史萊姆論壇 - 查看單個文章

lanstiva · 2008-07-22, 09:51 PM

^^|||真不好意思，我再弄了一次，這個是用版主說的那軟體掃出來的，煩請版主與各位朋友幫我

瞧瞧看，謝謝你們～
==================
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 下午 21:51:33, on 2008/7/22
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.5730.0013)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
e:\h-download\svohost\svohost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Stardock\CursorFX\CursorFX.exe
D:\A-TOOL\D-免安裝軟體\=RocketDock-v1.3.5=\RocketDock.exe
D:\A-TOOL\D-免安裝軟體\13-Atomic Alarm Clock 5.6\AtomicAlarmClock.exe
C:\Program Files\SRS Labs\Audio Sandbox\SRSSSC.exe
D:\A-TOOL\D-免安裝軟體\12-ATnotes v9.5\ATnotes.exe
D:\A-TOOL\D-免安裝軟體\=Stardock ObjectDock.Plus.v1.90.53=\Stardock\ObjectDock\ObjectDock.exe
D:\A-TOOL\D-免安裝軟體\=TurboLaunch 5.0.8=\TurboLaunch.exe
C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe
C:\WINDOWS\system32\oodag.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\UPHClean\uphclean.exe
D:\A-TOOL\D-免安裝軟體\00-VMware 6.0.3-80004\vmware-authd.exe
D:\A-TOOL\D-免安裝軟體\=瀏覽器=\GreenBrowser 4.6.0606\GreenBrowser.exe
C:\WINDOWS\system32\NOTEPAD.EXE
E:\H-DOWNLOAD\HijackThis.exe

F2 - REG:system.ini: UserInit=c:\windows\system32\userinit.exe,,un userinit.exe,"e:\h-download\svohost\svohost.exe" un userinit.exe
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O3 - Toolbar: CyberArticle Express - {769A6A36-ED24-4376-BC7C-80225BF35698} - C:\Program Files\CyberArticle\CAExp.dll
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [AVP] "C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\RunOnce: [WIAWizardMenu] RUNDLL32.EXE C:\WINDOWS\system32\sti_ci.dll,WiaCreateWizardMenu
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [CursorFX] "C:\Program Files\Stardock\CursorFX\CursorFX.exe"
O4 - HKCU\..\Run: [RocketDock] "D:\A-TOOL\D-免安裝軟體\=RocketDock-v1.3.5=\RocketDock.exe"
O4 - HKCU\..\Run: [SkinClock] D:\A-TOOL\D-免安裝軟體\13-Atomic Alarm Clock 5.6\AtomicAlarmClock.exe
O4 - HKCU\..\Run: [SRS Audio Sandbox] "C:\Program Files\SRS Labs\Audio Sandbox\SRSSSC.exe" /hideme
O4 - HKCU\..\Run: [ATnotes.exe] D:\A-TOOL\D-免安裝軟體\12-ATnotes v9.5\ATnotes.exe
O4 - HKUS\S-1-5-19\..\RunOnce: [nltide_2] regsvr32 /s /n /i:U shell32 (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\RunOnce: [nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [nltide_2] regsvr32 /s /n /i:U shell32 (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\RunOnce: [nltide_2] regsvr32 /s /n /i:U shell32 (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\RunOnce: [nltide_2] regsvr32 /s /n /i:U shell32 (User 'Default user')
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O8 - Extra context menu item: 使用 BitSpirit 下載(&B) - D:\A-TOOL\A-P2P\BitSpiritV3.3.2.252\bsurl.htm
O8 - Extra context menu item: 加入到廣告橫幅防護 - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\ie_banner_deny.htm
O8 - Extra context menu item: 用CyberArticle儲存:完整網頁... - C:\Program Files\CyberArticle\script\Save.htm
O8 - Extra context menu item: 用CyberArticle儲存:更多儲存選項... - C:\Program Files\CyberArticle\script\SaveAuto.htm
O8 - Extra context menu item: 複製圖片網址 - D:\A-TOOL\D-免安裝軟體\=瀏覽器=\GreenBrowser 4.6.0606\外掛-複製圖片網址-CopyImageUrl\CopyImageUrl.htm
O8 - Extra context menu item: 複製圖片網址 BBCode - D:\A-TOOL\D-免安裝軟體\=瀏覽器=\GreenBrowser 4.6.0606\外掛-複製圖片網址-CopyImageUrl\CopyImageUrlBbcode.htm
O8 - Extra context menu item: 設為 Messenger Live 頭像 - \SetMSNDP.htm
O8 - Extra context menu item: 轉換成簡體中文(&S) - res://C:\WINDOWS\system32\tcscconv.dll/tosimp
O8 - Extra context menu item: 轉換成繁體中文(&T) - res://C:\WINDOWS\system32\tcscconv.dll/totrad
O9 - Extra button: 網頁病毒防護統計 - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\SCIEPlgn.dll
O9 - Extra 'Tools' menuitem: 網頁病毒防護統計 - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\SCIEPlgn.dll
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra 'Tools' menuitem: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O15 - ESC Trusted Zone: http://*.update.microsoft.com
O17 - HKLM\System\CCS\Services\Tcpip\..\{54CFE1CA-3D6E-451D-B64B-D44FF56A61C5}: NameServer = 168.95.192.1 168.95.1.1
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - AppInit_DLLs: C:\PROGRA~1\KASPER~1\KASPER~1.0\adialhk.dll
O20 - Winlogon Notify: Antiwpa - C:\WINDOWS\SYSTEM32\antiwpa.dll
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: Kaspersky Internet Security 7.0 (AVP) - Kaspersky Lab - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe
O23 - Service: O&O Defrag - O&O Software GmbH - C:\WINDOWS\system32\oodag.exe
O23 - Service: VMware Authorization Service (VMAuthdService) - Unknown owner - D:\A-TOOL\D-免安裝軟體\00-VMware 6.0.3-80004\vmware-authd.exe (file missing)

--
End of file - 6638 bytes
========================

2008-07-22, 09:51 PM	#5 (permalink)
lanstiva 註冊會員榮譽勳章勳章總數0 UID - 286869 在線等級: 註冊日期: 2007-11-27 文章: 104 精華: 0 現金: 168 金幣資產: 168 金幣	^^\|\|\|真不好意思，我再弄了一次，這個是用版主說的那軟體掃出來的，煩請版主與各位朋友幫我瞧瞧看，謝謝你們～ ================== Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 下午 21:51:33, on 2008/7/22 Platform: Windows XP SP3 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.5730.0013) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\Explorer.EXE e:\h-download\svohost\svohost.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Stardock\CursorFX\CursorFX.exe D:\A-TOOL\D-免安裝軟體\=RocketDock-v1.3.5=\RocketDock.exe D:\A-TOOL\D-免安裝軟體\13-Atomic Alarm Clock 5.6\AtomicAlarmClock.exe C:\Program Files\SRS Labs\Audio Sandbox\SRSSSC.exe D:\A-TOOL\D-免安裝軟體\12-ATnotes v9.5\ATnotes.exe D:\A-TOOL\D-免安裝軟體\=Stardock ObjectDock.Plus.v1.90.53=\Stardock\ObjectDock\ObjectDock.exe D:\A-TOOL\D-免安裝軟體\=TurboLaunch 5.0.8=\TurboLaunch.exe C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe C:\WINDOWS\system32\oodag.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\UPHClean\uphclean.exe D:\A-TOOL\D-免安裝軟體\00-VMware 6.0.3-80004\vmware-authd.exe D:\A-TOOL\D-免安裝軟體\=瀏覽器=\GreenBrowser 4.6.0606\GreenBrowser.exe C:\WINDOWS\system32\NOTEPAD.EXE E:\H-DOWNLOAD\HijackThis.exe F2 - REG:system.ini: UserInit=c:\windows\system32\userinit.exe,,un userinit.exe,"e:\h-download\svohost\svohost.exe" un userinit.exe O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file) O3 - Toolbar: CyberArticle Express - {769A6A36-ED24-4376-BC7C-80225BF35698} - C:\Program Files\CyberArticle\CAExp.dll O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32 O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe O4 - HKLM\..\Run: [AVP] "C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe" O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\RunOnce: [WIAWizardMenu] RUNDLL32.EXE C:\WINDOWS\system32\sti_ci.dll,WiaCreateWizardMenu O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [CursorFX] "C:\Program Files\Stardock\CursorFX\CursorFX.exe" O4 - HKCU\..\Run: [RocketDock] "D:\A-TOOL\D-免安裝軟體\=RocketDock-v1.3.5=\RocketDock.exe" O4 - HKCU\..\Run: [SkinClock] D:\A-TOOL\D-免安裝軟體\13-Atomic Alarm Clock 5.6\AtomicAlarmClock.exe O4 - HKCU\..\Run: [SRS Audio Sandbox] "C:\Program Files\SRS Labs\Audio Sandbox\SRSSSC.exe" /hideme O4 - HKCU\..\Run: [ATnotes.exe] D:\A-TOOL\D-免安裝軟體\12-ATnotes v9.5\ATnotes.exe O4 - HKUS\S-1-5-19\..\RunOnce: [nltide_2] regsvr32 /s /n /i:U shell32 (User 'LOCAL SERVICE') O4 - HKUS\S-1-5-19\..\RunOnce: [nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'LOCAL SERVICE') O4 - HKUS\S-1-5-20\..\RunOnce: [nltide_2] regsvr32 /s /n /i:U shell32 (User 'NETWORK SERVICE') O4 - HKUS\S-1-5-18\..\RunOnce: [nltide_2] regsvr32 /s /n /i:U shell32 (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\RunOnce: [nltide_2] regsvr32 /s /n /i:U shell32 (User 'Default user') O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present O8 - Extra context menu item: 使用 BitSpirit 下載(&B) - D:\A-TOOL\A-P2P\BitSpiritV3.3.2.252\bsurl.htm O8 - Extra context menu item: 加入到廣告橫幅防護 - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\ie_banner_deny.htm O8 - Extra context menu item: 用CyberArticle儲存:完整網頁... - C:\Program Files\CyberArticle\script\Save.htm O8 - Extra context menu item: 用CyberArticle儲存:更多儲存選項... - C:\Program Files\CyberArticle\script\SaveAuto.htm O8 - Extra context menu item: 複製圖片網址 - D:\A-TOOL\D-免安裝軟體\=瀏覽器=\GreenBrowser 4.6.0606\外掛-複製圖片網址-CopyImageUrl\CopyImageUrl.htm O8 - Extra context menu item: 複製圖片網址 BBCode - D:\A-TOOL\D-免安裝軟體\=瀏覽器=\GreenBrowser 4.6.0606\外掛-複製圖片網址-CopyImageUrl\CopyImageUrlBbcode.htm O8 - Extra context menu item: 設為 Messenger Live 頭像 - \SetMSNDP.htm O8 - Extra context menu item: 轉換成簡體中文(&S) - res://C:\WINDOWS\system32\tcscconv.dll/tosimp O8 - Extra context menu item: 轉換成繁體中文(&T) - res://C:\WINDOWS\system32\tcscconv.dll/totrad O9 - Extra button: 網頁病毒防護統計 - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\SCIEPlgn.dll O9 - Extra 'Tools' menuitem: 網頁病毒防護統計 - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\SCIEPlgn.dll O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll O9 - Extra 'Tools' menuitem: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll O9 - Extra button: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O15 - ESC Trusted Zone: http://*.update.microsoft.com O17 - HKLM\System\CCS\Services\Tcpip\..\{54CFE1CA-3D6E-451D-B64B-D44FF56A61C5}: NameServer = 168.95.192.1 168.95.1.1 O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL O20 - AppInit_DLLs: C:\PROGRA~1\KASPER~1\KASPER~1.0\adialhk.dll O20 - Winlogon Notify: Antiwpa - C:\WINDOWS\SYSTEM32\antiwpa.dll O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\system32\Ati2evxx.exe O23 - Service: Kaspersky Internet Security 7.0 (AVP) - Kaspersky Lab - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe O23 - Service: O&O Defrag - O&O Software GmbH - C:\WINDOWS\system32\oodag.exe O23 - Service: VMware Authorization Service (VMAuthdService) - Unknown owner - D:\A-TOOL\D-免安裝軟體\00-VMware 6.0.3-80004\vmware-authd.exe (file missing) -- End of file - 6638 bytes ========================

	送花文章: 68, 收花文章: 29 篇, 收花: 40 次