|
中毒了
只要一開火狐狸視窗
瀏覽任何網頁 就出現  重新安裝也沒用 請看我的log Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 下午 04:53:51, on 2014/6/2 Platform: Windows XP SP3 (WinNT 5.01.2600) MSIE: Internet Explorer v8.00 (8.00.6001.18702) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe C:\Program Files\Alwil Software\Avast4\ashServ.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\Explorer.EXE C:\Program Files\USIM Editor\iconcs226656.exe C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe C:\Program Files\Creative\ShareDLL\CtNotify.exe C:\Program Files\Comodo\Firewall\CPF.exe C:\Program Files\Creative\ShareDLL\MediaDet.Exe C:\WINDOWS\vVX1000.exe C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnf.exe C:\Program Files\Common Files\Ulead Systems\AutoDetector\monitor.exe C:\Program Files\BlueStacks\HD-Agent.exe C:\Program Files\VIA\VIAudioi\HDADeck\HDeck.exe C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe C:\program files\real\realone player\update\realsched.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\SlySoft\AnyDVD\AnyDVDtray.exe C:\Program Files\Rainlendar2\Rainlendar2.exe C:\Program Files\Google\Drive\googledrivesync.exe C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe C:\Program Files\ATnotes\ATnotes.exe C:\WINDOWS\system32\OSK.exe C:\WINDOWS\system32\MSSWCHX.EXE C:\Program Files\Google\Drive\googledrivesync.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\BlueStacks\HD-LogRotatorService.exe C:\Program Files\BlueStacks\HD-UpdaterService.exe C:\Program Files\Comodo\Firewall\cmdagent.exe C:\WINDOWS\system32\CTsvcCDA.EXE C:\Program Files\Common Files\Microsoft Shared\IME14\SHARED\IMEDICTUPDATE.EXE C:\WINDOWS\system32\KaraokeSer.exe C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe C:\Program Files\Microsoft LifeCam\MSCamS32.exe C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe C:\WINDOWS\system32\IoctlSvc.exe C:\Program Files\RealNetworks\RealDownloader\rndlresolversvc.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\MsPMSPSv.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe C:\WINDOWS\system32\wscntfy.exe C:\Program Files\Alwil Software\Avast4\ashWebSv.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe C:\WINDOWS\system32\conime.exe C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\QvodPlayer\QvodPlayer.exe C:\Program Files\QvodPlayer\QvodTerminal.exe C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\RealNetworks\RealDownloader\recordingmanager.exe C:\Documents and Settings\Edward Nygma\My Documents\program files\Q-Dir\Q-Dir.exe Z:\HiJackThis.exe O2 - BHO: RealNetworks Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Documents and Settings\All Users\Application Data\RealNetworks\RealDownloader\BrowserPlugins\IE\rndlbrowserrecordplugin.dll O2 - BHO: BitComet ClickCapture - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - Z:\BitComet\tools\bitcometbho.dll (file missing) O2 - BHO: 4D3A8BB0-0EE8-5D71-F64D-4643CA0BE7D9 Class - {4D3A8BB0-0EE8-5D71-F64D-4643CA0BE7D9} - C:\Program Files\QvodPlayer\AddIn\{4D3A8BB0-0EE8-5D71-F64D-4643CA0BE7D9}\QvodAddr.dll O2 - BHO: QvodExtend - {A8502600-B272-4F68-A67B-A0305D46D297} - C:\Program Files\QvodPlayer\QvodExtend\5.0.97.0\QvodExtend.dll O2 - BHO: B4C229C4-2FB2-A387-9F53-0783EDDE2298 Class - {B4C229C4-2FB2-A387-9F53-0783EDDE2298} - C:\Program Files\QvodPlayer\AddIn\{4D3A8BB0-0EE8-5D71-F64D-4643CA0BE7D9}\QvodAddr.dll O2 - BHO: Xunlei BHO Platform - {DE05CF4A-7B0A-4775-B5E5-396244938679} - C:\Program Files\Thunder Network\Thunder\Thunder BHO Platform\np_tdieplat.dll O3 - Toolbar: SiteFinder - {CCC7B159-1D8C-11E3-B2AD-F3EF3D58318D} - C:\Program Files\SiteFinder\SiteFinder.dll O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32 O4 - HKLM\..\Run: [USBestCR] C:\Program Files\USIM Editor\iconcs226656.exe RunFromReg O4 - HKLM\..\Run: [Share-to-Web Namespace Daemon] C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe O4 - HKLM\..\Run: [Creative Launcher] C:\Program Files\Creative\SBLive\Launcher\CTLauncher.exe O4 - HKLM\..\Run: [Disc Detector] C:\Program Files\Creative\ShareDLL\CtNotify.exe O4 - HKLM\..\Run: [AudioHQ] C:\Program Files\Creative\SBLive\AudioHQ\AHQTB.EXE O4 - HKLM\..\Run: [COMODO Firewall Pro] "C:\Program Files\Comodo\Firewall\CPF.exe" /background O4 - HKLM\..\Run: [IME14 CHT Setup] C:\PROGRA~1\COMMON~1\MICROS~1\IME14\SHARED\IMEKLMG.EXE /SetPreload /CHT /Log O4 - HKLM\..\Run: [VX1000] C:\WINDOWS\vVX1000.exe O4 - HKLM\..\Run: [LifeCam] "C:\Program Files\Microsoft LifeCam\LifeExp.exe" O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" O4 - HKLM\..\Run: [Ulead AutoDetector v2] C:\Program Files\Common Files\Ulead Systems\AutoDetector\monitor.exe O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Nero\Lib\NeroCheck.exe O4 - HKLM\..\Run: [NBKeyScan] "C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe" O4 - HKLM\..\Run: [BlueStacks Agent] C:\Program Files\BlueStacks\HD-Agent.exe O4 - HKLM\..\Run: [HDAudDeck] C:\Program Files\VIA\VIAudioi\HDADeck\HDeck.exe 1 O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe O4 - HKLM\..\Run: [TkBellExe] "C:\program files\real\realone player\update\realsched.exe" -osboot O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [AnyDVD] C:\Program Files\SlySoft\AnyDVD\AnyDVDtray.exe O4 - HKCU\..\Run: [Rainlendar2] C:\Program Files\Rainlendar2\Rainlendar2.exe O4 - HKCU\..\Run: [GoogleDriveSync] "C:\Program Files\Google\Drive\googledrivesync.exe" /autostart O4 - HKCU\..\Run: [Messenger (Yahoo!)] "C:\PROGRA~1\Yahoo!\Messenger\YahooMessenger.exe" -quiet O4 - HKCU\..\Run: [IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe" ASO-616B5711-6DAE-4795-A05F-39A1E5104020 O4 - HKCU\..\Run: [ATnotes.exe] C:\Program Files\ATnotes\ATnotes.exe O4 - HKCU\..\Run: [AlcoholAutomount] "C:\Program Files\Alcohol Soft\Alcohol 120\AxAutoMntSrv.exe" -automount O4 - HKCU\..\Run: [Facebook Update] "C:\Documents and Settings\Edward Nygma\Local Settings\Application Data\Facebook\Update\FacebookUpdate.exe" /c /nocrashserver O4 - HKCU\..\Run: [Tango] C:\Program Files\Tango\Tango.exe -r O4 - HKUS\S-1-5-19\..\Run: [ctfmon.exe] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE') O4 - HKUS\S-1-5-20\..\Run: [ctfmon.exe] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE') O4 - HKUS\S-1-5-18\..\Run: [ctfmon.exe] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [ctfmon.exe] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user') O8 - Extra context menu item: &使用BitComet下載 - res://Z:\BitComet\BitComet.exe/AddLink.htm O8 - Extra context menu item: &使用BitComet下載全部連結 - res://Z:\BitComet\BitComet.exe/AddAllLink.htm O8 - Extra context menu item: &使用迅雷下載 - C:\Program Files\Thunder Network\Thunder\BHO\geturl.htm O8 - Extra context menu item: &使用迅雷下載全部鏈接 - C:\Program Files\Thunder Network\Thunder\BHO\GetAllUrl.htm O8 - Extra context menu item: &使用迅雷離線下載 - C:\Program Files\Thunder Network\Thunder\BHO\OfflineDownload.htm O8 - Extra context menu item: 匯出至 Microsoft Excel(&X) - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000 O9 - Extra button: Site Finder - {CCC7B152-1D8C-11E3-B2AD-F3EF3D58318D} - C:\Program Files\SiteFinder\SiteFinder.dll O9 - Extra button: BitComet - {D18A0B52-D63C-4ed0-AFC6-C1E3DC1AF43A} - res://Z:\BitComet\tools\bitcometbho.dll/206 (file missing) O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O10 - Unknown file in Winsock LSP: c:\program files\youku\youkuclient\ikutm.dll O10 - Unknown file in Winsock LSP: c:\program files\youku\youkuclient\ikutm.dll O10 - Unknown file in Winsock LSP: c:\program files\youku\youkuclient\ikutm.dll O12 - Plugin for .UVR: C:\Program Files\Internet Explorer\Plugins\NPUPano.dll O15 - ESC Trusted Zone: http://*.update.microsoft.com O17 - HKLM\System\CCS\Services\Tcpip\..\{13CB4888-2EE2-4283-BFFC-FCF6977E99A3}: NameServer = 8.8.8.8 8.8.4.4 O17 - HKLM\System\CS1\Services\Tcpip\..\{13CB4888-2EE2-4283-BFFC-FCF6977E99A3}: NameServer = 8.8.8.8 8.8.4.4 O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe O23 - Service: Afa Card Reader Service (AfaService) - Unknown owner - C:\WINDOWS\system32\afasrv32.exe (file missing) O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe O23 - Service: BlueStacks Android Service (BstHdAndroidSvc) - BlueStack Systems, Inc. - C:\Program Files\BlueStacks\HD-Service.exe O23 - Service: BlueStacks Log Rotator Service (BstHdLogRotatorSvc) - BlueStack Systems, Inc. - C:\Program Files\BlueStacks\HD-LogRotatorService.exe O23 - Service: BlueStacks Updater Service (BstHdUpdaterSvc) - BlueStack Systems, Inc. - C:\Program Files\BlueStacks\HD-UpdaterService.exe O23 - Service: Comodo Application Agent (CmdAgent) - COMODO - C:\Program Files\Comodo\Firewall\cmdagent.exe O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.EXE O23 - Service: Google更新 服務 (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe O23 - Service: Google更新 服務 (gupdatem) (gupdatem) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe O23 - Service: VIA Karaoke digital mixer Service (KaraokeService) - VIA Technologies, Inc. - C:\WINDOWS\system32\KaraokeSer.exe O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe O23 - Service: PLFlash DeviceIoControl Service - Prolific Technology Inc. - C:\WINDOWS\system32\IoctlSvc.exe O23 - Service: RealNetworks Downloader Resolver Service - Unknown owner - C:\Program Files\RealNetworks\RealDownloader\rndlresolversvc.exe O23 - Service: Skype Updater (SkypeUpdate) - Skype Technologies - C:\Program Files\Skype\Updater\Updater.exe -- End of file - 12331 bytes |
樓主使用Comodo官方出版之免費掃毒光碟掃描所有硬碟區呢??
http://www.comodo.com/business-secur...escue-disk.php |
|
有試過 【下載】efix最新版!----台灣較常見惡意程式
跟 http://www.azofreeware.com/2013/04/d...-20130413.html 引用:
現在都已經是 avast! 2014 |
啊就懶的更新啊:on_14::on_14:
昨天間諜獵人抓錯 需要買的 今天試試免費的 |
間諜獵人
沒效:on_03: |
而且我的火狐狸無法開新分頁:on_44:
|
|
有空來菸酒菸酒一下:on_85:
|
引用:
工作管理員的處理程序中根本不知哪個程式和JS : Downloader-ZY有關啊:on_88: |
樓主當初win7那100MB系統分割區與C槽有無使用再生龍備份下來,建議乾脆還原回去最快
|
引用:
那是第一部曲,叫出工作管理員是把正在運行的可疑城市 ㄟ..可疑程式結束 接下來咱繼續菸酒菸酒 |
有些是特定網頁的連結 ... 指向病毒 ...,如猜老這張圖片的,連結 ...
迪西除了 IE 外,另 Opera、Chrome,Firefox 是最近測試才安裝上去的 主要是使用 Opera 為主,其他的為輔助 ... 迪西剛剛以 Opera 測試 ... 如果是 http://utils.cdneurope.com/ 顯示 403 但是如那張圖完整貼上去 http://utils.cdneurope.xxx/js/mo.js 馬上被 avast! 攔截 出現病毒 ... 並且 Firefox 被喚醒 ...  那迪西推測病毒本身就是,那個 mo.js ... 並且被寄生在 瀏覽器的快取資料夾以其使用者資了料夾中 可以先試著把防毒軟體升級到最新版本 ... 在全系統檢測看看 ... 不行的話 ... 就要移除 Firefox 重新安裝了 ... 除了正常的移除外 ... 還需要以手動對以下路徑位置作刪除 ... 刪除完畢後 ... 重新開記再安裝 Firefox %ProgramFiles%\Mozilla Firefox %ProgramFiles%\Mozilla Maintenance Service %APPDATA%\Mozilla %USERPROFILE%\Local Settings\Application Data\Mozilla |
 這是我的工作管理員 來菸酒菸酒吧 |
引用:
接下來叫出隱藏檔案,「顯示隱藏」檔案 將以下路徑內 %Documents and Settings%\[UserName]\Application Data\[random] %AllUsersProfile%\Application Data\.dll %AllUsersProfile%\Application Data\.exe %AllUsersProfile%\random.exe %AppData%\Roaming\Microsoft\Windows\Templates\random.exe %Temp%\random.exe 然後叫出註冊機「regedit」,將以下機碼刪除 HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run “[RANDOM]” HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run “[RANDOM].exe” |
| 所有時間均為台北時間。現在的時間是 01:19 AM。 |
Powered by vBulletin® 版本 3.6.8
版權所有 ©2000 - 2025, Jelsoft Enterprises Ltd.
『服務條款』
* 有問題不知道該怎麼解決嗎?請聯絡本站的系統管理員 *