Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

No task panel and icons in desktop when start PC


  • Please log in to reply
15 replies to this topic

#1 Faithly

Faithly

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:08:07 PM

Posted 25 December 2009 - 06:19 AM

When starting my PC, only desktop pitcure can be seen, no start menu and any other icons. I did the hijakthis test. could please help to check whether my PC was infected or not. I copied the hikack this log and attached DDS and rootrepeal reports for your reference.

Thanks

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 18:19:23, on 2009-12-25
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\360\360Safe\deepscan\zhudongfangyu.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\CMBCHINA\WebProtect\WPService.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\RTHDCPL.EXE
C:\WINDOWS\system32\igfxtray.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Samsung\Samsung Battery Manager\BatteryManager.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Tudou\飞速Tudou\TudouVa.exe
C:\Program Files\StormII\Storm.exe
C:\Program Files\StormII\Stormtray.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Windows Live\Contacts\wlcomm.exe
C:\Program Files\SogouExplorer\SogouExplorer.exe
C:\Program Files\SogouExplorer\setask.exe
C:\Program Files\SogouExplorer\setask.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

O2 - BHO: QQCycloneHelper - {00000000-12C9-4305-82F9-43058F20E8D2} - C:\Program Files\Tencent\QQDownload2\QQIEHelper01.dll
O2 - BHO: Thunder AtOnce - {01443AEC-0FD1-40fd-9C87-E93D1494C233} - C:\Program Files\Thunder Network\Thunder\ComDlls\TDAtOnce_Now.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: (no name) - {2F401A09-2F10-455E-A15D-4C8B9D8D7AEB} - C:\PROGRA~1\黄河FL~1\hhcatch.dll
O2 - BHO: WebDetectorBHO - {43BEAFD9-E005-483D-A367-146BA6C8A32E} - C:\Program Files\Tudou\飞速Tudou\tudouDetector.dll
O2 - BHO: WebProtect.IEHlpObj - {53763D1D-9CA8-4C7C-9756-A8E6B8FC063B} - C:\Program Files\CMBCHINA\WebProtect\WebProtect.dll
O2 - BHO: QvodExtend - {53AC8551-0DE0-4606-8A1E-A51AF20ADD60} - C:\Program Files\QvodPlayer\QvodExtend.dll
O2 - BHO: IEVkbdBHO - {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\ievkbd.dll
O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SearchHelper.dll
O2 - BHO: ThunderBHO - {889D2FEB-5411-4565-8998-1DD2C5261283} - C:\Program Files\Thunder Network\Thunder\ComDlls\xunleiBHO_Now.dll
O2 - BHO: Windows Live 登录帮助程序 - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: CBIEBuddy - {A412E581-59B2-485E-834F-C5F0C0268C79} - C:\Program Files\Kingsoft\PowerWord Lite\CBEBand.DLL
O2 - BHO: SafeMon Class - {B69F34DD-F0F9-42DC-9EDD-957187DA688D} - C:\Program Files\360\360Safe\safemon\safemon.dll
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: Windows Live Toolbar Helper - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: &Windows Live Toolbar - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [BatteryManager] C:\Program Files\Samsung\Samsung Battery Manager\BatteryManager.exe
O4 - HKLM\..\Run: [AVP] "C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\avp.exe"
O4 - HKLM\..\Run: [ISUSPM] "C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe" -scheduler
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKUS\S-1-5-19\..\Run: [ctfmon.exe] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [ctfmon.exe] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [ctfmon.exe] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [ctfmon.exe] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: 启动iTudou.lnk = C:\Program Files\Tudou\iTudou\iTudou.exe
O4 - Startup: 启动飞速土豆.lnk = ?
O4 - Global Startup: 谷歌金山词霸合作版.lnk = C:\Program Files\Kingsoft\PowerWord Lite\XDict.exe
O8 - Extra context menu item: &使用QQ旋风下载 - C:\Program Files\Tencent\QQDownload2\geturl.htm
O8 - Extra context menu item: &使用QQ旋风下载全部链接 - C:\Program Files\Tencent\QQDownload2\getAllurl.htm
O8 - Extra context menu item: &使用超级旋风下载 - C:\Program Files\Tencent\QQDownload\geturl.htm
O8 - Extra context menu item: &使用超级旋风下载全部链接 - C:\Program Files\Tencent\QQDownload\getAllurl.htm
O8 - Extra context menu item: &使用超级旋风下载本页视频 - C:\Program Files\Tencent\QQDownload\geturlflv.htm
O8 - Extra context menu item: 上传到淘江湖相册 - C:\Program Files\AliWangWang\AddToAlbum.htm
O8 - Extra context menu item: 使用光影编辑和美化 - C:\Program Files\nEO iMAGING\NeoOpenNeo.htm
O8 - Extra context menu item: 使用迅雷下载 - C:\Program Files\Thunder Network\Thunder\Program\GetUrl.htm
O8 - Extra context menu item: 使用迅雷下载全部链接 - C:\Program Files\Thunder Network\Thunder\Program\GetAllUrl.htm
O8 - Extra context menu item: 发送到 Bluetooth - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O8 - Extra context menu item: 发送到 Bluetooth 设备(&:(... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
O8 - Extra context menu item: 导出到 Microsoft Office Excel(&X) - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: 添加为阿里旺旺表情 - C:\Program Files\AliWangWang\AddNewEmotion.htm
O8 - Extra context menu item: 添加到QQ表情 - C:\Program Files\Tencent\QQ\AddEmotion.htm
O8 - Extra context menu item: 添加到卡巴斯基反广告 - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\ie_banner_deny.htm
O8 - Extra context menu item: 黄河&Flash播放器 - C:\PROGRA~1\黄河FL~1\geturl.htm
O9 - Extra button: 铃声 - {0713E8D2-850A-101B-AFC0-4210102A8DA7} - http://huanghetv.sms.163.com (file missing)
O9 - Extra button: 网页流量保护状态 - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\SCIEPlgn.dll
O9 - Extra button: 写入日志 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: 在 Windows Live Writer 中写入日志(&:( - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: 信息检索 - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: 金山词霸浏览器栏 - {A412E581-59B2-485E-834F-C5F0C0268C79} - C:\Program Files\Kingsoft\PowerWord Lite\CBEBand.DLL
O9 - Extra 'Tools' menuitem: 金山词霸浏览器栏 - {A412E581-59B2-485E-834F-C5F0C0268C79} - C:\Program Files\Kingsoft\PowerWord Lite\CBEBand.DLL
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra button: 彩票 - {82D9671E-0B56-4285-92CD-15BC08B883BB} - C:\Program Files\QvodPlayer\QvodExtend.dll (HKCU)
O9 - Extra 'Tools' menuitem: 彩票 - {82D9671E-0B56-4285-92CD-15BC08B883BB} - C:\Program Files\QvodPlayer\QvodExtend.dll (HKCU)
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O16 - DPF: {045ADB92-9635-45CE-B25B-F19F825B0E39} (MSTPlayerInstaller Control) - http://202.152.178.221/MstPlayer/CHS/MSTPlayerInstaller.ocx
O16 - DPF: {0CA54D3F-CEAE-48AF-9A2B-31909CB9515D} (Edit Class) - https://site.cmbchina.com/download/CMBEdit.cab
O16 - DPF: {1E0DFFCF-27FF-4574-849B-55007349FEDA} (iTrusPTA Class) - https://img.alipay.com/download/1101/aliedit.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/...b?1260668205562
O16 - DPF: {A3CD7F74-93C9-4BC4-B892-CCDF1514F714} (Submit Class) - https://pbank.95559.com.cn/personbank/ocx/safe_bankcomm.cab
O18 - Protocol: mbox - {3050F3DA-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll
O18 - Protocol: mboxflash - {3050F3DA-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll
O23 - Service: McAfee Application Installer Cleanup (0268831247971633) (0268831247971633mcinstcleanup) - Unknown owner - C:\WINDOWS\TEMP\026883~1.EXE (file missing)
O23 - Service: Kaspersky Internet Security (AVP) - Kaspersky Lab - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\avp.exe
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
O23 - Service: Cmb WebProtect Support (CMBWPS) - China Merchants Bank - C:\Program Files\CMBCHINA\WebProtect\WPService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: Samsung Update Plus - Unknown owner - C:\Program Files\Samsung\Samsung Update Plus\SLUBackgroundService.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: Marvell Yukon Service (yksvc) - Unknown owner - RUNDLL32.EXE (file missing)
O23 - Service: 主动防御 (ZhuDongFangYu) - 360安全中心 - C:\Program Files\360\360Safe\deepscan\zhudongfangyu.exe

--
End of file - 10516 bytes

Attached Files



BC AdBot (Login to Remove)

 


#2 Farbar

Farbar

    Just Curious


  • Security Developer
  • 21,706 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:The Netherlands
  • Local time:03:07 AM

Posted 25 December 2009 - 09:15 AM

Please download OTL by OldTimer.
  • Save it to your desktop.
  • Double click on the OTL icon on your desktop.
  • Copy the text in code box and paste it to Custom Scans/Fixes section:

    :Processes
    zhudongfangyu.exe
    :Services
    ZhuDongFangYu
    360SelfProtection
    yksvc
    0268831247971633mcinstcleanup
    :files
    C:\Program Files\360
    c:\windows\system32\drivers\360SelfProtection.sys

  • Click Run Fix button.
  • If the fix needed a reboot please do it.
  • After finished a log will open. Copy and paste the log to your reply.
  • Also tell me how your desktop loads now.


#3 Faithly

Faithly
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:08:07 PM

Posted 25 December 2009 - 11:34 PM

Thanks!! When I reboot my PC, the desktop get back to normal now. :(

Is there a virus in my PC?? What shall I do next to protect my PC?

The log is in below:
========== PROCESSES ==========
Process zhudongfangyu.exe killed successfully!
========== SERVICES/DRIVERS ==========
Service ZhuDongFangYu stopped successfully!
Service ZhuDongFangYu deleted successfully!
Error: Unable to stop service 360SelfProtection!
Unable to delete service\driver key360SelfProtection.
Service yksvc stopped successfully!
Service yksvc deleted successfully!
Service 0268831247971633mcinstcleanup stopped successfully!
Service 0268831247971633mcinstcleanup deleted successfully!
========== FILES ==========
C:\Program Files\360\360Safe\update folder moved successfully.
Folder move failed. C:\Program Files\360\360Safe\sweeper scheduled to be moved on reboot.
C:\Program Files\360\360Safe\SoftMgr\skin folder moved successfully.
C:\Program Files\360\360Safe\SoftMgr\download folder moved successfully.
Folder move failed. C:\Program Files\360\360Safe\SoftMgr scheduled to be moved on reboot.
C:\Program Files\360\360Safe\safemon\skin\Trust folder moved successfully.
Folder move failed. C:\Program Files\360\360Safe\safemon\skin\State scheduled to be moved on reboot.
Folder move failed. C:\Program Files\360\360Safe\safemon\skin\MessageBox scheduled to be moved on reboot.
Folder move failed. C:\Program Files\360\360Safe\safemon\skin\Log scheduled to be moved on reboot.
Folder move failed. C:\Program Files\360\360Safe\safemon\skin\Default\Simplified scheduled to be moved on reboot.
Folder move failed. C:\Program Files\360\360Safe\safemon\skin\Default scheduled to be moved on reboot.
Folder move failed. C:\Program Files\360\360Safe\safemon\skin\Config scheduled to be moved on reboot.
Folder move failed. C:\Program Files\360\360Safe\safemon\skin scheduled to be moved on reboot.
Folder move failed. C:\Program Files\360\360Safe\safemon scheduled to be moved on reboot.
Folder move failed. C:\Program Files\360\360Safe\modules scheduled to be moved on reboot.
C:\Program Files\360\360Safe\LiveUpdateLog folder moved successfully.
Folder move failed. C:\Program Files\360\360Safe\LiveUpdate360skin scheduled to be moved on reboot.
Folder move failed. C:\Program Files\360\360Safe\links scheduled to be moved on reboot.
Folder move failed. C:\Program Files\360\360Safe\ipc scheduled to be moved on reboot.
C:\Program Files\360\360Safe\hotfix\soft folder moved successfully.
C:\Program Files\360\360Safe\hotfix folder moved successfully.
Folder move failed. C:\Program Files\360\360Safe\firstaid scheduled to be moved on reboot.
C:\Program Files\360\360Safe\deepscan\Section\DropLog folder moved successfully.
Folder move failed. C:\Program Files\360\360Safe\deepscan\Section scheduled to be moved on reboot.
Folder move failed. C:\Program Files\360\360Safe\deepscan\DSMainSkin scheduled to be moved on reboot.
Folder move failed. C:\Program Files\360\360Safe\deepscan\ave scheduled to be moved on reboot.
Folder move failed. C:\Program Files\360\360Safe\deepscan scheduled to be moved on reboot.
Folder move failed. C:\Program Files\360\360Safe\antiarp scheduled to be moved on reboot.
C:\Program Files\360\360Safe\360SE folder moved successfully.
C:\Program Files\360\360Safe\360SD folder moved successfully.
C:\Program Files\360\360Safe\360Safebox folder moved successfully.
Folder move failed. C:\Program Files\360\360Safe\360Safe scheduled to be moved on reboot.
Folder move failed. C:\Program Files\360\360Safe scheduled to be moved on reboot.
Folder move failed. C:\Program Files\360 scheduled to be moved on reboot.
File move failed. c:\windows\system32\drivers\360SelfProtection.sys scheduled to be moved on reboot.

OTL by OldTimer - Version 3.1.20.1 log created on 12262009_121420

Files\Folders moved on Reboot...
Folder move failed. C:\Program Files\360\360Safe\sweeper scheduled to be moved on reboot.
Folder move failed. C:\Program Files\360\360Safe\SoftMgr scheduled to be moved on reboot.
Folder move failed. C:\Program Files\360\360Safe\safemon\skin\State scheduled to be moved on reboot.
Folder move failed. C:\Program Files\360\360Safe\safemon\skin\MessageBox scheduled to be moved on reboot.
Folder move failed. C:\Program Files\360\360Safe\safemon\skin\Log scheduled to be moved on reboot.
Folder move failed. C:\Program Files\360\360Safe\safemon\skin\Default\Simplified scheduled to be moved on reboot.
Folder move failed. C:\Program Files\360\360Safe\safemon\skin\Default\Simplified scheduled to be moved on reboot.
Folder move failed. C:\Program Files\360\360Safe\safemon\skin\Default scheduled to be moved on reboot.
Folder move failed. C:\Program Files\360\360Safe\safemon\skin\Config scheduled to be moved on reboot.
Folder move failed. C:\Program Files\360\360Safe\safemon\skin\State scheduled to be moved on reboot.
Folder move failed. C:\Program Files\360\360Safe\safemon\skin\MessageBox scheduled to be moved on reboot.
Folder move failed. C:\Program Files\360\360Safe\safemon\skin\Log scheduled to be moved on reboot.
Folder move failed. C:\Program Files\360\360Safe\safemon\skin\Default\Simplified scheduled to be moved on reboot.
Folder move failed. C:\Program Files\360\360Safe\safemon\skin\Default scheduled to be moved on reboot.
Folder move failed. C:\Program Files\360\360Safe\safemon\skin\Config scheduled to be moved on reboot.
Folder move failed. C:\Program Files\360\360Safe\safemon\skin scheduled to be moved on reboot.
Folder move failed. C:\Program Files\360\360Safe\safemon\skin\State scheduled to be moved on reboot.
Folder move failed. C:\Program Files\360\360Safe\safemon\skin\MessageBox scheduled to be moved on reboot.
Folder move failed. C:\Program Files\360\360Safe\safemon\skin\Log scheduled to be moved on reboot.
Folder move failed. C:\Program Files\360\360Safe\safemon\skin\Default\Simplified scheduled to be moved on reboot.
Folder move failed. C:\Program Files\360\360Safe\safemon\skin\Default scheduled to be moved on reboot.
Folder move failed. C:\Program Files\360\360Safe\safemon\skin\Config scheduled to be moved on reboot.
Folder move failed. C:\Program Files\360\360Safe\safemon\skin scheduled to be moved on reboot.
Folder move failed. C:\Program Files\360\360Safe\safemon scheduled to be moved on reboot.
Folder move failed. C:\Program Files\360\360Safe\modules scheduled to be moved on reboot.
Folder move failed. C:\Program Files\360\360Safe\LiveUpdate360skin scheduled to be moved on reboot.
Folder move failed. C:\Program Files\360\360Safe\links scheduled to be moved on reboot.
Folder move failed. C:\Program Files\360\360Safe\ipc scheduled to be moved on reboot.
Folder move failed. C:\Program Files\360\360Safe\firstaid scheduled to be moved on reboot.
Folder move failed. C:\Program Files\360\360Safe\deepscan\Section scheduled to be moved on reboot.
Folder move failed. C:\Program Files\360\360Safe\deepscan\DSMainSkin scheduled to be moved on reboot.
Folder move failed. C:\Program Files\360\360Safe\deepscan\ave scheduled to be moved on reboot.
Folder move failed. C:\Program Files\360\360Safe\deepscan\Section scheduled to be moved on reboot.
Folder move failed. C:\Program Files\360\360Safe\deepscan\DSMainSkin scheduled to be moved on reboot.
Folder move failed. C:\Program Files\360\360Safe\deepscan\ave scheduled to be moved on reboot.
Folder move failed. C:\Program Files\360\360Safe\deepscan scheduled to be moved on reboot.
Folder move failed. C:\Program Files\360\360Safe\antiarp scheduled to be moved on reboot.
Folder move failed. C:\Program Files\360\360Safe\360Safe scheduled to be moved on reboot.
Folder move failed. C:\Program Files\360\360Safe\sweeper scheduled to be moved on reboot.
Folder move failed. C:\Program Files\360\360Safe\SoftMgr scheduled to be moved on reboot.
Folder move failed. C:\Program Files\360\360Safe\safemon\skin\State scheduled to be moved on reboot.
Folder move failed. C:\Program Files\360\360Safe\safemon\skin\MessageBox scheduled to be moved on reboot.
Folder move failed. C:\Program Files\360\360Safe\safemon\skin\Log scheduled to be moved on reboot.
Folder move failed. C:\Program Files\360\360Safe\safemon\skin\Default\Simplified scheduled to be moved on reboot.
Folder move failed. C:\Program Files\360\360Safe\safemon\skin\Default scheduled to be moved on reboot.
Folder move failed. C:\Program Files\360\360Safe\safemon\skin\Config scheduled to be moved on reboot.
Folder move failed. C:\Program Files\360\360Safe\safemon\skin scheduled to be moved on reboot.
Folder move failed. C:\Program Files\360\360Safe\safemon scheduled to be moved on reboot.
Folder move failed. C:\Program Files\360\360Safe\modules scheduled to be moved on reboot.
Folder move failed. C:\Program Files\360\360Safe\LiveUpdate360skin scheduled to be moved on reboot.
Folder move failed. C:\Program Files\360\360Safe\links scheduled to be moved on reboot.
Folder move failed. C:\Program Files\360\360Safe\ipc scheduled to be moved on reboot.
Folder move failed. C:\Program Files\360\360Safe\firstaid scheduled to be moved on reboot.
Folder move failed. C:\Program Files\360\360Safe\deepscan\Section scheduled to be moved on reboot.
Folder move failed. C:\Program Files\360\360Safe\deepscan\DSMainSkin scheduled to be moved on reboot.
Folder move failed. C:\Program Files\360\360Safe\deepscan\ave scheduled to be moved on reboot.
Folder move failed. C:\Program Files\360\360Safe\deepscan scheduled to be moved on reboot.
Folder move failed. C:\Program Files\360\360Safe\antiarp scheduled to be moved on reboot.
Folder move failed. C:\Program Files\360\360Safe\360Safe scheduled to be moved on reboot.
Folder move failed. C:\Program Files\360\360Safe scheduled to be moved on reboot.
Folder move failed. C:\Program Files\360\360Safe\sweeper scheduled to be moved on reboot.
Folder move failed. C:\Program Files\360\360Safe\SoftMgr scheduled to be moved on reboot.
Folder move failed. C:\Program Files\360\360Safe\safemon\skin\State scheduled to be moved on reboot.
Folder move failed. C:\Program Files\360\360Safe\safemon\skin\MessageBox scheduled to be moved on reboot.
Folder move failed. C:\Program Files\360\360Safe\safemon\skin\Log scheduled to be moved on reboot.
Folder move failed. C:\Program Files\360\360Safe\safemon\skin\Default\Simplified scheduled to be moved on reboot.
Folder move failed. C:\Program Files\360\360Safe\safemon\skin\Default scheduled to be moved on reboot.
Folder move failed. C:\Program Files\360\360Safe\safemon\skin\Config scheduled to be moved on reboot.
Folder move failed. C:\Program Files\360\360Safe\safemon\skin scheduled to be moved on reboot.
Folder move failed. C:\Program Files\360\360Safe\safemon scheduled to be moved on reboot.
Folder move failed. C:\Program Files\360\360Safe\modules scheduled to be moved on reboot.
Folder move failed. C:\Program Files\360\360Safe\LiveUpdate360skin scheduled to be moved on reboot.
Folder move failed. C:\Program Files\360\360Safe\links scheduled to be moved on reboot.
Folder move failed. C:\Program Files\360\360Safe\ipc scheduled to be moved on reboot.
Folder move failed. C:\Program Files\360\360Safe\firstaid scheduled to be moved on reboot.
Folder move failed. C:\Program Files\360\360Safe\deepscan\Section scheduled to be moved on reboot.
Folder move failed. C:\Program Files\360\360Safe\deepscan\DSMainSkin scheduled to be moved on reboot.
Folder move failed. C:\Program Files\360\360Safe\deepscan\ave scheduled to be moved on reboot.
Folder move failed. C:\Program Files\360\360Safe\deepscan scheduled to be moved on reboot.
Folder move failed. C:\Program Files\360\360Safe\antiarp scheduled to be moved on reboot.
Folder move failed. C:\Program Files\360\360Safe\360Safe scheduled to be moved on reboot.
Folder move failed. C:\Program Files\360\360Safe scheduled to be moved on reboot.
Folder move failed. C:\Program Files\360 scheduled to be moved on reboot.
File move failed. c:\windows\system32\drivers\360SelfProtection.sys scheduled to be moved on reboot.

Registry entries deleted on Reboot...

#4 Farbar

Farbar

    Just Curious


  • Security Developer
  • 21,706 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:The Netherlands
  • Local time:03:07 AM

Posted 26 December 2009 - 06:25 AM

The only problem I see on your computer is the 360Safe which claims to be a legit antivirus while there are sites reporting it as rogue or malicious. the fact that it had blocked your desktop from proper loading is suspicious.
  • You are having Kaspersky Internet Security. Could you tell me how 360Safe is installed on your computer?

  • Please go to Add/Remove programs on Control Panel and try to uninstall 360Safe from there. I think you can read 360 but the rest is Chinese.

  • Please download Malwarebytes' Anti-Malware from one of these locations:
    malwarebytes.org
    majorgeeks.com
    • Double Click mbam-setup.exe to install the application.
    • Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
    • If an update is found, it will download and install the latest version.
    • Once the program has loaded, select "Perform Quick Scan", then click Scan.
    • The scan may take some time to finish,so please be patient.
    • When the scan is complete, click OK, then Show Results to view the results.
    • Make sure that everything is checked, and click Remove Selected.
    • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
    • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
    • Copy&Paste the MBAM log.
    Extra Note:
    If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process,if asked to restart the computer,please do so immediately.


  • Please run DDS and post a fresh DDS.txt to your reply. No need for the Attach.txt


#5 Faithly

Faithly
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:08:07 PM

Posted 27 December 2009 - 06:39 AM

360safe software is installed by myself. In some how it's helpful. But I uninstalled it already.

I did the DDS check, but no log generated like last time. The other report is copied in below: (it's in Chinese, if you are not comfortable with it. I may install English version and run another log)

Thanks!!!

Malwarebytes' Anti-Malware 1.42
数据库版本: 3437
Windows 5.1.2600 Service Pack 3
Internet Explorer 6.0.2900.5512

2009-12-27 19:08:42
mbam-log-2009-12-27 (19-08-42).txt

扫描类型:快速扫描
被扫描对象数目: 117497
时间过去: 13 minute(s), 49 second(s)

被感染内存进程数目: 0
被感染内存模块数目: 0
被感染注册表项数目: 70
被感染注册表值数目: 0
被感染注册表数据项数目: 1
被感染文件夹数目: 0
被感染文件数目: 3

被感染内存进程数目:
(没有检测到有害项目)

被感染内存模块数目:
(没有检测到有害项目)

被感染注册表项数目:
HKEY_CLASSES_ROOT\CLSID\{e8cfc029-8420-4eae-adef-915bdc77e1dc} (Spyware.AdaEbook) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Thunder (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\AutoRun.exe (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\AvMonitor.exe (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\CCenter.exe (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\HijackThis.exe (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\IceSword.exe (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\Iparmor.exe (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\KAV32.exe (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\KAVPFW.exe (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\KAVStart.exe (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\KMailMon.exe (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\KPFWSvc.exe (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\KRegEx.exe (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\KVMonXP.kxp (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\KVSrvXP.exe (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\kvwsc.exe (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\KWatch.exe (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\mmsk.exe (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\nod32krn.exe (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\nod32kui.exe (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\PFW.exe (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\Rav.exe (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\RavMon.exe (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\RavMonD.exe (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\RavStub.exe (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\RavTask.exe (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\regedit.Exe (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\360safebox.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\AntiArp.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ArSwp.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\AST.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\AutoRunKiller.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ccEvtMgr.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ccSetMgr.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\egui.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ekrn.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\Frameworkservice.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\GFUpd.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\GuardField.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\KASARP.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\kissvc.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\KSWebShield.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\LiveUpdate360.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\mcshield.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\naprdmgr.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\navapsvc.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\RavService.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\RAVTRAY.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\RfwMain.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\rfwProxy.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\rfwsrv.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\rfwstub.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\RsAgent.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\Rsaupd.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\RsMain.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\rsnetsvr.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\RsTray.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\rtvscan.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\runiep.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\safeboxTray.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ScanFrm.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\SREngLdr.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\TrojanDetector.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\Trojanwall.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\TrojDie.kxp (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\vpc32.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\vptray.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\vstskmgr.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\WOPTILITIES.exe (Security.Hijack) -> Quarantined and deleted successfully.

被感染注册表值数目:
(没有检测到有害项目)

被感染注册表数据项数目:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\UpdatesDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.

被感染文件夹数目:
(没有检测到有害项目)

被感染文件数目:
C:\WINDOWS\system32\find.exe (Malware.Tool) -> Quarantined and deleted successfully.
C:\Documents and Settings\Administrator\Application Data\Microsoft\Internet Explorer\Quick Launch\启动 Internet Explorer 浏览器.lnk (Hijack.Trace) -> Quarantined

#6 Farbar

Farbar

    Just Curious


  • Security Developer
  • 21,706 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:The Netherlands
  • Local time:03:07 AM

Posted 27 December 2009 - 06:51 AM

  • Disable AVG Resident Shield:
    • Double click AVG system tray icon to open AVG.
    • In Overview section double click Resident Shield.
    • Uncheck Resident Shield Active.
    • Press Save Changes.

      Note: It is important to activate the resident shield immediately after ComboFix produced its log.
  • Download ComboFix from one of these locations:

    Link 1
    Link 2
    Link 3

    * IMPORTANT !!! Save ComboFix.exe to your Desktop

    • Disable your AntiVirus and AntiSpyware applications. They may otherwise interfere with our tools. (Information on A/V control HERE)
    • Double click on ComboFix.exe & follow the prompts.
    • As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
    • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.
    **Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.

    Posted Image


    Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:

    Posted Image


    Click on Yes, to continue scanning for malware.

    When finished, it shall produce a log for you. Please copy and paste the C:\ComboFix.txt in your next reply.


#7 Faithly

Faithly
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:08:07 PM

Posted 27 December 2009 - 07:03 AM

Sorry, I can't find AVG system tray icon in my PC. Sorry about that.

#8 Farbar

Farbar

    Just Curious


  • Security Developer
  • 21,706 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:The Netherlands
  • Local time:03:07 AM

Posted 27 December 2009 - 07:12 AM

Could you take a look at here:

Start => All programs => AVG =>

#9 Faithly

Faithly
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:08:07 PM

Posted 27 December 2009 - 07:22 AM

I don't remember I installed such software before. I still can't find it in ALL Program list.

The attachment is copy of programs installed.

Can I run ComboFix without setting the AVG???

Thanks

Attached Files

  • Attached File  Doc1.doc   172.5KB   59 downloads


#10 Faithly

Faithly
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:08:07 PM

Posted 27 December 2009 - 07:29 AM

Actually I already disable Kaspersky anti virus protection.

#11 Farbar

Farbar

    Just Curious


  • Security Developer
  • 21,706 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:The Netherlands
  • Local time:03:07 AM

Posted 27 December 2009 - 07:34 AM

Yes I'm sorry. You don't have AVG. Disabling Kaspersky is enough. But make sure Kaspersky will not run even after reboot if ComboFix needed to reboot.
But after ComboFix made its log enable Kaspersky again.

#12 Faithly

Faithly
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:08:07 PM

Posted 27 December 2009 - 08:03 AM

ComboFix log is copied below: (the deleted Storm II is kinds of media player software)

I also copy the hijakThis log instead of DDS.

Thank you so much!! :(

ComboFix 09-12-26.04 - user -12-27 星期日 20:42:31.1.2 - x86
Microsoft Windows XP Home Edition 5.1.2600.3.936.86.2052.18.1014.543 [GMT 8:00]
执行位置: c:\documents and settings\user\Desktop\ComboFix.exe
AV: Kaspersky全功能安全软件 *On-access scanning disabled* (Updated) {2C4D4BC6-0793-4956-A9F9-E252435469C0}
FW: Kaspersky全功能安全软件 *disabled* {2C4D4BC6-0793-4956-A9F9-E252435469C0}
.

((((((((((((((((((((((((((((((((((((((( Deleted files )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\program files\StormII
c:\program files\StormII\BFThumbs.dll
c:\program files\StormII\box\BoxLog.dll
c:\program files\StormII\box\cache\readme.txt
c:\program files\StormII\box\HttpServer.dll
c:\program files\StormII\box\InstallInfo.ini
c:\program files\StormII\box\MovieBoxCore.dll
c:\program files\StormII\box\MovieBoxPS.dll
c:\program files\StormII\box\skin\MovieBox.bfsk
c:\program files\StormII\box\skin\深宇之夜盒子.bfsk
c:\program files\StormII\box\skin\幽蓝墨韵盒子.bfsk
c:\program files\StormII\box\skin\与国同庆盒子.bfsk
c:\program files\StormII\box\Stline.exe
c:\program files\StormII\box\UILib.dll
c:\program files\StormII\box\UiManager.dll
c:\program files\StormII\box\UiPlay.dll
c:\program files\StormII\box\UitvWrapper_dll.dll
c:\program files\StormII\BugReport.exe
c:\program files\StormII\codec\264be.dll
c:\program files\StormII\codec\264dmmx.dll
c:\program files\StormII\codec\264dsse.dll
c:\program files\StormII\codec\264dsse2.dll
c:\program files\StormII\codec\264dsse3.dll
c:\program files\StormII\codec\ac3filter.ax
c:\program files\StormII\codec\atidvcr.dll
c:\program files\StormII\codec\avcodec.dll
c:\program files\StormII\codec\avdevice.dll
c:\program files\StormII\codec\avformat.dll
c:\program files\StormII\codec\AviSplitter.ax
c:\program files\StormII\codec\avssplitter.ax
c:\program files\StormII\codec\avsvideo.ax
c:\program files\StormII\codec\avutil.dll
c:\program files\StormII\codec\bass.dll
c:\program files\StormII\codec\bass_aac.dll
c:\program files\StormII\codec\bass_alac.dll
c:\program files\StormII\codec\bass_ape.dll
c:\program files\StormII\codec\bass_flac.dll
c:\program files\StormII\codec\bass_mpc.dll
c:\program files\StormII\codec\bass_tta.dll
c:\program files\StormII\codec\bass_wv.dll
c:\program files\StormII\codec\binkw32.dll
c:\program files\StormII\codec\cddareader.ax
c:\program files\StormII\codec\cl264dec.ax
c:\program files\StormII\codec\CLVc1Dec.ax
c:\program files\StormII\codec\CLVsd.ax
c:\program files\StormII\codec\clvsdx.ax
c:\program files\StormII\codec\coreavc.ax
c:\program files\StormII\codec\CUDA_Filter.ax
c:\program files\StormII\codec\davsts.ax
c:\program files\StormII\codec\DCBassSource.ax
c:\program files\StormII\codec\DEC_StdMpeg4.dll
c:\program files\StormII\codec\divxdec.ax
c:\program files\StormII\codec\dxvadec.ax
c:\program files\StormII\codec\empgdmx.ax
c:\program files\StormII\codec\EmzAMRNBDec.dll
c:\program files\StormII\codec\EmzMp4Source.dll
c:\program files\StormII\codec\EzdAMRWBDec.dll
c:\program files\StormII\codec\ff_kernelDeint.dll
c:\program files\StormII\codec\ff_liba52.dll
c:\program files\StormII\codec\ff_libavcodec.dll
c:\program files\StormII\codec\ff_libdts.dll
c:\program files\StormII\codec\ff_libfaad2.dll
c:\program files\StormII\codec\ff_libmad.dll
c:\program files\StormII\codec\ff_libmpeg2.dll
c:\program files\StormII\codec\ff_libmplayer.dll
c:\program files\StormII\codec\ff_realaac.dll
c:\program files\StormII\codec\ff_samplerate.dll
c:\program files\StormII\codec\ff_theora.dll
c:\program files\StormII\codec\ff_TomsMoComp.dll
c:\program files\StormII\codec\ff_tremor.dll
c:\program files\StormII\codec\ff_unrar.dll
c:\program files\StormII\codec\ff_vfw.dll
c:\program files\StormII\codec\ff_wmv9.dll
c:\program files\StormII\codec\ff_xvidcore.dll
c:\program files\StormII\codec\ffavisynth.dll
c:\program files\StormII\codec\ffdshow.ax
c:\program files\StormII\codec\ffdshow.ax.manifest
c:\program files\StormII\codec\FFDShowAPI.dll
c:\program files\StormII\codec\ffmpeg.dll
c:\program files\StormII\codec\ffsource.ax
c:\program files\StormII\codec\ffSpkCfg.dll
c:\program files\StormII\codec\Flash.ocx
c:\program files\StormII\codec\FLT_ffdshow.dll
c:\program files\StormII\codec\FLVSplitter.ax
c:\program files\StormII\codec\H264VDEC.dll
c:\program files\StormII\codec\HikAudioDec.ax
c:\program files\StormII\codec\HikDataDump.ax
c:\program files\StormII\codec\HikFileSource.ax
c:\program files\StormII\codec\HikFileSplitter.ax
c:\program files\StormII\codec\HikH264Dec.ax
c:\program files\StormII\codec\HikMpeg4Dec.ax
c:\program files\StormII\codec\HikPSDemux.ax
c:\program files\StormII\codec\iconv.dll
c:\program files\StormII\codec\ir50_32.dll
c:\program files\StormII\codec\libavcodec.dll
c:\program files\StormII\codec\MatroskaSplitter.ax
c:\program files\StormII\codec\mfplat.dll
c:\program files\StormII\codec\Microsoft.VC90.CRT.manifest
c:\program files\StormII\codec\mkunicode.dll
c:\program files\StormII\codec\mkx.dll
c:\program files\StormII\codec\mkzlib.dll
c:\program files\StormII\codec\mmamrdmx.ax
c:\program files\StormII\codec\mp4.dll
c:\program files\StormII\codec\MP4Splitter.ax
c:\program files\StormII\codec\mpeg2dmx.ax
c:\program files\StormII\codec\MpegSplitter.ax
c:\program files\StormII\codec\mpg4ds32.ax
c:\program files\StormII\codec\MPlayer.exe
c:\program files\StormII\codec\mplayer\config
c:\program files\StormII\codec\msvcp71.dll
c:\program files\StormII\codec\msvcr71.dll
c:\program files\StormII\codec\msvcr90.dll
c:\program files\StormII\codec\NDParser.ax
c:\program files\StormII\codec\NeSplitter.ax
c:\program files\StormII\codec\nvcuvid.dll
c:\program files\StormII\codec\nvviddec.ax
c:\program files\StormII\codec\OggSplitter.ax
c:\program files\StormII\codec\ogm.dll
c:\program files\StormII\codec\PmpSplt.ax
c:\program files\StormII\codec\pncrt.dll
c:\program files\StormII\codec\pndx5032.dll
c:\program files\StormII\codec\pthreadVC2.dll
c:\program files\StormII\codec\qasf.dll
c:\program files\StormII\codec\RadGtSplitter.ax
c:\program files\StormII\codec\Real\Codecs\14_43260.dll
c:\program files\StormII\codec\Real\Codecs\28_83260.dll
c:\program files\StormII\codec\Real\Codecs\atrc.dll
c:\program files\StormII\codec\Real\Codecs\cook.dll
c:\program files\StormII\codec\Real\Codecs\dnet3260.dll
c:\program files\StormII\codec\Real\Codecs\drv2.dll
c:\program files\StormII\codec\Real\Codecs\drvc.dll
c:\program files\StormII\codec\Real\Codecs\raac.dll
c:\program files\StormII\codec\Real\Codecs\ralf.dll
c:\program files\StormII\codec\Real\Codecs\sipr.dll
c:\program files\StormII\codec\RenderFilter.ax
c:\program files\StormII\codec\RMSplt.ax
c:\program files\StormII\codec\skinsres.dll
c:\program files\StormII\codec\smackw32.dll
c:\program files\StormII\codec\splitter.ax
c:\program files\StormII\codec\swscale.dll
c:\program files\StormII\codec\ts.dll
c:\program files\StormII\codec\tsccvid.dll
c:\program files\StormII\codec\vc1dc.dll
c:\program files\StormII\codec\vc1dmmx.dll
c:\program files\StormII\codec\vc1dsse.dll
c:\program files\StormII\codec\vc1dsse2.dll
c:\program files\StormII\codec\vc1wp.ax
c:\program files\StormII\codec\vp6vfw.dll
c:\program files\StormII\codec\vp7vfw.dll
c:\program files\StormII\codec\WMADMOD.dll
c:\program files\StormII\codec\WMVDECOD.dll
c:\program files\StormII\codec\wmvdmod.dll
c:\program files\StormII\codec\xavsdec.dll
c:\program files\StormII\codec\xvid.ax
c:\program files\StormII\codec\xvidcore.dll
c:\program files\StormII\Config.dll
c:\program files\StormII\CoreLog.dll
c:\program files\StormII\DXVACheck.dll
c:\program files\StormII\DXVAMgr.dll
c:\program files\StormII\FilterInfo.dll
c:\program files\StormII\game.ico
c:\program files\StormII\GdiPlus.dll
c:\program files\StormII\GifParser.dll
c:\program files\StormII\HD\ATI UVD解决方案(Vista_Win7).xml
c:\program files\StormII\HD\ATI UVD解决方案.xml
c:\program files\StormII\HD\ATI UVD解决方案2.xml
c:\program files\StormII\HD\Intel解决方案(Vista_Win7).xml
c:\program files\StormII\HD\Intel解决方案.xml
c:\program files\StormII\HD\MPEG-2解决方案.xml
c:\program files\StormII\HD\NVidia CUDA解决方案.xml
c:\program files\StormII\HD\NVidia PureVideoHD解决方案(Vista_Win7).xml
c:\program files\StormII\HD\NVidia PureVideoHD解决方案.xml
c:\program files\StormII\HD\NVidia PureVideoHD解决方案2.xml
c:\program files\StormII\HD\PowerDVD解决方案.xml
c:\program files\StormII\HD\VIA解决方案.xml
c:\program files\StormII\HD\暴风影音解决方案.xml
c:\program files\StormII\HD\微软解决方案(Vista_Win7).xml
c:\program files\StormII\jscript.dll
c:\program files\StormII\kcheck2.dll
c:\program files\StormII\keys.dat
c:\program files\StormII\mcntr.dll
c:\program files\StormII\media\def\def.flv
c:\program files\StormII\media\def\def.ini
c:\program files\StormII\media\empty.swf
c:\program files\StormII\media\media4in1.swf
c:\program files\StormII\media\mediabp.swf
c:\program files\StormII\media\others.xml
c:\program files\StormII\media\others.xml.ini
c:\program files\StormII\media\stcon.ini
c:\program files\StormII\media\toff.ini
c:\program files\StormII\media\video_material_list.xml
c:\program files\StormII\media\video_material_list.xml.ini
c:\program files\StormII\media\video_style_list.xml
c:\program files\StormII\media\video_style_list.xml.ini
c:\program files\StormII\Media2.dll
c:\program files\StormII\MediaInfo.dll
c:\program files\StormII\MediaLib.dll
c:\program files\StormII\mee.db
c:\program files\StormII\meedb.dll
c:\program files\StormII\minfo\MediaInfo2.dll
c:\program files\StormII\minfo\MInfo.dll
c:\program files\StormII\mps.dll
c:\program files\StormII\msscript.ocx
c:\program files\StormII\msvcp60.dll
c:\program files\StormII\Option.dll
c:\program files\StormII\rndrmgr.dll
c:\program files\StormII\Skin\深宇之夜.bfsk
c:\program files\StormII\Skin\幽蓝墨韵.bfsk
c:\program files\StormII\Skin\与国同庆.bfsk
c:\program files\StormII\spfa.dll
c:\program files\StormII\splayers.dll
c:\program files\StormII\Storm.exe
c:\program files\StormII\StormBox.ico
c:\program files\StormII\stormpop.exe
c:\program files\StormII\StormRes.dll
c:\program files\StormII\StormSkinRes.dll
c:\program files\StormII\Stormtray.exe
c:\program files\StormII\StormUpdate.dll
c:\program files\StormII\StormUpdate.exe
c:\program files\StormII\subdecoder.dll
c:\program files\StormII\swDirScaner.dll
c:\program files\StormII\Tips.dll
c:\program files\StormII\uninst.exe
c:\program files\StormII\unrar.dll
c:\program files\StormII\web\Error.html
c:\program files\StormII\web\images\box_bg.jpg
c:\program files\StormII\web\images\box_li.jpg
c:\program files\StormII\web\images\cancel.jpg
c:\program files\StormII\web\images\cancellation.jpg
c:\program files\StormII\web\images\cid.jpg
c:\program files\StormII\web\images\downloads.jpg
c:\program files\StormII\web\images\false.jpg
c:\program files\StormII\web\images\false_0906707.jpg
c:\program files\StormII\web\images\line.jpg
c:\program files\StormII\web\images\link_bg.jpg
c:\program files\StormII\web\images\link_out.jpg
c:\program files\StormII\web\images\loading.gif
c:\program files\StormII\web\images\star.gif
c:\program files\StormII\web\images\star_bg.gif
c:\program files\StormII\web\Loading.html
c:\program files\StormII\win7Taskbar.dll
c:\program files\WinRAR\rarext.dll
c:\recycler\S-1-5-21-1229272821-1482476501-1644491937-1003
c:\windows\msetup
c:\windows\msetup\MSetup.exe
c:\windows\system32\ieuinit.inf

找不到 "c:\windows\system32\drivers\asyncmac.sys"
从 - c:\windows\system32\dllcache\asyncmac.sys 恢复原来档案

.
((((((((((((((((((((((((( 2009-11-27 至 2009-12-27 的新的档案 )))))))))))))))))))))))))))))))
.

2009-12-27 12:50 . 2008-04-14 12:00 14336 -c--a-w- c:\windows\system32\dllcache\asyncmac.sys
2009-12-27 12:50 . 2008-04-14 12:00 14336 ----a-w- c:\windows\system32\drivers\asyncmac.sys
2009-12-27 10:33 . 2009-12-27 10:33 -------- d-----w- c:\documents and settings\user\Application Data\360safe
2009-12-27 10:33 . 2009-12-27 10:33 -------- d-----w- c:\documents and settings\All Users\Application Data\360safe
2009-12-27 10:30 . 2009-12-27 10:30 -------- d-----w- c:\documents and settings\user\Application Data\Malwarebytes
2009-12-27 10:30 . 2009-12-03 08:14 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-12-27 10:30 . 2009-12-27 10:30 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2009-12-27 10:30 . 2009-12-27 10:30 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2009-12-27 10:30 . 2009-12-03 08:13 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-12-19 09:04 . 2009-12-22 12:33 -------- d-----w- c:\windows\system32\aliedit
2009-12-19 09:04 . 2009-12-20 09:41 -------- d-----w- c:\program files\AliWangWang
2009-12-13 05:17 . 2009-12-13 05:17 411368 ----a-w- c:\windows\system32\deploytk.dll
2009-12-13 05:16 . 2009-12-13 05:16 -------- d-----w- c:\program files\Java
2009-12-13 05:06 . 2009-12-13 05:07 -------- d-----w- c:\program files\Common Files\Adobe
2009-12-13 03:52 . 2009-12-13 03:52 -------- d-----w- c:\program files\Trend Micro
2009-12-13 01:37 . 2009-08-06 11:24 44768 ----a-w- c:\windows\system32\wups2.dll
2009-12-13 00:53 . 2009-12-13 00:53 -------- d-----w- c:\program files\SogouExplorer
2009-12-13 00:51 . 2009-12-27 12:46 -------- d-----w- c:\documents and settings\user\Application Data\SogouExplorer
2009-12-13 00:51 . 2009-12-13 00:51 4260192 ----a-w- c:\documents and settings\user\Application Data\SogouExplorer\sogou_explorer_silent_1.4.0.416_2136.exe
2009-12-10 13:28 . 2009-12-10 13:28 -------- d--h--w- c:\windows\PIF
2009-12-08 11:26 . 2009-12-08 11:29 6897528 ----a-w- c:\documents and settings\user\Application Data\Tencent\QQDownload\115248456\Update\93967EBB5A9D6D6D589D0AF0DF9BB48A.exe

.
(((((((((((((((((((((((((((((((((((((((( 在三个月内被修改的档案 ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-12-27 12:26 . 2009-07-19 11:08 -------- d-----w- c:\documents and settings\All Users\Application Data\Kaspersky Lab
2009-12-27 12:19 . 2009-07-18 09:04 -------- d-----w- c:\documents and settings\user\Application Data\SogouPY
2009-12-27 11:10 . 2009-07-19 11:08 524320 --sha-w- c:\windows\system32\drivers\fidbox2.dat
2009-12-27 11:10 . 2009-07-19 11:08 4968 --sha-w- c:\windows\system32\drivers\fidbox2.idx
2009-12-27 11:10 . 2009-07-19 11:08 2447904 --sha-w- c:\windows\system32\drivers\fidbox.dat
2009-12-27 11:10 . 2009-07-19 11:08 22300 --sha-w- c:\windows\system32\drivers\fidbox.idx
2009-12-27 10:43 . 2009-08-06 13:19 -------- d-----w- c:\program files\QvodPlayer
2009-12-27 10:41 . 2009-07-19 02:56 -------- d-----w- c:\program files\360
2009-12-27 09:56 . 2009-07-18 09:09 -------- d-----w- c:\documents and settings\All Users\Application Data\Storm
2009-12-26 04:36 . 2009-07-19 14:53 -------- d-----w- c:\documents and settings\user\Application Data\Kingsoft
2009-12-26 04:36 . 2009-07-19 14:52 -------- d-----w- c:\program files\Kingsoft
2009-12-25 08:45 . 2009-07-18 09:12 59856 ----a-w- c:\documents and settings\user\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-12-21 12:49 . 2009-02-12 18:09 323718 ----a-w- c:\windows\system32\prfh0804.dat
2009-12-21 12:49 . 2009-02-12 18:09 120040 ----a-w- c:\windows\system32\prfc0804.dat
2009-12-14 11:02 . 2009-07-18 09:04 -------- d-----w- c:\program files\SogouInput
2009-12-13 04:54 . 2009-07-18 09:11 -------- d-----w- c:\program files\Tencent
2009-12-13 04:50 . 2009-07-19 12:52 -------- d-----w- c:\program files\nEO iMAGING
2009-12-13 04:49 . 2009-08-07 11:49 -------- d-----w- c:\program files\Common Files\Thunder Network
2009-12-13 04:48 . 2009-08-07 11:49 -------- d-----w- c:\documents and settings\All Users\Application Data\Thunder Network
2009-12-13 04:44 . 2009-07-19 13:52 -------- d-----w- c:\program files\KWMUSIC
2009-12-13 03:52 . 2009-07-26 08:29 1088 ----a-w- c:\windows\system32\cid_store.dat
2009-12-08 12:35 . 2009-07-20 13:10 -------- d-----w- c:\program files\VIEWGOOD
2009-11-24 07:20 . 2009-11-24 07:20 1053696 ----a-w- c:\windows\system32\MFC71u.dll
2009-11-06 11:59 . 2009-08-08 06:57 23 ----a-w- c:\windows\system32\mylk.dat
2009-11-05 13:30 . 2009-11-05 13:30 -------- d-----w- c:\documents and settings\user\Application Data\QQMusicUpdate
2009-11-04 11:25 . 2009-08-08 06:57 -------- d-----w- c:\documents and settings\All Users\Application Data\mcache
2009-11-01 00:42 . 2009-11-01 00:42 -------- d-----w- c:\program files\FormatFactory
2009-10-31 08:29 . 2009-10-11 05:36 -------- d-----w- c:\program files\Tudou
2009-10-29 05:24 . 2009-02-12 18:09 652288 ----a-w- c:\windows\system32\wininet.dll
2009-10-21 05:38 . 2009-02-12 18:08 75776 ----a-w- c:\windows\system32\strmfilt.dll
2009-10-21 05:38 . 2009-02-12 18:08 25088 ----a-w- c:\windows\system32\httpapi.dll
2009-10-20 16:20 . 2008-04-13 11:53 265728 ----a-w- c:\windows\system32\drivers\http.sys
2009-10-18 10:07 . 2009-07-18 13:40 31048 ----a-w- c:\documents and settings\user\Application Data\QQ\59B848686BA6270269CE15953350482D\SafeBase\selfupdate.exe
2009-10-17 10:49 . 2009-07-19 11:09 95259 ----a-w- c:\windows\system32\drivers\klick.dat
2009-10-17 10:49 . 2009-07-19 11:09 108059 ----a-w- c:\windows\system32\drivers\klin.dat
2009-10-13 10:32 . 2009-02-12 18:08 268288 ----a-w- c:\windows\system32\oakley.dll
2009-10-12 13:38 . 2009-02-12 18:08 79872 ----a-w- c:\windows\system32\raschap.dll
2009-10-12 13:38 . 2009-02-12 18:08 148480 ----a-w- c:\windows\system32\rastls.dll
.

------- Sigcheck -------

[7] 2008-06-20 . AD978A1B783B5719720CFF204B666C8E . 361600 . . [5.1.2600.5625] . . c:\windows\$hf_mig$\KB951748\SP3QFE\tcpip.sys
[7] 2008-06-20 . 9AEFA14BD6B182D61E3119FA5F436D3D . 361600 . . [5.1.2600.5625] . . c:\windows\system32\dllcache\tcpip.sys
[-] 2008-06-20 . 4AFB3B0919649F95C1964AA1FAD27D73 . 361600 . . [5.1.2600.5625] . . c:\windows\system32\drivers\tcpip.sys
[-] 2008-04-14 . 607C976B22AEB2FCF8A7486BCCA1E3BF . 361344 . . [5.1.2600.5512] . . c:\windows\$NtUninstallKB951748$\tcpip.sys
.
((((((((((((((((((((((((((((((((((((( 重要登入点 ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*注意* 空白与合法缺省登录将不会被显示
REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{2F401A09-2F10-455E-A15D-4C8B9D8D7AEB}]
2009-07-19 13:18 198656 ----a-w- c:\progra~1\黄河FL~1\hhcatch.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{43BEAFD9-E005-483D-A367-146BA6C8A32E}]
2009-10-10 23:50 87464 ----a-w- c:\program files\Tudou\飞速Tudou\tudouDetector.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"msnmsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2009-07-26 3883856]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RTHDCPL"="RTHDCPL.EXE" [2008-08-26 16851456]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2008-02-28 141848]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2008-08-28 1044480]
"BatteryManager"="c:\program files\Samsung\Samsung Battery Manager\BatteryManager.exe" [2008-10-20 2768896]
"AVP"="c:\program files\Kaspersky Lab\Kaspersky Internet Security 2009\avp.exe" [2009-07-21 208616]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2009-09-04 935288]
"adobe reader speed launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-10-02 35696]
"dmhotkey"="c:\program files\Samsung\Easy Display Manager\DMLoader.exe" [2006-12-27 466944]
"eds"="c:\program files\Samsung\Samsung EDS\EDSAgent.exe" [2007-12-20 659456]
"hotkeyscmds"="c:\windows\system32\hkcmd.exe" [2008-02-28 166424]
"imjpmig8.1"="c:\windows\IME\imjp8_1\IMJPMIG.EXE" [2008-04-14 208952]
"imscmig"="c:\progra~1\COMMON~1\MICROS~1\IME\IMSC40A\IMSCMIG.EXE" [2003-07-14 13368]
"magickeyboard"="c:\program files\SAMSUNG\MagicKBD\PreMKBD.exe" [2006-05-14 151552]
"persistence"="c:\windows\system32\igfxpers.exe" [2008-02-28 137752]
"phime2002async"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2008-04-14 455168]
"phime2002a"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2008-04-14 455168]
"sunjavaupdatesched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-12-13 149280]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\kingsoft powerword pe]
2009-12-03 09:37 625816 ----a-w- c:\program files\Kingsoft\PowerWord PE\CBTray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\msmsgs]
2008-04-13 11:14 1695232 ------w- c:\program files\Messenger\msmsgs.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\msnmsgr]
2009-07-26 08:44 3883856 ----a-w- c:\program files\Windows Live\Messenger\msnmsgr.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\neowizard]
2008-11-18 05:30 835072 ----a-w- c:\program files\nEO iMAGING\nEOWizard.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\qqdownload]
2008-10-28 09:42 2266440 ----a-w- c:\program files\Tencent\QQDownload\QQDownload.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\qvodplayer]
2009-11-02 04:02 558472 ----a-w- c:\program files\QvodPlayer\QvodTerminal.exe

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\KasperskyAntiVirus]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\WINDOWS\\system32\\dpvsetup.exe"=
"c:\\Documents and Settings\\All Users\\Application Data\\Kaspersky Lab Setup Files\\Kaspersky Internet Security 2009\\SimpChinese\\setup.exe"=
"c:\\Program Files\\Tencent\\QQDownload\\QQDeskUpdate.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Windows Live\\Sync\\WindowsLiveSync.exe"=
"c:\\Program Files\\QvodPlayer\\QvodTerminal.exe"=
"c:\\Program Files\\SogouExplorer\\SogouExplorer.exe"=
"c:\\Program Files\\SogouExplorer\\setask.exe"=
"c:\\Program Files\\KWMUSIC\\KwMusic.exe"=
"c:\\Program Files\\KWMUSIC\\KwMV.exe"=
"c:\\Program Files\\Thunder Network\\Thunder\\Program\\Thunder.exe"=
"c:\\Program Files\\Thunder Network\\Thunder\\Program\\XMPBoot.exe"=
"c:\\Program Files\\Thunder Network\\Thunder\\Program\\ThunderLiveUD.exe"=
"c:\\Program Files\\Thunder Network\\Thunder\\Program\\FileLink\\XLFileLink.exe"=
"c:\\Program Files\\Common Files\\Thunder Network\\DS\\Ver1\\1.0.2.55\\ThunderService.exe"=
"c:\\Program Files\\Common Files\\Thunder Network\\DS\\Ver1\\1.0.2.55\\ThunderLiveUD.exe"=
"c:\\Program Files\\Common Files\\Thunder Network\\DS\\Ver1\\1.0.2.55\\XLBugReport.exe"=
"c:\\Program Files\\nEO iMAGING\\nEOiMAGING.exe"=
"c:\\Program Files\\nEO iMAGING\\LiveUpdate\\ThunderLiveUD.exe"=
"c:\\Program Files\\Tencent\\QQDownload2\\QQDownload.exe"=
"c:\\Program Files\\Tencent\\QQDownload2\\QDAutoUpdate.exe"=
"c:\\Program Files\\SogouInput\\4.3.1.3403\\PinyinUp.exe"=
"c:\\Program Files\\AliWangWang\\AliIM.exe"=
"c:\\Program Files\\Tencent\\QQDownload\\QQDownload.exe"=
"c:\\Program Files\\Tencent\\QQDownload\\QDAutoUpdate.exe"=

R0 klbg;Kaspersky Lab Boot Guard Driver;c:\windows\system32\drivers\klbg.sys [2008-1-29 18:29 33808]
R2 CMB8100;CMB8100;c:\windows\system32\drivers\CertClient.dat [2009-9-10 20:55 11808]
R2 CMBProtector;CMBProtector;c:\windows\system32\drivers\CMBProtector.dat [2009-9-10 20:55 10272]
R2 CMBWPS;Cmb WebProtect Support;c:\program files\CMBCHINA\WebProtect\WPService.exe [2009-9-6 21:25 232848]
R2 DOSMEMIO;MEMIO;c:\windows\system32\MEMIO.SYS [2009-2-12 11:34 4300]
R2 KSDSVC;Kingsoft Common Content Service;c:\program files\Kingsoft\PowerWord PE\ksdsvc.exe [2009-10-29 25240]
R3 DNSeFilter;DNSeFilter;c:\windows\system32\drivers\SamsungEDS.SYS [2008-1-14 19:01 30208]
R3 KLFLTDEV;Kaspersky Lab KLFltDev;c:\windows\system32\drivers\klfltdev.sys [2008-3-13 19:02 26640]
R3 klim5;Kaspersky Anti-Virus NDIS Filter;c:\windows\system32\drivers\klim5.sys [2008-4-30 18:06 24592]
R3 VMC326;Vimicro Camera Service VMC326;c:\windows\system32\drivers\VMC326.sys [2009-2-12 11:38 238464]
.
------- 而外的扫描 -------
.
uStart Page = hxxp://www.baidu.com/
mStart Page = hxxp://www.google.com/ig/redirectdomain?brand=SMSN&bmod=SMSN
uInternet Settings,ProxyOverride = local
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: &使用QQ旋风下载 - c:\program files\Tencent\QQDownload\geturl.htm
IE: &使用QQ旋风下载全部链接 - c:\program files\Tencent\QQDownload\getAllurl.htm
IE: &使用超级旋风下载 - c:\program files\Tencent\QQDownload\geturl.htm
IE: &使用超级旋风下载全部链接 - c:\program files\Tencent\QQDownload\getAllurl.htm
IE: &使用超级旋风下载本页视频 - c:\program files\Tencent\QQDownload\geturlflv.htm
IE: 上传到淘江湖相册 - c:\program files\AliWangWang\AddToAlbum.htm
IE: 使用光影编辑和美化 - c:\program files\nEO iMAGING\NeoOpenNeo.htm
IE: 使用迅雷下载 - c:\program files\Thunder Network\Thunder\Program\GetUrl.htm
IE: 使用迅雷下载全部链接 - c:\program files\Thunder Network\Thunder\Program\GetAllUrl.htm
IE: 发送到 Bluetooth - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
IE: 发送到 Bluetooth 设备(&:(... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
IE: 导出到 Microsoft Office Excel(&X) - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
IE: 添加为阿里旺旺表情 - c:\program files\AliWangWang\AddNewEmotion.htm
IE: 添加到QQ表情 - c:\program files\Tencent\QQ\AddEmotion.htm
IE: 添加到卡巴斯基反广告 - c:\program files\Kaspersky Lab\Kaspersky Internet Security 2009\ie_banner_deny.htm
IE: 黄河&Flash播放器 - c:\progra~1\黄河FL~1\geturl.htm
IE: {{9D5CCDC3-545F-4418-8AEC-9CD2773B4861} - {48B4D816-8BE7-4F32-85C9-F2E912C02311} - c:\program files\Kingsoft\PowerWord PE\SelectForIE.dll
DPF: {045ADB92-9635-45CE-B25B-F19F825B0E39} - hxxp://202.152.178.221/MstPlayer/CHS/MSTPlayerInstaller.ocx
DPF: {0CA54D3F-CEAE-48AF-9A2B-31909CB9515D} - hxxps://site.cmbchina.com/download/CMBEdit.cab
DPF: {1E0DFFCF-27FF-4574-849B-55007349FEDA} - hxxps://img.alipay.com/download/1101/aliedit.cab
DPF: {A3CD7F74-93C9-4BC4-B892-CCDF1514F714} - hxxps://pbank.95559.com.cn/personbank/ocx/safe_bankcomm.cab
.
.
------- 文件类型 -------
.
txtfile=c:\windows\notepad.exe %1
.
- - - - ORPHANS REMOVED - - - -

HKLM-Run-ISUSPM - c:\program files\Common Files\InstallShield\UpdateService\ISUSPM.exe
MSConfigStartUp-stormtray - c:\program files\StormII\Stormtray.exe
AddRemove-storm2 - c:\program files\StormII\uninst.exe



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-12-27 20:51
Windows 5.1.2600 Service Pack 3 NTFS

扫描被隐藏的进程 。。。

扫描被隐藏的启动组 。。。

扫描被隐藏的文件 。。。

扫描完成
被隐藏的档案: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\CMB8100]
"ImagePath"="\??\c:\windows\system32\Drivers\CertClient.dat"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\CMBProtector]
"ImagePath"="\??\c:\windows\system32\Drivers\CMBProtector.dat"
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_USERS\.Default\AppEvents\Schemes\Apps\Conf\ g篘*慂Q\.Current]
@="c:\\Program Files\\NetMeeting\\Blip.wav"

[HKEY_USERS\LocalService\AppEvents\Schemes\Apps\Conf\ g篘*慂Q\.Current]
@="c:\\Program Files\\NetMeeting\\Blip.wav"

[HKEY_USERS\S-1-5-20\AppEvents\Schemes\Apps\Conf\ g篘*慂Q\.Current]
@="c:\\Program Files\\NetMeeting\\Blip.wav"

[HKEY_USERS\S-1-5-21-2969860735-1067826053-1617896150-1005\AppEvents\Schemes\Apps\Conf\ g篘*慂Q\.Current]
@="c:\\Program Files\\NetMeeting\\Blip.wav"

[HKEY_LOCAL_MACHINE\software\Classes\B*D*A*T*u*n*e*r*.*膥鯪\CLSID]
@="{809B6661-94C4-49E6-B6EC-3F0F862215AA}"

[HKEY_LOCAL_MACHINE\software\Classes\B*D*A*T*u*n*e*r*.*膥鯪\CurVer]
@="BDATuner.组件.1"

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Uninstall\Q*Q*2*0*0*8*ck_Hr\Components\SectionQQ]
"Installed"=dword:00000001
.
完成时间: 2009-12-27 20:53:44
ComboFix-quarantined-files.txt 2009-12-27 12:53

Pre-Run: 7 个目录 14,669,029,376 可用字节
Post-Run: 9 个目录 14,569,762,816 可用字节

WindowsXP-KB310994-SP2-Home-BootDisk-CHS.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(2)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(2)\WINDOWS="Microsoft Windows XP Home Edition" /noexecute=optin /fastdetect

- - End Of File - - 0FF21590492D1FAB8686205F3F164BAA

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 21:01:21, on 2009-12-27
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\CMBCHINA\WebProtect\WPService.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Kingsoft\PowerWord PE\ksdsvc.exe
C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\RTHDCPL.EXE
C:\WINDOWS\system32\igfxtray.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Samsung\Samsung EDS\EDSAgent.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\SAMSUNG\MagicKBD\MagicKBD.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\conime.exe
C:\WINDOWS\system32\notepad.exe
C:\WINDOWS\explorer.exe
C:\Program Files\SogouExplorer\SogouExplorer.exe
C:\Program Files\SogouExplorer\setask.exe
C:\Program Files\SogouExplorer\setask.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

O2 - BHO: QQCycloneHelper - {00000000-12C9-4305-82F9-43058F20E8D2} - C:\Program Files\Tencent\QQDownload\QQIEHelper01.dll
O2 - BHO: Thunder AtOnce - {01443AEC-0FD1-40fd-9C87-E93D1494C233} - C:\Program Files\Thunder Network\Thunder\ComDlls\TDAtOnce_Now.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: (no name) - {2F401A09-2F10-455E-A15D-4C8B9D8D7AEB} - C:\PROGRA~1\黄河FL~1\hhcatch.dll
O2 - BHO: WebDetectorBHO - {43BEAFD9-E005-483D-A367-146BA6C8A32E} - C:\Program Files\Tudou\飞速Tudou\tudouDetector.dll
O2 - BHO: WebProtect.IEHlpObj - {53763D1D-9CA8-4C7C-9756-A8E6B8FC063B} - C:\Program Files\CMBCHINA\WebProtect\WebProtect.dll
O2 - BHO: QvodExtend - {53AC8551-0DE0-4606-8A1E-A51AF20ADD60} - C:\Program Files\QvodPlayer\QvodExtend.dll
O2 - BHO: IEVkbdBHO - {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\ievkbd.dll
O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SearchHelper.dll
O2 - BHO: ThunderBHO - {889D2FEB-5411-4565-8998-1DD2C5261283} - C:\Program Files\Thunder Network\Thunder\ComDlls\xunleiBHO_Now.dll
O2 - BHO: Windows Live 登录帮助程序 - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: 谷歌金山词霸for IE - {A28581A7-E2A8-4b6c-9CC9-4A4CC1EFD55A} - C:\Program Files\Kingsoft\PowerWord PE\SelectForIE.dll
O2 - BHO: CBIEBuddy - {A412E581-59B2-485E-834F-C5F0C0268C79} - C:\Program Files\Kingsoft\PowerWord Lite\CBEBand.DLL
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: Windows Live Toolbar Helper - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: &Windows Live Toolbar - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [BatteryManager] C:\Program Files\Samsung\Samsung Battery Manager\BatteryManager.exe
O4 - HKLM\..\Run: [AVP] "C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\avp.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [adobe reader speed launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [dmhotkey] C:\Program Files\Samsung\Easy Display Manager\DMLoader.exe
O4 - HKLM\..\Run: [eds] C:\Program Files\Samsung\Samsung EDS\EDSAgent.exe
O4 - HKLM\..\Run: [hotkeyscmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [imjpmig8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [imscmig] C:\PROGRA~1\COMMON~1\MICROS~1\IME\IMSC40A\IMSCMIG.EXE /Preload
O4 - HKLM\..\Run: [magickeyboard] C:\Program Files\SAMSUNG\MagicKBD\PreMKBD.exe
O4 - HKLM\..\Run: [persistence] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [phime2002async] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [phime2002a] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [sunjavaupdatesched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKUS\S-1-5-18\..\Run: [ctfmon.exe] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [ctfmon.exe] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O8 - Extra context menu item: &使用QQ旋风下载 - C:\Program Files\Tencent\QQDownload\geturl.htm
O8 - Extra context menu item: &使用QQ旋风下载全部链接 - C:\Program Files\Tencent\QQDownload\getAllurl.htm
O8 - Extra context menu item: &使用超级旋风下载 - C:\Program Files\Tencent\QQDownload\geturl.htm
O8 - Extra context menu item: &使用超级旋风下载全部链接 - C:\Program Files\Tencent\QQDownload\getAllurl.htm
O8 - Extra context menu item: &使用超级旋风下载本页视频 - C:\Program Files\Tencent\QQDownload\geturlflv.htm
O8 - Extra context menu item: 上传到淘江湖相册 - C:\Program Files\AliWangWang\AddToAlbum.htm
O8 - Extra context menu item: 使用光影编辑和美化 - C:\Program Files\nEO iMAGING\NeoOpenNeo.htm
O8 - Extra context menu item: 使用迅雷下载 - C:\Program Files\Thunder Network\Thunder\Program\GetUrl.htm
O8 - Extra context menu item: 使用迅雷下载全部链接 - C:\Program Files\Thunder Network\Thunder\Program\GetAllUrl.htm
O8 - Extra context menu item: 发送到 Bluetooth - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O8 - Extra context menu item: 发送到 Bluetooth 设备(&:)... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
O8 - Extra context menu item: 导出到 Microsoft Office Excel(&X) - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: 添加为阿里旺旺表情 - C:\Program Files\AliWangWang\AddNewEmotion.htm
O8 - Extra context menu item: 添加到QQ表情 - C:\Program Files\Tencent\QQ\AddEmotion.htm
O8 - Extra context menu item: 添加到卡巴斯基反广告 - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\ie_banner_deny.htm
O8 - Extra context menu item: 黄河&Flash播放器 - C:\PROGRA~1\黄河FL~1\geturl.htm
O9 - Extra button: 铃声 - {0713E8D2-850A-101B-AFC0-4210102A8DA7} - http://huanghetv.sms.163.com (file missing)
O9 - Extra button: 网页流量保护状态 - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\SCIEPlgn.dll
O9 - Extra button: 写入日志 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: 在 Windows Live Writer 中写入日志(&:) - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: 信息检索 - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: 金山词霸 - {9D5CCDC3-545F-4418-8AEC-9CD2773B4861} - C:\Program Files\Kingsoft\PowerWord PE\SelectForIE.dll
O9 - Extra button: 金山词霸浏览器栏 - {A412E581-59B2-485E-834F-C5F0C0268C79} - C:\Program Files\Kingsoft\PowerWord Lite\CBEBand.DLL
O9 - Extra 'Tools' menuitem: 金山词霸浏览器栏 - {A412E581-59B2-485E-834F-C5F0C0268C79} - C:\Program Files\Kingsoft\PowerWord Lite\CBEBand.DLL
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra button: 彩票 - {82D9671E-0B56-4285-92CD-15BC08B883BB} - C:\Program Files\QvodPlayer\QvodExtend.dll (HKCU)
O9 - Extra 'Tools' menuitem: 彩票 - {82D9671E-0B56-4285-92CD-15BC08B883BB} - C:\Program Files\QvodPlayer\QvodExtend.dll (HKCU)
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O16 - DPF: {045ADB92-9635-45CE-B25B-F19F825B0E39} (MSTPlayerInstaller Control) - http://202.152.178.221/MstPlayer/CHS/MSTPlayerInstaller.ocx
O16 - DPF: {0CA54D3F-CEAE-48AF-9A2B-31909CB9515D} (Edit Class) - https://site.cmbchina.com/download/CMBEdit.cab
O16 - DPF: {1E0DFFCF-27FF-4574-849B-55007349FEDA} (iTrusPTA Class) - https://img.alipay.com/download/1101/aliedit.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/...b?1260668205562
O16 - DPF: {A3CD7F74-93C9-4BC4-B892-CCDF1514F714} (Submit Class) - https://pbank.95559.com.cn/personbank/ocx/safe_bankcomm.cab
O18 - Protocol: mbox - {3050F3DA-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll
O18 - Protocol: mboxflash - {3050F3DA-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll
O23 - Service: Kaspersky Internet Security (AVP) - Kaspersky Lab - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\avp.exe
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
O23 - Service: Cmb WebProtect Support (CMBWPS) - China Merchants Bank - C:\Program Files\CMBCHINA\WebProtect\WPService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: Kingsoft Common Content Service (KSDSVC) - Kingsoft Corporation - C:\Program Files\Kingsoft\PowerWord PE\ksdsvc.exe
O23 - Service: Samsung Update Plus - Unknown owner - C:\Program Files\Samsung\Samsung Update Plus\SLUBackgroundService.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe

--
End of file - 10794 bytes

#13 Farbar

Farbar

    Just Curious


  • Security Developer
  • 21,706 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:The Netherlands
  • Local time:03:07 AM

Posted 27 December 2009 - 10:06 AM

Well done. :(

Have you installed this one yourself? There a short name of the program installed in the Program Files directory:

O2 - BHO: (no name) - {2F401A09-2F10-455E-A15D-4C8B9D8D7AEB} - C:\PROGRA~1\黄河FL~1\hhcatch.dll


Could you translate this one please:

找不到 "c:\windows\system32\drivers\asyncmac.sys"
从 - c:\windows\system32\dllcache\asyncmac.sys 恢复原来档案

Could it be:
Infected copy of "c:\windows\system32\drivers\asyncmac.sys"
found and restored from c:\windows\system32\dllcache\asyncmac.sys
  • Go to start > Run copy/paste the following line in the run box and click OK.

    cmd /c ftype txtfile=%SystemRoot%\system32\NOTEPAD.EXE %1

    A window flashes. It is normal.

  • Close any open browsers.

    Open notepad (start > All Programs > Accessories > Notepad) and copy/paste the text in the code box below into it:

    Fcopy::
    c:\windows\system32\dllcache\tcpip.sys | c:\windows\system32\drivers\tcpip.sys

    Save this as CFScript.txt, in the same location as ComboFix.exe


    Posted Image

    Referring to the picture above, drag CFScript into ComboFix.exe

    When finished, it shall produce a log for you ( "C:\ComboFix.txt"). Please copy and paste the log to your reply.

    Note:
    Do not mouseclick combofix's window whilst it's running. That may cause it to stall


#14 Faithly

Faithly
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:08:07 PM

Posted 28 December 2009 - 06:50 AM

Yes, I did install the program \黄河FL by myself. Do I need to remove it?

Could you please introduce me another software to help me clean the system like 360saft used to do.

QUOTE
找不到 "c:\windows\system32\drivers\asyncmac.sys"
从 - c:\windows\system32\dllcache\asyncmac.sys 恢复原来档案
Means:
Can not find "c:\windows\system32\drivers\asyncmac.sys"
found and restored from c:\windows\system32\dllcache\asyncmac.sys

The ComboFix log is copied below:
ComboFix 09-12-27.03 - user -12-28 星期一 19:22:59.2.2 - x86
Microsoft Windows XP Home Edition 5.1.2600.3.936.86.2052.18.1014.511 [GMT 8:00]
执行位置: c:\documents and settings\user\Desktop\ComboFix.exe
Command switches used :: c:\documents and settings\user\Desktop\CFScript.txt
AV: Kaspersky *On-access scanning disabled* (Updated) {2C4D4BC6-0793-4956-A9F9-E252435469C0}
FW: Kaspersky *disabled* {2C4D4BC6-0793-4956-A9F9-E252435469C0}
.

((((((((((((((((((((((((((((((((((((((( Deleted files )))))))))))))))))))))))))))))))))))))))))))))))))
.

.
--------------- FCopy ---------------

c:\windows\system32\dllcache\tcpip.sys --> c:\windows\system32\drivers\tcpip.sys
.
((((((((((((((((((((((((( 2009-11-28 - 2009-12-28 New files )))))))))))))))))))))))))))))))
.

2009-12-27 12:50 . 2008-04-14 12:00 14336 -c--a-w- c:\windows\system32\dllcache\asyncmac.sys
2009-12-27 12:50 . 2008-04-14 12:00 14336 ------w- c:\windows\system32\drivers\asyncmac.sys
2009-12-27 10:33 . 2009-12-27 10:33 -------- d-----w- c:\documents and settings\user\Application Data\360safe
2009-12-27 10:33 . 2009-12-27 10:33 -------- d-----w- c:\documents and settings\All Users\Application Data\360safe
2009-12-27 10:30 . 2009-12-27 10:30 -------- d-----w- c:\documents and settings\user\Application Data\Malwarebytes
2009-12-27 10:30 . 2009-12-03 08:14 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-12-27 10:30 . 2009-12-27 10:30 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2009-12-27 10:30 . 2009-12-27 10:30 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2009-12-27 10:30 . 2009-12-03 08:13 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-12-19 09:04 . 2009-12-22 12:33 -------- d-----w- c:\windows\system32\aliedit
2009-12-19 09:04 . 2009-12-20 09:41 -------- d-----w- c:\program files\AliWangWang
2009-12-13 05:17 . 2009-12-13 05:17 411368 ----a-w- c:\windows\system32\deploytk.dll
2009-12-13 05:16 . 2009-12-13 05:16 -------- d-----w- c:\program files\Java
2009-12-13 05:06 . 2009-12-13 05:07 -------- d-----w- c:\program files\Common Files\Adobe
2009-12-13 03:52 . 2009-12-13 03:52 -------- d-----w- c:\program files\Trend Micro
2009-12-13 01:37 . 2009-08-06 11:24 44768 ----a-w- c:\windows\system32\wups2.dll
2009-12-13 00:53 . 2009-12-13 00:53 -------- d-----w- c:\program files\SogouExplorer
2009-12-13 00:51 . 2009-12-28 11:05 -------- d-----w- c:\documents and settings\user\Application Data\SogouExplorer
2009-12-13 00:51 . 2009-12-13 00:51 4260192 ----a-w- c:\documents and settings\user\Application Data\SogouExplorer\sogou_explorer_silent_1.4.0.416_2136.exe
2009-12-10 13:28 . 2009-12-10 13:28 -------- d--h--w- c:\windows\PIF
2009-12-08 11:26 . 2009-12-08 11:29 6897528 ----a-w- c:\documents and settings\user\Application Data\Tencent\QQDownload\115248456\Update\93967EBB5A9D6D6D589D0AF0DF9BB48A.exe

.
(((((((((((((((((((((((((((((((((((((((( Modified files within 3 mths ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-12-28 10:53 . 2009-07-19 11:08 -------- d-----w- c:\documents and settings\All Users\Application Data\Kaspersky Lab
2009-12-27 13:46 . 2009-07-19 11:08 524320 --sha-w- c:\windows\system32\drivers\fidbox2.dat
2009-12-27 13:46 . 2009-07-19 11:08 4968 --sha-w- c:\windows\system32\drivers\fidbox2.idx
2009-12-27 13:46 . 2009-07-19 11:08 2447904 --sha-w- c:\windows\system32\drivers\fidbox.dat
2009-12-27 13:46 . 2009-07-19 11:08 22300 --sha-w- c:\windows\system32\drivers\fidbox.idx
2009-12-27 13:46 . 2009-02-12 18:09 334588 ----a-w- c:\windows\system32\prfh0804.dat
2009-12-27 13:46 . 2009-02-12 18:09 132244 ----a-w- c:\windows\system32\prfc0804.dat
2009-12-27 13:05 . 2009-07-18 09:04 -------- d-----w- c:\documents and settings\user\Application Data\SogouPY
2009-12-27 10:43 . 2009-08-06 13:19 -------- d-----w- c:\program files\QvodPlayer
2009-12-27 10:41 . 2009-07-19 02:56 -------- d-----w- c:\program files\360
2009-12-27 09:56 . 2009-07-18 09:09 -------- d-----w- c:\documents and settings\All Users\Application Data\Storm
2009-12-26 04:36 . 2009-07-19 14:53 -------- d-----w- c:\documents and settings\user\Application Data\Kingsoft
2009-12-26 04:36 . 2009-07-19 14:52 -------- d-----w- c:\program files\Kingsoft
2009-12-25 08:45 . 2009-07-18 09:12 59856 ----a-w- c:\documents and settings\user\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-12-14 11:02 . 2009-07-18 09:04 -------- d-----w- c:\program files\SogouInput
2009-12-13 04:54 . 2009-07-18 09:11 -------- d-----w- c:\program files\Tencent
2009-12-13 04:50 . 2009-07-19 12:52 -------- d-----w- c:\program files\nEO iMAGING
2009-12-13 04:49 . 2009-08-07 11:49 -------- d-----w- c:\program files\Common Files\Thunder Network
2009-12-13 04:48 . 2009-08-07 11:49 -------- d-----w- c:\documents and settings\All Users\Application Data\Thunder Network
2009-12-13 04:44 . 2009-07-19 13:52 -------- d-----w- c:\program files\KWMUSIC
2009-12-13 03:52 . 2009-07-26 08:29 1088 ----a-w- c:\windows\system32\cid_store.dat
2009-12-08 12:35 . 2009-07-20 13:10 -------- d-----w- c:\program files\VIEWGOOD
2009-11-24 07:20 . 2009-11-24 07:20 1053696 ----a-w- c:\windows\system32\MFC71u.dll
2009-11-06 11:59 . 2009-08-08 06:57 23 ----a-w- c:\windows\system32\mylk.dat
2009-11-05 13:30 . 2009-11-05 13:30 -------- d-----w- c:\documents and settings\user\Application Data\QQMusicUpdate
2009-11-04 11:25 . 2009-08-08 06:57 -------- d-----w- c:\documents and settings\All Users\Application Data\mcache
2009-11-01 00:42 . 2009-11-01 00:42 -------- d-----w- c:\program files\FormatFactory
2009-10-31 08:29 . 2009-10-11 05:36 -------- d-----w- c:\program files\Tudou
2009-10-29 05:24 . 2009-02-12 18:09 652288 ------w- c:\windows\system32\wininet.dll
2009-10-21 05:38 . 2009-02-12 18:08 75776 ----a-w- c:\windows\system32\strmfilt.dll
2009-10-21 05:38 . 2009-02-12 18:08 25088 ----a-w- c:\windows\system32\httpapi.dll
2009-10-20 16:20 . 2008-04-13 11:53 265728 ----a-w- c:\windows\system32\drivers\http.sys
2009-10-18 10:07 . 2009-07-18 13:40 31048 ----a-w- c:\documents and settings\user\Application Data\QQ\59B848686BA6270269CE15953350482D\SafeBase\selfupdate.exe
2009-10-17 10:49 . 2009-07-19 11:09 95259 ----a-w- c:\windows\system32\drivers\klick.dat
2009-10-17 10:49 . 2009-07-19 11:09 108059 ----a-w- c:\windows\system32\drivers\klin.dat
2009-10-13 10:32 . 2009-02-12 18:08 268288 ----a-w- c:\windows\system32\oakley.dll
2009-10-12 13:38 . 2009-02-12 18:08 79872 ----a-w- c:\windows\system32\raschap.dll
2009-10-12 13:38 . 2009-02-12 18:08 148480 ----a-w- c:\windows\system32\rastls.dll
.

((((((((((((((((((((((((((((( SnapShot@2009-12-27_12.51.13 )))))))))))))))))))))))))))))))))))))))))
.
+ 2009-12-28 10:52 . 2009-12-28 10:52 16384 c:\windows\Temp\Perflib_Perfdata_740.dat
- 2009-02-12 03:51 . 2008-07-08 12:59 15224 c:\windows\system32\spmsg.dll
+ 2009-02-12 03:51 . 2007-11-30 11:18 15224 c:\windows\system32\spmsg.dll
- 2009-02-12 18:08 . 2009-12-21 12:49 68490 c:\windows\system32\perfc009.dat
+ 2009-02-12 18:08 . 2009-12-27 13:46 68490 c:\windows\system32\perfc009.dat
- 2009-02-12 03:31 . 2009-12-27 11:12 32768 c:\windows\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\index.dat
+ 2009-02-12 03:31 . 2009-12-28 10:52 32768 c:\windows\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\index.dat
+ 2009-02-12 03:31 . 2009-12-28 10:52 32768 c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat
- 2009-02-12 03:31 . 2009-12-27 11:12 32768 c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat
+ 2009-12-28 10:52 . 2009-12-28 10:52 16384 c:\windows\system32\config\systemprofile\Cookies\index.dat
+ 2009-12-28 10:57 . 2009-12-28 10:57 60928 c:\windows\assembly\NativeImages_v2.0.50727_32\UIAutomationProvider\b4a9e413d5cd6d6ec2d50aa05381e293\UIAutomationProvider.ni.dll
+ 2009-12-28 10:54 . 2009-12-28 10:54 47104 c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationFontCac#\3dd0f86c966c75755d62eab8ddf0634c\PresentationFontCache.ni.exe
+ 2009-12-28 10:57 . 2009-12-28 10:57 39424 c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationCFFRast#\034d081fe294bab1ee1ecc98c1181424\PresentationCFFRasterizer.ni.dll
+ 2009-12-28 10:56 . 2009-12-28 10:56 15872 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.VisualC\1ded203bd27031c3a5e3441f94b528c0\Microsoft.VisualC.ni.dll
+ 2009-12-28 10:57 . 2009-12-28 10:57 65024 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Fra#\d513fe1a81c441e7656a9b062cff4e9f\Microsoft.Build.Framework.ni.dll
+ 2009-12-28 10:56 . 2009-12-28 10:56 25600 c:\windows\assembly\NativeImages_v2.0.50727_32\Accessibility\e63d6d26b8a664cfdfbd4ad75e03c14d\Accessibility.ni.dll
+ 2009-12-27 13:45 . 2009-12-27 13:45 77824 c:\windows\assembly\GAC_MSIL\System.Web.RegularExpressions\2.0.0.0__b03f5f7f11d50a3a\System.Web.RegularExpressions.dll
- 2009-12-21 12:48 . 2009-12-21 12:48 77824 c:\windows\assembly\GAC_MSIL\System.Web.RegularExpressions\2.0.0.0__b03f5f7f11d50a3a\System.Web.RegularExpressions.dll
+ 2009-12-27 13:45 . 2009-12-27 13:45 81920 c:\windows\assembly\GAC_MSIL\System.Drawing.Design\2.0.0.0__b03f5f7f11d50a3a\System.Drawing.Design.dll
- 2009-12-21 12:48 . 2009-12-21 12:48 81920 c:\windows\assembly\GAC_MSIL\System.Drawing.Design\2.0.0.0__b03f5f7f11d50a3a\System.Drawing.Design.dll
- 2009-12-21 12:49 . 2009-12-21 12:49 81920 c:\windows\assembly\GAC_MSIL\System.Configuration.Install\2.0.0.0__b03f5f7f11d50a3a\System.Configuration.Install.dll
+ 2009-12-27 13:45 . 2009-12-27 13:45 81920 c:\windows\assembly\GAC_MSIL\System.Configuration.Install\2.0.0.0__b03f5f7f11d50a3a\System.Configuration.Install.dll
- 2009-12-21 12:49 . 2009-12-21 12:49 32768 c:\windows\assembly\GAC_MSIL\Microsoft.Vsa\8.0.0.0__b03f5f7f11d50a3a\Microsoft.Vsa.dll
+ 2009-12-27 13:45 . 2009-12-27 13:45 32768 c:\windows\assembly\GAC_MSIL\Microsoft.Vsa\8.0.0.0__b03f5f7f11d50a3a\Microsoft.Vsa.dll
- 2009-12-21 12:49 . 2009-12-21 12:49 12800 c:\windows\assembly\GAC_MSIL\Microsoft.Vsa.Vb.CodeDOMProcessor\8.0.0.0__b03f5f7f11d50a3a\Microsoft.Vsa.Vb.CodeDOMProcessor.dll
+ 2009-12-27 13:45 . 2009-12-27 13:45 12800 c:\windows\assembly\GAC_MSIL\Microsoft.Vsa.Vb.CodeDOMProcessor\8.0.0.0__b03f5f7f11d50a3a\Microsoft.Vsa.Vb.CodeDOMProcessor.dll
- 2009-12-21 12:49 . 2009-12-21 12:49 28672 c:\windows\assembly\GAC_MSIL\Microsoft.VisualBasic.Vsa\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Vsa.dll
+ 2009-12-27 13:45 . 2009-12-27 13:45 28672 c:\windows\assembly\GAC_MSIL\Microsoft.VisualBasic.Vsa\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Vsa.dll
+ 2009-12-27 13:45 . 2009-12-27 13:45 77824 c:\windows\assembly\GAC_MSIL\Microsoft.Build.Utilities\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Utilities.dll
- 2009-12-21 12:49 . 2009-12-21 12:49 77824 c:\windows\assembly\GAC_MSIL\Microsoft.Build.Utilities\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Utilities.dll
- 2009-12-21 12:49 . 2009-12-21 12:49 36864 c:\windows\assembly\GAC_MSIL\Microsoft.Build.Framework\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Framework.dll
+ 2009-12-27 13:45 . 2009-12-27 13:45 36864 c:\windows\assembly\GAC_MSIL\Microsoft.Build.Framework\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Framework.dll
+ 2009-12-27 13:45 . 2009-12-27 13:45 77824 c:\windows\assembly\GAC_MSIL\IEHost\2.0.0.0__b03f5f7f11d50a3a\IEHost.dll
- 2009-12-21 12:49 . 2009-12-21 12:49 77824 c:\windows\assembly\GAC_MSIL\IEHost\2.0.0.0__b03f5f7f11d50a3a\IEHost.dll
- 2009-12-21 12:49 . 2009-12-21 12:49 13312 c:\windows\assembly\GAC_MSIL\cscompmgd\8.0.0.0__b03f5f7f11d50a3a\cscompmgd.dll
+ 2009-12-27 13:45 . 2009-12-27 13:45 13312 c:\windows\assembly\GAC_MSIL\cscompmgd\8.0.0.0__b03f5f7f11d50a3a\cscompmgd.dll
- 2009-12-21 12:49 . 2009-12-21 12:49 10752 c:\windows\assembly\GAC_MSIL\Accessibility\2.0.0.0__b03f5f7f11d50a3a\Accessibility.dll
+ 2009-12-27 13:45 . 2009-12-27 13:45 10752 c:\windows\assembly\GAC_MSIL\Accessibility\2.0.0.0__b03f5f7f11d50a3a\Accessibility.dll
+ 2009-12-27 13:45 . 2009-12-27 13:45 72192 c:\windows\assembly\GAC_32\ISymWrapper\2.0.0.0__b03f5f7f11d50a3a\ISymWrapper.dll
- 2009-12-21 12:49 . 2009-12-21 12:49 72192 c:\windows\assembly\GAC_32\ISymWrapper\2.0.0.0__b03f5f7f11d50a3a\ISymWrapper.dll
+ 2009-12-27 13:45 . 2009-12-27 13:45 69120 c:\windows\assembly\GAC_32\CustomMarshalers\2.0.0.0__b03f5f7f11d50a3a\CustomMarshalers.dll
- 2009-12-21 12:49 . 2009-12-21 12:49 69120 c:\windows\assembly\GAC_32\CustomMarshalers\2.0.0.0__b03f5f7f11d50a3a\CustomMarshalers.dll
+ 2009-12-27 13:45 . 2009-12-27 13:45 8192 c:\windows\WinSxS\MSIL_IEExecRemote_b03f5f7f11d50a3a_2.0.0.0_x-ww_6e57c34e\IEExecRemote.dll
- 2009-12-21 12:49 . 2009-12-21 12:49 8192 c:\windows\WinSxS\MSIL_IEExecRemote_b03f5f7f11d50a3a_2.0.0.0_x-ww_6e57c34e\IEExecRemote.dll
+ 2009-12-27 13:45 . 2009-12-27 13:45 7168 c:\windows\assembly\GAC_MSIL\Microsoft_VsaVb\8.0.0.0__b03f5f7f11d50a3a\Microsoft_VsaVb.dll
- 2009-12-21 12:49 . 2009-12-21 12:49 7168 c:\windows\assembly\GAC_MSIL\Microsoft_VsaVb\8.0.0.0__b03f5f7f11d50a3a\Microsoft_VsaVb.dll
- 2009-12-21 12:49 . 2009-12-21 12:49 5632 c:\windows\assembly\GAC_MSIL\Microsoft.VisualC\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualC.Dll
+ 2009-12-27 13:45 . 2009-12-27 13:45 5632 c:\windows\assembly\GAC_MSIL\Microsoft.VisualC\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualC.Dll
+ 2009-12-27 13:45 . 2009-12-27 13:45 6656 c:\windows\assembly\GAC_MSIL\IIEHost\2.0.0.0__b03f5f7f11d50a3a\IIEHost.dll
- 2009-12-21 12:49 . 2009-12-21 12:49 6656 c:\windows\assembly\GAC_MSIL\IIEHost\2.0.0.0__b03f5f7f11d50a3a\IIEHost.dll
- 2009-12-21 12:49 . 2009-12-21 12:49 8192 c:\windows\assembly\GAC_MSIL\IEExecRemote\2.0.0.0__b03f5f7f11d50a3a\IEExecRemote.dll
+ 2009-12-27 13:45 . 2009-12-27 13:45 8192 c:\windows\assembly\GAC_MSIL\IEExecRemote\2.0.0.0__b03f5f7f11d50a3a\IEExecRemote.dll
- 2009-12-21 12:49 . 2009-12-21 12:49 113664 c:\windows\WinSxS\x86_System.EnterpriseServices_b03f5f7f11d50a3a_2.0.0.0_x-ww_7d5f3790\System.EnterpriseServices.Wrapper.dll
+ 2009-12-27 13:45 . 2009-12-27 13:45 113664 c:\windows\WinSxS\x86_System.EnterpriseServices_b03f5f7f11d50a3a_2.0.0.0_x-ww_7d5f3790\System.EnterpriseServices.Wrapper.dll
- 2009-12-21 12:49 . 2009-12-21 12:49 258048 c:\windows\WinSxS\x86_System.EnterpriseServices_b03f5f7f11d50a3a_2.0.0.0_x-ww_7d5f3790\System.EnterpriseServices.dll
+ 2009-12-27 13:45 . 2009-12-27 13:45 258048 c:\windows\WinSxS\x86_System.EnterpriseServices_b03f5f7f11d50a3a_2.0.0.0_x-ww_7d5f3790\System.EnterpriseServices.dll
- 2009-02-12 18:08 . 2009-12-21 12:49 435584 c:\windows\system32\perfh009.dat
+ 2009-02-12 18:08 . 2009-12-27 13:46 435584 c:\windows\system32\perfh009.dat
+ 2009-08-07 15:51 . 2009-08-07 15:51 989016 c:\windows\Microsoft.NET\Framework\v2.0.50727\mscordacwks.dll
+ 2009-03-20 03:48 . 2009-03-20 03:48 183808 c:\windows\Installer\896bd9.msp
+ 2009-12-28 11:00 . 2009-12-28 11:00 240128 c:\windows\assembly\NativeImages_v2.0.50727_32\WindowsFormsIntegra#\bf92bc207f927cbbd6dfc9dc0c3eae68\WindowsFormsIntegration.ni.dll
+ 2009-12-28 10:57 . 2009-12-28 10:57 187904 c:\windows\assembly\NativeImages_v2.0.50727_32\UIAutomationTypes\6f488b7644dc50a083868e91a4014466\UIAutomationTypes.ni.dll
+ 2009-12-28 11:00 . 2009-12-28 11:00 447488 c:\windows\assembly\NativeImages_v2.0.50727_32\UIAutomationClient\c2fbf25609b704061a93500efa6f241d\UIAutomationClient.ni.dll
+ 2009-12-28 10:59 . 2009-12-28 10:59 202240 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.RegularE#\b5f1b8791e6c47e5bd5e7018c346c586\System.Web.RegularExpressions.ni.dll
+ 2009-12-28 10:58 . 2009-12-28 10:58 627200 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Transactions\408e637346ef628a3f54fb1b9b83ac9f\System.Transactions.ni.dll
+ 2009-12-28 10:55 . 2009-12-28 10:55 212992 c:\windows\assembly\NativeImages_v2.0.50727_32\System.ServiceProce#\1f61bccb700d687775cf778dd77752e9\System.ServiceProcess.ni.dll
+ 2009-12-28 10:55 . 2009-12-28 10:55 676352 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Security\a9e9b885a6601469c4058375cc74d856\System.Security.ni.dll
+ 2009-12-28 10:55 . 2009-12-28 10:55 311296 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Seri#\9bc34a79af9c3ed2cf17a0226c769b4c\System.Runtime.Serialization.Formatters.Soap.ni.dll
+ 2009-12-28 10:58 . 2009-12-28 10:58 771584 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\af21e3011fb4e107b13ea5c40c351ec4\System.Runtime.Remoting.ni.dll
+ 2009-12-28 11:02 . 2009-12-28 11:02 381440 c:\windows\assembly\NativeImages_v2.0.50727_32\System.IO.Log\6c273eb9d1ee8b66b5ecb073de4b785d\System.IO.Log.ni.dll
+ 2009-12-28 11:02 . 2009-12-28 11:02 212992 c:\windows\assembly\NativeImages_v2.0.50727_32\System.IdentityMode#\7222db518afb4eaaa138824278249bc7\System.IdentityModel.Selectors.ni.dll
+ 2009-12-28 10:58 . 2009-12-28 10:58 280064 c:\windows\assembly\NativeImages_v2.0.50727_32\System.EnterpriseSe#\8a7d0bd0057a8ed38291d5662248f7a1\System.EnterpriseServices.Wrapper.dll
+ 2009-12-28 10:58 . 2009-12-28 10:58 627712 c:\windows\assembly\NativeImages_v2.0.50727_32\System.EnterpriseSe#\8a7d0bd0057a8ed38291d5662248f7a1\System.EnterpriseServices.ni.dll
+ 2009-12-28 10:59 . 2009-12-28 10:59 208384 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Drawing.Desi#\ca6d7208c0fb72ff97429f2636ced321\System.Drawing.Design.ni.dll
+ 2009-12-28 10:59 . 2009-12-28 10:59 455680 c:\windows\assembly\NativeImages_v2.0.50727_32\System.DirectorySer#\a601f47a98ee67df424685c9a66ea449\System.DirectoryServices.Protocols.ni.dll
+ 2009-12-28 10:55 . 2009-12-28 10:55 971264 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\7c743462baccf29b3567b0e3ec9ac134\System.Configuration.ni.dll
+ 2009-12-28 10:55 . 2009-12-28 10:55 141312 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Configuratio#\443e3a85c491b2de4a2ac654cb957484\System.Configuration.Install.ni.dll
+ 2009-12-28 11:00 . 2009-12-28 11:00 258048 c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\96f74da5fc40b92f09069230bc0df4f0\PresentationFramework.Royale.ni.dll
+ 2009-12-28 11:00 . 2009-12-28 11:00 539648 c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\3bb4d16b042b72c2c85a0f8ac9d48f28\PresentationFramework.Luna.ni.dll
+ 2009-12-28 10:59 . 2009-12-28 10:59 368128 c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\30c5c2682d3c5bdaa83bb9a36ee48afa\PresentationFramework.Aero.ni.dll
+ 2009-12-28 11:00 . 2009-12-28 11:00 224768 c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\07e952efd70f5608e221a008e6231ace\PresentationFramework.Classic.ni.dll
+ 2009-12-28 10:57 . 2009-12-28 10:57 144384 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Uti#\58ca3ecc52b7246b448c109817198a0b\Microsoft.Build.Utilities.ni.dll
+ 2009-12-28 11:02 . 2009-12-28 11:02 842240 c:\windows\assembly\NativeImages_v2.0.50727_32\AspNetMMCExt\85d7c111956b478766d90625b35d963f\AspNetMMCExt.ni.dll
- 2009-12-21 12:48 . 2009-12-21 12:48 839680 c:\windows\assembly\GAC_MSIL\System.Web.Services\2.0.0.0__b03f5f7f11d50a3a\System.Web.Services.dll
+ 2009-12-27 13:45 . 2009-12-27 13:45 839680 c:\windows\assembly\GAC_MSIL\System.Web.Services\2.0.0.0__b03f5f7f11d50a3a\System.Web.Services.dll
+ 2009-12-27 13:45 . 2009-12-27 13:45 835584 c:\windows\assembly\GAC_MSIL\System.Web.Mobile\2.0.0.0__b03f5f7f11d50a3a\System.Web.Mobile.dll
- 2009-12-21 12:48 . 2009-12-21 12:48 835584 c:\windows\assembly\GAC_MSIL\System.Web.Mobile\2.0.0.0__b03f5f7f11d50a3a\System.Web.Mobile.dll
- 2009-12-21 12:49 . 2009-12-21 12:49 114688 c:\windows\assembly\GAC_MSIL\System.ServiceProcess\2.0.0.0__b03f5f7f11d50a3a\System.ServiceProcess.dll
+ 2009-12-27 13:45 . 2009-12-27 13:45 114688 c:\windows\assembly\GAC_MSIL\System.ServiceProcess\2.0.0.0__b03f5f7f11d50a3a\System.ServiceProcess.dll
+ 2009-12-27 13:45 . 2009-12-27 13:45 258048 c:\windows\assembly\GAC_MSIL\System.Security\2.0.0.0__b03f5f7f11d50a3a\System.Security.dll
- 2009-12-21 12:49 . 2009-12-21 12:49 258048 c:\windows\assembly\GAC_MSIL\System.Security\2.0.0.0__b03f5f7f11d50a3a\System.Security.dll
- 2009-12-21 12:49 . 2009-12-21 12:49 131072 c:\windows\assembly\GAC_MSIL\System.Runtime.Serialization.Formatters.Soap\2.0.0.0__b03f5f7f11d50a3a\System.Runtime.Serialization.Formatters.Soap.dll
+ 2009-12-27 13:45 . 2009-12-27 13:45 131072 c:\windows\assembly\GAC_MSIL\System.Runtime.Serialization.Formatters.Soap\2.0.0.0__b03f5f7f11d50a3a\System.Runtime.Serialization.Formatters.Soap.dll
- 2009-12-21 12:49 . 2009-12-21 12:49 303104 c:\windows\assembly\GAC_MSIL\System.Runtime.Remoting\2.0.0.0__b77a5c561934e089\System.Runtime.Remoting.dll
+ 2009-12-27 13:45 . 2009-12-27 13:45 303104 c:\windows\assembly\GAC_MSIL\System.Runtime.Remoting\2.0.0.0__b77a5c561934e089\System.Runtime.Remoting.dll
+ 2009-12-27 13:45 . 2009-12-27 13:45 258048 c:\windows\assembly\GAC_MSIL\System.Messaging\2.0.0.0__b03f5f7f11d50a3a\System.Messaging.dll
- 2009-12-21 12:49 . 2009-12-21 12:49 258048 c:\windows\assembly\GAC_MSIL\System.Messaging\2.0.0.0__b03f5f7f11d50a3a\System.Messaging.dll
- 2009-12-21 12:49 . 2009-12-21 12:49 372736 c:\windows\assembly\GAC_MSIL\System.Management\2.0.0.0__b03f5f7f11d50a3a\System.Management.dll
+ 2009-12-27 13:45 . 2009-12-27 13:45 372736 c:\windows\assembly\GAC_MSIL\System.Management\2.0.0.0__b03f5f7f11d50a3a\System.Management.dll
- 2009-12-21 12:49 . 2009-12-21 12:49 626688 c:\windows\assembly\GAC_MSIL\System.Drawing\2.0.0.0__b03f5f7f11d50a3a\System.Drawing.dll
+ 2009-12-27 13:45 . 2009-12-27 13:45 626688 c:\windows\assembly\GAC_MSIL\System.Drawing\2.0.0.0__b03f5f7f11d50a3a\System.Drawing.dll
+ 2009-12-27 13:45 . 2009-12-27 13:45 401408 c:\windows\assembly\GAC_MSIL\System.DirectoryServices\2.0.0.0__b03f5f7f11d50a3a\System.DirectoryServices.dll
- 2009-12-21 12:49 . 2009-12-21 12:49 401408 c:\windows\assembly\GAC_MSIL\System.DirectoryServices\2.0.0.0__b03f5f7f11d50a3a\System.DirectoryServices.dll
- 2009-12-21 12:49 . 2009-12-21 12:49 188416 c:\windows\assembly\GAC_MSIL\System.DirectoryServices.Protocols\2.0.0.0__b03f5f7f11d50a3a\System.DirectoryServices.Protocols.dll
+ 2009-12-27 13:45 . 2009-12-27 13:45 188416 c:\windows\assembly\GAC_MSIL\System.DirectoryServices.Protocols\2.0.0.0__b03f5f7f11d50a3a\System.DirectoryServices.Protocols.dll
- 2009-12-21 12:49 . 2009-12-21 12:49 970752 c:\windows\assembly\GAC_MSIL\System.Deployment\2.0.0.0__b03f5f7f11d50a3a\System.Deployment.dll
+ 2009-12-27 13:45 . 2009-12-27 13:45 970752 c:\windows\assembly\GAC_MSIL\System.Deployment\2.0.0.0__b03f5f7f11d50a3a\System.Deployment.dll
+ 2009-12-27 13:45 . 2009-12-27 13:45 745472 c:\windows\assembly\GAC_MSIL\System.Data.SqlXml\2.0.0.0__b77a5c561934e089\System.Data.SqlXml.dll
- 2009-12-21 12:49 . 2009-12-21 12:49 745472 c:\windows\assembly\GAC_MSIL\System.Data.SqlXml\2.0.0.0__b77a5c561934e089\System.Data.SqlXml.dll
- 2009-12-21 12:49 . 2009-12-21 12:49 425984 c:\windows\assembly\GAC_MSIL\System.Configuration\2.0.0.0__b03f5f7f11d50a3a\System.configuration.dll
+ 2009-12-27 13:45 . 2009-12-27 13:45 425984 c:\windows\assembly\GAC_MSIL\System.Configuration\2.0.0.0__b03f5f7f11d50a3a\System.configuration.dll
+ 2009-12-27 13:45 . 2009-12-27 13:45 110592 c:\windows\assembly\GAC_MSIL\sysglobl\2.0.0.0__b03f5f7f11d50a3a\sysglobl.dll
- 2009-12-21 12:49 . 2009-12-21 12:49 110592 c:\windows\assembly\GAC_MSIL\sysglobl\2.0.0.0__b03f5f7f11d50a3a\sysglobl.dll
+ 2009-12-27 13:45 . 2009-12-27 13:45 659456 c:\windows\assembly\GAC_MSIL\Microsoft.VisualBasic\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dll
- 2009-12-21 12:49 . 2009-12-21 12:49 659456 c:\windows\assembly\GAC_MSIL\Microsoft.VisualBasic\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dll
- 2009-12-21 12:49 . 2009-12-21 12:49 372736 c:\windows\assembly\GAC_MSIL\Microsoft.VisualBasic.Compatibility\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Compatibility.dll
+ 2009-12-27 13:45 . 2009-12-27 13:45 372736 c:\windows\assembly\GAC_MSIL\Microsoft.VisualBasic.Compatibility\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Compatibility.dll
+ 2009-12-27 13:45 . 2009-12-27 13:45 110592 c:\windows\assembly\GAC_MSIL\Microsoft.VisualBasic.Compatibility.Data\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Compatibility.Data.dll
- 2009-12-21 12:49 . 2009-12-21 12:49 110592 c:\windows\assembly\GAC_MSIL\Microsoft.VisualBasic.Compatibility.Data\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Compatibility.Data.dll
+ 2009-12-27 13:45 . 2009-12-27 13:45 749568 c:\windows\assembly\GAC_MSIL\Microsoft.JScript\8.0.0.0__b03f5f7f11d50a3a\Microsoft.JScript.dll
- 2009-12-21 12:49 . 2009-12-21 12:49 749568 c:\windows\assembly\GAC_MSIL\Microsoft.JScript\8.0.0.0__b03f5f7f11d50a3a\Microsoft.JScript.dll
- 2009-12-21 12:49 . 2009-12-21 12:49 655360 c:\windows\assembly\GAC_MSIL\Microsoft.Build.Tasks\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Tasks.dll
+ 2009-12-27 13:45 . 2009-12-27 13:45 655360 c:\windows\assembly\GAC_MSIL\Microsoft.Build.Tasks\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Tasks.dll
- 2009-12-21 12:49 . 2009-12-21 12:49 348160 c:\windows\assembly\GAC_MSIL\Microsoft.Build.Engine\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Engine.dll
+ 2009-12-27 13:45 . 2009-12-27 13:45 348160 c:\windows\assembly\GAC_MSIL\Microsoft.Build.Engine\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Engine.dll
- 2009-12-21 12:48 . 2009-12-21 12:48 507904 c:\windows\assembly\GAC_MSIL\AspNetMMCExt\2.0.0.0__b03f5f7f11d50a3a\AspNetMMCExt.dll
+ 2009-12-27 13:45 . 2009-12-27 13:45 507904 c:\windows\assembly\GAC_MSIL\AspNetMMCExt\2.0.0.0__b03f5f7f11d50a3a\AspNetMMCExt.dll
+ 2009-12-27 13:45 . 2009-12-27 13:45 261632 c:\windows\assembly\GAC_32\System.Transactions\2.0.0.0__b77a5c561934e089\System.Transactions.dll
- 2009-12-21 12:49 . 2009-12-21 12:49 261632 c:\windows\assembly\GAC_32\System.Transactions\2.0.0.0__b77a5c561934e089\System.Transactions.dll
- 2009-12-21 12:49 . 2009-12-21 12:49 113664 c:\windows\assembly\GAC_32\System.EnterpriseServices\2.0.0.0__b03f5f7f11d50a3a\System.EnterpriseServices.Wrapper.dll
+ 2009-12-27 13:45 . 2009-12-27 13:45 113664 c:\windows\assembly\GAC_32\System.EnterpriseServices\2.0.0.0__b03f5f7f11d50a3a\System.EnterpriseServices.Wrapper.dll
- 2009-12-21 12:49 . 2009-12-21 12:49 258048 c:\windows\assembly\GAC_32\System.EnterpriseServices\2.0.0.0__b03f5f7f11d50a3a\System.EnterpriseServices.dll
+ 2009-12-27 13:45 . 2009-12-27 13:45 258048 c:\windows\assembly\GAC_32\System.EnterpriseServices\2.0.0.0__b03f5f7f11d50a3a\System.EnterpriseServices.dll
+ 2009-12-27 13:45 . 2009-12-27 13:45 486400 c:\windows\assembly\GAC_32\System.Data.OracleClient\2.0.0.0__b77a5c561934e089\System.Data.OracleClient.dll
- 2009-12-21 12:49 . 2009-12-21 12:49 486400 c:\windows\assembly\GAC_32\System.Data.OracleClient\2.0.0.0__b77a5c561934e089\System.Data.OracleClient.dll
+ 2009-08-07 15:51 . 2009-08-07 15:51 5812560 c:\windows\Microsoft.NET\Framework\v2.0.50727\mscorwks.dll
+ 2009-08-07 15:51 . 2009-08-07 15:51 4546560 c:\windows\Microsoft.NET\Framework\v2.0.50727\mscorlib.dll
- 2008-11-24 20:59 . 2008-11-24 20:59 4546560 c:\windows\Microsoft.NET\Framework\v2.0.50727\mscorlib.dll
+ 2009-12-28 10:56 . 2009-12-28 10:56 3313664 c:\windows\assembly\NativeImages_v2.0.50727_32\WindowsBase\204d6e5b335134f23ca37638b9227ecf\WindowsBase.ni.dll
+ 2009-12-28 11:00 . 2009-12-28 11:00 1049600 c:\windows\assembly\NativeImages_v2.0.50727_32\UIAutomationClients#\0f2ed6a204eb13841e99b77025464afc\UIAutomationClientsideProviders.ni.dll
+ 2009-12-28 10:54 . 2009-12-28 10:54 7868416 c:\windows\assembly\NativeImages_v2.0.50727_32\System\3de5bd01124463d7862bd173af90bc83\System.ni.dll
+ 2009-12-28 10:55 . 2009-12-28 10:55 5450752 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Xml\5913d3f81e77194ec833991b1047a532\System.Xml.ni.dll
+ 2009-12-28 10:59 . 2009-12-28 10:59 1840640 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Services\ea07ac791bb5cb9f83679e3dd1a0c0cc\System.Web.Services.ni.dll
+ 2009-12-28 11:02 . 2009-12-28 11:02 2338304 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Seri#\67ad55827f2542552b576170f0a7dc56\System.Runtime.Serialization.ni.dll
+ 2009-12-28 10:58 . 2009-12-28 10:58 1035264 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Printing\e5313735a40c0800f116e27fba4754db\System.Printing.ni.dll
+ 2009-12-28 11:02 . 2009-12-28 11:02 1056768 c:\windows\assembly\NativeImages_v2.0.50727_32\System.IdentityModel\c3b18fef5c6dc3bcdbe5df699fd21a55\System.IdentityModel.ni.dll
+ 2009-12-28 10:55 . 2009-12-28 10:55 1587200 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\abb2ac7e08bee026f857d8fa36f9fe6f\System.Drawing.ni.dll
+ 2009-12-28 10:58 . 2009-12-28 10:58 1116672 c:\windows\assembly\NativeImages_v2.0.50727_32\System.DirectorySer#\f47ebb9db460874b1bcbfc391dc970b1\System.DirectoryServices.ni.dll
+ 2009-12-28 10:56 . 2009-12-28 10:56 1801216 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Deployment\c94a427baa7683f4221b91f90c18461b\System.Deployment.ni.dll
+ 2009-12-28 10:58 . 2009-12-28 10:58 6616576 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Data\694c07365e0fd6bba0bc304d4d2404a7\System.Data.ni.dll
+ 2009-12-28 10:55 . 2009-12-28 10:55 2510336 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Data.SqlXml\272152f0cc139490729e215611a4b244\System.Data.SqlXml.ni.dll
+ 2009-12-28 10:59 . 2009-12-28 10:59 1115136 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Data.OracleC#\ffa1018e8022964eb51025c2c6d8727a\System.Data.OracleClient.ni.dll
+ 2009-12-28 11:00 . 2009-12-28 11:00 2516480 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Data.Linq\32788c58ff9f8324460604cf1fe7681b\System.Data.Linq.ni.dll
+ 2009-12-28 11:00 . 2009-12-28 11:00 2295296 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Core\c0a42d2ad8a4078040b334f6770ea11f\System.Core.ni.dll
+ 2009-12-28 10:58 . 2009-12-28 10:58 2128896 c:\windows\assembly\NativeImages_v2.0.50727_32\ReachFramework\954685c29689d2a6126ceca1fd55e904\ReachFramework.ni.dll
+ 2009-12-28 10:58 . 2009-12-28 10:58 1657856 c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationUI\a3a6f52ce1d09a7bdccc8e7fc664792d\PresentationUI.ni.dll
+ 2009-12-28 10:57 . 2009-12-28 10:57 1451008 c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationBuildTa#\f906701365083c1473db31519147e263\PresentationBuildTasks.ni.dll
+ 2009-12-27 13:45 . 2009-12-27 13:45 3149824 c:\windows\assembly\GAC_MSIL\System\2.0.0.0__b77a5c561934e089\System.dll
- 2009-12-21 12:49 . 2009-12-21 12:49 3149824 c:\windows\assembly\GAC_MSIL\System\2.0.0.0__b77a5c561934e089\System.dll
+ 2009-12-27 13:45 . 2009-12-27 13:45 2048000 c:\windows\assembly\GAC_MSIL\System.Xml\2.0.0.0__b77a5c561934e089\System.XML.dll
- 2009-12-21 12:49 . 2009-12-21 12:49 2048000 c:\windows\assembly\GAC_MSIL\System.Xml\2.0.0.0__b77a5c561934e089\System.XML.dll
+ 2009-12-27 13:45 . 2009-12-27 13:45 5025792 c:\windows\assembly\GAC_MSIL\System.Windows.Forms\2.0.0.0__b77a5c561934e089\System.Windows.Forms.dll
- 2009-12-21 12:48 . 2009-12-21 12:48 5025792 c:\windows\assembly\GAC_MSIL\System.Windows.Forms\2.0.0.0__b77a5c561934e089\System.Windows.Forms.dll
- 2009-12-21 12:49 . 2009-12-21 12:49 5062656 c:\windows\assembly\GAC_MSIL\System.Design\2.0.0.0__b03f5f7f11d50a3a\System.Design.dll
+ 2009-12-27 13:45 . 2009-12-27 13:45 5062656 c:\windows\assembly\GAC_MSIL\System.Design\2.0.0.0__b03f5f7f11d50a3a\System.Design.dll
- 2009-12-21 12:48 . 2009-12-21 12:48 5242880 c:\windows\assembly\GAC_32\System.Web\2.0.0.0__b03f5f7f11d50a3a\System.Web.dll
+ 2009-12-27 13:45 . 2009-12-27 13:45 5242880 c:\windows\assembly\GAC_32\System.Web\2.0.0.0__b03f5f7f11d50a3a\System.Web.dll
- 2009-12-21 12:49 . 2009-12-21 12:49 2933248 c:\windows\assembly\GAC_32\System.Data\2.0.0.0__b77a5c561934e089\System.Data.dll
+ 2009-12-27 13:45 . 2009-12-27 13:45 2933248 c:\windows\assembly\GAC_32\System.Data\2.0.0.0__b77a5c561934e089\System.Data.dll
+ 2009-12-27 13:45 . 2009-12-27 13:45 4546560 c:\windows\assembly\GAC_32\mscorlib\2.0.0.0__b77a5c561934e089\mscorlib.dll
- 2009-12-21 12:49 . 2009-12-21 12:49 4546560 c:\windows\assembly\GAC_32\mscorlib\2.0.0.0__b77a5c561934e089\mscorlib.dll
+ 2009-12-27 13:38 . 2009-12-01 04:06 25966024 c:\windows\system32\MRT.exe
+ 2009-08-14 12:32 . 2009-08-14 12:32 11110912 c:\windows\Installer\896be4.msp
+ 2009-12-28 10:56 . 2009-12-28 10:56 12430848 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\d2ea8d76f015817db1607075812b555f\System.Windows.Forms.ni.dll
+ 2009-12-28 10:59 . 2009-12-28 10:59 11796992 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web\5cea03cfb008f2eac1439a9905467f37\System.Web.ni.dll
+ 2009-12-28 11:03 . 2009-12-28 11:03 17317888 c:\windows\assembly\NativeImages_v2.0.50727_32\System.ServiceModel\06d6eab93282d2b136a377bd50b7c5a9\System.ServiceModel.ni.dll
+ 2009-12-28 10:59 . 2009-12-28 10:59 10683392 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Design\8b82e08c008924d51833cb0884bcbfc5\System.Design.ni.dll
+ 2009-12-28 10:58 . 2009-12-28 10:58 14327808 c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\58c7ac6b6054038dc9346d7ec8e32b4c\PresentationFramework.ni.dll
+ 2009-12-28 10:57 . 2009-12-28 10:57 12216320 c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationCore\94badbd64df59de7da249f71da38b1c2\PresentationCore.ni.dll
+ 2009-12-28 10:54 . 2009-12-28 10:54 11486720 c:\windows\assembly\NativeImages_v2.0.50727_32\mscorlib\7124a40b9998f7b63c86bd1a2125ce26\mscorlib.ni.dll
.
-- Reinstall snapshot --
.
((((((((((((((((((((((((((((((((((((( Important entry point (or web sso, not sure how to translate) ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* blank and default log on will not be shown
REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{2F401A09-2F10-455E-A15D-4C8B9D8D7AEB}]
2009-07-19 13:18 198656 ----a-w- c:\progra~1\黄河FL~1\hhcatch.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{43BEAFD9-E005-483D-A367-146BA6C8A32E}]
2009-10-10 23:50 87464 ----a-w- c:\program files\Tudou\飞速Tudou\tudouDetector.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"msnmsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2009-07-26 3883856]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RTHDCPL"="RTHDCPL.EXE" [2008-08-26 16851456]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2008-02-28 141848]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2008-08-28 1044480]
"BatteryManager"="c:\program files\Samsung\Samsung Battery Manager\BatteryManager.exe" [2008-10-20 2768896]
"AVP"="c:\program files\Kaspersky Lab\Kaspersky Internet Security 2009\avp.exe" [2009-07-21 208616]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2009-09-04 935288]
"adobe reader speed launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-10-02 35696]
"dmhotkey"="c:\program files\Samsung\Easy Display Manager\DMLoader.exe" [2006-12-27 466944]
"eds"="c:\program files\Samsung\Samsung EDS\EDSAgent.exe" [2007-12-20 659456]
"hotkeyscmds"="c:\windows\system32\hkcmd.exe" [2008-02-28 166424]
"imjpmig8.1"="c:\windows\IME\imjp8_1\IMJPMIG.EXE" [2008-04-14 208952]
"imscmig"="c:\progra~1\COMMON~1\MICROS~1\IME\IMSC40A\IMSCMIG.EXE" [2003-07-14 13368]
"magickeyboard"="c:\program files\SAMSUNG\MagicKBD\PreMKBD.exe" [2006-05-14 151552]
"persistence"="c:\windows\system32\igfxpers.exe" [2008-02-28 137752]
"phime2002async"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2008-04-14 455168]
"phime2002a"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2008-04-14 455168]
"sunjavaupdatesched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-12-13 149280]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\kingsoft powerword pe]
2009-12-03 09:37 625816 ----a-w- c:\program files\Kingsoft\PowerWord PE\CBTray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\msmsgs]
2008-04-13 11:14 1695232 ------w- c:\program files\Messenger\msmsgs.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\msnmsgr]
2009-07-26 08:44 3883856 ----a-w- c:\program files\Windows Live\Messenger\msnmsgr.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\neowizard]
2008-11-18 05:30 835072 ----a-w- c:\program files\nEO iMAGING\nEOWizard.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\qqdownload]
2008-10-28 09:42 2266440 ----a-w- c:\program files\Tencent\QQDownload\QQDownload.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\qvodplayer]
2009-11-02 04:02 558472 ----a-w- c:\program files\QvodPlayer\QvodTerminal.exe

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\KasperskyAntiVirus]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\WINDOWS\\system32\\dpvsetup.exe"=
"c:\\Documents and Settings\\All Users\\Application Data\\Kaspersky Lab Setup Files\\Kaspersky Internet Security 2009\\SimpChinese\\setup.exe"=
"c:\\Program Files\\Tencent\\QQDownload\\QQDeskUpdate.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Windows Live\\Sync\\WindowsLiveSync.exe"=
"c:\\Program Files\\QvodPlayer\\QvodTerminal.exe"=
"c:\\Program Files\\SogouExplorer\\SogouExplorer.exe"=
"c:\\Program Files\\SogouExplorer\\setask.exe"=
"c:\\Program Files\\KWMUSIC\\KwMusic.exe"=
"c:\\Program Files\\KWMUSIC\\KwMV.exe"=
"c:\\Program Files\\Thunder Network\\Thunder\\Program\\Thunder.exe"=
"c:\\Program Files\\Thunder Network\\Thunder\\Program\\XMPBoot.exe"=
"c:\\Program Files\\Thunder Network\\Thunder\\Program\\ThunderLiveUD.exe"=
"c:\\Program Files\\Thunder Network\\Thunder\\Program\\FileLink\\XLFileLink.exe"=
"c:\\Program Files\\Common Files\\Thunder Network\\DS\\Ver1\\1.0.2.55\\ThunderService.exe"=
"c:\\Program Files\\Common Files\\Thunder Network\\DS\\Ver1\\1.0.2.55\\ThunderLiveUD.exe"=
"c:\\Program Files\\Common Files\\Thunder Network\\DS\\Ver1\\1.0.2.55\\XLBugReport.exe"=
"c:\\Program Files\\nEO iMAGING\\nEOiMAGING.exe"=
"c:\\Program Files\\nEO iMAGING\\LiveUpdate\\ThunderLiveUD.exe"=
"c:\\Program Files\\Tencent\\QQDownload2\\QQDownload.exe"=
"c:\\Program Files\\Tencent\\QQDownload2\\QDAutoUpdate.exe"=
"c:\\Program Files\\SogouInput\\4.3.1.3403\\PinyinUp.exe"=
"c:\\Program Files\\AliWangWang\\AliIM.exe"=
"c:\\Program Files\\Tencent\\QQDownload\\QQDownload.exe"=
"c:\\Program Files\\Tencent\\QQDownload\\QDAutoUpdate.exe"=

R0 klbg;Kaspersky Lab Boot Guard Driver;c:\windows\system32\drivers\klbg.sys [2008-1-29 18:29 33808]
R2 CMB8100;CMB8100;c:\windows\system32\drivers\CertClient.dat [2009-9-10 20:55 11808]
R2 CMBProtector;CMBProtector;c:\windows\system32\drivers\CMBProtector.dat [2009-9-10 20:55 10272]
R2 CMBWPS;Cmb WebProtect Support;c:\program files\CMBCHINA\WebProtect\WPService.exe [2009-9-6 21:25 232848]
R2 DOSMEMIO;MEMIO;c:\windows\system32\MEMIO.SYS [2009-2-12 11:34 4300]
R2 KSDSVC;Kingsoft Common Content Service;c:\program files\Kingsoft\PowerWord PE\ksdsvc.exe [2009-10-29 25240]
R3 DNSeFilter;DNSeFilter;c:\windows\system32\drivers\SamsungEDS.SYS [2008-1-14 19:01 30208]
R3 KLFLTDEV;Kaspersky Lab KLFltDev;c:\windows\system32\drivers\klfltdev.sys [2008-3-13 19:02 26640]
R3 klim5;Kaspersky Anti-Virus NDIS Filter;c:\windows\system32\drivers\klim5.sys [2008-4-30 18:06 24592]
R3 VMC326;Vimicro Camera Service VMC326;c:\windows\system32\drivers\VMC326.sys [2009-2-12 11:38 238464]
.
------- Other scan -------
.
uStart Page = hxxp://www.baidu.com/
mStart Page = hxxp://www.google.com/ig/redirectdomain?brand=SMSN&bmod=SMSN
uInternet Settings,ProxyOverride = local
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: &使用QQ旋风下载 - c:\program files\Tencent\QQDownload\geturl.htm
IE: &使用QQ旋风下载全部链接 - c:\program files\Tencent\QQDownload\getAllurl.htm
IE: &使用超级旋风下载 - c:\program files\Tencent\QQDownload\geturl.htm
IE: &使用超级旋风下载全部链接 - c:\program files\Tencent\QQDownload\getAllurl.htm
IE: &使用超级旋风下载本页视频 - c:\program files\Tencent\QQDownload\geturlflv.htm
IE: 上传到淘江湖相册 - c:\program files\AliWangWang\AddToAlbum.htm
IE: 使用光影编辑和美化 - c:\program files\nEO iMAGING\NeoOpenNeo.htm
IE: 使用迅雷下载 - c:\program files\Thunder Network\Thunder\Program\GetUrl.htm
IE: 使用迅雷下载全部链接 - c:\program files\Thunder Network\Thunder\Program\GetAllUrl.htm
IE: 发送到 Bluetooth - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
IE: 发送到 Bluetooth 设备(&:(... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
IE: 导出到 Microsoft Office Excel(&X) - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
IE: 添加为阿里旺旺表情 - c:\program files\AliWangWang\AddNewEmotion.htm
IE: 添加到QQ表情 - c:\program files\Tencent\QQ\AddEmotion.htm
IE: 添加到卡巴斯基反广告 - c:\program files\Kaspersky Lab\Kaspersky Internet Security 2009\ie_banner_deny.htm
IE: 黄河&Flash播放器 - c:\progra~1\黄河FL~1\geturl.htm
IE: {{9D5CCDC3-545F-4418-8AEC-9CD2773B4861} - {48B4D816-8BE7-4F32-85C9-F2E912C02311} - c:\program files\Kingsoft\PowerWord PE\SelectForIE.dll
DPF: {045ADB92-9635-45CE-B25B-F19F825B0E39} - hxxp://202.152.178.221/MstPlayer/CHS/MSTPlayerInstaller.ocx
DPF: {0CA54D3F-CEAE-48AF-9A2B-31909CB9515D} - hxxps://site.cmbchina.com/download/CMBEdit.cab
DPF: {1E0DFFCF-27FF-4574-849B-55007349FEDA} - hxxps://img.alipay.com/download/1101/aliedit.cab
DPF: {A3CD7F74-93C9-4BC4-B892-CCDF1514F714} - hxxps://pbank.95559.com.cn/personbank/ocx/safe_bankcomm.cab
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-12-28 19:29
Windows 5.1.2600 Service Pack 3 NTFS

扫描被隐藏的进程 。。。

扫描被隐藏的启动组 。。。

扫描被隐藏的文件 。。。

扫描完成
被隐藏的档案: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\CMB8100]
"ImagePath"="\??\c:\windows\system32\Drivers\CertClient.dat"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\CMBProtector]
"ImagePath"="\??\c:\windows\system32\Drivers\CMBProtector.dat"
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_USERS\.Default\AppEvents\Schemes\Apps\Conf\ g篘*慂Q\.Current]
@="c:\\Program Files\\NetMeeting\\Blip.wav"

[HKEY_USERS\LocalService\AppEvents\Schemes\Apps\Conf\ g篘*慂Q\.Current]
@="c:\\Program Files\\NetMeeting\\Blip.wav"

[HKEY_USERS\S-1-5-20\AppEvents\Schemes\Apps\Conf\ g篘*慂Q\.Current]
@="c:\\Program Files\\NetMeeting\\Blip.wav"

[HKEY_USERS\S-1-5-21-2969860735-1067826053-1617896150-1005\AppEvents\Schemes\Apps\Conf\ g篘*慂Q\.Current]
@="c:\\Program Files\\NetMeeting\\Blip.wav"

[HKEY_LOCAL_MACHINE\software\Classes\B*D*A*T*u*n*e*r*.*膥鯪\CLSID]
@="{809B6661-94C4-49E6-B6EC-3F0F862215AA}"

[HKEY_LOCAL_MACHINE\software\Classes\B*D*A*T*u*n*e*r*.*膥鯪\CurVer]
@="BDATuner.组件.1"

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Uninstall\Q*Q*2*0*0*8*ck_Hr\Components\SectionQQ]
"Installed"=dword:00000001
.
完成时间: 2009-12-28 19:32:26
ComboFix-quarantined-files.txt 2009-12-28 11:32
ComboFix2.txt 2009-12-27 12:53

Pre-Run: 7 个目录 14,274,260,992 可用字节
Post-Run: 9 个目录 14,224,838,656 可用字节

- - End Of File - - E71097FEAF9BB28AE04FA06353F76B58

#15 Farbar

Farbar

    Just Curious


  • Security Developer
  • 21,706 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:The Netherlands
  • Local time:03:07 AM

Posted 28 December 2009 - 07:16 AM

It looks good. :(


Go to Start => Run => copy and paste next command in the field then hit enter:

ComboFix /Uninstall

This will uninstall Combofix, delete its related folders and files, reset your clock settings, hide file extensions, hide the system/hidden files and resets System Restore again.

It makes a clean Restore Point and clears all the old restore points in order to prevent possible reinfection from an old one through system restore.

*****

Yes, I did install the program \黄河FL by myself. Do I need to remove it?

No it was unknown and wanted to make sure it is installed with your consent.

Could you please introduce me another software to help me clean the system like 360saft used to do.

As I understand 360safe is an antivirus/antispyware, isn't it? You have Kaspersky and Malwarebytes and it covers antivirus/antimalware part.

This small application you may want to keep and use to keep the computer clean.
Download CCleaner from here http://www.ccleaner.com/
  • Run the installer to install the application.
  • When it gives you the option to install Yahoo toolbar uncheck the box next to it.
  • Run CCleaner. (make sure under Windows tab all the boxes of Internet Explorer and Windows explorer are checked. Under System check Empty Recycle Bin and Temporary Files. Under Application tab all the boxes should be checked).
  • Click Run Cleaner.
  • Close CCleaner.

    Note: Please don't use the registry cleaner of CCleaner or any other registry cleaner unless you know what you are doing.
Please tell me if you have any question before we close the topic.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users