Bullguard Antivirus Forum Download A Free Copy Of Bullguard Antivirus Software
Free Antivirus Forum - Learn about antivirus, firewalls and personal security Free Antivirus Forum - Learn about antivirus, firewalls and personal security
 HomeLog InRegisterCommunity CalendarSearch the ForumView The Member ListHelp
I have a problem as this, who can help me
   
BullGuard Antivirus Forum > Virus Removal > Removal Tools > I have a problem as this, who can help me  
Forum Quick Jump
 
New Topic Post reply to : I have a problem as this, who can help me Printable version of : I have a problem as this, who can help me
[ << Previous Thread | Next Thread >> ]

tinyboss
New Member


Date Joined May 2008
Total Posts : 1
  		   Posted 5-5-2008 9:42 (GMT +1)    Quote: I have a problem as this, who can help meAlert an admin about: I have a problem as this, who can help me
Deckard's System Scanner v20071014.68
Run by MrtWu on 2008-05-05 16:27:34
Computer is in Normal Mode.
--------------------------------------------------------------------------------
-- System Restore --------------------------------------------------------------
Successfully created a Deckard's System Scanner Restore Point.

-- Last 5 Restore Point(s) --
31: 2008-05-05 08:27:38 UTC - RP262 - Deckard's System Scanner Restore Point
30: 2008-05-04 04:20:28 UTC - RP261 - 安装 卡巴斯基反病毒软件 7.0.
29: 2008-04-29 04:13:57 UTC - RP260 - 系统检查点
28: 2008-04-27 08:20:15 UTC - RP259 - 系统检查点
27: 2008-04-26 06:15:50 UTC - RP258 - 删除了 Sony Ericsson PC Suite

-- First Restore Point --
1: 2008-03-10 14:24:21 UTC - RP232 - 系统检查点

Backed up registry hives.
Performed disk cleanup.
 
-- HijackThis Clone ------------------------------------------------------------

Emulating logfile of Trend Micro HijackThis v2.0.2
Scan saved at 2008-05-05 16:29:51
Platform: Windows XP Service Pack 2 (5.01.2600)
MSIE: Internet Explorer (6.00.2900.2180)
Boot mode: Normal
Running processes:
C:\WINDOWS\system32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\acs.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\drivers\CDAC11BA.EXE
C:\Program Files\lotus\notes\ntmulti.exe
C:\WINDOWS\system32\spool\drivers\w32x86\3\HPZIPM12.EXE
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\WINDOWS\system32\BHDCRegC.exe
C:\Program Files\OCINS\idnsvr.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Documents and Settings\new\桌面\dss.exe
C:\WINDOWS\system32\conime.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.google.com/ie
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://www.google.com/search?q=%s
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = 链接
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 10.138.43.250:8080
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.google.com/ie
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie
R1 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie
R1 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = http://client.jogo.cn/cdn/browser/customsearch/customsearch-cn.html
R3 - Default URLSearchHook is missing
O2 - BHO: QQToolbar - {29CF293A-1E7D-4069-9E11-E39698D0AF95} - C:\Program Files\Tencent\QQToolbar\IEBar.dll
O2 - BHO: IEAux Class - {7605CC7C-00FD-4A5F-BAFD-828342DE6279} - C:\Program Files\OCINS\ieaux.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\GoogleToolbar1.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\GoogleToolbar1.dll
O3 - Toolbar: QQToolbar - {29CF293A-1E7D-4069-9E11-E39698D0AF95} - C:\Program Files\Tencent\QQToolbar\IEBar.dll
O4 - HKLM\..\Run: [ATIModeChange] Ati2mdxx.exe
O4 - HKLM\..\Run: [BHDCRegC] C:\WINDOWS\system32\BHDCRegC.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe"  -osboot
O4 - HKLM\..\Run: [IdnSvr] C:\Program Files\OCINS\idnsvr.exe
O4 - HKLM\..\Run: [AVP] "C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [AcerVGA Drivers V1.2] C:\WINDOWS\initview32.exe
O4 - HKUS\S-1-5-19\..\Run: [ctfmon.exe] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [ctfmon.exe] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe (User 'Default user')
O4 - Startup: QQ游戏启动加速程序.lnk = D:\Program Files\Tencent\QQGAME\Accel.exe
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Startup: 腾讯QQ.lnk = D:\Program Files\QQ2005\QQ.exe
O8 - Extra context menu item: &访问通用网址 - C:\Program Files\OCINS\cnrbtn.html
O8 - Extra context menu item: 导出到 Microsoft Office Excel(&X) - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: 添加到QQ表情 - D:\Program Files\QQ2005\AddEmotion.htm
O9 - Extra button: Web 反病毒统计 - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - (file missing)
O9 - Extra button: 中文上网 - {B012491E-8FA4-4851-AA9B-22E33784FBAD} - C:\Program Files\OCINS\config.exe
O9 - Extra 'Tools' menuitem: 中文上网 - {B012491E-8FA4-4851-AA9B-22E33784FBAD} - C:\Program Files\OCINS\config.exe
O10 - Broken Internet access because of LSP provider 'C:\WINDOWS\system32\cdnns.dll' missing
O15 - Trusted Zone: *.easyabc.95599.cn (HKCU)
O15 - Trusted Zone: *.www.95599.cn (HKCU)
O15 - Trusted Zone: https://www.ccb.com (HKCU)
O15 - Trusted Zone: https://www.ccb.com.cn (HKCU)
O15 - Trusted Zone: https://mybank.icbc.com.cn (HKCU)
O15 - Trusted Zone: http://www.icbc.com.cn (HKCU)
O16 - DPF: {0EB487C8-E9AC-43A6-8C4C-083999B0622F} (InfosecCertInstall Class) - https://mybank.icbc.com.cn/icbc/perbank/certInStall.dll
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {3BFFE033-BF43-11D5-A271-00A024A51325} (iNotes6 Class) - http://frepmail01.frep-ipmt.com.cn/iNotes6W.cab
O16 - DPF: {3D8F74EE-8692-4F8F-B8D2-7522E732519E} (WebActivater Control) - http://game.qq.com/QQGame2.cab
O16 - DPF: {488A4255-3236-44B3-8F27-FA1AECAA8844} (EditCtrl Class) - https://img.alipay.com/download/1101/aliedit.cab
O16 - DPF: {5CB840B5-A94E-4AD9-B785-4866E3B04476} (InfoSecNetSign Class) - https://mybank.icbc.com.cn/icbc/ICBCNetSignG.dll
O16 - DPF: {65CD25B0-F091-47E8-B0A4-8706B52D5BEF} (ActiveXP Control) - http://www.myvideochat.net/ActiveXP.cab
O16 - DPF: {8D9E0B29-563C-4226-86C1-5FF2AE77E1D2} (AxSubmitControl Class) - https://mybank.icbc.com.cn/icbc/perbank/AxSafeControls.cab
O16 - DPF: {B219E31C-E110-4638-AF01-7BDD5ACA552C} (ICBCQPKCom_HH Class) - https://mybank.icbc.com.cn/icbc/ICBCQPK_HH.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
O16 - DPF: {E787FD25-8D7C-4693-AE67-9406BC6E22DF} (PasswordEditCtrl Class) - https://www.tenpay.com/download/qqedit.cab
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.8.5.1302.1018.dll
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.8.5.1302.1018.dll
O18 - Filter: text/xml - {807553E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE11\MSOXMLMF.DLL
O23 - Service: TP-LINK 配置服务 (ACS) - Atheros - C:\WINDOWS\system32\acs.exe
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\system32\ati2evxx.exe
O23 - Service: 卡巴斯基反病毒软件 7.0 (AVP) - Kaspersky Lab - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe
O23 - Service: C-DillaCdaC11BA - Macrovision - C:\WINDOWS\system32\drivers\CDAC11BA.EXE
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: HP Port Resolver - Hewlett-Packard Company - C:\WINDOWS\system32\spool\drivers\w32x86\3\HPBPRO.EXE
O23 - Service: HP Status Server - Hewlett-Packard Company - C:\WINDOWS\system32\spool\drivers\w32x86\3\HPBOID.EXE
O23 - Service: Multi-user Cleanup Service - IBM Corp - C:\Program Files\lotus\notes\ntmulti.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\spool\drivers\w32x86\3\HPZIPM12.EXE

--
End of file - 8108 bytes
-- File Associations -----------------------------------------------------------
[COLOR=red].chm - chm.file - shell\open\command - "hh.exe" %1[/COLOR]
[COLOR=red].ini - inifile - shell\open\command - C:\WINDOWS\System32\NOTEPAD.EXE %1[/COLOR]
[COLOR=red].txt - txtfile - shell\open\command - C:\WINDOWS\notepad.exe %1[/COLOR]

-- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled ---------------------
R0 cnprov - c:\windows\system32\drivers\cnprov.sys <Not Verified; 中国互联网络信息中心(CNNIC); 中文上网官方版>
R0 RsAntiSpyware - c:\windows\system32\drivers\rsboot.sys <Not Verified; Beijing Rising Technology Co., Ltd.; Rising KaKa>
R2 CdaC15BA - c:\windows\system32\drivers\cdac15ba.sys <Not Verified; Macrovision Europe Ltd; Security Windows NT>
R2 idnaux - c:\windows\system32\drivers\idnaux.sys <Not Verified; 中国互联网络信息中心(CNNIC); CNNIC idnaux>
R3 WSIMD (wsimd Service) - c:\windows\system32\drivers\wsimd.sys <Not Verified; Atheros Communications, Inc.; Wireless Intermediate Miniport Driver>
S0 a320raid - c:\windows\system32\drivers\a320raid.sys <Not Verified; Adaptec, Inc.; Adaptec HostRAID for Ultra320 SCSI>
S0 AAC - c:\windows\system32\drivers\aac.sys <Not Verified; Adaptec, Inc.; Adaptec RAID Controller>
S0 aar1210 - c:\windows\system32\drivers\aar1210.sys <Not Verified; Adaptec, Inc.; Adaptec HostRAID for Serial ATA>
S0 aec6210 (ACARD AEC6210UF UltraDMA33 Controller) - c:\windows\system32\drivers\aec6210.sys <Not Verified; ACARD Technology Corp.; ACARD PCI Ultra-IDE DMA-33 Controller>
S0 aec6260 (ACARD AEC6260 UltraDMA-66 Controller) - c:\windows\system32\drivers\aec6260.sys <Not Verified; ACARD Technology Corp.; ACARD's DMA-66 IDE Driver>
S0 aec6280 - c:\windows\system32\drivers\aec6280.sys <Not Verified; ACARD Technology Corp.; ACARD AEC6280 ATA-133 PCI IDE Controller>
S0 AEC6290 - c:\windows\system32\drivers\aec6290.sys <Not Verified; ACARD Technology Corp.; ACARD AEC6280 ATA-133 PCI IDE Controller>
S0 AEC67160 - c:\windows\system32\drivers\aec67160.sys <Not Verified; ACARD Technology Corp.; Acard? AEC-67160 PCI Ultra3 LVD/SE Controller>
S0 AEC671X - c:\windows\system32\drivers\aec671x.sys <Not Verified; ACARD Technology Corp.; Acard? AEC-671X PCI Ultra/W SCSC-3 Controller>
S0 AEC6880 - c:\windows\system32\drivers\aec6880.sys <Not Verified; ACARD Technology Corp.; Acard? AEC-6880/90 PCI Ultra ATA133 RAID Controller>
S0 AEC6890 - c:\windows\system32\drivers\aec6890.sys <Not Verified; ACARD Technology Corp.; Acard? AEC-6880/90 PCI Ultra ATA133 RAID Controller>
S0 aec68x5 - c:\windows\system32\drivers\aec68x5.sys <Not Verified; ACARD Technology Corp.; ACARD? AEC-6885/95/96 PCI ATA133 4 Channel RAID Controller>
S0 FASTSX - c:\windows\system32\drivers\fastsx.sys <Not Verified; Promise Technology, Inc.; Promise FastTRAK SX4/SX4000 (tm) Driver>
S0 fasttrak - c:\windows\system32\drivers\fasttrak.sys <Not Verified; Promise Technology, Inc.; Promise FastTrak Series Driver>
S0 fasttx2k - c:\windows\system32\drivers\fasttx2k.sys <Not Verified; Promise Technology, Inc.; Promise FastTrak Series Driver>
S0 fasttx2k2 - c:\windows\system32\drivers\fasttx2k2.sys <Not Verified; Promise Technology, Inc.; Promise FastTrak Series Driver>
S0 Hpt366 - c:\windows\system32\drivers\hpt366.sys <Not Verified; Microsoft Corporation; Microsoft(R) Windows NT(TM) Operating System>
S0 HPT371 - c:\windows\system32\drivers\hpt371.sys <Not Verified; HighPoint Technologies, Inc.; HPT371>
S0 hpt374 - c:\windows\system32\drivers\hpt374.sys <Not Verified; HighPoint Technologies, Inc.; HPT374>
S0 hptmv - c:\windows\system32\drivers\hptmv.sys <Not Verified; HighPoint Technologies, Inc.; RocketRAID 182x>
S0 hptpro - c:\windows\system32\drivers\hptpro.sys <Not Verified; HighPoint Technologies, Inc.; HighPoint Filter Driver>
S0 m5228 - c:\windows\system32\drivers\m5228.sys <Not Verified; ALi Corporation.; M5228 ATA RAID Controller Driver>
S0 m5281 - c:\windows\system32\drivers\m5281.sys <Not Verified; ALi Corporation; M5281 SATA RAID Controller Driver>
S0 MegaIDE - c:\windows\system32\drivers\megaide.sys <Not Verified; LSI Logic Corporation.; MegaRAID IDE>
S0 mraid2k - c:\windows\system32\drivers\mraid2k.sys <Not Verified; American Megatrends, Inc.; MegaRAID Miniport Driver for Windows 2000>
S0 PNP649R - c:\windows\system32\drivers\pnp649r.sys <Not Verified; CMD Technology, Inc.; Medley>
S0 Pnp680 (SiI 680 ATA Controller) - c:\windows\system32\drivers\pnp680.sys <Not Verified; Silicon Image, Inc.; PnP680>
S0 Pnp680r (Silicon Image SiI 0680 Medley Raid Controller) - c:\windows\system32\drivers\pnp680r.sys <Not Verified; Silicon Image, Inc; Medley>
S0 RAIDSRC - c:\windows\system32\drivers\raidsrc.sys <Not Verified; Intel/ICP; Intel(r)/ICP Miniport Driver>
S0 S150SX8 - c:\windows\system32\drivers\s150sx8.sys <Not Verified; Promise Technology, Inc.; Promise SATAII150 SX8 (tm) Driver>
S0 s2xiz (s2xi) - c:\windows\system32\drivers\s2xiz.sys (file missing)
S0 SI3112 (SiI-3512 SATALink Controller) - c:\windows\system32\drivers\si3112.sys <Not Verified; Silicon Image, Inc.; SiI 3112 SATALink controller>
S0 SI3112r (Silicon Image SiI 3512 SATARaid Controller) - c:\windows\system32\drivers\si3112r.sys <Not Verified; Silicon Image, Inc; Medley>
S0 SI3114 (SiI-3114 SATALink Controller) - c:\windows\system32\drivers\si3114.sys <Not Verified; Silicon Image, Inc.; SiI 3114 SATALink controller>
S0 SI3114r (SiI-3114 SATARaid Controller) - c:\windows\system32\drivers\si3114r.sys <Not Verified; Silicon Image, Inc; SATARAID>
S0 SI3124 (SiI-3124 SATALink Controller) - c:\windows\system32\drivers\si3124.sys <Not Verified; Silicon Image, Inc.; SiI 3124 SATALink controller>
S0 SI3124r (SiI-3124 SATARaid Controller) - c:\windows\system32\drivers\si3124r.sys <Not Verified; Silicon Image, Inc; SATARAID>
S0 SiFilter (SATALink driver accelerator) - c:\windows\system32\drivers\siwinacc.sys <Not Verified; Silicon Image, Inc.; SATALink Accelerator Driver>
S0 SISIDE - c:\windows\system32\drivers\siside.sys <Not Verified; Silicon Integrated Systems Corp.; SiS PCI Mini IDE Driver>
S0 SiSRaid - c:\windows\system32\drivers\sisraid.sys <Not Verified; Silicon Integrated Systems; SiS 180 Controller>
S0 SiSRaid1 - c:\windows\system32\drivers\sisraid1.sys <Not Verified; Silicon Integrated Systems; SiS 181 Controller>
S0 SISRAIDS - c:\windows\system32\drivers\sisraids.sys <Not Verified; Silicon Integrated Systems Corp; SiS 182 Controller>
S0 sptrak - c:\windows\system32\drivers\sptrak.sys <Not Verified; Promise Technology, Inc.; Promise SuperTrak Family Driver>
S0 ULSATAS - c:\windows\system32\drivers\ulsatas.sys <Not Verified; Promise Technology, Inc.; Promise ulsata2 Series Driver>
S0 viamraid - c:\windows\system32\drivers\viamraid.sys <Not Verified; VIA Technologies inc,.ltd; VIA RAID driver>
S0 viaraid - c:\windows\system32\drivers\viaraid.sys <Not Verified; VIA Technologies inc,.ltd; VT6410 RAID MINIPORT DRIVER>
S0 viasraid - c:\windows\system32\drivers\viasraid.sys <Not Verified; VIA Technologies inc,.ltd; Raid controller 6420 driver>
S0 vmscsi - c:\windows\system32\drivers\vmscsi.sys <Not Verified; VMware, Inc.; VMware, Inc. Script1 Application>
S2 AsyncMac (RAS Asynchronous Media Driver) - c:\windows\system32\drivers\comint32.sys (file missing)
S2 npkcrypt - c:\program files\qq2005\npkcrypt.sys (file missing)
S3 AR5211 (TP-LINK Wireless Network Adapter Service) - c:\windows\system32\drivers\ar5211.sys <Not Verified; Atheros Communications, Inc.; Atheros AR5001 Wireless Network Adapter>
S3 ATICDSDr - f:\ghost\sp27431\bin\atiicdxx.sys <Not Verified; ATI Technologies Inc.; ATI Graphics Accelerators>
S3 usb2vcom (USB Data Cable) - c:\windows\system32\drivers\usb2vcom.sys <Not Verified; ; USB to Serial Bridge Controller>
S3 WL - c:\docume~1\new\locals~1\temp\tmp5.tmp (file missing)
S3 WWSPLIT (Willing Webcam WDM Driver) - c:\windows\system32\drivers\wwsplit.sys (file missing)

-- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled --------------------
R2 ACS (TP-LINK 配置服务) - c:\windows\system32\acs.exe <Not Verified; Atheros; Atheros Configuration Service (ACS)>
R2 C-DillaCdaC11BA - c:\windows\system32\drivers\cdac11ba.exe <Not Verified; Macrovision; SafeCast Windows NT>
R2 Multi-user Cleanup Service - "c:\program files\lotus\notes\ntmulti.exe" <Not Verified; IBM Corp; IBM Lotus Notes/Domino>

-- Device Manager: Disabled ----------------------------------------------------
No disabled devices found.

-- Files created between 2008-04-05 and 2008-05-05 -----------------------------
2008-05-05 16:02:55     13824 --a------ C:\WINDOWS\dminitiate.dll
2008-05-04 12:21:07     96645 --a------ C:\WINDOWS\system32\drivers\klin.dat
2008-05-04 12:21:07     87941 --a------ C:\WINDOWS\system32\drivers\klick.dat
2008-05-04 12:20:36        32 --ahs---- C:\WINDOWS\system32\drivers\fidbox2.dat
2008-05-04 12:20:36        32 --ahs---- C:\WINDOWS\system32\drivers\fidbox.dat
2008-05-04 12:20:36         0 d-------- C:\Program Files\Kaspersky Lab
2008-05-04 12:20:36         0 d-------- C:\Documents and Settings\All Users\Application Data\Kaspersky Lab
2008-05-04 12:19:33         0 d-------- C:\Documents and Settings\All Users\Application Data\Kaspersky Lab Setup Files
2008-04-28 18:09:48         0 d-------- C:\Documents and Settings\new\Application Data\ppstream
2008-04-28 18:05:38         0 d-------- C:\Documents and Settings\All Users\Application Data\Storm
2008-04-28 18:05:37         0 d-------- C:\Documents and Settings\new\Application Data\Application Data
2008-04-28 18:05:11         0 d-------- C:\Program Files\StormII
2008-04-26 00:20:03       197 --a------ C:\WINDOWS\QQPet.dat
2008-04-22 22:43:08         0 d-------- C:\Documents and Settings\new\Application Data\QQUpdate
2008-04-22 19:17:42         0 d-------- C:\Documents and Settings\All Users\Application Data\Tencent
2008-04-22 16:30:29         0 d-------- C:\Documents and Settings\new\Application Data\QQDoctor
2008-04-22 16:25:40         0 d-------- C:\Program Files\Tencent
2008-04-22 16:25:39         0 d-------- C:\Documents and Settings\new\Application Data\Tencent
2008-04-22 16:25:36         0 d-------- C:\Program Files\Microsoft Silverlight
2008-04-22 16:25:30         0 d-------- C:\Documents and Settings\new\Application Data\QQ
2008-04-21 23:15:42      8704 --a------ C:\WINDOWS\http.dll
2008-04-19 15:29:51     89600 --a------ C:\WINDOWS\iclsize32.dll
2008-04-19 15:29:41    324608 --a------ C:\WINDOWS\initview32.exe
2008-04-10 13:58:23         0 d-------- C:\Documents and Settings\new\Documentum
2008-04-07 16:16:04         0 d-------- C:\Program Files\lotus
2008-04-07 14:34:48    364629 --a------ C:\WINDOWS\system32\acs.exe <Not Verified; Atheros; Atheros Configuration Service (ACS)>
2008-04-07 14:34:42     55840 --a------ C:\WINDOWS\system32\wsimd.sys <Not Verified; Atheros Communications, Inc.; Wireless Intermediate Miniport Driver>
2008-04-07 14:34:42    249925 --a------ C:\WINDOWS\system32\wsimd.dll <Not Verified; Atheros Communications, Inc.; wsimd>
2008-04-07 14:34:42    254023 --a------ C:\WINDOWS\system32\wsfwDS.dll <Not Verified; Atheros Communications, Inc.; wsfwds>
2008-04-07 14:34:42     61440 --a------ C:\WINDOWS\system32\wgapiloc.dll <Not Verified; ; GUI API Localized Library>
2008-04-07 14:34:42    377014 --a------ C:\WINDOWS\system32\wgapi.dll <Not Verified; ; GUI API Library>
2008-04-07 14:34:42    344156 --a------ C:\WINDOWS\system32\wcapiU.dll <Not Verified; Atheros; Atheros Client API Library>
2008-04-07 14:34:42    393216 --a------ C:\WINDOWS\system32\wcapi.dll <Not Verified; Atheros; Atheros Client API Library>
2008-04-07 14:34:42     82017 -ra------ C:\WINDOWS\system32\dsaNac.dll <Not Verified; Devicescape, Inc.; Devicescape NAC Notify DLL>
2008-04-07 14:34:42   1241166 --a------ C:\WINDOWS\system32\dsa.dll <Not Verified; Devicescape; Devicescape Windows WPA Supplicant (Core 0.4.3)>
2008-04-07 14:34:42     55840 --a------ C:\WINDOWS\system32\drivers\wsimd.sys <Not Verified; Atheros Communications, Inc.; Wireless Intermediate Miniport Driver>
2008-04-07 14:34:42    303199 --a------ C:\WINDOWS\system32\athcfg20U.dll <Not Verified; Atheros; Atheros Configuration API Dynamic Link Library>
2008-04-07 14:34:42    114792 --a------ C:\WINDOWS\system32\athcfg20resU.dll <Not Verified; Atheros Communications, Inc.; Atheros Configuration API Res Dynamic Link Library>
2008-04-07 14:34:42    114766 --a------ C:\WINDOWS\system32\athcfg20res.dll <Not Verified; Atheros Communications, Inc.; Atheros Configuration API Res Dynamic Link Library>
2008-04-07 14:34:42    237568 --a------ C:\WINDOWS\system32\athcfg20.dll <Not Verified; Atheros; Atheros Configuration API Dynamic Link Library>
2008-04-07 14:34:42     73728 --a------ C:\WINDOWS\system32\athcfg11resloc.dll <Not Verified; Atheros Communications, Inc.; Atheros Configuration API Res Localized Dynamic Link Library>
2008-04-07 14:34:37         0 d-------- C:\Program Files\TP-LINK
2008-04-07 14:34:32    543712 --a------ C:\WINDOWS\system32\ar5211.sys <Not Verified; Atheros Communications, Inc.; Atheros AR5001 Wireless Network Adapter>
2008-04-07 14:31:57         0 d-------- C:\Documents and Settings\All Users\Application Data\TP-LINK
2008-04-07 14:12:42         0 d-------- C:\temp
2008-04-07 13:51:09         0 d-------- C:\Program Files\Wireless LAN Utility
2008-04-05 21:32:40     74240 -----n--- C:\WINDOWS\system32\drivers\sisnpf.sys <Not Verified; Politecnico di Torino; NPF Driver>
2008-04-05 21:32:36         0 d-------- C:\Program Files\SiS163u

-- Find3M Report ---------------------------------------------------------------
2008-04-29 13:58:00      1863 --a------ C:\WINDOWS\system32\cnprov.dat
2008-04-19 15:29:32       219 --a------ C:\WINDOWS\viewcab33x.exe
2008-04-05 21:16:40    125444 --a------ C:\WINDOWS\system32\prfh0804.dat
2008-04-05 21:16:40     48680 --a------ C:\WINDOWS\system32\prfc0804.dat
2008-03-29 12:25:06    118784 --a------ C:\WINDOWS\system32\ieprot.dll <Not Verified; Beijing Rising Technology Co., Ltd.; IE Protector>
2008-03-29 12:24:54    397386 --a------ C:\WINDOWS\system32\KakaTool.dll <Not Verified; Beijing Rising Technology Co., Ltd.; 瑞星卡卡上网安全助手5.0>
2008-02-25 20:48:24    278528 --a------ C:\WINDOWS\system32\livesnth.dll <Not Verified; LiveUpdate; LiveSynth>
2008-02-14 20:49:54         8 --a------ C:\WINDOWS\ocinfo.dat

-- Registry Dump ---------------------------------------------------------------
*Note* empty entries & legit default entries are not shown

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{29CF293A-1E7D-4069-9E11-E39698D0AF95}]
2008-04-22 16:25 1013120 --a------ C:\Program Files\Tencent\QQToolbar\IEBar.dll
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{7605CC7C-00FD-4A5F-BAFD-828342DE6279}]
2008-02-14 20:49 183680 --a------ C:\PROGRA~1\OCINS\ieaux.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ATIModeChange"="Ati2mdxx.exe" [2001-09-04 16:24 C:\WINDOWS\system32\Ati2mdxx.exe]
"BHDCRegC"="C:\WINDOWS\system32\BHDCRegC.exe" [2005-03-15 16:40]
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" []
"IdnSvr"="C:\Program Files\OCINS\idnsvr.exe" [2008-02-14 20:49]
"AVP"="C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe" [2008-02-08 18:36]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-08 04:00]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-07-10 13:18]
"AcerVGA Drivers V1.2"="C:\WINDOWS\initview32.exe" [2008-04-19 15:29]
C:\Documents and Settings\new\「开始」菜单\程序\启动\
QQ游戏启动加速程序.lnk - D:\Program Files\Tencent\QQGAME\Accel.exe [2007-11-2 16:50:07]
Adobe Gamma.lnk - C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2005-3-16 19:16:50]
腾讯QQ.lnk - D:\Program Files\QQ2005\QQ.exe [2008-4-7 13:44:53]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{AC2DC2EF-5165-40A3-8CDF-41DCA1B0901A}"= C:\WINDOWS\system32\shlhook.dll [2007-12-13 11:37 65536]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IMJPMIG8.1]
"C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PHIME2002A]
C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PHIME2002ASync]
C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\StormCodec_Helper]
"C:\Program Files\Ringz Studio\Storm Codec\StormSet.exe" /S /opti

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{1965d7c0-d205-11db-9bad-0008026ba59c}]
Auto\command- H:\mWcyO.exe
AutoRun\command- C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL mWcyO.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{3146ac90-3f55-11dc-9cfe-000802659189}]
AutoRun\command- wscript.exe .\.vbs
open\command- wscript.exe .\.vbs
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{5c1dc010-85cc-11dc-9daf-000802659189}]
AutoRun\command- 1.exe 0o
explore\Command- 1.exe 0e
open\Command- 1.exe 0o
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{5f4b1ee0-9d51-11dc-9df8-000802659189}]
1\command- escro.exe
Auto\command- auto.exe
AutoRun\command- C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL escro.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{b4f460a0-4acf-11dc-9d27-000802659189}]
Auto\command- Ghost.pif
AutoRun\command- C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL Ghost.pif
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{eaa32170-e052-11db-9be8-0008026ba59c}]
AutoRun\command- reper.exe

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\AcerVGA Drivers V1.2]
C:\WINDOWS\initview32.exe
 
-- End of Deckard's System Scanner: finished at 2008-05-05 16:30:52 ------------
 
Back to Top
 

Touch
Forum Moderator




Date Joined Jun 2004
Total Posts : 13812
  		   Posted 5-5-2008 10:53 (GMT +1)    Quote: I have a problem as this, who can help meAlert an admin about: I have a problem as this, who can help me
Hello smile


Please download:
swandog46.geekstogo.com/avenger2/avenger.zip


Right click on the Avenger.zip folder and select "Extract to Avenger...

You will now have an Avenger folder on your desktop.

Copy all the text contained in the code box below to your Clipboard by highlighting it and pressing Ctrl+C
Quote:

-----------------------------------------------------

Files to delete:
C:\WINDOWS\initview32.exe
C:\WINDOWS\iclsize32.dll
H:\mWcyO.exe

Folders to delete:
C:\Program Files\OCINS

--------------------------------------------------

Make sure the Scan for rootkits is checked ...
& the Automatically disable any rootkits found is NOT checked ...

Click on Execute

Answer "Yes" twice when prompted.

After the restart, it creates a log file that should open with the results of Avenger’s actions. This log file will be located at C:\avenger.txt

Please copy/paste the content of C:\avenger.txt into your reply along with a fresh HJT log and tell how things are running ?

Do NOT post your problem in someone elses thread.

Back to Top
 
New Topic Post reply to : I have a problem as this, who can help me Printable version of : I have a problem as this, who can help me
 
Forum Information
Currently it is Wednesday, December 03, 2008 12:24 AM (GMT +1)
There are a total of 64.507 posts in 15.908 threads.
In the last 3 days there were 17 new threads and 84 reply posts. View Active Threads
Who's Online
This forum has 27322 registered members. Please welcome our newest member, imezeguy.
38 Guest(s), 0 Registered Member(s) are currently online.  Details
5 Latest Threads
Need virus removal help - malwarebytes etc (5)02-12-2008 19:12:25 (Jonathan_ll)
Help please !!!!! (0)02-12-2008 18:12:57 (RERAZOR)
Trojan Horse Downloader Generic EPY (0)02-12-2008 17:40:36 (ah ying)
Command Service (8)02-12-2008 17:11:50 (yogendra)
Virtrigger removal (10)02-12-2008 15:16:23 (JHT)


Need Support? Write to: | Forum Help Manual

Download free trial version of Bullguard