Jump to content

finished combofix the first round, need help

bsmile

By bsmile
in Resolved Malware Removal Logs

 Share

Recommended Posts

bsmile

bsmile

Posted
Posted

I have finished scanning my computer the firs round using combofix but not sure whether it is completely cleaned, could anybody help look into the log file? Thanks,

------------------------------------------------------------------------

------------------------------------------------------------------------

ComboFix 09-11-18.04 - Li Li 7/2009 Tue 16:35.2.2 - x86

Microsoft Windows XP Professional 5.1.2600.2.936.86.1033.18.1022.484 [GMT -6:00]

执行位置: c:\documents and settings\Li Li\Desktop\ComboFix.exe

AV: VirusScan Enterprise + AntiSpyware Enterprise *On-access scanning disabled* (Updated) {918A2B0B-2C60-4016-A4AB-E868DEABF7F0}

* 成功创造新还原点

.

((((((((((((((((((((((((((((((((((((((( 被删除的档案 )))))))))))))))))))))))))))))))))))))))))))))))))

.

c:\windows\AegisP.inf

c:\windows\struct~.ini

.

((((((((((((((((((((((((((((((((((((((( 驱动/服务 )))))))))))))))))))))))))))))))))))))))))))))))))

.

-------\Legacy_NWCWORKSTATION

-------\Service_NWCWorkstation

((((((((((((((((((((((((( 2009-10-17 至 2009-11-17 的新的档案 )))))))))))))))))))))))))))))))

.

2009-11-14 07:04 . 2009-11-14 07:04 -------- d-----w- c:\windows\147BCE03C0F14C9F81576A89B6D2D973.TMP

2009-11-14 07:03 . 2009-10-23 02:07 91672 ----a-w- c:\windows\system32\drivers\mfeavfk.sys

2009-11-14 07:03 . 2009-10-23 02:07 75704 ----a-w- c:\windows\system32\drivers\mfeapfk.sys

2009-11-14 07:03 . 2009-10-23 02:07 70728 ----a-w- c:\windows\system32\mfevtps.exe

2009-11-14 07:03 . 2009-10-23 02:07 65448 ----a-w- c:\windows\system32\drivers\mferkdet.sys

2009-11-14 07:03 . 2009-10-23 02:07 63728 ----a-w- c:\windows\system32\drivers\mfetdik.sys

2009-11-14 07:03 . 2009-10-23 02:07 43288 ----a-w- c:\windows\system32\drivers\mfebopk.sys

2009-11-14 07:03 . 2009-10-23 02:07 343664 ----a-w- c:\windows\system32\drivers\mfehidk.sys

2009-11-14 07:02 . 2009-11-14 07:02 -------- d-----w- c:\program files\Common Files\McAfee

2009-11-04 05:38 . 2009-11-04 05:38 -------- d-----w- c:\program files\pdf2id

.

(((((((((((((((((((((((((((((((((((((((( 在三个月内被修改的档案 ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2009-11-14 07:02 . 2009-05-17 10:47 -------- d-----w- c:\documents and settings\All Users\Application Data\McAfee

2009-11-14 07:02 . 2009-05-17 10:47 -------- d-----w- c:\program files\McAfee

2009-11-14 06:36 . 2008-11-30 06:19 -------- d-----w- c:\program files\Spybot - Search & Destroy

2009-11-14 06:14 . 2008-12-07 04:54 -------- d-----w- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy

2009-11-12 09:07 . 2007-11-30 03:04 -------- d-----w- c:\documents and settings\All Users\Application Data\Microsoft Help

2009-11-04 05:38 . 2007-11-06 21:19 -------- d--h--w- c:\program files\InstallShield Installation Information

2009-10-17 19:31 . 2007-11-07 00:13 89960 -c--a-w- c:\documents and settings\Administrator\Local Settings\Application Data\GDIPFONTCACHEV1.DAT

2009-10-17 08:07 . 2007-11-30 03:08 -------- d-----w- c:\program files\Microsoft Works

2009-10-16 08:07 . 2007-11-30 03:13 -------- d-----w- c:\program files\Microsoft SQL Server

2009-10-03 17:11 . 2008-05-14 05:20 -------- d-----w- c:\documents and settings\Li Li\Application Data\Skype

2009-10-03 17:10 . 2008-05-14 05:21 -------- d-----w- c:\documents and settings\Li Li\Application Data\skypePM

2009-09-25 05:49 . 2007-11-06 18:05 668672 ----a-w- c:\windows\system32\wininet.dll

2009-09-25 05:48 . 2007-11-06 18:04 81920 ----a-w- c:\windows\system32\ieencode.dll

2009-09-22 00:25 . 2007-11-06 23:53 -------- d-----w- c:\program files\Common Files\Adobe

2009-09-19 07:55 . 2009-09-19 07:55 -------- d-----w- c:\documents and settings\All Users\Application Data\Cisco

2009-09-19 07:55 . 2009-09-19 07:55 -------- d-----w- c:\program files\Cisco

2009-09-11 14:03 . 2007-11-06 18:04 136192 ----a-w- c:\windows\system32\msv1_0.dll

2009-09-04 20:45 . 2007-11-06 18:04 58880 ----a-w- c:\windows\system32\msasn1.dll

2009-08-26 08:16 . 2007-11-06 18:05 247326 ----a-w- c:\windows\system32\strmdll.dll

2009-10-08 19:33 . 2008-10-05 19:08 253952 ----a-w- c:\program files\mozilla firefox\components\CheckTudouVa.dll

2007-06-06 07:11 . 2008-09-24 20:49 865792 ------w- c:\program files\mozilla firefox\components\pbgk1_8.dll

2009-10-23 02:07 . 2009-11-14 07:03 23864 ----a-w- c:\program files\mozilla firefox\components\Scriptff.dll

2009-07-10 04:07 . 2008-06-22 12:13 88 --sh--r- c:\windows\system32\323D1B6334.sys

2009-07-10 04:07 . 2008-06-22 12:13 2828 --sha-w- c:\windows\system32\KGyGaAvL.sys

.

------- Sigcheck -------

[7] 2008-06-20 . AD978A1B783B5719720CFF204B666C8E . 361600 . . [5.1.2600.5625] . . c:\windows\$hf_mig$\KB951748\SP3QFE\tcpip.sys

[7] 2008-06-20 . 9AEFA14BD6B182D61E3119FA5F436D3D . 361600 . . [5.1.2600.5625] . . c:\windows\$hf_mig$\KB951748\SP3GDR\tcpip.sys

[7] 2008-06-20 . 2A5554FC5B1E04E131230E3CE035C3F9 . 360320 . . [5.1.2600.3394] . . c:\windows\SoftwareDistribution\Download\ad744bdeedce85bf37a096f34577ff3a\sp2gdr\tcpip.sys

[7] 2008-06-20 . 2A5554FC5B1E04E131230E3CE035C3F9 . 360320 . . [5.1.2600.3394] . . c:\windows\system32\dllcache\tcpip.sys

[-] 2008-06-20 . 01D5EAAFF224415A7FF513E4C882BE30 . 360320 . . [5.1.2600.3394] . . c:\windows\system32\drivers\tcpip.sys

[7] 2008-06-20 . 744E57C99232201AE98C49168B918F48 . 360960 . . [5.1.2600.3394] . . c:\windows\$hf_mig$\KB951748\SP2QFE\tcpip.sys

[-] 2008-04-13 . 93EA8D04EC73A85DB02EB8805988F733 . 361344 . . [5.1.2600.5512] . . c:\windows\SoftwareDistribution\Download\dd9ab5193501484cf5e6884fa1d22f9e\tcpip.sys

[-] 2007-10-30 . EF7834C1D9DDF4C7DA697D8C24A03791 . 360064 . . [5.1.2600.3244] . . c:\windows\$NtUninstallKB951748$\tcpip.sys

[7] 2007-10-30 . 64798ECFA43D78C7178375FCDD16D8C8 . 360832 . . [5.1.2600.3244] . . c:\windows\$hf_mig$\KB941644\SP2QFE\tcpip.sys

[7] 2006-04-20 . B2220C618B42A2212A59D91EBD6FC4B4 . 360576 . . [5.1.2600.2892] . . c:\windows\$hf_mig$\KB917953\SP2QFE\tcpip.sys

[7] 2006-04-20 . 1DBF125862891817F374F407626967F4 . 359808 . . [5.1.2600.2892] . . c:\windows\$NtUninstallKB941644$\tcpip.sys

[7] 2006-02-28 . 9F4B36614A0FC234525BA224957DE55C . 359040 . . [5.1.2600.2180] . . c:\windows\$NtUninstallKB893066$\tcpip.sys

[7] 2005-05-25 . 63FDFEA54EB53DE2D863EE454937CE1E . 359936 . . [5.1.2600.2685] . . c:\windows\$hf_mig$\KB893066\SP2QFE\tcpip.sys

[7] 2005-05-25 . 88763A98A4C26C409741B4AA162720C9 . 359808 . . [5.1.2600.2685] . . c:\windows\$NtUninstallKB917953$\tcpip.sys

.

((((((((((((((((((((((((((((((((((((( 重要登入点 ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*注意* 空白与合法缺省登录将不会被显示

REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{43BEAFD9-E005-483D-A367-146BA6C8A32E}]

2009-10-08 19:33 87448 ----a-w- c:\program files\Tudou\飞速Tudou\tudouDetector.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\UEAFOverlay]

@="{F2F31467-B1AC-4df0-AE79-FD5FA085E22B}"

[HKEY_CLASSES_ROOT\CLSID\{F2F31467-B1AC-4df0-AE79-FD5FA085E22B}]

2007-06-06 07:16 2955264 ----a-w- c:\program files\Protector Suite QL\farchns.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\UEAFOverlayOpen]

@="{A3E208F7-0E3A-4182-A7A6-B169D5D691AA}"

[HKEY_CLASSES_ROOT\CLSID\{A3E208F7-0E3A-4182-A7A6-B169D5D691AA}]

2007-06-06 07:16 2955264 ----a-w- c:\program files\Protector Suite QL\farchns.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"SpybotSD TeaTimer"="c:\program files\Spybot - Search & Destroy\TeaTimer.exe" [2009-03-05 2260480]

"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2006-02-28 15360]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"IntelZeroConfig"="c:\program files\Intel\Wireless\bin\ZCfgSvc.exe" [2007-06-01 823296]

"IntelWireless"="c:\program files\Intel\Wireless\Bin\ifrmewrk.exe" [2007-06-01 974848]

"ISBMgr.exe"="c:\program files\Sony\ISB Utility\ISBMgr.exe" [2004-02-20 32768]

"SonyPowerCfg"="c:\program files\Sony\VAIO Power Management\SPMgr.exe" [2007-09-28 217088]

"Switcher.exe"="c:\program files\Sony\Wireless Switch Setting Utility\Switcher.exe" [2007-01-24 176128]

"IgfxTray"="c:\windows\system32\igfxtray.exe" [2007-09-17 141848]

"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2007-09-17 162328]

"IMJPMIG8.1"="c:\windows\IME\imjp8_1\IMJPMIG.EXE" [2006-02-28 208952]

"MSPY2002"="c:\windows\system32\IME\PINTLGNT\ImScInst.exe" [2006-02-28 59392]

"PHIME2002ASync"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2006-02-28 455168]

"PHIME2002A"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2006-02-28 455168]

"Microsoft Pinyin IME Migration"="c:\progra~1\COMMON~1\MICROS~1\IME12\IMESC\IMSCMIG.EXE" [2008-11-04 33128]

"snp2std"="c:\windows\vsnp2std.exe" [2007-09-28 344064]

"Persistence"="c:\windows\system32\igfxpers.exe" [2007-09-17 137752]

"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2007-10-12 8491008]

"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2008-05-06 185896]

"Acrobat Assistant 7.0"="c:\program files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe" [2004-12-14 483328]

"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2009-09-05 417792]

"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2008-10-25 31072]

"McAfeeUpdaterUI"="c:\program files\McAfee\Common Framework\udaterui.exe" [2009-08-25 136512]

"ShStatEXE"="c:\program files\McAfee\VirusScan Enterprise\SHSTAT.EXE" [2009-10-23 124240]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]

"DWQueuedReporting"="c:\progra~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" [2008-11-04 435096]

c:\documents and settings\Li Li\Start Menu\Programs\Startup\

OneNote 2007 屏幕剪辑程序和启动程序.lnk.disabled [2008-8-27 903]

启动飞速土豆.lnk - c:\program files\Tudou\飞速Tudou\TudouVa.exe [2009-5-18 1331200]

启动飞速土豆.lnk.disabled [2009-8-17 774]

c:\documents and settings\All Users\Start Menu\Programs\Startup\

Adobe Acrobat Speed Launcher.lnk - c:\windows\Installer\{AC76BA86-1033-0000-7760-000000000002}\SC_Acrobat.exe [2009-8-31 25214]

Bluetooth Manager.lnk.disabled [2008-5-5 715]

QuickBooks Update Agent.lnk.disabled [2007-11-29 2109]

谷歌金山词霸合作版.lnk - c:\program files\Kingsoft\PowerWord Lite\XDict.exe [2008-9-27 2505840]

谷歌金山词霸合作版.lnk.disabled [2008-10-23 844]

[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]

"NoSetActiveDesktop"= 1 (0x1)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\psfus]

2007-06-06 07:03 90112 ----a-w- c:\windows\system32\psqlpwd.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\VESWinlogon]

2007-05-17 04:50 73728 ----a-w- c:\windows\system32\VESWinlogon.dll

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]

Authentication Packages REG_MULTI_SZ msv1_0 nwprovau

Notification Packages REG_MULTI_SZ scecli psqlpwd

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\McAfeeEngineService]

@="Service"

[HKLM\~\startupfolder\C:^Documents and Settings^Li Li^Start Menu^Programs^Startup^启动飞速土豆.lnk.disabled]

path=c:\documents and settings\Li Li\Start Menu\Programs\Startup\启动飞速土豆.lnk.disabled

backup=c:\windows\pss\启动飞速土豆.lnk.disabledStartup

[HKLM\~\startupfolder\C:^Documents and Settings^Li Li^Start Menu^Programs^Startup^腾讯QQ.lnk.disabled]

path=c:\documents and settings\Li Li\Start Menu\Programs\Startup\腾讯QQ.lnk.disabled

backup=c:\windows\pss\腾讯QQ.lnk.disabledStartup

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]

"swg"=c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

"nsvwwdxl"=c:\documents and settings\Li Li\Local Settings\Application Data\dlgvak\cmctsysguard.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]

"Acrobat Assistant 8.0"="c:\program files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe"

"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe"

"Apoint"="c:\program files\Apoint\Apoint.exe"

"ShStatEXE"="c:\program files\McAfee\VirusScan Enterprise\SHSTAT.EXE" /STANDALONE

"Symantec PIF AlertEng"="c:\program files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /a /m "c:\program files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\AlertEng.dll"

"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" -osboot

"tsnp2std"=c:\windows\tsnp2std.exe

"VAIO Recovery"="c:\windows\Sonysys\VAIO Recovery\PartSeal.exe"

"VAIO Update 3"="c:\program files\Sony\VAIO Update 3\VAIOUpdt.exe" /Stationary

"McAfeeUpdaterUI"="c:\program files\McAfee\Common Framework\udaterui.exe" /StartedFromRunKey

"FixCamera"=c:\windows\FixCamera.exe

"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe"

"PSQLLauncher"="c:\program files\Protector Suite QL\launcher.exe" /startup

"SwPrnMon"="c:\program files\Common Files\Sowedoo Shared\Sowedoo PDF Printer V4\SwPrnMon.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]

"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]

"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]

"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\\system32\\sessmgr.exe"=

"c:\\Program Files\\Intuit\\QuickBooks 2008\\QBDBMgrN.exe"=

"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=

"c:\\Program Files\\Messenger\\msmsgs.exe"=

"c:\\Program Files\\MSN Messenger\\msnmsgr.exe"=

"c:\\Program Files\\MSN Messenger\\livecall.exe"=

"c:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=

"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=

"c:\\Program Files\\Thunder Network\\Thunder\\Program\\Thunder5.exe"=

"c:\\Program Files\\Tudou\\飞速Tudou\\TudouVa.exe"=

"c:\\Program Files\\Tudou\\

Link to post
Share on other sites
bsmile

bsmile

Posted
  • Author
Posted

Please help!!! the virus is not removed, now the hard disk keeps spinning, system idle becomes zero, all applications are zero, very weird, running spybot and it automatically ended halfway ...

I have finished scanning my computer the firs round using combofix but not sure whether it is completely cleaned, could anybody help look into the log file? Thanks,

------------------------------------------------------------------------

------------------------------------------------------------------------

ComboFix 09-11-18.04 - Li Li 7/2009 Tue 16:35.2.2 - x86

Microsoft Windows XP Professional 5.1.2600.2.936.86.1033.18.1022.484 [GMT -6:00]

执行位置: c:\documents and settings\Li Li\Desktop\ComboFix.exe

AV: VirusScan Enterprise + AntiSpyware Enterprise *On-access scanning disabled* (Updated) {918A2B0B-2C60-4016-A4AB-E868DEABF7F0}

* 成功创造新还原点

.

((((((((((((((((((((((((((((((((((((((( 被删除的档案 )))))))))))))))))))))))))))))))))))))))))))))))))

.

c:\windows\AegisP.inf

c:\windows\struct~.ini

.

((((((((((((((((((((((((((((((((((((((( 驱动/服务 )))))))))))))))))))))))))))))))))))))))))))))))))

.

-------\Legacy_NWCWORKSTATION

-------\Service_NWCWorkstation

((((((((((((((((((((((((( 2009-10-17 至 2009-11-17 的新的档案 )))))))))))))))))))))))))))))))

.

2009-11-14 07:04 . 2009-11-14 07:04 -------- d-----w- c:\windows\147BCE03C0F14C9F81576A89B6D2D973.TMP

2009-11-14 07:03 . 2009-10-23 02:07 91672 ----a-w- c:\windows\system32\drivers\mfeavfk.sys

2009-11-14 07:03 . 2009-10-23 02:07 75704 ----a-w- c:\windows\system32\drivers\mfeapfk.sys

2009-11-14 07:03 . 2009-10-23 02:07 70728 ----a-w- c:\windows\system32\mfevtps.exe

2009-11-14 07:03 . 2009-10-23 02:07 65448 ----a-w- c:\windows\system32\drivers\mferkdet.sys

2009-11-14 07:03 . 2009-10-23 02:07 63728 ----a-w- c:\windows\system32\drivers\mfetdik.sys

2009-11-14 07:03 . 2009-10-23 02:07 43288 ----a-w- c:\windows\system32\drivers\mfebopk.sys

2009-11-14 07:03 . 2009-10-23 02:07 343664 ----a-w- c:\windows\system32\drivers\mfehidk.sys

2009-11-14 07:02 . 2009-11-14 07:02 -------- d-----w- c:\program files\Common Files\McAfee

2009-11-04 05:38 . 2009-11-04 05:38 -------- d-----w- c:\program files\pdf2id

.

(((((((((((((((((((((((((((((((((((((((( 在三个月内被修改的档案 ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2009-11-14 07:02 . 2009-05-17 10:47 -------- d-----w- c:\documents and settings\All Users\Application Data\McAfee

2009-11-14 07:02 . 2009-05-17 10:47 -------- d-----w- c:\program files\McAfee

2009-11-14 06:36 . 2008-11-30 06:19 -------- d-----w- c:\program files\Spybot - Search & Destroy

2009-11-14 06:14 . 2008-12-07 04:54 -------- d-----w- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy

2009-11-12 09:07 . 2007-11-30 03:04 -------- d-----w- c:\documents and settings\All Users\Application Data\Microsoft Help

2009-11-04 05:38 . 2007-11-06 21:19 -------- d--h--w- c:\program files\InstallShield Installation Information

2009-10-17 19:31 . 2007-11-07 00:13 89960 -c--a-w- c:\documents and settings\Administrator\Local Settings\Application Data\GDIPFONTCACHEV1.DAT

2009-10-17 08:07 . 2007-11-30 03:08 -------- d-----w- c:\program files\Microsoft Works

2009-10-16 08:07 . 2007-11-30 03:13 -------- d-----w- c:\program files\Microsoft SQL Server

2009-10-03 17:11 . 2008-05-14 05:20 -------- d-----w- c:\documents and settings\Li Li\Application Data\Skype

2009-10-03 17:10 . 2008-05-14 05:21 -------- d-----w- c:\documents and settings\Li Li\Application Data\skypePM

2009-09-25 05:49 . 2007-11-06 18:05 668672 ----a-w- c:\windows\system32\wininet.dll

2009-09-25 05:48 . 2007-11-06 18:04 81920 ----a-w- c:\windows\system32\ieencode.dll

2009-09-22 00:25 . 2007-11-06 23:53 -------- d-----w- c:\program files\Common Files\Adobe

2009-09-19 07:55 . 2009-09-19 07:55 -------- d-----w- c:\documents and settings\All Users\Application Data\Cisco

2009-09-19 07:55 . 2009-09-19 07:55 -------- d-----w- c:\program files\Cisco

2009-09-11 14:03 . 2007-11-06 18:04 136192 ----a-w- c:\windows\system32\msv1_0.dll

2009-09-04 20:45 . 2007-11-06 18:04 58880 ----a-w- c:\windows\system32\msasn1.dll

2009-08-26 08:16 . 2007-11-06 18:05 247326 ----a-w- c:\windows\system32\strmdll.dll

2009-10-08 19:33 . 2008-10-05 19:08 253952 ----a-w- c:\program files\mozilla firefox\components\CheckTudouVa.dll

2007-06-06 07:11 . 2008-09-24 20:49 865792 ------w- c:\program files\mozilla firefox\components\pbgk1_8.dll

2009-10-23 02:07 . 2009-11-14 07:03 23864 ----a-w- c:\program files\mozilla firefox\components\Scriptff.dll

2009-07-10 04:07 . 2008-06-22 12:13 88 --sh--r- c:\windows\system32\323D1B6334.sys

2009-07-10 04:07 . 2008-06-22 12:13 2828 --sha-w- c:\windows\system32\KGyGaAvL.sys

.

------- Sigcheck -------

[7] 2008-06-20 . AD978A1B783B5719720CFF204B666C8E . 361600 . . [5.1.2600.5625] . . c:\windows\$hf_mig$\KB951748\SP3QFE\tcpip.sys

[7] 2008-06-20 . 9AEFA14BD6B182D61E3119FA5F436D3D . 361600 . . [5.1.2600.5625] . . c:\windows\$hf_mig$\KB951748\SP3GDR\tcpip.sys

[7] 2008-06-20 . 2A5554FC5B1E04E131230E3CE035C3F9 . 360320 . . [5.1.2600.3394] . . c:\windows\SoftwareDistribution\Download\ad744bdeedce85bf37a096f34577ff3a\sp2gdr\tcpip.sys

[7] 2008-06-20 . 2A5554FC5B1E04E131230E3CE035C3F9 . 360320 . . [5.1.2600.3394] . . c:\windows\system32\dllcache\tcpip.sys

[-] 2008-06-20 . 01D5EAAFF224415A7FF513E4C882BE30 . 360320 . . [5.1.2600.3394] . . c:\windows\system32\drivers\tcpip.sys

[7] 2008-06-20 . 744E57C99232201AE98C49168B918F48 . 360960 . . [5.1.2600.3394] . . c:\windows\$hf_mig$\KB951748\SP2QFE\tcpip.sys

[-] 2008-04-13 . 93EA8D04EC73A85DB02EB8805988F733 . 361344 . . [5.1.2600.5512] . . c:\windows\SoftwareDistribution\Download\dd9ab5193501484cf5e6884fa1d22f9e\tcpip.sys

[-] 2007-10-30 . EF7834C1D9DDF4C7DA697D8C24A03791 . 360064 . . [5.1.2600.3244] . . c:\windows\$NtUninstallKB951748$\tcpip.sys

[7] 2007-10-30 . 64798ECFA43D78C7178375FCDD16D8C8 . 360832 . . [5.1.2600.3244] . . c:\windows\$hf_mig$\KB941644\SP2QFE\tcpip.sys

[7] 2006-04-20 . B2220C618B42A2212A59D91EBD6FC4B4 . 360576 . . [5.1.2600.2892] . . c:\windows\$hf_mig$\KB917953\SP2QFE\tcpip.sys

[7] 2006-04-20 . 1DBF125862891817F374F407626967F4 . 359808 . . [5.1.2600.2892] . . c:\windows\$NtUninstallKB941644$\tcpip.sys

[7] 2006-02-28 . 9F4B36614A0FC234525BA224957DE55C . 359040 . . [5.1.2600.2180] . . c:\windows\$NtUninstallKB893066$\tcpip.sys

[7] 2005-05-25 . 63FDFEA54EB53DE2D863EE454937CE1E . 359936 . . [5.1.2600.2685] . . c:\windows\$hf_mig$\KB893066\SP2QFE\tcpip.sys

[7] 2005-05-25 . 88763A98A4C26C409741B4AA162720C9 . 359808 . . [5.1.2600.2685] . . c:\windows\$NtUninstallKB917953$\tcpip.sys

.

((((((((((((((((((((((((((((((((((((( 重要登入点 ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*注意* 空白与合法缺省登录将不会被显示

REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{43BEAFD9-E005-483D-A367-146BA6C8A32E}]

2009-10-08 19:33 87448 ----a-w- c:\program files\Tudou\飞速Tudou\tudouDetector.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\UEAFOverlay]

@="{F2F31467-B1AC-4df0-AE79-FD5FA085E22B}"

[HKEY_CLASSES_ROOT\CLSID\{F2F31467-B1AC-4df0-AE79-FD5FA085E22B}]

2007-06-06 07:16 2955264 ----a-w- c:\program files\Protector Suite QL\farchns.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\UEAFOverlayOpen]

@="{A3E208F7-0E3A-4182-A7A6-B169D5D691AA}"

[HKEY_CLASSES_ROOT\CLSID\{A3E208F7-0E3A-4182-A7A6-B169D5D691AA}]

2007-06-06 07:16 2955264 ----a-w- c:\program files\Protector Suite QL\farchns.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"SpybotSD TeaTimer"="c:\program files\Spybot - Search & Destroy\TeaTimer.exe" [2009-03-05 2260480]

"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2006-02-28 15360]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"IntelZeroConfig"="c:\program files\Intel\Wireless\bin\ZCfgSvc.exe" [2007-06-01 823296]

"IntelWireless"="c:\program files\Intel\Wireless\Bin\ifrmewrk.exe" [2007-06-01 974848]

"ISBMgr.exe"="c:\program files\Sony\ISB Utility\ISBMgr.exe" [2004-02-20 32768]

"SonyPowerCfg"="c:\program files\Sony\VAIO Power Management\SPMgr.exe" [2007-09-28 217088]

"Switcher.exe"="c:\program files\Sony\Wireless Switch Setting Utility\Switcher.exe" [2007-01-24 176128]

"IgfxTray"="c:\windows\system32\igfxtray.exe" [2007-09-17 141848]

"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2007-09-17 162328]

"IMJPMIG8.1"="c:\windows\IME\imjp8_1\IMJPMIG.EXE" [2006-02-28 208952]

"MSPY2002"="c:\windows\system32\IME\PINTLGNT\ImScInst.exe" [2006-02-28 59392]

"PHIME2002ASync"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2006-02-28 455168]

"PHIME2002A"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2006-02-28 455168]

"Microsoft Pinyin IME Migration"="c:\progra~1\COMMON~1\MICROS~1\IME12\IMESC\IMSCMIG.EXE" [2008-11-04 33128]

"snp2std"="c:\windows\vsnp2std.exe" [2007-09-28 344064]

"Persistence"="c:\windows\system32\igfxpers.exe" [2007-09-17 137752]

"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2007-10-12 8491008]

"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2008-05-06 185896]

"Acrobat Assistant 7.0"="c:\program files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe" [2004-12-14 483328]

"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2009-09-05 417792]

"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2008-10-25 31072]

"McAfeeUpdaterUI"="c:\program files\McAfee\Common Framework\udaterui.exe" [2009-08-25 136512]

"ShStatEXE"="c:\program files\McAfee\VirusScan Enterprise\SHSTAT.EXE" [2009-10-23 124240]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]

"DWQueuedReporting"="c:\progra~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" [2008-11-04 435096]

c:\documents and settings\Li Li\Start Menu\Programs\Startup\

OneNote 2007 屏幕剪辑程序和启动程序.lnk.disabled [2008-8-27 903]

启动飞速土豆.lnk - c:\program files\Tudou\飞速Tudou\TudouVa.exe [2009-5-18 1331200]

启动飞速土豆.lnk.disabled [2009-8-17 774]

c:\documents and settings\All Users\Start Menu\Programs\Startup\

Adobe Acrobat Speed Launcher.lnk - c:\windows\Installer\{AC76BA86-1033-0000-7760-000000000002}\SC_Acrobat.exe [2009-8-31 25214]

Bluetooth Manager.lnk.disabled [2008-5-5 715]

QuickBooks Update Agent.lnk.disabled [2007-11-29 2109]

谷歌金山词霸合作版.lnk - c:\program files\Kingsoft\PowerWord Lite\XDict.exe [2008-9-27 2505840]

谷歌金山词霸合作版.lnk.disabled [2008-10-23 844]

[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]

"NoSetActiveDesktop"= 1 (0x1)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\psfus]

2007-06-06 07:03 90112 ----a-w- c:\windows\system32\psqlpwd.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\VESWinlogon]

2007-05-17 04:50 73728 ----a-w- c:\windows\system32\VESWinlogon.dll

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]

Authentication Packages REG_MULTI_SZ msv1_0 nwprovau

Notification Packages REG_MULTI_SZ scecli psqlpwd

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\McAfeeEngineService]

@="Service"

[HKLM\~\startupfolder\C:^Documents and Settings^Li Li^Start Menu^Programs^Startup^启动飞速土豆.lnk.disabled]

path=c:\documents and settings\Li Li\Start Menu\Programs\Startup\启动飞速土豆.lnk.disabled

backup=c:\windows\pss\启动飞速土豆.lnk.disabledStartup

[HKLM\~\startupfolder\C:^Documents and Settings^Li Li^Start Menu^Programs^Startup^腾讯QQ.lnk.disabled]

path=c:\documents and settings\Li Li\Start Menu\Programs\Startup\腾讯QQ.lnk.disabled

backup=c:\windows\pss\腾讯QQ.lnk.disabledStartup

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]

"swg"=c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

"nsvwwdxl"=c:\documents and settings\Li Li\Local Settings\Application Data\dlgvak\cmctsysguard.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]

"Acrobat Assistant 8.0"="c:\program files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe"

"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe"

"Apoint"="c:\program files\Apoint\Apoint.exe"

"ShStatEXE"="c:\program files\McAfee\VirusScan Enterprise\SHSTAT.EXE" /STANDALONE

"Symantec PIF AlertEng"="c:\program files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /a /m "c:\program files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\AlertEng.dll"

"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" -osboot

"tsnp2std"=c:\windows\tsnp2std.exe

"VAIO Recovery"="c:\windows\Sonysys\VAIO Recovery\PartSeal.exe"

"VAIO Update 3"="c:\program files\Sony\VAIO Update 3\VAIOUpdt.exe" /Stationary

"McAfeeUpdaterUI"="c:\program files\McAfee\Common Framework\udaterui.exe" /StartedFromRunKey

"FixCamera"=c:\windows\FixCamera.exe

"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe"

"PSQLLauncher"="c:\program files\Protector Suite QL\launcher.exe" /startup

"SwPrnMon"="c:\program files\Common Files\Sowedoo Shared\Sowedoo PDF Printer V4\SwPrnMon.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]

"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]

"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]

"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\\system32\\sessmgr.exe"=

"c:\\Program Files\\Intuit\\QuickBooks 2008\\QBDBMgrN.exe"=

"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=

"c:\\Program Files\\Messenger\\msmsgs.exe"=

"c:\\Program Files\\MSN Messenger\\msnmsgr.exe"=

"c:\\Program Files\\MSN Messenger\\livecall.exe"=

"c:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=

"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=

"c:\\Program Files\\Thunder Network\\Thunder\\Program\\Thunder5.exe"=

"c:\\Program Files\\Tudou\\飞速Tudou\\TudouVa.exe"=

"c:\\Program Files\\Tudou\\

Link to post
Share on other sites
  • 4 weeks later...
  • 2 weeks later...
  • Staff
screen317

screen317

Posted
  • Staff
Posted

Due to the lack of feedback this topic is closed to prevent others from posting here. If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.

Other members who need assistance please start your own topic in a new thread. Thanks!

Link to post
Share on other sites
Guest
This topic is now closed to further replies.
 Share
Go to topic listing

  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.

  I accept