求助 - 中毒Trojan-psw.win32.magania.im - 第3頁

quasar · 2007-03-16, 06:37 AM

執行模組service.exe\service.exe
我用卡巴司機找出來的刪不掉一直出現~~

2007-04-29, 11:34 PM

可以幫我看一下嗎...
我用好多線上掃毒都不知道有沒有掃乾淨...
我是用卡巴掃毒..他顯示有毒的檔案室services.exe
謝謝~~~

Logfile of HijackThis v1.98.0
Scan saved at 下午 11:24:30, on 2007/4/29
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
E:\WINDOWS\System32\smss.exe
E:\WINDOWS\system32\winlogon.exe
E:\WINDOWS\system32\services.exe
E:\WINDOWS\system32\lsass.exe
E:\WINDOWS\system32\svchost.exe
E:\WINDOWS\System32\svchost.exe
E:\WINDOWS\system32\spoolsv.exe
E:\WINDOWS\Installer\services.exe
E:\WINDOWS\Explorer.EXE
E:\WINDOWS\RTHDCPL.EXE
E:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe
E:\Program Files\Lexmark 5400 Series\lxctmon.exe
E:\Program Files\Lexmark 5400 Series\ezprint.exe
E:\WINDOWS\vsnphv71.exe
E:\Program Files\Kaspersky Lab\Kaspersky Internet Security 6.0\avp.exe
E:\Program Files\Kaspersky Lab\Kaspersky Internet Security 6.0\avp.exe
E:\Program Files\Gigabyte\ET5\GUI.exe
E:\WINDOWS\system32\lxctcoms.exe
E:\WINDOWS\system32\ctfmon.exe
E:\Program Files\MSN Messenger\MsnMsgr.Exe
E:\WINDOWS\system32\nvsvc32.exe
E:\WINDOWS\system32\svchost.exe
E:\WINDOWS\system32\wuauclt.exe
E:\WINDOWS\system32\conime.exe
E:\Program Files\Sleipnir_cht\Sleipnir.exe
F:\程式檔\hijackthis23344\hijackthis23344.exe

F2 - REG:system.ini: UserInit=E:\WINDOWS\system32\userinit.exe,E:\WINDOWS\Installer\services.exe,
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - E:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Lexmark 工具列 - {1017A80C-6F09-4548-A84D-EDD6AC9525F0} - E:\Program Files\Lexmark Toolbar\toolband.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - E:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: AcroIEToolbarHelper Class - {AE7CD045-E861-484f-8273-0445EE161910} - E:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - E:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: Lexmark 工具列 - {1017A80C-6F09-4548-A84D-EDD6AC9525F0} - E:\Program Files\Lexmark Toolbar\toolband.dll
O4 - HKLM\..\Run: [IMJPMIG8.1] "E:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [SkyTel] SkyTel.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [JMB36X IDE Setup] E:\WINDOWS\JM\JMInsIDE.exe
O4 - HKLM\..\Run: [36X Raid Configurer] E:\WINDOWS\system32\JMRaidSetup.exe boot
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE E:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE E:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [CJIMETIPSYNC] E:\Program Files\Common Files\Microsoft Shared\IME\IMTC65\CHANGJIE\CINTLCFG.EXE /CJIMETIPSync
O4 - HKLM\..\Run: [PHIMETIPSYNC] E:\Program Files\Common Files\Microsoft Shared\IME\IMTC65\PHONETIC\TINTLCFG.EXE /PHIMETIPSync
O4 - HKLM\..\Run: [Acrobat Assistant 7.0] "E:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe"
O4 - HKLM\..\Run: [lxctmon.exe] "E:\Program Files\Lexmark 5400 Series\lxctmon.exe"
O4 - HKLM\..\Run: [Lexmark 5400 Series Fax Server] "E:\Program Files\Lexmark 5400 Series\fm3032.exe" /s
O4 - HKLM\..\Run: [EzPrint] "E:\Program Files\Lexmark 5400 Series\ezprint.exe"
O4 - HKLM\..\Run: [LXCTCATS] rundll32 E:\WINDOWS\System32\spool\DRIVERS\W32X86\3\LXCTtime.dll,_RunDLLEntry@16
O4 - HKLM\..\Run: [SNPHV71] E:\WINDOWS\vsnphv71.exe
O4 - HKLM\..\Run: [AVP] "E:\Program Files\Kaspersky Lab\Kaspersky Internet Security 6.0\avp.exe"
O4 - HKLM\..\Run: [WinampAgent] "E:\Program Files\Winamp\Winampa.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] E:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [UserFaultCheck] %systemroot%\system32\dumprep 0 -u
O4 - HKLM\..\Run: [EasyTuneV] E:\Program Files\Gigabyte\ET5\ETcall.exe
O4 - HKCU\..\Run: [ctfmon.exe] E:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MsnMsgr] "E:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - Global Startup: Adobe Acrobat Speed Launcher.lnk = ?SystemRoot%\Installer\{AC76BA86-1028-0000-7760-000000000002}\SC_Acrobat.exe
O8 - Extra context menu item: 加入廣告橫幅攔截 - E:\Program Files\Kaspersky Lab\Kaspersky Internet Security 6.0\ie_banner_deny.htm
O8 - Extra context menu item: 匯出至 Microsoft Office Excel(&X) - res://E:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: 轉換到現有 PDF - res://E:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: 轉換為 Adobe PDF - res://E:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: 轉換連結目標到現有 PDF - res://E:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: 轉換連結目標為 Adobe PDF - res://E:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: 轉換選定的連結到現有 PDF - res://E:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: 轉換選定的連結為 Adobe PDF - res://E:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: 轉換選擇內容到現有 PDF - res://E:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: 轉換選擇內容為 Adobe PDF - res://E:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O9 - Extra button: Web Anti-Virus statistics - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - E:\Program Files\Kaspersky Lab\Kaspersky Internet Security 6.0\scieplugin.dll
O9 - Extra button: 參考資料 - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - E:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - E:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - E:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {04E214E5-63AF-4236-83C6-A7ADCBF9BD02} (HouseCall 線上掃毒) - http://housecall60.trendmicro.com/housecall/xscan60.cab
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/eng/par...an_unicode.cab
O16 - DPF: {12755229-656A-4508-BC94-2DA4D314B4C8} (CathayMyATM.ATMFunc) - https://www.mybank.com.tw/myatm/cab/CathayMyATM.CAB
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/S...in/AvSniff.cab
O16 - DPF: {5C253D25-00FD-4703-9924-E53792DF98C9} (CathayMyATM2.EsConn) - https://www.mybank.com.tw/MyATM/cab/CathayMyATM2.CAB
O16 - DPF: {5D5EF079-C21D-47EE-9249-D4E89C8D3E43} (BullCSP Class) - https://my.taishinbank.com.tw/ActiveX/eATM/Bull.cab
O16 - DPF: {603B9E6C-0467-4C23-8098-ACC2ED6FEB75} (TSBankTSCC Class) - https://my.taishinbank.com.tw/ActiveX/eATM/TSBANK.cab
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/S.../bin/cabsa.cab
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (趨勢科技線上掃毒程式) - http://a840.g.akamai.net/7/840/537/2...ll/xscan53.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/actives...ree/asinst.cab
O16 - DPF: {D4323BF2-006A-4440-A2F5-27E3E7AB25F8} (Virtools WebPlayer Class) - http://a532.g.akamai.net/f/532/6712/.../installer.exe
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - E:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - E:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O20 - AppInit_DLLs: E:\PROGRA~1\KASPER~1\KASPER~1.0\adialhk.dll

plunderer · 2007-04-30, 01:35 AM

引用:

作者: kayfang

可以幫我看一下嗎...
我用好多線上掃毒都不知道有沒有掃乾淨...
我是用卡巴掃毒..他顯示有毒的檔案室services.exe
謝謝~~~

E:\WINDOWS\Installer\services.exe

F2 - REG:system.ini: UserInit=E:\WINDOWS\system32\userinit.exe,E:\WINDOWS\Installer\services.exe,

O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)

O16 - DPF: {D4323BF2-006A-4440-A2F5-27E3E7AB25F8} (Virtools WebPlayer Class) - http://a532.g.akamai.net/f/532/6712/.../installer.exe

上面這些都要勾選並修復, 然後以安全模式進入windows, 刪除WINDOWS\Installer\services.exe

2007-05-04, 10:31 AM

用AVS掃瞄出在services\services.exe
以下是掃瞄報告，麻煩一下，感謝(文字過多分為3則)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\AOL\Active Virus Shield\avp.exe
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\AOL\Active Virus Shield\avp.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\fpdisp5a.exe
C:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATI9BP.EXE
C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\KKBOX\KKBOX_Tray.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\PhxPsSvr.exe
C:\WINDOWS\system32\PhxVtSvr.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\SolidDocuments\SolidConverterPDF\SCPDF\SolidPdfService.exe
C:\Program Files\Easy File Sharing Web Server\fsws.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Program Files\Skype\Plugin Manager\SkypePM.exe
C:\Program Files\Outlook Express\msimn.exe
C:\WINDOWS\system32\javaw.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\Installer\services.exe
K:\HiJackThis_v2.exe

2007-05-04, 10:32 AM

F2 - REG:system.ini: UserInit=userinit.exe,C:\WINDOWS\system\svchost.exe,C:\WINDOWS\Installer\services.exe,
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Solid Converter PDF - {259F616C-A300-44F5-B04A-ED001A26C85C} - C:\Program Files\SolidDocuments\SolidConverterPDF\SCPDF\ExploreExtPDF.dll
O2 - BHO: flashget urlcatch - {2F364306-AA45-47B5-9F9D-39A8B94E7EF7} - C:\Program Files\FlashGet\jccatch.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll
O2 - BHO: FlashGet GetFlash Class - {F156768E-81EF-470C-9057-481BA8380DBA} - C:\Program Files\FlashGet\getflash.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: Solid Converter PDF - {259F616C-A300-44F5-B04A-ED001A26C85C} - C:\Program Files\SolidDocuments\SolidConverterPDF\SCPDF\ExploreExtPDF.dll
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [SkyTel] SkyTel.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [ALaunch] c:\sysprep\ALaunch.exe
O4 - HKLM\..\Run: [Recover Pro] "C:\Program Files\Phoenix Technologies\Applications\RPro\XP\VBPTASK.EXE" VBStart
O4 - HKLM\..\Run: [aol] "C:\Program Files\AOL\Active Virus Shield\avp.exe"
O4 - HKLM\..\Run: [CJIMETIPSYNC] C:\Program Files\Common Files\Microsoft Shared\IME\IMTC65\CHANGJIE\CINTLCFG.EXE /CJIMETIPSync
O4 - HKLM\..\Run: [PHIMETIPSYNC] C:\Program Files\Common Files\Microsoft Shared\IME\IMTC65\PHONETIC\TINTLCFG.EXE /PHIMETIPSync
O4 - HKLM\..\Run: [FinePrint 分派器 v5] "C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\fpdisp5a.exe" /source=HKLM
O4 - HKLM\..\Run: [Acrobat Assistant 7.0] "C:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe"
O4 - HKLM\..\Run: [\\2009hong\EPSON Stylus CX3500 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATI9BP.EXE /P37 "\\2009hong\EPSON Stylus CX3500 Series" /O6 "USB001" /M "Stylus CX3500"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [KKBOX Tray Icon] C:\Program Files\KKBOX\KKBOX_Tray.exe
O4 - HKUS\S-1-5-19\..\Run: [ctfmon.exe] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [ctfmon.exe] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [ctfmon.exe] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [ctfmon.exe] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O8 - Extra context menu item: &使用 FlashGet 下載 - C:\Program Files\FlashGet\jc_link.htm
O8 - Extra context menu item: &全部使用 FlashGet 下載 - C:\Program Files\FlashGet\jc_all.htm
O8 - Extra context menu item: 匯出至 Microsoft Office Excel(&X) - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: 轉換到現有 PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: 轉換為 Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: 轉換連結目標到現有 PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: 轉換連結目標為 Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: 轉換選定的連結到現有 PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: 轉換選定的連結為 Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: 轉換選擇內容到現有 PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: 轉換選擇內容為 Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java 主控台 - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\Program Files\FlashGet\FlashGet.exe
O9 - Extra 'Tools' menuitem: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\Program Files\FlashGet\FlashGet.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=http://www.asus.com
O15 - Trusted Zone: http://*.10.1.15.230

2007-05-04, 10:33 AM

O16 - DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} (Office Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=58813
O16 - DPF: {07597574-DADB-4209-96A0-C4F07CF8E841} (LikeInstaller Class) - http://10.1.15.179/ishare/Patch/RHLSetup.cab
O16 - DPF: {43C8A007-1C98-4994-8B9C-B16F7FACCA7E} (emakerx Control) - http://10.1.150.72/emakerx.cab
O16 - DPF: {476AB17F-EBF8-402D-82F8-3532A4A7A997} (SKBankICX Control) - https://skatm.skbank.com.tw/WebATMCl.../SKBankICX.cab
O16 - DPF: {C4847596-972C-11D0-9567-00A0C9273C2A} (Crystal Report Viewer Control) - http://10.1.15.230/skhod/rpt/activexviewer.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{830B2DE2-0C31-41B6-B941-098AB065037D}: NameServer = 10.1.150.1
O18 - Protocol: about - {3050F406-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll
O18 - Protocol: cdl - {3DD53D40-7B8B-11D0-B013-00AA0059CE02} - C:\WINDOWS\system32\urlmon.dll
O18 - Protocol: dvd - {12D51199-0DB5-46FE-A120-47A3D7D937CC} - C:\WINDOWS\system32\msvidctl.dll
O18 - Protocol: file - {79EAC9E7-BAF9-11CE-8C82-00AA004BA90B} - C:\WINDOWS\system32\urlmon.dll
O18 - Protocol: ftp - {79EAC9E3-BAF9-11CE-8C82-00AA004BA90B} - C:\WINDOWS\system32\urlmon.dll
O18 - Protocol: gopher - {79EAC9E4-BAF9-11CE-8C82-00AA004BA90B} - C:\WINDOWS\system32\urlmon.dll
O18 - Protocol: http - {79EAC9E2-BAF9-11CE-8C82-00AA004BA90B} - C:\WINDOWS\system32\urlmon.dll
O18 - Protocol: https - {79EAC9E5-BAF9-11CE-8C82-00AA004BA90B} - C:\WINDOWS\system32\urlmon.dll
O18 - Protocol: ipp - (no CLSID) - (no file)
O18 - Protocol: its - {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\WINDOWS\system32\itss.dll
O18 - Protocol: javascript - {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll
O18 - Protocol: local - {79EAC9E7-BAF9-11CE-8C82-00AA004BA90B} - C:\WINDOWS\system32\urlmon.dll
O18 - Protocol: mailto - {3050F3DA-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll
O18 - Protocol: mhtml - {05300401-BCBC-11D0-85E3-00C04FD85AB4} - C:\WINDOWS\system32\inetcomm.dll
O18 - Protocol: mk - {79EAC9E6-BAF9-11CE-8C82-00AA004BA90B} - C:\WINDOWS\system32\urlmon.dll
O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll
O18 - Protocol: ms-its - {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\WINDOWS\system32\itss.dll
O18 - Protocol: ms-itss - {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Program Files\Common Files\Microsoft Shared\Information Retrieval\MSITSS.DLL
O18 - Protocol: msdaipp - (no CLSID) - (no file)
O18 - Protocol: mso-offdap - {3D9F03FA-7A94-11D3-BE81-0050048385D1} - C:\PROGRA~1\COMMON~1\MICROS~1\WEBCOM~1\10\OWC10.DLL
O18 - Protocol: mso-offdap11 - {32505114-5902-49B2-880A-1F7738E5A384} - C:\PROGRA~1\COMMON~1\MICROS~1\WEBCOM~1\11\OWC11.DLL
O18 - Protocol: res - {3050F3BC-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O18 - Protocol: sysimage - {76E67A63-06E9-11D2-A840-006008059382} - C:\WINDOWS\system32\mshtml.dll
O18 - Protocol: tv - {CBD30858-AF45-11D2-B6D6-00C04FBBDE6E} - C:\WINDOWS\system32\msvidctl.dll
O18 - Protocol: vbscript - {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll
O18 - Protocol: wia - {13F3EA8B-91D7-4F0A-AD76-D2853AC8BECE} - C:\WINDOWS\system32\wiascr.dll
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Active Virus Shield (AVP) - AOL - C:\Program Files\AOL\Active Virus Shield\avp.exe
O23 - Service: Easy File Sharing Web Service - EFS Software, Inc. - C:\Program Files\Easy File Sharing Web Server\fswsService.exe
O23 - Service: HP Port Resolver - Hewlett-Packard Company - C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\HPBPRO.EXE
O23 - Service: HP Status Server - Hewlett-Packard Company - C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\HPBOID.EXE
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: Phoenix PSA Service (PhnxPsaService) - Phoenix Technologies Ltd. - C:\WINDOWS\system32\PhxPsSvr.exe
O23 - Service: Phoenix Vault Service (PhnxVaultService) - Phoenix Technologies Ltd. - C:\WINDOWS\system32\PhxVtSvr.exe
O23 - Service: SolidPDFConverterReadSpool (ScReadSpool) - VoyagerSoft, LLC - C:\Program Files\SolidDocuments\SolidConverterPDF\SCPDF\SolidPdfService.exe

plunderer · 2007-05-04, 09:10 PM

C:\WINDOWS\system\svchost.exe
C:\WINDOWS\Installer\services.exe

F2 - REG:system.ini: UserInit=userinit.exe,C:\WINDOWS\system\svchost.exe,C:\WINDOWS\Installer\service s.exe,

O16 - DPF: {07597574-DADB-4209-96A0-C4F07CF8E841} (LikeInstaller Class) - http://10.1.15.179/ishare/Patch/RHLSetup.cab

O16 - DPF: {43C8A007-1C98-4994-8B9C-B16F7FACCA7E} (emakerx Control) - http://10.1.150.72/emakerx.cab

O16 - DPF: {476AB17F-EBF8-402D-82F8-3532A4A7A997} (SKBankICX Control) - https://skatm.skbank.com.tw/WebATMCl.../SKBankICX.cab

O16 - DPF: {C4847596-972C-11D0-9567-00A0C9273C2A} (Crystal Report Viewer Control) - http://10.1.15.230/skhod/rpt/activexviewer.cab

O18 - Protocol: ipp - (no CLSID) - (no file)

O18 - Protocol: msdaipp - (no CLSID) - (no file)

勾選修復上述項目, 重新開機後刪除這兩個檔案
C:\WINDOWS\system\svchost.exe
C:\WINDOWS\Installer\services.exe

下面幾項我不確定是什麼軟體, 若你也不清楚, 那最好也修復並卸載該軟體
C:\WINDOWS\system32\PhxPsSvr.exe
C:\Program Files\Easy File Sharing Web Server\fsws.exe

O23 - Service: Easy File Sharing Web Service - EFS Software, Inc. - C:\Program Files\Easy File Sharing Web Server\fswsService.exe

O23 - Service: Phoenix Vault Service (PhnxVaultService) - Phoenix Technologies Ltd. - C:\WINDOWS\system32\PhxVtSvr.exe

2007-05-05, 11:51 AM

Logfile of Trend Micro HijackThis v2.0.0 (BETA)
Scan saved at 上午 11:38:24, on 2007/5/5
Platform: Windows XP SP2 (WinNT 5.01.2600)
Boot mode: Safe mode with network support

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Installer\services.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 6.0\avp.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Documents and Settings\Administrator\桌面\HiJackThis_v2.exe

R3 - Default URLSearchHook is missing
F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe,C:\WINDOWS\Installer\services.exe,
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {259F616C-A300-44F5-B04A-ED001A26C85C} - (no file)
O2 - BHO: ALiBaBar_Helper - {CE439C63-384A-747A-A357-23D96B5D652B} - C:\PROGRA~1\ALiBaBar\ALiBaBar.dll
O3 - Toolbar: ALiBaBar - {0A1375E1-56C2-11D6-8E45-8933A0FB5235} - C:\PROGRA~1\ALiBaBar\ALiBaBar.dll
O4 - HKLM\..\Run: [IMJPMIG8.1] ; "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [SiSUSBRG] C:\WINDOWS\SiSUSBrg.exe
O4 - HKLM\..\Run: [SiSPower] Rundll32.exe SiSPower.dll,ModeAgent
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [NeroFilterCheck] ; C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] ; C:\Program Files\Java\jre1.5.0_02\bin\jusched.exe
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] ; C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
O4 - HKLM\..\Run: [CJIMETIPSYNC] ; C:\Program Files\Common Files\Microsoft Shared\IME\IMTC65\CHANGJIE\CINTLCFG.EXE /CJIMETIPSync
O4 - HKLM\..\Run: [PHIMETIPSYNC] C:\Program Files\Common Files\Microsoft Shared\IME\IMTC65\PHONETIC\TINTLCFG.EXE /PHIMETIPSync
O4 - HKLM\..\Run: [Auto Scan Usb] C:\Program Files\Photofast上傳/ScanUsb.e
O4 - HKLM\..\Run: [AVP] "C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 6.0\avp.exe"
O4 - HKLM\..\Run: [MSConfig] C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-19\..\Run: [ctfmon.exe] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [ctfmon.exe] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [ctfmon.exe] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [ctfmon.exe] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O8 - Extra context menu item: 新增到卡巴斯基 - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 6.0\ie_banner_deny.htm
O9 - Extra button: Sun Java 主控台 - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_02\bin\npjpi150_02.dll
O9 - Extra 'Tools' menuitem: Sun Java 主控台 - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_02\bin\npjpi150_02.dll
O9 - Extra button: Web Anti-Virus - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 6.0\scieplugin.dll
O9 - Extra button: 參考資料 - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra 'Tools' menuitem: 參考資料 - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: D.S.Lite - {F8475519-8412-4D40-A46E-692D9D04DF7F} - D:\My 2006-05-01\Software\DSLite2\DSLite.exe
O9 - Extra 'Tools' menuitem: D.S.Lite - {F8475519-8412-4D40-A46E-692D9D04DF7F} - D:\My 2006-05-01\Software\DSLite2\DSLite.exe
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {1E15B1A7-95CA-4377-B893-697CD95951AE} (ClientATXCtrl Control) - http://www.wayi.com.tw/gameup/ClientATXCtrl.OCX
O16 - DPF: {20C2C286-BDE8-441B-B73D-AFA22D914DA5} (PowerList Control) - http://download.ppstream.com/bin/powerplayer.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsu...?1129539676218
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - http://go.divx.com/plugin/DivXBrowserPlugin.cab
O16 - DPF: {C7BD467B-0B38-442F-840F-3F048E7F6005} (RootKeyDistributor Class) - https://idcard.moica.hinet.net/ShopS...CHTPKI_PSE.cab
O16 - DPF: {D1E02AF8-6624-44EC-BB58-4422985A6E1C} (WebUpload.FastUpload) - http://www.photofast.com.tw/WebUpload.CAB
O16 - DPF: {E0BE586C-7C66-4909-94D6-D18BBBDD6373} (????????????) - http://www.filebank.co.jp/setup/win/fbx2.cab
O20 - AppInit_DLLs: "C:\PROGRA~1\KASPER~1\KASPER~1.0\adialhk.dll"
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: Kaspersky Internet Security 6.0 (AVP) - Kaspersky Lab - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 6.0\avp.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Unknown owner - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: MSCSPTISRV - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\MSCSPTISRV.exe
O23 - Service: PACSPTISVR - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\PACSPTISVR.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe

--
End of file - 6102 bytes

plunderer · 2007-05-05, 03:05 PM

C:\WINDOWS\Installer\services.exe

F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe,C:\WINDOWS\Installer\services.exe,

O2 - BHO: (no name) - {259F616C-A300-44F5-B04A-ED001A26C85C} - (no file)

勾選修復上述項目, 重新開機後刪除 C:\WINDOWS\Installer\services.exe

怪哉, 怎麼大家都中同樣的木馬......

2007-05-05, 03:08 PM

C:\WINDOWS\system32\msdll.dll感染ㄌ病毒Trojan-PSW.Win32.Magnia.oh.
也是用卡巴斯基但殺不掉!!

我也用大大提供ㄉTrend Micro HijackThis-v2.0.0(BETA)

以下是剩下ㄉ~~
請厲害ㄉ大大幫我檢查檢查!!!感激!!

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\Program Files\Microsoft AntiSpyware\gcasDtServ.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Common Files\Ahead\lib\NMBgMonitor.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
C:\Program Files\Executive Software\Diskeeper\DkService.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\iPod\bin\iPodService.exe
C:\Downloads\HiJackThis_v2.exe

O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: IeCatch2 Class - {A5366673-E8CA-11D3-9CD9-0090271D075B} - C:\PROGRA~1\FlashGet\jccatch.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: FlashGet Bar - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\fgiebar.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [IMJPMIG8.1] ; "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [IgfxTray] ; C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] ; C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [PRONoMgr.exe] ; C:\Program Files\Intel\NCS\PROSet\PRONoMgr.exe
O4 - HKLM\..\Run: [SoundMan] ; SOUNDMAN.EXE
O4 - HKLM\..\Run: [NWEReboot] ;
O4 - HKLM\..\Run: [KAVPersonal50] "C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Personal\kav.exe" /minimize
O4 - HKLM\..\Run: [DiskeeperSystray] ; "C:\Program Files\Executive Software\Diskeeper\DkIcon.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] ; C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [gcasServ] "C:\Program Files\Microsoft AntiSpyware\gcasServ.exe"
O4 - HKLM\..\Run: [Super Rabbit SRRestore] ; C:\PROGRA~1\SUPERR~1\magicset\SRRest.exe /FIRST
O4 - HKLM\..\Run: [CJIMETIPSYNC] C:\Program Files\Common Files\Microsoft Shared\IME\IMTC65\CHANGJIE\CINTLCFG.EXE /CJIMETIPSync
O4 - HKLM\..\Run: [PHIMETIPSYNC] C:\Program Files\Common Files\Microsoft Shared\IME\IMTC65\PHONETIC\TINTLCFG.EXE /PHIMETIPSync
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [StormCodec_Helper] "C:\Program Files\Ringz Studio\Storm Codec\StormSet.exe" /S /opti
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime Alternative\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
O4 - HKUS\S-1-5-19\..\Run: [ctfmon.exe] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [ctfmon.exe] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [ctfmon.exe] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [ctfmon.exe] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: Foxy 下載 - res://C:\Program Files\Foxy\Foxy.exe/download.htm
O8 - Extra context menu item: Foxy 搜尋 - res://C:\Program Files\Foxy\Foxy.exe/search.htm
O8 - Extra context menu item: 使用 FlashGet 下載 - C:\Program Files\FlashGet\jc_link.htm
O8 - Extra context menu item: 全部使用 FlashGet 下載 - C:\Program Files\FlashGet\jc_all.htm
O8 - Extra context menu item: 匯出至 Microsoft Office Excel(&X) - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: 在新的前景索引標籤中開啟 - res://C:\Program Files\Windows Live Toolbar\Components\zh-tw\msntabres.dll.mui/230?c524a3ac6c694b168f8cb206963e6fa9
O8 - Extra context menu item: 在新的背景索引標籤中開啟 - res://C:\Program Files\Windows Live Toolbar\Components\zh-tw\msntabres.dll.mui/229?c524a3ac6c694b168f8cb206963e6fa9
O9 - Extra button: 參考資料 - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\flashget.exe
O9 - Extra 'Tools' menuitem: &FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\flashget.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O17 - HKLM\System\CCS\Services\Tcpip\..\{A0951D9A-5C31-45D3-BF35-D61644DD4A54}: NameServer = 61.31.233.1 168.95.1.1
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: Diskeeper - Executive Software International, Inc. - C:\Program Files\Executive Software\Diskeeper\DkService.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod 服務 (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: kavsvc - Kaspersky Lab - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Personal\kavsvc.exe
O23 - Service: Intel NCS NetService (NetSvc) - Intel(R) Corporation - C:\Program Files\Intel\NCS\Sync\NetSvc.exe

--
End of file - 7311 bytes

謝謝你們囉^^

plunderer · 2007-05-05, 03:50 PM

重新開機, 按F8進入安全模式, 執行regedit.exe , 搜尋 msdll.dll 字串, 把所有找到的鍵及值全部刪除. 直到登錄檔中不存在 msdll.dll項

刪除 C:\WINDOWS\system32\msdll.dll

在安全模式下, 重新掃毒

正常開機後, 若還是發現 msdll.dll 報毒, 就表示有程式綑綁 msdll.dll 並在執行時釋放出並登錄
但你的 log 看起來是正常的, 無法判斷哪個程式可能綑綁木馬

2007-05-05, 05:33 PM

引用:

作者: plunderer

用 HiJackThis 掃描
http://www.trendsecure.com/portal/en...ackThis_v2.exe
看看日誌有什麼不正常的地方, 勾選並按 "Fix", 然後重新開機, 再直接刪除可疑的檔案

若看不懂, 把 log 貼上來

Logfile of Trend Micro HijackThis v2.0.0 (BETA)
Scan saved at 下午 05:55:00, on 2007/5/4
Platform: Windows XP SP2 (WinNT 5.01.2600)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\VIAudioi\SBADeck\ADeck.exe
C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Personal\kav.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\ATKKBService.exe
C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Personal\kavsvc.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\M\桌面\HiJackThis_v2.exe

F2 - REG:system.ini: UserInit=C:\WINDOWS\SYSTEM32\Userinit.exe,C:\WINDOWS\Installer\services.exe,
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [AudioDeck] C:\Program Files\VIAudioi\SBADeck\ADeck.exe 1
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [KAVPersonal50] "C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Personal\kav.exe" /minimize
O4 - HKLM\..\Run: [NvMediaCenter] RunDLL32.exe NvMCTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O8 - Extra context menu item: Foxy 下載 - res://C:\Program Files\Foxy\Foxy.exe/download.htm
O8 - Extra context menu item: Foxy 搜尋 - res://C:\Program Files\Foxy\Foxy.exe/search.htm
O8 - Extra context menu item: 匯出至 Microsoft Excel(&X) - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {20C2C286-BDE8-441B-B73D-AFA22D914DA5} (PowerList Control) - http://download.ppstream.com/bin/powerplayer.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{FD41765B-1234-4F25-A4E4-D7E4229D1A0C}: NameServer = 168.95.192.1 168.95.1.1
O18 - Protocol: about - {3050F406-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll
O18 - Protocol: cdl - {3DD53D40-7B8B-11D0-B013-00AA0059CE02} - C:\WINDOWS\system32\urlmon.dll
O18 - Protocol: cdo - {CD00020A-8B95-11D1-82DB-00C04FB1625D} - C:\Program Files\Common Files\Microsoft Shared\Web Folders\PKMCDO.DLL
O18 - Protocol: dvd - {12D51199-0DB5-46FE-A120-47A3D7D937CC} - C:\WINDOWS\system32\msvidctl.dll
O18 - Protocol: file - {79EAC9E7-BAF9-11CE-8C82-00AA004BA90B} - C:\WINDOWS\system32\urlmon.dll
O18 - Protocol: ftp - {79EAC9E3-BAF9-11CE-8C82-00AA004BA90B} - C:\WINDOWS\system32\urlmon.dll
O18 - Protocol: gopher - {79EAC9E4-BAF9-11CE-8C82-00AA004BA90B} - C:\WINDOWS\system32\urlmon.dll
O18 - Protocol: http - {79EAC9E2-BAF9-11CE-8C82-00AA004BA90B} - C:\WINDOWS\system32\urlmon.dll
O18 - Protocol: https - {79EAC9E5-BAF9-11CE-8C82-00AA004BA90B} - C:\WINDOWS\system32\urlmon.dll
O18 - Protocol: ipp - (no CLSID) - (no file)
O18 - Protocol: its - {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\WINDOWS\system32\itss.dll
O18 - Protocol: javascript - {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll
O18 - Protocol: local - {79EAC9E7-BAF9-11CE-8C82-00AA004BA90B} - C:\WINDOWS\system32\urlmon.dll
O18 - Protocol: mailto - {3050F3DA-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll
O18 - Protocol: mhtml - {05300401-BCBC-11D0-85E3-00C04FD85AB4} - C:\WINDOWS\system32\inetcomm.dll
O18 - Protocol: mk - {79EAC9E6-BAF9-11CE-8C82-00AA004BA90B} - C:\WINDOWS\system32\urlmon.dll
O18 - Protocol: ms-its - {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\WINDOWS\system32\itss.dll
O18 - Protocol: msdaipp - (no CLSID) - (no file)
O18 - Protocol: mso-offdap - {3D9F03FA-7A94-11D3-BE81-0050048385D1} - C:\PROGRA~1\COMMON~1\MICROS~1\WEBCOM~1\10\OWC10.DLL
O18 - Protocol: res - {3050F3BC-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll
O18 - Protocol: sysimage - {76E67A63-06E9-11D2-A840-006008059382} - C:\WINDOWS\system32\mshtml.dll
O18 - Protocol: tv - {CBD30858-AF45-11D2-B6D6-00C04FBBDE6E} - C:\WINDOWS\system32\msvidctl.dll
O18 - Protocol: vbscript - {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll
O18 - Protocol: wia - {13F3EA8B-91D7-4F0A-AD76-D2853AC8BECE} - C:\WINDOWS\system32\wiascr.dll
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: ATK Keyboard Service (ATKKeyboardService) - ASUSTeK COMPUTER INC. - C:\WINDOWS\ATKKBService.exe
O23 - Service: kavsvc - Kaspersky Lab - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Personal\kavsvc.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

--
End of file - 5746 bytes

這位大大麻煩救命...我是電腦白痴不知道要案哪個才是檢查全部的檔案...原先最後是顯示3000多的bytes...後來我用最後一個None開頭的東西檢查變成現在5746bytes~看不太懂英文~可以幫忙小女子作詳細的操作說明嗎?拜託了~感激不盡耶!!!

2007-05-07, 11:24 AM

我在安全模式用執行搜尋ㄌmsdll.dll
結果都沒有出現任何有msdll.dll的選項
我就開始掃毒~~~
前天掃ㄌ一次~~沒有發現任何病毒~~
就前往c:/windows/system32/msdll.dll
把它刪掉!!
重新開機後雖然卡巴斯基又警告我~~發現病毒
但是我按ㄌ她ㄉ選項"刪除"之後~~就沒再出現無法刪除ㄉ警告了!!

但是昨天~~起床開機之後~~
問題又出來了!!
病毒又冒出來了~~是一樣的!!
我又用同樣ㄉ步驟執行一次~~
掃毒之後~~這一次就在安全模式裡偵測到有病毒我就刪掉ㄌ
但重新回到正常模式時~~
病毒警告依然出現~~刪都刪不掉!!!

怎辦勒~~我要哭ㄌ!!!
請幫幫我~該不會要重灌電腦吧?!
我不要.......

2007-05-07, 08:40 PM

引用:

作者: plunderer

重新開機, 按F8進入安全模式, 執行regedit.exe , 搜尋 msdll.dll 字串, 把所有找到的鍵及值全部刪除. 直到登錄檔中不存在 msdll.dll項

刪除 C:\WINDOWS\system32\msdll.dll

在安全模式下, 重新掃毒

正常開機後, 若還是發現 msdll.dll 報毒, 就表示有程式綑綁 msdll.dll 並在執行時釋放出並登錄
但你的 log 看起來是正常的, 無法判斷哪個程式可能綑綁木馬

這個病毒無法用安全模式解法解!!這是service.exe這個程式綑綁的木馬，msdll.dll這個檔無法直接刪除(拒絕存取@@)
plunderer大前面教的方式大家可以試試看，我也是用卡巴6.0在5月5號中了msdll.dll這個檔案的病毒木馬，用了很多方法都無法刪除(卡巴叫我重開機就可以刪了，我重開了n次依然存在

)，後來去電卡巴台灣代理奕瑞科技他們客服說這是屬於開機程序的病毒(不懂@@)也是要我傳log檔給他們....上來這找了一會兒，發現很多人跟我的問題一樣，便爬了一下文，並依照plunderer的方法用HijackThis刪除service.exe，就可以了~
我想這次msdll.dll這個檔案的病毒應該讓很多電腦中毒而無法解，卡巴以及其他解毒大廠應該是傷透腦筋@@
感謝plunderer大不吝教導，又偷學了一招^^~

plunderer · 2007-05-08, 12:54 AM

引用:

作者: aries

我在安全模式用執行搜尋ㄌmsdll.dll
結果都沒有出現任何有msdll.dll的選項
我就開始掃毒~~~
前天掃ㄌ一次~~沒有發現任何病毒~~
就前往c:/windows/system32/msdll.dll
把它刪掉!!
重新開機後雖然卡巴斯基又警告我~~發現病毒
但是我按ㄌ她ㄉ選項"刪除"之後~~就沒再出現無法刪除ㄉ警告了!!

但是昨天~~起床開機之後~~
問題又出來了!!
病毒又冒出來了~~是一樣的!!
我又用同樣ㄉ步驟執行一次~~
掃毒之後~~這一次就在安全模式裡偵測到有病毒我就刪掉ㄌ
但重新回到正常模式時~~
病毒警告依然出現~~刪都刪不掉!!!

怎辦勒~~我要哭ㄌ!!!
請幫幫我~該不會要重灌電腦吧?!
我不要.......

上面很多人的問題都是出在這一行:
F2 - REG:system.ini: UserInit=C:\WINDOWS\SYSTEM32\Userinit.exe,C:\WINDOWS\Installer\services.exe,
但看你的 log 並沒有這一項, 所以我懷疑是其他程式綑綁木馬

若你確定沒有 C:\WINDOWS\Installer\services.exe 這個檔案(有就刪除)且每次開機都會報病毒, 表示隨開機啟動的某個程式有綑綁病毒
你可以試著以 msconfig 先停用不必要自動啟動的程式, 慢慢過濾, 看是哪個程式有問題

若你真的不會, 那就麻煩點, 把下列部分自動啟動的程式打包上傳, 我幫你分析程式

C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\Program Files\Ringz Studio\Storm Codec\StormSet.exe
C:\Program Files\QuickTime Alternative\qttask.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe

2007-05-09, 01:07 PM

這是我收到卡巴斯基(奕瑞科技)回覆的解毒方法，有中類似毒的可以參考一下^^~

親愛的使用者您好：

一、請您重新開機進入安全模式將下列路徑之檔案壓縮先行寄回：

1. C:\WINDOWS\Installer\services.exe,

2. C:\WINDOWS\help\69GH0BNS.dll

3. C:\WINDOWS\System32\msdll.dll

二、上述檔案寄回後，請您操作以下步驟：

1. 請您先清除暫存檔案 : Windows Temp 資料夾或 IE 暫存資料夾中的病毒檔案可能因系統正在使用中而無法清除，且因這些資料夾中檔案是 Windows 運作中產生的暫存檔，所以請依下列步驟刪除病毒檔案。

a.開啟IE -> 工具 -> 網際網路選項 -> 一般，在中間 Temporary Internet File 內按下刪除檔案，勾選刪除所有離線內容後點選確定。

b.在開始 -> 程式集(所有程式) -> 附屬應用程式 -> 系統工具中，選擇清理磁碟將所有磁碟的資料清除。

c.關閉XP 系統還原 : 某些病毒藏匿在此，會隨著系統還原又恢復檔案，在開始 -> 所有程式 -> 附屬應用程式 -> 系統工具中，選擇系統還原，關閉系統還原。

2.請再次執行SREng.exe

a.點選Boot Items

b.點選是(Y)

c.選擇Registry

將以下物件選擇後按Delete刪除

{79921D 3F -7537-463E-9E38-CD 503A 8FA485} <C:\WINDOWS\help\69GH0BNS.dll>

三、.至下列路徑將檔案手動刪除

1. C:\WINDOWS\Installer\services.exe,

2. C:\WINDOWS\help\69GH0BNS.dll

3. C:\WINDOWS\System32\msdll.dll

四、.重開機至正常模式，更新卡巴斯基病毒碼至最新再做全機掃描，謝謝

謝謝您的來信與使用

以上~SREng.exe可至卡巴官網下載：奇摩搜尋"卡巴斯基"→Kaspersky →常見問題 →附屬工具及操作說明→SREng操作說明 →|下載SREng.exe|
(http://web.kaspersky.com.tw/KL-Servi...q_checksum=665)

步驟一可以省略，步驟二之後請在安全模式下操作(開機沒進Window前按鍵盤按鍵F8選安全模式)

搞了2天終於搞定，祝殺毒順利

2007-03-16, 06:37 AM
quasar 長老會員榮譽勳章勳章總數 UID - 6696 在線等級: 註冊日期: 2002-12-08 文章: 12085 精華: 0 現金: 311 金幣資產: 6570606 金幣	求助 - 中毒Trojan-psw.win32.magania.im 執行模組service.exe\service.exe 我用卡巴司機找出來的刪不掉一直出現~~

	送花文章: 63581, 收花文章: 9830 篇, 收花: 56093 次

2007-04-29, 11:34 PM	#31 (permalink)
kayfang 榮譽勳章勳章總數 UID - 在線等級: 文章: n/a 精華:	可以幫我看一下嗎... 我用好多線上掃毒都不知道有沒有掃乾淨... 我是用卡巴掃毒..他顯示有毒的檔案室services.exe 謝謝~~~ Logfile of HijackThis v1.98.0 Scan saved at 下午 11:24:30, on 2007/4/29 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Running processes: E:\WINDOWS\System32\smss.exe E:\WINDOWS\system32\winlogon.exe E:\WINDOWS\system32\services.exe E:\WINDOWS\system32\lsass.exe E:\WINDOWS\system32\svchost.exe E:\WINDOWS\System32\svchost.exe E:\WINDOWS\system32\spoolsv.exe E:\WINDOWS\Installer\services.exe E:\WINDOWS\Explorer.EXE E:\WINDOWS\RTHDCPL.EXE E:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe E:\Program Files\Lexmark 5400 Series\lxctmon.exe E:\Program Files\Lexmark 5400 Series\ezprint.exe E:\WINDOWS\vsnphv71.exe E:\Program Files\Kaspersky Lab\Kaspersky Internet Security 6.0\avp.exe E:\Program Files\Kaspersky Lab\Kaspersky Internet Security 6.0\avp.exe E:\Program Files\Gigabyte\ET5\GUI.exe E:\WINDOWS\system32\lxctcoms.exe E:\WINDOWS\system32\ctfmon.exe E:\Program Files\MSN Messenger\MsnMsgr.Exe E:\WINDOWS\system32\nvsvc32.exe E:\WINDOWS\system32\svchost.exe E:\WINDOWS\system32\wuauclt.exe E:\WINDOWS\system32\conime.exe E:\Program Files\Sleipnir_cht\Sleipnir.exe F:\程式檔\hijackthis23344\hijackthis23344.exe F2 - REG:system.ini: UserInit=E:\WINDOWS\system32\userinit.exe,E:\WINDOWS\Installer\services.exe, O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - E:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll O2 - BHO: Lexmark 工具列 - {1017A80C-6F09-4548-A84D-EDD6AC9525F0} - E:\Program Files\Lexmark Toolbar\toolband.dll O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file) O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - E:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: AcroIEToolbarHelper Class - {AE7CD045-E861-484f-8273-0445EE161910} - E:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - E:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll O3 - Toolbar: Lexmark 工具列 - {1017A80C-6F09-4548-A84D-EDD6AC9525F0} - E:\Program Files\Lexmark Toolbar\toolband.dll O4 - HKLM\..\Run: [IMJPMIG8.1] "E:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32 O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE O4 - HKLM\..\Run: [SkyTel] SkyTel.EXE O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE O4 - HKLM\..\Run: [JMB36X IDE Setup] E:\WINDOWS\JM\JMInsIDE.exe O4 - HKLM\..\Run: [36X Raid Configurer] E:\WINDOWS\system32\JMRaidSetup.exe boot O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE E:\WINDOWS\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [nwiz] nwiz.exe /install O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE E:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit O4 - HKLM\..\Run: [CJIMETIPSYNC] E:\Program Files\Common Files\Microsoft Shared\IME\IMTC65\CHANGJIE\CINTLCFG.EXE /CJIMETIPSync O4 - HKLM\..\Run: [PHIMETIPSYNC] E:\Program Files\Common Files\Microsoft Shared\IME\IMTC65\PHONETIC\TINTLCFG.EXE /PHIMETIPSync O4 - HKLM\..\Run: [Acrobat Assistant 7.0] "E:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe" O4 - HKLM\..\Run: [lxctmon.exe] "E:\Program Files\Lexmark 5400 Series\lxctmon.exe" O4 - HKLM\..\Run: [Lexmark 5400 Series Fax Server] "E:\Program Files\Lexmark 5400 Series\fm3032.exe" /s O4 - HKLM\..\Run: [EzPrint] "E:\Program Files\Lexmark 5400 Series\ezprint.exe" O4 - HKLM\..\Run: [LXCTCATS] rundll32 E:\WINDOWS\System32\spool\DRIVERS\W32X86\3\LXCTtime.dll,_RunDLLEntry@16 O4 - HKLM\..\Run: [SNPHV71] E:\WINDOWS\vsnphv71.exe O4 - HKLM\..\Run: [AVP] "E:\Program Files\Kaspersky Lab\Kaspersky Internet Security 6.0\avp.exe" O4 - HKLM\..\Run: [WinampAgent] "E:\Program Files\Winamp\Winampa.exe" O4 - HKLM\..\Run: [NeroFilterCheck] E:\WINDOWS\system32\NeroCheck.exe O4 - HKLM\..\Run: [UserFaultCheck] %systemroot%\system32\dumprep 0 -u O4 - HKLM\..\Run: [EasyTuneV] E:\Program Files\Gigabyte\ET5\ETcall.exe O4 - HKCU\..\Run: [ctfmon.exe] E:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [MsnMsgr] "E:\Program Files\MSN Messenger\MsnMsgr.Exe" /background O4 - Global Startup: Adobe Acrobat Speed Launcher.lnk = ?SystemRoot%\Installer\{AC76BA86-1028-0000-7760-000000000002}\SC_Acrobat.exe O8 - Extra context menu item: 加入廣告橫幅攔截 - E:\Program Files\Kaspersky Lab\Kaspersky Internet Security 6.0\ie_banner_deny.htm O8 - Extra context menu item: 匯出至 Microsoft Office Excel(&X) - res://E:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 O8 - Extra context menu item: 轉換到現有 PDF - res://E:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html O8 - Extra context menu item: 轉換為 Adobe PDF - res://E:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html O8 - Extra context menu item: 轉換連結目標到現有 PDF - res://E:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html O8 - Extra context menu item: 轉換連結目標為 Adobe PDF - res://E:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html O8 - Extra context menu item: 轉換選定的連結到現有 PDF - res://E:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html O8 - Extra context menu item: 轉換選定的連結為 Adobe PDF - res://E:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html O8 - Extra context menu item: 轉換選擇內容到現有 PDF - res://E:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html O8 - Extra context menu item: 轉換選擇內容為 Adobe PDF - res://E:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html O9 - Extra button: Web Anti-Virus statistics - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - E:\Program Files\Kaspersky Lab\Kaspersky Internet Security 6.0\scieplugin.dll O9 - Extra button: 參考資料 - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - E:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - E:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - E:\Program Files\Messenger\msmsgs.exe O16 - DPF: {04E214E5-63AF-4236-83C6-A7ADCBF9BD02} (HouseCall 線上掃毒) - http://housecall60.trendmicro.com/housecall/xscan60.cab O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/eng/par...an_unicode.cab O16 - DPF: {12755229-656A-4508-BC94-2DA4D314B4C8} (CathayMyATM.ATMFunc) - https://www.mybank.com.tw/myatm/cab/CathayMyATM.CAB O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/S...in/AvSniff.cab O16 - DPF: {5C253D25-00FD-4703-9924-E53792DF98C9} (CathayMyATM2.EsConn) - https://www.mybank.com.tw/MyATM/cab/CathayMyATM2.CAB O16 - DPF: {5D5EF079-C21D-47EE-9249-D4E89C8D3E43} (BullCSP Class) - https://my.taishinbank.com.tw/ActiveX/eATM/Bull.cab O16 - DPF: {603B9E6C-0467-4C23-8098-ACC2ED6FEB75} (TSBankTSCC Class) - https://my.taishinbank.com.tw/ActiveX/eATM/TSBANK.cab O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/S.../bin/cabsa.cab O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (趨勢科技線上掃毒程式) - http://a840.g.akamai.net/7/840/537/2...ll/xscan53.cab O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/actives...ree/asinst.cab O16 - DPF: {D4323BF2-006A-4440-A2F5-27E3E7AB25F8} (Virtools WebPlayer Class) - http://a532.g.akamai.net/f/532/6712/.../installer.exe O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - E:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - E:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL O20 - AppInit_DLLs: E:\PROGRA~1\KASPER~1\KASPER~1.0\adialhk.dll
kayfang 榮譽勳章勳章總數 UID - 在線等級: 文章: n/a 精華:
	送花文章: 0, 收花文章: 0 篇, 收花: 0 次

2007-05-04, 10:31 AM	#33 (permalink)
kuopeiwen 榮譽勳章勳章總數 UID - 在線等級: 文章: n/a 精華:	用AVS掃瞄出在services\services.exe 以下是掃瞄報告，麻煩一下，感謝(文字過多分為3則) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\system\svchost.exe C:\WINDOWS\Explorer.EXE C:\Program Files\AOL\Active Virus Shield\avp.exe C:\WINDOWS\system32\igfxtray.exe C:\WINDOWS\system32\hkcmd.exe C:\WINDOWS\system32\igfxpers.exe C:\WINDOWS\RTHDCPL.EXE C:\Program Files\AOL\Active Virus Shield\avp.exe C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\fpdisp5a.exe C:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATI9BP.EXE C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Messenger\msmsgs.exe C:\Program Files\KKBOX\KKBOX_Tray.exe C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE C:\WINDOWS\system32\PhxPsSvr.exe C:\WINDOWS\system32\PhxVtSvr.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\SolidDocuments\SolidConverterPDF\SCPDF\SolidPdfService.exe C:\Program Files\Easy File Sharing Web Server\fsws.exe C:\Program Files\Skype\Phone\Skype.exe C:\Program Files\Skype\Plugin Manager\SkypePM.exe C:\Program Files\Outlook Express\msimn.exe C:\WINDOWS\system32\javaw.exe C:\Program Files\Internet Explorer\iexplore.exe C:\WINDOWS\Installer\services.exe K:\HiJackThis_v2.exe
kuopeiwen 榮譽勳章勳章總數 UID - 在線等級: 文章: n/a 精華:
	送花文章: 0, 收花文章: 0 篇, 收花: 0 次

2007-05-04, 10:32 AM	#34 (permalink)
kuopeiwen 榮譽勳章勳章總數 UID - 在線等級: 文章: n/a 精華:	F2 - REG:system.ini: UserInit=userinit.exe,C:\WINDOWS\system\svchost.exe,C:\WINDOWS\Installer\services.exe, O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll O2 - BHO: Solid Converter PDF - {259F616C-A300-44F5-B04A-ED001A26C85C} - C:\Program Files\SolidDocuments\SolidConverterPDF\SCPDF\ExploreExtPDF.dll O2 - BHO: flashget urlcatch - {2F364306-AA45-47B5-9F9D-39A8B94E7EF7} - C:\Program Files\FlashGet\jccatch.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll O2 - BHO: FlashGet GetFlash Class - {F156768E-81EF-470C-9057-481BA8380DBA} - C:\Program Files\FlashGet\getflash.dll O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll O3 - Toolbar: Solid Converter PDF - {259F616C-A300-44F5-B04A-ED001A26C85C} - C:\Program Files\SolidDocuments\SolidConverterPDF\SCPDF\ExploreExtPDF.dll O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32 O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE O4 - HKLM\..\Run: [SkyTel] SkyTel.EXE O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE O4 - HKLM\..\Run: [ALaunch] c:\sysprep\ALaunch.exe O4 - HKLM\..\Run: [Recover Pro] "C:\Program Files\Phoenix Technologies\Applications\RPro\XP\VBPTASK.EXE" VBStart O4 - HKLM\..\Run: [aol] "C:\Program Files\AOL\Active Virus Shield\avp.exe" O4 - HKLM\..\Run: [CJIMETIPSYNC] C:\Program Files\Common Files\Microsoft Shared\IME\IMTC65\CHANGJIE\CINTLCFG.EXE /CJIMETIPSync O4 - HKLM\..\Run: [PHIMETIPSYNC] C:\Program Files\Common Files\Microsoft Shared\IME\IMTC65\PHONETIC\TINTLCFG.EXE /PHIMETIPSync O4 - HKLM\..\Run: [FinePrint 分派器 v5] "C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\fpdisp5a.exe" /source=HKLM O4 - HKLM\..\Run: [Acrobat Assistant 7.0] "C:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe" O4 - HKLM\..\Run: [\\2009hong\EPSON Stylus CX3500 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATI9BP.EXE /P37 "\\2009hong\EPSON Stylus CX3500 Series" /O6 "USB001" /M "Stylus CX3500" O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe" O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background O4 - HKCU\..\Run: [KKBOX Tray Icon] C:\Program Files\KKBOX\KKBOX_Tray.exe O4 - HKUS\S-1-5-19\..\Run: [ctfmon.exe] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE') O4 - HKUS\S-1-5-20\..\Run: [ctfmon.exe] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE') O4 - HKUS\S-1-5-18\..\Run: [ctfmon.exe] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [ctfmon.exe] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user') O8 - Extra context menu item: &使用 FlashGet 下載 - C:\Program Files\FlashGet\jc_link.htm O8 - Extra context menu item: &全部使用 FlashGet 下載 - C:\Program Files\FlashGet\jc_all.htm O8 - Extra context menu item: 匯出至 Microsoft Office Excel(&X) - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 O8 - Extra context menu item: 轉換到現有 PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html O8 - Extra context menu item: 轉換為 Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html O8 - Extra context menu item: 轉換連結目標到現有 PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html O8 - Extra context menu item: 轉換連結目標為 Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html O8 - Extra context menu item: 轉換選定的連結到現有 PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html O8 - Extra context menu item: 轉換選定的連結為 Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html O8 - Extra context menu item: 轉換選擇內容到現有 PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html O8 - Extra context menu item: 轉換選擇內容為 Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java 主控台 - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\Program Files\FlashGet\FlashGet.exe O9 - Extra 'Tools' menuitem: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\Program Files\FlashGet\FlashGet.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O14 - IERESET.INF: START_PAGE_URL=http://www.asus.com O15 - Trusted Zone: http://*.10.1.15.230
kuopeiwen 榮譽勳章勳章總數 UID - 在線等級: 文章: n/a 精華:
	送花文章: 0, 收花文章: 0 篇, 收花: 0 次

2007-05-04, 10:33 AM	#35 (permalink)
kuopeiwen 榮譽勳章勳章總數 UID - 在線等級: 文章: n/a 精華:	O16 - DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} (Office Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=58813 O16 - DPF: {07597574-DADB-4209-96A0-C4F07CF8E841} (LikeInstaller Class) - http://10.1.15.179/ishare/Patch/RHLSetup.cab O16 - DPF: {43C8A007-1C98-4994-8B9C-B16F7FACCA7E} (emakerx Control) - http://10.1.150.72/emakerx.cab O16 - DPF: {476AB17F-EBF8-402D-82F8-3532A4A7A997} (SKBankICX Control) - https://skatm.skbank.com.tw/WebATMCl.../SKBankICX.cab O16 - DPF: {C4847596-972C-11D0-9567-00A0C9273C2A} (Crystal Report Viewer Control) - http://10.1.15.230/skhod/rpt/activexviewer.cab O17 - HKLM\System\CCS\Services\Tcpip\..\{830B2DE2-0C31-41B6-B941-098AB065037D}: NameServer = 10.1.150.1 O18 - Protocol: about - {3050F406-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll O18 - Protocol: cdl - {3DD53D40-7B8B-11D0-B013-00AA0059CE02} - C:\WINDOWS\system32\urlmon.dll O18 - Protocol: dvd - {12D51199-0DB5-46FE-A120-47A3D7D937CC} - C:\WINDOWS\system32\msvidctl.dll O18 - Protocol: file - {79EAC9E7-BAF9-11CE-8C82-00AA004BA90B} - C:\WINDOWS\system32\urlmon.dll O18 - Protocol: ftp - {79EAC9E3-BAF9-11CE-8C82-00AA004BA90B} - C:\WINDOWS\system32\urlmon.dll O18 - Protocol: gopher - {79EAC9E4-BAF9-11CE-8C82-00AA004BA90B} - C:\WINDOWS\system32\urlmon.dll O18 - Protocol: http - {79EAC9E2-BAF9-11CE-8C82-00AA004BA90B} - C:\WINDOWS\system32\urlmon.dll O18 - Protocol: https - {79EAC9E5-BAF9-11CE-8C82-00AA004BA90B} - C:\WINDOWS\system32\urlmon.dll O18 - Protocol: ipp - (no CLSID) - (no file) O18 - Protocol: its - {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\WINDOWS\system32\itss.dll O18 - Protocol: javascript - {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll O18 - Protocol: local - {79EAC9E7-BAF9-11CE-8C82-00AA004BA90B} - C:\WINDOWS\system32\urlmon.dll O18 - Protocol: mailto - {3050F3DA-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll O18 - Protocol: mhtml - {05300401-BCBC-11D0-85E3-00C04FD85AB4} - C:\WINDOWS\system32\inetcomm.dll O18 - Protocol: mk - {79EAC9E6-BAF9-11CE-8C82-00AA004BA90B} - C:\WINDOWS\system32\urlmon.dll O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll O18 - Protocol: ms-its - {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\WINDOWS\system32\itss.dll O18 - Protocol: ms-itss - {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Program Files\Common Files\Microsoft Shared\Information Retrieval\MSITSS.DLL O18 - Protocol: msdaipp - (no CLSID) - (no file) O18 - Protocol: mso-offdap - {3D9F03FA-7A94-11D3-BE81-0050048385D1} - C:\PROGRA~1\COMMON~1\MICROS~1\WEBCOM~1\10\OWC10.DLL O18 - Protocol: mso-offdap11 - {32505114-5902-49B2-880A-1F7738E5A384} - C:\PROGRA~1\COMMON~1\MICROS~1\WEBCOM~1\11\OWC11.DLL O18 - Protocol: res - {3050F3BC-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL O18 - Protocol: sysimage - {76E67A63-06E9-11D2-A840-006008059382} - C:\WINDOWS\system32\mshtml.dll O18 - Protocol: tv - {CBD30858-AF45-11D2-B6D6-00C04FBBDE6E} - C:\WINDOWS\system32\msvidctl.dll O18 - Protocol: vbscript - {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll O18 - Protocol: wia - {13F3EA8B-91D7-4F0A-AD76-D2853AC8BECE} - C:\WINDOWS\system32\wiascr.dll O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe O23 - Service: Active Virus Shield (AVP) - AOL - C:\Program Files\AOL\Active Virus Shield\avp.exe O23 - Service: Easy File Sharing Web Service - EFS Software, Inc. - C:\Program Files\Easy File Sharing Web Server\fswsService.exe O23 - Service: HP Port Resolver - Hewlett-Packard Company - C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\HPBPRO.EXE O23 - Service: HP Status Server - Hewlett-Packard Company - C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\HPBOID.EXE O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe O23 - Service: Phoenix PSA Service (PhnxPsaService) - Phoenix Technologies Ltd. - C:\WINDOWS\system32\PhxPsSvr.exe O23 - Service: Phoenix Vault Service (PhnxVaultService) - Phoenix Technologies Ltd. - C:\WINDOWS\system32\PhxVtSvr.exe O23 - Service: SolidPDFConverterReadSpool (ScReadSpool) - VoyagerSoft, LLC - C:\Program Files\SolidDocuments\SolidConverterPDF\SCPDF\SolidPdfService.exe
kuopeiwen 榮譽勳章勳章總數 UID - 在線等級: 文章: n/a 精華:
	送花文章: 0, 收花文章: 0 篇, 收花: 0 次

2007-05-04, 09:10 PM	#36 (permalink)
plunderer 長老會員榮譽勳章勳章總數8 UID - 74024 在線等級: 註冊日期: 2003-05-31 文章: 1399 精華: 0 現金: 507220 金幣資產: 608580 金幣	C:\WINDOWS\system\svchost.exe C:\WINDOWS\Installer\services.exe F2 - REG:system.ini: UserInit=userinit.exe,C:\WINDOWS\system\svchost.exe,C:\WINDOWS\Installer\service s.exe, O16 - DPF: {07597574-DADB-4209-96A0-C4F07CF8E841} (LikeInstaller Class) - http://10.1.15.179/ishare/Patch/RHLSetup.cab O16 - DPF: {43C8A007-1C98-4994-8B9C-B16F7FACCA7E} (emakerx Control) - http://10.1.150.72/emakerx.cab O16 - DPF: {476AB17F-EBF8-402D-82F8-3532A4A7A997} (SKBankICX Control) - https://skatm.skbank.com.tw/WebATMCl.../SKBankICX.cab O16 - DPF: {C4847596-972C-11D0-9567-00A0C9273C2A} (Crystal Report Viewer Control) - http://10.1.15.230/skhod/rpt/activexviewer.cab O18 - Protocol: ipp - (no CLSID) - (no file) O18 - Protocol: msdaipp - (no CLSID) - (no file) 勾選修復上述項目, 重新開機後刪除這兩個檔案 C:\WINDOWS\system\svchost.exe C:\WINDOWS\Installer\services.exe 下面幾項我不確定是什麼軟體, 若你也不清楚, 那最好也修復並卸載該軟體 C:\WINDOWS\system32\PhxPsSvr.exe C:\Program Files\Easy File Sharing Web Server\fsws.exe O23 - Service: Easy File Sharing Web Service - EFS Software, Inc. - C:\Program Files\Easy File Sharing Web Server\fswsService.exe O23 - Service: Phoenix Vault Service (PhnxVaultService) - Phoenix Technologies Ltd. - C:\WINDOWS\system32\PhxVtSvr.exe

	送花文章: 6, 收花文章: 575 篇, 收花: 1747 次

2007-05-05, 11:51 AM	#37 (permalink)
xyzcherry 榮譽勳章勳章總數 UID - 在線等級: 文章: n/a 精華:	我也一直深受此病毒的困擾...麻煩大大幫我看一下~3Q! Logfile of Trend Micro HijackThis v2.0.0 (BETA) Scan saved at 上午 11:38:24, on 2007/5/5 Platform: Windows XP SP2 (WinNT 5.01.2600) Boot mode: Safe mode with network support Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\Installer\services.exe C:\WINDOWS\Explorer.EXE C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 6.0\avp.exe C:\Program Files\Internet Explorer\iexplore.exe C:\WINDOWS\system32\ctfmon.exe C:\Documents and Settings\Administrator\桌面\HiJackThis_v2.exe R3 - Default URLSearchHook is missing F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe,C:\WINDOWS\Installer\services.exe, O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll O2 - BHO: (no name) - {259F616C-A300-44F5-B04A-ED001A26C85C} - (no file) O2 - BHO: ALiBaBar_Helper - {CE439C63-384A-747A-A357-23D96B5D652B} - C:\PROGRA~1\ALiBaBar\ALiBaBar.dll O3 - Toolbar: ALiBaBar - {0A1375E1-56C2-11D6-8E45-8933A0FB5235} - C:\PROGRA~1\ALiBaBar\ALiBaBar.dll O4 - HKLM\..\Run: [IMJPMIG8.1] ; "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32 O4 - HKLM\..\Run: [SiSUSBRG] C:\WINDOWS\SiSUSBrg.exe O4 - HKLM\..\Run: [SiSPower] Rundll32.exe SiSPower.dll,ModeAgent O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE O4 - HKLM\..\Run: [NeroFilterCheck] ; C:\WINDOWS\system32\NeroCheck.exe O4 - HKLM\..\Run: [SunJavaUpdateSched] ; C:\Program Files\Java\jre1.5.0_02\bin\jusched.exe O4 - HKLM\..\Run: [Symantec NetDriver Monitor] ; C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer O4 - HKLM\..\Run: [CJIMETIPSYNC] ; C:\Program Files\Common Files\Microsoft Shared\IME\IMTC65\CHANGJIE\CINTLCFG.EXE /CJIMETIPSync O4 - HKLM\..\Run: [PHIMETIPSYNC] C:\Program Files\Common Files\Microsoft Shared\IME\IMTC65\PHONETIC\TINTLCFG.EXE /PHIMETIPSync O4 - HKLM\..\Run: [Auto Scan Usb] C:\Program Files\Photofast上傳/ScanUsb.e O4 - HKLM\..\Run: [AVP] "C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 6.0\avp.exe" O4 - HKLM\..\Run: [MSConfig] C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKUS\S-1-5-19\..\Run: [ctfmon.exe] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE') O4 - HKUS\S-1-5-20\..\Run: [ctfmon.exe] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE') O4 - HKUS\S-1-5-18\..\Run: [ctfmon.exe] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [ctfmon.exe] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user') O8 - Extra context menu item: 新增到卡巴斯基 - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 6.0\ie_banner_deny.htm O9 - Extra button: Sun Java 主控台 - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_02\bin\npjpi150_02.dll O9 - Extra 'Tools' menuitem: Sun Java 主控台 - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_02\bin\npjpi150_02.dll O9 - Extra button: Web Anti-Virus - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 6.0\scieplugin.dll O9 - Extra button: 參考資料 - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL O9 - Extra 'Tools' menuitem: 參考資料 - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL O9 - Extra button: D.S.Lite - {F8475519-8412-4D40-A46E-692D9D04DF7F} - D:\My 2006-05-01\Software\DSLite2\DSLite.exe O9 - Extra 'Tools' menuitem: D.S.Lite - {F8475519-8412-4D40-A46E-692D9D04DF7F} - D:\My 2006-05-01\Software\DSLite2\DSLite.exe O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204 O16 - DPF: {1E15B1A7-95CA-4377-B893-697CD95951AE} (ClientATXCtrl Control) - http://www.wayi.com.tw/gameup/ClientATXCtrl.OCX O16 - DPF: {20C2C286-BDE8-441B-B73D-AFA22D914DA5} (PowerList Control) - http://download.ppstream.com/bin/powerplayer.cab O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsu...?1129539676218 O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - http://go.divx.com/plugin/DivXBrowserPlugin.cab O16 - DPF: {C7BD467B-0B38-442F-840F-3F048E7F6005} (RootKeyDistributor Class) - https://idcard.moica.hinet.net/ShopS...CHTPKI_PSE.cab O16 - DPF: {D1E02AF8-6624-44EC-BB58-4422985A6E1C} (WebUpload.FastUpload) - http://www.photofast.com.tw/WebUpload.CAB O16 - DPF: {E0BE586C-7C66-4909-94D6-D18BBBDD6373} (????????????) - http://www.filebank.co.jp/setup/win/fbx2.cab O20 - AppInit_DLLs: "C:\PROGRA~1\KASPER~1\KASPER~1.0\adialhk.dll" O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll O23 - Service: Kaspersky Internet Security 6.0 (AVP) - Kaspersky Lab - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 6.0\avp.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Unknown owner - C:\Program Files\Common Files\LightScribe\LSSrvc.exe O23 - Service: MSCSPTISRV - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\MSCSPTISRV.exe O23 - Service: PACSPTISVR - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\PACSPTISVR.exe O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe -- End of file - 6102 bytes
xyzcherry 榮譽勳章勳章總數 UID - 在線等級: 文章: n/a 精華:
	送花文章: 0, 收花文章: 0 篇, 收花: 0 次

2007-05-05, 03:05 PM	#38 (permalink)
plunderer 長老會員榮譽勳章勳章總數8 UID - 74024 在線等級: 註冊日期: 2003-05-31 文章: 1399 精華: 0 現金: 507220 金幣資產: 608580 金幣	C:\WINDOWS\Installer\services.exe F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe,C:\WINDOWS\Installer\services.exe, O2 - BHO: (no name) - {259F616C-A300-44F5-B04A-ED001A26C85C} - (no file) 勾選修復上述項目, 重新開機後刪除 C:\WINDOWS\Installer\services.exe 怪哉, 怎麼大家都中同樣的木馬......

	送花文章: 6, 收花文章: 575 篇, 收花: 1747 次

2007-05-05, 03:08 PM	#39 (permalink)
aries 榮譽勳章勳章總數 UID - 在線等級: 文章: n/a 精華:	我也中毒ㄌ!!幫幫我^^ C:\WINDOWS\system32\msdll.dll感染ㄌ病毒Trojan-PSW.Win32.Magnia.oh. 也是用卡巴斯基但殺不掉!! 我也用大大提供ㄉTrend Micro HijackThis-v2.0.0(BETA) 以下是剩下ㄉ~~ 請厲害ㄉ大大幫我檢查檢查!!!感激!! Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\spoolsv.exe C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe C:\Program Files\Microsoft AntiSpyware\gcasDtServ.exe C:\Program Files\Common Files\Real\Update_OB\realsched.exe C:\Program Files\iTunes\iTunesHelper.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Common Files\Ahead\lib\NMBgMonitor.exe C:\Program Files\MSN Messenger\MsnMsgr.Exe C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe C:\Program Files\Executive Software\Diskeeper\DkService.exe C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE C:\Program Files\iPod\bin\iPodService.exe C:\Downloads\HiJackThis_v2.exe O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file) O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: IeCatch2 Class - {A5366673-E8CA-11D3-9CD9-0090271D075B} - C:\PROGRA~1\FlashGet\jccatch.dll O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll O3 - Toolbar: FlashGet Bar - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\fgiebar.dll O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll O4 - HKLM\..\Run: [IMJPMIG8.1] ; "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32 O4 - HKLM\..\Run: [IgfxTray] ; C:\WINDOWS\system32\igfxtray.exe O4 - HKLM\..\Run: [HotKeysCmds] ; C:\WINDOWS\system32\hkcmd.exe O4 - HKLM\..\Run: [PRONoMgr.exe] ; C:\Program Files\Intel\NCS\PROSet\PRONoMgr.exe O4 - HKLM\..\Run: [SoundMan] ; SOUNDMAN.EXE O4 - HKLM\..\Run: [NWEReboot] ; O4 - HKLM\..\Run: [KAVPersonal50] "C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Personal\kav.exe" /minimize O4 - HKLM\..\Run: [DiskeeperSystray] ; "C:\Program Files\Executive Software\Diskeeper\DkIcon.exe" O4 - HKLM\..\Run: [NeroFilterCheck] ; C:\WINDOWS\system32\NeroCheck.exe O4 - HKLM\..\Run: [gcasServ] "C:\Program Files\Microsoft AntiSpyware\gcasServ.exe" O4 - HKLM\..\Run: [Super Rabbit SRRestore] ; C:\PROGRA~1\SUPERR~1\magicset\SRRest.exe /FIRST O4 - HKLM\..\Run: [CJIMETIPSYNC] C:\Program Files\Common Files\Microsoft Shared\IME\IMTC65\CHANGJIE\CINTLCFG.EXE /CJIMETIPSync O4 - HKLM\..\Run: [PHIMETIPSYNC] C:\Program Files\Common Files\Microsoft Shared\IME\IMTC65\PHONETIC\TINTLCFG.EXE /PHIMETIPSync O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe" O4 - HKLM\..\Run: [StormCodec_Helper] "C:\Program Files\Ringz Studio\Storm Codec\StormSet.exe" /S /opti O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime Alternative\qttask.exe" -atboottime O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe" O4 - HKLM\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033 O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\lib\NMBgMonitor.exe" O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe O4 - HKUS\S-1-5-19\..\Run: [ctfmon.exe] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE') O4 - HKUS\S-1-5-20\..\Run: [ctfmon.exe] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE') O4 - HKUS\S-1-5-18\..\Run: [ctfmon.exe] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [ctfmon.exe] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user') O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm O8 - Extra context menu item: Foxy 下載 - res://C:\Program Files\Foxy\Foxy.exe/download.htm O8 - Extra context menu item: Foxy 搜尋 - res://C:\Program Files\Foxy\Foxy.exe/search.htm O8 - Extra context menu item: 使用 FlashGet 下載 - C:\Program Files\FlashGet\jc_link.htm O8 - Extra context menu item: 全部使用 FlashGet 下載 - C:\Program Files\FlashGet\jc_all.htm O8 - Extra context menu item: 匯出至 Microsoft Office Excel(&X) - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000 O8 - Extra context menu item: 在新的前景索引標籤中開啟 - res://C:\Program Files\Windows Live Toolbar\Components\zh-tw\msntabres.dll.mui/230?c524a3ac6c694b168f8cb206963e6fa9 O8 - Extra context menu item: 在新的背景索引標籤中開啟 - res://C:\Program Files\Windows Live Toolbar\Components\zh-tw\msntabres.dll.mui/229?c524a3ac6c694b168f8cb206963e6fa9 O9 - Extra button: 參考資料 - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\flashget.exe O9 - Extra 'Tools' menuitem: &FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\flashget.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O17 - HKLM\System\CCS\Services\Tcpip\..\{A0951D9A-5C31-45D3-BF35-D61644DD4A54}: NameServer = 61.31.233.1 168.95.1.1 O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll O23 - Service: Diskeeper - Executive Software International, Inc. - C:\Program Files\Executive Software\Diskeeper\DkService.exe O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: iPod 服務 (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: kavsvc - Kaspersky Lab - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Personal\kavsvc.exe O23 - Service: Intel NCS NetService (NetSvc) - Intel(R) Corporation - C:\Program Files\Intel\NCS\Sync\NetSvc.exe -- End of file - 7311 bytes 謝謝你們囉^^
aries 榮譽勳章勳章總數 UID - 在線等級: 文章: n/a 精華:
	送花文章: 0, 收花文章: 0 篇, 收花: 0 次

2007-05-05, 03:50 PM	#40 (permalink)
plunderer 長老會員榮譽勳章勳章總數8 UID - 74024 在線等級: 註冊日期: 2003-05-31 文章: 1399 精華: 0 現金: 507220 金幣資產: 608580 金幣	重新開機, 按F8進入安全模式, 執行regedit.exe , 搜尋 msdll.dll 字串, 把所有找到的鍵及值全部刪除. 直到登錄檔中不存在 msdll.dll項刪除 C:\WINDOWS\system32\msdll.dll 在安全模式下, 重新掃毒正常開機後, 若還是發現 msdll.dll 報毒, 就表示有程式綑綁 msdll.dll 並在執行時釋放出並登錄但你的 log 看起來是正常的, 無法判斷哪個程式可能綑綁木馬

	送花文章: 6, 收花文章: 575 篇, 收花: 1747 次

2007-05-07, 11:24 AM	#42 (permalink)
aries 榮譽勳章勳章總數 UID - 在線等級: 文章: n/a 精華:	重新開機後~~病毒還是出現耶!!怎辦?? 我在安全模式用執行搜尋ㄌmsdll.dll 結果都沒有出現任何有msdll.dll的選項我就開始掃毒~~~ 前天掃ㄌ一次~~沒有發現任何病毒~~ 就前往c:/windows/system32/msdll.dll 把它刪掉!! 重新開機後雖然卡巴斯基又警告我~~發現病毒但是我按ㄌ她ㄉ選項"刪除"之後~~就沒再出現無法刪除ㄉ警告了!! 但是昨天~~起床開機之後~~ 問題又出來了!! 病毒又冒出來了~~是一樣的!! 我又用同樣ㄉ步驟執行一次~~ 掃毒之後~~這一次就在安全模式裡偵測到有病毒我就刪掉ㄌ但重新回到正常模式時~~ 病毒警告依然出現~~刪都刪不掉!!! 怎辦勒~~我要哭ㄌ!!! 請幫幫我~該不會要重灌電腦吧?! 我不要.......
aries 榮譽勳章勳章總數 UID - 在線等級: 文章: n/a 精華:
	送花文章: 0, 收花文章: 0 篇, 收花: 0 次

2007-05-09, 01:07 PM	#45 (permalink)
大寶寶榮譽勳章勳章總數 UID - 在線等級: 文章: n/a 精華:	個人msdll.dll病毒解毒方法這是我收到卡巴斯基(奕瑞科技)回覆的解毒方法，有中類似毒的可以參考一下^^~ 親愛的使用者您好：一、請您重新開機進入安全模式將下列路徑之檔案壓縮先行寄回： 1. C:\WINDOWS\Installer\services.exe, 2. C:\WINDOWS\help\69GH0BNS.dll 3. C:\WINDOWS\System32\msdll.dll 二、上述檔案寄回後，請您操作以下步驟： 1. 請您先清除暫存檔案 : Windows Temp 資料夾或 IE 暫存資料夾中的病毒檔案可能因系統正在使用中而無法清除，且因這些資料夾中檔案是 Windows 運作中產生的暫存檔，所以請依下列步驟刪除病毒檔案。 a.開啟IE -> 工具 -> 網際網路選項 -> 一般，在中間 Temporary Internet File 內按下刪除檔案，勾選刪除所有離線內容後點選確定。 b.在開始 -> 程式集(所有程式) -> 附屬應用程式 -> 系統工具中，選擇清理磁碟將所有磁碟的資料清除。 c.關閉XP 系統還原 : 某些病毒藏匿在此，會隨著系統還原又恢復檔案，在開始 -> 所有程式 -> 附屬應用程式 -> 系統工具中，選擇系統還原，關閉系統還原。 2.請再次執行SREng.exe a.點選Boot Items b.點選是(Y) c.選擇Registry 將以下物件選擇後按Delete刪除 {79921D 3F -7537-463E-9E38-CD 503A 8FA485} <C:\WINDOWS\help\69GH0BNS.dll> 三、.至下列路徑將檔案手動刪除 1. C:\WINDOWS\Installer\services.exe, 2. C:\WINDOWS\help\69GH0BNS.dll 3. C:\WINDOWS\System32\msdll.dll 四、.重開機至正常模式，更新卡巴斯基病毒碼至最新再做全機掃描，謝謝謝謝您的來信與使用以上~SREng.exe可至卡巴官網下載：奇摩搜尋"卡巴斯基"→Kaspersky →常見問題 →附屬工具及操作說明→SREng操作說明 →\|下載SREng.exe\| (http://web.kaspersky.com.tw/KL-Servi...q_checksum=665) 步驟一可以省略，步驟二之後請在安全模式下操作(開機沒進Window前按鍵盤按鍵F8選安全模式) 搞了2天終於搞定，祝殺毒順利
大寶寶榮譽勳章勳章總數 UID - 在線等級: 文章: n/a 精華:
	送花文章: 0, 收花文章: 0 篇, 收花: 0 次

Google 提供的廣告