hlw_rocer Posted November 24, 2013 ID:757401 Share Posted November 24, 2013 DDS'DDS (Ver_2012-11-20.01) - FAT32_x86Internet Explorer: 8.0.6001.18702Run by Administrator at 22:02:09 on 2013-11-23Microsoft Windows XP Professional 5.1.2600.2.936.86.2052.18.446.64 [GMT 8:00].AV: 360杀毒 *Enabled/Updated* {D737F2DE-FA43-4036-AF5B-911612E2D674}.============== Running Processes ================.C:\WINDOWS\system32\Ati2evxx.exeC:\WINDOWS\system32\Ati2evxx.exeC:\WINDOWS\system32\spoolsv.exeC:\WINDOWS\Explorer.EXEC:\WINDOWS\RTHDCPL.EXEC:\Program Files\ATI Technologies\ATI.ACE\cli.exeC:\WINDOWS\system32\rundll32.exeC:\WINDOWS\system32\ctfmon.exeC:\Program Files\360\360Desktop\Bin\360Desktop.exeC:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exeC:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exeC:\WINDOWS\system32\HPZipm12.exeC:\WINDOWS\System32\alg.exeC:\Program Files\ATI Technologies\ATI.ACE\cli.exeC:\Program Files\ATI Technologies\ATI.ACE\cli.exeC:\Documents and Settings\Administrator\Application Data\360bizhi\360wpsrv.exeC:\Program Files\Malwarebytes' Anti-Malware\mbam.exeC:\Program Files\Internet Explorer\iexplore.exeC:\Program Files\Internet Explorer\iexplore.exeC:\WINDOWS\system32\conime.exeC:\WINDOWS\system32\wbem\wmiprvse.exeC:\WINDOWS\System32\svchost.exe -k netsvcsC:\WINDOWS\system32\svchost.exe -k NetworkServiceC:\WINDOWS\system32\svchost.exe -k LocalServiceC:\WINDOWS\system32\svchost.exe -k bthsvcsC:\WINDOWS\system32\svchost.exe -k imgsvcC:\WINDOWS\System32\svchost.exe -k HTTPFilter.============== Pseudo HJT Report ===============.uWindow Title = Windows Internet ExplorermWinlogon: SFCDisable = dword:-99BHO: 360sdbho Class: {0F4BF955-A127-41B7-A998-369904AA2578} - d:\backup\360sd\360sdbho.dllBHO: NavigatMon Class: {B69F34DD-F0F9-42DC-9EDD-957187DA688D} - d:\backup\360安全卫士\safemon\safemon.dlluRun: [ctfmon.exe] c:\windows\system32\ctfmon.exeuRun: [360sd] "d:\backup\360sd\360sd.exe" /autorunuRun: [360Desktop] "c:\program files\360\360desktop\bin\360Desktop.exe" /autorunuRun: [AROReminder] c:\program files\aro 2013\aro.exe -remmRun: [RTHDCPL] RTHDCPL.EXEmRun: [Alcmtr] ALCMTR.EXEmRun: [ATICCC] "c:\program files\ati technologies\ati.ace\cli.exe" runtime -DelaymRun: [360Safetray] "d:\backup\360安全卫士\safemon\360Tray.exe" /startmRun: [bluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgentdRun: [ctfmon.exe] c:\windows\system32\CTFMON.EXEStartupFolder: c:\docume~1\alluse~1\「开始~1\程序\启动\蓝牙控~1.lnk - c:\program files\widcomm\bluetooth software\BTTray.exeuPolicies-Explorer: NoDriveTypeAutoRun = dword:145mPolicies-Explorer: NoDriveTypeAutoRun = dword:181mPolicies-Explorer: NoDriveTypeAutoRun = dword:145IE: 导出到 Microsoft Office Excel(&X) - c:\progra~1\micros~2\office11\EXCEL.EXE/3000IE: 添加到QQ表情 - c:\program files\tencent\qq\AddEmotion.htmIE: 添加网址到360安全桌面 - c:\program files\360\360desktop\bin\addapp.htmlTCP: NameServer = 208.59.247.45 208.59.247.46 192.168.1.1TCP: Interfaces\{2AA344D4-56B3-44B5-91E9-A7AB54BC52E0} : DHCPNameServer = 208.59.247.45 208.59.247.46 192.168.1.1Notify: AtiExtEvent - Ati2evxx.dllmASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "c:\program files\google\chrome\application\27.0.1453.110\installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chromemASetup: {A509B1FF-37FF-4bFF-8CFF-4F3A747040FF} - c:\windows\system32\rundll32.exe c:\windows\system32\advpack.dll,launchinfsectionex c:\program files\internet explorer\clrtour.inf,DefaultInstall.ResetTour,,12.============= SERVICES / DRIVERS ===============.R0 ahci8086;ahci8086;c:\windows\system32\drivers\ahci8086.sys [2006-10-28 119808]R0 CSB6IDE;CSB6IDE;c:\windows\system32\drivers\csb6ide.sys [2006-10-28 2802]R0 FASTTRAK;FASTTRAK;c:\windows\system32\drivers\fasttrak.sys [2006-10-28 81816]R0 HookPort;HookPort;c:\windows\system32\drivers\hookport.sys [2012-7-27 75832]R0 M5281;M5281;c:\windows\system32\drivers\m5281.sys [2006-10-28 51072]R0 M5289;M5289;c:\windows\system32\drivers\m5289.sys [2006-10-28 52480]R0 ULSATA2;ULSATA2;c:\windows\system32\drivers\ulsata2.sys [2006-10-28 115816]R1 360AntiHacker;360Safe Anti Hacker Service;c:\windows\system32\drivers\360AntiHacker.sys [2012-7-27 85696]R1 360Box;360Box mini-filter driver;c:\windows\system32\drivers\360Box.sys [2012-7-27 191664]R1 360Camera;360Safe Camera Filter Service;c:\windows\system32\drivers\360Camera.sys [2012-11-16 34488]R1 360netmon;360netmon;c:\windows\system32\drivers\360netmon.sys [2012-7-27 165824]R1 360SelfProtection;360SelfProtection;c:\windows\system32\drivers\360SelfProtection.sys [2012-7-27 166344]R1 BAPIDRV;BAPIDRV;c:\windows\system32\drivers\BAPIDRV.SYS [2012-7-27 169008]R1 EfiMon;EfiSystemMon;c:\windows\system32\drivers\efimon.sys [2012-7-27 22448]R1 qutmdserv;Quantum DeepScanner Servers;c:\windows\system32\drivers\qutmdrv.sys [2012-7-27 236848]R1 qutmipc;qutmipc;c:\windows\system32\drivers\qutmipc.sys [2012-7-27 41520]R2 ZhuDongFangYu;主动防御;d:\backup\360安全卫士\deepscan\ZhuDongFangYu.exe [2012-6-25 224192]R3 360AvFlt;360AvFlt mini-filter driver;c:\windows\system32\drivers\360AvFlt.sys [2012-7-27 60600]S?4 MBAMSwissArmy;MBAMSwissArmy;\??\c:\windows\system32\drivers\mbamswissarmy.sys --> c:\windows\system32\drivers\mbamswissarmy.sys [?]S0 A320RAID;A320RAID;c:\windows\system32\drivers\a320raid.sys [2006-10-28 233984]S0 ITERAID;ITERAID;c:\windows\system32\drivers\iteraid.sys [2006-10-28 26112]S0 M5228;M5228;c:\windows\system32\drivers\m5228.sys [2006-10-28 45069]S0 SI3112R;SI3112R;c:\windows\system32\drivers\Si3112r.sys [2006-10-28 102528]S0 SI3124;SI3124;c:\windows\system32\drivers\Si3124.sys [2006-10-28 68352]S0 SI3124R;SI3124R;c:\windows\system32\drivers\Si3124r.sys [2006-10-28 100881]S0 SI3124R5;SI3124R5;c:\windows\system32\drivers\Si3124r5.sys [2006-10-28 198144]S0 SISRAID4;SISRAID4;c:\windows\system32\drivers\sisraid4.sys [2006-10-28 66016]S0 vmscsi;vmscsi;c:\windows\system32\drivers\vmscsi.sys [2006-10-28 11029]S0 xpknqm;xpknqm;c:\windows\system32\drivers\bndfqvjl.sys --> c:\windows\system32\drivers\bndfqvjl.sys [?]S2 360rp;360 杀毒实时防护加载服务;d:\backup\360sd\360rps.exe [2012-7-27 293296].=============== File Associations ===============.FileExt: .txt: txtfile=c:\windows\notepad.exe %1FileExt: .chm: chm.file="hh.exe" %1.=============== Created Last 30 ================.2013-11-23 13:17:32 -------- d-sh--w- c:\documents and settings\administrator\application data\360Quarant2013-11-23 13:17:32 -------- d-sh--w- C:\$360Section2013-11-23 12:45:53 -------- d-----w- c:\documents and settings\administrator\application data\Malwarebytes2013-11-23 12:43:22 -------- d-----w- c:\documents and settings\all users\application data\Malwarebytes2013-11-23 12:42:17 22856 ----a-w- c:\windows\system32\drivers\mbam.sys2013-11-23 12:42:15 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware2013-11-23 12:39:41 -------- d-----w- c:\program files\CCleaner2013-11-23 12:34:54 -------- d-----w- c:\documents and settings\administrator\application data\Sammsoft2013-11-23 12:33:19 -------- d-----w- c:\program files\ARO 2013.==================== Find3M ====================.2013-11-06 09:03:18 236848 ----a-w- c:\windows\system32\drivers\qutmdrv.sys2013-09-22 06:34:20 60600 ----a-w- c:\windows\system32\drivers\360AvFlt.sys2013-09-02 09:32:32 169008 ----a-w- c:\windows\system32\drivers\BAPIDRV.SYS2013-08-30 15:55:16 191664 ----a-w- c:\windows\system32\drivers\360Box.sys2013-08-29 01:49:50 75832 ----a-w- c:\windows\system32\drivers\hookport.sys2013-08-29 01:49:46 22448 ----a-w- c:\windows\system32\drivers\efimon.sys2013-08-29 01:49:32 166344 ----a-w- c:\windows\system32\drivers\360SelfProtection.sys2013-08-26 10:45:48 85696 ----a-w- c:\windows\system32\drivers\360AntiHacker.sys.============= FINISH: 22:04:54.18 =============== Attach .UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.IF REQUESTED, ZIP IT UP & ATTACH IT.DDS (Ver_2012-11-20.01).Microsoft Windows XP ProfessionalBoot Device: \Device\HarddiskVolume1Install Date: 2007-6-22 16:45:04System Uptime: 2013-11-23 21:18:31 (1 hours ago).Motherboard: BenQ | | Joybook T31Processor: AMD Turion 64 X2 Mobile Technology TL-52 | Socket M2/S1G1 | 1599/200mhzProcessor: AMD Turion 64 X2 Mobile Technology TL-52 | Socket M2/S1G1 | 1600/200mhz.==== Disk Partitions =========================.C: is FIXED (FAT32) - 9 GiB total, .512 GiB free.D: is FIXED (FAT32) - 19 GiB total, 16.022 GiB free.E: is FIXED (FAT32) - 19 GiB total, 18.443 GiB free.F: is FIXED (FAT32) - 23 GiB total, 15.424 GiB free.G: is FIXED (FAT32) - 5 GiB total, 4.178 GiB free.H: is CDROM ().==== Disabled Device Manager Items =============.==== System Restore Points ===================.No restore point in system..==== Installed Programs ======================.360安全浏览器 5.0 正式版360安全卫士360安全桌面360杀毒360手机助手888pokerAdobe Flash Player 11 ActiveXAdobe Reader XI (11.0.05) - Chinese SimplifiedAgere Systems HDA ModemAiO_ScanARO 2013ATI - 软件卸载实用程序ATI Catalyst Control CenterATI Display DriverBenQ QEyeCCleanerFull Tilt PokerFull Tilt Poker.OrgGoogle ChromeGoogle Update HelperHP Image Zone 4.7HP PSC & OfficeJet 4.7JigtopiaJigtopia Version 1.0.5.0Malwarebytes Anti-Malware version 1.75.0.1300Microsoft .NET Framework 1.1Microsoft Office Professional Edition 2003Microsoft XML 分析程序MSXML 4.0 SP2 (KB927978)MSXML 4.0 SP2 (KB936181)MSXML 4.0 SP2 (KB954430)MSXML 4.0 SP2 分析程序和 SDKMSXML 4.0 SP3 Parser (KB2758694)MSXML 6 Service Pack 2 (KB954459)Nero Premium 7.5.9.0 ReducedPPStreamQFolderQQ2007 正式版RealPlayerRealtek High Definition Audio DriverScanSynaptics Pointing Device DriverTexas Instruments PCIxx21/x515/xx12 drivers.TIPCIUSB PC Camera (ZS211)WebFldrs XPWIDCOMM Bluetooth SoftwareWindows Genuine Advantage Validation Tool (KB892130)Windows Internet Explorer 8Windows Internet Explorer 8 安全更新 (KB982381)Windows Media Format RuntimeWindows Media Player (KB2378111) 安全更新Windows Media Player (KB952069) 安全更新Windows Media Player (KB954155) 安全更新Windows Media Player (KB975558) 安全更新Windows Media Player (KB978695) 安全更新Windows Media Player 10Windows Media Player 10 (KB936782) 安全更新Windows XP (KB941569) 安全更新Windows XP 安全更新 (KB2079403)Windows XP 安全更新 (KB2115168)Windows XP 安全更新 (KB2229593)Windows XP 安全更新 (KB2296011)Windows XP 安全更新 (KB2347290)Windows XP 安全更新 (KB2360937)Windows XP 安全更新 (KB2508272)Windows XP 安全更新 (KB921503)Windows XP 安全更新 (KB923561)Windows XP 安全更新 (KB923789)Windows XP 安全更新 (KB929123)Windows XP 安全更新 (KB933566)Windows XP 安全更新 (KB933729)Windows XP 安全更新 (KB935839)Windows XP 安全更新 (KB935840)Windows XP 安全更新 (KB936021)Windows XP 安全更新 (KB937143)Windows XP 安全更新 (KB937894)Windows XP 安全更新 (KB938127)Windows XP 安全更新 (KB938829)Windows XP 安全更新 (KB941568)Windows XP 安全更新 (KB942615)Windows XP 安全更新 (KB943055)Windows XP 安全更新 (KB943460)Windows XP 安全更新 (KB943485)Windows XP 安全更新 (KB945553)Windows XP 安全更新 (KB946026)Windows XP 安全更新 (KB950582)Windows XP 安全更新 (KB950749)Windows XP 安全更新 (KB950760)Windows XP 安全更新 (KB950762)Windows XP 安全更新 (KB950974)Windows XP 安全更新 (KB951066)Windows XP 安全更新 (KB951376-v2)Windows XP 安全更新 (KB951698)Windows XP 安全更新 (KB951748)Windows XP 安全更新 (KB952004)Windows XP 安全更新 (KB952954)Windows XP 安全更新 (KB953155)Windows XP 安全更新 (KB953839)Windows XP 安全更新 (KB954211)Windows XP 安全更新 (KB954600)Windows XP 安全更新 (KB955069)Windows XP 安全更新 (KB956391)Windows XP 安全更新 (KB956802)Windows XP 安全更新 (KB956803)Windows XP 安全更新 (KB956841)Windows XP 安全更新 (KB956844)Windows XP 安全更新 (KB957095)Windows XP 安全更新 (KB957097)Windows XP 安全更新 (KB958470)Windows XP 安全更新 (KB958644)Windows XP 安全更新 (KB959426)Windows XP 安全更新 (KB960803)Windows XP 安全更新 (KB960859)Windows XP 安全更新 (KB961501)Windows XP 安全更新 (KB969059)Windows XP 安全更新 (KB971032)Windows XP 安全更新 (KB971657)Windows XP 安全更新 (KB972270)Windows XP 安全更新 (KB973507)Windows XP 安全更新 (KB973869)Windows XP 安全更新 (KB973904)Windows XP 安全更新 (KB974112)Windows XP 安全更新 (KB974318)Windows XP 安全更新 (KB974392)Windows XP 安全更新 (KB974571)Windows XP 安全更新 (KB975025)Windows XP 安全更新 (KB975467)Windows XP 安全更新 (KB975560)Windows XP 安全更新 (KB975562)Windows XP 安全更新 (KB975713)Windows XP 安全更新 (KB977816)Windows XP 安全更新 (KB977914)Windows XP 安全更新 (KB978037)Windows XP 安全更新 (KB978338)Windows XP 安全更新 (KB978542)Windows XP 安全更新 (KB978601)Windows XP 安全更新 (KB978706)Windows XP 安全更新 (KB979309)Windows XP 安全更新 (KB979482)Windows XP 安全更新 (KB982316)Windows XP 安全更新 (KB982665)Windows XP 更新 (KB900485)Windows XP 更新 (KB920872)Windows XP 更新 (KB927891)Windows XP 更新 (KB929338)Windows XP 更新 (KB932823-v3)Windows XP 更新 (KB955839)Windows XP 更新 (KB958752)Windows XP 更新 (KB968389)Windows XP 更新 (KB971029)Windows XP 更新 (KB973815)Windows XP 修补程序 (KB932716-v2)Windows XP 修补程序 (KB933062)Windows XP 修补程序 (KB934428-v3)Windows XP 修补程序 (KB935843)Windows XP 修补程序 (KB936357-v2)Windows XP 修补程序 (KB940275-v3)Windows XP 修补程序 (KB943232-v2)Windows XP 修补程序 (KB944043-v3)Windows XP 修补程序 (KB951830)Windows XP 修补程序 (KB952287)Windows 驱动程序包 - Advanced Micro Devices (AmdK8) Processor (04/28/2006 1.3.1.0)WinRAR 压缩文件管理器Yahoo! Software Update傲游 雨林木风专版极品五笔 v6.6 雨林木风版卡巴斯基反病毒6.0千千静听 5.0 雨林木风版搜狗拼音输入法 2.0 正式版 (2.0.0.1)西部证券大智慧系统补充驱动包 1.2迅雷 5.4.1.230 雨林木风版一键备份恢复工具 1.1.==== Event Viewer Messages From Past Week ========.2013-11-23 21:19:58, 信息: Windows File Protection [64002] - 试图在被保护的系统文件 c:\windows\system32\findstr.exe 上进行文件替换。 为了维护系统稳定这个文件被还原成原始版本。 系统文件的文件版本是 5.1.2600.2180。2013-11-23 21:16:24, 信息: Windows File Protection [64002] - 试图在被保护的系统文件 c:\windows\system32\findstr.exe 上进行文件替换。 为了维护系统稳定这个文件被还原成原始版本。 系统文件的文件版本是 5.1.2600.2180。.==== End Of File =========================== Link to post Share on other sites More sharing options...
Staff CatByte Posted November 29, 2013 Staff ID:759026 Share Posted November 29, 2013 I would like to get a scan from MBAR first to see what is on your machine, so don't click the "clean-up" first time round Please download Malwarebytes Anti-Rootkit (MBAR) from here http://www.malwarebytes.org/products/mbar/ and save it to your desktop. Direct link to the file: http://downloads.malwarebytes.org/file/mbar •Be sure to print out and follow the instructions provided on that same page. •Caution: This is a beta version so please be sure to read the disclaimer and back up any important data before using. •Doubleclick on the MBAR file you downloaded. •Approve the UAC prompt in Vista and newer operating systems. •Click OK on the next screen, to allow the package to extract the contents of the file to it's own folder, mbar. •By default, this will be on your desktop, though you can choose another location if you wish. We advise using the default location for simplicity. •mbar.exe will launch automatically. On some systems, this may take a few extra seconds. Please be patient and wait for the program to open. •After reading the Introduction, click 'Next' if you agree. •On the Update Database screen, click on the 'Update' button. •Once you see 'Success: Database was successfully updated' click on 'Next'. •Click the 'Scan' button. A.With some infections, you may see two messages boxes. 1.'Could not load protection driver'. Click 'OK'. 2.'Could not load DDA driver'. Click 'Yes' to this message, to allow the driver to load after a restart. Allow the computer to restart. Continue with the rest of these instructions. •If malware is found, do NOT press the Cleanup button when the scan completes. Click EXIT. Then, please send the following logs as attachments to your reply. These logs are located in the mbar folder on your desktop where the tool extracted itself to. mbar-log-2013-xx-xx(xx-xx-xx).txt (where xx-xx(xx-xx-xx) is the date and time of the scan) system-log.txt Link to post Share on other sites More sharing options...
Staff CatByte Posted December 6, 2013 Staff ID:761348 Share Posted December 6, 2013 do you still need help with your machine? Link to post Share on other sites More sharing options...
Root Admin AdvancedSetup Posted December 11, 2013 Root Admin ID:763210 Share Posted December 11, 2013 Due to the lack of feedback this topic is closed to prevent others from posting here. If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread. Other members who need assistance please start your own topic in a new thread. Thanks! Link to post Share on other sites More sharing options...
Recommended Posts