 Infected by trojans and virusq |
Welcome Guest ( Log In | Click here to Register a free account now! )
Register a free account to unlock additional features at BleepingComputer.com
Welcome to Bleeping Computer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.
Forum Guidelines
Read this topic before posting a log. DO NOT post a ComboFix log unless requested to. Only members of the HijackThis Team or Moderators are allowed to help people with logs. Anyone else should refrain from posting to another user's log. When posting a log please put the type of infection you have in the topic title. IE: Winfixer, Virtumonde, WinTools, WebSearch, Home Search Assistant, etc. Do not bump your topic. We try to resolve logs on a first come/first served basis. By bumping your log you will be pushed back in line due to the new date of your bump.
  |
 Nov 1 2008, 08:27 AM
Post
#1
|
|
|
Member  Group: Members Posts: 44 Joined: 1-November 08 Member No.: 251,993  |
My computer is infected with trojans and IE's homepage is "kidnapped". Can anyone help me? ========================================== Hijackthis log file Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 21:16:55, on 1/11/2008 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE C:\Program Files\Eset\nod32krn.exe C:\Program Files\Spyware Doctor\svcntaux.exe C:\Program Files\Spyware Doctor\swdsvc.exe C:\WINDOWS\system32\tcpsvcs.exe C:\WINDOWS\System32\snmp.exe C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\wscntfy.exe C:\Program Files\Dell\Media Experience\DMXLauncher.exe C:\Program Files\Common Files\Real\Update_OB\realsched.exe C:\Program Files\Eset\nod32kui.exe C:\WINDOWS\stsystra.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Messenger\msmsgs.exe C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe C:\EPDOA\OAHotkey.EXE C:\WINDOWS\Integrator.exe C:\Program Files\Mozilla Firefox\firefox.exe C:\Documents and Settings\Ken\桌面\HiJackThis.exe O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll O2 - BHO: Windows Live 祅腊? - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll O4 - HKLM\..\Run: [ATIPTA] "C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe" O4 - HKLM\..\Run: [DMXLauncher] C:\Program Files\Dell\Media Experience\DMXLauncher.exe O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot O4 - HKLM\..\Run: [Ulead AutoDetector v2] C:\Program Files\Common Files\Ulead Systems\AutoDetector\monitor.exe O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32 O4 - HKLM\..\Run: [ISUSPM Startup] c:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\isuspm.exe -startup O4 - HKLM\..\Run: [UserFaultCheck] %systemroot%\system32\dumprep 0 -u O4 - HKLM\..\Run: [nod32kui] "C:\Program Files\Eset\nod32kui.exe" /WAITSERVICE O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" O4 - HKLM\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033 O4 - HKLM\..\Run: [IMEKRMIG6.1] C:\WINDOWS\ime\imkr6_1\IMEKRMIG.EXE O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName O4 - HKLM\..\Run: [SigmatelSysTrayApp] stsystra.exe O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background O4 - HKCU\..\Run: [ISUSPM] "C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" -scheduler O4 - HKUS\S-1-5-19\..\Run: [ctfmon.exe] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE') O4 - HKUS\S-1-5-20\..\Run: [ctfmon.exe] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE') O4 - HKUS\S-1-5-18\..\Run: [ctfmon.exe] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\S-1-5-18\..\RunOnce: [tscuninstall] %systemroot%\system32\tscupgrd.exe (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [ctfmon.exe] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user') O4 - HKUS\.DEFAULT\..\RunOnce: [tscuninstall] %systemroot%\system32\tscupgrd.exe (User 'Default user') O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm O8 - Extra context menu item: &使用 FlashGet 下載 - C:\FlashGet\jc_link.htm O8 - Extra context menu item: &使用迅雷下載 - C:\Program Files\Thunder Network\Thunder\Program\geturl.htm O8 - Extra context menu item: &使用迅雷下載全部鏈接 - C:\Program Files\Thunder Network\Thunder\Program\getallurl.htm O8 - Extra context menu item: &全部使用 FlashGet 下載 - C:\FlashGet\jc_all.htm O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java 主控台 - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll O9 - Extra button: 發佈至部落格 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll O9 - Extra 'Tools' menuitem: 使用 Windows Live Writer 發佈至部落格(&B) - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll O9 - Extra button: 參考資料 - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O15 - ESC Trusted Zone: http://*.update.microsoft.com O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204 O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1155309127156 O16 - DPF: {9D190AE6-C81E-4039-8061-978EBAD10073} (F-Secure Online Scanner 3.0) - http://support.f-secure.com/ols/fscax.cab O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab56907.cab O16 - DPF: {CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7} (get_atlcom Class) - http://www.adobe.com/products/acrobat/nos/gp.cab O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineS...er.cab56986.cab O17 - HKLM\System\CCS\Services\Tcpip\..\{F88F32EC-72F6-45F2-B458-7DDA547717CB}: NameServer = 210.0.128.242 210.0.255.216 O18 - Protocol: about - {3050F406-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll O18 - Protocol: cdl - {3DD53D40-7B8B-11D0-B013-00AA0059CE02} - C:\WINDOWS\system32\urlmon.dll O18 - Protocol: dvd - {12D51199-0DB5-46FE-A120-47A3D7D937CC} - C:\WINDOWS\system32\msvidctl.dll O18 - Protocol: file - {79EAC9E7-BAF9-11CE-8C82-00AA004BA90B} - C:\WINDOWS\system32\urlmon.dll O18 - Protocol: ftp - {79EAC9E3-BAF9-11CE-8C82-00AA004BA90B} - C:\WINDOWS\system32\urlmon.dll O18 - Protocol: gopher - {79EAC9E4-BAF9-11CE-8C82-00AA004BA90B} - C:\WINDOWS\system32\urlmon.dll O18 - Protocol: http - {79EAC9E2-BAF9-11CE-8C82-00AA004BA90B} - C:\WINDOWS\system32\urlmon.dll O18 - Protocol: https - {79EAC9E5-BAF9-11CE-8C82-00AA004BA90B} - C:\WINDOWS\system32\urlmon.dll O18 - Protocol: ipp - (no CLSID) - (no file) O18 - Protocol: its - {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\WINDOWS\system32\itss.dll O18 - Protocol: javascript - {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL O18 - Protocol: local - {79EAC9E7-BAF9-11CE-8C82-00AA004BA90B} - C:\WINDOWS\system32\urlmon.dll O18 - Protocol: mailto - {3050F3DA-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll O18 - Protocol: mhtml - {05300401-BCBC-11D0-85E3-00C04FD85AB4} - C:\WINDOWS\system32\inetcomm.dll O18 - Protocol: mk - {79EAC9E6-BAF9-11CE-8C82-00AA004BA90B} - C:\WINDOWS\system32\urlmon.dll O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll O18 - Protocol: ms-its - {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\WINDOWS\system32\itss.dll O18 - Protocol: ms-itss - {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Program Files\Common Files\Microsoft Shared\Information Retrieval\MSITSS.DLL O18 - Protocol: msdaipp - (no CLSID) - (no file) O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL O18 - Protocol: mso-offdap - {3D9F03FA-7A94-11D3-BE81-0050048385D1} - C:\PROGRA~1\COMMON~1\MICROS~1\WEBCOM~1\10\OWC10.DLL O18 - Protocol: mso-offdap11 - {32505114-5902-49B2-880A-1F7738E5A384} - C:\PROGRA~1\COMMON~1\MICROS~1\WEBCOM~1\11\OWC11.DLL O18 - Protocol: res - {3050F3BC-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll O18 - Protocol: sysimage - {76E67A63-06E9-11D2-A840-006008059382} - C:\WINDOWS\system32\mshtml.dll O18 - Protocol: tv - {CBD30858-AF45-11D2-B6D6-00C04FBBDE6E} - C:\WINDOWS\system32\msvidctl.dll O18 - Protocol: vbscript - {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll O18 - Protocol: wia - {13F3EA8B-91D7-4F0A-AD76-D2853AC8BECE} - C:\WINDOWS\system32\wiascr.dll O18 - Protocol: wlmailhtml - {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Program Files\Windows Live\Mail\mailcomm.dll O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe O23 - Service: Kaspersky Internet Security 6.0 (AVP) - Unknown owner - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 6.0\avp.exe (file missing) O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe O23 - Service: Macromedia Licensing Service - Unknown owner - C:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe O23 - Service: Intel NCS NetService (NetSvc) - Intel® Corporation - C:\Program Files\Intel\PROSetWired\NCS\Sync\NetSvc.exe O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C:\Program Files\Eset\nod32krn.exe O23 - Service: Spyware Doctor Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\svcntaux.exe O23 - Service: Spyware Doctor Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\swdsvc.exe O23 - Service: StarWind iSCSI Service (StarWindService) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe O23 - Service: VideoAcceleratorEngine - Speedbit Ltd. - C:\PROGRA~1\SPEEDB~1\VideoAcceleratorEngine.exe -- End of file - 11785 bytes |
 |
 
|
|
Nov 1 2008, 10:36 AM
Post
#2
|
|
|
Malware Expert Group: HJT Team Posts: 15,378 Joined: 23-December 04 From: Pickerington, Ohio Member No.: 7,762 |
Hi and welcome to Bleeping Computer! My name is Sam and I will be helping you.
 First let's get a more detailed log so we can determine the best plan of attack for you.
--------------------  If I have helped you in any way, please consider a donation to help me continue the fight against malware.Failing to respond back to the person that is giving up their own time to help you not only is insensitive and disrespectful, but it guarantees that you will never receive help from me again. Please thank your helpers and there will always be help here when you need it! ======================================================== |
|
|
|
|
Nov 1 2008, 10:50 PM
Post
#3
|
|
|
Member Group: Members Posts: 44 Joined: 1-November 08 Member No.: 251,993 |
Thank you for your help ~~
The following is my OTviewIT.Txt ========================= OTViewIt logfile created on: 2/11/2008 11:46:39 - Run OTViewIt by OldTimer - Version 1.0.20.0 Folder = C:\Documents and Settings\Ken\桌面 Windows XP Home Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation Internet Explorer (Version = 6.0.2900.2180) Locale: 00000C04 | Country: 香港特別行政區 | Language: ZHH | Date Format: d/M/yyyy 1022.07 Mb Total Physical Memory | 586.45 Mb Available Physical Memory | 57.38% Memory free 2.40 Gb Paging File | 2.07 Gb Available in Paging File | 86.16% Paging File free Paging file location(s): c:\pagefile.sys 1536 3072; %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files Drive C: | 148.96 Gb Total Space | 98.42 Gb Free Space | 66.07% Space Free | Partition Type: NTFS D: Drive not present or media not loaded E: Drive not present or media not loaded F: Drive not present or media not loaded G: Drive not present or media not loaded H: Drive not present or media not loaded I: Drive not present or media not loaded Computer Name: PAUL Current User Name: Ken Logged in as Administrator. Current Boot Mode: Normal Scan Mode: All users Whitelist: Off File Age = 30 Days ========== Processes ========== [2005/08/03 21:02:58 | 00,380,928 | ---- | M] (ATI Technologies Inc.) -- C:\WINDOWS\system32\ati2evxx.exe [2007/05/30 20:31:10 | 00,312,880 | ---- | M] (GRISOFT s.r.o.) -- C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe [2003/06/19 23:25:00 | 00,322,120 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE [2008/02/04 21:38:24 | 00,552,064 | ---- | M] (Eset ) -- C:\Program Files\ESET\nod32krn.exe [2007/04/19 11:08:00 | 00,708,176 | ---- | M] (PC Tools) -- C:\Program Files\Spyware Doctor\svcntaux.exe [2007/04/19 11:08:06 | 01,302,608 | ---- | M] (PC Tools) -- C:\Program Files\Spyware Doctor\swdsvc.exe [2004/08/12 18:00:00 | 00,019,456 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\tcpsvcs.exe [2004/08/12 18:00:00 | 00,031,232 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\snmp.exe [2005/04/02 01:51:48 | 00,217,600 | ---- | M] (Rocket Division Software) -- C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe [2004/08/12 18:00:00 | 00,013,824 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\wscntfy.exe [2006/05/03 03:12:00 | 00,098,304 | ---- | M] () -- C:\Program Files\Dell\Media Experience\DMXLauncher.exe [2006/07/14 21:48:17 | 00,180,269 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files\Common Files\Real\Update_OB\realsched.exe [2004/08/12 18:00:00 | 00,108,032 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\wuauclt.exe [2008/02/04 21:38:24 | 00,949,376 | ---- | M] (Eset ) -- C:\Program Files\ESET\nod32kui.exe [2008/01/11 22:16:38 | 00,039,792 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe [2005/03/22 16:20:44 | 00,339,968 | ---- | M] (SigmaTel, Inc.) -- C:\WINDOWS\stsystra.exe [2008/04/15 18:54:53 | 01,695,232 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Messenger\msmsgs.exe [2007/08/30 10:50:42 | 00,205,480 | ---- | M] (Macrovision Corporation) -- C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe [2002/02/28 06:48:58 | 00,491,008 | ---- | M] (Roy) -- C:\EPDOA\OAHotkey.EXE [2003/01/15 11:46:24 | 00,151,552 | ---- | M] (Dachshund Software) -- C:\WINDOWS\Integrator.exe [2008/04/07 18:07:49 | 07,660,656 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe [2008/11/02 11:45:26 | 00,422,400 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Ken\桌面\OTViewIt.exe ========== (O23) Win32 Services ========== [2006/09/11 19:52:24 | 00,072,704 | ---- | M] (Adobe Systems) -- C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe -- (Adobe LM Service [On_Demand | Stopped]) [2007/10/24 01:47:22 | 00,033,800 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe -- (aspnet_state [On_Demand | Stopped]) [2005/08/03 21:02:58 | 00,380,928 | ---- | M] (ATI Technologies Inc.) -- C:\WINDOWS\system32\ati2evxx.exe -- (Ati HotKey Poller [Auto | Running]) [2007/05/30 20:31:10 | 00,312,880 | ---- | M] (GRISOFT s.r.o.) -- C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe -- (AVG Anti-Spyware Guard [Auto | Running]) File not found -- -- (AVP [Auto | Stopped]) [2007/10/24 01:47:40 | 00,070,144 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32 [On_Demand | Stopped]) [2006/10/20 21:21:24 | 00,036,864 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe -- (FontCache3.0.0.0 [On_Demand | Stopped]) [2004/10/22 02:24:18 | 00,073,728 | ---- | M] (Macrovision Corporation) -- C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe -- (IDriverT [On_Demand | Stopped]) [2006/10/30 03:33:58 | 00,741,376 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe -- (idsvc [Unknown | Stopped]) [2004/08/12 18:00:00 | 00,019,456 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\tcpsvcs.exe -- (LPDSVC [On_Demand | Stopped]) [2006/09/15 00:03:27 | 00,068,096 | ---- | M] () -- C:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe -- (Macromedia Licensing Service [On_Demand | Stopped]) [2003/06/19 23:25:00 | 00,322,120 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE -- (MDM [Auto | Running]) [2004/11/19 11:26:40 | 00,147,456 | ---- | M] (Intel® Corporation) -- C:\Program Files\Intel\PROSetWired\NCS\Sync\NetSvc.exe -- (NetSvc [On_Demand | Stopped]) [2006/10/30 03:34:02 | 00,122,880 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe -- (NetTcpPortSharing [Disabled | Stopped]) [2008/02/04 21:38:24 | 00,552,064 | ---- | M] (Eset ) -- C:\Program Files\ESET\nod32krn.exe -- (NOD32krn [Auto | Running]) [2007/08/24 03:19:12 | 00,443,776 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE -- (odserv [On_Demand | Stopped]) [2006/10/26 13:03:08 | 00,145,184 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE -- (ose [On_Demand | Stopped]) [2007/04/19 11:08:00 | 00,708,176 | ---- | M] (PC Tools) -- C:\Program Files\Spyware Doctor\svcntaux.exe -- (sdAuxService [Auto | Running]) [2007/04/19 11:08:06 | 01,302,608 | ---- | M] (PC Tools) -- C:\Program Files\Spyware Doctor\swdsvc.exe -- (sdCoreService [Auto | Running]) [2004/08/12 18:00:00 | 00,019,456 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\tcpsvcs.exe -- (SimpTcp [Auto | Running]) [2004/08/12 18:00:00 | 00,031,232 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\snmp.exe -- (SNMP [Auto | Running]) [2004/08/12 18:00:00 | 00,008,704 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\snmptrap.exe -- (SNMPTRAP [On_Demand | Stopped]) [2005/04/02 01:51:48 | 00,217,600 | ---- | M] (Rocket Division Software) -- C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe -- (StarWindService [Auto | Running]) [2007/10/18 11:31:54 | 00,098,328 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Live\Messenger\usnsvc.exe -- (usnjsvc [On_Demand | Stopped]) [2007/06/05 13:02:13 | 00,137,088 | ---- | M] (Speedbit Ltd.) -- C:\Program Files\SpeedBit Video Accelerator\VideoAcceleratorEngine.exe -- (VideoAcceleratorEngine [On_Demand | Stopped]) [2007/10/25 15:27:54 | 00,266,240 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Live\installer\WLSetupSvc.exe -- (WLSetupSvc [On_Demand | Stopped]) [2006/11/02 23:09:48 | 00,897,024 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Media Player\wmpnetwk.exe -- (WMPNetworkSvc [On_Demand | Stopped]) ========== Driver Services ========== [2004/08/12 18:00:00 | 00,005,248 | ---- | M] (Acer Laboratories Inc.) -- C:\WINDOWS\system32\drivers\aliide.sys -- (AliIde [Disabled | Stopped]) [2004/08/03 23:07:44 | 00,043,008 | ---- | M] (Advanced Micro Devices, Inc.) -- C:\WINDOWS\system32\drivers\amdagp.sys -- (amdagp [Disabled | Stopped]) [2008/02/04 21:38:25 | 00,512,096 | ---- | M] (Eset ) -- C:\WINDOWS\system32\drivers\amon.sys -- (AMON [Auto | Running]) [2004/08/12 18:00:00 | 00,026,496 | ---- | M] (Advanced System Products, Inc.) -- C:\WINDOWS\system32\drivers\asc.sys -- (asc [Disabled | Stopped]) [2004/08/12 18:00:00 | 00,014,848 | ---- | M] (Advanced System Products, Inc.) -- C:\WINDOWS\system32\drivers\asc3550.sys -- (asc3550 [Disabled | Stopped]) [2005/08/03 21:10:18 | 01,273,344 | ---- | M] (ATI Technologies Inc.) -- C:\WINDOWS\system32\drivers\ati2mtag.sys -- (ati2mtag [On_Demand | Running]) [2007/05/30 20:10:42 | 00,011,000 | ---- | M] () -- C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.sys -- (AVG Anti-Spyware Driver [System | Running]) [2007/05/30 20:10:42 | 00,010,872 | ---- | M] (GRISOFT, s.r.o.) -- C:\WINDOWS\system32\drivers\AvgAsCln.sys -- (AvgAsCln [System | Running]) [2002/10/07 13:22:06 | 00,018,660 | ---- | M] () -- C:\WINDOWS\system32\drivers\CenixFMC.sys -- (CENIXFMC [On_Demand | Stopped]) [2004/12/14 05:14:00 | 00,039,904 | ---- | M] (Adaptec, Inc.) -- C:\WINDOWS\System32\drivers\cercsr6.sys -- (cercsr6 [Boot | Stopped]) [2004/08/12 18:00:00 | 00,006,656 | ---- | M] (CMD Technology, Inc.) -- C:\WINDOWS\system32\drivers\cmdide.sys -- (CmdIde [Disabled | Stopped]) [2004/08/12 18:00:00 | 00,179,584 | ---- | M] (Mylex Corporation) -- C:\WINDOWS\system32\drivers\dac2w2k.sys -- (dac2w2k [Disabled | Stopped]) [2005/04/22 03:22:00 | 00,088,352 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\system32\drivers\drvmcdb.sys -- (drvmcdb [Boot | Running]) [2005/04/21 02:56:00 | 00,040,544 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\system32\drivers\drvnddm.sys -- (drvnddm [Auto | Running]) [2006/07/14 23:42:57 | 00,223,128 | ---- | M] (DT Soft Ltd.) -- C:\WINDOWS\system32\drivers\dtscsi.sys -- (dtscsi [On_Demand | Stopped]) [2004/10/14 16:30:46 | 00,155,648 | ---- | M] (Intel Corporation) -- C:\WINDOWS\system32\drivers\e100b325.sys -- (E100B [On_Demand | Running]) [2006/09/11 16:00:00 | 00,387,432 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\eengine\eectrl.sys -- (eeCtrl [System | Running]) [2004/08/12 18:00:00 | 00,012,160 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\fsvga.sys -- (FsVga [System | Running]) [2006/09/02 19:04:42 | 00,010,345 | ---- | M] (Applied Networking Inc.) -- C:\WINDOWS\system32\drivers\hamachi.sys -- (hamachi [On_Demand | Stopped]) [2008/04/14 00:36:05 | 00,144,384 | ---- | M] (Windows ® Server 2003 DDK provider) -- C:\WINDOWS\system32\drivers\hdaudbus.sys -- (HDAudBus [On_Demand | Running]) [2006/06/28 11:58:56 | 00,053,793 | ---- | M] (Compuware Corporation) -- C:\WINDOWS\system32\drivers\hid7906.sys -- (hid7906 [On_Demand | Stopped]) [2007/04/19 15:18:08 | 00,039,248 | ---- | M] (PCTools Research Pty Ltd.) -- C:\WINDOWS\system32\drivers\ikfileflt.sys -- (IKFileFlt [System | Running]) [2007/04/19 15:18:12 | 00,052,304 | ---- | M] (PCTools Research Pty Ltd.) -- C:\WINDOWS\system32\drivers\ikfilesec.sys -- (IKFileSec [System | Running]) [2007/04/19 15:18:16 | 00,059,984 | ---- | M] (PCTools Research Pty Ltd.) -- C:\WINDOWS\system32\drivers\iksysflt.sys -- (IkSysFlt [System | Running]) [2007/04/19 15:18:20 | 00,083,536 | ---- | M] (PCTools Research Pty Ltd.) -- C:\WINDOWS\system32\drivers\iksyssec.sys -- (IKSysSec [System | Running]) [2008/06/29 11:54:23 | 00,014,144 | ---- | M] (Hongtien) -- C:\WINDOWS\system32\drivers\IPvE.sys -- (IPvE [On_Demand | Stopped]) [2004/08/12 18:00:00 | 00,014,592 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\kbdhid.sys -- (kbdhid [System | Running]) [2007/01/21 01:14:40 | 00,032,768 | ---- | M] (北京三七二一科技有限公司) -- C:\WINDOWS\system32\drivers\leoiobo.sys -- (leoiobo [Boot | Running]) [2004/08/12 18:00:00 | 00,017,280 | ---- | M] (American Megatrends Inc.) -- C:\WINDOWS\system32\drivers\mraid35x.sys -- (mraid35x [Disabled | Stopped]) [2007/06/19 10:52:57 | 00,011,192 | ---- | M] (Yahoo! China Corporation) -- C:\WINDOWS\system32\drivers\myxlljjp.sys -- (myxlljjp [Boot | Running]) [2004/08/12 18:00:00 | 00,040,320 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\nmnt.sys -- (nm [On_Demand | Stopped]) [2008/02/04 21:38:24 | 00,015,424 | ---- | M] () -- C:\WINDOWS\system32\drivers\nod32drv.sys -- (nod32drv [System | Running]) [2004/08/03 22:29:56 | 01,897,408 | ---- | M] (NVIDIA Corporation) -- C:\WINDOWS\system32\drivers\nv4_mini.sys -- (nv [On_Demand | Stopped]) [2004/08/12 18:00:00 | 00,017,792 | ---- | M] (Parallel Technologies, Inc.) -- C:\WINDOWS\system32\drivers\ptilink.sys -- (Ptilink [On_Demand | Running]) [2005/10/27 04:12:48 | 00,020,640 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\system32\drivers\pxhelp20.sys -- (PxHelp20 [Boot | Running]) [2004/08/12 18:00:00 | 00,040,320 | ---- | M] (QLogic Corporation) -- C:\WINDOWS\system32\drivers\ql1080.sys -- (ql1080 [Disabled | Stopped]) [2004/08/12 18:00:00 | 00,045,312 | ---- | M] (QLogic Corporation) -- C:\WINDOWS\system32\drivers\ql12160.sys -- (ql12160 [Disabled | Stopped]) [2004/08/12 18:00:00 | 00,049,024 | ---- | M] (QLogic Corporation) -- C:\WINDOWS\system32\drivers\ql1280.sys -- (ql1280 [Disabled | Stopped]) [2007/06/05 13:02:13 | 00,034,304 | ---- | M] (SpeedBit Ltd.) -- C:\Program Files\SpeedBit Video Accelerator\sbbotdi.sys -- (sbbotdi [Auto | Running]) [2004/08/12 18:00:00 | 00,027,440 | ---- | M] () -- C:\WINDOWS\system32\drivers\secdrv.sys -- (Secdrv [On_Demand | Stopped]) [2004/08/03 23:07:44 | 00,041,088 | ---- | M] (Silicon Integrated Systems Corporation) -- C:\WINDOWS\system32\drivers\sisagp.sys -- (sisagp [Disabled | Stopped]) [2004/08/12 18:00:00 | 00,019,072 | ---- | M] (Adaptec, Inc.) -- C:\WINDOWS\system32\drivers\sparrow.sys -- (Sparrow [Disabled | Stopped]) [2006/07/14 23:39:01 | 00,642,560 | ---- | M] (Duplex Secure Ltd.) -- C:\WINDOWS\system32\drivers\sptd.sys -- (sptd [Boot | Running]) [2005/05/13 10:37:28 | 00,005,627 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\system32\drivers\sscdbhk5.sys -- (sscdbhk5 [System | Running]) [2005/05/13 10:37:20 | 00,023,545 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\system32\drivers\ssrtln.sys -- (ssrtln [System | Running]) [2005/11/16 14:36:00 | 01,047,816 | ---- | M] (SigmaTel, Inc.) -- C:\WINDOWS\system32\drivers\sthda.sys -- (STHDA [On_Demand | Running]) [2004/08/12 18:00:00 | 00,016,256 | ---- | M] (Symbios Logic Inc.) -- C:\WINDOWS\system32\drivers\symc810.sys -- (symc810 [Disabled | Stopped]) [2004/08/12 18:00:00 | 00,032,640 | ---- | M] (LSI Logic) -- C:\WINDOWS\system32\drivers\symc8xx.sys -- (symc8xx [Disabled | Stopped]) [2004/08/12 18:00:00 | 00,028,384 | ---- | M] (LSI Logic) -- C:\WINDOWS\system32\drivers\sym_hi.sys -- (sym_hi [Disabled | Stopped]) [2004/08/12 18:00:00 | 00,030,688 | ---- | M] (LSI Logic) -- C:\WINDOWS\system32\drivers\sym_u3.sys -- (sym_u3 [Disabled | Stopped]) [2004/08/12 18:00:00 | 00,223,616 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\tcpip6.sys -- (Tcpip6 [System | Running]) [2005/05/31 05:33:00 | 00,025,725 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\system32\dla\tfsnboio.sys -- (tfsnboio [Auto | Running]) [2005/05/31 05:33:00 | 00,034,845 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\system32\dla\tfsncofs.sys -- (tfsncofs [Auto | Running]) [2005/05/31 05:33:00 | 00,004,125 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\system32\dla\tfsndrct.sys -- (tfsndrct [Auto | Running]) [2005/05/31 05:33:00 | 00,002,241 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\system32\dla\tfsndres.sys -- (tfsndres [Auto | Running]) [2005/05/31 05:33:00 | 00,086,876 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\system32\dla\tfsnifs.sys -- (tfsnifs [Auto | Running]) [2005/05/31 05:33:00 | 00,015,069 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\system32\dla\tfsnopio.sys -- (tfsnopio [Auto | Running]) [2005/05/31 05:33:00 | 00,006,365 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\system32\dla\tfsnpool.sys -- (tfsnpool [Auto | Running]) [2005/05/31 05:33:00 | 00,098,716 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\system32\dla\tfsnudf.sys -- (tfsnudf [Auto | Running]) [2005/05/31 05:33:00 | 00,100,605 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\system32\dla\tfsnudfa.sys -- (tfsnudfa [Auto | Running]) [2004/08/12 18:00:00 | 00,012,416 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\tunmp.sys -- (tunmp [On_Demand | Running]) [2005/10/09 01:05:16 | 00,023,600 | ---- | M] (EnTech Taiwan) -- C:\WINDOWS\system32\drivers\TVICHW32.SYS -- (TVICHW32 [On_Demand | Stopped]) [2004/08/12 18:00:00 | 00,036,736 | ---- | M] (Promise Technology, Inc.) -- C:\WINDOWS\system32\drivers\ultra.sys -- (ultra [Disabled | Stopped]) [2005/07/08 14:44:18 | 00,159,616 | ---- | M] ( ) -- C:\WINDOWS\system32\drivers\vax347b.sys -- (vax347b [Boot | Running]) [2004/04/30 09:33:00 | 00,005,248 | ---- | M] ( ) -- C:\WINDOWS\system32\drivers\vax347s.sys -- (vax347s [Boot | Running]) [2008/04/15 18:54:34 | 00,028,384 | ---- | M] () -- C:\WINDOWS\system32\drivers\vzchp.sys -- (vzchp [Boot | Running]) [2004/08/12 18:00:00 | 00,012,032 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\ws2ifsl.sys -- (WS2IFSL [System | Running]) ========== (R ) Internet Explorer ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Main] "Default_Page_URL"=http://go.microsoft.com/fwlink/?LinkId=69157 "Default_Search_URL"=http://go.microsoft.com/fwlink/?LinkId=54896 "Default_Secondary_Page_URL"= "Extensions Off Page"=about:NoAdd-ons "Local Page"=%SystemRoot%\system32\blank.htm "Search Page"=http://go.microsoft.com/fwlink/?LinkId=54896 "Security Risk Page"=about:SecurityRisk "Start Page"=http://www.microsoft.com/isapi/redir.dll?prd={SUB_PRD}&clcid={SUB_CLSID}&pver={SUB_PVER}&ar=home [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Search] "CustomizeSearch"=http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm "SearchAssistant"=http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main] "Default_Search_URL"=http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch "Local Page"=C:\WINDOWS\system32\blank.htm "Page_Transitions"= "Prev Search Page"=http://google.icq.com "Search Page"=http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch "Start Page"=www.6700.cn?tn=102760com/isapi/redir.dll?p [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchURL] ""= "provider"= [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks] "{CFBFAE00-17A6-11D0-99CB-00C04FD64497}" (HKLM) -- C:\WINDOWS\system32\shdocvw.dll (Microsoft Corporation) [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings] "ProxyEnable" = 0 [HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main] "Default_Search_URL"=http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch "Search Page"=http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch "Start Page"=www.6700.cn?tn=102760com/isapi/redir.dll?p [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings] "ProxyEnable" = 0 [HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main] "Default_Search_URL"=http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch "Search Page"=http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch "Start Page"=www.6700.cn?tn=102760com/isapi/redir.dll?p [HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings] "ProxyEnable" = 0 [HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\Main] "Default_Search_URL"=http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch "Search Page"=http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch "Start Page"=www.6700.cn?tn=102760com/isapi/redir.dll?p [HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\Main] "Default_Search_URL"=http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch "Search Page"=http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch "Start Page"=www.6700.cn?tn=102760com/isapi/redir.dll?p [HKEY_USERS\S-1-5-21-2928647282-1049154914-751282057-1006\SOFTWARE\Microsoft\Internet Explorer\Main] "Default_Search_URL"=http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch "Local Page"=C:\WINDOWS\system32\blank.htm "Page_Transitions"= "Prev Search Page"=http://google.icq.com "Search Page"=http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch "Start Page"=www.6700.cn?tn=102760//www.microsoft.com/i [HKEY_USERS\S-1-5-21-2928647282-1049154914-751282057-1006\Software\Microsoft\Internet Explorer\SearchURL] ""= "provider"= [HKEY_USERS\S-1-5-21-2928647282-1049154914-751282057-1006\Software\Microsoft\Internet Explorer\URLSearchHooks] "{CFBFAE00-17A6-11D0-99CB-00C04FD64497}" (HKLM) -- C:\WINDOWS\system32\shdocvw.dll (Microsoft Corporation) [HKEY_USERS\S-1-5-21-2928647282-1049154914-751282057-1006\Software\Microsoft\Windows\CurrentVersion\Internet Settings] "ProxyEnable" = 0 ========== (O1) Hosts File ========== HOSTS File = (265205 bytes) - C:\WINDOWS\System32\drivers\etc\Hosts First 25 entries... 127.0.0.1 localhost 127.0.0.1 www.007guard.com 127.0.0.1 007guard.com 127.0.0.1 008i.com 127.0.0.1 www.008k.com 127.0.0.1 008k.com 127.0.0.1 www.00hq.com 127.0.0.1 00hq.com 127.0.0.1 010402.com 127.0.0.1 www.032439.com 127.0.0.1 032439.com 127.0.0.1 www.0scan.com 127.0.0.1 0scan.com 127.0.0.1 100888290cs.com 127.0.0.1 www.100888290cs.com 127.0.0.1 www.100sexlinks.com 127.0.0.1 100sexlinks.com 127.0.0.1 10sek.com 127.0.0.1 www.10sek.com 127.0.0.1 123topsearch.com 127.0.0.1 www.123topsearch.com 127.0.0.1 132.com 127.0.0.1 www.132.com 127.0.0.1 www.136136.net 127.0.0.1 136136.net 9212 more lines... ========== (O2) BHO's ========== [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\] {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} (HKLM) -- C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated) {53707962-6F74-2D53-2644-206D7942484F} (HKLM) -- C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited) {5CA3D70E-1895-11CF-8E15-001234567890} (HKLM) -- C:\WINDOWS\system32\dla\tfswshx.dll (Sonic Solutions) {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} (HKLM) -- C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll (Sun Microsystems, Inc.) {7E853D72-626A-48EC-A868-BA8D5E23E045} (HKLM) -- Reg Error: Key does not exist or could not be opened. File not found {9030D464-4C02-4ABF-8ECC-5164760863C6} (HKLM) -- C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation) {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} (HKLM) -- C:\Program Files\Windows Live Toolbar\msntb.dll (Microsoft Corporation) ========== (O3) Toolbars ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ToolBar] "{BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0}" (HKLM) -- C:\Program Files\Windows Live Toolbar\msntb.dll (Microsoft Corporation) [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\ShellBrowser] "{2318C2B1-4965-11D4-9B18-009027A5CD4F}" (HKLM) -- Reg Error: Key does not exist or could not be opened. File not found [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser] "{70DE7956-479D-4EB7-8641-2B45774C350E}" (HKLM) -- Reg Error: Key does not exist or could not be opened. File not found [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser] "{BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0}" (HKLM) -- C:\Program Files\Windows Live Toolbar\msntb.dll (Microsoft Corporation) [HKEY_USERS\S-1-5-21-2928647282-1049154914-751282057-1006\Software\Microsoft\Internet Explorer\Toolbar\ShellBrowser] "{2318C2B1-4965-11D4-9B18-009027A5CD4F}" (HKLM) -- Reg Error: Key does not exist or could not be opened. File not found [HKEY_USERS\S-1-5-21-2928647282-1049154914-751282057-1006\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser] "{70DE7956-479D-4EB7-8641-2B45774C350E}" (HKLM) -- Reg Error: Key does not exist or could not be opened. File not found [HKEY_USERS\S-1-5-21-2928647282-1049154914-751282057-1006\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser] "{BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0}" (HKLM) -- C:\Program Files\Windows Live Toolbar\msntb.dll (Microsoft Corporation) ========== (O4) Run Keys ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" (Adobe Systems Incorporated) "ATIPTA"="C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe" (ATI Technologies, Inc.) "DAEMON Tools"="C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033 (DT Soft Ltd.) "DMXLauncher"=C:\Program Files\Dell\Media Experience\DMXLauncher.exe () "IMEKRMIG6.1"=C:\WINDOWS\ime\imkr6_1\IMEKRMIG.EXE (Microsoft Corporation) "IMJPMIG8.1"="C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32 (Microsoft Corporation) "ISUSPM Startup"=c:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\isuspm.exe -startup (Macrovision Corporation) "ISUSScheduler"="C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start (Macrovision Corporation) "MSPY2002"=C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC () "nod32kui"="C:\Program Files\Eset\nod32kui.exe" /WAITSERVICE (Eset ) "PHIME2002A"=C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName (Microsoft Corporation) "PHIME2002ASync"=C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC (Microsoft Corporation) "SigmatelSysTrayApp"=stsystra.exe (SigmaTel, Inc.) "TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot (RealNetworks, Inc.) "Ulead AutoDetector v2"=C:\Program Files\Common Files\Ulead Systems\AutoDetector\monitor.exe (Ulead Systems, Inc.) "UserFaultCheck"=%systemroot%\system32\dumprep 0 -u File not found [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "ISUSPM"="C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" -scheduler (Macrovision Corporation) "MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" /background (Microsoft Corporation) [HKEY_USERS\S-1-5-21-2928647282-1049154914-751282057-1006\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "ISUSPM"="C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" -scheduler (Macrovision Corporation) "MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" /background (Microsoft Corporation) ========== (O4) RunOnce Keys ========== [HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce] "tscuninstall"=%systemroot%\system32\tscupgrd.exe (Microsoft Corporation) [HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce] "tscuninstall"=%systemroot%\system32\tscupgrd.exe (Microsoft Corporation) ========== (O4) Startup Folders ========== [2005/03/16 19:16:50 | 00,113,664 | ---- | M] (Adobe Systems, Inc.) -- C:\Documents and Settings\Ken\「開始」功能表\程式集\啟動\Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2002/12/17 12:00:44 | 02,301,798 | ---- | M] () -- C:\Documents and Settings\Ken\「開始」功能表\程式集\啟動\AntiCrash.lnk = C:\Program Files\Dachshund Software\AntiCrash\AntiCrash.exe [2002/09/21 12:26:40 | 01,874,381 | ---- | M] () -- C:\Documents and Settings\Ken\「開始」功能表\程式集\啟動\Hare.lnk = C:\Program Files\Dachshund Software\Hare\Hare.exe [2002/02/28 06:48:58 | 00,491,008 | ---- | M] (Roy) -- C:\Documents and Settings\Ken\「開始」功能表\程式集\啟動\OAhotkey.lnk = C:\EPDOA\OAHotkey.EXE [2002/09/21 12:27:14 | 01,446,302 | ---- | M] () -- C:\Documents and Settings\Ken\「開始」功能表\程式集\啟動\Zoom.lnk = C:\Program Files\Dachshund Software\Zoom\Zoom.exe File not found -- C:\Documents and Settings\Ken\「開始」功能表\程式集\啟動\粗箇QQ珆IP.lnk = C:\Program Files\粗箇QQ\CaiHong.exe ========== (O6 & O7) Current Version Policies ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer] "NoCDBurning"=0 "NoDriveTypeAutoRun"=227 "NoDrives"=0 "NoDriveAutoRun"=67108863 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System] "dontdisplaylastusername"=0 "legalnoticecaption"= "legalnoticetext"= "shutdownwithoutlogon"=1 "undockwithoutlogon"=1 "DisableRegistryTools"=0 "HideLegacyLogonScripts"=0 "HideLogoffScripts"=0 "RunLogonScriptSync"=1 "RunStartupScriptSync"=0 "HideStartupScripts"=0 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer] "NoDrives"=0 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System] "HideLegacyLogonScripts"=0 "HideLogoffScripts"=0 "RunLogonScriptSync"=1 "RunStartupScriptSync"=0 "HideStartupScripts"=0 [HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer] "NoDriveTypeAutoRun"=145 [HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer] "NoDriveTypeAutoRun"=145 [HKEY_USERS\S-1-5-21-2928647282-1049154914-751282057-1006\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer] "NoDrives"=0 [HKEY_USERS\S-1-5-21-2928647282-1049154914-751282057-1006\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System] "HideLegacyLogonScripts"=0 "HideLogoffScripts"=0 "RunLogonScriptSync"=1 "RunStartupScriptSync"=0 "HideStartupScripts"=0 ========== (O8) IE Context Menu Extensions ========== [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\MenuExt\] &Windows Live Search: C:\Program Files\Windows Live Toolbar\msntb.dll [2007/10/19 11:20:48 | 00,546,320 | ---- | M] (Microsoft Corporation) &ㄏ? FlashGet 更: Reg Error: Value does not exist or could not be read. File not found &ㄏノ FlashGet 更: C:\FlashGet\jc_link.htm File not found &全部使用 FlashGet 下載: C:\FlashGet\jc_all.htm File not found &妏蚚捃濘狟婥: Reg Error: Value does not exist or could not be read. File not found &妏蚚捃濘狟婥窒蟈諉: Reg Error: Value does not exist or could not be read. File not found &使用 FlashGet 下載: C:\FlashGet\jc_link.htm File not found &使用迅雷下載: C:\Program Files\Thunder Network\Thunder\Program\geturl.htm [2006/11/22 23:54:24 | 00,003,144 | ---- | M] () &使用迅雷下載全部鏈接: C:\Program Files\Thunder Network\Thunder\Program\getAllurl.htm [2006/09/14 15:00:10 | 00,001,481 | ---- | M] () &?ㄏ? FlashGet 更: Reg Error: Value does not exist or could not be read. File not found &场ㄏノ FlashGet 更: C:\FlashGet\jc_all.htm File not found 匯出至 Microsoft Office Excel(&X): Reg Error: Value does not exist or could not be read. File not found [HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\MenuExt\] !搜一搜: C:\Program Files\YiSou\yisou.dll File not found Add to Windows &Live Favorites: File not found 匯出至 Microsoft Office Excel(&X): C:\Program Files\Microsoft Office\OFFICE11\EXCEL.EXE [2008/08/04 16:12:50 | 10,354,176 | ---- | M] (Microsoft Corporation) [HKEY_USERS\S-1-5-18\Software\Microsoft\Internet Explorer\MenuExt\] !搜一搜: C:\Program Files\YiSou\yisou.dll File not found Add to Windows &Live Favorites: File not found 匯出至 Microsoft Office Excel(&X): C:\Program Files\Microsoft Office\OFFICE11\EXCEL.EXE [2008/08/04 16:12:50 | 10,354,176 | ---- | M] (Microsoft Corporation) [HKEY_USERS\S-1-5-19\Software\Microsoft\Internet Explorer\MenuExt\] !搜一搜: Reg Error: Key does not exist or could not be opened. File not found Add to Windows &Live Favorites: Reg Error: Key does not exist or could not be opened. File not found 匯出至 Microsoft Office Excel(&X): Reg Error: Key does not exist or could not be opened. File not found [HKEY_USERS\S-1-5-20\Software\Microsoft\Internet Explorer\MenuExt\] !搜一搜: Reg Error: Key does not exist or could not be opened. File not found Add to Windows &Live Favorites: Reg Error: Key does not exist or could not be opened. File not found 匯出至 Microsoft Office Excel(&X): Reg Error: Key does not exist or could not be opened. File not found [HKEY_USERS\S-1-5-21-2928647282-1049154914-751282057-1006\Software\Microsoft\Internet Explorer\MenuExt\] &Windows Live Search: C:\Program Files\Windows Live Toolbar\msntb.dll [2007/10/19 11:20:48 | 00,546,320 | ---- | M] (Microsoft Corporation) &ㄏ? FlashGet 更: Reg Error: Value does not exist or could not be read. File not found &ㄏノ FlashGet 更: C:\FlashGet\jc_link.htm File not found &全部使用 FlashGet 下載: C:\FlashGet\jc_all.htm File not found &妏蚚捃濘狟婥: Reg Error: Value does not exist or could not be read. File not found &妏蚚捃濘狟婥窒蟈諉: Reg Error: Value does not exist or could not be read. File not found &使用 FlashGet 下載: C:\FlashGet\jc_link.htm File not found &使用迅雷下載: C:\Program Files\Thunder Network\Thunder\Program\geturl.htm [2006/11/22 23:54:24 | 00,003,144 | ---- | M] () &使用迅雷下載全部鏈接: C:\Program Files\Thunder Network\Thunder\Program\getAllurl.htm [2006/09/14 15:00:10 | 00,001,481 | ---- | M] () &?ㄏ? FlashGet 更: Reg Error: Value does not exist or could not be read. File not found &场ㄏノ FlashGet 更: C:\FlashGet\jc_all.htm File not found 匯出至 Microsoft Office Excel(&X): Reg Error: Value does not exist or could not be read. File not found ========== (O9) IE Extensions ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\] {08B0E5C0-4FCB-11CF-AAA5-00401C608501}: Menu: Sun Java 主控台 -- %ProgramFiles%\Java\jre1.6.0_07\bin\npjpi160_07.dll [2008/06/10 04:27:02 | 00,132,496 | ---- | M] (Sun Microsystems, Inc.) {219C3416-8CB2-491a-A3C7-D9FCDDC9D600}: Button: 發佈至部落格 -- %ProgramFiles%\Windows Live\Writer\WriterBrowserExtension.dll [2007/10/26 18:09:54 | 00,154,640 | ---- | M] (Microsoft Corporation) {219C3416-8CB2-491a-A3C7-D9FCDDC9D600}: Menu: 使用 Windows Live Writer 發佈至部落格(&B) -- %ProgramFiles%\Windows Live\Writer\WriterBrowserExtension.dll [2007/10/26 18:09:54 | 00,154,640 | ---- | M] (Microsoft Corporation) {92780B25-18CC-41C8-B9BE-3C9C571A8263}: Button: 參考資料 -- %ProgramFiles%\Microsoft Office\OFFICE11\REFIEBAR.DLL [2007/04/19 14:10:18 | 00,063,840 | ---- | M] (Microsoft Corporation) {DFB852A3-47F8-48C4-A200-58CAB36FD2A2}: Menu: Spybot - Search & Destroy Configuration -- %ProgramFiles%\Spybot - Search & Destroy\SDHelper.dll [2008/09/15 14:25:44 | 01,562,960 | RHS- | M] (Safer Networking Limited) {FB5F1910-F110-11d2-BB9E-00C04F795683}: Button: Messenger -- %ProgramFiles%\Messenger\msmsgs.exe [2008/04/15 18:54:53 | 01,695,232 | ---- | M] (Microsoft Corporation) {FB5F1910-F110-11d2-BB9E-00C04F795683}: Menu: Windows Messenger -- %ProgramFiles%\Messenger\msmsgs.exe [2008/04/15 18:54:53 | 01,695,232 | ---- | M] (Microsoft Corporation) [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Extensions\] CmdMapping\\{0062C9BD-B349-40DE-91A0-755F37ACD559} [HKLM] -> [Reg Error: Key does not exist or could not be opened.] -> File not found CmdMapping\\{08B0E5C0-4FCB-11CF-AAA5-00401C608501} [HKLM] -> %SystemRoot%\system32\msjava.dll [Web Browser Applet Control] -> [2003/02/28 18:26:26 | 00,947,472 | ---- | M] (Microsoft Corporation) CmdMapping\\{09BA8F6D-CB54-424B-839C-C2A6C8E6B436} [HKLM] -> [Reg Error: Key does not exist or could not be opened.] -> File not found CmdMapping\\{0A155D3C-68E2-4215-A47A-E800A446447A} [HKLM] -> [Reg Error: Key does not exist or could not be opened.] -> File not found CmdMapping\\{1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} [HKLM] -> [Reg Error: Key does not exist or could not be opened.] -> File not found CmdMapping\\{219C3416-8CB2-491a-A3C7-D9FCDDC9D600} [HKLM] -> %ProgramFiles%\Windows Live\Writer\WriterBrowserExtension.dll [發佈至部落格] -> [2007/10/26 18:09:54 | 00,154,640 | ---- | M] (Microsoft Corporation) CmdMapping\\{507F9113-CD77-4866-BA92-0E86DA3D0B97} [HKLM] -> [Reg Error: Key does not exist or could not be opened.] -> File not found CmdMapping\\{59BC54A2-56B3-44a0-93E5-432D58746E26} [HKLM] -> [Reg Error: Key does not exist or could not be opened.] -> File not found CmdMapping\\{5E638779-1818-4754-A595-EF1C63B87A56} [HKLM] -> [Reg Error: Key does not exist or could not be opened.] -> File not found CmdMapping\\{6224f700-cba3-4071-b251-47cb894244cd} [HKLM] -> [Reg Error: Key does not exist or could not be opened.] -> File not found CmdMapping\\{77BF5300-1474-4EC7-9980-D32B190E9B07} [HKLM] -> [Reg Error: Key does not exist or could not be opened.] -> File not found CmdMapping\\{85d1f590-48f4-11d9-9669-0800200c9a66} [HKLM] -> [Reg Error: Key does not exist or could not be opened.] -> File not found CmdMapping\\{92780B25-18CC-41C8-B9BE-3C9C571A8263} [HKLM] -> %ProgramFiles%\Microsoft Office\OFFICE11\REFIEBAR.DLL [參考資料] -> [2007/04/19 14:10:18 | 00,063,840 | ---- | M] (Microsoft Corporation) CmdMapping\\{962EFB8E-2683-42d4-AC74-AAA4C759B9C6} [HKLM] -> [Reg Error: Key does not exist or could not be opened.] -> File not found CmdMapping\\{9885224C-1217-4c5f-83C2-00002E6CEF2B} [HKLM] -> [Reg Error: Key does not exist or could not be opened.] -> File not found CmdMapping\\{B863453A-26C3-4e1f-A54D-A2CD196348E9} [HKLM] -> [Reg Error: Key does not exist or could not be opened.] -> File not found CmdMapping\\{D6E814A0-E0C5-11d4-8D29-0050BA6940E3} [HKLM] -> [Reg Error: Key does not exist or could not be opened.] -> File not found CmdMapping\\{DFB852A3-47F8-48C4-A200-58CAB36FD2A2} [HKLM] -> %ProgramFiles%\Spybot - Search & Destroy\SDHelper.dll [Spybot - Search & Destroy Configuration] -> [2008/09/15 14:25:44 | 01,562,960 | RHS- | M] (Safer Networking Limited) CmdMapping\\{E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} [HKLM] -> [Reg Error: Key does not exist or could not be opened.] -> File not found CmdMapping\\{ECF2E268-F28C-48d2-9AB7-8F69C11CCB71} [HKLM] -> [Reg Error: Key does not exist or could not be opened.] -> File not found CmdMapping\\{FB5F1910-F110-11d2-BB9E-00C04F795683} [HKLM] -> %ProgramFiles%\Messenger\msmsgs.exe [Messenger] -> [2008/04/15 18:54:53 | 01,695,232 | ---- | M] (Microsoft Corporation) CmdMapping\\{FD00D911-7529-4084-9946-A29F1BDF4FE5} [HKLM] -> [Reg Error: Key does not exist or could not be opened.] -> File not found [HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Extensions\] CmdMapping\\{08B0E5C0-4FCB-11CF-AAA5-00401C608501} [HKLM] -> %SystemRoot%\system32\msjava.dll [Web Browser Applet Control] -> [2003/02/28 18:26:26 | 00,947,472 | ---- | M] (Microsoft Corporation) CmdMapping\\{219C3416-8CB2-491a-A3C7-D9FCDDC9D600} [HKLM] -> %ProgramFiles%\Windows Live\Writer\WriterBrowserExtension.dll [發佈至部落格] -> [2007/10/26 18:09:54 | 00,154,640 | ---- | M] (Microsoft Corporation) CmdMapping\\{92780B25-18CC-41C8-B9BE-3C9C571A8263} [HKLM] -> %ProgramFiles%\Microsoft Office\OFFICE11\REFIEBAR.DLL [參考資料] -> [2007/04/19 14:10:18 | 00,063,840 | ---- | M] (Microsoft Corporation) CmdMapping\\{D6E814A0-E0C5-11d4-8D29-0050BA6940E3} [HKLM] -> [Reg Error: Key does not exist or could not be opened.] -> File not found CmdMapping\\{DFB852A3-47F8-48C4-A200-58CAB36FD2A2} [HKLM] -> %ProgramFiles%\Spybot - Search & Destroy\SDHelper.dll [Spybot - Search & Destroy Configuration] -> [2008/09/15 14:25:44 | 01,562,960 | RHS- | M] (Safer Networking Limited) CmdMapping\\{FB5F1910-F110-11d2-BB9E-00C04F795683} [HKLM] -> %ProgramFiles%\Messenger\msmsgs.exe [Messenger] -> [2008/04/15 18:54:53 | 01,695,232 | ---- | M] (Microsoft Corporation) [HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Extensions\] CmdMapping\\{08B0E5C0-4FCB-11CF-AAA5-00401C608501} [HKLM] -> %SystemRoot%\system32\msjava.dll [Web Browser Applet Control] -> [2003/02/28 18:26:26 | 00,947,472 | ---- | M] (Microsoft Corporation) CmdMapping\\{219C3416-8CB2-491a-A3C7-D9FCDDC9D600} [HKLM] -> %ProgramFiles%\Windows Live\Writer\WriterBrowserExtension.dll [發佈至部落格] -> [2007/10/26 18:09:54 | 00,154,640 | ---- | M] (Microsoft Corporation) CmdMapping\\{92780B25-18CC-41C8-B9BE-3C9C571A8263} [HKLM] -> %ProgramFiles%\Microsoft Office\OFFICE11\REFIEBAR.DLL [參考資料] -> [2007/04/19 14:10:18 | 00,063,840 | ---- | M] (Microsoft Corporation) CmdMapping\\{D6E814A0-E0C5-11d4-8D29-0050BA6940E3} [HKLM] -> [Reg Error: Key does not exist or could not be opened.] -> File not found CmdMapping\\{DFB852A3-47F8-48C4-A200-58CAB36FD2A2} [HKLM] -> %ProgramFiles%\Spybot - Search & Destroy\SDHelper.dll [Spybot - Search & Destroy Configuration] -> [2008/09/15 14:25:44 | 01,562,960 | RHS- | M] (Safer Networking Limited) CmdMapping\\{FB5F1910-F110-11d2-BB9E-00C04F795683} [HKLM] -> %ProgramFiles%\Messenger\msmsgs.exe [Messenger] -> [2008/04/15 18:54:53 | 01,695,232 | ---- | M] (Microsoft Corporation) [HKEY_USERS\S-1-5-21-2928647282-1049154914-751282057-1006\SOFTWARE\Microsoft\Internet Explorer\Extensions\] CmdMapping\\{0062C9BD-B349-40DE-91A0-755F37ACD559} [HKLM] -> [Reg Error: Key does not exist or could not be opened.] -> File not found CmdMapping\\{08B0E5C0-4FCB-11CF-AAA5-00401C608501} [HKLM] -> %SystemRoot%\system32\msjava.dll [Web Browser Applet Control] -> [2003/02/28 18:26:26 | 00,947,472 | ---- | M] (Microsoft Corporation) CmdMapping\\{09BA8F6D-CB54-424B-839C-C2A6C8E6B436} [HKLM] -> [Reg Error: Key does not exist or could not be opened.] -> File not found CmdMapping\\{0A155D3C-68E2-4215-A47A-E800A446447A} [HKLM] -> [Reg Error: Key does not exist or could not be opened.] -> File not found CmdMapping\\{1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} [HKLM] -> [Reg Error: Key does not exist or could not be opened.] -> File not found CmdMapping\\{219C3416-8CB2-491a-A3C7-D9FCDDC9D600} [HKLM] -> %ProgramFiles%\Windows Live\Writer\WriterBrowserExtension.dll [發佈至部落格] -> [2007/10/26 18:09:54 | 00,154,640 | ---- | M] (Microsoft Corporation) CmdMapping\\{507F9113-CD77-4866-BA92-0E86DA3D0B97} [HKLM] -> [Reg Error: Key does not exist or could not be opened.] -> File not found CmdMapping\\{59BC54A2-56B3-44a0-93E5-432D58746E26} [HKLM] -> [Reg Error: Key does not exist or could not be opened.] -> File not found CmdMapping\\{5E638779-1818-4754-A595-EF1C63B87A56} [HKLM] -> [Reg Error: Key does not exist or could not be opened.] -> File not found CmdMapping\\{6224f700-cba3-4071-b251-47cb894244cd} [HKLM] -> [Reg Error: Key does not exist or could not be opened.] -> File not found CmdMapping\\{77BF5300-1474-4EC7-9980-D32B190E9B07} [HKLM] -> [Reg Error: Key does not exist or could not be opened.] -> File not found CmdMapping\\{85d1f590-48f4-11d9-9669-0800200c9a66} [HKLM] -> [Reg Error: Key does not exist or could not be opened.] -> File not found CmdMapping\\{92780B25-18CC-41C8-B9BE-3C9C571A8263} [HKLM] -> %ProgramFiles%\Microsoft Office\OFFICE11\REFIEBAR.DLL [參考資料] -> [2007/04/19 14:10:18 | 00,063,840 | ---- | M] (Microsoft Corporation) CmdMapping\\{962EFB8E-2683-42d4-AC74-AAA4C759B9C6} [HKLM] -> [Reg Error: Key does not exist or could not be opened.] -> File not found CmdMapping\\{9885224C-1217-4c5f-83C2-00002E6CEF2B} [HKLM] -> [Reg Error: Key does not exist or could not be opened.] -> File not found CmdMapping\\{B863453A-26C3-4e1f-A54D-A2CD196348E9} [HKLM] -> [Reg Error: Key does not exist or could not be opened.] -> File not found CmdMapping\\{D6E814A0-E0C5-11d4-8D29-0050BA6940E3} [HKLM] -> [Reg Error: Key does not exist or could not be opened.] -> File not found CmdMapping\\{DFB852A3-47F8-48C4-A200-58CAB36FD2A2} [HKLM] -> %ProgramFiles%\Spybot - Search & Destroy\SDHelper.dll [Spybot - Search & Destroy Configuration] -> [2008/09/15 14:25:44 | 01,562,960 | RHS- | M] (Safer Networking Limited) CmdMapping\\{E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} [HKLM] -> [Reg Error: Key does not exist or could not be opened.] -> File not found CmdMapping\\{ECF2E268-F28C-48d2-9AB7-8F69C11CCB71} [HKLM] -> [Reg Error: Key does not exist or could not be opened.] -> File not found CmdMapping\\{FB5F1910-F110-11d2-BB9E-00C04F795683} [HKLM] -> %ProgramFiles%\Messenger\msmsgs.exe [Messenger] -> [2008/04/15 18:54:53 | 01,695,232 | ---- | M] (Microsoft Corporation) CmdMapping\\{FD00D911-7529-4084-9946-A29F1BDF4FE5} [HKLM] -> [Reg Error: Key does not exist or could not be opened.] -> File not found ========== (O12) Internet Explorer Plugins ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Plugins\] PluginsPage: "" = http://activex.microsoft.com/controls/find...=%s&mime=%s PluginsPageFriendlyName: "" = Microsoft ActiveX Gallery ========== (O13) Default Prefixes ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\URL\DefaultPrefix] ""=http:// ========== (O15) Trusted Sites ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\] 47 domain(s) and sub-domain(s) not assigned to a zone. [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\] 46 domain(s) and sub-domain(s) not assigned to a zone. [HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\] 46 domain(s) and sub-domain(s) not assigned to a zone. [HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\] 46 domain(s) and sub-domain(s) not assigned to a zone. [HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\] 32 domain(s) and sub-domain(s) not assigned to a zone. [HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\] 32 domain(s) and sub-domain(s) not assigned to a zone. [HKEY_USERS\S-1-5-21-2928647282-1049154914-751282057-1006\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\] 46 domain(s) and sub-domain(s) not assigned to a zone. ========== (O16) DPF ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\] {00000055-9980-0010-8000-00AA00389B71}: http://codecs.microsoft.com/codecs/i386/fhg.CAB -- Reg Error: Key does not exist or could not be opened. {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8}: http://download.microsoft.com/download/e/4.../OGAControl.cab -- Office Genuine Advantage Validation Tool {17492023-C23A-453E-A040-C7C580BBF700}: http://go.microsoft.com/fwlink/?linkid=39204 -- Windows Genuine Advantage Validation Tool {3E68E405-C6DE-49FF-83AE-41EE9F4C36CE}: http://office.microsoft.com/officeupdate/content/opuc3.cab -- Office Update Installation Engine {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499}: http://download.bitdefender.com/resources/scan8/oscan8.cab -- BDSCANONLINE Control {6E32070A-766D-4EE6-879C-DC1FA91D2FC3}: http://update.microsoft.com/microsoftupdat...b?1155309127156 -- MUWebControl Class {8AD9C840-044E-11D1-B3E9-00805F499D93}: http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab -- Java Plug-in 1.6.0_07 {8FFBE65D-2C9C-4669-84BD-5829DC0B603C}: http://fpdownload.macromedia.com/get/flash...t/ultrashim.cab -- Reg Error: Key does not exist or could not be opened. {9D190AE6-C81E-4039-8061-978EBAD10073}: http://support.f-secure.com/ols/fscax.cab -- F-Secure Online Scanner 3.0 {C3F79A2B-B9B4-4A66-B012-3EE46475B072}: http://messenger.zone.msn.com/binary/Messe...nt.cab56907.cab -- MessengerStatsClient Class {CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA}: http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab -- Java Plug-in 1.6.0_02 {CAFEEFAC-0016-0000-0006-ABCDEFFEDCBA}: http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab -- Java Plug-in 1.6.0_06 {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}: http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab -- Java Plug-in 1.6.0_07 {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}: http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab -- Java Plug-in 1.6.0_07 {CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7}: http://www.adobe.com/products/acrobat/nos/gp.cab -- get_atlcom Class {D27CDB6E-AE6D-11CF-96B8-444553540000}: http://download.macromedia.com/pub/shockwa...ash/swflash.cab -- Shockwave Flash Object {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48}: http://messenger.zone.msn.com/binary/MineS...er.cab56986.cab -- Minesweeper Flags Class Microsoft XML Parser for Java: file://C:\WINDOWS\Java\classes\xmldso.cab -- Reg Error: Key does not exist or could not be opened. ========== (O17) DNS Name Servers ========== {0F94EF78-DE4B-40F7-8E55-A868CEC880FD} (Servers: | Description: Intel® PRO/100 VE Network Connection) ========== (O19) User Style Sheets ========== [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Styles] ========== Shell Execute Hooks ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks] "{57B86673-276A-48B2-BAE7-C6DBB3020EB8}" (HKLM) -- C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\shellexecutehook.dll (GRISOFT s.r.o.) ========== Safeboot Options ========== "AlternateShell"=cmd.exe ========== CDRom AutoRun Settings ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom] "AutoRun" = 1 ========== Autorun Files on Drives ========== AUTOEXEC.BAT [] [2004/09/07 11:10:30 | 00,000,000 | ---- | M] () -- C:\AUTOEXEC.BAT -- [ NTFS ] ========== MountPoints2 ========== [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\D\Shell] ""=AutoRun [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\D\Shell\AutoRun\command] ""=D:\setup.exe -- File not found ========== Files/Folders - Created Within 30 Days ========== [5 C:\WINDOWS\*.tmp files] [6 C:\Documents and Settings\Ken\桌面\*.tmp files] [2008/11/02 11:45:13 | 00,422,400 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Ken\桌面\OTViewIt.exe [2008/11/01 21:06:30 | 00,401,720 | ---- | C] (Trend Micro Inc.) -- C:\Documents and Settings\Ken\桌面\HiJackThis.exe [2008/11/01 20:52:49 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Ken\桌面\Hijackthis [2008/11/01 06:40:36 | 00,000,000 | ---D | C] -- C:\WINDOWS\dell [2008/11/01 00:27:41 | 00,064,512 | -H-- | C] () -- C:\Documents and Settings\Ken\Application Data\dach100.dll [2008/11/01 00:10:31 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Ken\Application Data\Talkback [2008/10/31 23:57:22 | 00,002,422 | ---- | C] () -- C:\WINDOWS\System32\wpa.bak [2008/10/31 23:29:52 | 00,000,000 | ---D | C] -- C:\WINDOWS\Prefetch [2008/10/31 23:24:00 | 00,041,600 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\weitekp9.dll [2008/10/31 23:24:00 | 00,031,232 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\weitekp9.sys [2008/10/31 23:23:56 | 00,048,256 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\w32.dll [2008/10/31 23:23:45 | 00,015,872 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\tsprof.exe [2008/10/31 23:23:42 | 00,185,344 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\thawbrkr.dll [2008/10/31 23:23:42 | 00,019,464 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\tdspx.sys [2008/10/31 23:23:41 | 00,021,896 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\tdipx.sys [2008/10/31 23:23:41 | 00,013,192 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\tdasync.sys [2008/10/31 23:23:36 | 00,101,376 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\srusbusd.dll [2008/10/31 23:23:32 | 00,040,448 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\snmpthrd.dll [2008/10/31 23:23:32 | 00,007,168 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\EXCH_snprfdll.dll [2008/10/31 23:23:31 | 00,424,960 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\smtpsvc.dll [2008/10/31 23:23:31 | 00,259,072 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\snmpcl.dll [2008/10/31 23:23:30 | 00,012,288 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\EXCH_smtpctrs.dll [2008/10/31 23:23:29 | 00,038,912 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\sm9aw.dll [2008/10/31 23:23:29 | 00,031,744 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\smb6w.dll [2008/10/31 23:23:29 | 00,031,744 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\sma3w.dll [2008/10/31 23:23:29 | 00,029,184 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\sm8cw.dll [2008/10/31 23:23:29 | 00,026,624 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\sm93w.dll [2008/10/31 23:23:29 | 00,026,624 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\sm92w.dll [2008/10/31 23:23:29 | 00,026,112 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\sm90w.dll [2008/10/31 23:23:29 | 00,026,112 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\sm8dw.dll [2008/10/31 23:23:29 | 00,026,112 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\sm8aw.dll [2008/10/31 23:23:29 | 00,026,112 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\sm89w.dll [2008/10/31 23:23:28 | 00,030,208 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\sm87w.dll [2008/10/31 23:23:28 | 00,030,208 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\sm81w.dll [2008/10/31 23:23:28 | 00,025,088 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\sm59w.dll [2008/10/31 23:23:20 | 00,026,112 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\EXCH_seos.dll [2008/10/31 23:23:19 | 00,057,856 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\EXCH_scripto.dll [2008/10/31 23:23:16 | 00,079,872 | ---- | C] (Ricoh Co., Ltd.) -- C:\WINDOWS\System32\dllcache\rwia330.dll [2008/10/31 23:23:16 | 00,079,872 | ---- | C] (Ricoh Co., Ltd.) -- C:\WINDOWS\System32\dllcache\rwia001.dll [2008/10/31 23:23:16 | 00,026,624 | ---- | C] (Ricoh Co., Ltd.) -- C:\WINDOWS\System32\dllcache\rw330ext.dll [2008/10/31 23:23:16 | 00,024,576 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\rw001ext.dll [2008/10/31 23:23:12 | 00,023,040 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\EXCH_regtrace.exe [2008/10/31 23:23:12 | 00,016,384 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\register.exe [2008/10/31 23:23:08 | 00,020,736 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ramdisk.sys [2008/10/31 23:23:08 | 00,018,432 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\quser.exe [2008/10/31 23:23:08 | 00,010,752 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\query.exe [2008/10/31 23:23:03 | 00,131,584 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\pmxviceo.dll [2008/10/31 23:23:03 | 00,068,608 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\plugin.ocx [2008/10/31 23:23:03 | 00,011,264 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\pmxmcro.dll [2008/10/31 23:23:03 | 00,006,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\pmxgl.dll [2008/10/31 23:22:54 | 00,038,912 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\EXCH_ntfsdrv.dll [2008/10/31 23:22:45 | 00,111,104 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mtstocom.exe [2008/10/31 23:22:28 | 00,007,680 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\migregdb.exe [2008/10/31 23:22:27 | 00,092,416 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mga.sys [2008/10/31 23:22:27 | 00,092,032 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mga.dll [2008/10/31 23:22:25 | 00,065,536 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\EXCH_mailmsg.dll [2008/10/31 23:22:21 | 00,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdvntc.dll [2008/10/31 23:22:21 | 00,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdusa.dll [2008/10/31 23:22:21 | 00,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdurdu.dll [2008/10/31 23:22:20 | 00,006,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdth3.dll [2008/10/31 23:22:20 | 00,006,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdth2.dll [2008/10/31 23:22:20 | 00,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdth1.dll [2008/10/31 23:22:20 | 00,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdth0.dll [2008/10/31 23:22:20 | 00,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdsyr2.dll [2008/10/31 23:22:20 | 00,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdsyr1.dll [2008/10/31 23:22:18 | 00,006,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdinpun.dll [2008/10/31 23:22:18 | 00,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdintel.dll [2008/10/31 23:22:18 | 00,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdintam.dll [2008/10/31 23:22:18 | 00,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdinmar.dll [2008/10/31 23:22:18 | 00,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdinkan.dll [2008/10/31 23:22:18 | 00,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdinhin.dll [2008/10/31 23:22:18 | 00,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdinguj.dll [2008/10/31 23:22:18 | 00,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdindev.dll [2008/10/31 23:22:17 | 00,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdheb.dll [2008/10/31 23:22:17 | 00,005,120 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdgeo.dll [2008/10/31 23:22:16 | 00,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdfa.dll [2008/10/31 23:22:16 | 00,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbddiv2.dll [2008/10/31 23:22:16 | 00,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbddiv1.dll [2008/10/31 23:22:16 | 00,005,120 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdarmw.dll [2008/10/31 23:22:15 | 00,018,432 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\jupiw.dll [2008/10/31 23:22:15 | 00,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbda3.dll [2008/10/31 23:22:15 | 00,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbda2.dll [2008/10/31 23:22:15 | 00,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbda1.dll [2008/10/31 23:22:15 | 00,005,120 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdarme.dll [2008/10/31 23:21:54 | 00,006,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ftlx041e.dll [2008/10/31 23:21:53 | 00,094,208 | ---- | C] () -- C:\WINDOWS\System32\dllcache\fpencode.dll [2008/10/31 23:21:53 | 00,024,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fpadmcgi.exe [2008/10/31 23:21:53 | 00,020,541 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fpadmdll.dll [2008/10/31 23:21:52 | 00,016,384 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\flattemp.exe [2008/10/31 23:21:51 | 00,043,520 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\EXCH_fcachdll.dll [2008/10/31 23:21:49 | 00,057,856 | ---- | C] (SEIKO EPSON CORP.) -- C:\WINDOWS\System32\dllcache\esuimgd.dll [2008/10/31 23:21:49 | 00,045,056 | ---- | C] (SEIKO EPSON CORP.) -- C:\WINDOWS\System32\dllcache\esunid.dll [2008/10/31 23:21:49 | 00,031,744 | ---- | C] (SEIKO EPSON CORP.) -- C:\WINDOWS\System32\dllcache\esucmd.dll [2008/10/31 23:21:49 | 00,025,856 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\et4000.sys [2008/10/31 23:21:37 | 00,020,992 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cprofile.exe [2008/10/31 23:21:32 | 00,017,408 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\chgport.exe [2008/10/31 23:21:32 | 00,015,872 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\chgusr.exe [2008/10/31 23:21:32 | 00,014,848 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\chglogon.exe [2008/10/31 23:21:32 | 00,010,752 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\change.exe [2008/10/31 23:21:30 | 00,054,528 | ---- | C] (Philips Semiconductors GmbH) -- C:\WINDOWS\System32\dllcache\cap7146.sys [2008/10/31 23:21:30 | 00,010,752 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\c_iscii.dll [2008/10/31 23:21:29 | 00,066,594 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_864.nls [2008/10/31 23:21:29 | 00,066,594 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_862.nls [2008/10/31 23:21:29 | 00,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_870.nls [2008/10/31 23:21:28 | 00,066,594 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_858.nls [2008/10/31 23:21:28 | 00,066,594 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_720.nls [2008/10/31 23:21:28 | 00,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_708.nls [2008/10/31 23:21:27 | 00,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_28596.nls [2008/10/31 23:21:27 | 00,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_21025.nls [2008/10/31 23:21:27 | 00,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20924.nls [2008/10/31 23:21:27 | 00,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20880.nls [2008/10/31 23:21:27 | 00,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20871.nls [2008/10/31 23:21:26 | 00,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20838.nls [2008/10/31 23:21:26 | 00,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20833.nls [2008/10/31 23:21:26 | 00,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20424.nls [2008/10/31 23:21:26 | 00,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20423.nls [2008/10/31 23:21:26 | 00,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20420.nls [2008/10/31 23:21:26 | 00,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20297.nls [2008/10/31 23:21:26 | 00,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20285.nls [2008/10/31 23:21:26 | 00,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20284.nls [2008/10/31 23:21:26 | 00,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20280.nls [2008/10/31 23:21:26 | 00,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20278.nls [2008/10/31 23:21:26 | 00,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20277.nls [2008/10/31 23:21:25 | 00,187,938 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20005.nls [2008/10/31 23:21:25 | 00,185,378 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20003.nls [2008/10/31 23:21:25 | 00,180,258 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20004.nls [2008/10/31 23:21:25 | 00,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20273.nls [2008/10/31 23:21:25 | 00,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20269.nls [2008/10/31 23:21:25 | 00,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20108.nls [2008/10/31 23:21:25 | 00,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20107.nls [2008/10/31 23:21:25 | 00,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20106.nls [2008/10/31 23:21:25 | 00,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20105.nls [2008/10/31 23:21:24 | 00,186,402 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20001.nls [2008/10/31 23:21:24 | 00,173,602 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20002.nls [2008/10/31 23:21:24 | 00,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_1149.nls [2008/10/31 23:21:24 | 00,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_1148.nls [2008/10/31 23:21:23 | 00,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_1147.nls [2008/10/31 23:21:23 | 00,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_1146.nls [2008/10/31 23:21:23 | 00,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_1145.nls [2008/10/31 23:21:23 | 00,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_1144.nls [2008/10/31 23:21:23 | 00,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_1143.nls [2008/10/31 23:21:23 | 00,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_1142.nls [2008/10/31 23:21:23 | 00,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_1141.nls [2008/10/31 23:21:23 | 00,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_1140.nls [2008/10/31 23:21:23 | 00,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_1047.nls [2008/10/31 23:21:22 | 00,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_10021.nls [2008/10/31 23:21:22 | 00,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_10005.nls [2008/10/31 23:21:22 | 00,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_10004.nls [2008/10/31 23:21:10 | 00,331,264 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\aqueue.dll [2008/10/31 23:21:09 | 00,045,056 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\EXCH_aqadmin.dll [2008/10/31 23:21:07 | 00,019,456 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\agt040d.dll [2008/10/31 23:21:07 | 00,019,456 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\agt0401.dll [2008/10/31 23:21:00 | 00,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\EXCH_adsiisex.dll [2008/10/31 23:20:53 | 00,032,827 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\tcptest.exe [2008/10/31 23:20:53 | 00,016,437 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\shtml.exe [2008/10/31 23:20:53 | 00,016,384 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\tcptsat.dll [2008/10/31 23:20:52 | 00,020,536 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\shtml.dll [2008/10/31 23:20:46 | 00,020,538 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fpremadm.exe [2008/10/31 23:20:45 | 00,598,071 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fpmmc.dll [2008/10/31 23:20:45 | 00,208,896 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fpmmcsat.dll [2008/10/31 23:20:45 | 00,188,494 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fpcount.exe [2008/10/31 23:20:45 | 00,109,328 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fp98swin.exe [2008/10/31 23:20:45 | 00,020,541 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fpexedll.dll [2008/10/31 23:20:44 | 00,876,653 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fp4awel.dll [2008/10/31 23:20:44 | 00,102,509 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fp4atxt.dll [2008/10/31 23:20:44 | 00,049,212 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fp4awebs.dll [2008/10/31 23:20:44 | 00,049,210 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fp4areg.dll [2008/10/31 23:20:44 | 00,041,020 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fp4avnb.dll [2008/10/31 23:20:44 | 00,032,826 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fp4avss.dll [2008/10/31 23:20:44 | 00,014,608 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fp98sadm.exe [2008/10/31 23:20:43 | 00,184,435 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fp4amsft.dll [2008/10/31 23:20:43 | 00,147,513 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fp4apws.dll [2008/10/31 23:20:43 | 00,082,035 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fp4anscp.dll [2008/10/31 23:20:42 | 00,188,480 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cfgwiz.exe [2008/10/31 23:20:42 | 00,020,540 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\author.dll [2008/10/31 23:20:42 | 00,016,439 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\author.exe [2008/10/31 23:20:41 | 00,016,439 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\admin.exe [2008/10/31 23:20:40 | 00,020,540 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\admin.dll [2008/10/31 23:18:30 | 00,000,488 | RH-- | C] () -- C:\WINDOWS\System32\logonui.exe.manifest [2008/10/31 23:18:21 | 00,000,749 | RH-- | C] () -- C:\WINDOWS\WindowsShell.Manifest [2008/10/31 23:18:21 | 00,000,749 | RH-- | C] () -- C:\WINDOWS\System32\wuaucpl.cpl.manifest [2008/10/31 23:18:21 | 00,000,749 | RH-- | C] () -- C:\WINDOWS\System32\sapi.cpl.manifest [2008/10/31 23:18:21 | 00,000,749 | RH-- | C] () -- C:\WINDOWS\System32\ncpa.cpl.manifest [2008/10/31 23:17:53 | 00,016,384 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\isignup.exe [2008/10/31 23:16:33 | 00,000,000 | ---D | C] -- C:\Program Files\ComPlus Applications [2008/10/31 22:52:41 | 00,016,254 | ---- | C] () -- C:\WINDOWS\System32\PINTLPAE.HLP [2008/10/31 22:52:41 | 00,014,821 | ---- | C] () -- C:\WINDOWS\System32\PINTLPAD.HLP [2008/10/31 22:52:35 | 00,482,304 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\PINTLGNT.IME [2008/10/31 22:52:35 | 00,482,304 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\pintlgnt.ime [2008/10/31 22:52:35 | 00,070,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\pintlphr.exe [2008/10/31 22:52:35 | 00,067,584 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\pmigrate.dll [2008/10/31 22:52:35 | 00,059,392 | ---- | C] () -- C:\WINDOWS\System32\dllcache\imscinst.exe [2008/10/31 22:52:20 | 00,024,661 | ---- | C] (Perle Systems Ltd.) -- C:\WINDOWS\System32\spxcoins.dll [2008/10/31 22:52:20 | 00,024,661 | ---- | C] (Perle Systems Ltd.) -- C:\WINDOWS\System32\dllcache\spxcoins.dll [2008/10/31 22:52:20 | 00,013,312 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\irclass.dll [2008/10/31 22:52:20 | 00,013,312 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\irclass.dll [2008/10/31 22:52:03 | 00,000,084 | -HS- | C] () -- C:\Documents and Settings\All Users\「開始」功能表\程式集\啟動\desktop.ini [2008/10/31 22:52:02 | 01,104,400 | ---- | C] () -- C:\WINDOWS\System32\dllcache\NTPRINT.CAT [2008/10/31 22:52:02 | 00,819,229 | ---- | C] () -- C:\WINDOWS\System32\dllcache\NT5IIS.CAT [2008/10/31 22:52:02 | 00,399,645 | ---- | C] () -- C:\WINDOWS\System32\dllcache\MAPIMIG.CAT [2008/10/31 22:52:02 | 00,168,806 | ---- | C] () -- C:\WINDOWS\System32\dllcache\startoc.cat [2008/10/31 22:52:02 | 00,037,484 | ---- | C] () -- C:\WINDOWS\System32\dllcache\MW770.CAT [2008/10/31 22:52:02 | 00,031,281 | ---- | C] () -- C:\WINDOWS\System32\dllcache\FP4.CAT [2008/10/31 22:52:02 | 00,014,043 | ---- | C] () -- C:\WINDOWS\System32\dllcache\IMS.CAT [2008/10/31 22:52:02 | 00,013,472 | ---- | C] () -- C:\WINDOWS\System32\dllcache\HPCRDP.CAT [2008/10/31 22:52:02 | 00,009,581 | ---- | C] () -- C:\WINDOWS\System32\dllcache\MSMSGS.CAT [2008/10/31 22:52:02 | 00,008,574 | ---- | C] () -- C:\WINDOWS\System32\dllcache\IASNT4.CAT [2008/10/31 22:52:02 | 00,007,710 | ---- | C] () -- C:\WINDOWS\System32\dllcache\OEMBIOS.CAT [2008/10/31 22:52:02 | 00,007,334 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wmerrenu.cat [2008/10/31 22:52:02 | 00,007,245 | ---- | C] () -- C:\WINDOWS\System32\dllcache\MSTSWEB.CAT [2008/10/31 22:52:01 | 01,938,986 | ---- | C] () -- C:\WINDOWS\System32\dllcache\NT5.CAT [2008/10/31 22:52:01 | 01,025,000 | ---- | C] () -- C:\WINDOWS\System32\dllcache\SP2.CAT [2008/10/31 22:52:01 | 00,520,138 | ---- | C] () -- C:\WINDOWS\System32\dllcache\NT5INF.CAT [2008/10/31 22:31:18 | 00,001,943 | ---- | C] () -- C:\WINDOWS\imsins.BAK [2008/10/27 21:41:01 | 10,717,96224 | -HS- | C] () -- C:\hiberfil.sys [2008/10/26 21:08:51 | 00,014,912 | ---- | C] () -- C:\WINDOWS\setupapi.old [2008/10/26 21:00:28 | 03,787,274 | -H-- | C] () -- C:\Documents and Settings\Ken\Local Settings\Application Data\IconCache.db [2008/10/26 20:23:42 | 00,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe [2008/10/26 20:23:42 | 00,161,792 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe [2008/10/26 20:23:42 | 00,136,704 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe [2008/10/26 20:23:42 | 00,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe [2008/10/26 20:23:42 | 00,089,504 | ---- | C] (Smallfrogs Studio) -- C:\WINDOWS\fdsv.exe [2008/10/26 20:23:42 | 00,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe [2008/10/26 20:23:42 | 00,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe [2008/10/26 20:23:42 | 00,049,152 | ---- | C] () -- C:\WINDOWS\VFIND.exe [2008/10/26 20:23:42 | 00,028,672 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe [2008/10/26 20:21:07 | 00,083,208 | ---- | C] () -- C:\Documents and Settings\Ken\桌面\RSIT.exe [2008/10/26 19:53:45 | 02,995,773 | R--- | C] () -- C:\Documents and Settings\Ken\桌面\ComboFix.exe [2008/10/24 14:47:23 | 20,594,416 | ---- | C] () -- C:\Documents and Settings\Ken\桌面\xyj.exe [2008/10/22 00:45:58 | 01,058,816 | ---- | C] () -- C:\Documents and Settings\Ken\桌面\中國錢幣與書法.doc [2008/10/22 00:44:19 | 00,029,184 | ---- | C] () -- C:\Documents and Settings\Ken\桌面\古钱币上的书法艺术.doc ** - C:\Documents and Settings\Ken\桌面\古??上的?法??.doc [2008/10/18 12:10:22 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Ken\桌面\中化評論 [2008/10/15 23:29:10 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Ken\桌面\Time management [2008/10/07 23:59:22 | 00,024,576 | ---- | C] () -- C:\Documents and Settings\Ken\桌面\Reference.doc [2008/10/07 23:20:06 | 00,047,616 | ---- | C] () -- C:\Documents and Settings\Ken\桌面\Part 2.doc [2008/10/07 16:29:23 | 02,032,128 | ---- | C] () -- C:\Documents and Settings\Ken\桌面\network01.ppt [2008/10/05 15:21:38 | 00,000,491 | ---- | C] () -- C:\Documents and Settings\Ken\「開始」功能表\程式集\啟動\OAhotkey.lnk ========== Files - Modified Within 30 Days ========== [1 C:\*.tmp files] [5 C:\WINDOWS\*.tmp files] [6 C:\Documents and Settings\Ken\桌面\*.tmp files] [2008/11/02 11:45:26 | 00,422,400 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Ken\桌面\OTViewIt.exe [2008/11/02 11:42:36 | 00,000,066 | ---- | M] () -- C:\WINDOWS\anticrash.dat [2008/11/02 11:42:36 | 00,000,061 | ---- | M] () -- C:\WINDOWS\hare.dat [2008/11/02 11:42:35 | 00,064,512 | -H-- | M] () -- C:\Documents and Settings\Ken\Application Data\dach100.dll [2008/11/02 11:42:33 | 00,000,060 | ---- | M] () -- C:\WINDOWS\zoom.dat [2008/11/02 11:41:42 | 00,002,422 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl [2008/11/02 11:40:57 | 00,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT [2008/11/02 11:40:53 | 00,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat [2008/11/02 11:40:47 | 10,717,96224 | -HS- | M] () -- C:\hiberfil.sys [2008/11/02 08:39:00 | 00,000,250 | ---- | M] () -- C:\WINDOWS\tasks\查看 Windows Live Toolbar 的更新資訊.job [2008/11/01 22:27:48 | 00,000,581 | ---- | M] () -- C:\Documents and Settings\Ken\My Documents\我的共用資料夾.lnk [2008/11/01 22:26:56 | 00,001,715 | ---- | M] () -- C:\Documents and Settings\All Users\桌面\Windows Live Messenger .lnk [2008/11/01 21:06:44 | 00,401,720 | ---- | M] (Trend Micro Inc.) -- C:\Documents and Settings\Ken\桌面\HiJackThis.exe [2008/11/01 00:26:16 | 00,000,847 | ---- | M] () -- C:\WINDOWS\system.ini [2008/10/31 23:59:53 | 00,000,257 | -HS- | M] () -- C:\Documents and Settings\Ken\My Documents\desktop.ini [2008/10/31 23:57:22 | 00,002,422 | ---- | M] () -- C:\WINDOWS\System32\wpa.bak [2008/10/31 23:35:56 | 00,355,072 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT [2008/10/31 23:33:23 | 01,126,090 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI [2008/10/31 23:33:23 | 00,448,646 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat [2008/10/31 23:33:23 | 00,428,028 | ---- | M] () -- C:\WINDOWS\System32\prfh0404.dat [2008/10/31 23:33:23 | 00,153,398 | ---- | M] () -- C:\WINDOWS\System32\prfc0404.dat [2008/10/31 23:33:23 | 00,074,336 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat [2008/10/31 23:28:27 | 00,000,587 | ---- | M] () -- C:\WINDOWS\System32\$winnt$.inf [2008/10/31 23:20:03 | 00,000,084 | -HS- | M] () -- C:\Documents and Settings\All Users\「開始」功能表\程式集\啟動\desktop.ini [2008/10/31 23:19:57 | 00,316,640 | ---- | M] () -- C:\WINDOWS\WMSysPr9.prx [2008/10/31 23:19:55 | 00,023,392 | ---- | M] () -- C:\WINDOWS\System32\nscompat.tlb [2008/10/31 23:19:55 | 00,016,832 | ---- | M] () -- C:\WINDOWS\System32\amcompat.tlb [2008/10/31 23:19:37 | 00,004,205 | ---- | M] () -- C:\WINDOWS\ODBCINST.INI [2008/10/31 23:18:30 | 00,000,488 | RH-- | M] () -- C:\WINDOWS\System32\WindowsLogon.manifest [2008/10/31 23:18:30 | 00,000,488 | RH-- | M] () -- C:\WINDOWS\System32\logonui.exe.manifest [2008/10/31 23:18:21 | 00,000,749 | RH-- | M] () -- C:\WINDOWS\WindowsShell.Manifest [2008/10/31 23:18:21 | 00,000,749 | RH-- | M] () -- C:\WINDOWS\System32\wuaucpl.cpl.manifest [2008/10/31 23:18:21 | 00,000,749 | RH-- | M] () -- C:\WINDOWS\System32\sapi.cpl.manifest [2008/10/31 23:18:21 | 00,000,749 | RH-- | M] () -- C:\WINDOWS\System32\nwc.cpl.manifest [2008/10/31 23:18:21 | 00,000,749 | RH-- | M] () -- C:\WINDOWS\System32\ncpa.cpl.manifest [2008/10/31 23:18:21 | 00,000,749 | RH-- | M] () -- C:\WINDOWS\System32\cdplayer.exe.manifest [2008/10/31 23:18:02 | 00,001,210 | ---- | M] () -- C:\WINDOWS\win.ini [2008/10/31 23:16:48 | 00,023,152 | ---- | M] () -- C:\WINDOWS\System32\emptyregdb.dat [2008/10/31 23:15:22 | 00,000,505 | ---- | M] () -- C:\WINDOWS\System32\mapisvc.inf [2008/10/31 23:13:36 | 00,000,211 | -HS- | M] () -- C:\boot.ini [2008/10/31 22:57:27 | 00,004,128 | ---- | M] () -- C:\INFCACHE.1 [2008/10/31 22:52:03 | 00,000,062 | -HS- | M] () -- C:\Documents and Settings\All Users\Documents\desktop.ini [2008/10/31 22:52:03 | 00,000,062 | -HS- | M] () -- C:\Documents and Settings\All Users\Application Data\desktop.ini [2008/10/31 22:35:50 | 03,787,274 | -H-- | M] () -- C:\Documents and Settings\Ken\Local Settings\Application Data\IconCache.db [2008/10/31 22:34:47 | 00,014,912 | ---- | M] () -- C:\WINDOWS\setupapi.old [2008/10/31 22:31:30 | 00,001,943 | ---- | M] () -- C:\WINDOWS\imsins.BAK [2008/10/26 20:57:04 | 00,000,223 | -H-- | M] () -- C:\WINDOWS\winshell.dat [2008/10/26 20:21:09 | 00,083,208 | ---- | M] () -- C:\Documents and Settings\Ken\桌面\RSIT.exe [2008/10/26 19:53:45 | 02,995,773 | R--- | M] () -- C:\Documents and Settings\Ken\桌面\ComboFix.exe [2008/10/26 18:01:42 | 00,000,072 | ---- | M] () -- C:\Documents and Settings\Ken\桌面\config.ini [2008/10/24 14:48:16 | 20,594,416 | ---- | M] () -- C:\Documents and Settings\Ken\桌面\xyj.exe [2008/10/24 14:48:16 | 00,001,109 | ---- | M] () -- C:\WINDOWS\System32\cid_store.dat [2008/10/24 00:33:57 | 00,000,135 | ---- | M] () -- C:\WINDOWS\System32\imon1.dat [2008/10/22 00:45:59 | 01,058,816 | ---- | M] () -- C:\Documents and Settings\Ken\桌面\中國錢幣與書法.doc [2008/10/22 00:44:20 | 00,029,184 | ---- | M] () -- C:\Documents and Settings\Ken\桌面\古钱币上的书法艺术.doc ** - C:\Documents and Settings\Ken\桌面\古??上的?法??.doc [2008/10/21 23:49:37 | 00,265,205 | R--- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts.20081026-201027.backup [2008/10/21 23:49:37 | 00,265,205 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts [2008/10/21 23:47:27 | 00,265,205 | R--- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts.20081021-234937.backup [2008/10/08 23:05:45 | 00,000,268 | -H-- | M] () -- C:\sqmdata18.sqm [2008/10/08 23:05:45 | 00,000,244 | -H-- | M] () -- C:\sqmnoopt18.sqm [2008/10/08 03:19:40 | 16,721,856 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\MRT.exe [2008/10/07 23:59:22 | 00,024,576 | ---- | M] () -- C:\Documents and Settings\Ken\桌面\Reference.doc [2008/10/07 23:20:06 | 00,047,616 | ---- | M] () -- C:\Documents and Settings\Ken\桌面\Part 2.doc [2008/10/07 16:29:25 | 02,032,128 | ---- | M] () -- C:\Documents and Settings\Ken\桌面\network01.ppt [2008/10/05 15:21:38 | 00,000,491 | ---- | M] () -- C:\Documents and Settings\Ken\「開始」功能表\程式集\啟動\OAhotkey.lnk [2008/10/05 15:20:45 | 00,000,040 | ---- | M] () -- C:\WINDOWS\EPDOA.ini [2008/10/04 02:20:19 | 00,265,205 | R--- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts.20081021-234726.backup [2008/10/04 00:58:14 | 06,066,176 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\ieframe.dll < End of report > |
|
|
|
|
Nov 1 2008, 10:51 PM
Post
#4
|
|
|
Member Group: Members Posts: 44 Joined: 1-November 08 Member No.: 251,993 |
And it is the extras.txt
======================= OTViewIt Extras logfile created on: 2/11/2008 11:46:39 - Run OTViewIt by OldTimer - Version 1.0.20.0 Folder = C:\Documents and Settings\Ken\桌面 Windows XP Home Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation Internet Explorer (Version = 6.0.2900.2180) Locale: 00000C04 | Country: 香港特別行政區 | Language: ZHH | Date Format: d/M/yyyy 1022.07 Mb Total Physical Memory | 586.45 Mb Available Physical Memory | 57.38% Memory free 2.40 Gb Paging File | 2.07 Gb Available in Paging File | 86.16% Paging File free Paging file location(s): c:\pagefile.sys 1536 3072; %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files Drive C: | 148.96 Gb Total Space | 98.42 Gb Free Space | 66.07% Space Free | Partition Type: NTFS D: Drive not present or media not loaded E: Drive not present or media not loaded F: Drive not present or media not loaded G: Drive not present or media not loaded H: Drive not present or media not loaded I: Drive not present or media not loaded Computer Name: PAUL Current User Name: Ken Logged in as Administrator. Current Boot Mode: Normal Scan Mode: All users Whitelist: Off File Age = 30 Days "Use My Stylesheet"= "User Stylesheet"= ========== File Associations ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>] .url [@ = InternetShortcut] -- C:\WINDOWS\system32\ieframe.dll (Microsoft Corporation) ========== Security Center Settings ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center] "FirstRunDisabled"=1 "AntiVirusDisableNotify"=0 "FirewallDisableNotify"=0 "UpdatesDisableNotify"=0 "AntiVirusOverride"=0 "FirewallOverride"=1 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus] "DisableMonitoring"=1 ""= [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall] HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile "EnableFirewall"=1 "DoNotAllowExceptions"=1 "DisableNotifications"=0 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts] ========== Authorized Applications List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List] [2008/04/14 02:53:32 | 00,558,080 | ---- | M] (Microsoft Corporation) -- %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000 [2004/08/12 18:00:00 | 00,136,704 | ---- | M] (Microsoft Corporation) -- %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019 [2007/10/18 11:35:18 | 05,724,184 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger [2007/10/02 17:18:24 | 00,304,488 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Live\Messenger\livecall.exe:*:Enabled:Windows Live Messenger (Phone) [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List] [2006/11/29 14:29:40 | 01,413,120 | ---- | M] (Thunder Networking Technologies,LTD) -- C:\Program Files\Thunder Network\Thunder\Program\Thunder5.exe:*:Enabled:Thunder [2005/12/07 16:45:30 | 00,447,488 | ---- | M] (Kingsoft Co, Ltd.) -- C:\Program Files\Kingsoft\PowerWord 2006\XDICT.EXE:*:Enabled:Kingsoft PowerWord 2006 [2008/04/14 02:53:32 | 00,558,080 | ---- | M] (Microsoft Corporation) -- %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000 [2006/11/13 02:35:30 | 05,081,600 | ---- | M] () -- C:\Program Files\YouBe Casual Network\YouBe.exe:*:Enabled:YouBe Casual Network Client [2007/06/05 13:02:13 | 01,922,936 | ---- | M] (Speedbit Ltd.) -- C:\Program Files\SpeedBit Video Accelerator\VideoAccelerator.exe:*:Enabled:VideoAccelerator [2007/06/05 13:02:13 | 00,137,088 | ---- | M] (Speedbit Ltd.) -- C:\Program Files\SpeedBit Video Accelerator\VideoAcceleratorEngine.exe:*:Enabled:VideoAcceleratorEngine [2004/08/12 18:00:00 | 00,136,704 | ---- | M] (Microsoft Corporation) -- %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019 [2007/10/18 11:35:18 | 05,724,184 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger [2007/10/02 17:18:24 | 00,304,488 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Live\Messenger\livecall.exe:*:Enabled:Windows Live Messenger (Phone) ========== (O10) Winsock2 Catalogs ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\] NameSpace_Catalog5\Catalog_Entries\000000000001 [PNRP 定域機組命名空間提供者] -- C:\WINDOWS\system32\pnrpnsp.dll (Microsoft Corporation) NameSpace_Catalog5\Catalog_Entries\000000000002 [PNRP 名稱命名空間提供者] -- C:\WINDOWS\system32\pnrpnsp.dll (Microsoft Corporation) Protocol_Catalog9\Catalog_Entries\000000000001 -- C:\WINDOWS\system32\imon.dll (Eset ) Protocol_Catalog9\Catalog_Entries\000000000002 -- C:\WINDOWS\system32\imon.dll (Eset ) Protocol_Catalog9\Catalog_Entries\000000000003 -- C:\WINDOWS\system32\imon.dll (Eset ) Protocol_Catalog9\Catalog_Entries\000000000004 -- C:\WINDOWS\system32\imon.dll (Eset ) Protocol_Catalog9\Catalog_Entries\000000000005 -- C:\WINDOWS\system32\imon.dll (Eset ) Protocol_Catalog9\Catalog_Entries\000000000006 -- C:\WINDOWS\system32\imon.dll (Eset ) Protocol_Catalog9\Catalog_Entries\000000000007 -- C:\WINDOWS\system32\imon.dll (Eset ) Protocol_Catalog9\Catalog_Entries\000000000008 -- C:\WINDOWS\system32\imon.dll (Eset ) Protocol_Catalog9\Catalog_Entries\000000000009 -- C:\WINDOWS\system32\imon.dll (Eset ) Protocol_Catalog9\Catalog_Entries\000000000010 -- C:\WINDOWS\system32\imon.dll (Eset ) Protocol_Catalog9\Catalog_Entries\000000000011 -- C:\WINDOWS\system32\imon.dll (Eset ) Protocol_Catalog9\Catalog_Entries\000000000012 -- C:\WINDOWS\system32\imon.dll (Eset ) Protocol_Catalog9\Catalog_Entries\000000000013 -- C:\WINDOWS\system32\imon.dll (Eset ) Protocol_Catalog9\Catalog_Entries\000000000014 -- C:\WINDOWS\system32\imon.dll (Eset ) Protocol_Catalog9\Catalog_Entries\000000000015 -- C:\WINDOWS\system32\imon.dll (Eset ) Protocol_Catalog9\Catalog_Entries\000000000016 -- C:\WINDOWS\system32\imon.dll (Eset ) Protocol_Catalog9\Catalog_Entries\000000000017 -- C:\WINDOWS\system32\imon.dll (Eset ) Protocol_Catalog9\Catalog_Entries\000000000018 -- C:\WINDOWS\system32\imon.dll (Eset ) Protocol_Catalog9\Catalog_Entries\000000000019 -- C:\WINDOWS\system32\imon.dll (Eset ) Protocol_Catalog9\Catalog_Entries\000000000020 -- C:\WINDOWS\system32\imon.dll (Eset ) Protocol_Catalog9\Catalog_Entries\000000000021 -- C:\WINDOWS\system32\imon.dll (Eset ) Protocol_Catalog9\Catalog_Entries\000000000022 -- C:\WINDOWS\system32\imon.dll (Eset ) Protocol_Catalog9\Catalog_Entries\000000000023 -- C:\WINDOWS\system32\imon.dll (Eset ) Protocol_Catalog9\Catalog_Entries\000000000024 -- C:\WINDOWS\system32\imon.dll (Eset ) Protocol_Catalog9\Catalog_Entries\000000000025 -- C:\WINDOWS\system32\imon.dll (Eset ) Protocol_Catalog9\Catalog_Entries\000000000026 -- C:\WINDOWS\system32\imon.dll (Eset ) Protocol_Catalog9\Catalog_Entries\000000000027 -- C:\WINDOWS\system32\imon.dll (Eset ) Protocol_Catalog9\Catalog_Entries\000000000028 -- C:\WINDOWS\system32\imon.dll (Eset ) Protocol_Catalog9\Catalog_Entries\000000000029 -- C:\WINDOWS\system32\imon.dll (Eset ) Protocol_Catalog9\Catalog_Entries\000000000030 -- C:\WINDOWS\system32\imon.dll (Eset ) Protocol_Catalog9\Catalog_Entries\000000000031 -- C:\WINDOWS\system32\imon.dll (Eset ) ========== (O18) Protocol Handlers ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\] ipp: [HKLM - No CLSID value] [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\] - Protocol Handlers [2007/08/28 23:55:14 | 01,014,128 | ---- | M] (Microsoft Corporation) C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL ipp\0x00000001:{E1D2BF42-A96B-11d1-9C6B-0000F875AC61} (HKLM) [HKLM - MSDAMON.BINDER] [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\] [2007/10/18 11:31:54 | 00,066,072 | ---- | M] (Microsoft Corporation) C:\Program Files\Windows Live\Messenger\msgrapp.8.5.1302.1018.dll (livecall:{828030A1-22C1-4009-854F-8E305202313F} (HKLM) [Reg Error: Value does not exist or could not be read.]) [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\] msdaipp: [HKLM - No CLSID value] [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\] - Protocol Handlers [2007/08/28 23:55:14 | 01,014,128 | ---- | M] (Microsoft Corporation) C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL msdaipp\0x00000001:{E1D2BF42-A96B-11d1-9C6B-0000F875AC61} (HKLM) [HKLM - MSDAMON.BINDER] [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\] - Protocol Handlers [2007/08/28 23:55:14 | 01,014,128 | ---- | M] (Microsoft Corporation) C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL msdaipp\oledb:{E1D2BF40-A96B-11d1-9C6B-0000F875AC61} (HKLM) [HKLM - MSDAIPP.BINDER] [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\] [2006/10/26 13:45:02 | 00,873,216 | ---- | M] (Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll (ms-help:{314111c7-a502-11d2-bbca-00c04f8ec294} (HKLM) [HxProtocol Class]) [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\] [2000/04/19 18:47:36 | 00,520,117 | ---- | M] (Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\Information Retrieval\MSITSS.DLL (ms-itss:{0A9007C0-4076-11D3-8789-0000F8105754} (HKLM) [Microsoft Infotech Storage Protocol for IE 4.0]) [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\] [2007/10/18 11:31:54 | 00,066,072 | ---- | M] (Microsoft Corporation) C:\Program Files\Windows Live\Messenger\msgrapp.8.5.1302.1018.dll (msnim:{828030A1-22C1-4009-854F-8E305202313F} (HKLM) [Reg Error: Value does not exist or could not be read.]) [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\] [2007/03/14 13:10:22 | 07,255,384 | ---- | M] (Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\Web Components\10\OWC10.DLL (mso-offdap:{3D9F03FA-7A94-11D3-BE81-0050048385D1} (HKLM) [Data Page Pluggable Protocol mso-offdap Handler]) [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\] [2007/05/10 13:45:34 | 08,069,464 | ---- | M] (Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\Web Components\11\OWC11.DLL (mso-offdap11:{32505114-5902-49B2-880A-1F7738E5A384} (HKLM) [Data Page Plugable Protocal mso-offdap11 Handler]) [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\] [2007/10/23 12:14:52 | 00,858,136 | ---- | M] (Microsoft Corporation) C:\Program Files\Windows Live\Mail\mailcomm.dll (wlmailhtml:{03C514A3-1EFB-4856-9F99-10D7BE1653C0} (HKLM) [Windows Live Mail HTML Asynchronous Pluggable Protocol Handler]) ========== (O18) Protocol Filters ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Filter\] - Protocol Filters [2007/04/19 13:57:40 | 00,046,432 | ---- | M] (Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\OFFICE11\MSOXMLMF.DLL text/xml:{807553E5-5146-11D5-A672-00B0D022E945} (HKLM) [Reg Error: Value does not exist or could not be read.] ========== HKEY_LOCAL_MACHINE Uninstall List ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "{05BB2EC5-6BEF-4DDC-9E75-BEE7B161157A}"=Macromedia Dreamweaver MX 2004 "{09F1BC13-752E-4569-B6E3-CEF1695ACC7F}"=Powerword 2006 "{0B76561B-A254-44F2-B78D-E18705FBE9F0}"=Windows Presentation Foundation Language Pack (CHT) "{0BEDBD4E-2D34-47B5-9973-57E62B29307C}"=ATI 控制台 "{0C9B0475-F65F-45AB-8D88-2AE7C195E907}"=Microsoft .NET Framework 1.1 Chinese (Traditional) Lang. Pack "{0DEE88A2-E250-4955-A5AF-EFC2C305E7C6}"=Windows Live installer "{0F9196C6-58B4-445B-B56E-B1200FECC151}"=Microsoft Bootvis "{1206EF92-2E83-4859-ACCB-2048C3CB7DA6}"=Sonic DLA "{20FF019B-1346-453F-B3BB-95795FA2E085}"=Windows Communication Foundation Language Pack - CHT "{236BB7C4-4419-42FD-0409-1E257A25E34D}"=Adobe Photoshop CS2 "{2864C41B-EF2D-4640-95A2-526276524519}"=Borland C++Builder 6 "{2F10F540-4126-45B5-B14C-9B8D119205E6}"=Windows Workflow Foundation ZH-CHT Language Pack "{2F353D44-73BB-4971-B31D-F7642E9E9531}"=Macromedia Flash MX 2004 "{30465B6C-B53F-49A1-9EBA-A3F187AD502E}"=Sonic Update Manager "{3248F0A8-6813-11D6-A77B-00B0D0160020}"=Java™ 6 Update 2 "{3248F0A8-6813-11D6-A77B-00B0D0160060}"=Java™ 6 Update 6 "{3248F0A8-6813-11D6-A77B-00B0D0160070}"=Java™ 6 Update 7 "{350C97B6-3D7C-4EE8-BAA9-00BCB3D54227}"=WebFldrs XP "{358A2F50-8885-4EDE-BBB0-130A5834E0B4}"=Visual FoxPro 9.0 Baseline - English "{36177F72-8181-45D7-95D1-EA5B008A4DC9}"=Macro Vibration Joystick "{3748D2FC-83CB-445A-87D8-DE88080FBB4F}"=Power Voice II "{394BE3D9-7F57-4638-A8D1-1D88671913B7}"=Microsoft AppLocale "{39F8BF57-47FA-4F8D-9404-1B41321743AF}"=AntiCrash 3.6.1 "{41925E73-4C04-479C-B2CA-C3EEA2A4CD3E}"=醇紌 (Windows Live Toolbar) "{43CAC9A1-1993-4F65-9096-7C9AFC2BBF54}"=Dell CinePlayer "{48976A2B-53A5-435E-AF7A-8D034ED24ECF}"=Wiseman Voice Engine "{491DD792-AD81-429C-9EB4-86DD3D22E333}"=Windows Communication Foundation "{53984380-2AE6-458A-8C64-FEB40B747E8F}"=Civilization III "{5B6BE547-21E2-49CA-B2E2-6A5F470593B1}"=Sonic Activation Module "{618CE1E3-AAE5-4E53-ABC7-01E1224D5870}"=Shin Sangokumusou 4 Special "{636EFC48-221F-442B-9299-5E2A09B3D933}"=Windows Live Toolbar "{6560D90C-5223-49A3-B78C-A48C31EAEC56}"=Windows Live Messenger "{67C5EC16-0DC1-4045-A7FF-D7D0FFA4B54D}"=Microsoft .NET Framework 2.0 Language Pack - CHT "{6BD5BA64-404E-4D4C-80D1-70EF72EC3D6D}"=Microsoft .NET Framework 3.0 Traditional Chinese Language Pack "{772214C5-4CC2-40FA-8BD8-A98570D18C13}"=Windows Live 紇钩いみ "{7D1B85BD-AA07-48B8-808D-67A4067FC6BD}"=Windows Workflow Foundation "{83F793B5-8BBF-42FD-A8A6-868CB3E2AAEA}"=Intel® PROSet for Wired Connections "{8D49763E-A43C-45CB-9561-5267627ED243}"=Windows Live Mail "{8EDBA74D-0686-4C99-BFDD-F894678E5B39}"=Adobe Common File Installer "{90110404-6000-11D3-8CFE-0150048383C9}"=Microsoft Office Professional Edition 2003 "{90120000-0010-0804-0000-0000000FF1CE}"=Microsoft Software Update for Web Folders (Chinese (Simplified)) 12 "{90120000-001F-0409-0000-0000000FF1CE}"=Microsoft Office Proof (English) 2007 "{90120000-001F-0409-0000-0000000FF1CE}_PRJPRO_{3EC77D26-799B-4CD8-914F-C1565E796173}"=2007 Microsoft Office Suite Service Pack 1 (SP1) "{90120000-001F-0409-0000-0000000FF1CE}_VISPRO_{3EC77D26-799B-4CD8-914F-C1565E796173}"=2007 Microsoft Office Suite Service Pack 1 (SP1) "{90120000-001F-0804-0000-0000000FF1CE}"=Microsoft Office Proof (Chinese (Simplified)) 2007 "{90120000-001F-0804-0000-0000000FF1CE}_PRJPRO_{C0214747-76E6-4C82-ACE7-4F6FB84CE5A9}"=2007 Microsoft Office Suite Service Pack 1 (SP1) "{90120000-001F-0804-0000-0000000FF1CE}_VISPRO_{C0214747-76E6-4C82-ACE7-4F6FB84CE5A9}"=2007 Microsoft Office Suite Service Pack 1 (SP1) "{90120000-0028-0804-0000-0000000FF1CE}"=Microsoft Office IME (Chinese (Simplified)) 2007 "{90120000-0028-0804-0000-0000000FF1CE}_PRJPRO_{5E9B9C9D-964B-4E00-BD68-A22AC484E835}"=2007 Microsoft Office Suite Service Pack 1 (SP1) "{90120000-0028-0804-0000-0000000FF1CE}_VISPRO_{5E9B9C9D-964B-4E00-BD68-A22AC484E835}"=2007 Microsoft Office Suite Service Pack 1 (SP1) "{90120000-002C-0804-0000-0000000FF1CE}"=Microsoft Office Proofing (Chinese (Simplified)) 2007 "{90120000-003B-0000-0000-0000000FF1CE}"=Microsoft Office Project Professional 2007 "{90120000-003B-0000-0000-0000000FF1CE}_PRJPRO_{C1877F6E-C1C8-486D-A697-86431029690C}"=Microsoft Office Project 2007 Service Pack 1 (SP1) "{90120000-0051-0000-0000-0000000FF1CE}"=Microsoft Office Visio Professional 2007 "{90120000-0051-0000-0000-0000000FF1CE}_VISPRO_{AA4F2610-5FF1-4DCD-A6FB-BCA2D09A6443}"=Microsoft Office Visio 2007 Service Pack 1 (SP1) "{90120000-0054-0804-0000-0000000FF1CE}"=Microsoft Office Visio MUI (Chinese (Simplified)) 2007 "{90120000-0054-0804-0000-0000000FF1CE}_VISPRO_{C56C2A01-1BA3-401D-AB05-FF8E13B64DCE}"=Microsoft Office Visio 2007 Service Pack 1 (SP1) "{90120000-006E-0804-0000-0000000FF1CE}"=Microsoft Office Shared MUI (Chinese (Simplified)) 2007 "{90120000-006E-0804-0000-0000000FF1CE}_PRJPRO_{AD8C9A1B-8EFE-42BE-93D0-7281302869D4}"=2007 Microsoft Office Suite Service Pack 1 (SP1) "{90120000-006E-0804-0000-0000000FF1CE}_VISPRO_{AD8C9A1B-8EFE-42BE-93D0-7281302869D4}"=2007 Microsoft Office Suite Service Pack 1 (SP1) "{90120000-00B4-0804-0000-0000000FF1CE}"=Microsoft Office Project MUI (Chinese (Simplified)) 2007 "{90120000-00B4-0804-0000-0000000FF1CE}_PRJPRO_{9051A408-D436-4670-B65C-EF793212AE7E}"=Microsoft Office Project 2007 Service Pack 1 (SP1) "{9BAAE963-E16D-4E17-AFE6-1965F5AA0292}"=Visual FoxPro 9.0 Professional - English "{9DE9E293-5D7B-4312-88C2-BDFAEC5310AE}"=Microsoft .NET Framework 3.0 "{9F16A9FF-3784-4F73-0082-2182D5A93311}"=Need For Speed Most Wanted "{A5BA14E0-7384-11D4-BAE7-00409631A2C8}"=Macromedia Extension Manager "{AC0EE5B0-A8FB-4D0A-AF03-2EDC518F841B}"=Dell Media Experience "{AC76BA86-7AD7-1028-7B44-A81200000003}"=Adobe Reader 8.1.2 - Chinese Traditional "{AC76BA86-7AD7-2447-0000-800000000003}"=Chinese Simplified Fonts Support For Adobe Reader 8 "{AFA4E5FD-ED70-4D92-99D0-162FD56DC986}"=Windows Live 祅腊も "{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1"=Spybot - Search & Destroy "{B508B3F1-A24A-32C0-B310-85786919EF28}"=Microsoft .NET Framework 2.0 Service Pack 1 "{B5FDA445-CAC4-4BA6-A8FB-A7212BD439DE}"=Microsoft XML Parser "{B74D4E10-6884-0000-0000-000000000103}"=Adobe Bridge 1.0 "{BAF78226-3200-4DB4-BE33-4D922A799840}"=Windows Presentation Foundation "{BB05D173-9681-4812-A7FA-BD4042A3DA00}"=Alky for Applications (Windows XP) "{BCB4C18A-ACA6-4383-8688-E19933A705DD}"=Microsoft SOAP Toolkit 3.0 "{C621DFA7-85D8-4CDF-89EA-B01001790038}"=InstallShield Express 5.0 Visual FoxPro Limited Edition "{C77B594A-8A79-4F66-92BE-D834CABD45CB}"=Zoom 1.3.1 "{C8550C86-A712-4219-AD4C-038C9FD1D149}"=Ulead PhotoImpact 11 "{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}"=Microsoft .NET Framework 1.1 "{CE7CB214-DB11-4B5D-A6AF-3B4ED47C68B7}"=Microsoft Game Studios Common Redistributables Pack 1 "{D0DCD54F-C829-41A5-AF32-71E632BB0E2C}"=Kaspersky Internet Security 6.0 "{D0EFA98B-03A8-4F7C-B1C9-247994711331}"=Hare 1.5.1 "{D3655544-5CAA-4705-B54D-2CBCE176AFDB}"=Windows Live Toolbar 耎 (Windows Live Toolbar) "{D41B0402-93A0-4242-9A9E-0FBD02A265CD}"=眶ヘ矗ボ浪跌竟 (Windows Live Toolbar) "{deb7008b-681e-4a4a-8aae-cc833e8216ce}.sdb"=Microsoft Windows Application Compatibility Database "{E583ED6F-BD99-4066-A420-C815BF692B69}"=Macromedia Fireworks MX 2004 "{E9787678-1033-0000-8E67-000000000001}"=Adobe Help Center 1.0 "{E9F81423-211E-46B6-9AE0-38568BC5CF6F}"= "{EE0D5DCD-2B97-4473-98DF-E93C0BD92F7A}"=Adobe Stock Photos 1.0 "{EEABB513-CB07-4918-BF68-C340B505A221}"=Windows Live Writer "{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}"=Microsoft SQL Server 2005 Compact Edition [ENU] "Ad-Aware SE Professional"=Ad-Aware SE Professional "Adobe Photoshop CS2 - {236BB7C4-4419-42FD-0409-1E257A25E34D}"=Adobe Photoshop CS2 "ATI Display Driver"=ATI Display Driver "AVGAntiSpyware75"=AVG Anti-Spyware 7.5 "Burn4Free"=Burn4Free CD and DVD "Burn4Free Toolbar"=Burn4Free Toolbar "ClocX"=ClocX (1.5b1) "CSI-3 Dimensions of Murder"=CSI-3 Dimensions of Murder 1.0 "Dev-C++ 4"=Dev-C++ 4 "DSMT6"=MathType 6 "FlashGet"=FlashGet 1.9.6.1073 "getPlus®_ocx"=getPlus®_ocx "HijackThis"=HijackThis 2.0.2 "Insaniquarium Deluxe 1.0"=Insaniquarium Deluxe 1.0 "InstallWIX_{D0DCD54F-C829-41A5-AF32-71E632BB0E2C}"=Kaspersky Internet Security 6.0 "Mechanics 96"=Mechanics 96 "Microsoft .NET Framework 1.1 (1033)"=Microsoft .NET Framework 1.1 "Microsoft .NET Framework 2.0 Language Pack - CHT"=Microsoft .NET Framework 2.0 粂ē甅ン - 羉砰いゅ "Microsoft .NET Framework 3.0"=Microsoft .NET Framework 3.0 "Microsoft .NET Framework 3.0 Traditional Chinese Language Pack"=Microsoft .NET Framework 3.0 羉砰いゅ粂ē甅ン "Mozilla Firefox (2.0.0.14)"=Mozilla Firefox (2.0.0.14) "NOD32"=NOD32防毒系統 "PRJPRO"=Microsoft Office Project Professional 2007 "PROSet"=Intel® PRO Network Connections Drivers "QuickTime"=QuickTime "RealPlayer 6.0"=RealPlayer "SpeedBit Video Accelerator"=SpeedBit Video Accelerator "Spybot - Search & Destroy_is1"=Spybot - Search & Destroy 1.5.2.20 "Taikou risshiden 4"=太閤立志傳Ⅳ "thunder_is1"=迅雷5 "USB-706 Vibration Joystick"=USB-706 Vibration Joystick "VISPRO"=Microsoft Office Visio Professional 2007 "Visual FoxPro 9.0 Professional - English"=Microsoft Visual FoxPro 9.0 Professional - English "Windows Live Toolbar"=Windows Live Toolbar "Windows Media Format Runtime"=Windows Media Format 11 runtime "Windows Media Player"=Windows Media Player 11 "WinRAR archiver"=WinRAR archiver "WMFDist11"=Windows Media Format 11 runtime "wmp11"=Windows Media Player 11 "XpsEPSC"=XML Paper Specification Shared Components Pack 1.0 "XPSEPSCLP"=XML Paper Specification Shared Components Language Pack 1.0 "Yayad"=Yayad "沭鎢諷秶芞抎奪燴炵苀等儂唳2008"=沭鎢諷秶芞抎奪燴炵苀等儂唳2008 ========== HKEY_CURRENT_USER Uninstall List ========== [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "InstallShield_{618CE1E3-AAE5-4E53-ABC7-01E1224D5870}"=真‧三國無雙4 Special ========== HKEY_USERS Uninstall List ========== [HKEY_USERS\S-1-5-21-2928647282-1049154914-751282057-1006\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "InstallShield_{618CE1E3-AAE5-4E53-ABC7-01E1224D5870}"=真‧三國無雙4 Special ========== Last 10 Event Log Errors ========== [ Application Events ] Error - 31/10/2008 11:38:32 | Computer Name = PAUL | Source = Windows Product Activation | ID = 1009 Description = 您並未在限定期間內啟用Windows。如果要啟用 Windows,請打電話連絡客戶服務人員。 Error - 31/10/2008 11:41:24 | Computer Name = PAUL | Source = Windows Product Activation | ID = 1009 Description = 您並未在限定期間內啟用Windows。如果要啟用 Windows,請打電話連絡客戶服務人員。 Error - 31/10/2008 11:42:28 | Computer Name = PAUL | Source = Windows Product Activation | ID = 1009 Description = 您並未在限定期間內啟用Windows。如果要啟用 Windows,請打電話連絡客戶服務人員。 Error - 31/10/2008 11:45:30 | Computer Name = PAUL | Source = Windows Product Activation | ID = 1009 Description = 您並未在限定期間內啟用Windows。如果要啟用 Windows,請打電話連絡客戶服務人員。 Error - 31/10/2008 12:03:24 | Computer Name = PAUL | Source = Application Hang | ID = 1002 Description = 無回應的應用程式 IEXPLORE.EXE,版本 6.0.2900.2180。無回應的模組 hungapp 版本 0.0.0.0。無回應的位址 0x00000000。 Error - 31/10/2008 12:04:00 | Computer Name = PAUL | Source = Application Error | ID = 1000 Description = 失敗的應用程式 iexplore.exe,版本 6.0.2900.2180,失敗的模組 unknown,版本 0.0.0.0,錯誤位址 0x02f20ff1。 Error - 31/10/2008 12:08:06 | Computer Name = PAUL | Source = Application Hang | ID = 1002 Description = 無回應的應用程式 IEXPLORE.EXE,版本 6.0.2900.2180。無回應的模組 hungapp 版本 0.0.0.0。無回應的位址 0x00000000。 Error - 31/10/2008 12:08:47 | Computer Name = PAUL | Source = Application Hang | ID = 1002 Description = 無回應的應用程式 IEXPLORE.EXE,版本 6.0.2900.2180。無回應的模組 hungapp 版本 0.0.0.0。無回應的位址 0x00000000。 Error - 31/10/2008 12:08:51 | Computer Name = PAUL | Source = Application Hang | ID = 1001 Description = 錯誤容器 126637809。 Error - 1/11/2008 9:22:39 | Computer Name = PAUL | Source = Application Hang | ID = 1002 Description = 無回應的應用程式 IEXPLORE.EXE,版本 6.0.2900.2180。無回應的模組 hungapp 版本 0.0.0.0。無回應的位址 0x00000000。 [ System Events ] Error - 31/10/2008 12:25:33 | Computer Name = PAUL | Source = Service Control Manager | ID = 7026 Description = 下列開機啟動或系統啟動驅動程式無法載入: 00 kl1 klif Error - 1/11/2008 8:38:39 | Computer Name = PAUL | Source = sptd | ID = 262148 Description = 驅動程式在 的資料結構中偵測內部錯誤。 Error - 1/11/2008 8:38:56 | Computer Name = PAUL | Source = Service Control Manager | ID = 7000 Description = Kaspersky Internet Security 6.0 服務無法啟動,因為發生下列錯誤: %%3 Error - 1/11/2008 8:39:04 | Computer Name = PAUL | Source = Service Control Manager | ID = 7026 Description = 下列開機啟動或系統啟動驅動程式無法載入: 00 kl1 klif Error - 1/11/2008 20:20:52 | Computer Name = PAUL | Source = sptd | ID = 262148 Description = 驅動程式在 的資料結構中偵測內部錯誤。 Error - 1/11/2008 20:21:15 | Computer Name = PAUL | Source = Service Control Manager | ID = 7000 Description = Kaspersky Internet Security 6.0 服務無法啟動,因為發生下列錯誤: %%3 Error - 1/11/2008 20:21:24 | Computer Name = PAUL | Source = Service Control Manager | ID = 7026 Description = 下列開機啟動或系統啟動驅動程式無法載入: 00 kl1 klif Error - 1/11/2008 23:41:17 | Computer Name = PAUL | Source = sptd | ID = 262148 Description = 驅動程式在 的資料結構中偵測內部錯誤。 Error - 1/11/2008 23:41:26 | Computer Name = PAUL | Source = Service Control Manager | ID = 7000 Description = Kaspersky Internet Security 6.0 服務無法啟動,因為發生下列錯誤: %%3 Error - 1/11/2008 23:41:30 | Computer Name = PAUL | Source = Service Control Manager | ID = 7026 Description = 下列開機啟動或系統啟動驅動程式無法載入: 00 kl1 klif < End of report > |
|
|
|
|
Nov 2 2008, 10:55 AM
Post
#5
|
|
|
Member Group: Members Posts: 44 Joined: 1-November 08 Member No.: 251,993 |
I am sorry to get back.
Can anyone help me deal with the problem? |
|
|
|
|
Nov 2 2008, 11:15 AM
Post
#6
|
|
|
Malware Expert Group: HJT Team Posts: 15,378 Joined: 23-December 04 From: Pickerington, Ohio Member No.: 7,762 |
Please download ComboFix from one of these locations: Link 1 Link 2 Link 3 * IMPORTANT !!! Save ComboFix.exe to your Desktop
 Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:  Click on Yes, to continue scanning for malware. When finished, it shall produce a log for you. Please include the C:\ComboFix.txt in your next reply. -------------------- If I have helped you in any way, please consider a donation to help me continue the fight against malware.Failing to respond back to the person that is giving up their own time to help you not only is insensitive and disrespectful, but it guarantees that you will never receive help from me again. Please thank your helpers and there will always be help here when you need it! ======================================================== |
|
|
|
|
Nov 2 2008, 11:50 AM
Post
#7
|
|
|
Member Group: Members Posts: 44 Joined: 1-November 08 Member No.: 251,993 |
ComboFix 08-11-01.06 - Ken 2008-11-03 0:40:28.6 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.2.950.886.1028.18.547 [GMT 8:00] 執行位置: C:\Documents and Settings\Ken\桌面\ComboFix.exe * 成功創造新還原點 * Resident AV is active . ((((((((((((((((((((((((((((((((((((((( 被刪除的檔案 ))))))))))))))))))))))))))))))))))))))))))))))))) . C:\Documents and Settings\Ken\Application Data\dach100.dll . ((((((((((((((((((((((((( 2008-10-02 至 2008-11-02 的新的檔案 ))))))))))))))))))))))))))))))) . 2008-11-02 15:56 . 2008-11-02 15:56 54,156 --ah----- C:\WINDOWS\QTFont.qfn 2008-11-02 15:56 . 2008-11-02 15:56 1,409 --a------ C:\WINDOWS\QTFont.for 2008-11-01 06:40 . 2008-11-01 06:40 <DIR> d-------- C:\WINDOWS\dell 2008-11-01 00:10 . 2008-11-01 00:10 <DIR> d-------- C:\Documents and Settings\Ken\Application Data\Talkback 2008-10-31 23:57 . 2008-10-31 23:57 2,422 --a------ C:\WINDOWS\system32\wpa.bak 2008-10-31 23:35 . 2008-11-01 00:35 <DIR> d-------- C:\Documents and Settings\Lee Chi Ho 2008-10-31 23:24 . 2004-08-12 18:00 41,600 --a--c--- C:\WINDOWS\system32\dllcache\weitekp9.dll 2008-10-31 23:24 . 2004-08-12 18:00 31,232 --a--c--- C:\WINDOWS\system32\dllcache\weitekp9.sys 2008-10-31 23:22 . 2004-08-12 18:00 111,104 --a--c--- C:\WINDOWS\system32\dllcache\mtstocom.exe 2008-10-31 23:21 . 2004-08-12 18:00 331,264 --a--c--- C:\WINDOWS\system32\dllcache\aqueue.dll 2008-10-31 23:20 . 2004-05-13 00:39 876,653 --a--c--- C:\WINDOWS\system32\dllcache\fp4awel.dll 2008-10-31 23:18 . 2008-10-31 23:18 749 -rah----- C:\WINDOWS\WindowsShell.Manifest 2008-10-31 23:18 . 2008-10-31 23:18 749 -rah----- C:\WINDOWS\system32\wuaucpl.cpl.manifest 2008-10-31 23:18 . 2008-10-31 23:18 749 -rah----- C:\WINDOWS\system32\sapi.cpl.manifest 2008-10-31 23:18 . 2008-10-31 23:18 749 -rah----- C:\WINDOWS\system32\ncpa.cpl.manifest 2008-10-31 23:18 . 2008-10-31 23:18 488 -rah----- C:\WINDOWS\system32\logonui.exe.manifest 2008-10-31 23:17 . 2004-08-12 18:00 16,384 --a--c--- C:\WINDOWS\system32\dllcache\isignup.exe 2008-10-31 22:51 . 2004-08-12 18:00 1,104,400 -ra------ C:\WINDOWS\SET77.tmp 2008-10-31 22:51 . 2004-08-12 18:00 1,025,000 -ra------ C:\WINDOWS\SET74.tmp 2008-10-31 22:51 . 2004-08-12 18:00 14,043 -ra------ C:\WINDOWS\SET83.tmp 2008-10-31 22:31 . 2008-10-31 22:31 1,943 --a------ C:\WINDOWS\imsins.BAK 2008-10-26 21:08 . 2008-10-31 22:34 14,912 --a------ C:\WINDOWS\setupapi.old 2008-10-07 21:54 . 2008-10-07 21:55 1,871 --a------ C:\Documents and Settings\Ken\abc.bat . (((((((((((((((((((((((((((((((((((((((( 在三個月內被修改的檔案 )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2008-11-01 14:00 --------- d-----w C:\Program Files\sanguo2 2008-10-31 16:20 --------- d-----w C:\Program Files\Spyware Doctor 2008-10-26 11:37 --------- d-----w C:\Program Files\ESET 2008-10-03 18:18 --------- d-----w C:\Program Files\Spybot - Search & Destroy 2008-09-11 12:42 --------- d-----w C:\Documents and Settings\All Users\Application Data\Microsoft Help 2008-09-08 09:28 --------- d-----w C:\Program Files\Nestopia 2008-09-08 09:06 --------- d-----w C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy 2008-09-06 15:58 --------- d-----w C:\Program Files\沭鎢諷秶芞抎奪燴炵苀 2008-09-06 14:18 --------- d-----w C:\Program Files\??管理系? 2008-09-02 07:34 --------- d-----w C:\Documents and Settings\All Users\Application Data\Office Genuine Advantage 2008-07-27 16:50 0 ----a-w C:\Documents and Settings\Ken\jagex_runescape_preferences.dat 2007-03-03 16:45 686 ----a-w C:\Documents and Settings\Ken\清除系統LJ.bat 2004-01-25 01:47 110,296 ----a-w C:\Documents and Settings\Ken\bor.exe . ((((((((((((((((((((((((((((( snapshot_2008-11-01_ 0.31.32.60 ))))))))))))))))))))))))))))))))))))))))) . - 2008-06-03 19:29:55 29,926 ----a-r C:\WINDOWS\Installer\{6560D90C-5223-49A3-B78C-A48C31EAEC56}\MsblIco.Exe + 2008-11-01 14:27:04 29,926 ----a-r C:\WINDOWS\Installer\{6560D90C-5223-49A3-B78C-A48C31EAEC56}\MsblIco.Exe + 2008-11-02 15:49:27 16,384 ----atw C:\WINDOWS\temp\Perflib_Perfdata_4bc.dat . ((((((((((((((((((((((((((((((((((((( 重要登入點 )))))))))))))))))))))))))))))))))))))))))))))))))) . . *注意* 空白與合法缺省登錄將不會被顯示 REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-12 15360] "MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [2008-04-15 1695232] "ISUSPM"="C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" [2007-08-30 205480] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "UserFaultCheck"="C:\WINDOWS\system32\dumprep 0 -u" [X] "ATIPTA"="C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2005-08-05 344064] "DMXLauncher"="C:\Program Files\Dell\Media Experience\DMXLauncher.exe" [2006-05-03 98304] "ISUSScheduler"="C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" [2007-08-28 73728] "TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [2006-07-14 180269] "Ulead AutoDetector v2"="C:\Program Files\Common Files\Ulead Systems\AutoDetector\monitor.exe" [2005-05-23 90112] "IMJPMIG8.1"="C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" [2004-08-12 208952] "ISUSPM Startup"="c:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\isuspm.exe" [2007-08-30 205480] "nod32kui"="C:\Program Files\Eset\nod32kui.exe" [2008-02-04 949376] "Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 39792] "DAEMON Tools"="C:\Program Files\DAEMON Tools\daemon.exe" [2005-12-10 133016] "IMEKRMIG6.1"="C:\WINDOWS\ime\imkr6_1\IMEKRMIG.EXE" [2004-08-12 44032] "MSPY2002"="C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe" [2004-08-12 59392] "PHIME2002ASync"="C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-08-12 455168] "PHIME2002A"="C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-08-12 455168] "SigmatelSysTrayApp"="stsystra.exe" [2005-03-22 C:\WINDOWS\stsystra.exe] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "ctfmon.exe"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-12 15360] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce] "tscuninstall"="C:\WINDOWS\system32\tscupgrd.exe" [2004-08-12 44544] C:\Documents and Settings\Ken\「開始」功能表\程式集\啟動\ Adobe Gamma.lnk - C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2005-03-16 113664] AntiCrash.lnk - C:\Program Files\Dachshund Software\AntiCrash\AntiCrash.exe [2002-12-17 2301798] Hare.lnk - C:\Program Files\Dachshund Software\Hare\Hare.exe [2002-09-21 1874381] OAhotkey.lnk - C:\EPDOA\OAHotkey.EXE [2007-07-26 491008] Zoom.lnk - C:\Program Files\Dachshund Software\Zoom\Zoom.exe [2002-09-21 1446302] [HKEY_LOCAL_MACHINE\software\microsoft\security center] "FirewallOverride"=dword:00000001 [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\KasperskyAntiVirus] "DisableMonitoring"=dword:00000001 [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "C:\\Program Files\\Thunder Network\\Thunder\\Program\\Thunder5.exe"= "C:\\Program Files\\Kingsoft\\PowerWord 2006\\XDICT.EXE"= "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "C:\\Program Files\\YouBe Casual Network\\YouBe.exe"= "C:\\Program Files\\SpeedBit Video Accelerator\\VideoAccelerator.exe"= "C:\\Program Files\\SpeedBit Video Accelerator\\VideoAcceleratorEngine.exe"= "%windir%\\system32\\sessmgr.exe"= "C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"= "C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"= R0 myxlljjp;myxlljjp;C:\WINDOWS\system32\DRIVERS\myxlljjp.sys [2007-06-19 11192] R0 vzchp;vzchp;C:\WINDOWS\system32\drivers\vzchp.sys [2008-04-15 28384] R2 sbbotdi;sbbotdi;C:\PROGRA~1\SPEEDB~1\sbbotdi.sys [2007-06-05 34304] S3 CENIXFMC;Cenix Digicom Digital Voice Recorder Service;C:\WINDOWS\system32\Drivers\CENIXFMC.sys [2002-10-07 18660] S3 hid7906;hid7906;C:\WINDOWS\system32\drivers\hid7906.sys [2006-06-28 53793] S3 IPvE;IPvE Adapter Driver;C:\WINDOWS\system32\DRIVERS\IPvE.sys [2008-06-29 14144] S3 jgameenp;jgameenp;C:\DOCUME~1\Ken\LOCALS~1\Temp\jgameenp.sys [ ] S3 p2pgasvc;Peer Networking Group Authentication;C:\WINDOWS\system32\svchost.exe [2004-08-12 14336] S3 p2pimsvc;Peer Networking Identity Manager;C:\WINDOWS\system32\svchost.exe [2004-08-12 14336] S3 p2psvc;Peer Networking;C:\WINDOWS\system32\svchost.exe [2004-08-12 14336] S3 PNRPSvc;Peer Name Resolution Protocol;C:\WINDOWS\system32\svchost.exe [2004-08-12 14336] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost] p2psvc REG_MULTI_SZ p2psvc p2pimsvc p2pgasvc PNRPSvc [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\D] \Shell\AutoRun\command - D:\setup.exe *Newly Created Service* - CATCHME . ‘計劃任務’ 文件夾 裡的內容 2008-11-02 C:\WINDOWS\Tasks\查看 Windows Live Toolbar 的更新資訊.job - C:\Program Files\Windows Live Toolbar\MSNTBUP.EXE [2007-10-19 11:20] . . ------- 而外的掃描 ------- . FireFox -: Profile - C:\Documents and Settings\Ken\Application Data\Mozilla\Firefox\Profiles\a4sjxaq1.default\ FireFox -: prefs.js - SEARCH.DEFAULTURL - hxxp://www.google.com/search?lr=&ie=UTF-8&oe=UTF-8&q= . ************************************************************************** catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2008-11-03 00:42:41 Windows 5.1.2600 Service Pack 2 NTFS 掃描被隱藏的進程。。。 ... 掃描被隱藏的啟動組。。。 掃描被隱藏的文件。。。 掃描完成 被隱藏的檔案: 0 ************************************************************************** . --------------------- 運行進程下的動態鏈接庫 --------------------- PROCESS: C:\WINDOWS\system32\lsass.exe -> C:\Program Files\Eset\pr_imon.dll . 完成時間: 2008-11-03 0:44:36 ComboFix-quarantined-files.txt 2008-11-02 16:44:09 ComboFix2.txt 2008-10-31 16:32:18 ComboFix3.txt 2008-10-27 14:06:36 ComboFix4.txt 2008-10-26 13:24:21 ComboFix5.txt 2008-11-02 16:35:58 Pre-Run: 105,453,273,088 位元組可用 Post-Run: 105,473,851,392 位元組可用 WindowsXP-KB310994-SP2-Home-BootDisk-CHT.exe [boot loader] timeout=2 default=multi(0)disk(0)rdisk(0)partition(2)\WINDOWS [operating systems] C:\CMDCONS\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons multi(0)disk(0)rdisk(0)partition(2)\WINDOWS="Microsoft Windows XP Home Edition" /noexecute=optin /fastdetect 165 --- E O F --- 2008-10-24 12:58:10 |
|
|
|
|
Nov 2 2008, 03:08 PM
Post
#8
|
|
|
Malware Expert Group: HJT Team Posts: 15,378 Joined: 23-December 04 From: Pickerington, Ohio Member No.: 7,762 |
Please visit the online Jotti Virus Scanner
If Jotti's too busy, try here: Go here: http://www.virustotal.com/en/virustotalf.html -------------------- If I have helped you in any way, please consider a donation to help me continue the fight against malware.Failing to respond back to the person that is giving up their own time to help you not only is insensitive and disrespectful, but it guarantees that you will never receive help from me again. Please thank your helpers and there will always be help here when you need it! ======================================================== |
|
|
|
button.
button.|
Nov 3 2008, 09:36 AM
Post
#9
|
|
|
Member Group: Members Posts: 44 Joined: 1-November 08 Member No.: 251,993 |
Scanner results
Scan taken on 03 Nov 2008 14:34:18 (GMT) A-Squared Found nothing AntiVir Found nothing ArcaVir Found nothing Avast Found nothing AVG Antivirus Found nothing BitDefender Found nothing ClamAV Found nothing CPsecure Found nothing Dr.Web Found nothing F-Prot Antivirus Found nothing F-Secure Anti-Virus Found nothing G DATA Found nothing Ikarus Found nothing Kaspersky Anti-Virus Found nothing NOD32 Found nothing Norman Virus Control Found nothing Panda Antivirus Found nothing Sophos Antivirus Found nothing VirusBuster Found nothing VBA32 Found nothing |
|
|
|
|
Nov 3 2008, 03:41 PM
Post
#10
|
|
|
Malware Expert Group: HJT Team Posts: 15,378 Joined: 23-December 04 From: Pickerington, Ohio Member No.: 7,762 |
Copy and paste ALL the following text in the Quote box below into Notepad.
Click on File(in the menu at the top)>Save as../Save as Type: 'All Files' /File name: CFScript to your desktop. CODE Driver:: jgameenp File:: C:\DOCUME~1\Ken\LOCALS~1\Temp\jgameenp.sys Registry:: [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main] "Start Page"=- [HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main] "Start Page"=- [HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main] "Start Page"=- [HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\Main] "Start Page"=- [HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\Main] "Start Page"=- [HKEY_USERS\S-1-5-21-2928647282-1049154914-751282057-1006\SOFTWARE\Microsoft\Internet Explorer\Main] "Start Page"=- Prior to running Combofix.exe you should disable your antivirus program and disconnect from the internet. Now drag then drop the CFScript file onto ComboFix.exe as seen in the image below.  This will start ComboFix again. After reboot, (in case it asks to reboot), post the contents of Combofix.txt in your next reply. ================= Please run the F-Secure Online Scanner Note: This Scanner is for Internet Explorer Only!
-------------------- If I have helped you in any way, please consider a donation to help me continue the fight against malware.Failing to respond back to the person that is giving up their own time to help you not only is insensitive and disrespectful, but it guarantees that you will never receive help from me again. Please thank your helpers and there will always be help here when you need it! ======================================================== |
|
|
|
|
Nov 4 2008, 09:59 AM
Post
#11
|
|
|
Member Group: Members Posts: 44 Joined: 1-November 08 Member No.: 251,993 |
ComboFix 08-11-03.06 - Ken 2008-11-04 22:40:30.7 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.2.950.886.1028.18.562 [GMT 8:00] 執行位置: c:\documents and settings\Ken\桌面\ComboFix.exe Command switches used :: c:\documents and settings\Ken\桌面\CFScript.txt * 成功創造新還原點 * Resident AV is active FILE :: c:\docume~1\Ken\LOCALS~1\Temp\jgameenp.sys . ((((((((((((((((((((((((((((((((((((((( 被刪除的檔案 ))))))))))))))))))))))))))))))))))))))))))))))))) . c:\documents and settings\Ken\Application Data\dach100.dll . ((((((((((((((((((((((((((((((((((((((( 驅動/服務 ))))))))))))))))))))))))))))))))))))))))))))))))) . -------\Service_jgameenp ((((((((((((((((((((((((( 2008-10-04 至 2008-11-04 的新的檔案 ))))))))))))))))))))))))))))))) . 2008-11-04 22:49 . 2008-11-04 22:49 64,512 --ah----- c:\documents and settings\Ken\Application Data\dach100.dll 2008-11-02 15:56 . 2008-11-02 15:56 54,156 --ah----- c:\windows\QTFont.qfn 2008-11-02 15:56 . 2008-11-02 15:56 1,409 --a------ c:\windows\QTFont.for 2008-11-01 06:40 . 2008-11-01 06:40 <DIR> d-------- c:\windows\dell 2008-11-01 00:10 . 2008-11-01 00:10 <DIR> d-------- c:\documents and settings\Ken\Application Data\Talkback 2008-10-31 23:57 . 2008-10-31 23:57 2,422 --a------ c:\windows\system32\wpa.bak 2008-10-31 23:35 . 2008-11-01 00:35 <DIR> d-------- c:\documents and settings\Lee Chi Ho 2008-10-31 23:24 . 2004-08-12 18:00 41,600 --a--c--- c:\windows\system32\dllcache\weitekp9.dll 2008-10-31 23:24 . 2004-08-12 18:00 31,232 --a--c--- c:\windows\system32\dllcache\weitekp9.sys 2008-10-31 23:22 . 2004-08-12 18:00 111,104 --a--c--- c:\windows\system32\dllcache\mtstocom.exe 2008-10-31 23:21 . 2004-08-12 18:00 331,264 --a--c--- c:\windows\system32\dllcache\aqueue.dll 2008-10-31 23:20 . 2004-05-13 00:39 876,653 --a--c--- c:\windows\system32\dllcache\fp4awel.dll 2008-10-31 23:18 . 2008-10-31 23:18 749 -rah----- c:\windows\WindowsShell.Manifest 2008-10-31 23:18 . 2008-10-31 23:18 749 -rah----- c:\windows\system32\wuaucpl.cpl.manifest 2008-10-31 23:18 . 2008-10-31 23:18 749 -rah----- c:\windows\system32\sapi.cpl.manifest 2008-10-31 23:18 . 2008-10-31 23:18 749 -rah----- c:\windows\system32\ncpa.cpl.manifest 2008-10-31 23:18 . 2008-10-31 23:18 488 -rah----- c:\windows\system32\logonui.exe.manifest 2008-10-31 23:17 . 2004-08-12 18:00 16,384 --a--c--- c:\windows\system32\dllcache\isignup.exe 2008-10-31 22:51 . 2004-08-12 18:00 1,104,400 -ra------ c:\windows\SET77.tmp 2008-10-31 22:51 . 2004-08-12 18:00 1,025,000 -ra------ c:\windows\SET74.tmp 2008-10-31 22:51 . 2004-08-12 18:00 14,043 -ra------ c:\windows\SET83.tmp 2008-10-31 22:31 . 2008-10-31 22:31 1,943 --a------ c:\windows\imsins.BAK 2008-10-26 21:08 . 2008-10-31 22:34 14,912 --a------ c:\windows\setupapi.old 2008-10-07 21:54 . 2008-10-07 21:55 1,871 --a------ c:\documents and settings\Ken\abc.bat . (((((((((((((((((((((((((((((((((((((((( 在三個月內被修改的檔案 )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2008-11-01 14:00 --------- d-----w c:\program files\sanguo2 2008-10-31 16:20 --------- d-----w c:\program files\Spyware Doctor 2008-10-26 11:37 --------- d-----w c:\program files\ESET 2008-10-03 18:18 --------- d-----w c:\program files\Spybot - Search & Destroy 2008-09-11 12:42 --------- d-----w c:\documents and settings\All Users\Application Data\Microsoft Help 2008-09-08 09:28 --------- d-----w c:\program files\Nestopia 2008-09-08 09:06 --------- d-----w c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy 2008-09-06 15:58 --------- d-----w c:\program files\沭鎢諷秶芞抎奪燴炵苀 2008-09-06 14:18 --------- d-----w c:\program files\??管理系? 2008-07-27 16:50 0 ----a-w c:\documents and settings\Ken\jagex_runescape_preferences.dat 2007-03-03 16:45 686 ----a-w c:\documents and settings\Ken\清除系統LJ.bat 2004-01-25 01:47 110,296 ----a-w c:\documents and settings\Ken\bor.exe . ((((((((((((((((((((((((((((( snapshot_2008-11-01_ 0.31.32.60 ))))))))))))))))))))))))))))))))))))))))) . - 2008-06-03 19:29:55 29,926 ----a-r c:\windows\Installer\{6560D90C-5223-49A3-B78C-A48C31EAEC56}\MsblIco.Exe + 2008-11-01 14:27:04 29,926 ----a-r c:\windows\Installer\{6560D90C-5223-49A3-B78C-A48C31EAEC56}\MsblIco.Exe + 2008-11-04 14:47:24 16,384 ----atw c:\windows\temp\Perflib_Perfdata_120.dat . ((((((((((((((((((((((((((((((((((((( 重要登入點 )))))))))))))))))))))))))))))))))))))))))))))))))) . . *注意* 空白與合法缺省登錄將不會被顯示 REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2004-08-12 15360] "MSMSGS"="c:\program files\Messenger\msmsgs.exe" [2008-04-15 1695232] "ISUSPM"="c:\program files\Common Files\InstallShield\UpdateService\isuspm.exe" [2007-08-30 205480] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "UserFaultCheck"="c:\windows\system32\dumprep 0 -u" [X] "ATIPTA"="c:\program files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2005-08-05 344064] "DMXLauncher"="c:\program files\Dell\Media Experience\DMXLauncher.exe" [2006-05-03 98304] "ISUSScheduler"="c:\program files\Common Files\InstallShield\UpdateService\issch.exe" [2007-08-28 73728] "TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2006-07-14 180269] "Ulead AutoDetector v2"="c:\program files\Common Files\Ulead Systems\AutoDetector\monitor.exe" [2005-05-23 90112] "IMJPMIG8.1"="c:\windows\IME\imjp8_1\IMJPMIG.EXE" [2004-08-12 208952] "ISUSPM Startup"="c:\progra~1\COMMON~1\INSTAL~1\UPDATE~1\isuspm.exe" [2007-08-30 205480] "nod32kui"="c:\program files\Eset\nod32kui.exe" [2008-02-04 949376] "Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 39792] "DAEMON Tools"="c:\program files\DAEMON Tools\daemon.exe" [2005-12-10 133016] "IMEKRMIG6.1"="c:\windows\ime\imkr6_1\IMEKRMIG.EXE" [2004-08-12 44032] "MSPY2002"="c:\windows\system32\IME\PINTLGNT\ImScInst.exe" [2004-08-12 59392] "PHIME2002ASync"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-08-12 455168] "PHIME2002A"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-08-12 455168] "SigmatelSysTrayApp"="stsystra.exe" [2005-03-22 c:\windows\stsystra.exe] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "ctfmon.exe"="c:\windows\system32\CTFMON.EXE" [2004-08-12 15360] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce] "tscuninstall"="c:\windows\system32\tscupgrd.exe" [2004-08-12 44544] c:\documents and settings\Ken\「開始」功能表\程式集\啟動\ Adobe Gamma.lnk - c:\program files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2005-03-16 113664] AntiCrash.lnk - c:\program files\Dachshund Software\AntiCrash\AntiCrash.exe [2002-12-17 2301798] Hare.lnk - c:\program files\Dachshund Software\Hare\Hare.exe [2002-09-21 1874381] OAhotkey.lnk - c:\epdoa\OAHotkey.EXE [2007-07-26 491008] Zoom.lnk - c:\program files\Dachshund Software\Zoom\Zoom.exe [2002-09-21 1446302] [HKEY_LOCAL_MACHINE\software\microsoft\security center] "FirewallOverride"=dword:00000001 [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\KasperskyAntiVirus] "DisableMonitoring"=dword:00000001 [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "c:\\Program Files\\Thunder Network\\Thunder\\Program\\Thunder5.exe"= "c:\\Program Files\\Kingsoft\\PowerWord 2006\\XDICT.EXE"= "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "c:\\Program Files\\YouBe Casual Network\\YouBe.exe"= "c:\\Program Files\\SpeedBit Video Accelerator\\VideoAccelerator.exe"= "c:\\Program Files\\SpeedBit Video Accelerator\\VideoAcceleratorEngine.exe"= "%windir%\\system32\\sessmgr.exe"= "c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"= "c:\\Program Files\\Windows Live\\Messenger\\livecall.exe"= [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List] "3389:TCP"= 3389:TCP:@xpsp2res.dll,-22009 R0 myxlljjp;myxlljjp;c:\windows\system32\DRIVERS\myxlljjp.sys [2007-06-19 11192] R0 vzchp;vzchp;c:\windows\system32\drivers\vzchp.sys [2008-04-15 28384] R2 sbbotdi;sbbotdi;c:\progra~1\SPEEDB~1\sbbotdi.sys [2007-06-05 34304] S3 CENIXFMC;Cenix Digicom Digital Voice Recorder Service;c:\windows\system32\Drivers\CENIXFMC.sys [2002-10-07 18660] S3 hid7906;hid7906;c:\windows\system32\drivers\hid7906.sys [2006-06-28 53793] S3 IPvE;IPvE Adapter Driver;c:\windows\system32\DRIVERS\IPvE.sys [2008-06-29 14144] S3 p2pgasvc;Peer Networking Group Authentication;c:\windows\system32\svchost.exe [2004-08-12 14336] S3 p2pimsvc;Peer Networking Identity Manager;c:\windows\system32\svchost.exe [2004-08-12 14336] S3 p2psvc;Peer Networking;c:\windows\system32\svchost.exe [2004-08-12 14336] S3 PNRPSvc;Peer Name Resolution Protocol;c:\windows\system32\svchost.exe [2004-08-12 14336] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost] p2psvc REG_MULTI_SZ p2psvc p2pimsvc p2pgasvc PNRPSvc [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\D] \Shell\AutoRun\command - D:\setup.exe . ‘計劃任務’ 文件夾 裡的內容 2008-11-04 c:\windows\Tasks\查看 Windows Live Toolbar 的更新資訊.job - c:\program files\Windows Live Toolbar\MSNTBUP.EXE [2007-10-19 11:20] . ************************************************************************** catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2008-11-04 22:48:15 Windows 5.1.2600 Service Pack 2 NTFS 掃描被隱藏的進程。。。 ... 掃描被隱藏的啟動組。。。 掃描被隱藏的文件。。。 掃描完成 被隱藏的檔案: 0 ************************************************************************** . --------------------- 運行進程下的動態鏈接庫 --------------------- PROCESS: c:\windows\system32\lsass.exe -> c:\program files\Eset\pr_imon.dll . ------------------------ 其他運行進程 ------------------------ . c:\windows\system32\ati2evxx.exe c:\windows\system32\conime.exe c:\program files\Grisoft\AVG Anti-Spyware 7.5\guard.exe c:\program files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE c:\program files\ESET\nod32krn.exe c:\program files\Spyware Doctor\svcntaux.exe c:\program files\Spyware Doctor\swdsvc.exe c:\windows\system32\tcpsvcs.exe c:\windows\system32\snmp.exe c:\program files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe c:\windows\system32\wscntfy.exe c:\windows\Integrator.exe . ************************************************************************** . 完成時間: 2008-11-04 22:54:08 - 電腦已重新啟動 ComboFix-quarantined-files.txt 2008-11-04 14:54:04 ComboFix2.txt 2008-11-02 16:44:37 ComboFix3.txt 2008-10-31 16:32:18 ComboFix4.txt 2008-10-27 14:06:36 ComboFix5.txt 2008-11-04 14:39:25 Pre-Run: 105,444,737,024 位元組可用 Post-Run: 105,441,628,160 位元組可用 175 --- E O F --- 2008-10-24 12:58:10 |
|
|
|
|
Nov 4 2008, 10:11 AM
Post
#12
|
|
|
Member Group: Members Posts: 44 Joined: 1-November 08 Member No.: 251,993 |
When I use IE and enter the url,
another window is shown and I can't access to it. What can I do?? |
|
|
|
|
Nov 8 2008, 11:07 AM
Post
#13
|
|
|
Member Group: Members Posts: 44 Joined: 1-November 08 Member No.: 251,993 |
I am sorry to get back.
The problem has been made for 4 days. Can anyone help me? Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 0:06:33, on 9/11/2008 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\Explorer.EXE C:\Program Files\Dell\Media Experience\DMXLauncher.exe C:\Program Files\Common Files\Real\Update_OB\realsched.exe C:\Program Files\Eset\nod32kui.exe C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe C:\WINDOWS\stsystra.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE C:\Program Files\Messenger\msmsgs.exe C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe C:\Program Files\Eset\nod32krn.exe C:\Program Files\Real\RealPlayer\RealPlay.exe C:\Program Files\Spyware Doctor\svcntaux.exe C:\EPDOA\OAHotkey.EXE C:\Program Files\Spyware Doctor\swdsvc.exe C:\WINDOWS\Integrator.exe C:\WINDOWS\system32\tcpsvcs.exe C:\WINDOWS\System32\snmp.exe C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe C:\WINDOWS\system32\wscntfy.exe C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Windows Live\Messenger\msnmsgr.exe C:\Program Files\Windows Live\Messenger\usnsvc.exe C:\Documents and Settings\Ken\桌面\HiJackThis.exe O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file) O2 - BHO: Windows Live 祅腊? - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll O4 - HKLM\..\Run: [ATIPTA] "C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe" O4 - HKLM\..\Run: [DMXLauncher] C:\Program Files\Dell\Media Experience\DMXLauncher.exe O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot O4 - HKLM\..\Run: [Ulead AutoDetector v2] C:\Program Files\Common Files\Ulead Systems\AutoDetector\monitor.exe O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32 O4 - HKLM\..\Run: [ISUSPM Startup] c:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\isuspm.exe -startup O4 - HKLM\..\Run: [UserFaultCheck] %systemroot%\system32\dumprep 0 -u O4 - HKLM\..\Run: [nod32kui] "C:\Program Files\Eset\nod32kui.exe" /WAITSERVICE O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" O4 - HKLM\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033 O4 - HKLM\..\Run: [IMEKRMIG6.1] C:\WINDOWS\ime\imkr6_1\IMEKRMIG.EXE O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName O4 - HKLM\..\Run: [SigmatelSysTrayApp] stsystra.exe O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background O4 - HKCU\..\Run: [ISUSPM] "C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" -scheduler O4 - HKUS\S-1-5-19\..\Run: [ctfmon.exe] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE') O4 - HKUS\S-1-5-20\..\Run: [ctfmon.exe] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE') O4 - HKUS\S-1-5-18\..\Run: [ctfmon.exe] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\S-1-5-18\..\RunOnce: [tscuninstall] %systemroot%\system32\tscupgrd.exe (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [ctfmon.exe] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user') O4 - HKUS\.DEFAULT\..\RunOnce: [tscuninstall] %systemroot%\system32\tscupgrd.exe (User 'Default user') O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm O8 - Extra context menu item: &使用 FlashGet 下載 - C:\FlashGet\jc_link.htm O8 - Extra context menu item: &使用迅雷下載 - C:\Program Files\Thunder Network\Thunder\Program\geturl.htm O8 - Extra context menu item: &使用迅雷下載全部鏈接 - C:\Program Files\Thunder Network\Thunder\Program\getallurl.htm O8 - Extra context menu item: &全部使用 FlashGet 下載 - C:\FlashGet\jc_all.htm O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java 主控台 - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll O9 - Extra button: 發佈至部落格 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll O9 - Extra 'Tools' menuitem: 使用 Windows Live Writer 發佈至部落格(&B) - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll O9 - Extra button: 參考資料 - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O15 - ESC Trusted Zone: http://*.update.microsoft.com O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204 O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1155309127156 O16 - DPF: {9D190AE6-C81E-4039-8061-978EBAD10073} (F-Secure Online Scanner 3.0) - http://support.f-secure.com/ols/fscax.cab O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab56907.cab O16 - DPF: {CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7} (get_atlcom Class) - http://www.adobe.com/products/acrobat/nos/gp.cab O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineS...er.cab56986.cab O17 - HKLM\System\CCS\Services\Tcpip\..\{F88F32EC-72F6-45F2-B458-7DDA547717CB}: NameServer = 210.0.128.242 210.0.255.216 O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe O23 - Service: Kaspersky Internet Security 6.0 (AVP) - Unknown owner - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 6.0\avp.exe (file missing) O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe O23 - Service: Macromedia Licensing Service - Unknown owner - C:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe O23 - Service: Intel NCS NetService (NetSvc) - Intel® Corporation - C:\Program Files\Intel\PROSetWired\NCS\Sync\NetSvc.exe O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C:\Program Files\Eset\nod32krn.exe O23 - Service: Spyware Doctor Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\svcntaux.exe O23 - Service: Spyware Doctor Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\swdsvc.exe O23 - Service: StarWind iSCSI Service (StarWindService) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe O23 - Service: VideoAcceleratorEngine - Speedbit Ltd. - C:\PROGRA~1\SPEEDB~1\VideoAcceleratorEngine.exe -- End of file - 9113 bytes |
|
|
|
|
Nov 8 2008, 07:04 PM
Post
#14
|
|
|
Malware Expert Group: HJT Team Posts: 15,378 Joined: 23-December 04 From: Pickerington, Ohio Member No.: 7,762 |
I'm sorry. I missed your post for some reason.
Let's try a different scan. Please do an online scan with Kaspersky WebScanner.
-------------------- If I have helped you in any way, please consider a donation to help me continue the fight against malware.Failing to respond back to the person that is giving up their own time to help you not only is insensitive and disrespectful, but it guarantees that you will never receive help from me again. Please thank your helpers and there will always be help here when you need it! ======================================================== |
|
|
|
|
Nov 9 2008, 07:51 AM
Post
#15
|
|
|
Member Group: Members Posts: 44 Joined: 1-November 08 Member No.: 251,993 |
Thank you for your help~~
KASPERSKY ONLINE SCANNER 7 REPORT Sunday, November 9, 2008 Operating System: Microsoft Windows XP Home Edition Service Pack 2 (build 2600) Kaspersky Online Scanner 7 version: 7.0.25.0 Program database last update: Sunday, November 09, 2008 06:40:09 Records in database: 1376307 Scan settings Scan using the following database extended Scan archives yes Scan mail databases yes Scan area My Computer C:\ D:\ E:\ Scan statistics Files scanned 132476 Threat name 18 Infected objects 22 Suspicious objects 0 Duration of the scan 03:00:49 File name Threat name Threats count C:\Downloads\SmitfraudFix\Reboot.exe Infected: not-a-virus:RiskTool.Win32.Reboot.f 1 C:\Program Files\ESET\infected\1YASYTDA.NQF Infected: Trojan-GameThief.Win32.OnLineGames.tqar 1 C:\Program Files\ESET\infected\2OLXCJCA.NQF Infected: Trojan-GameThief.Win32.Magania.ahhz 1 C:\Program Files\ESET\infected\2UCTWHCA.NQF Infected: Trojan-GameThief.Win32.OnLineGames.tptr 1 C:\Program Files\ESET\infected\5GXEWLCA.NQF Infected: Trojan.Win32.Agent.acve 1 C:\Program Files\ESET\infected\DYVOQCCA.NQF Infected: Trojan-GameThief.Win32.Magania.ahhz 1 C:\Program Files\ESET\infected\GPX12NAA.NQF Infected: Trojan-GameThief.Win32.OnLineGames.torg 1 C:\Program Files\ESET\infected\HJF2UBCA.NQF Infected: Trojan-Downloader.Win32.Adload.bge 1 C:\Program Files\ESET\infected\K4U1SMCA.NQF Infected: Trojan-Downloader.Win32.Adload.bge 1 C:\Program Files\ESET\infected\LPD2Z4CA.NQF Infected: Trojan-PSW.Win32.QQPass.dcg 1 C:\Program Files\ESET\infected\MKT1HYCA.NQF Infected: not-a-virus:RiskTool.Win32.Reboot.f 1 C:\Program Files\ESET\infected\R5RG12BA.NQF Infected: Trojan.Win32.Multis.hk 1 C:\Program Files\ESET\infected\RP2X4WCA.NQF Infected: Trojan-Downloader.Win32.BHOSta.be 1 C:\Program Files\ESET\infected\WSRFFACA.NQF Infected: Backdoor.Win32.Agent.tpa 1 C:\Program Files\ESET\infected\XQUQ5PCA.NQF Infected: Trojan-GameThief.Win32.OnLineGames.tpnq 1 C:\Program Files\ESET\infected\YZSTSXCA.NQF Infected: not-a-virus:AdWare.Win32.Cinmus.sqo 1 C:\Program Files\ESET\infected\ZPSY5FCA.NQF Infected: not-a-virus:AdWare.Win32.Cinmus.sqo 1 C:\QooBox\Quarantine\C\WINDOWS\shishi.exe.vir Infected: Trojan-GameThief.Win32.WOW.cfu 1 C:\QooBox\Quarantine\C\WINDOWS\system\llwzjy081025.exe.vir Infected: Worm.Win32.AutoRun.rdr 1 C:\QooBox\Quarantine\C\WINDOWS\system\mvjaj32dla.dll.vir Infected: Worm.Win32.AutoRun.rci 1 C:\QooBox\Quarantine\C\WINDOWS\xm.exe.vir Infected: Trojan-PSW.Win32.QQPass.dxe 1 C:\WINDOWS\system32\drivers\leoiobo.sys Infected: Trojan.Win32.Agent.yjt 1 The selected area was scanned. |
|
|
|
|
1 User(s) are reading this topic (1 Guests and 0 Anonymous Users)
0 Members:
| Lo-Fi Version | Time is now: 8th November 2009 - 01:16 AM |
© 2003-2009 All Rights Reserved Bleeping Computer LLC.