註冊 微博



打印

[其他] XP首頁被綁架

XP首頁被綁架 E-mail 此主題給朋友

[隱藏]
首頁被綁架, hijackthis.log attached, please help


latform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
D:\WINDOWS\System32\smss.exe
D:\WINDOWS\system32\winlogon.exe
D:\WINDOWS\system32\services.exe
D:\WINDOWS\system32\lsass.exe
D:\WINDOWS\system32\svchost.exe
D:\WINDOWS\System32\svchost.exe
D:\WINDOWS\system32\svchost.exe
D:\WINDOWS\system32\spoolsv.exe
D:\Program Files\Avira\AntiVir Desktop\sched.exe
D:\WINDOWS\Explorer.EXE
D:\Program Files\Avira\AntiVir Desktop\avguard.exe
D:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
D:\Program Files\Avira\AntiVir Desktop\avshadow.exe
D:\Program Files\Samsung\USB Drivers\26_VIA_driver2\x86\VIAService.exe
D:\Program Files\Java\jre7\bin\jqs.exe
D:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe
D:\PROGRA~1\NORTON~1\NORTON~1\NPROTECT.EXE
D:\WINDOWS\system32\igfxsrvc.exe
D:\WINDOWS\system32\hkcmd.exe
D:\WINDOWS\system32\igfxpers.exe
D:\Program Files\Avira\AntiVir Desktop\avgnt.exe
D:\WINDOWS\system32\HPZipm12.exe
D:\WINDOWS\system32\ctfmon.exe
D:\PROGRA~1\NORTON~1\NORTON~1\SPEEDD~1\NOPDB.EXE
D:\Program Files\FCleaner\FCleaner.exe
D:\WINDOWS\System32\svchost.exe
D:\WINDOWS\system32\svchost.exe
D:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe
D:\WINDOWS\system32\DllHost.exe
D:\Program Files\Internet Explorer\IEXPLORE.EXE
D:\Program Files\Internet Explorer\IEXPLORE.EXE
D:\Program Files\Internet Explorer\IEXPLORE.EXE
E:\SOFWARE\Super Rabbit v8.0 CHT\DS.EXE
D:\Program Files\Thunder Network\Thunder\Program\Thunder.exe
d:\program files\common files\thunder network\tp\ver1\1.1.2.139_1111\thunderplatform.exe
D:\Program Files\Thunder Network\Thunder\Program\XLUEOPS.exe
D:\Program Files\Internet Explorer\IEXPLORE.EXE
D:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R3 - URLSearchHook: Yahoo! 工具列 - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - D:\Program Files\Yahoo!\Companion\Installs\cpn3\yt.dll
R3 - URLSearchHook: YTNavAssist.YTNavAssistPlugin Class - {81017EA9-9AA8-4A6A-9734-7AF40E7D593F} - D:\Program Files\Yahoo!\Companion\Installs\cpn3\YTNavAssist.dll
O2 - BHO: HaoKanBar BrowserHelper - {7369D35A-5B70-4A5B-B789-B25FE09B4AF3} - D:\Program Files\Super Rabbit\IeProt\haokanbar.dll (file missing)
O3 - Toolbar: Yahoo! 工具列 - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - D:\Program Files\Yahoo!\Companion\Installs\cpn3\yt.dll
O3 - Toolbar: Searchqu Toolbar - {99079a25-328f-4bd4-be04-00955acaa0a7} - D:\PROGRA~1\WINDOW~4\Datamngr\ToolBar\searchqudtx.dll
O3 - Toolbar: (no name) - {D4027C7F-154A-4066-A1AD-4243D8127440} - (no file)
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - D:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O3 - Toolbar: GotoYa上網精靈 - {43869BB3-22FD-4F15-9B46-238106BA2F4E} - D:\Program Files\Super Rabbit\IeProt\haokanbar.dll (file missing)
O4 - HKLM\..\Run: [IgfxTray] D:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] D:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] ; D:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [avgnt] "D:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min
O4 - HKLM\..\Run: [QuickTime Task] "D:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKCU\..\Run: [ctfmon.exe] D:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [FTweakFCleaner] D:\Program Files\FCleaner\FCleaner.exe -a
O4 - HKUS\S-1-5-19\..\Run: [ctfmon.exe] D:\WINDOWS\System32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [ctfmon.exe] D:\WINDOWS\System32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [ctfmon.exe] D:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [ctfmon.exe] D:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O15 - ESC Trusted Zone: http://*.update.microsoft.com



實用相關搜尋: Software Java Samsung Microsoft google yahoo

TOP HOME

go on

16 - DPF: {05BCE06B-A300-4C4E-A42F-4C04BCCDE63B} (TRLuncherROC Control) - http://weblogin.talesrunner.com.hk/TRLuncherROC.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {3A2C8BC3-5B68-4AE5-81D6-6DC378708F3E} (PassGuard Class) - https://ibs.ncbchina.cn/perbank/cab/PassGuardCtrl.cab
O16 - DPF: {3BD97475-E081-45B3-A355-8B74E176B1F6} (PowerPasswordXSDB Control) - https://ebank.sdb.com.cn/perbank/ecert/PowerEnterSDB.CAB
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/ ... e.cab?1342412881031
O16 - DPF: {A34605B1-A5B3-4507-A82E-511B0FD2C4F0} (EtReaderCom Control) - http://www.e-legends.com.hk/ocx/etReaderCom.ocx
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.co ... s/flash/swflash.cab
O16 - DPF: {F30E6BE6-F620-4DD7-B67C-47920AEC2F4E} (SystemInfo Control) - https://www.talesrunner.com/Data/ActiveX/systeminfo.cab
O16 - DPF: {F952D430-3886-4F17-886D-423B6E71450D} (MERSComputer.MersSca) - http://download1.mers.hk/primary/maths/tool/cS4S24/MERSSca.CAB
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - D:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: Avira AntiVir Scheduler (AntiVirSchedulerService) - Avira GmbH - D:\Program Files\Avira\AntiVir Desktop\sched.exe
O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - D:\Program Files\Avira\AntiVir Desktop\avguard.exe
O23 - Service: Apple Mobile Device - Apple Inc. - D:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
O23 - Service: CDMA Device Service - Unknown owner - D:\Program Files\Samsung\USB Drivers\26_VIA_driver2\x86\VIAService.exe
O23 - Service: Google 更新服務 (gupdate) (gupdate) - Google Inc. - D:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google更新 服務 (gupdatem) (gupdatem) - Google Inc. - D:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - D:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: iPod 服務 (iPod Service) - Apple Inc. - D:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Oracle Corporation - D:\Program Files\Java\jre7\bin\jqs.exe
O23 - Service: Nero BackItUp Scheduler 4.0 - Nero AG - D:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe
O23 - Service: nProtect GameGuard Service (npggsvc) - Unknown owner - D:\WINDOWS\system32\GameMon.des.exe (file missing)
O23 - Service: Norton Unerase Protection (NProtectService) - Symantec Corporation - D:\PROGRA~1\NORTON~1\NORTON~1\NPROTECT.EXE
O23 - Service: Pml Driver HPZ12 - HP - D:\WINDOWS\system32\HPZipm12.exe
O23 - Service: Speed Disk service - Symantec Corporation - D:\PROGRA~1\NORTON~1\NORTON~1\SPEEDD~1\NOPDB.EXE
O23 - Service: StarWind AE Service (StarWindServiceAE) - Rocket Division Software - D:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
O23 - Service: Yahoo! Updater (YahooAUService) - Yahoo! Inc. - D:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe



實用相關搜尋: Software Java Samsung Microsoft google blog yahoo

TOP HOME

樓主用乜瀏覽器首頁被綁架? 轉左乜野網站首頁?

開機按F8,入安全模式做Fix checked & OTM 刪除。

1.執行Hijackthis > Do a system scan only > 勾選下列項目 > 按Fix Checked (fix checked時關閉所有browsers/程式) > 按"是"。
引用:

R3 - URLSearchHook: Yahoo! 工具列 - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - D:\Program Files\Yahoo!\Companion\Installs\cpn3\yt.dll
R3 - URLSearchHook: YTNavAssist.YTNavAssistPlugin Class - {81017EA9-9AA8-4A6A-9734-7AF40E7D593F} - D:\Program Files\Yahoo!\Companion\Installs\cpn3\YTNavAssist.dll
O2 - BHO: HaoKanBar BrowserHelper - {7369D35A-5B70-4A5B-B789-B25FE09B4AF3} - D:\Program Files\Super Rabbit\IeProt\haokanbar.dll (file missing)

O3 - Toolbar: Yahoo! 工具列 - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - D:\Program Files\Yahoo!\Companion\Installs\cpn3\yt.dll
O3 - Toolbar: Searchqu Toolbar - {99079a25-328f-4bd4-be04-00955acaa0a7} - D:\PROGRA~1\WINDOW~4\Datamngr\ToolBar\searchqudtx.dll
O3 - Toolbar: (no name) - {D4027C7F-154A-4066-A1AD-4243D8127440} - (no file)
O3 - Toolbar: GotoYa上網精靈 - {43869BB3-22FD-4F15-9B46-238106BA2F4E} - D:\Program Files\Super Rabbit\IeProt\haokanbar.dll (file missing)

O4 - HKLM\..\Run: [QuickTime Task] "D:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKCU\..\Run: [FTweakFCleaner] D:\Program Files\FCleaner\FCleaner.exe -a
2. 下載/執行 OTM做刪除。
copy & paste 以下項目於Paste Instructions for Items to be Moved的框格內。
按MoveIt > OK > 重啟電腦。
引用:
:files
D:\PROGRA~1\WINDOW~4\Datamngr\ToolBar\searchqudtx.dll
D:\Program Files\QuickTime\qttask.exe
4. 關閉所有防毒軟件(包括Windows Defender),下載ComboFix至桌面 ,執行 ComboFix 掃毒。
掃瞄時不要執行其他程式或點擊 ComboFix視窗。
(ComboFix掃毒約10 -20分鐘,唔使裝"修復主控台程式")
完成掃瞄後,ComboFix 報告會自動彈出。

請將ComoFix掃瞄報告同做一份新Hijackthis報告帖上。




TOP HOME

我的電腦是IE,被Qvo6.com綁架了首頁,巳參考本站以往的事件download某些殺毒軟件殺過數次及更改工具上的網際網絡選項都不OK,再附上依照指示後的ComboFix 及hijackthis log file.

unning processes:
D:\WINDOWS\System32\smss.exe
D:\WINDOWS\system32\winlogon.exe
D:\WINDOWS\system32\services.exe
D:\WINDOWS\system32\lsass.exe
D:\WINDOWS\system32\svchost.exe
D:\WINDOWS\System32\svchost.exe
D:\WINDOWS\system32\svchost.exe
D:\WINDOWS\system32\spoolsv.exe
D:\Program Files\Avira\AntiVir Desktop\sched.exe
D:\Program Files\SUPERAntiSpyware\SASCORE.EXE
D:\Program Files\Avira\AntiVir Desktop\avguard.exe
D:\WINDOWS\system32\hkcmd.exe
D:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
D:\Program Files\Avira\AntiVir Desktop\avshadow.exe
D:\Program Files\Avira\AntiVir Desktop\avgnt.exe
D:\Program Files\FCleaner\FCleaner.exe
D:\Program Files\Samsung\USB Drivers\26_VIA_driver2\x86\VIAService.exe
D:\Program Files\Java\jre7\bin\jqs.exe
D:\WINDOWS\system32\ctfmon.exe
D:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe
D:\PROGRA~1\NORTON~1\NORTON~1\NPROTECT.EXE
D:\WINDOWS\system32\HPZipm12.exe
D:\WINDOWS\System32\svchost.exe
D:\WINDOWS\system32\svchost.exe
D:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe
D:\WINDOWS\system32\conime.exe
D:\WINDOWS\explorer.exe
D:\Program Files\Trend Micro\HijackThis\HijackThis.exe

O3 - Toolbar: Yahoo! 工具列 - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - D:\Program Files\Yahoo!\Companion\Installs\cpn3\yt.dll
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - D:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O4 - HKLM\..\Run: [IgfxTray] D:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] D:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] ; D:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [avgnt] "D:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min
O4 - HKCU\..\Run: [FTweakFCleaner] D:\Program Files\FCleaner\FCleaner.exe -a
O4 - HKCU\..\Run: [SUPERAntiSpyware] D:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKUS\S-1-5-18\..\Run: [ctfmon.exe] D:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [ctfmon.exe] D:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O15 - ESC Trusted Zone: http://*.update.microsoft.com
O16 - DPF: {05BCE06B-A300-4C4E-A42F-4C04BCCDE63B} (TRLuncherROC Control) - http://weblogin.talesrunner.com.hk/TRLuncherROC.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {3A2C8BC3-5B68-4AE5-81D6-6DC378708F3E} (PassGuard Class) - https://ibs.ncbchina.cn/perbank/cab/PassGuardCtrl.cab
O16 - DPF: {3BD97475-E081-45B3-A355-8B74E176B1F6} (PowerPasswordXSDB Control) - https://ebank.sdb.com.cn/perbank/ecert/PowerEnterSDB.CAB
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/ ... e.cab?1342412881031
O16 - DPF: {A34605B1-A5B3-4507-A82E-511B0FD2C4F0} (EtReaderCom Control) - http://www.e-legends.com.hk/ocx/etReaderCom.ocx
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.co ... s/flash/swflash.cab
O16 - DPF: {F30E6BE6-F620-4DD7-B67C-47920AEC2F4E} (SystemInfo Control) - https://www.talesrunner.com/Data/ActiveX/systeminfo.cab
O16 - DPF: {F952D430-3886-4F17-886D-423B6E71450D} (MERSComputer.MersSca) - http://download1.mers.hk/primary/maths/tool/cS4S24/MERSSca.CAB



實用相關搜尋: Software Java 軟件 Samsung Microsoft google blog yahoo

TOP HOME

[隱藏]
O23 - Service: SAS Core Service (!SASCORE) - SUPERAntiSpyware.com - D:\Program Files\SUPERAntiSpyware\SASCORE.EXE
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - D:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: Avira AntiVir Scheduler (AntiVirSchedulerService) - Avira GmbH - D:\Program Files\Avira\AntiVir Desktop\sched.exe
O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - D:\Program Files\Avira\AntiVir Desktop\avguard.exe
O23 - Service: Apple Mobile Device - Apple Inc. - D:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
O23 - Service: CDMA Device Service - Unknown owner - D:\Program Files\Samsung\USB Drivers\26_VIA_driver2\x86\VIAService.exe
O23 - Service: Google 更新服務 (gupdate) (gupdate) - Google Inc. - D:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google更新 服務 (gupdatem) (gupdatem) - Google Inc. - D:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - D:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: iPod 服務 (iPod Service) - Apple Inc. - D:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Oracle Corporation - D:\Program Files\Java\jre7\bin\jqs.exe
O23 - Service: Nero BackItUp Scheduler 4.0 - Nero AG - D:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe
O23 - Service: nProtect GameGuard Service (npggsvc) - Unknown owner - D:\WINDOWS\system32\GameMon.des.exe (file missing)
O23 - Service: Norton Unerase Protection (NProtectService) - Symantec Corporation - D:\PROGRA~1\NORTON~1\NORTON~1\NPROTECT.EXE
O23 - Service: Pml Driver HPZ12 - HP - D:\WINDOWS\system32\HPZipm12.exe
O23 - Service: Speed Disk service - Symantec Corporation - D:\PROGRA~1\NORTON~1\NORTON~1\SPEEDD~1\NOPDB.EXE
O23 - Service: StarWind AE Service (StarWindServiceAE) - Rocket Division Software - D:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
O23 - Service: Yahoo! Updater (YahooAUService) - Yahoo! Inc. - D:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe



實用相關搜尋: Software Java Samsung google yahoo

TOP HOME

comboFix log file :

2013-04-05 11:31 . 2013-04-05 11:31        --------        d-----w-        d:\documents and settings\man\Application Data\Malwarebytes
2013-04-05 11:30 . 2013-04-05 11:30        --------        d-----w-        d:\documents and settings\All Users\Application Data\Malwarebytes
2013-04-05 11:30 . 2013-04-05 11:31        --------        d-----w-        d:\program files\Malwarebytes' Anti-Malware
2013-04-05 11:30 . 2012-12-14 08:49        21104        ----a-w-        d:\windows\system32\drivers\mbam.sys
2013-04-05 11:30 . 2013-04-05 11:31        --------        d-----w-        d:\documents and settings\man\Local Settings\Application Data\Smartbar
2013-04-05 09:05 . 2013-04-05 09:05        --------        d-----w-        D:\TDSSKiller_Quarantine
2013-04-05 08:39 . 2013-04-05 08:39        --------        d-----w-        d:\documents and settings\man\Application Data\SUPERAntiSpyware.com
2013-04-05 08:39 . 2013-04-05 08:39        --------        d-----w-        d:\program files\SUPERAntiSpyware
2013-04-05 08:39 . 2013-04-05 08:39        --------        d-----w-        d:\documents and settings\All Users\Application Data\SUPERAntiSpyware.com
2013-04-05 07:49 . 2013-04-05 07:49        --------        d-----w-        d:\program files\Trend Micro
2013-04-05 06:53 . 2013-04-05 07:16        --------        d-----w-        d:\windows\MAGICSET
2013-04-04 16:43 . 2013-04-04 16:43        --------        d-----w-        d:\documents and settings\All Users\Application Data\360safe
2013-04-04 16:37 . 2013-04-04 16:37        --------        d-----w-        d:\documents and settings\man\Application Data\SuperRabbit
2013-04-04 16:26 . 2013-04-04 16:26        --------        d-----w-        d:\documents and settings\All Users\Application Data\Baidu
2013-04-03 13:32 . 2013-04-03 13:32        --------        d-----w-        d:\documents and settings\All Users\Application Data\Beike
2013-04-03 13:16 . 2013-04-03 13:21        --------        d-----w-        d:\documents and settings\man\Application Data\Super Rabbit
2013-04-03 13:16 . 2013-04-03 13:21        --------        d-----w-        d:\documents and settings\man\Application Data\SrDownLoader
2013-04-03 13:15 . 2013-04-04 16:37        --------        d-----w-        d:\program files\Super Rabbit
2013-04-03 13:05 . 2013-04-03 13:05        --------        d-----w-        d:\program files\WINPENJR
2013-04-03 12:42 . 2013-04-03 12:44        --------        dc-h--w-        d:\windows\ie8
2013-04-03 12:26 . 2013-04-03 12:26        --------        d-----w-        d:\program files\新資料夾
2013-04-03 08:53 . 2013-04-03 12:26        --------        d-----w-        d:\documents and settings\man\Application Data\6EE16283-16AC-3CAD-495D-B00E828D87E1
2013-04-03 08:25 . 2013-04-03 08:25        81920        ----a-w-        d:\documents and settings\man\Application Data\ezpinst.exe
2013-04-02 13:25 . 2013-04-02 13:25        --------        d-----w-        d:\documents and settings\man\Local Settings\Application Data\CrashRpt
2013-04-02 13:18 . 2013-04-03 08:45        --------        d-----w-        d:\documents and settings\All Users\Application Data\eSafe
2013-04-02 13:18 . 2013-04-02 13:18        773712        ----a-w-        d:\windows\system32\msvcr100.dll
2013-04-02 13:18 . 2013-04-02 13:18        420944        ----a-w-        d:\windows\system32\msvcp100.dll
2013-04-02 13:18 . 2013-04-03 08:08        --------        d-----w-        d:\documents and settings\man\Application Data\Desk 365
2013-04-02 13:17 . 2013-04-02 13:17        --------        d-----w-        d:\documents and settings\man\Application Data\eIntaller
2013-04-02 13:09 . 2013-04-02 13:09        --------        d-----w-        d:\documents and settings\man\Local Settings\Application Data\IAC
2013-03-25 01:10 . 2013-04-03 12:26        --------        d-----w-        d:\windows\efixunt
2013-03-25 01:10 . 2004-08-04 07:48        132096        ----a-w-        d:\windows\fixreg.com
2013-03-24 15:53 . 2013-03-24 15:53        --------        d-----w-        d:\windows\system32\wbem\Repository
2013-03-23 08:14 . 2004-01-11 22:00        348160        ----a-w-        d:\windows\system32\msvcr71.dll
2013-03-15 06:02 . 2013-03-24 15:51        --------        d-----w-        d:\program files\MyFree Codec
.
.
.
((((((((((((((((((((((((((((((((((((((((   在三個月內被修改的檔案   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-04-03 08:25 . 2010-10-01 07:51        47360        ----a-w-        d:\documents and settings\man\Application Data\pcouffin.sys
2013-03-13 14:04 . 2012-07-19 16:36        73432        ----a-w-        d:\windows\system32\FlashPlayerCPLApp.cpl
2013-03-13 14:04 . 2012-07-19 16:36        693976        ----a-w-        d:\windows\system32\FlashPlayerApp.exe
2013-02-23 12:34 . 2013-02-23 12:34        94112        ----a-w-        d:\windows\system32\WindowsAccessBridge.dll
2013-02-23 12:34 . 2010-10-01 07:59        143872        ----a-w-        d:\windows\system32\javacpl.cpl
2013-02-23 12:34 . 2012-08-04 06:53        861088        ----a-w-        d:\windows\system32\npDeployJava1.dll
2013-02-23 12:34 . 2010-10-01 07:59        782240        ----a-w-        d:\windows\system32\deployJava1.dll
2013-02-05 09:53 . 2011-08-27 12:40        4659712        ----a-w-        d:\windows\system32\Redemption.dll
2013-02-05 09:52 . 2011-08-27 12:40        821824        ----a-w-        d:\windows\system32\dgderapi.dll
2013-02-05 09:52 . 2011-08-27 12:40        20032        ----a-w-        d:\windows\system32\drivers\dgderdrv.sys
2013-02-05 09:52 . 2010-09-30 17:08        319456        ----a-w-        d:\windows\system32\DIFxAPI.dll
.
.



實用相關搜尋: MBA Java

TOP HOME

Sigcheck -------
Note: Unsigned files aren't necessarily malware.
.
[7] 2008-06-20 . AD978A1B783B5719720CFF204B666C8E . 361600 . . [5.1.2600.5625] . . d:\windows\$hf_mig$\KB951748\SP3QFE\tcpip.sys
[7] 2008-06-20 . 9AEFA14BD6B182D61E3119FA5F436D3D . 361600 . . [5.1.2600.5625] . . d:\windows\$hf_mig$\KB951748\SP3GDR\tcpip.sys
[7] 2008-06-20 . 2A5554FC5B1E04E131230E3CE035C3F9 . 360320 . . [5.1.2600.3394] . . d:\windows\system32\dllcache\tcpip.sys
[-] 2008-06-20 . 01D5EAAFF224415A7FF513E4C882BE30 . 360320 . . [5.1.2600.3394] . . d:\windows\system32\drivers\tcpip.sys
[7] 2008-06-20 . 744E57C99232201AE98C49168B918F48 . 360960 . . [5.1.2600.3394] . . d:\windows\$hf_mig$\KB951748\SP2QFE\tcpip.sys
[-] 2008-04-13 . 93EA8D04EC73A85DB02EB8805988F733 . 361344 . . [5.1.2600.5512] . . d:\windows\SoftwareDistribution\Download\394c2fb5f22abce811de0a1e7c286919\tcpip.sys
[7] 2006-04-20 . B2220C618B42A2212A59D91EBD6FC4B4 . 360576 . . [5.1.2600.2892] . . d:\windows\$hf_mig$\KB917953\SP2QFE\tcpip.sys
[7] 2006-04-20 . 1DBF125862891817F374F407626967F4 . 359808 . . [5.1.2600.2892] . . d:\windows\$hf_mig$\KB917953\SP2GDR\tcpip.sys
[7] 2004-08-04 . 9F4B36614A0FC234525BA224957DE55C . 359040 . . [5.1.2600.2180] . . d:\windows\ServicePackFiles\i386\tcpip.sys
.
(((((((((((((((((((((((((((((((((((((   重要登入點   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*注意* 空白與合法缺省登錄將不會被顯示
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\AAADesktopTips]
@="{4562B511-62E9-4533-B7B2-56A8BB10B482}"
[HKEY_CLASSES_ROOT\CLSID\{4562B511-62E9-4533-B7B2-56A8BB10B482}]
2012-08-10 10:13        247760        ----a-w-        d:\program files\Common Files\Thunder Network\KanKan\xappex.1.1.1.39.(878).dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"FTweakFCleaner"="d:\program files\FCleaner\FCleaner.exe" [2010-06-21 1763840]
"SUPERAntiSpyware"="d:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2012-09-06 4780928]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="d:\windows\system32\igfxtray.exe" [2008-02-28 141848]
"HotKeysCmds"="d:\windows\system32\hkcmd.exe" [2008-02-28 166424]
"Persistence"="d:\windows\system32\igfxpers.exe" [2008-02-28 137752]
"avgnt"="d:\program files\Avira\AntiVir Desktop\avgnt.exe" [2011-03-28 281768]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="d:\windows\System32\CTFMON.EXE" [2004-08-04 15360]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"NoChangeAnimation"= 0 (0x0)
.
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoChangeAnimation"= 0 (0x0)
.
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "d:\program files\SUPERAntiSpyware\SASSEH.DLL" [2011-07-19 113024]
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\keyboard layouts\e7220404]
   IME file        REG_SZ                 PPIME_TW.IME
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE]
@=""
.
[HKLM\~\startupfolder\D:^Documents and Settings^All Users^「開始」功能表^程式集^啟動^HP Digital Imaging Monitor.lnk]
.
[HKLM\~\startupfolder\D:^Documents and Settings^All Users^「開始」功能表^程式集^啟動^Microsoft Office.lnk]
backup=d:\windows\pss\Microsoft Office.lnkCommon Startup
.
[HKLM\~\startupfolder\D:^Documents and Settings^All Users^「開始」功能表^程式集^啟動^PenPower Start-Up.LNK]
backup=d:\windows\pss\PenPower Start-Up.LNKCommon Startup
.
[HKLM\~\startupfolder\D:^Documents and Settings^All Users^「開始」功能表^程式集^啟動^Windows Search.lnk]
.
[HKLM\~\startupfolder\D:^Documents and Settings^man^「開始」功能表^程式集^啟動^7k7k蚔牁碟.exe]
backup=d:\windows\pss\7k7k蚔牁碟.exeStartup
.
[HKLM\~\startupfolder\D:^Documents and Settings^man^「開始」功能表^程式集^啟動^PPS.lnk]
.
[HKLM\~\startupfolder\D:^Documents and Settings^man^「開始」功能表^程式集^啟動^快手.lnk]
.
[HKLM\~\startupfolder\D:^Documents and Settings^man^「開始」功能表^程式集^啟動^憤厒蹄6.lnk]
.
[HKLM\~\startupfolder\D:^Documents and Settings^man^「開始」功能表^程式集^啟動^极速酷6.LNK]
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KernelFaultCheck]
d:\windows\system32\dumprep 0 -k [X]
.



實用相關搜尋: Software Microsoft

TOP HOME

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
2012-12-03 07:35        946352        ----a-w-        d:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AlcoholAutomount]
2009-04-24 03:21        203928        ----a-w-        d:\program files\Alcohol Soft\Alcohol 120\AxCmd.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AntiVirusWmSrv]
2010-03-11 02:36        1867776        ----a-w-        d:\program files\Super Rabbit\MagicSet\KillVirus\killvirus.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\APSDaemon]
2012-08-27 13:32        59280        ----a-w-        d:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Custom.exe]
2008-06-25 03:21        69632        ------w-        d:\program files\WINPENJR\win32\Custom.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DivXUpdate]
2011-07-28 23:08        1259376        ----a-w-        d:\program files\DivX\DivX Update\DivXUpdate.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\eMuleAutoStart]
2011-11-10 06:57        7847936        ----a-w-        f:\winglam\tiffany\easyMule\emule.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\flockbox]
2007-02-18 07:28        1069424        ----a-w-        d:\program files\Folder Lockbox\flockbox.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\FTweakFCleaner]
2010-06-21 06:56        1763840        ----a-w-        d:\program files\FCleaner\FCleaner.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IMJPMIG8.1]
2004-08-04 05:31        208952        ----a-w-        d:\windows\ime\IMJP8_1\imjpmig.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
2012-09-09 15:30        421776        ----a-w-        d:\program files\iTunes\iTunesHelper.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KiesPDLR]
2013-02-13 11:38        844144        ----a-w-        d:\program files\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KiesPreload]
2013-02-13 11:38        1509232        ----a-w-        d:\program files\Samsung\Kies\Kies.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KiesTrayAgent]
2013-02-13 11:38        310128        ----a-w-        d:\program files\Samsung\Kies\KiesTrayAgent.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
2004-10-13 16:24        1694208        ----a-w-        d:\program files\Messenger\msmsgs.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PHIME2002A]
2004-08-04 07:48        455168        ----a-w-        d:\windows\system32\IME\TINTLGNT\tintsetp.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PHIME2002ASync]
2004-08-04 07:48        455168        ----a-w-        d:\windows\system32\IME\TINTLGNT\tintsetp.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2012-04-18 12:56        421888        ----a-w-        d:\program files\QuickTime\QTTask.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RemoteControl]
2003-10-31 11:42        32768        ------w-        d:\program files\CyberLink\PowerDVD\PDVDServ.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RTHDCPL]
2009-05-21 06:01        17881600        ----a-w-        d:\windows\RTHDCPL.EXE
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2012-07-03 01:04        252848        ----a-w-        d:\program files\Common Files\Java\Java Update\jusched.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]
2011-08-22 15:05        39408        ----a-w-        d:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
.




TOP HOME

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UnlockerAssistant]
2006-09-07 17:19        15872        ----a-w-        d:\program files\Unlocker\UnlockerAssistant.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Yahoo!Mini]
2010-02-16 08:20        898560        ----a-w-        d:\program files\Yahoo!\Mini\YMiniUpdat2.exe
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"d:\\Program Files\\Messenger\\msmsgs.exe"=
"d:\\Program Files\\Java\\jre6\\bin\\java.exe"=
"d:\\Program Files\\Thunder Network\\Thunder\\BBInside\\Baidu-TB-ASBar.exe"=
"f:\\Kuai8Games\\Games\\起??士xp\\建主机.exe"=
"f:\\Kuai8Games\\Games\\起??士xp\\??僶.exe"=
"f:\\Kuai8Games\\Games\\起??士xp\\Server.exe"=
"d:\\Program Files\\Common Files\\Apple\\Apple Application Support\\WebKit2WebProcess.exe"=
"d:\\Program Files\\iTunes\\iTunes.exe"=
"d:\\Program Files\\Thunder Network\\Thunder\\NetMon\\net_monitor_i.exe"=
"d:\\Program Files\\Thunder Network\\Thunder\\NetMon\\lsp_check.exe"=
"d:\\Program Files\\Thunder Network\\Thunder\\LanSpeedViewer\\speed_viewer_i.exe"=
"d:\\Program Files\\Thunder Network\\Thunder\\LanSpeedViewer\\lsp_check.exe"=
"d:\\Program Files\\Thunder Network\\Thunder\\Program\\ThunderBhoStat.exe"=
"d:\\Program Files\\Thunder Network\\Thunder\\Program\\Thunder.exe"=
"d:\\Program Files\\Thunder Network\\Thunder\\Program\\ThunderLiveUD.exe"=
"d:\\Program Files\\Thunder Network\\Thunder\\Program\\XBrowser.exe"=
"d:\\Program Files\\Thunder Network\\Thunder\\FCMiniDownloader\\MiniDownloader.exe"=
"d:\\Program Files\\Thunder Network\\Xmp\\Program\\XLBugReport.exe"=
"d:\\Program Files\\Thunder Network\\Xmp\\Program\\ThunderLiveUD.exe"=
"d:\\Program Files\\Thunder Network\\Xmp\\Program\\XMP.exe"=
"d:\\Program Files\\Common Files\\Thunder Network\\KanKan\\xmp.exe"=
"d:\\Program Files\\Common Files\\Thunder Network\\KanKan\\ThunderServiceLite.exe"=
"d:\\Program Files\\Common Files\\Thunder Network\\TP\\Ver1\\1.1.2.139_1111\\ThunderPlatform.exe"=
"d:\\Program Files\\Common Files\\Thunder Network\\TP\\Ver1\\1.1.2.139_1111\\ThunderLiveUD.exe"=
"d:\\Program Files\\Common Files\\Thunder Network\\TP\\Ver1\\1.1.2.139_1111\\XLBugReport.exe"=
"d:\\Program Files\\Java\\jre7\\bin\\java.exe"=
"f:\kuai8games\Games\起??士xp\建主机.exe"=
"f:\kuai8games\Games\起??士xp\??僶.exe"=
"f:\kuai8games\Games\起??士xp\Server.exe"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"14419:UDP"= 14419:UDP:KwMusic
"14419:TCP"= 14419:TCP:KwMusic
"14138:TCP"= 14138:TCP:Foxy (192.168.8.3:14138) 14138 TCP
"14138:UDP"= 14138:UDP:Foxy (192.168.8.3:14138) 14138 UDP
"33674:UDP"= 33674:UDP:ThunderLAN(UDP)
"33673:TCP"= 33673:TCP:ThunderLAN(TCP)
.



實用相關搜尋: Server Software Java Microsoft yahoo

TOP HOME

R0 MPRIFL;MPRIFL;d:\windows\system32\drivers\mprifl.sys [2010/10/1 下午 04:00 17264]
R0 tffsport;M-Systems DiskOnChip 2000;d:\windows\system32\drivers\tffsport.sys [2011/3/13 下午 06:34 149376]
R1 BIOS;BIOS;d:\windows\system32\drivers\BIOS.sys [2010/10/1 上午 01:06 13696]
R1 BS_I2cIo;BS_I2cIo;d:\windows\system32\drivers\BS_I2cIo.sys [2010/10/1 下午 03:09 17024]
R1 SASDIFSV;SASDIFSV;d:\program files\SUPERAntiSpyware\sasdifsv.sys [2011/7/23 上午 12:27 12880]
R1 SASKUTIL;SASKUTIL;d:\program files\SUPERAntiSpyware\SASKUTIL.SYS [2011/7/13 上午 05:55 67664]
R2 !SASCORE;SAS Core Service;d:\program files\SUPERAntiSpyware\SASCore.exe [2012/7/12 上午 02:54 116608]
R2 AntiVirSchedulerService;Avira AntiVir Scheduler;d:\program files\Avira\AntiVir Desktop\sched.exe [2011/7/6 上午 11:16 136360]
R2 CDMA Device Service;CDMA Device Service;d:\program files\Samsung\USB Drivers\26_VIA_driver2\x86\VIAService.exe [2011/8/27 下午 08:41 63488]
R2 PassGuard;PassGuard;d:\windows\system32\drivers\PassGuard.sys [2011/11/12 上午 11:30 516504]
R2 PECKbdProtector;PECKbdProtector;d:\windows\system32\drivers\PECKP.SYS [2011/5/30 下午 07:32 62064]
S1 PPEN;PenPower Tablet Driver;d:\windows\system32\drivers\PPEN.SYS [2010/8/30 上午 04:47 13440]
S2 METrsptSvr;METrsptSvr;d:\windows\system32\svchost -k "METrsptSvr" --> d:\windows\system32\svchost -k METrsptSvr [?]
S3 AiToolsys;AiToolsys;\??\d:\windows\system32\drivers\AiToolsys.sys --> d:\windows\system32\drivers\AiToolsys.sys [?]
S3 AlcwDrv;AlcwDrv;\??\d:\program files\Super Rabbit\MagicSet\killvirus\AlcwDrv.sys --> d:\program files\Super Rabbit\MagicSet\killvirus\AlcwDrv.sys [?]
S3 Ambfilt;Ambfilt;d:\windows\system32\drivers\Ambfilt.sys [2010/10/1 上午 01:09 1684736]
S3 CPS;CPS;\??\d:\windows\system32\CPS.sys --> d:\windows\system32\CPS.sys [?]
S3 dg_ssudbus;SAMSUNG Mobile USB Composite Device Driver (DEVGURU Ver.);d:\windows\system32\drivers\ssudbus.sys [2012/10/21 上午 11:52 83168]
S3 dgderdrv;dgderdrv;d:\windows\system32\drivers\dgderdrv.sys [2011/8/27 下午 08:40 20032]
S3 EagleXNt;EagleXNt;\??\d:\windows\system32\drivers\EagleXNt.sys --> d:\windows\system32\drivers\EagleXNt.sys [?]
S3 ivusb;Initio Driver for USB Default Controller;d:\windows\system32\drivers\ivusb.sys [2010/7/29 上午 12:25 25112]
S3 pcouffin;VSO Software pcouffin;d:\windows\system32\drivers\pcouffin.sys [2010/10/1 下午 03:51 47360]
S3 ssadbus;SAMSUNG Android USB Composite Device driver (WDM);d:\windows\system32\drivers\ssadbus.sys [2012/10/21 上午 11:51 121064]
S3 ssadmdfl;SAMSUNG Android USB Modem (Filter);d:\windows\system32\drivers\ssadmdfl.sys [2012/10/21 上午 11:52 12776]
S3 ssadmdm;SAMSUNG Android USB Modem Drivers;d:\windows\system32\drivers\ssadmdm.sys [2012/10/21 上午 11:52 136808]
S3 ssudmdm;SAMSUNG  Mobile USB Modem Drivers (DEVGURU Ver.);d:\windows\system32\drivers\ssudmdm.sys [2012/10/21 上午 11:52 181344]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
DoctorService        REG_MULTI_SZ           XLDoctor Service
XLServicePlatform        REG_MULTI_SZ           XLServicePlatform
kuaizipupdatesvc        REG_MULTI_SZ           KuaizipUpdateChecker
METrsptSvr        REG_MULTI_SZ           METrsptSvr
.
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2013-04-02 09:17        1642448        ----a-w-        d:\program files\Google\Chrome\Application\26.0.1410.43\Installer\chrmstp.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{A509B1FF-37FF-4bFF-8CFF-4F3A747040FF}]
2009-03-07 20:32        128512        ----a-w-        d:\windows\system32\advpack.dll
.
‘計劃任務’ 文件夾 裡的內容
.



實用相關搜尋: Software Samsung Microsoft google

TOP HOME

2013-04-05 d:\windows\Tasks\Adobe Flash Player Updater.job
- d:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-07-19 14:04]
.
2011-07-14 d:\windows\Tasks\AppleSoftwareUpdate.job
- d:\program files\Apple Software Update\SoftwareUpdate.exe [2011-06-01 09:57]
.
2013-04-05 d:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- d:\program files\Google\Update\GoogleUpdate.exe [2011-08-22 15:05]
.
2013-04-05 d:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- d:\program files\Google\Update\GoogleUpdate.exe [2011-08-22 15:05]
.
2013-04-05 d:\windows\Tasks\Norton SystemWorks 單鍵檢查.job
- d:\program files\Norton SystemWorks\OBC.exe [2003-10-02 11:09]
.
2013-04-05 d:\windows\Tasks\SUPERAntiSpyware Scheduled Task 386e1ef3-6b4d-49e8-8353-a971b8ed57fb.job
- d:\program files\SUPERAntiSpyware\SASTask.exe [2011-05-04 17:52]
.
2013-04-05 d:\windows\Tasks\SUPERAntiSpyware Scheduled Task d79e0079-9909-4cc2-ae18-bd57eb246a4e.job
- d:\program files\SUPERAntiSpyware\SASTask.exe [2011-05-04 17:52]
.
2013-04-04 d:\windows\Tasks\Symantec Drmc.job
- d:\program files\Common Files\Symantec Shared\SymDrmc.exe [2003-09-09 20:48]
.
2013-04-05 d:\windows\Tasks\Symantec NetDetect.job
- d:\program files\Symantec\LiveUpdate\NDETECT.EXE [2010-10-01 07:20]
.
.
------- 而外的掃描 -------
.
uStart Page = hxxp://hk.yahoo.com/
mStart Page = hxxp://www.hao123.com/?tn=29065018_76_hao_pg
uInternet Connection Wizard,ShellNext = iexplore
uSearchAssistant = hxxp://feed.snap.do/?publisher=SnapdoSoftonicYB&dpid=SnapdoSoftonicYB&co=HK&userid=cc4c2895-9d0a-45bf-a3ad-a92a31954217&searchtype=ds&q={searchTerms}&installDate=05/04/2013
TCP: DhcpNameServer = 218.102.60.110 218.102.52.81
DPF: DirectAnimation Java Classes - file://d:\windows\Java\classes\dajava.cab
DPF: Microsoft XML Parser for Java - file://d:\windows\Java\classes\xmldso.cab
DPF: {3A2C8BC3-5B68-4AE5-81D6-6DC378708F3E} - hxxps://ibs.ncbchina.cn/perbank/cab/PassGuardCtrl.cab
DPF: {3BD97475-E081-45B3-A355-8B74E176B1F6} - hxxps://ebank.sdb.com.cn/perbank/ecert/PowerEnterSDB.CAB
DPF: {A34605B1-A5B3-4507-A82E-511B0FD2C4F0} - hxxp://www.e-legends.com.hk/ocx/etReaderCom.ocx
DPF: {F30E6BE6-F620-4DD7-B67C-47920AEC2F4E} - hxxps://www.talesrunner.com/Data/ActiveX/systeminfo.cab
DPF: {F952D430-3886-4F17-886D-423B6E71450D} - hxxp://download1.mers.hk/primary/maths/tool/cS4S24/MERSSca.CAB
.
.
------- 文件類型 -------
.
txtfile="%SystemRoot%\system32\NOTEPAD.EXE" %1
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2013-04-05 22:28
Windows 5.1.2600 Service Pack 2 NTFS



實用相關搜尋: Server Software Java Microsoft google 檢查 yahoo

TOP HOME

.
掃描被隱藏的進程 ...  
.
掃描被隱藏的啟動組 ...
.
掃描被隱藏的文件 ...  
.
掃描完成
被隱藏的檔案: 0
.
**************************************************************************
.
[HKEY_LOCAL_MACHINE\System\ControlSet007\Services\npggsvc]
"ImagePath"="d:\windows\system32\GameMon.des -service"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\.Default\AppEvents\Schemes\Apps\Conf\摸嗿*Q\.Current]
@="d:\\Program Files\\NetMeeting\\Blip.wav"
.
[HKEY_USERS\LocalService\AppEvents\Schemes\Apps\Conf\摸嗿*Q\.Current]
@="d:\\Program Files\\NetMeeting\\Blip.wav"
.
[HKEY_USERS\S-1-5-20\AppEvents\Schemes\Apps\Conf\摸嗿*Q\.Current]
@="d:\\Program Files\\NetMeeting\\Blip.wav"
.
[HKEY_USERS\S-1-5-21-1801674531-308236825-839522115-1003\AppEvents\Schemes\Apps\Conf\摸嗿*Q\.Current]
@="d:\\Program Files\\NetMeeting\\Blip.wav"
.
[HKEY_USERS\S-1-5-21-1801674531-308236825-839522115-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*j]
@Class="Shell"
.
[HKEY_USERS\S-1-5-21-1801674531-308236825-839522115-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*j\OpenWithList]
@Class="Shell"
.
[HKEY_USERS\S-1-5-21-1801674531-308236825-839522115-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\MenuOrder\Favorites\bv*gaR]
"Order"=hex:08,00,00,00,02,00,00,00,16,13,00,00,01,00,00,00,29,00,00,00,62,00,
   00,00,00,00,00,00,54,00,36,00,b2,00,00,00,75,40,40,65,20,00,61,00,54,00,56,\
.
[HKEY_USERS\S-1-5-21-1801674531-308236825-839522115-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\MenuOrder\Start Menu2\Programs\Alta\tfzzir?(*/n這Hr)*]
"Order"=hex:08,00,00,00,02,00,00,00,88,00,00,00,01,00,00,00,01,00,00,00,7c,00,
   00,00,00,00,00,00,6e,00,00,00,41,75,67,4d,02,00,00,00,01,00,00,00,5c,00,32,\
.
[HKEY_USERS\S-1-5-21-1801674531-308236825-839522115-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\MenuOrder\Start Menu2\Programs\涯8n *3*]
"Order"=hex:08,00,00,00,02,00,00,00,76,01,00,00,01,00,00,00,03,00,00,00,7c,00,
   00,00,00,00,00,00,6e,00,00,00,41,75,67,4d,02,00,00,00,01,00,00,00,5c,00,36,\
.
[HKEY_USERS\S-1-5-21-1801674531-308236825-839522115-1003_Classes\Applications\_U悐??7*.*l*n*k*\shell\open\command]
@=""
.
[HKEY_LOCAL_MACHINE\software\Classes\B*D*A*T*u*n*e*r*.*CQ譸\CLSID]
@="{809B6661-94C4-49E6-B6EC-3F0F862215AA}"
.
[HKEY_LOCAL_MACHINE\software\Classes\B*D*A*T*u*n*e*r*.*CQ譸\CurVer]
@="BDATuner.元件.1"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@d:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil32_11_6_602_180_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="d:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil32_11_6_602_180_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\S*D*N*T*C*0e譸\CLSID]
@="{EC92DFD4-A3D5-11D1-B4FA-0060085C418E}"
.
--------------------- 運行進程下的動態鏈接庫 ---------------------
.
- - - - - - - > 'explorer.exe'(3164)
d:\windows\system32\WININET.dll
d:\program files\Common Files\Thunder Network\KanKan\xappex.1.1.1.39.(878).dll
d:\windows\system32\ieframe.dll
d:\windows\system32\webcheck.dll
d:\windows\system32\WPDShServiceObj.dll
d:\windows\system32\PortableDeviceTypes.dll
d:\windows\system32\PortableDeviceApi.dll
.
完成時間: 2013-04-05  22:29:29
ComboFix-quarantined-files.txt  2013-04-05 14:29
ComboFix2.txt  2013-04-05 13:52
ComboFix3.txt  2013-04-05 08:36
.
Pre-Run: 14,392,463,360 位元組可用
Post-Run: 14,155,866,112 位元組可用



實用相關搜尋: Server Software Microsoft

TOP HOME

Combofix and hijackthis log file

thank you to see this log file



附件

hijackthis.log (5.73 KB)

2013-4-5 11:27 PM, 下載次數: 48

comboFix.log (26.39 KB)

2013-4-5 11:27 PM, 下載次數: 47

TOP HOME

引用:
原帖由 freemanhlm 於 2013-4-5 11:27 PM 發表
thank you to see this log file
1. 控制台 > 排定的工作 > 刪除裡面所有排程。
2.
引用:

IE → 工具 → 網際網路選項 → 進階 → 重設Internet Explorer設定 → 按'重設' → 確定。
IE → 工具 → 網際網路選項 → 一般 → 重設首頁。



熱門搜尋: petpetpet 寵物 用品 速遞 寵物 用品 速遞

TOP HOME

[隱藏]
拫據指示照做仍然無效,有设有其他高招? 麻煩 , 麻煩


熱門搜尋: video conference 手機

TOP HOME

伸延閱讀
 30 12
 提示:支持鍵盤翻頁 ←左 右→ 發新話題發佈投票

重要聲明:本討論區是以即時上載留言的方式運作,Uwants.com討論區對所有留言的真實性、完整性及立場等,不負任何法律責任。而一切留言之言論只代表留言者個人意見,並非本網站之立場,讀者及用戶不應信賴內容,並應自行判斷內容之真實性。於有關情形下,讀者及用戶應尋求專業意見(如涉及醫療、法律或投資等問題)。 由於本討論區受到「即時上載留言」運作方式所規限,故不能完全監察所有留言,若讀者及用戶發現有留言出現問題,請聯絡我們。Uwants.com討論區有權刪除任何留言及拒絕任何人士上載留言 (刪除前或不會作事先警告及通知 ),同時亦有不刪除留言的權利,如有任何爭議,管理員擁有最終的詮釋權。用戶切勿撰寫粗言穢語、誹謗、渲染色情暴力或人身攻擊的言論,敬請自律。本網站保留一切法律權利。


Copyright © 2003- Uwants.com All Right Reserved.
版權所有,不得轉載。

10.0.0.14