主題: 中了不知名的木馬?
查看單個文章
舊 2008-05-02, 09:50 AM   #1
john0720 帥哥
長老會員
 
john0720 的頭像
榮譽勳章
UID - 23494
在線等級: 級別:14 | 在線時長:277小時 | 升級還需:8小時級別:14 | 在線時長:277小時 | 升級還需:8小時級別:14 | 在線時長:277小時 | 升級還需:8小時級別:14 | 在線時長:277小時 | 升級還需:8小時
註冊日期: 2003-01-08
VIP期限: 2010-11
住址: Brunei.K.B
文章: 444
精華: 0
現金: 152 金幣
資產: 15326 金幣
Question 中了不知名的木馬?


請問該如何處理?
我是用Kaspersky 6.0.1.411
謝謝!


Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 上午 09:45:20, on 2008/5/2
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16640)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\Kaspersky Internet Security 6.0\Kaspersky Internet Security 6.0\avp.exe
C:\Program Files\Kaspersky Internet Security 6.0\Kaspersky Internet Security 6.0\avp.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Microsoft Chinese Date & Time\ICalClk.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
C:\WINDOWS\system32\IoctlSvc.exe
C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\alg.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\Program Files\BitComet\BitComet.exe
C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe
C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
E:\Tool\HiJackThis.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe

O2 - BHO: Thunder AtOnce - {01443AEC-0FD1-40fd-9C87-E93D1494C233} - E:\Tool\(2) 下載軟體\迅雷 Thunder v5.7.5.421 去廣告優化繁體中文免安裝版下載 Bandongo 好利器-迅雷 Thunder v5.7.5.421 請多加利用,可同時多線下載\ComDlls\TDAtOnce_Now.dll (file missing)
O2 - BHO: BitComet ClickCapture - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - C:\Program Files\BitComet\tools\BitCometBHO_1.2.1.2.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: ThunderBHO - {889D2FEB-5411-4565-8998-1DD2C5261283} - E:\Tool\(2) 下載軟體\迅雷 Thunder v5.7.5.421 去廣告優化繁體中文免安裝版下載 Bandongo 好利器-迅雷 Thunder v5.7.5.421 請多加利用,可同時多線下載\ComDlls\xunleiBHO_Now.dll (file missing)
O2 - BHO: Windows Live 登入小幫手 - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O2 - BHO: 超級兔子上網精靈 - {FEDF637B-F631-4583-A210-33CC828D42DB} - (no file)
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - (no file)
O3 - Toolbar: StumbleUpon Toolbar - {5093EB4C-3E93-40AB-9266-B607BA87BDC8} - (no file)
O3 - Toolbar: 超級兔子上網精靈 - {FEDF637B-F631-4583-A210-33CC828D42DB} - (no file)
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [AVP] "C:\Program Files\Kaspersky Internet Security 6.0\Kaspersky Internet Security 6.0\avp.exe"
O4 - HKLM\..\Run: [RutenAlert] D:\拍賣\RutenAlert\RutenAlert.exe
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Nero\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [NBKeyScan] "C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [AlcoholAutomount] "C:\Program Files\Alcohol Soft\Alcohol 120\axcmd.exe" /automount
O4 - HKCU\..\Run: [MSCalsClocks] C:\Program Files\Microsoft Chinese Date & Time\ICalClk.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKUS\S-1-5-19\..\Run: [ctfmon.exe] ctfmon.exe (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\RunOnce: [nltide3] cmd.exe /C rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\RunOnce: [nltide2] cmd.exe /C rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,L,,4,N (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [ctfmon.exe] ctfmon.exe (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [nltide3] cmd.exe /C rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [ctfmon.exe] ctfmon.exe (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunOnce: [nltide3] cmd.exe /C rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [ctfmon.exe] ctfmon.exe (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunOnce: [nltide3] cmd.exe /C rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'Default user')
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: &使用BitComet下載本頁視訊 - res://C:\Program Files\BitComet\BitComet.exe/AddVideo.htm
O8 - Extra context menu item: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx
O8 - Extra context menu item: 使用BitComet下載全部連結 - res://C:\Program Files\BitComet\BitComet.exe/AddAllLink.htm
O8 - Extra context menu item: 使用BitComet下載連結(&B) - res://C:\Program Files\BitComet\BitComet.exe/AddLink.htm
O8 - Extra context menu item: 使用迅雷下載 - E:\Tool\(2) 下載軟體\迅雷 Thunder v5.7.5.421 去廣告優化繁體中文免安裝版下載 Bandongo 好利器-迅雷 Thunder v5.7.5.421 請多加利用,可同時多線下載\Program\geturl.htm
O8 - Extra context menu item: 使用迅雷下載全部鏈接 - E:\Tool\(2) 下載軟體\迅雷 Thunder v5.7.5.421 去廣告優化繁體中文免安裝版下載 Bandongo 好利器-迅雷 Thunder v5.7.5.421 請多加利用,可同時多線下載\Program\getallurl.htm
O8 - Extra context menu item: 匯出至 Microsoft Office Excel(&X) - res://C:\PROGRA~1\MICROS~1\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: 新增到廣告 - C:\Program Files\Kaspersky Internet Security 6.0\Kaspersky Internet Security 6.0\ie_banner_deny.htm
O9 - Extra button: BitComet - {D18A0B52-D63C-4ed0-AFC6-C1E3DC1AF43A} - res://C:\Program Files\BitComet\tools\BitCometBHO_1.2.1.2.dll/206 (file missing)
O9 - Extra button: Shock Snap - {00E96942-13B7-46D5-829A-E2EC469159DC} - E:\Tool\Shock Snap v1.71 繁體中文免安裝版 - 圖像捕捉程式\\ssl.exe (file missing) (HKCU)
O9 - Extra 'Tools' menuitem: Shock Snap - {00E96942-13B7-46D5-829A-E2EC469159DC} - E:\Tool\Shock Snap v1.71 繁體中文免安裝版 - 圖像捕捉程式\\ssl.exe (file missing) (HKCU)
O15 - ESC Trusted Zone: http://*.update.microsoft.com
O20 - AppInit_DLLs: "C:\PROGRA~1\KASPER~1.0\KASPER~1.0\adialhk.dll"
O23 - Service: Kaspersky Internet Security 6.0 (AVP) - Kaspersky Lab - C:\Program Files\Kaspersky Internet Security 6.0\Kaspersky Internet Security 6.0\avp.exe
O23 - Service: Google Updater Service (gusvc) - Unknown owner - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe (file missing)
O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
O23 - Service: PLFlash DeviceIoControl Service - Prolific Technology Inc. - C:\WINDOWS\system32\IoctlSvc.exe
O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\pctsAuxs.exe
O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\pctsSvc.exe
O23 - Service: StarWind AE Service (StarWindServiceAE) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
O23 - Service: wwinrdoo (wwinrdo) - Unknown owner - C:\WINDOWS\system32\wwinrdoo.com.exe (file missing)

--
End of file - 7555 bytes
__________________


http://tw.search.bid.yahoo.com/searc...D1%A8%CF%AB%CE
john0720 目前離線  
送花文章: 480, 收花文章: 83 篇, 收花: 287 次
回覆時引用此帖