求助 - 不乖的電腦自動寄信

[cara551977]

--------------------
閱讀本主題的最佳解答
--------------------


電腦又不乖囉
自動寄信

幫我看看哪邊的問題
哪邊需要處理
謝謝囉
-------------------------------------------------
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 下午 01:02:16, on 2009/1/14
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\htpatch.exe
C:\WINDOWS\system32\sistray.EXE
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Ahead\lib\NMBgMonitor.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\Windows Live\Messenger\usnsvc.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\user\Local Settings\Temporary Internet Files\Content.IE5\QVEBQ5AV\HiJackThis[1].exe

O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live 登入小幫手 - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O4 - HKLM\..\Run: [HTpatch] C:\WINDOWS\htpatch.exe
O4 - HKLM\..\Run: [SiS Tray] C:\WINDOWS\system32\sistray.EXE
O4 - HKLM\..\Run: [SiS KHooker] C:\WINDOWS\system32\khooker.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\System32\NeroCheck.exe
O4 - HKLM\..\Run: [CJIMETIPSYNC] C:\Program Files\Common Files\Microsoft Shared\IME\IMTC65\CHANGJIE\CINTLCFG.EXE /CJIMETIPSync
O4 - HKLM\..\Run: [PHIMETIPSYNC] C:\Program Files\Common Files\Microsoft Shared\IME\IMTC65\PHONETIC\TINTLCFG.EXE /PHIMETIPSync
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [foxy] "C:\Program Files\Foxy\Foxy.exe" -tray
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [Messenger (Yahoo!)] "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet
O4 - HKCU\..\Run: [YDownloader] "C:\Program Files\Yahoo!\YDownloader\YDownloader.exe"
O4 - HKUS\S-1-5-19\..\Run: [ctfmon.exe] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [ctfmon.exe] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [ctfmon.exe] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [ctfmon.exe] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O8 - Extra context menu item: Foxy 下載 - res://C:\Program Files\Foxy\Foxy.exe/download.htm
O8 - Extra context menu item: Foxy 搜尋 - res://C:\Program Files\Foxy\Foxy.exe/search.htm
O8 - Extra context menu item: 匯出至 Microsoft Office Excel(&X) - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: 參考資料 - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O17 - HKLM\System\CCS\Services\Tcpip\..\{1B04F1E4-7CC7-4B74-853F-175FEED0BDCF}: NameServer = 168.95.1.1,168.95.192.1
O17 - HKLM\System\CCS\Services\Tcpip\..\{395E3703-E745-4D1D-AE7D-C060B36E730F}: NameServer = 168.95.192.1 168.95.1.1
O17 - HKLM\System\CS1\Services\Tcpip\..\{1B04F1E4-7CC7-4B74-853F-175FEED0BDCF}: NameServer = 168.95.1.1,168.95.192.1
O17 - HKLM\System\CS2\Services\Tcpip\..\{1B04F1E4-7CC7-4B74-853F-175FEED0BDCF}: NameServer = 168.95.1.1,168.95.192.1
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe

--
End of file - 5090 bytes

[GaMNiA]

你的LOG檔看起來正常，自動寄信是指什麼？MSN ? Yahoo! Messenger？Outlook Express？

[cara551977]

引用:

作者: GaMNiA

你的LOG檔看起來正常，自動寄信是指什麼？MSN ? Yahoo! Messenger？Outlook Express？

謝謝
MSN.......................

很正常可是不乖
那該如何處理?

[GaMNiA]

你先去改MSN密碼試試看，也許是MSN帳號密碼被盜用了...

如果還是不行的話，用 SREng (System Repair Engineer) 掃描一下，
然後把LOG檔貼上來，(SREng分析範圍比較廣，我可能無法完全看得懂，但是盡量幫忙看看)
http://www.kztechs.com/sreng/download.html

[cara551977]

[code]

2009-01-15,13:43:58

System Repair Engineer 2.7.0.1210
Smallfrogs (http://www.KZTechs.com)

Windows XP Professional Service Pack 3 (Build 2600) - 管理許可權用戶 - 完整功能

以下內容被選中：
所有的啟動項目（包括註冊表、開機檔案夾、服務等）
流覽器載入項
正在運行的進程（包括進程模組資訊）
文件關聯
Winsock 提供者
Autorun.inf
HOSTS 文件
進程特權掃描
計畫任務
API HOOK
隱藏進程


啟動專案
註冊表
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
<ctfmon.exe><C:\WINDOWS\system32\ctfmon.exe> [(Verified)Microsoft Windows Component Publisher]
<MsnMsgr><"C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background> [(Verified)Microsoft Corporation]
<foxy><"C:\Program Files\Foxy\Foxy.exe" -tray> [Foxy, Inc.]
<BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}><"C:\Program Files\Common Files\Ahead\lib\NMBgMonitor.exe"> [Nero AG]
<Messenger (Yahoo!)><"C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet> [(Verified)Yahoo! Inc.]
<YDownloader><"C:\Program Files\Yahoo!\YDownloader\YDownloader.exe"> []
[HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows]
<load><> [N/A]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
<HTpatch><C:\WINDOWS\htpatch.exe> []
<Adobe Reader Speed Launcher><"C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"> [(Verified)"Adobe Systems, Incorporated"]
<avast!><C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe> [(Verified)ALWIL Software]
<NeroFilterCheck><C:\WINDOWS\System32\NeroCheck.exe> [Ahead Software Gmbh]
<CJIMETIPSYNC><C:\Program Files\Common Files\Microsoft Shared\IME\IMTC65\CHANGJIE\CINTLCFG.EXE /CJIMETIPSync> [(Verified)Microsoft Corporation]
<PHIMETIPSYNC><C:\Program Files\Common Files\Microsoft Shared\IME\IMTC65\PHONETIC\TINTLCFG.EXE /PHIMETIPSync> [(Verified)Microsoft Corporation]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
<shell><Explorer.exe> [(Verified)Microsoft Windows Component Publisher]
<Userinit><C:\WINDOWS\system32\userinit.exe,> [(Verified)Microsoft Windows Component Publisher]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Windows]
<AppInit_DLLs><> [N/A]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
<UIHost><logonui.exe> [(Verified)Microsoft Windows Component Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
<{AEB6717E-7E19-11d0-97EE-00C04FD91972}><shell32.dll> [(Verified)Microsoft Windows Component Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
<PostBootReminder><%SystemRoot%\system32\SHELL32.dll> [(Verified)Microsoft Windows Component Publisher]
<CDBurn><%SystemRoot%\system32\SHELL32.dll> [(Verified)Microsoft Windows Component Publisher]
<WebCheck><%SystemRoot%\system32\webcheck.dll> [(Verified)Microsoft Windows Component Publisher]
<SysTray><C:\WINDOWS\system32\stobject.dll> [(Verified)Microsoft Windows Component Publisher]
<WPDShServiceObj><C:\WINDOWS\system32\WPDShServiceObj.dll> [(Verified)Microsoft Windows Component Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\crypt32chain]
<WinlogonNotify: crypt32chain><crypt32.dll> [(Verified)Microsoft Windows Component Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\cryptnet]
<WinlogonNotify: cryptnet><cryptnet.dll> [(Verified)Microsoft Windows Component Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\cscdll]
<WinlogonNotify: cscdll><cscdll.dll> [(Verified)Microsoft Windows Component Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\dimsntfy]
<WinlogonNotify: dimsntfy><%SystemRoot%\System32\dimsntfy.dll> [(Verified)Microsoft Windows Component Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ScCertProp]
<WinlogonNotify: ScCertProp><wlnotify.dll> [(Verified)Microsoft Windows Component Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\Schedule]
<WinlogonNotify: Schedule><wlnotify.dll> [(Verified)Microsoft Windows Component Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\sclgntfy]
<WinlogonNotify: sclgntfy><sclgntfy.dll> [(Verified)Microsoft Windows Component Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\SensLogn]
<WinlogonNotify: SensLogn><WlNotify.dll> [(Verified)Microsoft Windows Component Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\termsrv]
<WinlogonNotify: termsrv><wlnotify.dll> [(Verified)Microsoft Windows Component Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\wlballoon]
<WinlogonNotify: wlballoon><wlnotify.dll> [(Verified)Microsoft Windows Component Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler]
<{438755C2-A8BA-11D1-B96B-00A0C90312E1}><%SystemRoot%\system32\browseui.dll> [(Verified)Microsoft Windows Component Publisher]
<{8C7461EF-2B13-11d2-BE35-3078302C2030}><%SystemRoot%\system32\browseui.dll> [(Verified)Microsoft Windows Component Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\>{22d6f312-b0f6-11d0-94ab-0080c74c7e95}]
<Microsoft Windows Media Player><C:\WINDOWS\inf\unregmp2.exe /ShowWMP> [(Verified)Microsoft Windows Component Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\>{26923b43-4d38-484f-9b9e-de460746276c}]
<Internet Explorer><%systemroot%\system32\shmgrate.exe OCInstallUserConfigIE> [File is missing]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\>{60B49E34-C7CC-11D0-8953-00A0C90347FF}MICROS]
<自訂瀏覽器><RunDLL32 IEDKCS32.DLL,BrandIE4 SIGNUP> [(Verified)Microsoft Windows Component Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\>{881dd1c5-3dcf-431b-b061-f3f88e8be88a}]
<Outlook Express><%systemroot%\system32\shmgrate.exe OCInstallUserConfigOE> [File is missing]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{2C7339CF-2B09-4501-B3F3-F3508C9228ED}]
<Themes Setup><%SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll> [File is missing]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{44BBA840-CC51-11CF-AAFA-00AA00B6015C}]
<Microsoft Outlook Express 6><"%ProgramFiles%\Outlook Express\setup50.exe" /APP:OE /CALLER:WINNT /user /install> [File is missing]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{44BBA842-CC51-11CF-AAFA-00AA00B6015B}]
<NetMeeting 3.01><rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msnetmtg.inf,NetMtg.Install.PerUser.NT> [(Verified)Microsoft Windows Component Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{5945c046-1e7d-11d1-bc44-00c04fd912be}]
<Windows Messenger 4.7><rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msmsgs.inf,BLC.QuietInstall.PerUser> [(Verified)Microsoft Windows Component Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{6BF52A52-394A-11d3-B153-00C04F79FAA6}]
<Microsoft Windows Media Player><rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\wmp11.inf,PerUserStub> [(Verified)Microsoft Windows Component Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{7790769C-0471-11d2-AF11-00C04FA35D02}]
<Address Book 6><"%ProgramFiles%\Outlook Express\setup50.exe" /APP:WAB /CALLER:WINNT /user /install> [File is missing]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{89820200-ECBD-11cf-8B85-00AA005B4340}]
<Windows 桌面更新><regsvr32.exe /s /n /i:U shell32.dll> [(Verified)Microsoft Windows Component Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{89820200-ECBD-11cf-8B85-00AA005B4383}]
<Internet Explorer 6><%SystemRoot%\system32\ie4uinit.exe> [(Verified)Microsoft Windows Component Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{89B4C1CD-B018-4511-B0A1-5476DBF70820}]
<N/A><C:\WINDOWS\system32\Rundll32.exe C:\WINDOWS\system32\mscories.dll,Install> [(Verified)Microsoft Corporation]
[HKEY_CURRENT_USER\Control Panel\Desktop]
<SCRNSAVE.EXE><C:\WINDOWS\system32\logon.scr> [(Verified)Microsoft Windows Component Publisher]

==================================
開機檔案夾
[Yahoo! Widget Engine]
<C:\Documents and Settings\user\「開始」功能表\程式集\啟動\Yahoo! Widget Engine.lnk --> C:\PROGRA~1\Yahoo!\YAHOO!~1\YAHOOW~1.EXE [Yahoo! Inc.]><N>

==================================
服務
[avast! iAVS4 Control Service / aswUpdSv][Running/Auto Start]
<"C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe"><ALWIL Software>
[avast! Antivirus / avast! Antivirus][Running/Auto Start]
<"C:\Program Files\Alwil Software\Avast4\ashServ.exe"><ALWIL Software>
[avast! Mail Scanner / avast! Mail Scanner][Running/Manual Start]
<"C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service><ALWIL Software>
[avast! Web Scanner / avast! Web Scanner][Running/Manual Start]
<"C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service><ALWIL Software>
[Windows Presentation Foundation Font Cache 3.0.0.0 / FontCache3.0.0.0][Stopped/Manual Start]
<C:\WINDOWS\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe><Microsoft Corporation>
[Human Interface Device Access / HidServ][Stopped/Disabled]
<C:\WINDOWS\System32\svchost.exe -k netsvcs-->%SystemRoot%\System32\hidserv.dll><N/A>
[Windows CardSpace / idsvc][Stopped/Manual Start]
<"C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe"><Microsoft Corporation>
[Net.Tcp Port Sharing Service / NetTcpPortSharing][Stopped/Disabled]
<"C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe"><Microsoft Corporation>
[Windows Live Setup Service / WLSetupSvc][Stopped/Manual Start]
<"C:\Program Files\Windows Live\installer\WLSetupSvc.exe"><Microsoft Corporation>

==================================
驅動程式
[aeaudio / aeaudio][Running/Manual Start]
<system32\drivers\aeaudio.sys><Andrea Electronics Corporation>
[ahcix86 / ahcix86][Running/Boot Start]
<\SystemRoot\system32\drivers\ahci8086.sys><AMD Technologies Inc.>
[aswFsBlk / aswFsBlk][Running/Auto Start]
<system32\DRIVERS\aswFsBlk.sys><ALWIL Software>
[Intel RAID Controller / iaStor][Running/Boot Start]
<\SystemRoot\system32\drivers\iaStor7.sys><Intel Corporation>
[ITEATAPI_Service_Install / iteatapi][Running/Boot Start]
<\SystemRoot\system32\drivers\iteatapi.sys><Integrated Technology Express, Inc.>
[JRAID / JRAID][Running/Boot Start]
<\SystemRoot\system32\drivers\jraid.sys><JMicron Technology Corp.>
[m5228 / m5228][Running/Boot Start]
<\SystemRoot\system32\drivers\m5228.sys><ALi Corporation.>
[m5281 / m5281][Running/Boot Start]
<\SystemRoot\system32\drivers\m5281.sys><ALi Corporation>
[m5287 / m5287][Running/Boot Start]
<\SystemRoot\system32\drivers\m5287.sys><ULi Electronics Inc.>
[m5288 / m5288][Running/Boot Start]
<\SystemRoot\system32\drivers\m5288.sys><ULi Electronics Inc.>
[m5289 / m5289][Running/Boot Start]
<\SystemRoot\system32\drivers\m5289.sys><ULi Electronics Inc.>
[nv / nv][Stopped/Manual Start]
<system32\DRIVERS\nv4_mini.sys><NVIDIA Corporation>
[nvatabus / nvatabus][Running/Boot Start]
<\SystemRoot\system32\drivers\nvatabus.sys><NVIDIA Corporation>
[nvgts / nvgts][Running/Boot Start]
<\SystemRoot\system32\drivers\nvgts.sys><NVIDIA Corporation>
[NVIDIA nForce RAID Driver / nvrd32][Running/Boot Start]
<\SystemRoot\system32\drivers\nvrd32.sys><NVIDIA Corporation>
[Padus ASPI Shell / pfc][Running/Manual Start]
<system32\drivers\pfc.sys><Padus, Inc.>
[直接平行連接埠連結驅動程式 / Ptilink][Running/Manual Start]
<system32\DRIVERS\ptilink.sys><Parallel Technologies, Inc.>
[Realtek RTL8139(A/B/C)-based PCI Fast Ethernet Adapter NT Driver / rtl8139][Running/Manual Start]
<system32\DRIVERS\RTL8139.SYS><Realtek Semiconductor Corporation>
[Secdrv / Secdrv][Stopped/Manual Start]
<system32\DRIVERS\secdrv.sys><Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.>
[ATI-437A Serial ATA Controller / SI3112r][Running/Boot Start]
<\SystemRoot\system32\drivers\SI3112r.sys><Silicon Image, Inc>
[SATALink driver accelerator / SiFilter][Running/Boot Start]
<\SystemRoot\system32\drivers\SiWinAcc.sys><Silicon Image, Inc.>
[SiS315 / SiS315][Running/Manual Start]
<system32\DRIVERS\sisgrp.sys><Silicon Integrated Systems Corporation>
[SiS AGP Filter / sisagp][Running/Boot Start]
<\SystemRoot\system32\DRIVERS\SISAGPX.sys><Silicon Integrated Systems Corporation>
[SiSkp / SiSkp][Running/System Start]
<system32\drivers\srvkp.sys><N/A>
[SiS PCI Fast Ethernet Adapter Driver / SISNIC][Stopped/Manual Start]
<system32\DRIVERS\sisnic.sys><SiS Corporation>
[SiSRaid / SiSRaid][Running/Boot Start]
<\SystemRoot\system32\drivers\SiSRaid.sys><Silicon Integrated Systems>
[SiSRaid2 / SiSRaid2][Running/Boot Start]
<\SystemRoot\system32\drivers\SiSRaid2.sys><Silicon Integrated Systems Corp>
[SiSRaid4 / SiSRaid4][Running/Boot Start]
<\SystemRoot\system32\drivers\SiSRaid4.sys><Silicon Integrated Systems>
[smwdm / smwdm][Running/Manual Start]
<system32\drivers\smwdm.sys><Analog Devices, Inc.>
[TCP/IP Protocol Driver / Tcpip][Running/System Start]
<system32\DRIVERS\tcpip.sys><Microsoft Corporation>
[viamraid / viamraid][Stopped/Boot Start]
<\SystemRoot\system32\drivers\viamraid.sys><VIA Technologies inc,.ltd>
[vmscsi / vmscsi][Running/Boot Start]
<\SystemRoot\system32\drivers\vmscsi.sys><VMware, Inc.>

==================================
流覽器載入項
[Adobe PDF Reader Link Helper]
{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} <C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll, (Signed) Adobe Systems Incorporated>
[]
{7E853D72-626A-48EC-A868-BA8D5E23E045} <, >
[Windows Live 登入小幫手]
{9030D464-4C02-4ABF-8ECC-5164760863C6} <C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll, (Signed) Microsoft Corporation>
[Windows Live Toolbar Helper]
{BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} <C:\Program Files\Windows Live Toolbar\msntb.dll, (Signed) Microsoft Corporation>
[Windows Live Toolbar]
{BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} <C:\Program Files\Windows Live Toolbar\msntb.dll, (Signed) Microsoft Corporation>
[]
{8FFBE65D-2C9C-4669-84BD-5829DC0B603C} <, >
[Adobe PDF Reader Link Helper]
{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} <C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll, (Signed) Adobe Systems Incorporated>
[Web Browser Applet Control]
{08B0E5C0-4FCB-11CF-AAA5-00401C608501} <C:\WINDOWS\system32\msjava.dll, Microsoft Corporation>
[Windows Media Player]
{22D6F312-B0F6-11D0-94AB-0080C74C7E95} <C:\WINDOWS\system32\wmpdxm.dll, (Signed) Microsoft Corporation>
[]
{2423AB16-9F42-457B-A337-FE3B11964DB0} <, >
[]
{2EA6D939-4445-43F1-A12B-8CB3DDA8B855} <, >
[Ppd Control]
{2F2BA87D-385E-4922-B41C-06E190B06AA9} <C:\PROGRA~1\PPCONT~1\ppd.ocx, Bluesky Studio(http://www.bluesky.cn)>
[]
{3072B1F1-0C4D-4E76-A7C6-FBAF129DBCC9} <, >
[Shell Name Space]
{55136805-B2DE-11D1-B9F2-00A0C98BC547} <%SystemRoot%\system32\shdocvw.dll, (Signed) N/A>
[]
{5910C66C-F9BA-4306-8175-C098B7F0ED62} <, >
[PP Control]
{616DACC1-C5E6-4646-B36A-3FA4FC726BAD} <C:\PROGRA~1\PPCONT~1\ppc.ocx, Bluesky Studio (http://www.bluesky.cn)>
[Windows Media Player]
{6BF52A52-394A-11D3-B153-00C04F79FAA6} <C:\WINDOWS\system32\wmp.dll, (Signed) Microsoft Corporation>
[]
{7005341F-8E42-47E3-987B-3DBE6288048C} <, >
[]
{75B75D86-D88B-4BEA-BC59-BFD9D7300518} <, >
[Microsoft Web Browser]
{8856F961-340A-11D0-A96B-00C04FD705A2} <C:\WINDOWS\system32\shdocvw.dll, (Signed) Microsoft Corporation>
[]
{88734439-46D0-42C0-A13F-7E881EE550CF} <, >
[]
{92780B25-18CC-41C8-B9BE-3C9C571A8263} <, >
[]
{94EFE58C-E678-4808-AD65-24CE4B94C1FE} <, >
[]
{991481A7-4669-4e15-8C24-100404E1F5CB} <, >
[]
{A1D97DB3-E564-4743-B2E7-6F5182CBF406} <, >
[]
{A40335C4-D3D1-4E7B-9130-039CDA5B603C} <, >
[RMGetLicense Class]
{A9FC132B-096D-460B-B7D5-1DB0FAE0C062} <C:\WINDOWS\system32\msnetobj.dll, (Signed) Microsoft Corporation>
[]
{AA1561BF-D290-4060-919B-499849629205} <, >
[]
{AFB97F16-B7E8-4EB1-8133-FBD5AA2EBB3B} <, >
[SearchAssistantOC]
{B45FF030-4447-11D2-85DE-00C04FA35C89} <%SystemRoot%\system32\shdocvw.dll, (Signed) N/A>
[]
{BA0F088C-72C1-475a-92F8-42391DEF6961} <, >
[]
{C7B0C764-5D4E-433E-A854-591F28520577} <, >
[]
{CC20DDA1-9A21-4DEC-B5BE-E61E0351FCA9} <, >
[AUDIO__MID Moniker Class]
{CD3AFA74-B84F-48F0-9393-7EDC34128127} <C:\WINDOWS\system32\wmp.dll, (Signed) Microsoft Corporation>
[AUDIO__MP3 Moniker Class]
{CD3AFA76-B84F-48F0-9393-7EDC34128127} <C:\WINDOWS\system32\wmp.dll, (Signed) Microsoft Corporation>
[Shockwave Flash Object]
{D27CDB6E-AE6D-11CF-96B8-444553540000} <C:\WINDOWS\system32\Macromed\Flash\Flash9f.ocx, (Signed) Adobe Systems, Inc.>
[MessengerChecker Class]
{DA4F543C-C8A9-4E88-9A79-548CBB46F18F} <C:\Program Files\Yahoo!\Messenger\YPagerChecker.dll, (Signed) Yahoo! Inc.>
[]
{E2E2DD38-D088-4134-82B7-F2BA38496583} <, >
[ShakeGTW Control]
{F3ED645F-2426-4001-8756-596B4F1EBF1A} <C:\WINDOWS\system32\ShakeGTW.ocx, >
[Foxy 下載]
<res://C:\Program Files\Foxy\Foxy.exe/download.htm, N/A>
[Foxy 搜尋]
<res://C:\Program Files\Foxy\Foxy.exe/search.htm, N/A>

[cara551977]

==================================
正在運行的進程
[PID: 452 / SYSTEM][\SystemRoot\System32\smss.exe] [(Verified) Microsoft Corporation, 5.1.2600.5512 (xpsp.080413-2111)]
[PID: 508 / SYSTEM][\??\C:\WINDOWS\system32\csrss.exe] [(Verified) Microsoft Corporation, 5.1.2600.5512 (xpsp.080413-2111)]
[PID: 532 / SYSTEM][\??\C:\WINDOWS\system32\winlogon.exe] [(Verified) Microsoft Corporation, 5.1.2600.5512 (xpsp.080413-2113)]
[PID: 576 / SYSTEM][C:\WINDOWS\system32\services.exe] [(Verified) Microsoft Corporation, 5.1.2600.5512 (xpsp.080413-2111)]
[PID: 588 / SYSTEM][C:\WINDOWS\system32\lsass.exe] [(Verified) Microsoft Corporation, 5.1.2600.5512 (xpsp.080413-2113)]
[PID: 748 / SYSTEM][C:\WINDOWS\system32\svchost.exe] [(Verified) Microsoft Corporation, 5.1.2600.5512 (xpsp.080413-2111)]
[PID: 812 / NETWORK SERVICE][C:\WINDOWS\system32\svchost.exe] [(Verified) Microsoft Corporation, 5.1.2600.5512 (xpsp.080413-2111)]
[PID: 904 / SYSTEM][C:\WINDOWS\System32\svchost.exe] [(Verified) Microsoft Corporation, 5.1.2600.5512 (xpsp.080413-2111)]
[PID: 1056 / NETWORK SERVICE][C:\WINDOWS\system32\svchost.exe] [(Verified) Microsoft Corporation, 5.1.2600.5512 (xpsp.080413-2111)]
[PID: 1080 / LOCAL SERVICE][C:\WINDOWS\system32\svchost.exe] [(Verified) Microsoft Corporation, 5.1.2600.5512 (xpsp.080413-2111)]
[PID: 1204 / SYSTEM][C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe] [ALWIL Software, 4, 8, 1227, 0]
[C:\Program Files\Alwil Software\Avast4\aswCmnS.dll] [ALWIL Software, 4, 8, 1227, 0]
[C:\Program Files\Alwil Software\Avast4\aswCmnOS.dll] [ALWIL Software, 4, 8, 1227, 0]
[C:\WINDOWS\system32\MSVCP71.dll] [Microsoft Corporation, 7.10.3077.0]
[C:\WINDOWS\system32\MSVCR71.dll] [Microsoft Corporation, 7.10.3052.4]
[C:\Program Files\Alwil Software\Avast4\aswCmnB.dll] [ALWIL Software, 4, 8, 1227, 0]
[PID: 1308 / SYSTEM][C:\Program Files\Alwil Software\Avast4\ashServ.exe] [ALWIL Software, 4, 8, 1227, 0]
[C:\Program Files\Alwil Software\Avast4\aswAux.dll] [ALWIL Software, 4, 8, 1227, 0]
[C:\WINDOWS\system32\MSVCP71.dll] [Microsoft Corporation, 7.10.3077.0]
[C:\WINDOWS\system32\MSVCR71.dll] [Microsoft Corporation, 7.10.3052.4]
[C:\Program Files\Alwil Software\Avast4\aswCmnB.dll] [ALWIL Software, 4, 8, 1227, 0]
[C:\Program Files\Alwil Software\Avast4\aswCmnOS.dll] [ALWIL Software, 4, 8, 1227, 0]
[C:\Program Files\Alwil Software\Avast4\aswEngin.dll] [ALWIL Software, 4, 8, 1227, 0]
[C:\Program Files\Alwil Software\Avast4\aswScan.dll] [ALWIL Software, 4, 8, 1227, 0]
[C:\Program Files\Alwil Software\Avast4\aswCmnS.dll] [ALWIL Software, 4, 8, 1227, 0]
[C:\Program Files\Alwil Software\Avast4\ashBase.dll] [ALWIL Software, 4, 8, 1227, 0]
[C:\Program Files\Alwil Software\Avast4\ashTask.dll] [ALWIL Software, 4, 8, 1227, 0]
[C:\Program Files\Alwil Software\Avast4\aswInteg.dll] [ALWIL Software, 4, 8, 1227, 0]
[C:\Program Files\Alwil Software\Avast4\aswIdle.dll] [ALWIL Software, 4, 8, 1227, 0]
[C:\Program Files\Alwil Software\Avast4\Aavm4h.dll] [ALWIL Software, 4, 8, 1227, 0]
[C:\Program Files\Alwil Software\Avast4\AavmRpch.dll] [ALWIL Software, 4, 8, 1227, 0]
[C:\Program Files\Alwil Software\Avast4\ChineseT\Base.dll] [ALWIL Software, 4, 8, 1201, 0]
[C:\Program Files\Alwil Software\Avast4\AhResMai.dll] [ALWIL Software, 4, 8, 1227, 0]
[C:\Program Files\Alwil Software\Avast4\AhResStd.dll] [ALWIL Software, 4, 8, 1227, 0]
[C:\Program Files\Alwil Software\Avast4\AhResWS.dll] [ALWIL Software, 4, 8, 1227, 0]
[C:\Program Files\Alwil Software\Avast4\ashSSqlt.dll] [ALWIL Software, 4, 8, 1227, 0]
[C:\Program Files\Alwil Software\Avast4\aswRes.dll] [ALWIL Software, 4, 8, 1227, 0]
[C:\Program Files\Alwil Software\Avast4\Setup\SetIFace.dll] [N/A, ]
[PID: 1456 / user][C:\WINDOWS\Explorer.EXE] [(Verified) Microsoft Corporation, 6.00.2900.5512 (xpsp.080413-2105)]
[C:\Program Files\WinRAR\rarext.dll] [N/A, ]
[C:\Documents and Settings\user\Application Data\Foxy\LinkMaker.dll] [, 2, 0, 0, 0]
[C:\Program Files\Alwil Software\Avast4\ashShell.dll] [ALWIL Software, 4, 8, 1227, 0]
[C:\Program Files\Common Files\Ahead\lib\NeroDigitalExt.dll] [Nero AG, 2, 0, 0, 8]
[C:\Program Files\Common Files\Ahead\lib\MFC71.DLL] [Microsoft Corporation, 7.10.3077.0]
[C:\Program Files\Common Files\Ahead\lib\MSVCR71.dll] [Microsoft Corporation, 7.10.3052.4]
[C:\Program Files\Common Files\Ahead\lib\MSVCP71.dll] [Microsoft Corporation, 7.10.3077.0]
[C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\PDFShell.dll] [Adobe Systems, Inc., 8.1.0.0]
[C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\PDFShell.CHT] [Adobe Systems, Inc., 8.0.0.0]
[PID: 1580 / user][C:\WINDOWS\htpatch.exe] [N/A, ]
[C:\WINDOWS\WINIO.dll] [http://www.internals.com, 2.0]
[PID: 1672 / user][C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe] [ALWIL Software, 4, 8, 1227, 0]
[C:\PROGRA~1\ALWILS~1\Avast4\aswCmnOS.dll] [ALWIL Software, 4, 8, 1227, 0]
[C:\WINDOWS\system32\MSVCP71.dll] [Microsoft Corporation, 7.10.3077.0]
[C:\WINDOWS\system32\MSVCR71.dll] [Microsoft Corporation, 7.10.3052.4]
[C:\PROGRA~1\ALWILS~1\Avast4\ashBase.dll] [ALWIL Software, 4, 8, 1227, 0]
[C:\PROGRA~1\ALWILS~1\Avast4\aswCmnB.dll] [ALWIL Software, 4, 8, 1227, 0]
[C:\PROGRA~1\ALWILS~1\Avast4\aswCmnS.dll] [ALWIL Software, 4, 8, 1227, 0]
[C:\PROGRA~1\ALWILS~1\Avast4\ashTask.dll] [ALWIL Software, 4, 8, 1227, 0]
[C:\PROGRA~1\ALWILS~1\Avast4\aswAux.dll] [ALWIL Software, 4, 8, 1227, 0]
[C:\PROGRA~1\ALWILS~1\Avast4\Aavm4h.dll] [ALWIL Software, 4, 8, 1227, 0]
[C:\PROGRA~1\ALWILS~1\Avast4\AavmRpch.dll] [ALWIL Software, 4, 8, 1227, 0]
[C:\Program Files\Alwil Software\Avast4\ChineseT\Base.dll] [ALWIL Software, 4, 8, 1201, 0]
[C:\Program Files\Alwil Software\Avast4\ChineseT\Lang.dll] [ALWIL Software, 4, 8, 1201, 0]
[C:\WINDOWS\system32\MFC71.DLL] [Microsoft Corporation, 7.10.3077.0]
[c:\program files\alwil software\avast4\ahruimai.dll] [ALWIL Software, 4, 8, 1227, 0]
[C:\PROGRA~1\ALWILS~1\Avast4\ashUInt.dll] [ALWIL Software, 4, 8, 1227, 0]
[C:\PROGRA~1\ALWILS~1\Avast4\XT1922.dll] [Codejock Software, 1, 9, 4, 0]
[c:\program files\alwil software\avast4\ahruistd.dll] [ALWIL Software, 4, 8, 1227, 0]
[c:\program files\alwil software\avast4\ahruiws.dll] [ALWIL Software, 4, 8, 1227, 0]
[PID: 1764 / user][C:\WINDOWS\system32\ctfmon.exe] [(Verified) Microsoft Corporation, 5.1.2600.5512 (xpsp.080413-2105)]
[PID: 1788 / user][C:\Program Files\Common Files\Ahead\lib\NMBgMonitor.exe] [Nero AG, 1, 0, 2, 8]
[C:\Program Files\Common Files\Ahead\lib\MSVCP71.dll] [Microsoft Corporation, 7.10.3077.0]
[C:\Program Files\Common Files\Ahead\lib\MSVCR71.dll] [Microsoft Corporation, 7.10.3052.4]
[C:\Program Files\Common Files\Ahead\lib\AdvrCntr2.dll] [Nero AG, 2,5,0, 4800]
[C:\Program Files\Common Files\Ahead\lib\NMIndexStoreSvrPS.dll] [Nero AG, 1, 0, 2, 8]
[C:\Program Files\Common Files\Ahead\lib\NMDataServices.dll] [Nero AG, 1, 0, 2, 8]
[PID: 2004 / SYSTEM][C:\WINDOWS\system32\spoolsv.exe] [(Verified) Microsoft Corporation, 5.1.2600.5512 (xpsp.080413-0852)]
[C:\WINDOWS\system32\mdimon.dll] [Microsoft Corporation, 11.3.1897.0]
[C:\Program Files\ZO TECH Print Monitor\Driver.DLL] [, 4, 3, 23, 1]
[C:\WINDOWS\System32\spool\PRTPROCS\W32X86\mdippr.dll] [Microsoft Corporation, 11.3.1897.0]
[C:\WINDOWS\System32\spool\PRTPROCS\W32X86\filterpipelineprintproc.dll] [Microsoft Corporation, 6.0.6000.16438 (winmain(wmbla).070123-1305)]
[PID: 876 / SYSTEM][C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE] [Microsoft Corporation, 7.00.9466]
[C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\1028\mdmui.dll] [Microsoft Corporation, 7.00.9466]
[C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MSDBG2.DLL] [Microsoft Corporation, 7.00.9466]
[PID: 2332 / SYSTEM][C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe] [ALWIL Software, 4, 8, 1227, 0]
[C:\Program Files\Alwil Software\Avast4\ashBase.dll] [ALWIL Software, 4, 8, 1227, 0]
[C:\WINDOWS\system32\MSVCP71.dll] [Microsoft Corporation, 7.10.3077.0]
[C:\WINDOWS\system32\MSVCR71.dll] [Microsoft Corporation, 7.10.3052.4]
[C:\Program Files\Alwil Software\Avast4\aswCmnOS.dll] [ALWIL Software, 4, 8, 1227, 0]
[C:\Program Files\Alwil Software\Avast4\aswCmnB.dll] [ALWIL Software, 4, 8, 1227, 0]
[C:\Program Files\Alwil Software\Avast4\aswCmnS.dll] [ALWIL Software, 4, 8, 1227, 0]
[C:\Program Files\Alwil Software\Avast4\ashTask.dll] [ALWIL Software, 4, 8, 1227, 0]
[C:\Program Files\Alwil Software\Avast4\aswAux.dll] [ALWIL Software, 4, 8, 1227, 0]
[C:\Program Files\Alwil Software\Avast4\Aavm4h.dll] [ALWIL Software, 4, 8, 1227, 0]
[C:\Program Files\Alwil Software\Avast4\AavmRpch.dll] [ALWIL Software, 4, 8, 1227, 0]
[C:\Program Files\Alwil Software\Avast4\AhResMai.dll] [ALWIL Software, 4, 8, 1227, 0]
[C:\Program Files\Alwil Software\Avast4\ChineseT\Base.dll] [ALWIL Software, 4, 8, 1201, 0]
[C:\Program Files\Alwil Software\Avast4\aswEngin.dll] [ALWIL Software, 4, 8, 1227, 0]
[C:\Program Files\Alwil Software\Avast4\aswScan.dll] [ALWIL Software, 4, 8, 1227, 0]
[C:\Program Files\Alwil Software\Avast4\ChineseT\Lang.dll] [ALWIL Software, 4, 8, 1201, 0]
[C:\WINDOWS\system32\MFC71.DLL] [Microsoft Corporation, 7.10.3077.0]
[C:\Program Files\Alwil Software\Avast4\ChineseT\langmai.dll] [ALWIL Software, 4, 8, 1201, 0]
[PID: 2384 / SYSTEM][C:\Program Files\Alwil Software\Avast4\ashWebSv.exe] [ALWIL Software, 4, 8, 1229, 0]
[C:\Program Files\Alwil Software\Avast4\ashBase.dll] [ALWIL Software, 4, 8, 1227, 0]
[C:\WINDOWS\system32\MSVCP71.dll] [Microsoft Corporation, 7.10.3077.0]
[C:\WINDOWS\system32\MSVCR71.dll] [Microsoft Corporation, 7.10.3052.4]
[C:\Program Files\Alwil Software\Avast4\aswCmnOS.dll] [ALWIL Software, 4, 8, 1227, 0]
[C:\Program Files\Alwil Software\Avast4\aswCmnB.dll] [ALWIL Software, 4, 8, 1227, 0]
[C:\Program Files\Alwil Software\Avast4\aswCmnS.dll] [ALWIL Software, 4, 8, 1227, 0]
[C:\Program Files\Alwil Software\Avast4\Aavm4h.dll] [ALWIL Software, 4, 8, 1227, 0]
[C:\Program Files\Alwil Software\Avast4\AavmRpch.dll] [ALWIL Software, 4, 8, 1227, 0]
[C:\Program Files\Alwil Software\Avast4\ashTask.dll] [ALWIL Software, 4, 8, 1227, 0]
[C:\Program Files\Alwil Software\Avast4\aswAux.dll] [ALWIL Software, 4, 8, 1227, 0]
[C:\Program Files\Alwil Software\Avast4\ChineseT\Base.dll] [ALWIL Software, 4, 8, 1201, 0]
[C:\Program Files\Alwil Software\Avast4\aswEngin.dll] [ALWIL Software, 4, 8, 1227, 0]
[C:\Program Files\Alwil Software\Avast4\aswScan.dll] [ALWIL Software, 4, 8, 1227, 0]
[C:\Program Files\Alwil Software\Avast4\ashWsFtr.dll] [ALWIL Software, 4, 8, 1227, 0]
[C:\PROGRA~1\ALWILS~1\Avast4\AhResWs.dll] [ALWIL Software, 4, 8, 1227, 0]
[PID: 2420 / user][C:\WINDOWS\system32\wscntfy.exe] [(Verified) Microsoft Corporation, 5.1.2600.5512 (xpsp.080413-2108)]
[PID: 2872 / LOCAL SERVICE][C:\WINDOWS\System32\alg.exe] [(Verified) Microsoft Corporation, 5.1.2600.5512 (xpsp.080413-0852)]
[PID: 3240 / SYSTEM][C:\Program Files\Windows Live\Messenger\usnsvc.exe] [Microsoft Corporation, 8.5.1302.1018]
[PID: 3516 / user][C:\Program Files\Internet Explorer\IEXPLORE.EXE] [Microsoft Corporation, 6.00.2900.5512 (xpsp.080413-2105)]
[C:\Program Files\Common Files\Microsoft Shared\INK\PENCHT.DLL] [Microsoft Corporation, 1.0.1038.0]
[C:\WINDOWS\system32\Macromed\Flash\Flash9f.ocx] [Adobe Systems, Inc., 9,0,124,0]
[PID: 680 / SYSTEM][C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE] [Microsoft Corporation, 11.0.5525]
[PID: 144 / user][C:\Documents and Settings\user\桌面\sreng2\SREngLdr.EXE] [Smallfrogs Studio, 2.7.0.1210]
[PID: 2800 / user][C:\Documents and Settings\user\桌面\sreng2\SRE7f70af9.EXE] [Smallfrogs Studio, 2.7.0.1210]
[C:\Documents and Settings\user\桌面\sreng2\Upload\3rdUpd.DLL] [Smallfrogs Studio, 2, 1, 0, 15]

==================================
文件關聯
.TXT OK. [%SystemRoot%\system32\NOTEPAD.EXE %1]
.EXE OK. ["%1" %*]
.COM OK. ["%1" %*]
.PIF OK. ["%1" %*]
.REG OK. [regedit.exe "%1"]
.BAT OK. ["%1" %*]
.SCR OK. ["%1" /S]
.CHM OK. ["C:\WINDOWS\hh.exe" %1]
.HLP OK. [%SystemRoot%\System32\winhlp32.exe %1]
.INI OK. [%SystemRoot%\System32\NOTEPAD.EXE %1]
.INF OK. [%SystemRoot%\System32\NOTEPAD.EXE %1]
.VBS OK. [%SystemRoot%\System32\WScript.exe "%1" %*]
.JS OK. [%SystemRoot%\System32\WScript.exe "%1" %*]
.LNK OK. [{00021401-0000-0000-C000-000000000046}]

==================================
Winsock 提供者
N/A

==================================
Autorun.inf
N/A

==================================
HOSTS 文件
127.0.0.1 localhost

==================================
進程特權掃描
特殊特權被允許： SeLoadDriverPrivilege [PID = 1580, C:\WINDOWS\HTPATCH.EXE]
特殊特權被允許： SeLoadDriverPrivilege [PID = 1788, C:\PROGRAM FILES\COMMON FILES\AHEAD\LIB\NMBGMONITOR.EXE]
特殊特權被允許： SeLoadDriverPrivilege [PID = 144, C:\DOCUMENTS AND SETTINGS\USER\桌面\SRENG2\SRENGLDR.EXE]

==================================
計畫任務
[已啟用] 查看 Windows Live Toolbar 的更新資訊.job
C:\Program Files\Windows Live Toolbar\MSNTBUP.EXE

==================================
API HOOK
N/A

==================================
隱藏進程
N/A

==================================


[/code]

麻煩您囉

[GaMNiA]

SREng 的 LOG檔看起來也似乎很正常...

你還是去改MSN密碼試試看吧～也許是MSN帳號密碼真的被盜用了...

[cara551977]

引用:

作者: GaMNiA

SREng 的 LOG檔看起來也似乎很正常...

你還是去改MSN密碼試試看吧～也許是MSN帳號密碼真的被盜用了...

謝謝您

我會先去改密碼的

麻煩您囉
那LOG檔含真是多ㄚ

[GaMNiA]

補充一下，也有可能是你以前有中木馬病毒或是廣告軟體，
所以 MSN e-mail 已經被某些木馬或是廣告軟體收集了，
冒用你的 MSN e-mail 亂發郵件。

[cara551977]

謝謝您

改密後是乎沒問題囉

[rainfire]

引用:

作者: cara551977

謝謝您

改密後是乎沒問題囉

我同學前幾天打開它的YAHOO信箱
發現他自己寄給自己帶有毒附件的信
..........盜帳號的也太混了八
這樣不就被發現了ˋˊ

[cara551977]

引用:

作者: rainfire

我同學前幾天打開它的YAHOO信箱
發現他自己寄給自己帶有毒附件的信
..........盜帳號的也太混了八
這樣不就被發現了ˋˊ

是阿

我也習慣在自己信箱內輸入自己的信箱

[rainfire]

引用:

作者: cara551977

是阿

我也習慣在自己信箱內輸入自己的信箱

我自己也是

[crd1871]

引用:

作者: cara551977

是阿

我也習慣在自己信箱內輸入自己的信箱

引用:

作者: rainfire

我自己也是

那是病毒程式的關係,只要中毒,就會寄病毒到通訊錄裡所有人的信箱~~

[cara551977]

引用:

作者: crd1871

那是病毒程式的關係,只要中毒,就會寄病毒到通訊錄裡所有人的信箱~~

可是掃不出來耶
該怎麼處理阿