here is the infos like you wanted.
i ran in safe mode ccleaner, (also i ran Spysweeper with latest updates) and ran Avg 7.5(with latest updates), i have XP with SP2 and all updates inside with IE7 etc. it keeps popping my IE7 to www.7322.com and keeps hanging sometimes the explorer, i could not get rid of these :( so i need your help (i have also mcafee enterprise 8.0 to help) also used Avira premium security suite to get rid of garbage but still no avail :(
i reinstalled IE7 fully but it didnt fix anything so i just want to get rid of all malware and then i can reinstall things to get !!!! working, also funny i use wireless for internet(i have router) but now if i plug the wire in it dont work, i think its the same virus/malwares doings. and my computer has 2 partitions, english XP(is ok) and this is chinese xp(problems) and i dont want to format it as its too difficult to get it back on so i hope you guys can help me, preciate all the things you do in here.
Ccleaner = done
Ie7 cache and all tmps deleted = done
AVG log = here and is cleaned
combofix done and log here = ok
rootkit run = it did not give any log no matter where i looked but it said no infections all 3 categories showed 0
smithfraudfix log here also
i hope these helps :)
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 8:01:48, on 2007-11-16
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16544)
Boot mode: Normal
Running processes:
D:\WINDOWS\System32\smss.exe
D:\WINDOWS\system32\winlogon.exe
D:\WINDOWS\system32\services.exe
D:\WINDOWS\system32\lsass.exe
D:\WINDOWS\system32\ibmpmsvc.exe
D:\WINDOWS\system32\svchost.exe
D:\WINDOWS\System32\svchost.exe
D:\WINDOWS\Explorer.EXE
D:\WINDOWS\system32\spoolsv.exe
D:\WINDOWS\system32\acs.exe
D:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
D:\Program Files\Network Associates\Common Framework\FrameworkService.exe
D:\Program Files\Network Associates\VirusScan\Mcshield.exe
D:\Program Files\Network Associates\VirusScan\VsTskMgr.exe
D:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
D:\WINDOWS\system32\tp4serv.exe
D:\WINDOWS\system32\rundll32.exe
D:\WINDOWS\System32\svchost.exe
D:\PROGRA~1\Lenovo\PkgMgr\HOTKEY\TPHKMGR.exe
D:\Program Files\Lenovo\PkgMgr\HOTKEY\TPONSCR.exe
D:\Program Files\Lenovo\PkgMgr\HOTKEY_1\TpScrex.exe
D:\WINDOWS\system32\TpKmpSVC.exe
D:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
D:\Program Files\Analog Devices\Core\smax4pnp.exe
D:\Program Files\Network Associates\VirusScan\SHSTAT.EXE
D:\Program Files\Network Associates\Common Framework\UpdaterUI.exe
D:\Program Files\Common Files\Network Associates\TalkBack\TBMon.exe
D:\WINDOWS\system32\igfxtray.exe
D:\WINDOWS\system32\hkcmd.exe
D:\WINDOWS\system32\igfxpers.exe
D:\WINDOWS\system32\Rundll32.exe
D:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
D:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe
D:\WINDOWS\system32\ctfmon.exe
D:\Program Files\MSN Messenger\MsnMsgr.Exe
D:\WINDOWS\system32\igfxsrvc.exe
D:\Program Files\Digital Line Detect\DLG.exe
D:\WINDOWS\System32\svchost.exe
D:\Program Files\Webroot\Spy Sweeper\SSU.EXE
D:\WINDOWS\system32\msiexec.exe
D:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
D:\WINDOWS\system32\rundll32.exe
D:\WINDOWS\system32\wuauclt.exe
D:\Program Files\Trend Micro\HijackThis\HijackThis.exe
O2 - BHO: (no name) - {00C104F7-0F5C-470C-ABCF-A5B2E70752F1} - (no file)
O2 - BHO: Tencent Browser Helper - {0C7C23EF-A848-485B-873C-0ED954731014} - D:\Program Files\TENCENT\SSPlus\SAddr.dll
O2 - BHO: Info cache - {385AB8C6-FB22-4D17-8834-064E2BA0A6F0} - D:\Documents and Settings\All Users\Application Data\Microsoft\PCTools\pctools.dll
O2 - BHO: (no name) - {7605CC7C-00FD-4A5F-BAFD-828342DE6279} - (no file)
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live µÇ¼°ïÖú³ÌÐò - {9030D464-4C02-4ABF-8ECC-5164760863C6} - D:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: MSN Browser - {C86488AF-13D5-4FEF-9DDF-9FB88698CFC1} - D:\Documents and Settings\All Users\Application Data\Microsoft\OFFICE\USERDATA\iEPZTtrBoF.dll
O4 - HKLM\..\Run: [IMJPMIG8.1] "D:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [PHIME2002ASync] "D:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE" /SYNC
O4 - HKLM\..\Run: [PHIME2002A] "D:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE" /IMEName
O4 - HKLM\..\Run: [TrackPointSrv] tp4serv.exe
O4 - HKLM\..\Run: [PWRMGRTR] rundll32 D:\PROGRA~1\ThinkPad\UTILIT~1\PWRMGRTR.DLL,PwrMgrBkGndMonitor
O4 - HKLM\..\Run: [BLOG] rundll32 D:\PROGRA~1\ThinkPad\UTILIT~1\BatLogEx.DLL,StartBattLog
O4 - HKLM\..\Run: [TPHOTKEY] D:\PROGRA~1\Lenovo\PkgMgr\HOTKEY\TPHKMGR.exe
O4 - HKLM\..\Run: [SoundMAXPnP] "D:\Program Files\Analog Devices\Core\smax4pnp.exe"
O4 - HKLM\..\Run: [SoundMAX] "D:\Program Files\Analog Devices\SoundMAX\Smax4.exe" /tray
O4 - HKLM\..\Run: [TPKMAPHELPER] "D:\Program Files\ThinkPad\Utilities\TpKmapAp.exe" -helper
O4 - HKLM\..\Run: [ShStatEXE] "D:\Program Files\Network Associates\VirusScan\SHSTAT.EXE" /STANDALONE
O4 - HKLM\..\Run: [McAfeeUpdaterUI] "D:\Program Files\Network Associates\Common Framework\UpdaterUI.exe" /StartedFromRunKey
O4 - HKLM\..\Run: [Network Associates Error Reporting Service] "D:\Program Files\Common Files\Network Associates\TalkBack\TBMon.exe"
O4 - HKLM\..\Run: [IgfxTray] D:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] D:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] D:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [Vmlist] regsvr32 /s apphelps.dll
O4 - HKLM\..\Run: [stup.exe] "Rundll32.exe" D:\PROGRA~1\TENCENT\SSPlus\SPlus.dll,Rundll32 R
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "D:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKLM\..\Run: [SpySweeper] "D:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe" /startintray
O4 - HKCU\..\Run: [ctfmon.exe] D:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MsnMsgr] "D:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [PictureShow] "d:\program files\PictureShow\poco_tools.exe" -p PictureShow
O4 - HKUS\S-1-5-19\..\Run: [ctfmon.exe] D:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [ctfmon.exe] D:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - Startup: QQÓÎÏ·Æô¶¯¼ÓËÙ³ÌÐò.lnk = D:\Program Files\Tencent\QQGAME\Accel.exe
O4 - Global Startup: Digital Line Detect.lnk = D:\Program Files\Digital Line Detect\DLG.exe
O8 - Extra context menu item: &·ÃÎÊͨÓÃÍøÖ· - D:\Program Files\OCINS\cnrbtn.html
O8 - Extra context menu item: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx
O8 - Extra context menu item: ÉÏ´«µ½QQÍøÂçÓ²ÅÌ - D:\Program Files\Tencent\QQ\AddToNetDisk.htm
O8 - Extra context menu item: µ¼³öµ½ Microsoft Office Excel(&X) - res://D:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Ìí¼Óµ½QQ×Ô¶¨ÒåÃæ°å - D:\Program Files\Tencent\QQ\AddPanel.htm
O8 - Extra context menu item: Ìí¼Óµ½QQ±íÇé - D:\Program Files\Tencent\QQ\AddEmotion.htm
O8 - Extra context menu item: ÓÃQQ²ÊÐÅ·¢Ë͸ÃͼƬ - D:\Program Files\Tencent\QQ\SendMMS.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - D:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java ¿ØÖÆ̨ - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - D:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: ÐÅÏ¢¼ìË÷ - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - D:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: ÖÐÎÄÉÏÍø - {B012491E-8FA4-4851-AA9B-22E33784FBAD} - D:\Program Files\OCINS\config.exe (file missing)
O9 - Extra 'Tools' menuitem: ÖÐÎÄÉÏÍø - {B012491E-8FA4-4851-AA9B-22E33784FBAD} - D:\Program Files\OCINS\config.exe (file missing)
O9 - Extra button: QQ - {c95fe080-8f5d-11d2-a20b-00aa003c157b} - D:\Program Files\Tencent\QQ\QQ.EXE
O9 - Extra 'Tools' menuitem: ÌÚѶQQ - {c95fe080-8f5d-11d2-a20b-00aa003c157b} - D:\Program Files\Tencent\QQ\QQ.EXE
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - D:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - D:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - D:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - D:\Program Files\Messenger\msmsgs.exe
O15 - Trusted Zone: http://www.icbc.com.cn
O15 - ESC Trusted Zone: http://*.update.microsoft.com
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1179939940375
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1179947200406
O16 - DPF: {8D9E0B29-563C-4226-86C1-5FF2AE77E1D2} (AxSubmitControl Class) - https://mybank.icbc.com.cn/icbc/perbank/AxSafeControls.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O23 - Service: ACU Configuration Service (acs) - Atheros - D:\WINDOWS\system32\acs.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - D:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: ThinkPad PM Service (IBMPMSVC) - Lenovo - D:\WINDOWS\system32\ibmpmsvc.exe
O23 - Service: McAfee Framework ·þÎñ (McAfeeFramework) - Network Associates, Inc. - D:\Program Files\Network Associates\Common Framework\FrameworkService.exe
O23 - Service: Network Associates McShield (McShield) - Network Associates, Inc. - D:\Program Files\Network Associates\VirusScan\Mcshield.exe
O23 - Service: Network Associates Task Manager (McTaskManager) - Network Associates, Inc. - D:\Program Files\Network Associates\VirusScan\VsTskMgr.exe
O23 - Service: IBM KCU Service (TpKmpSVC) - Unknown owner - D:\WINDOWS\system32\TpKmpSVC.exe
O23 - Service: Webroot Spy Sweeper Engine (WebrootSpySweeperService) - Webroot Software, Inc. - D:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
O23 - Service: Ò»ÆðÀ´ÒôÀÖÖúÊÖ (Yiqilai) - Unknown owner - D:\Program Files\Yiqilai\wmp\YiqilaiLyrics.exe (file missing)
--
End of file - 9128 bytes
---------------------------------------------------------
AVG Anti-Spyware - Scan Report
---------------------------------------------------------
+ Created at: 16:05:07 2007-11-16
+ Scan result:
E:\htocusa.exe -> Downloader.Agent.bpp : Cleaned with backup (quarantined).
E:\old stuff\korjaus\ohjelmat\2\EvID4226Patch223d-en\EvID4226Patch.exe -> Not-A-Virus.Hacktool.EvID : Ignored and added to exceptions
D:\Documents and Settings\JAKE\Cookies\jake@atdmt[1].txt -> TrackingCookie.Atdmt : Cleaned.
D:\Documents and Settings\JAKE\Cookies\jake@m.webtrends[2].txt -> TrackingCookie.Webtrends : Cleaned.
E:\fun.xls.exe -> Trojan.VB.atg : Cleaned with backup (quarantined).
::Report end
ComboFix 07-11-08.1 - Administrator 2007-11-16 11:10:26.1 - NTFSx86 MINIMAL
ˆÌÐÐλÖÃ: D:\Documents and Settings\Administrator\×ÀÃæ\ComboFix.exe
.
Ÿo·¨ÌáÉýϵ½y™àÏÞ
(((((((((((((((((((((((((((((((((((((( ÆäËûÔâ„h³ýµÄ™n°¸ ))))))))))))))))))))))))))))))))))))))))))))))))))
.
D:\bdff5bd66073ae5b6fceef6d32d8\Desktop_.ini
D:\Documents and Settings\All Users\Application Data.\microsoft\office\system
D:\Documents and Settings\All Users\Application Data.\microsoft\office\system\finder.dll
D:\Documents and Settings\All Users\Application Data.\microsoft\office\system\sysloader.exe
D:\Documents and Settings\All Users\Application Data.\microsoft\office\system\TL5NdqgWcd_3102
D:\Documents and Settings\All Users\Application Data.\microsoft\office\userdata
D:\Documents and Settings\All Users\Application Data.\microsoft\office\userdata\_keepfile
D:\Documents and Settings\All Users\Application Data.\microsoft\office\userdata\iEPZTtrBoF.dll
D:\Documents and Settings\All Users\Application Data.\microsoft\pctools
D:\Documents and Settings\All Users\Application Data.\microsoft\pctools\pctools.dll
D:\Documents and Settings\All Users\Application Data\microsoft\pctools\pctools.dll
D:\Program Files\krbl\qxhr.dll
D:\Program Files\krbl\ublv.dll
D:\Program Files\OCINS
D:\Program Files\OCINS\cnstc.ini
D:\Program Files\OCINS\ctrcfg.ini
D:\Program Files\OCINS\cuscfg.dat
D:\Program Files\OCINS\idnaux.dat
D:\Program Files\OCINS\kwacs.dat
D:\Program Files\OCINS\update\version.dat
D:\Program Files\OCINS\usrcfg.ini
D:\Program Files\OCINS\version.dat
D:\setup.exe
D:\WINDOWS\[u]0[/u]16.exe
D:\WINDOWS\[u]0[/u]18.exe
D:\WINDOWS\20512.exe
D:\WINDOWS\dodolook324.exe
D:\WINDOWS\ocinfo.dat
D:\WINDOWS\system32\cnprov.dat
D:\WINDOWS\system32\d3d1caps.srg
D:\WINDOWS\system32\mprmsgse.axz
D:\WINDOWS\system32\x64
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
-------\LEGACY_ACPIDISK
-------\LEGACY_CNPROV
-------\LEGACY_IDNAUX
-------\LEGACY_PWGQ
-------\cnprov
-------\idnaux
-------\pwgq
(((((((((((((((((((((((((((( 2007-10-16 - 2007-11-16 Ö®ég½¨Á¢µÄ™n°¸ )))))))))))))))))))))))))))))))))
.
2007-11-16 11:14 134 --a------ D:\Documents and Settings\Administrator\catchme.zip
2007-11-16 11:04 51,200 --a------ D:\WINDOWS\NirCmd.exe
2007-11-16 07:43 <DIR> d-------- D:\Program Files\Java
2007-11-16 07:43 <DIR> d-------- D:\Program Files\Common Files\Java
2007-11-15 22:12 135,680 --a------ D:\WINDOWS\system32\taskmgr.exe
2007-11-15 22:03 <DIR> d-------- D:\Documents and Settings\Administrator\Application Data\Webroot
2007-11-15 21:58 146,432 --a------ D:\WINDOWS\system32\regedit.exe
2007-11-15 21:58 146,432 --a------ D:\WINDOWS\system\regedit.exe
2007-11-15 21:58 146,432 --a------ D:\WINDOWS\regedit.exe
2007-11-15 21:50 4,174 --a------ D:\WINDOWS\system32\tmp.reg
2007-11-15 21:22 <DIR> d-------- D:\Program Files\CCleaner
2007-11-15 21:21 <DIR> d-------- D:\Documents and Settings\Administrator\×ÀÃæ
2007-11-15 21:21 <DIR> dr------- D:\Documents and Settings\Administrator\¡¸¿ªÊ¼¡¹²Ëµ¥
2007-11-15 21:19 <DIR> d-------- D:\Documents and Settings\NetworkService\Application Data\Webroot
2007-11-15 20:13 <DIR> d-------- D:\Documents and Settings\All Users\Application Data\Grisoft
2007-11-14 17:04 <DIR> d-a------ D:\Documents and Settings\All Users\Application Data\TEMP
2007-11-14 17:02 <DIR> d-------- D:\Program Files\AnswersThatWork
2007-11-14 17:02 1,753,088 --a------ D:\WINDOWS\system32\ExGrid.dll
2007-11-14 17:02 614,400 --a------ D:\WINDOWS\system32\ExButton.dll
2007-11-14 17:02 602,112 --a------ D:\WINDOWS\system32\ExMenu.dll
2007-11-14 17:02 516,096 --a------ D:\WINDOWS\system32\ExTab.dll
2007-11-14 17:02 368,912 --a------ D:\WINDOWS\system32\vbar332.dll
2007-11-14 17:02 356,352 --a------ D:\WINDOWS\system32\eSellerateEngine.dll
2007-11-14 17:02 307,200 --a------ D:\WINDOWS\system32\ExPMenu.dll
2007-11-14 17:02 118,784 --a------ D:\WINDOWS\system32\eWebControl.dll
2007-11-14 16:41 3,968 --a------ D:\WINDOWS\system32\drivers\AvgAsCln.sys
2007-11-14 16:13 <DIR> d-------- D:\Program Files\Trend Micro
2007-11-14 14:08 <DIR> d-------- D:\Program Files\RegDoctor
2007-11-14 14:08 57,344 --a------ D:\WINDOWS\system32\CGZipLibrary.DLL
2007-11-14 14:08 40,960 --a------ D:\WINDOWS\system32\SSubTmr6.dll
2007-11-14 14:06 <DIR> d-------- D:\Documents and Settings\All Users\Application Data\ParetoLogic Anti-Spyware
2007-11-14 14:00 <DIR> d-------- D:\Program Files\Yiqilai
2007-11-14 14:00 <DIR> d-------- D:\Program Files\PictureShow
2007-11-14 14:00 <DIR> d-------- D:\Documents and Settings\JAKE\Application Data\QQUpdate
2007-11-14 14:00 <DIR> d-------- D:\Documents and Settings\All Users\Application Data\Poco
2007-11-14 13:59 24,576 --a------ D:\WINDOWS\my_70302.exe
2007-11-13 15:23 <DIR> d-------- D:\WINDOWS\system32\inf
2007-11-13 15:23 192,499 --a------ D:\WINDOWS\z01.exe
2007-11-12 21:28 <DIR> d-------- D:\Documents and Settings\JAKE\Application Data\SogouPY.users
2007-11-12 21:28 <DIR> d-------- D:\Documents and Settings\JAKE\Application Data\SogouPY
2007-11-12 21:27 169,472 --a------ D:\WINDOWS\sougou.exe
2007-11-12 21:27 137,008 --a------ D:\WINDOWS\system32\setupol_3247_0235.exe
2007-11-11 00:49 <DIR> d-------- D:\Program Files\krbl
2007-11-11 00:49 258,893 --a------ D:\WINDOWS\ad_2378.exe
2007-11-11 00:46 <DIR> d-------- D:\Documents and Settings\JAKE\Application Data\StromII
2007-11-11 00:46 <DIR> d-------- D:\Documents and Settings\JAKE\Application Data\ppstream
2007-11-11 00:45 <DIR> d-------- D:\Documents and Settings\All Users\Application Data\Storm
2007-11-11 00:45 24,576 --a------ D:\WINDOWS\my_70201.exe
2007-11-11 00:08 <DIR> d-------- D:\Documents and Settings\JAKE\Application Data\Skype
2007-11-11 00:08 <DIR> d-------- D:\Documents and Settings\All Users\Application Data\Skype
2007-11-10 23:56 602,112 --a------ D:\WINDOWS\system32\rrqjlejwzjhyu.dll
2007-11-10 23:54 602,112 --a------ D:\WINDOWS\system32\czpqteheedfnp.dll
2007-11-10 23:54 0 --a------ D:\WINDOWS\ressertterb.dll
2007-11-10 23:53 602,112 --a------ D:\WINDOWS\system32\jlvnzeknrhwuf.dll
2007-11-10 23:52 602,112 --a------ D:\WINDOWS\system32\qkhpfjegxwqox.dll
2007-11-10 23:52 45,056 --a------ D:\WINDOWS\system32\SkypeClient.exe
2007-11-10 23:52 0 --a------ D:\WINDOWS\assserak47.dll
2007-11-10 23:44 <DIR> d-------- D:\quarantine
2007-11-09 23:01 <DIR> d--hsc--- D:\Program Files\Common Files\WindowsLiveInstaller
2007-11-09 23:00 <DIR> d-------- D:\Program Files\Windows Live
2007-11-09 23:00 <DIR> d-------- D:\Documents and Settings\All Users\Application Data\WLInstaller
2007-11-09 16:24 <DIR> d-------- D:\Program Files\MSN Messenger
2007-11-09 16:11 <DIR> d-------- D:\Documents and Settings\JAKE\Application Data\DMCache
2007-11-09 16:02 <DIR> d-------- D:\downloads
2007-11-06 17:15 <DIR> d-------- D:\Program Files\ICBC
2007-11-06 17:05 110,592 --a------ D:\WINDOWS\system32\igfxres.dll
2007-11-03 17:33 393,216 --a------ D:\WINDOWS\system32\igxpun.exe
2007-11-03 17:32 319,456 --a------ D:\WINDOWS\system32\difxapi.dll
2007-11-03 12:18 118,320 --a------ D:\WINDOWS\system32\tp4uires.dll
2007-11-03 01:44 6,058,496 -----c--- D:\WINDOWS\system32\dllcache\ieframe.dll
2007-11-03 01:44 2,455,488 -----c--- D:\WINDOWS\system32\dllcache\ieapfltr.dat
2007-11-03 01:44 459,264 -----c--- D:\WINDOWS\system32\dllcache\msfeeds.dll
2007-11-03 01:44 383,488 -----c--- D:\WINDOWS\system32\dllcache\ieapfltr.dll
2007-11-03 01:44 267,776 -----c--- D:\WINDOWS\system32\dllcache\iertutil.dll
2007-11-03 01:44 63,488 -----c--- D:\WINDOWS\system32\dllcache\icardie.dll
2007-11-03 01:44 52,224 -----c--- D:\WINDOWS\system32\dllcache\msfeedsbs.dll
2007-11-03 01:44 13,824 -----c--- D:\WINDOWS\system32\dllcache\ieudinit.exe
2007-11-02 17:06 <DIR> d-------- D:\Program Files\IESuper
2007-11-02 17:06 <DIR> d-------- D:\Program Files\Google
2007-10-28 12:57 <DIR> d-------- D:\Program Files\Thunder Network
2007-10-28 12:57 <DIR> d-------- D:\Documents and Settings\All Users\Application Data\thunder_vod_cache
2007-10-28 12:57 <DIR> d-------- D:\Documents and Settings\All Users\Application Data\Thunder Network
2007-10-28 12:57 <DIR> d-------- D:\Documents and Settings\All Users\Application Data\mvcache
2007-10-28 12:57 5,614,904 --a------ D:\ѸÀ×.exe
2007-10-28 12:57 315 --a------ D:\WINDOWS\system32\cid_store.dat
2007-10-23 12:56 <DIR> d-------- D:\Program Files\TVUPlayer
2007-10-23 12:56 <DIR> d-------- D:\Documents and Settings\JAKE\Application Data\TVU Networks
.
(((((((((((((((((((((((((((((((((((( ½üÈý‚€Ôƒȸü„ӵęn°¸ )))))))))))))))))))))))))))))))))))))))))))))))
.
2007-11-13 07:24 12,724 ----a-w D:\WINDOWS\system32\drivers\ssdpsrc.sys
2007-11-09 08:09 --------- d-----w D:\Documents and Settings\JAKE\Application Data\uTorrent
2007-11-03 04:18 0 ---ha-w D:\WINDOWS\system32\drivers\MsftWdf_Kernel_01001_Coinstaller_Critical.Wdf
2007-11-03 04:18 0 ---ha-w D:\WINDOWS\system32\drivers\Msft_Kernel_tp4track_01001.Wdf
2007-10-28 04:57 5,614,904 ----a-w D:\ѸÀ×.exe
2007-10-16 10:11 --------- d--h--w D:\Program Files\InstallShield Installation Information
2007-10-08 08:54 --------- d-----w D:\Program Files\Alisoft
2007-09-22 14:00 --------- d-----w D:\Documents and Settings\JAKE\Application Data\Ectaco
2007-09-22 13:59 --------- d-----w D:\Program Files\LingvoSoft
2007-09-19 17:02 --------- d-----w D:\Program Files\Windows Live Toolbar
.
(((((((((((((((((((((((((((((((((((((((((( ÖØÒªµÇä›™n )))))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*×¢Òâ* ¿Õ°×»òºÏ·¨µÄµÇä›ÖµŒ¢²»•þï@ʾ.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IMJPMIG8.1"="D:\WINDOWS\IME\imjp8_1\IMJPMIG.exe" [2004-08-17 20:00]
"PHIME2002ASync"="D:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.exe" [2004-08-17 20:00]
"PHIME2002A"="D:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.exe" [2004-08-17 20:00]
"TrackPointSrv"="tp4serv.exe" [2007-04-26 21:14 D:\WINDOWS\system32\tp4serv.exe]
"PWRMGRTR"="D:\PROGRA~1\ThinkPad\UTILIT~1\PWRMGRTR.DLL" [2006-12-20 01:14]
"BLOG"="D:\PROGRA~1\ThinkPad\UTILIT~1\BatLogEx.DLL" [2006-12-20 01:14]
"TPHOTKEY"="D:\PROGRA~1\Lenovo\PkgMgr\HOTKEY\TPHKMGR.exe" [2006-10-02 10:19]
"SoundMAXPnP"="D:\Program Files\Analog Devices\Core\smax4pnp.exe" [2005-05-20 09:11]
"SoundMAX"="D:\Program Files\Analog Devices\SoundMAX\Smax4.exe" [2005-05-06 15:06]
"TPKMAPHELPER"="D:\Program Files\ThinkPad\Utilities\TpKmapAp.exe" [2006-06-02 22:00]
"ShStatEXE"="D:\Program Files\Network Associates\VirusScan\SHSTAT.exe" [2004-09-22 20:00]
"McAfeeUpdaterUI"="D:\Program Files\Network Associates\Common Framework\UpdaterUI.exe" [2004-08-06 03:50]
"Network Associates Error Reporting Service"="D:\Program Files\Common Files\Network Associates\TalkBack\TBMon.exe" [2003-10-07 09:48]
"IgfxTray"="D:\WINDOWS\system32\igfxtray.exe" [2007-02-26 18:34]
"HotKeysCmds"="D:\WINDOWS\system32\hkcmd.exe" [2007-02-26 18:34]
"Persistence"="D:\WINDOWS\system32\igfxpers.exe" [2007-02-26 18:33]
"Vmlist"="regsvr32 /s apphelps.dll" []
"stup.exe"="D:\PROGRA~1\TENCENT\SSPlus\SPlus.dll" [2007-09-29 10:09]
"!AVG Anti-Spyware"="D:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" [2007-11-14 22:11]
"SpySweeper"="D:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe" [2007-03-01 19:55]
"combofix"="D:\WINDOWS\system32\cmd.exe" [2004-08-17 20:00]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="D:\WINDOWS\system32\ctfmon.exe" [2004-08-17 20:00]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\runonce]
"im3v2ss76e"=%systemroot%\system32\Rundll32.exe %systemroot%\system32\im3v2ss76e.dll,DllUnregisterServer
"combofix"=D:\WINDOWS\system32\cmd.exe /c D:\ComboFix\Combobatch.bat
D:\Documents and Settings\JAKE\¡¸¿ªÊ¼¡¹²Ëµ¥\³ÌÐò\Æô¶¯\
QQÓÎÏ·Æô¶¯¼ÓËÙ³ÌÐò.lnk - D:\Program Files\Tencent\QQGAME\Accel.exe [2007-08-10 15:13:19]
D:\Documents and Settings\All Users\¡¸¿ªÊ¼¡¹²Ëµ¥\³ÌÐò\Æô¶¯\
Digital Line Detect.lnk - D:\Program Files\Digital Line Detect\DLG.exe [2007-05-23 23:52:18]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\tpfnf2]
notifyf2.dll 2005-07-05 23:45 28672 D:\WINDOWS\system32\notifyf2.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\tphotkey]
tphklock.dll 2005-11-30 20:16 24576 D:\WINDOWS\system32\tphklock.dll
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\combofix]
@="service"
R0 0wtt;0wt;D:\WINDOWS\system32\DRIVERS\[u]0[/u]wtt.sys
R3 atmeltpm;atmeltpm;D:\WINDOWS\system32\DRIVERS\atmeltpm.sys
S0 exetnk70;exetnk7;D:\WINDOWS\system32\DRIVERS\exetnk70.sys
S2 ddwhvb9dkw;ddwhvb9dkw;\??\D:\WINDOWS\system32\drivers\ddwhvb9dkw.sys
S2 hv9rdjk2i;hv9rdjk2i;\??\D:\WINDOWS\system32\drivers\hv9rdjk2i.sys
S3 AEAudioService;AEAudio Service;D:\WINDOWS\system32\drivers\AEAudio.sys
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
DCOMClient
.
Åų̹¤×÷ÙYÁÏŠAµÄƒÈÈÝ
"2007-11-14 06:07:45 D:\WINDOWS\Tasks\Pareto UNS.job"
"2007-11-15 23:50:47 D:\WINDOWS\Tasks\PMTask.job"
.
**************************************************************************
catchme 0.3.1250 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2007-11-16 11:21:18
Windows 5.1.2600 Service Pack 2 NTFS
’ßÃèë[²ØµÄ³ÌÐò ...
’ßÃèë[²ØµÄßM³Ì ...
’ßÃèë[²ØµÄ™n°¸ ...
’ßÃèÍê³É
ë[²Ø™n°¸: 0
**************************************************************************
.
Íê³É•rég: 2007-11-16 11:23:10 - machine was rebooted
.
--- E O F ---
SmitFraudFix v2.253
Scan done at 21:58:58.85, 2007-11-15 ÐÇÆÚËÄ
Run from E:\SmitfraudFix
OS: Microsoft Windows XP [°æ±¾ 5.1.2600] - Windows_NT
The filesystem type is NTFS
Fix run in safe mode
»»»»»»»»»»»»»»»»»»»»»»»» SharedTaskScheduler Before SmitFraudFix
!!!Attention, following keys are not inevitably infected!!!
SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll
»»»»»»»»»»»»»»»»»»»»»»»» Killing process
»»»»»»»»»»»»»»»»»»»»»»»» hosts
127.0.0.1 localhost
»»»»»»»»»»»»»»»»»»»»»»»» Winsock2 Fix
S!Ri's WS2Fix: LSP not Found.
»»»»»»»»»»»»»»»»»»»»»»»» Generic Renos Fix
GenericRenosFix by S!Ri
»»»»»»»»»»»»»»»»»»»»»»»» Deleting infected files
»»»»»»»»»»»»»»»»»»»»»»»» DNS
HKLM\SYSTEM\CCS\Services\Tcpip\..\{6FD7D4A0-7EDE-4A52-9B7C-6D18995AE70D}: DhcpNameServer=202.96.128.86 202.96.128.166
HKLM\SYSTEM\CS1\Services\Tcpip\..\{6FD7D4A0-7EDE-4A52-9B7C-6D18995AE70D}: DhcpNameServer=202.96.128.86 202.96.128.166
HKLM\SYSTEM\CS2\Services\Tcpip\..\{6FD7D4A0-7EDE-4A52-9B7C-6D18995AE70D}: DhcpNameServer=202.96.128.86 202.96.128.166
HKLM\SYSTEM\CCS\Services\Tcpip\Parameters: DhcpNameServer=202.96.128.86 202.96.128.166
HKLM\SYSTEM\CS1\Services\Tcpip\Parameters: DhcpNameServer=202.96.128.86 202.96.128.166
HKLM\SYSTEM\CS2\Services\Tcpip\Parameters: DhcpNameServer=202.96.128.86 202.96.128.166
»»»»»»»»»»»»»»»»»»»»»»»» Deleting Temp Files
»»»»»»»»»»»»»»»»»»»»»»»» Winlogon.System
!!!Attention, following keys are not inevitably infected!!!
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
"System"=""
»»»»»»»»»»»»»»»»»»»»»»»» Registry Cleaning
Registry Cleaning done.
»»»»»»»»»»»»»»»»»»»»»»»» SharedTaskScheduler After SmitFraudFix
!!!Attention, following keys are not inevitably infected!!!
SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll
»»»»»»»»»»»»»»»»»»»»»»»» End |
|