史萊姆論壇

史萊姆論壇 (http://forum.slime.com.tw/)
-   一般電腦疑難討論區 (http://forum.slime.com.tw/f17.html)
-   -   中毒了 (http://forum.slime.com.tw/thread276133.html)

猜謎人 2014-06-02 05:11 PM

中毒了
 
只要一開火狐狸視窗
瀏覽任何網頁
就出現http://i171.photobucket.com/albums/u287/sad_jellyfish/net-pic/1_zps5d75ddfe.jpg


重新安裝也沒用
請看我的log













Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 下午 04:53:51, on 2014/6/2
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\USIM Editor\iconcs226656.exe
C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
C:\Program Files\Creative\ShareDLL\CtNotify.exe
C:\Program Files\Comodo\Firewall\CPF.exe
C:\Program Files\Creative\ShareDLL\MediaDet.Exe
C:\WINDOWS\vVX1000.exe
C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnf.exe
C:\Program Files\Common Files\Ulead Systems\AutoDetector\monitor.exe
C:\Program Files\BlueStacks\HD-Agent.exe
C:\Program Files\VIA\VIAudioi\HDADeck\HDeck.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\program files\real\realone player\update\realsched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\SlySoft\AnyDVD\AnyDVDtray.exe
C:\Program Files\Rainlendar2\Rainlendar2.exe
C:\Program Files\Google\Drive\googledrivesync.exe
C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe
C:\Program Files\ATnotes\ATnotes.exe
C:\WINDOWS\system32\OSK.exe
C:\WINDOWS\system32\MSSWCHX.EXE
C:\Program Files\Google\Drive\googledrivesync.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\BlueStacks\HD-LogRotatorService.exe
C:\Program Files\BlueStacks\HD-UpdaterService.exe
C:\Program Files\Comodo\Firewall\cmdagent.exe
C:\WINDOWS\system32\CTsvcCDA.EXE
C:\Program Files\Common Files\Microsoft Shared\IME14\SHARED\IMEDICTUPDATE.EXE
C:\WINDOWS\system32\KaraokeSer.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\Program Files\Microsoft LifeCam\MSCamS32.exe
C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
C:\WINDOWS\system32\IoctlSvc.exe
C:\Program Files\RealNetworks\RealDownloader\rndlresolversvc.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\MsPMSPSv.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\WINDOWS\system32\conime.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\QvodPlayer\QvodPlayer.exe
C:\Program Files\QvodPlayer\QvodTerminal.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\RealNetworks\RealDownloader\recordingmanager.exe
C:\Documents and Settings\Edward Nygma\My Documents\program files\Q-Dir\Q-Dir.exe
Z:\HiJackThis.exe

O2 - BHO: RealNetworks Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Documents and Settings\All Users\Application Data\RealNetworks\RealDownloader\BrowserPlugins\IE\rndlbrowserrecordplugin.dll
O2 - BHO: BitComet ClickCapture - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - Z:\BitComet\tools\bitcometbho.dll (file missing)
O2 - BHO: 4D3A8BB0-0EE8-5D71-F64D-4643CA0BE7D9 Class - {4D3A8BB0-0EE8-5D71-F64D-4643CA0BE7D9} - C:\Program Files\QvodPlayer\AddIn\{4D3A8BB0-0EE8-5D71-F64D-4643CA0BE7D9}\QvodAddr.dll
O2 - BHO: QvodExtend - {A8502600-B272-4F68-A67B-A0305D46D297} - C:\Program Files\QvodPlayer\QvodExtend\5.0.97.0\QvodExtend.dll
O2 - BHO: B4C229C4-2FB2-A387-9F53-0783EDDE2298 Class - {B4C229C4-2FB2-A387-9F53-0783EDDE2298} - C:\Program Files\QvodPlayer\AddIn\{4D3A8BB0-0EE8-5D71-F64D-4643CA0BE7D9}\QvodAddr.dll
O2 - BHO: Xunlei BHO Platform - {DE05CF4A-7B0A-4775-B5E5-396244938679} - C:\Program Files\Thunder Network\Thunder\Thunder BHO Platform\np_tdieplat.dll
O3 - Toolbar: SiteFinder - {CCC7B159-1D8C-11E3-B2AD-F3EF3D58318D} - C:\Program Files\SiteFinder\SiteFinder.dll
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [USBestCR] C:\Program Files\USIM Editor\iconcs226656.exe RunFromReg
O4 - HKLM\..\Run: [Share-to-Web Namespace Daemon] C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
O4 - HKLM\..\Run: [Creative Launcher] C:\Program Files\Creative\SBLive\Launcher\CTLauncher.exe
O4 - HKLM\..\Run: [Disc Detector] C:\Program Files\Creative\ShareDLL\CtNotify.exe
O4 - HKLM\..\Run: [AudioHQ] C:\Program Files\Creative\SBLive\AudioHQ\AHQTB.EXE
O4 - HKLM\..\Run: [COMODO Firewall Pro] "C:\Program Files\Comodo\Firewall\CPF.exe" /background
O4 - HKLM\..\Run: [IME14 CHT Setup] C:\PROGRA~1\COMMON~1\MICROS~1\IME14\SHARED\IMEKLMG.EXE /SetPreload /CHT /Log
O4 - HKLM\..\Run: [VX1000] C:\WINDOWS\vVX1000.exe
O4 - HKLM\..\Run: [LifeCam] "C:\Program Files\Microsoft LifeCam\LifeExp.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [Ulead AutoDetector v2] C:\Program Files\Common Files\Ulead Systems\AutoDetector\monitor.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Nero\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [NBKeyScan] "C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe"
O4 - HKLM\..\Run: [BlueStacks Agent] C:\Program Files\BlueStacks\HD-Agent.exe
O4 - HKLM\..\Run: [HDAudDeck] C:\Program Files\VIA\VIAudioi\HDADeck\HDeck.exe 1
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\program files\real\realone player\update\realsched.exe" -osboot
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [AnyDVD] C:\Program Files\SlySoft\AnyDVD\AnyDVDtray.exe
O4 - HKCU\..\Run: [Rainlendar2] C:\Program Files\Rainlendar2\Rainlendar2.exe
O4 - HKCU\..\Run: [GoogleDriveSync] "C:\Program Files\Google\Drive\googledrivesync.exe" /autostart
O4 - HKCU\..\Run: [Messenger (Yahoo!)] "C:\PROGRA~1\Yahoo!\Messenger\YahooMessenger.exe" -quiet
O4 - HKCU\..\Run: [IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe" ASO-616B5711-6DAE-4795-A05F-39A1E5104020
O4 - HKCU\..\Run: [ATnotes.exe] C:\Program Files\ATnotes\ATnotes.exe
O4 - HKCU\..\Run: [AlcoholAutomount] "C:\Program Files\Alcohol Soft\Alcohol 120\AxAutoMntSrv.exe" -automount
O4 - HKCU\..\Run: [Facebook Update] "C:\Documents and Settings\Edward Nygma\Local Settings\Application Data\Facebook\Update\FacebookUpdate.exe" /c /nocrashserver
O4 - HKCU\..\Run: [Tango] C:\Program Files\Tango\Tango.exe -r
O4 - HKUS\S-1-5-19\..\Run: [ctfmon.exe] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [ctfmon.exe] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [ctfmon.exe] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [ctfmon.exe] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O8 - Extra context menu item: &使用BitComet下載 - res://Z:\BitComet\BitComet.exe/AddLink.htm
O8 - Extra context menu item: &使用BitComet下載全部連結 - res://Z:\BitComet\BitComet.exe/AddAllLink.htm
O8 - Extra context menu item: &使用迅雷下載 - C:\Program Files\Thunder Network\Thunder\BHO\geturl.htm
O8 - Extra context menu item: &使用迅雷下載全部鏈接 - C:\Program Files\Thunder Network\Thunder\BHO\GetAllUrl.htm
O8 - Extra context menu item: &使用迅雷離線下載 - C:\Program Files\Thunder Network\Thunder\BHO\OfflineDownload.htm
O8 - Extra context menu item: 匯出至 Microsoft Excel(&X) - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: Site Finder - {CCC7B152-1D8C-11E3-B2AD-F3EF3D58318D} - C:\Program Files\SiteFinder\SiteFinder.dll
O9 - Extra button: BitComet - {D18A0B52-D63C-4ed0-AFC6-C1E3DC1AF43A} - res://Z:\BitComet\tools\bitcometbho.dll/206 (file missing)
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\program files\youku\youkuclient\ikutm.dll
O10 - Unknown file in Winsock LSP: c:\program files\youku\youkuclient\ikutm.dll
O10 - Unknown file in Winsock LSP: c:\program files\youku\youkuclient\ikutm.dll
O12 - Plugin for .UVR: C:\Program Files\Internet Explorer\Plugins\NPUPano.dll
O15 - ESC Trusted Zone: http://*.update.microsoft.com
O17 - HKLM\System\CCS\Services\Tcpip\..\{13CB4888-2EE2-4283-BFFC-FCF6977E99A3}: NameServer = 8.8.8.8 8.8.4.4
O17 - HKLM\System\CS1\Services\Tcpip\..\{13CB4888-2EE2-4283-BFFC-FCF6977E99A3}: NameServer = 8.8.8.8 8.8.4.4
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: Afa Card Reader Service (AfaService) - Unknown owner - C:\WINDOWS\system32\afasrv32.exe (file missing)
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: BlueStacks Android Service (BstHdAndroidSvc) - BlueStack Systems, Inc. - C:\Program Files\BlueStacks\HD-Service.exe
O23 - Service: BlueStacks Log Rotator Service (BstHdLogRotatorSvc) - BlueStack Systems, Inc. - C:\Program Files\BlueStacks\HD-LogRotatorService.exe
O23 - Service: BlueStacks Updater Service (BstHdUpdaterSvc) - BlueStack Systems, Inc. - C:\Program Files\BlueStacks\HD-UpdaterService.exe
O23 - Service: Comodo Application Agent (CmdAgent) - COMODO - C:\Program Files\Comodo\Firewall\cmdagent.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.EXE
O23 - Service: Google更新 服務 (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google更新 服務 (gupdatem) (gupdatem) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: VIA Karaoke digital mixer Service (KaraokeService) - VIA Technologies, Inc. - C:\WINDOWS\system32\KaraokeSer.exe
O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe
O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
O23 - Service: PLFlash DeviceIoControl Service - Prolific Technology Inc. - C:\WINDOWS\system32\IoctlSvc.exe
O23 - Service: RealNetworks Downloader Resolver Service - Unknown owner - C:\Program Files\RealNetworks\RealDownloader\rndlresolversvc.exe
O23 - Service: Skype Updater (SkypeUpdate) - Skype Technologies - C:\Program Files\Skype\Updater\Updater.exe

--
End of file - 12331 bytes

lutunhsiang 2014-06-02 08:23 PM

樓主使用Comodo官方出版之免費掃毒光碟掃描所有硬碟區呢??
http://www.comodo.com/business-secur...escue-disk.php

ppp0600 2014-06-02 10:13 PM

只查到這個
http://removespyware.virusremovals.o...nloader-zy-trj

用SpyHunter 似乎可以移除

getter 2014-06-02 11:58 PM

有試過 【下載】efix最新版!----台灣較常見惡意程式




http://www.azofreeware.com/2013/04/d...-20130413.html

引用:

作者: 猜謎人 (文章 2330267)
只要一開火狐狸視窗


http://i171.photobucket.com/albums/u287/sad_jellyfish/net-pic/1_zps5d75ddfe.jpg

連防毒也是有舊版的感覺 ... (avast4)

現在都已經是 avast! 2014

猜謎人 2014-06-03 08:51 AM

啊就懶的更新啊:on_14::on_14:

昨天間諜獵人抓錯

需要買的

今天試試免費的

猜謎人 2014-06-03 11:19 AM

間諜獵人

沒效:on_03:

猜謎人 2014-06-03 11:21 AM

而且我的火狐狸無法開新分頁:on_44:

米奇 2014-06-03 12:22 PM

JS : Downloader-ZY 程式名稱相當有意思
手動清看看
:on_79:

猜謎人 2014-06-03 01:30 PM

有空來菸酒菸酒一下:on_85:

猜謎人 2014-06-03 06:58 PM

引用:

作者: 米奇 (文章 2330302)
JS : Downloader-ZY 程式名稱相當有意思
手動清看看
:on_79:

米奇啊

工作管理員的處理程序中根本不知哪個程式和JS : Downloader-ZY有關啊:on_88:

lutunhsiang 2014-06-03 07:11 PM

樓主當初win7那100MB系統分割區與C槽有無使用再生龍備份下來,建議乾脆還原回去最快

米奇 2014-06-03 07:36 PM

引用:

作者: 猜謎人 (文章 2330318)
米奇啊

工作管理員的處理程序中根本不知哪個程式和JS : Downloader-ZY有關啊:on_88:

喔!~
那是第一部曲,叫出工作管理員是把正在運行的可疑城市
ㄟ..可疑程式結束

接下來咱繼續菸酒菸酒

getter 2014-06-03 08:17 PM

有些是特定網頁的連結 ... 指向病毒 ...,如猜老這張圖片的,連結 ...

迪西除了 IE 外,另 Opera、Chrome,Firefox 是最近測試才安裝上去的

主要是使用 Opera 為主,其他的為輔助 ...

迪西剛剛以 Opera 測試 ...

如果是 http://utils.cdneurope.com/ 顯示 403 但是如那張圖完整貼上去

http://utils.cdneurope.xxx/js/mo.js 馬上被 avast! 攔截 出現病毒 ...

並且 Firefox 被喚醒 ...

http://s25.postimg.org/b8551dcxp/mojs.png

那迪西推測病毒本身就是,那個 mo.js ... 並且被寄生在 瀏覽器的快取資料夾以其使用者資了料夾中

可以先試著把防毒軟體升級到最新版本 ... 在全系統檢測看看 ...

不行的話 ... 就要移除 Firefox 重新安裝了 ...

除了正常的移除外 ...

還需要以手動對以下路徑位置作刪除 ... 刪除完畢後 ... 重新開記再安裝 Firefox

%ProgramFiles%\Mozilla Firefox
%ProgramFiles%\Mozilla Maintenance Service
%APPDATA%\Mozilla
%USERPROFILE%\Local Settings\Application Data\Mozilla

猜謎人 2014-06-03 08:22 PM

http://i171.photobucket.com/albums/u287/sad_jellyfish/net-pic/672A547D540D-2_zpscbf158e2.jpg

這是我的工作管理員

來菸酒菸酒吧

格魯 2014-06-03 08:23 PM

引用:

作者: 米奇 (文章 2330324)
喔!~
那是第一部曲,叫出工作管理員是把正在運行的可疑城市
ㄟ..可疑程式結束

接下來咱繼續菸酒菸酒


接下來叫出隱藏檔案,「顯示隱藏」檔案
將以下路徑內
%Documents and Settings%\[UserName]\Application Data\[random]
%AllUsersProfile%\Application Data\.dll
%AllUsersProfile%\Application Data\.exe
%AllUsersProfile%\random.exe
%AppData%\Roaming\Microsoft\Windows\Templates\random.exe
%Temp%\random.exe

然後叫出註冊機「regedit」,將以下機碼刪除

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run “[RANDOM]”
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run “[RANDOM].exe”


所有時間均為台北時間。現在的時間是 01:19 AM

Powered by vBulletin® 版本 3.6.8
版權所有 ©2000 - 2025, Jelsoft Enterprises Ltd.

『服務條款』

* 有問題不知道該怎麼解決嗎?請聯絡本站的系統管理員 *


SEO by vBSEO 3.6.1