史萊姆論壇 - 查看單個文章 - 電腦白痴shimano中毒請求協助part1-2

shimano · 2009-12-04, 10:39 PM

各位大大,我的電腦中毒了,原本是用vista系統,前二天要去請坊間可以重灌時,將備份的資料存入了一個隨身硬碟裡,結果可能是這樣就掃了一堆毒出來,公司重灌了xp 系統,我的系統資料如下:microsoft windows xp professional version 2002 service pack3 電腦intel(r) core(tm) 2 duo cpu e7200 @2.5ghz 2.53ghz,1.99gb的ram
授權給 test user test computer 76483-640-08***925-****** 對不起第一次發文,我又是個對電腦系統不了解的女生,以上資料如果有不必要的資訊,也請見諒,因我想說,也許這些資料或許對我的問題的解決有些許幫助.
以下是我用版內軟體掃描過後的資料,請各位幫我判讀一下,並且告訴我應該如何處理,念在我是電腦白痴,請各位用詳細的解說跟步驟教導我處理,如果真的不行,那告訴我重灌也没關係,只是我想知道我究竟是那裡出錯了,我下次使用電腦時會更改我的習慣,儘量避免同樣的事情發生.shimno在此先謝謝大家撥空的協助!
前二天電腦公司幫我裝的防毒軟體是"avast"4.8專業版以及vrdb病毒復原資料庫,我每次都會做更新,但那個vrdb我不知道如何使用.

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 下午 09:13:35, on 2009/12/4
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.5730.0013)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\ESW\Master.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\cisvc.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\Windows Live\Contacts\wlcomm.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\cidaemon.exe
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\SCT9OWU0\HiJackThis[1].exe

R3 - URLSearchHook: Yahoo!奇摩捷徑列 - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: Windows Live 登入小幫手 - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O3 - Toolbar: Yahoo!奇摩捷徑列 - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKUS\S-1-5-19\..\Run: [ctfmon.exe] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\RunOnce: [nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [ctfmon.exe] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [ctfmon.exe] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunOnce: [nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [ctfmon.exe] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunOnce: [nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'Default user')
O8 - Extra context menu item: 匯出至 Microsoft Excel(&X) - res://C:\PROGRA~1\MICROS~1\Office12\EXCEL.EXE/3000
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~1\Office12\REFIEBAR.DLL
O9 - Extra button: 網路ATM服務 - {E1056C34-E994-4CF9-AD0A-5BFE96747F8C} - C:\ESW\GoEzoZone.exe
O9 - Extra 'Tools' menuitem: 網路ATM服務 - {E1056C34-E994-4CF9-AD0A-5BFE96747F8C} - C:\ESW\GoEzoZone.exe
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O15 - Trusted Zone: http://*.tsc.com.tw
O15 - Trusted Zone: http://www.ctc.url.tw
O15 - Trusted IP range: http://59.125.12.150
O15 - ESC Trusted Zone: http://*.update.microsoft.com
O16 - DPF: {11B27AD7-BF74-4C5F-99E3-FBB1764D7863} (DisFisc Control) - https://eatm.chb.com.tw/DisFiscOcx.cab
O16 - DPF: {4FCDEAB8-B28E-47E7-8EB5-9260FC173565} (JSwebATM Class) - https://webatm.jihsunbank.com.tw/JSwebATM.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsu...?1259330568484
O16 - DPF: {650BBB86-3D77-49BA-A4B2-2455E44EB031} (PasswordMD5ClientCOMCtrl Class) - https://netbank.chb.com.tw/Security/...5ClientCOM.cab
O16 - DPF: {88B8A9C7-10A1-4535-8EEB-0D875349E5B8} (SendOrder Class) - https://trade.tsc.com.tw/ekey/cab/axekey.cab
O16 - DPF: {8F566902-147A-450F-A492-357155B73836} (DirObj Class) - https://trade.tsc.com.tw/ekey/cab/getdir.cab
O16 - DPF: {9D10CDAC-AD9D-478A-BA49-4924481B20A6} (EnvDetect Class) - http://www.tsc.com.tw/service/CGEnvDetectATL.cab
O16 - DPF: {D431F24F-0D8A-43A2-AB0D-FF6F27DE95A8} (PasswordClientCOMCtrl Class) - https://netbank.chb.com.tw/Security/...dClientCOM.cab
O16 - DPF: {EB8D26BA-9A4C-444C-80D1-1B544F68D797} (XMLSignatureClientCOMCtrl Class) - https://netbank.chb.com.tw/Security/...eClientCOM.cab
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - CACE Technologies - C:\Program Files\WinPcap\rpcapd.exe

--
End of file - 5971 bytes

2009-12-04, 10:39 PM	#1
shimano 註冊會員榮譽勳章勳章總數0 UID - 334034 在線等級: 註冊日期: 2009-12-03 文章: 9 精華: 0 現金: 16 金幣資產: 16 金幣	電腦白痴shimano中毒請求協助part1-2 各位大大,我的電腦中毒了,原本是用vista系統,前二天要去請坊間可以重灌時,將備份的資料存入了一個隨身硬碟裡,結果可能是這樣就掃了一堆毒出來,公司重灌了xp 系統,我的系統資料如下:microsoft windows xp professional version 2002 service pack3 電腦intel(r) core(tm) 2 duo cpu e7200 @2.5ghz 2.53ghz,1.99gb的ram 授權給 test user test computer 76483-640-08*925-**** 對不起第一次發文,我又是個對電腦系統不了解的女生,以上資料如果有不必要的資訊,也請見諒,因我想說,也許這些資料或許對我的問題的解決有些許幫助. 以下是我用版內軟體掃描過後的資料,請各位幫我判讀一下,並且告訴我應該如何處理,念在我是電腦白痴,請各位用詳細的解說跟步驟教導我處理,如果真的不行,那告訴我重灌也没關係,只是我想知道我究竟是那裡出錯了,我下次使用電腦時會更改我的習慣,儘量避免同樣的事情發生.shimno在此先謝謝大家撥空的協助! 前二天電腦公司幫我裝的防毒軟體是"avast"4.8專業版以及vrdb病毒復原資料庫,我每次都會做更新,但那個vrdb我不知道如何使用. Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 下午 09:13:35, on 2009/12/4 Platform: Windows XP SP3 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.5730.0013) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe C:\Program Files\Alwil Software\Avast4\ashServ.exe C:\WINDOWS\Explorer.EXE C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Windows Live\Messenger\msnmsgr.exe C:\ESW\Master.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\system32\cisvc.exe C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe C:\Program Files\Alwil Software\Avast4\ashWebSv.exe C:\Program Files\Windows Live\Contacts\wlcomm.exe C:\Program Files\Internet Explorer\iexplore.exe C:\WINDOWS\system32\cidaemon.exe C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\SCT9OWU0\HiJackThis[1].exe R3 - URLSearchHook: Yahoo!奇摩捷徑列 - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file) O2 - BHO: Windows Live 登入小幫手 - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O3 - Toolbar: Yahoo!奇摩捷徑列 - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32 O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe" O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background O4 - HKUS\S-1-5-19\..\Run: [ctfmon.exe] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE') O4 - HKUS\S-1-5-19\..\RunOnce: [nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'LOCAL SERVICE') O4 - HKUS\S-1-5-20\..\Run: [ctfmon.exe] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE') O4 - HKUS\S-1-5-20\..\RunOnce: [nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'NETWORK SERVICE') O4 - HKUS\S-1-5-18\..\Run: [ctfmon.exe] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\S-1-5-18\..\RunOnce: [nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [ctfmon.exe] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user') O4 - HKUS\.DEFAULT\..\RunOnce: [nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'Default user') O8 - Extra context menu item: 匯出至 Microsoft Excel(&X) - res://C:\PROGRA~1\MICROS~1\Office12\EXCEL.EXE/3000 O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~1\Office12\REFIEBAR.DLL O9 - Extra button: 網路ATM服務 - {E1056C34-E994-4CF9-AD0A-5BFE96747F8C} - C:\ESW\GoEzoZone.exe O9 - Extra 'Tools' menuitem: 網路ATM服務 - {E1056C34-E994-4CF9-AD0A-5BFE96747F8C} - C:\ESW\GoEzoZone.exe O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O15 - Trusted Zone: http://.tsc.com.tw O15 - Trusted Zone: http://www.ctc.url.tw O15 - Trusted IP range: http://59.125.12.150 O15 - ESC Trusted Zone: http://.update.microsoft.com O16 - DPF: {11B27AD7-BF74-4C5F-99E3-FBB1764D7863} (DisFisc Control) - https://eatm.chb.com.tw/DisFiscOcx.cab O16 - DPF: {4FCDEAB8-B28E-47E7-8EB5-9260FC173565} (JSwebATM Class) - https://webatm.jihsunbank.com.tw/JSwebATM.cab O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsu...?1259330568484 O16 - DPF: {650BBB86-3D77-49BA-A4B2-2455E44EB031} (PasswordMD5ClientCOMCtrl Class) - https://netbank.chb.com.tw/Security/...5ClientCOM.cab O16 - DPF: {88B8A9C7-10A1-4535-8EEB-0D875349E5B8} (SendOrder Class) - https://trade.tsc.com.tw/ekey/cab/axekey.cab O16 - DPF: {8F566902-147A-450F-A492-357155B73836} (DirObj Class) - https://trade.tsc.com.tw/ekey/cab/getdir.cab O16 - DPF: {9D10CDAC-AD9D-478A-BA49-4924481B20A6} (EnvDetect Class) - http://www.tsc.com.tw/service/CGEnvDetectATL.cab O16 - DPF: {D431F24F-0D8A-43A2-AB0D-FF6F27DE95A8} (PasswordClientCOMCtrl Class) - https://netbank.chb.com.tw/Security/...dClientCOM.cab O16 - DPF: {EB8D26BA-9A4C-444C-80D1-1B544F68D797} (XMLSignatureClientCOMCtrl Class) - https://netbank.chb.com.tw/Security/...eClientCOM.cab O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - CACE Technologies - C:\Program Files\WinPcap\rpcapd.exe -- End of file - 5971 bytes 此帖於 2009-12-04 11:29 PM 被 a471 編輯.

	送花文章: 0, 收花文章: 4 篇, 收花: 6 次