我放左hijack this個log file,可唔可以幫我睇下有冇事,我電腦成日輕機..

moonrider

可唔可以幫我睇下部電腦有無事....
我唔係幾識睇,請指點,謝謝^^~

Logfile of HijackThis v1.99.1
Scan saved at 10:55:30, on 4/11/2006
Platform: Windows XP  (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Eset\nod32krn.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\ctfmon.exe
C:\Program Files\Eset\nod32kui.exe
C:\Program Files\DAEMON Tools\daemon.exe
C:\Program Files\ATI Technologies\ATI.ACE\CLI.EXE
C:\PROGRA~1\Yahoo!\ASSIST~1\YLive.exe
C:\PROGRA~1\Yahoo!\Assistant\yassistse.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\vsnppro.exe
C:\Program Files\Common Files\PCSuite\DataLayer\DataLayer.exe
C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe
C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe
c:\progra~1\intern~1\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\PROGRA~1\COMMON~1\PCSuite\Services\SERVIC~1.EXE
C:\PROGRA~1\COMMON~1\Nokia\MPAPI\MPAPI3s.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\WINDOWS\System32\wuauclt.exe
C:\WINDOWS\System32\devldr32.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\HijackThis\HijackThis.exe
R3 - URLSearchHook: 捇誥翑忒 - {406F94F0-504F-4a40-8DFD-58B0666ABEBD} - C:\PROGRA~1\Yahoo!\ASSIST~1\Assist\yasbar.dll
O1 - Hosts: 61.188.38.64 www.gamezt.com.cn
O1 - Hosts: 61.188.38.64 meng.nicemm.cn
O1 - Hosts: 61.188.38.64 www.hyap98.com
O1 - Hosts: 61.188.38.64 upd.etsoft.com.cn
O1 - Hosts: 61.188.38.64 www.essonarts.com
O1 - Hosts: 61.188.38.64 ert0003.e76.163ns.com
O1 - Hosts: 61.188.38.64 sky001.e11.163ns.com
O1 - Hosts: 61.188.38.64 woool.100888290cs.com
O1 - Hosts: 61.188.38.64 rxjh.100888290cs.com
O1 - Hosts: 61.188.38.64 www.yowoool.com
O1 - Hosts: 61.188.38.64 13511.com
O1 - Hosts: 61.188.38.64 www.13511.com
O1 - Hosts: 61.188.38.64 ywg.cn
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: Yahoo!Photo - {33BBE430-0E42-4f12-B075-8D21ACB10DCB} - C:\PROGRA~1\Yahoo!\ASSIST~1\Assist\yphtb.dll
O2 - BHO: AntiFish Class - {38928D50-8A48-44C2-945F-D2F23F771410} - C:\PROGRA~1\Yahoo!\ASSIST~1\Assist\yangling.dll
O2 - BHO: 捇誥翑忒 - {406F94F0-504F-4a40-8DFD-58B0666ABEBD} - C:\PROGRA~1\Yahoo!\ASSIST~1\Assist\yasbar.dll
O2 - BHO: DragSearch BHO - {62EED7C6-9F02-42f9-B634-98E2899E147B} - C:\PROGRA~1\Yahoo!\ASSIST~1\Assist\YDRAGS~1.DLL
O2 - BHO: Thunder Browser Helper - {889D2FEB-5411-4565-8998-1DD2C5261283} - C:\Program Files\Thunder Network\Thunder\ComDlls\XunLeiBHO_002.dll
O2 - BHO: IE - {D157330A-9EF3-49F8-9A67-4141AC41ADD4} - C:\WINDOWS\DOWNLO~1\CnsHook.dll
O3 - Toolbar: 收音機(&R) - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: 捇誥翑忒 - {406F94F0-504F-4a40-8DFD-58B0666ABEBD} - C:\PROGRA~1\Yahoo!\ASSIST~1\Assist\yasbar.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [IMJPMIG8.1] C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [Thunder] "C:\Program Files\Thunder Network\Thunder\Thunder.exe" /s
O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\CLIStart.exe"
O4 - HKLM\..\Run: [nod32kui] "C:\Program Files\Eset\nod32kui.exe" /WAITSERVICE
O4 - HKLM\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink DVD Solution\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [InCD] C:\Program Files\Ahead\InCD\InCD.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [LGODDFU] "C:\Program Files\lg_fwupdate\fwupdate.exe"
O4 - HKLM\..\Run: [YLive.exe] C:\PROGRA~1\Yahoo!\ASSIST~1\YLive.exe
O4 - HKLM\..\Run: [CnsMin] Rundll32.exe C:\WINDOWS\DOWNLO~1\CnsMin.dll,Rundll32
O4 - HKLM\..\Run: [yassistse] "C:\PROGRA~1\Yahoo!\Assistant\yassistse.exe"
O4 - HKLM\..\Run: [helper.dll] C:\WINDOWS\system32\rundll32.exe C:\PROGRA~1\3721\helper.dll,Rundll32
O4 - HKLM\..\Run: [RivaTunerStartupDaemon] "C:\Program Files\RivaTuner\RivaTuner.exe" /S
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [NetPumper] "C:\Program Files\NetPumper\NetPumperIEProxy.exe"
O4 - HKLM\..\Run: [Barb base cast byte] C:\Documents and Settings\All Users.WINDOWS\Application Data\trayaxisbarbbase\Surfbias.exe
O4 - HKLM\..\Run: [snppro] C:\WINDOWS\vsnppro.exe
O4 - HKLM\..\Run: [DataLayer] C:\Program Files\Common Files\PCSuite\DataLayer\DataLayer.exe
O4 - HKLM\..\Run: [PCSuiteTrayApplication] C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe -onlytray
O4 - HKLM\..\RunOnce: [YahooC:\PROGRA~1\Yahoo!\ASSIST~1\yclickon.dll190953] regsvr32 /s C:\PROGRA~1\Yahoo!\ASSIST~1\yclickon.dll
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\System32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [foxy] "C:\Program Files\Foxy\Foxy.exe" -tray
O4 - HKCU\..\Run: [BLAH BYTE] C:\DOCUME~1\Tribe\APPLIC~1\ATOMID~1\WINDOWENC.exe
O4 - HKCU\..\Run: [PcSync] C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog
O8 - Extra context menu item: !搜一搜 - res://C:\WINDOWS\DOWNLO~1\CnsMinEx.dll/1003
O8 - Extra context menu item: &使用迅雷下載 - C:\Program Files\Thunder Network\Thunder\Program\GetUrl.htm
O8 - Extra context menu item: &使用迅雷下載全部鏈接 - C:\Program Files\Thunder Network\Thunder\Program\GetAllUrl.htm
O8 - Extra context menu item: Download with NetPumper - C:\Program Files\NetPumper\AddUrl.htm
O8 - Extra context menu item: Foxy 下載 - res://C:\Program Files\Foxy\Foxy.exe/download.htm
O8 - Extra context menu item: Foxy 搜尋 - res://C:\Program Files\Foxy\Foxy.exe/search.htm
O8 - Extra context menu item: 匯出至 Microsoft Excel(&X) - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: 氝樓善捇誥隆堐(&Y) - res://C:\PROGRA~1\Yahoo!\ASSIST~1\Assist\yrss.dll/YRSSMENUEXT
O8 - Extra context menu item: 雅虎搜索 - res://C:\PROGRA~1\Yahoo!\ASSIST~1\Assist\yasbar.dll/246
O9 - Extra button: Yahoo 1G電郵 - {507F9113-CD77-4866-BA92-0E86DA3D0B97} - http://cn.zs.yahoo.com/cnsbutton.htm?source=cns&btn=yahoomail (file missing)
O9 - Extra button: 尋寶樂趣多 - {59BC54A2-56B3-44a0-93E5-432D58746E26} - http://adtaobao.allyes.com/main/adfclick?db=adtaobao&bid=138,140,18&cid=816,8,1&sid=5042&show=ignore&url=http://www.taobao.com/vertical/mall/pro.php?allyesPara=816 (file missing)
O9 - Extra button: 雅虎助手 - {5D73EE86-05F1-49ed-B850-E423120EC338} - http://cn.zs.yahoo.com/cnsbutton.htm?source=cns&btn=yassist (file missing)
O9 - Extra button: (no name) - {6354ABE6-05F1-49ed-B850-E423120EC338} - http://cn.widget.yahoo.com/index.htm?source=Cns (file missing)
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra button: 情景聊天 - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - http://cn.zs.yahoo.com/cnsbutton.htm?source=cns&btn=yahoomsg (file missing)
O9 - Extra button: (no name) - {ECF2E268-F28C-48d2-9AB7-8F69C11CCB71} - http://cn.zs.yahoo.com/cnsbutton.htm?source=cns&btn=repair (file missing)
O9 - Extra 'Tools' menuitem: 修復瀏覽器 - {ECF2E268-F28C-48d2-9AB7-8F69C11CCB71} - http://cn.zs.yahoo.com/cnsbutton.htm?source=cns&btn=repair (file missing)
O9 - Extra button: (no name) - {FD00D911-7529-4084-9946-A29F1BDF4FE5} - http://cn.zs.yahoo.com/cnsbutton.htm?source=cns&btn=clean (file missing)
O9 - Extra 'Tools' menuitem: 清理上網記錄 - {FD00D911-7529-4084-9946-A29F1BDF4FE5} - http://cn.zs.yahoo.com/cnsbutton.htm?source=cns&btn=clean (file missing)

moonrider

O11 - Options group: [!CNS]  網絡實名
O16 - DPF: {1E15B1A7-95CA-4377-B893-697CD95951AE} (ClientATXCtrl Control) - http://www.wayi.com.tw/gameup/ClientATXCtrl.OCX
O16 - DPF: {69EF49E5-FE46-4B92-B5FA-2193AB7A6B8A} (GameLauncher Control) - http://www.acclaim.com/cabs/acclaim_v4.cab
O16 - DPF: {B905F63D-7489-4B3D-9B62-49A1B8647E2A} (HgPluginJP21 Class) - http://down.hangame.co.jp/jp/dist/hgstart/HGPluginJP21.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{D16A4056-8C67-42C8-ABC2-B50780F84DBE}: NameServer = 205.252.144.126 218.102.62.71
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: InCD Helper (InCDsrv) - Nero AG - C:\Program Files\Ahead\InCD\InCDsrv.exe
O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset  - C:\Program Files\Eset\nod32krn.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\HPZipm12.exe

maxmaxddr

好多問題下喎@_@
2002版主好似未起身

uhthn2002

@@ 確實 有很多的問題
真是懷念....多麼久沒有看過中灰鴿子的log
關閉瀏覽器,開啟HijackThis 按do a system scan only勾選以下內容:
R3 - URLSearchHook: 捇誥翑忒 - {406F94F0-504F-4a40-8DFD-58B0666ABEBD} - C:\PROGRA~1\Yahoo!\ASSIST~1\Assist\yasbar.dll
O1 - Hosts: 61.188.38.64 www.gamezt.com.cn
O1 - Hosts: 61.188.38.64 meng.nicemm.cn
O1 - Hosts: 61.188.38.64 www.hyap98.com
O1 - Hosts: 61.188.38.64 upd.etsoft.com.cn
O1 - Hosts: 61.188.38.64 www.essonarts.com
O1 - Hosts: 61.188.38.64 ert0003.e76.163ns.com
O1 - Hosts: 61.188.38.64 sky001.e11.163ns.com
O1 - Hosts: 61.188.38.64 woool.100888290cs.com
O1 - Hosts: 61.188.38.64 rxjh.100888290cs.com
O1 - Hosts: 61.188.38.64 www.yowoool.com
O1 - Hosts: 61.188.38.64 13511.com
O1 - Hosts: 61.188.38.64 www.13511.com
O1 - Hosts: 61.188.38.64 ywg.cn
O2 - BHO: Yahoo!Photo - {33BBE430-0E42-4f12-B075-8D21ACB10DCB} - C:\PROGRA~1\Yahoo!\ASSIST~1\Assist\yphtb.dll
O2 - BHO: AntiFish Class - {38928D50-8A48-44C2-945F-D2F23F771410} - C:\PROGRA~1\Yahoo!\ASSIST~1\Assist\yangling.dll
O2 - BHO: 捇誥翑忒 - {406F94F0-504F-4a40-8DFD-58B0666ABEBD} - C:\PROGRA~1\Yahoo!\ASSIST~1\Assist\yasbar.dll
O2 - BHO: DragSearch BHO - {62EED7C6-9F02-42f9-B634-98E2899E147B} - C:\PROGRA~1\Yahoo!\ASSIST~1\Assist\YDRAGS~1.DLL
O2 - BHO: IE - {D157330A-9EF3-49F8-9A67-4141AC41ADD4} - C:\WINDOWS\DOWNLO~1\CnsHook.dll
O3 - Toolbar: 捇誥翑忒 - {406F94F0-504F-4a40-8DFD-58B0666ABEBD} - C:\PROGRA~1\Yahoo!\ASSIST~1\Assist\yasbar.dll
O4 - HKLM\..\Run: [YLive.exe] C:\PROGRA~1\Yahoo!\ASSIST~1\YLive.exe
O4 - HKLM\..\Run: [CnsMin] Rundll32.exe C:\WINDOWS\DOWNLO~1\CnsMin.dll,Rundll32
O4 - HKLM\..\Run: [yassistse] "C:\PROGRA~1\Yahoo!\Assistant\yassistse.exe"
O4 - HKLM\..\Run: [helper.dll] C:\WINDOWS\system32\rundll32.exe C:\PROGRA~1\3721\helper.dll,Rundll32
O4 - HKLM\..\Run: [Barb base cast byte] C:\Documents and Settings\All Users.WINDOWS\Application Data\trayaxisbarbbase\Surfbias.exe
O4 - HKLM\..\Run: [snppro] C:\WINDOWS\vsnppro.exe
O4 - HKLM\..\RunOnce: [YahooC:\PROGRA~1\Yahoo!\ASSIST~1\yclickon.dll190953] regsvr32 /s C:\PROGRA~1\Yahoo!\ASSIST~1\yclickon.dll
O8 - Extra context menu item: !搜一搜 - res://C:\WINDOWS\DOWNLO~1\CnsMinEx.dll/1003
O8 - Extra context menu item: 氝樓善捇誥隆堐(&Y) - res://C:\PROGRA~1\Yahoo!\ASSIST~1\Assist\yrss.dll/YRSSMENUEXT
O8 - Extra context menu item: 雅虎搜索 - res://C:\PROGRA~1\Yahoo!\ASSIST~1\Assist\yasbar.dll/246
O9 - Extra button: Yahoo 1G電郵 - {507F9113-CD77-4866-BA92-0E86DA3D0B97} - http://cn.zs.yahoo.com/cnsbutton.htm?source=cns&btn=yahoomail (file missing)
O9 - Extra button: 尋寶樂趣多 - {59BC54A2-56B3-44a0-93E5-432D58746E26} - http://adtaobao.allyes.com/main/adfclick?db=adtaobao&bid=138,140,18&cid=816,8,1&sid=5042&show=ignore&url=http://www.taobao.com/vertical/mall/pro.php?allyesPara=816 (file missing)
O9 - Extra button: 雅虎助手 - {5D73EE86-05F1-49ed-B850-E423120EC338} - http://cn.zs.yahoo.com/cnsbutton.htm?source=cns&btn=yassist (file missing)
O9 - Extra button: (no name) - {6354ABE6-05F1-49ed-B850-E423120EC338} - http://cn.widget.yahoo.com/index.htm?source=Cns (file missing)
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra button: 情景聊天 - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - http://cn.zs.yahoo.com/cnsbutton.htm?source=cns&btn=yahoomsg (file missing)
O9 - Extra button: (no name) - {ECF2E268-F28C-48d2-9AB7-8F69C11CCB71} - http://cn.zs.yahoo.com/cnsbutton.htm?source=cns&btn=repair (file missing)
O9 - Extra 'Tools' menuitem: 修復瀏覽器 - {ECF2E268-F28C-48d2-9AB7-8F69C11CCB71} - http://cn.zs.yahoo.com/cnsbutton.htm?source=cns&btn=repair (file missing)
O9 - Extra button: (no name) - {FD00D911-7529-4084-9946-A29F1BDF4FE5} - http://cn.zs.yahoo.com/cnsbutton.htm?source=cns&btn=clean (file missing)
O9 - Extra 'Tools' menuitem: 清理上網記錄 - {FD00D911-7529-4084-9946-A29F1BDF4FE5} - http://cn.zs.yahoo.com/cnsbutton.htm?source=cns&btn=clean (file missing)
O11 - Options group: [!CNS]  網絡實名
O16 - DPF: {1E15B1A7-95CA-4377-B893-697CD95951AE} (ClientATXCtrl Control) - http://www.wayi.com.tw/gameup/ClientATXCtrl.OCX
O16 - DPF: {69EF49E5-FE46-4B92-B5FA-2193AB7A6B8A} (GameLauncher Control) - http://www.acclaim.com/cabs/acclaim_v4.cab
O16 - DPF: {B905F63D-7489-4B3D-9B62-49A1B8647E2A} (HgPluginJP21 Class) - http://down.hangame.co.jp/jp/dist/hgstart/HGPluginJP21.cab


按 fix checked
--------------------------------------------
下載 RogueCleaner

http://www.tommsoft.com/View.aspx?type=product&ID=2

解壓 RogueCleaner 到桌面.

------------------------------------------------

下載 AVG Anti-Spyware

http://www.ewido.net/en/download/


安裝完成後執行 AVG Anti-Spyware

按 Update-->Start update(更新完成後會顯示 Update succesfful!)

按 Scanner-->Settings

於 How to act? 選 Recommended actions-->Quarantine

於 Reports 勾選 Automatically generate report after every scan


關閉 AVG Anti-Spyware


------------------------------

重新啟動電腦後 F8 進入安全模式，登入你使用的用戶.
刪除C:\WINDOWS\vsnppro.exe
----------------------------------

執行 RogueCleaner


按開始清理

清理完成後關閉 RogueCleaner

------------------------------

執行 AVG Anti-Spyware


按 Scanner--->Complete System Scan.

完成掃瞄後選 Apply all actions .

如果移除期間彈出視窗，按 Yes，for all

移除完成後按 Save Report--->Save report as .

關閉 AVG Anti-Spyware


--------------------------
re機
貼上AVG Anti-Spyware report &掃個新hijackthis 上來

moonrider

不好意思啊,那麼久先完成,因第一次我掃瞄時當了一次機.......
結果弄了這麼久,謝謝你的幫助,
請過目~~^^
---------------------------------------------------------
AVG Anti-Spyware - Scan Report
---------------------------------------------------------
+ Created at: 14:14:30 4/11/2006
+ Scan result:

C:\System Volume Information\_restore{1130D512-7824-40F5-8B4C-35F4E602F828}\RP82\A0091180.dll/cdnaux.dll -> Adware.Cdn : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{1130D512-7824-40F5-8B4C-35F4E602F828}\RP88\A0095912.dll -> Adware.Cdn : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{1130D512-7824-40F5-8B4C-35F4E602F828}\RP88\A0095914.sys -> Adware.Cdn : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{1130D512-7824-40F5-8B4C-35F4E602F828}\RP88\A0096263.dll -> Adware.Cdn : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{1130D512-7824-40F5-8B4C-35F4E602F828}\RP94\A0098075.exe -> Adware.Cdn : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{1130D512-7824-40F5-8B4C-35F4E602F828}\RP96\A0101421.exe -> Adware.Cdn : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{1130D512-7824-40F5-8B4C-35F4E602F828}\RP96\A0102480.sys -> Adware.Cdn : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{1130D512-7824-40F5-8B4C-35F4E602F828}\RP99\A0108743.sys -> Adware.Cdn : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{70683D27-BCBD-4B43-93E9-8F6822883405}\RP17\A0008544.exe -> Adware.Cdn : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{70683D27-BCBD-4B43-93E9-8F6822883405}\RP46\A0068553.dll -> Adware.Cdn : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{70683D27-BCBD-4B43-93E9-8F6822883405}\RP46\A0068573.dll -> Adware.Cdn : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{70683D27-BCBD-4B43-93E9-8F6822883405}\RP46\A0068647.dll -> Adware.Cdn : Cleaned with backup (quarantined).
C:\WINDOWS\system32\cns.exe -> Adware.Cdn : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{1130D512-7824-40F5-8B4C-35F4E602F828}\RP88\A0095919.dll -> Adware.Cnshel : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{1130D512-7824-40F5-8B4C-35F4E602F828}\RP88\A0095968.dll/helper.dll -> Adware.Cnshel : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{1130D512-7824-40F5-8B4C-35F4E602F828}\RP88\A0096264.dll -> Adware.Cnshel : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{1130D512-7824-40F5-8B4C-35F4E602F828}\RP94\A0098077.dll -> Adware.Cnshel : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{70683D27-BCBD-4B43-93E9-8F6822883405}\RP17\A0008543.dll -> Adware.Cnshel : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{70683D27-BCBD-4B43-93E9-8F6822883405}\RP44\A0064408.dll/helper.dll -> Adware.Cnshel : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{70683D27-BCBD-4B43-93E9-8F6822883405}\RP45\A0066792.dll/helper.dll -> Adware.Cnshel : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{70683D27-BCBD-4B43-93E9-8F6822883405}\RP46\A0068563.dll -> Adware.Cnshel : Cleaned with backup (quarantined).
C:\WINDOWS\Downloaded Program Files\CnsMinAL.cab/AutoLive.dll/helper.dll -> Adware.Cnshel : Cleaned with backup (quarantined).
HKLM\SOFTWARE\3721 -> Adware.CnsMin : Cleaned with backup (quarantined).
HKLM\SOFTWARE\3721\CnsMin -> Adware.CnsMin : Cleaned with backup (quarantined).
HKLM\SOFTWARE\3721\CnsMin\Variant -> Adware.CnsMin : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\CnsHelper.CH -> Adware.CnsMin : Error during cleaning.
HKLM\SOFTWARE\Classes\CnsHelper.CH.1 -> Adware.CnsMin : Error during cleaning.
HKLM\SOFTWARE\Classes\CnsHelper.CH\CLSID -> Adware.CnsMin : Error during cleaning.
HKLM\SOFTWARE\Classes\CnsHelper.CH\CurVer -> Adware.CnsMin : Error during cleaning.
HKLM\SOFTWARE\Microsoft\Internet Explorer\AdvancedOptions\!CNS -> Adware.CnsMin : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Microsoft\Internet Explorer\AdvancedOptions\!CNS\AutoUpdate -> Adware.CnsMin : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Microsoft\Internet Explorer\AdvancedOptions\!CNS\Enable -> Adware.CnsMin : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Microsoft\Internet Explorer\AdvancedOptions\!CNS\Hint -> Adware.CnsMin : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Microsoft\Internet Explorer\AdvancedOptions\!CNS\List -> Adware.CnsMin : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Microsoft\Internet Explorer\AdvancedOptions\!CNS\Menu -> Adware.CnsMin : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Microsoft\Internet Explorer\AdvancedOptions\!CNS\Reset -> Adware.CnsMin : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Microsoft\Internet Explorer\AdvancedOptions\!CNS\ResetCatch -> Adware.CnsMin : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\CnsMin -> Adware.CnsMin : Cleaned with backup (quarantined).
HKU\S-1-5-21-1417001333-1647877149-682003330-1003\Software\3721 -> Adware.CnsMin : Cleaned with backup (quarantined).
HKU\S-1-5-21-1417001333-1647877149-682003330-1003\Software\3721\CnsMin -> Adware.CnsMin : Cleaned with backup (quarantined).
HKU\S-1-5-21-1417001333-1647877149-682003330-1003\Software\3721\CnsMin\Variant -> Adware.CnsMin : Cleaned with backup (quarantined).
HKU\S-1-5-21-1417001333-1647877149-682003330-1003\Software\3721\CnsUrl -> Adware.CnsMin : Cleaned with backup (quarantined).
HKU\S-1-5-21-1417001333-1647877149-682003330-1003\Software\3721\InputCns -> Adware.CnsMin : Cleaned with backup (quarantined).

maxmaxddr

貼上AVG Anti-Spyware report &掃個新hijackthis 上來
差個hijackthis既報告呀
掃埋上來啦

moonrider

C:\System Volume Information\_restore{70683D27-BCBD-4B43-93E9-8F6822883405}\RP1\A0000333.exe -> Adware.SaveNow : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{70683D27-BCBD-4B43-93E9-8F6822883405}\RP17\A0008527.dll -> Adware.Yassist : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{70683D27-BCBD-4B43-93E9-8F6822883405}\RP17\A0008529.exe -> Adware.Yassist : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{70683D27-BCBD-4B43-93E9-8F6822883405}\RP46\A0068523.dll/yhelper.dll -> Adware.Yassist : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{70683D27-BCBD-4B43-93E9-8F6822883405}\RP46\A0068523.dll/ylive.exe -> Adware.Yassist : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{70683D27-BCBD-4B43-93E9-8F6822883405}\RP46\A0068625.dll/yhelper.dll -> Adware.Yassist : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{70683D27-BCBD-4B43-93E9-8F6822883405}\RP46\A0068625.dll/ylive.exe -> Adware.Yassist : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{1130D512-7824-40F5-8B4C-35F4E602F828}\RP101\A0110981.DLL -> Backdoor.Hupigon.brn : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{1130D512-7824-40F5-8B4C-35F4E602F828}\RP102\A0111981.DLL -> Backdoor.Hupigon.brn : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{1130D512-7824-40F5-8B4C-35F4E602F828}\RP102\A0112019.DLL -> Backdoor.Hupigon.brn : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{1130D512-7824-40F5-8B4C-35F4E602F828}\RP102\A0113019.DLL -> Backdoor.Hupigon.brn : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{1130D512-7824-40F5-8B4C-35F4E602F828}\RP102\A0113073.DLL -> Backdoor.Hupigon.brn : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{1130D512-7824-40F5-8B4C-35F4E602F828}\RP103\A0113115.DLL -> Backdoor.Hupigon.brn : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{1130D512-7824-40F5-8B4C-35F4E602F828}\RP103\A0113139.DLL -> Backdoor.Hupigon.brn : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{1130D512-7824-40F5-8B4C-35F4E602F828}\RP103\A0113168.DLL -> Backdoor.Hupigon.brn : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{1130D512-7824-40F5-8B4C-35F4E602F828}\RP103\A0114168.DLL -> Backdoor.Hupigon.brn : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{1130D512-7824-40F5-8B4C-35F4E602F828}\RP103\A0114221.DLL -> Backdoor.Hupigon.brn : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{1130D512-7824-40F5-8B4C-35F4E602F828}\RP104\A0115221.DLL -> Backdoor.Hupigon.brn : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{1130D512-7824-40F5-8B4C-35F4E602F828}\RP104\A0115267.DLL -> Backdoor.Hupigon.brn : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{1130D512-7824-40F5-8B4C-35F4E602F828}\RP104\A0115291.DLL -> Backdoor.Hupigon.brn : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{1130D512-7824-40F5-8B4C-35F4E602F828}\RP104\A0116291.DLL -> Backdoor.Hupigon.brn : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{1130D512-7824-40F5-8B4C-35F4E602F828}\RP104\A0117290.DLL -> Backdoor.Hupigon.brn : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{1130D512-7824-40F5-8B4C-35F4E602F828}\RP105\A0117341.DLL -> Backdoor.Hupigon.brn : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{1130D512-7824-40F5-8B4C-35F4E602F828}\RP105\A0117367.DLL -> Backdoor.Hupigon.brn : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{1130D512-7824-40F5-8B4C-35F4E602F828}\RP105\A0118366.DLL -> Backdoor.Hupigon.brn : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{1130D512-7824-40F5-8B4C-35F4E602F828}\RP105\A0118387.DLL -> Backdoor.Hupigon.brn : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{1130D512-7824-40F5-8B4C-35F4E602F828}\RP105\A0118438.DLL -> Backdoor.Hupigon.brn : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{1130D512-7824-40F5-8B4C-35F4E602F828}\RP105\A0118472.DLL -> Backdoor.Hupigon.brn : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{1130D512-7824-40F5-8B4C-35F4E602F828}\RP105\A0118523.DLL -> Backdoor.Hupigon.brn : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{1130D512-7824-40F5-8B4C-35F4E602F828}\RP105\A0119524.DLL -> Backdoor.Hupigon.brn : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{1130D512-7824-40F5-8B4C-35F4E602F828}\RP106\A0119556.DLL -> Backdoor.Hupigon.brn : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{1130D512-7824-40F5-8B4C-35F4E602F828}\RP106\A0119587.DLL -> Backdoor.Hupigon.brn : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{1130D512-7824-40F5-8B4C-35F4E602F828}\RP106\A0119622.DLL -> Backdoor.Hupigon.brn : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{1130D512-7824-40F5-8B4C-35F4E602F828}\RP106\A0120621.DLL -> Backdoor.Hupigon.brn : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{1130D512-7824-40F5-8B4C-35F4E602F828}\RP106\A0122170.DLL -> Backdoor.Hupigon.brn : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{1130D512-7824-40F5-8B4C-35F4E602F828}\RP107\A0123223.DLL -> Backdoor.Hupigon.brn : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{1130D512-7824-40F5-8B4C-35F4E602F828}\RP107\A0123277.DLL -> Backdoor.Hupigon.brn : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{1130D512-7824-40F5-8B4C-35F4E602F828}\RP108\A0123372.DLL -> Backdoor.Hupigon.brn : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{1130D512-7824-40F5-8B4C-35F4E602F828}\RP109\A0123473.DLL -> Backdoor.Hupigon.brn : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{1130D512-7824-40F5-8B4C-35F4E602F828}\RP109\A0124474.DLL -> Backdoor.Hupigon.brn : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{1130D512-7824-40F5-8B4C-35F4E602F828}\RP109\A0124491.DLL -> Backdoor.Hupigon.brn : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{1130D512-7824-40F5-8B4C-35F4E602F828}\RP109\A0125491.DLL -> Backdoor.Hupigon.brn : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{1130D512-7824-40F5-8B4C-35F4E602F828}\RP109\A0126492.DLL -> Backdoor.Hupigon.brn : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{1130D512-7824-40F5-8B4C-35F4E602F828}\RP109\A0127492.DLL -> Backdoor.Hupigon.brn : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{1130D512-7824-40F5-8B4C-35F4E602F828}\RP109\A0128492.DLL -> Backdoor.Hupigon.brn : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{1130D512-7824-40F5-8B4C-35F4E602F828}\RP109\A0129491.DLL -> Backdoor.Hupigon.brn : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{1130D512-7824-40F5-8B4C-35F4E602F828}\RP109\A0130492.DLL -> Backdoor.Hupigon.brn : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{1130D512-7824-40F5-8B4C-35F4E602F828}\RP109\A0133492.DLL -> Backdoor.Hupigon.brn : Cleaned with backup (quarantined).

moonrider

C:\Documents and Settings\DMC\Local Settings\Temp\regedit.exe -> Backdoor.Hupigon.cge : Cleaned with backup (quarantined).
C:\Documents and Settings\DMC\Local Settings\Temp\Yotaapha.dl1 -> Backdoor.PcClient.bs : Cleaned with backup (quarantined).
C:\Documents and Settings\DMC\Local Settings\Temp\ICD1.tmp\UERSR_0001_N86M1007NetInstaller.exe -> Downloader.Agent.alr : Cleaned with backup (quarantined).
C:\Documents and Settings\DMC\Local Settings\Temp\_tmps.exe -> Downloader.Agent.aqq : Cleaned with backup (quarantined).
C:\WINDOWS\system32\win1ogon.exe -> Downloader.Delf.aya : Cleaned with backup (quarantined).
C:\Documents and Settings\Tribe\Local Settings\Temporary Internet Files\Content.IE5\S44USTS1\popupjs[1].htm -> Downloader.IstBar.ai : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{1130D512-7824-40F5-8B4C-35F4E602F828}\RP82\A0091190.dll -> Dropper.Zskiller : Cleaned with backup (quarantined).
C:\Documents and Settings\Tribe\Cookies\tribe@247realmedia[2].txt -> TrackingCookie.247realmedia : Cleaned.
C:\Documents and Settings\Tribe\Cookies\tribe@2o7[2].txt -> TrackingCookie.2o7 : Cleaned.
C:\Documents and Settings\Tribe\Cookies\tribe@metacafe.122.2o7[1].txt -> TrackingCookie.2o7 : Cleaned.
C:\Documents and Settings\Tribe\Cookies\tribe@standardcharteredbank.122.2o7[1].txt -> TrackingCookie.2o7 : Cleaned.
C:\Documents and Settings\Tribe\Cookies\tribe@adbrite[2].txt -> TrackingCookie.Adbrite : Cleaned.
C:\Documents and Settings\Tribe\Cookies\tribe@ads.addynamix[1].txt -> TrackingCookie.Addynamix : Cleaned.
C:\Documents and Settings\Tribe\Cookies\tribe@rotator.adjuggler[1].txt -> TrackingCookie.Adjuggler : Cleaned.
C:\Documents and Settings\Tribe\Cookies\tribe@adtech[2].txt -> TrackingCookie.Adtech : Cleaned.
C:\Documents and Settings\Tribe\Cookies\tribe@advertising[1].txt -> TrackingCookie.Advertising : Cleaned.
C:\Documents and Settings\Tribe\Cookies\tribe@atdmt[2].txt -> TrackingCookie.Atdmt : Cleaned.
C:\Documents and Settings\Tribe\Cookies\tribe@bluestreak[1].txt -> TrackingCookie.Bluestreak : Cleaned.
C:\Documents and Settings\Tribe\Cookies\tribe@www.burstnet[2].txt -> TrackingCookie.Burstnet : Cleaned.
C:\Documents and Settings\Tribe\Cookies\tribe@casalemedia[2].txt -> TrackingCookie.Casalemedia : Cleaned.
C:\Documents and Settings\Tribe\Cookies\tribe@centrport[1].txt -> TrackingCookie.Centrport : Cleaned.
C:\Documents and Settings\Tribe\Cookies\tribe@ad1.clickhype[1].txt -> TrackingCookie.Clickhype : Cleaned.
C:\Documents and Settings\Tribe\Cookies\tribe@cz3.clickzs[2].txt -> TrackingCookie.Clickzs : Cleaned.
C:\Documents and Settings\Tribe\Cookies\tribe@com[1].txt -> TrackingCookie.Com : Cleaned.
C:\Documents and Settings\Tribe\Cookies\tribe@data.coremetrics[1].txt -> TrackingCookie.Coremetrics : Cleaned.
C:\Documents and Settings\DMC\Local Settings\Temp\Cookies\dmc@doubleclick[1].txt -> TrackingCookie.Doubleclick : Cleaned.
C:\Documents and Settings\Tribe\Cookies\tribe@doubleclick[1].txt -> TrackingCookie.Doubleclick : Cleaned.
C:\Documents and Settings\Tribe\Cookies\tribe@adopt.euroclick[2].txt -> TrackingCookie.Euroclick : Cleaned.
C:\Documents and Settings\Tribe\Cookies\tribe@fastclick[1].txt -> TrackingCookie.Fastclick : Cleaned.
C:\Documents and Settings\Tribe\Cookies\tribe@ehg-youtube.hitbox[2].txt -> TrackingCookie.Hitbox : Cleaned.
C:\Documents and Settings\Tribe\Cookies\tribe@hitbox[2].txt -> TrackingCookie.Hitbox : Cleaned.
C:\Documents and Settings\Tribe\Cookies\tribe@counter.hitslink[1].txt -> TrackingCookie.Hitslink : Cleaned.
C:\Documents and Settings\Tribe\Cookies\tribe@hotlog[1].txt -> TrackingCookie.Hotlog : Cleaned.
C:\Documents and Settings\Tribe\Cookies\tribe@komtrack[2].txt -> TrackingCookie.Komtrack : Cleaned.
C:\Documents and Settings\Tribe\Cookies\tribe@image.masterstats[1].txt -> TrackingCookie.Masterstats : Cleaned.
C:\Documents and Settings\Tribe\Cookies\tribe@mediaplex[1].txt -> TrackingCookie.Mediaplex : Cleaned.
C:\Documents and Settings\Tribe\Cookies\tribe@data3.perf.overture[2].txt -> TrackingCookie.Overture : Cleaned.
C:\Documents and Settings\Tribe\Cookies\tribe@overture[2].txt -> TrackingCookie.Overture : Cleaned.
C:\Documents and Settings\Tribe\Cookies\tribe@perf.overture[1].txt -> TrackingCookie.Overture : Cleaned.
C:\Documents and Settings\Tribe\Cookies\tribe@ads.pointroll[1].txt -> TrackingCookie.Pointroll : Cleaned.
C:\Documents and Settings\Tribe\Cookies\tribe@questionmarket[1].txt -> TrackingCookie.Questionmarket : Cleaned.
C:\Documents and Settings\Tribe\Cookies\tribe@revenue[1].txt -> TrackingCookie.Revenue : Cleaned.
C:\Documents and Settings\Tribe\Cookies\tribe@bs.serving-sys[2].txt -> TrackingCookie.Serving-sys : Cleaned.
C:\Documents and Settings\Tribe\Cookies\tribe@serving-sys[1].txt -> TrackingCookie.Serving-sys : Cleaned.
C:\Documents and Settings\Tribe\Cookies\tribe@statcounter[2].txt -> TrackingCookie.Statcounter : Cleaned.
C:\Documents and Settings\Tribe\Cookies\tribe@tacoda[1].txt -> TrackingCookie.Tacoda : Cleaned.
C:\Documents and Settings\Tribe\Cookies\tribe@trafficmp[2].txt -> TrackingCookie.Trafficmp : Cleaned.
C:\Documents and Settings\Tribe\Cookies\tribe@tribalfusion[1].txt -> TrackingCookie.Tribalfusion : Cleaned.
C:\Documents and Settings\Tribe\Cookies\tribe@statse.webtrendslive[2].txt -> TrackingCookie.Webtrendslive : Cleaned.
C:\Documents and Settings\Tribe\Cookies\tribe@ad.yieldmanager[2].txt -> TrackingCookie.Yieldmanager : Cleaned.
C:\Documents and Settings\Tribe\Cookies\tribe@c5.zedo[2].txt -> TrackingCookie.Zedo : Cleaned.
C:\Documents and Settings\Tribe\Cookies\tribe@zedo[2].txt -> TrackingCookie.Zedo : Cleaned.

moonrider

C:\WINDOWS\system32\system.exe -> Trojan.Agent.iu : Cleaned with backup (quarantined).
C:\TODAYNEWKG\TODAYNEWKG.DLL -> Trojan.Delf.ph : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{1130D512-7824-40F5-8B4C-35F4E602F828}\RP105\A0118512.dll -> Trojan.Delf.pi : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{1130D512-7824-40F5-8B4C-35F4E602F828}\RP87\A0095365.dll -> Trojan.Delf.pi : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{1130D512-7824-40F5-8B4C-35F4E602F828}\RP88\A0095878.dll -> Trojan.Delf.pi : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{1130D512-7824-40F5-8B4C-35F4E602F828}\RP89\A0096826.dll -> Trojan.Delf.pi : Cleaned with backup (quarantined).
C:\Documents and Settings\DMC\Local Settings\Temp\ad001.exe -> Trojan.Gamania.fw : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{1130D512-7824-40F5-8B4C-35F4E602F828}\RP105\A0118511.dll -> Trojan.Gamania.fw : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{1130D512-7824-40F5-8B4C-35F4E602F828}\RP87\A0095314.dll -> Trojan.Gamania.fw : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{1130D512-7824-40F5-8B4C-35F4E602F828}\RP87\A0095315.exe -> Trojan.Gamania.fw : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{1130D512-7824-40F5-8B4C-35F4E602F828}\RP88\A0095405.dll -> Trojan.Gamania.fw : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{1130D512-7824-40F5-8B4C-35F4E602F828}\RP88\A0095406.exe -> Trojan.Gamania.fw : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{1130D512-7824-40F5-8B4C-35F4E602F828}\RP89\A0096321.dll -> Trojan.Gamania.fw : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{1130D512-7824-40F5-8B4C-35F4E602F828}\RP89\A0096322.exe -> Trojan.Gamania.fw : Cleaned with backup (quarantined).
C:\Documents and Settings\Tribe\Local Settings\Temp\Dns.Exe -> Trojan.Qhost.he : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{1130D512-7824-40F5-8B4C-35F4E602F828}\RP102\A0112020.dll -> Trojan.QQRob.hc : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{1130D512-7824-40F5-8B4C-35F4E602F828}\RP102\A0113020.dll -> Trojan.QQRob.hc : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{1130D512-7824-40F5-8B4C-35F4E602F828}\RP102\A0113074.dll -> Trojan.QQRob.hc : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{1130D512-7824-40F5-8B4C-35F4E602F828}\RP103\A0113116.dll -> Trojan.QQRob.hc : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{1130D512-7824-40F5-8B4C-35F4E602F828}\RP103\A0113140.dll -> Trojan.QQRob.hc : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{1130D512-7824-40F5-8B4C-35F4E602F828}\RP103\A0113169.dll -> Trojan.QQRob.hc : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{1130D512-7824-40F5-8B4C-35F4E602F828}\RP103\A0114169.dll -> Trojan.QQRob.hc : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{1130D512-7824-40F5-8B4C-35F4E602F828}\RP103\A0114222.dll -> Trojan.QQRob.hc : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{1130D512-7824-40F5-8B4C-35F4E602F828}\RP104\A0115222.dll -> Trojan.QQRob.hc : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{1130D512-7824-40F5-8B4C-35F4E602F828}\RP104\A0115268.dll -> Trojan.QQRob.hc : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{1130D512-7824-40F5-8B4C-35F4E602F828}\RP104\A0115292.dll -> Trojan.QQRob.hc : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{1130D512-7824-40F5-8B4C-35F4E602F828}\RP104\A0116292.dll -> Trojan.QQRob.hc : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{1130D512-7824-40F5-8B4C-35F4E602F828}\RP104\A0117291.dll -> Trojan.QQRob.hc : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{1130D512-7824-40F5-8B4C-35F4E602F828}\RP105\A0117342.dll -> Trojan.QQRob.hc : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{1130D512-7824-40F5-8B4C-35F4E602F828}\RP105\A0117368.dll -> Trojan.QQRob.hc : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{1130D512-7824-40F5-8B4C-35F4E602F828}\RP105\A0118367.dll -> Trojan.QQRob.hc : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{1130D512-7824-40F5-8B4C-35F4E602F828}\RP105\A0118388.dll -> Trojan.QQRob.hc : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{1130D512-7824-40F5-8B4C-35F4E602F828}\RP105\A0118439.dll -> Trojan.QQRob.hc : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{1130D512-7824-40F5-8B4C-35F4E602F828}\RP105\A0118473.dll -> Trojan.QQRob.hc : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{1130D512-7824-40F5-8B4C-35F4E602F828}\RP105\A0118524.dll -> Trojan.QQRob.hc : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{1130D512-7824-40F5-8B4C-35F4E602F828}\RP105\A0119525.dll -> Trojan.QQRob.hc : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{1130D512-7824-40F5-8B4C-35F4E602F828}\RP106\A0119557.dll -> Trojan.QQRob.hc : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{1130D512-7824-40F5-8B4C-35F4E602F828}\RP106\A0119588.dll -> Trojan.QQRob.hc : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{1130D512-7824-40F5-8B4C-35F4E602F828}\RP106\A0119623.dll -> Trojan.QQRob.hc : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{1130D512-7824-40F5-8B4C-35F4E602F828}\RP106\A0120622.dll -> Trojan.QQRob.hc : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{1130D512-7824-40F5-8B4C-35F4E602F828}\RP106\A0122171.dll -> Trojan.QQRob.hc : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{1130D512-7824-40F5-8B4C-35F4E602F828}\RP107\A0123222.dll -> Trojan.QQRob.hc : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{1130D512-7824-40F5-8B4C-35F4E602F828}\RP107\A0123278.dll -> Trojan.QQRob.hc : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{1130D512-7824-40F5-8B4C-35F4E602F828}\RP108\A0123373.dll -> Trojan.QQRob.hc : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{1130D512-7824-40F5-8B4C-35F4E602F828}\RP109\A0123474.dll -> Trojan.QQRob.hc : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{1130D512-7824-40F5-8B4C-35F4E602F828}\RP109\A0124475.dll -> Trojan.QQRob.hc : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{1130D512-7824-40F5-8B4C-35F4E602F828}\RP109\A0124492.dll -> Trojan.QQRob.hc : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{1130D512-7824-40F5-8B4C-35F4E602F828}\RP109\A0125492.dll -> Trojan.QQRob.hc : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{1130D512-7824-40F5-8B4C-35F4E602F828}\RP109\A0126493.dll -> Trojan.QQRob.hc : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{1130D512-7824-40F5-8B4C-35F4E602F828}\RP109\A0127493.dll -> Trojan.QQRob.hc : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{1130D512-7824-40F5-8B4C-35F4E602F828}\RP109\A0128493.dll -> Trojan.QQRob.hc : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{1130D512-7824-40F5-8B4C-35F4E602F828}\RP109\A0129492.dll -> Trojan.QQRob.hc : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{1130D512-7824-40F5-8B4C-35F4E602F828}\RP109\A0130493.dll -> Trojan.QQRob.hc : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{1130D512-7824-40F5-8B4C-35F4E602F828}\RP109\A0133493.dll -> Trojan.QQRob.hc : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{1130D512-7824-40F5-8B4C-35F4E602F828}\RP82\A0091134.sys -> Trojan.Small.kj : Cleaned with backup (quarantined).
C:\Program Files\ESET\infected\SQOMMRBA.NQF -> Trojan.WOW.hx : Cleaned with backup (quarantined).
C:\Program Files\ESET\infected\ZQB4UIAA.NQF -> Trojan.WOW.hx : Cleaned with backup (quarantined).

::Report end

moonrider

Logfile of HijackThis v1.99.1
Scan saved at 14:46:12, on 4/11/2006
Platform: Windows XP  (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Ahead\InCD\InCDsrv.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\Rundll32.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\Eset\nod32krn.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\wdfmgr.exe
C:\Program Files\ATI Technologies\ATI.ACE\CLI.EXE
C:\Program Files\Eset\nod32kui.exe
C:\Program Files\DAEMON Tools\daemon.exe
C:\Program Files\CyberLink DVD Solution\PowerDVD\PDVDServ.exe
C:\Program Files\Ahead\InCD\InCD.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\Common Files\PCSuite\DataLayer\DataLayer.exe
C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe
C:\PROGRA~1\COMMON~1\PCSuite\Services\SERVIC~1.EXE
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\WINDOWS\System32\ctfmon.exe
c:\progra~1\intern~1\iexplore.exe
C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe
C:\PROGRA~1\COMMON~1\Nokia\MPAPI\MPAPI3s.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\System32\devldr32.exe
C:\Program Files\HijackThis\HijackThis.exe
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: Thunder Browser Helper - {889D2FEB-5411-4565-8998-1DD2C5261283} - C:\Program Files\Thunder Network\Thunder\ComDlls\XunLeiBHO_002.dll
O2 - BHO: IE - {D157330A-9EF3-49F8-9A67-4141AC41ADD4} - C:\WINDOWS\DOWNLO~1\CnsHook.dll
O3 - Toolbar: 收音機(&R) - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [IMJPMIG8.1] C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [Thunder] "C:\Program Files\Thunder Network\Thunder\Thunder.exe" /s
O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\CLIStart.exe"
O4 - HKLM\..\Run: [nod32kui] "C:\Program Files\Eset\nod32kui.exe" /WAITSERVICE
O4 - HKLM\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink DVD Solution\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [InCD] C:\Program Files\Ahead\InCD\InCD.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [LGODDFU] "C:\Program Files\lg_fwupdate\fwupdate.exe"
O4 - HKLM\..\Run: [CnsMin] Rundll32.exe C:\WINDOWS\DOWNLO~1\CnsMin.dll,Rundll32
O4 - HKLM\..\Run: [RivaTunerStartupDaemon] "C:\Program Files\RivaTuner\RivaTuner.exe" /S
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [NetPumper] "C:\Program Files\NetPumper\NetPumperIEProxy.exe"
O4 - HKLM\..\Run: [DataLayer] C:\Program Files\Common Files\PCSuite\DataLayer\DataLayer.exe
O4 - HKLM\..\Run: [PCSuiteTrayApplication] C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe -onlytray
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKLM\..\Run: [helper.dll] C:\WINDOWS\system32\rundll32.exe C:\PROGRA~1\3721\helper.dll,Rundll32
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\System32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [foxy] "C:\Program Files\Foxy\Foxy.exe" -tray
O4 - HKCU\..\Run: [BLAH BYTE] C:\DOCUME~1\Tribe\APPLIC~1\ATOMID~1\WINDOWENC.exe
O4 - HKCU\..\Run: [PcSync] C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog
O8 - Extra context menu item: &使用迅雷下載 - C:\Program Files\Thunder Network\Thunder\Program\GetUrl.htm
O8 - Extra context menu item: &使用迅雷下載全部鏈接 - C:\Program Files\Thunder Network\Thunder\Program\GetAllUrl.htm
O8 - Extra context menu item: Download with NetPumper - C:\Program Files\NetPumper\AddUrl.htm
O8 - Extra context menu item: Foxy 下載 - res://C:\Program Files\Foxy\Foxy.exe/download.htm
O8 - Extra context menu item: Foxy 搜尋 - res://C:\Program Files\Foxy\Foxy.exe/search.htm
O8 - Extra context menu item: 匯出至 Microsoft Excel(&X) - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: Yahoo 1G電郵 - {507F9113-CD77-4866-BA92-0E86DA3D0B97} - http://cn.zs.yahoo.com/cnsbutton.htm?source=cns&btn=yahoomail (file missing)
O9 - Extra button: 尋寶樂趣多 - {59BC54A2-56B3-44a0-93E5-432D58746E26} - http://adtaobao.allyes.com/main/adfclick?db=adtaobao&bid=138,140,18&cid=816,8,1&sid=5042&show=ignore&url=http://www.taobao.com/vertical/mall/pro.php?allyesPara=816 (file missing)
O9 - Extra button: 雅虎助手 - {5D73EE86-05F1-49ed-B850-E423120EC338} - http://cn.zs.yahoo.com/cnsbutton.htm?source=cns&btn=yassist (file missing)
O9 - Extra button: (no name) - {6354ABE6-05F1-49ed-B850-E423120EC338} - http://cn.widget.yahoo.com/index.htm?source=Cns (file missing)
O9 - Extra button: 情景聊天 - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - http://cn.zs.yahoo.com/cnsbutton.htm?source=cns&btn=yahoomsg (file missing)
O9 - Extra button: (no name) - {ECF2E268-F28C-48d2-9AB7-8F69C11CCB71} - http://cn.zs.yahoo.com/cnsbutton.htm?source=cns&btn=repair (file missing)
O9 - Extra 'Tools' menuitem: 修復瀏覽器 - {ECF2E268-F28C-48d2-9AB7-8F69C11CCB71} - http://cn.zs.yahoo.com/cnsbutton.htm?source=cns&btn=repair (file missing)
O9 - Extra button: (no name) - {FD00D911-7529-4084-9946-A29F1BDF4FE5} - http://cn.zs.yahoo.com/cnsbutton.htm?source=cns&btn=clean (file missing)
O9 - Extra 'Tools' menuitem: 清理上網記錄 - {FD00D911-7529-4084-9946-A29F1BDF4FE5} - http://cn.zs.yahoo.com/cnsbutton.htm?source=cns&btn=clean (file missing)
O11 - Options group: [!CNS]  網絡實名
O17 - HKLM\System\CCS\Services\Tcpip\..\{D16A4056-8C67-42C8-ABC2-B50780F84DBE}: NameServer = 205.252.144.126 218.102.62.71
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: InCD Helper (InCDsrv) - Nero AG - C:\Program Files\Ahead\InCD\InCDsrv.exe
O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset  - C:\Program Files\Eset\nod32krn.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\HPZipm12.exe

uhthn2002

刪除 C:\Program Files\AVG Anti-Spyware\Quarantine 內所有檔案

關閉瀏覽器,開啟HijackThis 按do a system scan only勾選以下內容:
O2 - BHO: IE - {D157330A-9EF3-49F8-9A67-4141AC41ADD4} - C:\WINDOWS\DOWNLO~1\CnsHook.dll
O4 - HKLM\..\Run: [LGODDFU] "C:\Program Files\lg_fwupdate\fwupdate.exe"
O4 - HKLM\..\Run: [CnsMin] Rundll32.exe C:\WINDOWS\DOWNLO~1\CnsMin.dll,Rundll32
O4 - HKLM\..\Run: [helper.dll] C:\WINDOWS\system32\rundll32.exe C:\PROGRA~1\3721\helper.dll,Rundll32
O9 - Extra button: Yahoo 1G電郵 - {507F9113-CD77-4866-BA92-0E86DA3D0B97} - http://cn.zs.yahoo.com/cnsbutton.htm?source=cns&btn=yahoomail (file missing)
O9 - Extra button: 尋寶樂趣多 - {59BC54A2-56B3-44a0-93E5-432D58746E26} - http://adtaobao.allyes.com/main/adfclick?db=adtaobao&bid=138,140,18&cid=816,8,1&sid=5042&show=ignore&url=http://www.taobao.com/vertical/mall/pro.php?allyesPara=816 (file missing)
O9 - Extra button: 雅虎助手 - {5D73EE86-05F1-49ed-B850-E423120EC338} - http://cn.zs.yahoo.com/cnsbutton.htm?source=cns&btn=yassist (file missing)
O9 - Extra button: (no name) - {6354ABE6-05F1-49ed-B850-E423120EC338} - http://cn.widget.yahoo.com/index.htm?source=Cns (file missing)
O9 - Extra button: 情景聊天 - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - http://cn.zs.yahoo.com/cnsbutton.htm?source=cns&btn=yahoomsg (file missing)
O9 - Extra button: (no name) - {ECF2E268-F28C-48d2-9AB7-8F69C11CCB71} - http://cn.zs.yahoo.com/cnsbutton.htm?source=cns&btn=repair (file missing)
O9 - Extra 'Tools' menuitem: 修復瀏覽器 - {ECF2E268-F28C-48d2-9AB7-8F69C11CCB71} - http://cn.zs.yahoo.com/cnsbutton.htm?source=cns&btn=repair (file missing)
O9 - Extra button: (no name) - {FD00D911-7529-4084-9946-A29F1BDF4FE5} - http://cn.zs.yahoo.com/cnsbutton.htm?source=cns&btn=clean (file missing)
O9 - Extra 'Tools' menuitem: 清理上網記錄 - {FD00D911-7529-4084-9946-A29F1BDF4FE5} - http://cn.zs.yahoo.com/cnsbutton.htm?source=cns&btn=clean (file missing)
O11 - Options group: [!CNS]  網絡實名

按 fix checked
--------------------------------------------
之後應該ok 的了

moonrider

完成了,真係十分感謝你既幫忙呀,
唔該曬^^
你真係好俾心機去回答我地呀

annielau1981

Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\System32\svchost.exe
C:\WINNT\system32\spoolsv.exe
C:\WINNT\System32\BoBoTurbo\BoBoTurbo.exe
C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
C:\Program Files\Nakido\nakido.exe
C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
C:\WINNT\System32\usbcamb.exe
C:\WINNT\avp.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\WINNT\SOUNDMAN.EXE
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
C:\PROGRA~1\MYWEBS~1\bar\1.bin\mwsoemon.exe
C:\Program Files\DAEMON Tools\daemon.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Tuotu\Tuotu.exe
C:\Program Files\KWorld Multimedia\PVR Plus\TVR\Scheduled.exe
C:\Documents and Settings\Administrator\winhost.exe
C:\WINNT\System32\Tilecomfree.com
C:\WINNT\explorer.exe
C:\WINNT\System32\conime.exe
C:\Downloads\hijackthis\HijackThis.exe

R3 - URLSearchHook: (no name) - {00A6FAF6-072E-44cf-8957-5838F569A31D} - C:\Program Files\MyWebSearch\SrchAstt\1.bin\MWSSRCAS.DLL
O2 - BHO: MyWebSearch Search Assistant BHO - {00A6FAF1-072E-44cf-8957-5838F569A31D} - C:\Program Files\MyWebSearch\SrchAstt\1.bin\MWSSRCAS.DLL
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: mwsBar BHO - {07B18EA1-A523-4961-B6BB-170DE4475CCA} - C:\Program Files\MyWebSearch\bar\1.bin\MWSBAR.DLL
O2 - BHO: TuoTuHelper.LDown - {0BECAB3A-E1F8-45E6-8332-38DD750EBA01} - C:\Program Files\Tuotu\TuoTuHelper.dll
O2 - BHO: BitComet ClickCapture - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - C:\Program Files\BitComet\tools\BitCometBHO_1.1.7.4.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINNT\System32\msdxm.ocx
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll
O4 - HKLM\..\Run: [SiSPower] Rundll32.exe SiSPower.dll,ModeAgent
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINNT\system32\NeroCheck.exe
O4 - HKLM\..\Run: [Easy-PrintToolBox] C:\Program Files\Canon\Easy-PrintToolBox\BJPSMAIN.EXE /logon
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [Symantec PIF AlertEng] "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /a /m "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\AlertEng.dll"
O4 - HKLM\..\Run: [NVDispDrv] C:\WINNT\NVDispDrv.exe
O4 - HKLM\..\Run: [MsIMMs32] C:\WINNT\MsIMMs32.exe
O4 - HKLM\..\Run: [DbgHlp32] C:\WINNT\DbgHlp32.exe
O4 - HKLM\..\Run: [cmdbcs] C:\WINNT\cmdbcs.exe
O4 - HKLM\..\Run: [msccrt] C:\WINNT\msccrt.exe
O4 - HKLM\..\Run: [My Web Search Bar] rundll32 C:\PROGRA~1\MYWEBS~1\bar\1.bin\MWSBAR.DLL,S
O4 - HKLM\..\Run: [MyWebSearch Email Plugin] C:\PROGRA~1\MYWEBS~1\bar\1.bin\mwsoemon.exe
O4 - HKLM\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033
O4 - HKLM\..\Run: [Tuotu] C:\Program Files\Tuotu\Tuotu.exe /m
O4 - HKLM\..\Run: [PVR Agent] C:\Program Files\KWorld Multimedia\PVR Plus\TVR\Scheduled.exe
O4 - HKLM\..\Run: [Windows Explorer] C:\WINNT\System32\explorer.exe
O4 - HKLM\..\Run: [Advanced DHTML Enable] C:\Documents and Settings\Administrator\winhost.exe
O4 - HKLM\..\Run: [TileFree] Tilecomfree.com
O4 - HKLM\..\Run: [Local Security Authority Service] C:\WINNT\System32\lssas.exe
O4 - HKLM\..\Run: [Winamp Agent] C:\WINNT\System32\winamp.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe"  -osboot
O4 - HKLM\..\Run: [Windows Logon Application] C:\WINNT\System32\winIogon.exe
O4 - HKLM\..\Run: [Spooler SubSystem App] C:\WINNT\System32\spooIsv.exe
O4 - HKLM\..\RunServices: [TileFree] Tilecomfree.com
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINNT\System32\ctfmon.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\wcescomm.exe"
O4 - HKCU\..\Run: [MyWebSearch Email Plugin] C:\PROGRA~1\MYWEBS~1\bar\1.bin\mwsoemon.exe
O4 - HKCU\..\Run: [eMuleAutoStart] C:\Program Files\eMule\emule.exe -AutoStart
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: Remote Control.lnk = C:\Program Files\KWorld Multimedia\PVR-TV 7131 Utilities\P3XRCtl.exe
O4 - Global Startup: Utility Tray.lnk = C:\WINNT\system32\sistray.exe
O8 - Extra context menu item: &D&ownload &with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddLink.htm
O8 - Extra context menu item: &D&ownload all video with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddVideo.htm
O8 - Extra context menu item: &D&ownload all with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddAllLink.htm
O8 - Extra context menu item: &Search - http://edits.mywebsearch.com/too ... html?p=ZKxdm022YYHK
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Easy-WebPrint Add To Print List - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_AddToList.html
O8 - Extra context menu item: Easy-WebPrint High Speed Print - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_HSPrint.html
O8 - Extra context menu item: Easy-WebPrint Preview - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Preview.html
O8 - Extra context menu item: Easy-WebPrint Print - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Print.html
O8 - Extra context menu item: 妏蚚迕芤狟婥 - C:\Program Files\Tuotu\TT_one.htm
O8 - Extra context menu item: 妏蚚迕芤狟婥窒蟈諉 - C:\Program Files\Tuotu\TT_all.htm
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~2\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~2\INetRepl.dll
O9 - Extra 'Tools' menuitem: ?O￥s|a°E3I·R... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~2\INetRepl.dll
O9 - Extra button: BitComet Search - {461CC20B-FB6E-4f16-8FE8-C29359DB100E} - C:\Program Files\BitComet\tools\BitCometBHO_1.1.7.4.dll
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINNT\web\related.htm
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINNT\web\related.htm

annielau1981

O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} - http://ak.exe.imgfarm.com/images ... Setup1.0.0.15-3.cab
O16 - DPF: {3AC7F64E-6154-47B0-82B5-764ED4077F77} (DataStorage Class) - http://txn02.hkjc.com/BetSlip/object/eWinCtl.cab
O16 - DPF: {5C6698D9-7BE4-4122-8EC5-291D84DBD4A0} (Facebook Photo Uploader 4 Control) - http://upload.facebook.com/controls/FacebookPhotoUploader3.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/ ... e.cab?1204043206625
O16 - DPF: {8DE6AB9C-8C62-486B-8C06-5C9AD6FD06F1} (DataStore Class) - http://txn01.hkjc.com/BetSlip/object/eWinCtl.cab
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O20 - AppInit_DLLs: UFO.dll
O23 - Service: BoBoTurbo - ?州易播信息科技有限公司 - C:\WINNT\System32\BoBoTurbo\BoBoTurbo.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe" /h ccCommon (file missing)
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: LiveUpdate Notice Service Ex (LiveUpdate Notice Ex) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe" /h ccCommon (file missing)
O23 - Service: LiveUpdate Notice Service - Unknown owner - C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /m "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PifEng.dll (file missing)
O23 - Service: Nakido - Nakido - C:\Program Files\Nakido\nakido.exe
O23 - Service: StarWind iSCSI Service (StarWindService) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
O23 - Service: usbcaml - Unknown owner - C:\WINNT\System32\usbcamb.exe
O23 - Service: Audio Adapter (VGADown) - Unknown owner - C:\WINNT\avp.exe
O23 - Service: |U°E LiveUpdate ±Aμ{?1 (自動 LiveUpdate 排程器) - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe