 Infected by trojans and virusq |
Welcome Guest ( Log In | Click here to Register a free account now! )
Register a free account to unlock additional features at BleepingComputer.com
Welcome to Bleeping Computer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.
Forum Guidelines
Read this topic before posting a log. DO NOT post a ComboFix log unless requested to. Only members of the HijackThis Team or Moderators are allowed to help people with logs. Anyone else should refrain from posting to another user's log. When posting a log please put the type of infection you have in the topic title. IE: Winfixer, Virtumonde, WinTools, WebSearch, Home Search Assistant, etc. Do not bump your topic. We try to resolve logs on a first come/first served basis. By bumping your log you will be pushed back in line due to the new date of your bump.
  |
 Nov 21 2008, 08:26 PM
Post
#46
|
|
|
Member  Group: Members Posts: 44 Joined: 1-November 08 Member No.: 251,993  |
Version 4.35.0 [Win32/Intel] Virus data version 4.35E, November 2008 Includes detection for 537586 viruses, trojans and worms Copyright © 1989-2008 Sophos Plc, www.sophos.com System time 07:17:52, System date 22 November 2008 Command line qualifiers are: -f -remove -nc -nb -dn --stop-scan -idedir=C:\SDFix\IDE -p=C:\SDFix\SophosReport.txt IDE directory is: C:\SDFix\IDE Using IDE file fakea-hd.ide Using IDE file offmsg-a.ide Using IDE file poiso-ad.ide Using IDE file linea-fl.ide Using IDE file ircb-acr.ide Using IDE file autor-jd.ide Using IDE file dloa-bsq.ide Using IDE file agen-hqg.ide Using IDE file delf-fbc.ide Using IDE file meredr-a.ide Using IDE file dloa-bss.ide Using IDE file buzus-o.ide Using IDE file fakea-dh.ide Using IDE file delban-a.ide Using IDE file backsp-a.ide Using IDE file bank-end.ide Using IDE file agen-hqm.ide Using IDE file autor-je.ide Using IDE file linea-fs.ide Using IDE file dload-di.ide Using IDE file rootk-dr.ide Using IDE file autor-jf.ide Using IDE file agen-hqq.ide Using IDE file tibs-uw.ide Using IDE file dwnl-hht.ide Using IDE file agen-hqs.ide Using IDE file bank-ene.ide Using IDE file rexplo-d.ide Using IDE file pws-atp.ide Using IDE file gaman-ch.ide Using IDE file ytkit-a.ide Using IDE file agen-hqw.ide Using IDE file linea-fy.ide Using IDE file linea-gc.ide Using IDE file pws-atr.ide Using IDE file autor-ji.ide Using IDE file gaman-ci.ide Using IDE file autor-jk.ide Using IDE file dload-dk.ide Using IDE file fakea-dm.ide Using IDE file agen-hrd.ide Using IDE file dropr-ac.ide Using IDE file pws-att.ide Using IDE file autoit-t.ide Using IDE file autor-jl.ide Using IDE file agen-hrf.ide Using IDE file autor-jm.ide Using IDE file autoit-v.ide Using IDE file killa-ey.ide Using IDE file psyme-jy.ide Using IDE file pws-atu.ide Using IDE file agen-hrh.ide Using IDE file bho-hc.ide Using IDE file agen-hri.ide Using IDE file hostin-a.ide Using IDE file ircb-acn.ide Using IDE file linea-gk.ide Using IDE file agen-hrl.ide Using IDE file agen-hrm.ide Using IDE file psyme-jw.ide Using IDE file autor-jo.ide Using IDE file banhos-y.ide Using IDE file agen-hro.ide Using IDE file dloa-btl.ide Using IDE file agen-hrp.ide Using IDE file autor-jp.ide Using IDE file he4hoo-g.ide Using IDE file agen-hrs.ide Using IDE file fakev-fy.ide Using IDE file buzus-p.ide Using IDE file fakea-ho.ide Using IDE file agen-hrw.ide Using IDE file agen-hrx.ide Using IDE file agen-hry.ide Using IDE file backd-ab.ide Using IDE file bank-eni.ide Using IDE file wlhack-g.ide Using IDE file injec-cx.ide Using IDE file fakea-hq.ide Using IDE file autor-ju.ide Using IDE file autor-jv.ide Using IDE file zlob-aol.ide Using IDE file agen-hsk.ide Using IDE file autor-jw.ide Using IDE file ntroo-dy.ide Using IDE file autor-jy.ide Using IDE file agen-hsm.ide Using IDE file bront-dw.ide Using IDE file click-ez.ide Using IDE file autor-ke.ide Using IDE file psyme-jx.ide Using IDE file backd-ac.ide Using IDE file rootk-ds.ide Using IDE file pswd-gen.ide Using IDE file agen-hst.ide Using IDE file dwnl-hie.ide Using IDE file dorf-bu.ide Using IDE file autor-kf.ide Using IDE file obfus-b.ide Using IDE file swfdlr-b.ide Using IDE file fakea-ht.ide Using IDE file vb-ebe.ide Using IDE file agen-htc.ide Using IDE file autor-kl.ide Using IDE file dwnl-hih.ide Using IDE file zlob-aop.ide Using IDE file psyme-kd.ide Using IDE file bank-enm.ide Using IDE file fakea-eb.ide Using IDE file usract-a.ide Using IDE file fakea-ed.ide Using IDE file agen-htk.ide Using IDE file pws-aty.ide Using IDE file pws-aua.ide Using IDE file geezo-e.ide Using IDE file banhos-z.ide Using IDE file agen-hto.ide Using IDE file dloa-btz.ide Using IDE file ntroo-dz.ide Using IDE file fakea-hu.ide Using IDE file agen-htv.ide Using IDE file agen-hty.ide Using IDE file agen-hub.ide Using IDE file ntroo-ea.ide Using IDE file bankd-dj.ide Using IDE file agen-hud.ide Using IDE file swizz-og.ide Using IDE file agen-huf.ide Using IDE file sdbo-dla.ide Using IDE file pushdo-w.ide Using IDE file dwnl-hin.ide Using IDE file autor-ku.ide Using IDE file agen-hul.ide Using IDE file poiso-af.ide Using IDE file looke-ej.ide Using IDE file agen-huq.ide Using IDE file agen-hur.ide Using IDE file fakev-gf.ide Using IDE file fakev-gh.ide Using IDE file asp-c.ide Using IDE file salit-an.ide Using IDE file fakea-eh.ide Using IDE file agen-hnf.ide Using IDE file wow-kd.ide Using IDE file stayt-a.ide Using IDE file zlob-anz.ide Using IDE file autor-kx.ide Using IDE file fakea-ei.ide Using IDE file snpves-c.ide Using IDE file kolabc-d.ide Using IDE file delpdl-c.ide Using IDE file geezo-f.ide Using IDE file delf-fbf.ide Using IDE file dloa-bun.ide Using IDE file agen-hvk.ide Using IDE file agen-hvm.ide Using IDE file dwnl-his.ide Using IDE file tileb-kz.ide Using IDE file zlob-aox.ide Using IDE file autor-lb.ide Using IDE file maldoc-f.ide Using IDE file agen-hvv.ide Using IDE file dloa-bus.ide Using IDE file zlob-apa.ide Using IDE file banho-ab.ide Using IDE file drop-az.ide Using IDE file malas-h.ide Using IDE file buzus-r.ide Using IDE file agen-hwd.ide Using IDE file autor-ld.ide Using IDE file fakea-en.ide Using IDE file autor-lf.ide Using IDE file zlob-apd.ide Using IDE file pushdo-x.ide Using IDE file bancb-qz.ide Using IDE file dwnl-hiw.ide Using IDE file bho-hh.ide Using IDE file agen-hwr.ide Using IDE file yahlov-a.ide Using IDE file agen-hwt.ide Using IDE file poiso-ag.ide Using IDE file autor-li.ide Using IDE file pws-auf.ide Using IDE file agen-hwu.ide Using IDE file bckd-qpt.ide Using IDE file bank-ens.ide Using IDE file autor-lj.ide Using IDE file mdro-bwg.ide Using IDE file agen-hwy.ide Using IDE file zapch-eh.ide Using IDE file agen-hxb.ide Using IDE file emold-a.ide Using IDE file dorf-bv.ide Using IDE file zlob-ape.ide Using IDE file vb-ebj.ide Using IDE file autor-ln.ide Using IDE file autor-lq.ide Using IDE file autor-lr.ide Using IDE file dwnl-hjg.ide Using IDE file merein-a.ide Using IDE file zlob-apg.ide Using IDE file dwnl-hjh.ide Using IDE file mdro-bwh.ide Using IDE file autor-lt.ide Using IDE file agen-hxo.ide Using IDE file obfjs-bd.ide Using IDE file agen-hxq.ide Using IDE file drop-bb.ide Using IDE file autor-ly.ide Using IDE file autor-lz.ide Using IDE file fakev-gl.ide Using IDE file silly-cr.ide Using IDE file bank-ent.ide Using IDE file fakea-et.ide Using IDE file pdfex-w.ide Using IDE file zlob-api.ide Using IDE file autor-mb.ide Using IDE file agen-hxw.ide Using IDE file agen-hxy.ide Using IDE file ifram-bh.ide Using IDE file fakea-ev.ide Using IDE file agen-hyc.ide Using IDE file autor-mc.ide Using IDE file acespa-a.ide Using IDE file asp-d.ide Using IDE file autor-md.ide Using IDE file onlin-be.ide Using IDE file onlin-bf.ide Using IDE file renos-be.ide Using IDE file banc-bep.ide Using IDE file agen-hym.ide Using IDE file psw-fw.ide Using IDE file pws-aup.ide Using IDE file onlin-bh.ide Using IDE file autor-me.ide Using IDE file zlob-apn.ide Using IDE file agen-hyo.ide Using IDE file dloa-bwh.ide Using IDE file autor-mf.ide Using IDE file pws-auq.ide Using IDE file agen-hyv.ide Using IDE file agen-hyy.ide Using IDE file bho-hj.ide Using IDE file agen-hzb.ide Using IDE file pws-aut.ide Using IDE file dloa-bwo.ide Using IDE file dloa-bwr.ide Using IDE file pdfex-aa.ide Using IDE file agen-hzu.ide Using IDE file fakev-go.ide Using IDE file autor-ml.ide Using IDE file zimeno-c.ide Using IDE file obfjs-bf.ide Using IDE file autor-mo.ide Using IDE file bank-e.ide Using IDE file ifgif-a.ide Using IDE file agen-iab.ide Using IDE file wowpw-bf.ide Using IDE file pws-auy.ide Using IDE file bckd-qpz.ide Using IDE file gimmiv-a.ide Using IDE file injec-db.ide Using IDE file agen-iaj.ide Using IDE file pdfex-ac.ide Using IDE file dwnl-hjp.ide Using IDE file agen-iam.ide Using IDE file meredr-b.ide Using IDE file agen-iao.ide Using IDE file agen-ias.ide Using IDE file formad-a.ide Using IDE file dwnl-hjq.ide Using IDE file ambler-g.ide Using IDE file agen-iaw.ide Using IDE file fakea-iy.ide Using IDE file agen-iaz.ide Using IDE file swizz-oj.ide Using IDE file dloa-bwz.ide Using IDE file fakeal-a.ide Using IDE file skintr-d.ide Using IDE file agen-hny.ide Using IDE file votera-b.ide Using IDE file agen-ibh.ide Using IDE file imaut-d.ide Using IDE file fanbot-l.ide Using IDE file agen-ibm.ide Using IDE file dloa-bxb.ide Using IDE file mdro-bwl.ide Using IDE file freezo-d.ide Using IDE file dload-ed.ide Using IDE file ircb-acv.ide Using IDE file fakev-gt.ide Using IDE file agen-ibw.ide Using IDE file wimad-k.ide Using IDE file zbot-ar.ide Using IDE file agen-ibz.ide Using IDE file dloa-bxh.ide Using IDE file dloa-bxj.ide Using IDE file autor-nc.ide Using IDE file fanbot-m.ide Using IDE file fakea-fp.ide Using IDE file drop-bg.ide Using IDE file agen-ice.ide Using IDE file dwnld-e.ide Using IDE file agen-ich.ide Using IDE file zipcar-b.ide Using IDE file tiotua-w.ide Using IDE file fakea-fs.ide Using IDE file fakev-gw.ide Using IDE file dloa-bxm.ide Using IDE file dloa-bsb.ide Using IDE file smal-emq.ide Using IDE file mourn-a.ide Using IDE file autor-nj.ide Using IDE file dloa-bxp.ide Using IDE file banlo-fz.ide Using IDE file autor-nk.ide Using IDE file bho-hp.ide Using IDE file swfdlr-c.ide Using IDE file zlob-aqd.ide Using IDE file legm-arx.ide Using IDE file arinj-a.ide Using IDE file mdro-bwn.ide Using IDE file rootk-eb.ide Using IDE file agen-icv.ide Using IDE file agen-icw.ide Using IDE file autor-nn.ide Using IDE file dloa-bxx.ide Using IDE file fakea-fx.ide Using IDE file agen-icz.ide Using IDE file agen-ida.ide Using IDE file smal-emr.ide Using IDE file dload-ef.ide Using IDE file ms0806-a.ide Using IDE file dloa-byd.ide Using IDE file zlob-aqj.ide Using IDE file autor-no.ide Using IDE file dwnl-hkb.ide Using IDE file start-bn.ide Using IDE file agen-idg.ide Using IDE file maldoc-o.ide Using IDE file agen-idp.ide Using IDE file jolly-a.ide Using IDE file fakea-ft.ide Using IDE file dloa-byo.ide Using IDE file dloa-byq.ide Using IDE file fakeav-l.ide Using IDE file bancb-rb.ide Using IDE file dwnl-hkc.ide Using IDE file zlob-aqq.ide Using IDE file autor-nr.ide Using IDE file autor-nt.ide Using IDE file agen-iea.ide Using IDE file agen-iec.ide Using IDE file autor-nu.ide Using IDE file agen-iej.ide Using IDE file auexje-a.ide Using IDE file advhac-a.ide Using IDE file dwnl-hkf.ide Using IDE file zlob-aqu.ide Using IDE file autor-ny.ide Using IDE file bho-hw.ide Using IDE file autor-nz.ide Using IDE file autor-oa.ide Using IDE file autor-ob.ide Using IDE file keylo-ku.ide Using IDE file agen-iew.ide Using IDE file agen-iex.ide Using IDE file sdbo-dnj.ide Using IDE file killa-fb.ide Using IDE file delf-fbl.ide Using IDE file dwnl-hkh.ide Using IDE file bank-eoe.ide Using IDE file agen-ifh.ide Using IDE file zlob-aqz.ide Using IDE file fakea-gi.ide Using IDE file linea-go.ide Using IDE file autor-of.ide Using IDE file autor-ol.ide Using IDE file dwnl-hkk.ide Using IDE file pws-avz.ide Using IDE file freevi-a.ide Using IDE file autor-om.ide Using IDE file fakev-hi.ide Using IDE file autor-oo.ide Using IDE file banc-bev.ide Using IDE file dloa-bzl.ide Using IDE file banspy-k.ide Using IDE file fakev-hh.ide Using IDE file autor-os.ide Using IDE file bdoo-apw.ide Using IDE file dropr-ak.ide Using IDE file agen-ifz.ide Using IDE file cmjsp-am.ide Using IDE file boaxxe-g.ide Using IDE file mdro-bwv.ide Using IDE file autor-ow.ide Using IDE file autor-ox.ide Using IDE file autor-oz.ide Using IDE file agen-ign.ide Using IDE file zlob-arf.ide Using IDE file keyge-cr.ide Using IDE file keylo-kw.ide Using IDE file swizz-oy.ide Using IDE file start-bo.ide Using IDE file bank-eoj.ide Using IDE file autor-pb.ide Using IDE file banlo-ga.ide Using IDE file zbot-ax.ide Using IDE file autor-pe.ide Using IDE file autor-pf.ide Using IDE file agen-igy.ide Using IDE file autor-pg.ide Using IDE file autor-pi.ide Using IDE file sasan-k.ide Using IDE file fakea-gs.ide Using IDE file vb-ebr.ide Using IDE file bho-ig.ide Using IDE file rbot-gxf.ide Using IDE file zlob-arg.ide Using IDE file autor-pl.ide Using IDE file zbot-ay.ide Using IDE file autor-pm.ide Using IDE file r0x4h-a.ide Using IDE file dloa-caj.ide Using IDE file rootk-ef.ide Using IDE file vapsu-ad.ide Using IDE file cryptb-a.ide Using IDE file agen-ihp.ide Using IDE file atrn-jd.ide Using IDE file banho-ad.ide Using IDE file agen-ihx.ide Using IDE file click-fd.ide Using IDE file yahlov-c.ide Using IDE file diale-fv.ide Using IDE file tiotua-y.ide Using IDE file autor-pv.ide Full Scanning >>> Virus 'Troj/Dropr-K' found in file C:\Documents and Settings\Ken\桌面\Nod32 v5.81\Nod32.exe Removal successful Could not check C:\Downloads\AL pp + notes\notes\clc\Notes\筆記\情與中國文化.doc (corrupt) Could not check C:\Downloads\AL pp + notes\notes\ue\Section C Reading\sectionC.doc (corrupt) Could not check C:\Downloads\AL pp + notes\pastpaper\2.UE\marking scheme\B\00q2.files\2003 UE essay.doc (corrupt) Could not open C:\hiberfil.sys >>> Virus 'Mal/Packer' found in file C:\Kaspersky_KIS-BLKiller.exe Removal successful >>> Virus 'Troj/Dropr-K' found in file C:\System Volume Information\_restore{B2EE98FD-D5A9-41F5-8C90-1F5B77DE5284}\RP12\A0002672.exe Removal successful >>> Virus 'Mal/Packer' found in file C:\System Volume Information\_restore{B2EE98FD-D5A9-41F5-8C90-1F5B77DE5284}\RP12\A0002673.exe Removal successful 1 boot sector swept. 50558 files swept in 1 hour, 15 minutes and 18 seconds. 4 errors were encountered. 4 viruses were discovered. 4 files out of 50558 were infected. Please send infected samples to Sophos for analysis. For advice consult www.sophos.com, email support@sophos.com or telephone +44 1235 559933 Ending Sophos Anti-Virus. |
 |
 
|
|
Nov 22 2008, 09:31 AM
Post
#47
|
|
|
Malware Expert Group: HJT Team Posts: 15,378 Joined: 23-December 04 From: Pickerington, Ohio Member No.: 7,762 |
I'm curious now, how did you get your version of Nod antivirus? Was it a cracked version?
Please post a new log from OTViewIt. Has anything changed in your computer's behavior? --------------------  If I have helped you in any way, please consider a donation to help me continue the fight against malware.Failing to respond back to the person that is giving up their own time to help you not only is insensitive and disrespectful, but it guarantees that you will never receive help from me again. Please thank your helpers and there will always be help here when you need it! ======================================================== |
|
|
|
|
Nov 22 2008, 10:26 AM
Post
#48
|
|
|
Member Group: Members Posts: 44 Joined: 1-November 08 Member No.: 251,993 |
No, I first got NOD32 from internet and got the password of it by some software.
Now, I don't use the software. Therefore NOD32 is outdated. The homepage of internet explorer is still kidnapped . And there is still dll problem which I have mentioned before. |
|
|
|
|
Nov 22 2008, 10:29 AM
Post
#49
|
|
|
Member Group: Members Posts: 44 Joined: 1-November 08 Member No.: 251,993 |
OTViewIt logfile created on: 2008-11-22 23:28:07 - Run 5
OTViewIt by OldTimer - Version 1.0.20.0 Folder = C:\Documents and Settings\Ken\桌面 Windows XP Home Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation Internet Explorer (Version = 6.0.2900.2180) Locale: 00000C04 | Country: 香港特別行政區 | Language: ZHH | Date Format: yyyy-MM-dd 1022.07 Mb Total Physical Memory | 584.89 Mb Available Physical Memory | 57.23% Memory free 2.40 Gb Paging File | 2.07 Gb Available in Paging File | 86.14% Paging File free Paging file location(s): c:\pagefile.sys 1536 3072; %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files Drive C: | 148.96 Gb Total Space | 96.76 Gb Free Space | 64.96% Space Free | Partition Type: NTFS D: Drive not present or media not loaded E: Drive not present or media not loaded F: Drive not present or media not loaded G: Drive not present or media not loaded H: Drive not present or media not loaded I: Drive not present or media not loaded Computer Name: PAUL Current User Name: Ken Logged in as Administrator. Current Boot Mode: Normal Scan Mode: All users Whitelist: Off File Age = 30 Days ========== Processes ========== [2005-08-03 21:02:58 | 00,380,928 | ---- | M] (ATI Technologies Inc.) -- C:\WINDOWS\system32\ati2evxx.exe [2007-05-30 20:31:10 | 00,312,880 | ---- | M] (GRISOFT s.r.o.) -- C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe [2003-06-19 23:25:00 | 00,322,120 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE [2008-02-04 21:38:24 | 00,552,064 | ---- | M] (Eset ) -- C:\Program Files\ESET\nod32krn.exe [2007-04-19 11:08:00 | 00,708,176 | ---- | M] (PC Tools) -- C:\Program Files\Spyware Doctor\svcntaux.exe [2007-04-19 11:08:06 | 01,302,608 | ---- | M] (PC Tools) -- C:\Program Files\Spyware Doctor\swdsvc.exe [2004-08-12 18:00:00 | 00,019,456 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\tcpsvcs.exe [2004-08-12 18:00:00 | 00,031,232 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\snmp.exe [2005-04-02 01:51:48 | 00,217,600 | ---- | M] (Rocket Division Software) -- C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe [2004-08-12 18:00:00 | 00,013,824 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\wscntfy.exe [2006-05-03 03:12:00 | 00,098,304 | ---- | M] () -- C:\Program Files\Dell\Media Experience\DMXLauncher.exe [2006-07-14 21:48:17 | 00,180,269 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files\Common Files\Real\Update_OB\realsched.exe [2008-02-04 21:38:24 | 00,949,376 | ---- | M] (Eset ) -- C:\Program Files\ESET\nod32kui.exe [2005-03-22 16:20:44 | 00,339,968 | ---- | M] (SigmaTel, Inc.) -- C:\WINDOWS\stsystra.exe [2008-04-15 18:54:53 | 01,695,232 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Messenger\msmsgs.exe [2007-08-30 10:50:42 | 00,205,480 | ---- | M] (Macrovision Corporation) -- C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe [2003-01-15 11:46:24 | 00,151,552 | ---- | M] (Dachshund Software) -- C:\WINDOWS\Integrator.exe [2008-11-14 22:27:57 | 07,676,528 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe [2008-11-02 11:45:26 | 00,422,400 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Ken\桌面\OTViewIt.exe ========== (O23) Win32 Services ========== [2006-09-11 19:52:24 | 00,072,704 | ---- | M] (Adobe Systems) -- C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe -- (Adobe LM Service [On_Demand | Stopped]) [2007-10-24 01:47:22 | 00,033,800 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe -- (aspnet_state [On_Demand | Stopped]) [2005-08-03 21:02:58 | 00,380,928 | ---- | M] (ATI Technologies Inc.) -- C:\WINDOWS\system32\ati2evxx.exe -- (Ati HotKey Poller [Auto | Running]) [2007-05-30 20:31:10 | 00,312,880 | ---- | M] (GRISOFT s.r.o.) -- C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe -- (AVG Anti-Spyware Guard [Auto | Running]) File not found -- -- (AVP [Auto | Stopped]) [2007-10-24 01:47:40 | 00,070,144 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32 [On_Demand | Stopped]) [2006-10-20 21:21:24 | 00,036,864 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe -- (FontCache3.0.0.0 [On_Demand | Stopped]) [2004-10-22 02:24:18 | 00,073,728 | ---- | M] (Macrovision Corporation) -- C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe -- (IDriverT [On_Demand | Stopped]) [2006-10-30 03:33:58 | 00,741,376 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe -- (idsvc [Unknown | Stopped]) [2004-08-12 18:00:00 | 00,019,456 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\tcpsvcs.exe -- (LPDSVC [On_Demand | Stopped]) [2006-09-15 00:03:27 | 00,068,096 | ---- | M] () -- C:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe -- (Macromedia Licensing Service [On_Demand | Stopped]) [2003-06-19 23:25:00 | 00,322,120 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE -- (MDM [Auto | Running]) [2004-11-19 11:26:40 | 00,147,456 | ---- | M] (Intel® Corporation) -- C:\Program Files\Intel\PROSetWired\NCS\Sync\NetSvc.exe -- (NetSvc [On_Demand | Stopped]) [2006-10-30 03:34:02 | 00,122,880 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe -- (NetTcpPortSharing [Disabled | Stopped]) [2008-02-04 21:38:24 | 00,552,064 | ---- | M] (Eset ) -- C:\Program Files\ESET\nod32krn.exe -- (NOD32krn [Auto | Running]) [2007-08-24 03:19:12 | 00,443,776 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE -- (odserv [On_Demand | Stopped]) [2006-10-26 13:03:08 | 00,145,184 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE -- (ose [On_Demand | Stopped]) [2007-04-19 11:08:00 | 00,708,176 | ---- | M] (PC Tools) -- C:\Program Files\Spyware Doctor\svcntaux.exe -- (sdAuxService [Auto | Running]) [2007-04-19 11:08:06 | 01,302,608 | ---- | M] (PC Tools) -- C:\Program Files\Spyware Doctor\swdsvc.exe -- (sdCoreService [Auto | Running]) [2004-08-12 18:00:00 | 00,019,456 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\tcpsvcs.exe -- (SimpTcp [Auto | Running]) [2004-08-12 18:00:00 | 00,031,232 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\snmp.exe -- (SNMP [Auto | Running]) [2004-08-12 18:00:00 | 00,008,704 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\snmptrap.exe -- (SNMPTRAP [On_Demand | Stopped]) [2005-04-02 01:51:48 | 00,217,600 | ---- | M] (Rocket Division Software) -- C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe -- (StarWindService [Auto | Running]) [2007-10-18 11:31:54 | 00,098,328 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Live\Messenger\usnsvc.exe -- (usnjsvc [On_Demand | Stopped]) [2007-06-05 13:02:13 | 00,137,088 | ---- | M] (Speedbit Ltd.) -- C:\Program Files\SpeedBit Video Accelerator\VideoAcceleratorEngine.exe -- (VideoAcceleratorEngine [On_Demand | Stopped]) [2007-10-25 15:27:54 | 00,266,240 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Live\installer\WLSetupSvc.exe -- (WLSetupSvc [On_Demand | Stopped]) [2006-11-02 23:09:48 | 00,897,024 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Media Player\wmpnetwk.exe -- (WMPNetworkSvc [On_Demand | Stopped]) ========== Driver Services ========== [2004-08-12 18:00:00 | 00,005,248 | ---- | M] (Acer Laboratories Inc.) -- C:\WINDOWS\system32\drivers\aliide.sys -- (AliIde [Disabled | Stopped]) [2004-08-03 23:07:44 | 00,043,008 | ---- | M] (Advanced Micro Devices, Inc.) -- C:\WINDOWS\system32\drivers\amdagp.sys -- (amdagp [Disabled | Stopped]) [2008-02-04 21:38:25 | 00,512,096 | ---- | M] (Eset ) -- C:\WINDOWS\system32\drivers\amon.sys -- (AMON [Auto | Running]) [2004-08-12 18:00:00 | 00,026,496 | ---- | M] (Advanced System Products, Inc.) -- C:\WINDOWS\system32\drivers\asc.sys -- (asc [Disabled | Stopped]) [2004-08-12 18:00:00 | 00,014,848 | ---- | M] (Advanced System Products, Inc.) -- C:\WINDOWS\system32\drivers\asc3550.sys -- (asc3550 [Disabled | Stopped]) [2005-08-03 21:10:18 | 01,273,344 | ---- | M] (ATI Technologies Inc.) -- C:\WINDOWS\system32\drivers\ati2mtag.sys -- (ati2mtag [On_Demand | Running]) [2007-05-30 20:10:42 | 00,011,000 | ---- | M] () -- C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.sys -- (AVG Anti-Spyware Driver [System | Running]) [2007-05-30 20:10:42 | 00,010,872 | ---- | M] (GRISOFT, s.r.o.) -- C:\WINDOWS\system32\drivers\AvgAsCln.sys -- (AvgAsCln [System | Running]) [2002-10-07 13:22:06 | 00,018,660 | ---- | M] () -- C:\WINDOWS\system32\drivers\CenixFMC.sys -- (CENIXFMC [On_Demand | Stopped]) [2004-12-14 05:14:00 | 00,039,904 | ---- | M] (Adaptec, Inc.) -- C:\WINDOWS\System32\drivers\cercsr6.sys -- (cercsr6 [Boot | Stopped]) [2004-08-12 18:00:00 | 00,006,656 | ---- | M] (CMD Technology, Inc.) -- C:\WINDOWS\system32\drivers\cmdide.sys -- (CmdIde [Disabled | Stopped]) [2004-08-12 18:00:00 | 00,179,584 | ---- | M] (Mylex Corporation) -- C:\WINDOWS\system32\drivers\dac2w2k.sys -- (dac2w2k [Disabled | Stopped]) [2005-04-22 03:22:00 | 00,088,352 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\system32\drivers\drvmcdb.sys -- (drvmcdb [Boot | Running]) [2005-04-21 02:56:00 | 00,040,544 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\system32\drivers\drvnddm.sys -- (drvnddm [Auto | Running]) [2006-07-14 23:42:57 | 00,223,128 | ---- | M] (DT Soft Ltd.) -- C:\WINDOWS\system32\drivers\dtscsi.sys -- (dtscsi [On_Demand | Stopped]) [2004-10-14 16:30:46 | 00,155,648 | ---- | M] (Intel Corporation) -- C:\WINDOWS\system32\drivers\e100b325.sys -- (E100B [On_Demand | Running]) [2006-09-11 16:00:00 | 00,387,432 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\eengine\eectrl.sys -- (eeCtrl [System | Running]) [2004-08-12 18:00:00 | 00,012,160 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\fsvga.sys -- (FsVga [System | Running]) [2006-09-02 19:04:42 | 00,010,345 | ---- | M] (Applied Networking Inc.) -- C:\WINDOWS\system32\drivers\hamachi.sys -- (hamachi [On_Demand | Stopped]) [2008-04-14 00:36:05 | 00,144,384 | ---- | M] (Windows ® Server 2003 DDK provider) -- C:\WINDOWS\system32\drivers\hdaudbus.sys -- (HDAudBus [On_Demand | Running]) [2006-06-28 11:58:56 | 00,053,793 | ---- | M] (Compuware Corporation) -- C:\WINDOWS\system32\drivers\hid7906.sys -- (hid7906 [On_Demand | Stopped]) [2007-04-19 15:18:08 | 00,039,248 | ---- | M] (PCTools Research Pty Ltd.) -- C:\WINDOWS\system32\drivers\ikfileflt.sys -- (IKFileFlt [System | Running]) [2007-04-19 15:18:12 | 00,052,304 | ---- | M] (PCTools Research Pty Ltd.) -- C:\WINDOWS\system32\drivers\ikfilesec.sys -- (IKFileSec [System | Running]) [2007-04-19 15:18:16 | 00,059,984 | ---- | M] (PCTools Research Pty Ltd.) -- C:\WINDOWS\system32\drivers\iksysflt.sys -- (IkSysFlt [System | Running]) [2007-04-19 15:18:20 | 00,083,536 | ---- | M] (PCTools Research Pty Ltd.) -- C:\WINDOWS\system32\drivers\iksyssec.sys -- (IKSysSec [System | Running]) [2008-06-29 11:54:23 | 00,014,144 | ---- | M] (Hongtien) -- C:\WINDOWS\system32\drivers\IPvE.sys -- (IPvE [On_Demand | Stopped]) [2004-08-12 18:00:00 | 00,014,592 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\kbdhid.sys -- (kbdhid [System | Running]) [2004-08-12 18:00:00 | 00,017,280 | ---- | M] (American Megatrends Inc.) -- C:\WINDOWS\system32\drivers\mraid35x.sys -- (mraid35x [Disabled | Stopped]) [2007-06-19 10:52:57 | 00,011,192 | ---- | M] (Yahoo! China Corporation) -- C:\WINDOWS\system32\drivers\myxlljjp.sys -- (myxlljjp [Boot | Running]) [2004-08-12 18:00:00 | 00,040,320 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\nmnt.sys -- (nm [On_Demand | Stopped]) [2008-02-04 21:38:24 | 00,015,424 | ---- | M] () -- C:\WINDOWS\system32\drivers\nod32drv.sys -- (nod32drv [System | Running]) [2004-08-03 22:29:56 | 01,897,408 | ---- | M] (NVIDIA Corporation) -- C:\WINDOWS\system32\drivers\nv4_mini.sys -- (nv [On_Demand | Stopped]) [2004-08-12 18:00:00 | 00,017,792 | ---- | M] (Parallel Technologies, Inc.) -- C:\WINDOWS\system32\drivers\ptilink.sys -- (Ptilink [On_Demand | Running]) [2005-10-27 04:12:48 | 00,020,640 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\system32\drivers\pxhelp20.sys -- (PxHelp20 [Boot | Running]) [2004-08-12 18:00:00 | 00,040,320 | ---- | M] (QLogic Corporation) -- C:\WINDOWS\system32\drivers\ql1080.sys -- (ql1080 [Disabled | Stopped]) [2004-08-12 18:00:00 | 00,045,312 | ---- | M] (QLogic Corporation) -- C:\WINDOWS\system32\drivers\ql12160.sys -- (ql12160 [Disabled | Stopped]) [2004-08-12 18:00:00 | 00,049,024 | ---- | M] (QLogic Corporation) -- C:\WINDOWS\system32\drivers\ql1280.sys -- (ql1280 [Disabled | Stopped]) [2007-06-05 13:02:13 | 00,034,304 | ---- | M] (SpeedBit Ltd.) -- C:\Program Files\SpeedBit Video Accelerator\sbbotdi.sys -- (sbbotdi [Auto | Running]) [2004-08-12 18:00:00 | 00,027,440 | ---- | M] () -- C:\WINDOWS\system32\drivers\secdrv.sys -- (Secdrv [On_Demand | Stopped]) [2004-08-03 23:07:44 | 00,041,088 | ---- | M] (Silicon Integrated Systems Corporation) -- C:\WINDOWS\system32\drivers\sisagp.sys -- (sisagp [Disabled | Stopped]) [2004-08-12 18:00:00 | 00,019,072 | ---- | M] (Adaptec, Inc.) -- C:\WINDOWS\system32\drivers\sparrow.sys -- (Sparrow [Disabled | Stopped]) [2006-07-14 23:39:01 | 00,642,560 | ---- | M] (Duplex Secure Ltd.) -- C:\WINDOWS\system32\drivers\sptd.sys -- (sptd [Boot | Running]) [2005-05-13 10:37:28 | 00,005,627 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\system32\drivers\sscdbhk5.sys -- (sscdbhk5 [System | Running]) [2005-05-13 10:37:20 | 00,023,545 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\system32\drivers\ssrtln.sys -- (ssrtln [System | Running]) [2005-11-16 14:36:00 | 01,047,816 | ---- | M] (SigmaTel, Inc.) -- C:\WINDOWS\system32\drivers\sthda.sys -- (STHDA [On_Demand | Running]) [2004-08-12 18:00:00 | 00,016,256 | ---- | M] (Symbios Logic Inc.) -- C:\WINDOWS\system32\drivers\symc810.sys -- (symc810 [Disabled | Stopped]) [2004-08-12 18:00:00 | 00,032,640 | ---- | M] (LSI Logic) -- C:\WINDOWS\system32\drivers\symc8xx.sys -- (symc8xx [Disabled | Stopped]) [2004-08-12 18:00:00 | 00,028,384 | ---- | M] (LSI Logic) -- C:\WINDOWS\system32\drivers\sym_hi.sys -- (sym_hi [Disabled | Stopped]) [2004-08-12 18:00:00 | 00,030,688 | ---- | M] (LSI Logic) -- C:\WINDOWS\system32\drivers\sym_u3.sys -- (sym_u3 [Disabled | Stopped]) [2004-08-12 18:00:00 | 00,223,616 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\tcpip6.sys -- (Tcpip6 [System | Running]) [2005-05-31 05:33:00 | 00,025,725 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\system32\dla\tfsnboio.sys -- (tfsnboio [Auto | Running]) [2005-05-31 05:33:00 | 00,034,845 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\system32\dla\tfsncofs.sys -- (tfsncofs [Auto | Running]) [2005-05-31 05:33:00 | 00,004,125 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\system32\dla\tfsndrct.sys -- (tfsndrct [Auto | Running]) [2005-05-31 05:33:00 | 00,002,241 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\system32\dla\tfsndres.sys -- (tfsndres [Auto | Running]) [2005-05-31 05:33:00 | 00,086,876 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\system32\dla\tfsnifs.sys -- (tfsnifs [Auto | Running]) [2005-05-31 05:33:00 | 00,015,069 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\system32\dla\tfsnopio.sys -- (tfsnopio [Auto | Running]) [2005-05-31 05:33:00 | 00,006,365 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\system32\dla\tfsnpool.sys -- (tfsnpool [Auto | Running]) [2005-05-31 05:33:00 | 00,098,716 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\system32\dla\tfsnudf.sys -- (tfsnudf [Auto | Running]) [2005-05-31 05:33:00 | 00,100,605 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\system32\dla\tfsnudfa.sys -- (tfsnudfa [Auto | Running]) [2004-08-12 18:00:00 | 00,012,416 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\tunmp.sys -- (tunmp [On_Demand | Running]) [2005-10-09 01:05:16 | 00,023,600 | ---- | M] (EnTech Taiwan) -- C:\WINDOWS\system32\drivers\TVICHW32.SYS -- (TVICHW32 [On_Demand | Stopped]) [2004-08-12 18:00:00 | 00,036,736 | ---- | M] (Promise Technology, Inc.) -- C:\WINDOWS\system32\drivers\ultra.sys -- (ultra [Disabled | Stopped]) [2005-07-08 14:44:18 | 00,159,616 | ---- | M] ( ) -- C:\WINDOWS\system32\drivers\vax347b.sys -- (vax347b [Boot | Running]) [2004-04-30 09:33:00 | 00,005,248 | ---- | M] ( ) -- C:\WINDOWS\system32\drivers\vax347s.sys -- (vax347s [Boot | Running]) [2008-04-15 18:54:34 | 00,028,384 | ---- | M] () -- C:\WINDOWS\system32\drivers\vzchp.sys -- (vzchp [Boot | Running]) [2004-08-12 18:00:00 | 00,012,032 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\ws2ifsl.sys -- (WS2IFSL [System | Running]) ========== (R ) Internet Explorer ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Main] "Default_Page_URL"=http://go.microsoft.com/fwlink/?LinkId=69157 "Default_Search_URL"=http://go.microsoft.com/fwlink/?LinkId=54896 "Default_Secondary_Page_URL"= "Extensions Off Page"=about:NoAdd-ons "Local Page"=%SystemRoot%\system32\blank.htm "Search Page"=http://go.microsoft.com/fwlink/?LinkId=54896 "Security Risk Page"=about:SecurityRisk "Start Page"=http://www.microsoft.com/isapi/redir.dll?prd={SUB_PRD}&clcid={SUB_CLSID}&pver={SUB_PVER}&ar=home [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Search] "CustomizeSearch"=http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm "SearchAssistant"=http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main] "Default_Search_URL"=http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch "Local Page"=C:\WINDOWS\system32\blank.htm "Page_Transitions"= "Prev Search Page"=http://google.icq.com "Search Page"=http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch "Start Page"=www.6700.cn?tn=102760com/isapi/redir.dll?p [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchURL] ""= "provider"= [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks] "{CFBFAE00-17A6-11D0-99CB-00C04FD64497}" (HKLM) -- C:\WINDOWS\system32\shdocvw.dll (Microsoft Corporation) [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings] "ProxyEnable" = 0 [HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main] "Default_Search_URL"=http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch "Search Page"=http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch "Start Page"=www.6700.cn?tn=102760com/isapi/redir.dll?p [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings] "ProxyEnable" = 0 [HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main] "Default_Search_URL"=http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch "Search Page"=http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch "Start Page"=www.6700.cn?tn=102760com/isapi/redir.dll?p [HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings] "ProxyEnable" = 0 [HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\Main] "Default_Search_URL"=http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch "Search Page"=http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch "Start Page"=www.6700.cn?tn=102760com/isapi/redir.dll?p [HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\Main] "Default_Search_URL"=http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch "Search Page"=http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch "Start Page"=www.6700.cn?tn=102760com/isapi/redir.dll?p [HKEY_USERS\S-1-5-21-2928647282-1049154914-751282057-1006\SOFTWARE\Microsoft\Internet Explorer\Main] "Default_Search_URL"=http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch "Local Page"=C:\WINDOWS\system32\blank.htm "Page_Transitions"= "Prev Search Page"=http://google.icq.com "Search Page"=http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch "Start Page"=www.6700.cn?tn=102760//www.microsoft.com/i [HKEY_USERS\S-1-5-21-2928647282-1049154914-751282057-1006\Software\Microsoft\Internet Explorer\SearchURL] ""= "provider"= [HKEY_USERS\S-1-5-21-2928647282-1049154914-751282057-1006\Software\Microsoft\Internet Explorer\URLSearchHooks] "{CFBFAE00-17A6-11D0-99CB-00C04FD64497}" (HKLM) -- C:\WINDOWS\system32\shdocvw.dll (Microsoft Corporation) [HKEY_USERS\S-1-5-21-2928647282-1049154914-751282057-1006\Software\Microsoft\Windows\CurrentVersion\Internet Settings] "ProxyEnable" = 0 ========== (O1) Hosts File ========== HOSTS File = (265205 bytes) - C:\WINDOWS\System32\drivers\etc\Hosts First 25 entries... 127.0.0.1 localhost 127.0.0.1 www.007guard.com 127.0.0.1 007guard.com 127.0.0.1 008i.com 127.0.0.1 www.008k.com 127.0.0.1 008k.com 127.0.0.1 www.00hq.com 127.0.0.1 00hq.com 127.0.0.1 010402.com 127.0.0.1 www.032439.com 127.0.0.1 032439.com 127.0.0.1 www.0scan.com 127.0.0.1 0scan.com 127.0.0.1 100888290cs.com 127.0.0.1 www.100888290cs.com 127.0.0.1 www.100sexlinks.com 127.0.0.1 100sexlinks.com 127.0.0.1 10sek.com 127.0.0.1 www.10sek.com 127.0.0.1 123topsearch.com 127.0.0.1 www.123topsearch.com 127.0.0.1 132.com 127.0.0.1 www.132.com 127.0.0.1 www.136136.net 127.0.0.1 136136.net 9212 more lines... ========== (O2) BHO's ========== [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\] {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} (HKLM) -- C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated) {53707962-6F74-2D53-2644-206D7942484F} (HKLM) -- C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited) {5CA3D70E-1895-11CF-8E15-001234567890} (HKLM) -- C:\WINDOWS\system32\dla\tfswshx.dll (Sonic Solutions) {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} (HKLM) -- C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll (Sun Microsystems, Inc.) {7E853D72-626A-48EC-A868-BA8D5E23E045} (HKLM) -- Reg Error: Key does not exist or could not be opened. File not found {9030D464-4C02-4ABF-8ECC-5164760863C6} (HKLM) -- C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation) {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} (HKLM) -- C:\Program Files\Windows Live Toolbar\msntb.dll (Microsoft Corporation) ========== (O3) Toolbars ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ToolBar] "{BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0}" (HKLM) -- C:\Program Files\Windows Live Toolbar\msntb.dll (Microsoft Corporation) [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser] "{BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0}" (HKLM) -- C:\Program Files\Windows Live Toolbar\msntb.dll (Microsoft Corporation) [HKEY_USERS\S-1-5-21-2928647282-1049154914-751282057-1006\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser] "{BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0}" (HKLM) -- C:\Program Files\Windows Live Toolbar\msntb.dll (Microsoft Corporation) ========== (O4) Run Keys ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" (Adobe Systems Incorporated) "ATIPTA"="C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe" (ATI Technologies, Inc.) "DAEMON Tools"="C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033 (DT Soft Ltd.) "DMXLauncher"=C:\Program Files\Dell\Media Experience\DMXLauncher.exe () "IMEKRMIG6.1"=C:\WINDOWS\ime\imkr6_1\IMEKRMIG.EXE (Microsoft Corporation) "IMJPMIG8.1"="C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32 (Microsoft Corporation) "ISUSPM Startup"=c:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\isuspm.exe -startup (Macrovision Corporation) "ISUSScheduler"="C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start (Macrovision Corporation) "MSPY2002"=C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC () "nod32kui"="C:\Program Files\Eset\nod32kui.exe" /WAITSERVICE (Eset ) "PHIME2002A"=C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName (Microsoft Corporation) "PHIME2002ASync"=C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC (Microsoft Corporation) "SigmatelSysTrayApp"=stsystra.exe (SigmaTel, Inc.) "TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot (RealNetworks, Inc.) "Ulead AutoDetector v2"=C:\Program Files\Common Files\Ulead Systems\AutoDetector\monitor.exe (Ulead Systems, Inc.) "UserFaultCheck"=%systemroot%\system32\dumprep 0 -u File not found [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "ISUSPM"="C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" -scheduler (Macrovision Corporation) "MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" /background (Microsoft Corporation) [HKEY_USERS\S-1-5-21-2928647282-1049154914-751282057-1006\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "ISUSPM"="C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" -scheduler (Macrovision Corporation) "MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" /background (Microsoft Corporation) ========== (O4) RunOnce Keys ========== [HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce] "tscuninstall"=%systemroot%\system32\tscupgrd.exe (Microsoft Corporation) [HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce] "tscuninstall"=%systemroot%\system32\tscupgrd.exe (Microsoft Corporation) ========== (O4) Startup Folders ========== [2005-03-16 19:16:50 | 00,113,664 | ---- | M] (Adobe Systems, Inc.) -- C:\Documents and Settings\Ken\「開始」功能表\程式集\啟動\Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2002-12-17 12:00:44 | 02,301,798 | ---- | M] () -- C:\Documents and Settings\Ken\「開始」功能表\程式集\啟動\AntiCrash.lnk = C:\Program Files\Dachshund Software\AntiCrash\AntiCrash.exe [2002-09-21 12:26:40 | 01,874,381 | ---- | M] () -- C:\Documents and Settings\Ken\「開始」功能表\程式集\啟動\Hare.lnk = C:\Program Files\Dachshund Software\Hare\Hare.exe [2002-02-28 06:48:58 | 00,491,008 | ---- | M] (Roy) -- C:\Documents and Settings\Ken\「開始」功能表\程式集\啟動\OAhotkey.lnk = C:\EPDOA\OAHotkey.EXE [2002-09-21 12:27:14 | 01,446,302 | ---- | M] () -- C:\Documents and Settings\Ken\「開始」功能表\程式集\啟動\Zoom.lnk = C:\Program Files\Dachshund Software\Zoom\Zoom.exe File not found -- C:\Documents and Settings\Ken\「開始」功能表\程式集\啟動\粗箇QQ珆IP.lnk = C:\Program Files\粗箇QQ\CaiHong.exe ========== (O6 & O7) Current Version Policies ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer] "NoCDBurning"=0 "NoDriveTypeAutoRun"=227 "NoDrives"=0 "NoDriveAutoRun"=67108863 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System] "dontdisplaylastusername"=0 "legalnoticecaption"= "legalnoticetext"= "shutdownwithoutlogon"=1 "undockwithoutlogon"=1 "HideLegacyLogonScripts"=0 "HideLogoffScripts"=0 "RunLogonScriptSync"=1 "RunStartupScriptSync"=0 "HideStartupScripts"=0 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer] "NoDrives"=0 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System] "HideLegacyLogonScripts"=0 "HideLogoffScripts"=0 "RunLogonScriptSync"=1 "RunStartupScriptSync"=0 "HideStartupScripts"=0 "DisableRegistryTools"=0 [HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer] "NoDriveTypeAutoRun"=145 [HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer] "NoDriveTypeAutoRun"=145 [HKEY_USERS\S-1-5-21-2928647282-1049154914-751282057-1006\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer] "NoDrives"=0 [HKEY_USERS\S-1-5-21-2928647282-1049154914-751282057-1006\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System] "HideLegacyLogonScripts"=0 "HideLogoffScripts"=0 "RunLogonScriptSync"=1 "RunStartupScriptSync"=0 "HideStartupScripts"=0 "DisableRegistryTools"=0 ========== (O8) IE Context Menu Extensions ========== [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\MenuExt\] &Windows Live Search: C:\Program Files\Windows Live Toolbar\msntb.dll [2007-10-19 11:20:48 | 00,546,320 | ---- | M] (Microsoft Corporation) &ㄏ? FlashGet 更: Reg Error: Value does not exist or could not be read. File not found &ㄏノ FlashGet 更: C:\FlashGet\jc_link.htm File not found &全部使用 FlashGet 下載: C:\FlashGet\jc_all.htm File not found &妏蚚捃濘狟婥: Reg Error: Value does not exist or could not be read. File not found &妏蚚捃濘狟婥窒蟈諉: Reg Error: Value does not exist or could not be read. File not found &使用 FlashGet 下載: C:\FlashGet\jc_link.htm File not found &使用迅雷下載: C:\Program Files\Thunder Network\Thunder\Program\geturl.htm [2006-11-22 23:54:24 | 00,003,144 | ---- | M] () &使用迅雷下載全部鏈接: C:\Program Files\Thunder Network\Thunder\Program\getAllurl.htm [2006-09-14 15:00:10 | 00,001,481 | ---- | M] () &?ㄏ? FlashGet 更: Reg Error: Value does not exist or could not be read. File not found &场ㄏノ FlashGet 更: C:\FlashGet\jc_all.htm File not found 匯出至 Microsoft Office Excel(&X): Reg Error: Value does not exist or could not be read. File not found [HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\MenuExt\] !搜一搜: C:\Program Files\YiSou\yisou.dll File not found Add to Windows &Live Favorites: File not found 匯出至 Microsoft Office Excel(&X): C:\Program Files\Microsoft Office\OFFICE11\EXCEL.EXE [2008-08-04 16:12:50 | 10,354,176 | ---- | M] (Microsoft Corporation) [HKEY_USERS\S-1-5-18\Software\Microsoft\Internet Explorer\MenuExt\] !搜一搜: C:\Program Files\YiSou\yisou.dll File not found Add to Windows &Live Favorites: File not found 匯出至 Microsoft Office Excel(&X): C:\Program Files\Microsoft Office\OFFICE11\EXCEL.EXE [2008-08-04 16:12:50 | 10,354,176 | ---- | M] (Microsoft Corporation) [HKEY_USERS\S-1-5-19\Software\Microsoft\Internet Explorer\MenuExt\] !搜一搜: Reg Error: Key does not exist or could not be opened. File not found Add to Windows &Live Favorites: Reg Error: Key does not exist or could not be opened. File not found 匯出至 Microsoft Office Excel(&X): Reg Error: Key does not exist or could not be opened. File not found [HKEY_USERS\S-1-5-20\Software\Microsoft\Internet Explorer\MenuExt\] !搜一搜: Reg Error: Key does not exist or could not be opened. File not found Add to Windows &Live Favorites: Reg Error: Key does not exist or could not be opened. File not found 匯出至 Microsoft Office Excel(&X): Reg Error: Key does not exist or could not be opened. File not found [HKEY_USERS\S-1-5-21-2928647282-1049154914-751282057-1006\Software\Microsoft\Internet Explorer\MenuExt\] &Windows Live Search: C:\Program Files\Windows Live Toolbar\msntb.dll [2007-10-19 11:20:48 | 00,546,320 | ---- | M] (Microsoft Corporation) &ㄏ? FlashGet 更: Reg Error: Value does not exist or could not be read. File not found &ㄏノ FlashGet 更: C:\FlashGet\jc_link.htm File not found &全部使用 FlashGet 下載: C:\FlashGet\jc_all.htm File not found &妏蚚捃濘狟婥: Reg Error: Value does not exist or could not be read. File not found &妏蚚捃濘狟婥窒蟈諉: Reg Error: Value does not exist or could not be read. File not found &使用 FlashGet 下載: C:\FlashGet\jc_link.htm File not found &使用迅雷下載: C:\Program Files\Thunder Network\Thunder\Program\geturl.htm [2006-11-22 23:54:24 | 00,003,144 | ---- | M] () &使用迅雷下載全部鏈接: C:\Program Files\Thunder Network\Thunder\Program\getAllurl.htm [2006-09-14 15:00:10 | 00,001,481 | ---- | M] () &?ㄏ? FlashGet 更: Reg Error: Value does not exist or could not be read. File not found &场ㄏノ FlashGet 更: C:\FlashGet\jc_all.htm File not found 匯出至 Microsoft Office Excel(&X): Reg Error: Value does not exist or could not be read. File not found ========== (O9) IE Extensions ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\] {08B0E5C0-4FCB-11CF-AAA5-00401C608501}: Menu: Sun Java 主控台 -- %ProgramFiles%\Java\jre1.6.0_07\bin\npjpi160_07.dll [2008-06-10 04:27:02 | 00,132,496 | ---- | M] (Sun Microsystems, Inc.) {219C3416-8CB2-491a-A3C7-D9FCDDC9D600}: Button: 發佈至部落格 -- %ProgramFiles%\Windows Live\Writer\WriterBrowserExtension.dll [2007-10-26 18:09:54 | 00,154,640 | ---- | M] (Microsoft Corporation) {219C3416-8CB2-491a-A3C7-D9FCDDC9D600}: Menu: 使用 Windows Live Writer 發佈至部落格(&B) -- %ProgramFiles%\Windows Live\Writer\WriterBrowserExtension.dll [2007-10-26 18:09:54 | 00,154,640 | ---- | M] (Microsoft Corporation) {92780B25-18CC-41C8-B9BE-3C9C571A8263}: Button: 參考資料 -- %ProgramFiles%\Microsoft Office\OFFICE11\REFIEBAR.DLL [2007-04-19 14:10:18 | 00,063,840 | ---- | M] (Microsoft Corporation) {DFB852A3-47F8-48C4-A200-58CAB36FD2A2}: Menu: Spybot - Search & Destroy Configuration -- %ProgramFiles%\Spybot - Search & Destroy\SDHelper.dll [2008-09-15 14:25:44 | 01,562,960 | RHS- | M] (Safer Networking Limited) {FB5F1910-F110-11d2-BB9E-00C04F795683}: Button: Messenger -- %ProgramFiles%\Messenger\msmsgs.exe [2008-04-15 18:54:53 | 01,695,232 | ---- | M] (Microsoft Corporation) {FB5F1910-F110-11d2-BB9E-00C04F795683}: Menu: Windows Messenger -- %ProgramFiles%\Messenger\msmsgs.exe [2008-04-15 18:54:53 | 01,695,232 | ---- | M] (Microsoft Corporation) [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Extensions\] CmdMapping\\{0062C9BD-B349-40DE-91A0-755F37ACD559} [HKLM] -> [Reg Error: Key does not exist or could not be opened.] -> File not found CmdMapping\\{08B0E5C0-4FCB-11CF-AAA5-00401C608501} [HKLM] -> %SystemRoot%\system32\msjava.dll [Web Browser Applet Control] -> [2003-02-28 18:26:26 | 00,947,472 | ---- | M] (Microsoft Corporation) CmdMapping\\{09BA8F6D-CB54-424B-839C-C2A6C8E6B436} [HKLM] -> [Reg Error: Key does not exist or could not be opened.] -> File not found CmdMapping\\{0A155D3C-68E2-4215-A47A-E800A446447A} [HKLM] -> [Reg Error: Key does not exist or could not be opened.] -> File not found CmdMapping\\{1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} [HKLM] -> [Reg Error: Key does not exist or could not be opened.] -> File not found CmdMapping\\{219C3416-8CB2-491a-A3C7-D9FCDDC9D600} [HKLM] -> %ProgramFiles%\Windows Live\Writer\WriterBrowserExtension.dll [發佈至部落格] -> [2007-10-26 18:09:54 | 00,154,640 | ---- | M] (Microsoft Corporation) CmdMapping\\{507F9113-CD77-4866-BA92-0E86DA3D0B97} [HKLM] -> [Reg Error: Key does not exist or could not be opened.] -> File not found CmdMapping\\{59BC54A2-56B3-44a0-93E5-432D58746E26} [HKLM] -> [Reg Error: Key does not exist or could not be opened.] -> File not found CmdMapping\\{5E638779-1818-4754-A595-EF1C63B87A56} [HKLM] -> [Reg Error: Key does not exist or could not be opened.] -> File not found CmdMapping\\{6224f700-cba3-4071-b251-47cb894244cd} [HKLM] -> [Reg Error: Key does not exist or could not be opened.] -> File not found CmdMapping\\{77BF5300-1474-4EC7-9980-D32B190E9B07} [HKLM] -> [Reg Error: Key does not exist or could not be opened.] -> File not found CmdMapping\\{85d1f590-48f4-11d9-9669-0800200c9a66} [HKLM] -> [Reg Error: Key does not exist or could not be opened.] -> File not found CmdMapping\\{92780B25-18CC-41C8-B9BE-3C9C571A8263} [HKLM] -> %ProgramFiles%\Microsoft Office\OFFICE11\REFIEBAR.DLL [參考資料] -> [2007-04-19 14:10:18 | 00,063,840 | ---- | M] (Microsoft Corporation) CmdMapping\\{962EFB8E-2683-42d4-AC74-AAA4C759B9C6} [HKLM] -> [Reg Error: Key does not exist or could not be opened.] -> File not found CmdMapping\\{9885224C-1217-4c5f-83C2-00002E6CEF2B} [HKLM] -> [Reg Error: Key does not exist or could not be opened.] -> File not found CmdMapping\\{B863453A-26C3-4e1f-A54D-A2CD196348E9} [HKLM] -> [Reg Error: Key does not exist or could not be opened.] -> File not found CmdMapping\\{D6E814A0-E0C5-11d4-8D29-0050BA6940E3} [HKLM] -> [Reg Error: Key does not exist or could not be opened.] -> File not found CmdMapping\\{DFB852A3-47F8-48C4-A200-58CAB36FD2A2} [HKLM] -> %ProgramFiles%\Spybot - Search & Destroy\SDHelper.dll [Spybot - Search & Destroy Configuration] -> [2008-09-15 14:25:44 | 01,562,960 | RHS- | M] (Safer Networking Limited) CmdMapping\\{E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} [HKLM] -> [Reg Error: Key does not exist or could not be opened.] -> File not found CmdMapping\\{ECF2E268-F28C-48d2-9AB7-8F69C11CCB71} [HKLM] -> [Reg Error: Key does not exist or could not be opened.] -> File not found CmdMapping\\{FB5F1910-F110-11d2-BB9E-00C04F795683} [HKLM] -> %ProgramFiles%\Messenger\msmsgs.exe [Messenger] -> [2008-04-15 18:54:53 | 01,695,232 | ---- | M] (Microsoft Corporation) CmdMapping\\{FD00D911-7529-4084-9946-A29F1BDF4FE5} [HKLM] -> [Reg Error: Key does not exist or could not be opened.] -> File not found [HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Extensions\] CmdMapping\\{08B0E5C0-4FCB-11CF-AAA5-00401C608501} [HKLM] -> %SystemRoot%\system32\msjava.dll [Web Browser Applet Control] -> [2003-02-28 18:26:26 | 00,947,472 | ---- | M] (Microsoft Corporation) CmdMapping\\{219C3416-8CB2-491a-A3C7-D9FCDDC9D600} [HKLM] -> %ProgramFiles%\Windows Live\Writer\WriterBrowserExtension.dll [發佈至部落格] -> [2007-10-26 18:09:54 | 00,154,640 | ---- | M] (Microsoft Corporation) CmdMapping\\{92780B25-18CC-41C8-B9BE-3C9C571A8263} [HKLM] -> %ProgramFiles%\Microsoft Office\OFFICE11\REFIEBAR.DLL [參考資料] -> [2007-04-19 14:10:18 | 00,063,840 | ---- | M] (Microsoft Corporation) CmdMapping\\{D6E814A0-E0C5-11d4-8D29-0050BA6940E3} [HKLM] -> [Reg Error: Key does not exist or could not be opened.] -> File not found CmdMapping\\{DFB852A3-47F8-48C4-A200-58CAB36FD2A2} [HKLM] -> %ProgramFiles%\Spybot - Search & Destroy\SDHelper.dll [Spybot - Search & Destroy Configuration] -> [2008-09-15 14:25:44 | 01,562,960 | RHS- | M] (Safer Networking Limited) CmdMapping\\{FB5F1910-F110-11d2-BB9E-00C04F795683} [HKLM] -> %ProgramFiles%\Messenger\msmsgs.exe [Messenger] -> [2008-04-15 18:54:53 | 01,695,232 | ---- | M] (Microsoft Corporation) [HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Extensions\] CmdMapping\\{08B0E5C0-4FCB-11CF-AAA5-00401C608501} [HKLM] -> %SystemRoot%\system32\msjava.dll [Web Browser Applet Control] -> [2003-02-28 18:26:26 | 00,947,472 | ---- | M] (Microsoft Corporation) CmdMapping\\{219C3416-8CB2-491a-A3C7-D9FCDDC9D600} [HKLM] -> %ProgramFiles%\Windows Live\Writer\WriterBrowserExtension.dll [發佈至部落格] -> [2007-10-26 18:09:54 | 00,154,640 | ---- | M] (Microsoft Corporation) CmdMapping\\{92780B25-18CC-41C8-B9BE-3C9C571A8263} [HKLM] -> %ProgramFiles%\Microsoft Office\OFFICE11\REFIEBAR.DLL [參考資料] -> [2007-04-19 14:10:18 | 00,063,840 | ---- | M] (Microsoft Corporation) CmdMapping\\{D6E814A0-E0C5-11d4-8D29-0050BA6940E3} [HKLM] -> [Reg Error: Key does not exist or could not be opened.] -> File not found CmdMapping\\{DFB852A3-47F8-48C4-A200-58CAB36FD2A2} [HKLM] -> %ProgramFiles%\Spybot - Search & Destroy\SDHelper.dll [Spybot - Search & Destroy Configuration] -> [2008-09-15 14:25:44 | 01,562,960 | RHS- | M] (Safer Networking Limited) CmdMapping\\{FB5F1910-F110-11d2-BB9E-00C04F795683} [HKLM] -> %ProgramFiles%\Messenger\msmsgs.exe [Messenger] -> [2008-04-15 18:54:53 | 01,695,232 | ---- | M] (Microsoft Corporation) [HKEY_USERS\S-1-5-21-2928647282-1049154914-751282057-1006\SOFTWARE\Microsoft\Internet Explorer\Extensions\] CmdMapping\\{0062C9BD-B349-40DE-91A0-755F37ACD559} [HKLM] -> [Reg Error: Key does not exist or could not be opened.] -> File not found CmdMapping\\{08B0E5C0-4FCB-11CF-AAA5-00401C608501} [HKLM] -> %SystemRoot%\system32\msjava.dll [Web Browser Applet Control] -> [2003-02-28 18:26:26 | 00,947,472 | ---- | M] (Microsoft Corporation) CmdMapping\\{09BA8F6D-CB54-424B-839C-C2A6C8E6B436} [HKLM] -> [Reg Error: Key does not exist or could not be opened.] -> File not found CmdMapping\\{0A155D3C-68E2-4215-A47A-E800A446447A} [HKLM] -> [Reg Error: Key does not exist or could not be opened.] -> File not found CmdMapping\\{1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} [HKLM] -> [Reg Error: Key does not exist or could not be opened.] -> File not found CmdMapping\\{219C3416-8CB2-491a-A3C7-D9FCDDC9D600} [HKLM] -> %ProgramFiles%\Windows Live\Writer\WriterBrowserExtension.dll [發佈至部落格] -> [2007-10-26 18:09:54 | 00,154,640 | ---- | M] (Microsoft Corporation) CmdMapping\\{507F9113-CD77-4866-BA92-0E86DA3D0B97} [HKLM] -> [Reg Error: Key does not exist or could not be opened.] -> File not found CmdMapping\\{59BC54A2-56B3-44a0-93E5-432D58746E26} [HKLM] -> [Reg Error: Key does not exist or could not be opened.] -> File not found CmdMapping\\{5E638779-1818-4754-A595-EF1C63B87A56} [HKLM] -> [Reg Error: Key does not exist or could not be opened.] -> File not found CmdMapping\\{6224f700-cba3-4071-b251-47cb894244cd} [HKLM] -> [Reg Error: Key does not exist or could not be opened.] -> File not found CmdMapping\\{77BF5300-1474-4EC7-9980-D32B190E9B07} [HKLM] -> [Reg Error: Key does not exist or could not be opened.] -> File not found CmdMapping\\{85d1f590-48f4-11d9-9669-0800200c9a66} [HKLM] -> [Reg Error: Key does not exist or could not be opened.] -> File not found CmdMapping\\{92780B25-18CC-41C8-B9BE-3C9C571A8263} [HKLM] -> %ProgramFiles%\Microsoft Office\OFFICE11\REFIEBAR.DLL [參考資料] -> [2007-04-19 14:10:18 | 00,063,840 | ---- | M] (Microsoft Corporation) CmdMapping\\{962EFB8E-2683-42d4-AC74-AAA4C759B9C6} [HKLM] -> [Reg Error: Key does not exist or could not be opened.] -> File not found CmdMapping\\{9885224C-1217-4c5f-83C2-00002E6CEF2B} [HKLM] -> [Reg Error: Key does not exist or could not be opened.] -> File not found CmdMapping\\{B863453A-26C3-4e1f-A54D-A2CD196348E9} [HKLM] -> [Reg Error: Key does not exist or could not be opened.] -> File not found CmdMapping\\{D6E814A0-E0C5-11d4-8D29-0050BA6940E3} [HKLM] -> [Reg Error: Key does not exist or could not be opened.] -> File not found CmdMapping\\{DFB852A3-47F8-48C4-A200-58CAB36FD2A2} [HKLM] -> %ProgramFiles%\Spybot - Search & Destroy\SDHelper.dll [Spybot - Search & Destroy Configuration] -> [2008-09-15 14:25:44 | 01,562,960 | RHS- | M] (Safer Networking Limited) CmdMapping\\{E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} [HKLM] -> [Reg Error: Key does not exist or could not be opened.] -> File not found CmdMapping\\{ECF2E268-F28C-48d2-9AB7-8F69C11CCB71} [HKLM] -> [Reg Error: Key does not exist or could not be opened.] -> File not found CmdMapping\\{FB5F1910-F110-11d2-BB9E-00C04F795683} [HKLM] -> %ProgramFiles%\Messenger\msmsgs.exe [Messenger] -> [2008-04-15 18:54:53 | 01,695,232 | ---- | M] (Microsoft Corporation) CmdMapping\\{FD00D911-7529-4084-9946-A29F1BDF4FE5} [HKLM] -> [Reg Error: Key does not exist or could not be opened.] -> File not found ========== (O12) Internet Explorer Plugins ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Plugins\] PluginsPage: "" = http://activex.microsoft.com/controls/find...=%s&mime=%s PluginsPageFriendlyName: "" = Microsoft ActiveX Gallery ========== (O13) Default Prefixes ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\URL\DefaultPrefix] ""=http:// ========== (O15) Trusted Sites ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\] 47 domain(s) and sub-domain(s) not assigned to a zone. [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\] 46 domain(s) and sub-domain(s) not assigned to a zone. [HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\] 46 domain(s) and sub-domain(s) not assigned to a zone. [HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\] 46 domain(s) and sub-domain(s) not assigned to a zone. [HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\] 32 domain(s) and sub-domain(s) not assigned to a zone. [HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\] 32 domain(s) and sub-domain(s) not assigned to a zone. [HKEY_USERS\S-1-5-21-2928647282-1049154914-751282057-1006\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\] 46 domain(s) and sub-domain(s) not assigned to a zone. ========== (O16) DPF ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\] {00000055-9980-0010-8000-00AA00389B71}: http://codecs.microsoft.com/codecs/i386/fhg.CAB -- Reg Error: Key does not exist or could not be opened. {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8}: http://download.microsoft.com/download/e/4.../OGAControl.cab -- Office Genuine Advantage Validation Tool {17492023-C23A-453E-A040-C7C580BBF700}: http://go.microsoft.com/fwlink/?linkid=39204 -- Windows Genuine Advantage Validation Tool {3E68E405-C6DE-49FF-83AE-41EE9F4C36CE}: http://office.microsoft.com/officeupdate/content/opuc3.cab -- Office Update Installation Engine {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499}: http://download.bitdefender.com/resources/scan8/oscan8.cab -- BDSCANONLINE Control {6E32070A-766D-4EE6-879C-DC1FA91D2FC3}: http://update.microsoft.com/microsoftupdat...b?1155309127156 -- MUWebControl Class {8AD9C840-044E-11D1-B3E9-00805F499D93}: http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab -- Java Plug-in 1.6.0_07 {8FFBE65D-2C9C-4669-84BD-5829DC0B603C}: http://fpdownload.macromedia.com/get/flash...t/ultrashim.cab -- Reg Error: Key does not exist or could not be opened. {9D190AE6-C81E-4039-8061-978EBAD10073}: http://support.f-secure.com/ols/fscax.cab -- F-Secure Online Scanner 3.0 {C3F79A2B-B9B4-4A66-B012-3EE46475B072}: http://messenger.zone.msn.com/binary/Messe...nt.cab56907.cab -- MessengerStatsClient Class {CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA}: http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab -- Java Plug-in 1.6.0_02 {CAFEEFAC-0016-0000-0006-ABCDEFFEDCBA}: http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab -- Java Plug-in 1.6.0_06 {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}: http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab -- Java Plug-in 1.6.0_07 {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}: http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab -- Java Plug-in 1.6.0_07 {CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7}: http://www.adobe.com/products/acrobat/nos/gp.cab -- get_atlcom Class {D27CDB6E-AE6D-11CF-96B8-444553540000}: http://download.macromedia.com/pub/shockwa...ash/swflash.cab -- Shockwave Flash Object {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48}: http://messenger.zone.msn.com/binary/MineS...er.cab56986.cab -- Minesweeper Flags Class Microsoft XML Parser for Java: file://C:\WINDOWS\Java\classes\xmldso.cab -- Reg Error: Key does not exist or could not be opened. ========== (O17) DNS Name Servers ========== {0F94EF78-DE4B-40F7-8E55-A868CEC880FD} (Servers: | Description: Intel® PRO/100 VE Network Connection) ========== (O19) User Style Sheets ========== [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Styles] ========== Shell Execute Hooks ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks] "{57B86673-276A-48B2-BAE7-C6DBB3020EB8}" (HKLM) -- C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\shellexecutehook.dll (GRISOFT s.r.o.) ========== Safeboot Options ========== "AlternateShell"=cmd.exe ========== CDRom AutoRun Settings ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom] "AutoRun" = 1 ========== Autorun Files on Drives ========== AUTOEXEC.BAT [] [2004-09-07 11:10:30 | 00,000,000 | ---- | M] () -- C:\AUTOEXEC.BAT -- [ NTFS ] ========== Files/Folders - Created Within 30 Days ========== [1 C:\*.tmp files] [6 C:\Documents and Settings\Ken\桌面\*.tmp files] [2008-11-22 23:21:41 | 00,064,512 | -H-- | C] () -- C:\Documents and Settings\Ken\Application Data\dach100.dll [2008-11-22 07:17:30 | 00,000,000 | ---D | C] -- C:\SAV32CLI [2008-11-20 23:11:10 | 00,000,000 | ---D | C] -- C:\ComboFix [2008-11-20 23:11:09 | 00,472,064 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\CF5202.exe [2008-11-19 23:18:43 | 10,717,96224 | -HS- | C] () -- C:\hiberfil.sys [2008-11-17 19:39:19 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Ken\My Documents\新資料夾 [2008-11-16 21:45:25 | 00,035,840 | ---- | C] () -- C:\Documents and Settings\Ken\桌面\Peer-to-peer vs clientserver.doc [2008-11-16 21:25:59 | 00,000,000 | -HSD | C] -- C:\RECYCLER [2008-11-16 00:09:53 | 00,001,729 | ---- | C] () -- C:\Documents and Settings\All Users\桌面\Adobe Reader 8.lnk [2008-11-15 21:05:22 | 00,000,060 | ---- | C] () -- C:\WINDOWS\zoom.dat [2008-11-15 21:05:19 | 00,000,061 | ---- | C] () -- C:\WINDOWS\hare.dat [2008-11-15 21:05:18 | 00,000,066 | ---- | C] () -- C:\WINDOWS\anticrash.dat [2008-11-15 09:43:24 | 00,000,000 | ---D | C] -- C:\_OTMoveIt [2008-11-15 09:41:29 | 00,349,696 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Ken\桌面\OTMoveIt3.exe [2008-11-11 23:39:04 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Ken\Application Data\WinRAR [2008-11-11 23:25:10 | 00,000,000 | ---D | C] -- C:\WINDOWS\ERUNT [2008-11-11 23:19:01 | 00,000,000 | ---D | C] -- C:\SDFix [2008-11-11 23:18:23 | 01,529,241 | ---- | C] () -- C:\Documents and Settings\Ken\桌面\SDFix.exe [2008-11-10 23:54:27 | 00,000,696 | ---- | C] () -- C:\Documents and Settings\All Users\桌面\Malwarebytes' Anti-Malware.lnk [2008-11-10 23:54:26 | 00,015,504 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys [2008-11-10 23:54:24 | 00,038,496 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys [2008-11-10 23:54:22 | 00,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware [2008-11-10 23:23:50 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Ken\Application Data\Malwarebytes [2008-11-10 23:23:43 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes [2008-11-10 23:22:50 | 02,372,472 | ---- | C] (Malwarebytes Corporation ) -- C:\Documents and Settings\Ken\桌面\mbam-setup.exe [2008-11-09 00:27:22 | 00,054,156 | -H-- | C] () -- C:\WINDOWS\QTFont.qfn [2008-11-09 00:27:22 | 00,001,409 | ---- | C] () -- C:\WINDOWS\QTFont.for [2008-11-03 23:48:31 | 00,000,000 | -H-- | C] () -- C:\Documents and Settings\Ken\My Documents\Default.rdp [2008-11-03 00:39:33 | 00,000,211 | ---- | C] () -- C:\Boot.bak [2008-11-03 00:39:29 | 00,260,272 | ---- | C] () -- C:\cmldr [2008-11-03 00:39:26 | 00,000,000 | RHSD | C] -- C:\cmdcons [2008-11-03 00:30:59 | 03,046,730 | R--- | C] () -- C:\Documents and Settings\Ken\桌面\ComboFix.exe [2008-11-02 12:52:44 | 00,022,832 | ---- | C] () -- C:\Documents and Settings\Ken\桌面\中化感想.rtf [2008-11-02 11:45:13 | 00,422,400 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Ken\桌面\OTViewIt.exe [2008-11-01 21:06:30 | 00,401,720 | ---- | C] (Trend Micro Inc.) -- C:\Documents and Settings\Ken\桌面\HiJackThis.exe [2008-11-01 20:52:49 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Ken\桌面\Hijackthis [2008-11-01 06:40:36 | 10,718,37184 | ---- | C] () -- C:\WINDOWS\MEMORY.DMP [2008-11-01 06:40:36 | 00,000,000 | ---D | C] -- C:\WINDOWS\dell [2008-11-01 00:10:31 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Ken\Application Data\Talkback [2008-10-31 23:29:52 | 00,000,000 | ---D | C] -- C:\WINDOWS\Prefetch [2008-10-31 23:24:00 | 00,041,600 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\weitekp9.dll [2008-10-31 23:24:00 | 00,031,232 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\weitekp9.sys [2008-10-31 23:23:56 | 00,048,256 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\w32.dll [2008-10-31 23:23:45 | 00,015,872 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\tsprof.exe [2008-10-31 23:23:42 | 00,185,344 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\thawbrkr.dll [2008-10-31 23:23:42 | 00,019,464 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\tdspx.sys [2008-10-31 23:23:41 | 00,021,896 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\tdipx.sys [2008-10-31 23:23:41 | 00,013,192 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\tdasync.sys [2008-10-31 23:23:36 | 00,101,376 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\srusbusd.dll [2008-10-31 23:23:32 | 00,040,448 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\snmpthrd.dll [2008-10-31 23:23:32 | 00,007,168 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\EXCH_snprfdll.dll [2008-10-31 23:23:31 | 00,424,960 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\smtpsvc.dll [2008-10-31 23:23:31 | 00,259,072 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\snmpcl.dll [2008-10-31 23:23:30 | 00,012,288 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\EXCH_smtpctrs.dll [2008-10-31 23:23:29 | 00,038,912 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\sm9aw.dll [2008-10-31 23:23:29 | 00,031,744 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\smb6w.dll [2008-10-31 23:23:29 | 00,031,744 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\sma3w.dll [2008-10-31 23:23:29 | 00,029,184 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\sm8cw.dll [2008-10-31 23:23:29 | 00,026,624 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\sm93w.dll [2008-10-31 23:23:29 | 00,026,624 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\sm92w.dll [2008-10-31 23:23:29 | 00,026,112 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\sm90w.dll [2008-10-31 23:23:29 | 00,026,112 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\sm8dw.dll [2008-10-31 23:23:29 | 00,026,112 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\sm8aw.dll [2008-10-31 23:23:29 | 00,026,112 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\sm89w.dll [2008-10-31 23:23:28 | 00,030,208 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\sm87w.dll [2008-10-31 23:23:28 | 00,030,208 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\sm81w.dll [2008-10-31 23:23:28 | 00,025,088 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\sm59w.dll [2008-10-31 23:23:20 | 00,026,112 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\EXCH_seos.dll [2008-10-31 23:23:19 | 00,057,856 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\EXCH_scripto.dll [2008-10-31 23:23:16 | 00,079,872 | ---- | C] (Ricoh Co., Ltd.) -- C:\WINDOWS\System32\dllcache\rwia330.dll [2008-10-31 23:23:16 | 00,079,872 | ---- | C] (Ricoh Co., Ltd.) -- C:\WINDOWS\System32\dllcache\rwia001.dll [2008-10-31 23:23:16 | 00,026,624 | ---- | C] (Ricoh Co., Ltd.) -- C:\WINDOWS\System32\dllcache\rw330ext.dll [2008-10-31 23:23:16 | 00,024,576 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\rw001ext.dll [2008-10-31 23:23:12 | 00,023,040 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\EXCH_regtrace.exe [2008-10-31 23:23:12 | 00,016,384 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\register.exe [2008-10-31 23:23:08 | 00,020,736 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ramdisk.sys [2008-10-31 23:23:08 | 00,018,432 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\quser.exe [2008-10-31 23:23:08 | 00,010,752 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\query.exe [2008-10-31 23:23:03 | 00,131,584 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\pmxviceo.dll [2008-10-31 23:23:03 | 00,068,608 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\plugin.ocx [2008-10-31 23:23:03 | 00,011,264 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\pmxmcro.dll [2008-10-31 23:23:03 | 00,006,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\pmxgl.dll [2008-10-31 23:22:54 | 00,038,912 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\EXCH_ntfsdrv.dll [2008-10-31 23:22:45 | 00,111,104 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mtstocom.exe [2008-10-31 23:22:28 | 00,007,680 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\migregdb.exe [2008-10-31 23:22:27 | 00,092,416 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mga.sys [2008-10-31 23:22:27 | 00,092,032 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mga.dll [2008-10-31 23:22:25 | 00,065,536 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\EXCH_mailmsg.dll [2008-10-31 23:22:21 | 00,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdvntc.dll [2008-10-31 23:22:21 | 00,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdusa.dll [2008-10-31 23:22:21 | 00,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdurdu.dll [2008-10-31 23:22:20 | 00,006,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdth3.dll [2008-10-31 23:22:20 | 00,006,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdth2.dll [2008-10-31 23:22:20 | 00,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdth1.dll [2008-10-31 23:22:20 | 00,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdth0.dll [2008-10-31 23:22:20 | 00,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdsyr2.dll [2008-10-31 23:22:20 | 00,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdsyr1.dll [2008-10-31 23:22:18 | 00,006,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdinpun.dll [2008-10-31 23:22:18 | 00,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdintel.dll [2008-10-31 23:22:18 | 00,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdintam.dll [2008-10-31 23:22:18 | 00,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdinmar.dll [2008-10-31 23:22:18 | 00,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdinkan.dll [2008-10-31 23:22:18 | 00,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdinhin.dll [2008-10-31 23:22:18 | 00,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdinguj.dll [2008-10-31 23:22:18 | 00,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdindev.dll [2008-10-31 23:22:17 | 00,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdheb.dll [2008-10-31 23:22:17 | 00,005,120 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdgeo.dll [2008-10-31 23:22:16 | 00,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdfa.dll [2008-10-31 23:22:16 | 00,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbddiv2.dll [2008-10-31 23:22:16 | 00,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbddiv1.dll [2008-10-31 23:22:16 | 00,005,120 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdarmw.dll [2008-10-31 23:22:15 | 00,018,432 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\jupiw.dll [2008-10-31 23:22:15 | 00,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbda3.dll [2008-10-31 23:22:15 | 00,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbda2.dll [2008-10-31 23:22:15 | 00,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbda1.dll [2008-10-31 23:22:15 | 00,005,120 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdarme.dll [2008-10-31 23:21:54 | 00,006,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ftlx041e.dll [2008-10-31 23:21:53 | 00,094,208 | ---- | C] () -- C:\WINDOWS\System32\dllcache\fpencode.dll [2008-10-31 23:21:53 | 00,024,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fpadmcgi.exe [2008-10-31 23:21:53 | 00,020,541 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fpadmdll.dll [2008-10-31 23:21:52 | 00,016,384 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\flattemp.exe [2008-10-31 23:21:51 | 00,043,520 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\EXCH_fcachdll.dll [2008-10-31 23:21:49 | 00,057,856 | ---- | C] (SEIKO EPSON CORP.) -- C:\WINDOWS\System32\dllcache\esuimgd.dll [2008-10-31 23:21:49 | 00,045,056 | ---- | C] (SEIKO EPSON CORP.) -- C:\WINDOWS\System32\dllcache\esunid.dll [2008-10-31 23:21:49 | 00,031,744 | ---- | C] (SEIKO EPSON CORP.) -- C:\WINDOWS\System32\dllcache\esucmd.dll [2008-10-31 23:21:49 | 00,025,856 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\et4000.sys [2008-10-31 23:21:37 | 00,020,992 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cprofile.exe [2008-10-31 23:21:32 | 00,017,408 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\chgport.exe [2008-10-31 23:21:32 | 00,015,872 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\chgusr.exe [2008-10-31 23:21:32 | 00,014,848 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\chglogon.exe [2008-10-31 23:21:32 | 00,010,752 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\change.exe [2008-10-31 23:21:30 | 00,054,528 | ---- | C] (Philips Semiconductors GmbH) -- C:\WINDOWS\System32\dllcache\cap7146.sys [2008-10-31 23:21:30 | 00,010,752 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\c_iscii.dll [2008-10-31 23:21:29 | 00,066,594 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_864.nls [2008-10-31 23:21:29 | 00,066,594 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_862.nls [2008-10-31 23:21:29 | 00,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_870.nls [2008-10-31 23:21:28 | 00,066,594 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_858.nls [2008-10-31 23:21:28 | 00,066,594 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_720.nls [2008-10-31 23:21:28 | 00,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_708.nls [2008-10-31 23:21:27 | 00,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_28596.nls [2008-10-31 23:21:27 | 00,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_21025.nls [2008-10-31 23:21:27 | 00,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20924.nls [2008-10-31 23:21:27 | 00,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20880.nls [2008-10-31 23:21:27 | 00,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20871.nls [2008-10-31 23:21:26 | 00,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20838.nls [2008-10-31 23:21:26 | 00,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20833.nls [2008-10-31 23:21:26 | 00,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20424.nls [2008-10-31 23:21:26 | 00,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20423.nls [2008-10-31 23:21:26 | 00,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20420.nls [2008-10-31 23:21:26 | 00,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20297.nls [2008-10-31 23:21:26 | 00,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20285.nls [2008-10-31 23:21:26 | 00,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20284.nls [2008-10-31 23:21:26 | 00,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20280.nls [2008-10-31 23:21:26 | 00,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20278.nls [2008-10-31 23:21:26 | 00,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20277.nls [2008-10-31 23:21:25 | 00,187,938 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20005.nls [2008-10-31 23:21:25 | 00,185,378 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20003.nls [2008-10-31 23:21:25 | 00,180,258 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20004.nls [2008-10-31 23:21:25 | 00,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20273.nls [2008-10-31 23:21:25 | 00,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20269.nls [2008-10-31 23:21:25 | 00,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20108.nls [2008-10-31 23:21:25 | 00,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20107.nls [2008-10-31 23:21:25 | 00,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20106.nls [2008-10-31 23:21:25 | 00,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20105.nls [2008-10-31 23:21:24 | 00,186,402 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20001.nls [2008-10-31 23:21:24 | 00,173,602 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20002.nls [2008-10-31 23:21:24 | 00,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_1149.nls [2008-10-31 23:21:24 | 00,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_1148.nls [2008-10-31 23:21:23 | 00,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_1147.nls [2008-10-31 23:21:23 | 00,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_1146.nls [2008-10-31 23:21:23 | 00,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_1145.nls [2008-10-31 23:21:23 | 00,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_1144.nls [2008-10-31 23:21:23 | 00,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_1143.nls [2008-10-31 23:21:23 | 00,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_1142.nls [2008-10-31 23:21:23 | 00,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_1141.nls [2008-10-31 23:21:23 | 00,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_1140.nls [2008-10-31 23:21:23 | 00,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_1047.nls [2008-10-31 23:21:22 | 00,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_10021.nls [2008-10-31 23:21:22 | 00,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_10005.nls [2008-10-31 23:21:22 | 00,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_10004.nls [2008-10-31 23:21:10 | 00,331,264 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\aqueue.dll [2008-10-31 23:21:09 | 00,045,056 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\EXCH_aqadmin.dll [2008-10-31 23:21:07 | 00,019,456 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\agt040d.dll [2008-10-31 23:21:07 | 00,019,456 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\agt0401.dll [2008-10-31 23:21:00 | 00,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\EXCH_adsiisex.dll [2008-10-31 23:20:53 | 00,032,827 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\tcptest.exe [2008-10-31 23:20:53 | 00,016,437 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\shtml.exe [2008-10-31 23:20:53 | 00,016,384 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\tcptsat.dll [2008-10-31 23:20:52 | 00,020,536 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\shtml.dll [2008-10-31 23:20:46 | 00,020,538 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fpremadm.exe [2008-10-31 23:20:45 | 00,598,071 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fpmmc.dll [2008-10-31 23:20:45 | 00,208,896 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fpmmcsat.dll [2008-10-31 23:20:45 | 00,188,494 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fpcount.exe [2008-10-31 23:20:45 | 00,109,328 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fp98swin.exe [2008-10-31 23:20:45 | 00,020,541 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fpexedll.dll [2008-10-31 23:20:44 | 00,876,653 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fp4awel.dll [2008-10-31 23:20:44 | 00,102,509 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fp4atxt.dll [2008-10-31 23:20:44 | 00,049,212 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fp4awebs.dll [2008-10-31 23:20:44 | 00,049,210 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fp4areg.dll [2008-10-31 23:20:44 | 00,041,020 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fp4avnb.dll [2008-10-31 23:20:44 | 00,032,826 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fp4avss.dll [2008-10-31 23:20:44 | 00,014,608 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fp98sadm.exe [2008-10-31 23:20:43 | 00,184,435 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fp4amsft.dll [2008-10-31 23:20:43 | 00,147,513 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fp4apws.dll [2008-10-31 23:20:43 | 00,082,035 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fp4anscp.dll [2008-10-31 23:20:42 | 00,188,480 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cfgwiz.exe [2008-10-31 23:20:42 | 00,020,540 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\author.dll [2008-10-31 23:20:42 | 00,016,439 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\author.exe [2008-10-31 23:20:41 | 00,016,439 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\admin.exe [2008-10-31 23:20:40 | 00,020,540 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\admin.dll [2008-10-31 23:18:30 | 00,000,488 | RH-- | C] () -- C:\WINDOWS\System32\logonui.exe.manifest [2008-10-31 23:18:21 | 00,000,749 | RH-- | C] () -- C:\WINDOWS\WindowsShell.Manifest [2008-10-31 23:18:21 | 00,000,749 | RH-- | C] () -- C:\WINDOWS\System32\wuaucpl.cpl.manifest [2008-10-31 23:18:21 | 00,000,749 | RH-- | C] () -- C:\WINDOWS\System32\sapi.cpl.manifest [2008-10-31 23:18:21 | 00,000,749 | RH-- | C] () -- C:\WINDOWS\System32\ncpa.cpl.manifest [2008-10-31 23:17:53 | 00,016,384 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\isignup.exe [2008-10-31 23:16:33 | 00,000,000 | ---D | C] -- C:\Program Files\ComPlus Applications [2008-10-31 22:52:41 | 00,016,254 | ---- | C] () -- C:\WINDOWS\System32\PINTLPAE.HLP [2008-10-31 22:52:41 | 00,014,821 | ---- | C] () -- C:\WINDOWS\System32\PINTLPAD.HLP [2008-10-31 22:52:35 | 00,482,304 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\PINTLGNT.IME [2008-10-31 22:52:35 | 00,482,304 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\pintlgnt.ime [2008-10-31 22:52:35 | 00,070,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\pintlphr.exe [2008-10-31 22:52:35 | 00,067,584 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\pmigrate.dll [2008-10-31 22:52:35 | 00,059,392 | ---- | C] () -- C:\WINDOWS\System32\dllcache\imscinst.exe [2008-10-31 22:52:20 | 00,024,661 | ---- | C] (Perle Systems Ltd.) -- C:\WINDOWS\System32\spxcoins.dll [2008-10-31 22:52:20 | 00,024,661 | ---- | C] (Perle Systems Ltd.) -- C:\WINDOWS\System32\dllcache\spxcoins.dll [2008-10-31 22:52:20 | 00,013,312 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\irclass.dll [2008-10-31 22:52:20 | 00,013,312 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\irclass.dll [2008-10-31 22:52:03 | 00,000,084 | -HS- | C] () -- C:\Documents and Settings\All Users\「開始」功能表\程式集\啟動\desktop.ini [2008-10-31 22:52:02 | 01,104,400 | ---- | C] () -- C:\WINDOWS\System32\dllcache\NTPRINT.CAT [2008-10-31 22:52:02 | 00,819,229 | ---- | C] () -- C:\WINDOWS\System32\dllcache\NT5IIS.CAT [2008-10-31 22:52:02 | 00,399,645 | ---- | C] () -- C:\WINDOWS\System32\dllcache\MAPIMIG.CAT [2008-10-31 22:52:02 | 00,168,806 | ---- | C] () -- C:\WINDOWS\System32\dllcache\startoc.cat [2008-10-31 22:52:02 | 00,037,484 | ---- | C] () -- C:\WINDOWS\System32\dllcache\MW770.CAT [2008-10-31 22:52:02 | 00,031,281 | ---- | C] () -- C:\WINDOWS\System32\dllcache\FP4.CAT [2008-10-31 22:52:02 | 00,014,043 | ---- | C] () -- C:\WINDOWS\System32\dllcache\IMS.CAT [2008-10-31 22:52:02 | 00,013,472 | ---- | C] () -- C:\WINDOWS\System32\dllcache\HPCRDP.CAT [2008-10-31 22:52:02 | 00,009,581 | ---- | C] () -- C:\WINDOWS\System32\dllcache\MSMSGS.CAT [2008-10-31 22:52:02 | 00,008,574 | ---- | C] () -- C:\WINDOWS\System32\dllcache\IASNT4.CAT [2008-10-31 22:52:02 | 00,007,710 | ---- | C] () -- C:\WINDOWS\System32\dllcache\OEMBIOS.CAT [2008-10-31 22:52:02 | 00,007,334 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wmerrenu.cat [2008-10-31 22:52:02 | 00,007,245 | ---- | C] () -- C:\WINDOWS\System32\dllcache\MSTSWEB.CAT [2008-10-31 22:52:01 | 01,938,986 | ---- | C] () -- C:\WINDOWS\System32\dllcache\NT5.CAT [2008-10-31 22:52:01 | 01,025,000 | ---- | C] () -- C:\WINDOWS\System32\dllcache\SP2.CAT [2008-10-31 22:52:01 | 00,520,138 | ---- | C] () -- C:\WINDOWS\System32\dllcache\NT5INF.CAT [2008-10-26 21:00:28 | 03,787,274 | -H-- | C] () -- C:\Documents and Settings\Ken\Local Settings\Application Data\IconCache.db [2008-10-26 20:23:42 | 00,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe [2008-10-26 20:23:42 | 00,161,792 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe [2008-10-26 20:23:42 | 00,136,704 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe [2008-10-26 20:23:42 | 00,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe [2008-10-26 20:23:42 | 00,089,504 | ---- | C] (Smallfrogs Studio) -- C:\WINDOWS\fdsv.exe [2008-10-26 20:23:42 | 00,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe [2008-10-26 20:23:42 | 00,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe [2008-10-26 20:23:42 | 00,049,152 | ---- | C] () -- C:\WINDOWS\VFIND.exe [2008-10-26 20:23:42 | 00,028,672 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe ========== Files - Modified Within 30 Days ========== [1 C:\*.tmp files] [6 C:\Documents and Settings\Ken\桌面\*.tmp files] [2008-11-22 23:21:48 | 00,000,060 | ---- | M] () -- C:\WINDOWS\zoom.dat [2008-11-22 23:21:42 | 00,064,512 | -H-- | M] () -- C:\Documents and Settings\Ken\Application Data\dach100.dll [2008-11-22 23:21:42 | 00,000,066 | ---- | M] () -- C:\WINDOWS\anticrash.dat [2008-11-22 23:21:41 | 00,000,061 | ---- | M] () -- C:\WINDOWS\hare.dat [2008-11-22 23:17:56 | 00,002,422 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl [2008-11-22 23:16:42 | 00,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT [2008-11-22 23:16:39 | 00,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat [2008-11-22 23:16:35 | 10,717,96224 | -HS- | M] () -- C:\hiberfil.sys [2008-11-22 22:39:00 | 00,000,250 | ---- | M] () -- C:\WINDOWS\tasks\查看 Windows Live Toolbar 的更新資訊.job [2008-11-22 22:18:38 | 00,000,223 | -H-- | M] () -- C:\WINDOWS\winshell.dat [2008-11-22 21:24:10 | 00,000,581 | ---- | M] () -- C:\Documents and Settings\Ken\My Documents\我的共用資料夾.lnk [2008-11-21 17:09:08 | 00,054,156 | -H-- | M] () -- C:\WINDOWS\QTFont.qfn [2008-11-20 23:11:06 | 00,472,064 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\CF5202.exe [2008-11-16 22:53:53 | 00,035,840 | ---- | M] () -- C:\Documents and Settings\Ken\桌面\Peer-to-peer vs clientserver.doc [2008-11-16 20:58:58 | 00,000,847 | ---- | M] () -- C:\WINDOWS\system.ini [2008-11-16 00:09:53 | 00,001,729 | ---- | M] () -- C:\Documents and Settings\All Users\桌面\Adobe Reader 8.lnk [2008-11-16 00:02:31 | 00,002,361 | ---- | M] () -- C:\Documents and Settings\Ken\桌面\Microsoft Office Word 2003.lnk [2008-11-15 09:41:41 | 00,349,696 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Ken\桌面\OTMoveIt3.exe [2008-11-14 22:18:37 | 03,046,730 | R--- | M] () -- C:\Documents and Settings\Ken\桌面\ComboFix.exe [2008-11-11 23:18:44 | 01,529,241 | ---- | M] () -- C:\Documents and Settings\Ken\桌面\SDFix.exe [2008-11-10 23:54:27 | 00,000,696 | ---- | M] () -- C:\Documents and Settings\All Users\桌面\Malwarebytes' Anti-Malware.lnk [2008-11-10 23:26:55 | 10,718,37184 | ---- | M] () -- C:\WINDOWS\MEMORY.DMP [2008-11-10 23:23:18 | 02,372,472 | ---- | M] (Malwarebytes Corporation ) -- C:\Documents and Settings\Ken\桌面\mbam-setup.exe [2008-11-09 00:27:22 | 00,001,409 | ---- | M] () -- C:\WINDOWS\QTFont.for [2008-11-05 23:46:12 | 00,022,832 | ---- | M] () -- C:\Documents and Settings\Ken\桌面\中化感想.rtf [2008-11-04 16:36:27 | 00,000,071 | ---- | M] () -- C:\Documents and Settings\Ken\桌面\config.ini [2008-11-03 23:48:31 | 00,000,000 | -H-- | M] () -- C:\Documents and Settings\Ken\My Documents\Default.rdp [2008-11-03 00:39:33 | 00,000,281 | RHS- | M] () -- C:\boot.ini [2008-11-02 11:45:26 | 00,422,400 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Ken\桌面\OTViewIt.exe [2008-11-01 22:26:56 | 00,001,715 | ---- | M] () -- C:\Documents and Settings\All Users\桌面\Windows Live Messenger .lnk [2008-11-01 21:06:44 | 00,401,720 | ---- | M] (Trend Micro Inc.) -- C:\Documents and Settings\Ken\桌面\HiJackThis.exe [2008-10-31 23:59:53 | 00,000,257 | -HS- | M] () -- C:\Documents and Settings\Ken\My Documents\desktop.ini [2008-10-31 23:35:56 | 00,355,072 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT [2008-10-31 23:33:23 | 01,126,090 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI [2008-10-31 23:33:23 | 00,448,646 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat [2008-10-31 23:33:23 | 00,428,028 | ---- | M] () -- C:\WINDOWS\System32\prfh0404.dat [2008-10-31 23:33:23 | 00,153,398 | ---- | M] () -- C:\WINDOWS\System32\prfc0404.dat [2008-10-31 23:33:23 | 00,074,336 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat [2008-10-31 23:28:27 | 00,000,587 | ---- | M] () -- C:\WINDOWS\System32\$winnt$.inf [2008-10-31 23:20:03 | 00,000,084 | -HS- | M] () -- C:\Documents and Settings\All Users\「開始」功能表\程式集\啟動\desktop.ini [2008-10-31 23:19:57 | 00,316,640 | ---- | M] () -- C:\WINDOWS\WMSysPr9.prx [2008-10-31 23:19:55 | 00,023,392 | ---- | M] () -- C:\WINDOWS\System32\nscompat.tlb [2008-10-31 23:19:55 | 00,016,832 | ---- | M] () -- C:\WINDOWS\System32\amcompat.tlb [2008-10-31 23:19:37 | 00,004,205 | ---- | M] () -- C:\WINDOWS\ODBCINST.INI [2008-10-31 23:18:30 | 00,000,488 | RH-- | M] () -- C:\WINDOWS\System32\WindowsLogon.manifest [2008-10-31 23:18:30 | 00,000,488 | RH-- | M] () -- C:\WINDOWS\System32\logonui.exe.manifest [2008-10-31 23:18:21 | 00,000,749 | RH-- | M] () -- C:\WINDOWS\WindowsShell.Manifest [2008-10-31 23:18:21 | 00,000,749 | RH-- | M] () -- C:\WINDOWS\System32\wuaucpl.cpl.manifest [2008-10-31 23:18:21 | 00,000,749 | RH-- | M] () -- C:\WINDOWS\System32\sapi.cpl.manifest [2008-10-31 23:18:21 | 00,000,749 | RH-- | M] () -- C:\WINDOWS\System32\nwc.cpl.manifest [2008-10-31 23:18:21 | 00,000,749 | RH-- | M] () -- C:\WINDOWS\System32\ncpa.cpl.manifest [2008-10-31 23:18:21 | 00,000,749 | RH-- | M] () -- C:\WINDOWS\System32\cdplayer.exe.manifest [2008-10-31 23:18:02 | 00,001,210 | ---- | M] () -- C:\WINDOWS\win.ini [2008-10-31 23:16:48 | 00,023,152 | ---- | M] () -- C:\WINDOWS\System32\emptyregdb.dat [2008-10-31 23:15:22 | 00,000,505 | ---- | M] () -- C:\WINDOWS\System32\mapisvc.inf [2008-10-31 23:13:36 | 00,000,211 | ---- | M] () -- C:\Boot.bak [2008-10-31 22:57:27 | 00,004,128 | ---- | M] () -- C:\INFCACHE.1 [2008-10-31 22:52:03 | 00,000,062 | -HS- | M] () -- C:\Documents and Settings\All Users\Documents\desktop.ini [2008-10-31 22:52:03 | 00,000,062 | -HS- | M] () -- C:\Documents and Settings\All Users\Application Data\desktop.ini [2008-10-31 22:35:50 | 03,787,274 | -H-- | M] () -- C:\Documents and Settings\Ken\Local Settings\Application Data\IconCache.db [2008-10-24 14:48:16 | 00,001,109 | ---- | M] () -- C:\WINDOWS\System32\cid_store.dat [2008-10-24 00:33:57 | 00,000,135 | ---- | M] () -- C:\WINDOWS\System32\imon1.dat < End of report > OTViewIt Extras logfile created on: 2008-11-22 23:28:07 - Run 5 OTViewIt by OldTimer - Version 1.0.20.0 Folder = C:\Documents and Settings\Ken\桌面 Windows XP Home Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation Internet Explorer (Version = 6.0.2900.2180) Locale: 00000C04 | Country: 香港特別行政區 | Language: ZHH | Date Format: yyyy-MM-dd 1022.07 Mb Total Physical Memory | 584.89 Mb Available Physical Memory | 57.23% Memory free 2.40 Gb Paging File | 2.07 Gb Available in Paging File | 86.14% Paging File free Paging file location(s): c:\pagefile.sys 1536 3072; %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files Drive C: | 148.96 Gb Total Space | 96.76 Gb Free Space | 64.96% Space Free | Partition Type: NTFS D: Drive not present or media not loaded E: Drive not present or media not loaded F: Drive not present or media not loaded G: Drive not present or media not loaded H: Drive not present or media not loaded I: Drive not present or media not loaded Computer Name: PAUL Current User Name: Ken Logged in as Administrator. Current Boot Mode: Normal Scan Mode: All users Whitelist: Off File Age = 30 Days "Use My Stylesheet"= "User Stylesheet"= ========== File Associations ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>] ========== Security Center Settings ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center] "FirstRunDisabled"=1 "AntiVirusDisableNotify"=0 "FirewallDisableNotify"=0 "UpdatesDisableNotify"=0 "AntiVirusOverride"=0 "FirewallOverride"=0 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus] "DisableMonitoring"=1 ""= [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall] HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile "EnableFirewall"=1 "DoNotAllowExceptions"=1 "DisableNotifications"=0 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts] ========== Authorized Applications List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List] [2008-04-14 02:53:32 | 00,558,080 | ---- | M] (Microsoft Corporation) -- %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000 [2004-08-12 18:00:00 | 00,136,704 | ---- | M] (Microsoft Corporation) -- %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019 [2007-10-18 11:35:18 | 05,724,184 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger [2007-10-02 17:18:24 | 00,304,488 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Live\Messenger\livecall.exe:*:Enabled:Windows Live Messenger (Phone) [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List] [2006-11-29 14:29:40 | 01,413,120 | ---- | M] (Thunder Networking Technologies,LTD) -- C:\Program Files\Thunder Network\Thunder\Program\Thunder5.exe:*:Enabled:Thunder [2005-12-07 16:45:30 | 00,447,488 | ---- | M] (Kingsoft Co, Ltd.) -- C:\Program Files\Kingsoft\PowerWord 2006\XDICT.EXE:*:Enabled:Kingsoft PowerWord 2006 [2008-04-14 02:53:32 | 00,558,080 | ---- | M] (Microsoft Corporation) -- %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000 [2006-11-13 02:35:30 | 05,081,600 | ---- | M] () -- C:\Program Files\YouBe Casual Network\YouBe.exe:*:Enabled:YouBe Casual Network Client [2007-06-05 13:02:13 | 01,922,936 | ---- | M] (Speedbit Ltd.) -- C:\Program Files\SpeedBit Video Accelerator\VideoAccelerator.exe:*:Enabled:VideoAccelerator [2007-06-05 13:02:13 | 00,137,088 | ---- | M] (Speedbit Ltd.) -- C:\Program Files\SpeedBit Video Accelerator\VideoAcceleratorEngine.exe:*:Enabled:VideoAcceleratorEngine [2004-08-12 18:00:00 | 00,136,704 | ---- | M] (Microsoft Corporation) -- %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019 [2007-10-18 11:35:18 | 05,724,184 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger [2007-10-02 17:18:24 | 00,304,488 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Live\Messenger\livecall.exe:*:Enabled:Windows Live Messenger (Phone) [2008-10-22 16:10:20 | 01,261,200 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe:*:Enabled:Malwarebytes' Anti-Malware ========== (O10) Winsock2 Catalogs ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\] NameSpace_Catalog5\Catalog_Entries\000000000001 [PNRP 定域機組命名空間提供者] -- C:\WINDOWS\system32\pnrpnsp.dll (Microsoft Corporation) NameSpace_Catalog5\Catalog_Entries\000000000002 [PNRP 名稱命名空間提供者] -- C:\WINDOWS\system32\pnrpnsp.dll (Microsoft Corporation) Protocol_Catalog9\Catalog_Entries\000000000001 -- C:\WINDOWS\system32\imon.dll (Eset ) Protocol_Catalog9\Catalog_Entries\000000000002 -- C:\WINDOWS\system32\imon.dll (Eset ) Protocol_Catalog9\Catalog_Entries\000000000003 -- C:\WINDOWS\system32\imon.dll (Eset ) Protocol_Catalog9\Catalog_Entries\000000000004 -- C:\WINDOWS\system32\imon.dll (Eset ) Protocol_Catalog9\Catalog_Entries\000000000005 -- C:\WINDOWS\system32\imon.dll (Eset ) Protocol_Catalog9\Catalog_Entries\000000000006 -- C:\WINDOWS\system32\imon.dll (Eset ) Protocol_Catalog9\Catalog_Entries\000000000007 -- C:\WINDOWS\system32\imon.dll (Eset ) Protocol_Catalog9\Catalog_Entries\000000000008 -- C:\WINDOWS\system32\imon.dll (Eset ) Protocol_Catalog9\Catalog_Entries\000000000009 -- C:\WINDOWS\system32\imon.dll (Eset ) Protocol_Catalog9\Catalog_Entries\000000000010 -- C:\WINDOWS\system32\imon.dll (Eset ) Protocol_Catalog9\Catalog_Entries\000000000011 -- C:\WINDOWS\system32\imon.dll (Eset ) Protocol_Catalog9\Catalog_Entries\000000000012 -- C:\WINDOWS\system32\imon.dll (Eset ) Protocol_Catalog9\Catalog_Entries\000000000013 -- C:\WINDOWS\system32\imon.dll (Eset ) Protocol_Catalog9\Catalog_Entries\000000000014 -- C:\WINDOWS\system32\imon.dll (Eset ) Protocol_Catalog9\Catalog_Entries\000000000015 -- C:\WINDOWS\system32\imon.dll (Eset ) Protocol_Catalog9\Catalog_Entries\000000000016 -- C:\WINDOWS\system32\imon.dll (Eset ) Protocol_Catalog9\Catalog_Entries\000000000017 -- C:\WINDOWS\system32\imon.dll (Eset ) Protocol_Catalog9\Catalog_Entries\000000000018 -- C:\WINDOWS\system32\imon.dll (Eset ) Protocol_Catalog9\Catalog_Entries\000000000019 -- C:\WINDOWS\system32\imon.dll (Eset ) Protocol_Catalog9\Catalog_Entries\000000000020 -- C:\WINDOWS\system32\imon.dll (Eset ) Protocol_Catalog9\Catalog_Entries\000000000021 -- C:\WINDOWS\system32\imon.dll (Eset ) Protocol_Catalog9\Catalog_Entries\000000000022 -- C:\WINDOWS\system32\imon.dll (Eset ) Protocol_Catalog9\Catalog_Entries\000000000023 -- C:\WINDOWS\system32\imon.dll (Eset ) Protocol_Catalog9\Catalog_Entries\000000000024 -- C:\WINDOWS\system32\imon.dll (Eset ) Protocol_Catalog9\Catalog_Entries\000000000025 -- C:\WINDOWS\system32\imon.dll (Eset ) Protocol_Catalog9\Catalog_Entries\000000000026 -- C:\WINDOWS\system32\imon.dll (Eset ) Protocol_Catalog9\Catalog_Entries\000000000027 -- C:\WINDOWS\system32\imon.dll (Eset ) Protocol_Catalog9\Catalog_Entries\000000000028 -- C:\WINDOWS\system32\imon.dll (Eset ) Protocol_Catalog9\Catalog_Entries\000000000029 -- C:\WINDOWS\system32\imon.dll (Eset ) Protocol_Catalog9\Catalog_Entries\000000000030 -- C:\WINDOWS\system32\imon.dll (Eset ) Protocol_Catalog9\Catalog_Entries\000000000031 -- C:\WINDOWS\system32\imon.dll (Eset ) ========== (O18) Protocol Handlers ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\] ipp: [HKLM - No CLSID value] [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\] - Protocol Handlers [2007-08-28 23:55:14 | 01,014,128 | ---- | M] (Microsoft Corporation) C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL ipp\0x00000001:{E1D2BF42-A96B-11d1-9C6B-0000F875AC61} (HKLM) [HKLM - MSDAMON.BINDER] [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\] [2007-10-18 11:31:54 | 00,066,072 | ---- | M] (Microsoft Corporation) C:\Program Files\Windows Live\Messenger\msgrapp.8.5.1302.1018.dll (livecall:{828030A1-22C1-4009-854F-8E305202313F} (HKLM) [Reg Error: Value does not exist or could not be read.]) [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\] msdaipp: [HKLM - No CLSID value] [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\] - Protocol Handlers [2007-08-28 23:55:14 | 01,014,128 | ---- | M] (Microsoft Corporation) C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL msdaipp\0x00000001:{E1D2BF42-A96B-11d1-9C6B-0000F875AC61} (HKLM) [HKLM - MSDAMON.BINDER] [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\] - Protocol Handlers [2007-08-28 23:55:14 | 01,014,128 | ---- | M] (Microsoft Corporation) C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL msdaipp\oledb:{E1D2BF40-A96B-11d1-9C6B-0000F875AC61} (HKLM) [HKLM - MSDAIPP.BINDER] [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\] [2006-10-26 13:45:02 | 00,873,216 | ---- | M] (Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll (ms-help:{314111c7-a502-11d2-bbca-00c04f8ec294} (HKLM) [HxProtocol Class]) [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\] [2000-04-19 18:47:36 | 00,520,117 | ---- | M] (Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\Information Retrieval\MSITSS.DLL (ms-itss:{0A9007C0-4076-11D3-8789-0000F8105754} (HKLM) [Microsoft Infotech Storage Protocol for IE 4.0]) [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\] [2007-10-18 11:31:54 | 00,066,072 | ---- | M] (Microsoft Corporation) C:\Program Files\Windows Live\Messenger\msgrapp.8.5.1302.1018.dll (msnim:{828030A1-22C1-4009-854F-8E305202313F} (HKLM) [Reg Error: Value does not exist or could not be read.]) [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\] [2007-03-14 13:10:22 | 07,255,384 | ---- | M] (Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\Web Components\10\OWC10.DLL (mso-offdap:{3D9F03FA-7A94-11D3-BE81-0050048385D1} (HKLM) [Data Page Pluggable Protocol mso-offdap Handler]) [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\] [2007-05-10 13:45:34 | 08,069,464 | ---- | M] (Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\Web Components\11\OWC11.DLL (mso-offdap11:{32505114-5902-49B2-880A-1F7738E5A384} (HKLM) [Data Page Plugable Protocal mso-offdap11 Handler]) [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\] [2007-10-23 12:14:52 | 00,858,136 | ---- | M] (Microsoft Corporation) C:\Program Files\Windows Live\Mail\mailcomm.dll (wlmailhtml:{03C514A3-1EFB-4856-9F99-10D7BE1653C0} (HKLM) [Windows Live Mail HTML Asynchronous Pluggable Protocol Handler]) ========== (O18) Protocol Filters ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Filter\] - Protocol Filters [2007-04-19 13:57:40 | 00,046,432 | ---- | M] (Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\OFFICE11\MSOXMLMF.DLL text/xml:{807553E5-5146-11D5-A672-00B0D022E945} (HKLM) [Reg Error: Value does not exist or could not be read.] ========== HKEY_LOCAL_MACHINE Uninstall List ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "{05BB2EC5-6BEF-4DDC-9E75-BEE7B161157A}"=Macromedia Dreamweaver MX 2004 "{09F1BC13-752E-4569-B6E3-CEF1695ACC7F}"=Powerword 2006 "{0B76561B-A254-44F2-B78D-E18705FBE9F0}"=Windows Presentation Foundation Language Pack (CHT) "{0BEDBD4E-2D34-47B5-9973-57E62B29307C}"=ATI 控制台 "{0C9B0475-F65F-45AB-8D88-2AE7C195E907}"=Microsoft .NET Framework 1.1 Chinese (Traditional) Lang. Pack "{0DEE88A2-E250-4955-A5AF-EFC2C305E7C6}"=Windows Live installer "{0F9196C6-58B4-445B-B56E-B1200FECC151}"=Microsoft Bootvis "{1206EF92-2E83-4859-ACCB-2048C3CB7DA6}"=Sonic DLA "{20FF019B-1346-453F-B3BB-95795FA2E085}"=Windows Communication Foundation Language Pack - CHT "{236BB7C4-4419-42FD-0409-1E257A25E34D}"=Adobe Photoshop CS2 "{2864C41B-EF2D-4640-95A2-526276524519}"=Borland C++Builder 6 "{2F10F540-4126-45B5-B14C-9B8D119205E6}"=Windows Workflow Foundation ZH-CHT Language Pack "{2F353D44-73BB-4971-B31D-F7642E9E9531}"=Macromedia Flash MX 2004 "{30465B6C-B53F-49A1-9EBA-A3F187AD502E}"=Sonic Update Manager "{3248F0A8-6813-11D6-A77B-00B0D0160020}"=Java™ 6 Update 2 "{3248F0A8-6813-11D6-A77B-00B0D0160060}"=Java™ 6 Update 6 "{3248F0A8-6813-11D6-A77B-00B0D0160070}"=Java™ 6 Update 7 "{350C97B6-3D7C-4EE8-BAA9-00BCB3D54227}"=WebFldrs XP "{358A2F50-8885-4EDE-BBB0-130A5834E0B4}"=Visual FoxPro 9.0 Baseline - English "{36177F72-8181-45D7-95D1-EA5B008A4DC9}"=Macro Vibration Joystick "{3748D2FC-83CB-445A-87D8-DE88080FBB4F}"=Power Voice II "{394BE3D9-7F57-4638-A8D1-1D88671913B7}"=Microsoft AppLocale "{39F8BF57-47FA-4F8D-9404-1B41321743AF}"=AntiCrash 3.6.1 "{41925E73-4C04-479C-B2CA-C3EEA2A4CD3E}"=醇紌 (Windows Live Toolbar) "{43CAC9A1-1993-4F65-9096-7C9AFC2BBF54}"=Dell CinePlayer "{48976A2B-53A5-435E-AF7A-8D034ED24ECF}"=Wiseman Voice Engine "{491DD792-AD81-429C-9EB4-86DD3D22E333}"=Windows Communication Foundation "{53984380-2AE6-458A-8C64-FEB40B747E8F}"=Civilization III "{5B6BE547-21E2-49CA-B2E2-6A5F470593B1}"=Sonic Activation Module "{618CE1E3-AAE5-4E53-ABC7-01E1224D5870}"=Shin Sangokumusou 4 Special "{636EFC48-221F-442B-9299-5E2A09B3D933}"=Windows Live Toolbar "{6560D90C-5223-49A3-B78C-A48C31EAEC56}"=Windows Live Messenger "{67C5EC16-0DC1-4045-A7FF-D7D0FFA4B54D}"=Microsoft .NET Framework 2.0 Language Pack - CHT "{6BD5BA64-404E-4D4C-80D1-70EF72EC3D6D}"=Microsoft .NET Framework 3.0 Traditional Chinese Language Pack "{772214C5-4CC2-40FA-8BD8-A98570D18C13}"=Windows Live 紇钩いみ "{7D1B85BD-AA07-48B8-808D-67A4067FC6BD}"=Windows Workflow Foundation "{83F793B5-8BBF-42FD-A8A6-868CB3E2AAEA}"=Intel® PROSet for Wired Connections "{8D49763E-A43C-45CB-9561-5267627ED243}"=Windows Live Mail "{8EDBA74D-0686-4C99-BFDD-F894678E5B39}"=Adobe Common File Installer "{90110404-6000-11D3-8CFE-0150048383C9}"=Microsoft Office Professional Edition 2003 "{90120000-0010-0804-0000-0000000FF1CE}"=Microsoft Software Update for Web Folders (Chinese (Simplified)) 12 "{90120000-001F-0409-0000-0000000FF1CE}"=Microsoft Office Proof (English) 2007 "{90120000-001F-0409-0000-0000000FF1CE}_PRJPRO_{3EC77D26-799B-4CD8-914F-C1565E796173}"=2007 Microsoft Office Suite Service Pack 1 (SP1) "{90120000-001F-0409-0000-0000000FF1CE}_VISPRO_{3EC77D26-799B-4CD8-914F-C1565E796173}"=2007 Microsoft Office Suite Service Pack 1 (SP1) "{90120000-001F-0804-0000-0000000FF1CE}"=Microsoft Office Proof (Chinese (Simplified)) 2007 "{90120000-001F-0804-0000-0000000FF1CE}_PRJPRO_{C0214747-76E6-4C82-ACE7-4F6FB84CE5A9}"=2007 Microsoft Office Suite Service Pack 1 (SP1) "{90120000-001F-0804-0000-0000000FF1CE}_VISPRO_{C0214747-76E6-4C82-ACE7-4F6FB84CE5A9}"=2007 Microsoft Office Suite Service Pack 1 (SP1) "{90120000-0028-0804-0000-0000000FF1CE}"=Microsoft Office IME (Chinese (Simplified)) 2007 "{90120000-0028-0804-0000-0000000FF1CE}_PRJPRO_{5E9B9C9D-964B-4E00-BD68-A22AC484E835}"=2007 Microsoft Office Suite Service Pack 1 (SP1) "{90120000-0028-0804-0000-0000000FF1CE}_VISPRO_{5E9B9C9D-964B-4E00-BD68-A22AC484E835}"=2007 Microsoft Office Suite Service Pack 1 (SP1) "{90120000-002C-0804-0000-0000000FF1CE}"=Microsoft Office Proofing (Chinese (Simplified)) 2007 "{90120000-003B-0000-0000-0000000FF1CE}"=Microsoft Office Project Professional 2007 "{90120000-003B-0000-0000-0000000FF1CE}_PRJPRO_{C1877F6E-C1C8-486D-A697-86431029690C}"=Microsoft Office Project 2007 Service Pack 1 (SP1) "{90120000-0051-0000-0000-0000000FF1CE}"=Microsoft Office Visio Professional 2007 "{90120000-0051-0000-0000-0000000FF1CE}_VISPRO_{AA4F2610-5FF1-4DCD-A6FB-BCA2D09A6443}"=Microsoft Office Visio 2007 Service Pack 1 (SP1) "{90120000-0054-0804-0000-0000000FF1CE}"=Microsoft Office Visio MUI (Chinese (Simplified)) 2007 "{90120000-0054-0804-0000-0000000FF1CE}_VISPRO_{C56C2A01-1BA3-401D-AB05-FF8E13B64DCE}"=Microsoft Office Visio 2007 Service Pack 1 (SP1) "{90120000-006E-0804-0000-0000000FF1CE}"=Microsoft Office Shared MUI (Chinese (Simplified)) 2007 "{90120000-006E-0804-0000-0000000FF1CE}_PRJPRO_{AD8C9A1B-8EFE-42BE-93D0-7281302869D4}"=2007 Microsoft Office Suite Service Pack 1 (SP1) "{90120000-006E-0804-0000-0000000FF1CE}_VISPRO_{AD8C9A1B-8EFE-42BE-93D0-7281302869D4}"=2007 Microsoft Office Suite Service Pack 1 (SP1) "{90120000-00B4-0804-0000-0000000FF1CE}"=Microsoft Office Project MUI (Chinese (Simplified)) 2007 "{90120000-00B4-0804-0000-0000000FF1CE}_PRJPRO_{9051A408-D436-4670-B65C-EF793212AE7E}"=Microsoft Office Project 2007 Service Pack 1 (SP1) "{9BAAE963-E16D-4E17-AFE6-1965F5AA0292}"=Visual FoxPro 9.0 Professional - English "{9DE9E293-5D7B-4312-88C2-BDFAEC5310AE}"=Microsoft .NET Framework 3.0 "{9F16A9FF-3784-4F73-0082-2182D5A93311}"=Need For Speed Most Wanted "{A5BA14E0-7384-11D4-BAE7-00409631A2C8}"=Macromedia Extension Manager "{AC0EE5B0-A8FB-4D0A-AF03-2EDC518F841B}"=Dell Media Experience "{AC76BA86-7AD7-1028-7B44-A81300000003}"=Adobe Reader 8.1.3 - Chinese Traditional "{AC76BA86-7AD7-2447-0000-800000000003}"=Chinese Simplified Fonts Support For Adobe Reader 8 "{AFA4E5FD-ED70-4D92-99D0-162FD56DC986}"=Windows Live 祅腊も "{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1"=Spybot - Search & Destroy "{B508B3F1-A24A-32C0-B310-85786919EF28}"=Microsoft .NET Framework 2.0 Service Pack 1 "{B5FDA445-CAC4-4BA6-A8FB-A7212BD439DE}"=Microsoft XML Parser "{B74D4E10-6884-0000-0000-000000000103}"=Adobe Bridge 1.0 "{BAF78226-3200-4DB4-BE33-4D922A799840}"=Windows Presentation Foundation "{BB05D173-9681-4812-A7FA-BD4042A3DA00}"=Alky for Applications (Windows XP) "{BCB4C18A-ACA6-4383-8688-E19933A705DD}"=Microsoft SOAP Toolkit 3.0 "{C621DFA7-85D8-4CDF-89EA-B01001790038}"=InstallShield Express 5.0 Visual FoxPro Limited Edition "{C77B594A-8A79-4F66-92BE-D834CABD45CB}"=Zoom 1.3.1 "{C8550C86-A712-4219-AD4C-038C9FD1D149}"=Ulead PhotoImpact 11 "{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}"=Microsoft .NET Framework 1.1 "{CE7CB214-DB11-4B5D-A6AF-3B4ED47C68B7}"=Microsoft Game Studios Common Redistributables Pack 1 "{D0DCD54F-C829-41A5-AF32-71E632BB0E2C}"=Kaspersky Internet Security 6.0 "{D0EFA98B-03A8-4F7C-B1C9-247994711331}"=Hare 1.5.1 "{D3655544-5CAA-4705-B54D-2CBCE176AFDB}"=Windows Live Toolbar 耎 (Windows Live Toolbar) "{D41B0402-93A0-4242-9A9E-0FBD02A265CD}"=眶ヘ矗ボ浪跌竟 (Windows Live Toolbar) "{deb7008b-681e-4a4a-8aae-cc833e8216ce}.sdb"=Microsoft Windows Application Compatibility Database "{E583ED6F-BD99-4066-A420-C815BF692B69}"=Macromedia Fireworks MX 2004 "{E9787678-1033-0000-8E67-000000000001}"=Adobe Help Center 1.0 "{E9F81423-211E-46B6-9AE0-38568BC5CF6F}"= "{EE0D5DCD-2B97-4473-98DF-E93C0BD92F7A}"=Adobe Stock Photos 1.0 "{EEABB513-CB07-4918-BF68-C340B505A221}"=Windows Live Writer "{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}"=Microsoft SQL Server 2005 Compact Edition [ENU] "Ad-Aware SE Professional"=Ad-Aware SE Professional "Adobe Photoshop CS2 - {236BB7C4-4419-42FD-0409-1E257A25E34D}"=Adobe Photoshop CS2 "ATI Display Driver"=ATI Display Driver "AVGAntiSpyware75"=AVG Anti-Spyware 7.5 "Burn4Free"=Burn4Free CD and DVD "Burn4Free Toolbar"=Burn4Free Toolbar "ClocX"=ClocX (1.5b1) "CSI-3 Dimensions of Murder"=CSI-3 Dimensions of Murder 1.0 "Dev-C++ 4"=Dev-C++ 4 "DSMT6"=MathType 6 "FlashGet"=FlashGet 1.9.6.1073 "getPlus®_ocx"=getPlus®_ocx "HijackThis"=HijackThis 2.0.2 "Insaniquarium Deluxe 1.0"=Insaniquarium Deluxe 1.0 "InstallWIX_{D0DCD54F-C829-41A5-AF32-71E632BB0E2C}"=Kaspersky Internet Security 6.0 "Malwarebytes' Anti-Malware_is1"=Malwarebytes' Anti-Malware "Mechanics 96"=Mechanics 96 "Microsoft .NET Framework 1.1 (1033)"=Microsoft .NET Framework 1.1 "Microsoft .NET Framework 2.0 Language Pack - CHT"=Microsoft .NET Framework 2.0 粂ē甅ン - 羉砰いゅ "Microsoft .NET Framework 3.0"=Microsoft .NET Framework 3.0 "Microsoft .NET Framework 3.0 Traditional Chinese Language Pack"=Microsoft .NET Framework 3.0 羉砰いゅ粂ē甅ン "Mozilla Firefox (2.0.0.18)"=Mozilla Firefox (2.0.0.18) "NOD32"=NOD32防毒系統 "PRJPRO"=Microsoft Office Project Professional 2007 "PROSet"=Intel® PRO Network Connections Drivers "QuickTime"=QuickTime "RealPlayer 6.0"=RealPlayer "SpeedBit Video Accelerator"=SpeedBit Video Accelerator "Spybot - Search & Destroy_is1"=Spybot - Search & Destroy 1.5.2.20 "Taikou risshiden 4"=太閤立志傳Ⅳ "thunder_is1"=迅雷5 "USB-706 Vibration Joystick"=USB-706 Vibration Joystick "VISPRO"=Microsoft Office Visio Professional 2007 "Visual FoxPro 9.0 Professional - English"=Microsoft Visual FoxPro 9.0 Professional - English "Windows Live Toolbar"=Windows Live Toolbar "Windows Media Format Runtime"=Windows Media Format 11 runtime "Windows Media Player"=Windows Media Player 11 "WinRAR archiver"=WinRAR archiver "WMFDist11"=Windows Media Format 11 runtime "wmp11"=Windows Media Player 11 "XpsEPSC"=XML Paper Specification Shared Components Pack 1.0 "XPSEPSCLP"=XML Paper Specification Shared Components Language Pack 1.0 "Yayad"=Yayad "沭鎢諷秶芞抎奪燴炵苀等儂唳2008"=沭鎢諷秶芞抎奪燴炵苀等儂唳2008 ========== HKEY_CURRENT_USER Uninstall List ========== [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "InstallShield_{618CE1E3-AAE5-4E53-ABC7-01E1224D5870}"=真‧三國無雙4 Special ========== HKEY_USERS Uninstall List ========== [HKEY_USERS\S-1-5-21-2928647282-1049154914-751282057-1006\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "InstallShield_{618CE1E3-AAE5-4E53-ABC7-01E1224D5870}"=真‧三國無雙4 Special ========== Last 10 Event Log Errors ========== [ Application Events ] Error - 2008-11-15 12:43:09 | Computer Name = PAUL | Source = Application Hang | ID = 1001 Description = 錯誤容器 126637809。 Error - 2008-11-15 12:43:15 | Computer Name = PAUL | Source = Application Hang | ID = 1001 Description = 錯誤容器 126637809。 Error - 2008-11-15 12:46:40 | Computer Name = PAUL | Source = Application Hang | ID = 1002 Description = 無回應的應用程式 IEXPLORE.EXE,版本 6.0.2900.2180。無回應的模組 hungapp 版本 0.0.0.0。無回應的位址 0x00000000。 Error - 2008-11-15 12:46:41 | Computer Name = PAUL | Source = Application Hang | ID = 1002 Description = 無回應的應用程式 IEXPLORE.EXE,版本 6.0.2900.2180。無回應的模組 hungapp 版本 0.0.0.0。無回應的位址 0x00000000。 Error - 2008-11-16 09:11:31 | Computer Name = PAUL | Source = EventSystem | ID = 4609 Description = COM+ 事件系統在內部處理時偵測到錯誤的傳回碼。HRESULT 是 800706BA,來自 d:\qxp_slp\com\com1x\src\events\tier1\eventsystemobj.cpp 的行 44。請與 Microsoft 產品支援服務聯絡,以報告這個錯誤 Error - 2008-11-20 11:13:32 | Computer Name = PAUL | Source = EventSystem | ID = 4609 Description = COM+ 事件系統在內部處理時偵測到錯誤的傳回碼。HRESULT 是 800706BF,來自 d:\qxp_slp\com\com1x\src\events\tier1\eventsystemobj.cpp 的行 44。請與 Microsoft 產品支援服務聯絡,以報告這個錯誤 Error - 2008-11-20 11:13:41 | Computer Name = PAUL | Source = EventSystem | ID = 4609 Description = COM+ 事件系統在內部處理時偵測到錯誤的傳回碼。HRESULT 是 800706BA,來自 d:\qxp_slp\com\com1x\src\events\tier1\eventsystemobj.cpp 的行 44。請與 Microsoft 產品支援服務聯絡,以報告這個錯誤 Error - 2008-11-22 09:36:52 | Computer Name = PAUL | Source = Application Hang | ID = 1002 Description = 無回應的應用程式 IEXPLORE.EXE,版本 6.0.2900.2180。無回應的模組 hungapp 版本 0.0.0.0。無回應的位址 0x00000000。 Error - 2008-11-22 09:36:53 | Computer Name = PAUL | Source = Application Hang | ID = 1002 Description = 無回應的應用程式 IEXPLORE.EXE,版本 6.0.2900.2180。無回應的模組 hungapp 版本 0.0.0.0。無回應的位址 0x00000000。 Error - 2008-11-22 11:27:55 | Computer Name = PAUL | Source = Application Hang | ID = 1002 Description = 無回應的應用程式 OTViewIt.exe,版本 1.0.20.0。無回應的模組 hungapp 版本 0.0.0.0。無回應的位址 0x00000000。 [ System Events ] Error - 2008-11-21 19:01:57 | Computer Name = PAUL | Source = Service Control Manager | ID = 7026 Description = 下列開機啟動或系統啟動驅動程式無法載入: 00 kl1 klif Error - 2008-11-22 05:36:32 | Computer Name = PAUL | Source = sptd | ID = 262148 Description = 驅動程式在 的資料結構中偵測內部錯誤。 Error - 2008-11-22 05:37:07 | Computer Name = PAUL | Source = Service Control Manager | ID = 7000 Description = Kaspersky Internet Security 6.0 服務無法啟動,因為發生下列錯誤: %%3 Error - 2008-11-22 05:37:18 | Computer Name = PAUL | Source = Service Control Manager | ID = 7026 Description = 下列開機啟動或系統啟動驅動程式無法載入: 00 kl1 klif Error - 2008-11-22 09:02:29 | Computer Name = PAUL | Source = sptd | ID = 262148 Description = 驅動程式在 的資料結構中偵測內部錯誤。 Error - 2008-11-22 09:03:15 | Computer Name = PAUL | Source = Service Control Manager | ID = 7000 Description = Kaspersky Internet Security 6.0 服務無法啟動,因為發生下列錯誤: %%3 Error - 2008-11-22 09:03:17 | Computer Name = PAUL | Source = Service Control Manager | ID = 7026 Description = 下列開機啟動或系統啟動驅動程式無法載入: 00 kl1 klif Error - 2008-11-22 11:16:47 | Computer Name = PAUL | Source = sptd | ID = 262148 Description = 驅動程式在 的資料結構中偵測內部錯誤。 Error - 2008-11-22 11:17:34 | Computer Name = PAUL | Source = Service Control Manager | ID = 7000 Description = Kaspersky Internet Security 6.0 服務無法啟動,因為發生下列錯誤: %%3 Error - 2008-11-22 11:17:37 | Computer Name = PAUL | Source = Service Control Manager | ID = 7026 Description = 下列開機啟動或系統啟動驅動程式無法載入: 00 kl1 klif < End of report > |
|
|
|
|
Nov 22 2008, 10:53 AM
Post
#50
|
|
|
Malware Expert Group: HJT Team Posts: 15,378 Joined: 23-December 04 From: Pickerington, Ohio Member No.: 7,762 |
Open notepad and copy/paste the text in the quotebox below into it:
QUOTE http://www.bleepingcomputer.com/forums/ind...howtopic=177505 Suspect::[52] C:\WINDOWS\system32\drivers\myxlljjp.sys C:\WINDOWS\WMSysPr9.prx C:\WINDOWS\System32\nscompat.tlb C:\WINDOWS\System32\amcompat.tlb C:\WINDOWS\ODBCINST.INI C:\WINDOWS\winshell.dat C:\WINDOWS\zoom.dat C:\Documents and Settings\Ken\Application Data\dach100.dll C:\WINDOWS\anticrash.dat C:\WINDOWS\hare.dat Save this as CFScript.txt  Refering to the picture above, drag CFScript.txt into ComboFix.exe When finished, it shall produce a log for you. Post that log in your next reply. **Note** When CF finishes running, the ComboFix log will open along with a message box--do not be alarmed. With the above script, ComboFix will capture files to submit for analysis.
===================== If Nod32 is outdated then it's doing you no good. And you are using it as your main source of protection because you have nothing else. Please uninstall it completely. Download the free version of AVG from here and install it. http://free.avg.com/download?prd=afe Once installed, follow the prompts to update and run a full scan. Please post the log from the virus scan back here when you are done. -------------------- If I have helped you in any way, please consider a donation to help me continue the fight against malware.Failing to respond back to the person that is giving up their own time to help you not only is insensitive and disrespectful, but it guarantees that you will never receive help from me again. Please thank your helpers and there will always be help here when you need it! ======================================================== |
|
|
|
|
Nov 23 2008, 10:45 AM
Post
#51
|
|
|
Member Group: Members Posts: 44 Joined: 1-November 08 Member No.: 251,993 |
ComboFix 08-11-21.05 - Ken 2008-11-23 0:14:26.11 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.2.950.886.1028.18.564 [GMT 8:00] 執行位置: c:\documents and settings\Ken\桌面\ComboFix.exe Command switches used :: c:\documents and settings\Ken\桌面\CFScript.txt * 成功創造新還原點 . ((((((((((((((((((((((((((((((((((((((( 被刪除的檔案 ))))))))))))))))))))))))))))))))))))))))))))))))) . c:\documents and settings\Ken\Application Data\dach100.dll c:\windows\system32\Ultra.dll . ((((((((((((((((((((((((((((((((((((((( 驅動/服務 ))))))))))))))))))))))))))))))))))))))))))))))))) . -------\Legacy_1 ((((((((((((((((((((((((( 2008-10-22 至 2008-11-22 的新的檔案 ))))))))))))))))))))))))))))))) . 2008-11-23 00:21 . 2008-11-23 00:21 64,512 --ah----- c:\documents and settings\Ken\Application Data\dach100.dll 2008-11-22 07:17 . 2008-11-22 07:17 <DIR> d-------- C:\SAV32CLI 2008-11-15 21:05 . 2008-11-23 00:21 66 --a------ c:\windows\anticrash.dat 2008-11-15 21:05 . 2008-11-23 00:21 61 --a------ c:\windows\hare.dat 2008-11-15 21:05 . 2008-11-23 00:21 60 --a------ c:\windows\zoom.dat 2008-11-15 09:43 . 2008-11-15 09:43 <DIR> d-------- C:\_OTMoveIt 2008-11-11 23:25 . 2008-11-11 23:25 <DIR> d-------- c:\windows\ERUNT 2008-11-11 23:19 . 2008-11-06 02:03 <DIR> d-------- C:\SDFix 2008-11-10 23:54 . 2008-11-10 23:54 <DIR> d-------- c:\program files\Malwarebytes' Anti-Malware 2008-11-10 23:54 . 2008-10-22 16:10 38,496 --a------ c:\windows\system32\drivers\mbamswissarmy.sys 2008-11-10 23:54 . 2008-10-22 16:10 15,504 --a------ c:\windows\system32\drivers\mbam.sys 2008-11-10 23:23 . 2008-11-10 23:23 <DIR> d-------- c:\documents and settings\Ken\Application Data\Malwarebytes 2008-11-10 23:23 . 2008-11-10 23:23 <DIR> d-------- c:\documents and settings\All Users\Application Data\Malwarebytes 2008-11-09 00:27 . 2008-11-21 17:09 54,156 --ah----- c:\windows\QTFont.qfn 2008-11-09 00:27 . 2008-11-09 00:27 1,409 --a------ c:\windows\QTFont.for 2008-11-01 06:40 . 2008-11-01 06:40 <DIR> d-------- c:\windows\dell 2008-11-01 06:40 . 2008-11-10 23:26 1,071,837,184 --a------ c:\windows\MEMORY.DMP 2008-11-01 00:10 . 2008-11-01 00:10 <DIR> d-------- c:\documents and settings\Ken\Application Data\Talkback 2008-10-31 23:35 . 2008-11-01 00:35 <DIR> d-------- c:\documents and settings\Lee Chi Ho 2008-10-31 23:24 . 2004-08-12 18:00 41,600 --a--c--- c:\windows\system32\dllcache\weitekp9.dll 2008-10-31 23:24 . 2004-08-12 18:00 31,232 --a--c--- c:\windows\system32\dllcache\weitekp9.sys 2008-10-31 23:22 . 2004-08-12 18:00 111,104 --a--c--- c:\windows\system32\dllcache\mtstocom.exe 2008-10-31 23:21 . 2004-08-12 18:00 331,264 --a--c--- c:\windows\system32\dllcache\aqueue.dll 2008-10-31 23:20 . 2004-05-13 00:39 876,653 --a--c--- c:\windows\system32\dllcache\fp4awel.dll 2008-10-31 23:18 . 2008-10-31 23:18 749 -rah----- c:\windows\WindowsShell.Manifest 2008-10-31 23:18 . 2008-10-31 23:18 749 -rah----- c:\windows\system32\wuaucpl.cpl.manifest 2008-10-31 23:18 . 2008-10-31 23:18 749 -rah----- c:\windows\system32\sapi.cpl.manifest 2008-10-31 23:18 . 2008-10-31 23:18 749 -rah----- c:\windows\system32\ncpa.cpl.manifest 2008-10-31 23:18 . 2008-10-31 23:18 488 -rah----- c:\windows\system32\logonui.exe.manifest 2008-10-31 23:17 . 2004-08-12 18:00 16,384 --a--c--- c:\windows\system32\dllcache\isignup.exe . (((((((((((((((((((((((((((((((((((((((( 在三個月內被修改的檔案 )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2008-11-22 16:06 --------- d-----w c:\program files\ESET 2008-11-15 16:09 --------- d-----w c:\program files\Common Files\Adobe 2008-10-31 16:20 --------- d-----w c:\program files\Spyware Doctor 2008-10-03 18:18 --------- d-----w c:\program files\Spybot - Search & Destroy 2008-07-27 16:50 0 ----a-w c:\documents and settings\Ken\jagex_runescape_preferences.dat 2007-03-03 16:45 686 ----a-w c:\documents and settings\Ken\清除系統LJ.bat . ((((((((((((((((((((((((((((( snapshot_2008-11-01_ 0.31.32.60 ))))))))))))))))))))))))))))))))))))))))) . + 2008-08-07 07:27:04 163,328 ----a-w c:\windows\ERUNT\SDFIX\ERDNT.EXE + 2008-11-18 16:18:12 10,616,832 ----a-w c:\windows\ERUNT\SDFIX\Users\00000001\NTUSER.DAT + 2008-11-18 16:18:13 3,067,904 ----a-w c:\windows\ERUNT\SDFIX\Users\00000002\UsrClass.dat + 2008-08-07 07:27:04 163,328 ----a-w c:\windows\ERUNT\SDFIX_First_Run\ERDNT.EXE + 2008-11-11 15:25:27 10,629,120 ----a-w c:\windows\ERUNT\SDFIX_First_Run\Users\00000001\NTUSER.DAT + 2008-11-11 15:25:28 3,067,904 ----a-w c:\windows\ERUNT\SDFIX_First_Run\Users\00000002\UsrClass.dat - 2008-06-03 19:29:55 29,926 ----a-r c:\windows\Installer\{6560D90C-5223-49A3-B78C-A48C31EAEC56}\MsblIco.Exe + 2008-11-01 14:27:04 29,926 ----a-r c:\windows\Installer\{6560D90C-5223-49A3-B78C-A48C31EAEC56}\MsblIco.Exe + 2008-11-15 16:10:27 295,606 ----a-r c:\windows\Installer\{AC76BA86-7AD7-1028-7B44-A81300000003}\SC_Reader.exe - 2006-07-04 13:07:00 3,522 ----a-w c:\windows\pchealth\helpctr\PackageStore\SkuStore.bin + 2008-11-05 12:25:58 3,702 ----a-w c:\windows\pchealth\helpctr\PackageStore\SkuStore.bin + 2008-11-22 16:20:59 16,384 ----atw c:\windows\temp\Perflib_Perfdata_99c.dat . ((((((((((((((((((((((((((((((((((((( 重要登入點 )))))))))))))))))))))))))))))))))))))))))))))))))) . . *注意* 空白與合法缺省登錄將不會被顯示 REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2004-08-12 15360] "MSMSGS"="c:\program files\Messenger\msmsgs.exe" [2008-04-15 1695232] "ISUSPM"="c:\program files\Common Files\InstallShield\UpdateService\isuspm.exe" [2007-08-30 205480] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "ATIPTA"="c:\program files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2005-08-05 344064] "DMXLauncher"="c:\program files\Dell\Media Experience\DMXLauncher.exe" [2006-05-03 98304] "ISUSScheduler"="c:\program files\Common Files\InstallShield\UpdateService\issch.exe" [2007-08-28 73728] "TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2006-07-14 180269] "Ulead AutoDetector v2"="c:\program files\Common Files\Ulead Systems\AutoDetector\monitor.exe" [2005-05-23 90112] "IMJPMIG8.1"="c:\windows\IME\imjp8_1\IMJPMIG.EXE" [2004-08-12 208952] "ISUSPM Startup"="c:\progra~1\COMMON~1\INSTAL~1\UPDATE~1\isuspm.exe" [2007-08-30 205480] "DAEMON Tools"="c:\program files\DAEMON Tools\daemon.exe" [2005-12-10 133016] "IMEKRMIG6.1"="c:\windows\ime\imkr6_1\IMEKRMIG.EXE" [2004-08-12 44032] "MSPY2002"="c:\windows\system32\IME\PINTLGNT\ImScInst.exe" [2004-08-12 59392] "PHIME2002ASync"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-08-12 455168] "PHIME2002A"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-08-12 455168] "Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-10-15 39792] "SigmatelSysTrayApp"="stsystra.exe" [2005-03-22 c:\windows\stsystra.exe] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "ctfmon.exe"="c:\windows\system32\CTFMON.EXE" [2004-08-12 15360] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce] "tscuninstall"="c:\windows\system32\tscupgrd.exe" [2004-08-12 44544] c:\documents and settings\Ken\「開始」功能表\程式集\啟動\ Adobe Gamma.lnk - c:\program files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2005-03-16 113664] AntiCrash.lnk - c:\program files\Dachshund Software\AntiCrash\AntiCrash.exe [2002-12-17 2301798] Hare.lnk - c:\program files\Dachshund Software\Hare\Hare.exe [2002-09-21 1874381] OAhotkey.lnk - c:\epdoa\OAHotkey.EXE [2007-07-26 491008] Zoom.lnk - c:\program files\Dachshund Software\Zoom\Zoom.exe [2002-09-21 1446302] [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\KasperskyAntiVirus] "DisableMonitoring"=dword:00000001 [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "c:\\Program Files\\Thunder Network\\Thunder\\Program\\Thunder5.exe"= "c:\\Program Files\\Kingsoft\\PowerWord 2006\\XDICT.EXE"= "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "c:\\Program Files\\YouBe Casual Network\\YouBe.exe"= "c:\\Program Files\\SpeedBit Video Accelerator\\VideoAccelerator.exe"= "c:\\Program Files\\SpeedBit Video Accelerator\\VideoAcceleratorEngine.exe"= "%windir%\\system32\\sessmgr.exe"= "c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"= "c:\\Program Files\\Windows Live\\Messenger\\livecall.exe"= "c:\\Program Files\\Malwarebytes' Anti-Malware\\mbam.exe"= [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List] "3389:TCP"= 3389:TCP:@xpsp2res.dll,-22009 R0 myxlljjp;myxlljjp;c:\windows\system32\DRIVERS\myxlljjp.sys [2007-06-19 11192] R0 vzchp;vzchp;c:\windows\system32\drivers\vzchp.sys [2004-09-07 28384] R2 sbbotdi;sbbotdi;\??\c:\progra~1\SPEEDB~1\sbbotdi.sys [2007-06-05 34304] S0 00;00; [] S3 CENIXFMC;Cenix Digicom Digital Voice Recorder Service;c:\windows\system32\Drivers\CENIXFMC.sys [2008-06-17 18660] S3 hid7906;hid7906;c:\windows\system32\drivers\hid7906.sys [2007-01-13 53793] S3 IPvE;IPvE Adapter Driver;c:\windows\system32\DRIVERS\IPvE.sys [2008-03-22 14144] S3 p2pgasvc;Peer Networking Group Authentication;c:\windows\system32\svchost.exe -k p2psvc [2004-08-12 14336] S3 p2pimsvc;Peer Networking Identity Manager;c:\windows\system32\svchost.exe -k p2psvc [2004-08-12 14336] S3 p2psvc;Peer Networking;c:\windows\system32\svchost.exe -k p2psvc [2004-08-12 14336] S3 PNRPSvc;Peer Name Resolution Protocol;c:\windows\system32\svchost.exe -k p2psvc [2004-08-12 14336] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost] p2psvc REG_MULTI_SZ p2psvc p2pimsvc p2pgasvc PNRPSvc . ‘計劃任務’ 文件夾 裡的內容 2008-11-22 c:\windows\Tasks\查看 Windows Live Toolbar 的更新資訊.job - c:\program files\Windows Live Toolbar\MSNTBUP.EXE [2007-10-19 11:20] . ************************************************************************** catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2008-11-23 00:20:09 Windows 5.1.2600 Service Pack 2 NTFS 掃描被隱藏的進程。。。 ... 掃描被隱藏的啟動組。。。 掃描被隱藏的文件。。。 掃描完成 被隱藏的檔案: 0 ************************************************************************** . ------------------------ 其他運行進程 ------------------------ . c:\windows\system32\ati2evxx.exe c:\windows\system32\conime.exe c:\program files\Grisoft\AVG Anti-Spyware 7.5\guard.exe c:\program files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE c:\program files\Spyware Doctor\svcntaux.exe c:\program files\Spyware Doctor\swdsvc.exe c:\windows\system32\tcpsvcs.exe c:\windows\system32\snmp.exe c:\program files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe c:\windows\Integrator.exe c:\windows\system32\wscntfy.exe . ************************************************************************** . 完成時間: 2008-11-23 0:25:36 - 電腦已重新啟動 [Ken] ComboFix-quarantined-files.txt 2008-11-22 16:25:21 ComboFix2.txt 2008-11-16 13:00:59 ComboFix3.txt 2008-11-14 14:27:22 ComboFix4.txt 2008-11-10 15:49:30 ComboFix5.txt 2008-11-20 15:11:28 Pre-Run: 104,684,498,944 位元組可用 Post-Run: 104,644,923,392 位元組可用 173 --- E O F --- 2008-10-24 12:58:10 |
|
|
|
|
Nov 23 2008, 12:16 PM
Post
#52
|
|
|
Malware Expert Group: HJT Team Posts: 15,378 Joined: 23-December 04 From: Pickerington, Ohio Member No.: 7,762 |
Did you follow the rest of the steps that I posted?
CODE When CF finishes running, the ComboFix log will open along with a message box--do not be alarmed. With the above script, ComboFix will capture files to submit for analysis.
* Ensure you are connected to the internet and click OK on the message box. * A browser will open. * Simply follow the instructions to copy/paste/send the requested file. -------------------- If I have helped you in any way, please consider a donation to help me continue the fight against malware.Failing to respond back to the person that is giving up their own time to help you not only is insensitive and disrespectful, but it guarantees that you will never receive help from me again. Please thank your helpers and there will always be help here when you need it! ======================================================== |
|
|
|
|
Nov 24 2008, 08:51 AM
Post
#53
|
|
|
Member Group: Members Posts: 44 Joined: 1-November 08 Member No.: 251,993 |
I am sorry for relying late and missing the steps you posted.
The file has sent and the following is the log from combofix and avg ComboFix 08-11-23.01 - Ken 2008-11-24 21:36:19.12 - NTFSx86 Microsoft Windows XP Home Edition 5.1.2600.2.950.886.1028.18.511 [GMT 8:00] 執行ä½ç½®: c:\documents and settings\Ken\æ¡Œé¢\ComboFix.exe Command switches used :: c:\documents and settings\Ken\æ¡Œé¢\CFScript.txt * æˆåŠŸå‰µé€ 新還原點 . ((((((((((((((((((((((((((((((((((((((( 被刪除的檔案 ))))))))))))))))))))))))))))))))))))))))))))))))) . c:\documents and settings\Ken\Application Data\dach100.dll . ((((((((((((((((((((((((( 2008-10-24 至 2008-11-24 的新的檔案 ))))))))))))))))))))))))))))))) . 2008-11-23 23:51 . 2008-11-24 00:52 <DIR> d--h----- C:\$AVG8.VAULT$ 2008-11-23 23:40 . 2008-11-24 06:57 <DIR> d-------- c:\windows\system32\drivers\Avg 2008-11-23 23:40 . 2008-11-23 23:40 <DIR> d-------- c:\program files\AVG 2008-11-23 23:40 . 2008-11-23 23:40 <DIR> d-------- c:\documents and settings\All Users\Application Data\avg8 2008-11-23 23:40 . 2008-11-23 23:40 97,928 --a------ c:\windows\system32\drivers\avgldx86.sys 2008-11-23 23:40 . 2008-11-23 23:40 76,040 --a------ c:\windows\system32\drivers\avgtdix.sys 2008-11-23 23:40 . 2008-11-23 23:40 10,520 --a------ c:\windows\system32\avgrsstx.dll 2008-11-22 07:17 . 2008-11-22 07:17 <DIR> d-------- C:\SAV32CLI 2008-11-15 21:05 . 2008-11-24 21:05 66 --a------ c:\windows\anticrash.dat 2008-11-15 21:05 . 2008-11-24 21:05 61 --a------ c:\windows\hare.dat 2008-11-15 21:05 . 2008-11-24 21:05 60 --a------ c:\windows\zoom.dat 2008-11-15 09:43 . 2008-11-15 09:43 <DIR> d-------- C:\_OTMoveIt 2008-11-11 23:25 . 2008-11-11 23:25 <DIR> d-------- c:\windows\ERUNT 2008-11-11 23:19 . 2008-11-06 02:03 <DIR> d-------- C:\SDFix 2008-11-10 23:54 . 2008-11-10 23:54 <DIR> d-------- c:\program files\Malwarebytes' Anti-Malware 2008-11-10 23:54 . 2008-10-22 16:10 38,496 --a------ c:\windows\system32\drivers\mbamswissarmy.sys 2008-11-10 23:54 . 2008-10-22 16:10 15,504 --a------ c:\windows\system32\drivers\mbam.sys 2008-11-10 23:23 . 2008-11-10 23:23 <DIR> d-------- c:\documents and settings\Ken\Application Data\Malwarebytes 2008-11-10 23:23 . 2008-11-10 23:23 <DIR> d-------- c:\documents and settings\All Users\Application Data\Malwarebytes 2008-11-09 00:27 . 2008-11-24 00:06 54,156 --ah----- c:\windows\QTFont.qfn 2008-11-09 00:27 . 2008-11-09 00:27 1,409 --a------ c:\windows\QTFont.for 2008-11-01 06:40 . 2008-11-01 06:40 <DIR> d-------- c:\windows\dell 2008-11-01 06:40 . 2008-11-10 23:26 1,071,837,184 --a------ c:\windows\MEMORY.DMP 2008-11-01 00:10 . 2008-11-01 00:10 <DIR> d-------- c:\documents and settings\Ken\Application Data\Talkback 2008-10-31 23:35 . 2008-11-01 00:35 <DIR> d-------- c:\documents and settings\Lee Chi Ho 2008-10-31 23:24 . 2004-08-12 18:00 41,600 --a--c--- c:\windows\system32\dllcache\weitekp9.dll 2008-10-31 23:24 . 2004-08-12 18:00 31,232 --a--c--- c:\windows\system32\dllcache\weitekp9.sys 2008-10-31 23:22 . 2004-08-12 18:00 111,104 --a--c--- c:\windows\system32\dllcache\mtstocom.exe 2008-10-31 23:21 . 2004-08-12 18:00 331,264 --a--c--- c:\windows\system32\dllcache\aqueue.dll 2008-10-31 23:20 . 2004-05-13 00:39 876,653 --a--c--- c:\windows\system32\dllcache\fp4awel.dll 2008-10-31 23:18 . 2008-10-31 23:18 749 -rah----- c:\windows\WindowsShell.Manifest 2008-10-31 23:18 . 2008-10-31 23:18 749 -rah----- c:\windows\system32\wuaucpl.cpl.manifest 2008-10-31 23:18 . 2008-10-31 23:18 749 -rah----- c:\windows\system32\sapi.cpl.manifest 2008-10-31 23:18 . 2008-10-31 23:18 749 -rah----- c:\windows\system32\ncpa.cpl.manifest 2008-10-31 23:18 . 2008-10-31 23:18 488 -rah----- c:\windows\system32\logonui.exe.manifest 2008-10-31 23:17 . 2004-08-12 18:00 16,384 --a--c--- c:\windows\system32\dllcache\isignup.exe . (((((((((((((((((((((((((((((((((((((((( 在三個月內被修改的檔案 )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2008-11-23 15:14 --------- d--h--w c:\program files\InstallShield Installation Information 2008-11-23 15:14 --------- d-----w c:\program files\Windows Live Toolbar 2008-11-22 16:06 --------- d-----w c:\program files\ESET 2008-11-15 16:09 --------- d-----w c:\program files\Common Files\Adobe 2008-10-31 16:20 --------- d-----w c:\program files\Spyware Doctor 2008-10-03 18:18 --------- d-----w c:\program files\Spybot - Search & Destroy 2008-07-27 16:50 0 ----a-w c:\documents and settings\Ken\jagex_runescape_preferences.dat 2007-03-03 16:45 686 ----a-w c:\documents and settings\Ken\清除系統LJ.bat . ((((((((((((((((((((((((((((( snapshot_2008-11-01_ 0.31.32.60 ))))))))))))))))))))))))))))))))))))))))) . + 2008-08-07 07:27:04 163,328 ----a-w c:\windows\ERUNT\SDFIX\ERDNT.EXE + 2008-11-18 16:18:12 10,616,832 ----a-w c:\windows\ERUNT\SDFIX\Users\00000001\NTUSER.DAT + 2008-11-18 16:18:13 3,067,904 ----a-w c:\windows\ERUNT\SDFIX\Users\00000002\UsrClass.dat + 2008-08-07 07:27:04 163,328 ----a-w c:\windows\ERUNT\SDFIX_First_Run\ERDNT.EXE + 2008-11-11 15:25:27 10,629,120 ----a-w c:\windows\ERUNT\SDFIX_First_Run\Users\00000001\NTUSER.DAT + 2008-11-11 15:25:28 3,067,904 ----a-w c:\windows\ERUNT\SDFIX_First_Run\Users\00000002\UsrClass.dat - 2008-06-03 19:29:55 29,926 ----a-r c:\windows\Installer\{6560D90C-5223-49A3-B78C-A48C31EAEC56}\MsblIco.Exe + 2008-11-01 14:27:04 29,926 ----a-r c:\windows\Installer\{6560D90C-5223-49A3-B78C-A48C31EAEC56}\MsblIco.Exe + 2008-11-15 16:10:27 295,606 ----a-r c:\windows\Installer\{AC76BA86-7AD7-1028-7B44-A81300000003}\SC_Reader.exe - 2006-07-04 13:07:00 3,522 ----a-w c:\windows\pchealth\helpctr\PackageStore\SkuStore.bin + 2008-11-05 12:25:58 3,702 ----a-w c:\windows\pchealth\helpctr\PackageStore\SkuStore.bin + 2008-11-23 15:40:17 26,824 ----a-w c:\windows\system32\drivers\avgmfx86.sys + 2008-11-24 13:02:48 16,384 ----atw c:\windows\temp\Perflib_Perfdata_460.dat + 2006-12-01 16:46:44 65,536 ----a-w c:\windows\WinSxS\x86_Microsoft.VC80.OpenMP_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_6c18549a\vcomp.dll . ((((((((((((((((((((((((((((((((((((( é‡è¦ç™»å…¥é»ž )))))))))))))))))))))))))))))))))))))))))))))))))) . . *注æ„* 空白與åˆæ³•ç¼ºçœç™»éŒ„å°‡ä¸æœƒè¢«é¡¯ç¤º REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2004-08-12 15360] "MSMSGS"="c:\program files\Messenger\msmsgs.exe" [2008-04-15 1695232] "ISUSPM"="c:\program files\Common Files\InstallShield\UpdateService\isuspm.exe" [2007-08-30 205480] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "ATIPTA"="c:\program files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2005-08-05 344064] "DMXLauncher"="c:\program files\Dell\Media Experience\DMXLauncher.exe" [2006-05-03 98304] "ISUSScheduler"="c:\program files\Common Files\InstallShield\UpdateService\issch.exe" [2007-08-28 73728] "TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2006-07-14 180269] "Ulead AutoDetector v2"="c:\program files\Common Files\Ulead Systems\AutoDetector\monitor.exe" [2005-05-23 90112] "IMJPMIG8.1"="c:\windows\IME\imjp8_1\IMJPMIG.EXE" [2004-08-12 208952] "ISUSPM Startup"="c:\progra~1\COMMON~1\INSTAL~1\UPDATE~1\isuspm.exe" [2007-08-30 205480] "DAEMON Tools"="c:\program files\DAEMON Tools\daemon.exe" [2005-12-10 133016] "IMEKRMIG6.1"="c:\windows\ime\imkr6_1\IMEKRMIG.EXE" [2004-08-12 44032] "MSPY2002"="c:\windows\system32\IME\PINTLGNT\ImScInst.exe" [2004-08-12 59392] "PHIME2002ASync"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-08-12 455168] "PHIME2002A"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-08-12 455168] "Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-10-15 39792] "AVG8_TRAY"="c:\progra~1\AVG\AVG8\avgtray.exe" [2008-11-23 1234712] "SigmatelSysTrayApp"="stsystra.exe" [2005-03-22 c:\windows\stsystra.exe] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "ctfmon.exe"="c:\windows\system32\CTFMON.EXE" [2004-08-12 15360] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce] "tscuninstall"="c:\windows\system32\tscupgrd.exe" [2004-08-12 44544] c:\documents and settings\Ken\「開始ã€åŠŸèƒ½è¡¨\程å¼é›†\å•Ÿå‹•\ Adobe Gamma.lnk - c:\program files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2005-03-16 113664] AntiCrash.lnk - c:\program files\Dachshund Software\AntiCrash\AntiCrash.exe [2002-12-17 2301798] Hare.lnk - c:\program files\Dachshund Software\Hare\Hare.exe [2002-09-21 1874381] OAhotkey.lnk - c:\epdoa\OAHotkey.EXE [2007-07-26 491008] Zoom.lnk - c:\program files\Dachshund Software\Zoom\Zoom.exe [2002-09-21 1446302] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows] "AppInit_DLLs"=avgrsstx.dll [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\KasperskyAntiVirus] "DisableMonitoring"=dword:00000001 [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "c:\\Program Files\\Thunder Network\\Thunder\\Program\\Thunder5.exe"= "c:\\Program Files\\Kingsoft\\PowerWord 2006\\XDICT.EXE"= "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "c:\\Program Files\\YouBe Casual Network\\YouBe.exe"= "c:\\Program Files\\SpeedBit Video Accelerator\\VideoAccelerator.exe"= "c:\\Program Files\\SpeedBit Video Accelerator\\VideoAcceleratorEngine.exe"= "%windir%\\system32\\sessmgr.exe"= "c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"= "c:\\Program Files\\Windows Live\\Messenger\\livecall.exe"= "c:\\Program Files\\Malwarebytes' Anti-Malware\\mbam.exe"= "c:\\Program Files\\AVG\\AVG8\\avgemc.exe"= "c:\\Program Files\\AVG\\AVG8\\avgupd.exe"= [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List] "3389:TCP"= 3389:TCP:@xpsp2res.dll,-22009 R0 myxlljjp;myxlljjp;c:\windows\system32\DRIVERS\myxlljjp.sys [2007-06-19 11192] R0 vzchp;vzchp;c:\windows\system32\drivers\vzchp.sys [2004-09-07 28384] R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\Drivers\avgldx86.sys [2008-11-23 97928] R2 avg8emc;AVG Free8 E-mail Scanner;c:\progra~1\AVG\AVG8\avgemc.exe [2008-11-23 875288] R2 avg8wd;AVG Free8 WatchDog;c:\progra~1\AVG\AVG8\avgwdsvc.exe [2008-11-23 231704] R2 AvgTdiX;AVG Free8 Network Redirector;c:\windows\system32\Drivers\avgtdix.sys [2008-11-23 76040] R2 sbbotdi;sbbotdi;\??\c:\progra~1\SPEEDB~1\sbbotdi.sys [2007-06-05 34304] S0 00;00; [] S3 CENIXFMC;Cenix Digicom Digital Voice Recorder Service;c:\windows\system32\Drivers\CENIXFMC.sys [2008-06-17 18660] S3 hid7906;hid7906;c:\windows\system32\drivers\hid7906.sys [2007-01-13 53793] S3 IPvE;IPvE Adapter Driver;c:\windows\system32\DRIVERS\IPvE.sys [2008-03-22 14144] S3 p2pgasvc;Peer Networking Group Authentication;c:\windows\system32\svchost.exe -k p2psvc [2004-08-12 14336] S3 p2pimsvc;Peer Networking Identity Manager;c:\windows\system32\svchost.exe -k p2psvc [2004-08-12 14336] S3 p2psvc;Peer Networking;c:\windows\system32\svchost.exe -k p2psvc [2004-08-12 14336] S3 PNRPSvc;Peer Name Resolution Protocol;c:\windows\system32\svchost.exe -k p2psvc [2004-08-12 14336] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost] p2psvc REG_MULTI_SZ p2psvc p2pimsvc p2pgasvc PNRPSvc *Newly Created Service* - CATCHME . ‘計劃任務’ 文件夾 裡的內容 2008-11-23 c:\windows\Tasks\查看 Windows Live Toolbar 的更新資訊.job - c:\program files\Windows Live Toolbar\MSNTBUP.EXE [2007-10-19 11:20] . ************************************************************************** catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2008-11-24 21:40:27 Windows 5.1.2600 Service Pack 2 NTFS 掃æ被隱è—的進程。。。 ... 掃æ被隱è—的啟動組。。。 掃æ被隱è—的文件。。。 掃æå®Œæˆ è¢«éš±è—的檔案: 0 ************************************************************************** . --------------------- é‹è¡Œé€²ç¨‹ä¸‹çš„å‹•æ…‹éˆæŽ¥åº« --------------------- - - - - - - - > 'winlogon.exe'(872) c:\windows\system32\avgrsstx.dll c:\windows\system32\rsaenh.dll c:\windows\system32\WgaLogon.dll - - - - - - - > 'lsass.exe'(980) c:\windows\system32\avgrsstx.dll c:\windows\system32\msprivs.dll c:\windows\system32\rsaenh.dll . 完æˆæ™‚é–“: 2008-11-24 21:42:34 ComboFix-quarantined-files.txt 2008-11-24 13:42:01 ComboFix2.txt 2008-11-22 16:25:38 ComboFix3.txt 2008-11-16 13:00:59 ComboFix4.txt 2008-11-14 14:27:22 ComboFix5.txt 2008-11-24 13:34:45 Pre-Run: 113,434,890,240 ä½å…ƒçµ„å¯ç”¨ Post-Run: 113,422,147,584 ä½å…ƒçµ„å¯ç”¨ 183 --- E O F --- 2008-10-24 12:58:10 This post has been edited by Paul61112002: Nov 24 2008, 08:54 AM |
|
|
|
|
Nov 24 2008, 08:53 AM
Post
#54
|
|
|
Member Group: Members Posts: 44 Joined: 1-November 08 Member No.: 251,993 |
Scan "Scan whole computer" was finished.
Infections found:;"6" Infected objects removed or healed:;"6" Not removed or healed:;"0" Spyware found:;"0" Spyware removed:;"0" Not removed:;"0" Warnings count:;"33" Information count:;"0" Scan started:;"Sunday, 23 November, 2008, 23:45:55" Scan finished:;"Monday, 24 November, 2008, 1:20:59 (1 hour(s) 35 minute(s) 3 second(s))" Total object scanned:;"1171707" User who launched the scan:;"Ken" Infections File;"Infection";"Result" C:\Documents and Settings\Ken\桌面\book_2920.exe;"Trojan horse Downloader.Generic6.SGG";"Moved to Virus Vault" C:\Downloads\Nod32 v5.81.rar;"Trojan horse Downloader.Agent.AOYX";"Moved to Virus Vault" C:\Downloads\Nod32 v5.81.rar:\Nod32 v5.81\Nod32.exe;"Trojan horse Downloader.Agent.AOYX";"Moved to Virus Vault" C:\Program Files\Alcohol Soft\Alcohol 120\patch.exe;"Trojan horse Generic10.ATYN";"Moved to Virus Vault" C:\Program Files\Thunder Network\Thunder\Thunder.exe;"Trojan horse Downloader.Generic7.NOM";"Moved to Virus Vault" C:\WINDOWS\system32\drivers\vzchp.sys;"Trojan horse BackDoor.Generic10.SKK";"Moved to Virus Vault" Warnings File;"Infection";"Result" C:\Documents and Settings\Ken\Application Data\Mozilla\Firefox\Profiles\a4sjxaq1.default\cookies.txt;"Found Tracking cookie.2o7";"Potentially dangerous object" C:\Documents and Settings\Ken\Application Data\Mozilla\Firefox\Profiles\a4sjxaq1.default\cookies.txt:\247realmedia.com.855b46d;"Found Tracking cookie.247realmedia";"Potentially dangerous object" C:\Documents and Settings\Ken\Application Data\Mozilla\Firefox\Profiles\a4sjxaq1.default\cookies.txt:\2o7.net.a698612e;"Found Tracking cookie.2o7";"Potentially dangerous object" C:\Documents and Settings\Ken\Application Data\Mozilla\Firefox\Profiles\a4sjxaq1.default\cookies.txt:\adtech.de.a9245469;"Found Tracking cookie.Adtech";"Potentially dangerous object" C:\Documents and Settings\Ken\Application Data\Mozilla\Firefox\Profiles\a4sjxaq1.default\cookies.txt:\bs.serving-sys.com.5bf1f00f;"Found Tracking cookie.Serving-sys";"Potentially dangerous object" C:\Documents and Settings\Ken\Application Data\Mozilla\Firefox\Profiles\a4sjxaq1.default\cookies.txt:\m.webtrends.com.b4ca7df0;"Found Tracking cookie.Webtrends";"Potentially dangerous object" C:\Documents and Settings\Ken\Application Data\Mozilla\Firefox\Profiles\a4sjxaq1.default\cookies.txt:\questionmarket.com.3eb5a9f1;"Found Tracking cookie.Questionmarket";"Potentially dangerous object" C:\Documents and Settings\Ken\Application Data\Mozilla\Firefox\Profiles\a4sjxaq1.default\cookies.txt:\247realmedia.com.d90d45cf;"Found Tracking cookie.247realmedia";"Potentially dangerous object" C:\Documents and Settings\Ken\Application Data\Mozilla\Firefox\Profiles\a4sjxaq1.default\cookies.txt:\overture.com.52ca467a;"Found Tracking cookie.Overture";"Potentially dangerous object" C:\Documents and Settings\Ken\Application Data\Mozilla\Firefox\Profiles\a4sjxaq1.default\cookies.txt:\overture.com.8e32a996;"Found Tracking cookie.Overture";"Potentially dangerous object" C:\Documents and Settings\Ken\Application Data\Mozilla\Firefox\Profiles\a4sjxaq1.default\cookies.txt:\overture.com.d727de6f;"Found Tracking cookie.Overture";"Potentially dangerous object" C:\Documents and Settings\Ken\Application Data\Mozilla\Firefox\Profiles\a4sjxaq1.default\cookies.txt:\questionmarket.com.4dd5e426;"Found Tracking cookie.Questionmarket";"Potentially dangerous object" C:\Documents and Settings\Ken\Application Data\Mozilla\Firefox\Profiles\a4sjxaq1.default\cookies.txt:\revsci.net.2df99d79;"Found Tracking cookie.Revsci";"Potentially dangerous object" C:\Documents and Settings\Ken\Application Data\Mozilla\Firefox\Profiles\a4sjxaq1.default\cookies.txt:\revsci.net.44927ec;"Found Tracking cookie.Revsci";"Potentially dangerous object" C:\Documents and Settings\Ken\Application Data\Mozilla\Firefox\Profiles\a4sjxaq1.default\cookies.txt:\revsci.net.55564293;"Found Tracking cookie.Revsci";"Potentially dangerous object" C:\Documents and Settings\Ken\Application Data\Mozilla\Firefox\Profiles\a4sjxaq1.default\cookies.txt:\revsci.net.a64c3767;"Found Tracking cookie.Revsci";"Potentially dangerous object" C:\Documents and Settings\Ken\Application Data\Mozilla\Firefox\Profiles\a4sjxaq1.default\cookies.txt:\revsci.net.e9dbeb91;"Found Tracking cookie.Revsci";"Potentially dangerous object" C:\Documents and Settings\Ken\Application Data\Mozilla\Firefox\Profiles\a4sjxaq1.default\cookies.txt:\serving-sys.com.255d6f2f;"Found Tracking cookie.Serving-sys";"Potentially dangerous object" C:\Documents and Settings\Ken\Application Data\Mozilla\Firefox\Profiles\a4sjxaq1.default\cookies.txt:\serving-sys.com.400f83f;"Found Tracking cookie.Serving-sys";"Potentially dangerous object" C:\Documents and Settings\Ken\Application Data\Mozilla\Firefox\Profiles\a4sjxaq1.default\cookies.txt:\serving-sys.com.4b416ef8;"Found Tracking cookie.Serving-sys";"Potentially dangerous object" C:\Documents and Settings\Ken\Application Data\Mozilla\Firefox\Profiles\a4sjxaq1.default\cookies.txt:\serving-sys.com.606c3d3b;"Found Tracking cookie.Serving-sys";"Potentially dangerous object" C:\Documents and Settings\Ken\Application Data\Mozilla\Firefox\Profiles\a4sjxaq1.default\cookies.txt:\serving-sys.com.6a1cf9e8;"Found Tracking cookie.Serving-sys";"Potentially dangerous object" C:\Documents and Settings\Ken\Application Data\Mozilla\Firefox\Profiles\a4sjxaq1.default\cookies.txt:\serving-sys.com.c9034af6;"Found Tracking cookie.Serving-sys";"Potentially dangerous object" C:\Documents and Settings\Ken\Application Data\Mozilla\Firefox\Profiles\a4sjxaq1.default\cookies.txt:\tacoda.net.4366831a;"Found Tracking cookie.Tacoda";"Potentially dangerous object" C:\Documents and Settings\Ken\Application Data\Mozilla\Firefox\Profiles\a4sjxaq1.default\cookies.txt:\tacoda.net.5935e89;"Found Tracking cookie.Tacoda";"Potentially dangerous object" C:\Documents and Settings\Ken\Application Data\Mozilla\Firefox\Profiles\a4sjxaq1.default\cookies.txt:\tacoda.net.27341d57;"Found Tracking cookie.Tacoda";"Potentially dangerous object" C:\Documents and Settings\Ken\Application Data\Mozilla\Firefox\Profiles\a4sjxaq1.default\cookies.txt:\tacoda.net.c4fe2ebb;"Found Tracking cookie.Tacoda";"Potentially dangerous object" C:\Documents and Settings\Ken\Application Data\Mozilla\Firefox\Profiles\a4sjxaq1.default\cookies.txt:\tacoda.net.e9f57f8;"Found Tracking cookie.Tacoda";"Potentially dangerous object" C:\Documents and Settings\Ken\Application Data\Mozilla\Firefox\Profiles\a4sjxaq1.default\cookies.txt:\tribalfusion.com.dcc03271;"Found Tracking cookie.Tribalfusion";"Potentially dangerous object" C:\Documents and Settings\Ken\Cookies\ken@m.webtrends[1].txt;"Found Tracking cookie.Webtrends";"Potentially dangerous object" C:\Documents and Settings\Ken\Cookies\ken@m.webtrends[1].txt:\m.webtrends.com.b4ca7df0;"Found Tracking cookie.Webtrends";"Potentially dangerous object" C:\Documents and Settings\Ken\Cookies\ken@msnportal.112.2o7[1].txt;"Found Tracking cookie.2o7";"Potentially dangerous object" C:\Documents and Settings\Ken\Cookies\ken@msnportal.112.2o7[1].txt:\msnportal.112.2o7.net.7225be6f;"Found Tracking cookie.2o7";"Potentially dangerous object" |
|
|
|
|
Nov 24 2008, 12:42 PM
Post
#55
|
|
|
Malware Expert Group: HJT Team Posts: 15,378 Joined: 23-December 04 From: Pickerington, Ohio Member No.: 7,762 |
You've got cracked software on your computer. This is where your malware issues stem from.
Copy and paste ALL the following text in the Quote box below into Notepad. Click on File(in the menu at the top)>Save as../Save as Type: 'All Files' /File name: CFScript to your desktop. CODE Driver:: myxlljjp File:: c:\windows\system32\DRIVERS\myxlljjp.sys Prior to running Combofix.exe you should disable your antivirus program and disconnect from the internet. Now drag then drop the CFScript file onto ComboFix.exe as seen in the image below.  This will start ComboFix again. After reboot, (in case it asks to reboot), post the contents of Combofix.txt in your next reply. Also post a new log from OTViewIt. -------------------- If I have helped you in any way, please consider a donation to help me continue the fight against malware.Failing to respond back to the person that is giving up their own time to help you not only is insensitive and disrespectful, but it guarantees that you will never receive help from me again. Please thank your helpers and there will always be help here when you need it! ======================================================== |
|
|
|
|
Nov 25 2008, 08:34 AM
Post
#56
|
|
|
Member Group: Members Posts: 44 Joined: 1-November 08 Member No.: 251,993 |
ComboFix 08-11-24.03 - Ken 2008-11-25 21:01:53.13 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.2.950.886.1028.18.544 [GMT 8:00] 執行位置: c:\documents and settings\Ken\桌面\ComboFix.exe Command switches used :: c:\documents and settings\Ken\桌面\CFScript.txt * 成功創造新還原點 FILE :: c:\windows\system32\DRIVERS\myxlljjp.sys . ((((((((((((((((((((((((((((((((((((((( 被刪除的檔案 ))))))))))))))))))))))))))))))))))))))))))))))))) . c:\documents and settings\Ken\Application Data\dach100.dll c:\windows\system32\DRIVERS\myxlljjp.sys . ((((((((((((((((((((((((((((((((((((((( 驅動/服務 ))))))))))))))))))))))))))))))))))))))))))))))))) . -------\Legacy_MYXLLJJP -------\Service_myxlljjp ((((((((((((((((((((((((( 2008-10-25 至 2008-11-25 的新的檔案 ))))))))))))))))))))))))))))))) . 2008-11-24 21:43 . 2008-11-24 21:43 <DIR> d-------- C:\My Voice 2008-11-23 23:51 . 2008-11-24 00:52 <DIR> d--h----- C:\$AVG8.VAULT$ 2008-11-23 23:40 . 2008-11-25 20:18 <DIR> d-------- c:\windows\system32\drivers\Avg 2008-11-23 23:40 . 2008-11-23 23:40 <DIR> d-------- c:\program files\AVG 2008-11-23 23:40 . 2008-11-23 23:40 <DIR> d-------- c:\documents and settings\All Users\Application Data\avg8 2008-11-23 23:40 . 2008-11-23 23:40 97,928 --a------ c:\windows\system32\drivers\avgldx86.sys 2008-11-23 23:40 . 2008-11-23 23:40 76,040 --a------ c:\windows\system32\drivers\avgtdix.sys 2008-11-23 23:40 . 2008-11-23 23:40 10,520 --a------ c:\windows\system32\avgrsstx.dll 2008-11-22 07:17 . 2008-11-22 07:17 <DIR> d-------- C:\SAV32CLI 2008-11-15 21:05 . 2008-11-25 21:11 66 --a------ c:\windows\anticrash.dat 2008-11-15 21:05 . 2008-11-25 21:11 61 --a------ c:\windows\hare.dat 2008-11-15 21:05 . 2008-11-25 21:12 60 --a------ c:\windows\zoom.dat 2008-11-15 09:43 . 2008-11-15 09:43 <DIR> d-------- C:\_OTMoveIt 2008-11-11 23:25 . 2008-11-11 23:25 <DIR> d-------- c:\windows\ERUNT 2008-11-11 23:19 . 2008-11-06 02:03 <DIR> d-------- C:\SDFix 2008-11-10 23:54 . 2008-11-10 23:54 <DIR> d-------- c:\program files\Malwarebytes' Anti-Malware 2008-11-10 23:54 . 2008-10-22 16:10 38,496 --a------ c:\windows\system32\drivers\mbamswissarmy.sys 2008-11-10 23:54 . 2008-10-22 16:10 15,504 --a------ c:\windows\system32\drivers\mbam.sys 2008-11-10 23:23 . 2008-11-10 23:23 <DIR> d-------- c:\documents and settings\Ken\Application Data\Malwarebytes 2008-11-10 23:23 . 2008-11-10 23:23 <DIR> d-------- c:\documents and settings\All Users\Application Data\Malwarebytes 2008-11-09 00:27 . 2008-11-24 00:06 54,156 --ah----- c:\windows\QTFont.qfn 2008-11-09 00:27 . 2008-11-09 00:27 1,409 --a------ c:\windows\QTFont.for 2008-11-01 06:40 . 2008-11-01 06:40 <DIR> d-------- c:\windows\dell 2008-11-01 06:40 . 2008-11-10 23:26 1,071,837,184 --a------ c:\windows\MEMORY.DMP 2008-11-01 00:10 . 2008-11-01 00:10 <DIR> d-------- c:\documents and settings\Ken\Application Data\Talkback 2008-10-31 23:35 . 2008-11-01 00:35 <DIR> d-------- c:\documents and settings\Lee Chi Ho 2008-10-31 23:24 . 2004-08-12 18:00 41,600 --a--c--- c:\windows\system32\dllcache\weitekp9.dll 2008-10-31 23:24 . 2004-08-12 18:00 31,232 --a--c--- c:\windows\system32\dllcache\weitekp9.sys 2008-10-31 23:22 . 2004-08-12 18:00 111,104 --a--c--- c:\windows\system32\dllcache\mtstocom.exe 2008-10-31 23:21 . 2004-08-12 18:00 331,264 --a--c--- c:\windows\system32\dllcache\aqueue.dll 2008-10-31 23:20 . 2004-05-13 00:39 876,653 --a--c--- c:\windows\system32\dllcache\fp4awel.dll 2008-10-31 23:18 . 2008-10-31 23:18 749 -rah----- c:\windows\WindowsShell.Manifest 2008-10-31 23:18 . 2008-10-31 23:18 749 -rah----- c:\windows\system32\wuaucpl.cpl.manifest 2008-10-31 23:18 . 2008-10-31 23:18 749 -rah----- c:\windows\system32\sapi.cpl.manifest 2008-10-31 23:18 . 2008-10-31 23:18 749 -rah----- c:\windows\system32\ncpa.cpl.manifest 2008-10-31 23:18 . 2008-10-31 23:18 488 -rah----- c:\windows\system32\logonui.exe.manifest 2008-10-31 23:17 . 2004-08-12 18:00 16,384 --a--c--- c:\windows\system32\dllcache\isignup.exe . (((((((((((((((((((((((((((((((((((((((( 在三個月內被修改的檔案 )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2008-11-23 15:14 --------- d--h--w c:\program files\InstallShield Installation Information 2008-11-23 15:14 --------- d-----w c:\program files\Windows Live Toolbar 2008-11-22 16:06 --------- d-----w c:\program files\ESET 2008-11-15 16:09 --------- d-----w c:\program files\Common Files\Adobe 2008-10-31 16:20 --------- d-----w c:\program files\Spyware Doctor 2008-10-03 18:18 --------- d-----w c:\program files\Spybot - Search & Destroy 2008-07-27 16:50 0 ----a-w c:\documents and settings\Ken\jagex_runescape_preferences.dat 2007-03-03 16:45 686 ----a-w c:\documents and settings\Ken\清除系統LJ.bat . ((((((((((((((((((((((((((((( snapshot_2008-11-01_ 0.31.32.60 ))))))))))))))))))))))))))))))))))))))))) . + 2008-08-07 07:27:04 163,328 ----a-w c:\windows\ERUNT\SDFIX\ERDNT.EXE + 2008-11-18 16:18:12 10,616,832 ----a-w c:\windows\ERUNT\SDFIX\Users\00000001\NTUSER.DAT + 2008-11-18 16:18:13 3,067,904 ----a-w c:\windows\ERUNT\SDFIX\Users\00000002\UsrClass.dat + 2008-08-07 07:27:04 163,328 ----a-w c:\windows\ERUNT\SDFIX_First_Run\ERDNT.EXE + 2008-11-11 15:25:27 10,629,120 ----a-w c:\windows\ERUNT\SDFIX_First_Run\Users\00000001\NTUSER.DAT + 2008-11-11 15:25:28 3,067,904 ----a-w c:\windows\ERUNT\SDFIX_First_Run\Users\00000002\UsrClass.dat - 2008-06-03 19:29:55 29,926 ----a-r c:\windows\Installer\{6560D90C-5223-49A3-B78C-A48C31EAEC56}\MsblIco.Exe + 2008-11-01 14:27:04 29,926 ----a-r c:\windows\Installer\{6560D90C-5223-49A3-B78C-A48C31EAEC56}\MsblIco.Exe + 2008-11-15 16:10:27 295,606 ----a-r c:\windows\Installer\{AC76BA86-7AD7-1028-7B44-A81300000003}\SC_Reader.exe - 2006-07-04 13:07:00 3,522 ----a-w c:\windows\pchealth\helpctr\PackageStore\SkuStore.bin + 2008-11-05 12:25:58 3,702 ----a-w c:\windows\pchealth\helpctr\PackageStore\SkuStore.bin + 2008-11-23 15:40:17 26,824 ----a-w c:\windows\system32\drivers\avgmfx86.sys + 2008-11-25 13:11:59 16,384 ----atw c:\windows\temp\Perflib_Perfdata_a74.dat + 2006-12-01 16:46:44 65,536 ----a-w c:\windows\WinSxS\x86_Microsoft.VC80.OpenMP_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_6c18549a\vcomp.dll . ((((((((((((((((((((((((((((((((((((( 重要登入點 )))))))))))))))))))))))))))))))))))))))))))))))))) . . *注意* 空白與合法缺省登錄將不會被顯示 REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2004-08-12 15360] "MSMSGS"="c:\program files\Messenger\msmsgs.exe" [2008-04-15 1695232] "ISUSPM"="c:\program files\Common Files\InstallShield\UpdateService\isuspm.exe" [2007-08-30 205480] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "ATIPTA"="c:\program files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2005-08-05 344064] "DMXLauncher"="c:\program files\Dell\Media Experience\DMXLauncher.exe" [2006-05-03 98304] "ISUSScheduler"="c:\program files\Common Files\InstallShield\UpdateService\issch.exe" [2007-08-28 73728] "TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2006-07-14 180269] "Ulead AutoDetector v2"="c:\program files\Common Files\Ulead Systems\AutoDetector\monitor.exe" [2005-05-23 90112] "IMJPMIG8.1"="c:\windows\IME\imjp8_1\IMJPMIG.EXE" [2004-08-12 208952] "ISUSPM Startup"="c:\progra~1\COMMON~1\INSTAL~1\UPDATE~1\isuspm.exe" [2007-08-30 205480] "DAEMON Tools"="c:\program files\DAEMON Tools\daemon.exe" [2005-12-10 133016] "IMEKRMIG6.1"="c:\windows\ime\imkr6_1\IMEKRMIG.EXE" [2004-08-12 44032] "MSPY2002"="c:\windows\system32\IME\PINTLGNT\ImScInst.exe" [2004-08-12 59392] "PHIME2002ASync"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-08-12 455168] "PHIME2002A"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-08-12 455168] "Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-10-15 39792] "AVG8_TRAY"="c:\progra~1\AVG\AVG8\avgtray.exe" [2008-11-23 1234712] "SigmatelSysTrayApp"="stsystra.exe" [2005-03-22 c:\windows\stsystra.exe] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "ctfmon.exe"="c:\windows\system32\CTFMON.EXE" [2004-08-12 15360] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce] "tscuninstall"="c:\windows\system32\tscupgrd.exe" [2004-08-12 44544] c:\documents and settings\Ken\「開始」功能表\程式集\啟動\ Adobe Gamma.lnk - c:\program files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2005-03-16 113664] AntiCrash.lnk - c:\program files\Dachshund Software\AntiCrash\AntiCrash.exe [2002-12-17 2301798] Hare.lnk - c:\program files\Dachshund Software\Hare\Hare.exe [2002-09-21 1874381] OAhotkey.lnk - c:\epdoa\OAHotkey.EXE [2007-07-26 491008] Zoom.lnk - c:\program files\Dachshund Software\Zoom\Zoom.exe [2002-09-21 1446302] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows] "AppInit_DLLs"=avgrsstx.dll [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\KasperskyAntiVirus] "DisableMonitoring"=dword:00000001 [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "c:\\Program Files\\Thunder Network\\Thunder\\Program\\Thunder5.exe"= "c:\\Program Files\\Kingsoft\\PowerWord 2006\\XDICT.EXE"= "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "c:\\Program Files\\YouBe Casual Network\\YouBe.exe"= "c:\\Program Files\\SpeedBit Video Accelerator\\VideoAccelerator.exe"= "c:\\Program Files\\SpeedBit Video Accelerator\\VideoAcceleratorEngine.exe"= "%windir%\\system32\\sessmgr.exe"= "c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"= "c:\\Program Files\\Windows Live\\Messenger\\livecall.exe"= "c:\\Program Files\\Malwarebytes' Anti-Malware\\mbam.exe"= "c:\\Program Files\\AVG\\AVG8\\avgemc.exe"= "c:\\Program Files\\AVG\\AVG8\\avgupd.exe"= [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List] "3389:TCP"= 3389:TCP:@xpsp2res.dll,-22009 R0 vzchp;vzchp;c:\windows\system32\drivers\vzchp.sys [2004-09-07 28384] R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\Drivers\avgldx86.sys [2008-11-23 97928] R2 avg8emc;AVG Free8 E-mail Scanner;c:\progra~1\AVG\AVG8\avgemc.exe [2008-11-23 875288] R2 avg8wd;AVG Free8 WatchDog;c:\progra~1\AVG\AVG8\avgwdsvc.exe [2008-11-23 231704] R2 AvgTdiX;AVG Free8 Network Redirector;c:\windows\system32\Drivers\avgtdix.sys [2008-11-23 76040] R2 sbbotdi;sbbotdi;\??\c:\progra~1\SPEEDB~1\sbbotdi.sys [2007-06-05 34304] S0 00;00; [] S3 CENIXFMC;Cenix Digicom Digital Voice Recorder Service;c:\windows\system32\Drivers\CENIXFMC.sys [2008-06-17 18660] S3 hid7906;hid7906;c:\windows\system32\drivers\hid7906.sys [2007-01-13 53793] S3 IPvE;IPvE Adapter Driver;c:\windows\system32\DRIVERS\IPvE.sys [2008-03-22 14144] S3 p2pgasvc;Peer Networking Group Authentication;c:\windows\system32\svchost.exe -k p2psvc [2004-08-12 14336] S3 p2pimsvc;Peer Networking Identity Manager;c:\windows\system32\svchost.exe -k p2psvc [2004-08-12 14336] S3 p2psvc;Peer Networking;c:\windows\system32\svchost.exe -k p2psvc [2004-08-12 14336] S3 PNRPSvc;Peer Name Resolution Protocol;c:\windows\system32\svchost.exe -k p2psvc [2004-08-12 14336] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost] p2psvc REG_MULTI_SZ p2psvc p2pimsvc p2pgasvc PNRPSvc . ‘計劃任務’ 文件夾 裡的內容 2008-11-25 c:\windows\Tasks\查看 Windows Live Toolbar 的更新資訊.job - c:\program files\Windows Live Toolbar\MSNTBUP.EXE [2007-10-19 11:20] . ************************************************************************** catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2008-11-25 21:10:49 Windows 5.1.2600 Service Pack 2 NTFS 掃描被隱藏的進程。。。 ... 掃描被隱藏的啟動組。。。 掃描被隱藏的文件。。。 c:\windows\TEMP\3c109c0k.TMP 616448 bytes 掃描完成 被隱藏的檔案: 1 ************************************************************************** . ------------------------ 其他運行進程 ------------------------ . c:\windows\system32\ati2evxx.exe c:\windows\system32\conime.exe c:\program files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE c:\program files\Spyware Doctor\svcntaux.exe c:\program files\Spyware Doctor\swdsvc.exe c:\windows\system32\tcpsvcs.exe c:\windows\system32\snmp.exe c:\program files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe c:\windows\Integrator.exe c:\program files\AVG\AVG8\avgrsx.exe c:\program files\AVG\AVG8\avgrsx.exe . ************************************************************************** . 完成時間: 2008-11-25 21:16:50 - 電腦已重新啟動 ComboFix-quarantined-files.txt 2008-11-25 13:16:31 ComboFix2.txt 2008-11-24 13:42:35 ComboFix3.txt 2008-11-22 16:25:38 ComboFix4.txt 2008-11-16 13:00:59 ComboFix5.txt 2008-11-25 13:01:09 Pre-Run: 113,361,661,952 位元組可用 Post-Run: 113,349,582,848 位元組可用 196 --- E O F --- 2008-10-24 12:58:10 |
|
|
|
|
Nov 25 2008, 08:36 AM
Post
#57
|
|
|
Member Group: Members Posts: 44 Joined: 1-November 08 Member No.: 251,993 |
OTViewIt Extras logfile created on: 25/11/2008 21:34:50 - Run 6
OTViewIt by OldTimer - Version 1.0.20.0 Folder = C:\Documents and Settings\Ken\桌面 Windows XP Home Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation Internet Explorer (Version = 6.0.2900.2180) Locale: 00000C04 | Country: 香港特別行政區 | Language: ZHH | Date Format: d/M/yyyy 1022.07 Mb Total Physical Memory | 511.57 Mb Available Physical Memory | 50.05% Memory free 2.40 Gb Paging File | 2.00 Gb Available in Paging File | 83.10% Paging File free Paging file location(s): c:\pagefile.sys 1536 3072; %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files Drive C: | 148.96 Gb Total Space | 105.63 Gb Free Space | 70.91% Space Free | Partition Type: NTFS D: Drive not present or media not loaded E: Drive not present or media not loaded F: Drive not present or media not loaded G: Drive not present or media not loaded H: Drive not present or media not loaded I: Drive not present or media not loaded Computer Name: PAUL Current User Name: Ken Logged in as Administrator. Current Boot Mode: Normal Scan Mode: All users Whitelist: Off File Age = 30 Days "Use My Stylesheet"= "User Stylesheet"= ========== File Associations ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>] ========== Security Center Settings ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center] "FirstRunDisabled"=1 "AntiVirusDisableNotify"=0 "FirewallDisableNotify"=0 "UpdatesDisableNotify"=0 "AntiVirusOverride"=0 "FirewallOverride"=0 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus] "DisableMonitoring"=1 ""= [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall] HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile "EnableFirewall"=1 "DoNotAllowExceptions"=1 "DisableNotifications"=0 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts] ========== Authorized Applications List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List] [2008/04/14 02:53:32 | 00,558,080 | ---- | M] (Microsoft Corporation) -- %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000 [2004/08/12 18:00:00 | 00,136,704 | ---- | M] (Microsoft Corporation) -- %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019 [2007/10/18 11:35:18 | 05,724,184 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger [2007/10/02 17:18:24 | 00,304,488 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Live\Messenger\livecall.exe:*:Enabled:Windows Live Messenger (Phone) [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List] [2006/11/29 14:29:40 | 01,413,120 | ---- | M] (Thunder Networking Technologies,LTD) -- C:\Program Files\Thunder Network\Thunder\Program\Thunder5.exe:*:Enabled:Thunder [2005/12/07 16:45:30 | 00,447,488 | ---- | M] (Kingsoft Co, Ltd.) -- C:\Program Files\Kingsoft\PowerWord 2006\XDICT.EXE:*:Enabled:Kingsoft PowerWord 2006 [2008/04/14 02:53:32 | 00,558,080 | ---- | M] (Microsoft Corporation) -- %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000 [2006/11/13 02:35:30 | 05,081,600 | ---- | M] () -- C:\Program Files\YouBe Casual Network\YouBe.exe:*:Enabled:YouBe Casual Network Client [2007/06/05 13:02:13 | 01,922,936 | ---- | M] (Speedbit Ltd.) -- C:\Program Files\SpeedBit Video Accelerator\VideoAccelerator.exe:*:Enabled:VideoAccelerator [2007/06/05 13:02:13 | 00,137,088 | ---- | M] (Speedbit Ltd.) -- C:\Program Files\SpeedBit Video Accelerator\VideoAcceleratorEngine.exe:*:Enabled:VideoAcceleratorEngine [2004/08/12 18:00:00 | 00,136,704 | ---- | M] (Microsoft Corporation) -- %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019 [2007/10/18 11:35:18 | 05,724,184 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger [2007/10/02 17:18:24 | 00,304,488 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Live\Messenger\livecall.exe:*:Enabled:Windows Live Messenger (Phone) [2008/10/22 16:10:20 | 01,261,200 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe:*:Enabled:Malwarebytes' Anti-Malware [2008/11/23 23:40:07 | 00,875,288 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG8\avgemc.exe:*:Enabled:avgemc.exe [2008/11/23 23:40:08 | 00,641,304 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG8\avgupd.exe:*:Enabled:avgupd.exe ========== (O10) Winsock2 Catalogs ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\] NameSpace_Catalog5\Catalog_Entries\000000000001 [PNRP 定域機組命名空間提供者] -- C:\WINDOWS\system32\pnrpnsp.dll (Microsoft Corporation) NameSpace_Catalog5\Catalog_Entries\000000000002 [PNRP 名稱命名空間提供者] -- C:\WINDOWS\system32\pnrpnsp.dll (Microsoft Corporation) ========== (O18) Protocol Handlers ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\] ipp: [HKLM - No CLSID value] [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\] - Protocol Handlers [2007/08/28 23:55:14 | 01,014,128 | ---- | M] (Microsoft Corporation) C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL ipp\0x00000001:{E1D2BF42-A96B-11d1-9C6B-0000F875AC61} (HKLM) [HKLM - MSDAMON.BINDER] [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\] [2008/11/23 23:40:13 | 00,079,128 | ---- | M] (AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG8\avgpp.dll (linkscanner:{F274614C-63F8-47D5-A4D1-FBDDE494F8D1} (HKLM) [XPLPPFilter Class]) [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\] [2007/10/18 11:31:54 | 00,066,072 | ---- | M] (Microsoft Corporation) C:\Program Files\Windows Live\Messenger\msgrapp.8.5.1302.1018.dll (livecall:{828030A1-22C1-4009-854F-8E305202313F} (HKLM) [Reg Error: Value does not exist or could not be read.]) [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\] msdaipp: [HKLM - No CLSID value] [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\] - Protocol Handlers [2007/08/28 23:55:14 | 01,014,128 | ---- | M] (Microsoft Corporation) C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL msdaipp\0x00000001:{E1D2BF42-A96B-11d1-9C6B-0000F875AC61} (HKLM) [HKLM - MSDAMON.BINDER] [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\] - Protocol Handlers [2007/08/28 23:55:14 | 01,014,128 | ---- | M] (Microsoft Corporation) C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL msdaipp\oledb:{E1D2BF40-A96B-11d1-9C6B-0000F875AC61} (HKLM) [HKLM - MSDAIPP.BINDER] [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\] [2006/10/26 13:45:02 | 00,873,216 | ---- | M] (Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll (ms-help:{314111c7-a502-11d2-bbca-00c04f8ec294} (HKLM) [HxProtocol Class]) [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\] [2000/04/19 18:47:36 | 00,520,117 | ---- | M] (Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\Information Retrieval\MSITSS.DLL (ms-itss:{0A9007C0-4076-11D3-8789-0000F8105754} (HKLM) [Microsoft Infotech Storage Protocol for IE 4.0]) [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\] [2007/10/18 11:31:54 | 00,066,072 | ---- | M] (Microsoft Corporation) C:\Program Files\Windows Live\Messenger\msgrapp.8.5.1302.1018.dll (msnim:{828030A1-22C1-4009-854F-8E305202313F} (HKLM) [Reg Error: Value does not exist or could not be read.]) [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\] [2007/03/14 13:10:22 | 07,255,384 | ---- | M] (Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\Web Components\10\OWC10.DLL (mso-offdap:{3D9F03FA-7A94-11D3-BE81-0050048385D1} (HKLM) [Data Page Pluggable Protocol mso-offdap Handler]) [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\] [2007/05/10 13:45:34 | 08,069,464 | ---- | M] (Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\Web Components\11\OWC11.DLL (mso-offdap11:{32505114-5902-49B2-880A-1F7738E5A384} (HKLM) [Data Page Plugable Protocal mso-offdap11 Handler]) [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\] [2007/10/23 12:14:52 | 00,858,136 | ---- | M] (Microsoft Corporation) C:\Program Files\Windows Live\Mail\mailcomm.dll (wlmailhtml:{03C514A3-1EFB-4856-9F99-10D7BE1653C0} (HKLM) [Windows Live Mail HTML Asynchronous Pluggable Protocol Handler]) ========== (O18) Protocol Filters ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Filter\] - Protocol Filters [2007/04/19 13:57:40 | 00,046,432 | ---- | M] (Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\OFFICE11\MSOXMLMF.DLL text/xml:{807553E5-5146-11D5-A672-00B0D022E945} (HKLM) [Reg Error: Value does not exist or could not be read.] ========== HKEY_LOCAL_MACHINE Uninstall List ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "{05BB2EC5-6BEF-4DDC-9E75-BEE7B161157A}"=Macromedia Dreamweaver MX 2004 "{09F1BC13-752E-4569-B6E3-CEF1695ACC7F}"=Powerword 2006 "{0B76561B-A254-44F2-B78D-E18705FBE9F0}"=Windows Presentation Foundation Language Pack (CHT) "{0BEDBD4E-2D34-47B5-9973-57E62B29307C}"=ATI 控制台 "{0C9B0475-F65F-45AB-8D88-2AE7C195E907}"=Microsoft .NET Framework 1.1 Chinese (Traditional) Lang. Pack "{0DEE88A2-E250-4955-A5AF-EFC2C305E7C6}"=Windows Live installer "{0F9196C6-58B4-445B-B56E-B1200FECC151}"=Microsoft Bootvis "{1206EF92-2E83-4859-ACCB-2048C3CB7DA6}"=Sonic DLA "{20FF019B-1346-453F-B3BB-95795FA2E085}"=Windows Communication Foundation Language Pack - CHT "{236BB7C4-4419-42FD-0409-1E257A25E34D}"=Adobe Photoshop CS2 "{2864C41B-EF2D-4640-95A2-526276524519}"=Borland C++Builder 6 "{2F10F540-4126-45B5-B14C-9B8D119205E6}"=Windows Workflow Foundation ZH-CHT Language Pack "{2F353D44-73BB-4971-B31D-F7642E9E9531}"=Macromedia Flash MX 2004 "{30465B6C-B53F-49A1-9EBA-A3F187AD502E}"=Sonic Update Manager "{3248F0A8-6813-11D6-A77B-00B0D0160020}"=Java™ 6 Update 2 "{3248F0A8-6813-11D6-A77B-00B0D0160060}"=Java™ 6 Update 6 "{3248F0A8-6813-11D6-A77B-00B0D0160070}"=Java™ 6 Update 7 "{350C97B6-3D7C-4EE8-BAA9-00BCB3D54227}"=WebFldrs XP "{358A2F50-8885-4EDE-BBB0-130A5834E0B4}"=Visual FoxPro 9.0 Baseline - English "{36177F72-8181-45D7-95D1-EA5B008A4DC9}"=Macro Vibration Joystick "{3748D2FC-83CB-445A-87D8-DE88080FBB4F}"=Power Voice II "{394BE3D9-7F57-4638-A8D1-1D88671913B7}"=Microsoft AppLocale "{39F8BF57-47FA-4F8D-9404-1B41321743AF}"=AntiCrash 3.6.1 "{41925E73-4C04-479C-B2CA-C3EEA2A4CD3E}"=醇紌 (Windows Live Toolbar) "{43CAC9A1-1993-4F65-9096-7C9AFC2BBF54}"=Dell CinePlayer "{48976A2B-53A5-435E-AF7A-8D034ED24ECF}"=Wiseman Voice Engine "{491DD792-AD81-429C-9EB4-86DD3D22E333}"=Windows Communication Foundation "{53984380-2AE6-458A-8C64-FEB40B747E8F}"=Civilization III "{5B6BE547-21E2-49CA-B2E2-6A5F470593B1}"=Sonic Activation Module "{636EFC48-221F-442B-9299-5E2A09B3D933}"=Windows Live Toolbar "{6560D90C-5223-49A3-B78C-A48C31EAEC56}"=Windows Live Messenger "{67C5EC16-0DC1-4045-A7FF-D7D0FFA4B54D}"=Microsoft .NET Framework 2.0 Language Pack - CHT "{6BD5BA64-404E-4D4C-80D1-70EF72EC3D6D}"=Microsoft .NET Framework 3.0 Traditional Chinese Language Pack "{7299052b-02a4-4627-81f2-1818da5d550d}"=Microsoft Visual C++ 2005 Redistributable "{772214C5-4CC2-40FA-8BD8-A98570D18C13}"=Windows Live 紇钩いみ "{7D1B85BD-AA07-48B8-808D-67A4067FC6BD}"=Windows Workflow Foundation "{83F793B5-8BBF-42FD-A8A6-868CB3E2AAEA}"=Intel® PROSet for Wired Connections "{8D49763E-A43C-45CB-9561-5267627ED243}"=Windows Live Mail "{8EDBA74D-0686-4C99-BFDD-F894678E5B39}"=Adobe Common File Installer "{90110404-6000-11D3-8CFE-0150048383C9}"=Microsoft Office Professional Edition 2003 "{90120000-0010-0804-0000-0000000FF1CE}"=Microsoft Software Update for Web Folders (Chinese (Simplified)) 12 "{90120000-001F-0409-0000-0000000FF1CE}"=Microsoft Office Proof (English) 2007 "{90120000-001F-0409-0000-0000000FF1CE}_PRJPRO_{3EC77D26-799B-4CD8-914F-C1565E796173}"=2007 Microsoft Office Suite Service Pack 1 (SP1) "{90120000-001F-0409-0000-0000000FF1CE}_VISPRO_{3EC77D26-799B-4CD8-914F-C1565E796173}"=2007 Microsoft Office Suite Service Pack 1 (SP1) "{90120000-001F-0804-0000-0000000FF1CE}"=Microsoft Office Proof (Chinese (Simplified)) 2007 "{90120000-001F-0804-0000-0000000FF1CE}_PRJPRO_{C0214747-76E6-4C82-ACE7-4F6FB84CE5A9}"=2007 Microsoft Office Suite Service Pack 1 (SP1) "{90120000-001F-0804-0000-0000000FF1CE}_VISPRO_{C0214747-76E6-4C82-ACE7-4F6FB84CE5A9}"=2007 Microsoft Office Suite Service Pack 1 (SP1) "{90120000-0028-0804-0000-0000000FF1CE}"=Microsoft Office IME (Chinese (Simplified)) 2007 "{90120000-0028-0804-0000-0000000FF1CE}_PRJPRO_{5E9B9C9D-964B-4E00-BD68-A22AC484E835}"=2007 Microsoft Office Suite Service Pack 1 (SP1) "{90120000-0028-0804-0000-0000000FF1CE}_VISPRO_{5E9B9C9D-964B-4E00-BD68-A22AC484E835}"=2007 Microsoft Office Suite Service Pack 1 (SP1) "{90120000-002C-0804-0000-0000000FF1CE}"=Microsoft Office Proofing (Chinese (Simplified)) 2007 "{90120000-003B-0000-0000-0000000FF1CE}"=Microsoft Office Project Professional 2007 "{90120000-003B-0000-0000-0000000FF1CE}_PRJPRO_{C1877F6E-C1C8-486D-A697-86431029690C}"=Microsoft Office Project 2007 Service Pack 1 (SP1) "{90120000-0051-0000-0000-0000000FF1CE}"=Microsoft Office Visio Professional 2007 "{90120000-0051-0000-0000-0000000FF1CE}_VISPRO_{AA4F2610-5FF1-4DCD-A6FB-BCA2D09A6443}"=Microsoft Office Visio 2007 Service Pack 1 (SP1) "{90120000-0054-0804-0000-0000000FF1CE}"=Microsoft Office Visio MUI (Chinese (Simplified)) 2007 "{90120000-0054-0804-0000-0000000FF1CE}_VISPRO_{C56C2A01-1BA3-401D-AB05-FF8E13B64DCE}"=Microsoft Office Visio 2007 Service Pack 1 (SP1) "{90120000-006E-0804-0000-0000000FF1CE}"=Microsoft Office Shared MUI (Chinese (Simplified)) 2007 "{90120000-006E-0804-0000-0000000FF1CE}_PRJPRO_{AD8C9A1B-8EFE-42BE-93D0-7281302869D4}"=2007 Microsoft Office Suite Service Pack 1 (SP1) "{90120000-006E-0804-0000-0000000FF1CE}_VISPRO_{AD8C9A1B-8EFE-42BE-93D0-7281302869D4}"=2007 Microsoft Office Suite Service Pack 1 (SP1) "{90120000-00B4-0804-0000-0000000FF1CE}"=Microsoft Office Project MUI (Chinese (Simplified)) 2007 "{90120000-00B4-0804-0000-0000000FF1CE}_PRJPRO_{9051A408-D436-4670-B65C-EF793212AE7E}"=Microsoft Office Project 2007 Service Pack 1 (SP1) "{9BAAE963-E16D-4E17-AFE6-1965F5AA0292}"=Visual FoxPro 9.0 Professional - English "{9DE9E293-5D7B-4312-88C2-BDFAEC5310AE}"=Microsoft .NET Framework 3.0 "{A5BA14E0-7384-11D4-BAE7-00409631A2C8}"=Macromedia Extension Manager "{AC0EE5B0-A8FB-4D0A-AF03-2EDC518F841B}"=Dell Media Experience "{AC76BA86-7AD7-1028-7B44-A81300000003}"=Adobe Reader 8.1.3 - Chinese Traditional "{AC76BA86-7AD7-2447-0000-800000000003}"=Chinese Simplified Fonts Support For Adobe Reader 8 "{AFA4E5FD-ED70-4D92-99D0-162FD56DC986}"=Windows Live 祅腊も "{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1"=Spybot - Search & Destroy "{B508B3F1-A24A-32C0-B310-85786919EF28}"=Microsoft .NET Framework 2.0 Service Pack 1 "{B5FDA445-CAC4-4BA6-A8FB-A7212BD439DE}"=Microsoft XML Parser "{B74D4E10-6884-0000-0000-000000000103}"=Adobe Bridge 1.0 "{BAF78226-3200-4DB4-BE33-4D922A799840}"=Windows Presentation Foundation "{BB05D173-9681-4812-A7FA-BD4042A3DA00}"=Alky for Applications (Windows XP) "{BCB4C18A-ACA6-4383-8688-E19933A705DD}"=Microsoft SOAP Toolkit 3.0 "{C621DFA7-85D8-4CDF-89EA-B01001790038}"=InstallShield Express 5.0 Visual FoxPro Limited Edition "{C77B594A-8A79-4F66-92BE-D834CABD45CB}"=Zoom 1.3.1 "{C8550C86-A712-4219-AD4C-038C9FD1D149}"=Ulead PhotoImpact 11 "{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}"=Microsoft .NET Framework 1.1 "{CE7CB214-DB11-4B5D-A6AF-3B4ED47C68B7}"=Microsoft Game Studios Common Redistributables Pack 1 "{D0DCD54F-C829-41A5-AF32-71E632BB0E2C}"=Kaspersky Internet Security 6.0 "{D0EFA98B-03A8-4F7C-B1C9-247994711331}"=Hare 1.5.1 "{D3655544-5CAA-4705-B54D-2CBCE176AFDB}"=Windows Live Toolbar 耎 (Windows Live Toolbar) "{D41B0402-93A0-4242-9A9E-0FBD02A265CD}"=眶ヘ矗ボ浪跌竟 (Windows Live Toolbar) "{deb7008b-681e-4a4a-8aae-cc833e8216ce}.sdb"=Microsoft Windows Application Compatibility Database "{E583ED6F-BD99-4066-A420-C815BF692B69}"=Macromedia Fireworks MX 2004 "{E9787678-1033-0000-8E67-000000000001}"=Adobe Help Center 1.0 "{E9F81423-211E-46B6-9AE0-38568BC5CF6F}"= "{EE0D5DCD-2B97-4473-98DF-E93C0BD92F7A}"=Adobe Stock Photos 1.0 "{EEABB513-CB07-4918-BF68-C340B505A221}"=Windows Live Writer "{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}"=Microsoft SQL Server 2005 Compact Edition [ENU] "Ad-Aware SE Professional"=Ad-Aware SE Professional "Adobe Photoshop CS2 - {236BB7C4-4419-42FD-0409-1E257A25E34D}"=Adobe Photoshop CS2 "ATI Display Driver"=ATI Display Driver "AVG8Uninstall"=AVG Free 8.0 "Burn4Free"=Burn4Free CD and DVD "Burn4Free Toolbar"=Burn4Free Toolbar "ClocX"=ClocX (1.5b1) "CSI-3 Dimensions of Murder"=CSI-3 Dimensions of Murder 1.0 "Dev-C++ 4"=Dev-C++ 4 "DSMT6"=MathType 6 "FlashGet"=FlashGet 1.9.6.1073 "getPlus®_ocx"=getPlus®_ocx "HijackThis"=HijackThis 2.0.2 "Insaniquarium Deluxe 1.0"=Insaniquarium Deluxe 1.0 "InstallWIX_{D0DCD54F-C829-41A5-AF32-71E632BB0E2C}"=Kaspersky Internet Security 6.0 "Malwarebytes' Anti-Malware_is1"=Malwarebytes' Anti-Malware "Mechanics 96"=Mechanics 96 "Microsoft .NET Framework 1.1 (1033)"=Microsoft .NET Framework 1.1 "Microsoft .NET Framework 2.0 Language Pack - CHT"=Microsoft .NET Framework 2.0 粂ē甅ン - 羉砰いゅ "Microsoft .NET Framework 3.0"=Microsoft .NET Framework 3.0 "Microsoft .NET Framework 3.0 Traditional Chinese Language Pack"=Microsoft .NET Framework 3.0 羉砰いゅ粂ē甅ン "Mozilla Firefox (2.0.0.18)"=Mozilla Firefox (2.0.0.18) "PRJPRO"=Microsoft Office Project Professional 2007 "PROSet"=Intel® PRO Network Connections Drivers "QuickTime"=QuickTime "RealPlayer 6.0"=RealPlayer "SpeedBit Video Accelerator"=SpeedBit Video Accelerator "Spybot - Search & Destroy_is1"=Spybot - Search & Destroy 1.5.2.20 "thunder_is1"=迅雷5 "USB-706 Vibration Joystick"=USB-706 Vibration Joystick "VISPRO"=Microsoft Office Visio Professional 2007 "Visual FoxPro 9.0 Professional - English"=Microsoft Visual FoxPro 9.0 Professional - English "Windows Live Toolbar"=Windows Live Toolbar "Windows Media Format Runtime"=Windows Media Format 11 runtime "Windows Media Player"=Windows Media Player 11 "WinRAR archiver"=WinRAR archiver "WMFDist11"=Windows Media Format 11 runtime "wmp11"=Windows Media Player 11 "XpsEPSC"=XML Paper Specification Shared Components Pack 1.0 "XPSEPSCLP"=XML Paper Specification Shared Components Language Pack 1.0 "Yayad"=Yayad "沭鎢諷秶芞抎奪燴炵苀等儂唳2008"=沭鎢諷秶芞抎奪燴炵苀等儂唳2008 ========== HKEY_CURRENT_USER Uninstall List ========== [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] ========== HKEY_USERS Uninstall List ========== [HKEY_USERS\S-1-5-21-2928647282-1049154914-751282057-1006\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] ========== Last 10 Event Log Errors ========== [ Application Events ] Error - 15/11/2008 12:46:40 | Computer Name = PAUL | Source = Application Hang | ID = 1002 Description = 無回應的應用程式 IEXPLORE.EXE,版本 6.0.2900.2180。無回應的模組 hungapp 版本 0.0.0.0。無回應的位址 0x00000000。 Error - 15/11/2008 12:46:41 | Computer Name = PAUL | Source = Application Hang | ID = 1002 Description = 無回應的應用程式 IEXPLORE.EXE,版本 6.0.2900.2180。無回應的模組 hungapp 版本 0.0.0.0。無回應的位址 0x00000000。 Error - 16/11/2008 9:11:31 | Computer Name = PAUL | Source = EventSystem | ID = 4609 Description = COM+ 事件系統在內部處理時偵測到錯誤的傳回碼。HRESULT 是 800706BA,來自 d:\qxp_slp\com\com1x\src\events\tier1\eventsystemobj.cpp 的行 44。請與 Microsoft 產品支援服務聯絡,以報告這個錯誤 Error - 20/11/2008 11:13:32 | Computer Name = PAUL | Source = EventSystem | ID = 4609 Description = COM+ 事件系統在內部處理時偵測到錯誤的傳回碼。HRESULT 是 800706BF,來自 d:\qxp_slp\com\com1x\src\events\tier1\eventsystemobj.cpp 的行 44。請與 Microsoft 產品支援服務聯絡,以報告這個錯誤 Error - 20/11/2008 11:13:41 | Computer Name = PAUL | Source = EventSystem | ID = 4609 Description = COM+ 事件系統在內部處理時偵測到錯誤的傳回碼。HRESULT 是 800706BA,來自 d:\qxp_slp\com\com1x\src\events\tier1\eventsystemobj.cpp 的行 44。請與 Microsoft 產品支援服務聯絡,以報告這個錯誤 Error - 22/11/2008 9:36:52 | Computer Name = PAUL | Source = Application Hang | ID = 1002 Description = 無回應的應用程式 IEXPLORE.EXE,版本 6.0.2900.2180。無回應的模組 hungapp 版本 0.0.0.0。無回應的位址 0x00000000。 Error - 22/11/2008 9:36:53 | Computer Name = PAUL | Source = Application Hang | ID = 1002 Description = 無回應的應用程式 IEXPLORE.EXE,版本 6.0.2900.2180。無回應的模組 hungapp 版本 0.0.0.0。無回應的位址 0x00000000。 Error - 22/11/2008 11:27:55 | Computer Name = PAUL | Source = Application Hang | ID = 1002 Description = 無回應的應用程式 OTViewIt.exe,版本 1.0.20.0。無回應的模組 hungapp 版本 0.0.0.0。無回應的位址 0x00000000。 Error - 22/11/2008 12:04:38 | Computer Name = PAUL | Source = Application Error | ID = 1000 Description = 失敗的應用程式 svchost.exe,版本 5.1.2600.2180,失敗的模組 unknown,版本 0.0.0.0,錯誤位址 0x20b098f0。 Error - 22/11/2008 12:08:12 | Computer Name = PAUL | Source = Application Error | ID = 1004 Description = 失敗的應用程式 svchost.exe,版本 5.1.2600.2180,失敗的模組 unknown,版本 0.0.0.0,錯誤位址 0x20b098f0。 [ System Events ] Error - 24/11/2008 10:01:56 | Computer Name = PAUL | Source = Service Control Manager | ID = 7026 Description = 下列開機啟動或系統啟動驅動程式無法載入: 00 kl1 klif Error - 25/11/2008 4:13:15 | Computer Name = PAUL | Source = sptd | ID = 262148 Description = 驅動程式在 的資料結構中偵測內部錯誤。 Error - 25/11/2008 4:13:52 | Computer Name = PAUL | Source = Service Control Manager | ID = 7000 Description = Kaspersky Internet Security 6.0 服務無法啟動,因為發生下列錯誤: %%3 Error - 25/11/2008 4:13:52 | Computer Name = PAUL | Source = Service Control Manager | ID = 7026 Description = 下列開機啟動或系統啟動驅動程式無法載入: 00 kl1 klif Error - 25/11/2008 8:15:51 | Computer Name = PAUL | Source = sptd | ID = 262148 Description = 驅動程式在 的資料結構中偵測內部錯誤。 Error - 25/11/2008 8:16:25 | Computer Name = PAUL | Source = Service Control Manager | ID = 7000 Description = Kaspersky Internet Security 6.0 服務無法啟動,因為發生下列錯誤: %%3 Error - 25/11/2008 8:16:29 | Computer Name = PAUL | Source = Service Control Manager | ID = 7026 Description = 下列開機啟動或系統啟動驅動程式無法載入: 00 kl1 klif Error - 25/11/2008 9:10:31 | Computer Name = PAUL | Source = sptd | ID = 262148 Description = 驅動程式在 的資料結構中偵測內部錯誤。 Error - 25/11/2008 9:13:53 | Computer Name = PAUL | Source = Service Control Manager | ID = 7000 Description = Kaspersky Internet Security 6.0 服務無法啟動,因為發生下列錯誤: %%3 Error - 25/11/2008 9:13:54 | Computer Name = PAUL | Source = Service Control Manager | ID = 7026 Description = 下列開機啟動或系統啟動驅動程式無法載入: 00 kl1 klif < End of report > OTViewIt logfile created on: 25/11/2008 21:34:50 - Run 6 OTViewIt by OldTimer - Version 1.0.20.0 Folder = C:\Documents and Settings\Ken\桌面 Windows XP Home Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation Internet Explorer (Version = 6.0.2900.2180) Locale: 00000C04 | Country: 香港特別行政區 | Language: ZHH | Date Format: d/M/yyyy 1022.07 Mb Total Physical Memory | 511.57 Mb Available Physical Memory | 50.05% Memory free 2.40 Gb Paging File | 2.00 Gb Available in Paging File | 83.10% Paging File free Paging file location(s): c:\pagefile.sys 1536 3072; %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files Drive C: | 148.96 Gb Total Space | 105.63 Gb Free Space | 70.91% Space Free | Partition Type: NTFS D: Drive not present or media not loaded E: Drive not present or media not loaded F: Drive not present or media not loaded G: Drive not present or media not loaded H: Drive not present or media not loaded I: Drive not present or media not loaded Computer Name: PAUL Current User Name: Ken Logged in as Administrator. Current Boot Mode: Normal Scan Mode: All users Whitelist: Off File Age = 30 Days ========== Processes ========== [2005/08/03 21:02:58 | 00,380,928 | ---- | M] (ATI Technologies Inc.) -- C:\WINDOWS\system32\ati2evxx.exe [2004/08/12 18:00:00 | 00,027,648 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\conime.exe [2008/11/23 23:40:05 | 00,231,704 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG8\avgwdsvc.exe [2003/06/19 23:25:00 | 00,322,120 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE [2007/04/19 11:08:00 | 00,708,176 | ---- | M] (PC Tools) -- C:\Program Files\Spyware Doctor\svcntaux.exe [2007/04/19 11:08:06 | 01,302,608 | ---- | M] (PC Tools) -- C:\Program Files\Spyware Doctor\swdsvc.exe [2006/05/03 03:12:00 | 00,098,304 | ---- | M] () -- C:\Program Files\Dell\Media Experience\DMXLauncher.exe [2006/07/14 21:48:17 | 00,180,269 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files\Common Files\Real\Update_OB\realsched.exe [2005/05/23 09:57:42 | 00,090,112 | ---- | M] (Ulead Systems, Inc.) -- C:\Program Files\Common Files\Ulead Systems\AutoDetector\Monitor.exe [2005/03/22 16:20:44 | 00,339,968 | ---- | M] (SigmaTel, Inc.) -- C:\WINDOWS\stsystra.exe [2008/11/23 23:40:08 | 01,234,712 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG8\avgtray.exe [2008/04/15 18:54:53 | 01,695,232 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Messenger\msmsgs.exe [2007/08/30 10:50:42 | 00,205,480 | ---- | M] (Macrovision Corporation) -- C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe [2004/08/12 18:00:00 | 00,019,456 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\tcpsvcs.exe [2004/08/12 18:00:00 | 00,031,232 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\snmp.exe [2005/04/02 01:51:48 | 00,217,600 | ---- | M] (Rocket Division Software) -- C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe [2008/11/23 23:40:07 | 00,875,288 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG8\avgemc.exe [2002/02/28 06:48:58 | 00,491,008 | ---- | M] (Roy) -- C:\EPDOA\OAHotkey.EXE [2003/01/15 11:46:24 | 00,151,552 | ---- | M] (Dachshund Software) -- C:\WINDOWS\Integrator.exe [2004/08/12 18:00:00 | 00,066,560 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\notepad.exe [2008/11/23 23:40:09 | 00,287,000 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG8\avgrsx.exe [2008/11/14 22:27:57 | 07,676,528 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe [2008/11/23 23:40:09 | 00,287,000 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG8\avgrsx.exe [2008/11/02 11:45:26 | 00,422,400 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Ken\桌面\OTViewIt.exe ========== (O23) Win32 Services ========== [2006/09/11 19:52:24 | 00,072,704 | ---- | M] (Adobe Systems) -- C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe -- (Adobe LM Service [On_Demand | Stopped]) [2007/10/24 01:47:22 | 00,033,800 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe -- (aspnet_state [On_Demand | Stopped]) [2005/08/03 21:02:58 | 00,380,928 | ---- | M] (ATI Technologies Inc.) -- C:\WINDOWS\system32\ati2evxx.exe -- (Ati HotKey Poller [Auto | Running]) [2008/11/23 23:40:07 | 00,875,288 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG8\avgemc.exe -- (avg8emc [Auto | Running]) [2008/11/23 23:40:05 | 00,231,704 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG8\avgwdsvc.exe -- (avg8wd [Auto | Running]) File not found -- -- (AVP [Auto | Stopped]) [2007/10/24 01:47:40 | 00,070,144 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32 [On_Demand | Stopped]) [2006/10/20 21:21:24 | 00,036,864 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe -- (FontCache3.0.0.0 [On_Demand | Stopped]) [2004/10/22 02:24:18 | 00,073,728 | ---- | M] (Macrovision Corporation) -- C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe -- (IDriverT [On_Demand | Stopped]) [2006/10/30 03:33:58 | 00,741,376 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe -- (idsvc [Unknown | Stopped]) [2004/08/12 18:00:00 | 00,019,456 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\tcpsvcs.exe -- (LPDSVC [On_Demand | Stopped]) [2006/09/15 00:03:27 | 00,068,096 | ---- | M] () -- C:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe -- (Macromedia Licensing Service [On_Demand | Stopped]) [2003/06/19 23:25:00 | 00,322,120 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE -- (MDM [Auto | Running]) [2004/11/19 11:26:40 | 00,147,456 | ---- | M] (Intel® Corporation) -- C:\Program Files\Intel\PROSetWired\NCS\Sync\NetSvc.exe -- (NetSvc [On_Demand | Stopped]) [2006/10/30 03:34:02 | 00,122,880 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe -- (NetTcpPortSharing [Disabled | Stopped]) [2007/08/24 03:19:12 | 00,443,776 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE -- (odserv [On_Demand | Stopped]) [2006/10/26 13:03:08 | 00,145,184 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE -- (ose [On_Demand | Stopped]) [2007/04/19 11:08:00 | 00,708,176 | ---- | M] (PC Tools) -- C:\Program Files\Spyware Doctor\svcntaux.exe -- (sdAuxService [Auto | Running]) [2007/04/19 11:08:06 | 01,302,608 | ---- | M] (PC Tools) -- C:\Program Files\Spyware Doctor\swdsvc.exe -- (sdCoreService [Auto | Running]) [2004/08/12 18:00:00 | 00,019,456 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\tcpsvcs.exe -- (SimpTcp [Auto | Running]) [2004/08/12 18:00:00 | 00,031,232 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\snmp.exe -- (SNMP [Auto | Running]) [2004/08/12 18:00:00 | 00,008,704 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\snmptrap.exe -- (SNMPTRAP [On_Demand | Stopped]) [2005/04/02 01:51:48 | 00,217,600 | ---- | M] (Rocket Division Software) -- C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe -- (StarWindService [Auto | Running]) [2007/10/18 11:31:54 | 00,098,328 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Live\Messenger\usnsvc.exe -- (usnjsvc [On_Demand | Stopped]) [2007/06/05 13:02:13 | 00,137,088 | ---- | M] (Speedbit Ltd.) -- C:\Program Files\SpeedBit Video Accelerator\VideoAcceleratorEngine.exe -- (VideoAcceleratorEngine [On_Demand | Stopped]) [2007/10/25 15:27:54 | 00,266,240 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Live\installer\WLSetupSvc.exe -- (WLSetupSvc [On_Demand | Stopped]) [2006/11/02 23:09:48 | 00,897,024 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Media Player\wmpnetwk.exe -- (WMPNetworkSvc [On_Demand | Stopped]) ========== Driver Services ========== [2004/08/12 18:00:00 | 00,005,248 | ---- | M] (Acer Laboratories Inc.) -- C:\WINDOWS\system32\drivers\aliide.sys -- (AliIde [Disabled | Stopped]) [2004/08/03 23:07:44 | 00,043,008 | ---- | M] (Advanced Micro Devices, Inc.) -- C:\WINDOWS\system32\drivers\amdagp.sys -- (amdagp [Disabled | Stopped]) [2004/08/12 18:00:00 | 00,026,496 | ---- | M] (Advanced System Products, Inc.) -- C:\WINDOWS\system32\drivers\asc.sys -- (asc [Disabled | Stopped]) [2004/08/12 18:00:00 | 00,014,848 | ---- | M] (Advanced System Products, Inc.) -- C:\WINDOWS\system32\drivers\asc3550.sys -- (asc3550 [Disabled | Stopped]) [2005/08/03 21:10:18 | 01,273,344 | ---- | M] (ATI Technologies Inc.) -- C:\WINDOWS\system32\drivers\ati2mtag.sys -- (ati2mtag [On_Demand | Running]) [2008/11/23 23:40:20 | 00,097,928 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\system32\drivers\avgldx86.sys -- (AvgLdx86 [System | Running]) [2008/11/23 23:40:17 | 00,026,824 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\system32\drivers\avgmfx86.sys -- (AvgMfx86 [System | Running]) [2008/11/23 23:40:25 | 00,076,040 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\system32\drivers\avgtdix.sys -- (AvgTdiX [Auto | Running]) [2002/10/07 13:22:06 | 00,018,660 | ---- | M] () -- C:\WINDOWS\system32\drivers\CenixFMC.sys -- (CENIXFMC [On_Demand | Stopped]) [2004/12/14 05:14:00 | 00,039,904 | ---- | M] (Adaptec, Inc.) -- C:\WINDOWS\System32\drivers\cercsr6.sys -- (cercsr6 [Boot | Stopped]) [2004/08/12 18:00:00 | 00,006,656 | ---- | M] (CMD Technology, Inc.) -- C:\WINDOWS\system32\drivers\cmdide.sys -- (CmdIde [Disabled | Stopped]) [2004/08/12 18:00:00 | 00,179,584 | ---- | M] (Mylex Corporation) -- C:\WINDOWS\system32\drivers\dac2w2k.sys -- (dac2w2k [Disabled | Stopped]) [2005/04/22 03:22:00 | 00,088,352 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\system32\drivers\drvmcdb.sys -- (drvmcdb [Boot | Running]) [2005/04/21 02:56:00 | 00,040,544 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\system32\drivers\drvnddm.sys -- (drvnddm [Auto | Running]) [2006/07/14 23:42:57 | 00,223,128 | ---- | M] (DT Soft Ltd.) -- C:\WINDOWS\system32\drivers\dtscsi.sys -- (dtscsi [On_Demand | Stopped]) [2004/10/14 16:30:46 | 00,155,648 | ---- | M] (Intel Corporation) -- C:\WINDOWS\system32\drivers\e100b325.sys -- (E100B [On_Demand | Running]) [2006/09/11 16:00:00 | 00,387,432 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\eengine\eectrl.sys -- (eeCtrl [System | Running]) [2004/08/12 18:00:00 | 00,012,160 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\fsvga.sys -- (FsVga [System | Running]) [2006/09/02 19:04:42 | 00,010,345 | ---- | M] (Applied Networking Inc.) -- C:\WINDOWS\system32\drivers\hamachi.sys -- (hamachi [On_Demand | Stopped]) [2008/04/14 00:36:05 | 00,144,384 | ---- | M] (Windows ® Server 2003 DDK provider) -- C:\WINDOWS\system32\drivers\hdaudbus.sys -- (HDAudBus [On_Demand | Running]) [2006/06/28 11:58:56 | 00,053,793 | ---- | M] (Compuware Corporation) -- C:\WINDOWS\system32\drivers\hid7906.sys -- (hid7906 [On_Demand | Stopped]) [2007/04/19 15:18:08 | 00,039,248 | ---- | M] (PCTools Research Pty Ltd.) -- C:\WINDOWS\system32\drivers\ikfileflt.sys -- (IKFileFlt [System | Running]) [2007/04/19 15:18:12 | 00,052,304 | ---- | M] (PCTools Research Pty Ltd.) -- C:\WINDOWS\system32\drivers\ikfilesec.sys -- (IKFileSec [System | Running]) [2007/04/19 15:18:16 | 00,059,984 | ---- | M] (PCTools Research Pty Ltd.) -- C:\WINDOWS\system32\drivers\iksysflt.sys -- (IkSysFlt [System | Running]) [2007/04/19 15:18:20 | 00,083,536 | ---- | M] (PCTools Research Pty Ltd.) -- C:\WINDOWS\system32\drivers\iksyssec.sys -- (IKSysSec [System | Running]) [2008/06/29 11:54:23 | 00,014,144 | ---- | M] (Hongtien) -- C:\WINDOWS\system32\drivers\IPvE.sys -- (IPvE [On_Demand | Stopped]) [2004/08/12 18:00:00 | 00,014,592 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\kbdhid.sys -- (kbdhid [System | Running]) [2004/08/12 18:00:00 | 00,017,280 | ---- | M] (American Megatrends Inc.) -- C:\WINDOWS\system32\drivers\mraid35x.sys -- (mraid35x [Disabled | Stopped]) [2004/08/12 18:00:00 | 00,040,320 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\nmnt.sys -- (nm [On_Demand | Stopped]) [2004/08/03 22:29:56 | 01,897,408 | ---- | M] (NVIDIA Corporation) -- C:\WINDOWS\system32\drivers\nv4_mini.sys -- (nv [On_Demand | Stopped]) [2004/08/12 18:00:00 | 00,017,792 | ---- | M] (Parallel Technologies, Inc.) -- C:\WINDOWS\system32\drivers\ptilink.sys -- (Ptilink [On_Demand | Running]) [2005/10/27 04:12:48 | 00,020,640 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\system32\drivers\pxhelp20.sys -- (PxHelp20 [Boot | Running]) [2004/08/12 18:00:00 | 00,040,320 | ---- | M] (QLogic Corporation) -- C:\WINDOWS\system32\drivers\ql1080.sys -- (ql1080 [Disabled | Stopped]) [2004/08/12 18:00:00 | 00,045,312 | ---- | M] (QLogic Corporation) -- C:\WINDOWS\system32\drivers\ql12160.sys -- (ql12160 [Disabled | Stopped]) [2004/08/12 18:00:00 | 00,049,024 | ---- | M] (QLogic Corporation) -- C:\WINDOWS\system32\drivers\ql1280.sys -- (ql1280 [Disabled | Stopped]) [2007/06/05 13:02:13 | 00,034,304 | ---- | M] (SpeedBit Ltd.) -- C:\Program Files\SpeedBit Video Accelerator\sbbotdi.sys -- (sbbotdi [Auto | Running]) [2004/08/12 18:00:00 | 00,027,440 | ---- | M] () -- C:\WINDOWS\system32\drivers\secdrv.sys -- (Secdrv [On_Demand | Stopped]) [2004/08/03 23:07:44 | 00,041,088 | ---- | M] (Silicon Integrated Systems Corporation) -- C:\WINDOWS\system32\drivers\sisagp.sys -- (sisagp [Disabled | Stopped]) [2004/08/12 18:00:00 | 00,019,072 | ---- | M] (Adaptec, Inc.) -- C:\WINDOWS\system32\drivers\sparrow.sys -- (Sparrow [Disabled | Stopped]) [2006/07/14 23:39:01 | 00,642,560 | ---- | M] (Duplex Secure Ltd.) -- C:\WINDOWS\system32\drivers\sptd.sys -- (sptd [Boot | Running]) [2005/05/13 10:37:28 | 00,005,627 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\system32\drivers\sscdbhk5.sys -- (sscdbhk5 [System | Running]) [2005/05/13 10:37:20 | 00,023,545 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\system32\drivers\ssrtln.sys -- (ssrtln [System | Running]) [2005/11/16 14:36:00 | 01,047,816 | ---- | M] (SigmaTel, Inc.) -- C:\WINDOWS\system32\drivers\sthda.sys -- (STHDA [On_Demand | Running]) [2004/08/12 18:00:00 | 00,016,256 | ---- | M] (Symbios Logic Inc.) -- C:\WINDOWS\system32\drivers\symc810.sys -- (symc810 [Disabled | Stopped]) [2004/08/12 18:00:00 | 00,032,640 | ---- | M] (LSI Logic) -- C:\WINDOWS\system32\drivers\symc8xx.sys -- (symc8xx [Disabled | Stopped]) [2004/08/12 18:00:00 | 00,028,384 | ---- | M] (LSI Logic) -- C:\WINDOWS\system32\drivers\sym_hi.sys -- (sym_hi [Disabled | Stopped]) [2004/08/12 18:00:00 | 00,030,688 | ---- | M] (LSI Logic) -- C:\WINDOWS\system32\drivers\sym_u3.sys -- (sym_u3 [Disabled | Stopped]) [2004/08/12 18:00:00 | 00,223,616 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\tcpip6.sys -- (Tcpip6 [System | Running]) [2005/05/31 05:33:00 | 00,025,725 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\system32\dla\tfsnboio.sys -- (tfsnboio [Auto | Running]) [2005/05/31 05:33:00 | 00,034,845 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\system32\dla\tfsncofs.sys -- (tfsncofs [Auto | Running]) [2005/05/31 05:33:00 | 00,004,125 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\system32\dla\tfsndrct.sys -- (tfsndrct [Auto | Running]) [2005/05/31 05:33:00 | 00,002,241 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\system32\dla\tfsndres.sys -- (tfsndres [Auto | Running]) [2005/05/31 05:33:00 | 00,086,876 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\system32\dla\tfsnifs.sys -- (tfsnifs [Auto | Running]) [2005/05/31 05:33:00 | 00,015,069 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\system32\dla\tfsnopio.sys -- (tfsnopio [Auto | Running]) [2005/05/31 05:33:00 | 00,006,365 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\system32\dla\tfsnpool.sys -- (tfsnpool [Auto | Running]) [2005/05/31 05:33:00 | 00,098,716 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\system32\dla\tfsnudf.sys -- (tfsnudf [Auto | Running]) [2005/05/31 05:33:00 | 00,100,605 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\system32\dla\tfsnudfa.sys -- (tfsnudfa [Auto | Running]) [2004/08/12 18:00:00 | 00,012,416 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\tunmp.sys -- (tunmp [On_Demand | Running]) [2005/10/09 01:05:16 | 00,023,600 | ---- | M] (EnTech Taiwan) -- C:\WINDOWS\system32\drivers\TVICHW32.SYS -- (TVICHW32 [On_Demand | Stopped]) [2004/08/12 18:00:00 | 00,036,736 | ---- | M] (Promise Technology, Inc.) -- C:\WINDOWS\system32\drivers\ultra.sys -- (ultra [Disabled | Stopped]) [2005/07/08 14:44:18 | 00,159,616 | ---- | M] ( ) -- C:\WINDOWS\system32\drivers\vax347b.sys -- (vax347b [Boot | Running]) [2004/04/30 09:33:00 | 00,005,248 | ---- | M] ( ) -- C:\WINDOWS\system32\drivers\vax347s.sys -- (vax347s [Boot | Running]) [2008/04/15 18:54:34 | 00,028,384 | ---- | M] () -- C:\WINDOWS\system32\drivers\vzchp.sys -- (vzchp [Boot | Running]) [2004/08/12 18:00:00 | 00,012,032 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\ws2ifsl.sys -- (WS2IFSL [Disabled | Stopped]) ========== (R ) Internet Explorer ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Main] "Default_Page_URL"=http://go.microsoft.com/fwlink/?LinkId=69157 "Default_Search_URL"=http://go.microsoft.com/fwlink/?LinkId=54896 "Default_Secondary_Page_URL"= "Extensions Off Page"=about:NoAdd-ons "Local Page"=%SystemRoot%\system32\blank.htm "Search Page"=http://go.microsoft.com/fwlink/?LinkId=54896 "Security Risk Page"=about:SecurityRisk "Start Page"=http://www.microsoft.com/isapi/redir.dll?prd={SUB_PRD}&clcid={SUB_CLSID}&pver={SUB_PVER}&ar=home [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Search] "CustomizeSearch"=http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm "SearchAssistant"=http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main] "Default_Search_URL"=http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch "Local Page"=C:\WINDOWS\system32\blank.htm "Page_Transitions"= "Prev Search Page"=http://google.icq.com "Search Page"=http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch "Start Page"=www.6700.cn?tn=102760com/isapi/redir.dll?p [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchURL] ""= "provider"= [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks] "{CFBFAE00-17A6-11D0-99CB-00C04FD64497}" (HKLM) -- C:\WINDOWS\system32\shdocvw.dll (Microsoft Corporation) [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings] "ProxyEnable" = 0 [HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main] "Default_Search_URL"=http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch "Search Page"=http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch "Start Page"=www.6700.cn?tn=102760com/isapi/redir.dll?p [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings] "ProxyEnable" = 0 [HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main] "Default_Search_URL"=http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch "Search Page"=http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch "Start Page"=www.6700.cn?tn=102760com/isapi/redir.dll?p [HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings] "ProxyEnable" = 0 [HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\Main] "Default_Search_URL"=http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch "Search Page"=http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch "Start Page"=www.6700.cn?tn=102760com/isapi/redir.dll?p [HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\Main] "Default_Search_URL"=http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch "Search Page"=http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch "Start Page"=www.6700.cn?tn=102760com/isapi/redir.dll?p [HKEY_USERS\S-1-5-21-2928647282-1049154914-751282057-1006\SOFTWARE\Microsoft\Internet Explorer\Main] "Default_Search_URL"=http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch "Local Page"=C:\WINDOWS\system32\blank.htm "Page_Transitions"= "Prev Search Page"=http://google.icq.com "Search Page"=http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch "Start Page"=www.6700.cn?tn=102760//www.microsoft.com/i [HKEY_USERS\S-1-5-21-2928647282-1049154914-751282057-1006\Software\Microsoft\Internet Explorer\SearchURL] ""= "provider"= [HKEY_USERS\S-1-5-21-2928647282-1049154914-751282057-1006\Software\Microsoft\Internet Explorer\URLSearchHooks] "{CFBFAE00-17A6-11D0-99CB-00C04FD64497}" (HKLM) -- C:\WINDOWS\system32\shdocvw.dll (Microsoft Corporation) [HKEY_USERS\S-1-5-21-2928647282-1049154914-751282057-1006\Software\Microsoft\Windows\CurrentVersion\Internet Settings] "ProxyEnable" = 0 ========== (O1) Hosts File ========== HOSTS File = (265205 bytes) - C:\WINDOWS\System32\drivers\etc\Hosts First 25 entries... 127.0.0.1 localhost 127.0.0.1 www.007guard.com 127.0.0.1 007guard.com 127.0.0.1 008i.com 127.0.0.1 www.008k.com 127.0.0.1 008k.com 127.0.0.1 www.00hq.com 127.0.0.1 00hq.com 127.0.0.1 010402.com 127.0.0.1 www.032439.com 127.0.0.1 032439.com 127.0.0.1 www.0scan.com 127.0.0.1 0scan.com 127.0.0.1 100888290cs.com 127.0.0.1 www.100888290cs.com 127.0.0.1 www.100sexlinks.com 127.0.0.1 100sexlinks.com 127.0.0.1 10sek.com 127.0.0.1 www.10sek.com 127.0.0.1 123topsearch.com 127.0.0.1 www.123topsearch.com 127.0.0.1 132.com 127.0.0.1 www.132.com 127.0.0.1 www.136136.net 127.0.0.1 136136.net 9212 more lines... ========== (O2) BHO's ========== [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\] {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} (HKLM) -- C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated) {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} (HKLM) -- C:\Program Files\AVG\AVG8\avgssie.dll (AVG Technologies CZ, s.r.o.) {53707962-6F74-2D53-2644-206D7942484F} (HKLM) -- C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited) {5CA3D70E-1895-11CF-8E15-001234567890} (HKLM) -- C:\WINDOWS\system32\dla\tfswshx.dll (Sonic Solutions) {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} (HKLM) -- C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll (Sun Microsystems, Inc.) {7E853D72-626A-48EC-A868-BA8D5E23E045} (HKLM) -- Reg Error: Key does not exist or could not be opened. File not found {9030D464-4C02-4ABF-8ECC-5164760863C6} (HKLM) -- C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation) {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} (HKLM) -- C:\Program Files\Windows Live Toolbar\msntb.dll (Microsoft Corporation) ========== (O3) Toolbars ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ToolBar] "{BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0}" (HKLM) -- C:\Program Files\Windows Live Toolbar\msntb.dll (Microsoft Corporation) [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser] "{BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0}" (HKLM) -- C:\Program Files\Windows Live Toolbar\msntb.dll (Microsoft Corporation) [HKEY_USERS\S-1-5-21-2928647282-1049154914-751282057-1006\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser] "{BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0}" (HKLM) -- C:\Program Files\Windows Live Toolbar\msntb.dll (Microsoft Corporation) ========== (O4) Run Keys ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" (Adobe Systems Incorporated) "ATIPTA"="C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe" (ATI Technologies, Inc.) "AVG8_TRAY"=C:\PROGRA~1\AVG\AVG8\avgtray.exe (AVG Technologies CZ, s.r.o.) "DAEMON Tools"="C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033 (DT Soft Ltd.) "DMXLauncher"=C:\Program Files\Dell\Media Experience\DMXLauncher.exe () "IMEKRMIG6.1"=C:\WINDOWS\ime\imkr6_1\IMEKRMIG.EXE (Microsoft Corporation) "IMJPMIG8.1"="C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32 (Microsoft Corporation) "ISUSPM Startup"=c:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\isuspm.exe -startup (Macrovision Corporation) "ISUSScheduler"="C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start (Macrovision Corporation) "MSPY2002"=C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC () "PHIME2002A"=C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName (Microsoft Corporation) "PHIME2002ASync"=C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC (Microsoft Corporation) "SigmatelSysTrayApp"=stsystra.exe (SigmaTel, Inc.) "TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot (RealNetworks, Inc.) "Ulead AutoDetector v2"=C:\Program Files\Common Files\Ulead Systems\AutoDetector\monitor.exe (Ulead Systems, Inc.) [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "ISUSPM"="C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" -scheduler (Macrovision Corporation) "MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" /background (Microsoft Corporation) [HKEY_USERS\S-1-5-21-2928647282-1049154914-751282057-1006\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "ISUSPM"="C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" -scheduler (Macrovision Corporation) "MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" /background (Microsoft Corporation) ========== (O4) RunOnce Keys ========== [HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce] "tscuninstall"=%systemroot%\system32\tscupgrd.exe (Microsoft Corporation) [HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce] "tscuninstall"=%systemroot%\system32\tscupgrd.exe (Microsoft Corporation) ========== (O4) Startup Folders ========== [2005/03/16 19:16:50 | 00,113,664 | ---- | M] (Adobe Systems, Inc.) -- C:\Documents and Settings\Ken\「開始」功能表\程式集\啟動\Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2002/12/17 12:00:44 | 02,301,798 | ---- | M] () -- C:\Documents and Settings\Ken\「開始」功能表\程式集\啟動\AntiCrash.lnk = C:\Program Files\Dachshund Software\AntiCrash\AntiCrash.exe [2002/09/21 12:26:40 | 01,874,381 | ---- | M] () -- C:\Documents and Settings\Ken\「開始」功能表\程式集\啟動\Hare.lnk = C:\Program Files\Dachshund Software\Hare\Hare.exe [2002/02/28 06:48:58 | 00,491,008 | ---- | M] (Roy) -- C:\Documents and Settings\Ken\「開始」功能表\程式集\啟動\OAhotkey.lnk = C:\EPDOA\OAHotkey.EXE [2002/09/21 12:27:14 | 01,446,302 | ---- | M] () -- C:\Documents and Settings\Ken\「開始」功能表\程式集\啟動\Zoom.lnk = C:\Program Files\Dachshund Software\Zoom\Zoom.exe File not found -- C:\Documents and Settings\Ken\「開始」功能表\程式集\啟動\粗箇QQ珆IP.lnk = C:\Program Files\粗箇QQ\CaiHong.exe ========== (O6 & O7) Current Version Policies ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer] "NoCDBurning"=0 "NoDriveTypeAutoRun"=227 "NoDrives"=0 "NoDriveAutoRun"=67108863 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System] "dontdisplaylastusername"=0 "legalnoticecaption"= "legalnoticetext"= "shutdownwithoutlogon"=1 "undockwithoutlogon"=1 "HideLegacyLogonScripts"=0 "HideLogoffScripts"=0 "RunLogonScriptSync"=1 "RunStartupScriptSync"=0 "HideStartupScripts"=0 "DisableRegistryTools"=0 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer] "NoDrives"=0 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System] "HideLegacyLogonScripts"=0 "HideLogoffScripts"=0 "RunLogonScriptSync"=1 "RunStartupScriptSync"=0 "HideStartupScripts"=0 [HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer] "NoDriveTypeAutoRun"=145 [HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer] "NoDriveTypeAutoRun"=145 [HKEY_USERS\S-1-5-21-2928647282-1049154914-751282057-1006\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer] "NoDrives"=0 [HKEY_USERS\S-1-5-21-2928647282-1049154914-751282057-1006\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System] "HideLegacyLogonScripts"=0 "HideLogoffScripts"=0 "RunLogonScriptSync"=1 "RunStartupScriptSync"=0 "HideStartupScripts"=0 ========== (O8) IE Context Menu Extensions ========== [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\MenuExt\] &Windows Live Search: C:\Program Files\Windows Live Toolbar\msntb.dll [2007/10/19 11:20:48 | 00,546,320 | ---- | M] (Microsoft Corporation) &ㄏ? FlashGet 更: Reg Error: Value does not exist or could not be read. File not found &ㄏノ FlashGet 更: C:\FlashGet\jc_link.htm File not found &全部使用 FlashGet 下載: C:\FlashGet\jc_all.htm File not found &妏蚚捃濘狟婥: Reg Error: Value does not exist or could not be read. File not found &妏蚚捃濘狟婥窒蟈諉: Reg Error: Value does not exist or could not be read. File not found &使用 FlashGet 下載: C:\FlashGet\jc_link.htm File not found &使用迅雷下載: C:\Program Files\Thunder Network\Thunder\Program\geturl.htm [2006/11/22 23:54:24 | 00,003,144 | ---- | M] () &使用迅雷下載全部鏈接: C:\Program Files\Thunder Network\Thunder\Program\getAllurl.htm [2006/09/14 15:00:10 | 00,001,481 | ---- | M] () &?ㄏ? FlashGet 更: Reg Error: Value does not exist or could not be read. File not found &场ㄏノ FlashGet 更: C:\FlashGet\jc_all.htm File not found 匯出至 Microsoft Office Excel(&X): Reg Error: Value does not exist or could not be read. File not found [HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\MenuExt\] !搜一搜: C:\Program Files\YiSou\yisou.dll File not found Add to Windows &Live Favorites: File not found 匯出至 Microsoft Office Excel(&X): C:\Program Files\Microsoft Office\OFFICE11\EXCEL.EXE [2008/08/04 16:12:50 | 10,354,176 | ---- | M] (Microsoft Corporation) [HKEY_USERS\S-1-5-18\Software\Microsoft\Internet Explorer\MenuExt\] !搜一搜: C:\Program Files\YiSou\yisou.dll File not found Add to Windows &Live Favorites: File not found 匯出至 Microsoft Office Excel(&X): C:\Program Files\Microsoft Office\OFFICE11\EXCEL.EXE [2008/08/04 16:12:50 | 10,354,176 | ---- | M] (Microsoft Corporation) [HKEY_USERS\S-1-5-19\Software\Microsoft\Internet Explorer\MenuExt\] !搜一搜: Reg Error: Key does not exist or could not be opened. File not found Add to Windows &Live Favorites: Reg Error: Key does not exist or could not be opened. File not found 匯出至 Microsoft Office Excel(&X): Reg Error: Key does not exist or could not be opened. File not found [HKEY_USERS\S-1-5-20\Software\Microsoft\Internet Explorer\MenuExt\] !搜一搜: Reg Error: Key does not exist or could not be opened. File not found Add to Windows &Live Favorites: Reg Error: Key does not exist or could not be opened. File not found 匯出至 Microsoft Office Excel(&X): Reg Error: Key does not exist or could not be opened. File not found [HKEY_USERS\S-1-5-21-2928647282-1049154914-751282057-1006\Software\Microsoft\Internet Explorer\MenuExt\] &Windows Live Search: C:\Program Files\Windows Live Toolbar\msntb.dll [2007/10/19 11:20:48 | 00,546,320 | ---- | M] (Microsoft Corporation) &ㄏ? FlashGet 更: Reg Error: Value does not exist or could not be read. File not found &ㄏノ FlashGet 更: C:\FlashGet\jc_link.htm File not found &全部使用 FlashGet 下載: C:\FlashGet\jc_all.htm File not found &妏蚚捃濘狟婥: Reg Error: Value does not exist or could not be read. File not found &妏蚚捃濘狟婥窒蟈諉: Reg Error: Value does not exist or could not be read. File not found &使用 FlashGet 下載: C:\FlashGet\jc_link.htm File not found &使用迅雷下載: C:\Program Files\Thunder Network\Thunder\Program\geturl.htm [2006/11/22 23:54:24 | 00,003,144 | ---- | M] () &使用迅雷下載全部鏈接: C:\Program Files\Thunder Network\Thunder\Program\getAllurl.htm [2006/09/14 15:00:10 | 00,001,481 | ---- | M] () &?ㄏ? FlashGet 更: Reg Error: Value does not exist or could not be read. File not found &场ㄏノ FlashGet 更: C:\FlashGet\jc_all.htm File not found 匯出至 Microsoft Office Excel(&X): Reg Error: Value does not exist or could not be read. File not found ========== (O9) IE Extensions ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\] {08B0E5C0-4FCB-11CF-AAA5-00401C608501}: Menu: Sun Java 主控台 -- %ProgramFiles%\Java\jre1.6.0_07\bin\npjpi160_07.dll [2008/06/10 04:27:02 | 00,132,496 | ---- | M] (Sun Microsystems, Inc.) {219C3416-8CB2-491a-A3C7-D9FCDDC9D600}: Button: 發佈至部落格 -- %ProgramFiles%\Windows Live\Writer\WriterBrowserExtension.dll [2007/10/26 18:09:54 | 00,154,640 | ---- | M] (Microsoft Corporation) {219C3416-8CB2-491a-A3C7-D9FCDDC9D600}: Menu: 使用 Windows Live Writer 發佈至部落格(&B) -- %ProgramFiles%\Windows Live\Writer\WriterBrowserExtension.dll [2007/10/26 18:09:54 | 00,154,640 | ---- | M] (Microsoft Corporation) {92780B25-18CC-41C8-B9BE-3C9C571A8263}: Button: 參考資料 -- %ProgramFiles%\Microsoft Office\OFFICE11\REFIEBAR.DLL [2007/04/19 14:10:18 | 00,063,840 | ---- | M] (Microsoft Corporation) {DFB852A3-47F8-48C4-A200-58CAB36FD2A2}: Menu: Spybot - Search & Destroy Configuration -- %ProgramFiles%\Spybot - Search & Destroy\SDHelper.dll [2008/09/15 14:25:44 | 01,562,960 | RHS- | M] (Safer Networking Limited) {FB5F1910-F110-11d2-BB9E-00C04F795683}: Button: Messenger -- %ProgramFiles%\Messenger\msmsgs.exe [2008/04/15 18:54:53 | 01,695,232 | ---- | M] (Microsoft Corporation) {FB5F1910-F110-11d2-BB9E-00C04F795683}: Menu: Windows Messenger -- %ProgramFiles%\Messenger\msmsgs.exe [2008/04/15 18:54:53 | 01,695,232 | ---- | M] (Microsoft Corporation) [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Extensions\] CmdMapping\\{0062C9BD-B349-40DE-91A0-755F37ACD559} [HKLM] -> [Reg Error: Key does not exist or could not be opened.] -> File not found CmdMapping\\{08B0E5C0-4FCB-11CF-AAA5-00401C608501} [HKLM] -> %SystemRoot%\system32\msjava.dll [Web Browser Applet Control] -> [2003/02/28 18:26:26 | 00,947,472 | ---- | M] (Microsoft Corporation) CmdMapping\\{09BA8F6D-CB54-424B-839C-C2A6C8E6B436} [HKLM] -> [Reg Error: Key does not exist or could not be opened.] -> File not found CmdMapping\\{0A155D3C-68E2-4215-A47A-E800A446447A} [HKLM] -> [Reg Error: Key does not exist or could not be opened.] -> File not found CmdMapping\\{1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} [HKLM] -> [Reg Error: Key does not exist or could not be opened.] -> File not found CmdMapping\\{219C3416-8CB2-491a-A3C7-D9FCDDC9D600} [HKLM] -> %ProgramFiles%\Windows Live\Writer\WriterBrowserExtension.dll [發佈至部落格] -> [2007/10/26 18:09:54 | 00,154,640 | ---- | M] (Microsoft Corporation) CmdMapping\\{507F9113-CD77-4866-BA92-0E86DA3D0B97} [HKLM] -> [Reg Error: Key does not exist or could not be opened.] -> File not found CmdMapping\\{59BC54A2-56B3-44a0-93E5-432D58746E26} [HKLM] -> [Reg Error: Key does not exist or could not be opened.] -> File not found CmdMapping\\{5E638779-1818-4754-A595-EF1C63B87A56} [HKLM] -> [Reg Error: Key does not exist or could not be opened.] -> File not found CmdMapping\\{6224f700-cba3-4071-b251-47cb894244cd} [HKLM] -> [Reg Error: Key does not exist or could not be opened.] -> File not found CmdMapping\\{77BF5300-1474-4EC7-9980-D32B190E9B07} [HKLM] -> [Reg Error: Key does not exist or could not be opened.] -> File not found CmdMapping\\{85d1f590-48f4-11d9-9669-0800200c9a66} [HKLM] -> [Reg Error: Key does not exist or could not be opened.] -> File not found CmdMapping\\{92780B25-18CC-41C8-B9BE-3C9C571A8263} [HKLM] -> %ProgramFiles%\Microsoft Office\OFFICE11\REFIEBAR.DLL [參考資料] -> [2007/04/19 14:10:18 | 00,063,840 | ---- | M] (Microsoft Corporation) CmdMapping\\{962EFB8E-2683-42d4-AC74-AAA4C759B9C6} [HKLM] -> [Reg Error: Key does not exist or could not be opened.] -> File not found CmdMapping\\{9885224C-1217-4c5f-83C2-00002E6CEF2B} [HKLM] -> [Reg Error: Key does not exist or could not be opened.] -> File not found CmdMapping\\{B863453A-26C3-4e1f-A54D-A2CD196348E9} [HKLM] -> [Reg Error: Key does not exist or could not be opened.] -> File not found CmdMapping\\{D6E814A0-E0C5-11d4-8D29-0050BA6940E3} [HKLM] -> [Reg Error: Key does not exist or could not be opened.] -> File not found CmdMapping\\{DFB852A3-47F8-48C4-A200-58CAB36FD2A2} [HKLM] -> %ProgramFiles%\Spybot - Search & Destroy\SDHelper.dll [Spybot - Search & Destroy Configuration] -> [2008/09/15 14:25:44 | 01,562,960 | RHS- | M] (Safer Networking Limited) CmdMapping\\{E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} [HKLM] -> [Reg Error: Key does not exist or could not be opened.] -> File not found CmdMapping\\{ECF2E268-F28C-48d2-9AB7-8F69C11CCB71} [HKLM] -> [Reg Error: Key does not exist or could not be opened.] -> File not found CmdMapping\\{FB5F1910-F110-11d2-BB9E-00C04F795683} [HKLM] -> %ProgramFiles%\Messenger\msmsgs.exe [Messenger] -> [2008/04/15 18:54:53 | 01,695,232 | ---- | M] (Microsoft Corporation) CmdMapping\\{FD00D911-7529-4084-9946-A29F1BDF4FE5} [HKLM] -> [Reg Error: Key does not exist or could not be opened.] -> File not found [HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Extensions\] CmdMapping\\{08B0E5C0-4FCB-11CF-AAA5-00401C608501} [HKLM] -> %SystemRoot%\system32\msjava.dll [Web Browser Applet Control] -> [2003/02/28 18:26:26 | 00,947,472 | ---- | M] (Microsoft Corporation) CmdMapping\\{219C3416-8CB2-491a-A3C7-D9FCDDC9D600} [HKLM] -> %ProgramFiles%\Windows Live\Writer\WriterBrowserExtension.dll [發佈至部落格] -> [2007/10/26 18:09:54 | 00,154,640 | ---- | M] (Microsoft Corporation) CmdMapping\\{92780B25-18CC-41C8-B9BE-3C9C571A8263} [HKLM] -> %ProgramFiles%\Microsoft Office\OFFICE11\REFIEBAR.DLL [參考資料] -> [2007/04/19 14:10:18 | 00,063,840 | ---- | M] (Microsoft Corporation) CmdMapping\\{D6E814A0-E0C5-11d4-8D29-0050BA6940E3} [HKLM] -> [Reg Error: Key does not exist or could not be opened.] -> File not found CmdMapping\\{DFB852A3-47F8-48C4-A200-58CAB36FD2A2} [HKLM] -> %ProgramFiles%\Spybot - Search & Destroy\SDHelper.dll [Spybot - Search & Destroy Configuration] -> [2008/09/15 14:25:44 | 01,562,960 | RHS- | M] (Safer Networking Limited) CmdMapping\\{FB5F1910-F110-11d2-BB9E-00C04F795683} [HKLM] -> %ProgramFiles%\Messenger\msmsgs.exe [Messenger] -> [2008/04/15 18:54:53 | 01,695,232 | ---- | M] (Microsoft Corporation) [HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Extensions\] CmdMapping\\{08B0E5C0-4FCB-11CF-AAA5-00401C608501} [HKLM] -> %SystemRoot%\system32\msjava.dll [Web Browser Applet Control] -> [2003/02/28 18:26:26 | 00,947,472 | ---- | M] (Microsoft Corporation) CmdMapping\\{219C3416-8CB2-491a-A3C7-D9FCDDC9D600} [HKLM] -> %ProgramFiles%\Windows Live\Writer\WriterBrowserExtension.dll [發佈至部落格] -> [2007/10/26 18:09:54 | 00,154,640 | ---- | M] (Microsoft Corporation) CmdMapping\\{92780B25-18CC-41C8-B9BE-3C9C571A8263} [HKLM] -> %ProgramFiles%\Microsoft Office\OFFICE11\REFIEBAR.DLL [參考資料] -> [2007/04/19 14:10:18 | 00,063,840 | ---- | M] (Microsoft Corporation) CmdMapping\\{D6E814A0-E0C5-11d4-8D29-0050BA6940E3} [HKLM] -> [Reg Error: Key does not exist or could not be opened.] -> File not found CmdMapping\\{DFB852A3-47F8-48C4-A200-58CAB36FD2A2} [HKLM] -> %ProgramFiles%\Spybot - Search & Destroy\SDHelper.dll [Spybot - Search & Destroy Configuration] -> [2008/09/15 14:25:44 | 01,562,960 | RHS- | M] (Safer Networking Limited) CmdMapping\\{FB5F1910-F110-11d2-BB9E-00C04F795683} [HKLM] -> %ProgramFiles%\Messenger\msmsgs.exe [Messenger] -> [2008/04/15 18:54:53 | 01,695,232 | ---- | M] (Microsoft Corporation) [HKEY_USERS\S-1-5-21-2928647282-1049154914-751282057-1006\SOFTWARE\Microsoft\Internet Explorer\Extensions\] CmdMapping\\{0062C9BD-B349-40DE-91A0-755F37ACD559} [HKLM] -> [Reg Error: Key does not exist or could not be opened.] -> File not found CmdMapping\\{08B0E5C0-4FCB-11CF-AAA5-00401C608501} [HKLM] -> %SystemRoot%\system32\msjava.dll [Web Browser Applet Control] -> [2003/02/28 18:26:26 | 00,947,472 | ---- | M] (Microsoft Corporation) CmdMapping\\{09BA8F6D-CB54-424B-839C-C2A6C8E6B436} [HKLM] -> [Reg Error: Key does not exist or could not be opened.] -> File not found CmdMapping\\{0A155D3C-68E2-4215-A47A-E800A446447A} [HKLM] -> [Reg Error: Key does not exist or could not be opened.] -> File not found CmdMapping\\{1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} [HKLM] -> [Reg Error: Key does not exist or could not be opened.] -> File not found CmdMapping\\{219C3416-8CB2-491a-A3C7-D9FCDDC9D600} [HKLM] -> %ProgramFiles%\Windows Live\Writer\WriterBrowserExtension.dll [發佈至部落格] -> [2007/10/26 18:09:54 | 00,154,640 | ---- | M] (Microsoft Corporation) CmdMapping\\{507F9113-CD77-4866-BA92-0E86DA3D0B97} [HKLM] -> [Reg Error: Key does not exist or could not be opened.] -> File not found CmdMapping\\{59BC54A2-56B3-44a0-93E5-432D58746E26} [HKLM] -> [Reg Error: Key does not exist or could not be opened.] -> File not found CmdMapping\\{5E638779-1818-4754-A595-EF1C63B87A56} [HKLM] -> [Reg Error: Key does not exist or could not be opened.] -> File not found CmdMapping\\{6224f700-cba3-4071-b251-47cb894244cd} [HKLM] -> [Reg Error: Key does not exist or could not be opened.] -> File not found CmdMapping\\{77BF5300-1474-4EC7-9980-D32B190E9B07} [HKLM] -> [Reg Error: Key does not exist or could not be opened.] -> File not found CmdMapping\\{85d1f590-48f4-11d9-9669-0800200c9a66} [HKLM] -> [Reg Error: Key does not exist or could not be opened.] -> File not found CmdMapping\\{92780B25-18CC-41C8-B9BE-3C9C571A8263} [HKLM] -> %ProgramFiles%\Microsoft Office\OFFICE11\REFIEBAR.DLL [參考資料] -> [2007/04/19 14:10:18 | 00,063,840 | ---- | M] (Microsoft Corporation) CmdMapping\\{962EFB8E-2683-42d4-AC74-AAA4C759B9C6} [HKLM] -> [Reg Error: Key does not exist or could not be opened.] -> File not found CmdMapping\\{9885224C-1217-4c5f-83C2-00002E6CEF2B} [HKLM] -> [Reg Error: Key does not exist or could not be opened.] -> File not found CmdMapping\\{B863453A-26C3-4e1f-A54D-A2CD196348E9} [HKLM] -> [Reg Error: Key does not exist or could not be opened.] -> File not found CmdMapping\\{D6E814A0-E0C5-11d4-8D29-0050BA6940E3} [HKLM] -> [Reg Error: Key does not exist or could not be opened.] -> File not found CmdMapping\\{DFB852A3-47F8-48C4-A200-58CAB36FD2A2} [HKLM] -> %ProgramFiles%\Spybot - Search & Destroy\SDHelper.dll [Spybot - Search & Destroy Configuration] -> [2008/09/15 14:25:44 | 01,562,960 | RHS- | M] (Safer Networking Limited) CmdMapping\\{E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} [HKLM] -> [Reg Error: Key does not exist or could not be opened.] -> File not found CmdMapping\\{ECF2E268-F28C-48d2-9AB7-8F69C11CCB71} [HKLM] -> [Reg Error: Key does not exist or could not be opened.] -> File not found CmdMapping\\{FB5F1910-F110-11d2-BB9E-00C04F795683} [HKLM] -> %ProgramFiles%\Messenger\msmsgs.exe [Messenger] -> [2008/04/15 18:54:53 | 01,695,232 | ---- | M] (Microsoft Corporation) CmdMapping\\{FD00D911-7529-4084-9946-A29F1BDF4FE5} [HKLM] -> [Reg Error: Key does not exist or could not be opened.] -> File not found ========== (O12) Internet Explorer Plugins ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Plugins\] PluginsPage: "" = http://activex.microsoft.com/controls/find...=%s&mime=%s PluginsPageFriendlyName: "" = Microsoft ActiveX Gallery ========== (O13) Default Prefixes ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\URL\DefaultPrefix] ""=http:// ========== (O15) Trusted Sites ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\] 47 domain(s) and sub-domain(s) not assigned to a zone. [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\] 46 domain(s) and sub-domain(s) not assigned to a zone. [HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\] 46 domain(s) and sub-domain(s) not assigned to a zone. [HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\] 46 domain(s) and sub-domain(s) not assigned to a zone. [HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\] 32 domain(s) and sub-domain(s) not assigned to a zone. [HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\] 32 domain(s) and sub-domain(s) not assigned to a zone. [HKEY_USERS\S-1-5-21-2928647282-1049154914-751282057-1006\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\] 46 domain(s) and sub-domain(s) not assigned to a zone. ========== (O16) DPF ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\] {00000055-9980-0010-8000-00AA00389B71}: http://codecs.microsoft.com/codecs/i386/fhg.CAB -- Reg Error: Key does not exist or could not be opened. {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8}: http://download.microsoft.com/download/e/4.../OGAControl.cab -- Office Genuine Advantage Validation Tool {17492023-C23A-453E-A040-C7C580BBF700}: http://go.microsoft.com/fwlink/?linkid=39204 -- Windows Genuine Advantage Validation Tool {3E68E405-C6DE-49FF-83AE-41EE9F4C36CE}: http://office.microsoft.com/officeupdate/content/opuc3.cab -- Office Update Installation Engine {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499}: http://download.bitdefender.com/resources/scan8/oscan8.cab -- BDSCANONLINE Control {6E32070A-766D-4EE6-879C-DC1FA91D2FC3}: http://update.microsoft.com/microsoftupdat...b?1155309127156 -- MUWebControl Class {8AD9C840-044E-11D1-B3E9-00805F499D93}: http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab -- Java Plug-in 1.6.0_07 {8FFBE65D-2C9C-4669-84BD-5829DC0B603C}: http://fpdownload.macromedia.com/get/flash...t/ultrashim.cab -- Reg Error: Key does not exist or could not be opened. {9D190AE6-C81E-4039-8061-978EBAD10073}: http://support.f-secure.com/ols/fscax.cab -- F-Secure Online Scanner 3.0 {C3F79A2B-B9B4-4A66-B012-3EE46475B072}: http://messenger.zone.msn.com/binary/Messe...nt.cab56907.cab -- MessengerStatsClient Class {CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA}: http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab -- Java Plug-in 1.6.0_02 {CAFEEFAC-0016-0000-0006-ABCDEFFEDCBA}: http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab -- Java Plug-in 1.6.0_06 {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}: http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab -- Java Plug-in 1.6.0_07 {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}: http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab -- Java Plug-in 1.6.0_07 {CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7}: http://www.adobe.com/products/acrobat/nos/gp.cab -- get_atlcom Class {D27CDB6E-AE6D-11CF-96B8-444553540000}: http://download.macromedia.com/pub/shockwa...ash/swflash.cab -- Shockwave Flash Object {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48}: http://messenger.zone.msn.com/binary/MineS...er.cab56986.cab -- Minesweeper Flags Class Microsoft XML Parser for Java: file://C:\WINDOWS\Java\classes\xmldso.cab -- Reg Error: Key does not exist or could not be opened. ========== (O17) DNS Name Servers ========== {0F94EF78-DE4B-40F7-8E55-A868CEC880FD} (Servers: | Description: Intel® PRO/100 VE Network Connection) ========== (O19) User Style Sheets ========== [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Styles] ========== (O20) AppInit_DLLs ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows] "AppInit_Dlls"=avgrsstx.dll >[2008/11/23 23:40:26 | 00,010,520 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\system32\avgrsstx.dll ========== Safeboot Options ========== "AlternateShell"=cmd.exe ========== CDRom AutoRun Settings ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom] "AutoRun" = 1 ========== Autorun Files on Drives ========== AUTOEXEC.BAT [] [2004/09/07 11:10:30 | 00,000,000 | ---- | M] () -- C:\AUTOEXEC.BAT -- [ NTFS ] ========== Files/Folders - Created Within 30 Days ========== [1 C:\*.tmp files] [6 C:\Documents and Settings\Ken\桌面\*.tmp files] [2008/11/24 21:43:20 | 00,000,000 | ---D | C] -- C:\My Voice [2008/11/24 06:58:29 | 00,014,674 | ---- | C] () -- C:\Documents and Settings\Ken\桌面\report.csv [2008/11/23 23:51:50 | 00,000,000 | -H-D | C] -- C:\$AVG8.VAULT$ [2008/11/23 23:40:26 | 00,010,520 | ---- | C] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\avgrsstx.dll [2008/11/23 23:40:26 | 00,001,507 | ---- | C] () -- C:\Documents and Settings\All Users\桌面\AVG Free 8.0.lnk [2008/11/23 23:40:25 | 00,076,040 | ---- | C] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\drivers\avgtdix.sys [2008/11/23 23:40:20 | 00,097,928 | ---- | C] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\drivers\avgldx86.sys [2008/11/23 23:40:17 | 00,026,824 | ---- | C] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\drivers\avgmfx86.sys [2008/11/23 23:40:15 | 30,339,289 | ---- | C] () -- C:\WINDOWS\System32\drivers\Avg\incavi.avm [2008/11/23 23:40:15 | 00,334,743 | ---- | C] () -- C:\WINDOWS\System32\drivers\Avg\miniavi.avg [2008/11/23 23:40:15 | 00,050,685 | ---- | C] () -- C:\WINDOWS\System32\drivers\Avg\microavi.avg [2008/11/23 23:40:13 | 06,061,540 | ---- | C] () -- C:\WINDOWS\System32\drivers\Avg\avi7.avg [2008/11/23 23:40:13 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\drivers\Avg [2008/11/23 23:40:04 | 00,000,000 | ---D | C] -- C:\Program Files\AVG [2008/11/23 23:40:04 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\avg8 [2008/11/23 23:17:59 | 50,689,960 | ---- | C] (AVG Technologies) -- C:\Documents and Settings\Ken\桌面\avg_free_stf_en_8_173a1373.exe [2008/11/23 00:12:56 | 00,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe [2008/11/23 00:12:56 | 00,161,792 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe [2008/11/23 00:12:56 | 00,136,704 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe [2008/11/23 00:12:56 | 00,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe [2008/11/23 00:12:56 | 00,089,504 | ---- | C] (Smallfrogs Studio) -- C:\WINDOWS\fdsv.exe [2008/11/23 00:12:56 | 00,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe [2008/11/23 00:12:56 | 00,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe [2008/11/23 00:12:56 | 00,049,152 | ---- | C] () -- C:\WINDOWS\VFIND.exe [2008/11/23 00:12:56 | 00,028,672 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe [2008/11/23 00:10:42 | 03,052,316 | R--- | C] () -- C:\Documents and Settings\Ken\桌面\ComboFix.exe [2008/11/23 00:04:12 | 00,230,912 | ---- | C] () -- C:\Documents and Settings\Ken\My Documents\Network diagram.vsd [2008/11/22 23:52:18 | 00,013,473 | ---- | C] () -- C:\Documents and Settings\Ken\桌面\AS-CA-09ProjectList-Eng.pdf [2008/11/22 07:17:30 | 00,000,000 | ---D | C] -- C:\SAV32CLI [2008/11/19 23:18:43 | 10,717,96224 | -HS- | C] () -- C:\hiberfil.sys [2008/11/17 19:39:19 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Ken\My Documents\新資料夾 [2008/11/16 21:45:25 | 00,035,840 | ---- | C] () -- C:\Documents and Settings\Ken\桌面\Peer-to-peer vs clientserver.doc [2008/11/16 00:09:53 | 00,001,729 | ---- | C] () -- C:\Documents and Settings\All Users\桌面\Adobe Reader 8.lnk [2008/11/15 21:05:22 | 00,000,060 | ---- | C] () -- C:\WINDOWS\zoom.dat [2008/11/15 21:05:19 | 00,000,061 | ---- | C] () -- C:\WINDOWS\hare.dat [2008/11/15 21:05:18 | 00,000,066 | ---- | C] () -- C:\WINDOWS\anticrash.dat [2008/11/15 09:43:24 | 00,000,000 | ---D | C] -- C:\_OTMoveIt [2008/11/15 09:41:29 | 00,349,696 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Ken\桌面\OTMoveIt3.exe [2008/11/11 23:39:04 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Ken\Application Data\WinRAR [2008/11/11 23:25:10 | 00,000,000 | ---D | C] -- C:\WINDOWS\ERUNT [2008/11/11 23:19:01 | 00,000,000 | ---D | C] -- C:\SDFix [2008/11/11 23:18:23 | 01,529,241 | ---- | C] () -- C:\Documents and Settings\Ken\桌面\SDFix.exe [2008/11/10 23:54:27 | 00,000,696 | ---- | C] () -- C:\Documents and Settings\All Users\桌面\Malwarebytes' Anti-Malware.lnk [2008/11/10 23:54:26 | 00,015,504 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys [2008/11/10 23:54:24 | 00,038,496 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys [2008/11/10 23:54:22 | 00,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware [2008/11/10 23:23:50 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Ken\Application Data\Malwarebytes [2008/11/10 23:23:43 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes [2008/11/10 23:22:50 | 02,372,472 | ---- | C] (Malwarebytes Corporation ) -- C:\Documents and Settings\Ken\桌面\mbam-setup.exe [2008/11/09 00:27:22 | 00,054,156 | -H-- | C] () -- C:\WINDOWS\QTFont.qfn [2008/11/09 00:27:22 | 00,001,409 | ---- | C] () -- C:\WINDOWS\QTFont.for [2008/11/03 23:48:31 | 00,000,000 | -H-- | C] () -- C:\Documents and Settings\Ken\My Documents\Default.rdp [2008/11/03 00:39:33 | 00,000,211 | ---- | C] () -- C:\Boot.bak [2008/11/03 00:39:29 | 00,260,272 | ---- | C] () -- C:\cmldr [2008/11/03 00:39:26 | 00,000,000 | RHSD | C] -- C:\cmdcons [2008/11/02 12:52:44 | 00,022,832 | ---- | C] () -- C:\Documents and Settings\Ken\桌面\中化感想.rtf [2008/11/02 11:45:13 | 00,422,400 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Ken\桌面\OTViewIt.exe [2008/11/01 21:06:30 | 00,401,720 | ---- | C] (Trend Micro Inc.) -- C:\Documents and Settings\Ken\桌面\HiJackThis.exe [2008/11/01 20:52:49 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Ken\桌面\Hijackthis [2008/11/01 06:40:36 | 10,718,37184 | ---- | C] () -- C:\WINDOWS\MEMORY.DMP [2008/11/01 06:40:36 | 00,000,000 | ---D | C] -- C:\WINDOWS\dell [2008/11/01 00:10:31 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Ken\Application Data\Talkback [2008/10/31 23:29:52 | 00,000,000 | ---D | C] -- C:\WINDOWS\Prefetch [2008/10/31 23:24:00 | 00,041,600 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\weitekp9.dll [2008/10/31 23:24:00 | 00,031,232 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\weitekp9.sys [2008/10/31 23:23:56 | 00,048,256 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\w32.dll [2008/10/31 23:23:45 | 00,015,872 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\tsprof.exe [2008/10/31 23:23:42 | 00,185,344 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\thawbrkr.dll [2008/10/31 23:23:42 | 00,019,464 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\tdspx.sys [2008/10/31 23:23:41 | 00,021,896 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\tdipx.sys [2008/10/31 23:23:41 | 00,013,192 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\tdasync.sys [2008/10/31 23:23:36 | 00,101,376 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\srusbusd.dll [2008/10/31 23:23:32 | 00,040,448 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\snmpthrd.dll [2008/10/31 23:23:32 | 00,007,168 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\EXCH_snprfdll.dll [2008/10/31 23:23:31 | 00,424,960 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\smtpsvc.dll [2008/10/31 23:23:31 | 00,259,072 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\snmpcl.dll [2008/10/31 23:23:30 | 00,012,288 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\EXCH_smtpctrs.dll [2008/10/31 23:23:29 | 00,038,912 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\sm9aw.dll [2008/10/31 23:23:29 | 00,031,744 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\smb6w.dll [2008/10/31 23:23:29 | 00,031,744 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\sma3w.dll [2008/10/31 23:23:29 | 00,029,184 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\sm8cw.dll [2008/10/31 23:23:29 | 00,026,624 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\sm93w.dll [2008/10/31 23:23:29 | 00,026,624 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\sm92w.dll [2008/10/31 23:23:29 | 00,026,112 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\sm90w.dll [2008/10/31 23:23:29 | 00,026,112 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\sm8dw.dll [2008/10/31 23:23:29 | 00,026,112 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\sm8aw.dll [2008/10/31 23:23:29 | 00,026,112 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\sm89w.dll [2008/10/31 23:23:28 | 00,030,208 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\sm87w.dll [2008/10/31 23:23:28 | 00,030,208 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\sm81w.dll [2008/10/31 23:23:28 | 00,025,088 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\sm59w.dll [2008/10/31 23:23:20 | 00,026,112 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\EXCH_seos.dll [2008/10/31 23:23:19 | 00,057,856 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\EXCH_scripto.dll [2008/10/31 23:23:16 | 00,079,872 | ---- | C] (Ricoh Co., Ltd.) -- C:\WINDOWS\System32\dllcache\rwia330.dll [2008/10/31 23:23:16 | 00,079,872 | ---- | C] (Ricoh Co., Ltd.) -- C:\WINDOWS\System32\dllcache\rwia001.dll [2008/10/31 23:23:16 | 00,026,624 | ---- | C] (Ricoh Co., Ltd.) -- C:\WINDOWS\System32\dllcache\rw330ext.dll [2008/10/31 23:23:16 | 00,024,576 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\rw001ext.dll [2008/10/31 23:23:12 | 00,023,040 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\EXCH_regtrace.exe [2008/10/31 23:23:12 | 00,016,384 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\register.exe [2008/10/31 23:23:08 | 00,020,736 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ramdisk.sys [2008/10/31 23:23:08 | 00,018,432 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\quser.exe [2008/10/31 23:23:08 | 00,010,752 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\query.exe [2008/10/31 23:23:03 | 00,131,584 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\pmxviceo.dll [2008/10/31 23:23:03 | 00,068,608 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\plugin.ocx [2008/10/31 23:23:03 | 00,011,264 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\pmxmcro.dll [2008/10/31 23:23:03 | 00,006,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\pmxgl.dll [2008/10/31 23:22:54 | 00,038,912 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\EXCH_ntfsdrv.dll [2008/10/31 23:22:45 | 00,111,104 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mtstocom.exe [2008/10/31 23:22:28 | 00,007,680 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\migregdb.exe [2008/10/31 23:22:27 | 00,092,416 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mga.sys [2008/10/31 23:22:27 | 00,092,032 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mga.dll [2008/10/31 23:22:25 | 00,065,536 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\EXCH_mailmsg.dll [2008/10/31 23:22:21 | 00,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdvntc.dll [2008/10/31 23:22:21 | 00,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdusa.dll [2008/10/31 23:22:21 | 00,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdurdu.dll [2008/10/31 23:22:20 | 00,006,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdth3.dll [2008/10/31 23:22:20 | 00,006,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdth2.dll [2008/10/31 23:22:20 | 00,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdth1.dll [2008/10/31 23:22:20 | 00,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdth0.dll [2008/10/31 23:22:20 | 00,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdsyr2.dll [2008/10/31 23:22:20 | 00,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdsyr1.dll [2008/10/31 23:22:18 | 00,006,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdinpun.dll [2008/10/31 23:22:18 | 00,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdintel.dll [2008/10/31 23:22:18 | 00,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdintam.dll [2008/10/31 23:22:18 | 00,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdinmar.dll [2008/10/31 23:22:18 | 00,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdinkan.dll [2008/10/31 23:22:18 | 00,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdinhin.dll [2008/10/31 23:22:18 | 00,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdinguj.dll [2008/10/31 23:22:18 | 00,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdindev.dll [2008/10/31 23:22:17 | 00,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdheb.dll [2008/10/31 23:22:17 | 00,005,120 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdgeo.dll [2008/10/31 23:22:16 | 00,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdfa.dll [2008/10/31 23:22:16 | 00,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbddiv2.dll [2008/10/31 23:22:16 | 00,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbddiv1.dll [2008/10/31 23:22:16 | 00,005,120 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdarmw.dll [2008/10/31 23:22:15 | 00,018,432 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\jupiw.dll [2008/10/31 23:22:15 | 00,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbda3.dll [2008/10/31 23:22:15 | 00,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbda2.dll [2008/10/31 23:22:15 | 00,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbda1.dll [2008/10/31 23:22:15 | 00,005,120 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdarme.dll [2008/10/31 23:21:54 | 00,006,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ftlx041e.dll [2008/10/31 23:21:53 | 00,094,208 | ---- | C] () -- C:\WINDOWS\System32\dllcache\fpencode.dll [2008/10/31 23:21:53 | 00,024,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fpadmcgi.exe [2008/10/31 23:21:53 | 00,020,541 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fpadmdll.dll [2008/10/31 23:21:52 | 00,016,384 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\flattemp.exe [2008/10/31 23:21:51 | 00,043,520 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\EXCH_fcachdll.dll [2008/10/31 23:21:49 | 00,057,856 | ---- | C] (SEIKO EPSON CORP.) -- C:\WINDOWS\System32\dllcache\esuimgd.dll [2008/10/31 23:21:49 | 00,045,056 | ---- | C] (SEIKO EPSON CORP.) -- C:\WINDOWS\System32\dllcache\esunid.dll [2008/10/31 23:21:49 | 00,031,744 | ---- | C] (SEIKO EPSON CORP.) -- C:\WINDOWS\System32\dllcache\esucmd.dll [2008/10/31 23:21:49 | 00,025,856 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\et4000.sys [2008/10/31 23:21:37 | 00,020,992 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cprofile.exe [2008/10/31 23:21:32 | 00,017,408 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\chgport.exe [2008/10/31 23:21:32 | 00,015,872 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\chgusr.exe [2008/10/31 23:21:32 | 00,014,848 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\chglogon.exe [2008/10/31 23:21:32 | 00,010,752 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\change.exe [2008/10/31 23:21:30 | 00,054,528 | ---- | C] (Philips Semiconductors GmbH) -- C:\WINDOWS\System32\dllcache\cap7146.sys [2008/10/31 23:21:30 | 00,010,752 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\c_iscii.dll [2008/10/31 23:21:29 | 00,066,594 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_864.nls [2008/10/31 23:21:29 | 00,066,594 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_862.nls [2008/10/31 23:21:29 | 00,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_870.nls [2008/10/31 23:21:28 | 00,066,594 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_858.nls [2008/10/31 23:21:28 | 00,066,594 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_720.nls [2008/10/31 23:21:28 | 00,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_708.nls [2008/10/31 23:21:27 | 00,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_28596.nls [2008/10/31 23:21:27 | 00,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_21025.nls [2008/10/31 23:21:27 | 00,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20924.nls [2008/10/31 23:21:27 | 00,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20880.nls [2008/10/31 23:21:27 | 00,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20871.nls [2008/10/31 23:21:26 | 00,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20838.nls [2008/10/31 23:21:26 | 00,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20833.nls [2008/10/31 23:21:26 | 00,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20424.nls [2008/10/31 23:21:26 | 00,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20423.nls [2008/10/31 23:21:26 | 00,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20420.nls [2008/10/31 23:21:26 | 00,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20297.nls [2008/10/31 23:21:26 | 00,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20285.nls [2008/10/31 23:21:26 | 00,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20284.nls [2008/10/31 23:21:26 | 00,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20280.nls [2008/10/31 23:21:26 | 00,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20278.nls [2008/10/31 23:21:26 | 00,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20277.nls [2008/10/31 23:21:25 | 00,187,938 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20005.nls [2008/10/31 23:21:25 | 00,185,378 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20003.nls [2008/10/31 23:21:25 | 00,180,258 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20004.nls [2008/10/31 23:21:25 | 00,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20273.nls [2008/10/31 23:21:25 | 00,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20269.nls [2008/10/31 23:21:25 | 00,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20108.nls [2008/10/31 23:21:25 | 00,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20107.nls [2008/10/31 23:21:25 | 00,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20106.nls [2008/10/31 23:21:25 | 00,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20105.nls [2008/10/31 23:21:24 | 00,186,402 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20001.nls [2008/10/31 23:21:24 | 00,173,602 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20002.nls [2008/10/31 23:21:24 | 00,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_1149.nls [2008/10/31 23:21:24 | 00,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_1148.nls [2008/10/31 23:21:23 | 00,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_1147.nls [2008/10/31 23:21:23 | 00,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_1146.nls [2008/10/31 23:21:23 | 00,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_1145.nls [2008/10/31 23:21:23 | 00,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_1144.nls [2008/10/31 23:21:23 | 00,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_1143.nls [2008/10/31 23:21:23 | 00,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_1142.nls [2008/10/31 23:21:23 | 00,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_1141.nls [2008/10/31 23:21:23 | 00,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_1140.nls [2008/10/31 23:21:23 | 00,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_1047.nls [2008/10/31 23:21:22 | 00,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_10021.nls [2008/10/31 23:21:22 | 00,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_10005.nls [2008/10/31 23:21:22 | 00,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_10004.nls [2008/10/31 23:21:10 | 00,331,264 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\aqueue.dll [2008/10/31 23:21:09 | 00,045,056 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\EXCH_aqadmin.dll [2008/10/31 23:21:07 | 00,019,456 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\agt040d.dll [2008/10/31 23:21:07 | 00,019,456 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\agt0401.dll [2008/10/31 23:21:00 | 00,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\EXCH_adsiisex.dll [2008/10/31 23:20:53 | 00,032,827 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\tcptest.exe [2008/10/31 23:20:53 | 00,016,437 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\shtml.exe [2008/10/31 23:20:53 | 00,016,384 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\tcptsat.dll [2008/10/31 23:20:52 | 00,020,536 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\shtml.dll [2008/10/31 23:20:46 | 00,020,538 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fpremadm.exe [2008/10/31 23:20:45 | 00,598,071 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fpmmc.dll [2008/10/31 23:20:45 | 00,208,896 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fpmmcsat.dll [2008/10/31 23:20:45 | 00,188,494 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fpcount.exe [2008/10/31 23:20:45 | 00,109,328 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fp98swin.exe [2008/10/31 23:20:45 | 00,020,541 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fpexedll.dll [2008/10/31 23:20:44 | 00,876,653 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fp4awel.dll [2008/10/31 23:20:44 | 00,102,509 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fp4atxt.dll [2008/10/31 23:20:44 | 00,049,212 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fp4awebs.dll [2008/10/31 23:20:44 | 00,049,210 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fp4areg.dll [2008/10/31 23:20:44 | 00,041,020 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fp4avnb.dll [2008/10/31 23:20:44 | 00,032,826 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fp4avss.dll [2008/10/31 23:20:44 | 00,014,608 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fp98sadm.exe [2008/10/31 23:20:43 | 00,184,435 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fp4amsft.dll [2008/10/31 23:20:43 | 00,147,513 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fp4apws.dll [2008/10/31 23:20:43 | 00,082,035 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fp4anscp.dll [2008/10/31 23:20:42 | 00,188,480 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cfgwiz.exe [2008/10/31 23:20:42 | 00,020,540 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\author.dll [2008/10/31 23:20:42 | 00,016,439 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\author.exe [2008/10/31 23:20:41 | 00,016,439 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\admin.exe [2008/10/31 23:20:40 | 00,020,540 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\admin.dll [2008/10/31 23:18:30 | 00,000,488 | RH-- | C] () -- C:\WINDOWS\System32\logonui.exe.manifest [2008/10/31 23:18:21 | 00,000,749 | RH-- | C] () -- C:\WINDOWS\WindowsShell.Manifest [2008/10/31 23:18:21 | 00,000,749 | RH-- | C] () -- C:\WINDOWS\System32\wuaucpl.cpl.manifest [2008/10/31 23:18:21 | 00,000,749 | RH-- | C] () -- C:\WINDOWS\System32\sapi.cpl.manifest [2008/10/31 23:18:21 | 00,000,749 | RH-- | C] () -- C:\WINDOWS\System32\ncpa.cpl.manifest [2008/10/31 23:17:53 | 00,016,384 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\isignup.exe [2008/10/31 23:16:33 | 00,000,000 | ---D | C] -- C:\Program Files\ComPlus Applications [2008/10/31 22:52:41 | 00,016,254 | ---- | C] () -- C:\WINDOWS\System32\PINTLPAE.HLP [2008/10/31 22:52:41 | 00,014,821 | ---- | C] () -- C:\WINDOWS\System32\PINTLPAD.HLP [2008/10/31 22:52:35 | 00,482,304 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\PINTLGNT.IME [2008/10/31 22:52:35 | 00,482,304 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\pintlgnt.ime [2008/10/31 22:52:35 | 00,070,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\pintlphr.exe [2008/10/31 22:52:35 | 00,067,584 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\pmigrate.dll [2008/10/31 22:52:35 | 00,059,392 | ---- | C] () -- C:\WINDOWS\System32\dllcache\imscinst.exe [2008/10/31 22:52:20 | 00,024,661 | ---- | C] (Perle Systems Ltd.) -- C:\WINDOWS\System32\spxcoins.dll [2008/10/31 22:52:20 | 00,024,661 | ---- | C] (Perle Systems Ltd.) -- C:\WINDOWS\System32\dllcache\spxcoins.dll [2008/10/31 22:52:20 | 00,013,312 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\irclass.dll [2008/10/31 22:52:20 | 00,013,312 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\irclass.dll [2008/10/31 22:52:03 | 00,000,084 | -HS- | C] () -- C:\Documents and Settings\All Users\「開始」功能表\程式集\啟動\desktop.ini [2008/10/31 22:52:02 | 01,104,400 | ---- | C] () -- C:\WINDOWS\System32\dllcache\NTPRINT.CAT [2008/10/31 22:52:02 | 00,819,229 | ---- | C] () -- C:\WINDOWS\System32\dllcache\NT5IIS.CAT [2008/10/31 22:52:02 | 00,399,645 | ---- | C] () -- C:\WINDOWS\System32\dllcache\MAPIMIG.CAT [2008/10/31 22:52:02 | 00,168,806 | ---- | C] () -- C:\WINDOWS\System32\dllcache\startoc.cat [2008/10/31 22:52:02 | 00,037,484 | ---- | C] () -- C:\WINDOWS\System32\dllcache\MW770.CAT [2008/10/31 22:52:02 | 00,031,281 | ---- | C] () -- C:\WINDOWS\System32\dllcache\FP4.CAT [2008/10/31 22:52:02 | 00,014,043 | ---- | C] () -- C:\WINDOWS\System32\dllcache\IMS.CAT [2008/10/31 22:52:02 | 00,013,472 | ---- | C] () -- C:\WINDOWS\System32\dllcache\HPCRDP.CAT [2008/10/31 22:52:02 | 00,009,581 | ---- | C] () -- C:\WINDOWS\System32\dllcache\MSMSGS.CAT [2008/10/31 22:52:02 | 00,008,574 | ---- | C] () -- C:\WINDOWS\System32\dllcache\IASNT4.CAT [2008/10/31 22:52:02 | 00,007,710 | ---- | C] () -- C:\WINDOWS\System32\dllcache\OEMBIOS.CAT [2008/10/31 22:52:02 | 00,007,334 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wmerrenu.cat [2008/10/31 22:52:02 | 00,007,245 | ---- | C] () -- C:\WINDOWS\System32\dllcache\MSTSWEB.CAT [2008/10/31 22:52:01 | 01,938,986 | ---- | C] () -- C:\WINDOWS\System32\dllcache\NT5.CAT [2008/10/31 22:52:01 | 01,025,000 | ---- | C] () -- C:\WINDOWS\System32\dllcache\SP2.CAT [2008/10/31 22:52:01 | 00,520,138 | ---- | C] () -- C:\WINDOWS\System32\dllcache\NT5INF.CAT ========== Files - Modified Within 30 Days ========== [1 C:\*.tmp files] [6 C:\Documents and Settings\Ken\桌面\*.tmp files] [2008/11/25 21:12:18 | 00,000,060 | ---- | M] () -- C:\WINDOWS\zoom.dat [2008/11/25 21:11:58 | 00,000,061 | ---- | M] () -- C:\WINDOWS\hare.dat [2008/11/25 21:11:42 | 00,000,066 | ---- | M] () -- C:\WINDOWS\anticrash.dat [2008/11/25 21:11:08 | 00,000,847 | ---- | M] () -- C:\WINDOWS\system.ini [2008/11/25 21:10:30 | 00,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT [2008/11/25 21:10:27 | 00,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat [2008/11/25 21:10:23 | 10,717,96224 | -HS- | M] () -- C:\hiberfil.sys [2008/11/25 21:00:35 | 03,052,316 | R--- | M] () -- C:\Documents and Settings\Ken\桌面\ComboFix.exe [2008/11/25 20:39:00 | 00,000,250 | ---- | M] () -- C:\WINDOWS\tasks\查看 Windows Live Toolbar 的更新資訊.job [2008/11/25 20:17:57 | 30,339,289 | ---- | M] () -- C:\WINDOWS\System32\drivers\Avg\incavi.avm [2008/11/25 20:17:57 | 00,050,685 | ---- | M] () -- C:\WINDOWS\System32\drivers\Avg\microavi.avg [2008/11/25 20:17:08 | 00,002,422 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl [2008/11/25 16:20:34 | 00,000,223 | -H-- | M] () -- C:\WINDOWS\winshell.dat [2008/11/24 07:19:36 | 02,110,582 | -H-- | M] () -- C:\Documents and Settings\Ken\Local Settings\Application Data\IconCache.db [2008/11/24 07:18:07 | 00,000,019 | ---- | M] () -- C:\WINDOWS\popcinfo.dat [2008/11/24 06:58:29 | 00,014,674 | ---- | M] () -- C:\Documents and Settings\Ken\桌面\report.csv [2008/11/24 00:06:08 | 00,054,156 | -H-- | M] () -- C:\WINDOWS\QTFont.qfn [2008/11/23 23:41:41 | 00,334,743 | ---- | M] () -- C:\WINDOWS\System32\drivers\Avg\miniavi.avg [2008/11/23 23:40:26 | 00,010,520 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\avgrsstx.dll [2008/11/23 23:40:26 | 00,001,507 | ---- | M] () -- C:\Documents and Settings\All Users\桌面\AVG Free 8.0.lnk [2008/11/23 23:40:25 | 00,076,040 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\drivers\avgtdix.sys [2008/11/23 23:40:20 | 00,097,928 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\drivers\avgldx86.sys [2008/11/23 23:40:17 | 00,026,824 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\drivers\avgmfx86.sys [2008/11/23 23:40:15 | 06,061,540 | ---- | M] () -- C:\WINDOWS\System32\drivers\Avg\avi7.avg [2008/11/23 23:38:00 | 50,689,960 | ---- | M] (AVG Technologies) -- C:\Documents and Settings\Ken\桌面\avg_free_stf_en_8_173a1373.exe [2008/11/23 00:04:13 | 00,230,912 | ---- | M] () -- C:\Documents and Settings\Ken\My Documents\Network diagram.vsd [2008/11/22 23:52:18 | 00,013,473 | ---- | M] () -- C:\Documents and Settings\Ken\桌面\AS-CA-09ProjectList-Eng.pdf [2008/11/22 21:24:10 | 00,000,581 | ---- | M] () -- C:\Documents and Settings\Ken\My Documents\我的共用資料夾.lnk [2008/11/16 22:53:53 | 00,035,840 | ---- | M] () -- C:\Documents and Settings\Ken\桌面\Peer-to-peer vs clientserver.doc [2008/11/16 00:09:53 | 00,001,729 | ---- | M] () -- C:\Documents and Settings\All Users\桌面\Adobe Reader 8.lnk [2008/11/16 00:02:31 | 00,002,361 | ---- | M] () -- C:\Documents and Settings\Ken\桌面\Microsoft Office Word 2003.lnk [2008/11/15 09:41:41 | 00,349,696 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Ken\桌面\OTMoveIt3.exe [2008/11/11 23:18:44 | 01,529,241 | ---- | M] () -- C:\Documents and Settings\Ken\桌面\SDFix.exe [2008/11/10 23:54:27 | 00,000,696 | ---- | M] () -- C:\Documents and Settings\All Users\桌面\Malwarebytes' Anti-Malware.lnk [2008/11/10 23:26:55 | 10,718,37184 | ---- | M] () -- C:\WINDOWS\MEMORY.DMP [2008/11/10 23:23:18 | 02,372,472 | ---- | M] (Malwarebytes Corporation ) -- C:\Documents and Settings\Ken\桌面\mbam-setup.exe [2008/11/09 00:27:22 | 00,001,409 | ---- | M] () -- C:\WINDOWS\QTFont.for [2008/11/05 23:46:12 | 00,022,832 | ---- | M] () -- C:\Documents and Settings\Ken\桌面\中化感想.rtf [2008/11/04 16:36:27 | 00,000,071 | ---- | M] () -- C:\Documents and Settings\Ken\桌面\config.ini [2008/11/03 23:48:31 | 00,000,000 | -H-- | M] () -- C:\Documents and Settings\Ken\My Documents\Default.rdp [2008/11/03 00:39:33 | 00,000,281 | RHS- | M] () -- C:\boot.ini [2008/11/02 11:45:26 | 00,422,400 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Ken\桌面\OTViewIt.exe [2008/11/01 22:26:56 | 00,001,715 | ---- | M] () -- C:\Documents and Settings\All Users\桌面\Windows Live Messenger .lnk [2008/11/01 21:06:44 | 00,401,720 | ---- | M] (Trend Micro Inc.) -- C:\Documents and Settings\Ken\桌面\HiJackThis.exe [2008/10/31 23:59:53 | 00,000,257 | -HS- | M] () -- C:\Documents and Settings\Ken\My Documents\desktop.ini [2008/10/31 23:35:56 | 00,355,072 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT [2008/10/31 23:33:23 | 01,126,090 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI [2008/10/31 23:33:23 | 00,448,646 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat [2008/10/31 23:33:23 | 00,428,028 | ---- | M] () -- C:\WINDOWS\System32\prfh0404.dat [2008/10/31 23:33:23 | 00,153,398 | ---- | M] () -- C:\WINDOWS\System32\prfc0404.dat [2008/10/31 23:33:23 | 00,074,336 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat [2008/10/31 23:28:27 | 00,000,587 | ---- | M] () -- C:\WINDOWS\System32\$winnt$.inf [2008/10/31 23:20:03 | 00,000,084 | -HS- | M] () -- C:\Documents and Settings\All Users\「開始」功能表\程式集\啟動\desktop.ini [2008/10/31 23:19:57 | 00,316,640 | ---- | M] () -- C:\WINDOWS\WMSysPr9.prx [2008/10/31 23:19:55 | 00,023,392 | ---- | M] () -- C:\WINDOWS\System32\nscompat.tlb [2008/10/31 23:19:55 | 00,016,832 | ---- | M] () -- C:\WINDOWS\System32\amcompat.tlb [2008/10/31 23:19:37 | 00,004,205 | ---- | M] () -- C:\WINDOWS\ODBCINST.INI [2008/10/31 23:18:30 | 00,000,488 | RH-- | M] () -- C:\WINDOWS\System32\WindowsLogon.manifest [2008/10/31 23:18:30 | 00,000,488 | RH-- | M] () -- C:\WINDOWS\System32\logonui.exe.manifest [2008/10/31 23:18:21 | 00,000,749 | RH-- | M] () -- C:\WINDOWS\WindowsShell.Manifest [2008/10/31 23:18:21 | 00,000,749 | RH-- | M] () -- C:\WINDOWS\System32\wuaucpl.cpl.manifest [2008/10/31 23:18:21 | 00,000,749 | RH-- | M] () -- C:\WINDOWS\System32\sapi.cpl.manifest [2008/10/31 23:18:21 | 00,000,749 | RH-- | M] () -- C:\WINDOWS\System32\nwc.cpl.manifest [2008/10/31 23:18:21 | 00,000,749 | RH-- | M] () -- C:\WINDOWS\System32\ncpa.cpl.manifest [2008/10/31 23:18:21 | 00,000,749 | RH-- | M] () -- C:\WINDOWS\System32\cdplayer.exe.manifest [2008/10/31 23:18:02 | 00,001,210 | ---- | M] () -- C:\WINDOWS\win.ini [2008/10/31 23:16:48 | 00,023,152 | ---- | M] () -- C:\WINDOWS\System32\emptyregdb.dat [2008/10/31 23:15:22 | 00,000,505 | ---- | M] () -- C:\WINDOWS\System32\mapisvc.inf [2008/10/31 23:13:36 | 00,000,211 | ---- | M] () -- C:\Boot.bak [2008/10/31 22:57:27 | 00,004,128 | ---- | M] () -- C:\INFCACHE.1 [2008/10/31 22:52:03 | 00,000,062 | -HS- | M] () -- C:\Documents and Settings\All Users\Documents\desktop.ini [2008/10/31 22:52:03 | 00,000,062 | -HS- | M] () -- C:\Documents and Settings\All Users\Application Data\desktop.ini < End of report > |
|
|
|
|
Nov 25 2008, 02:12 PM
Post
#58
|
|
|
Malware Expert Group: HJT Team Posts: 15,378 Joined: 23-December 04 From: Pickerington, Ohio Member No.: 7,762 |
Please download the OTMoveIt3 by OldTimer.
Please post a new log from OTViewIt. How is your computer behaving now? Any difference? -------------------- If I have helped you in any way, please consider a donation to help me continue the fight against malware.Failing to respond back to the person that is giving up their own time to help you not only is insensitive and disrespectful, but it guarantees that you will never receive help from me again. Please thank your helpers and there will always be help here when you need it! ======================================================== |
|
|
|
|
Nov 26 2008, 09:58 AM
Post
#59
|
|
|
Member Group: Members Posts: 44 Joined: 1-November 08 Member No.: 251,993 |
The dll problem has been tackled. Thank you !!!!!
As I follow your instruction, after I pressed Moveit! button, there has no response and only "registry" is shown. The homepage of IE has still been kidnapped. This post has been edited by Paul61112002: Nov 26 2008, 10:16 AM
Attached File(s)
|
|
|
|
|
Nov 26 2008, 01:48 PM
Post
#60
|
|
|
Malware Expert Group: HJT Team Posts: 15,378 Joined: 23-December 04 From: Pickerington, Ohio Member No.: 7,762 |
You forgot the first line.
:reg -------------------- If I have helped you in any way, please consider a donation to help me continue the fight against malware.Failing to respond back to the person that is giving up their own time to help you not only is insensitive and disrespectful, but it guarantees that you will never receive help from me again. Please thank your helpers and there will always be help here when you need it! ======================================================== |
|
|
|
|
1 User(s) are reading this topic (1 Guests and 0 Anonymous Users)
0 Members:
| Lo-Fi Version | Time is now: 8th November 2009 - 05:28 AM |
© 2003-2009 All Rights Reserved Bleeping Computer LLC.