瀏覽器被綁架

發表時間: 2008-11-14 11:38    作者: www12321    來源: AVPClub Security Home

字體: 小 中 大 | 打印

我的瀏覽器被綁架了  
開啟ie時會跳到http://www.microsoft.com/isapi/redir.dll?prd=ie&clcid=0x404&pver=6.0&ar=home
然後再跳到http://tw.msn.com/
我試過反黑精英的ie修復沒有效
試過重註冊表-尋找-http://www.microsoft.com/isapi/redir.dll?prd=ie&clcid=0x404&pver=6.0&ar=home-沒找到東西
請問有什麼辦法可以救回來
各位大大幫幫我

SREngLog分析出來的東西

CODE:

2008-11-14,11:26:00
System Repair Engineer 2.7.0.1210
Smallfrogs (http://www.KZTechs.com)
Windows XP Professional Service Pack 3 (Build 2600) - 管理許可權用戶 - 完整功能
以下內容被選中：
    所有的啟動項目（包括註冊表、開機檔案夾、服務等）
    流覽器載入項
    正在運行的進程（包括進程模組資訊）
    文件關聯
    Winsock 提供者
    Autorun.inf
    HOSTS 文件
    進程特權掃描
    計畫任務
    API HOOK
    隱藏進程

啟動專案
註冊表
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
    <ctfmon.exe><C:\WINDOWS\system32\ctfmon.exe>  [(Verified)Microsoft Windows Component Publisher]
    <Yahoo! Pager><"C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet>  [(Verified)Yahoo! Inc.]
    <ccleaner><"C:\Program Files\CCleaner\CCleaner.exe" /AUTO>  [(Verified)Piriform Ltd]
[HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows]
    <load><>  [N/A]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
    <IMJPMIG8.1><"C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32>  [(Verified)Microsoft Windows Publisher]
    <AzMixerSel><C:\Program Files\Realtek\InstallShield\AzMixerSel.exe>  [Realtek Semiconductor Corp.]
    <LManager><C:\PROGRA~1\LAUNCH~1\LManager.exe>  [Dritek System Inc.]
    <SynTPEnh><C:\Program Files\Synaptics\SynTP\SynTPEnh.exe>  [(Verified)Microsoft Windows Hardware Compatibility Publisher]
    <igfxtray><C:\WINDOWS\system32\igfxtray.exe>  [(Verified)Microsoft Windows Hardware Compatibility Publisher]
    <igfxhkcmd><C:\WINDOWS\system32\hkcmd.exe>  [(Verified)Microsoft Windows Hardware Compatibility Publisher]
    <igfxpers><C:\WINDOWS\system32\igfxpers.exe>  [(Verified)Microsoft Windows Hardware Compatibility Publisher]
    <NeroFilterCheck><C:\WINDOWS\system32\NeroCheck.exe>  [Ahead Software Gmbh]
    <XFILTER><"C:\Program Files\Filseclab\xfilter\xfilter.exe" -a>  [費爾安全實驗室]
    <CJIMETIPSYNC><C:\Program Files\Common Files\Microsoft Shared\IME\IMTC65\CHANGJIE\CINTLCFG.EXE /CJIMETIPSync>  [(Verified)Microsoft Corporation]
    <PHIMETIPSYNC><C:\Program Files\Common Files\Microsoft Shared\IME\IMTC65\PHONETIC\TINTLCFG.EXE /PHIMETIPSync>  [(Verified)Microsoft Corporation]
    <egui><"C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe" /hide /waitservice>  [(Verified)"ESET, spol. s r.o."]
    <SunJavaUpdateSched><"C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe">  [(Verified)"Sun Microsystems, Inc."]
    <Anti Trojan Elite><C:\Program Files\Anti Trojan Elite\TJEnder.exe :NO>  [File is missing]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
    <shell><Explorer.exe>  [(Verified)Microsoft Windows Component Publisher]
    <Userinit><C:\WINDOWS\system32\userinit.exe,>  [(Verified)Microsoft Windows Component Publisher]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Windows]
    <AppInit_DLLs><>  [N/A]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
    <UIHost><logonui.exe>  [(Verified)Microsoft Windows Component Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
    <{AEB6717E-7E19-11d0-97EE-00C04FD91972}><shell32.dll>  [(Verified)Microsoft Windows Component Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
    <PostBootReminder><%SystemRoot%\system32\SHELL32.dll>  [(Verified)Microsoft Windows Component Publisher]
    <CDBurn><%SystemRoot%\system32\SHELL32.dll>  [(Verified)Microsoft Windows Component Publisher]
    <WebCheck><C:\WINDOWS\system32\webcheck.dll>  [(Verified)Microsoft Windows Component Publisher]
    <SysTray><C:\WINDOWS\system32\stobject.dll>  [(Verified)Microsoft Windows Component Publisher]
    <WPDShServiceObj><C:\WINDOWS\system32\WPDShServiceObj.dll>  [(Verified)Microsoft Windows Component Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\crypt32chain]
    <WinlogonNotify: crypt32chain><crypt32.dll>  [(Verified)Microsoft Windows Component Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\cryptnet]
    <WinlogonNotify: cryptnet><cryptnet.dll>  [(Verified)Microsoft Windows Component Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\cscdll]
    <WinlogonNotify: cscdll><cscdll.dll>  [(Verified)Microsoft Windows Component Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\dimsntfy]
    <WinlogonNotify: dimsntfy><%SystemRoot%\System32\dimsntfy.dll>  [(Verified)Microsoft Windows Component Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\igfxcui]
    <WinlogonNotify: igfxcui><igfxdev.dll>  [(Verified)Microsoft Windows Hardware Compatibility Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ScCertProp]
    <WinlogonNotify: ScCertProp><wlnotify.dll>  [(Verified)Microsoft Windows Component Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\Schedule]
    <WinlogonNotify: Schedule><wlnotify.dll>  [(Verified)Microsoft Windows Component Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\sclgntfy]
    <WinlogonNotify: sclgntfy><sclgntfy.dll>  [(Verified)Microsoft Windows Component Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\SensLogn]
    <WinlogonNotify: SensLogn><WlNotify.dll>  [(Verified)Microsoft Windows Component Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\termsrv]
    <WinlogonNotify: termsrv><wlnotify.dll>  [(Verified)Microsoft Windows Component Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WgaLogon]
    <WinlogonNotify: WgaLogon><WgaLogon.dll>  [(Verified)Microsoft Corporation]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\wlballoon]
    <WinlogonNotify: wlballoon><wlnotify.dll>  [(Verified)Microsoft Windows Component Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler]
    <{438755C2-A8BA-11D1-B96B-00A0C90312E1}><%SystemRoot%\system32\browseui.dll>  [(Verified)Microsoft Windows Component Publisher]
    <{8C7461EF-2B13-11d2-BE35-3078302C2030}><%SystemRoot%\system32\browseui.dll>  [(Verified)Microsoft Windows Component Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\<{12d0ed0d-0ee0-4f90-8827-78cefb8f4988}]
    <IE7 Uninstall Stub><C:\WINDOWS\system32\ieudinit.exe>  [(Verified)Microsoft Windows Component Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\>{22d6f312-b0f6-11d0-94ab-0080c74c7e95}]
    <Microsoft Windows Media Player><C:\WINDOWS\inf\unregmp2.exe /ShowWMP>  [(Verified)Microsoft Windows Component Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\>{26923b43-4d38-484f-9b9e-de460746276c}]
    <Internet Explorer><%systemroot%\system32\shmgrate.exe OCInstallUserConfigIE>  [File is missing]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\>{60B49E34-C7CC-11D0-8953-00A0C90347FF}]
    <Browser Customizations><RunDLL32 IEDKCS32.DLL,BrandIE4 SIGNUP>  [(Verified)Microsoft Windows Component Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\>{60B49E34-C7CC-11D0-8953-00A0C90347FF}MICROS]
    <自訂瀏覽器><RunDLL32 IEDKCS32.DLL,BrandIE4 SIGNUP>  [(Verified)Microsoft Windows Component Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\>{881dd1c5-3dcf-431b-b061-f3f88e8be88a}]
    <Outlook Express><%systemroot%\system32\shmgrate.exe OCInstallUserConfigOE>  [File is missing]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{2C7339CF-2B09-4501-B3F3-F3508C9228ED}]
    <Themes Setup><%SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll>  [File is missing]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{44BBA840-CC51-11CF-AAFA-00AA00B6015C}]
    <Microsoft Outlook Express 6><"%ProgramFiles%\Outlook Express\setup50.exe" /APP:OE /CALLER:WINNT /user /install>  [File is missing]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{44BBA842-CC51-11CF-AAFA-00AA00B6015B}]
    <NetMeeting 3.01><rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msnetmtg.inf,NetMtg.Install.PerUser.NT>  [(Verified)Microsoft Windows Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{5945c046-1e7d-11d1-bc44-00c04fd912be}]
    <Windows Messenger 4.7><rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msmsgs.inf,BLC.QuietInstall.PerUser>  [(Verified)Microsoft Windows Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{6BF52A52-394A-11d3-B153-00C04F79FAA6}]
    <Microsoft Windows Media Player><rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\wmp11.inf,PerUserStub>  [(Verified)Microsoft Windows Component Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{7790769C-0471-11d2-AF11-00C04FA35D02}]
    <Address Book 6><"%ProgramFiles%\Outlook Express\setup50.exe" /APP:WAB /CALLER:WINNT /user /install>  [File is missing]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{89820200-ECBD-11cf-8B85-00AA005B4340}]
    <Windows 桌面更新><regsvr32.exe /s /n /i:U shell32.dll>  [(Verified)Microsoft Windows Component Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{89820200-ECBD-11cf-8B85-00AA005B4383}]
    <Internet Explorer><C:\WINDOWS\system32\ie4uinit.exe -BaseSettings>  [(Verified)Microsoft Windows Component Publisher]
[HKEY_CURRENT_USER\Control Panel\Desktop]
    <SCRNSAVE.EXE><C:\WINDOWS\System32\logon.scr>  [(Verified)Microsoft Windows Component Publisher]
==================================
開機檔案夾
N/A
==================================
服務
[Eset HTTP Server / EhttpSrv][Stopped/Manual Start]
  <"C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe"><ESET>
[Eset Service / ekrn][Running/Auto Start]
  <"C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe"><ESET>
[EQService / EQService][Stopped/Manual Start]
  <><(File is missing)>
[McAfee SiteAdvisor Service / McAfee SiteAdvisor Service][Running/Auto Start]
  <"C:\Program Files\McAfee\SiteAdvisor\McSACore.exe"><>
[MySQL / MySQL][Stopped/Auto Start]
  <"C:\WebServ\mysql\bin\mysqld-nt" --defaults-file="C:\WebServ\mysql\my.ini" MySQL><(File is missing)>
[User Profile Hive Cleanup / UPHClean][Running/Auto Start]
  <C:\Program Files\UPHClean\uphclean.exe><Microsoft Corporation>
[Windows Live Setup Service / WLSetupSvc][Stopped/Manual Start]
  <"C:\Program Files\Windows Live\installer\WLSetupSvc.exe"><Microsoft Corporation>
==================================
驅動程式
[ATE_PROCMON / ATE_PROCMON][Running/Manual Start]
  <\??\C:\Program Files\Anti Trojan Elite\ATEPMon.sys><N/A>
[Broadcom 440x 10/100 Integrated Controller XP Driver / bcm4sbxp][Running/Manual Start]
  <system32\DRIVERS\bcm4sbxp.sys><Broadcom Corporation>
[Dritek Keyboard Filter Driver / DKbFltr][Running/Manual Start]
  <system32\DRIVERS\DKbFltr.sys><Dritek System Inc.>
[EagleNT / EagleNT][Stopped/Manual Start]
  <\??\C:\WINDOWS\system32\drivers\EagleNT.sys><N/A>
[eamon / eamon][Running/Auto Start]
  <system32\DRIVERS\eamon.sys><ESET>
[easdrv / easdrv][Running/System Start]
  <system32\DRIVERS\easdrv.sys><ESET>
[EMSCR / EMSCR][Running/Manual Start]
  <system32\DRIVERS\EMS7SK.sys><ENE Technology Inc.>
[epfwtdir / epfwtdir][Running/System Start]
  <system32\DRIVERS\epfwtdir.sys><N/A>
[EQSysSecure / EQSysSecure][Stopped/Manual Start]
  <\??\C:\WINDOWS\system32\drivers\EQSysSecure.sys><EQSecure>
[ESDCR / ESDCR][Running/Manual Start]
  <system32\DRIVERS\ESD7SK.sys><ENE Technology Inc.>
[ESMCR / ESMCR][Running/Manual Start]
  <system32\DRIVERS\ESM7SK.sys><ENE Technology Inc.>
[Microsoft UAA Bus Driver for High Definition Audio / HDAudBus][Running/Manual Start]
  <system32\DRIVERS\HDAudBus.sys><Windows (R) Server 2003 DDK provider>
[HSFHWAZL / HSFHWAZL][Running/Manual Start]
  <system32\DRIVERS\HSFHWAZL.sys><Conexant Systems, Inc.>
[HSF_DPV / HSF_DPV][Running/Manual Start]
  <system32\DRIVERS\HSF_DPV.sys><Conexant Systems, Inc.>
[ialm / ialm][Running/Manual Start]
  <system32\DRIVERS\ialmnt5.sys><Intel Corporation>
[Service for Realtek HD Audio (WDM) / IntcAzAudAddService][Running/Manual Start]
  <system32\drivers\RtkHDAud.sys><Realtek Semiconductor Corp.>
[mdmxsdk / mdmxsdk][Running/Auto Start]
  <system32\DRIVERS\mdmxsdk.sys><Conexant>
[npkcrypt / npkcrypt][Running/Auto Start]
  <\??\C:\Program Files\Gamania\MapleStory\npkcrypt.sys><INCA Internet Co., Ltd.>
[npkcusb / npkcusb][Stopped/Manual Start]
  <\??\C:\Program Files\Gamania\MapleStory\npkcusb.sys><INCA Internet Co., Ltd.>
[NSNDIS5 NDIS Protocol Driver / NSNDIS5][Stopped/Manual Start]
  <\??\C:\WINDOWS\system32\NSNDIS5.SYS><N/A>
[直接平行連接埠連結驅動程式 / Ptilink][Running/Manual Start]
  <system32\DRIVERS\ptilink.sys><Parallel Technologies, Inc.>
[Sony Ericsson Device 088 driver (WDM) / se58bus][Stopped/Manual Start]
  <system32\DRIVERS\se58bus.sys><MCCI>
[Sony Ericsson Device 088 USB WMC Modem Filter / se58mdfl][Stopped/Manual Start]
  <system32\DRIVERS\se58mdfl.sys><MCCI>
[Sony Ericsson Device 088 USB WMC Modem Driver / se58mdm][Stopped/Manual Start]
  <system32\DRIVERS\se58mdm.sys><MCCI>
[Sony Ericsson Device 088 USB WMC Device Management Drivers (WDM) / se58mgmt][Stopped/Manual Start]
  <system32\DRIVERS\se58mgmt.sys><MCCI>
[Sony Ericsson Device 088 USB Ethernet Emulation SEMC58 (NDIS) / se58nd5][Stopped/Manual Start]
  <system32\DRIVERS\se58nd5.sys><MCCI>
[Sony Ericsson Device 088 USB WMC OBEX Interface / se58obex][Stopped/Manual Start]
  <system32\DRIVERS\se58obex.sys><MCCI>
[Sony Ericsson Device 088 USB Ethernet Emulation SEMC58 (WDM) / se58unic][Stopped/Manual Start]
  <system32\DRIVERS\se58unic.sys><MCCI>
[Secdrv / Secdrv][Stopped/Manual Start]
  <system32\DRIVERS\secdrv.sys><Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.>
[Synaptics TouchPad Driver / SynTP][Running/Manual Start]
  <system32\DRIVERS\SynTP.sys><Synaptics, Inc.>
[Intel(R) PRO/Wireless 3945ABG Adapter Driver / w39n51][Stopped/Manual Start]
  <system32\DRIVERS\w39n51.sys><IntelR Corporation>
[winachsf / winachsf][Running/Manual Start]
  <system32\DRIVERS\HSF_CNXT.sys><Conexant Systems, Inc.>
[Filseclab Packet Filter / XPacket][Running/Boot Start]
  <\SystemRoot\System32\xpacket.sys><Filseclab Corporation>
==================================
流覽器載入項
[Octh Class]
  {000123B4-9B42-4900-B3F7-F4B073EFC214} <C:\Program Files\Orbitdownloader\orbitcth.dll, (Signed) Orbitdownloader.com>
[&Yahoo! Toolbar Helper]
  {02478D38-C3F9-4efb-9B51-7695ECA05670} <C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll, (Signed) Yahoo! Inc.>
[SSVHelper Class]
  {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} <C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll, (Signed) Sun Microsystems, Inc.>
[]
  {7E853D72-626A-48EC-A868-BA8D5E23E045} <, >
[McAfee SiteAdvisor BHO]
  {B164E929-A1B6-4A06-B104-2CD0E90A88FF} <c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll, (Signed) >
[Java Plug-in 1.6.0_07]
  {08B0E5C0-4FCB-11CF-AAA5-00401C608501} <C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll, (Signed) Sun Microsystems, Inc.>
[參考資料(&R)]
  {92780B25-18CC-41C8-B9BE-3C9C571A8263} <C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL, (Signed) Microsoft Corporation>
[]
  {e2e2dd38-d088-4134-82b7-f2ba38496583} <%windir%\Network Diagnostic\xpnetdiag.exe, (Signed) N/A>
[Messenger]
  {FB5F1910-F110-11d2-BB9E-00C04F795683} <C:\Program Files\Messenger\msmsgs.exe, (Signed) Microsoft Corporation>
[Yahoo!奇摩捷徑列]
  {EF99BD32-C1FB-11D2-892F-0090271D4F88} <C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll, (Signed) Yahoo! Inc.>
[McAfee SiteAdvisor Toolbar]
  {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} <c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll, (Signed) >
[ewidoOnlineScan Control]
  {193C772A-87BE-4B19-A7BB-445B226FE9A1} <C:\WINDOWS\DOWNLO~1\EWIDOO~1.DLL, (Signed) Anti-Malware Development a.s.>
[WUWebControl Class]
  {6414512B-B978-451D-A0D8-FCFDF33E833C} <C:\WINDOWS\system32\wuweb.dll, (Signed) Microsoft Corporation>
[MUWebControl Class]
  {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} <C:\WINDOWS\system32\muweb.dll, (Signed) Microsoft Corporation>
[Java Plug-in 1.6.0_07]
  {8AD9C840-044E-11D1-B3E9-00805F499D93} <C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll, (Signed) Sun Microsystems, Inc.>
[]
  {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} <, >
[NowStarter Control]
  {A22B8FD2-4CAA-4EFB-82F7-680CD656D9B0} <C:\WINDOWS\DOWNLO~1\GNOWST~1.OCX, (C) NOWCOM>
[Java Plug-in 1.5.0]
  {CAFEEFAC-0015-0000-0000-ABCDEFFEDCBA} <C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll, (Signed) Sun Microsystems, Inc.>
[Java Plug-in 1.6.0_07]
  {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} <C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll, (Signed) Sun Microsystems, Inc.>
[Java Plug-in 1.6.0_07]
  {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} <C:\Program Files\Java\jre1.6.0_07\bin\npjpi160_07.dll, (Signed) Sun Microsystems, Inc.>
[]
  {00000055-9980-0010-8000-00AA00389B71} <, >
[Octh Class]
  {000123B4-9B42-4900-B3F7-F4B073EFC214} <C:\Program Files\Orbitdownloader\orbitcth.dll, (Signed) Orbitdownloader.com>
[Microsoft Office Spreadsheet 10.0]
  {0002E541-0000-0000-C000-000000000046} <C:\PROGRA~1\COMMON~1\MICROS~1\WEBCOM~1\10\OWC10.DLL, (Signed) Microsoft Corporation>
[Microsoft Office Spreadsheet 11.0]
  {0002E559-0000-0000-C000-000000000046} <C:\PROGRA~1\COMMON~1\MICROS~1\WEBCOM~1\11\OWC11.DLL, (Signed) Microsoft Corporation>
[&Yahoo! Toolbar Helper]
  {02478D38-C3F9-4EFB-9B51-7695ECA05670} <C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll, (Signed) Yahoo! Inc.>
[]
  {089FD14D-132B-48FC-8861-0048AE113215} <, >
[]
  {08B0E5C0-4FCB-11CF-AAA5-00401C608501} <, >
[]
  {0BF43445-2F28-4351-9252-17FE6E806AA0} <, >
[McAfee SiteAdvisor Toolbar]
  {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} <c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll, (Signed) >
[Windows Genuine Advantage Validation Tool]
  {17492023-C23A-453E-A040-C7C580BBF700} <C:\WINDOWS\system32\legitcheckcontrol.dll, (Signed) Microsoft Corporation>
[ewidoOnlineScan Control]
  {193C772A-87BE-4B19-A7BB-445B226FE9A1} <C:\WINDOWS\DOWNLO~1\EWIDOO~1.DLL, (Signed) Anti-Malware Development a.s.>
[InformationCardSigninHelper Class]
  {19916E01-B44E-4E31-94A4-4696DF46157B} <C:\WINDOWS\system32\icardie.dll, (Signed) Microsoft Corporation>
[]
  {1F364306-AA45-47B5-9F9D-39A8B94E7EF1} <, >
[Windows Media Player]
  {22D6F312-B0F6-11D0-94AB-0080C74C7E95} <C:\WINDOWS\system32\wmpdxm.dll, (Signed) Microsoft Corporation>
[HTML Document]
  {25336920-03F9-11CF-8FD0-00AA00686F13} <C:\WINDOWS\system32\mshtml.dll, (Signed) Microsoft Corporation>
[XML DOM Document]
  {2933BF90-7B36-11D2-B20E-00C04F983E60} <C:\WINDOWS\system32\msxml3.dll, (Signed) Microsoft Corporation>
[DHTML Edit Control Safe for Scripting for IE5]
  {2D360201-FFF5-11D1-8D03-00A0C959BC0A} <C:\Program Files\Common Files\Microsoft Shared\Triedit\dhtmled.ocx, (Signed) Microsoft Corporation>
[]
  {2F364306-AA45-47B5-9F9D-39A8B94E7EF7} <, >
[HtmlDlgSafeHelper Class]
  {3050F819-98B5-11CF-BB82-00AA00BDCE0B} <C:\WINDOWS\system32\mshtmled.dll, (Signed) Microsoft Corporation>
[]
  {33008BB1-F25C-40ED-A62A-D0CEB6D2C79C} <, >
[IETag Factory]
  {38481807-CA0E-42D2-BF39-B33AF135CC4D} <C:\PROGRA~1\COMMON~1\MICROS~1\SMARTT~1\IETAG.DLL, (Signed) Microsoft Corporation>
[]
  {3EA4FA88-E0BE-419A-A732-9B79B87A6ED0} <, >
[Microsoft Office Control]
  {4453D895-F2A1-4A38-A285-1EF9BD3F6D5D} <C:\PROGRA~1\MICROS~2\OFFICE11\AUTHZAX.DLL, (Signed) Microsoft Corporation>
[XML Document]
  {48123BC4-99D9-11D1-A6B3-00C04FD91555} <C:\WINDOWS\system32\msxml3.dll, (Signed) Microsoft Corporation>
[Microsoft Terminal Services Client Control (redist)]
  {4eb89ff4-7f78-4a0f-8b8d-2bf02e94e4b2} <%systemroot%\system32\mstscax.dll, (Signed) N/A>
[Microsoft Terminal Services Client Control (redist)]
  {4EDCB26C-D24C-4e72-AF07-B576699AC0DE} <%systemroot%\system32\mstscax.dll, (Signed) N/A>
[Shell Name Space]
  {55136805-B2DE-11D1-B9F2-00A0C98BC547} <C:\WINDOWS\system32\ieframe.dll, (Signed) Microsoft Corporation>
[]
  {5EC7C511-CD0F-42E6-830C-1BD9882F3458} <, >
[tcscctl Class]
  {63B27C81-2DA6-11D1-9865-00AA00D50363} <C:\WINDOWS\system32\tcscconv.dll, Microsoft Corporation>
[WUWebControl Class]
  {6414512B-B978-451D-A0D8-FCFDF33E833C} <C:\WINDOWS\system32\wuweb.dll, (Signed) Microsoft Corporation>
[Microsoft Shell UI Helper]
  {64AB4BB7-111E-11D1-8F79-00C04FC2FBE1} <C:\WINDOWS\system32\ieframe.dll, (Signed) Microsoft Corporation>
[Windows Media Player]
  {6BF52A52-394A-11D3-B153-00C04F79FAA6} <C:\WINDOWS\system32\wmp.dll, (Signed) Microsoft Corporation>
[MUWebControl Class]
  {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} <C:\WINDOWS\system32\muweb.dll, (Signed) Microsoft Corporation>
[Microsoft Terminal Services Client Control (redist)]
  {7390f3d8-0439-4c05-91e3-cf5cb290c3d0} <%systemroot%\system32\mstscax.dll, (Signed) N/A>
[Microsoft Terminal Services Client Control (redist)]
  {7584c670-2274-4efb-b00b-d6aaba6d3850} <%systemroot%\system32\mstscax.dll, (Signed) N/A>
[SSVHelper Class]
  {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} <C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll, (Signed) Sun Microsystems, Inc.>
[]
  {7E853D72-626A-48EC-A868-BA8D5E23E045} <, >
[Microsoft Web Browser]
  {8856F961-340A-11D0-A96B-00C04FD705A2} <C:\WINDOWS\system32\ieframe.dll, (Signed) Microsoft Corporation>
[XML DOM Document 4.0]
  {88D969C0-F192-11D4-A65F-0040963251E5} <c:\WINDOWS\system32\msxml4.dll, (Signed) Microsoft Corporation>
[XML HTTP 4.0]
  {88D969C5-F192-11D4-A65F-0040963251E5} <c:\WINDOWS\system32\msxml4.dll, (Signed) Microsoft Corporation>
[XML DOM Document 5.0]
  {88D969E5-F192-11D4-A65F-0040963251E5} <C:\Program Files\Common Files\Microsoft Shared\OFFICE11\MSXML5.DLL, (Signed) Microsoft Corporation>
[XML HTTP 5.0]
  {88D969EA-F192-11D4-A65F-0040963251E5} <C:\Program Files\Common Files\Microsoft Shared\OFFICE11\MSXML5.DLL, (Signed) Microsoft Corporation>
[XML DOM Document 6.0]
  {88D96A05-F192-11D4-A65F-0040963251E5} <C:\WINDOWS\system32\msxml6.dll, (Signed) Microsoft Corporation>
[XML HTTP 6.0]
  {88D96A0A-F192-11D4-A65F-0040963251E5} <C:\WINDOWS\system32\msxml6.dll, (Signed) Microsoft Corporation>
[Java Plug-in 1.6.0_07]
  {8AD9C840-044E-11D1-B3E9-00805F499D93} <C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll, (Signed) Sun Microsystems, Inc.>
[]
  {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} <, >
[Microsoft Terminal Services Client Control (redist)]
  {9059f30f-4eb1-4bd2-9fdc-36f43a218f4a} <%systemroot%\system32\mstscax.dll, (Signed) N/A>
[]
  {92780B25-18CC-41C8-B9BE-3C9C571A8263} <, >
[NowStarter Control]
  {A22B8FD2-4CAA-4EFB-82F7-680CD656D9B0} <C:\WINDOWS\DOWNLO~1\GNOWST~1.OCX, (C) NOWCOM>
[RMGetLicense Class]
  {A9FC132B-096D-460B-B7D5-1DB0FAE0C062} <C:\WINDOWS\system32\msnetobj.dll, (Signed) Microsoft Corporation>
[McAfee SiteAdvisor BHO]
  {B164E929-A1B6-4A06-B104-2CD0E90A88FF} <c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll, (Signed) >
[Yahoo! VersionInfo2]
  {B345F37E-6763-433B-BC53-9B526A9B7B8B} <C:\Program Files\Yahoo!\Common\YVerInfo.dll, (Signed) Yahoo! Inc.>
[]
  {BB21F850-63F4-4EC9-BF9D-565BD30C9AE9} <, >
[RDS.DataSpace]
  {BD96C556-65A3-11D0-983A-00C04FC29E36} <C:\Program Files\Common Files\System\msadc\msadco.dll, (Signed) Microsoft Corporation>
[]
  {C55BBCD6-41AD-48AD-9953-3609C48EACC7} <, >
[AUDIO__MID Moniker Class]
  {CD3AFA74-B84F-48F0-9393-7EDC34128127} <C:\WINDOWS\system32\wmp.dll, (Signed) Microsoft Corporation>
[AUDIO__MP3 Moniker Class]
  {CD3AFA76-B84F-48F0-9393-7EDC34128127} <C:\WINDOWS\system32\wmp.dll, (Signed) Microsoft Corporation>
[AUDIO__WAV Moniker Class]
  {CD3AFA7B-B84F-48F0-9393-7EDC34128127} <C:\WINDOWS\system32\wmp.dll, (Signed) Microsoft Corporation>
[AUDIO__X_MS_WMA Moniker Class]
  {CD3AFA84-B84F-48F0-9393-7EDC34128127} <C:\WINDOWS\system32\wmp.dll, (Signed) Microsoft Corporation>
[VIDEO__AVI Moniker Class]
  {CD3AFA88-B84F-48F0-9393-7EDC34128127} <C:\WINDOWS\system32\wmp.dll, (Signed) Microsoft Corporation>
[VIDEO__X_MS_ASF Moniker Class]
  {CD3AFA8F-B84F-48F0-9393-7EDC34128127} <C:\WINDOWS\system32\wmp.dll, (Signed) Microsoft Corporation>
[VIDEO__X_MS_WMV Moniker Class]
  {CD3AFA94-B84F-48F0-9393-7EDC34128127} <C:\WINDOWS\system32\wmp.dll, (Signed) Microsoft Corporation>
[VIDEO__X_MS_WVX Moniker Class]
  {CD3AFA95-B84F-48F0-9393-7EDC34128127} <C:\WINDOWS\system32\wmp.dll, (Signed) Microsoft Corporation>
[RealPlayer G2 Control]
  {CFCDAA03-8BE4-11CF-B84B-0020AFBBCCFA} <C:\WINDOWS\system32\rmoc3260.dll, (Signed) RealNetworks, Inc.>
[Shockwave Flash Object]
  {D27CDB6E-AE6D-11CF-96B8-444553540000} <C:\WINDOWS\system32\Macromed\Flash\Flash9f.ocx, (Signed) Adobe Systems, Inc.>
[Yahoo! VersionInfo]
  {D5184A39-CBDF-4A4F-AC1A-7A45A852C883} <C:\Program Files\Yahoo!\Common\YVerInfo.dll, (Signed) Yahoo! Inc.>
[]
  {D6E814A0-E0C5-11D4-8D29-0050BA6940E3} <, >
[MessengerChecker Class]
  {DA4F543C-C8A9-4E88-9A79-548CBB46F18F} <C:\Program Files\Yahoo!\Messenger\YPagerChecker.dll, (Signed) Yahoo! Inc.>
[]
  {DFA7638A-E3B5-4B30-9F4A-F18C38F13640} <, >
[]
  {E1771B7F-98BE-407F-BA67-AA16ADA5D0C5} <C:\PROGRA~1\WI1F86~1\MESSEN~1\MSGSC8~1.DLL, (Signed) Microsoft Corporation>
[]
  {E2E2DD38-D088-4134-82B7-F2BA38496583} <, >
[XML HTTP Request]
  {ED8C108E-4349-11D2-91A4-00C04F7969E8} <C:\WINDOWS\system32\msxml3.dll, (Signed) Microsoft Corporation>
[Yahoo!奇摩捷徑列]
  {EF99BD32-C1FB-11D2-892F-0090271D4F88} <C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll, (Signed) Yahoo! Inc.>
[Snapshot Viewer Control 11.0]
  {F0E42D50-368C-11D0-AD81-00A0C90DC8D9} <, >
[]
  {F156768E-81EF-470C-9057-481BA8380DBA} <, >
[XML DOM Document 3.0]
  {F5078F32-C551-11D3-89B9-0000F81FE221} <C:\WINDOWS\system32\msxml3.dll, (Signed) Microsoft Corporation>
[Free Threaded XML DOM Document 3.0]
  {F5078F33-C551-11D3-89B9-0000F81FE221} <C:\WINDOWS\system32\msxml3.dll, (Signed) Microsoft Corporation>
[XML HTTP 3.0]
  {F5078F35-C551-11D3-89B9-0000F81FE221} <C:\WINDOWS\system32\msxml3.dll, (Signed) Microsoft Corporation>
[XSL Template 3.0]
  {F5078F36-C551-11D3-89B9-0000F81FE221} <C:\WINDOWS\system32\msxml3.dll, (Signed) Microsoft Corporation>
[XML DOM Document]
  {F6D90F11-9C73-11D3-B32E-00C04F990BB4} <C:\WINDOWS\system32\msxml3.dll, (Signed) Microsoft Corporation>
[XML HTTP]
  {F6D90F16-9C73-11D3-B32E-00C04F990BB4} <C:\WINDOWS\system32\msxml3.dll, (Signed) Microsoft Corporation>
[]
  {F90D830D-C175-4bbe-82C7-FF94669A4C42} <, >
[]
  {FB5DA724-162B-11D3-8B9B-AA70B4B0B524} <, >
[]
  {FB5DA724-162B-11D3-8B9B-AA70B4B0B525} <, >
[]
  {FB5F1910-F110-11D2-BB9E-00C04F795683} <, >
[]
  {FCD02891-CC31-4F92-87E9-3A0653C8066E} <, >
[&Download by Orbit]
  <res://C:\Program Files\Orbitdownloader\orbitmxt.dll/201, N/A>
[&Grab video by Orbit]
  <res://C:\Program Files\Orbitdownloader\orbitmxt.dll/204, N/A>
[Do&wnload selected by Orbit]
  <res://C:\Program Files\Orbitdownloader\orbitmxt.dll/203, N/A>
[Down&load all by Orbit]
  <res://C:\Program Files\Orbitdownloader\orbitmxt.dll/202, N/A>
[匯出至 Microsoft Office Excel(&X)]
  <res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000, N/A>
[轉換成簡體中文(&S)]
  <res://C:\WINDOWS\system32\tcscconv.dll/tosimp, N/A>
[轉換成繁體中文(&T)]
  <res://C:\WINDOWS\system32\tcscconv.dll/totrad, N/A>
==================================
正在運行的進程
[PID: 552 / SYSTEM][\SystemRoot\System32\smss.exe]  [(Verified) Microsoft Corporation, 5.1.2600.5512 (xpsp.080413-2111)]
[PID: 616 / SYSTEM][\??\C:\WINDOWS\system32\csrss.exe]  [(Verified) Microsoft Corporation, 5.1.2600.5512 (xpsp.080413-2111)]
[PID: 640 / SYSTEM][\??\C:\WINDOWS\system32\winlogon.exe]  [(Verified) Microsoft Corporation, 5.1.2600.5512 (xpsp.080413-2113)]
[PID: 684 / SYSTEM][C:\WINDOWS\system32\services.exe]  [(Verified) Microsoft Corporation, 5.1.2600.5512 (xpsp.080413-2111)]
[PID: 696 / SYSTEM][C:\WINDOWS\system32\lsass.exe]  [(Verified) Microsoft Corporation, 5.1.2600.5512 (xpsp.080413-2113)]
    [C:\Program Files\Filseclab\xfilter\XFILTER.DLL]  [Filseclab Corporation, 3, 0, 0, 3644]
[PID: 856 / SYSTEM][C:\WINDOWS\system32\svchost.exe]  [(Verified) Microsoft Corporation, 5.1.2600.5512 (xpsp.080413-2111)]
[PID: 932 / NETWORK SERVICE][C:\WINDOWS\system32\svchost.exe]  [(Verified) Microsoft Corporation, 5.1.2600.5512 (xpsp.080413-2111)]
    [C:\Program Files\Filseclab\xfilter\XFILTER.DLL]  [Filseclab Corporation, 3, 0, 0, 3644]
[PID: 1024 / SYSTEM][C:\WINDOWS\System32\svchost.exe]  [(Verified) Microsoft Corporation, 5.1.2600.5512 (xpsp.080413-2111)]
    [C:\Program Files\Filseclab\xfilter\XFILTER.DLL]  [Filseclab Corporation, 3, 0, 0, 3644]
[PID: 1084 / NETWORK SERVICE][C:\WINDOWS\system32\svchost.exe]  [(Verified) Microsoft Corporation, 5.1.2600.5512 (xpsp.080413-2111)]
    [C:\Program Files\Filseclab\xfilter\XFILTER.DLL]  [Filseclab Corporation, 3, 0, 0, 3644]
[PID: 1204 / LOCAL SERVICE][C:\WINDOWS\system32\svchost.exe]  [(Verified) Microsoft Corporation, 5.1.2600.5512 (xpsp.080413-2111)]
    [C:\Program Files\Filseclab\xfilter\XFILTER.DLL]  [Filseclab Corporation, 3, 0, 0, 3644]
[PID: 1540 / SYSTEM][C:\WINDOWS\system32\spoolsv.exe]  [(Verified) Microsoft Corporation, 5.1.2600.5512 (xpsp.080413-0852)]
    [C:\WINDOWS\system32\CNMLM38.DLL]  [CANON INC., 1.52.2.0]
    [C:\WINDOWS\System32\spool\PRTPROCS\W32X86\CNMPD38.DLL]  [CANON INC., 1.52.2.0]
[PID: 1552 / Administrator][C:\WINDOWS\Explorer.EXE]  [(Verified) Microsoft Corporation, 6.00.2900.5512 (xpsp.080413-2105)]
    [C:\Program Files\McAfee\SiteAdvisor\saHook.dll]  [, ]
    [C:\Program Files\WinRAR\rarext.dll]  [N/A, ]
    [C:\Program Files\ESET\ESET NOD32 Antivirus\shellExt.dll]  [ESET, 3.0.669 ]
    [C:\Program Files\Nero\Nero 9\Nero CoverDesigner\CoverEdExtension.dll]  [Nero AG, 4.0.5.100]
    [C:\WINDOWS\WinSxS\x86_Microsoft.VC80.MFC_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_3bf8fa05\MFC80.DLL]  [Microsoft Corporation, 8.00.50727.762]
    [C:\WINDOWS\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_6b128700\MSVCR80.dll]  [Microsoft Corporation, 8.00.50727.762]
    [C:\WINDOWS\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_6b128700\MSVCP80.dll]  [Microsoft Corporation, 8.00.50727.762]
    [C:\WINDOWS\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_91481303\MFC80CHT.DLL]  [Microsoft Corporation, 8.00.50727.762]
[PID: 1708 / Administrator][C:\PROGRA~1\LAUNCH~1\LManager.exe]  [Dritek System Inc., 1, 0, 0, 1118]
    [C:\PROGRA~1\LAUNCH~1\ComFnUtl.dll]  [Dritek System Inc., 1.00]
    [C:\PROGRA~1\LAUNCH~1\SzUPFUtl.dll]  [Dritek System Inc., 1.00]
    [C:\PROGRA~1\LAUNCH~1\OSDUtl.dll]  [Dritek System Inc., 1, 0, 3, 309]
    [C:\PROGRA~1\LAUNCH~1\RgnMaker.dll]  [Dritek System Inc., 12.07.1999 ( VC60 )]
    [C:\PROGRA~1\LAUNCH~1\CDRomUtl.dll]  [Dritek System Inc., 1.00]
    [C:\PROGRA~1\LAUNCH~1\MixerUtl.dll]  [Dritek System Inc., 1.00]
    [C:\PROGRA~1\LAUNCH~1\Wnd2File.dll]  [Dritek System Inc., 3.00]
    [C:\PROGRA~1\LAUNCH~1\SzPtcUtl.dll]  [Dritek System Inc., 1.00]
    [C:\PROGRA~1\LAUNCH~1\PowerUtl.dll]  [N/A, ]
    [C:\PROGRA~1\LAUNCH~1\LgKCUtl.Dll]  [Dritek System Inc., 2, 0, 2, 1007]
    [C:\PROGRA~1\LAUNCH~1\DialCnt.Dll]  [Dritek System Inc., 2, 1, 0, 1]
    [C:\PROGRA~1\LAUNCH~1\MMDUtl.DLL]  [Dritek System Inc., 1, 2, 4, 4509]
    [C:\WINDOWS\system32\IGFXEXPS.DLL]  [Intel Corporation, 3.0.0.4543]
[PID: 1716 / Administrator][C:\Program Files\Synaptics\SynTP\SynTPEnh.exe]  [Synaptics, Inc., 8.1.1 20Jul05]
    [C:\WINDOWS\system32\SynCOM.dll]  [Synaptics, Inc., 8.1.1 20Jul05]
    [C:\WINDOWS\system32\SynTPAPI.dll]  [Synaptics, Inc., 8.1.1 20Jul05]
[PID: 1728 / Administrator][C:\WINDOWS\system32\igfxtray.exe]  [Intel Corporation, 3.0.0.4543]
    [C:\WINDOWS\system32\hccutils.DLL]  [Intel Corporation, 3.0.0.4543]
    [C:\WINDOWS\system32\igfxsrvc.dll]  [Intel Corporation, 3.0.0.4543]
    [C:\WINDOWS\system32\igfxres.dll]  [Intel Corporation, 3.0.0.4543]
    [C:\WINDOWS\system32\igfxress.dll]  [Intel Corporation, 3.0.0.4543]
[PID: 1736 / Administrator][C:\WINDOWS\system32\hkcmd.exe]  [Intel Corporation, 3.0.0.4543]
    [C:\WINDOWS\system32\hccutils.DLL]  [Intel Corporation, 3.0.0.4543]
    [C:\WINDOWS\system32\igfxsrvc.dll]  [Intel Corporation, 3.0.0.4543]
    [C:\WINDOWS\system32\igfxres.dll]  [Intel Corporation, 3.0.0.4543]
[PID: 1744 / Administrator][C:\WINDOWS\system32\igfxpers.exe]  [Intel Corporation, 3.0.0.4543]
    [C:\WINDOWS\system32\igfxsrvc.dll]  [Intel Corporation, 3.0.0.4543]
[PID: 1772 / Administrator][C:\Program Files\Filseclab\xfilter\xfilter.exe]  [費爾安全實驗室, 3, 0, 3, 8981]
    [C:\Program Files\Filseclab\xfilter\XFILTER.DLL]  [Filseclab Corporation, 3, 0, 0, 3644]
    [C:\Program Files\McAfee\SiteAdvisor\saHook.dll]  [, ]
[PID: 1780 / Administrator][C:\WINDOWS\system32\igfxsrvc.exe]  [Intel Corporation, 3.0.0.4543]
    [C:\WINDOWS\system32\igfxsrvc.dll]  [Intel Corporation, 3.0.0.4543]
    [C:\WINDOWS\system32\igfxdev.dll]  [Intel Corporation, 3.0.0.4543]
[PID: 1832 / Administrator][C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe]  [ESET, 3.0.669 ]
    [C:\WINDOWS\WinSxS\x86_Microsoft.VC80.MFC_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_3bf8fa05\MFC80U.DLL]  [Microsoft Corporation, 8.00.50727.762]
    [C:\WINDOWS\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_6b128700\MSVCR80.dll]  [Microsoft Corporation, 8.00.50727.762]
    [C:\WINDOWS\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_91481303\MFC80CHT.DLL]  [Microsoft Corporation, 8.00.50727.762]
    [C:\Program Files\ESET\ESET NOD32 Antivirus\eguiScan.dll]  [ESET, 3.0.669 ]
    [C:\Program Files\ESET\ESET NOD32 Antivirus\eguiAmon.dll]  [ESET, 3.0.669 ]
    [C:\Program Files\ESET\ESET NOD32 Antivirus\eguiEmon.dll]  [ESET, 3.0.669 ]
    [C:\Program Files\ESET\ESET NOD32 Antivirus\eguiEpfw.dll]  [ESET, 3.0.669 ]
    [C:\Program Files\ESET\ESET NOD32 Antivirus\eguiUpdate.dll]  [ESET, 3.0.669 ]
    [C:\Program Files\ESET\ESET NOD32 Antivirus\eguiMailPlugins.dll]  [ESET, 3.0.669 ]
    [C:\Program Files\McAfee\SiteAdvisor\saHook.dll]  [, ]
[PID: 1844 / Administrator][C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe]  [Sun Microsystems, Inc., 6.0.70.6]
[PID: 1888 / Administrator][C:\WINDOWS\system32\ctfmon.exe]  [(Verified) Microsoft Corporation, 5.1.2600.5512 (xpsp.080413-2105)]
[PID: 188 / Administrator][C:\WINDOWS\system32\igfxext.exe]  [Intel Corporation, 3.0.0.4543]
    [C:\WINDOWS\system32\igfxsrvc.dll]  [Intel Corporation, 3.0.0.4543]
    [C:\WINDOWS\system32\IGFXEXPS.DLL]  [Intel Corporation, 3.0.0.4543]
[PID: 468 / SYSTEM][C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe]  [ESET, 3.0.669 ]
    [C:\WINDOWS\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_6b128700\MSVCP80.dll]  [Microsoft Corporation, 8.00.50727.762]
    [C:\WINDOWS\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_6b128700\MSVCR80.dll]  [Microsoft Corporation, 8.00.50727.762]
    [C:\Program Files\ESET\ESET NOD32 Antivirus\ekrnScan.dll]  [ESET, 3.0.669 ]
    [C:\Program Files\ESET\ESET NOD32 Antivirus\ekrnAmon.dll]  [ESET, 3.0.669 ]
    [C:\Program Files\ESET\ESET NOD32 Antivirus\ekrnEmon.dll]  [ESET, 3.0.669 ]
    [C:\Program Files\ESET\ESET NOD32 Antivirus\ekrnEpfw.dll]  [ESET, 3.0.669 ]
    [C:\Program Files\ESET\ESET NOD32 Antivirus\ekrnUpdate.dll]  [ESET, 3.0.669 ]
    [C:\Program Files\ESET\ESET NOD32 Antivirus\updater.dll]  [ESET, 3.0.669 ]
    [C:\Program Files\ESET\ESET NOD32 Antivirus\ekrnMailPlugins.dll]  [ESET, 3.0.669 ]
    [C:\Program Files\McAfee\SiteAdvisor\saHook.dll]  [, ]
    [C:\Program Files\Filseclab\xfilter\XFILTER.DLL]  [Filseclab Corporation, 3, 0, 0, 3644]
[PID: 504 / SYSTEM][C:\Program Files\McAfee\SiteAdvisor\McSACore.exe]  [, ]
    [C:\Program Files\McAfee\SiteAdvisor\saHook.dll]  [, ]
    [c:\PROGRA~1\mcafee\SITEAD~1\apengine.dll]  [, ]
    [c:\PROGRA~1\mcafee\SITEAD~1\saupkeep.dll]  [, ]
    [c:\PROGRA~1\mcafee\SITEAD~1\McFrmWk.dll]  [, ]
    [c:\PROGRA~1\mcafee\SITEAD~1\CntScan.dll]  [, ]
    [C:\Program Files\McAfee\SiteAdvisor\SACore.dll]  [, ]
    [C:\Program Files\McAfee\SiteAdvisor\SASet.dll]  [, ]
    [c:\PROGRA~1\mcafee\SITEAD~1\MCSACO~1.DLL]  [, ]
    [C:\Program Files\Filseclab\xfilter\XFILTER.DLL]  [Filseclab Corporation, 3, 0, 0, 3644]
[PID: 1360 / SYSTEM][C:\Program Files\UPHClean\uphclean.exe]  [Microsoft Corporation, 1.6.30.0]
[PID: 2268 / LOCAL SERVICE][C:\WINDOWS\System32\alg.exe]  [(Verified) Microsoft Corporation, 5.1.2600.5512 (xpsp.080413-0852)]
    [C:\Program Files\Filseclab\xfilter\XFILTER.DLL]  [Filseclab Corporation, 3, 0, 0, 3644]
[PID: 3988 / Administrator][C:\Program Files\Internet Explorer\iexplore.exe]  [Microsoft Corporation, 7.00.6000.16735 (vista_gdr.080820-1506)]
    [C:\Program Files\McAfee\SiteAdvisor\saHook.dll]  [, ]
    [C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll]  [Yahoo! Inc., 2007, 12, 18, 1]
    [c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll]  [, ]
    [c:\PROGRA~1\mcafee\SITEAD~1\mcbrwctl.dll]  [, ]
    [c:\PROGRA~1\mcafee\SITEAD~1\MCSACO~1.DLL]  [, ]
    [C:\Program Files\Orbitdownloader\orbitcth.dll]  [Orbitdownloader.com, 2, 4, 0, 2]
    [C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll]  [Sun Microsystems, Inc., 6.0.70.6]
    [C:\Program Files\Java\jre1.6.0_07\bin\MSVCR71.dll]  [Microsoft Corporation, 7.10.3052.4]
    [C:\Program Files\Filseclab\xfilter\XFILTER.DLL]  [Filseclab Corporation, 3, 0, 0, 3644]
    [C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\YTBM.dll]  [Yahoo! Inc., 2007, 10, 17, 1]
    [C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\pubmod.dll]  [Yahoo! Inc., 2007, 10, 17, 1]
    [C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\YPUBC.dll]  [Yahoo! Inc., 2006, 12, 4, 1]
    [C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\YCAPlugin.dll]  [Yahoo! Inc., 2007,12,11,1]
    [C:\WINDOWS\system32\Macromed\Flash\Flash9f.ocx]  [Adobe Systems, Inc., 9,0,124,0]
    [C:\WINDOWS\system32\LIUNT.IME]  [Microsoft Corporation, 4.00.950]
    [C:\WINDOWS\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_6b128700\MSVCR80.dll]  [Microsoft Corporation, 8.00.50727.762]
    [C:\WINDOWS\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_6b128700\MSVCP80.dll]  [Microsoft Corporation, 8.00.50727.762]
[PID: 1672 / Administrator][C:\Program Files\Internet Explorer\iexplore.exe]  [Microsoft Corporation, 7.00.6000.16735 (vista_gdr.080820-1506)]
    [C:\Program Files\McAfee\SiteAdvisor\saHook.dll]  [, ]
    [C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll]  [Yahoo! Inc., 2007, 12, 18, 1]
    [c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll]  [, ]
    [c:\PROGRA~1\mcafee\SITEAD~1\mcbrwctl.dll]  [, ]
    [c:\PROGRA~1\mcafee\SITEAD~1\MCSACO~1.DLL]  [, ]
    [C:\Program Files\Orbitdownloader\orbitcth.dll]  [Orbitdownloader.com, 2, 4, 0, 2]
    [C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll]  [Sun Microsystems, Inc., 6.0.70.6]
    [C:\Program Files\Java\jre1.6.0_07\bin\MSVCR71.dll]  [Microsoft Corporation, 7.10.3052.4]
    [C:\Program Files\Filseclab\xfilter\XFILTER.DLL]  [Filseclab Corporation, 3, 0, 0, 3644]
    [C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\YTBM.dll]  [Yahoo! Inc., 2007, 10, 17, 1]
    [C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\pubmod.dll]  [Yahoo! Inc., 2007, 10, 17, 1]
    [C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\YPUBC.dll]  [Yahoo! Inc., 2006, 12, 4, 1]
    [C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\YCAPlugin.dll]  [Yahoo! Inc., 2007,12,11,1]
    [C:\WINDOWS\system32\Macromed\Flash\Flash9f.ocx]  [Adobe Systems, Inc., 9,0,124,0]
    [C:\Program Files\Yahoo!\Messenger\YPagerChecker.dll]  [Yahoo! Inc., 1, 1, 0, 1]
    [C:\Program Files\Java\jre1.6.0_07\bin\npjpi160_07.dll]  [Sun Microsystems, Inc., 6.0.70.6]
    [C:\Program Files\Java\jre1.6.0_07\bin\jpiexp.dll]  [JavaSoft / Sun Microsystems,  6, 0, 70, 6]
    [C:\Program Files\Java\jre1.6.0_07\bin\deploy.dll]  [Sun Microsystems, Inc., 6.0.70.6]
    [C:\Program Files\Java\jre1.6.0_07\bin\jpishare.dll]  [Sun Microsystems, Inc., 6.0.70.6]
    [C:\PROGRA~1\Java\JRE16~1.0_0\bin\client\jvm.dll]  [Sun Microsystems, Inc., 10.0.0.23]
    [C:\PROGRA~1\Java\JRE16~1.0_0\bin\hpi.dll]  [Sun Microsystems, Inc., 6.0.70.6]
    [C:\PROGRA~1\Java\JRE16~1.0_0\bin\verify.dll]  [Sun Microsystems, Inc., 6.0.70.6]
    [C:\PROGRA~1\Java\JRE16~1.0_0\bin\java.dll]  [Sun Microsystems, Inc., 6.0.70.6]
    [C:\PROGRA~1\Java\JRE16~1.0_0\bin\zip.dll]  [Sun Microsystems, Inc., 6.0.70.6]
    [C:\Program Files\Java\jre1.6.0_07\bin\awt.dll]  [Sun Microsystems, Inc., 6.0.70.6]
    [C:\Program Files\Java\jre1.6.0_07\bin\fontmanager.dll]  [Sun Microsystems, Inc., 6.0.70.6]
    [C:\Program Files\Java\jre1.6.0_07\bin\jpicom.dll]  [Sun Microsystems, Inc., 6.0.70.6]
    [C:\Program Files\Java\jre1.6.0_07\bin\regutils.dll]  [Sun Microsystems, Inc., 6.0.70.6]
    [C:\Program Files\Java\jre1.6.0_07\bin\net.dll]  [Sun Microsystems, Inc., 6.0.70.6]
    [C:\Program Files\Java\jre1.6.0_07\bin\nio.dll]  [Sun Microsystems, Inc., 6.0.70.6]
[PID: 3408 / SYSTEM][C:\WINDOWS\system32\wbem\wmiprvse.exe]  [(Verified) Microsoft Corporation, 5.1.2600.5512 (xpsp.080413-2108)]
[PID: 3644 / Administrator][C:\Documents and Settings\Administrator\桌面\SREngLdr.EXE]  [Smallfrogs Studio, 2.7.0.1210]
[PID: 3664 / Administrator][C:\Documents and Settings\Administrator\桌面\SRE8b564055.EXE]  [Smallfrogs Studio, 2.7.0.1210]
    [C:\Program Files\McAfee\SiteAdvisor\saHook.dll]  [, ]
    [C:\Documents and Settings\Administrator\桌面\Upload\3rdUpd.DLL]  [Smallfrogs Studio, 2, 1, 0, 15]
    [C:\Program Files\Filseclab\xfilter\XFILTER.DLL]  [Filseclab Corporation, 3, 0, 0, 3644]
==================================
文件關聯
.TXT  OK. [%SystemRoot%\system32\NOTEPAD.EXE %1]
.EXE  OK. ["%1" %*]
.COM  OK. ["%1" %*]
.PIF  OK. ["%1" %*]
.REG  OK. [regedit.exe "%1"]
.BAT  OK. ["%1" %*]
.SCR  OK. ["%1" /S]
.CHM  OK. ["C:\WINDOWS\hh.exe" %1]
.HLP  OK. [%SystemRoot%\System32\winhlp32.exe %1]
.INI  OK. [%SystemRoot%\System32\NOTEPAD.EXE %1]
.INF  OK. [%SystemRoot%\System32\NOTEPAD.EXE %1]
.VBS  OK. [%SystemRoot%\System32\WScript.exe "%1" %*]
.JS   OK. [%SystemRoot%\System32\WScript.exe "%1" %*]
.LNK  OK. [{00021401-0000-0000-C000-000000000046}]
==================================
Winsock 提供者
MSAFD Tcpip [TCP/IP]
    C:\Program Files\Filseclab\xfilter\XFILTER.DLL(Filseclab Corporation, Filseclab Personal Firewall)
MSAFD Tcpip [UDP/IP]
    C:\Program Files\Filseclab\xfilter\XFILTER.DLL(Filseclab Corporation, Filseclab Personal Firewall)
MSAFD Tcpip [RAW/IP]
    C:\Program Files\Filseclab\xfilter\XFILTER.DLL(Filseclab Corporation, Filseclab Personal Firewall)
RSVP UDP Service Provider
    C:\Program Files\Filseclab\xfilter\XFILTER.DLL(Filseclab Corporation, Filseclab Personal Firewall)
RSVP TCP Service Provider
    C:\Program Files\Filseclab\xfilter\XFILTER.DLL(Filseclab Corporation, Filseclab Personal Firewall)
==================================
Autorun.inf
N/A
==================================
HOSTS 文件
127.0.0.1       localhost
==================================
進程特權掃描
特殊特權被允許： SeLoadDriverPrivilege [PID = 1708, C:\PROGRA~1\LAUNCH~1\LMANAGER.EXE]
特殊特權被允許： SeLoadDriverPrivilege [PID = 1772, C:\PROGRAM FILES\FILSECLAB\XFILTER\XFILTER.EXE]
特殊特權被允許： SeLoadDriverPrivilege [PID = 3644, C:\DOCUMENTS AND SETTINGS\ADMINISTRATOR\桌面\SRENGLDR.EXE]
==================================
計畫任務
N/A
==================================
API HOOK
N/A
==================================
隱藏進程
N/A
==================================

我也來說兩句 查看全部評論 相關評論

• 000110 (2008-11-14 13:58:17)

  這個問題不是因為「使用預設的畫面」作為 IE 的首頁嗎?
  應該談不上是被綁架

• www12321 (2008-11-14 14:23:32)

  我已經確定首頁是yahoo了
  
  但是打開瀏覽器後就是跳到http://www.microsoft.com/isapi/redir.dll?prd=ie&clcid=0x404&pver=6.0&ar=home再跳到http://tw.msn.com/
  真的很奇怪

• skyboy1101 (2008-11-14 14:46:42)

  這裡有幾個東東應該能幫到你
  http://www.geekstogo.com/forum/My-hijachthis-log-t216704.html

• www12321 (2008-11-14 14:56:06)

  QUOTE:

  原帖由 skyboy1101 於 2008-11-14 14:46 發表
  這裡有幾個東東應該能幫到你
  http://www.geekstogo.com/forum/My-hijachthis-log-t216704.html

  請問這個東西怎麼用

• www12321 (2008-11-14 15:10:36)

  我用了RSIT.exe
  出現2個檔案
  info.txt跟log.txt
  內容如下:
  info.txt---------------------------------------------------------------------------------------
  info.txt logfile of random's system information tool 1.04 2008-11-14 15:08:06
  
  ======Uninstall list======
  
  -->C:\PROGRA~1\Yahoo!\Common\UNYT_W~1.EXE
  -->rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf
  Adobe Flash Player ActiveX-->C:\WINDOWS\system32\Macromed\Flash\uninstall_activeX.exe
  Audition-->"C:\WINDOWS\Audition\uninstall.exe" "/U:C:\Program Files\Audition\Uninstall\uninstall.xml"
  Avira AntiVir Personal - Free Antivirus-->C:\Program Files\Avira\AntiVir PersonalEdition Classic\SETUP.EXE /REMOVE
  BNB-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{AD816455-A65B-40E4-B5A8-B7E2C215E6FA}\Setup.exe" -l0x404
  Canon S300-->C:\WINDOWS\system32\CNMCP38.EXE -@C:\WINDOWS\IsUn0404.exe -f"C:\BJPrinter\CNMWINDOWS\Canon S300 Installer\Inst\DeIsL1.isu" -pCanon S300-c"C:\BJPrinter\CNMWINDOWS\Canon S300 Installer\Inst\bjinst.dll
  CCleaner (remove only)-->"C:\Program Files\CCleaner\uninst.exe"
  HDAUDIO Soft Data Fax Modem with SmartCP-->C:\Program Files\CONEXANT\CNXT_MODEM_HDAUDIO_VEN_14F1&DEV_2BFA&SUBSYS_1025007F\HXFSETUP.EXE -U -IWstAzlK.inf
  High Definition Audio Driver Package - KB888111-->"C:\WINDOWS\$NtUninstallKB888111WXPSP2$\spuninst\spuninst.exe"
  HijackThis 2.0.2-->"C:\Program Files\trend micro\HijackThis.exe" /uninstall
  Hotfix for Windows Media Format 11 SDK (KB929399)-->"C:\WINDOWS\$NtUninstallKB929399$\spuninst\spuninst.exe"
  Intel(R) Graphics Media Accelerator Driver-->RUNDLL32.EXE C:\WINDOWS\system32\ialmrem.dll,UninstallW2KIGfx2ID PCI\VEN_8086&DEV_27A6 PCI\VEN_8086&DEV_27A2
  J2SE Runtime Environment 5.0-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0150000}
  Java(TM) 6 Update 7-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160070}
  K-Lite Mega Codec Pack 4.1.7-->"C:\Program Files\K-Lite Codec Pack\unins000.exe"
  Launch Manager-->C:\WINDOWS\UnInst32.exe LManager.UNI
  MapleStory-->C:\Program Files\InstallShield Installation Information\{9446571F-A802-4949-93AC-327757B38E07}\setup.exe -runfromtemp -l0x0404 -removeonly
  McAfee SiteAdvisor-->C:\Program Files\McAfee\SiteAdvisor\Uninstall.exe
  Microsoft Compression Client Pack 1.0 for Windows XP-->"C:\WINDOWS\$NtUninstallMSCompPackV1$\spuninst\spuninst.exe"
  Microsoft Internationalized Domain Names Mitigation APIs-->"C:\WINDOWS\$NtServicePackUninstallIDNMitigationAPIs$\spuninst\spuninst.exe"
  Microsoft Internet Explorer 中文繁簡轉換-->RunDll32 advpack.dll,LaunchINFSection C:\WINDOWS\INF\tcscconv.inf, Uninstall
  Microsoft National Language Support Downlevel APIs-->"C:\WINDOWS\$NtServicePackUninstallNLSDownlevelMapping$\spuninst\spuninst.exe"
  Microsoft Office FrontPage 2003-->MsiExec.exe /I{90170404-6000-11D3-8CFE-0150048383C9}
  Microsoft Office IME (Chinese (Traditional)) 2007-->MsiExec.exe /X{90120000-0028-0404-0000-0000000FF1CE}
  Microsoft Office Professional Edition 2003-->MsiExec.exe /I{90110404-6000-11D3-8CFE-0150048383C9}
  Microsoft User-Mode Driver Framework Feature Pack 1.0-->"C:\WINDOWS\$NtUninstallWudf01000$\spuninst\spuninst.exe"
  Microsoft Visual C++ 2005 Redistributable-->MsiExec.exe /X{7299052b-02a4-4627-81f2-1818da5d550d}
  Minilyrics(remove only)-->"C:\Program Files\Minilyrics\uninst-ml.exe"
  MSXML 4.0 SP2 (KB936181)-->MsiExec.exe /I{C04E32E0-0416-434D-AFB9-6969D703A9EF}
  MSXML 4.0 SP2 (KB954430)-->MsiExec.exe /I{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}
  MSXML 6.0 Parser (KB933579)-->MsiExec.exe /I{0A869A65-8C94-4F7C-A5C7-972D3C8CED9E}
  Nero 6 Ultra Edition-->C:\Program Files\Ahead\nero\uninstall\UNNERO.exe /UNINSTALL
  neroxml-->MsiExec.exe /I{56C049BE-79E9-4502-BEA7-9754A3E60F9B}
  Orbit Downloader-->"C:\Program Files\Orbitdownloader\unins000.exe"
  Quest@Home-->C:\WINDOWS\uninst.exe -f"C:\Program Files\Quest@Home\DeIsL1.isu"
  Real Alternative 1.8.2-->"C:\Program Files\Real Alternative\unins000.exe"
  Realtek High Definition Audio Driver-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\00\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}\Setup.exe" -l0x404  -removeonly
  SMSC IrCC V5.1.3600.5 SP2-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0700\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{F1B8DB67-D30E-4FF9-A85F-3CEE51825AA2}\setup.exe" -l0x404 UNINSTALL
  Synaptics Pointing Device Driver-->rundll32.exe "C:\Program Files\Synaptics\SynTP\SynISDLL.dll",standAloneUninstall
  The KMPlayer (remove only)-->"C:\Program Files\The KMPlayer\uninstall.exe"
  Ulead PhotoImpact X3-->C:\Program Files\InstallShield Installation Information\{15803703-25FA-4C01-A062-3F4A59937E87}\setup.exe -runfromtemp -l0x0404
  User Profile Hive Cleanup Service-->MsiExec.exe /I{FF77941A-2BFA-4A18-BE2E-69B9498E4D55}
  Windows Driver Package - Intel (w29n51) net  (04/05/2006 9.0.4.13)-->C:\PROGRA~1\DIFX\DPInst.exe /u C:\WINDOWS\system32\DRVSTORE\w29n51_3B55B5EFFB5702040D2F0D2347942E9092A6F2C7\w29n51.inf
  Windows Driver Package - Intel (w39n51) net  (04/04/2006 10.1.1.3)-->C:\PROGRA~1\DIFX\DPInst.exe /u C:\WINDOWS\system32\DRVSTORE\w39n51_A034BB1A002D677EA8C4C877C9E7DF5306F63D8E\w39n51.inf
  Windows Internet Explorer 7 安全性更新 (KB938127)-->"C:\WINDOWS\ie7updates\KB938127-IE7\spuninst\spuninst.exe"
  Windows Internet Explorer 7 安全性更新 (KB950759)-->"C:\WINDOWS\ie7updates\KB950759-IE7\spuninst\spuninst.exe"
  Windows Internet Explorer 7 安全性更新 (KB953838)-->"C:\WINDOWS\ie7updates\KB953838-IE7\spuninst\spuninst.exe"
  Windows Internet Explorer 7 安全性更新 (KB956390)-->"C:\WINDOWS\ie7updates\KB956390-IE7\spuninst\spuninst.exe"
  Windows Live installer-->MsiExec.exe /X{0DEE88A2-E250-4955-A5AF-EFC2C305E7C6}
  Windows Live Messenger-->MsiExec.exe /X{6560D90C-5223-49A3-B78C-A48C31EAEC56}
  Windows Media Format 11 runtime-->"C:\Program Files\Windows Media Player\wmsetsdk.exe" /UninstallAll
  Windows Media Format 11 runtime-->"C:\WINDOWS\$NtUninstallWMFDist11$\spuninst\spuninst.exe"
  Windows Media Player 11 Hotfix (KB939683)-->"C:\WINDOWS\$NtUninstallKB939683$\spuninst\spuninst.exe"
  Windows Media Player 11 安全性更新 (KB936782)-->"C:\WINDOWS\$NtUninstallKB936782_WMP11$\spuninst\spuninst.exe"
  Windows Media Player 11 安全性更新 (KB954154)-->"C:\WINDOWS\$NtUninstallKB954154_WM11$\spuninst\spuninst.exe"
  Windows Media Player 11-->"C:\Program Files\Windows Media Player\Setup_wm.exe" /Uninstall
  Windows Media Player 11-->"C:\WINDOWS\$NtUninstallwmp11$\spuninst\spuninst.exe"
  Windows XP Hotfix (KB952287)-->"C:\WINDOWS\$NtUninstallKB952287$\spuninst\spuninst.exe"
  Windows XP Service Pack 3-->"C:\WINDOWS\$NtServicePackUninstall$\spuninst\spuninst.exe"
  Windows XP 安全性更新 (KB938464)-->"C:\WINDOWS\$NtUninstallKB938464$\spuninst\spuninst.exe"
  Windows XP 安全性更新 (KB941569)-->"C:\WINDOWS\$NtUninstallKB941569$\spuninst\spuninst.exe"
  Windows XP 安全性更新 (KB946648)-->"C:\WINDOWS\$NtUninstallKB946648$\spuninst\spuninst.exe"
  Windows XP 安全性更新 (KB950760)-->"C:\WINDOWS\$NtUninstallKB950760$\spuninst\spuninst.exe"
  Windows XP 安全性更新 (KB950762)-->"C:\WINDOWS\$NtUninstallKB950762$\spuninst\spuninst.exe"
  Windows XP 安全性更新 (KB950974)-->"C:\WINDOWS\$NtUninstallKB950974$\spuninst\spuninst.exe"
  Windows XP 安全性更新 (KB951066)-->"C:\WINDOWS\$NtUninstallKB951066$\spuninst\spuninst.exe"
  Windows XP 安全性更新 (KB951376-v2)-->"C:\WINDOWS\$NtUninstallKB951376-v2$\spuninst\spuninst.exe"
  Windows XP 安全性更新 (KB951698)-->"C:\WINDOWS\$NtUninstallKB951698$\spuninst\spuninst.exe"
  Windows XP 安全性更新 (KB951748)-->"C:\WINDOWS\$NtUninstallKB951748$\spuninst\spuninst.exe"
  Windows XP 安全性更新 (KB952954)-->"C:\WINDOWS\$NtUninstallKB952954$\spuninst\spuninst.exe"
  Windows XP 安全性更新 (KB953839)-->"C:\WINDOWS\$NtUninstallKB953839$\spuninst\spuninst.exe"
  Windows XP 安全性更新 (KB954211)-->"C:\WINDOWS\$NtUninstallKB954211$\spuninst\spuninst.exe"
  Windows XP 安全性更新 (KB954459)-->"C:\WINDOWS\$NtUninstallKB954459$\spuninst\spuninst.exe"
  Windows XP 安全性更新 (KB955069)-->"C:\WINDOWS\$NtUninstallKB955069$\spuninst\spuninst.exe"
  Windows XP 安全性更新 (KB956391)-->"C:\WINDOWS\$NtUninstallKB956391$\spuninst\spuninst.exe"
  Windows XP 安全性更新 (KB956803)-->"C:\WINDOWS\$NtUninstallKB956803$\spuninst\spuninst.exe"
  Windows XP 安全性更新 (KB956841)-->"C:\WINDOWS\$NtUninstallKB956841$\spuninst\spuninst.exe"
  Windows XP 安全性更新 (KB957095)-->"C:\WINDOWS\$NtUninstallKB957095$\spuninst\spuninst.exe"
  Windows XP 安全性更新 (KB957097)-->"C:\WINDOWS\$NtUninstallKB957097$\spuninst\spuninst.exe"
  Windows XP 安全性更新 (KB958644)-->"C:\WINDOWS\$NtUninstallKB958644$\spuninst\spuninst.exe"
  Windows XP 更新 (KB942763)-->"C:\WINDOWS\$NtUninstallKB942763$\spuninst\spuninst.exe"
  Windows XP 更新 (KB951072-v2)-->"C:\WINDOWS\$NtUninstallKB951072-v2$\spuninst\spuninst.exe"
  Windows XP 更新 (KB951978)-->"C:\WINDOWS\$NtUninstallKB951978$\spuninst\spuninst.exe"
  WinRAR 壓縮工具-->C:\Program Files\WinRAR\uninstall.exe
  Yahoo!奇摩Messenger-->C:\PROGRA~1\Yahoo!\MESSEN~1\UNWISE.EXE /U C:\PROGRA~1\Yahoo!\MESSEN~1\INSTALL.LOG
  Yahoo!奇摩捷徑列-->C:\PROGRA~1\Yahoo!\Common\UNYT_W~1.EXE
  費爾個人防火牆-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{48A4D5B9-0439-4731-9C2C-292AB9CDC54A}\Setup.exe"
  
  ======Security center information======
  
  AV: Avira AntiVir PersonalEdition
  FW: 費爾個人防火牆 3.0
  
  ======Environment variables======
  
  "ComSpec"=%SystemRoot%\system32\cmd.exe
  "windir"=%SystemRoot%
  "FP_NO_HOST_CHECK"=NO
  "OS"=Windows_NT
  "PROCESSOR_ARCHITECTURE"=x86
  "PROCESSOR_LEVEL"=6
  "PROCESSOR_IDENTIFIER"=x86 Family 6 Model 14 Stepping 8, GenuineIntel
  "PROCESSOR_REVISION"=0e08
  "NUMBER_OF_PROCESSORS"=1
  "PATHEXT"=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
  "TEMP"=%SystemRoot%\TEMP
  "TMP"=%SystemRoot%\TEMP
  "path"=;C:\WebServ\mysql\bin
  
  -----------------EOF-----------------
  log.txt------------------------------------------------------------------------------------------------------
  Logfile of random's system information tool 1.04 (written by random/random)
  Run by Administrator at 2008-11-14 15:07:18
  Microsoft Windows XP Professional Service Pack 3
  System drive C: has 50 GB (66%) free of 76 GB
  Total RAM: 1014 MB (57% free)
  
  Logfile of Trend Micro HijackThis v2.0.2
  Scan saved at 03:08, on 2008/11/14
  Platform: Windows XP SP3 (WinNT 5.01.2600)
  MSIE: Internet Explorer v7.00 (7.00.6000.16735)
  Boot mode: Normal
  
  Running processes:
  C:\WINDOWS\System32\smss.exe
  C:\WINDOWS\system32\winlogon.exe
  C:\WINDOWS\system32\services.exe
  C:\WINDOWS\system32\lsass.exe
  C:\WINDOWS\system32\svchost.exe
  C:\WINDOWS\System32\svchost.exe
  C:\WINDOWS\system32\spoolsv.exe
  C:\WINDOWS\Explorer.EXE
  C:\Program Files\McAfee\SiteAdvisor\McSACore.exe
  C:\Program Files\UPHClean\uphclean.exe
  C:\PROGRA~1\LAUNCH~1\LManager.exe
  C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
  C:\WINDOWS\system32\igfxtray.exe
  C:\WINDOWS\system32\igfxsrvc.exe
  C:\WINDOWS\system32\hkcmd.exe
  C:\WINDOWS\system32\igfxpers.exe
  C:\Program Files\Filseclab\xfilter\xfilter.exe
  C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
  C:\WINDOWS\system32\ctfmon.exe
  C:\WINDOWS\system32\igfxext.exe
  C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
  C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
  C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
  C:\Documents and Settings\Administrator\桌面\小紅傘動態繁體中文化\小紅傘動態繁體中文化.exe
  C:\Program Files\Internet Explorer\iexplore.exe
  C:\WINDOWS\system32\svchost.exe
  C:\Program Files\Internet Explorer\iexplore.exe
  C:\Program Files\Orbitdownloader\orbitdm.exe
  C:\Program Files\Orbitdownloader\orbitnet.exe
  C:\Documents and Settings\Administrator\桌面\RSIT.exe
  C:\Program Files\trend micro\Administrator.exe
  
  R3 - URLSearchHook: Yahoo!奇摩捷徑列 - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll
  O2 - BHO: btorbit.com - {000123B4-9B42-4900-B3F7-F4B073EFC214} - C:\Program Files\Orbitdownloader\orbitcth.dll
  O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll
  O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
  O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
  O2 - BHO: McAfee SiteAdvisor BHO - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
  O3 - Toolbar: Yahoo!奇摩捷徑列 - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll
  O3 - Toolbar: McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
  O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
  O4 - HKLM\..\Run: [AzMixerSel] C:\Program Files\Realtek\InstallShield\AzMixerSel.exe
  O4 - HKLM\..\Run: [LManager] C:\PROGRA~1\LAUNCH~1\LManager.exe
  O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
  O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
  O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
  O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
  O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
  O4 - HKLM\..\Run: [XFILTER] "C:\Program Files\Filseclab\xfilter\xfilter.exe" -a
  O4 - HKLM\..\Run: [CJIMETIPSYNC] C:\Program Files\Common Files\Microsoft Shared\IME\IMTC65\CHANGJIE\CINTLCFG.EXE /CJIMETIPSync
  O4 - HKLM\..\Run: [PHIMETIPSYNC] C:\Program Files\Common Files\Microsoft Shared\IME\IMTC65\PHONETIC\TINTLCFG.EXE /PHIMETIPSync
  O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
  O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
  O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
  O4 - HKCU\..\Run: [Yahoo! Pager] "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet
  O4 - HKCU\..\Run: [ccleaner] "C:\Program Files\CCleaner\CCleaner.exe" /AUTO
  O4 - HKUS\S-1-5-19\..\Run: [ctfmon.exe] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
  O4 - HKUS\S-1-5-19\..\RunOnce: [nlsf] cmd.exe /C move /Y "%SystemRoot%\System32\syssetub.dll" "%SystemRoot%\System32\syssetup.dll" (User 'LOCAL SERVICE')
  O4 - HKUS\S-1-5-19\..\RunOnce: [tscuninstall] %systemroot%\system32\tscupgrd.exe (User 'LOCAL SERVICE')
  O4 - HKUS\S-1-5-20\..\Run: [ctfmon.exe] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
  O4 - HKUS\S-1-5-20\..\RunOnce: [nlsf] cmd.exe /C move /Y "%SystemRoot%\System32\syssetub.dll" "%SystemRoot%\System32\syssetup.dll" (User 'NETWORK SERVICE')
  O4 - HKUS\S-1-5-18\..\Run: [ctfmon.exe] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
  O4 - HKUS\S-1-5-18\..\RunOnce: [nlsf] cmd.exe /C move /Y "%SystemRoot%\System32\syssetub.dll" "%SystemRoot%\System32\syssetup.dll" (User 'SYSTEM')
  O4 - HKUS\.DEFAULT\..\Run: [ctfmon.exe] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
  O4 - HKUS\.DEFAULT\..\RunOnce: [nlsf] cmd.exe /C move /Y "%SystemRoot%\System32\syssetub.dll" "%SystemRoot%\System32\syssetup.dll" (User 'Default user')
  O8 - Extra context menu item: &Download by Orbit - res://C:\Program Files\Orbitdownloader\orbitmxt.dll/201
  O8 - Extra context menu item: &Grab video by Orbit - res://C:\Program Files\Orbitdownloader\orbitmxt.dll/204
  O8 - Extra context menu item: Do&wnload selected by Orbit - res://C:\Program Files\Orbitdownloader\orbitmxt.dll/203
  O8 - Extra context menu item: Down&load all by Orbit - res://C:\Program Files\Orbitdownloader\orbitmxt.dll/202
  O8 - Extra context menu item: 匯出至 Microsoft Office Excel(&X) - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
  O8 - Extra context menu item: 轉換成簡體中文(&S) - res://C:\WINDOWS\system32\tcscconv.dll/tosimp
  O8 - Extra context menu item: 轉換成繁體中文(&T) - res://C:\WINDOWS\system32\tcscconv.dll/totrad
  O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
  O9 - Extra 'Tools' menuitem: Sun Java 主控台 - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
  O9 - Extra button: 參考資料 - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
  O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
  O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
  O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
  O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
  O15 - ESC Trusted Zone: http://*.update.microsoft.com
  O16 - DPF: {193C772A-87BE-4B19-A7BB-445B226FE9A1} (ewidoOnlineScan Control) - http://downloads.ewido.net/ewidoOnlineScan.cab
  O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/ ... e.cab?1216027155328
  O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/micr ... e.cab?1226643316609
  O16 - DPF: {A22B8FD2-4CAA-4EFB-82F7-680CD656D9B0} (NowStarter Control) - http://www.gogobox.com.tw/neo.fld/GNowStarter.cab
  O18 - Protocol: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
  O23 - Service: Avira AntiVir Personal - Free Antivirus Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
  O23 - Service: Avira AntiVir Personal - Free Antivirus Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
  O23 - Service: EQService - ENE Technology Inc. - (no file)
  O23 - Service: McAfee SiteAdvisor Service - Unknown owner - C:\Program Files\McAfee\SiteAdvisor\McSACore.exe
  O23 - Service: MySQL - Unknown owner - C:\WebServ\mysql\bin\mysqld-nt (file missing)
  
  --
  End of file - 7864 bytes
  
  ======Registry dump======
  
  [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{000123B4-9B42-4900-B3F7-F4B073EFC214}]
  Octh Class - C:\Program Files\Orbitdownloader\orbitcth.dll [2008-10-31 130248]
  
  [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4efb-9B51-7695ECA05670}]
  &Yahoo! Toolbar Helper - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll [2008-05-16 817936]
  
  [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
  SSVHelper Class - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll [2008-06-10 509328]
  
  [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{7E853D72-626A-48EC-A868-BA8D5E23E045}]
  
  [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{B164E929-A1B6-4A06-B104-2CD0E90A88FF}]
  McAfee SiteAdvisor BHO - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll [2008-09-30 145424]
  
  [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
  {EF99BD32-C1FB-11D2-892F-0090271D4F88} - Yahoo!奇摩捷徑列 - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll [2008-05-16 817936]
  {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - McAfee SiteAdvisor Toolbar - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll [2008-09-30 145424]
  
  [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
  "IMJPMIG8.1"=C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE [2004-08-04 208952]
  "AzMixerSel"=C:\Program Files\Realtek\InstallShield\AzMixerSel.exe [2005-12-21 53248]
  "LManager"=C:\PROGRA~1\LAUNCH~1\LManager.exe [2006-03-28 593920]
  "SynTPEnh"=C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2005-07-20 729177]
  "igfxtray"=C:\WINDOWS\system32\igfxtray.exe [2006-03-23 94208]
  "igfxhkcmd"=C:\WINDOWS\system32\hkcmd.exe [2006-03-23 77824]
  "igfxpers"=C:\WINDOWS\system32\igfxpers.exe [2006-03-23 118784]
  "NeroFilterCheck"=C:\WINDOWS\system32\NeroCheck.exe [2001-07-09 155648]
  "XFILTER"=C:\Program Files\Filseclab\xfilter\xfilter.exe [2006-12-23 884736]
  "CJIMETIPSYNC"=C:\Program Files\Common Files\Microsoft Shared\IME\IMTC65\CHANGJIE\CINTLCFG.EXE [2007-03-22 66400]
  "PHIMETIPSYNC"=C:\Program Files\Common Files\Microsoft Shared\IME\IMTC65\PHONETIC\TINTLCFG.EXE [2007-03-22 98656]
  "SunJavaUpdateSched"=C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe [2008-06-10 144784]
  "avgnt"=C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe [2008-06-12 266497]
  
  [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
  "ctfmon.exe"=C:\WINDOWS\system32\ctfmon.exe [2008-04-15 15360]
  "Yahoo! Pager"=C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe [2007-08-30 4670704]
  "ccleaner"=C:\Program Files\CCleaner\CCleaner.exe [2008-10-24 1336560]
  
  [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\igfxcui]
  igfxdev.dll []
  
  [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WgaLogon]
  WgaLogon.dll []
  
  [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
  WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll [2006-10-18 133632]
  
  [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
  "dontdisplaylastusername"=0
  "legalnoticecaption"=
  "legalnoticetext"=
  "shutdownwithoutlogon"=1
  "undockwithoutlogon"=1
  
  [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
  "NoDriveTypeAutoRun"=145
  
  [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
  "C:\Program Files\Orbitdownloader\orbitdm.exe"="C:\Program Files\Orbitdownloader\orbitdm.exe:*:Enabled:Orbit"
  "C:\Program Files\Orbitdownloader\orbitnet.exe"="C:\Program Files\Orbitdownloader\orbitnet.exe:*:Enabled:Orbit"
  
  [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
  "%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabledxpsp2res.dll,-22019"
  "%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabledxpsp3res.dll,-20000"
  "C:\Program Files\Windows Live\Messenger\msnmsgr.exe"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger"
  "C:\Program Files\Windows Live\Messenger\livecall.exe"="C:\Program Files\Windows Live\Messenger\livecall.exe:*:Enabled:Windows Live Messenger (Phone)"
  
  ======List of files/folders created in the last 1 months======
  
  2008-11-14 15:07:18 ----D---- C:\rsit
  2008-11-14 15:07:18 ----D---- C:\Program Files\trend micro
  2008-11-14 14:15:44 ----D---- C:\WINDOWS\LastGood
  2008-11-14 12:21:08 ----D---- C:\Program Files\Avira
  2008-11-14 12:21:08 ----D---- C:\Documents and Settings\All Users\Application Data\Avira
  2008-11-14 12:13:09 ----SHD---- C:\Config.Msi
  2008-11-13 16:00:05 ----D---- C:\Program Files\Sandboxie
  2008-11-12 17:01:31 ----HDC---- C:\WINDOWS\$NtUninstallKB957097$
  2008-11-12 17:01:26 ----HDC---- C:\WINDOWS\$NtUninstallKB954459$
  2008-11-12 17:01:17 ----HDC---- C:\WINDOWS\$NtUninstallKB955069$
  2008-11-05 16:34:16 ----A---- C:\WINDOWS\Winchat.ini
  2008-11-03 23:29:12 ----A---- C:\WINDOWS\system32\javaws.exe
  2008-11-03 23:29:12 ----A---- C:\WINDOWS\system32\javaw.exe
  2008-11-03 23:29:12 ----A---- C:\WINDOWS\system32\java.exe
  2008-10-24 23:57:30 ----HDC---- C:\WINDOWS\$NtUninstallKB958644$
  2008-10-17 11:49:36 ----D---- C:\WINDOWS\pss
  2008-10-15 15:46:45 ----HDC---- C:\WINDOWS\$NtUninstallKB956803$
  2008-10-15 15:46:40 ----HDC---- C:\WINDOWS\$NtUninstallKB956391$
  2008-10-15 15:46:34 ----HDC---- C:\WINDOWS\$NtUninstallKB957095$
  2008-10-15 15:46:03 ----HDC---- C:\WINDOWS\$NtUninstallKB954211$
  2008-10-15 15:45:53 ----HDC---- C:\WINDOWS\$NtUninstallKB956841$
  
  ======List of files/folders modified in the last 1 months======
  
  2008-11-14 15:07:25 ----D---- C:\WINDOWS\Prefetch
  2008-11-14 15:07:18 ----RD---- C:\Program Files
  2008-11-14 15:06:57 ----D---- C:\Documents and Settings\Administrator\Application Data\Orbit
  2008-11-14 15:06:26 ----D---- C:\WINDOWS\Temp
  2008-11-14 14:31:12 ----D---- C:\WINDOWS
  2008-11-14 14:15:45 ----SD---- C:\WINDOWS\Downloaded Program Files
  2008-11-14 14:15:45 ----D---- C:\WINDOWS\system32
  2008-11-14 14:14:53 ----D---- C:\WINDOWS\SoftwareDistribution
  2008-11-14 12:21:54 ----A---- C:\WINDOWS\system32\PerfStringBackup.TMP
  2008-11-14 12:21:11 ----D---- C:\WINDOWS\system32\drivers
  2008-11-14 12:20:28 ----D---- C:\WINDOWS\system32\CatRoot2
  2008-11-14 12:16:53 ----N---- C:\WINDOWS\SchedLgU.Txt
  2008-11-14 12:13:09 ----SHD---- C:\WINDOWS\Installer
  2008-11-13 23:51:24 ----D---- C:\Program Files\Audition
  2008-11-13 23:17:20 ----D---- C:\Program Files\Common Files\Filseclab
  2008-11-13 22:41:41 ----HD---- C:\WINDOWS\inf
  2008-11-13 16:18:03 ----A---- C:\WINDOWS\NeroDigital.ini
  2008-11-12 21:54:45 ----D---- C:\WINDOWS\Debug
  2008-11-12 17:01:34 ----RSHDC---- C:\WINDOWS\system32\dllcache
  2008-11-12 17:01:31 ----HD---- C:\WINDOWS\$hf_mig$
  2008-11-12 17:00:53 ----D---- C:\WINDOWS\WinSxS
  2008-11-11 23:20:27 ----D---- C:\Documents and Settings\Administrator\Application Data\MiniLyrics
  2008-11-09 23:26:56 ----D---- C:\Lyrics
  2008-11-09 22:57:05 ----D---- C:\Program Files\The KMPlayer
  2008-11-09 21:59:04 ----A---- C:\YServer.txt
  2008-11-04 08:10:25 ----A---- C:\WINDOWS\system32\MRT.exe
  2008-11-03 23:29:12 ----D---- C:\Program Files\Java
  2008-11-03 14:11:17 ----D---- C:\Program Files\Gamania
  2008-11-02 08:56:22 ----D---- C:\Program Files\Orbitdownloader
  2008-10-30 09:50:27 ----D---- C:\Program Files\McAfee
  2008-10-28 23:51:48 ----A---- C:\WINDOWS\Iedit_.INI
  2008-10-16 14:08:39 ----D---- C:\Program Files\Minilyrics
  2008-10-16 09:58:36 ----D---- C:\WINDOWS\system32\Macromed
  2008-10-16 00:34:59 ----A---- C:\WINDOWS\system32\netapi32.dll
  2008-10-15 15:48:04 ----D---- C:\Program Files\Internet Explorer
  
  ======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
  
  R1 avgio;avgio; \??\C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgio.sys []
  R1 avipbb;avipbb; C:\WINDOWS\system32\DRIVERS\avipbb.sys [2008-11-14 75072]
  R1 FsVga;FsVga; C:\WINDOWS\system32\DRIVERS\fsvga.sys [2006-02-15 12160]
  R1 intelppm;Intel Processor Driver; C:\WINDOWS\system32\DRIVERS\intelppm.sys [2008-04-14 39168]
  R1 WmiAcpi;Microsoft Windows Management Interface for ACPI; C:\WINDOWS\system32\DRIVERS\wmiacpi.sys [2008-04-14 8832]
  R1 WS2IFSL;Windows 通訊端 2.0 非 IFS 服務提供者支援環境; C:\WINDOWS\System32\drivers\ws2ifsl.sys [2004-08-04 12032]
  R2 mdmxsdk;mdmxsdk; C:\WINDOWS\system32\DRIVERS\mdmxsdk.sys [2005-10-05 12544]
  R2 npkcrypt;npkcrypt; \??\C:\Program Files\Gamania\MapleStory\npkcrypt.sys []
  R3 avgntflt;avgntflt; \??\C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgntflt.sys []
  R3 bcm4sbxp;Broadcom 440x 10/100 Integrated Controller XP Driver; C:\WINDOWS\system32\DRIVERS\bcm4sbxp.sys [2006-11-21 45568]
  R3 CmBatt;Microsoft ACPI Control Method Battery Driver; C:\WINDOWS\system32\DRIVERS\CmBatt.sys [2008-04-14 13952]
  R3 DKbFltr;Dritek Keyboard Filter Driver; C:\WINDOWS\system32\DRIVERS\DKbFltr.sys [2004-12-08 16896]
  R3 EMSCR;EMSCR; C:\WINDOWS\system32\DRIVERS\EMS7SK.sys [2005-11-17 60928]
  R3 ESDCR;ESDCR; C:\WINDOWS\system32\DRIVERS\ESD7SK.sys [2005-11-17 37888]
  R3 ESMCR;ESMCR; C:\WINDOWS\system32\DRIVERS\ESM7SK.sys [2005-11-17 74624]
  R3 HDAudBus;Microsoft UAA Bus Driver for High Definition Audio; C:\WINDOWS\system32\DRIVERS\HDAudBus.sys [2008-04-14 144384]
  R3 hidusb;Microsoft HID Class Driver; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2008-04-14 10368]
  R3 HSF_DPV;HSF_DPV; C:\WINDOWS\system32\DRIVERS\HSF_DPV.sys [2005-10-18 998656]
  R3 HSFHWAZL;HSFHWAZL; C:\WINDOWS\system32\DRIVERS\HSFHWAZL.sys [2005-10-24 218496]
  R3 ialm;ialm; C:\WINDOWS\system32\DRIVERS\ialmnt5.sys [2006-03-23 1166972]
  R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\WINDOWS\system32\drivers\RtkHDAud.sys [2005-12-19 4127232]
  R3 mouhid;滑鼠 HID 驅動程式; C:\WINDOWS\system32\DRIVERS\mouhid.sys [2006-02-15 12160]
  R3 sdbus;sdbus; C:\WINDOWS\system32\DRIVERS\sdbus.sys [2008-04-14 79232]
  R3 SynTP;Synaptics TouchPad Driver; C:\WINDOWS\system32\DRIVERS\SynTP.sys [2005-07-20 190592]
  R3 usbehci;Microsoft USB 2.0 Enhanced Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbehci.sys [2008-04-14 30208]
  R3 usbhub;USB2 Enabled Hub; C:\WINDOWS\system32\DRIVERS\usbhub.sys [2008-04-14 59520]
  R3 usbuhci;Microsoft USB Universal Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbuhci.sys [2008-04-14 20608]
  R3 winachsf;winachsf; C:\WINDOWS\system32\DRIVERS\HSF_CNXT.sys [2005-10-18 721280]
  S1 kbdhid;鍵盤 HID 驅動程式; C:\WINDOWS\system32\DRIVERS\kbdhid.sys [2008-04-14 14464]
  S1 ssmdrv;ssmdrv; C:\WINDOWS\system32\DRIVERS\ssmdrv.sys [2007-03-01 28352]
  S3 ATE_PROCMON;ATE_PROCMON; \??\C:\Program Files\Anti Trojan Elite\ATEPMon.sys []
  S3 EagleNT;EagleNT; \??\C:\WINDOWS\system32\drivers\EagleNT.sys []
  S3 EQSysSecure;EQSysSecure; \??\C:\WINDOWS\system32\drivers\EQSysSecure.sys []
  S3 npkcusb;npkcusb; \??\C:\Program Files\Gamania\MapleStory\npkcusb.sys []
  S3 NSNDIS5;NSNDIS5 NDIS Protocol Driver; \??\C:\WINDOWS\system32\NSNDIS5.SYS []
  S3 se58bus;Sony Ericsson Device 088 driver (WDM); C:\WINDOWS\system32\DRIVERS\se58bus.sys [2006-09-06 61536]
  S3 se58mdfl;Sony Ericsson Device 088 USB WMC Modem Filter; C:\WINDOWS\system32\DRIVERS\se58mdfl.sys [2006-09-05 9360]
  S3 se58mdm;Sony Ericsson Device 088 USB WMC Modem Driver; C:\WINDOWS\system32\DRIVERS\se58mdm.sys [2006-09-05 97088]
  S3 se58mgmt;Sony Ericsson Device 088 USB WMC Device Management Drivers (WDM); C:\WINDOWS\system32\DRIVERS\se58mgmt.sys [2006-09-05 88624]
  S3 se58nd5;Sony Ericsson Device 088 USB Ethernet Emulation SEMC58 (NDIS); C:\WINDOWS\system32\DRIVERS\se58nd5.sys [2006-09-05 18704]
  S3 se58obex;Sony Ericsson Device 088 USB WMC OBEX Interface; C:\WINDOWS\system32\DRIVERS\se58obex.sys [2006-09-05 86432]
  S3 se58unic;Sony Ericsson Device 088 USB Ethernet Emulation SEMC58 (WDM); C:\WINDOWS\system32\DRIVERS\se58unic.sys [2006-09-05 90800]
  S3 usbccgp;Microsoft USB 一般上層驅動程式; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2008-04-14 32128]
  S3 usbprint;Microsoft USB PRINTER Class; C:\WINDOWS\system32\DRIVERS\usbprint.sys [2008-04-14 25856]
  S3 USBSTOR;USB Mass Storage Driver; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-14 26368]
  S3 w39n51;Intel(R) PRO/Wireless 3945ABG Adapter Driver; C:\WINDOWS\system32\DRIVERS\w39n51.sys [2006-04-04 1429632]
  S3 WudfPf;Windows Driver Foundation - User-mode Driver Framework Platform Driver; C:\WINDOWS\system32\DRIVERS\WudfPf.sys [2006-09-28 77568]
  S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; C:\WINDOWS\system32\DRIVERS\wudfrd.sys [2006-09-28 82944]
  S4 IntelIde;IntelIde; C:\WINDOWS\system32\drivers\IntelIde.sys []
  
  ======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
  
  R2 AntiVirScheduler;Avira AntiVir Personal - Free Antivirus Scheduler; C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe [2008-10-15 68865]
  R2 AntiVirService;Avira AntiVir Personal - Free Antivirus Guard; C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe [2008-10-15 151297]
  R2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service; C:\Program Files\McAfee\SiteAdvisor\McSACore.exe [2008-10-08 203280]
  R2 UPHClean;User Profile Hive Cleanup; C:\Program Files\UPHClean\uphclean.exe [2005-04-27 241725]
  S2 MySQL;MySQL; C:\WebServ\mysql\bin\mysqld-nt --defaults-file=C:\WebServ\mysql\my.ini MySQL []
  S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2003-07-28 89136]
  S3 usnjsvc;Messenger Sharing Folders USN Journal Reader service; C:\Program Files\Windows Live\Messenger\usnsvc.exe [2007-10-18 98328]
  S3 usprserv;User Privilege Service; C:\WINDOWS\System32\svchost.exe [2008-04-15 14336]
  S3 WLSetupSvc;Windows Live Setup Service; C:\Program Files\Windows Live\installer\WLSetupSvc.exe [2007-10-25 266240]
  S3 WMPNetworkSvc;Windows Media Player Network Sharing Service; C:\Program Files\Windows Media Player\WMPNetwk.exe [2006-11-02 897024]
  S3 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS\system32\svchost.exe [2008-04-15 14336]
  
  -----------------EOF-----------------

• www12321 (2008-11-14 15:15:51)

  =
  ：＠
  因為默認表情符號的關西才會出現這個

• www12321 (2008-11-14 15:26:19)

  使用ComboFix.exe產生出來的報告
  log.txt
  內容如下
  
  
  ComboFix 08-11-12.01 - Administrator 2008-11-14 15:21:28.1 - NTFSx86
  Microsoft Windows XP Professional  5.1.2600.3.950.1.1028.18.656 [GMT 8:00]
  執行位置: c:\documents and settings\Administrator\桌面\ComboFix.exe
  * 成功創造新還原點
  .
  
  (((((((((((((((((((((((((((((((((((((((   被刪除的檔案   )))))))))))))))))))))))))))))))))))))))))))))))))
  .
  
  c:\documents and settings\Administrator\Application Data\BITS
  c:\documents and settings\Administrator\Application Data\BITS\BITS.ini
  c:\documents and settings\Administrator\Application Data\BITS\DHTTable.dat
  c:\documents and settings\Administrator\Application Data\BITS\ProxyList.ini
  c:\windows\system32\admshare.dat
  
  .
  (((((((((((((((((((((((((  2008-10-14 至 2008-11-14 的新的檔案  )))))))))))))))))))))))))))))))
  .
  
  2008-11-14 15:07 . 2008-11-14 15:08        <DIR>        d--------        C:\rsit
  2008-11-14 15:07 . 2008-11-14 15:08        <DIR>        d--------        c:\program files\trend micro
  2008-11-14 14:15 . 2008-11-14 14:15        <DIR>        d--------        c:\windows\LastGood
  2008-11-14 12:21 . 2008-11-14 12:21        <DIR>        d--------        c:\program files\Avira
  2008-11-14 12:21 . 2008-11-14 12:21        <DIR>        d--------        c:\documents and settings\All Users\Application Data\Avira
  2008-11-13 16:00 . 2008-11-13 16:24        <DIR>        d--------        c:\program files\Sandboxie
  2008-11-12 11:32 . 2008-09-05 01:15        1,106,944        -----c---        c:\windows\system32\dllcache\msxml3.dll
  2008-11-12 11:32 . 2008-10-24 19:21        455,296        -----c---        c:\windows\system32\dllcache\mrxsmb.sys
  2008-11-09 21:07 . 2008-11-09 21:07        268        --ah-----        C:\sqmdata04.sqm
  2008-11-09 21:07 . 2008-11-09 21:07        244        --ah-----        C:\sqmnoopt04.sqm
  2008-11-05 23:50 . 2008-11-14 14:31        <DIR>        d--------        c:\documents and settings\All Users\桌面
  2008-11-05 16:34 . 2008-11-05 16:34        122        --a------        c:\windows\Winchat.ini
  2008-11-03 23:29 . 2008-06-10 02:32        73,728        --a------        c:\windows\system32\javacpl.cpl
  2008-10-24 10:04 . 2008-10-16 00:34        337,408        -----c---        c:\windows\system32\dllcache\netapi32.dll
  2008-10-15 14:16 . 2008-09-15 23:24        1,846,016        -----c---        c:\windows\system32\dllcache\win32k.sys
  2008-10-15 14:16 . 2008-09-08 18:41        333,824        -----c---        c:\windows\system32\dllcache\srv.sys
  2008-10-15 14:15 . 2008-08-14 21:20        2,189,056        -----c---        c:\windows\system32\dllcache\ntoskrnl.exe
  2008-10-15 14:15 . 2008-08-14 21:20        2,145,280        -----c---        c:\windows\system32\dllcache\ntkrnlmp.exe
  2008-10-15 14:15 . 2008-08-14 21:20        2,065,920        -----c---        c:\windows\system32\dllcache\ntkrnlpa.exe
  2008-10-15 14:15 . 2008-08-14 21:20        2,023,936        -----c---        c:\windows\system32\dllcache\ntkrpamp.exe
  
  .
  ((((((((((((((((((((((((((((((((((((((((   在三個月內被修改的檔案   ))))))))))))))))))))))))))))))))))))))))))))))))))))
  .
  2008-11-14 07:17        ---------        d-----w        c:\documents and settings\Administrator\Application Data\Orbit
  2008-11-14 04:21        1,606        ----a-w        c:\windows\system32\PerfStringBackup.TMP
  2008-11-13 15:51        ---------        d-----w        c:\program files\Audition
  2008-11-13 15:17        ---------        d-----w        c:\program files\Common Files\Filseclab
  2008-11-12 03:29        ---------        d-----w        c:\documents and settings\LocalService\Application Data\SACore
  2008-11-11 15:20        ---------        d-----w        c:\documents and settings\Administrator\Application Data\MiniLyrics
  2008-11-09 14:57        ---------        d-----w        c:\program files\The KMPlayer
  2008-11-03 15:29        ---------        d-----w        c:\program files\Java
  2008-11-03 06:11        ---------        d-----w        c:\program files\Gamania
  2008-11-02 00:56        ---------        d-----w        c:\program files\Orbitdownloader
  2008-10-30 01:50        ---------        d-----w        c:\program files\McAfee
  2008-10-24 11:21        455,296        ----a-w        c:\windows\system32\drivers\mrxsmb.sys
  2008-10-16 06:08        ---------        d-----w        c:\program files\Minilyrics
  2008-10-12 01:35        ---------        d-----w        c:\documents and settings\All Users\Application Data\TVU Networks
  2008-10-09 02:31        ---------        d-----w        c:\documents and settings\All Users\Application Data\SlySoft
  2008-10-09 02:27        ---------        d-----w        c:\program files\SlySoft
  2008-10-05 14:58        ---------        d-----w        c:\documents and settings\Administrator\Application Data\uTorrent
  2008-10-05 14:13        ---------        d-----w        c:\documents and settings\Administrator\Application Data\deluge
  2008-10-05 14:09        ---------        d-----w        c:\program files\Common Files\Java
  2008-10-04 03:18        ---------        d-----w        c:\program files\CCleaner
  2008-10-04 02:35        ---------        d-----w        c:\program files\Common Files\Nero
  2008-10-04 02:35        ---------        d-----w        c:\documents and settings\All Users\Application Data\Nero
  2008-10-04 02:18        ---------        d-----w        c:\program files\Nero
  2008-10-04 02:08        ---------        d-----w        c:\documents and settings\Administrator\Application Data\Nero
  2008-10-02 05:57        ---------        d-----w        c:\documents and settings\All Users\Application Data\SiteAdvisor
  2008-10-01 14:45        ---------        d-----w        c:\program files\Common Files\McAfee
  2008-10-01 14:44        ---------        d-----w        c:\documents and settings\All Users\Application Data\McAfee
  2008-09-30 08:43        1,286,152        ----a-w        c:\windows\system32\msxml4.dll
  2008-09-27 02:21        ---------        d-----w        c:\program files\Quest@Home
  2008-09-25 08:13        ---------        d-----w        c:\program files\Real Alternative
  2008-09-25 07:03        ---------        d-----w        c:\program files\K-Lite Codec Pack
  2008-09-24 16:14        ---------        d-----w        c:\program files\Windows Media Connect 2
  2008-09-15 15:24        1,846,016        ----a-w        c:\windows\system32\win32k.sys
  2008-09-14 05:23        ---------        d-----w        c:\program files\Launch Manager
  2008-09-10 01:13        1,307,648        ----a-w        c:\windows\system32\msxml6.dll
  2008-09-04 17:15        1,106,944        ----a-w        c:\windows\system32\msxml3.dll
  2008-08-26 07:57        826,368        ----a-w        c:\windows\system32\wininet.dll
  2008-08-14 13:20        2,189,056        ----a-w        c:\windows\system32\ntoskrnl.exe
  2008-08-14 13:20        2,065,920        ----a-w        c:\windows\system32\ntkrnlpa.exe
  .
  
  (((((((((((((((((((((((((((((((((((((   重要登入點   ))))))))))))))))))))))))))))))))))))))))))))))))))
  .
  .
  *注意* 空白與合法缺省登錄將不會被顯示
  REGEDIT4
  
  [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
  "ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-15 15360]
  "Yahoo! Pager"="c:\program files\Yahoo!\Messenger\YahooMessenger.exe" [2007-08-30 4670704]
  "ccleaner"="c:\program files\CCleaner\CCleaner.exe" [2008-10-24 1336560]
  
  [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
  "IMJPMIG8.1"="c:\windows\IME\imjp8_1\IMJPMIG.EXE" [2004-08-04 208952]
  "AzMixerSel"="c:\program files\Realtek\InstallShield\AzMixerSel.exe" [2005-12-21 53248]
  "LManager"="c:\progra~1\LAUNCH~1\LManager.exe" [2006-03-28 593920]
  "SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2005-07-20 729177]
  "igfxtray"="c:\windows\system32\igfxtray.exe" [2006-03-23 94208]
  "igfxhkcmd"="c:\windows\system32\hkcmd.exe" [2006-03-23 77824]
  "igfxpers"="c:\windows\system32\igfxpers.exe" [2006-03-23 118784]
  "NeroFilterCheck"="c:\windows\system32\NeroCheck.exe" [2001-07-09 155648]
  "XFILTER"="c:\program files\Filseclab\xfilter\xfilter.exe" [2006-12-23 884736]
  "CJIMETIPSYNC"="c:\program files\Common Files\Microsoft Shared\IME\IMTC65\CHANGJIE\CINTLCFG.EXE" [2007-03-22 66400]
  "PHIMETIPSYNC"="c:\program files\Common Files\Microsoft Shared\IME\IMTC65\PHONETIC\TINTLCFG.EXE" [2007-03-22 98656]
  "SunJavaUpdateSched"="c:\program files\Java\jre1.6.0_07\bin\jusched.exe" [2008-06-10 144784]
  "avgnt"="c:\program files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" [2008-06-12 266497]
  
  [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
  "ctfmon.exe"="c:\windows\system32\CTFMON.EXE" [2008-04-15 15360]
  
  [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
  "nlsf"="move" [X]
  "nlhr"="c:\windows\System32\AdvPack.Dll" [2008-08-26 124928]
  "tscuninstall"="c:\windows\system32\tscupgrd.exe" [2004-08-04 44544]
  
  [HKEY_LOCAL_MACHINE\software\microsoft\security center]
  "AntiVirusOverride"=dword:00000001
  "FirewallOverride"=dword:00000001
  
  [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
  "EnableFirewall"= 0 (0x0)
  
  [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
  "c:\\Program Files\\Orbitdownloader\\orbitdm.exe"=
  "c:\\Program Files\\Orbitdownloader\\orbitnet.exe"=
  
  R0 XPacket;Filseclab Packet Filter;c:\windows\system32\xpacket.sys [2006-12-23 126224]
  R2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;c:\program files\McAfee\SiteAdvisor\McSACore.exe [2008-10-08 203280]
  S3 ATE_PROCMON;ATE_PROCMON;c:\program files\Anti Trojan Elite\ATEPMon.sys [ ]
  S3 EQSysSecure;EQSysSecure;c:\windows\system32\drivers\EQSysSecure.sys [2008-03-01 108032]
  S3 NSNDIS5;NSNDIS5 NDIS Protocol Driver;c:\windows\system32\NSNDIS5.SYS [ ]
  
  *Newly Created Service* - ANTIVIRSCHEDULER
  *Newly Created Service* - ANTIVIRSERVICE
  *Newly Created Service* - AVGIO
  *Newly Created Service* - AVGNTFLT
  *Newly Created Service* - AVIPBB
  *Newly Created Service* - CATCHME
  *Newly Created Service* - PROCEXP90
  .
  .
  ------- 而外的掃描 -------
  .
  R0 -: HKCU-Main,Start Page = hxxp://tw.yahoo.com/
  R0 -: HKCU-Main,SearchMigratedDefaultURL = hxxp://search.yahoo.com/search?p={searchTerms}&ei=utf-8&fr=b1ie7
  R0 -: HKLM-Main,Start Page = about:blank
  R0 -: HKLM-Main,Window Title = Microsoft Internet Explorer
  R1 -: HKCU-SearchURL,(Default) = hxxp://red.clientapps.yahoo.com/customize/ie/defaults/su/msgr8/*http://tw.search.yahoo.com
  O8 -: &Download by Orbit - c:\program files\Orbitdownloader\orbitmxt.dll/201
  O8 -: &Grab video by Orbit - c:\program files\Orbitdownloader\orbitmxt.dll/204
  O8 -: Do&wnload selected by Orbit - c:\program files\Orbitdownloader\orbitmxt.dll/203
  O8 -: Down&load all by Orbit - c:\program files\Orbitdownloader\orbitmxt.dll/202
  O8 -: 匯出至 Microsoft Office Excel(&X) - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
  O8 -: 轉換成簡體中文(&S) - c:\windows\system32\tcscconv.dll/tosimp
  O8 -: 轉換成繁體中文(&T) - c:\windows\system32\tcscconv.dll/totrad
  
  O16 -: {193C772A-87BE-4B19-A7BB-445B226FE9A1} - hxxp://downloads.ewido.net/ewidoOnlineScan.cab
  c:\windows\Downloaded Program Files\ewidoOnlineScan.dll
  
  O16 -: {A22B8FD2-4CAA-4EFB-82F7-680CD656D9B0} - hxxp://www.gogobox.com.tw/neo.fld/GNowStarter.cab
  c:\windows\Downloaded Program Files\GNowStarter.inf
  c:\windows\system32\atl.dll
  c:\windows\Downloaded Program Files\GNowStarter.ocx
  .
  
  **************************************************************************
  
  catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
  Rootkit scan 2008-11-14 15:23:04
  Windows 5.1.2600 Service Pack 3 NTFS
  
  掃描被隱藏的進程。。。 ...
  
  掃描被隱藏的啟動組。。。
  
  掃描被隱藏的文件。。。
  
  掃描完成
  被隱藏的檔案: 0
  
  **************************************************************************
  
  [HKEY_LOCAL_MACHINE\system\ControlSet001\Services\MySQL]
  "ImagePath"="\"c:\webserv\mysql\bin\mysqld-nt\" --defaults-file=\"c:\webserv\mysql\my.ini\" MySQL"
  .
  完成時間: 2008-11-14 15:23:52
  ComboFix-quarantined-files.txt  2008-11-14 07:23:46
  
  Pre-Run: 52,807,090,176 位元組可用
  Post-Run: 52,829,466,624 位元組可用
  
  WindowsXP-KB310994-SP2-Pro-BootDisk-CHT.exe
  [boot loader]
  timeout=2
  default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
  [operating systems]
  c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
  multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect
  
  174        --- E O F ---        2008-11-12 09:02:24