岩岩開機果陣冇咩事..但係開左兩三個字之後開始變得好慢


掃完之後GE REPORT
hijackthis:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 23:22:47, on 9/2/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\ezSP_Px.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\system32\UAService7.exe
C:\Program Files\Windows Live\Messenger\usnsvc.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\DOCUME~1\home\LOCALS~1\Temp\OnlineScanner\Anti-Virus\fsgk32.exe
C:\DOCUME~1\home\LOCALS~1\Temp\OnlineScanner\Anti-Virus\fssm32.exe
C:\Program Files\881903\IETOOLBAR\AudioUpdMgr.exe
C:\WINDOWS\system32\wisptis.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
O2 - BHO: ThunderIEHelper Class - {0005A87D-D626-4B3A-84F9-1D9571695F55} - C:\WINDOWS\system32\xunleibho_v14.dll
O2 - BHO: ThunderAtOnce Class - {01443AEC-0FD1-40fd-9C87-E93D1494C233} - C:\Program Files\Thunder Network\Thunder\ComDlls\TDAtOnce_Now.dll (file missing)
O2 - BHO: ShowHKToolbar Class - {06433BFE-4946-4E89-823D-CD359C81CD06} - C:\Program Files\881903\IETOOLBAR\hktbar.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: flashget urlcatch - {2F364306-AA45-47B5-9F9D-39A8B94E7EF7} - C:\Program Files\FlashGet\jccatch.dll
O2 - BHO: CNNIC 厙釐馱撿Drag - {352E3B3A-CAB5-4DBC-B940-C7F84D0447D8} - C:\PROGRA~1\CNNIC\Cdn\cdndrag.dll (file missing)
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll
O2 - BHO: Wbho Class - {40E3A34A-3282-41F8-AD2C-051BAB96AD4A} - C:\WINDOWS\system32\Usign.dll (file missing)
O2 - BHO: Hong Kong Toolbar - {481EE3EC-C026-4F9A-BA22-FD07654ADFC0} - C:\Program Files\881903\IETOOLBAR\hktbar.dll
O2 - BHO: CdnForIE Class - {5C3853CF-C7E0-4946-B3FA-1ABDB6F48108} - C:\PROGRA~1\CNNIC\Cdn\cdnforie.dll (file missing)
O2 - BHO: YDragSearch - {62EED7C6-9F02-42f9-B634-98E2899E147B} - C:\PROGRA~1\Yahoo!\ASSIST~1\Assist\YDRAGS~1.DLL (file missing)
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live 祅腊? - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: ST - {9394EDE7-C8B5-483E-8773-474BF36AF6E4} - C:\Program Files\MSN Apps\ST\01.03.0000.1005\en-xu\stmain.dll
O2 - BHO: MSNToolBandBHO - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\MSN Toolbar\01.02.5000.1021\zh-tw\msntb.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O2 - BHO: FlashGet GetFlash Class - {F156768E-81EF-470C-9057-481BA8380DBA} - C:\Program Files\FlashGet\getflash.dll
O2 - BHO: WMHlprObj Class - {F5824EFB-728A-4726-A5A5-85A68B20EDC3} - C:\PROGRA~1\CNNIC\Cdn\wmhlpr.dll (file missing)
O3 - Toolbar: FlashGet Bar - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\fgiebar.dll (file missing)
O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\MSN Toolbar\01.02.5000.1021\zh-tw\msntb.dll
O3 - Toolbar: Hong Kong Toolbar - {481EE3EC-C026-4F9A-BA22-FD07654ADFC0} - C:\Program Files\881903\IETOOLBAR\hktbar.dll
O4 - HKLM\..\Run: [ezShieldProtector for Px] C:\WINDOWS\system32\ezSP_Px.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe"  -osboot
O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\isuspm.exe -startup
O4 - HKLM\..\Run: [ISUSPM] "C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" -scheduler
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [implus] C:\Program Files\implus\implus.exe
O4 - HKCU\..\Run: [MSN Explorer] c:\windows\system32\drivers\helpsys\msnexplorer.exe
O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\daemon.exe"
O4 - HKUS\S-1-5-19\..\Run: [ctfmon.exe] C:\WINDOWS\System32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [ctfmon.exe] C:\WINDOWS\System32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe (User 'Default user')
O8 - Extra context menu item: &使用 FlashGet 下載 - C:\Program Files\FlashGet\jc_link.htm
O8 - Extra context menu item: &全部使用 FlashGet 下載 - C:\Program Files\FlashGet\jc_all.htm
O8 - Extra context menu item: >>粗陓楷冞<< - res://C:\Program Files\MMSAssist\Mmsass~1.dll/mms.htm
O8 - Extra context menu item: Foxy 下載 - res://C:\Program Files\Foxy\Foxy.exe/download.htm
O8 - Extra context menu item: Foxy 搜尋 - res://C:\Program Files\Foxy\Foxy.exe/search.htm
O8 - Extra context menu item: 匯出至 Microsoft Excel(&X) - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: 眢劃昜 - C:\Program Files\AD4All\link1\ebaylink.htm
O8 - Extra context menu item: 訪問通用網址 - C:\Program Files\CNNIC\Cdn\cnnic.htm
O9 - Extra button: (no name) - {09BA8F6D-CB54-424B-839C-C2A6C8E6B436} - (no file)
O9 - Extra button: 浩方??平台 - {0A155D3C-68E2-4215-A47A-E800A446447A} - C:\Program Files\浩\GameClient.exe
O9 - Extra button: 蚔珨蚔 - {29269350-EC07-4274-821F-F2E0E2697149} - http://act.youyy.com/YoyyLink.html (file missing)
O9 - Extra button: 中文上網 - {5C3853CF-C7E0-4946-B3FA-1ABDB6F48108} - C:\Program Files\CNNIC\Cdn\cdnuc.exe (file missing)
O9 - Extra 'Tools' menuitem: 中文上網 - {5C3853CF-C7E0-4946-B3FA-1ABDB6F48108} - C:\Program Files\CNNIC\Cdn\cdnuc.exe (file missing)
O9 - Extra button: QQ - {c95fe080-8f5d-11d2-a20b-00aa003c157b} - C:\Program Files\Tencent\QQ\QQ.EXE (file missing)
O9 - Extra 'Tools' menuitem: 騰訊QQ - {c95fe080-8f5d-11d2-a20b-00aa003c157b} - C:\Program Files\Tencent\QQ\QQ.EXE (file missing)
O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\Program Files\FlashGet\FlashGet.exe
O9 - Extra 'Tools' menuitem: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\Program Files\FlashGet\FlashGet.exe
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: 眢劃昜 - {EE60714F-AC17-427e-861A-FD60CBDF119A} - http://click2.ad4all.net/url2/urlmanage/url.asp?id=109 (file missing)
O9 - Extra 'Tools' menuitem: 眢劃昜 - {EE60714F-AC17-427e-861A-FD60CBDF119A} - http://click2.ad4all.net/url2/urlmanage/url.asp?id=109 (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Broken Internet access because of LSP provider 'c:\windows\system32\cdnns.dll' missing
O11 - Options group: [CDNCLIENT]  中文上網
O14 - IERESET.INF: START_PAGE_URL=http://tw.msn.com/
O16 - DPF: {B596344E-F60F-42C2-8640-5954EEDBD428} (RegExe Control) - http://nostale.omg.com.tw/activex/macrowell.cab
O16 - DPF: {BDBDE413-7B1C-4C68-A8FF-C5B2B4090876} (F-Secure Online Scanner 3.3) - http://support.f-secure.com/ols/fscax.cab
O16 - DPF: {DEE088A3-D877-45CD-BC26-D84B93095B58} - http://www.wayi.com.tw/hot/YBRegCheck.ocx
O17 - HKLM\System\CCS\Services\Tcpip\..\{BF333144-CE29-40E9-BF79-558345217145}: NameServer = 203.98.160.11 203.98.160.12
O18 - Protocol: koboo - {7DEE9D05-FA0A-4416-A6F3-6537D0EAB6A6} - C:\WINDOWS\system32\mbprot.dll
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O20 - Winlogon Notify: avgrsstarter - C:\WINDOWS\SYSTEM32\avgrsstx.dll
O21 - SSODL: stdup - {6A512BF7-EC78-4e8d-9841-6C02E8FA9838} - (no file)
O21 - SSODL: Vision - {6671A431-5C3D-463d-A7CF-5587F9B7E191} - (no file)
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: AVG8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgemc.exe
O23 - Service: AVG8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: iPod 服? (iPod Service) - Unknown owner - C:\Program Files\iPod\bin\iPodService.exe (file missing)
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: npkcsvc - INCA Internet Co., Ltd. - C:\WINDOWS\system32\npkcsvc.exe
O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\pctsAuxs.exe
O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\pctsSvc.exe
O23 - Service: SecuROM User Access Service (V7) (UserAccess7) - Unknown owner - C:\WINDOWS\system32\UAService7.exe--
End of file - 10231 bytes

執行 HijackThis 掃描電腦. 然後勾選以下項目左面的方格. 關閉所有視窗及瀏覽器，按 Fix checked，然後關閉 HijackThis

O2 - BHO: CNNIC 厙釐馱撿Drag - {352E3B3A-CAB5-4DBC-B940-C7F84D0447D8} - C:\PROGRA~1\CNNIC\Cdn\cdndrag.dll (file missing)

O2 - BHO: Wbho Class - {40E3A34A-3282-41F8-AD2C-051BAB96AD4A} - C:\WINDOWS\system32\Usign.dll (file missing)

O2 - BHO: CdnForIE Class - {5C3853CF-C7E0-4946-B3FA-1ABDB6F48108} - C:\PROGRA~1\CNNIC\Cdn\cdnforie.dll (file missing)

O2 - BHO: YDragSearch - {62EED7C6-9F02-42f9-B634-98E2899E147B} - C:\PROGRA~1\Yahoo!\ASSIST~1\Assist\YDRAGS~1.DLL (file missing)

O2 - BHO: WMHlprObj Class - {F5824EFB-728A-4726-A5A5-85A68B20EDC3} - C:\PROGRA~1\CNNIC\Cdn\wmhlpr.dll (file missing)

O4 - HKCU\..\Run: [implus] C:\Program Files\implus\implus.exe

O4 - HKCU\..\Run: [MSN Explorer] c:\windows\system32\drivers\helpsys\msnexplorer.exe

O8 - Extra context menu item: >>粗陓楷冞<< - res://C:\Program Files\MMSAssist\Mmsass~1.dll/mms.htm

O8 - Extra context menu item: 眢劃昜 - C:\Program Files\AD4All\link1\ebaylink.htm

O8 - Extra context menu item: 訪問通用網址 - C:\Program Files\CNNIC\Cdn\cnnic.htm

O9 - Extra button: 蚔珨蚔 - {29269350-EC07-4274-821F-F2E0E2697149} - http://act.youyy.com/YoyyLink.html (file missing)

O9 - Extra button: 中文上網 - {5C3853CF-C7E0-4946-B3FA-1ABDB6F48108} - C:\Program Files\CNNIC\Cdn\cdnuc.exe (file missing)

O9 - Extra 'Tools' menuitem: 中文上網 - {5C3853CF-C7E0-4946-B3FA-1ABDB6F48108} - C:\Program Files\CNNIC\Cdn\cdnuc.exe (file missing)

O9 - Extra button: 眢劃昜 - {EE60714F-AC17-427e-861A-FD60CBDF119A} - http://click2.ad4all.net/url2/urlmanage/url.asp?id=109 (file missing)

O9 - Extra 'Tools' menuitem: 眢劃昜 - {EE60714F-AC17-427e-861A-FD60CBDF119A} - http://click2.ad4all.net/url2/urlmanage/url.asp?id=109 (file missing)

O11 - Options group: [CDNCLIENT]  中文上網

O21 - SSODL: stdup - {6A512BF7-EC78-4e8d-9841-6C02E8FA9838} - (no file)

O21 - SSODL: Vision - {6671A431-5C3D-463d-A7CF-5587F9B7E191} - (no file)



下載 LSPFix

http://www.snapfiles.com/download/dllspfix.html

• 解壓 LSPFix 到桌面.
  
• 執行 LSPFix
  
• 按 I know what I'm doing，將以下檔案移去 Remove 之下，然後再按 Finish
  
  cdnns.dll
  
  注意: Remove 之下應該只有以上 DLL 類型檔案存在.
  
• 關閉 LSPFix重新啟動電腦.
  

下載 ComboFix 至桌面

http://download.bleepingcomputer.com/sUBs/ComboFix.exe

• 執行 ComboFix
  
  注意: 為防止保安軟件將 ComboFix 錯誤列為危險檔案. 執行 ComboFix 之前請將防毒軟件及反間諜軟件暫時關閉. 另外，ComboFix 運作其間請勿執行任何程式或用滑鼠點擊 ComboFix 視窗.
  
• ComboFix 會彈出視窗，按是 (Y)
  
• 假如需要安裝恢復控制台，按是 (Y) 進行安裝. 完成安裝後按是 (Y) 繼續.
  
• 程式會進行掃描，其間桌面可能會暫時消失. 完成掃描後，程式會自動關閉.
  
• 完成後 ComboFix 可能會自動重新啓動電腦. 之後 ComboFix 記錄會彈出. 記錄會自動儲存於 C:\ComboFix.txt貼上 ComboFix 記錄.
  

Combofix report


另外..當我執行COMBOFIX的時候
我明明冇開AVG-ANTIVIRUS, 但佢話我有,
我沒辦法關所謂開左GE"ANTIVIRUS"
所以之後我格硬禁確定由佢RUN..

想問下咁樣做會有咩後果?

感覺上整完個COMBOFIX之後慢左好多..

System Repair Engineer Report

Kaspersky Online Scanner Report




另外, 我發現按CTRL ALT DEL
有幾個程式是刪除不掉的..
分別係..

avgnsx.exe
avgcsrvx.exe
avgemc.exe
avgrsx.exe
avgwdsvc.exe

我諗有機會可能係關我防毒軟件AVG事..
奇怪在我冇辦法SHUT DOWN佢地..而且佢地又佔我好多CPU
唔知咁樣會唔會整到我部腦好慢呢??

冇C:\_OTMoveIt 呢個檔案,刪唔到

裝唔到AVG...佢話我有1個ERROR, 8個WARNING

DETAILS:

Local machine: installation failed
    Installation:
        Error: Action failed for registry value HKLM\SOFTWARE\Classes\AvgDiagFile\DefaultIcon:: creating registry value....
            Error 0x80070005
        Warning: Action failed for registry key HKLM\SOFTWARE\Classes\AVG.Office.8: creating registry key....
            Error 0x80070005
        Warning: Action failed for registry key HKLM\SOFTWARE\Classes\AVG.Office.8\CLSID: creating registry key....
            Internal error. Registry handle has not been opened.
        Warning: Action failed for registry value HKLM\SOFTWARE\Classes\AVG.Office.8\CLSID:: creating registry value....
            Parent registry key for value creation has not been initialized.
        Warning: Action failed for registry value HKLM\SOFTWARE\Classes\AVG.Office.8:: creating registry value....
            Parent registry key for value creation has not been initialized.
    Rollback:
        Warning: Action failed for registry value HKLM\SOFTWARE\Classes\AVG.Office.8\CLSID:: removing registry value....
            Internal error. Registry handle has not been opened.
        Warning: Action failed for registry key HKLM\SOFTWARE\Classes\AVG.Office.8\CLSID: removing registry key....
            Internal error. Registry handle has not been opened.
        Warning: Action failed for registry value HKLM\SOFTWARE\Classes\AVG.Office.8:: removing registry value....
            Internal error. Registry handle has not been opened.
        Warning: Action failed for registry key HKLM\SOFTWARE\Classes\AVG.Office.8: removing registry key....
            Error 0x80070005