[中毒] 請問sdphost全速上傳, 是中毒了嗎?
PO文請使用下列格式並將有要求的檔案附上
資料越詳細才有辦法了解情況並作適當處理
1.問題描述:
請在下面說明碰到的中毒情形,越詳細越好(可貼圖說明):
我電腦昨天才重灌, 今天在使用電腦時, 發現電腦忽然便很慢, 打開netlimit,
發現有一個程式sdphost.exe正用全速上傳, 難怪拖慢了我整台電腦的速度,
我去查奇摩知識, 找不到有關的東西, 用google查, 也只查到兩三篇不是用英文
相關的文章, 所以我找不到任何有關sdphost.exe的資料, 不知道它是正常windows
裡面有的檔案, 還是病毒檔, 還是被病毒感染了, 才會這樣發飆的上傳...
還是說它這樣上傳是正常的???? 我都不知道...
2.掃毒報告:
請先使用掃毒軟體執行全機掃描後將掃毒結果傳到置底空間
如會掃描很久請最少掃描以下位置和防毒軟體顯示的中毒檔案位置:
C:\Windows\System32 C:\Windows C:\Program Files
請盡可能提供掃毒報告,如無法掃描請務必註明,也可使用線上掃毒掃描報告
線上掃毒使用方式請看精華區
我沒有裝防毒軟體, 所以用線上掃毒, 用卡巴斯基線上掃毒, 並沒有掃到任何毒
而且我昨天才重灌系統的
請將掃描結果上傳至置底空間,置底空間無法使用者請改用http://www.kotuha.com
使用方式:
Combofix: http://reinfors.googlepages.com/Combofix.html
Hijackthis: http://reinfors.googlepages.com/Hijackthis
SRENG: http://reinfors.googlepages.com/SRENG.html
如無法使用網路請看精華區 1 - 8 使用方式
4.報告連結:
請將掃描報告(log)貼於下方 (上面的全要)
Combofix :ComboFix 08-08-26.02 - Administrator 2008-08-27 18:33:49.2 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.3.950.1.1028.18.3252 [GMT 8:00]
執行位置: D:\Downloads\ComboFix.exe
[color=red][b]WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE
INSTALLED !![/b][/color]
.
(((((((((((((((((((((((((((((((((((((( 其他遭刪除的檔案
))))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\WINDOWS\system32\drivers\npf.sys
C:\WINDOWS\system32\packet.dll
C:\WINDOWS\system32\wpcap.dll
.
(((((((((((((((((((((((((((( 2008-07-27 - 2008-08-27 之間建立的檔案
)))))))))))))))))))))))))))))))))
.
2008-08-27 17:25 . 2008-08-27 17:25 <DIR> d-------- C:\WINDOWS\Sun
2008-08-27 17:24 . 2008-08-27 17:24 <DIR> d-------- C:\Program Files\Java
2008-08-27 17:24 . 2008-06-10
02:32 73,728 --a------ C:\WINDOWS\system32\javacpl.cpl
2008-08-27 17:22 . 2008-08-27 17:22 <DIR> d-------- C:\Program Files\Common
Files\Java
2008-08-27 11:27 . 2008-08-27 11:27 <DIR> d-------- C:\Program
Files\ICETechnology
2008-08-27 10:23 . 2008-08-27 10:23 <DIR> d-------- C:\Documents and
Settings\Administrator\Contacts
2008-08-27 10:18 . 2008-08-27 10:18 <DIR> d-------- C:\Program Files\Windows
Live
2008-08-27 10:03 . 2008-08-27 10:03 <DIR> d-------- C:\Program Files\Open
PCMan
2008-08-27 10:03 . 2008-08-27 11:36 <DIR> d-------- C:\Documents and
Settings\Administrator\Application Data\PCMan
2008-08-27 10:02 . 2008-08-27 10:02 <DIR> d-------- C:\Documents and
Settings\All Users\Application Data\WLInstaller
2008-08-27 01:27 . 2008-08-27 01:27 <DIR> d-------- C:\Program Files\Real
Alternative
2008-08-27 01:27 . 2003-03-19
11:14 499,712 --a------ C:\WINDOWS\system32\msvcp71.dll
2008-08-27 01:19 . 2008-08-27 01:19 <DIR> d-------- C:\Documents and
Settings\Administrator\Application Data\Application Data
2008-08-27 01:17 . 2008-08-27 01:17 <DIR> d-------- C:\Documents and
Settings\Administrator\Application Data\Media Player Classic
2008-08-27 01:16 . 2008-08-27 01:16 <DIR> d-------- C:\Program Files\K-Lite
Codec Pack
2008-08-27 01:12 . 2008-08-27 01:12 <DIR> d-------- C:\Documents and
Settings\Administrator\Application Data\StromII
2008-08-27 01:12 . 2006-05-26
21:29 2,117,632 --a------ C:\WINDOWS\system32\ffdshow.ax
2008-08-27 01:12 . 2006-07-18
00:00 348,160 --a------ C:\WINDOWS\system32\msvcr71.dll
2008-08-27 01:12 . 2007-01-09
18:46 10,752 --a------ C:\WINDOWS\system32\ff_vfw.dll
2008-08-27 01:12 . 2004-03-15
19:54 547 --a------ C:\WINDOWS\system32\ffdshow.ax.manifest
2008-08-27 01:12 . 2005-02-24
18:56 547 --a------ C:\WINDOWS\system32\ff_vfw.dll.manifest
2008-08-27 01:11 . 2008-08-27 16:20 <DIR> d-------- C:\Documents and
Settings\All Users\Application Data\Storm
2008-08-27 01:09 . 2008-08-27 09:33 <DIR> d-------- C:\Program Files\StormII
2008-08-27 00:53 . 2008-08-27 00:53 <DIR> d-------- C:\Program Files\ViewMate
Desktop Keyboard KC207
2008-08-27 00:53 . 2004-06-07
14:09 18,220 --a------ C:\WINDOWS\system32\drivers\UsbFltr.sys
2008-08-27 00:53 . 2003-03-27
13:55 11,776 --a------ C:\WINDOWS\system32\drivers\kbfilter.sys
2008-08-27 00:32 . 2008-08-27 12:18 4,930,854 --a------ C:\WINDOWS\ACD
Wallpaper.bmp
2008-08-27 00:19 . 2008-08-27 00:19 <DIR> d-------- C:\Documents and
Settings\Administrator\Application Data\ACD Systems
2008-08-27 00:18 . 2008-08-27 00:18 <DIR> d-------- C:\WINDOWS\ACDSee
2008-08-27 00:18 . 2008-08-27 00:18 <DIR> d-------- C:\Documents and
Settings\Administrator\「開始」功
2008-08-27 00:17 . 2008-08-27 00:18 <DIR> d-------- C:\Program Files\Common
Files\ACD Systems
2008-08-27 00:17 . 2008-08-27 00:17 <DIR> d-------- C:\Program Files\ACD
Systems
2008-08-27 00:17 . 2008-08-27 00:17 <DIR> d-------- C:\Documents and
Settings\All Users\Application Data\ACD Systems
2008-08-27 00:17 . 2008-08-27
00:17 10,368 --a------ C:\WINDOWS\system32\drivers\pfc.sys
2008-08-27 00:16 . 2008-08-27 00:16 <DIR> d-------- C:\WINDOWS\Downloaded
Installations
2008-08-27 00:09 . 2007-07-30
19:19 43,352 --a------ C:\WINDOWS\system32\wups2.dll
2008-08-27 00:09 . 2007-07-30
19:20 30,040 --a------ C:\WINDOWS\system32\wucltui.dll.mui
2008-08-27 00:09 . 2007-07-30
19:19 25,944 --a------ C:\WINDOWS\system32\wuaucpl.cpl.mui
2008-08-27 00:09 . 2007-07-30
19:19 25,944 --a------ C:\WINDOWS\system32\wuapi.dll.mui
2008-08-27 00:09 . 2007-07-30
19:19 16,216 --a------ C:\WINDOWS\system32\wuaueng.dll.mui
2008-08-27 00:06 . 2008-08-27 00:06 <DIR> d---s---- C:\Documents and
Settings\Administrator\UserData
2008-08-27 00:00 . 2008-08-27 00:00 <DIR> d-------- C:\Program Files\Alcohol
Soft
2008-08-26 23:58 . 2008-08-27 17:16 <DIR> d-------- C:\Program Files\BitComet
2008-08-26 23:58 . 2008-08-27 18:29 <DIR> d-a------ C:\Documents and
Settings\All Users\Application Data\TEMP
2008-08-26 23:58 . 2008-08-26
23:58 716,272 --a------ C:\WINDOWS\system32\drivers\sptd.sys
2008-08-26 23:56 . 2008-08-27 18:21 <DIR> d-------- C:\Program Files\FlashGet
2008-08-26 23:55 . 2008-08-26 23:55 <DIR> d-------- C:\Program Files\Panicware
2008-08-26 23:52 . 2008-08-26 23:52 <DIR> d-------- C:\Program
Files\NetLimiter
2008-08-26 23:52 . 2008-08-26 23:52 <DIR> d-------- C:\Documents and
Settings\Administrator\Application Data\LockTime
2008-08-26 23:49 . 2008-08-27 01:05 <DIR> d-------- C:\Documents and
Settings\Administrator\Application Data\Winamp
2008-08-26 23:37 . 2008-08-26 23:37 <DIR> d-------- C:\Program Files\Win2
2008-08-26 23:33 . 2008-08-26
23:33 <DIR> d----c--- C:\WINDOWS\system32\DRVSTORE
2008-08-26 23:33 . 2008-08-26 23:33 <DIR> d-------- C:\Intel
2008-08-26 23:33 . 2007-12-12
15:56 53,248 --a------ C:\WINDOWS\system32\CSVer.dll
2008-08-26 23:15 . 2008-08-26 23:15 <DIR> d-------- C:\Program Files\Intel
2008-08-26 23:11 . 2008-08-26 23:11 <DIR> d-------- C:\WINDOWS\JM
2008-08-26 23:11 . 2006-07-12
17:58 356,352 -r------- C:\WINDOWS\system32\JMRaidTool.exe
2008-08-26 23:11 . 2006-07-11
17:20 139,264 -r------- C:\WINDOWS\system32\JMRaidAPI.dll
2008-08-26 23:11 . 2006-07-20
21:39 41,728 -ra------ C:\WINDOWS\system32\drivers\jraid.sys
2008-08-26 23:11 . 2006-02-07
19:52 6,912 -ra------ C:\WINDOWS\system32\drivers\JGOGO.sys
2008-08-26 23:06 . 2008-08-26 23:06 <DIR> d-------- C:\Program Files\GIGABYTE
2008-08-26 23:06 . 1998-10-29 16:45 306,688 --a------ C:\WINDOWS\IsUninst.exe
2008-08-26 23:06 . 2006-07-12
08:56 248,192 --a------ C:\WINDOWS\system32\drivers\yk51x86.sys
2008-08-26 23:06 . 2008-08-26
23:06 1,606 --a------ C:\WINDOWS\system32\PerfStringBackup.TMP
2008-08-26 23:03 . 2008-08-27
18:36 3,382,863 --a------ C:\WINDOWS\{00000005-00000000-00000001-00001102-00000002-80271102}.CDF
2008-08-26 23:03 . 2008-08-26
23:03 3,382,863 --a------ C:\WINDOWS\{00000005-00000000-00000001-00001102-00000002-80271102}.BAK
2008-08-26 23:02 . 2008-08-27
18:35 24,264 --a------ C:\WINDOWS\system32\BMXCtrlState-{00000005-00000000-00000001-00001102-00000002-80271102}.rfx
2008-08-26 23:02 . 2008-08-27
18:35 24,264 --a------ C:\WINDOWS\system32\BMXBkpCtrlState-{00000005-00000000-00000001-00001102-00000002-80271102}.rfx
2008-08-26 23:02 . 2008-08-27
18:35 16,324 --a------ C:\WINDOWS\system32\BMXStateBkp-{00000005-00000000-00000001-00001102-00000002-80271102}.rfx
2008-08-26 23:02 . 2008-08-27
18:35 16,324 --a------ C:\WINDOWS\system32\BMXState-{00000005-00000000-00000001-00001102-00000002-80271102}.rfx
2008-08-26 23:02 . 2008-08-27
18:35 1,080 --a------ C:\WINDOWS\system32\settingsbkup.sfm
2008-08-26 23:02 . 2008-08-27
18:35 1,080 --a------ C:\WINDOWS\system32\settings.sfm
2008-08-26 23:02 . 2008-08-27
18:35 384 --a------ C:\WINDOWS\system32\DVCStateBkp-{00000005-00000000-00000001-00001102-00000002-80271102}.dat
2008-08-26 23:02 . 2008-08-27
18:35 384 --a------ C:\WINDOWS\system32\DVCState-{00000005-00000000-00000001-00001102-00000002-80271102}.dat
2008-08-26 23:01 . 2008-08-26 23:01 <DIR> d-------- C:\Program Files\My
Company Name
2008-08-26 23:00 . 2008-08-27
18:36 81,191 --a------ C:\WINDOWS\system32\nvapps.xml
.
(((((((((((((((((((((((((((((((((((( 近三個月內更動的檔案
)))))))))))))))))))))))))))))))))))))))))))))))
.
2008-08-26 15:50 --------- d-----w C:\Program Files\WinAmp
2008-08-26 15:11 --------- d--h--w C:\Program Files\InstallShield
Installation Information
2008-08-26 14:59 --------- d-----w C:\Program Files\Common Files\InstallShield
2008-08-26 14:57 --------- d-----w C:\Program Files\Creative
2008-08-26 14:56 --------- d-----w C:\Documents and Settings\All
Users\Application Data\Creative
2008-08-26 14:53 --------- d-----w C:\Program Files\Driver Cleaner Pro
2008-08-26 14:47 --------- d-----w C:\Program Files\microsoft frontpage
2008-04-14 14:00 933,888 --sh--r C:\WINDOWS\system32\sdphost.exe
.
(((((((((((((((((((((((((((((((((((((((((( 重要登錄檔
)))))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*注意* 空白或合法的登錄值將不會顯示
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2008-04-14 22:00 15360]
"AlcoholAutomount"="C:\Program Files\Alcohol Soft\Alcohol 120\axcmd.exe"
[2008-02-22 19:30 217544]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IMJPMIG8.1"="C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" [2008-04-13 22:13 208952]
"PHIME2002ASync"="C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE" [2008-04-14
22:01 455168]
"PHIME2002A"="C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE" [2008-04-14
22:01 455168]
"CTSysVol"="C:\Program Files\Creative\SBLive\Surround Mixer\CTSysVol.exe"
[2003-07-02 10:03 57344]
"CTDVDDET"="C:\Program Files\Creative\SBLive\DVDAudio\CTDVDDET.EXE"
[2003-06-18 01:00 45056]
"SBDrvDet"="C:\Program Files\Creative\SB Drive Det\SBDrvDet.exe" [2002-12-03
18:06 45056]
"UpdReg"="C:\WINDOWS\UpdReg.EXE" [2000-05-11 01:00 90112]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2006-08-11 21:43 7630848]
"NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [2006-08-11 21:43 86016]
"GBB36X Configure"="C:\WINDOWS\system32\JMRaidTool.exe" [2006-07-12 17:58
356352]
"WheelMouse"="C:\Program Files\Win2\Mouse\Amoumain.exe" [2006-03-14 16:49
192512]
"NetLimiter"="C:\Program Files\NetLimiter\NetLimiter.exe" [2004-05-31 16:04
823296]
"Pop-Up Stopper"="C:\Program Files\Panicware\Pop-Up Stopper\dpps2.exe"
[2001-03-03 22:05 692224]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
[2008-06-10 04:27 144784]
"AsioReg"="CTASIO.DLL" [2003-10-25 12:01 118784
C:\WINDOWS\system32\CTASIO.DLL]
"nwiz"="nwiz.exe" [2006-08-11 21:43 1519616 C:\WINDOWS\system32\nwiz.exe]
"Files Driver"="sdphost.exe" [2008-04-14 22:00 933888
C:\WINDOWS\system32\sdphost.exe]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServices]
"Files Driver"="sdphost.exe" [2008-04-14 22:00 933888
C:\WINDOWS\system32\sdphost.exe]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="ctfmon.exe" [2008-04-14 22:00 15360
C:\WINDOWS\system32\ctfmon.exe]
C:\Documents and Settings\All Users\「開始」功能表\程式集\啟動\
Media Key.lnk - C:\Program Files\ViewMate Desktop Keyboard KC207\MagicKey.exe
[2008-08-27 00:53:42 159744]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"msacm.ctmp3"= C:\WINDOWS\system32\ctmp3.acm
"VIDC.ACDV"= ACDV.dll
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"DisableUnicastResponsesToMulticastBroadcast"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"D:\\Program Files\\eMule\\eMule.exe"=
"C:\\Program Files\\FlashGet\\flashget.exe"=
"C:\\Program Files\\BitComet\\BitComet.exe"=
"C:\\Program Files\\StormII\\Storm.exe"=
"C:\\Program Files\\StormII\\stormliv.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"24876:TCP"= 24876:TCP:BitComet 24876 TCP
"24876:UDP"= 24876:UDP:BitComet 24876 UDP
R1 kbfilter;Keyboard Filter Driver;C:\WINDOWS\system32\drivers\kbfilter.sys
[2003-03-27 13:55]
R1 UsbFltr;WayTechUSBFilterDriver;C:\WINDOWS\system32\drivers\UsbFltr.sys
[2004-06-07 14:09]
R2 ccosm;Contrl Center of Storm Media;C:\Program Files\StormII\stormliv.exe
[2008-01-22 15:34]
R3 Amps2prt;A4Tech PS/2 Port Mouse
Driver;C:\WINDOWS\system32\DRIVERS\Amps2prt.sys [2006-01-11 14:34]
S3 NPF;Netgroup Packet Filter;C:\WINDOWS\system32\drivers\npf.sys [2008-08-27
18:37]
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{2441f321-7388-11dd-aee1-0016e6d45a93}]
\Shell\AutoRun\command - J:\nideiect.com
\Shell\explore\Command - J:\nideiect.com
\Shell\open\Command - J:\nideiect.com
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{2b3a0aac-73be-11dd-96ee-806d6172696f}]
\Shell\AutoRun\command - H:\Run.exe
.
.
------- Supplementary Scan -------
.
R0 -: HKCU-Main,Start Page = hxxp://tw.yahoo.com/
O8 -: &使用 FlashGet 下載 - C:\Program Files\FlashGet\jc_link.htm
O8 -: &使用BitComet下載本頁視訊 - C:\Program
Files\BitComet\BitComet.exe/AddVideo.htm
O8 -: &全部使用 FlashGet 下載 - C:\Program Files\FlashGet\jc_all.htm
O8 -: 使用BitComet下載全部連結 - C:\Program
Files\BitComet\BitComet.exe/AddAllLink.htm
O8 -: 使用BitComet下載連結(&B) - C:\Program
Files\BitComet\BitComet.exe/AddLink.htm
.
**************************************************************************
catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer,
http://www.gmer.net
Rootkit scan 2008-08-27 18:36:25
Windows 5.1.2600 Service Pack 3 NTFS
掃描隱藏的程序...
掃描隱藏的進程...
掃描隱藏的檔案...
掃描完成
隱藏檔案: 0
**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes
---------------------
PROCESS: C:\WINDOWS\system32\lsass.exe
-> C:\Program Files\NetLimiter\nl_lsp.dll
-> C:\WINDOWS\system32\nl_msgc.dll
.
------------------------ Other Running Processes ------------------------
.
C:\WINDOWS\system32\conime.exe
C:\WINDOWS\ATKKBService.exe
C:\WINDOWS\system32\CTsvcCDA.EXE
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
C:\WINDOWS\system32\wdfmgr.exe
C:\WINDOWS\system32\MsPMSPSv.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\ViewMate Desktop Keyboard KC207\OSD.exe
C:\WINDOWS\system32\wscntfy.exe
.
**************************************************************************
.
完成時間: 2008-08-27 18:37:38 - machine was rebooted
ComboFix-quarantined-files.txt 2008-08-27 10:37:35
ComboFix2.txt 2008-08-27 10:23:46
Pre-Run: 36,933,464,064 位元組可用
Post-Run: 36,915,814,400 位元組可用
211
Hijackthis:Logfile of HijackThis v1.99.1
Scan saved at 下午 06:40:38, on 2008/8/27
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Creative\SBLive\Surround Mixer\CTSysVol.exe
C:\Program Files\Creative\SBLive\DVDAudio\CTDVDDET.EXE
C:\WINDOWS\ATKKBService.exe
C:\Program Files\StormII\stormliv.exe
C:\WINDOWS\system32\CTsvcCDA.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Win2\Mouse\Amoumain.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\NetLimiter\NetLimiter.exe
C:\Program Files\Panicware\Pop-Up Stopper\dpps2.exe
C:\WINDOWS\system32\sdphost.exe
C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
C:\WINDOWS\system32\MsPMSPSv.exe
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\ViewMate Desktop Keyboard KC207\MagicKey.exe
C:\Program Files\ViewMate Desktop Keyboard KC207\OSD.EXE
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\WinRAR\WinRAR.exe
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\Rar$EX00.750\HijackThis.exe
O2 - BHO: flashget urlcatch - {2F364306-AA45-47B5-9F9D-39A8B94E7EF7} -
C:\Program Files\FlashGet\jccatch.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -
C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: FlashGet GetFlash Class - {F156768E-81EF-470C-9057-481BA8380DBA} -
C:\Program Files\FlashGet\getflash.dll
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil
/RemAdvDef /Migration32
O4 - HKLM\..\Run: [PHIME2002ASync]
C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE
/IMEName
O4 - HKLM\..\Run: [CTSysVol] C:\Program Files\Creative\SBLive\Surround
Mixer\CTSysVol.exe /r
O4 - HKLM\..\Run: [CTDVDDET] C:\Program
Files\Creative\SBLive\DVDAudio\CTDVDDET.EXE
O4 - HKLM\..\Run: [AsioReg] REGSVR32.EXE /S CTASIO.DLL
O4 - HKLM\..\Run: [SBDrvDet] C:\Program Files\Creative\SB Drive
Det\SBDrvDet.exe /r
O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE
C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE
C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [GBB36X Configure] C:\WINDOWS\system32\JMRaidTool.exe boot
O4 - HKLM\..\Run: [WheelMouse] C:\Program Files\Win2\Mouse\Amoumain.exe
O4 - HKLM\..\Run: [NetLimiter] C:\Program Files\NetLimiter\NetLimiter.exe /s
O4 - HKLM\..\Run: [Pop-Up Stopper] "C:\Program Files\Panicware\Pop-Up
Stopper\dpps2.exe"
O4 - HKLM\..\Run: [Files Driver] sdphost.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program
Files\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKLM\..\RunServices: [Files Driver] sdphost.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [AlcoholAutomount] "C:\Program Files\Alcohol Soft\Alcohol
120\axcmd.exe" /automount
O8 - Extra context menu item: &使用 FlashGet 下載 - C:\Program
Files\FlashGet\jc_link.htm
O8 - Extra context menu item: &使用BitComet下載本頁視訊 - res://C:\Program
Files\BitComet\BitComet.exe/AddVideo.htm
O8 - Extra context menu item: &全部使用 FlashGet 下載 - C:\Program
Files\FlashGet\jc_all.htm
O8 - Extra context menu item: 使用BitComet下載全部連結 - res://C:\Program
Files\BitComet\BitComet.exe/AddAllLink.htm
O8 - Extra context menu item: 使用BitComet下載連結(&B) - res://C:\Program
Files\BitComet\BitComet.exe/AddLink.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} -
C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java 主控台 -
{08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program
Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} -
C:\Program Files\FlashGet\FlashGet.exe
O9 - Extra 'Tools' menuitem: FlashGet -
{D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\Program
Files\FlashGet\FlashGet.exe
O14 - IERESET.INF: START_PAGE_URL=tw.yahoo.com
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) -
http://www.update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1219766813296
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Runtime Environment
1.6.0) - http://javadl.sun.com/webapps/download/AutoDL?BundleId=23100
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} -
C:\PROGRA~1\WINDOW~4\MESSEN~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} -
C:\PROGRA~1\WINDOW~4\MESSEN~1\MSGRAP~1.DLL
O20 - Winlogon Notify: dimsntfy - %SystemRoot%\System32\dimsntfy.dll (file
missing)
O23 - Service: ATK Keyboard Service (ATKKeyboardService) - ASUSTeK COMPUTER
INC. - C:\WINDOWS\ATKKBService.exe
O23 - Service: Contrl Center of Storm Media (ccosm) - 北京暴?网?科技有限公司
- C:\Program Files\StormII\stormliv.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd -
C:\WINDOWS\system32\CTsvcCDA.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation -
C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: StarWind AE Service (StarWindServiceAE) - Rocket Division
Software - C:\Program Files\Alcohol Soft\Alcohol
120\StarWind\StarWindServiceAE.exe
SRENG :[CODE]
2008-08-27,18:42:37
System Repair Engineer 2.6.12.1018
Smallfrogs (http://www.KZTechs.com)
Windows XP Professional Service Pack 3 (Build 2600) - 管理許可權用戶 - 完整功
能
以下內容被選中:
所有的啟動項目(包括註冊表、開機檔案夾、服務等)
流覽器載入項
正在運行的進程(包括進程模組資訊)
文件關聯
Winsock 提供者
Autorun.inf
HOSTS 文件
進程特權掃描
啟動專案
註冊表
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
<ctfmon.exe><C:\WINDOWS\system32\ctfmon.exe> [(Verified)Microsoft
Windows Component Publisher]
<AlcoholAutomount><"C:\Program Files\Alcohol Soft\Alcohol 120\axcmd.exe"
/automount> [(Verified)Microsoft Windows Component Publisher]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
<IMJPMIG8.1><"C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef
/Migration32> [(Verified)Microsoft Windows Component Publisher]
<PHIME2002ASync><C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC>
[(Verified)Microsoft Windows Component Publisher]
<PHIME2002A><C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName>
[(Verified)Microsoft Windows Component Publisher]
<CTSysVol><C:\Program Files\Creative\SBLive\Surround Mixer\CTSysVol.exe
/r> [Creative Technology Ltd]
<CTDVDDET><C:\Program Files\Creative\SBLive\DVDAudio\CTDVDDET.EXE>
[Creative Technology Ltd]
<AsioReg><REGSVR32.EXE /S CTASIO.DLL> [(Verified)Microsoft Windows
Component Publisher]
<SBDrvDet><C:\Program Files\Creative\SB Drive Det\SBDrvDet.exe /r>
[Creative Technology Ltd]
<UpdReg><C:\WINDOWS\UpdReg.EXE> [Creative Technology Ltd.]
<NvCplDaemon><RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup>
[(Verified)Microsoft Windows Hardware Compatibility Publisher]
<nwiz><nwiz.exe /install> []
<NvMediaCenter><RUNDLL32.EXE
C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit> [(Verified)Microsoft Windows
Hardware Compatibility Publisher]
<GBB36X Configure><C:\WINDOWS\system32\JMRaidTool.exe boot> [File is
missing]
<WheelMouse><C:\Program Files\Win2\Mouse\Amoumain.exe> [A4Tech Co., Ltd.]
<NetLimiter><C:\Program Files\NetLimiter\NetLimiter.exe /s> [LockTime]
<Pop-Up Stopper><"C:\Program Files\Panicware\Pop-Up Stopper\dpps2.exe">
[PanicWare]
<Files Driver><sdphost.exe> []
<SunJavaUpdateSched><"C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe">
[(Verified)"Sun Microsystems, Inc."]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\RunServices]
<Files Driver><sdphost.exe> []
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
<shell><Explorer.exe> [(Verified)Microsoft Windows Component Publisher]
<Userinit><C:\WINDOWS\system32\userinit.exe,> [(Verified)Microsoft
Windows Component Publisher]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Windows]
<AppInit_DLLs><> [N/A]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
<UIHost><logonui.exe> [(Verified)Microsoft Windows Component Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed
Components\>{26923b43-4d38-484f-9b9e-de460746276c}]
<Internet Explorer><%systemroot%\system32\shmgrate.exe
OCInstallUserConfigIE> [File is missing]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed
Components\>{881dd1c5-3dcf-431b-b061-f3f88e8be88a}]
<Outlook Express><%systemroot%\system32\shmgrate.exe
OCInstallUserConfigOE> [File is missing]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed
Components\{2C7339CF-2B09-4501-B3F3-F3508C9228ED}]
<Themes Setup><%SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall
%SystemRoot%\system32\themeui.dll> [File is missing]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed
Components\{44BBA840-CC51-11CF-AAFA-00AA00B6015C}]
<Microsoft Outlook Express 6><"%ProgramFiles%\Outlook
Express\setup50.exe" /APP:OE /CALLER:WINNT /user /install> [File is missing]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed
Components\{44BBA842-CC51-11CF-AAFA-00AA00B6015B}]
<NetMeeting 3.01><rundll32.exe advpack.dll,LaunchINFSection
C:\WINDOWS\INF\msnetmtg.inf,NetMtg.Install.PerUser.NT> [(Verified)Microsoft
Windows Component Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed
Components\{6BF52A52-394A-11d3-B153-00C04F79FAA6}]
<Microsoft Windows Media Player><rundll32.exe
advpack.dll,LaunchINFSection C:\WINDOWS\INF\wmp.inf,PerUserStub>
[(Verified)Microsoft Windows Component Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed
Components\{7790769C-0471-11d2-AF11-00C04FA35D02}]
<Address Book 6><"%ProgramFiles%\Outlook Express\setup50.exe" /APP:WAB
/CALLER:WINNT /user /install> [File is missing]
==================================
開機檔案夾
[Media Key]
<C:\Documents and Settings\All Users\「開始」功能表\程式集\啟動\Media
Key.lnk --> C:\PROGRA~1\VIEWMA~1\MagicKey.exe [N/A]><N>
==================================
服務
[ATK Keyboard Service / ATKKeyboardService][Running/Auto Start]
<C:\WINDOWS\ATKKBService.exe><ASUSTeK COMPUTER INC.>
[Contrl Center of Storm Media / ccosm][Running/Auto Start]
<C:\Program Files\StormII\stormliv.exe /asservice><北京暴?网?科技有限公司>
[Creative Service for CDROM Access / Creative Service for CDROM
Access][Running/Auto Start]
<C:\WINDOWS\system32\CTsvcCDA.exe><Creative Technology Ltd>
[Human Interface Device Access / HidServ][Stopped/Disabled]
<C:\WINDOWS\System32\svchost.exe -k
netsvcs-->%SystemRoot%\System32\hidserv.dll><N/A>
[NVIDIA Display Driver Service / NVSvc][Running/Auto Start]
<C:\WINDOWS\system32\nvsvc32.exe><NVIDIA Corporation>
[StarWind AE Service / StarWindServiceAE][Running/Auto Start]
<C:\Program Files\Alcohol Soft\Alcohol
120\StarWind\StarWindServiceAE.exe><Rocket Division Software>
[WMDM PMSP Service / WMDM PMSP Service][Running/Auto Start]
<C:\WINDOWS\system32\MsPMSPSv.exe><Microsoft Corporation>
==================================
驅動程式
[A4Tech PS/2 Port Mouse Driver / Amps2prt][Running/Manual Start]
<system32\DRIVERS\Amps2prt.sys><A4Tech Co.,Ltd.>
[Enhanced Display Driver Helper Service / asuskbnt][Running/System Start]
<system32\drivers\atkkbnt.sys><ASUSTeK COMPUTER INC.>
[Creative AC3 Software Decoder / ctac32k][Running/Manual Start]
<System32\drivers\ctac32k.sys><Creative Technology Ltd>
[Creative Audio Driver (WDM) / ctaud2k][Running/Manual Start]
<system32\drivers\ctaud2k.sys><Creative Technology Ltd>
[Creative DVD-Audio Device Driver / ctdvda2k][Stopped/Manual Start]
<System32\drivers\ctdvda2k.sys><Creative Technology Ltd>
[Creative SBLive! Gameport / ctljystk][Stopped/Manual Start]
<system32\DRIVERS\ctljystk.sys><Creative Technology Ltd.>
[Creative Proxy Driver / ctprxy2k][Running/Manual Start]
<System32\drivers\ctprxy2k.sys><Creative Technology Ltd>
[Creative SoundFont Management Device Driver / ctsfm2k][Running/Manual Start]
<System32\drivers\ctsfm2k.sys><Creative Technology Ltd>
[EIO / EIO][Running/Auto Start]
<\??\C:\WINDOWS\system32\drivers\EIO.sys><ASUSTeK Computer Inc.>
[Creative SB Live! (WDM) / emu10k][Stopped/Manual Start]
<system32\drivers\emu10k1m.sys><Creative Technology Ltd.>
[Creative Interface Manager Driver (WDM) / emu10k1][Stopped/Manual Start]
<system32\drivers\ctlfacem.sys><Creative Technology Ltd.>
[E-mu Plug-in Architecture Driver / emupia][Running/Manual Start]
<system32\drivers\emupia2k.sys><Creative Technology Ltd>
[Creative Hardware Abstract Layer Driver / ha10kx2k][Running/Manual Start]
<system32\drivers\ha10kx2k.sys><Creative Technology Ltd>
[Creative P16V HAL Driver / hap16v2k][Stopped/Manual Start]
<System32\drivers\hap16v2k.sys><Creative Technology Ltd>
[Microsoft UAA Bus Driver for High Definition Audio /
HDAudBus][Running/Manual Start]
<system32\DRIVERS\HDAudBus.sys><Windows (R) Server 2003 DDK provider>
[JMicron Hot-Plug Driver / JGOGO][Running/Boot Start]
<\SystemRoot\system32\DRIVERS\JGOGO.sys><JMicron>
[JRAID / JRAID][Running/Boot Start]
<\SystemRoot\system32\DRIVERS\jraid.sys><JMicron Technology Corp.>
[Netgroup Packet Filter / NPF][Stopped/Manual Start]
<system32\drivers\npf.sys><CACE Technologies>
[nv / nv][Running/Manual Start]
<system32\DRIVERS\nv4_mini.sys><NVIDIA Corporation>
[Creative OS Services Driver / ossrv][Running/Manual Start]
<system32\drivers\ctoss2k.sys><Creative Technology Ltd.>
[Padus ASPI Shell / pfc][Running/Manual Start]
<system32\drivers\pfc.sys><Padus, Inc.>
[PfModNT / PfModNT][Running/Auto Start]
<\??\C:\WINDOWS\system32\drivers\PfModNT.sys><Creative Technology Ltd.>
[直接平行連接埠連結驅動程式 / Ptilink][Running/Manual Start]
<system32\DRIVERS\ptilink.sys><Parallel Technologies, Inc.>
[PxHelp20 / PxHelp20][Running/Boot Start]
<\SystemRoot\System32\Drivers\PxHelp20.sys><Sonic Solutions>
[Secdrv / Secdrv][Stopped/Manual Start]
<system32\DRIVERS\secdrv.sys><Macrovision Corporation, Macrovision Europe
Limited, and Macrovision Japan and Asia K.K.>
[Creative SoundFont Manager Driver (WDM) / sfman][Stopped/Manual Start]
<system32\drivers\sfmanm.sys><Creative Technology Ltd.>
[sptd / sptd][Running/Boot Start]
<\SystemRoot\System32\Drivers\sptd.sys><N/A>
[NDIS5.1 Miniport Driver for Marvell Yukon Ethernet Controller /
yukonwxp][Running/Manual Start]
<system32\DRIVERS\yk51x86.sys><Marvell>
==================================
流覽器載入項
[FGCatchUrl]
{2F364306-AA45-47B5-9F9D-39A8B94E7EF7} <C:\Program
Files\FlashGet\jccatch.dll, www.flashget.com>
[SSVHelper Class]
{761497BB-D6F0-462C-B6EB-D4DAF1D92D43} <C:\Program
Files\Java\jre1.6.0_07\bin\ssv.dll, (Signed) Sun Microsystems, Inc.>
[FlashGet GetFlash Class]
{F156768E-81EF-470C-9057-481BA8380DBA} <C:\Program
Files\FlashGet\getflash.dll, www.flashget.com>
[Java Plug-in 1.6.0_07]
{08B0E5C0-4FCB-11CF-AAA5-00401C608501} <C:\Program
Files\Java\jre1.6.0_07\bin\ssv.dll, (Signed) Sun Microsystems, Inc.>
[FlashGet]
{D6E814A0-E0C5-11d4-8D29-0050BA6940E3} <C:\Program
Files\FlashGet\FlashGet.exe, FlashGet.com>
[WUWebControl Class]
{6414512B-B978-451D-A0D8-FCFDF33E833C} <C:\WINDOWS\system32\wuweb.dll,
(Signed) Microsoft Corporation>
[Java Plug-in 1.6.0_07]
{8AD9C840-044E-11D1-B3E9-00805F499D93} <C:\Program
Files\Java\jre1.6.0_07\bin\ssv.dll, (Signed) Sun Microsystems, Inc.>
[Java Plug-in 1.6.0_07]
{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} <C:\Program
Files\Java\jre1.6.0_07\bin\ssv.dll, (Signed) Sun Microsystems, Inc.>
[Java Plug-in 1.6.0_07]
{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} <C:\Program
Files\Java\jre1.6.0_07\bin\npjpi160_07.dll, (Signed) Sun Microsystems, Inc.>
[Shockwave Flash Object]
{D27CDB6E-AE6D-11CF-96B8-444553540000}
<C:\WINDOWS\system32\Macromed\Flash\Flash9f.ocx, (Signed) Adobe Systems, Inc.>
[]
{08B0E5C0-4FCB-11CF-AAA5-00401C608501} <, >
[HTML Document]
{25336920-03F9-11CF-8FD0-00AA00686F13} <%SystemRoot%\system32\mshtml.dll,
(Signed) N/A>
[passport 可用指令檔的服務]
{2D2307C8-7DB4-40D6-9100-D52AF4F97A5B} <%SystemRoot%\system32\netplwiz.dll,
(Signed) N/A>
[DHTML Edit Control Safe for Scripting for IE5]
{2D360201-FFF5-11D1-8D03-00A0C959BC0A} <C:\Program Files\Common
Files\Microsoft Shared\Triedit\dhtmled.ocx, (Signed) Microsoft Corporation>
[FGCatchUrl]
{2F364306-AA45-47B5-9F9D-39A8B94E7EF7} <C:\Program
Files\FlashGet\jccatch.dll, www.flashget.com>
[WUWebControl Class]
{6414512B-B978-451D-A0D8-FCFDF33E833C} <C:\WINDOWS\system32\wuweb.dll,
(Signed) Microsoft Corporation>
[SSVHelper Class]
{761497BB-D6F0-462C-B6EB-D4DAF1D92D43} <C:\Program
Files\Java\jre1.6.0_07\bin\ssv.dll, (Signed) Sun Microsystems, Inc.>
[Java Plug-in 1.6.0_07]
{8AD9C840-044E-11D1-B3E9-00805F499D93} <C:\Program
Files\Java\jre1.6.0_07\bin\ssv.dll, (Signed) Sun Microsystems, Inc.>
[Shockwave Flash Object]
{D27CDB6E-AE6D-11CF-96B8-444553540000}
<C:\WINDOWS\system32\Macromed\Flash\Flash9f.ocx, (Signed) Adobe Systems, Inc.>
[]
{D6E814A0-E0C5-11D4-8D29-0050BA6940E3} <, >
[FlashGet GetFlash Class]
{F156768E-81EF-470C-9057-481BA8380DBA} <C:\Program
Files\FlashGet\getflash.dll, www.flashget.com>
[FGAutoLive]
{F90D830D-C175-4bbe-82C7-FF94669A4C42} <C:\Program
Files\FlashGet\fgupdate.dll, www.flashget.com>
[&使用 FlashGet 下載]
<C:\Program Files\FlashGet\jc_link.htm, N/A>
[&使用BitComet下載本頁視訊]
<res://C:\Program Files\BitComet\BitComet.exe/AddVideo.htm, N/A>
[&全部使用 FlashGet 下載]
<C:\Program Files\FlashGet\jc_all.htm, N/A>
[使用BitComet下載全部連結]
<res://C:\Program Files\BitComet\BitComet.exe/AddAllLink.htm, N/A>
[使用BitComet下載連結(&B)]
<res://C:\Program Files\BitComet\BitComet.exe/AddLink.htm, N/A>
==================================
正在運行的進程
[PID: 652 / SYSTEM][\SystemRoot\System32\smss.exe] [Microsoft Corporation,
5.1.2600.5512 (xpsp.080413-2111)]
[PID: 704 / SYSTEM][\??\C:\WINDOWS\system32\csrss.exe] [Microsoft
Corporation, 5.1.2600.5512 (xpsp.080413-2111)]
[PID: 732 / SYSTEM][\??\C:\WINDOWS\system32\winlogon.exe] [Microsoft
Corporation, 5.1.2600.5512 (xpsp.080413-2113)]
[C:\WINDOWS\system32\msacm32.drv] [Microsoft Corporation, 5.1.2600.0
(xpclient.010817-1148)]
[PID: 776 / SYSTEM][C:\WINDOWS\system32\services.exe] [Microsoft
Corporation, 5.1.2600.5512 (xpsp.080413-2111)]
[C:\WINDOWS\AppPatch\AcAdProc.dll] [Microsoft Corporation, 5.1.2600.5512
(xpsp.080413-2105)]
[PID: 788 / SYSTEM][C:\WINDOWS\system32\lsass.exe] [Microsoft Corporation,
5.1.2600.5512 (xpsp.080413-2113)]
[C:\Program Files\NetLimiter\nl_lsp.dll] [N/A, ]
[C:\WINDOWS\system32\nl_msgc.dll] [N/A, ]
[PID: 948 / SYSTEM][C:\WINDOWS\system32\svchost.exe] [Microsoft Corporation,
5.1.2600.5512 (xpsp.080413-2111)]
[PID: 1028 / NETWORK SERVICE][C:\WINDOWS\system32\svchost.exe] [Microsoft
Corporation, 5.1.2600.5512 (xpsp.080413-2111)]
[C:\Program Files\NetLimiter\nl_lsp.dll] [N/A, ]
[C:\WINDOWS\system32\nl_msgc.dll] [N/A, ]
[PID: 1152 / SYSTEM][C:\WINDOWS\System32\svchost.exe] [Microsoft
Corporation, 5.1.2600.5512 (xpsp.080413-2111)]
[C:\Program Files\NetLimiter\nl_lsp.dll] [N/A, ]
[C:\WINDOWS\System32\nl_msgc.dll] [N/A, ]
[PID: 1240 / NETWORK SERVICE][C:\WINDOWS\system32\svchost.exe] [Microsoft
Corporation, 5.1.2600.5512 (xpsp.080413-2111)]
[C:\Program Files\NetLimiter\nl_lsp.dll] [N/A, ]
[C:\WINDOWS\system32\nl_msgc.dll] [N/A, ]
[PID: 1308 / LOCAL SERVICE][C:\WINDOWS\system32\svchost.exe] [Microsoft
Corporation, 5.1.2600.5512 (xpsp.080413-2111)]
[C:\Program Files\NetLimiter\nl_lsp.dll] [N/A, ]
[C:\WINDOWS\system32\nl_msgc.dll] [N/A, ]
[PID: 1392 / SYSTEM][C:\WINDOWS\system32\spoolsv.exe] [Microsoft
Corporation, 5.1.2600.5512 (xpsp.080413-0852)]
[PID: 1908 / Administrator][C:\WINDOWS\Explorer.EXE] [Microsoft Corporation,
6.00.2900.5512 (xpsp.080413-2105)]
[C:\WINDOWS\system32\Amhooker.dll] [A4Tech Co., Ltd., 7.72.0.0]
[C:\Program Files\Panicware\Pop-Up Stopper\DPHOOK32.DLL] [N/A, ]
[C:\WINDOWS\system32\msacm32.drv] [Microsoft Corporation, 5.1.2600.0
(xpclient.010817-1148)]
[PID: 412 / Administrator][C:\Program Files\Creative\SBLive\Surround
Mixer\CTSysVol.exe] [Creative Technology Ltd, 1.3.8.0]
[C:\Program Files\Creative\SBLive\Surround Mixer\CTSysVol.crl] [Creative
Technology Ltd., 1.3.5.0]
[C:\Program Files\Creative\Shared Files\CTTheme.dll] [Creative
Technology Ltd, 2.0.9.0]
[C:\Program Files\Creative\Shared Files\CtrlSrc.dll] [Creative
Technology Ltd, 2.0.9.0]
[C:\Program Files\Creative\Shared Files\CTIniF.dll] [Creative Technology
Ltd, 1.1.0.0]
[C:\Program Files\Creative\Shared Files\GDICtrl.skc] [Creative
Technology Ltd, 2.0.9.0]
[C:\Program Files\Creative\Shared Files\RtxCtrl.skc] [Creative
Technology Ltd, 2.0.9.0]
[C:\Program Files\Creative\Shared Files\mxlib.dll] [Creative Technology
Ltd., 1.00.0.13]
[C:\WINDOWS\system32\msacm32.drv] [Microsoft Corporation, 5.1.2600.0
(xpclient.010817-1148)]
[C:\Program Files\Panicware\Pop-Up Stopper\DPHOOK32.DLL] [N/A, ]
[PID: 428 / Administrator][C:\Program
Files\Creative\SBLive\DVDAudio\CTDVDDET.EXE] [Creative Technology Ltd,
1.0.3.0]
[C:\Program Files\Creative\Shared Files\CTAudNav.DLL] [Creative
Technology Ltd, 2, 0, 0, 13]
[C:\Program Files\Panicware\Pop-Up Stopper\DPHOOK32.DLL] [N/A, ]
[PID: 528 / SYSTEM][C:\WINDOWS\ATKKBService.exe] [ASUSTeK COMPUTER INC., 1,
0, 1, 0]
[PID: 540 / SYSTEM][C:\Program Files\StormII\stormliv.exe] [北京暴?网?科技有
限公司, 3, 8, 3, 1]
[C:\Program Files\StormII\MSVCP60.dll] [Microsoft Corporation,
6.02.3104.0]
[C:\Program Files\NetLimiter\nl_lsp.dll] [N/A, ]
[C:\WINDOWS\system32\nl_msgc.dll] [N/A, ]
[PID: 572 / SYSTEM][C:\WINDOWS\system32\CTsvcCDA.exe] [Creative Technology
Ltd, 1.0.1.0]
[PID: 576 / Administrator][C:\WINDOWS\system32\RUNDLL32.EXE] [Microsoft
Corporation, 5.1.2600.5512 (xpsp.080413-2105)]
[C:\WINDOWS\system32\NvMcTray.dll] [NVIDIA Corporation, 6.14.10.9147]
[C:\WINDOWS\system32\nvapi.dll] [N/A, ]
[C:\Program Files\Panicware\Pop-Up Stopper\DPHOOK32.DLL] [N/A, ]
[C:\WINDOWS\system32\NVRSZHT.DLL] [NVIDIA Corporation, 6.14.10.9147]
[PID: 692 / Administrator][C:\Program Files\Win2\Mouse\Amoumain.exe] [A4Tech
Co., Ltd., 7.66.0.0]
[C:\WINDOWS\system32\Amhooker.dll] [A4Tech Co., Ltd., 7.72.0.0]
[C:\WINDOWS\system32\msacm32.drv] [Microsoft Corporation, 5.1.2600.0
(xpclient.010817-1148)]
[C:\Program Files\Win2\Mouse\Amoures.dll] [A4Tech Co.,Ltd., 7.72.0.0]
[C:\Program Files\Panicware\Pop-Up Stopper\DPHOOK32.DLL] [N/A, ]
[PID: 696 / SYSTEM][C:\WINDOWS\system32\nvsvc32.exe] [NVIDIA Corporation,
6.14.10.9147]
[C:\WINDOWS\system32\nvapi.dll] [N/A, ]
[PID: 376 / Administrator][C:\Program Files\NetLimiter\NetLimiter.exe]
[LockTime, 1.29]
[C:\WINDOWS\system32\nl_msgs.dll] [N/A, ]
[C:\Program Files\NetLimiter\SPORDER.dll] [Microsoft Corporation,
5.00.2134.1]
[C:\Program Files\Panicware\Pop-Up Stopper\DPHOOK32.DLL] [N/A, ]
[PID: 712 / Administrator][C:\Program Files\Panicware\Pop-Up
Stopper\dpps2.exe] [PanicWare, 1, 0, 0, 1]
[C:\Program Files\Panicware\Pop-Up Stopper\DPHOOK32.DLL] [N/A, ]
[PID: 752 / Administrator][C:\WINDOWS\system32\sdphost.exe] [N/A, ]
[C:\WINDOWS\system32\wpcap.dll] [CACE Technologies, 4.0.0.901]
[C:\WINDOWS\system32\packet.dll] [CACE Technologies, 4.0.0.901]
[C:\Program Files\Panicware\Pop-Up Stopper\DPHOOK32.DLL] [N/A, ]
[C:\Program Files\NetLimiter\nl_lsp.dll] [N/A, ]
[C:\WINDOWS\system32\nl_msgc.dll] [N/A, ]
[PID: 976 / SYSTEM][C:\Program Files\Alcohol Soft\Alcohol
120\StarWind\StarWindServiceAE.exe] [Rocket Division Software, 3.2.3 Build
20070527]
[C:\Program Files\NetLimiter\nl_lsp.dll] [N/A, ]
[C:\WINDOWS\system32\nl_msgc.dll] [N/A, ]
[PID: 1276 / LOCAL SERVICE][C:\WINDOWS\system32\wdfmgr.exe] [Microsoft
Corporation, 5.2.3790.1230 built by: dnsrv(bld4act)]
[PID: 1716 / SYSTEM][C:\WINDOWS\system32\MsPMSPSv.exe] [Microsoft
Corporation, 7.00.00.1954]
[PID: 1720 / Administrator][C:\Program
Files\Java\jre1.6.0_07\bin\jusched.exe] [Sun Microsystems, Inc., 6.0.70.6]
[C:\Program Files\Panicware\Pop-Up Stopper\DPHOOK32.DLL] [N/A, ]
[PID: 348 / Administrator][C:\WINDOWS\system32\ctfmon.exe] [Microsoft
Corporation, 5.1.2600.5512 (xpsp.080413-2105)]
[C:\Program Files\Panicware\Pop-Up Stopper\DPHOOK32.DLL] [N/A, ]
[PID: 160 / Administrator][C:\Program Files\ViewMate Desktop Keyboard
KC207\MagicKey.exe] [N/A, ]
[C:\Program Files\ViewMate Desktop Keyboard KC207\WDAccess.dll] [N/A, ]
[C:\Program Files\Panicware\Pop-Up Stopper\DPHOOK32.DLL] [N/A, ]
[C:\Program Files\ViewMate Desktop Keyboard KC207\WTMenu.dll] [N/A, ]
[C:\Program Files\ViewMate Desktop Keyboard KC207\WTInter.dll] [N/A, ]
[C:\Program Files\ViewMate Desktop Keyboard KC207\MediaCtl.dll] [N/A, ]
[C:\Program Files\ViewMate Desktop Keyboard KC207\WTSystem.dll] [N/A, ]
[C:\Program Files\ViewMate Desktop Keyboard KC207\OffiCtrl.dll] [N/A, ]
[PID: 260 / Administrator][C:\Program Files\ViewMate Desktop Keyboard
KC207\OSD.EXE] [WayTech Development, Inc., 2, 0, 0, 0]
[C:\Program Files\Panicware\Pop-Up Stopper\DPHOOK32.DLL] [N/A, ]
[C:\Program Files\ViewMate Desktop Keyboard KC207\WTBTNRES.dll] [N/A, ]
[PID: 2080 / LOCAL SERVICE][C:\WINDOWS\System32\alg.exe] [Microsoft
Corporation, 5.1.2600.5512 (xpsp.080413-0852)]
[C:\Program Files\NetLimiter\nl_lsp.dll] [N/A, ]
[C:\WINDOWS\System32\nl_msgc.dll] [N/A, ]
[PID: 2088 / SYSTEM][C:\WINDOWS\system32\wbem\wmiprvse.exe] [Microsoft
Corporation, 5.1.2600.5512 (xpsp.080413-2108)]
[PID: 2156 / Administrator][C:\WINDOWS\system32\wscntfy.exe] [Microsoft
Corporation, 5.1.2600.5512 (xpsp.080413-2108)]
[C:\Program Files\Panicware\Pop-Up Stopper\DPHOOK32.DLL] [N/A, ]
[PID: 3544 / Administrator][D:\Downloads\sreng2\SREngLdr.EXE] [Smallfrogs
Studio, 2.6.12.1018]
[PID: 3552 / Administrator][D:\Downloads\sreng2\SRE974078d5.EXE] [Smallfrogs
Studio, 2.6.12.1018]
[D:\Downloads\sreng2\Lang\1028.DLL] [System Repair Engineer, 2.6.12.1018]
[C:\Program Files\Panicware\Pop-Up Stopper\DPHOOK32.DLL] [N/A, ]
[D:\Downloads\sreng2\Upload\3rdUpd.DLL] [Smallfrogs Studio, 2, 1, 0, 15]
[C:\WINDOWS\system32\Amhooker.dll] [A4Tech Co., Ltd., 7.72.0.0]
[C:\Program Files\NetLimiter\nl_lsp.dll] [N/A, ]
[C:\WINDOWS\system32\nl_msgc.dll] [N/A, ]
==================================
文件關聯
.TXT OK. [%SystemRoot%\system32\NOTEPAD.EXE %1]
.EXE OK. ["%1" %*]
.COM OK. ["%1" %*]
.PIF OK. ["%1" %*]
.REG OK. [regedit.exe "%1"]
.BAT OK. ["%1" %*]
.SCR OK. ["%1" /S]
.CHM OK. ["C:\WINDOWS\hh.exe" %1]
.HLP OK. [%SystemRoot%\System32\winhlp32.exe %1]
.INI OK. [%SystemRoot%\System32\NOTEPAD.EXE %1]
.INF OK. [%SystemRoot%\System32\NOTEPAD.EXE %1]
.VBS OK. [%SystemRoot%\System32\WScript.exe "%1" %*]
.JS OK. [%SystemRoot%\System32\WScript.exe "%1" %*]
.LNK OK. [{00021401-0000-0000-C000-000000000046}]
==================================
Winsock 提供者
NL MSAFD Tcpip [TCP/IP]
C:\Program Files\NetLimiter\nl_lsp.dll(, N/A)
NL MSAFD Tcpip [UDP/IP]
C:\Program Files\NetLimiter\nl_lsp.dll(, N/A)
NL MSAFD Tcpip [RAW/IP]
C:\Program Files\NetLimiter\nl_lsp.dll(, N/A)
NL RSVP UDP Service Provider
C:\Program Files\NetLimiter\nl_lsp.dll(, N/A)
NL RSVP TCP Service Provider
C:\Program Files\NetLimiter\nl_lsp.dll(, N/A)
NL LSP
C:\Program Files\NetLimiter\nl_lsp.dll(, N/A)
==================================
Autorun.inf
N/A
==================================
HOSTS 文件
N/A
==================================
進程特權掃描
特殊特權被允許: SeLoadDriverPrivilege [PID = 412, C:\PROGRAM
FILES\CREATIVE\SBLIVE\SURROUND MIXER\CTSYSVOL.EXE]
特殊特權被允許: SeLoadDriverPrivilege [PID = 428, C:\PROGRAM
FILES\CREATIVE\SBLIVE\DVDAUDIO\CTDVDDET.EXE]
特殊特權被允許: SeLoadDriverPrivilege [PID = 692, C:\PROGRAM
FILES\WIN2\MOUSE\AMOUMAIN.EXE]
特殊特權被允許: SeDebugPrivilege [PID = 376, C:\PROGRAM
FILES\NETLIMITER\NETLIMITER.EXE]
特殊特權被允許: SeLoadDriverPrivilege [PID = 376, C:\PROGRAM
FILES\NETLIMITER\NETLIMITER.EXE]
特殊特權被允許: SeLoadDriverPrivilege [PID = 712, C:\PROGRAM
FILES\PANICWARE\POP-UP STOPPER\DPPS2.EXE]
特殊特權被允許: SeLoadDriverPrivilege [PID = 752,
C:\WINDOWS\SYSTEM32\SDPHOST.EXE]
特殊特權被允許: SeLoadDriverPrivilege [PID = 160, C:\PROGRAM FILES\VIEWMATE
DESKTOP KEYBOARD KC207\MAGICKEY.EXE]
特殊特權被允許: SeLoadDriverPrivilege [PID = 260, C:\PROGRAM FILES\VIEWMATE
DESKTOP KEYBOARD KC207\OSD.EXE]
特殊特權被允許: SeLoadDriverPrivilege [PID = 3544,
D:\DOWNLOADS\SRENG2\SRENGLDR.EXE]
==================================
API HOOK
N/A
==================================
隱藏進程
N/A
==================================
[/CODE]
掃毒報告 : 因為沒有掃到毒, 所以掃毒報告是空白...
--
※ 發信站: 批踢踢實業坊(ptt.cc)
◆ From: 220.139.55.145
推
08/28 01:32, , 1F
08/28 01:32, 1F
→
08/28 01:46, , 2F
08/28 01:46, 2F
推
08/28 02:30, , 3F
08/28 02:30, 3F
→
08/28 16:33, , 4F
08/28 16:33, 4F
→
08/28 16:35, , 5F
08/28 16:35, 5F
→
08/28 17:07, , 6F
08/28 17:07, 6F