And I also want to know if there is any problems when it shows this message (Attachments)
Logfile of Trend Micro HijackThis v2.0.0 (BETA)
Scan saved at 7:40:08, on 18/12/2008
Platform: Windows Vista SP1 (WinNT 6.00.1905)
Boot mode: Normal
Running processes:
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Windows\RtHDVCpl.exe
C:\Program Files\Fingerprint Sensor\ATSwpNav.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\Common Files\LogiShrd\LComMgr\LVComSX.exe
C:\Program Files\Fujitsu\FUJ02E3\FUJ02E3.exe
C:\Program Files\Fujitsu\Fujitsu Hotkey Utility\IndicatorUty.exe
C:\Program Files\Fujitsu\PSUtility\TrayManager.exe
C:\Program Files\Fujitsu\Application Panel\QuickTouch.exe
C:\Program Files\Fujitsu\BtnHnd\BtnHnd.exe
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\Program Files\Fujitsu\updnavi\updatenv.exe
C:\Program Files\Norman\Npm\Bin\Zlh.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Windows\system32\igfxsrvc.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Program Files\Norman\Nvc\BIN\NIP.EXE
C:\Program Files\Norman\Nvc\bin\cclaw.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Users\USER\Downloads\HiJackThis_v2.exe
R3 - URLSearchHook: Yahoo! 工具列 - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll
O1 - Hosts: ::1 localhost
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: flashget urlcatch - {2F364306-AA45-47B5-9F9D-39A8B94E7EF7} - C:\Program Files\FlashGet\jccatch.dll
O2 - BHO: Java™ Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live 登入小幫手 - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: FlashGet GetFlash Class - {F156768E-81EF-470C-9057-481BA8380DBA} - C:\Program Files\FlashGet\getflash.dll
O3 - Toolbar: Yahoo! 工具列 - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [ATSwpNav] "C:\Program Files\Fingerprint Sensor\ATSwpNav" -run
O4 - HKLM\..\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\Windows\system32\igfxpers.exe
O4 - HKLM\..\Run: [LVCOMSX] "C:\Program Files\Common Files\LogiShrd\LComMgr\LVComSX.exe"
O4 - HKLM\..\Run: [LoadFUJ02E3] C:\Program Files\Fujitsu\FUJ02E3\FUJ02E3.exe
O4 - HKLM\..\Run: [IndicatorUtility] C:\Program Files\Fujitsu\Fujitsu Hotkey Utility\IndicatorUty.exe
O4 - HKLM\..\Run: [PSUtility] c:\Program Files\Fujitsu\PSUtility\TrayManager.exe
O4 - HKLM\..\Run: [TvOutSwitch] c:\Program Files\Fujitsu\DispSwitch\DispSwitchLauncher.exe
O4 - HKLM\..\Run: [LoadFujitsuQuickTouch] C:\Program Files\Fujitsu\Application Panel\QuickTouch.exe
O4 - HKLM\..\Run: [LoadBtnHnd] C:\Program Files\Fujitsu\BtnHnd\BtnHnd.exe
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [LanguageShortcut] "C:\Program Files\CyberLink\PowerDVD\Language\Language.exe"
O4 - HKLM\..\Run: [FJUPDNV_Chitose] C:\Program Files\Fujitsu\updnavi\updatenv.exe
O4 - HKLM\..\Run: [Norman ZANDA] "C:\Program Files\Norman\Npm\bin\ZLH.EXE" /LOAD /SPLASH
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [Skytel] Skytel.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Ulead AutoDetector v2] C:\Program Files\Common Files\Ulead Systems\AutoDetector\monitor.exe
O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\Ringz Studio\Storm Codec\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\RunOnce: [PCDrProfiler] C:\Program Files\Fujitsu Hardware Diagnostics Tool\RunProfiler.exe -r
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [Messenger (Yahoo!)] "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet
O4 - HKCU\..\Run: [foxy] "C:\Program Files\Foxy\Foxy.exe" -tray
O4 - HKCU\..\Run: [AlcoholAutomount] "C:\Program Files\Alcohol Soft\Alcohol 120\axcmd.exe" /automount
O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\daemon.exe" -autorun
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - Global Startup: Bluetooth Manager.lnk = ?
O8 - Extra context menu item: &Download All with FlashGet - C:\Program Files\FlashGet\jc_all.htm
O8 - Extra context menu item: &Download with FlashGet - C:\Program Files\FlashGet\jc_link.htm
O8 - Extra context menu item: Foxy 下載 - res://C:\Program Files\Foxy\Foxy.exe/download.htm
O8 - Extra context menu item: Foxy 搜尋 - res://C:\Program Files\Foxy\Foxy.exe/search.htm
O8 - Extra context menu item: 匯出至 Microsoft Excel(&X) - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\Program Files\FlashGet\FlashGet.exe
O9 - Extra 'Tools' menuitem: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\Program Files\FlashGet\FlashGet.exe
O13 - Gopher Prefix:
O15 - ESC Trusted Zone: http://*.update.microsoft.com
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: NameServer = 85.255.113.125;85.255.112.214
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: NameServer = 85.255.113.125;85.255.112.214
O18 - Protocol: about - {3050F406-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\system32\mshtml.dll
O18 - Protocol: cdl - {3DD53D40-7B8B-11D0-B013-00AA0059CE02} - C:\Windows\system32\urlmon.dll
O18 - Protocol: dvd - {12D51199-0DB5-46FE-A120-47A3D7D937CC} - C:\Windows\System32\msvidctl.dll
O18 - Protocol: file - {79EAC9E7-BAF9-11CE-8C82-00AA004BA90B} - C:\Windows\system32\urlmon.dll
O18 - Protocol: ftp - {79EAC9E3-BAF9-11CE-8C82-00AA004BA90B} - C:\Windows\system32\urlmon.dll
O18 - Protocol: http - {79EAC9E2-BAF9-11CE-8C82-00AA004BA90B} - C:\Windows\system32\urlmon.dll
O18 - Protocol: https - {79EAC9E5-BAF9-11CE-8C82-00AA004BA90B} - C:\Windows\system32\urlmon.dll
O18 - Protocol: its - {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\Windows\System32\itss.dll
O18 - Protocol: javascript - {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\system32\mshtml.dll
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL
O18 - Protocol: local - {79EAC9E7-BAF9-11CE-8C82-00AA004BA90B} - C:\Windows\system32\urlmon.dll
O18 - Protocol: mailto - {3050F3DA-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\system32\mshtml.dll
O18 - Protocol: mhtml - {05300401-BCBC-11D0-85E3-00C04FD85AB4} - C:\Windows\system32\inetcomm.dll
O18 - Protocol: mk - {79EAC9E6-BAF9-11CE-8C82-00AA004BA90B} - C:\Windows\system32\urlmon.dll
O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll
O18 - Protocol: ms-its - {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\Windows\System32\itss.dll
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL
O18 - Protocol: res - {3050F3BC-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\system32\mshtml.dll
O18 - Protocol: tv - {CBD30858-AF45-11D2-B6D6-00C04FBBDE6E} - C:\Windows\System32\msvidctl.dll
O18 - Protocol: vbscript - {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\system32\mshtml.dll
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\Windows\system32\browseui.dll
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
O23 - Service: Agere Modem Call Progress Audio (AgereModemAudio) - Agere Systems - C:\Windows\system32\agrsmsvc.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Bonjour 服務 (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Norman eLogger service 6 (eLoggerSvc6) - Norman ASA - C:\Program Files\Norman\Npm\Bin\Elogsvc.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: iPod 服務 (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Logitech IBT Service (LvIBTSvr) - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\LvIBTSvr\LvIBTSvr.exe
O23 - Service: LVSrvLauncher - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\SrvLnch\SrvLnch.exe
O23 - Service: Norman NJeeves - Norman ASA - C:\Program Files\Norman\Npm\bin\NJEEVES.EXE
O23 - Service: Norman ZANDA - Norman ASA - C:\Program Files\Norman\Npm\Bin\Zanda.exe
O23 - Service: Norman Scanner Engine Service (nsesvc) - Norman ASA - C:\Program Files\Norman\nse\bin\NSESVC.EXE
O23 - Service: Norman Virus Control on-access component (nvcoas) - Norman ASA - C:\Program Files\Norman\Nvc\bin\nvcoas.exe
O23 - Service: Norman Virus Control Scheduler (NVCScheduler) - Norman ASA - C:\Program Files\Norman\Nvc\BIN\NVCSCHED.EXE
O23 - Service: O2Flash Memory Service (O2Flash) - O2Micro International - c:\Windows\system32\o2flash.exe
O23 - Service: PowerSavingUtilityService - FUJITSU LIMITED - c:\Program Files\Fujitsu\PSUtility\PSUService.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe
O23 - Service: StarWind AE Service (StarWindServiceAE) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
O23 - Service: TOSHIBA Bluetooth Service - TOSHIBA CORPORATION - c:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe
O23 - Service: UpdateNaviInstallService - FUJITSU LIMITED - C:\Program Files\Fujitsu\updnavi\updnvsrv.exe
O23 - Service: @%systemroot%\system32\SearchIndexer.exe,-103 (WSearch) - Unknown owner - C:\Windows\system32\SearchIndexer.exe
--
End of file - 11762 bytes
Full Version: Computer infected, PLEASE HELP!
Lavasoft Support Forums > Archived Topics > Archives: Resolved/Inactive Topics > Resolved/Inactive HijackThis Logs
Hello
Download ComboFix from one of these locations:
Link 1
Link 2
Link 3
* IMPORTANT !!! Save ComboFix.exe to your Desktop
**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.
Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:
Click on Yes, to continue scanning for malware.
When finished, it shall produce a log for you. Please include the C:\ComboFix.txt log in your next reply.
Download ComboFix from one of these locations:
Link 1
Link 2
Link 3
* IMPORTANT !!! Save ComboFix.exe to your Desktop
- Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools
- Double click on ComboFix.exe & follow the prompts.
- As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
- Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.
**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.
Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:
Click on Yes, to continue scanning for malware.
When finished, it shall produce a log for you. Please include the C:\ComboFix.txt log in your next reply.
ComboFix 08-12-18.01 - USER 2008-12-18 18:07:12.1 - NTFSx86
執行位置: c:\users\USER\Downloads\Foxy\ComboFix.exe
* 成功創造新還原點
.
((((((((((((((((((((((((((((((((((((((( 被刪除的檔案 )))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\program files\Mozilla Firefox\components\iamfamous.dll
C:\resycled
c:\resycled\boot.com
D:\resycled
d:\resycled\boot.com
.
((((((((((((((((((((((((( 2008-11-19 至 2008-12-19 的新的檔案 )))))))))))))))))))))))))))))))
.
2008-12-18 08:11 . 2008-12-18 08:11 <DIR> d-------- c:\users\USER\AppData\Roaming\Malwarebytes
2008-12-18 08:11 . 2008-12-18 08:11 <DIR> d-------- c:\users\All Users\Malwarebytes
2008-12-18 08:11 . 2008-12-18 08:11 <DIR> d-------- c:\programdata\Malwarebytes
2008-12-18 08:11 . 2008-12-18 08:11 <DIR> d-------- c:\program files\Malwarebytes' Anti-Malware
2008-12-18 08:11 . 2008-12-03 19:59 38,496 --a------ c:\windows\System32\drivers\mbamswissarmy.sys
2008-12-18 08:11 . 2008-12-03 19:59 15,504 --a------ c:\windows\System32\drivers\mbam.sys
2008-12-18 06:31 . 2008-12-18 07:48 <DIR> d-------- c:\users\All Users\Lavasoft
2008-12-18 06:31 . 2008-12-18 07:48 <DIR> d-------- c:\programdata\Lavasoft
2008-12-18 05:42 . 2008-12-18 05:42 <DIR> d-------- c:\users\USER\AppData\Roaming\SUPERAntiSpyware.com
2008-12-18 05:42 . 2008-12-18 05:42 <DIR> d-------- c:\users\All Users\SUPERAntiSpyware.com
2008-12-18 05:42 . 2008-12-18 05:42 <DIR> d-------- c:\programdata\SUPERAntiSpyware.com
2008-12-18 05:42 . 2008-12-18 05:42 <DIR> d-------- c:\program files\SUPERAntiSpyware
2008-12-18 05:39 . 2008-12-18 07:48 <DIR> d-------- c:\program files\Common Files\Wise Installation Wizard
2008-12-18 05:29 . 2008-12-18 05:29 <DIR> d-------- c:\program files\VS Revo Group
2008-12-17 01:31 . 2008-12-17 01:31 <DIR> d-------- c:\users\USER\AppData\Roaming\DAEMON Tools
2008-12-17 01:31 . 2008-12-17 01:31 295 --a------ C:\電腦 - 捷徑.lnk
2008-12-17 01:30 . 2008-12-17 01:32 <DIR> d-------- c:\users\USER\AppData\Roaming\DAEMON Tools Lite
2008-12-17 01:30 . 2008-12-17 01:30 <DIR> d-------- c:\users\All Users\DAEMON Tools Lite
2008-12-17 01:30 . 2008-12-17 01:30 <DIR> d-------- c:\programdata\DAEMON Tools Lite
2008-12-17 01:30 . 2008-12-18 04:58 <DIR> d-------- c:\program files\DAEMON Tools Toolbar
2008-12-17 01:30 . 2008-12-17 01:30 <DIR> d-------- c:\program files\DAEMON Tools Lite
2008-12-17 01:20 . 2008-12-17 15:20 <DIR> d-------- c:\program files\DAEMON Tools Pro
2008-12-17 00:53 . 2008-12-17 01:31 <DIR> d-------- c:\users\USER\AppData\Roaming\DAEMON Tools Pro
2008-12-13 22:48 . 2008-12-13 22:49 <DIR> d-------- c:\users\All Users\{3276BE95_AF08_429F_A64F_CA64CB79BCF6}
2008-12-13 22:48 . 2008-12-13 22:49 <DIR> d-------- c:\programdata\{3276BE95_AF08_429F_A64F_CA64CB79BCF6}
2008-12-13 22:48 . 2008-12-13 22:49 <DIR> d-------- c:\program files\iTunes
2008-12-13 22:48 . 2008-12-13 22:48 <DIR> d-------- c:\program files\iPod
2008-12-13 22:42 . 2008-12-13 22:43 <DIR> d-------- c:\program files\Safari
2008-12-11 04:42 . 2008-12-11 04:42 <DIR> d-------- c:\program files\Alcohol Soft
2008-12-11 04:39 . 2008-12-17 00:53 717,296 --a------ c:\windows\System32\drivers\sptd.sys
2008-12-10 19:00 . 2008-10-21 17:22 2,048 --a------ c:\windows\System32\tzres.dll
2008-12-10 17:30 . 2008-10-20 21:25 296,960 --a------ c:\windows\System32\gdi32.dll
2008-12-04 22:07 . 2008-12-04 22:06 410,984 --a------ c:\windows\System32\deploytk.dll
2008-12-04 01:05 . 2008-12-04 01:05 <DIR> d-------- c:\program files\Sony Ericsson
2008-12-02 15:31 . 2008-10-16 13:13 1,809,944 --a------ c:\windows\System32\wuaueng.dll
2008-12-02 15:31 . 2008-10-16 12:56 1,524,736 --a------ c:\windows\System32\wucltux.dll
2008-12-02 15:31 . 2008-10-16 13:12 561,688 --a------ c:\windows\System32\wuapi.dll
2008-12-02 15:31 . 2008-10-16 12:55 83,456 --a------ c:\windows\System32\wudriver.dll
2008-12-02 15:31 . 2008-10-16 13:09 51,224 --a------ c:\windows\System32\wuauclt.exe
2008-12-02 15:31 . 2008-10-16 13:09 43,544 --a------ c:\windows\System32\wups2.dll
2008-12-02 15:31 . 2008-10-16 13:08 34,328 --a------ c:\windows\System32\wups.dll
2008-12-02 15:30 . 2008-10-16 14:08 162,064 --a------ c:\windows\System32\wuwebv.dll
2008-12-02 15:30 . 2008-10-16 13:56 31,232 --a------ c:\windows\System32\wuapp.exe
2008-11-25 15:03 . 2008-10-20 21:25 1,645,568 --a------ c:\windows\System32\connect.dll
2008-11-25 15:03 . 2008-08-27 19:40 712,704 --a------ c:\windows\System32\WindowsCodecs.dll
2008-11-25 15:03 . 2008-08-27 19:40 425,472 --a------ c:\windows\System32\PhotoMetadataHandler.dll
2008-11-25 15:03 . 2008-08-27 19:40 347,136 --a------ c:\windows\System32\WindowsCodecsExt.dll
2008-11-25 15:03 . 2008-10-21 19:57 241,152 --a------ c:\windows\System32\PortableDeviceApi.dll
.
(((((((((((((((((((((((((((((((((((((((( 在三個月內被修改的檔案 ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-12-18 14:36 --------- d-----w c:\program files\Norman
2008-12-14 06:51 --------- d-----w c:\users\USER\AppData\Roaming\MiniLyrics
2008-12-14 06:48 --------- d-----w c:\program files\Common Files\Apple
2008-12-11 03:26 --------- d-----w c:\program files\Windows Mail
2008-12-11 03:02 --------- d-----w c:\programdata\Microsoft Help
2008-12-05 06:06 --------- d-----w c:\program files\Java
2008-12-04 11:44 --------- d-----w c:\users\USER\AppData\Roaming\CyberLink
2008-12-04 11:44 --------- d-----w c:\programdata\CyberLink
2008-11-12 12:01 --------- d-----w c:\users\USER\AppData\Roaming\Ulead Systems
2008-11-12 11:35 --------- d--h--w c:\program files\InstallShield Installation Information
2008-11-12 11:33 --------- d-----w c:\program files\Common Files\Ulead Systems
2008-11-12 11:31 --------- d-----w c:\programdata\Ulead Systems
2008-11-12 11:31 --------- d-----w c:\program files\Corel
2008-11-06 09:39 --------- d-----w c:\program files\Apple Software Update
2008-11-06 09:33 --------- d-----w c:\program files\Bonjour
2008-11-06 09:31 --------- d-----w c:\users\USER\AppData\Roaming\Apple Computer
2008-11-06 09:31 --------- d-----w c:\programdata\Apple Computer
2008-11-06 09:28 --------- d-----w c:\programdata\Apple
2008-11-06 08:20 --------- d-----w c:\program files\Common Files\Adobe AIR
2008-11-06 08:18 --------- d-----w c:\program files\Common Files\Adobe
2008-11-06 05:34 --------- d-----w c:\program files\DVD Decrypter
2008-11-04 23:25 --------- d-----w c:\program files\Microsoft Silverlight
2008-11-01 03:44 541,696 ----a-w c:\windows\AppPatch\AcLayers.dll
2008-11-01 03:44 52,736 ----a-w c:\windows\AppPatch\iebrshim.dll
2008-11-01 03:44 460,288 ----a-w c:\windows\AppPatch\AcSpecfc.dll
2008-11-01 03:44 28,672 ----a-w c:\windows\System32\Apphlpdm.dll
2008-11-01 03:44 2,154,496 ----a-w c:\windows\AppPatch\AcGenral.dll
2008-11-01 03:44 173,056 ----a-w c:\windows\AppPatch\AcXtrnal.dll
2008-11-01 01:21 4,240,384 ----a-w c:\windows\System32\GameUXLegacyGDFs.dll
2008-10-29 06:29 2,927,104 ----a-w c:\windows\explorer.exe
2008-10-28 16:47 --------- d-----w c:\programdata\WindowsSearch
2008-10-19 08:22 --------- d-----w c:\program files\Gameone
2008-10-19 08:20 --------- d-----w c:\users\USER\AppData\Roaming\InstallShield
2008-10-19 05:03 --------- d-----w c:\users\USER\AppData\Roaming\Media Player Classic
2008-10-19 04:56 --------- d-----w c:\program files\Ringz Studio
2008-10-16 04:47 827,392 ----a-w c:\windows\System32\wininet.dll
2008-10-01 00:43 1,286,152 ----a-w c:\windows\System32\msxml4.dll
2008-09-25 02:02 174 --sha-w c:\program files\desktop.ini
2008-09-25 01:30 101,888 ----a-w c:\windows\System32\ifxcardm.dll
2008-09-25 01:29 82,432 ----a-w c:\windows\System32\axaltocm.dll
2008-09-22 18:41 269,312 ----a-w c:\windows\System32\es.dll
2008-09-22 11:18 61,440 ----a-w c:\windows\System32\winipsec.dll
2008-09-22 11:18 361,984 ----a-w c:\windows\System32\IPSECSVC.DLL
2008-09-22 11:18 28,672 ----a-w c:\windows\System32\FwRemoteSvr.dll
2008-09-22 11:18 272,896 ----a-w c:\windows\System32\polstore.dll
2008-09-22 11:16 2,560 ----a-w c:\windows\AppPatch\AcRes.dll
2008-09-22 11:16 1,695,744 ----a-w c:\windows\System32\gameux.dll
2008-09-22 11:08 303,616 ----a-w c:\windows\System32\wmpeffects.dll
2008-09-22 10:56 988,216 ----a-w c:\windows\System32\winload.exe
2008-09-22 10:56 927,288 ----a-w c:\windows\System32\winresume.exe
2008-09-22 10:56 615,992 ----a-w c:\windows\System32\ci.dll
2008-09-22 10:56 6,656 ----a-w c:\windows\System32\kbd106n.dll
2008-09-22 10:56 46,592 ----a-w c:\windows\System32\setbcdlocale.dll
2008-09-22 10:56 40,960 ----a-w c:\windows\System32\srclient.dll
2008-09-22 10:56 378,368 ----a-w c:\windows\System32\srcore.dll
2008-09-22 10:56 318,464 ----a-w c:\windows\System32\rstrui.exe
2008-09-22 10:56 19,000 ----a-w c:\windows\System32\kd1394.dll
2008-09-22 10:56 14,848 ----a-w c:\windows\System32\srdelayed.exe
2008-09-22 10:52 14,848 ----a-w c:\windows\System32\wshrm.dll
2008-09-22 10:51 84,480 ----a-w c:\windows\System32\INETRES.dll
2008-09-22 10:51 738,304 ----a-w c:\windows\System32\inetcomm.dll
2008-09-22 10:51 1,314,816 ----a-w c:\windows\System32\quartz.dll
2008-09-10 08:01 8 --sha-r c:\program files\IMAGE.DAT
.
((((((((((((((((((((((((((((((((((((( 重要登入點 ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*注意* 空白與合法缺省登錄將不會被顯示
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2008-01-18 1233920]
"MsnMsgr"="c:\program files\Windows Live\Messenger\MsnMsgr.Exe" [2007-10-17 5724184]
"Messenger (Yahoo!)"="c:\program files\Yahoo!\Messenger\YahooMessenger.exe" [2008-09-19 4347120]
"foxy"="c:\program files\Foxy\Foxy.exe" [2008-05-29 1160704]
"AlcoholAutomount"="c:\program files\Alcohol Soft\Alcohol 120\axcmd.exe" [2007-08-01 222592]
"DAEMON Tools Lite"="c:\program files\DAEMON Tools Lite\daemon.exe" [2008-12-10 216520]
"SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2008-12-04 1809648]
"WindowsWelcomeCenter"="oobefldr.dll" [2008-01-18 c:\windows\System32\oobefldr.dll]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ATSwpNav"="c:\program files\Fingerprint Sensor\ATSwpNav -run" [X]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2008-12-04 136600]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2007-06-14 894512]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2007-08-31 154392]
"Persistence"="c:\windows\system32\igfxpers.exe" [2007-08-31 138008]
"LVCOMSX"="c:\program files\Common Files\LogiShrd\LComMgr\LVComSX.exe" [2007-04-02 252704]
"LoadFUJ02E3"="c:\program files\Fujitsu\FUJ02E3\FUJ02E3.exe" [2006-11-16 80688]
"IndicatorUtility"="c:\program files\Fujitsu\Fujitsu Hotkey Utility\IndicatorUty.exe" [2006-11-06 97072]
"PSUtility"="c:\program files\Fujitsu\PSUtility\TrayManager.exe" [2006-10-30 136744]
"TvOutSwitch"="c:\program files\Fujitsu\DispSwitch\DispSwitchLauncher.exe" [2007-08-08 106496]
"LoadFujitsuQuickTouch"="c:\program files\Fujitsu\Application Panel\QuickTouch.exe" [2006-12-21 256816]
"LoadBtnHnd"="c:\program files\Fujitsu\BtnHnd\BtnHnd.exe" [2006-11-12 68400]
"RemoteControl"="c:\program files\CyberLink\PowerDVD\PDVDServ.exe" [2007-01-08 68640]
"LanguageShortcut"="c:\program files\CyberLink\PowerDVD\Language\Language.exe" [2007-01-08 52256]
"FJUPDNV_Chitose"="c:\program files\Fujitsu\updnavi\updatenv.exe" [2007-08-01 167936]
"Norman ZANDA"="c:\program files\Norman\Npm\bin\ZLH.EXE" [2008-06-01 273520]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2008-09-24 185872]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2008-06-12 34672]
"Ulead AutoDetector v2"="c:\program files\Common Files\Ulead Systems\AutoDetector\monitor.exe" [2007-08-02 95504]
"AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe" [2008-11-07 111936]
"QuickTime Task"="c:\program files\Ringz Studio\Storm Codec\QTTask.exe" [2008-11-04 413696]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2008-11-20 290088]
"RtHDVCpl"="RtHDVCpl.exe" [2007-06-20 c:\windows\RtHDVCpl.exe]
"Skytel"="Skytel.exe" [2007-06-15 c:\windows\SkyTel.exe]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
"PCDrProfiler"="c:\program files\Fujitsu Hardware Diagnostics Tool\RunProfiler.exe" [2007-04-05 73728]
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Bluetooth Manager.lnk - c:\program files\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe [2007-05-22 2756608]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2008-12-03 14:56 352256 c:\program files\SUPERAntiSpyware\SASWINLO.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"vidc.vp31"= vp31vfw.dll
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]
"{F135CAD3-578A-4782-80B1-531481510F5E}"= TCP:6004|c:\program files\Microsoft Office\Office12\outlook.exe:Microsoft Office Outlook
"{FA128471-99B5-4F9F-B79B-F497CC957A6F}"= c:\program files\CyberLink\PowerDVD\PowerDVD.EXE:CyberLink PowerDVD
"{73FB2A6D-E54C-482B-88EA-1EB9274792DF}"= c:\program files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
"{2F510EDE-1343-4A40-8E95-C96BADE2940C}"= UDP:c:\program files\Yahoo!\Messenger\YahooMessenger.exe:Yahoo! Messenger
"{D3023800-FBD5-4701-BF03-A930CF30E983}"= TCP:c:\program files\Yahoo!\Messenger\YahooMessenger.exe:Yahoo! Messenger
"TCP Query User{F461595A-BD1F-4C65-A8F7-8BA20CA402F1}c:\\program files\\foxy\\foxy.exe"= UDP:c:\program files\foxy\foxy.exe:Foxy Network Client Application
"UDP Query User{C06B5356-152B-462E-8346-9CEED13F9EFC}c:\\program files\\foxy\\foxy.exe"= TCP:c:\program files\foxy\foxy.exe:Foxy Network Client Application
"TCP Query User{2B4AB028-22DE-4462-979D-4AD02A721A07}c:\\program files\\flashget\\flashget.exe"= UDP:c:\program files\flashget\flashget.exe:FlashGet
"UDP Query User{C189D0A5-1ECD-4153-8F35-B94294D831BA}c:\\program files\\flashget\\flashget.exe"= TCP:c:\program files\flashget\flashget.exe:FlashGet
"TCP Query User{FA40062B-CD84-4B49-B854-E45B835A6D29}c:\\users\\user\\desktop\\from harddisk\\games*\\aoc\\age2_x1.exe"= UDP:c:\users\user\desktop\from harddisk\games*\aoc\age2_x1.exe:age2_x1.exe
"UDP Query User{FE65691A-38A5-4C72-BC08-7AC04D6D57DC}c:\\users\\user\\desktop\\from harddisk\\games*\\aoc\\age2_x1.exe"= TCP:c:\users\user\desktop\from harddisk\games*\aoc\age2_x1.exe:age2_x1.exe
"{70243F3F-DD0C-45FF-8E7D-3215A9DDA78A}"= UDP:c:\program files\Bonjour\mDNSResponder.exe:Bonjour
"{2657609A-80EF-4A45-825E-DD2A41529166}"= TCP:c:\program files\Bonjour\mDNSResponder.exe:Bonjour
"{D1290F56-CA90-4AAA-A9EA-60444722A0E3}"= UDP:c:\program files\iTunes\iTunes.exe:iTunes
"{D4FCE4AD-BBBC-4887-98D4-4C25BFF367FF}"= TCP:c:\program files\iTunes\iTunes.exe:iTunes
"{2778BEDE-554D-43DA-9D2A-EB4A58E369F3}"= UDP:c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe:SUPERAntiSpyware Free Edition
"{89E6CC6B-4C57-4D96-8927-595A20B9A9CA}"= TCP:c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe:SUPERAntiSpyware Free Edition
"{188162A4-D2F8-46B6-A1A5-A13FCB901275}"= UDP:c:\program files\SUPERAntiSpyware\RUNSAS.EXE:SUPERAntiSpyware Alternate Start
"{F807641E-6241-4376-9B4A-1360B3889D08}"= TCP:c:\program files\SUPERAntiSpyware\RUNSAS.EXE:SUPERAntiSpyware Alternate Start
"{8512C6E7-3699-4180-AFF0-0690DCE68FCD}"= UDP:c:\program files\Malwarebytes' Anti-Malware\mbam.exe:Malwarebytes' Anti-Malware
"{C48CA629-E50A-4866-B943-6E79F93B85F3}"= TCP:c:\program files\Malwarebytes' Anti-Malware\mbam.exe:Malwarebytes' Anti-Malware
R0 O2MDRDR;O2MDRDR;c:\windows\system32\DRIVERS\o2media.sys [2006-10-02 36640]
R0 O2SDRDR;O2SDRDR;c:\windows\system32\DRIVERS\o2sd.sys [2007-05-11 35456]
R1 SASDIFSV;SASDIFSV;\??\c:\program files\SUPERAntiSpyware\SASDIFSV.SYS [2008-12-04 8944]
R1 SASKUTIL;SASKUTIL;\??\c:\program files\SUPERAntiSpyware\SASKUTIL.sys [2008-12-04 55024]
R2 FJSPA;FJSPA;\??\c:\program files\Fujitsu\FJSPA\FJSPA.sys [2006-12-07 17712]
R2 Ndiskio;Ndiskio;\??\c:\program files\Norman\Nse\bin\NDISKIO.SYS [2008-09-22 20448]
R2 PowerSavingUtilityService;PowerSavingUtilityService;c:\program files\Fujitsu\PSUtility\PSUService.exe [2006-10-30 63016]
R2 UpdateNaviInstallService;UpdateNaviInstallService;c:\program files\Fujitsu\updnavi\updnvsrv.exe [2007-08-01 11264]
R3 FUJ02E3;Fujitsu FUJ02E3 Device Driver;c:\windows\system32\DRIVERS\FUJ02E3.sys [2007-10-08 5632]
R3 SASENUM;SASENUM;\??\c:\program files\SUPERAntiSpyware\SASENUM.SYS [2008-12-04 7408]
S2 LvIBTSvr;Logitech IBT Service;"c:\program files\Common Files\LogiShrd\LvIBTSvr\LvIBTSvr.exe" [2007-04-02 76576]
S3 nsesvc;Norman Scanner Engine Service;"c:\program files\Norman\nse\bin\NSESVC.EXE" -daemon [2008-09-22 322616]
S3 NvcMFlt;NvcMFlt;c:\windows\system32\DRIVERS\nvcv32mf.sys [2008-09-22 19512]
S3 nvcoas;Norman Virus Control on-access component;"c:\program files\Norman\Nvc\bin\nvcoas.exe" [2008-09-22 183352]
S3 NVCScheduler;Norman Virus Control Scheduler;c:\program files\Norman\Nvc\BIN\NVCSCHED.EXE [2008-09-22 146488]
S3 SMSCIRDA;SMSC 紅外線裝置驅動程式;c:\windows\system32\DRIVERS\SMSCirda.sys [2006-11-02 30720]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceNoNetwork REG_MULTI_SZ PLA DPS BFE mpssvc
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{4d396ceb-b6cb-11dd-8fac-00037a853c5e}]
\shell\AutoRun\command - F:\Launch.exe
*Newly Created Service* - CATCHME
*Newly Created Service* - PROCEXP90
.
.
------- 而外的掃描 -------
.
uStart Page = hxxp://hk.yahoo.com/
uInternet Settings,ProxyOverride = *.local
IE: &Download All with FlashGet - c:\program files\FlashGet\jc_all.htm
IE: &Download with FlashGet - c:\program files\FlashGet\jc_link.htm
IE: Foxy 下載 - c:\program files\Foxy\Foxy.exe/download.htm
IE: Foxy 搜尋 - c:\program files\Foxy\Foxy.exe/search.htm
IE: 匯出至 Microsoft Excel(&X) - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
FF - ProfilePath - c:\users\USER\AppData\Roaming\Mozilla\Firefox\Profiles\rhy7eqjo.default\
FF - prefs.js: browser.search.defaulturl - hxxp://www.google.com/search?lr=&ie=UTF-8&oe=UTF-8&q=
FF - prefs.js: browser.search.selectedEngine - Wikipedia (Eng)
FF - prefs.js: browser.startup.homepage - hxxp://hk.yahoo.com
FF - component: c:\program files\Mozilla Firefox\components\iamfamous.dll
FF - plugin: c:\program files\Microsoft Silverlight\2.0.31005.0\npctrl.dll
FF - plugin: c:\program files\Yahoo!\Shared\npYState.dll
ATTENTION: FIREFOX POLICES IS IN FORCE
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.rights.version", 3);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.rights.3.shown", false);
c:\program files\Mozilla Firefox\defaults\profile\foxy.js - user_pref("network.protocol-handler.external.foxy", true);
c:\program files\Mozilla Firefox\defaults\profile\foxy.js - user_pref("network.protocol-handler.warn-external.foxy", false);
c:\program files\Mozilla Firefox\defaults\profile\foxy.js - user_pref("network.protocol-handler.expose.foxy", true);
c:\program files\Mozilla Firefox\defaults\profile\foxy.js - user_pref("general.useragent.extra.foxy1", "Foxy/1");
.
**************************************************************************
catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-12-18 18:10:21
Windows 6.0.6001 Service Pack 1 NTFS
掃描被隱藏的進程。。。 ...
掃描被隱藏的啟動組。。。
掃描被隱藏的文件。。。
掃描完成
被隱藏的檔案: 0
**************************************************************************
.
完成時間: 2008-12-18 18:11:48
ComboFix-quarantined-files.txt 2008-12-19 02:11:45
Pre-Run: 40,416,026,624 位元組可用
Post-Run: 40,575,315,968 位元組可用
265 --- E O F --- 2008-12-18 14:33:52
執行位置: c:\users\USER\Downloads\Foxy\ComboFix.exe
* 成功創造新還原點
.
((((((((((((((((((((((((((((((((((((((( 被刪除的檔案 )))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\program files\Mozilla Firefox\components\iamfamous.dll
C:\resycled
c:\resycled\boot.com
D:\resycled
d:\resycled\boot.com
.
((((((((((((((((((((((((( 2008-11-19 至 2008-12-19 的新的檔案 )))))))))))))))))))))))))))))))
.
2008-12-18 08:11 . 2008-12-18 08:11 <DIR> d-------- c:\users\USER\AppData\Roaming\Malwarebytes
2008-12-18 08:11 . 2008-12-18 08:11 <DIR> d-------- c:\users\All Users\Malwarebytes
2008-12-18 08:11 . 2008-12-18 08:11 <DIR> d-------- c:\programdata\Malwarebytes
2008-12-18 08:11 . 2008-12-18 08:11 <DIR> d-------- c:\program files\Malwarebytes' Anti-Malware
2008-12-18 08:11 . 2008-12-03 19:59 38,496 --a------ c:\windows\System32\drivers\mbamswissarmy.sys
2008-12-18 08:11 . 2008-12-03 19:59 15,504 --a------ c:\windows\System32\drivers\mbam.sys
2008-12-18 06:31 . 2008-12-18 07:48 <DIR> d-------- c:\users\All Users\Lavasoft
2008-12-18 06:31 . 2008-12-18 07:48 <DIR> d-------- c:\programdata\Lavasoft
2008-12-18 05:42 . 2008-12-18 05:42 <DIR> d-------- c:\users\USER\AppData\Roaming\SUPERAntiSpyware.com
2008-12-18 05:42 . 2008-12-18 05:42 <DIR> d-------- c:\users\All Users\SUPERAntiSpyware.com
2008-12-18 05:42 . 2008-12-18 05:42 <DIR> d-------- c:\programdata\SUPERAntiSpyware.com
2008-12-18 05:42 . 2008-12-18 05:42 <DIR> d-------- c:\program files\SUPERAntiSpyware
2008-12-18 05:39 . 2008-12-18 07:48 <DIR> d-------- c:\program files\Common Files\Wise Installation Wizard
2008-12-18 05:29 . 2008-12-18 05:29 <DIR> d-------- c:\program files\VS Revo Group
2008-12-17 01:31 . 2008-12-17 01:31 <DIR> d-------- c:\users\USER\AppData\Roaming\DAEMON Tools
2008-12-17 01:31 . 2008-12-17 01:31 295 --a------ C:\電腦 - 捷徑.lnk
2008-12-17 01:30 . 2008-12-17 01:32 <DIR> d-------- c:\users\USER\AppData\Roaming\DAEMON Tools Lite
2008-12-17 01:30 . 2008-12-17 01:30 <DIR> d-------- c:\users\All Users\DAEMON Tools Lite
2008-12-17 01:30 . 2008-12-17 01:30 <DIR> d-------- c:\programdata\DAEMON Tools Lite
2008-12-17 01:30 . 2008-12-18 04:58 <DIR> d-------- c:\program files\DAEMON Tools Toolbar
2008-12-17 01:30 . 2008-12-17 01:30 <DIR> d-------- c:\program files\DAEMON Tools Lite
2008-12-17 01:20 . 2008-12-17 15:20 <DIR> d-------- c:\program files\DAEMON Tools Pro
2008-12-17 00:53 . 2008-12-17 01:31 <DIR> d-------- c:\users\USER\AppData\Roaming\DAEMON Tools Pro
2008-12-13 22:48 . 2008-12-13 22:49 <DIR> d-------- c:\users\All Users\{3276BE95_AF08_429F_A64F_CA64CB79BCF6}
2008-12-13 22:48 . 2008-12-13 22:49 <DIR> d-------- c:\programdata\{3276BE95_AF08_429F_A64F_CA64CB79BCF6}
2008-12-13 22:48 . 2008-12-13 22:49 <DIR> d-------- c:\program files\iTunes
2008-12-13 22:48 . 2008-12-13 22:48 <DIR> d-------- c:\program files\iPod
2008-12-13 22:42 . 2008-12-13 22:43 <DIR> d-------- c:\program files\Safari
2008-12-11 04:42 . 2008-12-11 04:42 <DIR> d-------- c:\program files\Alcohol Soft
2008-12-11 04:39 . 2008-12-17 00:53 717,296 --a------ c:\windows\System32\drivers\sptd.sys
2008-12-10 19:00 . 2008-10-21 17:22 2,048 --a------ c:\windows\System32\tzres.dll
2008-12-10 17:30 . 2008-10-20 21:25 296,960 --a------ c:\windows\System32\gdi32.dll
2008-12-04 22:07 . 2008-12-04 22:06 410,984 --a------ c:\windows\System32\deploytk.dll
2008-12-04 01:05 . 2008-12-04 01:05 <DIR> d-------- c:\program files\Sony Ericsson
2008-12-02 15:31 . 2008-10-16 13:13 1,809,944 --a------ c:\windows\System32\wuaueng.dll
2008-12-02 15:31 . 2008-10-16 12:56 1,524,736 --a------ c:\windows\System32\wucltux.dll
2008-12-02 15:31 . 2008-10-16 13:12 561,688 --a------ c:\windows\System32\wuapi.dll
2008-12-02 15:31 . 2008-10-16 12:55 83,456 --a------ c:\windows\System32\wudriver.dll
2008-12-02 15:31 . 2008-10-16 13:09 51,224 --a------ c:\windows\System32\wuauclt.exe
2008-12-02 15:31 . 2008-10-16 13:09 43,544 --a------ c:\windows\System32\wups2.dll
2008-12-02 15:31 . 2008-10-16 13:08 34,328 --a------ c:\windows\System32\wups.dll
2008-12-02 15:30 . 2008-10-16 14:08 162,064 --a------ c:\windows\System32\wuwebv.dll
2008-12-02 15:30 . 2008-10-16 13:56 31,232 --a------ c:\windows\System32\wuapp.exe
2008-11-25 15:03 . 2008-10-20 21:25 1,645,568 --a------ c:\windows\System32\connect.dll
2008-11-25 15:03 . 2008-08-27 19:40 712,704 --a------ c:\windows\System32\WindowsCodecs.dll
2008-11-25 15:03 . 2008-08-27 19:40 425,472 --a------ c:\windows\System32\PhotoMetadataHandler.dll
2008-11-25 15:03 . 2008-08-27 19:40 347,136 --a------ c:\windows\System32\WindowsCodecsExt.dll
2008-11-25 15:03 . 2008-10-21 19:57 241,152 --a------ c:\windows\System32\PortableDeviceApi.dll
.
(((((((((((((((((((((((((((((((((((((((( 在三個月內被修改的檔案 ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-12-18 14:36 --------- d-----w c:\program files\Norman
2008-12-14 06:51 --------- d-----w c:\users\USER\AppData\Roaming\MiniLyrics
2008-12-14 06:48 --------- d-----w c:\program files\Common Files\Apple
2008-12-11 03:26 --------- d-----w c:\program files\Windows Mail
2008-12-11 03:02 --------- d-----w c:\programdata\Microsoft Help
2008-12-05 06:06 --------- d-----w c:\program files\Java
2008-12-04 11:44 --------- d-----w c:\users\USER\AppData\Roaming\CyberLink
2008-12-04 11:44 --------- d-----w c:\programdata\CyberLink
2008-11-12 12:01 --------- d-----w c:\users\USER\AppData\Roaming\Ulead Systems
2008-11-12 11:35 --------- d--h--w c:\program files\InstallShield Installation Information
2008-11-12 11:33 --------- d-----w c:\program files\Common Files\Ulead Systems
2008-11-12 11:31 --------- d-----w c:\programdata\Ulead Systems
2008-11-12 11:31 --------- d-----w c:\program files\Corel
2008-11-06 09:39 --------- d-----w c:\program files\Apple Software Update
2008-11-06 09:33 --------- d-----w c:\program files\Bonjour
2008-11-06 09:31 --------- d-----w c:\users\USER\AppData\Roaming\Apple Computer
2008-11-06 09:31 --------- d-----w c:\programdata\Apple Computer
2008-11-06 09:28 --------- d-----w c:\programdata\Apple
2008-11-06 08:20 --------- d-----w c:\program files\Common Files\Adobe AIR
2008-11-06 08:18 --------- d-----w c:\program files\Common Files\Adobe
2008-11-06 05:34 --------- d-----w c:\program files\DVD Decrypter
2008-11-04 23:25 --------- d-----w c:\program files\Microsoft Silverlight
2008-11-01 03:44 541,696 ----a-w c:\windows\AppPatch\AcLayers.dll
2008-11-01 03:44 52,736 ----a-w c:\windows\AppPatch\iebrshim.dll
2008-11-01 03:44 460,288 ----a-w c:\windows\AppPatch\AcSpecfc.dll
2008-11-01 03:44 28,672 ----a-w c:\windows\System32\Apphlpdm.dll
2008-11-01 03:44 2,154,496 ----a-w c:\windows\AppPatch\AcGenral.dll
2008-11-01 03:44 173,056 ----a-w c:\windows\AppPatch\AcXtrnal.dll
2008-11-01 01:21 4,240,384 ----a-w c:\windows\System32\GameUXLegacyGDFs.dll
2008-10-29 06:29 2,927,104 ----a-w c:\windows\explorer.exe
2008-10-28 16:47 --------- d-----w c:\programdata\WindowsSearch
2008-10-19 08:22 --------- d-----w c:\program files\Gameone
2008-10-19 08:20 --------- d-----w c:\users\USER\AppData\Roaming\InstallShield
2008-10-19 05:03 --------- d-----w c:\users\USER\AppData\Roaming\Media Player Classic
2008-10-19 04:56 --------- d-----w c:\program files\Ringz Studio
2008-10-16 04:47 827,392 ----a-w c:\windows\System32\wininet.dll
2008-10-01 00:43 1,286,152 ----a-w c:\windows\System32\msxml4.dll
2008-09-25 02:02 174 --sha-w c:\program files\desktop.ini
2008-09-25 01:30 101,888 ----a-w c:\windows\System32\ifxcardm.dll
2008-09-25 01:29 82,432 ----a-w c:\windows\System32\axaltocm.dll
2008-09-22 18:41 269,312 ----a-w c:\windows\System32\es.dll
2008-09-22 11:18 61,440 ----a-w c:\windows\System32\winipsec.dll
2008-09-22 11:18 361,984 ----a-w c:\windows\System32\IPSECSVC.DLL
2008-09-22 11:18 28,672 ----a-w c:\windows\System32\FwRemoteSvr.dll
2008-09-22 11:18 272,896 ----a-w c:\windows\System32\polstore.dll
2008-09-22 11:16 2,560 ----a-w c:\windows\AppPatch\AcRes.dll
2008-09-22 11:16 1,695,744 ----a-w c:\windows\System32\gameux.dll
2008-09-22 11:08 303,616 ----a-w c:\windows\System32\wmpeffects.dll
2008-09-22 10:56 988,216 ----a-w c:\windows\System32\winload.exe
2008-09-22 10:56 927,288 ----a-w c:\windows\System32\winresume.exe
2008-09-22 10:56 615,992 ----a-w c:\windows\System32\ci.dll
2008-09-22 10:56 6,656 ----a-w c:\windows\System32\kbd106n.dll
2008-09-22 10:56 46,592 ----a-w c:\windows\System32\setbcdlocale.dll
2008-09-22 10:56 40,960 ----a-w c:\windows\System32\srclient.dll
2008-09-22 10:56 378,368 ----a-w c:\windows\System32\srcore.dll
2008-09-22 10:56 318,464 ----a-w c:\windows\System32\rstrui.exe
2008-09-22 10:56 19,000 ----a-w c:\windows\System32\kd1394.dll
2008-09-22 10:56 14,848 ----a-w c:\windows\System32\srdelayed.exe
2008-09-22 10:52 14,848 ----a-w c:\windows\System32\wshrm.dll
2008-09-22 10:51 84,480 ----a-w c:\windows\System32\INETRES.dll
2008-09-22 10:51 738,304 ----a-w c:\windows\System32\inetcomm.dll
2008-09-22 10:51 1,314,816 ----a-w c:\windows\System32\quartz.dll
2008-09-10 08:01 8 --sha-r c:\program files\IMAGE.DAT
.
((((((((((((((((((((((((((((((((((((( 重要登入點 ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*注意* 空白與合法缺省登錄將不會被顯示
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2008-01-18 1233920]
"MsnMsgr"="c:\program files\Windows Live\Messenger\MsnMsgr.Exe" [2007-10-17 5724184]
"Messenger (Yahoo!)"="c:\program files\Yahoo!\Messenger\YahooMessenger.exe" [2008-09-19 4347120]
"foxy"="c:\program files\Foxy\Foxy.exe" [2008-05-29 1160704]
"AlcoholAutomount"="c:\program files\Alcohol Soft\Alcohol 120\axcmd.exe" [2007-08-01 222592]
"DAEMON Tools Lite"="c:\program files\DAEMON Tools Lite\daemon.exe" [2008-12-10 216520]
"SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2008-12-04 1809648]
"WindowsWelcomeCenter"="oobefldr.dll" [2008-01-18 c:\windows\System32\oobefldr.dll]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ATSwpNav"="c:\program files\Fingerprint Sensor\ATSwpNav -run" [X]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2008-12-04 136600]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2007-06-14 894512]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2007-08-31 154392]
"Persistence"="c:\windows\system32\igfxpers.exe" [2007-08-31 138008]
"LVCOMSX"="c:\program files\Common Files\LogiShrd\LComMgr\LVComSX.exe" [2007-04-02 252704]
"LoadFUJ02E3"="c:\program files\Fujitsu\FUJ02E3\FUJ02E3.exe" [2006-11-16 80688]
"IndicatorUtility"="c:\program files\Fujitsu\Fujitsu Hotkey Utility\IndicatorUty.exe" [2006-11-06 97072]
"PSUtility"="c:\program files\Fujitsu\PSUtility\TrayManager.exe" [2006-10-30 136744]
"TvOutSwitch"="c:\program files\Fujitsu\DispSwitch\DispSwitchLauncher.exe" [2007-08-08 106496]
"LoadFujitsuQuickTouch"="c:\program files\Fujitsu\Application Panel\QuickTouch.exe" [2006-12-21 256816]
"LoadBtnHnd"="c:\program files\Fujitsu\BtnHnd\BtnHnd.exe" [2006-11-12 68400]
"RemoteControl"="c:\program files\CyberLink\PowerDVD\PDVDServ.exe" [2007-01-08 68640]
"LanguageShortcut"="c:\program files\CyberLink\PowerDVD\Language\Language.exe" [2007-01-08 52256]
"FJUPDNV_Chitose"="c:\program files\Fujitsu\updnavi\updatenv.exe" [2007-08-01 167936]
"Norman ZANDA"="c:\program files\Norman\Npm\bin\ZLH.EXE" [2008-06-01 273520]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2008-09-24 185872]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2008-06-12 34672]
"Ulead AutoDetector v2"="c:\program files\Common Files\Ulead Systems\AutoDetector\monitor.exe" [2007-08-02 95504]
"AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe" [2008-11-07 111936]
"QuickTime Task"="c:\program files\Ringz Studio\Storm Codec\QTTask.exe" [2008-11-04 413696]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2008-11-20 290088]
"RtHDVCpl"="RtHDVCpl.exe" [2007-06-20 c:\windows\RtHDVCpl.exe]
"Skytel"="Skytel.exe" [2007-06-15 c:\windows\SkyTel.exe]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
"PCDrProfiler"="c:\program files\Fujitsu Hardware Diagnostics Tool\RunProfiler.exe" [2007-04-05 73728]
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Bluetooth Manager.lnk - c:\program files\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe [2007-05-22 2756608]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2008-12-03 14:56 352256 c:\program files\SUPERAntiSpyware\SASWINLO.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"vidc.vp31"= vp31vfw.dll
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]
"{F135CAD3-578A-4782-80B1-531481510F5E}"= TCP:6004|c:\program files\Microsoft Office\Office12\outlook.exe:Microsoft Office Outlook
"{FA128471-99B5-4F9F-B79B-F497CC957A6F}"= c:\program files\CyberLink\PowerDVD\PowerDVD.EXE:CyberLink PowerDVD
"{73FB2A6D-E54C-482B-88EA-1EB9274792DF}"= c:\program files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
"{2F510EDE-1343-4A40-8E95-C96BADE2940C}"= UDP:c:\program files\Yahoo!\Messenger\YahooMessenger.exe:Yahoo! Messenger
"{D3023800-FBD5-4701-BF03-A930CF30E983}"= TCP:c:\program files\Yahoo!\Messenger\YahooMessenger.exe:Yahoo! Messenger
"TCP Query User{F461595A-BD1F-4C65-A8F7-8BA20CA402F1}c:\\program files\\foxy\\foxy.exe"= UDP:c:\program files\foxy\foxy.exe:Foxy Network Client Application
"UDP Query User{C06B5356-152B-462E-8346-9CEED13F9EFC}c:\\program files\\foxy\\foxy.exe"= TCP:c:\program files\foxy\foxy.exe:Foxy Network Client Application
"TCP Query User{2B4AB028-22DE-4462-979D-4AD02A721A07}c:\\program files\\flashget\\flashget.exe"= UDP:c:\program files\flashget\flashget.exe:FlashGet
"UDP Query User{C189D0A5-1ECD-4153-8F35-B94294D831BA}c:\\program files\\flashget\\flashget.exe"= TCP:c:\program files\flashget\flashget.exe:FlashGet
"TCP Query User{FA40062B-CD84-4B49-B854-E45B835A6D29}c:\\users\\user\\desktop\\from harddisk\\games*\\aoc\\age2_x1.exe"= UDP:c:\users\user\desktop\from harddisk\games*\aoc\age2_x1.exe:age2_x1.exe
"UDP Query User{FE65691A-38A5-4C72-BC08-7AC04D6D57DC}c:\\users\\user\\desktop\\from harddisk\\games*\\aoc\\age2_x1.exe"= TCP:c:\users\user\desktop\from harddisk\games*\aoc\age2_x1.exe:age2_x1.exe
"{70243F3F-DD0C-45FF-8E7D-3215A9DDA78A}"= UDP:c:\program files\Bonjour\mDNSResponder.exe:Bonjour
"{2657609A-80EF-4A45-825E-DD2A41529166}"= TCP:c:\program files\Bonjour\mDNSResponder.exe:Bonjour
"{D1290F56-CA90-4AAA-A9EA-60444722A0E3}"= UDP:c:\program files\iTunes\iTunes.exe:iTunes
"{D4FCE4AD-BBBC-4887-98D4-4C25BFF367FF}"= TCP:c:\program files\iTunes\iTunes.exe:iTunes
"{2778BEDE-554D-43DA-9D2A-EB4A58E369F3}"= UDP:c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe:SUPERAntiSpyware Free Edition
"{89E6CC6B-4C57-4D96-8927-595A20B9A9CA}"= TCP:c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe:SUPERAntiSpyware Free Edition
"{188162A4-D2F8-46B6-A1A5-A13FCB901275}"= UDP:c:\program files\SUPERAntiSpyware\RUNSAS.EXE:SUPERAntiSpyware Alternate Start
"{F807641E-6241-4376-9B4A-1360B3889D08}"= TCP:c:\program files\SUPERAntiSpyware\RUNSAS.EXE:SUPERAntiSpyware Alternate Start
"{8512C6E7-3699-4180-AFF0-0690DCE68FCD}"= UDP:c:\program files\Malwarebytes' Anti-Malware\mbam.exe:Malwarebytes' Anti-Malware
"{C48CA629-E50A-4866-B943-6E79F93B85F3}"= TCP:c:\program files\Malwarebytes' Anti-Malware\mbam.exe:Malwarebytes' Anti-Malware
R0 O2MDRDR;O2MDRDR;c:\windows\system32\DRIVERS\o2media.sys [2006-10-02 36640]
R0 O2SDRDR;O2SDRDR;c:\windows\system32\DRIVERS\o2sd.sys [2007-05-11 35456]
R1 SASDIFSV;SASDIFSV;\??\c:\program files\SUPERAntiSpyware\SASDIFSV.SYS [2008-12-04 8944]
R1 SASKUTIL;SASKUTIL;\??\c:\program files\SUPERAntiSpyware\SASKUTIL.sys [2008-12-04 55024]
R2 FJSPA;FJSPA;\??\c:\program files\Fujitsu\FJSPA\FJSPA.sys [2006-12-07 17712]
R2 Ndiskio;Ndiskio;\??\c:\program files\Norman\Nse\bin\NDISKIO.SYS [2008-09-22 20448]
R2 PowerSavingUtilityService;PowerSavingUtilityService;c:\program files\Fujitsu\PSUtility\PSUService.exe [2006-10-30 63016]
R2 UpdateNaviInstallService;UpdateNaviInstallService;c:\program files\Fujitsu\updnavi\updnvsrv.exe [2007-08-01 11264]
R3 FUJ02E3;Fujitsu FUJ02E3 Device Driver;c:\windows\system32\DRIVERS\FUJ02E3.sys [2007-10-08 5632]
R3 SASENUM;SASENUM;\??\c:\program files\SUPERAntiSpyware\SASENUM.SYS [2008-12-04 7408]
S2 LvIBTSvr;Logitech IBT Service;"c:\program files\Common Files\LogiShrd\LvIBTSvr\LvIBTSvr.exe" [2007-04-02 76576]
S3 nsesvc;Norman Scanner Engine Service;"c:\program files\Norman\nse\bin\NSESVC.EXE" -daemon [2008-09-22 322616]
S3 NvcMFlt;NvcMFlt;c:\windows\system32\DRIVERS\nvcv32mf.sys [2008-09-22 19512]
S3 nvcoas;Norman Virus Control on-access component;"c:\program files\Norman\Nvc\bin\nvcoas.exe" [2008-09-22 183352]
S3 NVCScheduler;Norman Virus Control Scheduler;c:\program files\Norman\Nvc\BIN\NVCSCHED.EXE [2008-09-22 146488]
S3 SMSCIRDA;SMSC 紅外線裝置驅動程式;c:\windows\system32\DRIVERS\SMSCirda.sys [2006-11-02 30720]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceNoNetwork REG_MULTI_SZ PLA DPS BFE mpssvc
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{4d396ceb-b6cb-11dd-8fac-00037a853c5e}]
\shell\AutoRun\command - F:\Launch.exe
*Newly Created Service* - CATCHME
*Newly Created Service* - PROCEXP90
.
.
------- 而外的掃描 -------
.
uStart Page = hxxp://hk.yahoo.com/
uInternet Settings,ProxyOverride = *.local
IE: &Download All with FlashGet - c:\program files\FlashGet\jc_all.htm
IE: &Download with FlashGet - c:\program files\FlashGet\jc_link.htm
IE: Foxy 下載 - c:\program files\Foxy\Foxy.exe/download.htm
IE: Foxy 搜尋 - c:\program files\Foxy\Foxy.exe/search.htm
IE: 匯出至 Microsoft Excel(&X) - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
FF - ProfilePath - c:\users\USER\AppData\Roaming\Mozilla\Firefox\Profiles\rhy7eqjo.default\
FF - prefs.js: browser.search.defaulturl - hxxp://www.google.com/search?lr=&ie=UTF-8&oe=UTF-8&q=
FF - prefs.js: browser.search.selectedEngine - Wikipedia (Eng)
FF - prefs.js: browser.startup.homepage - hxxp://hk.yahoo.com
FF - component: c:\program files\Mozilla Firefox\components\iamfamous.dll
FF - plugin: c:\program files\Microsoft Silverlight\2.0.31005.0\npctrl.dll
FF - plugin: c:\program files\Yahoo!\Shared\npYState.dll
ATTENTION: FIREFOX POLICES IS IN FORCE
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.rights.version", 3);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.rights.3.shown", false);
c:\program files\Mozilla Firefox\defaults\profile\foxy.js - user_pref("network.protocol-handler.external.foxy", true);
c:\program files\Mozilla Firefox\defaults\profile\foxy.js - user_pref("network.protocol-handler.warn-external.foxy", false);
c:\program files\Mozilla Firefox\defaults\profile\foxy.js - user_pref("network.protocol-handler.expose.foxy", true);
c:\program files\Mozilla Firefox\defaults\profile\foxy.js - user_pref("general.useragent.extra.foxy1", "Foxy/1");
.
**************************************************************************
catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-12-18 18:10:21
Windows 6.0.6001 Service Pack 1 NTFS
掃描被隱藏的進程。。。 ...
掃描被隱藏的啟動組。。。
掃描被隱藏的文件。。。
掃描完成
被隱藏的檔案: 0
**************************************************************************
.
完成時間: 2008-12-18 18:11:48
ComboFix-quarantined-files.txt 2008-12-19 02:11:45
Pre-Run: 40,416,026,624 位元組可用
Post-Run: 40,575,315,968 位元組可用
265 --- E O F --- 2008-12-18 14:33:52
Hello
Please download the OTMoveIt3 by OldTimer or from here.
Please download ATF Cleaner by Atribune.
Please download Malwarebytes' Anti-Malware from Here or Here
Double Click mbam-setup.exe to install the application.
If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process,if asked to restart the computer,please do so immediatly.
Go to Kaspersky website and perform an online antivirus scan.
Please download the OTMoveIt3 by OldTimer or from here.
- Save it to your desktop.
- Please double-click OTMoveIt3.exe to run it. (Note: If you are running on Vista, right-click on the file and choose Run As Administrator).
- Copy the lines in the codebox below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose Copy):CODE:Processes
explorer.exe
:Services
:Reg
[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{4d396ceb-b6cb-11dd-8fac-00037a853c5e}]
:Files
:Commands
[purity]
[emptytemp]
[start explorer]
[Reboot] - Return to OTMoveIt3, right click in the "Paste Instructions for Items to be Moved" window (under the yellow bar) and choose Paste.
- Click the red Moveit! button.
- Copy everything in the Results window (under the green bar) to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose copy), and paste it in your next reply.
- Close OTMoveIt3
Please download ATF Cleaner by Atribune.
- Double-click ATF-Cleaner.exe to run the program.
Under Main choose: Select All
Click the Empty Selected button.
- Click Firefox at the top and choose: Select All
Click the Empty Selected button.
NOTE: If you would like to keep your saved passwords, please click No at the prompt.
- Click Opera at the top and choose: Select All
Click the Empty Selected button.
NOTE: If you would like to keep your saved passwords, please click No at the prompt.
Please download Malwarebytes' Anti-Malware from Here or Here
Double Click mbam-setup.exe to install the application.
- Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
- If an update is found, it will download and install the latest version.
- Once the program has loaded, select "Perform Quick Scan", then click Scan.
- The scan may take some time to finish,so please be patient.
- When the scan is complete, click OK, then Show Results to view the results.
- Make sure that everything is checked, and click Remove Selected.
- When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
- The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
- Copy&Paste the entire report in your next reply.
If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process,if asked to restart the computer,please do so immediatly.
Go to Kaspersky website and perform an online antivirus scan.
- Read through the requirements and privacy statement and click on Accept button.
- It will start downloading and installing the scanner and virus definitions. You will be prompted to install an application from Kaspersky. Click Run.
- When the downloads have finished, click on Settings.
- Make sure these boxes are checked (ticked). If they are not, please tick them and click on the Save button:
- Spyware, Adware, Dialers, and other potentially dangerous programs
Archives
Mail databases - Click on My Computer under Scan.
- Once the scan is complete, it will display the results. Click on View Scan Report.
- You will see a list of infected items there. Click on Save Report As....
- Save this report to a convenient place. Change the Files of type to Text file (.txt) before clicking on the Save button. Then post it here.
Due to lack of feedback, this topic has been closed.
If you need this topic reopened, please contact a staff member. This applies only to the original topic starter.
Everyone else please begin a New Topic.
Thank You !
If you need this topic reopened, please contact a staff member. This applies only to the original topic starter.
Everyone else please begin a New Topic.
Thank You !
This is a "lo-fi" version of our main content. To view the full version with more information, formatting and images, please click here.