廣告廣告
  加入我的最愛 設為首頁 風格修改
首頁 首尾
 手機版   訂閱   地圖  簡體 
您是第 15541 個閱讀者
 
<<   1   2   3   4   5  下頁 >>(共 6 頁)
發表文章 發表投票 回覆文章
  可列印版   加為IE收藏   收藏主題   上一主題 | 下一主題   
Rich0401
數位造型
個人文章 個人相簿 個人日記 個人地圖
小人物
級別: 小人物 該用戶目前不上站
推文 x1 鮮花 x28
分享: 轉寄此文章 Facebook Plurk Twitter 複製連結到剪貼簿 轉換為繁體 轉換為簡體 載入圖片
推文 x0
[問題討論] 開機五分鐘即死當,而且每次音效都要重驅

開機五分鐘即死當,而且每次音效都要重驅,

附上hijack和SREng報告,請各位大大幫忙,感溫吶~

---------------------------------------------
Logfile of HijackThis v1.99.1
Scan saved at 上午 08:48:41, on 2007/4/2
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Trend Micro\OfficeScan Client\pccntmon.exe
C:\WINDOWS\System32\PDesk\PDesk.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\WINDOWS\System32\ctfmon.exe
C:\Program Files\Trend Micro\OfficeScan Client\Pop3Trap.exe
C:\Program Files\Common Files\Microsoft

Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\System32\mgabg.exe
C:\Program Files\Trend Micro\OfficeScan Client\ntrtscan.exe
C:\Program Files\Trend Micro\OfficeScan Client\OfcPfwSvc.exe
C:\PROGRA~1\Agnitum\OUTPOS~1.0\outpost.exe
C:\Program Files\Trend Micro\OfficeScan Client\tmlisten.exe
E:\soft\卡巴斯基移除\sreng2\SREng.EXE
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\TEMP\GA54BE.EXE
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\WINDOWS\System32\wuauclt.exe
E:\soft\卡巴斯基移除\HijackThis.exe
C:\WINDOWS\System32\wuauclt.exe

O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-

784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0

\ActiveX\AcroIEHelper.dll
O2 - BHO: Info cache - {385AB8C6-FB22-4D17-8834-064E2BA0A6F0}

- C:\Documents and Settings\All Users\Application

Data\Microsoft\PCTools\pctools.dll (file missing)
O3 - Toolbar: 收音機(&R) - {8E718888-423F-11D2-876E-

00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1

\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [CJIMETIPSYNC] C:\Program Files\Common

Files\Microsoft Shared\IME\IMTC65\CHANGJIE\CINTLCFG.EXE

/CJIMETIPSync
O4 - HKLM\..\Run: [PHIMETIPSYNC] C:\Program Files\Common

Files\Microsoft Shared\IME\IMTC65\PHONETIC\TINTLCFG.EXE

/PHIMETIPSync
O4 - HKLM\..\Run: [OfficeScanNT Monitor] "C:\Program

Files\Trend Micro\OfficeScan Client\pccntmon.exe" -HideWindow
O4 - HKLM\..\Run: [Matrox Powerdesk] C:\WINDOWS\System32

\PDesk\PDesk.exe /Autolaunch
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4

\ashDisp.exe
O4 - HKLM\..\Run: [Outpost Firewall] C:\PROGRA~1

\Agnitum\OUTPOS~1.0\outpost.exe /waitservice
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\System32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program

Files\Messenger\msmsgs.exe" /background
O8 - Extra context menu item: 匯出至 Microsoft Office Excel

(&X) - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: 網頁 - {1F460357-8A94-4D71-9CA3-

AA4ACF32ED8E} - C:\Program Files\Kaspersky Internet Security

6.0\Kaspersky Internet Security 6.0\scieplugin.dll
O9 - Extra button: 參考資料 - {92780B25-18CC-41C8-B9BE-

3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: @C:\Program Files\Messenger\Msgslang.dll,

-61144 - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program

Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: @C:\Program

Files\Messenger\Msgslang.dll,-61144 - {FB5F1910-F110-11d2-

BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=http://iisltd/
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75}

(CKAVWebScan Object) -

http://www.kaspersky.com/kos/eng/...t/kavwebscan_u

nicode.cab
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec

AntiVirus scanner) -

http://security.symantec.com/sscv...t/vc/bin/AvSni

ff.cab
O16 - DPF: {2D272DB5-C4CC-11D3-AAEE-0080C8BA466E}

(EF2KRS2.ctlEF2KRS2) -

http://iislabdoc/ef2klaba/c...EF2KRS2.CAB
O16 - DPF: {53548F21-D707-11D3-AB0C-0080C8BA466E}

(EF2KARY2.ctlEF2KARY2) -

http://iislabdoc/ef2klaba/c...F2KARY2.CAB
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C}

(WUWebControl Class) -

http://update.microsoft.com/windo...Controls/en/x8

6/client/wuweb_site.cab?1122965056321
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec

RuFSI Utility Class) -

http://security.symantec.com/sscv...t/common/bin/c

absa.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3}

(MUWebControl Class) -

http://update.microsoft.com/micro...V5Controls/en/

x86/client/muweb_site.cab?1123032126434
O16 - DPF: {8C8A4F18-D7AA-11D4-B11A-00485455560C} -

http://iislabdoc/ef2klaba/c...F2KGrid.CAB
O16 - DPF: {CF265377-E224-11D4-ACE8-0080C8D96040}

(EF2KRSE.ctlEF2KRSE) -

http://iislabdoc/ef2klaba/c...EF2KRSE.CAB
O16 - DPF: {EF791A6B-FC12-4C68-99EF-FB9E207A39E6} (McFreeScan

Class) - http://download.mcafe...bin/iss-

loc/mcfscan/2,1,0,4795/mcfscan.cab
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-

8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file

missing)
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) -

Unknown owner - C:\Program Files\Alwil Software\Avast4

\aswUpdSv.exe
O23 - Service: avast! Antivirus - Unknown owner - C:\Program

Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner -

C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service

(file missing)
O23 - Service: avast! Web Scanner - Unknown owner -

C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service

(file missing)
O23 - Service: MGABGEXE - Matrox Graphics Inc. -

C:\WINDOWS\System32\mgabg.exe
O23 - Service: OfficeScanNT 即時掃瞄 (ntrtscan) - Trend Micro

Inc. - C:\Program Files\Trend Micro\OfficeScan

Client\ntrtscan.exe
O23 - Service: OfficeScanNT 防火牆 (OfcPfwSvc) - Trend Micro

Inc. - C:\Program Files\Trend Micro\OfficeScan

Client\OfcPfwSvc.exe
O23 - Service: Outpost Firewall Service (OutpostFirewall) -

Agnitum - C:\PROGRA~1\Agnitum\OUTPOS~1.0\outpost.exe
O23 - Service: OfficeScanNT Listener (tmlisten) - Trend Micro

Inc. - C:\Program Files\Trend Micro\OfficeScan

Client\tmlisten.exe

---------------------------------------------

[Copy to clipboard] [ - ]CODE:
2007-04-02,08:52:08

System Repair Engineer 2.4.12.806
Smallfrogs (http://www.KZ....com)

Windows XP Professional Service Pack 1 (Build 2600) -

Administrative User - Completed Functions Allowed

Follow item(s) have been choosed:
  All Boot Items (Including Registry, Startup Folders,

Services and so on)
  Browser Add-ons
  Runing Processes (Including process model information)
  File Associations
  Winsock Provider
  Autorun.Inf
  HOSTS File


Boot Items
Registry
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\

Run]
  <ctfmon.exe><C:\WINDOWS\System32\ctfmon.exe>

[(Verified)Microsoft Windows XP Publisher]
  <MSMSGS><"C:\Program Files\Messenger\msmsgs.exe"

/background> [(Verified)Microsoft Corporation]
[HKEY_CURRENT_USER\Software\Microsoft\Windows

NT\CurrentVersion\Windows]
  <load><> [N/A]
  <run><> [N/A]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion

\Run]
  <IMJPMIG8.1><"C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil

/RemAdvDef /Migration32> [(Verified)Microsoft Windows XP

Publisher]
  <CJIMETIPSYNC><C:\Program Files\Common Files\Microsoft

Shared\IME\IMTC65\CHANGJIE\CINTLCFG.EXE /CJIMETIPSync>

[(Verified)Microsoft Corporation]
  <PHIMETIPSYNC><C:\Program Files\Common Files\Microsoft

Shared\IME\IMTC65\PHONETIC\TINTLCFG.EXE /PHIMETIPSync>

[(Verified)Microsoft Corporation]
  <OfficeScanNT Monitor><"C:\Program Files\Trend

Micro\OfficeScan Client\pccntmon.exe" -HideWindow> [Trend

Micro Inc.]
  <Matrox Powerdesk><C:\WINDOWS\System32\PDesk\PDesk.exe

/Autolaunch> [(Verified)Microsoft Windows XP Publisher]
  <avast!><C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe>

[(Verified)ALWIL Software]
  <Outpost Firewall><C:\PROGRA~1\Agnitum\OUTPOS~1.0

\outpost.exe /waitservice> [Agnitum]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows

NT\CurrentVersion\Winlogon]
  <shell><Explorer.exe> [(Verified)Microsoft Windows XP

Publisher]
  <Userinit><C:\WINDOWS\system32\userinit.exe,>

[(Verified)]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows

NT\CurrentVersion\Windows]
  <AppInit_DLLs><> [N/A]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows

NT\CurrentVersion\Winlogon]
  <UIHost><logonui.exe> [(Verified)Microsoft Windows XP

Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion

\Explorer\ShellExecuteHooks]
  <{41AE6BB6-3815-4F48-8FA4-920B586BA193}><> [N/A]
  <{D14CE39F-EED3-489A-948C-FCD588F831E7}><> [N/A]
  <{06A48AD9-FF57-4E73-937B-B493E72F4226}><> [N/A]
  <{6E44887F-5214-41F2-AB46-4728735C4CC6}><> [N/A]
  <{57B86673-276A-48B2-BAE7-C6DBB3020EB8}><> [N/A]

==================================
Startup Folders
[REBECCA]
<C:\Documents and Settings\sinotech.54-573\「開始」功能表\

程式集\啟動\REBECCA.lnk --> E:\RIMARTS\REBECCA\REBECCA.EXE

[RimArts, Inc.]><N>
[Reminder]
<C:\Documents and Settings\sinotech.54-573\「開始」功能表\

程式集\啟動\Reminder.lnk --> E:\REMINDER\Reminder.exe [Kana

Solution]><N>
[標點符號.exe]
<C:\Documents and Settings\sinotech.54-573\「開始」功能表\

程式集\啟動\標點符號.exe.lnk --> E:\原DISK~1\C\game\FU\標點符

號.exe [台灣鉅軟科技 HZYSoft Corporation]><N>

==================================
Services
[ASP.NET State Service / aspnet_state][Stopped/Manual Start]
<C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322

\aspnet_state.exe><Microsoft Corporation>
[avast! iAVS4 Control Service / aswUpdSv][Running/Auto Start]
<"C:\Program Files\Alwil Software\Avast4

\aswUpdSv.exe"><N/A>
[avast! Antivirus / avast! Antivirus][Running/Auto Start]
<"C:\Program Files\Alwil Software\Avast4\ashServ.exe"><>
[avast! Mail Scanner / avast! Mail Scanner][Running/Manual

Start]
<"C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe"

/service><ALWIL Software>
[avast! Web Scanner / avast! Web Scanner][Running/Manual

Start]
<"C:\Program Files\Alwil Software\Avast4\ashWebSv.exe"

/service><ALWIL Software>
[AVG Anti-Spyware Guard / AVG Anti-Spyware Guard]

[Stopped/Disabled]
<><N/A>
[Performance Moniter / BRGNS][Stopped/Auto Start]
<C:\WINDOWS\SYSTEM32\RUNDLLFROMWIN2000.EXE

C:\WINDOWS\SYSTEM32\WBEM\RHBKO.DLL,Export 1087><Microsoft

Corporation>
[Human Interface Device Access / HidServ][Stopped/Disabled]
<C:\WINDOWS\System32\svchost.exe -k netsvcs-->%SystemRoot%

\System32\hidserv.dll><N/A>
[MGABGEXE / MGABGEXE][Running/Auto Start]
<C:\WINDOWS\System32\mgabg.exe><Matrox Graphics Inc.>
[OfficeScanNT 即時掃瞄 / ntrtscan][Running/Auto Start]
<C:\Program Files\Trend Micro\OfficeScan

Client\ntrtscan.exe><Trend Micro Inc.>
[OfficeScanNT 防火牆 / OfcPfwSvc][Running/Auto Start]
<C:\Program Files\Trend Micro\OfficeScan

Client\OfcPfwSvc.exe><Trend Micro Inc.>
[Outpost Firewall Service / OutpostFirewall][Running/Auto

Start]
<C:\PROGRA~1\Agnitum\OUTPOS~1.0\outpost.exe

/service><Agnitum>
[OfficeScanNT Listener / tmlisten][Running/Auto Start]
<C:\Program Files\Trend Micro\OfficeScan

Client\tmlisten.exe><Trend Micro Inc.>

==================================
Drivers
[Intel(r) 82801 Audio Driver Install Service (WDM) /

ac97intc][Running/Manual Start]
<system32\drivers\ac97intc.sys><Intel Corporation>
[Outpost Firewall PlugIn (ADBLOCK.DLL) / ADBLOCK.DLL]

[Running/Manual Start]
<\??\C:\PROGRA~1\Agnitum\OUTPOS~1.0

\kernel\ADBLOCK.DLL><Agnitum>
[AVG Anti-Spyware Driver / AVG Anti-Spyware Driver]

[Stopped/System Start]
<\??\C:\Program Files\Grisoft\AVG Anti-Spyware 7.5

\guard.sys><N/A>
[AVG Anti-Spyware Clean Driver / AvgAsCln][Stopped/System

Start]
<System32\DRIVERS\AvgAsCln.sys><N/A>
[Outpost Firewall PlugIn (CONTENT.DLL) / CONTENT.DLL]

[Running/Manual Start]
<\??\C:\PROGRA~1\Agnitum\OUTPOS~1.0

\kernel\CONTENT.DLL><Agnitum>
[CO_Mon / CO_Mon][Stopped/Manual Start]
<\??\C:\WINDOWS\System32\Drivers\CO_Mon.sys><N/A>
[Outpost Firewall PlugIn (DNSCACHE.DLL) / DNSCACHE.DLL]

[Running/Manual Start]
<\??\C:\PROGRA~1\Agnitum\OUTPOS~1.0

\kernel\DNSCACHE.DLL><Agnitum>
[Intel(R) PRO Adapter Driver / E100B][Running/Manual Start]
<System32\DRIVERS\e100b325.sys><Intel Corporation>
[Filseclab Dynamic Defense System Driver / filar]

[Stopped/System Start]
<\??\C:\PROGRA~1\COMMON~1\FILSEC~1\filar.sys><N/A>
[Outpost Firewall PlugIn (FTPFILT.DLL) / FTPFILT.DLL]

[Running/Manual Start]
<\??\C:\PROGRA~1\Agnitum\OUTPOS~1.0

\kernel\FTPFILT.DLL><Agnitum>
[G400 / G400][Stopped/Manual Start]
<System32\DRIVERS\G400m.sys><Matrox Graphics Inc.>
[G400DH / G400DH][Running/Manual Start]
<System32\DRIVERS\g400dhm.sys><Matrox Graphics Inc.>
[Outpost Firewall PlugIn (HTMLFILT.DLL) / HTMLFILT.DLL]

[Running/Manual Start]
<\??\C:\PROGRA~1\Agnitum\OUTPOS~1.0

\kernel\HTMLFILT.DLL><Agnitum>
[Outpost Firewall PlugIn (HTTPFILT.DLL) / HTTPFILT.DLL]

[Running/Manual Start]
<\??\C:\PROGRA~1\Agnitum\OUTPOS~1.0

\kernel\HTTPFILT.DLL><Agnitum>
[i81x / i81x][Stopped/Manual Start]
<System32\DRIVERS\i81xnt5.sys><Intel Corporation>
[iAimFP0 / iAimFP0][Stopped/Manual Start]
<System32\DRIVERS\wADV01nt.sys><Intel Corporation>
[iAimFP1 / iAimFP1][Stopped/Manual Start]
<System32\DRIVERS\wADV02NT.sys><Intel Corporation>
[iAimFP2 / iAimFP2][Stopped/Manual Start]
<System32\DRIVERS\wADV05NT.sys><Intel Corporation>
[iAimFP3 / iAimFP3][Stopped/Manual Start]
<System32\DRIVERS\wSiINTxx.sys><Intel Corporation>
[iAimFP4 / iAimFP4][Stopped/Manual Start]
<System32\DRIVERS\wVchNTxx.sys><Intel Corporation>
[iAimTV0 / iAimTV0][Stopped/Manual Start]
<System32\DRIVERS\wATV01nt.sys><Intel Corporation>
[iAimTV1 / iAimTV1][Stopped/Manual Start]
<System32\DRIVERS\wATV02NT.sys><Intel Corporation>
[iAimTV2 / iAimTV2][Stopped/Manual Start]
<System32\DRIVERS\wATV03nt.sys><Intel Corporation>
[iAimTV3 / iAimTV3][Stopped/Manual Start]
<System32\DRIVERS\wATV04nt.sys><Intel Corporation>
[iAimTV4 / iAimTV4][Stopped/Manual Start]
<System32\DRIVERS\wCh7xxNT.sys><Intel Corporation>
[Outpost Firewall PlugIn (IMAPFILT.DLL) / IMAPFILT.DLL]

[Running/Manual Start]
<\??\C:\PROGRA~1\Agnitum\OUTPOS~1.0

\kernel\IMAPFILT.DLL><Agnitum>
[Outpost Firewall PlugIn (MAILFILT.DLL) / MAILFILT.DLL]

[Running/Manual Start]
<\??\C:\PROGRA~1\Agnitum\OUTPOS~1.0

\kernel\MAILFILT.DLL><Agnitum>
[Outpost Firewall PlugIn (NNTPFILT.DLL) / NNTPFILT.DLL]

[Running/Manual Start]
<\??\C:\PROGRA~1\Agnitum\OUTPOS~1.0

\kernel\NNTPFILT.DLL><Agnitum>
[Outpost Firewall PlugIn (POP3FILT.DLL) / POP3FILT.DLL]

[Running/Manual Start]
<\??\C:\PROGRA~1\Agnitum\OUTPOS~1.0

\kernel\POP3FILT.DLL><Agnitum>
[Outpost Firewall PlugIn (PROTECT.DLL) / PROTECT.DLL]

[Running/Manual Start]
<\??\C:\PROGRA~1\Agnitum\OUTPOS~1.0

\kernel\PROTECT.DLL><Agnitum>
[直接平行連接埠連結驅動程式 / Ptilink][Running/Manual Start]
<System32\DRIVERS\ptilink.sys><Parallel Technologies, Inc.>
[Secdrv / Secdrv][Stopped/Manual Start]
<System32\DRIVERS\secdrv.sys><N/A>
[%SkyUsb.SvcDesc% / SKYLARK][Stopped/Manual Start]
<system32\drivers\skyusb.sys><Windows (R) 2000 DDK

provider>
[Trend Micro Filter / TmFilter][Running/Auto Start]
<\??\C:\Program Files\Trend Micro\OfficeScan

Client\TmXPFlt.sys><Trend Micro Inc.>
[Trend Micro PreFilter / TmPreFilter][Running/Auto Start]
<\??\C:\Program Files\Trend Micro\OfficeScan

Client\TmPreFlt.sys><Trend Micro Inc.>
[TSP / TSP][Stopped/Manual Start]
<\??\C:\WINDOWS\system32\drivers\klif.sys><N/A>
[U3sHlpDr / U3sHlpDr][Running/Auto Start]
<\??\C:\WINDOWS\System32\Drivers\U3sHlpDr.sys><N/A>
[Outpost Firewall Kernel Driver / VFILT][Running/System

Start]
<\??\C:\PROGRA~1\Agnitum\OUTPOS~1.0\kernel\2000

\FILTNT.SYS><Agnitum>
[Trend Micro VSAPI NT / VSApiNt][Running/Auto Start]
<\??\C:\Program Files\Trend Micro\OfficeScan

Client\VSApiNt.sys><Trend Micro Inc.>

==================================
Browser Add-ons
[AcroIEHlprObj Class]
{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} <C:\Program

Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll, Adobe

Systems Incorporated>
[Info cache]
{385AB8C6-FB22-4D17-8834-064E2BA0A6F0} <C:\Documents and

Settings\All Users\Application

Data\Microsoft\PCTools\pctools.dll, N/A>
[網頁]
{1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} <C:\Program

Files\Kaspersky Internet Security 6.0\Kaspersky Internet

Security 6.0\scieplugin.dll, Kaspersky Lab>
[參考資料(&R)]
{92780B25-18CC-41C8-B9BE-3C9C571A8263} <C:\PROGRA~1

\MICROS~2\OFFICE11\REFIEBAR.DLL, Microsoft Corporation>
[@C:\Program Files\Messenger\Msgslang.dll,-61144]
{FB5F1910-F110-11d2-BB9E-00C04F795683} <C:\Program

Files\Messenger\msmsgs.exe, Microsoft Corporation>
[收音機(&R)]
{8E718888-423F-11D2-876E-00A0C9082467}

<C:\WINDOWS\System32\msdxm.ocx, Microsoft Corporation>
[CKAVWebScan Object]
{0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} <, N/A>
[Symantec AntiVirus scanner]
{2BC66F54-93A8-11D3-BEB6-00105AA9B6AE}

<C:\WINDOWS\Downloaded Program Files\avsniff.dll, Symantec

Corporation>
[EF2KRS2.ctlEF2KRS2]
{2D272DB5-C4CC-11D3-AAEE-0080C8BA466E}

<C:\WINDOWS\Downloaded Program Files\EF2KRS2.ocx, Data

Systems Consulting Co., Ltd.>
[EF2KARY2.ctlEF2KARY2]
{53548F21-D707-11D3-AB0C-0080C8BA466E}

<C:\WINDOWS\Downloaded Program Files\EF2KARY2.ocx, Data

Systems Consulting Co., Ltd.>
[WUWebControl Class]
{6414512B-B978-451D-A0D8-FCFDF33E833C}

<C:\WINDOWS\System32\wuweb.dll, Microsoft Corporation>
[Symantec RuFSI Utility Class]
{644E432F-49D3-41A1-8DD5-E099162EEEC5}

<C:\WINDOWS\Downloaded Program Files\rufsi.dll, Symantec

Corporation>
[MUWebControl Class]
{6E32070A-766D-4EE6-879C-DC1FA91D2FC3}

<C:\WINDOWS\System32\muweb.dll, Microsoft Corporation>
[EF2KRSE.ctlEF2KRSE]
{CF265377-E224-11D4-ACE8-0080C8D96040}

<C:\WINDOWS\Downloaded Program Files\EF2KRSE.ocx, Data

Systems Consulting Co., Ltd.>
[Shockwave Flash Object]
{D27CDB6E-AE6D-11CF-96B8-444553540000}

<C:\WINDOWS\System32\Macromed\Flash\Flash9.ocx, Adobe

Systems, Inc.>
[McFreeScan Class]
{EF791A6B-FC12-4C68-99EF-FB9E207A39E6}

<C:\WINDOWS\McAfee.com\FreeScan\mcfscan.dll, McAfee, Inc.>
[匯出至 Microsoft Office Excel(&X)]
<res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000, N/A>

==================================
Running Processes
[PID: 568][\SystemRoot\System32\smss.exe] [Microsoft

Corporation, 5.1.2600.1106 (xpsp1.020828-1920)]
[PID: 672][\??\C:\WINDOWS\system32\csrss.exe] [Microsoft

Corporation, 5.1.2600.0 (xpclient.010817-1148)]
[PID: 1748][C:\WINDOWS\Explorer.EXE] [Microsoft Corporation,

6.00.2800.1221 (xpsp2.030511-1403)]
  [C:\Program Files\Alwil Software\Avast4\ashShell.dll]

[ALWIL Software, 4, 7, 936, 0]
  [C:\Program Files\Adobe\Acrobat 7.0

\ActiveX\AcroIEHelper.dll] [Adobe Systems Incorporated,

7.0.0.2004121400]
  [C:\WINDOWS\System32\MSVCR71.dll] [Microsoft

Corporation, 7.10.3052.4]
  [C:\Program Files\Adobe\Acrobat 7.0\ActiveX\PDFShell.dll]

[Adobe Systems, Inc., 7.0.0.0]
  [C:\WINDOWS\System32\PDesk\PDKERNEL.DLL] [Matrox

Graphics Inc., 6.93.009]
  [C:\WINDOWS\System32\PDesk\PDTOOLS.DLL] [Matrox Graphics

Inc., 6.93.009]
  [C:\WINDOWS\System32\PDesk\PDRESENG.DLL] [Matrox

Graphics Inc., 6.93.009]
[PID: 1892][C:\Program Files\Trend Micro\OfficeScan

Client\pccntmon.exe] [Trend Micro Inc., 7.0.0.1077]
  [C:\Program Files\Trend Micro\OfficeScan

Client\loadhttp.dll] [Trend Micro Inc., 7.0.0.1077]
  [C:\Program Files\Trend Micro\OfficeScan Client\Pwd.dll]

[Trend Micro Inc., 7.0.0.1077]
  [C:\Program Files\Trend Micro\OfficeScan

Client\OfcPlugInAPI.dll] [Trend Micro Inc., 7.0.0.1077]
  [C:\Program Files\Trend Micro\OfficeScan

Client\OfcPIPC.dll] [N/A, ]
  [C:\Program Files\Trend Micro\OfficeScan

Client\TimeString.dll] [N/A, ]
  [C:\Program Files\Trend Micro\OfficeScan

Client\ntmonres.dll] [Trend Micro Inc., 7.0.0.1077]
  [C:\Program Files\Trend Micro\OfficeScan

Client\OfcPlugInMain.dll] [Trend Micro Inc., 7.0.0.1077]
  [C:\Program Files\Trend Micro\OfficeScan

Client\OfcPlugInTray.dll] [Trend Micro Inc., 7.0.0.1077]
  [C:\Program Files\Trend Micro\OfficeScan

Client\tmdbg20.dll] [trend_company_name, 1, 0, 0, 1]
[PID: 1900][C:\WINDOWS\System32\PDesk\PDesk.exe] [Matrox

Graphics Inc., 6.93.009]
  [C:\WINDOWS\System32\PDesk\PDTOOLS.DLL] [Matrox Graphics

Inc., 6.93.009]
  [C:\WINDOWS\System32\PDesk\PDRESENG.DLL] [Matrox

Graphics Inc., 6.93.009]
[PID: 1908][C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe] [, 4,

7, 936, 0]
  [C:\PROGRA~1\ALWILS~1\Avast4\aswCmnOS.dll] [ALWIL

Software, 4, 7, 936, 0]
  [C:\WINDOWS\System32\MSVCP71.dll] [Microsoft

Corporation, 7.10.3077.0]
  [C:\WINDOWS\System32\MSVCR71.dll] [Microsoft

Corporation, 7.10.3052.4]
  [C:\PROGRA~1\ALWILS~1\Avast4\ashBase.dll] [ALWIL

Software, 4, 7, 936, 0]
  [C:\PROGRA~1\ALWILS~1\Avast4\aswCmnB.dll] [ALWIL

Software, 4, 7, 936, 0]
  [C:\PROGRA~1\ALWILS~1\Avast4\aswCmnS.dll] [ALWIL

Software, 4, 7, 936, 0]
  [C:\PROGRA~1\ALWILS~1\Avast4\ashTask.dll] [ALWIL

Software, 4, 7, 936, 0]
  [C:\PROGRA~1\ALWILS~1\Avast4\aswAux.dll] [ALWIL

Software, 4, 7, 936, 0]
  [C:\PROGRA~1\ALWILS~1\Avast4\Aavm4h.dll] [ALWIL

Software, 4, 7, 936, 0]
  [C:\Program Files\Alwil Software\Avast4\English\Base.dll]

[ALWIL Software, 4, 7, 936, 0]
  [C:\Program Files\Alwil Software\Avast4\English\Lang.dll]

[ALWIL Software, 4, 7, 936, 0]
  [C:\WINDOWS\System32\MFC71.DLL] [Microsoft Corporation,

7.10.3077.0]
  [C:\PROGRA~1\ALWILS~1\Avast4\AavmRpch.dll] [ALWIL

Software, 4, 7, 936, 0]
  [c:\program files\alwil software\avast4\ahruimai.dll]

[ALWIL Software, 4, 7, 936, 0]
  [C:\PROGRA~1\ALWILS~1\Avast4\ashUInt.dll] [ALWIL

Software, 4, 7, 936, 0]
  [C:\PROGRA~1\ALWILS~1\Avast4\XT1922.dll] [Codejock

Software, 1, 9, 4, 0]
  [c:\program files\alwil software\avast4\ahruimes.dll]

[ALWIL Software, 4, 7, 936, 0]
  [c:\program files\alwil software\avast4\ahruins.dll]

[ALWIL Software, 4, 7, 936, 0]
  [c:\program files\alwil software\avast4\ahruiout.dll]

[ALWIL Software, 4, 7, 936, 0]
  [c:\program files\alwil software\avast4\ahruip2p.dll]

[ALWIL Software, 4, 7, 936, 0]
  [c:\program files\alwil software\avast4\ahruistd.dll]

[ALWIL Software, 4, 7, 936, 0]
  [c:\program files\alwil software\avast4\ahruiws.dll]

[ALWIL Software, 4, 7, 936, 0]
[PID: 1952][C:\WINDOWS\System32\ctfmon.exe] [Microsoft

Corporation, 5.1.2600.1106 (xpsp1.020828-1920)]
[PID: 316][C:\Program Files\Trend Micro\OfficeScan

Client\Pop3Trap.exe] [Trend Micro Incorporated.,

10.0.4.1141]
  [C:\Program Files\Trend Micro\OfficeScan

Client\POP3UTIL.dll] [Trend Micro Incorporated.,

10.0.4.1141]
  [C:\Program Files\Trend Micro\OfficeScan

Client\tmdbg.dll] [N/A, ]
  [C:\Program Files\Trend Micro\OfficeScan

Client\pewnt2.dll] [Trend Micro Incorporated., 10.0.4.1141]
  [C:\Program Files\Trend Micro\OfficeScan

Client\tmCfwApi.dll] [Trend Micro Inc., 1.2.0.1020]
[PID: 1592][E:\soft\卡巴斯基移除\sreng2\SREng.EXE]

[Smallfrogs Studio, 2.4.12.806]
[PID: 2764][C:\WINDOWS\System32\wuauclt.exe] [Microsoft

Corporation, 5.8.0.2469 built by: lab01_n(wmbla)]

==================================
File Associations
.TXT Error. [C:\WINDOWS\NOTEPAD.EXE %1]
.EXE OK. ["%1" %*]
.COM OK. ["%1" %*]
.PIF OK. ["%1" %*]
.REG OK. [regedit.exe "%1"]
.BAT OK. ["%1" %*]
.SCR OK. ["%1" /S]
.CHM OK. ["C:\WINDOWS\hh.exe" %1]
.HLP OK. [%SystemRoot%\System32\winhlp32.exe %1]
.INI OK. [%SystemRoot%\System32\NOTEPAD.EXE %1]
.INF OK. [%SystemRoot%\System32\NOTEPAD.EXE %1]
.VBS OK. [%SystemRoot%\System32\WScript.exe "%1" %*]
.JS   OK. [%SystemRoot%\System32\WScript.exe "%1" %*]
.LNK OK. [{00021401-0000-0000-C000-000000000046}]

==================================
Winsock Provider
N/A

==================================
Autorun.Inf
N/A

==================================
HOSTS File
127.0.0.1     localhost

==================================
API HOOK
N/A

==================================
Hidden Process
N/A

==================================




一人論命,命師曰︰『即將走名聲運。』,不久報紙頭版果登其照,原是通緝犯落網。名聲有好有壞,端看個人作為。
獻花 x0 回到頂端 [樓 主] From:臺灣中華HiNet | Posted:2007-04-02 16:25 |
彗星風采 手機
個人頭像
個人文章 個人相簿 個人日記 個人地圖
小人物
級別: 小人物 該用戶目前不上站
推文 x0 鮮花 x24
分享: 轉寄此文章 Facebook Plurk Twitter 複製連結到剪貼簿 轉換為繁體 轉換為簡體 載入圖片

請問樓主..有防軟提供資訊嗎?大致看了樓主的log..樓主您似忽安裝了很多套的防軟..
不知道是否為相衝的問題..


獻花 x0 回到頂端 [1 樓] From:臺灣中華電信 | Posted:2007-04-02 16:40 |
Rich0401
數位造型
個人文章 個人相簿 個人日記 個人地圖
小人物
級別: 小人物 該用戶目前不上站
推文 x1 鮮花 x28
分享: 轉寄此文章 Facebook Plurk Twitter 複製連結到剪貼簿 轉換為繁體 轉換為簡體 載入圖片

但是我是裝第二套防毒之前就有所述情形,是先安裝Trend Micro,但是Trend Micro本身常常中毒,有一天忽然沒音效後,就裝了卡巴,裝完可能有互衝,就卸掉卡巴,從此就會開機五分鐘死當,後再安裝AVAST,依然無法解決,也掃不出病毒


一人論命,命師曰︰『即將走名聲運。』,不久報紙頭版果登其照,原是通緝犯落網。名聲有好有壞,端看個人作為。
獻花 x0 回到頂端 [2 樓] From:臺灣中華HiNet | Posted:2007-04-02 16:43 |
彗星風采 手機
個人頭像
個人文章 個人相簿 個人日記 個人地圖
小人物
級別: 小人物 該用戶目前不上站
推文 x0 鮮花 x24
分享: 轉寄此文章 Facebook Plurk Twitter 複製連結到剪貼簿 轉換為繁體 轉換為簡體 載入圖片

就剛剛的log報表看來..樓主您的卡巴並沒有完全移除乾淨喔!...
請樓主可能要多等一下子..我好仔細看看您的報表..因為樓主您的報表真的蠻......亂的.... 表情


獻花 x0 回到頂端 [3 樓] From:臺灣中華電信 | Posted:2007-04-02 16:51 |
Rich0401
數位造型
個人文章 個人相簿 個人日記 個人地圖
小人物
級別: 小人物 該用戶目前不上站
推文 x1 鮮花 x28
分享: 轉寄此文章 Facebook Plurk Twitter 複製連結到剪貼簿 轉換為繁體 轉換為簡體 載入圖片

但是我有去卡巴網站下載專用移除軟體KisKav6Remove,剩下的卡巴應是線上卡巴,難道PC版的真如大大所說沒除乾淨,麻煩大大相助。


一人論命,命師曰︰『即將走名聲運。』,不久報紙頭版果登其照,原是通緝犯落網。名聲有好有壞,端看個人作為。
獻花 x0 回到頂端 [4 樓] From:臺灣中華HiNet | Posted:2007-04-02 16:58 |
彗星風采 手機
個人頭像
個人文章 個人相簿 個人日記 個人地圖
小人物
級別: 小人物 該用戶目前不上站
推文 x0 鮮花 x24
分享: 轉寄此文章 Facebook Plurk Twitter 複製連結到剪貼簿 轉換為繁體 轉換為簡體 載入圖片

方法如下...
關閉系統還原..清理IE暫存檔..進入安全模式..
在刪除之前強烈建議樓主先備份所有檔案..SREng主程式.切換至Boot Items分頁中的Registry選項..找到..
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHook]刪除下列.....點選Delete,按下"是"刪除
<{41AE6BB6-3815-4F48-8FA4-920B586BA193}><> [N/A]
<{D14CE39F-EED3-489A-948C-FCD588F831E7}><> [N/A]
<{06A48AD9-FF57-4E73-937B-B493E72F4226}><> [N/A]
<{6E44887F-5214-41F2-AB46-4728735C4CC6}><> [N/A]
<{57B86673-276A-48B2-BAE7-C6DBB3020EB8}><> [N/A]

接著切換Boot Items分頁中的Services中的Win32 Services選項..找到..
[Performance Moniter / BRGNS][Stopped/Auto Start]
<C:\WINDOWS\SYSTEM32\RUNDLLFROMWIN2000.EXE
C:\WINDOWS\SYSTEM32\WBEM\RHBKO.DLL,Export 1087><Microsoft Corporation>
勾選Delet services.再點選set.按下才是刪除..

切換至Boot Items分頁中的Services中的Drivers選項.找到..
[Outpost Firewall PlugIn (ADBLOCK.DLL) / ADBLOCK.DLL]
[%SkyUsb.SvcDesc% / SKYLARK][Stopped/Manual Start]
<system32\drivers\skyusb.sys><Windows (R) 2000 DDK
操作方法跟services一樣..

切換至System Repair分頁中的Browser Add-ons選項..找到.
[Info cache]
{385AB8C6-FB22-4D17-8834-064E2BA0A6F0} <C:\Documents and Settings\All Users\Application Data\Microsoft\PCTools\pctools.dll, N/A>
[EF2KRS2.ctlEF2KRS2]
{2D272DB5-C4CC-11D3-AAEE-0080C8BA466E}
<C:\WINDOWS\Downloaded Program Files\EF2KRS2.ocx, Data Systems Consulting Co., Ltd.>
[EF2KARY2.ctlEF2KARY2]
{53548F21-D707-11D3-AB0C-0080C8BA466E}
<C:\WINDOWS\Downloaded Program Files\EF2KARY2.ocx, Data Systems Consulting Co., Ltd.>
點選Delete Selected ,按下是刪除...

System Repair分頁中的File Associations選項..找到..
TXT Error. [C:\WINDOWS\NOTEPAD.EXE %1]
勾選起來點選Repair...


獻花 x0 回到頂端 [5 樓] From:臺灣中華電信 | Posted:2007-04-02 17:23 |
LostDream
個人頭像
個人文章 個人相簿 個人日記 個人地圖
小人物
級別: 小人物 該用戶目前不上站
推文 x0 鮮花 x6
分享: 轉寄此文章 Facebook Plurk Twitter 複製連結到剪貼簿 轉換為繁體 轉換為簡體 載入圖片

除了清除登錄檔,實體也要記得刪。


獻花 x0 回到頂端 [6 樓] From:臺灣 | Posted:2007-04-02 21:10 |
Rich0401
數位造型
個人文章 個人相簿 個人日記 個人地圖
小人物
級別: 小人物 該用戶目前不上站
推文 x1 鮮花 x28
分享: 轉寄此文章 Facebook Plurk Twitter 複製連結到剪貼簿 轉換為繁體 轉換為簡體 載入圖片

照大大所說方式處理,還是沒有改善耶,狀況依然存在 表情 ,是否還有別法可行呢?


一人論命,命師曰︰『即將走名聲運。』,不久報紙頭版果登其照,原是通緝犯落網。名聲有好有壞,端看個人作為。
獻花 x0 回到頂端 [7 樓] From:臺灣中華HiNet | Posted:2007-04-03 11:42 |
彗星風采 手機
個人頭像
個人文章 個人相簿 個人日記 個人地圖
小人物
級別: 小人物 該用戶目前不上站
推文 x0 鮮花 x24
分享: 轉寄此文章 Facebook Plurk Twitter 複製連結到剪貼簿 轉換為繁體 轉換為簡體 載入圖片

請再跑一次SREng報表上來..如果病毒都清除掉但問題仍未解決的話..建議樓主就要從作業系統版或軟體區前去發問了.... 表情


獻花 x0 回到頂端 [8 樓] From:臺灣中華電信 | Posted:2007-04-03 11:53 |
Rich0401
數位造型
個人文章 個人相簿 個人日記 個人地圖
小人物
級別: 小人物 該用戶目前不上站
推文 x1 鮮花 x28
分享: 轉寄此文章 Facebook Plurk Twitter 複製連結到剪貼簿 轉換為繁體 轉換為簡體 載入圖片

麻煩大大囉 表情

----------------------------------------------

我個人覺得Hijack這裡怪怪的


O16 - DPF: {2D272DB5-C4CC-11D3-AAEE-0080C8BA466E}

(EF2KRS2.ctlEF2KRS2) -

http://iislabdoc/ef2klaba/c...EF2KRS2.CAB
O16 - DPF: {53548F21-D707-11D3-AB0C-0080C8BA466E}

(EF2KARY2.ctlEF2KARY2) -

http://iislabdoc/ef2klaba/c...F2KARY2.CAB


----------------------------------------------



複製程式

2007-04-03,12:00:55

System Repair Engineer 2.4.12.806
Smallfrogs ([url]http://www.KZTechs.com[/url])

Windows XP Professional Service Pack 1 (Build 2600) - Administrative User - Completed Functions Allowed

Follow item(s) have been choosed:
    All Boot Items (Including Registry, Startup Folders, Services and so on)
    Browser Add-ons
    Runing Processes (Including process model information)
    File Associations
    Winsock Provider
    Autorun.Inf
    HOSTS File


Boot Items
Registry
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
    <ctfmon.exe><C:\WINDOWS\System32\ctfmon.exe>  [(Verified)Microsoft Windows XP Publisher]
    <MSMSGS><"C:\Program Files\Messenger\msmsgs.exe" /background>  [(Verified)Microsoft Corporation]
[HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows]
    <load><>  [N/A]
    <run><>  [N/A]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
    <IMJPMIG8.1><"C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32>  [(Verified)Microsoft Windows XP Publisher]
    <CJIMETIPSYNC><C:\Program Files\Common Files\Microsoft Shared\IME\IMTC65\CHANGJIE\CINTLCFG.EXE /CJIMETIPSync>  [(Verified)Microsoft Corporation]
    <PHIMETIPSYNC><C:\Program Files\Common Files\Microsoft Shared\IME\IMTC65\PHONETIC\TINTLCFG.EXE /PHIMETIPSync>  [(Verified)Microsoft Corporation]
    <OfficeScanNT Monitor><"C:\Program Files\Trend Micro\OfficeScan Client\pccntmon.exe" -HideWindow>  [Trend Micro Inc.]
    <Matrox Powerdesk><C:\WINDOWS\System32\PDesk\PDesk.exe /Autolaunch>  [(Verified)Microsoft Windows XP Publisher]
    <avast!><C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe>  [(Verified)ALWIL Software]
    <Outpost Firewall><C:\PROGRA~1\Agnitum\OUTPOS~1.0\outpost.exe /waitservice>  [Agnitum]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
    <shell><Explorer.exe>  [(Verified)Microsoft Windows XP Publisher]
    <Userinit><C:\WINDOWS\system32\userinit.exe,>  [(Verified)]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Windows]
    <AppInit_DLLs><>  [N/A]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
    <UIHost><logonui.exe>  [(Verified)Microsoft Windows XP Publisher]

==================================
Startup Folders
[REBECCA]
  <C:\Documents and Settings\sinotech.54-573\「開始」功能表\程式集\啟動\REBECCA.lnk --> E:\RIMARTS\REBECCA\REBECCA.EXE [RimArts, Inc.]><N>
[Reminder]
  <C:\Documents and Settings\sinotech.54-573\「開始」功能表\程式集\啟動\Reminder.lnk --> E:\REMINDER\Reminder.exe [Kana Solution]><N>
[標點符號.exe]
  <C:\Documents and Settings\sinotech.54-573\「開始」功能表\程式集\啟動\標點符號.exe.lnk --> E:\原DISK~1\C\game\FU\標點符號.exe [台灣鉅軟科技 HZYSoft Corporation]><N>

==================================
Services
[ASP.NET State Service / aspnet_state][Stopped/Manual Start]
  <C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\aspnet_state.exe><Microsoft Corporation>
[avast! iAVS4 Control Service / aswUpdSv][Running/Auto Start]
  <"C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe"><N/A>
[avast! Antivirus / avast! Antivirus][Running/Auto Start]
  <"C:\Program Files\Alwil Software\Avast4\ashServ.exe"><>
[avast! Mail Scanner / avast! Mail Scanner][Running/Manual Start]
  <"C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service><ALWIL Software>
[avast! Web Scanner / avast! Web Scanner][Running/Manual Start]
  <"C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service><ALWIL Software>
[AVG Anti-Spyware Guard / AVG Anti-Spyware Guard][Stopped/Disabled]
  <><N/A>
[Human Interface Device Access / HidServ][Stopped/Disabled]
  <C:\WINDOWS\System32\svchost.exe -k netsvcs-->%SystemRoot%\System32\hidserv.dll><N/A>
[MGABGEXE / MGABGEXE][Running/Auto Start]
  <C:\WINDOWS\System32\mgabg.exe><Matrox Graphics Inc.>
[OfficeScanNT 即時掃瞄 / ntrtscan][Running/Auto Start]
  <C:\Program Files\Trend Micro\OfficeScan Client\ntrtscan.exe><Trend Micro Inc.>
[OfficeScanNT 防火牆 / OfcPfwSvc][Running/Auto Start]
  <C:\Program Files\Trend Micro\OfficeScan Client\OfcPfwSvc.exe><Trend Micro Inc.>
[Outpost Firewall Service / OutpostFirewall][Running/Auto Start]
  <C:\PROGRA~1\Agnitum\OUTPOS~1.0\outpost.exe /service><Agnitum>
[OfficeScanNT Listener / tmlisten][Running/Auto Start]
  <C:\Program Files\Trend Micro\OfficeScan Client\tmlisten.exe><Trend Micro Inc.>

==================================
Drivers
[Intel(r) 82801 Audio Driver Install Service (WDM) / ac97intc][Running/Manual Start]
  <system32\drivers\ac97intc.sys><Intel Corporation>
[Outpost Firewall PlugIn (CONTENT.DLL) / CONTENT.DLL][Running/Manual Start]
  <\??\C:\PROGRA~1\Agnitum\OUTPOS~1.0\kernel\CONTENT.DLL><Agnitum>
[CO_Mon / CO_Mon][Stopped/Manual Start]
  <\??\C:\WINDOWS\System32\Drivers\CO_Mon.sys><N/A>
[Outpost Firewall PlugIn (DNSCACHE.DLL) / DNSCACHE.DLL][Running/Manual Start]
  <\??\C:\PROGRA~1\Agnitum\OUTPOS~1.0\kernel\DNSCACHE.DLL><Agnitum>
[Intel(R) PRO Adapter Driver / E100B][Running/Manual Start]
  <System32\DRIVERS\e100b325.sys><Intel Corporation>
[Filseclab Dynamic Defense System Driver / filar][Stopped/System Start]
  <\??\C:\PROGRA~1\COMMON~1\FILSEC~1\filar.sys><N/A>
[Outpost Firewall PlugIn (FTPFILT.DLL) / FTPFILT.DLL][Running/Manual Start]
  <\??\C:\PROGRA~1\Agnitum\OUTPOS~1.0\kernel\FTPFILT.DLL><Agnitum>
[G400 / G400][Stopped/Manual Start]
  <System32\DRIVERS\G400m.sys><Matrox Graphics Inc.>
[G400DH / G400DH][Running/Manual Start]
  <System32\DRIVERS\g400dhm.sys><Matrox Graphics Inc.>
[Outpost Firewall PlugIn (HTMLFILT.DLL) / HTMLFILT.DLL][Running/Manual Start]
  <\??\C:\PROGRA~1\Agnitum\OUTPOS~1.0\kernel\HTMLFILT.DLL><Agnitum>
[Outpost Firewall PlugIn (HTTPFILT.DLL) / HTTPFILT.DLL][Running/Manual Start]
  <\??\C:\PROGRA~1\Agnitum\OUTPOS~1.0\kernel\HTTPFILT.DLL><Agnitum>
[i81x / i81x][Stopped/Manual Start]
  <System32\DRIVERS\i81xnt5.sys><Intel Corporation>
[iAimFP0 / iAimFP0][Stopped/Manual Start]
  <System32\DRIVERS\wADV01nt.sys><Intel Corporation>
[iAimFP1 / iAimFP1][Stopped/Manual Start]
  <System32\DRIVERS\wADV02NT.sys><Intel Corporation>
[iAimFP2 / iAimFP2][Stopped/Manual Start]
  <System32\DRIVERS\wADV05NT.sys><Intel Corporation>
[iAimFP3 / iAimFP3][Stopped/Manual Start]
  <System32\DRIVERS\wSiINTxx.sys><Intel Corporation>
[iAimFP4 / iAimFP4][Stopped/Manual Start]
  <System32\DRIVERS\wVchNTxx.sys><Intel Corporation>
[iAimTV0 / iAimTV0][Stopped/Manual Start]
  <System32\DRIVERS\wATV01nt.sys><Intel Corporation>
[iAimTV1 / iAimTV1][Stopped/Manual Start]
  <System32\DRIVERS\wATV02NT.sys><Intel Corporation>
[iAimTV2 / iAimTV2][Stopped/Manual Start]
  <System32\DRIVERS\wATV03nt.sys><Intel Corporation>
[iAimTV3 / iAimTV3][Stopped/Manual Start]
  <System32\DRIVERS\wATV04nt.sys><Intel Corporation>
[iAimTV4 / iAimTV4][Stopped/Manual Start]
  <System32\DRIVERS\wCh7xxNT.sys><Intel Corporation>
[Outpost Firewall PlugIn (IMAPFILT.DLL) / IMAPFILT.DLL][Running/Manual Start]
  <\??\C:\PROGRA~1\Agnitum\OUTPOS~1.0\kernel\IMAPFILT.DLL><Agnitum>
[Outpost Firewall PlugIn (MAILFILT.DLL) / MAILFILT.DLL][Running/Manual Start]
  <\??\C:\PROGRA~1\Agnitum\OUTPOS~1.0\kernel\MAILFILT.DLL><Agnitum>
[Outpost Firewall PlugIn (NNTPFILT.DLL) / NNTPFILT.DLL][Running/Manual Start]
  <\??\C:\PROGRA~1\Agnitum\OUTPOS~1.0\kernel\NNTPFILT.DLL><Agnitum>
[Outpost Firewall PlugIn (POP3FILT.DLL) / POP3FILT.DLL][Running/Manual Start]
  <\??\C:\PROGRA~1\Agnitum\OUTPOS~1.0\kernel\POP3FILT.DLL><Agnitum>
[Outpost Firewall PlugIn (PROTECT.DLL) / PROTECT.DLL][Running/Manual Start]
  <\??\C:\PROGRA~1\Agnitum\OUTPOS~1.0\kernel\PROTECT.DLL><Agnitum>
[直接平行連接埠連結驅動程式 / Ptilink][Running/Manual Start]
  <System32\DRIVERS\ptilink.sys><Parallel Technologies, Inc.>
[Secdrv / Secdrv][Stopped/Manual Start]
  <System32\DRIVERS\secdrv.sys><N/A>
[Trend Micro Filter / TmFilter][Running/Auto Start]
  <\??\C:\Program Files\Trend Micro\OfficeScan Client\TmXPFlt.sys><Trend Micro Inc.>
[Trend Micro PreFilter / TmPreFilter][Running/Auto Start]
  <\??\C:\Program Files\Trend Micro\OfficeScan Client\TmPreFlt.sys><Trend Micro Inc.>
[TSP / TSP][Stopped/Manual Start]
  <\??\C:\WINDOWS\system32\drivers\klif.sys><N/A>
[U3sHlpDr / U3sHlpDr][Running/Auto Start]
  <\??\C:\WINDOWS\System32\Drivers\U3sHlpDr.sys><N/A>
[Outpost Firewall Kernel Driver / VFILT][Running/System Start]
  <\??\C:\PROGRA~1\Agnitum\OUTPOS~1.0\kernel\2000\FILTNT.SYS><Agnitum>
[Trend Micro VSAPI NT / VSApiNt][Running/Auto Start]
  <\??\C:\Program Files\Trend Micro\OfficeScan Client\VSApiNt.sys><Trend Micro Inc.>

==================================
Browser Add-ons
[AcroIEHlprObj Class]
  {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} <C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll, Adobe Systems Incorporated>
[Info cache]
  {385AB8C6-FB22-4D17-8834-064E2BA0A6F0} <C:\Documents and Settings\All Users\Application Data\Microsoft\PCTools\pctools.dll, N/A>
[網頁]
  {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} <C:\Program Files\Kaspersky Internet Security 6.0\Kaspersky Internet Security 6.0\scieplugin.dll, Kaspersky Lab>
[參考資料(&R)]
  {92780B25-18CC-41C8-B9BE-3C9C571A8263} <C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL, Microsoft Corporation>
[@C:\Program Files\Messenger\Msgslang.dll,-61144]
  {FB5F1910-F110-11d2-BB9E-00C04F795683} <C:\Program Files\Messenger\msmsgs.exe, Microsoft Corporation>
[收音機(&R)]
  {8E718888-423F-11D2-876E-00A0C9082467} <C:\WINDOWS\System32\msdxm.ocx, Microsoft Corporation>
[CKAVWebScan Object]
  {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} <, N/A>
[Symantec AntiVirus scanner]
  {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} <C:\WINDOWS\Downloaded Program Files\avsniff.dll, Symantec Corporation>
[WUWebControl Class]
  {6414512B-B978-451D-A0D8-FCFDF33E833C} <C:\WINDOWS\System32\wuweb.dll, Microsoft Corporation>
[Symantec RuFSI Utility Class]
  {644E432F-49D3-41A1-8DD5-E099162EEEC5} <C:\WINDOWS\Downloaded Program Files\rufsi.dll, Symantec Corporation>
[MUWebControl Class]
  {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} <C:\WINDOWS\System32\muweb.dll, Microsoft Corporation>
[WScanCtl Class]
  {7B297BFD-85E4-4092-B2AF-16A91B2EA103} <C:\WINDOWS\Downloaded Program Files\webscan.dll, CA>
[EF2KRSE.ctlEF2KRSE]
  {CF265377-E224-11D4-ACE8-0080C8D96040} <C:\WINDOWS\Downloaded Program Files\EF2KRSE.ocx, Data Systems Consulting Co., Ltd.>
[Shockwave Flash Object]
  {D27CDB6E-AE6D-11CF-96B8-444553540000} <C:\WINDOWS\System32\Macromed\Flash\Flash9.ocx, Adobe Systems, Inc.>
[McFreeScan Class]
  {EF791A6B-FC12-4C68-99EF-FB9E207A39E6} <C:\WINDOWS\McAfee.com\FreeScan\mcfscan.dll, McAfee, Inc.>
[匯出至 Microsoft Office Excel(&X)]
  <res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000, N/A>

==================================
Running Processes
[PID: 624][\SystemRoot\System32\smss.exe]  [Microsoft Corporation, 5.1.2600.1106 (xpsp1.020828-1920)]
[PID: 672][\??\C:\WINDOWS\system32\csrss.exe]  [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)]
[PID: 1988][C:\WINDOWS\Explorer.EXE]  [Microsoft Corporation, 6.00.2800.1221 (xpsp2.030511-1403)]
    [C:\WINDOWS\System32\PDesk\PDKERNEL.DLL]  [Matrox Graphics Inc., 6.93.009]
    [C:\WINDOWS\System32\PDesk\PDTOOLS.DLL]  [Matrox Graphics Inc., 6.93.009]
    [C:\WINDOWS\System32\PDesk\PDRESENG.DLL]  [Matrox Graphics Inc., 6.93.009]
    [C:\Program Files\Alwil Software\Avast4\ashShell.dll]  [ALWIL Software, 4, 7, 936, 0]
    [C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll]  [Adobe Systems Incorporated, 7.0.0.2004121400]
    [C:\WINDOWS\System32\MSVCR71.dll]  [Microsoft Corporation, 7.10.3052.4]
    [C:\Program Files\Adobe\Acrobat 7.0\ActiveX\PDFShell.dll]  [Adobe Systems, Inc., 7.0.0.0]
[PID: 420][C:\Program Files\Trend Micro\OfficeScan Client\pccntmon.exe]  [Trend Micro Inc., 7.0.0.1077]
    [C:\Program Files\Trend Micro\OfficeScan Client\loadhttp.dll]  [Trend Micro Inc., 7.0.0.1077]
    [C:\Program Files\Trend Micro\OfficeScan Client\Pwd.dll]  [Trend Micro Inc., 7.0.0.1077]
    [C:\Program Files\Trend Micro\OfficeScan Client\OfcPlugInAPI.dll]  [Trend Micro Inc., 7.0.0.1077]
    [C:\Program Files\Trend Micro\OfficeScan Client\OfcPIPC.dll]  [N/A, ]
    [C:\Program Files\Trend Micro\OfficeScan Client\TimeString.dll]  [N/A, ]
    [C:\Program Files\Trend Micro\OfficeScan Client\ntmonres.dll]  [Trend Micro Inc., 7.0.0.1077]
    [C:\Program Files\Trend Micro\OfficeScan Client\OfcPlugInMain.dll]  [Trend Micro Inc., 7.0.0.1077]
    [C:\Program Files\Trend Micro\OfficeScan Client\OfcPlugInTray.dll]  [Trend Micro Inc., 7.0.0.1077]
    [C:\Program Files\Trend Micro\OfficeScan Client\tmdbg20.dll]  [trend_company_name, 1, 0, 0, 1]
[PID: 428][C:\WINDOWS\System32\PDesk\PDesk.exe]  [Matrox Graphics Inc., 6.93.009]
    [C:\WINDOWS\System32\PDesk\PDTOOLS.DLL]  [Matrox Graphics Inc., 6.93.009]
    [C:\WINDOWS\System32\PDesk\PDRESENG.DLL]  [Matrox Graphics Inc., 6.93.009]
[PID: 436][C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe]  [, 4, 7, 936, 0]
    [C:\PROGRA~1\ALWILS~1\Avast4\aswCmnOS.dll]  [ALWIL Software, 4, 7, 936, 0]
    [C:\WINDOWS\System32\MSVCP71.dll]  [Microsoft Corporation, 7.10.3077.0]
    [C:\WINDOWS\System32\MSVCR71.dll]  [Microsoft Corporation, 7.10.3052.4]
    [C:\PROGRA~1\ALWILS~1\Avast4\ashBase.dll]  [ALWIL Software, 4, 7, 936, 0]
    [C:\PROGRA~1\ALWILS~1\Avast4\aswCmnB.dll]  [ALWIL Software, 4, 7, 936, 0]
    [C:\PROGRA~1\ALWILS~1\Avast4\aswCmnS.dll]  [ALWIL Software, 4, 7, 936, 0]
    [C:\PROGRA~1\ALWILS~1\Avast4\ashTask.dll]  [ALWIL Software, 4, 7, 936, 0]
    [C:\PROGRA~1\ALWILS~1\Avast4\aswAux.dll]  [ALWIL Software, 4, 7, 936, 0]
    [C:\PROGRA~1\ALWILS~1\Avast4\Aavm4h.dll]  [ALWIL Software, 4, 7, 936, 0]
    [C:\Program Files\Alwil Software\Avast4\English\Base.dll]  [ALWIL Software, 4, 7, 936, 0]
    [C:\Program Files\Alwil Software\Avast4\English\Lang.dll]  [ALWIL Software, 4, 7, 936, 0]
    [C:\WINDOWS\System32\MFC71.DLL]  [Microsoft Corporation, 7.10.3077.0]
    [C:\PROGRA~1\ALWILS~1\Avast4\AavmRpch.dll]  [ALWIL Software, 4, 7, 936, 0]
    [c:\program files\alwil software\avast4\ahruimai.dll]  [ALWIL Software, 4, 7, 936, 0]
    [C:\PROGRA~1\ALWILS~1\Avast4\ashUInt.dll]  [ALWIL Software, 4, 7, 936, 0]
    [C:\PROGRA~1\ALWILS~1\Avast4\XT1922.dll]  [Codejock Software, 1, 9, 4, 0]
    [c:\program files\alwil software\avast4\ahruimes.dll]  [ALWIL Software, 4, 7, 936, 0]
    [c:\program files\alwil software\avast4\ahruins.dll]  [ALWIL Software, 4, 7, 936, 0]
    [c:\program files\alwil software\avast4\ahruiout.dll]  [ALWIL Software, 4, 7, 936, 0]
    [c:\program files\alwil software\avast4\ahruip2p.dll]  [ALWIL Software, 4, 7, 936, 0]
    [c:\program files\alwil software\avast4\ahruistd.dll]  [ALWIL Software, 4, 7, 936, 0]
    [c:\program files\alwil software\avast4\ahruiws.dll]  [ALWIL Software, 4, 7, 936, 0]
[PID: 456][C:\WINDOWS\System32\ctfmon.exe]  [Microsoft Corporation, 5.1.2600.1106 (xpsp1.020828-1920)]
[PID: 1164][C:\Program Files\Trend Micro\OfficeScan Client\Pop3Trap.exe]  [Trend Micro Incorporated., 10.0.4.1141]
    [C:\Program Files\Trend Micro\OfficeScan Client\POP3UTIL.dll]  [Trend Micro Incorporated., 10.0.4.1141]
    [C:\Program Files\Trend Micro\OfficeScan Client\tmdbg.dll]  [N/A, ]
    [C:\Program Files\Trend Micro\OfficeScan Client\pewnt2.dll]  [Trend Micro Incorporated., 10.0.4.1141]
    [C:\Program Files\Trend Micro\OfficeScan Client\tmCfwApi.dll]  [Trend Micro Inc., 1.2.0.1020]
[PID: 2664][C:\WINDOWS\System32\wuauclt.exe]  [Microsoft Corporation, 5.8.0.2469 built by: lab01_n(wmbla)]
[PID: 2672][E:\soft\電腦檢測\sreng2\SREng.EXE]  [Smallfrogs Studio, 2.4.12.806]

==================================
File Associations
.TXT  OK. [%SystemRoot%\system32\NOTEPAD.EXE %1]
.EXE  OK. ["%1" %*]
.COM  OK. ["%1" %*]
.PIF  OK. ["%1" %*]
.REG  OK. [regedit.exe "%1"]
.BAT  OK. ["%1" %*]
.SCR  OK. ["%1" /S]
.CHM  OK. ["C:\WINDOWS\hh.exe" %1]
.HLP  OK. [%SystemRoot%\System32\winhlp32.exe %1]
.INI  OK. [%SystemRoot%\System32\NOTEPAD.EXE %1]
.INF  OK. [%SystemRoot%\System32\NOTEPAD.EXE %1]
.VBS  OK. [%SystemRoot%\System32\WScript.exe "%1" %*]
.JS   OK. [%SystemRoot%\System32\WScript.exe "%1" %*]
.LNK  OK. [{00021401-0000-0000-C000-000000000046}]

==================================
Winsock Provider
N/A

==================================
Autorun.Inf
N/A

==================================
HOSTS File
127.0.0.1       localhost

==================================
API HOOK
N/A

==================================
Hidden Process
N/A

==================================




[ 此文章被Rich0401在2007-04-03 12:26重新編輯 ]


一人論命,命師曰︰『即將走名聲運。』,不久報紙頭版果登其照,原是通緝犯落網。名聲有好有壞,端看個人作為。
獻花 x0 回到頂端 [9 樓] From:臺灣中華HiNet | Posted:2007-04-03 12:10 |

<<   1   2   3   4   5  下頁 >>(共 6 頁)
首頁  發表文章 發表投票 回覆文章
Powered by PHPWind v1.3.6
Copyright © 2003-04 PHPWind
Processed in 0.125006 second(s),query:16 Gzip disabled
本站由 瀛睿律師事務所 擔任常年法律顧問 | 免責聲明 | 本網站已依台灣網站內容分級規定處理 | 連絡我們 | 訪客留言