Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

Your system is infected~~~

Started by fongman , Oct 08 2005 05:36 AM

  • Please log in to reply

#1
fongman
Posted 08 October 2005 - 05:36 AM

fongman

    New Member

  • Member
  • Pip
  • 6 posts
Here a my HIJECT Logfile , my computer is Traditional Chinese, XP~~
thx for you teach me to repair this problem~~


Logfile of HijackThis v1.99.1
Scan saved at 下午 07:30:08, on 2005/10/8
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\Explorer.exe
C:\Program Files\Norton Internet Security\NISUM.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\AVPersonal\AVWUPSRV.EXE
C:\Program Files\Norton Internet Security\ccPxySvc.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\Program Files\Intel\Intel® Active Monitor\imonnt.exe
C:\Program Files\Raxco\PerfectDisk\PDSched.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\regedit.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\FlashGet\flashget.exe
C:\PROGRA~1\Lavasoft\AD-AWA~1\Ad-Aware.exe
C:\Documents and Settings\Administrator\My Documents\HijackThis.exe

R3 - URLSearchHook: 捇誥翑忒 - {406F94F0-504F-4a40-8DFD-58B0666ABEBD} - (no file)
R3 - URLSearchHook: ICQ Toolbar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Program Files\ICQToolbar\toolbaru.dll
F2 - REG:system.ini: Shell=Explorer.exe C:\WINDOWS\System32\kernels32.exe
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: 捇誥翑忒 - {406F94F0-504F-4a40-8DFD-58B0666ABEBD} - (no file)
O2 - BHO: YDragSearch - {62EED7C6-9F02-42f9-B634-98E2899E147B} - C:\PROGRA~1\Yahoo!\ASSIST~1\assist\YDRAGS~1.DLL
O2 - BHO: IeCatch2 Class - {A5366673-E8CA-11D3-9CD9-0090271D075B} - C:\PROGRA~1\FlashGet\jccatch.dll
O2 - BHO: (no name) - {B75F75B8-93F3-429D-FF34-660B206D897A} - C:\WINDOWS\System32\zolker011.dll (file missing)
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O2 - BHO: IE - {D157330A-9EF3-49F8-9A67-4141AC41ADD4} - C:\WINDOWS\downlo~1\CnsHook.dll
O2 - BHO: (no name) - {FFF5092F-7172-4018-827B-FA5868FB0478} - (no file)
O3 - Toolbar: 收音機(&R) - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: ALiBaBar - {0A1375E1-56C2-11D6-8E45-8933A0FB5235} - C:\PROGRA~1\ALiBaBar\ALiBaBar.dll
O3 - Toolbar: 捇誥翑忒 - {406F94F0-504F-4a40-8DFD-58B0666ABEBD} - (no file)
O3 - Toolbar: FlashGet Bar - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\fgiebar.dll
O3 - Toolbar: ICQ Toolbar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Program Files\ICQToolbar\toolbaru.dll
O3 - Toolbar: (no name) - {A6790AA5-C6C7-4BCF-A46D-0FDAC4EA90EB} - (no file)
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O4 - HKLM\..\Run: [PHIME2002ASync] ; C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] ; C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [CnsMin] Rundll32.exe C:\WINDOWS\downlo~1\CnsMin.dll,Rundll32
O4 - HKLM\..\Run: [nwiz] ; nwiz.exe /install
O4 - HKLM\..\Run: [helper.dll] ; C:\WINDOWS\system32\rundll32.exe C:\PROGRA~1\3721\helper.dll,Rundll32
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [ccRegVfy] "C:\Program Files\Common Files\Symantec Shared\ccRegVfy.exe"
O4 - HKCU\..\Run: [ctfmon.exe] ; C:\WINDOWS\System32\ctfmon.exe
O4 - HKCU\..\Run: [msnmsgr] ; "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O8 - Extra context menu item: !搜一搜 - res://C:\WINDOWS\downlo~1\CnsMinEx.dll/1003
O8 - Extra context menu item: &ICQ Toolbar Search - res://C:\Program Files\ICQToolbar\toolbaru.dll/SEARCH.HTML
O8 - Extra context menu item: 使用 FlashGet 下載 - C:\Program Files\FlashGet\jc_link.htm
O8 - Extra context menu item: 全部使用 FlashGet 下載 - C:\Program Files\FlashGet\jc_all.htm
O8 - Extra context menu item: 剪貼簿文字: 簡 > 繁 - res://C:\Program Files\ALiBaBar\ALiBaBar.dll/RT_HTML/ClipToTrad
O8 - Extra context menu item: 剪貼簿文字: 繁 > 簡 - res://C:\Program Files\ALiBaBar\ALiBaBar.dll/RT_HTML/ClipToSim
O8 - Extra context menu item: 匯出至 Microsoft Excel(&X) - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: 網頁: [簡體] 顯示 - res://C:\Program Files\ALiBaBar\ALiBaBar.dll/RT_HTML/PageToSim
O8 - Extra context menu item: 網頁: [繁體] 顯示 - res://C:\Program Files\ALiBaBar\ALiBaBar.dll/RT_HTML/PageToTrad
O9 - Extra button: 手機短信 - {00000000-0000-0001-0001-596BAEDD1289} - http://sms.3721.com/ie/index.htm (file missing)
O9 - Extra button: Yahoo 1G電郵 - {507F9113-CD77-4866-BA92-0E86DA3D0B97} - http://cn.mail.yahoo.com/promo/rd1 (file missing)
O9 - Extra button: 尋寶樂趣多 - {59BC54A2-56B3-44a0-93E5-432D58746E26} - http://adtaobao.ally...?allyesPara=816 (file missing)
O9 - Extra button: 雅虎助手 - {5D73EE86-05F1-49ed-B850-E423120EC338} - http://cn.zs.yahoo.com/?source=Cns (file missing)
O9 - Extra button: ICQ Pro - {6224f700-cba3-4071-b251-47cb894244cd} - C:\PROGRA~1\ICQ\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ - {6224f700-cba3-4071-b251-47cb894244cd} - C:\PROGRA~1\ICQ\ICQ.exe
O9 - Extra button: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Program Files\ICQLite\ICQLite.exe
O9 - Extra 'Tools' menuitem: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Program Files\ICQLite\ICQLite.exe
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\flashget.exe
O9 - Extra 'Tools' menuitem: &FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\flashget.exe
O9 - Extra button: 情景聊天 - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - http://cn.rd.yahoo.c...nger.yahoo.com/ (file missing)
O9 - Extra button: (no name) - {ECF2E268-F28C-48d2-9AB7-8F69C11CCB71} - http://assistant.372...ity1.htm?fb=Cns (file missing)
O9 - Extra 'Tools' menuitem: 修復瀏覽器 - {ECF2E268-F28C-48d2-9AB7-8F69C11CCB71} - http://assistant.372...ity1.htm?fb=Cns (file missing)
O9 - Extra button: (no name) - {FD00D911-7529-4084-9946-A29F1BDF4FE5} - http://assistant.372...ean1.htm?fb=Cns (file missing)
O9 - Extra 'Tools' menuitem: 清理上網記錄 - {FD00D911-7529-4084-9946-A29F1BDF4FE5} - http://assistant.372...ean1.htm?fb=Cns (file missing)
O11 - Options group: [!CNS] 網絡實名
O14 - IERESET.INF: START_PAGE_URL=tw.yahoo.com
O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} (RdxIE Class) - http://software-dl.r...RdxIE601_tw.cab
O16 - DPF: {88D969C0-F192-11D4-A65F-0040963251E5} (XML DOM Document 4.0) - file://C:\TempEI4\EI40_\msxml4.cab
O23 - Service: AntiVir Update (AVWUpSrv) - H+BEDV Datentechnik GmbH, Germany - C:\Program Files\AVPersonal\AVWUPSRV.EXE
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation Service (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Proxy Service (ccPxySvc) - Symantec Corporation - C:\Program Files\Norton Internet Security\ccPxySvc.exe
O23 - Service: Intel® Active Monitor (imonNT) - Intel Corp. - C:\Program Files\Intel\Intel® Active Monitor\imonnt.exe
O23 - Service: Norton AntiVirus Auto Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: Norton Internet Security Accounts Manager (NISUM) - Symantec Corporation - C:\Program Files\Norton Internet Security\NISUM.EXE
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: PDEngine - Raxco Software, Inc. - C:\Program Files\Raxco\PerfectDisk\PDEngine.exe
O23 - Service: PDScheduler (PDSched) - Raxco Software, Inc. - C:\Program Files\Raxco\PerfectDisk\PDSched.exe
O23 - Service: Pml Driver HPH11 - HP - C:\WINDOWS\System32\HPHipm11.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
  • 0

Advertisements

#2
didom
Posted 08 October 2005 - 06:04 AM

didom

    Member 1K

  • Member
  • PipPipPipPip
  • 1,919 posts
Download smitRem.exe and save the file to your desktop.
Double click on the file to extract it to it's own folder on the desktop.

Place a shortcut to Panda ActiveScan on your desktop.

Please download the trial version of Ewido Security Suite here:
http://www.ewido.net/en/download/

Please read Ewido Setup Instructions
Install it, and update the definitions to the newest files. Do NOT run a scan yet.

If you have not already installed Ad-Aware SE 1.06, follow these download and setup instructions, otherwise, check for updates:
Ad-Aware SE Setup
Don't run it yet!

Scan again with HijackThis and check the following items:

R3 - URLSearchHook: 捇誥翑忒 - {406F94F0-504F-4a40-8DFD-58B0666ABEBD} - (no file)
F2 - REG:system.ini: Shell=Explorer.exe C:\WINDOWS\System32\kernels32.exe
O2 - BHO: 捇誥翑忒 - {406F94F0-504F-4a40-8DFD-58B0666ABEBD} - (no file)
O2 - BHO: (no name) - {B75F75B8-93F3-429D-FF34-660B206D897A} - C:\WINDOWS\System32\zolker011.dll (file missing)
O2 - BHO: (no name) - {FFF5092F-7172-4018-827B-FA5868FB0478} - (no file)
O3 - Toolbar: 捇誥翑忒 - {406F94F0-504F-4a40-8DFD-58B0666ABEBD} - (no file)
O3 - Toolbar: (no name) - {A6790AA5-C6C7-4BCF-A46D-0FDAC4EA90EB} - (no file)
O4 - HKLM\..\Run: [helper.dll] ; C:\WINDOWS\system32\rundll32.exe C:\PROGRA~1\3721\helper.dll,Rundll32
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O11 - Options group: [!CNS] 網絡實名
O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} (RdxIE Class) - http://software-dl.r...RdxIE601_tw.cab

After checking these items, close all browser windows except HijackThis and click "Fix checked".

Next, please reboot your computer in SafeMode by doing the following:
  • Restart your computer
  • After hearing your computer beep once during startup, but before the Windows icon appears, press F8.
  • Instead of Windows loading as normal, a menu should appear
  • Select the first option, to run Windows in Safe Mode.
Open the smitRem folder, then double click the RunThis.bat file to start the tool. Follow the prompts on screen.
Wait for the tool to complete and disk cleanup to finish.

The tool will create a log named smitfiles.txt in the root of your drive, eg; Local Disk C: or partition where your operating system is installed. Please post that log along with all others requested in your next reply.

Open Ad-aware and do a full scan. Remove all it finds.

Run Ewido:
  • Click on scanner
  • Click on Complete System Scan and the scan will begin.
  • You will be prompted to clean the first infection.
  • Select "Perform action on all infections", then proceed.
  • Once the scan has completed, there will be a button located on the bottom of the screen named Save report
  • Click Save report.
  • Save the report .txt file to your desktop or a location where you can find it easily.
Close ewido security suite.

Next go to Control Panel click Display > Desktop > Customize Desktop > Web > Uncheck "Security Info" if present.

Reboot back into Windows and click the Panda ActiveScan shortcut, then do a full system scan.
Save the scan log and post it along with a new HijackThis Log, the contents of the smitfiles.txt (C:\smitfiles.txt) log and the Ewido Log by using Add Reply.
Let us know if any problems persist.
  • 0

#3
fongman
Posted 08 October 2005 - 06:19 AM

fongman

    New Member

  • Topic Starter
  • Member
  • Pip
  • 6 posts
Where is smitRem folder???
  • 0

#4
didom
Posted 08 October 2005 - 06:57 AM

didom

    Member 1K

  • Member
  • PipPipPipPip
  • 1,919 posts
Did you do this:

Download smitRem.exe and save the file to your desktop.
Double click on the file to extract it to it's own folder on the desktop.

??
  • 0

#5
fongman
Posted 08 October 2005 - 07:08 AM

fongman

    New Member

  • Topic Starter
  • Member
  • Pip
  • 6 posts
smitRem log file
version 2.6

by noahdfear


~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

checking for ShudderLTD key

ShudderLTD key not present!

checking for PSGuard.com key


PSGuard.com key not present!


Pre-run Files Present


~~~ Program Files ~~~



~~~ Shortcuts ~~~

Install.dat


~~~ Favorites ~~~



~~~ system32 folder ~~~

zlbw.dll


~~~ Icons in System32 ~~~



~~~ Windows directory ~~~

desktop.html


~~~ Drive root ~~~


~~~ Miscellaneous Files/folders ~~~




~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~



Post-run Files Present


~~~ Program Files ~~~



~~~ Shortcuts ~~~



~~~ Favorites ~~~



~~~ system32 folder ~~~



~~~ Icons in System32 ~~~



~~~ Windows directory ~~~



~~~ Drive root ~~~



~~~ Miscellaneous Files/folders ~~~




~~~ Wininet.dll ~~~

CLEAN! :tazz:
  • 0

#6
fongman
Posted 08 October 2005 - 07:15 AM

fongman

    New Member

  • Topic Starter
  • Member
  • Pip
  • 6 posts
OK~~~~~~~~~~~~~
  • 0

#7
didom
Posted 08 October 2005 - 07:41 AM

didom

    Member 1K

  • Member
  • PipPipPipPip
  • 1,919 posts
Please follow ALL my instructions, and also post these logs:

A new HijackThis Log and the Ewido Log by using Add Reply.
Let us know if any problems persist.
  • 0

#8
fongman
Posted 08 October 2005 - 09:35 AM

fongman

    New Member

  • Topic Starter
  • Member
  • Pip
  • 6 posts
Ad-Aware SE Build 1.06r1
Logfile Created on:2005年10月8日 下午 11:33:34
Created with Ad-Aware SE Personal, free for private use.
Using definitions file:SE1R69 05.10.2005
遙遙遙遙遙遙遙遙遙遙遙遙遙遙遙遙遙遙遙遙遙遙遙遙遙?

References detected during the scan:
遙遙遙遙遙遙遙遙遙遙遙遙遙遙遙遙遙遙遙?
CnsMin(TAC index:8):44 total references
MRU List(TAC index:0):11 total references
Tracking Cookie(TAC index:3):9 total references
ZToolbar(TAC index:10):3 total references
遙遙遙遙遙遙遙遙遙遙遙遙遙遙遙遙遙遙遙?

Ad-Aware SE Settings
===========================
Set : Search for negligible risk entries
Set : Safe mode (always request confirmation)
Set : Scan active processes
Set : Scan registry
Set : Deep-scan registry
Set : Scan my IE Favorites for banned URLs
Set : Scan my Hosts file

Extended Ad-Aware SE Settings
===========================
Set : Unload recognized processes & modules during scan
Set : Scan registry for all users instead of current user only
Set : Always try to unload modules before deletion
Set : During removal, unload Explorer and IE if necessary
Set : Let Windows remove files in use at next reboot
Set : Delete quarantined objects after restoring
Set : Include basic Ad-Aware settings in log file
Set : Include additional Ad-Aware settings in log file
Set : Include reference summary in log file
Set : Include alternate data stream details in log file
Set : Play sound at scan completion if scan locates critical objects


2005-10-8 下午 11:33:34 - Scan started. (Smart mode)

Listing running processes
遙遙遙遙遙遙遙遙遙遙遙遙遙遙遙遙遙遙遙

#:1 [smss.exe]
FilePath : \SystemRoot\System32\
ProcessID : 648
ThreadCreationTime : 2005-10-8 下午 01:09:10
BasePriority : Normal


#:2 [csrss.exe]
FilePath : \??\C:\WINDOWS\system32\
ProcessID : 724
ThreadCreationTime : 2005-10-8 下午 01:09:14
BasePriority : Normal


#:3 [winlogon.exe]
FilePath : \??\C:\WINDOWS\system32\
ProcessID : 748
ThreadCreationTime : 2005-10-8 下午 01:09:16
BasePriority : High


#:4 [services.exe]
FilePath : C:\WINDOWS\system32\
ProcessID : 792
ThreadCreationTime : 2005-10-8 下午 01:09:18
BasePriority : Normal
FileVersion : 5.1.2600.0 (xpclient.010817-1148)
ProductVersion : 5.1.2600.0
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Services and Controller app
InternalName : services.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : services.exe

#:5 [lsass.exe]
FilePath : C:\WINDOWS\system32\
ProcessID : 804
ThreadCreationTime : 2005-10-8 下午 01:09:18
BasePriority : Normal
FileVersion : 5.1.2600.1106 (xpsp1.020828-1920)
ProductVersion : 5.1.2600.1106
ProductName : MicrosoftR WindowsR Operating System
CompanyName : Microsoft Corporation
FileDescription : LSA Shell (Export Version)
InternalName : lsass.exe
LegalCopyright : c Microsoft Corporation. All rights reserved.
OriginalFilename : lsass.exe

#:6 [svchost.exe]
FilePath : C:\WINDOWS\system32\
ProcessID : 972
ThreadCreationTime : 2005-10-8 下午 01:09:19
BasePriority : Normal
FileVersion : 5.1.2600.0 (xpclient.010817-1148)
ProductVersion : 5.1.2600.0
ProductName : MicrosoftR WindowsR Operating System
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
LegalCopyright : c Microsoft Corporation. All rights reserved.
OriginalFilename : svchost.exe

#:7 [svchost.exe]
FilePath : C:\WINDOWS\System32\
ProcessID : 1072
ThreadCreationTime : 2005-10-8 下午 01:09:19
BasePriority : Normal
FileVersion : 5.1.2600.0 (xpclient.010817-1148)
ProductVersion : 5.1.2600.0
ProductName : MicrosoftR WindowsR Operating System
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
LegalCopyright : c Microsoft Corporation. All rights reserved.
OriginalFilename : svchost.exe

#:8 [svchost.exe]
FilePath : C:\WINDOWS\System32\
ProcessID : 1252
ThreadCreationTime : 2005-10-8 下午 01:09:20
BasePriority : Normal
FileVersion : 5.1.2600.0 (xpclient.010817-1148)
ProductVersion : 5.1.2600.0
ProductName : MicrosoftR WindowsR Operating System
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
LegalCopyright : c Microsoft Corporation. All rights reserved.
OriginalFilename : svchost.exe

#:9 [svchost.exe]
FilePath : C:\WINDOWS\System32\
ProcessID : 1284
ThreadCreationTime : 2005-10-8 下午 01:09:21
BasePriority : Normal
FileVersion : 5.1.2600.0 (xpclient.010817-1148)
ProductVersion : 5.1.2600.0
ProductName : MicrosoftR WindowsR Operating System
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
LegalCopyright : c Microsoft Corporation. All rights reserved.
OriginalFilename : svchost.exe

#:10 [ccevtmgr.exe]
FilePath : C:\Program Files\Common Files\Symantec Shared\
ProcessID : 1464
ThreadCreationTime : 2005-10-8 下午 01:09:22
BasePriority : Normal
FileVersion : 1.03.4
ProductVersion : 1.03.4
ProductName : Event Manager
CompanyName : Symantec Corporation
FileDescription : Event Manager Service
InternalName : ccEvtMgr
LegalCopyright : Copyright © 2000-2002 Symantec Corporation. All rights reserved.
OriginalFilename : ccEvtMgr.exe

#:11 [nisum.exe]
FilePath : C:\Program Files\Norton Internet Security\
ProcessID : 1540
ThreadCreationTime : 2005-10-8 下午 01:09:23
BasePriority : Normal
FileVersion : 6.01.1005
ProductVersion : 6.01.1005
ProductName : Norton Internet Security
CompanyName : Symantec Corporation
FileDescription : Norton Internet Security NISUM
InternalName : NISUM
LegalCopyright : Copyright © 2000-2002 Symantec Corporation. All rights reserved.
OriginalFilename : NISUM.exe

#:12 [explorer.exe]
FilePath : C:\WINDOWS\
ProcessID : 1680
ThreadCreationTime : 2005-10-8 下午 01:09:24
BasePriority : Normal
FileVersion : 6.00.2800.1221 (xpsp2.030511-1403)
ProductVersion : 6.00.2800.1221
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Windows Explorer
InternalName : explorer
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : EXPLORER.EXE

#:13 [spoolsv.exe]
FilePath : C:\WINDOWS\system32\
ProcessID : 460
ThreadCreationTime : 2005-10-8 下午 01:09:27
BasePriority : Normal
FileVersion : 5.1.2600.0 (XPClient.010817-1148)
ProductVersion : 5.1.2600.0
ProductName : MicrosoftR WindowsR Operating System
CompanyName : Microsoft Corporation
FileDescription : Spooler SubSystem App
InternalName : spoolsv.exe
LegalCopyright : c Microsoft Corporation. All rights reserved.
OriginalFilename : spoolsv.exe

#:14 [rundll32.exe]
FilePath : C:\WINDOWS\System32\
ProcessID : 592
ThreadCreationTime : 2005-10-8 下午 01:09:28
BasePriority : Normal
FileVersion : 5.1.2600.0 (xpclient.010817-1148)
ProductVersion : 5.1.2600.0
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Run a DLL as an App
InternalName : rundll
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : RUNDLL.EXE

#:15 [avwupsrv.exe]
FilePath : C:\Program Files\AVPersonal\
ProcessID : 1160
ThreadCreationTime : 2005-10-8 下午 01:09:35
BasePriority : Normal


#:16 [ccpxysvc.exe]
FilePath : C:\Program Files\Norton Internet Security\
ProcessID : 1196
ThreadCreationTime : 2005-10-8 下午 01:09:35
BasePriority : Normal
FileVersion : 6.01.1005
ProductVersion : 6.01.1005
ProductName : Norton Internet Security
CompanyName : Symantec Corporation
FileDescription : Norton Internet Security Proxy Service
InternalName : ccPxySvc
LegalCopyright : Copyright © 2000-2002 Symantec Corporation. All rights reserved.
OriginalFilename : ccPxySvc.exe

#:17 [ewidoctrl.exe]
FilePath : C:\Program Files\ewido\security suite\
ProcessID : 1264
ThreadCreationTime : 2005-10-8 下午 01:09:36
BasePriority : Normal
FileVersion : 3, 0, 0, 1
ProductVersion : 3, 0, 0, 1
ProductName : ewido control
CompanyName : ewido networks
FileDescription : ewido control
InternalName : ewido control
LegalCopyright : Copyright c 2004
OriginalFilename : ewidoctrl.exe

#:18 [ewidoguard.exe]
FilePath : C:\Program Files\ewido\security suite\
ProcessID : 1296
ThreadCreationTime : 2005-10-8 下午 01:09:37
BasePriority : Normal
FileVersion : 3, 0, 0, 1
ProductVersion : 3, 0, 0, 1
ProductName : guard
CompanyName : ewido networks
FileDescription : guard
InternalName : guard
LegalCopyright : Copyright c 2004
OriginalFilename : guard.exe

#:19 [ccapp.exe]
FilePath : C:\Program Files\Common Files\Symantec Shared\
ProcessID : 860
ThreadCreationTime : 2005-10-8 下午 01:09:38
BasePriority : Normal
FileVersion : 1.03.15
ProductVersion : 1.03.15
ProductName : Common Client
CompanyName : Symantec Corporation
FileDescription : Common Client CC App
InternalName : ccApp
LegalCopyright : Copyright © 2000-2002 Symantec Corporation. All rights reserved.
OriginalFilename : ccApp.exe

#:20 [navapsvc.exe]
FilePath : C:\Program Files\Norton AntiVirus\
ProcessID : 1948
ThreadCreationTime : 2005-10-8 下午 01:09:41
BasePriority : Normal
FileVersion : 9.05.1015
ProductVersion : 9.05.1015
ProductName : Norton AntiVirus
CompanyName : Symantec Corporation
FileDescription : Norton AntiVirus Auto-Protect Service
InternalName : NAVAPSVC
LegalCopyright : Copyright © 2000-2002 Symantec Corporation. All rights reserved.
OriginalFilename : NAVAPSVC.EXE

#:21 [nvsvc32.exe]
FilePath : C:\WINDOWS\System32\
ProcessID : 2012
ThreadCreationTime : 2005-10-8 下午 01:09:43
BasePriority : Normal
FileVersion : 6.14.10.7801
ProductVersion : 6.14.10.7801
ProductName : NVIDIA Driver Helper Service, Version 78.01
CompanyName : NVIDIA Corporation
FileDescription : NVIDIA Driver Helper Service, Version 78.01
InternalName : NVSVC
LegalCopyright : © NVIDIA Corporation. All rights reserved.
OriginalFilename : nvsvc32.exe

#:22 [smagent.exe]
FilePath : C:\Program Files\Analog Devices\SoundMAX\
ProcessID : 720
ThreadCreationTime : 2005-10-8 下午 01:09:49
BasePriority : Normal
FileVersion : 3, 2, 6, 0
ProductVersion : 3, 2, 6, 0
ProductName : SoundMAX service agent
CompanyName : Analog Devices, Inc.
FileDescription : SoundMAX service agent component
InternalName : SMAgent
LegalCopyright : Copyright c 2002
OriginalFilename : SMAgent.exe

#:23 [imonnt.exe]
FilePath : C:\Program Files\Intel\Intel® Active Monitor\
ProcessID : 960
ThreadCreationTime : 2005-10-8 下午 01:09:49
BasePriority : Normal
FileVersion : 1.2.0.161
ProductVersion : 1, 0, 0, 1
ProductName : Intel® Active Monitor
CompanyName : Intel Corp.
FileDescription : Intel® Active Monitor Win9x Background Service
InternalName : imonNT
LegalCopyright : Copyright c Intel Corp. 2000
OriginalFilename : imonNT.exe

#:24 [pdsched.exe]
FilePath : C:\Program Files\Raxco\PerfectDisk\
ProcessID : 1300
ThreadCreationTime : 2005-10-8 下午 01:09:50
BasePriority : Normal
FileVersion : 6, 0, 0, 31
ProductVersion : 6, 0, 0, 31
ProductName : PDSched Module
CompanyName : Raxco Software, Inc.
FileDescription : PDSched Module
InternalName : PDSched
LegalCopyright : Copyright c 2003
OriginalFilename : PDSched.exe

#:25 [icqlite.exe]
FilePath : C:\Program Files\ICQLite\
ProcessID : 3396
ThreadCreationTime : 2005-10-8 下午 01:40:51
BasePriority : Normal
FileVersion : 20, 34, 2321, 0
ProductVersion : 20, 34, 2321, 0
ProductName : ICQLite
CompanyName : ICQ Ltd.
FileDescription : ICQLite
InternalName : ICQ Lite
LegalCopyright : Copyright © 2002
OriginalFilename : ICQLite.exe

#:26 [svchost.exe]
FilePath : C:\WINDOWS\System32\
ProcessID : 2560
ThreadCreationTime : 2005-10-8 下午 01:50:18
BasePriority : Normal
FileVersion : 5.1.2600.0 (xpclient.010817-1148)
ProductVersion : 5.1.2600.0
ProductName : MicrosoftR WindowsR Operating System
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
LegalCopyright : c Microsoft Corporation. All rights reserved.
OriginalFilename : svchost.exe

#:27 [rundll32.exe]
FilePath : C:\WINDOWS\system32\
ProcessID : 180
ThreadCreationTime : 2005-10-8 下午 01:50:22
BasePriority : Normal
FileVersion : 5.1.2600.0 (xpclient.010817-1148)
ProductVersion : 5.1.2600.0
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Run a DLL as an App
InternalName : rundll
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : RUNDLL.EXE

#:28 [iexplore.exe]
FilePath : C:\Program Files\Internet Explorer\
ProcessID : 2768
ThreadCreationTime : 2005-10-8 下午 03:22:18
BasePriority : Normal
FileVersion : 6.00.2800.1106 (xpsp1.020828-1920)
ProductVersion : 6.00.2800.1106
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Internet Explorer
InternalName : iexplore
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : IEXPLORE.EXE

#:29 [iexplore.exe]
FilePath : C:\Program Files\Internet Explorer\
ProcessID : 2380
ThreadCreationTime : 2005-10-8 下午 03:22:35
BasePriority : Normal
FileVersion : 6.00.2800.1106 (xpsp1.020828-1920)
ProductVersion : 6.00.2800.1106
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Internet Explorer
InternalName : iexplore
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : IEXPLORE.EXE

#:30 [ad-aware.exe]
FilePath : C:\Program Files\Lavasoft\Ad-Aware SE Personal\
ProcessID : 3964
ThreadCreationTime : 2005-10-8 下午 03:31:55
BasePriority : Normal
FileVersion : 6.2.0.236
ProductVersion : SE 106
ProductName : Lavasoft Ad-Aware SE
CompanyName : Lavasoft Sweden
FileDescription : Ad-Aware SE Core application
InternalName : Ad-Aware.exe
LegalCopyright : Copyright c Lavasoft AB Sweden
OriginalFilename : Ad-Aware.exe
Comments : All Rights Reserved

Memory scan result:
遙遙遙遙遙遙遙遙遙遙遙遙遙遙遙遙遙遙遙
New critical objects: 0
Objects found so far: 0


Started registry scan
遙遙遙遙遙遙遙遙遙遙遙遙遙遙遙遙遙遙遙

CnsMin Object Recognized!
Type : Regkey
Data :
TAC Rating : 8
Category : Data Miner
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : clsid\{b83fc273-3522-4cc6-92ec-75cc86678da4}

CnsMin Object Recognized!
Type : Regkey
Data :
TAC Rating : 8
Category : Data Miner
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : cnshelper.ch

CnsMin Object Recognized!
Type : Regkey
Data :
TAC Rating : 8
Category : Data Miner
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : cnshelper.ch.1

ZToolbar Object Recognized!
Type : Regkey
Data :
TAC Rating : 10
Category : Adware
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : clsid\{d7bf3304-138b-4dd5-86ee-491bb6a2286c}

ZToolbar Object Recognized!
Type : Regkey
Data :
TAC Rating : 10
Category : Adware
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : interface\{dcfab192-4a0e-4720-8e24-70d5f0cb8c39}

ZToolbar Object Recognized!
Type : Regkey
Data :
TAC Rating : 10
Category : Adware
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : interface\{f4394f24-163d-430b-b5af-b68b56031b99}

CnsMin Object Recognized!
Type : Regkey
Data :
TAC Rating : 8
Category : Data Miner
Comment :
Rootkey : HKEY_USERS
Object : S-1-5-21-1220945662-963894560-839522115-500\software\3721

CnsMin Object Recognized!
Type : Regkey
Data :
TAC Rating : 8
Category : Data Miner
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\3721

CnsMin Object Recognized!
Type : Regkey
Data :
TAC Rating : 8
Category : Data Miner
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\microsoft\internet explorer\advancedoptions\!cns

CnsMin Object Recognized!
Type : RegValue
Data :
TAC Rating : 8
Category : Data Miner
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\microsoft\internet explorer\advancedoptions\!cns
Value : Text

CnsMin Object Recognized!
Type : RegValue
Data :
TAC Rating : 8
Category : Data Miner
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\microsoft\internet explorer\advancedoptions\!cns
Value : PlugUIText

CnsMin Object Recognized!
Type : RegValue
Data :
TAC Rating : 8
Category : Data Miner
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\microsoft\internet explorer\advancedoptions\!cns
Value : Bitmap

CnsMin Object Recognized!
Type : Regkey
Data :
TAC Rating : 8
Category : Data Miner
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\microsoft\internet explorer\extensions\{5d73ee86-05f1-49ed-b850-e423120ec338}

CnsMin Object Recognized!
Type : RegValue
Data :
TAC Rating : 8
Category : Data Miner
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\microsoft\internet explorer\extensions\{5d73ee86-05f1-49ed-b850-e423120ec338}
Value : ButtonText

CnsMin Object Recognized!
Type : RegValue
Data :
TAC Rating : 8
Category : Data Miner
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\microsoft\internet explorer\extensions\{5d73ee86-05f1-49ed-b850-e423120ec338}
Value : HotIcon

CnsMin Object Recognized!
Type : RegValue
Data :
TAC Rating : 8
Category : Data Miner
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\microsoft\internet explorer\extensions\{5d73ee86-05f1-49ed-b850-e423120ec338}
Value : Icon

CnsMin Object Recognized!
Type : RegValue
Data :
TAC Rating : 8
Category : Data Miner
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\microsoft\internet explorer\extensions\{5d73ee86-05f1-49ed-b850-e423120ec338}
Value : Default Visible

CnsMin Object Recognized!
Type : RegValue
Data :
TAC Rating : 8
Category : Data Miner
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\microsoft\internet explorer\extensions\{5d73ee86-05f1-49ed-b850-e423120ec338}
Value : Exec

CnsMin Object Recognized!
Type : Regkey
Data :
TAC Rating : 8
Category : Data Miner
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\microsoft\internet explorer\extensions\{ecf2e268-f28c-48d2-9ab7-8f69c11ccb71}

CnsMin Object Recognized!
Type : RegValue
Data :
TAC Rating : 8
Category : Data Miner
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\microsoft\internet explorer\extensions\{ecf2e268-f28c-48d2-9ab7-8f69c11ccb71}
Value : MenuText

CnsMin Object Recognized!
Type : RegValue
Data :
TAC Rating : 8
Category : Data Miner
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\microsoft\internet explorer\extensions\{ecf2e268-f28c-48d2-9ab7-8f69c11ccb71}
Value : Default Visible

CnsMin Object Recognized!
Type : RegValue
Data :
TAC Rating : 8
Category : Data Miner
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\microsoft\internet explorer\extensions\{ecf2e268-f28c-48d2-9ab7-8f69c11ccb71}
Value : Exec

CnsMin Object Recognized!
Type : Regkey
Data :
TAC Rating : 8
Category : Data Miner
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\microsoft\internet explorer\extensions\{fd00d911-7529-4084-9946-a29f1bdf4fe5}

CnsMin Object Recognized!
Type : RegValue
Data :
TAC Rating : 8
Category : Data Miner
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\microsoft\internet explorer\extensions\{fd00d911-7529-4084-9946-a29f1bdf4fe5}
Value : MenuText

CnsMin Object Recognized!
Type : RegValue
Data :
TAC Rating : 8
Category : Data Miner
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\microsoft\internet explorer\extensions\{fd00d911-7529-4084-9946-a29f1bdf4fe5}
Value : Default Visible

CnsMin Object Recognized!
Type : RegValue
Data :
TAC Rating : 8
Category : Data Miner
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\microsoft\internet explorer\extensions\{fd00d911-7529-4084-9946-a29f1bdf4fe5}
Value : Exec

CnsMin Object Recognized!
Type : Regkey
Data :
TAC Rating : 8
Category : Data Miner
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\microsoft\windows\currentversion\uninstall\cnsmin

CnsMin Object Recognized!
Type : RegValue
Data :
TAC Rating : 8
Category : Data Miner
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\microsoft\windows\currentversion\uninstall\cnsmin
Value : UninstallString

CnsMin Object Recognized!
Type : RegValue
Data :
TAC Rating : 8
Category : Data Miner
Comment : "CnsMin"
Rootkey : HKEY_LOCAL_MACHINE
Object : software\microsoft\windows\currentversion\run
Value : CnsMin

Registry Scan result:
遙遙遙遙遙遙遙遙遙遙遙遙遙遙遙遙遙遙遙
New critical objects: 29
Objects found so far: 29


Started deep registry scan
遙遙遙遙遙遙遙遙遙遙遙遙遙遙遙遙遙遙遙

Deep registry scan result:
遙遙遙遙遙遙遙遙遙遙遙遙遙遙遙遙遙遙遙
New critical objects: 0
Objects found so far: 29


Started Tracking Cookie scan
遙遙遙遙遙遙遙遙遙遙遙遙遙遙遙遙遙遙遙


Tracking Cookie Object Recognized!
Type : IECache Entry
Data : administrator@atdmt[2].txt
TAC Rating : 3
Category : Data Miner
Comment : Hits:2
Value : Cookie:[email protected]/
Expires : 2010-10-7 上午 08:00:00
LastSync : Hits:2
UseCount : 0
Hits : 2

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : [email protected][1].txt
TAC Rating : 3
Category : Data Miner
Comment : Hits:1
Value : Cookie:[email protected]/
Expires : 2005-11-7 下午 09:22:36
LastSync : Hits:1
UseCount : 0
Hits : 1

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : administrator@tradedoubler[1].txt
TAC Rating : 3
Category : Data Miner
Comment : Hits:1
Value : Cookie:[email protected]/
Expires : 2025-10-3 下午 08:22:18
LastSync : Hits:1
UseCount : 0
Hits : 1

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : administrator@2o7[1].txt
TAC Rating : 3
Category : Data Miner
Comment : Hits:3
Value : Cookie:[email protected]/
Expires : 2010-10-7 下午 09:41:14
LastSync : Hits:3
UseCount : 0
Hits : 3

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : administrator@please[2].txt
TAC Rating : 3
Category : Data Miner
Comment : Hits:4
Value : Cookie:[email protected]/please/
Expires : 2006-9-6 下午 07:46:54
LastSync : Hits:4
UseCount : 0
Hits : 4

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : administrator@cgi-bin[2].txt
TAC Rating : 3
Category : Data Miner
Comment : Hits:1
Value : Cookie:[email protected]/cgi-bin
Expires : 2009-1-19 上午 07:00:00
LastSync : Hits:1
UseCount : 0
Hits : 1

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : administrator@cgi-bin[1].txt
TAC Rating : 3
Category : Data Miner
Comment : Hits:1
Value : Cookie:[email protected]/cgi-bin
Expires : 2015-2-28 上午 08:00:00
LastSync : Hits:1
UseCount : 0
Hits : 1

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : administrator@tripod[1].txt
TAC Rating : 3
Category : Data Miner
Comment : Hits:1
Value : Cookie:[email protected]/
Expires : 2006-10-8 下午 10:11:30
LastSync : Hits:1
UseCount : 0
Hits : 1

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : administrator@zedo[2].txt
TAC Rating : 3
Category : Data Miner
Comment : Hits:8
Value : Cookie:[email protected]/
Expires : 2015-10-6 下午 09:55:56
LastSync : Hits:8
UseCount : 0
Hits : 8

Tracking cookie scan result:
遙遙遙遙遙遙遙遙遙遙遙遙遙遙遙遙遙遙遙
New critical objects: 9
Objects found so far: 38



Deep scanning and examining files...
遙遙遙遙遙遙遙遙遙遙遙遙遙遙遙遙遙遙遙

Disk Scan Result for C:\WINDOWS
遙遙遙遙遙遙遙遙遙遙遙遙遙遙遙遙遙遙遙
New critical objects: 0
Objects found so far: 38

Disk Scan Result for C:\WINDOWS\System32
遙遙遙遙遙遙遙遙遙遙遙遙遙遙遙遙遙遙遙
New critical objects: 0
Objects found so far: 38

Disk Scan Result for C:\WINDOWS\TEMP\
遙遙遙遙遙遙遙遙遙遙遙遙遙遙遙遙遙遙遙
New critical objects: 0
Objects found so far: 38


Scanning Hosts file......
Hosts file location:"C:\WINDOWS\system32\drivers\etc\hosts".
遙遙遙遙遙遙遙遙遙遙遙遙遙遙遙遙遙遙遙遙遙遙遙遙遙遙遙遙遙遙遙遙遙遙遙遙遙遙

Hosts file scan result:
遙遙遙遙遙遙遙遙遙遙遙遙遙遙遙遙遙遙遙
1 entries scanned.
New critical objects:0
Objects found so far: 38



MRU List Object Recognized!
Location: : software\microsoft\direct3d\mostrecentapplication
Description : most recent application to use microsoft direct3d


MRU List Object Recognized!
Location: : software\microsoft\direct3d\mostrecentapplication
Description : most recent application to use microsoft direct X


MRU List Object Recognized!
Location: : software\microsoft\directdraw\mostrecentapplication
Description : most recent application to use microsoft directdraw


MRU List Object Recognized!
Location: : S-1-5-21-1220945662-963894560-839522115-500\software\microsoft\directinput\mostrecentapplication
Description : most recent application to use microsoft directinput


MRU List Object Recognized!
Location: : S-1-5-21-1220945662-963894560-839522115-500\software\microsoft\directinput\mostrecentapplication
Description : most recent application to use microsoft directinput


MRU List Object Recognized!
Location: : S-1-5-21-1220945662-963894560-839522115-500\software\microsoft\internet explorer
Description : last download directory used in microsoft internet explorer


MRU List Object Recognized!
Location: : S-1-5-21-1220945662-963894560-839522115-500\software\microsoft\internet explorer\typedurls
Description : list of recently entered addresses in microsoft internet explorer


MRU List Object Recognized!
Location: : S-1-5-21-1220945662-963894560-839522115-500\software\microsoft\windows\currentversion\applets\regedit
Description : last key accessed using the microsoft registry editor


MRU List Object Recognized!
Location: : S-1-5-21-1220945662-963894560-839522115-500\software\microsoft\windows\currentversion\explorer\comdlg32\lastvisitedmru
Description : list of recent programs opened


MRU List Object Recognized!
Location: : S-1-5-21-1220945662-963894560-839522115-500\software\microsoft\windows\currentversion\explorer\comdlg32\opensavemru
Description : list of recently saved files, stored according to file extension


MRU List Object Recognized!
Location: : S-1-5-21-1220945662-963894560-839522115-500\software\microsoft\windows media\wmsdk\general
Description : windows media sdk



Performing conditional scans...
遙遙遙遙遙遙遙遙遙遙遙遙遙遙遙遙遙遙遙

CnsMin Object Recognized!
Type : Folder
TAC Rating : 8
Category : Data Miner
Comment : CnsMin
Object : C:\Program Files\3721

CnsMin Object Recognized!
Type : File
Data : alliveex.dll
TAC Rating : 8
Category : Data Miner
Comment :
Object : C:\Program Files\3721\
FileVersion : 1, 0, 2, 1005
ProductVersion : 1, 0, 2, 1005
ProductName : LiveEx
FileDescription : LiveEx
InternalName : LiveEx
LegalCopyright : Copyright ? 2005
OriginalFilename : LiveEx.dll


CnsMin Object Recognized!
Type : File
Data : alrex.dll
TAC Rating : 8
Category : Data Miner
Comment :
Object : C:\Program Files\3721\
FileVersion : 1, 0, 0, 1
ProductVersion : 1, 0, 0, 1
ProductName : alrex Module
FileDescription : alrex Module
InternalName : alrex
LegalCopyright : Copyright 2004
OriginalFilename : ALREX.DLL


CnsMin Object Recognized!
Type : File
Data : autolive.dll
TAC Rating : 8
Category : Data Miner
Comment :
Object : C:\Program Files\3721\
FileVersion : 1, 1, 3, 1024
ProductVersion : 1, 1, 3, 1024
ProductName : AutoLive Module
FileDescription : AutoLive Module
InternalName : AutoLive
LegalCopyright : Copyright 2004
OriginalFilename : AutoLive.DLL


CnsMin Object Recognized!
Type : File
Data : autolive.ini
TAC Rating : 8
Category : Data Miner
Comment :
Object : C:\Program Files\3721\



CnsMin Object Recognized!
Type : File
Data : autolvsw.ini
TAC Rating : 8
Category : Data Miner
Comment :
Object : C:\Program Files\3721\



CnsMin Object Recognized!
Type : File
Data : cns01.dat
TAC Rating : 8
Category : Data Miner
Comment :
Object : C:\Program Files\3721\



CnsMin Object Recognized!
Type : File
Data : cns03.dat
TAC Rating : 8
Category : Data Miner
Comment :
Object : C:\Program Files\3721\



CnsMin Object Recognized!
Type : File
Data : CNSCFGF.DAT
TAC Rating : 8
Category : Data Miner
Comment :
Object : C:\Program Files\3721\



CnsMin Object Recognized!
Type : File
Data : CNSCFGR.DAT
TAC Rating : 8
Category : Data Miner
Comment :
Object : C:\Program Files\3721\



CnsMin Object Recognized!
Type : File
Data : CNSMIN.DAT
TAC Rating : 8
Category : Data Miner
Comment :
Object : C:\Program Files\3721\



CnsMin Object Recognized!
Type : File
Data : helper.dll
TAC Rating : 8
Category : Data Miner
Comment :
Object : C:\Program Files\3721\
FileVersion : 1, 0, 7, 1013
ProductVersion : 1, 0, 7, 1013
ProductName : Helper Module
FileDescription : Helper Module
InternalName : Helper
LegalCopyright : Copyright 2004
OriginalFilename : Helper.dll


CnsMin Object Recognized!
Type : File
Data : notifier.dll
TAC Rating : 8
Category : Data Miner
Comment :
Object : C:\Program Files\3721\
FileVersion : 1, 0, 0, 5
ProductVersion : 1, 0, 0, 5
ProductName : ComObj Module
FileDescription : ComObj Module
InternalName : ComObj
LegalCopyright : Copyright 2004
OriginalFilename : ComObj.DLL


CnsMin Object Recognized!
Type : File
Data : patch03.dll
TAC Rating : 8
Category : Data Miner
Comment :
Object : C:\Program Files\3721\



CnsMin Object Recognized!
Type : File
Data : patch05.dll
TAC Rating : 8
Category : Data Miner
Comment :
Object : C:\Program Files\3721\



CnsMin Object Recognized!
Type : File
Data : patch06.dll
TAC Rating : 8
Category : Data Miner
Comment :
Object : C:\Program Files\3721\
FileVersion : 1, 0, 0, 1
ProductVersion : 1, 0, 0, 1
ProductName : 3721 patch06
CompanyName : 3721
FileDescription : patch06
InternalName : patch06
LegalCopyright : Copyright © 2004 3721.com
OriginalFilename : patch06.dll


CnsMin Object Recognized!
Type : File
Data : patch18.dll
TAC Rating : 8
Category : Data Miner
Comment :
Object : C:\Program Files\3721\
FileVersion : 1, 0, 0, 1
ProductVersion : 1, 0, 0, 1
ProductName : Patch18
FileDescription : Patch18
InternalName : Patch18
LegalCopyright : Copyright ? 2005
OriginalFilename : Patch18.dll


CnsMin Object Recognized!
Type : File
Data : scrblock.dll
TAC Rating : 8
Category : Data Miner
Comment :
Object : C:\Program Files\3721\
FileVersion : 1, 0, 1, 1000
ProductVersion : 1, 0, 1, 1000
ProductName : 3721 ScrBlock
CompanyName : 3721
FileDescription : ScrBlock
InternalName : ScrBlock
LegalCopyright : Copyright ? 2004
OriginalFilename : ScrBlock.dll


Conditional scan result:
遙遙遙遙遙遙遙遙遙遙遙遙遙遙遙遙遙遙遙
New critical objects: 18
Objects found so far: 67

下午 11:35:11 Scan Complete

Summary Of This Scan
遙遙遙遙遙遙遙遙遙遙遙遙遙遙遙遙遙遙遙
Total scanning time:00:01:36.656
Objects scanned:68251
Objects identified:56
Objects ignored:0
New critical objects:56
  • 0

#9
didom
Posted 08 October 2005 - 10:01 AM

didom

    Member 1K

  • Member
  • PipPipPipPip
  • 1,919 posts
This is an Ad-Aware log.... I don't need that

PLease READ carefully through my response!!!
  • 0

#10
fongman
Posted 08 October 2005 - 07:59 PM

fongman

    New Member

  • Topic Starter
  • Member
  • Pip
  • 6 posts
Sorry,my ewido is sim. chinese,so it error.but i select that in english,it work~~





Here is my ewido Log~~





---------------------------------------------------------
ewido security suite - Scan report
---------------------------------------------------------

+ Created on: 上午 09:57:07, 2005/10/9
+ Report-Checksum: BF8CEF43

+ Scan result:

HKLM\SOFTWARE\3721 -> Spyware.CnsMin : Cleaned with backup
HKLM\SOFTWARE\3721\CnsMin -> Spyware.CnsMin : Cleaned with backup
HKLM\SOFTWARE\3721\CnsMin\Variant -> Spyware.CnsMin : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{B83FC273-3522-4CC6-92EC-75CC86678DA4} -> Spyware.CnsMin : Error during cleaning
HKLM\SOFTWARE\Classes\CLSID\{B83FC273-3522-4CC6-92EC-75CC86678DA4}\TypeLib\\ -> Spyware.CnsMin : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{D157330A-9EF3-49F8-9A67-4141AC41ADD4} -> Spyware.CnsMin : Error during cleaning
HKLM\SOFTWARE\Classes\CLSID\{D157330A-9EF3-49F8-9A67-4141AC41ADD4}\TypeLib\\ -> Spyware.CnsMin : Cleaned with backup
HKLM\SOFTWARE\Classes\CnsHelper.CH -> Spyware.CnsMin : Error during cleaning
HKLM\SOFTWARE\Classes\CnsHelper.CH\CLSID -> Spyware.CnsMin : Error during cleaning
HKLM\SOFTWARE\Classes\CnsHelper.CH\CLSID\\ -> Spyware.CnsMin : Cleaned with backup
HKLM\SOFTWARE\Classes\CnsHelper.CH\CurVer -> Spyware.CnsMin : Error during cleaning
HKLM\SOFTWARE\Classes\CnsHelper.CH.1 -> Spyware.CnsMin : Error during cleaning
HKLM\SOFTWARE\Classes\CnsHelper.CH.1\CLSID\\ -> Spyware.CnsMin : Cleaned with backup
HKLM\SOFTWARE\Microsoft\Internet Explorer\AdvancedOptions\!CNS -> Spyware.CnsMin : Cleaned with backup
HKLM\SOFTWARE\Microsoft\Internet Explorer\AdvancedOptions\!CNS\AutoUpdate -> Spyware.CnsMin : Cleaned with backup
HKLM\SOFTWARE\Microsoft\Internet Explorer\AdvancedOptions\!CNS\Enable -> Spyware.CnsMin : Cleaned with backup
HKLM\SOFTWARE\Microsoft\Internet Explorer\AdvancedOptions\!CNS\Hint -> Spyware.CnsMin : Cleaned with backup
HKLM\SOFTWARE\Microsoft\Internet Explorer\AdvancedOptions\!CNS\Menu -> Spyware.CnsMin : Cleaned with backup
HKLM\SOFTWARE\Microsoft\Internet Explorer\AdvancedOptions\!CNS\ResetCatch -> Spyware.CnsMin : Cleaned with backup
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{D157330A-9EF3-49F8-9A67-4141AC41ADD4} -> Spyware.CnsMin : Error during cleaning
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks\\{D157330A-9EF3-49F8-9A67-4141AC41ADD4} -> Spyware.CnsMin : Cleaned with backup
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\CnsMin -> Spyware.CnsMin : Cleaned with backup
HKU\S-1-5-21-1220945662-963894560-839522115-500\Software\3721 -> Spyware.CnsMin : Cleaned with backup
HKU\S-1-5-21-1220945662-963894560-839522115-500\Software\3721\CnsMin -> Spyware.CnsMin : Cleaned with backup
C:\Documents and Settings\Administrator\Cookies\[email protected][1].txt -> Spyware.Cookie.Falkag : Cleaned with backup
C:\Documents and Settings\Administrator\Cookies\administrator@fastclick[2].txt -> Spyware.Cookie.Fastclick : Cleaned with backup


::Report End
  • 0

#11
didom
Posted 09 October 2005 - 06:59 AM

didom

    Member 1K

  • Member
  • PipPipPipPip
  • 1,919 posts
Run Panda's online virus scan and perform a full system scan: Panda ActiveScan

Save the scan log and post it along with a new HijackThis Log in your next reply.
  • 0
Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP