Free Malware Removal Forum

[fusionz13]

heres the Hijack this log:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 7:10:15 PM, on 23/07/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16850)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\system32\CTsvcCDA.EXE
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\WINDOWS\system32\PnkBstrB.exe
C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Pure Networks Shared\Platform\nmsrvc.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\Explorer.EXE
D:\Program Files\TortoiseSVN\bin\TSVNCache.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\CyberLink DVD Solution\PowerDVD\PDVDServ.exe
C:\Program Files\Common Files\Logitech\QCDriver\LVCOMS.EXE
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe
C:\WINDOWS\tsnp2std.exe
C:\WINDOWS\vsnp2std.exe
C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe
C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe
C:\WINPENJR\Win32\pphidpad.exe
D:\Program Files\SimpleCenter\bin\win\sclauncher.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Brother\ControlCenter3\brccMCtl.exe
C:\Program Files\Common Files\Pure Networks Shared\Platform\nmctxth.exe
C:\Program Files\Brother\Brmfcmon\BrMfcmon.exe
C:\Program Files\Pure Networks\Network Magic\nmapp.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\QuickTime\QTTask.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Program Files\Xfire\xfire.exe
C:\Program Files\Windows Live\Contacts\wlcomm.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
O2 - BHO: ShowHKToolbar Class - {06433BFE-4946-4E89-823D-CD359C81CD06} - C:\Program Files\881903\IETOOLBAR\hktbar.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - (no file)
O2 - BHO: Hong Kong Toolbar - {481EE3EC-C026-4F9A-BA22-FD07654ADFC0} - C:\Program Files\881903\IETOOLBAR\hktbar.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.1.1309.15642\swg.dll
O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_219B3E1547538286.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: Windows Live Toolbar Helper - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: Hong Kong Toolbar - {481EE3EC-C026-4F9A-BA22-FD07654ADFC0} - C:\Program Files\881903\IETOOLBAR\hktbar.dll
O3 - Toolbar: &Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
O3 - Toolbar: &Windows Live Toolbar - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink DVD Solution\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [LVCOMS] C:\Program Files\Common Files\Logitech\QCDriver\LVCOMS.EXE
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe"
O4 - HKLM\..\Run: [tsnp2std] C:\WINDOWS\tsnp2std.exe
O4 - HKLM\..\Run: [snp2std] C:\WINDOWS\vsnp2std.exe
O4 - HKLM\..\Run: [PrinTray] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\printray.exe
O4 - HKLM\..\Run: [PaperPort PTD] "C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe"
O4 - HKLM\..\Run: [IndexSearch] "C:\Program Files\ScanSoft\PaperPort\IndexSearch.exe"
O4 - HKLM\..\Run: [PPort11reminder] "C:\Program Files\ScanSoft\PaperPort\Ereg\Ereg.exe" -r "C:\Documents and Settings\All Users\Application Data\ScanSoft\PaperPort\11\Config\Ereg\Ereg.ini
O4 - HKLM\..\Run: [BrMfcWnd] C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe /AUTORUN
O4 - HKLM\..\Run: [ControlCenter3] C:\Program Files\Brother\ControlCenter3\brctrcen.exe /autorun
O4 - HKLM\..\Run: [PPHIDPAD] C:\WINPENJR\Win32\pphidpad.exe
O4 - HKLM\..\Run: [sclauncher] D:\Program Files\SimpleCenter\bin\win\sclauncher.exe
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [nmctxth] "C:\Program Files\Common Files\Pure Networks Shared\Platform\nmctxth.exe"
O4 - HKLM\..\Run: [nmapp] "C:\Program Files\Pure Networks\Network Magic\nmapp.exe" -autorun -nosplash
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [UserFaultCheck] %systemroot%\system32\dumprep 0 -u
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKCU\..\Run: [igndlm.exe] D:\Program Files\Download Manager\DLM.exe /windowsstart /startifwork
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [winlog.exe] C:\Documents and Settings\Kevin\Application Data\Microsoft\winlog.exe
O4 - HKUS\S-1-5-18\..\RunOnce: [RunNarrator] Narrator.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\RunOnce: [RunNarrator] Narrator.exe (User 'Default user')
O4 - Startup: Xfire.lnk = C:\Program Files\Xfire\xfire.exe
O8 - Extra context menu item: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: PalTalk - {4EAFEF58-EEFA-4116-983D-03B49BCBFFFE} - C:\Program Files\Paltalk Messenger\Paltalk.exe
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O15 - ESC Trusted Zone: http://*.update.microsoft.com
O16 - DPF: {00001025-A15C-11D4-97A4-0050BF0FBE67} (NetmarbleStarter25 Class) - http://download.netmarble.net/web/nmsta ... rter25.cab
O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} (Facebook Photo Uploader 5 Control) - http://upload.facebook.com/controls/200 ... oader5.cab
O16 - DPF: {1663ed61-23eb-11d2-b92f-008048fdd814} (MeadCo ScriptX Advanced) - https://www.epost.ca/printing/smsx.cab
O16 - DPF: {1E54D648-B804-468d-BC78-4AFFED8E262E} (System Requirements Lab) - http://www.nvidia.com/content/DriverDow ... eqlab3.cab
O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/Mi ... b31267.cab
O16 - DPF: {2EB1E425-74DC-4DC0-A9E1-03A4C852E1F2} (CPlayFirstTriJinxControl Object) - http://zone.msn.com/bingame/trix/defaul ... 0.0.67.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} (CDownloadCtrl Object) - http://www.fileplanet.com/fpdlmgr/cabs/ ... .7.109.cab
O16 - DPF: {48DD0448-9209-4F81-9F6D-D83562940134} (MySpace Uploader Control) - http://lads.myspace.com/upload/MySpaceUploader1006.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://yungyung.spaces.live.com//PhotoU ... nPUpld.cab
O16 - DPF: {55027008-315F-4F45-BBC3-8BE119764741} (Slide Image Uploader Control) - http://static.slide.com/uploader/SlideImageUploader.cab
O16 - DPF: {5C051655-FCD5-4969-9182-770EA5AA5565} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/So ... b56986.cab
O16 - DPF: {5C6698D9-7BE4-4122-8EC5-291D84DBD4A0} - http://upload.facebook.com/controls/Fac ... oader3.cab
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/EN-US/a-U ... E_UNO1.cab
O16 - DPF: {5F5F9FB8-878E-4455-95E0-F64B2314288A} (ijjiPlugin2 Class) - http://gamedownload.ijjimax.com/gamedow ... n11USA.cab
O16 - DPF: {5F8469B4-B055-49DD-83F7-62B522420ECC} (Facebook Photo Uploader Control) - http://upload.facebook.com/controls/Fac ... loader.cab
O16 - DPF: {5F8A33E7-6A32-4EE0-887A-134C627CB052} (Easy Upload Tool Combo Control) - http://hpyung.myphotoalbum.com/EasyUploadTool.cab
O16 - DPF: {67A5F8DC-1A4B-4D66-9F24-A704AD929EEE} (System Requirements Lab) - http://www.nvidia.com/content/DriverDow ... eqlab2.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftup ... 4359479312
O16 - DPF: {7E980B9B-8AE5-466A-B6D6-DA8CF814E78A} (MJLauncherCtrl Class) - http://zone.msn.com/bingame/chnz/defaul ... uncher.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Me ... b31267.cab
O16 - DPF: {92E82FBB-DA00-41E0-ABFE-95482E21A4F6} (NMTransX Module) - http://download.netmarble.net/NMChatX/NMTransX.cab
O16 - DPF: {A4508A45-F1C4-40F3-99B4-0CA08AC77E3B} (Kdfense8 Control) - http://download.netmarble.net/kdefence/kdfense8237.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://cdn2.zone.msn.com/binFramework/v ... b56649.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Me ... b56907.cab
O16 - DPF: {C52439A0-2693-4E40-B141-9F9AD5257241} (Lexmark eDiagnostics Class) - https://ediagnostics.lexmark.com/serval.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/s ... wflash.cab
O16 - DPF: {D6E7CFB5-C074-4D1C-B647-663D1A8D96BF} (Facebook Photo Uploader 4) - http://upload.facebook.com/controls/Fac ... der4_5.cab
O16 - DPF: {DB7BF79A-FC51-4B5A-92BC-A65731174380} (InstantAction Game Launcher) - http://www.instantaction.com/download/iaplayer.cab
O16 - DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} -
O16 - DPF: {E9A7F56F-C40F-4928-8C6F-7A72F2A25222} (AxRUploadControl Object) - http://www.imagestation.com/common/clas ... v=1,0,0,37
O16 - DPF: {F127B9BA-89EA-4B04-9C67-2074A9DF61FD} (Photo Upload Plugin Class) - http://costco.pnimedia.com/upload/activ ... .0.0.9.cab?
O16 - DPF: {F137B9BA-89EA-4B04-9C67-2074A9DF61FD} (Photo Upload Plugin Class) - http://costco.pnimedia.com/upload/activ ... 0.0.11.cab?
O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/Mi ... b56986.cab
O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/So ... b31267.cab
O16 - DPF: {F7EDBBEA-1AD2-4EBF-AA07-D453CC29EE65} (Flash Casino Helper Control) - https://plugins.valueactive.eu/flashax/iefax.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.EXE
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: Pure Networks Net2Go Service (nmraapache) - Pure Networks, Inc. - C:\Program Files\Pure Networks\Network Magic\WebServer\bin\nmraapache.exe
O23 - Service: Pure Networks Platform Service (nmservice) - Pure Networks, Inc. - C:\Program Files\Common Files\Pure Networks Shared\Platform\nmsrvc.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: PnkBstrB - Unknown owner - C:\WINDOWS\system32\PnkBstrB.exe
O23 - Service: ServiceLayer - Nokia. - D:\Program Files\Nokia\PC Connectivity Solution\ServiceLayer.exe

--
End of file - 16683 bytes


And this the the Combo Fix log:

ComboFix 09-07-22.05 - Doris 2/2009 Wed 23:41.4.2 - NTFSx86 MINIMAL
Microsoft Windows XP Home Edition 5.1.2600.3.950.886.1033.18.2047.1676 [GMT -7:00]
執行位置: c:\documents and settings\Doris\Desktop\ComboFix.exe
AV: avast! antivirus 4.8.1335 [VPS 090722-0] *On-access scanning disabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}

注意 - 這台電腦沒有安裝恢復控制台 ！！
.

((((((((((((((((((((((((((((((((((((((( 被刪除的檔案 )))))))))))))))))))))))))))))))))))))))))))))))))
.

.
((((((((((((((((((((((((((((((((((((((( 驅動/服務 )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_SYMAVC32
-------\Service_symavc32
-------\Service_WinDriver


((((((((((((((((((((((((( 2009-06-23 至 2009-07-23 的新的檔案 )))))))))))))))))))))))))))))))
.

2009-07-15 22:31 . 2009-02-18 23:43 188416 ----a-w- c:\documents and settings\pris`pris\Application Data\Mozilla\Firefox\Profiles\2qyuxlbc.default\extensions\{93ed9dfe-1cdd-4b73-840b-22051ad9955b}\components\dsaudioEx.dll
2009-07-15 22:31 . 2009-02-18 18:59 98304 ----a-w- c:\documents and settings\pris`pris\Application Data\Mozilla\Firefox\Profiles\2qyuxlbc.default\extensions\{93ed9dfe-1cdd-4b73-840b-22051ad9955b}\components\dsaudio.dll
2009-07-15 22:31 . 2009-02-12 20:02 28672 ----a-w- c:\documents and settings\pris`pris\Application Data\Mozilla\Firefox\Profiles\2qyuxlbc.default\extensions\{93ed9dfe-1cdd-4b73-840b-22051ad9955b}\components\nsDES.dll
2009-07-15 22:31 . 2009-02-12 19:52 90112 ----a-w- c:\documents and settings\pris`pris\Application Data\Mozilla\Firefox\Profiles\2qyuxlbc.default\extensions\{93ed9dfe-1cdd-4b73-840b-22051ad9955b}\components\nsDESEx.dll
2009-07-07 23:55 . 2009-07-07 23:55 41808 ----a-w- c:\windows\system32\xfcodec.dll
2009-06-28 08:23 . 2009-06-28 08:23 56 ---ha-w- c:\windows\system32\ezsidmv.dat
2009-06-28 08:23 . 2009-07-19 07:52 -------- d-----w- c:\documents and settings\User\Application Data\skypePM
2009-06-28 08:17 . 2009-07-19 08:56 -------- d-----w- c:\documents and settings\User\Application Data\Skype
2009-06-28 08:16 . 2009-06-28 08:16 -------- d-----w- c:\program files\Common Files\Skype
2009-06-28 08:16 . 2009-06-28 08:16 -------- d-----r- c:\program files\Skype

.
(((((((((((((((((((((((((((((((((((((((( 在三個月內被修改的檔案 ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-07-23 05:54 . 2009-01-15 16:38 -------- d-----w- c:\documents and settings\Doris\Application Data\881903
2009-07-23 03:37 . 2006-07-23 23:22 -------- d--h--w- c:\program files\InstallShield Installation Information
2009-07-23 03:02 . 2009-05-11 00:46 117760 ----a-w- c:\documents and settings\Kevin\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\UIREPAIR.DLL
2009-07-23 02:18 . 2009-01-07 00:45 -------- d-----w- c:\documents and settings\Kevin\Application Data\881903
2009-07-22 19:28 . 2009-07-22 18:27 0 ----a-w- c:\documents and settings\Kevin\ntuser.tmp
2009-07-22 16:52 . 2009-01-09 21:34 155648 ----a-w- c:\documents and settings\User\Application Data\881903\update\hkUpdate.exe
2009-07-22 16:52 . 2008-04-21 01:33 1145896 ----a-w- c:\documents and settings\pris`pris\Application Data\Real\Update\setup\data\GOOGLE_TOOLBAR\googletoolbarinstaller.exe
2009-07-22 16:52 . 2008-04-21 01:33 13288968 ----a-w- c:\documents and settings\pris`pris\Application Data\Real\Update\setup\data\RealPlayer11GOLD.exe
2009-07-22 16:52 . 2008-04-21 01:33 6871480 ----a-w- c:\documents and settings\pris`pris\Application Data\Real\Update\setup\data\firefoxgoogletoolbarsetup.exe
2009-07-22 16:52 . 2008-04-21 01:32 54816 ----a-w- c:\documents and settings\pris`pris\Application Data\Real\Update\setup\schedule.exe
2009-07-22 16:52 . 2008-04-21 01:32 353840 ----a-w- c:\documents and settings\pris`pris\Application Data\Real\Update\setup\setup.exe
2009-07-22 16:52 . 2007-11-17 21:19 1214488 ----a-w- c:\documents and settings\pris`pris\Application Data\Macromedia\Flash Player\www.macromedia.com\bin\fpupdateax\fpupdateax.exe
2009-07-22 16:52 . 2009-01-09 21:34 163840 ----a-w- c:\documents and settings\pris`pris\Application Data\881903\update\hkUpdate.exe
2009-07-22 16:51 . 2008-12-15 19:30 1484296 ---ha-w- c:\documents and settings\Kevin\Application Data\netmarble\NMWizard24.exe
2009-07-22 16:51 . 2008-06-27 14:59 4874240 ----a-w- c:\documents and settings\Kevin\Application Data\GarageGames\IAPlayer\products\www_instantaction_com\102\install\Legions.exe
2009-07-22 16:51 . 2007-09-04 21:46 921600 ----a-w- c:\documents and settings\Kevin\Application Data\ijjigame\ijjistarter2.exe
2009-07-22 16:51 . 2008-03-21 15:24 2629632 ----a-w- c:\documents and settings\Kevin\Application Data\GarageGames\IAPlayer\products\7000\install\Zap.exe
2009-07-22 16:51 . 2008-05-21 03:22 3477504 ----a-w- c:\documents and settings\Kevin\Application Data\GarageGames\IAPlayer\products\103\install\bb\Rokkitball.exe
2009-07-22 16:51 . 2008-03-21 14:49 4227072 ----a-w- c:\documents and settings\Kevin\Application Data\GarageGames\IAPlayer\products\101\install\tt\ThinkTanks.exe
2009-07-22 16:51 . 2009-01-09 21:34 155648 ----a-w- c:\documents and settings\Kevin\Application Data\881903\update\hkUpdate.exe
2009-07-22 14:56 . 2007-02-05 06:24 21277080 ----a-w- c:\documents and settings\Doris\Application Data\Adobe\Acrobat\7.0\Updater\AdbeRdr709_en_US.exe
2009-07-22 14:56 . 2009-01-09 21:34 155648 ----a-w- c:\documents and settings\Doris\Application Data\881903\update\hkUpdate.exe
2009-07-22 14:56 . 2009-02-18 22:13 14579000 ----a-w- c:\documents and settings\All Users\Application Data\Pure Networks\Setup\nmsetup.exe
2009-07-22 14:56 . 2008-10-06 06:45 3181612 ----a-w- c:\documents and settings\All Users\Application Data\Installations\{17BD85F9-3B88-4C85-BB47-4AB8DD68F8BB}\Installer\CommonCustomActions\vcredistExec.exe
2009-07-22 14:56 . 2008-06-28 23:44 159744 ----a-w- c:\documents and settings\All Users\Application Data\NexonUS\NGM\NGM.exe
2009-07-22 14:56 . 2007-07-04 00:15 72704 ----atw- c:\documents and settings\All Users\Application Data\Mozilla\Firefox Extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\uninstaller.exe
2009-07-22 14:55 . 2008-10-06 06:57 23702368 ----a-w- c:\documents and settings\All Users\Application Data\Installations\{17BD85F9-3B88-4C85-BB47-4AB8DD68F8BB}\NokiaSoftwareUpdaterSetup_zh_hk.exe
2009-07-22 14:55 . 2008-10-06 06:45 36864 ----a-w- c:\documents and settings\All Users\Application Data\Installations\{17BD85F9-3B88-4C85-BB47-4AB8DD68F8BB}\Installer\CommonCustomActions\Sleep.exe
2009-07-22 14:55 . 2008-10-06 06:45 23690528 ----a-w- c:\documents and settings\All Users\Application Data\Installations\{17BD85F9-3B88-4C85-BB47-4AB8DD68F8BB}\NokiaSoftwareUpdaterSetup_1.4.56EN_US.exe
2009-07-22 14:55 . 2008-12-02 07:47 3181612 ----a-w- c:\documents and settings\All Users\Application Data\Installations\{0332234E-09D1-4B74-A5F3-73E34BA29F5B}\Installer\CommonCustomActions\vcredistExec.exe
2009-07-22 14:55 . 2008-12-02 07:47 24679912 ----a-w- c:\documents and settings\All Users\Application Data\Installations\{0332234E-09D1-4B74-A5F3-73E34BA29F5B}\NokiaSoftwareUpdaterSetup_1.4.64EN_US.exe
2009-07-22 14:55 . 2008-12-02 07:47 36864 ----a-w- c:\documents and settings\All Users\Application Data\Installations\{0332234E-09D1-4B74-A5F3-73E34BA29F5B}\Installer\CommonCustomActions\Sleep.exe
2009-07-22 14:55 . 2008-06-20 23:26 2246144 ----a-w- c:\documents and settings\All Users\Application Data\id Software\QuakeLive\pbsvc.exe
2009-07-22 02:14 . 2009-02-17 01:20 -------- d-----w- c:\program files\Microsoft Silverlight
2009-07-20 08:39 . 2007-09-04 20:59 -------- d-s---w- c:\program files\Xfire
2009-07-20 07:21 . 2008-07-23 23:33 -------- d-----w- c:\documents and settings\Kevin\Application Data\uTorrent
2009-07-20 05:20 . 2007-11-25 16:45 -------- d-----w- c:\program files\SUPERAntiSpyware
2009-07-20 05:15 . 2007-09-04 20:59 -------- d-----w- c:\documents and settings\Kevin\Application Data\Xfire
2009-07-15 22:31 . 2008-06-24 22:06 -------- d-----w- c:\documents and settings\pris`pris\Application Data\881903
2009-07-15 22:29 . 2006-09-12 02:59 -------- d-----w- c:\program files\Messenger Plus! Live
2009-07-12 09:42 . 2009-05-04 01:13 -------- d-----w- c:\program files\PPStream
2009-07-12 09:36 . 2007-05-05 23:45 17408 ----a-w- c:\windows\system32\drivers\USBCRFT.SYS
2009-07-12 07:08 . 2009-05-04 01:13 -------- d-----w- c:\documents and settings\User\Application Data\PPStream
2009-06-28 08:16 . 2008-03-17 18:32 -------- d-----w- c:\documents and settings\All Users\Application Data\Skype
2009-06-23 02:43 . 2006-08-02 05:53 96576 ----a-w- c:\documents and settings\pris`pris\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-06-19 04:17 . 2007-12-08 22:06 22328 ----a-w- c:\windows\system32\drivers\PnkBstrK.sys
2009-06-19 04:17 . 2007-12-08 22:06 103736 ----a-w- c:\windows\system32\PnkBstrB.exe
2009-06-19 04:00 . 2009-06-19 04:00 -------- d-----w- c:\documents and settings\All Users\Application Data\Logitech
2009-06-19 04:00 . 2006-07-25 05:57 -------- d-----w- c:\program files\Common Files\Logitech
2009-06-19 04:00 . 2006-07-25 05:57 -------- d-----w- c:\program files\Logitech
2009-06-19 03:07 . 2009-06-19 03:07 -------- d-----w- c:\program files\QuickTime
2009-06-19 03:07 . 2006-08-05 07:41 -------- d-----w- c:\documents and settings\All Users\Application Data\Apple Computer
2009-06-19 03:05 . 2009-06-19 03:05 -------- d-----w- c:\program files\Apple Software Update
2009-06-19 03:05 . 2009-06-19 03:05 -------- d-----w- c:\documents and settings\All Users\Application Data\Apple
2009-06-18 23:25 . 2009-03-12 19:31 117760 ----a-w- c:\documents and settings\Doris\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\UIREPAIR.DLL
2009-06-16 14:36 . 2004-08-04 12:00 81920 ----a-w- c:\windows\system32\fontsub.dll
2009-06-16 14:36 . 2004-08-04 12:00 119808 ----a-w- c:\windows\system32\t2embed.dll
2009-06-12 06:53 . 2006-07-23 23:16 96576 ----a-w- c:\documents and settings\User\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-06-12 01:58 . 2006-07-31 00:53 96576 ----a-w- c:\documents and settings\Kevin\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-06-11 21:09 . 2006-07-31 15:50 96576 ----a-w- c:\documents and settings\Doris\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-06-10 23:47 . 2007-02-12 17:22 -------- d-----w- c:\program files\Java
2009-06-10 23:47 . 2009-06-10 23:47 152576 ----a-w- c:\documents and settings\Doris\Application Data\Sun\Java\jre1.6.0_14\lzma.dll
2009-06-10 21:48 . 2009-06-10 21:48 -------- d-----w- c:\documents and settings\All Users\Application Data\FLEXnet
2009-06-10 21:41 . 2009-06-10 21:41 -------- d-----w- c:\program files\Bonjour
2009-06-10 21:41 . 2006-07-29 00:51 -------- d-----w- c:\program files\Common Files\Adobe
2009-06-10 21:31 . 2009-06-10 21:31 -------- d-----w- c:\program files\Common Files\Macrovision Shared
2009-06-03 19:09 . 2004-08-04 12:00 1291264 ----a-w- c:\windows\system32\quartz.dll
2009-05-30 19:33 . 2009-03-30 01:34 -------- d-----w- c:\program files\Windows Live Safety Center
2009-05-24 15:28 . 2009-05-24 14:36 -------- d-----w- c:\documents and settings\Kevin\Application Data\Download Manager
2009-05-24 04:31 . 2009-05-03 18:43 43520 ----a-w- c:\windows\system32\CmdLineExt03.dll
2009-05-21 18:33 . 2008-12-01 23:57 410984 ----a-w- c:\windows\system32\deploytk.dll
2009-05-11 02:58 . 2009-05-11 02:56 27997 ----a-w- c:\windows\scunin.dat
2009-05-11 02:58 . 2009-05-11 02:56 967 ----a-w- c:\windows\ScUnin.pif
2009-05-11 02:58 . 2009-05-11 02:56 94208 ----a-w- c:\windows\ScUnin.exe
2009-05-07 15:32 . 2004-08-04 12:00 345600 ----a-w- c:\windows\system32\localspl.dll
2009-04-29 04:56 . 2004-08-04 12:00 827392 ----a-w- c:\windows\system32\wininet.dll
2009-04-29 04:55 . 2004-08-04 12:00 78336 ----a-w- c:\windows\system32\ieencode.dll
2004-10-01 22:00 . 2006-07-25 01:47 40960 ----a-w- c:\program files\Uninstall_CDS.exe
2003-12-18 19:33 . 2007-06-17 15:18 20102 ----a-w- c:\program files\Readme.txt
2003-09-03 15:46 . 2007-06-17 15:18 10960 ----a-w- c:\program files\EULA.txt
2001-06-20 23:19 . 2001-06-19 23:34 40960 ----a-w- c:\program files\ACMonitor_X83.exe
2009-07-22 18:33 . 2008-12-23 18:44 134648 ----a-w- c:\program files\mozilla firefox\components\brwsrcmp.dll
2009-01-27 01:34 . 2009-01-27 01:34 1044480 ----a-w- c:\program files\mozilla firefox\plugins\libdivx.dll
2009-01-27 01:34 . 2009-01-27 01:34 200704 ----a-w- c:\program files\mozilla firefox\plugins\ssldivx.dll
.

((((((((((((((((((((((((((((((((((((( 重要登入點 ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*注意* 空白與合法缺省登錄將不會被顯示
REGEDIT4

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\1TortoiseNormal]
@="{C5994560-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994560-53D9-4125-87C9-F193FC689CB2}]
2008-01-17 01:52 80384 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\2TortoiseModified]
@="{C5994561-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994561-53D9-4125-87C9-F193FC689CB2}]
2008-01-17 01:52 80384 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\3TortoiseConflict]
@="{C5994562-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994562-53D9-4125-87C9-F193FC689CB2}]
2008-01-17 01:52 80384 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\4TortoiseLocked]
@="{C5994563-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994563-53D9-4125-87C9-F193FC689CB2}]
2008-01-17 01:52 80384 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\5TortoiseReadOnly]
@="{C5994564-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994564-53D9-4125-87C9-F193FC689CB2}]
2008-01-17 01:52 80384 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\6TortoiseDeleted]
@="{C5994565-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994565-53D9-4125-87C9-F193FC689CB2}]
2008-01-17 01:52 80384 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\7TortoiseAdded]
@="{C5994566-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994566-53D9-4125-87C9-F193FC689CB2}]
2008-01-17 01:52 80384 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\8TortoiseIgnored]
@="{C5994567-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994567-53D9-4125-87C9-F193FC689CB2}]
2008-01-17 01:52 80384 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\9TortoiseUnversioned]
@="{C5994568-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994568-53D9-4125-87C9-F193FC689CB2}]
2008-01-17 01:52 80384 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"msnmsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2009-02-07 3885408]
"MSMSGS"="c:\program files\Messenger\msmsgs.exe" [2008-04-14 1695232]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-06-17 68856]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"UserFaultCheck"="c:\windows\system32\dumprep 0 -u" [X]
"IMJPMIG8.1"="c:\windows\IME\imjp8_1\IMJPMIG.EXE" [2004-08-04 208952]
"PHIME2002ASync"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-08-04 455168]
"PHIME2002A"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-08-04 455168]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2009-02-18 13680640]
"RemoteControl"="c:\program files\CyberLink DVD Solution\PowerDVD\PDVDServ.exe" [2004-11-03 32768]
"LVCOMS"="c:\program files\Common Files\Logitech\QCDriver\LVCOMS.EXE" [2001-09-24 98304]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2006-08-04 180269]
"Adobe Photo Downloader"="c:\program files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe" [2005-06-07 57344]
"tsnp2std"="c:\windows\tsnp2std.exe" [2006-06-19 262144]
"snp2std"="c:\windows\vsnp2std.exe" [2006-05-15 675840]
"PrinTray"="c:\windows\System32\spool\DRIVERS\W32X86\3\printray.exe" [2001-10-25 36864]
"PaperPort PTD"="c:\program files\ScanSoft\PaperPort\pptd40nt.exe" [2007-01-30 30248]
"IndexSearch"="c:\program files\ScanSoft\PaperPort\IndexSearch.exe" [2007-01-30 46632]
"PPort11reminder"="c:\program files\ScanSoft\PaperPort\Ereg\Ereg.exe" [2007-02-01 255528]
"BrMfcWnd"="c:\program files\Brother\Brmfcmon\BrMfcWnd.exe" [2007-03-23 663552]
"ControlCenter3"="c:\program files\Brother\ControlCenter3\brctrcen.exe" [2007-01-26 65536]
"PPHIDPAD"="c:\winpenjr\Win32\pphidpad.exe" [2001-10-02 45056]
"sclauncher"="d:\program files\SimpleCenter\bin\win\sclauncher.exe" [2007-10-12 94208]
"avast!"="c:\progra~1\ALWILS~1\Avast4\ashDisp.exe" [2009-02-05 81000]
"nmctxth"="c:\program files\Common Files\Pure Networks Shared\Platform\nmctxth.exe" [2008-05-16 648504]
"nmapp"="c:\program files\Pure Networks\Network Magic\nmapp.exe" [2008-05-22 451896]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-05-21 148888]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2009-05-27 413696]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-10-15 39792]
"nwiz"="nwiz.exe" - c:\windows\system32\nwiz.exe [2009-02-18 1657376]
"RTHDCPL"="RTHDCPL.EXE" - c:\windows\RTHDCPL.EXE [2005-04-26 14370816]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"RunNarrator"="Narrator.exe" - c:\windows\system32\narrator.exe [2008-04-14 53760]

c:\documents and settings\Kevin\Start Menu\Programs\Startup\
Xfire.lnk - c:\program files\Xfire\xfire.exe [2009-7-7 3190096]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-21 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon]
"UIHost"=hex(2):25,53,79,73,74,65,6d,52,6f,6f,74,25,5c,73,79,73,74,65,6d,33,32,\

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2008-12-31 03:12 356352 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.DLL

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Gamma Loader.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Adobe Gamma Loader.lnk
backup=c:\windows\pss\Adobe Gamma Loader.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Nokia Nseries PC Suite.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Nokia Nseries PC Suite.lnk
backup=c:\windows\pss\Nokia Nseries PC Suite.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^ymetray.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\ymetray.lnk
backup=c:\windows\pss\ymetray.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^User^Start Menu^Programs^Startup^PPS.lnk]
path=c:\documents and settings\User\Start Menu\Programs\Startup\PPS.lnk
backup=c:\windows\pss\PPS.lnkStartup

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"UpdatesDisableNotify"=dword:00000001
"AntiVirusOverride"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\BitComet\\BitComet.exe"=
"c:\\WINDOWS\\system32\\fxsclnt.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\LimeWire\\LimeWire.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"f:\\Program Files\\BitComet\\BitComet.exe"=
"c:\\WINDOWS\\system32\\dpvsetup.exe"=
"c:\\Program Files\\Xfire\\xfire.exe"=
"c:\\Program Files\\VideoLAN\\VLC\\vlc.exe"=
"c:\\Program Files\\Paltalk Messenger\\paltalk.exe"=
"c:\\WINDOWS\\system32\\dpnsvr.exe"=
"c:\\Program Files\\Yahoo!\\Yahoo! Music Jukebox\\YahooMusicEngine.exe"=
"d:\\THQ\\Dawn Of War\\W40kWA.exe"=
"c:\\Documents and Settings\\Kevin\\Local Settings\\Application Data\\Xenocode\\ApplianceCaches\\KumaClient.exe_v60664C46\\Native\\STUBEXE\\@APPDIR@\\Kuma.exe"=
"c:\\Documents and Settings\\Kevin\\Local Settings\\Application Data\\Xenocode\\ApplianceCaches\\KumaClient.exe_v60664C46\\Native\\STUBEXE\\@APPDIR@\\KumaWar\\KumaWar.exe"=
"d:\\THQ\\Dawn Of War\\W40k.exe"=
"d:\\Spring\\spring.exe"=
"c:\\WINDOWS\\system32\\PnkBstrA.exe"=
"c:\\WINDOWS\\system32\\PnkBstrB.exe"=
"d:\\Spring\\TASClient.exe"=
"c:\\Program Files\\881903\\IETOOLBAR\\AudioUpdMgr.exe"=
"c:\\Documents and Settings\\All Users\\Application Data\\NexonUS\\NGM\\NGM.exe"=
"c:\\Program Files\\Bootfighter Windom XP sp-2.NET\\Server.exe"=
"d:\\uTorrent.exe"=
"d:\\THQ\\Dawn of War - Dark Crusade\\DoWModDCpro.exe"=
"c:\\Program Files\\Common Files\\Nokia\\Service Layer\\A\\nsl_host_process.exe"=
"c:\\Program Files\\Nokia\\Nokia Software Updater\\nsu_ui_client.exe"=
"d:\\Soldier of Fortune II - Double Helix\\SoF2MP.exe"=
"d:\\Program Files\\CrosuS\\CrosuSApp.exe"=
"d:\\paltalk.exe"=
"d:\\Spring\\SpringDownloader.exe"=
"d:\\Valve\\Steam\\SteamApps\\atgod728\\half-life 2 deathmatch\\hl2.exe"=
"d:\\Valve\\Steam\\SteamApps\\atgod728\\source sdk base\\hl2.exe"=
"d:\\Valve\\Steam\\SteamApps\\atgod728\\counter-strike source\\hl2.exe"=
"d:\\Valve\\Steam\\SteamApps\\atgod728\\eternal-silence\\hl2.exe"=
"d:\\Program Files\\Wolfenstein - Enemy Territory\\ET.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=
"c:\\Program Files\\Windows Live\\Sync\\WindowsLiveSync.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"d:\\Program Files\\SimpleCenter\\Home Media Server.exe"=
"c:\\Picture This Home\\Kitchen\\Kitchen.exe"=
"c:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"d:\\Valve\\Steam\\Steam.exe"=
"d:\\Valve\\Steam\\SteamApps\\atgod728\\source sdk base 2007\\hl2.exe"=
"c:\\Program Files\\PPStream\\PPStream.exe"=
"c:\\Program Files\\PPStream\\PPSAP.exe"=
"d:\\Valve\\Steam\\SteamApps\\atgod728\\team fortress 2\\hl2.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"27702:TCP"= 27702:TCP:BitComet 27702 TCP
"27702:UDP"= 27702:UDP:BitComet 27702 UDP
"22438:TCP"= 22438:TCP:BitComet 22438 TCP
"22438:UDP"= 22438:UDP:BitComet 22438 UDP
"13799:TCP"= 13799:TCP:BitComet 13799 TCP
"13799:UDP"= 13799:UDP:BitComet 13799 UDP
"67:UDP"= 67:UDP:DHCP Discovery Service
"7603:TCP"= 7603:TCP:BitComet 7603 TCP
"7603:UDP"= 7603:UDP:BitComet 7603 UDP

S1 aswSP;avast! Self Protection;c:\windows\system32\drivers\aswSP.sys [12/29/2008 2:21 PM 114768]
S1 ppmoucls;ppmoucls;c:\windows\system32\drivers\PPMOUCLS.SYS [8/17/2006 5:05 PM 20704]
S1 pptchpad;PenPower Touchpad;c:\windows\system32\drivers\PPTCHPD5.SYS [11/23/2008 4:56 PM 17216]
S1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV.SYS [10/10/2006 2:53 PM 9968]
S1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [2/27/2007 1:39 PM 55024]
S2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [12/29/2008 2:21 PM 20560]
S2 BulkUsb;Genesys Logic USB Scanner Controller NT 5.0;c:\windows\system32\drivers\usbscan.sys [7/24/2006 8:33 PM 15104]
S2 fssfltr;FssFltr;c:\windows\system32\drivers\fssfltr_tdi.sys [3/12/2009 6:39 PM 55152]
S3 asbp2poa;asbp2poa;\??\c:\docume~1\Kevin\LOCALS~1\Temp\asbp2poa.sys --> c:\docume~1\Kevin\LOCALS~1\Temp\asbp2poa.sys [?]
S3 CardReaderFilter;Card Reader Filter;c:\windows\system32\drivers\USBCRFT.SYS [5/5/2007 4:45 PM 17408]
S3 fsssvc;Windows Live Family Safety;c:\program files\Windows Live\Family Safety\fsssvc.exe [2/6/2009 6:08 PM 533360]
S3 SASENUM;SASENUM;c:\program files\SUPERAntiSpyware\SASENUM.SYS [2/16/2006 6:51 PM 4096]
.
‘計劃任務’ 文件夾 裡的內容

2009-06-19 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 19:34]

2009-07-22 c:\windows\Tasks\User_Feed_Synchronization-{E1F47B19-0106-4F57-884C-0D1A1B6D3E54}.job
- c:\windows\system32\msfeedssync.exe [2006-10-17 20:58]
.
- - - - ORPHANS REMOVED - - - -

BHO-{1b31f7dc-cbf8-443c-8201-58c5f9dec9b7} - (no file)
BHO-{1fa2a215-1942-4502-b17f-4b160a3dff58} - (no file)
HKCU-Run-creative blue - c:\docume~1\Doris\APPLIC~1\IDOLNE~1\htm blah.exe
HKLM-Run-CPM87925875 - c:\windows\system32\dijanumo.dll
HKLM-Run-Launch LCDMon - c:\program files\Common Files\Logitech\LCD Manager\lcdmon.exe
Notify-xxyxXRkh - xxyxXRkh.dll
SafeBoot-AVG Anti-Spyware Driver
SafeBoot-AVG Anti-Spyware Guard


.
------- 而外的掃描 -------
.
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: &Windows Live Search - c:\program files\Windows Live Toolbar\msntb.dll/search.htm
IE: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
DPF: {00001025-A15C-11D4-97A4-0050BF0FBE67} - hxxp://download.netmarble.net/web/nmsta ... rter25.cab
DPF: {5F8A33E7-6A32-4EE0-887A-134C627CB052} - hxxp://hpyung.myphotoalbum.com/EasyUploadTool.cab
DPF: {92E82FBB-DA00-41E0-ABFE-95482E21A4F6} - hxxp://download.netmarble.net/NMChatX/NMTransX.cab
DPF: {A4508A45-F1C4-40F3-99B4-0CA08AC77E3B} - hxxp://download.netmarble.net/kdefence/kdfense8237.cab
DPF: {F7EDBBEA-1AD2-4EBF-AA07-D453CC29EE65} - hxxps://plugins.valueactive.eu/flashax/iefax.cab
FF - ProfilePath - c:\documents and settings\Doris\Application Data\Mozilla\Firefox\Profiles\l56nal2h.default\
FF - plugin: c:\documents and settings\All Users\Application Data\id Software\QuakeLive\npquakezero.dll
FF - plugin: c:\documents and settings\All Users\Application Data\NexonUS\NGM\npNxGameUS.dll
FF - plugin: c:\program files\Microsoft\Office Live\npOLW.dll
FF - plugin: c:\program files\Unity\WebPlayer\loader\npUnity3D32.dll
FF - plugin: c:\program files\Windows Live\Photo Gallery\NPWLPG.dll
FF - plugin: d:\program files\Download Manager\npfpdlm.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-07-22 23:49
Windows 5.1.2600 Service Pack 3 NTFS

掃描被隱藏的進程 ...

掃描被隱藏的啟動組 ...

掃描被隱藏的文件 ...

掃描完成
被隱藏的檔案: 0

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_LOCAL_MACHINE\software\Classes\N*e*r*o*lxKa\DefaultIcon]
@="c:\\PROGRA~1\\Ahead\\nero\\nero.exe,14"

[HKEY_LOCAL_MACHINE\software\Classes\N*e*r*o*lxKa\shell\open\command]
@="c:\\PROGRA~1\\Ahead\\nero\\nero.exe \"%1\""

[HKEY_LOCAL_MACHINE\software\Classes\N*e*r*o*lxKa\shell\print\command]
@="c:\\PROGRA~1\\Ahead\\nero\\nero.exe /p \"%1\""

[HKEY_LOCAL_MACHINE\software\Classes\N*e*r*o*lxKa\shell\printto\command]
@="c:\\PROGRA~1\\Ahead\\nero\\nero.exe /pt \"%1\" \"%2\" \"%3\" \"%4\""
.
--------------------- 運行進程下的動態鏈接庫 ---------------------

- - - - - - - > 'winlogon.exe'(236)
c:\program files\SUPERAntiSpyware\SASWINLO.DLL
c:\windows\system32\sirenacm.dll

- - - - - - - > 'explorer.exe'(1544)
c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
d:\program files\TortoiseSVN\bin\TortoiseStub.dll
d:\program files\TortoiseSVN\bin\TortoiseSVN.dll
d:\program files\TortoiseSVN\bin\intl3_tsvn.dll
c:\progra~1\WINDOW~2\wmpband.dll
.
完成時間: 2009-07-23 23:55
ComboFix-quarantined-files.txt 2009-07-23 06:55

Pre-Run: 46,284,488,704 bytes free
Post-Run: 46,265,217,024 bytes free

363 --- E O F --- 2009-07-21 22:55

[MWR 3 day Mod]

Hi,

We are sorry to see your topic is over three days old and no one has yet been able to respond and offer help.

If you still require assistance, please post a link to your topic in our Waiting for help with malware removal? forum, and our staff will make an effort to assist you as promptly as possible. Only post a LINK to this topic, DO NOT post your DDS log!

Please do not reply to this topic.

If you haven't posted within two days in the "Waiting for help with malware removal?" forum, we will assume you have been able to get assistance in other ways and this topic will be closed.

[Shaba]

Due to lack of response this topic is now closed.

If you still require help, please open a new thread in the Infected? Virus, malware, adware, ransomware, oh my! forum, include a fresh FRST log, and wait for a new helper.