Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

Likely got Adware.W32.ExpDwnldr or other malware! please help me

Started by Stanley K , Mar 02 2008 03:42 AM

  • Please log in to reply

#1
Stanley K
Posted 02 March 2008 - 03:42 AM

Stanley K

    New Member

  • Member
  • Pip
  • 3 posts
Hi there,

I got some symptoms.
1. My XP usually pop up a windows asking me to download anti-malware program. I google it which is possibly " Adware.W32.ExpDwnldr ".
2. A buble pop up from taskbar says
"Warning!
your computer might be at risk!
Warning!
security threat detected be sure to scan your computer for malware and viruses as soon as possible"
3.When I open folders in windows explore, some webapge sometimes automatically open in browser.
Those webpage told me download some antivirus program guarding my PC.

I didn't download anything or click "yes" on thos pop up windows.
Symptom3 kept bothering me for 2-3 weeks then disappeared. After that comes symptom 1,2.
But 2 days ago, those symptoms all disappeared. ( I installed some spyware malware program, but not sure if it's really found malwares. )

Below is my HijackThis log and Combo-Fix log.
Please help me!! Thanks a lot!!


================================================================================
====
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 上午 01:18:24, on 2008/3/2
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16574)
Boot mode: Normal

Running processes:
D:\WINDOWS\System32\smss.exe
D:\WINDOWS\system32\winlogon.exe
D:\WINDOWS\system32\services.exe
D:\WINDOWS\system32\lsass.exe
D:\WINDOWS\system32\Ati2evxx.exe
D:\WINDOWS\system32\svchost.exe
D:\WINDOWS\System32\svchost.exe
D:\WINDOWS\system32\svchost.exe
D:\WINDOWS\system32\Ati2evxx.exe
D:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
D:\WINDOWS\system32\spoolsv.exe
D:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
D:\WINDOWS\system32\conime.exe
D:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
D:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
D:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
D:\Program Files\Intel\Wireless\Bin\EvtEng.exe
D:\WINDOWS\system32\svchost.exe
D:\Program Files\Common Files\LightScribe\LSSrvc.exe
D:\WINDOWS\System32\svchost.exe
D:\Program Files\O2Micro Oz128 Driver\o2flash.exe
D:\WINDOWS\System32\svchost.exe
D:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
D:\WINDOWS\system32\svchost.exe
D:\WINDOWS\system32\wscntfy.exe
D:\Program Files\Synaptics\SynTP\SynTPEnh.exe
D:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe
D:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe
D:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
D:\WINDOWS\System32\spool\DRIVERS\W32X86\3\fpdisp5a.exe
D:\Program Files\HP\HP Software Update\HPWuSchd2.exe
D:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
D:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.EXE
D:\Program Files\NetLimiter\NetLimiter.exe
D:\WINDOWS\RTHDCPL.EXE
D:\WINDOWS\system32\ctfmon.exe
D:\Program Files\Intel\Wireless\Bin\Dot1XCfg.exe
D:\WINDOWS\explorer.exe
D:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\RtkBtMnt.exe
D:\WINDOWS\System32\svchost.exe
D:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe
D:\Program Files\IDM Computer Solutions\UltraEdit\Uedit32.exe
D:\tools\Maxthon\Maxthon.exe
D:\tools\HijackThis\HijackThis.exe

O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - D:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: UltraEdit Toolbar - {4E7BD74F-2B8D-469E-85AA-FD60BB9AAE22} - D:\PROGRA~1\UE_TOO~1\UE_TOO~1.DLL
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - D:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live 登入小幫手 - {9030D464-4C02-4ABF-8ECC-5164760863C6} - D:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: HP Smart Web Printing 1.0 - {AE84A6AA-A333-4B92-B276-C11E2212E4FE} - D:\Program Files\HP\Smart Web Printing\SmartWebPrinting.dll
O2 - BHO: NTIECatcher Class - {C56CB6B0-0D96-11D6-8C65-B2868B609932} - D:\Program Files\Xi\NetTransport 2\NTIEHelper.dll
O2 - BHO: (no name) - {D49933E1-37D6-4624-BC78-92F91A7DF3AD} - \
O3 - Toolbar: UltraEdit Toolbar - {4E7BD74F-2B8D-469E-85AA-FD60BB9AAE22} - D:\PROGRA~1\UE_TOO~1\UE_TOO~1.DLL
O4 - HKLM\..\Run: [IMJPMIG8.1] "D:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [MSPY2002] D:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC
O4 - HKLM\..\Run: [SynTPEnh] D:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [IntelZeroConfig] "D:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe"
O4 - HKLM\..\Run: [IntelWireless] "D:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe" /tf Intel PROSet/Wireless
O4 - HKLM\..\Run: [CJIMETIPSYNC] D:\Program Files\Common Files\Microsoft Shared\IME\IMTC65\CHANGJIE\CINTLCFG.EXE /CJIMETIPSync
O4 - HKLM\..\Run: [PHIMETIPSYNC] D:\Program Files\Common Files\Microsoft Shared\IME\IMTC65\PHONETIC\TINTLCFG.EXE /PHIMETIPSync
O4 - HKLM\..\Run: [NeroFilterCheck] D:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "D:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [Logitech Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [FinePrint Dispatcher v5] D:\WINDOWS\System32\spool\DRIVERS\W32X86\3\fpdisp5a.exe
O4 - HKLM\..\Run: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [HP Software Update] D:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [avgnt] "D:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKLM\..\Run: [StartCCC] "D:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe"
O4 - HKLM\..\Run: [NetLimiter] D:\Program Files\NetLimiter\NetLimiter.exe /s
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [AzMixerSel] D:\Program Files\Realtek\InstallShield\AzMixerSel.exe
O4 - HKCU\..\Run: [ctfmon.exe] D:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MSI Configuration] msiconf.exe
O4 - HKCU\..\Run: [SUPERAntiSpyware] D:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKUS\S-1-5-19\..\Run: [ctfmon.exe] D:\WINDOWS\System32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [ctfmon.exe] D:\WINDOWS\System32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [ctfmon.exe] D:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [ctfmon.exe] D:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O8 - Extra context menu item: 使用影音傳送帶下載 - D:\Program Files\Xi\NetTransport 2\NTAddLink.html
O8 - Extra context menu item: 使用影音傳送帶下載全部連結 - D:\Program Files\Xi\NetTransport 2\NTAddList.html
O8 - Extra context menu item: 匯出至 Microsoft Office Excel(&X) - res://D:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - D:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java 主控台 - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - D:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: 參考資料 - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - D:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - D:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - D:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - D:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - D:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - D:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - D:\Program Files\Messenger\msmsgs.exe
O15 - ESC Trusted Zone: http://*.update.microsoft.com
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://cdn2.zone.msn...ro.cab56649.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zon...nt.cab56907.cab
O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zon...er.cab56986.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - D:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - Winlogon Notify: !SASWinLogon - D:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: AntiVir PersonalEdition Classic Scheduler (AntiVirScheduler) - Avira GmbH - D:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - Avira GmbH - D:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - D:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - D:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
O23 - Service: Cisco Systems, Inc. VPN Service (CVPND) - Cisco Systems, Inc. - D:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
O23 - Service: Intel® PROSet/Wireless Event Log (EvtEng) - Intel Corporation - D:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - D:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: O&O Defrag - O&O Software GmbH - D:\WINDOWS\system32\oodag.exe
O23 - Service: O2Micro Flash Memory Card Service (o2flash) - O2Micro International - D:\Program Files\O2Micro Oz128 Driver\o2flash.exe
O23 - Service: Intel® PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - D:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Intel® PROSet/Wireless Service (S24EventMonitor) - Intel Corporation - D:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: Windows Live Setup Service (WLSetupSvc) - Unknown owner - D:\Program Files\Windows Live\installer\WLSetupSvc.exe

--
End of file - 9247 bytes








================================================================================
=============
ComboFix 08-03-01.3 - Administrator 2008-03-02 1:00:38.4 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.950.1.1028.18.516 [GMT -8:00]
執行位置?: D:\Documents and Settings\Administrator\桌面\Combo-Fix.exe
* 已建立新的還原點

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.

(((((((((((((((((((((((((((((((((((((( 其他遭刪除的檔案 ))))))))))))))))))))))))))))))))))))))))))))))))))
.

D:\WINDOWS\system32\daSgo02

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))

.
-------\LEGACY_NPF


(((((((((((((((((((((((((((( 2008-02-02 - 2008-03-02 之間建立的檔案 )))))))))))))))))))))))))))))))))
.

2008-03-01 20:55 . 2008-03-01 20:55 <DIR> d-------- D:\Documents and Settings\All Users\Application Data\Malwarebytes
2008-03-01 20:55 . 2008-03-01 20:55 <DIR> d-------- D:\Documents and Settings\Administrator\Application Data\Malwarebytes
2008-03-01 20:54 . 2008-03-01 20:54 1,366,048 --a------ D:\mbam-setup.exe
2008-03-01 16:11 . 2008-03-01 16:11 <DIR> d-------- D:\Documents and Settings\All Users\Application Data\Raxco
2008-02-26 18:17 . 2008-02-27 12:48 <DIR> d-------- D:\Program Files\Uniblue
2008-02-26 18:17 . 2008-02-26 18:17 <DIR> d-------- D:\Documents and Settings\All Users\Application Data\Uniblue
2008-02-26 17:45 . 2008-02-27 12:48 <DIR> d-------- D:\Documents and Settings\Administrator\Application Data\Uniblue
2008-02-26 17:45 . 2008-02-26 17:45 4,131,376 --a------ D:\registryboosteraff.exe
2008-02-26 13:22 . 2008-02-26 13:22 <DIR> d-------- D:\Program Files\ue_toolbar
2008-02-26 13:22 . 2008-02-26 13:24 <DIR> d-------- D:\Documents and Settings\Administrator\Application Data\ue_toolbar
2008-02-26 13:18 . 2008-02-26 13:20 <DIR> d-------- D:\Program Files\IDM Computer Solutions
2008-02-26 13:04 . 2008-02-26 13:04 <DIR> d-------- D:\Documents and Settings\All Users\Application Data\LogiShrd
2008-02-26 13:04 . 2008-02-26 13:04 <DIR> d-------- D:\Documents and Settings\Administrator\Application Data\Logitech
2008-02-26 13:02 . 2008-02-26 13:02 <DIR> d-------- D:\Program Files\Logitech
2008-02-26 13:02 . 2008-02-26 13:02 <DIR> d-------- D:\Program Files\Common Files\Logishrd
2008-02-26 13:02 . 2008-02-26 13:02 <DIR> d-------- D:\Documents and Settings\All Users\Application Data\Logitech
2008-02-26 13:02 . 2008-01-09 12:26 301,656 --a------ D:\WINDOWS\system32\BtCoreIf.dll
2008-02-26 13:02 . 2008-01-09 12:27 170,512 --a------ D:\WINDOWS\system32\kemutb.dll
2008-02-26 13:02 . 2008-01-09 12:28 141,840 --a------ D:\WINDOWS\system32\KemUtil.dll
2008-02-26 13:02 . 2008-01-09 12:28 117,264 --a------ D:\WINDOWS\system32\KemWnd.dll
2008-02-26 13:02 . 2008-01-09 12:28 76,304 --a------ D:\WINDOWS\system32\KemXML.dll
2008-02-25 18:59 . 2008-02-25 23:30 <DIR> d-------- D:\Program Files\SUPERAntiSpyware
2008-02-25 18:59 . 2008-02-25 18:59 <DIR> d-------- D:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
2008-02-25 18:59 . 2008-02-25 18:59 <DIR> d-------- D:\Documents and Settings\Administrator\Application Data\SUPERAntiSpyware.com
2008-02-25 18:37 . 2008-02-25 18:41 3,960 --a------ D:\WINDOWS\system32\tmp.reg
2008-02-25 15:11 . 2008-02-25 15:11 <DIR> d-------- D:\WINDOWS\ERUNT
2008-02-25 15:02 . 2008-02-25 15:32 1,311,062 --a------ D:\SDFix.exe
2008-02-23 23:36 . 2008-02-23 23:36 2,701,304 --a------ D:\vcsetup.exe
2008-02-23 22:59 . 2008-02-24 01:22 1,821,192 --a------ D:\vcredist_x86.exe
2008-02-23 22:22 . 2008-03-02 01:03 20,432 --a------ D:\WINDOWS\system32\oodbs.lor
2008-02-23 21:02 . 2008-02-29 18:58 <DIR> d-------- D:\Documents and Settings\Administrator\Application Data\codeblocks
2008-02-23 20:32 . 2008-02-23 22:22 <DIR> d-------- D:\Program Files\7-Zip
2008-02-23 19:19 . 2008-02-23 19:19 1,024 --a------ D:\WINDOWS\system32\pwdremover.dat
2008-02-23 19:19 . 2008-02-24 17:42 85 --a------ D:\WINDOWS\winDecrypt.INI
2008-02-23 19:19 . 2008-02-24 17:42 36 --a------ D:\WINDOWS\verypdf.ini
2008-02-23 19:10 . 2008-02-23 19:11 220 --a------ D:\WINDOWS\apdfpr.ini
2008-02-23 18:59 . 2008-02-23 22:33 <DIR> d-------- D:\WINDOWS\system32\oodag
2008-02-23 18:50 . 2008-02-23 18:50 0 --a------ D:\WINDOWS\OODCNT.INI
2008-02-23 18:45 . 2008-02-23 18:45 <DIR> d-------- D:\Program Files\OO Software
2008-02-23 18:41 . 2008-02-23 18:41 0 --a------ D:\WINDOWS\system32\FOXIT_PDF
2008-02-23 18:25 . 2008-02-23 18:26 <DIR> d-------- D:\Program Files\Foxit Software
2008-02-23 17:31 . 2008-02-23 17:31 <DIR> d-------- D:\Documents and Settings\Administrator\X86
2008-02-23 14:02 . 2008-02-26 19:13 4,770 --a------ D:\WINDOWS\system32\PerfStringBackup.TMP
2008-02-23 12:50 . 2008-02-24 00:29 <DIR> d-------- D:\Program Files\Microsoft Visual Studio 9.0
2008-02-23 12:50 . 2008-02-23 12:51 <DIR> d-------- D:\Program Files\Common Files\Merge Modules
2008-02-23 12:50 . 2008-02-24 00:59 <DIR> d-------- D:\Documents and Settings\All Users\Application Data\Microsoft Help
2008-02-23 12:48 . 2008-02-23 12:48 <DIR> d-------- D:\Program Files\Microsoft SDKs
2008-02-23 12:47 . 2008-02-23 12:47 <DIR> d-------- D:\WINDOWS\system32\XPSViewer
2008-02-23 12:47 . 2008-02-23 12:47 <DIR> d-------- D:\Program Files\Reference Assemblies
2008-02-23 12:47 . 2008-02-23 12:47 <DIR> d-------- D:\Program Files\MSBuild
2008-02-23 12:46 . 2006-06-29 13:07 14,048 --------- D:\WINDOWS\system32\spmsg2.dll
2008-02-23 12:42 . 2008-02-23 12:47 <DIR> d-------- D:\WINDOWS\system32\NtmsData
2008-02-23 01:14 . 2008-02-23 20:31 357 --a------ D:\Documents and Settings\Administrator\.cb_layout.bin
2008-02-23 01:08 . 2008-02-23 02:12 <DIR> d-------- D:\Documents and Settings\Administrator\.CodeBlocks
2008-02-22 00:41 . 2005-05-03 18:43 69,632 --a------ D:\WINDOWS\Alcmtr.exe
2008-02-21 22:30 . 2008-02-21 22:30 <DIR> d-------- D:\Documents and Settings\Administrator\「開始」功
2008-02-21 22:28 . 2008-02-22 00:14 <DIR> d-------- D:\WINDOWS\SxsCaPendDel
2008-02-19 20:56 . 2008-02-19 20:56 <DIR> d-------- D:\Program Files\uTorrent
2008-02-19 20:56 . 2008-02-28 14:43 <DIR> d-------- D:\Documents and Settings\Administrator\Application Data\uTorrent
2008-02-19 09:24 . 2006-04-20 03:51 359,808 --a------ D:\WINDOWS\system32\drivers\tcpip.sys.ORIGINAL
2008-02-19 09:24 . 2006-04-20 03:51 359,808 --a--c--- D:\WINDOWS\system32\dllcache\tcpip.sys.ORIGINAL
2008-02-07 13:12 . 2008-02-07 13:12 <DIR> d-------- D:\Documents and Settings\Administrator\Application Data\Softarium.com
2008-02-07 13:08 . 2008-02-07 12:55 20,736 --a------ D:\WINDOWS\system32\wmpkeys-1.1.0.1.msi
2008-02-07 02:02 . 2008-02-07 02:02 <DIR> d-------- D:\Documents and Settings\All Users\Application Data\ATI
2008-02-07 02:02 . 2008-02-07 02:02 <DIR> d-------- D:\Documents and Settings\Administrator\Application Data\ATI
2008-02-07 02:01 . 2008-02-07 02:01 0 --a------ D:\WINDOWS\ativpsrm.bin

.
(((((((((((((((((((((((((((((((((((( 近三個月內更動的檔案 )))))))))))))))))))))))))))))))))))))))))))))))
.
2008-03-02 03:57 --------- d-----w D:\Documents and Settings\Administrator\Application Data\Skype
2008-03-01 01:19 --------- d-----w D:\Documents and Settings\Administrator\Application Data\MxBoost
2008-02-27 20:50 --------- d-----w D:\Documents and Settings\Administrator\Application Data\Lavasoft
2008-02-27 20:49 --------- d-----w D:\Program Files\SopCast
2008-02-26 22:37 --------- d-----w D:\Documents and Settings\Administrator\Application Data\IDMComp
2008-02-26 21:18 --------- d-----w D:\Program Files\Common Files\Wise Installation Wizard
2008-02-26 21:02 --------- d--h--w D:\Program Files\InstallShield Installation Information
2008-02-26 01:13 --------- d-----w D:\Program Files\Common Files\Logitech
2008-02-25 20:12 --------- d-----w D:\Program Files\UltraEdit
2008-02-24 04:31 357 ----a-w D:\Documents and Settings\Administrator\.cb_layout.bin
2008-02-23 08:49 --------- d-----w D:\Documents and Settings\Administrator\Application Data\Dev-Cpp
2008-02-22 08:41 --------- d-----w D:\Program Files\Realtek
2008-02-20 00:06 359,808 -c--a-w D:\WINDOWS\system32\drivers\tcpip.sys
2008-02-08 21:23 --------- d-----w D:\Program Files\Xi
2008-02-07 09:58 --------- d-----w D:\Program Files\ATI Technologies
2008-01-26 07:53 --------- d-----w D:\Documents and Settings\Administrator\Application Data\ACD Systems
2008-01-09 05:23 --------- d-----w D:\Documents and Settings\All Users\Application Data\Fugazo
2008-01-03 07:05 --------- d-----w D:\Program Files\Common Files\InstallShield
2006-07-06 06:58 167,936 -c--a-w D:\Program Files\Common Files\FSCAPIATL.dll
.

------- Sigcheck -------

f4dd02b880dd00888187201cbbc3ffaf D:\WINDOWS\system32\drivers\tcpip.sys
-c--a-w 360,576 2006-04-20 12:18:35 D:\WINDOWS\$hf_mig$\KB917953\SP2QFE\tcpip.sys
-c----w 359,040 2004-07-12 00:00:00 D:\WINDOWS\$NtUninstallKB917953$\tcpip.sys
-c--a-w 359,808 2008-02-20 00:06:39 D:\WINDOWS\system32\dllcache\tcpip.sys
-c--a-w 359,808 2008-02-20 00:06:39 D:\WINDOWS\system32\drivers\tcpip.sys
.
(((((((((((((((((((((((((((((((((((((((((( 重要登錄檔 )))))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
REGEDIT4
*注意* 空白或合法的登錄值將不會顯示

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{D49933E1-37D6-4624-BC78-92F91A7DF3AD}]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="D:\WINDOWS\system32\ctfmon.exe" [2004-07-11 16:00 15360]
"MSI Configuration"="msiconf.exe" []
"SUPERAntiSpyware"="D:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2007-06-21 14:06 1318912]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IMJPMIG8.1"="D:\WINDOWS\IME\imjp8_1\IMJPMIG.exe" [2004-07-11 16:00 208952]
"MSPY2002"="D:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe" [2004-07-11 16:00 59392]
"SynTPEnh"="D:\Program Files\Synaptics\SynTP\SynTPEnh.exe" [2006-05-18 22:51 774233]
"IntelZeroConfig"="D:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe" [2007-03-06 00:47 819200]
"IntelWireless"="D:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe" [2007-03-06 00:44 970752]
"CJIMETIPSYNC"="D:\Program Files\Common Files\Microsoft Shared\IME\IMTC65\CHANGJIE\CINTLCFG.exe" [2003-07-14 06:57 63040]
"PHIMETIPSYNC"="D:\Program Files\Common Files\Microsoft Shared\IME\IMTC65\PHONETIC\TINTLCFG.exe" [2003-07-14 06:57 95296]
"NeroFilterCheck"="D:\WINDOWS\system32\NeroCheck.exe" [2001-07-08 19:50 155648]
"SunJavaUpdateSched"="D:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" [2007-09-25 01:11 132496]
"Logitech Hardware Abstraction Layer"="KHALMNPR.EXE" [2007-11-29 02:17 55824 D:\WINDOWS\KHALMNPR.Exe]
"FinePrint Dispatcher v5"="D:\WINDOWS\System32\spool\DRIVERS\W32X86\3\fpdisp5a.exe" [2004-08-25 11:26 442368]
"Kernel and Hardware Abstraction Layer"="KHALMNPR.EXE" [2007-11-29 02:17 55824 D:\WINDOWS\KHALMNPR.Exe]
"HP Software Update"="D:\Program Files\HP\HP Software Update\HPWuSchd2.exe" [2006-12-10 21:52 49152]
"avgnt"="D:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" [2007-12-04 00:56 249896]
"StartCCC"="D:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2006-11-10 12:35 90112]
"NetLimiter"="D:\Program Files\NetLimiter\NetLimiter.exe" [2004-03-31 05:23 823296]
"RTHDCPL"="RTHDCPL.EXE" [2007-05-28 16:32 16132608 D:\WINDOWS\RTHDCPL.exe]
"AzMixerSel"="D:\Program Files\Realtek\InstallShield\AzMixerSel.exe" [2005-06-11 19:51 53248]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="D:\WINDOWS\System32\CTFMON.EXE" [2004-07-11 16:00 15360]

D:\Documents and Settings\All Users\「開始」功能表\程式集\啟動\
BTTray.lnk - D:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe [2006-01-16 18:45:32 618557]
Logitech SetPoint.lnk - D:\Program Files\Logitech\SetPoint\SetPoint.exe [2008-02-26 13:02:37 789008]
VPN Client.lnk - D:\WINDOWS\Installer\{14FCFE7C-AB86-428A-9D2E-BFB6F5A7AA6E}\Icon3E5562ED7.ico [2007-09-04 09:24:37 6144]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= D:\Program Files\SUPERAntiSpyware\SASSEH.DLL [2006-12-20 13:55 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
D:\Program Files\SUPERAntiSpyware\SASWINLO.dll 2007-04-19 13:41 294912 D:\Program Files\SUPERAntiSpyware\SASWINLO.dll

[HKLM\~\startupfolder\D:^Documents and Settings^All Users^「開始」功能表^程式集^啟動^HP Digital Imaging Monitor.lnk]
path=D:\Documents and Settings\All Users\「開始」功能表\程式集\啟動\HP Digital Imaging Monitor.lnk
backup=D:\WINDOWS\pss\HP Digital Imaging Monitor.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ActiveKeys.AAB635BD7D054a37A576]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Free-1]
--a--c--- 2007-09-14 12:50 446464 D:\Program Files\IPEVO\Free-1 USB Phone\Free-1 USB Phone.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\gcNotifier]
--a------ 2007-11-20 13:10 172032 D:\Documents and Settings\Administrator\Local Settings\Application Data\VTShared\GCNotifier.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\OODefragTray]
--a------ 2007-05-11 02:08 2512392 D:\WINDOWS\system32\oodtray.exe

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"D:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"D:\\Program Files\\OPNET EDU\\9.1.A\\sys\\pc_intel_win32\\bin\\itguru.exe"=
"D:\\Program Files\\Gamania\\PopKart\\M01\\Patcher.exe"=
"D:\\Program Files\\Gamania\\PopKart\\M01\\NMService.exe"=
"D:\\Program Files\\Gamania\\PopKart\\M01\\KartRider.exe"=
"D:\\Program Files\\Gamania\\PopKart\\M01\\GameGuard.des"=
"D:\\Program Files\\StarNet\\X-Win32 8.1\\xwin32.exe"=
"D:\\Program Files\\uTorrent\\uTorrent.exe"=
"D:\\Program Files\\Skype\\Phone\\Skype.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"8275:TCP"= 8275:TCP:BitComet 8275 TCP
"8275:UDP"= 8275:UDP:BitComet 8275 UDP
"36456:TCP"= 36456:TCP:TCP 36456

R0 O2MDRDR;O2MDRDR;D:\WINDOWS\system32\DRIVERS\o2media.sys [2007-04-02 18:04]
R0 O2SDRDR;O2SDRDR;D:\WINDOWS\system32\DRIVERS\o2sd.sys [2007-04-02 00:11]
S3 SNP2UVC;USB2.0 PC Camera (SNP2UVC);D:\WINDOWS\system32\DRIVERS\snp2uvc.sys []

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{1678bada-8dce-11dc-a986-001b77591b67}]
\Shell\AutoRun\command - H:\LaunchU3.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{d6fcbaaa-6fd6-11dc-a981-0016d35b6357}]
\Shell\AutoRun\command - H:\ntdelect.com
\Shell\explore\Command - H:\ntdelect.com
\Shell\open\Command - H:\ntdelect.com

.
排程工作資料夾的內容
"2008-02-27 02:45:30 D:\WINDOWS\Tasks\Uniblue SpeedUpMyPC Nag.job"
- D:\Program Files\Uniblue\SpeedUpMyPC 3\SpeedUpMyPC.exe
"2008-02-27 02:45:30 D:\WINDOWS\Tasks\Uniblue SpeedUpMyPC.job"
- D:\Program Files\Uniblue\SpeedUpMyPC 3\SpeedUpMyPC.exe
"2008-02-27 02:17:57 D:\WINDOWS\Tasks\Uniblue SpyEraser.job"
- D:\Program Files\Uniblue\SpyEraser\SpyEraser.exe
.
**************************************************************************

catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-03-02 01:04:42
Windows 5.1.2600 Service Pack 2 NTFS

掃描隱藏的程序...

掃描隱藏的進程...

掃描隱藏的檔案...

掃描完成
隱藏檔案?: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

PROCESS: D:\WINDOWS\system32\lsass.exe [5.01.2600.2180]
-> D:\Program Files\NetLimiter\nl_lsp.dll
-> D:\WINDOWS\system32\nl_msgc.dll
.
------------------------ Other Running Processes ------------------------
.
D:\WINDOWS\system32\Ati2evxx.exe
D:\WINDOWS\system32\Ati2evxx.exe
D:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
D:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
D:\WINDOWS\system32\conime.exe
D:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
D:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
D:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
D:\Program Files\Intel\Wireless\Bin\EvtEng.exe
D:\Program Files\Common Files\LightScribe\LSSrvc.exe
D:\Program Files\O2Micro Oz128 Driver\o2flash.exe
D:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
D:\WINDOWS\system32\wscntfy.exe
D:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.EXE
D:\Program Files\Intel\Wireless\Bin\Dot1XCfg.exe
D:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\RtkBtMnt.exe
D:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe
.
**************************************************************************
.
完成時間?: 2008-03-02 1:07:43 - machine was rebooted [Administrator]
ComboFix-quarantined-files.txt 2008-03-02 09:07:40
  • 0

Advertisements

#2
Stanley K
Posted 06 March 2008 - 12:32 PM

Stanley K

    New Member

  • Topic Starter
  • Member
  • Pip
  • 3 posts
Can someone help me, please. I was worry these days.
  • 0

#3
Stanley K
Posted 15 March 2008 - 12:06 PM

Stanley K

    New Member

  • Topic Starter
  • Member
  • Pip
  • 3 posts
Can someone help me, please.
  • 0
Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP