查看完整版本 : 中廣告毒ar...日日剷日日都仲有, help~

chasiumei 2014-8-19 11:38 PM

中廣告毒ar...日日剷日日都仲有, help~

上網時, 會有小視訊附在網頁欄位, 如右側、右下角、中間橫額咁。(見下圖)
[img=628,481]http://i1240.photobucket.com/albums/gg488/minnie200905/adv_1_zps7ffe060a.jpg[/img]

上discuss HK, 上一頁會係[url=http://googleads.g.doubleclick.net/page]http://googleads.g.doubleclick.net/page[/url], 人地話係virus...

依家我見連iphone(開親app都彈全頁廣告, 但係香港公司廣告黎...), 公司電腦都係咁, 我諗係我叉電時帶埋D毒過去呀, 點算... 請各大高手打救啊~~ 感激~

我用Combo Fix, Junkware Removal Tool , Spyhunter, Super Anti-Spyware, R-kill等Scan過, 現附上給各位看看, 謝~
(PS 我無用安全模式刪毒, 因唔係好知步驟...)

chasiumei 2014-8-19 11:50 PM

[u]ComboFix 14-08-15.01[/u] -  08/2014 週日  18:26:28.2.2 - x86

AV: Norton Internet Security *Enabled/Updated* {D87FA2C0-F526-77B1-D6EC-0EDF3936CEDB}
FW: Norton Internet Security *Enabled* {E04423E5-BF49-76E9-FDB3-A7EAC7E589A0}
SP: Norton Internet Security *Enabled/Updated*{631E4324-D31C-783F-EC5C-35AD42B18466}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
(((  被刪除的檔案   )))))
c:\users\****\AppData\Local\Temp\Sound_Blaster_X-Fi_MB_Cleanup.0001.dir.0043\~de6248.tmp
c:\users\****\AppData\Local\Temp\Sound_Blaster_X-Fi_MB_Cleanup.0001.dir.0043\~df394b.tmp
c:\windows\system32\tmp6E3.tmp
c:\windows\system32\tmp6E4.tmp
.
.
((((  2014-07-17 至 2014-08-17 的新的檔案  )))))
2014-08-17 09:53 . 2014-08-17 09:53 -------- d-----w- c:\windows\ERUNT
2014-08-16 12:35 . 2014-08-16 12:36 -------- d-----w- C:\NPE
2014-08-13 16:24 . 2014-03-0921:47 99480 ----a-w- c:\windows\system32\infocardapi.dll
2014-08-13 16:24 . 2014-06-3022:14 8856 ----a-w- c:\windows\system32\icardres.dll
2014-08-13 16:24 . 2014-03-0921:47 619672 ----a-w- c:\windows\system32\icardagt.exe
2014-08-13 16:24 . 2014-06-0606:16 35480 ----a-w- c:\windows\system32\TsWpfWrp.exe
2014-08-13 16:15 . 2008-08-2701:20 692224 ----a-w- c:\windows\system32\kixforms.dll
2014-08-13 12:57 . 2014-07-1602:46 2048 ----a-w- c:\windows\system32\tzres.dll
2014-08-13 12:57 . 2014-06-0309:30 101824 ----a-w- c:\windows\system32\consent.exe
2014-08-13 12:57 . 2014-06-0309:29 337408 ----a-w- c:\windows\system32\msihnd.dll
2014-08-13 12:57 . 2014-06-0309:29 2363392 ----a-w- c:\windows\system32\msi.dll
2014-08-13 12:57 . 2014-06-0309:29 1805824 ----a-w- c:\windows\system32\authui.dll
2014-08-13 12:57 . 2014-07-0901:29 6144 ----a-w- c:\windows\system32\KBDYAK.DLL
2014-08-13 12:57 . 2014-07-09 01:29 6144 ----a-w- c:\windows\system32\KBDBASH.DLL
2014-08-11 13:02 . 2014-08-11 13:02 -------- d-----w- c:\programfiles\HD Tune Pro
2014-08-10 11:27 . 2014-08-10 11:27 -------- d-----w- c:\programfiles\Common Files\Adobe
2014-08-04 13:59 . 2014-08-04 13:59 48648 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\UpdateableMarkup-2\Markup.dll
2014-08-02 16:21 . 2014-08-0216:21 48648 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\UpdateableMarkup\Markup.dll
2014-08-02 16:21 . 2014-08-0216:21 420176 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight\SpotlightResources.dll
2014-08-01 13:22 . 2014-08-02 12:14 -------- d-----w- c:\programfiles\Real
2014-07-28 15:56 . 2014-08-02 12:14 -------- d-----w- c:\programfiles\iTunes
2014-07-28 15:56 . 2014-08-0212:14 -------- d-----w- c:\programdata\Apple Computer
2014-07-28 15:56 . 2014-08-0212:14 -------- d-----w- c:\programdata\188F1432-103A-4ffb-80F1-36B633C5C9E1
2014-07-28 15:56 . 2014-07-28 15:56 -------- d-----w- c:\programfiles\iPod
2014-07-28 15:56 . 2014-07-28 15:56 -------- d-----w- c:\programfiles\Apple Software Update
2014-07-28 15:56 . 2014-07-2815:56 -------- d-----w- c:\windows\system32\config\systemprofile\AppData\Roaming\AppleComputer
2014-07-28 15:55 . 2014-07-28 15:55 -------- d-----w- c:\programfiles\Bonjour
2014-07-28 15:55 . 2014-07-2815:56 -------- d-----w- c:\programdata\Apple
2014-07-28 15:55 . 2014-07-28 15:55 -------- d-----w- c:\programfiles\Common Files\Apple
2014-07-28 13:21 . 2014-07-2813:21 -------- d-----w- c:\programdata\SUPERAntiSpyware.com
2014-07-28 12:38 . 2013-12-2107:56 523776 ----a-w- c:\windows\system32\vbscript.dll
2014-07-27 09:26 . 2014-01-0902:22 5694464 ----a-w- c:\windows\system32\mstscax.dll
2014-07-27 09:26 . 2014-05-0809:06 2742784 ----a-w- c:\windows\system32\rdpcorets.dll
2014-07-27 09:26 . 2014-05-0809:06 13824 ----a-w- c:\windows\system32\RdpGroupPolicyExtension.dll
2014-07-27 06:14 . 2013-09-2501:57 792576 ----a-w- c:\windows\system32\TSWorkspace.dll
2014-07-27 06:13 . 2012-05-0409:59 514560 ----a-w- c:\windows\system32\qdvd.dll
2014-07-25 16:01 . 2014-07-2516:01 -------- d-----w- c:\windows\Migration
2014-07-25 15:30 . 2011-01-2609:25 21000 ----a-w- c:\windows\system32\drivers\AsrVDrive.sys
2014-07-25 15:29 . 2012-02-1105:37 317440 ----a-w- c:\windows\system32\spoolsv.exe
2014-07-25 15:29 . 2011-03-1105:39 143744 ----a-w- c:\windows\system32\drivers\nvstor.sys
2014-07-25 15:29 . 2011-03-1105:39 117120 ----a-w- c:\windows\system32\drivers\nvraid.sys
2014-07-25 15:29 . 2011-03-1105:38 332160 ----a-w- c:\windows\system32\drivers\iaStorV.sys
2014-07-25 15:29 . 2011-03-1105:38 80256 ----a-w- c:\windows\system32\drivers\amdsata.sys
2014-07-25 15:29 . 2011-03-1105:38 22400 ----a-w- c:\windows\system32\drivers\amdxata.sys
2014-07-25 15:29 . 2011-03-1105:33 1699328 ----a-w- c:\windows\system32\esent.dll
2014-07-25 15:29 . 2011-03-1105:31 74240 ----a-w- c:\windows\system32\fsutil.exe
2014-07-25 15:29 . 2011-02-2505:30 2616320 ----a-w- c:\windows\explorer.exe
2014-07-24 15:22 . 2014-07-24 15:22 -------- d-----w- c:\programfiles\ASM106xSATA
2014-07-24 13:23 . 2011-11-0916:52 46080 ----a-w- c:\windows\system32\drivers\HECI.sys
2014-07-24 12:43 . 2014-07-24 12:46 -------- d-----w- c:\programfiles\Common Files\Symantec Shared
2014-07-24 12:43 . 2014-07-2412:43 142936 ----a-w- c:\windows\system32\drivers\SYMEVENT.SYS
2014-07-24 12:42 . 2014-08-1112:56 -------- d-----w- c:\windows\system32\drivers\NIS
2014-07-24 12:42 . 2014-07-24 12:42 -------- d-----w- c:\programfiles\Norton Internet Security
2014-07-24 12:28 . 2014-07-24 12:28 -------- d-----w- c:\programfiles\Mozilla Maintenance Service
2014-07-24 11:53 . 2009-05-2103:15 192512 ------w- c:\windows\system32\AMBSpiE.exe
2014-07-24 11:51 . 2014-07-24 11:51 -------- d-----w- c:\programfiles\Common Files\Adobe AIR
2014-07-24 11:50 . 2014-08-0212:13 -------- d-----w- c:\programdata\FNET
2014-07-24 11:50 . 2014-07-2411:50 14656 ----a-w- c:\windows\system32\drivers\FNETURPX.SYS
2014-07-24 11:50 . 2014-07-24 11:50 -------- d-----w- c:\programfiles\XFastUsb
2014-07-24 11:50 . 2014-07-24 11:50 -------- d-----w- c:\programfiles\ASRock Utility
2014-07-24 11:50 . 2010-06-1106:37 13832 ----a-w- c:\windows\system32\drivers\AsrAppCharger.sys
2014-07-23 16:00 . 2014-07-2316:00 -------- d-----w- c:\users\Default\AppData\Local\MicrosoftHelp
2014-07-23 15:53 . 2012-07-2603:21 196608 ----a-w- c:\windows\system32\WUDFHost.exe
2014-07-23 15:53 . 2012-07-2603:20 73216 ----a-w- c:\windows\system32\WUDFSvc.dll
2014-07-23 15:53 . 2012-07-2603:20 613888 ----a-w- c:\windows\system32\WUDFx.dll
2014-07-23 15:53 . 2012-07-2603:20 38912 ----a-w- c:\windows\system32\WUDFCoinstaller.dll
2014-07-23 15:53 . 2012-07-2603:20 172032 ----a-w- c:\windows\system32\WUDFPlatform.dll
2014-07-23 15:53 . 2012-07-2602:33 66560 ----a-w- c:\windows\system32\drivers\WUDFPf.sys
2014-07-23 15:53 . 2012-07-2602:32 155136 ----a-w- c:\windows\system32\drivers\WUDFRd.sys
2014-07-23 15:53 . 2012-03-0105:46 19824 ----a-w- c:\windows\system32\drivers\fs_rec.sys
2014-07-23 15:53 . 2012-03-0105:29 5120 ----a-w- c:\windows\system32\wmi.dll
2014-07-23 15:52 . 2014-08-1316:28 -------- d-----w- c:\windows\system32\MRT
2014-07-23 15:21 . 2014-07-2315:21 -------- d-----w- c:\windows\system32\Wat
2014-07-23 15:18 . 2013-05-1004:56 12625408 ----a-w- c:\windows\system32\wmploc.DLL
2014-07-23 15:18 . 2013-05-10 03:48 164864 ----a-w- c:\programfiles\Windows Media Player\wmplayer.exe
2014-07-23 15:11 . 2012-01-0408:58 442880 ----a-w- c:\windows\system32\ntshrui.dll
2014-07-23 15:11 . 2013-05-1003:20 24576 ----a-w- c:\windows\system32\cryptdlg.dll
2014-07-23 15:11 . 2012-08-2120:12 245760 ----a-w- c:\windows\system32\OxpsConverter.exe
2014-07-23 15:11 . 2013-10-0401:58 152576 ----a-w- c:\windows\system32\SmartcardCredentialProvider.dll
2014-07-23 15:11 . 2013-10-0401:56 168960 ----a-w- c:\windows\system32\credui.dll
2014-07-23 15:05 . 2013-12-2423:09 1987584 ----a-w- c:\windows\system32\d3d10warp.dll
2014-07-23 15:05 . 2013-11-26 08:16 3419136 ----a-w- c:\windows\system32\d2d1.dll
2014-07-23 15:03 . 2013-10-0519:57 1168384 ----a-w- c:\windows\system32\crypt32.dll
2014-07-23 15:02 . 2012-11-0205:11 376832 ----a-w- c:\windows\system32\dpnet.dll
2014-07-23 14:48 . 2014-06-0514:26 1059840 ----a-w- c:\windows\system32\lsasrv.dll
2014-07-23 14:48 . 2014-04-1202:15 136640 ----a-w- c:\windows\system32\drivers\ksecpkg.sys
2014-07-23 14:48 . 2013-07-0412:16 369848 ----a-w- c:\windows\system32\drivers\cng.sys
2014-07-23 14:48 . 2014-04-12 02:15 67520 ----a-w- c:\windows\system32\drivers\ksecdd.sys
2014-07-23 14:48 . 2014-04-1202:11 22528 ----a-w- c:\windows\system32\lsass.exe
2014-07-23 14:48 . 2014-04-1202:12 15872 ----a-w- c:\windows\system32\sspisrv.dll
2014-07-23 14:48 . 2014-04-12 02:12 100352 ----a-w- c:\windows\system32\sspicli.dll
2014-07-23 14:48 . 2014-04-1202:12 22016 ----a-w- c:\windows\system32\secur32.dll
2014-07-23 14:47 . 2013-02-2704:49 47104 ----a-w- c:\windows\system32\appinfo.dll
2014-07-23 14:47 . 2012-02-1705:34 826880 ----a-w- c:\windows\system32\rdpcore.dll
2014-07-23 14:47 . 2012-02-1704:13 24576 ----a-w- c:\windows\system32\drivers\tdtcp.sys
2014-07-23 14:45 . 2014-07-25 16:01 -------- d-----w- c:\programfiles\Microsoft.NET
2014-07-23 14:45 . 2014-07-2314:45 -------- d-----w- c:\windows\PCHEALTH
2014-07-23 14:42 . 2014-07-23 14:42 -------- d-----w- c:\programfiles\Microsoft Analysis Services
2014-07-23 14:42 . 2014-08-1316:28 -------- d-----w- c:\programdata\Microsoft Help
2014-07-23 14:42 . 2014-07-2314:42 -------- d-----r- C:\MSOCache
2014-07-23 14:38 . 2012-06-0222:19 53784 ----a-w- c:\windows\system32\wuauclt.exe
2014-07-23 14:38 . 2012-06-0222:19 45080 ----a-w- c:\windows\system32\wups2.dll

chasiumei 2014-8-19 11:51 PM

2014-07-23 14:38 . 2012-06-02 22:19 1933848 ----a-w- c:\windows\system32\wuaueng.dll
2014-07-23 14:38 . 2012-06-02 22:12 2422272 ----a-w- c:\windows\system32\wucltux.dll
2014-07-23 14:38 . 2012-06-02 22:19 35864 ----a-w- c:\windows\system32\wups.dll
2014-07-23 14:38 . 2012-06-02 22:19 577048 ----a-w- c:\windows\system32\wuapi.dll
2014-07-23 14:38 . 2012-06-02 22:12 88576 ----a-w- c:\windows\system32\wudriver.dll
2014-07-23 14:37 . 2012-06-02 07:19 171904 ----a-w- c:\windows\system32\wuwebv.dll
2014-07-23 14:37 . 2012-06-02 07:12 33792 ----a-w- c:\windows\system32\wuapp.exe
2014-07-22 15:43 . 2014-07-22 15:43 -------- d-----w- c:\programdata\Yahoo! Companion
2014-07-22 15:43 . 2014-07-22 15:43 -------- d-----w- c:\programdata\Yahoo!
2014-07-22 15:43 . 2014-07-22 15:43 -------- d-----w- c:\program files\Yahoo!
2014-07-22 15:42 . 2014-07-22 15:42 215552 ----a-w- c:\program files\Internet Explorer\DiagnosticsHub.ScriptedSandboxPlugin.dll
2014-07-22 15:42 . 2014-07-22 15:44 -------- d--h--w- c:\windows\msdownld.tmp
2014-07-22 15:42 . 2014-07-22 15:42 69632 ----a-w- c:\windows\system32\smss.exe
2014-07-22 15:42 . 2014-07-22 15:42 640512 ----a-w- c:\windows\system32\advapi32.dll
2014-07-22 15:42 . 2014-07-22 15:42 619520 ----a-w- c:\windows\system32\tdh.dll
2014-07-22 15:42 . 2014-07-22 15:42 38912 ----a-w- c:\windows\system32\csrsrv.dll
2014-07-22 15:42 . 2014-07-22 15:42 1289096 ----a-w- c:\windows\system32\ntdll.dll
2014-07-22 15:41 . 2014-07-22 15:41 231424 ----a-w- c:\windows\system32\mswsock.dll
2014-07-22 15:41 . 2014-07-22 15:41 49152 ----a-w- c:\windows\system32\taskhost.exe
2014-07-22 15:39 . 2014-07-22 15:39 1505280 ----a-w- c:\windows\system32\d3d11.dll
2014-07-22 13:03 . 2014-07-22 13:03 -------- d-----w- c:\program files\ASM104xUSB3
2014-07-22 12:00 . 2014-07-24 12:54 71344 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2014-07-22 12:00 . 2014-07-24 12:54 699056 ----a-w- c:\windows\system32\FlashPlayerApp.exe
.
.
((((((((((((((((((((((((((((((((((((((((   在三個月內被修改的檔案   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2014-06-10 13:50 . 2014-06-10 13:50 6112864 ----a-w- c:\windows\system32\usbaaplrc.dll
2014-06-10 13:50 . 2014-06-10 13:50 45056 ----a-w- c:\windows\system32\drivers\usbaapl.sys
.
.
(((((((((((((((((((((((((((((((((((((   重要登入點   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*注意* 空白與合法缺省登錄將不會被顯示
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SUPERAntiSpyware"="d:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2014-08-16 6688024]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RtHDVCpl.exe" [2010-11-30 9914984]
"IME14 CHT Setup"="c:\progra~1\COMMON~1\MICROS~1\IME14\SHARED\IMEKLMG.EXE" [2012-03-13 81200]
"XFastUsb"="c:\program files\XFastUsb\XFastUsb.exe" [2014-07-24 4942336]
"CTSyncService"="c:\program files\InstallShield Installation Information\{F3D9AC82-30F4-4BB9-B9AB-8697637568C1}\AMBSPISyncService.exe" [2009-07-08 1233195]
"VolPanel"="c:\program files\Creative\SB X-Fi MB\Volume Panel\VolPanlu.exe" [2009-05-04 241789]
"UpdReg"="c:\windows\UpdReg.EXE" [2000-05-10 90112]
"RunDLLEntry"="c:\windows\system32\AmbRunE.dll" [2009-02-26 14848]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2014-01-29 145880]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2014-01-29 181208]
"Persistence"="c:\windows\system32\igfxpers.exe" [2014-01-29 189912]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2013-11-21 959904]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Remote Control.lnk - c:\program files\ProHDTV Pro 2\TV Tuner Card Utilities\HMCP6XCtl.exe [2014-7-22 102400]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE]
@=""
.
R2 UNS;Intel(R) Management and Security Application User Notification Service;c:\program files\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [2012-02-07 363800]
R3 AsrCDDrv;AsrCDDrv;c:\windows\system32\Drivers\AsrCDDrv.sys [x]
R3 Creative ALchemy AL6 Licensing Service;Creative ALchemy AL6 Licensing Service;c:\program files\Common Files\Creative Labs Shared\Service\AL6Licensing.exe [2014-07-24 79360]
R3 Creative Audio Engine Licensing Service;Creative Audio Engine Licensing Service;c:\program files\Common Files\Creative Labs Shared\Service\CTAELicensing.exe [2014-07-24 79360]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [2012-08-23 14848]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2013-10-02 49152]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys [2010-11-20 27264]
R3 WatAdminSvc;Windows 啟用技術服務;c:\windows\system32\Wat\WatAdminSvc.exe [2014-07-23 1343400]
S0 asahci32;asahci32;c:\windows\system32\DRIVERS\asahci32.sys [2010-11-19 30816]
S0 SymDS;Symantec Data Store;c:\windows\system32\drivers\NIS\1504000.00D\SYMDS.SYS [2013-10-30 367704]
S0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\NIS\1504000.00D\SYMEFA.SYS [2014-03-04 936152]
S1 AsrAppCharger;AsrAppCharger;c:\windows\system32\DRIVERS\AsrAppCharger.sys [2010-06-11 13832]
S1 BHDrvx86;BHDrvx86;c:\program files\Norton Internet Security\NortonData\21.3.0.12\Definitions\BASHDefs\20140801.001\BHDrvx86.sys [2014-07-03 1101616]
S1 ccSet_NIS;NIS Settings Manager;c:\windows\system32\drivers\NIS\1504000.00D\ccSetx86.sys [2014-02-20 127064]
S1 ccSet_NST;Norton Identity Safe Settings Manager;c:\windows\system32\drivers\NST\7DE07060.00F\ccSetx86.sys [2013-09-27 127064]
S1 FNETURPX;FNETURPX;c:\windows\system32\drivers\FNETURPX.SYS [2014-07-24 14656]
S1 IDSVix86;IDSVix86;c:\program files\Norton Internet Security\NortonData\21.3.0.12\Definitions\IPSDefs\20140815.001\IDSvix86.sys [2014-07-31 395992]
S1 SASDIFSV;SASDIFSV;d:\program files\SUPERAntiSpyware\SASDIFSV.SYS [2011-07-22 12880]
S1 SASKUTIL;SASKUTIL;d:\program files\SUPERAntiSpyware\SASKUTIL.SYS [2011-07-12 67664]
S1 SymIRON;Symantec Iron Driver;c:\windows\system32\drivers\NIS\1504000.00D\Ironx86.SYS [2013-10-30 206936]
S1 SymNetS;Symantec Network Security WFP Driver;c:\windows\System32\Drivers\NIS\1504000.00D\SYMNETS.SYS [2014-02-18 447704]
S2 !SASCORE;SAS Core Service;d:\program files\SUPERAntiSpyware\SASCORE.EXE [2014-08-16 142648]
S2 ImeDictUpdateService;Microsoft IME Dictionary Update;c:\program files\Common Files\Microsoft Shared\IME14\SHARED\IMEDICTUPDATE.EXE [2010-10-20 59760]
S2 Intel(R) Capability Licensing Service Interface;Intel(R) Capability Licensing Service Interface;c:\program files\Intel\iCLS Client\HeciServer.exe [2012-02-02 458464]
S2 NCO;Norton Identity Safe;c:\program files\Norton Identity Safe\Engine\2014.7.6.15\NST.exe [2014-07-31 130104]
S2 NIS;Norton Internet Security;c:\program files\Norton Internet Security\Engine\21.4.0.13\NIS.exe [2014-06-27 276376]
S3 3xHybrid;3xHybrid service;c:\windows\system32\DRIVERS\3xHybrid.sys [2010-11-04 1057408]
S3 asmthub3;ASMedia USB3 Hub Service;c:\windows\system32\DRIVERS\asmthub3.sys [2010-12-29 95720]
S3 asmtxhci;ASMEDIA XHCI Service;c:\windows\system32\DRIVERS\asmtxhci.sys [2010-12-29 293352]
S3 AsrVDrive;AsrVDrive;c:\windows\system32\DRIVERS\AsrVDrive.sys [2011-01-26 21000]
S3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2014-07-24 109872]
S3 IntcDAud;英特?(R) ?示器音?;c:\windows\system32\DRIVERS\IntcDAud.sys [2010-10-14 269824]
S3 L1C;NDIS Miniport Driver for Atheros AR813x/AR815x PCI-E Ethernet Controller;c:\windows\system32\DRIVERS\L1C62x86.sys [2010-08-24 68208]
S3 MEI;Intel(R) Management Engine Interface ;c:\windows\system32\DRIVERS\HECI.sys [2011-11-09 46080]
S3 Sound Blaster X-Fi MB Licensing Service;Sound Blaster X-Fi MB Licensing Service;c:\program files\Common Files\Creative Labs Shared\Service\XMBLicensing.exe [2014-07-24 79360]

--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - WS2IFSL
.
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{A509B1FF-37FF-4bFF-8CFF-4F3A747040FF}]
2009-07-14 01:14 126464 ----a-w- c:\windows\System32\advpack.dll
.
‘計劃任務’ 文件夾 裡的內容
.
2014-08-17 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2014-07-22 12:54]

chasiumei 2014-8-19 11:52 PM

------- 而外的掃描 -------
.
uStart Page = [url]https://hk.yahoo.com/?fr=fp-yie11[/url]
uInternet Settings,ProxyOverride = <local>;*.local
IE: 傳送至 OneNote(&N) - c:\progra~1\MICROS~2\Office14\ONBttnIE.dll/105
IE: 匯出至 Microsoft Excel(&X) - c:\progra~1\MICROS~2\Office14\EXCEL.EXE/3000
TCP: DhcpNameServer = 192.168.8.1
FF - ProfilePath - c:\users\***\AppData\Roaming\Mozilla\Firefox\Profiles\ek4ya9jh.default\
.
- - - - ORPHANS REMOVED - - - -
.
HKCU-Run-ASRockXTU - (no file)
HKCU-Run-zASRockInstantBoot - (no file)
.
.
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\AnviCsbSvc]
"ImagePath"="C:/Windows.old/Program Files/Cloud System Booster/CSBSvc.exe"
--
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\NCO]
"ImagePath"="\"c:\program files\Norton Identity Safe\Engine\2014.7.6.15\NST.exe\" /s \"NCO\" /m \"c:\program files\Norton Identity Safe\Engine\2014.7.6.15\diMaster.dll\" /prefetch:1"
--
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\NIS]
"ImagePath"="\"c:\program files\Norton Internet Security\Engine\21.4.0.13\NIS.exe\" /s \"NIS\" /m \"c:\program files\Norton Internet Security\Engine\21.4.0.13\diMaster.dll\" /prefetch:1"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\AnviCsbSvc]
"ImagePath"="C:/Windows.old/Program Files/Cloud System Booster/CSBSvc.exe"
"ImagePath"="\SystemRoot\System32\Drivers\NIS\1504000.00D\SYMNETS.SYS"
"TrustedImagePaths"="c:\program files\Norton Internet Security\Engine\21.4.0.13"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ 其他運行進程 ------------------------
.
c:\program files\Creative\Shared Files\CTAudSvc.exe
c:\program files\Common Files\Adobe\ARM\1.0\armsvc.exe
c:\windows.old\Program Files\Cloud System Booster\CSBSvc.exe
c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\Yahoo!\SoftwareUpdate\YahooAUService.exe
c:\windows\System32\WUDFHost.exe
c:\windows\system32\taskhost.exe
c:\windows\system32\conhost.exe
c:\windows\System32\rundll32.exe
c:\users\Minnie\AppData\Local\Temp\Sound_Blaster_X-Fi_MB_Cleanup.0001
c:\program files\Realtek\Audio\HDA\RtHDVBg.exe

chasiumei 2014-8-19 11:55 PM

[font=新細明體][/font][u]JunkwareRemoval Tool[/u](JRT) by Thisisu
Version: 6.1.4 (04.06.2014:1)
OS: Windows 7 Home Premium x86
Ran by ***** on 17/08/2014 週日at 17:53:07.88
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
[font=新細明體][/font]
[font=新細明體][/font]
~~~ Services
[font=新細明體][/font]
[font=新細明體][/font]~~~Registry Values
[font=新細明體][/font]
[font=新細明體][/font]~~~Registry Keys
[font=新細明體][/font]Successfullydeleted: [Registry Key] HKEY_CLASSES_ROOT\yt.ytnavassistplugin
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\yt.ytnavassistplugin.1
Successfully deleted: [Registry Key]HKEY_CLASSES_ROOT\CLSID\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Successfully deleted: [Registry Key]HKEY_CLASSES_ROOT\CLSID\{058F0E48-61CA-4964-9FBA-1978A1BB060D}
Successfully deleted: [Registry Key]HKEY_CLASSES_ROOT\CLSID\{18F33C35-8EF2-40D7-8BA4-932B0121B472}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
Successfully deleted: [Registry Key]HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Successfully deleted: [Registry Key]HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
Successfully deleted: [Registry Key]HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\BrowserHelper Objects\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
[font=新細明體][/font]
[font=新細明體][/font]~~~Files
[font=新細明體][/font]
[font=新細明體][/font]~~~Folders
[font=新細明體][/font]Successfullydeleted: [Folder] "C:\ProgramData\baidu"
Successfully deleted: [Folder] "C:\Program Files\baidu"
[font=新細明體][/font]
[font=新細明體][/font]~~~FireFox
[font=新細明體][/font]Emptiedfolder:C:\Users\***\AppData\Roaming\mozilla\firefox\profiles\ek4ya9jh.default\minidumps[1 files]
[font=新細明體][/font]
[font=新細明體][/font]~~~Event Viewer Logs were cleared
[font=新細明體][/font]
[font=新細明體][/font]
[font=新細明體][/font]~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 17/08/2014 週日at 17:55:37.76
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
[font=新細明體][/font][font=Times New Roman] [/font]
[font=新細明體][/font]

chasiumei 2014-8-19 11:56 PM

[u][b]Rkill[/b][/u] 2.6.5 by Lawrence Abrams (Grinler)

[url=http://www.bleepingcomputer.com/]http://www.bleepingcomputer.com/[/url]
Copyright 2008-2014 BleepingComputer.com
More Information about Rkill can be found at this link:
[url=http://www.bleepingcomputer.com/forums/topic308364.html]http://www.bleepingcomputer.com/forums/topic308364.html[/url]

Program started at: 08/17/2014 06:40:07 PM in x86 mode.
Windows Version: Windows 7 Home Premium Service Pack 1

Checking for Windows services to stop:

* No malware services found to stop.

Checking for processes to terminate:

* C:\Users\***\AppData\Local\Temp\Sound_Blaster_X-Fi_MB_Cleanup.0001 (PID: 3488) [UP-HEUR]
* C:\Users\***\AppData\Local\Temp\Sound_Blaster_X-Fi_MB_Cleanup.0001 (PID: 3488) [T-HEUR]

2 proccesses terminated!

Checking Registry for malware related settings:

* No issues found in the Registry.

Resetting .EXE, .COM, & .BAT associations in the Windows Registry.

Performing miscellaneous checks:

* Windows Defender Disabled

   [HKLM\SOFTWARE\Microsoft\Windows Defender]
   "DisableAntiSpyware" = dword:00000001

Checking Windows Service Integrity:

* Windows Defender (WinDefend) is not Running.
   Startup Type set to: Automatic

Searching for Missing Digital Signatures:

* No issues found.

Checking HOSTS File:

* HOSTS file entries found:

  127.0.0.1       localhost

Program finished at: 08/17/2014 06:40:19 PM
Execution time: 0 hours(s), 0 minute(s), and 11 seconds(s)

chasiumei 2014-8-19 11:58 PM

[img=668,702]http://i1240.photobucket.com/albums/gg488/minnie200905/spyhunter_zps2c492e85.jpg[/img]

chasiumei 2014-8-20 12:03 AM

Norton

[img=553,383]http://i1240.photobucket.com/albums/gg488/minnie200905/norton_2_zps9d97da58.jpg[/img]

chasiumei 2014-8-20 12:06 AM

Hijack This




Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 21:26:35, on 19/8/2014
Platform: Unknown Windows (WinNT 6.01.3505 SP1)
MSIE: Internet Explorer v10.0 (10.00.9200.17054)
Boot mode: Normal
Running processes:
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe
C:\Program Files\XFastUsb\XFastUsb.exe
C:\Program Files\InstallShield Installation Information\{F3D9AC82-30F4-4BB9-B9AB-8697637568C1}\AMBSPISyncService.exe
C:\Windows\System32\rundll32.exe
C:\Users\Minnie\AppData\Local\Temp\Sound_Blaster_X-Fi_MB_Cleanup.0001
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
D:\Program Files\SUPERAntiSpyware\SUPERANTISPYWARE.EXE
C:\Program Files\ProHDTV Pro 2\TV Tuner Card Utilities\HMCP6XCtl.exe
C:\Program Files\Realtek\Audio\HDA\RtHDVBg.exe
C:\Windows\Explorer.exe
C:\Windows\system32\SearchProtocolHost.exe
D:\防毒software\HijackThis.exe
O2 - BHO: Norton Identity Protection - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files\Norton Internet Security\Engine\21.4.0.13\coIEPlg.dll
O2 - BHO: Norton Vulnerability Protection - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files\Norton Internet Security\Engine\21.4.0.13\IPS\IPSBHO.DLL
O2 - BHO: URLRedirectionBHO - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~1\MICROS~2\Office14\URLREDIR.DLL
O3 - Toolbar: (no name) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O3 - Toolbar: Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Norton Internet Security\Engine\21.4.0.13\coIEPlg.dll
O4 - HKLM\..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe -s
O4 - HKLM\..\Run: [IME14 CHT Setup] C:\PROGRA~1\COMMON~1\MICROS~1\IME14\SHARED\IMEKLMG.EXE /SetPreload /CHT /Log
O4 - HKLM\..\Run: [XFastUsb] C:\Program Files\XFastUsb\XFastUsb.exe
O4 - HKLM\..\Run: [CTSyncService] C:\Program Files\InstallShield Installation Information\{F3D9AC82-30F4-4BB9-B9AB-8697637568C1}\AMBSPISyncService.exe /StartRunKey
O4 - HKLM\..\Run: [VolPanel] "C:\Program Files\Creative\SB X-Fi MB\Volume Panel\VolPanlu.exe" /r
O4 - HKLM\..\Run: [UpdReg] C:\Windows\UpdReg.EXE
O4 - HKLM\..\Run: [RunDLLEntry] C:\Windows\system32\RunDLL32.exe C:\Windows\system32\AmbRunE.dll,RunDLLEntry
O4 - HKLM\..\Run: [IgfxTray] "C:\Windows\system32\igfxtray.exe"
O4 - HKLM\..\Run: [HotKeysCmds] "C:\Windows\system32\hkcmd.exe"
O4 - HKLM\..\Run: [Persistence] "C:\Windows\system32\igfxpers.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKCU\..\Run: [SUPERAntiSpyware] D:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - Global Startup: Remote Control.lnk = C:\Program Files\ProHDTV Pro 2\TV Tuner Card Utilities\HMCP6XCtl.exe
O8 - Extra context menu item: 傳送至 OneNote(&N) - res://C:\PROGRA~1\MICROS~2\Office14\ONBttnIE.dll/105
O8 - Extra context menu item: 匯出至 Microsoft Excel(&X) - res://C:\PROGRA~1\MICROS~2\Office14\EXCEL.EXE/3000
O9 - Extra button: 傳送至 OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: 傳送至 OneNote(&N) - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll
O9 - Extra button: OneNote 連結筆記(&K) - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
O9 - Extra 'Tools' menuitem: OneNote 連結筆記(&K) - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O15 - ESC Trusted Zone: [url=http://*.update.microsoft.com]http://*.update.microsoft.com[/url]
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - [url=http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab]http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab[/url]
O18 - Filter hijack: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
O23 - Service: SAS Core Service (!SASCORE) - SUPERAntiSpyware.com - D:\Program Files\SUPERAntiSpyware\SASCORE.EXE
O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: Anvi Cloud System Booster Speed Service (AnviCsbSvc) - Anvisoft - C:/Windows.old/Program Files/Cloud System Booster/CSBSvc.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
O23 - Service: Bonjour 服務 (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Intel(R) Content Protection HECI Service (cphs) - Intel Corporation - C:\Windows\system32\IntelCpHeciSvc.exe
O23 - Service: Creative ALchemy AL6 Licensing Service - Creative Labs - C:\Program Files\Common Files\Creative Labs Shared\Service\AL6Licensing.exe
O23 - Service: Creative Audio Engine Licensing Service - Creative Labs - C:\Program Files\Common Files\Creative Labs Shared\Service\CTAELicensing.exe
O23 - Service: Creative Audio Service (CTAudSvcService) - Creative Technology Ltd - C:\Program Files\Creative\Shared Files\CTAudSvc.exe
O23 - Service: Intel(R) Capability Licensing Service Interface - Intel(R) Corporation - C:\Program Files\Intel\iCLS Client\HeciServer.exe
O23 - Service: Intel(R) Management and Security Application Local Management Service (LMS) - Intel Corporation - C:\Program Files\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe
O23 - Service: Norton Identity Safe (NCO) - Symantec Corporation - C:\Program Files\Norton Identity Safe\Engine\2014.7.6.15\NST.exe
O23 - Service: Norton Internet Security (NIS) - Symantec Corporation - C:\Program Files\Norton Internet Security\Engine\21.4.0.13\NIS.exe
O23 - Service: Sound Blaster X-Fi MB Licensing Service - Creative Labs - C:\Program Files\Common Files\Creative Labs Shared\Service\XMBLicensing.exe
O23 - Service: Intel(R) Management and Security Application User Notification Service (UNS) - Intel Corporation - C:\Program Files\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
O23 - Service: Yahoo! Updater (YahooAUService) - Yahoo! Inc. - C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe
--
End of file - 6595 bytes

chasiumei 2014-8-20 12:09 AM

今日scan仲有delete呢2個, Sound_Blaster係咪病毒黎??

c:\users\***\AppData\Local\Temp\Sound_Blaster_X-Fi_MB_Cleanup.0001.dir.0005\~de6248.tmp
c:\users\***\AppData\Local\Temp\Sound_Blaster_X-Fi_MB_Cleanup.0001.dir.0005\~df394b.tmp

AsianHandiCap。 2014-9-20 10:10 PM

*** 作者被禁止或刪除 內容自動屏蔽 ***
頁: [1]
查看完整版本: 中廣告毒ar...日日剷日日都仲有, help~