打印

中毒攪到 firefox ie 開不到?(有hijack this)

uutravel

二星fun會員

Rank: 3 Rank: 3

1^# 大中小發表於 2009-2-28 22:25 只看該作者

中毒攪到 firefox ie 開不到?(有hijack this)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 21:52:10, on 28/2/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.5730.0013)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\ASUS\EPU-4 Engine\FourEngine.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\GridService\peer.exe
C:\Program Files\ESET\ESET Smart Security\egui.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\DAEMON Tools Lite\daemon.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\PPStream\ppsap.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpohmr08.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe
C:\WINDOWS\system32\conime.exe
C:\Program Files\ESET\ESET Smart Security\ekrn.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\oodag.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Windows Live\Messenger\usnsvc.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Sports Interactive\Football Manager 2009\fm.exe
C:\Program Files\Microsoft Office\Office12\WINWORD.EXE
c:\program files\mozilla firefox\firefox.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: Little Fighter 2 Toolbar - {C3CD744D-2FAE-4640-8297-16B5DA423104} - C:\Program Files\Little Fighter 2 Toolbar\v3.3.0.1\Little_Fighter_2_Toolbar.dll
O3 - Toolbar: DAEMON Tools Toolbar - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Program Files\DAEMON Tools Toolbar\DTToolbar.dll
O3 - Toolbar: &Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [Six Engine] "C:\Program Files\ASUS\EPU-4 Engine\FourEngine.exe" -r
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [OODefragTray] C:\WINDOWS\system32\oodtray.exe
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [Grid Service] "C:\Program Files\GridService\peer.exe" -n Grid
O4 - HKLM\..\Run: [egui] "C:\Program Files\ESET\ESET Smart Security\egui.exe" /hide /waitservice
O4 - HKLM\..\Run: [Ad-Watch] C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
O4 - HKLM\..\Run: [c49be271] rundll32.exe "C:\WINDOWS\system32\ftihkldj.dll",b
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [BitComet] "C:\Program Files\BitComet\BitComet.exe" /tray
O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\daemon.exe" -autorun
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [RGSC] D:\Rockstar Games Social Club\RGSCLauncher.exe /silent
O4 - HKCU\..\Run: [PPS Accelerator] C:\Program Files\PPStream\ppsap.exe
O4 - HKUS\S-1-5-19\..\Run: [ctfmon.exe] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [ctfmon.exe] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [ctfmon.exe] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [ctfmon.exe] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx
O8 - Extra context menu item: Foxy 下載 - res://C:\Program Files\Foxy\Foxy.exe/download.htm
O8 - Extra context menu item: Foxy 搜尋 - res://C:\Program Files\Foxy\Foxy.exe/search.htm
O8 - Extra context menu item: 使用迅雷下載 - C:\Program Files\Thunder Network\Thunder\Program\geturl.htm
O8 - Extra context menu item: 使用迅雷下載全部鏈接 - C:\Program Files\Thunder Network\Thunder\Program\getallurl.htm
O8 - Extra context menu item: 匯出至 Microsoft Office Excel(&X) - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: 蹲 Microsoft Excel(&X) - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.1_03\bin\npjpi141_03.dll
O9 - Extra 'Tools' menuitem: Sun Java 控制台 - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.1_03\bin\npjpi141_03.dll
O9 - Extra button: 運行迅雷5 - {09BA8F6D-CB54-424B-839C-C2A6C8E6B436} - C:\Program Files\Thunder Network\Thunder\Thunder.exe
O9 - Extra 'Tools' menuitem: 運行迅雷5 - {09BA8F6D-CB54-424B-839C-C2A6C8E6B436} - C:\Program Files\Thunder Network\Thunder\Thunder.exe
O9 - Extra button: 肚? OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: 肚? OneNote(E) - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O15 - ESC Trusted Zone: http://*.update.microsoft.com
O16 - DPF: {1E54D648-B804-468d-BC78-4AFFED8E262E} (System Requirements Lab) - http://www.srtest.com/srl_bin/sysreqlab_srl.cab
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/ZH-HK/a-UNO1/GAME_UNO1.cab
O16 - DPF: {81F3CC2E-5F40-41A5-9FCA-6DAAA6051D46} (ClientATXCtrl Control) - http://210.64.51.191/download/ClientATXCtrl.cab
O16 - DPF: {8DE6AB9C-8C62-486B-8C06-5C9AD6FD06F1} (DataStore Class) - http://txn01.hkjc.com/BetSlip/object/eWinCtl.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/bi ... Client.cab56907.cab
O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab56986.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{80FCD54C-06A5-4A7A-ACE3-1662EEE09D61}: NameServer = 203.198.23.208 205.252.144.126
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll
O20 - AppInit_DLLs: arxmnx.dll
O23 - Service: Application Driver Auto Removal Service (01) (appdrvrem01) - Protection Technology - C:\WINDOWS\System32\appdrvrem01.exe
O23 - Service: Eset HTTP Server (EhttpSrv) - ESET - C:\Program Files\ESET\ESET Smart Security\EHttpSrv.exe
O23 - Service: Eset Service (ekrn) - ESET - C:\Program Files\ESET\ESET Smart Security\ekrn.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: Lavasoft Ad-Aware Service - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: O&O Defrag - O&O Software GmbH - C:\WINDOWS\system32\oodag.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe

--
End of file - 8649 bytes

TOP

kichiYY

版主

Rank: 9 Rank: 9 Rank: 9

2^# 大中小發表於 2009-3-1 00:59 只看該作者

下載 ComboFix 至桌面

http://download.bleepingcomputer.com/sUBs/ComboFix.exe

注意: 為防止保安軟件將 ComboFix 錯誤列為危險檔案. 執行 ComboFix 之前請將防毒軟件及反間諜軟件暫時關閉. 另外，ComboFix 運作其間請勿執行任何程式或用滑鼠點擊 ComboFix 視窗.

開啟記事本,貼上以下內容

KILLALL::

File::
C:\WINDOWS\system32\ftihkldj.dll
C:\WINDOWS\system32\arxmnx.dll

Registry::
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"c49be271"=-
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=-
"AppInit_DLLs"=""

儲存--->存檔類型--->所有檔案-->檔名輸入為 CFScript.txt
把CFScript.txt 拉到 ComboxFix.exe

* ComboxFix 將會被執行
* 執行完會有報告於C:\ComboFix.txt.

下載GooredFix存放在桌面
http://jpshortstuff.247fixes.com/GooredFix.exe
選擇2. Fix Goored, 輸入2按Enter.
Make sure all instances of Firefox are closed at this point.
輸入y按Enter.
報告GooredLog.txt將生成在桌面, 貼上報告內容.
注意: 如果GooredFix要求重新啟動修改註冊表內容.

Step: Report Back

* 貼上以下報告

C:\ComboFix.txt.
GooredLog.txt
新的HijackThis報告

TOP

uutravel

二星fun會員

Rank: 3 Rank: 3

3^# 大中小發表於 2009-3-1 11:01 只看該作者

ComboFix lOG
ComboFix 09-02-28.01 - CHUNG 2009-03-01 9:18:38.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.3.950.886.1028.18.3327.2726 [GMT 8:00]
執行位置: c:\documents and settings\CHUNG\桌面\ComboFix.exe
Command switches used :: c:\documents and settings\CHUNG\桌面\CFScript.txt
AV: ESET Smart Security 3.0 *On-access scanning disabled* (Updated)
FW: 個人放火牆 *disabled*
* 成功創造新還原點
* Resident AV is active

FILE ::
c:\windows\system32\arxmnx.dll
c:\windows\system32\ftihkldj.dll
.

((((((((((((((((((((((((((((((((((((((( 被刪除的檔案 )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\CHUNG\Application Data\.#
c:\documents and settings\CHUNG\Application Data\.#\MBX@110@5933280.###
c:\documents and settings\CHUNG\Application Data\.#\MBX@244@5933240.###
c:\documents and settings\CHUNG\Application Data\.#\MBX@2B4@5933240.###
c:\documents and settings\CHUNG\Application Data\.#\MBX@370@5933280.###
c:\documents and settings\CHUNG\Application Data\.#\MBX@51C@5933280.###
c:\documents and settings\CHUNG\Application Data\.#\MBX@618@5933280.###
c:\documents and settings\CHUNG\Application Data\.#\MBX@64C@5933250.###
c:\documents and settings\CHUNG\Application Data\.#\MBX@7E4@5933280.###
c:\documents and settings\CHUNG\Application Data\.#\MBX@870@5933280.###
c:\documents and settings\CHUNG\Application Data\.#\MBX@9AC@5933240.###
c:\documents and settings\CHUNG\Application Data\.#\MBX@9B8@5933280.###
c:\documents and settings\CHUNG\Application Data\.#\MBX@ADC@5933240.###
c:\documents and settings\CHUNG\Application Data\.#\MBX@B14@5933280.###
c:\documents and settings\CHUNG\Application Data\.#\MBX@C4@5933280.###
c:\documents and settings\CHUNG\Application Data\.#\MBX@C58@5933280.###
c:\documents and settings\CHUNG\Application Data\.#\MBX@E58@5933280.###
c:\documents and settings\CHUNG\Application Data\.#\MBX@F0C@5933280.###
c:\documents and settings\CHUNG\Application Data\.#\MBX@F40@5933240.###
c:\documents and settings\CHUNG\Application Data\.#\MBX@FFC@5933280.###
c:\program files\Little Fighter 2 Toolbar\v3.3.0.1\Little_Fighter_2_Toolbar.dll
c:\windows\system32\arxmnx.dll
c:\windows\system32\awtrPIcd.dll
c:\windows\system32\awtrRhfF.dll
c:\windows\system32\awtuspoO.dll
c:\windows\system32\cbXNHXQk.dll
c:\windows\system32\cbXQGvUo.dll
c:\windows\system32\cevlopcj.dll
c:\windows\system32\ddcDuRkk.dll
c:\windows\system32\ddcyYopQ.dll
c:\windows\system32\efcASKCv.dll
c:\windows\system32\efcDTNFy.dll
c:\windows\system32\fkxzgp.dll
c:\windows\system32\ftihkldj.dll
c:\windows\system32\geBuuvut.dll
c:\windows\system32\hgGayYOf.dll
c:\windows\system32\hgGxXrRK.dll
c:\windows\system32\iifgHwvs.dll
c:\windows\system32\jkkJddCS.dll
c:\windows\system32\kxwzco.dll
c:\windows\system32\ljJDvUnn.dll
c:\windows\system32\ljJYOEVM.dll
c:\windows\system32\nnnlLFYR.dll
c:\windows\system32\nnnmlLEu.dll
c:\windows\system32\nnnmmnmL.dll
c:\windows\system32\nnnnNGXP.dll
c:\windows\system32\nnnoOggG.dll
c:\windows\system32\opnNdBUk.dll
c:\windows\system32\pmnOgGAP.dll
c:\windows\system32\pqbqbcxn.dll
c:\windows\system32\qvzbnk.dll
c:\windows\system32\rqRHxxvu.dll
c:\windows\system32\rqRJDtTm.dll
c:\windows\system32\rykdioae.dll
c:\windows\system32\thpbpjuw.dll
c:\windows\system32\tuvSmjkL.dll
c:\windows\system32\ujxkqtuy.dll
c:\windows\system32\urqOFywV.dll
c:\windows\system32\urqRHwWn.dll
c:\windows\system32\vCKSAcfe.ini
c:\windows\system32\vCKSAcfe.ini2
c:\windows\system32\vfqnibbk.dll
c:\windows\system32\vtUklmjI.dll
c:\windows\system32\vtUlKCvw.dll
c:\windows\system32\wqdhdwle.dll
c:\windows\system32\wvUkJbxX.dll
c:\windows\system32\wvUllljk.dll
c:\windows\system32\wvUmlKBr.dll
c:\windows\system32\wvUNdaww.dll
c:\windows\system32\wvUooNFu.dll
c:\windows\system32\xhalfyyn.dll
c:\windows\system32\xsdwfxgd.dll
c:\windows\system32\yayvTkKC.dll
c:\windows\system32\yayyXOIa.dll
c:\windows\Tasks\yunasgta.job

TOP

uutravel

二星fun會員

Rank: 3 Rank: 3

4^# 大中小發表於 2009-3-1 11:04 只看該作者

((((((((((((((((((((((((( 2009-02-01 至 2009-03-01 的新的檔案 ))))))))))))))))))))))))))))))).2009-03-01 09:07 . 2009-03-01 09:17 1,664,123 --ahs---- c:\windows\system32\elwdhdqw.ini2009-03-01 09:07 . 2009-03-01 09:07 1,664,110 --ahs---- c:\windows\system32\jdlkhitf.tmp2009-02-28 21:50 . 2009-02-28 21:50 d-------- c:\program files\Trend Micro2009-02-28 08:25 . 2009-02-28 08:46 1,664,110 --ahs---- c:\windows\system32\jdlkhitf.ini2009-02-27 10:51 . 2009-02-27 20:28 1,625,220 --ahs---- c:\windows\system32\jcpolvec.ini2009-02-26 08:47 . 2009-02-27 10:51 1,625,210 --ahs---- c:\windows\system32\piwedcpj.ini2009-02-25 16:26 . 2009-02-25 16:27 1,625,210 --ahs---- c:\windows\system32\uclscwgb.ini2009-02-24 17:17 . 2009-02-24 22:42 1,625,231 --ahs---- c:\windows\system32\ktpswbve.ini2009-02-23 23:15 . 2009-02-23 23:16 d-------- c:\documents and settings\CHUNG\Application Data\U32009-02-23 16:47 . 2009-02-23 23:33 1,607,941 --ahs---- c:\windows\system32\nyyflahx.ini2009-02-23 16:43 . 2009-02-23 16:45 1,607,940 --ahs---- c:\windows\system32\ppvdyobf.ini2009-02-22 14:20 . 2009-02-22 13:28 15,688 --a------ c:\windows\system32\lsdelete.exe2009-02-22 13:31 . 2009-02-22 13:31 d-------- c:\documents and settings\LocalService\桌面2009-02-22 13:28 . 2009-02-22 13:28 64,160 --a------ c:\windows\system32\drivers\Lbd.sys2009-02-22 13:26 . 2009-02-22 13:26 d-------- c:\program files\Lavasoft2009-02-22 13:26 . 2009-02-22 13:28 d-------- c:\documents and settings\All Users\Application Data\Lavasoft2009-02-22 13:26 . 2009-02-22 13:26 d--h-c--- c:\documents and settings\All Users\Application Data\{83C91755-2546-441D-AC40-9A6B4B860800}2009-02-22 10:32 . 2009-02-22 18:00 1,607,940 --ahs---- c:\windows\system32\ybobdckj.ini2009-02-21 10:51 . 2009-02-21 16:57 1,607,939 --ahs---- c:\windows\system32\beowxwsc.ini2009-02-20 21:28 . 2009-02-20 21:29 1,589,417 --ahs---- c:\windows\system32\jpygtogq.ini2009-02-20 09:27 . 2009-02-20 09:28 1,586,921 --ahs---- c:\windows\system32\yfbkphqp.ini2009-02-19 20:50 . 2009-02-19 20:50 1,583,410 --ahs---- c:\windows\system32\qdjdtrbk.ini2009-02-19 20:46 . 2009-02-19 20:50 1,583,410 --ahs---- c:\windows\system32\dgxfwdsx.ini2009-02-18 17:31 . 2009-02-18 17:31 1,591,833 --ahs---- c:\windows\system32\nxcbqbqp.ini2009-02-17 16:10 . 2009-02-17 16:11 1,572,532 --ahs---- c:\windows\system32\paofocio.ini2009-02-16 18:45 . 2009-02-16 18:45 1,566,064 --ahs---- c:\windows\system32\wedxywfu.ini2009-02-14 11:06 . 2009-02-14 11:06 d-------- c:\documents and settings\All Users\Application Data\Sports Interactive2009-02-14 08:59 . 2009-02-14 14:12 d-------- c:\documents and settings\CHUNG\Application Data\Sports Interactive2009-02-13 23:10 . 2009-02-13 23:10 d--h----- c:\program files\Zero G Registry2009-02-13 23:10 . 2009-02-13 23:10 d-------- c:\program files\Sports Interactive2009-02-13 23:10 . 2009-02-13 23:10 d--h----- c:\documents and settings\CHUNG\InstallAnywhere2009-02-11 18:07 . 2009-02-11 18:07 d-------- c:\documents and settings\CHUNG\Application Data\ESET2009-02-11 18:03 . 2009-02-11 18:03 d-------- c:\program files\ESET2009-02-11 18:03 . 2009-02-11 18:03 d-------- c:\documents and settings\All Users\Application Data\ESET2009-02-04 17:24 . 2009-03-01 09:05 46 --a------ c:\windows\PCDNSetting.ini2009-02-04 17:23 . 2009-02-27 18:12 d-------- c:\program files\PPStream2009-02-04 17:23 . 2009-02-13 15:03 d-------- c:\documents and settings\CHUNG\Application Data\PPStream2009-02-04 17:23 . 2009-02-27 18:17 1,757 --a------ c:\windows\powerplayer.ini2009-02-04 17:23 . 2009-03-01 09:07 1,560 --a------ c:\windows\psnetwork.ini2009-02-04 17:23 . 2009-02-27 18:17 113 --a------ c:\windows\PPSMediaList.ini2009-02-04 17:23 . 2009-02-27 18:13 40 --a------ c:\windows\powerlist.ini2009-02-03 21:48 . 2009-02-03 21:48 0 --a------ c:\windows\nsreg.dat.(((((((((((((((((((((((((((((((((((((((( 在三個月內被修改的檔案 )))))))))))))))))))))))))))))))))))))))))))))))))))).2009-02-27 17:02 --------- d-----w c:\program files\Windows Live Safety Center2009-02-20 01:09 --------- d--h--w c:\program files\InstallShield Installation Information2009-02-14 03:30 --------- d-----w c:\program files\Garena2009-02-14 01:00 --------- d-----w c:\program files\Steam2009-02-11 17:11 --------- d-----w c:\documents and settings\All Users\Application Data\Microsoft Help2009-02-09 11:11 --------- d-----w c:\program files\Google2009-01-21 08:48 --------- d-----w c:\documents and settings\CHUNG\Application Data\InstallShield Installation Information2009-01-18 08:13 --------- d-----w c:\program files\Thunder Network2009-01-16 14:45 --------- d-----w c:\program files\Electronic Arts2009-01-14 03:35 --------- d---a-w c:\documents and settings\All Users\Application Data\TEMP2009-01-10 15:16 --------- d-----w c:\program files\Valve2009-01-02 15:49 --------- d-----w c:\program files\RaySource2009-01-02 15:42 --------- d-----w c:\program files\GridService2009-01-02 15:42 --------- d-----w c:\documents and settings\All Users\Application Data\Grid2009-01-01 10:56 --------- d-----w c:\program files\SystemRequirementsLab.------- Sigcheck -------2008-06-20 19:59 361600 ad978a1b783b5719720cff204b666c8e c:\windows\$hf_mig$\KB951748\SP3QFE\tcpip.sys2008-04-14 20:00 361344 93ea8d04ec73a85db02eb8805988f733 c:\windows\$NtUninstallKB951748$\tcpip.sys2008-06-20 19:51 361600 9aefa14bd6b182d61e3119fa5f436d3d c:\windows\system32\dllcache\tcpip.sys2008-06-20 19:51 361600 a29e1209f925a0e9b330e11da5fc7bab c:\windows\system32\drivers\tcpip.sys.((((((((((((((((((((((((((((((((((((( 重要登入點 ))))))))))))))))))))))))))))))))))))))))))))))))))..*注意* 空白與合法缺省登錄將不會被顯示 REGEDIT4[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]"DAEMON Tools Lite"="c:\program files\DAEMON Tools Lite\daemon.exe" [2008-08-08 490952]"MSMSGS"="c:\program files\Messenger\msmsgs.exe" [2008-04-14 1695232]"RGSC"="d:\rockstar games social club\RGSCLauncher.exe" [2008-12-24 306088]"PPS Accelerator"="c:\program files\PPStream\ppsap.exe" [2008-12-11 210296][HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]"IMJPMIG8.1"="c:\windows\IME\imjp8_1\IMJPMIG.EXE" [2008-04-14 208952]"Six Engine"="c:\program files\ASUS\EPU-4 Engine\FourEngine.exe" [2008-05-28 6664192]"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-06-26 13529088]"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2008-06-26 86016]"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 39792]"OODefragTray"="c:\windows\system32\oodtray.exe" [2008-09-04 2524416]"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2007-08-24 33648]"Grid Service"="c:\program files\GridService\peer.exe" [2008-08-29 3362816]"egui"="c:\program files\ESET\ESET Smart Security\egui.exe" [2008-03-13 1443072]"Ad-Watch"="c:\program files\Lavasoft\Ad-Aware\AAWTray.exe" [2009-02-22 509784]"RTHDCPL"="RTHDCPL.EXE" [2008-05-16 c:\windows\RTHDCPL.exe]"nwiz"="nwiz.exe" [2008-06-26 c:\windows\system32\nwiz.exe][HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]"ctfmon.exe"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]c:\documents and settings\CHUNG\「開始」功能表\程式集\啟動\OneNote 2007 畫面剪輯器及啟動器.lnk - c:\program files\Microsoft Office\Office12\ONENOTEM.EXE [2007-12-07 101440]c:\documents and settings\All Users\「開始」功能表\程式集\啟動\hp psc 1000 series.lnk - c:\program files\Hewlett-Packard\Digital Imaging\bin\hpohmr08.exe [2002-12-02 147456]hpoddt01.exe.lnk - c:\program files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe [2002-12-02 40960][HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]"VIDC.ACDV"= ACDV.dll"VIDC.HFYU"= huffyuv.dll"msacm.l3codecp"= l3codecp.acm[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]BootExecute REG_MULTI_SZ autocheck autochk *\0OODBS\0lsdelete[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]Authentication Packages REG_MULTI_SZ msv1_0 c:\windows\system32\efcASKCv[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]@="Service"[HKEY_LOCAL_MACHINE\software\microsoft\security center]"FirewallOverride"=dword:00000001[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]"EnableFirewall"= 0 (0x0)

TOP

uutravel

二星fun會員

Rank: 3 Rank: 3

5^# 大中小發表於 2009-3-1 11:08 只看該作者

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=
"c:\\Zcom\\skin.dll"=
"c:\\Program Files\\Thunder Network\\Thunder\\Program\\Thunder5.exe"=
"c:\\Program Files\\LittleFighter2\\LF2_v2.0\\lf2.exe"=
"c:\\Program Files\\Foxy\\Foxy.exe"=
"c:\\Program Files\\Valve\\hl.exe"=
"c:\\Program Files\\Warcraft III\\Warcraft III.exe"=
"c:\\WINDOWS\\system32\\dplaysvr.exe"=
"c:\\Program Files\\Electronic Arts\\EADM\\Core.exe"=
"d:\\TF2\\hl2.exe"=
"c:\\Program Files\\Codemasters\\GRID\\GRID.exe"=
"c:\\Program Files\\Activision\\Spider-Man - Web of Shadows\\image\\pc\\Spider-Man Web of Shadows.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"d:\\Left 4 Dead\\Left 4 Dead\\common\\left 4 dead\\left4dead.exe"=
"c:\\vLan\\vLan.exe"=
"d:\\Prince of Persia\\Prince of Persia.exe"=
"d:\\Prince of Persia\\PrinceOfPersia_Launcher.exe"=
"d:\\namnam's things\\AOC\\AOC10.exe"=
"d:\\Rockstar Games Social Club\\RGSCLauncher.exe"=
"d:\\Grand Theft Auto IV\\LaunchGTAIV.exe"=
"d:\\Grand Theft Auto IV\\GTAIV.exe"=
"c:\\Program Files\\KeyHoleTV\\KeyHoleTV.exe"=
"c:\\Program Files\\GridService\\peer.exe"=
"c:\\Program Files\\Thunder Network\\SoftManager\\Program\\XLSoftmgr.exe"=
"c:\\Program Files\\PPStream\\PPStream.exe"=
"c:\\Program Files\\PPStream\\PPSAP.exe"=
"c:\\Program Files\\Sports Interactive\\Football Manager 2009\\fm.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"9384:TCP"= 9384:TCP:BitComet 9384 TCP
"9384:UDP"= 9384:UDP:BitComet 9384 UDP
"4081:TCP"= 4081:TCP:Foxy (169.254.41.32:4081) 4081 TCP
"4081:UDP"= 4081:UDP:Foxy (169.254.41.32:4081) 4081 UDP

R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [2009-02-22 64160]
R1 appdrv01;Application Driver (01);c:\windows\system32\drivers\appdrv01.sys [2008-10-18 2915944]
R2 ekrn;Eset Service;c:\program files\ESET\ESET Smart Security\ekrn.exe [2008-03-13 472320]
R2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\Lavasoft\Ad-Aware\AAWService.exe [2009-01-19 950096]
R3 IPvE;IPvE Adapter Driver;c:\windows\system32\drivers\IPvE.sys [2008-11-25 14824]
R3 L1e;Miniport Driver for Atheros AR8121/AR8113/AR8114 PCI-E Ethernet Controller;c:\windows\system32\drivers\l1e51x86.sys [2008-10-02 36864]
S2 appdrvrem01;Application Driver Auto Removal Service (01);c:\windows\System32\appdrvrem01.exe svc --> c:\windows\System32\appdrvrem01.exe svc [?]
S3 XDva210;XDva210;\??\c:\windows\system32\XDva210.sys --> c:\windows\system32\XDva210.sys [?]
S3 XDva214;XDva214;\??\c:\windows\system32\XDva214.sys --> c:\windows\system32\XDva214.sys [?]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{82589c3e-0188-11de-a40a-00ff39151ab4}]
\Shell\AutoRun\command - H:\LaunchU3.exe -a
.
‘計劃任務’ 文件夾裡的內容

2009-02-22 c:\windows\Tasks\Ad-Aware Update (Weekly).job
- c:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2009-02-22 13:27]

2009-01-09 c:\windows\Tasks\FRU Task #Hewlett-Packard#hp psc 1200 series#1223363859.job
- c:\program files\Hewlett-Packard\Digital Imaging\Bin\hpqfrucl.exe [2002-12-02 20:38]

2009-02-28 c:\windows\Tasks\查看 Windows Live Toolbar 的更新資訊.job
- c:\program files\Windows Live Toolbar\MSNTBUP.EXE [2007-10-19 11:20]
.
- - - - ORPHANS REMOVED - - - -

BHO-{A776475E-FDD1-45E3-A262-B7FF54375F00} - c:\windows\system32\efcASKCv.dll
BHO-{AE90C38C-97CF-4696-B290-C7973DC9675E} - c:\program files\Little Fighter 2 Toolbar\v3.3.0.1\Little_Fighter_2_Toolbar.dll
BHO-{b5402f9b-afdd-4aeb-b75a-47a14fec227f} - c:\windows\system32\qvzbnk.dll
Toolbar-{C3CD744D-2FAE-4640-8297-16B5DA423104} - c:\program files\Little Fighter 2 Toolbar\v3.3.0.1\Little_Fighter_2_Toolbar.dll
WebBrowser-{C3CD744D-2FAE-4640-8297-16B5DA423104} - c:\program files\Little Fighter 2 Toolbar\v3.3.0.1\Little_Fighter_2_Toolbar.dll
HKCU-Run-BitComet - c:\program files\BitComet\BitComet.exe
MSConfigStartUp-Device Detector - DevDetect.exe

.
------- 而外的掃描 -------
.
uStart Page = hxxp://www.daemon-search.com/default
uInternet Connection Wizard,ShellNext = hxxp://asia.acdsee.com/products/install?pid=acdsee10_zh-hk&ver=10.0.225.1
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: &Windows Live Search - c:\program files\Windows Live Toolbar\msntb.dll/search.htm
IE: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx
IE: Foxy 下載 - c:\program files\Foxy\Foxy.exe/download.htm
IE: Foxy 搜尋 - c:\program files\Foxy\Foxy.exe/search.htm
IE: 使用迅雷下載 - c:\program files\Thunder Network\Thunder\Program\geturl.htm
IE: 使用迅雷下載全部鏈接 - c:\program files\Thunder Network\Thunder\Program\getallurl.htm
IE: 匯出至 Microsoft Office Excel(&X) - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
IE: 蹲 Microsoft Excel(&X) - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
IE: {{09BA8F6D-CB54-424B-839C-C2A6C8E6B436} - c:\program files\Thunder Network\Thunder\Thunder.exe
TCP: {80FCD54C-06A5-4A7A-ACE3-1662EEE09D61} = 203.198.23.208 205.252.144.126
DPF: {81F3CC2E-5F40-41A5-9FCA-6DAAA6051D46} - hxxp://210.64.51.191/download/ClientATXCtrl.cab
DPF: {8DE6AB9C-8C62-486B-8C06-5C9AD6FD06F1} - hxxp://txn01.hkjc.com/BetSlip/object/eWinCtl.cab
FF - ProfilePath - c:\documents and settings\CHUNG\Application Data\Mozilla\Firefox\Profiles\b8ao4co6.default\
FF - plugin: c:\program files\Final Codecs\MozillaPlugins\nppl3260.dll
FF - plugin: c:\program files\Final Codecs\MozillaPlugins\nprjplug.dll
FF - plugin: c:\program files\Final Codecs\MozillaPlugins\nprpjplug.dll
FF - plugin: c:\program files\Java\j2re1.4.1_03\bin\NPJava11.dll
FF - plugin: c:\program files\Java\j2re1.4.1_03\bin\NPJava12.dll
FF - plugin: c:\program files\Java\j2re1.4.1_03\bin\NPJava13.dll
FF - plugin: c:\program files\Java\j2re1.4.1_03\bin\NPJava32.dll
FF - plugin: c:\program files\Java\j2re1.4.1_03\bin\NPJPI141_03.dll
FF - plugin: c:\program files\Java\j2re1.4.1_03\bin\NPOJI610.dll

---- 火狐配置文件 ----
c:\program files\Mozilla Firefox\defaults\profile\foxy.js - user_pref("network.protocol-handler.external.foxy", true);
c:\program files\Mozilla Firefox\defaults\profile\foxy.js - user_pref("network.protocol-handler.warn-external.foxy", false);
c:\program files\Mozilla Firefox\defaults\profile\foxy.js - user_pref("network.protocol-handler.expose.foxy", true);
c:\program files\Mozilla Firefox\defaults\profile\foxy.js - user_pref("general.useragent.extra.foxy1", "Foxy/1");
.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-03-01 09:24:23
Windows 5.1.2600 Service Pack 3 NTFS

掃描被隱藏的進程。。。

掃描被隱藏的啟動組。。。

掃描被隱藏的文件。。。

掃描完成
被隱藏的檔案: 0

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_LOCAL_MACHINE\software\Classes\B*D*A*T*u*n*e*r*.*CQ譸\CLSID]
@="{809B6661-94C4-49E6-B6EC-3F0F862215AA}"

[HKEY_LOCAL_MACHINE\software\Classes\B*D*A*T*u*n*e*r*.*CQ譸\CurVer]
@="BDATuner.元件.1"
.
------------------------ 其他運行進程 ------------------------
.
c:\windows\system32\conime.exe
c:\windows\system32\rundll32.exe
c:\windows\system32\nvsvc32.exe
c:\windows\system32\oodag.exe
c:\windows\system32\wbem\unsecapp.exe
c:\windows\system32\wscntfy.exe
c:\windows\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe
.
**************************************************************************
.
完成時間: 2009-03-01  9:26:15 - 電腦已重新啟動
ComboFix-quarantined-files.txt  2009-03-01 01:26:09

Pre-Run: 57,920,880,640 位元組可用
Post-Run: 58,433,548,288 位元組可用

WindowsXP-KB310994-SP2-Pro-BootDisk-CHT.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect

344 --- E O F --- 2009-02-11 17:12:32

TOP

uutravel

二星fun會員

Rank: 3 Rank: 3

6^# 大中小發表於 2009-3-1 11:10 只看該作者

GooredFix v1.91 by jpshortstuff
Log created at 09:34 on 01/03/2009 running Option #2 (CHUNG)
Firefox version 3.0.6 (zh-TW)
(Subsequent Run)

=====Goored Deletions=====

=====Dumping Registry Values=====

[HKEY_LOCAL_MACHINE\SOFTWARE\Mozilla\Mozilla Firefox 3.0.6\extensions]
"Plugins"="C:\Program Files\Mozilla Firefox\plugins"

[HKEY_LOCAL_MACHINE\SOFTWARE\Mozilla\Mozilla Firefox 3.0.6\extensions]
"Components"="C:\Program Files\Mozilla Firefox\components"

TOP

uutravel

二星fun會員

Rank: 3 Rank: 3

7^# 大中小發表於 2009-3-1 11:12 只看該作者

HIJACKTHIS

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 9:38:54, on 1/3/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.5730.0013)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\conime.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\ASUS\EPU-4 Engine\FourEngine.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\GridService\peer.exe
C:\Program Files\ESET\ESET Smart Security\egui.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\DAEMON Tools Lite\daemon.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\PPStream\ppsap.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpohmr08.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe
C:\Program Files\ESET\ESET Smart Security\ekrn.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\oodag.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

O2 - BHO: Thunder AtOnce - {01443AEC-0FD1-40fd-9C87-E93D1494C233} - C:\Program Files\Thunder Network\Thunder\ComDlls\TDAtOnce_Now.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: ThunderBHO - {889D2FEB-5411-4565-8998-1DD2C5261283} - C:\Program Files\Thunder Network\Thunder\ComDlls\xunleiBHO_Now.dll
O2 - BHO: Windows Live 登入小幫手 - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.0.926.3450\swg.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_219B3E1547538286.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: &Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [Six Engine] "C:\Program Files\ASUS\EPU-4 Engine\FourEngine.exe" -r
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [OODefragTray] C:\WINDOWS\system32\oodtray.exe
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [Grid Service] "C:\Program Files\GridService\peer.exe" -n Grid
O4 - HKLM\..\Run: [egui] "C:\Program Files\ESET\ESET Smart Security\egui.exe" /hide /waitservice
O4 - HKLM\..\Run: [Ad-Watch] C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\daemon.exe" -autorun
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [RGSC] D:\Rockstar Games Social Club\RGSCLauncher.exe /silent
O4 - HKCU\..\Run: [PPS Accelerator] C:\Program Files\PPStream\ppsap.exe
O4 - HKUS\S-1-5-18\..\Run: [ctfmon.exe] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [ctfmon.exe] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx
O8 - Extra context menu item: Foxy 下載 - res://C:\Program Files\Foxy\Foxy.exe/download.htm
O8 - Extra context menu item: Foxy 搜尋 - res://C:\Program Files\Foxy\Foxy.exe/search.htm
O8 - Extra context menu item: 使用迅雷下載 - C:\Program Files\Thunder Network\Thunder\Program\geturl.htm
O8 - Extra context menu item: 使用迅雷下載全部鏈接 - C:\Program Files\Thunder Network\Thunder\Program\getallurl.htm
O8 - Extra context menu item: 匯出至 Microsoft Office Excel(&X) - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: 蹲 Microsoft Excel(&X) - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.1_03\bin\npjpi141_03.dll
O9 - Extra 'Tools' menuitem: Sun Java 控制台 - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.1_03\bin\npjpi141_03.dll
O9 - Extra button: 運行迅雷5 - {09BA8F6D-CB54-424B-839C-C2A6C8E6B436} - C:\Program Files\Thunder Network\Thunder\Thunder.exe
O9 - Extra 'Tools' menuitem: 運行迅雷5 - {09BA8F6D-CB54-424B-839C-C2A6C8E6B436} - C:\Program Files\Thunder Network\Thunder\Thunder.exe
O9 - Extra button: 肚? OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: 肚? OneNote(E) - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O15 - ESC Trusted Zone: http://*.update.microsoft.com
O16 - DPF: {1E54D648-B804-468d-BC78-4AFFED8E262E} (System Requirements Lab) - http://www.srtest.com/srl_bin/sysreqlab_srl.cab
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/ZH-HK/a-UNO1/GAME_UNO1.cab
O16 - DPF: {81F3CC2E-5F40-41A5-9FCA-6DAAA6051D46} (ClientATXCtrl Control) - http://210.64.51.191/download/ClientATXCtrl.cab
O16 - DPF: {8DE6AB9C-8C62-486B-8C06-5C9AD6FD06F1} (DataStore Class) - http://txn01.hkjc.com/BetSlip/object/eWinCtl.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/bi ... Client.cab56907.cab
O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab56986.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{80FCD54C-06A5-4A7A-ACE3-1662EEE09D61}: NameServer = 203.198.23.208 205.252.144.126
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll
O23 - Service: Application Driver Auto Removal Service (01) (appdrvrem01) - Protection Technology - C:\WINDOWS\System32\appdrvrem01.exe
O23 - Service: Eset HTTP Server (EhttpSrv) - ESET - C:\Program Files\ESET\ESET Smart Security\EHttpSrv.exe
O23 - Service: Eset Service (ekrn) - ESET - C:\Program Files\ESET\ESET Smart Security\ekrn.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: Lavasoft Ad-Aware Service - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: O&O Defrag - O&O Software GmbH - C:\WINDOWS\system32\oodag.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe

--
End of file - 8937 bytes

TOP

kichiYY

版主

Rank: 9 Rank: 9 Rank: 9

8^# 大中小發表於 2009-3-1 11:27 只看該作者

現在firefox ie 開到嗎?

用 Kaspersky Online Scanner 掃描電腦，然後貼上記錄.
http://www.kaspersky.com/kos/eng/partner/default/kavwebscan.html
1.點"Kaspersky Online Scanner"的按鈕來進行掃毒
2.安裝ActiveX控制項，即可將卡巴斯基公司所提供的IE附加元件安裝到電腦中。
3.提示需安裝Java v1.6或之後的版本才能進行掃毒
4.按下"Accept"同意執行
按"執行" 按鈕
5.下載安裝程式與更新病毒碼
6.下載病毒碼完成後，選擇掃描My Computer(我的電腦)
7.掃描完成，按下"View scan report"來觀看掃描資訊
8.按"Save Report As..."來儲存這次的報告為KAS.txt在桌面，以便需要刪除病毒使用.

貼上KAS.txt內容

TOP

uutravel

二星fun會員

Rank: 3 Rank: 3

9^# 大中小發表於 2009-3-1 17:01 只看該作者

開到了

但我本身有nod32 會不會撞?

TOP