打印

[求助] 首頁被挷架,不知明程式....只能提供NOD(已付HijackThis)

首頁被挷架,不知明程式....只能提供NOD(已付HijackThis) E-mail 此主題給朋友

[隱藏]
首頁曾被挷架
不知明程式自動行
同時按下Ctrl+Alt+Delete沒有反應
不能使用所有安全模式

所以只能提供ESET NOD32的日記



2008/9/23 下午 06:49:31 HTTP filter file http://www.wowoyb.cn/888/123/msn127.exe probably a variant of Win32/Adware.Cinmus application connection terminated - quarantined WONG-JZ5C7Z9HN9\sing Threat was detected upon access to web by the application: C:\Program Files\Internet Explorer\iexplore.exe.

2008/9/23 下午 06:49:17 HTTP filter file http://www.wowoyb.cn/888/123/setup4.exe a variant of Win32/Agent.OCX trojan connection terminated - quarantined WONG-JZ5C7Z9HN9\sing Threat was detected upon access to web by the application: C:\Program Files\Internet Explorer\iexplore.exe.

2008/9/23 下午 06:49:14 HTTP filter file http://www.wowoyb.cn/888/123/kunet.exe a variant of Win32/Adware.Cinmus application connection terminated - quarantined WONG-JZ5C7Z9HN9\sing Threat was detected upon access to web by the application: C:\Program Files\Internet Explorer\iexplore.exe.

2008/9/23 下午 06:49:06 HTTP filter file http://www.wowoyb.cn/888/124/shishi.exe Win32/PSW.WOW.BZI trojan connection terminated - quarantined WONG-JZ5C7Z9HN9\sing Threat was detected upon access to web by the application: C:\Program Files\Internet Explorer\iexplore.exe.

2008/9/23 下午 06:48:58 HTTP filter file http://www.wowoyb.cn/888/123/alexa.exe Win32/Agent.NXP trojan connection terminated - quarantined WONG-JZ5C7Z9HN9\sing Threat was detected upon access to web by the application: C:\Program Files\Internet Explorer\iexplore.exe.

2008/9/23 下午 06:48:45 HTTP filter file http://www.wowoyb.cn/888/124/msn080.exe probably a variant of Win32/Adware.Cinmus application connection terminated - quarantined WONG-JZ5C7Z9HN9\sing Threat was detected upon access to web by the application: C:\Program Files\Internet Explorer\iexplore.exe.

2008/9/23 下午 06:48:38 HTTP filter file http://www.wowoyb.cn/888/124/sychwqot.exe Win32/Agent.OES trojan connection terminated - quarantined WONG-JZ5C7Z9HN9\sing Threat was detected upon access to web by the application: C:\Program Files\Internet Explorer\iexplore.exe.

2008/9/23 下午 06:48:34 HTTP filter file http://www.wowoyb.cn/888/124/Setup707.exe Win32/TrojanDownloader.Delf.OHF trojan connection terminated - quarantined WONG-JZ5C7Z9HN9\sing Threat was detected upon access to web by the application: C:\Program Files\Internet Explorer\iexplore.exe.

2008/9/23 下午 06:48:31 HTTP filter file http://www.wowoyb.cn/888/124/3.exe probably a variant of Win32/TrojanClicker.Agent.NCZ trojan connection terminated - quarantined WONG-JZ5C7Z9HN9\sing Threat was detected upon access to web by the application: C:\Program Files\Internet Explorer\iexplore.exe.

2008/9/23 下午 06:48:18 HTTP filter file http://www.wowoyb.cn/888/124/fd33.exe probably a variant of Win32/TrojanDownloader.VB.NPP trojan connection terminated - quarantined WONG-JZ5C7Z9HN9\sing Threat was detected upon access to web by the application: C:\Program Files\Internet Explorer\iexplore.exe.

2008/9/23 下午 06:48:09 HTTP filter file http://www.wowoyb.cn/888/124/id6.exe probably a variant of Win32/Genetik trojan connection terminated - quarantined WONG-JZ5C7Z9HN9\sing Threat was detected upon access to web by the application: C:\Program Files\Internet Explorer\iexplore.exe.

2008/9/23 下午 06:48:03 HTTP filter file http://www.wowoyb.cn/888/124/1210.exe a variant of Win32/Adware.Cinmus application connection terminated - quarantined WONG-JZ5C7Z9HN9\sing Threat was detected upon access to web by the application: C:\Program Files\Internet Explorer\iexplore.exe.

2008/9/23 下午 06:42:03 HTTP filter file http://www.wowoyb.cn/888/124/Setup707.exe Win32/TrojanDownloader.Delf.OHF trojan connection terminated - quarantined WONG-JZ5C7Z9HN9\sing Threat was detected upon access to web by the application: C:\Program Files\Internet Explorer\iexplore.exe.

2008/9/23 下午 06:41:33 HTTP filter file http://www.wowoyb.cn/888/124/3.exe probably a variant of Win32/TrojanClicker.Agent.NCZ trojan connection terminated - quarantined WONG-JZ5C7Z9HN9\sing Threat was detected upon access to web by the application: C:\Program Files\Internet Explorer\iexplore.exe.

2008/9/23 下午 06:41:24 HTTP filter file http://www.wowoyb.cn/888/124/fd33.exe probably a variant of Win32/TrojanDownloader.VB.NPP trojan connection terminated - quarantined WONG-JZ5C7Z9HN9\sing Threat was detected upon access to web by the application: C:\Program Files\Internet Explorer\iexplore.exe.

[ 本帖最後由 sk2910113 於 2008-9-27 01:20 AM 編輯 ]



實用相關搜尋: Spa

TOP

2008/9/23 下午 06:41:17 HTTP filter file http://www.wowoyb.cn/888/124/id6.exe probably a variant of Win32/Genetik trojan connection terminated - quarantined WONG-JZ5C7Z9HN9\sing Threat was detected upon access to web by the application: C:\Program Files\Internet Explorer\iexplore.exe.

2008/9/23 下午 06:41:08 HTTP filter file http://www.wowoyb.cn/888/124/1210.exe a variant of Win32/Adware.Cinmus application connection terminated - quarantined WONG-JZ5C7Z9HN9\sing Threat was detected upon access to web by the application: C:\Program Files\Internet Explorer\iexplore.exe.

2008/9/23 下午 05:21:59 HTTP filter file http://www.wowoyb.cn/888/123/msn127.exe probably a variant of Win32/Adware.Cinmus application connection terminated - quarantined WONG-JZ5C7Z9HN9\sing Threat was detected upon access to web by the application: C:\Program Files\Internet Explorer\iexplore.exe.

2008/9/23 下午 05:21:46 HTTP filter file http://www.wowoyb.cn/888/123/setup4.exe a variant of Win32/Agent.OCX trojan connection terminated - quarantined WONG-JZ5C7Z9HN9\sing Threat was detected upon access to web by the application: C:\Program Files\Internet Explorer\iexplore.exe.

2008/9/23 下午 05:21:37 HTTP filter file http://www.wowoyb.cn/888/123/kunet.exe a variant of Win32/Adware.Cinmus application connection terminated - quarantined WONG-JZ5C7Z9HN9\sing Threat was detected upon access to web by the application: C:\Program Files\Internet Explorer\iexplore.exe.

2008/9/23 下午 05:21:21 HTTP filter file http://www.wowoyb.cn/888/124/shishi.exe Win32/PSW.WOW.BZI trojan connection terminated - quarantined WONG-JZ5C7Z9HN9\sing Threat was detected upon access to web by the application: C:\Program Files\Internet Explorer\iexplore.exe.

2008/9/23 下午 05:21:16 HTTP filter file http://www.wowoyb.cn/888/123/alexa.exe Win32/Agent.NXP trojan connection terminated - quarantined WONG-JZ5C7Z9HN9\sing Threat was detected upon access to web by the application: C:\Program Files\Internet Explorer\iexplore.exe.

2008/9/23 下午 05:21:07 HTTP filter file http://www.wowoyb.cn/888/124/msn080.exe probably a variant of Win32/Adware.Cinmus application connection terminated - quarantined WONG-JZ5C7Z9HN9\sing Threat was detected upon access to web by the application: C:\Program Files\Internet Explorer\iexplore.exe.

2008/9/23 下午 05:20:56 HTTP filter file http://www.wowoyb.cn/888/124/sychwqot.exe Win32/Agent.OES trojan connection terminated - quarantined WONG-JZ5C7Z9HN9\sing Threat was detected upon access to web by the application: C:\Program Files\Internet Explorer\iexplore.exe.

2008/9/23 下午 05:20:50 HTTP filter file http://www.wowoyb.cn/888/124/Setup707.exe Win32/TrojanDownloader.Delf.OHF trojan connection terminated - quarantined WONG-JZ5C7Z9HN9\sing Threat was detected upon access to web by the application: C:\Program Files\Internet Explorer\iexplore.exe.

2008/9/23 下午 05:20:44 HTTP filter file http://www.wowoyb.cn/888/124/3.exe probably a variant of Win32/TrojanClicker.Agent.NCZ trojan connection terminated - quarantined WONG-JZ5C7Z9HN9\sing Threat was detected upon access to web by the application: C:\Program Files\Internet Explorer\iexplore.exe.

2008/9/23 下午 05:20:38 HTTP filter file http://www.wowoyb.cn/888/124/fd33.exe probably a variant of Win32/TrojanDownloader.VB.NPP trojan connection terminated - quarantined WONG-JZ5C7Z9HN9\sing Threat was detected upon access to web by the application: C:\Program Files\Internet Explorer\iexplore.exe.

2008/9/23 下午 05:20:30 HTTP filter file http://www.wowoyb.cn/888/124/id6.exe probably a variant of Win32/Genetik trojan connection terminated - quarantined WONG-JZ5C7Z9HN9\sing Threat was detected upon access to web by the application: C:\Program Files\Internet Explorer\iexplore.exe.

2008/9/23 下午 05:20:03 HTTP filter file http://www.wowoyb.cn/888/124/1210.exe a variant of Win32/Adware.Cinmus application connection terminated - quarantined WONG-JZ5C7Z9HN9\sing Threat was detected upon access to web by the application: C:\Program Files\Internet Explorer\iexplore.exe.

2008/9/23 上午 09:16:46 HTTP filter file http://www.jbdying.cn/888/123/msn127.exe probably a variant of Win32/Adware.Cinmus application connection terminated - quarantined WONG-JZ5C7Z9HN9\sing Threat was detected upon access to web by the application: C:\Program Files\Internet Explorer\iexplore.exe.

2008/9/23 上午 09:16:41 HTTP filter file http://www.jbdying.cn/888/123/setup4.exe a variant of Win32/Agent.OCX trojan connection terminated - quarantined WONG-JZ5C7Z9HN9\sing Threat was detected upon access to web by the application: C:\Program Files\Internet Explorer\iexplore.exe.

2008/9/23 上午 09:16:37 HTTP filter file http://www.jbdying.cn/888/123/kunet.exe a variant of Win32/Adware.Cinmus application connection terminated - quarantined WONG-JZ5C7Z9HN9\sing Threat was detected upon access to web by the application: C:\Program Files\Internet Explorer\iexplore.exe.

2008/9/23 上午 09:16:31 HTTP filter file http://www.jbdying.cn/888/124/shishi.exe Win32/PSW.WOW.BZI trojan connection terminated - quarantined WONG-JZ5C7Z9HN9\sing Threat was detected upon access to web by the application: C:\Program Files\Internet Explorer\iexplore.exe.

2008/9/23 上午 09:16:28 HTTP filter file http://www.jbdying.cn/888/123/alexa.exe Win32/Agent.NXP trojan connection terminated - quarantined WONG-JZ5C7Z9HN9\sing Threat was detected upon access to web by the application: C:\Program Files\Internet Explorer\iexplore.exe.

2008/9/23 上午 09:16:17 HTTP filter file http://www.jbdying.cn/888/124/msn080.exe probably a variant of Win32/Adware.Cinmus application connection terminated - quarantined WONG-JZ5C7Z9HN9\sing Threat was detected upon access to web by the application: C:\Program Files\Internet Explorer\iexplore.exe.

2008/9/23 上午 09:16:14 HTTP filter file http://www.jbdying.cn/888/124/sychwqot.exe Win32/Agent.OES trojan connection terminated - quarantined WONG-JZ5C7Z9HN9\sing Threat was detected upon access to web by the application: C:\Program Files\Internet Explorer\iexplore.exe.

2008/9/23 上午 09:16:11 HTTP filter file http://www.jbdying.cn/888/124/Setup707.exe Win32/TrojanDownloader.Delf.OHF trojan connection terminated - quarantined WONG-JZ5C7Z9HN9\sing Threat was detected upon access to web by the application: C:\Program Files\Internet Explorer\iexplore.exe.

2008/9/23 上午 09:16:09 HTTP filter file http://www.jbdying.cn/888/124/fd33.exe probably a variant of Win32/TrojanDownloader.VB.NPP trojan connection terminated - quarantined WONG-JZ5C7Z9HN9\sing Threat was detected upon access to web by the application: C:\Program Files\Internet Explorer\iexplore.exe.

2008/9/23 上午 09:16:06 HTTP filter file http://www.jbdying.cn/888/124/id6.exe probably a variant of Win32/Genetik trojan connection terminated - quarantined WONG-JZ5C7Z9HN9\sing Threat was detected upon access to web by the application: C:\Program Files\Internet Explorer\iexplore.exe.

2008/9/23 上午 09:16:02 HTTP filter file http://www.jbdying.cn/888/124/3.exe probably a variant of Win32/TrojanClicker.Agent.NCZ trojan connection terminated - quarantined WONG-JZ5C7Z9HN9\sing Threat was detected upon access to web by the application: C:\Program Files\Internet Explorer\iexplore.exe.

2008/9/23 上午 08:19:38 Real-time file system protection file C:\System Volume Information\_restore{8FD5FE30-0414-4342-8479-72720F09D4AB}\RP347\A0298631.exe probably a variant of Win32/Adware.Cinmus application deleted - quarantined NT AUTHORITY\SYSTEM Event occurred on a file modified by the application: C:\WINDOWS\System32\svchost.exe.



實用相關搜尋: Spa

TOP

2008/9/22 下午 05:31:12 HTTP filter file http://www.jbdying.cn/888/124/ms6.exe probably a variant of Win32/PSW.OnLineGames.MUG trojan connection terminated - quarantined WONG-JZ5C7Z9HN9\sing Threat was detected upon access to web by the application: C:\Program Files\Internet Explorer\iexplore.exe.

2008/9/22 下午 05:31:06 HTTP filter file http://www.jbdying.cn/888/123/msn127.exe probably a variant of Win32/Adware.Cinmus application connection terminated - quarantined WONG-JZ5C7Z9HN9\sing Threat was detected upon access to web by the application: C:\Program Files\Internet Explorer\iexplore.exe.

2008/9/22 下午 05:30:56 HTTP filter file http://www.jbdying.cn/888/123/setup4.exe a variant of Win32/Agent.OCX trojan connection terminated - quarantined WONG-JZ5C7Z9HN9\sing Threat was detected upon access to web by the application: C:\Program Files\Internet Explorer\iexplore.exe.

2008/9/22 下午 05:30:54 Startup scanner file C:\WINDOWS\fd33.exe probably a variant of Win32/TrojanDownloader.VB.NPP trojan cleaned by deleting (after the next restart) - quarantined WONG-JZ5C7Z9HN9\sing

2008/9/22 下午 05:30:53 Startup scanner file C:\WINDOWS\3.exe probably a variant of Win32/TrojanClicker.Agent.NCZ trojan cleaned by deleting - quarantined WONG-JZ5C7Z9HN9\sing

2008/9/22 下午 05:30:52 Real-time file system protection file C:\Program Files\Microsoft Office\SYSTEM\31.exe a variant of Win32/Adware.Cinmus application cleaned by deleting - quarantined NT AUTHORITY\SYSTEM Event occurred on a new file created by the application: C:\WINDOWS\kunet.exe.

2008/9/22 下午 05:30:23 Real-time file system protection file C:\WINDOWS\kunet.exe a variant of Win32/Adware.Cinmus application  NT AUTHORITY\SYSTEM Event occurred on a new file created by the application: C:\program files\internet explorer\iexplore.exe.

2008/9/22 下午 05:30:08 Real-time file system protection file C:\Documents and Settings\sing\Local Settings\Temporary Internet Files\Content.IE5\1N3VPXWA\kunet[1].exe a variant of Win32/Adware.Cinmus application  NT AUTHORITY\SYSTEM Event occurred on a new file created by the application: C:\program files\internet explorer\iexplore.exe.

2008/9/22 下午 05:29:55 Real-time file system protection file C:\WINDOWS\system32\SiZhu.exe probably a variant of Win32/Genetik trojan cleaned by deleting - quarantined NT AUTHORITY\SYSTEM Event occurred on a new file created by the application: C:\WINDOWS\id6.exe.

2008/9/22 下午 05:29:30 Real-time file system protection file C:\WINDOWS\sebs\pbhealth.dll probably a variant of Win32/Adware.Cinmus application cleaned by deleting - quarantined NT AUTHORITY\SYSTEM Event occurred on a new file created by the application: C:\DOCUME~1\sing\LOCALS~1\Temp\2.exe.

2008/9/22 下午 05:29:20 Real-time file system protection file C:\WINDOWS\avtapit.dll Win32/Agent.NXP trojan cleaned by deleting - quarantined NT AUTHORITY\SYSTEM Event occurred on a new file created by the application: C:\WINDOWS\alexa.exe.

2008/9/22 下午 05:29:19 Real-time file system protection file C:\Documents and Settings\sing\Local Settings\Temporary Internet Files\Content.IE5\SP6NEPEL\shishi[1].exe Win32/PSW.WOW.BZI trojan cleaned by deleting - quarantined NT AUTHORITY\SYSTEM Event occurred on a new file created by the application: C:\program files\internet explorer\iexplore.exe.

2008/9/22 下午 05:29:10 Real-time file system protection file C:\DOCUME~1\sing\LOCALS~1\Temp\2.exe probably a variant of Win32/Adware.Cinmus application unable to clean NT AUTHORITY\SYSTEM Event occurred on a new file created by the application: C:\WINDOWS\msn080.exe.

2008/9/22 下午 05:29:01 Real-time file system protection file C:\WINDOWS\alexa.exe Win32/Agent.NXP trojan unable to clean NT AUTHORITY\SYSTEM Event occurred on a new file created by the application: C:\program files\internet explorer\iexplore.exe.

2008/9/22 下午 05:28:59 Real-time file system protection file C:\Documents and Settings\sing\Local Settings\Temporary Internet Files\Content.IE5\0B0VU3IR\alexa[1].exe Win32/Agent.NXP trojan unable to clean NT AUTHORITY\SYSTEM Event occurred on a new file created by the application: C:\program files\internet explorer\iexplore.exe.

2008/9/22 下午 05:28:52 Real-time file system protection file C:\WINDOWS\msn080.exe probably a variant of Win32/Adware.Cinmus application unable to clean NT AUTHORITY\SYSTEM Event occurred on a new file created by the application: C:\program files\internet explorer\iexplore.exe.

2008/9/22 下午 05:28:48 Real-time file system protection file C:\Documents and Settings\sing\Local Settings\Temporary Internet Files\Content.IE5\36KVZ9OT\msn080[1].exe probably a variant of Win32/Adware.Cinmus application unable to clean NT AUTHORITY\SYSTEM Event occurred on a new file created by the application: C:\program files\internet explorer\iexplore.exe.

2008/9/22 下午 05:28:44 Real-time file system protection file C:\WINDOWS\system32\sychost.exe Win32/TrojanClicker.Agent.NCZ trojan cleaned by deleting - quarantined NT AUTHORITY\SYSTEM Event occurred on a new file created by the application: C:\WINDOWS\3.exe.

2008/9/22 下午 05:28:31 Real-time file system protection file C:\WINDOWS\sychwqot.exe Win32/Agent.OES trojan cleaned by deleting - quarantined NT AUTHORITY\SYSTEM Event occurred during an attempt to run the file by the application: C:\WINDOWS\system32\dfajj32tmp0.exe.

2008/9/22 下午 05:28:31 Real-time file system protection file C:\WINDOWS\system32\sovlost.exe Win32/TrojanClicker.Agent.NCZ trojan cleaned by deleting - quarantined NT AUTHORITY\SYSTEM Event occurred on a new file created by the application: C:\WINDOWS\3.exe.

2008/9/22 下午 05:28:30 Real-time file system protection file C:\WINDOWS\sychwqot.exe Win32/Agent.OES trojan cleaned by deleting NT AUTHORITY\SYSTEM Event occurred during an attempt to run the file by the application: C:\WINDOWS\system32\dfajj32tmp0.exe.

2008/9/22 上午 08:05:10 HTTP filter file http://www.jbdying.cn/888/124/shishi.exe Win32/PSW.WOW.BZI trojan connection
terminated - quarantined WONG-JZ5C7Z9HN9\sing Threat was detected upon access to web by the application: C:\Program Files\Internet Explorer\iexplore.exe.

2008/9/22 上午 08:05:06 HTTP filter file http://www.jbdying.cn/888/124/msn080.exe probably a variant of Win32/Adware.Cinmus application connection terminated - quarantined WONG-JZ5C7Z9HN9\sing Threat was detected upon access to web by the application: C:\Program Files\Internet Explorer\iexplore.exe.

2008/9/22 上午 08:04:58 HTTP filter file http://www.jbdying.cn/888/124/sychwqot.exe Win32/Agent.OES trojan connection terminated - quarantined WONG-JZ5C7Z9HN9\sing Threat was detected upon access to web by the application: C:\Program Files\Internet Explorer\iexplore.exe.

2008/9/22 上午 08:04:53 HTTP filter file http://www.jbdying.cn/888/124/Setup707.exe Win32/TrojanDownloader.Delf.OHF trojan connection terminated - quarantined WONG-JZ5C7Z9HN9\sing Threat was detected upon access to web by the application: C:\Program Files\Internet Explorer\iexplore.exe.






TOP

2008/9/22 上午 08:04:29 HTTP filter file http://www.jbdying.cn/888/124/sachwqqp.exe a variant of Win32/AutoRun.YE worm connection terminated - quarantined WONG-JZ5C7Z9HN9\sing Threat was detected upon access to web by the application: C:\Program Files\Internet Explorer\iexplore.exe.


2008/9/21 下午 05:05:13 Real-time file system protection file C:\WINDOWS\sebs\pbhealth.dll probably a variant of Win32/Adware.Cinmus application cleaned by deleting - quarantined NT AUTHORITY\SYSTEM Event occurred on a new file created by the application: C:\DOCUME~1\sing\LOCALS~1\Temp\2.exe.

2008/9/21 下午 05:04:49 Real-time file system protection file C:\DOCUME~1\sing\LOCALS~1\Temp\2.exe probably a variant of Win32/Adware.Cinmus application  NT AUTHORITY\SYSTEM Event occurred on a new file created by the application: C:\WINDOWS\msn080.exe.


2008/9/21 下午 05:04:04 HTTP filter file http://www.jbdying.cn/888/124/shishi.exe Win32/PSW.WOW.BZI trojan connection terminated - quarantined WONG-JZ5C7Z9HN9\sing Threat was detected upon access to web by the application: C:\Program Files\Internet Explorer\iexplore.exe.

2008/9/21 下午 05:03:49 Real-time file system protection file C:\WINDOWS\msn080.exe probably a variant of Win32/Adware.Cinmus application  NT AUTHORITY\SYSTEM Event occurred on a new file created by the application: C:\program files\internet explorer\iexplore.exe.


2008/9/21 下午 05:03:42 Real-time file system protection file C:\Documents and Settings\sing\Local Settings\Temporary Internet Files\Content.IE5\S0KHON25\msn080[1].exe probably a variant of Win32/Adware.Cinmus application  NT AUTHORITY\SYSTEM Event occurred on a new file created by the application: C:\program files\internet explorer\iexplore.exe.

2008/9/21 下午 05:02:38 Startup scanner file C:\WINDOWS\qq01.exe Win32/TrojanClicker.Agent.NEM trojan cleaned by deleting - quarantined WONG-JZ5C7Z9HN9\sing


2008/9/21 下午 05:02:38 Real-time file system protection file C:\WINDOWS\system\zyndld32080920jt.dll a variant of Win32/Spy.Pophot trojan cleaned by deleting - quarantined NT AUTHORITY\SYSTEM Event occurred on a new file created by the application: C:\WINDOWS\sachwqqp.exe.

2008/9/21 下午 05:02:37 Real-time file system protection file C:\WINDOWS\system\zyndld32080920.dll a variant of Win32/Spy.Pophot trojan cleaned by deleting - quarantined NT AUTHORITY\SYSTEM Event occurred on a new file created by the application: C:\WINDOWS\sachwqqp.exe.


2008/9/21 下午 05:02:08 Real-time file system protection file C:\Documents and Settings\sing\Local Settings\Temporary Internet Files\Content.IE5\S0KHON25\sychwqot[1].exe Win32/Agent.OES trojan cleaned by deleting (after the next restart) - quarantined NT AUTHORITY\SYSTEM Event occurred on a new file created by the application: C:\program files\internet explorer\iexplore.exe.

2008/9/21 下午 05:02:07 Real-time file system protection file C:\WINDOWS\system32\sychost.exe Win32/TrojanClicker.Agent.NEM trojan cleaned by deleting - quarantined NT AUTHORITY\SYSTEM Event occurred on a new file created by the application: C:\WINDOWS\qq01.exe.


2008/9/21 下午 05:02:01 Real-time file system protection file C:\Documents and Settings\sing\Local Settings\Temporary Internet Files\Content.IE5\S0KHON25\Setup707[1].exe Win32/TrojanDownloader.Delf.OHF trojan cleaned by deleting (after the next restart) - quarantined NT AUTHORITY\SYSTEM Event occurred on a new file created by the application: C:\program files\internet explorer\iexplore.exe.2008/9/21 下午 05:02:00 Real-time file system protection file C:\WINDOWS\system\zyndld32080920.dll a variant of Win32/Spy.Pophot trojan cleaned by deleting - quarantined NT AUTHORITY\SYSTEM Event occurred on a new file created by the application: C:\WINDOWS\sachwqqp.exe.



實用相關搜尋: Spa

TOP

[隱藏]
2008/9/21 下午 05:01:44 Real-time file system protection file C:\WINDOWS\system\zyndle080920.exe a variant of Win32/AutoRun.YE worm cleaned by deleting - quarantined NT AUTHORITY\SYSTEM Event occurred on a new file created by the application: C:\WINDOWS\sachwqqp.exe.

2008/9/21 下午 05:01:42 Real-time file system protection file C:\WINDOWS\system32\Fserisy.sys Win32/TrojanClicker.Agent.NEM trojan cleaned by deleting - quarantined NT AUTHORITY\SYSTEM Event occurred on a new file created by the application: C:\WINDOWS\qq01.exe.

2008/9/21 下午 05:01:40 Real-time file system protection file C:\Documents and Settings\sing\Local Settings\Temporary Internet Files\Content.IE5\S0KHON25\oy8[1].exe probably a variant of Win32/TrojanDownloader.VB.NPP trojan cleaned by deleting - quarantined NT AUTHORITY\SYSTEM Event occurred on a new file created by the application: C:\program files\internet explorer\iexplore.exe.

2008/9/21 下午 05:01:33 Real-time file system protection file C:\WINDOWS\system32\ixplorer.exe Win32/TrojanClicker.Agent.NCZ trojan cleaned by deleting - quarantined NT AUTHORITY\SYSTEM Event occurred on a new file created by the application: C:\WINDOWS\qq01.exe.

2008/9/21 上午 11:04:38 HTTP filter file http://www.jbdying.cn/888/124/shishi.exe Win32/PSW.WOW.BZI trojan connection terminated - quarantined WONG-JZ5C7Z9HN9\sing Threat was detected upon access to web by the application: C:\Program Files\Internet Explorer\iexplore.exe.

2008/9/21 上午 11:04:32 HTTP filter file http://www.jbdying.cn/888/124/msn080.exe probably a variant of Win32/Adware.Cinmus application connection terminated - quarantined WONG-JZ5C7Z9HN9\sing Threat was detected upon access to web by the application: C:\Program Files\Internet Explorer\iexplore.exe.

2008/9/21 上午 11:04:23 HTTP filter file http://www.jbdying.cn/888/124/sychwqot.exe Win32/Agent.OES trojan connection terminated - quarantined WONG-JZ5C7Z9HN9\sing Threat was detected upon access to web by the application: C:\Program Files\Internet Explorer\iexplore.exe.

2008/9/21 上午 11:04:17 HTTP filter file http://www.jbdying.cn/888/124/Setup707.exe Win32/TrojanDownloader.Delf.OHF trojan connection terminated - quarantined WONG-JZ5C7Z9HN9\sing Threat was detected upon access to web by the application: C:\Program Files\Internet Explorer\iexplore.exe.

2008/9/21 上午 11:04:13 HTTP filter file http://www.jbdying.cn/888/124/oy8.exe probably a variant of Win32/TrojanDownloader.VB.NPP trojan connection terminated - quarantined WONG-JZ5C7Z9HN9\sing Threat was detected upon access to web by the application: C:\Program Files\Internet Explorer\iexplore.exe.

2008/9/21 上午 11:04:10 Real-time file system protection file C:\Documents and Settings\sing\Local Settings\Temporary Internet Files\Content.IE5\EHJW1G7Q\qq05[1].exe Win32/TrojanClicker.Agent.NEM trojan cleaned by deleting - quarantined NT AUTHORITY\SYSTEM Event occurred during an attempt to access the file by the application: C:\program files\internet explorer\iexplore.exe.

2008/9/21 上午 11:04:10 HTTP filter file http://www.jbdying.cn/888/124/sachwqqp.exe a variant of Win32/AutoRun.YE worm connection terminated - quarantined WONG-JZ5C7Z9HN9\sing Threat was detected upon access to web by the application: C:\Program Files\Internet Explorer\iexplore.exe.

2008/9/21 上午 11:04:02 HTTP filter file http://www.jbdying.cn/888/124/qq05.exe Win32/TrojanClicker.Agent.NEM trojan connection terminated - quarantined WONG-JZ5C7Z9HN9\sing Threat was detected upon access to web by the application: C:\Program Files\Internet Explorer\iexplore.exe.

2008/9/20 下午 08:19:17 HTTP filter file http://www.jbdying.cn/888/124/msn080.exe probably a variant of Win32/Adware.Cinmus application connection terminated - quarantined WONG-JZ5C7Z9HN9\sing Threat was detected upon access to web by the application: C:\Program Files\Internet Explorer\iexplore.exe.

2008/9/20 下午 08:19:09 HTTP filter file http://www.jbdying.cn/888/124/shishi.exe Win32/PSW.WOW.BZI trojan connection terminated - quarantined WONG-JZ5C7Z9HN9\sing Threat was detected upon access to web by the application: C:\Program Files\Internet Explorer\iexplore.exe.

2008/9/20 下午 08:19:03 HTTP filter file http://www.jbdying.cn/888/124/sychwqot.exe Win32/Agent.OES trojan connection terminated - quarantined WONG-JZ5C7Z9HN9\sing Threat was detected upon access to web by the application: C:\Program Files\Internet Explorer\iexplore.exe.

2008/9/20 下午 08:18:42 HTTP filter file http://www.jbdying.cn/888/124/Setup707.exe Win32/TrojanDownloader.Delf.OHF trojan connection terminated - quarantined WONG-JZ5C7Z9HN9\sing Threat was detected upon access to web by the application: C:\Program Files\Internet Explorer\iexplore.exe.

2008/9/20 下午 08:18:33 HTTP filter file http://www.jbdying.cn/888/124/qq05.exe Win32/TrojanClicker.Agent.NEM trojan connection terminated - quarantined WONG-JZ5C7Z9HN9\sing Threat was detected upon access to web by the application: C:\Program Files\Internet Explorer\iexplore.exe.

2008/9/20 下午 08:18:28 HTTP filter file http://www.jbdying.cn/888/124/sachwqqp.exe a variant of Win32/AutoRun.YE worm connection terminated - quarantined WONG-JZ5C7Z9HN9\sing Threat was detected upon access to web by the application: C:\Program Files\Internet Explorer\iexplore.exe.

2008/9/20 下午 08:18:19 HTTP filter file http://www.jbdying.cn/888/124/fmxi22.exe probably a variant of Win32/TrojanDownloader.VB.NPP trojan connection terminated - quarantined WONG-JZ5C7Z9HN9\sing Threat was detected upon access to web by the application: C:\Program Files\Internet Explorer\iexplore.exe.



實用相關搜尋: Spa

TOP

宜家連顯示都有問題,

2008/9/24 上午 08:48:57 HTTP filter file http://www.wowoyb.cn/888/124/myself.exe a variant of Win32/Spy.Pophot trojan connection terminated - quarantined WONG-JZ5C7Z9HN9\sing Threat was detected upon access to web by the application: C:\Program Files\Internet Explorer\iexplore.exe.
2008/9/24 上午 08:48:43 HTTP filter file http://www.wowoyb.cn/888/124/7008.exe a variant of Win32/Agent.OCX trojan connection terminated - quarantined WONG-JZ5C7Z9HN9\sing Threat was detected upon access to web by the application: C:\Program Files\Internet Explorer\iexplore.exe.
2008/9/24 上午 08:48:39 HTTP filter file http://www.wowoyb.cn/888/123/setup4.exe a variant of Win32/Agent.OCX trojan connection terminated - quarantined WONG-JZ5C7Z9HN9\sing Threat was detected upon access to web by the application: C:\Program Files\Internet Explorer\iexplore.exe.
2008/9/24 上午 08:48:33 HTTP filter file http://www.wowoyb.cn/888/123/kunet.exe a variant of Win32/Adware.Cinmus application connection terminated - quarantined WONG-JZ5C7Z9HN9\sing Threat was detected upon access to web by the application: C:\Program Files\Internet Explorer\iexplore.exe.
2008/9/24 上午 08:48:20 HTTP filter file http://www.wowoyb.cn/888/124/shishi.exe Win32/PSW.WOW.BZI trojan connection terminated - quarantined WONG-JZ5C7Z9HN9\sing Threat was detected upon access to web by the application: C:\Program Files\Internet Explorer\iexplore.exe.
2008/9/24 上午 08:48:14 HTTP filter file http://www.wowoyb.cn/888/123/alexa.exe Win32/Agent.NXP trojan connection terminated - quarantined WONG-JZ5C7Z9HN9\sing Threat was detected upon access to web by the application: C:\Program Files\Internet Explorer\iexplore.exe.
2008/9/24 上午 08:48:08 HTTP filter file http://www.wowoyb.cn/888/124/msn080.exe probably a variant of Win32/Adware.Cinmus application connection terminated - quarantined WONG-JZ5C7Z9HN9\sing Threat was detected upon access to web by the application: C:\Program Files\Internet Explorer\iexplore.exe.
2008/9/24 上午 08:48:01 HTTP filter file http://www.wowoyb.cn/888/124/sychwqot.exe Win32/Agent.OES trojan connection terminated - quarantined WONG-JZ5C7Z9HN9\sing Threat was detected upon access to web by the application: C:\Program Files\Internet Explorer\iexplore.exe.
2008/9/24 上午 08:47:56 HTTP filter file http://www.wowoyb.cn/888/124/Setup707.exe Win32/TrojanDownloader.Delf.OHF trojan connection terminated - quarantined WONG-JZ5C7Z9HN9\sing Threat was detected upon access to web by the application: C:\Program Files\Internet Explorer\iexplore.exe.
2008/9/24 上午 08:47:52 HTTP filter file http://www.wowoyb.cn/888/124/3.exe probably a variant of Win32/TrojanClicker.Agent.NCZ trojan connection terminated - quarantined WONG-JZ5C7Z9HN9\sing Threat was detected upon access to web by the application: C:\Program Files\Internet Explorer\iexplore.exe.
2008/9/24 上午 08:47:44 HTTP filter file http://www.wowoyb.cn/888/124/shostt.exe probably a variant of Win32/TrojanDownloader.VB.NPP trojan connection terminated - quarantined WONG-JZ5C7Z9HN9\sing Threat was detected upon access to web by the application: C:\Program Files\Internet Explorer\iexplore.exe.
2008/9/24 上午 08:47:38 HTTP filter file http://www.wowoyb.cn/888/124/id6.exe probably a variant of Win32/Genetik trojan connection terminated - quarantined WONG-JZ5C7Z9HN9\sing Threat was detected upon access to web by the application: C:\Program Files\Internet Explorer\iexplore.exe.
2008/9/24 上午 08:47:30 HTTP filter file http://www.wowoyb.cn/888/124/1210.exe a variant of Win32/Adware.Cinmus application connection terminated - quarantined WONG-JZ5C7Z9HN9\sing Threat was detected upon access to web by the application: C:\Program Files\Internet Explorer\iexplore.exe.



實用相關搜尋: Spa

TOP

2008/9/24 下午 05:49:59        Real-time file system protection        file        C:\Documents and Settings\sing\Local Settings\Temporary Internet Files\Content.IE5\O3ZVYG1H\msn127[1].exe        probably a variant of Win32/Adware.Cinmus application        deleted (after the next restart) - quarantined        NT AUTHORITY\SYSTEM        Event occurred on a new file created by the application: C:\program files\internet explorer\iexplore.exe.
2008/9/24 下午 05:49:50        Real-time file system protection        file        C:\WINDOWS\setup4.exe        a variant of Win32/Agent.OCX trojan        cleaned by deleting - quarantined        NT AUTHORITY\SYSTEM        Event occurred on a new file created by the application: C:\program files\internet explorer\iexplore.exe.
2008/9/24 下午 05:49:49        Real-time file system protection        file        C:\Documents and Settings\sing\Local Settings\Temporary Internet Files\Content.IE5\O3ZVYG1H\setup4[1].exe        a variant of Win32/Agent.OCX trojan        cleaned by deleting (after the next restart) - quarantined        NT AUTHORITY\SYSTEM        Event occurred on a new file created by the application: C:\program files\internet explorer\iexplore.exe.
2008/9/24 下午 05:49:44        Real-time file system protection        file        C:\Documents and Settings\sing\Local Settings\Temporary Internet Files\Content.IE5\O3ZVYG1H\kunet[1].exe        a variant of Win32/Adware.Cinmus application        deleted (after the next restart) - quarantined        NT AUTHORITY\SYSTEM        Event occurred on a new file created by the application: C:\program files\internet explorer\iexplore.exe.
2008/9/24 下午 05:49:33        Real-time file system protection        file        C:\Documents and Settings\sing\Local Settings\Temporary Internet Files\Content.IE5\O3ZVYG1H\shishi[1].exe        Win32/PSW.WOW.BZI trojan        cleaned by deleting (after the next restart) - quarantined        NT AUTHORITY\SYSTEM        Event occurred on a new file created by the application: C:\program files\internet explorer\iexplore.exe.
2008/9/24 下午 05:49:29        Real-time file system protection        file        C:\Documents and Settings\sing\Local Settings\Temporary Internet Files\Content.IE5\O3ZVYG1H\alexa[1].exe        Win32/Agent.NXP trojan        deleted (after the next restart) - quarantined        NT AUTHORITY\SYSTEM        Event occurred on a new file created by the application: C:\program files\internet explorer\iexplore.exe.
2008/9/24 下午 05:49:23        Real-time file system protection        file        C:\Documents and Settings\sing\Local Settings\Temporary Internet Files\Content.IE5\O3ZVYG1H\msn080[1].exe        probably a variant of Win32/Adware.Cinmus application        deleted (after the next restart) - quarantined        NT AUTHORITY\SYSTEM        Event occurred on a new file created by the application: C:\program files\internet explorer\iexplore.exe.
2008/9/24 下午 05:49:12        Real-time file system protection        file        C:\Documents and Settings\sing\Local Settings\Temporary Internet Files\Content.IE5\1N3VPXWA\sychwqot[1].exe        Win32/Agent.OES trojan        cleaned by deleting - quarantined        NT AUTHORITY\SYSTEM        Event occurred on a new file created by the application: C:\program files\internet explorer\iexplore.exe.
2008/9/24 下午 05:49:05        Real-time file system protection        file        C:\Documents and Settings\sing\Local Settings\Temporary Internet Files\Content.IE5\C1QR016J\3[1].exe        probably a variant of Win32/TrojanClicker.Agent.NCZ trojan        cleaned by deleting (after the next restart) - quarantined        NT AUTHORITY\SYSTEM        Event occurred on a new file created by the application: C:\program files\internet explorer\iexplore.exe.
2008/9/24 下午 05:48:54        Real-time file system protection        file        C:\Documents and Settings\sing\Local Settings\Temporary Internet Files\Content.IE5\C1QR016J\shostt[1].exe        probably a variant of Win32/TrojanDownloader.VB.NPP trojan        cleaned by deleting - quarantined        NT AUTHORITY\SYSTEM        Event occurred on a new file created by the application: C:\program files\internet explorer\iexplore.exe.
2008/9/24 下午 05:48:48        Real-time file system protection        file        C:\Documents and Settings\sing\Local Settings\Temporary Internet Files\Content.IE5\C1QR016J\id6[1].exe        probably a variant of Win32/Genetik trojan        cleaned by deleting (after the next restart) - quarantined        NT AUTHORITY\SYSTEM        Event occurred on a new file created by the application: C:\program files\internet explorer\iexplore.exe.
2008/9/24 下午 05:48:41        Real-time file system protection        file        C:\Documents and Settings\sing\Local Settings\Temporary Internet Files\Content.IE5\W123C5QB\Setup707[1].exe        Win32/TrojanDownloader.Delf.OHF trojan        cleaned by deleting (after the next restart) - quarantined        NT AUTHORITY\SYSTEM        Event occurred on a new file created by the application: C:\program files\internet explorer\iexplore.exe.
2008/9/24 下午 02:56:07        HTTP filter        file        http://www.hyfw99.cn/124/33554351.exe        Win32/Adware.Zhongsou application        connection terminated - quarantined        WONG-JZ5C7Z9HN9\sing        Threat was detected upon access to web by the application: C:\Program Files\Internet Explorer\iexplore.exe.
2008/9/24 下午 02:55:51        HTTP filter        file        http://www.wowoyb.cn/888/124/7008.exe        a variant of Win32/Agent.OCX trojan        connection terminated - quarantined        WONG-JZ5C7Z9HN9\sing        Threat was detected upon access to web by the application: C:\Program Files\Internet Explorer\iexplore.exe.
2008/9/24 下午 02:55:34        HTTP filter        file        http://www.hyfw99.cn/123/msn127.exe        probably a variant of Win32/Adware.Cinmus application        connection terminated - quarantined        WONG-JZ5C7Z9HN9\sing        Threat was detected upon access to web by the application: C:\Program Files\Internet Explorer\iexplore.exe.
2008/9/24 下午 02:55:16        HTTP filter        file        http://www.wowoyb.cn/888/123/setup4.exe        a variant of Win32/Agent.OCX trojan        connection terminated - quarantined        WONG-JZ5C7Z9HN9\sing        Threat was detected upon access to web by the application: C:\Program Files\Internet Explorer\iexplore.exe.



實用相關搜尋: Spa

TOP

2008/9/24 下午 02:54:55 HTTP filter file http://www.hyfw99.cn/123/kunet.exe a variant of Win32/Adware.Cinmus application connection terminated - quarantined WONG-JZ5C7Z9HN9\sing Threat was detected upon access to web by the application: C:\Program Files\Internet Explorer\iexplore.exe.
2008/9/24 下午 02:54:28 HTTP filter file http://www.wowoyb.cn/888/124/shishi.exe Win32/PSW.WOW.BZI trojan connection terminated - quarantined WONG-JZ5C7Z9HN9\sing Threat was detected upon access to web by the application: C:\Program Files\Internet Explorer\iexplore.exe.
2008/9/24 下午 02:52:48 HTTP filter file http://www.hyfw99.cn/124/msn080.exe probably a variant of Win32/Adware.Cinmus application connection terminated - quarantined WONG-JZ5C7Z9HN9\sing Threat was detected upon access to web by the application: C:\Program Files\Internet Explorer\iexplore.exe.
2008/9/24 下午 02:52:21 HTTP filter file http://www.wowoyb.cn/888/124/sychwqot.exe Win32/Agent.OES trojan connection terminated - quarantined WONG-JZ5C7Z9HN9\sing Threat was detected upon access to web by the application: C:\Program Files\Internet Explorer\iexplore.exe.
2008/9/24 下午 02:52:01 HTTP filter file http://www.hyfw99.cn/124/1210.exe a variant of Win32/Adware.Cinmus application connection terminated - quarantined WONG-JZ5C7Z9HN9\sing Threat was detected upon access to web by the application: C:\Program Files\Internet Explorer\iexplore.exe.
2008/9/24 下午 02:50:41 HTTP filter file http://www.wowoyb.cn/888/124/3.exe probably a variant of Win32/TrojanClicker.Agent.NCZ trojan connection terminated - quarantined WONG-JZ5C7Z9HN9\sing Threat was detected upon access to web by the application: C:\Program Files\Internet Explorer\iexplore.exe.
2008/9/24 下午 02:49:49 HTTP filter file http://www.hyfw99.cn/124/shostt.exe probably a variant of Win32/TrojanDownloader.VB.NPP trojan connection terminated - quarantined WONG-JZ5C7Z9HN9\sing Threat was detected upon access to web by the application: C:\Program Files\Internet Explorer\iexplore.exe.
2008/9/24 下午 02:49:23 HTTP filter file http://www.hyfw99.cn/124/id6.exe probably a variant of Win32/Genetik trojan connection terminated - quarantined WONG-JZ5C7Z9HN9\sing Threat was detected upon access to web by the application: C:\Program Files\Internet Explorer\iexplore.exe.
2008/9/24 下午 02:48:53 HTTP filter file http://www.hyfw99.cn/124/Setup707.exe Win32/TrojanDownloader.Delf.OHF trojan connection terminated - quarantined WONG-JZ5C7Z9HN9\sing Threat was detected upon access to web by the application: C:\Program Files\Internet Explorer\iexplore.exe.
2008/9/24 上午 11:48:49 HTTP filter file http://www.wowoyb.cn/888/123/setup4.exe a variant of Win32/Agent.OCX trojan connection terminated - quarantined WONG-JZ5C7Z9HN9\sing Threat was detected upon access to web by the application: C:\Program Files\Internet Explorer\iexplore.exe.
2008/9/24 上午 11:48:43 HTTP filter file http://www.wowoyb.cn/888/124/shishi.exe Win32/PSW.WOW.BZI trojan connection terminated - quarantined WONG-JZ5C7Z9HN9\sing Threat was detected upon access to web by the application: C:\Program Files\Internet Explorer\iexplore.exe.
2008/9/24 上午 11:48:37 HTTP filter file http://www.wowoyb.cn/888/124/shishi.exe Win32/PSW.WOW.BZI trojan connection terminated - quarantined WONG-JZ5C7Z9HN9\sing Threat was detected upon access to web by the application: C:\Program Files\Internet Explorer\iexplore.exe.
2008/9/24 上午 11:48:32 HTTP filter file http://www.wowoyb.cn/888/123/alexa.exe Win32/Agent.NXP trojan connection terminated - quarantined WONG-JZ5C7Z9HN9\sing Threat was detected upon access to web by the application: C:\Program Files\Internet Explorer\iexplore.exe.
2008/9/24 上午 11:48:24 HTTP filter file http://www.hyfw99.cn/888/124/msn080.exe probably a variant of Win32/Adware.Cinmus application connection terminated - quarantined WONG-JZ5C7Z9HN9\sing Threat was detected upon access to web by the application: C:\Program Files\Internet Explorer\iexplore.exe.
2008/9/24 上午 11:48:18 HTTP filter file http://www.wowoyb.cn/888/124/sychwqot.exe Win32/Agent.OES trojan connection terminated - quarantined WONG-JZ5C7Z9HN9\sing Threat was detected upon access to web by the application: C:\Program Files\Internet Explorer\iexplore.exe.
2008/9/24 上午 11:48:08 HTTP filter file http://www.wowoyb.cn/888/124/3.exe probably a variant of Win32/TrojanClicker.Agent.NCZ trojan connection terminated - quarantined WONG-JZ5C7Z9HN9\sing Threat was detected upon access to web by the application: C:\Program Files\Internet Explorer\iexplore.exe.
2008/9/24 上午 11:48:04 HTTP filter file http://www.wowoyb.cn/888/124/sychwqot.exe Win32/Agent.OES trojan connection terminated - quarantined WONG-JZ5C7Z9HN9\sing Threat was detected upon access to web by the application: C:\Program Files\Internet Explorer\iexplore.exe.
2008/9/24 上午 11:47:50 HTTP filter file http://www.wowoyb.cn/888/124/3.exe probably a variant of Win32/TrojanClicker.Agent.NCZ trojan connection terminated - quarantined WONG-JZ5C7Z9HN9\sing Threat was detected upon access to web by the application: C:\Program Files\Internet Explorer\iexplore.exe.
2008/9/24 上午 11:47:50 HTTP filter file http://www.hyfw99.cn/888/124/Setup707.exe Win32/TrojanDownloader.Delf.OHF trojan connection terminated - quarantined WONG-JZ5C7Z9HN9\sing Threat was detected upon access to web by the application: C:\Program Files\Internet Explorer\iexplore.exe.
2008/9/24 上午 11:47:23 HTTP filter file http://www.hyfw99.cn/888/124/Setup707.exe Win32/TrojanDownloader.Delf.OHF trojan connection terminated - quarantined WONG-JZ5C7Z9HN9\sing Threat was detected upon access to web by the application: C:\Program Files\Internet Explorer\iexplore.exe.






TOP

Step: Download & RUN ComboFix


Step: Report Back

  • 貼上 以下報告
  • 如果報告太長,可以上傳到 這裡

  • ComboFix 掃描報告 {C:\ComboFix.txt}


    實用相關搜尋: Spa

TOP

已經上傳
http://www.sendspace.com/file/3pn5at



實用相關搜尋: Spa

TOP

hijackthis已能使用




Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 上午 01:19:14, on 2008/9/27
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\conime.exe
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe
C:\WINDOWS\vsnpstd.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Google\Google Updater\GoogleUpdater.exe
C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\WINDOWS\system32\slserv.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\MSN Messenger\usnsvc.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R3 - URLSearchHook: Yahoo! 工具列 - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Thunder AtOnce - {01443AEC-0FD1-40fd-9C87-E93D1494C233} - C:\Program Files\Thunder Network\Thunder\ComDlls\TDAtOnce_Now.dll (file missing)
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: QQIEHelper - {54EBD53A-9BC1-480B-966A-843A333CA162} - C:\Program Files\Tencent\QQ\QQIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\3.1.807.1746\swg.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: Yahoo! 工具列 - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [IMJPMIG8.1] C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [CJIMETIPSYNC] C:\Program Files\Common Files\Microsoft Shared\IME\IMTC65\CHANGJIE\CINTLCFG.EXE /CJIMETIPSync
O4 - HKLM\..\Run: [PHIMETIPSYNC] C:\Program Files\Common Files\Microsoft Shared\IME\IMTC65\PHONETIC\TINTLCFG.EXE /PHIMETIPSync
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe"  -osboot
O4 - HKLM\..\Run: [egui] "C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe" /hide /waitservice
O4 - HKLM\..\Run: [snpstd] C:\WINDOWS\vsnpstd.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKUS\S-1-5-19\..\Run: [ctfmon.exe] C:\WINDOWS\System32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [ctfmon.exe] C:\WINDOWS\System32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [ctfmon.exe] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [ctfmon.exe] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O8 - Extra context menu item: Foxy 下載 - res://C:\Program Files\Foxy\Foxy.exe/download.htm
O8 - Extra context menu item: Foxy 搜尋 - res://C:\Program Files\Foxy\Foxy.exe/search.htm
O8 - Extra context menu item: 上傳到QQ網路硬碟 - C:\Program Files\Tencent\QQ\AddToNetDisk.htm
O8 - Extra context menu item: 使用 BitSpirit 下載(&B) - C:\Program Files\BitSpirit\bsurl.htm
O8 - Extra context menu item: 使用迅雷下載 - C:\Program Files\Thunder Network\Thunder\Program\geturl.htm
O8 - Extra context menu item: 使用迅雷下載全部鏈接 - C:\Program Files\Thunder Network\Thunder\Program\getallurl.htm
O8 - Extra context menu item: 匯出至 Microsoft Office Excel(&X) - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: 新增到QQ自定義面板 - C:\Program Files\Tencent\QQ\AddPanel.htm
O8 - Extra context menu item: 新增到QQ表情 - C:\Program Files\Tencent\QQ\AddEmotion.htm
O8 - Extra context menu item: 氝樓善QQ桶① - C:\Program Files\Tencent\QQ\AddEmotion.htm
O8 - Extra context menu item: 添加到AMV視頻轉換工具... - C:\Program Files\MP3播放器管理工具 4.13\AMVConverter\grab.html
O8 - Extra context menu item: 添加到QQ自定義面板 - C:\Program Files\Tencent\QQ\AddPanel.htm
O8 - Extra context menu item: 添加到QQ表情 - C:\Program Files\Tencent\QQ\AddEmotion.htm
O8 - Extra context menu item: 添加到媒體管理器... - C:\Program Files\MP3播放器管理工具 4.13\MediaManager\grab.html
O8 - Extra context menu item: 用QQ MMS傳送該圖片 - C:\Program Files\Tencent\QQ\SendMMS.htm
O8 - Extra context menu item: 用QQ彩信發送該圖片 - C:\Program Files\Tencent\QQ\SendMMS.htm
O8 - Extra context menu item: 設為 Messenger Live 頭像 - \SetMSNDP.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java 主控台 - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: (no name) - {09BA8F6D-CB54-424B-839C-C2A6C8E6B436} - (no file)
O9 - Extra button: 參考資料 - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: QQ - {c95fe080-8f5d-11d2-a20b-00aa003c157b} - C:\Program Files\Tencent\QQ\QQ.EXE
O9 - Extra 'Tools' menuitem: 騰訊QQ - {c95fe080-8f5d-11d2-a20b-00aa003c157b} - C:\Program Files\Tencent\QQ\QQ.EXE
O9 - Extra button: (no name) - {DEDEB80D-FA35-45d9-9460-4983E5A8AFE6} - C:\Program Files\Tencent\QQ\QQIEHelper.dll
O9 - Extra 'Tools' menuitem: QQ嚃粗馱撿沭扢离 - {DEDEB80D-FA35-45d9-9460-4983E5A8AFE6} - C:\Program Files\Tencent\QQ\QQIEHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O15 - ESC Trusted Zone: http://*.update.microsoft.com
O16 - DPF: Yahoo! Pool 2 - http://origin.games.yahoo.net/games/clients/y/poti_x.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} (YInstStarter Class) - http://us.dl1.yimg.com/download.yahoo.com/dl/installs/yinst20040510.cab
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/ZH-HK/a-UNO1/GAME_UNO1.cab
O16 - DPF: {BDBDE413-7B1C-4C68-A8FF-C5B2B4090876} (F-Secure Online Scanner 3.3) - http://support.f-secure.com/ols/fscax.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab56986.cab
O16 - DPF: {F8C5C0F1-D884-43EB-A5A0-9E1C4A102FA8} (GoPetsWeb Control) - https://secure.gopetslive.com/dev/GoPetsWeb.cab
O23 - Service: Eset HTTP Server (EhttpSrv) - Unknown owner - C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe
O23 - Service: Eset Service (ekrn) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: SmartLinkService (SLService) - Smart Link - C:\WINDOWS\SYSTEM32\slserv.exe
O23 - Service: windows NT - Unknown owner - C:\WINDOWS\setup.exe (file missing)
--
End of file - 8722 bytes



實用相關搜尋: Spa Server Java Microsoft google yahoo

TOP

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 下午 12:04:14, on 2008/9/28
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Safe mode with network support

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R3 - URLSearchHook: Yahoo! 工具列 - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Thunder AtOnce - {01443AEC-0FD1-40fd-9C87-E93D1494C233} - C:\Program Files\Thunder Network\Thunder\ComDlls\TDAtOnce_Now.dll (file missing)
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: QQIEHelper - {54EBD53A-9BC1-480B-966A-843A333CA162} - C:\Program Files\Tencent\QQ\QQIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\3.1.807.1746\swg.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: Yahoo! 工具列 - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [IMJPMIG8.1] C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [CJIMETIPSYNC] C:\Program Files\Common Files\Microsoft Shared\IME\IMTC65\CHANGJIE\CINTLCFG.EXE /CJIMETIPSync
O4 - HKLM\..\Run: [PHIMETIPSYNC] C:\Program Files\Common Files\Microsoft Shared\IME\IMTC65\PHONETIC\TINTLCFG.EXE /PHIMETIPSync
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe"  -osboot
O4 - HKLM\..\Run: [egui] "C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe" /hide /waitservice
O4 - HKLM\..\Run: [snpstd] C:\WINDOWS\vsnpstd.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKUS\S-1-5-19\..\Run: [ctfmon.exe] C:\WINDOWS\System32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [ctfmon.exe] C:\WINDOWS\System32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [ctfmon.exe] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [ctfmon.exe] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O8 - Extra context menu item: Foxy 下載 - res://C:\Program Files\Foxy\Foxy.exe/download.htm
O8 - Extra context menu item: Foxy 搜尋 - res://C:\Program Files\Foxy\Foxy.exe/search.htm
O8 - Extra context menu item: 上傳到QQ網路硬碟 - C:\Program Files\Tencent\QQ\AddToNetDisk.htm
O8 - Extra context menu item: 使用 BitSpirit 下載(&B) - C:\Program Files\BitSpirit\bsurl.htm
O8 - Extra context menu item: 使用迅雷下載 - C:\Program Files\Thunder Network\Thunder\Program\geturl.htm
O8 - Extra context menu item: 使用迅雷下載全部鏈接 - C:\Program Files\Thunder Network\Thunder\Program\getallurl.htm
O8 - Extra context menu item: 匯出至 Microsoft Office Excel(&X) - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: 新增到QQ自定義面板 - C:\Program Files\Tencent\QQ\AddPanel.htm
O8 - Extra context menu item: 新增到QQ表情 - C:\Program Files\Tencent\QQ\AddEmotion.htm
O8 - Extra context menu item: 氝樓善QQ桶① - C:\Program Files\Tencent\QQ\AddEmotion.htm
O8 - Extra context menu item: 添加到AMV視頻轉換工具... - C:\Program Files\MP3播放器管理工具 4.13\AMVConverter\grab.html
O8 - Extra context menu item: 添加到QQ自定義面板 - C:\Program Files\Tencent\QQ\AddPanel.htm
O8 - Extra context menu item: 添加到QQ表情 - C:\Program Files\Tencent\QQ\AddEmotion.htm
O8 - Extra context menu item: 添加到媒體管理器... - C:\Program Files\MP3播放器管理工具 4.13\MediaManager\grab.html
O8 - Extra context menu item: 用QQ MMS傳送該圖片 - C:\Program Files\Tencent\QQ\SendMMS.htm
O8 - Extra context menu item: 用QQ彩信發送該圖片 - C:\Program Files\Tencent\QQ\SendMMS.htm
O8 - Extra context menu item: 設為 Messenger Live 頭像 - \SetMSNDP.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java 主控台 - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: (no name) - {09BA8F6D-CB54-424B-839C-C2A6C8E6B436} - (no file)
O9 - Extra button: 參考資料 - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: QQ - {c95fe080-8f5d-11d2-a20b-00aa003c157b} - C:\Program Files\Tencent\QQ\QQ.EXE
O9 - Extra 'Tools' menuitem: 騰訊QQ - {c95fe080-8f5d-11d2-a20b-00aa003c157b} - C:\Program Files\Tencent\QQ\QQ.EXE
O9 - Extra button: (no name) - {DEDEB80D-FA35-45d9-9460-4983E5A8AFE6} - C:\Program Files\Tencent\QQ\QQIEHelper.dll
O9 - Extra 'Tools' menuitem: QQ嚃粗馱撿沭扢离 - {DEDEB80D-FA35-45d9-9460-4983E5A8AFE6} - C:\Program Files\Tencent\QQ\QQIEHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O15 - ESC Trusted Zone: http://*.update.microsoft.com
O16 - DPF: Yahoo! Pool 2 - http://origin.games.yahoo.net/games/clients/y/poti_x.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} (YInstStarter Class) - http://us.dl1.yimg.com/download. ... s/yinst20040510.cab
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/ZH-HK/a-UNO1/GAME_UNO1.cab
O16 - DPF: {BDBDE413-7B1C-4C68-A8FF-C5B2B4090876} (F-Secure Online Scanner 3.3) - http://support.f-secure.com/ols/fscax.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/bi ... Client.cab56907.cab
O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab56986.cab
O16 - DPF: {F8C5C0F1-D884-43EB-A5A0-9E1C4A102FA8} (GoPetsWeb Control) - https://secure.gopetslive.com/dev/GoPetsWeb.cab
O23 - Service: Eset HTTP Server (EhttpSrv) - Unknown owner - C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe
O23 - Service: Eset Service (ekrn) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: SmartLinkService (SLService) - Smart Link - C:\WINDOWS\SYSTEM32\slserv.exe
O23 - Service: windows NT - Unknown owner - C:\WINDOWS\setup.exe (file missing)

--
End of file - 7998 bytes



實用相關搜尋: Spa Server Java Microsoft google yahoo

TOP

Step: CFScript

  • 開啟記事本,貼上以下內容

    Driver::
    ostsxl
    zxqjzx
    windows NT
    File::
    C:\WINDOWS\dz37.exe
    C:\WINDOWS\setup4.exe
    C:\WINDOWS\system32\drivers\ostsxl.sys
    C:\WINDOWS\setup707.exe
    C:\WINDOWS\system32\dfajj32tmp3.exe
    C:\WINDOWS\system32\cfl_Info.nt
    C:\WINDOWS\fd33.exe
    C:\WINDOWS\system32\tebiurecs.ve
    C:\WINDOWS\ms6.exe
    C:\WINDOWS\sachwqqp.exe
    C:\WINDOWS\fmxi22.exe
    C:\WINDOWS\x1.exe
    C:\WINDOWS\system32\WinDll.dll
    C:\WINDOWS\system32\.ijkgtj.dll
    C:\Program Files\bjifays.inf
    Registry::
    [-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{459c04f6-8179-11dd-86b9-0010b5e769a7}]
    [-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{97ac4b96-781e-11dd-86a6-0010b5e769a7}]
    [-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{d2f38d67-690f-11dc-82c6-0010b5e769a7}]


  • 儲存--->存檔類型--->所有檔案-->檔名輸入為 CFScript.txt
  • 把CFScript.txt 拉到 ComboxFix.exe

  • ComboxFix 將會被執行
  • 執行完會有報告於C:\ComboFix.txt.


Step: Report Back

  • 貼上 以下報告
  • 如果報告太長,可以上傳到 這裡

  • ComboFix 掃描報告 {C:\ComboFix.txt}






TOP

已經上傳了
http://www.sendspace.com/file/u7hvax



實用相關搜尋: Spa

TOP

[隱藏]
Step: Clean Out ComboFix Backup

  • 開始>執行> 打入 combofix /u >確定


Step: Scan with Kaspersky


Step: Report Back

  • 貼上 以下報告
  • 如果報告太長,可以上傳到 這裡

  • Kaspersky Online Scanner 掃描報告


    實用相關搜尋: Spa

TOP

伸延閱讀
 提示:支持鍵盤翻頁 ←左 右→ 發新話題發佈投票

重要聲明:本討論區是以即時上載留言的方式運作,香港討論區對所有留言的真實性、完整性及立場等,不負任何法律責任。而一切留言之言論只代表留言者個人意 見,並非本網站之立場,讀者及用戶不應信賴內容,並應自行判斷內容之真實性。於有關情形下,讀者及用戶應尋求專業意見(如涉及醫療、法律或投資等問題)。 由於本討論區受到「即時上載留言」運作方式所規限,故不能完全監察所有留言,若讀者及用戶發現有留言出現問題,請聯絡我們。香港討論區有權刪除任何留言及拒絕任何人士上載留言 (刪除前或不會作事先警告及通知 ), 同時亦有不刪除留言的權利,如有任何爭議,管理員擁有最終的詮釋權 。用戶切勿撰寫粗言穢語、誹謗、渲染色情暴力或人身攻擊的言論,敬請自律。本網站保留一切法律權利。


Copyright©2003- Discuss.com.hk Limited. All Right Reserved.
版權所有,不得轉載。

10.0.1.8