Member Avatar for mysticwepx

Hello to everybody
Plz help me
Now onto my problem
My Homepage is set to about:Blank but everytime i open my IE it will go to this website http://www.369.com/
System Windows XP Home Edition Version 2002 Service pack3
IE 8
This the report that i use Trend Micro CWShredder to scan..

**** Run Keys ****

RUN: [NvCplDaemon] RUNDLL32.EXE D:\WINDOWS\system32\NvCpl.dll,NvStartup
RUN: [nwiz] nwiz.exe /install
RUN: [NvMediaCenter] RUNDLL32.EXE D:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
RUN: [RTHDCPL] RTHDCPL.EXE
RUN: [Alcmtr] ALCMTR.EXE
RUN: [razer] D:\Program Files\Razer\razerhid.exe
RUN: [SunJavaUpdateSched] "D:\Program Files\Java\jre6\bin\jusched.exe"
RUN: [QuickTime Task] "D:\Program Files\MpcStar\Codecs\QuickTime\QTSystem\qttask.exe" -atboottime
RUN: [PSPVideoConverter_upgrade] "D:\Program Files\E-Zsoft\PSPVideoConverter\PSPVideoConverter.exe" /upgrade
RUN: [ctfmon.exe] D:\WINDOWS\system32\ctfmon.exe
RUN: [MSMSGS] "D:\Program Files\Messenger\msmsgs.exe" /background


**** Browser Helper Objects ****

BHO: [Skype add-on (mastermind)] D:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
BHO: [Skype add-on (mastermind)] D:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
BHO: [Windows Live Sign-in Helper] D:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: [Java(tm) Plug-In 2 SSV Helper] D:\Program Files\Java\jre6\bin\jp2ssv.dll
BHO: [JQSIEStartDetectorImpl Class] D:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll


**** IE Toolbars ****

**** IE Extensions ****

IEExt: [Skype]
IEExt: [Skype]
IEExt: [Messenger] D:\Program Files\Messenger\msmsgs.exe


**** Hosts File Entries ****

HOSTS: 127.0.0.1 localhost
HOSTS: 127.0.0.1 localhost


**** IE Settings ****

Default Page: http://go.microsoft.com/fwlink/?LinkId=69157
Default Search: http://go.microsoft.com/fwlink/?LinkId=54896
Local Page: D:\WINDOWS\system32\blank.htm
Search Page: http://www.google.com


**** IE Context Menu (Right click) ****

IEContext: [ê1ó???à×????]
IEContext: [ê1ó???à×????è?2?á′?ó]
IEContext: [使用迅雷下载] D:\Program Files\Thunder Network\Thunder\Program\GetUrl.htm
IEContext: [使用迅雷下载全部链接] D:\Program Files\Thunder Network\Thunder\Program\GetAllUrl.htm


**** Layered Service Providers ****

LSP: MSAFD Tcpip [TCP/IP]
LSP: MSAFD Tcpip [UDP/IP]
LSP: MSAFD NetBIOS [\Device\NetBT_Tcpip_{BC5ED16C-FAB8-4C26-9E6F-2049489843DF}] SEQPACKET 3
LSP: MSAFD NetBIOS [\Device\NetBT_Tcpip_{BC5ED16C-FAB8-4C26-9E6F-2049489843DF}] DATAGRAM 3
LSP: MSAFD NetBIOS [\Device\NetBT_Tcpip_{F01A8DB9-1BDD-4FB5-86CE-1322C8AE1D57}] SEQPACKET 1
LSP: MSAFD NetBIOS [\Device\NetBT_Tcpip_{F01A8DB9-1BDD-4FB5-86CE-1322C8AE1D57}] DATAGRAM 1
LSP: MSAFD NetBIOS [\Device\NetBT_Tcpip_{B1E753B0-C563-4EA0-9526-EBF32EFE8518}] SEQPACKET 2
LSP: MSAFD NetBIOS [\Device\NetBT_Tcpip_{B1E753B0-C563-4EA0-9526-EBF32EFE8518}] DATAGRAM 2
LSP: RSVP UDP Service Provider
LSP: RSVP TCP Service Provider


**** Blocked Control Panel Items ****

BLOCKED: [ncpa.cpl] No
BLOCKED: [odbccp32.cpl] No


**** Downloaded Program Files ****

{0CCA191D-13A6-4E29-B746-314DEE697D83} [http://upload.facebook.com/controls/2008.10.10_v5.5.8/FacebookPhotoUploader5.cab] D:\WINDOWS\system32\unicows.dll D:\WINDOWS\Downloaded Program Files\PhotoUploader5.ocx
{6E32070A-766D-4EE6-879C-DC1FA91D2FC3} [http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1242174799984]
{8AD9C840-044E-11D1-B3E9-00805F499D93} [http://dl8-cdn-09.sun.com/s/ESD7/JSCDL/jdk/6u13-b03/jinstall-6u13-windows-i586-jc.cab?e=1243164414327&h=7b5a33438611c8ba01299a155cfe74ba/&filename=jinstall-6u13-windows-i586-jc.cab]
{CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} [http://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab]
{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} [http://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab]
{D27CDB6E-AE6D-11CF-96B8-444553540000} [https://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab]


**** Windows Services ****

[Alerter] %SystemRoot%\system32\svchost.exe -k LocalService
[ALG] %SystemRoot%\System32\alg.exe
[AppMgmt] %SystemRoot%\system32\svchost.exe -k netsvcs
[aspnet_state] %SystemRoot%\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe
[AudioSrv] %SystemRoot%\System32\svchost.exe -k netsvcs
[BITS] %SystemRoot%\system32\svchost.exe -k netsvcs
[Browser] %SystemRoot%\system32\svchost.exe -k netsvcs
[CiSvc] %SystemRoot%\system32\cisvc.exe
[ClipSrv] %SystemRoot%\system32\clipsrv.exe
[clr_optimization_v2.0.50727_32] D:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
[COMSysApp] D:\WINDOWS\system32\dllhost.exe /Processid:{02D4B3F1-FD88-11D1-960D-00805FC79235}
[CryptSvc] %SystemRoot%\system32\svchost.exe -k netsvcs
[DcomLaunch] %SystemRoot%\system32\svchost -k DcomLaunch
[Dhcp] %SystemRoot%\system32\svchost.exe -k netsvcs
[dmadmin] %SystemRoot%\System32\dmadmin.exe /com
[dmserver] %SystemRoot%\System32\svchost.exe -k netsvcs
[Dnscache] %SystemRoot%\system32\svchost.exe -k NetworkService
[Dot3svc] %SystemRoot%\System32\svchost.exe -k dot3svc
[EapHost] %SystemRoot%\System32\svchost.exe -k eapsvcs
[ERSvc] %SystemRoot%\System32\svchost.exe -k netsvcs
[Eventlog] %SystemRoot%\system32\services.exe
[EventSystem] D:\WINDOWS\system32\svchost.exe -k netsvcs
[FastUserSwitchingCompatibility] %SystemRoot%\System32\svchost.exe -k netsvcs
[FontCache3.0.0.0] D:\WINDOWS\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
[helpsvc] %SystemRoot%\System32\svchost.exe -k netsvcs
[HidServ] %SystemRoot%\System32\svchost.exe -k netsvcs
[hkmsvc] %SystemRoot%\System32\svchost.exe -k netsvcs
[HTTPFilter] %SystemRoot%\System32\svchost.exe -k HTTPFilter
[IDriverT] "D:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe"
[idsvc] "D:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe"
[ImapiService] D:\WINDOWS\system32\imapi.exe
[JavaQuickStarterService] "D:\Program Files\Java\jre6\bin\jqs.exe" -service -config "D:\Program Files\Java\jre6\lib\deploy\jqs\jqs.conf"
[lanmanserver] %SystemRoot%\system32\svchost.exe -k netsvcs
[lanmanworkstation] %SystemRoot%\system32\svchost.exe -k netsvcs
[LmHosts] %SystemRoot%\system32\svchost.exe -k LocalService
[Messenger] %SystemRoot%\system32\svchost.exe -k netsvcs
[mnmsrvc] D:\WINDOWS\system32\mnmsrvc.exe
[MSDTC] D:\WINDOWS\system32\msdtc.exe
[MSIServer] D:\WINDOWS\system32\msiexec.exe /V
[napagent] %SystemRoot%\System32\svchost.exe -k netsvcs
[NetDDE] %SystemRoot%\system32\netdde.exe
[NetDDEdsdm] %SystemRoot%\system32\netdde.exe
[Netlogon] %SystemRoot%\system32\lsass.exe
[Netman] %SystemRoot%\System32\svchost.exe -k netsvcs
[NetTcpPortSharing] "D:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe"
[Nla] %SystemRoot%\system32\svchost.exe -k netsvcs
[NtLmSsp] %SystemRoot%\system32\lsass.exe
[NtmsSvc] %SystemRoot%\system32\svchost.exe -k netsvcs
[NVSvc] %SystemRoot%\system32\nvsvc32.exe
[PlugPlay] %SystemRoot%\system32\services.exe
[PnkBstrA] D:\WINDOWS\system32\PnkBstrA.exe
[PnkBstrB] D:\WINDOWS\system32\PnkBstrB.exe
[PolicyAgent] %SystemRoot%\system32\lsass.exe
[ProtectedStorage] %SystemRoot%\system32\lsass.exe
[RasAuto] %SystemRoot%\system32\svchost.exe -k netsvcs
[RasMan] %SystemRoot%\system32\svchost.exe -k netsvcs
[RDSessMgr] D:\WINDOWS\system32\sessmgr.exe
[RemoteAccess] %SystemRoot%\system32\svchost.exe -k netsvcs
[RpcLocator] %SystemRoot%\system32\locator.exe
[RpcSs] %SystemRoot%\system32\svchost -k rpcss
[RSVP] %SystemRoot%\system32\rsvp.exe
[SamSs] %SystemRoot%\system32\lsass.exe
[SCardSvr] %SystemRoot%\System32\SCardSvr.exe
[Schedule] %SystemRoot%\System32\svchost.exe -k netsvcs
[seclogon] %SystemRoot%\System32\svchost.exe -k netsvcs
[SENS] %SystemRoot%\system32\svchost.exe -k netsvcs
[SharedAccess] %SystemRoot%\system32\svchost.exe -k netsvcs
[ShellHWDetection] %SystemRoot%\System32\svchost.exe -k netsvcs
[Spooler] %SystemRoot%\system32\spoolsv.exe
[srservice] %SystemRoot%\system32\svchost.exe -k netsvcs
[SSDPSRV] %SystemRoot%\system32\svchost.exe -k LocalService
[stisvc] %SystemRoot%\system32\svchost.exe -k imgsvc
[SwPrv] D:\WINDOWS\system32\dllhost.exe /Processid:{E669FB80-3577-437F-A63C-513AD95C0097}
[SysmonLog] %SystemRoot%\system32\smlogsvc.exe
[TapiSrv] %SystemRoot%\System32\svchost.exe -k netsvcs
[TermService] %SystemRoot%\System32\svchost -k DComLaunch
[Themes] %SystemRoot%\System32\svchost.exe -k netsvcs
[TrkWks] %SystemRoot%\system32\svchost.exe -k netsvcs
[upnphost] %SystemRoot%\system32\svchost.exe -k LocalService
[UPS] %SystemRoot%\System32\ups.exe
[VSS] %SystemRoot%\System32\vssvc.exe
[W32Time] %SystemRoot%\System32\svchost.exe -k netsvcs
[WebClient] %SystemRoot%\system32\svchost.exe -k LocalService
[winmgmt] %systemroot%\system32\svchost.exe -k netsvcs
[WmdmPmSN] %SystemRoot%\System32\svchost.exe -k netsvcs
[WmiApSrv] D:\WINDOWS\system32\wbem\wmiapsrv.exe
[WMPNetworkSvc] "D:\Program Files\Windows Media Player\WMPNetwk.exe"
[wscsvc] %SystemRoot%\System32\svchost.exe -k netsvcs
[wuauserv] %systemroot%\system32\svchost.exe -k netsvcs
[WudfSvc] %SystemRoot%\system32\svchost.exe -k WudfServiceGroup
[WZCSVC] %SystemRoot%\System32\svchost.exe -k netsvcs
[xmlprov] %SystemRoot%\System32\svchost.exe -k netsvcs
[系统服务i] D:\Program Files\sajldsja.DLL


**** Custom IE Search Items ****

SEARCH: [SearchAssistant] http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm
SEARCH: [CustomizeSearch] http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm


**** Complete IE Options ****

IEOPT: [NoUpdateCheck]
IEOPT: [NoJITSetup]
IEOPT: [Disable Script Debugger] yes
IEOPT: [Show_ChannelBand] No
IEOPT: [Anchor Underline] yes
IEOPT: [Cache_Update_Frequency] Once_Per_Session
IEOPT: [Display Inline Images] yes
IEOPT: [Do404Search]
IEOPT: [Local Page] D:\WINDOWS\system32\blank.htm
IEOPT: [Save_Session_History_On_Exit] no
IEOPT: [Show_FullURL] no
IEOPT: [Show_StatusBar] yes
IEOPT: [Show_ToolBar] yes
IEOPT: [Show_URLinStatusBar] yes
IEOPT: [Show_URLToolBar] yes
IEOPT: [Start Page] about:blank
IEOPT: [Use_DlgBox_Colors] yes
IEOPT: [Search Page] http://www.google.com
IEOPT: [FullScreen] no
IEOPT: [Window_Placement] ,
IEOPT: [NotifyDownloadComplete] yes
IEOPT: [Use FormSuggest] yes
IEOPT: [ShowedCheckBrowser] Yes
IEOPT: [Check_Associations] No
IEOPT: [XMLHTTP]
IEOPT: [UseClearType] yes
IEOPT: [Enable Browser Extensions] yes
IEOPT: [Play_Background_Sounds] yes
IEOPT: [Play_Animations] yes
IEOPT: [CompatibilityFlags]
IEOPT: [IE8RunOnceLastShown]
IEOPT: [IE8RunOnceLastShown_TIMESTAMP]
IEOPT: [IE8RunOncePerInstallCompleted]
IEOPT: [IE8RunOnceCompletionTime]
IEOPT: [IE8TourShown]
IEOPT: [IE8TourShownTime] p詆i由
IEOPT: [StatusBarWeb]
IEOPT: [AlwaysShowMenus]
IEOPT: [AutoHide] yes
IEOPT: [Default_Page_URL] http://go.microsoft.com/fwlink/?LinkId=69157
IEOPT: [Default_Search_URL] http://go.microsoft.com/fwlink/?LinkId=54896
IEOPT: [Search Page] http://www.google.com
IEOPT: [Enable_Disk_Cache] yes
IEOPT: [Cache_Percent_of_Disk]
IEOPT: [Delete_Temp_Files_On_Exit] yes
IEOPT: [Local Page] D:\WINDOWS\system32\blank.htm
IEOPT: [Anchor_Visitation_Horizon]
IEOPT: [Use_Async_DNS] yes
IEOPT: [Placeholder_Width]
IEOPT: [Placeholder_Height]
IEOPT: [Start Page] about:blank
IEOPT: [CompanyName] Microsoft Corporation
IEOPT: [Custom_Key] MICROSO
IEOPT: [Wizard_Version] 6.0.2600.0000
IEOPT: [FullScreen] no
IEOPT: [Default_Secondary_Page_URL]
IEOPT: [Extensions Off Page] about:NoAdd-ons
IEOPT: [Security Risk Page] about:SecurityRisk
IEOPT: [Check_Associations] yes


Thanks in advance

  • 6 Contributors
  • 59 Replies
  • 1K Views
  • 1 Week Discussion Span
  • Latest Post Latest Post by mysticwepx
Member Avatar for mysticwepx

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 20:37:34, on 2009-7-18
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
D:\WINDOWS\System32\smss.exe
D:\WINDOWS\system32\winlogon.exe
D:\WINDOWS\system32\services.exe
D:\WINDOWS\system32\lsass.exe
D:\WINDOWS\system32\svchost.exe
D:\WINDOWS\System32\svchost.exe
D:\WINDOWS\system32\spoolsv.exe
D:\WINDOWS\Explorer.EXE
D:\WINDOWS\system32\RUNDLL32.EXE
D:\WINDOWS\RTHDCPL.EXE
D:\Program Files\Razer\razerhid.exe
D:\Program Files\Java\jre6\bin\jusched.exe
D:\WINDOWS\system32\ctfmon.exe
D:\Program Files\Messenger\msmsgs.exe
D:\Program Files\Java\jre6\bin\jqs.exe
D:\WINDOWS\system32\nvsvc32.exe
D:\WINDOWS\system32\PnkBstrA.exe
D:\Program Files\Internet Explorer\IEXPLORE.EXE
D:\WINDOWS\system32\wscntfy.exe
D:\Program Files\Razer\razerofa.exe
D:\CelestialDestroyer\element\ElementClient.exe
D:\CelestialDestroyer\element\elementclient.exe
D:\WINDOWS\system32\PnkBstrB.exe
D:\Program Files\Trend Micro\HijackThis\HijackThis.exe
D:\Program Files\Malwarebytes' Anti-Malware\mbam.exe
D:\Program Files\Windows Live\Messenger\msnmsgr.exe
D:\Program Files\Windows Live\Contacts\wlcomm.exe
D:\Program Files\Mozilla Firefox\firefox.exe

O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - D:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - D:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - D:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - D:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE D:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE D:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [razer] D:\Program Files\Razer\razerhid.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "D:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [QuickTime Task] "D:\Program Files\MpcStar\Codecs\QuickTime\QTSystem\qttask.exe" -atboottime
O4 - HKLM\..\Run: [PSPVideoConverter_upgrade] "D:\Program Files\E-Zsoft\PSPVideoConverter\PSPVideoConverter.exe" /upgrade
O4 - HKLM\..\RunOnce: [Malwarebytes' Anti-Malware] D:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent
O4 - HKCU\..\Run: [ctfmon.exe] D:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "D:\Program Files\Messenger\msmsgs.exe" /background
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: 使用迅雷下载 - D:\Program Files\Thunder Network\Thunder\Program\GetUrl.htm
O8 - Extra context menu item: 使用迅雷下载全部链接 - D:\Program Files\Thunder Network\Thunder\Program\GetAllUrl.htm
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - D:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - D:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - D:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - D:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - D:\Program Files\Messenger\msmsgs.exe
O15 - ESC Trusted Zone: http://*.update.microsoft.com
O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} (Facebook Photo Uploader 5 Control) - http://upload.facebook.com/controls/2008.10.10_v5.5.8/FacebookPhotoUploader5.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1242174799984
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Runtime Environment 1.6.0) - http://dl8-cdn-09.sun.com/s/ESD7/JSCDL/jdk/6u13-b03/jinstall-6u13-windows-i586-jc.cab?e=1243164414327&h=7b5a33438611c8ba01299a155cfe74ba/&filename=jinstall-6u13-windows-i586-jc.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - https://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - D:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - D:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - D:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - D:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PnkBstrA - Unknown owner - D:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: PnkBstrB - Unknown owner - D:\WINDOWS\system32\PnkBstrB.exe
O23 - Service: 系统服务i - Unknown owner - D:\Program.exe (file missing)

--
End of file - 5393 bytes

Member Avatar for mysticwepx

Malwarebytes' Anti-Malware 1.39
Database version: 2457
Windows 5.1.2600 Service Pack 3

2009-7-18 20:39:19
mbam-log-2009-07-18 (20-39-12).txt

Scan type: Quick Scan
Objects scanned: 93339
Time elapsed: 9 minute(s), 57 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 3
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 1

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\系统服务i (Spyware.OnlineGames) -> No action taken.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\系统服务i (Spyware.OnlineGames) -> No action taken.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\系统服务i (Spyware.OnlineGames) -> No action taken.

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
d:\program files\sajldsja.DLL (Spyware.OnlineGames) -> No act

Member Avatar for Rik_

You need to get Mbam to remove what it finds. In the log it says "no action taken".

Member Avatar for mysticwepx

Malwarebytes' Anti-Malware 1.39
Database version: 2460
Windows 5.1.2600 Service Pack 3

2009-7-19 1:00:15
mbam-log-2009-07-19 (01-00-15).txt

Scan type: Quick Scan
Objects scanned: 93212
Time elapsed: 6 minute(s), 48 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

Done, but the website is still there..

Member Avatar for Rik_

Run HJT and have it fix the following by placing a tick next to each entry.

O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)

Then hit the Fix Checked button.

I see no evidence of any antivirus software at all.
Get Avast antivirus from here - http://www.avast.com/eng/download-avast-home.html. Install it, update it, and do a complete scan with it.

Member Avatar for mysticwepx

I used Avast antivirus and deleted the file but the website is still there
Here the new log i after i done everything.
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 3:11:29, on 2009-7-19
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
D:\WINDOWS\System32\smss.exe
D:\WINDOWS\system32\winlogon.exe
D:\WINDOWS\system32\services.exe
D:\WINDOWS\system32\lsass.exe
D:\WINDOWS\system32\svchost.exe
D:\WINDOWS\System32\svchost.exe
D:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
D:\Program Files\Alwil Software\Avast4\ashServ.exe
D:\WINDOWS\system32\spoolsv.exe
D:\WINDOWS\Explorer.EXE
D:\WINDOWS\system32\RUNDLL32.EXE
D:\WINDOWS\RTHDCPL.EXE
D:\Program Files\Razer\razerhid.exe
D:\Program Files\Java\jre6\bin\jusched.exe
D:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
D:\WINDOWS\system32\ctfmon.exe
D:\Program Files\Messenger\msmsgs.exe
D:\Program Files\Java\jre6\bin\jqs.exe
D:\WINDOWS\system32\nvsvc32.exe
D:\WINDOWS\system32\PnkBstrA.exe
D:\WINDOWS\system32\PnkBstrB.exe
D:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
D:\WINDOWS\system32\wscntfy.exe
D:\Program Files\Alwil Software\Avast4\ashWebSv.exe
D:\Program Files\Razer\razerofa.exe
D:\WINDOWS\system32\wuauclt.exe
D:\Program Files\Mozilla Firefox\firefox.exe
D:\Program Files\Malwarebytes' Anti-Malware\mbam.exe
D:\Program Files\Trend Micro\HijackThis\HijackThis.exe

O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - D:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - D:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - D:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - D:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE D:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE D:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [razer] D:\Program Files\Razer\razerhid.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "D:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [QuickTime Task] "D:\Program Files\MpcStar\Codecs\QuickTime\QTSystem\qttask.exe" -atboottime
O4 - HKLM\..\Run: [PSPVideoConverter_upgrade] "D:\Program Files\E-Zsoft\PSPVideoConverter\PSPVideoConverter.exe" /upgrade
O4 - HKLM\..\Run: [avast!] D:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKCU\..\Run: [ctfmon.exe] D:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "D:\Program Files\Messenger\msmsgs.exe" /background
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: 使用迅雷下载 - D:\Program Files\Thunder Network\Thunder\Program\GetUrl.htm
O8 - Extra context menu item: 使用迅雷下载全部链接 - D:\Program Files\Thunder Network\Thunder\Program\GetAllUrl.htm
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - D:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - D:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - D:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - D:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - D:\Program Files\Messenger\msmsgs.exe
O15 - ESC Trusted Zone: http://*.update.microsoft.com
O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} (Facebook Photo Uploader 5 Control) - http://upload.facebook.com/controls/2008.10.10_v5.5.8/FacebookPhotoUploader5.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1242174799984
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Runtime Environment 1.6.0) - http://dl8-cdn-09.sun.com/s/ESD7/JSCDL/jdk/6u13-b03/jinstall-6u13-windows-i586-jc.cab?e=1243164414327&h=7b5a33438611c8ba01299a155cfe74ba/&filename=jinstall-6u13-windows-i586-jc.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - https://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - D:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - D:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - D:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - D:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - D:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - D:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - D:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - D:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PnkBstrA - Unknown owner - D:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: PnkBstrB - Unknown owner - D:\WINDOWS\system32\PnkBstrB.exe

--
End of file - 5668 bytes

Member Avatar for mysticwepx

Here another log

Malwarebytes' Anti-Malware 1.39
Database version: 2460
Windows 5.1.2600 Service Pack 3

2009-7-19 3:18:06
mbam-log-2009-07-19 (03-18-06).txt

Scan type: Quick Scan
Objects scanned: 93544
Time elapsed: 8 minute(s), 49 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

Member Avatar for Rik_

Your HJT log looks clean. I don't think your problem is malware related.
Start IE up and click on tools then internet options. Let me know what it says under homepage.

Member Avatar for mysticwepx

under homepage it set to about:blank

Member Avatar for Rik_

Set it to www.google.com and see if it then works properly.

Member Avatar for mysticwepx

It don work i try alot of other wbsite also useless

Member Avatar for Rik_

It is possible that you may have some malware that is capable of hiding from both Mbam and HJT.

I would like you to rename hijackthis.exe to crusty.exe.

To do this - Go to the C:\Program Files\Trend Micro\HijackThis\HijackThis.exe file and right click on HijackThis.exe. Choose rename. Click in the title box and hit the enter key to clear what`s there.

Now type Crusty.exe into the title box and hit the enter key. Right click on the Crusty.exe file and choose "Send to desktop Create Shortcut".

You can now close the HJT directory.

Once done, post a fresh HJT log.

Member Avatar for mysticwepx

Here they are

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 21:36:07, on 2009-7-19
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
D:\WINDOWS\System32\smss.exe
D:\WINDOWS\system32\winlogon.exe
D:\WINDOWS\system32\services.exe
D:\WINDOWS\system32\lsass.exe
D:\WINDOWS\system32\svchost.exe
D:\WINDOWS\System32\svchost.exe
D:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
D:\Program Files\Alwil Software\Avast4\ashServ.exe
D:\WINDOWS\system32\spoolsv.exe
D:\WINDOWS\Explorer.EXE
D:\WINDOWS\system32\RUNDLL32.EXE
D:\WINDOWS\RTHDCPL.EXE
D:\Program Files\Razer\razerhid.exe
D:\Program Files\Java\jre6\bin\jusched.exe
D:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
D:\WINDOWS\system32\ctfmon.exe
D:\Program Files\Messenger\msmsgs.exe
D:\Program Files\Java\jre6\bin\jqs.exe
D:\WINDOWS\system32\nvsvc32.exe
D:\WINDOWS\system32\PnkBstrA.exe
D:\WINDOWS\system32\PnkBstrB.exe
D:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
D:\Program Files\Alwil Software\Avast4\ashWebSv.exe
D:\Program Files\Razer\razerofa.exe
D:\WINDOWS\system32\wscntfy.exe
D:\Program Files\Mozilla Firefox\firefox.exe
D:\CelestialDestroyer\element\ElementClient.exe
D:\CelestialDestroyer\element\elementclient.exe
D:\Program Files\Trend Micro\HijackThis\Crusty.exe.exe

O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - D:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - D:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - d:\program files\google\googletoolbar1.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - D:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - D:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - D:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - d:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE D:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE D:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [razer] D:\Program Files\Razer\razerhid.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "D:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [QuickTime Task] "D:\Program Files\MpcStar\Codecs\QuickTime\QTSystem\qttask.exe" -atboottime
O4 - HKLM\..\Run: [PSPVideoConverter_upgrade] "D:\Program Files\E-Zsoft\PSPVideoConverter\PSPVideoConverter.exe" /upgrade
O4 - HKLM\..\Run: [avast!] D:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKCU\..\Run: [ctfmon.exe] D:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "D:\Program Files\Messenger\msmsgs.exe" /background
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: 使用迅雷下载 - D:\Program Files\Thunder Network\Thunder\Program\GetUrl.htm
O8 - Extra context menu item: 使用迅雷下载全部链接 - D:\Program Files\Thunder Network\Thunder\Program\GetAllUrl.htm
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - D:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - D:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - D:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - D:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - D:\Program Files\Messenger\msmsgs.exe
O15 - ESC Trusted Zone: http://*.update.microsoft.com
O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} (Facebook Photo Uploader 5 Control) - http://upload.facebook.com/controls/2008.10.10_v5.5.8/FacebookPhotoUploader5.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1242174799984
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Runtime Environment 1.6.0) - http://dl8-cdn-09.sun.com/s/ESD7/JSCDL/jdk/6u13-b03/jinstall-6u13-windows-i586-jc.cab?e=1243164414327&h=7b5a33438611c8ba01299a155cfe74ba/&filename=jinstall-6u13-windows-i586-jc.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - https://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - D:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - D:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - D:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - D:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - D:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Google Updater Service (gusvc) - Google - D:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - D:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - D:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - D:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PnkBstrA - Unknown owner - D:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: PnkBstrB - Unknown owner - D:\WINDOWS\system32\PnkBstrB.exe

--
End of file - 6186 bytes

Member Avatar for Rik_

I still can't see anything bad there at all.

Download the Ccleaner programme from HERE. (Crap Cleaner).

Make sure all browsers are closed.

Check everything under the "Internet Explorer" section.
Check everything under the "Windows Explorer" section.
Check everything under the "System" section.
Check ONLY "Old Prefetch data" under the "Advanced" section. Once Cleaner has been run a couple of times, you should uncheck the Old Prefetch data as if you continually delete the Old Prefetch data every time you run Ccleaner, it will actually slow you boot up time down.

Then, click the "Applications" tab.
CHECK everything there.
Next, click the "Options" button in the left pane, then click the "Advanced" button:
UNCHECK : "Only delete files in Windows Temp folders older than 48 hours".
Next, click the "Cleaner" button in the left pane, then click the "Run Cleaner" button (bottom right), click "OK" at the prompt.
When done, please exit CCleaner.

CAUTION: Please do NOT use the "Issues" button in the left pane. This is a built-in registry cleaner. If you don't know how to use it, you may cause irreparable damage to your system.

Member Avatar for mysticwepx

k i done everything u told and restarted my com, it still useless

Member Avatar for Rik_

Download combofix from here - http://www.combofix.org/

Please be aware that combofix is a very aggressive program and extreme care must be taken.

Do not touch your mouse or keyboard while combofix is running.

Combofix will restart your pc, do not interfere with the process in any way.

It will eventually produce a log, please post it in your next reply.

Member Avatar for mysticwepx 
ComboFix 09-07-19.01 - Owner -07-19 星期日 22:55.1.2 - NTFSx86
Microsoft Windows XP Home Edition  5.1.2600.3.936.86.1033.18.2047.1713 [GMT -7:00]
执行位置: e:\tddownload\ComboFix.exe
.
    /wow section - STAGE 完成项目——3
The syntax of the command is incorrect.

    /wow section 未完成

(((((((((((((((((((((((((  2009-06-20 至 2009-07-20 的新的档案  )))))))))))))))))))))))))))))))
.

2009-07-20 04:50 . 2009-07-20 04:50 --------    d-----w-    d:\program files\CCleaner
2009-07-20 04:00 . 2009-07-20 04:00 16384   ----atw-    d:\temp\Perflib_Perfdata_578.dat
2009-07-20 03:20 . 2009-04-30 21:22 12800   -c----w-    d:\windows\system32\dllcache\xpshims.dll
2009-07-20 03:20 . 2009-04-30 21:22 1985024 -c----w-    d:\windows\system32\dllcache\iertutil.dll
2009-07-20 03:20 . 2009-04-30 21:22 246272  -c----w-    d:\windows\system32\dllcache\ieproxy.dll
2009-07-20 03:20 . 2009-04-30 21:22 11064832    -c----w-    d:\windows\system32\dllcache\ieframe.dll
2009-07-20 03:14 . 2009-07-20 03:14 16384   ----atw-    d:\temp\Perflib_Perfdata_500.dat
2009-07-20 00:05 . 2009-07-20 00:05 16384   ----atw-    d:\temp\Perflib_Perfdata_51c.dat
2009-07-19 23:32 . 2009-07-19 23:32 --------    d-----w-    d:\documents and settings\Owner\Local Settings\Application Data\Google
2009-07-19 23:31 . 2009-07-19 23:32 --------    d-----w-    d:\program files\Google
2009-07-19 23:25 . 2009-07-19 23:25 16384   ----atw-    d:\temp\Perflib_Perfdata_518.dat
2009-07-19 21:12 . 2009-07-19 21:12 16384   ----atw-    d:\temp\Perflib_Perfdata_594.dat
2009-07-19 10:06 . 2009-07-19 10:06 16384   ----atw-    d:\temp\Perflib_Perfdata_588.dat
2009-07-19 09:35 . 2009-07-19 09:35 16384   ----atw-    d:\temp\Perflib_Perfdata_59c.dat
2009-07-19 09:35 . 2009-07-20 05:46 --------    d-----w-    d:\temp\_avast4_
2009-07-19 09:01 . 2009-07-19 09:01 --------    d-----w-    d:\program files\Alwil Software
2009-07-19 03:27 . 2009-07-19 03:27 --------    d-----w-    d:\program files\Trend Micro
2009-07-19 03:24 . 2009-07-19 03:24 --------    d-----w-    d:\documents and settings\Owner\Application Data\Malwarebytes
2009-07-19 03:24 . 2009-07-13 20:36 38160   ----a-w-    d:\windows\system32\drivers\mbamswissarmy.sys
2009-07-19 03:24 . 2009-07-19 03:24 --------    d-----w-    d:\documents and settings\All Users\Application Data\Malwarebytes
2009-07-19 03:24 . 2009-07-13 20:36 19096   ----a-w-    d:\windows\system32\drivers\mbam.sys
2009-07-19 03:24 . 2009-07-19 03:24 --------    d-----w-    d:\program files\Malwarebytes' Anti-Malware
2009-07-17 06:42 . 2009-07-17 12:10 --------    d-----w-    d:\program files\QvodPlayer
2009-07-14 02:37 . 2009-07-14 02:37 --------    d-----w-    d:\documents and settings\Owner\Local Settings\Application Data\Mozilla
2009-07-05 05:01 . 2009-07-05 05:01 --------    d-----w-    d:\documents and settings\Owner\Application Data\AVS4YOU
2009-07-05 05:01 . 2009-07-05 05:01 --------    d-----w-    d:\documents and settings\All Users\Application Data\AVS4YOU
2009-07-05 05:00 . 2009-07-05 05:01 --------    d-----w-    d:\program files\Common Files\AVSMedia
2009-07-05 05:00 . 2008-08-13 18:22 974848  ----a-w-    d:\windows\system32\mfc70.dll
2009-07-05 05:00 . 2008-08-13 18:22 487424  ----a-w-    d:\windows\system32\msvcp70.dll
2009-07-05 05:00 . 2009-07-05 05:01 --------    d-----w-    d:\program files\AVS4YOU
2009-07-05 05:00 . 2008-08-13 18:22 1700352 ----a-w-    d:\windows\system32\GdiPlus.dll
2009-07-05 05:00 . 2008-08-13 18:22 24576   ----a-w-    d:\windows\system32\msxml3a.dll
2009-07-05 04:52 . 2009-07-05 04:52 --------    d-----w-    d:\documents and settings\Owner\Application Data\Red Kawa
2009-07-05 04:52 . 2009-07-06 21:49 --------    d-----w-    d:\program files\WeFi
2009-07-05 04:51 . 2009-07-05 04:51 5931872 ----a-w-    d:\documents and settings\Owner\Application Data\OpenCandy\WeFiSetup_5_141_4.exe
2009-07-05 04:51 . 2009-07-05 04:51 --------    d-----w-    d:\documents and settings\Owner\Application Data\OpenCandy
2009-07-05 04:51 . 2009-07-05 04:51 --------    d-----w-    d:\program files\Red Kawa
2009-07-05 04:47 . 2009-07-05 04:47 --------    d-----w-    d:\program files\E-Zsoft
2009-07-05 04:24 . 2009-07-05 04:24 --------    d-----w-    d:\program files\DVDVideoSoft
2009-07-05 03:55 . 2009-07-05 03:55 --------    d-----w-    d:\documents and settings\Owner\Application Data\ImTOO Software Studio
2009-07-05 03:48 . 2002-01-05 22:37 344064  ----a-w-    d:\windows\system32\msvcr70.dll
2009-07-05 03:48 . 2009-07-05 04:24 --------    d-----w-    d:\program files\Common Files\DVDVideoSoft
2009-07-03 10:49 . 2009-07-03 10:49 --------    d-----w-    d:\documents and settings\Owner\Local Settings\Application Data\Apple Computer
2009-07-02 23:39 . 2009-07-02 23:39 --------    d-----w-    d:\program files\Combined Community Codec Pack
2009-07-02 23:35 . 2009-07-02 23:35 --------    d-----w-    d:\program files\AviSynth 2.5
2009-07-02 23:32 . 2009-07-02 23:32 --------    d-----w-    d:\program files\MSBuild
2009-07-02 23:29 . 2009-07-20 03:26 --------    d-----w-    d:\windows\system32\XPSViewer
2009-07-02 23:29 . 2009-07-02 23:29 --------    d-----w-    d:\program files\Reference Assemblies
2009-07-02 23:28 . 2006-06-29 20:07 14048   ------w-    d:\windows\system32\spmsg2.dll
2009-07-02 22:07 . 2009-07-02 22:07 --------    d-----w-    d:\program files\GVOD
2009-07-01 08:53 . 2009-07-01 08:53 1060864 ----a-w-    d:\windows\system32\MFC71.dll

.
((((((((((((((((((((((((((((((((((((((((   在三个月内被修改的档案   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-07-20 05:48 . 2009-05-11 20:11 22016   ----a-w-    d:\documents and settings\Owner\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-07-20 05:47 . 2009-05-12 08:36 3871    ----a-w-    d:\windows\system32\cid_store.dat
2009-07-19 22:21 . 2009-05-12 00:34 139584  ----a-w-    d:\windows\system32\drivers\PnkBstrK.sys
2009-07-19 22:21 . 2009-05-12 00:34 189104  ----a-w-    d:\windows\system32\PnkBstrB.exe
2009-07-19 02:10 . 2009-05-11 21:24 --------    d-----w-    d:\program files\Warcraft III
2009-07-17 12:06 . 2009-05-11 21:43 --------    d-----w-    d:\program files\MpcStar
2009-07-16 16:13 . 2009-05-16 04:06 --------    d-----w-    d:\program files\Garena
2009-07-05 04:01 . 2009-05-13 00:23 --------    d-----w-    d:\program files\Windows Media Connect 2
2009-06-16 14:36 . 2004-08-04 12:00 81920   ----a-w-    d:\windows\system32\fontsub.dll
2009-06-16 14:36 . 2004-08-04 12:00 119808  ----a-w-    d:\windows\system32\t2embed.dll
2009-06-08 06:32 . 2009-06-08 06:32 --------    d-----w-    d:\documents and settings\Owner\Application Data\DragonicaSCB
2009-06-08 05:42 . 2009-06-08 05:42 --------    d-----w-    d:\program files\IAHGames
2009-06-08 05:37 . 2009-05-16 06:00 --------    d-----w-    d:\program files\Windows Live
2009-06-03 19:09 . 2004-08-04 12:00 1291264 ----a-w-    d:\windows\system32\quartz.dll
2009-05-29 08:59 . 2009-05-26 05:20 --------    d-----w-    d:\documents and settings\Owner\Application Data\Skype
2009-05-29 08:59 . 2009-05-26 05:29 --------    d-----w-    d:\documents and settings\Owner\Application Data\skypePM
2009-05-26 05:29 . 2009-05-26 05:29 56  ---ha-w-    d:\windows\system32\ezsidmv.dat
2009-05-26 05:20 . 2009-05-26 05:20 --------    d-----r-    d:\program files\Skype
2009-05-26 05:20 . 2009-05-26 05:20 --------    d-----w-    d:\documents and settings\All Users\Application Data\Skype
2009-05-26 05:20 . 2009-05-26 05:20 --------    d-----w-    d:\program files\Common Files\Skype
2009-05-25 02:25 . 2009-05-25 02:25 410984  ----a-w-    d:\windows\system32\deploytk.dll
2009-05-25 02:25 . 2009-05-25 02:25 --------    d-----w-    d:\program files\Java
2009-05-25 02:25 . 2009-05-25 02:25 152576  ----a-w-    d:\documents and settings\Owner\Application Data\Sun\Java\jre1.6.0_13\lzma.dll
2009-05-24 23:24 . 2009-05-12 00:34 75064   ----a-w-    d:\windows\system32\PnkBstrA.exe
2009-05-24 22:09 . 2009-05-24 22:09 22328   ----a-w-    d:\documents and settings\Owner\Application Data\PnkBstrK.sys
2009-05-24 22:09 . 2009-05-24 22:09 22328   ----a-w-    d:\documents and settings\Owner\Application Data\PnkBstrK.sys
2009-05-24 22:09 . 2009-05-11 20:40 --------    d--h--w-    d:\program files\InstallShield Installation Information
2009-05-24 21:47 . 2009-05-24 21:47 --------    d-----w-    d:\program files\Activision
2009-05-23 18:14 . 2009-05-23 18:14 --------    d-----w-    d:\program files\YouKu
2009-05-13 05:15 . 2004-08-04 12:00 915456  ----a-w-    d:\windows\system32\wininet.dll
2009-05-13 00:45 . 2009-05-11 19:45 76487   ----a-w-    d:\windows\pchealth\helpctr\OfflineCache\index.dat
2009-05-12 08:44 . 2009-05-12 08:44 0   ----a-w-    d:\windows\nsreg.dat
2009-05-12 08:33 . 2009-05-12 08:33 20  ----a-w-    d:\windows\system32\pub_store.dat
2009-05-11 21:41 . 2009-05-11 21:27 77641   ----a-w-    d:\windows\War3Unin.dat
2009-05-11 21:41 . 2009-05-11 21:27 2829    ----a-w-    d:\windows\War3Unin.pif
2009-05-11 21:41 . 2009-05-11 21:27 139264  ----a-w-    d:\windows\War3Unin.exe
2009-05-11 19:43 . 2009-05-11 19:43 21640   ----a-w-    d:\windows\system32\emptyregdb.dat
2009-05-07 15:32 . 2004-08-04 12:00 345600  ----a-w-    d:\windows\system32\localspl.dll
2009-05-04 20:09 . 2009-05-12 08:32 89600   ----a-w-    d:\windows\system32\atl71.dll
2009-05-04 20:09 . 2009-05-12 08:32 499712  ----a-w-    d:\windows\system32\msvcp71.dll
2009-05-04 20:09 . 2009-05-12 08:32 348160  ----a-w-    d:\windows\system32\msvcr71.dll
2009-07-19 10:08 . 2009-07-14 02:36 137208  ----a-w-    d:\program files\mozilla firefox\components\brwsrcmp.dll
.

------- Sigcheck -------

[7] 2008-06-20 10:44    360960  744E57C99232201AE98C49168B918F48    d:\windows\$hf_mig$\KB951748\SP2QFE\tcpip.sys
[7] 2008-06-20 11:51    361600  9AEFA14BD6B182D61E3119FA5F436D3D    d:\windows\$hf_mig$\KB951748\SP3GDR\tcpip.sys
[7] 2008-06-20 11:59    361600  AD978A1B783B5719720CFF204B666C8E    d:\windows\$hf_mig$\KB951748\SP3QFE\tcpip.sys
[-] 2008-06-20 10:45    360320  01D5EAAFF224415A7FF513E4C882BE30    d:\windows\$NtServicePackUninstall$\tcpip.sys
[7] 2008-04-13 19:20    361344  93EA8D04EC73A85DB02EB8805988F733    d:\windows\$NtUninstallKB951748$\tcpip.sys
[-] 2004-08-04 12:00    359040  C1783498EDB152656303B5D5BCABD86C    d:\windows\$NtUninstallKB951748_0$\tcpip.sys
[7] 2008-04-13 19:20    361344  93EA8D04EC73A85DB02EB8805988F733    d:\windows\ServicePackFiles\i386\tcpip.sys
[7] 2008-06-20 11:51    361600  9AEFA14BD6B182D61E3119FA5F436D3D    d:\windows\system32\dllcache\tcpip.sys
[-] 2008-06-20 11:51    361600  4AFB3B0919649F95C1964AA1FAD27D73    d:\windows\system32\drivers\tcpip.sys

.
(((((((((((((((((((((((((((((((((((((   重要登入点   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*注意* 空白与合法缺省登录将不会被显示 
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="d:\windows\system32\ctfmon.exe" [2008-04-14 15360]
"MSMSGS"="d:\program files\Messenger\msmsgs.exe" [2008-04-14 1695232]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="d:\windows\system32\NvCpl.dll" [2008-08-24 13574144]
"NvMediaCenter"="d:\windows\system32\NvMcTray.dll" [2008-08-24 86016]
"razer"="d:\program files\Razer\razerhid.exe" [2005-05-18 147456]
"SunJavaUpdateSched"="d:\program files\Java\jre6\bin\jusched.exe" [2009-05-25 148888]
"QuickTime Task"="d:\program files\MpcStar\Codecs\QuickTime\QTSystem\qttask.exe" [2009-05-11 282624]
"PSPVideoConverter_upgrade"="d:\program files\E-Zsoft\PSPVideoConverter\PSPVideoConverter.exe" [2009-03-25 495616]
"nwiz"="nwiz.exe" - d:\windows\system32\nwiz.exe [2008-08-24 1657376]
"RTHDCPL"="RTHDCPL.EXE" - d:\windows\RTHDCPL.EXE [2007-08-20 16384512]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ    autocheck autochk *\0sprestrt

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"d:\\Program Files\\Electronic Arts\\Battlefield 2142\\BF2142.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"d:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=
"d:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"d:\\Program Files\\Funshion Online\\Funshion\\Funshion.exe"=
"d:\\WINDOWS\\system32\\PnkBstrA.exe"=
"d:\\WINDOWS\\system32\\PnkBstrB.exe"=
"d:\\Program Files\\Activision\\Call of Duty 4 - Modern Warfare\\iw3mp.exe"=
"d:\\Program Files\\Skype\\Phone\\Skype.exe"=
"d:\\Program Files\\Thunder Network\\Thunder\\Program\\Thunder.exe"=
"d:\\Program Files\\Thunder Network\\Thunder\\Program\\LiveUpdate\\ThunderLiveUD.exe"=
"d:\\Program Files\\QvodPlayer\\QvodTerminal.exe"=

S3 Ambfilt;Ambfilt;d:\windows\system32\drivers\Ambfilt.sys [2009-5-11 13:40 1684736]
S3 PciCon;PciCon;\??\f:\pcicon.sys --> f:\PciCon.sys [?]
S3 Razerlow;Razerlow USB Filter Driver;d:\windows\system32\drivers\Razerlow.sys [2009-5-11 14:04 13225]

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{60B49E34-C7CC-11D0-8953-00A0C90347FF}]
"d:\windows\system32\rundll32.exe" "d:\windows\system32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
.
.
------- 而外的扫描 -------
.
uStart Page = hxxp://www.google.com/
mStart Page = about:blank
IE: ê1ó???à×???? - d:\program files\Thunder Network\Thunder\Program\GetUrl.htm
IE: ê1ó???à×????è?2?á′?ó - d:\program files\Thunder Network\Thunder\Program\GetAllUrl.htm
IE: 使用迅雷下载 - d:\program files\Thunder Network\Thunder\Program\GetUrl.htm
IE: 使用迅雷下载全部链接 - d:\program files\Thunder Network\Thunder\Program\GetAllUrl.htm
Trusted Zone: photobucket.com
FF - ProfilePath - d:\documents and settings\Owner\Application Data\Mozilla\Firefox\Profiles\hdcqx96q.default\
FF - plugin: d:\program files\Common Files\Thunder Network\KanKan\npDapCtrlFirefox.2.0.5901.12.(986).dll
FF - plugin: d:\program files\MpcStar\Codecs\Real\browser\plugins\nppl3260.dll
FF - plugin: d:\program files\MpcStar\Codecs\Real\browser\plugins\nprpjplug.dll

---- 火狐配置文件 ----
d:\program files\Mozilla Firefox\greprefs\all.js - pref("media.enforce_same_site_origin", false);
d:\program files\Mozilla Firefox\greprefs\all.js - pref("media.cache_size", 51200);
d:\program files\Mozilla Firefox\greprefs\all.js - pref("media.ogg.enabled", true);
d:\program files\Mozilla Firefox\greprefs\all.js - pref("media.wave.enabled", true);
d:\program files\Mozilla Firefox\greprefs\all.js - pref("media.autoplay.enabled", true);
d:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.urlbar.autocomplete.enabled", true);
d:\program files\Mozilla Firefox\greprefs\all.js - pref("capability.policy.mailnews.*.wholeText", "noAccess");
d:\program files\Mozilla Firefox\greprefs\all.js - pref("dom.storage.default_quota",      5120);
d:\program files\Mozilla Firefox\greprefs\all.js - pref("content.sink.event_probe_rate", 3);
d:\program files\Mozilla Firefox\greprefs\all.js - pref("network.http.prompt-temp-redirect", true);
d:\program files\Mozilla Firefox\greprefs\all.js - pref("layout.css.dpi", -1);
d:\program files\Mozilla Firefox\greprefs\all.js - pref("layout.css.devPixelsPerPx", -1);
d:\program files\Mozilla Firefox\greprefs\all.js - pref("gestures.enable_single_finger_input", true);
d:\program files\Mozilla Firefox\greprefs\all.js - pref("dom.max_chrome_script_run_time", 0);
d:\program files\Mozilla Firefox\greprefs\all.js - pref("network.tcp.sendbuffer", 131072);
d:\program files\Mozilla Firefox\greprefs\all.js - pref("geo.enabled", true);
d:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.remember_cert_checkbox_default_setting", true);
d:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr", "moz35");
d:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-cjkt", "moz35");
d:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.blocklist.level", 2);
d:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.urlbar.restrict.typed", "~");
d:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.urlbar.default.behavior", 0);
d:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.history",     true);
d:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.formdata",    true);
d:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.passwords",   false);
d:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.downloads",   true);
d:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.cookies",     true);
d:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.cache",       true);
d:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.sessions",    true);
d:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.offlineApps", false);
d:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.siteSettings", false);
d:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.history",                 true);
d:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.formdata",                true);
d:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.passwords",               false);
d:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.downloads",               true);
d:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.cookies",                 true);
d:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.cache",                   true);
d:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.sessions",                true);
d:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.offlineApps",             false);
d:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.siteSettings",            false);
d:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.sanitize.migrateFx3Prefs",    false);
d:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.ssl_override_behavior", 2);
d:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("security.alternate_certificate_error_page", "certerror");
d:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.privatebrowsing.autostart", false);
d:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.privatebrowsing.dont_prompt_on_enter", false);
d:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("geo.wifi.uri", "https://www.google.com/loc/json");
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, [url]http://www.gmer.net[/url]
Rootkit scan 2009-07-19 22:55
Windows 5.1.2600 Service Pack 3 NTFS

扫描被隐藏的进程 。。。  

扫描被隐藏的启动组 。。。 

扫描被隐藏的文件 。。。  

扫描完成
被隐藏的档案: 0

**************************************************************************
.
--------------------- 运行进程下的动态链接库 ---------------------

- - - - - - - > 'explorer.exe'(3832)
d:\windows\system32\WININET.dll
d:\windows\system32\ieframe.dll
d:\windows\system32\webcheck.dll
d:\windows\system32\WPDShServiceObj.dll
d:\windows\system32\PortableDeviceTypes.dll
d:\windows\system32\PortableDeviceApi.dll
.
完成时间: 2009-07-20 22:57
ComboFix-quarantined-files.txt  2009-07-20 05:57

Pre-Run: 10,032,578,560 bytes free
Post-Run: 10,009,939,968 bytes free

WindowsXP-KB310994-SP2-Home-BootDisk-CHS.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(2)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(2)\WINDOWS="Microsoft Windows XP Home Edition" /noexecute=optin /fastdetect

251 --- E O F ---   2009-05-16 17:22
Edited by Reverend Jim because: Fixed formatting
Member Avatar for Rik_

Any improvement?

Member Avatar for mysticwepx

Nope no improvement the website is still there...
Feeling like giveing up,if i leave it like this will anything happen?

Member Avatar for Rik_

I think that Thunder may be the case of your problems.
What exactly is that bit of software for and are you happy to uninstall it?
If you are happy to uninstall it, get revo uninstaller from here - http://www.revouninstaller.com/
Use it's most aggressive setting.

Member Avatar for mysticwepx

Thunder software is to help me dl file faster and watch movie onlie.
I have uninstall it and useing the revouninstaller and restart the com it still the same :(
If i leave it like this is it bad?

Member Avatar for Rik_

It's not bad as such, but it's not correct.

One more thing to try, internet settings, homepage, set it to http:\www.google.com and see if it helps.
I noticed in your combofix log that something has set it to hxxp:\www.google.com.

Member Avatar for mysticwepx

hmm still the same :)

Member Avatar for mysticwepx

Rik from RCE Thanks you very much for hleping till so far,i guess i'm giveing up.:)

Member Avatar for Rik_

I must admit to being stumped too.

Member Avatar for crunchie

Can you post the log from combofix's first run. You will find it in C:\qoobox folder.

Download the HostsXpert.
Run it and press "Restore M$ Hosts File" and press "OK". Exit Program.
Note that if you have a custom host file, this will remove it.

Reboot and see if the redirect still occurs.

Member Avatar for mysticwepx

The problem is still there after i restart my com
This the new log that i run combofix again the old 1 is at second page

ComboFix 09-07-19.04 - Owner -07-20 星期一 14:51.2.2 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.3.936.86.1033.18.2047.1696 [GMT -7:00]
执行位置: d:\documents and settings\Owner\Desktop\ComboFix.exe
.

((((((((((((((((((((((((( 2009-06-20 至 2009-07-20 的新的档案 )))))))))))))))))))))))))))))))
.

2009-07-20 21:43 . 2009-07-20 21:43 16384 ----atw- d:\temp\Perflib_Perfdata_7d4.dat
2009-07-20 21:37 . 2009-07-20 21:37 -------- d-----w- d:\program files\Common Files\Thunder Network
2009-07-20 21:37 . 2009-07-20 21:37 -------- d-----w- d:\program files\Thunder Network
2009-07-20 07:18 . 2009-07-20 07:18 -------- d-----w- d:\program files\VS Revo Group
2009-07-20 04:50 . 2009-07-20 04:50 -------- d-----w- d:\program files\CCleaner
2009-07-20 03:20 . 2009-04-30 21:22 12800 -c----w- d:\windows\system32\dllcache\xpshims.dll
2009-07-20 03:20 . 2009-04-30 21:22 1985024 -c----w- d:\windows\system32\dllcache\iertutil.dll
2009-07-20 03:20 . 2009-04-30 21:22 246272 -c----w- d:\windows\system32\dllcache\ieproxy.dll
2009-07-20 03:20 . 2009-04-30 21:22 11064832 -c----w- d:\windows\system32\dllcache\ieframe.dll
2009-07-19 23:32 . 2009-07-19 23:32 -------- d-----w- d:\documents and settings\Owner\Local Settings\Application Data\Google
2009-07-19 23:31 . 2009-07-19 23:32 -------- d-----w- d:\program files\Google
2009-07-19 09:35 . 2009-07-20 05:46 -------- d-----w- d:\temp\_avast4_
2009-07-19 03:24 . 2009-07-19 03:24 -------- d-----w- d:\documents and settings\Owner\Application Data\Malwarebytes
2009-07-19 03:24 . 2009-07-19 03:24 -------- d-----w- d:\documents and settings\All Users\Application Data\Malwarebytes
2009-07-17 06:42 . 2009-07-20 21:29 -------- d-----w- d:\program files\QvodPlayer
2009-07-14 02:37 . 2009-07-14 02:37 -------- d-----w- d:\documents and settings\Owner\Local Settings\Application Data\Mozilla
2009-07-05 05:01 . 2009-07-05 05:01 -------- d-----w- d:\documents and settings\Owner\Application Data\AVS4YOU
2009-07-05 05:01 . 2009-07-05 05:01 -------- d-----w- d:\documents and settings\All Users\Application Data\AVS4YOU
2009-07-05 05:00 . 2009-07-05 05:01 -------- d-----w- d:\program files\Common Files\AVSMedia
2009-07-05 05:00 . 2008-08-13 18:22 974848 ----a-w- d:\windows\system32\mfc70.dll
2009-07-05 05:00 . 2008-08-13 18:22 487424 ----a-w- d:\windows\system32\msvcp70.dll
2009-07-05 05:00 . 2009-07-05 05:01 -------- d-----w- d:\program files\AVS4YOU
2009-07-05 05:00 . 2008-08-13 18:22 1700352 ----a-w- d:\windows\system32\GdiPlus.dll
2009-07-05 05:00 . 2008-08-13 18:22 24576 ----a-w- d:\windows\system32\msxml3a.dll
2009-07-05 04:52 . 2009-07-05 04:52 -------- d-----w- d:\documents and settings\Owner\Application Data\Red Kawa
2009-07-05 04:52 . 2009-07-06 21:49 -------- d-----w- d:\program files\WeFi
2009-07-05 04:51 . 2009-07-05 04:51 5931872 ----a-w- d:\documents and settings\Owner\Application Data\OpenCandy\WeFiSetup_5_141_4.exe
2009-07-05 04:51 . 2009-07-05 04:51 -------- d-----w- d:\documents and settings\Owner\Application Data\OpenCandy
2009-07-05 04:51 . 2009-07-05 04:51 -------- d-----w- d:\program files\Red Kawa
2009-07-05 04:47 . 2009-07-05 04:47 -------- d-----w- d:\program files\E-Zsoft
2009-07-05 04:24 . 2009-07-05 04:24 -------- d-----w- d:\program files\DVDVideoSoft
2009-07-05 03:55 . 2009-07-05 03:55 -------- d-----w- d:\documents and settings\Owner\Application Data\ImTOO Software Studio
2009-07-05 03:48 . 2002-01-05 22:37 344064 ----a-w- d:\windows\system32\msvcr70.dll
2009-07-05 03:48 . 2009-07-05 04:24 -------- d-----w- d:\program files\Common Files\DVDVideoSoft
2009-07-03 10:49 . 2009-07-03 10:49 -------- d-----w- d:\documents and settings\Owner\Local Settings\Application Data\Apple Computer
2009-07-02 23:35 . 2009-07-02 23:35 -------- d-----w- d:\program files\AviSynth 2.5
2009-07-02 23:32 . 2009-07-02 23:32 -------- d-----w- d:\program files\MSBuild
2009-07-02 23:29 . 2009-07-20 03:26 -------- d-----w- d:\windows\system32\XPSViewer
2009-07-02 23:29 . 2009-07-02 23:29 -------- d-----w- d:\program files\Reference Assemblies
2009-07-02 23:28 . 2006-06-29 20:07 14048 ------w- d:\windows\system32\spmsg2.dll
2009-07-02 22:07 . 2009-07-02 22:07 -------- d-----w- d:\program files\GVOD
2009-07-01 08:53 . 2009-07-01 08:53 1060864 ----a-w- d:\windows\system32\MFC71.dll

.
(((((((((((((((((((((((((((((((((((((((( 在三个月内被修改的档案 ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-07-20 07:22 . 2009-05-12 08:36 3740 ----a-w- d:\windows\system32\cid_store.dat
2009-07-20 05:48 . 2009-05-11 20:11 22016 ----a-w- d:\documents and settings\Owner\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-07-19 22:21 . 2009-05-12 00:34 139584 ----a-w- d:\windows\system32\drivers\PnkBstrK.sys
2009-07-19 22:21 . 2009-05-12 00:34 189104 ----a-w- d:\windows\system32\PnkBstrB.exe
2009-07-19 02:10 . 2009-05-11 21:24 -------- d-----w- d:\program files\Warcraft III
2009-07-17 12:06 . 2009-05-11 21:43 -------- d-----w- d:\program files\MpcStar
2009-07-16 16:13 . 2009-05-16 04:06 -------- d-----w- d:\program files\Garena
2009-07-05 04:01 . 2009-05-13 00:23 -------- d-----w- d:\program files\Windows Media Connect 2
2009-06-16 14:36 . 2004-08-04 12:00 81920 ----a-w- d:\windows\system32\fontsub.dll
2009-06-16 14:36 . 2004-08-04 12:00 119808 ----a-w- d:\windows\system32\t2embed.dll
2009-06-08 06:32 . 2009-06-08 06:32 -------- d-----w- d:\documents and settings\Owner\Application Data\DragonicaSCB
2009-06-08 05:42 . 2009-06-08 05:42 -------- d-----w- d:\program files\IAHGames
2009-06-08 05:37 . 2009-05-16 06:00 -------- d-----w- d:\program files\Windows Live
2009-06-03 19:09 . 2004-08-04 12:00 1291264 ----a-w- d:\windows\system32\quartz.dll
2009-05-29 08:59 . 2009-05-26 05:20 -------- d-----w- d:\documents and settings\Owner\Application Data\Skype
2009-05-29 08:59 . 2009-05-26 05:29 -------- d-----w- d:\documents and settings\Owner\Application Data\skypePM
2009-05-26 05:29 . 2009-05-26 05:29 56 ---ha-w- d:\windows\system32\ezsidmv.dat
2009-05-26 05:20 . 2009-05-26 05:20 -------- d-----r- d:\program files\Skype
2009-05-26 05:20 . 2009-05-26 05:20 -------- d-----w- d:\documents and settings\All Users\Application Data\Skype
2009-05-26 05:20 . 2009-05-26 05:20 -------- d-----w- d:\program files\Common Files\Skype
2009-05-25 02:25 . 2009-05-25 02:25 410984 ----a-w- d:\windows\system32\deploytk.dll
2009-05-25 02:25 . 2009-05-25 02:25 -------- d-----w- d:\program files\Java
2009-05-25 02:25 . 2009-05-25 02:25 152576 ----a-w- d:\documents and settings\Owner\Application Data\Sun\Java\jre1.6.0_13\lzma.dll
2009-05-24 23:24 . 2009-05-12 00:34 75064 ----a-w- d:\windows\system32\PnkBstrA.exe
2009-05-24 22:09 . 2009-05-24 22:09 22328 ----a-w- d:\documents and settings\Owner\Application Data\PnkBstrK.sys
2009-05-24 22:09 . 2009-05-24 22:09 22328 ----a-w- d:\documents and settings\Owner\Application Data\PnkBstrK.sys
2009-05-24 22:09 . 2009-05-11 20:40 -------- d--h--w- d:\program files\InstallShield Installation Information
2009-05-24 21:47 . 2009-05-24 21:47 -------- d-----w- d:\program files\Activision
2009-05-13 05:15 . 2004-08-04 12:00 915456 ----a-w- d:\windows\system32\wininet.dll
2009-05-13 00:45 . 2009-05-11 19:45 76487 ----a-w- d:\windows\pchealth\helpctr\OfflineCache\index.dat
2009-05-12 08:44 . 2009-05-12 08:44 0 ----a-w- d:\windows\nsreg.dat
2009-05-12 08:33 . 2009-05-12 08:33 20 ----a-w- d:\windows\system32\pub_store.dat
2009-05-11 21:41 . 2009-05-11 21:27 77641 ----a-w- d:\windows\War3Unin.dat
2009-05-11 21:41 . 2009-05-11 21:27 2829 ----a-w- d:\windows\War3Unin.pif
2009-05-11 21:41 . 2009-05-11 21:27 139264 ----a-w- d:\windows\War3Unin.exe
2009-05-11 19:43 . 2009-05-11 19:43 21640 ----a-w- d:\windows\system32\emptyregdb.dat
2009-05-07 15:32 . 2004-08-04 12:00 345600 ----a-w- d:\windows\system32\localspl.dll
2009-05-04 20:09 . 2009-05-12 08:32 89600 ----a-w- d:\windows\system32\atl71.dll
2009-05-04 20:09 . 2009-05-12 08:32 499712 ----a-w- d:\windows\system32\msvcp71.dll
2009-05-04 20:09 . 2009-05-12 08:32 348160 ----a-w- d:\windows\system32\msvcr71.dll
2009-07-19 10:08 . 2009-07-14 02:36 137208 ----a-w- d:\program files\mozilla firefox\components\brwsrcmp.dll
2009-05-04 20:14 . 2009-07-20 21:37 36864 ----a-w- d:\program files\mozilla firefox\components\NsThunderLoader.dll
2009-05-04 20:14 . 2009-07-20 21:37 53248 ----a-w- d:\program files\mozilla firefox\components\ThunderComponent.dll
.

------- Sigcheck -------

[7] 2008-06-20 10:44 360960 744E57C99232201AE98C49168B918F48 d:\windows\$hf_mig$\KB951748\SP2QFE\tcpip.sys
[7] 2008-06-20 11:51 361600 9AEFA14BD6B182D61E3119FA5F436D3D d:\windows\$hf_mig$\KB951748\SP3GDR\tcpip.sys
[7] 2008-06-20 11:59 361600 AD978A1B783B5719720CFF204B666C8E d:\windows\$hf_mig$\KB951748\SP3QFE\tcpip.sys
[-] 2008-06-20 10:45 360320 01D5EAAFF224415A7FF513E4C882BE30 d:\windows\$NtServicePackUninstall$\tcpip.sys
[7] 2008-04-13 19:20 361344 93EA8D04EC73A85DB02EB8805988F733 d:\windows\$NtUninstallKB951748$\tcpip.sys
[-] 2004-08-04 12:00 359040 C1783498EDB152656303B5D5BCABD86C d:\windows\$NtUninstallKB951748_0$\tcpip.sys
[7] 2008-04-13 19:20 361344 93EA8D04EC73A85DB02EB8805988F733 d:\windows\ServicePackFiles\i386\tcpip.sys
[7] 2008-06-20 11:51 361600 9AEFA14BD6B182D61E3119FA5F436D3D d:\windows\system32\dllcache\tcpip.sys
[-] 2008-06-20 11:51 361600 4AFB3B0919649F95C1964AA1FAD27D73 d:\windows\system32\drivers\tcpip.sys

.
((((((((((((((((((((((((((((((((((((( 重要登入点 ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*注意* 空白与合法缺省登录将不会被显示
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="d:\windows\system32\ctfmon.exe" [2008-04-14 15360]
"MSMSGS"="d:\program files\Messenger\msmsgs.exe" [2008-04-14 1695232]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="d:\windows\system32\NvCpl.dll" [2008-08-24 13574144]
"NvMediaCenter"="d:\windows\system32\NvMcTray.dll" [2008-08-24 86016]
"razer"="d:\program files\Razer\razerhid.exe" [2005-05-18 147456]
"SunJavaUpdateSched"="d:\program files\Java\jre6\bin\jusched.exe" [2009-05-25 148888]
"QuickTime Task"="d:\program files\MpcStar\Codecs\QuickTime\QTSystem\qttask.exe" [2009-05-11 282624]
"PSPVideoConverter_upgrade"="d:\program files\E-Zsoft\PSPVideoConverter\PSPVideoConverter.exe" [2009-03-25 495616]
"nwiz"="nwiz.exe" - d:\windows\system32\nwiz.exe [2008-08-24 1657376]
"RTHDCPL"="RTHDCPL.EXE" - d:\windows\RTHDCPL.EXE [2007-08-20 16384512]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0sprestrt

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"d:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=
"d:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"d:\\Program Files\\Funshion Online\\Funshion\\Funshion.exe"=
"d:\\WINDOWS\\system32\\PnkBstrA.exe"=
"d:\\WINDOWS\\system32\\PnkBstrB.exe"=
"d:\\Program Files\\Activision\\Call of Duty 4 - Modern Warfare\\iw3mp.exe"=
"d:\\Program Files\\Skype\\Phone\\Skype.exe"=
"d:\\Program Files\\Thunder Network\\Thunder\\Program\\Thunder5.exe"=

S3 Ambfilt;Ambfilt;d:\windows\system32\drivers\Ambfilt.sys [2009-5-11 13:40 1684736]
S3 PciCon;PciCon;\??\f:\pcicon.sys --> f:\PciCon.sys [?]
S3 Razerlow;Razerlow USB Filter Driver;d:\windows\system32\drivers\Razerlow.sys [2009-5-11 14:04 13225]

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{60B49E34-C7CC-11D0-8953-00A0C90347FF}]
"d:\windows\system32\rundll32.exe" "d:\windows\system32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
.
.
------- 而外的扫描 -------
.
uStart Page = hxxp://www.google.com.sg/
mStart Page = about:blank
IE: ê1ó???à×???? - d:\program files\Thunder Network\Thunder\Program\GetUrl.htm
IE: ê1ó???à×????è?2?á′?ó - d:\program files\Thunder Network\Thunder\Program\GetAllUrl.htm
IE: 使用迅雷下载 - d:\program files\Thunder Network\Thunder\Program\GetUrl.htm
IE: 使用迅雷下载全部链接 - d:\program files\Thunder Network\Thunder\Program\GetAllUrl.htm
IE: {{09BA8F6D-CB54-424B-839C-C2A6C8E6B436} - d:\program files\Thunder Network\Thunder\Thunder.exe
Trusted Zone: photobucket.com
FF - ProfilePath - d:\documents and settings\Owner\Application Data\Mozilla\Firefox\Profiles\hdcqx96q.default\
FF - plugin: d:\program files\MpcStar\Codecs\Real\browser\plugins\nppl3260.dll
FF - plugin: d:\program files\MpcStar\Codecs\Real\browser\plugins\nprpjplug.dll

---- 火狐配置文件 ----
d:\program files\Mozilla Firefox\greprefs\all.js - pref("media.enforce_same_site_origin", false);
d:\program files\Mozilla Firefox\greprefs\all.js - pref("media.cache_size", 51200);
d:\program files\Mozilla Firefox\greprefs\all.js - pref("media.ogg.enabled", true);
d:\program files\Mozilla Firefox\greprefs\all.js - pref("media.wave.enabled", true);
d:\program files\Mozilla Firefox\greprefs\all.js - pref("media.autoplay.enabled", true);
d:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.urlbar.autocomplete.enabled", true);
d:\program files\Mozilla Firefox\greprefs\all.js - pref("capability.policy.mailnews.*.wholeText", "noAccess");
d:\program files\Mozilla Firefox\greprefs\all.js - pref("dom.storage.default_quota", 5120);
d:\program files\Mozilla Firefox\greprefs\all.js - pref("content.sink.event_probe_rate", 3);
d:\program files\Mozilla Firefox\greprefs\all.js - pref("network.http.prompt-temp-redirect", true);
d:\program files\Mozilla Firefox\greprefs\all.js - pref("layout.css.dpi", -1);
d:\program files\Mozilla Firefox\greprefs\all.js - pref("layout.css.devPixelsPerPx", -1);
d:\program files\Mozilla Firefox\greprefs\all.js - pref("gestures.enable_single_finger_input", true);
d:\program files\Mozilla Firefox\greprefs\all.js - pref("dom.max_chrome_script_run_time", 0);
d:\program files\Mozilla Firefox\greprefs\all.js - pref("network.tcp.sendbuffer", 131072);
d:\program files\Mozilla Firefox\greprefs\all.js - pref("geo.enabled", true);
d:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.remember_cert_checkbox_default_setting", true);
d:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr", "moz35");
d:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-cjkt", "moz35");
d:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.blocklist.level", 2);
d:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.urlbar.restrict.typed", "~");
d:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.urlbar.default.behavior", 0);
d:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.history", true);
d:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.formdata", true);
d:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.passwords", false);
d:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.downloads", true);
d:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.cookies", true);
d:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.cache", true);
d:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.sessions", true);
d:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.offlineApps", false);
d:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.siteSettings", false);
d:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.history", true);
d:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.formdata", true);
d:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.passwords", false);
d:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.downloads", true);
d:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.cookies", true);
d:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.cache", true);
d:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.sessions", true);
d:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.offlineApps", false);
d:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.siteSettings", false);
d:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.sanitize.migrateFx3Prefs", false);
d:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.ssl_override_behavior", 2);
d:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("security.alternate_certificate_error_page", "certerror");
d:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.privatebrowsing.autostart", false);
d:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.privatebrowsing.dont_prompt_on_enter", false);
d:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("geo.wifi.uri", "https://www.google.com/loc/json");
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-07-20 14:53
Windows 5.1.2600 Service Pack 3 NTFS

扫描被隐藏的进程 。。。

扫描被隐藏的启动组 。。。

扫描被隐藏的文件 。。。

扫描完成
被隐藏的档案: 0

**************************************************************************
.
--------------------- 运行进程下的动态链接库 ---------------------

- - - - - - - > 'explorer.exe'(3608)
d:\windows\system32\WININET.dll
d:\windows\system32\ieframe.dll
d:\windows\system32\webcheck.dll
d:\windows\system32\WPDShServiceObj.dll
d:\windows\system32\PortableDeviceTypes.dll
d:\windows\system32\PortableDeviceApi.dll
.
完成时间: 2009-07-20 14:54
ComboFix-quarantined-files.txt 2009-07-20 21:54
ComboFix2.txt 2009-07-20 05:57

Pre-Run: 14,262,792,192 bytes free
Post-Run: 14,243,262,464 bytes free

231 --- E O F --- 2009-05-16 17:22

Thank in advance

Member Avatar for crunchie

That is still the second log. You need to post the first one.

Be a part of the DaniWeb community

We're a friendly, industry-focused community of developers, IT pros, digital marketers, and technology enthusiasts meeting, networking, learning, and sharing knowledge.