查看完整版本: 電腦表單捷徑中毒!附LOG CODE

chobitsuki 2010-11-4 11:07 AM

電腦表單捷徑中毒!附LOG CODE

如圖:最近電腦出問題,不清楚是中毒還是什麼的,一開始所有捷徑點下去都會連結到大陸拍賣網站掏寶,到原本程式位置依樣可以正常開啟,好像是所有捷徑都失效了,小弟自己爬文處理後變成點下去都開啟記事本,問題還是沒有解決,有請知道如何解決的幫忙一下!感恩!|y12|

[img]http://sphotos.ak.fbcdn.net/hphotos-ak-ash2/hs559.ash2/148168_170180033007797_100000474054358_559276_866464_n.jpg[/img]

LOG CODE

[code]
EFIX 5.7 20101016.04 -  2010-11-05 11:46:46  -  NTFS 0404
Microsoft Windows XP  Service Pack 2 - Administrator
執行位置: C:\Documents and Settings\Administrator\桌面\EF2010101604.EXE
* 已建立系統還原點.
提示:
未安裝安全性更新 KB971029
未安裝安全性更新 KB978207
未安裝安全性更新 KB2286198
================================================================================
EF刪除的檔案列表:
沒有刪除任何檔案.
================================================================================
EF修改的登錄值列表:
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\runonce]
"360safeuninst"=-
登錄值刪除前的值.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\runonce]
360safeuninst=C:\WINDOWS\TEMP\REMOVE~1.BAT - delete value
================================================================================
各磁碟根目錄含有隱藏屬性的資料夾和檔案 :
2001-10-11 03:05:14 . 2001-10-11 03:05:14 213830 rash----- c:\bootfont.bin
2008-08-29 10:23:03 . 2005-08-08 16:29:30   <DIR>     r--h-d--- d:\MSOCache
********** Created 2010-10 -- 2010-11 Files: **********
2010-11-05 11:27:46 . 2010-08-11 10:38:34 71168     -a------- C:\WINDOWS\SYSTEM32\DRIVERS\BAPIDRV.SYS
2010-11-03 19:01:44 . 2010-11-03 19:01:44 64582     -a------- C:\WINDOWS\SYSTEM32\liuphon.tab
2010-11-03 19:01:44 . 2010-11-03 19:01:44 52277     -a------- C:\WINDOWS\SYSTEM32\liu-uni4.tab
2010-11-03 19:01:44 . 2010-11-03 19:01:44 51961     -a------- C:\WINDOWS\SYSTEM32\liu-uni2.tab
2010-11-03 19:01:44 . 2010-11-03 19:01:44 41048     -a------- C:\WINDOWS\SYSTEM32\liu-uni.tab
2010-11-03 19:01:44 . 2010-11-03 19:01:44 40995     -a------- C:\WINDOWS\SYSTEM32\liu-uni3.tab
2010-11-03 19:01:44 . 2010-11-03 19:01:44 3052      -a------- C:\WINDOWS\SYSTEM32\liusymbol.tab
2010-11-03 19:01:44 . 2010-11-03 19:01:44 198144    -a------- C:\WINDOWS\SYSTEM32\liunt.ime
2010-11-03 11:17:23 . 2009-09-25 08:33:00 285704    -a------- C:\WINDOWS\SYSTEM32\DRIVERS\bdfsfltr.sys
2010-11-03 10:55:50 . 2010-11-03 18:43:45   <DIR>     -----d--- C:\Documents and Settings\Administrator\Application Data\360WD
2010-11-03 10:00:14 . 2010-11-03 10:00:14 880       -a------- C:\WINDOWS\setupapi.log
2010-11-02 12:39:58 . 2010-11-02 12:39:58 40854     -a------- C:\WINDOWS\SYSTEM32\OEMLOGO.BMP
2010-11-02 10:44:42 . 2010-11-03 13:22:40 187268    -a------- C:\WINDOWS\ntbtlog.txt
2010-10-27 16:14:55 . 2010-11-05 10:50:45   0         -a------- C:\WINDOWS\0.log
2010-10-27 10:06:33 . 2010-10-27 10:06:33   <DIR>     -----d--- C:\Program Files\Error Repair Professional
********** Modified 2010-10 -- 2010-11 files: **********
2010-11-05 11:47:51 . 2009-01-10 11:16:27 1350167   -a------- C:\WINDOWS\WindowsUpdate.log
2010-11-05 11:47:27 . 2003-09-17 10:55:41   <DIR>     -----d--- C:\Documents and Settings\Administrator\桌面
2010-11-05 11:47:18 . 2010-11-05 01:28:51   <DIR>     r--h-d--- C:\Documents and Settings\Administrator\Recent
2010-11-05 11:47:02 . 2003-09-17 10:55:41   <DIR>     --sh-d--- C:\Documents and Settings\Administrator\Cookies
2010-11-05 11:27:52 . 2003-09-17 18:36:15   <DIR>     -----d--- C:\WINDOWS\SYSTEM32\drivers
2010-11-05 10:50:45 . 2010-10-27 16:14:55   0         -a------- C:\WINDOWS\0.log
2010-11-05 10:50:45 . 2009-05-23 00:23:14 159       -a------- C:\WINDOWS\wiadebug.log
2010-11-05 10:50:34 . 2009-05-23 00:23:14 49        -a------- C:\WINDOWS\wiaservc.log
2010-11-05 10:50:33 . 2009-11-08 15:32:13   <DIR>     -----d--- C:\flexlm
2010-11-05 10:50:33 . 2009-06-27 15:24:26 801       -a------- C:\WINDOWS\SYSTEM32\LMGRD.LOG
2010-11-05 10:50:08 . 2003-09-17 10:54:10 2048      -as------ C:\WINDOWS\bootstat.dat
2010-11-05 10:50:02 . 2009-07-29 21:50:00   0         -a------- C:\WINDOWS\MEMORY.DMP
2010-11-05 01:30:14 . 2009-01-10 11:17:22 32632     -a------- C:\WINDOWS\SchedLgU.Txt
2010-11-05 01:30:13 . 2003-09-17 10:40:29   <DIR>     -----d--- C:\WINDOWS\SYSTEM32\CatRoot2
2010-11-05 01:30:12 . 2003-09-17 10:55:42 278       --sh----- C:\Documents and Settings\Administrator\ntuser.ini
2010-11-04 23:28:28 . 2003-09-17 18:36:15   <DIR>     -----d--- C:\WINDOWS\AppPatch
2010-11-04 23:18:49 . 2006-10-13 19:18:17   <DIR>     -----d--- C:\Documents and Settings\Administrator\Contacts
2010-11-04 12:52:12 . 2003-09-17 18:38:57 211       rash----- C:\boot.ini
2010-11-04 12:52:11 . 2006-05-18 04:06:58 846       -a------- C:\WINDOWS\system.ini
2010-11-04 12:52:11 . 2006-05-18 04:06:58 705       -a------- C:\WINDOWS\win.ini
2010-11-03 19:01:44 . 2010-11-03 19:01:44 64582     -a------- C:\WINDOWS\SYSTEM32\liuphon.tab
2010-11-03 19:01:44 . 2010-11-03 19:01:44 52277     -a------- C:\WINDOWS\SYSTEM32\liu-uni4.tab
2010-11-03 19:01:44 . 2010-11-03 19:01:44 51961     -a------- C:\WINDOWS\SYSTEM32\liu-uni2.tab
2010-11-03 19:01:44 . 2010-11-03 19:01:44 41048     -a------- C:\WINDOWS\SYSTEM32\liu-uni.tab
2010-11-03 19:01:44 . 2010-11-03 19:01:44 40995     -a------- C:\WINDOWS\SYSTEM32\liu-uni3.tab
2010-11-03 19:01:44 . 2010-11-03 19:01:44 3052      -a------- C:\WINDOWS\SYSTEM32\liusymbol.tab
2010-11-03 19:01:44 . 2010-11-03 19:01:44 198144    -a------- C:\WINDOWS\SYSTEM32\liunt.ime
2010-11-03 18:43:45 . 2010-11-03 10:55:50   <DIR>     -----d--- C:\Documents and Settings\Administrator\Application Data\360WD
2010-11-03 17:16:24 . 2003-09-17 18:36:15   <DIR>     -----d--- C:\WINDOWS\SYSTEM32\DRIVERS\etc
2010-11-03 13:25:49 . 2003-09-17 10:50:58   <DIR>     --s--d--- C:\WINDOWS\Tasks
2010-11-03 13:22:40 . 2010-11-02 10:44:42 187268    -a------- C:\WINDOWS\ntbtlog.txt
2010-11-03 13:08:43 . 2009-07-03 19:23:41   <DIR>     -----d--- C:\Program Files\Common Files\Baidu
2010-11-03 12:54:44 . 2006-05-18 04:06:58 838144    -a------- C:\WINDOWS\SYSTEM32\chtbrkr.dll
2010-11-03 11:01:58 . 2010-07-17 13:40:04   <DIR>     -----d--- C:\Documents and Settings\Administrator\Application Data\Baidu
2010-11-03 10:00:14 . 2010-11-03 10:00:14 880       -a------- C:\WINDOWS\setupapi.log
2010-11-03 10:00:14 . 2009-09-16 21:27:39   <DIR>     -----d--- C:\WINDOWS\LastGood
2010-11-03 10:00:14 . 2003-09-17 10:52:00   <DIR>     --s--d--- C:\WINDOWS\Downloaded Program Files
2010-11-02 13:03:05 . 2003-10-01 00:53:12 116       -a------- C:\WINDOWS\NeroDigital.ini
2010-11-02 12:40:22 . 2009-04-01 08:15:35 119       -a------- C:\WINDOWS\SYSTEM32\OEMINFO.INI
2010-11-02 12:39:58 . 2010-11-02 12:39:58 40854     -a------- C:\WINDOWS\SYSTEM32\OEMLOGO.BMP
2010-11-02 12:22:36 . 2003-09-17 10:55:41   <DIR>     r----d--- C:\Documents and Settings\Administrator\Favorites
2010-11-02 11:30:23 . 2003-09-17 18:36:15   <DIR>     -----d--- C:\WINDOWS\security
2010-11-02 09:56:47 . 2003-10-01 01:24:39   <DIR>     -----d--- C:\Downloads
2010-10-28 22:22:00 . 2003-09-17 10:55:41   <DIR>     r----d--- C:\Documents and Settings\Administrator\My Documents
2010-10-27 10:08:42 . 2003-09-17 18:36:15   <DIR>     -----d--- C:\WINDOWS\Debug
2010-10-27 10:08:35 . 2009-11-26 08:15:18   <DIR>     -----d--- C:\WINDOWS\Minidump
2010-10-21 23:12:28 . 2003-09-17 18:36:15   <DIR>     -----d--- C:\WINDOWS\SYSTEM32\IME
================================================================================
執行中的程序:
[V]  [PID: 896 ]  C:\WINDOWS\system32\services.exe  [ Microsoft Corporation ]
[V]  [PID: 1448 ]  C:\Program Files\Alwil Software\Avast5\AvastSvc.exe  [ ALWIL Software ]
[V]  [PID: 1644 ]  C:\PROGRA~1\ALWILS~1\Avast5\avastUI.exe  [ ALWIL Software ]
[V]  [PID: 1660 ]  C:\WINDOWS\system32\ctfmon.exe  [ Microsoft Corporation ]
[V]  [PID: 1944 ]  C:\WINDOWS\system32\spoolsv.exe  [ Microsoft Corporation ]
[V]  [PID: 340 ]  C:\Documents and Settings\Administrator\桌面\系統工具\AVG Anti-Spyware\guard.exe  [ GRISOFT s.r.o. ]
[V]  [PID: 2156 ]  C:\WINDOWS\System32\alg.exe  [ Microsoft Corporation ]
[V]  [PID: 4032 ]  C:\WINDOWS\system32\wuauclt.exe  [ Microsoft Corporation ]
[V]  [PID: 3924 ]  C:\WINDOWS\system32\conime.exe  [ Microsoft Corporation ]
[V]  [PID: 2528 ]  C:\WINDOWS\system32\A938E1.COM  [ Microsoft Corporation ]
[V]  [PID: 3028 ]  C:\WINDOWS\system32\A938E1.COM  [ Microsoft Corporation ]
[V]  [PID: 876 ]  C:\WINDOWS\explorer.exe  [ Microsoft Corporation ]
================================================================================
登錄值列表 *** 注意 : 部分正常值不會顯示 ***
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe"  [ Microsoft Corporation  ]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SiSPower"="Rundll32.exe SiSPower.dll,ModeAgent"  [ Silicon Integrated Systems Corporation  ]
"avast5"="C:\PROGRA~1\ALWILS~1\Avast5\avastUI.exe /nogui"  [ ALWIL Software  ]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="ctfmon.exe"  [ Microsoft Corporation  ]
[HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="ctfmon.exe"  [ Microsoft Corporation  ]
[HKEY_USERS\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="ctfmon.exe"  [ Microsoft Corporation  ]
[HKEY_USERS\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="ctfmon.exe"  [ Microsoft Corporation  ]
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"DisableLockWorkstation"="0"
"NoRun"="0"
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"="0"
"legalnoticecaption"=""
"legalnoticetext"=""
"shutdownwithoutlogon"="1"
"undockwithoutlogon"="1"
"DisableTaskMgr"="0"
"DisableRegistryTools"="0"
"NoRun"="0"
[HKEY_LOCAL_MACHINE\~\Explorer\Browser Helper Objects\{0005A87D-D626-4B3A-84F9-1D9571695F55}]
2006-03-02 16:06 86016 C:\WINDOWS\system32\xunleibho_v14.dll
[HKEY_LOCAL_MACHINE\~\Explorer\Browser Helper Objects\{02478D38-C3F9-4efb-9B51-7695ECA05670}]
2009-09-20 09:26 1172280 C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
[HKEY_LOCAL_MACHINE\~\Explorer\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}]
2009-02-27 13:07 75128 C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
[HKEY_LOCAL_MACHINE\~\Explorer\Browser Helper Objects\{259F616C-A300-44F5-B04A-ED001A26C85C}]
[HKEY_LOCAL_MACHINE\~\Explorer\Browser Helper Objects\{43BEAFD9-E005-483D-A367-146BA6C8A32E}]
[HKEY_LOCAL_MACHINE\~\Explorer\Browser Helper Objects\{53AC8551-0DE0-4606-8A1E-A51AF20ADD60}]
[HKEY_LOCAL_MACHINE\~\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
2010-01-03 18:36 41760 C:\Program Files\Java\jre6\bin\jp2ssv.dll
[HKEY_LOCAL_MACHINE\~\Explorer\Browser Helper Objects\{E7E6F031-17CE-4C07-BC86-EABFE594F69C}]
2010-01-03 18:36 73728 C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
[HKEY_LOCAL_MACHINE\~\Explorer\Browser Helper Objects\{FDAD4DA1-61A2-4FD8-9C17-86F7AC245081}]
2009-09-20 09:26 158008 C:\Program Files\Yahoo!\Companion\Installs\cpn\YTSingleInstance.dll
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
"command"="C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"  [ Adobe Systems Incorporated  ]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
"command"="C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"  [ Adobe Systems Incorporated  ]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AVP]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BeatTrojan]
"command"="C:\Program Files\BeatTrojan2009\BeatTrojanMon.exe"  [ Lofocus(洛克思)安全實驗室  ]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\dorfgwe]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DWQueuedReporting]
"command"="C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe -t"  [ Microsoft Corporation  ]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\GVOD]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IMJPMIG8.1]
"command"="C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE /Spoil /RemAdvDef /Migration32"  [ Microsoft Corporation  ]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KernelFaultCheck]
"command"="%systemroot%\system32\dumprep 0 -k"  [ FILE NOT FOUND. ]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Load]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Messenger (Yahoo!)]
"command"="C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe -quiet"  [ Yahoo! Inc.  ]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ml]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSNDreyePlugin]
"command"="C:\Program Files\Inventec\Dreye\DreyeMT\msnplugin.exe /h"  [ FILE NOT FOUND. ]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MxieAutoExecute]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\OKWAP S858]
"command"="C:\Program Files\IAC\i-Sync ME (S-Series)\OKFile.exe"  [ FILE NOT FOUND. ]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\OODefragTray]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PHIME2002A]
"command"="C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName"  [ Microsoft Corporation  ]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PPS Accelerator]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QvodPlayer]
"command"="C:\Program Files\QvodPlayer\QvodTerminal.exe"  [ Shenzhen QVOD Technology Co.,Ltd  ]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Search Protection]
"command"="C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe"  [ Yahoo! Inc  ]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SoundMan]
"command"="SOUNDMAN.EXE"  [ Realtek Semiconductor Corp.  ]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
"command"="C:\Program Files\Java\jre6\bin\jusched.exe"  [ Sun Microsystems, Inc.  ]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SystemMgr]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UserFaultCheck]
"command"="%systemroot%\system32\dumprep 0 -u"  [ FILE NOT FOUND. ]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinampAgent]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\YSearchProtection]
"command"="C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe"  [ Yahoo! Inc  ]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^Administrator^「開始」功能表^程式集^啟動^Canon IJ Status Monitor Canon MP140 series Printer.lnk]
"command"="C:\WINDOWS\system32\rundll32.exe C:\DOCUME~1\ADMINI~1\CNMSSC~1.DLL,SMStarterEntryPoint USB001;Canon MP140 series Printer;cnmss Canon MP140 series Printer (Local).dll;Canon IJ Status Monitor Canon MP140 series Printer.lnk"  [ FILE NOT FOUND. ]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^Administrator^「開始」功能表^程式集^啟動^最好的記憶體釋放軟體.lnk]
"command"="C:\PROGRA~1\最好的~1\SYSINF~1.EXE "  [ Vetch Utilities  ]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^Administrator^「開始」功能表^程式集^啟動^ゐ雄滄厒芩飪.lnk]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^「開始」功能表^程式集^啟動^Adobe Gamma Loader.lnk]
"command"="C:\PROGRA~1\COMMON~1\Adobe\CALIBR~1\ADOBEG~1.EXE "  [ Adobe Systems, Inc.  ]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^「開始」功能表^程式集^啟動^Adobe Reader Speed Launch.lnk]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^「開始」功能表^程式集^啟動^Google 更新器.lnk]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^「開始」功能表^程式集^啟動^Microsoft Office.lnk]
"command"="D:\OFFICE\Office\OSA9.EXE -b -l"  [ Microsoft Corporation  ]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^「開始」功能表^程式集^啟動^t437wrwhe.exe]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^「開始」功能表^程式集^啟動^Utility Tray.lnk]
"command"="C:\WINDOWS\system32\sistray.exe "  [ Silicon Integrated Systems Corporation  ]
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{A509B1FF-37FF-4bFF-8CFF-4F3A747040FF}]
C:\WINDOWS\system32\rundll32.exe C:\WINDOWS\system32\advpack.dll,LaunchINFSectionEx C:\Program Files\Internet Explorer\clrtour.inf,DefaultInstall.ResetTour,,12
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer]
"NoWindowsUpdate"="0"
"NoRecentDocsMenu"="0"
"NoFavoritesMenu"="0"
"NoSMMyDocs"="0"
"NoSMMyPictures"="0"
"NoStartMenuMyMusic"="0"
"NoRecentDocsHistory"="0"
"NoRecentDocsNetHood"="0"
"NoSMHelp"="0"
"NoUserNameInStartMenu"="0"
"NoStartMenuPinnedList"="0"
"NoSharedDocuments"="1"
"NoLowDiskSpaceChecks"="1"
"ForceStartMenuLogOff"="1"
"NoControlPanel"="0"
"NoNetHood"="0"
"NoComputersNearMe"="0"
"NoBandCustomize"="0"
"NoMovingBands"="0"
"NoCloseDragDropBands"="0"
"NoSetTaskbar"="0"
"NoToolbarsOnTaskbar"="0"
"NoSaveSettings"="0"
"NoActiveDesktop"="0"
"ClassicShell"="0"
"NoDriveAutoRun"="0xFFFFFF03"
"LinkResolveIgnoreLinkInfo"="0"
"NoStartBanner"="0x01"
"ClearRecentDocsOnExit"="1"
"NoDriveTypeAutoRun"="255"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer]
"NoCDBurning"="1"
"NoControlPanel"="0"
"NoComputersNearMe"="0"
"LinkResolveIgnoreLinkInfo"="0"
"NoResolveSearch"="1"
"NoDriveTypeAutoRun"="255"
"HonorAutoRunSetting"="1"
[hku\.default\software\microsoft\windows\currentversion\policies\explorer]
"NoDriveTypeAutoRun"="255"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager]
PendingFileRenameOperations -
C:\WINDOWS\TEMP\~nsu.tmp\Au_.exe ;DELETE;
C:\WINDOWS\TEMP\~nsu.tmp ;DELETE;
C:\Program Files\360\360Safe\360.log ;DELETE;
C:\Program Files\360\360Safe\360ss.dat ;DELETE;
C:\Program Files\360\360Safe\360ss2.dat ;DELETE;
C:\Program Files\360\360Safe\safemon\360PrivacyCtrl.exe.tmp ;DELETE;
C:\Program Files\360\360Safe\safemon\360privacymon.dat.tmp ;DELETE;
C:\Program Files\360\360Safe\safemon\360PrivacyMon.dll.tmp ;DELETE;
C:\Program Files\360\360Safe\safemon\AppFltr.dll.tmp ;DELETE;
C:\WINDOWS\TEMP\~nsu.tmp\Au_.exe ;DELETE;
C:\WINDOWS\TEMP\~nsu.tmp ;DELETE;
C:\WINDOWS\system32\drivers\bdfsfltr.sys ;DELETE;
C:\WINDOWS\TEMP\nsmC.tmp ;DELETE;
C:\Program Files\360\360sd\ ;DELETE;
073941D59AE065910064B728DEE981EE 360320 C:\WINDOWS\SYSTEM32\DRIVERS\TCPIP.SYS [ Microsoft Corporation ]
  => [V] 360576 5.1.2600.2892 C:\WINDOWS\$hf_mig$\KB917953\SP2QFE\tcpip.sys
  => [V] 360832 5.1.2600.3244 C:\WINDOWS\$hf_mig$\KB941644\SP2QFE\tcpip.sys
  => [V] 360960 5.1.2600.3394 C:\WINDOWS\$hf_mig$\KB951748\SP2QFE\tcpip.sys
  => [V] 361600 5.1.2600.5625 C:\WINDOWS\$hf_mig$\KB951748\SP3GDR\tcpip.sys
  => [V] 361600 5.1.2600.5625 C:\WINDOWS\$hf_mig$\KB951748\SP3QFE\tcpip.sys
  => [-] 360448 5.1.2600.2827 C:\WINDOWS\$NtUninstallKB917953$\tcpip.sys
  => [-] 359808 5.1.2600.2892 C:\WINDOWS\$NtUninstallKB941644$\tcpip.sys
  => [-] 360064 5.1.2600.3244 C:\WINDOWS\$NtUninstallKB951748$\tcpip.sys
  => [V] 359040 5.1.2600.2180 C:\WINDOWS\ServicePackFiles\i386\TCPIP.SYS
  => [-] 361344 5.1.2600.5512 C:\WINDOWS\SoftwareDistribution\Download\6b2c4bacf574aced34f94a4e03f6907d\tcpip.sys
  => [-] 361344 5.1.2600.5512 C:\WINDOWS\SoftwareDistribution\Download\93482b049601aa0789f1d0914abbb4e8\tcpip.sys
  => [-] 360320 5.1.2600.3394 C:\WINDOWS\system32\DllCache\TCPIP.SYS
================================================================================
服務 \ 驅動 列表:
顯示方式 :  啟動狀態  服務名稱;顯示名稱;檔案名稱
================================================================================
IE 首頁設定:
Internet Explorer Version: 8.0.6001.18702
HKCU - Search Page = hxxp://tw.rd.yahoo.com/customize/ie/defaults/sp/msgr9/*hxxp://tw.search.yahoo.com
HKCU - Start Page = hxxp://tw.yahoo.com/
HKCU - Extra menu item: Foxy 下載 - res://C:\Program Files\Foxy\Foxy.exe/download.htm
HKCU - Extra menu item: Foxy 搜尋 - res://C:\Program Files\Foxy\Foxy.exe/search.htm
HKCU - Extra menu item: Google 網頁註解... - res://C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_60D6097707281E79.dll/cmsidewiki.html
HKCU - Extra menu item: 啃僅珨狟垀恁恅趼 (&B) - C:\Program Files\Common Files\Baidu\Baidu.html
HKCU - Extra menu item: 添加到AMV視頻轉換工具... - C:\Program Files\MP3播放器管理工具 4.10\AMVConverter\grab.html
HKCU - Extra menu item: 添加到媒體管理器... - C:\Program Files\MP3播放器管理工具 4.10\MediaManager\grab.html
HKLM - SearchAssistant: hxxp://www.baidu.com/baidu?tn=yokcom_pg
HKLM - Extensions: {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe
HKLM - Extensions: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
HKLM - Extensions: {F8475519-8412-4D40-A46E-692D9D04DF7F}
HKLM - Extensions: {FB5F1910-F110-11d2-BB9E-00C04F795683}
LSP: c:\windows\system32\nwprovau.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\hidedesktopicons\newstartpanel]
{20D04FE0-3AEA-1069-A2D8-08002B30309D}=DWORD:00000001
{450D8FBA-AD25-11D0-98A8-0800361B1103}=DWORD:00000001
{208D2C60-3AEA-1069-A2D7-08002B30309D}=DWORD:00000001
{871C5380-42A0-1069-A2EA-08002B30309D}=DWORD:00000001
************************* HKLM\...\NAMESPACE *************************
.
{11016101-E366-4D22-BC06-4ADA335C892B} - IE History and Feeds Shell Data Source for Windows Search
{1f4de370-d627-11d1-ba4f-00a0c91eedba} - My Computer
{450D8FBA-AD25-11D0-98A8-0800361B1103} - My Documents
{645FF040-5081-101B-9F08-00AA002F954E} - Recycle Bin
{e17d4fc0-5564-11d1-83f2-00a0c90dc849} - Windows Search
************************* HKCU\...\NAMESPACE *************************
.
************************* HKU\(S-1-1-21...)\NAMESPACE ****************
.
************************* HKCR\CLSID\...\COMMAND *********************
.
[HKEY_CLASSES_ROOT\CLSID\{194BBF37-1855-418C-9977-C802E94E7D57}\shell\gQ鉀. . . \command]
@=C:\PROGRA~1\IAC\I-SYNC~1\ok278p.exe
[HKEY_CLASSES_ROOT\CLSID\{194BBF37-1855-418C-9977-C802E94E7D57}\shell\<h_S. . . \command]
@=C:\PROGRA~1\IAC\I-SYNC~1\ok278f.exe
[HKEY_CLASSES_ROOT\CLSID\{20D04FE0-3AEA-1069-A2D8-08002B30309D}\shell\DevMgr\command]
@=mmc.exe %C:\WINDOWS%\SYSTEM32\devmgmt.msc
[HKEY_CLASSES_ROOT\CLSID\{20D04FE0-3AEA-1069-A2D8-08002B30309D}\shell\Service\command]
@=mmc.exe %C:\WINDOWS%\SYSTEM32\services.msc
************************* HKLM\SOFTWARE\Classes\CLSID\...\COMMAND ****
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{194BBF37-1855-418C-9977-C802E94E7D57}\shell\gQ鉀. . . \command]
@=C:\PROGRA~1\IAC\I-SYNC~1\ok278p.exe
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{194BBF37-1855-418C-9977-C802E94E7D57}\shell\<h_S. . . \command]
@=C:\PROGRA~1\IAC\I-SYNC~1\ok278f.exe
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{20D04FE0-3AEA-1069-A2D8-08002B30309D}\shell\DevMgr\command]
@=mmc.exe %C:\WINDOWS%\SYSTEM32\devmgmt.msc
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{20D04FE0-3AEA-1069-A2D8-08002B30309D}\shell\Service\command]
@=mmc.exe %C:\WINDOWS%\SYSTEM32\services.msc
************************* HKCU\SOFTWARE\Classes\CLSID\...\COMMAND ****
.
[HKEY_CURRENT_USER\SOFTWARE\Classes\CLSID\{194BBF37-1855-418C-9977-C802E94E7D57}\shell\gQ鉀. . . \command]
@=C:\PROGRA~1\IAC\I-SYNC~1\ok278p.exe
[HKEY_CURRENT_USER\SOFTWARE\Classes\CLSID\{194BBF37-1855-418C-9977-C802E94E7D57}\shell\<h_S. . . \command]
@=C:\PROGRA~1\IAC\I-SYNC~1\ok278f.exe
[HKEY_CURRENT_USER\SOFTWARE\Classes\CLSID\{20D04FE0-3AEA-1069-A2D8-08002B30309D}\shell\DevMgr\command]
@=mmc.exe %C:\WINDOWS%\SYSTEM32\devmgmt.msc
[HKEY_CURRENT_USER\SOFTWARE\Classes\CLSID\{20D04FE0-3AEA-1069-A2D8-08002B30309D}\shell\Service\command]
@=mmc.exe %C:\WINDOWS%\SYSTEM32\services.msc
[HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\chaosu.exe\shell\open\command]
@=C:\Program Files\Chaosu\chaosu.exe
[HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\mxie.exe\shell\open\command]
@=
************************* FILES SCAN *********************************
C:\Documents and Settings\Administrator\桌面\
0911219420-ok.jpg - C:\Documents and Settings\Administrator\桌面\0911219420-ok.jpg   [ N/A ]
1.doc - C:\Documents and Settings\Administrator\桌面\1.doc   [ N/A ]
123456789.doc - C:\Documents and Settings\Administrator\桌面\123456789.doc   [ N/A ]
1479.jpg - C:\Documents and Settings\Administrator\桌面\1479.jpg   [ N/A ]
360sd_se_1.2.0.1321M.exe - C:\Documents and Settings\Administrator\桌面\360sd_se_1.2.0.1321M.exe   [ 360.cn ]
66054_486585450627_174675545627_6905349_6662672_n.jpg - C:\Documents and Settings\Administrator\桌面\66054_486585450627_174675545627_6905349_6662672_n.jpg   [ N/A ]
73107_172300649453845_100000217323081_631992_7639060_n.jpg - C:\Documents and Settings\Administrator\桌面\73107_172300649453845_100000217323081_631992_7639060_n.jpg   [ N/A ]
9420.jpg - C:\Documents and Settings\Administrator\桌面\9420.jpg   [ N/A ]
EF2010101604.EXE - C:\Documents and Settings\Administrator\桌面\EF2010101604.EXE   [ N/A ]
LiuInstall.exe - C:\Documents and Settings\Administrator\桌面\LiuInstall.exe   [ Boshiamy C&C ]
LiuPortable.exe - C:\Documents and Settings\Administrator\桌面\LiuPortable.exe   [ Boshiamy C&C ]
RESUME.doc - C:\Documents and Settings\Administrator\桌面\RESUME.doc   [ N/A ]
RESUME1.doc - C:\Documents and Settings\Administrator\桌面\RESUME1.doc   [ N/A ]
Thumbs.db - C:\Documents and Settings\Administrator\桌面\Thumbs.db   [ N/A ]
十分.doc - C:\Documents and Settings\Administrator\桌面\十分.doc   [ N/A ]
受命於天.png - C:\Documents and Settings\Administrator\桌面\受命於天.png   [ N/A ]
田馥甄《TO HEBE》07-寂寞寂寞就好.mp3 - C:\Documents and Settings\Administrator\桌面\田馥甄《TO HEBE》07-寂寞寂寞就好.mp3   [ N/A ]
C:\Documents and Settings\Administrator\Application Data\MICROSOFT\INTERNET EXPLORER\QUICK LAUNCH\
Launch Internet Explorer Browser.lnk - C:\Program Files\Internet Explorer\iexplore.exe   [ Microsoft Corporation ]
Show Desktop.scf - C:\Documents and Settings\Administrator\Application Data\MICROSOFT\INTERNET EXPLORER\QUICK LAUNCH\Show Desktop.scf   [ N/A ]
Windows Media Player.lnk - C:\Program Files\Windows Media Player\wmplayer.exe /prefetch:1  [ Microsoft Corporation ]
Yahoo!奇摩Messenger.lnk - C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe   [ Yahoo! Inc. ]
啟動 Internet Explorer 瀏覽器.lnk - C:\Program Files\Internet Explorer\iexplore.exe   [ Microsoft Corporation ]
顯示桌面.scf - C:\Documents and Settings\Administrator\Application Data\MICROSOFT\INTERNET EXPLORER\QUICK LAUNCH\顯示桌面.scf   [ N/A ]
================================================================================
Win32/Conficker worm has not been found active in the memory.
Do you want to perform scanning and cleaning anyway? (y/n)
Nothing was found.
Checking for Win32/Conficker.AA files:
Nothing was found.
================================================================================
a:  Removable        0MB              0MB                               UNKNOWN
c:  Fixed            1150MB           14315MB          NTFS             READY
d:  Fixed            1597MB           14300MB          NTFS             READY
e:  CDROM            0MB              0MB                               NOTREADY
f:  CDROM            0MB              0MB                               NOTREADY
================================================================================
掃描結束時間: 2010-11-05 11:53:01.04
[/code]

[[i] 本帖最後由 chobitsuki 於 2010-11-5 12:38 PM 編輯 [/i]]

l12433 2010-11-4 07:20 PM

回覆 主題 的帖子

你這個現象我有遇過 = =,她好像是利用耕該捷徑的關聯去弄的,或者是修改整個捷徑的內容,你可能要先找到有沒有程式寄生在裡面,捷徑那個部分....,如果他不是更改關聯性的話,那就要全部手動改回來了。

如果大大不介意的話,可以留即時通我看看。

chobitsuki 2010-11-5 11:17 AM

可以交我怎麼修改嘛!我的即時通是[email]opggy@hotmail.com[/email]

st520788 2010-11-9 09:56 PM

回版大:
System Repair Engineer  免費綠色軟體 裡面就有可以修復 exe程式開啟問題的選項了|y05|

載點
[url]http://www.kztechs.com/sreng/download.html[/url]
頁: [1]
查看完整版本: 電腦表單捷徑中毒!附LOG CODE