史萊姆論壇 - 查看單個文章

steve200116 · 2008-02-20, 11:45 PM

各位大大~麻煩你們幫我看一下我有哪裡出錯嚕~謝謝嚕

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 上午 12:53:04, on 2008/2/20
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\WINDOWS\Fonts\system\ati2evxx.EXE
C:\Documents and Settings\Administrator\motou.exe
C:\WINDOWS\FONTS\SYSTEM\DD.EXE
C:\WINDOWS\system32\calc.exe
C:\WINDOWS\SYSTEM32\CTFMON.EXE
C:\PROGRA~1\YAHOO!\MESSEN~1\ymsgr_tray.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\wdfmgr.exe
C:\Program Files\Raxco\PerfectDisk\PDSched.exe
C:\WINDOWS\System32\alg.exe
C:\PROGRAM FILES\WINDOWS MEDIA PLAYER\WMPLAYER.EXE
C:\PROGRAM FILES\INTERNET EXPLORER\IEXPLORE.EXE
C:\Program Files\Xi\NetTransport 2\NetTransport.exe
c:\hijackthis.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe

O1 - Hosts: 124.238.254.113 www.10280011.com
O1 - Hosts: 124.238.254.113 10280011.com
O1 - Hosts: 124.238.254.113 www.10289900.com
O1 - Hosts: 124.238.254.113 10289900.com
O1 - Hosts: 124.238.254.113 www.78877788.com
O1 - Hosts: 124.238.254.113 78877788.com
O1 - Hosts: 124.238.254.113 www.11051122.com
O1 - Hosts: 124.238.254.113 11051122.com
O1 - Hosts: 124.238.254.113 1.ehai01.com
O1 - Hosts: 124.238.254.113 da.ehai01.com
O1 - Hosts: 124.238.254.113 ehai01.com
O1 - Hosts: 124.238.254.113 2008.sekart.cn
O1 - Hosts: 124.238.254.113 www.sekart.cn
O1 - Hosts: 124.238.254.113 sekart.cn
O1 - Hosts: 124.238.254.113 www.11309988.com
O1 - Hosts: 124.238.254.113 www.12100088.com
O1 - Hosts: 124.238.254.113 www.12108899.com
O1 - Hosts: 124.238.254.113 d2.llsging.com
O1 - Hosts: 124.238.254.113 llsging.com
O1 - Hosts: 124.238.254.113 dd.749571.com
O1 - Hosts: 124.238.254.113 749571.com
O1 - Hosts: 124.238.254.113 pr.749571.com
O1 - Hosts: 124.238.254.113 txwm1204.com
O1 - Hosts: 124.238.254.113 www.txwm1204.com
O2 - BHO: (no name) - {471B15AD-7A9C-491D-9C19-4E15B12DCE00} - C:\Program Files\Internet Explorer\PLUGINS\NvSys_55.Sys
O2 - BHO: (no name) - {4B23A8E5-CC9C-4A15-81F3-9B902C00AF4B} - C:\Program Files\Internet Explorer\PLUGINS\NvSys_55.Sys
O2 - BHO: (no name) - {9963387B-212E-4643-B207-82DAEA0E713D} - C:\Program Files\Internet Explorer\PLUGINS\Wn_Sys8x.Sys
O2 - BHO: NTIECatcher Class - {C56CB6B0-0D96-11D6-8C65-B2868B609932} - C:\Program Files\Xi\NetTransport 2\NTIEHelper.dll
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [WinForm] C:\WINDOWS\WinForm.exE
O4 - HKLM\..\Run: [WSockDrv32] C:\WINDOWS\WSockDrv32.exe
O4 - HKLM\..\Run: [Kvsc3] C:\WINDOWS\Kvsc3.exE
O4 - HKLM\..\Run: [AVPSrv] C:\WINDOWS\AVPSrv.exE
O4 - HKLM\..\Run: [mppds] C:\WINDOWS\mppds.exe
O4 - HKLM\..\Run: [DbgHlp32] C:\WINDOWS\DbgHlp32.exe
O4 - HKLM\..\Run: [MsPrint32D] C:\WINDOWS\gzpzjq.exe
O4 - HKLM\..\Run: [upxdnd] C:\WINDOWS\upxdnd.exe
O4 - HKLM\..\Run: [cmdbcs] C:\WINDOWS\cmdbcs.exe
O4 - HKLM\..\Run: [WinSysM] C:\WINDOWS\455373M.exe
O4 - HKLM\..\Run: [MsIMMs32] C:\WINDOWS\MsIMMs32.exE
O4 - HKLM\..\Run: [PTSShell] C:\WINDOWS\PTSShell.exe
O4 - HKLM\..\Run: [LotusHlp] C:\WINDOWS\LotusHlp.exe
O4 - HKLM\..\Run: [NVDispDrv] C:\WINDOWS\vpbuhx.exe
O4 - HKLM\..\Run: [NAVMon32] C:\WINDOWS\NAVMon32.exE
O4 - HKLM\..\Run: [WINSvr32] C:\WINDOWS\WINSvr32.exE
O4 - HKLM\..\Run: [RegSrv64D] C:\WINDOWS\vxrbdy.exe
O4 - HKLM\..\Run: [WinSysW] C:\WINDOWS\455373L.exe
O4 - HKLM\..\Run: [msccrt] C:\WINDOWS\msccrt.exe
O4 - HKLM\..\Run: [SHAProc] C:\WINDOWS\SHAProc.exe
O4 - HKLM\..\Run: [TBMonEx] C:\WINDOWS\Fonts\system\ati2evxx.EXE
O4 - HKLM\..\Run: [inudhya] C:\WINDOWS\Fonts\system\soundma.exe
O4 - HKLM\..\Run: [WSockx2_32] C:\WINDOWS\ylwuyd.exe
O4 - HKLM\..\Run: [InternetExe] C:\Documents and Settings\Administrator\motou.exe
O4 - HKLM\..\Run: [kermer] C:\WINDOWS\FONTS\SYSTEM\DD.EXE
O4 - HKLM\..\Run: [kkaddmin] C:\WINDOWS\FONTS\SYSTEM\FBD.EXE
O4 - HKLM\..\Run: [SSLDyn] C:\WINDOWS\SSLDyn.exE
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Yahoo! Pager] "c:\PROGRA~1\yahoo!\MESSEN~1\YAHOOM~1.EXE" -quiet
O4 - HKLM\..\Policies\Explorer\Run: [zfyrspnum] zfyrspnum.exe
O4 - HKUS\S-1-5-19\..\Run: [ctfmon.exe] ctfmon.exe (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [ctfmon.exe] ctfmon.exe (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [ctfmon.exe] ctfmon.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [ctfmon.exe] ctfmon.exe (User 'Default user')
O8 - Extra context menu item: Foxy 下載 - res://D:\FOXY\FOXY.EXE/download.htm
O8 - Extra context menu item: Foxy 搜尋 - res://D:\FOXY\FOXY.EXE/search.htm
O8 - Extra context menu item: 使用影音傳送帶下載 - C:\Program Files\Xi\NetTransport 2\NTAddLink.html
O8 - Extra context menu item: 使用影音傳送帶下載全部連結 - C:\Program Files\Xi\NetTransport 2\NTAddList.html
O14 - IERESET.INF: START_PAGE_URL=tw.yahoo.com
O17 - HKLM\System\CCS\Services\Tcpip\..\{50EB6A61-84C5-40EE-A22C-B7755067BD13}: NameServer = 168.95.192.1 168.95.1.1
O23 - Service: 8F4CCCCD - Unknown owner - C:\WINDOWS\system32\A3BF51DF.EXE
O23 - Service: PDEngine - Raxco Software, Inc. - C:\Program Files\Raxco\PerfectDisk\PDEngine.exe
O23 - Service: PDScheduler (PDSched) - Raxco Software, Inc. - C:\Program Files\Raxco\PerfectDisk\PDSched.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - Unknown owner - C:\Program Files\WinPcap\rpcapd.exe (file missing)

--
End of file - 6007 bytes

2008-02-20, 11:45 PM	#1
steve200116 註冊會員榮譽勳章勳章總數0 UID - 293779 在線等級: 註冊日期: 2008-02-19 文章: 2 精華: 0 現金: 3 金幣資產: 3 金幣	各位大大~麻煩你們幫我看一下我有哪裡出錯嚕各位大大~麻煩你們幫我看一下我有哪裡出錯嚕~謝謝嚕 Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 上午 12:53:04, on 2008/2/20 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\csrss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\Explorer.exe C:\WINDOWS\SOUNDMAN.EXE C:\WINDOWS\Fonts\system\ati2evxx.EXE C:\Documents and Settings\Administrator\motou.exe C:\WINDOWS\FONTS\SYSTEM\DD.EXE C:\WINDOWS\system32\calc.exe C:\WINDOWS\SYSTEM32\CTFMON.EXE C:\PROGRA~1\YAHOO!\MESSEN~1\ymsgr_tray.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\wdfmgr.exe C:\Program Files\Raxco\PerfectDisk\PDSched.exe C:\WINDOWS\System32\alg.exe C:\PROGRAM FILES\WINDOWS MEDIA PLAYER\WMPLAYER.EXE C:\PROGRAM FILES\INTERNET EXPLORER\IEXPLORE.EXE C:\Program Files\Xi\NetTransport 2\NetTransport.exe c:\hijackthis.exe C:\WINDOWS\system32\wbem\wmiprvse.exe O1 - Hosts: 124.238.254.113 www.10280011.com O1 - Hosts: 124.238.254.113 10280011.com O1 - Hosts: 124.238.254.113 www.10289900.com O1 - Hosts: 124.238.254.113 10289900.com O1 - Hosts: 124.238.254.113 www.78877788.com O1 - Hosts: 124.238.254.113 78877788.com O1 - Hosts: 124.238.254.113 www.11051122.com O1 - Hosts: 124.238.254.113 11051122.com O1 - Hosts: 124.238.254.113 1.ehai01.com O1 - Hosts: 124.238.254.113 da.ehai01.com O1 - Hosts: 124.238.254.113 ehai01.com O1 - Hosts: 124.238.254.113 2008.sekart.cn O1 - Hosts: 124.238.254.113 www.sekart.cn O1 - Hosts: 124.238.254.113 sekart.cn O1 - Hosts: 124.238.254.113 www.11309988.com O1 - Hosts: 124.238.254.113 www.12100088.com O1 - Hosts: 124.238.254.113 www.12108899.com O1 - Hosts: 124.238.254.113 d2.llsging.com O1 - Hosts: 124.238.254.113 llsging.com O1 - Hosts: 124.238.254.113 dd.749571.com O1 - Hosts: 124.238.254.113 749571.com O1 - Hosts: 124.238.254.113 pr.749571.com O1 - Hosts: 124.238.254.113 txwm1204.com O1 - Hosts: 124.238.254.113 www.txwm1204.com O2 - BHO: (no name) - {471B15AD-7A9C-491D-9C19-4E15B12DCE00} - C:\Program Files\Internet Explorer\PLUGINS\NvSys_55.Sys O2 - BHO: (no name) - {4B23A8E5-CC9C-4A15-81F3-9B902C00AF4B} - C:\Program Files\Internet Explorer\PLUGINS\NvSys_55.Sys O2 - BHO: (no name) - {9963387B-212E-4643-B207-82DAEA0E713D} - C:\Program Files\Internet Explorer\PLUGINS\Wn_Sys8x.Sys O2 - BHO: NTIECatcher Class - {C56CB6B0-0D96-11D6-8C65-B2868B609932} - C:\Program Files\Xi\NetTransport 2\NTIEHelper.dll O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32 O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE O4 - HKLM\..\Run: [WinForm] C:\WINDOWS\WinForm.exE O4 - HKLM\..\Run: [WSockDrv32] C:\WINDOWS\WSockDrv32.exe O4 - HKLM\..\Run: [Kvsc3] C:\WINDOWS\Kvsc3.exE O4 - HKLM\..\Run: [AVPSrv] C:\WINDOWS\AVPSrv.exE O4 - HKLM\..\Run: [mppds] C:\WINDOWS\mppds.exe O4 - HKLM\..\Run: [DbgHlp32] C:\WINDOWS\DbgHlp32.exe O4 - HKLM\..\Run: [MsPrint32D] C:\WINDOWS\gzpzjq.exe O4 - HKLM\..\Run: [upxdnd] C:\WINDOWS\upxdnd.exe O4 - HKLM\..\Run: [cmdbcs] C:\WINDOWS\cmdbcs.exe O4 - HKLM\..\Run: [WinSysM] C:\WINDOWS\455373M.exe O4 - HKLM\..\Run: [MsIMMs32] C:\WINDOWS\MsIMMs32.exE O4 - HKLM\..\Run: [PTSShell] C:\WINDOWS\PTSShell.exe O4 - HKLM\..\Run: [LotusHlp] C:\WINDOWS\LotusHlp.exe O4 - HKLM\..\Run: [NVDispDrv] C:\WINDOWS\vpbuhx.exe O4 - HKLM\..\Run: [NAVMon32] C:\WINDOWS\NAVMon32.exE O4 - HKLM\..\Run: [WINSvr32] C:\WINDOWS\WINSvr32.exE O4 - HKLM\..\Run: [RegSrv64D] C:\WINDOWS\vxrbdy.exe O4 - HKLM\..\Run: [WinSysW] C:\WINDOWS\455373L.exe O4 - HKLM\..\Run: [msccrt] C:\WINDOWS\msccrt.exe O4 - HKLM\..\Run: [SHAProc] C:\WINDOWS\SHAProc.exe O4 - HKLM\..\Run: [TBMonEx] C:\WINDOWS\Fonts\system\ati2evxx.EXE O4 - HKLM\..\Run: [inudhya] C:\WINDOWS\Fonts\system\soundma.exe O4 - HKLM\..\Run: [WSockx2_32] C:\WINDOWS\ylwuyd.exe O4 - HKLM\..\Run: [InternetExe] C:\Documents and Settings\Administrator\motou.exe O4 - HKLM\..\Run: [kermer] C:\WINDOWS\FONTS\SYSTEM\DD.EXE O4 - HKLM\..\Run: [kkaddmin] C:\WINDOWS\FONTS\SYSTEM\FBD.EXE O4 - HKLM\..\Run: [SSLDyn] C:\WINDOWS\SSLDyn.exE O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [Yahoo! Pager] "c:\PROGRA~1\yahoo!\MESSEN~1\YAHOOM~1.EXE" -quiet O4 - HKLM\..\Policies\Explorer\Run: [zfyrspnum] zfyrspnum.exe O4 - HKUS\S-1-5-19\..\Run: [ctfmon.exe] ctfmon.exe (User 'LOCAL SERVICE') O4 - HKUS\S-1-5-20\..\Run: [ctfmon.exe] ctfmon.exe (User 'NETWORK SERVICE') O4 - HKUS\S-1-5-18\..\Run: [ctfmon.exe] ctfmon.exe (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [ctfmon.exe] ctfmon.exe (User 'Default user') O8 - Extra context menu item: Foxy 下載 - res://D:\FOXY\FOXY.EXE/download.htm O8 - Extra context menu item: Foxy 搜尋 - res://D:\FOXY\FOXY.EXE/search.htm O8 - Extra context menu item: 使用影音傳送帶下載 - C:\Program Files\Xi\NetTransport 2\NTAddLink.html O8 - Extra context menu item: 使用影音傳送帶下載全部連結 - C:\Program Files\Xi\NetTransport 2\NTAddList.html O14 - IERESET.INF: START_PAGE_URL=tw.yahoo.com O17 - HKLM\System\CCS\Services\Tcpip\..\{50EB6A61-84C5-40EE-A22C-B7755067BD13}: NameServer = 168.95.192.1 168.95.1.1 O23 - Service: 8F4CCCCD - Unknown owner - C:\WINDOWS\system32\A3BF51DF.EXE O23 - Service: PDEngine - Raxco Software, Inc. - C:\Program Files\Raxco\PerfectDisk\PDEngine.exe O23 - Service: PDScheduler (PDSched) - Raxco Software, Inc. - C:\Program Files\Raxco\PerfectDisk\PDSched.exe O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - Unknown owner - C:\Program Files\WinPcap\rpcapd.exe (file missing) -- End of file - 6007 bytes

	送花文章: 0, 收花文章: 0 篇, 收花: 0 次