Welcome to MalwareRemoval.com,
What if we told you that you could get malware removal help from experts, and that it was 100% free? MalwareRemoval.com provides free support for people with infected computers. Our help, and the tools we use are always 100% free. No hidden catch. We simply enjoy helping others. You enjoy a clean, safe computer.

Malware Removal Instructions

Help: kaspersky anti-virus keep on asking me to "disinfect /

MalwareRemoval.com provides free support for people with infected computers. Using plain language that anyone can understand, our community of volunteer experts will walk you through each step.

Help: kaspersky anti-virus keep on asking me to "disinfect /

Unread postby crystal628 » August 23rd, 2008, 11:27 am

My kaspersky anti-virus keep on asking me to "disinfect / delete / skip " all the .exe file in my computer.those all
.exe file is program file and setup file only, not dangerous virus. i dun know wat to do so i just shut down the kaspersky.
pls advise thanks.


Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:23:45 PM, on 8/23/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.5730.0013)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe
C:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIBHP.EXE
C:\Program Files\Java\jre1.5.0_07\bin\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe
C:\WINDOWS\system32\inetsrv\inetinfo.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\HPQ\Shared\hpqwmi.exe
C:\Program Files\Java\jre1.5.0_07\bin\jucheck.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Adobe\Adobe Illustrator CS2\Support Files\Contents\Windows\Illustrator.exe
C:\DOCUME~1\Crystal\LOCALS~1\Temp\Adobelm_Cleanup.0001
C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
C:\DOCUME~1\Crystal\LOCALS~1\Temp\Adobelm_Cleanup.0001
C:\Program Files\Adobe\Acrobat 7.0\Acrobat\Acrobat.exe
C:\DOCUME~1\Crystal\LOCALS~1\Temp\Adobelm_Cleanup.0001
C:\DOCUME~1\Crystal\LOCALS~1\Temp\Adobelm_Cleanup.0001
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

O2 - BHO: Thunder AtOnce - {01443AEC-0FD1-40fd-9C87-E93D1494C233} - C:\Program Files\Thunder Network\Thunder\ComDlls\TDAtOnce_Now.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_07\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: ThunderBHO - {889D2FEB-5411-4565-8998-1DD2C5261283} - C:\Program Files\Thunder Network\Thunder\ComDlls\xunleiBHO_Now.dll
O2 - BHO: AcroIEToolbarHelper Class - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [ATIPTA] "C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe"
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [hpWirelessAssistant] C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Acrobat Assistant 7.0] "C:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe"
O4 - HKLM\..\Run: [ISUSPM Startup] "C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [\\chua\EPSON Stylus C59 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIBHP.EXE /FU "C:\DOCUME~1\Crystal\LOCALS~1\Temp\E_S3F.tmp" /EF "HKLM"
O4 - HKLM\..\Run: [AVP] "C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\avp.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_07\bin\jusched.exe
O4 - HKLM\..\Run: [EPSON Stylus CX3700 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIACP.EXE /F "C:\WINDOWS\TEMP\E_S97.tmp" /EF "HKLM"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - Global Startup: Adobe Acrobat Speed Launcher.lnk = %SystemRoot%\Installer\{AC76BA86-1033-0000-7760-000000000002}\SC_Acrobat.exe
O8 - Extra context menu item: Convert link target to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert link target to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert selected links to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convert selected links to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Convert selection to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert selection to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: 使用迅雷下载 - C:\Program Files\Thunder Network\Thunder\Program\geturl.htm
O8 - Extra context menu item: 使用迅雷下载全部链接 - C:\Program Files\Thunder Network\Thunder\Program\getallurl.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_07\bin\ssv.dll
O9 - Extra button: ???ˉ??à×5 - {09BA8F6D-CB54-424B-839C-C2A6C8E6B436} - C:\Program Files\Thunder Network\Thunder\Thunder.exe
O9 - Extra 'Tools' menuitem: ???ˉ??à×5 - {09BA8F6D-CB54-424B-839C-C2A6C8E6B436} - C:\Program Files\Thunder Network\Thunder\Thunder.exe
O9 - Extra button: Web Anti-Virus statistics - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\scieplugin.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O15 - ESC Trusted Zone: http://*.update.microsoft.com
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/s ... wflash.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{085EFFA7-E994-4681-9FE6-02C879836D01}: NameServer = 202.188.0.133
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: Kaspersky Anti-Virus 6.0 (AVP) - Kaspersky Lab - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\avp.exe
O23 - Service: HP WMI Interface (hpqwmi) - Hewlett-Packard Development Company, L.P. - C:\Program Files\HPQ\Shared\hpqwmi.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe

--
End of file - 8258 bytes
crystal628
Active Member
 
Posts: 12
Joined: August 23rd, 2008, 11:19 am
Advertisement
Register to Remove

Re: Help: kaspersky anti-virus keep on asking me to "disinfect /

Unread postby Rodav » August 26th, 2008, 4:14 pm

Hello! :hello2: and welcome to the Malware Removal forums.
I would be glad to take a look at your log and help you with solving any malware problems. HijackThis logs can take a while to research so please be patient while I work on your log and I will post back here with any recommendations.

  • I will be working on your Malware issues, this may or may not, solve other issues you have with your machine.
  • The fixes are specific to your problem and should only be used for this issue on this machine.
  • Please continue to review my answers until I tell you your machine appears to be clear. Absence of symptoms does not mean that everything is clear.
  • It's often worth reading through these instructions and printing them for ease of reference.
  • If you don't know or understand something, please don't hesitate to say or ask!! It's better to be sure and safe than sorry.
  • Please reply to this thread. Do not start a new topic.
User avatar
Rodav
MRU Master Emeritus
 
Posts: 1480
Joined: April 19th, 2007, 6:44 am
Location: Here, there and yonder.

Re: Help: kaspersky anti-virus keep on asking me to "disinfect /

Unread postby Rodav » August 26th, 2008, 4:28 pm

Hi crystal628,

If every .exe file including the legitimate ones are being flagged by Kaspersky as being infected, then the outlook isn't looking too good. :(

We can try clean it, but you may need to reformat and reinstall anyway.

Step 1:
Download to the desktop:Dr.Web CureIt
  • Doubleclick the drweb-cureit.exe file and Allow to run the express scan
  • This will scan the files currently running in memory and when something is found, click the yes button when it asks you if you want to cure it. This is only a short scan.
  • Once the short scan has finished, Click Options > Change settings
  • Choose the "Scan"-tab, remove the mark at "Heuristic analysis".
  • Back at the main window, mark the drives that you want to scan.
  • Select all drives. A red dot shows which drives have been chosen.
  • Click the green arrow at the right, and the scan will start.
  • Click 'Yes to all' if it asks if you want to cure/move the file.
  • When the scan has finished, look if you can click next icon next to the files found:
    Image
    If so, click it and then click the next icon right below and select Move incurable as you'll see in next image:
    Image
    This will move it to the %userprofile%\DoctorWeb\quarantaine-folder if it can't be cured. (this in case if we need samples)
  • After selecting, in the Dr.Web CureIt menu on top, click file and choose save report list
  • Save the report to your desktop. The report will be called DrWeb.csv
  • Close Dr.Web Cureit.
  • Reboot your computer!! Because it could be possible that files in use will be moved/deleted during reboot.


Step 2:
Re-enable your Kaspersky antivirus, run HijackThis do a system scan and post:
  • Dr.Web CureIt results
  • The new HijackThis log
User avatar
Rodav
MRU Master Emeritus
 
Posts: 1480
Joined: April 19th, 2007, 6:44 am
Location: Here, there and yonder.

Re: Help: kaspersky anti-virus keep on asking me to "disinfect /

Unread postby crystal628 » August 27th, 2008, 3:08 am

hi. million thanks.
here is the log file:(hijack)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 3:02:20 PM, on 8/27/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.5730.0013)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe
C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe
C:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIBHP.EXE
C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\avp.exe
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\Program Files\BillP Studios\WinPatrol\winpatrol.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe
C:\Program Files\Adobe\Acrobat 7.0\Acrobat\acrobat_sl.exe
C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\avp.exe
C:\WINDOWS\system32\inetsrv\inetinfo.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\HPQ\Shared\hpqwmi.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

O2 - BHO: Thunder AtOnce - {01443AEC-0FD1-40fd-9C87-E93D1494C233} - C:\Program Files\Thunder Network\Thunder\ComDlls\TDAtOnce_Now.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: ThunderBHO - {889D2FEB-5411-4565-8998-1DD2C5261283} - C:\Program Files\Thunder Network\Thunder\ComDlls\xunleiBHO_Now.dll
O2 - BHO: AcroIEToolbarHelper Class - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [ATIPTA] "C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe"
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [hpWirelessAssistant] C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Acrobat Assistant 7.0] "C:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe"
O4 - HKLM\..\Run: [ISUSPM Startup] "C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [\\chua\EPSON Stylus C59 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIBHP.EXE /FU "C:\DOCUME~1\Crystal\LOCALS~1\Temp\E_S3F.tmp" /EF "HKLM"
O4 - HKLM\..\Run: [AVP] "C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\avp.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKLM\..\Run: [EPSON Stylus CX3700 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIACP.EXE /F "C:\WINDOWS\TEMP\E_S97.tmp" /EF "HKLM"
O4 - HKLM\..\Run: [WinPatrol] C:\Program Files\BillP Studios\WinPatrol\winpatrol.exe -expressboot
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - Global Startup: Adobe Acrobat Speed Launcher.lnk = %SystemRoot%\Installer\{AC76BA86-1033-0000-7760-000000000002}\SC_Acrobat.exe
O8 - Extra context menu item: Convert link target to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert link target to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert selected links to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convert selected links to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Convert selection to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert selection to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: 使用迅雷下载 - C:\Program Files\Thunder Network\Thunder\Program\geturl.htm
O8 - Extra context menu item: 使用迅雷下载全部链接 - C:\Program Files\Thunder Network\Thunder\Program\getallurl.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: ???ˉ??à×5 - {09BA8F6D-CB54-424B-839C-C2A6C8E6B436} - C:\Program Files\Thunder Network\Thunder\Thunder.exe
O9 - Extra 'Tools' menuitem: ???ˉ??à×5 - {09BA8F6D-CB54-424B-839C-C2A6C8E6B436} - C:\Program Files\Thunder Network\Thunder\Thunder.exe
O9 - Extra button: Web Anti-Virus statistics - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\scieplugin.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O15 - ESC Trusted Zone: http://*.update.microsoft.com
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/s ... wflash.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{085EFFA7-E994-4681-9FE6-02C879836D01}: NameServer = 202.188.0.133
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: Kaspersky Anti-Virus 6.0 (AVP) - Kaspersky Lab - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\avp.exe
O23 - Service: HP WMI Interface (hpqwmi) - Hewlett-Packard Development Company, L.P. - C:\Program Files\HPQ\Shared\hpqwmi.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe

--
End of file - 8239 bytes


and Dr Web:

A0041646.exe;C:\System Volume Information\_restore{D7C17510-9FB7-4BC7-9B4A-4F73AA73448C}\RP146;Trojan.Click.19220;Deleted.;
SFTPMSI.exe;D:\setup;Win32.Gael.3666;Cured.;
smartdraw_11R_74IHT_setup.exe;D:\setup;Win32.Gael.3666;Cured.;
spybotsd14.exe;D:\setup;Win32.Gael.3666;Cured.;
Kaspersky-BLKiller.exe;D:\setup\antivirus\Kaspersky Anti Virus 6.0.2.614 With 3 Year Key\KAV6.0(20年使用)破解;BackDoor.FireFly.118;Deleted.;
setup.exe;D:\setup\nERO;Win32.Gael.3666;Cured.;
setupx.exe;D:\setup\nERO;Win32.Gael.3666;Cured.;
Setup.exe;D:\setup\nERO\Nero Media Player;Win32.Gael.3666;Cured.;
WMFADist.exe;D:\setup\nERO\Nero Media Player\Redist;Win32.Gael.3666;Cured.;
wmfdist.exe;D:\setup\nERO\Nero Media Player\Redist;Win32.Gael.3666;Cured.;
Setup.exe;D:\setup\nERO\Nero Vision Express SE;Win32.Gael.3666;Cured.;
dxsetup.exe;D:\setup\nERO\Nero Vision Express SE\DirectX;Win32.Gael.3666;Cured.;
NeroVision.exe;D:\setup\nERO\Nero Vision Express SE\NeroVision\w2k;Win32.Gael.3666;Cured.;
NeroVision.exe;D:\setup\nERO\Nero Vision Express SE\NeroVision\w9x;Win32.Gael.3666;Cured.;
50comupd.exe;D:\setup\nERO\Nero Vision Express SE\Redist;Win32.Gael.3666;Cured.;
SHFolder.exe;D:\setup\nERO\Nero Vision Express SE\Redist;Win32.Gael.3666;Cured.;
wmfdist.exe;D:\setup\nERO\Nero Vision Express SE\Redist;Win32.Gael.3666;Cured.;
ODDUpdate.exe;D:\setup\nERO\ODD Toolkit;Win32.Gael.3666;Cured.;
KSSetting.exe;D:\setup\PowerWord 2005;Win32.Gael.3666;Cured.;
NewWord.exe;D:\setup\PowerWord 2005;Win32.Gael.3666;Cured.;
RegDict.exe;D:\setup\PowerWord 2005;Win32.Gael.3666;Cured.;
ScrollWord.exe;D:\setup\PowerWord 2005;Win32.Gael.3666;Cured.;
GRAPH.EXE;D:\setup\Printelli;Win32.Gael.3666;Cured.;
HASPUserSetup.exe;D:\setup\Printelli;Win32.Gael.3666;Cured.;
hdd32.exe;D:\setup\Printelli;Win32.Gael.3666;Cured.;
MSOHELP.EXE;D:\setup\Printelli;Win32.Gael.3666;Cured.;
DCOM95.EXE;D:\setup\Printelli\IE5\EN;Win32.Gael.3666;Cured.;
IE5COMP.EXE;D:\setup\Printelli\IE5\EN;Win32.Gael.3666;Cured.;
IE5SETUP.EXE;D:\setup\Printelli\IE5\EN;Win32.Gael.3666;Cured.;
OAINST.EXE;D:\setup\Printelli\IE5\EN;Win32.Gael.3666;Cured.;
VRML2C.EXE;D:\setup\Printelli\IE5\EN;Win32.Gael.3666;Cured.;
DEVICEOP.EXE;D:\setup\Printer Driver\C79_W2K_61aE\SD78_C79_W2K_61aE_S\WINXP_2K;Win32.Gael.3666;Cured.;
E_S3LAC2.EXE;D:\setup\Printer Driver\C79_W2K_61aE\SD78_C79_W2K_61aE_S\WINXP_2K;Win32.Gael.3666;Cured.;
E_SCHK03.EXE;D:\setup\Printer Driver\C79_W2K_61aE\SD78_C79_W2K_61aE_S\WINXP_2K;Win32.Gael.3666;Cured.;
OEMINF.EXE;D:\setup\Printer Driver\C79_W2K_61aE\SD78_C79_W2K_61aE_S\WINXP_2K;Win32.Gael.3666;Cured.;
SETUP.EXE;D:\setup\Printer Driver\C79_W2K_61aE\SD78_C79_W2K_61aE_S\WINXP_2K;Win32.Gael.3666;Cured.;
s6300xp161en.exe;D:\setup\Printer Driver\canon s6300;Win32.Gael.3666;Cured.;
Setup.exe;D:\setup\Printer Driver\CX3700_CX4100_4700_RX530_650_EScan_30u;Win32.Gael.3666;Cured.;
hhupd.exe;D:\setup\Printer Driver\CX3700_CX4100_4700_RX530_650_EScan_30u\LIB;Win32.Gael.3666;Cured.;
EPSetup.exe;D:\setup\Printer Driver\epson c59;Win32.Gael.3666;Cured.;
ECSSetup.exe;D:\setup\Printer Driver\epson c59\COMMON\CreativitySuite;Win32.Gael.3666;Cured.;
instmsia.exe;D:\setup\Printer Driver\epson c59\COMMON\CreativitySuite\AttachToEmail;Win32.Gael.3666;Cured.;
instmsiw.exe;D:\setup\Printer Driver\epson c59\COMMON\CreativitySuite\AttachToEmail;Win32.Gael.3666;Cured.;
setup.exe;D:\setup\Printer Driver\epson c59\COMMON\CreativitySuite\AttachToEmail;Win32.Gael.3666;Cured.;
AttachToEmail.exe;D:\setup\Printer Driver\epson c59\COMMON\CreativitySuite\AttachToEmail\InstallItems\Application;Win32.Gael.3666;Cured.;
DspReadMe.exe;D:\setup\Printer Driver\epson c59\COMMON\CreativitySuite\AttachToEmail\InstallItems\Application;Win32.Gael.3666;Cured.;
setup.exe;D:\setup\Printer Driver\epson c59\COMMON\CreativitySuite\FileManager;Win32.Gael.3666;Cured.;
setup.exe;D:\setup\Printer Driver\epson c59\COMMON\CreativitySuite\ScanAssistant;Win32.Gael.3666;Cured.;
SETUP.EXE;D:\setup\Printer Driver\epson c59\COMMON\EasyPhotoPrint;Win32.Gael.3666;Cured.;
setup.exe;D:\setup\Printer Driver\epson c59\COMMON\EasyPrintModule;Win32.Gael.3666;Cured.;
setup.exe;D:\setup\Printer Driver\epson c59\COMMON\EasyPrintModule\Euro;Win32.Gael.3666;Cured.;
DOCUNINS.EXE;D:\setup\Printer Driver\epson c59\COMMON\MANUAL\SETUP;Win32.Gael.3666;Cured.;
SETUP.EXE;D:\setup\Printer Driver\epson c59\COMMON\MANUAL\SETUP;Win32.Gael.3666;Cured.;
Setup.exe;D:\setup\Printer Driver\epson c59\ENGLISH\APPS\PIFDESIGNER;Win32.Gael.3666;Cured.;
Setup.exe;D:\setup\Printer Driver\epson c59\ENGLISH\APPS\WebToPage;Win32.Gael.3666;Cured.;
Q313600_W2K_SP4_X86_EN.exe;D:\setup\Printer Driver\epson c59\ENGLISH\StorageUpdater2K;Win32.Gael.3666;Cured.;
EPUSBUN.EXE;D:\setup\Printer Driver\epson c59\ENGLISH\WIN9X;Win32.Gael.3666;Cured.;
DEVICEOP.EXE;D:\setup\Printer Driver\epson c59\ENGLISH\WIN9X\SETUP;Win32.Gael.3666;Cured.;
E_S1LAC2.EXE;D:\setup\Printer Driver\epson c59\ENGLISH\WIN9X\SETUP;Win32.Gael.3666;Cured.;
E_SCHK03.EXE;D:\setup\Printer Driver\epson c59\ENGLISH\WIN9X\SETUP;Win32.Gael.3666;Cured.;
SETUP.EXE;D:\setup\Printer Driver\epson c59\ENGLISH\WIN9X\SETUP;Win32.Gael.3666;Cured.;
DEVICEOP.EXE;D:\setup\Printer Driver\epson c59\ENGLISH\WINXP64\SETUP;Win32.Gael.3666;Cured.;
E_S1LAC2.EXE;D:\setup\Printer Driver\epson c59\ENGLISH\WINXP64\SETUP;Win32.Gael.3666;Cured.;
E_SCHK03.EXE;D:\setup\Printer Driver\epson c59\ENGLISH\WINXP64\SETUP;Win32.Gael.3666;Cured.;
OEMINF.EXE;D:\setup\Printer Driver\epson c59\ENGLISH\WINXP64\SETUP;Win32.Gael.3666;Cured.;
SETUP.EXE;D:\setup\Printer Driver\epson c59\ENGLISH\WINXP64\SETUP;Win32.Gael.3666;Cured.;
DEVICEOP.EXE;D:\setup\Printer Driver\epson c59\ENGLISH\WINXP_2K\SETUP;Win32.Gael.3666;Cured.;
E_S1LAC2.EXE;D:\setup\Printer Driver\epson c59\ENGLISH\WINXP_2K\SETUP;Win32.Gael.3666;Cured.;
E_SCHK03.EXE;D:\setup\Printer Driver\epson c59\ENGLISH\WINXP_2K\SETUP;Win32.Gael.3666;Cured.;
OEMINF.EXE;D:\setup\Printer Driver\epson c59\ENGLISH\WINXP_2K\SETUP;Win32.Gael.3666;Cured.;
SETUP.EXE;D:\setup\Printer Driver\epson c59\ENGLISH\WINXP_2K\SETUP;Win32.Gael.3666;Cured.;
Setup.exe;D:\setup\Printer Driver\epson c59\Korean\APPS\PIFDESIGNER;Win32.Gael.3666;Cured.;
Setup.exe;D:\setup\Printer Driver\epson c59\Korean\APPS\WebToPage;Win32.Gael.3666;Cured.;
Q313600_W2K_SP4_X86_KO.exe;D:\setup\Printer Driver\epson c59\Korean\StorageUpdater2K;Win32.Gael.3666;Cured.;
EPUSBUN.EXE;D:\setup\Printer Driver\epson c59\Korean\WIN9X;Win32.Gael.3666;Cured.;
DEVICEOP.EXE;D:\setup\Printer Driver\epson c59\Korean\WIN9X\SETUP;Win32.Gael.3666;Cured.;
E_S1LAC2.EXE;D:\setup\Printer Driver\epson c59\Korean\WIN9X\SETUP;Win32.Gael.3666;Cured.;
E_SCHK03.EXE;D:\setup\Printer Driver\epson c59\Korean\WIN9X\SETUP;Win32.Gael.3666;Cured.;
SETUP.EXE;D:\setup\Printer Driver\epson c59\Korean\WIN9X\SETUP;Win32.Gael.3666;Cured.;
DEVICEOP.EXE;D:\setup\Printer Driver\epson c59\Korean\WINXP64\SETUP;Win32.Gael.3666;Cured.;
E_S1LAC2.EXE;D:\setup\Printer Driver\epson c59\Korean\WINXP64\SETUP;Win32.Gael.3666;Cured.;
E_SCHK03.EXE;D:\setup\Printer Driver\epson c59\Korean\WINXP64\SETUP;Win32.Gael.3666;Cured.;
OEMINF.EXE;D:\setup\Printer Driver\epson c59\Korean\WINXP64\SETUP;Win32.Gael.3666;Cured.;
SETUP.EXE;D:\setup\Printer Driver\epson c59\Korean\WINXP64\SETUP;Win32.Gael.3666;Cured.;
DEVICEOP.EXE;D:\setup\Printer Driver\epson c59\Korean\WINXP_2K\SETUP;Win32.Gael.3666;Cured.;
E_S1LAC2.EXE;D:\setup\Printer Driver\epson c59\Korean\WINXP_2K\SETUP;Win32.Gael.3666;Cured.;
E_SCHK03.EXE;D:\setup\Printer Driver\epson c59\Korean\WINXP_2K\SETUP;Win32.Gael.3666;Cured.;
OEMINF.EXE;D:\setup\Printer Driver\epson c59\Korean\WINXP_2K\SETUP;Win32.Gael.3666;Cured.;
SETUP.EXE;D:\setup\Printer Driver\epson c59\Korean\WINXP_2K\SETUP;Win32.Gael.3666;Cured.;
SETUP.EXE;D:\setup\Printer Driver\epson c59\LAYOUTS\SETUP;Win32.Gael.3666;Cured.;
Setup.exe;D:\setup\Printer Driver\epson c59\Taiwan\APPS\PIFDESIGNER;Win32.Gael.3666;Cured.;
Setup.exe;D:\setup\Printer Driver\epson c59\Taiwan\APPS\WebToPage;Win32.Gael.3666;Cured.;
epsonreg.exe;D:\setup\Printer Driver\epson c59\Taiwan\EPSONREG;Win32.Gael.3666;Cured.;
notify.exe;D:\setup\Printer Driver\epson c59\Taiwan\EPSONREG;Win32.Gael.3666;Cured.;
Q313600_W2K_SP4_X86_TW.exe;D:\setup\Printer Driver\epson c59\Taiwan\StorageUpdater2K;Win32.Gael.3666;Cured.;
EPUSBUN.EXE;D:\setup\Printer Driver\epson c59\Taiwan\WIN9X;Win32.Gael.3666;Cured.;
DEVICEOP.EXE;D:\setup\Printer Driver\epson c59\Taiwan\WIN9X\SETUP;Win32.Gael.3666;Cured.;
E_S1LAC2.EXE;D:\setup\Printer Driver\epson c59\Taiwan\WIN9X\SETUP;Win32.Gael.3666;Cured.;
E_SCHK03.EXE;D:\setup\Printer Driver\epson c59\Taiwan\WIN9X\SETUP;Win32.Gael.3666;Cured.;
SETUP.EXE;D:\setup\Printer Driver\epson c59\Taiwan\WIN9X\SETUP;Win32.Gael.3666;Cured.;
DEVICEOP.EXE;D:\setup\Printer Driver\epson c59\Taiwan\WINXP64\SETUP;Win32.Gael.3666;Cured.;
E_S1LAC2.EXE;D:\setup\Printer Driver\epson c59\Taiwan\WINXP64\SETUP;Win32.Gael.3666;Cured.;
E_SCHK03.EXE;D:\setup\Printer Driver\epson c59\Taiwan\WINXP64\SETUP;Win32.Gael.3666;Cured.;
OEMINF.EXE;D:\setup\Printer Driver\epson c59\Taiwan\WINXP64\SETUP;Win32.Gael.3666;Cured.;
SETUP.EXE;D:\setup\Printer Driver\epson c59\Taiwan\WINXP64\SETUP;Win32.Gael.3666;Cured.;
DEVICEOP.EXE;D:\setup\Printer Driver\epson c59\Taiwan\WINXP_2K\SETUP;Win32.Gael.3666;Cured.;
E_S1LAC2.EXE;D:\setup\Printer Driver\epson c59\Taiwan\WINXP_2K\SETUP;Win32.Gael.3666;Cured.;
E_SCHK03.EXE;D:\setup\Printer Driver\epson c59\Taiwan\WINXP_2K\SETUP;Win32.Gael.3666;Cured.;
OEMINF.EXE;D:\setup\Printer Driver\epson c59\Taiwan\WINXP_2K\SETUP;Win32.Gael.3666;Cured.;
SETUP.EXE;D:\setup\Printer Driver\epson c59\Taiwan\WINXP_2K\SETUP;Win32.Gael.3666;Cured.;
Epsswt.exe;D:\setup\Printer Driver\epson c59\_SETIMG;Win32.Gael.3666;Cured.;
DEVICEOP.EXE;D:\setup\Printer Driver\epson stylus cx3700\SDX3800_SCX3700_W2K_59bES\ENGLISH\WINXP_2K\SETUP;Win32.Gael.3666;Cured.;
E_S1LAC2.EXE;D:\setup\Printer Driver\epson stylus cx3700\SDX3800_SCX3700_W2K_59bES\ENGLISH\WINXP_2K\SETUP;Win32.Gael.3666;Cured.;
E_SCHK03.EXE;D:\setup\Printer Driver\epson stylus cx3700\SDX3800_SCX3700_W2K_59bES\ENGLISH\WINXP_2K\SETUP;Win32.Gael.3666;Cured.;
OEMINF.EXE;D:\setup\Printer Driver\epson stylus cx3700\SDX3800_SCX3700_W2K_59bES\ENGLISH\WINXP_2K\SETUP;Win32.Gael.3666;Cured.;
SETUP.EXE;D:\setup\Printer Driver\epson stylus cx3700\SDX3800_SCX3700_W2K_59bES\ENGLISH\WINXP_2K\SETUP;Win32.Gael.3666;Cured.;
DELSG.EXE;D:\setup\scanner driver\canon N1240U7030WNENZ(klang);Win32.Gael.3666;Cured.;
SETUPSG.EXE;D:\setup\scanner driver\canon N1240U7030WNENZ(klang);Win32.Gael.3666;Cured.;
SETUPSG1.EXE;D:\setup\scanner driver\canon N1240U7030WNENZ(klang);Win32.Gael.3666;Cured.;
CANOIT32.EXE;D:\setup\scanner driver\canon N1240U7030WNENZ(klang)\CNQSG70;Win32.Gael.3666;Cured.;
TWUNK_32.EXE;D:\setup\scanner driver\canon N1240U7030WNENZ(klang)\CNQSG70;Win32.Gael.3666;Cured.;
bulkSMS20.exe;D:\setup\sms\bulk sms 2.0;Win32.Gael.3666;Cured.;
Setup.exe;D:\setup\sms\sms machine;Win32.Gael.3666;Cured.;
20060629-033-i32.exe;D:\setup\Symantec Norton AntiVirus 2005;Win32.Gael.3666;Cured.;
CDSTART.EXE;D:\setup\Symantec Norton AntiVirus 2005;Win32.Gael.3666;Cured.;
NAVSETUP.EXE;D:\setup\Symantec Norton AntiVirus 2005;Win32.Gael.3666;Cured.;
AR60ENU.EXE;D:\setup\Symantec Norton AntiVirus 2005\MANUAL\ADOBE;Win32.Gael.3666;Cured.;
OMIGRATE.EXE;D:\setup\Symantec Norton AntiVirus 2005\NAV;Win32.Gael.3666;Cured.;
SMNLNCH.EXE;D:\setup\Symantec Norton AntiVirus 2005\NAV\EXTERNAL\COMMONFI\SYMSHARE;Win32.Gael.3666;Cured.;
BOOTWARN.EXE;D:\setup\Symantec Norton AntiVirus 2005\NAV\EXTERNAL\NORTON;Win32.Gael.3666;Cured.;
CFGWIZ.EXE;D:\setup\Symantec Norton AntiVirus 2005\NAV\EXTERNAL\NORTON;Win32.Gael.3666;Cured.;
LRSEND.EXE;D:\setup\Symantec Norton AntiVirus 2005\NAV\EXTERNAL\NORTON;Win32.Gael.3666;Cured.;
CCIMSCN.EXE;D:\setup\Symantec Norton AntiVirus 2005\NAV\EXTERNAL\NORTON\APP;Win32.Gael.3666;Cured.;
NAVAPSVC.EXE;D:\setup\Symantec Norton AntiVirus 2005\NAV\EXTERNAL\NORTON\APP;Win32.Gael.3666;Cured.;
NAVSTUB.EXE;D:\setup\Symantec Norton AntiVirus 2005\NAV\EXTERNAL\NORTON\APP;Win32.Gael.3666;Cured.;
NAVW32.EXE;D:\setup\Symantec Norton AntiVirus 2005\NAV\EXTERNAL\NORTON\APP;Win32.Gael.3666;Cured.;
NAVWNT.EXE;D:\setup\Symantec Norton AntiVirus 2005\NAV\EXTERNAL\NORTON\APP;Win32.Gael.3666;Cured.;
OPSCAN.EXE;D:\setup\Symantec Norton AntiVirus 2005\NAV\EXTERNAL\NORTON\APP;Win32.Gael.3666;Cured.;
QCONSOLE.EXE;D:\setup\Symantec Norton AntiVirus 2005\NAV\EXTERNAL\NORTON\APP;Win32.Gael.3666;Cured.;
SAVSCAN.EXE;D:\setup\Symantec Norton AntiVirus 2005\NAV\EXTERNAL\NORTON\APP;Win32.Gael.3666;Cured.;
ALEUPDAT.EXE;D:\setup\Symantec Norton AntiVirus 2005\NAV\IWP\APP;Win32.Gael.3666;Cured.;
NPFMNTOR.EXE;D:\setup\Symantec Norton AntiVirus 2005\NAV\IWP\APP;Win32.Gael.3666;Cured.;
A0035818.exe;D:\System Volume Information\_restore{D7C17510-9FB7-4BC7-9B4A-4F73AA73448C}\RP136;Adware.Casino;Incurable.Moved.;
A0052084.exe;D:\System Volume Information\_restore{D7C17510-9FB7-4BC7-9B4A-4F73AA73448C}\RP156;BackDoor.FireFly.117;Deleted.;
A0052085.exe;D:\System Volume Information\_restore{D7C17510-9FB7-4BC7-9B4A-4F73AA73448C}\RP156;Trojan.MulDrop.17171;Deleted.;
A0052086.exe;D:\System Volume Information\_restore{D7C17510-9FB7-4BC7-9B4A-4F73AA73448C}\RP156;BackDoor.FireFly.118;Deleted.;


-----------------------------------------

i have install d scotty. and i check with the kaspersky, d virus detected name :
1) virus Worm.Win32.RJump.a
2) virus.Win32.Tenga.a

detected: 249, untreated: 137.
i hv disinfected some of it.

and this kind of message quite often pop up.i hv attach d png image.
You do not have the required permissions to view the files attached to this post.
crystal628
Active Member
 
Posts: 12
Joined: August 23rd, 2008, 11:19 am

Re: Help: kaspersky anti-virus keep on asking me to "disinfect /

Unread postby Rodav » August 27th, 2008, 5:39 am

The errors are caused by the file infector which has infected every setup.exe file on your computer, unfortunately those errors should be the least of your worries now. :(

I'm afraid I have unpleasant news for you. You have a Very Dangerous infection on this machine.
The infection is delivered by Win32.Gael.3666 and Worm.Win32.RJump.a
It allows outsiders COMPLETE access to every keystroke, account, and password you use while on this machine, and complete access to any other data present...
IF this computer has been used for any kind of important data, my best recommendation is to Disconnect from Internet, Re-Format the entire drive and re-install your Operating system and Applications.

If the Computer has been used for any important data, you are strongly advised to do the following, immediately:
  • Disconnect the infected computer from the internet and from any networked computers until the computer can be cleaned.
  • Back up all important data on the machine. Do not back up any Applications (programs). Those should be re-installed from the original source CDs or websites.
  • If you have ever used this computer for shopping, banking, or any transactions relating to your financial well being:
    Call all of your banks, credit card companies, and financial institutions, informing them that you may be a victim of identity theft, and to put a watch on your accounts or change all your account numbers.
  • From a clean computer, change ALL your online passwords -- for ISP login, email, banks, financial accounts, PayPal, eBay, online companies, and any online forums or groups you belong to.
  • DO NOT change passwords or do any transactions while using the infected computer because the attacker will get the new password and transaction information.
  • Take any other steps you think appropriate for an attempted identity theft.
  • Please read this for more information: How Do I Handle Possible Identify Theft, Internet Fraud and CC Fraud?
While you are deciding whether to ReFormat and Re-Install, a useful link is here: http://www.dslreports.com/faq/10063


If we tried to clean the computer it could take some days and even then never quite be the same as it was before the infections started. If you do decide to reformat and reinstall your OS and I strongly suggest you do, your computer will be back as good as new in a few hours.

Let me know what you plan to do.
User avatar
Rodav
MRU Master Emeritus
 
Posts: 1480
Joined: April 19th, 2007, 6:44 am
Location: Here, there and yonder.

Re: Help: kaspersky anti-virus keep on asking me to "disinfect /

Unread postby crystal628 » August 27th, 2008, 6:02 am

:pale: really bad news....
btw, i get this virus from my fren's pendrive......when i plug in his pendrive,it automatic open(usually i wil scan b4 open). how can i prevent this in d future?
and now i have two drive, drive c and drive d. but my DVD rom has down. my xp setup files store in d drive, i install d os by using xp setup file in drive d . u wil not recommend using this method right? then i should buy a new dvd rom ......:(
and format drive c & d right?
crystal628
Active Member
 
Posts: 12
Joined: August 23rd, 2008, 11:19 am

Re: Help: kaspersky anti-virus keep on asking me to "disinfect /

Unread postby Rodav » August 27th, 2008, 7:25 am

Your having such bad luck. :(

This will give you information for disabling autorun: http://www.raymond.cc/blog/archives/200 ... -security/

You should also add a folder named autorun.inf to all your own pendrives incase you were using them on an infected machine. If there's a thumbdrive/flashdrive infection present, it can't create the autorun.inf file on it since there is a folder called autorun.inf.

You really should reformat both drives, it's the only way to be sure the infections are gone. If your DVD-ROM is broken you may be able to borrow an external cd-rom from somebody and boot from it:
http://www.microsoft.com/whdc/archive/usb-boot.mspx
User avatar
Rodav
MRU Master Emeritus
 
Posts: 1480
Joined: April 19th, 2007, 6:44 am
Location: Here, there and yonder.

Re: Help: kaspersky anti-virus keep on asking me to "disinfect /

Unread postby crystal628 » August 29th, 2008, 5:40 pm

Dear Rodav,
ok. thanks a lot for ur help.
i wil follow ur instruction.

:)

have a nice day and happy always :)
crystal628
Active Member
 
Posts: 12
Joined: August 23rd, 2008, 11:19 am

Re: Help: kaspersky anti-virus keep on asking me to "disinfect /

Unread postby Rodav » August 30th, 2008, 4:37 pm

You're very welcome, I hope everything works out for you. :)
User avatar
Rodav
MRU Master Emeritus
 
Posts: 1480
Joined: April 19th, 2007, 6:44 am
Location: Here, there and yonder.

Re: Help: kaspersky anti-virus keep on asking me to "disinfect /

Unread postby NonSuch » September 1st, 2008, 6:04 am

As this issue appears to be resolved, this topic is now closed.

You can help support this site from this link :
Donations For Malware Removal
User avatar
NonSuch
Administrator
Administrator
 
Posts: 27300
Joined: February 23rd, 2005, 7:08 am
Location: California
Advertisement
Register to Remove


  • Similar Topics
    Replies
    Views
    Last post

Return to Infected? Virus, malware, adware, ransomware, oh my!



Who is online

Users browsing this forum: No registered users and 46 guests

Contact us:

Advertisements do not imply our endorsement of that product or service. Register to remove all ads. The forum is run by volunteers who donate their time and expertise. We make every attempt to ensure that the help and advice posted is accurate and will not cause harm to your computer. However, we do not guarantee that they are accurate and they are to be used at your own risk. All trademarks are the property of their respective owners.

Member site: UNITE Against Malware