944]
S3 WSTCODEC;World Standard Teletext Codec; C:WINDOWSsystem32DRIVERSWSTCODEC.SYS [2004-08-03 19328]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 DVD-RAM_Service;DVD-RAM_Service; C:WINDOWSsystem32DVDRAMSV.exe [2003-03-13 49152]
R2 JavaQuickStarterService;Java Quick Starter; C:Program FilesJavajre6binjqs.exe [2009-01-03 152984]
R2 Rbspxe;Remote Boot Service; C:WINDOWSSystem32svchost.exe [2004-08-04 14336]
R2 TFTPD;Trivial File Transfer Protocol; C:Program FilesWindows EmbeddedRemote Boot Servicetftpd.exe [2004-08-31 19484]
R2 UMWdf;Windows User Mode Driver Framework; C:WINDOWSsystem32wdfmgr.exe [2005-01-28 38912]
S2 Ati HotKey Poller;Ati HotKey Poller; C:WINDOWSsystem32atievxx.exe [2001-08-17 37376]
S2 StyleXPService;StyleXPService; C:Program FilesTGTSoftStyleXPStyleXPService.exe [2005-07-07 344064]
S3 aspnet_state;ASP.NET State Service; C:WINDOWSMicrosoft.NETFrameworkv1.1.4322aspnet_state.exe [2003-02-20 32768]
S3 MSSQLSERVER;MSSQLSERVER; C:Program FilesMicrosoft SQL ServerMSSQLBinnsqlservr.exe [2002-12-17 7520337]
S3 MSSQLServerADHelper;MSSQLServerADHelper; C:Program FilesMicrosoft SQL Server80ToolsBinnsqladhlp.exe [2002-12-17 66112]
S3 ose;Office Source Engine; C:Program FilesCommon FilesMicrosoft SharedSource EngineOSE.EXE [2003-07-28 89136]
S3 SQLSERVERAGENT;SQLSERVERAGENT; C:Program FilesMicrosoft SQL ServerMSSQLBinnsqlagent.EXE [2002-12-17 311872]

EOF

info.txt
info.txt logfile of random’s system information tool 1.05 2009-03-13 07:55:53

======Uninstall list======

—>C:Program FilesCommon FilesRealUpdate_OBr1puninst.exe RealNetworks|RealPlayer|6.0
—>C:WINDOWSsystem32\MSIEXEC.EXE /x {1206EF92-2E83-4859-ACCB-2048C3CB7DA6}
—>C:WINDOWSsystem32\MSIEXEC.EXE /x {8214CC02-6271-4DC8-B8DD-779933450264}
—>rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:WINDOWSINFPCHealth.inf
≪OÐIEE AEIEIAEE EEÐEEEA E IAOIAEß 9 EEANN≫—>RunDll32 C:PROGRA~1COMMON~1INSTAL~1engine6INTEL3~1Ctor.dll
ACDSee 7.0 PowerPack—>MsiExec.exe /I{B0625F16-B742-4F75-9FD8-20B47ACC7DE2}
Adobe AIR—>C:Program FilesCommon FilesAdobe AIRVersions1.0ResourcesAdobe AIR Updater.exe -arp:uninstall
Adobe AIR—>MsiExec.exe /I{A2BCA9F1-566C-4805-97D1-7FDC93386723}
Adobe Flash Player 10 ActiveX—>C:WINDOWSsystem32MacromedFlashuninstall_activeX.exe
Adobe Flash Player 10 Plugin—>C:WINDOWSsystem32MacromedFlashuninstall_plugin.exe
Adobe Media Player—>msiexec /qb /x {1EBB57D4-63FF-87CC-A0F0-D73982CF6008}
Adobe Media Player—>MsiExec.exe /I{1EBB57D4-63FF-87CC-A0F0-D73982CF6008}
Adobe Reader 7.0—>MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-A70000000000}
Adobe Reader Korean Fonts—>MsiExec.exe /I{AC76BA86-7AD7-5676-5A64-7E8A45000001}
ArcSoft ShowBiz—>RunDll32 C:PROGRA~1COMMON~1INSTAL~1engine6INTEL3~1Ctor.dll,LaunchSetup «C:Program FilesInstallShield Installation Information{2070269D-EC38-49E6-8E3E-46B36DA8AE96}Setup.exe» -l0x9 -uninst
Ask Toolbar—>rundll32 C:PROGRA~1AskTBarbar1.binAskTBar.dll,O
Atomica Deluxe 2.52—>C:Program FilesPopCap GamesAtomica DeluxePopUninstall.exe C:Program FilesPopCap GamesAtomica DeluxeInstall.log
Avi2Dvd 0.4.5 beta—>C:Program FilesAvi2Dvduninst.exe
AviSynth 2.5—>»C:Program FilesAviSynth 2.5Uninstall.exe»
Bach Khoa Antivirus 2006—>C:Program FilesBkav2006Bkav2006.exe UNINSTALL
Bejeweled Deluxe 1.861—>C:Program FilesPopCap GamesBejeweled DeluxePopUninstall.exe «C:Program FilesPopCap GamesBejeweled DeluxeInstall.log»
DivX Codec—>C:Program FilesDivXDivXCodecUninstall.exe /CODEC
DivX Player—>C:Program FilesDivXDivXPlayerUninstall.exe /PLAYER
DivX Web Player—>C:Program FilesDivXDivXWebPlayerUninstall.exe /PLUGIN
DivxToDVD 0.5.2b—>»C:Program FilesvsoDivxToDVDunins000.exe»
DVD-RAM Driver—>RunDll32 C:PROGRA~1COMMON~1INSTAL~1engine6INTEL3~1Ctor.dll,LaunchSetup «C:Program FilesInstallShield Installation Information{9D765FA6-F2BC-40AF-8145-50808F9BDF4E}Setup.exe» DVD-RAM Driver
Dynomite Deluxe 2.71—>C:Program FilesPopCap GamesDynomite DeluxePopUninstall.exe «C:Program FilesPopCap GamesDynomite DeluxeInstall.log»
Flash Card Factory—>»C:WINDOWSFlash Card Factoryuninstall.exe» «/U:C:Program FilesFlash Card FactoryUninstalluninstall.xml»
GenieSoft Overture v4.0.2—>»C:Program FilesGenieSoftOverture 4.0Uninstallunins000.exe»
Google Earth—>MsiExec.exe /I{1D14373E-7970-4F2F-A467-ACA4F0EA21E3}
HelaBasa 2008—>MsiExec.exe /I{3EF1A38E-C239-4156-B897-C4291062C24C}
HijackThis 2.0.2—>»C:Program Filestrend microHijackThis.exe» /uninstall
HP DLA—>MsiExec.exe /I{1206EF92-2E83-4859-ACCB-2048C3CB7DA6}
hp dvd writer—>»C:Program FilesHP CD-DVDSupportUninstall.exe»
HP PrecisionScan Pro—>C:WINDOWSIsUninst.exe -f»C:Program FilesHewlett-PackardHP PrecisionScanPrecisionScan ProUninst.isu» -c»C:Program FilesHewlett-PackardHP PrecisionScanPrecisionScan ProHPUninstallIs.dll»
HP RecordNow—>MsiExec.exe /I{8214CC02-6271-4DC8-B8DD-779933450264}
HP Scan-to-Web Wizard—>C:WINDOWSIsUninst.exe -f»C:Program FilesHewlett-PackardHP PrecisionScanPrecisionScan ProScan-To-Web.isu»
HP Simple Backup 4.75 (OEM)—>C:WINDOWSIsUninst.exe -f»C:PROGRA~1HPCD-D~1HP Simple BackupDeIsL1.isu» -cC:PROGRA~1HPCD-D~1HPSIMP~1SystemUNINST.DLL
ICQ6—>»C:Program FilesInstallShield Installation Information{60DE4033-9503-48D1-A483-7846BD217CA9}setup.exe» -runfromtemp -l0x0009 -removeonly
Inesoft Cash Organizer 2007 Premium 7.23—>»C:Program FilesInesoft Cash Organizer 2007 Premiumuninst.exe»
Inesoft Inesoft Address Book 3.0—>»C:Program FilesInesoft Address Bookuninst.exe»
Intel(R) Extreme Graphics 2 Driver—>RUNDLL32.EXE C:WINDOWSsystem32ialmrem.dll,UninstallW2KIGfx PCIVEN_8086&DEV_3582
Intel(R) PRO Network Connections Drivers—>Prounstl.exe
Java 2 Runtime Environment, SE v1.4.1_02—>RunDll32 C:PROGRA~1COMMON~1INSTAL~1engine6INTEL3~1Ctor.dll,LaunchSetup «C:Program FilesInstallShield Installation Information{EFCE5837-FC21-11D6-9D24-00010240CE95}setup.exe» Anytext
Java(TM) 6 Update 11—>MsiExec.exe /X{26A24AE4-039D-4CA4-87B4-2F83216011FF}
Java(TM) 6 Update 7—>MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160070}
K-Lite Codec Pack 4.0.0 (Full)—>»C:Program FilesK-Lite Codec Packunins000.exe»
Korean HakGyo version 2.2—>»C:Program FilesKorean HakGyounins000.exe»
Korean Language Support—>RunDll32 advpack.dll,LaunchINFSection C:WINDOWSINFko.inf, Uninstall
Logitech Desktop Messenger—>RunDll32 C:PROGRA~1COMMON~1INSTAL~1engine6INTEL3~1Ctor.dll,LaunchSetup «C:Program FilesInstallShield Installation Information{900B1197-53F5-4F46-A882-2CFFFE2EEDCB}Setup.exe» -l0x9 UNINSTALL
Logitech Print Service—>C:PROGRA~1LOGITECHPRINTS~1UNWISE.EXE C:PROGRA~1LOGITECHPRINTS~1INSTALL.LOG
Logitech QuickCam—>MsiExec.exe /I{466B21EE-2858-4845-B2B3-056FC544DAA3}
Logitech® Camera Driver—>»C:Program FilesCommon FilesLogitechQCDRVBINSETUP.EXE» UNINSTALL REMOVEPROMPT
Longman Active Study Dictionary 4th edition—>C:WINDOWSIsUninst.exe -f»C:Program FilesLongmanLASD4Uninst.isu»
Longman Exams Coach—>»C:Program FilesLongmanleduninstall.exe»
Malwarebytes’ Anti-Malware—>»C:Program FilesMalwarebytes’ Anti-Malwareunins000.exe»
MathPlayer—>C:Program FilesDesign ScienceMathPlayerSetup.exe -u
Microsoft .NET Framework 1.1—>MsiExec.exe /X{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}
Microsoft Office Professional Edition 2003—>MsiExec.exe /I{90110409-6000-11D3-8CFE-0150048383C9}
Microsoft SQL Server Desktop Engine—>MsiExec.exe /X{E09B48B5-E141-427A-AB0C-D3605127224A}
Microsoft Text-to-Speech Engine 4.0 (English)—>RunDll32 advpack.dll,LaunchINFSection C:WINDOWSINFmsTTS.inf, Uninstall
Microsoft Visual C++ 2005 Redistributable—>MsiExec.exe /X{7299052b-02a4-4627-81f2-1818da5d550d}
Mozilla Firefox (3.0.7)—>C:Program FilesMozilla Firefoxuninstallhelper.exe
MUI Help Package — KOR—>C:WINDOWS$NtUninstallKB841625_KOR$spuninstspuninst.exe
MUI Help Package — RUS—>C:WINDOWS$NtUninstallKB841625_RUS$spuninstspuninst.exe
MyDVD—>RunDll32 C:PROGRA~1COMMON~1INSTAL~1engine6INTEL3~1Ctor.dll,LaunchSetup «C:Program FilesInstallShield Installation Information{5E835305-63BB-4E55-BBB7-EEBBE67774DB}Setup.exe» -l0x9 -L0x9 /SMAINT
MyFreeCodec—>C:Program FilesMyFree Codec9b betauninstall.exe
Nero 6 Ultra Edition—>C:Program FilesAheadnerouninstallUNNERO.exe /UNINSTALL
Oiðioea ActiveX—>»C:Program Filesintlinegraphicxunins000.exe»
Online TV Player 4—>»C:Program FilesOnline TV Player 4unins000.exe»
Opera 10.00—>MsiExec.exe /X{423CF09F-11C9-410E-9B1A-31E087CED383}
Opera 9.51—>MsiExec.exe /X{179624B1-2683-45ED-965A-B72189EB5820}
Opera 9.60—>MsiExec.exe /X{D2F5287E-5F0E-447B-9157-B08AA4E2AC76}
PowerDVD—>RunDll32 C:PROGRA~1COMMON~1INSTAL~1engine6INTEL3~1Ctor.dll,LaunchSetup «C:Program FilesInstallShield Installation Information{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}Setup.exe» -uninstall
QUICKfind—>RunDll32 C:PROGRA~1COMMON~1INSTAL~1engine6INTEL3~1Ctor.dll,LaunchSetup «C:Program FilesInstallShield Installation Information{593AFFA4-D08E-4272-BABB-420949D32A10}Setup.exe» -l0x9
QuickTime—>C:WINDOWSunvise32qt.exe C:WINDOWSsystem32QuickTimeUninstall.log
ReadWrite Korean version 2.2—>»C:Program FilesReadWrite Koreanunins000.exe»
RealPlayer—>C:Program FilesCommon FilesRealUpdate_OBr1puninst.exe RealNetworks|RealPlayer|6.0
SAMSUNG CDMA Modem Driver Set—>C:WINDOWSsystem32Samsung_USB_Drivers3SSCDUninstall.exe
Samsung Media Studio 5—>»C:Program FilesInstallShield Installation Information{C20CE592-B0F8-4D20-BF31-0151CA6331A6}setup.exe» -runfromtemp -l0x0009 -removeonly
SAMSUNG Mobile Composite Device Software—>C:WINDOWSsystem32Samsung_USB_Drivers6SSBCUninstall.exe
Samsung Mobile phone USB driver Software—>C:WINDOWSsystem32Samsung_USB_Drivers5SSSDUninstall.exe
SAMSUNG Mobile USB Modem 1.0 Software—>C:WINDOWSsystem32Samsung_USB_Drivers1SS_Uninstall.exe
SAMSUNG Mobile USB Modem Software—>C:WINDOWSsystem32Samsung_USB_Drivers2SSM_Uninstall.exe
Samsung PC Studio 3—>»C:Program FilesInstallShield Installation Information{C4A4722E-79F9-417C-BD72-8D359A090C97}setup.exe» -runfromtemp -l0x0019 -removeonly
SignTap Hanja—>MsiExec.exe /I{E7B5345A-6158-4023-9FBA-2BD23D4D7A31}
Skype™ 4.0—>MsiExec.exe /X{24D753CA-6AE9-4E30-8F5F-EFC93E08BF3D}
StyleXP (remove only)—>»C:Program FilesTGTSoftStyleXPStyleXP-uninstall.exe»
Subtitle Workshop 2.51—>»C:Program FilesURUSoftSubtitle Workshopuninstall.exe»
Tavultesoft Keyman Desktop Light 7.1—>MsiExec.exe /I{FA684353-85D7-416A-9394-1279AAFE0A85}
TVAnts 1.0—>C:PROGRA~1TVANTSUNWISE.EXE C:PROGRA~1TVANTSINSTALL.LOG
Uninstall LAC VIET mtd2002-EVA—>»C:Program Filesmtd2002unins000.exe»
VobSub v2.23 (Remove Only)—>»C:Program FilesGabestVobSubuninstall.exe»
WebMoney Agent—>C:Program FilesWebMoney Agentuninst_wmagent.exe
WebMoney Keeper Classic 3.6.0.6—>»C:Program FilesWebMoneyUninstall.exe» «C:Program FilesWebMoneyinstall.log» -u
Winamp (remove only)—>»C:Program FilesWinampUninstWA.exe»
WinAVI Video Converter—>»C:Program FilesWinAVI Video Converterunins000.exe»
Windows Media Format Runtime—>»C:Program FilesWindows Media Playerwmsetsdk.exe» /UninstallAll
Windows Media Player 10—>»C:Program FilesWindows Media PlayerSetup_wm.exe» /Uninstall
Windows XP Embedded Database SP1—>MsiExec.exe /I{5CA26669-607D-4BD8-8383-E08C744FF60B}
Windows XP Embedded Remote Boot Server—>MsiExec.exe /I{F03F452B-CC71-4A6F-BE56-24912B075CDE}
Windows XP Embedded Tools SP1—>MsiExec.exe /I{36F98975-BAD7-4506-862A-0EF3CC841440}
WinRAR archiver—>C:Program FilesWinRARuninstall.exe
XviD MPEG-4 Video Codec—>»C:Program FilesXviDunins000.exe»
Yahoo! Browser Services—>C:PROGRA~1Yahoo!CommonUNIN_Y~1.EXE /S
Yahoo! Install Manager—>C:WINDOWSsystem32regsvr32 /u C:PROGRA~1Yahoo!CommonYINSTH~1.DLL
Yahoo! Messenger—>C:PROGRA~1YAHOO!MESSEN~1UNWISE.EXE /S C:PROGRA~1YAHOO!MESSEN~1INSTALL.LOG

System event log

Computer Name: THAO
Event Code: 7
Message: The device, DeviceCdRom0, has a bad block.

Record Number: 41980
Source Name: Cdrom
Time Written: 20090228184211.000000+180
Event Type: error
User:

Computer Name: THAO
Event Code: 7
Message: The device, DeviceCdRom0, has a bad block.

Record Number: 41979
Source Name: Cdrom
Time Written: 20090228184206.000000+180
Event Type: error
User:

Computer Name: THAO
Event Code: 7
Message: The device, DeviceCdRom0, has a bad block.

Record Number: 41978
Source Name: Cdrom
Time Written: 20090228184201.000000+180
Event Type: error
User:

Computer Name: THAO
Event Code: 7
Message: The device, DeviceCdRom0, has a bad block.

Record Number: 41977
Source Name: Cdrom
Time Written: 20090228184156.000000+180
Event Type: error
User:

Computer Name: THAO
Event Code: 7
Message: The device, DeviceCdRom0, has a bad block.

Record Number: 41976
Source Name: Cdrom
Time Written: 20090228184151.000000+180
Event Type: error
User:

Application event log

Computer Name: THAO
Event Code: 2
Message:
Record Number: 923
Source Name: LOGITECH
Time Written: 20080919072832.000000+240
Event Type: warning
User:

Computer Name: THAO
Event Code: 1517
Message: Реестр пользователя THAOVanHieu был сохранен в то время, как приложение или служба продолжали использовать его во время выхода из системы. Используемая реестром пользователя память не была освобождена. Реестр будет выгружен, когда он не будет использоваться.

Возможная причина — службы, выполняемые от имени пользователя. Попробуйте изменить настройку служб и задать их выполнение с учетными записями LocalService или NetworkService.

Record Number: 922
Source Name: Userenv
Time Written: 20080919055421.000000+240
Event Type: warning
User: NT AUTHORITYSYSTEM

Computer Name: THAO
Event Code: 101
Message: wuauclt (532) Ядро базы данных остановлено.

Record Number: 921
Source Name: ESENT
Time Written: 20080919054049.000000+240
Event Type: information
User:

Computer Name: THAO
Event Code: 103
Message: wuaueng.dll (532) SUS20ClientDataStore: Ядро базы данных остановило работу экземпляра (0).

Record Number: 920
Source Name: ESENT
Time Written: 20080919054049.000000+240
Event Type: information
User:

Computer Name: THAO
Event Code: 102
Message: wuaueng.dll (532) SUS20ClientDataStore: Ядро базы данных запустило новый экземпляр (0).

Record Number: 919
Source Name: ESENT
Time Written: 20080919053548.000000+240
Event Type: information
User:

======Environment variables======

«ComSpec»=%SystemRoot%system32cmd.exe
«Path»=%SystemRoot%system32;%SystemRoot%;%SystemRoot%System32Wbem;C:WINDOWSMicrosoft.NETFrameworkv1.1.4322;C:Program FilesMicrosoft SQL Server80ToolsBinn;C:Program FilesSamsungSamsung PC Studio 3
«windir»=%SystemRoot%
«FP_NO_HOST_CHECK»=NO
«OS»=Windows_NT
«PROCESSOR_ARCHITECTURE»=x86
«PROCESSOR_LEVEL»=15
«PROCESSOR_IDENTIFIER»=x86 Family 15 Model 2 Stepping 7, GenuineIntel
«PROCESSOR_REVISION»=0207
«NUMBER_OF_PROCESSORS»=1
«PATHEXT»=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
«TEMP»=%SystemRoot%TEMP
«TMP»=%SystemRoot%TEMP

EOF
14 марта, 2009 в 3:50 пп #22637
Admin
Keymaster
- Темы:40
- Сообщений:5676
Здравствуйте, добро пожаловать на Spyware-ru форум.

Судяч по логам, ваш компьютер заражён autorun.inf трояном.
Прочитайте эту инструкцию Flash_Disinfector ещё одно оружие против autorun.inf троянов.

* Отключите ваш антивирус.
* Скачайте и запустите Flash_Disinfector.
* По требованию программы вставьте ваш флэш диск или подключите другие внешние устройства хранения информации.

Примечание: запускайте программу столько раз, сколько нужно чтобы очистить все ваши подключаемые диски.

Скачайте OTMoveIt3 by OldTimer кликнув по этой ссылке.
Запустите OTMoveIt3 и в большое поле ввода (заголовок этого поля выделен желтым цветом) скопируйте следующий текст.
```
:Processes

explorer.exe



:reg

[HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionExplorerShellExecuteHooks]

"{C5F43BEF-CE2F-46D8-AFE6-A647BACD1F09}"=-



[-HKEY_CURRENT_USERsoftwaremicrosoftwindowscurrentversionexplorermountpoints2{926b9300-500b-11dd-8aa5-00080d046837}]

[-HKEY_CURRENT_USERsoftwaremicrosoftwindowscurrentversionexplorermountpoints2{9e719050-5809-11dd-8ab2-00080d046837}]



:files

C:cb.exe

C:k80wh3.exe

C:dl3yf.bat

C:u.com

C:ssx16.exe

C:WINDOWSsystem32uweyiwe1.dll

C:WINDOWSsystem32uweyiwe0.dll

C:i.com

C:2.bat

C:autorun.inf.bak

C:dbrxubcw.com

C:a1agmur.cmd

C:wx8o0bt1.com

C:qxty9be.cmd

C:jeorels.cmd



:Commands

[emptytemp]

[start explorer]

[Reboot]
```
Проверьте вставленный скрипт, если слева перед директивами появились пробелы, то удалите их, скрипт должен выглядеть так же как в сообщении. Кликните по кнопке MoveIt!. В процессе работы возможна перезагрузка компьютера.
По-завершении работы программы должен будет показан лог. Если лог не будет показан, то его можно найти в папке C:_OTMoveItMovedFiles.

Вставьте в ваше ответное сообщение содержимое этого лога. И ещё приложите свежий RSIT лог.
16 марта, 2009 в 5:29 дп #22638
kimmy456
Participant
- Темы:1
- Сообщений:4
Я зашла в C:_OTMoveItMovedFiles и не смогла найти лог.
Вот только RSIT лог:
Logfile of random’s system information tool 1.05 (written by random/random)
Run by VanHieu at 2009-03-16 08:28:31
Microsoft Windows XP Professional Service Pack 2
System drive C: has 5 GB (25%) free of 19 GB
Total RAM: 495 MB (35% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 8:28:32, on 16.03.2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:WINDOWSSystem32smss.exe
C:WINDOWSsystem32winlogon.exe
C:WINDOWSsystem32services.exe
C:WINDOWSsystem32lsass.exe
C:WINDOWSsystem32svchost.exe
C:WINDOWSSystem32svchost.exe
C:WINDOWSsystem32spoolsv.exe
C:WINDOWSsystem32conime.exe
C:WINDOWSsystem32DVDRAMSV.exe
C:Program FilesJavajre6binjqs.exe
C:WINDOWSsystem32svchost.exe
C:Program FilesWindows EmbeddedRemote Boot Servicetftpd.exe
C:WINDOWSSystem32svchost.exe
C:WINDOWSsystem32wscntfy.exe
C:WINDOWSsystem32hkcmd.exe
C:WINDOWSsystem32igfxpers.exe
C:Program FilesQuickTimeqttask.exe
C:WINDOWSsystem32LVCOMSX.EXE
C:Program FilesLogitechVideoLogiTray.exe
C:WINDOWSsystem32dlatfswctrl.exe
C:Program FilesHP CD-DVDUmbrellahpcdtray.exe
C:Program FilesSamsungSamsung Media Studio 5SMSTray.exe
C:Program FilesCommon FilesRealUpdate_OBrealsched.exe
C:Program FilesJavajre6binjusched.exe
C:Program FilesWebMoney Agentwmagent.exe
C:WINDOWSsystem32ctfmon.exe
C:Program FilesMessengermsmsgs.exe
C:Program FilesDNAbtdna.exe
C:Documents and SettingsVanHieuLocal SettingsApplication DataGoogleUpdateGoogleUpdate.exe
C:WINDOWSsystem32RAMASST.exe
C:Program FilesMicrosoft SQL Server80ToolsBinnsqlmangr.exe
C:Program FilesLogitechVideoFxSvr2.exe
C:WINDOWSsystem32wuauclt.exe
C:WINDOWSexplorer.exe
C:Documents and SettingsVanHieuLocal SettingsApplication DataGoogleChromeApplicationchrome.exe
C:Documents and SettingsVanHieuLocal SettingsApplication DataGoogleChromeApplicationchrome.exe
C:WINDOWSsystem32NOTEPAD.EXE
C:Documents and SettingsVanHieuMy DocumentsDownloadsRSIT.exe
C:Program Filestrend microVanHieu.exe

R3 — URLSearchHook: ICQ Toolbar — {855F3B16-6D32-4fe6-8A56-BBB695989046} — C:PROGRA~1ICQTOO~1toolbaru.dll (file missing)
O2 — BHO: (no name) — {02478D38-C3F9-4efb-9B51-7695ECA05670} — (no file)
O2 — BHO: AcroIEHlprObj Class — {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} — C:Program FilesAdobeAcrobat 7.0ActiveXAcroIEHelper.dll
O2 — BHO: Skype add-on (mastermind) — {22BF413B-C6D2-4d91-82A9-A0F997BA588C} — C:Program FilesSkypeToolbarsInternet ExplorerSkypeIEPlugin.dll
O2 — BHO: RealPlayer Download and Record Plugin for Internet Explorer — {3049C3E9-B461-4BC5-8870-4C09146192CA} — C:Program FilesRealRealPlayerrpbrowserrecordplugin.dll
O2 — BHO: Yahoo! IE Services Button — {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} — C:Program FilesYahoo!Commonyiesrvc.dll
O2 — BHO: Java(tm) Plug-In SSV Helper — {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} — C:Program FilesJavajre6binssv.dll
O2 — BHO: Java(tm) Plug-In 2 SSV Helper — {DBC80044-A445-435b-BC74-9C25C1C588A9} — C:Program FilesJavajre6binjp2ssv.dll
O2 — BHO: JQSIEStartDetectorImpl — {E7E6F031-17CE-4C07-BC86-EABFE594F69C} — C:Program FilesJavajre6libdeployjqsiejqs_plugin.dll
O2 — BHO: Ask Toolbar BHO — {FE063DB1-4EC0-403e-8DD8-394C54984B2C} — C:Program FilesAskTBarbar1.binASKTBAR.DLL (file missing)
O3 — Toolbar: ICQ Toolbar — {855F3B16-6D32-4fe6-8A56-BBB695989046} — C:PROGRA~1ICQTOO~1toolbaru.dll (file missing)
O3 — Toolbar: Ask Toolbar — {FE063DB9-4EC0-403e-8DD8-394C54984B2C} — C:Program FilesAskTBarbar1.binASKTBAR.DLL (file missing)
O4 — HKLM..Run: [igfxtray] C:WINDOWSsystem32igfxtray.exe
O4 — HKLM..Run: [igfxhkcmd] C:WINDOWSsystem32hkcmd.exe
O4 — HKLM..Run: [igfxpers] C:WINDOWSsystem32igfxpers.exe
O4 — HKLM..Run: [QuickTime Task] «C:Program FilesQuickTimeqttask.exe» -atboottime
O4 — HKLM..Run: [LVCOMSX] C:WINDOWSsystem32LVCOMSX.EXE
O4 — HKLM..Run: [LogitechVideoRepair] C:Program FilesLogitechVideoISStart.exe
O4 — HKLM..Run: [LogitechVideoTray] C:Program FilesLogitechVideoLogiTray.exe
O4 — HKLM..Run: [dla] C:WINDOWSsystem32dlatfswctrl.exe
O4 — HKLM..Run: [DVDBitSet] «C:Program FilesHP CD-DVDUmbrellaDVDBitSet.exe» /NOUI
O4 — HKLM..Run: [HPCDTray] «C:Program FilesHP CD-DVDUmbrellahpcdtray.exe»
O4 — HKLM..Run: [SMSTray] C:Program FilesSamsungSamsung Media Studio 5SMSTray.exe
O4 — HKLM..Run: [TkBellExe] «C:Program FilesCommon FilesRealUpdate_OBrealsched.exe» -osboot
O4 — HKLM..Run: [hpppta] C:Program FilesHewlett-PackardHP PrecisionScanPrecisionScan Prohpppta.exe /ICON
O4 — HKLM..Run: [SunJavaUpdateSched] «C:Program FilesJavajre6binjusched.exe»
O4 — HKLM..Run: [wmagent.exe] «C:Program FilesWebMoney Agentwmagent.exe»
O4 — HKLM..Run: [NeroFilterCheck] C:WINDOWSsystem32NeroCheck.exe
O4 — HKLM..Run: [IMJPMIG8.1] «C:WINDOWSIMEimjp8_1IMJPMIG.EXE» /Spoil /RemAdvDef /Migration32
O4 — HKLM..Run: [MSPY2002] C:WINDOWSsystem32IMEPINTLGNTImScInst.exe /SYNC
O4 — HKLM..Run: [PHIME2002ASync] C:WINDOWSsystem32IMETINTLGNTTINTSETP.EXE /SYNC
O4 — HKLM..Run: [PHIME2002A] C:WINDOWSsystem32IMETINTLGNTTINTSETP.EXE /IMEName
O4 — HKLM..Run: [WinPatrol Russian v.2] C:Program FilesBillP StudiosWinPatrolwinpatrol.exe
O4 — HKCU..Run: [STYLEXP] C:Program FilesTGTSoftStyleXPStyleXP.exe -Hide
O4 — HKCU..Run: [UniKey] C:Program FilesUnikey 3.6UniKeyNT.exe
O4 — HKCU..Run: [Messenger (Yahoo!)] «C:Program FilesYahoo!MessengerYahooMessenger.exe» -quiet
O4 — HKCU..Run: [ctfmon.exe] C:WINDOWSsystem32ctfmon.exe
O4 — HKCU..Run: [MSMSGS] «C:Program FilesMessengermsmsgs.exe» /background
O4 — HKCU..Run: [BitTorrent DNA] «C:Program FilesDNAbtdna.exe»
O4 — HKCU..Run: [Google Update] «C:Documents and SettingsVanHieuLocal SettingsApplication DataGoogleUpdateGoogleUpdate.exe» /c
O4 — HKCU..Run: [Skype] «C:Program FilesSkypePhoneSkype.exe» /nosplash /minimized
O4 — HKUSS-1-5-18..Run: [CTFMON.EXE] C:WINDOWSsystem32CTFMON.EXE (User ‘SYSTEM’)
O4 — HKUS.DEFAULT..Run: [CTFMON.EXE] C:WINDOWSsystem32CTFMON.EXE (User ‘Default user’)
O4 — Startup: PowerReg Scheduler.exe
O4 — Global Startup: Logitech Desktop Messenger.lnk = C:Program FilesLogitechDesktop Messenger8876480ProgramLDMConf.exe
O4 — Global Startup: RAMASST.lnk = C:WINDOWSsystem32RAMASST.exe
O4 — Global Startup: Service Manager.lnk = C:Program FilesMicrosoft SQL Server80ToolsBinnsqlmangr.exe
O8 — Extra context menu item: E&xport to Microsoft Excel — res://C:PROGRA~1MICROS~2OFFICE11EXCEL.EXE/3000
O9 — Extra button: Yahoo! Services — {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} — C:Program FilesYahoo!Commonyiesrvc.dll
O9 — Extra button: Skype — {77BF5300-1474-4EC7-9980-D32B190E9B07} — C:Program FilesSkypeToolbarsInternet ExplorerSkypeIEPlugin.dll
O9 — Extra button: Research — {92780B25-18CC-41C8-B9BE-3C9C571A8263} — C:PROGRA~1MICROS~2OFFICE11REFIEBAR.DLL
O9 — Extra button: More Information — {FB5A1911-A111-12d3-BB8E-12C04F845654} — mailto:VanHieu_vl@Yahoo.com?Subject=More Information (file missing)
O9 — Extra ‘Tools’ menuitem: More Information — {FB5A1911-A111-12d3-BB8E-12C04F845654} — mailto:VanHieu_vl@Yahoo.com?Subject=More Information (file missing)
O9 — Extra button: Messenger — {FB5F1910-F110-11d2-BB9E-00C04F795683} — C:Program FilesMessengermsmsgs.exe
O9 — Extra ‘Tools’ menuitem: Windows Messenger — {FB5F1910-F110-11d2-BB9E-00C04F795683} — C:Program FilesMessengermsmsgs.exe
O17 — HKLMSystemCCSServicesTcpip..{24F87B78-2B3A-4A7E-B707-28AA5E8723EE}: NameServer = 194.67.160.3,194.67.161.1
O17 — HKLMSystemCS1ServicesTcpip..{24F87B78-2B3A-4A7E-B707-28AA5E8723EE}: NameServer = 194.67.160.3,194.67.161.1
O18 — Protocol: skype4com — {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} — C:PROGRA~1COMMON~1SkypeSKYPE4~1.DLL
O18 — Filter: text/xml; charset=iso-8859-1 — {32F66A26-7614-11D4-BD11-00104BD3F987} — C:Program FilesDesign ScienceMathPlayerMathMLMimer.dll
O18 — Filter: text/xml; charset=utf-8 — {32F66A26-7614-11D4-BD11-00104BD3F987} — C:Program FilesDesign ScienceMathPlayerMathMLMimer.dll
O23 — Service: DVD-RAM_Service — Matsushita Electric Industrial Co., Ltd. — C:WINDOWSsystem32DVDRAMSV.exe
O23 — Service: Java Quick Starter (JavaQuickStarterService) — Sun Microsystems, Inc. — C:Program FilesJavajre6binjqs.exe
O23 — Service: StyleXPService — Unknown owner — C:Program FilesTGTSoftStyleXPStyleXPService.exe

—
End of file — 8474 bytes

======Registry dump======

[HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionExplorerBrowser Helper Objects{02478D38-C3F9-4efb-9B51-7695ECA05670}]

[HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionExplorerBrowser Helper Objects{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]
AcroIEHlprObj Class — C:Program FilesAdobeAcrobat 7.0ActiveXAcroIEHelper.dll [2004-12-14 63136]

[HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionExplorerBrowser Helper Objects{22BF413B-C6D2-4d91-82A9-A0F997BA588C}]
Skype add-on (mastermind) — C:Program FilesSkypeToolbarsInternet ExplorerSkypeIEPlugin.dll [2009-01-29 1088296]

[HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionExplorerBrowser Helper Objects{3049C3E9-B461-4BC5-8870-4C09146192CA}]
RealPlayer Download and Record Plugin for Internet Explorer — C:Program FilesRealRealPlayerrpbrowserrecordplugin.dll [2008-09-18 308856]

[HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionExplorerBrowser Helper Objects{5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897}]
Yahoo! IE Services Button — C:Program FilesYahoo!Commonyiesrvc.dll [2007-12-13 222448]

[HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionExplorerBrowser Helper Objects{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
Java(tm) Plug-In SSV Helper — C:Program FilesJavajre6binssv.dll [2009-01-03 320920]

[HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionExplorerBrowser Helper Objects{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper — C:Program FilesJavajre6binjp2ssv.dll [2009-01-03 34816]

[HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionExplorerBrowser Helper Objects{E7E6F031-17CE-4C07-BC86-EABFE594F69C}]
JQSIEStartDetectorImpl Class — C:Program FilesJavajre6libdeployjqsiejqs_plugin.dll [2009-01-03 73728]

[HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionExplorerBrowser Helper Objects{FE063DB1-4EC0-403e-8DD8-394C54984B2C}]
Ask Toolbar BHO — C:Program FilesAskTBarbar1.binASKTBAR.DLL []

[HKEY_LOCAL_MACHINESOFTWAREMicrosoftInternet ExplorerToolbar]
{855F3B16-6D32-4fe6-8A56-BBB695989046} — ICQ Toolbar — C:PROGRA~1ICQTOO~1toolbaru.dll []
{FE063DB9-4EC0-403e-8DD8-394C54984B2C} — Ask Toolbar — C:Program FilesAskTBarbar1.binASKTBAR.DLL []

[HKEY_LOCAL_MACHINESoftwareMicrosoftWindowsCurrentVersionRun]
«igfxtray»=C:WINDOWSsystem32igfxtray.exe [2005-09-20 94208]
«igfxhkcmd»=C:WINDOWSsystem32hkcmd.exe [2005-09-20 77824]
«igfxpers»=C:WINDOWSsystem32igfxpers.exe [2005-09-20 114688]
«QuickTime Task»=C:Program FilesQuickTimeqttask.exe [2008-07-13 98304]
«LVCOMSX»=C:WINDOWSsystem32LVCOMSX.EXE [2004-02-25 221184]
«LogitechVideoRepair»=C:Program FilesLogitechVideoISStart.exe [2004-02-25 454656]
«LogitechVideoTray»=C:Program FilesLogitechVideoLogiTray.exe [2004-02-25 212992]
«dla»=C:WINDOWSsystem32dlatfswctrl.exe [2002-05-09 102455]
«DVDBitSet»=C:Program FilesHP CD-DVDUmbrellaDVDBitSet.exe [2002-05-01 200704]
«HPCDTray»=C:Program FilesHP CD-DVDUmbrellahpcdtray.exe [2001-10-17 69632]
«SMSTray»=C:Program FilesSamsungSamsung Media Studio 5SMSTray.exe [2007-12-14 132624]
«TkBellExe»=C:Program FilesCommon FilesRealUpdate_OBrealsched.exe [2008-09-18 185896]
«hpppta»=C:Program FilesHewlett-PackardHP PrecisionScanPrecisionScan Prohpppta.exe [2000-06-02 86016]
«SunJavaUpdateSched»=C:Program FilesJavajre6binjusched.exe [2009-01-03 136600]
«wmagent.exe»=C:Program FilesWebMoney Agentwmagent.exe [2008-10-01 209376]
«NeroFilterCheck»=C:WINDOWSsystem32NeroCheck.exe [2006-01-12 155648]
«IMJPMIG8.1″=C:WINDOWSIMEimjp8_1IMJPMIG.EXE [2004-08-03 208952]
«MSPY2002″=C:WINDOWSsystem32IMEPINTLGNTImScInst.exe [2004-08-03 59392]
«PHIME2002ASync»=C:WINDOWSsystem32IMETINTLGNTTINTSETP.EXE [2004-08-03 455168]
«PHIME2002A»=C:WINDOWSsystem32IMETINTLGNTTINTSETP.EXE [2004-08-03 455168]
«WinPatrol Russian v.2″=C:Program FilesBillP StudiosWinPatrolwinpatrol.exe [2007-08-06 292152]

[HKEY_CURRENT_USERSoftwareMicrosoftWindowsCurrentVersionRun]
«STYLEXP»=C:Program FilesTGTSoftStyleXPStyleXP.exe [2005-07-21 1359872]
«UniKey»=C:Program FilesUnikey 3.6UniKeyNT.exe [2003-01-29 77824]
«Messenger (Yahoo!)»=C:Program FilesYahoo!MessengerYahooMessenger.exe [2008-11-05 4347120]
«ctfmon.exe»=C:WINDOWSsystem32ctfmon.exe [2004-08-04 15360]
«MSMSGS»=C:Program FilesMessengermsmsgs.exe [2004-08-04 1667584]
«BitTorrent DNA»=C:Program FilesDNAbtdna.exe [2008-12-19 342848]
«Google Update»=C:Documents and SettingsVanHieuLocal SettingsApplication DataGoogleUpdateGoogleUpdate.exe [2008-11-05 133104]
«Skype»=C:Program FilesSkypePhoneSkype.exe [2009-01-29 23975720]

[HKEY_LOCAL_MACHINEsoftwaremicrosoftshared toolsmsconfigstartupregmtd2002Svr]
C:Program Filesmtd2002mtdserver.exe [2002-10-05 544768]

[HKEY_LOCAL_MACHINEsoftwaremicrosoftshared toolsmsconfigstartupregSTYLEXP]
C:Program FilesTGTSoftStyleXPStyleXP.exe [2005-07-21 1359872]

C:Documents and SettingsAll UsersStart MenuProgramsStartup
Logitech Desktop Messenger.lnk — C:Program FilesLogitechDesktop Messenger8876480ProgramLDMConf.exe
RAMASST.lnk — C:WINDOWSsystem32RAMASST.exe
Service Manager.lnk — C:Program FilesMicrosoft SQL Server80ToolsBinnsqlmangr.exe

C:Documents and SettingsVanHieuStart MenuProgramsStartup
PowerReg Scheduler.exe

[HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows NTCurrentVersionWinlogonNotifyigfxcui]
C:WINDOWSsystem32igfxdev.dll [2005-09-20 135168]

[HKEY_LOCAL_MACHINESoftwareMicrosoftWindowsCurrentVersionPoliciesSystem]
«dontdisplaylastusername»=0
«legalnoticecaption»=
«legalnoticetext»=
«shutdownwithoutlogon»=1
«undockwithoutlogon»=1

[HKEY_CURRENT_USERSoftwareMicrosoftWindowsCurrentVersionPoliciesexplorer]
«NoDriveTypeAutoRun»=323
«NoDriveAutoRun»=67108863
«NoDrives»=0

[HKEY_LOCAL_MACHINESoftwareMicrosoftWindowsCurrentVersionPoliciesexplorer]
«NoDriveAutoRun»=
«NoDriveTypeAutoRun»=
«NoDrives»=

[HKEY_LOCAL_MACHINEsystemcurrentcontrolsetservicessharedaccessparametersfirewallpolicystandardprofileauthorizedapplicationslist]
«C:Program Filesmtd2002mtdserver.exe»=»C:Program Filesmtd2002mtdserver.exe:*:Disabled:mtdServer»
«C:WINDOWSsystem32sessmgr.exe»=»C:WINDOWSsystem32sessmgr.exe:*:Disabled:@xpsp2res.dll,-22019»
«C:Program FilesYahoo!MessengerYahooMessenger.exe»=»C:Program FilesYahoo!MessengerYahooMessenger.exe:*:Enabled:Yahoo! Messenger»
«C:Program FilesDNAbtdna.exe»=»C:Program FilesDNAbtdna.exe:*:Enabled:DNA»
«C:Program FilesBitTorrentbittorrent.exe»=»C:Program FilesBitTorrentbittorrent.exe:*:Enabled:BitTorrent»
«C:WINDOWSSystem32muzapp.exe»=»C:WINDOWSSystem32muzapp.exe:*:Enabled:MUZ AOD APP player»
«%windir%system32sessmgr.exe»=»%windir%system32sessmgr.exe:*:enabled:@xpsp2res.dll,-22019»
«C:Program FilesTVAntsTvants.exe»=»C:Program FilesTVAntsTvants.exe:*:Enabled:TVAnts»
«C:Program FilesSkypePhoneSkype.exe»=»C:Program FilesSkypePhoneSkype.exe:*:Enabled:Skype»

[HKEY_LOCAL_MACHINEsystemcurrentcontrolsetservicessharedaccessparametersfirewallpolicydomainprofileauthorizedapplicationslist]
«%windir%system32sessmgr.exe»=»%windir%system32sessmgr.exe:*:enabled:@xpsp2res.dll,-22019»

======List of files/folders created in the last 1 months======

2009-03-16 08:20:20 —-A—- C:ComboFix.txt
2009-03-16 08:05:28 —-A—- C:WINDOWSzip.exe
2009-03-16 08:05:28 —-A—- C:WINDOWSVFIND.exe
2009-03-16 08:05:28 —-A—- C:WINDOWSSWXCACLS.exe
2009-03-16 08:05:28 —-A—- C:WINDOWSSWSC.exe
2009-03-16 08:05:28 —-A—- C:WINDOWSSWREG.exe
2009-03-16 08:05:28 —-A—- C:WINDOWSsed.exe
2009-03-16 08:05:28 —-A—- C:WINDOWSgrep.exe
2009-03-16 08:05:28 —-A—- C:WINDOWSfdsv.exe
2009-03-16 08:04:39 —-D—- C:32788R22FWJFW
2009-03-15 10:34:52 —-D—- C:Documents and SettingsVanHieuApplication DataWinPatrol
2009-03-15 10:29:30 —-A—- C:WINDOWSNIRCMD.exe
2009-03-15 10:29:23 —-D—- C:WINDOWSERDNT
2009-03-15 10:28:53 —-D—- C:Qoobox
2009-03-15 10:20:09 —-D—- C:Program FilesBillP Studios
2009-03-15 10:00:26 —-D—- C:_OTMoveIt
2009-03-13 07:54:50 —-D—- C:Program Filestrend micro
2009-03-13 07:54:48 —-D—- C:rsit
2009-03-11 20:08:27 —-D—- C:Documents and SettingsVanHieuApplication DataMalwarebytes
2009-03-11 20:07:56 —-D—- C:Program FilesMalwarebytes’ Anti-Malware
2009-03-11 20:07:56 —-D—- C:Documents and SettingsAll UsersApplication DataMalwarebytes
2009-03-11 19:25:17 —-D—- C:VundoFix Backups
2009-03-11 19:25:17 —-A—- C:VundoFix.txt
2009-03-11 12:05:38 —-SHD—- C:FOUND.006
2009-03-09 21:14:13 —-D—- C:Documents and SettingsVanHieuApplication DataSamsung
2009-03-09 16:09:02 —-D—- C:Program FilesTVAnts
2009-03-07 23:56:23 —-A—- C:WINDOWSsystem32framedyn.dll
2009-03-07 23:55:17 —-D—- C:WINDOWSsystem32Samsung_USB_Drivers
2009-03-07 23:15:20 —-D—- C:Program FilesHelaBasa
2009-03-07 19:53:29 —-D—- C:Program FilesKorean HakGyo
2009-03-07 19:46:38 —-D—- C:Documents and SettingsAll UsersApplication DataTavultesoft
2009-03-07 19:12:39 —-D—- C:Documents and SettingsVanHieuApplication DataTavultesoft
2009-03-07 19:12:29 —-D—- C:Program FilesCommon FilesTavultesoft
2009-03-07 19:12:05 —-D—- C:Program FilesTavultesoft
2009-03-07 18:01:23 —-A—- C:memory.txt
2009-03-07 18:01:20 —-D—- C:Program FilesAgilingua
2009-03-07 18:00:38 —-D—- C:WINDOWSFlash Card Factory
2009-03-07 18:00:38 —-D—- C:Program FilesFlash Card Factory
2009-03-07 18:00:29 —-A—- C:WINDOWSFlash Card Factory Setup Log.txt
2009-03-07 16:28:14 —-A—- C:WINDOWSsystem32msir3jp.dll
2009-03-07 16:28:14 —-A—- C:WINDOWSsystem32korwbrkr.dll
2009-03-07 16:28:14 —-A—- C:WINDOWSsystem32chtbrkr.dll
2009-03-07 16:28:14 —-A—- C:WINDOWSsystem32chsbrkr.dll
2009-03-07 16:28:02 —-A—- C:WINDOWSsystem32c_g18030.dll
2009-03-07 16:28:01 —-A—- C:WINDOWSsystem32kbd101a.dll
2009-03-07 16:27:55 —-A—- C:WINDOWSsystem32kbdnecNT.dll
2009-03-07 16:27:55 —-A—- C:WINDOWSsystem32kbdnecAT.dll
2009-03-07 16:27:55 —-A—- C:WINDOWSsystem32kbdnec95.dll
2009-03-07 16:27:55 —-A—- C:WINDOWSsystem32kbdlk41j.dll
2009-03-07 16:27:55 —-A—- C:WINDOWSsystem32kbdlk41a.dll
2009-03-07 16:27:55 —-A—- C:WINDOWSsystem32kbdibm02.dll
2009-03-07 16:27:55 —-A—- C:WINDOWSsystem32kbdax2.dll
2009-03-07 16:27:55 —-A—- C:WINDOWSsystem32kbd106n.dll
2009-03-07 16:27:55 —-A—- C:WINDOWSsystem32kbd101.dll
2009-03-07 16:27:55 —-A—- C:WINDOWSsystem32f3ahvoas.dll
2009-03-07 16:22:53 —-D—- C:WINDOWSSxsCaPendDel
2009-03-07 15:19:22 —-A—- C:WINDOWSMegaManager.INI
2009-03-06 19:40:24 —-A—- C:WINDOWSsystem32c_is2022.dll
2009-03-06 13:11:10 —-A—- C:WINDOWSsystem32WMErrRUS.dll
2009-03-06 13:11:09 —-D—- C:WINDOWSsystem321049
2009-03-06 13:10:05 —-HD—- C:WINDOWS$NtUninstallKB841625_RUS$
2009-03-06 13:08:17 —-HD—- C:WINDOWS$NtUninstallKB841625_KOR$
2009-03-06 08:12:26 —-N—- C:WINDOWSsystem32dbmsqlgc.dll
2009-03-06 08:12:26 —-N—- C:WINDOWSsystem32dbmsgnet.dll
2009-03-06 08:12:09 —-D—- C:Program FilesMicrosoft SQL Server
2009-03-06 01:31:23 —-D—- C:Program FilesWindows Embedded
2009-03-05 22:07:59 —-D—- C:WINDOWSPrefetch
2009-03-05 22:05:46 —-A—- C:WINDOWSsetuplog.txt
2009-03-05 22:04:55 —-N—- C:WINDOWSsystem32smtpapi.dll
2009-03-05 22:04:55 —-N—- C:WINDOWSsystem32rwnh.dll
2009-03-05 22:04:55 —-N—- C:WINDOWSsystem32comsdupd.exe
2009-03-05 22:04:49 —-N—- C:WINDOWSsystem32ativvaxx.dll
2009-03-05 22:04:49 —-N—- C:WINDOWSsystem32ativtmxx.dll
2009-03-05 22:04:49 —-N—- C:WINDOWSsystem32ati3duag.dll
2009-03-05 22:04:49 —-N—- C:WINDOWSsystem32ati3d1ag.dll
2009-03-05 22:04:49 —-N—- C:WINDOWSsystem32ati2dvag.dll
2009-03-05 22:04:49 —-N—- C:WINDOWSsystem32ati2dvaa.dll
2009-03-05 22:04:49 —-N—- C:WINDOWSsystem32ati2cqag.dll
2009-03-05 22:04:48 —-N—- C:WINDOWSsystem32slgen.dll
2009-03-05 22:04:48 —-N—- C:WINDOWSsystem32slextspk.dll
2009-03-05 22:04:48 —-N—- C:WINDOWSsystem32slcoinst.dll
2009-03-05 22:04:48 —-N—- C:WINDOWSsystem32s3gnb.dll
2009-03-05 22:04:48 —-N—- C:WINDOWSsystem32nv4_disp.dll
2009-03-05 22:04:48 —-N—- C:WINDOWSsystem32mtxparhd.dll
2009-03-05 22:04:48 —-N—- C:WINDOWSsystem32mdmxsdk.dll
2009-03-05 22:04:48 —-N—- C:WINDOWSsystem32hsfcisp2.dll
2009-03-05 22:04:47 —-N—- C:WINDOWSsystem32slserv.exe
2009-03-05 22:04:47 —-N—- C:WINDOWSsystem32slrundll.exe
2009-03-05 22:04:47 —-N—- C:WINDOWSslrundll.exe
2009-03-05 22:04:41 —-A—- C:WINDOWSsystem32uniime.dll
2009-03-05 22:04:41 —-A—- C:WINDOWSsystem32imjp81k.dll
2009-03-05 22:01:48 —-D—- C:WINDOWSServicePackFiles
2009-03-05 22:01:02 —-N—- C:WINDOWSsystem32spmsg.dll
2009-03-05 22:00:56 —-A—- C:WINDOWS00001_.tmp
2009-03-05 22:00:33 —-A—- C:WINDOWSsystem32spupdsvc.exe
2009-03-03 15:25:58 —-D—- C:Documents and SettingsVanHieuApplication DataDivX
2009-03-03 15:23:56 —-N—- C:WINDOWSsystem32pxinsi64.exe
2009-03-03 15:23:56 —-N—- C:WINDOWSsystem32pxinsa64.exe
2009-03-03 15:23:56 —-N—- C:WINDOWSsystem32pxcpyi64.exe
2009-03-03 15:23:56 —-N—- C:WINDOWSsystem32pxcpya64.exe
2009-03-03 15:23:55 —-N—- C:WINDOWSsystem32pxsfs.dll
2009-03-03 15:23:55 —-N—- C:WINDOWSsystem32pxafs.dll
2009-03-02 09:52:11 —-D—- C:Program FilesAimersoft
2009-02-25 03:29:12 —-SHD—- C:FOUND.005
2009-02-23 13:49:34 —-D—- C:Documents and SettingsVanHieuApplication Datavlc
2009-02-23 13:48:42 —-D—- C:Program FilesVideoLAN
2009-02-22 22:24:36 —-A—- C:WINDOWSIsUn0419.exe
2009-02-22 22:08:19 —-A—- C:WINDOWSIsUninstR.Exe
2009-02-22 19:53:56 —-D—- C:Program FilesOnline TV Player 4
2009-02-20 20:00:46 —-A—- C:WINDOWSSubCreator.INI
2009-02-20 19:33:30 —-D—- C:Program FilesURUSoft
2009-02-20 06:34:56 —-SHD—- C:FOUND.004
2009-02-17 21:29:28 —-SHD—- C:FOUND.003
2009-02-17 21:20:34 —-SHD—- C:FOUND.002

======List of files/folders modified in the last 1 months======

2009-03-16 08:16:40 —-A—- C:WINDOWSsystem.ini
2009-03-16 08:07:04 —-A—- C:WINDOWSSchedLgU.Txt
2009-03-15 10:35:56 —-A—- C:WINDOWSntbtlog.txt
2009-03-14 23:07:14 —-A—- C:WINDOWSNeroDigital.ini
2009-03-12 08:18:18 —-A—- C:WINDOWSwinamp.ini
2009-03-07 16:43:46 —-A—- C:WINDOWSimsins.BAK
2009-03-06 13:22:34 —-A—- C:WINDOWSsystem32PerfStringBackup.INI
2009-03-05 22:08:40 —-A—- C:WINDOWSOEWABLog.txt
2009-03-05 22:08:34 —-A—- C:WINDOWSwin.ini
2009-03-05 22:05:48 —-RASH—- C:boot.ini
2009-02-28 18:42:32 —-A—- C:WINDOWSavisplitter.INI
2009-02-27 08:25:52 —-A—- C:Log.txt

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 FsVga;FsVga; C:WINDOWSsystem32DRIVERSfsvga.sys [2004-08-04 12160]
R1 hpcd2k;hpcd2k; C:WINDOWSsystem32drivershpcd2k.sys [2000-10-23 4421]
R1 intelppm;Intel Processor Driver; C:WINDOWSsystem32DRIVERSintelppm.sys [2004-08-04 36096]
R1 meiudf;meiudf; C:WINDOWSSystem32Driversmeiudf.sys [2003-01-31 90416]
R1 sscdbhk5;sscdbhk5; C:WINDOWSsystem32driverssscdbhk5.sys [2002-01-28 5589]
R1 ssrtln;ssrtln; C:WINDOWSsystem32driversssrtln.sys [2002-01-28 22963]
R1 StarOpen;StarOpen; C:WINDOWSsystem32driversStarOpen.sys [2006-07-24 5632]
R1 StyleXPHelper;StyleXPHelper; ??C:Program FilesTGTSoftStyleXPStyleXPHelper.exe []
R2 drvnddm;drvnddm; C:WINDOWSsystem32driversdrvnddm.sys [2002-02-12 40096]
R2 tfsnboio;tfsnboio; C:WINDOWSsystem32dlatfsnboio.sys [2002-05-09 23607]
R2 tfsncofs;tfsncofs; C:WINDOWSsystem32dlatfsncofs.sys [2002-05-09 34743]
R2 tfsndrct;tfsndrct; C:WINDOWSsystem32dlatfsndrct.sys [2002-05-09 4119]
R2 tfsndres;tfsndres; C:WINDOWSsystem32dlatfsndres.sys [2002-05-09 2203]
R2 tfsnifs;tfsnifs; C:WINDOWSsystem32dlatfsnifs.sys [2002-05-09 52790]
R2 tfsnopio;tfsnopio; C:WINDOWSsystem32dlatfsnopio.sys [2002-05-09 13847]
R2 tfsnpool;tfsnpool; C:WINDOWSsystem32dlatfsnpool.sys [2002-05-09 6327]
R2 tfsnudf;tfsnudf; C:WINDOWSsystem32dlatfsnudf.sys [2002-05-09 88758]
R2 tfsnudfa;tfsnudfa; C:WINDOWSsystem32dlatfsnudfa.sys [2002-05-09 94679]
R3 ac97intc;Intel(r) 82801DB/DBM Audio Driver Service (WDM); C:WINDOWSsystem32driversac97ich4.sys [2006-02-21 107776]
R3 CmBatt;Microsoft ACPI Control Method Battery Driver; C:WINDOWSsystem32DRIVERSCmBatt.sys [2004-08-03 14080]
R3 E100B;Intel(R) PRO Network Connection Driver; C:WINDOWSsystem32DRIVERSe100b325.sys [2006-10-31 165760]
R3 HidUsb;Microsoft HID Class Driver; C:WINDOWSsystem32DRIVERShidusb.sys [2001-08-17 9600]
R3 ialm;ialm; C:WINDOWSsystem32DRIVERSialmnt5.sys [2005-09-20 1302332]
R3 mouhid;Mouse HID Driver; C:WINDOWSsystem32DRIVERSmouhid.sys [2001-08-17 12160]
R3 pfc;Padus ASPI Shell; C:WINDOWSsystem32driverspfc.sys [2002-03-08 13780]
R3 usbehci;Microsoft USB 2.0 Enhanced Host Controller Miniport Driver; C:WINDOWSsystem32DRIVERSusbehci.sys [2004-08-03 26624]
R3 usbhub;USB2 Enabled Hub; C:WINDOWSsystem32DRIVERSusbhub.sys [2004-08-03 57600]
R3 usbuhci;Microsoft USB Universal Host Controller Miniport Driver; C:WINDOWSsystem32DRIVERSusbuhci.sys [2004-08-03 20480]
S1 P3;Intel PentiumIII Processor Driver; C:WINDOWSsystem32DRIVERSp3.sys [2004-08-04 42496]
S3 atimpab;atimpab; C:WINDOWSsystem32DRIVERSatimpab.sys [2001-08-17 289664]
S3 CCDECODE;Closed Caption Decoder; C:WINDOWSsystem32DRIVERSCCDECODE.sys [2004-08-03 17024]
S3 cwcspud;Crystal SoundFusion(tm) Driver; C:WINDOWSsystem32driverscwcspud.sys [2001-08-17 111872]
S3 cwcwdm;Crystal SoundFusion(tm) WDM Driver; C:WINDOWSsystem32driverscwcwdm.sys [2001-08-17 93952]
S3 MBAMSwissArmy;MBAMSwissArmy; ??C:WINDOWSsystem32driversmbamswissarmy.sys []
S3 MSTEE;Microsoft Streaming Tee/Sink-to-Sink Converter; C:WINDOWSsystem32driversMSTEE.sys [2004-08-03 5504]
S3 NABTSFEC;NABTS/FEC VBI Codec; C:WINDOWSsystem32DRIVERSNABTSFEC.sys [2004-08-03 85376]
S3 NdisIP;Microsoft TV/Video Connection; C:WINDOWSsystem32DRIVERSNdisIP.sys [2004-08-03 10880]
S3 NSCIRDA;NSC Infrared Device Driver; C:WINDOWSsystem32DRIVERSnscirda.sys [2004-08-03 28672]
S3 pcouffin;VSO Software pcouffin; C:WINDOWSSystem32Driverspcouffin.sys [2009-01-17 47360]
S3 PhilCam8116;Logitech QuickCam Pro 3000(PID_08B0); C:WINDOWSsystem32DRIVERSCamDrL21.sys [2004-02-14 244096]
S3 Rasirda;WAN Miniport (IrDA); C:WINDOWSsystem32DRIVERSrasirda.sys [2001-08-17 19584]
S3 SLIP;BDA Slip De-Framer; C:WINDOWSsystem32DRIVERSSLIP.sys [2004-08-03 11136]
S3 ssm_bus;SAMSUNG Mobile USB Device II 1.0 driver (WDM); C:WINDOWSsystem32DRIVERSssm_bus.sys [2005-08-30 58320]
S3 ssm_mdfl;SAMSUNG Mobile USB Modem II 1.0 Filter; C:WINDOWSsystem32DRIVERSssm_mdfl.sys [2005-08-30 8336]
S3 ssm_mdm;SAMSUNG Mobile USB Modem II 1.0 Drivers; C:WINDOWSsystem32DRIVERSssm_mdm.sys [2005-08-30 94000]
S3 streamip;BDA IPSink; C:WINDOWSsystem32DRIVERSStreamIP.sys [2004-08-03 15360]
S3 TwoTrack;IBM PS/2 TrackPoint Filter Driver; C:WINDOWSsystem32DRIVERSTwoTrack.sys [2001-08-17 11520]
S3 usbaudio;USB Audio Driver (WDM); C:WINDOWSsystem32driversusbaudio.sys [2004-08-03 59264]
S3 usbccgp;Microsoft USB Generic Parent Driver; C:WINDOWSsystem32DRIVERSusbccgp.sys [2004-08-03 31616]
S3 usbohci;Microsoft USB Open Host Controller Miniport Driver; C:WINDOWSsystem32DRIVERSusbohci.sys [2004-08-03 17024]
S3 usbprint;Microsoft USB PRINTER Class; C:WINDOWSsystem32DRIVERSusbprint.sys [2004-08-03 25856]
S3 usbscan;USB Scanner Driver; C:WINDOWSsystem32DRIVERSusbscan.sys [2004-08-03 15104]
S3 USBSTOR;USB Mass Storage Driver; C:WINDOWSsystem32DRIVERSUSBSTOR.SYS [2004-08-03 26496]
S3 WpdUsb;WpdUsb; C:WINDOWSSystem32Driverswpdusb.sys [2005-01-28 18944]
S3 WSTCODEC;World Standard Teletext Codec; C:WINDOWSsystem32DRIVERSWSTCODEC.SYS [2004-08-03 19328]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 DVD-RAM_Service;DVD-RAM_Service; C:WINDOWSsystem32DVDRAMSV.exe [2003-03-13 49152]
R2 JavaQuickStarterService;Java Quick Starter; C:Program FilesJavajre6binjqs.exe [2009-01-03 152984]
R2 Rbspxe;Remote Boot Service; C:WINDOWSSystem32svchost.exe [2004-08-04 14336]
R2 TFTPD;Trivial File Transfer Protocol; C:Program FilesWindows EmbeddedRemote Boot Servicetftpd.exe [2004-08-31 19484]
R2 UMWdf;Windows User Mode Driver Framework; C:WINDOWSsystem32wdfmgr.exe [2005-01-28 38912]
S2 Ati HotKey Poller;Ati HotKey Poller; C:WINDOWSsystem32atievxx.exe [2001-08-17 37376]
S2 StyleXPService;StyleXPService; C:Program FilesTGTSoftStyleXPStyleXPService.exe [2005-07-07 344064]
S3 aspnet_state;ASP.NET State Service; C:WINDOWSMicrosoft.NETFrameworkv1.1.4322aspnet_state.exe [2003-02-20 32768]
S3 MSSQLSERVER;MSSQLSERVER; C:Program FilesMicrosoft SQL ServerMSSQLBinnsqlservr.exe [2002-12-17 7520337]
S3 MSSQLServerADHelper;MSSQLServerADHelper; C:Program FilesMicrosoft SQL Server80ToolsBinnsqladhlp.exe [2002-12-17 66112]
S3 ose;Office Source Engine; C:Program FilesCommon FilesMicrosoft SharedSource EngineOSE.EXE [2003-07-28 89136]
S3 SQLSERVERAGENT;SQLSERVERAGENT; C:Program FilesMicrosoft SQL ServerMSSQLBinnsqlagent.EXE [2002-12-17 311872]

EOF
17 марта, 2009 в 4:57 пп #22639
Admin
Keymaster
- Темы:40
- Сообщений:5676
RSIT лог выглядит нормально.

Как работает компьютер ? И приложите к вашему ответу свежий Combofix лог.
21 марта, 2009 в 5:10 пп #22640
kimmy456
Participant
- Темы:1
- Сообщений:4
Здравствуйте! У Меня компьютер стал нормально работать! Спасибо вам огромное!!!
Вот лог ComboFix̉:
ComboFix 09-03-14.01 — VanHieu 2009-03-21 19:40:34.2 — FAT32x86
Microsoft Windows XP Professional 5.1.2600.2.1251.1.1033.18.495.30 [GMT 3:00]
Running from: c:documents and settingsVanHieuMy DocumentsDownloadsComboFix.exe

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:0w.com
C:2u.com
C:gyn.cmd
C:jm3cx96.bat
c:program filesBkav2006
c:program filesBkav2006Bkav2006.exe
c:program filesBkav2006ContextMenu.dll
c:program filesBkav2006Helpbkav.css
c:program filesBkav2006Helpchitiet.htm
c:program filesBkav2006Helpchitiete.htm
c:program filesBkav2006HelpHelpBanquyen.htm
c:program filesBkav2006HelpHelpbtg.htm
c:program filesBkav2006HelpHelpdiet.htm
c:program filesBkav2006HelpHelpGth.htm
c:program filesBkav2006HelpHelpLiqu.htm
c:program filesBkav2006HelpHelpLiveUpdate.htm
c:program filesBkav2006HelpHelpnhki.htm
c:program filesBkav2006HelpHelpnhl.htm
c:program filesBkav2006HelpHelpOpt.htm
c:program filesBkav2006HelpHelpVrls.htm
c:program filesBkav2006Helpimagesarrow.gif
c:program filesBkav2006HelpimagesDangKy.gif
C:uxkl0apt.bat
c:windowsFontsVn.Fon
c:windowssystem32BkavAuto.vxd
c:windowssystem32driversBkavAuto.sys
c:windowssystem32driversSysLib.sys
c:windowssystem32gasretyw0.dll
c:windowssystem32kamsoft.exe
c:windowssystem32nmdfgds0.dll
c:windowssystem32nmdfgds1.dll
c:windowssystem32olhrwef.exe
c:windowssystem32pthreadGC2.dll
D:0w.com
D:2u.com
D:gyn.cmd
D:jm3cx96.bat
D:uxkl0apt.bat
E:0w.com
E:2u.com
E:gyn.cmd
E:jm3cx96.bat
E:uxkl0apt.bat

.
((((((((((((((((((((((((( Files Created from 2009-02-21 to 2009-03-21 )))))))))))))))))))))))))))))))
.

2009-03-21 19:29 . 2009-03-21 19:29 d—hs—- C:FOUND.007
2009-03-21 17:04 . 2009-03-21 17:04 d

c:program filesDirectVobSub
2009-03-21 16:27 . 2005-08-25 22:10 9,804 —a

c:windowssystemvdremote.dll
2009-03-21 16:27 . 2005-08-25 22:09 7,244 —a

c:windowssystemvdsvrlnk.dll
2009-03-19 05:02 . 2009-03-19 05:01 110,053 -r-hs—- C:q0dhfjf.exe
2009-03-18 07:27 . 2009-03-19 22:05 65 —a

c:windowsFISHUI.INI
2009-03-17 22:06 . 2009-03-17 22:06 d

c:program filesMediaCoder
2009-03-16 18:21 . 2009-03-16 18:21 d

c:program filesK-Lite Codec Pack
2009-03-16 18:21 . 2008-09-24 21:41 839,680 —a

c:windowssystem32lameACM.acm
2009-03-16 18:21 . 2008-12-07 21:08 795,648 —a

c:windowssystem32xvidcore.dll
2009-03-16 18:21 . 2008-11-06 19:33 684,032 —a

c:windowssystem32divx.dll
2009-03-16 18:21 . 2004-01-25 19:18 217,088 —a

c:windowssystem32yv12vfw.dll
2009-03-16 18:21 . 2008-12-07 21:08 130,048 —a

c:windowssystem32xvidvfw.dll
2009-03-16 18:21 . 2007-09-21 03:52 118,784 —a

c:windowssystem32ac3acm.acm
2009-03-16 18:21 . 2009-02-09 21:56 67,584 —a

c:windowssystem32ff_vfw.dll
2009-03-16 18:21 . 2007-07-10 19:10 547 —a

c:windowssystem32ff_vfw.dll.manifest
2009-03-16 18:21 . 2008-10-03 15:30 414 —a

c:windowssystem32lame_acm.xml
2009-03-16 17:37 . 2009-03-16 17:37 d

c:documents and settingsVanHieuApplication DataDataCast
2009-03-16 12:47 . 2009-03-16 12:47 d

c:documents and settingsLocalServiceApplication DataSACore
2009-03-16 12:44 . 2009-03-16 12:44 d

c:documents and settingsAll UsersApplication DataSiteAdvisor
2009-03-16 12:43 . 2009-03-16 12:43 d

c:program filesMcAfee
2009-03-16 12:43 . 2009-03-16 12:44 d

c:program filesCommon FilesMcAfee
2009-03-16 12:43 . 2009-03-16 12:43 d

c:documents and settingsAll UsersApplication DataMcAfee
2009-03-16 12:29 . 2009-03-17 12:59 111,435 -r-hs—- C:luk1ylq.com
2009-03-16 12:16 . 2009-03-16 12:16 577,024 —a

c:windowssystem32dllcacheuser32.dll
2009-03-16 12:14 . 2009-03-16 12:14 d

c:windowsERUNT
2009-03-16 12:07 . 2008-11-06 02:03 d

C:SDFix
2009-03-16 12:05 . 2009-03-16 12:06 d

c:program filesNT Registry Optimizer
2009-03-16 12:04 . 2009-03-16 12:04 d

c:program filesERUNT
2009-03-16 11:58 . 2009-03-16 11:58 d

c:program filesCCleaner
2009-03-16 08:32 . 2009-03-16 08:32 d

C:_OTMoveIt
2009-03-15 10:34 . 2009-03-15 10:34 d

c:documents and settingsVanHieuApplication DataWinPatrol
2009-03-15 10:20 . 2009-03-15 10:20 d

c:program filesBillP Studios
2009-03-13 07:54 . 2009-03-13 07:54 d

C:rsit
2009-03-13 07:54 . 2009-03-13 07:54 d

c:program filestrend micro
2009-03-11 20:08 . 2009-03-11 20:08 d

c:documents and settingsVanHieuApplication DataMalwarebytes
2009-03-11 20:08 . 2009-02-11 10:19 15,504 —a

c:windowssystem32driversmbam.sys
2009-03-11 20:07 . 2009-03-11 20:07 d

c:program filesMalwarebytes’ Anti-Malware
2009-03-11 20:07 . 2009-03-11 20:07 d

c:documents and settingsAll UsersApplication DataMalwarebytes
2009-03-11 20:07 . 2009-02-11 10:19 38,496 —a

c:windowssystem32driversmbamswissarmy.sys
2009-03-11 19:25 . 2009-03-11 19:25 d

C:VundoFix Backups
2009-03-11 12:05 . 2009-03-11 12:05 d—hs—- C:FOUND.006
2009-03-09 21:14 . 2009-03-09 21:14 d

c:documents and settingsVanHieuApplication DataSamsung
2009-03-09 16:09 . 2009-03-09 16:09 d

c:program filesTVAnts
2009-03-07 23:56 . 2006-05-03 22:53 174,592 —a

c:windowssystem32framedyn.dll
2009-03-07 23:55 . 2009-03-07 23:55 d

c:windowssystem32Samsung_USB_Drivers
2009-03-07 23:55 . 2005-08-30 01:49 94,000 —a

c:windowssystem32driversssm_mdm.sys
2009-03-07 23:55 . 2005-08-30 01:47 58,320 —a

c:windowssystem32driversssm_bus.sys
2009-03-07 23:55 . 2005-08-30 01:49 8,336 —a

c:windowssystem32driversssm_mdfl.sys
2009-03-07 23:55 . 2005-08-30 01:49 6,176 —a

c:windowssystem32driversssm_cmnt.sys
2009-03-07 23:55 . 2005-08-30 01:49 6,176 —a

c:windowssystem32driversssm_cm.sys
2009-03-07 23:55 . 2005-08-30 01:47 5,840 —a

c:windowssystem32driversssm_whnt.sys
2009-03-07 23:55 . 2005-08-30 01:47 5,840 —a

c:windowssystem32driversssm_wh.sys
2009-03-07 23:54 . 2006-07-24 16:05 5,632 —a

c:windowssystem32driversStarOpen.sys
2009-03-07 23:54 . 2005-08-28 20:51 766 —a

c:windowssystem32Uninstall.ico
2009-03-07 23:15 . 2009-03-07 23:15 d

c:program filesHelaBasa
2009-03-07 20:14 . 2001-11-12 13:30 827,156 —a

c:windowssystem32sheadg.ttf
2009-03-07 19:53 . 2009-03-07 19:53 d

c:program filesKorean HakGyo
2009-03-07 19:46 . 2009-03-07 19:46 d

c:documents and settingsAll UsersApplication DataTavultesoft
2009-03-07 19:12 . 2009-03-07 19:12 d

c:program filesTavultesoft
2009-03-07 19:12 . 2009-03-07 19:12 d

c:program filesCommon FilesTavultesoft
2009-03-07 19:12 . 2009-03-07 19:12 d

c:documents and settingsVanHieuApplication DataTavultesoft
2009-03-07 18:01 . 2009-03-07 18:01 d

c:program filesAgilingua
2009-03-07 18:00 . 2009-03-07 18:00 d

c:windowsFlash Card Factory
2009-03-07 18:00 . 2009-03-07 18:00 d

c:program filesFlash Card Factory
2009-03-07 16:53 . 2004-09-14 14:53 13,323 —a

c:windowsXPE_MUIService Pack 1 KoreanEULA.rtf
2009-03-07 16:52 . 2004-10-01 12:35 13,260 —a

c:windowsXPE_MUIService Pack 2 KoreanEULA.rtf
2009-03-07 16:27 . 2009-03-07 16:25 13,463,552 —a

c:windowssystem32dllcachehwxjpn.dll
2009-03-07 16:22 . 2009-03-07 16:22 d

c:windowsSxsCaPendDel
2009-03-07 15:19 . 2009-03-07 15:19 50 —a

c:windowsMegaManager.INI
2009-03-06 15:41 . 2009-03-07 16:06 180,258 —a

c:windowssystem32dllcachec_20000.nls
2009-03-06 15:41 . 2009-03-07 16:06 180,258 —a

c:windowssystem32c_20000.nls
2009-03-06 15:41 . 2009-03-07 15:30 162,850 —a

c:windowssystem32dllcachec_10001.nls
2009-03-06 15:41 . 2009-03-07 15:30 162,850 —a

c:windowssystem32c_10001.nls
2009-03-06 15:41 . 2009-03-07 16:10 57,398 —a

c:windowssystem32dllcacheimjpdadm.exe
2009-03-06 13:11 . 2009-03-06 13:11 d

c:windowssystem321049
2009-03-06 13:11 . 2001-12-05 04:00 65,536 —a

c:windowssystem32WMErrRUS.dll
2009-03-06 13:11 . 2001-12-05 04:00 36,388 —a

c:windowsWMPrfRUS.prx
2009-03-06 12:49 . 2004-10-01 13:35 13,260 —a

c:windowsXPE_MUIService Pack 2 RussianEULA.rtf
2009-03-06 12:35 . 2004-09-15 15:15 12,757 —a

c:windowsXPE_SP2EULA.rtf
2009-03-06 08:12 . 2009-03-06 08:12 d

c:program filesMicrosoft SQL Server
2009-03-06 08:12 . 2002-12-17 16:23 33,340

c:windowssystem32dbmsqlgc.dll
2009-03-06 08:12 . 2002-10-20 14:05 24,576

c:windowssystem32dbmsgnet.dll
2009-03-06 01:31 . 2009-03-06 01:31 d

c:program filesWindows Embedded
2009-03-05 22:01 . 2009-03-05 22:01 d

c:windowsServicePackFiles
2009-03-05 22:00 . 2004-07-17 11:40 19,528 —a

c:windows000001_.tmp
2009-03-05 22:00 . 2004-08-03 22:42 15,872 —a

c:windowssystem32spupdsvc.exe
2009-03-03 15:25 . 2009-03-03 15:26 d

c:documents and settingsVanHieuApplication DataDivX
2009-03-03 15:23 . 2008-11-06 19:37 129,784

c:windowssystem32pxafs.dll
2009-03-03 15:23 . 2008-11-06 19:37 120,056

c:windowssystem32pxcpyi64.exe
2009-03-03 15:23 . 2008-11-06 19:37 118,520

c:windowssystem32pxinsi64.exe
2009-03-03 15:23 . 2008-11-06 19:37 9,464

c:windowssystem32driverscdralw2k.sys
2009-03-03 15:23 . 2008-11-06 19:37 9,336

c:windowssystem32driverscdr4_xp.sys
2009-03-02 09:52 . 2009-03-02 09:52 d

c:program filesAimersoft
2009-02-25 03:29 . 2009-02-25 03:29 d—hs—- C:FOUND.005
2009-02-23 13:49 . 2009-02-23 13:49 d

c:documents and settingsVanHieuApplication Datavlc
2009-02-23 13:48 . 2009-02-23 13:48 d

c:program filesVideoLAN
2009-02-22 22:24 . 1998-01-23 12:55 305,152 —a

c:windowsIsUn0419.exe
2009-02-22 22:08 . 2004-06-04 18:33 314,368 —a

c:windowsIsUninstR.Exe
2009-02-22 21:56 . 2009-02-22 21:56 d

c:documents and settingsVanHieuWINDOWS
2009-02-22 19:53 . 2009-02-22 19:53 d

c:program filesOnline TV Player 4
2009-02-22 19:53 . 2009-02-22 19:53 10 —a

c:windowssystem32810429tv4-test.jun

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-03-07 13:25 10,129,408 —-a-w c:windowssystem32dllcachehwxkor.dll
2009-03-07 13:25 10,096,640 —-a-w c:windowssystem32dllcachehwxcht.dll
2009-03-07 13:23 44,032 —-a-w c:windowssystem32dllcacheimekrmig.exe
2009-03-07 13:23 311,359 —-a-w c:windowssystem32dllcacheimepadsv.exe
2009-03-07 13:23 143,422 —-a-w c:windowssystem32dllcachesoftkey.dll
2009-03-07 13:23 102,463 —-a-w c:windowssystem32dllcacheimepadsm.dll
2009-03-07 13:18 471,102 —-a-w c:windowssystem32dllcacheimskdic.dll
2009-03-07 13:17 70,656 —-a-w c:windowssystem32korwbrkr.dll
2009-03-07 13:17 70,656 —-a-w c:windowssystem32dllcachekorwbrkr.dll
2009-03-07 12:58 1,677,824 —-a-w c:windowssystem32dllcachechsbrkr.dll
2009-03-07 12:58 1,677,824 —-a-w c:windowssystem32chsbrkr.dll
2009-03-07 12:46 19,456 —-a-w c:windowssystem32dllcacheagt0804.dll
2009-03-07 12:46 19,456 —-a-w c:windowssystem32dllcacheagt0412.dll
2009-03-07 12:46 19,456 —-a-w c:windowssystem32dllcacheagt0411.dll
2009-03-07 12:46 19,456 —-a-w c:windowssystem32dllcacheagt0404.dll
2009-03-07 12:44 838,144 —-a-w c:windowssystem32dllcachechtbrkr.dll
2009-03-07 12:44 838,144 —-a-w c:windowssystem32chtbrkr.dll
2009-03-07 12:21 47,360 —-a-w c:documents and settingsVanHieuApplication Datapcouffin.sys
2009-03-07 11:53 36,927 —-a-w c:windowssystem32dllcachepadrs411.dll
2009-03-07 11:53 36,864 —-a-w c:windowssystem32dllcachehanjadic.dll
2009-03-07 11:53 229,439 —-a-w c:windowssystem32dllcachemultibox.dll
2009-03-07 11:53 14,336 —-a-w c:windowssystem32dllcachepadrs412.dll
2009-03-06 15:42 59,904 —-a-w c:windowssystem32dllcacheimkrinst.exe
2009-03-06 13:27 315,452 —-a-w c:windowssystem32dllcacheimskf.dll
2009-03-06 13:25 45,109 —-a-w c:windowssystem32dllcacheimjpuex.exe
2009-03-06 13:24 98,304 —-a-w c:windowssystem32msir3jp.dll
2009-03-06 13:24 98,304 —-a-w c:windowssystem32dllcachemsir3jp.dll
2009-02-20 16:33

d

w c:program filesURUSoft
2009-02-11 17:03

d

w c:program filesGenieSoft
2009-02-10 19:17

d

w c:program filesVSTPlugins
2009-02-10 19:17

d

w c:documents and settingsVanHieuApplication DataGenieSoft
2009-02-09 21:40

d

w c:program filesCommon FilesSkype
2009-02-09 21:39

d

r c:program filesSkype
2009-01-31 12:10

d

w c:documents and settingsVanHieuApplication Datacom.imeem.DesktopUploader.6C3F108F466C0F04F30B58747CAA4DF34281133B.1
2009-01-31 12:09

d

w c:program filesCommon FilesAdobe AIR
2009-01-30 15:40

d

w c:documents and settingsVanHieuApplication Dataled
2009-01-30 15:39 98,304 —-a-w c:windowssystem32CmdLineExt.dll
2009-01-30 15:39

d—h—r c:documents and settingsVanHieuApplication DataSecuROM
2009-01-30 15:39

d

w c:program filesIDM
2009-01-22 17:44

d

w c:program filesOpera 10 Preview
2009-01-03 14:57 410,984 —-a-w c:windowssystem32deploytk.dll
2006-08-15 17:42 3,408 —-a-w c:windowsinfInfo.vbs
.

((((((((((((((((((((((((((((( SnapShot@2009-03-16_ 8.18.46.33 )))))))))))))))))))))))))))))))))))))))))
.
+ 2005-10-20 09:02:28 163,328 —-a-w c:windowsERDNT16.03.2009ERDNT.EXE
+ 2009-03-16 09:05:40 5,656,576 —-a-w c:windowsERDNT16.03.2009Users00000001ntuser.dat
+ 2009-03-16 09:05:40 278,528 —-a-w c:windowsERDNT16.03.2009Users00000002UsrClass.dat
+ 2005-10-20 09:02:28 163,328 —-a-w c:windowsERDNTAutoBackup16.03.2009ERDNT.EXE
+ 2009-03-16 09:29:18 5,439,488 —-a-w c:windowsERDNTAutoBackup16.03.2009Users00000001ntuser.dat
+ 2009-03-16 09:29:18 274,432 —-a-w c:windowsERDNTAutoBackup16.03.2009Users00000002UsrClass.dat
+ 2008-08-07 12:27:04 163,328 —-a-w c:windowsERUNTSDFIXERDNT.EXE
+ 2009-03-16 09:15:08 5,435,392 —-a-w c:windowsERUNTSDFIXUsers00000001ntuser.dat
+ 2009-03-16 09:15:08 274,432 —-a-w c:windowsERUNTSDFIXUsers00000002UsrClass.dat
+ 2008-08-07 12:27:04 163,328 —-a-w c:windowsERUNTSDFIX_First_RunERDNT.EXE
+ 2009-03-16 09:14:58 5,435,392 —-a-w c:windowsERUNTSDFIX_First_RunUsers00000001ntuser.dat
+ 2009-03-16 09:14:58 274,432 —-a-w c:windowsERUNTSDFIX_First_RunUsers00000002UsrClass.dat
+ 2009-03-16 17:00:46 9,662 —-a-r c:windowsInstaller{C20CE592-B0F8-4D20-BF31-0151CA6331A6}ARPPRODUCTICON.exe
+ 2009-03-16 17:01:40 16,564 —-a-w c:windowsInstaller{C20CE592-B0F8-4D20-BF31-0151CA6331A6}emodio.dat
— 2009-03-08 05:18:18 328,296 —-a-w c:windowssystem32FNTCACHE.DAT
+ 2009-03-16 14:30:14 328,296 —-a-w c:windowssystem32FNTCACHE.DAT
— 2007-12-14 14:19:56 118,784

w c:windowssystem32MaDRM.dll
+ 2008-09-17 09:36:18 118,784 —-a-w c:windowssystem32MaDRM.dll
— 2007-12-14 14:19:56 40,960

w c:windowssystem32MAMACExtract.dll
+ 2008-09-17 09:36:18 40,960 —-a-w c:windowssystem32MAMACExtract.dll
— 2007-12-14 14:19:56 135,168

w c:windowssystem32muzaf1.dll
+ 2008-09-17 09:36:18 135,168 —-a-w c:windowssystem32muzaf1.dll
— 2007-12-14 14:19:56 471,040

w c:windowssystem32muzapp.dll
+ 2008-09-17 09:36:20 483,328 —-a-w c:windowssystem32muzapp.dll
— 2008-02-22 07:44:28 172,776 —-a-w c:windowssystem32muzapp.exe
+ 2008-09-17 09:36:18 167,936 —-a-w c:windowssystem32muzapp.exe
— 2007-12-14 14:19:56 200,704

w c:windowssystem32muzwmts.dll
+ 2008-09-17 09:36:20 200,704 —-a-w c:windowssystem32muzwmts.dll
— 2007-12-14 14:19:56 45,056

w c:windowssystem32Ogg.dll
+ 2008-09-17 09:36:20 45,056 —-a-w c:windowssystem32Ogg.dll
— 2007-12-14 14:19:56 237,568

w c:windowssystem32OggDS.dll
+ 2008-09-17 09:36:20 237,568 —-a-w c:windowssystem32OggDS.dll
— 2009-03-06 10:22:34 60,510 —-a-w c:windowssystem32perfc009.dat
+ 2009-03-17 18:36:12 60,510 —-a-w c:windowssystem32perfc009.dat
— 2009-03-06 10:22:34 398,748 —-a-w c:windowssystem32perfh009.dat
+ 2009-03-17 18:36:14 398,748 —-a-w c:windowssystem32perfh009.dat
— 2007-12-14 14:19:56 110,592

w c:windowssystem32tg_dump.dll
+ 2008-09-17 09:36:20 110,592 —-a-w c:windowssystem32tg_dump.dll
— 2007-12-14 14:19:56 110,592

w c:windowssystem32TG_DUMP0708.DLL
+ 2008-09-17 09:36:20 110,592 —-a-w c:windowssystem32TG_DUMP0708.DLL
— 2004-11-01 10:13:28 245,408 —-a-w c:windowssystem32unicows.dll
+ 2008-09-17 09:36:22 258,352 —-a-w c:windowssystem32unicows.dll
— 2007-12-14 14:19:56 188,416

w c:windowssystem32vorbis.dll
+ 2008-09-17 09:36:20 188,416 —-a-w c:windowssystem32vorbis.dll
— 2007-12-14 14:19:58 921,600

w c:windowssystem32vorbisenc.dll
+ 2008-09-17 09:36:22 921,600 —-a-w c:windowssystem32vorbisenc.dll
+ 2009-03-21 16:46:54 16,384 —-a-w c:windowsTempPerflib_Perfdata_17c.dat
+ 2009-03-21 16:47:20 16,384 —-a-w c:windowsTempPerflib_Perfdata_d64.dat
.
— Snapshot reset to current date —
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USERSOFTWAREMicrosoftWindowsCurrentVersionRun]
«STYLEXP»=»c:program filesTGTSoftStyleXPStyleXP.exe» [2005-07-21 1359872]
«UniKey»=»c:program filesUnikey 3.6UniKeyNT.exe» [2003-01-29 77824]
«Messenger (Yahoo!)»=»c:program filesYahoo!MessengerYahooMessenger.exe» [2008-11-05 4347120]
«ctfmon.exe»=»c:windowssystem32ctfmon.exe» [2004-08-04 15360]
«MSMSGS»=»c:program filesMessengermsmsgs.exe» [2004-08-04 1667584]
«BitTorrent DNA»=»c:program filesDNAbtdna.exe» [2008-12-19 342848]
«Google Update»=»c:documents and settingsVanHieuLocal SettingsApplication DataGoogleUpdateGoogleUpdate.exe» [2008-11-05 133104]
«Skype»=»c:program filesSkypePhoneSkype.exe» [2009-01-29 23975720]
«LDM»=»c:program filesLogitechDesktop Messenger8876480ProgramBackWeb-8876480.exe» [BU]

[HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionRun]
«igfxtray»=»c:windowssystem32igfxtray.exe» [2005-09-20 94208]
«igfxhkcmd»=»c:windowssystem32hkcmd.exe» [2005-09-20 77824]
«igfxpers»=»c:windowssystem32igfxpers.exe» [2005-09-20 114688]
«QuickTime Task»=»c:program filesQuickTimeqttask.exe» [2008-07-13 98304]
«LVCOMSX»=»c:windowssystem32LVCOMSX.EXE» [2004-02-25 221184]
«LogitechVideoRepair»=»c:program filesLogitechVideoISStart.exe» [2004-02-25 454656]
«LogitechVideoTray»=»c:program filesLogitechVideoLogiTray.exe» [2004-02-25 212992]
«dla»=»c:windowssystem32dlatfswctrl.exe» [2002-05-09 102455]
«DVDBitSet»=»c:program filesHP CD-DVDUmbrellaDVDBitSet.exe» [2002-05-01 200704]
«HPCDTray»=»c:program filesHP CD-DVDUmbrellahpcdtray.exe» [2001-10-17 69632]
«TkBellExe»=»c:program filesCommon FilesRealUpdate_OBrealsched.exe» [2008-09-18 185896]
«hpppta»=»c:program filesHewlett-PackardHP PrecisionScanPrecisionScan Prohpppta.exe» [2000-06-02 86016]
«SunJavaUpdateSched»=»c:program filesJavajre6binjusched.exe» [2009-01-03 136600]
«wmagent.exe»=»c:program filesWebMoney Agentwmagent.exe» [2008-10-01 209376]
«NeroFilterCheck»=»c:windowssystem32NeroCheck.exe» [2006-01-12 155648]
«IMJPMIG8.1″=»c:windowsIMEimjp8_1IMJPMIG.EXE» [2004-08-03 208952]
«MSPY2002″=»c:windowssystem32IMEPINTLGNTImScInst.exe» [2004-08-03 59392]
«PHIME2002ASync»=»c:windowssystem32IMETINTLGNTTINTSETP.EXE» [2004-08-03 455168]
«PHIME2002A»=»c:windowssystem32IMETINTLGNTTINTSETP.EXE» [2004-08-03 455168]
«WinPatrol Russian v.2″=»c:program filesBillP StudiosWinPatrolwinpatrol.exe» [2007-08-06 292152]

[HKEY_USERS.DEFAULTSoftwareMicrosoftWindowsCurrentVersionRun]
«CTFMON.EXE»=»c:windowssystem32CTFMON.EXE» [2004-08-04 15360]

c:documents and settingsVanHieuStart MenuProgramsStartup
PowerReg Scheduler.exe [2008-08-30 225280]

c:documents and settingsAll UsersStart MenuProgramsStartup
Logitech Desktop Messenger.lnk — c:program filesLogitechDesktop Messenger8876480ProgramLDMConf.exe [2008-08-29 169472]
RAMASST.lnk — c:windowssystem32RAMASST.exe [2008-10-16 155648]
Service Manager.lnk — c:program filesMicrosoft SQL Server80ToolsBinnsqlmangr.exe [2002-12-17 74308]

[HKEY_LOCAL_MACHINEsoftwaremicrosoftwindows ntcurrentversiondrivers32]
«msacm.enc»= ITIG726.acm

[HKEY_LOCAL_MACHINEsoftwaremicrosoftshared toolsmsconfigstartupregmtd2002Svr]
—a

2002-10-05 13:05 544768 c:program filesmtd2002mtdserver.exe

[HKEY_LOCAL_MACHINEsoftwaremicrosoftshared toolsmsconfigstartupregSTYLEXP]
—a

2005-07-21 05:57 1359872 c:program filesTGTSoftStyleXPStyleXP.exe

[HKLM~servicessharedaccessparametersfirewallpolicystandardprofileAuthorizedApplicationsList]
«c:\Program Files\mtd2002\mtdserver.exe»=
«c:\WINDOWS\system32\sessmgr.exe»=
«c:\Program Files\Yahoo!\Messenger\YahooMessenger.exe»=
«c:\Program Files\DNA\btdna.exe»=
«c:\Program Files\BitTorrent\bittorrent.exe»=
«c:\WINDOWS\System32\muzapp.exe»=
«%windir%\system32\sessmgr.exe»=
«c:\Program Files\TVAnts\Tvants.exe»=
«c:\Program Files\Skype\Phone\Skype.exe»=

R1 hpcd2k;hpcd2k;c:windowssystem32drivershpcd2k.sys [2008-08-30 4421]
R2 Rbspxe;Remote Boot Service;c:windowsSystem32svchost.exe -k RBS [2004-08-04 14336]
R2 TFTPD;Trivial File Transfer Protocol;c:program filesWindows EmbeddedRemote Boot Servicetftpd.exe [2004-08-31 19484]
S3 CrystalSysInfo;CrystalSysInfo;c:program filesMediaCoderSysInfo.sys [2009-03-17 15152]
S4 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;c:program filesMcAfeeSiteAdvisorMcSACore.exe [2009-03-16 210216]

[HKEY_LOCAL_MACHINEsoftwaremicrosoftwindows ntcurrentversionsvchost]
rbs REG_MULTI_SZ rbspxe

[HKEY_CURRENT_USERsoftwaremicrosoftwindowscurrentversionexplorermountpoints2{1d9d5ad0-1433-11de-8c2b-00080d046837}]
ShellAutoRuncommand — G:2u.com
ShellexploreCommand — G:2u.com
ShellopenCommand — G:2u.com
.
— — — — ORPHANS REMOVED — — — —

HKCU-Run-cdoosoft — c:windowssystem32olhrwef.exe

.

Supplementary Scan

.
uStart Page = about:blank
mStart Page = hxxp://www.yahoo.com/
mSearch Bar = hxxp://us.rd.yahoo.com/customize/ie/defaults/sb/msgr8/*http://www.yahoo.com/ext/search/search.html
uInternet Connection Wizard,ShellNext = iexplore
uInternet Settings,ProxyOverride = localhost
IE: E&xport to Microsoft Excel — c:progra~1MICROS~2OFFICE11EXCEL.EXE/3000
IE: {{FB5A1911-A111-12d3-BB8E-12C04F845654} — mailto:VanHieu_vl@Yahoo.com?Subject=More Information
TCP: {24F87B78-2B3A-4A7E-B707-28AA5E8723EE} = 194.67.160.3,194.67.161.1
FF — ProfilePath — c:documents and settingsVanHieuApplication DataMozillaFirefoxProfilesj773li6y.default
FF — prefs.js: browser.search.defaulturl — hxxp://www.google.com/search?lr=&ie=UTF-8&oe=UTF-8&q=
FF — prefs.js: browser.search.selectedEngine — Google
FF — prefs.js: browser.startup.homepage — hxxp://en-US.start2.mozilla.com/firefox?client=firefox-a&rls=org.mozilla:en-US:official
FF — prefs.js: keyword.URL — hxxp://search.yahoo.com/search?ei=utf-8&fr=megaup&p=
FF — component: c:program filesMcAfeeSiteAdvisorcomponentsMcFFPlg.dll
FF — component: c:program filesMozilla Firefoxextensionsbrowserhighlighter@ebay.comcomponentsShim.dll
FF — plugin: c:documents and settingsVanHieuLocal SettingsApplication DataGoogleUpdate1.2.141.5npGoogleOneClick7.dll
FF — plugin: c:program filesMozilla Firefoxpluginsnpbittorrent.dll
.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista — rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-03-21 19:47:03
Windows 5.1.2600 Service Pack 2 FAT NTAPI

scanning hidden processes …

scanning hidden autostart entries …

scanning hidden files …

scan completed successfully
hidden files: 0

**************************************************************************
.

LOCKED REGISTRY KEYS

[HKEY_USERSS-1-5-21-1993962763-764733703-1060284298-1003SoftwareSecuROM!CAUTION! NEVER A OR CHANGE ANY KEY*]
«??»=hex:23,6a,bf,8f,ee,b3,c5,69,86,d9,bd,36,27,ad,7f,42,82,61,4d,05,d1,82,4d,
ae,c6,7c,c4,7a,5e,21,8c,e5,06,5a,cf,9b,f3,68,32,92,9c,01,63,a9,0f,2d,a8,87,
«??»=hex:b0,81,a3,68,c9,0a,cb,e9,a3,aa,a5,71,02,e1,3d,32
.

Other Running Processes

.
c:windowsSYSTEM32DVDRAMSV.EXE
c:program filesJAVAJRE6BINJQS.EXE
c:windowsSYSTEM32WDFMGR.EXE
c:program filesLogitechVideoFxSvr2.exe
c:windowssystem32wscntfy.exe
c:program filesSkypePlugin ManagerskypePM.exe
.
**************************************************************************
.
Completion time: 2009-03-21 19:50:39 — machine was rebooted
ComboFix-quarantined-files.txt 2009-03-21 16:50:36
ComboFix2.txt 2009-03-16 05:20:22

Pre-Run: 1 495 629 824 bytes free
Post-Run: 1,522,171,904 байт свободно

382
25 марта, 2009 в 3:31 пп #22641
Admin
Keymaster
- Темы:40
- Сообщений:5676
Нужно ещё немножко подчистить.
Откройте блокнот (Кликните Пуск, Выполнить, в строке ввода введите notepad и нажмите Enter) и вставьте в него следующий текст:
```
Registry::

[-HKEY_CURRENT_USERsoftwaremicrosoftwindowscurrentversionexplorermountpoints2{1d9d5ad0-1433-11de-8c2b-00080d046837}]



File::

C:q0dhfjf.exe
```
Запишите получившийся файл на ваш рабочий стол под именем CFScript
Далее перетащите получившийся файл на иконку Combofix, как показано на картинке ниже.

Сombofix запуститься и выполнит процедуры описанные в созданном нами файле.
По результатам работы Combofix будет создан новый лог, его и вставьте в свой следующий ответ.
27 марта, 2009 в 3:22 пп #22642
kimmy456
Participant
- Темы:1
- Сообщений:4
Сделала как вы просили, вот лог:

ComboFix 09-03-14.01 — VanHieu 2009-03-27 18:14:17.3 — FAT32x86
Microsoft Windows XP Professional 5.1.2600.2.1251.1.1033.18.495.213 [GMT 3:00]
Running from: c:documents and settingsVanHieuMy DocumentsDownloadsComboFix.exe
Command switches used :: c:documents and settingsVanHieuDesktopCFScript.txt

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.
— REDUCED FUNCTIONALITY MODE —

FILE ::
C:q0dhfjf.exe
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:q0dhfjf.exe
c:windowssystem32nmdfgds0.dll
c:windowssystem32nmdfgds1.dll
c:windowssystem32nmdfgds2.dll
c:windowssystem32olhrwef.exe

.
((((((((((((((((((((((((( Files Created from 2009-02-27 to 2009-03-27 )))))))))))))))))))))))))))))))
.

2009-03-27 18:11 . 2009-03-08 21:12 d

C:32788R22FWJFW
2009-03-26 10:53 . 2009-03-26 10:53 d—hs—- C:FOUND.008
2009-03-23 21:24 . 2009-03-23 21:23 109,692 -r-hs—- C:em8tqm.cmd
2009-03-22 14:45 . 2009-03-22 14:45 d

c:documents and settingsVanHieuApplication DataBroad Intelligence
2009-03-22 01:04 . 2009-03-23 21:23 109,692 -r-hs—- C:jm3cx96.bat
2009-03-22 01:03 . 2009-03-19 19:08 111,242 -r-hs—- C:gyn.cmd
2009-03-21 23:12 . 2009-03-22 01:00 457,121,082 —a

C:Boys.Over.Flowers.E18.KOR.090309.HDTV.XviD-Ental.svi
2009-03-21 19:29 . 2009-03-21 19:29 d—hs—- C:FOUND.007
2009-03-21 17:04 . 2009-03-21 17:04 d

c:program filesDirectVobSub
2009-03-21 16:27 . 2005-08-25 22:10 9,804 —a

c:windowssystemvdremote.dll
2009-03-21 16:27 . 2005-08-25 22:09 7,244 —a

c:windowssystemvdsvrlnk.dll
2009-03-18 07:27 . 2009-03-23 23:12 65 —a

c:windowsFISHUI.INI
2009-03-17 22:06 . 2009-03-17 22:06 d

c:program filesMediaCoder
2009-03-16 18:21 . 2009-03-16 18:21 d

c:program filesK-Lite Codec Pack
2009-03-16 18:21 . 2008-09-24 21:41 839,680 —a

c:windowssystem32lameACM.acm
2009-03-16 18:21 . 2008-12-07 21:08 795,648 —a

c:windowssystem32xvidcore.dll
2009-03-16 18:21 . 2008-11-06 19:33 684,032 —a

c:windowssystem32divx.dll
2009-03-16 18:21 . 2004-01-25 19:18 217,088 —a

c:windowssystem32yv12vfw.dll
2009-03-16 18:21 . 2008-12-07 21:08 130,048 —a

c:windowssystem32xvidvfw.dll
2009-03-16 18:21 . 2007-09-21 03:52 118,784 —a

c:windowssystem32ac3acm.acm
2009-03-16 18:21 . 2009-02-09 21:56 67,584 —a

c:windowssystem32ff_vfw.dll
2009-03-16 18:21 . 2007-07-10 19:10 547 —a

c:windowssystem32ff_vfw.dll.manifest
2009-03-16 18:21 . 2008-10-03 15:30 414 —a

c:windowssystem32lame_acm.xml
2009-03-16 17:37 . 2009-03-16 17:37 d

c:documents and settingsVanHieuApplication DataDataCast
2009-03-16 12:47 . 2009-03-16 12:47 d

c:documents and settingsLocalServiceApplication DataSACore
2009-03-16 12:44 . 2009-03-16 12:44 d

c:documents and settingsAll UsersApplication DataSiteAdvisor
2009-03-16 12:43 . 2009-03-16 12:43 d

c:program filesMcAfee
2009-03-16 12:43 . 2009-03-16 12:44 d

c:program filesCommon FilesMcAfee
2009-03-16 12:43 . 2009-03-16 12:43 d

c:documents and settingsAll UsersApplication DataMcAfee
2009-03-16 12:29 . 2009-03-17 12:59 111,435 -r-hs—- C:luk1ylq.com
2009-03-16 12:16 . 2009-03-16 12:16 577,024 —a

c:windowssystem32dllcacheuser32.dll
2009-03-16 12:14 . 2009-03-16 12:14 d

c:windowsERUNT
2009-03-16 12:07 . 2008-11-06 02:03 d

C:SDFix
2009-03-16 12:05 . 2009-03-16 12:06 d

c:program filesNT Registry Optimizer
2009-03-16 12:04 . 2009-03-16 12:04 d

c:program filesERUNT
2009-03-16 11:58 . 2009-03-16 11:58 d

c:program filesCCleaner
2009-03-16 08:32 . 2009-03-16 08:32 d

C:_OTMoveIt
2009-03-15 10:34 . 2009-03-15 10:34 d

c:documents and settingsVanHieuApplication DataWinPatrol
2009-03-15 10:20 . 2009-03-15 10:20 d

c:program filesBillP Studios
2009-03-13 07:54 . 2009-03-13 07:54 d

C:rsit
2009-03-13 07:54 . 2009-03-13 07:54 d

c:program filestrend micro
2009-03-11 20:08 . 2009-03-11 20:08 d

c:documents and settingsVanHieuApplication DataMalwarebytes
2009-03-11 20:08 . 2009-02-11 10:19 15,504 —a

c:windowssystem32driversmbam.sys
2009-03-11 20:07 . 2009-03-11 20:07 d

c:program filesMalwarebytes’ Anti-Malware
2009-03-11 20:07 . 2009-03-11 20:07 d

c:documents and settingsAll UsersApplication DataMalwarebytes
2009-03-11 20:07 . 2009-02-11 10:19 38,496 —a

c:windowssystem32driversmbamswissarmy.sys
2009-03-11 19:25 . 2009-03-11 19:25 d

C:VundoFix Backups
2009-03-11 12:05 . 2009-03-11 12:05 d—hs—- C:FOUND.006
2009-03-09 21:14 . 2009-03-09 21:14 d

c:documents and settingsVanHieuApplication DataSamsung
2009-03-09 16:09 . 2009-03-09 16:09 d

c:program filesTVAnts
2009-03-07 23:56 . 2006-05-03 22:53 174,592 —a

c:windowssystem32framedyn.dll
2009-03-07 23:55 . 2009-03-07 23:55 d

c:windowssystem32Samsung_USB_Drivers
2009-03-07 23:55 . 2005-08-30 01:49 94,000 —a

c:windowssystem32driversssm_mdm.sys
2009-03-07 23:55 . 2005-08-30 01:47 58,320 —a

c:windowssystem32driversssm_bus.sys
2009-03-07 23:55 . 2005-08-30 01:49 8,336 —a

c:windowssystem32driversssm_mdfl.sys
2009-03-07 23:55 . 2005-08-30 01:49 6,176 —a

c:windowssystem32driversssm_cmnt.sys
2009-03-07 23:55 . 2005-08-30 01:49 6,176 —a

c:windowssystem32driversssm_cm.sys
2009-03-07 23:55 . 2005-08-30 01:47 5,840 —a

c:windowssystem32driversssm_whnt.sys
2009-03-07 23:55 . 2005-08-30 01:47 5,840 —a

c:windowssystem32driversssm_wh.sys
2009-03-07 23:54 . 2006-07-24 16:05 5,632 —a

c:windowssystem32driversStarOpen.sys
2009-03-07 23:54 . 2005-08-28 20:51 766 —a

c:windowssystem32Uninstall.ico
2009-03-07 23:15 . 2009-03-07 23:15 d

c:program filesHelaBasa
2009-03-07 20:14 . 2001-11-12 13:30 827,156 —a

c:windowssystem32sheadg.ttf
2009-03-07 19:53 . 2009-03-07 19:53 d

c:program filesKorean HakGyo
2009-03-07 19:46 . 2009-03-07 19:46 d

c:documents and settingsAll UsersApplication DataTavultesoft
2009-03-07 19:12 . 2009-03-07 19:12 d

c:program filesTavultesoft
2009-03-07 19:12 . 2009-03-07 19:12 d

c:program filesCommon FilesTavultesoft
2009-03-07 19:12 . 2009-03-07 19:12 d

c:documents and settingsVanHieuApplication DataTavultesoft
2009-03-07 18:01 . 2009-03-07 18:01 d

c:program filesAgilingua
2009-03-07 18:00 . 2009-03-07 18:00 d

c:windowsFlash Card Factory
2009-03-07 18:00 . 2009-03-07 18:00 d

c:program filesFlash Card Factory
2009-03-07 16:53 . 2004-09-14 14:53 13,323 —a

c:windowsXPE_MUIService Pack 1 KoreanEULA.rtf
2009-03-07 16:52 . 2004-10-01 12:35 13,260 —a

c:windowsXPE_MUIService Pack 2 KoreanEULA.rtf
2009-03-07 16:27 . 2009-03-07 16:25 13,463,552 —a

c:windowssystem32dllcachehwxjpn.dll
2009-03-07 16:22 . 2009-03-07 16:22 d

c:windowsSxsCaPendDel
2009-03-07 15:19 . 2009-03-07 15:19 50 —a

c:windowsMegaManager.INI
2009-03-06 15:41 . 2009-03-07 16:06 180,258 —a

c:windowssystem32dllcachec_20000.nls
2009-03-06 15:41 . 2009-03-07 16:06 180,258 —a

c:windowssystem32c_20000.nls
2009-03-06 15:41 . 2009-03-07 15:30 162,850 —a

c:windowssystem32dllcachec_10001.nls
2009-03-06 15:41 . 2009-03-07 15:30 162,850 —a

c:windowssystem32c_10001.nls
2009-03-06 15:41 . 2009-03-07 16:10 57,398 —a

c:windowssystem32dllcacheimjpdadm.exe
2009-03-06 13:11 . 2009-03-06 13:11 d

c:windowssystem321049
2009-03-06 13:11 . 2001-12-05 04:00 65,536 —a

c:windowssystem32WMErrRUS.dll
2009-03-06 13:11 . 2001-12-05 04:00 36,388 —a

c:windowsWMPrfRUS.prx
2009-03-06 12:49 . 2004-10-01 13:35 13,260 —a

c:windowsXPE_MUIService Pack 2 RussianEULA.rtf
2009-03-06 12:35 . 2004-09-15 15:15 12,757 —a

c:windowsXPE_SP2EULA.rtf
2009-03-06 08:12 . 2009-03-06 08:12 d

c:program filesMicrosoft SQL Server
2009-03-06 08:12 . 2002-12-17 16:23 33,340

c:windowssystem32dbmsqlgc.dll
2009-03-06 08:12 . 2002-10-20 14:05 24,576

c:windowssystem32dbmsgnet.dll
2009-03-06 01:31 . 2009-03-06 01:31 d

c:program filesWindows Embedded
2009-03-05 22:01 . 2009-03-05 22:01 d

c:windowsServicePackFiles
2009-03-05 22:00 . 2004-07-17 11:40 19,528 —a

c:windows000001_.tmp
2009-03-05 22:00 . 2004-08-03 22:42 15,872 —a

c:windowssystem32spupdsvc.exe
2009-03-03 15:25 . 2009-03-03 15:26 d

c:documents and settingsVanHieuApplication DataDivX
2009-03-03 15:23 . 2008-11-06 19:37 129,784

c:windowssystem32pxafs.dll
2009-03-03 15:23 . 2008-11-06 19:37 120,056

c:windowssystem32pxcpyi64.exe
2009-03-03 15:23 . 2008-11-06 19:37 118,520

c:windowssystem32pxinsi64.exe
2009-03-03 15:23 . 2008-11-06 19:37 9,464

c:windowssystem32driverscdralw2k.sys
2009-03-03 15:23 . 2008-11-06 19:37 9,336

c:windowssystem32driverscdr4_xp.sys
2009-03-02 09:52 . 2009-03-02 09:52 d

c:program filesAimersoft

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-03-07 13:25 10,129,408 —-a-w c:windowssystem32dllcachehwxkor.dll
2009-03-07 13:25 10,096,640 —-a-w c:windowssystem32dllcachehwxcht.dll
2009-03-07 13:23 44,032 —-a-w c:windowssystem32dllcacheimekrmig.exe
2009-03-07 13:23 311,359 —-a-w c:windowssystem32dllcacheimepadsv.exe
2009-03-07 13:23 143,422 —-a-w c:windowssystem32dllcachesoftkey.dll
2009-03-07 13:23 102,463 —-a-w c:windowssystem32dllcacheimepadsm.dll
2009-03-07 13:18 471,102 —-a-w c:windowssystem32dllcacheimskdic.dll
2009-03-07 13:17 70,656 —-a-w c:windowssystem32korwbrkr.dll
2009-03-07 13:17 70,656 —-a-w c:windowssystem32dllcachekorwbrkr.dll
2009-03-07 12:58 1,677,824 —-a-w c:windowssystem32dllcachechsbrkr.dll
2009-03-07 12:58 1,677,824 —-a-w c:windowssystem32chsbrkr.dll
2009-03-07 12:46 19,456 —-a-w c:windowssystem32dllcacheagt0804.dll
2009-03-07 12:46 19,456 —-a-w c:windowssystem32dllcacheagt0412.dll
2009-03-07 12:46 19,456 —-a-w c:windowssystem32dllcacheagt0411.dll
2009-03-07 12:46 19,456 —-a-w c:windowssystem32dllcacheagt0404.dll
2009-03-07 12:44 838,144 —-a-w c:windowssystem32dllcachechtbrkr.dll
2009-03-07 12:44 838,144 —-a-w c:windowssystem32chtbrkr.dll
2009-03-07 12:21 47,360 —-a-w c:documents and settingsVanHieuApplication Datapcouffin.sys
2009-03-07 11:53 36,927 —-a-w c:windowssystem32dllcachepadrs411.dll
2009-03-07 11:53 36,864 —-a-w c:windowssystem32dllcachehanjadic.dll
2009-03-07 11:53 229,439 —-a-w c:windowssystem32dllcachemultibox.dll
2009-03-07 11:53 14,336 —-a-w c:windowssystem32dllcachepadrs412.dll
2009-03-06 15:42 59,904 —-a-w c:windowssystem32dllcacheimkrinst.exe
2009-03-06 13:27 315,452 —-a-w c:windowssystem32dllcacheimskf.dll
2009-03-06 13:25 45,109 —-a-w c:windowssystem32dllcacheimjpuex.exe
2009-03-06 13:24 98,304 —-a-w c:windowssystem32msir3jp.dll
2009-03-06 13:24 98,304 —-a-w c:windowssystem32dllcachemsir3jp.dll
2009-02-23 10:49

d

w c:documents and settingsVanHieuApplication Datavlc
2009-02-23 10:48

d

w c:program filesVideoLAN
2009-02-22 16:53

d

w c:program filesOnline TV Player 4
2009-02-20 16:33

d

w c:program filesURUSoft
2009-02-11 17:03

d

w c:program filesGenieSoft
2009-02-10 19:17

d

w c:program filesVSTPlugins
2009-02-10 19:17

d

w c:documents and settingsVanHieuApplication DataGenieSoft
2009-02-09 21:40

d

w c:program filesCommon FilesSkype
2009-02-09 21:39

d

r c:program filesSkype
2009-01-31 12:10

d

w c:documents and settingsVanHieuApplication Datacom.imeem.DesktopUploader.6C3F108F466C0F04F30B58747CAA4DF34281133B.1
2009-01-31 12:09

d

w c:program filesCommon FilesAdobe AIR
2009-01-30 15:40

d

w c:documents and settingsVanHieuApplication Dataled
2009-01-30 15:39 98,304 —-a-w c:windowssystem32CmdLineExt.dll
2009-01-30 15:39

d—h—r c:documents and settingsVanHieuApplication DataSecuROM
2009-01-30 15:39

d

w c:program filesIDM
2009-01-03 14:57 410,984 —-a-w c:windowssystem32deploytk.dll
2006-08-15 17:42 3,408 —-a-w c:windowsinfInfo.vbs
.

((((((((((((((((((((((((((((( SnapShot_2009-03-21_19.49.16.00 )))))))))))))))))))))))))))))))))))))))))
.
— 2009-03-16 17:00:46 9,662 —-a-r c:windowsInstaller{C20CE592-B0F8-4D20-BF31-0151CA6331A6}ARPPRODUCTICON.exe
+ 2009-03-21 18:02:20 9,662 —-a-r c:windowsInstaller{C20CE592-B0F8-4D20-BF31-0151CA6331A6}ARPPRODUCTICON.exe
— 2009-03-16 17:01:40 16,564 —-a-w c:windowsInstaller{C20CE592-B0F8-4D20-BF31-0151CA6331A6}emodio.dat
+ 2009-03-21 18:03:32 16,564 —-a-w c:windowsInstaller{C20CE592-B0F8-4D20-BF31-0151CA6331A6}emodio.dat
+ 2009-03-27 15:18:04 16,384 —-a-w c:windowsTempPerflib_Perfdata_198.dat
+ 2009-03-27 15:17:56 16,384 —-a-w c:windowsTempPerflib_Perfdata_7bc.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USERSOFTWAREMicrosoftWindowsCurrentVersionRun]
«STYLEXP»=»c:program filesTGTSoftStyleXPStyleXP.exe» [2005-07-21 1359872]
«UniKey»=»c:program filesUnikey 3.6UniKeyNT.exe» [2003-01-29 77824]
«Messenger (Yahoo!)»=»c:program filesYahoo!MessengerYahooMessenger.exe» [2008-11-05 4347120]
«ctfmon.exe»=»c:windowssystem32ctfmon.exe» [2004-08-04 15360]
«MSMSGS»=»c:program filesMessengermsmsgs.exe» [2004-08-04 1667584]
«BitTorrent DNA»=»c:program filesDNAbtdna.exe» [2008-12-19 342848]
«Google Update»=»c:documents and settingsVanHieuLocal SettingsApplication DataGoogleUpdateGoogleUpdate.exe» [2008-11-05 133104]
«Skype»=»c:program filesSkypePhoneSkype.exe» [2009-01-29 23975720]
«LDM»=»c:program filesLogitechDesktop Messenger8876480ProgramBackWeb-8876480.exe» [BU]
«cdoosoft»=»c:windowssystem32olhrwef.exe» [BU]

[HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionRun]
«igfxtray»=»c:windowssystem32igfxtray.exe» [2005-09-20 94208]
«igfxhkcmd»=»c:windowssystem32hkcmd.exe» [2005-09-20 77824]
«igfxpers»=»c:windowssystem32igfxpers.exe» [2005-09-20 114688]
«QuickTime Task»=»c:program filesQuickTimeqttask.exe» [2008-07-13 98304]
«LVCOMSX»=»c:windowssystem32LVCOMSX.EXE» [2004-02-25 221184]
«LogitechVideoRepair»=»c:program filesLogitechVideoISStart.exe» [2004-02-25 454656]
«LogitechVideoTray»=»c:program filesLogitechVideoLogiTray.exe» [2004-02-25 212992]
«dla»=»c:windowssystem32dlatfswctrl.exe» [2002-05-09 102455]
«DVDBitSet»=»c:program filesHP CD-DVDUmbrellaDVDBitSet.exe» [2002-05-01 200704]
«HPCDTray»=»c:program filesHP CD-DVDUmbrellahpcdtray.exe» [2001-10-17 69632]
«TkBellExe»=»c:program filesCommon FilesRealUpdate_OBrealsched.exe» [2008-09-18 185896]
«hpppta»=»c:program filesHewlett-PackardHP PrecisionScanPrecisionScan Prohpppta.exe» [2000-06-02 86016]
«SunJavaUpdateSched»=»c:program filesJavajre6binjusched.exe» [2009-01-03 136600]
«wmagent.exe»=»c:program filesWebMoney Agentwmagent.exe» [2008-10-01 209376]
«NeroFilterCheck»=»c:windowssystem32NeroCheck.exe» [2006-01-12 155648]
«IMJPMIG8.1″=»c:windowsIMEimjp8_1IMJPMIG.EXE» [2004-08-03 208952]
«MSPY2002″=»c:windowssystem32IMEPINTLGNTImScInst.exe» [2004-08-03 59392]
«PHIME2002ASync»=»c:windowssystem32IMETINTLGNTTINTSETP.EXE» [2004-08-03 455168]
«PHIME2002A»=»c:windowssystem32IMETINTLGNTTINTSETP.EXE» [2004-08-03 455168]
«WinPatrol Russian v.2″=»c:program filesBillP StudiosWinPatrolwinpatrol.exe» [2007-08-06 292152]

[HKEY_USERS.DEFAULTSoftwareMicrosoftWindowsCurrentVersionRun]
«CTFMON.EXE»=»c:windowssystem32CTFMON.EXE» [2004-08-04 15360]

c:documents and settingsVanHieuStart MenuProgramsStartup
PowerReg Scheduler.exe [2008-08-30 225280]

c:documents and settingsAll UsersStart MenuProgramsStartup
Logitech Desktop Messenger.lnk — c:program filesLogitechDesktop Messenger8876480ProgramLDMConf.exe [2008-08-29 169472]
RAMASST.lnk — c:windowssystem32RAMASST.exe [2008-10-16 155648]
Service Manager.lnk — c:program filesMicrosoft SQL Server80ToolsBinnsqlmangr.exe [2002-12-17 74308]

[HKEY_LOCAL_MACHINEsoftwaremicrosoftwindows ntcurrentversiondrivers32]
«msacm.enc»= ITIG726.acm

[HKEY_LOCAL_MACHINEsoftwaremicrosoftshared toolsmsconfigstartupregmtd2002Svr]
—a

2002-10-05 13:05 544768 c:program filesmtd2002mtdserver.exe

[HKEY_LOCAL_MACHINEsoftwaremicrosoftshared toolsmsconfigstartupregSTYLEXP]
—a

2005-07-21 05:57 1359872 c:program filesTGTSoftStyleXPStyleXP.exe

[HKLM~servicessharedaccessparametersfirewallpolicystandardprofileAuthorizedApplicationsList]
«c:\Program Files\mtd2002\mtdserver.exe»=
«c:\WINDOWS\system32\sessmgr.exe»=
«c:\Program Files\Yahoo!\Messenger\YahooMessenger.exe»=
«c:\Program Files\DNA\btdna.exe»=
«c:\Program Files\BitTorrent\bittorrent.exe»=
«c:\WINDOWS\System32\muzapp.exe»=
«%windir%\system32\sessmgr.exe»=
«c:\Program Files\TVAnts\Tvants.exe»=
«c:\Program Files\Skype\Phone\Skype.exe»=

R1 hpcd2k;hpcd2k;c:windowssystem32drivershpcd2k.sys [2008-08-30 4421]
R2 Rbspxe;Remote Boot Service;c:windowsSystem32svchost.exe -k RBS [2004-08-04 14336]
R2 TFTPD;Trivial File Transfer Protocol;c:program filesWindows EmbeddedRemote Boot Servicetftpd.exe [2004-08-31 19484]
S3 CrystalSysInfo;CrystalSysInfo;c:program filesMediaCoderSysInfo.sys [2007-09-25 15152]
S4 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;c:program filesMcAfeeSiteAdvisorMcSACore.exe [2009-03-16 210216]

[HKEY_LOCAL_MACHINEsoftwaremicrosoftwindows ntcurrentversionsvchost]
rbs REG_MULTI_SZ rbspxe
.
.

Supplementary Scan

.
uStart Page = about:blank
mStart Page = hxxp://www.yahoo.com/
mSearch Bar = hxxp://us.rd.yahoo.com/customize/ie/defaults/sb/msgr8/*http://www.yahoo.com/ext/search/search.html
uInternet Settings,ProxyOverride = localhost
IE: E&xport to Microsoft Excel — c:progra~1MICROS~2OFFICE11EXCEL.EXE/3000
IE: {{FB5A1911-A111-12d3-BB8E-12C04F845654} — mailto:VanHieu_vl@Yahoo.com?Subject=More Information
FF — ProfilePath — c:documents and settingsVanHieuApplication DataMozillaFirefoxProfilesj773li6y.default
FF — prefs.js: browser.search.defaulturl — hxxp://www.google.com/search?lr=&ie=UTF-8&oe=UTF-8&q=
FF — prefs.js: browser.search.selectedEngine — Google
FF — prefs.js: browser.startup.homepage — hxxp://en-US.start2.mozilla.com/firefox?client=firefox-a&rls=org.mozilla:en-US:official
FF — prefs.js: keyword.URL — hxxp://search.yahoo.com/search?ei=utf-8&fr=megaup&p=
FF — component: c:program filesMcAfeeSiteAdvisorcomponentsMcFFPlg.dll
FF — component: c:program filesMozilla Firefoxextensionsbrowserhighlighter@ebay.comcomponentsShim.dll
FF — plugin: c:documents and settingsVanHieuLocal SettingsApplication DataGoogleUpdate1.2.141.5npGoogleOneClick7.dll
FF — plugin: c:program filesMozilla Firefoxpluginsnpbittorrent.dll
.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista — rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-03-27 18:17:56
Windows 5.1.2600 Service Pack 2 FAT NTAPI

scanning hidden processes …

scanning hidden autostart entries …

scanning hidden files …

scan completed successfully
hidden files: 0

**************************************************************************
.

LOCKED REGISTRY KEYS

[HKEY_USERSS-1-5-21-1993962763-764733703-1060284298-1003SoftwareSecuROM!CAUTION! NEVER A OR CHANGE ANY KEY*]
«??»=hex:23,6a,bf,8f,ee,b3,c5,69,86,d9,bd,36,27,ad,7f,42,82,61,4d,05,d1,82,4d,
ae,c6,7c,c4,7a,5e,21,8c,e5,06,5a,cf,9b,f3,68,32,92,9c,01,63,a9,0f,2d,a8,87,
«??»=hex:b0,81,a3,68,c9,0a,cb,e9,a3,aa,a5,71,02,e1,3d,32
.

Other Running Processes

.
c:windowsSYSTEM32DVDRAMSV.EXE
c:program filesJAVAJRE6BINJQS.EXE
c:windowsSYSTEM32WDFMGR.EXE
c:program filesLOGITECHVIDEOFXSVR2.EXE
c:windowsSYSTEM32WSCNTFY.EXE
.
**************************************************************************
.
Completion time: 2009-03-27 18:20:31 — machine was rebooted
ComboFix-quarantined-files.txt 2009-03-27 15:20:28
ComboFix3.txt 2009-03-16 05:20:22
ComboFix2.txt 2009-03-21 16:50:42

Pre-Run: 1 975 730 176 bytes free
Post-Run: 2,033,221,632 байт свободно

298
29 марта, 2009 в 2:28 пп #22643
Admin
Keymaster
- Темы:40
- Сообщений:5676
Судя по логу, вы вставляли в компьютер заражённую флешку.
Прочитайте эту инструкцию Flash_Disinfector ещё одно оружие против autorun.inf троянов.

* Отключите ваш антивирус.
* Скачайте и запустите Flash_Disinfector.
* По требованию программы вставьте ваш флэш диск или подключите другие внешние устройства хранения информации.

Примечание: запускайте программу столько раз, сколько нужно чтобы очистить все ваши подключаемые диски.

И подчистим ещё немного компьютер.
Откройте блокнот (Кликните Пуск, Выполнить, в строке ввода введите notepad и нажмите Enter) и вставьте в него следующий текст:
```
Registry::

[HKEY_CURRENT_USERSOFTWAREMicrosoftWindowsCurrentVersionRun]

"cdoosoft"=-



File::

C:em8tqm.cmd

C:jm3cx96.bat

C:gyn.cmd
```
Запишите получившийся файл на ваш рабочий стол под именем CFScript
Далее перетащите получившийся файл на иконку Combofix, как показано на картинке ниже.

Сombofix запуститься и выполнит процедуры описанные в созданном нами файле.
По результатам работы Combofix будет создан новый лог, его и вставьте в свой следующий ответ.
Автор

Сообщения