求助 - 電腦白痴shimano中毒請求協助part1-2

shimano · 2009-12-04, 10:39 PM

各位大大,我的電腦中毒了,原本是用vista系統,前二天要去請坊間可以重灌時,將備份的資料存入了一個隨身硬碟裡,結果可能是這樣就掃了一堆毒出來,公司重灌了xp 系統,我的系統資料如下:microsoft windows xp professional version 2002 service pack3 電腦intel(r) core(tm) 2 duo cpu e7200 @2.5ghz 2.53ghz,1.99gb的ram
授權給 test user test computer 76483-640-08***925-****** 對不起第一次發文,我又是個對電腦系統不了解的女生,以上資料如果有不必要的資訊,也請見諒,因我想說,也許這些資料或許對我的問題的解決有些許幫助.
以下是我用版內軟體掃描過後的資料,請各位幫我判讀一下,並且告訴我應該如何處理,念在我是電腦白痴,請各位用詳細的解說跟步驟教導我處理,如果真的不行,那告訴我重灌也没關係,只是我想知道我究竟是那裡出錯了,我下次使用電腦時會更改我的習慣,儘量避免同樣的事情發生.shimno在此先謝謝大家撥空的協助!
前二天電腦公司幫我裝的防毒軟體是"avast"4.8專業版以及vrdb病毒復原資料庫,我每次都會做更新,但那個vrdb我不知道如何使用.

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 下午 09:13:35, on 2009/12/4
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.5730.0013)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\ESW\Master.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\cisvc.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\Windows Live\Contacts\wlcomm.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\cidaemon.exe
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\SCT9OWU0\HiJackThis[1].exe

R3 - URLSearchHook: Yahoo!奇摩捷徑列 - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: Windows Live 登入小幫手 - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O3 - Toolbar: Yahoo!奇摩捷徑列 - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKUS\S-1-5-19\..\Run: [ctfmon.exe] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\RunOnce: [nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [ctfmon.exe] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [ctfmon.exe] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunOnce: [nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [ctfmon.exe] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunOnce: [nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'Default user')
O8 - Extra context menu item: 匯出至 Microsoft Excel(&X) - res://C:\PROGRA~1\MICROS~1\Office12\EXCEL.EXE/3000
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~1\Office12\REFIEBAR.DLL
O9 - Extra button: 網路ATM服務 - {E1056C34-E994-4CF9-AD0A-5BFE96747F8C} - C:\ESW\GoEzoZone.exe
O9 - Extra 'Tools' menuitem: 網路ATM服務 - {E1056C34-E994-4CF9-AD0A-5BFE96747F8C} - C:\ESW\GoEzoZone.exe
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O15 - Trusted Zone: http://*.tsc.com.tw
O15 - Trusted Zone: http://www.ctc.url.tw
O15 - Trusted IP range: http://59.125.12.150
O15 - ESC Trusted Zone: http://*.update.microsoft.com
O16 - DPF: {11B27AD7-BF74-4C5F-99E3-FBB1764D7863} (DisFisc Control) - https://eatm.chb.com.tw/DisFiscOcx.cab
O16 - DPF: {4FCDEAB8-B28E-47E7-8EB5-9260FC173565} (JSwebATM Class) - https://webatm.jihsunbank.com.tw/JSwebATM.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsu...?1259330568484
O16 - DPF: {650BBB86-3D77-49BA-A4B2-2455E44EB031} (PasswordMD5ClientCOMCtrl Class) - https://netbank.chb.com.tw/Security/...5ClientCOM.cab
O16 - DPF: {88B8A9C7-10A1-4535-8EEB-0D875349E5B8} (SendOrder Class) - https://trade.tsc.com.tw/ekey/cab/axekey.cab
O16 - DPF: {8F566902-147A-450F-A492-357155B73836} (DirObj Class) - https://trade.tsc.com.tw/ekey/cab/getdir.cab
O16 - DPF: {9D10CDAC-AD9D-478A-BA49-4924481B20A6} (EnvDetect Class) - http://www.tsc.com.tw/service/CGEnvDetectATL.cab
O16 - DPF: {D431F24F-0D8A-43A2-AB0D-FF6F27DE95A8} (PasswordClientCOMCtrl Class) - https://netbank.chb.com.tw/Security/...dClientCOM.cab
O16 - DPF: {EB8D26BA-9A4C-444C-80D1-1B544F68D797} (XMLSignatureClientCOMCtrl Class) - https://netbank.chb.com.tw/Security/...eClientCOM.cab
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - CACE Technologies - C:\Program Files\WinPcap\rpcapd.exe

--
End of file - 5971 bytes

a471 · 2009-12-04, 11:34 PM

另一篇相關資訊如下..原來那篇移除

另外在avast日誌顯示器有以下資料,我一併po出來:
注意欄:SYSTEM 1436 The virus database VPS 091124-1 was automatically updated.
SYSTEM 1460 The virus database (VPS 091125-0) was automatically updated.
SYSTEM 1392 The virus database (VPS 091125-1) was automatically updated.
SYSTEM 1392 The virus database (VPS 091126-0) was automatically updated.
SYSTEM 1396 The virus database (VPS 091126-1) was automatically updated.
SYSTEM 1392 The virus database (VPS 091127-1) was automatically updated.
SYSTEM 1396 The virus database (VPS 091128-0) was automatically updated.
SYSTEM 1400 The virus database (VPS 091128-2) was automatically updated.
SYSTEM 1432 The virus database (VPS 091129-0) was automatically updated.
SYSTEM 1400 The virus database (VPS 091129-1) was automatically updated.
SYSTEM 1404 The virus database (VPS 091130-0) was automatically updated.
SYSTEM 1396 The virus database (VPS 091130-1) was automatically updated.
SYSTEM 1396 There is a new version of the program available on the Internet.
SYSTEM 1452 There is a new version of the program available on the Internet.
SYSTEM 1460 There is a new version of the program available on the Internet.
SYSTEM 1496 There is a new version of the program available on the Internet.
SYSTEM 1456 There is a new version of the program available on the Internet.
SYSTEM 1456 There is a new version of the program available on the Internet.
SYSTEM 1456 There is a new version of the program available on the Internet.
SYSTEM 1460 There is a new version of the program available on the Internet.
SYSTEM 1460 There is a new version of the program available on the Internet.
Administrator 1876 The virus database (VPS 091203-1) was automatically updated.
在警告欄裏:Administrator 1456 Sign of "Win32

elf-MZG Trj" has been found in "C:\Program Files\Yahoo!\Mini\yjHookUtils.dll" file.
Administrator 3088 Sign of "Win32

elf-MZG [Trj]" has been found in "c:\program files\yahoo!\mini\yminiupdat2.exe" file.
Administrator 1876 Sign of "Win32

elf-MZG [Trj]" has been found in "C:\NEFix\swxcacls.EFix" file.
Administrator 1876 Sign of "Win32

elf-MZG [Trj]" has been found in "C:\NEFix\swreg.EFix\[UPX]" file.
Administrator 1876 Sign of "Win32

elf-MZG [Trj]" has been found in "C:\NEFix\swxcacls.EFix" file.
Administrator 1876 Sign of "Win32

elf-MZG [Trj]" has been found in "C:\NEFix\swreg.EFix\[UPX]" file.
Administrator 1876 Sign of "Win32

elf-MZG [Trj]" has been found in "C:\NEFix\swxcacls.EFix" file.
Administrator 1876 Sign of "Win32

elf-MZG [Trj]" has been found in "C:\NEFix\swreg.EFix\[UPX]" file.
Administrator 2456 Sign of "Win32

elf-MZG [Trj]" has been found in "C:\Documents and Settings\Administrator\桌面\EFix4977(掃隨身碟病毒).exe\NEFix\DUMPHIVE.EFIX" file.
Administrator 2456 Sign of "Win32

elf-MZG [Trj]" has been found in "C:\Documents and Settings\Administrator\桌面\EFix4977(掃隨身碟病毒).exe\NEFix\swreg.EFix\[UPX]" file.
Administrator 2456 Sign of "Win32

elf-MZG [Trj]" has been found in "C:\Documents and Settings\Administrator\桌面\EFix4977(掃隨身碟病毒).exe\NEFix\swxcacls.EFix" file.
Administrator 784 Sign of "Win32

elf-MZG [Trj]" has been found in "F:\Documents and Settings\allen\Application Data\MegauploadToolbar\megauper.exe" file.
Administrator 784 Sign of "Win32

elf-MZG [Trj]" has been found in "F:\ezPeerPlus\DLL\ezPop.exe\[ASProtect]" file.
Administrator 784 Sign of "Win32

elf-MZG [Trj]" has been found in "F:\ezPeerPlus\ezPeerPlus.exe\[ASProtect]\[Embedded_R#EZUPD]\[ASProtect]" file.
Administrator 784 Sign of "Win32

elf-MZG [Trj]" has been found in "F:\ezPeerPlus\SPFix.exe\[ASProtect]" file.
Administrator 784 Sign of "Suela-1042" has been found in "F:\pagefile.sys" file.
Administrator 784 Sign of "Win32:Zbot-MKK [Trj]" has been found in "F:\Program Files\Common Files\Ahead\NAS\nas\NasEditor.nvl" file.
Administrator 784 Sign of "Win32:Zbot-MKK [Trj]" has been found in "F:\Program Files\Common files\Ahead\NAS\vis_nas.dll" file.
Administrator 784 Sign of "Win32

elf-MZG [Trj]" has been found in "F:\Program Files\ezHelper\ezHelper.exe\[ASProtect]" file.
Administrator 784 Sign of "Win32:Zbot-MKK [Trj]" has been found in "F:\Program Files\Nero\Nero 7\Nero PhotoSnap\PhotoEffectsLib.dll" file.
Administrator 784 Sign of "Win32:Zbot-MKK [Trj]" has been found in "F:\Program Files\Nero\Nero 7\Nero Vision\NeVideoFX.dll" file.
Administrator 784 Sign of "Win32:Zbot-MKK [Trj]" has been found in "F:\Program Files\PhotoCap4\PhotoCap.exe" file.
Administrator 784 Sign of "Win32

elf-MZG [Trj]" has been found in "F:\Program Files\Realtek AC97\SoundMan.exe\[Embedded_R#157a0]" file.
Administrator 784 Sign of "Win32

elf-MZG [Trj]" has been found in "F:\Program Files\Spyware Doctor\pctsAuxs.exe" file.
Administrator 784 Sign of "Win32

elf-MZG [Trj]" has been found in "F:\Program Files\Spyware Doctor\rtl100.bpl" file.
Administrator 784 Sign of "Win32

elf-MZG [Trj]" has been found in "F:\Program Files\Spyware Doctor\smumhook.dll" file.
Administrator 784 Sign of "Win32

elf-MZG [Trj]" has been found in "F:\Program Files\Spyware Doctor\Update.exe\[Armadillo]" file.
Administrator 784 Sign of "Win32

elf-MZG [Trj]" has been found in "F:\Program Files\Spyware Doctor\Upgrade.exe" file.
Administrator 784 Sign of "Win32

elf-MZG [Trj]" has been found in "F:\System Volume Information\_restore{40A4DB29-3382-4CAB-A29D-BD6A1B33C4F0}\RP344\A0128164.EXE\[Embedded_R#157a0]" file.
Administrator 784 Sign of "Win32

elf-MZG [Trj]" has been found in "F:\System Volume Information\_restore{40A4DB29-3382-4CAB-A29D-BD6A1B33C4F0}\RP344\A0128253.EXE\[Embedded_R#157a0]" file.
Administrator 784 Sign of "Win32

elf-MZG [Trj]" has been found in "F:\WINDOWS\SOUNDMAN.EXE\[Embedded_R#157a0]" file.
Administrator 784 Sign of "Win32

elf-MZG [Trj]" has been found in "F:\WINDOWS\Temp\OLD76.tmp\[Embedded_R#157a0]" file.
Administrator 784 Sign of "Win32

elf-MZG [Trj]" has been found in "F:\WINDOWS\Temp\soundman.exe\[Embedded_R#157a0]" file.
Administrator 784 Sign of "Win32

elf-MZG [Trj]" has been found in "G:\RECYCLER\S-1-5-21-1801674531-1770027372-1417001333-500\Dg20\Refresh.exe" file.
Administrator 784 Sign of "Win32

elf-MZG [Trj]" has been found in "G:\SSC Service Utility\ssc_serv.exe\[ASProtect]" file.
Administrator 784 Sign of "Win32

elf-MZG [Trj]" has been found in "C:\Documents and Settings\Administrator\Local Settings\Application Data\Downloaded Installations\{D647E6DF-D2DD-454C-BAF3-DEBB48E83E45}\ACDSee 10 (Traditional Chinese).msi\Binary.YTB\$PLUGINSDIR\$PLUGINSDIR\MoreInfo.dll" file.
Administrator 784 Sign of "Win32:Adware-gen [Adw]" has been found in "C:\Documents and Settings\Administrator\Local Settings\Application Data\Downloaded Installations\{D647E6DF-D2DD-454C-BAF3-DEBB48E83E45}\ACDSee 10 (Traditional Chinese).msi\Binary.NewBinary5\$SHELL[17]\IdnKw\$R0\[Embedded_I#08040]" file.
Administrator 784 Sign of "Win32

elf-MZG [Trj]" has been found in "C:\NEFix\DUMPHIVE.EFIX" file.
Administrator 784 Sign of "Win32

elf-MZG [Trj]" has been found in "C:\Program Files\Yahoo!\Mini\ytb_7.0.8.0_1.4.1_ysp_1.2_pub_tw_setup_.exe\$_OUTDIR\$PLUGINSDIR\MoreInfo.dll" file.
Administrator 784 Sign of "Win32

elf-MZG [Trj]" has been found in "C:\TWEWinner\Cab\KernelBPL.cab\rtl70.bpl" file.
Administrator 784 Sign of "Win32

elf-MZG [Trj]" has been found in "C:\TWEWinner\Cab\PMMServer.cab\PMMServer.exe" file.
Administrator 784 Sign of "Win32

elf-MZG [Trj]" has been found in "C:\WINDOWS\Installer\637bf.msi\Binary.YTB\$PLUGINSDIR\$PLUGINSDIR\MoreInfo.dll" file.
Administrator 784 Sign of "Win32:Adware-gen [Adw]" has been found in "C:\WINDOWS\Installer\637bf.msi\Binary.NewBinary5\$SHELL[17]\IdnKw\$R0\[Embedded_I#08040]" file.
Administrator 784 Sign of "Win32

elf-MZG [Trj]" has been found in "D:\Documents and Settings\allen\Application Data\MegauploadToolbar\downfile\megauper.zip\megauper.exe" file.
Administrator 784 Sign of "Win32

elf-MZG [Trj]" has been found in "F:\Documents and Settings\allen\Application Data\MegauploadToolbar\downfile\megauper.zip\megauper.exe" file.
Administrator 784 Sign of "Win32:Zbot-MKK [Trj]" has been found in "F:\Documents and Settings\allen\Local Settings\Temporary Internet Files\Content.IE5\STIZ8PAJ\PhotoCap421_CH_BIG5[1].exe\PhotoCap.exe" file.
Administrator 784 Sign of "Win32

elf-MZG [Trj]" has been found in "F:\WINDOWS\Downloaded Installations\{71165993-6256-4267-9618-AB7162E8E017}\綜合所得稅電子結算申報繳稅系統.msi\Data1.cab\rtl70.bpl" file.
Administrator 784 Sign of "Win32

elf-MZG [Trj]" has been found in "F:\WINDOWS\Downloaded Installations\{71165993-6256-4267-9618-AB7162E8E017}\綜合所得稅電子結算申報繳稅系統.msi\Data1.cab\Update.exe" file.
Administrator 784 Sign of "Win32

elf-MZG [Trj]" has been found in "F:\WINDOWS\Downloaded Installations\{71165993-6256-4267-9618-AB7162E8E017}\綜合所得稅電子結算申報繳稅系統.msi\Data1.cab\AskServer.exe" file.
Administrator 784 Sign of "Win32

elf-MZG [Trj]" has been found in "F:\WINDOWS\Downloaded Installations\{71165993-6256-4267-9618-AB7162E8E017}\綜合所得稅電子結算申報繳稅系統.msi\Data1.cab\ProxySetup.exe" file.
Administrator 784 Sign of "Win32

elf-MZG [Trj]" has been found in "G:\Drivers\WDM_A404.exe\\WDM\SoundMan.exe\[Embedded_R#157a0]" file.
Administrator 784 Sign of "Win32

elf-MZG [Trj]" has been found in "G:\Drivers\WDM_A404.exe\\WDM\SoundMan.exe" file.
Administrator 2328 Sign of "Win32

elf-MZG [Trj]" has been found in "F:\WINDOWS\Downloaded Installations\{71165993-6256-4267-9618-AB7162E8E017}\綜合所得稅電子結算申報繳稅系統.msi\Data1.cab\rtl70.bpl" file.
Administrator 2328 Sign of "Win32

elf-MZG [Trj]" has been found in "F:\WINDOWS\Downloaded Installations\{71165993-6256-4267-9618-AB7162E8E017}\綜合所得稅電子結算申報繳稅系統.msi\Data1.cab\Update.exe" file.
Administrator 2328 Sign of "Win32

elf-MZG [Trj]" has been found in "F:\WINDOWS\Downloaded Installations\{71165993-6256-4267-9618-AB7162E8E017}\綜合所得稅電子結算申報繳稅系統.msi\Data1.cab\AskServer.exe" file.
Administrator 2328 Sign of "Win32

elf-MZG [Trj]" has been found in "F:\WINDOWS\Downloaded Installations\{71165993-6256-4267-9618-AB7162E8E017}\綜合所得稅電子結算申報繳稅系統.msi\Data1.cab\ProxySetup.exe" file.
Administrator 180 Sign of "Win32

elf-MZG [Trj]" has been found in "F:\WINDOWS\Downloaded Installations\{71165993-6256-4267-9618-AB7162E8E017}\綜合所得稅電子結算申報繳稅系統.msi\Data1.cab\rtl70.bpl" file.
Administrator 180 Sign of "Win32

elf-MZG [Trj]" has been found in "F:\WINDOWS\Downloaded Installations\{71165993-6256-4267-9618-AB7162E8E017}\綜合所得稅電子結算申報繳稅系統.msi\Data1.cab\Update.exe" file.
Administrator 180 Sign of "Win32

elf-MZG [Trj]" has been found in "F:\WINDOWS\Downloaded Installations\{71165993-6256-4267-9618-AB7162E8E017}\綜合所得稅電子結算申報繳稅系統.msi\Data1.cab\AskServer.exe" file.
Administrator 368 Sign of "Win32:Adware-gen [Adw]" has been found in "C:\Documents and Settings\Administrator\Local Settings\Application Data\Downloaded Installations\{D647E6DF-D2DD-454C-BAF3-DEBB48E83E45}\ACDSee 10 (Traditional Chinese).msi\Binary.NewBinary5\$SHELL[17]\IdnKw\$R0\[Embedded_I#08040]" file.
Administrator 368 Sign of "Win32:Adware-gen [Adw]" has been found in "C:\WINDOWS\Installer\637bf.msi\Binary.NewBinary5\$SHELL[17]\IdnKw\$R0\[Embedded_I#08040]" file.
Administrator 368 Sign of "Win32:Adware-gen [Adw]" has been found in "C:\Documents and Settings\Administrator\Local Settings\Application Data\Downloaded Installations\{D647E6DF-D2DD-454C-BAF3-DEBB48E83E45}\ACDSee 10 (Traditional Chinese).msi\Binary.NewBinary5\$SHELL[17]\IdnKw\$R0\[Embedded_I#08040]" file.
Administrator 368 Sign of "Win32:Adware-gen [Adw]" has been found in "C:\WINDOWS\Installer\637bf.msi\Binary.NewBinary5\$SHELL[17]\IdnKw\$R0\[Embedded_I#08040]" file.
Administrator 1712 Function setifaceUpdatePackages() has failed. Return code is 0x000004C7, dwRes is 000004C7.
Administrator 1712 Sign of "Win32:Adware-gen [Adw]" has been found in "C:\Documents and Settings\Administrator\Local Settings\Application Data\Downloaded Installations\{D647E6DF-D2DD-454C-BAF3-DEBB48E83E45}\ACDSee 10 (Traditional Chinese).msi\Binary.NewBinary5\$SHELL[17]\IdnKw\$R0\[Embedded_I#08040]" file.
Administrator 1712 Sign of "Win32:Adware-gen [Adw]" has been found in "C:\WINDOWS\Installer\637bf.msi\Binary.NewBinary5\$SHELL[17]\IdnKw\$R0\[Embedded_I#08040]" file.
Administrator 1712 Sign of "Win32:Shutdowner-AP [Trj]" has been found in "F:\WINDOWS\MEMORY.DMP" file.
Administrator 1712 Sign of "Win32:Adware-gen [Adw]" has been found in "C:\WINDOWS\Installer\637bf.msi\Binary.NewBinary5\$SHELL[17]\IdnKw\$R0\[Embedded_I#08040]" file.
Administrator 1712 Sign of "Win32:Adware-gen [Adw]" has been found in "C:\Documents and Settings\Administrator\Local Settings\Application Data\Downloaded Installations\{D647E6DF-D2DD-454C-BAF3-DEBB48E83E45}\ACDSee 10 (Traditional Chinese).msi\Binary.NewBinary5\$SHELL[17]\IdnKw\$R0\[Embedded_I#08040]" file.
Administrator 1712 Sign of "Win32:Adware-gen [Adw]" has been found in "C:\WINDOWS\Installer\637bf.msi\Binary.NewBinary5\$SHELL[17]\IdnKw\$R0\[Embedded_I#08040]" file.
Administrator 1712 Function setifaceUpdatePackages() has failed. Return code is 0x000004C7, dwRes is 000004C7.
Administrator 1712 Sign of "Win32:Adware-gen [Adw]" has been found in "C:\Documents and Settings\Administrator\Local Settings\Application Data\Downloaded Installations\{D647E6DF-D2DD-454C-BAF3-DEBB48E83E45}\ACDSee 10 (Traditional Chinese).msi\Binary.NewBinary5\$SHELL[17]\IdnKw\$R0\[Embedded_I#08040]" file.
Administrator 1712 Sign of "Win32:Adware-gen [Adw]" has been found in "C:\Program Files\Alwil Software\Avast4\DATA\moved\[Embedded_I#08040]\$SHELL[17]\IdnKw\$R0\[Embedded_I#08040]" file.
Administrator 1712 Sign of "Win32:Adware-gen [Adw]" has been found in "C:\WINDOWS\Installer\637bf.msi\Binary.NewBinary5\$SHELL[17]\IdnKw\$R0\[Embedded_I#08040]" file.
Administrator 1876 Sign of "Win32:Adware-gen [Adw]" has been found in "C:\RECYCLER\S-1-5-21-1801674531-1770027372-1417001333-500\Dc64\$SHELL[17]\IdnKw\$R0\[Embedded_I#08040]" file.
Administrator 1876 Sign of "Win32:Adware-gen [Adw]" has been found in "C:\RECYCLER\S-1-5-21-1801674531-1770027372-1417001333-500\Dc65.2\$SHELL[17]\IdnKw\$R0\[Embedded_I#08040]" file.
Administrator 3084 Sign of "Win32:Adware-gen [Adw]" has been found in "C:\Documents and Settings\Administrator\Local Settings\Application Data\Downloaded Installations\{D647E6DF-D2DD-454C-BAF3-DEBB48E83E45}\ACDSee 10 (Traditional Chinese).msi\Binary.NewBinary5\$SHELL[17]\IdnKw\$R0\[Embedded_I#08040]" file.
Administrator 3084 Sign of "Win32:Adware-gen [Adw]" has been found in "C:\Program Files\Alwil Software\Avast4\DATA\moved\[Embedded_I#08040]\$SHELL[17]\IdnKw\$R0\[Embedded_I#08040]" file.
Administrator 3084 Sign of "Win32:Adware-gen [Adw]" has been found in "C:\WINDOWS\Installer\637bf.msi\Binary.NewBinary5\$SHELL[17]\IdnKw\$R0\[Embedded_I#08040]" file.
Administrator 1876 Sign of "Win32:Adware-gen [Adw]" has been found in "C:\RECYCLER\S-1-5-21-1801674531-1770027372-1417001333-500\Dc71\$SHELL[17]\IdnKw\$R0\[Embedded_I#08040]" file.
Administrator 1876 Sign of "Win32:Adware-gen [Adw]" has been found in "C:\RECYCLER\S-1-5-21-1801674531-1770027372-1417001333-500\Dc72.2\$SHELL[17]\IdnKw\$R0\[Embedded_I#08040]" file.
Administrator 1876 Sign of "Win32:Adware-gen [Adw]" has been found in "C:\RECYCLER\S-1-5-21-1801674531-1770027372-1417001333-500\Dc73.3\$SHELL[17]\IdnKw\$R0\[Embedded_I#08040]" file.
Administrator 1876 Sign of "Win32:Adware-gen [Adw]" has been found in "C:\RECYCLER\S-1-5-21-1801674531-1770027372-1417001333-500\Dc74.4\$SHELL[17]\IdnKw\$R0\[Embedded_I#08040]" file.
Administrator 1876 Sign of "Win32:Adware-gen [Adw]" has been found in "C:\RECYCLER\S-1-5-21-1801674531-1770027372-1417001333-500\Dc75.5\$SHELL[17]\IdnKw\$R0\[Embedded_I#08040]" file.
Administrator 1876 Sign of "Win32:Adware-gen [Adw]" has been found in "C:\RECYCLER\S-1-5-21-1801674531-1770027372-1417001333-500\Dc76.6\$SHELL[17]\IdnKw\$R0\[Embedded_I#08040]" file.
Administrator 1876 Sign of "Win32:Adware-gen [Adw]" has been found in "C:\RECYCLER\S-1-5-21-1801674531-1770027372-1417001333-500\Dc77.vir\$SHELL[17]\IdnKw\$R0\[Embedded_I#08040]" file.
Administrator 1876 Sign of "Win32:Adware-gen [Adw]" has been found in "C:\RECYCLER\S-1-5-21-1801674531-1770027372-1417001333-500\Dc78.vir\$SHELL[17]\IdnKw\$R0\[Embedded_I#08040]" file.
Administrator 1876 Sign of "Win32:Adware-gen [Adw]" has been found in "C:\RECYCLER\S-1-5-21-1801674531-1770027372-1417001333-500\Dc79\$SHELL[17]\IdnKw\$R0\[Embedded_I#08040]" file.
Administrator 1876 Sign of "Win32:Adware-gen [Adw]" has been found in "C:\RECYCLER\S-1-5-21-1801674531-1770027372-1417001333-500\Dc80.2\$SHELL[17]\IdnKw\$R0\[Embedded_I#08040]" file.
Administrator 1876 Sign of "Win32:Adware-gen [Adw]" has been found in "C:\RECYCLER\S-1-5-21-1801674531-1770027372-1417001333-500\Dc81.vir\$SHELL[17]\IdnKw\$R0\[Embedded_I#08040]" file.
Administrator 1876 Sign of "Win32:Adware-gen [Adw]" has been found in "C:\RECYCLER\S-1-5-21-1801674531-1770027372-1417001333-500\Dc82.3\$SHELL[17]\IdnKw\$R0\[Embedded_I#08040]" file.
Administrator 1876 Sign of "Win32:Adware-gen [Adw]" has been found in "C:\RECYCLER\S-1-5-21-1801674531-1770027372-1417001333-500\Dc83.vir\$SHELL[17]\IdnKw\$R0\[Embedded_I#08040]" file.
Administrator 1876 Sign of "Win32:Adware-gen [Adw]" has been found in "C:\RECYCLER\S-1-5-21-1801674531-1770027372-1417001333-500\Dc84.vir\$SHELL[17]\IdnKw\$R0\[Embedded_I#08040]" file.
Administrator 1876 Sign of "Win32:Adware-gen [Adw]" has been found in "C:\RECYCLER\S-1-5-21-1801674531-1770027372-1417001333-500\Dc85.vir\$SHELL[17]\IdnKw\$R0\[Embedded_I#08040]" file.
Administrator 1876 Sign of "Win32:Adware-gen [Adw]" has been found in "C:\RECYCLER\S-1-5-21-1801674531-1770027372-1417001333-500\Dc86.vir\$SHELL[17]\IdnKw\$R0\[Embedded_I#08040]" file.
Administrator 1876 Sign of "Win32:Adware-gen [Adw]" has been found in "C:\RECYCLER\S-1-5-21-1801674531-1770027372-1417001333-500\Dc87.vir\$SHELL[17]\IdnKw\$R0\[Embedded_I#08040]" file.
Administrator 1876 Sign of "Win32:Adware-gen [Adw]" has been found in "C:\RECYCLER\S-1-5-21-1801674531-1770027372-1417001333-500\Dc88.vir\$SHELL[17]\IdnKw\$R0\[Embedded_I#08040]" file.
Administrator 876 Sign of "Win32:Adware-gen [Adw]" has been found in "C:\Documents and Settings\Administrator\Local Settings\Application Data\Downloaded Installations\{D647E6DF-D2DD-454C-BAF3-DEBB48E83E45}\ACDSee 10 (Traditional Chinese).msi\Binary.NewBinary5\$SHELL[17]\IdnKw\$R0\[Embedded_I#08040]" file.
Administrator 876 Sign of "Win32:Adware-gen [Adw]" has been found in "C:\WINDOWS\Installer\637bf.msi\Binary.NewBinary5\$SHELL[17]\IdnKw\$R0\[Embedded_I#08040]" file.
Administrator 876 Sign of "Win32:Adware-gen [Adw]" has been found in "C:\Documents and Settings\Administrator\Local Settings\Application Data\Downloaded Installations\{D647E6DF-D2DD-454C-BAF3-DEBB48E83E45}\ACDSee 10 (Traditional Chinese).msi\Binary.NewBinary5\$SHELL[17]\IdnKw\$R0\[Embedded_I#08040]" file.
Administrator 876 Sign of "Win32:Adware-gen [Adw]" has been found in "C:\WINDOWS\Installer\637bf.msi\Binary.NewBinary5\$SHELL[17]\IdnKw\$R0\[Embedded_I#08040]" file.
Administrator 876 Function setifaceUpdatePackages() has failed. Return code is 0x000004C7, dwRes is 000004C7.
在錯誤欄裏:2009/12/3 下午 04:04:05 Administrator 1876 Error in aswChestS: chest s_NewFile Error 112.
2009/12/3 下午 04:04:05 Administrator 1712 Error in aswChestC: chestAddFile Error 112.
在avast病毒隔離區裡系統檔案及所有隔離區裡有3個是顯示無毒的:
1.kernel32.dll c:\windows\system32 無毒
2.winsock.dll c:\windows\system32 無毒
3.wnsock32.dll c:\windows\system32 無毒
另外,有2個廣告媒體,名稱:win32:adware-gen[adw],我找不到它們的路徑,也不讓我隔離或刪除或增加副檔名移到資料夾中.不曉得還有那些資料我没有提供到的,或者我寫了太多無幫助的訊息,也請跟我講,那也請如以上我所寫的,告訴我以後上網時,針對這份報告,那些地方是我要注意防範調整的,謝謝.

a471 · 2009-12-04, 11:36 PM

avast4.8專業版有誤報情況，可能不是中毒.....

shimano · 2009-12-05, 10:58 AM

先謝謝版區管理員花時間幫我連結另一篇文章,那
1.請問我現在可以做的是用別的防毒軟體再進行掃一次嗎,若是的話可以建議軟體嗎?我的是xp系統,品牌華碩ct5430
2.它avast出現好多[trj]字眼,這應該是所謂的木馬程式病毒對吧?
3.還有那個廣告媒體病毒win32:Adware-gen[Adw]我要移到隔離區或刪除或移到資料夾,都出現操作錯誤的訊息,真的動不了它嗎??

4.還有我需要用cpu-z將系統資料download,po出來嗎?

a471 · 2009-12-05, 04:03 PM

引用:

作者: shimano

先謝謝版區管理員花時間幫我連結另一篇文章,那
1.請問我現在可以做的是用別的防毒軟體再進行掃一次嗎,若是的話可以建議軟體嗎?我的是xp系統,品牌華碩ct5430
2.它avast出現好多[trj]字眼,這應該是所謂的木馬程式病毒對吧?
3.還有那個廣告媒體病毒win32:Adware-gen[Adw]我要移到隔離區或刪除或移到資料夾,都出現操作錯誤的訊息,真的動不了它嗎??

4.還有我需要用cpu-z將系統資料download,po出來嗎?

建議如下
1.我目前建議你先到防毒軟體公司的官網看看你那版本的修正程式，修正它...
(防毒軟體公司凸槌導致大量誤判中讀)

2.如果修正了還有病毒那就可能是真的中毒了....

你先修正軟體先，以後其他再說..

shimano · 2009-12-05, 06:54 PM

引用:

作者: a471

建議如下
1.我目前建議你先到防毒軟體公司的官網看看你那版本的修正程式，修正它...
(防毒軟體公司凸槌導致大量誤判中讀)

2.如果修正了還有病毒那就可能是真的中毒了....

你先修正軟體先，以後其他再說..

謝謝版區管理員快速回覆,我現在馬上處理,稍後再報告結果~shimno

shimano · 2009-12-05, 07:49 PM

親愛的版區管理員,我有去查過我的"關於avast"它顯示的版本如下:
Build:Sep 2009 [4.81368]
x treme Took it 版本1.9.4.0
正在使用Activeskin版本4.2.7.3
VPS(病毒碼)
檔案版本:091205.0

看起來好像已經是最新的版本了,反正我現在就重新再掃一次.

shimano · 2009-12-05, 09:27 PM

版區管理員,我己經掃過了二次,我發現感染的
1.Win32:Adware-gen[adw]我無法刪除也無法移到隔離區,移動/重新命名也不能處理.都出現"操作無法支援這種壓縮檔"這無解了嗎?以下是avast日誌所列的警告名單如下:
2009/12/5 下午 08:40:21 Administrator 1256 Sign of "Win32:Adware-gen [Adw]" has been found in "C:\Documents and Settings\Administrator\Local Settings\Application Data\Downloaded Installations\{D647E6DF-D2DD-454C-BAF3-DEBB48E83E45}\ACDSee 10 (Traditional Chinese).msi\Binary.NewBinary5\$SHELL[17]\IdnKw\$R0\[Embedded_I#08040]" file.
2009/12/5 下午 08:42:48 Administrator 1256 Sign of "Win32:Adware-gen [Adw]" has been found in "C:\Program Files\Alwil Software\Avast4\DATA\moved\[Embedded_I#08040].vir\$SHELL[17]\IdnKw\$R0\[Embedded_I#08040]" file.
2009/12/5 下午 08:45:22 Administrator 1256 Sign of "Win32:Adware-gen [Adw]" has been found in "C:\WINDOWS\Installer\637bf.msi\Binary.NewBinary5\$SHELL[17]\IdnKw\$R0\[Embedded_I#08040]" file.
2009/12/5 下午 08:49:32 Administrator 1484 Sign of "Win32:Adware-gen [Adw]" has been found in "C:\RECYCLER\S-1-5-21-1801674531-1770027372-1417001333-500\Dc25.vir\$SHELL[17]\IdnKw\$R0\[Embedded_I#08040]" file.
2009/12/5 下午 08:49:40 Administrator 1484 Sign of "Win32:Adware-gen [Adw]" has been found in "C:\RECYCLER\S-1-5-21-1801674531-1770027372-1417001333-500\Dc26.vir\$SHELL[17]\IdnKw\$R0\[Embedded_I#08040]" file.
2009/12/5 下午 08:58:24 Administrator 1256 Sign of "Win32:Adware-gen [Adw]" has been found in "C:\Documents and Settings\Administrator\Local Settings\Application Data\Downloaded Installations\{D647E6DF-D2DD-454C-BAF3-DEBB48E83E45}\ACDSee 10 (Traditional Chinese).msi\Binary.NewBinary5\$SHELL[17]\IdnKw\$R0\[Embedded_I#08040]" file.
2009/12/5 下午 09:01:16 Administrator 1484 Sign of "Win32:Adware-gen [Adw]" has been found in "C:\RECYCLER\S-1-5-21-1801674531-1770027372-1417001333-500\Dc27\$SHELL[17]\IdnKw\$R0\[Embedded_I#08040]" file.
2009/12/5 下午 09:01:32 Administrator 1484 Sign of "Win32:Adware-gen [Adw]" has been found in "C:\RECYCLER\S-1-5-21-1801674531-1770027372-1417001333-500\Dc28.vir\$SHELL[17]\IdnKw\$R0\[Embedded_I#08040]" file.
2009/12/5 下午 09:01:41 Administrator 1484 Sign of "Win32:Adware-gen [Adw]" has been found in "C:\RECYCLER\S-1-5-21-1801674531-1770027372-1417001333-500\Dc29.vir\$SHELL[17]\IdnKw\$R0\[Embedded_I#08040]" file.
2009/12/5 下午 09:01:51 Administrator 1484 Sign of "Win32:Adware-gen [Adw]" has been found in "C:\RECYCLER\S-1-5-21-1801674531-1770027372-1417001333-500\Dc30.vir\$SHELL[17]\IdnKw\$R0\[Embedded_I#08040]" file.
2009/12/5 下午 09:01:58 Administrator 1484 Sign of "Win32:Adware-gen [Adw]" has been found in "C:\RECYCLER\S-1-5-21-1801674531-1770027372-1417001333-500\Dc31.vir\$SHELL[17]\IdnKw\$R0\[Embedded_I#08040]" file.
2009/12/5 下午 09:10:07 Administrator 1256 Sign of "Win32:Adware-gen [Adw]" has been found in "C:\WINDOWS\Installer\637bf.msi\Binary.NewBinary5\$SHELL[17]\IdnKw\$R0\[Embedded_I#08040]" file.
2.這次我没有掃那個隨身硬碟,我想直接格式化,請問我該如何做?它的usb連接我的電腦會不會把裡面的病毒再傳到我的電腦裡呢?
3.有三個檔案另外在avast病毒隔離區裡系統檔案及所有隔離區裡有3個我重新掃描是顯示無毒的:
1.kernel32.dll c:\windows\system32 無毒
2.winsock.dll c:\windows\system32 無毒
3.wnsock32.dll c:\windows\system32 無毒
請問這三個檔我要復原它們嗎?

a471 · 2009-12-07, 09:32 AM

等別人替你分析吧...

2009-12-04, 10:39 PM	#1
shimano 註冊會員榮譽勳章勳章總數 UID - 334034 在線等級: 註冊日期: 2009-12-03 文章: 9 精華: 0 現金: 16 金幣資產: 16 金幣	求助 - 電腦白痴shimano中毒請求協助part1-2 各位大大,我的電腦中毒了,原本是用vista系統,前二天要去請坊間可以重灌時,將備份的資料存入了一個隨身硬碟裡,結果可能是這樣就掃了一堆毒出來,公司重灌了xp 系統,我的系統資料如下:microsoft windows xp professional version 2002 service pack3 電腦intel(r) core(tm) 2 duo cpu e7200 @2.5ghz 2.53ghz,1.99gb的ram 授權給 test user test computer 76483-640-08*925-**** 對不起第一次發文,我又是個對電腦系統不了解的女生,以上資料如果有不必要的資訊,也請見諒,因我想說,也許這些資料或許對我的問題的解決有些許幫助. 以下是我用版內軟體掃描過後的資料,請各位幫我判讀一下,並且告訴我應該如何處理,念在我是電腦白痴,請各位用詳細的解說跟步驟教導我處理,如果真的不行,那告訴我重灌也没關係,只是我想知道我究竟是那裡出錯了,我下次使用電腦時會更改我的習慣,儘量避免同樣的事情發生.shimno在此先謝謝大家撥空的協助! 前二天電腦公司幫我裝的防毒軟體是"avast"4.8專業版以及vrdb病毒復原資料庫,我每次都會做更新,但那個vrdb我不知道如何使用. Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 下午 09:13:35, on 2009/12/4 Platform: Windows XP SP3 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.5730.0013) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe C:\Program Files\Alwil Software\Avast4\ashServ.exe C:\WINDOWS\Explorer.EXE C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Windows Live\Messenger\msnmsgr.exe C:\ESW\Master.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\system32\cisvc.exe C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe C:\Program Files\Alwil Software\Avast4\ashWebSv.exe C:\Program Files\Windows Live\Contacts\wlcomm.exe C:\Program Files\Internet Explorer\iexplore.exe C:\WINDOWS\system32\cidaemon.exe C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\SCT9OWU0\HiJackThis[1].exe R3 - URLSearchHook: Yahoo!奇摩捷徑列 - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file) O2 - BHO: Windows Live 登入小幫手 - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O3 - Toolbar: Yahoo!奇摩捷徑列 - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32 O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe" O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background O4 - HKUS\S-1-5-19\..\Run: [ctfmon.exe] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE') O4 - HKUS\S-1-5-19\..\RunOnce: [nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'LOCAL SERVICE') O4 - HKUS\S-1-5-20\..\Run: [ctfmon.exe] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE') O4 - HKUS\S-1-5-20\..\RunOnce: [nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'NETWORK SERVICE') O4 - HKUS\S-1-5-18\..\Run: [ctfmon.exe] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\S-1-5-18\..\RunOnce: [nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [ctfmon.exe] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user') O4 - HKUS\.DEFAULT\..\RunOnce: [nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'Default user') O8 - Extra context menu item: 匯出至 Microsoft Excel(&X) - res://C:\PROGRA~1\MICROS~1\Office12\EXCEL.EXE/3000 O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~1\Office12\REFIEBAR.DLL O9 - Extra button: 網路ATM服務 - {E1056C34-E994-4CF9-AD0A-5BFE96747F8C} - C:\ESW\GoEzoZone.exe O9 - Extra 'Tools' menuitem: 網路ATM服務 - {E1056C34-E994-4CF9-AD0A-5BFE96747F8C} - C:\ESW\GoEzoZone.exe O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O15 - Trusted Zone: http://.tsc.com.tw O15 - Trusted Zone: http://www.ctc.url.tw O15 - Trusted IP range: http://59.125.12.150 O15 - ESC Trusted Zone: http://.update.microsoft.com O16 - DPF: {11B27AD7-BF74-4C5F-99E3-FBB1764D7863} (DisFisc Control) - https://eatm.chb.com.tw/DisFiscOcx.cab O16 - DPF: {4FCDEAB8-B28E-47E7-8EB5-9260FC173565} (JSwebATM Class) - https://webatm.jihsunbank.com.tw/JSwebATM.cab O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsu...?1259330568484 O16 - DPF: {650BBB86-3D77-49BA-A4B2-2455E44EB031} (PasswordMD5ClientCOMCtrl Class) - https://netbank.chb.com.tw/Security/...5ClientCOM.cab O16 - DPF: {88B8A9C7-10A1-4535-8EEB-0D875349E5B8} (SendOrder Class) - https://trade.tsc.com.tw/ekey/cab/axekey.cab O16 - DPF: {8F566902-147A-450F-A492-357155B73836} (DirObj Class) - https://trade.tsc.com.tw/ekey/cab/getdir.cab O16 - DPF: {9D10CDAC-AD9D-478A-BA49-4924481B20A6} (EnvDetect Class) - http://www.tsc.com.tw/service/CGEnvDetectATL.cab O16 - DPF: {D431F24F-0D8A-43A2-AB0D-FF6F27DE95A8} (PasswordClientCOMCtrl Class) - https://netbank.chb.com.tw/Security/...dClientCOM.cab O16 - DPF: {EB8D26BA-9A4C-444C-80D1-1B544F68D797} (XMLSignatureClientCOMCtrl Class) - https://netbank.chb.com.tw/Security/...eClientCOM.cab O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - CACE Technologies - C:\Program Files\WinPcap\rpcapd.exe -- End of file - 5971 bytes 此帖於 2009-12-04 11:29 PM 被 a471 編輯.

	送花文章: 0, 收花文章: 4 篇, 收花: 6 次

2009-12-04, 11:34 PM	#2 (permalink)
a471 管理員榮譽勳章勳章總數18 UID - 236673 在線等級: 註冊日期: 2002-12-06 住址: 打狗文章: 53355 精華: 0 現金: 302 金幣資產: 41767744 金幣	另一篇相關資訊如下..原來那篇移除另外在avast日誌顯示器有以下資料,我一併po出來: 注意欄:SYSTEM 1436 The virus database VPS 091124-1 was automatically updated. SYSTEM 1460 The virus database (VPS 091125-0) was automatically updated. SYSTEM 1392 The virus database (VPS 091125-1) was automatically updated. SYSTEM 1392 The virus database (VPS 091126-0) was automatically updated. SYSTEM 1396 The virus database (VPS 091126-1) was automatically updated. SYSTEM 1392 The virus database (VPS 091127-1) was automatically updated. SYSTEM 1396 The virus database (VPS 091128-0) was automatically updated. SYSTEM 1400 The virus database (VPS 091128-2) was automatically updated. SYSTEM 1432 The virus database (VPS 091129-0) was automatically updated. SYSTEM 1400 The virus database (VPS 091129-1) was automatically updated. SYSTEM 1404 The virus database (VPS 091130-0) was automatically updated. SYSTEM 1396 The virus database (VPS 091130-1) was automatically updated. SYSTEM 1396 There is a new version of the program available on the Internet. SYSTEM 1452 There is a new version of the program available on the Internet. SYSTEM 1460 There is a new version of the program available on the Internet. SYSTEM 1496 There is a new version of the program available on the Internet. SYSTEM 1456 There is a new version of the program available on the Internet. SYSTEM 1456 There is a new version of the program available on the Internet. SYSTEM 1456 There is a new version of the program available on the Internet. SYSTEM 1460 There is a new version of the program available on the Internet. SYSTEM 1460 There is a new version of the program available on the Internet. Administrator 1876 The virus database (VPS 091203-1) was automatically updated. 在警告欄裏:Administrator 1456 Sign of "Win32elf-MZG Trj" has been found in "C:\Program Files\Yahoo!\Mini\yjHookUtils.dll" file. Administrator 3088 Sign of "Win32elf-MZG [Trj]" has been found in "c:\program files\yahoo!\mini\yminiupdat2.exe" file. Administrator 1876 Sign of "Win32elf-MZG [Trj]" has been found in "C:\NEFix\swxcacls.EFix" file. Administrator 1876 Sign of "Win32elf-MZG [Trj]" has been found in "C:\NEFix\swreg.EFix\[UPX]" file. Administrator 1876 Sign of "Win32elf-MZG [Trj]" has been found in "C:\NEFix\swxcacls.EFix" file. Administrator 1876 Sign of "Win32elf-MZG [Trj]" has been found in "C:\NEFix\swreg.EFix\[UPX]" file. Administrator 1876 Sign of "Win32elf-MZG [Trj]" has been found in "C:\NEFix\swxcacls.EFix" file. Administrator 1876 Sign of "Win32elf-MZG [Trj]" has been found in "C:\NEFix\swreg.EFix\[UPX]" file. Administrator 2456 Sign of "Win32elf-MZG [Trj]" has been found in "C:\Documents and Settings\Administrator\桌面\EFix4977(掃隨身碟病毒).exe\NEFix\DUMPHIVE.EFIX" file. Administrator 2456 Sign of "Win32elf-MZG [Trj]" has been found in "C:\Documents and Settings\Administrator\桌面\EFix4977(掃隨身碟病毒).exe\NEFix\swreg.EFix\[UPX]" file. Administrator 2456 Sign of "Win32elf-MZG [Trj]" has been found in "C:\Documents and Settings\Administrator\桌面\EFix4977(掃隨身碟病毒).exe\NEFix\swxcacls.EFix" file. Administrator 784 Sign of "Win32elf-MZG [Trj]" has been found in "F:\Documents and Settings\allen\Application Data\MegauploadToolbar\megauper.exe" file. Administrator 784 Sign of "Win32elf-MZG [Trj]" has been found in "F:\ezPeerPlus\DLL\ezPop.exe\[ASProtect]" file. Administrator 784 Sign of "Win32elf-MZG [Trj]" has been found in "F:\ezPeerPlus\ezPeerPlus.exe\[ASProtect]\[Embedded_R#EZUPD]\[ASProtect]" file. Administrator 784 Sign of "Win32elf-MZG [Trj]" has been found in "F:\ezPeerPlus\SPFix.exe\[ASProtect]" file. Administrator 784 Sign of "Suela-1042" has been found in "F:\pagefile.sys" file. Administrator 784 Sign of "Win32:Zbot-MKK [Trj]" has been found in "F:\Program Files\Common Files\Ahead\NAS\nas\NasEditor.nvl" file. Administrator 784 Sign of "Win32:Zbot-MKK [Trj]" has been found in "F:\Program Files\Common files\Ahead\NAS\vis_nas.dll" file. Administrator 784 Sign of "Win32elf-MZG [Trj]" has been found in "F:\Program Files\ezHelper\ezHelper.exe\[ASProtect]" file. Administrator 784 Sign of "Win32:Zbot-MKK [Trj]" has been found in "F:\Program Files\Nero\Nero 7\Nero PhotoSnap\PhotoEffectsLib.dll" file. Administrator 784 Sign of "Win32:Zbot-MKK [Trj]" has been found in "F:\Program Files\Nero\Nero 7\Nero Vision\NeVideoFX.dll" file. Administrator 784 Sign of "Win32:Zbot-MKK [Trj]" has been found in "F:\Program Files\PhotoCap4\PhotoCap.exe" file. Administrator 784 Sign of "Win32elf-MZG [Trj]" has been found in "F:\Program Files\Realtek AC97\SoundMan.exe\[Embedded_R#157a0]" file. Administrator 784 Sign of "Win32elf-MZG [Trj]" has been found in "F:\Program Files\Spyware Doctor\pctsAuxs.exe" file. Administrator 784 Sign of "Win32elf-MZG [Trj]" has been found in "F:\Program Files\Spyware Doctor\rtl100.bpl" file. Administrator 784 Sign of "Win32elf-MZG [Trj]" has been found in "F:\Program Files\Spyware Doctor\smumhook.dll" file. Administrator 784 Sign of "Win32elf-MZG [Trj]" has been found in "F:\Program Files\Spyware Doctor\Update.exe\[Armadillo]" file. Administrator 784 Sign of "Win32elf-MZG [Trj]" has been found in "F:\Program Files\Spyware Doctor\Upgrade.exe" file. Administrator 784 Sign of "Win32elf-MZG [Trj]" has been found in "F:\System Volume Information\_restore{40A4DB29-3382-4CAB-A29D-BD6A1B33C4F0}\RP344\A0128164.EXE\[Embedded_R#157a0]" file. Administrator 784 Sign of "Win32elf-MZG [Trj]" has been found in "F:\System Volume Information\_restore{40A4DB29-3382-4CAB-A29D-BD6A1B33C4F0}\RP344\A0128253.EXE\[Embedded_R#157a0]" file. Administrator 784 Sign of "Win32elf-MZG [Trj]" has been found in "F:\WINDOWS\SOUNDMAN.EXE\[Embedded_R#157a0]" file. Administrator 784 Sign of "Win32elf-MZG [Trj]" has been found in "F:\WINDOWS\Temp\OLD76.tmp\[Embedded_R#157a0]" file. Administrator 784 Sign of "Win32elf-MZG [Trj]" has been found in "F:\WINDOWS\Temp\soundman.exe\[Embedded_R#157a0]" file. Administrator 784 Sign of "Win32elf-MZG [Trj]" has been found in "G:\RECYCLER\S-1-5-21-1801674531-1770027372-1417001333-500\Dg20\Refresh.exe" file. Administrator 784 Sign of "Win32elf-MZG [Trj]" has been found in "G:\SSC Service Utility\ssc_serv.exe\[ASProtect]" file. Administrator 784 Sign of "Win32elf-MZG [Trj]" has been found in "C:\Documents and Settings\Administrator\Local Settings\Application Data\Downloaded Installations\{D647E6DF-D2DD-454C-BAF3-DEBB48E83E45}\ACDSee 10 (Traditional Chinese).msi\Binary.YTB\$PLUGINSDIR\$PLUGINSDIR\MoreInfo.dll" file. Administrator 784 Sign of "Win32:Adware-gen [Adw]" has been found in "C:\Documents and Settings\Administrator\Local Settings\Application Data\Downloaded Installations\{D647E6DF-D2DD-454C-BAF3-DEBB48E83E45}\ACDSee 10 (Traditional Chinese).msi\Binary.NewBinary5\$SHELL[17]\IdnKw\$R0\[Embedded_I#08040]" file. Administrator 784 Sign of "Win32elf-MZG [Trj]" has been found in "C:\NEFix\DUMPHIVE.EFIX" file. Administrator 784 Sign of "Win32elf-MZG [Trj]" has been found in "C:\Program Files\Yahoo!\Mini\ytb_7.0.8.0_1.4.1_ysp_1.2_pub_tw_setup_.exe\$_OUTDIR\$PLUGINSDIR\MoreInfo.dll" file. Administrator 784 Sign of "Win32elf-MZG [Trj]" has been found in "C:\TWEWinner\Cab\KernelBPL.cab\rtl70.bpl" file. Administrator 784 Sign of "Win32elf-MZG [Trj]" has been found in "C:\TWEWinner\Cab\PMMServer.cab\PMMServer.exe" file. Administrator 784 Sign of "Win32elf-MZG [Trj]" has been found in "C:\WINDOWS\Installer\637bf.msi\Binary.YTB\$PLUGINSDIR\$PLUGINSDIR\MoreInfo.dll" file. Administrator 784 Sign of "Win32:Adware-gen [Adw]" has been found in "C:\WINDOWS\Installer\637bf.msi\Binary.NewBinary5\$SHELL[17]\IdnKw\$R0\[Embedded_I#08040]" file. Administrator 784 Sign of "Win32elf-MZG [Trj]" has been found in "D:\Documents and Settings\allen\Application Data\MegauploadToolbar\downfile\megauper.zip\megauper.exe" file. Administrator 784 Sign of "Win32elf-MZG [Trj]" has been found in "F:\Documents and Settings\allen\Application Data\MegauploadToolbar\downfile\megauper.zip\megauper.exe" file. Administrator 784 Sign of "Win32:Zbot-MKK [Trj]" has been found in "F:\Documents and Settings\allen\Local Settings\Temporary Internet Files\Content.IE5\STIZ8PAJ\PhotoCap421_CH_BIG5[1].exe\PhotoCap.exe" file. Administrator 784 Sign of "Win32elf-MZG [Trj]" has been found in "F:\WINDOWS\Downloaded Installations\{71165993-6256-4267-9618-AB7162E8E017}\綜合所得稅電子結算申報繳稅系統.msi\Data1.cab\rtl70.bpl" file. Administrator 784 Sign of "Win32elf-MZG [Trj]" has been found in "F:\WINDOWS\Downloaded Installations\{71165993-6256-4267-9618-AB7162E8E017}\綜合所得稅電子結算申報繳稅系統.msi\Data1.cab\Update.exe" file. Administrator 784 Sign of "Win32elf-MZG [Trj]" has been found in "F:\WINDOWS\Downloaded Installations\{71165993-6256-4267-9618-AB7162E8E017}\綜合所得稅電子結算申報繳稅系統.msi\Data1.cab\AskServer.exe" file. Administrator 784 Sign of "Win32elf-MZG [Trj]" has been found in "F:\WINDOWS\Downloaded Installations\{71165993-6256-4267-9618-AB7162E8E017}\綜合所得稅電子結算申報繳稅系統.msi\Data1.cab\ProxySetup.exe" file. Administrator 784 Sign of "Win32elf-MZG [Trj]" has been found in "G:\Drivers\WDM_A404.exe\\WDM\SoundMan.exe\[Embedded_R#157a0]" file. Administrator 784 Sign of "Win32elf-MZG [Trj]" has been found in "G:\Drivers\WDM_A404.exe\\WDM\SoundMan.exe" file. Administrator 2328 Sign of "Win32elf-MZG [Trj]" has been found in "F:\WINDOWS\Downloaded Installations\{71165993-6256-4267-9618-AB7162E8E017}\綜合所得稅電子結算申報繳稅系統.msi\Data1.cab\rtl70.bpl" file. Administrator 2328 Sign of "Win32elf-MZG [Trj]" has been found in "F:\WINDOWS\Downloaded Installations\{71165993-6256-4267-9618-AB7162E8E017}\綜合所得稅電子結算申報繳稅系統.msi\Data1.cab\Update.exe" file. Administrator 2328 Sign of "Win32elf-MZG [Trj]" has been found in "F:\WINDOWS\Downloaded Installations\{71165993-6256-4267-9618-AB7162E8E017}\綜合所得稅電子結算申報繳稅系統.msi\Data1.cab\AskServer.exe" file. Administrator 2328 Sign of "Win32elf-MZG [Trj]" has been found in "F:\WINDOWS\Downloaded Installations\{71165993-6256-4267-9618-AB7162E8E017}\綜合所得稅電子結算申報繳稅系統.msi\Data1.cab\ProxySetup.exe" file. Administrator 180 Sign of "Win32elf-MZG [Trj]" has been found in "F:\WINDOWS\Downloaded Installations\{71165993-6256-4267-9618-AB7162E8E017}\綜合所得稅電子結算申報繳稅系統.msi\Data1.cab\rtl70.bpl" file. Administrator 180 Sign of "Win32elf-MZG [Trj]" has been found in "F:\WINDOWS\Downloaded Installations\{71165993-6256-4267-9618-AB7162E8E017}\綜合所得稅電子結算申報繳稅系統.msi\Data1.cab\Update.exe" file. Administrator 180 Sign of "Win32elf-MZG [Trj]" has been found in "F:\WINDOWS\Downloaded Installations\{71165993-6256-4267-9618-AB7162E8E017}\綜合所得稅電子結算申報繳稅系統.msi\Data1.cab\AskServer.exe" file. Administrator 368 Sign of "Win32:Adware-gen [Adw]" has been found in "C:\Documents and Settings\Administrator\Local Settings\Application Data\Downloaded Installations\{D647E6DF-D2DD-454C-BAF3-DEBB48E83E45}\ACDSee 10 (Traditional Chinese).msi\Binary.NewBinary5\$SHELL[17]\IdnKw\$R0\[Embedded_I#08040]" file. Administrator 368 Sign of "Win32:Adware-gen [Adw]" has been found in "C:\WINDOWS\Installer\637bf.msi\Binary.NewBinary5\$SHELL[17]\IdnKw\$R0\[Embedded_I#08040]" file. Administrator 368 Sign of "Win32:Adware-gen [Adw]" has been found in "C:\Documents and Settings\Administrator\Local Settings\Application Data\Downloaded Installations\{D647E6DF-D2DD-454C-BAF3-DEBB48E83E45}\ACDSee 10 (Traditional Chinese).msi\Binary.NewBinary5\$SHELL[17]\IdnKw\$R0\[Embedded_I#08040]" file. Administrator 368 Sign of "Win32:Adware-gen [Adw]" has been found in "C:\WINDOWS\Installer\637bf.msi\Binary.NewBinary5\$SHELL[17]\IdnKw\$R0\[Embedded_I#08040]" file. Administrator 1712 Function setifaceUpdatePackages() has failed. Return code is 0x000004C7, dwRes is 000004C7. Administrator 1712 Sign of "Win32:Adware-gen [Adw]" has been found in "C:\Documents and Settings\Administrator\Local Settings\Application Data\Downloaded Installations\{D647E6DF-D2DD-454C-BAF3-DEBB48E83E45}\ACDSee 10 (Traditional Chinese).msi\Binary.NewBinary5\$SHELL[17]\IdnKw\$R0\[Embedded_I#08040]" file. Administrator 1712 Sign of "Win32:Adware-gen [Adw]" has been found in "C:\WINDOWS\Installer\637bf.msi\Binary.NewBinary5\$SHELL[17]\IdnKw\$R0\[Embedded_I#08040]" file. Administrator 1712 Sign of "Win32:Shutdowner-AP [Trj]" has been found in "F:\WINDOWS\MEMORY.DMP" file. Administrator 1712 Sign of "Win32:Adware-gen [Adw]" has been found in "C:\WINDOWS\Installer\637bf.msi\Binary.NewBinary5\$SHELL[17]\IdnKw\$R0\[Embedded_I#08040]" file. Administrator 1712 Sign of "Win32:Adware-gen [Adw]" has been found in "C:\Documents and Settings\Administrator\Local Settings\Application Data\Downloaded Installations\{D647E6DF-D2DD-454C-BAF3-DEBB48E83E45}\ACDSee 10 (Traditional Chinese).msi\Binary.NewBinary5\$SHELL[17]\IdnKw\$R0\[Embedded_I#08040]" file. Administrator 1712 Sign of "Win32:Adware-gen [Adw]" has been found in "C:\WINDOWS\Installer\637bf.msi\Binary.NewBinary5\$SHELL[17]\IdnKw\$R0\[Embedded_I#08040]" file. Administrator 1712 Function setifaceUpdatePackages() has failed. Return code is 0x000004C7, dwRes is 000004C7. Administrator 1712 Sign of "Win32:Adware-gen [Adw]" has been found in "C:\Documents and Settings\Administrator\Local Settings\Application Data\Downloaded Installations\{D647E6DF-D2DD-454C-BAF3-DEBB48E83E45}\ACDSee 10 (Traditional Chinese).msi\Binary.NewBinary5\$SHELL[17]\IdnKw\$R0\[Embedded_I#08040]" file. Administrator 1712 Sign of "Win32:Adware-gen [Adw]" has been found in "C:\Program Files\Alwil Software\Avast4\DATA\moved\[Embedded_I#08040]\$SHELL[17]\IdnKw\$R0\[Embedded_I#08040]" file. Administrator 1712 Sign of "Win32:Adware-gen [Adw]" has been found in "C:\WINDOWS\Installer\637bf.msi\Binary.NewBinary5\$SHELL[17]\IdnKw\$R0\[Embedded_I#08040]" file. Administrator 1876 Sign of "Win32:Adware-gen [Adw]" has been found in "C:\RECYCLER\S-1-5-21-1801674531-1770027372-1417001333-500\Dc64\$SHELL[17]\IdnKw\$R0\[Embedded_I#08040]" file. Administrator 1876 Sign of "Win32:Adware-gen [Adw]" has been found in "C:\RECYCLER\S-1-5-21-1801674531-1770027372-1417001333-500\Dc65.2\$SHELL[17]\IdnKw\$R0\[Embedded_I#08040]" file. Administrator 3084 Sign of "Win32:Adware-gen [Adw]" has been found in "C:\Documents and Settings\Administrator\Local Settings\Application Data\Downloaded Installations\{D647E6DF-D2DD-454C-BAF3-DEBB48E83E45}\ACDSee 10 (Traditional Chinese).msi\Binary.NewBinary5\$SHELL[17]\IdnKw\$R0\[Embedded_I#08040]" file. Administrator 3084 Sign of "Win32:Adware-gen [Adw]" has been found in "C:\Program Files\Alwil Software\Avast4\DATA\moved\[Embedded_I#08040]\$SHELL[17]\IdnKw\$R0\[Embedded_I#08040]" file. Administrator 3084 Sign of "Win32:Adware-gen [Adw]" has been found in "C:\WINDOWS\Installer\637bf.msi\Binary.NewBinary5\$SHELL[17]\IdnKw\$R0\[Embedded_I#08040]" file. Administrator 1876 Sign of "Win32:Adware-gen [Adw]" has been found in "C:\RECYCLER\S-1-5-21-1801674531-1770027372-1417001333-500\Dc71\$SHELL[17]\IdnKw\$R0\[Embedded_I#08040]" file. Administrator 1876 Sign of "Win32:Adware-gen [Adw]" has been found in "C:\RECYCLER\S-1-5-21-1801674531-1770027372-1417001333-500\Dc72.2\$SHELL[17]\IdnKw\$R0\[Embedded_I#08040]" file. Administrator 1876 Sign of "Win32:Adware-gen [Adw]" has been found in "C:\RECYCLER\S-1-5-21-1801674531-1770027372-1417001333-500\Dc73.3\$SHELL[17]\IdnKw\$R0\[Embedded_I#08040]" file. Administrator 1876 Sign of "Win32:Adware-gen [Adw]" has been found in "C:\RECYCLER\S-1-5-21-1801674531-1770027372-1417001333-500\Dc74.4\$SHELL[17]\IdnKw\$R0\[Embedded_I#08040]" file. Administrator 1876 Sign of "Win32:Adware-gen [Adw]" has been found in "C:\RECYCLER\S-1-5-21-1801674531-1770027372-1417001333-500\Dc75.5\$SHELL[17]\IdnKw\$R0\[Embedded_I#08040]" file. Administrator 1876 Sign of "Win32:Adware-gen [Adw]" has been found in "C:\RECYCLER\S-1-5-21-1801674531-1770027372-1417001333-500\Dc76.6\$SHELL[17]\IdnKw\$R0\[Embedded_I#08040]" file. Administrator 1876 Sign of "Win32:Adware-gen [Adw]" has been found in "C:\RECYCLER\S-1-5-21-1801674531-1770027372-1417001333-500\Dc77.vir\$SHELL[17]\IdnKw\$R0\[Embedded_I#08040]" file. Administrator 1876 Sign of "Win32:Adware-gen [Adw]" has been found in "C:\RECYCLER\S-1-5-21-1801674531-1770027372-1417001333-500\Dc78.vir\$SHELL[17]\IdnKw\$R0\[Embedded_I#08040]" file. Administrator 1876 Sign of "Win32:Adware-gen [Adw]" has been found in "C:\RECYCLER\S-1-5-21-1801674531-1770027372-1417001333-500\Dc79\$SHELL[17]\IdnKw\$R0\[Embedded_I#08040]" file. Administrator 1876 Sign of "Win32:Adware-gen [Adw]" has been found in "C:\RECYCLER\S-1-5-21-1801674531-1770027372-1417001333-500\Dc80.2\$SHELL[17]\IdnKw\$R0\[Embedded_I#08040]" file. Administrator 1876 Sign of "Win32:Adware-gen [Adw]" has been found in "C:\RECYCLER\S-1-5-21-1801674531-1770027372-1417001333-500\Dc81.vir\$SHELL[17]\IdnKw\$R0\[Embedded_I#08040]" file. Administrator 1876 Sign of "Win32:Adware-gen [Adw]" has been found in "C:\RECYCLER\S-1-5-21-1801674531-1770027372-1417001333-500\Dc82.3\$SHELL[17]\IdnKw\$R0\[Embedded_I#08040]" file. Administrator 1876 Sign of "Win32:Adware-gen [Adw]" has been found in "C:\RECYCLER\S-1-5-21-1801674531-1770027372-1417001333-500\Dc83.vir\$SHELL[17]\IdnKw\$R0\[Embedded_I#08040]" file. Administrator 1876 Sign of "Win32:Adware-gen [Adw]" has been found in "C:\RECYCLER\S-1-5-21-1801674531-1770027372-1417001333-500\Dc84.vir\$SHELL[17]\IdnKw\$R0\[Embedded_I#08040]" file. Administrator 1876 Sign of "Win32:Adware-gen [Adw]" has been found in "C:\RECYCLER\S-1-5-21-1801674531-1770027372-1417001333-500\Dc85.vir\$SHELL[17]\IdnKw\$R0\[Embedded_I#08040]" file. Administrator 1876 Sign of "Win32:Adware-gen [Adw]" has been found in "C:\RECYCLER\S-1-5-21-1801674531-1770027372-1417001333-500\Dc86.vir\$SHELL[17]\IdnKw\$R0\[Embedded_I#08040]" file. Administrator 1876 Sign of "Win32:Adware-gen [Adw]" has been found in "C:\RECYCLER\S-1-5-21-1801674531-1770027372-1417001333-500\Dc87.vir\$SHELL[17]\IdnKw\$R0\[Embedded_I#08040]" file. Administrator 1876 Sign of "Win32:Adware-gen [Adw]" has been found in "C:\RECYCLER\S-1-5-21-1801674531-1770027372-1417001333-500\Dc88.vir\$SHELL[17]\IdnKw\$R0\[Embedded_I#08040]" file. Administrator 876 Sign of "Win32:Adware-gen [Adw]" has been found in "C:\Documents and Settings\Administrator\Local Settings\Application Data\Downloaded Installations\{D647E6DF-D2DD-454C-BAF3-DEBB48E83E45}\ACDSee 10 (Traditional Chinese).msi\Binary.NewBinary5\$SHELL[17]\IdnKw\$R0\[Embedded_I#08040]" file. Administrator 876 Sign of "Win32:Adware-gen [Adw]" has been found in "C:\WINDOWS\Installer\637bf.msi\Binary.NewBinary5\$SHELL[17]\IdnKw\$R0\[Embedded_I#08040]" file. Administrator 876 Sign of "Win32:Adware-gen [Adw]" has been found in "C:\Documents and Settings\Administrator\Local Settings\Application Data\Downloaded Installations\{D647E6DF-D2DD-454C-BAF3-DEBB48E83E45}\ACDSee 10 (Traditional Chinese).msi\Binary.NewBinary5\$SHELL[17]\IdnKw\$R0\[Embedded_I#08040]" file. Administrator 876 Sign of "Win32:Adware-gen [Adw]" has been found in "C:\WINDOWS\Installer\637bf.msi\Binary.NewBinary5\$SHELL[17]\IdnKw\$R0\[Embedded_I#08040]" file. Administrator 876 Function setifaceUpdatePackages() has failed. Return code is 0x000004C7, dwRes is 000004C7. 在錯誤欄裏:2009/12/3 下午 04:04:05 Administrator 1876 Error in aswChestS: chest s_NewFile Error 112. 2009/12/3 下午 04:04:05 Administrator 1712 Error in aswChestC: chestAddFile Error 112. 在avast病毒隔離區裡系統檔案及所有隔離區裡有3個是顯示無毒的: 1.kernel32.dll c:\windows\system32 無毒 2.winsock.dll c:\windows\system32 無毒 3.wnsock32.dll c:\windows\system32 無毒另外,有2個廣告媒體,名稱:win32:adware-gen[adw],我找不到它們的路徑,也不讓我隔離或刪除或增加副檔名移到資料夾中.不曉得還有那些資料我没有提供到的,或者我寫了太多無幫助的訊息,也請跟我講,那也請如以上我所寫的,告訴我以後上網時,針對這份報告,那些地方是我要注意防範調整的,謝謝. 此帖於 2009-12-09 03:51 PM 被 a471 編輯.
	__________________ 我是史版A大，錢的數量決定電腦的力量我是給女孩修電腦長大的，經驗豐富技術過硬，就沒有我修不好的電腦
	送花文章: 79393, 收花文章: 22261 篇, 收花: 80311 次

2009-12-04, 11:36 PM	#3 (permalink)
a471 管理員榮譽勳章勳章總數18 UID - 236673 在線等級: 註冊日期: 2002-12-06 住址: 打狗文章: 53355 精華: 0 現金: 302 金幣資產: 41767744 金幣	avast4.8專業版有誤報情況，可能不是中毒.....

	送花文章: 79393, 收花文章: 22261 篇, 收花: 80311 次

2009-12-05, 10:58 AM	#4 (permalink)
shimano 註冊會員榮譽勳章勳章總數 UID - 334034 在線等級: 註冊日期: 2009-12-03 文章: 9 精華: 0 現金: 16 金幣資產: 16 金幣	shimno中毒請求協助先謝謝版區管理員花時間幫我連結另一篇文章,那 1.請問我現在可以做的是用別的防毒軟體再進行掃一次嗎,若是的話可以建議軟體嗎?我的是xp系統,品牌華碩ct5430 2.它avast出現好多[trj]字眼,這應該是所謂的木馬程式病毒對吧? 3.還有那個廣告媒體病毒win32:Adware-gen[Adw]我要移到隔離區或刪除或移到資料夾,都出現操作錯誤的訊息,真的動不了它嗎?? 4.還有我需要用cpu-z將系統資料download,po出來嗎?

	送花文章: 0, 收花文章: 4 篇, 收花: 6 次

2009-12-05, 07:49 PM	#7 (permalink)
shimano 註冊會員榮譽勳章勳章總數 UID - 334034 在線等級: 註冊日期: 2009-12-03 文章: 9 精華: 0 現金: 16 金幣資產: 16 金幣	電腦白痴shimno中毒請求協助part1-2 親愛的版區管理員,我有去查過我的"關於avast"它顯示的版本如下: Build:Sep 2009 [4.81368] x treme Took it 版本1.9.4.0 正在使用Activeskin版本4.2.7.3 VPS(病毒碼) 檔案版本:091205.0 看起來好像已經是最新的版本了,反正我現在就重新再掃一次.

	送花文章: 0, 收花文章: 4 篇, 收花: 6 次

2009-12-05, 09:27 PM	#8 (permalink)
shimano 註冊會員榮譽勳章勳章總數 UID - 334034 在線等級: 註冊日期: 2009-12-03 文章: 9 精華: 0 現金: 16 金幣資產: 16 金幣	電腦白痴shimno中毒請求協助part1-2 版區管理員,我己經掃過了二次,我發現感染的 1.Win32:Adware-gen[adw]我無法刪除也無法移到隔離區,移動/重新命名也不能處理.都出現"操作無法支援這種壓縮檔"這無解了嗎?以下是avast日誌所列的警告名單如下: 2009/12/5 下午 08:40:21 Administrator 1256 Sign of "Win32:Adware-gen [Adw]" has been found in "C:\Documents and Settings\Administrator\Local Settings\Application Data\Downloaded Installations\{D647E6DF-D2DD-454C-BAF3-DEBB48E83E45}\ACDSee 10 (Traditional Chinese).msi\Binary.NewBinary5\$SHELL[17]\IdnKw\$R0\[Embedded_I#08040]" file. 2009/12/5 下午 08:42:48 Administrator 1256 Sign of "Win32:Adware-gen [Adw]" has been found in "C:\Program Files\Alwil Software\Avast4\DATA\moved\[Embedded_I#08040].vir\$SHELL[17]\IdnKw\$R0\[Embedded_I#08040]" file. 2009/12/5 下午 08:45:22 Administrator 1256 Sign of "Win32:Adware-gen [Adw]" has been found in "C:\WINDOWS\Installer\637bf.msi\Binary.NewBinary5\$SHELL[17]\IdnKw\$R0\[Embedded_I#08040]" file. 2009/12/5 下午 08:49:32 Administrator 1484 Sign of "Win32:Adware-gen [Adw]" has been found in "C:\RECYCLER\S-1-5-21-1801674531-1770027372-1417001333-500\Dc25.vir\$SHELL[17]\IdnKw\$R0\[Embedded_I#08040]" file. 2009/12/5 下午 08:49:40 Administrator 1484 Sign of "Win32:Adware-gen [Adw]" has been found in "C:\RECYCLER\S-1-5-21-1801674531-1770027372-1417001333-500\Dc26.vir\$SHELL[17]\IdnKw\$R0\[Embedded_I#08040]" file. 2009/12/5 下午 08:58:24 Administrator 1256 Sign of "Win32:Adware-gen [Adw]" has been found in "C:\Documents and Settings\Administrator\Local Settings\Application Data\Downloaded Installations\{D647E6DF-D2DD-454C-BAF3-DEBB48E83E45}\ACDSee 10 (Traditional Chinese).msi\Binary.NewBinary5\$SHELL[17]\IdnKw\$R0\[Embedded_I#08040]" file. 2009/12/5 下午 09:01:16 Administrator 1484 Sign of "Win32:Adware-gen [Adw]" has been found in "C:\RECYCLER\S-1-5-21-1801674531-1770027372-1417001333-500\Dc27\$SHELL[17]\IdnKw\$R0\[Embedded_I#08040]" file. 2009/12/5 下午 09:01:32 Administrator 1484 Sign of "Win32:Adware-gen [Adw]" has been found in "C:\RECYCLER\S-1-5-21-1801674531-1770027372-1417001333-500\Dc28.vir\$SHELL[17]\IdnKw\$R0\[Embedded_I#08040]" file. 2009/12/5 下午 09:01:41 Administrator 1484 Sign of "Win32:Adware-gen [Adw]" has been found in "C:\RECYCLER\S-1-5-21-1801674531-1770027372-1417001333-500\Dc29.vir\$SHELL[17]\IdnKw\$R0\[Embedded_I#08040]" file. 2009/12/5 下午 09:01:51 Administrator 1484 Sign of "Win32:Adware-gen [Adw]" has been found in "C:\RECYCLER\S-1-5-21-1801674531-1770027372-1417001333-500\Dc30.vir\$SHELL[17]\IdnKw\$R0\[Embedded_I#08040]" file. 2009/12/5 下午 09:01:58 Administrator 1484 Sign of "Win32:Adware-gen [Adw]" has been found in "C:\RECYCLER\S-1-5-21-1801674531-1770027372-1417001333-500\Dc31.vir\$SHELL[17]\IdnKw\$R0\[Embedded_I#08040]" file. 2009/12/5 下午 09:10:07 Administrator 1256 Sign of "Win32:Adware-gen [Adw]" has been found in "C:\WINDOWS\Installer\637bf.msi\Binary.NewBinary5\$SHELL[17]\IdnKw\$R0\[Embedded_I#08040]" file. 2.這次我没有掃那個隨身硬碟,我想直接格式化,請問我該如何做?它的usb連接我的電腦會不會把裡面的病毒再傳到我的電腦裡呢? 3.有三個檔案另外在avast病毒隔離區裡系統檔案及所有隔離區裡有3個我重新掃描是顯示無毒的: 1.kernel32.dll c:\windows\system32 無毒 2.winsock.dll c:\windows\system32 無毒 3.wnsock32.dll c:\windows\system32 無毒請問這三個檔我要復原它們嗎?

	送花文章: 0, 收花文章: 4 篇, 收花: 6 次

2009-12-07, 09:32 AM	#9 (permalink)
a471 管理員榮譽勳章勳章總數18 UID - 236673 在線等級: 註冊日期: 2002-12-06 住址: 打狗文章: 53355 精華: 0 現金: 302 金幣資產: 41767744 金幣	等別人替你分析吧...

	送花文章: 79393, 收花文章: 22261 篇, 收花: 80311 次

相似的主題
主題	主題作者	討論區	回覆	最後發表
公告 - 煩請系統中毒要求協助或是解毒或是系統不穩的版友注意	不飛	一般電腦疑難討論區	3	2015-06-08 10:28 AM
求助 - 電腦中毒請求協助	pig9452001	一般電腦疑難討論區	3	2008-12-09 03:19 PM
求助 - 每一次開機 , 顏色就不對,請求協助?	a791004	一般電腦疑難討論區	2	2006-07-21 11:50 PM
請求協助雅虎即時通的問題？	ljlppchild	軟體應用問題討論區	2	2003-07-04 08:58 AM

Google 提供的廣告