My Computer cant start in the Safe Mode and my registry cant open and also cant even open task manager.It Block My Anti Virus Scanning Doesn't let my anti virus scanning and make a protection. I try to download some anti-malware software scan it and delete it. but after every 20 minutes it Infection again I have to delete couple time but still cant clean it and it Switch Off my Firewall every time i restart my computer Every time i delete the malware it come back and the malware name was same like Sality.aa i had to delete it couple time sality.aa too and now infection again with same name . What should i need to do ? can some one please help me .Thank
Is this a mailware infection ?
- Thread starter melvin
- Start date
Please download and run combofix.
http://www.bleepingcomputer.com/combofix/how-to-use-combofix
Please be sure to follow the directions on that page. Once the scan is complete please follow this procedure and post all 3 logs when you come back.
http://www.computerforum.com/131398-important-please-read-before-posting.html
So when you come back, I need the logs from combofix, malwarebytes and hijackthis. Also an update on how your computer is running.
http://www.bleepingcomputer.com/combofix/how-to-use-combofix
Please be sure to follow the directions on that page. Once the scan is complete please follow this procedure and post all 3 logs when you come back.
http://www.computerforum.com/131398-important-please-read-before-posting.html
So when you come back, I need the logs from combofix, malwarebytes and hijackthis. Also an update on how your computer is running.
ComboFix 09-12-05.03 - KHC -12-06 星期日 12:17.2.2 - x86
Microsoft Windows XP Professional 5.1.2600.3.936.86.1033.18.2047.1589 [GMT -8:00]
执行位置: c:\documents and settings\KHC\Desktop\ComboFix.exe
AV: 360杀毒 *On-access scanning enabled* (Updated) {D737F2DE-FA43-4036-AF5B-911612E2D674}
AV: avast! antivirus 4.8.1351 [VPS 091130-0] *On-access scanning disabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}
.
((((((((((((((((((((((((((((((((((((((( 被删除的档案 )))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\program files\baidu
c:\program files\baidu\bar\baidubar.dat
c:\program files\Baidu\bar\baidubar.dll
c:\program files\baidu\bar\img\imglist.bmp
c:\program files\baidu\bar\img\logo.bmp
c:\windows\system32\BDGuard.DAT
c:\windows\system32\BDGuardS.DAT
c:\windows\system32\drivers\bdguard.sys
c:\windows\system32\drivers\SafeboxKrnl.sys
.
---- 早前运行的结果 -------
.
c:\docume~1\KHC\LOCALS~1\Temp\tmp1.tmp
c:\docume~1\KHC\LOCALS~1\Temp\tmp2.tmp
c:\documents and settings\All Users\Application Data\Microsoft\WLSetup
c:\documents and settings\All Users\Application Data\Microsoft\WLSetup\Logs\2009-04-02_01-23_7c-yvieil4t.log
c:\documents and settings\All Users\Application Data\Microsoft\WLSetup\Logs\2009-11-09_17-37_548-asmuy98c.log
c:\documents and settings\All Users\Application Data\Microsoft\WLSetup\Logs\2009-11-09_17-46_9f8-vwdna7np.log
c:\documents and settings\All Users\Start Menu\Programs\BulletProofSoft.com
c:\documents and settings\All Users\Start Menu\Programs\BulletProofSoft.com\Youtube Video Grabber\Help.lnk
c:\documents and settings\All Users\Start Menu\Programs\BulletProofSoft.com\Youtube Video Grabber\Uninstall.lnk
c:\documents and settings\KHC\Application Data\.#
c:\documents and settings\KHC\Application Data\BITS
c:\documents and settings\KHC\Application Data\BITS\BITS.ini
c:\documents and settings\KHC\Application Data\BITS\DHTTable.dat
c:\documents and settings\KHC\Application Data\BITS\ProxyList.ini
c:\documents and settings\KHC\Application Data\BITS\UPnP.ini
c:\documents and settings\KHC\Application Data\FlashGetBHO
c:\documents and settings\KHC\Application Data\FlashGetBHO\FlashGetBHO3.dll
c:\documents and settings\KHC\Application Data\FlashGetBHO\GetAllUrl.htm
c:\documents and settings\KHC\Application Data\FlashGetBHO\GetUrl.htm
c:\documents and settings\KHC\Application Data\Microsoft\Internet Explorer\Quick Launch\启动 Internet Explorer 浏览器.lnk
c:\documents and settings\KHC\Local Settings\Application Data\Baidu
c:\program files\AskSearch\bin\DeFAultsearch.dll
c:\program files\baidu\AddressBar\AddressBar_Tmp\AddressBar.dll
c:\program files\baidu\AddressBar\ASBarBroker.exe
c:\program files\baidu\bar\bang.ini
c:\program files\baidu\bar\BDBar_tmp\BaiduBar.dll
c:\program files\baidu\bar\icon\adicon0.ico
c:\program files\baidu\bar\loadmovie.swf
c:\program files\baidu\bar\log.dat
c:\program files\baidu\bar\logex.dat
c:\program files\baidu\bar\namedsites.dat
c:\program files\BulletProofSoft.com
c:\program files\BulletProofSoft.com\Youtube Video Grabber\Clip.exe
c:\program files\BulletProofSoft.com\Youtube Video Grabber\Help.chm
c:\program files\BulletProofSoft.com\Youtube Video Grabber\Main.swf
c:\program files\BulletProofSoft.com\Youtube Video Grabber\Parse.wvi
c:\program files\BulletProofSoft.com\Youtube Video Grabber\unins000.dat
c:\program files\BulletProofSoft.com\Youtube Video Grabber\unins000.exe
c:\program files\FlashGet Network
c:\program files\FlashGet Network\FlashGet 3\dat\Appsetting.cfg
c:\program files\FlashGet Network\FlashGet 3\dat\directui\00.JPG
c:\program files\FlashGet Network\FlashGet 3\dat\directui\00.png
c:\program files\FlashGet Network\FlashGet 3\dat\directui\01.png
c:\program files\FlashGet Network\FlashGet 3\dat\directui\1.png
c:\program files\FlashGet Network\FlashGet 3\dat\directui\2.png
c:\program files\FlashGet Network\FlashGet 3\dat\directui\3.png
c:\program files\FlashGet Network\FlashGet 3\dat\directui\4.png
c:\program files\FlashGet Network\FlashGet 3\dat\directui\5.png
c:\program files\FlashGet Network\FlashGet 3\dat\directui\6.png
c:\program files\FlashGet Network\FlashGet 3\dat\directui\7.png
c:\program files\FlashGet Network\FlashGet 3\dat\directui\client_021601.jpg
c:\program files\FlashGet Network\FlashGet 3\dat\directui\client_022403.jpg
c:\program files\FlashGet Network\FlashGet 3\dat\directui\client_43332h.jpg
c:\program files\FlashGet Network\FlashGet 3\dat\directui\client_488965562h.jpg
c:\program files\FlashGet Network\FlashGet 3\dat\directui\directui_1243395422.zip
c:\program files\FlashGet Network\FlashGet 3\dat\directui\rescenter.txt
c:\program files\FlashGet Network\FlashGet 3\dat\directui\rescenter_big5.txt
c:\program files\FlashGet Network\FlashGet 3\dat\FlashGet3db.bak
c:\program files\FlashGet Network\FlashGet 3\dat\FlashGet3db.db
c:\program files\FlashGet Network\FlashGet 3\dat\stat\advertisement\024F5093_2AD7_CEFB_02E6_09CE1EC961F1.swf
c:\program files\FlashGet Network\FlashGet 3\dat\stat\advertisement\03390171_7E01_CEF9_FAB1_05FB5C0CF600.gif
c:\program files\FlashGet Network\FlashGet 3\dat\stat\advertisement\0CF68D2A_AC7E_9602_80EB_F652E500FE5C.swf
c:\program files\FlashGet Network\FlashGet 3\dat\stat\advertisement\1BC98F6C_E308_2723_269C_DA2ED04D8D05.gif
c:\program files\FlashGet Network\FlashGet 3\dat\stat\advertisement\1D3D26F1_2150_80C3_BA5A_F9A7B3449505.swf
c:\program files\FlashGet Network\FlashGet 3\dat\stat\advertisement\22843F48_FA65_B195_F0B3_8DB3669EBCA9.swf
c:\program files\FlashGet Network\FlashGet 3\dat\stat\advertisement\242A3EBA_6FCE_07D1_770B_8AD3B5902C0B.gif
c:\program files\FlashGet Network\FlashGet 3\dat\stat\advertisement\24BE6500_6212_22BD_7AE3_EEC93EB0CB05.swf
c:\program files\FlashGet Network\FlashGet 3\dat\stat\advertisement\36C464D7_102C_302F_5EE5_9B4D43BA72C7.gif
c:\program files\FlashGet Network\FlashGet 3\dat\stat\advertisement\3BA670C6_8D1A_DCC7_9D1D_228D403736A1.swf
c:\program files\FlashGet Network\FlashGet 3\dat\stat\advertisement\3ED66973_8579_5EFF_D8F3_146FE0FADB22.swf
c:\program files\FlashGet Network\FlashGet 3\dat\stat\advertisement\4343AFD5_53C8_C055_5227_AD272D694F4A.swf
c:\program files\FlashGet Network\FlashGet 3\dat\stat\advertisement\4A2B6AF7_E9BA_1455_CBC6_0C98FEB2FD69.swf
c:\program files\FlashGet Network\FlashGet 3\dat\stat\advertisement\5decbbfd149705093c448e1dc7ab2e54.zip
c:\program files\FlashGet Network\FlashGet 3\dat\stat\advertisement\6B5702D3_912E_2DB7_A424_2772A8204C00.swf
c:\program files\FlashGet Network\FlashGet 3\dat\stat\advertisement\7706AFB7_D6E0_1D12_488D_8A6D0135DB67.gif
c:\program files\FlashGet Network\FlashGet 3\dat\stat\advertisement\964B4074_8097_6DFA_2CB1_627A1457A9FC.gif
c:\program files\FlashGet Network\FlashGet 3\dat\stat\advertisement\adconfig.ini
c:\program files\FlashGet Network\FlashGet 3\dat\stat\advertisement\BDEE3661_DA8C_448D_71CB_2012E342A45B.swf
c:\program files\FlashGet Network\FlashGet 3\dat\stat\advertisement\DC6DA701_6A4D_4213_C7DE_74E1399F1103.swf
c:\program files\FlashGet Network\FlashGet 3\dat\stat\advertisement\E2609D59_1FEE_7A5C_1EC6_563AD9D25E72.gif
c:\program files\FlashGet Network\FlashGet 3\dat\stat\advertisement\E4EB3CC8_B286_30E0_6FFD_BE8D9183B777.gif
c:\program files\FlashGet Network\FlashGet 3\dat\stat\advertisement\EEEFFA48_4BC4_0E19_9FD7_C1F29F9B943D.gif
c:\program files\FlashGet Network\FlashGet 3\dat\stat\advertisement\F55A1131_CE5A_5CE2_7464_F14FC371995F.swf
c:\program files\FlashGet Network\FlashGet 3\dat\stat\advertisement\F5AD25E5_A882_EF02_6F52_D9EC98AAE2B4.swf
c:\program files\FlashGet Network\FlashGet 3\dat\stat\advertisement\help.bmp
c:\program files\FlashGet Network\FlashGet 3\dat\stat\advertisement\port.ini
c:\program files\FlashGet Network\FlashGet 3\dat\stat\skinpreview\preview_blue3.png
c:\program files\FlashGet Network\FlashGet 3\dat\stat\skinpreview\preview_red3.png
c:\program files\FlashGet Network\FlashGet 3\dat\stat\skinpreview\preview_white.png
c:\program files\FlashGet Network\FlashGet 3\dat\stat\statdata\statinfo.dat
c:\program files\FlashGet Network\FlashGet 3\P2PCfg.ini
c:\windows\ALCMTR.EXE
c:\windows\sosuo.col
c:\windows\system32\200ead55ea.dll
c:\windows\system32\iexp_log.txt
c:\windows\system32\secustat.dat
.
((((((((((((((((((((((((((((((((((((((( 驱动/服务 )))))))))))))))))))))))))))))))))))))))))))))))))
.
-------\Legacy_BDGUARD
-------\Legacy_SAFEBOXKRNL
-------\Service_BdGuard
-------\Service_SafeBoxKrnl
-------\Legacy_BDGUARD
-------\Legacy_SAFEBOXKRNL
-------\Service_SafeBoxKrnl
((((((((((((((((((((((((( 2009-11-06 至 2009-12-06 的新的档案 )))))))))))))))))))))))))))))))
.
2009-12-06 04:36 . 2009-12-06 04:36 -------- d-----w- c:\program files\Trend Micro
2009-12-05 11:00 . 2009-12-05 11:00 186880 ----a-w- c:\windows\system32\drivers\trlkprot.sys
2009-12-05 11:00 . 2009-12-05 11:00 -------- d-----w- c:\windows\trlrm
2009-12-05 11:00 . 2009-12-05 11:30 36 ---h--r- c:\windows\sued.dat
2009-12-05 10:59 . 2009-12-06 04:39 -------- d-----w- c:\program files\SpyWall
2009-12-05 10:53 . 2009-12-05 10:53 -------- d-----w- c:\program files\AskSearch
2009-12-05 10:53 . 2009-12-05 10:53 -------- d-----w- c:\program files\AskBarDis
2009-12-04 06:22 . 2009-12-04 06:49 -------- d-----w- c:\documents and settings\KHC\Application Data\MxBoost
2009-12-04 06:21 . 2009-12-04 09:43 -------- d-----w- c:\program files\Maxthon2
2009-12-04 05:31 . 2009-12-04 05:32 -------- d-----w- c:\program files\360v5
2009-12-04 04:04 . 2009-12-04 04:07 -------- d-----w- C:\360Rec
2009-12-04 03:28 . 2009-12-04 03:37 -------- d-----w- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2009-12-04 03:28 . 2009-12-04 03:28 -------- d-----w- c:\program files\Spybot - Search & Destroy
2009-12-03 23:19 . 2009-12-04 06:10 -------- d-----w- c:\documents and settings\KHC\Application Data\360se
2009-12-03 23:19 . 2009-11-20 07:06 86528 ----a-w- c:\windows\system32\drivers\360SelfProtection.sys
2009-12-03 23:19 . 2009-10-16 12:21 52480 ----a-w- c:\windows\system32\drivers\hookport.sys
2009-12-03 23:19 . 2009-11-18 02:07 36480 ----a-w- c:\windows\system32\drivers\qutmdrv.sys
2009-12-03 23:18 . 2009-10-21 11:50 16640 ----a-w- c:\windows\system32\drivers\bfsdrv.sys
2009-12-03 23:18 . 2009-11-24 10:37 25728 ----a-w- c:\windows\system32\drivers\qutmipc.sys
2009-12-01 06:35 . 2009-12-01 06:35 -------- d-----w- c:\documents and settings\KHC\Application Data\AVG8
2009-12-01 05:55 . 2008-01-30 20:38 30728 ----a-w- c:\windows\system32\drivers\epfwndis.sys
2009-11-28 05:25 . 2009-11-28 05:25 -------- d-----w- C:\Mini_Game_Controller
2009-11-27 14:44 . 2009-11-27 14:44 -------- d-----w- C:\My Medias
2009-11-27 14:41 . 2007-02-28 21:33 761856 ----a-w- c:\windows\system32\xvidcore.dll
2009-11-27 14:41 . 2007-02-28 21:33 180224 ----a-w- c:\windows\system32\xvidvfw.dll
2009-11-27 14:41 . 2007-02-28 21:30 574976 ----a-w- c:\windows\system32\divx.dll
2009-11-27 14:41 . 2007-02-28 21:30 86016 ----a-w- c:\windows\system32\dpl100.dll
2009-11-27 14:41 . 2007-02-28 21:30 593920 ----a-w- c:\windows\system32\dpuGUI11.dll
2009-11-27 14:41 . 2007-02-28 21:30 57344 ----a-w- c:\windows\system32\dpv11.dll
2009-11-27 14:41 . 2007-02-28 21:30 3596288 ----a-w- c:\windows\system32\qt-dx331.dll
2009-11-27 14:41 . 2007-02-28 21:30 294912 ----a-w- c:\windows\system32\dpu11.dll
2009-11-27 14:41 . 2007-02-28 21:30 200704 ----a-w- c:\windows\system32\ssldivx.dll
2009-11-27 14:41 . 2007-02-28 21:30 200704 ----a-w- c:\windows\system32\dtu100.dll
2009-11-27 14:41 . 2007-02-28 21:30 1044480 ----a-w- c:\windows\system32\libdivx.dll
2009-11-26 11:03 . 2009-11-26 11:03 -------- d-----w- c:\documents and settings\All Users\Application Data\Youdao
2009-11-26 10:34 . 2009-11-26 10:34 -------- d-----w- c:\documents and settings\KHC\Local Settings\Application Data\Yodao
2009-11-26 10:34 . 2009-11-26 10:34 -------- d-----w- c:\program files\Youdao
2009-11-26 10:30 . 2009-11-26 10:31 -------- d-----w- c:\documents and settings\All Users\Application Data\kingsoft
2009-11-26 10:30 . 2009-11-26 10:30 -------- d-----w- c:\program files\Kingsoft
2009-11-17 09:22 . 2009-11-17 09:22 -------- d-----w- c:\documents and settings\All Users\Application Data\nView_Profiles
2009-11-15 20:35 . 2009-12-05 10:27 -------- d-----w- c:\documents and settings\KHC\Application Data\AddressBar
.
(((((((((((((((((((((((((((((((((((((((( 在三个月内被修改的档案 ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-12-06 20:15 . 2009-03-25 19:01 -------- d-----w- c:\program files\mozira
2009-12-06 19:33 . 2009-05-19 06:30 -------- d-----w- c:\program files\象棋巫师
2009-12-06 04:39 . 2009-04-08 11:40 -------- d-----w- c:\program files\Winamp Toolbar
2009-12-05 10:43 . 2009-04-16 19:12 -------- d-----w- c:\program files\RadarSync
2009-12-05 09:34 . 2009-06-15 04:33 -------- d-----w- c:\program files\PPStream
2009-12-05 09:34 . 2009-03-22 19:33 -------- d---a-w- c:\program files\GameSpy Arcade
2009-12-05 09:34 . 2009-04-14 19:18 -------- d-----w- c:\program files\Daytona USA
2009-12-05 09:22 . 2009-10-05 23:27 -------- d-----w- c:\program files\FMS
2009-12-05 09:22 . 2009-05-29 23:21 -------- d-----w- c:\program files\Folder Guide
2009-12-05 06:42 . 2009-05-29 00:09 -------- d-----w- c:\program files\CCleaner
2009-12-04 06:20 . 2009-05-04 00:38 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2009-12-04 05:30 . 2009-03-22 07:03 -------- d-----w- c:\program files\thunder
2009-12-04 04:57 . 2007-12-04 17:41 147456 ----a-w- c:\windows\system32\nvcolor.exe
2009-12-04 04:49 . 2007-12-04 17:41 753664 ----a-w- c:\windows\system32\nvcplui.exe
2009-12-04 04:49 . 2007-12-04 17:41 1626112 ----a-w- c:\windows\system32\nwiz.exe
2009-12-04 04:35 . 2009-04-28 21:57 104448 ----a-w- C:\PlayRagnarok-Public-V1.1.exe
2009-12-04 04:34 . 2009-05-06 13:51 475136 ----a-w- c:\documents and settings\All Users\Application Data\F4\EoS-Launcher.exe
2009-12-04 04:15 . 2009-10-24 12:20 -------- d-----w- c:\documents and settings\KHC\Application Data\uTorrent
2009-12-04 04:14 . 2009-06-06 21:21 -------- d-----w- c:\program files\Unlocker
2009-12-04 04:03 . 2009-04-16 02:55 -------- d-----w- c:\program files\360
2009-12-04 04:00 . 2009-04-16 02:55 -------- d-----w- c:\documents and settings\KHC\Application Data\360Safe
2009-12-04 04:00 . 2009-03-25 18:59 -------- d-----w- c:\documents and settings\All Users\Application Data\360safe
2009-12-04 03:30 . 2009-03-22 11:30 -------- d-----w- c:\documents and settings\KHC\Application Data\PPStream
2009-12-04 03:30 . 2009-06-05 19:29 -------- d-----w- c:\program files\HD Tune
2009-12-01 12:05 . 2009-05-28 08:34 -------- d-----w- c:\program files\Avast Alwil Software
2009-12-01 11:21 . 2009-10-24 12:21 -------- d-----w- c:\program files\uTorrent
2009-12-01 09:38 . 2009-07-03 20:09 22272 ----a-w- c:\windows\system32\drivers\bregdrv.sys
2009-12-01 05:55 . 2009-04-29 01:13 -------- d-----w- c:\documents and settings\All Users\Application Data\ESET
2009-12-01 02:32 . 2009-03-22 11:27 3091 ----a-w- c:\windows\system32\cid_store.dat
2009-11-28 06:11 . 2009-05-14 05:13 50 ----a-w- c:\windows\popcinfo.dat
2009-11-27 14:44 . 2009-04-15 18:44 -------- d---a-w- c:\documents and settings\All Users\Application Data\TEMP
2009-11-17 09:23 . 2009-03-22 10:58 22712 ----a-w- c:\documents and settings\KHC\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-11-10 02:01 . 2009-04-02 08:42 -------- d-----w- c:\program files\Microsoft Silverlight
2009-11-10 01:58 . 2009-04-02 08:39 -------- d-----w- c:\program files\Windows Live
2009-10-31 04:50 . 2009-10-31 04:50 -------- d-----w- c:\documents and settings\KHC\Application Data\Xilisoft
2009-10-25 09:59 . 2009-05-12 18:50 -------- d--h--w- c:\program files\InstallShield Installation Information
2009-10-24 17:26 . 2009-03-25 02:42 151928 ----a-w- c:\documents and settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat
2009-10-24 03:15 . 2009-10-24 03:15 -------- d-----w- c:\documents and settings\All Users\Application Data\XLab
2009-10-23 19:47 . 2009-10-23 19:47 -------- d-----w- c:\program files\Common Files\baidu
2009-10-23 12:19 . 2009-10-23 12:19 -------- d-----w- c:\documents and settings\All Users\Application Data\SWTCWRH
2009-10-23 09:49 . 2009-10-23 09:49 -------- d-----w- c:\documents and settings\All Users\Application Data\DivoGames
2009-10-22 22:21 . 2009-10-22 22:21 -------- d-----w- c:\documents and settings\All Users\Application Data\thunder_vod_cache
2009-10-22 19:51 . 2009-09-20 11:05 26 ----a-w- c:\windows\system32\xlhcc.dat
2009-10-21 03:17 . 2009-10-21 03:17 -------- d-----w- c:\program files\Common Files\SourceTec
2009-09-25 00:33 . 2009-09-25 00:33 285704 ----a-w- c:\windows\system32\drivers\bdfsfltr.sys
2009-09-20 11:04 . 2009-09-20 11:04 20 ----a-w- c:\windows\system32\pub_store.dat
.
------- Sigcheck -------
[7] 2008-06-20 . AD978A1B783B5719720CFF204B666C8E . 361600 . . [5.1.2600.5625] . . c:\windows\$hf_mig$\KB951748\SP3QFE\tcpip.sys
[7] 2008-06-20 . 9AEFA14BD6B182D61E3119FA5F436D3D . 361600 . . [5.1.2600.5625] . . c:\windows\system32\dllcache\tcpip.sys
[-] 2008-06-20 . 4AFB3B0919649F95C1964AA1FAD27D73 . 361600 . . [5.1.2600.5625] . . c:\windows\system32\drivers\tcpip.sys
[7] 2008-04-14 . 93EA8D04EC73A85DB02EB8805988F733 . 361344 . . [5.1.2600.5512] . . c:\windows\$NtUninstallKB951748$\tcpip.sys
.
((((((((((((((((((((((((((((((((((((( 重要登入点 ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*注意* 空白与合法缺省登录将不会被显示
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"msnmsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2009-07-27 4064080]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"360Safebox"="d:\360safebox\SafeBoxTray.exe" [2009-03-26 800264]
"360Safetray"="c:\program files\360\360Safe\safemon\360Tray.exe" [2009-11-28 624184]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2007-12-04 8523776]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableLUA"= 0 (0x0)
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"DisableTaskMgr"= 1 (0x1)
"DisableRegistryTools"= 1 (0x1)
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"New Value #1"= 0 (0x0)
"New Value #2"= 0 (0x0)
"NoStartButton"= 0 (0x0)
"NoExpandedNewMenu"= 0 (0x0)
"NoFileUrl"= 0 (0x0)
"NoNavButtons"= 0 (0x0)
"SmallIcons"= 0 (0x0)
"SpecifyDefaultButtons"= 1 (0x1)
"RestrictRun"= 0 (0x0)
[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]
"New Value #1"= 0 (0x0)
"New Value #2"= 0 (0x0)
[HKLM\~\startupfolder\C:^Documents and Settings^KHC^Start Menu^Programs^Startup^PPS.lnk]
path=c:\documents and settings\KHC\Start Menu\Programs\Startup\PPS.lnk
backup=c:\windows\pss\PPS.lnkStartup
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000001
"FirewallDisableNotify"=dword:00000001
"UpdatesDisableNotify"=dword:00000001
"AntiVirusOverride"=dword:00000001
"FirewallOverride"=dword:00000001
"UacDisableNotify"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc]
"AntiVirusOverride"=dword:00000001
"AntiVirusDisableNotify"=dword:00000001
"FirewallDisableNotify"=dword:00000001
"FirewallOverride"=dword:00000001
"UpdatesDisableNotify"=dword:00000001
"UacDisableNotify"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\NVIDIA Corporation\\NetworkAccessManager\\Apache Group\\Apache2\\bin\\Apache.exe"=
"c:\\Program Files\\PPStream\\PPSAP.exe"=
"c:\\Program Files\\GameSpy Arcade\\Aphex.exe"=
"d:\\Quake III Arena\\quake3.exe"=
"c:\\WINDOWS\\system32\\dpvsetup.exe"=
"c:\\TDDOWNLOAD\\install.exe"=
"c:\\Program Files\\360\\360Safe\\modules\\360upp.exe"=
"c:\\Program Files\\BoltSoft\\DispatchOfArmy\\Bolt.exe"=
"c:\\Program Files\\MSN\\ppstreamsetup.exe"=
"d:\\Left 4 Dead\\left4dead.exe"=
"c:\\Program Files\\Valve\\hl.exe"=
"c:\\Program Files\\Thunder Network\\Thunder\\Program\\Thunder5.exe"=
"c:\\Program Files\\uTorrent\\uTorrent.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Windows Live\\Sync\\WindowsLiveSync.exe"=
"c:\\Program Files\\CyberLink\\PowerDVD8\\PDVD8Serv.exe"=
"c:\\Program Files\\Youdao\\DeskDict2\\RunDict.exe"=
"c:\\WINDOWS\\system32\\nwiz.exe"=
"c:\\WINDOWS\\system32\\IME\\PINTLGNT\\ImScInst.exe"=
"c:\\Program Files\\Kingsoft\\KSWebShieldSVC\\kwsupd.exe"=
"c:\\Program Files\\Kingsoft\\KSWebShieldSVC\\KWSUpreport.exe"=
"c:\\Documents and Settings\\KHC\\Desktop\\WanMei Online\\element\\reportbugs\\pwprotector.exe"=
"c:\\Program Files\\Avast Alwil Software\\Avast2009\\ashChest.exe"=
"c:\\Program Files\\Common Files\\Ahead\\Lib\\NMIndexStoreSvr.exe"=
"c:\\Program Files\\360\\360Safe\\softmgr\\360speedld.exe"=
"c:\\Program Files\\Common Files\\InstallShield\\UpdateService\\issch.exe"=
"c:\\Program Files\\360\\360Safe\\safemon\\360tray.exe"= c:\\Program Files\\360\\360Safe\\safemon\\360Tray.exe
"c:\\Program Files\\mozira\\firefox.exe"=
"c:\\Program Files\\360v5\\360safe\\safemon\\360tray.exe"=
"c:\\Program Files\\360\\360Safe\\LiveUpdate360.exe"=
"c:\\Program Files\\Unlocker\\UnlockerAssistant.exe"=
"c:\\WINDOWS\\trlrm\\RMHSvc.exe"=
R0 HookPort;HookPort;c:\windows\system32\drivers\hookport.sys [2009-12-3 15:19 52480]
R1 360SelfProtection;360SelfProtection;c:\windows\system32\drivers\360SelfProtection.sys [2009-12-3 15:19 86528]
R1 BFSDRV;BFSDRV;c:\windows\system32\drivers\bfsdrv.sys [2009-12-3 15:18 16640]
R1 BREGDRV;BREGDRV;c:\windows\system32\drivers\bregdrv.sys [2009-7-3 12:09 22272]
R1 EfiMon;EfiSystemMon;c:\windows\system32\drivers\efimon.sys [2009-8-6 6:29 19072]
R1 qutmipc;qutmipc;c:\windows\system32\drivers\qutmipc.sys [2009-12-3 15:18 25728]
R1 trlkprot;Trlokom Application scan driver;c:\windows\system32\drivers\trlkprot.sys [2009-12-5 3:00 186880]
R2 360rp;360 杀毒实时防护服务;c:\program files\360\360sd\360rp.exe [2009-11-29 828928]
R2 fssfltr;FssFltr;c:\windows\system32\drivers\fssfltr_tdi.sys [2009-4-2 0:42 54752]
R2 WinFLdrv;WinFLdrv;c:\windows\system32\WinFLdrv.sys [2009-6-21 22:15 10752]
R2 ZhuDongFangYu;主动防御;c:\program files\360v5\360safe\deepscan\ZhuDongFangYu.exe [2009-11-6 0:16 214528]
R3 abp470n5;abp470n5;\??\c:\windows\system32\drivers\rhkmln.sys --> c:\windows\system32\drivers\rhkmln.sys [?]
R3 qutmdserv;Quantum DeepScanner Servers;c:\windows\system32\drivers\qutmdrv.sys [2009-12-3 15:19 36480]
S3 MarkFun_NT;MarkFun_NT;c:\program files\Gigabyte\ET5\MARKFUN.W32 [2009-3-21 22:13 19776]
S3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\mbamswissarmy.sys [2009-5-3 16:38 38496]
S3 Mkd2kfNt;Mkd2kfNt;c:\windows\system32\drivers\Mkd2kfNT.sys [2009-5-5 2:28 131456]
S3 Mkd2Nadr;Mkd2Nadr;c:\windows\system32\drivers\Mkd2Nadr.sys [2009-5-5 2:28 79104]
S4 Kingsoft Antivirus WebShield Service;Kingsoft Antivirus WebShield Service;c:\program files\Kingsoft\KSWebShieldSVC\KSWebShield.exe [2009-11-26 2:30 271768]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
bdx REG_MULTI_SZ scan sysagent
.
------- 而外的扫描 -------
.
uStart Page = about:blank
uInternet Connection Wizard,ShellNext = hxxp://www.yahoo.com/
IE: &Search
IE: Download by RedTube Grabber
IE: ê1ó???à×????
IE: ê1ó???à×????è?2?á′?ó
IE: ê1ó???à×???? - c:\program files\thunder\Program\geturl.htm
IE: ê1ó???à×????è?2?á′?ó - c:\program files\thunder\Program\getallurl.htm
IE: 妏蚚捃濘狟婥?窒蟈諉
IE: 妏蚚捃濘狟婥?窒蟈諉 - c:\program files\thunder\Program\getallurl.htm
.
- - - - ORPHANS REMOVED - - - -
WebBrowser-{D4027C7F-154A-4066-A1AD-4243D8127440} - (no file)
AddRemove-360SD - c:\program files\360\360sd\uninst.exe
AddRemove-AddressBar - c:\program files\Baidu\AddressBar\ASBarBroker.exe
AddRemove-avast! - c:\program files\Alwil Software\Avast4\aswRunDll.exe
AddRemove-Battlefield 2 Codename WCC Coop_is1 - c:\program files\EA GAMES\Battlefield 2\unins000.exe
AddRemove-BulletProofSoft Youtube Video Grabber Trial Version_is1 - c:\program files\BulletProofSoft.com\Youtube Video Grabber\unins000.exe
AddRemove-CCleaner - c:\program files\CCleaner\uninst.exe
AddRemove-Counter-Strike 1.6 标准版 (seventeen战队) - c:\progra~1\COUNTE~1\UNWISE.EXE
AddRemove-FMS - c:\program files\FMS\Uninstall.exe
AddRemove-Folder Guide - c:\progra~1\FOLDER~1\UNWISE.EXE
AddRemove-Freedom Fighters - c:\progra~1\EAGAME~1\FREEDO~1\UNWISE.EXE
AddRemove-Game Maker 7.0 - d:\folder\Uninstal.exe
AddRemove-GameSpy Arcade - d:\gamesp~1\UNWISE.EXE
AddRemove-HeatGames PerfectWorld Patch 2.00 - d:\pw\HeatGames PerfectWorld\Uninstall.exe
AddRemove-HeatGamesPWPatch3.1 3.10 - d:\perfect world\Program Files\Perfect World Entertainment\Perfect World International\HeatGames Perfect World\Uninstall.exe
AddRemove-InstallShield_{2BF2E31F-B8BB-40A7-B650-98D28E0F7D47} - c:\program files\InstallShield Installation Information\{2BF2E31F-B8BB-40A7-B650-98D28E0F7D47}\SETUP.EXE
AddRemove-InstallShield_{49C98C60-BAC3-4C92-AF4F-E890FD312D60} - c:\progra~1\COMMON~1\INSTAL~1\Driver\7\INTEL3~1\IDriver.exe
AddRemove-Magellass Corp. - WinBoost_is1 - c:\program files\Magellass\WinBoost\unins000.exe
AddRemove-Magellass Corp. - WinBrush_is1 - c:\program files\Magellass\WinBrush\unins000.exe
AddRemove-NVIDIA Drivers - c:\windows\system32\nvuide.exe UninstallGUI
AddRemove-RadarSync - c:\program files\RadarSync\uninst.exe
AddRemove-Sierra Utilities - c:\program files\Sierra On-Line\sutil32.exe uninstall
AddRemove-Weapons Factory Arena 2.9_is1 - c:\program files\Quake III Arena\wfa\unins000.exe
AddRemove-Wings Over Israel - c:\program files\ThirdWire\Wings Over Israel\uninst.exe
AddRemove-Xilisoft Download YouTube Video - c:\antamedia\Download YouTube Video\Uninstall.exe
AddRemove-{1759D846-48F7-46B7-AC8D-CD2175559CAD}_is1 - c:\program files\MYCNX\Holy Legend Online\unins000.exe
AddRemove-{23F3F476-BE34-4f48-9C77-2806A8393EC4} - c:\program files\360\360se3\UnInst360SE.exe
AddRemove-{3405AFEA-0892-4871-85FE-A2B2EE446420}_is1 - d:\vipyong2\VIPYong2 Online\unins000.exe
AddRemove-{CBA2E782-C278-4B81-008D-4703FCBC1A2E} - c:\program files\Maxis\SimCity 4\EAUninstall.exe
AddRemove-{FFF4949A-3B77-452C-BC5E-F49C8FBA99CF}_is1 - d:\fifa\Fifa 2010\unins000.exe
AddRemove-圣魔大战 - d:\gta4\圣魔大战\uninst.exe
AddRemove-象棋巫师 - c:\program files\象棋巫师\uninst.exe
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-12-06 12:23
Windows 5.1.2600 Service Pack 3 NTFS
扫描被隐藏的进程 。。。
扫描被隐藏的启动组 。。。
扫描被隐藏的文件 。。。
c:\windows\system32\sys_drv.dat 6024 bytes
c:\windows\system32\sys_drv_2.dat 5020 bytes
c:\documents and settings\KHC\Application Data\systemfl.$dk 990 bytes
扫描完成
被隐藏的档案: 3
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
[HKEY_LOCAL_MACHINE\software\Classes\*\shell\ *~v*N N購*N噀鯪\command]
@="\"c:\\Program Files\\Internet Explorer\\iexplore.exe\" \"http://www.gggdu.com/baidd?word=%1\""
.
--------------------- 运行进程下的动态链接库 ---------------------
- - - - - - - > 'explorer.exe'(2680)
c:\program files\360\360Safe\safemon\safemon.dll
.
------------------------ 其他运行进程 ------------------------
.
c:\windows\System32\NOTEPAD.EXE
c:\program files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe
c:\windows\system32\nvsvc32.exe
c:\program files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
c:\program files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe
c:\windows\trlrm\RMHSvc.exe
c:\windows\system32\wdfmgr.exe
c:\program files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcIp.exe
c:\program files\Windows Live\Contacts\wlcomm.exe
.
**************************************************************************
.
完成时间: 2009-12-06 12:29 - 电脑已重新启动
ComboFix-quarantined-files.txt 2009-12-06 20:29
Pre-Run: 6,138,494,976 bytes free
Post-Run: 5,956,886,528 bytes free
- - End Of File - - 211D92B0415B81BF98151C3B93FA6F01
Microsoft Windows XP Professional 5.1.2600.3.936.86.1033.18.2047.1589 [GMT -8:00]
执行位置: c:\documents and settings\KHC\Desktop\ComboFix.exe
AV: 360杀毒 *On-access scanning enabled* (Updated) {D737F2DE-FA43-4036-AF5B-911612E2D674}
AV: avast! antivirus 4.8.1351 [VPS 091130-0] *On-access scanning disabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}
.
((((((((((((((((((((((((((((((((((((((( 被删除的档案 )))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\program files\baidu
c:\program files\baidu\bar\baidubar.dat
c:\program files\Baidu\bar\baidubar.dll
c:\program files\baidu\bar\img\imglist.bmp
c:\program files\baidu\bar\img\logo.bmp
c:\windows\system32\BDGuard.DAT
c:\windows\system32\BDGuardS.DAT
c:\windows\system32\drivers\bdguard.sys
c:\windows\system32\drivers\SafeboxKrnl.sys
.
---- 早前运行的结果 -------
.
c:\docume~1\KHC\LOCALS~1\Temp\tmp1.tmp
c:\docume~1\KHC\LOCALS~1\Temp\tmp2.tmp
c:\documents and settings\All Users\Application Data\Microsoft\WLSetup
c:\documents and settings\All Users\Application Data\Microsoft\WLSetup\Logs\2009-04-02_01-23_7c-yvieil4t.log
c:\documents and settings\All Users\Application Data\Microsoft\WLSetup\Logs\2009-11-09_17-37_548-asmuy98c.log
c:\documents and settings\All Users\Application Data\Microsoft\WLSetup\Logs\2009-11-09_17-46_9f8-vwdna7np.log
c:\documents and settings\All Users\Start Menu\Programs\BulletProofSoft.com
c:\documents and settings\All Users\Start Menu\Programs\BulletProofSoft.com\Youtube Video Grabber\Help.lnk
c:\documents and settings\All Users\Start Menu\Programs\BulletProofSoft.com\Youtube Video Grabber\Uninstall.lnk
c:\documents and settings\KHC\Application Data\.#
c:\documents and settings\KHC\Application Data\BITS
c:\documents and settings\KHC\Application Data\BITS\BITS.ini
c:\documents and settings\KHC\Application Data\BITS\DHTTable.dat
c:\documents and settings\KHC\Application Data\BITS\ProxyList.ini
c:\documents and settings\KHC\Application Data\BITS\UPnP.ini
c:\documents and settings\KHC\Application Data\FlashGetBHO
c:\documents and settings\KHC\Application Data\FlashGetBHO\FlashGetBHO3.dll
c:\documents and settings\KHC\Application Data\FlashGetBHO\GetAllUrl.htm
c:\documents and settings\KHC\Application Data\FlashGetBHO\GetUrl.htm
c:\documents and settings\KHC\Application Data\Microsoft\Internet Explorer\Quick Launch\启动 Internet Explorer 浏览器.lnk
c:\documents and settings\KHC\Local Settings\Application Data\Baidu
c:\program files\AskSearch\bin\DeFAultsearch.dll
c:\program files\baidu\AddressBar\AddressBar_Tmp\AddressBar.dll
c:\program files\baidu\AddressBar\ASBarBroker.exe
c:\program files\baidu\bar\bang.ini
c:\program files\baidu\bar\BDBar_tmp\BaiduBar.dll
c:\program files\baidu\bar\icon\adicon0.ico
c:\program files\baidu\bar\loadmovie.swf
c:\program files\baidu\bar\log.dat
c:\program files\baidu\bar\logex.dat
c:\program files\baidu\bar\namedsites.dat
c:\program files\BulletProofSoft.com
c:\program files\BulletProofSoft.com\Youtube Video Grabber\Clip.exe
c:\program files\BulletProofSoft.com\Youtube Video Grabber\Help.chm
c:\program files\BulletProofSoft.com\Youtube Video Grabber\Main.swf
c:\program files\BulletProofSoft.com\Youtube Video Grabber\Parse.wvi
c:\program files\BulletProofSoft.com\Youtube Video Grabber\unins000.dat
c:\program files\BulletProofSoft.com\Youtube Video Grabber\unins000.exe
c:\program files\FlashGet Network
c:\program files\FlashGet Network\FlashGet 3\dat\Appsetting.cfg
c:\program files\FlashGet Network\FlashGet 3\dat\directui\00.JPG
c:\program files\FlashGet Network\FlashGet 3\dat\directui\00.png
c:\program files\FlashGet Network\FlashGet 3\dat\directui\01.png
c:\program files\FlashGet Network\FlashGet 3\dat\directui\1.png
c:\program files\FlashGet Network\FlashGet 3\dat\directui\2.png
c:\program files\FlashGet Network\FlashGet 3\dat\directui\3.png
c:\program files\FlashGet Network\FlashGet 3\dat\directui\4.png
c:\program files\FlashGet Network\FlashGet 3\dat\directui\5.png
c:\program files\FlashGet Network\FlashGet 3\dat\directui\6.png
c:\program files\FlashGet Network\FlashGet 3\dat\directui\7.png
c:\program files\FlashGet Network\FlashGet 3\dat\directui\client_021601.jpg
c:\program files\FlashGet Network\FlashGet 3\dat\directui\client_022403.jpg
c:\program files\FlashGet Network\FlashGet 3\dat\directui\client_43332h.jpg
c:\program files\FlashGet Network\FlashGet 3\dat\directui\client_488965562h.jpg
c:\program files\FlashGet Network\FlashGet 3\dat\directui\directui_1243395422.zip
c:\program files\FlashGet Network\FlashGet 3\dat\directui\rescenter.txt
c:\program files\FlashGet Network\FlashGet 3\dat\directui\rescenter_big5.txt
c:\program files\FlashGet Network\FlashGet 3\dat\FlashGet3db.bak
c:\program files\FlashGet Network\FlashGet 3\dat\FlashGet3db.db
c:\program files\FlashGet Network\FlashGet 3\dat\stat\advertisement\024F5093_2AD7_CEFB_02E6_09CE1EC961F1.swf
c:\program files\FlashGet Network\FlashGet 3\dat\stat\advertisement\03390171_7E01_CEF9_FAB1_05FB5C0CF600.gif
c:\program files\FlashGet Network\FlashGet 3\dat\stat\advertisement\0CF68D2A_AC7E_9602_80EB_F652E500FE5C.swf
c:\program files\FlashGet Network\FlashGet 3\dat\stat\advertisement\1BC98F6C_E308_2723_269C_DA2ED04D8D05.gif
c:\program files\FlashGet Network\FlashGet 3\dat\stat\advertisement\1D3D26F1_2150_80C3_BA5A_F9A7B3449505.swf
c:\program files\FlashGet Network\FlashGet 3\dat\stat\advertisement\22843F48_FA65_B195_F0B3_8DB3669EBCA9.swf
c:\program files\FlashGet Network\FlashGet 3\dat\stat\advertisement\242A3EBA_6FCE_07D1_770B_8AD3B5902C0B.gif
c:\program files\FlashGet Network\FlashGet 3\dat\stat\advertisement\24BE6500_6212_22BD_7AE3_EEC93EB0CB05.swf
c:\program files\FlashGet Network\FlashGet 3\dat\stat\advertisement\36C464D7_102C_302F_5EE5_9B4D43BA72C7.gif
c:\program files\FlashGet Network\FlashGet 3\dat\stat\advertisement\3BA670C6_8D1A_DCC7_9D1D_228D403736A1.swf
c:\program files\FlashGet Network\FlashGet 3\dat\stat\advertisement\3ED66973_8579_5EFF_D8F3_146FE0FADB22.swf
c:\program files\FlashGet Network\FlashGet 3\dat\stat\advertisement\4343AFD5_53C8_C055_5227_AD272D694F4A.swf
c:\program files\FlashGet Network\FlashGet 3\dat\stat\advertisement\4A2B6AF7_E9BA_1455_CBC6_0C98FEB2FD69.swf
c:\program files\FlashGet Network\FlashGet 3\dat\stat\advertisement\5decbbfd149705093c448e1dc7ab2e54.zip
c:\program files\FlashGet Network\FlashGet 3\dat\stat\advertisement\6B5702D3_912E_2DB7_A424_2772A8204C00.swf
c:\program files\FlashGet Network\FlashGet 3\dat\stat\advertisement\7706AFB7_D6E0_1D12_488D_8A6D0135DB67.gif
c:\program files\FlashGet Network\FlashGet 3\dat\stat\advertisement\964B4074_8097_6DFA_2CB1_627A1457A9FC.gif
c:\program files\FlashGet Network\FlashGet 3\dat\stat\advertisement\adconfig.ini
c:\program files\FlashGet Network\FlashGet 3\dat\stat\advertisement\BDEE3661_DA8C_448D_71CB_2012E342A45B.swf
c:\program files\FlashGet Network\FlashGet 3\dat\stat\advertisement\DC6DA701_6A4D_4213_C7DE_74E1399F1103.swf
c:\program files\FlashGet Network\FlashGet 3\dat\stat\advertisement\E2609D59_1FEE_7A5C_1EC6_563AD9D25E72.gif
c:\program files\FlashGet Network\FlashGet 3\dat\stat\advertisement\E4EB3CC8_B286_30E0_6FFD_BE8D9183B777.gif
c:\program files\FlashGet Network\FlashGet 3\dat\stat\advertisement\EEEFFA48_4BC4_0E19_9FD7_C1F29F9B943D.gif
c:\program files\FlashGet Network\FlashGet 3\dat\stat\advertisement\F55A1131_CE5A_5CE2_7464_F14FC371995F.swf
c:\program files\FlashGet Network\FlashGet 3\dat\stat\advertisement\F5AD25E5_A882_EF02_6F52_D9EC98AAE2B4.swf
c:\program files\FlashGet Network\FlashGet 3\dat\stat\advertisement\help.bmp
c:\program files\FlashGet Network\FlashGet 3\dat\stat\advertisement\port.ini
c:\program files\FlashGet Network\FlashGet 3\dat\stat\skinpreview\preview_blue3.png
c:\program files\FlashGet Network\FlashGet 3\dat\stat\skinpreview\preview_red3.png
c:\program files\FlashGet Network\FlashGet 3\dat\stat\skinpreview\preview_white.png
c:\program files\FlashGet Network\FlashGet 3\dat\stat\statdata\statinfo.dat
c:\program files\FlashGet Network\FlashGet 3\P2PCfg.ini
c:\windows\ALCMTR.EXE
c:\windows\sosuo.col
c:\windows\system32\200ead55ea.dll
c:\windows\system32\iexp_log.txt
c:\windows\system32\secustat.dat
.
((((((((((((((((((((((((((((((((((((((( 驱动/服务 )))))))))))))))))))))))))))))))))))))))))))))))))
.
-------\Legacy_BDGUARD
-------\Legacy_SAFEBOXKRNL
-------\Service_BdGuard
-------\Service_SafeBoxKrnl
-------\Legacy_BDGUARD
-------\Legacy_SAFEBOXKRNL
-------\Service_SafeBoxKrnl
((((((((((((((((((((((((( 2009-11-06 至 2009-12-06 的新的档案 )))))))))))))))))))))))))))))))
.
2009-12-06 04:36 . 2009-12-06 04:36 -------- d-----w- c:\program files\Trend Micro
2009-12-05 11:00 . 2009-12-05 11:00 186880 ----a-w- c:\windows\system32\drivers\trlkprot.sys
2009-12-05 11:00 . 2009-12-05 11:00 -------- d-----w- c:\windows\trlrm
2009-12-05 11:00 . 2009-12-05 11:30 36 ---h--r- c:\windows\sued.dat
2009-12-05 10:59 . 2009-12-06 04:39 -------- d-----w- c:\program files\SpyWall
2009-12-05 10:53 . 2009-12-05 10:53 -------- d-----w- c:\program files\AskSearch
2009-12-05 10:53 . 2009-12-05 10:53 -------- d-----w- c:\program files\AskBarDis
2009-12-04 06:22 . 2009-12-04 06:49 -------- d-----w- c:\documents and settings\KHC\Application Data\MxBoost
2009-12-04 06:21 . 2009-12-04 09:43 -------- d-----w- c:\program files\Maxthon2
2009-12-04 05:31 . 2009-12-04 05:32 -------- d-----w- c:\program files\360v5
2009-12-04 04:04 . 2009-12-04 04:07 -------- d-----w- C:\360Rec
2009-12-04 03:28 . 2009-12-04 03:37 -------- d-----w- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2009-12-04 03:28 . 2009-12-04 03:28 -------- d-----w- c:\program files\Spybot - Search & Destroy
2009-12-03 23:19 . 2009-12-04 06:10 -------- d-----w- c:\documents and settings\KHC\Application Data\360se
2009-12-03 23:19 . 2009-11-20 07:06 86528 ----a-w- c:\windows\system32\drivers\360SelfProtection.sys
2009-12-03 23:19 . 2009-10-16 12:21 52480 ----a-w- c:\windows\system32\drivers\hookport.sys
2009-12-03 23:19 . 2009-11-18 02:07 36480 ----a-w- c:\windows\system32\drivers\qutmdrv.sys
2009-12-03 23:18 . 2009-10-21 11:50 16640 ----a-w- c:\windows\system32\drivers\bfsdrv.sys
2009-12-03 23:18 . 2009-11-24 10:37 25728 ----a-w- c:\windows\system32\drivers\qutmipc.sys
2009-12-01 06:35 . 2009-12-01 06:35 -------- d-----w- c:\documents and settings\KHC\Application Data\AVG8
2009-12-01 05:55 . 2008-01-30 20:38 30728 ----a-w- c:\windows\system32\drivers\epfwndis.sys
2009-11-28 05:25 . 2009-11-28 05:25 -------- d-----w- C:\Mini_Game_Controller
2009-11-27 14:44 . 2009-11-27 14:44 -------- d-----w- C:\My Medias
2009-11-27 14:41 . 2007-02-28 21:33 761856 ----a-w- c:\windows\system32\xvidcore.dll
2009-11-27 14:41 . 2007-02-28 21:33 180224 ----a-w- c:\windows\system32\xvidvfw.dll
2009-11-27 14:41 . 2007-02-28 21:30 574976 ----a-w- c:\windows\system32\divx.dll
2009-11-27 14:41 . 2007-02-28 21:30 86016 ----a-w- c:\windows\system32\dpl100.dll
2009-11-27 14:41 . 2007-02-28 21:30 593920 ----a-w- c:\windows\system32\dpuGUI11.dll
2009-11-27 14:41 . 2007-02-28 21:30 57344 ----a-w- c:\windows\system32\dpv11.dll
2009-11-27 14:41 . 2007-02-28 21:30 3596288 ----a-w- c:\windows\system32\qt-dx331.dll
2009-11-27 14:41 . 2007-02-28 21:30 294912 ----a-w- c:\windows\system32\dpu11.dll
2009-11-27 14:41 . 2007-02-28 21:30 200704 ----a-w- c:\windows\system32\ssldivx.dll
2009-11-27 14:41 . 2007-02-28 21:30 200704 ----a-w- c:\windows\system32\dtu100.dll
2009-11-27 14:41 . 2007-02-28 21:30 1044480 ----a-w- c:\windows\system32\libdivx.dll
2009-11-26 11:03 . 2009-11-26 11:03 -------- d-----w- c:\documents and settings\All Users\Application Data\Youdao
2009-11-26 10:34 . 2009-11-26 10:34 -------- d-----w- c:\documents and settings\KHC\Local Settings\Application Data\Yodao
2009-11-26 10:34 . 2009-11-26 10:34 -------- d-----w- c:\program files\Youdao
2009-11-26 10:30 . 2009-11-26 10:31 -------- d-----w- c:\documents and settings\All Users\Application Data\kingsoft
2009-11-26 10:30 . 2009-11-26 10:30 -------- d-----w- c:\program files\Kingsoft
2009-11-17 09:22 . 2009-11-17 09:22 -------- d-----w- c:\documents and settings\All Users\Application Data\nView_Profiles
2009-11-15 20:35 . 2009-12-05 10:27 -------- d-----w- c:\documents and settings\KHC\Application Data\AddressBar
.
(((((((((((((((((((((((((((((((((((((((( 在三个月内被修改的档案 ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-12-06 20:15 . 2009-03-25 19:01 -------- d-----w- c:\program files\mozira
2009-12-06 19:33 . 2009-05-19 06:30 -------- d-----w- c:\program files\象棋巫师
2009-12-06 04:39 . 2009-04-08 11:40 -------- d-----w- c:\program files\Winamp Toolbar
2009-12-05 10:43 . 2009-04-16 19:12 -------- d-----w- c:\program files\RadarSync
2009-12-05 09:34 . 2009-06-15 04:33 -------- d-----w- c:\program files\PPStream
2009-12-05 09:34 . 2009-03-22 19:33 -------- d---a-w- c:\program files\GameSpy Arcade
2009-12-05 09:34 . 2009-04-14 19:18 -------- d-----w- c:\program files\Daytona USA
2009-12-05 09:22 . 2009-10-05 23:27 -------- d-----w- c:\program files\FMS
2009-12-05 09:22 . 2009-05-29 23:21 -------- d-----w- c:\program files\Folder Guide
2009-12-05 06:42 . 2009-05-29 00:09 -------- d-----w- c:\program files\CCleaner
2009-12-04 06:20 . 2009-05-04 00:38 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2009-12-04 05:30 . 2009-03-22 07:03 -------- d-----w- c:\program files\thunder
2009-12-04 04:57 . 2007-12-04 17:41 147456 ----a-w- c:\windows\system32\nvcolor.exe
2009-12-04 04:49 . 2007-12-04 17:41 753664 ----a-w- c:\windows\system32\nvcplui.exe
2009-12-04 04:49 . 2007-12-04 17:41 1626112 ----a-w- c:\windows\system32\nwiz.exe
2009-12-04 04:35 . 2009-04-28 21:57 104448 ----a-w- C:\PlayRagnarok-Public-V1.1.exe
2009-12-04 04:34 . 2009-05-06 13:51 475136 ----a-w- c:\documents and settings\All Users\Application Data\F4\EoS-Launcher.exe
2009-12-04 04:15 . 2009-10-24 12:20 -------- d-----w- c:\documents and settings\KHC\Application Data\uTorrent
2009-12-04 04:14 . 2009-06-06 21:21 -------- d-----w- c:\program files\Unlocker
2009-12-04 04:03 . 2009-04-16 02:55 -------- d-----w- c:\program files\360
2009-12-04 04:00 . 2009-04-16 02:55 -------- d-----w- c:\documents and settings\KHC\Application Data\360Safe
2009-12-04 04:00 . 2009-03-25 18:59 -------- d-----w- c:\documents and settings\All Users\Application Data\360safe
2009-12-04 03:30 . 2009-03-22 11:30 -------- d-----w- c:\documents and settings\KHC\Application Data\PPStream
2009-12-04 03:30 . 2009-06-05 19:29 -------- d-----w- c:\program files\HD Tune
2009-12-01 12:05 . 2009-05-28 08:34 -------- d-----w- c:\program files\Avast Alwil Software
2009-12-01 11:21 . 2009-10-24 12:21 -------- d-----w- c:\program files\uTorrent
2009-12-01 09:38 . 2009-07-03 20:09 22272 ----a-w- c:\windows\system32\drivers\bregdrv.sys
2009-12-01 05:55 . 2009-04-29 01:13 -------- d-----w- c:\documents and settings\All Users\Application Data\ESET
2009-12-01 02:32 . 2009-03-22 11:27 3091 ----a-w- c:\windows\system32\cid_store.dat
2009-11-28 06:11 . 2009-05-14 05:13 50 ----a-w- c:\windows\popcinfo.dat
2009-11-27 14:44 . 2009-04-15 18:44 -------- d---a-w- c:\documents and settings\All Users\Application Data\TEMP
2009-11-17 09:23 . 2009-03-22 10:58 22712 ----a-w- c:\documents and settings\KHC\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-11-10 02:01 . 2009-04-02 08:42 -------- d-----w- c:\program files\Microsoft Silverlight
2009-11-10 01:58 . 2009-04-02 08:39 -------- d-----w- c:\program files\Windows Live
2009-10-31 04:50 . 2009-10-31 04:50 -------- d-----w- c:\documents and settings\KHC\Application Data\Xilisoft
2009-10-25 09:59 . 2009-05-12 18:50 -------- d--h--w- c:\program files\InstallShield Installation Information
2009-10-24 17:26 . 2009-03-25 02:42 151928 ----a-w- c:\documents and settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat
2009-10-24 03:15 . 2009-10-24 03:15 -------- d-----w- c:\documents and settings\All Users\Application Data\XLab
2009-10-23 19:47 . 2009-10-23 19:47 -------- d-----w- c:\program files\Common Files\baidu
2009-10-23 12:19 . 2009-10-23 12:19 -------- d-----w- c:\documents and settings\All Users\Application Data\SWTCWRH
2009-10-23 09:49 . 2009-10-23 09:49 -------- d-----w- c:\documents and settings\All Users\Application Data\DivoGames
2009-10-22 22:21 . 2009-10-22 22:21 -------- d-----w- c:\documents and settings\All Users\Application Data\thunder_vod_cache
2009-10-22 19:51 . 2009-09-20 11:05 26 ----a-w- c:\windows\system32\xlhcc.dat
2009-10-21 03:17 . 2009-10-21 03:17 -------- d-----w- c:\program files\Common Files\SourceTec
2009-09-25 00:33 . 2009-09-25 00:33 285704 ----a-w- c:\windows\system32\drivers\bdfsfltr.sys
2009-09-20 11:04 . 2009-09-20 11:04 20 ----a-w- c:\windows\system32\pub_store.dat
.
------- Sigcheck -------
[7] 2008-06-20 . AD978A1B783B5719720CFF204B666C8E . 361600 . . [5.1.2600.5625] . . c:\windows\$hf_mig$\KB951748\SP3QFE\tcpip.sys
[7] 2008-06-20 . 9AEFA14BD6B182D61E3119FA5F436D3D . 361600 . . [5.1.2600.5625] . . c:\windows\system32\dllcache\tcpip.sys
[-] 2008-06-20 . 4AFB3B0919649F95C1964AA1FAD27D73 . 361600 . . [5.1.2600.5625] . . c:\windows\system32\drivers\tcpip.sys
[7] 2008-04-14 . 93EA8D04EC73A85DB02EB8805988F733 . 361344 . . [5.1.2600.5512] . . c:\windows\$NtUninstallKB951748$\tcpip.sys
.
((((((((((((((((((((((((((((((((((((( 重要登入点 ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*注意* 空白与合法缺省登录将不会被显示
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"msnmsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2009-07-27 4064080]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"360Safebox"="d:\360safebox\SafeBoxTray.exe" [2009-03-26 800264]
"360Safetray"="c:\program files\360\360Safe\safemon\360Tray.exe" [2009-11-28 624184]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2007-12-04 8523776]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableLUA"= 0 (0x0)
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"DisableTaskMgr"= 1 (0x1)
"DisableRegistryTools"= 1 (0x1)
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"New Value #1"= 0 (0x0)
"New Value #2"= 0 (0x0)
"NoStartButton"= 0 (0x0)
"NoExpandedNewMenu"= 0 (0x0)
"NoFileUrl"= 0 (0x0)
"NoNavButtons"= 0 (0x0)
"SmallIcons"= 0 (0x0)
"SpecifyDefaultButtons"= 1 (0x1)
"RestrictRun"= 0 (0x0)
[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]
"New Value #1"= 0 (0x0)
"New Value #2"= 0 (0x0)
[HKLM\~\startupfolder\C:^Documents and Settings^KHC^Start Menu^Programs^Startup^PPS.lnk]
path=c:\documents and settings\KHC\Start Menu\Programs\Startup\PPS.lnk
backup=c:\windows\pss\PPS.lnkStartup
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000001
"FirewallDisableNotify"=dword:00000001
"UpdatesDisableNotify"=dword:00000001
"AntiVirusOverride"=dword:00000001
"FirewallOverride"=dword:00000001
"UacDisableNotify"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc]
"AntiVirusOverride"=dword:00000001
"AntiVirusDisableNotify"=dword:00000001
"FirewallDisableNotify"=dword:00000001
"FirewallOverride"=dword:00000001
"UpdatesDisableNotify"=dword:00000001
"UacDisableNotify"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\NVIDIA Corporation\\NetworkAccessManager\\Apache Group\\Apache2\\bin\\Apache.exe"=
"c:\\Program Files\\PPStream\\PPSAP.exe"=
"c:\\Program Files\\GameSpy Arcade\\Aphex.exe"=
"d:\\Quake III Arena\\quake3.exe"=
"c:\\WINDOWS\\system32\\dpvsetup.exe"=
"c:\\TDDOWNLOAD\\install.exe"=
"c:\\Program Files\\360\\360Safe\\modules\\360upp.exe"=
"c:\\Program Files\\BoltSoft\\DispatchOfArmy\\Bolt.exe"=
"c:\\Program Files\\MSN\\ppstreamsetup.exe"=
"d:\\Left 4 Dead\\left4dead.exe"=
"c:\\Program Files\\Valve\\hl.exe"=
"c:\\Program Files\\Thunder Network\\Thunder\\Program\\Thunder5.exe"=
"c:\\Program Files\\uTorrent\\uTorrent.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Windows Live\\Sync\\WindowsLiveSync.exe"=
"c:\\Program Files\\CyberLink\\PowerDVD8\\PDVD8Serv.exe"=
"c:\\Program Files\\Youdao\\DeskDict2\\RunDict.exe"=
"c:\\WINDOWS\\system32\\nwiz.exe"=
"c:\\WINDOWS\\system32\\IME\\PINTLGNT\\ImScInst.exe"=
"c:\\Program Files\\Kingsoft\\KSWebShieldSVC\\kwsupd.exe"=
"c:\\Program Files\\Kingsoft\\KSWebShieldSVC\\KWSUpreport.exe"=
"c:\\Documents and Settings\\KHC\\Desktop\\WanMei Online\\element\\reportbugs\\pwprotector.exe"=
"c:\\Program Files\\Avast Alwil Software\\Avast2009\\ashChest.exe"=
"c:\\Program Files\\Common Files\\Ahead\\Lib\\NMIndexStoreSvr.exe"=
"c:\\Program Files\\360\\360Safe\\softmgr\\360speedld.exe"=
"c:\\Program Files\\Common Files\\InstallShield\\UpdateService\\issch.exe"=
"c:\\Program Files\\360\\360Safe\\safemon\\360tray.exe"= c:\\Program Files\\360\\360Safe\\safemon\\360Tray.exe
"c:\\Program Files\\mozira\\firefox.exe"=
"c:\\Program Files\\360v5\\360safe\\safemon\\360tray.exe"=
"c:\\Program Files\\360\\360Safe\\LiveUpdate360.exe"=
"c:\\Program Files\\Unlocker\\UnlockerAssistant.exe"=
"c:\\WINDOWS\\trlrm\\RMHSvc.exe"=
R0 HookPort;HookPort;c:\windows\system32\drivers\hookport.sys [2009-12-3 15:19 52480]
R1 360SelfProtection;360SelfProtection;c:\windows\system32\drivers\360SelfProtection.sys [2009-12-3 15:19 86528]
R1 BFSDRV;BFSDRV;c:\windows\system32\drivers\bfsdrv.sys [2009-12-3 15:18 16640]
R1 BREGDRV;BREGDRV;c:\windows\system32\drivers\bregdrv.sys [2009-7-3 12:09 22272]
R1 EfiMon;EfiSystemMon;c:\windows\system32\drivers\efimon.sys [2009-8-6 6:29 19072]
R1 qutmipc;qutmipc;c:\windows\system32\drivers\qutmipc.sys [2009-12-3 15:18 25728]
R1 trlkprot;Trlokom Application scan driver;c:\windows\system32\drivers\trlkprot.sys [2009-12-5 3:00 186880]
R2 360rp;360 杀毒实时防护服务;c:\program files\360\360sd\360rp.exe [2009-11-29 828928]
R2 fssfltr;FssFltr;c:\windows\system32\drivers\fssfltr_tdi.sys [2009-4-2 0:42 54752]
R2 WinFLdrv;WinFLdrv;c:\windows\system32\WinFLdrv.sys [2009-6-21 22:15 10752]
R2 ZhuDongFangYu;主动防御;c:\program files\360v5\360safe\deepscan\ZhuDongFangYu.exe [2009-11-6 0:16 214528]
R3 abp470n5;abp470n5;\??\c:\windows\system32\drivers\rhkmln.sys --> c:\windows\system32\drivers\rhkmln.sys [?]
R3 qutmdserv;Quantum DeepScanner Servers;c:\windows\system32\drivers\qutmdrv.sys [2009-12-3 15:19 36480]
S3 MarkFun_NT;MarkFun_NT;c:\program files\Gigabyte\ET5\MARKFUN.W32 [2009-3-21 22:13 19776]
S3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\mbamswissarmy.sys [2009-5-3 16:38 38496]
S3 Mkd2kfNt;Mkd2kfNt;c:\windows\system32\drivers\Mkd2kfNT.sys [2009-5-5 2:28 131456]
S3 Mkd2Nadr;Mkd2Nadr;c:\windows\system32\drivers\Mkd2Nadr.sys [2009-5-5 2:28 79104]
S4 Kingsoft Antivirus WebShield Service;Kingsoft Antivirus WebShield Service;c:\program files\Kingsoft\KSWebShieldSVC\KSWebShield.exe [2009-11-26 2:30 271768]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
bdx REG_MULTI_SZ scan sysagent
.
------- 而外的扫描 -------
.
uStart Page = about:blank
uInternet Connection Wizard,ShellNext = hxxp://www.yahoo.com/
IE: &Search
IE: Download by RedTube Grabber
IE: ê1ó???à×????
IE: ê1ó???à×????è?2?á′?ó
IE: ê1ó???à×???? - c:\program files\thunder\Program\geturl.htm
IE: ê1ó???à×????è?2?á′?ó - c:\program files\thunder\Program\getallurl.htm
IE: 妏蚚捃濘狟婥?窒蟈諉
IE: 妏蚚捃濘狟婥?窒蟈諉 - c:\program files\thunder\Program\getallurl.htm
.
- - - - ORPHANS REMOVED - - - -
WebBrowser-{D4027C7F-154A-4066-A1AD-4243D8127440} - (no file)
AddRemove-360SD - c:\program files\360\360sd\uninst.exe
AddRemove-AddressBar - c:\program files\Baidu\AddressBar\ASBarBroker.exe
AddRemove-avast! - c:\program files\Alwil Software\Avast4\aswRunDll.exe
AddRemove-Battlefield 2 Codename WCC Coop_is1 - c:\program files\EA GAMES\Battlefield 2\unins000.exe
AddRemove-BulletProofSoft Youtube Video Grabber Trial Version_is1 - c:\program files\BulletProofSoft.com\Youtube Video Grabber\unins000.exe
AddRemove-CCleaner - c:\program files\CCleaner\uninst.exe
AddRemove-Counter-Strike 1.6 标准版 (seventeen战队) - c:\progra~1\COUNTE~1\UNWISE.EXE
AddRemove-FMS - c:\program files\FMS\Uninstall.exe
AddRemove-Folder Guide - c:\progra~1\FOLDER~1\UNWISE.EXE
AddRemove-Freedom Fighters - c:\progra~1\EAGAME~1\FREEDO~1\UNWISE.EXE
AddRemove-Game Maker 7.0 - d:\folder\Uninstal.exe
AddRemove-GameSpy Arcade - d:\gamesp~1\UNWISE.EXE
AddRemove-HeatGames PerfectWorld Patch 2.00 - d:\pw\HeatGames PerfectWorld\Uninstall.exe
AddRemove-HeatGamesPWPatch3.1 3.10 - d:\perfect world\Program Files\Perfect World Entertainment\Perfect World International\HeatGames Perfect World\Uninstall.exe
AddRemove-InstallShield_{2BF2E31F-B8BB-40A7-B650-98D28E0F7D47} - c:\program files\InstallShield Installation Information\{2BF2E31F-B8BB-40A7-B650-98D28E0F7D47}\SETUP.EXE
AddRemove-InstallShield_{49C98C60-BAC3-4C92-AF4F-E890FD312D60} - c:\progra~1\COMMON~1\INSTAL~1\Driver\7\INTEL3~1\IDriver.exe
AddRemove-Magellass Corp. - WinBoost_is1 - c:\program files\Magellass\WinBoost\unins000.exe
AddRemove-Magellass Corp. - WinBrush_is1 - c:\program files\Magellass\WinBrush\unins000.exe
AddRemove-NVIDIA Drivers - c:\windows\system32\nvuide.exe UninstallGUI
AddRemove-RadarSync - c:\program files\RadarSync\uninst.exe
AddRemove-Sierra Utilities - c:\program files\Sierra On-Line\sutil32.exe uninstall
AddRemove-Weapons Factory Arena 2.9_is1 - c:\program files\Quake III Arena\wfa\unins000.exe
AddRemove-Wings Over Israel - c:\program files\ThirdWire\Wings Over Israel\uninst.exe
AddRemove-Xilisoft Download YouTube Video - c:\antamedia\Download YouTube Video\Uninstall.exe
AddRemove-{1759D846-48F7-46B7-AC8D-CD2175559CAD}_is1 - c:\program files\MYCNX\Holy Legend Online\unins000.exe
AddRemove-{23F3F476-BE34-4f48-9C77-2806A8393EC4} - c:\program files\360\360se3\UnInst360SE.exe
AddRemove-{3405AFEA-0892-4871-85FE-A2B2EE446420}_is1 - d:\vipyong2\VIPYong2 Online\unins000.exe
AddRemove-{CBA2E782-C278-4B81-008D-4703FCBC1A2E} - c:\program files\Maxis\SimCity 4\EAUninstall.exe
AddRemove-{FFF4949A-3B77-452C-BC5E-F49C8FBA99CF}_is1 - d:\fifa\Fifa 2010\unins000.exe
AddRemove-圣魔大战 - d:\gta4\圣魔大战\uninst.exe
AddRemove-象棋巫师 - c:\program files\象棋巫师\uninst.exe
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-12-06 12:23
Windows 5.1.2600 Service Pack 3 NTFS
扫描被隐藏的进程 。。。
扫描被隐藏的启动组 。。。
扫描被隐藏的文件 。。。
c:\windows\system32\sys_drv.dat 6024 bytes
c:\windows\system32\sys_drv_2.dat 5020 bytes
c:\documents and settings\KHC\Application Data\systemfl.$dk 990 bytes
扫描完成
被隐藏的档案: 3
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
[HKEY_LOCAL_MACHINE\software\Classes\*\shell\ *~v*N N購*N噀鯪\command]
@="\"c:\\Program Files\\Internet Explorer\\iexplore.exe\" \"http://www.gggdu.com/baidd?word=%1\""
.
--------------------- 运行进程下的动态链接库 ---------------------
- - - - - - - > 'explorer.exe'(2680)
c:\program files\360\360Safe\safemon\safemon.dll
.
------------------------ 其他运行进程 ------------------------
.
c:\windows\System32\NOTEPAD.EXE
c:\program files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe
c:\windows\system32\nvsvc32.exe
c:\program files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
c:\program files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe
c:\windows\trlrm\RMHSvc.exe
c:\windows\system32\wdfmgr.exe
c:\program files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcIp.exe
c:\program files\Windows Live\Contacts\wlcomm.exe
.
**************************************************************************
.
完成时间: 2009-12-06 12:29 - 电脑已重新启动
ComboFix-quarantined-files.txt 2009-12-06 20:29
Pre-Run: 6,138,494,976 bytes free
Post-Run: 5,956,886,528 bytes free
- - End Of File - - 211D92B0415B81BF98151C3B93FA6F01
I'm recommending to format and reinstall your operating system. If you have data you need backed up you can put the drive in another system and copy data over. Or plug in an external and possibly boot to safe mode so the infections won't bother you so bad, if you don't have another computer around.
Stoic Sentinel
New Member
Trust johnb, he's a legend on CF
, if he thinks you're screwed, you're screwed 
, best to salvage all you can get and reformat.