[求救] 不小心被騙，連中三個木馬

看板AntiVirus (防毒)作者cmonkey (蝦猴)時間16年前 (2010/05/19 13:44)推噓2(2推 0噓 1→)

留言3則, 3人參與討論串1/1

網路上不小心被騙。執行了病毒檔案： http://freakshare.net/files/cqdxutsf/DEM_32.rar.html 很聰明，把我騙倒了。因為他把執行檔的icon改成資料夾的icon 而且，檔名寫成： DEM_32 .exe 利用很長的空格，把exe尾檔名往後移隱藏，讓我以為是資料夾。看裡面的執行檔有四個，除了er.exe之外，都是不同的木馬看來這傢伙想讓人連中三毒，滿缺德的： sosus.exe 55l.exe a0b46s.exe er.exe a0b46s.exe (TR/Agent.458752) 55l.exe (TR/Dldr.Netins.A.50) sosus.exe (TR/Crypt.ZPACK.Gen) 裡面有執行下面動作： Path=C:\downloads\ SavePath Setup=er.exe Presetup=er.exe Silent=1 Overwrite=1 除了er.exe之外，另外三個exe被小紅傘擋下。目前還沒看到症狀。 -- ※ 發信站: 批踢踢實業坊(ptt.cc) ◆ From: 203.73.183.248 ※ 編輯: cmonkey 來自: 203.73.183.248 (05/19 13:46) ※ 編輯: cmonkey 來自: 203.73.183.248 (05/19 13:58) ※ 編輯: cmonkey 來自: 203.73.183.248 (05/19 13:59)

推

ShikiEiki

05/19 14:15, , 1^F

05/19 14:15, 1^F

[code] efix 5.5 20100518.24 - 2010-05-19 14:31:42.54 - FAT32 Microsoft Windows XP Service Pack 3 - SYL 執行位置: C:\Documents and Settings\SYL\桌面\firefoxdownload\EF2010051824.exe AV: AntiVir Desktop (Avira GmbH) True - Enabled * 已建立系統還原點. 提示：未安裝安全性更新 KB971029 ================================================================================ 使用者帳戶列表: Administrator Guest HelpAssistant SUPPORT_388945a0 SYL -- Current ================================================================================ EF刪除的檔案列表: 沒有刪除任何檔案. ================================================================================ EF修改的登錄值列表: 沒有刪除任何登錄值. ================================================================================ 各磁碟根目錄含有隱藏屬性的資料夾和檔案 : 2007-10-23 13:14:54 . 2007-10-23 13:14:53 268 -a-h----- c:\sqmdata03.sqm 2009-03-05 22:45:44 . 2009-03-05 20:21:13 2048 r-sh----- c:\KYOGTSD.SYS 2006-10-27 14:55:20 . 2006-10-27 14:55:19 268 -a-h----- c:\sqmdata00.sqm 2006-10-27 14:55:20 . 2006-10-27 14:55:19 244 -a-h----- c:\sqmnoopt00.sqm 2006-10-28 14:45:20 . 2006-10-28 14:45:18 244 -a-h----- c:\sqmnoopt01.sqm 2006-10-28 14:45:20 . 2006-10-28 14:45:18 268 -a-h----- c:\sqmdata01.sqm 2006-11-30 00:45:58 . 2006-11-30 00:45:57 244 -a-h----- c:\sqmnoopt02.sqm 2006-11-30 00:45:58 . 2006-11-30 00:45:57 268 -a-h----- c:\sqmdata02.sqm 2007-10-23 13:14:54 . 2007-10-23 13:14:53 244 -a-h----- c:\sqmnoopt03.sqm 2008-10-22 09:30:16 . 2008-10-22 09:09:42 2048 r-sh----- c:\KYOGTS.SYS 2010-05-14 11:12:08 . 2010-05-14 11:12:07 <DIR> --sh-d--- c:\Config.Msi 2001-10-11 08:06:54 . 2001-10-11 08:06:54 213830 rash----- c:\bootfont.bin 2003-11-03 19:22:54 . 2003-11-03 19:22:53 <DIR> ---h-d--- e:\msdownld.tmp 2006-02-26 12:24:48 . 2006-02-26 12:24:46 6144 -ash----- e:\Thumbs.db ********** Created 2010-04 -- 2010-05 Files: ********** 2010-05-14 11:29:53 . 2009-11-25 11:19:04 56816 -a------- C:\WINDOWS\system32\DRIVERS\avgntflt.sys 2010-05-14 11:29:53 . 2009-03-30 09:33:08 96104 -a------- C:\WINDOWS\system32\DRIVERS\avipbb.sys 2010-05-14 11:29:53 . 2009-02-13 11:29:12 22360 -a------- C:\WINDOWS\system32\DRIVERS\avgntmgr.sys 2010-05-14 11:29:53 . 2009-02-13 11:17:50 45416 -a------- C:\WINDOWS\system32\DRIVERS\avgntdd.sys 2010-05-14 11:29:52 . 2009-05-11 09:12:26 28520 -a------- C:\WINDOWS\system32\DRIVERS\ssmdrv.sys 2010-05-14 11:29:47 . 2010-05-14 11:29:48 <DIR> -----d--- C:\Program Files\Avira 2010-05-14 11:12:07 . 2010-05-14 11:12:08 <DIR> --sh-d--- C:\Config.Msi 2010-05-11 13:40:13 . 2010-05-11 13:40:14 209595 -a------- C:\加日期.pcp 2010-05-07 23:51:58 . 2010-05-07 23:52:00 84131 -a------- C:\photocap加日期洗照片.pcp 2010-05-01 22:59:43 . 2010-05-01 22:59:44 <DIR> -----d--- C:\eTax 2010-05-01 08:54:43 . 2010-05-01 08:54:44 <DIR> -----d--- C:\WINDOWS\system32\Cult3D 2010-04-29 02:10:26 . 2010-04-29 02:10:28 <DIR> -----d--- C:\Documents and Settings\SYL\Application Data\Imagine 2010-04-26 19:49:52 . 2010-04-26 19:49:52 577536 -a------- C:\WINDOWS\system32\DsWarpper.dll ********** Modified 2010-04 -- 2010-05 files: ********** 2010-05-19 00:53:22 . 2004-11-25 21:42:00 1328838 -a------- C:\WINDOWS\WindowsUpdate.log 2010-05-18 23:51:40 . 2004-06-16 16:42:30 159 -a------- C:\WINDOWS\wiadebug.log 2010-05-18 23:50:04 . 2001-10-11 08:08:46 2262 -a------- C:\WINDOWS\system32\wpa.dbl 2010-05-18 23:50:02 . 2004-06-16 16:57:26 2048 -as------ C:\WINDOWS\bootstat.dat 2010-05-18 23:49:08 . 2004-06-16 16:42:30 49 -a------- C:\WINDOWS\wiaservc.log 2010-05-18 23:49:06 . 2004-06-16 16:58:47 32680 -a------- C:\WINDOWS\SchedLgU.Txt 2010-05-18 23:48:54 . 2004-06-16 17:01:33 178 --sh----- C:\Documents and Settings\SYL\ntuser.ini 2010-05-14 11:30:12 . 2008-07-01 12:36:34 449778 -a------- C:\WINDOWS\setupapi.log 2010-05-14 11:12:28 . 2004-06-16 21:40:44 11828 -a------- C:\WINDOWS\TMFilter.log 2010-05-14 11:12:08 . 2010-05-14 11:12:07 <DIR> --sh-d--- C:\Config.Msi 2010-05-13 13:35:20 . 2004-11-25 21:20:34 121974 -a------- C:\WINDOWS\medctroc.Log 2010-05-13 13:35:20 . 2004-06-16 17:47:52 91096 -a------- C:\WINDOWS\tabletoc.log 2010-05-13 13:35:20 . 2004-06-16 17:47:52 320919 -a------- C:\WINDOWS\netfxocm.log 2010-05-13 13:35:20 . 2004-06-16 16:40:50 93405 -a------- C:\WINDOWS\msgsocm.log 2010-05-13 13:35:20 . 2004-06-16 16:40:50 857890 -a------- C:\WINDOWS\tsoc.log 2010-05-13 13:35:20 . 2004-06-16 16:40:50 597575 -a------- C:\WINDOWS\comsetup.log 2010-05-13 13:35:20 . 2004-06-16 16:40:50 365003 -a------- C:\WINDOWS\ntdtcsetup.log 2010-05-13 13:35:20 . 2004-06-16 16:40:50 1374 -a------- C:\WINDOWS\imsins.log 2010-05-13 13:35:20 . 2004-06-16 16:40:50 107188 -a------- C:\WINDOWS\ocmsn.log 2010-05-13 13:35:20 . 2004-06-16 16:40:49 93610 -a------- C:\WINDOWS\iis6.log 2010-05-13 13:35:20 . 2004-06-16 16:40:48 948381 -a------- C:\WINDOWS\ocgen.log 2010-05-13 13:35:20 . 2004-06-16 16:40:48 1837676 -a------- C:\WINDOWS\FaxSetup.log 2010-05-13 13:35:16 . 2004-06-16 16:40:50 578324 -a------- C:\WINDOWS\msmqinst.log 2010-05-11 13:40:14 . 2010-05-11 13:40:13 209595 -a------- C:\加日期.pcp 2010-05-11 13:19:44 . 2004-06-16 16:38:09 173467 -a------- C:\WINDOWS\setupact.log 2010-05-07 23:52:00 . 2010-05-07 23:51:58 84131 -a------- C:\photocap加日期洗照片.pcp 2010-05-01 22:59:44 . 2010-05-01 22:59:43 <DIR> -----d--- C:\eTax 2010-05-01 08:54:44 . 2010-05-01 08:54:43 <DIR> -----d--- C:\WINDOWS\system32\Cult3D 2010-04-29 02:10:28 . 2010-04-29 02:10:26 <DIR> -----d--- C:\Documents and Settings\SYL\Application Data\Imagine 2010-04-26 19:49:52 . 2010-04-26 19:49:52 577536 -a------- C:\WINDOWS\system32\DsWarpper.dll ================================================================================ 執行中的程序: [V] [PID: 728 ] C:\WINDOWS\system32\services.exe [ Microsoft Corporation ] [V] [PID: 1400 ] C:\WINDOWS\system32\spoolsv.exe [ Microsoft Corporation ] [V] [PID: 1440 ] C:\WINDOWS\System32\SCardSvr.exe [ Microsoft Corporation ] [-] [PID: 1524 ] C:\Program Files\Avira\AntiVir Desktop\sched.exe [ Avira GmbH ] [-] [PID: 1840 ] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe [ Avira GmbH ] [V] [PID: 1872 ] C:\WINDOWS\system32\ctfmon.exe [ Microsoft Corporation ] [-] [PID: 2000 ] C:\Office2k\PFiles\MSOffice\Office\1028\msoffice.exe [ Microsoft Corporation ] [-] [PID: 568 ] C:\Program Files\Avira\AntiVir Desktop\avguard.exe [ Avira GmbH ] [V] [PID: 636 ] C:\WINDOWS\system32\pctspk.exe [ PCtel, Inc. ] [V] [PID: 1184 ] C:\WINDOWS\system32\wdfmgr.exe [ Microsoft Corporation ] [V] [PID: 1568 ] C:\WINDOWS\System32\alg.exe [ Microsoft Corporation ] [V] [PID: 460 ] C:\WINDOWS\system32\conime.exe [ Microsoft Corporation ] [V] [PID: 480 ] C:\WINDOWS\explorer.exe [ Microsoft Corporation ] [V] [PID: 1732 ] C:\WINDOWS\system32\wuauclt.exe [ Microsoft Corporation ] 系統執行程序中沒有檔案資訊的動態連結檔: 'svchost.exe'(952) C:\WINDOWS\system32\DrvTrNTl.dll 'svchost.exe'(1020) C:\WINDOWS\System32\mspdtc.dll 'svchost.exe'(1088) C:\WINDOWS\System32\DrvTrNTl.dll 'svchost.exe'(1252) C:\WINDOWS\System32\DrvTrNTl.dll 'SCardSvr.exe'(1440) C:\WINDOWS\System32\DrvTrNTl.dll 'sched.exe'(1524) C:\Program Files\Avira\AntiVir Desktop\sqlite3.dll 'ctfmon.exe'(1872) C:\WINDOWS\system32\DrvTrNTl.dll 'svchost.exe'(1944) C:\WINDOWS\System32\DrvTrNTl.dll 'msoffice.exe'(2000) C:\WINDOWS\system32\DrvTrNTl.dll 'avguard.exe'(568) C:\Program Files\Avira\AntiVir Desktop\sqlite3.dll 'alg.exe'(1568) C:\WINDOWS\System32\DrvTrNTl.dll 'conime.exe'(460) C:\WINDOWS\system32\DrvTrNTl.dll 'explorer.exe'(480) C:\WINDOWS\system32\DrvTrNTl.dll ================================================================================ 登錄值列表 *** 注意 : 部分正常值不會顯示 *** [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [ Microsoft Corporation ] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [ Ahead Software Gmbh ] "Logitech Hardware Abstraction Layer"="KHALMNPR.EXE" [ Logitech, Inc. ] "Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [ Adobe Systems Incorporated ] "Adobe ARM"="C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [ Adobe Systems Incorporated ] "PHIME2002ASync"="C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC" [ Microsoft Corporation ] "PHIME2002A"="C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName" [ Microsoft Corporation ] "KernelFaultCheck"="%systemroot%\system32\dumprep 0 -k" "avgnt"="C:\Program Files\Avira\AntiVir Desktop\avgnt.exe /min /nosplash" [ Avira GmbH ] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "ctfmon.exe"="C:\WINDOWS\System32\CTFMON.EXE" [ Microsoft Corporation ] [HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Run] "ctfmon.exe"="C:\WINDOWS\System32\CTFMON.EXE" [ Microsoft Corporation ] [HKEY_USERS\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Run] "ctfmon.exe"="C:\WINDOWS\System32\CTFMON.EXE" [ Microsoft Corporation ] [HKEY_USERS\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Run] "ctfmon.exe"="C:\WINDOWS\System32\CTFMON.EXE" [ Microsoft Corporation ] [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System] "dontdisplaylastusername"="0" "legalnoticecaption"="" "legalnoticetext"="" "shutdownwithoutlogon"="1" "undockwithoutlogon"="1" [HKEY_LOCAL_MACHINE\~\Explorer\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}] 2009-12-21 18:27 75200 C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [HKEY_LOCAL_MACHINE\~\Explorer\Browser Helper Objects\{2F364306-AA45-47B5-9F9D-39A8B94E7EF7}] 2006-11-02 11:29 81920 C:\Program Files\FlashGet\jccatch.dll [HKEY_LOCAL_MACHINE\~\Explorer\Browser Helper Objects\{9018F6A8-2495-45DF-9F16-C738F8F3C8FF}] 2009-03-13 21:29 0 C:\WINDOWS\system32\SkypeComm.dll [HKEY_LOCAL_MACHINE\~\Explorer\Browser Helper Objects\{F156768E-81EF-470C-9057-481BA8380DBA}] 2007-05-19 00:13 163840 C:\Program Files\FlashGet\getflash.dll [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer] "NoDriveTypeAutoRun"="145" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer] "NoDriveTypeAutoRun"="255" "HonorAutoRunSetting"="1" [hku\.default\software\microsoft\windows\currentversion\policies\explorer] "NoDriveTypeAutoRun"="0x91000000" C:\Documents and Settings\All Users\「開始」功能表\程式集\啟動\ Microsoft Office.lnk - C:\Winapps\Microsoft Office\Office\OSA9.EXE -b -l [ Microsoft Corporation ] Symantec WinFax Starter Edition 通訊埠.lnk - C:\Winapps\Microsoft Office\Office\1028\OLFSNT40.EXE [ Microsoft Corporation ] Ulead Photo Express SE Calendar Checker.lnk - C:\Winapps\Ulead Systems\Ulead Photo Express 3.0 SE\CalCheck.exe [ Ulead Systems, Inc. ] EPSON Status Monitor 3 Environment Check.lnk - C:\WINDOWS\system32\spool\drivers\w32x86\3\e_srcv03.exe [ SEIKO EPSON CORPORATION ] InterVideo WinCinema Manager.lnk - C:\Winapps\InterVideo\Common\Bin\WinCinemaMgr.exe [ InterVideo Inc. ] C:\Documents and Settings\SYL\桌面\ 考選部全球資訊網.url - C:\Documents and Settings\SYL\桌面\考選部全球資訊網.url [ N/A ] C:\Documents and Settings\SYL\桌面\ Outlook Express.lnk - C:\Program Files\Outlook Express\msimn.exe [ Microsoft Corporation ] Windows 檔案總管.lnk - C:\WINDOWS\explorer.exe [ Microsoft Corporation ] FreeGrab.exe (2).lnk - C:\Winappss\FreeGrab1.2.3.4.5\FreeGrab.exe [ N/A ] 記事本.lnk - C:\WINDOWS\system32\notepad.exe [ Microsoft Corporation ] DivX Player 2.0 Alpha.lnk - C:\Winapps\DivX\DivX Player 2.0 Alpha\DivX Player 2.0 Alpha.exe [ N/A ] 中文漫.lnk - G:\中文漫 [ N/A ] ADSL.lnk - [File Not Found.] Nero Burning ROM.lnk - C:\Winapps\Ahead\Nero\nero.exe [ Ahead Software AG ] Wincmd32.lnk - C:\Winappss\Wincmd\Wincmd32.exe [ C. Ghisler & Co. ] Ulead Photo Express 3.0 SE.lnk - C:\Winapps\Ulead Systems\Ulead Photo Express 3.0 SE\Ipe30.exe [ Ulead Systems, Inc. ] aida32.lnk - C:\Winappss\Aida32\aida32.exe [ N/A ] Tucan Manager.lnk - C:\Tucan\tucan.exe [ N/A ] KMPlayer.lnk - C:\Program Files\The KMPlayer\KMPlayer.exe [ Pandora.TV ] GoldWave.exe.lnk - C:\Winappss\GoldWave\GoldWave.exe [ N/A ] PhotoCap 4.3.lnk - C:\Program Files\PhotoCap4\PhotoCap.exe [ N/A ] firefox暫存區.lnk - C:\Documents and Settings\SYL\Local Settings\Application Data\Mozilla\Firefox\Profiles\kvnvxtbc.default\Cache [ N/A ] JDownloader.exe.lnk - C:\Winappss\jdownloader\JDownloader.exe [ AppWork UG (haftungsbeschrankt) ] MangaMeeyaCE.exe.lnk - C:\Winappss\MangaMeeyaCE v2.4\MangaMeeyaCE.exe [ N/A ] Timer.exe.lnk - C:\Winappss\Timer.exe [ N/A ] MyRename.exe.lnk - C:\Winappss\MyRename_0.3\MyRename.exe [ Kai-Chieh Ku ] downloads'.lnk - C:\WINDOWS\explorer.exe /e,H:\Downloads [ Microsoft Corporation ] frd.exe.lnk - C:\Winappss\FreeRapid-0.83u1\frd.exe [ Vity ] C:\Documents and Settings\All Users\桌面\ PhotoImpact 8.lnk - C:\Winapps\Ulead Systems\Ulead PhotoImpact 8\Iedit.exe [ Ulead Systems, Inc. ] ScanWizard Easy.lnk - C:\WINDOWS\twain_32\ScanWiz5\FileScan.exe [ N/A ] MindManager X5.lnk - C:\WINDOWS\Installer\{632EB490-52E3-4822-8658-C79A30DBD200}\ARPPRODUCTICON.exe [ InstallShield Software Corp. ] Dr.eye.lnk - C:\Winapps\Inventec\Dreye\Dreye.exe [ Inventec Online ] PAPAGO! R12 PC版.lnk - C:\WINDOWS\Installer\{FABFEAFE-BCB4-4D99-8F6D-C2CB4AB2F313}\_6EAE2B2E69DD4E7BFCD7AC.exe [ N/A ] 丹青中英日文文件辨識系統 5.lnk - C:\Winapps\NewSoft\MaxReader 5\pxcr50.exe [ NewSoft Technology Corporation ] Presto! Forms.lnk - C:\Winapps\NewSoft\Presto!Forms\Prestofm.exe [ N/A ] FlashGet.lnk - C:\Program Files\FlashGet\flashget.exe [ FlashGet.com ] Mozilla Firefox.lnk - C:\Program Files\Mozilla Firefox\firefox.exe [ Mozilla Corporation ] EasyATM SIM Card Editor.lnk - C:\Program Files\Realtek\USB2.0 Card Reader Software\SimEdit.exe [ Realsil ] 網路ATM服務.lnk - C:\WINDOWS\Installer\{E1056C34-E994-4CF9-AD0A-5BFE96747F8C}\NewShortcut2_99FCC8E930884B9189002116D9749810.exe GoEzoZone.exe [ N/A ] Adobe Reader 9.lnk - C:\Program Files\Adobe\Reader 9.0\Reader\AcroRd32.exe [ Adobe Systems Incorporated ] 綜合所得稅電子結算申報繳稅系統.lnk - C:\eTax\IRX\Bin\IrcWin.exe [ 關貿網路股份有限公司 ] 小紅傘控制中心.lnk - C:\Program Files\Avira\AntiVir Desktop\avcenter.exe [ Avira GmbH ] C:\Documents and Settings\SYL\Application Data\MICROSOFT\INTERNET EXPLORER\QUICK LAUNCH\ 顯示桌面.scf - C:\Documents and Settings\SYL\Application Data\MICROSOFT\INTERNET EXPLORER\QUICK LAUNCH\顯示桌面.scf [ N/A ] Outlook Express.lnk - C:\Program Files\Outlook Express\msimn.exe [ Microsoft Corporation ] Nero StartSmart.lnk - C:\Winapps\Ahead\Nero StartSmart\NeroStartSmart.exe [ Ahead Software AG ] Windows Media Player.lnk - C:\Program Files\Windows Media Player\wmplayer.exe /prefetch:1 [ Microsoft Corporation ] Windows Live Messenger.lnk - C:\Program Files\MSN Messenger\msnmsgr.exe [ Microsoft Corporation ] 啟動 Internet Explorer 瀏覽器.lnk - C:\Program Files\Internet Explorer\iexplore.exe [ Microsoft Corporation ] Mozilla Firefox.lnk - C:\Program Files\Mozilla Firefox\firefox.exe [ Mozilla Corporation ] ADSL.lnk - [File Not Found.] FreeRapid 0.83u1.lnk - C:\Winappss\FreeRapid-0.83u1\frd.exe [ Vity ] C:\Documents and Settings\SYL\「開始」功能表\程式集\ Remote Assistance.lnk - C:\WINDOWS\system32\rcimlby.exe -LaunchRA [ Microsoft Corporation ] Outlook Express.lnk - C:\Program Files\Outlook Express\msimn.exe [ Microsoft Corporation ] 記事本.lnk - C:\WINDOWS\system32\notepad.exe [ Microsoft Corporation ] ConvertZ.lnk - C:\Winappss\Big5-GB\ConvertZ.exe [ Alfred, C. S. Li ] Windows 檔案總管.lnk - C:\WINDOWS\explorer.exe [ Microsoft Corporation ] Windows Media Player.lnk - C:\Program Files\Windows Media Player\wmplayer.exe /prefetch:1 [ Microsoft Corporation ] Internet Explorer.lnk - C:\Program Files\Internet Explorer\iexplore.exe [ Microsoft Corporation ] [HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet\MSN Explorer\shell\open\command] @=C:\Program Files\MSN\MSNCoreFiles\MSN6.EXE FIREFOX DEFAULT PREFS.JS "C:\Documents and Settings\SYL\Application Data\MOZILLA\FIREFOX\PROFILES\kvnvxtbc.default\prefs.js" user_pref("browser.startup.homepage", "hxxp://tw.weather.yahoo.com/week.html"); user_pref("browser.startup.homepage_override.mstone", "rv:1.9.2.3"); 找不到檔案 -- "C:\WINDOWS\system32\ipfltdrv.sys" ================================================================================ 服務 \ 驅動列表: 顯示方式 : 啟動狀態服務名稱;顯示名稱;檔案名稱 R2 AntiVirSchedulerService;Avira Scheduler; C:\Program Files\Avira\AntiVir Desktop\sched.exe [ Avira GmbH ] S3 napagent;Network Access Protection Agent; C:\WINDOWS\System32\qagentrt.dll [ Microsoft Corporation ] R2 Pctspk;PCTEL Speaker Phone; C:\WINDOWS\system32\pctspk.exe [ PCtel, Inc. ] S4 hpt3xx;hpt3xx; [File Not Found.] S2 jnc;JNC USB Driver; C:\WINDOWS\system32\Drivers\jnc.sys [ Sensory Science Corp. ] R3 Ptserlp;PCTEL Serial Device Driver for PCI; C:\WINDOWS\system32\DRIVERS\ptserlp.sys [ PCTEL, INC. ] S3 RSUSBSTOR;RTS5121.Sys Realtek USB Card Reader; C:\WINDOWS\system32\Drivers\RTS5121.sys [File Not Found.] S3 Rts516xIR;Realtek IR Driver; C:\WINDOWS\system32\DRIVERS\Rts516xIR.sys [File Not Found.] R3 USBCCID;Realtek Smartcard Reader Driver; C:\WINDOWS\system32\DRIVERS\Rts5161ccid.sys [ Realtek Semiconductor Corporation ] S3 Usblink;Usblink Driver; C:\WINDOWS\system32\Drivers\ulink.sys [File Not Found.] S3 VNic;虛擬USB網絡驅動程式; C:\WINDOWS\system32\DRIVERS\VNic.sys [File Not Found.] S3 WDC_SAM;WD SCSI Pass Thru driver; C:\WINDOWS\system32\DRIVERS\wdcsam.sys [ Western Digital Technologies ] ================================================================================ IE 首頁設定: Internet Explorer Version: 6.0.2900.5512 HKLM - Search Page = HKLM - Start Page = hxxp://tw.yahoo.com HKCU - Start Page = about:blank HKCU - Extra menu item: &U妏蚚馨譙儂けｳ狟婥甜彶紲 - C:\Program Files\NamiRobot\Data\du.html HKCU - Extra menu item: &使用 FlashGet 下載 - C:\Program Files\FlashGet\jc_link.htm HKCU - Extra menu item: &全部使用 FlashGet 下載 - C:\Program Files\FlashGet\jc_all.htm HKCU - Extra menu item: 下載編碼內容(&D.S.Lite) - C:\Winapps\DSLite2\dl_text.html HKCU - Extra menu item: 下載編碼檔案內容(&D.S.Lite) - C:\Winapps\DSLite2\dl_url.html HKCU - Extra menu item: 剪貼簿文字: 簡 > 繁 - res://C:\winapps\ALiBaBar\ALiBaBar.dll/RT_HTML/ClipToTrad HKCU - Extra menu item: 剪貼簿文字: 繁 > 簡 - res://C:\winapps\ALiBaBar\ALiBaBar.dll/RT_HTML/ClipToSim HKCU - Extra menu item: 網頁: [簡體] 顯示 - res://C:\winapps\ALiBaBar\ALiBaBar.dll/RT_HTML/PageToSim HKCU - Extra menu item: 網頁: [繁體] 顯示 - res://C:\winapps\ALiBaBar\ALiBaBar.dll/RT_HTML/PageToTrad HKLM - Extensions: {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\Program Files\FlashGet\FlashGet.exe HKLM - Extensions: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe HKLM - Extensions: {F8475519-8412-4D40-A46E-692D9D04DF7F} - C:\Winapps\DSLite2\DSLite.exe HKLM - Extensions: {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe LSP: c:\windows\system32\nwprovau.dll ================================================================================ Win32/Conficker worm has not been found active in the memory. Do you want to perform scanning and cleaning anyway? (y/n) Nothing was found. Checking for Win32/Conficker.AA files: Nothing was found. ================================================================================ a: Removable 0MB 0MB NOTREADY c: Fixed 1110MB 14301MB FAT32 READY d: Fixed 1529MB 14991MB FAT32 READY e: Fixed 6884MB 46983MB FAT32 READY f: CDROM 0MB 0MB NOTREADY g: Fixed 22339MB 152625MB NTFS READY h: Fixed 12774MB 238472MB NTFS READY k: Removable 0MB 0MB NOTREADY ================================================================================ 掃描結束時間: 2010-05-19 14:34:22.73 [/CODE] ※ 編輯: cmonkey 來自: 203.73.183.248 (05/19 15:03)