Logfile of random's system information tool 1.06 (written by random/random)
Run by Administrator at 2009-09-05 00:38:20
Microsoft Windows XP Professional Service Pack 2
System drive C: has 3 GB (9%) free of 29 GB
Total RAM: 631 MB (61% free)
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 上午 12:38:30, on 2009/9/5
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Ahead\InCD\InCDsrv.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Ahead\InCD\InCD.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Winamp\winampa.exe
C:\Program Files\Honey\kupeer\9kupe.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Documents and Settings\All Users\Application Data\Sukoku\sukoku115.exe
C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe
C:\Program Files\Linksys\WMP11 Config Utility\WMP11CFG.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Sukoku\sukoku.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Documents and Settings\Administrator\桌面\RSIT.exe
C:\Program Files\Trend Micro\HijackThis\Administrator.exe
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O4 - HKLM\..\Run: [InCD] C:\Program Files\Ahead\InCD\InCD.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [DT LGE] C:\Program Files\Portrait Displays\forteManager\DTHtml.exe -startup_folder
O4 - HKLM\..\Run: [WinampAgent] "C:\Program Files\Winamp\winampa.exe"
O4 - HKCU\..\Run: [foxy] "C:\Program Files\Honey\kupeer\9kupe.exe" -tray
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-19\..\Run: [ctfmon.exe] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [ctfmon.exe] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [ctfmon.exe] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [ctfmon.exe] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O8 - Extra context menu item: 穓碝 -
res://C:\Program Files\Honey\kupeer\9kupe.exe/search.htm
O8 - Extra context menu item: 更 -
res://C:\Program Files\Honey\kupeer\9kupe.exe/download.htm
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O23 - Service: Portrait Displays Display Tune Service (DTSRVC) - Unknown owner - C:\Program Files\Portrait Displays\forteManager\dtsrvc.exe (file missing)
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: InCD Helper (InCDsrv) - Ahead Software AG - C:\Program Files\Ahead\InCD\InCDsrv.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Sukoku Service - Unknown owner - C:\Documents and Settings\All Users\Application Data\Sukoku\sukoku115.exe
O24 - Desktop Component 0: tets - C:\WINDOWS\system32\onhelp.htm
O24 - Desktop Component 1: (no name) -
http://www.diyzone.net/images2/room2441ui5.jpgO24 - Desktop Component 2: (no name) -
http://www.diyzone.net/images2/room2464cl0.jpgO24 - Desktop Component 3: (no name) -
http://www.audioreview.com/channels/aud ... 126027.jpgO24 - Desktop Component 4: (no name) -
http://pics1.blog.yam.com/2/userfile/h/ ... 135e85.jpgO24 - Desktop Component 5: (no name) -
http://www.diyzone.net/images2/room2462av1.jpgO24 - Desktop Component 6: (no name) -
http://g.udn.com/community/img/style142/bg.jpg--
End of file - 4050 bytes
======Registry dump======
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]
Adobe PDF Reader Link Helper - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll [2006-10-22 62080]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"InCD"=C:\Program Files\Ahead\InCD\InCD.exe [2004-04-07 1298542]
"NeroFilterCheck"=C:\WINDOWS\system32\NeroCheck.exe [2001-07-09 155648]
"KernelFaultCheck"=C:\WINDOWS\system32\dumprep 0 -k []
"iTunesHelper"=C:\Program Files\iTunes\iTunesHelper.exe [2005-12-20 278528]
"QuickTime Task"=C:\Program Files\QuickTime\qttask.exe [2008-10-23 155648]
"DT LGE"=C:\Program Files\Portrait Displays\forteManager\DTHtml.exe -startup_folder []
"WinampAgent"=C:\Program Files\Winamp\winampa.exe [2009-04-11 37888]
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"PowerBar"= []
"foxy"=C:\Program Files\Honey\kupeer\9kupe.exe [2007-06-27 1082492]
"ctfmon.exe"=C:\WINDOWS\system32\ctfmon.exe [2004-08-17 15360]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IMJPMIG8.1]
C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE [2004-08-17 208952]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PHIME2002A]
C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE [2004-08-17 455168]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PHIME2002ASync]
C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE [2004-08-17 455168]
C:\Documents and Settings\All Users\「开始」菜单\程序\启动
Adobe Reader Speed Launch.lnk - C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe
Adobe Reader Synchronizer.lnk - C:\Program Files\Adobe\Reader 8.0\Reader\AdobeCollabSync.exe
Wireless PCI Card Configuration Utility.lnk - C:\Program Files\Linksys\WMP11 Config Utility\WMP11CFG.exe
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=145
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\iTunes\iTunes.exe"="C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes"
"C:\Program Files\Honey\kupeer\9kupe.exe"="C:\Program Files\Honey\kupeer\9kupe.exe:*:Enabled:Mxie"
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\F]
shell\AutoRun\command - F:\LaunchU3.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{0ccf09c4-01e6-11db-854a-806d6172696f}]
shell\AutoRun\command - G:\Setup.exe
======List of files/folders created in the last 1 months======
2009-09-05 00:38:20 ----D---- C:\rsit
2009-09-05 00:03:31 ----D---- C:\Documents and Settings\Administrator\Application Data\Malwarebytes
2009-09-05 00:03:25 ----D---- C:\Program Files\Malwarebytes' Anti-Malware
2009-09-05 00:03:25 ----D---- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2009-09-04 23:57:15 ----D---- C:\_OTM
2009-08-24 00:08:59 ----D---- C:\Program Files\Trend Micro
2009-08-23 14:17:40 ----D---- C:\Documents and Settings\Administrator\Application Data\U3
2009-08-21 14:26:04 ----AD---- C:\WINDOWS\system32\images
2009-08-20 01:02:37 ----D---- C:\Program Files\Sukoku
2009-08-20 01:02:37 ----D---- C:\Documents and Settings\All Users\Application Data\Sukoku
2009-08-20 01:01:34 ----HDC---- C:\Documents and Settings\All Users\Application Data\{F14A989E-0102-460B-ADB5-BC208314A307}
======List of files/folders modified in the last 1 months======
2009-09-05 00:36:48 ----D---- C:\WINDOWS\Temp
2009-09-05 00:35:53 ----RD---- C:\Program Files
2009-09-05 00:35:53 ----D---- C:\WINDOWS\system32\drivers
2009-09-05 00:35:53 ----D---- C:\WINDOWS
2009-09-05 00:33:51 ----D---- C:\WINDOWS\system32
2009-09-05 00:33:47 ----D---- C:\WINDOWS\system32\CatRoot2
2009-09-05 00:33:46 ----RSHDC---- C:\WINDOWS\system32\dllcache
2009-09-04 17:58:27 ----A---- C:\WINDOWS\ntbtlog.txt
2009-08-27 14:47:12 ----D---- C:\Program Files\Mozilla Firefox
2009-08-21 00:07:26 ----SHD---- C:\WINDOWS\Installer
2009-08-19 00:01:12 ----A---- C:\WINDOWS\IE4 Error Log.txt
2009-08-17 00:05:02 ----HD---- C:\Program Files\InstallShield Installation Information
2009-08-06 20:46:03 ----D---- C:\WINDOWS\Help
======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
R1 FsVga;FsVga; C:\WINDOWS\system32\DRIVERS\fsvga.sys [2004-08-17 12160]
R1 InCDPass;InCDPass; C:\WINDOWS\System32\DRIVERS\InCDPass.sys [2004-04-06 25600]
R1 P3;Intel PentiumIII Processor Driver; C:\WINDOWS\system32\DRIVERS\p3.sys [2004-08-17 45312]
R3 BCM43XX;Wireless-G PCI Adapter Driver; C:\WINDOWS\system32\DRIVERS\bcmwl5.sys [2003-02-12 166272]
R3 GEARAspiWDM;GEARAspiWDM; C:\WINDOWS\System32\Drivers\GEARAspiWDM.sys [2005-02-02 14408]
R3 pfc;Padus ASPI Shell; C:\WINDOWS\system32\drivers\pfc.sys [2003-12-05 10368]
R3 rtl8139;Realtek RTL8139(A/B/C)-based PCI Fast Ethernet Adapter NT Driver; C:\WINDOWS\system32\DRIVERS\RTL8139.SYS [2004-08-03 20992]
R3 trid3d;trid3d; C:\WINDOWS\system32\DRIVERS\trid3dm.sys [2001-08-17 222336]
R3 usbehci;Microsoft USB 2.0 Enhanced Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbehci.sys [2005-06-16 26624]
R3 usbhub;USB2 Enabled Hub; C:\WINDOWS\system32\DRIVERS\usbhub.sys [2004-08-17 57600]
R3 usbohci;Microsoft USB Open Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbohci.sys [2005-06-16 17024]
R3 USBSTOR;USB 大容量存储设备; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2005-06-16 26496]
R3 usbuhci;Microsoft USB Universal Host Controller Miniport Driver; C:\WINDOWS\system32\drivers\usbuhci.sys [2004-08-17 20480]
R3 VIAudio;VIA AC'97 Audio Controller (WDM); C:\WINDOWS\system32\drivers\ac97via.sys [2004-08-03 84480]
R4 InCDfs;InCD File System; C:\WINDOWS\system32\drivers\InCDfs.sys [2004-04-06 89472]
S3 AmdK6;AMD K6 Processor Driver; C:\WINDOWS\System32\DRIVERS\amdk6.sys [2004-08-16 39808]
S3 AmdK7;AMD K7 Processor Driver; C:\WINDOWS\System32\DRIVERS\amdk7.sys [2004-08-16 40192]
S3 AmdK8;AMD K8 Processor Driver; C:\WINDOWS\System32\DRIVERS\amdk8.sys [2005-07-21 33280]
S3 Crusoe;Transmeta Crusoe Processor Driver; C:\WINDOWS\system32\drivers\crusoe.sys [2004-08-17 39296]
S3 EL90XBC;3Com EtherLink XL 90XB/C Adapter Driver; C:\WINDOWS\system32\DRIVERS\el90xbc5.sys [2001-08-17 66591]
S3 ms_mpu401;Microsoft MPU-401 MIDI UART Driver; C:\WINDOWS\system32\drivers\msmpu401.sys [2001-08-17 2944]
S3 nv;nv; C:\WINDOWS\system32\DRIVERS\nv4_mini.sys [2004-08-03 1897408]
S3 PCANDIS5;PCANDIS5 Protocol Driver; \??\C:\WINDOWS\system32\PCANDIS5.SYS []
S3 WMP11V27;Instant Wireless PCI Card V2.7 Driver; C:\WINDOWS\system32\DRIVERS\WMP11V27.sys [2002-07-30 171776]
S4 sr;System Restore Filter Driver; C:\WINDOWS\system32\DRIVERS\sr.sys [2004-08-17 73216]
======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
R2 InCDsrv;InCD Helper; C:\Program Files\Ahead\InCD\InCDsrv.exe [2004-04-06 929904]
R2 Sukoku Service;Sukoku Service; C:\Documents and Settings\All Users\Application Data\Sukoku\sukoku115.exe [2009-08-26 54760]
R3 iPodService;iPodService; C:\Program Files\iPod\bin\iPodService.exe [2005-12-20 323584]
S2 DTSRVC;Portrait Displays Display Tune Service; C:\Program Files\Portrait Displays\forteManager\dtsrvc.exe []
S3 IDriverT;InstallDriver Table Manager; C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [2005-04-04 69632]
S4 UMWdf;Windows User Mode Driver Framework; C:\WINDOWS\system32\wdfmgr.exe [2005-01-28 38912]
-----------------EOF-----------------