求助 - 發現 svchost.exe

[anes183]

--------------------
閱讀本主題的最佳解答
--------------------


小弟使用 windows XP SP2 作業系統，防毒軟體使用 Kaspersky Internet Security 6.0，病毒碼正常更新，最近偵測出於C:\Windows\svchost.exe 有感染特洛伊木馬程式。多次手動清除，開機後又發現它的存在，請問有誰知道如何清除，它又是如何產生的。

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 下午 08:53:47, on 2008/3/30
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 6.0\avp.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Common Files\InterVideo\DeviceService\DevSvc.exe
C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
D:\Program Files\CyberLink\MediaServer\Kernel\DMS\CLMSServer.exe
C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe
C:\Program Files\Common Files\EPSON\EBAPI\eEBSVC.exe
C:\Program Files\USB LOCK AP\klpsrvc.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\Program Files\Raxco\PerfectDisk\PDAgent.exe
C:\Program Files\USB LOCK AP\svchost.exe
C:\WINDOWS\system32\PSIService.exe
C:\Program Files\CyberLink\Shared Files\RichVideo.exe
C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\Tablet.exe
C:\Program Files\Unlocker\UnlockerAssistant.exe
C:\PROGRA~1\PHASEO~1\CAPTUR~1\DCIMImp.exe
C:\WINDOWS\System32\igfxtray.exe
C:\WINDOWS\System32\hkcmd.exe
C:\WINDOWS\System32\igfxpers.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\PROGRA~1\Sony\SONICS~1\SsAAD.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\fppdis3a.exe
C:\Program Files\Common Files\Ulead Systems\AutoDetector\monitor.exe
C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 6.0\avp.exe
D:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\PROGRA~1\Win2\Keyboard\Ikeymain.exe
C:\Program Files\Win2\Mouse\Amoumain.exe
D:\Program Files\CyberLink\MagicSports\Kernel\MagicSports\MSPMirage.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe
C:\Program Files\SimpleCenter\bin\win\sclauncher.exe
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
J:\Download\TOOLS\Hard Drive Inspector v2.61 build 441\HDInspector.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\ITE\ITE IT8212 ATA RAID Controller\RaidMgr.exe
C:\WINDOWS\pdfviewer.exe
C:\Program Files\Raxco\PerfectDisk\PDEngine.exe
C:\Program Files\Corel\Corel MediaOne\Corel Photo Downloader.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\svchost.exe
C:\Program Files\Common Files\Sony Shared\AVLib\SSScsiSV.exe
c:\program files\common files\installshield\updateservice\isuspm.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Microsoft ActiveSync\wcescomm.exe
C:\Program Files\Messenger\msmsgs.exe
D:\Program Files\BitComet\BitComet.exe
C:\PROGRA~1\MICROS~4\rapimgr.exe
C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Common Files\InstallShield\UpdateService\agent.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe
C:\Program Files\Realtek RTL8187 Wireless Network Driver and Utility\RtlWake.exe
C:\WINDOWS\system32\Wtablet\TabUserW.exe
C:\PPENSB\Win32\PPSHELL.exe
C:\PPENSB\Win32\PENKEYBD.EXE
C:\Program Files\Skype\Plugin Manager\SkypePM.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosA2dp.exe
C:\Program Files\Sony\Sony Picture Utility\VolumeWatcher\SPUVolumeWatcher.exe
C:\Program Files\NextLink\GOGOBOX\GFSCAgent.exe
C:\Program Files\Microsoft Office\Office10\msoffice.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHsp.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\tosOBEX.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\tosBtProc.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\WINDOWS\system32\conime.exe
C:\WINDOWS\explorer.exe
C:\Program Files\YourWare Solutions\FreeRAM XP Pro\FreeRAM XP Pro.exe
D:\Program Files\freegrab 1.2.3.4.1 download\FreeGrab.exe
D:\Program Files\Symbols\Symbols.exe
C:\Program Files\Common Files\ACD Systems\ACDSeeMC.exe
C:\Program Files\FlashGet2005v1.81\FLASHGET.EXE
J:\Download\TOOLS\HiJackThis.exe

R3 - URLSearchHook: Yahoo!奇摩捷徑列 - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\yt.dll
O1 - Hosts: 127.255.255.255 serial.alcohol-soft.com
O1 - Hosts: 127.255.255.255 www.alcohol-soft.com
O1 - Hosts: 127.255.255.255 images.alcohol-soft.com
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: IeCatch5 Class - {2F364306-AA45-47B5-9F9D-39A8B94E7EF7} - C:\PROGRA~1\FLASHG~1.81\jccatch.dll
O2 - BHO: BitComet ClickCapture - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - D:\Program Files\BitComet\tools\BitCometBHO_1.1.11.30.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: FCBHOBHO Class - {8B3868B4-EBA8-48FA-A19B-E1DFB99066FA} - C:\Program Files\FlashCapture\fcbho.dll
O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll
O2 - BHO: ALiBaBar_Helper - {CE439C63-384A-747A-A357-23D96B5D652B} - C:\PROGRA~1\ALiBaBar\ALiBaBar.dll
O3 - Toolbar: ALiBaBar - {0A1375E1-56C2-11D6-8E45-8933A0FB5235} - C:\PROGRA~1\ALiBaBar\ALiBaBar.dll
O3 - Toolbar: FlashGet Bar - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - C:\PROGRA~1\FLASHG~1.81\FGIEBAR.DLL
O3 - Toolbar: HostranBar - {88F2B391-8D09-4c0e-9824-5ECD0F382f66} - C:\WINDOWS\Hostran\HostranBar.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: &Save Flash - {4064EA35-578D-4073-A834-C96D82CBCF40} - C:\Program Files\Save Flash\SaveFlash.dll
O3 - Toolbar: Yahoo!奇摩捷徑列 - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\yt.dll
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [UnlockerAssistant] "C:\Program Files\Unlocker\UnlockerAssistant.exe"
O4 - HKLM\..\Run: [Phase One Media Reader] C:\PROGRA~1\PHASEO~1\CAPTUR~1\DCIMImp.exe /noscan /CheckAutoStart
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\System32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\System32\igfxpers.exe
O4 - HKLM\..\Run: [ISUSPM Startup] "c:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [SsAAD.exe] C:\PROGRA~1\Sony\SONICS~1\SsAAD.exe
O4 - HKLM\..\Run: [pdfFactory Pro 分派器 v3] "C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\fppdis3a.exe" /source=HKLM
O4 - HKLM\..\Run: [Ulead AutoDetector v2] C:\Program Files\Common Files\Ulead Systems\AutoDetector\monitor.exe
O4 - HKLM\..\Run: [kis] "C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 6.0\avp.exe"
O4 - HKLM\..\Run: [RemoteControl] "D:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [LanguageShortcut] "D:\Program Files\CyberLink\PowerDVD\Language\Language.exe"
O4 - HKLM\..\Run: [iKeyWorks] C:\PROGRA~1\Win2\Keyboard\Ikeymain.exe
O4 - HKLM\..\Run: [WheelMouse] C:\Program Files\Win2\Mouse\Amoumain.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [MSPService] D:\Program Files\CyberLink\MagicSports\Kernel\MagicSports\MSPMirage.exe
O4 - HKLM\..\Run: [ClubBox] "C:\Program Files\NextLink\GOGOBOX\gogobox.exe" -l
O4 - HKLM\..\Run: [SkyTel] SkyTel.EXE
O4 - HKLM\..\Run: [UVS11 Preload] D:\Program Files\Ulead Systems\Ulead VideoStudio 11\uvPL.exe
O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [Acrobat Assistant 8.0] "C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe"
O4 - HKLM\..\Run: [sclauncher] C:\Program Files\SimpleCenter\bin\win\sclauncher.exe
O4 - HKLM\..\Run: [NSLauncher] C:\Program Files\Nokia\Nokia Software Launcher\NSLauncher.exe /startup
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [HDInspector.exe] J:\Download\TOOLS\Hard Drive Inspector v2.61 build 441\HDInspector.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [RaidManager] C:\Program Files\ITE\ITE IT8212 ATA RAID Controller\RaidMgr.exe
O4 - HKLM\..\Run: [pdf_pro] C:\WINDOWS\pdfviewer.exe
O4 - HKLM\..\Run: [Corel Photo Downloader] "C:\Program Files\Corel\Corel MediaOne\Corel Photo Downloader.exe" -startup
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [FreeRAM XP] "C:\Program Files\YourWare Solutions\FreeRAM XP Pro\FreeRAM XP Pro.exe" -win
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\wcescomm.exe"
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [BitComet] "D:\Program Files\BitComet\BitComet.exe" /tray
O4 - HKUS\S-1-5-19\..\Run: [ctfmon.exe] C:\WINDOWS\System32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [ctfmon.exe] C:\WINDOWS\System32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [ctfmon.exe] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunOnce: [IETI] C:\Program Files\Skype\Phone\IEPlugin\unins000.exe /VERYSILENT /SUPPRESSMSGBOXES /NORESTART (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [ctfmon.exe] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunOnce: [IETI] C:\Program Files\Skype\Phone\IEPlugin\unins000.exe /VERYSILENT /SUPPRESSMSGBOXES /NORESTART (User 'Default user')
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: &使用BitComet下載本頁視訊 - res://D:\Program Files\BitComet\BitComet.exe/AddVideo.htm
O8 - Extra context menu item: Save F&lash with FlashCapture - res://C:\Program Files\FlashCapture\fciext.dll/FCIEXT.htm
O8 - Extra context menu item: 使用 FlashGet 下載 - C:\Program Files\FlashGet2005v1.81\jc_link.htm
O8 - Extra context menu item: 使用BitComet下載全部連結 - res://D:\Program Files\BitComet\BitComet.exe/AddAllLink.htm
O8 - Extra context menu item: 使用BitComet下載連結(&B) - res://D:\Program Files\BitComet\BitComet.exe/AddLink.htm
O8 - Extra context menu item: 全部使用 FlashGet 下載 - C:\Program Files\FlashGet2005v1.81\jc_all.htm
O8 - Extra context menu item: 剪貼簿文字: 簡 > 繁 - res://C:\Program Files\ALiBaBar\ALiBaBar.dll/RT_HTML/ClipToTrad
O8 - Extra context menu item: 剪貼簿文字: 繁 > 簡 - res://C:\Program Files\ALiBaBar\ALiBaBar.dll/RT_HTML/ClipToSim
O8 - Extra context menu item: 加入到電子筆記薄 - D:\eNotebook\GetNoteFromIE.htm
O8 - Extra context menu item: 加入所有鏈接到電子筆記簿 - D:\eNotebook\ENBGetAll.htm
O8 - Extra context menu item: 加入選擇部分的所有鏈接到電子筆記簿 - D:\eNotebook\ENBGetSelAll.htm
O8 - Extra context menu item: 匯出至 Microsoft Excel(&X) - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: 網頁: [簡體] 顯示 - res://C:\Program Files\ALiBaBar\ALiBaBar.dll/RT_HTML/PageToSim
O8 - Extra context menu item: 網頁: [繁體] 顯示 - res://C:\Program Files\ALiBaBar\ALiBaBar.dll/RT_HTML/PageToTrad
O8 - Extra context menu item: 轉換到現有 PDF - res://C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: 轉換為 Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: 轉換連結目標到現有 PDF - res://C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: 轉換連結目標為 Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: 轉換選定的連結到現有 PDF - res://C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: 轉換選定的連結為 Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: 轉換選擇內容到現有 PDF - res://C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: 轉換選擇內容為 Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: 附加至現有 PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java 主控台 - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: 網路監控 - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 6.0\scieplugin.dll
O9 - Extra button: 傳送至 OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: 傳送至 OneNote(E) - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~4\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~4\INetRepl.dll
O9 - Extra 'Tools' menuitem: 建立行動最愛... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~4\INetRepl.dll
O9 - Extra button: FlashCapture - {753BBC4B-CC73-4fb8-A5B5-CA09C804C1DD} - C:\Program Files\FlashCapture\fciext.dll
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: BitComet - {D18A0B52-D63C-4ed0-AFC6-C1E3DC1AF43A} - res://D:\Program Files\BitComet\tools\BitCometBHO_1.1.11.30.dll/206 (file missing)
O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\PROGRA~1\FLASHG~1.81\FLASHGET.EXE
O9 - Extra 'Tools' menuitem: &FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\PROGRA~1\FLASHG~1.81\FLASHGET.EXE
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

[plunderer]

http://forum.slime.com.tw/thread208952.html

快補上吧, 不然會罰金幣

[anes183]

接上面
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O12 - Plugin for .UVR: C:\Program Files\Internet Explorer\Plugins\NPUPano.dll
O16 - DPF: {014670D1-5B6D-4AB9-BA83-3903E9B18891} (NowCAFE Control) - http://www.gogobox.com.tw/neo.fld/GNowCAFE.cab
O16 - DPF: {072039AB-2117-4ED5-A85F-9B9EB903E021} (NowStarter Control) - http://www.clubbox.co.kr/neo.fld/NowStarter.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {49FF48D8-9406-4644-AC6B-C9A3389F1915} (TWEnroll Class) - http://ra.capital.com.tw/TwEnroll5.cab
O16 - DPF: {62789780-B744-11D0-986B-00609731A21D} (Autodesk MapGuide ActiveX Control) - http://202.39.225.126/emap/mgaxctrl.cab
O16 - DPF: {7AD348C0-76CD-4FC0-B514-1CDD2F767212} (GTDControl Control) - http://www.camangi.com/GTD/GTD.cab
O16 - DPF: {A22B8FD2-4CAA-4EFB-82F7-680CD656D9B0} (NowStarter Control) - http://www.gogobox.com.tw/neo.fld/GNowStarter.cab
O16 - DPF: {C7BD467B-0B38-442F-840F-3F048E7F6005} (RootKeyDistributor Class) - http://grca.nat.gov.tw/pse/CHTPKI_PSE.cab
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe (file missing)
O23 - Service: avast! Antivirus - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashServ.exe (file missing)
O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe (file missing)
O23 - Service: Kaspersky Internet Security 6.0 (AVP) - Kaspersky Lab - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 6.0\avp.exe
O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Capture Device Service - InterVideo Inc. - C:\Program Files\Common Files\InterVideo\DeviceService\DevSvc.exe
O23 - Service: ConfigFree Service (CFSvcs) - TOSHIBA CORPORATION - C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
O23 - Service: CyberLink Media Server Service - CyberLink - D:\Program Files\CyberLink\MediaServer\Kernel\DMS\CLMSServer.exe
O23 - Service: Diskeeper - Diskeeper Corporation - C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe
O23 - Service: EpsonBidirectionalService - Unknown owner - C:\Program Files\Common Files\EPSON\EBAPI\eEBSVC.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod 服務 (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: klpsrvc - Advanced Systems International SAC - C:\Program Files\USB LOCK AP\klpsrvc.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: MSCSPTISRV - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\MSCSPTISRV.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: PACSPTISVR - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\PACSPTISVR.exe
O23 - Service: PDAgent - Raxco Software, Inc. - C:\Program Files\Raxco\PerfectDisk\PDAgent.exe
O23 - Service: PDEngine - Raxco Software, Inc. - C:\Program Files\Raxco\PerfectDisk\PDEngine.exe
O23 - Service: ProtexisLicensing - Unknown owner - C:\WINDOWS\system32\PSIService.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe
O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\pctsAuxs.exe
O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\pctsSvc.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe
O23 - Service: SonicStage SCSI Service (SSScsiSV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SSScsiSV.exe
O23 - Service: StarWind iSCSI Service (StarWindService) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
O23 - Service: TabletService - Wacom Technology, Corp. - C:\WINDOWS\System32\Tablet.exe

--
End of file - 21572 bytes

[plunderer]

O23 - Service: klpsrvc - Advanced Systems International SAC - C:\Program Files\USB LOCK AP\klpsrvc.exe

勾選並修復上述項目, 重新開機, 刪除下列檔案:
C:\WINDOWS\svchost.exe
C:\Program Files\USB LOCK AP\整個目錄

[anes183]

遵照指示，仍然無法解決問題。

[plunderer]

那就表示是某個開機啟動項釋放出 C:\WINDOWS\svchost.exe
但你的開機啟動項太多, 不易判斷哪個是可疑的

不過 KIS 6.0 有前攝防護功能, 若執行程式時有可疑可疑的行為, KIS 會攔截到的
除非 KIS 跳出詢問視窗時,你放行了, 並讓 KIS 建立了該程式"允許" 的規則

既然裝 KIS, 就好好善用

[anes183]

您的意思是有前攝防護功能，可以讓 KIS 建立了該程式"允許" 的規則，一有問題kaspersky 還是會做適當的處理？

[plunderer]

KIS 初始狀態下, 任何程式有可疑動作, KIS 會彈出視窗, 詢問 "允許" 或 "拒絕"

不過一旦 "允許"並加入到 KIS 規則内, 相同清況下以後就不會再提示了

你的情況是某程式偷偷釋放出 C:\WINDOWS\svchost.exe, 理論上 KIS 會攔截到, 可能是你沒注意或是你誤讓 KIS 建立了允許該可疑程式的規則, 所以沒有提示

建議你卸載 KIS, 再重新安裝, 然後注意 KIS 每個彈出的提示, 看執行哪個程式時釋放出C:\WINDOWS\svchost.exe

[anes183]

了解！謝謝，我將嘗試照著做做看。

[tungta]

我是用下列這個檔案掃過之後就清除了，你可以試試看

自動刪除系統常駐病毒與清除電腦系統碟垃圾：
http://www.badongo.com/file/8545830
http://www.mediafire.com/?yxbkdgygngt