Jump to content

strfind.exe?


hlw_rocer
 Share

Recommended Posts

DDS'

DDS (Ver_2012-11-20.01) - FAT32_x86
Internet Explorer: 8.0.6001.18702
Run by Administrator at 22:02:09 on 2013-11-23
Microsoft Windows XP Professional  5.1.2600.2.936.86.2052.18.446.64 [GMT 8:00]
.
AV: 360杀毒 *Enabled/Updated* {D737F2DE-FA43-4036-AF5B-911612E2D674}
.
============== Running Processes ================
.
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\360\360Desktop\Bin\360Desktop.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\WINDOWS\System32\alg.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Documents and Settings\Administrator\Application Data\360bizhi\360wpsrv.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\conime.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k NetworkService
C:\WINDOWS\system32\svchost.exe -k LocalService
C:\WINDOWS\system32\svchost.exe -k bthsvcs
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\WINDOWS\System32\svchost.exe -k HTTPFilter
.
============== Pseudo HJT Report ===============
.

uWindow Title = Windows Internet Explorer


mWinlogon: SFCDisable = dword:-99
BHO: 360sdbho Class: {0F4BF955-A127-41B7-A998-369904AA2578} - d:\backup\360sd\360sdbho.dll
BHO: NavigatMon Class: {B69F34DD-F0F9-42DC-9EDD-957187DA688D} - d:\backup\360安全卫士\safemon\safemon.dll
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [360sd] "d:\backup\360sd\360sd.exe" /autorun
uRun: [360Desktop] "c:\program files\360\360desktop\bin\360Desktop.exe" /autorun
uRun: [AROReminder] c:\program files\aro 2013\aro.exe -rem
mRun: [RTHDCPL] RTHDCPL.EXE
mRun: [Alcmtr] ALCMTR.EXE
mRun: [ATICCC] "c:\program files\ati technologies\ati.ace\cli.exe" runtime -Delay
mRun: [360Safetray] "d:\backup\360安全卫士\safemon\360Tray.exe" /start
mRun: [bluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
dRun: [ctfmon.exe] c:\windows\system32\CTFMON.EXE
StartupFolder: c:\docume~1\alluse~1\「开始~1\程序\启动\蓝牙控~1.lnk - c:\program files\widcomm\bluetooth software\BTTray.exe
uPolicies-Explorer: NoDriveTypeAutoRun = dword:145
mPolicies-Explorer: NoDriveTypeAutoRun = dword:181
mPolicies-Explorer: NoDriveTypeAutoRun = dword:145
IE: 导出到 Microsoft Office Excel(&X) - c:\progra~1\micros~2\office11\EXCEL.EXE/3000
IE: 添加到QQ表情 - c:\program files\tencent\qq\AddEmotion.htm
IE: 添加网址到360安全桌面 - c:\program files\360\360desktop\bin\addapp.html


TCP: NameServer = 208.59.247.45 208.59.247.46 192.168.1.1
TCP: Interfaces\{2AA344D4-56B3-44B5-91E9-A7AB54BC52E0} : DHCPNameServer = 208.59.247.45 208.59.247.46 192.168.1.1
Notify: AtiExtEvent - Ati2evxx.dll
mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "c:\program files\google\chrome\application\27.0.1453.110\installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome
mASetup: {A509B1FF-37FF-4bFF-8CFF-4F3A747040FF} - c:\windows\system32\rundll32.exe c:\windows\system32\advpack.dll,launchinfsectionex c:\program files\internet explorer\clrtour.inf,DefaultInstall.ResetTour,,12
.
============= SERVICES / DRIVERS ===============
.
R0 ahci8086;ahci8086;c:\windows\system32\drivers\ahci8086.sys [2006-10-28 119808]
R0 CSB6IDE;CSB6IDE;c:\windows\system32\drivers\csb6ide.sys [2006-10-28 2802]
R0 FASTTRAK;FASTTRAK;c:\windows\system32\drivers\fasttrak.sys [2006-10-28 81816]
R0 HookPort;HookPort;c:\windows\system32\drivers\hookport.sys [2012-7-27 75832]
R0 M5281;M5281;c:\windows\system32\drivers\m5281.sys [2006-10-28 51072]
R0 M5289;M5289;c:\windows\system32\drivers\m5289.sys [2006-10-28 52480]
R0 ULSATA2;ULSATA2;c:\windows\system32\drivers\ulsata2.sys [2006-10-28 115816]
R1 360AntiHacker;360Safe Anti Hacker Service;c:\windows\system32\drivers\360AntiHacker.sys [2012-7-27 85696]
R1 360Box;360Box mini-filter driver;c:\windows\system32\drivers\360Box.sys [2012-7-27 191664]
R1 360Camera;360Safe Camera Filter Service;c:\windows\system32\drivers\360Camera.sys [2012-11-16 34488]
R1 360netmon;360netmon;c:\windows\system32\drivers\360netmon.sys [2012-7-27 165824]
R1 360SelfProtection;360SelfProtection;c:\windows\system32\drivers\360SelfProtection.sys [2012-7-27 166344]
R1 BAPIDRV;BAPIDRV;c:\windows\system32\drivers\BAPIDRV.SYS [2012-7-27 169008]
R1 EfiMon;EfiSystemMon;c:\windows\system32\drivers\efimon.sys [2012-7-27 22448]
R1 qutmdserv;Quantum DeepScanner Servers;c:\windows\system32\drivers\qutmdrv.sys [2012-7-27 236848]
R1 qutmipc;qutmipc;c:\windows\system32\drivers\qutmipc.sys [2012-7-27 41520]
R2 ZhuDongFangYu;主动防御;d:\backup\360安全卫士\deepscan\ZhuDongFangYu.exe [2012-6-25 224192]
R3 360AvFlt;360AvFlt mini-filter driver;c:\windows\system32\drivers\360AvFlt.sys [2012-7-27 60600]
S?4 MBAMSwissArmy;MBAMSwissArmy;\??\c:\windows\system32\drivers\mbamswissarmy.sys --> c:\windows\system32\drivers\mbamswissarmy.sys [?]
S0 A320RAID;A320RAID;c:\windows\system32\drivers\a320raid.sys [2006-10-28 233984]
S0 ITERAID;ITERAID;c:\windows\system32\drivers\iteraid.sys [2006-10-28 26112]
S0 M5228;M5228;c:\windows\system32\drivers\m5228.sys [2006-10-28 45069]
S0 SI3112R;SI3112R;c:\windows\system32\drivers\Si3112r.sys [2006-10-28 102528]
S0 SI3124;SI3124;c:\windows\system32\drivers\Si3124.sys [2006-10-28 68352]
S0 SI3124R;SI3124R;c:\windows\system32\drivers\Si3124r.sys [2006-10-28 100881]
S0 SI3124R5;SI3124R5;c:\windows\system32\drivers\Si3124r5.sys [2006-10-28 198144]
S0 SISRAID4;SISRAID4;c:\windows\system32\drivers\sisraid4.sys [2006-10-28 66016]
S0 vmscsi;vmscsi;c:\windows\system32\drivers\vmscsi.sys [2006-10-28 11029]
S0 xpknqm;xpknqm;c:\windows\system32\drivers\bndfqvjl.sys --> c:\windows\system32\drivers\bndfqvjl.sys [?]
S2 360rp;360 杀毒实时防护加载服务;d:\backup\360sd\360rps.exe [2012-7-27 293296]
.
=============== File Associations ===============
.
FileExt: .txt: txtfile=c:\windows\notepad.exe %1
FileExt: .chm: chm.file="hh.exe" %1
.
=============== Created Last 30 ================
.
2013-11-23 13:17:32 -------- d-sh--w- c:\documents and settings\administrator\application data\360Quarant
2013-11-23 13:17:32 -------- d-sh--w- C:\$360Section
2013-11-23 12:45:53 -------- d-----w- c:\documents and settings\administrator\application data\Malwarebytes
2013-11-23 12:43:22 -------- d-----w- c:\documents and settings\all users\application data\Malwarebytes
2013-11-23 12:42:17 22856 ----a-w- c:\windows\system32\drivers\mbam.sys
2013-11-23 12:42:15 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2013-11-23 12:39:41 -------- d-----w- c:\program files\CCleaner
2013-11-23 12:34:54 -------- d-----w- c:\documents and settings\administrator\application data\Sammsoft
2013-11-23 12:33:19 -------- d-----w- c:\program files\ARO 2013
.
==================== Find3M  ====================
.
2013-11-06 09:03:18 236848 ----a-w- c:\windows\system32\drivers\qutmdrv.sys
2013-09-22 06:34:20 60600 ----a-w- c:\windows\system32\drivers\360AvFlt.sys
2013-09-02 09:32:32 169008 ----a-w- c:\windows\system32\drivers\BAPIDRV.SYS
2013-08-30 15:55:16 191664 ----a-w- c:\windows\system32\drivers\360Box.sys
2013-08-29 01:49:50 75832 ----a-w- c:\windows\system32\drivers\hookport.sys
2013-08-29 01:49:46 22448 ----a-w- c:\windows\system32\drivers\efimon.sys
2013-08-29 01:49:32 166344 ----a-w- c:\windows\system32\drivers\360SelfProtection.sys
2013-08-26 10:45:48 85696 ----a-w- c:\windows\system32\drivers\360AntiHacker.sys
.
============= FINISH: 22:04:54.18 ===============
 

Attach

 

.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2012-11-20.01)
.
Microsoft Windows XP Professional
Boot Device: \Device\HarddiskVolume1
Install Date: 2007-6-22 16:45:04
System Uptime: 2013-11-23 21:18:31 (1 hours ago)
.
Motherboard: BenQ |  | Joybook T31
Processor: AMD Turion 64 X2 Mobile Technology TL-52 | Socket M2/S1G1 | 1599/200mhz
Processor: AMD Turion 64 X2 Mobile Technology TL-52 | Socket M2/S1G1 | 1600/200mhz
.
==== Disk Partitions =========================
.
C: is FIXED (FAT32) - 9 GiB total, .512 GiB free.
D: is FIXED (FAT32) - 19 GiB total, 16.022 GiB free.
E: is FIXED (FAT32) - 19 GiB total, 18.443 GiB free.
F: is FIXED (FAT32) - 23 GiB total, 15.424 GiB free.
G: is FIXED (FAT32) - 5 GiB total, 4.178 GiB free.
H: is CDROM ()
.
==== Disabled Device Manager Items =============
.
==== System Restore Points ===================
.
No restore point in system.
.
==== Installed Programs ======================
.
360安全浏览器 5.0 正式版
360安全卫士
360安全桌面
360杀毒
360手机助手
888poker
Adobe Flash Player 11 ActiveX
Adobe Reader XI (11.0.05) - Chinese Simplified
Agere Systems HDA Modem
AiO_Scan
ARO 2013
ATI - 软件卸载实用程序
ATI Catalyst Control Center
ATI Display Driver
BenQ QEye
CCleaner
Full Tilt Poker
Full Tilt Poker.Org
Google Chrome
Google Update Helper
HP Image Zone 4.7
HP PSC & OfficeJet 4.7
Jigtopia
Jigtopia Version 1.0.5.0
Malwarebytes Anti-Malware version 1.75.0.1300
Microsoft .NET Framework 1.1
Microsoft Office Professional Edition 2003
Microsoft XML 分析程序
MSXML 4.0 SP2 (KB927978)
MSXML 4.0 SP2 (KB936181)
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 分析程序和 SDK
MSXML 4.0 SP3 Parser (KB2758694)
MSXML 6 Service Pack 2 (KB954459)
Nero Premium 7.5.9.0 Reduced
PPStream
QFolder
QQ2007 正式版
RealPlayer
Realtek High Definition Audio Driver
Scan
Synaptics Pointing Device Driver
Texas Instruments PCIxx21/x515/xx12 drivers.
TIPCI
USB PC Camera (ZS211)
WebFldrs XP
WIDCOMM Bluetooth Software
Windows Genuine Advantage Validation Tool (KB892130)
Windows Internet Explorer 8
Windows Internet Explorer 8 安全更新 (KB982381)
Windows Media Format Runtime
Windows Media Player (KB2378111) 安全更新
Windows Media Player (KB952069) 安全更新
Windows Media Player (KB954155) 安全更新
Windows Media Player (KB975558) 安全更新
Windows Media Player (KB978695) 安全更新
Windows Media Player 10
Windows Media Player 10 (KB936782) 安全更新
Windows XP (KB941569) 安全更新
Windows XP 安全更新 (KB2079403)
Windows XP 安全更新 (KB2115168)
Windows XP 安全更新 (KB2229593)
Windows XP 安全更新 (KB2296011)
Windows XP 安全更新 (KB2347290)
Windows XP 安全更新 (KB2360937)
Windows XP 安全更新 (KB2508272)
Windows XP 安全更新 (KB921503)
Windows XP 安全更新 (KB923561)
Windows XP 安全更新 (KB923789)
Windows XP 安全更新 (KB929123)
Windows XP 安全更新 (KB933566)
Windows XP 安全更新 (KB933729)
Windows XP 安全更新 (KB935839)
Windows XP 安全更新 (KB935840)
Windows XP 安全更新 (KB936021)
Windows XP 安全更新 (KB937143)
Windows XP 安全更新 (KB937894)
Windows XP 安全更新 (KB938127)
Windows XP 安全更新 (KB938829)
Windows XP 安全更新 (KB941568)
Windows XP 安全更新 (KB942615)
Windows XP 安全更新 (KB943055)
Windows XP 安全更新 (KB943460)
Windows XP 安全更新 (KB943485)
Windows XP 安全更新 (KB945553)
Windows XP 安全更新 (KB946026)
Windows XP 安全更新 (KB950582)
Windows XP 安全更新 (KB950749)
Windows XP 安全更新 (KB950760)
Windows XP 安全更新 (KB950762)
Windows XP 安全更新 (KB950974)
Windows XP 安全更新 (KB951066)
Windows XP 安全更新 (KB951376-v2)
Windows XP 安全更新 (KB951698)
Windows XP 安全更新 (KB951748)
Windows XP 安全更新 (KB952004)
Windows XP 安全更新 (KB952954)
Windows XP 安全更新 (KB953155)
Windows XP 安全更新 (KB953839)
Windows XP 安全更新 (KB954211)
Windows XP 安全更新 (KB954600)
Windows XP 安全更新 (KB955069)
Windows XP 安全更新 (KB956391)
Windows XP 安全更新 (KB956802)
Windows XP 安全更新 (KB956803)
Windows XP 安全更新 (KB956841)
Windows XP 安全更新 (KB956844)
Windows XP 安全更新 (KB957095)
Windows XP 安全更新 (KB957097)
Windows XP 安全更新 (KB958470)
Windows XP 安全更新 (KB958644)
Windows XP 安全更新 (KB959426)
Windows XP 安全更新 (KB960803)
Windows XP 安全更新 (KB960859)
Windows XP 安全更新 (KB961501)
Windows XP 安全更新 (KB969059)
Windows XP 安全更新 (KB971032)
Windows XP 安全更新 (KB971657)
Windows XP 安全更新 (KB972270)
Windows XP 安全更新 (KB973507)
Windows XP 安全更新 (KB973869)
Windows XP 安全更新 (KB973904)
Windows XP 安全更新 (KB974112)
Windows XP 安全更新 (KB974318)
Windows XP 安全更新 (KB974392)
Windows XP 安全更新 (KB974571)
Windows XP 安全更新 (KB975025)
Windows XP 安全更新 (KB975467)
Windows XP 安全更新 (KB975560)
Windows XP 安全更新 (KB975562)
Windows XP 安全更新 (KB975713)
Windows XP 安全更新 (KB977816)
Windows XP 安全更新 (KB977914)
Windows XP 安全更新 (KB978037)
Windows XP 安全更新 (KB978338)
Windows XP 安全更新 (KB978542)
Windows XP 安全更新 (KB978601)
Windows XP 安全更新 (KB978706)
Windows XP 安全更新 (KB979309)
Windows XP 安全更新 (KB979482)
Windows XP 安全更新 (KB982316)
Windows XP 安全更新 (KB982665)
Windows XP 更新 (KB900485)
Windows XP 更新 (KB920872)
Windows XP 更新 (KB927891)
Windows XP 更新 (KB929338)
Windows XP 更新 (KB932823-v3)
Windows XP 更新 (KB955839)
Windows XP 更新 (KB958752)
Windows XP 更新 (KB968389)
Windows XP 更新 (KB971029)
Windows XP 更新 (KB973815)
Windows XP 修补程序 (KB932716-v2)
Windows XP 修补程序 (KB933062)
Windows XP 修补程序 (KB934428-v3)
Windows XP 修补程序 (KB935843)
Windows XP 修补程序 (KB936357-v2)
Windows XP 修补程序 (KB940275-v3)
Windows XP 修补程序 (KB943232-v2)
Windows XP 修补程序 (KB944043-v3)
Windows XP 修补程序 (KB951830)
Windows XP 修补程序 (KB952287)
Windows 驱动程序包 - Advanced Micro Devices (AmdK8) Processor  (04/28/2006 1.3.1.0)
WinRAR 压缩文件管理器
Yahoo! Software Update
傲游 雨林木风专版
极品五笔 v6.6 雨林木风版
卡巴斯基反病毒6.0
千千静听 5.0 雨林木风版
搜狗拼音输入法 2.0 正式版 (2.0.0.1)
西部证券大智慧
系统补充驱动包 1.2
迅雷 5.4.1.230 雨林木风版
一键备份恢复工具 1.1
.
==== Event Viewer Messages From Past Week ========
.
2013-11-23 21:19:58, 信息: Windows File Protection [64002]  - 试图在被保护的系统文件 c:\windows\system32\findstr.exe 上进行文件替换。 为了维护系统稳定这个文件被还原成原始版本。 系统文件的文件版本是 5.1.2600.2180。
2013-11-23 21:16:24, 信息: Windows File Protection [64002]  - 试图在被保护的系统文件 c:\windows\system32\findstr.exe 上进行文件替换。 为了维护系统稳定这个文件被还原成原始版本。 系统文件的文件版本是 5.1.2600.2180。
.
==== End Of File ===========================
 

Link to post
Share on other sites

  • Staff

I would like to get a scan from MBAR first to see what is on your machine, so don't click the "clean-up" first time round

Please download Malwarebytes Anti-Rootkit (MBAR) from here http://www.malwarebytes.org/products/mbar/ and save it to your desktop.

Direct link to the file: http://downloads.malwarebytes.org/file/mbar

•Be sure to print out and follow the instructions provided on that same page.

•Caution: This is a beta version so please be sure to read the disclaimer and back up any important data before using.

•Doubleclick on the MBAR file you downloaded.

•Approve the UAC prompt in Vista and newer operating systems.

•Click OK on the next screen, to allow the package to extract the contents of the file to it's own folder, mbar.

•By default, this will be on your desktop, though you can choose another location if you wish. We advise using the default location for simplicity.

•mbar.exe will launch automatically. On some systems, this may take a few extra seconds. Please be patient and wait for the program to open.

•After reading the Introduction, click 'Next' if you agree.

•On the Update Database screen, click on the 'Update' button.

•Once you see 'Success: Database was successfully updated' click on 'Next'.

•Click the 'Scan' button.

A.With some infections, you may see two messages boxes.

1.'Could not load protection driver'. Click 'OK'.

2.'Could not load DDA driver'. Click 'Yes' to this message, to allow the driver to load after a restart. Allow the computer to restart. Continue with the rest of these instructions.

•If malware is found, do NOT press the Cleanup button when the scan completes. Click EXIT.

Then, please send the following logs as attachments to your reply. These logs are located in the mbar folder on your desktop where the tool extracted itself to.

mbar-log-2013-xx-xx(xx-xx-xx).txt (where xx-xx(xx-xx-xx) is the date and time of the scan)

system-log.txt

Link to post
Share on other sites

  • Root Admin

Due to the lack of feedback this topic is closed to prevent others from posting here. If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.

Other members who need assistance please start your own topic in a new thread. Thanks!

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
 Share

  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.