作者evilnox (交女友不如養隻狗)
看板AntiVirus
標題Re: [中毒] 桌面有問題及cpu衝到100%
時間Wed Jun 4 12:36:32 2008
※ 引述《junorn (威廉華勒斯)》之銘言:
: 你下載
: http://sylovanas.myweb.hinet.net/EFix/Beta/EFix4671.exe
: 下載到桌面之後執行
: 執行完之後會跳文字檔案
: 將文字檔案內容貼上來。
: P.S:這是EFix 4.67 beta版
: 檔案大小大概在817k到820k之間
: 如果不是的話請重新下載,Hinet空間不穩定
http://kotuha.com/file/s85fr-log.html LOG在這裡
2008-06-04 12:33:00.37
**** system report by EFix Ver. 4.67 ****
Microsoft Windows XP [版本 5.1.2600] Service Pack 2
=======================================================
EFix刪除的檔案列表:
C:\WINDOWS\system32\ptshell.dll
=======================================================
delete drivers:
....\service\msp2p32
....\enum\root\legacy_msp2p32
....\service\zftp
EFix刪除的登錄值列表:
[hklm\software\microsoft\windows nt\currentversion\windows]
"appinit_dlls"=""
=======================================================
EFix刪除的檔案備份位置列表:
C:\autorun.inf => C:\NEFix\backup\files\C\autorun.inf
C:\ntdelect.com => C:\NEFix\backup\files\C\ntdelect.com
C:\WINDOWS\system32\anistio.dll =>
C:\NEFix\backup\files\C\WINDOWS\system32\anistio.dll
C:\WINDOWS\system32\dionpis.dll =>
C:\NEFix\backup\files\C\WINDOWS\system32\dionpis.dll
C:\WINDOWS\system32\ff.exe => C:\NEFix\backup\files\C\WINDOWS\system32\ff.exe
C:\WINDOWS\system32\fmsiocps.dll =>
C:\NEFix\backup\files\C\WINDOWS\system32\fmsiocps.dll
C:\WINDOWS\system32\hefcndy.dll =>
C:\NEFix\backup\files\C\WINDOWS\system32\hefcndy.dll
C:\WINDOWS\system32\kavo.exe =>
C:\NEFix\backup\files\C\WINDOWS\system32\kavo.exe
C:\WINDOWS\system32\kavo0.dll =>
C:\NEFix\backup\files\C\WINDOWS\system32\kavo0.dll
C:\WINDOWS\system32\kavo1.dll =>
C:\NEFix\backup\files\C\WINDOWS\system32\kavo1.dll
C:\WINDOWS\system32\msoscqit.dat =>
C:\NEFix\backup\files\C\WINDOWS\system32\msoscqit.dat
C:\WINDOWS\system32\msosdohs.dat =>
C:\NEFix\backup\files\C\WINDOWS\system32\msosdohs.dat
C:\WINDOWS\system32\msosdohs00.dll =>
C:\NEFix\backup\files\C\WINDOWS\system32\msosdohs00.dll
C:\WINDOWS\system32\msosmhfp.dat =>
C:\NEFix\backup\files\C\WINDOWS\system32\msosmhfp.dat
C:\WINDOWS\system32\msosmhfp00.dll =>
C:\NEFix\backup\files\C\WINDOWS\system32\msosmhfp00.dll
C:\WINDOWS\system32\nicozftp.dat =>
C:\NEFix\backup\files\C\WINDOWS\system32\nicozftp.dat
C:\WINDOWS\system32\nicozftp00.dll =>
C:\NEFix\backup\files\C\WINDOWS\system32\nicozftp00.dll
C:\WINDOWS\system32\ptshell.dll =>
C:\NEFix\backup\files\C\WINDOWS\system32\ptshell.dll
C:\WINDOWS\system32\SysWoWCt.dll =>
C:\NEFix\backup\files\C\WINDOWS\system32\SysWoWCt.dll
C:\WINDOWS\system32\tavo.exe =>
C:\NEFix\backup\files\C\WINDOWS\system32\tavo.exe
C:\WINDOWS\system32\tavo0.dll =>
C:\NEFix\backup\files\C\WINDOWS\system32\tavo0.dll
C:\WINDOWS\system32\drivers\msosmsfpfis64.sys =>
C:\NEFix\backup\files\C\WINDOWS\system32\drivers\msosmsfpfis64.sys
C:\WINDOWS\system32\drivers\msosmsp2p32.sys =>
C:\NEFix\backup\files\C\WINDOWS\system32\drivers\msosmsp2p32.sys
C:\WINDOWS\system32\drivers\nicomsp2p32.sys =>
C:\NEFix\backup\files\C\WINDOWS\system32\drivers\nicomsp2p32.sys
d:\autorun.inf => C:\NEFix\backup\files\d\autorun.inf
d:\ntdelect.com => C:\NEFix\backup\files\d\ntdelect.com
e:\autorun.inf => C:\NEFix\backup\files\e\autorun.inf
e:\ntdelect.com => C:\NEFix\backup\files\e\ntdelect.com
f:\autorun.inf => C:\NEFix\backup\files\f\autorun.inf
f:\ntdelect.com => C:\NEFix\backup\files\f\ntdelect.com
=======================================================
****** Created 2008-05 to 2008-06 Files ******
<DIR> 2008-06-03 2008-06-04 12:33 d-------- C:\WINDOWS\TEMP
<DIR> 2008-06-03 2008-06-03 22:15 d-------- C:\Downloads
<DIR> 2008-06-03 2008-06-03 20:52 d--hs---- C:\RECYCLER
<DIR> 2008-06-03 2008-06-03 20:46 d-------- C:\QooBox
<DIR> 2008-06-03 2008-06-03 20:37 d-------- C:\WINDOWS\erdnt
<DIR> 2008-06-02 2008-06-04 12:33 d-a------ C:\NEFix
<DIR> 2008-06-02 2008-06-02 11:47 d--hs---- C:\Config.Msi
<DIR> 2008-05-30 2008-05-30 19:15 d--h----- C:\WINDOWS\Nt_File_Temp
<DIR> 2008-05-08 2008-05-08 19:15 d-------- C:\mp3dooutput
2008-06-03 2008-06-03 22:15 --a------
C:\WINDOWS\system32\bitcometres.dll
2008-06-03 2008-06-03 20:32 --a------ C:\WINDOWS\system32\rgamzr.dll
2008-06-03 2008-06-03 19:16 --a------ C:\WINDOWS\system32\pfyjik.dll
2008-06-03 2008-06-03 16:55 --a------ C:\WINDOWS\system32\xlgnhb.dll
2008-06-03 2008-06-03 12:38 --a------ C:\WINDOWS\system32\rmybel.dll
2008-06-03 2008-06-03 09:02 --a------ C:\WINDOWS\system32\riqeve.dll
2008-06-03 2008-06-03 00:48 --a------ C:\WINDOWS\system32\saibzb.dll
2008-06-03 2000-08-31 08:00 --a------ C:\WINDOWS\zip.exe
2008-06-03 2000-08-31 08:00 --a------ C:\WINDOWS\VFind.exe
2008-06-03 2000-08-31 08:00 --a------ C:\WINDOWS\swxcacls.exe
2008-06-03 2000-08-31 08:00 --a------ C:\WINDOWS\swsc.exe
2008-06-03 2000-08-31 08:00 --a------ C:\WINDOWS\swreg.exe
2008-06-03 2000-08-31 08:00 --a------ C:\WINDOWS\sed.exe
2008-06-03 2000-08-31 08:00 --a------ C:\WINDOWS\Nircmd.exe
2008-06-03 2000-08-31 08:00 --a------ C:\WINDOWS\grep.exe
2008-06-03 2000-08-31 08:00 --a------ C:\WINDOWS\fdsv.exe
2008-06-02 2008-06-02 22:42 --a------ C:\WINDOWS\system32\EFix.dat
2008-06-02 2008-06-02 21:21 --a------ C:\WINDOWS\system32\ebnzdh.dll
2008-06-02 2008-06-02 17:02 --a------ C:\WINDOWS\system32\hbpuwu.dll
2008-06-02 2008-06-02 11:48 --a------ C:\WINDOWS\system32\ovhtpz.dll
2008-06-02 2008-06-02 08:39 --a------ C:\WINDOWS\system32\nvkzhy.dll
2008-06-02 2008-03-25 12:50 -----c---
C:\WINDOWS\system32\dllcache\msxbde40.dll
2008-06-02 2008-03-25 12:50 -----c---
C:\WINDOWS\system32\dllcache\mswdat10.dll
2008-06-02 2008-03-25 12:50 -----c---
C:\WINDOWS\system32\dllcache\mstext40.dll
2008-06-02 2008-03-25 12:50 -----c---
C:\WINDOWS\system32\dllcache\msrepl40.dll
2008-06-02 2008-03-25 12:50 -----c---
C:\WINDOWS\system32\dllcache\msrd3x40.dll
2008-06-02 2008-03-25 12:50 -----c---
C:\WINDOWS\system32\dllcache\msrd2x40.dll
2008-06-02 2008-03-25 12:50 -----c---
C:\WINDOWS\system32\dllcache\mspbde40.dll
2008-06-02 2008-03-25 12:50 -----c---
C:\WINDOWS\system32\dllcache\msltus40.dll
2008-06-02 2008-03-25 12:50 -----c---
C:\WINDOWS\system32\dllcache\msjtes40.dll
2008-06-02 2008-03-25 12:50 -----c---
C:\WINDOWS\system32\dllcache\msjter40.dll
2008-06-02 2008-03-25 12:50 -----c---
C:\WINDOWS\system32\dllcache\msjetol1.dll
2008-06-02 2008-03-25 12:50 -----c---
C:\WINDOWS\system32\dllcache\msjet40.dll
2008-06-02 2008-03-25 12:50 -----c---
C:\WINDOWS\system32\dllcache\msexcl40.dll
2008-06-02 2008-03-25 12:50 -----c---
C:\WINDOWS\system32\dllcache\msexch40.dll
2008-06-02 2008-03-25 12:50 -----c---
C:\WINDOWS\system32\dllcache\dao360.dll
2008-06-02 2008-03-25 12:49 -----c---
C:\WINDOWS\system32\dllcache\mswstr10.dll
2008-06-02 2008-03-25 12:49 -----c---
C:\WINDOWS\system32\dllcache\msjint40.dll
2008-06-02 2008-02-25 11:44 --a------
C:\WINDOWS\system32\sigcheck.com
2008-06-02 2008-02-20 13:33 -----c---
C:\WINDOWS\system32\dllcache\dnsrslvr.dll
2008-06-02 2007-12-18 17:51 -----c---
C:\WINDOWS\system32\dllcache\mrxdav.sys
2008-06-02 2007-12-05 02:39 -----c---
C:\WINDOWS\system32\dllcache\oleaut32.dll
2008-06-02 2007-10-30 06:42 -----c---
C:\WINDOWS\system32\dllcache\quartz.dll
2008-06-02 2007-10-20 06:01 -----c---
C:\WINDOWS\system32\dllcache\wmasf.dll
2008-06-02 2007-07-09 21:11 -----c---
C:\WINDOWS\system32\dllcache\rpcrt4.dll
2008-06-02 2007-07-06 20:50 -----c---
C:\WINDOWS\system32\dllcache\mqutil.dll
2008-06-02 2007-07-06 20:50 -----c---
C:\WINDOWS\system32\dllcache\mqupgrd.dll
2008-06-02 2007-07-06 20:50 -----c---
C:\WINDOWS\system32\dllcache\mqsec.dll
2008-06-02 2007-07-06 20:50 -----c---
C:\WINDOWS\system32\dllcache\mqrt.dll
2008-06-02 2007-07-06 20:50 -----c---
C:\WINDOWS\system32\dllcache\mqqm.dll
2008-06-02 2007-07-06 20:50 -----c---
C:\WINDOWS\system32\dllcache\mqise.dll
2008-06-02 2007-07-06 20:50 -----c---
C:\WINDOWS\system32\dllcache\mqdscli.dll
2008-06-02 2007-07-06 20:50 -----c---
C:\WINDOWS\system32\dllcache\mqad.dll
2008-06-02 2007-07-06 18:05 -----c---
C:\WINDOWS\system32\dllcache\mqac.sys
2008-06-02 2007-06-13 21:22 -----c---
C:\WINDOWS\system32\dllcache\explorer.exe
2008-06-02 2007-04-25 22:22 -----c---
C:\WINDOWS\system32\dllcache\schannel.dll
2008-06-02 2004-07-12 08:00 --a------ C:\WINDOWS\system32\wmpns.dll
2008-06-02 2004-07-12 08:00 --a------ C:\WINDOWS\fixreg.com
2008-06-01 2008-06-01 19:21 --a------ C:\WINDOWS\system32\xcknqg.dll
2008-06-01 2008-06-01 18:21 --a------ C:\WINDOWS\system32\pownad.dll
2008-06-01 2008-06-01 16:04 --a------ C:\WINDOWS\system32\wtkpfr.dll
2008-06-01 2008-06-01 12:33 --a------ C:\WINDOWS\system32\xuqnzw.dll
2008-06-01 2008-06-01 00:04 --a------ C:\WINDOWS\system32\dqvcgp.dll
2008-05-31 2008-05-31 07:32 --a------ C:\WINDOWS\system32\xqobyp.dll
2008-05-31 2008-05-31 07:29 --a------ C:\WINDOWS\system32\wvmujh.dll
2008-05-30 2008-05-30 19:17 --a------ C:\WINDOWS\system32\ydakqy.dll
2008-05-30 2008-05-30 19:14 --a------ C:\WINDOWS\twdvvbsw.exe
2008-05-30 2008-05-30 19:14 --a------
C:\WINDOWS\system32\mkydqvib.dll
2008-05-07 2008-06-01 22:09 --a------ C:\WINDOWS\tt.exe
=======================================================
執行中的程序:
E:\PC-CIL~1\tmproxy.exe ( Trend Micro Inc. < Trend Micro Network Security
Components 3.2 > )
E:\PC-CIL~1\TmPfw.exe ( Trend Micro Inc. < Trend Micro Network Security
Components 3.2 > )
E:\PC-CIL~1\Tmntsrv.exe ( Trend Micro Inc. < Trend Micro Internet Security
> )
E:\PC-CIL~1\PcScnSrv.exe ( Trend Micro Inc. < Trend Micro Internet
Security > )
E:\PC-CIL~1\PcCtlCom.exe ( Trend Micro Inc. < Trend Micro Internet
Security > )
E:\PC-CIL~1\PccGuide.exe ( Trend Micro Inc. < Trend Micro Internet
Security > )
C:\WINDOWS\system32\WgaTray.exe ( Microsoft Corporation < Windows Genuine
Advantage > )
C:\WINDOWS\system32\wdfmgr.exe ( Microsoft Corporation < Microsoft®
Windows® Operating System > )
C:\WINDOWS\system32\rundll32.exe ( Microsoft Corporation < Microsoft(R)
Windows(R) Operating System > )
C:\WINDOWS\system32\Ati2evxx.exe ( ATI Technologies Inc. < ATI External
Event Utility for WindowsNT and Windows9X > )
C:\WINDOWS\system32\Ati2evxx.exe ( ATI Technologies Inc. < ATI External
Event Utility for WindowsNT and Windows9X > )
C:\WINDOWS\System32\alg.exe ( Microsoft Corporation < Microsoft® Windows®
Operating System > )
C:\WINDOWS\Explorer.EXE ( Microsoft Corporation < Microsoft(R) Windows(R)
Operating System > )
C:\Program Files\Raxco\PerfectDisk\PDSched.exe ( Raxco Software, Inc. <
PDSched Module > )
=======================================================
登錄值列表 *** 注意 : 部分正常值不會顯示 ***
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-07-12 08:00]
"TorCP"="C:\Program Files\Trocp\TorCP\torcp.exe" []
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="C:\Program Files\Common
Files\Ahead\Lib\NMBgMonitor.exe" [2007-06-27 19:03]
"Camfrog"="E:\Camfrog Video Chat\CamfrogNet.exe" [2003-09-29 14:22]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IMJPMIG8.1"="C:\WINDOWS\IME\imjp8_1\IMJPMIG.exe" [2004-07-12 08:00]
"PHIME2002ASync"="C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.exe" [2004-07-12
08:00]
"PHIME2002A"="C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.exe" [2004-07-12
08:00]
"SoundMan"=SOUNDMAN.EXE [2002-09-11 10:57 C:\WINDOWS\SOUNDMAN.EXE]
"ISUSPM Startup"="C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe"
[2004-04-17 12:41]
"ISUSScheduler"="C:\Program Files\Common
Files\InstallShield\UpdateService\issch.exe" [2004-04-13 06:07]
"CorelDRAW Graphics Suite 11b"="C:\Program Files\Corel\Corel Graphics
12\Languages\CT\Programs\Registration.exe" []
"NeroFilterCheck"="C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe"
[2007-03-01 15:57]
"ATIPTA"="C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe"
[2004-11-30 21:10]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
[2007-09-25 01:11]
"pccguide.exe"="E:\PC-cillin\pccguide.exe" [2007-02-01 16:26]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"=ctfmon.exe [2004-07-12 08:00 C:\WINDOWS\system32\ctfmon.exe]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser
Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]
@ 2003-11-03 14:17 C:\Program Files\Adobe\Acrobat
6.0\Reader\ActiveX\AcroIEHelper.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser
Helper Objects\{25CEE8EC-5730-41bc-8B58-22DDC8AB8C20}]
@ 2007-10-05 04:06 C:\Program Files\Winamp Toolbar\winamptb.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser
Helper Objects\{C56CB6B0-0D96-11D6-8C65-B2868B609932}]
@ 2004-07-19 21:16 C:\Program Files\Xi\NetTransport 2\NTIEHelper.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows
nt\currentversion\winlogon\notify\WgaLogon\Settings]
"DLLName"="wlnotify.dll" --a------ 2004-07-12 08:00
C:\WINDOWS\system32\wlnotify.dll
MD5: F7054A7191EE1E403020649AA40A23E0 2007-06-13 21:22 977920
C:\WINDOWS\explorer.exe
MD5: 50D8DB3BF83670339A8616EB5A75BF06 2007-06-13 21:10 977920
C:\WINDOWS\$hf_mig$\KB938828\SP2QFE\explorer.exe
MD5: 453888766DA789F18FBBF5B20E4BC17F 2004-07-12 08:00 976896
C:\WINDOWS\$NtUninstallKB938828$\explorer.exe
MD5: F7054A7191EE1E403020649AA40A23E0 2007-06-13 21:22 977920
C:\WINDOWS\SoftwareDistribution\Download\6ef591c564c505c2128dc1abc806918d\sp2gdr\explorer.exe
MD5: 50D8DB3BF83670339A8616EB5A75BF06 2007-06-13 21:10 977920
C:\WINDOWS\SoftwareDistribution\Download\6ef591c564c505c2128dc1abc806918d\sp2qfe\explorer.exe
MD5: F7054A7191EE1E403020649AA40A23E0 2007-06-13 21:22 977920
C:\WINDOWS\system32\dllcache\explorer.exe
MD5: F3A20A3C6A4DF7FE038F4CCA70080B10 2004-07-12 08:00 23552
C:\WINDOWS\system32\userinit.exe
C:\WINDOWS\system32\drivers\vga.sys Verified Failed:
MD5 Check: 431B57681885C6050197E7EE9CCE3310
Publisher: n/a
--a------ 2008-02-24 12:17 C:\Documents and Settings\All Users\「開始」功能表\
程式集\啟動\Microsoft Office.lnk
=> --a------ 2001-02-13 01:01 C:\Program Files\Microsoft
Office\Office10\OSA.EXE
服務 \ 驅動 列表:
顯示方式 : 啟動狀態 服務名稱;顯示名稱;檔案名稱
啟動狀態 : S0 = Boot Start S1 = System Start S2 = Auto Start S3 = Manual
Start S4 = Disable
S3 hook;hook;C:\WINDOWS\Nt_File_Temp\hook.sys [2008-05-30 19:15]
S2 PDSched;PDScheduler;"C:\Program Files\Raxco\PerfectDisk\PDSched.exe"
[2004-11-01 12:56]
=======================================================
Winsock lsp :
=======================================================
2008-06-02 22:47:42.35 C:\NEFix\backup\log1.txt
--
※ 發信站: 批踢踢實業坊(ptt.cc)
◆ From: 125.224.76.165