Please Help me my Task manager open and close less than 1 minute

Inactive
By yongwei1992
Nov 23, 2010
Topic Status:
Not open for further replies.
  1. My computer is notebook computer HP compaq nx6320 and Windows XP professional service package 2 and previously i using AVG antivirus. On a day my computer is infected by virus so i make a scan by using a software to delete the infected file and malware in the safe mode, Then, my task manager suddenly cannot use and the AVG also cannot function after the scan. So i uninstall it and install avast antivirus. Then starting from that time my task manager cannot run already, once i press ctrl alt del it run then close. I try many suggestion from the website, but also can't recover my task manager.Somebody help me to recover my task manager please.....Thanks.
  2. crunchie

    crunchie Malware Helper Posts: 761

    Hi and welcome to TechSpot forums :).

    ====

    Please read the directions given here and when done, post the requested logs.
    Please paste the logs, do not attach them.
  3. yongwei1992

    yongwei1992 Newcomer, in training Topic Starter

    if i unable to make a scan using anti-malware. what i gonna do?
  4. yongwei1992

    yongwei1992 Newcomer, in training Topic Starter

    what i gonna do is i unable to make a malware scan using anti malware? the scan run until half then stop and come out a error report and ask me whether to send or don't send after that the Dr. Watson error report come out again and ask me whether to send and don't send again. At last, i unable to perform the malware scan.
  5. crunchie

    crunchie Malware Helper Posts: 761

    Are you able to do a system restore?
  6. yongwei1992

    yongwei1992 Newcomer, in training Topic Starter

    ya i can perform the system restore in my computer.
  7. crunchie

    crunchie Malware Helper Posts: 761

    Go to Start | Run and type in msconfig and hit OK. Select the Launch System Restore button.
    The radio button for Restore my computer to an earlier time should be selected then go next.
    Select a date that goes back to a time before the problem started and select next.

    How is the PC after doing that?
  8. yongwei1992

    yongwei1992 Newcomer, in training Topic Starter

    i did make a system restore but i unable to make the restore to an earlier time before the problem happen and it comes out an incomplete restore when i make the restore to the earlier time before the problem happen.. This is because the problem is happen several week before from now.
  9. crunchie

    crunchie Malware Helper Posts: 761

    Please download ComboFix by sUBs from HERE or HERE
    • You must download it to and run it from your Desktop
    • Physically disconnect from the internet.
    • Now STOP all your monitoring programs (Antivirus/Antispyware, Guards and Shields) as they could easily interfere with ComboFix.
    • Double click combofix.exe & follow the prompts.
    • When finished, it will produce a log. Please save that log to post in your next reply.
    • Re-enable all the programs that were disabled during the running of ComboFix..

    Note:
    Do not mouse-click combofix's window while it is running. That may cause it to stall.

    CF disconnects your machine from the internet. The connection is automatically restored before CF completes its run. If CF runs into difficulty and terminates prematurely, the connection can be manually restored by restarting your machine.

    Run Combofix ONCE only!!
  10. yongwei1992

    yongwei1992 Newcomer, in training Topic Starter

    This is my log after the performing the ComboFIx

    Attached Files:

  11. crunchie

    crunchie Malware Helper Posts: 761

    No attachments please. Just paste them into your reply.
     
  12. yongwei1992

    yongwei1992 Newcomer, in training Topic Starter

    ComboFix 10-11-24.03 - Administrator 5/2010 Thu 17:21:37.1.2 - x86
    Microsoft Windows XP Professional 5.1.2600.2.936.86.1033.18.2551.1978 [GMT 8:00]
    执行位置: c:\documents and settings\Administrator\Desktop\ComboFix.exe

    注意 - 这台电脑没有安装恢复控制台 !!
    .

    ((((((((((((((((((((((((((((((((((((((( 被删除的档案 )))))))))))))))))))))))))))))))))))))))))))))))))
    .

    c:\documents and settings\Administrator\Application Data\.#
    c:\documents and settings\Administrator\Application Data\.#\MBX@B1C@3C4140.###
    c:\documents and settings\Administrator\Application Data\.#\MBX@B1C@3C4170.###
    c:\documents and settings\Administrator\Application Data\.#\MBX@B1C@3C41A0.###
    c:\documents and settings\Administrator\Application Data\p4p
    c:\documents and settings\Administrator\Application Data\p4p\dlmgr.dat
    c:\documents and settings\Administrator\Application Data\p4p\rss.opml
    c:\documents and settings\Administrator\Application Data\p4p\rsslasturl.txt
    c:\documents and settings\Administrator\Application Data\Smart Engine
    c:\documents and settings\Administrator\Application Data\Smart Engine\cookies.sqlite
    c:\documents and settings\Administrator\Application Data\Smart Engine\Instructions.ini
    c:\documents and settings\Administrator\Desktop\Coopen.lnk
    c:\documents and settings\Administrator\Recent\ANTIGEN.dll
    c:\documents and settings\Administrator\Recent\ANTIGEN.tmp
    c:\documents and settings\Administrator\Recent\cb.sys
    c:\documents and settings\Administrator\Recent\cid.tmp
    c:\documents and settings\Administrator\Recent\CLSV.dll
    c:\documents and settings\Administrator\Recent\DBOLE.drv
    c:\documents and settings\Administrator\Recent\energy.dll
    c:\documents and settings\Administrator\Recent\exec.exe
    c:\documents and settings\Administrator\Recent\gid.sys
    c:\documents and settings\Administrator\Recent\grid.sys
    c:\documents and settings\Administrator\Recent\PE.drv
    c:\documents and settings\Administrator\Recent\sld.tmp
    c:\documents and settings\Administrator\Recent\std.exe
    c:\documents and settings\Administrator\Recent\tjd.sys
    c:\documents and settings\Administrator\Start Menu\Programs\Coopen
    c:\documents and settings\Administrator\Start Menu\Programs\Coopen\Coopen播放器.lnk
    c:\documents and settings\Administrator\Start Menu\Programs\Startup\Coopen播放器.lnk
    c:\documents and settings\Administrator\Start Menu\Smart Engine.lnk
    c:\documents and settings\All Users\Start Menu\Internet Explorer.lnk
    c:\documents and settings\All Users\Start Menu\Programs\Internet Explorer.lnk
    c:\progra~1\Yahoo!\ASSIST~1\Assist\yaNGling.dll
    c:\progra~1\Yahoo!\ASSIST~1\Assist\yaSBar.dll
    c:\progra~1\Yahoo!\ASSIST~1\Assist\yaSNoad.dll
    c:\progra~1\Yahoo!\ASSIST~1\Assist\yaSSist.dll
    c:\progra~1\Yahoo!\ASSIST~1\Assist\YDRAgs~1.dll
    c:\progra~1\Yahoo!\ASSIST~1\Assist\yeHEocx.dll
    c:\progra~1\Yahoo!\ASSIST~1\Assist\ypHOtoseasy.dll
    c:\progra~1\Yahoo!\ASSIST~1\Assist\ypHTb.dll
    c:\progra~1\Yahoo!\ASSIST~1\Assist\yzSNetproto.dll
    c:\progra~1\Yahoo!\ASSIST~1\yaLIve.dll
    c:\progra~1\Yahoo!\ASSIST~1\YnOTifier.dll
    c:\program files\Coopen
    c:\program files\Coopen\conf\Administrator.ini
    c:\program files\Coopen\conf\All Users.ini
    c:\program files\Coopen\conf\Coopen.inf
    c:\program files\Coopen\conf\Debug
    c:\program files\Coopen\conf\Log.txt
    c:\program files\Coopen\conf\MainParams
    c:\program files\Coopen\conf\ModeAChannelList.txt
    c:\program files\Coopen\conf\ModeAChannelList.txt.bak
    c:\program files\Coopen\conf\ModeAChannelListReal.txt
    c:\program files\Coopen\conf\PluginConfig.ini
    c:\program files\Coopen\conf\ServerList.txt
    c:\program files\Coopen\conf\TodayInfo
    c:\program files\Coopen\Coopen.exe
    c:\program files\Coopen\Coopen.scr
    c:\program files\Coopen\CoOPenactivecontrol108.dll
    c:\program files\Coopen\CoopenAir.exe
    c:\program files\Coopen\CoopenMainManager.dll
    c:\program files\Coopen\image\CoopenWallpaper.bmp
    c:\program files\Coopen\image\Photo\local Photo\B_0.jpg
    c:\program files\Coopen\image\Photo\local Photo\B_1.jpg
    c:\program files\Coopen\image\Photo\local Photo\ModeBList.ini
    c:\program files\Coopen\image\Wallpaper\coopen wallpaper\DefaultCoopenWallpaper.jpg
    c:\program files\Coopen\image\Wallpaper\coopen wallpaper\PicList.ini
    c:\program files\Coopen\image\Wallpaper\coopen wallpaper\todaypic\128998118219.jpg
    c:\program files\Coopen\image\Wallpaper\coopen wallpaper\todaypic\128998118219.xml
    c:\program files\Coopen\image\Wallpaper\coopen wallpaper\todaypic\AdList.ini
    c:\program files\Coopen\image\Wallpaper\coopen wallpaper\todaypic\PicList.ini
    c:\program files\Coopen\image\Wallpaper\local wallpaper\DefaultCoopenWallpaper.jpg
    c:\program files\Coopen\image\Wallpaper\local wallpaper\ModeAList.ini
    c:\program files\Coopen\licence.txt
    c:\program files\Coopen\Resource\SkinFormal\Background.png
    c:\program files\Coopen\Resource\SkinFormal\Button_Channel.png
    c:\program files\Coopen\Resource\SkinFormal\Button_Close.png
    c:\program files\Coopen\Resource\SkinFormal\Button_Commit.png
    c:\program files\Coopen\Resource\SkinFormal\Button_Next.png
    c:\program files\Coopen\Resource\SkinFormal\Button_Pause.png
    c:\program files\Coopen\Resource\SkinFormal\Button_Play.png
    c:\program files\Coopen\Resource\SkinFormal\Button_Prev.png
    c:\program files\Coopen\Resource\SkinFormal\Button_Widget.png
    c:\program files\Coopen\Resource\SkinFormal\CheckC.png
    c:\program files\Coopen\Resource\SkinFormal\CheckU.png
    c:\program files\Coopen\Resource\SkinFormal\Indicator1.png
    c:\program files\Coopen\Resource\SkinFormal\Indicator2.png
    c:\program files\Coopen\Resource\SkinFormal\MainIcon.png
    c:\program files\Coopen\Resource\SkinFormal\Message.png
    c:\program files\Coopen\Resource\SkinFormal\Notify.png
    c:\program files\Coopen\Resource\SkinFormal\Progress.png
    c:\program files\Coopen\Resource\SkinFormal\Push_Cancel.png
    c:\program files\Coopen\Resource\SkinFormal\Push_Config.png
    c:\program files\Coopen\Resource\SkinFormal\Push_Confirm.png
    c:\program files\Coopen\Resource\SkinFormal\Push_Folder.png
    c:\program files\Coopen\Resource\SkinFormal\RadioC.png
    c:\program files\Coopen\Resource\SkinFormal\RadioU.png
    c:\program files\Coopen\Resource\SkinFormal\SkinClient.ini
    c:\program files\Coopen\Resource\SkinFormal\SkinClose.ini
    c:\program files\Coopen\Resource\SkinFormal\Synopsis1.ini
    c:\program files\Coopen\Resource\SkinFormal\Synopsis1.png
    c:\program files\Coopen\Templete\CoopenPhoto.jpg
    c:\program files\Coopen\Templete\Default.tpl
    c:\program files\Coopen\Templete\DefaultCoopenWallpaper.jpg
    c:\program files\Coopen\Templete\ModeB.tpl
    c:\program files\Coopen\Templete\ModeB_logo.jpg
    c:\program files\Coopen\Templete\ModeC.tpl
    c:\program files\Coopen\uninst.exe
    c:\program files\P4P\waVAna.ax
    c:\program files\ppsaddr\ppsAddr.dll
    c:\program files\UNIKEY~1\addr.dll
    c:\program files\WinPCap
    c:\program files\WinPCap\daemon_mgm.exe
    c:\program files\WinPCap\INSTALL.LOG
    c:\program files\WinPCap\npf_mgm.exe
    c:\program files\WinPCap\rpcapd.exe
    c:\program files\WinPCap\Uninstall.exe
    c:\program files\yahoo!\assist~1
    c:\program files\yahoo!\assist~1\Assist\CoolBar\prodef.ini
    c:\program files\yahoo!\assist~1\Assist\CoolBar\profile.ini
    c:\program files\yahoo!\assist~1\Assist\float.gif
    c:\program files\yahoo!\assist~1\Assist\Images\adkiller.bmp
    c:\program files\yahoo!\assist~1\Assist\Images\alert.bmp
    c:\program files\yahoo!\assist~1\Assist\Images\alertnew.bmp
    c:\program files\yahoo!\assist~1\Assist\Images\anitvirus.bmp
    c:\program files\yahoo!\assist~1\Assist\Images\assist.bmp
    c:\program files\yahoo!\assist~1\Assist\Images\clear.bmp
    c:\program files\yahoo!\assist~1\Assist\Images\custheme.bmp
    c:\program files\yahoo!\assist~1\Assist\Images\gouwu.bmp
    c:\program files\yahoo!\assist~1\Assist\Images\hilight.bmp
    c:\program files\yahoo!\assist~1\Assist\Images\iefix.bmp
    c:\program files\yahoo!\assist~1\Assist\Images\logo.bmp
    c:\program files\yahoo!\assist~1\Assist\Images\music.bmp
    c:\program files\yahoo!\assist~1\Assist\Images\musiclink.bmp
    c:\program files\yahoo!\assist~1\Assist\Images\musictop.bmp
    c:\program files\yahoo!\assist~1\Assist\Images\picture.bmp
    c:\program files\yahoo!\assist~1\Assist\Images\search.bmp
    c:\program files\yahoo!\assist~1\Assist\Images\searchtop.bmp
    c:\program files\yahoo!\assist~1\Assist\Images\settings.bmp
    c:\program files\yahoo!\assist~1\Assist\Images\yphtb.bmp
    c:\program files\yahoo!\assist~1\Assist\Images\yrss.bmp
    c:\program files\yahoo!\assist~1\Assist\myrss.xml
    c:\program files\yahoo!\assist~1\Assist\SearchBar\prodef.ini
    c:\program files\yahoo!\assist~1\Assist\SearchBar\profile.ini
    c:\program files\yahoo!\assist~1\Assist\SecurityBar\prodef.ini
    c:\program files\yahoo!\assist~1\Assist\SecurityBar\profile.ini
    c:\program files\yahoo!\assist~1\Assist\sound.wav
    c:\program files\yahoo!\assist~1\Assist\Update\yadfilter.dll
    c:\program files\yahoo!\assist~1\Assist\yadfilter.dll
    c:\program files\yahoo!\assist~1\Assist\yadwreg.dll
    c:\program files\yahoo!\assist~1\Assist\yangling.dll
    c:\program files\yahoo!\assist~1\Assist\yasbar.dll
    c:\program files\yahoo!\assist~1\Assist\yascenter.exe
    c:\program files\yahoo!\assist~1\Assist\yasierres.dll
    c:\program files\yahoo!\assist~1\Assist\yasiesec.dll
    c:\program files\yahoo!\assist~1\Assist\yaskpsec.dat
    c:\program files\yahoo!\assist~1\Assist\yasnoad.dll
    c:\program files\yahoo!\assist~1\Assist\yassecblk.dll
    c:\program files\yahoo!\assist~1\Assist\yassisres.dll
    c:\program files\yahoo!\assist~1\Assist\yassist.dll
    c:\program files\yahoo!\assist~1\Assist\yassistex.dll
    c:\program files\yahoo!\assist~1\Assist\yassistn.ini
    c:\program files\yahoo!\assist~1\Assist\yassistnsw.ini
    c:\program files\yahoo!\assist~1\Assist\yaswiper.dll
    c:\program files\yahoo!\assist~1\Assist\ydragsearch.dll
    c:\program files\yahoo!\assist~1\Assist\yeheocx.dll
    c:\program files\yahoo!\assist~1\Assist\ykeepmain.dll
    c:\program files\yahoo!\assist~1\Assist\yoptimum.dll
    c:\program files\yahoo!\assist~1\Assist\yphishbrule.dat
    c:\program files\yahoo!\assist~1\Assist\yphishrule.dat
    c:\program files\yahoo!\assist~1\Assist\yphotoseasy.dll
    c:\program files\yahoo!\assist~1\Assist\yphtb.dll
    c:\program files\yahoo!\assist~1\Assist\yrss.dll
    c:\program files\yahoo!\assist~1\Assist\ysettings.dll
    c:\program files\yahoo!\assist~1\Assist\yuninst.dll
    c:\program files\yahoo!\assist~1\Assist\ywiper.dll
    c:\program files\yahoo!\assist~1\Assist\yxpstyle.dll
    c:\program files\yahoo!\assist~1\Assist\yzsnetproto.dll
    c:\program files\yahoo!\assist~1\Shell\yAsMenu.dll
    c:\program files\yahoo!\assist~1\Shell\yAssecblk.dll
    c:\program files\yahoo!\assist~1\Shell\yIEAngel.dll
    c:\program files\yahoo!\assist~1\Shell\yMenuInfo.dll
    c:\program files\yahoo!\assist~1\Update\yscrblock.dll
    c:\program files\yahoo!\assist~1\yal01.dat
    c:\program files\yahoo!\assist~1\yalive.dll
    c:\program files\yahoo!\assist~1\yalive.dll.1.log
    c:\program files\yahoo!\assist~1\yalive.dll.2.log
    c:\program files\yahoo!\assist~1\yalive.ini
    c:\program files\yahoo!\assist~1\yalliveex.dll
    c:\program files\yahoo!\assist~1\yalvsw.ini
    c:\program files\yahoo!\assist~1\yassistse.exe
    c:\program files\yahoo!\assist~1\yhelper.dll
    c:\program files\yahoo!\assist~1\ylive.exe
    c:\program files\yahoo!\assist~1\ynotifier.dll
    c:\program files\yahoo!\assist~1\yscrblock.dll
    c:\program files\yahoo!\assistant\assist\CoolBar\prodef.ini
    c:\program files\yahoo!\assistant\assist\CoolBar\profile.ini
    c:\program files\yahoo!\assistant\assist\float.gif
    c:\program files\yahoo!\assistant\assist\Images\adkiller.bmp
    c:\program files\yahoo!\assistant\assist\Images\alert.bmp
    c:\program files\yahoo!\assistant\assist\Images\alertnew.bmp
    c:\program files\yahoo!\assistant\assist\Images\anitvirus.bmp
    c:\program files\yahoo!\assistant\assist\Images\assist.bmp
    c:\program files\yahoo!\assistant\assist\Images\clear.bmp
    c:\program files\yahoo!\assistant\assist\Images\custheme.bmp
    c:\program files\yahoo!\assistant\assist\Images\gouwu.bmp
    c:\program files\yahoo!\assistant\assist\Images\hilight.bmp
    c:\program files\yahoo!\assistant\assist\Images\iefix.bmp
    c:\program files\yahoo!\assistant\assist\Images\logo.bmp
    c:\program files\yahoo!\assistant\assist\Images\music.bmp
    c:\program files\yahoo!\assistant\assist\Images\musiclink.bmp
    c:\program files\yahoo!\assistant\assist\Images\musictop.bmp
    c:\program files\yahoo!\assistant\assist\Images\picture.bmp
    c:\program files\yahoo!\assistant\assist\Images\search.bmp
    c:\program files\yahoo!\assistant\assist\Images\searchtop.bmp
    c:\program files\yahoo!\assistant\assist\Images\settings.bmp
    c:\program files\yahoo!\assistant\assist\Images\yphtb.bmp
    c:\program files\yahoo!\assistant\assist\Images\yrss.bmp
    c:\program files\yahoo!\assistant\assist\myrss.xml
    c:\program files\yahoo!\assistant\assist\SearchBar\prodef.ini
    c:\program files\yahoo!\assistant\assist\SearchBar\profile.ini
    c:\program files\yahoo!\assistant\assist\SecurityBar\prodef.ini
    c:\program files\yahoo!\assistant\assist\SecurityBar\profile.ini
    c:\program files\yahoo!\assistant\assist\sound.wav
    c:\program files\yahoo!\assistant\assist\Update\yadfilter.dll
    c:\program files\yahoo!\assistant\assist\yadfilter.dll
    c:\program files\yahoo!\assistant\assist\yadwreg.dll
    c:\program files\yahoo!\assistant\assist\yangling.dll
    c:\program files\yahoo!\assistant\assist\yasbar.dll
    c:\program files\yahoo!\assistant\assist\yascenter.exe
    c:\program files\yahoo!\assistant\assist\yasierres.dll
    c:\program files\yahoo!\assistant\assist\yasiesec.dll
    c:\program files\yahoo!\assistant\assist\yaskpsec.dat
    c:\program files\yahoo!\assistant\assist\yasnoad.dll
    c:\program files\yahoo!\assistant\assist\yassecblk.dll
    c:\program files\yahoo!\assistant\assist\yassisres.dll
    c:\program files\yahoo!\assistant\assist\yassist.dll
    c:\program files\yahoo!\assistant\assist\yassistex.dll
    c:\program files\yahoo!\assistant\assist\yassistn.ini
    c:\program files\yahoo!\assistant\assist\yassistnsw.ini
    c:\program files\yahoo!\assistant\assist\yaswiper.dll
    c:\program files\yahoo!\assistant\assist\ydragsearch.dll
    c:\program files\yahoo!\assistant\assist\yeheocx.dll
    c:\program files\yahoo!\assistant\assist\ykeepmain.dll
    c:\program files\yahoo!\assistant\assist\yoptimum.dll
    c:\program files\yahoo!\assistant\assist\yphishbrule.dat
    c:\program files\yahoo!\assistant\assist\yphishrule.dat
    c:\program files\yahoo!\assistant\assist\yphotoseasy.dll
    c:\program files\yahoo!\assistant\assist\yphtb.dll
    c:\program files\yahoo!\assistant\assist\yrss.dll
    c:\program files\yahoo!\assistant\assist\ysettings.dll
    c:\program files\yahoo!\assistant\assist\yuninst.dll
    c:\program files\yahoo!\assistant\assist\ywiper.dll
    c:\program files\yahoo!\assistant\assist\yxpstyle.dll
    c:\program files\yahoo!\assistant\assist\yzsnetproto.dll
    c:\windows\CoopenOldWallPaper.bmp
    c:\windows\DOWNLO~1\cnSHook.dll
    c:\windows\Downloaded Program Files\3721
    c:\windows\Downloaded Program Files\3721\cnsmin2.dat
    c:\windows\Downloaded Program Files\3721\ListInfo.dat
    c:\windows\Downloaded Program Files\keepmainm.cab
    c:\windows\Downloaded Program Files\sms.ico
    c:\windows\Downloaded Program Files\taobao.ico
    c:\windows\Downloaded Program Files\yahoomsg.ico
    c:\windows\Downloaded Program Files\ymail.ico
    c:\windows\ocinfo.dat
    c:\windows\system32\Coopen.inf
    c:\windows\system32\Coopen.scr
    c:\windows\system32\drivers\npf.sys
    c:\windows\system32\Packet.dll
    c:\windows\system32\pthreadVC.dll
    c:\windows\system32\Sys
    c:\windows\system32\Sys\norton.001
    c:\windows\system32\Sys\norton.002
    c:\windows\system32\win32.dll
    c:\windows\system32\wpcap.dll
    D:\Autorun.inf

    .
    ((((((((((((((((((((((((((((((((((((((( 驱动/服务 )))))))))))))))))))))))))))))))))))))))))))))))))
    .

    -------\Legacy_CNSMINKP
    -------\Legacy_NPF
    -------\Legacy_P4P_SERVICE
    -------\Service_CnsMinKP
    -------\Service_NPF


    ((((((((((((((((((((((((( 2010-10-25 至 2010-11-25 的新的档案 )))))))))))))))))))))))))))))))
    .

    2010-11-24 09:30 . 2010-11-24 09:30 -------- d-----w- c:\program files\Baidu
    2010-11-24 09:30 . 2010-11-25 09:27 -------- d-----w- c:\program files\ppsaddr
    2010-11-24 09:29 . 2010-11-24 09:29 -------- d-----w- C:\My Music
    2010-11-24 09:29 . 2010-11-24 09:29 -------- d-----w- c:\documents and settings\All Users\Real
    2010-11-24 09:29 . 2010-11-24 09:29 -------- d-----w- c:\documents and settings\All Users\Application Data\Xunlei
    2010-11-24 09:29 . 2010-11-24 09:29 -------- d-----w- c:\documents and settings\Administrator\Local Settings\Application Data\Thunder Network
    2010-11-24 09:01 . 2010-11-24 09:01 -------- d-----w- c:\windows\system32\wbem\Repository
    2010-11-23 12:28 . 2010-11-24 09:30 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
    2010-11-19 08:45 . 2010-11-24 09:19 -------- d-----w- c:\documents and settings\Administrator\Local Settings\Application Data\ConduitEngine
    2010-11-19 08:45 . 2010-11-24 09:19 -------- d-----w- c:\program files\ConduitEngine
    2010-11-19 08:42 . 2010-11-22 09:48 -------- d-----w- c:\documents and settings\Administrator\Application Data\D07D217C-5CDB-5EA8-8201-78F7E447A939
    2010-11-17 14:19 . 2010-11-23 13:50 -------- d-----w- c:\documents and settings\Administrator\Application Data\ppsAddr
    2010-11-17 14:15 . 2010-11-24 09:20 -------- d-----w- c:\program files\PPSGame
    2010-11-14 14:34 . 2010-11-24 09:21 -------- d-----w- c:\program files\WinDirStat
    2010-11-09 13:04 . 2010-11-09 13:04 -------- d-----w- c:\documents and settings\All Users\Application Data\TSLOG
    2010-11-07 09:15 . 2010-11-07 09:15 -------- d-----w- c:\windows\system32\NtmsData
    2010-11-06 16:14 . 2010-11-24 09:25 -------- d-----w- c:\program files\VirtualDJ
    2010-10-30 11:43 . 2010-11-24 09:27 -------- d-----w- c:\program files\DebugMode

    .
    (((((((((((((((((((((((((((((((((((((((( 在三个月内被修改的档案 ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2010-10-23 16:55 . 2010-10-23 16:54 519168 ----a-w- C:\OTM.exe
    2010-10-22 13:43 . 2010-10-22 13:43 31728 ----a-w- c:\windows\dbrmdwb.exe
    2010-10-22 13:43 . 2010-10-22 13:43 26 ----a-w- c:\windows\dbrmdwb.bat
    2010-10-22 13:43 . 2010-10-22 13:43 245840 ----a-w- c:\windows\system32\DNLEng.dll
    2010-10-22 13:43 . 2010-10-22 13:43 894616 ----a-w- c:\windows\dbplugin.exe
    2010-10-22 13:43 . 2010-10-22 13:43 2327704 ----a-w- c:\windows\dbplugin.ocx
    2010-10-22 13:43 . 2010-10-22 13:43 2179072 ----a-w- c:\windows\npdbplug.dll
    2010-09-07 15:12 . 2010-10-24 09:09 38848 ----a-w- c:\windows\avastSS.scr
    2010-09-07 15:11 . 2010-10-24 09:09 167592 ----a-w- c:\windows\system32\aswBoot.exe
    2010-09-07 14:52 . 2010-10-24 09:09 46672 ----a-w- c:\windows\system32\drivers\aswTdi.sys
    2010-09-07 14:52 . 2010-10-24 09:09 165584 ----a-w- c:\windows\system32\drivers\aswSP.sys
    2010-09-07 14:47 . 2010-10-24 09:09 23376 ----a-w- c:\windows\system32\drivers\aswRdr.sys
    2010-09-07 14:47 . 2010-10-24 09:09 100176 ----a-w- c:\windows\system32\drivers\aswmon2.sys
    2010-09-07 14:47 . 2010-10-24 09:09 94544 ----a-w- c:\windows\system32\drivers\aswmon.sys
    2010-09-07 14:47 . 2010-10-24 09:09 17744 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
    2010-09-07 14:46 . 2010-10-24 09:09 28880 ----a-w- c:\windows\system32\drivers\aavmker4.sys
    2004-10-01 07:00 . 2007-08-02 13:37 40960 ----a-w- c:\program files\Uninstall_CDS.exe
    2009-10-27 01:21 . 2010-10-06 08:47 253952 ----a-w- c:\program files\mozilla firefox\components\CheckTudouVa.dll
    .

    ------- Sigcheck -------

    [7] 2008-06-20 . AD978A1B783B5719720CFF204B666C8E . 361600 . . [5.1.2600.5625] . . c:\windows\$hf_mig$\KB951748\SP3QFE\tcpip.sys
    [7] 2008-06-20 . 9AEFA14BD6B182D61E3119FA5F436D3D . 361600 . . [5.1.2600.5625] . . c:\windows\$hf_mig$\KB951748\SP3GDR\tcpip.sys
    [7] 2008-06-20 . 2A5554FC5B1E04E131230E3CE035C3F9 . 360320 . . [5.1.2600.3394] . . c:\windows\SoftwareDistribution\Download\663e7188bbb3d768555f5280d384ddab\sp2gdr\tcpip.sys
    [7] 2008-06-20 . 2A5554FC5B1E04E131230E3CE035C3F9 . 360320 . . [5.1.2600.3394] . . c:\windows\system32\dllcache\tcpip.sys
    [-] 2008-06-20 . 01D5EAAFF224415A7FF513E4C882BE30 . 360320 . . [5.1.2600.3394] . . c:\windows\system32\drivers\tcpip.sys
    [7] 2008-06-20 . 744E57C99232201AE98C49168B918F48 . 360960 . . [5.1.2600.3394] . . c:\windows\$hf_mig$\KB951748\SP2QFE\tcpip.sys
    [-] 2008-04-13 . 93EA8D04EC73A85DB02EB8805988F733 . 361344 . . [5.1.2600.5512] . . c:\windows\SoftwareDistribution\Download\cf8ec753e88561d2ddb53e183dc05c3e\tcpip.sys
    [-] 2007-10-30 . EF7834C1D9DDF4C7DA697D8C24A03791 . 360064 . . [5.1.2600.3244] . . c:\windows\$NtUninstallKB951748$\tcpip.sys
    [7] 2007-10-30 . 64798ECFA43D78C7178375FCDD16D8C8 . 360832 . . [5.1.2600.3244] . . c:\windows\$hf_mig$\KB941644\SP2QFE\tcpip.sys
    [7] 2006-04-20 . B2220C618B42A2212A59D91EBD6FC4B4 . 360576 . . [5.1.2600.2892] . . c:\windows\$hf_mig$\KB917953\SP2QFE\tcpip.sys
    [-] 2006-04-20 . 45265CBAD25C6254AFAFC7BDD88BDB4B . 359808 . . [5.1.2600.2892] . . c:\windows\$NtUninstallKB941644$\tcpip.sys
    [7] 2005-05-25 . 63FDFEA54EB53DE2D863EE454937CE1E . 359936 . . [5.1.2600.2685] . . c:\windows\$hf_mig$\KB893066\SP2QFE\tcpip.sys
    [7] 2005-05-25 . 88763A98A4C26C409741B4AA162720C9 . 359808 . . [5.1.2600.2685] . . c:\windows\$NtUninstallKB917953$\tcpip.sys
    [7] 2004-08-04 . 9F4B36614A0FC234525BA224957DE55C . 359040 . . [5.1.2600.2180] . . c:\windows\$NtUninstallKB893066$\tcpip.sys
    .
    ((((((((((((((((((((((((((((((((((((( 重要登入点 ))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *注意* 空白与合法缺省登录将不会被显示
    REGEDIT4

    [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
    "{346de098-61f9-4b42-89da-6dfba7091bb6}"= "c:\program files\IMBooster4web-en\tbIMB2.dll" [2010-10-18 3908192]
    "{84FF7BD6-B47F-46F8-9130-01B2696B36CB}"= "c:\program files\Iminent\SearchTheWeb\Iminent.BHO.NavigationError.dll" [2010-08-17 111608]

    [HKEY_CLASSES_ROOT\clsid\{346de098-61f9-4b42-89da-6dfba7091bb6}]

    [HKEY_CLASSES_ROOT\clsid\{84ff7bd6-b47f-46f8-9130-01b2696b36cb}]
    [HKEY_CLASSES_ROOT\IminentBHONavigationError.CHelperBHO.1]
    [HKEY_CLASSES_ROOT\TypeLib\{59E6E159-57CC-4DA5-8700-2AD17DC31DD1}]
    [HKEY_CLASSES_ROOT\IminentBHONavigationError.CHelperBHO]

    [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{30F9B915-B755-4826-820B-08FBA6BD249D}]
    2010-10-18 10:26 3908192 ----a-w- c:\program files\ConduitEngine\ConduitEngine.dll

    [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{346de098-61f9-4b42-89da-6dfba7091bb6}]
    2010-10-18 10:26 3908192 ----a-w- c:\program files\IMBooster4web-en\tbIMB2.dll

    [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{474597C5-AB09-49d6-A4D5-2E8D7341384E}]
    2008-09-02 14:04 398768 ----a-w- c:\program files\iMesh Applications\iMesh MediaBar\iMeshIEHelper.dll

    [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{58124A0B-DC32-4180-9BFF-E0E21AE34026}]
    2010-07-02 01:54 2607872 ----a-w- c:\program files\IMinent Toolbar\tbcore3.dll

    [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{84FF7BD6-B47F-46F8-9130-01B2696B36CB}]
    2010-08-17 08:18 111608 ----a-w- c:\program files\Iminent\SearchTheWeb\Iminent.BHO.NavigationError.dll

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
    "{346de098-61f9-4b42-89da-6dfba7091bb6}"= "c:\program files\IMBooster4web-en\tbIMB2.dll" [2010-10-18 3908192]
    "{977AE9CC-AF83-45E8-9E03-E2798216E2D5}"= "c:\program files\IMinent Toolbar\tbcore3.dll" [2010-07-02 2607872]
    "{63DF766D-C050-44b1-BB8A-C3ABB44C0E96}"= "c:\program files\unikeyword\uktb.dll" [2010-10-18 465152]

    [HKEY_CLASSES_ROOT\clsid\{346de098-61f9-4b42-89da-6dfba7091bb6}]

    [HKEY_CLASSES_ROOT\clsid\{977ae9cc-af83-45e8-9e03-e2798216e2d5}]
    [HKEY_CLASSES_ROOT\TBSB01620.TBSB01620.3]
    [HKEY_CLASSES_ROOT\TypeLib\{EC4085F2-8DB3-45a6-AD0B-CA289F3C5D7E}]
    [HKEY_CLASSES_ROOT\TBSB01620.TBSB01620]

    [HKEY_CLASSES_ROOT\clsid\{63df766d-c050-44b1-bb8a-c3abb44c0e96}]
    [HKEY_CLASSES_ROOT\Knet.PugiObj.1]
    [HKEY_CLASSES_ROOT\TypeLib\{A521756C-4EE1-44c5-852E-6D679588966F}]
    [HKEY_CLASSES_ROOT\Knet.PugiObj]

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "swg"="c:\program files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe" [2007-06-28 171448]
    "MsnMsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2009-07-26 3883856]
    "NBJ"="c:\program files\Ahead\Nero BackItUp\NBJ.exe" [2005-10-11 1961984]
    "CTSyncU.exe"="c:\program files\Creative\Sync Manager Unicode\CTSyncU.exe" [2007-07-17 868352]
    "PPS Accelerator"="c:\program files\PPStream\ppsap.exe" [2010-02-24 214408]
    "WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2006-10-18 204288]
    "Thunder"="c:\program files\Thunder Network\Thunder\Program\Thunder.exe" [2010-11-02 835888]
    "ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2004-08-04 15360]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "MsmqIntCert"="mqrt.dll" [2009-06-25 177152]
    "AGRSMMSG"="AGRSMMSG.exe" [2006-01-30 88203]
    "SoundMAXPnP"="c:\program files\Analog Devices\Core\smax4pnp.exe" [2005-05-20 925696]
    "SunJavaUpdateSched"="c:\program files\Java\jre1.6.0_05\bin\jusched.exe" [2008-02-21 144784]
    "PTHOSTTR"="c:\program files\HPQ\HP ProtectTools Security Manager\PTHOSTTR.EXE" [2005-10-04 86016]
    "HP Software Update"="c:\program files\Hp\HP Software Update\HPWuSchd2.exe" [2005-02-17 49152]
    "SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2005-11-10 761945]
    "igfxtray"="c:\windows\system32\igfxtray.exe" [2006-02-15 94208]
    "igfxhkcmd"="c:\windows\system32\hkcmd.exe" [2006-02-15 77824]
    "igfxpers"="c:\windows\system32\igfxpers.exe" [2006-02-15 118784]
    "hpWirelessAssistant"="c:\program files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe" [2006-02-14 454656]
    "CognizanceTS"="c:\progra~1\HPQ\IAM\Bin\AsTsVcc.dll" [2003-12-22 17920]
    "Cpqset"="c:\program files\HPQ\Default Settings\cpqset.exe" [2006-01-26 172094]
    "Recguard"="c:\windows\Sminst\Recguard.exe" [2005-12-20 1187840]
    "Reminder"="c:\windows\Creator\Remind_XP.exe" [2006-01-24 802816]
    "Scheduler"="c:\windows\SMINST\Scheduler.exe" [2006-01-20 905216]
    "WatchDog"="c:\program files\InterVideo\DVD Check\DVDCheck.exe" [2005-11-08 184320]
    "Symantec PIF AlertEng"="c:\program files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" [2007-03-12 517768]
    "Easy-PrintToolBox"="c:\program files\Canon\Easy-PrintToolBox\BJPSMAIN.EXE" [2004-01-14 409600]
    "RemoteControl"="c:\program files\CyberLink DVD Solution\PowerDVD\PDVDServ.exe" [2004-11-02 32768]
    "InCD"="c:\program files\Ahead\InCD\InCD.exe" [2006-03-14 1397760]
    "NeroFilterCheck"="c:\windows\system32\NeroCheck.exe" [2001-07-09 155648]
    "LGODDFU"="c:\program files\lg_fwupdate\fwupdate.exe" [2009-01-17 548864]
    "GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2008-10-25 31072]
    "Ulead AutoDetector v2"="c:\program files\Common Files\Ulead Systems\AutoDetector\monitor.exe" [2004-08-27 90112]
    "IMJPMIG8.1"="c:\windows\IME\imjp8_1\IMJPMIG.EXE" [2004-08-04 208952]
    "MSPY2002"="c:\windows\system32\IME\PINTLGNT\ImScInst.exe" [2004-08-04 59392]
    "PHIME2002ASync"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-08-04 455168]
    "PHIME2002A"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-08-04 455168]
    "QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2009-05-26 413696]
    "CarboniteSetupLite"="c:\program files\Carbonite\CarbonitePreinstaller.exe" [2009-08-04 318096]
    "MaxMenuMgr"="c:\program files\Seagate\SeagateManager\FreeAgent Status\StxMenuMgr.exe" [2009-12-18 197928]
    "avast5"="c:\program files\Alwil Software\Avast5\avastUI.exe" [2010-09-07 2838912]

    c:\documents and settings\Administrator\Start Menu\Programs\Startup\
    OneNote 2007 Screen Clipper and Launcher.lnk - c:\program files\Microsoft Office\Office12\ONENOTEM.EXE [2009-2-26 97680]
    PPS.lnk - c:\program files\PPStream\PPStream.exe [2010-11-16 5255048]

    c:\documents and settings\All Users\Start Menu\Programs\Startup\
    Adobe Reader Speed Launch.lnk - c:\program files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2005-9-23 29696]
    Bluetooth.lnk - c:\program files\WIDCOMM\Bluetooth Software\BTTray.exe [2006-1-18 581693]
    DVD Check.lnk - c:\program files\InterVideo\DVD Check\DVDCheck.exe [2007-6-28 184320]
    InterVideo WinCinema Manager.lnk - c:\program files\InterVideo\Common\Bin\WinCinemaMgr.exe [2007-11-15 278528]
    Microsoft Office.lnk - c:\program files\Microsoft Office\Office10\OSA.EXE [2001-2-13 83360]

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\OneCard]
    2005-07-25 18:41 40960 ----a-w- c:\program files\HPQ\IAM\Bin\AsWlnPkg.dll

    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
    BootExecute REG_MULTI_SZ autocheck autochk *\0c:\progra~1\AVG\AVG10\avgchsvx.exe /sync\0c:\progra~1\AVG\AVG10\avgrsx.exe /sync /restart

    [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
    "DisableMonitoring"=dword:00000001

    [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
    "DisableMonitoring"=dword:00000001

    [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
    "DisableMonitoring"=dword:00000001

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
    "EnableFirewall"= 0 (0x0)

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
    "%windir%\\system32\\sessmgr.exe"=
    "c:\\WINDOWS\\system32\\mqsvc.exe"=
    "c:\\WINDOWS\\SMINST\\Scheduler.exe"=
    "%windir%\\Network Diagnostic\\xpnetdiag.exe"=
    "c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
    "c:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=
    "c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
    "c:\\Program Files\\InterVideo\\DVD7\\WinDVD.exe"=
    "c:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=
    "c:\\Program Files\\Yahoo!\\Messenger\\YServer.exe"=
    "c:\\Program Files\\Tudou\\飞速Tudou\\TudouVa.exe"=
    "c:\\Program Files\\速播网络影视\\hrstv.exe"=
    "c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=
    "c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
    "c:\\Program Files\\Windows Live\\Sync\\WindowsLiveSync.exe"=
    "c:\\Program Files\\Pando Networks\\Media Booster\\PMB.exe"=
    "c:\\Program Files\\Thunder Network\\Thunder\\Program\\Thunder.exe"=
    "c:\\Program Files\\Thunder Network\\Thunder\\Program\\ThunderLiveUD.exe"=
    "c:\\Program Files\\Thunder Network\\Thunder\\XLDoctor\\7.1.2.2014_1\\Program\\XLDoctorUI.exe"=
    "c:\\Program Files\\PPStream\\PPStream.exe"=
    "c:\\Program Files\\PPStream\\PPSAP.exe"=
    "c:\\Program Files\\PPSGame\\PPSGame.exe"=
    "c:\\Program Files\\Common Files\\Thunder Network\\TP\\Ver1\\1.1.2.36_1110\\ThunderPlatform.exe"=
    "c:\\Program Files\\Common Files\\Thunder Network\\TP\\Ver1\\1.1.2.36_1110\\ThunderLiveUD.exe"=
    "c:\\Program Files\\Common Files\\Thunder Network\\TP\\Ver1\\1.1.2.36_1110\\XLBugReport.exe"=

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
    "19682:TCP"= 19682:TCP:BitComet 19682 TCP
    "19682:UDP"= 19682:UDP:BitComet 19682 UDP
    "56280:TCP"= 56280:TCP:pando Media Booster
    "56280:UDP"= 56280:UDP:pando Media Booster

    R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [10/24/2010 5:09 PM 165584]
    R2 ASChannel;Local Communication Channel;c:\windows\System32\svchost.exe -k Cognizance [8/4/2004 4:00 PM 14336]
    R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [10/24/2010 5:09 PM 17744]
    R2 FreeAgentGoNext Service;Seagate Service;c:\program files\Seagate\SeagateManager\Sync\FreeAgentService.exe [12/18/2009 11:25 AM 189736]
    R2 Ukwsvr;Ukwsvr;c:\program files\unikeyword\ukwsvr.exe [10/18/2010 1:41 PM 157952]
    R3 Mkd2Nadr;Mkd2Nadr;c:\windows\system32\drivers\Mkd2Nadr.sys [6/10/2009 10:54 PM 79104]
    S0 kcqbljp;kcqbljp;\SystemRoot\\SystemRoot\System32\drivers\kcqbljp.sys --> \SystemRoot\\SystemRoot\System32\drivers\kcqbljp.sys [?]
    S2 AVGIDSAgent;AVGIDSAgent;"c:\program files\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe" --> c:\program files\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe [?]
    S2 CnsStd;CnsStd;c:\windows\system32\drivers\CnsStd.sys --> c:\windows\system32\drivers\CnsStd.sys [?]
    S2 fqtijpsyb;Security Driver;c:\windows\system32\svchost.exe -k netsvcs [8/4/2004 4:00 PM 14336]
    S2 mxkwtyjn;Image Installer;c:\windows\system32\svchost.exe -k netsvcs [8/4/2004 4:00 PM 14336]
    S2 nterp;Image Installer;c:\windows\system32\svchost.exe -k netsvcs [8/4/2004 4:00 PM 14336]
    S2 pwgyoati;Image Center;c:\windows\system32\svchost.exe -k netsvcs [8/4/2004 4:00 PM 14336]
    S2 tmsfoulra;Network Task;c:\windows\system32\svchost.exe -k netsvcs [8/4/2004 4:00 PM 14336]
    S3 Mkd2kfNt;Mkd2kfNt;c:\windows\system32\drivers\Mkd2kfNT.sys [6/10/2009 10:54 PM 131072]
    S3 npggsvc;nProtect GameGuard Service;c:\windows\system32\GameMon.des -service --> c:\windows\system32\GameMon.des -service [?]
    S3 R2A;R2A;\??\c:\windows\system32a2.sys --> c:\windows\system32a2.sys [?]
    S3 XDva193;XDva193;\??\c:\windows\system32\XDva193.sys --> c:\windows\system32\XDva193.sys [?]
    S3 XDva195;XDva195;\??\c:\windows\system32\XDva195.sys --> c:\windows\system32\XDva195.sys [?]

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
    Cognizance REG_MULTI_SZ ASChannel

    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
    tmsfoulra
    fqtijpsyb
    nterp
    pwgyoati
    mxkwtyjn
    .
    ‘计划任务’ 文件夹 里的内容

    2010-11-11 c:\windows\Tasks\AppleSoftwareUpdate.job
    - c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 04:34]
    .
    .
    ------- 而外的扫描 -------
    .
    uStart Page = hxxp://www.yahoo.com/
    uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
    mStart Page = hxxp://www.yahoo.com/
    uInternet Settings,ProxyOverride = local
    uSearchAssistant = hxxp://www.Google.com/
    uCustomizeSearch = hxxp://www.Google.com/
    uSearchURL,(Default) = hxxp://us.rd.yahoo.com/customize/ie/defaults/su/msgr8/*http://www.yahoo.com
    IE: &?????? - c:\program files\Thunder Network\Thunder\Program\geturl.htm
    IE: &?????????? - c:\program files\Thunder Network\Thunder\Program\getallurl.htm
    IE: &¨?¥?¨31p¤U?ü - c:\program files\Thunder Network\Thunder\Program\GetUrl.htm
    IE: &¨?¥?¨31p¤U?ü¥t3??ì±μ - c:\program files\Thunder Network\Thunder\Program\GetAllUrl.htm
    IE: &使用迅雷下载 - c:\program files\Thunder Network\Thunder\Program\geturl.htm
    IE: &使用迅雷下载全部链接 - c:\program files\Thunder Network\Thunder\Program\getallurl.htm
    IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
    IE: Easy-WebPrint Add To Print List - c:\program files\Canon\Easy-WebPrint\Resource.dll/RC_AddToList.html
    IE: Easy-WebPrint High Speed Print - c:\program files\Canon\Easy-WebPrint\Resource.dll/RC_HSPrint.html
    IE: Easy-WebPrint Preview - c:\program files\Canon\Easy-WebPrint\Resource.dll/RC_Preview.html
    IE: Easy-WebPrint Print - c:\program files\Canon\Easy-WebPrint\Resource.dll/RC_Print.html
    IE: Send To &Bluetooth - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
    IE: ·¢?íí???μ?ê??ú - c:\program files\P4P\cx.htm
    IE: ê1ó?iTudou?????ú?? - c:\program files\Tudou\iTudou\iTudou_Link.HTM
    IE: ê1ó???1·?±í¨3μ???? - c:\program files\P4P\dl.htm
    IE: ìí?óμ??°?òμ??????± - c:\program files\P4P\rss.htm
    IE: 使用搜狗直通车下载 - c:\program files\P4P\dl.htm
    IE: 使用迅雷下载 - c:\program files\Thunder Network\Thunder\BHO\geturl.htm
    IE: 使用迅雷下载全部链接 - c:\program files\Thunder Network\Thunder\BHO\GetAllUrl.htm
    IE: 发送图片到手机 - c:\program files\P4P\cx.htm
    IE: 妏蚚捃濘狟婥 - c:\program files\Thunder Network\Thunder\Program\geturl.htm
    IE: 妏蚚捃濘狟婥?窒蟈諉 - c:\program files\Thunder Network\Thunder\Program\getallurl.htm
    IE: 雅虎搜索 - c:\progra~1\Yahoo!\ASSIST~1\Assist\yasbar.dll/246
    IE: {{09BA8F6D-CB54-424B-839C-C2A6C8E6B436} - c:\program files\Thunder Network\Thunder\Thunder.exe
    IE: {{14CD42DD-ABCD-3586-DCAB-40E3693E3737} - c:\program files\Stylish Profile\ct.htm
    IE: {{507F9113-CD77-4866-BA92-0E86DA3D0B97} - http://cn.zs.yahoo.com/cnsbutton.htm?source=cns&btn=yahoomail
    IE: {{59BC54A2-56B3-44a0-93E5-432D58746E26} - http://adtaobao.allyes.com/main/adf...obao.com/vertical/mall/pro.php?allyesPara=816
    IE: {{5D73EE86-05F1-49ed-B850-E423120EC338} - http://cn.zs.yahoo.com/cnsbutton.htm?source=cns&btn=yassist
    IE: {{6354ABE6-05F1-49ed-B850-E423120EC338} - http://cn.widget.yahoo.com/index.htm?source=Cns
    IE: {{ECF2E268-F28C-48d2-9AB7-8F69C11CCB71} - http://cn.zs.yahoo.com/cnsbutton.htm?source=cns&btn=repair
    IE: {{FD00D911-7529-4084-9946-A29F1BDF4FE5} - http://cn.zs.yahoo.com/cnsbutton.htm?source=cns&btn=clean
    Trusted Zone: pps.tv
    Trusted Zone: ppstream.com
    Trusted Zone: webscache.com
    FF - ProfilePath - c:\documents and settings\Administrator\Application Data\Mozilla\Firefox\Profiles\fguosiui.default\
    FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2032792&SearchSource=3&q={searchTerms}
    FF - prefs.js: browser.startup.homepage - hxxp://search.iminent.com/?appId=23341367-3051-485d-a776-a4571934aa26
    FF - prefs.js: keyword.URL - hxxp://www.google.com/search?ie=UTF-8&oe=UTF-8&sourceid=navclient&gfns=1&q=
    FF - prefs.js: network.proxy.type - 2
    FF - component: c:\documents and settings\Administrator\Application Data\Mozilla\Firefox\Profiles\fguosiui.default\extensions\{1B33E42F-EF14-4cd3-B6DC-174571C4349C}\components\ThunderComponent.dll
    FF - component: c:\documents and settings\Administrator\Application Data\Mozilla\Firefox\Profiles\fguosiui.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\components\frozen.dll
    FF - component: c:\documents and settings\Administrator\Application Data\Mozilla\Firefox\Profiles\fguosiui.default\extensions\{C9B68337-E93A-44EA-94DC-CB300EC06444}\components\Engine.dll
    FF - component: c:\program files\Mozilla Firefox\components\CheckTudouVa.dll
    FF - component: c:\program files\Mozilla Firefox\extensions\webbooster@iminent.com\components\Iminent.XPCOM.dll
    FF - plugin: c:\program files\AhnLab\ASP\MyKeyDefense 2.5\npmkd25aos.dll
    FF - plugin: c:\program files\Microsoft\Office Live\npOLW.dll
    FF - plugin: c:\program files\Mozilla Firefox\plugins\np-mswmp.dll
    FF - plugin: c:\program files\Mozilla Firefox\plugins\npdbplug.dll
    FF - plugin: c:\program files\Pando Networks\Media Booster\npPandoWebPlugin.dll
    FF - plugin: c:\program files\Windows Live\Photo Gallery\NPWLPG.dll
    FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

    ---- 火狐配置文件 ----
    c:\program files\Mozilla Firefox\defaults\pref\all-iminent.js - pref("iminent.appInstanceUid", "23341367-3051-485d-a776-a4571934aa26");
    c:\program files\Mozilla Firefox\defaults\pref\all-iminent.js - pref("iminent.currentLcid", "1033");
    .
    - - - - ORPHANS REMOVED - - - -

    BHO-{A08E5DC3-E611-2529-D8F4-56D1508F8D7B} - c:\program files\ppsaddr\ppsAddr.dll
    BHO-{D07D217C-5CDB-5EA8-8201-78F7E447A939} - c:\program files\ppsaddr\ppsAddr.dll
    Toolbar-{CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file)
    HKCU-Run-BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA} - c:\program files\Common Files\Ahead\Lib\NMBgMonitor.exe
    HKLM-Run-QlbCtrl - %ProgramFiles%\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe
    AddRemove-AddressBarExpress - c:\windows\system32\unsocul.exe
    AddRemove-Coopen播放器 - c:\program files\Coopen\uninst.exe
    AddRemove-GOGOBOX - c:\program files\NextLink\GOGOBOX\GOGOBOXUninstall.exe
    AddRemove-WinPcapInst - c:\program files\WinPcap\Uninstall.exe



    **************************************************************************

    catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2010-11-25 17:32
    Windows 5.1.2600 Service Pack 2 NTFS

    扫描被隐藏的进程 。。。

    扫描被隐藏的启动组 。。。

    HKLM\Software\Microsoft\Windows\CurrentVersion\Run
    Cpqset = c:\program files\HPQ\Default Settings\cpqset.exe??????????n?|????? ??B??????????????B? ?????

    扫描被隐藏的文件 。。。

    扫描完成
    被隐藏的档案: 0

    **************************************************************************

    [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\npggsvc]
    "ImagePath"="c:\windows\system32\GameMon.des -service"

    [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\fqtijpsyb]
    "ServiceDll"="c:\windows\system32\hnzdvy.dll"
    --

    [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\mxkwtyjn]
    "ServiceDll"="c:\windows\system32\hnzdvy.dll"
    --

    [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\nterp]
    "ServiceDll"="c:\windows\system32\hnzdvy.dll"
    --

    [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\pwgyoati]
    "ServiceDll"="c:\windows\system32\hnzdvy.dll"
    --

    [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\tmsfoulra]
    "ServiceDll"="c:\windows\system32\hnzdvy.dll"
    .
    --------------------- 运行进程下的动态链接库 ---------------------

    - - - - - - - > 'winlogon.exe'(1012)
    c:\program files\HPQ\IAM\Bin\AsWlnPkg.dll
    c:\windows\system32\msi.dll
    c:\program files\HPQ\IAM\Bin\ASChnl.dll
    c:\windows\system32\WININET.dll
    c:\program files\HPQ\IAM\Bin\ItMsg.dll

    - - - - - - - > 'explorer.exe'(2316)
    c:\windows\system32\WININET.dll
    c:\program files\HPQ\IAM\Bin\SFSShell.dll
    c:\program files\HPQ\IAM\bin\ItMsg.dll
    c:\windows\system32\msi.dll
    c:\windows\system32\ieframe.dll
    c:\windows\system32\WPDShServiceObj.dll
    c:\windows\system32\btncopy.dll
    c:\windows\system32\PortableDeviceTypes.dll
    c:\windows\system32\PortableDeviceApi.dll
    .
    ------------------------ 其他运行进程 ------------------------
    .
    c:\program files\Ahead\InCD\InCDsrv.exe
    c:\program files\Alwil Software\Avast5\AvastSvc.exe
    c:\windows\system32\DllHost.exe
    c:\windows\system32\msdtc.exe
    c:\program files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
    c:\program files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
    c:\windows\system32\CTsvcCDA.exe
    c:\program files\Common Files\LightScribe\LSSrvc.exe
    c:\program files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
    c:\windows\system32\mqsvc.exe
    c:\program files\Hewlett-Packard\Shared\hpqwmiex.exe
    c:\program files\Windows Media Player\WMPNetwk.exe
    c:\windows\system32\mqtgsvc.exe
    c:\program files\HPQ\IAM\bin\asghost.exe
    c:\windows\system32\conime.exe
    c:\windows\AGRSMMSG.exe
    c:\program files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe
    c:\windows\system32\igfxsrvc.exe
    c:\progra~1\HPQ\Shared\HPQTOA~1.EXE
    .
    **************************************************************************
    .
    完成时间: 2010-11-25 17:40:00 - 电脑已重新启动
    ComboFix-quarantined-files.txt 2010-11-25 09:39

    Pre-Run: 6,854,918,144 bytes free
    Post-Run: 6,713,856,000 bytes free

    - - End Of File - - 87FC6974AAB839494DF20B4BF89C6DA5
  13. crunchie

    crunchie Malware Helper Posts: 761

    Sorry for the late reply.

    Please go to Jotti's or to virustotal and have this file scanned. Post the results back here.

    c:\windows\system32\hnzdvy.dll

    ============

    1. Please open Notepad
    • Click Start , then Run
    • Type notepad.exe in the Run Box.
    2. Now copy/paste the entire content of the codebox below into the Notepad window:
    Code:
    KillAll::
    
    FCopy::
    c:\windows\system32\dllcache\tcpip.sys | c:\windows\system32\drivers\tcpip.sys
    c:\windows\system32\dllcache\tcpip.sys | c:\windows\$NtUninstallKB951748$\tcpip.sys
    c:\windows\system32\dllcache\tcpip.sys | c:\windows\$NtUninstallKB941644$\tcpip.sys
    c:\windows\system32\dllcache\tcpip.sys | c:\windows\SoftwareDistribution\Download\cf8ec753e88561d2ddb53e183dc05c3e\tcpip.sys
    
    Note: the above code was created specifically for this user. If you are not this user, do NOT follow these directions as they could damage the workings of your system.

    3. Save the above as CFScript.txt

    4. Physically disconnect from the internet.

    5. Now STOP all your monitoring programs (Antivirus/Antispyware, Guards and Shields) as they could easily interfere with ComboFix.

    6. Then drag the CFScript.txt into ComboFix.exe as depicted in the animation below. This will start ComboFix again.

    [​IMG]


    7. After reboot, (in case it asks to reboot), please post the following reports/logs into your next replyafter you re-enable all the programs that were disabled during the running of ComboFix:
    • Combofix.txt
    Please take note:

    CF disconnects your machine from the internet. The connection is automatically restored before CF completes its run. If CF runs into difficulty and terminates prematurely, the connection can be manually restored by restarting your machine.

    ============

    Let me know how things are now.
  14. yongwei1992

    yongwei1992 Newcomer, in training Topic Starter

    ComboFix 10-11-24.03 - Administrator 8/2010 Sun 12:50:03.2.2 - x86
    Microsoft Windows XP Professional 5.1.2600.2.936.86.1033.18.2551.1944 [GMT 8:00]
    执行位置: c:\documents and settings\Administrator\Desktop\ComboFix.exe
    Command switches used :: c:\documents and settings\Administrator\Desktop\CFScript.txt
    AV: avast! Antivirus *On-access scanning disabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}
    * 成功创造新还原点

    注意 - 这台电脑没有安装恢复控制台 !!
    .

    ((((((((((((((((((((((((((((((((((((((( 被删除的档案 )))))))))))))))))))))))))))))))))))))))))))))))))
    .

    c:\program files\Coopen
    c:\program files\Coopen\conf\Debug
    c:\program files\Coopen\conf\Log.txt
    c:\program files\Coopen\conf\MainParams
    c:\program files\Coopen\conf\TodayInfo
    c:\program files\Coopen\Templete\Default.tpl
    c:\windows\CoopenOldWallPaper.bmp

    .
    --------------- FCopy ---------------

    c:\windows\system32\dllcache\tcpip.sys --> c:\windows\system32\drivers\tcpip.sys
    c:\windows\system32\dllcache\tcpip.sys --> c:\windows\$NtUninstallKB951748$\tcpip.sys
    c:\windows\system32\dllcache\tcpip.sys --> c:\windows\$NtUninstallKB941644$\tcpip.sys
    c:\windows\system32\dllcache\tcpip.sys --> c:\windows\SoftwareDistribution\Download\cf8ec753e88561d2ddb53e183dc05c3e\tcpip.sys
    .
    ((((((((((((((((((((((((( 2010-10-28 至 2010-11-28 的新的档案 )))))))))))))))))))))))))))))))
    .

    2010-11-28 03:29 . 2010-11-28 03:29 94208 ----a-w- c:\windows\system32\pwd.dll
    2010-11-25 11:55 . 2010-11-25 11:55 -------- d-----w- C:\《完美世界免费版》
    2010-11-25 11:39 . 2010-11-25 11:39 -------- d-----w- c:\windows\system32\wbem\Repository
    2010-11-25 11:21 . 2010-11-25 11:38 -------- d-----w- C:\RECYCLER(3)
    2010-11-24 09:30 . 2010-11-25 11:38 -------- d-----w- c:\program files\Baidu
    2010-11-24 09:30 . 2010-11-25 11:38 -------- d-----w- c:\program files\ppsaddr
    2010-11-24 09:29 . 2010-11-24 09:29 -------- d-----w- C:\My Music
    2010-11-24 09:29 . 2010-11-24 09:29 -------- d-----w- c:\documents and settings\All Users\Real
    2010-11-24 09:29 . 2010-11-24 09:29 -------- d-----w- c:\documents and settings\All Users\Application Data\Xunlei
    2010-11-24 09:29 . 2010-11-24 09:29 -------- d-----w- c:\documents and settings\Administrator\Local Settings\Application Data\Thunder Network
    2010-11-23 12:28 . 2010-11-25 11:22 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
    2010-11-19 08:45 . 2010-11-24 09:19 -------- d-----w- c:\documents and settings\Administrator\Local Settings\Application Data\ConduitEngine
    2010-11-19 08:45 . 2010-11-24 09:19 -------- d-----w- c:\program files\ConduitEngine
    2010-11-19 08:42 . 2010-11-22 09:48 -------- d-----w- c:\documents and settings\Administrator\Application Data\D07D217C-5CDB-5EA8-8201-78F7E447A939
    2010-11-17 14:19 . 2010-11-23 13:50 -------- d-----w- c:\documents and settings\Administrator\Application Data\ppsAddr
    2010-11-17 14:15 . 2010-11-24 09:20 -------- d-----w- c:\program files\PPSGame
    2010-11-14 14:34 . 2010-11-24 09:21 -------- d-----w- c:\program files\WinDirStat
    2010-11-09 13:04 . 2010-11-09 13:04 -------- d-----w- c:\documents and settings\All Users\Application Data\TSLOG
    2010-11-07 09:15 . 2010-11-07 09:15 -------- d-----w- c:\windows\system32\NtmsData
    2010-11-06 16:14 . 2010-11-24 09:25 -------- d-----w- c:\program files\VirtualDJ
    2010-10-30 11:43 . 2010-11-24 09:27 -------- d-----w- c:\program files\DebugMode

    .
    (((((((((((((((((((((((((((((((((((((((( 在三个月内被修改的档案 ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2010-10-23 16:55 . 2010-10-23 16:54 519168 ----a-w- C:\OTM.exe
    2010-10-22 13:43 . 2010-10-22 13:43 31728 ----a-w- c:\windows\dbrmdwb.exe
    2010-10-22 13:43 . 2010-10-22 13:43 26 ----a-w- c:\windows\dbrmdwb.bat
    2010-10-22 13:43 . 2010-10-22 13:43 245840 ----a-w- c:\windows\system32\DNLEng.dll
    2010-10-22 13:43 . 2010-10-22 13:43 894616 ----a-w- c:\windows\dbplugin.exe
    2010-10-22 13:43 . 2010-10-22 13:43 2327704 ----a-w- c:\windows\dbplugin.ocx
    2010-10-22 13:43 . 2010-10-22 13:43 2179072 ----a-w- c:\windows\npdbplug.dll
    2010-09-07 15:12 . 2010-10-24 09:09 38848 ----a-w- c:\windows\avastSS.scr
    2010-09-07 15:11 . 2010-10-24 09:09 167592 ----a-w- c:\windows\system32\aswBoot.exe
    2010-09-07 14:52 . 2010-10-24 09:09 46672 ----a-w- c:\windows\system32\drivers\aswTdi.sys
    2010-09-07 14:52 . 2010-10-24 09:09 165584 ----a-w- c:\windows\system32\drivers\aswSP.sys
    2010-09-07 14:47 . 2010-10-24 09:09 23376 ----a-w- c:\windows\system32\drivers\aswRdr.sys
    2010-09-07 14:47 . 2010-10-24 09:09 100176 ----a-w- c:\windows\system32\drivers\aswmon2.sys
    2010-09-07 14:47 . 2010-10-24 09:09 94544 ----a-w- c:\windows\system32\drivers\aswmon.sys
    2010-09-07 14:47 . 2010-10-24 09:09 17744 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
    2010-09-07 14:46 . 2010-10-24 09:09 28880 ----a-w- c:\windows\system32\drivers\aavmker4.sys
    2004-10-01 07:00 . 2007-08-02 13:37 40960 ----a-w- c:\program files\Uninstall_CDS.exe
    2009-10-27 01:21 . 2010-10-06 08:47 253952 ----a-w- c:\program files\mozilla firefox\components\CheckTudouVa.dll
    .

    ((((((((((((((((((((((((((((((((((((( 重要登入点 ))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *注意* 空白与合法缺省登录将不会被显示
    REGEDIT4

    [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
    "{346de098-61f9-4b42-89da-6dfba7091bb6}"= "c:\program files\IMBooster4web-en\tbIMB2.dll" [2010-10-18 3908192]
    "{84FF7BD6-B47F-46F8-9130-01B2696B36CB}"= "c:\program files\Iminent\SearchTheWeb\Iminent.BHO.NavigationError.dll" [2010-08-17 111608]

    [HKEY_CLASSES_ROOT\clsid\{346de098-61f9-4b42-89da-6dfba7091bb6}]

    [HKEY_CLASSES_ROOT\clsid\{84ff7bd6-b47f-46f8-9130-01b2696b36cb}]
    [HKEY_CLASSES_ROOT\IminentBHONavigationError.CHelperBHO.1]
    [HKEY_CLASSES_ROOT\TypeLib\{59E6E159-57CC-4DA5-8700-2AD17DC31DD1}]
    [HKEY_CLASSES_ROOT\IminentBHONavigationError.CHelperBHO]

    [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{30F9B915-B755-4826-820B-08FBA6BD249D}]
    2010-10-18 10:26 3908192 ----a-w- c:\program files\ConduitEngine\ConduitEngine.dll

    [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{346de098-61f9-4b42-89da-6dfba7091bb6}]
    2010-10-18 10:26 3908192 ----a-w- c:\program files\IMBooster4web-en\tbIMB2.dll

    [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{474597C5-AB09-49d6-A4D5-2E8D7341384E}]
    2008-09-02 14:04 398768 ----a-w- c:\program files\iMesh Applications\iMesh MediaBar\iMeshIEHelper.dll

    [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{58124A0B-DC32-4180-9BFF-E0E21AE34026}]
    2010-07-02 01:54 2607872 ----a-w- c:\program files\IMinent Toolbar\tbcore3.dll

    [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{84FF7BD6-B47F-46F8-9130-01B2696B36CB}]
    2010-08-17 08:18 111608 ----a-w- c:\program files\Iminent\SearchTheWeb\Iminent.BHO.NavigationError.dll

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
    "{346de098-61f9-4b42-89da-6dfba7091bb6}"= "c:\program files\IMBooster4web-en\tbIMB2.dll" [2010-10-18 3908192]
    "{977AE9CC-AF83-45E8-9E03-E2798216E2D5}"= "c:\program files\IMinent Toolbar\tbcore3.dll" [2010-07-02 2607872]
    "{63DF766D-C050-44b1-BB8A-C3ABB44C0E96}"= "c:\program files\unikeyword\uktb.dll" [2010-10-18 465152]

    [HKEY_CLASSES_ROOT\clsid\{346de098-61f9-4b42-89da-6dfba7091bb6}]

    [HKEY_CLASSES_ROOT\clsid\{977ae9cc-af83-45e8-9e03-e2798216e2d5}]
    [HKEY_CLASSES_ROOT\TBSB01620.TBSB01620.3]
    [HKEY_CLASSES_ROOT\TypeLib\{EC4085F2-8DB3-45a6-AD0B-CA289F3C5D7E}]
    [HKEY_CLASSES_ROOT\TBSB01620.TBSB01620]

    [HKEY_CLASSES_ROOT\clsid\{63df766d-c050-44b1-bb8a-c3abb44c0e96}]
    [HKEY_CLASSES_ROOT\Knet.PugiObj.1]
    [HKEY_CLASSES_ROOT\TypeLib\{A521756C-4EE1-44c5-852E-6D679588966F}]
    [HKEY_CLASSES_ROOT\Knet.PugiObj]

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "swg"="c:\program files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe" [2007-06-28 171448]
    "MsnMsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2009-07-26 3883856]
    "NBJ"="c:\program files\Ahead\Nero BackItUp\NBJ.exe" [2005-10-11 1961984]
    "CTSyncU.exe"="c:\program files\Creative\Sync Manager Unicode\CTSyncU.exe" [2007-07-17 868352]
    "PPS Accelerator"="c:\program files\PPStream\ppsap.exe" [2010-02-24 214408]
    "WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2006-10-18 204288]
    "Thunder"="c:\program files\Thunder Network\Thunder\Program\Thunder.exe" [2010-11-02 835888]
    "ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2004-08-04 15360]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "MsmqIntCert"="mqrt.dll" [2009-06-25 177152]
    "AGRSMMSG"="AGRSMMSG.exe" [2006-01-30 88203]
    "SoundMAXPnP"="c:\program files\Analog Devices\Core\smax4pnp.exe" [2005-05-20 925696]
    "SunJavaUpdateSched"="c:\program files\Java\jre1.6.0_05\bin\jusched.exe" [2008-02-21 144784]
    "PTHOSTTR"="c:\program files\HPQ\HP ProtectTools Security Manager\PTHOSTTR.EXE" [2005-10-04 86016]
    "HP Software Update"="c:\program files\Hp\HP Software Update\HPWuSchd2.exe" [2005-02-17 49152]
    "SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2005-11-10 761945]
    "igfxtray"="c:\windows\system32\igfxtray.exe" [2006-02-15 94208]
    "igfxhkcmd"="c:\windows\system32\hkcmd.exe" [2006-02-15 77824]
    "igfxpers"="c:\windows\system32\igfxpers.exe" [2006-02-15 118784]
    "hpWirelessAssistant"="c:\program files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe" [2006-02-14 454656]
    "CognizanceTS"="c:\progra~1\HPQ\IAM\Bin\AsTsVcc.dll" [2003-12-22 17920]
    "Cpqset"="c:\program files\HPQ\Default Settings\cpqset.exe" [2006-01-26 172094]
    "Recguard"="c:\windows\Sminst\Recguard.exe" [2005-12-20 1187840]
    "Reminder"="c:\windows\Creator\Remind_XP.exe" [2006-01-24 802816]
    "Scheduler"="c:\windows\SMINST\Scheduler.exe" [2006-01-20 905216]
    "WatchDog"="c:\program files\InterVideo\DVD Check\DVDCheck.exe" [2005-11-08 184320]
    "Symantec PIF AlertEng"="c:\program files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" [2007-03-12 517768]
    "Easy-PrintToolBox"="c:\program files\Canon\Easy-PrintToolBox\BJPSMAIN.EXE" [2004-01-14 409600]
    "RemoteControl"="c:\program files\CyberLink DVD Solution\PowerDVD\PDVDServ.exe" [2004-11-02 32768]
    "InCD"="c:\program files\Ahead\InCD\InCD.exe" [2006-03-14 1397760]
    "NeroFilterCheck"="c:\windows\system32\NeroCheck.exe" [2001-07-09 155648]
    "LGODDFU"="c:\program files\lg_fwupdate\fwupdate.exe" [2009-01-17 548864]
    "GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2008-10-25 31072]
    "Ulead AutoDetector v2"="c:\program files\Common Files\Ulead Systems\AutoDetector\monitor.exe" [2004-08-27 90112]
    "IMJPMIG8.1"="c:\windows\IME\imjp8_1\IMJPMIG.EXE" [2004-08-04 208952]
    "MSPY2002"="c:\windows\system32\IME\PINTLGNT\ImScInst.exe" [2004-08-04 59392]
    "PHIME2002ASync"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-08-04 455168]
    "PHIME2002A"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-08-04 455168]
    "QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2009-05-26 413696]
    "CarboniteSetupLite"="c:\program files\Carbonite\CarbonitePreinstaller.exe" [2009-08-04 318096]
    "MaxMenuMgr"="c:\program files\Seagate\SeagateManager\FreeAgent Status\StxMenuMgr.exe" [2009-12-18 197928]
    "avast5"="c:\program files\Alwil Software\Avast5\avastUI.exe" [2010-09-07 2838912]

    c:\documents and settings\Administrator\Start Menu\Programs\Startup\
    OneNote 2007 Screen Clipper and Launcher.lnk - c:\program files\Microsoft Office\Office12\ONENOTEM.EXE [2009-2-26 97680]
    PPS.lnk - c:\program files\PPStream\PPStream.exe [2010-11-16 5255048]

    c:\documents and settings\All Users\Start Menu\Programs\Startup\
    Adobe Reader Speed Launch.lnk - c:\program files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2005-9-23 29696]
    Bluetooth.lnk - c:\program files\WIDCOMM\Bluetooth Software\BTTray.exe [2006-1-18 581693]
    DVD Check.lnk - c:\program files\InterVideo\DVD Check\DVDCheck.exe [2007-6-28 184320]
    InterVideo WinCinema Manager.lnk - c:\program files\InterVideo\Common\Bin\WinCinemaMgr.exe [2007-11-15 278528]
    Microsoft Office.lnk - c:\program files\Microsoft Office\Office10\OSA.EXE [2001-2-13 83360]

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\OneCard]
    2005-07-25 18:41 40960 ----a-w- c:\program files\HPQ\IAM\Bin\AsWlnPkg.dll

    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
    BootExecute REG_MULTI_SZ autocheck autochk *\0c:\progra~1\AVG\AVG10\avgchsvx.exe /sync\0c:\progra~1\AVG\AVG10\avgrsx.exe /sync /restart

    [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
    "DisableMonitoring"=dword:00000001

    [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
    "DisableMonitoring"=dword:00000001

    [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
    "DisableMonitoring"=dword:00000001

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
    "EnableFirewall"= 0 (0x0)

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
    "%windir%\\system32\\sessmgr.exe"=
    "c:\\WINDOWS\\system32\\mqsvc.exe"=
    "c:\\WINDOWS\\SMINST\\Scheduler.exe"=
    "%windir%\\Network Diagnostic\\xpnetdiag.exe"=
    "c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
    "c:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=
    "c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
    "c:\\Program Files\\InterVideo\\DVD7\\WinDVD.exe"=
    "c:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=
    "c:\\Program Files\\Yahoo!\\Messenger\\YServer.exe"=
    "c:\\Program Files\\Tudou\\飞速Tudou\\TudouVa.exe"=
    "c:\\Program Files\\速播网络影视\\hrstv.exe"=
    "c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=
    "c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
    "c:\\Program Files\\Windows Live\\Sync\\WindowsLiveSync.exe"=
    "c:\\Program Files\\Pando Networks\\Media Booster\\PMB.exe"=
    "c:\\Program Files\\Thunder Network\\Thunder\\Program\\Thunder.exe"=
    "c:\\Program Files\\Thunder Network\\Thunder\\Program\\ThunderLiveUD.exe"=
    "c:\\Program Files\\Thunder Network\\Thunder\\XLDoctor\\7.1.2.2014_1\\Program\\XLDoctorUI.exe"=
    "c:\\Program Files\\PPStream\\PPStream.exe"=
    "c:\\Program Files\\PPStream\\PPSAP.exe"=
    "c:\\Program Files\\PPSGame\\PPSGame.exe"=
    "c:\\Program Files\\Common Files\\Thunder Network\\TP\\Ver1\\1.1.2.36_1110\\ThunderPlatform.exe"=
    "c:\\Program Files\\Common Files\\Thunder Network\\TP\\Ver1\\1.1.2.36_1110\\ThunderLiveUD.exe"=
    "c:\\Program Files\\Common Files\\Thunder Network\\TP\\Ver1\\1.1.2.36_1110\\XLBugReport.exe"=

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
    "19682:TCP"= 19682:TCP:BitComet 19682 TCP
    "19682:UDP"= 19682:UDP:BitComet 19682 UDP
    "56280:TCP"= 56280:TCP:pando Media Booster
    "56280:UDP"= 56280:UDP:pando Media Booster

    R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [10/24/2010 5:09 PM 165584]
    R2 ASChannel;Local Communication Channel;c:\windows\System32\svchost.exe -k Cognizance [8/4/2004 4:00 PM 14336]
    R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [10/24/2010 5:09 PM 17744]
    R2 FreeAgentGoNext Service;Seagate Service;c:\program files\Seagate\SeagateManager\Sync\FreeAgentService.exe [12/18/2009 11:25 AM 189736]
    R2 Ukwsvr;Ukwsvr;c:\program files\unikeyword\ukwsvr.exe [10/18/2010 1:41 PM 157952]
    R3 Mkd2Nadr;Mkd2Nadr;c:\windows\system32\drivers\Mkd2Nadr.sys [6/10/2009 10:54 PM 79104]
    S0 kcqbljp;kcqbljp;\SystemRoot\\SystemRoot\System32\drivers\kcqbljp.sys --> \SystemRoot\\SystemRoot\System32\drivers\kcqbljp.sys [?]
    S2 AVGIDSAgent;AVGIDSAgent;"c:\program files\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe" --> c:\program files\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe [?]
    S2 CnsStd;CnsStd;c:\windows\system32\drivers\CnsStd.sys --> c:\windows\system32\drivers\CnsStd.sys [?]
    S2 fqtijpsyb;Security Driver;c:\windows\system32\svchost.exe -k netsvcs [8/4/2004 4:00 PM 14336]
    S2 mxkwtyjn;Image Installer;c:\windows\system32\svchost.exe -k netsvcs [8/4/2004 4:00 PM 14336]
    S2 nterp;Image Installer;c:\windows\system32\svchost.exe -k netsvcs [8/4/2004 4:00 PM 14336]
    S2 pwgyoati;Image Center;c:\windows\system32\svchost.exe -k netsvcs [8/4/2004 4:00 PM 14336]
    S2 tmsfoulra;Network Task;c:\windows\system32\svchost.exe -k netsvcs [8/4/2004 4:00 PM 14336]
    S3 Mkd2kfNt;Mkd2kfNt;c:\windows\system32\drivers\Mkd2kfNT.sys [6/10/2009 10:54 PM 131072]
    S3 npggsvc;nProtect GameGuard Service;c:\windows\system32\GameMon.des -service --> c:\windows\system32\GameMon.des -service [?]
    S3 R2A;R2A;\??\c:\windows\system32a2.sys --> c:\windows\system32a2.sys [?]
    S3 XDva193;XDva193;\??\c:\windows\system32\XDva193.sys --> c:\windows\system32\XDva193.sys [?]
    S3 XDva195;XDva195;\??\c:\windows\system32\XDva195.sys --> c:\windows\system32\XDva195.sys [?]

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
    Cognizance REG_MULTI_SZ ASChannel

    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
    tmsfoulra
    fqtijpsyb
    nterp
    pwgyoati
    mxkwtyjn
    .
    ‘计划任务’ 文件夹 里的内容

    2010-11-25 c:\windows\Tasks\AppleSoftwareUpdate.job
    - c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 04:34]
    .
    .
    ------- 而外的扫描 -------
    .
    uStart Page = hxxp://www.yahoo.com/
    uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
    mStart Page = hxxp://www.yahoo.com/
    uInternet Settings,ProxyOverride = local
    uSearchAssistant = hxxp://www.Google.com/
    uCustomizeSearch = hxxp://www.Google.com/
    uSearchURL,(Default) = hxxp://us.rd.yahoo.com/customize/ie/defaults/su/msgr8/*http://www.yahoo.com
    IE: &?????? - c:\program files\Thunder Network\Thunder\Program\geturl.htm
    IE: &?????????? - c:\program files\Thunder Network\Thunder\Program\getallurl.htm
    IE: &¨?¥?¨31p¤U?ü - c:\program files\Thunder Network\Thunder\Program\GetUrl.htm
    IE: &¨?¥?¨31p¤U?ü¥t3??ì±μ - c:\program files\Thunder Network\Thunder\Program\GetAllUrl.htm
    IE: &使用迅雷下载 - c:\program files\Thunder Network\Thunder\Program\geturl.htm
    IE: &使用迅雷下载全部链接 - c:\program files\Thunder Network\Thunder\Program\getallurl.htm
    IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
    IE: Easy-WebPrint Add To Print List - c:\program files\Canon\Easy-WebPrint\Resource.dll/RC_AddToList.html
    IE: Easy-WebPrint High Speed Print - c:\program files\Canon\Easy-WebPrint\Resource.dll/RC_HSPrint.html
    IE: Easy-WebPrint Preview - c:\program files\Canon\Easy-WebPrint\Resource.dll/RC_Preview.html
    IE: Easy-WebPrint Print - c:\program files\Canon\Easy-WebPrint\Resource.dll/RC_Print.html
    IE: Send To &Bluetooth - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
    IE: ·¢?íí???μ?ê??ú - c:\program files\P4P\cx.htm
    IE: ê1ó?iTudou?????ú?? - c:\program files\Tudou\iTudou\iTudou_Link.HTM
    IE: ê1ó???1·?±í¨3μ???? - c:\program files\P4P\dl.htm
    IE: ìí?óμ??°?òμ??????± - c:\program files\P4P\rss.htm
    IE: 使用搜狗直通车下载 - c:\program files\P4P\dl.htm
    IE: 使用迅雷下载 - c:\program files\Thunder Network\Thunder\BHO\geturl.htm
    IE: 使用迅雷下载全部链接 - c:\program files\Thunder Network\Thunder\BHO\GetAllUrl.htm
    IE: 发送图片到手机 - c:\program files\P4P\cx.htm
    IE: 妏蚚捃濘狟婥 - c:\program files\Thunder Network\Thunder\Program\geturl.htm
    IE: 妏蚚捃濘狟婥?窒蟈諉 - c:\program files\Thunder Network\Thunder\Program\getallurl.htm
    IE: 雅虎搜索 - c:\progra~1\Yahoo!\ASSIST~1\Assist\yasbar.dll/246
    IE: {{09BA8F6D-CB54-424B-839C-C2A6C8E6B436} - c:\program files\Thunder Network\Thunder\Thunder.exe
    IE: {{14CD42DD-ABCD-3586-DCAB-40E3693E3737} - c:\program files\Stylish Profile\ct.htm
    IE: {{507F9113-CD77-4866-BA92-0E86DA3D0B97} - http://cn.zs.yahoo.com/cnsbutton.htm?source=cns&btn=yahoomail
    IE: {{59BC54A2-56B3-44a0-93E5-432D58746E26} - http://adtaobao.allyes.com/main/adf...obao.com/vertical/mall/pro.php?allyesPara=816
    IE: {{5D73EE86-05F1-49ed-B850-E423120EC338} - http://cn.zs.yahoo.com/cnsbutton.htm?source=cns&btn=yassist
    IE: {{6354ABE6-05F1-49ed-B850-E423120EC338} - http://cn.widget.yahoo.com/index.htm?source=Cns
    IE: {{ECF2E268-F28C-48d2-9AB7-8F69C11CCB71} - http://cn.zs.yahoo.com/cnsbutton.htm?source=cns&btn=repair
    IE: {{FD00D911-7529-4084-9946-A29F1BDF4FE5} - http://cn.zs.yahoo.com/cnsbutton.htm?source=cns&btn=clean
    Trusted Zone: pps.tv
    Trusted Zone: ppstream.com
    Trusted Zone: webscache.com
    FF - ProfilePath - c:\documents and settings\Administrator\Application Data\Mozilla\Firefox\Profiles\fguosiui.default\
    FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2032792&SearchSource=3&q={searchTerms}
    FF - prefs.js: browser.startup.homepage - hxxp://search.iminent.com/?appId=23341367-3051-485d-a776-a4571934aa26
    FF - prefs.js: keyword.URL - hxxp://www.google.com/search?ie=UTF-8&oe=UTF-8&sourceid=navclient&gfns=1&q=
    FF - prefs.js: network.proxy.type - 2
    FF - component: c:\documents and settings\Administrator\Application Data\Mozilla\Firefox\Profiles\fguosiui.default\extensions\{1B33E42F-EF14-4cd3-B6DC-174571C4349C}\components\ThunderComponent.dll
    FF - component: c:\documents and settings\Administrator\Application Data\Mozilla\Firefox\Profiles\fguosiui.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\components\frozen.dll
    FF - component: c:\documents and settings\Administrator\Application Data\Mozilla\Firefox\Profiles\fguosiui.default\extensions\{C9B68337-E93A-44EA-94DC-CB300EC06444}\components\Engine.dll
    FF - component: c:\program files\Mozilla Firefox\components\CheckTudouVa.dll
    FF - component: c:\program files\Mozilla Firefox\extensions\webbooster@iminent.com\components\Iminent.XPCOM.dll
    FF - plugin: c:\program files\AhnLab\ASP\MyKeyDefense 2.5\npmkd25aos.dll
    FF - plugin: c:\program files\Microsoft\Office Live\npOLW.dll
    FF - plugin: c:\program files\Mozilla Firefox\plugins\np-mswmp.dll
    FF - plugin: c:\program files\Mozilla Firefox\plugins\npdbplug.dll
    FF - plugin: c:\program files\Pando Networks\Media Booster\npPandoWebPlugin.dll
    FF - plugin: c:\program files\Windows Live\Photo Gallery\NPWLPG.dll
    FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

    ---- 火狐配置文件 ----
    c:\program files\Mozilla Firefox\defaults\pref\all-iminent.js - pref("iminent.appInstanceUid", "23341367-3051-485d-a776-a4571934aa26");
    c:\program files\Mozilla Firefox\defaults\pref\all-iminent.js - pref("iminent.currentLcid", "1033");
    .

    **************************************************************************

    catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2010-11-28 13:12
    Windows 5.1.2600 Service Pack 2 NTFS

    扫描被隐藏的进程 。。。

    扫描被隐藏的启动组 。。。

    HKLM\Software\Microsoft\Windows\CurrentVersion\Run
    Cpqset = c:\program files\HPQ\Default Settings\cpqset.exe??????????n?|?`??? ??B??????????????B? ?????

    扫描被隐藏的文件 。。。

    扫描完成
    被隐藏的档案: 0

    **************************************************************************

    [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\npggsvc]
    "ImagePath"="c:\windows\system32\GameMon.des -service"

    [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\fqtijpsyb]
    "ServiceDll"="c:\windows\system32\hnzdvy.dll"
    --

    [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\mxkwtyjn]
    "ServiceDll"="c:\windows\system32\hnzdvy.dll"
    --

    [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\nterp]
    "ServiceDll"="c:\windows\system32\hnzdvy.dll"
    --

    [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\pwgyoati]
    "ServiceDll"="c:\windows\system32\hnzdvy.dll"
    --

    [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\tmsfoulra]
    "ServiceDll"="c:\windows\system32\hnzdvy.dll"
    .
    --------------------- 运行进程下的动态链接库 ---------------------

    - - - - - - - > 'winlogon.exe'(1004)
    c:\program files\HPQ\IAM\Bin\AsWlnPkg.dll
    c:\windows\system32\msi.dll
    c:\program files\HPQ\IAM\Bin\ASChnl.dll
    c:\windows\system32\WININET.dll
    c:\program files\HPQ\IAM\Bin\ItMsg.dll

    - - - - - - - > 'explorer.exe'(4780)
    c:\windows\system32\WININET.dll
    c:\program files\HPQ\IAM\Bin\SFSShell.dll
    c:\program files\HPQ\IAM\bin\ItMsg.dll
    c:\windows\system32\ieframe.dll
    c:\windows\system32\msi.dll
    c:\windows\system32\WPDShServiceObj.dll
    c:\windows\system32\btncopy.dll
    c:\windows\system32\PortableDeviceTypes.dll
    c:\windows\system32\PortableDeviceApi.dll
    .
    ------------------------ 其他运行进程 ------------------------
    .
    c:\program files\Ahead\InCD\InCDsrv.exe
    c:\windows\system32\DllHost.exe
    c:\program files\Alwil Software\Avast5\AvastSvc.exe
    c:\program files\HPQ\IAM\bin\asghost.exe
    c:\windows\system32\conime.exe
    c:\windows\AGRSMMSG.exe
    c:\windows\system32\igfxsrvc.exe
    c:\windows\system32\msdtc.exe
    c:\program files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
    c:\program files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
    c:\windows\system32\CTsvcCDA.exe
    c:\program files\Common Files\LightScribe\LSSrvc.exe
    c:\program files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
    c:\windows\system32\mqsvc.exe
    c:\program files\Hewlett-Packard\Shared\hpqwmiex.exe
    c:\program files\Windows Media Player\WMPNetwk.exe
    c:\windows\system32\mqtgsvc.exe
    c:\windows\system32\wscntfy.exe
    c:\progra~1\HPQ\Shared\HPQTOA~1.EXE
    .
    **************************************************************************
    .
    完成时间: 2010-11-28 13:18:16 - 电脑已重新启动
    ComboFix-quarantined-files.txt 2010-11-28 05:18
    ComboFix2.txt 2010-11-25 09:40

    Pre-Run: 5,528,653,824 bytes free
    Post-Run: 5,583,888,384 bytes free

    - - End Of File - - 590483B3EFB4486707F8541526C04A72
  15. yongwei1992

    yongwei1992 Newcomer, in training Topic Starter

    Crunchie, i unable to make the scan using Jotti's or virustotal because
    c:\windows\system32\hnzdvy.dll
    is not situated in my computer
  16. crunchie

    crunchie Malware Helper Posts: 761

    Ok. How are things now with your PC?
  17. yongwei1992

    yongwei1992 Newcomer, in training Topic Starter

    Wow! now my computer's task manager can use already... And can i delete the combofix from my computer already?
    Thanks. Crunchie.
  18. crunchie

    crunchie Malware Helper Posts: 761

    Make sure that your computer functions normally for a day and then come back and let me know and we will remove the tools we have used.
     
  19. yongwei1992

    yongwei1992 Newcomer, in training Topic Starter

    One day already.. my computer function as normal and the task manager can be function already.
  20. crunchie

    crunchie Malware Helper Posts: 761

    That's great :).

    To remove all of the tools we used and the files and folders they created, please do the following:
    Please download OTC by OldTimer:
    Save it to your Desktop.
    Double click OTC.exe.
    Click the CleanUp! button.
    If you are prompted to Reboot during the cleanup, select Yes. The tool will delete itself once it finishes.

    ==

    Happy surfing.
Topic Status:
Not open for further replies.


Add New Comment

TechSpot Members
Login or sign up for free,
it takes about 30 seconds.
You may also...


Get complete access to the TechSpot community. Join thousands of technology enthusiasts that contribute and share knowledge in our forum. Get a private inbox, upload your own photo gallery and more.