And the second half...
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Logitech Desktop Messenger.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Logitech Desktop Messenger.lnk
backup=c:\windows\pss\Logitech Desktop Messenger.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Microsoft Office.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Microsoft Office.lnk
backup=c:\windows\pss\Microsoft Office.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^MyWebSearch Email Plugin.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\MyWebSearch Email Plugin.lnk
backup=c:\windows\pss\MyWebSearch Email Plugin.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Spy Sweeper Fix.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Spy Sweeper Fix.lnk
backup=c:\windows\pss\Spy Sweeper Fix.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^SpySubtract.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\SpySubtract.lnk
backup=c:\windows\pss\SpySubtract.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Updates from HP.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Updates from HP.lnk
backup=c:\windows\pss\Updates from HP.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^jack2^Start Menu^Programs^Startup^PPS.lnk]
path=c:\documents and settings\jack2\Start Menu\Programs\Startup\PPS.lnk
backup=c:\windows\pss\PPS.lnkStartup
[HKLM\~\startupfolder\C:^Startup^PPS.lnk]
path=c:\startup\PPS.lnk
backup=c:\windows\pss\PPS.lnkStartup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\combofix]
c:\combofix\CF14116.cfxxe [X]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UserFaultCheck]
c:\windows\system32\dumprep 0 -u [X]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
2008-01-12 02:16 39792 -c--a-w- c:\program files\Adobe\Reader 8.0\Reader\reader_sl.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AdobeUpdater]
2007-03-01 14:37 2321600 ----a-r- c:\program files\Common Files\Adobe\Updater5\AdobeUpdater.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ANIWZCS2Service]
2004-12-16 21:49 49152 -c--a-w- c:\program files\ANI\ANIWZCS2 Service\WZCSLDR2.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BitTorrent DNA]
2010-01-23 18:56 323392 ----a-w- c:\program files\DNA\btdna.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]
2008-04-14 00:12 15360 ------w- c:\windows\system32\ctfmon.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\D-Link AirPlus XtremeG]
2005-03-28 18:25 1011712 -c--a-w- c:\program files\D-Link\AirPlus XtremeG\AirPlusCFG.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ehTray]
2004-08-10 18:04 59392 -c--a-w- c:\windows\ehome\ehtray.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Update]
2010-02-01 04:46 135664 ----atw- c:\documents and settings\jack2\Local Settings\Application Data\Google\Update\GoogleUpdate.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\High Definition Audio Property Page Shortcut]
2004-03-18 06:10 61952 ----a-w- c:\windows\system32\Hdaudpropshortcut.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HotKeysCmds]
2004-12-01 17:55 126976 -c--a-w- c:\windows\system32\hkcmd.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HPBootOp]
2005-02-26 05:34 245760 -c--a-w- c:\program files\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HPHmon06]
2004-06-07 18:42 659456 -c--a-w- c:\windows\system32\hphmon06.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IMEKRMIG6.1]
2004-08-10 12:00 44032 -c--a-w- c:\windows\ime\imkr6_1\imekrmig.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IMJPMIG8.1]
2004-08-10 12:00 208952 -c--a-w- c:\windows\ime\imjp8_1\imjpmig.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSPM Startup]
2004-07-28 06:50 221184 -c--a-w- c:\progra~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSScheduler]
2004-07-28 06:50 81920 -c--a-w- c:\progra~1\COMMON~1\INSTAL~1\UPDATE~1\issch.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
2009-01-06 18:06 290088 -c--a-w- c:\program files\iTunes\iTunesHelper.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogitechCommunicationsManager]
2006-06-26 14:46 497200 -c--a-w- c:\program files\Common Files\Logitech\LComMgr\Communications_Helper.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogitechQuickCamRibbon]
2006-06-26 15:34 614960 -c--a-w- c:\program files\Logitech\QuickCam10\QuickCam10.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LSBWatcher]
2004-10-14 20:54 253952 -c--a-w- c:\hp\drivers\hplsbwatcher\LSBurnWatcher.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\msnmsgr]
2009-07-26 21:44 3883856 ----a-w- c:\program files\Windows Live\Messenger\msnmsgr.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSPY2002]
2004-08-10 12:00 59392 -c--a-w- c:\windows\system32\IME\PINTLGNT\IMSCINST.EXE
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Pando Media Booster]
2010-01-20 18:00 2937528 ----a-w- c:\program files\Pando Networks\Media Booster\PMB.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PHIME2002A]
2004-08-10 12:00 455168 -c--a-w- c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PHIME2002ASync]
2004-08-10 12:00 455168 -c--a-w- c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ppdvdsomovie]
2005-09-08 19:58 683008 ----a-w- c:\progra~1\PPDVDS~1\Client.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PPS Accelerator]
2009-07-22 08:14 210312 ----a-w- c:\program files\PPStream\PPSAP.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2009-01-05 21:18 413696 ----a-w- c:\program files\QuickTime\QTTask.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\stup.exe]
2008-11-24 16:02 177480 -c--a-w- c:\progra~1\Tencent\SSPlus\SPlus1.dll
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]
2007-05-21 23:39 68856 ----a-w- c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
2005-04-28 14:13 180269 -c--a-w- c:\program files\Common Files\Real\Update_OB\realsched.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"msnmsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" /background
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Updates from HP\\309731\\Program\\Updates from HP.exe"=
"c:\\Program Files\\ppdvdsomovie\\Client.exe"=
"c:\\Program Files\\Logitech\\Desktop Messenger\\8876480\\Program\\LogitechDesktopMessenger.exe"=
"c:\\Nexon\\MapleStory\\MapleStory.exe"=
"c:\\Documents and Settings\\All Users\\Application Data\\NexonUS\\NGM\\NGM.exe"=
"c:\\WINDOWS\\Downloaded Program Files\\PurpleBean.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\softnyx\\WolfTeam\\Wolfteam.bin"=
"c:\\Program Files\\Java\\jre1.5.0\\bin\\javaw.exe"=
"c:\\WINDOWS\\system32\\java.exe"=
"c:\\Program Files\\PPStream\\PPStream.exe"=
"c:\\Program Files\\PPStream\\PPSAP.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"c:\\Program Files\\PPStream\\update\\ppstreamsetup-update090811.exe"=
"c:\\Nexon\\DFO\\DFO.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Windows Live\\Sync\\WindowsLiveSync.exe"=
"c:\\Documents and Settings\\All Users\\Application Data\\NexonJP\\NGM\\NGM.exe"=
"c:\\Program Files\\Pando Networks\\Media Booster\\PMB.exe"=
"c:\\Documents and Settings\\jack2\\Local Settings\\Application Data\\Kamuse\\KCSTrayDownloader\\KCSTrayDownloaderEngine.exe"=
"c:\\WINDOWS\\Downloaded Program Files\\ijjiOptimizer.exe"=
"c:\\Program Files\\DNA\\btdna.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpofxm08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposfx08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqcopy.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpfccopy.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpzwiz01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqPhUnl.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpiscnapp.exe"=
"c:\\Program Files\\Common Files\\HP\\Digital Imaging\\bin\\hpqPhotoCrm.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqpsapp.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpofxs08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqpse.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqsudi.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqgplgtupl.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqgpc01.exe"=
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"57321:TCP"= 57321:TCP
ando Media Booster
"57321:UDP"= 57321:UDP
ando Media Booster
"58315:TCP"= 58315:TCP
ando Media Booster
"58315:UDP"= 58315:UDP
ando Media Booster
"57433:TCP"= 57433:TCP
ando Media Booster
"57433:UDP"= 57433:UDP
ando Media Booster
"56143:TCP"= 56143:TCP
ando Media Booster
"56143:UDP"= 56143:UDP
ando Media Booster
"58944:TCP"= 58944:TCP
ando Media Booster
"58944:UDP"= 58944:UDP
ando Media Booster
R0 sptd;sptd;c:\windows\system32\drivers\sptd.sys [22/10/2006 8:24 PM 611064]
R1 ADProt;ADProt;c:\windows\system32\drivers\AdProt.sys [07/10/2008 9:59 PM 47424]
R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [29/01/2010 4:38 PM 162512]
R2 Akamai;Akamai NetSession Interface;c:\windows\System32\svchost.exe -k Akamai [10/08/2004 8:00 AM 14336]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [29/01/2010 4:38 PM 19024]
S0 00;00;\SystemRoot\\SystemRoot\System32\drivers\150109.sys --> \SystemRoot\\SystemRoot\System32\drivers\150109.sys [?]
S0 kjpgojod;kjpgojod;\SystemRoot\\SystemRoot\System32\drivers\kjpgojod.sys --> \SystemRoot\\SystemRoot\System32\drivers\kjpgojod.sys [?]
S1 oreans32;oreans32;\??\c:\windows\system32\drivers\oreans32.sys --> c:\windows\system32\drivers\oreans32.sys [?]
S2 CnsStd;CnsStd;c:\windows\system32\drivers\CnsStd.sys --> c:\windows\system32\drivers\CnsStd.sys [?]
S3 A3AB;D-Link AirPro 802.11a/b Wireless Adapter Service(A3AB);c:\windows\system32\drivers\A3AB.sys [22/03/2005 7:17 PM 450400]
S3 libusb0;LibUsb-Win32 - Kernel Driver, Version 0.1.12.1;c:\windows\system32\drivers\libusb0.sys [13/02/2009 8:54 PM 28672]
S3 mjmdkjjg;mjmdkjjg;c:\windows\system32\drivers\mjmdkjjg.sys --> c:\windows\system32\drivers\mjmdkjjg.sys [?]
S3 npggsvc;nProtect GameGuard Service;c:\windows\system32\GameMon.des -service --> c:\windows\system32\GameMon.des -service [?]
S3 RSC4_A02;U.S. Robotics Wireless USB Adapter Driver;c:\windows\system32\DRIVERS\RSC4USB.sys --> c:\windows\system32\DRIVERS\RSC4USB.sys [?]
S3 vaxscsi;vaxscsi;c:\windows\system32\drivers\vaxscsi.sys [22/10/2006 8:30 PM 223128]
S3 vtany;vtany;\??\c:\windows\vtany.sys --> c:\windows\vtany.sys [?]
S3 WLAN(WLAN);802.11b+g USB Wireless LAN Adapter Driver(WLAN);c:\windows\system32\drivers\ZD1211U.sys [30/08/2008 1:37 PM 258560]
S3 XDva280;XDva280;\??\c:\windows\system32\XDva280.sys --> c:\windows\system32\XDva280.sys [?]
S3 XDva281;XDva281;\??\c:\windows\system32\XDva281.sys --> c:\windows\system32\XDva281.sys [?]
S3 XDva321;XDva321;\??\c:\windows\system32\XDva321.sys --> c:\windows\system32\XDva321.sys [?]
S3 XDva323;XDva323;\??\c:\windows\system32\XDva323.sys --> c:\windows\system32\XDva323.sys [?]
S3 XDva326;XDva326;\??\c:\windows\system32\XDva326.sys --> c:\windows\system32\XDva326.sys [?]
S3 XDva327;XDva327;\??\c:\windows\system32\XDva327.sys --> c:\windows\system32\XDva327.sys [?]
S3 XDva328;XDva328;\??\c:\windows\system32\XDva328.sys --> c:\windows\system32\XDva328.sys [?]
S3 XDva336;XDva336;\??\c:\windows\system32\XDva336.sys --> c:\windows\system32\XDva336.sys [?]
S3 xhunter1;xhunter1;\??\c:\windows\xhunter1.sys --> c:\windows\xhunter1.sys [?]
S3 ZDBRGSYS;ZDBRGSYS NDIS Protocol Driver;c:\windows\system32\ZDBRGSYS.sys [30/08/2008 1:37 PM 19200]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
Akamai REG_MULTI_SZ Akamai
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
.
‘計劃任務’ 文件夾 裡的內容
2010-03-16 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-94559790-4212774689-147331247-1014Core.job
- c:\documents and settings\jack2\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2010-02-01 04:46]
2010-03-17 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-94559790-4212774689-147331247-1014UA.job
- c:\documents and settings\jack2\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2010-02-01 04:46]
2010-03-17 c:\windows\Tasks\Scheduled Update for Ask Toolbar.job
- c:\program files\Ask.com\UpdateTask.exe [2009-11-18 23:40]
.
.
------- 而外的掃描 -------
.
uInternet Connection Wizard,ShellNext = iexplore
uInternet Settings,ProxyOverride = *.local
IE: E&xport to Microsoft Excel - c:\progra~1\MI1933~1\Office12\EXCEL.EXE/3000
IE: {{507F9113-CD77-4866-BA92-0E86DA3D0B97} -
http://cn.zs.yahoo.com/cnsbutton.htm?source=cns&btn=yahoomail
IE: {{59BC54A2-56B3-44a0-93E5-432D58746E26} -
http://adtaobao.allyes.com/main/adf...obao.com/vertical/mall/pro.php?allyesPara=816
IE: {{5D73EE86-05F1-49ed-B850-E423120EC338} -
http://cn.zs.yahoo.com/cnsbutton.htm?source=cns&btn=yassist
IE: {{6354ABE6-05F1-49ed-B850-E423120EC338} -
http://cn.widget.yahoo.com/index.htm?source=Cns
IE: {{6FDD5236-C9F0-49ef-935D-385F5E21991A} - c:\program files\Poker.com\poker.exe
IE: {{ECF2E268-F28C-48d2-9AB7-8F69C11CCB71} -
http://cn.zs.yahoo.com/cnsbutton.htm?source=cns&btn=repair
IE: {{FD00D911-7529-4084-9946-A29F1BDF4FE5} -
http://cn.zs.yahoo.com/cnsbutton.htm?source=cns&btn=clean
Handler: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - c:\program files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
DPF: {8E9089E1-0461-4F60-8150-1E334629ABB7} - hxxp://webdown2.nexon.co.jp/arad/real/installer/arad_dis.cab
FF - ProfilePath - c:\documents and settings\jack2\Application Data\Mozilla\Firefox\Profiles\5je3a9ja.default\
FF - prefs.js: browser.search.defaulturl - hxxp://www.bing.com/search?FORM=IEFM1&q=
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://www.google.ca/firefox
FF - prefs.js: keyword.URL - hxxp://ca.yhs.search.yahoo.com/avg/search?fr=yhs-avg&type=yahoo_avg_hs2-tb-web_ca&p=
FF - plugin: c:\documents and settings\All Users\Application Data\NexonJP\NGM\npNxGameJP.dll
FF - plugin: c:\documents and settings\All Users\Application Data\NexonUS\NGM\npNxGameUS.dll
FF - plugin: c:\documents and settings\jack2\Local Settings\Application Data\Google\Update\1.2.183.17\npGoogleOneClick8.dll
FF - plugin: c:\program files\Microsoft\Office Live\npOLW.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npijjiautoinstallpluginff.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npPandoWebInst.dll
FF - plugin: c:\program files\Windows Live\Photo Gallery\NPWLPG.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
---- 火狐配置文件 ----
FF - user.js: network.http.max-persistent-connections-per-server - 4
FF - user.js: nglayout.initialpaint.delay - 600
FF - user.js: content.notify.interval - 600000
FF - user.js: content.max.tokenizing.time - 1800000
FF - user.js: content.switch.threshold - 600000
c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_colors", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_popup_windows", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.enable_click_image_resizing", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("accessibility.browsewithcaret_shortcut.enabled", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("javascript.options.mem.high_water_mark", 32);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("javascript.options.mem.gc_frequency", 1600);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("svg.smil.enabled", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.trackpoint_hack.enabled", -1);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.debug", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.agedWeight", 2);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.bucketSize", 1);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.maxTimeGroupings", 25);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.timeGroupingSize", 604800);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.boundaryWeight", 25);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.prefixWeight", 5);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("html5.enable", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("app.update.download.backgroundInterval", 600);
c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("app.update.url.manual", "http://www.firefox.com");
c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-ja", "mozff");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add", "addons.mozilla.org");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add.36", "getpersonas.com");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("lightweightThemes.update.enabled", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.allTabs.previews", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.hide_infobar_for_outdated_plugin", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("toolbar.customization.usesheet", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.enable", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.max", 20);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.cachetime", 20);
.
.
------- 文件類型 -------
.
txtfile=c:\windows\notepad.exe %1
.
- - - - ORPHANS REMOVED - - - -
URLSearchHooks-CFBFAE00-17A6-11D0-99CB-00C04FD64497} - (no file)
URLSearchHooks-da21bd13-ca22-42e3-a071-98f08f1ca1e7} - (no file)
URLSearchHooks-0A6FAF6-072E-44cf-8957-5838F569A31D} - (no file)
Toolbar-{CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file)
WebBrowser-{CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file)
MSConfigStartUp-ares - c:\program files\Ares\Ares.exe
MSConfigStartUp-AVG8_TRAY - c:\progra~1\AVG\AVG8\avgtray.exe
MSConfigStartUp-avgnt - c:\program files\Avira\AntiVir Desktop\avgnt.exe
MSConfigStartUp-ccApp - c:\program files\Common Files\Symantec Shared\ccApp.exe
MSConfigStartUp-helper - c:\progra~1\3721\helper.dll
MSConfigStartUp-IMSCMIG40W - c:\progra~1\COMMON~1\MICROS~1\IME\IMSC40W\IMSCMIG.EXE
MSConfigStartUp-MyWebSearch Email Plugin - c:\progra~1\MYWEBS~1\bar\2.bin\mwsoemon.exe
MSConfigStartUp-seek mess - c:\docume~1\LOCALS~1\APPLIC~1\ONEFOU~1\DeafLess.exe
MSConfigStartUp-SunJavaUpdateSched - c:\program files\Java\jre6\bin\jusched.exe
MSConfigStartUp-yassistse - c:\progra~1\Yahoo!\Assistant\yassistse.exe
MSConfigStartUp-YLive - c:\progra~1\Yahoo!\ASSIST~1\YLive.exe
AddRemove-Kos (usa) - c:\kos\Uninstall.exe
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer,
http://www.gmer.net
Rootkit scan 2010-03-17 13:39
Windows 5.1.2600 Service Pack 3 NTFS
掃描被隱藏的進程 ...
掃描被隱藏的啟動組 ...
掃描被隱藏的文件 ...
掃描完成
被隱藏的檔案: 0
**************************************************************************
Stealth MBR rootkit/Mebroot/Sinowal detector 0.3.7 by Gmer,
http://www.gmer.net
device: opened successfully
user: MBR read successfully
called modules: ntkrnlpa.exe CLASSPNP.SYS disk.sys atapi.sys sptd.sys hal.dll >>UNKNOWN [0x8318473C]<<
kernel: MBR read successfully
detected MBR rootkit hooks:
\Driver\Disk -> CLASSPNP.SYS @ 0xf8527f28
\Driver\ACPI -> ACPI.sys @ 0xf82dacb8
\Driver\atapi -> atapi.sys @ 0xf826fb40
IoDeviceObjectType -> ParseProcedure -> ntkrnlpa.exe @ 0x80577c84
SecurityProcedure -> ntkrnlpa.exe @ 0x80579208
\Device\Harddisk0\DR0 -> ParseProcedure -> ntkrnlpa.exe @ 0x80577c84
SecurityProcedure -> ntkrnlpa.exe @ 0x80579208
NDIS: -> SendCompleteHandler -> 0x0
PacketIndicateHandler -> 0x0
SendHandler -> 0x0
user & kernel MBR OK
**************************************************************************
[HKEY_LOCAL_MACHINE\System\ControlSet002\Services\npggsvc]
"ImagePath"="c:\windows\system32\GameMon.des -service"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\Q*Q*矏苓]
"SlowInfoCache"=hex:28,02,00,00,00,00,00,00,ff,ff,ff,ff,ff,ff,ff,ff,00,00,00,
00,00,00,00,00,ff,ff,ff,ff,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
"Changed"=dword:00000000
[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\Q*Q*?Ar]
"SlowInfoCache"=hex:28,02,00,00,00,00,00,00,ff,ff,ff,ff,ff,ff,ff,ff,00,00,00,
00,00,00,00,00,ff,ff,ff,ff,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
"Changed"=dword:00000000
[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Uninstall\Q*Q*矏苓]
"DisplayName"="QQ直播"
"DisplayIcon"="\"c:\\Program Files\\Tencent\\\\QQLive\\QQLive.exe\""
"UninstallString"="\"c:\\Program Files\\Tencent\\\\QQLive\\uninstQQLive.exe\""
[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Uninstall\Q*Q*?Ar]
"DisplayName"="QQ蚔牁"
"UninstallString"="c:\\Program Files\\Tencent\\QQGame\\Uninstall.EXE"
.
--------------------- 運行進程下的動態鏈接庫 ---------------------
- - - - - - - > 'explorer.exe'(6472)
c:\windows\system32\WININET.dll
c:\program files\Common Files\Logitech\LVMVFM\LVPrcInj.dll
c:\windows\system32\ieframe.dll
c:\windows\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.3053_x-ww_b80fa8ca\MSVCR80.dll
c:\program files\HP\Digital Imaging\bin\HPDTLK02.dll
c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
c:\program files\Common Files\Adobe\Acrobat\ActiveX\PDFShell.dll
.
------------------------ 其他運行進程 ------------------------
.
c:\program files\Alwil Software\Avast5\AvastSvc.exe
c:\program files\common files\logitech\lvmvfm\LVPrcSrv.exe
c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
c:\program files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\windows\eHome\ehRecvr.exe
c:\windows\eHome\ehSched.exe
c:\program files\Canon\IJPLM\IJPLMSVC.EXE
c:\program files\Java\jre6\bin\jqs.exe
c:\windows\system32\conime.exe
c:\program files\Common Files\LightScribe\LSSrvc.exe
c:\program files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
c:\program files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
c:\windows\system32\dllhost.exe
.
**************************************************************************
.
完成時間: 2010-03-17 13:45:45 - 電腦已重新啟動
ComboFix-quarantined-files.txt 2010-03-17 17:45
Pre-Run: 121,202,376,704 bytes free
Post-Run: 121,459,867,648 bytes free
Current=2 Default=2 Failed=3 LastKnownGood=5 Sets=,1,2,3,4,5
- - End Of File - - 6915F62A00259CF9364209D0AD65528D
