打印

plz幫幫手...中毒,[附Hijackthis]

歡樂屋仔

二星fun會員

Rank: 3 Rank: 3

1^# 大中小發表於 2009-2-21 21:08 只看該作者

plz幫幫手...中毒,[附Hijackthis]

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 16:10:00, on 13/2/2009
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v7.00 (7.00.6001.18000)
Boot mode: Normal

Running processes:
C:\Windows\System32\smss.exe
C:\Windows\system32\csrss.exe
C:\Windows\system32\wininit.exe
C:\Windows\system32\csrss.exe
C:\Windows\system32\services.exe
C:\Windows\system32\lsass.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\winlogon.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe
C:\Windows\System32\svchost.exe
C:\Windows\System32\svchost.exe
C:\Windows\System32\svchost.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\svchost.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\Program Files\StormII\stormliv.exe
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
C:\Windows\system32\svchost.exe
C:\Program Files\Spyware Doctor\pctsAuxs.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\PROGRA~1\AVG\AVG8\avgnsx.exe
C:\Program Files\Spyware Doctor\pctsSvc.exe
C:\Windows\system32\svchost.exe
C:\Program Files\Spyware Doctor\pctsTray.exe
C:\Windows\System32\svchost.exe
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\DRIVERS\xaudio.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\PROGRA~1\AVG\AVG8\avgemc.exe
C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
C:\Program Files\AVG\AVG8\avgcsrvx.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Apoint2K\Apoint.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Windows\system32\igfxsrvc.exe
C:\Program Files\HP\QuickPlay\QPService.exe
C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QLBCTRL.exe
C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
C:\Program Files\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Google\Google Pinyin\GooglePinyinDaemon.exe
C:\Program Files\Apoint2K\ApMsgFwd.exe
C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
C:\Program Files\GridService\peer.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Windows\System32\mobsync.exe
C:\Program Files\HP\HP Software Update\hpwuSchd2.exe
C:\Users\Compaq\Program Files\DNA\btdna.exe
C:\Program Files\Hewlett-Packard\Shared\HpqToaster.exe
C:\Program Files\Apoint2K\Apntex.exe
C:\Windows\system32\conime.exe
C:\Windows\system32\wuauclt.exe
C:\Program Files\Internet Explorer\ieuser.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\Windows\system32\Macromed\Flash\FlashUtil10a.exe
c:\program files\windows defender\MpCmdRun.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\Windows\system32\wbem\wmiprvse.exe

R3 - URLSearchHook: Yahoo! 工具列 - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O1 - Hosts: ::1 localhost
O2 - BHO: WebThunderBHO - {00000AAA-A363-466E-BEF5-9BB68697AA7F} - C:\Program Files\Thunder Network\WebThunder\WebThunderBHO_Now.dll
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: flashget2 urlcatch - {1F364306-AA45-47B5-9F9D-39A8B94E7EF1} - C:\Users\Compaq\Desktop\FlashGet\ComDlls\bhoCATCH.dll (file missing)
O2 - BHO: AddTask Class - {24F06550-65E3-4D1C-8CFE-839C296B5530} - C:\Program Files\eREAD6.0\eREAD6.0\IEeREAD.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: BitComet ClickCapture - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - C:\Users\Compaq\Desktop\BitComet\tools\BitCometBHO_1.2.1.2.dll (file missing)
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll
O2 - BHO: AddTask Class - {6A19C29D-ED45-4483-8999-9F939C8161F2} - C:\Program Files\eREAD6.0\eREAD6.0\WebHook.dll
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live 登入小幫手 - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL
O2 - BHO: Little Fighter 2 Toolbar Helper - {AE90C38C-97CF-4696-B290-C7973DC9675E} - C:\Program Files\Little Fighter 2 Toolbar\v3.3.0.1\Little_Fighter_2_Toolbar.dll (file missing)
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\4.1.805.4472\swg.dll
O2 - BHO: FlashGetBHO - {b070d3e3-fec0-47d9-8e8a-99d4eeb3d3b0} - C:\ProgramData\FlashGetBHO\FlashGetBHO.dll
O2 - BHO: MegaIEMn - {bf00e119-21a3-4fd1-b178-3b8537e75c92} - C:\Program Files\Megaupload\Mega Manager\MegaIEMn.dll
O2 - BHO: ALiBaBar_Helper - {CE439C63-384A-747A-A357-23D96B5D652B} - C:\Users\Compaq\Desktop\ALiBaBar\ALiBaBar.dll (file missing)
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O3 - Toolbar: Yahoo! 工具列 - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: ALiBaBar - {0A1375E1-56C2-11D6-8E45-8933A0FB5235} - C:\Users\Compaq\Desktop\ALiBaBar\ALiBaBar.dll (file missing)
O3 - Toolbar: DAEMON Tools Toolbar - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Program Files\DAEMON Tools Toolbar\DTToolbar.dll
O3 - Toolbar: Little Fighter 2 Toolbar - {C3CD744D-2FAE-4640-8297-16B5DA423104} - C:\Program Files\Little Fighter 2 Toolbar\v3.3.0.1\Little_Fighter_2_Toolbar.dll (file missing)
O3 - Toolbar: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint2K\Apoint.exe
O4 - HKLM\..\Run: [IgfxTray] C:\Windows\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\Windows\system32\igfxpers.exe
O4 - HKLM\..\Run: [QPService] "C:\Program Files\HP\QuickPlay\QPService.exe"
O4 - HKLM\..\Run: [QlbCtrl] %ProgramFiles%\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start
O4 - HKLM\..\Run: [HP Health Check Scheduler] c:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe
O4 - HKLM\..\Run: [hpWirelessAssistant] %ProgramFiles%\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
O4 - HKLM\..\Run: [WAWifiMessage] %ProgramFiles%\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe"
O4 - HKLM\..\Run: [Ulead AutoDetector v2] C:\Program Files\Common Files\Ulead Systems\AutoDetector\monitor.exe
O4 - HKLM\..\Run: [Google IME Autoupdater] "C:\Program Files\Google\Google Pinyin\GooglePinyinDaemon.exe"
O4 - HKLM\..\Run: [jfproc] C:\Downloads\ppfilm\jfCacheMgr.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup

TOP

歡樂屋仔

二星fun會員

Rank: 3 Rank: 3

2^# 大中小發表於 2009-2-21 22:02 只看該作者

O4 - HKLM\..\Run: [Symantec PIF AlertEng] "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /a /m "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\AlertEng.dll"
O4 - HKLM\..\Run: [Grid Service] "C:\Program Files\GridService\peer.exe" -n Grid
O4 - HKLM\..\Run: [ISTray] "C:\Program Files\Spyware Doctor\pctsTray.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe"  -osboot
O4 - HKLM\..\Run: [WebThunder] C:\Program Files\Thunder Network\WebThunder\WebThunder.exe
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKLM\..\Run: [FlashGet] "C:\FlashGet Network\Flashget\FlashGet.exe" /min
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\RunOnce: [Launcher] %WINDIR%\SMINST\launcher.exe
O4 - HKCU\..\Run: [LightScribe Control Panel] C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe -hidden
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [BitComet] "C:\Users\Compaq\Desktop\BitComet\BitComet.exe" /tray
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [BitTorrent DNA] "C:\Users\Compaq\Program Files\DNA\btdna.exe"
O4 - HKCU\..\Run: [PPLiveVA] C:\Users\Compaq\Desktop\PPLiveVA\PPLiveVA.exe /LoadModule PPVA.DLL /M REAL /S 0 /T 0
O4 - HKCU\..\Run: [ezHelper] "C:\Program Files\ezHelper\ezHelper.exe" 300
O4 - HKCU\..\Run: [Yahoo!Mini] "C:\Program Files\Yahoo!\Mini\YMiniUpdat2.exe" -c
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O4 - Startup: AntiCrash.lnk = C:\Program Files\Dachshund Software\AntiCrash\AntiCrash.exe
O4 - Startup: Battery Doubler.lnk = C:\Program Files\Dachshund Software\Battery Doubler\Battery Doubler.exe
O4 - Startup: Hare.lnk = C:\Program Files\Dachshund Software\Hare\Hare.exe
O4 - Startup: Zoom.lnk = C:\Program Files\Dachshund Software\Zoom\Zoom.exe
O4 - Startup: 羲亅袤醱賒惆.lnk = C:\Users\Compaq\Desktop\Coopen\Coopen.exe
O8 - Extra context menu item: &D&ownload &with BitComet - res://C:\Users\Compaq\Desktop\BitComet\BitComet.exe/AddLink.htm
O8 - Extra context menu item: &D&ownload all video with BitComet - res://C:\Users\Compaq\Desktop\BitComet\BitComet.exe/AddVideo.htm
O8 - Extra context menu item: &D&ownload all with BitComet - res://C:\Users\Compaq\Desktop\BitComet\BitComet.exe/AddAllLink.htm
O8 - Extra context menu item: Foxy 下載 - res://C:\Program Files\Foxy\Foxy.exe/download.htm
O8 - Extra context menu item: Foxy 搜尋 - res://C:\Program Files\Foxy\Foxy.exe/search.htm
O8 - Extra context menu item: UseFlashGet - C:\FlashGet Network\Flashget\GetUrl.htm
O8 - Extra context menu item: UseFlashGetDownloadAllLink - C:\FlashGet Network\Flashget\GetAllUrl.htm
O8 - Extra context menu item: 剪貼簿文字:  簡 > 繁 - res://C:\Users\Compaq\Desktop\ALiBaBar\ALiBaBar.dll/RT_HTML/ClipToTrad
O8 - Extra context menu item: 剪貼簿文字:  繁 > 簡 - res://C:\Users\Compaq\Desktop\ALiBaBar\ALiBaBar.dll/RT_HTML/ClipToSim
O8 - Extra context menu item: 妏蚚WEB捃濘狟婥 - C:\Program Files\Thunder Network\WebThunder\GetUrl.htm
O8 - Extra context menu item: 妏蚚WEB捃濘狟婥窒蟈諉 - C:\Program Files\Thunder Network\WebThunder\GetAllUrl.htm
O8 - Extra context menu item: 妏蚚辦陬(Flas&hGet)狟婥 - C:\FlashGet Network\Flashget\GetUrl.htm
O8 - Extra context menu item: 妏蚚辦陬(Flash&Get)狟婥窒蟈諉 - C:\FlashGet Network\Flashget\GetAllUrl.htm
O8 - Extra context menu item: 妏蚚辦陬(FlashGet)狟婥蜆厙珜FLV - C:\FlashGet Network\Flashget\FlvDetector.htm
O8 - Extra context menu item: 網頁:  [簡體] 顯示 - res://C:\Users\Compaq\Desktop\ALiBaBar\ALiBaBar.dll/RT_HTML/PageToSim
O8 - Extra context menu item: 網頁:  [繁體] 顯示 - res://C:\Users\Compaq\Desktop\ALiBaBar\ALiBaBar.dll/RT_HTML/PageToTrad
O9 - Extra button: ぎ雄WEB捃濘 - {962EFB8E-2683-42d4-AC74-AAA4C759B9C6} - http://my.xunlei.com (file missing)
O9 - Extra 'Tools' menuitem: ぎ雄WEB捃濘 - {962EFB8E-2683-42d4-AC74-AAA4C759B9C6} - http://my.xunlei.com (file missing)
O9 - Extra button: BitComet - {D18A0B52-D63C-4ed0-AFC6-C1E3DC1AF43A} - res://C:\Users\Compaq\Desktop\BitComet\tools\BitCometBHO_1.2.1.2.dll/206 (file missing)
O13 - Gopher Prefix:
O15 - ESC Trusted Zone: http://*.update.microsoft.com
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/ ... e.cab?1227629550184
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O20 - AppInit_DLLs: 0
O23 - Service: AVG Free8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgemc.exe
O23 - Service: AVG Free8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: Contrl Center of Storm Media (ccosm) - 北京暴?网?科技有限公司 - C:\Program Files\StormII\stormliv.exe
O23 - Service: Com4Qlb - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\Com4Qlb.exe
O23 - Service: 「Google 桌面」管理員 5.7.802.22438 (GoogleDesktopManager-022208-143751) - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: HP Health Check Service - Hewlett-Packard - c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe
O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: LiveUpdate Notice Service Ex (LiveUpdate Notice Ex) - Unknown owner - c:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (file missing)
O23 - Service: LiveUpdate Notice Service - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
O23 - Service: RoxMediaDB9 - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe
O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\pctsAuxs.exe
O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\pctsSvc.exe
O23 - Service: stllssvr - MicroVision Development, Inc. - C:\Program Files\Common Files\SureThing Shared\stllssvr.exe
O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe
O23 - Service: 自動 LiveUpdate 排程器 - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe

--
End of file - 15676 bytes

TOP

歡樂屋仔

二星fun會員

Rank: 3 Rank: 3

3^# 大中小發表於 2009-2-23 08:22 只看該作者

plz幫幫手

TOP

yumi大人

二星fun會員

Rank: 3 Rank: 3

4^# 大中小發表於 2009-2-23 23:06 只看該作者

1.關閉系統還原, 執行Hijackthis捷徑
2.按Do a system scan only，稍等一下直至 "Scan" 變成 "Save log"
3.勾選以下項目(左方方格)，關閉除了Hijackthis.exe之外的其他視窗，按 "Fix checked"，hijackthis會提示你重啟，如在此一步驟後，可重新啟動電腦。

O2 - BHO: flashget2 urlcatch - {1F364306-AA45-47B5-9F9D-39A8B94E7EF1} - C:\Users\Compaq\Desktop\FlashGet\ComDlls\bhoCATCH.dll (file missing)
O2 - BHO: BitComet ClickCapture - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - C:\Users\Compaq\Desktop\BitComet\tools\BitCometBHO_1.2.1.2.dll (file missing)
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Little Fighter 2 Toolbar Helper - {AE90C38C-97CF-4696-B290-C7973DC9675E} - C:\Program Files\Little Fighter 2 Toolbar\v3.3.0.1\Little_Fighter_2_Toolbar.dll (file missing)
O2 - BHO: ALiBaBar_Helper - {CE439C63-384A-747A-A357-23D96B5D652B} - C:\Users\Compaq\Desktop\ALiBaBar\ALiBaBar.dll (file missing)
O4 - HKLM\..\RunOnce: [Launcher] %WINDIR%\SMINST\launcher.exe
O4 - HKCU\..\Run: [BitTorrent DNA] "C:\Users\Compaq\Program Files\DNA\btdna.exe"
O4 - HKCU\..\Run: [ezHelper] "C:\Program Files\ezHelper\ezHelper.exe" 300
O9 - Extra button: ぎ雄WEB捃濘 - {962EFB8E-2683-42d4-AC74-AAA4C759B9C6} - http://my.xunlei.com (file missing)
O9 - Extra 'Tools' menuitem: ぎ雄WEB捃濘 - {962EFB8E-2683-42d4-AC74-AAA4C759B9C6} - http://my.xunlei.com (file missing)
O9 - Extra button: BitComet - {D18A0B52-D63C-4ed0-AFC6-C1E3DC1AF43A} -res://C:\Users\Compaq\Desktop\BitComet\tools\BitCometBHO_1.2.1.2.dll/206(file missing)
O20 - AppInit_DLLs: 0

TOP

yumi大人

二星fun會員

Rank: 3 Rank: 3

5^# 大中小發表於 2009-2-23 23:12 只看該作者

下載 ComboFix 至桌面

http://download.bleepingcomputer.com/sUBs/ComboFix.exe

* 執行 ComboFix

注意: 為防止保安軟件將 ComboFix 錯誤列為危險檔案. 執行 ComboFix 之前請將防毒軟件及反間諜軟件暫時關閉. 另外，ComboFix 運作其間請勿執行任何程式或用滑鼠點擊 ComboFix 視窗.

* ComboFix 會彈出視窗，按是 (Y)
* 假如需要安裝恢復控制台，按是 (Y) 進行安裝. 完成安裝後按是 (Y) 繼續.
* 程式會進行掃描，其間桌面可能會暫時消失. 完成掃描後，程式會自動關閉.
* 之後 ComboFix 記錄會彈出，記錄會自動儲存於 C:\ComboFix.txt
* 重新啟動電腦.
* 貼上 ComboFix 記錄.

如果報告太長,可以上傳到這裡 http://www.box.net

TOP

歡樂屋仔

二星fun會員

Rank: 3 Rank: 3

6^# 大中小發表於 2009-2-24 18:27 只看該作者

ComboFix 09-02-21.01 - Compaq 2009-02-24 17:46:18.1 - NTFSx86
執行位置: c:\users\Compaq\Downloads\ComboFix.exe
AV: AVG Anti-Virus Free *On-access scanning enabled* (Updated)
* 成功創造新還原點
.

((((((((((((((((((((((((((((((((((((((( 被刪除的檔案 )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\program files\StormII
c:\program files\StormII\BfOptDll.dll
c:\program files\StormII\Box\BoxLog.dll
c:\program files\StormII\Box\HttpServer.dll
c:\program files\StormII\Box\mini.swf
c:\program files\StormII\Box\MovieBoxCore.dll
c:\program files\StormII\Box\MovieBoxPS.dll
c:\program files\StormII\Box\Skin\MovieBox.zip
c:\program files\StormII\Box\Stline.exe
c:\program files\StormII\Box\UILib.dll
c:\program files\StormII\Box\UiManager.dll
c:\program files\StormII\Box\UiPlay.dll
c:\program files\StormII\Box\UitvWrapper_dll.dll
c:\program files\StormII\codec\264be.dll
c:\program files\StormII\codec\264dmmx.dll
c:\program files\StormII\codec\264dsse.dll
c:\program files\StormII\codec\264dsse2.dll
c:\program files\StormII\codec\264dsse3.dll
c:\program files\StormII\codec\aasc32.dll
c:\program files\StormII\codec\ac3filter.ax
c:\program files\StormII\codec\ACDV.dll
c:\program files\StormII\codec\acelpdec.ax
c:\program files\StormII\codec\asusasv1.dll
c:\program files\StormII\codec\asusasv2.dll
c:\program files\StormII\codec\ativcr2.dll
c:\program files\StormII\codec\avcodec.dll
c:\program files\StormII\codec\avformat.dll
c:\program files\StormII\codec\avidavicodec.dll
c:\program files\StormII\codec\AviSplitter.ax
c:\program files\StormII\codec\avutil.dll
c:\program files\StormII\codec\bass.dll
c:\program files\StormII\codec\bass_aac.dll
c:\program files\StormII\codec\bass_alac.dll
c:\program files\StormII\codec\bass_ape.dll
c:\program files\StormII\codec\bass_flac.dll
c:\program files\StormII\codec\bass_mpc.dll
c:\program files\StormII\codec\bass_tta.dll
c:\program files\StormII\codec\bass_wv.dll
c:\program files\StormII\codec\binkw32.dll
c:\program files\StormII\codec\BSPVDEC.dll
c:\program files\StormII\codec\bw10.dll
c:\program files\StormII\codec\cddareader.ax
c:\program files\StormII\codec\cdxareader.ax
c:\program files\StormII\codec\ChpSrcFilter.ax
c:\program files\StormII\codec\CinemasterAudio.DLL
c:\program files\StormII\codec\cl264dec.ax
c:\program files\StormII\codec\CLNavX.ax
c:\program files\StormII\codec\CLRVIDDC.DLL
c:\program files\StormII\codec\clrviddd.dll
c:\program files\StormII\codec\CLVc1Dec.ax
c:\program files\StormII\codec\CLVSD.ax
c:\program files\StormII\codec\clvsdx.ax
c:\program files\StormII\codec\coreavc.ax
c:\program files\StormII\codec\CUVCcodc.dll
c:\program files\StormII\codec\DCBassSource.ax
c:\program files\StormII\codec\DECVW_32.DLL
c:\program files\StormII\codec\divxdec.ax
c:\program files\StormII\codec\DmoDec.dll
c:\program files\StormII\codec\DSMSplitter.ax
c:\program files\StormII\codec\empgdmx.ax
c:\program files\StormII\codec\ff_kernelDeint.dll
c:\program files\StormII\codec\ff_liba52.dll
c:\program files\StormII\codec\ff_libavcodec.dll
c:\program files\StormII\codec\ff_libdts.dll
c:\program files\StormII\codec\ff_libfaad2.dll
c:\program files\StormII\codec\ff_libmad.dll
c:\program files\StormII\codec\ff_libmpeg2.dll
c:\program files\StormII\codec\ff_libmplayer.dll
c:\program files\StormII\codec\ff_realaac.dll
c:\program files\StormII\codec\ff_samplerate.dll
c:\program files\StormII\codec\ff_theora.dll
c:\program files\StormII\codec\ff_TomsMoComp.dll
c:\program files\StormII\codec\ff_tremor.dll
c:\program files\StormII\codec\ff_unrar.dll
c:\program files\StormII\codec\ff_wmv9.dll
c:\program files\StormII\codec\ff_xvidcore.dll
c:\program files\StormII\codec\ffdshow.ax
c:\program files\StormII\codec\ffdshow.ax.manifest
c:\program files\StormII\codec\ffmpeg.dll
c:\program files\StormII\codec\ffsource.ax
c:\program files\StormII\codec\Flash.ocx
c:\program files\StormII\codec\FLT_ffdshow.dll
c:\program files\StormII\codec\FLVSplitter.ax
c:\program files\StormII\codec\frapsvid.dll
c:\program files\StormII\codec\G722ADEC.dll
c:\program files\StormII\codec\GeoCodec.dll
c:\program files\StormII\codec\H264VDEC.dll
c:\program files\StormII\codec\HikAudioDec.ax
c:\program files\StormII\codec\HikFileSource.ax
c:\program files\StormII\codec\HikFileSplitter.ax
c:\program files\StormII\codec\HIKM4DEC.dll
c:\program files\StormII\codec\HikVideoDec.ax
c:\program files\StormII\codec\i263_32.drv
c:\program files\StormII\codec\icmw_32.dll
c:\program files\StormII\codec\iconv.dll
c:\program files\StormII\codec\kdh4.dll
c:\program files\StormII\codec\kdm4.dll
c:\program files\StormII\codec\keys.dat
c:\program files\StormII\codec\l3codecx.ax
c:\program files\StormII\codec\LCodcCMP.dll
c:\program files\StormII\codec\libavcodec.dll
c:\program files\StormII\codec\libmpeg2_ff.dll
c:\program files\StormII\codec\libmplayer.dll
c:\program files\StormII\codec\LMVRGBxf.dll
c:\program files\StormII\codec\LMVYUVxf.dll
c:\program files\StormII\codec\lsvxdec.dll
c:\program files\StormII\codec\mfplat.dll
c:\program files\StormII\codec\mkunicode.dll
c:\program files\StormII\codec\mkx.dll
c:\program files\StormII\codec\mkzlib.dll
c:\program files\StormII\codec\mmamrdmx.ax
c:\program files\StormII\codec\Mp3Decdll.dll
c:\program files\StormII\codec\MP3DMOD.DLL
c:\program files\StormII\codec\mp4.dll
c:\program files\StormII\codec\mp43dmod.dll
c:\program files\StormII\codec\MP4Demux.ax
c:\program files\StormII\codec\mp4sdmod.dll
c:\program files\StormII\codec\MP4Splitter.ax
c:\program files\StormII\codec\MpaDecFilter.ax
c:\program files\StormII\codec\MpaSplitter.ax
c:\program files\StormII\codec\mpcvideodec.ax
c:\program files\StormII\codec\Mpeg2DecFilter.ax
c:\program files\StormII\codec\mpeg2dmx.ax
c:\program files\StormII\codec\MpegSplitter.ax
c:\program files\StormII\codec\mpg2splt.ax
c:\program files\StormII\codec\mpg4dmod.dll
c:\program files\StormII\codec\mpg4ds32.ax
c:\program files\StormII\codec\msdmo.dll
c:\program files\StormII\codec\msms001.vwp
c:\program files\StormII\codec\msscds32.ax
c:\program files\StormII\codec\msvcp71.dll
c:\program files\StormII\codec\msvcr71.dll
c:\program files\StormII\codec\MZP4_DEC.DLL
c:\program files\StormII\codec\NDParser.ax
c:\program files\StormII\codec\NeMP4Splitter.ax
c:\program files\StormII\codec\nvviddec.ax
c:\program files\StormII\codec\OggSplitter.ax
c:\program files\StormII\codec\ogm.dll
c:\program files\StormII\codec\Plugins\nppl3260.dll
c:\program files\StormII\codec\Plugins\nppl3260.xpt
c:\program files\StormII\codec\Plugins\npqtplugin.dll
c:\program files\StormII\codec\Plugins\nprpjplug.dll
c:\program files\StormII\codec\Plugins\nsIQTScriptablePlugin.xpt
c:\program files\StormII\codec\Plugins\nsJSRealPlayerPlugin.xpt
c:\program files\StormII\codec\Plugins\QuickTimePlugin.class
c:\program files\StormII\codec\PmpSplt.ax
c:\program files\StormII\codec\pncrt.dll
c:\program files\StormII\codec\pndx5016.dll
c:\program files\StormII\codec\pndx5032.dll
c:\program files\StormII\codec\pthreadVC2.dll
c:\program files\StormII\codec\pvmjpg21.dll
c:\program files\StormII\codec\PVWV220.DLL
c:\program files\StormII\codec\qasf.dll
c:\program files\StormII\codec\QTSystem\CFCharacterSetBitmaps.bitmap
c:\program files\StormII\codec\QTSystem\CoreVideo.qtx
c:\program files\StormII\codec\QTSystem\CoreVideo.Resources\CoreVideo.qtr
c:\program files\StormII\codec\QTSystem\CoreVideo.Resources\en.lproj\CoreVideoLocalized.qtr
c:\program files\StormII\codec\QTSystem\QuickTime.qts
c:\program files\StormII\codec\QTSystem\QuickTime.Resources\en.lproj\QuickTimeLocalized.dll
c:\program files\StormII\codec\QTSystem\QuickTime.Resources\en.lproj\QuickTimeLocalized.qtr
c:\program files\StormII\codec\QTSystem\QuickTime.Resources\QuickTime.dll
c:\program files\StormII\codec\QTSystem\QuickTime.Resources\QuickTime.qtr
c:\program files\StormII\codec\QTSystem\QuickTime.Resources\QuickTime.qtxs

TOP

歡樂屋仔

二星fun會員

Rank: 3 Rank: 3

7^# 大中小發表於 2009-2-24 18:33 只看該作者

c:\program files\StormII\codec\QTSystem\QuickTime3GPP.qtx
c:\program files\StormII\codec\QTSystem\QuickTime3GPP.Resources\en.lproj\QuickTime3GPPLocalized.qtr
c:\program files\StormII\codec\QTSystem\QuickTime3GPP.Resources\QuickTime3GPP.qtr
c:\program files\StormII\codec\QTSystem\QuickTimeAudioSupport.qtx
c:\program files\StormII\codec\QTSystem\QuickTimeAudioSupport.Resources\en.lproj\QuickTimeAudioSupportLocalized.dll
c:\program files\StormII\codec\QTSystem\QuickTimeAudioSupport.Resources\en.lproj\QuickTimeAudioSupportLocalized.qtr
c:\program files\StormII\codec\QTSystem\QuickTimeAudioSupport.Resources\QuickTimeAudioSupport.qtr
c:\program files\StormII\codec\QTSystem\QuickTimeEssentials.qtx
c:\program files\StormII\codec\QTSystem\QuickTimeEssentials.Resources\en.lproj\QuickTimeEssentialsLocalized.qtr
c:\program files\StormII\codec\QTSystem\QuickTimeEssentials.Resources\QuickTimeEssentials.qtr
c:\program files\StormII\codec\QTSystem\QuickTimeH264.qtx
c:\program files\StormII\codec\QTSystem\QuickTimeH264.Resources\en.lproj\QuickTimeH264Localized.qtr
c:\program files\StormII\codec\QTSystem\QuickTimeH264.Resources\QuickTimeH264.qtr
c:\program files\StormII\codec\QTSystem\QuickTimeInternetExtras.qtx
c:\program files\StormII\codec\QTSystem\QuickTimeInternetExtras.Resources\en.lproj\QuickTimeInternetExtrasLocalized.qtr
c:\program files\StormII\codec\QTSystem\QuickTimeInternetExtras.Resources\QuickTimeInternetExtras.qtr
c:\program files\StormII\codec\QTSystem\QuickTimeMPEG4.qtx
c:\program files\StormII\codec\QTSystem\QuickTimeMPEG4.Resources\en.lproj\QuickTimeMPEG4Localized.qtr
c:\program files\StormII\codec\QTSystem\QuickTimeMPEG4.Resources\QuickTimeMPEG4.qtr
c:\program files\StormII\codec\QTSystem\QuickTimeMusic.qtx
c:\program files\StormII\codec\QTSystem\QuickTimeMusic.Resources\en.lproj\QuickTimeMusicLocalized.qtr
c:\program files\StormII\codec\QTSystem\QuickTimeMusic.Resources\QuickTimeMusic.qtr
c:\program files\StormII\codec\QTSystem\QuickTimeStreaming.qtx
c:\program files\StormII\codec\QTSystem\QuickTimeStreaming.Resources\en.lproj\QuickTimeStreamingLocalized.dll
c:\program files\StormII\codec\QTSystem\QuickTimeStreaming.Resources\en.lproj\QuickTimeStreamingLocalized.qtr
c:\program files\StormII\codec\QTSystem\QuickTimeStreaming.Resources\QuickTimeStreaming.qtr
c:\program files\StormII\codec\QTSystem\QuickTimeStreamingExtras.qtx
c:\program files\StormII\codec\QTSystem\QuickTimeStreamingExtras.Resources\en.lproj\QuickTimeStreamingExtrasLocalized.qtr
c:\program files\StormII\codec\QTSystem\QuickTimeStreamingExtras.Resources\QuickTimeStreamingExtras.qtr
c:\program files\StormII\codec\QTSystem\QuickTimeVR.qtx
c:\program files\StormII\codec\QTSystem\QuickTimeVR.Resources\en.lproj\QuickTimeVRLocalized.qtr
c:\program files\StormII\codec\QTSystem\QuickTimeVR.Resources\QuickTimeVR.qtr
c:\program files\StormII\codec\QuickTime.qts
c:\program files\StormII\codec\QuickTimeVR.qtx
c:\program files\StormII\codec\RadGtSplitter.ax
c:\program files\StormII\codec\Real\Codecs\14_43260.dll
c:\program files\StormII\codec\Real\Codecs\28_83260.dll
c:\program files\StormII\codec\Real\Codecs\atrc.dll
c:\program files\StormII\codec\Real\Codecs\cook.dll
c:\program files\StormII\codec\Real\Codecs\ddnt3260.dll
c:\program files\StormII\codec\Real\Codecs\dnet3260.dll
c:\program files\StormII\codec\Real\Codecs\drv1.dll
c:\program files\StormII\codec\Real\Codecs\drv2.dll
c:\program files\StormII\codec\Real\Codecs\drvc.dll
c:\program files\StormII\codec\Real\Codecs\hxltcolor.dll
c:\program files\StormII\codec\Real\Codecs\raac.dll
c:\program files\StormII\codec\Real\Codecs\ralf.dll
c:\program files\StormII\codec\Real\Codecs\rv10.dll
c:\program files\StormII\codec\Real\Codecs\rv20.dll
c:\program files\StormII\codec\Real\Codecs\rv30.dll
c:\program files\StormII\codec\Real\Codecs\rv40.dll
c:\program files\StormII\codec\Real\Codecs\sipr.dll
c:\program files\StormII\codec\Real\Common\objb3201.dll
c:\program files\StormII\codec\Real\Common\pnen3260.dll
c:\program files\StormII\codec\Real\Common\pngu3267.dll
c:\program files\StormII\codec\Real\Common\pnrs3260.dll
c:\program files\StormII\codec\Real\Common\rppr3260.dll
c:\program files\StormII\codec\Real\Common\security.dll
c:\program files\StormII\codec\Real\Plugins\audplin.dll
c:\program files\StormII\codec\Real\Plugins\authmgr.dll
c:\program files\StormII\codec\Real\Plugins\clbascauth.dll
c:\program files\StormII\codec\Real\Plugins\clntxres.dll
c:\program files\StormII\codec\Real\Plugins\ExtResources\coreres.xrs
c:\program files\StormII\codec\Real\Plugins\fpsechnd.dll
c:\program files\StormII\codec\Real\Plugins\httpfsys.dll
c:\program files\StormII\codec\Real\Plugins\hxsdp.dll
c:\program files\StormII\codec\Real\Plugins\hxxml.dll
c:\program files\StormII\codec\Real\Plugins\imgrender.dll
c:\program files\StormII\codec\Real\Plugins\memfsys.dll
c:\program files\StormII\codec\Real\Plugins\mp3fformat.dll
c:\program files\StormII\codec\Real\Plugins\mp3render.dll
c:\program files\StormII\codec\Real\Plugins\mp4arender.dll
c:\program files\StormII\codec\Real\Plugins\ntlmauth.dll
c:\program files\StormII\codec\Real\Plugins\oggfformat.dll
c:\program files\StormII\codec\Real\Plugins\pacplin.dll
c:\program files\StormII\codec\Real\Plugins\plusplin.dll
c:\program files\StormII\codec\Real\Plugins\pxcb3210.dll
c:\program files\StormII\codec\Real\Plugins\ramfformat.dll
c:\program files\StormII\codec\Real\Plugins\ramrender.dll
c:\program files\StormII\codec\Real\Plugins\rarender.dll
c:\program files\StormII\codec\Real\Plugins\rmfformat.dll
c:\program files\StormII\codec\Real\Plugins\rmxfpln.dll
c:\program files\StormII\codec\Real\Plugins\rmxrend.dll
c:\program files\StormII\codec\Real\Plugins\rn5auth.dll
c:\program files\StormII\codec\Real\Plugins\rtfformat.dll
c:\program files\StormII\codec\Real\Plugins\rtrender.dll
c:\program files\StormII\codec\Real\Plugins\rvrender.dll
c:\program files\StormII\codec\Real\Plugins\sdpplin.dll
c:\program files\StormII\codec\Real\Plugins\security.dll
c:\program files\StormII\codec\Real\Plugins\smlfformat.dll
c:\program files\StormII\codec\Real\Plugins\smlrender.dll
c:\program files\StormII\codec\Real\Plugins\smmrender.dll
c:\program files\StormII\codec\Real\Plugins\smplfsys.dll
c:\program files\StormII\codec\Real\Plugins\stubdrm.dll
c:\program files\StormII\codec\Real\Plugins\tfilesys.dll
c:\program files\StormII\codec\Real\Plugins\vidplin.dll
c:\program files\StormII\codec\Real\Plugins\vidsite.dll
c:\program files\StormII\codec\Real\Plugins\vorbisrend.dll
c:\program files\StormII\codec\Real\Plugins\vsrlocal.dll
c:\program files\StormII\codec\Real\rpplugins\cn\embed_cn.dll
c:\program files\StormII\codec\Real\rpplugins\cn\rpclsvc_cn.dll
c:\program files\StormII\codec\Real\rpplugins\embd3260.dll
c:\program files\StormII\codec\Real\rpplugins\rpcl3260.dll
c:\program files\StormII\codec\Real\rpplugins\rput3260.dll
c:\program files\StormII\codec\RLMPCDec.ax
c:\program files\StormII\codec\rmoc3260.dll
c:\program files\StormII\codec\RMSplt.ax
c:\program files\StormII\codec\Sc726dec.ax
c:\program files\StormII\codec\scmpack.dll
c:\program files\StormII\codec\scsource.ax
c:\program files\StormII\codec\skinsres.dll
c:\program files\StormII\codec\smackw32.dll
c:\program files\StormII\codec\SonicLicenseManager9.dll
c:\program files\StormII\codec\splitter.ax
c:\program files\StormII\codec\swscale.dll
c:\program files\StormII\codec\TomsMoComp_ff.dll
c:\program files\StormII\codec\ts.dll
c:\program files\StormII\codec\tsccvid.dll
c:\program files\StormII\codec\TTL2Dec.dll
c:\program files\StormII\codec\v2k2_dec.dll
c:\program files\StormII\codec\v2kdspde.dll
c:\program files\StormII\codec\vc1dc.dll
c:\program files\StormII\codec\vc1dmmx.dll
c:\program files\StormII\codec\vc1dsse.dll
c:\program files\StormII\codec\vc1dsse2.dll
c:\program files\StormII\codec\vc1wp.ax
c:\program files\StormII\codec\VDODEC32.dll
c:\program files\StormII\codec\vdowave.drv
c:\program files\StormII\codec\VgmAudio.ax
c:\program files\StormII\codec\vgmbgr.ax
c:\program files\StormII\codec\VgmSplt.ax
c:\program files\StormII\codec\vgmv2k2.ax
c:\program files\StormII\codec\Vid1Dec.dll
c:\program files\StormII\codec\VideoTune.ax
c:\program files\StormII\codec\vmnc.dll

TOP

歡樂屋仔

二星fun會員

Rank: 3 Rank: 3

8^# 大中小發表於 2009-2-24 19:32 只看該作者

c:\program files\StormII\codec\voxmsdec.ax
c:\program files\StormII\codec\vp6vfw.dll
c:\program files\StormII\codec\vp7vfw.dll
c:\program files\StormII\codec\vssver2.scc
c:\program files\StormII\codec\WMADMOD.dll
c:\program files\StormII\codec\wmpasf.dll
c:\program files\StormII\codec\wmsdmod.dll
c:\program files\StormII\codec\WMVDECOD.dll
c:\program files\StormII\codec\wmvdmod.dll
c:\program files\StormII\codec\xvid.ax
c:\program files\StormII\codec\xvidcore.dll
c:\program files\StormII\corelog.dll
c:\program files\StormII\current.ecs
c:\program files\StormII\GdiPlus.dll
c:\program files\StormII\getimg.exe
c:\program files\StormII\gifParser.dll
c:\program files\StormII\jscript.dll
c:\program files\StormII\keys.dat
c:\program files\StormII\media\def\def.flv
c:\program files\StormII\media\def\def.ini
c:\program files\StormII\media\empty.swf
c:\program files\StormII\media\media4in1.swf
c:\program files\StormII\media\mediabp.swf
c:\program files\StormII\media\others.xml
c:\program files\StormII\media\others.xml.ini
c:\program files\StormII\media\stcon.ini
c:\program files\StormII\media\toff.ini
c:\program files\StormII\media\video_material_list.xml
c:\program files\StormII\media\video_material_list.xml.ini
c:\program files\StormII\media\video_style_list.xml
c:\program files\StormII\media\video_style_list.xml.ini
c:\program files\StormII\media2.dll
c:\program files\StormII\mediainfo.dll
c:\program files\StormII\medialib.dll
c:\program files\StormII\mee.db
c:\program files\StormII\meedb.dll
c:\program files\StormII\MovieInfo.dll
c:\program files\StormII\mps.dll
c:\program files\StormII\msscript.ocx
c:\program files\StormII\msvcp60.dll
c:\program files\StormII\rndrmgr.dll
c:\program files\StormII\Skin\惟瑞1冪萎.zip
c:\program files\StormII\Skin\惟瑞2冪萎.zip
c:\program files\StormII\Skin\獗韓迠樅.zip
c:\program files\StormII\spfa.dll
c:\program files\StormII\splayers.dll
c:\program files\StormII\stMgr.exe
c:\program files\StormII\storm.exe
c:\program files\StormII\StormDebug.exe
c:\program files\StormII\stormliv.exe
c:\program files\StormII\stormply.exe
c:\program files\StormII\StormRes.dll
c:\program files\StormII\subdecoder.dll
c:\program files\StormII\swDirScaner.dll
c:\program files\StormII\uninst.exe
c:\program files\StormII\unrar.dll
c:\program files\StormII\video.dll
c:\programdata\FlashGetBHO
c:\programdata\FlashGetBHO\FlvDetector.exe
c:\programdata\FlashGetBHO\FlvDetector.ini
c:\programdata\FlashGetBHO\LiveQuery.exe
c:\programdata\FlashGetBHO\LiveQuery.ini
c:\programdata\FlashGetBHO\LiveSupport.exe
c:\programdata\FlashGetBHO\zlib.dll
c:\users\Compaq\AppData\Roaming\BITS
c:\users\Compaq\AppData\Roaming\BITS\BITS.ini
c:\users\Compaq\AppData\Roaming\BITS\DHTTable.dat
c:\users\Compaq\AppData\Roaming\BITS\ProxyList.ini
c:\users\Compaq\AppData\Roaming\BITS\Torrent\20080126152528.torrent
c:\users\Compaq\AppData\Roaming\BITS\Torrent\20080126152528.torrent.bits
c:\users\Compaq\AppData\Roaming\BITS\Torrent\20080126152528.torrent.filelist
c:\users\Compaq\AppData\Roaming\BITS\Torrent\20080126152528.torrent.hybridlist
c:\users\Compaq\AppData\Roaming\BITS\Torrent\20080126152528.torrent.seeds
c:\windows\d4987922e6.dll
c:\windows\system32\2035c7b909.dll
c:\windows\system32\2039db2ce5.dll
c:\windows\system32\90e9ca1905.dll
c:\windows\system32\admshare.dat
c:\windows\system32\x64

TOP

歡樂屋仔

二星fun會員

Rank: 3 Rank: 3

9^# 大中小發表於 2009-2-24 19:35 只看該作者

.
(((((((((((((((((((((((((  2009-01-24 至 2009-02-24 的新的檔案  )))))))))))))))))))))))))))))))
.

2009-02-24 18:19 . 2009-02-24 18:19       105       --a------       c:\windows\System32\2039db2ce5.dll
2009-02-21 22:10 . 2009-02-21 21:50       15,688       --a------       c:\windows\System32\lsdelete.exe
2009-02-21 21:50 . 2009-02-21 21:50       <DIR>       d----c---       c:\windows\System32\DRVSTORE
2009-02-21 21:50 . 2009-02-21 21:49       64,160       --a------       c:\windows\System32\drivers\Lbd.sys
2009-02-21 21:44 . 2009-02-21 21:44       <DIR>       d--h-c---       c:\programdata\{83C91755-2546-441D-AC40-9A6B4B860800}
2009-02-21 21:43 . 2009-02-21 21:50       <DIR>       d--------       c:\programdata\Lavasoft
2009-02-21 21:43 . 2009-02-21 21:43       <DIR>       d--------       c:\program files\Lavasoft
2009-02-21 15:20 . 2009-02-21 15:20       <DIR>       d--h-----       C:\瓷馮路燭
2009-02-21 15:20 . 2007-09-05 10:23       8,192       --a------       c:\windows\System32\drivers\PnpWmkDrv.sys
2009-02-20 17:08 . 2009-02-20 17:08       <DIR>       d--hs----       c:\windows\System32\usmt
2009-02-20 17:08 . 2009-02-20 17:08       <DIR>       d--hs----       c:\windows\System32\Jusou
2009-02-20 17:08 . 2009-02-20 17:08       469,504       --a------       c:\windows\System32\wdiylymt.exe
2009-02-18 18:00 . 2009-02-21 15:26       <DIR>       d--------       c:\program files\V2009
2009-02-18 18:00 . 2007-02-07 14:52       77,824       --a------       c:\windows\System32\WipeShell.dll
2009-02-18 18:00 . 2006-08-04 13:00       69,632       --a------       c:\windows\System32\WmShell.dll
2009-02-18 18:00 . 1999-05-26 16:03       1,428       --a------       c:\windows\System32\CopyPathExt.tlb
2009-02-14 16:28 . 2009-02-20 16:35       <DIR>       d--------       c:\program files\Gamania
2009-02-14 14:46 . 2009-02-14 14:46       <DIR>       d--------       C:\Documents and Settings
2009-02-14 13:22 . 2009-02-14 13:30       <DIR>       d--------       c:\users\Compaq\AppData\Roaming\Tencent
2009-02-14 13:22 . 2009-02-14 14:55       <DIR>       d--------       c:\program files\Tencent
2009-02-14 13:22 . 2009-02-14 13:22       <DIR>       d--------       c:\program files\Common Files\Tencent
2009-02-13 16:09 . 2009-02-13 16:09       <DIR>       d--------       c:\program files\Trend Micro
2009-02-12 15:45 . 2009-02-12 15:45       <DIR>       d--------       c:\program files\noyes.cn
2009-02-05 09:52 . 2009-02-05 09:52       107,272       --a------       c:\windows\System32\drivers\avgtdix.sys
2009-01-30 20:09 . 2009-01-30 20:09       <DIR>       d--------       c:\programdata\NexonTW
2009-01-30 19:57 . 2009-01-30 19:57       <DIR>       d--------       c:\program files\Common Files\INCA Shared
2009-01-30 19:57 . 2003-07-19 05:17       5,174       --a------       c:\windows\System32\nppt9x.vxd
2009-01-30 19:57 . 2005-01-02 20:43       4,682       --a------       c:\windows\System32\npptNT2.sys
2009-01-24 16:47 . 2009-01-24 16:47       <DIR>       d--------       C:\ezMusic
2009-01-24 16:32 . 2009-01-24 16:32       <DIR>       d--------       C:\My Music

.
(((((((((((((((((((((((((((((((((((((((( 在三個月內被修改的檔案 ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-02-24 10:18       ---------       d---a-w       c:\programdata\TEMP
2009-02-24 08:28       ---------       d-----w       c:\programdata\Google Updater
2009-02-23 09:36       ---------       d-----w       c:\program files\Google
2009-02-17 05:55       ---------       d-----w       c:\users\Compaq\AppData\Roaming\BitTorrent
2009-02-13 08:08       ---------       d-----w       c:\users\Compaq\AppData\Roaming\DNA
2009-02-13 07:00       ---------       d-----w       c:\program files\Norton Security Scan
2009-02-10 12:00       ---------       d-----w       c:\program files\Yahoo!
2009-02-05 01:52       325,128       ----a-w       c:\windows\system32\drivers\avgldx86.sys
2009-02-05 01:52       ---------       d-----w       c:\programdata\avg8
2009-01-29 13:19       ---------       d-----w       c:\program files\HP
2009-01-24 08:35       ---------       d-----w       c:\program files\Beedo
2009-01-23 08:04       ---------       d-----w       c:\program files\Thunder Network
2009-01-21 12:39       ---------       d-----w       c:\program files\Spyware Doctor
2009-01-21 09:37       ---------       d-----w       c:\program files\Foxy
2009-01-16 07:48       ---------       d-----w       c:\program files\DAEMON Tools Lite
2009-01-16 04:12       ---------       d-----w       c:\program files\DAEMON Tools Toolbar
2009-01-09 07:03       ---------       d-----w       c:\program files\Common Files\Symantec Shared
2009-01-06 23:54       ---------       d-----w       c:\programdata\EmailNotifier
2008-12-30 11:06       ---------       d-----w       c:\programdata\Storm
2008-10-23 13:00       174       --sha-w       c:\program files\desktop.ini
2008-09-04 10:07       90,175       ----a-w       c:\program files\mozilla firefox\components\flashgetXpi.dll
2008-04-03 05:35       16,384       --sha-w       c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
2008-04-03 05:35       32,768       --sha-w       c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
2008-04-03 05:35       16,384       --sha-w       c:\windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
.

((((((((((((((((((((((((((((((((((((( 重要登入點 ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*注意* 空白與合法缺省登錄將不會被顯示
REGEDIT4

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{1346E383-8368-4543-AB94-FE54BEB0180C}"= "c:\windows\System32\Jusou\jyqfauju.dll" [2009-02-20 749056]

[HKEY_CLASSES_ROOT\clsid\{1346e383-8368-4543-ab94-fe54beb0180c}]
[HKEY_CLASSES_ROOT\jyqfauju.IEBarProcess]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ISTray"="c:\program files\Spyware Doctor\pctsTray.exe" [2008-11-04 1168264]
"Ad-Watch"="c:\program files\Lavasoft\Ad-Aware\AAWTray.exe" [2009-02-21 509784]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]
@="Service"

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"UacDisableNotify"=dword:00000001
"InternetSettingsDisableNotify"=dword:00000001
"AutoUpdateDisableNotify"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

TOP

歡樂屋仔

二星fun會員

Rank: 3 Rank: 3

10^# 大中小發表於 2009-2-24 20:01 只看該作者

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]
@="Service"

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"UacDisableNotify"=dword:00000001
"InternetSettingsDisableNotify"=dword:00000001
"AutoUpdateDisableNotify"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]
"{B9C207D9-9784-42EE-AC6D-53993379D9F7}"= c:\program files\HP\QuickPlay\QP.exeuick Play
"{31FC38E6-B585-41F7-8C68-B35168F13785}"= c:\program files\HP\QuickPlay\QPService.exeuick Play Resident Program
"{C2D53F5F-3666-4D41-9973-D3B63DED5F07}"= c:\program files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
"{2E2D5609-A447-4AAA-B530-1135B37164B0}"= UDP:c:\downloads\ppfilm\jfCacheMgr.exe:jfCacheMgr(http://www.ppfilm.cn)
"{4CFAF79A-C347-46C0-8578-869151317AAB}"= TCP:c:\downloads\ppfilm\jfCacheMgr.exe:jfCacheMgr(http://www.ppfilm.cn)
"{C1F0BF9F-6D54-42B7-9378-97707B2BD175}"= UDP:c:\downloads\ppfilm\KmLiveUpdate.exe:KmLiveUpdate(http://www.ppfilm.cn)
"{855773BB-18FB-43E8-8996-9CB913628FDA}"= TCP:c:\downloads\ppfilm\KmLiveUpdate.exe:KmLiveUpdate(http://www.ppfilm.cn)
"{297CA304-15F7-4519-BDDE-244803D4329B}"= UDP:c:\downloads\ppfilm\PPFilmPlayer.exePFilmPlayer
"{12D9E2F4-36D4-41E5-BA7C-EE413ABF6CF6}"= TCP:c:\downloads\ppfilm\PPFilmPlayer.exePFilmPlayer
"{15638550-0F47-45FE-B27D-53ED6BBBDDC2}"= UDP:c:\program files\DNA\btdna.exeNA
"{A3370442-191D-4CC3-A580-81050850BCE0}"= TCP:c:\program files\DNA\btdna.exeNA
"{201A3090-AB66-4302-A427-94B9A080FA43}"= UDP:c:\program files\BitTorrent\bittorrent.exe:BitTorrent
"{352D1668-2419-4035-81C5-F2FA1BA858F0}"= TCP:c:\program files\BitTorrent\bittorrent.exe:BitTorrent
"{ADCD796D-FB94-4E6A-83B4-628C41C9E664}"= UDP:c:\users\Compaq\Desktop\BitTorrent\bittorrent.exe:BitTorrent
"{4763C345-1BBF-4F8B-85A9-2624D154CE14}"= TCP:c:\users\Compaq\Desktop\BitTorrent\bittorrent.exe:BitTorrent
"{7999AC5B-F143-4C63-A812-D38BA225FF68}"= UDP:c:\foxy\Foxy.exe:Foxy
"{36F361CF-6229-4C0B-A508-31C5246A3311}"= TCP:c:\foxy\Foxy.exe:Foxy
"{D3D9341E-80E5-47E3-9EC9-A31FB5A895E7}"= UDP:c:\users\Compaq\Desktop\PPLiveVA\PPLiveVA.exePLiveVA
"{50A7630A-CCB5-4125-8552-6E4FA3F47FBE}"= TCP:c:\users\Compaq\Desktop\PPLiveVA\PPLiveVA.exePLiveVA
"{B5A2F2A5-5B87-4300-9D8C-009CCA1B9EF7}"= Disabled:UDP:c:\program files\Thunder Network\WebThunder\WebThunder.exe:WebThunder
"{01DE6DF2-B06B-472D-A76D-8416B375E175}"= Disabled:TCP:c:\program files\Thunder Network\WebThunder\WebThunder.exe:WebThunder
"{DE86D69F-1203-43D7-A044-79FBAADDBCCA}"= c:\program files\AVG\AVG8\avgemc.exe:avgemc.exe
"{82ACEFD5-2C64-45E7-9110-9CC8C31B5A1F}"= c:\program files\AVG\AVG8\avgupd.exe:avgupd.exe
"{2B42B7FA-9600-45A9-B4BE-02CACBE28210}"= UDP:c:\program files\StormII\Storm.exe:惟瑞荌秞
"{85DE9BF4-FC12-459D-8A66-83C1A3826AE4}"= TCP:c:\program files\StormII\Storm.exe:惟瑞荌秞
"{302E98AA-F3F3-4A66-9950-2824B4824EA7}"= UDP:c:\program files\StormII\stormliv.exe:惟瑞荌秞羸极諷秶笢陑
"{F53861AF-702E-4497-915F-7DD4B3AC4F5E}"= TCP:c:\program files\StormII\stormliv.exe:惟瑞荌秞羸极諷秶笢陑
"TCP Query User{4B712082-FA45-4948-BB70-DE495B866545}c:\\program files\\videolan\\vlc\\vlc.exe"= UDP:c:\program files\videolan\vlc\vlc.exe:VLC media player
"UDP Query User{8F30F9A4-6F26-4AD5-B197-14353A8692BE}c:\\program files\\videolan\\vlc\\vlc.exe"= TCP:c:\program files\videolan\vlc\vlc.exe:VLC media player
"TCP Query User{868E728A-913C-43C9-ADBA-96207BE9DCE4}c:\\users\\compaq\\desktop\\uu.exe"= UDP:c:\users\compaq\desktop\uu.exe:uu.exe
"UDP Query User{2FB6BE65-B984-4C0D-AF20-3BB1BFEAA5D9}c:\\users\\compaq\\desktop\\uu.exe"= TCP:c:\users\compaq\desktop\uu.exe:uu.exe
"{A2D09877-13B0-49DB-BE67-88483F1540F6}"= UDP:c:\program files\Gamania\Counter-Strike Online\Bin\NMService.exe:Nexon Messenger Core
"{735E838A-C8AE-4D31-B32F-083ABE179C44}"= TCP:c:\program files\Gamania\Counter-Strike Online\Bin\NMService.exe:Nexon Messenger Core

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\PublicProfile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\StandardProfile\AuthorizedApplications\List]
"c:\\Users\\Compaq\\Desktop\\FlashGet\\FlashGet.exe"= c:\users\Compaq\Desktop\FlashGet\FlashGet.exe:*:Enabled:Flashget2
"c:\\Users\\Compaq\\Desktop\\FlashGet\\LiveUpdate.exe"= c:\users\Compaq\Desktop\FlashGet\LiveUpdate.exe:*:Enabled:FGLiveUpdate
"c:\\Users\\Compaq\\Desktop\\FlashGet\\LiveUpdateEx.exe"= c:\users\Compaq\Desktop\FlashGet\LiveUpdateEx.exe:*:Enabled:FGLiveUpdateEx
"c:\\Program Files\\BitTorrent\\bittorrent.exe"= c:\program files\BitTorrent\bittorrent.exe:*:Enabled:BitTorrent
"c:\\Users\\Compaq\\Desktop\\BitTorrent\\bittorrent.exe"= c:\users\Compaq\Desktop\BitTorrent\bittorrent.exe:*:Enabled:BitTorrent
"c:\\FlashGet Network\\Flashget\\LiveSupport.exe"= c:\flashget network\Flashget\LiveSupport.exe:*:Enabled:FGLiveSupport
"c:\\FlashGet Network\\Flashget\\LiveQuery.exe"= c:\flashget network\Flashget\LiveQuery.exe:*:Enabled:FGLiveQuery
"c:\\ProgramData\\FlashGetBHO\\FlvDetector.exe"= c:\programdata\FlashGetBHO\FlvDetector.exe:*:Enabled:FGFlvDetector
"c:\\ProgramData\\FlashGetBHO\\LiveSupport.exe"= c:\programdata\FlashGetBHO\LiveSupport.exe:*:Enabled:FGLiveSupport
"c:\\ProgramData\\FlashGetBHO\\LiveQuery.exe"= c:\programdata\FlashGetBHO\LiveQuery.exe:*:Enabled:FGLiveQuery
"c:\\FlashGet Network\\Flashget\\FlashGet.exe"= c:\flashget network\Flashget\FlashGet.exe:*:Enabled:Flashget2
"c:\\Windows\\system32\\wdiylymt.exe"= c:\windows\system32\wdiylymt.exe:*:Enabled:wdiylymt
"c:\\Windows\\system32\\JuSou\\jyqfauju.dll"= c:\windows\system32\JuSou\jyqfauju.dll:*:Enabled:jyqfauju
"c:\\Windows\\system32\\usmt\\jferqsvc.dll"= c:\windows\system32\usmt\jferqsvc.dll:*:Enabled:jferqsvc
"c:\\Windows\\system32\\usmt\\ysecqin.dll"= c:\windows\system32\usmt\ysecqin.dll:*:Enabled:ysecqin

R0 bcfwdh;bcfwdh;c:\windows\System32\drivers\eybl.sys [2008-09-21 31168]
R0 Lbd;Lbd;c:\windows\System32\drivers\Lbd.sys [2009-02-21 64160]
R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\System32\drivers\avgldx86.sys [2008-11-11 325128]
R1 AvgTdiX;AVG8 Network Redirector;c:\windows\System32\drivers\avgtdix.sys [2009-02-05 107272]
R1 PnpWmkDrvnpWmkDrv;c:\windows\System32\drivers\PnpWmkDrv.sys [2009-02-21 8192]
R2 avg8emc;AVG Free8 E-mail Scanner;c:\progra~1\AVG\AVG8\avgemc.exe [2008-11-11 903960]
R2 avg8wd;AVG Free8 WatchDog;c:\progra~1\AVG\AVG8\avgwdsvc.exe [2008-11-11 298264]
R2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\Lavasoft\Ad-Aware\AAWService.exe [2009-01-19 950096]
R2 Rasmgrsvc;基于 Microsoft 的 Windows 程序和?件??的事件消息;c:\windows\System32\wdiylymt.exe [2009-02-20 469504]
R2 sdAuxServiceC Tools Auxiliary Service;c:\program files\Spyware Doctor\pctsAuxs.exe [2008-06-10 356920]
S2 ccosm;Contrl Center of Storm Media;c:\program files\StormII\stormliv.exe /asservice --> c:\program files\StormII\stormliv.exe [?]
S2 gupdate1c99599c423a14d;Google 更新服務 (gupdate1c99599c423a14d);c:\program files\Google\Update\GoogleUpdate.exe [2009-02-23 133104]
S2 upausvce;Uplive Automatic;c:\windows\system32\svchost.exe -k auscer [2008-09-21 21504]
S3 GoogleDesktopManager-022208-143751;「Google 桌面」管理員 5.7.802.22438;c:\program files\Google\Google Desktop Search\GoogleDesktop.exe [2008-06-10 29744]
S4 自動 LiveUpdate 排程器;自動 LiveUpdate 排程器;c:\program files\Symantec\LiveUpdate

TOP

歡樂屋仔

二星fun會員

Rank: 3 Rank: 3

11^# 大中小發表於 2009-2-24 20:04 只看該作者

--- Other Services/Drivers In Memory ---

*Deregistered* - mchInjDrv
*Deregistered* - sptd

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceNoNetwork       REG_MULTI_SZ          PLA DPS BFE mpssvc

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{0814747e-4ffb-11dd-bbe6-001b388d78a7}]
\shell\AutoRun\command - F:\Install.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{8c490e47-d91e-11dc-82ea-001b388d78a7}]
\shell\Auto\command - auto.exe
\shell\AutoRun\command - c:\windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL auto.exe

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
"c:\program files\Common Files\LightScribe\LSRunOnce.exe"
.
‘計劃任務’ 文件夾裡的內容

2009-02-21 c:\windows\Tasks\Ad-Aware Update (Weekly).job
- c:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2009-02-21 21:49]

2009-02-24 c:\windows\Tasks\GoogleUpdateTaskMachine.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-02-23 17:32]

2009-02-13 c:\windows\Tasks\Norton Security Scan.job
- c:\program files\Norton Security Scan\Nss.exe [2007-09-18 23:42]
.
- - - - ORPHANS REMOVED - - - -

WebBrowser-{C3CD744D-2FAE-4640-8297-16B5DA423104} - c:\program files\Little Fighter 2 Toolbar\v3.3.0.1\Little_Fighter_2_Toolbar.dll

.
------- 而外的掃描 -------
.
uStart Page = www.6700.cn?tn=1027269
mStart Page = about:blank
mWindow Title = Internet Explorer
FF - ProfilePath - c:\users\Compaq\AppData\Roaming\Mozilla\Firefox\Profiles\lz032y7u.default\
FF - prefs.js: browser.search.defaulturl - hxxp://www.google.com/search?lr=&ie=UTF-8&oe=UTF-8&q=
FF - prefs.js: browser.search.selectedEngine - OneRiot Search
FF - prefs.js: browser.startup.homepage - hxxp://www.yahoo.com.hk/
FF - prefs.js: keyword.URL - hxxp://hk.search.yahoo.com/search?ei=utf-8&fr=megaup&p=
FF - component: c:\program files\AVG\AVG8\Firefox\components\avgssff.dll
FF - component: c:\program files\AVG\AVG8\ToolbarFF\components\vmAVGConnector.dll
FF - component: c:\program files\Mozilla Firefox\components\flashgetXpi.dll
FF - component: c:\program files\Mozilla Firefox\extensions\{5EB37AE4-DA0A-41ab-8037-BDEDDCC70669}\components\flashgetXpi.dll
FF - component: c:\program files\Real\RealPlayer\browserrecord\components\nprpbrowserrecordplugin.dll
FF - component: c:\users\Compaq\AppData\Roaming\Mozilla\Firefox\Profiles\lz032y7u.default\extensions\{463F6CA5-EE3C-4be1-B7E6-7FEE11953374}\platform\WINNT\components\FoxyTunes.dll
FF - component: c:\users\Compaq\AppData\Roaming\Mozilla\Firefox\Profiles\lz032y7u.default\extensions\{62760FD6-B943-48C9-AB09-F99C6FE96088}\platform\WINNT\components\EbayAccessService.dll
FF - component: c:\users\Compaq\AppData\Roaming\Mozilla\Firefox\Profiles\lz032y7u.default\extensions\{62760FD6-B943-48C9-AB09-F99C6FE96088}\platform\WINNT\components\EbayFormSubmitObserver.dll
FF - component: c:\users\Compaq\AppData\Roaming\Mozilla\Firefox\Profiles\lz032y7u.default\extensions\firefox@kidzui.com\platform\WINNT_x86-msvc\components\WinKiosk.dll
FF - plugin: c:\program files\Google\Google Updater\2.4.1368.5602\npCIDetect13.dll
FF - plugin: c:\program files\Google\Update\1.2.141.5\npGoogleOneClick7.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npbittorrent.dll
FF - plugin: c:\program files\Picasa2\npPicasa2.dll
FF - plugin: c:\users\Compaq\Program Files\DNA\plugins\npbtdna.dll

---- 火狐配置文件 ----
FF - user.js: yahoo.homepage.dontask - true
FF - user.js: network.protocol-handler.external.foxy - true
FF - user.js: network.protocol-handler.warn-external.foxy - false
FF - user.js: network.protocol-handler.expose.foxy - true
FF - user.js: general.useragent.extra.foxy1 - Foxy/1
c:\program files\Mozilla Firefox\defaults\profile\foxy.js - user_pref("network.protocol-handler.external.foxy", true);
c:\program files\Mozilla Firefox\defaults\profile\foxy.js - user_pref("network.protocol-handler.warn-external.foxy", false);
c:\program files\Mozilla Firefox\defaults\profile\foxy.js - user_pref("network.protocol-handler.expose.foxy", true);
c:\program files\Mozilla Firefox\defaults\profile\foxy.js - user_pref("general.useragent.extra.foxy1", "Foxy/1");
.
.
------- 文件類型 -------
.
txtfile=c:\windows\notepad.exe %1
.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-02-24 18:18:59
Windows 6.0.6001 Service Pack 1 NTFS

detected NTDLL code modification:
ZwClose

掃描被隱藏的進程。。。

掃描被隱藏的啟動組。。。

掃描被隱藏的文件。。。

掃描完成
被隱藏的檔案: 0

**************************************************************************
.
--------------------- 運行進程下的動態鏈接庫 ---------------------

- - - - - - - > 'Explorer.exe'(7336)
c:\windows\system32\ZhRhA.dll
.
------------------------ 其他運行進程 ------------------------
.
c:\windows\System32\audiodg.exe
c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe
c:\program files\Common Files\LightScribe\LSSrvc.exe
c:\program files\Spyware Doctor\pctsSvc.exe
c:\progra~1\AVG\AVG8\avgrsx.exe
c:\progra~1\AVG\AVG8\avgnsx.exe
c:\program files\AVG\AVG8\avgcsrvx.exe
c:\windows\System32\wbem\unsecapp.exe
c:\windows\System32\conime.exe
c:\windows\System32\rundll32.exe
c:\windows\servicing\TrustedInstaller.exe
c:\windows\System32\dllhost.exe
.
**************************************************************************
.
完成時間: 2009-02-24 18:28:04 - 電腦已重新啟動
ComboFix-quarantined-files.txt  2009-02-24 10:26:17

Pre-Run: 31,071,547,392 位元組可用
Post-Run: 34,049,052,672 位元組可用

640       --- E O F ---       2008-10-23 13:44:29

TOP

yumi大人

二星fun會員

Rank: 3 Rank: 3

12^# 大中小發表於 2009-2-24 23:54 只看該作者

Step: CFScript

* 開啟記事本,貼上以下內容

KILLALL::

File::
c:\windows\System32\2039db2ce5.dll

Driver::
ccosm

Registry::
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]
"{2B42B7FA-9600-45A9-B4BE-02CACBE28210}"=-
"{85DE9BF4-FC12-459D-8A66-83C1A3826AE4}"=-
"{302E98AA-F3F3-4A66-9950-2824B4824EA7}"= -
"{F53861AF-702E-4497-915F-7DD4B3AC4F5E}"= -
"TCP Query User{868E728A-913C-43C9-ADBA-96207BE9DCE4}c:\\users\\compaq\\desktop\\uu.exe"= -
"UDP Query User{2FB6BE65-B984-4C0D-AF20-3BB1BFEAA5D9}c:\\users\\compaq\\desktop\\uu.exe"=-
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\StandardProfile\AuthorizedApplications\List]
"c:\\ProgramData\\FlashGetBHO\\FlvDetector.exe"=-
"c:\\ProgramData\\FlashGetBHO\\LiveSupport.exe"=-
"c:\\ProgramData\\FlashGetBHO\\LiveQuery.exe"=-

儲存--->存檔類型--->所有檔案-->檔名輸入為 CFScript.txt
把CFScript.txt 拉到 ComboxFix.exe

* ComboxFix 將會被執行
* 執行完會有報告於C:\ComboFix.txt.

Step: Report Back

* 貼上以下報告
* 如果報告太長,可以上傳到這裡http://www.box.net

* ComboFix 掃描報告 {C:\ComboFix.txt}

Jotti's malware scan
http://virusscan.jotti.org/

複製貼上以下檔案路徑到"File to upload & scan"
按submit

貼上報告內容.

c:\program files\desktop.ini
c:\users\compaq\desktop\uu.exe
c:\windows\system32\wdiylymt.exe
c:\windows\System32\drivers\eybl.sys

TOP

歡樂屋仔

二星fun會員

Rank: 3 Rank: 3

13^# 大中小發表於 2009-2-25 01:09 只看該作者

plz幫幫手

TOP