求助 - 開機後事件檢視器出現系統錯誤問題?

[hyh0128]

--------------------
閱讀本主題的最佳解答
--------------------


小弟昨天中了autorun病毒,每次開機進入作業系統後,在事件檢視器內都會出現系統資訊錯誤訊息,顯示內容如下:
來源:Service Control Manager,事件ID:7009,描述:Windows_XP 服務連線的等候逾時 (30000 毫秒)。另外也出現硬碟無法用滑鼠雙擊左鍵開啟,此問題已遵照板上前輩方法順利解決,有關事件檢視器內系統錯誤問題,懇請各位前輩幫忙,謝謝!

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 下午 12:01:16, on 2008/4/8
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
C:\WINDOWS\system32\svchost.exe
C:\program files\internet explorer\IEXPLORE.EXE
C:\WINDOWS\system32\nvraidservice.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
F:\電腦紀錄檔\HiJackThis.exe

O1 - Hosts: 221.5.48.126 nprotect.lineage2.com.tw
O1 - Hosts: 221.5.48.126 update.nProtect.net
O1 - Hosts: 221.5.48.126 update.nProtect.com
O1 - Hosts: 127.255.255.255 serial.alcohol-soft.com
O2 - BHO: flashget urlcatch - {2F364306-AA45-47B5-9F9D-39A8B94E7EF7} - C:\Program Files\FlashGet\jccatch.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: FlashGet GetFlash Class - {F156768E-81EF-470C-9057-481BA8380DBA} - C:\Program Files\FlashGet\getflash.dll
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [NVRaidService] C:\WINDOWS\system32\nvraidservice.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RunDLL32.exe NvMCTray.dll,NvTaskbarInit
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [AlcoholAutomount] "C:\Program Files\Alcohol Soft\Alcohol 120\axcmd.exe" /automount
O4 - HKUS\S-1-5-19\..\Run: [ctfmon.exe] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [ctfmon.exe] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe (User 'Default user')
O8 - Extra context menu item: &使用 FlashGet 下載 - C:\Program Files\FlashGet\jc_link.htm
O8 - Extra context menu item: &使用BitComet下載本頁視頻 - res://C:\Documents and Settings\yhy\桌面\Bitcomet085\BCMAX085Final\BitComet.exe/AddVideo.htm
O8 - Extra context menu item: &全部使用 FlashGet 下載 - C:\Program Files\FlashGet\jc_all.htm
O8 - Extra context menu item: 下載編碼內容(&D.S.Lite) - F:\FTP\DSLite2.07\DSLite 2.07 #44\dl_text.html
O8 - Extra context menu item: 下載編碼檔案內容(&D.S.Lite) - F:\FTP\DSLite2.07\DSLite 2.07 #44\dl_url.html
O8 - Extra context menu item: 使用BitComet下載全部鏈接 - res://C:\Documents and Settings\yhy\桌面\Bitcomet085\BCMAX085Final\BitComet.exe/AddAllLink.htm
O8 - Extra context menu item: 使用BitComet下載鏈接(&B) - res://C:\Documents and Settings\yhy\桌面\Bitcomet085\BCMAX085Final\BitComet.exe/AddLink.htm
O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\Program Files\FlashGet\FlashGet.exe
O9 - Extra 'Tools' menuitem: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\Program Files\FlashGet\FlashGet.exe
O9 - Extra button: D.S.Lite - {F8475519-8412-4D40-A46E-692D9D04DF7F} - F:\FTP\DSLite2.07\DSLite 2.07 #44\DSLite.exe
O9 - Extra 'Tools' menuitem: &D.S.Lite - {F8475519-8412-4D40-A46E-692D9D04DF7F} - F:\FTP\DSLite2.07\DSLite 2.07 #44\DSLite.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {072039AB-2117-4ED5-A85F-9B9EB903E021} (NowStarter Control) - http://www.clubbox.co.kr/neo.fld/NowStarter.cab
O16 - DPF: {0CBF7EDC-17EC-442C-8AE9-5E804707B6CA} (NeffyClient Class) - http://dist.cdnetworks.co.jp/cdndist/neffy/Neffy.cab
O16 - DPF: {0D6709DD-4ED8-40CA-B459-2757AEEF7BEE} (Dldrv2 Control) - http://download.gigabyte.com.tw/object/Dldrv.ocx
O16 - DPF: {193C772A-87BE-4B19-A7BB-445B226FE9A1} (ewidoOnlineScan Control) - http://downloads.ewido.net/ewidoOnlineScan.cab
O16 - DPF: {1E15B1A7-95CA-4377-B893-697CD95951AE} (ClientATXCtrl Control) - http://www.wayi.com.tw/hot/ClientATXCtrl.OCX
O16 - DPF: {55969220-62D5-4DD8-847C-E763CD3CA4C5} (HouseCall 線上掃毒) - http://203.74.210.2/housecall/xscan61.cab
O16 - DPF: {56393399-041A-4650-94C7-13DFCB1F4665} (PSFormX Control) - http://www3.ca.com/securityadvisor/p...n/pestscan.cab
O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - http://cdn.scan.onecare.live.com/res...scbase9602.cab
O16 - DPF: {5F4D222D-5EEE-40A8-8810-5642B4E4F441} (KENCAPI Class) - https://ebank.tcb-bank.com.tw/netban.../FSCAPIATL.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/wind...?1187956017562
O16 - DPF: {67A5F8DC-1A4B-4D66-9F24-A704AD929EEE} (System Requirements Lab) - http://www.nvidia.com/content/Driver...sysreqlab2.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/micr...?1207549171656
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (趨勢科技線上掃毒程式) - http://hisecure.hinet.net/AntiVirus/Xscan53.cab
O16 - DPF: {74DBCB52-F298-4110-951D-AD2FF67BC8AB} (NVIDIA Smart Scan) - http://www.nvidia.com/content/Driver...aSmartScan.cab
O16 - DPF: {7BA7BCE2-D359-4407-82D9-CDF9A74C487A} (DownLoadStub Class) - http://www.hpphoto.com/downloads/DownloadPhotos.cab
O16 - DPF: {81F3CC2E-5F40-41A5-9FCA-6DAAA6051D46} (ClientATXCtrl Control) - http://www.wayi.com.tw/gameup/ClientATXCtrl.CAB
O16 - DPF: {A22B8FD2-4CAA-4EFB-82F7-680CD656D9B0} (NowStarter Control) - http://www.gogobox.com.tw/neo.fld/GNowStarter.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/ms...downloader.cab
O16 - DPF: {B596344E-F60F-42C2-8640-5954EEDBD428} (RegExe Control) - http://rappelz.omg.com.tw/activex/macrowell.cab
O16 - DPF: {C70E8BB2-849B-478E-828E-9F71729C86B2} (ATXWSM Control) - http://download.wayi.com.tw/download/WSM/ATXWSM.cab
O16 - DPF: {DD293932-7E63-48B2-8F3C-7D48FB24067C} (web2003act Control) - http://games.hinet.net/webgame/manual/web2003.ocx
O16 - DPF: {DEE088A3-D877-45CD-BC26-D84B93095B58} (YBRegCheck Control) - http://www.wayi.com.tw/hot/YBRegCheck.ocx
O16 - DPF: {F2CB778F-D663-40F5-AED8-FDB7D1EBD5DF} - http://hero.crazy.com.tw/Game/Hero/launcherherotw.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{8111AB24-83F1-4EF0-A972-3A6E96C1AE83}: NameServer = 168.95.192.1 168.95.1.1
O23 - Service: ASP.NET State Service (aspnet_state) - Unknown owner - C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe (file missing)
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: npkcsvc - INCA Internet Co., Ltd. - C:\WINDOWS\system32\npkcsvc.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: StarWind AE Service (StarWindServiceAE) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
O23 - Service: Windows_XP - Unknown owner - C:\Program Files\Common Files\Microsoft Shared\MSINFO\Backup.exe
O24 - Desktop Component 1: Aqua Real - 7db39a0d-580f-4be9-9195-8bfcd226f6c2

--
End of file - 8060 bytes

[plunderer]

那表示有驅動程式不正常啟動

O23 - Service: npkcsvc - INCA Internet Co., Ltd. - C:\WINDOWS\system32\npkcsvc.exe

勾選並修復上述項目, 重新開機, 刪除C:\WINDOWS\system32\npkcsvc.exe

[GaMNiA]

引用:

作者: hyh0128

O1 - Hosts: 221.5.48.126 nprotect.lineage2.com.tw
O1 - Hosts: 221.5.48.126 update.nProtect.net
O1 - Hosts: 221.5.48.126 update.nProtect.com
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O23 - Service: Windows_XP - Unknown owner - C:\Program Files\Common Files\Microsoft Shared\MSINFO\Backup.exe

那個 Backup.exe 應該不是微軟的正規程式吧...
而且你的 hosts 檔被更改過了，擋住 nProtect 的更新了。

npkcsvc.exe 如果我沒記錯的話，應該不是病毒，而是某些遊戲的保護程式 nProtect...
_http://www.greatis.com/appdata/a/n/npkcsvc.exe.htm

[hyh0128]

引用:

作者: GaMNiA

那個 Backup.exe 應該不是微軟的正規程式吧...

謝謝兩位前輩幫忙,修復這個Backup.exe後,問題已獲得解決,關於那個np的程式是小弟玩某線上遊戲私服用的,再次感謝兩位前輩不吝解惑,謝謝!