First sorry for the chinese version on Malwarebytes...
Malwarebytes' Anti-Malware 1.51.1.1800
www.malwarebytes.org
資料庫版本: 7502
Windows 6.0.6002 Service Pack 2
Internet Explorer 8.0.6001.19120
19/8/2011 10:14:27
mbam-log-2011-08-19 (10-14-26).txt
掃描類型: 快速掃描
被掃描物件數量: 158584
總共掃描時間: 10 分鐘, 14 秒
被感染記憶體進程數量: 0
被感染記憶體模組數量: 0
被感染註冊表項目數量: 0
被感染註冊表值數量: 0
被感染註冊表資料項目數量: 0
被感染資料夾數量: 0
被感染檔案數量: 0
被感染記憶體進程數量:
(沒有檢測到有害項目)
被感染記憶體模組數量:
(沒有檢測
GMER 1.0.15.15641 - http://www.gmer.net
Rootkit quick scan 2011-08-19 09:57:26
Windows 6.0.6002 Service Pack 2 Harddisk0\DR0 -> \Device\Ide\IdeDeviceP2T0L0-4 TOSHIBA_MK1234GSX rev.AH001K
Running: 14ccfte9.exe; Driver: C:\Users\Henry\AppData\Local\Temp\fgloipob.sys
---- System - GMER 1.0.15 ----
Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwCreateProcessEx [0x8F33E398]
---- Devices - GMER 1.0.15 ----
Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-0 856FF1F8
Device \Driver\atapi \Device\Ide\IdeDeviceP2T0L0-4 856FF1F8
Device \Driver\atapi \Device\Ide\IdePort0 856FF1F8
Device \Driver\atapi \Device\Ide\IdePort1 856FF1F8
Device \Driver\atapi \Device\Ide\IdePort2 856FF1F8
Device \Driver\atapi \Device\Ide\IdePort3 856FF1F8
Device \Driver\atapi \Device\Ide\IdePort4 856FF1F8
Device \Driver\msahci \Device\Ide\PciIde1Channel0 857001F8
Device \Driver\msahci \Device\Ide\PciIde1Channel1 857001F8
Device \Driver\msahci \Device\Ide\PciIde1Channel2 857001F8
Device \Driver\aznfl87l \Device\Scsi\aznfl87l1Port8Path0Target1Lun0 867571F8
Device \Driver\aznfl87l \Device\Scsi\aznfl87l1Port8Path0Target0Lun0 867571F8
Device \Driver\aznfl87l \Device\Scsi\aznfl87l1 867571F8
Device \FileSystem\Ntfs \Ntfs aswSP.SYS (avast! self protection module/AVAST Software)
Device \FileSystem\Ntfs \Ntfs 857011F8
AttachedDevice \Driver\tdx \Device\Tcp aswTdi.SYS (avast! TDI Filter Driver/AVAST Software)
AttachedDevice \Driver\tdx \Device\Udp aswTdi.SYS (avast! TDI Filter Driver/AVAST Software)
---- EOF - GMER 1.0.15 ----
.
DDS (Ver_2011-06-23.01) - NTFSx86
Internet Explorer: 8.0.6001.19120 BrowserJavaVersion: 1.6.0_11
Run by Henry at 9:58:26 on 2011-08-19
AV: avast! Antivirus *Disabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}
SP: avast! Antivirus *Disabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\System32\svchost.exe -k secsvcs
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\SYSTEM32\WISPTIS.EXE
C:\Windows\system32\svchost.exe -k NetworkService
C:\Program Files\Common Files\microsoft shared\ink\TabTip.exe
C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
C:\Windows\system32\Dwm.exe
C:\Windows\SYSTEM32\WISPTIS.EXE
C:\Program Files\Common Files\microsoft shared\ink\TabTip.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\System32\svchost.exe -k Akamai
C:\Windows\System32\svchost.exe -k HPZ12
C:\Windows\System32\svchost.exe -k HPZ12
C:\Windows\system32\PnkBstrA.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\Softex\OmniPass\opvapp.exe
C:\Windows\RtHDVCpl.exe
C:\Windows\System32\wpcumi.exe
C:\Program Files\Alwil Software\Avast5\AvastUI.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Program Files\Common Files\Microsoft Shared\Ink\InputPersonalization.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\system32\wuauclt.exe
C:\Windows\system32\taskeng.exe
C:\Windows\explorer.exe
C:\Windows\system32\Taskmgr.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\conime.exe
C:\Windows\system32\wbem\wmiprvse.exe
.
============== Pseudo HJT Report ===============
.
uSearch Bar = hxxp://www.yahoo.com/search/ie.html
mDefault_Page_URL = hxxp://www.pc-ap.fujitsu.com/
uInternet Settings,ProxyOverride = local
BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll
BHO: Canon Easy-WebPrint EX BHO: {3785d0ad-bfff-47f6-bf5b-a587c162fed9} - c:\program files\canon\easy-webprint ex\ewpexbho.dll
BHO: WebDetectorBHO Class: {43beafd9-e005-483d-a367-146ba6c8a32e} - c:\program files\tudou\?速tudou\tudouDetector.dll
BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
BHO: Search Helper: {6ebf7485-159f-4bff-a14f-b9e3aac4465b} - c:\program files\microsoft\search enhancement pack\search helper\SEPsearchhelperie.dll
BHO: Java(tm) Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre6\bin\ssv.dll
BHO: Windows Live 登入小幫手: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\google toolbar\GoogleToolbar.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.6.5612.1312\swg.dll
BHO: Google Dictionary Compression sdch: {c84d72fe-e17d-4195-bb24-76c02e2e7c4e} - c:\program files\google\google toolbar\component\fastsearch_A8904FB862BD9564.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: Windows Live Toolbar Helper: {e15a8dc0-8516-42a1-81ea-dc94ec1acf10} - c:\program files\windows live\toolbar\wltcore.dll
TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar.dll
TB: &Windows Live Toolbar: {21fa44ef-376d-4d53-9b0f-8a89d3229068} - c:\program files\windows live\toolbar\wltcore.dll
TB: Canon Easy-WebPrint EX: {759d9886-0c6f-4498-bab6-4a5f47c6c72f} - c:\program files\canon\easy-webprint ex\ewpexhlp.dll
TB: {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - No File
TB: {A057A204-BACC-4D26-9990-79A187E2698E} - No File
EB: Canon Easy-WebPrint EX: {21347690-ec41-4f9a-8887-1f4aee672439} - c:\program files\canon\easy-webprint ex\ewpexhlp.dll
uRun: [msnmsgr] "c:\program files\windows live\messenger\msnmsgr.exe" /background
uRun: [swg] "c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe"
uRun: [DAEMON Tools Lite] "c:\program files\daemon tools lite\daemon.exe" -autorun
mRun: [RtHDVCpl] RtHDVCpl.exe
mRun: [WPCUMI] c:\windows\system32\WpcUmi.exe
mRun: [CanonMyPrinter] c:\program files\canon\myprinter\BJMyPrt.exe /logon
mRun: [CanonSolutionMenuEx] c:\program files\canon\solution menu ex\CNSEMAIN.EXE /logon
mRun: [avast] "c:\program files\alwil software\avast5\avastUI.exe" /nogui
mRunOnce: [PCDrProfiler] c:\program files\fujitsu hardware diagnostics tool\RunProfiler.exe -r
mRunOnce: [Malwarebytes' Anti-Malware] c:\program files\malwarebytes' anti-malware\mbamgui.exe /install /silent
mPolicies-explorer: BindDirectlyToPropertySetStorage = 0 (0x0)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office12\EXCEL.EXE/3000
IE: 匯出至 Microsoft Excel(&X) - c:\progra~1\micros~2\office12\EXCEL.EXE/3000
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - c:\program files\windows live\writer\WriterBrowserExtension.dll
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~2\office12\ONBttnIE.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office12\REFIEBAR.DLL
LSP: c:\windows\system32\wpclsp.dll
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
TCP: DhcpNameServer = 192.168.1.1
TCP: Interfaces\{D166C2BC-7A70-4BFA-A4A9-83A25E57A617} : DhcpNameServer = 192.168.1.1
TCP: Interfaces\{D94053BE-C752-4B08-908F-1200A8810B2E} : DhcpNameServer = 192.168.1.1
Filter: x-sdch - {B1759355-3EEC-4C1E-B0F1-B719FE26E377} - c:\program files\google\google toolbar\component\fastsearch_A8904FB862BD9564.dll
Notify: igfxcui - igfxdev.dll
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\users\henry\appdata\roaming\mozilla\firefox\profiles\g00ndh4x.default\
FF - prefs.js: browser.search.defaulturl - hxxp://www.google.com/search?lr=&ie=UTF-8&oe=UTF-8&q=
FF - prefs.js: browser.search.selectedEngine - Yahoo
FF - prefs.js: network.proxy.type - 2
.
============= SERVICES / DRIVERS ===============
.
R0 FJGSDisk;G-Sensor Application Filter Driver;c:\windows\system32\drivers\FJGSDisk.sys [2007-5-10 10368]
R0 O2MDRDR;O2MDRDR;c:\windows\system32\drivers\o2media.sys [2006-10-3 36640]
R0 O2SDRDR;O2SDRDR;c:\windows\system32\drivers\o2sd.sys [2006-10-12 33152]
R1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys [2011-5-24 441176]
R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [2010-6-7 309848]
R2 Akamai;Akamai NetSession Interface;c:\windows\system32\svchost.exe -k Akamai [2008-6-26 21504]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2010-6-7 19544]
R2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [2010-6-7 54104]
R2 avast! Antivirus;avast! Antivirus;c:\program files\alwil software\avast5\AvastSvc.exe [2010-6-7 42184]
R2 FontCache;Windows Font Cache Service;c:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation [2008-6-26 21504]
R3 fgloipob;fgloipob;C:\fgloipob.sys [2011-8-19 100864]
R3 FUJ02E3;Fujitsu FUJ02E3 Device Driver;c:\windows\system32\drivers\fuj02e3.sys [2007-5-10 5632]
R3 WISDPen;Wacom Penabled MiniDriver;c:\windows\system32\drivers\wisdpen.sys [2007-5-10 34736]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S3 ADVNTDRV;ADVNTDRV;c:\windows\system32\drivers\ADVNTDRV.SYS [2007-12-12 3872]
S3 SMSCIRDA;SMSC 紅外線裝置驅動程式;c:\windows\system32\drivers\smscirda.sys [2006-11-2 30720]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2010-3-18 753504]
S3 wtpfiltr;wtpfiltr;c:\windows\system32\drivers\wtpfiltr.sys [2007-5-10 7680]
S4 UpdateNaviInstallService;UpdateNaviInstallService;c:\program files\fujitsu\updnavi\updnvsrv.exe [2007-1-11 12288]
.
=============== Created Last 30 ================
.
2011-08-18 17:14:58 100864 ----a-w- C:\fgloipob.sys
2011-08-18 17:10:57 -------- d-----w- c:\users\henry\appdata\roaming\Malwarebytes
2011-08-18 17:10:45 41272 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2011-08-18 17:10:44 -------- d-----w- c:\programdata\Malwarebytes
2011-08-18 17:10:41 22712 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-08-18 17:10:41 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2011-08-17 06:32:06 7152464 ----a-w- c:\programdata\microsoft\windows defender\definition updates\{21ea345c-aa0c-4ac2-8d4e-f5d213117a46}\mpengine.dll
2011-08-14 01:31:03 -------- d-----w- c:\program files\Pando Networks
2011-08-09 19:26:13 375808 ----a-w- c:\windows\system32\winsrv.dll
2011-08-09 19:26:11 214016 ----a-w- c:\windows\system32\drivers\mrxsmb10.sys
2011-08-09 19:26:08 2409784 ----a-w- c:\program files\windows mail\OESpamFilter.dat
2011-08-09 19:26:01 916480 ----a-w- c:\windows\system32\wininet.dll
2011-08-09 19:26:01 247808 ----a-w- c:\program files\internet explorer\ieproxy.dll
2011-08-09 19:26:00 129536 ----a-w- c:\program files\internet explorer\sqmapi.dll
2011-08-08 13:40:53 -------- d-----w- C:\AeriaGames
2011-08-08 13:23:21 -------- d-----w- c:\program files\common files\Akamai
2011-08-06 14:21:08 137176 ----a-w- c:\windows\system32\drivers\PnkBstrK.sys
2011-08-06 14:21:01 268952 ----a-w- c:\windows\system32\PnkBstrB.exe
2011-08-06 14:21:01 268952 ----a-w- c:\windows\system32\PnkBstrB.ex0
2011-08-06 14:20:58 268952 ----a-w- c:\windows\system32\PnkBstrB.xtr
2011-08-06 14:20:45 75136 ----a-w- c:\windows\system32\PnkBstrA.exe
2011-08-06 13:43:03 -------- d-----w- c:\users\henry\Wolfenstein - Enemy Territory
2011-07-21 11:12:03 2043392 ----a-w- c:\windows\system32\win32k.sys
2011-07-21 10:49:01 49152 ----a-w- c:\windows\system32\csrsrv.dll
2011-07-21 10:48:42 276992 ----a-w- c:\windows\system32\schannel.dll
.
==================== Find3M ====================
.
2011-07-23 11:00:05 43520 ----a-w- c:\windows\system32\licmgr10.dll
2011-07-23 10:59:52 1469440 ----a-w- c:\windows\system32\inetcpl.cpl
2011-07-23 10:59:34 71680 ----a-w- c:\windows\system32\iesetup.dll
2011-07-23 10:59:34 109056 ----a-w- c:\windows\system32\iesysprep.dll
2011-07-23 10:03:47 385024 ----a-w- c:\windows\system32\html.iec
2011-07-23 09:27:04 133632 ----a-w- c:\windows\system32\ieUnatt.exe
2011-07-23 09:25:38 1638912 ----a-w- c:\windows\system32\mshtml.tlb
2011-07-17 05:58:39 43520 ----a-w- c:\windows\system32\CmdLineExt03.dll
2011-07-04 11:43:53 40112 ----a-w- c:\windows\avastSS.scr
2011-07-04 11:36:43 441176 ----a-w- c:\windows\system32\drivers\aswSnx.sys
2011-07-04 11:32:20 54104 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys
2011-06-20 08:54:36 3602832 ----a-w- c:\windows\system32\ntkrnlpa.exe
2011-06-20 08:54:36 3550096 ----a-w- c:\windows\system32\ntoskrnl.exe
2011-06-17 20:13:55 905104 ----a-w- c:\windows\system32\drivers\tcpip.sys
2011-06-17 00:43:13 404640 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2011-05-24 09:14:10 222080 ------w- c:\windows\system32\MpSigStub.exe
.
============= FINISH: 10:00:31.40 ===============
Malwarebytes' Anti-Malware 1.51.1.1800
www.malwarebytes.org
資料庫版本: 7502
Windows 6.0.6002 Service Pack 2
Internet Explorer 8.0.6001.19120
19/8/2011 10:14:27
mbam-log-2011-08-19 (10-14-26).txt
掃描類型: 快速掃描
被掃描物件數量: 158584
總共掃描時間: 10 分鐘, 14 秒
被感染記憶體進程數量: 0
被感染記憶體模組數量: 0
被感染註冊表項目數量: 0
被感染註冊表值數量: 0
被感染註冊表資料項目數量: 0
被感染資料夾數量: 0
被感染檔案數量: 0
被感染記憶體進程數量:
(沒有檢測到有害項目)
被感染記憶體模組數量:
(沒有檢測
GMER 1.0.15.15641 - http://www.gmer.net
Rootkit quick scan 2011-08-19 09:57:26
Windows 6.0.6002 Service Pack 2 Harddisk0\DR0 -> \Device\Ide\IdeDeviceP2T0L0-4 TOSHIBA_MK1234GSX rev.AH001K
Running: 14ccfte9.exe; Driver: C:\Users\Henry\AppData\Local\Temp\fgloipob.sys
---- System - GMER 1.0.15 ----
Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwCreateProcessEx [0x8F33E398]
---- Devices - GMER 1.0.15 ----
Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-0 856FF1F8
Device \Driver\atapi \Device\Ide\IdeDeviceP2T0L0-4 856FF1F8
Device \Driver\atapi \Device\Ide\IdePort0 856FF1F8
Device \Driver\atapi \Device\Ide\IdePort1 856FF1F8
Device \Driver\atapi \Device\Ide\IdePort2 856FF1F8
Device \Driver\atapi \Device\Ide\IdePort3 856FF1F8
Device \Driver\atapi \Device\Ide\IdePort4 856FF1F8
Device \Driver\msahci \Device\Ide\PciIde1Channel0 857001F8
Device \Driver\msahci \Device\Ide\PciIde1Channel1 857001F8
Device \Driver\msahci \Device\Ide\PciIde1Channel2 857001F8
Device \Driver\aznfl87l \Device\Scsi\aznfl87l1Port8Path0Target1Lun0 867571F8
Device \Driver\aznfl87l \Device\Scsi\aznfl87l1Port8Path0Target0Lun0 867571F8
Device \Driver\aznfl87l \Device\Scsi\aznfl87l1 867571F8
Device \FileSystem\Ntfs \Ntfs aswSP.SYS (avast! self protection module/AVAST Software)
Device \FileSystem\Ntfs \Ntfs 857011F8
AttachedDevice \Driver\tdx \Device\Tcp aswTdi.SYS (avast! TDI Filter Driver/AVAST Software)
AttachedDevice \Driver\tdx \Device\Udp aswTdi.SYS (avast! TDI Filter Driver/AVAST Software)
---- EOF - GMER 1.0.15 ----
.
DDS (Ver_2011-06-23.01) - NTFSx86
Internet Explorer: 8.0.6001.19120 BrowserJavaVersion: 1.6.0_11
Run by Henry at 9:58:26 on 2011-08-19
AV: avast! Antivirus *Disabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}
SP: avast! Antivirus *Disabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\System32\svchost.exe -k secsvcs
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\SYSTEM32\WISPTIS.EXE
C:\Windows\system32\svchost.exe -k NetworkService
C:\Program Files\Common Files\microsoft shared\ink\TabTip.exe
C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
C:\Windows\system32\Dwm.exe
C:\Windows\SYSTEM32\WISPTIS.EXE
C:\Program Files\Common Files\microsoft shared\ink\TabTip.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\System32\svchost.exe -k Akamai
C:\Windows\System32\svchost.exe -k HPZ12
C:\Windows\System32\svchost.exe -k HPZ12
C:\Windows\system32\PnkBstrA.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\Softex\OmniPass\opvapp.exe
C:\Windows\RtHDVCpl.exe
C:\Windows\System32\wpcumi.exe
C:\Program Files\Alwil Software\Avast5\AvastUI.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Program Files\Common Files\Microsoft Shared\Ink\InputPersonalization.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\system32\wuauclt.exe
C:\Windows\system32\taskeng.exe
C:\Windows\explorer.exe
C:\Windows\system32\Taskmgr.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\conime.exe
C:\Windows\system32\wbem\wmiprvse.exe
.
============== Pseudo HJT Report ===============
.
uSearch Bar = hxxp://www.yahoo.com/search/ie.html
mDefault_Page_URL = hxxp://www.pc-ap.fujitsu.com/
uInternet Settings,ProxyOverride = local
BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll
BHO: Canon Easy-WebPrint EX BHO: {3785d0ad-bfff-47f6-bf5b-a587c162fed9} - c:\program files\canon\easy-webprint ex\ewpexbho.dll
BHO: WebDetectorBHO Class: {43beafd9-e005-483d-a367-146ba6c8a32e} - c:\program files\tudou\?速tudou\tudouDetector.dll
BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
BHO: Search Helper: {6ebf7485-159f-4bff-a14f-b9e3aac4465b} - c:\program files\microsoft\search enhancement pack\search helper\SEPsearchhelperie.dll
BHO: Java(tm) Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre6\bin\ssv.dll
BHO: Windows Live 登入小幫手: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\google toolbar\GoogleToolbar.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.6.5612.1312\swg.dll
BHO: Google Dictionary Compression sdch: {c84d72fe-e17d-4195-bb24-76c02e2e7c4e} - c:\program files\google\google toolbar\component\fastsearch_A8904FB862BD9564.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: Windows Live Toolbar Helper: {e15a8dc0-8516-42a1-81ea-dc94ec1acf10} - c:\program files\windows live\toolbar\wltcore.dll
TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar.dll
TB: &Windows Live Toolbar: {21fa44ef-376d-4d53-9b0f-8a89d3229068} - c:\program files\windows live\toolbar\wltcore.dll
TB: Canon Easy-WebPrint EX: {759d9886-0c6f-4498-bab6-4a5f47c6c72f} - c:\program files\canon\easy-webprint ex\ewpexhlp.dll
TB: {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - No File
TB: {A057A204-BACC-4D26-9990-79A187E2698E} - No File
EB: Canon Easy-WebPrint EX: {21347690-ec41-4f9a-8887-1f4aee672439} - c:\program files\canon\easy-webprint ex\ewpexhlp.dll
uRun: [msnmsgr] "c:\program files\windows live\messenger\msnmsgr.exe" /background
uRun: [swg] "c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe"
uRun: [DAEMON Tools Lite] "c:\program files\daemon tools lite\daemon.exe" -autorun
mRun: [RtHDVCpl] RtHDVCpl.exe
mRun: [WPCUMI] c:\windows\system32\WpcUmi.exe
mRun: [CanonMyPrinter] c:\program files\canon\myprinter\BJMyPrt.exe /logon
mRun: [CanonSolutionMenuEx] c:\program files\canon\solution menu ex\CNSEMAIN.EXE /logon
mRun: [avast] "c:\program files\alwil software\avast5\avastUI.exe" /nogui
mRunOnce: [PCDrProfiler] c:\program files\fujitsu hardware diagnostics tool\RunProfiler.exe -r
mRunOnce: [Malwarebytes' Anti-Malware] c:\program files\malwarebytes' anti-malware\mbamgui.exe /install /silent
mPolicies-explorer: BindDirectlyToPropertySetStorage = 0 (0x0)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office12\EXCEL.EXE/3000
IE: 匯出至 Microsoft Excel(&X) - c:\progra~1\micros~2\office12\EXCEL.EXE/3000
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - c:\program files\windows live\writer\WriterBrowserExtension.dll
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~2\office12\ONBttnIE.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office12\REFIEBAR.DLL
LSP: c:\windows\system32\wpclsp.dll
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
TCP: DhcpNameServer = 192.168.1.1
TCP: Interfaces\{D166C2BC-7A70-4BFA-A4A9-83A25E57A617} : DhcpNameServer = 192.168.1.1
TCP: Interfaces\{D94053BE-C752-4B08-908F-1200A8810B2E} : DhcpNameServer = 192.168.1.1
Filter: x-sdch - {B1759355-3EEC-4C1E-B0F1-B719FE26E377} - c:\program files\google\google toolbar\component\fastsearch_A8904FB862BD9564.dll
Notify: igfxcui - igfxdev.dll
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\users\henry\appdata\roaming\mozilla\firefox\profiles\g00ndh4x.default\
FF - prefs.js: browser.search.defaulturl - hxxp://www.google.com/search?lr=&ie=UTF-8&oe=UTF-8&q=
FF - prefs.js: browser.search.selectedEngine - Yahoo
FF - prefs.js: network.proxy.type - 2
.
============= SERVICES / DRIVERS ===============
.
R0 FJGSDisk;G-Sensor Application Filter Driver;c:\windows\system32\drivers\FJGSDisk.sys [2007-5-10 10368]
R0 O2MDRDR;O2MDRDR;c:\windows\system32\drivers\o2media.sys [2006-10-3 36640]
R0 O2SDRDR;O2SDRDR;c:\windows\system32\drivers\o2sd.sys [2006-10-12 33152]
R1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys [2011-5-24 441176]
R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [2010-6-7 309848]
R2 Akamai;Akamai NetSession Interface;c:\windows\system32\svchost.exe -k Akamai [2008-6-26 21504]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2010-6-7 19544]
R2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [2010-6-7 54104]
R2 avast! Antivirus;avast! Antivirus;c:\program files\alwil software\avast5\AvastSvc.exe [2010-6-7 42184]
R2 FontCache;Windows Font Cache Service;c:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation [2008-6-26 21504]
R3 fgloipob;fgloipob;C:\fgloipob.sys [2011-8-19 100864]
R3 FUJ02E3;Fujitsu FUJ02E3 Device Driver;c:\windows\system32\drivers\fuj02e3.sys [2007-5-10 5632]
R3 WISDPen;Wacom Penabled MiniDriver;c:\windows\system32\drivers\wisdpen.sys [2007-5-10 34736]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S3 ADVNTDRV;ADVNTDRV;c:\windows\system32\drivers\ADVNTDRV.SYS [2007-12-12 3872]
S3 SMSCIRDA;SMSC 紅外線裝置驅動程式;c:\windows\system32\drivers\smscirda.sys [2006-11-2 30720]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2010-3-18 753504]
S3 wtpfiltr;wtpfiltr;c:\windows\system32\drivers\wtpfiltr.sys [2007-5-10 7680]
S4 UpdateNaviInstallService;UpdateNaviInstallService;c:\program files\fujitsu\updnavi\updnvsrv.exe [2007-1-11 12288]
.
=============== Created Last 30 ================
.
2011-08-18 17:14:58 100864 ----a-w- C:\fgloipob.sys
2011-08-18 17:10:57 -------- d-----w- c:\users\henry\appdata\roaming\Malwarebytes
2011-08-18 17:10:45 41272 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2011-08-18 17:10:44 -------- d-----w- c:\programdata\Malwarebytes
2011-08-18 17:10:41 22712 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-08-18 17:10:41 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2011-08-17 06:32:06 7152464 ----a-w- c:\programdata\microsoft\windows defender\definition updates\{21ea345c-aa0c-4ac2-8d4e-f5d213117a46}\mpengine.dll
2011-08-14 01:31:03 -------- d-----w- c:\program files\Pando Networks
2011-08-09 19:26:13 375808 ----a-w- c:\windows\system32\winsrv.dll
2011-08-09 19:26:11 214016 ----a-w- c:\windows\system32\drivers\mrxsmb10.sys
2011-08-09 19:26:08 2409784 ----a-w- c:\program files\windows mail\OESpamFilter.dat
2011-08-09 19:26:01 916480 ----a-w- c:\windows\system32\wininet.dll
2011-08-09 19:26:01 247808 ----a-w- c:\program files\internet explorer\ieproxy.dll
2011-08-09 19:26:00 129536 ----a-w- c:\program files\internet explorer\sqmapi.dll
2011-08-08 13:40:53 -------- d-----w- C:\AeriaGames
2011-08-08 13:23:21 -------- d-----w- c:\program files\common files\Akamai
2011-08-06 14:21:08 137176 ----a-w- c:\windows\system32\drivers\PnkBstrK.sys
2011-08-06 14:21:01 268952 ----a-w- c:\windows\system32\PnkBstrB.exe
2011-08-06 14:21:01 268952 ----a-w- c:\windows\system32\PnkBstrB.ex0
2011-08-06 14:20:58 268952 ----a-w- c:\windows\system32\PnkBstrB.xtr
2011-08-06 14:20:45 75136 ----a-w- c:\windows\system32\PnkBstrA.exe
2011-08-06 13:43:03 -------- d-----w- c:\users\henry\Wolfenstein - Enemy Territory
2011-07-21 11:12:03 2043392 ----a-w- c:\windows\system32\win32k.sys
2011-07-21 10:49:01 49152 ----a-w- c:\windows\system32\csrsrv.dll
2011-07-21 10:48:42 276992 ----a-w- c:\windows\system32\schannel.dll
.
==================== Find3M ====================
.
2011-07-23 11:00:05 43520 ----a-w- c:\windows\system32\licmgr10.dll
2011-07-23 10:59:52 1469440 ----a-w- c:\windows\system32\inetcpl.cpl
2011-07-23 10:59:34 71680 ----a-w- c:\windows\system32\iesetup.dll
2011-07-23 10:59:34 109056 ----a-w- c:\windows\system32\iesysprep.dll
2011-07-23 10:03:47 385024 ----a-w- c:\windows\system32\html.iec
2011-07-23 09:27:04 133632 ----a-w- c:\windows\system32\ieUnatt.exe
2011-07-23 09:25:38 1638912 ----a-w- c:\windows\system32\mshtml.tlb
2011-07-17 05:58:39 43520 ----a-w- c:\windows\system32\CmdLineExt03.dll
2011-07-04 11:43:53 40112 ----a-w- c:\windows\avastSS.scr
2011-07-04 11:36:43 441176 ----a-w- c:\windows\system32\drivers\aswSnx.sys
2011-07-04 11:32:20 54104 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys
2011-06-20 08:54:36 3602832 ----a-w- c:\windows\system32\ntkrnlpa.exe
2011-06-20 08:54:36 3550096 ----a-w- c:\windows\system32\ntoskrnl.exe
2011-06-17 20:13:55 905104 ----a-w- c:\windows\system32\drivers\tcpip.sys
2011-06-17 00:43:13 404640 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2011-05-24 09:14:10 222080 ------w- c:\windows\system32\MpSigStub.exe
.
============= FINISH: 10:00:31.40 ===============