Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 下午 07:03:32, on 2009/4/22
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2
Boot mode: Normal
--
End of file - 12085 bytes 作者: 好難健康 時間: 2009-4-27 08:20
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 上午 02:33:52, on 2009/4/23
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2
Boot mode: Normal
按左fix cheaked都仲係到
O23 - Service: SecuROM User Access Service (V7) (UserAccess7) - Unknown owner - C:\WINDOWS\system32\UAService7.exe
另外 , 呢個file唔見左 ..無法上傳
C:\WINDOWS\system32\scvhost.exe
( 係呢到copy條個檔名按上傳後 , 網上出現了 0 bytes size received / Se ha recibido un archivo vacio)
ComboFix 09-04-23.A0 - wa /04/23 星期四 18:59:27.5 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.950.886.1028.18.2047.1608 [GMT 8:00]
執行位置: C:\Documents and Settings\wa\桌面\ComboFix.exe
AV: ESET NOD32 Antivirus 3.0 *On-access scanning enabled* (Updated)
AV: Trend Micro Internet Security Pro *On-access scanning disabled* (Updated)
FW: 趨勢科技主控式個人防火牆 *disabled*
.
((((((((((((((((((((((((((((((((((((((( 被刪除的檔案 )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
---- 早前運行的結果 -------
.
C:\DOCUME~1\wa\LOCALS~1\Temp\DNFupdate.exe
C:\Documents and Settings\All Users\Application Data\Microsoft\Dr Watson\YiqilaiLyrics_2001.exe
C:\Documents and Settings\wa\Local Settings\Temporary Internet Files\__fdkfjfjgjitijk
C:\Documents and Settings\wa\Local Settings\Temporary Internet Files\_inifid
C:\Documents and Settings\wa\Local Settings\Temporary Internet Files\_inifiletime3
C:\Documents and Settings\wa\Local Settings\Temporary Internet Files\_inimac
C:\Documents and Settings\wa\Local Settings\Temporary Internet Files\_KC
C:\Documents and Settings\wa\Local Settings\Temporary Internet Files\_KC\1002
C:\Documents and Settings\wa\Local Settings\Temporary Internet Files\_KC\2001
C:\Documents and Settings\wa\Local Settings\Temporary Internet Files\_KC\3000
C:\Documents and Settings\wa\Local Settings\Temporary Internet Files\_KC\3012
C:\Documents and Settings\wa\Local Settings\Temporary Internet Files\_KC\3016
C:\Documents and Settings\wa\Local Settings\Temporary Internet Files\_KC\3018
C:\Documents and Settings\wa\Local Settings\Temporary Internet Files\_KC\3019
C:\Documents and Settings\wa\Local Settings\Temporary Internet Files\_KC\3021
C:\Documents and Settings\wa\Local Settings\Temporary Internet Files\_KC\3032
C:\Documents and Settings\wa\Local Settings\Temporary Internet Files\_KC\3036
C:\Documents and Settings\wa\Local Settings\Temporary Internet Files\_KC\3038
C:\Documents and Settings\wa\Local Settings\Temporary Internet Files\_KC\3052
C:\Documents and Settings\wa\Local Settings\Temporary Internet Files\_KC\3057
C:\Documents and Settings\wa\Local Settings\Temporary Internet Files\_KC\3065
C:\Documents and Settings\wa\Local Settings\Temporary Internet Files\_KC\3076
C:\Documents and Settings\wa\Local Settings\Temporary Internet Files\_KC\3089
C:\Documents and Settings\wa\Local Settings\Temporary Internet Files\_KC\3090
C:\Documents and Settings\wa\Local Settings\Temporary Internet Files\_kdacoptfg
C:\Documents and Settings\wa\Local Settings\Temporary Internet Files\testmusic1
C:\Documents and Settings\wa\Local Settings\Temporary Internet Files\testmusic2
C:\Documents and Settings\wa\Local Settings\Temporary Internet Files\testmusic3
C:\Documents and Settings\wa\Local Settings\Temporary Internet Files\testmusic6
C:\Documents and Settings\wa\Local Settings\Temporary Internet Files\testmusic7
C:\Documents and Settings\wa\Local Settings\Temporary Internet Files\testmusic8
C:\Documents and Settings\wa\Local Settings\Temporary Internet Files\testmusic9
C:\Program Files\Common Files\PushWare
C:\Program Files\Common Files\Real\visualizations\RealYQLyrics.rpv
C:\Program Files\Yiqilai
C:\Program Files\Yiqilai\foobar\foo_ui_columns.dll
C:\Program Files\Yiqilai\foobar\foo_ui_yqllyrics.dll
C:\Program Files\Yiqilai\iTunes\iTunesYQLyrics.dll
C:\Program Files\Yiqilai\lib\YQL_Lyrics_Common.dll
C:\Program Files\Yiqilai\realplayer\RealYQLyrics.rpv
C:\Program Files\Yiqilai\Temp\foo_ui_columns.dll
C:\Program Files\Yiqilai\Temp\foo_ui_yqllyrics.dll
C:\Program Files\Yiqilai\Temp\iTunesYQLyrics.dll
C:\Program Files\Yiqilai\tools\GetMusic.exe
C:\Program Files\Yiqilai\tools\music.dll
C:\Program Files\Yiqilai\tools\YiqilaiLyrics.exe
C:\Program Files\Yiqilai\Uninstall.exe
C:\Program Files\Yiqilai\winamp\gen_yqllyrics.dll
C:\Program Files\Yiqilai\winamp\vis_yqllyrics.dll
C:\Program Files\Yiqilai\wmp\YiqilaiLyrics.dll
C:\WINDOWS\Fonts\2knxWtVjbWXmUdGG.ttf
C:\WINDOWS\Fonts\bKkCsU7Z6YntjH4G.ttf
C:\WINDOWS\Fonts\cD9KArZZUHxCqnyM.ttf
C:\WINDOWS\Fonts\cFDPmh3MDPjcHMPd.ttf
C:\WINDOWS\Fonts\D9PjvuvCAeWudqwq.ttf
C:\WINDOWS\Fonts\du3Q2JXbHYGxcSAe.ttf
C:\WINDOWS\Fonts\eCgMhGRkPUcdutd0.ttf
C:\WINDOWS\Fonts\EEUJgNKN6xmNqKr6.ttf
C:\WINDOWS\Fonts\G49AhKxDmsj6uxnu.ttf
C:\WINDOWS\Fonts\hBRNYhzGWu6vwg6G.ttf
C:\WINDOWS\Fonts\JNwybEjgUVaxBU5d.ttf
C:\WINDOWS\Fonts\KXBqRpa2mrNPeXKb.ttf
C:\WINDOWS\Fonts\MhaUKGazkr3fZZKp.ttf
C:\WINDOWS\Fonts\PACNkAWTwg4Cyb3e.ttf
C:\WINDOWS\Fonts\pDuuqr4BgFn65AeW.ttf
C:\WINDOWS\Fonts\pKxp3cBbnHVb65ZWUDgRE5.ttf
C:\WINDOWS\Fonts\PrZWDcWgjaE3SQyr.ttf
C:\WINDOWS\Fonts\S8a8cnEuaydPJGg8.ttf
C:\WINDOWS\Fonts\tukVTEVUdJmB1k.ttf
C:\WINDOWS\Fonts\ubZJmeB3bJjsGEbf.ttf
C:\WINDOWS\Fonts\yGMHUAj5Npydj8FZ.ttf
C:\WINDOWS\Fonts\yKY54UdeQT3pEaq2.ttf
C:\WINDOWS\Fonts\zZ5kDff9es3wZ9YZ.ttf
C:\WINDOWS\KB611311.log
C:\WINDOWS\Packet.dll
C:\WINDOWS\system32\26831375.dll
C:\WINDOWS\system32\B4eocaps.SRG
C:\WINDOWS\system32\drivers\230.tmp
C:\WINDOWS\system32\drivers\243.tmp
C:\WINDOWS\system32\gprmsgse.axz
C:\WINDOWS\system32\gscpx32r.det
C:\WINDOWS\system32\l6.exe
C:\WINDOWS\system32\mprmsgse.axz
C:\WINDOWS\system32\mscpx32r.det
C:\WINDOWS\system32\mtlrd.dll
C:\WINDOWS\system32\YQL_Lyrics_Common.dll
按左fix cheaked都仲係到
O23 - Service: SecuROM User Access Service (V7) (UserAccess7) - Unknown owner - C:\WINDOWS\system32\UAService7.exe
可以不用Fix了 作者: 好難健康 時間: 2009-4-28 19:15
ComboFix 09-04-23.A3 - wa /04/24 星期五 3:24:27.6 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.950.886.1028.18.2047.1559 [GMT 8:00]
執行位置: C:\Documents and Settings\wa\桌面\ComboFix.exe
Command switches used :: C:\Documents and Settings\wa\桌面\CFScript.txt
AV: ESET NOD32 Antivirus 3.0 *On-access scanning enabled* (Updated)
AV: Trend Micro Internet Security Pro *On-access scanning disabled* (Updated)
FW: 趨勢科技主控式個人防火牆 *disabled*
* 成功創造新還原點