‹‹ 上一主題 | 下一主題 ››
發新話題
打印

今日開機冇啦啦有好多問題( 附hijackthis)

好難健康

二星fun會員

Rank: 3Rank: 3
1# 發表於 2009-4-26 23:56  只看該作者

今日開機冇啦啦有好多問題( 附hijackthis)

頭先一開機 , d 防毒全開唔到 , 彈網頁 , 同主頁比改 .. SOS ...

(#1 , #2 係我一開始果時的hijackthis )  ( #3,#4 係我經過網上掃毒之後,最新update )

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 下午 07:03:32, on 2009/4/22
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Windows Live\Family Safety\fsssvc.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\CyberLink\Shared Files\RichVideo.exe
C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\UAService7.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\userinit.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\a1.exe
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\gdi.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\DAEMON Tools\daemon.exe
C:\WINDOWS\system32\conime.exe
C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe

O2 - BHO: Thunder AtOnce - {01443AEC-0FD1-40fd-9C87-E93D1494C233} - C:\Program Files\Thunder Network\Thunder\ComDlls\TDAtOnce_Now.dll (file missing)
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: AdPopup - {11F09AFD-75AD-4E51-AB43-E09E9351CE16} - C:\Program Files\Common Files\PushWare\cpush.dll
O2 - BHO: Info cache - {296AB8C6-FB22-4D17-8834-064E2BA0A6F0} - C:\WINDOWS\Intel\baiduc.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: BitComet ClickCapture - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - C:\Program Files\BitComet\tools\BitCometBHO_1.1.8.10.dll
O2 - BHO: Megaupload Toolbar - {4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C} - C:\PROGRA~1\MEGAUP~1\MEGAUP~1.DLL (file missing)
O2 - BHO: Windows Live Family Safety Browser Helper - {4f3ed5cd-0726-42a9-87f5-d13f3d2976ac} - C:\Program Files\Windows Live\Family Safety\fssbho.dll
O2 - BHO: Click-to-Call BHO - {5C255C8A-E604-49b4-9D64-90988571CECB} - C:\Program Files\Windows Live\Messenger\wlchtc.dll
O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SearchHelper.dll
O2 - BHO: (no name) - {70DF1AE4-AF9E-4457-8A6A-D2D49691FF4B} - C:\Program Files\Internet Explorer\DoboMako.lsp
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: Windows Live 登入小幫手 - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: SafeMon Class - {B69F34DD-F0F9-42DC-9EDD-957187DA688D} - C:\Program Files\360safe\safemon\safemon.dll
O2 - BHO: Windows Live Toolbar Helper - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
O3 - Toolbar: Megaupload Toolbar - {4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C} - C:\PROGRA~1\MEGAUP~1\MEGAUP~1.DLL (file missing)
O3 - Toolbar: &Windows Live Toolbar - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe"  -osboot
O4 - HKLM\..\Run: [RsTray] C:\WINDOWS\system32\scvhost.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033
O4 - HKCU\..\Run: [Yahoo!Mini] "C:\Program Files\Yahoo!\Mini\YMiniUpdat2.exe" -c
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [Steam] "C:\Program Files\Steam\Steam.exe" -silent
O4 - HKCU\..\Run: [Camfrog] "D:\Program Files\新資料夾\Camfrog Video Chat 4.1\CamfrogNet.exe" 0 D:\Program Files\新資料夾\Camfrog Video Chat 4.1\Camfrog Video Chat.exe
O4 - HKLM\..\Policies\Explorer\Run: [qq2983] C:\WINDOWS\system32\a1.exe
O4 - HKLM\..\Policies\Explorer\Run: [mysys] C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\gdi.exe
O4 - HKUS\S-1-5-18\..\Run: [ctfmon.exe] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [ctfmon.exe] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O8 - Extra context menu item: &使用BitComet下載本頁視訊 - res://C:\Program Files\BitComet\BitComet.exe/AddVideo.htm
O8 - Extra context menu item: Foxy 下載 - res://C:\Program Files\Foxy\Foxy.exe/download.htm
O8 - Extra context menu item: Foxy 搜尋 - res://C:\Program Files\Foxy\Foxy.exe/search.htm
O8 - Extra context menu item: 使用BitComet下載全部連結 - res://C:\Program Files\BitComet\BitComet.exe/AddAllLink.htm
O8 - Extra context menu item: 使用BitComet下載連結(&B) - res://C:\Program Files\BitComet\BitComet.exe/AddLink.htm
O8 - Extra context menu item: 匯出至 Microsoft Excel(&X) - res://C:\PROGRA~1\MI1933~1\Office12\EXCEL.EXE/3000
O9 - Extra button: 轎煤儕粗弝閉霜釧婓盄夤艘 - {022C4009-5283-4365-97BF-144054B40E2E} - http://itv.mop.com (file missing)
O9 - Extra 'Tools' menuitem: 畦啪萇弝 - {022C4009-5283-4365-97BF-144054B40E2E} - http://itv.mop.com (file missing)
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java 主控台 - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: (no name) - {09BA8F6D-CB54-424B-839C-C2A6C8E6B436} - (no file)
O9 - Extra button: 發佈至部落格 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: 使用 Windows Live Writer 發佈至部落格(&B) - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: BitComet Search - {461CC20B-FB6E-4f16-8FE8-C29359DB100E} - C:\Program Files\BitComet\tools\BitCometBHO_1.1.8.10.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MI1933~1\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

TOP

好難健康

二星fun會員

Rank: 3Rank: 3
2# 發表於 2009-4-27 00:25  只看該作者
O15 - ESC Trusted Zone: http://*.update.microsoft.com
O16 - DPF: {05BCE06B-A300-4C4E-A42F-4C04BCCDE63B} (TRLuncherROC Control) - http://weblogin.talesrunner.com.hk/TRLuncherROC.cab
O16 - DPF: {070CA17A-4BD2-4612-83B4-32B1B9159B47} (ULiveCtrl Control) - http://uc.sina.com.cn/download/live/weblive2.4.0.0.cab
O16 - DPF: {0B79F48A-E8D6-11DB-9283-E25056D89593} (F-Secure Online Scanner 3.1) - http://support.f-secure.com/ols/fscax.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {18226BF8-DC0B-4D81-80E9-A41AE37BB73A} (EWA Control) - http://www.pplive.com/zh-cn/other/live/install.cab
O16 - DPF: {2250C29C-C5E9-4F55-BE4E-01E45A40FCF1} (CMediaMix Object) - http://musicmix.messenger.msn.com/Medialogic.CAB
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/ssc ... /vc/bin/AvSniff.cab
O16 - DPF: {3EA4FA88-E0BE-419A-A732-9B79B87A6ED0} (CTVUAxCtrl Object) - http://dl.tvunetworks.com/TVUAx.cab
O16 - DPF: {4C833081-D026-4FF8-968F-7EAB660D2FBA} (TVAnts ActiveX Control) - http://download.tvants.com/pub/t ... in32/cab/tvants.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx2.hotmail.com/mail/w3/resources/MSNPUpld.cab
O16 - DPF: {56762DEC-6B0D-4AB4-A8AD-989993B5D08B} - http://www.eset.eu/buxus/docs/programs/OnlineScanner.cab
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/ZH-HK/a-UNO1/GAME_UNO1.cab
O16 - DPF: {5EC7C511-CD0F-42E6-830C-1BD9882F3458} (PowerPlayer Control) - http://download.ppstream.com/bin/powerplayer.cab
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/ssc ... ommon/bin/cabsa.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/ ... e.cab?1230050214531
O16 - DPF: {7B297BFD-85E4-4092-B2AF-16A91B2EA103} (WScanCtl Class) - http://www.ca.com/us/securityadvisor/virusinfo/webscan.cab
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Runtime Environment 1.6.0) - http://dl8-cdn-01.sun.com/s/ESD4 ... windows-i586-jc.cab
O16 - DPF: {8DE6AB9C-8C62-486B-8C06-5C9AD6FD06F1} (DataStore Class) - http://txn02.hkjc.com/BetSlip/object/eWinCtl.cab
O16 - DPF: {A22B8FD2-4CAA-4EFB-82F7-680CD656D9B0} (NowStarter Control) - http://www.gogobox.com.tw/neo.fld/GNowStarter.cab
O16 - DPF: {B596344E-F60F-42C2-8640-5954EEDBD428} (RegExe Control) - http://shaiya.omg.com.tw/Activex/macrowell.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://messenger.zone.msn.com/binary/ZIntro.cab56649.cab
O16 - DPF: {BD4C7EDB-A392-11D9-8BFB-0040953018D7} (PhaseCaster Widget) - http://www.hkreporter.com/hkreporter.cab
O16 - DPF: {BDBDE413-7B1C-4C68-A8FF-C5B2B4090876} (F-Secure Online Scanner 3.3) - http://support.f-secure.com/ols/fscax.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/bi ... Client.cab56907.cab
O16 - DPF: {D4ACE027-B115-4181-82CF-831C68235CAB} (PPSBase Control) - http://hot1.vdown.21cn.com/rmdow ... /eyejoy/ppsbase.cab
O16 - DPF: {E847C78C-C210-4195-8799-FBF3BF89797D} - [/url]
O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab56986.cab
O16 - DPF: {F8C5C0F1-D884-43EB-A5A0-9E1C4A102FA8} (GoPetsWeb Control) - https://secure.gopetslive.com/dev/GoPetsWeb.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{4BB06187-93B5-4BE6-A3C3-F0B76AA54181}: NameServer = 192.168.0.1
O20 - AppInit_DLLs: C:\WINDOWS\System32\12days.dll
O23 - Service: Eset HTTP Server (EhttpSrv) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe
O23 - Service: StarWind AE Service (StarWindServiceAE) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
O23 - Service: SecuROM User Access Service (V7) (UserAccess7) - Unknown owner - C:\WINDOWS\system32\UAService7.exe

--
End of file - 12085 bytes

TOP

好難健康

二星fun會員

Rank: 3Rank: 3
3# 發表於 2009-4-27 08:20  只看該作者
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 上午 02:33:52, on 2009/4/23
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\conime.exe
C:\Program Files\Trend Micro\BM\TMBMSRV.exe
C:\Program Files\Windows Live\Family Safety\fsssvc.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\CyberLink\Shared Files\RichVideo.exe
C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
C:\Program Files\Trend Micro\TrendSecure\SecurityActivityDashboard\tmarsvc.exe
C:\Program Files\Trend Micro\Internet Security\SfCtlCom.exe
C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Trend Micro\Internet Security\TmPfw.exe
C:\Program Files\Trend Micro\Internet Security\TmProxy.exe
C:\WINDOWS\system32\UAService7.exe
C:\Program Files\Trend Micro\TrendSecure\TISProToolbar\ProToolbarUpdate.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Windows Live\Contacts\wlcomm.exe
C:\Program Files\internet explorer\iexplore.exe
C:\Program Files\Windows Live\Toolbar\wltuser.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

O2 - BHO: Thunder AtOnce - {01443AEC-0FD1-40fd-9C87-E93D1494C233} - C:\Program Files\Thunder Network\Thunder\ComDlls\TDAtOnce_Now.dll (file missing)
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: AdPopup - {11F09AFD-75AD-4E51-AB43-E09E9351CE16} - C:\Program Files\Common Files\PushWare\cpush.dll (file missing)
O2 - BHO: Info cache - {296AB8C6-FB22-4D17-8834-064E2BA0A6F0} - C:\WINDOWS\Intel\baiduc.dll (file missing)
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: BitComet ClickCapture - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - C:\Program Files\BitComet\tools\BitCometBHO_1.1.8.10.dll
O2 - BHO: Trend Micro Toolbar BHO - {43C6D902-A1C5-45c9-91F6-FD9E90337E18} - C:\Program Files\Trend Micro\TrendSecure\TISProToolbar\TSToolbar.dll
O2 - BHO: Megaupload Toolbar - {4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C} - C:\PROGRA~1\MEGAUP~1\MEGAUP~1.DLL (file missing)
O2 - BHO: Windows Live Family Safety Browser Helper - {4f3ed5cd-0726-42a9-87f5-d13f3d2976ac} - C:\Program Files\Windows Live\Family Safety\fssbho.dll
O2 - BHO: Click-to-Call BHO - {5C255C8A-E604-49b4-9D64-90988571CECB} - C:\Program Files\Windows Live\Messenger\wlchtc.dll
O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SearchHelper.dll
O2 - BHO: (no name) - {70DF1AE4-AF9E-4457-8A6A-D2D49691FF4B} - C:\Program Files\Internet Explorer\DoboMako.lsp (file missing)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: Windows Live 登入小幫手 - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: SafeMon Class - {B69F34DD-F0F9-42DC-9EDD-957187DA688D} - C:\Program Files\360safe\safemon\safemon.dll
O2 - BHO: Windows Live Toolbar Helper - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
O3 - Toolbar: Megaupload Toolbar - {4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C} - C:\PROGRA~1\MEGAUP~1\MEGAUP~1.DLL (file missing)
O3 - Toolbar: &Windows Live Toolbar - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
O3 - Toolbar: 趨勢科技工具列 - {CCAC5586-44D7-4c43-B64A-F042461A97D2} - C:\Program Files\Trend Micro\TrendSecure\TISProToolbar\TSToolbar.dll
O4 - HKLM\..\Run: [UfSeAgnt.exe] "C:\Program Files\Trend Micro\Internet Security\UfSeAgnt.exe"
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033
O4 - HKCU\..\Run: [Yahoo!Mini] "C:\Program Files\Yahoo!\Mini\YMiniUpdat2.exe" -c
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [Steam] "C:\Program Files\Steam\Steam.exe" -silent
O4 - HKCU\..\Run: [Camfrog] "D:\Program Files\新資料夾\Camfrog Video Chat 4.1\CamfrogNet.exe" 0 D:\Program Files\新資料夾\Camfrog Video Chat 4.1\Camfrog Video Chat.exe
O4 - HKLM\..\Policies\Explorer\Run: [qq2983] C:\WINDOWS\system32\a1.exe
O4 - HKUS\S-1-5-18\..\Run: [ctfmon.exe] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [ctfmon.exe] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')

TOP

好難健康

二星fun會員

Rank: 3Rank: 3
4# 發表於 2009-4-27 08:23  只看該作者
O8 - Extra context menu item: &使用BitComet下載本頁視訊 - res://C:\Program Files\BitComet\BitComet.exe/AddVideo.htm
O8 - Extra context menu item: Foxy 下載 - res://C:\Program Files\Foxy\Foxy.exe/download.htm
O8 - Extra context menu item: Foxy 搜尋 - res://C:\Program Files\Foxy\Foxy.exe/search.htm
O8 - Extra context menu item: 使用BitComet下載全部連結 - res://C:\Program Files\BitComet\BitComet.exe/AddAllLink.htm
O8 - Extra context menu item: 使用BitComet下載連結(&B) - res://C:\Program Files\BitComet\BitComet.exe/AddLink.htm
O8 - Extra context menu item: 匯出至 Microsoft Excel(&X) - res://C:\PROGRA~1\MI1933~1\Office12\EXCEL.EXE/3000
O9 - Extra button: 轎煤儕粗弝閉霜釧婓盄夤艘 - {022C4009-5283-4365-97BF-144054B40E2E} - http://itv.mop.com (file missing)
O9 - Extra 'Tools' menuitem: 畦啪萇弝 - {022C4009-5283-4365-97BF-144054B40E2E} - http://itv.mop.com (file missing)
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java 主控台 - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: (no name) - {09BA8F6D-CB54-424B-839C-C2A6C8E6B436} - (no file)
O9 - Extra button: 發佈至部落格 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: 使用 Windows Live Writer 發佈至部落格(&B) - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: BitComet Search - {461CC20B-FB6E-4f16-8FE8-C29359DB100E} - C:\Program Files\BitComet\tools\BitCometBHO_1.1.8.10.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MI1933~1\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O15 - ESC Trusted Zone: http://*.update.microsoft.com
O16 - DPF: {05BCE06B-A300-4C4E-A42F-4C04BCCDE63B} (TRLuncherROC Control) - http://weblogin.talesrunner.com.hk/TRLuncherROC.cab
O16 - DPF: {070CA17A-4BD2-4612-83B4-32B1B9159B47} (ULiveCtrl Control) - http://uc.sina.com.cn/download/live/weblive2.4.0.0.cab
O16 - DPF: {0B79F48A-E8D6-11DB-9283-E25056D89593} (F-Secure Online Scanner 3.1) - http://support.f-secure.com/ols/fscax.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {18226BF8-DC0B-4D81-80E9-A41AE37BB73A} (EWA Control) - http://www.pplive.com/zh-cn/other/live/install.cab
O16 - DPF: {2250C29C-C5E9-4F55-BE4E-01E45A40FCF1} (CMediaMix Object) - http://musicmix.messenger.msn.com/Medialogic.CAB
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/ssc ... /vc/bin/AvSniff.cab
O16 - DPF: {3EA4FA88-E0BE-419A-A732-9B79B87A6ED0} (CTVUAxCtrl Object) - http://dl.tvunetworks.com/TVUAx.cab
O16 - DPF: {4C833081-D026-4FF8-968F-7EAB660D2FBA} (TVAnts ActiveX Control) - http://download.tvants.com/pub/t ... in32/cab/tvants.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx2.hotmail.com/mail/w3/resources/MSNPUpld.cab
O16 - DPF: {56762DEC-6B0D-4AB4-A8AD-989993B5D08B} - http://www.eset.eu/buxus/docs/programs/OnlineScanner.cab
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/ZH-HK/a-UNO1/GAME_UNO1.cab
O16 - DPF: {5EC7C511-CD0F-42E6-830C-1BD9882F3458} (PowerPlayer Control) - http://download.ppstream.com/bin/powerplayer.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/micr ... e.cab?1240420549078
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/ssc ... ommon/bin/cabsa.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/ ... e.cab?1230050214531
O16 - DPF: {7B297BFD-85E4-4092-B2AF-16A91B2EA103} (WScanCtl Class) - http://www.ca.com/us/securityadvisor/virusinfo/webscan.cab
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Runtime Environment 1.6.0) - http://dl8-cdn-01.sun.com/s/ESD4 ... windows-i586-jc.cab
O16 - DPF: {8DE6AB9C-8C62-486B-8C06-5C9AD6FD06F1} (DataStore Class) - http://txn02.hkjc.com/BetSlip/object/eWinCtl.cab
O16 - DPF: {A22B8FD2-4CAA-4EFB-82F7-680CD656D9B0} (NowStarter Control) - http://www.gogobox.com.tw/neo.fld/GNowStarter.cab
O16 - DPF: {B596344E-F60F-42C2-8640-5954EEDBD428} (RegExe Control) - http://shaiya.omg.com.tw/Activex/macrowell.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://messenger.zone.msn.com/binary/ZIntro.cab56649.cab
O16 - DPF: {BD4C7EDB-A392-11D9-8BFB-0040953018D7} (PhaseCaster Widget) - http://www.hkreporter.com/hkreporter.cab
O16 - DPF: {BDBDE413-7B1C-4C68-A8FF-C5B2B4090876} (F-Secure Online Scanner 3.3) - http://support.f-secure.com/ols/fscax.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/bi ... Client.cab56907.cab
O16 - DPF: {D4ACE027-B115-4181-82CF-831C68235CAB} (PPSBase Control) - http://hot1.vdown.21cn.com/rmdow ... /eyejoy/ppsbase.cab
O16 - DPF: {E847C78C-C210-4195-8799-FBF3BF89797D} - [/url]
O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab56986.cab
O16 - DPF: {F8C5C0F1-D884-43EB-A5A0-9E1C4A102FA8} (GoPetsWeb Control) - https://secure.gopetslive.com/dev/GoPetsWeb.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{4BB06187-93B5-4BE6-A3C3-F0B76AA54181}: NameServer = 192.168.0.1
O18 - Protocol: tmtb - {04EAF3FB-4BAC-4B5A-A37D-A1CF210A5A42} - C:\Program Files\Trend Micro\TrendSecure\TISProToolbar\TSToolbar.dll
O20 - AppInit_DLLs: C:\WINDOWS\System32\12days.dll
O23 - Service: Eset HTTP Server (EhttpSrv) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe
O23 - Service: Security Activity Dashboard Service - Trend Micro Inc. - C:\Program Files\Trend Micro\TrendSecure\SecurityActivityDashboard\tmarsvc.exe
O23 - Service: Trend Micro Central Control Component (SfCtlCom) - Trend Micro Inc. - C:\Program Files\Trend Micro\Internet Security\SfCtlCom.exe
O23 - Service: StarWind AE Service (StarWindServiceAE) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
O23 - Service: Trend Micro Unauthorized Change Prevention Service (TMBMServer) - Trend Micro Inc. - C:\Program Files\Trend Micro\BM\TMBMSRV.exe
O23 - Service: Trend Micro Personal Firewall (TmPfw) - Trend Micro Inc. - C:\Program Files\Trend Micro\Internet Security\TmPfw.exe
O23 - Service: Trend Micro Proxy Service (TmProxy) - Trend Micro Inc. - C:\Program Files\Trend Micro\Internet Security\TmProxy.exe
O23 - Service: SecuROM User Access Service (V7) (UserAccess7) - Unknown owner - C:\WINDOWS\system32\UAService7.exe

--
End of file - 13309 bytes                                                                                                                                                                                                                       

TOP

周日日

二星fun會員

Rank: 3Rank: 3
5# 發表於 2009-4-27 20:13  只看該作者
關閉「系統還原」的步驟

   1. 按一下 [開始],用滑鼠右鍵按一下 [我的電腦],然後按一下 [內容]。
   2. 在 [系統內容] 對話方塊中,按一下 [系統還原] 索引標籤。
   3. 按一下以選取 [關閉系統還原] 核取方塊。或者,按一下以選取 [關閉所有磁碟上的系統還原] 核取方塊。
   4. 按一下 [確定]。

下載ATF-Cleaner
http://www.atribune.org/
執行ATF-Cleaner.exe
勾選全部,按Empty Selected.

1.關閉Internet Explorer及已開啟的檔案資料夾視窗.
2.執行Hijackthis,
3.按Do a system scan only,稍等一下直至  "Scan" 變成 "Save log"
4.勾選以下項目(左方方格),按 "Fix checked",hijackthis會提示你重啟,如在此一步驟後,可重新啟動電腦。

O2 - BHO: AdPopup - {11F09AFD-75AD-4E51-AB43-E09E9351CE16} - C:\Program Files\Common Files\PushWare\cpush.dll (file missing)
O2 - BHO: Info cache - {296AB8C6-FB22-4D17-8834-064E2BA0A6F0} - C:\WINDOWS\Intel\baiduc.dll (file missing)
O2 - BHO: Megaupload Toolbar - {4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C} - C:\PROGRA~1\MEGAUP~1\MEGAUP~1.DLL (file missing)
O2 - BHO: (no name) - {70DF1AE4-AF9E-4457-8A6A-D2D49691FF4B} - C:\Program Files\Internet Explorer\DoboMako.lsp (file missing)
O3 - Toolbar: Megaupload Toolbar - {4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C} - C:\PROGRA~1\MEGAUP~1\MEGAUP~1.DLL (file missing)
O4 - HKLM\..\Policies\Explorer\Run: [qq2983] C:\WINDOWS\system32\a1.exe
O9 - Extra button: 轎煤儕粗弝ⅰ閉霜釧婓盄夤艘 - {022C4009-5283-4365-97BF-144054B40E2E} - http://itv.mop.com (file missing)
O9 - Extra 'Tools' menuitem: 畦啪萇弝 - {022C4009-5283-4365-97BF-144054B40E2E} - http://itv.mop.com (file missing)
O9 - Extra button: (no name) - {09BA8F6D-CB54-424B-839C-C2A6C8E6B436} - (no file)
O20 - AppInit_DLLs: C:\WINDOWS\System32\12days.dll
O23 - Service: SecuROM User Access Service (V7) (UserAccess7) - Unknown owner - C:\WINDOWS\system32\UAService7.exe

下載 ComboFix 至桌面

http://download.bleepingcomputer.com/sUBs/ComboFix.exe

    * 執行 ComboFix

      注意: 為防止保安軟件將 ComboFix 錯誤列為危險檔案. 執行 ComboFix 之前請將防毒軟件及反間諜軟件暫時關閉. 另外,ComboFix 運作其間請勿執行任何程式或用滑鼠點擊 ComboFix 視窗.

    * ComboFix 會彈出視窗,按是 (Y)
    * 假如需要安裝恢復控制台,按是 (Y) 進行安裝. 完成安裝後按是 (Y) 繼續.
    * 程式會進行掃描,其間桌面可能會暫時消失. 完成掃描後,程式會自動關閉.
    * 之後 ComboFix 記錄會彈出,記錄會自動儲存於 C:\ComboFix.txt
    * 重新啟動電腦.
    * 貼上 ComboFix 記錄.

如果報告太長,可以上傳到 這裡 http://www.box.net

TOP

周日日

二星fun會員

Rank: 3Rank: 3
6# 發表於 2009-4-27 20:27  只看該作者
去VirusTotal  

http://www.virustotal.com/

Check下以下檔案.

C:\WINDOWS\system32\scvhost.exe

貼上報告連結.

TOP

好難健康

二星fun會員

Rank: 3Rank: 3
7# 發表於 2009-4-27 23:46  只看該作者
按左fix cheaked都仲係到  
O23 - Service: SecuROM User Access Service (V7) (UserAccess7) - Unknown owner - C:\WINDOWS\system32\UAService7.exe

另外 , 呢個file唔見左 ..無法上傳
C:\WINDOWS\system32\scvhost.exe
( 係呢到copy條個檔名按上傳後 , 網上出現了 0 bytes size received / Se ha recibido un archivo vacio)



ComboFix 09-04-23.A0 - wa /04/23 星期四 18:59:27.5 - NTFSx86
Microsoft Windows XP Professional  5.1.2600.2.950.886.1028.18.2047.1608 [GMT 8:00]
執行位置: C:\Documents and Settings\wa\桌面\ComboFix.exe
AV: ESET NOD32 Antivirus 3.0 *On-access scanning enabled* (Updated)
AV: Trend Micro Internet Security Pro *On-access scanning disabled* (Updated)
FW: 趨勢科技主控式個人防火牆 *disabled*
.

(((((((((((((((((((((((((((((((((((((((   被刪除的檔案   )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
---- 早前運行的結果 -------
.
C:\DOCUME~1\wa\LOCALS~1\Temp\DNFupdate.exe
C:\Documents and Settings\All Users\Application Data\Microsoft\Dr Watson\YiqilaiLyrics_2001.exe
C:\Documents and Settings\wa\Local Settings\Temporary Internet Files\__fdkfjfjgjitijk
C:\Documents and Settings\wa\Local Settings\Temporary Internet Files\_inifid
C:\Documents and Settings\wa\Local Settings\Temporary Internet Files\_inifiletime3
C:\Documents and Settings\wa\Local Settings\Temporary Internet Files\_inimac
C:\Documents and Settings\wa\Local Settings\Temporary Internet Files\_KC
C:\Documents and Settings\wa\Local Settings\Temporary Internet Files\_KC\1002
C:\Documents and Settings\wa\Local Settings\Temporary Internet Files\_KC\2001
C:\Documents and Settings\wa\Local Settings\Temporary Internet Files\_KC\3000
C:\Documents and Settings\wa\Local Settings\Temporary Internet Files\_KC\3012
C:\Documents and Settings\wa\Local Settings\Temporary Internet Files\_KC\3016
C:\Documents and Settings\wa\Local Settings\Temporary Internet Files\_KC\3018
C:\Documents and Settings\wa\Local Settings\Temporary Internet Files\_KC\3019
C:\Documents and Settings\wa\Local Settings\Temporary Internet Files\_KC\3021
C:\Documents and Settings\wa\Local Settings\Temporary Internet Files\_KC\3032
C:\Documents and Settings\wa\Local Settings\Temporary Internet Files\_KC\3036
C:\Documents and Settings\wa\Local Settings\Temporary Internet Files\_KC\3038
C:\Documents and Settings\wa\Local Settings\Temporary Internet Files\_KC\3052
C:\Documents and Settings\wa\Local Settings\Temporary Internet Files\_KC\3057
C:\Documents and Settings\wa\Local Settings\Temporary Internet Files\_KC\3065
C:\Documents and Settings\wa\Local Settings\Temporary Internet Files\_KC\3076
C:\Documents and Settings\wa\Local Settings\Temporary Internet Files\_KC\3089
C:\Documents and Settings\wa\Local Settings\Temporary Internet Files\_KC\3090
C:\Documents and Settings\wa\Local Settings\Temporary Internet Files\_kdacoptfg
C:\Documents and Settings\wa\Local Settings\Temporary Internet Files\testmusic1
C:\Documents and Settings\wa\Local Settings\Temporary Internet Files\testmusic2
C:\Documents and Settings\wa\Local Settings\Temporary Internet Files\testmusic3
C:\Documents and Settings\wa\Local Settings\Temporary Internet Files\testmusic6
C:\Documents and Settings\wa\Local Settings\Temporary Internet Files\testmusic7
C:\Documents and Settings\wa\Local Settings\Temporary Internet Files\testmusic8
C:\Documents and Settings\wa\Local Settings\Temporary Internet Files\testmusic9
C:\Program Files\Common Files\PushWare
C:\Program Files\Common Files\Real\visualizations\RealYQLyrics.rpv
C:\Program Files\Yiqilai
C:\Program Files\Yiqilai\foobar\foo_ui_columns.dll
C:\Program Files\Yiqilai\foobar\foo_ui_yqllyrics.dll
C:\Program Files\Yiqilai\iTunes\iTunesYQLyrics.dll
C:\Program Files\Yiqilai\lib\YQL_Lyrics_Common.dll
C:\Program Files\Yiqilai\realplayer\RealYQLyrics.rpv
C:\Program Files\Yiqilai\Temp\foo_ui_columns.dll
C:\Program Files\Yiqilai\Temp\foo_ui_yqllyrics.dll
C:\Program Files\Yiqilai\Temp\iTunesYQLyrics.dll
C:\Program Files\Yiqilai\tools\GetMusic.exe
C:\Program Files\Yiqilai\tools\music.dll
C:\Program Files\Yiqilai\tools\YiqilaiLyrics.exe
C:\Program Files\Yiqilai\Uninstall.exe
C:\Program Files\Yiqilai\winamp\gen_yqllyrics.dll
C:\Program Files\Yiqilai\winamp\vis_yqllyrics.dll
C:\Program Files\Yiqilai\wmp\YiqilaiLyrics.dll
C:\WINDOWS\Fonts\2knxWtVjbWXmUdGG.ttf
C:\WINDOWS\Fonts\bKkCsU7Z6YntjH4G.ttf
C:\WINDOWS\Fonts\cD9KArZZUHxCqnyM.ttf
C:\WINDOWS\Fonts\cFDPmh3MDPjcHMPd.ttf
C:\WINDOWS\Fonts\D9PjvuvCAeWudqwq.ttf
C:\WINDOWS\Fonts\du3Q2JXbHYGxcSAe.ttf
C:\WINDOWS\Fonts\eCgMhGRkPUcdutd0.ttf
C:\WINDOWS\Fonts\EEUJgNKN6xmNqKr6.ttf
C:\WINDOWS\Fonts\G49AhKxDmsj6uxnu.ttf
C:\WINDOWS\Fonts\hBRNYhzGWu6vwg6G.ttf
C:\WINDOWS\Fonts\JNwybEjgUVaxBU5d.ttf
C:\WINDOWS\Fonts\KXBqRpa2mrNPeXKb.ttf
C:\WINDOWS\Fonts\MhaUKGazkr3fZZKp.ttf
C:\WINDOWS\Fonts\PACNkAWTwg4Cyb3e.ttf
C:\WINDOWS\Fonts\pDuuqr4BgFn65AeW.ttf
C:\WINDOWS\Fonts\pKxp3cBbnHVb65ZWUDgRE5.ttf
C:\WINDOWS\Fonts\PrZWDcWgjaE3SQyr.ttf
C:\WINDOWS\Fonts\S8a8cnEuaydPJGg8.ttf
C:\WINDOWS\Fonts\tukVTEVUdJmB1k.ttf
C:\WINDOWS\Fonts\ubZJmeB3bJjsGEbf.ttf
C:\WINDOWS\Fonts\yGMHUAj5Npydj8FZ.ttf
C:\WINDOWS\Fonts\yKY54UdeQT3pEaq2.ttf
C:\WINDOWS\Fonts\zZ5kDff9es3wZ9YZ.ttf
C:\WINDOWS\KB611311.log
C:\WINDOWS\Packet.dll
C:\WINDOWS\system32\26831375.dll
C:\WINDOWS\system32\B4eocaps.SRG
C:\WINDOWS\system32\drivers\230.tmp
C:\WINDOWS\system32\drivers\243.tmp
C:\WINDOWS\system32\gprmsgse.axz
C:\WINDOWS\system32\gscpx32r.det
C:\WINDOWS\system32\l6.exe
C:\WINDOWS\system32\mprmsgse.axz
C:\WINDOWS\system32\mscpx32r.det
C:\WINDOWS\system32\mtlrd.dll
C:\WINDOWS\system32\YQL_Lyrics_Common.dll

.

                                                                                                                                                                                                                       

TOP

好難健康

二星fun會員

Rank: 3Rank: 3
8# 發表於 2009-4-28 00:28  只看該作者
(((((((((((((((((((((((((((((((((((((((   驅動/服務   )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_ACPIDISK
-------\Legacy_MTLRD
-------\Service_acpidisk
-------\Service_Apcdli


(((((((((((((((((((((((((  2009-05-23 至 2009-4-23 的新的檔案  )))))))))))))))))))))))))))))))
.

2009-04-22 17:31:18 . 2009-04-22 17:31:18        0        d-----w        C:\fsaua.data
2009-04-22 17:16:15 . 2008-10-16 06:07:56        23576        ----a-w        C:\WINDOWS\system32\wuapi.dll.mui
2009-04-22 15:29:09 . 2009-04-22 16:01:03        16384        ----a-w        C:\WINDOWS\DCEBoot.exe
2009-04-22 15:24:38 . 2009-04-22 15:24:38        0        d-----w        C:\Documents and Settings\wa\Local Settings\Application Data\Trend Micro
2009-04-22 15:22:44 . 2009-04-22 15:22:44        0        d-----w        C:\Documents and Settings\LocalService\Local Settings\Application Data\Trend Micro
2009-04-22 15:21:40 . 2009-04-02 23:08:54        50192        ----a-w        C:\WINDOWS\system32\drivers\tmactmon.sys
2009-04-22 15:21:40 . 2009-04-02 23:08:52        50192        ----a-w        C:\WINDOWS\system32\drivers\tmevtmgr.sys
2009-04-22 15:21:40 . 2009-04-02 23:08:48        153104        ----a-w        C:\WINDOWS\system32\drivers\tmcomm.sys
2009-04-22 15:21:05 . 2009-04-22 15:27:48        0        d-----w        C:\Documents and Settings\All Users\Application Data\Trend Micro
2009-04-22 15:20:04 . 2009-04-22 15:20:04        661808        ----a-w        C:\WINDOWS\system32\UfWSC.cpl
2009-04-22 15:20:01 . 2009-04-22 15:20:01        80400        ----a-w        C:\WINDOWS\system32\drivers\tmtdi.sys
2009-04-22 15:20:01 . 2009-04-22 15:20:01        334352        ----a-w        C:\WINDOWS\system32\drivers\TM_CFW.sys
2009-04-22 15:20:01 . 2008-11-27 01:42:42        205328        ----a-w        C:\WINDOWS\system32\drivers\tmxpflt.sys
2009-04-22 15:20:01 . 2008-11-27 01:42:40        36368        ----a-w        C:\WINDOWS\system32\drivers\tmpreflt.sys
2009-04-22 15:20:01 . 2008-11-27 01:39:56        1195384        ----a-w        C:\WINDOWS\system32\drivers\vsapint.sys
2009-04-22 10:25:47 . 2009-04-22 10:25:47        40        ----a-w        C:\WINDOWS\tmp.dat
2009-04-22 10:25:47 . 2009-04-22 10:25:47        37        ----a-w        C:\WINDOWS\sys.ini
2009-04-21 19:17:56 . 2009-04-21 19:17:56        32        ----a-w        C:\WINDOWS\system32\ormsgse.axz
2009-04-21 19:05:29 . 2009-04-21 19:05:29        1        ----a-w        C:\WINDOWS\system32\drivers\S11.gle
2009-04-21 18:58:42 . 2009-04-21 18:58:42        1        ----a-w        C:\WINDOWS\system32\drivers\a8.gle
2009-04-21 18:58:42 . 2009-04-21 18:58:42        1        ----a-w        C:\WINDOWS\system32\drivers\01.gle
2009-04-21 18:58:39 . 2009-04-21 18:58:39        1        ----a-w        C:\WINDOWS\system32\drivers\a9.gle
2009-04-21 18:58:35 . 2009-04-21 18:58:35        1        ----a-w        C:\WINDOWS\system32\drivers\a10.gle
2009-04-21 18:58:34 . 2009-04-21 18:58:34        1        ----a-w        C:\WINDOWS\system32\drivers\a2.gle
2009-04-21 18:58:33 . 2009-04-21 18:58:33        1        ----a-w        C:\WINDOWS\system32\drivers\1a.gle
2009-04-21 18:57:48 . 2009-04-22 16:22:07        0        d-----w        C:\WINDOWS\Intel
2009-04-21 18:57:26 . 2009-04-21 18:57:26        1        ----a-w        C:\WINDOWS\system32\drivers\S20.gle
2009-04-21 18:57:22 . 2009-04-21 18:57:22        1        ----a-w        C:\WINDOWS\system32\drivers\S17.gle
2009-04-21 18:57:19 . 2009-04-21 18:57:19        1        ----a-w        C:\WINDOWS\system32\drivers\S13.gle
2009-04-21 18:57:13 . 2009-04-21 18:57:13        1        ----a-w        C:\WINDOWS\system32\drivers\M23.gle
2009-04-21 18:57:06 . 2009-04-21 18:57:06        1        ----a-w        C:\WINDOWS\system32\drivers\M24.gle
2009-04-21 18:57:02 . 2009-04-21 18:57:02        1        ----a-w        C:\WINDOWS\system32\drivers\M15.gle
2009-04-21 18:56:59 . 2009-04-21 18:56:59        1        ----a-w        C:\WINDOWS\system32\drivers\M37.gle
2009-04-21 18:56:55 . 2009-04-21 18:56:55        1        ----a-w        C:\WINDOWS\system32\drivers\S21.gle
2009-04-21 18:56:52 . 2009-04-21 18:56:52        1        ----a-w        C:\WINDOWS\system32\drivers\S16.gle
2009-04-21 18:56:46 . 2009-04-21 18:56:46        1        ----a-w        C:\WINDOWS\system32\drivers\S15.gle
2009-04-21 18:56:37 . 2009-04-21 18:56:37        1        ----a-w        C:\WINDOWS\system32\drivers\M33.gle
2009-04-21 18:56:33 . 2009-04-21 18:56:33        1        ----a-w        C:\WINDOWS\system32\drivers\M35.gle
2009-04-21 18:56:30 . 2009-04-21 18:56:30        1        ----a-w        C:\WINDOWS\system32\drivers\M4.gle
2009-04-21 18:56:30 . 2009-04-21 18:56:30        1        ----a-w        C:\WINDOWS\system32\drivers\M25.gle
2009-04-21 18:56:29 . 2009-04-21 18:56:29        1        ----a-w        C:\WINDOWS\system32\drivers\M39.gle
2009-04-21 18:56:28 . 2009-04-21 18:56:28        1        ----a-w        C:\WINDOWS\system32\drivers\M5.gle
2009-04-21 18:56:04 . 2009-04-21 18:56:04        1        ----a-w        C:\WINDOWS\system32\drivers\S14.gle
2009-04-21 18:56:00 . 2009-04-21 18:56:00        1        ----a-w        C:\WINDOWS\system32\drivers\S12.gle
2009-04-21 18:55:57 . 2009-04-21 18:55:57        1        ----a-w        C:\WINDOWS\system32\drivers\S2.gle
2009-04-21 18:55:54 . 2009-04-21 18:55:54        1        ----a-w        C:\WINDOWS\system32\drivers\S8.gle
2009-04-21 18:55:54 . 2009-04-21 18:55:54        1        ----a-w        C:\WINDOWS\system32\drivers\S1.gle
2009-04-21 18:55:50 . 2009-04-21 18:55:50        1        ----a-w        C:\WINDOWS\system32\drivers\S101.gle
2009-04-21 18:55:38 . 2009-04-21 18:55:39        17448        --sha-w        C:\WINDOWS\system32\12days.dll
2009-04-21 18:55:38 . 2009-04-21 18:55:38        1        ----a-w        C:\WINDOWS\system32\drivers\L6.gle
2009-04-21 18:55:35 . 2009-04-21 18:55:35        1        ----a-w        C:\WINDOWS\system32\drivers\L5.gle
2009-04-21 18:55:30 . 2009-04-21 18:55:30        1        ----a-w        C:\WINDOWS\system32\drivers\L4.gle
2009-04-21 18:55:26 . 2009-04-21 18:55:26        1        ----a-w        C:\WINDOWS\system32\drivers\L3.gle
2009-04-21 18:55:17 . 2009-04-21 18:55:17        1        ----a-w        C:\WINDOWS\system32\drivers\L1.gle
2009-04-21 18:55:10 . 2009-04-21 18:55:10        1        ----a-w        C:\WINDOWS\system32\drivers\ok.gle
2009-04-21 18:54:36 . 2009-04-21 18:54:36        210        ----a-w        C:\WINDOWS\GooGleeee.vbs
2009-04-18 20:19:39 . 2009-04-18 20:19:39        19        ----a-w        C:\WINDOWS\powerlist.ini

.
((((((((((((((((((((((((((((((((((((((((   在三個月內被修改的檔案   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-04-23 11:02:03 . 2009-01-25 08:09:52        0        d-----w        C:\Program Files\Steam
2009-04-22 18:44:18 . 2008-07-16 14:55:41        0        d---a-w        C:\Documents and Settings\All Users\Application Data\TEMP
2009-04-22 18:29:54 . 2004-08-03 16:48:06        23552        ----a-w        C:\WINDOWS\system32\userinit.exe
2009-04-22 15:22:05 . 2008-03-28 06:43:27        0        d-----w        C:\Program Files\Trend Micro
2009-04-22 14:47:26 . 2009-04-22 14:47:26        2091        ----a-w        C:\log.txt
2009-04-22 11:02:01 . 2007-09-09 04:28:30        0        d-----w        C:\Program Files\360safe
2009-04-21 18:54:56 . 2007-06-11 17:07:52        0        d-----w        C:\Program Files\TVAnts
2009-04-21 18:53:51 . 2007-07-12 18:08:54        0        d-----w        C:\Program Files\PPLive
2009-04-18 20:19:39 . 2007-09-02 12:59:19        0        d-----w        C:\Documents and Settings\wa\Application Data\ppStream
2009-04-12 10:49:01 . 2009-02-21 11:19:13        0        d-----w        C:\Program Files\Gameone
2009-03-30 10:14:19 . 2001-09-17 00:00:00        61738        ----a-w        C:\WINDOWS\system32\prfc0404.dat
2009-03-30 10:14:19 . 2001-09-17 00:00:00        213372        ----a-w        C:\WINDOWS\system32\prfh0404.dat
2009-03-29 12:41:19 . 2008-07-30 09:45:57        0        d-----w        C:\Program Files\Valve
2009-03-28 08:30:01 . 2008-11-25 07:33:52        0        d-----w        C:\Program Files\Foxy
2009-03-14 05:26:58 . 2007-09-09 04:30:25        0        d-----w        C:\Documents and Settings\All Users\Application Data\360safe
2009-03-14 05:26:58 . 2007-09-09 04:28:39        0        d-----w        C:\Documents and Settings\wa\Application Data\360Safe
2009-03-10 16:53:30 . 2009-03-10 15:57:26        0        d-----w        C:\Documents and Settings\wa\Application Data\Winamp
2009-03-10 15:57:57 . 2009-03-10 15:57:26        0        d-----w        C:\Program Files\Winamp
2009-02-25 10:39:41 . 2009-01-27 20:55:36        0        d-----w        C:\Documents and Settings\wa\Application Data\Camfrog
2009-02-19 11:53:03 . 2007-06-09 14:34:38        79256        ----a-w        C:\Documents and Settings\wa\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-02-06 11:19:04 . 2009-02-06 11:19:04        305528        ----a-w        C:\WINDOWS\WLXPGSS.SCR
2009-02-06 10:52:40 . 2009-02-06 10:52:40        49504        ----a-w        C:\WINDOWS\system32\sirenacm.dll
.

------- Sigcheck -------

[7] 2004-08-03 15:14:42        359040        9F4B36614A0FC234525BA224957DE55C        C:\WINDOWS\system32\dllcache\tcpip.sys
[-] 2004-08-03 15:14:42        359040        6A603809F598332DBEDD535BDBCE313E        C:\WINDOWS\system32\drivers\tcpip.sys
.
(((((((((((((((((((((((((((((((((((((   重要登入點   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*注意* 空白與合法缺省登錄將不會被顯示
REGEDIT4                                                                                                                                                                                                                       

TOP

周日日

二星fun會員

Rank: 3Rank: 3
9# 發表於 2009-4-28 08:27  只看該作者
ComboFix 記錄不完整.

Step: CFScript


    * 開啟記事本,貼上以下內容

KILLALL::

File::
C:\WINDOWS\GooGleeee.vbs
C:\WINDOWS\system32\drivers\ok.gle
C:\WINDOWS\system32\drivers\L1.gle
C:\WINDOWS\system32\drivers\L3.gle
C:\WINDOWS\system32\drivers\L4.gle
C:\WINDOWS\system32\drivers\L5.gle
C:\WINDOWS\system32\drivers\L6.gle
C:\WINDOWS\system32\12days.dll
C:\WINDOWS\system32\drivers\S101.gle
C:\WINDOWS\system32\drivers\S1.gle
C:\WINDOWS\system32\drivers\S8.gle
C:\WINDOWS\system32\drivers\S2.gle
C:\WINDOWS\system32\drivers\S12.gle
C:\WINDOWS\system32\drivers\S14.gle
C:\WINDOWS\system32\drivers\M5.gle
C:\WINDOWS\system32\drivers\M39.gle
C:\WINDOWS\system32\drivers\M25.gle
C:\WINDOWS\system32\drivers\M4.gle
C:\WINDOWS\system32\drivers\M35.gle
C:\WINDOWS\system32\drivers\M33.gle
C:\WINDOWS\system32\drivers\S15.gle
C:\WINDOWS\system32\drivers\S16.gle
C:\WINDOWS\system32\drivers\S21.gle
C:\WINDOWS\system32\drivers\M37.gle
C:\WINDOWS\system32\drivers\M15.gle
C:\WINDOWS\system32\drivers\M24.gle
C:\WINDOWS\system32\drivers\M23.gle
C:\WINDOWS\system32\drivers\S13.gle
C:\WINDOWS\system32\drivers\S17.gle
C:\WINDOWS\system32\drivers\S20.gle
C:\WINDOWS\system32\drivers\1a.gle
C:\WINDOWS\system32\drivers\a2.gle
C:\WINDOWS\system32\drivers\a10.gle
C:\WINDOWS\system32\drivers\a9.gle
C:\WINDOWS\system32\drivers\01.gle
C:\WINDOWS\system32\drivers\a8.gle
C:\WINDOWS\system32\drivers\S11.gle
C:\WINDOWS\system32\ormsgse.axz
C:\WINDOWS\sys.ini
C:\WINDOWS\tmp.dat
C:\WINDOWS\system32\a1.exe

儲存--->存檔類型--->所有檔案-->檔名輸入為 CFScript.txt
把CFScript.txt 拉到 ComboxFix.exe

    * ComboxFix 將會被執行
    * 執行完會有報告於C:\ComboFix.txt.

TOP

周日日

二星fun會員

Rank: 3Rank: 3
10# 發表於 2009-4-28 08:57  只看該作者
去VirusTotal  

http://www.virustotal.com/

Check下以下檔案.

c:\windows\ServicePackFiles\i386\scvhost.exe

貼上報告連結.

                                                                                                                                                                                                                       

TOP

周日日

二星fun會員

Rank: 3Rank: 3
11# 發表於 2009-4-28 09:46  只看該作者
按左fix cheaked都仲係到  
O23 - Service: SecuROM User Access Service (V7) (UserAccess7) - Unknown owner - C:\WINDOWS\system32\UAService7.exe

可以不用Fix了                                                                                                                                                                                                                       

TOP

好難健康

二星fun會員

Rank: 3Rank: 3
12# 發表於 2009-4-28 19:15  只看該作者
ComboFix 09-04-23.A3 - wa /04/24 星期五  3:24:27.6 - NTFSx86
Microsoft Windows XP Professional  5.1.2600.2.950.886.1028.18.2047.1559 [GMT 8:00]
執行位置: C:\Documents and Settings\wa\桌面\ComboFix.exe
Command switches used :: C:\Documents and Settings\wa\桌面\CFScript.txt
AV: ESET NOD32 Antivirus 3.0 *On-access scanning enabled* (Updated)
AV: Trend Micro Internet Security Pro *On-access scanning disabled* (Updated)
FW: 趨勢科技主控式個人防火牆 *disabled*
* 成功創造新還原點

FILE ::
C:\WINDOWS\GooGleeee.vbs
C:\WINDOWS\sys.ini
C:\WINDOWS\system32\12days.dll
C:\WINDOWS\system32\a1.exe
C:\WINDOWS\system32\drivers\01.gle
C:\WINDOWS\system32\drivers\1a.gle
C:\WINDOWS\system32\drivers\a10.gle
C:\WINDOWS\system32\drivers\a2.gle
C:\WINDOWS\system32\drivers\a8.gle
C:\WINDOWS\system32\drivers\a9.gle
C:\WINDOWS\system32\drivers\L1.gle
C:\WINDOWS\system32\drivers\L3.gle
C:\WINDOWS\system32\drivers\L4.gle
C:\WINDOWS\system32\drivers\L5.gle
C:\WINDOWS\system32\drivers\L6.gle
C:\WINDOWS\system32\drivers\M15.gle
C:\WINDOWS\system32\drivers\M23.gle
C:\WINDOWS\system32\drivers\M24.gle
C:\WINDOWS\system32\drivers\M25.gle
C:\WINDOWS\system32\drivers\M33.gle
C:\WINDOWS\system32\drivers\M35.gle
C:\WINDOWS\system32\drivers\M37.gle
C:\WINDOWS\system32\drivers\M39.gle
C:\WINDOWS\system32\drivers\M4.gle
C:\WINDOWS\system32\drivers\M5.gle
C:\WINDOWS\system32\drivers\ok.gle
C:\WINDOWS\system32\drivers\S1.gle
C:\WINDOWS\system32\drivers\S101.gle
C:\WINDOWS\system32\drivers\S11.gle
C:\WINDOWS\system32\drivers\S12.gle
C:\WINDOWS\system32\drivers\S13.gle
C:\WINDOWS\system32\drivers\S14.gle
C:\WINDOWS\system32\drivers\S15.gle
C:\WINDOWS\system32\drivers\S16.gle
C:\WINDOWS\system32\drivers\S17.gle
C:\WINDOWS\system32\drivers\S2.gle
C:\WINDOWS\system32\drivers\S20.gle
C:\WINDOWS\system32\drivers\S21.gle
C:\WINDOWS\system32\drivers\S8.gle
C:\WINDOWS\system32\ormsgse.axz
C:\WINDOWS\tmp.dat
.

(((((((((((((((((((((((((((((((((((((((   被刪除的檔案   )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\WINDOWS\GooGleeee.vbs
C:\WINDOWS\sys.ini
C:\WINDOWS\system32\12days.dll
C:\WINDOWS\system32\drivers\01.gle
C:\WINDOWS\system32\drivers\1a.gle
C:\WINDOWS\system32\drivers\a10.gle
C:\WINDOWS\system32\drivers\a2.gle
C:\WINDOWS\system32\drivers\a8.gle
C:\WINDOWS\system32\drivers\a9.gle
C:\WINDOWS\system32\drivers\L1.gle
C:\WINDOWS\system32\drivers\L3.gle
C:\WINDOWS\system32\drivers\L4.gle
C:\WINDOWS\system32\drivers\L5.gle
C:\WINDOWS\system32\drivers\L6.gle
C:\WINDOWS\system32\drivers\M15.gle
C:\WINDOWS\system32\drivers\M23.gle
C:\WINDOWS\system32\drivers\M24.gle
C:\WINDOWS\system32\drivers\M25.gle
C:\WINDOWS\system32\drivers\M33.gle
C:\WINDOWS\system32\drivers\M35.gle
C:\WINDOWS\system32\drivers\M37.gle
C:\WINDOWS\system32\drivers\M39.gle
C:\WINDOWS\system32\drivers\M4.gle
C:\WINDOWS\system32\drivers\M5.gle
C:\WINDOWS\system32\drivers\ok.gle
C:\WINDOWS\system32\drivers\S1.gle
C:\WINDOWS\system32\drivers\S101.gle
C:\WINDOWS\system32\drivers\S11.gle
C:\WINDOWS\system32\drivers\S12.gle
C:\WINDOWS\system32\drivers\S13.gle
C:\WINDOWS\system32\drivers\S14.gle
C:\WINDOWS\system32\drivers\S15.gle
C:\WINDOWS\system32\drivers\S16.gle
C:\WINDOWS\system32\drivers\S17.gle
C:\WINDOWS\system32\drivers\S2.gle
C:\WINDOWS\system32\drivers\S20.gle
C:\WINDOWS\system32\drivers\S21.gle
C:\WINDOWS\system32\drivers\S8.gle
C:\WINDOWS\system32\ormsgse.axz
C:\WINDOWS\tmp.dat
.
---- 早前運行的結果 -------
.
C:\DOCUME~1\wa\LOCALS~1\Temp\DNFupdate.exe
C:\Documents and Settings\All Users\Application Data\Microsoft\Dr Watson\YiqilaiLyrics_2001.exe
C:\Documents and Settings\wa\Local Settings\Temporary Internet Files\__fdkfjfjgjitijk
C:\Documents and Settings\wa\Local Settings\Temporary Internet Files\_inifid
C:\Documents and Settings\wa\Local Settings\Temporary Internet Files\_inifiletime3
C:\Documents and Settings\wa\Local Settings\Temporary Internet Files\_inimac
C:\Documents and Settings\wa\Local Settings\Temporary Internet Files\_KC
C:\Documents and Settings\wa\Local Settings\Temporary Internet Files\_KC\1002
C:\Documents and Settings\wa\Local Settings\Temporary Internet Files\_KC\2001
C:\Documents and Settings\wa\Local Settings\Temporary Internet Files\_KC\3000
C:\Documents and Settings\wa\Local Settings\Temporary Internet Files\_KC\3012
C:\Documents and Settings\wa\Local Settings\Temporary Internet Files\_KC\3016
C:\Documents and Settings\wa\Local Settings\Temporary Internet Files\_KC\3018
C:\Documents and Settings\wa\Local Settings\Temporary Internet Files\_KC\3019
C:\Documents and Settings\wa\Local Settings\Temporary Internet Files\_KC\3021
C:\Documents and Settings\wa\Local Settings\Temporary Internet Files\_KC\3032
C:\Documents and Settings\wa\Local Settings\Temporary Internet Files\_KC\3036
C:\Documents and Settings\wa\Local Settings\Temporary Internet Files\_KC\3038
C:\Documents and Settings\wa\Local Settings\Temporary Internet Files\_KC\3052
C:\Documents and Settings\wa\Local Settings\Temporary Internet Files\_KC\3057
C:\Documents and Settings\wa\Local Settings\Temporary Internet Files\_KC\3065
C:\Documents and Settings\wa\Local Settings\Temporary Internet Files\_KC\3076
C:\Documents and Settings\wa\Local Settings\Temporary Internet Files\_KC\3089
C:\Documents and Settings\wa\Local Settings\Temporary Internet Files\_KC\3090
C:\Documents and Settings\wa\Local Settings\Temporary Internet Files\_kdacoptfg
C:\Documents and Settings\wa\Local Settings\Temporary Internet Files\testmusic1
C:\Documents and Settings\wa\Local Settings\Temporary Internet Files\testmusic2
C:\Documents and Settings\wa\Local Settings\Temporary Internet Files\testmusic3
C:\Documents and Settings\wa\Local Settings\Temporary Internet Files\testmusic6
C:\Documents and Settings\wa\Local Settings\Temporary Internet Files\testmusic7
C:\Documents and Settings\wa\Local Settings\Temporary Internet Files\testmusic8
C:\Documents and Settings\wa\Local Settings\Temporary Internet Files\testmusic9
C:\Program Files\Common Files\PushWare
C:\Program Files\Common Files\Real\visualizations\RealYQLyrics.rpv
C:\Program Files\Yiqilai
C:\Program Files\Yiqilai\foobar\foo_ui_columns.dll
C:\Program Files\Yiqilai\foobar\foo_ui_yqllyrics.dll
C:\Program Files\Yiqilai\iTunes\iTunesYQLyrics.dll
C:\Program Files\Yiqilai\lib\YQL_Lyrics_Common.dll
C:\Program Files\Yiqilai\realplayer\RealYQLyrics.rpv
C:\Program Files\Yiqilai\Temp\foo_ui_columns.dll
C:\Program Files\Yiqilai\Temp\foo_ui_yqllyrics.dll
C:\Program Files\Yiqilai\Temp\iTunesYQLyrics.dll
C:\Program Files\Yiqilai\tools\GetMusic.exe
C:\Program Files\Yiqilai\tools\music.dll
C:\Program Files\Yiqilai\tools\YiqilaiLyrics.exe
C:\Program Files\Yiqilai\Uninstall.exe
C:\Program Files\Yiqilai\winamp\gen_yqllyrics.dll
C:\Program Files\Yiqilai\winamp\vis_yqllyrics.dll
C:\Program Files\Yiqilai\wmp\YiqilaiLyrics.dll
C:\WINDOWS\Fonts\2knxWtVjbWXmUdGG.ttf
C:\WINDOWS\Fonts\bKkCsU7Z6YntjH4G.ttf
C:\WINDOWS\Fonts\cD9KArZZUHxCqnyM.ttf
C:\WINDOWS\Fonts\cFDPmh3MDPjcHMPd.ttf
C:\WINDOWS\Fonts\D9PjvuvCAeWudqwq.ttf
C:\WINDOWS\Fonts\du3Q2JXbHYGxcSAe.ttf
C:\WINDOWS\Fonts\eCgMhGRkPUcdutd0.ttf
C:\WINDOWS\Fonts\EEUJgNKN6xmNqKr6.ttf
C:\WINDOWS\Fonts\G49AhKxDmsj6uxnu.ttf
C:\WINDOWS\Fonts\hBRNYhzGWu6vwg6G.ttf
C:\WINDOWS\Fonts\JNwybEjgUVaxBU5d.ttf
C:\WINDOWS\Fonts\KXBqRpa2mrNPeXKb.ttf
C:\WINDOWS\Fonts\MhaUKGazkr3fZZKp.ttf
C:\WINDOWS\Fonts\PACNkAWTwg4Cyb3e.ttf
C:\WINDOWS\Fonts\pDuuqr4BgFn65AeW.ttf
C:\WINDOWS\Fonts\pKxp3cBbnHVb65ZWUDgRE5.ttf
C:\WINDOWS\Fonts\PrZWDcWgjaE3SQyr.ttf
C:\WINDOWS\Fonts\S8a8cnEuaydPJGg8.ttf
C:\WINDOWS\Fonts\tukVTEVUdJmB1k.ttf
C:\WINDOWS\Fonts\ubZJmeB3bJjsGEbf.ttf
C:\WINDOWS\Fonts\yGMHUAj5Npydj8FZ.ttf
C:\WINDOWS\Fonts\yKY54UdeQT3pEaq2.ttf
C:\WINDOWS\Fonts\zZ5kDff9es3wZ9YZ.ttf
C:\WINDOWS\KB611311.log
C:\WINDOWS\Packet.dll
C:\WINDOWS\system32\26831375.dll
C:\WINDOWS\system32\B4eocaps.SRG
C:\WINDOWS\system32\drivers\230.tmp
C:\WINDOWS\system32\drivers\243.tmp
C:\WINDOWS\system32\gprmsgse.axz
C:\WINDOWS\system32\gscpx32r.det
C:\WINDOWS\system32\l6.exe
C:\WINDOWS\system32\mprmsgse.axz
C:\WINDOWS\system32\mscpx32r.det
C:\WINDOWS\system32\mtlrd.dll
C:\WINDOWS\system32\YQL_Lyrics_Common.dll

.

TOP

好難健康

二星fun會員

Rank: 3Rank: 3
13# 發表於 2009-4-28 20:41  只看該作者
(((((((((((((((((((((((((((((((((((((((   驅動/服務   )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_ACPIDISK
-------\Legacy_MTLRD
-------\Service_acpidisk
-------\Service_Apcdli


(((((((((((((((((((((((((  2009-05-23 至 2009-4-23 的新的檔案  )))))))))))))))))))))))))))))))
.

2009-04-22 17:31:18 . 2009-04-22 17:31:18        0        d-----w        C:\fsaua.data
2009-04-22 17:16:15 . 2008-10-16 06:07:56        23576        ----a-w        C:\WINDOWS\system32\wuapi.dll.mui
2009-04-22 15:29:09 . 2009-04-22 16:01:03        16384        ----a-w        C:\WINDOWS\DCEBoot.exe
2009-04-22 15:24:38 . 2009-04-22 15:24:38        0        d-----w        C:\Documents and Settings\wa\Local Settings\Application Data\Trend Micro
2009-04-22 15:22:44 . 2009-04-22 15:22:44        0        d-----w        C:\Documents and Settings\LocalService\Local Settings\Application Data\Trend Micro
2009-04-22 15:21:40 . 2009-04-02 23:08:54        50192        ----a-w        C:\WINDOWS\system32\drivers\tmactmon.sys
2009-04-22 15:21:40 . 2009-04-02 23:08:52        50192        ----a-w        C:\WINDOWS\system32\drivers\tmevtmgr.sys
2009-04-22 15:21:40 . 2009-04-02 23:08:48        153104        ----a-w        C:\WINDOWS\system32\drivers\tmcomm.sys
2009-04-22 15:21:05 . 2009-04-22 15:27:48        0        d-----w        C:\Documents and Settings\All Users\Application Data\Trend Micro
2009-04-22 15:20:04 . 2009-04-22 15:20:04        661808        ----a-w        C:\WINDOWS\system32\UfWSC.cpl
2009-04-22 15:20:01 . 2009-04-22 15:20:01        80400        ----a-w        C:\WINDOWS\system32\drivers\tmtdi.sys
2009-04-22 15:20:01 . 2009-04-22 15:20:01        334352        ----a-w        C:\WINDOWS\system32\drivers\TM_CFW.sys
2009-04-22 15:20:01 . 2008-11-27 01:42:42        205328        ----a-w        C:\WINDOWS\system32\drivers\tmxpflt.sys
2009-04-22 15:20:01 . 2008-11-27 01:42:40        36368        ----a-w        C:\WINDOWS\system32\drivers\tmpreflt.sys
2009-04-22 15:20:01 . 2008-11-27 01:39:56        1195384        ----a-w        C:\WINDOWS\system32\drivers\vsapint.sys
2009-04-21 18:57:48 . 2009-04-22 16:22:07        0        d-----w        C:\WINDOWS\Intel
2009-04-18 20:19:39 . 2009-04-18 20:19:39        19        ----a-w        C:\WINDOWS\powerlist.ini

.
((((((((((((((((((((((((((((((((((((((((   在三個月內被修改的檔案   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-04-23 19:27:00 . 2009-01-25 08:09:52        0        d-----w        C:\Program Files\Steam
2009-04-22 18:44:18 . 2008-07-16 14:55:41        0        d---a-w        C:\Documents and Settings\All Users\Application Data\TEMP
2009-04-22 18:29:54 . 2004-08-03 16:48:06        23552        ----a-w        C:\WINDOWS\system32\userinit.exe
2009-04-22 15:22:05 . 2008-03-28 06:43:27        0        d-----w        C:\Program Files\Trend Micro
2009-04-22 14:47:26 . 2009-04-22 14:47:26        2091        ----a-w        C:\log.txt
2009-04-22 11:02:01 . 2007-09-09 04:28:30        0        d-----w        C:\Program Files\360safe
2009-04-21 18:54:56 . 2007-06-11 17:07:52        0        d-----w        C:\Program Files\TVAnts
2009-04-21 18:53:51 . 2007-07-12 18:08:54        0        d-----w        C:\Program Files\PPLive
2009-04-18 20:19:39 . 2007-09-02 12:59:19        0        d-----w        C:\Documents and Settings\wa\Application Data\ppStream
2009-04-12 10:49:01 . 2009-02-21 11:19:13        0        d-----w        C:\Program Files\Gameone
2009-03-30 10:14:19 . 2001-09-17 00:00:00        61738        ----a-w        C:\WINDOWS\system32\prfc0404.dat
2009-03-30 10:14:19 . 2001-09-17 00:00:00        213372        ----a-w        C:\WINDOWS\system32\prfh0404.dat
2009-03-29 12:41:19 . 2008-07-30 09:45:57        0        d-----w        C:\Program Files\Valve
2009-03-28 08:30:01 . 2008-11-25 07:33:52        0        d-----w        C:\Program Files\Foxy
2009-03-14 05:26:58 . 2007-09-09 04:30:25        0        d-----w        C:\Documents and Settings\All Users\Application Data\360safe
2009-03-14 05:26:58 . 2007-09-09 04:28:39        0        d-----w        C:\Documents and Settings\wa\Application Data\360Safe
2009-03-10 16:53:30 . 2009-03-10 15:57:26        0        d-----w        C:\Documents and Settings\wa\Application Data\Winamp
2009-03-10 15:57:57 . 2009-03-10 15:57:26        0        d-----w        C:\Program Files\Winamp
2009-02-25 10:39:41 . 2009-01-27 20:55:36        0        d-----w        C:\Documents and Settings\wa\Application Data\Camfrog
2009-02-19 11:53:03 . 2007-06-09 14:34:38        79256        ----a-w        C:\Documents and Settings\wa\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-02-06 11:19:04 . 2009-02-06 11:19:04        305528        ----a-w        C:\WINDOWS\WLXPGSS.SCR
2009-02-06 10:52:40 . 2009-02-06 10:52:40        49504        ----a-w        C:\WINDOWS\system32\sirenacm.dll
.

------- Sigcheck -------

[7] 2004-08-03 15:14:42        359040        9F4B36614A0FC234525BA224957DE55C        C:\WINDOWS\system32\dllcache\tcpip.sys
[-] 2004-08-03 15:14:42        359040        6A603809F598332DBEDD535BDBCE313E        C:\WINDOWS\system32\drivers\tcpip.sys
.
(((((((((((((((((((((((((((((((((((((   重要登入點   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*注意* 空白與合法缺省登錄將不會被顯示
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-03 16:47:54 15360]
"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [2004-08-03 16:59:14 1667584]
"DAEMON Tools"="C:\Program Files\DAEMON Tools\daemon.exe" [2007-11-17 11:53:38 171464]
"Yahoo!Mini"="C:\Program Files\Yahoo!\Mini\YMiniUpdat2.exe" [BU]
"MsnMsgr"="C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" [2009-02-06 10:53:50 3885408]
"Steam"="C:\Program Files\Steam\Steam.exe" [2009-01-25 08:12:28 1410296]
"Camfrog"="D:\Program Files\新資料夾\Camfrog Video Chat 4.1\CamfrogNet.exe" [2003-09-29 06:22:02 36352]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"UfSeAgnt.exe"="C:\Program Files\Trend Micro\Internet Security\UfSeAgnt.exe" [2009-04-22 15:19:54 974928]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2007-04-12 15:44:00 8429568]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-03 16:47:54 15360]



(Check下以下檔案.
c:\windows\ServicePackFiles\i386\scvhost.exe  
........都係冇 )

TOP

‹‹ 上一主題 | 下一主題 ››
發新話題