史萊姆論壇 - 查看單個文章

capalla626 · 2008-05-20, 11:43 AM

--------------------
閱讀本主題的最佳解答
--------------------

以下是我用貴站的HiJack this軟體分析出來的檔案，不知到底是哪裡有問題，麻煩各位大大幫忙指導一下：(感激不盡)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 下午 02:17:27, on 2008/5/19
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\windows\System32\smss.exe
C:\windows\system32\winlogon.exe
C:\windows\system32\services.exe
C:\windows\system32\lsass.exe
C:\windows\system32\svchost.exe
C:\windows\System32\svchost.exe
C:\windows\system32\spoolsv.exe
D:\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe
C:\windows\system32\nvsvc32.exe
D:\S.W\SolidWorks SolidNetWork License Manager\lmgrd.exe
C:\windows\system32\svchost.exe
D:\S.W\SolidWorks SolidNetWork License Manager\SW_D.EXE
C:\windows\system32\wscntfy.exe
C:\windows\System32\dllcache\explorer.exe
C:\windows\system32\RunDll32.exe
D:\ASUS\Asus Probe\AsusProb.exe
D:\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe
D:\BeatTrojan2008\BeatTrojanMon.exe
C:\windows\system32\RUNDLL32.EXE
C:\windows\system32\ctfmon.exe
C:\windows\System32\svchost.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\Admin\桌面\HiJackThis.exe

O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - D:\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: Dr.eye WebPage Translation - {92B255FE-94E2-4BCA-958D-3926CE38913F} - D:\Inventec\Dreye\DreyeMT\DreyeIEBar.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - D:\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll
O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
O4 - HKLM\..\Run: [ASUS Probe] d:\ASUS\Asus Probe\AsusProb.exe
O4 - HKLM\..\Run: [AVP] "D:\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe"
O4 - HKLM\..\Run: [BeatTrojan] D:\BeatTrojan2008\BeatTrojanMon.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKCU\..\Run: [ctfmon.exe] C:\windows\system32\ctfmon.exe
O4 - HKUS\S-1-5-19\..\Run: [ctfmon.exe] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [ctfmon.exe] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O8 - Extra context menu item: 加入到廣告橫幅防護 - D:\Kaspersky Lab\Kaspersky Internet Security 7.0\ie_banner_deny.htm
O8 - Extra context menu item: 匯出至 Microsoft Excel(&X) - res://D:\MICROS~1\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: 解除透明圖封鎖 - C:\Documents and Settings\Admin\桌面\dbe2007\dbe2007\CxtMenu\mnuHide.ht
O8 - Extra context menu item: 轉換為 Adobe PDF - res://D:\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: 轉換連結目標到現有 PDF - res://D:\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: 轉換連結目標為 Adobe PDF - res://D:\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: 轉換選定的連結到現有 PDF - res://D:\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: 轉換選定的連結為 Adobe PDF - res://D:\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: 轉換選擇內容到現有 PDF - res://D:\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: 轉換選擇內容為 Adobe PDF - res://D:\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: 附加至現有 PDF - res://D:\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O23 - Service: Kaspersky Internet Security 7.0 (AVP) - Kaspersky Lab - D:\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Macromedia Licensing Service - Unknown owner - C:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe
O23 - Service: WinFast(R) Display Driver Service (NVSvc) - NVIDIA Corporation - C:\windows\system32\nvsvc32.exe
O23 - Service: SolidWorks SolidNetWork License Manager - Macrovision Corporation - D:\S.W\SolidWorks SolidNetWork License Manager\lmgrd.exe
O23 - Service: 木馬清除大師即時監控 - Unknown owner - D:\BeatTrojan2008\BeatTrojanSvc.exe

--
End of file - 4558 bytes

P.S：我想請問一下這套Hijack this軟體的功能是什麼？怎麼用了之後我的網際網路選項變的怪怪的(如下圖示)

http://i289.photobucket.com/albums/ll205/capalla626/1.gif

以下是卡巴斯基偵測到的結果，刪除後只要重新開機又會出現

http://i289.photobucket.com/albums/ll205/capalla626/2-1.gif

2008-05-20, 11:43 AM	#1
capalla626 註冊會員榮譽勳章勳章總數0 UID - 301021 在線等級: 註冊日期: 2008-05-18 文章: 27 精華: 0 現金: 45 金幣資產: 45 金幣	電腦中毒怎麼掃都清不掉？ -------------------- 閱讀本主題的最佳解答 -------------------- 以下是我用貴站的HiJack this軟體分析出來的檔案，不知到底是哪裡有問題，麻煩各位大大幫忙指導一下：(感激不盡) Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 下午 02:17:27, on 2008/5/19 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Boot mode: Normal Running processes: C:\windows\System32\smss.exe C:\windows\system32\winlogon.exe C:\windows\system32\services.exe C:\windows\system32\lsass.exe C:\windows\system32\svchost.exe C:\windows\System32\svchost.exe C:\windows\system32\spoolsv.exe D:\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe C:\windows\system32\nvsvc32.exe D:\S.W\SolidWorks SolidNetWork License Manager\lmgrd.exe C:\windows\system32\svchost.exe D:\S.W\SolidWorks SolidNetWork License Manager\SW_D.EXE C:\windows\system32\wscntfy.exe C:\windows\System32\dllcache\explorer.exe C:\windows\system32\RunDll32.exe D:\ASUS\Asus Probe\AsusProb.exe D:\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe D:\BeatTrojan2008\BeatTrojanMon.exe C:\windows\system32\RUNDLL32.EXE C:\windows\system32\ctfmon.exe C:\windows\System32\svchost.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Documents and Settings\Admin\桌面\HiJackThis.exe O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file) O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - D:\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll O3 - Toolbar: Dr.eye WebPage Translation - {92B255FE-94E2-4BCA-958D-3926CE38913F} - D:\Inventec\Dreye\DreyeMT\DreyeIEBar.dll O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - D:\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd O4 - HKLM\..\Run: [ASUS Probe] d:\ASUS\Asus Probe\AsusProb.exe O4 - HKLM\..\Run: [AVP] "D:\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe" O4 - HKLM\..\Run: [BeatTrojan] D:\BeatTrojan2008\BeatTrojanMon.exe O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit O4 - HKCU\..\Run: [ctfmon.exe] C:\windows\system32\ctfmon.exe O4 - HKUS\S-1-5-19\..\Run: [ctfmon.exe] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE') O4 - HKUS\S-1-5-20\..\Run: [ctfmon.exe] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE') O8 - Extra context menu item: 加入到廣告橫幅防護 - D:\Kaspersky Lab\Kaspersky Internet Security 7.0\ie_banner_deny.htm O8 - Extra context menu item: 匯出至 Microsoft Excel(&X) - res://D:\MICROS~1\Office10\EXCEL.EXE/3000 O8 - Extra context menu item: 解除透明圖封鎖 - C:\Documents and Settings\Admin\桌面\dbe2007\dbe2007\CxtMenu\mnuHide.ht O8 - Extra context menu item: 轉換為 Adobe PDF - res://D:\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html O8 - Extra context menu item: 轉換連結目標到現有 PDF - res://D:\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html O8 - Extra context menu item: 轉換連結目標為 Adobe PDF - res://D:\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html O8 - Extra context menu item: 轉換選定的連結到現有 PDF - res://D:\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html O8 - Extra context menu item: 轉換選定的連結為 Adobe PDF - res://D:\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html O8 - Extra context menu item: 轉換選擇內容到現有 PDF - res://D:\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html O8 - Extra context menu item: 轉換選擇內容為 Adobe PDF - res://D:\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html O8 - Extra context menu item: 附加至現有 PDF - res://D:\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html O23 - Service: Kaspersky Internet Security 7.0 (AVP) - Kaspersky Lab - D:\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe O23 - Service: Macromedia Licensing Service - Unknown owner - C:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe O23 - Service: WinFast(R) Display Driver Service (NVSvc) - NVIDIA Corporation - C:\windows\system32\nvsvc32.exe O23 - Service: SolidWorks SolidNetWork License Manager - Macrovision Corporation - D:\S.W\SolidWorks SolidNetWork License Manager\lmgrd.exe O23 - Service: 木馬清除大師即時監控 - Unknown owner - D:\BeatTrojan2008\BeatTrojanSvc.exe -- End of file - 4558 bytes P.S：我想請問一下這套Hijack this軟體的功能是什麼？怎麼用了之後我的網際網路選項變的怪怪的(如下圖示) 以下是卡巴斯基偵測到的結果，刪除後只要重新開機又會出現此帖於 2008-05-20 01:52 PM 被 capalla626 編輯.

	送花文章: 12, 收花文章: 5 篇, 收花: 9 次