unable to update antivirus

June 5, 2011 at 12:24:14
Specs: Windows XP
i cant update my antivirus and access any antivirus websites
can anyone help me to fix it?

See More: unable to update antivirus

Report •


#1
June 5, 2011 at 17:53:01
i cant update my antivirus
Which one?

Download and do a full scan with Malwarebytes
http://www.filehippo.com/download_m...
fix all it finds

Some HELP in posting on Computing.net plus free progs and instructions Cheers


Report •

#2
June 5, 2011 at 19:46:20
legenz,

There is malware that blocks efforts to download AntiVirus and AntiSpyware software, and also impairs your ability to update these programs.

Here are a couple of alternatives:

Try Safe Mode with Networking. It may allow you to access websites blocked in normal mode:

Restart your computer
Tap the F8 key as your computer boots, before the Windows logo appears .
When you get to the Advanced Options menu, select: Safe Mode with Networking


As an alternative, do you have a browser, other than Internet Explorer, where you can try to access the security related Websites?

Mozilla Firefox:
http://www.mozilla.com/en-US/produc...

Google Chrome:
http://www.google.com/chrome/intl/e...

Let us know how it goes, and we will take it from there.


Report •

#3
June 5, 2011 at 20:10:08
i still cant update my avast antivirus and access any antivirus website after scanning with Malwarebytes

Report •

Related Solutions

#4
June 5, 2011 at 20:18:51
aaflac44,
what should i do after updating my antivirus?
should i scan my computer?
what should i do if the virus is not terminated even though i scanned it with my updated antivirus?

Report •

#5
June 5, 2011 at 20:55:00
legenz,

Let's take it one step at a time...

If you can update your AntiVirus (avast!), your idea to scan the computer is good. Run the scan, and if avast! finds anything, post back the report.

Also, can you open Malwarebytes, click on the Logs tab, and post the Malwarebytes report for the scan you just did?

All this information will help determine what course of action to take. If the virus is not removed by avast!, there are other tools we can use to get rid of it.


Report •

#6
June 5, 2011 at 21:40:35
Malwarebytes' Anti-Malware 1.35
Database version: 1926
Windows 5.1.2600 Service Pack 3

6/6/2011 3:13:05 AM
mbam-log-2011-06-06 (03-13-05).txt

Scan type: Full Scan (C:\|D:\|)
Objects scanned: 161034
Time elapsed: 1 hour(s), 17 minute(s), 9 second(s)

Memory Processes Infected: 1
Memory Modules Infected: 1
Registry Keys Infected: 40
Registry Values Infected: 2
Registry Data Items Infected: 3
Folders Infected: 1
Files Infected: 10

Memory Processes Infected:
C:\Program Files\Common Files\Sogou PXP\p2psvr.exe (Adware.BHO) -> Unloaded process successfully.

Memory Modules Infected:
C:\Program Files\P4P\tbupdate.dll (Adware.BHO) -> Delete on reboot.

Registry Keys Infected:
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\p4p service (Adware.BHO) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\p4p service (Adware.BHO) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet004\Services\p4p service (Adware.BHO) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\p4p service (Adware.BHO) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\popcaploader.popcaploaderctrl2 (Adware.PopCap) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\c:/windows/downloaded program files/popcaploader.dll (Adware.PopCap) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\TypeLib\{c9c5deaf-0a1f-4660-8279-9edfad6fefe1} (Adware.PopCap) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{e4e3e0f8-cd30-4380-8ce9-b96904bdefca} (Adware.PopCap) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{fe8a736f-4124-4d9c-b4b1-3b12381efabe} (Adware.PopCap) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{df780f87-ff2b-4df8-92d0-73db16a1543a} (Adware.PopCap) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{df780f87-ff2b-4df8-92d0-73db16a1543a} (Adware.PopCap) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{df780f87-ff2b-4df8-92d0-73db16a1543a} (Adware.PopCap) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\popcaploader.popcaploaderctrl2.1 (Adware.PopCap) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{2e9937fc-cf2f-4f56-af54-5a6a3dd375cc} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{3124ad41-99ee-4e18-a605-ed5ee59466bc} (Adware.BHO) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{cf54be1c-9359-4395-8533-1657cf209cfe} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{147a976f-eee1-4377-8ea7-4716e4cdd239} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Typelib\{a4566604-f73b-4dd5-8a21-87e7a808d426} (Adware.BHO) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{0ca51d02-7739-43ea-8d9a-1e8ad4327b03} (Adware.BHO) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{0ca51d02-7739-43ea-8d9a-1e8ad4327b03} (Adware.BHO) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{0ca51d02-7739-43ea-8d9a-1e8ad4327b03} (Adware.BHO) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Typelib\{d518921a-4a03-425e-9873-b9a71756821e} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{07b18ea9-a523-4961-b6bb-170de4475cca} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{07b18ea1-a523-4961-b6bb-170de4475cca} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{07b18eab-a523-4961-b6bb-170de4475cca} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{25560540-9571-4d7b-9389-0f166788785a} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{3dc201fb-e9c9-499c-a11f-23c360d7c3f8} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{9ff05104-b030-46fc-94b8-81276e4e27df} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{00a6faf1-072e-44cf-8957-5838f569a31d} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{56256a51-b582-467e-b8d4-7786eda79ae0} (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{56256a51-b582-467e-b8d4-7786eda79ae0} (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{59c7fc09-1c83-4648-b3e6-003d2bbc7481} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{68af847f-6e91-45dd-9b68-d6a12c30e5d7} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{9170b96c-28d4-4626-8358-27e6caeef907} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{d1a71fa0-ff48-48dd-9b6d-7a13a3e42127} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{ddb1968e-ead6-40fd-8dae-ff14757f60c7} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{f138d901-86f0-4383-99b6-9cdd406036da} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\RunDll32Policy\f3ScrCtr.dll (Adware.MyWay) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Multimedia\WMPlayer\Schemes\f3pss (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Sohu R&D (Malware.Trace) -> Quarantined and deleted successfully.

Registry Values Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDLLs\C:\WINDOWS\Downloaded Program Files\popcaploader.dll (Adware.PopCap) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\MenuExt\&Search\ (Adware.Hotbar) -> Quarantined and deleted successfully.

Registry Data Items Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\AppInit_DLLs (Adware.BHO) -> Data: c:\windows\system32\sodahk.dll -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\AppInit_DLLs (Adware.BHO) -> Data: system32\sodahk.dll -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Folder\Hidden\SHOWALL\CheckedValue (Hijack.System.Hidden) -> Bad: (0) Good: (1) -> Quarantined and deleted successfully.

Folders Infected:
C:\Program Files\Common Files\Sogou PXP (Adware.BHO) -> Quarantined and deleted successfully.

Files Infected:
C:\Program Files\Common Files\Sogou PXP\p2psvr.exe (Adware.BHO) -> Quarantined and deleted successfully.
C:\Program Files\P4P\tbupdate.dll (Adware.BHO) -> Quarantined and deleted successfully.
C:\WINDOWS\Downloaded Program Files\popcaploader.dll (Adware.PopCap) -> Quarantined and deleted successfully.
C:\Program Files\P4P\sodaie.dll (Adware.BHO) -> Quarantined and deleted successfully.
C:\Program Files\P4P\dlmgr.dll (Adware.BHO) -> Quarantined and deleted successfully.
C:\Program Files\P4P\sodalib.dll (Adware.BHO) -> Quarantined and deleted successfully.
C:\Program Files\P4P\strmfea.exe (Adware.BHO) -> Quarantined and deleted successfully.
C:\Program Files\Windows Live\Messenger\riched20.dll (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\SODAHK.DLL (Adware.BHO) -> Quarantined and deleted successfully.
C:\END (Trojan.FakeAlert) -> Quarantined and deleted successfully.


Report •

#7
June 5, 2011 at 21:43:50
legenz, try these other cleaners, they work great:
1- Trojan remover
http://www.simplysup.com/tremover/d...
2- Hitman Pro
http://www.surfright.nl/en
Fix all they find

If you can't access them in normal mode, tap f8 on bootup and choose safe mode with networking.

If those don't fix your problem then I suggest you try combofix:
http://www.bleepingcomputer.com/com...
Follow the online guide and you will be fine.
Combofix will usually fix the problems that the other scanners miss and is safe to use if you follow the instructions.

One more thing you can try if all else fails, is to boot into safemode and set avast to do a bootscan on reboot.
Avast is real good at removing problems it finds.
Good luck

Some HELP in posting on Computing.net plus free progs and instructions Cheers


Report •

#8
June 5, 2011 at 21:46:14
Your PC was really infected by the looks of your malwarebytes log. The above suggestions should clean it out for you.

Some HELP in posting on Computing.net plus free progs and instructions Cheers


Report •

#9
June 5, 2011 at 21:52:30
@Legenz
I have experienced this problem before.BTW what Avast version you are using sir? Please try to run a Boot Time Scan it might be some malware blocking your update. Next, try repair your Avast by reinstalling it again, Avast is sometimes weak for it's self defense that viruses attacks and damage it's update module.

Report •

#10
June 5, 2011 at 21:54:04
i am going to wait for my virus scan to complete before following all your advices,thank you anyway

Report •

#11
June 6, 2011 at 02:03:48
my combofix result log:
ComboFix 11-06-05.06 - Administrator 6/2011 Mon 16:30:47.1.2 - x86
Microsoft Windows XP Professional 5.1.2600.3.936.86.1033.18.1526.910 [GMT 8:00]
执行位置: c:\documents and settings\Administrator\My Documents\Downloads\ComboFix.exe
AV: avast! Antivirus *Disabled/Updated* {7591DB91-41F0-48A3-B128-1A293FD8233D}
.
.
((((((((((((((((((((((((((((((((((((((( 被删除的档案 )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\documents and settings\Administrator\Administrator1
c:\documents and settings\Administrator\Application Data\.#
c:\favoritevideo\InvisibleFolder
c:\favoritevideo\InvisibleFolder\s(1)
c:\favoritevideo\InvisibleFolder\videoplayback
c:\program files\AutocompletePro
c:\program files\AutocompletePro\AutocompletePro.dll
c:\program files\AutocompletePro\chrome\autocompleteprochrome.crx
c:\program files\AutocompletePro\FireFoxExtension.exe
c:\program files\AutocompletePro\InstTracker.exe
c:\program files\AutocompletePro\support@predictad.com\chrome.manifest
c:\program files\AutocompletePro\support@predictad.com\chrome\content\browserOverlay.xul
c:\program files\AutocompletePro\support@predictad.com\chrome\content\options.js
c:\program files\AutocompletePro\support@predictad.com\chrome\content\options.xul
c:\program files\AutocompletePro\support@predictad.com\chrome\content\utils.js
c:\program files\AutocompletePro\support@predictad.com\defaults\preferences\predictad.js
c:\program files\AutocompletePro\support@predictad.com\install.rdf
c:\program files\AutocompletePro\unins000.dat
c:\program files\AutocompletePro\unins000.exe
c:\program files\Mozilla Firefox\extensions\{DE9265D8-D55D-4286-9DC4-F8D8A0CA2F64}
c:\program files\Mozilla Firefox\extensions\{DE9265D8-D55D-4286-9DC4-F8D8A0CA2F64}\chrome.manifest
c:\program files\Mozilla Firefox\extensions\{DE9265D8-D55D-4286-9DC4-F8D8A0CA2F64}\chrome\scanquery.jar
c:\program files\Mozilla Firefox\extensions\{DE9265D8-D55D-4286-9DC4-F8D8A0CA2F64}\defaults\preferences\prefs.js
c:\program files\Mozilla Firefox\extensions\{DE9265D8-D55D-4286-9DC4-F8D8A0CA2F64}\install.rdf
c:\program files\P4P\waVAna.ax
c:\program files\ScanQuery
c:\program files\ScanQuery\scanquery.exe
c:\program files\ScanQuery\uninstall.exe
c:\program files\StormII
c:\program files\StormII\BfOptDll.dll
c:\program files\StormII\codec\264be.dll
c:\program files\StormII\codec\264dmmx.dll
c:\program files\StormII\codec\264dsse.dll
c:\program files\StormII\codec\264dsse2.dll
c:\program files\StormII\codec\264dsse3.dll
c:\program files\StormII\codec\aasc32.dll
c:\program files\StormII\codec\ac3filter.ax
c:\program files\StormII\codec\ACDV.dll
c:\program files\StormII\codec\acelpdec.ax
c:\program files\StormII\codec\asusasv1.dll
c:\program files\StormII\codec\asusasv2.dll
c:\program files\StormII\codec\ativcr2.dll
c:\program files\StormII\codec\avcodec.dll
c:\program files\StormII\codec\avformat.dll
c:\program files\StormII\codec\avidavicodec.dll
c:\program files\StormII\codec\AviSplitter.ax
c:\program files\StormII\codec\avutil.dll
c:\program files\StormII\codec\bass.dll
c:\program files\StormII\codec\bass_aac.dll
c:\program files\StormII\codec\bass_alac.dll
c:\program files\StormII\codec\bass_ape.dll
c:\program files\StormII\codec\bass_flac.dll
c:\program files\StormII\codec\bass_mpc.dll
c:\program files\StormII\codec\bass_tta.dll
c:\program files\StormII\codec\bass_wv.dll
c:\program files\StormII\codec\cddareader.ax
c:\program files\StormII\codec\cdxareader.ax
c:\program files\StormII\codec\ChpSrcFilter.ax
c:\program files\StormII\codec\cl264dec.ax
c:\program files\StormII\codec\CLNavX.ax
c:\program files\StormII\codec\CLRVIDDC.DLL
c:\program files\StormII\codec\clrviddd.dll
c:\program files\StormII\codec\CLVc1Dec.ax
c:\program files\StormII\codec\CLVSD.ax
c:\program files\StormII\codec\clvsdx.ax
c:\program files\StormII\codec\coreavc.ax
c:\program files\StormII\codec\CUVCcodc.dll
c:\program files\StormII\codec\DCBassSource.ax
c:\program files\StormII\codec\divxdec.ax
c:\program files\StormII\codec\DSMSplitter.ax
c:\program files\StormII\codec\dxvadec.ax
c:\program files\StormII\codec\empgdmx.ax
c:\program files\StormII\codec\ff_kernelDeint.dll
c:\program files\StormII\codec\ff_liba52.dll
c:\program files\StormII\codec\ff_libavcodec.dll
c:\program files\StormII\codec\ff_libdts.dll
c:\program files\StormII\codec\ff_libfaad2.dll
c:\program files\StormII\codec\ff_libmad.dll
c:\program files\StormII\codec\ff_libmpeg2.dll
c:\program files\StormII\codec\ff_libmplayer.dll
c:\program files\StormII\codec\ff_realaac.dll
c:\program files\StormII\codec\ff_samplerate.dll
c:\program files\StormII\codec\ff_theora.dll
c:\program files\StormII\codec\ff_TomsMoComp.dll
c:\program files\StormII\codec\ff_tremor.dll
c:\program files\StormII\codec\ff_unrar.dll
c:\program files\StormII\codec\ff_wmv9.dll
c:\program files\StormII\codec\ff_xvidcore.dll
c:\program files\StormII\codec\ffdshow.ax
c:\program files\StormII\codec\ffdshow.ax.manifest
c:\program files\StormII\codec\ffmpeg.dll
c:\program files\StormII\codec\ffsource.ax
c:\program files\StormII\codec\FLT_ffdshow.dll
c:\program files\StormII\codec\FLVSplitter.ax
c:\program files\StormII\codec\frapsvid.dll
c:\program files\StormII\codec\GeoCodec.dll
c:\program files\StormII\codec\i263_32.drv
c:\program files\StormII\codec\iconv.dll
c:\program files\StormII\codec\kdh4.dll
c:\program files\StormII\codec\kdm4.dll
c:\program files\StormII\codec\keys.dat
c:\program files\StormII\codec\l3codecx.ax
c:\program files\StormII\codec\LCodcCMP.dll
c:\program files\StormII\codec\libavcodec.dll
c:\program files\StormII\codec\libmpeg2_ff.dll
c:\program files\StormII\codec\libmplayer.dll
c:\program files\StormII\codec\LMVRGBxf.dll
c:\program files\StormII\codec\LMVYUVxf.dll
c:\program files\StormII\codec\lsvxdec.dll
c:\program files\StormII\codec\mfplat.dll
c:\program files\StormII\codec\mkunicode.dll
c:\program files\StormII\codec\mkx.dll
c:\program files\StormII\codec\mkzlib.dll
c:\program files\StormII\codec\mmamrdmx.ax
c:\program files\StormII\codec\MP3DMOD.DLL
c:\program files\StormII\codec\mp4.dll
c:\program files\StormII\codec\mp43dmod.dll
c:\program files\StormII\codec\mp4sdmod.dll
c:\program files\StormII\codec\MP4Splitter.ax
c:\program files\StormII\codec\MpaDecFilter.ax
c:\program files\StormII\codec\MpaSplitter.ax
c:\program files\StormII\codec\Mpeg2DecFilter.ax
c:\program files\StormII\codec\mpeg2dmx.ax
c:\program files\StormII\codec\MpegSplitter.ax
c:\program files\StormII\codec\mpg2splt.ax
c:\program files\StormII\codec\mpg4dmod.dll
c:\program files\StormII\codec\mpg4ds32.ax
c:\program files\StormII\codec\msvcr71.dll
c:\program files\StormII\codec\NDParser.ax
c:\program files\StormII\codec\OggSplitter.ax
c:\program files\StormII\codec\ogm.dll
c:\program files\StormII\codec\Plugins\nppl3260.dll
c:\program files\StormII\codec\Plugins\nppl3260.xpt
c:\program files\StormII\codec\Plugins\nprpjplug.dll
c:\program files\StormII\codec\Plugins\nsJSRealPlayerPlugin.xpt
c:\program files\StormII\codec\PmpSplt.ax
c:\program files\StormII\codec\pncrt.dll
c:\program files\StormII\codec\pndx5016.dll
c:\program files\StormII\codec\pndx5032.dll
c:\program files\StormII\codec\pthreadVC2.dll
c:\program files\StormII\codec\pvmjpg21.dll
c:\program files\StormII\codec\qasf.dll
c:\program files\StormII\codec\Real\Codecs\14_43260.dll
c:\program files\StormII\codec\Real\Codecs\28_83260.dll
c:\program files\StormII\codec\Real\Codecs\atrc.dll
c:\program files\StormII\codec\Real\Codecs\cook.dll
c:\program files\StormII\codec\Real\Codecs\ddnt3260.dll
c:\program files\StormII\codec\Real\Codecs\dnet3260.dll
c:\program files\StormII\codec\Real\Codecs\drv1.dll
c:\program files\StormII\codec\Real\Codecs\drv2.dll
c:\program files\StormII\codec\Real\Codecs\drvc.dll
c:\program files\StormII\codec\Real\Codecs\hxltcolor.dll
c:\program files\StormII\codec\Real\Codecs\raac.dll
c:\program files\StormII\codec\Real\Codecs\ralf.dll
c:\program files\StormII\codec\Real\Codecs\rv10.dll
c:\program files\StormII\codec\Real\Codecs\rv20.dll
c:\program files\StormII\codec\Real\Codecs\rv30.dll
c:\program files\StormII\codec\Real\Codecs\rv40.dll
c:\program files\StormII\codec\Real\Codecs\sipr.dll
c:\program files\StormII\codec\Real\Common\objb3201.dll
c:\program files\StormII\codec\Real\Common\pnen3260.dll
c:\program files\StormII\codec\Real\Common\pngu3267.dll
c:\program files\StormII\codec\Real\Common\pnrs3260.dll
c:\program files\StormII\codec\Real\Common\rppr3260.dll
c:\program files\StormII\codec\Real\Plugins\audplin.dll
c:\program files\StormII\codec\Real\Plugins\authmgr.dll
c:\program files\StormII\codec\Real\Plugins\clbascauth.dll
c:\program files\StormII\codec\Real\Plugins\clntxres.dll
c:\program files\StormII\codec\Real\Plugins\ExtResources\coreres.xrs
c:\program files\StormII\codec\Real\Plugins\fpsechnd.dll
c:\program files\StormII\codec\Real\Plugins\httpfsys.dll
c:\program files\StormII\codec\Real\Plugins\hxsdp.dll
c:\program files\StormII\codec\Real\Plugins\hxxml.dll
c:\program files\StormII\codec\Real\Plugins\imgrender.dll
c:\program files\StormII\codec\Real\Plugins\memfsys.dll
c:\program files\StormII\codec\Real\Plugins\mp3fformat.dll
c:\program files\StormII\codec\Real\Plugins\mp3render.dll
c:\program files\StormII\codec\Real\Plugins\mp4arender.dll
c:\program files\StormII\codec\Real\Plugins\ntlmauth.dll
c:\program files\StormII\codec\Real\Plugins\oggfformat.dll
c:\program files\StormII\codec\Real\Plugins\pacplin.dll
c:\program files\StormII\codec\Real\Plugins\plusplin.dll
c:\program files\StormII\codec\Real\Plugins\pxcb3210.dll
c:\program files\StormII\codec\Real\Plugins\ramfformat.dll
c:\program files\StormII\codec\Real\Plugins\ramrender.dll
c:\program files\StormII\codec\Real\Plugins\rarender.dll
c:\program files\StormII\codec\Real\Plugins\rmfformat.dll
c:\program files\StormII\codec\Real\Plugins\rmxfpln.dll
c:\program files\StormII\codec\Real\Plugins\rmxrend.dll
c:\program files\StormII\codec\Real\Plugins\rn5auth.dll
c:\program files\StormII\codec\Real\Plugins\rtfformat.dll
c:\program files\StormII\codec\Real\Plugins\rtrender.dll
c:\program files\StormII\codec\Real\Plugins\rvrender.dll
c:\program files\StormII\codec\Real\Plugins\sdpplin.dll
c:\program files\StormII\codec\Real\Plugins\security.dll
c:\program files\StormII\codec\Real\Plugins\smlfformat.dll
c:\program files\StormII\codec\Real\Plugins\smlrender.dll
c:\program files\StormII\codec\Real\Plugins\smmrender.dll
c:\program files\StormII\codec\Real\Plugins\smplfsys.dll
c:\program files\StormII\codec\Real\Plugins\stubdrm.dll
c:\program files\StormII\codec\Real\Plugins\tfilesys.dll
c:\program files\StormII\codec\Real\Plugins\vidplin.dll
c:\program files\StormII\codec\Real\Plugins\vidsite.dll
c:\program files\StormII\codec\Real\Plugins\vorbisrend.dll
c:\program files\StormII\codec\Real\Plugins\vsrlocal.dll
c:\program files\StormII\codec\Real\rpplugins\cn\embed_cn.dll
c:\program files\StormII\codec\Real\rpplugins\cn\rpclsvc_cn.dll
c:\program files\StormII\codec\Real\rpplugins\embd3260.dll
c:\program files\StormII\codec\Real\rpplugins\rpcl3260.dll
c:\program files\StormII\codec\Real\rpplugins\rput3260.dll
c:\program files\StormII\codec\RenderFilter.ax
c:\program files\StormII\codec\rmoc3260.dll
c:\program files\StormII\codec\RMSplt.ax
c:\program files\StormII\codec\Sc726dec.ax
c:\program files\StormII\codec\scsource.ax
c:\program files\StormII\codec\silverlight.exe
c:\program files\StormII\codec\skinsres.dll
c:\program files\StormII\codec\splitter.ax
c:\program files\StormII\codec\swscale.dll
c:\program files\StormII\codec\TomsMoComp_ff.dll
c:\program files\StormII\codec\ts.dll
c:\program files\StormII\codec\tsccvid.dll
c:\program files\StormII\codec\vc1dc.dll
c:\program files\StormII\codec\vc1dmmx.dll
c:\program files\StormII\codec\vc1dsse.dll
c:\program files\StormII\codec\vc1dsse2.dll
c:\program files\StormII\codec\vmnc.dll
c:\program files\StormII\codec\vp6vfw.dll
c:\program files\StormII\codec\vp7vfw.dll
c:\program files\StormII\codec\WMADMOD.dll
c:\program files\StormII\codec\wmpasf.dll
c:\program files\StormII\codec\wmsdmod.dll
c:\program files\StormII\codec\WMVDECOD.dll
c:\program files\StormII\codec\wmvdmod.dll
c:\program files\StormII\codec\xvid.ax
c:\program files\StormII\codec\xvidcore.dll
c:\program files\StormII\config.dll
c:\program files\StormII\corelog.dll
c:\program files\StormII\current.ecs
c:\program files\StormII\GdiPlus.dll
c:\program files\StormII\gifParser.dll
c:\program files\StormII\jscript.dll
c:\program files\StormII\keys.dat
c:\program files\StormII\media\def\def.flv
c:\program files\StormII\media\def\def.ini
c:\program files\StormII\media\empty.swf
c:\program files\StormII\media\media4in1.swf
c:\program files\StormII\media\mediabp.swf
c:\program files\StormII\media\others.xml
c:\program files\StormII\media\others.xml.ini
c:\program files\StormII\media\stcon.ini
c:\program files\StormII\media\toff.ini
c:\program files\StormII\media\video_material_list.xml
c:\program files\StormII\media\video_material_list.xml.ini
c:\program files\StormII\media\video_style_list.xml
c:\program files\StormII\media\video_style_list.xml.ini
c:\program files\StormII\Media2.dll
c:\program files\StormII\mediainfo.dll
c:\program files\StormII\MediaLib.dll
c:\program files\StormII\mee.db
c:\program files\StormII\meedb.dll
c:\program files\StormII\MovieInfo.dll
c:\program files\StormII\mps.dll
c:\program files\StormII\msscript.ocx
c:\program files\StormII\msvcp60.dll
c:\program files\StormII\Option.dll
c:\program files\StormII\playlist.smpl
c:\program files\StormII\rndrmgr.dll
c:\program files\StormII\Skin\暴风1经典.zip
c:\program files\StormII\Skin\暴风2经典.zip
c:\program files\StormII\Skin\见龙卸甲.zip
c:\program files\StormII\spfa.dll
c:\program files\StormII\splayers.dll
c:\program files\StormII\storm.exe
c:\program files\StormII\StormDebug.exe
c:\program files\StormII\StormExcept.log
c:\program files\StormII\stormliv.exe
c:\program files\StormII\StormRes.dll
c:\program files\StormII\StormSkinRes.dll
c:\program files\StormII\subdecoder.dll
c:\program files\StormII\uninst.exe
c:\program files\StormII\unrar.dll
c:\program files\StormII\Update.dll
c:\windows\~
c:\windows\Downloaded Program Files\popcaploader.inf
c:\windows\system\WINSPOOL.DRV
c:\windows\system32\admshare.dat
c:\windows\system32\config\mcckmplayervod.ini
c:\windows\system32\ezGOSvc.dll
c:\windows\system32\winlogon.bak
.
c:\windows\system32\msgsvc.dll . . . 受感染!!
.
.
((((((((((((((((((((((((((((((((((((((( 驱动/服务 )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Legacy_EZGOSVC
-------\Legacy_P4P_SERVICE
-------\Legacy_SAFEBOXKRNL
-------\Service_ezGOSvc
-------\Legacy_ccosm
-------\Legacy_ccosm
-------\Service_ccosm
-------\Service_ccosm
.
.
((((((((((((((((((((((((( 2011-05-06 至 2011-06-06 的新的档案 )))))))))))))))))))))))))))))))
.
.
2011-06-06 08:13 . 2011-06-06 08:13 12872 ----a-w- c:\windows\system32\bootdelete.exe
2011-06-06 07:52 . 2011-06-06 08:48 17480 ----a-w- c:\windows\system32\drivers\hitmanpro35.sys
2011-06-06 07:52 . 2011-06-06 07:52 -------- d-----w- c:\program files\Hitman Pro 3.5
2011-06-06 07:52 . 2011-06-06 08:13 -------- d-----w- c:\documents and settings\All Users\Application Data\Hitman Pro
2011-06-06 07:42 . 2006-06-19 04:01 69632 ----a-w- c:\windows\system32\ztvcabinet.dll
2011-06-06 07:42 . 2006-05-25 06:52 162304 ----a-w- c:\windows\system32\ztvunrar36.dll
2011-06-06 07:42 . 2005-08-25 16:50 77312 ----a-w- c:\windows\system32\ztvunace26.dll
2011-06-06 07:42 . 2003-02-02 11:06 153088 ----a-w- c:\windows\system32\UNRAR3.dll
2011-06-06 07:42 . 2002-03-05 16:00 75264 ----a-w- c:\windows\system32\unacev2.dll
2011-06-06 07:42 . 2011-06-06 07:42 -------- d-----w- c:\program files\Trojan Remover
2011-06-06 07:42 . 2011-06-06 07:42 -------- d-----w- c:\documents and settings\All Users\Application Data\Simply Super Software
2011-06-06 07:42 . 2011-06-06 07:42 -------- d-----w- c:\documents and settings\Administrator\Application Data\Simply Super Software
2011-06-05 17:24 . 2011-05-10 12:03 441176 ----a-w- c:\windows\system32\drivers\aswSnx.sys
2011-06-05 17:24 . 2011-05-10 12:10 40112 ----a-w- c:\windows\avastSS.scr
2011-06-05 16:01 . 2011-06-05 16:30 -------- d-----w- c:\program files\thriXXX
2011-05-29 14:37 . 2011-05-28 22:48 718208 ----a-w- c:\windows\system32\ezGOSvcApp.exe
2011-05-28 22:48 . 2011-06-05 16:00 -------- d-----w- c:\documents and settings\Administrator\Application Data\go
2011-05-28 22:48 . 2011-06-05 03:31 -------- d-----w- c:\documents and settings\All Users\Application Data\Easybits GO
2011-05-25 12:25 . 2011-05-25 12:25 -------- d-----w- c:\documents and settings\Administrator\Application Data\LEGO Company
2011-05-25 12:24 . 2011-05-25 12:24 -------- d-----w- c:\program files\LEGO Company
2011-05-24 11:26 . 2011-05-24 11:26 -------- d-----w- c:\documents and settings\Administrator\Application Data\Aobi
2011-05-21 01:09 . 2011-05-21 07:20 -------- d-----w- c:\documents and settings\Administrator\Local Settings\Application Data\LogMeIn Hamachi
2011-05-21 01:09 . 2011-05-21 07:20 -------- d-----w- c:\documents and settings\LocalService\Local Settings\Application Data\LogMeIn Hamachi
2011-05-16 15:05 . 2011-05-16 15:05 -------- d-----w- c:\documents and settings\Administrator\Application Data\Kalydo
2011-05-16 00:10 . 2011-05-23 08:07 404640 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2011-05-12 08:35 . 2011-06-02 09:22 -------- d-----w- c:\documents and settings\All Users\Application Data\Skype Extras
2011-05-12 08:34 . 2011-05-12 08:34 -------- d-----w- c:\program files\Common Files\Skype
2011-05-09 00:07 . 2011-05-09 00:07 781272 ----a-w- c:\program files\Mozilla Firefox\mozsqlite3.dll
2011-05-09 00:07 . 2011-05-09 00:07 1874904 ----a-w- c:\program files\Mozilla Firefox\mozjs.dll
2011-05-09 00:07 . 2011-05-09 00:07 89048 ----a-w- c:\program files\Mozilla Firefox\libEGL.dll
2011-05-09 00:07 . 2011-05-09 00:07 465880 ----a-w- c:\program files\Mozilla Firefox\libGLESv2.dll
2011-05-09 00:07 . 2011-05-09 00:07 15832 ----a-w- c:\program files\Mozilla Firefox\mozalloc.dll
2011-05-09 00:07 . 2011-05-09 00:07 1892184 ----a-w- c:\program files\Mozilla Firefox\d3dx9_42.dll
2011-05-09 00:07 . 2011-05-09 00:07 1974616 ----a-w- c:\program files\Mozilla Firefox\D3DCompiler_42.dll
2011-05-09 00:07 . 2011-05-09 00:07 142296 ----a-w- c:\program files\Mozilla Firefox\components\browsercomps.dll
.
.
.
(((((((((((((((((((((((((((((((((((((((( 在三个月内被修改的档案 ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-05-10 12:10 . 2009-04-18 01:52 199304 ----a-w- c:\windows\system32\aswBoot.exe
2011-05-10 12:03 . 2009-04-18 01:52 307928 ----a-w- c:\windows\system32\drivers\aswSP.sys
2011-05-10 12:02 . 2009-04-18 01:53 49240 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2011-05-10 12:02 . 2009-04-18 01:52 102616 ----a-w- c:\windows\system32\drivers\aswmon2.sys
2011-05-10 12:02 . 2009-04-18 01:52 96344 ----a-w- c:\windows\system32\drivers\aswmon.sys
2011-05-10 11:59 . 2009-04-18 01:53 25432 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2011-05-10 11:59 . 2009-04-18 01:52 30808 ----a-w- c:\windows\system32\drivers\aavmker4.sys
2011-05-10 11:59 . 2009-04-18 01:52 19544 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2011-05-01 17:32 . 2011-05-01 17:29 2829 ----a-w- c:\windows\War3Unin.pif
2011-05-01 17:32 . 2011-05-01 17:29 139264 ----a-w- c:\windows\War3Unin.exe
2010-07-22 15:40 . 2010-11-17 05:07 2944904 ----a-w- c:\program files\Common Files\AskToolbarInstaller.exe
2011-05-09 00:07 . 2011-05-09 00:07 142296 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
2009-11-04 15:05 . 2009-08-03 12:59 253952 ----a-w- c:\program files\mozilla firefox\components\CheckTudouVa.dll
.
.
------- Sigcheck -------
Note: Unsigned files aren't necessarily malware.
.
[7] 2008-06-20 . AD978A1B783B5719720CFF204B666C8E . 361600 . . [5.1.2600.5625] . . c:\windows\$hf_mig$\KB951748\SP3QFE\tcpip.sys
[7] 2008-06-20 . 9AEFA14BD6B182D61E3119FA5F436D3D . 361600 . . [5.1.2600.5625] . . c:\windows\system32\dllcache\tcpip.sys
[-] 2008-06-20 . 4AFB3B0919649F95C1964AA1FAD27D73 . 361600 . . [5.1.2600.5625] . . c:\windows\system32\drivers\tcpip.sys
[-] 2002-12-31 . ACCF5A9A1FFAA490F33DBA1C632B95E1 . 361344 . . [5.1.2600.5512] . . c:\windows\$NtUninstallKB951748$\tcpip.sys
.
[-] 2009-02-01 . 679A7259741F6A09994F02CE261B5F2E . 507904 . . [5.1.2600.5512] . . c:\windows\system32\winlogon.exe
.
((((((((((((((((((((((((((((((((((((( 重要登入点 ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*注意* 空白与合法缺省登录将不会被显示
REGEDIT4
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{43BEAFD9-E005-483D-A367-146BA6C8A32E}]
2009-11-04 15:05 87448 ----a-w- c:\program files\Tudou\飞速Tudou\tudouDetector.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2011-05-10 12:10 122512 ----a-w- c:\program files\Alwil Software\Avast5\ashShell.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"PPAP"="c:\program files\Common Files\PPLiveNetwork\PPAP.exe" [2010-07-05 185784]
"PPLiveVA"="c:\program files\PPLive\PPVA\PPLiveVA.exe" [2010-04-27 71152]
"PPS Accelerator"="c:\program files\PPStream\ppsap.exe" [2010-02-24 214408]
"FlashGet 3"="c:\program files\FlashGet Network\FlashGet 3\FlashGet3.exe" [2010-12-16 2840112]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2002-12-31 15360]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2008-02-08 135168]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2008-02-08 159744]
"Persistence"="c:\windows\system32\igfxpers.exe" [2008-02-08 131072]
"RTHDCPL"="RTHDCPL.EXE" [2007-11-22 16858112]
"RemoteControl"="c:\program files\CyberLink\PowerDVD\PDVDServ.exe" [2007-02-07 71216]
"LanguageShortcut"="c:\program files\CyberLink\PowerDVD\Language\Language.exe" [2007-02-07 54832]
"IMJPMIG8.1"="c:\windows\IME\imjp8_1\IMJPMIG.EXE" [2002-12-31 208952]
"MSPY2002"="c:\windows\system32\IME\PINTLGNT\ImScInst.exe" [2002-12-31 59392]
"PHIME2002ASync"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2002-12-31 455168]
"PHIME2002A"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2002-12-31 455168]
"IMEKRMIG6.1"="c:\windows\ime\imkr6_1\IMEKRMIG.EXE" [2002-12-31 44032]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 10.0\Reader\Reader_sl.exe" [2011-01-30 35736]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-11-10 932288]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-10-29 249064]
"DLCGCATS"="c:\windows\system32\spool\DRIVERS\W32X86\3\DLCGtime.dll" [2006-10-20 73728]
"TrojanScanner"="c:\program files\Trojan Remover\Trjscan.exe" [2010-11-24 1233856]
"HitmanPro35"="c:\program files\Hitman Pro 3.5\HitmanPro35.exe" [2011-06-06 6470464]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"RunNarrator"="Narrator.exe" [2002-12-31 53760]
.
c:\documents and settings\All Users\Start Menu\Programs\Startup\
酷我音乐盒.exe [2010-12-2 105352]
.
[HKLM\~\startupfolder\C:^Documents and Settings^Administrator^Start Menu^Programs^Startup^启动飞速土豆.lnk]
path=c:\documents and settings\Administrator\Start Menu\Programs\Startup\启动飞速土豆.lnk
backup=c:\windows\pss\启动飞速土豆.lnkStartup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\msnmsgr]
2010-04-16 14:12 3872080 ----a-w- c:\program files\Windows Live\Messenger\msnmsgr.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2010-09-08 03:17 421888 ----a-w- c:\program files\QuickTime\QTTask.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype]
2011-04-18 09:30 15146376 ----a-r- c:\program files\Skype\Phone\Skype.exe
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"DisableNotifications"= 1 (0x1)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Common Files\\PPLiveNetwork\\PPAP.exe"=
"c:\\Program Files\\DNA\\btdna.exe"=
"c:\\Documents and Settings\\Administrator\\Local Settings\\Application Data\\Google\\Chrome\\Application\\chrome.exe"=
"c:\\Program Files\\Skype\\Plugin Manager\\skypePM.exe"=
"c:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"c:\\WINDOWS\\system32\\usmt\\migwiz.exe"=
"c:\\WINDOWS\\system32\\dpvsetup.exe"=
"c:\\Program Files\\PPLive\\PPVA\\PPLiveVA_U.exe"=
"c:\\Program Files\\PPLive\\PPVA\\PPLiveVA.exe"=
"c:\\Program Files\\PPLive\\PPVA\\FlvPick.exe"=
"c:\\Program Files\\PPLive\\PPVA\\CrashUpload.exe"=
"c:\\Program Files\\PPLive\\PPVA\\crashreporter.exe"=
"c:\\Program Files\\PPLive\\PPVA\\PPVADownload.exe"=
"c:\\Program Files\\PPLive\\PPVA\\DownloadProgress.exe"=
"c:\\Program Files\\Tudou\\飞速Tudou\\TudouVa.exe"=
"c:\\Program Files\\PPSGame\\PPSGame.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Windows Live\\Sync\\WindowsLiveSync.exe"=
"c:\\Program Files\\KWMUSIC\\bin\\KwMV.exe"=
"c:\\Program Files\\KWMUSIC\\bin\\KwMusic.exe"=
"c:\\Program Files\\FlashGet Network\\FlashGet 3\\FlashGet3.exe"=
"c:\\Program Files\\PPStream\\PPStream.exe"=
"c:\\Program Files\\PPStream\\PPSAP.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"c:\\Program Files\\Tudou\\·é?ùTudou\\TudouVa.exe"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"19048:TCP"= 19048:TCP:BitComet 19048 TCP
"19048:UDP"= 19048:UDP:BitComet 19048 UDP
"29101:TCP"= 29101:TCP:???? ??
"4984:TCP"= 4984:TCP:jqgwip
"58540:TCP"= 58540:TCP:Pando Media Booster
"58540:UDP"= 58540:UDP:Pando Media Booster
"1161:TCP"= 1161:TCP:Akamai NetSession Interface
"5000:UDP"= 5000:UDP:Akamai NetSession Interface
.
R0 sptd;sptd;c:\windows\system32\drivers\sptd.sys [12/26/2010 2:16 AM 691696]
R1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys [6/6/2011 1:24 AM 441176]
R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [4/18/2009 9:52 AM 307928]
R2 Akamai;Akamai NetSession Interface;c:\windows\System32\svchost.exe -k Akamai [12/31/2002 8:00 PM 14336]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [4/18/2009 9:52 AM 19544]
R2 shoddybattle;Shoddy Battle Server;c:\program files\Shoddy Battle Server\bin\wrapper.exe [2/17/2009 5:29 PM 204800]
R3 hitmanpro35;Hitman Pro 3.5 Support Driver;c:\windows\system32\drivers\hitmanpro35.sys [6/6/2011 3:52 PM 17480]
R3 seehcri;Sony Ericsson seehcri Device Driver;c:\windows\system32\drivers\seehcri.sys [8/27/2010 10:36 PM 27632]
S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [9/18/2009 7:34 AM 133104]
S3 cpuz128;cpuz128;\??\c:\docume~1\ADMINI~1\LOCALS~1\Temp\cpuz_x32.sys --> c:\docume~1\ADMINI~1\LOCALS~1\Temp\cpuz_x32.sys [?]
S3 EagleXNt;EagleXNt;\??\c:\windows\system32\drivers\EagleXNt.sys --> c:\windows\system32\drivers\EagleXNt.sys [?]
S3 FANTOM;LEGO MINDSTORMS NXT Driver;c:\windows\system32\drivers\fantom.sys [10/17/2007 4:49 PM 39424]
S3 gupdatem;Google Update Service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [9/18/2009 7:34 AM 133104]
S3 Mkd2kfNt;Mkd2kfNt;c:\windows\system32\drivers\Mkd2kfNT.sys [9/23/2009 7:25 AM 133632]
S3 Mkd2Nadr;Mkd2Nadr;c:\windows\system32\drivers\Mkd2Nadr.sys [9/23/2009 7:25 AM 79360]
S3 npggsvc;nProtect GameGuard Service;c:\windows\system32\GameMon.des -service --> c:\windows\system32\GameMon.des -service [?]
S3 XDva281;XDva281;\??\c:\windows\system32\XDva281.sys --> c:\windows\system32\XDva281.sys [?]
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - HITMANPRO35
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
Akamai REG_MULTI_SZ Akamai
.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
xydmxopdd
.
‘计划任务’ 文件夹 里的内容
.
2011-05-05 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 04:34]
.
2011-06-06 c:\windows\Tasks\Game_Booster_Startup.job
- c:\program files\IObit\Game Booster\gbtray.exe [2011-01-22 08:20]
.
2011-06-06 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-09-17 23:34]
.
2011-06-06 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-09-17 23:34]
.
2011-06-02 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1614895754-1035525444-1801674531-500Core.job
- c:\documents and settings\Administrator\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2009-05-19 07:20]
.
2011-06-06 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1614895754-1035525444-1801674531-500UA.job
- c:\documents and settings\Administrator\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2009-05-19 07:20]
.
2011-06-06 c:\windows\Tasks\ImeMgr.job
- c:\windows\SYSTEM32\SogouImeMgr.exe [2009-12-02 14:38]
.
2011-06-06 c:\windows\Tasks\OGALogon.job
- c:\windows\system32\OGAEXEC.exe [2009-08-03 07:07]
.
2011-06-06 c:\windows\Tasks\User_Feed_Synchronization-{0255AE8E-61B8-4296-90A9-6BD118683D19}.job
- c:\windows\system32\msfeedssync.exe [2007-08-13 20:31]
.
.
------- 而外的扫描 -------
.
uStart Page = hxxp://www.facebook.com/?ref=hp
uInternet Settings,ProxyOverride = local
IE: Download all by FlashGet3 - c:\documents and settings\Administrator\Application Data\FlashGetBHO\GetAllUrl.htm
IE: Download by FlashGet3 - c:\documents and settings\Administrator\Application Data\FlashGetBHO\GetUrl.htm
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
IE: 使用快车3下载 - c:\documents and settings\Administrator\Application Data\FlashGetBHO\GetUrl.htm
IE: 使用快车3下载全部链接 - c:\documents and settings\Administrator\Application Data\FlashGetBHO\GetAllUrl.htm
Trusted Zone: pps.tv
Trusted Zone: ppstream.com
Trusted Zone: webscache.com
TCP: DhcpNameServer = 192.168.1.1
TCP: Interfaces\{1551E806-7A4D-4767-A631-2A5B0A0D060A}: NameServer = 115.236.4.203,8.8.8.8
DPF: {74E4A24D-5224-4F05-8A41-99445E0FC22B} - hxxp://www.gamehouse.com/games/gamehouse/ghplayer.cab
DPF: {8768D5EA-5412-4810-A032-09AD2A726C69} - hxxp://bgweb.nowcdn.co.kr/Bin/DownStarter2.cab
DPF: {BFF1950D-B1B4-4AE8-B842-B2CCF06D9A1B} - hxxp://game11.zylom.com/activex/zylomgamesplayer.cab
DPF: {F8C5C0F1-D884-43EB-A5A0-9E1C4A102FA8} - hxxps://secure.gopetslive.com/dev/GoPetsWeb.cab
FF - ProfilePath - c:\documents and settings\Administrator\Application Data\Mozilla\Firefox\Profiles\vsfhd4dx.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.facebook.com
FF - prefs.js: keyword.URL - hxxp://www.scanquery.com/?tmp=nemo_results_removelink&prt=ScnqryPB&keywords=
FF - prefs.js: network.proxy.type - 2
.
- - - - ORPHANS REMOVED - - - -
.
URLSearchHooks-{EEE6C35D-6118-11DC-9C72-001320C79847} - (no file)
WebBrowser-{C3CD744D-2FAE-4640-8297-16B5DA423104} - (no file)
WebBrowser-{EEE6C35B-6118-11DC-9C72-001320C79847} - (no file)
WebBrowser-{D4027C7F-154A-4066-A1AD-4243D8127440} - (no file)
AddRemove-AutocompletePro3_is1 - c:\program files\AutocompletePro\unins000.exe
AddRemove-ScanQuery - c:\program files\ScanQuery\uninstall.exe
AddRemove-storm2 - c:\program files\StormII\uninst.exe
AddRemove-{C12A198C-E751-4729-839A-8FA07CF941C1}_is1 - g:\games\Dragonica\unins000.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-06-06 16:47
Windows 5.1.2600 Service Pack 3 NTFS
.
扫描被隐藏的进程 。。。
.
扫描被隐藏的启动组 。。。
.
HKLM\Software\Microsoft\Windows\CurrentVersion\Run
DLCGCATS = rundll32 c:\windows\system32\spool\DRIVERS\W32X86\3\DLCGtime.dll,_RunDLLEntry@16???????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????
.
扫描被隐藏的文件 。。。
.
扫描完成
被隐藏的档案: 0
.
**************************************************************************
.
[HKEY_LOCAL_MACHINE\System\ControlSet004\Services\npggsvc]
"ImagePath"="c:\windows\system32\GameMon.des -service"
.
[HKEY_LOCAL_MACHINE\System\ControlSet004\Services\{95808DC4-FA4A-4c74-92FE-5B863F82066B}]
"ImagePath"="\??\c:\program files\CyberLink\PowerDVD\000.fcl"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\S-1-5-21-1614895754-1035525444-1801674531-500\Software\Microsoft\Internet Explorer\MenuExt\O(u隷f?* N}廬
@="c:\\Documents and Settings\\Administrator\\Application Data\\FlashGetBHO\\GetUrl.htm"
"contexts"=dword:00000022
.
[HKEY_USERS\S-1-5-21-1614895754-1035525444-1801674531-500\Software\Microsoft\Internet Explorer\MenuExt\O(u隷f?* N}廻Q钀]
@="c:\\Documents and Settings\\Administrator\\Application Data\\FlashGetBHO\\GetAllUrl.htm"
"contexts"=dword:000000f3
.
[HKEY_USERS\S-1-5-21-1614895754-1035525444-1801674531-500\Software\Microsoft\Internet Explorer\User Preferences]
@Denied: (2) (Administrator)
"88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,2d,a5,a9,d1,eb,10,dd,48,ab,7d,27,\
"2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,b4,e1,18,43,60,82,51,4b,bc,50,94,\
.
[HKEY_LOCAL_MACHINE\software\(*梘)*1U隷梊CLUBBOX\NetStat]
"0000"=dword:00000011
"0001"=dword:00000019
"1000"=dword:0000001f
"1001"=dword:0000001f
.
[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\,{1*>e f]
"SlowInfoCache"=hex:28,02,00,00,00,00,00,00,ff,ff,ff,ff,ff,ff,ff,ff,00,00,00,
00,00,00,00,00,ff,ff,ff,ff,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
"Changed"=dword:00000000
.
[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Uninstall\Cooking Dash*]
"DisplayName"="Cooking Dash?"
"UninstallString"="c:\\PROGRA~1\\SHOCKW~1.COM\\COOKIN~1\\UNWISE.EXE c:\\PROGRA~1\\SHOCKW~1.COM\\COOKIN~1\\INSTALL.LOG"
.
--------------------- 运行进程下的动态链接库 ---------------------
.
- - - - - - - > 'explorer.exe'(2368)
c:\windows\system32\WININET.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ 其他运行进程 ------------------------
.
c:\program files\Alwil Software\Avast5\AvastSvc.exe
c:\windows\system32\WgaTray.exe
c:\windows\system32\conime.exe
c:\windows\RTHDCPL.EXE
c:\windows\system32\igfxsrvc.exe
c:\program files\KWMUSIC\bin\kwmusic.exe
c:\windows\system32\dlcgcoms.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\CyberLink\Shared files\RichVideo.exe
c:\program files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
c:\windows\system32\java.exe
c:\windows\system32\wscntfy.exe
c:\program files\KWMUSIC\bin\kwmv.exe
.
**************************************************************************
.
完成时间: 2011-06-06 17:01:34 - 电脑已重新启动
ComboFix-quarantined-files.txt 2011-06-06 09:01
.
Pre-Run: 10,745,466,880 bytes free
Post-Run: 10,851,950,592 bytes free
.
WindowsXP-KB310994-SP2-Pro-BootDisk-CHS.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
UnsupportedDebug="do not select this" /debug
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect
.
- - End Of File - - 3AD34B675DF8924F87B25ACB3BC2289F

Report •

#12
June 6, 2011 at 02:06:45
the problem is solved with combofix,but i receive this "you may be a victim of counterfeiting" message,is there anyway to solve it?

Report •

#13
June 6, 2011 at 03:28:29
you mean your windows? Is it a legit copy?

Some HELP in posting on Computing.net plus free progs and instructions Cheers


Report •

#14
June 6, 2011 at 05:07:30
all problems is fixed,thank you

Report •

#15
June 6, 2011 at 10:21:43
you are very welcome. Thanks for posting back, it will help others with the same problem!

Some HELP in posting on Computing.net plus free progs and instructions Cheers


Report •

Ask Question