Got infected, WIN32/Agent.DT trojan, please see hijackThis

[digo]

Hi, I am new in this forum. My computer keep showing it got infected of WIN32/Agent.DT trojan. It keep poping up the virus warning windows. Please help!


Logfile of Trend Micro HijackThis v2.0.3 (BETA)
Scan saved at 下午 11:21:25, on 2009/12/30
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\brss01a.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Symantec AntiVirus\DefWatch.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\Program Files\Eset\nod32krn.exe
C:\WINDOWS\system32\nutsrv4.exe
C:\PROGRA~1\PANASO~1\LocalCom\lmsrvnt.exe
C:\PROGRA~1\PANASO~1\TRAPMO~1\Trapmnnt.exe
C:\Program Files\CyberLink\Shared Files\RichVideo.exe
C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
C:\Program Files\Common Files\SafeNet Sentinel\Sentinel Keys Server\sntlkeyssrvr.exe
C:\Program Files\Common Files\SafeNet Sentinel\Sentinel Protection Server\WinNT\spnsrvnt.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Symantec AntiVirus\Rtvscan.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\PROGRA~1\MKSTOO~1\bin\snmptrapd.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\PROGRA~1\SYMANT~1\VPTray.exe
C:\WINDOWS\AGRSMMSG.exe
C:\Program Files\Common Files\Logitech\QCDriver3\LVCOMS.EXE
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\CyberLink\PCM4Everio\EverioService.exe
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\Program Files\Panasonic\Device Monitor\dmwakeup.exe
C:\Program Files\Panasonic\MFStation\PCCMFSDM.exe
C:\Program Files\Panasonic\MFStation\PCMFSMLM.exe
C:\WINDOWS\system32\PCCMFLPD.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Eset\nod32kui.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe
C:\Program Files\ATI Technologies\ATI.ACE\CLI.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\msiexec.exe
C:\Program Files\TrendMicro\HiJackThis\HiJackThis.exe

O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O2 - BHO: AcroIEToolbarHelper Class - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.4.4525.1752\swg.dll
O2 - BHO: MSN Toolbar Helper - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files\MSN\Toolbar\3.0.1125.0\msneshellx.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: (no name) - {92B255FE-94E2-4BCA-958D-3926CE38913F} - (no file)
O3 - Toolbar: MSN Toolbar - {1E61ED7C-7CB8-49d6-B9E9-AB4C880C8414} - C:\Program Files\MSN\Toolbar\3.0.1125.0\msneshellx.dll
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [PHIME2002ASync] "C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE" /SYNC
O4 - HKLM\..\Run: [PHIME2002A] "C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE" /IMEName
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\VPTray.exe
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [StormCodec_Helper] "C:\Program Files\Ringz Studio\Storm Codec\StormSet.exe" /S /opti
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [LVCOMS] "C:\Program Files\Common Files\Logitech\QCDriver3\LVCOMS.EXE"
O4 - HKLM\..\Run: [ISUSPM Startup] "C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [ATIPTA] "C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe"
O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" runtime
O4 - HKLM\..\Run: [NuTCSetupEnviron] C:\PROGRA~1\MKSTOO~1\bin\ncoeenv.exe
O4 - HKLM\..\Run: [EverioService] "C:\Program Files\CyberLink\PCM4Everio\EverioService.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\Ringz Studio\Storm Codec\qttask.exe" -atboottime
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [LanguageShortcut] "C:\Program Files\CyberLink\PowerDVD\Language\Language.exe"
O4 - HKLM\..\Run: [Panasonic Device Monitor Wakeup] C:\Program Files\Panasonic\Device Monitor\dmwakeup.exe
O4 - HKLM\..\Run: [Panasonic Device Manager for Multi-Function Station software] C:\Program Files\Panasonic\MFStation\PCCMFSDM.exe
O4 - HKLM\..\Run: [Panasonic PCFAX for Multi-Function Station software] C:\Program Files\Panasonic\MFStation\KmPcFax.exe -1
O4 - HKLM\..\Run: [Panasonic IP Address Checker for Multi-Function Station software] C:\Program Files\Panasonic\MFStation\PccChgIP.exe -s10
O4 - HKLM\..\Run: [Panasonic LPD Manager] C:\Program Files\Panasonic\MFStation\PCMFSMLM.exe
O4 - HKLM\..\Run: [Google Quick Search Box] "C:\Program Files\Google\Quick Search Box\GoogleQuickSearchBox.exe" /autorun
O4 - HKLM\..\Run: [Microsoft Default Manager] "C:\Program Files\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe" -resume
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [sysgif32] C:\WINDOWS\TEMP\~TMAA.tmp
O4 - HKLM\..\Run: [Pbayojeb] rundll32.exe "C:\WINDOWS\owebocovofama.dll",Startup
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [nod32kui] "C:\Program Files\Eset\nod32kui.exe" /WAITSERVICE
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
O4 - HKCU\..\Run: [Google Update] "C:\Documents and Settings\digo\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" /c
O4 - HKCU\..\Run: [ttool] C:\WINDOWS\srsdllpro.exe
O4 - HKUS\S-1-5-19\..\Run: [ctfmon.exe] C:\WINDOWS\System32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [ctfmon.exe] C:\WINDOWS\System32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [ctfmon.exe] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [ctfmon.exe] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O8 - Extra context menu item: Google 網頁註解... - res://C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_60D6097707281E79.dll/cmsidewiki.html
O8 - Extra context menu item: 匯出至 Microsoft Excel(&X) - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: 厙硊湮 - {1FBA04EE-3024-11D2-8F1F-0000F87ABD18} - http://www.coc.cc (file missing)
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O14 - IERESET.INF: START_PAGE_URL=http://www.google.com
O15 - Trusted Zone: http://*.wintan.com.tw
O15 - ESC Trusted Zone: http://*.update.microsoft.com
O16 - DPF: {1663ed61-23eb-11d2-b92f-008048fdd814} (MeadCo ScriptX Basic) - http://air.south-china.com.tw/ScriptX.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {20C2C286-BDE8-441B-B73D-AFA22D914DA5} (PowerList Control) - http://download.ppstream.com/bin/powerplayer.cab
O16 - DPF: {238F6F83-B8B4-11CF-8771-00A024541EE3} (Citrix ICA Client) - https://houstoncitrix.ryderscott.com...a32/wficac.cab
O16 - DPF: {272B8D21-5304-4529-BD3D-1CF392342F7D} (ICBC XCsp) - https://netbank.megabank.com.tw/natm/ICBCNetATM.CAB
O16 - DPF: {50103E02-7141-40C6-BFC4-15AF3BC7FCCE} (DMBrowser Control) - http://211.78.174.124/cab/DMBrowser.cab
O16 - DPF: {5508547B-4F40-4005-AE0C-343C985DACE1} (WebCamX Control) - http://211.78.174.124/cab/install.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/micr...?1199976159475
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/micr...?1199976138694
O16 - DPF: {8FCF2DC3-50CA-4A38-8A6C-2AE07E7B27B6} (AS2WebCOM.AS2COM002) - https://www.ris.gov.tw/AS2/AS2WebCOM.CAB
O16 - DPF: {917623D1-D8E5-11D2-BE8B-00104B06BDE3} (CamImage Class) - http://211.79.137.213/activex/AxisCamControl.ocx
O16 - DPF: {9DA9F061-B243-11D4-8B44-0000E88F2063} (XMSStockPen Class) - https://etrade.wintan.com.tw/wintan/CA/MSSTOCK.CAB
O16 - DPF: {A8C1E502-4FCF-4AF2-ADDB-ABF540CA5BA7} (XVideoShow Control) - http://www.cwb.gov.tw/V5/information...xVideoShow.cab
O16 - DPF: {C7BD467B-0B38-442F-840F-3F048E7F6005} (RootKeyDistributor Class) - https://idcard.moica.hinet.net/ShopS...CHTPKI_PSE.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/ge...sh/swflash.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\System32\browseui.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\System32\browseui.dll
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: BrSplService (Brother XP spl Service) - brother Industries Ltd - C:\WINDOWS\system32\brsvc01a.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Symantec AntiVirus Definition Watcher (DefWatch) - Symantec Corporation - C:\Program Files\Symantec AntiVirus\DefWatch.exe
O23 - Service: GOCAD - Macrovision Corporation - C:\Program Files\EarthDecision\Licenses\lmgrd.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: HRS License Service - Unknown owner - C:\Program Files\HRS\license manager\lmgrd.exe (file missing)
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: MKS SNMPTRAPD (MKSSNMPTRAPD) - DataFocus, Inc. - C:\PROGRA~1\MKSTOO~1\bin\snmptrapd.exe
O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C:\Program Files\Eset\nod32krn.exe
O23 - Service: NuTCRACKER Service (NuTCRACKERService) - DataFocus, Inc. - C:\WINDOWS\system32\nutsrv4.exe
O23 - Service: Panasonic Local Printer Service - Panasonic Communications Co., Ltd. - C:\PROGRA~1\PANASO~1\LocalCom\lmsrvnt.exe
O23 - Service: Panasonic Trap Monitor Service - Panasonic - C:\PROGRA~1\PANASO~1\TRAPMO~1\Trapmnnt.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe
O23 - Service: ROXAR License Service - Unknown owner - C:\Program Files\ROXAR\FLEXlm 9.2\lmgrd.exe (file missing)
O23 - Service: SAVRoam (SavRoam) - symantec - C:\Program Files\Symantec AntiVirus\SavRoam.exe
O23 - Service: Sentinel Keys Server (SentinelKeysServer) - SafeNet, Inc. - C:\Program Files\Common Files\SafeNet Sentinel\Sentinel Keys Server\sntlkeyssrvr.exe
O23 - Service: Sentinel Protection Server (SentinelProtectionServer) - SafeNet, Inc - C:\Program Files\Common Files\SafeNet Sentinel\Sentinel Protection Server\WinNT\spnsrvnt.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec AntiVirus - Symantec Corporation - C:\Program Files\Symantec AntiVirus\Rtvscan.exe

--
End of file - 14630 bytes

[Train]

Print these instructions out.

NOTE. If any of the programs listed below refuse to run, try renaming executive file to something else; for instance, rename hijackthis.exe to scanner.exe

1. Download SUPERAntiSpyware Free for Home Users:
http://www.superantispyware.com/

* Double-click SUPERAntiSpyware.exe and use the default settings for installation.
* An icon will be created on your desktop. Double-click that icon to launch the program.
* If asked to update the program definitions, click "Yes". If not, update the definitions before scanning by selecting "Check for Updates". (If you encounter any problems while downloading the updates, manually download and unzip them from here: http://www.superantispyware.com/definitions.html.)
* Close SUPERAntiSpyware.

PHYSICALLY DISCONNECT FROM THE INTERNET

Restart computer in Safe Mode.
To enter Safe Mode, restart computer, and keep tapping F8 key, until menu appears; select Safe Mode; you'll see "Safe Mode" in all four corners of your screen

* Open SUPERAntiSpyware.
* Under Configuration and Preferences, click the Preferences button.
* Under [b]General and Startup" tab, make sure, Start SUPERAntiSpyware when Windows starts option is UN-checked.
* Click the Scanning Control tab.
* Under Scanner Options make sure the following are checked (leave all others unchecked):
- Close browsers before scanning.
- Scan for tracking cookies.
- Terminate memory threats before quarantining.
* Click the Close button to leave the control center screen.
* Back on the main screen, under Scan for Harmful Software click Scan your computer.
* On the left, make sure you check C:\Fixed Drive.
* On the right, under Complete Scan, choose Perform Complete Scan.
* Click Next to start the scan. Please be patient while it scans your computer.
* After the scan is complete, a Scan Summary box will appear with potentially harmful items that were detected. Click OK.
* Make sure everything has a checkmark next to it and click Next.
* A notification will appear that Quarantine and Removal is Complete. Click OK and then click the Finish button to return to the main menu.
* If asked if you want to reboot, click Yes.
* To retrieve the removal information after reboot, launch SUPERAntispyware again.
- Click Preferences, then click the Statistics/Logs tab.
- Under Scanner Logs, double-click SUPERAntiSpyware Scan Log.
- If there are several logs, click the current dated log and press View log. A text file will open in your default text editor.
- Please copy and paste the Scan Log results in your next reply.
* Click Close to exit the program.
Post SUPERAntiSpyware log.
NOTE: Tracking cookies can be omitted from the log.

RECONNECT TO THE INTERNET

RESTART COMPUTER!

2. Download Malwarebytes' Anti-Malware: http://www.malwarebytes.org/mbam.php to your desktop.
(Malwarebytes is free to use as a manual scanner. Payment is only required if you wish to have it run and update automatically which is not necessary for our purposes)

* Double-click mbam-setup.exe and follow the prompts to install the program.
* At the end, be sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
* If an update is found, it will download and install the latest version.
* Once the program has loaded, select Perform full scan, then click Scan.
* When the scan is complete, click OK, then Show Results to view the results.
* Be sure that everything is checked, and click Remove Selected.
* When completed, a log will open in Notepad.
* Post the log back here.

The log can also be found here:
C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\log-date.txt
Or at C:\Program Files\Malwarebytes' Anti-Malware\Logs\log-date.txt

RESTART COMPUTER!

3. Download GMER: http://www.gmer.net/files.php, by clicking on Download EXE button.
Alternative downloads:
- http://majorgeeks.com/GMER_d5198.html
- http://www.softpedia.com/get/Interne...ers/GMER.shtml
Double click on downloaded .exe file, select Rootkit tab and click the Scan button..
When scan is completed, click Save button, and save the results as gmer.log
Warning ! Please, do not select the "Show all" checkbox during the scan.
Post the log to your next reply.

RESTART COMPUTER

4. Download, install, and run HijackThis:
http://www.snapfiles.com/get/hijackthis.html
Post HijackThis log.
Do NOT attempt to "fix" anything!


DO NOT make any other changes to your computer (like installing programs, using other cleaning tools, etc.), until it's officially declared clean!!!

(Above layout courtesy of Broni)

[digo]

Hi, Train,

Please see Super Spyware and Malwarebytes log files below! GMER and Hijackthis will be posted in the second reply due to size constraint. Thanks!

=======================================
SUPERAntiSpyware Scan Log
http://www.superantispyware.com

Generated 01/16/2010 at 06:46 AM

Application Version : 4.33.1000

Core Rules Database Version : 4484
Trace Rules Database Version: 2302

Scan type : Complete Scan
Total Scan Time : 07:36:42

Memory items scanned : 219
Memory threats detected : 0
Registry items scanned : 7132
Registry threats detected : 1
File items scanned : 234460
File threats detected : 151

Adware.Tracking Cookie
C:\Documents and Settings\digo\Cookies\[email protected][1].txt
C:\Documents and Settings\digo\Cookies\digo@nextag[1].txt
C:\Documents and Settings\digo\Cookies\digo@revsci[1].txt
C:\Documents and Settings\digo\Cookies\digo@chitika[1].txt
C:\Documents and Settings\digo\Cookies\[email protected][1].txt
C:\Documents and Settings\digo\Cookies\digo@serving-sys[2].txt
C:\Documents and Settings\digo\Cookies\[email protected][1].txt
C:\Documents and Settings\digo\Cookies\digo@adinterax[2].txt
C:\Documents and Settings\digo\Cookies\digo@overture[2].txt
C:\Documents and Settings\digo\Cookies\[email protected][1].txt
C:\Documents and Settings\digo\Cookies\[email protected][1].txt
C:\Documents and Settings\digo\Cookies\digo@atdmt[1].txt
C:\Documents and Settings\digo\Cookies\digo@collective-media[1].txt
C:\Documents and Settings\digo\Cookies\digo@insightexpressai[2].txt
C:\Documents and Settings\digo\Cookies\digo@bizrate[2].txt
C:\Documents and Settings\digo\Cookies\digo@invitemedia[2].txt
C:\Documents and Settings\digo\Cookies\[email protected][1].txt
C:\Documents and Settings\digo\Cookies\[email protected][2].txt
C:\Documents and Settings\digo\Cookies\digo@pointroll[2].txt
C:\Documents and Settings\digo\Cookies\digo@doubleclick[1].txt
C:\Documents and Settings\digo\Cookies\[email protected][1].txt
C:\Documents and Settings\digo\Cookies\digo@2o7[1].txt
C:\Documents and Settings\digo\Cookies\digo@yieldmanager[1].txt
C:\Documents and Settings\digo\Cookies\[email protected][2].txt
C:\Documents and Settings\digo\Cookies\[email protected][3].txt
C:\Documents and Settings\digo\Cookies\digo@thefind[2].txt
C:\Documents and Settings\digo\Cookies\digo@specificmedia[1].txt
C:\Documents and Settings\digo\Cookies\[email protected][1].txt
C:\Documents and Settings\digo\Cookies\[email protected][1].txt
C:\Documents and Settings\digo\Cookies\digo@admarketplace[1].txt
C:\Documents and Settings\digo\Cookies\[email protected][2].txt
C:\Documents and Settings\digo\Cookies\[email protected][2].txt
C:\Documents and Settings\digo\Cookies\digo@247realmedia[1].txt
C:\Documents and Settings\digo\Cookies\[email protected][1].txt
C:\Documents and Settings\digo\Cookies\[email protected][1].txt
C:\Documents and Settings\digo\Cookies\[email protected][1].txt
C:\Documents and Settings\digo\Cookies\[email protected][2].txt
C:\Documents and Settings\digo\Cookies\[email protected][1].txt
C:\Documents and Settings\digo\Cookies\digo@tribalfusion[1].txt
C:\Documents and Settings\digo\Cookies\[email protected][1].txt
C:\Documents and Settings\digo\Cookies\[email protected][2].txt
C:\Documents and Settings\digo\Cookies\digo@statcounter[1].txt
C:\Documents and Settings\digo\Cookies\[email protected][2].txt
C:\Documents and Settings\digo\Cookies\[email protected][1].txt
C:\Documents and Settings\digo\Cookies\digo@apmebf[2].txt
C:\Documents and Settings\digo\Cookies\[email protected][1].txt
C:\Documents and Settings\digo\Cookies\[email protected][4].txt
C:\Documents and Settings\digo\Cookies\digo@specificclick[2].txt
C:\Documents and Settings\digo\Cookies\digo@questionmarket[2].txt
C:\Documents and Settings\digo\Cookies\digo@eyewonder[1].txt
C:\Documents and Settings\digo\Cookies\digo@imrworldwide[2].txt
C:\Documents and Settings\digo\Cookies\digo@adbrite[1].txt
C:\Documents and Settings\digo\Cookies\digo@advertising[1].txt
C:\Documents and Settings\digo\Cookies\digo@interclick[2].txt
C:\Documents and Settings\digo\Cookies\digo@dealtime[1].txt
C:\Documents and Settings\digo\Cookies\[email protected][1].txt
C:\Documents and Settings\digo\Cookies\digo@mediaplex[2].txt
C:\Documents and Settings\digo\Cookies\[email protected][1].txt
C:\Documents and Settings\digo\Cookies\digo@burstnet[2].txt
C:\Documents and Settings\digo\Cookies\digo@fastclick[1].txt
C:\Documents and Settings\digo\Cookies\[email protected][3].txt
C:\Documents and Settings\digo\Cookies\[email protected][1].txt
C:\Documents and Settings\digo\Cookies\[email protected][2].txt
C:\Documents and Settings\digo\Cookies\[email protected][1].txt
C:\Documents and Settings\digo\Cookies\[email protected][2].txt
C:\Documents and Settings\digo\Cookies\digo@discounttire[2].txt
C:\Documents and Settings\digo\Cookies\[email protected][2].txt
C:\Documents and Settings\digo\Cookies\[email protected][2].txt
C:\Documents and Settings\digo\Cookies\[email protected][1].txt
D:\E_drive\users\alnchen\Cookies\alnchen@2o7[2].txt
D:\E_drive\users\alnchen\Cookies\alnchen@atdmt[2].txt
D:\E_drive\users\alnchen\Cookies\alnchen@atwola[2].txt
D:\E_drive\users\alnchen\Cookies\alnchen@bizrate[1].txt
D:\E_drive\users\alnchen\Cookies\[email protected][1].txt
D:\E_drive\users\alnchen\Cookies\alnchen@dealtime[1].txt
D:\E_drive\users\alnchen\Cookies\alnchen@doubleclick[1].txt
D:\E_drive\users\alnchen\Cookies\[email protected][1].txt
D:\E_drive\users\alnchen\Cookies\alnchen@hitbox[2].txt
D:\E_drive\users\alnchen\Cookies\alnchen@maxserving[1].txt
D:\E_drive\users\alnchen\Cookies\alnchen@mediaplex[1].txt
D:\E_drive\users\alnchen\Cookies\alnchen@nextag[1].txt
D:\E_drive\users\alnchen\Cookies\alnchen@questionmarket[1].txt
D:\E_drive\users\alnchen\Cookies\[email protected][1].txt
D:\E_drive\users\alnchen\Cookies\[email protected][1].txt
D:\E_drive\users\alnchen\Cookies\alnchen@sexlist[2].txt
D:\E_drive\users\alnchen\Cookies\[email protected][2].txt
D:\E_drive\users\alnchen\Cookies\[email protected][1].txt
D:\E_drive\users\alnchen\Cookies\alnchen@trafficmp[2].txt
D:\E_drive\users\alnchen\Cookies\alnchen@tribalfusion[1].txt
D:\E_drive\users\alnchen\Cookies\[email protected][2].txt
D:\E_drive\users\alnchen\Cookies\[email protected][1].txt
D:\E_drive\users\alnchen\Cookies\[email protected][1].txt
D:\E_drive\users\alnchen\Internet Settings\Cookies\[email protected][1].txt
D:\E_drive\users\alnchen\Internet Settings\Cookies\alnchen@2o7[1].txt
D:\E_drive\users\alnchen\Internet Settings\Cookies\[email protected][2].txt
D:\E_drive\users\alnchen\Internet Settings\Cookies\[email protected][1].txt
D:\E_drive\users\alnchen\Internet Settings\Cookies\alnchen@adknowledge[2].txt
D:\E_drive\users\alnchen\Internet Settings\Cookies\[email protected][2].txt
D:\E_drive\users\alnchen\Internet Settings\Cookies\alnchen@adrevolver[2].txt
D:\E_drive\users\alnchen\Internet Settings\Cookies\[email protected][2].txt
D:\E_drive\users\alnchen\Internet Settings\Cookies\[email protected][2].txt
D:\E_drive\users\alnchen\Internet Settings\Cookies\[email protected][1].txt
D:\E_drive\users\alnchen\Internet Settings\Cookies\alnchen@advertising[1].txt
D:\E_drive\users\alnchen\Internet Settings\Cookies\alnchen@apmebf[2].txt
D:\E_drive\users\alnchen\Internet Settings\Cookies\alnchen@atdmt[2].txt
D:\E_drive\users\alnchen\Internet Settings\Cookies\alnchen@atwola[2].txt
D:\E_drive\users\alnchen\Internet Settings\Cookies\alnchen@banner[1].txt
D:\E_drive\users\alnchen\Internet Settings\Cookies\alnchen@belnk[1].txt
D:\E_drive\users\alnchen\Internet Settings\Cookies\alnchen@bfast[1].txt
D:\E_drive\users\alnchen\Internet Settings\Cookies\alnchen@bizrate[1].txt
D:\E_drive\users\alnchen\Internet Settings\Cookies\alnchen@burstnet[2].txt
D:\E_drive\users\alnchen\Internet Settings\Cookies\alnchen@casalemedia[2].txt
D:\E_drive\users\alnchen\Internet Settings\Cookies\[email protected][1].txt
D:\E_drive\users\alnchen\Internet Settings\Cookies\alnchen@dealtime[1].txt
D:\E_drive\users\alnchen\Internet Settings\Cookies\[email protected][2].txt
D:\E_drive\users\alnchen\Internet Settings\Cookies\alnchen@doubleclick[1].txt
D:\E_drive\users\alnchen\Internet Settings\Cookies\[email protected][2].txt
D:\E_drive\users\alnchen\Internet Settings\Cookies\[email protected][2].txt
D:\E_drive\users\alnchen\Internet Settings\Cookies\[email protected][1].txt
D:\E_drive\users\alnchen\Internet Settings\Cookies\[email protected][2].txt
D:\E_drive\users\alnchen\Internet Settings\Cookies\[email protected][2].txt
D:\E_drive\users\alnchen\Internet Settings\Cookies\alnchen@hitbox[1].txt
D:\E_drive\users\alnchen\Internet Settings\Cookies\[email protected][1].txt
D:\E_drive\users\alnchen\Internet Settings\Cookies\alnchen@insightexpressai[2].txt
D:\E_drive\users\alnchen\Internet Settings\Cookies\alnchen@mediaplex[10].txt
D:\E_drive\users\alnchen\Internet Settings\Cookies\alnchen@mediaplex[11].txt
D:\E_drive\users\alnchen\Internet Settings\Cookies\alnchen@mediaplex[12].txt
D:\E_drive\users\alnchen\Internet Settings\Cookies\alnchen@mediaplex[1].txt
D:\E_drive\users\alnchen\Internet Settings\Cookies\alnchen@mediaplex[2].txt
D:\E_drive\users\alnchen\Internet Settings\Cookies\alnchen@mediaplex[3].txt
D:\E_drive\users\alnchen\Internet Settings\Cookies\alnchen@mediaplex[4].txt
D:\E_drive\users\alnchen\Internet Settings\Cookies\alnchen@mediaplex[5].txt
D:\E_drive\users\alnchen\Internet Settings\Cookies\alnchen@mediaplex[6].txt
D:\E_drive\users\alnchen\Internet Settings\Cookies\alnchen@mediaplex[7].txt
D:\E_drive\users\alnchen\Internet Settings\Cookies\alnchen@mediaplex[8].txt
D:\E_drive\users\alnchen\Internet Settings\Cookies\alnchen@mediaplex[9].txt
D:\E_drive\users\alnchen\Internet Settings\Cookies\alnchen@nextag[1].txt
D:\E_drive\users\alnchen\Internet Settings\Cookies\[email protected][2].txt
D:\E_drive\users\alnchen\Internet Settings\Cookies\alnchen@overture[1].txt
D:\E_drive\users\alnchen\Internet Settings\Cookies\[email protected][1].txt
D:\E_drive\users\alnchen\Internet Settings\Cookies\alnchen@qksrv[2].txt
D:\E_drive\users\alnchen\Internet Settings\Cookies\alnchen@questionmarket[1].txt
D:\E_drive\users\alnchen\Internet Settings\Cookies\alnchen@realmedia[1].txt
D:\E_drive\users\alnchen\Internet Settings\Cookies\[email protected][2].txt
D:\E_drive\users\alnchen\Internet Settings\Cookies\[email protected][2].txt
D:\E_drive\users\alnchen\Internet Settings\Cookies\[email protected][1].txt
D:\E_drive\users\alnchen\Internet Settings\Cookies\[email protected][1].txt
D:\E_drive\users\alnchen\Internet Settings\Cookies\alnchen@statcounter[1].txt
D:\E_drive\users\alnchen\Internet Settings\Cookies\alnchen@tracking[1].txt
D:\E_drive\users\alnchen\Internet Settings\Cookies\alnchen@tribalfusion[1].txt
D:\E_drive\users\alnchen\Internet Settings\Cookies\[email protected][1].txt

Trojan.Agent/Gen
HKU\S-1-5-21-117609710-1303643608-725345543-1007\Software\Microsoft\Windows\CurrentVersion\Run#ttool [ C:\WINDOWS\srsdllpro.exe ]


=====================================================

Malwarebytes' Anti-Malware 1.44
Database version: 3576
Windows 5.1.2600 Service Pack 3 (Safe Mode)
Internet Explorer 8.0.6001.18702

2010/1/16 下午 12:17:27
mbam-log-2010-01-16 (12-17-27).txt

Scan type: Full Scan (C:\|D:\|E:\|)
Objects scanned: 354309
Time elapsed: 2 hour(s), 5 minute(s), 9 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 1
Registry Data Items Infected: 1
Folders Infected: 0
Files Infected: 3

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\sysgif32 (Trojan.Agent) -> Quarantined and deleted successfully.

Registry Data Items Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\AntiVirusDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.

Folders Infected:
(No malicious items detected)

Files Infected:
D:\T_drive\ATCE2004\SPESTART.EXE (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\digo\Application Data\avdrn.dat (Malware.Trace) -> Quarantined and deleted successfully.
C:\Documents and Settings\digo\Application Data\fvgqad.dat (Malware.Trace) -> Quarantined and deleted successfully.


=====================================================

[digo]

Here are the SuperSpyware, Anti-malware, GMER and Hijackthis log files. Thanks a lot!!

[Broni]

In the future, please paste all logs into your reply.

Malwarebytes' Anti-Malware 1.44
Database version: 3576
Windows 5.1.2600 Service Pack 3 (Safe Mode)
Internet Explorer 8.0.6001.18702

2010/1/16 ¤U¤È 12:17:27
mbam-log-2010-01-16 (12-17-27).txt

Scan type: Full Scan (C:\|D:\|E:\|)
Objects scanned: 354309
Time elapsed: 2 hour(s), 5 minute(s), 9 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 1
Registry Data Items Infected: 1
Folders Infected: 0
Files Infected: 3

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\sysgif32 (Trojan.Agent) -> Quarantined and deleted successfully.

Registry Data Items Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\AntiVirusDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.

Folders Infected:
(No malicious items detected)

Files Infected:
D:\T_drive\ATCE2004\SPESTART.EXE (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\digo\Application Data\avdrn.dat (Malware.Trace) -> Quarantined and deleted successfully.
C:\Documents and Settings\digo\Application Data\fvgqad.dat (Malware.Trace) -> Quarantined and deleted successfully.

SUPERAntiSpyware Scan Log
http://www.superantispyware.com

Generated 01/16/2010 at 06:46 AM

Application Version : 4.33.1000

Core Rules Database Version : 4484
Trace Rules Database Version: 2302

Scan type : Complete Scan
Total Scan Time : 07:36:42

Memory items scanned : 219
Memory threats detected : 0
Registry items scanned : 7132
Registry threats detected : 1
File items scanned : 234460
File threats detected : 151

Adware.Tracking Cookie
[tracking cookies omitted - Broni]

Trojan.Agent/Gen
HKU\S-1-5-21-117609710-1303643608-725345543-1007\Software\Microsoft\Windows\CurrentVersion\Run#ttool [ C:\WINDOWS\srsdllpro.exe ]

[Broni]

Logfile of Trend Micro HijackThis v2.0.3 (BETA)
Scan saved at ¤U¤È 11:03:17, on 2010/1/16
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\brss01a.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Symantec AntiVirus\DefWatch.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\Program Files\Eset\nod32krn.exe
C:\WINDOWS\system32\nutsrv4.exe
C:\PROGRA~1\PANASO~1\LocalCom\lmsrvnt.exe
C:\PROGRA~1\PANASO~1\TRAPMO~1\Trapmnnt.exe
C:\Program Files\CyberLink\Shared Files\RichVideo.exe
C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
C:\Program Files\Common Files\SafeNet Sentinel\Sentinel Keys Server\sntlkeyssrvr.exe
C:\Program Files\Common Files\SafeNet Sentinel\Sentinel Protection Server\WinNT\spnsrvnt.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Symantec AntiVirus\Rtvscan.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\PROGRA~1\MKSTOO~1\bin\snmptrapd.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\PROGRA~1\SYMANT~1\VPTray.exe
C:\WINDOWS\AGRSMMSG.exe
C:\Program Files\Common Files\Logitech\QCDriver3\LVCOMS.EXE
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\CyberLink\PCM4Everio\EverioService.exe
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\Program Files\Panasonic\Device Monitor\dmwakeup.exe
C:\Program Files\Panasonic\MFStation\PCCMFSDM.exe
C:\Program Files\Panasonic\MFStation\PCMFSMLM.exe
C:\WINDOWS\system32\PCCMFLPD.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Eset\nod32kui.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe
C:\Program Files\ATI Technologies\ATI.ACE\CLI.exe
C:\Program Files\TrendMicro\HiJackThis\HiJackThis.exe

O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll
O2 - BHO: AcroIEToolbarHelper Class - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.4.4525.1752\swg.dll
O2 - BHO: MSN Toolbar Helper - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files\MSN\Toolbar\3.0.1125.0\msneshellx.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: (no name) - {92B255FE-94E2-4BCA-958D-3926CE38913F} - (no file)
O3 - Toolbar: MSN Toolbar - {1E61ED7C-7CB8-49d6-B9E9-AB4C880C8414} - C:\Program Files\MSN\Toolbar\3.0.1125.0\msneshellx.dll
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [PHIME2002ASync] "C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE" /SYNC
O4 - HKLM\..\Run: [PHIME2002A] "C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE" /IMEName
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\VPTray.exe
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [LVCOMS] "C:\Program Files\Common Files\Logitech\QCDriver3\LVCOMS.EXE"
O4 - HKLM\..\Run: [ISUSPM Startup] "C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [ATIPTA] "C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe"
O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" runtime
O4 - HKLM\..\Run: [NuTCSetupEnviron] C:\PROGRA~1\MKSTOO~1\bin\ncoeenv.exe
O4 - HKLM\..\Run: [EverioService] "C:\Program Files\CyberLink\PCM4Everio\EverioService.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\Ringz Studio\Storm Codec\qttask.exe" -atboottime
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [LanguageShortcut] "C:\Program Files\CyberLink\PowerDVD\Language\Language.exe"
O4 - HKLM\..\Run: [Panasonic Device Monitor Wakeup] C:\Program Files\Panasonic\Device Monitor\dmwakeup.exe
O4 - HKLM\..\Run: [Panasonic Device Manager for Multi-Function Station software] C:\Program Files\Panasonic\MFStation\PCCMFSDM.exe
O4 - HKLM\..\Run: [Panasonic PCFAX for Multi-Function Station software] C:\Program Files\Panasonic\MFStation\KmPcFax.exe -1
O4 - HKLM\..\Run: [Panasonic IP Address Checker for Multi-Function Station software] C:\Program Files\Panasonic\MFStation\PccChgIP.exe -s10
O4 - HKLM\..\Run: [Panasonic LPD Manager] C:\Program Files\Panasonic\MFStation\PCMFSMLM.exe
O4 - HKLM\..\Run: [Google Quick Search Box] "C:\Program Files\Google\Quick Search Box\GoogleQuickSearchBox.exe" /autorun
O4 - HKLM\..\Run: [Microsoft Default Manager] "C:\Program Files\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe" -resume
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [nod32kui] "C:\Program Files\Eset\nod32kui.exe" /WAITSERVICE
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
O4 - HKCU\..\Run: [Google Update] "C:\Documents and Settings\digo\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" /c
O4 - HKUS\S-1-5-19\..\Run: [ctfmon.exe] C:\WINDOWS\System32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [ctfmon.exe] C:\WINDOWS\System32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [ctfmon.exe] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [ctfmon.exe] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O8 - Extra context menu item: Google ºô­¶µù¸Ñ... - res://C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_60D6097707281E79.dll/cmsidewiki.html
O8 - Extra context menu item: ¶×¥X¦Ü Microsoft Excel(&X) - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O14 - IERESET.INF: START_PAGE_URL=http://www.google.com
O15 - Trusted Zone: http://*.wintan.com.tw
O15 - ESC Trusted Zone: http://*.update.microsoft.com
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {238F6F83-B8B4-11CF-8771-00A024541EE3} (Citrix ICA Client) - https://houstoncitrix.ryderscott.com...a32/wficac.cab
O16 - DPF: {272B8D21-5304-4529-BD3D-1CF392342F7D} (ICBC XCsp) - https://netbank.megabank.com.tw/natm/ICBCNetATM.CAB
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/micr...?1199976159475
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/micr...?1199976138694
O16 - DPF: {8FCF2DC3-50CA-4A38-8A6C-2AE07E7B27B6} (AS2WebCOM.AS2COM002) - https://www.ris.gov.tw/AS2/AS2WebCOM.CAB
O16 - DPF: {9DA9F061-B243-11D4-8B44-0000E88F2063} (XMSStockPen Class) - https://etrade.wintan.com.tw/wintan/CA/MSSTOCK.CAB
O16 - DPF: {A8C1E502-4FCF-4AF2-ADDB-ABF540CA5BA7} (XVideoShow Control) - http://www.cwb.gov.tw/V5/information...xVideoShow.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/ge...sh/swflash.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\System32\browseui.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\System32\browseui.dll
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: BrSplService (Brother XP spl Service) - brother Industries Ltd - C:\WINDOWS\system32\brsvc01a.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Symantec AntiVirus Definition Watcher (DefWatch) - Symantec Corporation - C:\Program Files\Symantec AntiVirus\DefWatch.exe
O23 - Service: GOCAD - Macrovision Corporation - C:\Program Files\EarthDecision\Licenses\lmgrd.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: HRS License Service - Unknown owner - C:\Program Files\HRS\license manager\lmgrd.exe (file missing)
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: MKS SNMPTRAPD (MKSSNMPTRAPD) - DataFocus, Inc. - C:\PROGRA~1\MKSTOO~1\bin\snmptrapd.exe
O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C:\Program Files\Eset\nod32krn.exe
O23 - Service: NuTCRACKER Service (NuTCRACKERService) - DataFocus, Inc. - C:\WINDOWS\system32\nutsrv4.exe
O23 - Service: Panasonic Local Printer Service - Panasonic Communications Co., Ltd. - C:\PROGRA~1\PANASO~1\LocalCom\lmsrvnt.exe
O23 - Service: Panasonic Trap Monitor Service - Panasonic - C:\PROGRA~1\PANASO~1\TRAPMO~1\Trapmnnt.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe
O23 - Service: ROXAR License Service - Unknown owner - C:\Program Files\ROXAR\FLEXlm 9.2\lmgrd.exe (file missing)
O23 - Service: SAVRoam (SavRoam) - symantec - C:\Program Files\Symantec AntiVirus\SavRoam.exe
O23 - Service: Sentinel Keys Server (SentinelKeysServer) - SafeNet, Inc. - C:\Program Files\Common Files\SafeNet Sentinel\Sentinel Keys Server\sntlkeyssrvr.exe
O23 - Service: Sentinel Protection Server (SentinelProtectionServer) - SafeNet, Inc - C:\Program Files\Common Files\SafeNet Sentinel\Sentinel Protection Server\WinNT\spnsrvnt.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec AntiVirus - Symantec Corporation - C:\Program Files\Symantec AntiVirus\Rtvscan.exe

--
End of file - 13121 bytes

[Broni]

Please download ComboFix from Here or Here to your Desktop.


**Note: In the event you already have Combofix, this is a new version that I need you to download. It is important that it is saved directly to your desktop**

• Please, never rename Combofix unless instructed.
• Close any open browsers.
• Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
• Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".
• Click on this link to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.

NOTE. If Combofix asks you to install Recovery Console, please allow it.

• Close any open browsers.
• WARNING: Combofix will disconnect your machine from the Internet as soon as it starts
• Please do not attempt to re-connect your machine back to the Internet until Combofix has completely finished.
• If there is no internet connection after running Combofix, then restart your computer to restore back your connection.
• Double click on combofix.exe & follow the prompts.
• When finished, it will produce a report for you.
• Please post the "C:\ComboFix.txt" along with a new HijackThis log for further review.

**Note: Do not mouseclick combofix's window while it's running. That may cause it to stall**

Make sure, you re-enable your security programs, when you're done with Combofix.

DO NOT make any other changes to your computer (like installing programs, using other cleaning tools, etc.), until it's officially declared clean!!!

[digo]

please see attached log file!

[Broni]

One more time....PLEASE, paste all logs into your reply.

ComboFix 10-01-16.03 - digo /01/17 ¬P´Á¤é 0:01.1.1 - x86
Microsoft Windows XP Professional 5.1.2600.3.950.886.1028.18.2047.1597 [GMT -6:00]
°õ¦æ¦ì¸m: c:\documents and settings\digo\®à­±\anti virus\ComboFix.exe
AV: ESET NOD32¨¾¬r¨t²Î 2.70 *On-access scanning disabled* (Updated) {E5E70D32-0101-4F12-8FB0-D96ACA4F34C0}
.

((((((((((((((((((((((((((((((((((((((( ³Q§R°£ªºÀÉ®× )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\digo\Favorites\games.url
c:\documents and settings\digo\Local Settings\Application Data\{215785E1-2400-4B1F-AB92-0595B3758EE5}
c:\documents and settings\digo\Local Settings\Application Data\{215785E1-2400-4B1F-AB92-0595B3758EE5}\chrome.manifest
c:\documents and settings\digo\Local Settings\Application Data\{215785E1-2400-4B1F-AB92-0595B3758EE5}\chrome\content\_cfg.js
c:\documents and settings\digo\Local Settings\Application Data\{215785E1-2400-4B1F-AB92-0595B3758EE5}\chrome\content\overlay.xul
c:\documents and settings\digo\Local Settings\Application Data\{215785E1-2400-4B1F-AB92-0595B3758EE5}\install.rdf
C:\Microsoft
c:\microsoft\IMJP8_1\imjp81u.dic
c:\program files\Internet Explorer\SET79.tmp
c:\program files\Internet Explorer\SET7A.tmp
c:\program files\Internet Explorer\SET7C.tmp
c:\program files\Internet Explorer\SETE7.tmp
c:\program files\Internet Explorer\SETE8.tmp
c:\program files\Internet Explorer\SETEA.tmp

.
((((((((((((((((((((((((( 2009-12-17 ¦Ü 2010-01-17 ªº·sªºÀÉ®× )))))))))))))))))))))))))))))))
.

2010-01-16 15:46 . 2010-01-16 15:46 -------- d-----w- c:\documents and settings\digo\Application Data\Malwarebytes
2010-01-16 15:46 . 2010-01-07 22:07 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-01-16 15:46 . 2010-01-16 15:46 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2010-01-16 15:46 . 2010-01-07 22:07 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-01-16 15:46 . 2010-01-16 15:48 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-01-16 04:58 . 2010-01-16 04:58 52224 ----a-w- c:\documents and settings\digo\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\SD10005.dll
2010-01-16 04:58 . 2010-01-16 04:58 117760 ----a-w- c:\documents and settings\digo\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\UIREPAIR.DLL
2010-01-16 04:58 . 2010-01-16 04:58 -------- d-----w- c:\documents and settings\All Users\Application Data\SUPERAntiSpyware.com
2010-01-16 04:57 . 2010-01-16 04:57 -------- d-----w- c:\program files\SUPERAntiSpyware
2010-01-16 04:57 . 2010-01-16 04:57 -------- d-----w- c:\documents and settings\digo\Application Data\SUPERAntiSpyware.com
2010-01-16 04:56 . 2010-01-16 04:56 -------- d-----w- c:\program files\Common Files\Wise Installation Wizard
2010-01-15 05:36 . 2010-01-17 05:58 -------- d-----w- c:\documents and settings\cyc
2009-12-31 05:20 . 2009-12-31 05:20 388096 ----a-r- c:\documents and settings\digo\Application Data\Microsoft\Installer\{0761C9A8-8F3A-4216-B4A7-B7AFBF24A24A}\HiJackThis.exe
2009-12-31 05:20 . 2009-12-31 05:20 -------- d-----w- c:\program files\TrendMicro
2009-12-25 18:36 . 2009-12-25 18:36 -------- d-----w- c:\documents and settings\digo\Application Data\MSN6
2009-12-25 18:17 . 2009-12-25 18:18 -------- dc-h--w- c:\windows\ie8
2009-12-22 03:18 . 2009-12-22 03:18 15424 ----a-w- c:\windows\system32\drivers\nod32drv.sys
2009-12-22 03:11 . 2009-12-22 03:18 298104 ----a-w- c:\windows\system32\imon.dll
2009-12-22 03:11 . 2009-12-22 03:18 512096 ----a-w- c:\windows\system32\drivers\amon.sys
2009-12-22 03:09 . 2010-01-01 05:46 -------- d-----w- c:\program files\ESET
2009-12-22 02:59 . 2009-12-22 02:59 -------- d-----w- c:\documents and settings\digo\Local Settings\Application Data\{0EAF14B0-DD9B-4B08-BBBA-DD64BA95CC54}

.
(((((((((((((((((((((((((((((((((((((((( ¦b¤T­Ó¤ë¤º³Q­×§ïªºÀÉ®× ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-01-17 06:05 . 2009-12-13 06:02 763904 ----a-w- c:\windows\system32\drivers\kiswxlgq.sys
2010-01-17 05:39 . 2005-10-12 14:55 -------- d-----w- c:\program files\Common Files\Symantec Shared
2010-01-17 05:39 . 2005-10-12 14:56 -------- d-----w- c:\program files\Symantec
2010-01-17 05:39 . 2005-10-12 14:55 -------- d-----w- c:\program files\Symantec AntiVirus
2010-01-17 05:39 . 2005-10-12 14:55 -------- d-----w- c:\documents and settings\All Users\Application Data\Symantec
2010-01-16 04:28 . 2009-12-13 06:05 0 ----a-w- c:\windows\Hjugadewilul.bin
2010-01-16 04:28 . 2009-12-13 06:05 120 ----a-w- c:\windows\Vruhocal.dat
2010-01-12 03:44 . 2001-09-05 12:00 328304 ----a-w- c:\windows\system32\prfh0404.dat
2010-01-12 03:44 . 2009-12-17 04:06 2762 ----a-w- c:\windows\system32\PerfStringBackup.TMP
2010-01-12 03:44 . 2001-09-05 12:00 122442 ----a-w- c:\windows\system32\prfc0404.dat
2009-12-17 03:49 . 2009-12-17 03:48 -------- d-----w- c:\program files\XP TCPIP Repair
2009-12-17 03:43 . 2007-04-01 13:43 2458 ----a-w- c:\windows\system32\drivers\15B34611.bin
2009-12-15 05:50 . 2009-05-18 03:12 -------- d-----w- c:\program files\Java
2009-12-15 05:49 . 2009-12-15 05:49 152576 ----a-w- c:\documents and settings\digo\Application Data\Sun\Java\jre1.6.0_17\lzma.dll
2009-12-15 05:49 . 2009-12-15 05:49 79488 ----a-w- c:\documents and settings\digo\Application Data\Sun\Java\jre1.6.0_17\gtapi.dll
2009-12-13 08:50 . 2008-08-02 04:38 -------- d-----w- c:\documents and settings\digo\Application Data\Skype
2009-12-13 05:50 . 2008-08-02 04:40 -------- d-----w- c:\documents and settings\digo\Application Data\skypePM
2009-11-24 03:43 . 2005-11-14 14:46 -------- d-----w- c:\program files\Google
2009-11-22 18:46 . 2009-01-03 22:56 60 -c--a-w- c:\windows\wpd99.drv
2009-11-22 18:46 . 2009-01-03 22:56 -------- d-----w- c:\documents and settings\All Users\Application Data\pdf995
2009-11-21 15:54 . 2001-09-05 12:00 471552 ----a-w- c:\windows\AppPatch\aclayers.dll
2009-11-21 05:24 . 2007-04-15 07:00 53352 -c--a-w- c:\documents and settings\digo\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-11-21 05:18 . 2005-10-12 14:13 -------- d--h--w- c:\program files\InstallShield Installation Information
2009-11-21 05:16 . 2009-11-21 05:16 -------- d-----w- c:\documents and settings\All Users\Application Data\SmartSound Software Inc
2009-11-21 05:12 . 2006-06-09 13:49 -------- d-----w- c:\program files\CyberLink
2009-10-29 07:40 . 2004-08-23 10:19 916480 ----a-w- c:\windows\system32\wininet.dll
2009-10-21 05:38 . 2004-08-04 07:47 75776 ----a-w- c:\windows\system32\strmfilt.dll
2009-10-21 05:38 . 2004-08-04 07:47 25088 ----a-w- c:\windows\system32\httpapi.dll
2009-10-20 16:20 . 2004-08-04 06:00 265728 ------w- c:\windows\system32\drivers\http.sys
2008-10-01 04:33 . 2008-10-01 04:33 1534 -c--a-w- c:\program files\launch.asp
2008-09-16 02:38 . 2008-09-16 02:38 27848064 -c--a-w- c:\program files\AdbeRdr709_zh_TW.exe
2008-12-25 21:44 . 2008-12-25 21:44 12208 -csha-w- c:\windows\system32\KGyGaAvL.sys
.

((((((((((((((((((((((((((((((((((((( ­«­nµn¤JÂI ))))))))))))))))))))))))))))))))))))))))))))))))))
.

[Broni]

.
*ª`·N* ªÅ¥Õ»P¦Xªk¯Ê¬Ùµn¿ý±N¤£·|³QÅã¥Ü
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-05-19 39408]
"Google Update"="c:\documents and settings\digo\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" [2009-05-27 133104]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IMJPMIG8.1"="c:\windows\IME\imjp8_1\IMJPMIG.EXE" [2004-08-04 208952]
"PHIME2002ASync"="c:\windows\System32\IME\TINTLGNT\TINTSETP.EXE" [2008-04-14 455168]
"PHIME2002A"="c:\windows\System32\IME\TINTLGNT\TINTSETP.EXE" [2008-04-14 455168]
"SoundMan"="SOUNDMAN.EXE" [2005-09-22 90112]
"AGRSMMSG"="AGRSMMSG.exe" [2004-06-29 88363]
"NeroFilterCheck"="c:\windows\system32\NeroCheck.exe" [2001-07-09 155648]
"LVCOMS"="c:\program files\Common Files\Logitech\QCDriver3\LVCOMS.EXE" [2002-12-10 127022]
"ISUSPM Startup"="c:\program files\Common Files\InstallShield\UpdateService\isuspm.exe" [2005-08-11 249856]
"ISUSScheduler"="c:\program files\Common Files\InstallShield\UpdateService\issch.exe" [2005-08-11 81920]
"ATIPTA"="c:\program files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2004-11-30 344064]
"ATICCC"="c:\program files\ATI Technologies\ATI.ACE\cli.exe" [2004-11-30 32768]
"NuTCSetupEnviron"="c:\progra~1\MKSTOO~1\bin\ncoeenv.exe" [2002-10-16 20849]
"EverioService"="c:\program files\CyberLink\PCM4Everio\EverioService.exe" [2006-11-22 151552]
"QuickTime Task"="c:\program files\Ringz Studio\Storm Codec\qttask.exe" [2007-06-28 286720]
"RemoteControl"="c:\program files\CyberLink\PowerDVD\PDVDServ.exe" [2005-12-07 30208]
"LanguageShortcut"="c:\program files\CyberLink\PowerDVD\Language\Language.exe" [2006-05-18 49152]
"Panasonic Device Monitor Wakeup"="c:\program files\Panasonic\Device Monitor\dmwakeup.exe" [2006-11-02 303104]
"Panasonic Device Manager for Multi-Function Station software"="c:\program files\Panasonic\MFStation\PCCMFSDM.exe" [2007-05-21 126976]
"Panasonic PCFAX for Multi-Function Station software"="c:\program files\Panasonic\MFStation\KmPcFax.exe" [2007-08-28 757760]
"Panasonic IP Address Checker for Multi-Function Station software"="c:\program files\Panasonic\MFStation\PccChgIP.exe" [2007-05-11 122880]
"Panasonic LPD Manager"="c:\program files\Panasonic\MFStation\PCMFSMLM.exe" [2007-06-15 147456]
"Google Quick Search Box"="c:\program files\Google\Quick Search Box\GoogleQuickSearchBox.exe" [2009-05-19 68592]
"Microsoft Default Manager"="c:\program files\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe" [2009-02-03 233304]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-10-11 149280]
"nod32kui"="c:\program files\Eset\nod32kui.exe" [2009-12-22 949376]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="c:\windows\System32\CTFMON.EXE" [2008-04-14 15360]
"ATICCC"="c:\program files\ATI Technologies\ATI.ACE\cli.exe" [2004-11-30 32768]

c:\documents and settings\All Users\¡u¶}©l¡v¥\¯àªí\µ{¦¡¶°\±Ò°Ê\
Acrobat Assistant.lnk - c:\program files\Adobe\Acrobat 6.0\Distillr\acrotray.exe [2003-10-23 217194]
Adobe Gamma Loader.exe.lnk - c:\program files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2005-10-15 113664]
Adobe Reader Speed Launch.lnk - c:\program files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2005-9-23 29696]
ATI CATALYST System Tray.lnk - c:\program files\ATI Technologies\ATI.ACE\CLI.exe [2004-11-30 32768]
Microsoft Office.lnk - c:\program files\Microsoft Office\Office10\OSA.EXE [2001-2-12 83360]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2009-09-03 20:21 548352 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.dll

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0SsiEfr.e

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"c:\\Program Files\\Schlumberger\\Petrel 2005\\Petrel 2005.exe"=
"c:\\ecl\\tools\\pc\\flexlm108\\lmgrd.exe"=
"c:\\ecl\\tools\\pc\\flexlm108\\slbfd.exe"=
"c:\\Program Files\\Common Files\\SafeNet Sentinel\\Sentinel Keys Server\\sntlkeyssrvr.exe"=
"c:\\Program Files\\Common Files\\SafeNet Sentinel\\Sentinel Protection Server\\WinNT\\spnsrvnt.exe"=
"c:\\WINDOWS\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\WINDOWS\\system32\\sessmgr.exe"=
"c:\\Program Files\\CyberLink\\PCM4Everio\\PCM4Everio.exe"=
"c:\\Program Files\\CyberLink\\PCM4Everio\\EverioService.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\Panasonic\\TrapMonitor\\Trapmnnt.exe"=
"c:\\WINDOWS\\system32\\PCCMFLPD.EXE"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=

R1 nod32drv;nod32drv;c:\windows\system32\drivers\nod32drv.sys [2009/12/21 ¤U¤È 09:18 15424]
R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [2010/1/5 ¤W¤È 07:56 9968]
R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [2010/1/5 ¤W¤È 07:56 74480]
R2 CNRM0330;CNRM0330;c:\windows\system32\drivers\CNRM0330.SYS [2007/3/5 ¤W¤È 08:21 23616]
R2 Panasonic Local Printer Service;Panasonic Local Printer Service;c:\progra~1\PANASO~1\LocalCom\lmsrvnt.exe [2008/11/22 ¤U¤È 11:50 36864]
R2 SentinelKeysServer;Sentinel Keys Server;c:\program files\Common Files\SafeNet Sentinel\Sentinel Keys Server\sntlkeyssrvr.exe [2006/8/21 ¤W¤È 11:00 316992]
S2 MKSSNMPTRAPD;MKS SNMPTRAPD;c:\progra~1\MKSTOO~1\bin\snmptrapd.exe [2002/10/15 ¤W¤È 05:05 102400]
S2 NuTCRACKERService;NuTCRACKER Service;c:\windows\system32\nutsrv4.exe [2002/10/15 ¤W¤È 03:42 301996]
S3 COMPASS;COMPASS;c:\windows\system32\drivers\COMPASS.sys [2006/5/9 ¤W¤È 09:20 200192]
S3 GOCAD;GOCAD;c:\program files\EarthDecision\Licenses\lmgrd.exe [2003/7/7 ¤U¤È 07:20 659456]
S3 HRS License Service;HRS License Service;c:\program files\HRS\license manager\lmgrd.exe --> c:\program files\HRS\license manager\lmgrd.exe [?]
S3 ROXAR License Service;ROXAR License Service;c:\program files\ROXAR\FLEXlm 9.2\lmgrd.exe --> c:\program files\ROXAR\FLEXlm 9.2\lmgrd.exe [?]
S3 SASENUM;SASENUM;c:\program files\SUPERAntiSpyware\SASENUM.SYS [2010/1/5 ¤W¤È 07:56 7408]
S3 TNET1130;802.11 WLAN;c:\windows\system32\drivers\TNET1130.sys [2008/11/11 ¤U¤È 10:14 386688]
S3 utdrv;utdrv;\??\c:\windows\system32\drivers\utdrv.sys --> c:\windows\system32\drivers\utdrv.sys [?]
S3 XRNBO;XRNBO;c:\windows\system32\drivers\XRNBO.sys [2007/4/2 ¤W¤È 06:27 177152]

--- Other Services/Drivers In Memory ---

*Deregistered* - kiswxlgq
.
¡¥­p¹º¥ô°È¡¦ ¤å¥ó§¨ ¸Ìªº¤º®e

2009-10-23 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2007-06-03 05:42]

2010-01-17 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-117609710-1303643608-725345543-1007Core.job
- c:\documents and settings\digo\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2009-05-27 02:20]

2010-01-17 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-117609710-1303643608-725345543-1007UA.job
- c:\documents and settings\digo\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2009-05-27 02:20]

2010-01-17 c:\windows\Tasks\User_Feed_Synchronization-{607240A0-582B-4F5F-8209-4A2702C92443}.job
- c:\windows\system32\msfeedssync.exe [2006-10-17 10:31]
.
.
------- ¦Ó¥~ªº±½´y -------
.
uStart Page = hxxp://www.google.com/ig
IE: Google ºô­¶µù¸Ñ... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_60D6097707281E79.dll/cmsidewiki.html
IE: ¶×¥X¦Ü Microsoft Excel(&X) - c:\progra~1\MICROS~2\Office10\EXCEL.EXE/3000
LSP: c:\windows\system32\imon.dll
Trusted Zone: com.tw\*.wintan
Trusted Zone: entrust.com.tw\etrade
Trusted Zone: entrust.com.tw\ftrade
Trusted Zone: entrust.com.tw\trade
Trusted Zone: tachan.com.tw\etrade
DPF: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab
DPF: {272B8D21-5304-4529-BD3D-1CF392342F7D} - hxxps://netbank.megabank.com.tw/natm/ICBCNetATM.CAB
DPF: {8FCF2DC3-50CA-4A38-8A6C-2AE07E7B27B6} - hxxps://www.ris.gov.tw/AS2/AS2WebCOM.CAB
DPF: {9DA9F061-B243-11D4-8B44-0000E88F2063} - hxxps://etrade.wintan.com.tw/wintan/CA/MSSTOCK.CAB
DPF: {A8C1E502-4FCF-4AF2-ADDB-ABF540CA5BA7} - hxxp://www.cwb.gov.tw/V5/information/video/webcam/ocx/xVideoShow.cab
.
- - - - ORPHANS REMOVED - - - -

WebBrowser-{604BC32A-9680-40D1-9AC6-E06B23A1BA4C} - (no file)
HKLM-Run-TkBellExe - c:\program files\Common Files\Real\Update_OB\realsched.exe
SafeBoot-svcWRSSSDK
AddRemove-Rainbow Sentinel Driver - c:\windows\SYSTEM32\RNBOSENT\SETUPX86.EXE
AddRemove-RealPlayer 12.0 - c:\program files\Common Files\Real\Update_OB\r1puninst.exe



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-01-17 00:05
Windows 5.1.2600 Service Pack 3 NTFS

±½´y³QÁôÂ꺶iµ{ ...

±½´y³QÁôÂêº±Ò°Ê²Õ ...

±½´y³QÁôÂ꺤å¥ó ...

±½´y§¹¦¨
³QÁôÂêºÀÉ®×: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\kiswxlgq]

.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_USERS\.Default\AppEvents\Schemes\Apps\Conf\ºNáT*úQ\.Current]
@="c:\\Program Files\\NetMeeting\\Blip.wav"

[HKEY_USERS\LocalService\AppEvents\Schemes\Apps\Conf\ºNáT*úQ\.Current]
@="c:\\Program Files\\NetMeeting\\Blip.wav"

[HKEY_USERS\S-1-5-20\AppEvents\Schemes\Apps\Conf\ºNáT*úQ\.Current]
@="c:\\Program Files\\NetMeeting\\Blip.wav"

[HKEY_USERS\S-1-5-21-117609710-1303643608-725345543-1007\AppEvents\Schemes\Apps\Conf\ºNáT*úQ\.Current]
@="c:\\Program Files\\NetMeeting\\Blip.wav"

[HKEY_USERS\S-1-5-21-117609710-1303643608-725345543-1007\Software\Microsoft\Windows\CurrentVersion\Explorer\MenuOrder\Favorites\b„v*gaR]
"Order"=hex:08,00,00,00,02,00,00,00,c2,00,00,00,01,00,00,00,02,00,00,00,5a,00,
00,00,00,00,00,00,4c,00,36,00,2e,01,00,00,e3,3a,6e,1e,20,00,fa,5e,70,8b,84,\

[HKEY_LOCAL_MACHINE\software\Classes\B*D*A*T*u*n*e*r*.*CQöN\CLSID]
@="{809B6661-94C4-49E6-B6EC-3F0F862215AA}"

[HKEY_LOCAL_MACHINE\software\Classes\B*D*A*T*u*n*e*r*.*CQöN\CurVer]
@="BDATuner.¤¸¥ó.1"

[HKEY_LOCAL_MACHINE\software\Classes\N*e*r*o*lxŸx™PýN‹WKa\DefaultIcon]
@="c:\\PROGRA~1\\Ahead\\nero\\nero.exe,14"

[HKEY_LOCAL_MACHINE\software\Classes\N*e*r*o*lxŸx™PýN‹WKa\shell\open\command]
@="c:\\PROGRA~1\\Ahead\\nero\\nero.exe \"%1\""

[HKEY_LOCAL_MACHINE\software\Classes\N*e*r*o*lxŸx™PýN‹WKa\shell\print\command]
@="c:\\PROGRA~1\\Ahead\\nero\\nero.exe /p \"%1\""

[HKEY_LOCAL_MACHINE\software\Classes\N*e*r*o*lxŸx™PýN‹WKa\shell\printto\command]
@="c:\\PROGRA~1\\Ahead\\nero\\nero.exe /pt \"%1\" \"%2\" \"%3\" \"%4\""

[HKEY_LOCAL_MACHINE\software\Clients\StartMenuInternet\G*o*o*g*l*e* *p½‰hV\Capabilities]
"ApplicationName"="Google ÂsÄý¾¹"
"ApplicationIcon"="c:\\Documents and Settings\\digo\\Local Settings\\Application Data\\Google\\Chrome\\Application\\chrome.exe,0"
"ApplicationDescription"="Google ÂsÄý¾¹"

[HKEY_LOCAL_MACHINE\software\Clients\StartMenuInternet\G*o*o*g*l*e* *p½‰hV\Capabilities\FileAssociations]
"crx"="ChromeExt"
".xhtml"="ChromeHTML"
".xht"="ChromeHTML"
".shtml"="ChromeHTML"
".html"="ChromeHTML"
".htm"="ChromeHTML"

[HKEY_LOCAL_MACHINE\software\Clients\StartMenuInternet\G*o*o*g*l*e* *p½‰hV\Capabilities\StartMenu]
"StartMenuInternet"="Google ÂsÄý¾¹"

[HKEY_LOCAL_MACHINE\software\Clients\StartMenuInternet\G*o*o*g*l*e* *p½‰hV\Capabilities\URLAssociations]
"https"="ChromeHTML"
"http"="ChromeHTML"
"ftp"="ChromeHTML"

[HKEY_LOCAL_MACHINE\software\Clients\StartMenuInternet\G*o*o*g*l*e* *p½‰hV\DefaultIcon]
@="c:\\Documents and Settings\\digo\\Local Settings\\Application Data\\Google\\Chrome\\Application\\chrome.exe,0"

[HKEY_LOCAL_MACHINE\software\Clients\StartMenuInternet\G*o*o*g*l*e* *p½‰hV\InstallInfo]
"IconsVisible"=dword:00000001
"ShowIconsCommand"="\"c:\\Documents and Settings\\digo\\Local Settings\\Application Data\\Google\\Chrome\\Application\\chrome.exe\" --show-icons"
"HideIconsCommand"="\"c:\\Documents and Settings\\digo\\Local Settings\\Application Data\\Google\\Chrome\\Application\\chrome.exe\" --hide-icons"
"ReinstallCommand"="\"c:\\Documents and Settings\\digo\\Local Settings\\Application Data\\Google\\Chrome\\Application\\chrome.exe\" --make-default-browser"

[HKEY_LOCAL_MACHINE\software\Clients\StartMenuInternet\G*o*o*g*l*e* *p½‰hV\shell\open\command]
@="\"c:\\Documents and Settings\\digo\\Local Settings\\Application Data\\Google\\Chrome\\Application\\chrome.exe\""
.
--------------------- ¹B¦æ¶iµ{¤Uªº°ÊºAÃì±µ®w ---------------------

- - - - - - - > 'winlogon.exe'(468)
c:\program files\SUPERAntiSpyware\SASWINLO.dll
c:\windows\system32\WININET.dll
c:\windows\system32\Ati2evxx.dll

- - - - - - - > 'lsass.exe'(528)
c:\windows\system32\imon.dll
c:\program files\Eset\pr_imon.dll
.
§¹¦¨®É¶¡: 2010-01-17 00:06:49
ComboFix-quarantined-files.txt 2010-01-17 06:06

Pre-Run: 6,834,569,216 ¦ì¤¸²Õ¥i¥Î
Post-Run: 6,980,386,816 ¦ì¤¸²Õ¥i¥Î

WindowsXP-KB310994-SP2-Pro-BootDisk-CHT.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /fastdetect /NoExecute=OptIn

- - End Of File - - 7AF1CF8141168B39FEFB8CADD49E986A

[Broni]

Logfile of Trend Micro HijackThis v2.0.3 (BETA)
Scan saved at ¤W¤È 12:25:46, on 2010/1/17
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\brss01a.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\WINDOWS\AGRSMMSG.exe
C:\Program Files\Common Files\Logitech\QCDriver3\LVCOMS.EXE
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\CyberLink\PCM4Everio\EverioService.exe
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\Program Files\Panasonic\Device Monitor\dmwakeup.exe
C:\Program Files\Panasonic\MFStation\PCCMFSDM.exe
C:\Program Files\Panasonic\MFStation\PCMFSMLM.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\system32\PCCMFLPD.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\Program Files\Eset\nod32krn.exe
C:\PROGRA~1\PANASO~1\LocalCom\lmsrvnt.exe
C:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe
C:\PROGRA~1\PANASO~1\TRAPMO~1\Trapmnnt.exe
C:\Program Files\CyberLink\Shared Files\RichVideo.exe
C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
C:\Program Files\ATI Technologies\ATI.ACE\CLI.exe
C:\Program Files\Common Files\SafeNet Sentinel\Sentinel Keys Server\sntlkeyssrvr.exe
C:\Program Files\Common Files\SafeNet Sentinel\Sentinel Protection Server\WinNT\spnsrvnt.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\conime.exe
C:\WINDOWS\system32\notepad.exe
C:\WINDOWS\explorer.exe
C:\Program Files\TrendMicro\HiJackThis\HiJackThis.exe

O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll
O2 - BHO: AcroIEToolbarHelper Class - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.4.4525.1752\swg.dll
O2 - BHO: MSN Toolbar Helper - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files\MSN\Toolbar\3.0.1125.0\msneshellx.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: (no name) - {92B255FE-94E2-4BCA-958D-3926CE38913F} - (no file)
O3 - Toolbar: MSN Toolbar - {1E61ED7C-7CB8-49d6-B9E9-AB4C880C8414} - C:\Program Files\MSN\Toolbar\3.0.1125.0\msneshellx.dll
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [PHIME2002ASync] "C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE" /SYNC
O4 - HKLM\..\Run: [PHIME2002A] "C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE" /IMEName
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [LVCOMS] "C:\Program Files\Common Files\Logitech\QCDriver3\LVCOMS.EXE"
O4 - HKLM\..\Run: [ISUSPM Startup] "C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [ATIPTA] "C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe"
O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" runtime
O4 - HKLM\..\Run: [NuTCSetupEnviron] C:\PROGRA~1\MKSTOO~1\bin\ncoeenv.exe
O4 - HKLM\..\Run: [EverioService] "C:\Program Files\CyberLink\PCM4Everio\EverioService.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\Ringz Studio\Storm Codec\qttask.exe" -atboottime
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [LanguageShortcut] "C:\Program Files\CyberLink\PowerDVD\Language\Language.exe"
O4 - HKLM\..\Run: [Panasonic Device Monitor Wakeup] C:\Program Files\Panasonic\Device Monitor\dmwakeup.exe
O4 - HKLM\..\Run: [Panasonic Device Manager for Multi-Function Station software] C:\Program Files\Panasonic\MFStation\PCCMFSDM.exe
O4 - HKLM\..\Run: [Panasonic PCFAX for Multi-Function Station software] C:\Program Files\Panasonic\MFStation\KmPcFax.exe -1
O4 - HKLM\..\Run: [Panasonic IP Address Checker for Multi-Function Station software] C:\Program Files\Panasonic\MFStation\PccChgIP.exe -s10
O4 - HKLM\..\Run: [Panasonic LPD Manager] C:\Program Files\Panasonic\MFStation\PCMFSMLM.exe
O4 - HKLM\..\Run: [Google Quick Search Box] "C:\Program Files\Google\Quick Search Box\GoogleQuickSearchBox.exe" /autorun
O4 - HKLM\..\Run: [Microsoft Default Manager] "C:\Program Files\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe" -resume
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [nod32kui] "C:\Program Files\Eset\nod32kui.exe" /WAITSERVICE
O4 - HKCU\..\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
O4 - HKCU\..\Run: [Google Update] "C:\Documents and Settings\digo\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" /c
O4 - HKUS\S-1-5-18\..\Run: [ctfmon.exe] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" runtime (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [ctfmon.exe] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O8 - Extra context menu item: Google ºô­¶µù¸Ñ... - res://C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_60D6097707281E79.dll/cmsidewiki.html
O8 - Extra context menu item: ¶×¥X¦Ü Microsoft Excel(&X) - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O14 - IERESET.INF: START_PAGE_URL=http://www.google.com
O15 - Trusted Zone: http://*.wintan.com.tw
O15 - ESC Trusted Zone: http://*.update.microsoft.com
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {238F6F83-B8B4-11CF-8771-00A024541EE3} (Citrix ICA Client) - https://houstoncitrix.ryderscott.com...a32/wficac.cab
O16 - DPF: {272B8D21-5304-4529-BD3D-1CF392342F7D} (ICBC XCsp) - https://netbank.megabank.com.tw/natm/ICBCNetATM.CAB
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/micr...?1199976159475
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/micr...?1199976138694
O16 - DPF: {8FCF2DC3-50CA-4A38-8A6C-2AE07E7B27B6} (AS2WebCOM.AS2COM002) - https://www.ris.gov.tw/AS2/AS2WebCOM.CAB
O16 - DPF: {9DA9F061-B243-11D4-8B44-0000E88F2063} (XMSStockPen Class) - https://etrade.wintan.com.tw/wintan/CA/MSSTOCK.CAB
O16 - DPF: {A8C1E502-4FCF-4AF2-ADDB-ABF540CA5BA7} (XVideoShow Control) - http://www.cwb.gov.tw/V5/information...xVideoShow.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/ge...sh/swflash.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\System32\browseui.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\System32\browseui.dll
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: BrSplService (Brother XP spl Service) - brother Industries Ltd - C:\WINDOWS\system32\brsvc01a.exe
O23 - Service: GOCAD - Macrovision Corporation - C:\Program Files\EarthDecision\Licenses\lmgrd.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: HRS License Service - Unknown owner - C:\Program Files\HRS\license manager\lmgrd.exe (file missing)
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: MKS SNMPTRAPD (MKSSNMPTRAPD) - DataFocus, Inc. - C:\PROGRA~1\MKSTOO~1\bin\snmptrapd.exe
O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C:\Program Files\Eset\nod32krn.exe
O23 - Service: NuTCRACKER Service (NuTCRACKERService) - DataFocus, Inc. - C:\WINDOWS\system32\nutsrv4.exe
O23 - Service: Panasonic Local Printer Service - Panasonic Communications Co., Ltd. - C:\PROGRA~1\PANASO~1\LocalCom\lmsrvnt.exe
O23 - Service: Panasonic Trap Monitor Service - Panasonic - C:\PROGRA~1\PANASO~1\TRAPMO~1\Trapmnnt.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe
O23 - Service: ROXAR License Service - Unknown owner - C:\Program Files\ROXAR\FLEXlm 9.2\lmgrd.exe (file missing)
O23 - Service: Sentinel Keys Server (SentinelKeysServer) - SafeNet, Inc. - C:\Program Files\Common Files\SafeNet Sentinel\Sentinel Keys Server\sntlkeyssrvr.exe
O23 - Service: Sentinel Protection Server (SentinelProtectionServer) - SafeNet, Inc - C:\Program Files\Common Files\SafeNet Sentinel\Sentinel Protection Server\WinNT\spnsrvnt.exe

--
End of file - 11485 bytes

[Broni]

1. Please open Notepad

• Click Start , then Run
• Type notepad .exe in the Run Box.

2. Now copy/paste the entire content of the codebox below into the Notepad window:

Code:

File::
c:\windows\system32\drivers\kiswxlgq.sys
c:\windows\Hjugadewilul.bin
c:\windows\Vruhocal.dat
c:\windows\system32\drivers\15B34611.bin
c:\windows\system32\prfh0404.dat
c:\windows\system32\PerfStringBackup.TMP
c:\windows\system32\prfc0404.dat


Folder::
c:\program files\Common Files\Symantec Shared
c:\program files\Symantec
c:\program files\Symantec AntiVirus
c:\documents and settings\All Users\Application Data\Symantec


Driver::

Registry::
[-HKEY_LOCAL_MACHINE\System\ControlSet001\Services\kiswxlgq]

RegLockDel::

3. Save the above as CFScript.txt

4. Then drag the CFScript.txt into ComboFix.exe as depicted in the animation below. This will start ComboFix again.




5. After reboot, (in case it asks to reboot), please post the following reports/logs into your next reply:

• Combofix.txt
• A new HijackThis log.

[digo]

ComboFix 10-01-16.03 - digo /01/17 星期日 0:55.2.1 - x86
Microsoft Windows XP Professional 5.1.2600.3.950.886.1028.18.2047.1459 [GMT -6:00]
執行位置: c:\documents and settings\digo\桌面\ComboFix.exe
Command switches used :: c:\documents and settings\digo\桌面\anti virus\20100116 logs\CFScript.txt
AV: ESET NOD32防毒系統 2.70 *On-access scanning disabled* (Updated) {E5E70D32-0101-4F12-8FB0-D96ACA4F34C0}

FILE ::
"c:\windows\Hjugadewilul.bin"
"c:\windows\system32\drivers\15B34611.bin"
"c:\windows\system32\drivers\kiswxlgq.sys"
"c:\windows\system32\PerfStringBackup.TMP"
"c:\windows\system32\prfc0404.dat"
"c:\windows\system32\prfh0404.dat"
"c:\windows\Vruhocal.dat"
.

((((((((((((((((((((((((((((((((((((((( 被刪除的檔案 )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\All Users\Application Data\Symantec
c:\documents and settings\All Users\Application Data\Symantec\LiveUpdate\1.Product.Inventory.LiveUpdate
c:\documents and settings\All Users\Application Data\Symantec\LiveUpdate\1.Settings.LiveUpdate
c:\documents and settings\All Users\Application Data\Symantec\LiveUpdate\2.Product.Inventory.LiveUpdate
c:\documents and settings\All Users\Application Data\Symantec\LiveUpdate\2.Settings.LiveUpdate
c:\documents and settings\All Users\Application Data\Symantec\LiveUpdate\3.Product.Inventory.LiveUpdate
c:\documents and settings\All Users\Application Data\Symantec\LiveUpdate\3.Settings.LiveUpdate
c:\documents and settings\All Users\Application Data\Symantec\LiveUpdate\Configuration.Log.LiveUpdate
c:\documents and settings\All Users\Application Data\Symantec\LiveUpdate\Downloads\1134603168jtun_enc11md2.x86
c:\documents and settings\All Users\Application Data\Symantec\LiveUpdate\Downloads\1137605154jtun_enc12md2.x86
c:\documents and settings\All Users\Application Data\Symantec\LiveUpdate\Downloads\1144876116jtun_enc03md2.x86
c:\documents and settings\All Users\Application Data\Symantec\LiveUpdate\Downloads\1146676836jtun_enccurd2.x86
c:\documents and settings\All Users\Application Data\Symantec\LiveUpdate\Downloads\1147282654jtun_enccurd2.x86
c:\documents and settings\All Users\Application Data\Symantec\LiveUpdate\Downloads\1149174805jtun_enccurd2.x86
c:\documents and settings\All Users\Application Data\Symantec\LiveUpdate\Downloads\1150913932jtun_enccurd2.x86
c:\documents and settings\All Users\Application Data\Symantec\LiveUpdate\Downloads\avenge$201.5$20microdefs2$20corp$209_microdefsb.apr_symalllanguages_livetri.zip
c:\documents and settings\All Users\Application Data\Symantec\LiveUpdate\Downloads\avenge$201.5$20microdefs2$20corp$209_microdefsb.aug_symalllanguages_livetri.zip
c:\documents and settings\All Users\Application Data\Symantec\LiveUpdate\Downloads\avenge$201.5$20microdefs2$20corp$209_microdefsb.curdefs_symalllanguages_livetri.zip
c:\documents and settings\All Users\Application Data\Symantec\LiveUpdate\Downloads\avenge$201.5$20microdefs2$20corp$209_microdefsb.dec_symalllanguages_livetri.zip
c:\documents and settings\All Users\Application Data\Symantec\LiveUpdate\Downloads\avenge$201.5$20microdefs2$20corp$209_microdefsb.error_symalllanguages_livetri.zip
c:\documents and settings\All Users\Application Data\Symantec\LiveUpdate\Downloads\avenge$201.5$20microdefs2$20corp$209_microdefsb.feb_symalllanguages_livetri.zip
c:\documents and settings\All Users\Application Data\Symantec\LiveUpdate\Downloads\avenge$201.5$20microdefs2$20corp$209_microdefsb.jan_symalllanguages_livetri.zip
c:\documents and settings\All Users\Application Data\Symantec\LiveUpdate\Downloads\avenge$201.5$20microdefs2$20corp$209_microdefsb.jul_symalllanguages_livetri.zip
c:\documents and settings\All Users\Application Data\Symantec\LiveUpdate\Downloads\avenge$201.5$20microdefs2$20corp$209_microdefsb.jun_symalllanguages_livetri.zip
c:\documents and settings\All Users\Application Data\Symantec\LiveUpdate\Downloads\avenge$201.5$20microdefs2$20corp$209_microdefsb.mar_symalllanguages_livetri.zip
c:\documents and settings\All Users\Application Data\Symantec\LiveUpdate\Downloads\avenge$201.5$20microdefs2$20corp$209_microdefsb.may_symalllanguages_livetri.zip
c:\documents and settings\All Users\Application Data\Symantec\LiveUpdate\Downloads\avenge$201.5$20microdefs2$20corp$209_microdefsb.nov_symalllanguages_livetri.zip
c:\documents and settings\All Users\Application Data\Symantec\LiveUpdate\Downloads\avenge$201.5$20microdefs2$20corp$209_microdefsb.oct_symalllanguages_livetri.zip
c:\documents and settings\All Users\Application Data\Symantec\LiveUpdate\Downloads\avenge$201.5$20microdefs2$20corp$209_microdefsb.old_symalllanguages_livetri.zip
c:\documents and settings\All Users\Application Data\Symantec\LiveUpdate\Downloads\avenge$201.5$20microdefs2$20corp$209_microdefsb.sep_symalllanguages_livetri.zip
c:\documents and settings\All Users\Application Data\Symantec\LiveUpdate\Downloads\liveupdate_2.0_english_livetri.zip
c:\documents and settings\All Users\Application Data\Symantec\LiveUpdate\Downloads\minitri.flg
c:\documents and settings\All Users\Application Data\Symantec\LiveUpdate\Log.LiveUpdate
c:\documents and settings\All Users\Application Data\Symantec\LiveUpdate\Product.Inventory.LiveUpdate
c:\documents and settings\All Users\Application Data\Symantec\LiveUpdate\Settings.LiveUpdate
c:\documents and settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Logs\01012010.Log
c:\documents and settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Logs\01022010.Log
c:\documents and settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Logs\01032010.Log
c:\documents and settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Logs\01072010.Log
c:\documents and settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Logs\01092010.Log
c:\documents and settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Logs\01102010.Log
c:\documents and settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Logs\01112010.Log
c:\documents and settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Logs\01122010.Log
c:\documents and settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Logs\01142010.Log
c:\documents and settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Logs\01152010.Log
c:\documents and settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Logs\01162010.Log
c:\documents and settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Logs\10192009.Log
c:\documents and settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Logs\10202009.Log
c:\documents and settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Logs\10212009.Log
c:\documents and settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Logs\10222009.Log
c:\documents and settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Logs\10242009.Log
c:\documents and settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Logs\10252009.Log
c:\documents and settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Logs\10262009.Log
c:\documents and settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Logs\10272009.Log
c:\documents and settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Logs\10282009.Log
c:\documents and settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Logs\10292009.Log
c:\documents and settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Logs\10302009.Log
c:\documents and settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Logs\10312009.Log
c:\documents and settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Logs\11012009.Log
c:\documents and settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Logs\11022009.Log
c:\documents and settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Logs\11032009.Log
c:\documents and settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Logs\11042009.Log
c:\documents and settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Logs\11052009.Log
c:\documents and settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Logs\11072009.Log
c:\documents and settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Logs\11082009.Log
c:\documents and settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Logs\11092009.Log
c:\documents and settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Logs\11102009.Log
c:\documents and settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Logs\11122009.Log
c:\documents and settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Logs\11152009.Log
c:\documents and settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Logs\11162009.Log
c:\documents and settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Logs\11172009.Log
c:\documents and settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Logs\11182009.Log
c:\documents and settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Logs\11192009.Log
c:\documents and settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Logs\11202009.Log
c:\documents and settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Logs\11212009.Log
c:\documents and settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Logs\11222009.Log
c:\documents and settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Logs\11232009.Log
c:\documents and settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Logs\11242009.Log
c:\documents and settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Logs\11252009.Log
c:\documents and settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Logs\11292009.Log
c:\documents and settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Logs\11302009.Log
c:\documents and settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Logs\12012009.Log
c:\documents and settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Logs\12022009.Log
c:\documents and settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Logs\12032009.Log
c:\documents and settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Logs\12062009.Log
c:\documents and settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Logs\12072009.Log
c:\documents and settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Logs\12082009.Log
c:\documents and settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Logs\12092009.Log
c:\documents and settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Logs\12102009.Log
c:\documents and settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Logs\12112009.Log
c:\documents and settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Logs\12122009.Log
c:\documents and settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Logs\12132009.Log
c:\documents and settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Logs\12142009.Log
c:\documents and settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Logs\12152009.Log
c:\documents and settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Logs\12162009.Log
c:\documents and settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Logs\12172009.Log
c:\documents and settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Logs\12182009.Log
c:\documents and settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Logs\12192009.Log
c:\documents and settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Logs\12202009.Log
c:\documents and settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Logs\12212009.Log
c:\documents and settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Logs\12222009.Log
c:\documents and settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Logs\12232009.Log
c:\documents and settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Logs\12242009.Log
c:\documents and settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Logs\12252009.Log
c:\documents and settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Logs\12262009.Log
c:\documents and settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Logs\12272009.Log
c:\documents and settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Logs\12282009.Log
c:\documents and settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Logs\12292009.Log
c:\documents and settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Logs\12302009.Log
c:\documents and settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Logs\12312009.Log
c:\program files\Common Files\Symantec Shared
c:\program files\Common Files\Symantec Shared\Help\LUALL.chm
c:\program files\Common Files\Symantec Shared\VirusDefs\Cat.DB
c:\program files\Common Files\Symantec Shared\VirusDefs\umcat_01.db
c:\program files\Symantec AntiVirus
c:\program files\Symantec AntiVirus\SAVRT\0000NAV~.TMP
c:\program files\Symantec AntiVirus\SAVRT\0001NAV~.TMP
c:\program files\Symantec AntiVirus\SAVRT\0002NAV~.TMP
c:\program files\Symantec AntiVirus\SAVRT\0003NAV~.TMP
c:\program files\Symantec AntiVirus\SAVRT\0004NAV~.TMP
c:\program files\Symantec AntiVirus\SAVRT\0005NAV~.TMP
c:\program files\Symantec AntiVirus\SAVRT\0006NAV~.TMP
c:\program files\Symantec AntiVirus\SAVRT\0007NAV~.TMP
c:\program files\Symantec AntiVirus\SAVRT\0008NAV~.TMP
c:\program files\Symantec AntiVirus\SAVRT\0009NAV~.TMP
c:\program files\Symantec AntiVirus\SAVRT\0010NAV~.TMP
c:\program files\Symantec AntiVirus\SAVRT\0011NAV~.TMP
c:\program files\Symantec AntiVirus\SAVRT\0012NAV~.TMP
c:\program files\Symantec AntiVirus\SAVRT\0013NAV~.TMP
c:\program files\Symantec AntiVirus\SAVRT\0014NAV~.TMP
c:\program files\Symantec AntiVirus\SAVRT\0015NAV~.TMP
c:\program files\Symantec AntiVirus\SAVRT\0016NAV~.TMP
c:\program files\Symantec AntiVirus\SAVRT\0017NAV~.TMP
c:\program files\Symantec AntiVirus\SAVRT\0018NAV~.TMP
c:\program files\Symantec AntiVirus\SAVRT\0019NAV~.TMP
c:\program files\Symantec AntiVirus\SAVRT\0020NAV~.TMP
c:\program files\Symantec AntiVirus\SAVRT\0021NAV~.TMP
c:\program files\Symantec AntiVirus\SAVRT\0022NAV~.TMP
c:\program files\Symantec
c:\program files\Symantec\LiveUpdate\1.Settings.Default.LiveUpdate
c:\program files\Symantec\LiveUpdate\ALUNOTIFY.EXE
c:\program files\Symantec\LiveUpdate\AUPDATE.EXE
c:\program files\Symantec\LiveUpdate\LSETUP.EXE
c:\program files\Symantec\LiveUpdate\LUALL.EXE
c:\program files\Symantec\LiveUpdate\LuComServer.EXE
c:\program files\Symantec\LiveUpdate\LuComServerPS.DLL
c:\program files\Symantec\LiveUpdate\ludirloc.dat
c:\program files\Symantec\LiveUpdate\LUINFO.INF
c:\program files\Symantec\LiveUpdate\LUInit.exe
c:\program files\Symantec\LiveUpdate\LUInit.ini
c:\program files\Symantec\LiveUpdate\LUINSDLL.DLL
c:\program files\Symantec\LiveUpdate\LuPreCon.DLL
c:\program files\Symantec\LiveUpdate\luproviderinst.jar
c:\program files\Symantec\LiveUpdate\LuResult.txt
c:\program files\Symantec\LiveUpdate\LUSESAIntegration.dll
c:\program files\Symantec\LiveUpdate\NDETECT.EXE
c:\program files\Symantec\LiveUpdate\NetDetectController.DLL
c:\program files\Symantec\LiveUpdate\pegclient.DLL
c:\program files\Symantec\LiveUpdate\pegcommon.DLL
c:\program files\Symantec\LiveUpdate\ProductRegCom.DLL
c:\program files\Symantec\LiveUpdate\ProductRegComPS.DLL
c:\program files\Symantec\LiveUpdate\providerInst.jar
c:\program files\Symantec\LiveUpdate\README.TXT
c:\program files\Symantec\LiveUpdate\S32LIVE1.DLL
c:\program files\Symantec\LiveUpdate\S32LUCP1.CPL
c:\program files\Symantec\LiveUpdate\S32LUIS1.DLL
c:\program files\Symantec\LiveUpdate\S32LUWI1.DLL
c:\program files\Symantec\LiveUpdate\SymantecRootInstaller.exe
c:\program files\Symantec\LiveUpdate\SymantecRootInstaller.log
c:\windows\Hjugadewilul.bin
c:\windows\system32\drivers\15B34611.bin
c:\windows\system32\drivers\kiswxlgq.sys
c:\windows\system32\PerfStringBackup.TMP
c:\windows\system32\prfc0404.dat
c:\windows\system32\prfh0404.dat
c:\windows\Vruhocal.dat

[digo]

.
((((((((((((((((((((((((((((((((((((((( 驅動/服務 )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_kiswxlgq
-------\Service_kiswxlgq


((((((((((((((((((((((((( 2009-12-17 至 2010-01-17 的新的檔案 )))))))))))))))))))))))))))))))
.

2010-01-16 15:46 . 2010-01-16 15:46 -------- d-----w- c:\documents and settings\digo\Application Data\Malwarebytes
2010-01-16 15:46 . 2010-01-07 22:07 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-01-16 15:46 . 2010-01-16 15:46 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2010-01-16 15:46 . 2010-01-07 22:07 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-01-16 15:46 . 2010-01-16 15:48 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-01-16 04:58 . 2010-01-16 04:58 52224 ----a-w- c:\documents and settings\digo\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\SD10005.dll
2010-01-16 04:58 . 2010-01-16 04:58 117760 ----a-w- c:\documents and settings\digo\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\UIREPAIR.DLL
2010-01-16 04:58 . 2010-01-16 04:58 -------- d-----w- c:\documents and settings\All Users\Application Data\SUPERAntiSpyware.com
2010-01-16 04:57 . 2010-01-16 04:57 -------- d-----w- c:\program files\SUPERAntiSpyware
2010-01-16 04:57 . 2010-01-16 04:57 -------- d-----w- c:\documents and settings\digo\Application Data\SUPERAntiSpyware.com
2010-01-16 04:56 . 2010-01-16 04:56 -------- d-----w- c:\program files\Common Files\Wise Installation Wizard
2010-01-15 05:36 . 2010-01-17 05:58 -------- d-----w- c:\documents and settings\cyc
2009-12-31 05:20 . 2009-12-31 05:20 388096 ----a-r- c:\documents and settings\digo\Application Data\Microsoft\Installer\{0761C9A8-8F3A-4216-B4A7-B7AFBF24A24A}\HiJackThis.exe
2009-12-31 05:20 . 2009-12-31 05:20 -------- d-----w- c:\program files\TrendMicro
2009-12-25 18:36 . 2009-12-25 18:36 -------- d-----w- c:\documents and settings\digo\Application Data\MSN6
2009-12-25 18:17 . 2009-12-25 18:18 -------- dc-h--w- c:\windows\ie8
2009-12-22 03:18 . 2009-12-22 03:18 15424 ----a-w- c:\windows\system32\drivers\nod32drv.sys
2009-12-22 03:11 . 2009-12-22 03:18 298104 ----a-w- c:\windows\system32\imon.dll
2009-12-22 03:11 . 2009-12-22 03:18 512096 ----a-w- c:\windows\system32\drivers\amon.sys
2009-12-22 03:09 . 2010-01-01 05:46 -------- d-----w- c:\program files\ESET
2009-12-22 02:59 . 2009-12-22 02:59 -------- d-----w- c:\documents and settings\digo\Local Settings\Application Data\{0EAF14B0-DD9B-4B08-BBBA-DD64BA95CC54}

.
(((((((((((((((((((((((((((((((((((((((( 在三個月內被修改的檔案 ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-12-17 03:49 . 2009-12-17 03:48 -------- d-----w- c:\program files\XP TCPIP Repair
2009-12-15 05:50 . 2009-05-18 03:12 -------- d-----w- c:\program files\Java
2009-12-15 05:49 . 2009-12-15 05:49 152576 ----a-w- c:\documents and settings\digo\Application Data\Sun\Java\jre1.6.0_17\lzma.dll
2009-12-15 05:49 . 2009-12-15 05:49 79488 ----a-w- c:\documents and settings\digo\Application Data\Sun\Java\jre1.6.0_17\gtapi.dll
2009-12-13 08:50 . 2008-08-02 04:38 -------- d-----w- c:\documents and settings\digo\Application Data\Skype
2009-12-13 05:50 . 2008-08-02 04:40 -------- d-----w- c:\documents and settings\digo\Application Data\skypePM
2009-11-24 03:43 . 2005-11-14 14:46 -------- d-----w- c:\program files\Google
2009-11-22 18:46 . 2009-01-03 22:56 60 -c--a-w- c:\windows\wpd99.drv
2009-11-22 18:46 . 2009-01-03 22:56 -------- d-----w- c:\documents and settings\All Users\Application Data\pdf995
2009-11-21 15:54 . 2001-09-05 12:00 471552 ----a-w- c:\windows\AppPatch\aclayers.dll
2009-11-21 05:24 . 2007-04-15 07:00 53352 -c--a-w- c:\documents and settings\digo\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-11-21 05:18 . 2005-10-12 14:13 -------- d--h--w- c:\program files\InstallShield Installation Information
2009-11-21 05:16 . 2009-11-21 05:16 -------- d-----w- c:\documents and settings\All Users\Application Data\SmartSound Software Inc
2009-11-21 05:12 . 2006-06-09 13:49 -------- d-----w- c:\program files\CyberLink
2009-10-29 07:40 . 2004-08-23 10:19 916480 ------w- c:\windows\system32\wininet.dll
2009-10-21 05:38 . 2004-08-04 07:47 75776 ----a-w- c:\windows\system32\strmfilt.dll
2009-10-21 05:38 . 2004-08-04 07:47 25088 ----a-w- c:\windows\system32\httpapi.dll
2009-10-20 16:20 . 2004-08-04 06:00 265728 ------w- c:\windows\system32\drivers\http.sys
2008-10-01 04:33 . 2008-10-01 04:33 1534 -c--a-w- c:\program files\launch.asp
2008-09-16 02:38 . 2008-09-16 02:38 27848064 -c--a-w- c:\program files\AdbeRdr709_zh_TW.exe
2008-12-25 21:44 . 2008-12-25 21:44 12208 -csha-w- c:\windows\system32\KGyGaAvL.sys
.

((((((((((((((((((((((((((((((((((((( 重要登入點 ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*注意* 空白與合法缺省登錄將不會被顯示
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-05-19 39408]
"Google Update"="c:\documents and settings\digo\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" [2009-05-27 133104]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IMJPMIG8.1"="c:\windows\IME\imjp8_1\IMJPMIG.EXE" [2004-08-04 208952]
"PHIME2002ASync"="c:\windows\System32\IME\TINTLGNT\TINTSETP.EXE" [2008-04-14 455168]
"PHIME2002A"="c:\windows\System32\IME\TINTLGNT\TINTSETP.EXE" [2008-04-14 455168]
"SoundMan"="SOUNDMAN.EXE" [2005-09-22 90112]
"AGRSMMSG"="AGRSMMSG.exe" [2004-06-29 88363]
"NeroFilterCheck"="c:\windows\system32\NeroCheck.exe" [2001-07-09 155648]
"LVCOMS"="c:\program files\Common Files\Logitech\QCDriver3\LVCOMS.EXE" [2002-12-10 127022]
"ISUSPM Startup"="c:\program files\Common Files\InstallShield\UpdateService\isuspm.exe" [2005-08-11 249856]
"ISUSScheduler"="c:\program files\Common Files\InstallShield\UpdateService\issch.exe" [2005-08-11 81920]
"ATIPTA"="c:\program files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2004-11-30 344064]
"ATICCC"="c:\program files\ATI Technologies\ATI.ACE\cli.exe" [2004-11-30 32768]
"NuTCSetupEnviron"="c:\progra~1\MKSTOO~1\bin\ncoeenv.exe" [2002-10-16 20849]
"EverioService"="c:\program files\CyberLink\PCM4Everio\EverioService.exe" [2006-11-22 151552]
"QuickTime Task"="c:\program files\Ringz Studio\Storm Codec\qttask.exe" [2007-06-28 286720]
"RemoteControl"="c:\program files\CyberLink\PowerDVD\PDVDServ.exe" [2005-12-07 30208]
"LanguageShortcut"="c:\program files\CyberLink\PowerDVD\Language\Language.exe" [2006-05-18 49152]
"Panasonic Device Monitor Wakeup"="c:\program files\Panasonic\Device Monitor\dmwakeup.exe" [2006-11-02 303104]
"Panasonic Device Manager for Multi-Function Station software"="c:\program files\Panasonic\MFStation\PCCMFSDM.exe" [2007-05-21 126976]
"Panasonic PCFAX for Multi-Function Station software"="c:\program files\Panasonic\MFStation\KmPcFax.exe" [2007-08-28 757760]
"Panasonic IP Address Checker for Multi-Function Station software"="c:\program files\Panasonic\MFStation\PccChgIP.exe" [2007-05-11 122880]
"Panasonic LPD Manager"="c:\program files\Panasonic\MFStation\PCMFSMLM.exe" [2007-06-15 147456]
"Google Quick Search Box"="c:\program files\Google\Quick Search Box\GoogleQuickSearchBox.exe" [2009-05-19 68592]
"Microsoft Default Manager"="c:\program files\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe" [2009-02-03 233304]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-10-11 149280]
"nod32kui"="c:\program files\Eset\nod32kui.exe" [2009-12-22 949376]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="c:\windows\System32\CTFMON.EXE" [2008-04-14 15360]
"ATICCC"="c:\program files\ATI Technologies\ATI.ACE\cli.exe" [2004-11-30 32768]

c:\documents and settings\All Users\「開始」功能表\程式集\啟動\
Acrobat Assistant.lnk - c:\program files\Adobe\Acrobat 6.0\Distillr\acrotray.exe [2003-10-23 217194]
Adobe Gamma Loader.exe.lnk - c:\program files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2005-10-15 113664]
Adobe Reader Speed Launch.lnk - c:\program files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2005-9-23 29696]
ATI CATALYST System Tray.lnk - c:\program files\ATI Technologies\ATI.ACE\CLI.exe [2004-11-30 32768]
Microsoft Office.lnk - c:\program files\Microsoft Office\Office10\OSA.EXE [2001-2-12 83360]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2009-09-03 20:21 548352 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.dll

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0SsiEfr.e

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"c:\\Program Files\\Schlumberger\\Petrel 2005\\Petrel 2005.exe"=
"c:\\ecl\\tools\\pc\\flexlm108\\lmgrd.exe"=
"c:\\ecl\\tools\\pc\\flexlm108\\slbfd.exe"=
"c:\\Program Files\\Common Files\\SafeNet Sentinel\\Sentinel Keys Server\\sntlkeyssrvr.exe"=
"c:\\Program Files\\Common Files\\SafeNet Sentinel\\Sentinel Protection Server\\WinNT\\spnsrvnt.exe"=
"c:\\WINDOWS\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\WINDOWS\\system32\\sessmgr.exe"=
"c:\\Program Files\\CyberLink\\PCM4Everio\\PCM4Everio.exe"=
"c:\\Program Files\\CyberLink\\PCM4Everio\\EverioService.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\Panasonic\\TrapMonitor\\Trapmnnt.exe"=
"c:\\WINDOWS\\system32\\PCCMFLPD.EXE"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=

R1 nod32drv;nod32drv;c:\windows\system32\drivers\nod32drv.sys [2009/12/21 下午 09:18 15424]
R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [2010/1/5 上午 07:56 9968]
R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [2010/1/5 上午 07:56 74480]
R2 CNRM0330;CNRM0330;c:\windows\system32\drivers\CNRM0330.SYS [2007/3/5 上午 08:21 23616]
R2 MKSSNMPTRAPD;MKS SNMPTRAPD;c:\progra~1\MKSTOO~1\bin\snmptrapd.exe [2002/10/15 上午 05:05 102400]
R2 NuTCRACKERService;NuTCRACKER Service;c:\windows\system32\nutsrv4.exe [2002/10/15 上午 03:42 301996]
R2 Panasonic Local Printer Service;Panasonic Local Printer Service;c:\progra~1\PANASO~1\LocalCom\lmsrvnt.exe [2008/11/22 下午 11:50 36864]
R2 SentinelKeysServer;Sentinel Keys Server;c:\program files\Common Files\SafeNet Sentinel\Sentinel Keys Server\sntlkeyssrvr.exe [2006/8/21 上午 11:00 316992]
S3 COMPASS;COMPASS;c:\windows\system32\drivers\COMPASS.sys [2006/5/9 上午 09:20 200192]
S3 GOCAD;GOCAD;c:\program files\EarthDecision\Licenses\lmgrd.exe [2003/7/7 下午 07:20 659456]
S3 HRS License Service;HRS License Service;c:\program files\HRS\license manager\lmgrd.exe --> c:\program files\HRS\license manager\lmgrd.exe [?]
S3 ROXAR License Service;ROXAR License Service;c:\program files\ROXAR\FLEXlm 9.2\lmgrd.exe --> c:\program files\ROXAR\FLEXlm 9.2\lmgrd.exe [?]
S3 SASENUM;SASENUM;c:\program files\SUPERAntiSpyware\SASENUM.SYS [2010/1/5 上午 07:56 7408]
S3 TNET1130;802.11 WLAN;c:\windows\system32\drivers\TNET1130.sys [2008/11/11 下午 10:14 386688]
S3 utdrv;utdrv;\??\c:\windows\system32\drivers\utdrv.sys --> c:\windows\system32\drivers\utdrv.sys [?]
S3 XRNBO;XRNBO;c:\windows\system32\drivers\XRNBO.sys [2007/4/2 上午 06:27 177152]
.
‘計劃任務’ 文件夾 裡的內容

2009-10-23 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2007-06-03 05:42]

2010-01-17 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-117609710-1303643608-725345543-1007Core.job
- c:\documents and settings\digo\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2009-05-27 02:20]

2010-01-17 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-117609710-1303643608-725345543-1007UA.job
- c:\documents and settings\digo\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2009-05-27 02:20]

2010-01-17 c:\windows\Tasks\User_Feed_Synchronization-{607240A0-582B-4F5F-8209-4A2702C92443}.job
- c:\windows\system32\msfeedssync.exe [2006-10-17 10:31]
.
.
------- 而外的掃描 -------
.
uStart Page = hxxp://www.google.com/ig
IE: Google 網頁註解... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_60D6097707281E79.dll/cmsidewiki.html
IE: 匯出至 Microsoft Excel(&X) - c:\progra~1\MICROS~2\Office10\EXCEL.EXE/3000
LSP: c:\windows\system32\imon.dll
Trusted Zone: com.tw\*.wintan
Trusted Zone: entrust.com.tw\etrade
Trusted Zone: entrust.com.tw\ftrade
Trusted Zone: entrust.com.tw\trade
Trusted Zone: tachan.com.tw\etrade
DPF: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab
DPF: {272B8D21-5304-4529-BD3D-1CF392342F7D} - hxxps://netbank.megabank.com.tw/natm/ICBCNetATM.CAB
DPF: {8FCF2DC3-50CA-4A38-8A6C-2AE07E7B27B6} - hxxps://www.ris.gov.tw/AS2/AS2WebCOM.CAB
DPF: {9DA9F061-B243-11D4-8B44-0000E88F2063} - hxxps://etrade.wintan.com.tw/wintan/CA/MSSTOCK.CAB
DPF: {A8C1E502-4FCF-4AF2-ADDB-ABF540CA5BA7} - hxxp://www.cwb.gov.tw/V5/information/video/webcam/ocx/xVideoShow.cab
.
- - - - ORPHANS REMOVED - - - -

AddRemove-LiveUpdate - c:\program files\Symantec\LiveUpdate\LSETUP.EXE



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-01-17 01:01
Windows 5.1.2600 Service Pack 3 NTFS

掃描被隱藏的進程 ...

掃描被隱藏的啟動組 ...

掃描被隱藏的文件 ...

掃描完成
被隱藏的檔案: 0

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_USERS\.Default\AppEvents\Schemes\Apps\Conf\摸嗿*Q\.Current]
@="c:\\Program Files\\NetMeeting\\Blip.wav"

[HKEY_USERS\LocalService\AppEvents\Schemes\Apps\Conf\摸嗿*Q\.Current]
@="c:\\Program Files\\NetMeeting\\Blip.wav"

[HKEY_USERS\S-1-5-20\AppEvents\Schemes\Apps\Conf\摸嗿*Q\.Current]
@="c:\\Program Files\\NetMeeting\\Blip.wav"

[HKEY_USERS\S-1-5-21-117609710-1303643608-725345543-1007\AppEvents\Schemes\Apps\Conf\摸嗿*Q\.Current]
@="c:\\Program Files\\NetMeeting\\Blip.wav"

[HKEY_USERS\S-1-5-21-117609710-1303643608-725345543-1007\Software\Microsoft\Windows\CurrentVersion\Explorer\MenuOrder\Favorites\b*gaR]
"Order"=hex:08,00,00,00,02,00,00,00,c2,00,00,00,01,00,00,00,02,00,00,00,5a,00,
00,00,00,00,00,00,4c,00,36,00,2e,01,00,00,e3,3a,6e,1e,20,00,fa,5e,70,8b,84,\

[HKEY_LOCAL_MACHINE\software\Classes\B*D*A*T*u*n*e*r*.*CQ譸\CLSID]
@="{809B6661-94C4-49E6-B6EC-3F0F862215AA}"

[HKEY_LOCAL_MACHINE\software\Classes\B*D*A*T*u*n*e*r*.*CQ譸\CurVer]
@="BDATuner.元件.1"

[HKEY_LOCAL_MACHINE\software\Classes\N*e*r*o*lxKa\DefaultIcon]
@="c:\\PROGRA~1\\Ahead\\nero\\nero.exe,14"

[HKEY_LOCAL_MACHINE\software\Classes\N*e*r*o*lxKa\shell\open\command]
@="c:\\PROGRA~1\\Ahead\\nero\\nero.exe \"%1\""

[HKEY_LOCAL_MACHINE\software\Classes\N*e*r*o*lxKa\shell\print\command]
@="c:\\PROGRA~1\\Ahead\\nero\\nero.exe /p \"%1\""

[HKEY_LOCAL_MACHINE\software\Classes\N*e*r*o*lxKa\shell\printto\command]
@="c:\\PROGRA~1\\Ahead\\nero\\nero.exe /pt \"%1\" \"%2\" \"%3\" \"%4\""

[HKEY_LOCAL_MACHINE\software\Clients\StartMenuInternet\G*o*o*g*l*e* *p?hV\Capabilities]
"ApplicationName"="Google 瀏覽器"
"ApplicationIcon"="c:\\Documents and Settings\\digo\\Local Settings\\Application Data\\Google\\Chrome\\Application\\chrome.exe,0"
"ApplicationDescription"="Google 瀏覽器"

[HKEY_LOCAL_MACHINE\software\Clients\StartMenuInternet\G*o*o*g*l*e* *p?hV\Capabilities\FileAssociations]
"crx"="ChromeExt"
".xhtml"="ChromeHTML"
".xht"="ChromeHTML"
".shtml"="ChromeHTML"
".html"="ChromeHTML"
".htm"="ChromeHTML"

[HKEY_LOCAL_MACHINE\software\Clients\StartMenuInternet\G*o*o*g*l*e* *p?hV\Capabilities\StartMenu]
"StartMenuInternet"="Google 瀏覽器"

[HKEY_LOCAL_MACHINE\software\Clients\StartMenuInternet\G*o*o*g*l*e* *p?hV\Capabilities\URLAssociations]
"https"="ChromeHTML"
"http"="ChromeHTML"
"ftp"="ChromeHTML"

[HKEY_LOCAL_MACHINE\software\Clients\StartMenuInternet\G*o*o*g*l*e* *p?hV\DefaultIcon]
@="c:\\Documents and Settings\\digo\\Local Settings\\Application Data\\Google\\Chrome\\Application\\chrome.exe,0"

[HKEY_LOCAL_MACHINE\software\Clients\StartMenuInternet\G*o*o*g*l*e* *p?hV\InstallInfo]
"IconsVisible"=dword:00000001
"ShowIconsCommand"="\"c:\\Documents and Settings\\digo\\Local Settings\\Application Data\\Google\\Chrome\\Application\\chrome.exe\" --show-icons"
"HideIconsCommand"="\"c:\\Documents and Settings\\digo\\Local Settings\\Application Data\\Google\\Chrome\\Application\\chrome.exe\" --hide-icons"
"ReinstallCommand"="\"c:\\Documents and Settings\\digo\\Local Settings\\Application Data\\Google\\Chrome\\Application\\chrome.exe\" --make-default-browser"

[HKEY_LOCAL_MACHINE\software\Clients\StartMenuInternet\G*o*o*g*l*e* *p?hV\shell\open\command]
@="\"c:\\Documents and Settings\\digo\\Local Settings\\Application Data\\Google\\Chrome\\Application\\chrome.exe\""
.
--------------------- 運行進程下的動態鏈接庫 ---------------------

- - - - - - - > 'winlogon.exe'(460)
c:\program files\SUPERAntiSpyware\SASWINLO.dll
c:\windows\system32\WININET.dll
c:\windows\system32\Ati2evxx.dll

- - - - - - - > 'lsass.exe'(520)
c:\windows\system32\imon.dll
c:\program files\Eset\pr_imon.dll

- - - - - - - > 'explorer.exe'(2184)
c:\windows\system32\WININET.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\imon.dll
c:\program files\Eset\pr_imon.dll
.
------------------------ 其他運行進程 ------------------------
.
c:\windows\system32\Ati2evxx.exe
c:\windows\system32\brss01a.exe
c:\windows\system32\Ati2evxx.exe
c:\windows\system32\conime.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
c:\program files\Eset\nod32krn.exe
c:\progra~1\PANASO~1\TRAPMO~1\Trapmnnt.exe
c:\program files\CyberLink\Shared Files\RichVideo.exe
c:\program files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
c:\program files\Common Files\SafeNet Sentinel\Sentinel Protection Server\WinNT\spnsrvnt.exe
c:\windows\system32\wdfmgr.exe
c:\windows\SOUNDMAN.EXE
c:\windows\AGRSMMSG.exe
c:\windows\system32\PCCMFLPD.exe
.
**************************************************************************
.
完成時間: 2010-01-17 01:05:21 - 電腦已重新啟動
ComboFix-quarantined-files.txt 2010-01-17 07:05
ComboFix2.txt 2010-01-17 06:06

Pre-Run: 6,982,275,072 位元組可用
Post-Run: 6,865,547,264 位元組可用

- - End Of File - - BEEDFC529FBD6C1482FC55357FB464AC

[digo]

Logfile of Trend Micro HijackThis v2.0.3 (BETA)
Scan saved at 上午 01:07:39, on 2010/1/17
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\brss01a.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\conime.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\Program Files\Eset\nod32krn.exe
C:\WINDOWS\system32\nutsrv4.exe
C:\PROGRA~1\PANASO~1\LocalCom\lmsrvnt.exe
C:\PROGRA~1\PANASO~1\TRAPMO~1\Trapmnnt.exe
C:\Program Files\CyberLink\Shared Files\RichVideo.exe
C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
C:\Program Files\Common Files\SafeNet Sentinel\Sentinel Keys Server\sntlkeyssrvr.exe
C:\Program Files\Common Files\SafeNet Sentinel\Sentinel Protection Server\WinNT\spnsrvnt.exe
C:\WINDOWS\System32\svchost.exe
C:\PROGRA~1\MKSTOO~1\bin\snmptrapd.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\WINDOWS\AGRSMMSG.exe
C:\Program Files\Common Files\Logitech\QCDriver3\LVCOMS.EXE
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\CyberLink\PCM4Everio\EverioService.exe
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\Program Files\Panasonic\Device Monitor\dmwakeup.exe
C:\Program Files\Panasonic\MFStation\PCCMFSDM.exe
C:\Program Files\Panasonic\MFStation\PCMFSMLM.exe
C:\WINDOWS\system32\PCCMFLPD.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Eset\nod32kui.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe
C:\Program Files\ATI Technologies\ATI.ACE\CLI.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\notepad.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\TrendMicro\HiJackThis\HiJackThis.exe

O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll
O2 - BHO: AcroIEToolbarHelper Class - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.4.4525.1752\swg.dll
O2 - BHO: MSN Toolbar Helper - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files\MSN\Toolbar\3.0.1125.0\msneshellx.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: (no name) - {92B255FE-94E2-4BCA-958D-3926CE38913F} - (no file)
O3 - Toolbar: MSN Toolbar - {1E61ED7C-7CB8-49d6-B9E9-AB4C880C8414} - C:\Program Files\MSN\Toolbar\3.0.1125.0\msneshellx.dll
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [PHIME2002ASync] "C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE" /SYNC
O4 - HKLM\..\Run: [PHIME2002A] "C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE" /IMEName
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [LVCOMS] "C:\Program Files\Common Files\Logitech\QCDriver3\LVCOMS.EXE"
O4 - HKLM\..\Run: [ISUSPM Startup] "C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [ATIPTA] "C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe"
O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" runtime
O4 - HKLM\..\Run: [NuTCSetupEnviron] C:\PROGRA~1\MKSTOO~1\bin\ncoeenv.exe
O4 - HKLM\..\Run: [EverioService] "C:\Program Files\CyberLink\PCM4Everio\EverioService.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\Ringz Studio\Storm Codec\qttask.exe" -atboottime
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [LanguageShortcut] "C:\Program Files\CyberLink\PowerDVD\Language\Language.exe"
O4 - HKLM\..\Run: [Panasonic Device Monitor Wakeup] C:\Program Files\Panasonic\Device Monitor\dmwakeup.exe
O4 - HKLM\..\Run: [Panasonic Device Manager for Multi-Function Station software] C:\Program Files\Panasonic\MFStation\PCCMFSDM.exe
O4 - HKLM\..\Run: [Panasonic PCFAX for Multi-Function Station software] C:\Program Files\Panasonic\MFStation\KmPcFax.exe -1
O4 - HKLM\..\Run: [Panasonic IP Address Checker for Multi-Function Station software] C:\Program Files\Panasonic\MFStation\PccChgIP.exe -s10
O4 - HKLM\..\Run: [Panasonic LPD Manager] C:\Program Files\Panasonic\MFStation\PCMFSMLM.exe
O4 - HKLM\..\Run: [Google Quick Search Box] "C:\Program Files\Google\Quick Search Box\GoogleQuickSearchBox.exe" /autorun
O4 - HKLM\..\Run: [Microsoft Default Manager] "C:\Program Files\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe" -resume
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [nod32kui] "C:\Program Files\Eset\nod32kui.exe" /WAITSERVICE
O4 - HKCU\..\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
O4 - HKCU\..\Run: [Google Update] "C:\Documents and Settings\digo\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" /c
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-18\..\Run: [ctfmon.exe] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" runtime (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [ctfmon.exe] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O8 - Extra context menu item: Google 網頁註解... - res://C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_60D6097707281E79.dll/cmsidewiki.html
O8 - Extra context menu item: 匯出至 Microsoft Excel(&X) - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O14 - IERESET.INF: START_PAGE_URL=http://www.google.com
O15 - Trusted Zone: http://*.wintan.com.tw
O15 - ESC Trusted Zone: http://*.update.microsoft.com
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {238F6F83-B8B4-11CF-8771-00A024541EE3} (Citrix ICA Client) - https://houstoncitrix.ryderscott.com...a32/wficac.cab
O16 - DPF: {272B8D21-5304-4529-BD3D-1CF392342F7D} (ICBC XCsp) - https://netbank.megabank.com.tw/natm/ICBCNetATM.CAB
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/micr...?1199976159475
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/micr...?1199976138694
O16 - DPF: {8FCF2DC3-50CA-4A38-8A6C-2AE07E7B27B6} (AS2WebCOM.AS2COM002) - https://www.ris.gov.tw/AS2/AS2WebCOM.CAB
O16 - DPF: {9DA9F061-B243-11D4-8B44-0000E88F2063} (XMSStockPen Class) - https://etrade.wintan.com.tw/wintan/CA/MSSTOCK.CAB
O16 - DPF: {A8C1E502-4FCF-4AF2-ADDB-ABF540CA5BA7} (XVideoShow Control) - http://www.cwb.gov.tw/V5/information...xVideoShow.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/ge...sh/swflash.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\System32\browseui.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\System32\browseui.dll
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: BrSplService (Brother XP spl Service) - brother Industries Ltd - C:\WINDOWS\system32\brsvc01a.exe
O23 - Service: GOCAD - Macrovision Corporation - C:\Program Files\EarthDecision\Licenses\lmgrd.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: HRS License Service - Unknown owner - C:\Program Files\HRS\license manager\lmgrd.exe (file missing)
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: MKS SNMPTRAPD (MKSSNMPTRAPD) - DataFocus, Inc. - C:\PROGRA~1\MKSTOO~1\bin\snmptrapd.exe
O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C:\Program Files\Eset\nod32krn.exe
O23 - Service: NuTCRACKER Service (NuTCRACKERService) - DataFocus, Inc. - C:\WINDOWS\system32\nutsrv4.exe
O23 - Service: Panasonic Local Printer Service - Panasonic Communications Co., Ltd. - C:\PROGRA~1\PANASO~1\LocalCom\lmsrvnt.exe
O23 - Service: Panasonic Trap Monitor Service - Panasonic - C:\PROGRA~1\PANASO~1\TRAPMO~1\Trapmnnt.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe
O23 - Service: ROXAR License Service - Unknown owner - C:\Program Files\ROXAR\FLEXlm 9.2\lmgrd.exe (file missing)
O23 - Service: Sentinel Keys Server (SentinelKeysServer) - SafeNet, Inc. - C:\Program Files\Common Files\SafeNet Sentinel\Sentinel Keys Server\sntlkeyssrvr.exe
O23 - Service: Sentinel Protection Server (SentinelProtectionServer) - SafeNet, Inc - C:\Program Files\Common Files\SafeNet Sentinel\Sentinel Protection Server\WinNT\spnsrvnt.exe

--
End of file - 11755 bytes