I have been hit by generic6.MCT trojan.  AVG AntiVirus keeps finding it but cannot delete or quarantine it.  Try to clean it with NOD32, VundoFix and ComboFix and AVG Anti-Spyware but it still comes back.

 

Below is the scan log from HJT:

 

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 下午 02:52:53, on 2007/10/30
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
C:\Program Files\Microsoft SQL Server\MSSQL$TL_MSDE\Binn\sqlservr.exe
C:\Program Files\Eset\nod32krn.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\Program Files\Microsoft SQL Server\MSSQL$TL_MSDE\Binn\sqlagent.EXE
C:\WINDOWS\system32\CAP4RSK.EXE
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\QuickTime\qttask.exe
C:\WINDOWS\System32\igfxtray.exe
C:\WINDOWS\System32\hkcmd.exe
C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\spool\drivers\w32x86\3\CAP4LAK.EXE
C:\WINDOWS\system32\spool\drivers\w32x86\3\CAP4SWK.EXE
C:\WINDOWS\system32\spool\drivers\w32x86\3\CAP4SWK.EXE
C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe
C:\Program Files\WinZip\WZQKPICK.EXE
C:\Program Files\Microsoft Office\Office\1028\msoffice.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\MSN Messenger\usnsvc.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\Pando Networks\Pando\pando.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\Documents and Settings\abc\桌面\HiJackThis.exe

R3 - URLSearchHook: Yahoo! 工具列 - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Companion\Installs\cpn\yt.dll
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Companion\Installs\cpn\yt.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: CInterceptor Object - {38D3FE60-3D53-4F37-BB0E-C7A97A26A156} - C:\Program Files\Pando Networks\Pando\PandoIEPlugin.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: ST - {9394EDE7-C8B5-483E-8773-474BF36AF6E4} - C:\Program Files\MSN Apps\ST\01.03.0000.1005\en-xu\stmain.dll
O2 - BHO: shdoc1c.dll - {969BF939-52D0-45BE-99D8-C08746C90171} - C:\WINDOWS\system32\shdoc1c.dll (file missing)
O2 - BHO: Century Class - {B9893324-6B8F-4C54-98A8-D22194403550} - C:\WINDOWS\system32\SoTools.dll
O2 - BHO: MSNToolBandBHO - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\MSN Toolbar\01.02.5000.1021\zh-hk\msntb.dll
O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\MSN Toolbar\01.02.5000.1021\zh-hk\msntb.dll
O3 - Toolbar: Yahoo! 工具列 - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe"  -osboot
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [IMEKRMIG6.1] C:\WINDOWS\ime\imkr6_1\IMEKRMIG.EXE
O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\System32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Yahoo! Pager] C:\PROGRA~1\Yahoo!\MESSEN~1\ypager.exe -quiet
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe"
O4 - HKCU\..\Run: [Pando] "C:\Program Files\Pando Networks\Pando\Pando.exe" /Minimized
O4 - HKLM\..\Policies\Explorer\Run: [jp0l2y8] rundll32 "C:\WINDOWS\Downlo~1\jp0l2y8.dll",Run
O4 - HKCU\..\Policies\Explorer\Run: [serpe] C:\WINDOWS\System32\serbw.exe
O4 - HKCU\..\Policies\Explorer\Run: [ltwob] C:\WINDOWS\System32\formatsys.exe
O4 - HKCU\..\Policies\Explorer\Run: [avnort] C:\WINDOWS\msmbw.exe
O4 - HKUS\S-1-5-19\..\Run: [ctfmon.exe] C:\WINDOWS\System32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [ctfmon.exe] C:\WINDOWS\System32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [ctfmon.exe] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [ctfmon.exe] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java 主控台 - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O15 - Trusted Zone: http://*.www.loyaltex.com
O16 - DPF: DSOnline - https://online.dg-sign.com/common/DSOnline.cab
O16 - DPF: {003FACAF-40CB-4358-96D2-B0D8CEF4DBF5} (SKeyHelper Class) - https://bet.hongkongjockeyclub.com/ib/SKey/ch/cab/EWinSKey.CAB
O16 - DPF: {0B1B7F9A-F92E-4F03-8E3A-58BD64D364D0} (EonUISpace Class) - http://www.loyaltex.com:8080/appeon/weblibrary_ax/weblibrary.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} - http://ak.imgfarm.com/images/nocache/funwebproducts/ei-2/SmileyCentralFWBInitialSetup1.0.0.8-2.cab
O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} (YInstStarter Class) - http://us.dl1.yimg.com/download.yahoo.com/dl/installs/yinst20040510.cab
O16 - DPF: {3AC7F64E-6154-47B0-82B5-764ED4077F77} (DataStorage Class) - http://txn.hkjc.com/BetSlip/object/HKJCSecKey.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx1.hotmail.com/mail/w2/pr02/resources/MSNPUpld.cab
O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} (RdxIE Class) - http://software-dl.real.com/3124aec729f817224805/netzip/RdxIE601_tw.cab
O16 - DPF: {650BD90A-FC66-4302-894D-861AD9527010} (EonUISpace Class) - (local)
O16 - DPF: {88D969C0-F192-11D4-A65F-0040963251E5} (XML DOM Document 4.0) - file://C:\TempEI4\EI40_\msxml4.cab
O16 - DPF: {A326EB76-4AC1-4295-B0CC-59BFB5B4200E} (EonDownloadCenter Class) - http://www.loyaltex.com/appeon/weblibrary_ax/ceondownloadcenter.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMessengerSetupDownloader.cab
O16 - DPF: {E4F500BF-C1A3-11D6-9697-0090961B771E} (VCR.Scan) - http://www.viruschaser.com.hk/webscan/Vcrscan.CAB
O17 - HKLM\System\CCS\Services\Tcpip\..\{6DE3FEA0-C623-477E-BE97-B84E27CE1184}: NameServer = 203.198.23.208,218.102.32.208
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Acronis Scheduler2 Service (AcrSch2Svc) - Acronis - C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Madie Seriel Number Services - Unknown owner - C:\WINDOWS\System32\notaped.exe (file missing)
O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset  - C:\Program Files\Eset\nod32krn.exe
O23 - Service: Sandra Data Service (SandraDataSrv) - SiSoftware - C:\Program Files\SiSoftware\SiSoftware Sandra Lite 2005\RpcDataSrv.exe
O23 - Service: Sandra Service (SandraTheSrv) - SiSoftware - C:\Program Files\SiSoftware\SiSoftware Sandra Lite 2005\RpcSandraSrv.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe

--
End of file - 9772 bytes

This is scan log from ComboFix:

 

ComboFix 07-10-29.1 - abc 2007-10-30 10:26:45.1 - NTFSx86
Microsoft Windows XP Home Edition  5.1.2600.2.950.1.1028.18.107 [GMT 8:00]
執行位置?: C:\Documents and Settings\abc\桌面\ComboFix.exe
 * 已建立新的還原點
.

((((((((((((((((((((((((((((((((((((((   其他遭刪除的檔案   ))))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Documents and Settings\abc\Application Data\macromedia\Flash Player\#SharedObjects\SGRUXJNP\iforex.com
C:\Documents and Settings\abc\Application Data\macromedia\Flash Player\#SharedObjects\SGRUXJNP\iforex.com\Emerp\Events\flash_object.swf\user_data.sol
C:\Documents and Settings\abc\Application Data\macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#iforex.com
C:\Documents and Settings\abc\Application Data\macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#iforex.com\settings.sol
C:\Documents and Settings\abc\Local Settings\Application Data\baidu
C:\Documents and Settings\All Users\Application Data.\microsoft\pctools
C:\Documents and Settings\All Users\Application Data.\microsoft\pctools\pctools.dll
C:\Documents and Settings\All Users\Application Data.\t
C:\Documents and Settings\All Users\Application Data.\t\a2001.dat
C:\Documents and Settings\All Users\Application Data.\t\b2001.dat
C:\Documents and Settings\All Users\Application Data.\t\k2001.dat
C:\Documents and Settings\All Users\Application Data.\t\p2001.dat
C:\Documents and Settings\All Users\Application Data.\t\r2001.dat
C:\Documents and Settings\All Users\Application Data\microsoft\pctools\pctools.dll
C:\Program Files\Common Files\{357F4~1
C:\Program Files\Common Files\{457F4~1
C:\Program Files\FunWebProducts
C:\Program Files\FunWebProducts\ScreenSaver\Images\[u]0[/u]2225BFB.urr
C:\Program Files\MyWebSearch
C:\Program Files\MyWebSearch\bar\History\search
C:\Program Files\MyWebSearch\bar\Settings\s_pid.dat
C:\Program Files\MyWebSearch\bar\Settings\settings.dat
C:\Program Files\MyWebSearch\bar\Settings\settings.htm
C:\setup.exe
C:\WINDOWS\741.bmp
C:\WINDOWS\Downloaded Program Files\Log
C:\WINDOWS\Downloaded Program Files\Log\scan.log
C:\WINDOWS\Downloaded Program Files\Log\vlog.log
C:\WINDOWS\KB611311.log
C:\WINDOWS\system32\[u]0[/u].txt
C:\WINDOWS\system32\601.dll
C:\WINDOWS\system32\d3d1caps.srg
C:\WINDOWS\system32\drivers\acpidisk.sys
C:\WINDOWS\system32\drivers\mxdispdr.sys
C:\WINDOWS\system32\drivers\npf.sys
C:\WINDOWS\system32\iexp_log.txt
C:\WINDOWS\system32\KB8888V00.log
C:\WINDOWS\system32\KB8888V02.log
C:\WINDOWS\system32\KB8888V03.log
C:\WINDOWS\system32\KB8888V04.log
C:\WINDOWS\system32\KB8888V05.log
C:\WINDOWS\system32\KB8888V06.log
C:\WINDOWS\system32\KB8888V07.log
C:\WINDOWS\system32\KB8888V08.log
C:\WINDOWS\system32\KB8888V09.log
C:\WINDOWS\system32\KBDLLVER.log
C:\WINDOWS\system32\KBEXEVER.log
C:\WINDOWS\system32\mprmsgse.axz
C:\WINDOWS\system32\mscpx32r.det
C:\WINDOWS\system32\O.txt
C:\WINDOWS\TEMP.\~my1.tmp
C:\WINDOWS\TEMP.\cache

.
(((((((((((((((((((((((((((((((((((((((   Drivers/Services   )))))))))))))))))))))))))))))))))))))))))))))))))

.
-------\LEGACY_MXDISPDR
-------\LEGACY_NPF
-------\LEGACY_SQUELL
-------\mxdispdr
-------\NPF

((((((((((((((((((((((((((((   2007-09-28 - 2007-10-30 之間建立的檔案  )))))))))))))))))))))))))))))))))
.

2007-10-30 10:26 51,200 --a------ C:\WINDOWS\NirCmd.exe
2007-10-24 19:15 155,648 --a------ C:\WINDOWS\system32\igfxres.dll
2007-10-24 18:55 70,144 --a--c--- C:\WINDOWS\system32\dllcache\pintlphr.exe
2007-10-24 18:55 67,584 --a--c--- C:\WINDOWS\system32\dllcache\pmigrate.dll
2007-10-24 18:55 59,392 --a--c--- C:\WINDOWS\system32\dllcache\imscinst.exe
2007-10-24 18:55 24,661 --a------ C:\WINDOWS\system32\spxcoins.dll
2007-10-24 18:55 24,661 --a--c--- C:\WINDOWS\system32\dllcache\spxcoins.dll
2007-10-24 18:55 13,312 --a------ C:\WINDOWS\system32\irclass.dll
2007-10-24 18:55 13,312 --a--c--- C:\WINDOWS\system32\dllcache\irclass.dll
2007-10-20 09:37 77,824 --a------ C:\WINDOWS\system32\SoTools.dll
2007-09-29 10:25 <DIR> d-------- C:\Program Files\Windows Live
2007-09-29 10:25 <DIR> d-------- C:\Program Files\Incesoft
2007-09-15 08:28 20,541 --a------ C:\WINDOWS\system32\detoured.dll
2007-09-14 10:56 462,848 --a------ C:\WINDOWS\system32\ltkrn13n.dll
2007-09-14 10:56 450,560 --a------ C:\WINDOWS\system32\ltimg13n.dll
2007-09-14 10:56 401,408 --a------ C:\WINDOWS\system32\lfcmp13n.dll
2007-09-14 10:56 299,008 --a------ C:\WINDOWS\system32\ltdis13n.dll
2007-09-14 10:56 206,336 --a------ C:\WINDOWS\system32\ltefx13n.dll
2007-09-14 10:56 163,840 --a------ C:\WINDOWS\system32\ltfil13n.dll
2007-09-14 10:56 69,632 --a------ C:\WINDOWS\system32\lfgif13n.dll
2007-09-14 10:56 57,344 --a------ C:\WINDOWS\system32\lfbmp13n.dll
2007-09-13 14:15 <DIR> d-------- C:\Program Files\Lavasoft
2007-09-13 14:15 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Lavasoft
2007-09-13 14:14 <DIR> d-------- C:\Program Files\Common Files\Wise Installation Wizard
2007-09-05 13:43 <DIR> d-------- C:\Program Files\Common Files\Scanner

.
((((((((((((((((((((((((((((((((((((   近三個月內更動的檔案   )))))))))))))))))))))))))))))))))))))))))))))))
.
2007-10-30 01:06 --------- d-----w C:\Documents and Settings\abc\Application Data\AVG7
2007-10-23 02:48 --------- d-----w C:\Documents and Settings\abc\Application Data\AdobeUM
2007-10-18 01:28 53,248 ----a-r C:\WINDOWS\4a71.exe
2007-09-29 02:25 --------- d-----w C:\Program Files\MSN Messenger
2007-09-05 05:42 --------- d-----w C:\Program Files\Yahoo!
2007-08-31 04:02 --------- d-----w C:\Documents and Settings\koyuiman\Application Data\AVG7
2007-07-25 04:05 18,690,560 ----a-w C:\Program Files\CMCHT10.msi
2007-03-13 04:01 17,823,600 ----a-w C:\Program Files\Install_Messenger.exe
2006-03-17 06:10 43,106,264 ----a-w C:\Program Files\DPP211UPD_EN.EXE
2006-03-17 04:57 5,312,392 ----a-w C:\Program Files\msjavx86.exe
2006-03-17 04:35 5,319,000 ----a-w C:\Program Files\msjavx86_3810.exe
2006-03-15 11:21 1,534,186 ----a-w C:\Program Files\NoisewareCESetupxp2501.exe
2005-10-20 12:50 1,607,846 ----a-w C:\Program Files\pf-setup-en.exe
2005-09-08 03:57 4,274,897 ----a-w C:\Program Files\mw9791cht.exe
2005-08-09 14:00 54,227 -c--a-w C:\Program Files\ES1938_1946_XP3055_sign584162.zip
2005-03-18 06:09 1,238,154 ----a-w C:\Program Files\wrar342tc.exe
2004-12-10 07:23 7,275,208 ----a-w C:\Program Files\Install_MSN_Messenger_DL.EXE
2004-11-30 02:52 5,205,496 ----a-w C:\Program Files\SetupDl.exe
2004-11-11 05:06 4,826,624 ----a-w C:\Program Files\ymsgrhk.exe
2004-11-11 04:42 1,482,752 ----a-w C:\Program Files\freeqk2004.exe
2002-04-12 07:08 18,781 -c--a-w C:\Program Files\es1969.cat
2002-02-22 06:56 62,580 -c--a-w C:\Program Files\ES1969.inf
2002-02-22 04:47 96,896 -c--a-w C:\Program Files\es1969.sys
.

((((((((((((((((((((((((((((((((((((((((((   重要登錄檔   )))))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*注意* 空白或合法的登錄值將不會顯示

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{969BF939-52D0-45BE-99D8-C08746C90171}]
   C:\WINDOWS\system32\shdoc1c.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{B9893324-6B8F-4C54-98A8-D22194403550}]
2007-10-20 09:37 77824 --a------ C:\WINDOWS\system32\SoTools.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [2007-04-06 22:38]
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [2006-07-31 18:09]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2006-08-10 23:57]
"IMJPMIG8.1"="C:\WINDOWS\IME\imjp8_1\IMJPMIG.exe" [2004-08-12 20:00]
"IMEKRMIG6.1"="C:\WINDOWS\ime\imkr6_1\IMEKRMIG.EXE" [2001-09-17 20:00]
"MSPY2002"="C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe" [2004-08-12 20:00]
"PHIME2002ASync"="C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.exe" [2004-08-12 20:00]
"PHIME2002A"="C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.exe" [2004-08-12 20:00]
"IgfxTray"="C:\WINDOWS\System32\igfxtray.exe" [2003-04-07 15:19]
"HotKeysCmds"="C:\WINDOWS\System32\hkcmd.exe" [2003-04-07 15:07]
"AVG7_CC"="C:\PROGRA~1\Grisoft\AVG7\avgcc.exe" [2007-10-23 09:15]
"combofix"="C:\WINDOWS\system32\cmd.exe" [2004-08-12 20:00]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-12 20:00]
"Yahoo! Pager"="C:\PROGRA~1\Yahoo!\MESSEN~1\ypager.exe" [2004-08-06 15:33]
"MsnMsgr"="C:\Program Files\MSN Messenger\MsnMsgr.exe" [2007-01-19 12:55]
"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [2004-10-14 00:24]
"Pando"="C:\Program Files\Pando Networks\Pando\Pando.exe" [2007-10-05 12:33]

[HKEY_USERS\.default\software\microsoft\windows\currentversion\run]
"IpWins"=C:\Program Files\Ipwindows\ipwins.exe

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
"Authentication Packages"= msv1_0 relog_ap

R0 snapman;Acronis Snapshots Manager;C:\WINDOWS\system32\DRIVERS\snapman.sys
R0 t2x9;t2x;C:\WINDOWS\system32\DRIVERS\t2x9.sys
R0 timounter;Acronis True Image Backup Archive Explorer;C:\WINDOWS\system32\DRIVERS\timntr.sys
R1 ppmoucls;ppmoucls;C:\WINDOWS\system32\DRIVERS\ppmoucls.sys
R1 pptchpad;PenPower Touchpad;C:\WINDOWS\system32\DRIVERS\pptchpd5.sys
R2 MSSQL$TL_MSDE;MSSQL$TL_MSDE;C:\Program Files\Microsoft SQL Server\MSSQL$TL_MSDE\Binn\sqlservr.exe -sTL_MSDE
R2 SQLAgent$TL_MSDE;SQLAgent$TL_MSDE;C:\Program Files\Microsoft SQL Server\MSSQL$TL_MSDE\Binn\sqlagent.EXE -i TL_MSDE
R2 SVKP;SVKP;\??\C:\WINDOWS\System32\SVKP.sys
R2 tifsfilter;Acronis True Image FS Filter;C:\WINDOWS\system32\DRIVERS\tifsfilt.sys
R2 w55bvn;w55bvn;\??\C:\WINDOWS\system32\drivers\w55bvn.sys
S2 fmumbx9a;fmumbx9a;\??\C:\WINDOWS\system32\drivers\fmumbx9a.sys
S2 Madie Seriel Number Services;Madie Seriel Number Services;C:\WINDOWS\System32\notaped.exe
S3 es1969;ESS 1969 Audio Driver (WDM);C:\WINDOWS\system32\drivers\es1969.sys

.
**************************************************************************

catchme 0.3.1239 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2007-10-30 10:33:33
Windows 5.1.2600 Service Pack 2 NTFS

掃描隱藏的程序...

掃描隱藏的進程...

掃描隱藏的檔案...

掃描完成
隱藏檔案?: 0

**************************************************************************
.
完成時間?: 2007-10-30 10:34:49 - machine was rebooted
.
 --- E O F ---

VundoFix cannot find anything.

 

Best regards,

Rickronn

 

Hello, Cstrikedish,

Thanks for your quick reply.  I have removed the items as per your advices but AVG Antivirus still finds the infections as before.

I do have AVG Antivirus, NOD32 and AVG Anti-Spyware available but they are unable to deal with the problem.

Best regards,

Rickronn