標題 新增找內文!

0GP-BP

#321 RE:⊙毒駭處理法⊙殺毒、分析、諮詢、安全

發表:2008-09-24 03:04:53看他的文開啟圖片

lawlaw()

狙擊之眼 LV38 / / 劍士
巴幣:85154
GP:617
經驗:

※ 引述《lovecold (小豬頭)》之銘言:
> C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\AutoDetect.exe
> C:\Program Files\Crazy Browser\Crazy Browser.exe
> C:\Program Files\Open PCMan\PCMan.exe
> C:\Program Files\vghd\VirtuaGirl_Downloader.exe

請問以上那幾個是你自己安裝的嗎? 不是的話建議移除.

> O4 - HKCU\..\Run: [Ceedo AutoDetect] C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\AutoDetect.exe /active

以上這串是autodetect.exe的啟動指令,如果你想移除的話,先在這串前面打勾,按
fix checked,再到安全模式 (重開機然後不停按F8)刪除以上那些檔案.

> O1 - Hosts: 65.54.239.80 dp.msnmessenger.akadns.net

請問你認識這個65.54.239.80的ip嗎?

> O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
> O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
> O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE

這幾串也建議刪除,在這幾串前面打勾,按fix checked.
重開到安全模式中把C:/Windows/ALCMTR.EXE刪除.
最後編輯:2008-09-24 03:04:53 ◆ Origin: <72.166.136.xxx>
0GP-BP

#322 RE:⊙毒駭處理法⊙殺毒、分析、諮詢、安全

發表:2008-09-24 04:13:49看他的文開啟圖片

dream1397(dream1397)

客串討論版的遊俠 LV22 / / 盜賊
巴幣:27364
GP:55
經驗:

今日AVAST偵測到
C:\WINDOWS\System32\WINSYS2.EXE
說是病毒
用GOOGLE搜了一下有人說是顯示卡的執行檔


應為我上週就是AVAST偵測就到WINSYS2.EXE
結果我去隔離區
砍檔後就無法上網
結果重灌卻又出現了

而且重灌砍的好像
是在AVAST的系統隔離區的
kernel32.dll
winsock.dll
wsock32.dll

那我該WINSYS2.EXE忽略嗎還是砍了
最後編輯:2008-09-24 04:13:49 ◆ Origin: <218.173.130.xxx>
0GP-BP

#323 RE:⊙毒駭處理法⊙殺毒、分析、諮詢、安全

發表:2008-09-24 04:20:11看他的文開啟圖片

lawlaw()

狙擊之眼 LV38 / / 劍士
巴幣:85174
GP:617
經驗:

※ 引述《s211025602 (無法言喻)》之銘言:
> O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE

報告正常,上面這串建議移除.
在hijackthis中找出這串,在前面打勾再按fix checked.
重開機到安全模式,把C:/Windows/ALCMTR.EXE刪除即可.
最後編輯:2008-09-24 04:20:11 ◆ Origin: <72.166.136.xxx>
0GP-BP

#324 RE:⊙毒駭處理法⊙殺毒、分析、諮詢、安全

發表:2008-09-24 04:46:03看他的文開啟圖片

lawlaw()

狙擊之眼 LV38 / / 劍士
巴幣:85194
GP:617
經驗:

※ 引述《qwe6431241 (呆呆猴)》之銘言:
> 有,從印表機那邊就把它們全部刪除,並且重新開機。
> 沒有。
> 一開始是HP本身Update有問題,我寄信給他們工程師之後,他們工程師給了刪除HP更新的選項。但是,我一開始選錯,好像選到別項,然後第二個動作才是刪除HP更新。
> 對,可以正常運作(影印),但是,本身的程式可能跟Vista相衝或怎樣,
> 據我所知,HP某程式是跟Office 2007有問題的:(問題報告及解決方案)
> 產品
> Microsoft Office Word
> 問題
> 已停止運作
> 日期
> 2008/9/14 00:41
> 狀態
> 有可用的解決方案
> 問題簽章
> 問題事件名稱:    APPCRASH
> 應用程式名稱:    WINWORD.EXE
> 應用程式版本:    12.0.6308.5000
> 應用程式時間戳記:    47e547c5
> 錯誤模組名稱:    hpz3r5ha.dll
> 錯誤模組版本:    61.71.246.0
> 錯誤模組時間戳記:    460a27bd
> 例外狀況代碼:    c0000005
> 例外狀況位移:    000467e8
> 作業系統版本:    6.0.6001.2.1.0.768.3
> 地區設定識別碼:    1028
> 問題的額外資訊
> LCID:    1028
> Brand:    Office12Crash
> skulcid:    1028
> 陣列識別碼:    746844202
> 所以我是那時是想說把那個Program刪除就沒事...結果就變這樣了...。
> 驅動程式本身沒有衝突到(我的感覺),可能是附屬的程式,
> 像是掃描器、還有一堆有的沒的之類的。
> 新舊都試過,卡在某個地方就會發生錯誤,關閉。(慢慢補上圖)
> 首先這是我現在有在我電腦的HP印表機驅動程式、應用程式程式...
> 首先,我先刪掉 HP Update→成功結束;再來刪除HPSSupply→成功結束。
> 再來試著刪除HP Photosmart Essetial 2.01 出現了以下視窗:
> 接著,試著刪除HP Solution Center9.0出現的視窗同上...。
> 再接著,試著刪除  All-In-One 出現的視窗同上...。
> 最後,試著刪除 Participation Program 還是同上...。
> 再接著,我插入光碟片,直接出現:
> 按下移除安裝過後,沒有回應...只提示了個 是否刪除? 按是過後 沒有了回應!!
> 接著,我按下安裝...選擇建議選項,然後再選擇下一步,跑到一半就變成下面情形...
> 接著,我按下關閉程式又出現了:
> 再按下確定後:
> 至於,是不是別的軟體所致,我不確定,我電腦也剛重灌完,
> 加裝了Office以及Dr.eye之類的,還有一些遊戲,
> 除了IE及Office 2007之外,都沒有與之衝突的情況發生。

請問你的印表機型號是什麼? 我可以嘗試幫你找一下問題的原因.

另外當你用光碟'移除安裝'後,雖然沒有回應,但你有沒有回去看印表機的驅動程式
上,HP Photosmart Essetial 2.01, All-In-One和Participation Program有沒有
被移除?

如果都不能移除的話,可以嘗試在hijackthis中移除.
打開hijackthis,選Open the Misc Tools section.
在System tools中選Open Uninstall Manager.
在左邊的列表中找出以上檔案,然後按Delete this entry.

這是最後一步,真的沒有辦法移除那些檔案才用這個.
然後重開機後再嘗試重新安裝驅動程式.

HP Photosmart Essetial是圖像軟體,應該跟這個問題無關. 不過為免有任何出錯,
還是先把它刪掉.

另外一點就是可以嘗試在安全模式中用光碟或新增/移除程式刪除以上檔案.
最後編輯:2008-09-24 04:46:03 ◆ Origin: <72.166.136.xxx>
0GP-BP

#325 RE:⊙毒駭處理法⊙殺毒、分析、諮詢、安全

發表:2008-09-24 04:56:42看他的文開啟圖片

lawlaw()

狙擊之眼 LV38 / / 劍士
巴幣:85214
GP:617
經驗:

※ 引述《dream1397 (dream1397)》之銘言:
> 今日AVAST偵測到
> C:\WINDOWS\System32\WINSYS2.EXE
> 說是病毒
> 用GOOGLE搜了一下有人說是顯示卡的執行檔
> 應為我上週就是AVAST偵測就到WINSYS2.EXE
> 結果我去隔離區
> 砍檔後就無法上網
> 結果重灌卻又出現了
> 而且重灌砍的好像
> 是在AVAST的系統隔離區的
> kernel32.dll
> winsock.dll
> wsock32.dll
> 那我該WINSYS2.EXE忽略嗎還是砍了

這個是病毒檔,最好盡快移除.
kernel32.dll, winsock.dll和wsock32.dll是重要檔案,不能移除.
最後編輯:2008-09-24 04:56:42 ◆ Origin: <72.166.136.xxx>
0GP-BP

#326 RE:⊙毒駭處理法⊙殺毒、分析、諮詢、安全

發表:2008-09-24 05:19:05看他的文開啟圖片

dream1397(dream1397)

客串討論版的遊俠 LV22 / / 盜賊
巴幣:27404
GP:55
經驗:

※ 引述《lawlaw ()》之銘言:
> 這個是病毒檔,最好盡快移除. 
> kernel32.dll, winsock.dll和wsock32.dll是重要檔案,不能移除. 
想再請問一下要怎麼移除
進安全模式殺麼
我進安全模式看到是WinSys2

怕殺錯
還是用防毒軟體直接砍了
最後編輯:2008-09-24 05:19:05 ◆ Origin: <218.173.130.xxx>
0GP-BP

#327 RE:⊙毒駭處理法⊙殺毒、分析、諮詢、安全

發表:2008-09-24 05:48:54看他的文開啟圖片

lawlaw()

狙擊之眼 LV38 / / 劍士
巴幣:85234
GP:617
經驗:

※ 引述《dream1397 (dream1397)》之銘言:
> 想再請問一下要怎麼移除
> 進安全模式殺麼
> 我進安全模式看到是WinSys2
> 怕殺錯
> 還是用防毒軟體直接砍了

用軟體砍,如果你的防毒軟體有提供刪除的選擇那就用它刪. 沒有的話可以用
malwarebytes,你可以在這篇(這頁或上一頁)就可以找到下載和安網malwarebytes
的方法.
最後編輯:2008-09-24 05:48:54 ◆ Origin: <72.166.136.xxx>
0GP-BP

#328 RE:⊙毒駭處理法⊙殺毒、分析、諮詢、安全

發表:2008-09-24 16:20:11看他的文開啟圖片

M333261(鬼研社社長)

未夠班的勇者 LV23 / / 法師
巴幣:31742
GP:161
經驗:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 下午 04:14:39, on 2008/9/24
Platform: Windows 2000 SP4 (WinNT 5.00.2195)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Boot mode: Normal

Running processes:
C:\winnt\System32\smss.exe
C:\winnt\system32\winlogon.exe
C:\winnt\system32\services.exe
C:\winnt\system32\lsass.exe
C:\winnt\system32\svchost.exe
C:\winnt\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\system32\svchost.exe
C:\winnt\system32\svchost.exe
C:\winnt\system32\nvsvc32.exe
C:\WINNT\system32\svchost.exe
C:\winnt\system32\regsvc.exe
C:\winnt\System32\WBEM\WinMgmt.exe
C:\winnt\system32\svchost.exe
C:\winnt\Explorer.EXE
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
C:\winnt\system32\RUNDLL32.EXE
C:\winnt\RTHDCPL.EXE
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\Program Files\NetLimiter\NetLimiter.exe
C:\winnt\system32\ctfmon.exe
C:\Program Files\Common Files\Ahead\lib\NMBgMonitor.exe
C:\Program Files\KKman\KKMAN.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R3 - URLSearchHook: MyUrlSearchHook Class - {2ACECADE-0BC7-4C6F-95CF-A221CC161B52} - C:\PROGRA~1\JWord\Plugin2\jwdsrch.dll
O2 - BHO: btorbit.com - {000123B4-9B42-4900-B3F7-F4B073EFC214} - C:\Program Files\Orbitdownloader\orbitcth.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: BitComet ClickCapture - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - C:\Program Files\BitComet\tools\BitCometBHO_1.2.6.26.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: WebPerform - {AB692F9B-27FE-4511-8885-ED62BB45197B} - C:\WINNT\system32\webperform.dll
O2 - BHO: PChome Context Menu - {CCAC9B65-EE47-4164-8EB6-E35C51735831} - C:\Program Files\PChome\Uploader\dll\PChomeCustMenu.dll
O3 - Toolbar: @msdxmLC.dll,-1@1028,收音機[&R] - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINNT\system32\msdxm.ocx
O3 - Toolbar: Grab Pro - {C55BBCD6-41AD-48AD-9953-3609C48EACC7} - C:\Program Files\Orbitdownloader\GrabPro.dll
O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINNT\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINNT\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [SkyTel] SkyTel.EXE
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKLM\..\Run: [CJIMETIPSYNC] ; C:\Program Files\Common Files\Microsoft Shared\IME\IMTC65\CHANGJIE\CINTLCFG.EXE /CJIMETIPSync
O4 - HKLM\..\Run: [PHIMETIPSYNC] C:\Program Files\Common Files\Microsoft Shared\IME\IMTC65\PHONETIC\TINTLCFG.EXE /PHIMETIPSync
O4 - HKLM\..\Run: [NWEReboot] ;
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [ISUSPM Startup] ; C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
O4 - HKLM\..\Run: [ISUSScheduler] ; "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [jwdsrch] C:\Program Files\JWord\Plugin2\jwdsrch.exe
O4 - HKLM\..\Run: [NetLimiter] C:\Program Files\NetLimiter\NetLimiter.exe /s
O4 - HKCU\..\Run: [ctfmon.exe] ctfmon.exe
O4 - HKCU\..\Run: [updateMgr] C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe AcRdB7_0_9
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [DAEMON Tools Lite] ; "C:\Program Files\DAEMON Tools\daemon.exe"
O4 - HKUS\.DEFAULT\..\Run: [ctfmon.exe] ctfmon.exe (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunOnce: [^SetupICWDesktop] C:\Program Files\Internet Explorer\Connection Wizard\icwconn1.exe /desktop (User 'Default user')
O8 - Extra context menu item: &Download by Orbit - res://C:\Program Files\Orbitdownloader\orbitmxt.dll/201
O8 - Extra context menu item: &Grab video by Orbit - res://C:\Program Files\Orbitdownloader\orbitmxt.dll/204
O8 - Extra context menu item: &使用BitComet下載本頁視訊 - res://C:\Program Files\BitComet\BitComet.exe/AddVideo.htm
O8 - Extra context menu item: Do&wnload selected by Orbit - res://C:\Program Files\Orbitdownloader\orbitmxt.dll/203
O8 - Extra context menu item: Down&load all by Orbit - res://C:\Program Files\Orbitdownloader\orbitmxt.dll/202
O8 - Extra context menu item: JWord 尜仑伫兖?钯 - res://C:\PROGRA~1\JWord\Plugin2\jwdsrch.dll/300
O8 - Extra context menu item: 使用BitComet下載全部連結 - res://C:\Program Files\BitComet\BitComet.exe/AddAllLink.htm
O8 - Extra context menu item: 使用BitComet下載連結(&B) - res://C:\Program Files\BitComet\BitComet.exe/AddLink.htm
O8 - Extra context menu item: 匯出至 Microsoft Office Excel(&X) - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java 主控台 - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\winnt\web\related.htm
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\winnt\web\related.htm
O11 - Options group: [JWDSearch]  JWord 纡?角伫?
O16 - DPF: {0A34F491-7249-4BAC-8E46-04DB2CA764CB} (JWord) - http://download.jword.jp/soft/jwd2download.htm?partner=artemis__fltad&
O16 - DPF: {A22B8FD2-4CAA-4EFB-82F7-680CD656D9B0} (NowStarter Control) - http://www.gogobox.com.tw/neo.fld/GNowStarter.cab
O16 - DPF: {C8F5F737-2683-40B8-BFB6-47B15AC20A79} (Game Starter Control) - https://gash.gamania.co.jp/acxauth/cab/1_2_40/lcjggame.cab
O23 - Service: Avira AntiVir Personal – Free Antivirus Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: Avira AntiVir Personal – Free Antivirus Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: BITTSL (Background Intelligent Transl) - Remote ABC - C:\Program Files\WinRAR\winrbr.exe
O23 - Service: Logical Disk Manager Administrative Service (dmadmin) - VERITAS Software Corp. - C:\winnt\System32\dmadmin.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: BITTS DATA (Intelligent DATA) - Unknown owner - C:\Program.exe (file missing)
O23 - Service: WinFast(R) Display Driver Service (NVSvc) - NVIDIA Corporation - C:\winnt\system32\nvsvc32.exe

--
End of file - 7171 bytes


最近電腦一直吱吱叫
麻煩幫我看一下
謝謝!!

最後編輯:2008-09-24 16:20:11 ◆ Origin: <122.146.243.xxx>
0GP-BP

#329 RE:⊙毒駭處理法⊙殺毒、分析、諮詢、安全

發表:2008-09-25 00:48:11看他的文開啟圖片

lawlaw()

狙擊之眼 LV38 / / 劍士
巴幣:85339
GP:622
經驗:

※ 引述《M333261 (鬼研社社長)》之銘言:
> O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE

你的報告正常,只有以上這個建議移除.
在hijackthis中找出這串,在前面打勾,再按fix checked.
重開機到安全模式,把C:/winnt/ALCMTR.EXE刪除即可.

你電腦的叫聲應該不是來自軟體,你可以檢查一下電腦的風扇有沒有很多灰塵.
最後編輯:2008-09-25 00:48:11 ◆ Origin: <72.166.136.xxx>
0GP-BP

#330 RE:⊙毒駭處理法⊙殺毒、分析、諮詢、安全

發表:2008-09-25 01:41:46看他的文開啟圖片

qwe6431241(呆呆猴)

未夠班的勇者 LV18 / / 法師
巴幣:13069
GP:73
經驗:

※ 引述《lawlaw ()》之銘言:
> 請問你的印表機型號是什麼? 我可以嘗試幫你找一下問題的原因. 
HP Deskjet F4185
> 另外當你用光碟'移除安裝'後,雖然沒有回應,但你有沒有回去看印表機的驅動程式 
> 上,HP Photosmart Essetial 2.01, All-In-One和Participation Program有沒有 
> 被移除? 
沒有,好好的待在那邊不動。
> 如果都不能移除的話,可以嘗試在hijackthis中移除. 
> 打開hijackthis,選Open the Misc Tools section. 
> 在System tools中選Open Uninstall Manager. 
> 在左邊的列表中找出以上檔案,然後按Delete this entry. 
> 這是最後一步,真的沒有辦法移除那些檔案才用這個. 
> 然後重開機後再嘗試重新安裝驅動程式. 
我試了一下,安裝時,還是什麼Plug-In發生問題,又是關閉程式。
> HP Photosmart Essetial是圖像軟體,應該跟這個問題無關. 不過為免有任何出錯, 
> 還是先把它刪掉. 
我用不到我會刪。
> 另外一點就是可以嘗試在安全模式中用光碟或新增/移除程式刪除以上檔案.  
這點我倒是沒看到...
我已經用hijackthis刪除他們了...也都不見了...
等有空我再用光碟進行解除安裝。


最後編輯:2008-09-25 01:41:46 ◆ Origin: <122.121.155.xxx>
0GP-BP

#331 RE:⊙毒駭處理法⊙殺毒、分析、諮詢、安全

發表:2008-09-25 03:14:38看他的文開啟圖片

lawlaw()

狙擊之眼 LV38 / / 劍士
巴幣:85379
GP:622
經驗:

※ 引述《qwe6431241 (呆呆猴)》之銘言:
> HP Deskjet F4185
> 沒有,好好的待在那邊不動。
> 我試了一下,安裝時,還是什麼Plug-In發生問題,又是關閉程式。
> 我用不到我會刪。
> 這點我倒是沒看到...
> 我已經用hijackthis刪除他們了...也都不見了...
> 等有空我再用光碟進行解除安裝。

我剛剛看過hp官網,雖然找不到跟你一樣的情況,但找到一個是關於安裝在windows
vista上的文章:

http://h10025.www1.hp.com/ewfrf/wc/document?docname=c00045587&lc=en&dlc=en&cc=my&lang=en&rule=12996&product=3235312

這個是它的網址,是英文的.
那篇文章是當你連接該產品後,電腦無法完成plug and play的安裝程序. 他們建議
你移除,並重灌hp的驅動程式和軟體. 以下為其步驟:

步驟一: 移除hp程式
1. 放入hp cd.
2. 當"歡迎來到hp!"的視窗出現時,按離開或關閉視窗.
3. 在桌面的開始按鈕中輸入'run',按enter.
4. 按'瀏覽',在cd-rom(d糟),找尋並打開資料夾'Util',然後打開資料夾'CCC'.
5. 如果你的vista是32-bit的話,請選'Uninstall_L3.bat',然後按確定. 如果你的
vista是64-bit,請選'Uninstall_L3_64.bat',然後按確定.

步驟二: 執行磁碟清理:
在我的電腦中,把曾經裝有hp程式的磁碟清理. 刪除所有暫存檔案.

步驟三: 關閉所有背景程式: (進行這步前最好把現在'啟動'的頁面拍下來)
1. 在開始的搜尋欄中輸入'msconfig',按確定.
2. 打開'啟動'的頁面.
3. 按'全部停用'(翻譯可能不同),停用所有啟動電腦時會自動啟動的程式.
4. 打開'服務'的頁面.
5. 選'隱藏所有Microsoft服務'.
6. 按'全部停用',確定後重新開機.

步驟四: 重新安裝hp程式:
1. 再次放入hp cd.
2. 如果hp cd沒有自動播放,則在開始中的搜尋欄中輸入'run'.
3. 輸入'D:\setup.exe'(d糟為你的cd-rom).

步驟五: 重新啟動msconfig的自動啟動程式:
1. 在msconfig中打開'啟動'頁面.
2. 把之前有打勾的程式再次打勾.
3. 在'服務'的頁面中重新啟動所有microsoft的服務 (就像之前).
4. 按確定,然後重開電腦.

你可以先試試這個,不行的話再想其他辦法.
最後編輯:2008-09-25 03:14:38 ◆ Origin: <72.166.136.xxx>
0GP-BP

#332 RE:⊙毒駭處理法⊙殺毒、分析、諮詢、安全

發表:2008-09-25 15:56:29看他的文開啟圖片

youi6978(生命誠可貴)

伺機而動的影武者 LV16 / / 僧侶
巴幣:10950
GP:21
經驗:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 下午 03:45:02, on 2008/9/25
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\Program Files\F-Secure\Common\FSM32.EXE
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.EXE
C:\Program Files\NetLimiter\NetLimiter.exe
C:\Program Files\LEXMA\3D Wheel Laser Mouse\1.0a\ACQTMAPP.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\DAEMON Tools Lite\daemon.exe
C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe
C:\WINDOWS\system32\conime.exe
C:\Program Files\WowUSBProtector\WowUSBSecurity.exe
C:\Program Files\LEXMA\3D Wheel Laser Mouse\1.0a\ACQHIDCL.DAT
C:\PROGRA~1\F-Secure\BackWeb\7681197\Program\SERVIC~1.EXE
C:\Program Files\F-Secure\Anti-Virus\fsgk32st.exe
C:\Program Files\F-Secure\Anti-Virus\FSGK32.EXE
C:\Program Files\F-Secure\BackWeb\7681197\program\fsbwsys.exe
C:\Program Files\F-Secure\Common\FSMA32.EXE
C:\Program Files\F-Secure\Anti-Virus\fssm32.exe
C:\Program Files\F-Secure\Common\FSMB32.EXE
C:\WINDOWS\system32\oodag.exe
C:\Program Files\F-Secure\BackWeb\7681197\Program\F-Secure Automatic Update.exe
C:\Program Files\F-Secure\Common\FCH32.EXE
C:\Program Files\F-Secure\Common\FAMEH32.EXE
C:\Program Files\F-Secure\Anti-Virus\fsqh.exe
C:\Program Files\F-Secure\Anti-Virus\fsrw.exe
C:\Program Files\F-Secure\Common\FNRB32.EXE
C:\Program Files\F-Secure\Common\FIH32.EXE
C:\Program Files\F-Secure\Anti-Virus\fsav32.exe
C:\PROGRA~1\F-Secure\ANTI-S~1\fsaw.exe
C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe
C:\Program Files\F-Secure\FSGUI\fsguidll.exe
C:\Program Files\Windows Live\Messenger\usnsvc.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\WowUSBProtector\WowUSBAutoUpdate.exe
C:\Program Files\WowUSBProtector\WowUSBAutoUpdate.exe
C:\Program Files\F-Secure\FWES\Program\fsdfwd.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live 登入小幫手 - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O3 - Toolbar: Dr.eye WebPage Translation - {92B255FE-94E2-4BCA-958D-3926CE38913F} - C:\Program Files\Inventec\Dreye\DreyeMT\DreyeIEBar.dll
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [StartCCC] "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKLM\..\Run: [CJIMETIPSYNC] C:\Program Files\Common Files\Microsoft Shared\IME\IMTC65\CHANGJIE\CINTLCFG.EXE /CJIMETIPSync
O4 - HKLM\..\Run: [PHIMETIPSYNC] C:\Program Files\Common Files\Microsoft Shared\IME\IMTC65\PHONETIC\TINTLCFG.EXE /PHIMETIPSync
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [F-Secure Manager] "C:\Program Files\F-Secure\Common\FSM32.EXE" /splash
O4 - HKLM\..\Run: [F-Secure TNB] "C:\Program Files\F-Secure\TNB\TNBUtil.exe" /CHECKALL /WAITFORSW
O4 - HKLM\..\Run: [NetLimiter] C:\Program Files\NetLimiter\NetLimiter.exe /s
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [UserFaultCheck] %systemroot%\system32\dumprep 0 -u
O4 - HKLM\..\Run: [ACQTMOUSE] "C:\Program Files\LEXMA\3D Wheel Laser Mouse\1.0a\ACQTMAPP.exe"
O4 - HKLM\..\Run: [WowUSBSecurity] "C:\Program Files\WowUSBProtector\start.bat"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\daemon.exe"
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [Messenger (Yahoo!)] "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet
O4 - HKCU\..\Run: [SRS Audio Sandbox] "C:\Program Files\SRS Labs\Audio Sandbox\SRSSSC.exe" /hideme
O4 - HKCU\..\Run: [jvsoft] C:\WINDOWS\system32\j3ewro.exe
O4 - HKCU\..\Run: [tasoft] C:\WINDOWS\system32\kxvo.exe
O4 - HKUS\S-1-5-19\..\Run: [ctfmon.exe] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [ctfmon.exe] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [ctfmon.exe] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [ctfmon.exe] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O8 - Extra context menu item: &Block this popup - C:\Program Files\F-Secure\Anti-Spyware\blockpopups.htm
O8 - Extra context menu item: Foxy 下載 - res://C:\Program Files\Foxy\Foxy.exe/download.htm
O8 - Extra context menu item: Foxy 搜尋 - res://C:\Program Files\Foxy\Foxy.exe/search.htm
O8 - Extra context menu item: 下載編碼內容(&D.S.Lite) - C:\Documents and Settings\132\桌面\DSLite2.07\dl_text.html
O8 - Extra context menu item: 下載編碼內容(S&martGet) - C:\Documents and Settings\132\桌面\SmartGet1.45\dl_text.html
O8 - Extra context menu item: 下載編碼檔案內容(&D.S.Lite) - C:\Documents and Settings\132\桌面\DSLite2.07\dl_url.html
O8 - Extra context menu item: 使用S&martGet下載 - C:\Documents and Settings\132\桌面\SmartGet1.45\dl_link.htm
O8 - Extra context menu item: 全部使用Smart&Get下載 - C:\Documents and Settings\132\桌面\SmartGet1.45\dl_all.htm
O8 - Extra context menu item: 匯出至 Microsoft Office Excel(&X) - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java 主控台 - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: IE Shield - {300DB664-75B5-47c0-8B45-A44ACCF73C00} - C:\Program Files\F-Secure\Anti-Spyware\ieshield.dll
O9 - Extra 'Tools' menuitem: IE Shield... - {300DB664-75B5-47c0-8B45-A44ACCF73C00} - C:\Program Files\F-Secure\Anti-Spyware\ieshield.dll
O9 - Extra button: 參考資料 - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: D.S.Lite - {F8475519-8412-4D40-A46E-692D9D04DF7F} - C:\Documents and Settings\132\桌面\DSLite2.07\DSLite.exe (file missing)
O9 - Extra 'Tools' menuitem: &D.S.Lite - {F8475519-8412-4D40-A46E-692D9D04DF7F} - C:\Documents and Settings\132\桌面\DSLite2.07\DSLite.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1212688958641
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1212695681093
O16 - DPF: {7FC1B346-83E6-4774-8D20-1A6B09B0E737} (Windows Live Photo Upload Control) - http://2005-05-11.spaces.live.com/PhotoUpload/MsnPUpld.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{DFEA6730-9CC6-41F8-8102-B69ADF6EF032}: NameServer = 168.95.192.1 168.95.1.1
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: F-Secure Automatic Update (BackWeb Plug-in - 7681197) - F-Secure Automatic Update - C:\PROGRA~1\F-Secure\BackWeb\7681197\Program\SERVIC~1.EXE
O23 - Service: FSGKHS (F-Secure Gatekeeper Handler Starter) - F-Secure Corp. - C:\Program Files\F-Secure\Anti-Virus\fsgk32st.exe
O23 - Service: F-Secure Network Request Broker - F-Secure Corporation - C:\Program Files\F-Secure\Common\FNRB32.EXE
O23 - Service: fsbwsys - F-Secure Corp. - C:\Program Files\F-Secure\BackWeb\7681197\program\fsbwsys.exe
O23 - Service: F-Secure Anti-Virus Firewall Daemon (FSDFWD) - F-Secure Corporation - C:\Program Files\F-Secure\FWES\Program\fsdfwd.exe
O23 - Service: F-Secure Management Agent (FSMA) - F-Secure Corporation - C:\Program Files\F-Secure\Common\FSMA32.EXE
O23 - Service: O&O Defrag - O&O Software GmbH - C:\WINDOWS\system32\oodag.exe

--
End of file - 9210 bytes

幫個忙吧 @@...我只知道我有中木馬 可是刪不掉
最後編輯:2008-09-25 15:56:29 ◆ Origin: <220.136.3.xxx>
0GP-BP

#333 RE:⊙毒駭處理法⊙殺毒、分析、諮詢、安全

發表:2008-09-25 16:05:23看他的文開啟圖片

ken30130()

懵懂無知的初心者 LV13 / / 初心者
巴幣:3724
GP:2
經驗:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 下午 04:03:09, on 2008/9/25
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16705)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nTrayFw.exe
C:\WINDOWS\Mixer.exe
C:\Program Files\Eset\nod32kui.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\WINDOWS\system32\RunDLL32.exe
C:\Program Files\JWord\Plugin2\jwdsrch.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe
C:\Program Files\Eset\nod32krn.exe
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcIp.exe
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcLog.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcAppFlt.exe
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe
C:\WINDOWS\system32\WgaTray.exe
C:\Program Files\Windows Live\Messenger\usnsvc.exe
C:\Program Files\KKman\KKMAN.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R3 - URLSearchHook: MyUrlSearchHook Class - {2ACECADE-0BC7-4C6F-95CF-A221CC161B52} - C:\PROGRA~1\JWord\Plugin2\jwdsrch.dll
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\yt.dll
O2 - BHO: Yahoo!??? - {1F68E72C-50E5-44B8-8F56-6A54D3AF1DA4} - C:\Program Files\Yahoo!\Companion\Installs\ypho.dll
O2 - BHO: flashget urlcatch - {2F364306-AA45-47B5-9F9D-39A8B94E7EF7} - C:\Program Files\FlashGet\jccatch.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Skype Control Class - {9018F6A8-2495-45DF-9F16-C738F8F3C8FF} - C:\WINDOWS\system32\SkypeComm.dll
O2 - BHO: Windows Live 登入小幫手 - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: WebPerform - {AB692F9B-27FE-4511-8885-ED62BB45197B} - C:\WINDOWS\system32\webperform.dll
O2 - BHO: ALiBaBar_Helper - {CE439C63-384A-747A-A357-23D96B5D652B} - C:\PROGRA~1\ALiBaBar\ALiBaBar.dll
O2 - BHO: FlashGet GetFlash Class - {F156768E-81EF-470C-9057-481BA8380DBA} - C:\Program Files\FlashGet\getflash.dll
O3 - Toolbar: ALiBaBar - {0A1375E1-56C2-11D6-8E45-8933A0FB5235} - C:\PROGRA~1\ALiBaBar\ALiBaBar.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: &Yahoo!? - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\yt.dll
O4 - HKLM\..\Run: [IMJPMIG8.1] C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [nTrayFw] C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nTrayFw.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [C-Media Mixer] Mixer.exe /startup
O4 - HKLM\..\Run: [nod32kui] "C:\Program Files\Eset\nod32kui.exe" /WAITSERVICE
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe"  -osboot
O4 - HKLM\..\Run: [NvMediaCenter] RunDLL32.exe NvMCTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [PHIMETIPSYNC] C:\Program Files\Common Files\Microsoft Shared\IME\IMTC65\Phonetic\TINTLCFG.EXE /PHIMETIPSync
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [jwdsrch] C:\Program Files\JWord\Plugin2\jwdsrch.exe
O4 - HKLM\..\Run: [CloneCDTray] "C:\Program Files\SlySoft\CloneCD\CloneCDTray.exe" /s
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKUS\S-1-5-19\..\Run: [ctfmon.exe] C:\WINDOWS\System32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [ctfmon.exe] C:\WINDOWS\System32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [ctfmon.exe] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [ctfmon.exe] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O8 - Extra context menu item: &使用 FlashGet 下載 - C:\Program Files\FlashGet\jc_link.htm
O8 - Extra context menu item: &使用BitComet下載本頁視訊 - res://C:\Documents and Settings\我\桌面\BitComet_0.90\BitComet.exe/AddVideo.htm
O8 - Extra context menu item: &全部使用 FlashGet 下載 - C:\Program Files\FlashGet\jc_all.htm
O8 - Extra context menu item: Foxy 下載 - res://C:\Program Files\Foxy\Foxy.exe/download.htm
O8 - Extra context menu item: Foxy 搜尋 - res://C:\Program Files\Foxy\Foxy.exe/search.htm
O8 - Extra context menu item: JWord ? - res://C:\PROGRA~1\JWord\Plugin2\jwdsrch.dll/300
O8 - Extra context menu item: 使用BitComet下載全部連結 - res://C:\Documents and Settings\我\桌面\BitComet_0.90\BitComet.exe/AddAllLink.htm
O8 - Extra context menu item: 使用BitComet下載連結(&B) - res://C:\Documents and Settings\我\桌面\BitComet_0.90\BitComet.exe/AddLink.htm
O8 - Extra context menu item: 剪貼簿文字:  簡 > 繁 - res://C:\Program Files\ALiBaBar\ALiBaBar.dll/RT_HTML/ClipToTrad
O8 - Extra context menu item: 剪貼簿文字:  繁 > 簡 - res://C:\Program Files\ALiBaBar\ALiBaBar.dll/RT_HTML/ClipToSim
O8 - Extra context menu item: 匯出至 Microsoft Excel(&X) - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: 添加到AMV視頻轉換工具... - C:\Program Files\MP3播放器管理工具 4.17\AMVConverter\grab.html
O8 - Extra context menu item: 網頁:  [簡體] 顯示 - res://C:\Program Files\ALiBaBar\ALiBaBar.dll/RT_HTML/PageToSim
O8 - Extra context menu item: 網頁:  [繁體] 顯示 - res://C:\Program Files\ALiBaBar\ALiBaBar.dll/RT_HTML/PageToTrad
O9 - Extra button: JWord ?? - {34D67ED2-C837-4627-838C-2264E347D291} - http://www.jword.jp/intro/?partner=AP&type=lk&frm=iebutton&pver=2 (file missing)
O9 - Extra 'Tools' menuitem: JWord ?? - {34D67ED2-C837-4627-838C-2264E347D291} - http://www.jword.jp/intro/?partner=AP&type=lk&frm=iebutton&pver=2 (file missing)
O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\Program Files\FlashGet\FlashGet.exe
O9 - Extra 'Tools' menuitem: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\Program Files\FlashGet\FlashGet.exe
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O11 - Options group: [JWDSearch]  JWord ??
O15 - ESC Trusted Zone: http://*.update.microsoft.com
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/ZH-TW/a-UNO1/GAME_UNO1.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1181410112764
O16 - DPF: {A22B8FD2-4CAA-4EFB-82F7-680CD656D9B0} (NowStarter Control) - http://www.gogobox.com.tw/neo.fld/GNowStarter.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://messenger.zone.msn.com/binary/ZIntro.cab56649.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab56986.cab
O23 - Service: ForceWare Intelligent Application Manager (IAM) - Unknown owner - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcAppFlt.exe
O23 - Service: Forceware Web Interface (ForcewareWebInterface) - Apache Software Foundation - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: MSCSPTISRV - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\MSCSPTISRV.exe
O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset  - C:\Program Files\Eset\nod32krn.exe
O23 - Service: ForceWare IP service (nSvcIp) - NVIDIA Corporation - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcIp.exe
O23 - Service: ForceWare user log service (nSvcLog) - NVIDIA - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcLog.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: PACSPTISVR - Unknown owner - C:\Program Files\Common Files\Sony Shared\AVLib\PACSPTISVR.exe
O23 - Service: SonicStage Back-End Service - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SsBeSvc.exe
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe
O23 - Service: SonicStage SCSI Service (SSScsiSV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SSScsiSV.exe
O23 - Service: StarWind iSCSI Service (StarWindService) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe

--
End of file - 10377 bytes

麻煩幫看一下電腦有沒有問題
感恩喔

最後編輯:2008-09-25 16:05:23 ◆ Origin: <219.70.199.xxx>
0GP-BP

#334 RE:⊙毒駭處理法⊙殺毒、分析、諮詢、安全

發表:2008-09-25 16:14:55看他的文開啟圖片

oscarwu1(三眼奧斯卡)

疾影之魔導劍士 LV26 / / 劍士
巴幣:30333
GP:384
經驗:

※ 引述《youi6978 (生命誠可貴)》之銘言:
> O4 - HKCU\..\Run: [jvsoft] C:\WINDOWS\system32\j3ewro.exe 
> O4 - HKCU\..\Run: [tasoft] C:\WINDOWS\system32\kxvo.exe 

看到這兩筆記錄 ,也不要再多問了
請去找我寫的聖盾系統 ,或用Reinfors董寫的EFIX來修
你喜歡用張X維的KAVO_KILLER 也沒關係 ,只不過電腦會多些刪不掉的資料夾 ,病毒又刪不乾淨而已......

最後編輯:2008-09-25 16:14:55 ◆ Origin: <59.120.194.xxx>
0GP-BP

#335 RE:⊙毒駭處理法⊙殺毒、分析、諮詢、安全

發表:2008-09-25 17:26:10看他的文開啟圖片

s860729(泡泡)

懵懂無知的初心者 LV16 / / 盜賊
巴幣:16755
GP:1
經驗:

ComboFix 08-09-24.09 - Administrator 2008-09-25 17:13:22.2 - NTFSx86 MINIMAL
Microsoft Windows XP Professional  5.1.2600.2.950.1.1028.18.375 [GMT 8:00]
執行位置: C:\Documents and Settings\Administrator\桌面\ComboFix.exe
Command switches used :: /killall

[color=red][b]WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !![/b][/color]
.

((((((((((((((((((((((((((((((((((((((   其他遭刪除的檔案   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
---- Previous Run -------
.
C:\bot.txt
C:\Documents and Settings\All Users\lljydf16.ini
C:\Documents and Settings\All Users\lljydf32.ini
C:\Documents and Settings\All Users\zyndf16.ini
C:\Documents and Settings\user\Application Data\BITS
C:\Documents and Settings\user\Application Data\BITS\BITS.ini
C:\Documents and Settings\user\Application Data\BITS\DHTTable.dat
C:\Documents and Settings\user\Application Data\BITS\ProxyList.ini
C:\Documents and Settings\user\Application Data\BITS\UPnP.ini
C:\Documents and Settings\user\Cookies\user@ad.yieldmanager[1].txt
C:\Documents and Settings\user\Cookies\user@eyny[1].txt
C:\Program Files\internet explorer\msimg32.dll
C:\Program Files\uusee
C:\Program Files\uusee\bass-plugins.exe
C:\Program Files\uusee\def\1\[u]0[/u]00\index_new.html
C:\Program Files\uusee\def\1\[u]0[/u]00\uue_new.jpg
C:\Program Files\uusee\def\1\100\index_new.html
C:\Program Files\uusee\def\1\100\uue_new.jpg
C:\Program Files\uusee\def\1\aoyunzhibo\aoyunzhibo.html
C:\Program Files\uusee\def\1\cy\cy.html
C:\Program Files\uusee\def\1\dm\dm.html
C:\Program Files\uusee\def\1\dsj\dsj.html
C:\Program Files\uusee\def\1\dst\dst.html
C:\Program Files\uusee\def\1\dy\dy.html
C:\Program Files\uusee\def\1\jcjj\jcjj.html
C:\Program Files\uusee\def\1\jk\jk.html
C:\Program Files\uusee\def\1\ty\ty.html
C:\Program Files\uusee\def\1\wrj\wrj.html
C:\Program Files\uusee\def\1\yl\yl.html
C:\Program Files\uusee\def\1\yx\yx.html
C:\Program Files\uusee\def\1\zanting\no_play.html
C:\Program Files\uusee\def\1\zx\zx.html
C:\Program Files\uusee\def\2\11\index.html
C:\Program Files\uusee\def\2\12\index.html
C:\Program Files\uusee\def\2\200\bj.gif
C:\Program Files\uusee\def\2\200\index.html
C:\Program Files\uusee\def\2\300\index.html
C:\Program Files\uusee\def\2\400\bj.gif
C:\Program Files\uusee\def\2\400\index.html
C:\Program Files\uusee\def\2\500\index.html
C:\Program Files\uusee\def\2\600\index.html
C:\Program Files\uusee\def\UUDEF_Banner_1.gif
C:\Program Files\uusee\def\UUDEF_Banner_1.html
C:\Program Files\uusee\def\UUDEF_Banner_2.html
C:\Program Files\uusee\def\UUDEF_Banner_3.html
C:\Program Files\uusee\def\UUDEF_Banner_5.html
C:\Program Files\uusee\def\UUDEF_Banner_7.gif
C:\Program Files\uusee\def\UUDEF_Banner_7.html
C:\Program Files\uusee\def\UUDEF_Banner_8.gif
C:\Program Files\uusee\def\UUDEF_Banner_8.html
C:\Program Files\uusee\def\UUDEF_Buffering.html
C:\Program Files\uusee\def\UUDEF_Buffering.jpg
C:\Program Files\uusee\def\UUDEF_TextLink_0.xml
C:\Program Files\uusee\Download\?﹋1.flv
C:\Program Files\uusee\geturltodown.htm
C:\Program Files\uusee\geturltoplay.htm
C:\Program Files\uusee\skins\UUPlayer\About.bmp
C:\Program Files\uusee\skins\UUPlayer\Control_Button_FullScreen_1.bmp
C:\Program Files\uusee\skins\UUPlayer\Control_Button_FullScreen_2.bmp
C:\Program Files\uusee\skins\UUPlayer\Control_Button_FullScreen_3.bmp
C:\Program Files\uusee\skins\UUPlayer\Control_Button_pause_1.bmp
C:\Program Files\uusee\skins\UUPlayer\Control_Button_pause_2.bmp
C:\Program Files\uusee\skins\UUPlayer\Control_Button_pause_3.bmp
C:\Program Files\uusee\skins\UUPlayer\Control_Button_pause_4.bmp
C:\Program Files\uusee\skins\UUPlayer\Control_Button_Recording_1.bmp
C:\Program Files\uusee\skins\UUPlayer\Control_Button_Recording_2.bmp
C:\Program Files\uusee\skins\UUPlayer\Control_Button_Recording_3.bmp
C:\Program Files\uusee\skins\UUPlayer\Ctrl_CheckBox_1.bmp
C:\Program Files\uusee\skins\UUPlayer\Ctrl_CheckBox_2.bmp
C:\Program Files\uusee\skins\UUPlayer\Ctrl_CheckBox_3.bmp
C:\Program Files\uusee\skins\UUPlayer\Ctrl_CheckBox_4.bmp
C:\Program Files\uusee\skins\UUPlayer\Ctrl_CheckBox_C1.bmp
C:\Program Files\uusee\skins\UUPlayer\Ctrl_CheckBox_C2.bmp
C:\Program Files\uusee\skins\UUPlayer\Ctrl_CheckBox_C3.bmp
C:\Program Files\uusee\skins\UUPlayer\Ctrl_CheckBox_C4.bmp
C:\Program Files\uusee\skins\UUPlayer\Ctrl_ComboBox_1.bmp
C:\Program Files\uusee\skins\UUPlayer\Ctrl_ComboBox_2.bmp
C:\Program Files\uusee\skins\UUPlayer\Ctrl_ComboBox_3.bmp
C:\Program Files\uusee\skins\UUPlayer\Ctrl_ComboBox_4.bmp
C:\Program Files\uusee\skins\UUPlayer\Ctrl_Edit_1.bmp
C:\Program Files\uusee\skins\UUPlayer\Ctrl_Edit_4.bmp
C:\Program Files\uusee\skins\UUPlayer\Ctrl_PushButton_1.bmp
C:\Program Files\uusee\skins\UUPlayer\Ctrl_PushButton_2.bmp
C:\Program Files\uusee\skins\UUPlayer\Ctrl_PushButton_3.bmp
C:\Program Files\uusee\skins\UUPlayer\Ctrl_PushButton_4.bmp
C:\Program Files\uusee\skins\UUPlayer\Ctrl_RadioButton_1.bmp
C:\Program Files\uusee\skins\UUPlayer\Ctrl_RadioButton_2.bmp
C:\Program Files\uusee\skins\UUPlayer\Ctrl_RadioButton_3.bmp
C:\Program Files\uusee\skins\UUPlayer\Ctrl_RadioButton_4.bmp
C:\Program Files\uusee\skins\UUPlayer\Ctrl_RadioButton_C1.bmp
C:\Program Files\uusee\skins\UUPlayer\Ctrl_RadioButton_C2.bmp
C:\Program Files\uusee\skins\UUPlayer\Ctrl_RadioButton_C3.bmp
C:\Program Files\uusee\skins\UUPlayer\Ctrl_RadioButton_C4.bmp
C:\Program Files\uusee\skins\UUPlayer\Dlg_Back.bmp
C:\Program Files\uusee\skins\UUPlayer\Dlg_Detect.bmp
C:\Program Files\uusee\skins\UUPlayer\Dlg_Frame_1.bmp
C:\Program Files\uusee\skins\UUPlayer\Dlg_Frame_2.bmp
C:\Program Files\uusee\skins\UUPlayer\Dlg_Frame_3.bmp
C:\Program Files\uusee\skins\UUPlayer\Dlg_Record_Task_1.bmp
C:\Program Files\uusee\skins\UUPlayer\Icon_Information.bmp
C:\Program Files\uusee\skins\UUPlayer\Icon_Question.bmp
C:\Program Files\uusee\skins\UUPlayer\Icon_Stop.bmp
C:\Program Files\uusee\skins\UUPlayer\List_Header_D.bmp
C:\Program Files\uusee\skins\UUPlayer\List_Header_H.bmp
C:\Program Files\uusee\skins\UUPlayer\List_Header_N.bmp
C:\Program Files\uusee\skins\UUPlayer\List_Header_S.bmp
C:\Program Files\uusee\skins\UUPlayer\List_Header_Spliter.bmp
C:\Program Files\uusee\skins\UUPlayer\List_StatusErr.bmp
C:\Program Files\uusee\skins\UUPlayer\List_StatusExist.bmp
C:\Program Files\uusee\skins\UUPlayer\List_StatusFin.bmp
C:\Program Files\uusee\skins\UUPlayer\List_StatusNotFound.bmp
C:\Program Files\uusee\skins\UUPlayer\List_StatusPause.bmp
C:\Program Files\uusee\skins\UUPlayer\List_StatusPlay.bmp
C:\Program Files\uusee\skins\UUPlayer\List_StatusStop.bmp
C:\Program Files\uusee\skins\UUPlayer\List_StatusWait.bmp
C:\Program Files\uusee\skins\UUPlayer\ListHeader_1.bmp
C:\Program Files\uusee\skins\UUPlayer\ListHeader_2.bmp
C:\Program Files\uusee\skins\UUPlayer\ListHeader_3.bmp
C:\Program Files\uusee\skins\UUPlayer\ListHeader_ArrowD.bmp
C:\Program Files\uusee\skins\UUPlayer\ListHeader_ArrowU.bmp
C:\Program Files\uusee\skins\UUPlayer\ListHeader_SP.bmp
C:\Program Files\uusee\skins\UUPlayer\Menu_Button1.bmp
C:\Program Files\uusee\skins\UUPlayer\Menu_Button2.bmp
C:\Program Files\uusee\skins\UUPlayer\Menu_Button3.bmp
C:\Program Files\uusee\skins\UUPlayer\Menu_Button4.bmp
C:\Program Files\uusee\skins\UUPlayer\Menu_Button5.bmp
C:\Program Files\uusee\skins\UUPlayer\Mode_Compact.bmp
C:\Program Files\uusee\skins\UUPlayer\Mode_Full.bmp
C:\Program Files\uusee\skins\UUPlayer\Mode_Medium.bmp
C:\Program Files\uusee\skins\UUPlayer\Play_Window_Rec_icon.bmp
C:\Program Files\uusee\skins\UUPlayer\Progressbar_Block_1.bmp
C:\Program Files\uusee\skins\UUPlayer\Progressbar_Block_2.bmp
C:\Program Files\uusee\skins\UUPlayer\Progressbar_Block_3.bmp
C:\Program Files\uusee\skins\UUPlayer\Progressbar_Block_4.bmp
C:\Program Files\uusee\skins\UUPlayer\Progressbar_BM_0.bmp
C:\Program Files\uusee\skins\UUPlayer\Progressbar_BM_1.bmp
C:\Program Files\uusee\skins\UUPlayer\Progressbar_BM_2.bmp
C:\Program Files\uusee\skins\UUPlayer\Progressbar_BM_3.bmp
C:\Program Files\uusee\skins\UUPlayer\Progressbar_BM_4.bmp
C:\Program Files\uusee\skins\UUPlayer\Progressbar_BM_5.bmp
C:\Program Files\uusee\skins\UUPlayer\Progressbar_BM_6.bmp
C:\Program Files\uusee\skins\UUPlayer\Progressbar_BM_7.bmp
C:\Program Files\uusee\skins\UUPlayer\Resource.h
C:\Program Files\uusee\skins\UUPlayer\Setting_Group_1_1.bmp
C:\Program Files\uusee\skins\UUPlayer\Setting_Group_1_2.bmp
C:\Program Files\uusee\skins\UUPlayer\Setting_Group_1_3.bmp
C:\Program Files\uusee\skins\UUPlayer\Setting_Group_2_1.bmp
C:\Program Files\uusee\skins\UUPlayer\Setting_Group_2_2.bmp
C:\Program Files\uusee\skins\UUPlayer\Setting_Group_2_3.bmp
C:\Program Files\uusee\skins\UUPlayer\Setting_Group_3_1.bmp
C:\Program Files\uusee\skins\UUPlayer\Setting_Group_3_2.bmp
C:\Program Files\uusee\skins\UUPlayer\Setting_Group_3_3.bmp
C:\Program Files\uusee\skins\UUPlayer\Setting_Group_4_1.bmp
C:\Program Files\uusee\skins\UUPlayer\Setting_Group_4_2.bmp
C:\Program Files\uusee\skins\UUPlayer\Setting_Group_4_3.bmp
C:\Program Files\uusee\skins\UUPlayer\Setting_Group_5_1.bmp
C:\Program Files\uusee\skins\UUPlayer\Setting_Group_5_2.bmp
C:\Program Files\uusee\skins\UUPlayer\Setting_Group_5_3.bmp
C:\Program Files\uusee\skins\UUPlayer\Side_Button1.bmp
C:\Program Files\uusee\skins\UUPlayer\Side_Button2.bmp
C:\Program Files\uusee\skins\UUPlayer\Side_Button3.bmp
C:\Program Files\uusee\skins\UUPlayer\Side_Button4.bmp
C:\Program Files\uusee\skins\UUPlayer\Side_Button5.bmp
C:\Program Files\uusee\skins\UUPlayer\Side_Button6.bmp
C:\Program Files\uusee\skins\UUPlayer\Startup.gif
C:\Program Files\uusee\skins\UUPlayer\Titlebar_button_Res_1.bmp
C:\Program Files\uusee\skins\UUPlayer\Titlebar_button_Res_2.bmp
C:\Program Files\uusee\skins\UUPlayer\Titlebar_button_Res_3.bmp
C:\Program Files\uusee\skins\UUPlayer\Titlebar_button_TopMost_1.bmp
C:\Program Files\uusee\skins\UUPlayer\Titlebar_button_TopMost_2.bmp
C:\Program Files\uusee\skins\UUPlayer\Titlebar_button_TopMost_3.bmp
C:\Program Files\uusee\skins\UUPlayer\TopTab_Browse.bmp
C:\Program Files\uusee\skins\UUPlayer\TopTab_Play.bmp
C:\Program Files\uusee\skins\UUPlayer\TopTab_Record.bmp
C:\Program Files\uusee\skins\UUPlayer\Tree_Arrow.bmp
C:\Program Files\uusee\skins\UUPlayer\Tree_ArrowH.bmp
C:\Program Files\uusee\skins\UUPlayer\Tree_Collapse.bmp
C:\Program Files\uusee\skins\UUPlayer\Tree_Expand.bmp
C:\Program Files\uusee\skins\UUPlayer\Tree_Header.bmp
C:\Program Files\uusee\skins\UUPlayer\Tree_Hot_0.bmp
C:\Program Files\uusee\skins\UUPlayer\Tree_Hot_1.bmp
C:\Program Files\uusee\skins\UUPlayer\Tree_HScrollBar_D.bmp
C:\Program Files\uusee\skins\UUPlayer\Tree_HScrollBar_H.bmp
C:\Program Files\uusee\skins\UUPlayer\Tree_HScrollBar_N.bmp
C:\Program Files\uusee\skins\UUPlayer\Tree_HScrollBar_S.bmp
C:\Program Files\uusee\skins\UUPlayer\Tree_HScrollBarThumb_D.bmp
C:\Program Files\uusee\skins\UUPlayer\Tree_HScrollBarThumb_H.bmp
C:\Program Files\uusee\skins\UUPlayer\Tree_HScrollBarThumb_N.bmp
C:\Program Files\uusee\skins\UUPlayer\Tree_HScrollBarThumb_S.bmp
C:\Program Files\uusee\skins\UUPlayer\Tree_Icon0.bmp
C:\Program Files\uusee\skins\UUPlayer\Tree_Icon1.bmp
C:\Program Files\uusee\skins\UUPlayer\Tree_Icon2.bmp
C:\Program Files\uusee\skins\UUPlayer\Tree_Icon3.bmp
C:\Program Files\uusee\skins\UUPlayer\Tree_Icon4.bmp
C:\Program Files\uusee\skins\UUPlayer\Tree_ScrollBar_D.bmp
C:\Program Files\uusee\skins\UUPlayer\Tree_ScrollBar_H.bmp
C:\Program Files\uusee\skins\UUPlayer\Tree_ScrollBar_N.bmp
C:\Program Files\uusee\skins\UUPlayer\Tree_ScrollBar_S.bmp
C:\Program Files\uusee\skins\UUPlayer\Tree_ScrollBarThumb_D.bmp
C:\Program Files\uusee\skins\UUPlayer\Tree_ScrollBarThumb_H.bmp
C:\Program Files\uusee\skins\UUPlayer\Tree_ScrollBarThumb_N.bmp
C:\Program Files\uusee\skins\UUPlayer\Tree_ScrollBarThumb_S.bmp
C:\Program Files\uusee\skins\UUPlayer\Tree_SortIconDown.bmp
C:\Program Files\uusee\skins\UUPlayer\Tree_SortIconUp.bmp
C:\Program Files\uusee\skins\UUPlayer\UUSEE.ui
C:\Program Files\uusee\skins\UUPlayer\Volume_Bar_Block_1.bmp
C:\Program Files\uusee\skins\UUPlayer\Volume_Bar_Block_2.bmp
C:\Program Files\uusee\skins\UUPlayer\Volume_Bar_Block_3.bmp
C:\Program Files\uusee\skins\UUPlayer\Volume_Button_2_1.bmp
C:\Program Files\uusee\skins\UUPlayer\Volume_Button_2_2.bmp
C:\Program Files\uusee\skins\UUPlayer\Volume_Button_2_3.bmp
C:\Program Files\uusee\skins\UUPlayer\Wnd_AD.bmp
C:\Program Files\uusee\skins\UUPlayer\Wnd_Bottom.bmp
C:\Program Files\uusee\skins\UUPlayer\Wnd_Browser_1.bmp
C:\Program Files\uusee\skins\UUPlayer\Wnd_Browser_2.bmp
C:\Program Files\uusee\skins\UUPlayer\Wnd_Browser_3.bmp
C:\Program Files\uusee\skins\UUPlayer\Wnd_ChannelInfo.bmp
C:\Program Files\uusee\skins\UUPlayer\Wnd_ChannelInfo_5.bmp
C:\Program Files\uusee\skins\UUPlayer\Wnd_Control_1.bmp
C:\Program Files\uusee\skins\UUPlayer\Wnd_Control_2.bmp
C:\Program Files\uusee\skins\UUPlayer\Wnd_Control_3.bmp
C:\Program Files\uusee\skins\UUPlayer\Wnd_Control_4.bmp
C:\Program Files\uusee\skins\UUPlayer\Wnd_Info.bmp
C:\Program Files\uusee\skins\UUPlayer\Wnd_Main_1.bmp
C:\Program Files\uusee\skins\UUPlayer\Wnd_Main_2.bmp
C:\Program Files\uusee\skins\UUPlayer\Wnd_Main_3.bmp
C:\Program Files\uusee\skins\UUPlayer\Wnd_Main_5.bmp
C:\Program Files\uusee\skins\UUPlayer\Wnd_Media_1.bmp
C:\Program Files\uusee\skins\UUPlayer\Wnd_Media_2.bmp
C:\Program Files\uusee\skins\UUPlayer\Wnd_Media_3.bmp
C:\Program Files\uusee\skins\UUPlayer\Wnd_Media_4.bmp
C:\Program Files\uusee\skins\UUPlayer\Wnd_Navigate.bmp
C:\Program Files\uusee\skins\UUPlayer\Wnd_Play_1.bmp
C:\Program Files\uusee\skins\UUPlayer\Wnd_Play_2.bmp
C:\Program Files\uusee\skins\UUPlayer\Wnd_Play_5.bmp
C:\Program Files\uusee\skins\UUPlayer\Wnd_Setting_1.bmp
C:\Program Files\uusee\skins\UUPlayer\Wnd_Setting_2.bmp
C:\Program Files\uusee\skins\UUPlayer\Wnd_Setting_3.bmp
C:\Program Files\uusee\skins\UUPlayer\Wnd_Side_1.bmp
C:\Program Files\uusee\skins\UUPlayer\Wnd_Side_2.bmp
C:\Program Files\uusee\skins\UUPlayer\Wnd_Side_3.bmp
C:\Program Files\uusee\skins\UUPlayer\Wnd_Side_5.bmp
C:\Program Files\uusee\skins\UUPlayer\Wnd_Side2.bmp
C:\Program Files\uusee\skins\UUPlayer\Wnd_Top_1.bmp
C:\Program Files\uusee\skins\UUPlayer\Wnd_Top_2.bmp
C:\Program Files\uusee\skins\UUPlayer\Wnd_Top_3.bmp
C:\Program Files\uusee\skins\UUPlayer\Wnd_Web.bmp
C:\Program Files\uusee\UUPlayer.dll
C:\Program Files\uusee\UUPlayer_2008_update.ini
C:\Program Files\uusee\uusee.swf
C:\Program Files\uusee\UUSee.url
C:\Program Files\uusee\UUSeejmd.url
C:\Program Files\uusee\UUSeePlayer.exe
C:\Program Files\uusee\UUTV_DL.xml
C:\Program Files\uusee\UUTV_LIB.XML
C:\Program Files\uusee\UUTV_MY.xml
C:\Program Files\uusee\UUTV_UUPlayer.xml
C:\WINDOWS\2.exe
C:\WINDOWS\7778.exe
C:\WINDOWS\7G4eY5F
C:\WINDOWS\struct~.ini
C:\WINDOWS\system\llzjy080816.exe
C:\WINDOWS\system32\admshare.dat
C:\WINDOWS\system32\adsntzt.nls
C:\WINDOWS\system32\bootvidgj.nls
C:\WINDOWS\system32\catsrvwl.nls
C:\WINDOWS\system32\ckthers.dll
C:\WINDOWS\system32\cliconfgzx.nls
C:\WINDOWS\system32\comuidsg.nls
C:\WINDOWS\system32\discard.ini
C:\WINDOWS\system32\dispexcb.nls
C:\WINDOWS\system32\dpvvoxmh.nls
C:\WINDOWS\system32\dualeyk.exe
C:\WINDOWS\system32\kbdgrms.nls
C:\WINDOWS\system32\lweurqhx.nls
C:\WINDOWS\system32\msobjstl.nls
C:\WINDOWS\system32\reglako.dll
C:\WINDOWS\system32\slbiopfs2.nls
C:\WINDOWS\system32\temps.exe
C:\WINDOWS\system32\tscfgwmijxsj.nls

.
(((((((((((((((((((((((((((((((((((((((   Drivers/Services   )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_MYWEBSEARCHSERVICE
-------\Legacy_RESSDT
-------\Legacy_RMTCS
-------\Legacy_TRACKINGSS
-------\Service_RESSDT


((((((((((((((((((((((((((((   2008-08-25 - 2008-09-25 之間建立的檔案  )))))))))))))))))))))))))))))))))
.

2008-09-23 16:29 . 2008-09-23 16:29 <DIR> d-------- C:\Documents and Settings\user\Application Data\Malwarebytes
2008-09-23 16:24 . 2008-09-23 16:24 <DIR> d-------- C:\Program Files\Malwarebytes' Anti-Malware
2008-09-23 16:24 . 2008-09-23 16:24 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2008-09-23 16:24 . 2008-09-23 16:24 <DIR> d-------- C:\Documents and Settings\Administrator\Application Data\Malwarebytes
2008-09-23 16:24 . 2008-09-08 00:11 38,528 --a------ C:\WINDOWS\system32\drivers\mbamswissarmy.sys
2008-09-23 16:24 . 2008-09-08 00:11 17,200 --a------ C:\WINDOWS\system32\drivers\mbam.sys
2008-09-16 17:18 . 2008-09-25 17:10 <DIR> d-------- C:\Documents and Settings\Administrator\桌面
2008-09-16 17:18 . 2007-05-20 13:00 <DIR> dr------- C:\Documents and Settings\Administrator\「開始」功能表
2008-09-16 17:18 . 2008-09-16 17:18 <DIR> d-------- C:\Documents and Settings\Administrator
2008-09-16 16:38 . 2008-09-16 16:39 <DIR> d-------- C:\Program Files\Common Files\Adobe
2008-09-16 15:59 . 2008-09-16 15:59 <DIR> d-------- C:\Program Files\Trend Micro
2008-09-16 15:51 . 2008-09-16 15:51 268 --ah----- C:\sqmdata04.sqm
2008-09-16 15:51 . 2008-09-16 15:51 268 --ah----- C:\sqmdata03.sqm
2008-09-16 15:51 . 2008-09-16 15:51 244 --ah----- C:\sqmnoopt04.sqm
2008-09-16 15:51 . 2008-09-16 15:51 244 --ah----- C:\sqmnoopt03.sqm
2008-09-15 14:43 . 2008-09-15 14:43 268 --ah----- C:\sqmdata02.sqm
2008-09-15 14:43 . 2008-09-15 14:43 244 --ah----- C:\sqmnoopt02.sqm
2008-09-11 23:45 . 2008-09-11 23:46 <DIR> d-------- C:\Program Files\Windows Live Safety Center
2008-09-11 23:39 . 2006-09-27 14:15 <DIR> d-------- C:\Program Files\eclipse
2008-09-11 23:22 . 2008-09-11 23:22 <DIR> d-------- C:\Program Files\EditPlus 3
2008-09-11 23:22 . 2008-09-12 00:23 <DIR> d-------- C:\Documents and Settings\user\Application Data\EditPlus 3
2008-09-08 17:09 . 2008-09-08 17:09 <DIR> d-------- C:\Program Files\Fun Web Products
2008-09-02 22:12 . 2008-09-11 17:34 511 --a------ C:\hpfr3320.xml
2008-09-02 22:10 . 2008-09-02 22:10 800 --a------ C:\WINDOWS\hpinfo.lnk
2008-09-02 22:09 . 2008-09-02 22:10 <DIR> d-------- C:\Program Files\hp deskjet 3320 series
2008-09-02 22:09 . 2002-11-04 17:54 184,386 --a------ C:\WINDOWS\system32\hpzsnt07.dll
2008-09-02 22:07 . 2008-09-02 22:12 <DIR> d-------- C:\Program Files\Hewlett-Packard
2008-09-01 14:00 . 2008-09-01 14:00 <DIR> d-------- C:\Documents and Settings\user\Application Data\CyberLink
2008-08-28 20:24 . 2008-08-28 20:24 <DIR> d-------- C:\WINDOWS\Sun
2008-08-28 20:24 . 2008-08-28 20:24 <DIR> d-------- C:\Program Files\Sun
2008-08-28 20:23 . 2008-09-16 16:41 <DIR> d-------- C:\Program Files\Java
2008-08-28 20:23 . 2008-06-10 02:32 73,728 --a------ C:\WINDOWS\system32\javacpl.cpl
2008-08-28 20:22 . 2008-08-28 20:22 <DIR> d-------- C:\Program Files\Common Files\Java

.
((((((((((((((((((((((((((((((((((((   近三個月內更動的檔案   )))))))))))))))))))))))))))))))))))))))))))))))
.
2008-09-25 09:07 524,320 --sha-w C:\WINDOWS\system32\drivers\fidbox2.dat
2008-09-25 09:07 3,920 --sha-w C:\WINDOWS\system32\drivers\fidbox2.idx
2008-09-25 09:07 22,960 --sha-w C:\WINDOWS\system32\drivers\fidbox.idx
2008-09-25 09:07 2,666,528 --sha-w C:\WINDOWS\system32\drivers\fidbox.dat
2008-09-24 09:19 0 ----a-w C:\Documents and Settings\user\dhtnodes.dat
2008-09-24 07:58 --------- d-----w C:\Program Files\FlashGet
2008-09-24 07:00 --------- d-----w C:\Documents and Settings\All Users\Application Data\Kaspersky Lab
2008-09-17 10:05 --------- d-----w C:\Program Files\熱舞 Online
2008-09-16 08:31 --------- d-----w C:\Documents and Settings\user\Application Data\AdobeUM
2008-09-08 12:32 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-09-08 12:32 --------- d-----w C:\Program Files\Real
2008-09-06 02:01 --------- d-----w C:\Program Files\Yahoo!
2008-08-25 13:10 98,304 ----a-w C:\WINDOWS\DUMP7966.tmp
2008-08-20 12:14 98,304 ----a-w C:\WINDOWS\DUMP8424.tmp
2008-08-20 04:13 --------- d-----w C:\Program Files\Common Files\uusee
2008-08-19 13:19 --------- d-----w C:\Documents and Settings\user\Application Data\Windows Live Writer
2008-08-19 09:45 96,976 ----a-w C:\WINDOWS\system32\drivers\klin.dat
2008-08-19 09:45 87,855 ----a-w C:\WINDOWS\system32\drivers\klick.dat
2008-08-19 09:29 --------- d-----w C:\Program Files\Kaspersky Lab
2008-08-19 09:16 --------- d-----w C:\Documents and Settings\All Users\Application Data\Kaspersky Lab Setup Files
2008-08-19 08:25 4,224 ----a-w C:\WINDOWS\system32\drivers\beep.sys
2008-08-16 13:35 --------- d-----w C:\Program Files\Funshion Online
2008-08-16 12:40 --------- d-----w C:\Program Files\Avanquest update
2008-08-15 04:38 --------- d-----w C:\Program Files\BitComet
2008-08-14 06:13 --------- d-----w C:\Program Files\The KMPlayer
2008-08-07 07:45 --------- d-----w C:\Documents and Settings\user\Application Data\Apple Computer
2008-08-07 05:57 --------- d-----w C:\Program Files\Common Files\DirectX
2008-08-05 03:18 --------- d-----w C:\Program Files\Twindex
2008-08-01 10:00 --------- d-----w C:\Program Files\SecondLife
2008-08-01 07:05 --------- d-----w C:\Program Files\QuickTime
2008-08-01 07:04 --------- d-----w C:\Documents and Settings\All Users\Application Data\Apple Computer
2008-08-01 07:02 --------- d-----w C:\Program Files\Apple Software Update
2008-08-01 07:02 --------- d-----w C:\Documents and Settings\All Users\Application Data\Apple
2008-07-31 15:38 716,272 ----a-w C:\WINDOWS\system32\drivers\sptd.sys
2008-07-31 12:26 --------- d-----w C:\Documents and Settings\user\Application Data\teamspeak2
2008-07-31 08:56 --------- d-----w C:\Program Files\Vimicro
2008-07-31 06:55 --------- d-----w C:\Documents and Settings\user\Application Data\SecondLife
2008-07-30 15:47 --------- d-----w C:\Program Files\Windows Live
2008-07-30 04:05 --------- d-----w C:\Program Files\PopCap Games
2008-07-29 11:11 --------- d-----w C:\Program Files\Windows Live Toolbar
2008-07-29 10:50 --------- d-----w C:\Program Files\Microsoft SQL Server Compact Edition
2008-07-29 10:34 --------- d-----w C:\Documents and Settings\All Users\Application Data\WLInstaller
2008-07-18 18:39 583,168 ----a-w C:\WINDOWS\WLXPGSS.SCR
.

------- Sigcheck -------

2006-04-20 20:18  360576  b2220c618b42a2212a59d91ebd6fc4b4 C:\WINDOWS\$hf_mig$\KB917953\SP2QFE\tcpip.sys
2007-10-31 00:53  360832  64798ecfa43d78c7178375fcdd16d8c8 C:\WINDOWS\$hf_mig$\KB941644\SP2QFE\tcpip.sys
2008-06-20 18:44  360960  744e57c99232201ae98c49168b918f48 C:\WINDOWS\$hf_mig$\KB951748\SP2QFE\tcpip.sys
2008-06-20 19:51  361600  9aefa14bd6b182d61e3119fa5f436d3d C:\WINDOWS\$hf_mig$\KB951748\SP3GDR\tcpip.sys
2008-06-20 19:59  361600  ad978a1b783b5719720cff204b666c8e C:\WINDOWS\$hf_mig$\KB951748\SP3QFE\tcpip.sys
2006-03-02 20:00  359040  9f4b36614a0fc234525ba224957de55c C:\WINDOWS\$NtUninstallKB917953$\tcpip.sys
2006-04-20 19:51  359808  1dbf125862891817f374f407626967f4 C:\WINDOWS\$NtUninstallKB941644$\tcpip.sys
2007-10-31 01:20  360064  90caff4b094573449a0872a0f919b178 C:\WINDOWS\$NtUninstallKB951748$\tcpip.sys
2008-04-14 03:20  361344  93ea8d04ec73a85db02eb8805988f733 C:\WINDOWS\SoftwareDistribution\Download\ddeea2e60eea6a8aa518f17577b56d41\tcpip.sys
2008-06-20 18:45  360320  2a5554fc5b1e04e131230e3ce035c3f9 C:\WINDOWS\system32\dllcache\tcpip.sys
2008-06-20 18:45  360320  073941d59ae065910064b728dee981ee C:\WINDOWS\system32\drivers\tcpip.sys
.
((((((((((((((((((((((((((((((((((((((((((   重要登錄檔   )))))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*注意* 空白或合法的登錄值將不會顯示
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\CTFMON.EXE" [2006-03-02 15360]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IMJPMIG8.1"="C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" [2006-03-02 208952]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2004-10-29 4620288]
"NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [2004-10-29 86016]
"NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [2001-07-09 155648]
"CJIMETIPSYNC"="C:\Program Files\Common Files\Microsoft Shared\IME\IMTC65\CHANGJIE\CINTLCFG.EXE" [2007-03-22 66400]
"PHIMETIPSYNC"="C:\Program Files\Common Files\Microsoft Shared\IME\IMTC65\PHONETIC\TINTLCFG.EXE" [2007-03-22 98656]
"Flashget"="C:\Program Files\FlashGet\FlashGet.exe" [2007-09-11 1998896]
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [2008-07-21 185896]
"VMSnap3"="C:\WINDOWS\Paizhao.EXE" [2007-01-09 49152]
"Domino"="C:\WINDOWS\Recovery.EXE" [2007-01-09 49152]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2008-05-27 413696]
"Funshion"="C:\Program Files\Funshion Online\Funshion\Funshion.exe" [2008-08-05 2932736]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe" [2008-06-10 144784]
"HPDJ Taskbar Utility"="C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb07.exe" [2002-11-04 188416]
"nwiz"="nwiz.exe" [2004-10-29 C:\WINDOWS\system32\nwiz.exe]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\CTFMON.EXE" [2006-03-02 15360]

C:\Documents and Settings\All Users\「開始」功能表\程式集\啟動\
Adobe Reader Speed Launch.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2008-04-23 29696]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=zsqf.dll,ytfa.dll,ytfb.dll,ytfc.dll

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\KasperskyAntiVirus]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\FlashGet\\flashget.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=
"C:\\Program Files\\熱舞 Online\\dance.exe"=
"C:\\Program Files\\Foxy\\Foxy.exe"=
"C:\\Program Files\\SecondLife\\SLVoice.exe"=
"C:\\Program Files\\Funshion Online\\Funshion\\Funshion.exe"=
"C:\\Program Files\\Common Files\\uusee\\UUSeeMediaCenter.exe"=
"D:\\data bk\\Messenger\\YahooMessenger.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"23647:TCP"= 23647:TCP:BitCometLite 23647 TCP
"23647:UDP"= 23647:UDP:BitCometLite 23647 UDP
"13786:TCP"= 13786:TCP:BitComet 13786 TCP
"13786:UDP"= 13786:UDP:BitComet 13786 UDP
"4208:TCP"= 4208:TCP:Foxy (169.254.231.237:4208) 4208 TCP
"4208:UDP"= 4208:UDP:Foxy (169.254.231.237:4208) 4208 UDP

R0 jdo8m;jdo8;C:\WINDOWS\system32\DRIVERS\jdo8m.sys [2006-03-02 49280]
R0 niwzh;niwz;C:\WINDOWS\system32\drivers\niwzh.sys [2006-03-02 28160]
S0 klbg;Kaspersky Lab Boot Guard Driver;C:\WINDOWS\system32\drivers\klbg.sys [2008-01-29 32784]
S0 vxsl;vxsl;C:\WINDOWS\system32\drivers\vxsl.sys [ ]
S2 netz;zj;C:\WINDOWS\system32\nejz.exe [2008-08-17 24576]
S2 TopdeskDriver;Desktop Drivers;C:\WINDOWS\system32\explsore.exe [ ]
S3 klim5;Kaspersky Anti-Virus NDIS Filter;C:\WINDOWS\system32\DRIVERS\klim5.sys [2008-03-25 24592]
S3 s217bus;Sony Ericsson Device 217 driver (WDM);C:\WINDOWS\system32\DRIVERS\s217bus.sys [2007-11-02 83496]
S3 s217mdfl;Sony Ericsson Device 217 USB WMC Modem Filter;C:\WINDOWS\system32\DRIVERS\s217mdfl.sys [2007-11-02 15016]
S3 s217mdm;Sony Ericsson Device 217 USB WMC Modem Driver;C:\WINDOWS\system32\DRIVERS\s217mdm.sys [2007-11-02 109992]
S3 s217mgmt;Sony Ericsson Device 217 USB WMC Device Management Drivers (WDM);C:\WINDOWS\system32\DRIVERS\s217mgmt.sys [2007-11-02 103976]
S3 s217nd5;Sony Ericsson Device 217 USB Ethernet Emulation SEMC217 (NDIS);C:\WINDOWS\system32\DRIVERS\s217nd5.sys [2007-11-02 24872]
S3 s217obex;Sony Ericsson Device 217 USB WMC OBEX Interface;C:\WINDOWS\system32\DRIVERS\s217obex.sys [2007-11-02 100008]
S3 s217unic;Sony Ericsson Device 217 USB Ethernet Emulation SEMC217 (WDM);C:\WINDOWS\system32\DRIVERS\s217unic.sys [2007-11-02 105896]
S3 vmfilter303;vmfilter303;C:\WINDOWS\system32\drivers\vmfilter303.sys [2006-04-25 428160]
S4 360tray;360tray;C:\WINDOWS\system32\Fuck.exe [ ]
.
排程工作資料夾的內容
.
- - - - ORPHANS REMOVED - - - -

HKLM-Run-BigDog303 - C:\WINDOWS\VM303_STI.EXE
HKLM-Run-xsbvgzd - C:\WINDOWS\system32\xsbvgzd.exe
HKLM-Run-Cmaudio - cmicnfg.cpl
HKLM-RunOnce-fsegxj6 - %systemroot%\system32\fsegxj6.dll
HKLM-RunOnce-qBKS - %systemroot%\system32\s53iw6.dll
ShellExecuteHooks-{00050005-0005-0005-0005-00050005BB15} - (no file)
ShellExecuteHooks-{434FA69C-5F0A-42e1-82B8-10AF2C8E53C6} - (no file)


.
------- Supplementary Scan -------
.
R0 -: HKCU-Main,Start Page = www.3929.cn?tn=102722
R0 -: HKLM-Main,Start Page = hxxp://tw.yahoo.com
.

**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-09-25 17:18:14
Windows 5.1.2600 Service Pack 2 NTFS

掃描隱藏的程序...

掃描隱藏的進程...

掃描隱藏的檔案...

掃描完成
隱藏檔案: 0

**************************************************************************
.
------------------------ Other Running Processes ------------------------
.
C:\WINDOWS\system32\conime.exe
.
**************************************************************************
.
完成時間: 2008-09-25 17:22:14 - machine was rebooted [Administrator]
ComboFix-quarantined-files.txt  2008-09-25 09:22:09

Pre-Run: 12,502,327,296 位元組可用
Post-Run: 12,487,495,680 位元組可用

497 --- E O F --- 2008-09-13 15:03:01
 

最後編輯:2008-09-25 17:26:10 ◆ Origin: <220.136.16.xxx>
0GP-BP

#336 RE:⊙毒駭處理法⊙殺毒、分析、諮詢、安全

發表:2008-09-25 22:14:08看他的文開啟圖片

w2380(語山)

天降的使者 LV22 / / 劍士
巴幣:128
GP:16
經驗:

最近瀏覽網頁都怪怪的
字忽大忽小不然就是不順
想請好心電腦大大幫忙看一下問題
以下
__________________________________
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 下午 10:08:11, on 2008/9/25
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Eset\nod32kui.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe
C:\Program Files\Common Files\Teleca Shared\CapabilityManager.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Common Files\Teleca Shared\Generic.exe
C:\Program Files\Sony Ericsson\Mobile2\Mobile Phone Monitor\epmworker.exe
C:\Program Files\Canon\IJPLM\IJPLMSVC.EXE
C:\Program Files\Eset\nod32krn.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\oodag.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Windows Live\Messenger\usnsvc.exe
C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\regedit.exe
C:\HijackThis.exe

R3 - URLSearchHook: Yahoo!奇摩捷徑列 - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O2 - BHO: Thunder AtOnce - {01443AEC-0FD1-40fd-9C87-E93D1494C233} - C:\Program Files\迅雷下載\ComDlls\TDAtOnce_Now.dll (file missing)
O2 - BHO: ThunderBHO - {18DF081B-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\迅雷下載\ComDlls\xunleiBHO_Now.dll (file missing)
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: BitComet ClickCapture - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - (no file)
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live 登入小幫手 - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O3 - Toolbar: (no name) - {0A1375E1-56C2-11D6-8E45-8933A0FB5235} - (no file)
O4 - HKLM\..\Run: [nod32kui] "C:\Program Files\Eset\nod32kui.exe" /WAITSERVICE
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [CJIMETIPSYNC] C:\Program Files\Common Files\Microsoft Shared\IME\IMTC65\CHANGJIE\CINTLCFG.EXE /CJIMETIPSync
O4 - HKLM\..\Run: [PHIMETIPSYNC] C:\Program Files\Common Files\Microsoft Shared\IME\IMTC65\PHONETIC\TINTLCFG.EXE /PHIMETIPSync
O4 - HKLM\..\Run: [Sony Ericsson PC Suite] "C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe" /startoptions
O4 - HKLM\..\Run: [amd_dc_opt] D:\Program Files\AMD\Dual-Core Optimizer\amd_dc_opt.exe
O4 - HKLM\..\Run: [Easy-PrintToolBox] C:\Program Files\Canon\Easy-PrintToolBox\BJPSMAIN.EXE /logon
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-19\..\Run: [ctfmon.exe] ctfmon.exe (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\RunOnce: [nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [ctfmon.exe] ctfmon.exe (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [ctfmon.exe] ctfmon.exe (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunOnce: [nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [ctfmon.exe] ctfmon.exe (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunOnce: [nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'Default user')
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: Foxy 下載 - res://D:\Program Files\Foxy\Foxy.exe/download.htm
O8 - Extra context menu item: Foxy 搜尋 - res://D:\Program Files\Foxy\Foxy.exe/search.htm
O8 - Extra context menu item: 使用迅雷下載 - C:\Program Files\迅雷下載\Program\geturl.htm
O8 - Extra context menu item: 使用迅雷下載全部鏈接 - C:\Program Files\迅雷下載\Program\getallurl.htm
O8 - Extra context menu item: 剪貼簿文字:  簡 > 繁 - res://C:\Program Files\ALiBaBar\ALiBaBar.dll/RT_HTML/ClipToTrad
O8 - Extra context menu item: 剪貼簿文字:  繁 > 簡 - res://C:\Program Files\ALiBaBar\ALiBaBar.dll/RT_HTML/ClipToSim
O8 - Extra context menu item: 匯出至 Microsoft Office Excel(&X) - res://C:\PROGRA~1\MICROS~1\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: 網頁:  [簡體] 顯示 - res://C:\Program Files\ALiBaBar\ALiBaBar.dll/RT_HTML/PageToSim
O8 - Extra context menu item: 網頁:  [繁體] 顯示 - res://C:\Program Files\ALiBaBar\ALiBaBar.dll/RT_HTML/PageToTrad
O9 - Extra button: 咁悕 - {223bc3fe-345a-ffee-3c9e-fe12345678e1} - C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\RarSFX0\DanSnowB7.exe (file missing)
O9 - Extra 'Tools' menuitem: 咁悕 - {223bc3fe-345a-ffee-3c9e-fe12345678e1} - C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\RarSFX0\DanSnowB7.exe (file missing)
O9 - Extra button: 參考資料 - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~1\OFFICE11\REFIEBAR.DLL
O9 - Extra button: BitComet - {D18A0B52-D63C-4ed0-AFC6-C1E3DC1AF43A} - res://D:\Program Files\BitComet\tools\BitCometBHO_1.1.11.30.dll/206 (file missing)
O16 - DPF: {1E54D648-B804-468d-BC78-4AFFED8E262E} (System Requirements Lab) - http://www.nvidia.com/content/DriverDownload/srl/3.0.0.0/srl_bin/sysreqlab3.cab
O16 - DPF: {74DBCB52-F298-4110-951D-AD2FF67BC8AB} (NVIDIA Smart Scan) - http://www.nvidia.com/content/DriverDownload/nforce/NvidiaSmartScan.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{8515C474-AA80-44F0-A221-CF821B1055C7}: NameServer = 168.95.192.1 168.95.1.1
O23 - Service: PIXMA Extended Survey Program (IJPLMSVC) - Unknown owner - C:\Program Files\Canon\IJPLM\IJPLMSVC.EXE
O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset  - C:\Program Files\Eset\nod32krn.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: O&O Defrag - O&O Software GmbH - C:\WINDOWS\system32\oodag.exe

--
End of file - 6514 bytes
 

最後編輯:2008-09-25 22:14:08 ◆ Origin: <218.173.61.xxx>
0GP-BP

#337 RE:⊙毒駭處理法⊙殺毒、分析、諮詢、安全

發表:2008-09-25 23:07:44看他的文開啟圖片

s777s(0)

伺機而動的影武者 LV16 / / 初心者
巴幣:6362
GP:21
經驗:

※ 引述《b1356788 (幽楓)》之銘言:

小弟電腦的報告:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 下午 11:00:23, on 2008/9/25
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.5730.0013)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
C:\Program Files\cFosSpeed\spd.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
C:\Program Files\cFosSpeed\cFosSpeed.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Windows NT\Accessories\WORDPAD.EXE
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe
O2 - BHO: WebThunder Browser Helper - {00000AAA-A363-466E-BEF5-9BB68697AA7F} - C:\Program Files\Thunder Network\WebThunder\WebThunderBHO_Now.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: flashget urlcatch - {2F364306-AA45-47B5-9F9D-39A8B94E7EF7} - C:\Program Files\FlashGet\jccatch.dll
O2 - BHO: BitComet ClickCapture - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - C:\Program Files\BitComet\tools\BitCometBHO_1.2.8.7.dll
O2 - BHO: ALiBaBar_Helper - {CE439C63-384A-747A-A357-23D96B5D652B} - C:\PROGRA~1\ALiBaBar\ALiBaBar.dll
O2 - BHO: FlashGet GetFlash Class - {F156768E-81EF-470C-9057-481BA8380DBA} - C:\Program Files\FlashGet\getflash.dll
O3 - Toolbar: FlashGet - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - C:\Program Files\FlashGet\fgiebar.dll
O3 - Toolbar: ALiBaBar - {0A1375E1-56C2-11D6-8E45-8933A0FB5235} - C:\PROGRA~1\ALiBaBar\ALiBaBar.dll
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKLM\..\Run: [cFosSpeed] C:\Program Files\cFosSpeed\cFosSpeed.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-19\..\Run: [ctfmon.exe] ctfmon.exe (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\RunOnce: [nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [ctfmon.exe] ctfmon.exe (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [ctfmon.exe] ctfmon.exe (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunOnce: [nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [ctfmon.exe] ctfmon.exe (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunOnce: [nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'Default user')
O8 - Extra context menu item: &使用 FlashGet 下載 - C:\Program Files\FlashGet\jc_link.htm
O8 - Extra context menu item: &使用BitComet下載本頁視訊 - res://C:\Program Files\BitComet\BitComet.exe/AddVideo.htm
O8 - Extra context menu item: &全部使用 FlashGet 下載 - C:\Program Files\FlashGet\jc_all.htm
O8 - Extra context menu item: 使用BitComet下載全部連結 - res://C:\Program Files\BitComet\BitComet.exe/AddAllLink.htm
O8 - Extra context menu item: 使用BitComet下載連結(&B) - res://C:\Program Files\BitComet\BitComet.exe/AddLink.htm
O8 - Extra context menu item: 剪貼簿文字: 簡 > 繁 - res://C:\Program Files\ALiBaBar\ALiBaBar.dll/RT_HTML/ClipToTrad
O8 - Extra context menu item: 剪貼簿文字: 繁 > 簡 - res://C:\Program Files\ALiBaBar\ALiBaBar.dll/RT_HTML/ClipToSim
O8 - Extra context menu item: 匯出至 Microsoft Office Excel(&X) - res://C:\PROGRA~1\MICROS~1\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: 網頁: [簡體] 顯示 - res://C:\Program Files\ALiBaBar\ALiBaBar.dll/RT_HTML/PageToSim
O8 - Extra context menu item: 網頁: [繁體] 顯示 - res://C:\Program Files\ALiBaBar\ALiBaBar.dll/RT_HTML/PageToTrad
O9 - Extra button: 參考資料 - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~1\OFFICE11\REFIEBAR.DLL
O9 - Extra button: ??WEB迅雷 - {962EFB8E-2683-42d4-AC74-AAA4C759B9C6} - http://my.xunlei.com (file missing)
O9 - Extra 'Tools' menuitem: ??WEB迅雷 - {962EFB8E-2683-42d4-AC74-AAA4C759B9C6} - http://my.xunlei.com (file missing)
O9 - Extra button: BitComet - {D18A0B52-D63C-4ed0-AFC6-C1E3DC1AF43A} - res://C:\Program Files\BitComet\tools\BitCometBHO_1.2.8.7.dll/206 (file missing)
O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\Program Files\FlashGet\FlashGet.exe
O9 - Extra 'Tools' menuitem: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\Program Files\FlashGet\FlashGet.exe
O15 - ESC Trusted Zone: http://*.update.microsoft.com
O17 - HKLM\System\CCS\Services\Tcpip\..\{E0083CA2-3AF0-4EED-9941-40DA8C3022BF}: NameServer = 168.95.192.1 168.95.1.1
O23 - Service: Avira AntiVir Personal - Free Antivirus Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: Avira AntiVir Personal - Free Antivirus Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: cFosSpeed System Service (cFosSpeedS) - cFos Software GmbH - C:\Program Files\cFosSpeed\spd.exe
O23 - Service: StarWind iSCSI Service (StarWindService) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe

--
End of file - 5736 bytes

大大幫幫看一下,感謝~~
最後編輯:2008-09-25 23:07:44 ◆ Origin: <218.175.61.xxx>
0GP-BP

#338 RE:⊙毒駭處理法⊙殺毒、分析、諮詢、安全

發表:2008-09-26 00:00:41看他的文開啟圖片

reinfors()

客串討論版的遊俠 LV18 / / 法師
巴幣:6089
GP:75
經驗:

※ 引述《s860729 (泡泡)》之銘言:
>

ComboFix 08-09-24.09 - Administrator 2008-09-25 17:13:22.2 - NTFSx86 MINIMAL


[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"VMSnap3"="C:\WINDOWS\Paizhao.EXE" [2007-01-09 49152]
"Domino"="C:\WINDOWS\Recovery.EXE" [2007-01-09 49152]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=zsqf.dll,ytfa.dll,ytfb.dll,ytfc.dll

R0 jdo8m;jdo8;C:\WINDOWS\system32\DRIVERS\jdo8m.sys [2006-03-02 49280]
R0 niwzh;niwz;C:\WINDOWS\system32\drivers\niwzh.sys [2006-03-02 28160]
S0 vxsl;vxsl;C:\WINDOWS\system32\drivers\vxsl.sys [ ]
S2 netz;zj;C:\WINDOWS\system32\nejz.exe [2008-08-17 24576]
S2 TopdeskDriver;Desktop Drivers;C:\WINDOWS\system32\explsore.exe [ ]
S4 360tray;360tray;C:\WINDOWS\system32\Fuck.exe [ ]


你這嚴重....

會比較建議你重灌比較快

最後編輯:2008-09-26 00:00:41 ◆ Origin: <220.132.171.xxx>
0GP-BP

#339 RE:⊙毒駭處理法⊙殺毒、分析、諮詢、安全

發表:2008-09-26 01:35:36看他的文開啟圖片

qwe6431241(呆呆猴)

未夠班的勇者 LV18 / / 法師
巴幣:13109
GP:73
經驗:

※ 引述《lawlaw ()》之銘言:
--------引言過多 恕刪--------
> 步驟一: 移除hp程式 
> 1. 放入hp cd. 
> 2. 當"歡迎來到hp!"的視窗出現時,按離開或關閉視窗. 
> 3. 在桌面的開始按鈕中輸入'run',按enter. 
可能我是vista系統我不明白這點是什麼。
我在“開始搜尋”中輸入是跑出之前瀏覽的Auto run網頁(冏)
> 4. 按'瀏覽',在cd-rom(d糟),找尋並打開資料夾'Util',然後打開資料夾'CCC'. 
> 5. 如果你的vista是32-bit的話,請選'Uninstall_L3.bat',然後按確定. 如果你的 
> vista是64-bit,請選'Uninstall_L3_64.bat',然後按確定. 
恩vista 32-bit 目前正在跑了感覺很有希望真是謝謝你。
> 步驟二: 執行磁碟清理: 
> 在我的電腦中,把曾經裝有hp程式的磁碟清理. 刪除所有暫存檔案. 
是把C:/Progrme Files  裡頭的“HP”資料夾刪掉就好嗎? 



最後編輯:2008-09-26 01:35:36 ◆ Origin: <122.121.155.xxx>
0GP-BP

#340 RE:⊙毒駭處理法⊙殺毒、分析、諮詢、安全

發表:2008-09-26 02:02:40看他的文開啟圖片

lawlaw()

狙擊之眼 LV38 / / 劍士
巴幣:85501
GP:624
經驗:

※ 引述《s860729 (泡泡)》之銘言:
請按照以下步驟繼續清理你的電腦:

1. 打開notepad,把以下的文字拷貝到你的notepad:

File::
C:\WINDOWS\DUMP7966.tmp
C:\WINDOWS\DUMP8424.tmp
C:\WINDOWS\WLXPGSS.SCR
C:\WINDOWS\Paizhao.EXE
C:\WINDOWS\Recovery.EXE
C:\WINDOWS\system32\nejz.exe
C:\WINDOWS\system32\explsore.exe
C:\WINDOWS\system32\Fuck.exe

Driver::
beep.sys
vmfilter303.sys

Registry::
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"VMSnap3"=-
"Domino"=-
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
C:\\Program Files\\Common Files\\uusee\\UUSeeMediaCenter.exe"=-

Folder::
C:\Program Files\Fun Web Products
C:\Program Files\Common Files\uusee

然後把文字檔儲存名為CFScript.txt,把它存到桌面.

2. 用滑鼠把CFScript.txt的文字檔拉到桌面Combofix的圖象上面,然後放手,
combofix就會自動啟動.

3. combofix完成之後,到開始 > 執行中輸入regedit,然後按enter.

4. 在左邊的視窗中找出:
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main
然後在右邊的視窗中找出
Start Page
然後點兩下,把www.3929.cn?tn=102722改成http://tw.yahoo.com
最後把Registry Editor的視窗關掉.

5. 把combofix的報告,連同最新的hijackthis報告po上來.
最後編輯:2008-09-26 02:02:40 ◆ Origin: <72.166.136.xxx>

板務人員
本板熱門推薦
【心得】降價後的R9 270新選擇SapAMDR9270也已經上市了一段時間同等級的N卡對手可以算是...(繼續閱讀
【心得】[開箱]ENERMAX Hopl這次要開的是安耐美最近推出的HopliteST,自從一兩個月...(繼續閱讀
【情報】10年保固!! SanDisk SanDiskExtremePRO推出三種容量240/480...(繼續閱讀
【心得】突破日本IP的封鎖,日本VPN教現代不論是動漫或是一些遊戲都跟日本有關,而有時日本網站或是影...(繼續閱讀
【心得】2014上半年,台灣較好入手的非3/8update:新增四台螢幕,以及重新排版(感謝z546...(繼續閱讀
動漫電玩通
天降之物中誰的翅膀曾經被撕過? 作者:jaja 檢舉