求助 - 中毒Trojan-psw.win32.magania.im - 第4頁

quasar · 2007-03-16, 06:37 AM

執行模組service.exe\service.exe
我用卡巴司機找出來的刪不掉一直出現~~

2007-05-09, 06:10 PM

給plunderer大大:
可是我沒辦法將那些程式傳給你耶!!
因為我好像只是註冊會員ㄉ關係
所以無法上傳附件給你耶!!
怎辦??

plunderer · 2007-05-09, 06:36 PM

上傳到這裡
http://www.badongo.com/cn/
上傳完再把連結貼出來

2007-05-09, 07:01 PM

http://www.badongo.com/file/2994768
壓縮檔!!
(應該收ㄉ到~~謝謝你囉^^)

plunderer · 2007-05-09, 07:16 PM

你上傳的檔案都沒問題

你再用 System Repair Engineer 掃一次
http://www.kztechs.com/sreng/download.html
把日誌發上來

2007-05-14, 01:28 AM

之前
防毒軟體卡巴司機偵測到Trojan-psw.win32.nilage.bjn位在C:\WINDOWS\System32\msdll.dll
後來我用優化大師去看開機有多執行兩個程式
我把他刪除後
再次開機卡巴司機就找不到了

請大大幫我再檢查一次還有沒有問題
謝謝

logfile of Trend Micro HijackThis v2.0.0 (BETA)
Scan saved at 上午 01:26:27, on 2007/5/14
Platform: Windows XP SP2 (WinNT 5.01.2600)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\NVIDIA Corporation\NvMixer\NVMixerTray.exe
C:\Program Files\Win2\Mouse\Amoumain.exe
D:\Program Files\ClipX\clipx.exe
C:\Program Files\Keymaestro\Multimedia Keyboard\MMKeybd.exe
C:\WINDOWS\system32\RunDll32.exe
C:\WINDOWS\tsnp2std.exe
C:\WINDOWS\vsnp2std.exe
D:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe
D:\Program Files\Kaspersky Lab\Kaspersky Internet Security 6.0\avp.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe
D:\Program Files\Microsoft ActiveSync\wcescomm.exe
C:\Program Files\Keymaestro\Multimedia Keyboard\TrayMon.exe
C:\Program Files\Keymaestro\Onscreen Display\OSD.exe
D:\Program Files\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe
d:\PROGRA~1\MICROS~1\rapimgr.exe
C:\Program Files\Common Files\VideoMate\ComproRemote.exe
C:\Program Files\Common Files\VideoMate\ComproSchedulerDTV.exe
D:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
D:\Program Files\HP\Digital Imaging\bin\hpqimzone.exe
D:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files\Keymaestro\Multimedia Keyboard\nhksrv.exe
D:\Program Files\Kaspersky Lab\Kaspersky Internet Security 6.0\avp.exe
D:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\HPZipm12.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
C:\Program Files\UPHClean\uphclean.exe
C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
D:\totalcmd\TOTALCMD.EXE
d:\Program Files\Maxthon\Maxthon.exe
D:\Program Files\FlashGet\flashget.exe
E:\軟體帝國\防毒軟體\HiJackThis_v2.exe

O1 - Hosts: 127.255.255.255 195.137.236.101
O1 - Hosts: 127.255.255.255 serial.alcohol-soft.com
O1 - Hosts: 127.255.255.255 www.alcohol-soft.com
O1 - Hosts: 127.255.255.255 images.alcohol-soft.com
O1 - Hosts: 127.255.255.255 trial.alcohol-soft.com
O1 - Hosts: 127.255.255.255 support.alcohol-soft.com
O1 - Hosts: 127.255.255.255 users.alcohol-soft.com
O1 - Hosts: 127.255.255.255 shop.alcohol-soft.com
O1 - Hosts: 127.255.255.255 195.137.236.101
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: IeCatch5 Class - {2F364306-AA45-47B5-9F9D-39A8B94E7EF7} - D:\PROGRA~1\FlashGet\jccatch.dll
O2 - BHO: BitComet ClickCapture - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - (no file)
O2 - BHO: (no name) - {724d43a9-0d85-11d4-9908-00400523e39a} - D:\Program Files\Siber Systems\AI RoboForm\roboform.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - D:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll
O2 - BHO: ALiBaBar_Helper - {CE439C63-384A-747A-A357-23D96B5D652B} - d:\PROGRA~1\ALiBaBar\ALiBaBar.dll
O3 - Toolbar: FlashGet Bar - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - D:\PROGRA~1\FlashGet\fgiebar.dll
O3 - Toolbar: &RoboForm - {724d43a0-0d85-11d4-9908-00400523e39a} - D:\Program Files\Siber Systems\AI RoboForm\roboform.dll
O3 - Toolbar: (no name) - {92B255FE-94E2-4BCA-958D-3926CE38913F} - (no file)
O3 - Toolbar: ALiBaBar - {0A1375E1-56C2-11D6-8E45-8933A0FB5235} - d:\PROGRA~1\ALiBaBar\ALiBaBar.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - D:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [NVMixerTray] "C:\Program Files\NVIDIA Corporation\NvMixer\NVMixerTray.exe"
O4 - HKLM\..\Run: [WheelMouse] C:\Program Files\Win2\Mouse\Amoumain.exe
O4 - HKLM\..\Run: [ClipX] D:\Program Files\ClipX\clipx.exe
O4 - HKLM\..\Run: [MULTIMEDIA KEYBOARD] C:\Program Files\Keymaestro\Multimedia Keyboard\MMKeybd.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [CmUsbSound] RunDll32 cmcnfgu.cpl,CMICtrlWnd
O4 - HKLM\..\Run: [tsnp2std] C:\WINDOWS\tsnp2std.exe
O4 - HKLM\..\Run: [snp2std] C:\WINDOWS\vsnp2std.exe
O4 - HKLM\..\Run: [Acrobat Assistant 8.0] "D:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe"
O4 - HKLM\..\Run: [AVP] "D:\Program Files\Kaspersky Lab\Kaspersky Internet Security 6.0\avp.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [H/PC Connection Agent] "D:\Program Files\Microsoft ActiveSync\wcescomm.exe"
O4 - HKCU\..\Run: [RoboForm] "D:\Program Files\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe"
O4 - HKUS\S-1-5-19\..\Run: [ctfmon.exe] ctfmon.exe (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\RunOnce: [nlpo_01] rundll32 advpack.dll,DelNodeRunDLL32 "C:\WINDOWS\Srchasst" (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\RunOnce: [nlpo_07] rundll32 advpack.dll,DelNodeRunDLL32 "%SystemRoot%\System32\dllcache" (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\RunOnce: [nlpo_08] cmd.exe /c md "%SystemRoot%\System32\dllcache" (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\RunOnce: [nlpo_11] cmd.exe /c md "%USERPROFILE%\Local Settings\Temp" (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\RunOnce: [nlpo_12] cmd.exe /C move /Y "%SystemRoot%\System32\syssetub.dll" "%SystemRoot%\System32\syssetup.dll" (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\RunOnce: [nlpo_13] rundll32 advpack.dll,LaunchINFSection nlite.inf,nLiteReg (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\RunOnce: [nlpo_14] rundll32 advpack.dll,LaunchINFSection nlite.inf,S (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [ctfmon.exe] ctfmon.exe (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [nlpo_01] rundll32 advpack.dll,DelNodeRunDLL32 "C:\WINDOWS\Srchasst" (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [ctfmon.exe] ctfmon.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [ctfmon.exe] ctfmon.exe (User 'Default user')

續下一篇

2007-05-14, 01:31 AM

O8 - Extra context menu item: + Offline &Explorer: Download the link - file://D:\Program Files\Offline Explorer Enterprise\Add_UrlO.htm
O8 - Extra context menu item: + Offline E&xplorer: Download the current page - file://D:\Program Files\Offline Explorer Enterprise\Add_AllO.htm
O8 - Extra context menu item: Download with Rapget - D:\Personal Style\RapGet\rapget.htm
O8 - Extra context menu item: RoboForm - file://D:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
O8 - Extra context menu item: 下載編碼內容(&D.S.Lite) - D:\Personal Style\DSLite2\dl_text.html
O8 - Extra context menu item: 下載編碼檔案內容(&D.S.Lite) - D:\Personal Style\DSLite2\dl_url.html
O8 - Extra context menu item: 使用 FlashGet 下載 - D:\Program Files\FlashGet\jc_link.htm
O8 - Extra context menu item: 儲存表格 - file://D:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html
O8 - Extra context menu item: 全部使用 FlashGet 下載 - D:\Program Files\FlashGet\jc_all.htm
O8 - Extra context menu item: 剪貼簿文字: 簡 > 繁 - res://d:\Program Files\ALiBaBar\ALiBaBar.dll/RT_HTML/ClipToTrad
O8 - Extra context menu item: 剪貼簿文字: 繁 > 簡 - res://d:\Program Files\ALiBaBar\ALiBaBar.dll/RT_HTML/ClipToSim
O8 - Extra context menu item: 加入至卡巴反橫幅廣告 - D:\Program Files\Kaspersky Lab\Kaspersky Internet Security 6.0\ie_banner_deny.htm
O8 - Extra context menu item: 匯出至 Microsoft Office Excel(&X) - res://C:\PROGRA~1\MICROS~1\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: 填表 - file://D:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html
O8 - Extra context menu item: 網頁: [簡體] 顯示 - res://d:\Program Files\ALiBaBar\ALiBaBar.dll/RT_HTML/PageToSim
O8 - Extra context menu item: 網頁: [繁體] 顯示 - res://d:\Program Files\ALiBaBar\ALiBaBar.dll/RT_HTML/PageToTrad
O8 - Extra context menu item: 自訂功能表 - file://D:\Program Files\Siber Systems\AI RoboForm\RoboFormComCustomizeIEMenu.html
O8 - Extra context menu item: 轉換到現有 PDF - res://D:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: 轉換為 Adobe PDF - res://D:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: 轉換連結目標到現有 PDF - res://D:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: 轉換連結目標為 Adobe PDF - res://D:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: 轉換選定的連結到現有 PDF - res://D:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: 轉換選定的連結為 Adobe PDF - res://D:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: 轉換選擇內容到現有 PDF - res://D:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: 轉換選擇內容為 Adobe PDF - res://D:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: 附加至現有 PDF - res://D:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O9 - Extra button: Web反病毒保護統計 - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - D:\Program Files\Kaspersky Lab\Kaspersky Internet Security 6.0\SCIEPlgn.dll
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - d:\PROGRA~1\MICROS~1\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - d:\PROGRA~1\MICROS~1\INetRepl.dll
O9 - Extra 'Tools' menuitem: 建立行動最愛... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - d:\PROGRA~1\MICROS~1\INetRepl.dll
O9 - Extra button: 填表 - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - file://D:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html
O9 - Extra 'Tools' menuitem: 填表 - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - file://D:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html
O9 - Extra button: 儲存 - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - file://D:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html
O9 - Extra 'Tools' menuitem: 儲存表格 - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - file://D:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html
O9 - Extra button: RoboForm - {724d43aa-0d85-11d4-9908-00400523e39a} - file://D:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
O9 - Extra 'Tools' menuitem: RoboForm - {724d43aa-0d85-11d4-9908-00400523e39a} - file://D:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
O9 - Extra button: 參考資料 - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~1\OFFICE11\REFIEBAR.DLL
O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - D:\PROGRA~1\FlashGet\flashget.exe
O9 - Extra 'Tools' menuitem: &FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - D:\PROGRA~1\FlashGet\flashget.exe
O9 - Extra button: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - d:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - d:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
O9 - Extra button: D.S.Lite - {F8475519-8412-4D40-A46E-692D9D04DF7F} - D:\Personal Style\DSLite2\DSLite.exe
O9 - Extra 'Tools' menuitem: &D.S.Lite - {F8475519-8412-4D40-A46E-692D9D04DF7F} - D:\Personal Style\DSLite2\DSLite.exe
O12 - Plugin for .UVR: C:\Program Files\Internet Explorer\Plugins\NPUPano.dll
O15 - Trusted Zone: *.intra.sinyi.com.tw

續下篇

2007-05-14, 01:32 AM

O16 - DPF: {0529C017-5781-11D3-B2F5-006097808AD4} (cPUDownLoad.DownLoad) - http://ntn08.intra.sinyi.com.tw/down...PUDownLoad.CAB
O16 - DPF: {0B891305-3BF4-11D6-939C-001060501170} (XCsp Control) - https://ebank.taipeifubon.com.tw/iba...d/ICReader.cab
O16 - DPF: {0CF64D95-A515-453D-B289-51D268059C05} (BSPatm Control) - https://atm.mma.com.tw/help/BSPatm.cab
O16 - DPF: {0D2163D5-A855-425C-A472-F0B7C5E3CEE4} (JWCC.Fuhwa Class) - https://superatm.tw/jwss/JWCC.cab
O16 - DPF: {11B27AD7-BF74-4C5F-99E3-FBB1764D7863} (DisFisc Control) - https://eatm.chb.com.tw/DisFiscOcx.cab
O16 - DPF: {12755229-656A-4508-BC94-2DA4D314B4C8} (CathayMyATM.ATMFunc) - https://www.mybank.com.tw/myatm/cab/CathayMyATM.CAB
O16 - DPF: {1DA5C656-9514-42CC-B7A2-5012BAF47C26} (JWCC.SCSB Class) - https://eatm.scsb.com.tw/JWSSAdmin/JWCC.cab
O16 - DPF: {272B8D21-5304-4529-BD3D-1CF392342F7D} (ICBC XCsp) - https://netbank.megabank.com.tw/natm/ICBCNetATM.CAB
O16 - DPF: {2B38E40E-977D-4767-919C-2AA29C041618} (BOT Class) - https://ebank.bot.com.tw/FCard/NetATM/FCards.CAB
O16 - DPF: {476AB17F-EBF8-402D-82F8-3532A4A7A997} (SKBankICX Control) - https://skatm.skbank.com.tw/WebATMCl.../SKBankICX.cab
O16 - DPF: {50C5D090-EF76-40AF-95B5-2F986A33E1C9} (COSEATM.COSMOSEATM) - https://iccard.cosmosbank.com.tw/eatm/COSEATM.CAB
O16 - DPF: {5C253D25-00FD-4703-9924-E53792DF98C9} (CathayMyATM2.EsConn) - https://www.mybank.com.tw/MyATM/cab/CathayMyATM2.CAB
O16 - DPF: {5D5EF079-C21D-47EE-9249-D4E89C8D3E43} (BullCSP Class) - https://my.taishinbank.com.tw/ActiveX/eATM/Bull.cab
O16 - DPF: {60314951-54B6-11D3-AC43-00C0DFE9982C} (BWZipCompress304.MaqZip) - http://ntn08.intra.sinyi.com.tw/down...b/bw6zp34r.CAB
O16 - DPF: {603B9E6C-0467-4C23-8098-ACC2ED6FEB75} (TSBankTSCC Class) - https://my.taishinbank.com.tw/ActiveX/eATM/TSBANK.cab
O16 - DPF: {611C39BF-602B-4B85-A900-EE35F8A67ADB} (ChinFonICX Control) - https://ebank.chinfonbank.com.tw/Web...nt/BankICX.cab
O16 - DPF: {7067DEA7-8C20-4519-8615-B1829371D8B9} (CTCBWebATM Control) - https://family.chinatrust.com.tw/Web...CTCBWebATM.cab
O16 - DPF: {75A89484-8152-461B-87B0-4D253259E972} (HnBkClientATM Control) - https://www.smartatm.com.tw/eatm/com...kClientATM.cab
O16 - DPF: {782C3F53-C15C-11D7-9B82-0000E2384C92} (CscPki Class) - http://202.173.40.131/pland-bin/APLAND/DsWarpper.cab
O16 - DPF: {7E78800E-A2D2-4F9F-A117-1A439524AFF7} (Feib Class) - https://ebank.feib.com.tw/netbank/ht...sp/FeibATM.cab
O16 - DPF: {85639023-02F7-40CD-8201-736F92F70BA3} (CHINESE Class) - https://webatm.chinesebank.com.tw/CHINESEBANKATM.cab
O16 - DPF: {9834A545-C06B-44B1-B007-18A452D37004} (First Class) - https://eatm.firstbank.com.tw/firstbankATM.cab
O16 - DPF: {C0F4471E-DF4F-4D02-9D2D-CF33B0724A1C} (TRUSTATMPOST Control) - https://webatm.post.gov.tw/postatm/TRUSTATMPOST5.cab
O16 - DPF: {C6F0A072-E757-4C8C-A8FC-BD5A49738BCC} (P7CAPI Control) - http://ntn24.intra.sinyi.com.tw/mwse...gin/P7CAPI.cab
O16 - DPF: {D1373A6E-1008-4F29-BB5D-608268E036CB} (HIB_AX2005 Class) - https://eatm.hibank.com.tw/HIBEATM.CAB
O16 - DPF: {EA71C52E-75B1-4A60-BCB7-48E6410FDC26} (TBBICX Control) - https://eatm.tbb.com.tw/TBBICX.cab
O16 - DPF: {F0754118-706B-4E14-8ED9-96E7A18DB894} (XCSP Class) - https://netbank.esunbank.com.tw/webatm/cabs/esuncsp.cab
O16 - DPF: {F9A2A26C-07E3-4B16-8787-6F6051304730} (TCB EATM Object) - https://eatm.tcb-bank.com.tw/EATM.cab
O16 - DPF: {FECA83B5-8E6A-4E3E-B8FD-C2162EE722B5} (NetATM Class) - https://ebank.landbank.com.tw/EATM/TWCA.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{323DD919-1CA4-4B72-982D-7696D9907268}: NameServer = 168.95.192.1 168.95.1.1
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - AppInit_DLLs: D:\PROGRA~1\KASPER~1\KASPER~1.0\adialhk.dll
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Kaspersky Internet Security 6.0 (AVP) - Kaspersky Lab - D:\Program Files\Kaspersky Lab\Kaspersky Internet Security 6.0\avp.exe
O23 - Service: BlueSoleil Hid Service - Unknown owner - D:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Netropa NHK Server (nhksrv) - Unknown owner - C:\Program Files\Keymaestro\Multimedia Keyboard\nhksrv.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe

--
End of file - 17443 bytes

plunderer · 2007-05-14, 07:32 AM

O2 - BHO: BitComet ClickCapture - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - (no file)

O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)

O3 - Toolbar: (no name) - {92B255FE-94E2-4BCA-958D-3926CE38913F} - (no file)

這些已失效, 可以修復, 其他沒甚麼問題

不過 016 項的網頁 ActiveX 物件似乎多了點, 若你確定哪些是安全的, 就留著, 若不確定, 最好修復

2007-05-14, 09:53 AM

剛重灌沒幾天就出現木馬，煩請plunderer大幫我看一下
avs的訊息看來，被感染的好像是 msdll.dll 感染的木馬是 Trojan-PSW.win32.nilage.bjn

AVS的紅色框框一直跳出來，跳的我都快心臟病發了...

以下是我的hijackthis log

Logfile of HijackThis v1.99.1
Scan saved at 上午 09:26:07, on 2007/5/14
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\AOL\Active Virus Shield\avp.exe
C:\Program Files\Symantec\Norton Ghost 2003\GhostStartService.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\WINDOWS\system32\Ati2evxx.exe
c:\windows\installer\services.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\Program Files\Symantec\Norton Ghost 2003\GhostStartTrayApp.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe
C:\Program Files\AOL\Active Virus Shield\avp.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Microangelo\muamgr.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\WINDOWS\system32\wuauclt.exe
c:\program files\common files\installshield\updateservice\isuspm.exe
C:\Program Files\Common Files\InstallShield\UpdateService\agent.exe
C:\Program Files\Outlook Express\msimn.exe
C:\Program Files\Adobe\Adobe Illustrator CS2\Support Files\Contents\Windows\Illustrator.exe
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\Adobelm_Cleanup.0001
C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\Adobelm_Cleanup.0001
C:\Documents and Settings\Administrator\桌面\hijackthis\HijackThis.exe

F2 - REG:system.ini: UserInit=c:\windows\system32\userinit.exe,c:\windows\installer\services.exe,
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: AcroIEToolbarHelper Class - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll
O4 - HKLM\..\Run: [IMJPMIG8.1] C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [GhostStartTrayApp] C:\Program Files\Symantec\Norton Ghost 2003\GhostStartTrayApp.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [CJIMETIPSYNC] C:\Program Files\Common Files\Microsoft Shared\IME\IMTC65\CHANGJIE\CINTLCFG.EXE /CJIMETIPSync
O4 - HKLM\..\Run: [PHIMETIPSYNC] C:\Program Files\Common Files\Microsoft Shared\IME\IMTC65\PHONETIC\TINTLCFG.EXE /PHIMETIPSync
O4 - HKLM\..\Run: [Acrobat Assistant 7.0] "C:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe"
O4 - HKLM\..\Run: [aol] "C:\Program Files\AOL\Active Virus Shield\avp.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O8 - Extra context menu item: Save Flash - res://C:\Program Files\UnH Solutions\Flash Saving Plugin\FlashSButton.dll/210
O8 - Extra context menu item: 匯出至 Microsoft Excel(&X) - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: 匯出至 Microsoft Office Excel(&X) - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: 轉換到現有 PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: 轉換為 Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: 轉換連結目標到現有 PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: 轉換連結目標為 Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: 轉換選定的連結到現有 PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: 轉換選定的連結為 Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: 轉換選擇內容到現有 PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: 轉換選擇內容為 Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O9 - Extra button: 參考資料 - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra button: Flash - {43CF38F3-5AEC-45a3-AD31-04EB06E9C6CA} - C:\Program Files\UnH Solutions\Flash Saving Plugin\FlashSButton.dll (HKCU)
O17 - HKLM\System\CCS\Services\Tcpip\..\{6AA622B7-D58A-4445-8178-EEF908D73D96}: NameServer = 168.95.1.1,61.63.20.101
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O20 - Winlogon Notify: klogon - C:\WINDOWS\system32\klogon.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: Active Virus Shield (AVP) - Unknown owner - C:\Program Files\AOL\Active Virus Shield\avp.exe" -r (file missing)
O23 - Service: GhostStartService - Symantec Corporation - C:\Program Files\Symantec\Norton Ghost 2003\GhostStartService.exe
O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe

plunderer大要麻煩你了。
ps.另外請問plunderer大，是否有hijackthis的教學呀
因為一堆像 O2、O3、F2之類都看不懂說 = ="

plunderer · 2007-05-14, 10:55 AM

引用:

作者: btofnc

剛重灌沒幾天就出現木馬，煩請plunderer大幫我看一下
avs的訊息看來，被感染的好像是 msdll.dll 感染的木馬是 Trojan-PSW.win32.nilage.bjn

AVS的紅色框框一直跳出來，跳的我都快心臟病發了...

以下是我的hijackthis log

ps.另外請問plunderer大，是否有hijackthis的教學呀
因為一堆像 O2、O3、F2之類都看不懂說 = ="

F2 - REG:system.ini: UserInit=c:\windows\system32\userinit.exe,c:\windows\installer\services.exe,

O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)

你的情況和之前幾位一樣, 問題都出在 F2 - REG:system.ini: UserInit=c:\windows\system32\userinit.exe,c:\windows\installer\services.exe,
莫非這是流行病毒?? 有必要追蹤一下來源....

勾選並修復上面列出的項目, 重新開機, 以安全模式登入 windows 刪除下列檔案:
c:\windows\installer\services.exe
c:\windows\system32\msdll.dll (若有的話)
注意: msdll.dll 是被c:\windows\installer\services.exe 調用, 要確定刪除了
c:\windows\installer\services.exe 才能刪得掉 msdll.dll

hijackthis 日誌的判讀教學用 google 搜尋 "hijackthis 日誌" 就能找到很多, 不過內容大同小異...但每個人系統使用情況不同, 未必能以 hijackthis 解決所有問題,

最簡單的判讀法是看日誌中哪些是你不清楚的檔案或網址, 然後用 google 搜尋相關資料, 確定有問題就修復並刪除檔案
不過 hijackthis日誌中少部分項目不能直接修復(會使系統不能正常使用), 所以若不是很熟悉, 修復前最好還是上網找找專門的修復法

還有就是經常看別人的日誌, 久而久之經驗累積, 判讀日誌就容易多了

2007-05-14, 11:24 AM

引用:

作者: plunderer

F2 - REG:system.ini: UserInit=c:\windows\system32\userinit.exe,c:\windows\installer\services.exe,

O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)

你的情況和之前幾位一樣, 問題都出在 F2 - REG:system.ini: UserInit=c:\windows\system32\userinit.exe,c:\windows\installer\services.exe,
莫非這是流行病毒?? 有必要追蹤一下來源....

勾選並修復上面列出的項目, 重新開機, 以安全模式登入 windows 刪除下列檔案:
c:\windows\installer\services.exe
c:\windows\system32\msdll.dll (若有的話)
注意: msdll.dll 是被c:\windows\installer\services.exe 調用, 要確定刪除了
c:\windows\installer\services.exe 才能刪得掉 msdll.dll

hijackthis 日誌的判讀教學用 google 搜尋 "hijackthis 日誌" 就能找到很多, 不過內容大同小異...但每個人系統使用情況不同, 未必能以 hijackthis 解決所有問題,

最簡單的判讀法是看日誌中哪些是你不清楚的檔案或網址, 然後用 google 搜尋相關資料, 確定有問題就修復並刪除檔案
不過 hijackthis日誌中少部分項目不能直接修復(會使系統不能正常使用), 所以若不是很熟悉, 修復前最好還是上網找找專門的修復法

還有就是經常看別人的日誌, 久而久之經驗累積, 判讀日誌就容易多了

感謝您的回覆，我現在就去試試看。
hijackthis真的是個不錯用的東西
所以我想學著看它的log所代表的意義，畢竟總不能老是要靠別人幫忙。
再次感謝。

plunderer · 2007-05-21, 07:34 PM

引用:

作者: jengyau

請大哥們幫幫忙..
我的IE無法看網站和MSN都無法登入，但用FireFox卻可以看網站...
以下是SREngLogo

http://www.jengyau.com.tw/SREngLOG-960521.log
因為無法用那麼多字力我傳到網路上去

感激不敬

Winsock Provider 部分空白, 不太正常...

在 SREng 視窗的 "Syetem repair" 選擇 Winsock Provider, 按下面紅字 " reset all to defaule values"

日誌太長了, 看的人累, 你修復也累....

若還是有問題, 用 HiJackThis 掃描
http://www.trendsecure.com/portal/en...ackThis_v2.exe
把 log 貼上來

longshw · 2007-06-02, 07:39 PM

Logfile of Trend Micro HijackThis v2.0.0 (BETA)
Scan saved at 下午 07:40:19, on 2007/6/2
Platform: Windows XP SP2 (WinNT 5.01.2600)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\RTHDCPL.EXE
C:\WINDOWS\system32\RunDLL32.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Google\Gmail Notifier\gnotify.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
C:\Program Files\Lavasoft\Ad-Aware SE Professional\Ad-Watch.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\system32\conime.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\Administrator\桌面\HiJackThis_v2.exe

O2 - BHO: Yahoo! Companion BHO - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\ycomp5_6_0_1.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\PROGRA~1\Skype\Phone\IEPlugin\SKYPEI~1.DLL
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: &Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\ycomp5_6_0_1.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: Dr.eye WebPage Translation - {92B255FE-94E2-4BCA-958D-3926CE38913F} - C:\Program Files\Inventec\Dreye\DreyeMT\DreyeIEBar.dll
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [SkyTel] SkyTel.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [JMB36X IDE Setup] C:\WINDOWS\JM\JMInsIDE.exe
O4 - HKLM\..\Run: [36X Raid Configurer] C:\WINDOWS\system32\JMRaidSetup.exe boot
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RunDLL32.exe NvMCTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [PHIMETIPSYNC] C:\Program Files\Common Files\Microsoft Shared\IME\IMTC65\Phonetic\TINTLCFG.EXE /PHIMETIPSync
O4 - HKLM\..\Run: [{0228e555-4f9c-4e35-a3ec-b109a192b4c2}] C:\Program Files\Google\Gmail Notifier\gnotify.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\CTFMON.EXE
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [AWMON] "C:\Program Files\Lavasoft\Ad-Aware SE Professional\Ad-Watch.exe"
O4 - HKUS\S-1-5-19\..\Run: [ctfmon.exe] ctfmon.exe (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\RunOnce: [nlpo_02] rundll32 advpack.dll,DelNodeRunDLL32 "%SystemRoot%\System32\dllcache" (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\RunOnce: [nlpo_11] cmd.exe /C move /Y "%SystemRoot%\System32\syssetub.dll" "%SystemRoot%\System32\syssetup.dll" (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\RunOnce: [nlpo_12] rundll32 advpack.dll,LaunchINFSection nlite.inf,nLiteReg (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\RunOnce: [nlpo_13] rundll32 advpack.dll,LaunchINFSection nlite.inf,S (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [ctfmon.exe] ctfmon.exe (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [nlpo_02] rundll32 advpack.dll,DelNodeRunDLL32 "%SystemRoot%\System32\dllcache" (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [ctfmon.exe] ctfmon.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [ctfmon.exe] ctfmon.exe (User 'Default user')
O8 - Extra context menu item: 匯出至 Microsoft Excel(&X) - res://C:\PROGRA~1\MICROS~1\Office10\EXCEL.EXE/3000
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\PROGRA~1\Skype\Phone\IEPlugin\SKYPEI~1.DLL
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

--
End of file - 5613 bytes

大大可以幫我看看嗎?
電腦有點問題

plunderer · 2007-06-02, 07:59 PM

引用:

作者: longshw

Logfile of Trend Micro HijackThis v2.0.0 (BETA)
Scan saved at 下午 07:40:19, on 2007/6/2
Platform: Windows XP SP2 (WinNT 5.01.2600)
Boot mode: Normal

大大可以幫我看看嗎?
電腦有點問題

你的日誌看起來正常
請具體說明電腦的狀況

albonchang · 2007-06-04, 10:51 PM

題外~~
請問plunderer大
12KM論壇舊網址失連，可否請您提供新網址
另外~~
請問您是不是卡飯論壇跟電腦安防論壇會員??
呵呵~這兩個論壇需要推薦

如果您是可不可以請您推薦??

2007-03-16, 06:37 AM
quasar 長老會員榮譽勳章勳章總數 UID - 6696 在線等級: 註冊日期: 2002-12-08 文章: 12085 精華: 0 現金: 311 金幣資產: 6570606 金幣	求助 - 中毒Trojan-psw.win32.magania.im 執行模組service.exe\service.exe 我用卡巴司機找出來的刪不掉一直出現~~

	送花文章: 63581, 收花文章: 9830 篇, 收花: 56093 次

2007-05-09, 06:10 PM	#46 (permalink)
aries 榮譽勳章勳章總數 UID - 在線等級: 文章: n/a 精華:	給plunderer大大: 可是我沒辦法將那些程式傳給你耶!! 因為我好像只是註冊會員ㄉ關係所以無法上傳附件給你耶!! 怎辦??
aries 榮譽勳章勳章總數 UID - 在線等級: 文章: n/a 精華:
	送花文章: 0, 收花文章: 0 篇, 收花: 0 次

2007-05-09, 06:36 PM	#47 (permalink)
plunderer 長老會員榮譽勳章勳章總數8 UID - 74024 在線等級: 註冊日期: 2003-05-31 文章: 1399 精華: 0 現金: 507220 金幣資產: 608580 金幣	上傳到這裡 http://www.badongo.com/cn/ 上傳完再把連結貼出來
	__________________ 刑天舞干戚
	送花文章: 6, 收花文章: 575 篇, 收花: 1747 次

2007-05-09, 07:01 PM	#48 (permalink)
aries 榮譽勳章勳章總數 UID - 在線等級: 文章: n/a 精華:	http://www.badongo.com/file/2994768 壓縮檔!! (應該收ㄉ到~~謝謝你囉^^)
aries 榮譽勳章勳章總數 UID - 在線等級: 文章: n/a 精華:
	送花文章: 0, 收花文章: 0 篇, 收花: 0 次

2007-05-09, 07:16 PM	#49 (permalink)
plunderer 長老會員榮譽勳章勳章總數8 UID - 74024 在線等級: 註冊日期: 2003-05-31 文章: 1399 精華: 0 現金: 507220 金幣資產: 608580 金幣	你上傳的檔案都沒問題你再用 System Repair Engineer 掃一次 http://www.kztechs.com/sreng/download.html 把日誌發上來

	送花文章: 6, 收花文章: 575 篇, 收花: 1747 次

2007-05-14, 01:28 AM	#50 (permalink)
shear 榮譽勳章勳章總數 UID - 在線等級: 文章: n/a 精華:	之前防毒軟體卡巴司機偵測到Trojan-psw.win32.nilage.bjn位在C:\WINDOWS\System32\msdll.dll 後來我用優化大師去看開機有多執行兩個程式我把他刪除後再次開機卡巴司機就找不到了請大大幫我再檢查一次還有沒有問題謝謝 logfile of Trend Micro HijackThis v2.0.0 (BETA) Scan saved at 上午 01:26:27, on 2007/5/14 Platform: Windows XP SP2 (WinNT 5.01.2600) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\system32\rundll32.exe C:\Program Files\NVIDIA Corporation\NvMixer\NVMixerTray.exe C:\Program Files\Win2\Mouse\Amoumain.exe D:\Program Files\ClipX\clipx.exe C:\Program Files\Keymaestro\Multimedia Keyboard\MMKeybd.exe C:\WINDOWS\system32\RunDll32.exe C:\WINDOWS\tsnp2std.exe C:\WINDOWS\vsnp2std.exe D:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe D:\Program Files\Kaspersky Lab\Kaspersky Internet Security 6.0\avp.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe D:\Program Files\Microsoft ActiveSync\wcescomm.exe C:\Program Files\Keymaestro\Multimedia Keyboard\TrayMon.exe C:\Program Files\Keymaestro\Onscreen Display\OSD.exe D:\Program Files\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe d:\PROGRA~1\MICROS~1\rapimgr.exe C:\Program Files\Common Files\VideoMate\ComproRemote.exe C:\Program Files\Common Files\VideoMate\ComproSchedulerDTV.exe D:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe D:\Program Files\HP\Digital Imaging\bin\hpqimzone.exe D:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe C:\Program Files\Keymaestro\Multimedia Keyboard\nhksrv.exe D:\Program Files\Kaspersky Lab\Kaspersky Internet Security 6.0\avp.exe D:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE C:\WINDOWS\system32\HPZipm12.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe C:\Program Files\UPHClean\uphclean.exe C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe D:\totalcmd\TOTALCMD.EXE d:\Program Files\Maxthon\Maxthon.exe D:\Program Files\FlashGet\flashget.exe E:\軟體帝國\防毒軟體\HiJackThis_v2.exe O1 - Hosts: 127.255.255.255 195.137.236.101 O1 - Hosts: 127.255.255.255 serial.alcohol-soft.com O1 - Hosts: 127.255.255.255 www.alcohol-soft.com O1 - Hosts: 127.255.255.255 images.alcohol-soft.com O1 - Hosts: 127.255.255.255 trial.alcohol-soft.com O1 - Hosts: 127.255.255.255 support.alcohol-soft.com O1 - Hosts: 127.255.255.255 users.alcohol-soft.com O1 - Hosts: 127.255.255.255 shop.alcohol-soft.com O1 - Hosts: 127.255.255.255 195.137.236.101 O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll O2 - BHO: IeCatch5 Class - {2F364306-AA45-47B5-9F9D-39A8B94E7EF7} - D:\PROGRA~1\FlashGet\jccatch.dll O2 - BHO: BitComet ClickCapture - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - (no file) O2 - BHO: (no name) - {724d43a9-0d85-11d4-9908-00400523e39a} - D:\Program Files\Siber Systems\AI RoboForm\roboform.dll O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file) O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - D:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll O2 - BHO: ALiBaBar_Helper - {CE439C63-384A-747A-A357-23D96B5D652B} - d:\PROGRA~1\ALiBaBar\ALiBaBar.dll O3 - Toolbar: FlashGet Bar - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - D:\PROGRA~1\FlashGet\fgiebar.dll O3 - Toolbar: &RoboForm - {724d43a0-0d85-11d4-9908-00400523e39a} - D:\Program Files\Siber Systems\AI RoboForm\roboform.dll O3 - Toolbar: (no name) - {92B255FE-94E2-4BCA-958D-3926CE38913F} - (no file) O3 - Toolbar: ALiBaBar - {0A1375E1-56C2-11D6-8E45-8933A0FB5235} - d:\PROGRA~1\ALiBaBar\ALiBaBar.dll O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - D:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent O4 - HKLM\..\Run: [NVMixerTray] "C:\Program Files\NVIDIA Corporation\NvMixer\NVMixerTray.exe" O4 - HKLM\..\Run: [WheelMouse] C:\Program Files\Win2\Mouse\Amoumain.exe O4 - HKLM\..\Run: [ClipX] D:\Program Files\ClipX\clipx.exe O4 - HKLM\..\Run: [MULTIMEDIA KEYBOARD] C:\Program Files\Keymaestro\Multimedia Keyboard\MMKeybd.exe O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe O4 - HKLM\..\Run: [CmUsbSound] RunDll32 cmcnfgu.cpl,CMICtrlWnd O4 - HKLM\..\Run: [tsnp2std] C:\WINDOWS\tsnp2std.exe O4 - HKLM\..\Run: [snp2std] C:\WINDOWS\vsnp2std.exe O4 - HKLM\..\Run: [Acrobat Assistant 8.0] "D:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe" O4 - HKLM\..\Run: [AVP] "D:\Program Files\Kaspersky Lab\Kaspersky Internet Security 6.0\avp.exe" O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe" O4 - HKCU\..\Run: [H/PC Connection Agent] "D:\Program Files\Microsoft ActiveSync\wcescomm.exe" O4 - HKCU\..\Run: [RoboForm] "D:\Program Files\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe" O4 - HKUS\S-1-5-19\..\Run: [ctfmon.exe] ctfmon.exe (User 'LOCAL SERVICE') O4 - HKUS\S-1-5-19\..\RunOnce: [nlpo_01] rundll32 advpack.dll,DelNodeRunDLL32 "C:\WINDOWS\Srchasst" (User 'LOCAL SERVICE') O4 - HKUS\S-1-5-19\..\RunOnce: [nlpo_07] rundll32 advpack.dll,DelNodeRunDLL32 "%SystemRoot%\System32\dllcache" (User 'LOCAL SERVICE') O4 - HKUS\S-1-5-19\..\RunOnce: [nlpo_08] cmd.exe /c md "%SystemRoot%\System32\dllcache" (User 'LOCAL SERVICE') O4 - HKUS\S-1-5-19\..\RunOnce: [nlpo_11] cmd.exe /c md "%USERPROFILE%\Local Settings\Temp" (User 'LOCAL SERVICE') O4 - HKUS\S-1-5-19\..\RunOnce: [nlpo_12] cmd.exe /C move /Y "%SystemRoot%\System32\syssetub.dll" "%SystemRoot%\System32\syssetup.dll" (User 'LOCAL SERVICE') O4 - HKUS\S-1-5-19\..\RunOnce: [nlpo_13] rundll32 advpack.dll,LaunchINFSection nlite.inf,nLiteReg (User 'LOCAL SERVICE') O4 - HKUS\S-1-5-19\..\RunOnce: [nlpo_14] rundll32 advpack.dll,LaunchINFSection nlite.inf,S (User 'LOCAL SERVICE') O4 - HKUS\S-1-5-20\..\Run: [ctfmon.exe] ctfmon.exe (User 'NETWORK SERVICE') O4 - HKUS\S-1-5-20\..\RunOnce: [nlpo_01] rundll32 advpack.dll,DelNodeRunDLL32 "C:\WINDOWS\Srchasst" (User 'NETWORK SERVICE') O4 - HKUS\S-1-5-18\..\Run: [ctfmon.exe] ctfmon.exe (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [ctfmon.exe] ctfmon.exe (User 'Default user') 續下一篇
shear 榮譽勳章勳章總數 UID - 在線等級: 文章: n/a 精華:
	送花文章: 0, 收花文章: 0 篇, 收花: 0 次

2007-05-14, 01:31 AM	#51 (permalink)
shear 榮譽勳章勳章總數 UID - 在線等級: 文章: n/a 精華:	O8 - Extra context menu item: + Offline &Explorer: Download the link - file://D:\Program Files\Offline Explorer Enterprise\Add_UrlO.htm O8 - Extra context menu item: + Offline E&xplorer: Download the current page - file://D:\Program Files\Offline Explorer Enterprise\Add_AllO.htm O8 - Extra context menu item: Download with Rapget - D:\Personal Style\RapGet\rapget.htm O8 - Extra context menu item: RoboForm - file://D:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html O8 - Extra context menu item: 下載編碼內容(&D.S.Lite) - D:\Personal Style\DSLite2\dl_text.html O8 - Extra context menu item: 下載編碼檔案內容(&D.S.Lite) - D:\Personal Style\DSLite2\dl_url.html O8 - Extra context menu item: 使用 FlashGet 下載 - D:\Program Files\FlashGet\jc_link.htm O8 - Extra context menu item: 儲存表格 - file://D:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html O8 - Extra context menu item: 全部使用 FlashGet 下載 - D:\Program Files\FlashGet\jc_all.htm O8 - Extra context menu item: 剪貼簿文字: 簡 > 繁 - res://d:\Program Files\ALiBaBar\ALiBaBar.dll/RT_HTML/ClipToTrad O8 - Extra context menu item: 剪貼簿文字: 繁 > 簡 - res://d:\Program Files\ALiBaBar\ALiBaBar.dll/RT_HTML/ClipToSim O8 - Extra context menu item: 加入至卡巴反橫幅廣告 - D:\Program Files\Kaspersky Lab\Kaspersky Internet Security 6.0\ie_banner_deny.htm O8 - Extra context menu item: 匯出至 Microsoft Office Excel(&X) - res://C:\PROGRA~1\MICROS~1\OFFICE11\EXCEL.EXE/3000 O8 - Extra context menu item: 填表 - file://D:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html O8 - Extra context menu item: 網頁: [簡體] 顯示 - res://d:\Program Files\ALiBaBar\ALiBaBar.dll/RT_HTML/PageToSim O8 - Extra context menu item: 網頁: [繁體] 顯示 - res://d:\Program Files\ALiBaBar\ALiBaBar.dll/RT_HTML/PageToTrad O8 - Extra context menu item: 自訂功能表 - file://D:\Program Files\Siber Systems\AI RoboForm\RoboFormComCustomizeIEMenu.html O8 - Extra context menu item: 轉換到現有 PDF - res://D:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html O8 - Extra context menu item: 轉換為 Adobe PDF - res://D:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html O8 - Extra context menu item: 轉換連結目標到現有 PDF - res://D:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html O8 - Extra context menu item: 轉換連結目標為 Adobe PDF - res://D:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html O8 - Extra context menu item: 轉換選定的連結到現有 PDF - res://D:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html O8 - Extra context menu item: 轉換選定的連結為 Adobe PDF - res://D:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html O8 - Extra context menu item: 轉換選擇內容到現有 PDF - res://D:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html O8 - Extra context menu item: 轉換選擇內容為 Adobe PDF - res://D:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html O8 - Extra context menu item: 附加至現有 PDF - res://D:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html O9 - Extra button: Web反病毒保護統計 - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - D:\Program Files\Kaspersky Lab\Kaspersky Internet Security 6.0\SCIEPlgn.dll O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - d:\PROGRA~1\MICROS~1\INetRepl.dll O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - d:\PROGRA~1\MICROS~1\INetRepl.dll O9 - Extra 'Tools' menuitem: 建立行動最愛... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - d:\PROGRA~1\MICROS~1\INetRepl.dll O9 - Extra button: 填表 - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - file://D:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html O9 - Extra 'Tools' menuitem: 填表 - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - file://D:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html O9 - Extra button: 儲存 - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - file://D:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html O9 - Extra 'Tools' menuitem: 儲存表格 - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - file://D:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html O9 - Extra button: RoboForm - {724d43aa-0d85-11d4-9908-00400523e39a} - file://D:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html O9 - Extra 'Tools' menuitem: RoboForm - {724d43aa-0d85-11d4-9908-00400523e39a} - file://D:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html O9 - Extra button: 參考資料 - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~1\OFFICE11\REFIEBAR.DLL O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - D:\PROGRA~1\FlashGet\flashget.exe O9 - Extra 'Tools' menuitem: &FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - D:\PROGRA~1\FlashGet\flashget.exe O9 - Extra button: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - d:\Program Files\Yahoo!\Messenger\YahooMessenger.exe O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - d:\Program Files\Yahoo!\Messenger\YahooMessenger.exe O9 - Extra button: D.S.Lite - {F8475519-8412-4D40-A46E-692D9D04DF7F} - D:\Personal Style\DSLite2\DSLite.exe O9 - Extra 'Tools' menuitem: &D.S.Lite - {F8475519-8412-4D40-A46E-692D9D04DF7F} - D:\Personal Style\DSLite2\DSLite.exe O12 - Plugin for .UVR: C:\Program Files\Internet Explorer\Plugins\NPUPano.dll O15 - Trusted Zone: *.intra.sinyi.com.tw 續下篇
shear 榮譽勳章勳章總數 UID - 在線等級: 文章: n/a 精華:
	送花文章: 0, 收花文章: 0 篇, 收花: 0 次

2007-05-14, 01:32 AM	#52 (permalink)
shear 榮譽勳章勳章總數 UID - 在線等級: 文章: n/a 精華:	O16 - DPF: {0529C017-5781-11D3-B2F5-006097808AD4} (cPUDownLoad.DownLoad) - http://ntn08.intra.sinyi.com.tw/down...PUDownLoad.CAB O16 - DPF: {0B891305-3BF4-11D6-939C-001060501170} (XCsp Control) - https://ebank.taipeifubon.com.tw/iba...d/ICReader.cab O16 - DPF: {0CF64D95-A515-453D-B289-51D268059C05} (BSPatm Control) - https://atm.mma.com.tw/help/BSPatm.cab O16 - DPF: {0D2163D5-A855-425C-A472-F0B7C5E3CEE4} (JWCC.Fuhwa Class) - https://superatm.tw/jwss/JWCC.cab O16 - DPF: {11B27AD7-BF74-4C5F-99E3-FBB1764D7863} (DisFisc Control) - https://eatm.chb.com.tw/DisFiscOcx.cab O16 - DPF: {12755229-656A-4508-BC94-2DA4D314B4C8} (CathayMyATM.ATMFunc) - https://www.mybank.com.tw/myatm/cab/CathayMyATM.CAB O16 - DPF: {1DA5C656-9514-42CC-B7A2-5012BAF47C26} (JWCC.SCSB Class) - https://eatm.scsb.com.tw/JWSSAdmin/JWCC.cab O16 - DPF: {272B8D21-5304-4529-BD3D-1CF392342F7D} (ICBC XCsp) - https://netbank.megabank.com.tw/natm/ICBCNetATM.CAB O16 - DPF: {2B38E40E-977D-4767-919C-2AA29C041618} (BOT Class) - https://ebank.bot.com.tw/FCard/NetATM/FCards.CAB O16 - DPF: {476AB17F-EBF8-402D-82F8-3532A4A7A997} (SKBankICX Control) - https://skatm.skbank.com.tw/WebATMCl.../SKBankICX.cab O16 - DPF: {50C5D090-EF76-40AF-95B5-2F986A33E1C9} (COSEATM.COSMOSEATM) - https://iccard.cosmosbank.com.tw/eatm/COSEATM.CAB O16 - DPF: {5C253D25-00FD-4703-9924-E53792DF98C9} (CathayMyATM2.EsConn) - https://www.mybank.com.tw/MyATM/cab/CathayMyATM2.CAB O16 - DPF: {5D5EF079-C21D-47EE-9249-D4E89C8D3E43} (BullCSP Class) - https://my.taishinbank.com.tw/ActiveX/eATM/Bull.cab O16 - DPF: {60314951-54B6-11D3-AC43-00C0DFE9982C} (BWZipCompress304.MaqZip) - http://ntn08.intra.sinyi.com.tw/down...b/bw6zp34r.CAB O16 - DPF: {603B9E6C-0467-4C23-8098-ACC2ED6FEB75} (TSBankTSCC Class) - https://my.taishinbank.com.tw/ActiveX/eATM/TSBANK.cab O16 - DPF: {611C39BF-602B-4B85-A900-EE35F8A67ADB} (ChinFonICX Control) - https://ebank.chinfonbank.com.tw/Web...nt/BankICX.cab O16 - DPF: {7067DEA7-8C20-4519-8615-B1829371D8B9} (CTCBWebATM Control) - https://family.chinatrust.com.tw/Web...CTCBWebATM.cab O16 - DPF: {75A89484-8152-461B-87B0-4D253259E972} (HnBkClientATM Control) - https://www.smartatm.com.tw/eatm/com...kClientATM.cab O16 - DPF: {782C3F53-C15C-11D7-9B82-0000E2384C92} (CscPki Class) - http://202.173.40.131/pland-bin/APLAND/DsWarpper.cab O16 - DPF: {7E78800E-A2D2-4F9F-A117-1A439524AFF7} (Feib Class) - https://ebank.feib.com.tw/netbank/ht...sp/FeibATM.cab O16 - DPF: {85639023-02F7-40CD-8201-736F92F70BA3} (CHINESE Class) - https://webatm.chinesebank.com.tw/CHINESEBANKATM.cab O16 - DPF: {9834A545-C06B-44B1-B007-18A452D37004} (First Class) - https://eatm.firstbank.com.tw/firstbankATM.cab O16 - DPF: {C0F4471E-DF4F-4D02-9D2D-CF33B0724A1C} (TRUSTATMPOST Control) - https://webatm.post.gov.tw/postatm/TRUSTATMPOST5.cab O16 - DPF: {C6F0A072-E757-4C8C-A8FC-BD5A49738BCC} (P7CAPI Control) - http://ntn24.intra.sinyi.com.tw/mwse...gin/P7CAPI.cab O16 - DPF: {D1373A6E-1008-4F29-BB5D-608268E036CB} (HIB_AX2005 Class) - https://eatm.hibank.com.tw/HIBEATM.CAB O16 - DPF: {EA71C52E-75B1-4A60-BCB7-48E6410FDC26} (TBBICX Control) - https://eatm.tbb.com.tw/TBBICX.cab O16 - DPF: {F0754118-706B-4E14-8ED9-96E7A18DB894} (XCSP Class) - https://netbank.esunbank.com.tw/webatm/cabs/esuncsp.cab O16 - DPF: {F9A2A26C-07E3-4B16-8787-6F6051304730} (TCB EATM Object) - https://eatm.tcb-bank.com.tw/EATM.cab O16 - DPF: {FECA83B5-8E6A-4E3E-B8FD-C2162EE722B5} (NetATM Class) - https://ebank.landbank.com.tw/EATM/TWCA.cab O17 - HKLM\System\CCS\Services\Tcpip\..\{323DD919-1CA4-4B72-982D-7696D9907268}: NameServer = 168.95.192.1 168.95.1.1 O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL O20 - AppInit_DLLs: D:\PROGRA~1\KASPER~1\KASPER~1.0\adialhk.dll O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe O23 - Service: Kaspersky Internet Security 6.0 (AVP) - Kaspersky Lab - D:\Program Files\Kaspersky Lab\Kaspersky Internet Security 6.0\avp.exe O23 - Service: BlueSoleil Hid Service - Unknown owner - D:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: Netropa NHK Server (nhksrv) - Unknown owner - C:\Program Files\Keymaestro\Multimedia Keyboard\nhksrv.exe O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe -- End of file - 17443 bytes
shear 榮譽勳章勳章總數 UID - 在線等級: 文章: n/a 精華:
	送花文章: 0, 收花文章: 0 篇, 收花: 0 次

2007-05-14, 07:32 AM	#53 (permalink)
plunderer 長老會員榮譽勳章勳章總數8 UID - 74024 在線等級: 註冊日期: 2003-05-31 文章: 1399 精華: 0 現金: 507220 金幣資產: 608580 金幣	O2 - BHO: BitComet ClickCapture - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - (no file) O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file) O3 - Toolbar: (no name) - {92B255FE-94E2-4BCA-958D-3926CE38913F} - (no file) 這些已失效, 可以修復, 其他沒甚麼問題不過 016 項的網頁 ActiveX 物件似乎多了點, 若你確定哪些是安全的, 就留著, 若不確定, 最好修復此帖於 2007-05-14 07:49 AM 被 plunderer 編輯.

	送花文章: 6, 收花文章: 575 篇, 收花: 1747 次

2007-05-14, 09:53 AM	#54 (permalink)
btofnc 榮譽勳章勳章總數 UID - 在線等級: 文章: n/a 精華:	剛重灌沒幾天就出現木馬，煩請plunderer大幫我看一下 avs的訊息看來，被感染的好像是 msdll.dll 感染的木馬是 Trojan-PSW.win32.nilage.bjn AVS的紅色框框一直跳出來，跳的我都快心臟病發了... 以下是我的hijackthis log Logfile of HijackThis v1.99.1 Scan saved at 上午 09:26:07, on 2007/5/14 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\AOL\Active Virus Shield\avp.exe C:\Program Files\Symantec\Norton Ghost 2003\GhostStartService.exe C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe C:\WINDOWS\system32\Ati2evxx.exe c:\windows\installer\services.exe C:\WINDOWS\Explorer.EXE C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe C:\WINDOWS\SOUNDMAN.EXE C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe C:\Program Files\Symantec\Norton Ghost 2003\GhostStartTrayApp.exe C:\Program Files\iTunes\iTunesHelper.exe C:\Program Files\HP\HP Software Update\HPWuSchd2.exe C:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe C:\Program Files\AOL\Active Virus Shield\avp.exe C:\Program Files\Common Files\Real\Update_OB\realsched.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\MSN Messenger\MsnMsgr.Exe C:\Program Files\iPod\bin\iPodService.exe C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe C:\Program Files\Microangelo\muamgr.exe C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe C:\WINDOWS\system32\wuauclt.exe c:\program files\common files\installshield\updateservice\isuspm.exe C:\Program Files\Common Files\InstallShield\UpdateService\agent.exe C:\Program Files\Outlook Express\msimn.exe C:\Program Files\Adobe\Adobe Illustrator CS2\Support Files\Contents\Windows\Illustrator.exe C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\Adobelm_Cleanup.0001 C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\Adobelm_Cleanup.0001 C:\Documents and Settings\Administrator\桌面\hijackthis\HijackThis.exe F2 - REG:system.ini: UserInit=c:\windows\system32\userinit.exe,c:\windows\installer\services.exe, O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file) O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: AcroIEToolbarHelper Class - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll O4 - HKLM\..\Run: [IMJPMIG8.1] C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE /Spoil /RemAdvDef /Migration32 O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe" O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start O4 - HKLM\..\Run: [GhostStartTrayApp] C:\Program Files\Symantec\Norton Ghost 2003\GhostStartTrayApp.exe O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe" O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe O4 - HKLM\..\Run: [CJIMETIPSYNC] C:\Program Files\Common Files\Microsoft Shared\IME\IMTC65\CHANGJIE\CINTLCFG.EXE /CJIMETIPSync O4 - HKLM\..\Run: [PHIMETIPSYNC] C:\Program Files\Common Files\Microsoft Shared\IME\IMTC65\PHONETIC\TINTLCFG.EXE /PHIMETIPSync O4 - HKLM\..\Run: [Acrobat Assistant 7.0] "C:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe" O4 - HKLM\..\Run: [aol] "C:\Program Files\AOL\Active Virus Shield\avp.exe" O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background O8 - Extra context menu item: Save Flash - res://C:\Program Files\UnH Solutions\Flash Saving Plugin\FlashSButton.dll/210 O8 - Extra context menu item: 匯出至 Microsoft Excel(&X) - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000 O8 - Extra context menu item: 匯出至 Microsoft Office Excel(&X) - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 O8 - Extra context menu item: 轉換到現有 PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html O8 - Extra context menu item: 轉換為 Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html O8 - Extra context menu item: 轉換連結目標到現有 PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html O8 - Extra context menu item: 轉換連結目標為 Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html O8 - Extra context menu item: 轉換選定的連結到現有 PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html O8 - Extra context menu item: 轉換選定的連結為 Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html O8 - Extra context menu item: 轉換選擇內容到現有 PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html O8 - Extra context menu item: 轉換選擇內容為 Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html O9 - Extra button: 參考資料 - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra button: Flash - {43CF38F3-5AEC-45a3-AD31-04EB06E9C6CA} - C:\Program Files\UnH Solutions\Flash Saving Plugin\FlashSButton.dll (HKCU) O17 - HKLM\System\CCS\Services\Tcpip\..\{6AA622B7-D58A-4445-8178-EEF908D73D96}: NameServer = 168.95.1.1,61.63.20.101 O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL O20 - Winlogon Notify: klogon - C:\WINDOWS\system32\klogon.dll O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe O23 - Service: Active Virus Shield (AVP) - Unknown owner - C:\Program Files\AOL\Active Virus Shield\avp.exe" -r (file missing) O23 - Service: GhostStartService - Symantec Corporation - C:\Program Files\Symantec\Norton Ghost 2003\GhostStartService.exe O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe plunderer大要麻煩你了。 ps.另外請問plunderer大，是否有hijackthis的教學呀因為一堆像 O2、O3、F2之類都看不懂說 = ="
btofnc 榮譽勳章勳章總數 UID - 在線等級: 文章: n/a 精華:
	送花文章: 0, 收花文章: 0 篇, 收花: 0 次

2007-06-02, 07:39 PM	#58 (permalink)
longshw 註冊會員榮譽勳章勳章總數 UID - 193786 在線等級: 註冊日期: 2005-05-02 VIP期限: 2007-03 文章: 33 精華: 0 現金: 49 金幣資產: 49 金幣	Logfile of Trend Micro HijackThis v2.0.0 (BETA) Scan saved at 下午 07:40:19, on 2007/6/2 Platform: Windows XP SP2 (WinNT 5.01.2600) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe C:\Program Files\Alwil Software\Avast4\ashServ.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\RTHDCPL.EXE C:\WINDOWS\system32\RunDLL32.exe C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe C:\Program Files\Google\Gmail Notifier\gnotify.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe C:\Program Files\Lavasoft\Ad-Aware SE Professional\Ad-Watch.exe C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe C:\WINDOWS\system32\nvsvc32.exe C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe C:\Program Files\Alwil Software\Avast4\ashWebSv.exe C:\WINDOWS\system32\conime.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Documents and Settings\Administrator\桌面\HiJackThis_v2.exe O2 - BHO: Yahoo! Companion BHO - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\ycomp5_6_0_1.dll O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\PROGRA~1\Skype\Phone\IEPlugin\SKYPEI~1.DLL O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll O3 - Toolbar: &Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\ycomp5_6_0_1.dll O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll O3 - Toolbar: Dr.eye WebPage Translation - {92B255FE-94E2-4BCA-958D-3926CE38913F} - C:\Program Files\Inventec\Dreye\DreyeMT\DreyeIEBar.dll O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32 O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE O4 - HKLM\..\Run: [SkyTel] SkyTel.EXE O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE O4 - HKLM\..\Run: [JMB36X IDE Setup] C:\WINDOWS\JM\JMInsIDE.exe O4 - HKLM\..\Run: [36X Raid Configurer] C:\WINDOWS\system32\JMRaidSetup.exe boot O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [nwiz] nwiz.exe /install O4 - HKLM\..\Run: [NvMediaCenter] RunDLL32.exe NvMCTray.dll,NvTaskbarInit O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe O4 - HKLM\..\Run: [PHIMETIPSYNC] C:\Program Files\Common Files\Microsoft Shared\IME\IMTC65\Phonetic\TINTLCFG.EXE /PHIMETIPSync O4 - HKLM\..\Run: [{0228e555-4f9c-4e35-a3ec-b109a192b4c2}] C:\Program Files\Google\Gmail Notifier\gnotify.exe O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\CTFMON.EXE O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe O4 - HKCU\..\Run: [AWMON] "C:\Program Files\Lavasoft\Ad-Aware SE Professional\Ad-Watch.exe" O4 - HKUS\S-1-5-19\..\Run: [ctfmon.exe] ctfmon.exe (User 'LOCAL SERVICE') O4 - HKUS\S-1-5-19\..\RunOnce: [nlpo_02] rundll32 advpack.dll,DelNodeRunDLL32 "%SystemRoot%\System32\dllcache" (User 'LOCAL SERVICE') O4 - HKUS\S-1-5-19\..\RunOnce: [nlpo_11] cmd.exe /C move /Y "%SystemRoot%\System32\syssetub.dll" "%SystemRoot%\System32\syssetup.dll" (User 'LOCAL SERVICE') O4 - HKUS\S-1-5-19\..\RunOnce: [nlpo_12] rundll32 advpack.dll,LaunchINFSection nlite.inf,nLiteReg (User 'LOCAL SERVICE') O4 - HKUS\S-1-5-19\..\RunOnce: [nlpo_13] rundll32 advpack.dll,LaunchINFSection nlite.inf,S (User 'LOCAL SERVICE') O4 - HKUS\S-1-5-20\..\Run: [ctfmon.exe] ctfmon.exe (User 'NETWORK SERVICE') O4 - HKUS\S-1-5-20\..\RunOnce: [nlpo_02] rundll32 advpack.dll,DelNodeRunDLL32 "%SystemRoot%\System32\dllcache" (User 'NETWORK SERVICE') O4 - HKUS\S-1-5-18\..\Run: [ctfmon.exe] ctfmon.exe (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [ctfmon.exe] ctfmon.exe (User 'Default user') O8 - Extra context menu item: 匯出至 Microsoft Excel(&X) - res://C:\PROGRA~1\MICROS~1\Office10\EXCEL.EXE/3000 O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\PROGRA~1\Skype\Phone\IEPlugin\SKYPEI~1.DLL O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe -- End of file - 5613 bytes 大大可以幫我看看嗎? 電腦有點問題

	送花文章: 36, 收花文章: 6 篇, 收花: 17 次

2007-06-04, 10:51 PM	#60 (permalink)
albonchang 註冊會員榮譽勳章勳章總數3 UID - 23145 在線等級: 註冊日期: 2003-01-07 VIP期限: 2010-12 住址: 台灣台北文章: 254 精華: 1 現金: 710 金幣資產: 12728 金幣	題外~~ 請問plunderer大 12KM論壇舊網址失連，可否請您提供新網址另外~~ 請問您是不是卡飯論壇跟電腦安防論壇會員?? 呵呵~這兩個論壇需要推薦如果您是可不可以請您推薦??

	送花文章: 168, 收花文章: 15 篇, 收花: 25 次

Google 提供的廣告