開機五分鐘即死當,而且每次音效都要重驅,
附上hijack和SREng報告,請各位大大幫忙,感溫吶~
---------------------------------------------
Logfile of HijackThis v1.99.1
Scan saved at 上午 08:48:41, on 2007/4/2
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Trend Micro\OfficeScan Client\pccntmon.exe
C:\WINDOWS\System32\PDesk\PDesk.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\WINDOWS\System32\ctfmon.exe
C:\Program Files\Trend Micro\OfficeScan Client\Pop3Trap.exe
C:\Program Files\Common Files\Microsoft
Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\System32\mgabg.exe
C:\Program Files\Trend Micro\OfficeScan Client\ntrtscan.exe
C:\Program Files\Trend Micro\OfficeScan Client\OfcPfwSvc.exe
C:\PROGRA~1\Agnitum\OUTPOS~1.0\outpost.exe
C:\Program Files\Trend Micro\OfficeScan Client\tmlisten.exe
E:\soft\卡巴斯基移除\sreng2\SREng.EXE
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\TEMP\GA54BE.EXE
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\WINDOWS\System32\wuauclt.exe
E:\soft\卡巴斯基移除\HijackThis.exe
C:\WINDOWS\System32\wuauclt.exe
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-
784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0
\ActiveX\AcroIEHelper.dll
O2 - BHO: Info cache - {385AB8C6-FB22-4D17-8834-064E2BA0A6F0}
- C:\Documents and Settings\All Users\Application
Data\Microsoft\PCTools\pctools.dll (file missing)
O3 - Toolbar: 收音機(&R) - {8E718888-423F-11D2-876E-
00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1
\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [CJIMETIPSYNC] C:\Program Files\Common
Files\Microsoft Shared\IME\IMTC65\CHANGJIE\CINTLCFG.EXE
/CJIMETIPSync
O4 - HKLM\..\Run: [PHIMETIPSYNC] C:\Program Files\Common
Files\Microsoft Shared\IME\IMTC65\PHONETIC\TINTLCFG.EXE
/PHIMETIPSync
O4 - HKLM\..\Run: [OfficeScanNT Monitor] "C:\Program
Files\Trend Micro\OfficeScan Client\pccntmon.exe" -HideWindow
O4 - HKLM\..\Run: [Matrox Powerdesk] C:\WINDOWS\System32
\PDesk\PDesk.exe /Autolaunch
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4
\ashDisp.exe
O4 - HKLM\..\Run: [Outpost Firewall] C:\PROGRA~1
\Agnitum\OUTPOS~1.0\outpost.exe /waitservice
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\System32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program
Files\Messenger\msmsgs.exe" /background
O8 - Extra context menu item: 匯出至 Microsoft Office Excel
(&X) - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: 網頁 - {1F460357-8A94-4D71-9CA3-
AA4ACF32ED8E} - C:\Program Files\Kaspersky Internet Security
6.0\Kaspersky Internet Security 6.0\scieplugin.dll
O9 - Extra button: 參考資料 - {92780B25-18CC-41C8-B9BE-
3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: @C:\Program Files\Messenger\Msgslang.dll,
-61144 - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program
Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: @C:\Program
Files\Messenger\Msgslang.dll,-61144 - {FB5F1910-F110-11d2-
BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=http://iisltd/
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75}
(CKAVWebScan Object) -
http://www.kaspersky.com/kos/eng/...t/kavwebscan_unicode.cab
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec
AntiVirus scanner) -
http://security.symantec.com/sscv...t/vc/bin/AvSniff.cab
O16 - DPF: {2D272DB5-C4CC-11D3-AAEE-0080C8BA466E}
(EF2KRS2.ctlEF2KRS2) -
http://iislabdoc/ef2klaba/c...EF2KRS2.CABO16 - DPF: {53548F21-D707-11D3-AB0C-0080C8BA466E}
(EF2KARY2.ctlEF2KARY2) -
http://iislabdoc/ef2klaba/c...F2KARY2.CABO16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C}
(WUWebControl Class) -
http://update.microsoft.com/windo...Controls/en/x86/client/wuweb_site.cab?1122965056321
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec
RuFSI Utility Class) -
http://security.symantec.com/sscv...t/common/bin/cabsa.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3}
(MUWebControl Class) -
http://update.microsoft.com/micro...V5Controls/en/x86/client/muweb_site.cab?1123032126434
O16 - DPF: {8C8A4F18-D7AA-11D4-B11A-00485455560C} -
http://iislabdoc/ef2klaba/c...F2KGrid.CABO16 - DPF: {CF265377-E224-11D4-ACE8-0080C8D96040}
(EF2KRSE.ctlEF2KRSE) -
http://iislabdoc/ef2klaba/c...EF2KRSE.CABO16 - DPF: {EF791A6B-FC12-4C68-99EF-FB9E207A39E6} (McFreeScan
Class) -
http://download.mcafe...bin/iss-loc/mcfscan/2,1,0,4795/mcfscan.cab
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-
8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file
missing)
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) -
Unknown owner - C:\Program Files\Alwil Software\Avast4
\aswUpdSv.exe
O23 - Service: avast! Antivirus - Unknown owner - C:\Program
Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner -
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service
(file missing)
O23 - Service: avast! Web Scanner - Unknown owner -
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service
(file missing)
O23 - Service: MGABGEXE - Matrox Graphics Inc. -
C:\WINDOWS\System32\mgabg.exe
O23 - Service: OfficeScanNT 即時掃瞄 (ntrtscan) - Trend Micro
Inc. - C:\Program Files\Trend Micro\OfficeScan
Client\ntrtscan.exe
O23 - Service: OfficeScanNT 防火牆 (OfcPfwSvc) - Trend Micro
Inc. - C:\Program Files\Trend Micro\OfficeScan
Client\OfcPfwSvc.exe
O23 - Service: Outpost Firewall Service (OutpostFirewall) -
Agnitum - C:\PROGRA~1\Agnitum\OUTPOS~1.0\outpost.exe
O23 - Service: OfficeScanNT Listener (tmlisten) - Trend Micro
Inc. - C:\Program Files\Trend Micro\OfficeScan
Client\tmlisten.exe
---------------------------------------------
[Copy to clipboard] [ - ]CODE:
2007-04-02,08:52:08
System Repair Engineer 2.4.12.806
Smallfrogs (
http://www.KZ....com)
Windows XP Professional Service Pack 1 (Build 2600) -
Administrative User - Completed Functions Allowed
Follow item(s) have been choosed:
All Boot Items (Including Registry, Startup Folders,
Services and so on)
Browser Add-ons
Runing Processes (Including process model information)
File Associations
Winsock Provider
Autorun.Inf
HOSTS File
Boot Items
Registry
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\
Run]
<ctfmon.exe><C:\WINDOWS\System32\ctfmon.exe>
[(Verified)Microsoft Windows XP Publisher]
<MSMSGS><"C:\Program Files\Messenger\msmsgs.exe"
/background> [(Verified)Microsoft Corporation]
[HKEY_CURRENT_USER\Software\Microsoft\Windows
NT\CurrentVersion\Windows]
<load><> [N/A]
<run><> [N/A]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion
\Run]
<IMJPMIG8.1><"C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil
/RemAdvDef /Migration32> [(Verified)Microsoft Windows XP
Publisher]
<CJIMETIPSYNC><C:\Program Files\Common Files\Microsoft
Shared\IME\IMTC65\CHANGJIE\CINTLCFG.EXE /CJIMETIPSync>
[(Verified)Microsoft Corporation]
<PHIMETIPSYNC><C:\Program Files\Common Files\Microsoft
Shared\IME\IMTC65\PHONETIC\TINTLCFG.EXE /PHIMETIPSync>
[(Verified)Microsoft Corporation]
<OfficeScanNT Monitor><"C:\Program Files\Trend
Micro\OfficeScan Client\pccntmon.exe" -HideWindow> [Trend
Micro Inc.]
<Matrox Powerdesk><C:\WINDOWS\System32\PDesk\PDesk.exe
/Autolaunch> [(Verified)Microsoft Windows XP Publisher]
<avast!><C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe>
[(Verified)ALWIL Software]
<Outpost Firewall><C:\PROGRA~1\Agnitum\OUTPOS~1.0
\outpost.exe /waitservice> [Agnitum]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows
NT\CurrentVersion\Winlogon]
<shell><Explorer.exe> [(Verified)Microsoft Windows XP
Publisher]
<Userinit><C:\WINDOWS\system32\userinit.exe,>
[(Verified)]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows
NT\CurrentVersion\Windows]
<AppInit_DLLs><> [N/A]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows
NT\CurrentVersion\Winlogon]
<UIHost><logonui.exe> [(Verified)Microsoft Windows XP
Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion
\Explorer\ShellExecuteHooks]
<{41AE6BB6-3815-4F48-8FA4-920B586BA193}><> [N/A]
<{D14CE39F-EED3-489A-948C-FCD588F831E7}><> [N/A]
<{06A48AD9-FF57-4E73-937B-B493E72F4226}><> [N/A]
<{6E44887F-5214-41F2-AB46-4728735C4CC6}><> [N/A]
<{57B86673-276A-48B2-BAE7-C6DBB3020EB8}><> [N/A]
==================================
Startup Folders
[REBECCA]
<C:\Documents and Settings\sinotech.54-573\「開始」功能表\
程式集\啟動\REBECCA.lnk --> E:\RIMARTS\REBECCA\REBECCA.EXE
[RimArts, Inc.]><N>
[Reminder]
<C:\Documents and Settings\sinotech.54-573\「開始」功能表\
程式集\啟動\Reminder.lnk --> E:\REMINDER\Reminder.exe [Kana
Solution]><N>
[標點符號.exe]
<C:\Documents and Settings\sinotech.54-573\「開始」功能表\
程式集\啟動\標點符號.exe.lnk --> E:\原DISK~1\C\game\FU\標點符
號.exe [台灣鉅軟科技 HZYSoft Corporation]><N>
==================================
Services
[ASP.NET State Service / aspnet_state][Stopped/Manual Start]
<C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322
\aspnet_state.exe><Microsoft Corporation>
[avast! iAVS4 Control Service / aswUpdSv][Running/Auto Start]
<"C:\Program Files\Alwil Software\Avast4
\aswUpdSv.exe"><N/A>
[avast! Antivirus / avast! Antivirus][Running/Auto Start]
<"C:\Program Files\Alwil Software\Avast4\ashServ.exe"><>
[avast! Mail Scanner / avast! Mail Scanner][Running/Manual
Start]
<"C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe"
/service><ALWIL Software>
[avast! Web Scanner / avast! Web Scanner][Running/Manual
Start]
<"C:\Program Files\Alwil Software\Avast4\ashWebSv.exe"
/service><ALWIL Software>
[AVG Anti-Spyware Guard / AVG Anti-Spyware Guard]
[Stopped/Disabled]
<><N/A>
[Performance Moniter / BRGNS][Stopped/Auto Start]
<C:\WINDOWS\SYSTEM32\RUNDLLFROMWIN2000.EXE
C:\WINDOWS\SYSTEM32\WBEM\RHBKO.DLL,Export 1087><Microsoft
Corporation>
[Human Interface Device Access / HidServ][Stopped/Disabled]
<C:\WINDOWS\System32\svchost.exe -k netsvcs-->%SystemRoot%
\System32\hidserv.dll><N/A>
[MGABGEXE / MGABGEXE][Running/Auto Start]
<C:\WINDOWS\System32\mgabg.exe><Matrox Graphics Inc.>
[OfficeScanNT 即時掃瞄 / ntrtscan][Running/Auto Start]
<C:\Program Files\Trend Micro\OfficeScan
Client\ntrtscan.exe><Trend Micro Inc.>
[OfficeScanNT 防火牆 / OfcPfwSvc][Running/Auto Start]
<C:\Program Files\Trend Micro\OfficeScan
Client\OfcPfwSvc.exe><Trend Micro Inc.>
[Outpost Firewall Service / OutpostFirewall][Running/Auto
Start]
<C:\PROGRA~1\Agnitum\OUTPOS~1.0\outpost.exe
/service><Agnitum>
[OfficeScanNT Listener / tmlisten][Running/Auto Start]
<C:\Program Files\Trend Micro\OfficeScan
Client\tmlisten.exe><Trend Micro Inc.>
==================================
Drivers
[Intel(r) 82801 Audio Driver Install Service (WDM) /
ac97intc][Running/Manual Start]
<system32\drivers\ac97intc.sys><Intel Corporation>
[Outpost Firewall PlugIn (ADBLOCK.DLL) / ADBLOCK.DLL]
[Running/Manual Start]
<\??\C:\PROGRA~1\Agnitum\OUTPOS~1.0
\kernel\ADBLOCK.DLL><Agnitum>
[AVG Anti-Spyware Driver / AVG Anti-Spyware Driver]
[Stopped/System Start]
<\??\C:\Program Files\Grisoft\AVG Anti-Spyware 7.5
\guard.sys><N/A>
[AVG Anti-Spyware Clean Driver / AvgAsCln][Stopped/System
Start]
<System32\DRIVERS\AvgAsCln.sys><N/A>
[Outpost Firewall PlugIn (CONTENT.DLL) / CONTENT.DLL]
[Running/Manual Start]
<\??\C:\PROGRA~1\Agnitum\OUTPOS~1.0
\kernel\CONTENT.DLL><Agnitum>
[CO_Mon / CO_Mon][Stopped/Manual Start]
<\??\C:\WINDOWS\System32\Drivers\CO_Mon.sys><N/A>
[Outpost Firewall PlugIn (DNSCACHE.DLL) / DNSCACHE.DLL]
[Running/Manual Start]
<\??\C:\PROGRA~1\Agnitum\OUTPOS~1.0
\kernel\DNSCACHE.DLL><Agnitum>
[Intel(R) PRO Adapter Driver / E100B][Running/Manual Start]
<System32\DRIVERS\e100b325.sys><Intel Corporation>
[Filseclab Dynamic Defense System Driver / filar]
[Stopped/System Start]
<\??\C:\PROGRA~1\COMMON~1\FILSEC~1\filar.sys><N/A>
[Outpost Firewall PlugIn (FTPFILT.DLL) / FTPFILT.DLL]
[Running/Manual Start]
<\??\C:\PROGRA~1\Agnitum\OUTPOS~1.0
\kernel\FTPFILT.DLL><Agnitum>
[G400 / G400][Stopped/Manual Start]
<System32\DRIVERS\G400m.sys><Matrox Graphics Inc.>
[G400DH / G400DH][Running/Manual Start]
<System32\DRIVERS\g400dhm.sys><Matrox Graphics Inc.>
[Outpost Firewall PlugIn (HTMLFILT.DLL) / HTMLFILT.DLL]
[Running/Manual Start]
<\??\C:\PROGRA~1\Agnitum\OUTPOS~1.0
\kernel\HTMLFILT.DLL><Agnitum>
[Outpost Firewall PlugIn (HTTPFILT.DLL) / HTTPFILT.DLL]
[Running/Manual Start]
<\??\C:\PROGRA~1\Agnitum\OUTPOS~1.0
\kernel\HTTPFILT.DLL><Agnitum>
[i81x / i81x][Stopped/Manual Start]
<System32\DRIVERS\i81xnt5.sys><Intel Corporation>
[iAimFP0 / iAimFP0][Stopped/Manual Start]
<System32\DRIVERS\wADV01nt.sys><Intel Corporation>
[iAimFP1 / iAimFP1][Stopped/Manual Start]
<System32\DRIVERS\wADV02NT.sys><Intel Corporation>
[iAimFP2 / iAimFP2][Stopped/Manual Start]
<System32\DRIVERS\wADV05NT.sys><Intel Corporation>
[iAimFP3 / iAimFP3][Stopped/Manual Start]
<System32\DRIVERS\wSiINTxx.sys><Intel Corporation>
[iAimFP4 / iAimFP4][Stopped/Manual Start]
<System32\DRIVERS\wVchNTxx.sys><Intel Corporation>
[iAimTV0 / iAimTV0][Stopped/Manual Start]
<System32\DRIVERS\wATV01nt.sys><Intel Corporation>
[iAimTV1 / iAimTV1][Stopped/Manual Start]
<System32\DRIVERS\wATV02NT.sys><Intel Corporation>
[iAimTV2 / iAimTV2][Stopped/Manual Start]
<System32\DRIVERS\wATV03nt.sys><Intel Corporation>
[iAimTV3 / iAimTV3][Stopped/Manual Start]
<System32\DRIVERS\wATV04nt.sys><Intel Corporation>
[iAimTV4 / iAimTV4][Stopped/Manual Start]
<System32\DRIVERS\wCh7xxNT.sys><Intel Corporation>
[Outpost Firewall PlugIn (IMAPFILT.DLL) / IMAPFILT.DLL]
[Running/Manual Start]
<\??\C:\PROGRA~1\Agnitum\OUTPOS~1.0
\kernel\IMAPFILT.DLL><Agnitum>
[Outpost Firewall PlugIn (MAILFILT.DLL) / MAILFILT.DLL]
[Running/Manual Start]
<\??\C:\PROGRA~1\Agnitum\OUTPOS~1.0
\kernel\MAILFILT.DLL><Agnitum>
[Outpost Firewall PlugIn (NNTPFILT.DLL) / NNTPFILT.DLL]
[Running/Manual Start]
<\??\C:\PROGRA~1\Agnitum\OUTPOS~1.0
\kernel\NNTPFILT.DLL><Agnitum>
[Outpost Firewall PlugIn (POP3FILT.DLL) / POP3FILT.DLL]
[Running/Manual Start]
<\??\C:\PROGRA~1\Agnitum\OUTPOS~1.0
\kernel\POP3FILT.DLL><Agnitum>
[Outpost Firewall PlugIn (PROTECT.DLL) / PROTECT.DLL]
[Running/Manual Start]
<\??\C:\PROGRA~1\Agnitum\OUTPOS~1.0
\kernel\PROTECT.DLL><Agnitum>
[直接平行連接埠連結驅動程式 / Ptilink][Running/Manual Start]
<System32\DRIVERS\ptilink.sys><Parallel Technologies, Inc.>
[Secdrv / Secdrv][Stopped/Manual Start]
<System32\DRIVERS\secdrv.sys><N/A>
[%SkyUsb.SvcDesc% / SKYLARK][Stopped/Manual Start]
<system32\drivers\skyusb.sys><Windows (R) 2000 DDK
provider>
[Trend Micro Filter / TmFilter][Running/Auto Start]
<\??\C:\Program Files\Trend Micro\OfficeScan
Client\TmXPFlt.sys><Trend Micro Inc.>
[Trend Micro PreFilter / TmPreFilter][Running/Auto Start]
<\??\C:\Program Files\Trend Micro\OfficeScan
Client\TmPreFlt.sys><Trend Micro Inc.>
[TSP / TSP][Stopped/Manual Start]
<\??\C:\WINDOWS\system32\drivers\klif.sys><N/A>
[U3sHlpDr / U3sHlpDr][Running/Auto Start]
<\??\C:\WINDOWS\System32\Drivers\U3sHlpDr.sys><N/A>
[Outpost Firewall Kernel Driver / VFILT][Running/System
Start]
<\??\C:\PROGRA~1\Agnitum\OUTPOS~1.0\kernel\2000
\FILTNT.SYS><Agnitum>
[Trend Micro VSAPI NT / VSApiNt][Running/Auto Start]
<\??\C:\Program Files\Trend Micro\OfficeScan
Client\VSApiNt.sys><Trend Micro Inc.>
==================================
Browser Add-ons
[AcroIEHlprObj Class]
{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} <C:\Program
Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll, Adobe
Systems Incorporated>
[Info cache]
{385AB8C6-FB22-4D17-8834-064E2BA0A6F0} <C:\Documents and
Settings\All Users\Application
Data\Microsoft\PCTools\pctools.dll, N/A>
[網頁]
{1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} <C:\Program
Files\Kaspersky Internet Security 6.0\Kaspersky Internet
Security 6.0\scieplugin.dll, Kaspersky Lab>
[參考資料(&R)]
{92780B25-18CC-41C8-B9BE-3C9C571A8263} <C:\PROGRA~1
\MICROS~2\OFFICE11\REFIEBAR.DLL, Microsoft Corporation>
[@C:\Program Files\Messenger\Msgslang.dll,-61144]
{FB5F1910-F110-11d2-BB9E-00C04F795683} <C:\Program
Files\Messenger\msmsgs.exe, Microsoft Corporation>
[收音機(&R)]
{8E718888-423F-11D2-876E-00A0C9082467}
<C:\WINDOWS\System32\msdxm.ocx, Microsoft Corporation>
[CKAVWebScan Object]
{0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} <, N/A>
[Symantec AntiVirus scanner]
{2BC66F54-93A8-11D3-BEB6-00105AA9B6AE}
<C:\WINDOWS\Downloaded Program Files\avsniff.dll, Symantec
Corporation>
[EF2KRS2.ctlEF2KRS2]
{2D272DB5-C4CC-11D3-AAEE-0080C8BA466E}
<C:\WINDOWS\Downloaded Program Files\EF2KRS2.ocx, Data
Systems Consulting Co., Ltd.>
[EF2KARY2.ctlEF2KARY2]
{53548F21-D707-11D3-AB0C-0080C8BA466E}
<C:\WINDOWS\Downloaded Program Files\EF2KARY2.ocx, Data
Systems Consulting Co., Ltd.>
[WUWebControl Class]
{6414512B-B978-451D-A0D8-FCFDF33E833C}
<C:\WINDOWS\System32\wuweb.dll, Microsoft Corporation>
[Symantec RuFSI Utility Class]
{644E432F-49D3-41A1-8DD5-E099162EEEC5}
<C:\WINDOWS\Downloaded Program Files\rufsi.dll, Symantec
Corporation>
[MUWebControl Class]
{6E32070A-766D-4EE6-879C-DC1FA91D2FC3}
<C:\WINDOWS\System32\muweb.dll, Microsoft Corporation>
[EF2KRSE.ctlEF2KRSE]
{CF265377-E224-11D4-ACE8-0080C8D96040}
<C:\WINDOWS\Downloaded Program Files\EF2KRSE.ocx, Data
Systems Consulting Co., Ltd.>
[Shockwave Flash Object]
{D27CDB6E-AE6D-11CF-96B8-444553540000}
<C:\WINDOWS\System32\Macromed\Flash\Flash9.ocx, Adobe
Systems, Inc.>
[McFreeScan Class]
{EF791A6B-FC12-4C68-99EF-FB9E207A39E6}
<C:\WINDOWS\McAfee.com\FreeScan\mcfscan.dll, McAfee, Inc.>
[匯出至 Microsoft Office Excel(&X)]
<res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000, N/A>
==================================
Running Processes
[PID: 568][\SystemRoot\System32\smss.exe] [Microsoft
Corporation, 5.1.2600.1106 (xpsp1.020828-1920)]
[PID: 672][\??\C:\WINDOWS\system32\csrss.exe] [Microsoft
Corporation, 5.1.2600.0 (xpclient.010817-1148)]
[PID: 1748][C:\WINDOWS\Explorer.EXE] [Microsoft Corporation,
6.00.2800.1221 (xpsp2.030511-1403)]
[C:\Program Files\Alwil Software\Avast4\ashShell.dll]
[ALWIL Software, 4, 7, 936, 0]
[C:\Program Files\Adobe\Acrobat 7.0
\ActiveX\AcroIEHelper.dll] [Adobe Systems Incorporated,
7.0.0.2004121400]
[C:\WINDOWS\System32\MSVCR71.dll] [Microsoft
Corporation, 7.10.3052.4]
[C:\Program Files\Adobe\Acrobat 7.0\ActiveX\PDFShell.dll]
[Adobe Systems, Inc., 7.0.0.0]
[C:\WINDOWS\System32\PDesk\PDKERNEL.DLL] [Matrox
Graphics Inc., 6.93.009]
[C:\WINDOWS\System32\PDesk\PDTOOLS.DLL] [Matrox Graphics
Inc., 6.93.009]
[C:\WINDOWS\System32\PDesk\PDRESENG.DLL] [Matrox
Graphics Inc., 6.93.009]
[PID: 1892][C:\Program Files\Trend Micro\OfficeScan
Client\pccntmon.exe] [Trend Micro Inc., 7.0.0.1077]
[C:\Program Files\Trend Micro\OfficeScan
Client\loadhttp.dll] [Trend Micro Inc., 7.0.0.1077]
[C:\Program Files\Trend Micro\OfficeScan Client\Pwd.dll]
[Trend Micro Inc., 7.0.0.1077]
[C:\Program Files\Trend Micro\OfficeScan
Client\OfcPlugInAPI.dll] [Trend Micro Inc., 7.0.0.1077]
[C:\Program Files\Trend Micro\OfficeScan
Client\OfcPIPC.dll] [N/A, ]
[C:\Program Files\Trend Micro\OfficeScan
Client\TimeString.dll] [N/A, ]
[C:\Program Files\Trend Micro\OfficeScan
Client\ntmonres.dll] [Trend Micro Inc., 7.0.0.1077]
[C:\Program Files\Trend Micro\OfficeScan
Client\OfcPlugInMain.dll] [Trend Micro Inc., 7.0.0.1077]
[C:\Program Files\Trend Micro\OfficeScan
Client\OfcPlugInTray.dll] [Trend Micro Inc., 7.0.0.1077]
[C:\Program Files\Trend Micro\OfficeScan
Client\tmdbg20.dll] [trend_company_name, 1, 0, 0, 1]
[PID: 1900][C:\WINDOWS\System32\PDesk\PDesk.exe] [Matrox
Graphics Inc., 6.93.009]
[C:\WINDOWS\System32\PDesk\PDTOOLS.DLL] [Matrox Graphics
Inc., 6.93.009]
[C:\WINDOWS\System32\PDesk\PDRESENG.DLL] [Matrox
Graphics Inc., 6.93.009]
[PID: 1908][C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe] [, 4,
7, 936, 0]
[C:\PROGRA~1\ALWILS~1\Avast4\aswCmnOS.dll] [ALWIL
Software, 4, 7, 936, 0]
[C:\WINDOWS\System32\MSVCP71.dll] [Microsoft
Corporation, 7.10.3077.0]
[C:\WINDOWS\System32\MSVCR71.dll] [Microsoft
Corporation, 7.10.3052.4]
[C:\PROGRA~1\ALWILS~1\Avast4\ashBase.dll] [ALWIL
Software, 4, 7, 936, 0]
[C:\PROGRA~1\ALWILS~1\Avast4\aswCmnB.dll] [ALWIL
Software, 4, 7, 936, 0]
[C:\PROGRA~1\ALWILS~1\Avast4\aswCmnS.dll] [ALWIL
Software, 4, 7, 936, 0]
[C:\PROGRA~1\ALWILS~1\Avast4\ashTask.dll] [ALWIL
Software, 4, 7, 936, 0]
[C:\PROGRA~1\ALWILS~1\Avast4\aswAux.dll] [ALWIL
Software, 4, 7, 936, 0]
[C:\PROGRA~1\ALWILS~1\Avast4\Aavm4h.dll] [ALWIL
Software, 4, 7, 936, 0]
[C:\Program Files\Alwil Software\Avast4\English\Base.dll]
[ALWIL Software, 4, 7, 936, 0]
[C:\Program Files\Alwil Software\Avast4\English\Lang.dll]
[ALWIL Software, 4, 7, 936, 0]
[C:\WINDOWS\System32\MFC71.DLL] [Microsoft Corporation,
7.10.3077.0]
[C:\PROGRA~1\ALWILS~1\Avast4\AavmRpch.dll] [ALWIL
Software, 4, 7, 936, 0]
[c:\program files\alwil software\avast4\ahruimai.dll]
[ALWIL Software, 4, 7, 936, 0]
[C:\PROGRA~1\ALWILS~1\Avast4\ashUInt.dll] [ALWIL
Software, 4, 7, 936, 0]
[C:\PROGRA~1\ALWILS~1\Avast4\XT1922.dll] [Codejock
Software, 1, 9, 4, 0]
[c:\program files\alwil software\avast4\ahruimes.dll]
[ALWIL Software, 4, 7, 936, 0]
[c:\program files\alwil software\avast4\ahruins.dll]
[ALWIL Software, 4, 7, 936, 0]
[c:\program files\alwil software\avast4\ahruiout.dll]
[ALWIL Software, 4, 7, 936, 0]
[c:\program files\alwil software\avast4\ahruip2p.dll]
[ALWIL Software, 4, 7, 936, 0]
[c:\program files\alwil software\avast4\ahruistd.dll]
[ALWIL Software, 4, 7, 936, 0]
[c:\program files\alwil software\avast4\ahruiws.dll]
[ALWIL Software, 4, 7, 936, 0]
[PID: 1952][C:\WINDOWS\System32\ctfmon.exe] [Microsoft
Corporation, 5.1.2600.1106 (xpsp1.020828-1920)]
[PID: 316][C:\Program Files\Trend Micro\OfficeScan
Client\Pop3Trap.exe] [Trend Micro Incorporated.,
10.0.4.1141]
[C:\Program Files\Trend Micro\OfficeScan
Client\POP3UTIL.dll] [Trend Micro Incorporated.,
10.0.4.1141]
[C:\Program Files\Trend Micro\OfficeScan
Client\tmdbg.dll] [N/A, ]
[C:\Program Files\Trend Micro\OfficeScan
Client\pewnt2.dll] [Trend Micro Incorporated., 10.0.4.1141]
[C:\Program Files\Trend Micro\OfficeScan
Client\tmCfwApi.dll] [Trend Micro Inc., 1.2.0.1020]
[PID: 1592][E:\soft\卡巴斯基移除\sreng2\SREng.EXE]
[Smallfrogs Studio, 2.4.12.806]
[PID: 2764][C:\WINDOWS\System32\wuauclt.exe] [Microsoft
Corporation, 5.8.0.2469 built by: lab01_n(wmbla)]
==================================
File Associations
.TXT Error. [C:\WINDOWS\NOTEPAD.EXE %1]
.EXE OK. ["%1" %*]
.COM OK. ["%1" %*]
.PIF OK. ["%1" %*]
.REG OK. [regedit.exe "%1"]
.BAT OK. ["%1" %*]
.SCR OK. ["%1" /S]
.CHM OK. ["C:\WINDOWS\hh.exe" %1]
.HLP OK. [%SystemRoot%\System32\winhlp32.exe %1]
.INI OK. [%SystemRoot%\System32\NOTEPAD.EXE %1]
.INF OK. [%SystemRoot%\System32\NOTEPAD.EXE %1]
.VBS OK. [%SystemRoot%\System32\WScript.exe "%1" %*]
.JS OK. [%SystemRoot%\System32\WScript.exe "%1" %*]
.LNK OK. [{00021401-0000-0000-C000-000000000046}]
==================================
Winsock Provider
N/A
==================================
Autorun.Inf
N/A
==================================
HOSTS File
127.0.0.1 localhost
==================================
API HOOK
N/A
==================================
Hidden Process
N/A
==================================
