This topic is locked
Scan saved at 04:50:09 ب.ظ, on 2008/01/24
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal
Running processes:
E:\WINDOWS\System32\smss.exe
E:\WINDOWS\SYSTEM32\winlogon.exe
E:\WINDOWS\system32\services.exe
E:\WINDOWS\system32\lsass.exe
E:\WINDOWS\system32\svchost.exe
E:\WINDOWS\System32\svchost.exe
E:\Program Files\Ahead\InCD\InCDsrv.exe
E:\WINDOWS\system32\svchost.exe
E:\Program Files\Lock My PC 4\lockpc.exe
E:\WINDOWS\Explorer.exe
E:\WINDOWS\system32\spoolsv.exe
E:\WINDOWS\system32\soundmix.exe
E:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe
E:\Program Files\Common Files\LightScribe\LSSrvc.exe
E:\WINDOWS\system32\nvsvc32.exe
E:\WINDOWS\svchost.exe
E:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
E:\WINDOWS\system32\wscntfy.exe
E:\WINDOWS\system32\ypager.exe
C:\PROGRA~1\MOZILLA.ORG\MOZILLA\MOZILLA.EXE
E:\WINDOWS\system32\svchost.exe
E:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://softwarerefer...=...6Ojg5&lid=2
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = local
O1 - Hosts: 61.129.115.198 www.xldd.com
O1 - Hosts: 61.129.115.198 www.ojiang.com
O1 - Hosts: 61.129.115.198 www.shuixian.net
O1 - Hosts: 61.129.115.198 www.xlarea.com
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - E:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: XTN Monitor - {0BB25A64-41B8-4051-A627-A8B9F2DA6FD2} - E:\WINDOWS\ddwlxtqowd.dll
O3 - Toolbar: (no name) - {BA52B914-B692-46c4-B683-905236F6F655} - (no file)
O3 - Toolbar: &Save Flash - {4064EA35-578D-4073-A834-C96D82CBCF40} - E:\Program Files\Save Flash\SaveFlash.dll
O4 - HKLM\..\Run: [soundmix] E:\WINDOWS\system32\soundmix.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] E:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] E:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] E:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunOnce: [RunNarrator] Narrator.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] E:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunOnce: [RunNarrator] Narrator.exe (User 'Default user')
O8 - Extra context menu item: Download with Go!Zilla - file://E:\PROGRA~1\Go!Zilla\download-with-gozilla.html
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - E:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - E:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - E:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - E:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: e:\windows\system32\nwprovau.dll
O17 - HKLM\System\CCS\Services\Tcpip\..\{27851EBA-1EB9-4795-A827-F78295AEF8BE}: NameServer = 80.191.199.164 217.218.127.104
O20 - Winlogon Notify: fsp_lmwl - E:\WINDOWS\SYSTEM32\fsp_lmwl.dll
O21 - SSODL: bmlvqkn - {286873E9-DBF1-426E-A77B-66744C53A902} - E:\WINDOWS\bmlvqkn.dll
O21 - SSODL: agrlmvp - {0D944282-82A2-47D6-90C7-CABEA92C0799} - E:\WINDOWS\agrlmvp.dll
O23 - Service: Adobe LM Service - Adobe Systems - E:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Autodesk Licensing Service - Unknown owner - E:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe
O23 - Service: ICF - Unknown owner - E:\WINDOWS\system32\svchost.exe:exe.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - E:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: InCD Helper (InCDsrv) - Nero AG - E:\Program Files\Ahead\InCD\InCDsrv.exe
O23 - Service: InCD Helper (read only) (InCDsrvR) - Nero AG - E:\Program Files\Ahead\InCD\InCDsrv.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - E:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - E:\WINDOWS\system32\nvsvc32.exe
O23 - Service: ServiceLayer - Nokia. - E:\Program Files\Common Files\PCSuite\Services\ServiceLayer.exe
O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - E:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
--
End of file - 4755 bytes
and this is my SmitFraudFix scan:
SmitFraudFix v2.274
Scan done at 16:51:13.39, Thu 01/24/2008
Run from C:\Documents and Settings\hacked\Desktop\payam\new 24\New Folder\SmitfraudFix
OS: Microsoft Windows XP [Version 5.1.2600] - Windows_NT
The filesystem type is NTFS
Fix run in normal mode
»»»»»»»»»»»»»»»»»»»»»»»» Process
E:\WINDOWS\System32\smss.exe
E:\WINDOWS\SYSTEM32\winlogon.exe
E:\WINDOWS\system32\services.exe
E:\WINDOWS\system32\lsass.exe
E:\WINDOWS\system32\svchost.exe
E:\WINDOWS\System32\svchost.exe
E:\Program Files\Ahead\InCD\InCDsrv.exe
E:\WINDOWS\system32\svchost.exe
E:\Program Files\Lock My PC 4\lockpc.exe
E:\WINDOWS\Explorer.exe
E:\WINDOWS\system32\spoolsv.exe
E:\WINDOWS\system32\soundmix.exe
E:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe
E:\Program Files\Common Files\LightScribe\LSSrvc.exe
E:\WINDOWS\system32\nvsvc32.exe
E:\WINDOWS\svchost.exe
E:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
E:\WINDOWS\system32\wscntfy.exe
E:\WINDOWS\system32\ypager.exe
C:\PROGRA~1\MOZILLA.ORG\MOZILLA\MOZILLA.EXE
E:\WINDOWS\system32\svchost.exe
E:\WINDOWS\system32\cmd.exe
»»»»»»»»»»»»»»»»»»»»»»»» hosts
hosts file corrupted !
127.0.0.1 hk.digitaltrends.com
127.0.0.1 microsoft.com.org
127.0.0.1 www.www.microsoft.com.org
»»»»»»»»»»»»»»»»»»»»»»»» E:\
»»»»»»»»»»»»»»»»»»»»»»»» E:\WINDOWS
E:\WINDOWS\svchost.exe FOUND !
»»»»»»»»»»»»»»»»»»»»»»»» E:\WINDOWS\system
»»»»»»»»»»»»»»»»»»»»»»»» E:\WINDOWS\Web
»»»»»»»»»»»»»»»»»»»»»»»» E:\WINDOWS\system32
»»»»»»»»»»»»»»»»»»»»»»»» E:\WINDOWS\system32\LogFiles
»»»»»»»»»»»»»»»»»»»»»»»» E:\Documents and Settings\forceman
»»»»»»»»»»»»»»»»»»»»»»»» E:\Documents and Settings\forceman\Application Data
»»»»»»»»»»»»»»»»»»»»»»»» Start Menu
»»»»»»»»»»»»»»»»»»»»»»»» E:\DOCUME~1\forceman\FAVORI~1
E:\DOCUME~1\forceman\FAVORI~1\Error Cleaner.url FOUND !
E:\DOCUME~1\forceman\FAVORI~1\Privacy Protector.url FOUND !
E:\DOCUME~1\forceman\FAVORI~1\Spyware?Malware Protection.url FOUND !
»»»»»»»»»»»»»»»»»»»»»»»» Desktop
E:\DOCUME~1\forceman\Desktop\Error Cleaner.url FOUND !
E:\DOCUME~1\forceman\Desktop\Privacy Protector.url FOUND !
E:\DOCUME~1\forceman\Desktop\Spyware?Malware Protection.url FOUND !
»»»»»»»»»»»»»»»»»»»»»»»» E:\Program Files
»»»»»»»»»»»»»»»»»»»»»»»» Corrupted keys
»»»»»»»»»»»»»»»»»»»»»»»» Desktop Components
»»»»»»»»»»»»»»»»»»»»»»»» IEDFix
!!!Attention, following keys are not inevitably infected!!!
IEDFix.exe by S!Ri
»»»»»»»»»»»»»»»»»»»»»»»» Sharedtaskscheduler
!!!Attention, following keys are not inevitably infected!!!
SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll
»»»»»»»»»»»»»»»»»»»»»»»» AppInit_DLLs
!!!Attention, following keys are not inevitably infected!!!
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLs"=""
»»»»»»»»»»»»»»»»»»»»»»»» Winlogon.System
!!!Attention, following keys are not inevitably infected!!!
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
"System"=""
»»»»»»»»»»»»»»»»»»»»»»»» Rustock
»»»»»»»»»»»»»»»»»»»»»»»» DNS
Description: WAN (PPP/SLIP) Interface
DNS Server Search Order: 80.191.199.164
DNS Server Search Order: 217.218.127.104
HKLM\SYSTEM\CCS\Services\Tcpip\..\{27851EBA-1EB9-4795-A827-F78295AEF8BE}: NameServer=80.191.199.164 217.218.127.104
HKLM\SYSTEM\CS1\Services\Tcpip\..\{27851EBA-1EB9-4795-A827-F78295AEF8BE}: NameServer=80.191.199.164 217.218.127.104
»»»»»»»»»»»»»»»»»»»»»»»» Scanning for wininet.dll infection
»»»»»»»»»»»»»»»»»»»»»»»» End
hi
please help i dont know why my cpu going to 100% usag and then a warning alert show you have wins32.worm.netsky virus
i use evry anti viruses like norton,panda,picicilin and ...
but nothing will be change
Sign In
Create Account
