史萊姆論壇

史萊姆論壇 (http://forum.slime.com.tw/)
-   一般電腦疑難討論區 (http://forum.slime.com.tw/f17.html)
-   -   有請各位大大幫忙,我中毒了 (http://forum.slime.com.tw/thread208946.html)

grimmw40852 2007-06-23 09:22 PM
有請各位大大幫忙,我中毒了
 
[b]卡巴掃到
Trojan-psw.win32.magania.im 執行模組SERVICES.EXE\services.exe
拜託大大救命我掃不掉解毒解不掉:on_51: :on_51: :on_51: :on_51: 救命阿



謝謝好心的你事事順心如意

danny_2 2007-06-23 09:25 PM
丟掉吧!

請說明詳細的電腦組態&作業系統..等。

grimmw40852 2007-06-23 09:28 PM
引用:
作者: danny_2 (文章 1742658)
丟掉吧!

請說明詳細的電腦組態&作業系統..等。
電腦組態??我是電腦大白吃所以不懂電腦組態(請大大指教)是什麼
但是作業系統XP

plunderer 2007-06-23 09:37 PM
用 hijackthis
http://www.trendsecure.com/portal/en...ackThis_v2.exe
掃描後 把 log 貼上來

grimmw40852 2007-06-23 09:47 PM
引用:
作者: plunderer (文章 1742663)
用 hijackthis
http://www.trendsecure.com/portal/en...ackThis_v2.exe
掃描後 把 log 貼上來
請問大大是這些東西嗎???
Logfile of Trend Micro HijackThis v2.0.0 (BETA)
Scan saved at 下午 09:44:43, on 2007/6/23
Platform: Windows XP SP2 (WinNT 5.01.2600)
Boot mode: Safe mode

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\掃毒\Spyware Doctor\svcntaux.exe
C:\掃毒\Spyware Doctor\swdsvc.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\avp.exe
F:\HiJackThis_v2.exe
C:\WINDOWS\System32\wbem\wmiprvse.exe

R3 - URLSearchHook: Yahoo!奇摩捷徑列 - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {206E52E0-D52E-11D4-AD54-0000E86C26F6} - E:\續傳軟體\FreshDownload\fdcatch.dll (file missing)
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - E:\SKYPE\Phone\IEPlugin\SKYPEI~1.DLL
O2 - BHO: BitComet ClickCapture - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - E:\阿誠要的遊戲\BitComet\tools\BitCometBHO.dll (file missing)
O3 - Toolbar: HostranBar - {88F2B391-8D09-4c0e-9824-5ECD0F382f66} - C:\WINDOWS\Hostran\HostranBar.dll
O3 - Toolbar: (no name) - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - (no file)
O3 - Toolbar: FreshDownload Bar - {ED0E8CA5-42FB-4B18-997B-769E0408E79D} - E:\續傳軟體\FreshDownload\fdiebar.dll (file missing)
O3 - Toolbar: (no name) - {C16CBAAC-A75C-4DB5-A0DD-CDF5CAFCDD3A} - (no file)
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [LaunchApp] Alaunch
O4 - HKLM\..\Run: [ATIModeChange] Ati2mdxx.exe
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [LtMoh] C:\Program Files\ltmoh\Ltmoh.exe
O4 - HKLM\..\Run: [LManager] C:\PROGRA~1\LAUNCH~1\CPLBCL53.EXE
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_01\bin\jusched.exe
O4 - HKLM\..\Run: [kav] "C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\avp.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [WinampAgent] E:\Winamp收聽器\Winamp\winampa.exe
O4 - HKLM\..\Run: [mnsa] C:\DOCUME~1\user\LOCALS~1\Temp\mnso.exe
O4 - HKLM\..\Run: [SDTray] "C:\掃毒\Spyware Doctor\SDTrayApp.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Skype] "E:\SKYPE\Phone\Skype.exe" /nosplash /minimized
O4 - HKUS\S-1-5-20\..\Run: [ctfmon.exe] C:\WINDOWS\System32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [ctfmon.exe] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [ctfmon.exe] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O8 - Extra context menu item: &使用BitComet下載本頁視頻 - res://E:\阿誠要的遊戲\BitComet\BitComet.exe/AddVideo.htm
O8 - Extra context menu item: Foxy 下載 - res://E:\FORX下載音樂點\Foxy\Foxy.exe/download.htm
O8 - Extra context menu item: Foxy 搜尋 - res://E:\FORX下載音樂點\Foxy\Foxy.exe/search.htm
O8 - Extra context menu item: 使用BitComet下載全部鏈接 - res://E:\阿誠要的遊戲\BitComet\BitComet.exe/AddAllLink.htm
O8 - Extra context menu item: 使用BitComet下載鏈接(&B) - res://E:\阿誠要的遊戲\BitComet\BitComet.exe/AddLink.htm
O8 - Extra context menu item: 使用網路傳送帶下載 - C:\Program Files\Xi\NetXfer\NXAddLink.html
O8 - Extra context menu item: 使用網路傳送帶下載全部連結 - C:\Program Files\Xi\NetXfer\NXAddList.html
O9 - Extra button: 網頁防護程式 - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\scieplugin.dll
O9 - Extra button: Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\PROGRA~1\YAHOO!\COMMON\yhexbmestw.dll
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\PROGRA~1\YAHOO!\COMMON\yhexbmestw.dll
O9 - Extra button: Skype add-on - {77BF5300-1474-4EC7-9980-D32B190E9B07} - E:\SKYPE\Phone\IEPlugin\SKYPEI~1.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: FreshDownload - {E3540F9E-D0A2-41AF-AD2E-32E253A91DE0} - E:\續傳軟體\FreshDownload\fd.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O15 - ESC Trusted Zone: http://*.update.microsoft.com
O16 - DPF: {12755229-656A-4508-BC94-2DA4D314B4C8} (CathayMyATM.ATMFunc) - https://www.mybank.com.tw/myatm/cab/CathayMyATM.CAB
O16 - DPF: {193C772A-87BE-4B19-A7BB-445B226FE9A1} (ewidoOnlineScan Control) - http://downloads.ewido.net/ewidoOnlineScan.cab
O16 - DPF: {300FD990-15D4-41A4-A7DE-C1ECB8D7371F} (ATMC Class) - https://eb.fisc.com.tw/EB/Download/Everyone/ATMCard.cab
O16 - DPF: {5C253D25-00FD-4703-9924-E53792DF98C9} (CathayMyATM2.EsConn) - https://www.mybank.com.tw/MyATM/cab/CathayMyATM2.CAB
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsu...?1159443905105
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsof...?1159444036233
O16 - DPF: {7E980B9B-8AE5-466A-B6D6-DA8CF814E78A} (MJLauncherCtrl Class) - http://www.mumbojumbo.com/assets/mjolauncher.cab
O16 - DPF: {9675ABBF-8D0B-4956-868C-934B5A7928D4} (Npv Control) - https://nprotect.lineage2.com.tw/npr...ncsoft/npv.cab
O16 - DPF: {B596344E-F60F-42C2-8640-5954EEDBD428} (RegExe Control) - http://www.omg.com.tw/ActiveX/MacroWell.CAB
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/ge...sh/swflash.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{8EB9AED2-BE08-4C63-8BB5-B9ADE51BAD64}: NameServer = 211.78.130.1
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\System32\browseui.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\System32\browseui.dll
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: Kaspersky Anti-Virus 6.0 (AVP) - Kaspersky Lab - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\avp.exe
O23 - Service: Boonty Games - BOONTY - C:\Program Files\Common Files\BOONTY Shared\Service\Boonty.exe
O23 - Service: P4P Service - Sohu.com Inc. - C:\Program Files\Common Files\Sogou PXP\p2psvr.exe
O23 - Service: Spyware Doctor Auxiliary Service (sdAuxService) - Unknown owner - C:\掃毒\Spyware Doctor\svcntaux.exe
O23 - Service: Spyware Doctor Service (sdCoreService) - PC Tools - C:\掃毒\Spyware Doctor\swdsvc.exe

--
End of file - 7796 bytes

感謝大大幫忙

plunderer 2007-06-23 10:02 PM
咦? 你的日誌看來沒有中招的跡象啊! :on_47:
被查到的檔案在什麼目錄?

grimmw40852 2007-06-23 10:07 PM
引用:
作者: plunderer (文章 1742675)
咦? 你的日誌看來沒有中招的跡象啊! :on_47:
被查到的檔案在什麼目錄?

可是我的卡巴有耶而且還不給我殺>"<
而且我還在WINDOWS/system32發現msdll.dll也是不給殺

plunderer 2007-06-23 10:14 PM
引用:
作者: grimmw40852 (文章 1742676)
可是我的卡巴有耶而且還不給我殺>"<
而且我還在WINDOWS/system32發現msdll.dll也是不給殺
你的 log 是不是漏貼了一項?:on_72:
F2 - REG:system.ini: UserInit=c:\windows\system32\userinit.exe,c:\windows\installer\services.exe,

你的問題應該是:
http://forum.slime.com.tw/thread200076.html

grimmw40852 2007-06-23 10:23 PM
引用:
作者: plunderer (文章 1742682)
你的 log 是不是漏貼了一項?:on_72:
F2 - REG:system.ini: UserInit= <<<完全不知道= =+啥意思 >>>大約怎麼用c:\windows\system32\userinit.exe,c:\windows\installer\services.exe,

你的問題應該是:
http://forum.slime.com.tw/showthread.php?t=200076
:on_22: 我不只是電腦大白吃還是各英文白吃我國小畢業而已請大大能指點嗎

謝謝

plunderer 2007-06-23 10:34 PM
手動清除你肯定不會.....:on_44:

用 hijackthis 再掃一次, 然後要確定把日誌完整貼上來

grimmw40852 2007-06-23 10:38 PM
引用:
作者: plunderer (文章 1742706)
手動清除你肯定不會.....:on_44:

用 hijackthis 再掃一次, 然後要確定把日誌完整貼上來

請問是在哪種模式下???正常開機模式下??還是安全模式下??(剛剛是在安全模式下掃的)

plunderer 2007-06-23 10:42 PM
正常模式下掃(我沒注意原來上面的日誌是安全模式下掃出來的...難怪少了很多項)

grimmw40852 2007-06-23 10:48 PM
引用:
作者: plunderer (文章 1742711)
正常模式下掃(我沒注意原來上面的日誌是安全模式下掃出來的...難怪少了很多項)

掃毒情況下呢??

plunderer 2007-06-23 10:52 PM
都可以, 反正用 hijackthis 在正常模式下再掃一次, 掃描後 把 log 貼上來

grimmw40852 2007-06-23 10:59 PM
引用:
作者: plunderer (文章 1742718)
都可以, 反正用 hijackthis 在正常模式下再掃一次, 掃描後 把 log 貼上來
好嚕都在下面(正常模式下)大大您辛苦了:on_28: :on_28: :on_28:

Logfile of Trend Micro HijackThis v2.0.0 (BETA)
Scan saved at 下午 10:56:28, on 2007/6/23
Platform: Windows XP SP2 (WinNT 5.01.2600)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\SCardSvr.exe
C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\avp.exe
C:\Program Files\Common Files\Sogou PXP\p2psvr.exe
C:\掃毒\Spyware Doctor\svcntaux.exe
C:\掃毒\Spyware Doctor\swdsvc.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\WINDOWS\AGRSMMSG.exe
C:\Program Files\ltmoh\Ltmoh.exe
C:\PROGRA~1\LAUNCH~1\CPLBCL53.EXE
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Java\j2re1.4.2_01\bin\jusched.exe
C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\avp.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
E:\Winamp收聽器\Winamp\winampa.exe
C:\掃毒\Spyware Doctor\SDTrayApp.exe
C:\WINDOWS\system32\ctfmon.exe
E:\SKYPE\Phone\Skype.exe
C:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe
E:\SKYPE\Plugin Manager\skypePM.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\System32\svchost.exe
F:\HiJackThis_v2.exe
C:\WINDOWS\System32\wbem\wmiprvse.exe

R3 - URLSearchHook: Yahoo!奇摩捷徑列 - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {206E52E0-D52E-11D4-AD54-0000E86C26F6} - E:\續傳軟體\FreshDownload\fdcatch.dll (file missing)
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - E:\SKYPE\Phone\IEPlugin\SKYPEI~1.DLL
O2 - BHO: BitComet ClickCapture - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - E:\阿誠要的遊戲\BitComet\tools\BitCometBHO.dll (file missing)
O3 - Toolbar: HostranBar - {88F2B391-8D09-4c0e-9824-5ECD0F382f66} - C:\WINDOWS\Hostran\HostranBar.dll
O3 - Toolbar: (no name) - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - (no file)
O3 - Toolbar: FreshDownload Bar - {ED0E8CA5-42FB-4B18-997B-769E0408E79D} - E:\續傳軟體\FreshDownload\fdiebar.dll (file missing)
O3 - Toolbar: (no name) - {C16CBAAC-A75C-4DB5-A0DD-CDF5CAFCDD3A} - (no file)
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [LaunchApp] Alaunch
O4 - HKLM\..\Run: [ATIModeChange] Ati2mdxx.exe
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [LtMoh] C:\Program Files\ltmoh\Ltmoh.exe
O4 - HKLM\..\Run: [LManager] C:\PROGRA~1\LAUNCH~1\CPLBCL53.EXE
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_01\bin\jusched.exe
O4 - HKLM\..\Run: [kav] "C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\avp.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [WinampAgent] E:\Winamp收聽器\Winamp\winampa.exe
O4 - HKLM\..\Run: [mnsa] C:\DOCUME~1\user\LOCALS~1\Temp\mnso.exe
O4 - HKLM\..\Run: [SDTray] "C:\掃毒\Spyware Doctor\SDTrayApp.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Skype] "E:\SKYPE\Phone\Skype.exe" /nosplash /minimized
O4 - HKUS\S-1-5-19\..\Run: [ctfmon.exe] C:\WINDOWS\System32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [ctfmon.exe] C:\WINDOWS\System32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [ctfmon.exe] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [ctfmon.exe] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O8 - Extra context menu item: &使用BitComet下載本頁視頻 - res://E:\阿誠要的遊戲\BitComet\BitComet.exe/AddVideo.htm
O8 - Extra context menu item: Foxy 下載 - res://E:\FORX下載音樂點\Foxy\Foxy.exe/download.htm
O8 - Extra context menu item: Foxy 搜尋 - res://E:\FORX下載音樂點\Foxy\Foxy.exe/search.htm
O8 - Extra context menu item: 使用BitComet下載全部鏈接 - res://E:\阿誠要的遊戲\BitComet\BitComet.exe/AddAllLink.htm
O8 - Extra context menu item: 使用BitComet下載鏈接(&B) - res://E:\阿誠要的遊戲\BitComet\BitComet.exe/AddLink.htm
O8 - Extra context menu item: 使用網路傳送帶下載 - C:\Program Files\Xi\NetXfer\NXAddLink.html
O8 - Extra context menu item: 使用網路傳送帶下載全部連結 - C:\Program Files\Xi\NetXfer\NXAddList.html
O9 - Extra button: 網頁防護程式 - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\scieplugin.dll
O9 - Extra button: Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\PROGRA~1\YAHOO!\COMMON\yhexbmestw.dll
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\PROGRA~1\YAHOO!\COMMON\yhexbmestw.dll
O9 - Extra button: Skype add-on - {77BF5300-1474-4EC7-9980-D32B190E9B07} - E:\SKYPE\Phone\IEPlugin\SKYPEI~1.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: FreshDownload - {E3540F9E-D0A2-41AF-AD2E-32E253A91DE0} - E:\續傳軟體\FreshDownload\fd.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O15 - ESC Trusted Zone: http://*.update.microsoft.com
O16 - DPF: {12755229-656A-4508-BC94-2DA4D314B4C8} (CathayMyATM.ATMFunc) - https://www.mybank.com.tw/myatm/cab/CathayMyATM.CAB
O16 - DPF: {193C772A-87BE-4B19-A7BB-445B226FE9A1} (ewidoOnlineScan Control) - http://downloads.ewido.net/ewidoOnlineScan.cab
O16 - DPF: {300FD990-15D4-41A4-A7DE-C1ECB8D7371F} (ATMC Class) - https://eb.fisc.com.tw/EB/Download/Everyone/ATMCard.cab
O16 - DPF: {5C253D25-00FD-4703-9924-E53792DF98C9} (CathayMyATM2.EsConn) - https://www.mybank.com.tw/MyATM/cab/CathayMyATM2.CAB
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsu...?1159443905105
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsof...?1159444036233
O16 - DPF: {7E980B9B-8AE5-466A-B6D6-DA8CF814E78A} (MJLauncherCtrl Class) - http://www.mumbojumbo.com/assets/mjolauncher.cab
O16 - DPF: {9675ABBF-8D0B-4956-868C-934B5A7928D4} (Npv Control) - https://nprotect.lineage2.com.tw/npr...ncsoft/npv.cab
O16 - DPF: {B596344E-F60F-42C2-8640-5954EEDBD428} (RegExe Control) - http://www.omg.com.tw/ActiveX/MacroWell.CAB
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/ge...sh/swflash.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{8EB9AED2-BE08-4C63-8BB5-B9ADE51BAD64}: NameServer = 211.78.130.1
O18 - Protocol: about - {3050F406-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll
O18 - Protocol: cdl - {3DD53D40-7B8B-11D0-B013-00AA0059CE02} - C:\WINDOWS\system32\urlmon.dll
O18 - Protocol: dvd - {12D51199-0DB5-46FE-A120-47A3D7D937CC} - C:\WINDOWS\system32\msvidctl.dll
O18 - Protocol: file - {79EAC9E7-BAF9-11CE-8C82-00AA004BA90B} - C:\WINDOWS\system32\urlmon.dll
O18 - Protocol: ftp - {79EAC9E3-BAF9-11CE-8C82-00AA004BA90B} - C:\WINDOWS\system32\urlmon.dll
O18 - Protocol: gopher - {79EAC9E4-BAF9-11CE-8C82-00AA004BA90B} - C:\WINDOWS\system32\urlmon.dll
O18 - Protocol: http - {79EAC9E2-BAF9-11CE-8C82-00AA004BA90B} - C:\WINDOWS\system32\urlmon.dll
O18 - Protocol: https - {79EAC9E5-BAF9-11CE-8C82-00AA004BA90B} - C:\WINDOWS\system32\urlmon.dll
O18 - Protocol: ipp - (no CLSID) - (no file)
O18 - Protocol: its - {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\WINDOWS\System32\itss.dll
O18 - Protocol: javascript - {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: local - {79EAC9E7-BAF9-11CE-8C82-00AA004BA90B} - C:\WINDOWS\system32\urlmon.dll
O18 - Protocol: mailto - {3050F3DA-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll
O18 - Protocol: mhtml - {05300401-BCBC-11D0-85E3-00C04FD85AB4} - C:\WINDOWS\System32\inetcomm.dll
O18 - Protocol: mk - {79EAC9E6-BAF9-11CE-8C82-00AA004BA90B} - C:\WINDOWS\system32\urlmon.dll
O18 - Protocol: ms-its - {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\WINDOWS\System32\itss.dll
O18 - Protocol: msdaipp - (no CLSID) - (no file)
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: res - {3050F3BC-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O18 - Protocol: sysimage - {76E67A63-06E9-11D2-A840-006008059382} - C:\WINDOWS\System32\mshtml.dll
O18 - Protocol: tv - {CBD30858-AF45-11D2-B6D6-00C04FBBDE6E} - C:\WINDOWS\system32\msvidctl.dll
O18 - Protocol: vbscript - {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll
O18 - Protocol: wia - {13F3EA8B-91D7-4F0A-AD76-D2853AC8BECE} - C:\WINDOWS\System32\wiascr.dll
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\System32\browseui.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\System32\browseui.dll
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: Kaspersky Anti-Virus 6.0 (AVP) - Kaspersky Lab - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\avp.exe
O23 - Service: Boonty Games - BOONTY - C:\Program Files\Common Files\BOONTY Shared\Service\Boonty.exe
O23 - Service: P4P Service - Sohu.com Inc. - C:\Program Files\Common Files\Sogou PXP\p2psvr.exe
O23 - Service: Spyware Doctor Auxiliary Service (sdAuxService) - Unknown owner - C:\掃毒\Spyware Doctor\svcntaux.exe
O23 - Service: Spyware Doctor Service (sdCoreService) - PC Tools - C:\掃毒\Spyware Doctor\swdsvc.exe

--
End of file - 11131 bytes

plunderer 2007-06-23 11:24 PM
說實話, 你的日誌是我看過最奇怪的
你的問題可能和這一帖相同:
http://forum.slime.com.tw/showthread.php?t=200076
但卻看不到有問題的那一項

那就手動清除吧:
執行 regedit.exe 搜尋字串 c:\windows\installer\services.exe
找到符合的值就刪除 (按 F3 尋找下一個, 直到沒有為止)

重新開機, 以安全模式登入 windows, 刪除c:\windows\installer\services.exe 及C:\WINDOWS\system32\msdll.dll

再重新開機, 正常登入, 用防毒軟體掃掃看

grimmw40852 2007-06-23 11:28 PM
引用:
作者: plunderer (文章 1742736)
說實話, 你的日誌是我看過最奇怪的
你的問題可能和這一帖相同:
http://forum.slime.com.tw/showthread.php?t=200076
但卻看不到有問題的那一項

那就手動清除吧:
執行 regedit.exe 搜尋字串 c:\windows\installer\services.exe
找到符合的值就刪除 (按 F3 尋找下一個, 直到沒有為止)

重新開機, 以安全模式登入 windows, 刪除c:\windows\installer\services.exe 及C:\WINDOWS\system32\msdll.dll

再重新開機, 正常登入, 用防毒軟體掃掃看

感謝大大您的幫忙我試試看不行在前來向您請教:on_28: :on_28: :on_28: :on_28: :on_28: :on_28: :on_28: :on_28: :on_28:

tyc8008 2007-06-24 05:10 AM
O4 - HKLM\..\Run: [mnsa] C:\DOCUME~1\user\LOCALS~1\Temp\mnso.exe

刪除這一行後再掃毒試試

grimmw40852 2007-06-24 03:07 PM
謝謝所有大大的幫忙我已經解決了問題:on_28: :on_28: :on_28: :on_28: :on_28: :on_28: :on_28: :on_28: :on_28: 在此叩謝幫忙的所有大大


所有時間均為台北時間。現在的時間是 06:46 AM

Powered by vBulletin® 版本 3.6.8
版權所有 ©2000 - 2025, Jelsoft Enterprises Ltd.

『服務條款』

* 有問題不知道該怎麼解決嗎?請聯絡本站的系統管理員 *


SEO by vBSEO 3.6.1