|
|
|||||||
| 論壇說明 |
|
歡迎您來到『史萊姆論壇』 ^___^ 您目前正以訪客的身份瀏覽本論壇,訪客所擁有的權限將受到限制,您可以瀏覽本論壇大部份的版區與文章,但您將無法參與任何討論或是使用私人訊息與其他會員交流。若您希望擁有完整的使用權限,請註冊成為我們的一份子,註冊的程序十分簡單、快速,而且最重要的是--註冊是完全免費的! 請點擊這裡:『註冊成為我們的一份子!』 |
 |
|
|
主題工具 | 顯示模式 |
2010-09-06, 08:58 PM
|
#1 |
|
註冊會員
|
求助 - 求分析中毒的電腦
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 8:25:45 PM, on 9/6/2010 Platform: Windows XP SP3 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512) Boot mode: Normal Running processes: D:\WINDOWS\System32\smss.exe D:\WINDOWS\system32\winlogon.exe D:\WINDOWS\system32\services.exe D:\WINDOWS\system32\lsass.exe D:\WINDOWS\system32\svchost.exe D:\WINDOWS\System32\svchost.exe D:\WINDOWS\system32\spoolsv.exe D:\Program Files\Avira\AntiVir Desktop\sched.exe D:\WINDOWS\Explorer.EXE D:\WINDOWS\system32\hkcmd.exe D:\WINDOWS\system32\igfxpers.exe D:\Program Files\Analog Devices\Core\smax4pnp.exe D:\WINDOWS\system32\igfxsrvc.exe D:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe D:\Program Files\Google\Google Pinyin 2\GooglePinyinDaemon.exe D:\Program Files\Avira\AntiVir Desktop\avgnt.exe D:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe D:\Program Files\Messenger\msmsgs.exe D:\Program Files\Google\Google Pinyin 2\GooglePinyinService.exe D:\WINDOWS\system32\ctfmon.exe D:\Program Files\Skype\Phone\Skype.exe D:\Program Files\Hamachi\hamachi.exe D:\Program Files\Avira\AntiVir Desktop\avguard.exe D:\WINDOWS\system32\svchost.exe D:\Program Files\Avira\AntiVir Desktop\avshadow.exe D:\Program Files\Skype\Plugin Manager\skypePM.exe D:\WINDOWS\System32\svchost.exe D:\Program Files\Avira\AntiVir Desktop\avnotify.exe D:\WINDOWS\system32\cmd.exe D:\WINDOWS\system32\ntvdm.exe D:\Program Files\TeamViewer3\TeamViewer.exe D:\Documents and Settings\User\Desktop\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://flvdirect.iamwired.net/ R3 - URLSearchHook: zerdonio Toolbar - {a1c79e4f-59f7-40dd-99ed-1d57fc64511f} - D:\Program Files\zerdonio\tbzerd.dll O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - D:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - D:\PROGRA~1\Skype\Phone\IEPlugin\SKYPEI~1.DLL O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - D:\PROGRA~1\SPYBOT~1\SDHelper.dll O2 - BHO: zerdonio Toolbar - {a1c79e4f-59f7-40dd-99ed-1d57fc64511f} - D:\Program Files\zerdonio\tbzerd.dll O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - D:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - D:\Program Files\Google\GoogleToolbarNotifier\5.4.4525.1752\swg.dll O2 - BHO: flvmeganetwork - {cbd7a574-6ea9-e8e8-afa3-25c5e0c6fced} - D:\WINDOWS\system32\WU_lvfyA9_4.dll (file missing) O3 - Toolbar: (no name) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file) O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - D:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll O3 - Toolbar: zerdonio Toolbar - {a1c79e4f-59f7-40dd-99ed-1d57fc64511f} - D:\Program Files\zerdonio\tbzerd.dll O4 - HKLM\..\Run: [IMJPMIG8.1] "D:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32 O4 - HKLM\..\Run: [PHIME2002ASync] D:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC O4 - HKLM\..\Run: [PHIME2002A] D:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName O4 - HKLM\..\Run: [IgfxTray] D:\WINDOWS\system32\igfxtray.exe O4 - HKLM\..\Run: [HotKeysCmds] D:\WINDOWS\system32\hkcmd.exe O4 - HKLM\..\Run: [Persistence] D:\WINDOWS\system32\igfxpers.exe O4 - HKLM\..\Run: [SoundMAXPnP] D:\Program Files\Analog Devices\Core\smax4pnp.exe O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "D:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe" O4 - HKLM\..\Run: [Adobe ARM] "D:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" O4 - HKLM\..\Run: [Google Pinyin 2 Autoupdater] "D:\Program Files\Google\Google Pinyin 2\GooglePinyinDaemon.exe" O4 - HKLM\..\Run: [avgnt] "D:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min O4 - HKCU\..\Run: [swg] "D:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" O4 - HKCU\..\Run: [MSMSGS] "D:\Program Files\Messenger\msmsgs.exe" /background O4 - HKCU\..\Run: [ctfmon.exe] D:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [Skype] "D:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized O4 - Startup: hamachi.lnk = D:\Program Files\Hamachi\hamachi.exe O4 - Startup: START.BAT O8 - Extra context menu item: + &Download Express: download this file - D:\Program Files\Download Express\Add_Url.htm O8 - Extra context menu item: Google Sidewiki... - res://D:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_60D6097707281E79.dll/cmsidewiki.html O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - D:\PROGRA~1\Skype\Phone\IEPlugin\SKYPEI~1.DLL O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - D:\PROGRA~1\SPYBOT~1\SDHelper.dll O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - D:\PROGRA~1\SPYBOT~1\SDHelper.dll O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - D:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - D:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - D:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - D:\Program Files\Messenger\msmsgs.exe O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/micr...?1223723402938 O16 - DPF: {7D30109B-DD2B-4339-BE80-1CD48723C2BC} (LiveX(v6.0.1.0)) - http://summit01.dipmap.com/cab/Live.cab O16 - DPF: {CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7} (get_atlcom Class) - http://wwwimages.adobe.com/www.adobe...bat/nos/gp.cab O16 - DPF: {E84E5574-FAE4-4EE2-877D-092AFF688F21} (RPBX(v6.0)) - http://summit01.dipmap.com/cab/RPB.cab O17 - HKLM\System\CCS\Services\Tcpip\..\{667B1B6D-15B7-4CC7-9D18-F436F4457A7E}: NameServer = 202.188.0.133,202.188.1.5 O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - D:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL O20 - Winlogon Notify: csbdll - D:\WINDOWS\SYSTEM32\csbdll.dll O23 - Service: Avira AntiVir Scheduler (AntiVirSchedulerService) - Avira GmbH - D:\Program Files\Avira\AntiVir Desktop\sched.exe O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - D:\Program Files\Avira\AntiVir Desktop\avguard.exe O23 - Service: getPlus(R) Helper - NOS Microsystems Ltd. - D:\Program Files\NOS\bin\getPlus_HelperSvc.exe O23 - Service: Google Software Updater (gusvc) - Google - D:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe -- End of file - 6869 bytes 懷疑﹕ R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://flvdirect.iamwired.net/ R3 - URLSearchHook: zerdonio Toolbar - {a1c79e4f-59f7-40dd-99ed-1d57fc64511f} - D:\Program Files\zerdonio\tbzerd.dll O3 - Toolbar: zerdonio Toolbar - {a1c79e4f-59f7-40dd-99ed-1d57fc64511f} - D:\Program Files\zerdonio\tbzerd.dll O20 - Winlogon Notify: csbdll - D:\WINDOWS\SYSTEM32\csbdll.dll 請問可以用 hijackthis fix 嗎﹖ (擔心開機後疑症) |
|
送花文章: 10,
|
|
向 hawlan 送花的會員:
|
|
2010-09-07, 12:15 AM
|
#3 (permalink) |
|
註冊會員
|
O20 - Winlogon Notify: csbdll - D:\WINDOWS\SYSTEM32\csbdll.dll
根據趨勢科技的解說﹐要到 safe mode 把以下刪除 ﹕ 1) HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\ Windows NT\CurrentVersion\Winlogon\ Notify csbdll %system%\csbdll.dll %UserTemp%\58E.tmp.dll 結果是找不到所謂58E.tmp.dll 在 safemode 還是刪除不掉 csbdll.dll avira 防毒在開機時﹐不斷出現偵察到MSSRV32.EXE 病毒。 太頑強了﹐google 也找不到別的方法。 此帖於 2010-09-07 12:27 AM 被 hawlan 編輯. |
|
|
送花文章: 10,
|
|
|
|
|
相似的主題
|
||||
| 主題 | 主題作者 | 討論區 | 回覆 | 最後發表 |
| 我的電腦中毒了 | hn84504534 | 一般電腦疑難討論區 | 0 | 2003-04-02 10:31 AM |
| 我的電腦中毒後,不正常…? | 小王子 | 一般電腦疑難討論區 | 4 | 2003-03-29 02:15 PM |
| 我的電腦重灌後怎麼還會中毒 | tombo | 一般電腦疑難討論區 | 8 | 2003-02-21 06:13 PM |
平板模式
