[中毒] yahoo信箱
1.問題描述:
之前收到表哥從yahoo奇摩寄來的信裡面有壓縮檔
一時不察就點了下去 點完後沒電腦反應才驚覺中毒
後來我開D槽或C曹電腦會出現分頁的畫面而不像之前版友發生的無法開啟
但顯示隱藏檔是有同樣狀況
甚至我的賽門鐵克要Update也無法更新
2.掃毒報告:
我試過用至底文掃過
4.977 2009-01-09 12:48:18.750
[CODE]
EFIX 4.977 2009-01-07.19 - 2009-01-09 12:49:28.79 - NTFS
Microsoft Windows XP Service Pack 3 - Dennis
執行位置: C:\Documents and Settings\Dennis\Local Settings\Temporary Internet
Files\Content.IE5\WXA3SPA7\EFix4977[1].exe
* 已建立系統還原點.
=======================================================
EFix刪除的檔案列表:
c:\autorun.inf
c:\q2vl2fiy.com
c:\windows\system32\j3ewro.exe
c:\windows\system32\jwedsfdo0.dll
c:\windows\system32\jwedsfdo1.dll
c:\windows\system32\kxvo.exe
c:\windows\system32\kxvo0.dll
d:\autorun.inf
d:\q2vl2fiy.com
=======================================================
EFix修改的登錄值列表:
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run]
"jvsoft"=-
"tasoft"=-
[-HKEY_CLASSES_ROOT\clsid\{C5F43BEF-CE2F-46D8-AFE6-A647BACD1F09}]
[-HKEY_LOCAL_MACHINE\software\classes\clsid\{C5F43BEF-CE2F-46D8-AFE6-A647BACD1F09}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{C5F43BEF-CE2F-46D8-AFE6-A647BACD1F09}"=-
登錄值刪除前的值.
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run]
jvsoft=C:\WINDOWS\system32\j3ewro.exe - delete value
tasoft=C:\WINDOWS\system32\kxvo.exe - delete value
=======================================================
EFix刪除的檔案備份位置列表:
c:\autorun.inf => C:\NEFix\backup\files\c\autorun.inf
c:\q2vl2fiy.com => C:\NEFix\backup\files\c\q2vl2fiy.com
c:\DOCUME~1\Dennis\LOCALS~1\Temp\cc.exe =>
C:\NEFix\backup\files\c\DOCUME~1\Dennis\LOCALS~1\Temp\cc.exe
c:\WINDOWS\Help\EB6C4499B05F.dll =>
C:\NEFix\backup\files\c\WINDOWS\Help\EB6C4499B05F.dll
c:\WINDOWS\Help\EB6C4499B05F.exe =>
C:\NEFix\backup\files\c\WINDOWS\Help\EB6C4499B05F.exe
c:\WINDOWS\system32\j3ewro.exe =>
C:\NEFix\backup\files\c\WINDOWS\system32\j3ewro.exe
c:\WINDOWS\system32\jwedsfdo0.dll =>
C:\NEFix\backup\files\c\WINDOWS\system32\jwedsfdo0.dll
c:\WINDOWS\system32\jwedsfdo1.dll =>
C:\NEFix\backup\files\c\WINDOWS\system32\jwedsfdo1.dll
c:\WINDOWS\system32\kxvo.exe =>
C:\NEFix\backup\files\c\WINDOWS\system32\kxvo.exe
c:\WINDOWS\system32\kxvo0.dll =>
C:\NEFix\backup\files\c\WINDOWS\system32\kxvo0.dll
d:\autorun.inf => C:\NEFix\backup\files\d\autorun.inf
d:\q2vl2fiy.com => C:\NEFix\backup\files\d\q2vl2fiy.com
=======================================================
各磁碟根目錄含有隱藏屬性的資料夾 :
d--h--r 0 2009-01-08 21:03:41 D:\MSOCache
=======================================================
各磁碟根目錄含有隱藏屬性的檔案 :
--sh--w 2,476 2008-09-25 16:02:22 D:\AlbumArtSmall.jpg
--sh--w 9,932 2008-07-17 14:05:36
D:\AlbumArt_{054F1E5D-3E4B-4749-B121-B7B677ACDC6B}_Large.jpg
--sh--w 2,619 2008-07-17 14:05:34
D:\AlbumArt_{054F1E5D-3E4B-4749-B121-B7B677ACDC6B}_Small.jpg
--sh--w 8,165 2008-07-21 16:00:38
D:\AlbumArt_{30348246-FDA7-42BB-8960-526DD2E5DBA6}_Large.jpg
--sh--w 2,209 2008-07-19 13:11:15
D:\AlbumArt_{30348246-FDA7-42BB-8960-526DD2E5DBA6}_Small.jpg
--sh--w 9,275 2008-09-25 16:02:24
D:\AlbumArt_{6769468E-F5CA-432C-8DA8-A0322F78B39E}_Large.jpg
--sh--w 2,476 2008-09-25 16:02:22
D:\AlbumArt_{6769468E-F5CA-432C-8DA8-A0322F78B39E}_Small.jpg
--sh--w 8,176 2008-09-25 15:14:51
D:\AlbumArt_{75463A47-4643-402D-8973-8B89D822BA66}_Large.jpg
--sh--w 2,216 2008-09-25 15:14:51
D:\AlbumArt_{75463A47-4643-402D-8973-8B89D822BA66}_Small.jpg
--sh--w 9,674 2008-07-22 13:16:42
D:\AlbumArt_{81B3DEC7-4568-4783-B628-3B86F868F1E5}_Large.jpg
--sh--w 2,402 2008-07-22 13:16:27
D:\AlbumArt_{81B3DEC7-4568-4783-B628-3B86F868F1E5}_Small.jpg
--sh--w 13,633 2008-09-25 15:02:09
D:\AlbumArt_{A53E5E8C-2611-4172-B12B-081463C7681E}_Large.jpg
--sh--w 3,097 2008-09-25 15:02:04
D:\AlbumArt_{A53E5E8C-2611-4172-B12B-081463C7681E}_Small.jpg
--sh--w 3,212 2008-09-02 05:18:30
D:\AlbumArt_{B6D3C8AD-45BD-489C-9E2E-6225F4817D78}_Large.jpg
--sh--w 1,153 2008-09-02 05:18:29
D:\AlbumArt_{B6D3C8AD-45BD-489C-9E2E-6225F4817D78}_Small.jpg
--sh--w 5,927 2008-07-17 14:48:45
D:\AlbumArt_{CAAEE3D3-1E76-4E3E-B207-CF3E68D31BAE}_Large.jpg
--sh--w 1,793 2008-07-17 14:48:45
D:\AlbumArt_{CAAEE3D3-1E76-4E3E-B207-CF3E68D31BAE}_Small.jpg
--sh--w 13,042 2008-07-20 11:56:45
D:\AlbumArt_{E33827C8-1EF2-4DFC-B59C-0CA9F08803BA}_Large.jpg
--sh--w 2,793 2008-07-20 11:56:44
D:\AlbumArt_{E33827C8-1EF2-4DFC-B59C-0CA9F08803BA}_Small.jpg
--sh--w 12,505 2008-07-21 15:58:08
D:\AlbumArt_{FE603F37-827A-49E9-9D97-E7C60F411055}_Large.jpg
--sh--w 2,847 2008-07-19 13:21:39
D:\AlbumArt_{FE603F37-827A-49E9-9D97-E7C60F411055}_Small.jpg
--sh--w 8,163 2008-07-16 06:43:18
D:\AlbumArt_{FE685E8C-9FCC-4C56-829B-AEFA13E0BD20}_Large.jpg
--sh--w 2,207 2008-07-16 06:43:17
D:\AlbumArt_{FE685E8C-9FCC-4C56-829B-AEFA13E0BD20}_Small.jpg
--sh--w 381 2008-09-25 16:02:24 D:\desktop.ini
--sh--w 9,275 2008-09-25 16:02:24 D:\Folder.jpg
--sha-w 218,112 2008-12-25 16:37:55 D:\Thumbs.db
=======================================================
********** Created 2008-12 -- 2009-01 Files: **********
2009-01-09 12:48 . 2009-01-09 12:48 d-------- <DIR>
C:\DOCUME~1\Dennis\LOCALS~1\Temp\wpdnse
2009-01-08 18:40 . 2009-01-08 18:40 d-------- <DIR>
C:\WINDOWS\system32\housecall 6.6
2009-01-08 18:24 . 2009-01-08 18:24 d-------- <DIR> C:\Program
Files\filezilla ftp client
2009-01-08 11:35 . 2009-01-08 11:35 d-------- <DIR>
C:\DOCUME~1\Dennis\LOCALS~1\Temp\kav updater update files
2009-01-08 11:35 . 2009-01-08 11:35 d-------- <DIR>
C:\DOCUME~1\Dennis\LOCALS~1\Temp\jkos-dennis
2009-01-07 14:06 . 2009-01-07 14:06 d-------- <DIR>
C:\DOCUME~1\Dennis\LOCALS~1\Temp\google toolbar
2009-01-07 13:23 . 2009-01-07 13:32 d-------- <DIR> C:\WINDOWS\temp\google
toolbar
2009-01-07 13:23 . 2009-01-07 13:32 d-------- <DIR> C:\Program Files\nos
2009-01-07 13:23 . 2009-01-07 13:24 d-------- <DIR> C:\Program Files\google
2009-01-07 11:21 . 2009-01-09 08:14 d-------- <DIR> C:\Program Files\age of
empires iii
2009-01-05 23:10 . 2009-01-05 23:10 d-------- <DIR> C:\Program Files\windows
media connect 2
2009-01-05 23:08 . 2009-01-05 23:08 d-------- <DIR>
C:\WINDOWS\system32\logfiles
2009-01-05 23:07 . 2009-01-05 23:10 d-------- <DIR>
C:\DOCUME~1\Dennis\LOCALS~1\Temp\ixp000.tmp
2009-01-05 13:43 . 2009-01-05 13:43 d-------- <DIR> C:\synopsys
2009-01-05 13:40 . 2009-01-05 13:40 d-------- <DIR> C:\Program Files\idm
computer solutions
2009-01-04 13:44 . 2009-01-04 13:44 d-------- <DIR> C:\Program
Files\microsoft capicom 2.1.0.2
2009-01-04 13:30 . 2009-01-04 13:30 d-------- <DIR> C:\Program Files\msxml
4.0
2009-01-03 01:52 . 2009-01-03 01:52 d-------- <DIR> C:\Program Files\lexus
2009-01-03 00:40 . 2009-01-02 16:49 d--hs---- <DIR> C:\system volume
information
2009-01-03 00:33 . 2009-01-03 00:33 d-------- <DIR> C:\Program Files\gabest
2009-01-03 00:33 . 2009-01-03 00:33 d-------- <DIR> C:\Program
Files\ac3filter
2009-01-03 00:32 . 2009-01-03 00:32 d-------- <DIR> C:\Program Files\xvid
2009-01-03 00:31 . 2009-01-03 00:31 d-------- <DIR> C:\Program Files\divx
2009-01-03 00:30 . 2009-01-03 00:30 d-------- <DIR> C:\Program Files\real
alternative
2009-01-03 00:19 . 2009-01-03 00:19 d-------- <DIR> C:\Program
Files\microsoft works
2009-01-03 00:18 . 2009-01-03 00:18 d-------- <DIR> C:\Program
Files\microsoft.net
2009-01-03 00:18 . 2009-01-03 00:18 d-------- <DIR> C:\Program
Files\microsoft visual studio
2009-01-03 00:12 . 2009-01-03 00:13 d-------- <DIR> C:\WINDOWS\shellnew
2009-01-03 00:11 . 2009-01-09 05:04 d-------- <DIR> C:\Program
Files\microsoft office
2009-01-03 00:10 . 2009-01-03 00:10 dr-h----- <DIR> C:\msocache
2009-01-02 23:20 . 2009-01-09 12:26 d-------- <DIR>
C:\DOCUME~1\Dennis\LOCALS~1\Temp\messengercache
2009-01-02 23:13 . 2009-01-02 23:18 d-------- <DIR> C:\Program Files\windows
live
2009-01-02 23:11 . 2009-01-02 23:11 d-------- <DIR> C:\Program Files\daemon
tools toolbar
2009-01-02 23:11 . 2009-01-03 01:36 d-------- <DIR> C:\Program Files\daemon
tools lite
2009-01-02 23:07 . 2009-01-09 12:48 d-------- <DIR> C:\WINDOWS\prefetch
2009-01-02 21:51 . 2009-01-02 21:51 d-------- <DIR> C:\Documents and
Settings\All Users\「開始」
2009-01-02 21:49 . 2009-01-02 21:49 d-------- <DIR> C:\WINDOWS\system32\zh-tw
2009-01-02 21:49 . 2009-01-02 21:49 d-------- <DIR>
C:\WINDOWS\system32\zh-cht
2009-01-02 21:49 . 2009-01-02 21:49 d-------- <DIR> C:\WINDOWS\system32\bits
2009-01-02 21:49 . 2009-01-02 21:49 d-------- <DIR> C:\WINDOWS\l2schemas
2009-01-02 21:46 . 2009-01-02 21:49 d-------- <DIR>
C:\WINDOWS\servicepackfiles
2009-01-02 21:44 . 2009-01-02 21:49 d-------- <DIR> C:\WINDOWS\network
diagnostic
2009-01-02 21:21 . 2009-01-02 21:22 d-------- <DIR> C:\Program Files\winrar
2009-01-02 21:04 . 2009-01-02 21:04 d-------- <DIR>
C:\WINDOWS\system32\preinstall
2009-01-02 21:04 . 2009-01-09 10:04 d-------- <DIR> C:\Program Files\steam
2009-01-02 20:59 . 2009-01-02 20:59 d-------- <DIR>
C:\WINDOWS\system32\softwaredistribution
2009-01-02 20:59 . 2009-01-02 20:59 d-------- <DIR> C:\WINDOWS\sun
2009-01-02 20:59 . 2009-01-02 20:59 d-------- <DIR> C:\Program Files\juniper
networks
2009-01-02 20:59 . 2009-01-02 20:59 dr-hs---- <DIR>
C:\DOCUME~1\Dennis\LOCALS~1\Temp\juniper networks
2009-01-02 20:58 . 2009-01-08 18:48 d-------- <DIR>
C:\DOCUME~1\Dennis\LOCALS~1\Temp\hsperfdata_dennis
2009-01-02 20:55 . 2009-01-07 12:20 d-------- <DIR> C:\Program Files\open
pcman ce combo
2009-01-02 20:35 . 2009-01-09 09:51 d-------- <DIR> C:\Program
Files\symantec antivirus
2009-01-02 20:34 . 2009-01-02 20:36 d-------- <DIR>
C:\DOCUME~1\Dennis\LOCALS~1\Temp\iszxvcwi
2009-01-02 20:31 . 2009-01-02 20:31 d-------- <DIR>
C:\WINDOWS\system32\appmgmt
2009-01-02 17:05 . 2009-01-02 17:05 d-------- <DIR> C:\infineon
2009-01-02 17:03 . 2009-01-02 17:03 d-------- <DIR>
C:\WINDOWS\system32\vaiocameravjsrc
2009-01-02 17:02 . 2009-01-02 17:02 d-------- <DIR> C:\Program Files\roxio
2009-01-02 17:02 . 2009-01-02 17:02 d-------- <DIR> C:\Documents and
Settings\All Users\dsd direct
2009-01-02 17:02 . 2009-01-02 17:03 d-------- <DIR>
C:\DOCUME~1\Dennis\LOCALS~1\Temp\vies1a27
2009-01-02 17:02 . 2009-01-02 17:02 d-------- <DIR>
C:\DOCUME~1\Dennis\LOCALS~1\Temp\{013e1ba8-c815-4e27-bcb9-d6b1b2e24094}
2009-01-02 17:01 . 2009-01-02 17:01 d-------- <DIR> C:\Documents and
Settings\All Users\sonicstage mastering studio
2009-01-02 17:01 . 2009-01-02 17:01 d-------- <DIR>
C:\DOCUME~1\Dennis\LOCALS~1\Temp\{ee7eb179-5aa2-4b28-ac92-5cbaaf82ba7f}
2009-01-02 17:01 . 2009-01-02 17:01 d-------- <DIR>
C:\DOCUME~1\Dennis\LOCALS~1\Temp\{bf3b304b-8a18-452d-a19f-6012ca8418d7}
2009-01-02 17:01 . 2009-01-02 17:02 d-------- <DIR>
C:\DOCUME~1\Dennis\LOCALS~1\Temp\{ab467b85-4f52-48c2-aeed-0673d00417b0}
2009-01-02 16:58 . 2009-01-02 16:58 d-------- <DIR>
C:\DOCUME~1\Dennis\LOCALS~1\Temp\{ed8d39f2-7ffa-45ec-b148-ef2472955bb4}
2009-01-02 16:54 . 2009-01-02 16:54 d-------- <DIR> C:\Program Files\toshiba
2009-01-02 16:53 . 2009-01-02 16:53 d-------- <DIR> C:\Documents and
Settings\All Users\imageconverter2
2009-01-02 16:53 . 2009-01-02 16:54 d-------- <DIR>
C:\DOCUME~1\Dennis\LOCALS~1\Temp\{685bcc47-b8ec-45ec-bbce-77df2451502c}
2009-01-02 16:50 . 2009-01-07 13:28 d-------- <DIR> C:\Documents and
Settings\dennis
2009-01-02 16:48 . 2009-01-02 16:49 d-------- <DIR> C:\Program Files\程式捷徑
2009-01-02 16:45 . 2009-01-02 16:45 d---s---- <DIR>
C:\WINDOWS\temp\temporary internet files
2009-01-02 16:45 . 2009-01-02 16:45 d---s---- <DIR> C:\WINDOWS\temp\history
2009-01-02 16:45 . 2009-01-02 16:45 d---s---- <DIR> C:\WINDOWS\temp\cookies
2009-01-09 12:49 . 2009-01-09 12:49 --a----t- 16,384
C:\DOCUME~1\Dennis\LOCALS~1\Temp\perflib_perfdata_ef0.dat
2009-01-09 12:47 . 2009-01-09 12:47 --a------ 16,384
C:\DOCUME~1\Dennis\LOCALS~1\Temp\~df4470.tmp
2009-01-09 10:03 . 2009-01-09 10:03 --a------ 688,128
C:\DOCUME~1\Dennis\LOCALS~1\Temp\~df2f1c.tmp
2009-01-09 10:03 . 2009-01-09 10:03 --a----t- 512
C:\DOCUME~1\Dennis\LOCALS~1\Temp\~df2fbd.tmp
2009-01-09 09:51 . 2009-01-09 09:51 --a------ 688,128
C:\DOCUME~1\Dennis\LOCALS~1\Temp\~dfeb5.tmp
2009-01-09 09:51 . 2009-01-09 09:51 --a----t- 512
C:\DOCUME~1\Dennis\LOCALS~1\Temp\~df23f9.tmp
2009-01-09 09:51 . 2009-01-09 09:51 --a----t- 0 C:\WINDOWS\temp\jet5ef3.tmp
2009-01-09 09:51 . 2009-01-09 09:51 --a----t- 0 C:\WINDOWS\temp\jet5e76.tmp
2009-01-09 09:50 . 2009-01-09 09:50 --a----t- 0
C:\WINDOWS\temp\perflib_perfdata_738.dat
2009-01-09 07:33 . 2005-07-15 14:41 --a------ 2,337,488
C:\WINDOWS\system32\d3dx9_25.dll
2009-01-08 11:07 . 2008-04-15 00:30 --a------ 66,560 C:\WINDOWS\expiorer.exe
2009-01-06 00:07 . 2009-01-06 00:07 --ah---t- 243,712
C:\DOCUME~1\Dennis\LOCALS~1\Temp\~eb.tmp
2009-01-05 23:10 . 2007-07-27 10:41 --------- 16,760
C:\WINDOWS\system32\spmsg.dll
2009-01-05 13:45 . 1998-06-18 00:00 --a------ 89,360
C:\WINDOWS\system32\vb5db.dll
2009-01-04 13:47 . 2008-12-09 15:24 --a------ 17,593,280
C:\WINDOWS\system32\mrt.exe
2009-01-03 22:05 . 2009-01-03 22:05 --ah---t- 243,712
C:\DOCUME~1\Dennis\LOCALS~1\Temp\~44.tmp
2009-01-03 19:02 . 2008-10-16 14:06 --a------ 268,648
C:\WINDOWS\system32\mucltui.dll
2009-01-03 19:02 . 2008-10-16 14:06 --a------ 208,744
C:\WINDOWS\system32\muweb.dll
2009-01-03 00:34 . 2009-01-03 00:34 --a------ 36,734
C:\WINDOWS\system32\oggdsuninst.exe
2009-01-03 00:32 . 2008-12-04 21:42 --a------ 815,104
C:\WINDOWS\system32\xvidcore.dll
2009-01-03 00:32 . 2008-12-04 21:46 --a------ 180,224
C:\WINDOWS\system32\xvidvfw.dll
2009-01-03 00:31 . 2008-11-22 05:47 --------- 129,784
C:\WINDOWS\system32\pxafs.dll
2009-01-03 00:30 . 1998-03-26 10:57 --a------ 6,656
C:\WINDOWS\system32\pndx5016.dll
2009-01-03 00:30 . 1998-05-13 02:36 --a------ 5,632
C:\WINDOWS\system32\pndx5032.dll
2009-01-03 00:30 . 2001-06-23 07:31 --a------ 278,528
C:\WINDOWS\system32\pncrt.dll
2009-01-03 00:30 . 2008-09-11 03:56 --a------ 185,920
C:\WINDOWS\system32\rmoc3260.dll
2009-01-03 00:21 . 2006-10-26 19:58 --a------ 30,512
C:\WINDOWS\system32\mdimon.dll
2009-01-02 21:06 . 2009-01-02 21:06 --a------ 410,984
C:\WINDOWS\system32\deploytk.dll
2009-01-02 21:06 . 2009-01-02 21:06 --a------ 148,888
C:\WINDOWS\system32\javaws.exe
2009-01-02 21:06 . 2009-01-02 21:06 --a------ 144,792
C:\WINDOWS\system32\javaw.exe
2009-01-02 21:06 . 2009-01-02 21:06 --a------ 144,792
C:\WINDOWS\system32\java.exe
2009-01-02 20:59 . 2008-10-16 14:09 --a------ 43,544
C:\WINDOWS\system32\wups2.dll
2009-01-02 20:59 . 2008-08-23 01:01 --a------ 345,384
C:\WINDOWS\system32\dsnccredprov.dll
2009-01-02 20:35 . 2006-09-18 16:55 --a------ 48,816
C:\WINDOWS\system32\s32evnt1.dll
2009-01-02 17:03 . 2004-12-27 19:55 --a------ 53,248
C:\WINDOWS\system32\vaiomov.scr
2009-01-02 17:03 . 2006-03-06 15:00 --a------ 372,736
C:\WINDOWS\system32\cameravj.scr
2009-01-02 17:01 . 2006-02-28 11:35 --a------ 91,648
C:\WINDOWS\system32\sonyaids.dll
2009-01-02 17:01 . 2006-06-21 16:40 --a------ 75,776
C:\WINDOWS\system32\sonyaiwo.dll
2009-01-02 17:01 . 2005-12-08 16:50 --a------ 38,400
C:\WINDOWS\system32\sonyaiwd.dll
2009-01-02 16:59 . 2004-05-13 18:53 --a------ 77,824
C:\WINDOWS\system32\cddblangzt.dll
2009-01-02 16:58 . 2004-05-13 18:53 --a------ 757,760
C:\WINDOWS\system32\cddbui.dll
2009-01-02 16:58 . 2004-05-13 18:53 --a------ 630,784
C:\WINDOWS\system32\cddbcontrol.dll
2009-01-02 16:51 . 2004-08-04 20:00 --a------ 221,184
C:\WINDOWS\system32\wmpns.dll
2009-01-02 16:49 . 2009-01-02 16:49 --a------ 262,144 C:\Documents and
Settings\All Users\ntuser.dat
.
********** Modified 2008-11 -- 2009-01 files: **********
2009-01-09 04:47:39 ----a-w 16,384
C:\DOCUME~1\Dennis\LOCALS~1\Temp\~DF4470.tmp
2009-01-09 02:03:50 ----atw 512 C:\DOCUME~1\Dennis\LOCALS~1\Temp\~DF2FBD.tmp
2009-01-09 02:03:50 ----a-w 688,128
C:\DOCUME~1\Dennis\LOCALS~1\Temp\~DF2F1C.tmp
2009-01-09 01:51:24 ----atw 512 C:\DOCUME~1\Dennis\LOCALS~1\Temp\~DF23F9.tmp
2009-01-09 01:51:23 ----a-w 688,128
C:\DOCUME~1\Dennis\LOCALS~1\Temp\~DFEB5.tmp
2009-01-09 01:50:11 --s-a-w 2,048 C:\WINDOWS\bootstat.dat
2009-01-06 07:43:22 ----a-w 1,355 C:\WINDOWS\imsins.BAK
2009-01-05 16:07:17 ---hatw 243,712 C:\DOCUME~1\Dennis\LOCALS~1\Temp\~EB.tmp
2009-01-04 06:32:42 ----a-w 201,736 C:\WINDOWS\system32\FNTCACHE.DAT
2009-01-03 14:05:00 ---hatw 243,712 C:\DOCUME~1\Dennis\LOCALS~1\Temp\~44.tmp
2009-01-02 15:11:19 ----a-w 62,314 C:\WINDOWS\system32\prfc0404.dat
2009-01-02 15:11:19 ----a-w 53,098 C:\WINDOWS\system32\perfc009.dat
2009-01-02 15:11:19 ----a-w 380,684 C:\WINDOWS\system32\perfh009.dat
2009-01-02 15:11:19 ----a-w 215,666 C:\WINDOWS\system32\prfh0404.dat
2009-01-02 15:11:19 ----a-w 2,396 C:\WINDOWS\system32\PerfStringBackup.TMP
2008-12-12 17:00:59 ----a-w 3,088,896 C:\WINDOWS\system32\mshtml.dll
2008-11-21 21:47:56 ----a-w 524,288 C:\WINDOWS\system32\DivXsm.exe
2008-11-21 21:47:52 ----a-w 3,596,288 C:\WINDOWS\system32\qt-dx331.dll
2008-11-21 21:47:50 ------w 187,128 C:\WINDOWS\system32\PxMas.dll
2008-11-21 21:47:48 ------w 72,440 C:\WINDOWS\system32\pxhpinst.exe
2008-11-21 21:47:48 ------w 66,296 C:\WINDOWS\system32\pxcpya64.exe
2008-11-21 21:47:48 ------w 64,760 C:\WINDOWS\system32\pxinsa64.exe
2008-11-21 21:47:48 ------w 551,672 C:\WINDOWS\system32\Px.dll
2008-11-21 21:47:48 ------w 518,904 C:\WINDOWS\system32\pxdrv.dll
2008-11-21 21:47:48 ------w 379,640 C:\WINDOWS\system32\PxWave.dll
2008-11-21 21:47:48 ------w 120,056 C:\WINDOWS\system32\pxcpyi64.exe
2008-11-21 21:47:48 ------w 118,520 C:\WINDOWS\system32\pxinsi64.exe
2008-11-21 21:47:48 ------w 1,628,920 C:\WINDOWS\system32\PxSFS.DLL
2008-11-21 21:47:46 ------w 88,824 C:\WINDOWS\system32\VXBLOCK.dll
2008-11-21 21:46:10 ----a-w 200,704 C:\WINDOWS\system32\ssldivx.dll
2008-11-21 21:46:10 ----a-w 1,044,480 C:\WINDOWS\system32\libdivx.dll
2008-11-21 21:45:16 ----a-w 81,920 C:\WINDOWS\system32\dpl100.dll
2008-11-21 21:45:16 ----a-w 196,608 C:\WINDOWS\system32\dtu100.dll
2008-11-21 21:45:12 ----a-w 593,920 C:\WINDOWS\system32\dpuGUI11.dll
2008-11-21 21:45:12 ----a-w 57,344 C:\WINDOWS\system32\dpv11.dll
2008-11-21 21:45:12 ----a-w 53,248 C:\WINDOWS\system32\dpuGUI10.dll
2008-11-21 21:45:12 ----a-w 344,064 C:\WINDOWS\system32\dpus11.dll
2008-11-21 21:45:12 ----a-w 294,912 C:\WINDOWS\system32\dpu11.dll
2008-11-21 21:45:12 ----a-w 294,912 C:\WINDOWS\system32\dpu10.dll
2008-11-21 21:45:08 ----a-w 823,296 C:\WINDOWS\system32\divx_xx0c.dll
2008-11-21 21:45:08 ----a-w 823,296 C:\WINDOWS\system32\divx_xx07.dll
2008-11-21 21:45:08 ----a-w 815,104 C:\WINDOWS\system32\divx_xx0a.dll
2008-11-21 21:45:08 ----a-w 802,816 C:\WINDOWS\system32\divx_xx11.dll
2008-11-21 21:45:06 ----a-w 684,032 C:\WINDOWS\system32\DivX.dll
2008-11-21 21:44:38 ----a-w 161,096
C:\WINDOWS\system32\DivXCodecVersionChecker.exe
2008-11-21 21:44:16 ----a-w 12,288 C:\WINDOWS\system32\DivXWMPExtType.dll
.
=======================================================
執行中的程序:
[PID: 1488] C:\Program Files\Intel\Wireless\Bin\EvtEng.exe [Intel Corporation]
[PID: 1524] C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe [Intel
Corporation ]
[PID: 204] C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
[Symantec Corporation]
[PID: 236] C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
[Symantec Corporation]
[PID: 392] C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
[Symantec Corporation]
[PID: 536] C:\WINDOWS\system32\spoolsv.exe [Microsoft Corporation]
[PID: 932] C:\Program Files\Apoint\Apoint.exe [Alps Electric Co., Ltd.]
[PID: 156] C:\Program Files\Sony\VAIO Power Management\SPMgr.exe [Sony
Corporation]
[PID: 1188] C:\Program Files\Sony\ISB Utility\ISBMgr.exe [Sony Corporation]
[PID: 1340] C:\Program Files\Sony\Wireless Switch Setting
Utility\Switcher.exe [Sony Corporation]
[PID: 1372] C:\Program Files\Sony\VAIO Camera Utility\VCUServe.exe [Sony
Corporation]
[PID: 1408] C:\Program Files\Sony\VAIO Update 2\VAIOUpdt.exe [Sony
Corporation]
[PID: 1424] C:\Program Files\Common Files\Symantec Shared\ccApp.exe [Symantec
Corporation]
[PID: 1484] C:\PROGRA~1\SYMANT~1\VPTray.exe [Symantec Corporation]
[PID: 1624] C:\Program Files\Java\jre6\bin\jusched.exe [Sun Microsystems,
Inc.]
[PID: 1728] C:\Program Files\Apoint\Apntex.exe [Alps Electric Co., Ltd.]
[PID: 1904] C:\WINDOWS\system32\ctfmon.exe [Microsoft Corporation]
[PID: 2004] C:\WINDOWS\system32\conime.exe [Microsoft Corporation]
[PID: 1908] C:\Program Files\DAEMON Tools Lite\daemon.exe [DT Soft Ltd]
[PID: 636] C:\Program Files\Messenger\msmsgs.exe [Microsoft Corporation]
[PID: 816] C:\Program Files\Symantec AntiVirus\DefWatch.exe [Symantec
Corporation]
[PID: 1232] C:\Program Files\Juniper Networks\Common Files\dsNcService.exe
[Juniper Networks]
[PID: 1848] C:\Program Files\Java\jre6\bin\jqs.exe [Sun Microsystems, Inc.]
[PID: 2116] C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe
[Microsoft Corporation]
[PID: 2248] C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe [東
芝公司。]
[PID: 2404] C:\WINDOWS\system32\nvsvc32.exe [NVIDIA Corporation]
[PID: 2540] C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe [Intel
Corporation]
[PID: 2768] C:\Program Files\Symantec AntiVirus\Rtvscan.exe [Symantec
Corporation]
[PID: 2832] C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosA2dp.exe [東芝
公司。]
[PID: 2872] C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHid.exe
[TOSHIBA CORPORATION.]
[PID: 2888] C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHsp.exe
[TOSHIBA CORPORATION.]
[PID: 2944] C:\Program Files\Sony\VAIO Event Service\VESMgr.exe [Sony
Corporation]
[PID: 2984] C:\Program Files\Common Files\Sony Shared\VAIO Entertainment
Platform\VCSW\VCSW.exe [Sony Corporation]
[PID: 3080] C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
[Symantec Corporation]
[PID: 3124] C:\Program Files\Windows Live\Messenger\msnmsgr.exe [Microsoft
Corporation]
[PID: 3248] C:\Program Files\Common Files\Sony Shared\VAIO Entertainment
Platform\VzCdb\VzCdbSvc.exe [Sony Corporation]
[PID: 3640] C:\Program Files\Common Files\Sony Shared\VAIO Entertainment
Platform\VzCdb\VzFw.exe [Sony Corporation]
[PID: 572] C:\Program Files\Common Files\Sony Shared\VAIO
Entertainment\VzRs\VzRs.exe [Sony Corporation]
[PID: 2708] C:\WINDOWS\System32\alg.exe [Microsoft Corporation]
[PID: 2780] C:\Program Files\Windows Live\Messenger\usnsvc.exe [Microsoft
Corporation]
[PID: 3412] C:\Program Files\Common Files\Microsoft Shared\Windows
Live\WLLoginProxy.exe [Microsoft Corporation]
[PID: 1944] C:\WINDOWS\expiorer.exe [Microsoft Corporation]
[PID: 3628] C:\Program
Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [Google Inc.]
[PID: 600] C:\Program Files\Open PCMan CE Combo\PCMan.exe [PCMan CE Project]
[PID: 2508] C:\WINDOWS\system32\wbem\wmiprvse.exe [Microsoft Corporation]
[PID: 2016] C:\WINDOWS\system32\cmd.exe [Microsoft Corporation]
系統執行程序中沒有檔案資訊的動態連結檔:
explorer.exe PID: (3620)
=> C:\WINDOWS\system32\haozs0.dll
=======================================================
登錄值列表 *** 注意 : 部分正常值不會顯示 ***
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" 2008-04-15 00:30 15360
[Microsoft Corporation]
"Steam"="c:\program files\steam\steam.exe" 2009-01-03 12:51 1410296 [Valve
Corporation]
"DAEMON Tools Lite"="C:\Program Files\DAEMON Tools Lite\daemon.exe"
2008-12-29 18:40 687560 [DT Soft Ltd]
"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" 2008-04-15 00:30 1695232
[Microsoft Corporation]
"swg"="C:\Program
Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" 2009-01-09
11:17 68856 [Google Inc.]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IMJPMIG8.1"="C:\WINDOWS\IME\imjp8_1\IMJPMIG.exe" 2004-08-04 20:00 208952
[Microsoft Corporation]
"Apoint"="C:\Program Files\Apoint\Apoint.exe" 2004-11-17 19:47 118784 [Alps
Electric Co., Ltd.]
"igfxtray"="C:\WINDOWS\system32\igfxtray.exe" 2005-12-17 10:08 98304 [Intel
Corporation]
"igfxhkcmd"="C:\WINDOWS\system32\hkcmd.exe" 2005-12-17 10:08 77824 [Intel
Corporation]
"igfxpers"="C:\WINDOWS\system32\igfxpers.exe" 2005-12-17 10:08 118784 [Intel
Corporation]
"SonyPowerCfg"="C:\Program Files\Sony\VAIO Power Management\SPMgr.exe"
2006-06-27 18:24 217088 [Sony Corporation]
"ISBMgr.exe"="C:\Program Files\Sony\ISB Utility\ISBMgr.exe" 2004-02-20 14:12
32768 [Sony Corporation]
"IMEKRMIG6.1"="C:\WINDOWS\ime\imkr6_1\IMEKRMIG.EXE" 2004-08-04 20:00 44032
[Microsoft Corporation]
"MSPY2002"="C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe" 2004-08-04 20:00
59392 [<N/A>] [X]
"Switcher.exe"="C:\Program Files\Sony\Wireless Switch Setting
Utility\Switcher.exe" 2006-02-14 12:11 176128 [Sony Corporation]
"VAIOCameraUtility"="C:\Program Files\Sony\VAIO Camera Utility\VCUServe.exe"
2005-12-27 13:58 69632 [Sony Corporation]
"VAIO Update 2"="C:\Program Files\Sony\VAIO Update 2\VAIOUpdt.exe"
2006-05-31 10:43 151552 [Sony Corporation]
"ccApp"="C:\Program Files\Common Files\Symantec Shared\ccApp.exe" 2006-07-19
19:26 52896 [Symantec Corporation]
"vptray"="C:\PROGRA~1\SYMANT~1\VPTray.exe" 2006-11-22 14:03 125024 [Symantec
Corporation]
"SunJavaUpdateSched"="C:\Program Files\Java\jre6\bin\jusched.exe" 2009-01-02
21:06 136600 [Sun Microsystems, Inc.]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader
9.0\Reader\Reader_sl.exe" 2008-06-12 02:38 34672 [Adobe Systems Incorporated]
"CJIMETIPSYNC"="C:\Program Files\Common Files\Microsoft
Shared\IME\IMTC65\CHANGJIE\CINTLCFG.exe" 2007-03-22 19:17 66400 [Microsoft
Corp.]
"PHIMETIPSYNC"="C:\Program Files\Common Files\Microsoft
Shared\IME\IMTC65\PHONETIC\TINTLCFG.exe" 2007-03-22 19:17 98656 [Microsoft
Corp.]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\CTFMON.EXE" 2008-04-15 00:30 15360
[Microsoft Corporation]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{C5F43BEF-CE2F-46D8-AFE6-A647BACD1F09}"="C:\WINDOWS\system32\haozs0.dll"
[2008-04-15 00:30 78848 C:\WINDOWS\system32\haozs0.dll]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
"WPDShServiceObj"="{AAA288BA-9A4C-45B0-95D7-94D524869DB5}" => 2006-10-18
21:47 133632 C:\WINDOWS\system32\WPDShServiceObj.dll
[HKEY_LOCAL_MACHINE\~\Explorer\Browser Helper
Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}]
. 2008-06-11 22:33 75128 C:\Program Files\Common
Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
[HKEY_LOCAL_MACHINE\~\Explorer\Browser Helper
Objects\{AA58ED58-01DD-4d91-8333-CF10577473F7}]
. 2009-01-07 13:23 2403392 c:\Program Files\Google\GoogleToolbar1.dll
[HKEY_LOCAL_MACHINE\~\Explorer\Browser Helper
Objects\{AF69DE43-7D58-4638-B6FA-CE66B5AD205D}]
. 2009-01-09 11:17 737776 C:\Program
Files\Google\GoogleToolbarNotifier\3.1.807.1746\swg.dll
[HKEY_LOCAL_MACHINE\~\Explorer\Browser Helper
Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
. 2009-01-02 21:06 34816 C:\Program Files\Java\jre6\bin\jp2ssv.dll
[HKEY_LOCAL_MACHINE\~\Explorer\Browser Helper
Objects\{E7E6F031-17CE-4C07-BC86-EABFE594F69C}]
. 2009-01-02 21:06 73728 C:\Program
Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows
nt\currentversion\winlogon\notify\VESWinlogon]
"DllName"="VESWinlogon.dll" 2006-03-09 14:51 73728
C:\WINDOWS\system32\VESWinlogon.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows
nt\currentversion\winlogon\notify\WgaLogon\Settings]
"DLLName"="wlnotify.dll" 2008-04-15 00:30 89088
C:\WINDOWS\system32\wlnotify.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32]
"VIDC.dvsd"="C:\PROGRA~1\COMMON~1\SONYSH~1\VideoLib\sonydv.dll" [Sony
Corporation]
"vidc.XVID"="C:\WINDOWS\system32\xvidvfw.dll" [N/A]
[HKEY_CURRENT_USER\control panel\desktop]
"Wallpaper"=C:\Documents and Settings\Dennis\Local Settings\Application
Data\Microsoft\Wallpaper1.bmp
"SCRNSAVE.EXE"=C:\WINDOWS\system32\LEXUSI~1.SCR
MD5: f7a2245d8bd832d1e7a01c26d5e6efd0 2008-04-15 00:30 978432
C:\WINDOWS\explorer.exe
MD5: 453888766da789f18fbbf5b20e4bc17f 2004-08-04 20:00 976896
C:\WINDOWS\$NtServicePackUninstall$\explorer.exe
MD5: f7a2245d8bd832d1e7a01c26d5e6efd0 2008-04-15 00:30 978432
C:\WINDOWS\ServicePackFiles\i386\explorer.exe
MD5: f7a2245d8bd832d1e7a01c26d5e6efd0 2008-04-15 00:30 978432
C:\WINDOWS\SoftwareDistribution\Download\93482b049601aa0789f1d0914abbb4e8\explorer.exe
MD5: f3a20a3c6a4df7fe038f4cca70080b10 2004-08-04 20:00 23552
C:\WINDOWS\$NtServicePackUninstall$\userinit.exe
MD5: 613d7c29c9e3e2375971da7e42e4e330 2008-04-15 00:31 25088
C:\WINDOWS\ServicePackFiles\i386\userinit.exe
MD5: 613d7c29c9e3e2375971da7e42e4e330 2008-04-15 00:31 25088
C:\WINDOWS\SoftwareDistribution\Download\93482b049601aa0789f1d0914abbb4e8\userinit.exe
MD5: 613d7c29c9e3e2375971da7e42e4e330 2008-04-15 00:31 25088
C:\WINDOWS\system32\userinit.exe
C:\Documents and Settings\All Users\「開始」功能表\程式集\啟動\
Bluetooth Manager.lnk - C:\Program Files\Toshiba\Bluetooth Toshiba
Stack\TosBtMng1.exe [2005-06-16 11:11:42 49152]
服務 \ 驅動 列表:
顯示方式 : 啟動狀態 服務名稱;顯示名稱;檔案名稱
啟動狀態 : S0 = Boot Start S1 = System Start S2 = Auto Start S3 = Manual
Start S4 = Disable S9 = Unknow
S3 dsNcAdpt;Juniper Network Connect
Adapter;"C:\WINDOWS\system32\DRIVERS\dsNcAdpt.sys" [2008-08-23 00:45 23552]
S3 IFXTPM;IFXTPM;"C:\WINDOWS\system32\DRIVERS\IFXTPM.SYS" [2005-10-21 10:19
36352]
S2 JavaQuickStarterService;Java Quick Starter;"C:\Program
Files\Java\jre6\bin\jqs.exe -service -config C:\Program
Files\Java\jre6\lib\deploy\jqs\jqs.conf" [X]
S3 napagent;Network Access Protection
Agent;"C:\WINDOWS\System32\qagentrt.dll" [2008-04-15 00:29 282112]
S0 shpf;Sony HDD Protection Filter
Driver;"C:\WINDOWS\system32\DRIVERS\shpf.sys" [2005-11-21 13:06 9216]
S3 SonyImgF;Sony Image Conversion Filter
Driver;"C:\WINDOWS\system32\DRIVERS\SonyImgF.sys" [2006-03-06 17:39 30080]
S3 SPI;Sony Programmable I/O Control
Device;"C:\WINDOWS\system32\DRIVERS\SonyPI.sys" [2002-08-20 10:59 71961]
S3 TcUsb;TC USB Kernel Driver;"C:\WINDOWS\system32\Drivers\tcusb.sys"
[2006-02-22 20:20 28800]
S3 ti21sony;ti21sony;"C:\WINDOWS\system32\drivers\ti21sony.sys" [2006-02-21
17:32 226304]
可能被修改數值的系統 服務 \ 驅動 數值 (參考用) :
S3 WudfSvc;Windows Driver Foundation - User-mode Driver
Framework;"C:\WINDOWS\System32\WUDFSvc.dll" [2006-09-28 18:56 55808]
S0 ACPIEC;Microsoft Embedded Controller
Driver;"C:\WINDOWS\system32\DRIVERS\ACPIEC.sys" [2004-08-04 20:00 11648]
=======================================================
catchme 0.3.1367 W2K/XP/Vista - userland rootkit detector by Gmer,
hxxp://www.gmer.net
掃描被隱藏的檔案:
掃描被隱藏的程序:
掃描被隱藏的啟動模組:
被隱藏的檔案數量:0
被隱藏的驅動項目 ( 上面驅動項未顯示出來就可能有問題 ):
?悐 L i v e U p d a t e 喝zhV;C:\Program
Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
=======================================================
IE 首頁設定:
Internet Explorer Version: 6.0.2900.5512
HKCU - Start Page = hxxp://tw.yahoo.com/
HKLM - Extensions: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network
Diagnostic\xpnetdiag.exe
HKLM - Extensions: {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program
Files\Messenger\msmsgs.exe
.
=======================================================
4.977 2009-01-08 11:03:16.311 C:\nefix\BACKUP\LOG1.TXT
4.977 2009-01-08 18:51:06.890 C:\nefix\BACKUP\LOG2.TXT
=======================================================
磁碟空間 C: - 7,002,841,088 位元組可用
磁碟空間 D: - 18,372,390,912 位元組可用
=======================================================
掃描結束時間: 2009-01-09 12:50:37.56
[/CODE]
掃完後有恢復正常一下
後來又掛點
不知道為啥
可否請教一上板上大大們
幫小弟看看是哪邊出問題
謝謝 :)
--
他一生命苦 也難得有幾天真正快活的日子
從過去裡響著滿身叮叮噹噹的回憶走來
白貓要走的那一天
黑貓哭得很傷心
--
※ 發信站: 批踢踢實業坊(ptt.cc)
◆ From: 140.112.21.127
推
01/09 14:39, , 1F
01/09 14:39, 1F
→
01/09 14:39, , 2F
01/09 14:39, 2F
→
01/09 14:39, , 3F
01/09 14:39, 3F
推
01/09 16:36, , 4F
01/09 16:36, 4F
AntiVirus 近期熱門文章
PTT數位生活區 即時熱門文章
