打印

[求助] IE首頁被綁架[已解決]

IE首頁被綁架[已解決] E-mail 此主題給朋友

[隱藏]
我想,用point form會比較易明。
  • IE首頁被綁架,每次開新IE時,會連去指定網頁(3929),但預設為香港雅虎。
  • 整部電腦速度被拖慢,儘管不是上網。
我已用BitDefender作網上掃毒,但情況還未改善…
要麻煩管理員了,謝謝。

[ 本帖最後由 onor 於 2008-9-30 05:33 PM 編輯 ]



實用相關搜尋: Spa 網上 香港 電腦

TOP

以下為[hijackthis]報告︰

Scan saved at 16:05:24, on 23/9/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16705)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\KIS2007\KWatch.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINPENJR\Win32\pphidpad.exe
C:\Program Files\HP\HP Software Update\HPWuSchd.exe
C:\Program Files\HP\hpcoretech\hpcmpmgr.exe
C:\PROGRA~1\Nokia\NOKIAP~1\LAUNCH~1.EXE
C:\KIS2007\KPfwSvc.EXE
C:\KIS2007\KAVStart.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\WINDOWS\system32\nvsvc32.exe
E:\Alcohol\Alcohol 120\StarWind\StarWindService.exe
C:\WINDOWS\system32\svchost.exe
C:\KIS2007\KMailMon.EXE
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\HP\hpcoretech\comp\hptskmgr.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Common Files\PCSuite\Services\ServiceLayer.exe
C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe
C:\Program Files\DAEMON Tools Lite\daemon.exe
C:\WINDOWS\system32\wscntfy.exe
C:\PROGRA~1\COMMON~1\Nokia\MPAPI\MPAPI3s.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe



實用相關搜尋: Spa Software Microsoft

TOP

F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\Userinit.exe
O2 - BHO: flashget urlcatch - {2F364306-AA45-47B5-9F9D-39A8B94E7EF7} - C:\PROGRA~1\FlashGet\jccatch.dll
O2 - BHO: BitComet ClickCapture - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - E:\BT\123\BitComet\tools\BitCometBHO_1.2.2.28.dll
O2 - BHO: 厙桴齬靡馱撿沭BHO - {489873CE-F3E1-44A3-8E89-04BE26BE4446} - C:\Program Files\zzToolBar\Toolbar_bho.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: FlashGet GetFlash Class - {F156768E-81EF-470C-9057-481BA8380DBA} - C:\PROGRA~1\FlashGet\getflash.dll
O3 - Toolbar: 厙桴齬靡馱撿沭 - {0A1230F1-EB52-4CA3-9D34-DE2ABC2EED35} - C:\Program Files\zzToolBar\ToolBand.dll
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [PPHIDPAD] C:\WINPENJR\Win32\pphidpad.exe
O4 - HKLM\..\Run: [HP Software Update] "C:\Program Files\HP\HP Software Update\HPWuSchd.exe"
O4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe"
O4 - HKLM\..\Run: [CJIMETIPSYNC] C:\Program Files\Common Files\Microsoft Shared\IME\IMTC65\CHANGJIE\CINTLCFG.EXE /CJIMETIPSync
O4 - HKLM\..\Run: [PHIMETIPSYNC] C:\Program Files\Common Files\Microsoft Shared\IME\IMTC65\PHONETIC\TINTLCFG.EXE /PHIMETIPSync
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [PCSuiteTrayApplication] C:\PROGRA~1\Nokia\NOKIAP~1\LAUNCH~1.EXE -startup
O4 - HKLM\..\Run: [KavStart] "C:\KIS2007\KAVStart.exe" -startup
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [IMEKRMIG6.1] C:\WINDOWS\ime\imkr6_1\IMEKRMIG.EXE
O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [DAEMON Tools-1033] "C:\Program Files\D-Tools\daemon.exe"  -lang 1033
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe"  -osboot
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Flashget] "C:\PROGRA~1\FlashGet\FlashGet.exe" /min
O4 - HKLM\..\RunOnce: [WIAWizardMenu] RUNDLL32.EXE C:\WINDOWS\system32\sti_ci.dll,WiaCreateWizardMenu
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [PcSync] C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog
O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\daemon.exe" -autorun
O4 - HKCU\..\Run: [jvsoft] C:\WINDOWS\system32\j3ewro.exe
O4 - HKCU\..\Run: [tasoft] C:\WINDOWS\system32\kxvo.exe
O4 - HKUS\S-1-5-19\..\Run: [ctfmon.exe] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [ctfmon.exe] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [ctfmon.exe] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O8 - Extra context menu item: &使用 FlashGet 下載 - C:\PROGRA~1\FlashGet\jc_link.htm
O8 - Extra context menu item: &使用BitComet下載本頁視訊 - res://E:\BT\123\BitComet\BitComet.exe/AddVideo.htm
O8 - Extra context menu item: &全部使用 FlashGet 下載 - C:\PROGRA~1\FlashGet\jc_all.htm
O8 - Extra context menu item: Foxy 下載 - res://C:\Program Files\Foxy\Foxy.exe/download.htm
O8 - Extra context menu item: Foxy 搜尋 - res://C:\Program Files\Foxy\Foxy.exe/search.htm
O8 - Extra context menu item: 使用BitComet下載全部連結 - res://E:\BT\123\BitComet\BitComet.exe/AddAllLink.htm
O8 - Extra context menu item: 使用BitComet下載連結(&B) - res://E:\BT\123\BitComet\BitComet.exe/AddLink.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java 主控台 - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: (no name) - {193B17B0-7C9F-4D5B-AEAB-8D3605EFC084} - C:\PROGRA~1\COPERN~1\COPERN~1.EXE
O9 - Extra 'Tools' menuitem: Launch Copernic Agent - {193B17B0-7C9F-4D5B-AEAB-8D3605EFC084} - C:\PROGRA~1\COPERN~1\COPERN~1.EXE
O9 - Extra button: ICQ Pro - {6224f700-cba3-4071-b251-47cb894244cd} - C:\PROGRA~1\ICQ\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ - {6224f700-cba3-4071-b251-47cb894244cd} - C:\PROGRA~1\ICQ\ICQ.exe
O9 - Extra button: Copernic Agent - {688DC797-DC11-46A7-9F1B-445F4F58CE6E} - C:\PROGRA~1\COPERN~1\COPERN~1.EXE
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra button: 參考資料 - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: BitComet - {D18A0B52-D63C-4ed0-AFC6-C1E3DC1AF43A} - res://E:\BT\123\BitComet\tools\BitCometBHO_1.2.2.28.dll/206 (file missing)
O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\FlashGet.exe
O9 - Extra 'Tools' menuitem: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\FlashGet.exe
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O15 - ESC Trusted Zone: http://*.update.microsoft.com
O16 - DPF: {05BCE06B-A300-4C4E-A42F-4C04BCCDE63B} (TRLuncherROC Control) - http://weblogin.talesrunner.com.hk/TRLuncherROC.cab
O16 - DPF: {0B79F48A-E8D6-11DB-9283-E25056D89593} (F-Secure Online Scanner 3.1) - http://support.f-secure.com/ols/fscax.cab
O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} (Facebook Photo Uploader 5) - http://upload.facebook.com/controls/FacebookPhotoUploader5.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {1E54D648-B804-468d-BC78-4AFFED8E262E} (System Requirements Lab) - http://www.srtest.com/srl_bin/sysreqlab3.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/ ... e.cab?1199015408765
O16 - DPF: {67A5F8DC-1A4B-4D66-9F24-A704AD929EEE} (System Requirements Lab) - http://www.systemrequirementslab.com/sysreqlab2.cab
O16 - DPF: {7B297BFD-85E4-4092-B2AF-16A91B2EA103} (WScanCtl Class) - http://www.ca.com/us/securityadvisor/virusinfo/webscan.cab
O16 - DPF: {A22B8FD2-4CAA-4EFB-82F7-680CD656D9B0} (NowStarter Control) - http://www.gogobox.com.tw/neo.fld/GNowStarter.cab
O16 - DPF: {A93FB56D-2F76-4DD7-8E38-9B1EB38C88A5} (SecureSession Class) - http://warranty.samsungmcs.com.hk:8080/plugIn/SecuiSECIE.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMessengerSetupDownloader.cab
O16 - DPF: {BE34BAB0-0580-45BC-AEC8-E0EF00C11F57} (GTWebCom Control) - http://hkma.towergame.com/common/GTWebCom.cab
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Kingsoft Personal Firewall Service (KPfwSvc) - Kingsoft Corporation - C:\KIS2007\KPfwSvc.EXE
O23 - Service: Kingsoft Antivirus KWatch Service (KWatchSvc) - Kingsoft Corporation - C:\KIS2007\KWatch.EXE
O23 - Service: 厙釐督昢 (Network Services) - Unknown owner - C:\WINDOWS\MayaBaby\MayaBabyMain.exe (file missing)
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\Common Files\PCSuite\Services\ServiceLayer.exe
O23 - Service: StarWind iSCSI Service (StarWindService) - Rocket Division Software - E:\Alcohol\Alcohol 120\StarWind\StarWindService.exe

--
End of file - 10191 bytes






TOP

按左下角開始 > 執行 > 貼上以下內容 > 確定

services.msc

  • 用滑鼠右鍵以下服務名稱:

    厙釐督昢

  • 內容
  • 啟動類型之下按已停用
  • 套用
  • 服務狀態之下按停止
  • 確定




執行 HijackThis 掃描電腦. 然後勾選以下項目左面的方格. 關閉所有視窗及瀏覽器,按 Fix checked,然後關閉 HijackThis

O2 - BHO: 厙桴齬靡馱撿沭BHO - {489873CE-F3E1-44A3-8E89-04BE26BE4446} - C:\Program Files\zzToolBar\Toolbar_bho.dll

O3 - Toolbar: 厙桴齬靡馱撿沭 - {0A1230F1-EB52-4CA3-9D34-DE2ABC2EED35} - C:\Program Files\zzToolBar\ToolBand.dll

O4 - HKCU\..\Run: [jvsoft] C:\WINDOWS\system32\j3ewro.exe

O4 - HKCU\..\Run: [tasoft] C:\WINDOWS\system32\kxvo.exe




下載 ComboFix桌面

http://download.bleepingcomputer.com/sUBs/ComboFix.exe

  • 執行 ComboFix

    注意: 為防止保安軟件將 ComboFix 錯誤列為危險檔案. 執行 ComboFix 之前請將防毒軟件及反間諜軟件暫時關閉. 另外,ComboFix 運作其間請勿執行任何程式或用滑鼠點擊 ComboFix 視窗.

  • ComboFix 會彈出視窗,按是 (Y)
  • 程式會進行掃描,其間桌面可能會暫時消失. 完成掃描後,程式會自動關閉.
  • 之後 ComboFix 記錄會彈出,記錄會自動儲存於 C:\ComboFix.txt
  • 重新啓動電腦.




下載 System Repair Engineer

http://www.kztechs.com/eng/download.html

  • System Repair Engineer 資料夾解壓至桌面.
  • 執行 SREngLdr
  • 選擇 Smart Scan,再按 Scan 進行掃描.
  • 完成掃描後,按 Save Reports 儲存 System Repair Engineer 掃描記錄.
  • 貼上 System Repair EngineerComboFix 掃描記錄.



實用相關搜尋: Spa 軟件 電腦
All Your Malware Are Belong To Us

TOP

[隱藏]
引用:
原帖由 geck789 於 2008-9-24 01:07 PM 發表
按左下角開始 > 執行 > 貼上以下內容 > 確定

services.msc

用滑鼠右鍵以下服務名稱:

厙釐督昢

按內容
啟動類型之下按已停用
按套用
服務狀態之下按停止
按確定



執行 Hija ...
Hello

I have the same problem too, but I didn't know the red words below in chinese , what is it in English ?

按左下角開始 > 執行 > 貼上以下內容 > 確定

services.msc

    * 用滑鼠右鍵以下服務名稱:

      厙釐督昢 <= this chinese in Eng are ?

    * 按內容
    * 啟動類型之下按已停用
    * 按套用
    * 服務狀態之下按停止
    * 按確定

Thank you very much



實用相關搜尋: Spa
Expendables2

TOP

引用:
原帖由 geck789 於 2008-9-24 01:07 PM 發表
按左下角開始 > 執行 > 貼上以下內容 > 確定

services.msc

用滑鼠右鍵以下服務名稱:

厙釐督昢

按內容
啟動類型之下按已停用
按套用
服務狀態之下按停止
按確定



執行 Hija ...
在執行第一步時,即
[按左下角開始 > 執行 > 貼上以下內容 > 確定
services.msc],
電腦彈出視窗「開啟檔案 - 選擇您想要用來開啟檔案的程式」。

它有「建議程式」及「其他程式」供選擇,
但全都是Flashget,Office,IE等程式。
並沒有出現預期的程序。

我想,又要麻煩管理員了,謝謝…



實用相關搜尋: Spa 電腦

TOP

略過第一個步驟.


實用相關搜尋: Spa
All Your Malware Are Belong To Us

TOP

以下為 ComboFix Report:

ComboFix 08-09-24.08 - user 2008-09-25 13:48:22.1 - NTFSx86
Microsoft Windows XP Professional  5.1.2600.2.950.886.1028.18.185 [GMT 8:00]
執行位置: C:\Documents and Settings\user\桌面\ComboFix.exe
* 已建立新的還原點
* Resident AV is active

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.
((((((((((((((((((((((((((((((((((((((   其他遭刪除的檔案   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\Autorun.inf
C:\Documents and Settings\All Users\Application Data\t
C:\Documents and Settings\All Users\Application Data\t\a1637.dat
C:\Documents and Settings\All Users\Application Data\t\b1637.dat
C:\Documents and Settings\All Users\Application Data\t\k1637.dat
C:\Documents and Settings\All Users\Application Data\t\p1637.dat
C:\Documents and Settings\All Users\Application Data\t\r1637.dat
C:\Documents and Settings\All Users\Documents\My Music\Desktop_.ini
C:\Documents and Settings\All Users\Documents\My Music\My Playlists\Desktop_.ini
C:\Documents and Settings\All Users\Documents\My Music\Sample Playlists\000B60C7\Desktop_.ini
C:\Documents and Settings\All Users\Documents\My Music\Sample Playlists\Desktop_.ini
C:\Documents and Settings\All Users\Documents\My Music\Sync Playlists\0015DF9C\Desktop_.ini
C:\Documents and Settings\All Users\Documents\My Music\Sync Playlists\Desktop_.ini
C:\Documents and Settings\All Users\Documents\My Music\範例音樂\Desktop_.ini
C:\Documents and Settings\All Users\Documents\My Music\範例音樂\新資料夾\Desktop_.ini
C:\Documents and Settings\All Users\Documents\My Pictures\Desktop_.ini
C:\Documents and Settings\All Users\Documents\My Pictures\範例圖片\Desktop_.ini
C:\Documents and Settings\All Users\Documents\My Videos\Desktop_.ini
C:\Documents and Settings\All Users\Documents\Sports Interactive\Desktop_.ini
C:\Documents and Settings\All Users\Documents\Sports Interactive\FM 2006 Data Editor\Desktop_.ini
C:\Documents and Settings\All Users\Documents\Sports Interactive\Football Manager 2005\Desktop_.ini
C:\Documents and Settings\All Users\Documents\Sports Interactive\Football Manager 2006\Desktop_.ini
C:\Documents and Settings\All Users\Documents\Sports Interactive\Football Manager 2007\db\Desktop_.ini
C:\Documents and Settings\All Users\Documents\Sports Interactive\Football Manager 2007\Desktop_.ini
C:\Documents and Settings\All Users\Documents\Sports Interactive\Football Manager 2007\skins\Desktop_.ini
C:\Documents and Settings\All Users\Documents\Sports Interactive\Football Manager 2007\sounds\Desktop_.ini
C:\Documents and Settings\user\Cookies\user@history.hk.search.yahoo[2].txt
C:\Documents and Settings\user\Cookies\user@specificclick[2].txt
C:\Documents and Settings\user\Cookies\user@statcounter[2].txt
C:\Documents and Settings\user\Cookies\user@tgd.timesonline.co[1].txt
C:\Documents and Settings\user\Cookies\user@yahoo[1].txt
C:\Program Files\Common Files\PushWare
C:\Program Files\Common Files\PushWare\Uninst.exe
C:\Program Files\ShoppingReport
C:\Program Files\zzToolBar
C:\Program Files\zzToolBar\IP.dat
C:\Program Files\zzToolBar\SearchEngineConfig
C:\Program Files\zzToolBar\ToolBand.dll
C:\Program Files\zzToolBar\uISGRLFile.dat
C:\Program Files\zzToolBar\Uninstall.exe
C:\strategy.txt
C:\WINDOWS\AppPatch\Custom\{deb7008b-681e-4a4a-8aae-cc833e8216ce}.sdb
C:\WINDOWS\Aseo\pbhealth.dll
C:\WINDOWS\Downloaded Program Files.\d6o9.dll
C:\WINDOWS\Downloaded Program Files.\e7ffip6.dll
C:\WINDOWS\Downloaded Program Files.\i0i7ty3a.dll
C:\WINDOWS\Downloaded Program Files.\jhd.dll
C:\WINDOWS\Downloaded Program Files.\o8ua00f6.dll
C:\WINDOWS\Downloaded Program Files.\p5sf.dll
C:\WINDOWS\Downloaded Program Files.\q49c.dll
C:\WINDOWS\Downloaded Program Files.\ssnku2.dll
C:\WINDOWS\Downloaded Program Files.\zfmm.dll
C:\WINDOWS\KB611311.log
C:\WINDOWS\MayaBaby
C:\WINDOWS\MayaBaby\MayaBabyDll.dat
C:\WINDOWS\sebs
C:\WINDOWS\sebs\pbhealth.dll
C:\WINDOWS\system32\d3d1caps.srg
C:\WINDOWS\system32\drivers\acpidisk.sys
C:\WINDOWS\system32\gprmsgse.axz
C:\WINDOWS\system32\gscpx32r.det
C:\WINDOWS\system32\ini.~tmp
C:\WINDOWS\system32\j3ewro.exe
C:\WINDOWS\system32\jwedsfdo0.dll
C:\WINDOWS\system32\jwedsfdo1.dll
C:\WINDOWS\system32\key.~tmp
C:\WINDOWS\system32\kxvo.exe
C:\WINDOWS\system32\kxvo0.dll
C:\WINDOWS\system32\kxvo1.dll
C:\WINDOWS\system32\mprmsgse.axz
C:\WINDOWS\system32\setyahoo.ini
C:\WINDOWS\system32\t9g08j.dll
C:\WINDOWS\system32\YpUM75.dll
C:\WINDOWS\TEMP\~my1.tmp
E:\Autorun.inf
E:\spkr9wou.bat
E:\vmyphd.bat
E:\x.cmd






TOP

.
(((((((((((((((((((((((((((((((((((((((   Drivers/Services   )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_ACPIDISK
-------\Legacy_NETWORK_SERVICES
-------\Legacy_XPROTECTOR
-------\Service_acpidisk
-------\Service_Apcdli
-------\Service_Network Services
-------\Service_XPROTECTOR


((((((((((((((((((((((((((((   2008-08-25 - 2008-09-25 之間建立的檔案  )))))))))))))))))))))))))))))))))
.

2008-09-25 11:04 . 2008-09-25 11:03        117,648        -r-hs----        C:\0jbnlnu8.exe
2008-09-25 10:57 . 2008-09-24 15:46        117,803        -r-hs----        C:\qjfl.exe
2008-09-23 16:04 . 2008-09-23 16:04        <DIR>        d--------        C:\Program Files\Trend Micro
2008-09-23 15:46 . 2008-09-24 16:09        109        --a------        C:\WINDOWS\system\io9287.drv
2008-09-23 11:32 . 2008-09-23 11:42        <DIR>        d--------        C:\WINDOWS\BDOSCAN8
2008-09-23 11:29 . 2004-08-04 20:00        22,016        --a------        C:\WINDOWS\system32\drivers\osazwx.sys
2008-09-23 10:44 . 2008-09-25 14:00        <DIR>        d--------        C:\WINDOWS\Aseo
2008-09-23 10:34 . 2008-09-23 11:29        133        --a------        C:\WINDOWS\system32\7G4eY5.bat
2008-09-23 10:27 . 2008-09-23 10:27        133        --a------        C:\WINDOWS\system32\rh7z98.bat
2008-09-23 10:27 . 2008-09-23 10:27        133        --a------        C:\WINDOWS\system32\iT31a9.bat
2008-09-22 12:40 . 2008-09-23 15:53        116,889        -r-hs----        C:\1xxec.exe
2008-09-21 17:00 . 2008-09-21 17:01        <DIR>        d--------        C:\Documents and Settings\user\Application Data\Mount&Blade
2008-09-03 19:20 . 2008-09-03 19:20        5,234        --a------        C:\WINDOWS\system32\mstmpxmlfun.xml
2008-09-03 07:47 . 2008-09-03 12:35        <DIR>        d--------        C:\WINDOWS\system32\CatRoot_bak

.
((((((((((((((((((((((((((((((((((((   近三個月內更動的檔案   )))))))))))))))))))))))))))))))))))))))))))))))
.
2008-09-25 05:44        ---------        d-----w        C:\Program Files\FlashGet
2008-09-23 11:31        1,380,414        ----a-w        C:\WINDOWS\system32\npscan.dll
2008-09-23 05:56        ---------        d-----w        C:\Program Files\ktip
2008-09-03 04:16        ---------        d-----w        C:\Documents and Settings\user\Application Data\ShoppingReport
2008-08-19 16:31        ---------        d-----w        C:\Program Files\Gamania
2008-08-08 06:43        ---------        d-----w        C:\Documents and Settings\user\Application Data\AdobeUM
2008-07-18 14:10        94,920        ----a-w        C:\WINDOWS\system32\cdm.dll
2008-07-18 14:10        53,448        ----a-w        C:\WINDOWS\system32\wuauclt.exe
2008-07-18 14:10        45,768        ----a-w        C:\WINDOWS\system32\wups2.dll
2008-07-18 14:10        36,552        ----a-w        C:\WINDOWS\system32\wups.dll
2008-07-18 14:09        563,912        ----a-w        C:\WINDOWS\system32\wuapi.dll
2008-07-18 14:09        325,832        ----a-w        C:\WINDOWS\system32\wucltui.dll
2008-07-18 14:09        205,000        ----a-w        C:\WINDOWS\system32\wuweb.dll
2008-07-18 14:09        1,811,656        ----a-w        C:\WINDOWS\system32\wuaueng.dll
2008-07-07 20:30        253,952        ----a-w        C:\WINDOWS\system32\es.dll
2006-01-05 11:22        46,840        -c--a-w        C:\Documents and Settings\user\Application Data\GDIPFONTCACHEV1.DAT
2005-04-24 10:05        457        -c--a-w        C:\Program Files\INSTALL.LOG
2001-11-22 13:08        712,704        -c--a-w        C:\WINDOWS\inf\OTHER\AUDIO3D.DLL
.

------- Sigcheck -------

2004-08-04 20:00  14336  723ba2efe4a16774e98f53d7ac6c71fd        C:\WINDOWS\system32\svchost.exe
2004-08-04 20:00  14336  723ba2efe4a16774e98f53d7ac6c71fd        C:\WINDOWS\system32\dllcache\svchost.exe

2004-08-04 20:00  82944  8a39164f7884644723cd7acc913260af        C:\WINDOWS\system32\ws2_32.dll
2004-08-04 20:00  82944  8a39164f7884644723cd7acc913260af        C:\WINDOWS\system32\dllcache\ws2_32.dll

2004-08-04 20:00  487936  7189e588041174198281933eb2ca449c        C:\WINDOWS\system32\winlogon.exe
2004-08-04 20:00  487936  7189e588041174198281933eb2ca449c        C:\WINDOWS\system32\dllcache\winlogon.exe

2004-08-04 20:00  182912  558635d3af1c7546d26067d5d9b6959e        C:\WINDOWS\system32\dllcache\ndis.sys
2004-08-04 20:00  182912  558635d3af1c7546d26067d5d9b6959e        C:\WINDOWS\system32\drivers\ndis.sys

2004-08-04 20:00  29056  4448006b6bc60e6c027932cfc38d6855        C:\WINDOWS\system32\dllcache\ip6fw.sys
2004-08-04 20:00  29056  4448006b6bc60e6c027932cfc38d6855        C:\WINDOWS\system32\drivers\ip6fw.sys

2007-06-18 19:39  977920  3ddb98936b29019549c6fbabd86846e7        C:\WINDOWS\explorer.exe
2007-06-18 19:41  977920  d1822278f43e2850e03ef36d29686d4f        C:\WINDOWS\$hf_mig$\KB938828\SP2QFE\explorer.exe
2004-08-04 20:00  976896  453888766da789f18fbbf5b20e4bc17f        C:\WINDOWS\$NtUninstallKB938828$\explorer.exe
2007-06-18 19:39  977920  3ddb98936b29019549c6fbabd86846e7        C:\WINDOWS\SoftwareDistribution\Download\9d5c1d99957d44de27929ec25364cf95\SP2GDR\explorer.exe
2007-06-18 19:41  977920  d1822278f43e2850e03ef36d29686d4f        C:\WINDOWS\SoftwareDistribution\Download\9d5c1d99957d44de27929ec25364cf95\SP2QFE\explorer.exe
2007-06-18 19:39  977920  3ddb98936b29019549c6fbabd86846e7        C:\WINDOWS\system32\dllcache\explorer.exe

2004-08-04 20:00  108032  90463a559a0d57b5d4b3e698e1bdde92        C:\WINDOWS\system32\services.exe
2004-08-04 20:00  108032  90463a559a0d57b5d4b3e698e1bdde92        C:\WINDOWS\system32\dllcache\services.exe

2004-08-04 20:00  13312  4bca771a81625259affaa218e0111d76        C:\WINDOWS\system32\lsass.exe
2004-08-04 20:00  13312  4bca771a81625259affaa218e0111d76        C:\WINDOWS\system32\dllcache\lsass.exe

2004-08-04 20:00  15360  3bcef6b66827ec0b9923d20e62d067ba        C:\WINDOWS\system32\ctfmon.exe
2004-08-04 20:00  15360  3bcef6b66827ec0b9923d20e62d067ba        C:\WINDOWS\system32\dllcache\ctfmon.exe

2005-06-11 08:17  57856  ad3d9d191aea7b5445fe1d82ffbb4788        C:\WINDOWS\$hf_mig$\KB896423\SP2QFE\spoolsv.exe
2004-08-04 20:00  57856  620b82889828fbe013ac6ad60f8e3fdb        C:\WINDOWS\$NtUninstallKB896423$\spoolsv.exe
2005-06-11 07:53  57856  da81ec57acd4cdc3d4c51cf3d409af9f        C:\WINDOWS\SoftwareDistribution\Download\fd12c1a8dddd70c73dccf9099b988e57\sp2gdr\spoolsv.exe
2005-06-11 08:17  57856  ad3d9d191aea7b5445fe1d82ffbb4788        C:\WINDOWS\SoftwareDistribution\Download\fd12c1a8dddd70c73dccf9099b988e57\sp2qfe\spoolsv.exe
2005-06-11 07:53  57856  ce6c9ebf58644837e2a940071b960f48        C:\WINDOWS\system32\spoolsv.exe
2005-06-11 07:53  57856  da81ec57acd4cdc3d4c51cf3d409af9f        C:\WINDOWS\system32\dllcache\spoolsv.exe

2004-08-04 20:00  23552  f3a20a3c6a4df7fe038f4cca70080b10        C:\WINDOWS\system32\userinit.exe
2004-08-04 20:00  23552  f3a20a3c6a4df7fe038f4cca70080b10        C:\WINDOWS\system32\dllcache\userinit.exe



實用相關搜尋: Spa Software

TOP

[隱藏]
.
((((((((((((((((((((((((((((((((((((((((((   重要登錄檔   )))))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*注意* 空白或合法的登錄值將不會顯示
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 15360]
"cSync"="C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe" [2006-06-27 1449984]
"DAEMON Tools Lite"="C:\Program Files\DAEMON Tools Lite\daemon.exe" [2008-03-21 486856]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IMJPMIG8.1"="C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" [2004-08-03 208952]
"PHIDPAD"="C:\WINPENJR\Win32\pphidpad.exe" [2004-09-16 61440]
"HP Software Update"="C:\Program Files\HP\HP Software Update\HPWuSchd.exe" [2003-08-04 49152]
"HP Component Manager"="C:\Program Files\HP\hpcoretech\hpcmpmgr.exe" [2003-12-22 241664]
"CJIMETIPSYNC"="C:\Program Files\Common Files\Microsoft Shared\IME\IMTC65\CHANGJIE\CINTLCFG.EXE" [2003-07-14 63040]
"HIMETIPSYNC"="C:\Program Files\Common Files\Microsoft Shared\IME\IMTC65\PHONETIC\TINTLCFG.EXE" [2003-07-14 95296]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2006-10-22 7700480]
"CSuiteTrayApplication"="C:\PROGRA~1\Nokia\NOKIAP~1\LAUNCH~1.EXE" [2006-06-15 229376]
"KavStart"="C:\KIS2007\KAVStart.exe" [2007-11-09 139264]
"IMEKRMIG6.1"="C:\WINDOWS\ime\imkr6_1\IMEKRMIG.EXE" [2001-09-17 44032]
"MSPY2002"="C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe" [2004-08-04 59392]
"HIME2002ASync"="C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-08-04 455168]
"PHIME2002A"="C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-08-04 455168]
"DAEMON Tools-1033"="C:\Program Files\D-Tools\daemon.exe" [2004-08-22 81920]
"NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [2006-10-22 86016]
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [2005-04-24 180269]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2005-04-24 98304]
"Flashget"="C:\PROGRA~1\FlashGet\FlashGet.exe" [2007-09-11 1998896]
"nwiz"="nwiz.exe" [2006-10-22 C:\WINDOWS\system32\nwiz.exe]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
"WIAWizardMenu"="C:\WINDOWS\system32\sti_ci.dll" [2004-08-04 133632]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-04 15360]
"DWQueuedReporting"="C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" [2007-03-13 39264]

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^「開始」功能表^程式集^啟動^Adobe Gamma Loader.lnk]
backup=C:\WINDOWS\pss\Adobe Gamma Loader.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^「開始」功能表^程式集^啟動^HP Digital Imaging Monitor.lnk]
backup=C:\WINDOWS\pss\HP Digital Imaging Monitor.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^user^「開始」功能表^程式集^啟動^Adobe Gamma.lnk]
backup=C:\WINDOWS\pss\Adobe Gamma.lnkStartup
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinVNC

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Hotplug]
--a------ 2003-12-19 17:37 163840 C:\Program Files\Silicon Integrated Systems\SiSRaidPackage\hot_plug.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Mirabilis ICQ]
--a--c--- 2003-10-15 00:36 38984 C:\PROGRA~1\ICQ\ICQNet.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
--------- 2004-10-14 00:24 1694208 C:\Program Files\Messenger\msmsgs.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
--a--c--- 2001-07-09 11:50 155648 C:\WINDOWS\system32\NeroCheck.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
--a------ 2005-04-24 14:15 98304 C:\Program Files\QuickTime\qttask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
--a--c--- 2007-09-25 01:11 132496 C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
--a------ 2005-04-24 18:35 180269 C:\Program Files\Common Files\Real\Update_OB\realsched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"winvnc"=2 (0x2)
"NOD32krn"=2 (0x2)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\ICQ\\Icq.exe"=
"C:\\WINDOWS\\system32\\dpvsetup.exe"=
"C:\\Program Files\\ALI213\\bt.exe"=
"C:\\WINDOWS\\system32\\dpnsvr.exe"=
"C:\\Program Files\\Intuwave Ltd\\Shared\\mRouterRunTime\\mRouterRuntime.exe"=
"E:\\warcraft\\Warcraft III\\Warcraft III.exe"=
"E:\\BT\\123\\BitComet\\BitComet.exe"=
"C:\\Program Files\\Messenger\\msmsgs.exe"=
"E:\\SopCast\\SopCast.exe"=
"C:\\Documents and Settings\\user\\Application Data\\SopCast\\adv\\SopAdver.exe"=
"E:\\Theme\\Nokia\\Carbide.ui S60 Theme Edition 3.1\\JRE\\bin\\javaw.exe"=
"C:\\Program Files\\NextLink\\GOGOBOX\\GFSCAgent.exe"=
"C:\\Program Files\\NextLink\\GOGOBOX\\gogobox.exe"=
"C:\\Program Files\\Foxy\\Foxy.exe"=
"E:\\PES2008\\KONAMI\\Pro Evolution Soccer 2008\\PES2008.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"C:\\Program Files\\MSN Messenger\\msnmsgr.exe"=
"C:\\Program Files\\MSN Messenger\\livecall.exe"=
"E:\\Online TV\\PPStream\\PPStream.exe"=
"E:\\Online TV\\PPStream\\PPSAP.exe"=
"C:\\Program Files\\FlashGet\\flashget.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"7454:TCP"= 7454:TCP:BitComet 7454 TCP
"7454:UDP"= 7454:UDP:BitComet 7454 UDP
"21528:TCP"= 21528:TCP:BitComet 21528 TCP
"21528:UDP"= 21528:UDP:BitComet 21528 UDP
"3389:TCP"= 3389:TCPxpsp2res.dll,-22009
"8144:TCP"= 8144:TCP:Foxy (192.168.1.100:8144) 8144 TCP
"8144:UDP"= 8144:UDP:Foxy (192.168.1.100:8144) 8144 UDP

R0 cdyfr;cdyfr;C:\WINDOWS\system32\drivers\cdyfr.sys [2004-08-04 28800]
R0 wzfqg;wzfqg;C:\WINDOWS\system32\drivers\wzfqg.sys [2004-08-04 23392]
R1 KNetWch;KNetWch;C:\KIS2007\KNetWch.SYS [2007-11-09 24784]
R1 KWatch3;KWatch3;C:\WINDOWS\system32\drivers\KWatch3.SYS [2007-11-09 35328]
R1 oreans32;oreans32;C:\WINDOWS\system32\drivers\oreans32.sys [2006-09-21 33920]
R1 ppmoucls;ppmoucls;C:\WINDOWS\system32\DRIVERS\ppmoucls.sys [2001-07-18 20704]
R1 pptchpad;PenPower Touchpad;C:\WINDOWS\system32\DRIVERS\pptchpd5.sys [2002-01-02 17216]
R2 osazwx;osazwx;C:\WINDOWS\system32\drivers\osazwx.sys [2004-08-04 22016]
S0 a7o5;a7o5;C:\WINDOWS\system32\drivers\a7o5.sys [ ]
S0 w9t7;w9t7;C:\WINDOWS\system32\drivers\w9t7.sys [ ]
S2 msjjmr;msjjmr;C:\WINDOWS\system32\drivers\msjjmr.sys [ ]
S2 nslafh;nslafh;C:\WINDOWS\system32\drivers\nslafh.sys [ ]
S2 ospaye;ospaye;C:\WINDOWS\system32\drivers\ospaye.sys [ ]
S2 osrvog;osrvog;C:\WINDOWS\system32\drivers\osrvog.sys [ ]
S3 pacdcacm;pacdcacm;C:\WINDOWS\system32\DRIVERS\pacdcacm.sys [2005-06-15 26496]
S3 x800bus;Panasonic X800 Composite Device driver (WDM);C:\WINDOWS\system32\DRIVERS\x800bus.sys [2005-01-21 52480]
S3 x800mdfl;Panasonic X800 Connectivity Filter Driver;C:\WINDOWS\system32\DRIVERS\x800mdfl.sys [2005-01-21 6032]
S3 x800mdm;Panasonic X800 Connectivity Driver;C:\WINDOWS\system32\DRIVERS\x800mdm.sys [2005-01-21 87040]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{10095d82-7718-11db-9d77-000b6a603b11}]
\Shell\AutoRun\command - I:\tj8odymw.exe
\Shell\explore\Command - I:\tj8odymw.exe
\Shell\open\Command - I:\tj8odymw.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{30329962-a231-11db-9e2b-000b6a603b11}]
\Shell\AutoRun\command - G:\AUTORUN.EXE

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{4a111e56-5665-11dc-a29c-000b6a603b11}]
\Shell\AutoRun\command - I:\dp.exe
\Shell\explore\Command - I:\dp.exe
\Shell\open\Command - I:\dp.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{87bd802a-5d65-11dd-b8e4-000b6a603b11}]
\Shell\AutoRun\command - wscript.exe .\.vbs
\Shell\open\command - wscript.exe .\.vbs

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{ed581d16-b215-11db-9e68-000b6a603b11}]
\Shell\AutoRun\command - wscript.exe .\.vbs
\Shell\open\command - wscript.exe .\.vbs

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{f4be5a0a-fef7-11da-9adf-000b6a603b11}]
\Shell\AutoRun\command - D:\Autorun.exe
.
排程工作資料夾的內容
.



實用相關搜尋: Spa Software Java Microsoft

TOP

- - - - ORPHANS REMOVED - - - -

HKLM-Run-NWEReboot - (no file)
HKLM-Run-ClubBox - (no file)
MSConfigStartUp-DAEMON Tools - E:\DAEMON Tools\daemon.exe


.
------- Supplementary Scan -------
.
R0 -: HKCU-Main,SearchMigratedDefaultURL = hxxp://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?}
R0 -: HKCU-Main,Start Page = www.3929.cn?tn=10279
R1 -: HKCU-Internet Connection Wizard,ShellNext = iexplore
O8 -: &使用 FlashGet 下載 - C:\PROGRA~1\FlashGet\jc_link.htm
O8 -: &使用BitComet下載本頁視訊 - E:\BT\123\BitComet\BitComet.exe/AddVideo.htm
O8 -: &全部使用 FlashGet 下載 - C:\PROGRA~1\FlashGet\jc_all.htm
O8 -: Foxy 下載 - C:\Program Files\Foxy\Foxy.exe/download.htm
O8 -: Foxy 搜尋 - C:\Program Files\Foxy\Foxy.exe/search.htm
O8 -: 使用BitComet下載全部連結 - E:\BT\123\BitComet\BitComet.exe/AddAllLink.htm
O8 -: 使用BitComet下載連結(&B) - E:\BT\123\BitComet\BitComet.exe/AddLink.htm
O9 -: {D18A0B52-D63C-4ed0-AFC6-C1E3DC1AF43A} - res://E:\BT\123\BitComet\tools\BitCometBHO_1.2.2.28.dll/206
O9 -: {D18A0B52-D63C-4ed0-AFC6-C1E3DC1AF43A} - res://E:\BT\123\BitComet\tools\BitCometBHO_1.2.2.28.dll/206 -
O18 -: Handler: copernicagent - {A979B6BD-E40B-4A07-ABDD-A62C64A4EBF6} - C:\PROGRA~1\COPERN~1\COPERN~1.DLL
O18 -: Handler: copernicagentcache - {AAC34CFD-274D-4A9D-B0DC-C74C05A67E1D} - C:\PROGRA~1\COPERN~1\COPERN~1.DLL

O16 -: Microsoft XML Parser for Java - C:\WINDOWS\Downloaded Program Files\Microsoft XML Parser for Java.osd

O16 -: {05BCE06B-A300-4C4E-A42F-4C04BCCDE63B} - hxxp://weblogin.talesrunner.com.hk/TRLuncherROC.cab
C:\WINDOWS\Downloaded Program Files\TRLuncherROC.inf
C:\WINDOWS\Downloaded Program Files\TRLuncherROC.ocx

O16 -: {1E54D648-B804-468d-BC78-4AFFED8E262E} - hxxp://www.srtest.com/srl_bin/sysreqlab3.cab
C:\WINDOWS\Downloaded Program Files\SysReqLab3.osd
C:\WINDOWS\Downloaded Program Files\sysreqlab3.dll

O16 -: {A22B8FD2-4CAA-4EFB-82F7-680CD656D9B0} - hxxp://www.gogobox.com.tw/neo.fld/GNowStarter.cab
C:\WINDOWS\Downloaded Program Files\GNowStarter.inf
C:\WINDOWS\system32\atl.dll
C:\Program Files\NextLink\GOGOBOX\GNowStarter.ocx

O16 -: {A93FB56D-2F76-4DD7-8E38-9B1EB38C88A5} - hxxp://warranty.samsungmcs.com.hk:8080/plugIn/SecuiSECIE.cab
C:\WINDOWS\Downloaded Program Files\SecuiSEC.inf
C:\WINDOWS\system32\SecuiSEC.dll
C:\WINDOWS\system32\SecuiSECJsa.dll
C:\WINDOWS\system32\SecuiSecIE.dll

O16 -: {BE34BAB0-0580-45BC-AEC8-E0EF00C11F57} - hxxp://hkma.towergame.com/common/GTWebCom.cab
C:\WINDOWS\Downloaded Program Files\GTWebCom.ocx
.
.
------- File Associations -------
.
chm.file="hh.exe" %1
.

**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-09-25 14:04:14
Windows 5.1.2600 Service Pack 2 NTFS

掃描隱藏的程序...

掃描隱藏的進程...

掃描隱藏的檔案...

掃描完成
隱藏檔案: 0

**************************************************************************
.
------------------------ Other Running Processes ------------------------
.
C:\Program Files\Windows Defender\MsMpEng.exe
C:\KIS2007\KWatch.EXE
C:\WINDOWS\system32\conime.exe
C:\KIS2007\KPFWSvc.EXE
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\MDM.EXE
C:\WINDOWS\system32\nvsvc32.exe
E:\Alcohol\Alcohol 120\StarWind\StarWindService.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Common Files\PCSuite\Services\ServiceLayer.exe
C:\KIS2007\KMailMon.EXE
C:\PROGRA~1\COMMON~1\Nokia\MPAPI\MPAPI3s.exe
C:\Program Files\HP\hpcoretech\comp\hptskmgr.exe
.
**************************************************************************
.
完成時間: 2008-09-25 14:12:15 - machine was rebooted
ComboFix-quarantined-files.txt  2008-09-25 06:12:08

Pre-Run: 1,519,644,672 位元組可用
Post-Run: 4,706,189,312 位元組可用

375        --- E O F ---        2008-09-24 07:03:02



實用相關搜尋: Spa Java Samsung Microsoft blog

TOP

對不起,沒想到 ComboFix 的 report超過了3遍回覆,
以下為System Repair Engineer的report,
我已上傳到sendspace。
按此

謝謝。

[ 本帖最後由 onor 於 2008-9-25 05:33 PM 編輯 ]



實用相關搜尋: Spa

TOP

下載 fix.bfu桌面

http://www.sendspace.com/file/tec9ps



下載 Brute Force Uninstaller桌面

http://www.merijn.org/files/bfu.zip

  • 解壓 BFU 資料夾至 C:\
  • 執行 BFU
  • Open script file
  • 選擇 fix.bfu,然後按開啟
  • Execute. 程式完成指令後會有提示,之後按確定
  • Exit 關閉程式.




重新啟動電腦. 用 F-Secure Online Virus Scanner 檢查一次.

F-Secure Online Virus Scanner 使用教學:

http://discuss.com.hk/viewthread.php?tid=944141



完成檢查後用 System Repair Engineer 掃描電腦,貼上 System Repair EngineerF-Secure Online Virus Scanner 記錄.







All Your Malware Are Belong To Us

TOP

以下為F-secure 及 System Repairing Engineer報告,

已分別上傳到sendspace。

F-secure
System Repairing Engineer

謝謝!



實用相關搜尋: Spa

TOP

[隱藏]
執行 System Repair Engineer

  • Boot Items 之下點選 Registry
  • 逐一點選以下項目,按 Delete

    <jvsoft>
    <tasoft>


  • 之後會彈出一個視窗,按 Yes
  • 關閉 System Repair Engineer




下載 Dr.Web CureIT!桌面

ftp://ftp.drweb.com/pub/drweb/cureit/launch.exe



下載 OTMoveIt2桌面

http://download.bleepingcomputer.com/oldtimer/OTMoveIt2.exe

  • 執行 OTMoveIt2
  • 於程式內左面視窗 Paste Standard List of Files/Folders to Move 貼上以下路徑:

    C:\Autorun.Inf
    C:\xpq63xl.exe
    C:\WINDOWS\system32\j3ewro.exe
    C:\WINDOWS\system32\kxvo.exe
    C:\WINDOWS\system32\jwedsfdo1.dll
    C:\WINDOWS\system32\kxvo1.dll
    E:\Autorun.Inf
    E:\xpq63xl.exe


  • 之後按 MoveIt!




重新啓動電腦按 F8 進入安全模式.

安全模式教學: (帖 #8)

http://discuss.com.hk/viewthread.php?tid=825496



執行 Dr.Web CureIT!

  • 開始
  • 確定進行約一分鐘快速掃描. 假如發現惡意程式,按全是進行清理.
  • 完成快速掃描後按自訂掃描,選擇 本機磁碟 ( C : )本機磁碟 ( E : ),然後按箭咀圖示進行掃描. 假如發現惡意程式,按全是進行清理.
  • 完成掃描後,按左上角檔案 > 儲存報告清單儲存記錄.
  • 關閉 Dr.Web CureIT!




重新啓動電腦. 用 System Repair Engineer 掃描電腦,然後貼上 System Repair EngineerDr.Web CureIT! 記錄.



實用相關搜尋: Spa 電腦
All Your Malware Are Belong To Us

TOP

伸延閱讀
 22 12
 提示:支持鍵盤翻頁 ←左 右→ 發新話題發佈投票

重要聲明:本討論區是以即時上載留言的方式運作,香港討論區對所有留言的真實性、完整性及立場等,不負任何法律責任。而一切留言之言論只代表留言者個人意 見,並非本網站之立場,讀者及用戶不應信賴內容,並應自行判斷內容之真實性。於有關情形下,讀者及用戶應尋求專業意見(如涉及醫療、法律或投資等問題)。 由於本討論區受到「即時上載留言」運作方式所規限,故不能完全監察所有留言,若讀者及用戶發現有留言出現問題,請聯絡我們。香港討論區有權刪除任何留言及拒絕任何人士上載留言 (刪除前或不會作事先警告及通知 ), 同時亦有不刪除留言的權利,如有任何爭議,管理員擁有最終的詮釋權 。用戶切勿撰寫粗言穢語、誹謗、渲染色情暴力或人身攻擊的言論,敬請自律。本網站保留一切法律權利。


Copyright©2003- Discuss.com.hk Limited. All Right Reserved.
版權所有,不得轉載。

10.0.1.10