打印

中毒好深成日自動關機(HijackThis)

tincome

二星fun會員

Rank: 3 Rank: 3

1^# 大中小發表於 2009-2-21 09:54 只看該作者

中毒好深成日自動關機(HijackThis)

中毒好深成日自動關機

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 上午 09:10:26, on 2009/2/21
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16791)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\SOUNDMAN.EXE
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Windows Live\Messenger\usnsvc.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\Program Files\TTPlayer\TTPlayer.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\Program Files\Alwil Software\Avast4\ashSimpl.exe

F3 - REG:win.ini: load=C:\WINDOWS\rundl132.exe
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Megaupload Toolbar - {4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C} - C:\PROGRA~1\MEGAUP~1\MEGAUP~1.DLL
O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SearchHelper.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live 登入小幫手 - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O3 - Toolbar: Megaupload Toolbar - {4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C} - C:\PROGRA~1\MEGAUP~1\MEGAUP~1.DLL
O3 - Toolbar: Yahoo! 工具列 - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [Part browse safe hold] C:\Documents and Settings\All Users\Application Data\Audio 4 part browse\stop team.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [Thunkdart] C:\DOCUME~1\MoMo\APPLIC~1\64TRAY~1\01 phone.exe
O4 - HKUS\S-1-5-19\..\Run: [ctfmon.exe] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [ctfmon.exe] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [ctfmon.exe] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [ctfmon.exe] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx
O8 - Extra context menu item: Foxy 下載 - res://C:\Program Files\Foxy\Foxy.exe/download.htm
O8 - Extra context menu item: Foxy 搜尋 - res://C:\Program Files\Foxy\Foxy.exe/search.htm
O9 - Extra button: (no name) - {09BA8F6D-CB54-424B-839C-C2A6C8E6B436} - (no file)
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O15 - ESC Trusted Zone: http://*.update.microsoft.com
O16 - DPF: {05BCE06B-A300-4C4E-A42F-4C04BCCDE63B} (TRLuncherROC Control) - http://weblogin.talesrunner.com.hk/TRLuncherROC.cab
O16 - DPF: {5C051655-FCD5-4969-9182-770EA5AA5565} (Solitaire Showdown Class) - http://messenger.zone.msn.com/bi ... owdown.cab56986.cab
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/ZH-HK/a-UNO1/GAME_UNO1.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab
O16 - DPF: {5EC7C511-CD0F-42E6-830C-1BD9882F3458} (PowerPlayer Control) - http://download.ppstream.com/bin/powerplayer.cab
O16 - DPF: {BDBDE413-7B1C-4C68-A8FF-C5B2B4090876} (F-Secure Online Scanner 3.3) - http://support.f-secure.com/ols/fscax.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/bi ... Client.cab56907.cab
O16 - DPF: {CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7} (get_atlcom Class) - http://wwwimages.adobe.com/www.a ... /acrobat/nos/gp.cab
O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab56986.cab
O16 - DPF: {F952D430-3886-4F17-886D-423B6E71450D} (MERSComputer.MersSca) - http://download1.mers.hk/primary/maths/tool/cS4S24/MERSSca.CAB
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Bonjour 服務 (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: getPlus(R) Helper - NOS Microsystems Ltd. - C:\Program Files\NOS\bin\getPlus_HelperSvc.exe
O23 - Service: iPod 服務 (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe

--
End of file - 7786 bytes

TOP

tincome

二星fun會員

Rank: 3 Rank: 3

2^# 大中小發表於 2009-2-21 21:39 只看該作者

推推!!
我用左個掃毒掃得以下圖

TOP

tincome

二星fun會員

Rank: 3 Rank: 3

3^# 大中小發表於 2009-2-23 18:49 只看該作者

推推推推推!@!#!@!#!!!

TOP

好難健康

二星fun會員

Rank: 3 Rank: 3

4^# 大中小發表於 2009-2-24 01:07 只看該作者

1.關閉系統還原, 執行Hijackthis捷徑
2.按Do a system scan only，稍等一下直至 "Scan" 變成 "Save log"
3.勾選以下項目(左方方格)，關閉除了Hijackthis.exe之外的其他視窗，按 "Fix checked"，hijackthis會提示你重啟，如在此一步驟後，可重新啟動電腦。

F3 - REG:win.ini: load=C:\WINDOWS\rundl132.exe
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O9 - Extra button: (no name) - {09BA8F6D-CB54-424B-839C-C2A6C8E6B436} - (no file)

下載 ComboFix 至桌面
http://download.bleepingcomputer.com/sUBs/ComboFix.exe

* 執行 ComboFix
注意: 為防止保安軟件將 ComboFix 錯誤列為危險檔案. 執行 ComboFix 之前請將防毒軟件及反間諜軟件暫時關閉. 另外，ComboFix 運作其間請勿執行任何程式或用滑鼠點擊 ComboFix 視窗.

Step: CFScript
* 開啟記事本,貼上以下內容

KILLALL::
File::
C:\WINDOWS\rundl132.exe

儲存--->存檔類型--->所有檔案-->檔名輸入為 CFScript.txt
把CFScript.txt 拉到 ComboxFix.exe
* ComboxFix 將會被執行
* 執行完會有報告於C:\ComboFix.txt.

Step: Report Back
* 貼上以下報告
* 如果報告太長,可以上傳到這裡http://www.box.net
* ComboFix 掃描報告 {C:\ComboFix.txt}

貼上新的Hijackthis.

TOP

tincome

二星fun會員

Rank: 3 Rank: 3

5^# 大中小發表於 2009-2-24 22:54 只看該作者

跟住做左喇
Report Back
http://www.sendspace.com/file/ycmpk7

TOP

好難健康

二星fun會員

Rank: 3 Rank: 3

6^# 大中小發表於 2009-2-25 00:12 只看該作者

Step: Uninstall ComboFix
開始>執行> 打入 combofix /u >確定

如果電腦沒有問題, 可回復防毒軟件及反間諜軟件.

TOP

tincome

二星fun會員

Rank: 3 Rank: 3

7^# 大中小發表於 2009-2-25 00:24 只看該作者

新Hijackthis
http://www.sendspace.com/file/8wvv7n

TOP

好難健康

二星fun會員

Rank: 3 Rank: 3

8^# 大中小發表於 2009-2-25 00:27 只看該作者

現在還有沒有自動關機?

TOP

tincome

二星fun會員

Rank: 3 Rank: 3

9^# 大中小發表於 2009-2-25 19:21 只看該作者

有呀仲係成日自動閞機呀

TOP

fanatic

二星fun會員

Rank: 3 Rank: 3

10^# 大中小發表於 2009-2-25 20:55 只看該作者

我都有咁ge情況

TOP

fanatic

二星fun會員

Rank: 3 Rank: 3

11^# 大中小發表於 2009-2-25 21:31 只看該作者

ComboFix 09-02-24.02 - Administrator 2009-02-10 12:13:22.1 - NTFSx86
Microsoft Windows XP Professional  5.1.2600.2.950.1.1028.18.479.239 [GMT 8:00]
執行位置: c:\documents and settings\Administrator\桌面\ComboFix.exe
.

((((((((((((((((((((((((((((((((((((((( 被刪除的檔案 )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Autorun.inf
C:\setup.exe
c:\windows\AppPatch\Custom\{deb7008b-681e-4a4a-8aae-cc833e8216ce}.sdb
c:\windows\IE4 Error Log.txt
c:\windows\system32\drivers\spoclsv.exe
c:\windows\system32\svch0st.exe

.
((((((((((((((((((((((((((((((((((((((( 驅動/服務 )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_ILVMONEYDRIVER53
-------\Service_IlvMoneyDRIVER53

(((((((((((((((((((((((((  2009-01-24 至 2009-02-24 的新的檔案  )))))))))))))))))))))))))))))))
.

2009-02-10 11:12 . 2009-02-10 11:12       <DIR>       d--------       c:\documents and settings\Administrator\Application Data\SecondLife
2009-02-10 11:10 . 2009-02-10 11:12       <DIR>       d--------       c:\program files\SecondLife
2009-01-31 02:36 . 2009-01-31 02:36       <DIR>       d--------       c:\program files\Common Files\Thunder Network
2009-01-31 02:36 . 2009-01-31 02:36       <DIR>       d--------       c:\documents and settings\All Users\Application Data\vucache
2009-01-31 02:36 . 2009-01-31 02:36       <DIR>       d--hs----       c:\documents and settings\All Users\Application Data\thunder_vod_cache
2009-01-31 02:36 . 2009-01-31 02:36       <DIR>       d--------       c:\documents and settings\All Users\Application Data\Thunder Network
2009-01-31 02:36 . 2009-01-31 03:28       1,623       --a------       c:\windows\system32\cid_store.dat
2009-01-31 02:36 . 2009-01-31 02:36       20       --a------       c:\windows\system32\pub_store.dat
2009-01-31 02:35 . 2009-01-31 02:37       <DIR>       d--------       c:\program files\Thunder Network

.
(((((((((((((((((((((((((((((((((((((((( 在三個月內被修改的檔案 ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-02-10 03:32       142,464       ----a-w       c:\windows\system32\drivers\aec.sys
2009-02-10 03:32       142,464       ----a-w       c:\windows\system32\dllcache\aec.sys
2009-02-09 15:26       ---------       d-----w       c:\program files\Foxy
2009-01-30 20:18       ---------       d-----w       c:\program files\OpenOffice.org 2.4
2009-01-30 20:16       ---------       d-----w       c:\documents and settings\Administrator\Application Data\OpenOffice.org2
2009-01-20 21:24       ---------       d--h--w       c:\program files\InstallShield Installation Information
2009-01-02 08:37       2,560       ----a-w       c:\windows\_MSRSTRT.EXE
2009-01-02 08:36       ---------       d-----w       c:\program files\CursorXP
.

------- Sigcheck -------

2006-04-20 19:51  359808  b4e29943b4b04bd5e7381546848e6669       c:\windows\system32\dllcache\tcpip.sys
2006-04-20 19:51  359808  b4e29943b4b04bd5e7381546848e6669       c:\windows\system32\drivers\tcpip.sys
.
((((((((((((((((((((((((((((((((((((( 重要登入點 ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*注意* 空白與合法缺省登錄將不會被顯示
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2004-08-04 15360]
"MsnMsgr"="c:\program files\Windows Live\Messenger\MsnMsgr.Exe" [2007-10-18 5724184]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2008-11-10 68856]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"BigDogPath"="c:\windows\VM_STI.EXE" [2003-01-21 40960]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2008-06-12 34672]
"x3"="c:\windows\system32\shellext\svchost.exe" [2008-12-10 650441]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="c:\windows\system32\CTFMON.EXE" [2004-08-04 15360]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoThumbnailCache"= 1 (0x1)
"ForceStartMenuLogOff"= 1 (0x1)
"NoResolveTrack"= 1 (0x1)

[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]
"NoThumbnailCache"= 1 (0x1)
"ForceStartMenuLogOff"= 1 (0x1)
"NoResolveTrack"= 1 (0x1)

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000001
"UpdatesDisableNotify"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"c:\\WINDOWS\\system32\\sessmgr.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=
"c:\\Program Files\\Foxy\\Foxy.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"10696:TCP"= 10696:TCP:BitCometLite 10696 TCP
"10696:UDP"= 10696:UDP:BitCometLite 10696 UDP
"3073:TCP"= 3073:TCP:Foxy (192.168.1.100:3073) 3073 TCP
"3073:UDP"= 3073:UDP:Foxy (192.168.1.100:3073) 3073 UDP

R?2 jjyvhe;jjyvhe;c:\windows\system32\svchost.exe -kjjyvhe --> c:\windows\system32\svchost.exe -kjjyvhe [?]
R0 ahci8086;ahci8086;c:\windows\system32\drivers\ahci8086.sys [2006-10-28 119808]
R0 CSB6IDE;CSB6IDE;c:\windows\system32\drivers\csb6ide.sys [2006-10-28 2802]
S0 ARCSAS;ARCSAS;c:\windows\system32\DRIVERS\arcsas.sys --> c:\windows\system32\DRIVERS\arcsas.sys [?]
S0 QL2300;QL2300;c:\windows\system32\drivers\ql2300.sys [2006-10-28 167424]
S3 dump_wmimmc;dump_wmimmc;\??\c:\windows\Nostale\GameGuard\dump_wmimmc.sys --> c:\windows\Nostale\GameGuard\dump_wmimmc.sys [?]
S3 w550obex;Sony Ericsson W550 USB WMC OBEX Interface Drivers;c:\windows\system32\DRIVERS\w550obex.sys --> c:\windows\system32\DRIVERS\w550obex.sys [?]

.

TOP

tincome

二星fun會員

Rank: 3 Rank: 3

12^# 大中小發表於 2009-2-25 22:31 只看該作者

bb王你自己開一個psot唔好係我個post度問啦

TOP

好難健康

二星fun會員

Rank: 3 Rank: 3

13^# 大中小發表於 2009-3-6 09:06 只看該作者

現在還有沒有自動關機?

TOP

tincome

二星fun會員

Rank: 3 Rank: 3

14^# 大中小發表於 2009-3-6 09:09 只看該作者

有呀仲係成日自動閞機呀

TOP

tincome

二星fun會員

Rank: 3 Rank: 3

15^# 大中小發表於 2009-3-6 09:17 只看該作者

bb王你自己開一個psot唔好係我個post度問啦

TOP

中毒好深 成日自動關機(HijackThis)

中毒好深 成日自動關機(HijackThis)

中毒好深成日自動關機(HijackThis)

中毒好深成日自動關機(HijackThis)