mokotw


Logfile of HijackThis v1.99.1 Scan saved at PM 05:…

Posted in virus 由 mokotw 於 六月 4, 2006

Logfile of HijackThis v1.99.1
Scan saved at PM 05:02:31, on 2006/5/25
Platform: Windows ME (Win9x 4.90.3000)
MSIE: Internet Explorer v5.50 (5.50.4134.0100)

Running processes:
C:\WINDOWS\SYSTEM\KERNEL32.DLL
C:\WINDOWS\SYSTEM\MSGSRV32.EXE
C:\WINDOWS\SYSTEM\MPREXE.EXE
C:\WINDOWS\SYSTEM\MSTASK.EXE
C:\WINDOWS\SYSTEM\mmtask.tsk
C:\WINDOWS\EXPLORER.EXE
C:\WINDOWS\SYSTEM\RESTORE\STMGR.EXE
C:\WINDOWS\TASKMON.EXE
C:\PROGRAM FILES\COMMON FILES\REAL\UPDATE_OB\REALSCHED.EXE
C:\WINDOWS\LOADQM.EXE
C:\PROGRAM FILES\MSN APPS\UPDATER1.03.0000.1005\ZH-TW\MSNAPPAU.EXE
C:\PROGRAM FILES\SWT2000\HCM.EXE
C:\WINDOWS\SYSTEM\INTERNAT.EXE
C:\WINDOWS\SYSTEM\SYSTRAY.EXE
C:\PROGRAM FILES\MSN MESSENGER\MSNMSGR.EXE
C:\PROGRAM FILES\SPYWARE DOCTOR\SWDOCTOR.EXE
C:\WINDOWS\SYSTEM\KERNE0223.EXE
C:\PROGRAM FILES\ACARD\ONNOW.EXE
C:\WINDOWS\SYSTEM\WMIEXE.EXE
C:\PROGRAM FILES\HIJACKTHIS\HIJACKTHIS.EXE

O2 – BHO: AcroIEHlprObj Class – {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} – C:\PROGRAM FILES\ADOBE\ACROBAT 5.0\READER\ACTIVEX\ACROIEHELPER.OCX
O2 – BHO: MSNToolBandBHO – {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} – C:\PROGRAM FILES\MSN APPS\MSN TOOLBAR1.02.5000.1021\ZH-TW\MSNTB.DLL
O2 – BHO: ST – {9394EDE7-C8B5-483E-8773-474BF36AF6E4} – C:\PROGRAM FILES\MSN APPS\ST1.03.0000.1005\EN-XU\STMAIN.DLL
O2 – BHO: PCTools Site Guard – {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} – C:\PROGRA~1\SPYWAR~1\TOOLS\IESDSG.DLL
O2 – BHO: PCTools Browser Monitor – {B56A7D7D-6927-48C8-A975-17DF180C71AC} – C:\PROGRA~1\SPYWAR~1\TOOLS\IESDPB.DLL
O3 – Toolbar: MSN – {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} – C:\PROGRAM FILES\MSN APPS\MSN TOOLBAR1.02.5000.1021\ZH-TW\MSNTB.DLL
O3 – Toolbar: @msdxmLC.dll,-1@1028,收音機[&R] – {8E718888-423F-11D2-876E-00A0C9082467} – C:\WINDOWS\SYSTEM\MSDXM.OCX
O4 – HKLM\..\Run: [TaskMonitor] C:\WINDOWS\taskmon.exe
O4 – HKLM\..\Run: [PCHealth] C:\WINDOWS\PCHealth\Support\PCHSchd.exe -s
O4 – HKLM\..\Run: [TkBellExe] “C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 – HKLM\..\Run: [LoadQM] loadqm.exe
O4 – HKLM\..\Run: [msnappau] “C:\Program Files\MSN Apps\Updater1.03.0000.1005\zh-tw\msnappau.exe"
O4 – HKLM\..\Run: [SDM4500P] C:\Program Files\SWT2000\HCM.exe
O4 – HKLM\..\Run: [internat.exe] internat.exe
O4 – HKLM\..\Run: [ScanRegistry] C:\WINDOWS\scanregw.exe /autorun
O4 – HKLM\..\Run: [SystemTray] SysTray.Exe
O4 – HKLM\..\Run: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 – HKLM\..\RunServices: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 – HKLM\..\RunServices: [SchedulingAgent] mstask.exe
O4 – HKLM\..\RunServices: [*StateMgr] C:\WINDOWS\System\Restore\StateMgr.exe
O4 – HKCU\..\Run: [MsnMsgr] “C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 – HKCU\..\Run: [Spyware Doctor] “C:\PROGRAM FILES\SPYWARE DOCTOR\SWDOCTOR.EXE" /Q
O4 – HKCU\..\Run: [Kerne0223] C:\WINDOWS\SYSTEM\Kerne0223.exe
O4 – HKCU\..\RunServices: [MsnMsgr] “C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 – HKCU\..\RunServices: [Spyware Doctor] “C:\PROGRAM FILES\SPYWARE DOCTOR\SWDOCTOR.EXE" /Q
O4 – HKCU\..\RunServices: [Kerne0223] C:\WINDOWS\SYSTEM\Kerne0223.exe
O4 – Startup: OnNow.lnk = C:\Program Files\ACARD\OnNow.EXE
O4 – Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O9 – Extra button: Related – {c95fe080-8f5d-11d2-a20b-00aa003c157a} – C:\WINDOWS\web\related.htm
O9 – Extra ‘Tools’ menuitem: Show &Related Links – {c95fe080-8f5d-11d2-a20b-00aa003c157a} – C:\WINDOWS\web\related.htm
O9 – Extra button: Spyware Doctor – {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} – C:\PROGRA~1\SPYWAR~1\TOOLS\IESDPB.DLL
O16 – DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) – http://messenger.msn.com/download/msnmessengersetupdownloader.cab
O16 – DPF: Yahoo! Reversi – http://download.games.yahoo.com/games/clients/y/rt0_x.cab
O16 – DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) – http://www.kaspersky.com/kos/english/kavwebscan_ansi.cab

移除 kerne0223.dll

重新啓動電腦. 之後用 HijackThis、Panda ActiveScan 掃描電腦,然後貼上 HijackThis、Panda ActiveScan 掃描記錄.

廣告

發表迴響

在下方填入你的資料或按右方圖示以社群網站登入:

WordPress.com Logo

您的留言將使用 WordPress.com 帳號。 登出 / 變更 )

Twitter picture

您的留言將使用 Twitter 帳號。 登出 / 變更 )

Facebook照片

您的留言將使用 Facebook 帳號。 登出 / 變更 )

Google+ photo

您的留言將使用 Google+ 帳號。 登出 / 變更 )

連結到 %s


%d 位部落客按了讚: