Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

How to remove Backdoor.Tidserv!.inf

Started by jesse08 , May 15 2009 12:30 AM

  • Please log in to reply

#1
jesse08
Posted 15 May 2009 - 12:30 AM

jesse08

    New Member

  • Member
  • Pip
  • 8 posts
Here is the log.

MBAM:
Malwarebytes' Anti-Malware 1.36
Database version: 2132
Windows 5.1.2600 Service Pack 2

2009/5/14 下午 11:28:57
mbam-log-2009-05-14 (23-28-57).txt

Scan type: Quick Scan
Objects scanned: 91806
Time elapsed: 2 minute(s), 14 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

Rooter:

Microsoft Windows XP Professional (5.1.2600) Service Pack 2

A:\ [Removable] (Total:0 Mo/Free:0 Mo)
C:\ [Fixed] - FAT32 - (Total:13220 Mo/Free:1959 Mo)
D:\ [Fixed] - FAT32 - (Total:5853 Mo/Free:3501 Mo)
E:\ [Fixed] - FAT32 - (Total:117203 Mo/Free:3889 Mo)
F:\ [CD-Rom] (Total:0 Mo/Free:0 Mo)
G:\ [CD-Rom] (Total:0 Mo/Free:0 Mo)

2009/05/14 星期四|23:14

----------------------\\ Processes..

--Locked-- [System Process]
---------- System
---------- \SystemRoot\System32\smss.exe
---------- \??\C:\WINDOWS\system32\csrss.exe
---------- \??\C:\WINDOWS\system32\winlogon.exe
---------- C:\WINDOWS\system32\services.exe
---------- C:\WINDOWS\system32\lsass.exe
---------- C:\WINDOWS\System32\Ati2evxx.exe
---------- C:\WINDOWS\system32\svchost.exe
---------- C:\WINDOWS\system32\svchost.exe
---------- C:\WINDOWS\System32\svchost.exe
---------- C:\WINDOWS\System32\svchost.exe
---------- C:\WINDOWS\System32\svchost.exe
---------- C:\WINDOWS\system32\Ati2evxx.exe
---------- C:\WINDOWS\Explorer.EXE
---------- D:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
---------- C:\Program Files\Common Files\Real\Update_OB\realsched.exe
---------- C:\Program Files\Common Files\Symantec Shared\ccApp.exe
---------- C:\PROGRA~1\SYMANT~1\VPTray.exe
---------- C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
---------- C:\Program Files\dvd43\dvd43_tray.exe
---------- C:\Program Files\Java\jre6\bin\jusched.exe
---------- C:\WINDOWS\system32\ctfmon.exe
---------- C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe
---------- C:\Program Files\WLAN\802.11b+g USB WLAN\ZDWlan.exe
---------- C:\WINDOWS\system32\spoolsv.exe
---------- C:\WINDOWS\System32\svchost.exe
---------- C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
---------- C:\Program Files\Symantec AntiVirus\DefWatch.exe
---------- C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe
---------- C:\PROGRA~1\Yahoo!\MESSEN~1\ymsgr_tray.exe
---------- C:\Program Files\Java\jre6\bin\jqs.exe
---------- C:\WINDOWS\System32\svchost.exe
---------- C:\Program Files\Symantec AntiVirus\Rtvscan.exe
---------- C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
---------- C:\WINDOWS\System32\alg.exe
---------- C:\Program Files\Internet Explorer\iexplore.exe
---------- C:\WINDOWS\system32\cmd.exe
---------- C:\WINDOWS\system32\conime.exe
---------- C:\Rooter$\RK.exe

----------------------\\ Search..

----------------------\\ ROOTKIT !!


----------------------\\ Cracks & Keygens..

C:\DOCUME~1\HSUAN-~1.YAO\Cookies\hsuan-ming_yao@crackle[2].txt


1 - "C:\Rooter$\Rooter_1.txt" - 2009/05/14 星期四|23:14

----------------------\\ Scan completed at 23:14

OTListIt:

OTListIt logfile created on: 2009/5/14 下午 11:16:02 - Run 1
OTListIt2 by OldTimer - Version 2.0.15.7 Folder = C:\Documents and Settings\Hsuan-Ming Yao.YAO\Local Settings\Temporary Internet Files\Content.IE5\L8EACXUX
Windows XP Professional Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.13)
Locale: 00000404 | Country: 台灣 | Language: CHT | Date Format: yyyy/M/d

511.48 Mb Total Physical Memory | 138.57 Mb Available Physical Memory | 27.09% Memory free
1.22 Gb Paging File | 0.75 Gb Available in Paging File | 61.38% Paging File free
Paging file location(s): C:\pagefile.sys 768 1536 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 12.91 Gb Total Space | 1.91 Gb Free Space | 14.81% Space Free | Partition Type: FAT32
Drive D: | 5.72 Gb Total Space | 3.42 Gb Free Space | 59.82% Space Free | Partition Type: FAT32
Drive E: | 114.46 Gb Total Space | 23.80 Gb Free Space | 20.79% Space Free | Partition Type: FAT32
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: YAO
Current User Name: Hsuan-Ming Yao
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Output = Minimal
File Age = 30 Days
Company Name Whitelist: On

========== Processes (SafeList) ==========

PRC - C:\WINDOWS\System32\Ati2evxx.exe (ATI Technologies Inc.)
PRC - C:\WINDOWS\system32\Ati2evxx.exe (ATI Technologies Inc.)
PRC - C:\WINDOWS\Explorer.EXE (Microsoft Corporation)
PRC - D:\Program Files\Lavasoft\Ad-Aware\aawservice.exe (Lavasoft)
PRC - C:\Program Files\Common Files\Real\Update_OB\realsched.exe (RealNetworks, Inc.)
PRC - C:\Program Files\Common Files\Symantec Shared\ccApp.exe (Symantec Corporation)
PRC - C:\Program Files\Symantec AntiVirus\VPTray.exe (Symantec Corporation)
PRC - C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe (ATI Technologies, Inc.)
PRC - C:\Program Files\dvd43\dvd43_tray.exe ()
PRC - C:\Program Files\Java\jre6\bin\jusched.exe (Sun Microsystems, Inc.)
PRC - C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe (Microsoft Corporation)
PRC - C:\Program Files\WLAN\802.11b+g USB WLAN\ZDWlan.exe ()
PRC - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe (Symantec Corporation)
PRC - C:\Program Files\Symantec AntiVirus\DefWatch.exe (Symantec Corporation)
PRC - C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe (Intuit Inc.)
PRC - C:\Program Files\Yahoo!\Messenger\Ymsgr_tray.exe (Yahoo! Inc.)
PRC - C:\Program Files\Java\jre6\bin\jqs.exe (Sun Microsystems, Inc.)
PRC - C:\Program Files\Symantec AntiVirus\Rtvscan.exe (Symantec Corporation)
PRC - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe (Symantec Corporation)
PRC - C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)
PRC - C:\WINDOWS\system32\conime.exe (Microsoft Corporation)
PRC - C:\Documents and Settings\Hsuan-Ming Yao.YAO\Local Settings\Temporary Internet Files\Content.IE5\L8EACXUX\OTListIt2[1].exe (OldTimer Tools)

========== Win32 Services (SafeList) ==========

SRV - (aawservice [Auto | Running]) -- D:\Program Files\Lavasoft\Ad-Aware\aawservice.exe (Lavasoft)
SRV - (aspnet_state [On_Demand | Stopped]) -- C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe (Microsoft Corporation)
SRV - (Ati HotKey Poller [Auto | Running]) -- C:\WINDOWS\System32\Ati2evxx.exe (ATI Technologies Inc.)
SRV - (ATI Smart [Auto | Stopped]) -- C:\WINDOWS\system32\ati2sgag.exe ()
SRV - (ccEvtMgr [Auto | Running]) -- C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe (Symantec Corporation)
SRV - (ccPwdSvc [On_Demand | Stopped]) -- C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe (Symantec Corporation)
SRV - (ccSetMgr [Auto | Running]) -- C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe (Symantec Corporation)
SRV - (clr_optimization_v2.0.50727_32 [On_Demand | Stopped]) -- C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation)
SRV - (DefWatch [Auto | Running]) -- C:\Program Files\Symantec AntiVirus\DefWatch.exe (Symantec Corporation)
SRV - (helpsvc [Auto | Running]) -- C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll (Microsoft Corporation)
SRV - (IntuitUpdateService [Auto | Running]) -- C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe (Intuit Inc.)
SRV - (JavaQuickStarterService [Auto | Running]) -- C:\Program Files\Java\jre6\bin\jqs.exe (Sun Microsystems, Inc.)
SRV - (ose [On_Demand | Stopped]) -- C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE (Microsoft Corporation)
SRV - (SavRoam [On_Demand | Stopped]) -- C:\Program Files\Symantec AntiVirus\SavRoam.exe (symantec)
SRV - (SNDSrvc [On_Demand | Stopped]) -- C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe (Symantec Corporation)
SRV - (SPBBCSvc [On_Demand | Stopped]) -- C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe (Symantec Corporation)
SRV - (Symantec AntiVirus [Auto | Running]) -- C:\Program Files\Symantec AntiVirus\Rtvscan.exe (Symantec Corporation)
SRV - (usnjsvc [On_Demand | Stopped]) -- C:\Program Files\Windows Live\Messenger\usnsvc.exe (Microsoft Corporation)
SRV - (WLSetupSvc [On_Demand | Stopped]) -- C:\Program Files\Windows Live\installer\WLSetupSvc.exe (Microsoft Corporation)

========== Driver Services (SafeList) ==========

DRV - (ati2mtag [On_Demand | Running]) -- C:\WINDOWS\System32\DRIVERS\ati2mtag.sys (ATI Technologies Inc.)
DRV - (cmuda [On_Demand | Stopped]) -- C:\WINDOWS\system32\drivers\cmuda.sys (C-Media Inc)
DRV - (dvd43llh [On_Demand | Running]) -- C:\WINDOWS\System32\DRIVERS\dvd43llh.sys (RIF)
DRV - (eeCtrl [System | Running]) -- C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys (Symantec Corporation)
DRV - (EraserUtilRebootDrv [On_Demand | Running]) -- C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys (Symantec Corporation)
DRV - (FET5X86V [On_Demand | Stopped]) -- C:\WINDOWS\system32\DRIVERS\fetnd5bv.sys (VIA Technologies, Inc. )
DRV - (FETNDIS [On_Demand | Stopped]) -- C:\WINDOWS\System32\DRIVERS\fetnd5.sys (VIA Technologies, Inc. )
DRV - (FETNDISB [On_Demand | Stopped]) -- C:\WINDOWS\system32\DRIVERS\fetnd5b.sys (VIA Technologies, Inc. )
DRV - (FsVga [System | Running]) -- C:\WINDOWS\System32\DRIVERS\fsvga.sys (Microsoft Corporation)
DRV - (NAVENG [On_Demand | Running]) -- C:\Program Files\Common Files\Symantec Shared\VirusDefs\20090514.002\naveng.sys (Symantec Corporation)
DRV - (NAVEX15 [On_Demand | Running]) -- C:\Program Files\Common Files\Symantec Shared\VirusDefs\20090514.002\navex15.sys (Symantec Corporation)
DRV - (NTSIM [On_Demand | Stopped]) -- C:\WINDOWS\system32\ntsim.sys (VIA Networking Technologies, Inc. )
DRV - (Ptilink [On_Demand | Running]) -- C:\WINDOWS\System32\DRIVERS\ptilink.sys (Parallel Technologies, Inc.)
DRV - (SAVRT [System | Running]) -- C:\Program Files\Symantec AntiVirus\savrt.sys (Symantec Corporation)
DRV - (SAVRTPEL [System | Running]) -- C:\Program Files\Symantec AntiVirus\Savrtpel.sys (Symantec Corporation)
DRV - (Secdrv [On_Demand | Stopped]) -- C:\WINDOWS\System32\DRIVERS\secdrv.sys (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.)
DRV - (snapman [Boot | Running]) -- C:\WINDOWS\system32\DRIVERS\snapman.sys (Acronis)
DRV - (SPBBCDrv [On_Demand | Stopped]) -- C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCDrv.sys (Symantec Corporation)
DRV - (SPCA508A [On_Demand | Running]) -- C:\WINDOWS\system32\DRIVERS\SPCA508A.SYS (Sunplus Technology Co. LTD.)
DRV - (sptd [Boot | Running]) -- C:\WINDOWS\System32\Drivers\sptd.sys ()
DRV - (SymEvent [On_Demand | Running]) -- C:\Program Files\Symantec\SYMEVENT.SYS (Symantec Corporation)
DRV - (SYMREDRV [On_Demand | Running]) -- C:\WINDOWS\System32\Drivers\SYMREDRV.SYS (Symantec Corporation)
DRV - (SYMTDI [System | Running]) -- C:\WINDOWS\System32\Drivers\SYMTDI.SYS (Symantec Corporation)
DRV - (tmcomm [Auto | Running]) -- C:\WINDOWS\system32\drivers\tmcomm.sys (Trend Micro Inc.)
DRV - (VIAudio [On_Demand | Running]) -- C:\WINDOWS\system32\drivers\viaudio.sys (VIA Technologies, Inc.)
DRV - (WLAN(WLAN) [On_Demand | Running]) -- C:\WINDOWS\system32\DRIVERS\zd1211u.sys (ZyDAS Technology Corporation)
DRV - (ZDPNDIS5 [On_Demand | Running]) -- C:\WINDOWS\system32\ZDPNDIS5.SYS (Printing Communications Assoc., Inc. (PCAUSA))

========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = [binary data]
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Extensions Off Page = about:NoAdd-ons
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page = about:SecurityRisk
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft....k/?LinkId=69157
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomizeSearch = http://ie.search.msn...st/srchcust.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://ie.search.msn...st/srchasst.htm

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\system32\blank.htm
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft...amp;ar=iesearch
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

FF - HKLM\software\mozilla\Firefox\Extensions\\[email protected]: C:\PROGRAM FILES\JAVA\JRE6\LIB\DEPLOY\JQS\FF [2008/12/11 19:02:32 | 00,000,000 | ---D | M]


O1 HOSTS File: (734 bytes) - C:\WINDOWS\System32\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (&Yahoo! Toolbar Helper) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (BitComet Helper) - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - C:\Program Files\BitComet\tools\BitCometBHO_1.2.2.28.dll (BitComet)
O2 - BHO: (Yahoo! IE Services Button) - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll (Yahoo! Inc.)
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - Reg Error: Key error. File not found
O2 - BHO: (Windows Live 登入小幫手) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (JQSIEStartDetectorImpl Class) - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll (Sun Microsystems, Inc.)
O2 - BHO: (free-downloads.net Toolbar) - {ecdee021-0d17-467f-a1ff-c7a115230949} - C:\Program Files\free-downloads.net\tbfree.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (free-downloads.net Toolbar) - {ecdee021-0d17-467f-a1ff-c7a115230949} - C:\Program Files\free-downloads.net\tbfree.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (Yahoo! 工具列) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {ECDEE021-0D17-467F-A1FF-C7A115230949} - C:\Program Files\free-downloads.net\tbfree.dll (Conduit Ltd.)
O4 - HKLM..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" (Adobe Systems Incorporated)
O4 - HKLM..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe (ATI Technologies, Inc.)
O4 - HKLM..\Run: [C:\WINDOWS\system32\kdatt.exe] C:\WINDOWS\system32\kdatt.exe File not found
O4 - HKLM..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe" (Symantec Corporation)
O4 - HKLM..\Run: [dvd43] C:\Program Files\dvd43\dvd43_tray.exe ()
O4 - HKLM..\Run: [IMJPMIG8.1] C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE /Spoil /RemAdvDef /Migration32 (Microsoft Corporation)
O4 - HKLM..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe (Ahead Software Gmbh)
O4 - HKLM..\Run: [PHIME2002A] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE /IMEName (Microsoft Corporation)
O4 - HKLM..\Run: [PHIME2002ASync] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE /SYNC (Microsoft Corporation)
O4 - HKLM..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe" (Sun Microsystems, Inc.)
O4 - HKLM..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot (RealNetworks, Inc.)
O4 - HKLM..\Run: [vptray] C:\PROGRA~1\SYMANT~1\VPTray.exe (Symantec Corporation)
O4 - HKCU..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background (Microsoft Corporation)
O4 - HKCU..\Run: [Yahoo! Pager] "C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE" -quiet (Yahoo! Inc.)
O4 - Startup: C:\Documents and Settings\All Users.WINDOWS\「開始」功能表\程式集\啟動\802.11b+g USB Wireless LAN Utility.lnk = C:\Program Files\WLAN\802.11b+g USB WLAN\ZDWlan.exe ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: dontdisplaylastusername = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticecaption =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticetext =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: shutdownwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 0
O8 - Extra context menu item: E&xport to Microsoft Excel - res://D:\PROGRA~1\MICROS~1\OFFICE11\EXCEL.EXE/3000 (Microsoft Corporation)
O9 - Extra Button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll (Yahoo! Inc.)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - D:\Program Files\Microsoft Office\OFFICE11\REFIEBAR.DLL (Microsoft Corporation)
O9 - Extra Button: BitComet - {D18A0B52-D63C-4ed0-AFC6-C1E3DC1AF43A} - C:\Program Files\BitComet\tools\BitCometBHO_1.2.2.28.dll (BitComet)
O9 - Extra 'Tools' menuitem : @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe (Microsoft Corporation)
O9 - Extra Button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
O15 - HKLM\..Trusted Domains: 1 domain(s) and sub-domain(s) not assigned to a zone.
O16 - DPF: {215B8138-A3CF-44C5-803F-8226143CFC0A} http://housecall65.t...ivex/hcImpl.cab (Trend Micro ActiveX Scan Agent 6.6)
O16 - DPF: {31435657-9980-0010-8000-00AA00389B71} http://download.micr...78f/wvc1dmo.cab (Reg Error: Key error.)
O16 - DPF: {4C833081-D026-4FF8-968F-7EAB660D2FBA} http://download.tvan.../cab/tvants.cab (TVAnts ActiveX Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_13)
O16 - DPF: {8FEFF364-6A5F-4966-A917-A3AC28411659} http://download.sopc...oad/SOPCORE.CAB (SopCore Control)
O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_13)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_13)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://download.macr...ash/swflash.cab (Shockwave Flash Object)
O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.8.5.1302.1018.dll (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.8.5.1302.1018.dll (Microsoft Corporation)
O18 - Protocol\Handler\mso-offdap {3D9F03FA-7A94-11D3-BE81-0050048385D1} - C:\Program Files\Common Files\Microsoft Shared\Web Components\10\OWC10.DLL (Microsoft Corporation)
O18 - Protocol\Handler\mso-offdap11 {32505114-5902-49B2-880A-1F7738E5A384} - C:\Program Files\Common Files\Microsoft Shared\Web Components\11\OWC11.DLL (Microsoft Corporation)
O18 - Protocol\Filter: - text/xml - C:\Program Files\Common Files\Microsoft Shared\OFFICE11\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\Explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: System - (kdatt.exe) - File not found
O20 - Winlogon\Notify\AtiExtEvent: DllName - Ati2evxx.dll - C:\WINDOWS\system32\Ati2evxx.dll (ATI Technologies Inc.)
O20 - Winlogon\Notify\NavLogon: DllName - C:\WINDOWS\System32\NavLogon.dll - C:\WINDOWS\System32\NavLogon.dll (Symantec Corporation)
O20 - Winlogon\Notify\WgaLogon: DllName - Reg Error: Value error. - Reg Error: Value error. File not found
O24 - Desktop Components:0 (目前的首頁) - About:Home
O31 - SafeBoot: AlternateShell - cmd.exe
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2003/07/08 00:17:46 | 00,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ FAT32 ]
O33 - MountPoints2\{bd73aef4-117a-11dd-97ac-806d6172696f}\Shell - "" = Autorun
O33 - MountPoints2\{bd73aef4-117a-11dd-97ac-806d6172696f}\Shell\Open\command - "" = D:\resycled\boot.com -- File not found
O34 - HKLM BootExecute: (autocheck) - File not found
O34 - HKLM BootExecute: (autochk) - C:\WINDOWS\System32\autochk.exe (Microsoft Corporation)
O34 - HKLM BootExecute: (*) - File not found
O34 - HKLM BootExecute: (lsdelete) - C:\WINDOWS\System32\lsdelete.exe ()

========== Files/Folders - Created Within 30 Days ==========

[1 C:\*.tmp files]
[3 C:\WINDOWS\*.tmp files]
[2009/05/14 23:14:15 | 00,000,000 | ---D | C] -- C:\Rooter$
[2009/05/14 22:02:19 | 00,000,000 | ---D | C] -- C:\WINDOWS\pss
[2009/05/14 21:28:50 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Hsuan-Ming Yao.YAO\Application Data\Malwarebytes
[2009/05/14 21:28:38 | 00,000,466 | ---- | C] () -- C:\DOCUME~1\ALLUSE~1.WIN\桌面\Malwarebytes' Anti-Malware.lnk
[2009/05/14 21:28:35 | 00,015,504 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2009/05/14 21:28:31 | 00,038,496 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2009/05/14 21:28:27 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\Malwarebytes
[2009/04/15 23:28:14 | 00,060,416 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\colbact.dll
[2009/04/15 23:28:12 | 00,291,840 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\pdh.dll
[2009/04/15 23:28:12 | 00,227,840 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wmiprvse.exe
[2009/04/15 23:28:11 | 00,473,088 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fastprox.dll
[2009/04/15 23:28:09 | 00,399,360 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\rpcss.dll
[2009/04/15 23:28:08 | 00,667,648 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\advapi32.dll
[2009/04/15 23:28:08 | 00,110,592 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\services.exe
[2009/04/15 23:28:07 | 00,453,120 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wmiprvsd.dll
[2009/04/15 23:28:04 | 00,600,576 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ntdll.dll
[2009/04/15 23:26:14 | 01,193,414 | ---- | C] () -- C:\WINDOWS\System32\dllcache\sysmain.sdb
[2009/04/15 23:26:13 | 00,207,872 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wordpad.exe
[2009/04/15 21:52:17 | 00,000,000 | ---D | C] -- C:\DOCUME~1\HSUAN-~1.YAO\桌面\1
[2008/12/03 22:38:46 | 00,000,038 | ---- | C] () -- C:\WINDOWS\avisplitter.INI
[2008/11/14 18:37:38 | 00,716,272 | ---- | C] () -- C:\WINDOWS\System32\drivers\sptd.sys
[2008/09/15 00:25:39 | 00,164,352 | ---- | C] () -- C:\WINDOWS\System32\unrar.dll
[2008/09/15 00:25:33 | 00,755,027 | ---- | C] () -- C:\WINDOWS\System32\xvidcore.dll
[2008/09/15 00:25:33 | 00,159,839 | ---- | C] () -- C:\WINDOWS\System32\xvidvfw.dll
[2008/09/15 00:25:32 | 03,596,288 | ---- | C] () -- C:\WINDOWS\System32\qt-dx331.dll
[2008/09/15 00:25:28 | 00,007,680 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll
[2008/09/15 00:25:28 | 00,000,547 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll.manifest
[2008/04/24 22:52:39 | 00,000,379 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2008/04/24 22:51:11 | 00,000,069 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini
[2008/04/24 00:22:54 | 00,028,672 | ---- | C] () -- C:\WINDOWS\System32\InsDrvZD.dll
[2008/04/23 23:15:59 | 00,000,000 | ---- | C] () -- C:\WINDOWS\vpc32.INI
[2008/04/23 23:07:26 | 00,032,768 | ---- | C] () -- C:\WINDOWS\System32\UnAudioNT.dll
[2006/10/27 08:26:56 | 00,069,632 | ---- | C] () -- C:\WINDOWS\System32\vuins32.dll
[2003/02/18 18:26:28 | 00,028,672 | ---- | C] () -- C:\WINDOWS\System32\cmirmdrv.dll
[2003/01/07 15:05:08 | 00,002,695 | ---- | C] () -- C:\WINDOWS\System32\OUTLPERF.INI
[2001/09/17 20:00:00 | 00,000,615 | ---- | C] () -- C:\WINDOWS\win.ini
[2001/09/17 20:00:00 | 00,000,227 | ---- | C] () -- C:\WINDOWS\system.ini

========== Files - Modified Within 30 Days ==========

[1 C:\*.tmp files]
[3 C:\WINDOWS\*.tmp files]
[2009/05/14 22:56:00 | 00,000,615 | ---- | M] () -- C:\WINDOWS\win.ini
[2009/05/14 22:56:00 | 00,000,227 | ---- | M] () -- C:\WINDOWS\system.ini
[2009/05/14 22:56:00 | 00,000,211 | RHS- | M] () -- C:\boot.ini
[2009/05/14 22:54:44 | 00,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2009/05/14 22:53:44 | 00,000,062 | -HS- | M] () -- C:\Documents and Settings\Hsuan-Ming Yao.YAO\Local Settings\desktop.ini
[2009/05/14 22:53:36 | 00,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2009/05/14 21:28:40 | 00,000,466 | ---- | M] () -- C:\DOCUME~1\ALLUSE~1.WIN\桌面\Malwarebytes' Anti-Malware.lnk
[2009/05/14 18:53:38 | 00,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2009/04/17 20:26:52 | 00,397,560 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2009/04/17 20:26:52 | 00,217,284 | ---- | M] () -- C:\WINDOWS\System32\prfh0404.dat
[2009/04/17 20:26:52 | 00,063,000 | ---- | M] () -- C:\WINDOWS\System32\prfc0404.dat
[2009/04/17 20:26:52 | 00,059,780 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2009/04/16 19:20:58 | 00,749,482 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI
[2009/04/16 19:08:16 | 00,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
< End of report >


Thanks for help.
  • 0

Advertisements

#2
jesse08
Posted 16 May 2009 - 12:13 PM

jesse08

    New Member

  • Topic Starter
  • Member
  • Pip
  • 8 posts
Anyone has answer for me? Thanks.
  • 0

#3
jesse08
Posted 18 May 2009 - 04:29 PM

jesse08

    New Member

  • Topic Starter
  • Member
  • Pip
  • 8 posts
Anyone can help me on this issue?
  • 0
Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP