廣告廣告
  加入我的最愛 設為首頁 風格修改
首頁 首尾
 手機版   訂閱   地圖  簡體 
您是第 5076 個閱讀者
 
發表文章 發表投票 回覆文章
  可列印版   加為IE收藏   收藏主題   上一主題 | 下一主題   
tinisme
數位造型
個人文章 個人相簿 個人日記 個人地圖
路人甲
級別: 路人甲 該用戶目前不上站
推文 x0 鮮花 x0
分享: 轉寄此文章 Facebook Plurk Twitter 複製連結到剪貼簿 轉換為繁體 轉換為簡體 載入圖片
推文 x0
[問題討論] 求助 TROJAN.MAGANIA.OH 病毒
我的電腦中毒了

有個病毒名字:TROJAN.MAGANIA.OH

我用的是EWIDO下載下來的防毒軟體

怎麼殺也殺不掉= =

PO上我的SRELOG

如下

順帶一提.電腦有可能格式化後仍有病毒嗎?

還有 像FOXY.BT.CB.這類的傳輸軟體為何容易使電腦中毒?

煩請告知 感謝

複製程式

2007-10-19,23:47:15

System Repair Engineer 2.5.16.900
Smallfrogs ([url]http://www.KZTechs.com[/url])

Windows XP Professional  (Build 2600) - 管理許可權用戶 - 完整功能

以下內容被選中:
    所有的啟動項目(包括註冊表、開機檔案夾、服務等)
    流覽器載入項
    正在運行的進程(包括進程模組資訊)
    文件關聯
    Winsock 提供者
    Autorun.inf
    HOSTS 文件
    進程特權掃描


啟動專案
註冊表
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
    <ctfmon.exe><C:\WINDOWS\System32\ctfmon.exe>  [(Verified)Microsoft Windows XP Publisher]
    <Yahoo! Pager><"C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet>  [(Verified)Yahoo! Inc.]
    <ezHelper><C:\Program Files\ezHelper\ezHelper.exe 300>  [N/A]
    <EPSON Stylus C45 Series><C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I3T1.EXE /P23 "EPSON Stylus C45 Series" /M "Stylus C45" /EF "HKCU">  [(Verified)Microsoft Windows Hardware Compatibility Publisher]
    <MsnMsgr><"C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background>  [(Verified)Microsoft Corporation]
    <AdobeUpdater><C:\Program Files\Common Files\Adobe\Updater5\AdobeUpdater.exe>  [N/A]
    <DAEMON Tools><"C:\Documents and Settings\All Users\Favorites\DAEMON Tools\daemon.exe" -lang 1033>  [(Verified)DAEMON Tools Code Signing Services]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
    <IMJPMIG8.1><C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE /Spoil /RemAdvDef /Migration32>  [(Verified)Microsoft Windows XP Publisher]
    <C-Media Mixer><Mixer.exe /startup>  [(Verified)Microsoft Windows Hardware Compatibility Publisher, E=""]
    <EPSON Stylus C45 Series><C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I3T1.EXE /P23 "EPSON Stylus C45 Series" /O6 "USB001" /M "Stylus C45">  [(Verified)Microsoft Windows XP Publisher]
    <NVRTCLK><C:\WINDOWS\System32\NVRTCLK\NVRTClk.exe>  []
    <PathNvidiaTV><C:\Program Files\Gigabyte\Nvidia\patchnvidiaTVout.exe>  [N/A]
    <CJIMETIPSYNC><C:\Program Files\Common Files\Microsoft Shared\IME\IMTC65\CHANGJIE\CINTLCFG.EXE /CJIMETIPSync>  [(Verified)Microsoft Corporation]
    <PHIMETIPSYNC><C:\Program Files\Common Files\Microsoft Shared\IME\IMTC65\PHONETIC\TINTLCFG.EXE /PHIMETIPSync>  [(Verified)Microsoft Corporation]
    <TkBellExe><"C:\Program Files\Common Files\Real\Update_OB\realsched.exe"  -osboot>  [(Verified)"RealNetworks, Inc."]
    <QuickTime Task><"C:\Program Files\QuickTime\qttask.exe" -atboottime>  [Apple Inc.]
    <SunJavaUpdateSched><"C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe">  [(Verified)"Sun Microsystems, Inc."]
    <ClubBox><>  [N/A]
    <DiskMan32><C:\WINDOWS\dbpgoq.exe>  [N/A]
    <Kvsc3><C:\WINDOWS\Kvsc3.exe>  []
    <AVPSrv><C:\WINDOWS\AVPSrv.exe>  []
    <mppds><C:\WINDOWS\mppds.exe>  []
    <MsIMMs32><C:\WINDOWS\MsIMMs32.exe>  []
    <cmdbcs><C:\WINDOWS\cmdbcs.exe>  []
    <upxdnd><C:\WINDOWS\upxdnd.exe>  []
    <msccrt><C:\WINDOWS\msccrt.exe>  []
    <DbgHlp32><C:\WINDOWS\DbgHlp32.exe>  []
    <WinSysM><C:\WINDOWS\IGM.exe>  []
    <MsPrint32D><C:\WINDOWS\MsPrint32D.exe>  []
    <GenProtect><C:\WINDOWS\GenProtect.exe>  []
    <NVDispDrv><C:\WINDOWS\NVDispDrv.exe>  []
    <MFMJ><C:\WINDOWS\System32\MFMJEXE.exe>  []
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run]
    <MSDEG32><LYLoader.exe>  []
    <MSDWG32><LYLoadbr.exe>  [N/A]
    <MSDCG32    ><LYLeador.exe>  [N/A]
    <MSDOG32><LYLoador.exe>  [N/A]
    <MSDSG32><LYLoadar.exe>  [N/A]
    <MSDMG32><LYLoadmr.exe>  []
    <MSDHG32><LYLoadhr.exe>  [N/A]
    <MSDQG32><LYLoadqr.exe>  [N/A]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
    <shell><Explorer.exe>  [(Verified)Microsoft Windows XP Publisher]
    <Userinit><C:\WINDOWS\System32\UserInit.exe,>  [(Verified)Microsoft Windows XP Publisher]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Windows]
    <AppInit_DLLs><winforms.dll>  []
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
    <UIHost><logonui.exe>  [(Verified)Microsoft Windows XP Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
    <{C4B7477C-5A95-4415-B882-9AB33EE116E5}><C:\WINDOWS\hELp\529141B59150.DLL>  []
    <{AEB6717E-7E19-11d0-97EE-00C04FD91974}><winforms.dll>  []
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{2C7339CF-2B09-4501-B3F3-F3508C9228ED}]
    <Themes Setup><%SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll>  [N/A]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{44BBA840-CC51-11CF-AAFA-00AA00B6015C}]
    <Microsoft Outlook Express 6><"%ProgramFiles%\Outlook Express\setup50.exe" /APP:OE /CALLER:WINNT /user /install>  [N/A]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{44BBA842-CC51-11CF-AAFA-00AA00B6015B}]
    <NetMeeting 3.01><rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msnetmtg.inf,NetMtg.Install.PerUser.NT>  [(Verified)Microsoft Windows Component Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{5945c046-1e7d-11d1-bc44-00c04fd912be}]
    <Windows Messenger 4.0><rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msmsgs.inf,BLC.Install.PerUser>  [(Verified)Microsoft Windows XP Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{6BF52A52-394A-11d3-B153-00C04F79FAA6}]
    <Microsoft Windows Media Player><rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\wmp.inf,PerUserStub>  []
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{7790769C-0471-11d2-AF11-00C04FA35D02}]
    <Address Book 6><"%ProgramFiles%\Outlook Express\setup50.exe" /APP:WAB /CALLER:WINNT /user /install>  [N/A]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{89B4C1CD-B018-4511-B0A1-5476DBF70820}]
    <N/A><C:\WINDOWS\System32\Rundll32.exe C:\WINDOWS\System32\mscories.dll,Install>  [Microsoft Corporation]

==================================
開機檔案夾
N/A

==================================
服務
[2E5F809D / 2E5F809D][Stopped/Auto Start]
  <C:\WINDOWS\System32\26D35C54.EXE -k><Microsoft Corporation>
[AA6AFD52 / AA6AFD52][Stopped/Auto Start]
  <C:\WINDOWS\System32\BCC1F729.EXE -k><Microsoft Corporation>
[Google Updater Service / gusvc][Stopped/Manual Start]
  <"C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe"><N/A>
[Human Interface Device Access / HidServ][Stopped/Disabled]
  <C:\WINDOWS\System32\svchost.exe -k netsvcs-->%SystemRoot%\System32\hidserv.dll><N/A>
[NOTEPAD / NOTEPAD][Stopped/Auto Start]
  <C:\WINDOWS\NOTEPAD.com><N/A>
[Remote Packet Capture Protocol v.0 (experimental) / rpcapd][Stopped/Manual Start]
  <"C:\Program Files\WinPcap\rpcapd.exe" -d -f "C:\Program Files\WinPcap\rpcapd.ini"><N/A>
[winlogrt / winlogrt][Stopped/Auto Start]
  <C:\WINDOWS\winlogrt.bat><N/A>
[Portable Media Serial Number Service / WmdmPmSN][Stopped/Manual Start]
  <C:\WINDOWS\System32\svchost.exe -k netsvcs-->C:\WINDOWS\System32\mspmsnsv.dll><Microsoft Corporation>
[WMI Performance Adaptei / WmiApSiv][Stopped/Auto Start]
  <C:\WINDOWS\winlogon.exe><N/A>

==================================
驅動程式
[cdgfyhgbnhgfvfredcvfgtrtyhjuim / cdgfyhgbnhgfvfredcvfgtrtyhjuim][Stopped/Manual Start]
  <\??\C:\WINDOWS\System32\wincab.sys><N/A>
[C-Media PCI Audio Driver (WDM) / cmpci][Running/Manual Start]
  <system32\drivers\cmaudio.sys><C-Media Inc>
[cvcbhyjhgbvgfredfrtgfvbgtyhgbhg / cvcbhyjhgbvgfredfrtgfvbgtyhgbhg][Stopped/Manual Start]
  <\??\C:\WINDOWS\System32\wincab.sys><N/A>
[dfgtvbnhjuiokjhgtrfdcxswert / dfgtvbnhjuiokjhgtrfdcxswert][Stopped/Manual Start]
  <\??\C:\WINDOWS\System32\wincab.sys><N/A>
[dfgvbnhjuiklopoiuythgfvcdewsazxsdf / dfgvbnhjuiklopoiuythgfvcdewsazxsdf][Stopped/Manual Start]
  <\??\C:\WINDOWS\System32\wincab.sys><N/A>
[VIA PCI 10/100Mb Fast Ethernet Adapter NT Driver / FETNDIS][Running/Manual Start]
  <System32\DRIVERS\fetnd5.sys><VIA Technologies, Inc.>
[gjladtnbfhyipeqadgvxnmjkioygvg / gjladtnbfhyipeqadgvxnmjkioygvg][Stopped/Manual Start]
  <\??\C:\WINDOWS\System32\wincab.sys><N/A>
[jyhgtrfdewqazxscvbnmjhgtuy / jyhgtrfdewqazxscvbnmjhgtuy][Stopped/Manual Start]
  <\??\C:\WINDOWS\System32\wincab.sys><N/A>
[NetGroup Packet Filter Driver / NPF][Stopped/Manual Start]
  <system32\drivers\npf.sys><CACE Technologies>
[npkcrypt / npkcrypt][Stopped/Manual Start]
  <\??\D:\Line\npkcrypt.sys><N/A>
[NPPTNT2 / NPPTNT2][Stopped/Manual Start]
  <\??\C:\WINDOWS\System32\npptNT2.sys><INCA Internet Co., Ltd.>
[nv4 / nv4][Running/Manual Start]
  <System32\DRIVERS\nv4.sys><NVIDIA Corporation>
[直接平行連接埠連結驅動程式 / Ptilink][Running/Manual Start]
  <System32\DRIVERS\ptilink.sys><Parallel Technologies, Inc.>
[Secdrv / Secdrv][Stopped/Manual Start]
  <System32\DRIVERS\secdrv.sys><N/A>
[Prolific Serial port driver / Ser2pl][Stopped/Manual Start]
  <System32\DRIVERS\ser2pl.sys><Prolific Technology Inc.>
[StarForce Protection Environment Driver (version 1.x.a) / sfdrv01a][Running/Boot Start]
  <\SystemRoot\System32\drivers\sfdrv01a.sys><Protection Technology (StarForce)>
[StarForce Protection Helper Driver (version 2.x) / sfhlp02][Running/Boot Start]
  <\SystemRoot\System32\drivers\sfhlp02.sys><Protection Technology (StarForce)>
[StarForce Protection Synchronization Driver (version 4.x) / sfsync04][Running/Boot Start]
  <\SystemRoot\System32\drivers\sfsync04.sys><Protection Technology (StarForce)>
[sptd / sptd][Running/Boot Start]
  <\SystemRoot\System32\Drivers\sptd.sys><N/A>
[werch / werch][Stopped/Manual Start]
  <\??\C:\WINDOWS\System32\wincab.sys><N/A>
[werdfcvbghnmjkloiuyuioplkjhgbnvfh / werdfcvbghnmjkloiuyuioplkjhgbnvfh][Stopped/Manual Start]
  <\??\C:\WINDOWS\System32\wincab.sys><N/A>
[zxsdertygbvbnmjklopiuy / zxsdertygbvbnmjklopiuy][Stopped/Manual Start]
  <\??\C:\WINDOWS\System32\wincab.sys><N/A>

==================================
流覽器載入項
[Megaupload Toolbar]
  {4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C} <C:\PROGRA~1\MEGAUP~1\MEGAUP~1.DLL, MEGAUPLOAD                                   >
[SSVHelper Class]
  {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} <C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll, Sun Microsystems, Inc.>
[Google Toolbar Helper]
  {AA58ED58-01DD-4d91-8333-CF10577473F7} <c:\program files\google\googletoolbar1.dll, N/A>
[Java Plug-in 1.6.0_01]
  {08B0E5C0-4FCB-11CF-AAA5-00401C608501} <C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll, Sun Microsystems, Inc.>
[參考資料(&R)]
  {92780B25-18CC-41C8-B9BE-3C9C571A8263} <C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL, Microsoft Corporation>
[收音機(&R)]
  {8E718888-423F-11D2-876E-00A0C9082467} <C:\WINDOWS\System32\msdxm.ocx, Microsoft Corporation>
[&Google]
  {2318C2B1-4965-11d4-9B18-009027A5CD4F} <c:\program files\google\googletoolbar1.dll, N/A>
[Megaupload Toolbar]
  {4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C} <C:\PROGRA~1\MEGAUP~1\MEGAUP~1.DLL, MEGAUPLOAD                                   >
[QuickTime Object]
  {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} <C:\Program Files\QuickTime\QTPlugin.ocx, N/A>
[Shockwave ActiveX Control]
  {166B1BCA-3F9C-11CF-8075-444553540000} <C:\WINDOWS\System32\macromed\Director\SwDir.dll, Adobe Systems, Inc.>
[ewidoOnlineScan Control]
  {193C772A-87BE-4B19-A7BB-445B226FE9A1} <C:\WINDOWS\DOWNLO~1\EWIDOO~1.DLL, Anti-Malware Development a.s.>
[DataStorage Class]
  {3AC7F64E-6154-47B0-82B5-764ED4077F77} <C:\WINDOWS\Downloaded Program Files\DataStore.dll, Unihub Limited>
[Java Plug-in 1.6.0_01]
  {8AD9C840-044E-11D1-B3E9-00805F499D93} <C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll, Sun Microsystems, Inc.>
[NowStarter Control]
  {A22B8FD2-4CAA-4EFB-82F7-680CD656D9B0} <C:\WINDOWS\DOWNLO~1\GNOWST~1.OCX, (C) NOWCOM>
[NeffyLauncherCtl Class]
  {AA07EBD2-EBDD-4BD6-9F8F-114BD513492C} <C:\WINDOWS\Downloaded Program Files\NeffyLauncher.dll, CDNetworks>
[Java Plug-in 1.6.0_01]
  {CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA} <C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll, Sun Microsystems, Inc.>
[Java Plug-in 1.6.0_01]
  {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} <C:\Program Files\Java\jre1.6.0_01\bin\npjpi160_01.dll, Sun Microsystems, Inc.>
[Shockwave Flash Object]
  {D27CDB6E-AE6D-11CF-96B8-444553540000} <C:\WINDOWS\System32\Macromed\Flash\Flash9c.ocx, Adobe Systems, Inc.>
[DownloadManager諷秶啋璃]
  {FFBB3F3B-0A5A-4106-BE53-DFE1E2340CB1} <C:\WINDOWS\DOWNLO~1\DOWNLO~1.OCX, Akamai Technologies, Inc.>
[Foxy 下載]
  <res://C:\Program Files\Foxy\Foxy.exe/download.htm, N/A>
[Foxy 搜尋]
  <res://C:\Program Files\Foxy\Foxy.exe/search.htm, N/A>
[匯出至 Microsoft Office Excel(&X)]
  <res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000, N/A>

==================================
正在運行的進程
[PID: 672 / SYSTEM][\SystemRoot\System32\smss.exe]  [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)]
[PID: 720 / SYSTEM][\??\C:\WINDOWS\system32\csrss.exe]  [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)]
    [C:\WINDOWS\System32\7929ADBD.DLL]  [Microsoft Corporation, ]
    [C:\WINDOWS\System32\2FD06819.DLL]  [Microsoft Corporation, ]
[PID: 744 / SYSTEM][\??\C:\WINDOWS\system32\winlogon.exe]  [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)]
    [C:\WINDOWS\system32\winforms.dll]  [N/A, ]
    [C:\WINDOWS\system32\wdmaud.drv]  [Microsoft Corporation, 5.1.2600.0 (XPClient.010817-1148)]
    [C:\WINDOWS\system32\msacm32.drv]  [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)]
    [C:\WINDOWS\System32\7929ADBD.DLL]  [Microsoft Corporation, ]
    [C:\WINDOWS\System32\2FD06819.DLL]  [Microsoft Corporation, ]
[PID: 788 / SYSTEM][C:\WINDOWS\system32\services.exe]  [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)]
    [C:\WINDOWS\system32\winforms.dll]  [N/A, ]
    [C:\WINDOWS\System32\7929ADBD.DLL]  [Microsoft Corporation, ]
    [C:\WINDOWS\System32\2FD06819.DLL]  [Microsoft Corporation, ]
    [C:\WINDOWS\System32\LYMANGR.DLL]  [N/A, ]
[PID: 800 / SYSTEM][C:\WINDOWS\system32\lsass.exe]  [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)]
    [C:\WINDOWS\system32\winforms.dll]  [N/A, ]
    [C:\WINDOWS\System32\7929ADBD.DLL]  [Microsoft Corporation, ]
    [C:\WINDOWS\System32\2FD06819.DLL]  [Microsoft Corporation, ]
[PID: 972 / SYSTEM][C:\WINDOWS\system32\svchost.exe]  [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)]
    [C:\WINDOWS\system32\winforms.dll]  [N/A, ]
    [C:\WINDOWS\System32\isapir.dll]  [N/A, ]
    [C:\WINDOWS\System32\7929ADBD.DLL]  [Microsoft Corporation, ]
    [C:\WINDOWS\System32\2FD06819.DLL]  [Microsoft Corporation, ]
[PID: 1072 / SYSTEM][C:\WINDOWS\System32\svchost.exe]  [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)]
    [C:\WINDOWS\System32\winforms.dll]  [N/A, ]
    [C:\WINDOWS\System32\isapir.dll]  [N/A, ]
    [C:\WINDOWS\System32\7929ADBD.DLL]  [Microsoft Corporation, ]
    [C:\WINDOWS\System32\2FD06819.DLL]  [Microsoft Corporation, ]
[PID: 1196 / NETWORK SERVICE][C:\WINDOWS\System32\svchost.exe]  [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)]
    [C:\WINDOWS\System32\winforms.dll]  [N/A, ]
    [C:\WINDOWS\System32\7929ADBD.DLL]  [Microsoft Corporation, ]
    [C:\WINDOWS\System32\2FD06819.DLL]  [Microsoft Corporation, ]
[PID: 1208 / LOCAL SERVICE][C:\WINDOWS\System32\svchost.exe]  [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)]
    [C:\WINDOWS\System32\winforms.dll]  [N/A, ]
    [C:\WINDOWS\System32\7929ADBD.DLL]  [Microsoft Corporation, ]
    [C:\WINDOWS\System32\2FD06819.DLL]  [Microsoft Corporation, ]
    [C:\WINDOWS\System32\isapir.dll]  [N/A, ]
[PID: 1484 / tin][C:\WINDOWS\Installer\services.exe]  [N/A, ]
    [C:\WINDOWS\System32\winforms.dll]  [N/A, ]
    [C:\DOCUME~1\tin\LOCALS~1\Temp\psxmo.dll]  [N/A, ]
    [C:\WINDOWS\System32\msdll.dll]  [N/A, ]
    [C:\WINDOWS\System32\7929ADBD.DLL]  [Microsoft Corporation, ]
    [C:\WINDOWS\System32\2FD06819.DLL]  [Microsoft Corporation, ]
    [C:\WINDOWS\System32\GenProtect.dll]  [N/A, ]
    [C:\WINDOWS\System32\bvbqbr.dll]  [N/A, ]
    [C:\WINDOWS\System32\mppds.dll]  [N/A, ]
    [C:\WINDOWS\System32\MsIMMs32.dll]  [N/A, ]
    [C:\WINDOWS\System32\AVPSrv.dll]  [N/A, ]
    [C:\WINDOWS\System32\Kvsc3.dll]  [N/A, ]
[PID: 1540 / SYSTEM][C:\WINDOWS\system32\spoolsv.exe]  [Microsoft Corporation, 5.1.2600.0 (XPClient.010817-1148)]
    [C:\WINDOWS\system32\winforms.dll]  [N/A, ]
    [C:\WINDOWS\system32\EBPMON24.DLL]  [SEIKO EPSON CORPORATION, 5, 4, 0, 0]
    [C:\WINDOWS\system32\mdimon.dll]  [Microsoft Corporation, 11.3.2175.0]
    [C:\WINDOWS\System32\spool\PRTPROCS\W32X86\mdippr.dll]  [Microsoft Corporation, 11.3.2175.0]
    [C:\WINDOWS\System32\7929ADBD.DLL]  [Microsoft Corporation, ]
    [C:\WINDOWS\System32\2FD06819.DLL]  [Microsoft Corporation, ]
[PID: 1772 / tin][C:\WINDOWS\Mixer.exe]  [C-Media Electronic Inc. ([url]www.cmedia.com.tw[/url]), 1.44]
    [C:\WINDOWS\System32\wdmaud.drv]  [Microsoft Corporation, 5.1.2600.0 (XPClient.010817-1148)]
    [C:\WINDOWS\System32\msacm32.drv]  [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)]
    [C:\WINDOWS\System32\cmnprop.dll]  [C-Media Corporation, 5.00.2195.8]
    [C:\WINDOWS\System32\7929ADBD.DLL]  [Microsoft Corporation, ]
    [C:\WINDOWS\System32\2FD06819.DLL]  [Microsoft Corporation, ]
    [C:\WINDOWS\System32\winforms.dll]  [N/A, ]
    [C:\WINDOWS\System32\bvbqbr.dll]  [N/A, ]
    [C:\WINDOWS\System32\GenProtect.dll]  [N/A, ]
    [C:\WINDOWS\System32\MsIMMs32.dll]  [N/A, ]
    [C:\WINDOWS\System32\mppds.dll]  [N/A, ]
    [C:\WINDOWS\System32\AVPSrv.dll]  [N/A, ]
    [C:\WINDOWS\System32\Kvsc3.dll]  [N/A, ]
[PID: 1892 / tin][C:\Program Files\Common Files\Real\Update_OB\realsched.exe]  [RealNetworks, Inc., 0.1.0.3760]
    [C:\WINDOWS\System32\7929ADBD.DLL]  [Microsoft Corporation, ]
    [C:\WINDOWS\System32\2FD06819.DLL]  [Microsoft Corporation, ]
    [C:\WINDOWS\System32\winforms.dll]  [N/A, ]
    [C:\WINDOWS\System32\bvbqbr.dll]  [N/A, ]
    [C:\WINDOWS\System32\GenProtect.dll]  [N/A, ]
    [C:\WINDOWS\System32\MsIMMs32.dll]  [N/A, ]
    [C:\WINDOWS\System32\mppds.dll]  [N/A, ]
    [C:\WINDOWS\System32\AVPSrv.dll]  [N/A, ]
    [C:\WINDOWS\System32\Kvsc3.dll]  [N/A, ]
[PID: 1944 / tin][C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe]  [Sun Microsystems, Inc., 6.0.10.6]
    [C:\Program Files\Java\jre1.6.0_01\bin\MSVCR71.dll]  [Microsoft Corporation, 7.10.3052.4]
    [C:\WINDOWS\System32\7929ADBD.DLL]  [Microsoft Corporation, ]
    [C:\WINDOWS\System32\2FD06819.DLL]  [Microsoft Corporation, ]
[PID: 272 / tin][C:\WINDOWS\IGM.exe]  [N/A, ]
    [C:\WINDOWS\System32\7929ADBD.DLL]  [Microsoft Corporation, ]
    [C:\WINDOWS\System32\2FD06819.DLL]  [Microsoft Corporation, ]
[PID: 320 / tin][C:\WINDOWS\System32\ctfmon.exe]  [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)]
    [C:\WINDOWS\System32\winforms.dll]  [N/A, ]
    [C:\WINDOWS\System32\msdll.dll]  [N/A, ]
    [C:\WINDOWS\System32\7929ADBD.DLL]  [Microsoft Corporation, ]
    [C:\WINDOWS\System32\2FD06819.DLL]  [Microsoft Corporation, ]
    [C:\WINDOWS\System32\GenProtect.dll]  [N/A, ]
    [C:\WINDOWS\System32\bvbqbr.dll]  [N/A, ]
    [C:\WINDOWS\System32\MsIMMs32.dll]  [N/A, ]
    [C:\WINDOWS\System32\mppds.dll]  [N/A, ]
    [C:\WINDOWS\System32\AVPSrv.dll]  [N/A, ]
    [C:\WINDOWS\System32\Kvsc3.dll]  [N/A, ]
[PID: 412 / tin][C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I3T1.EXE]  [SEIKO EPSON CORPORATION, 3.00]
    [C:\WINDOWS\System32\7929ADBD.DLL]  [Microsoft Corporation, ]
    [C:\WINDOWS\System32\2FD06819.DLL]  [Microsoft Corporation, ]
    [C:\WINDOWS\System32\winforms.dll]  [N/A, ]
    [C:\WINDOWS\System32\GenProtect.dll]  [N/A, ]
    [C:\WINDOWS\System32\bvbqbr.dll]  [N/A, ]
    [C:\WINDOWS\System32\MsIMMs32.dll]  [N/A, ]
    [C:\WINDOWS\System32\mppds.dll]  [N/A, ]
    [C:\WINDOWS\System32\AVPSrv.dll]  [N/A, ]
    [C:\WINDOWS\System32\Kvsc3.dll]  [N/A, ]
[PID: 1328 / tin][C:\WINDOWS\System32\conime.exe]  [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)]
    [C:\WINDOWS\System32\7929ADBD.DLL]  [Microsoft Corporation, ]
    [C:\WINDOWS\System32\2FD06819.DLL]  [Microsoft Corporation, ]
    [C:\WINDOWS\System32\winforms.dll]  [N/A, ]
    [C:\WINDOWS\System32\bvbqbr.dll]  [N/A, ]
    [C:\WINDOWS\System32\GenProtect.dll]  [N/A, ]
    [C:\WINDOWS\System32\MsIMMs32.dll]  [N/A, ]
    [C:\WINDOWS\System32\mppds.dll]  [N/A, ]
    [C:\WINDOWS\System32\AVPSrv.dll]  [N/A, ]
    [C:\WINDOWS\System32\Kvsc3.dll]  [N/A, ]
[PID: 2000 / LOCAL SERVICE][C:\WINDOWS\System32\alg.exe]  [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)]
    [C:\WINDOWS\System32\winforms.dll]  [N/A, ]
    [C:\WINDOWS\System32\7929ADBD.DLL]  [Microsoft Corporation, ]
    [C:\WINDOWS\System32\2FD06819.DLL]  [Microsoft Corporation, ]
    [C:\WINDOWS\System32\isapir.dll]  [N/A, ]
[PID: 1244 / tin][C:\WINDOWS\System32\wuauclt.exe]  [Microsoft Corporation, 5.4.2600.0 (XPClient.010817-1148)]
    [C:\WINDOWS\System32\winforms.dll]  [N/A, ]
    [C:\WINDOWS\System32\bvbqbr.dll]  [N/A, ]
    [C:\WINDOWS\System32\GenProtect.dll]  [N/A, ]
    [C:\WINDOWS\System32\MsIMMs32.dll]  [N/A, ]
    [C:\WINDOWS\System32\mppds.dll]  [N/A, ]
    [C:\WINDOWS\System32\AVPSrv.dll]  [N/A, ]
    [C:\WINDOWS\System32\Kvsc3.dll]  [N/A, ]
[PID: 3196 / tin][C:\WINDOWS\IGM.exe]  [N/A, ]
[PID: 3348 / tin][C:\WINDOWS\IGM.exe]  [N/A, ]
[PID: 3464 / tin][C:\Program Files\Foxy\Foxy.exe]  [Foxy, Inc., 1.9.3.0]
    [C:\WINDOWS\System32\winforms.dll]  [N/A, ]
    [C:\WINDOWS\System32\msdll.dll]  [N/A, ]
    [C:\WINDOWS\System32\isapir.dll]  [N/A, ]
    [C:\WINDOWS\System32\wdmaud.drv]  [Microsoft Corporation, 5.1.2600.0 (XPClient.010817-1148)]
    [C:\WINDOWS\System32\msacm32.drv]  [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)]
    [C:\WINDOWS\System32\GenProtect.dll]  [N/A, ]
    [C:\WINDOWS\System32\bvbqbr.dll]  [N/A, ]
    [C:\WINDOWS\System32\mppds.dll]  [N/A, ]
    [C:\WINDOWS\System32\MsIMMs32.dll]  [N/A, ]
    [C:\WINDOWS\System32\AVPSrv.dll]  [N/A, ]
    [C:\WINDOWS\System32\Kvsc3.dll]  [N/A, ]
[PID: 1296 / tin][C:\Program Files\Internet Explorer\iexplore.exe]  [Microsoft Corporation, 6.00.2600.0000 (xpclient.010817-1148)]
    [C:\WINDOWS\System32\winforms.dll]  [N/A, ]
    [C:\PROGRA~1\MEGAUP~1\MEGAUP~1.DLL]  [MEGAUPLOAD                                   , 5.0.0.226]
    [C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll]  [Sun Microsystems, Inc., 6.0.10.6]
    [C:\Program Files\Java\jre1.6.0_01\bin\MSVCR71.dll]  [Microsoft Corporation, 7.10.3052.4]
    [C:\WINDOWS\System32\isapir.dll]  [N/A, ]
    [C:\Program Files\Microsoft Office\OFFICE11\msohev.dll]  [Microsoft Corporation, 11.0.5510]
    [C:\WINDOWS\System32\msdll.dll]  [N/A, ]
    [C:\WINDOWS\System32\Macromed\Flash\Flash9c.ocx]  [Adobe Systems, Inc., 9,0,45,0]
    [C:\WINDOWS\System32\wdmaud.drv]  [Microsoft Corporation, 5.1.2600.0 (XPClient.010817-1148)]
    [C:\WINDOWS\System32\msacm32.drv]  [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)]
    [C:\WINDOWS\System32\GenProtect.dll]  [N/A, ]
    [C:\WINDOWS\System32\bvbqbr.dll]  [N/A, ]
    [C:\WINDOWS\System32\mppds.dll]  [N/A, ]
    [C:\WINDOWS\System32\MsIMMs32.dll]  [N/A, ]
    [C:\WINDOWS\System32\AVPSrv.dll]  [N/A, ]
    [C:\WINDOWS\System32\Kvsc3.dll]  [N/A, ]
[PID: 852 / tin][C:\WINDOWS\IGM.exe]  [N/A, ]
[PID: 3932 / tin][C:\WINDOWS\explorer.exe]  [Microsoft Corporation, 6.00.2600.0000 (xpclient.010817-1148)]
    [C:\WINDOWS\System32\winforms.dll]  [N/A, ]
    [C:\WINDOWS\System32\7929ADBD.DLL]  [Microsoft Corporation, ]
    [C:\WINDOWS\System32\2FD06819.DLL]  [Microsoft Corporation, ]
    [C:\WINDOWS\System32\msdll.dll]  [N/A, ]
    [C:\WINDOWS\System32\isapir.dll]  [N/A, ]
    [C:\WINDOWS\System32\dfshim.dll]  [Microsoft Corporation, 2.0.50727.42 (RTM.050727-4200)]
    [C:\WINDOWS\System32\mscoree.dll]  [Microsoft Corporation, 2.0.50727.42 (RTM.050727-4200)]
    [C:\WINDOWS\System32\GenProtect.dll]  [N/A, ]
    [C:\WINDOWS\System32\bvbqbr.dll]  [N/A, ]
    [C:\WINDOWS\System32\mppds.dll]  [N/A, ]
    [C:\WINDOWS\System32\MsIMMs32.dll]  [N/A, ]
    [C:\WINDOWS\System32\AVPSrv.dll]  [N/A, ]
    [C:\WINDOWS\System32\Kvsc3.dll]  [N/A, ]
[PID: 3972 / tin][C:\Documents and Settings\tin\桌面\sreng2\SREngPS.EXE]  [Smallfrogs Studio, 2.5.16.900]
    [C:\Documents and Settings\tin\桌面\sreng2\Lang\1028.DLL]  [System Repair Engineer, 2.5.16.900]
    [C:\WINDOWS\System32\winforms.dll]  [N/A, ]
    [C:\WINDOWS\System32\msdll.dll]  [N/A, ]
    [C:\WINDOWS\System32\GenProtect.dll]  [N/A, ]
    [C:\Documents and Settings\tin\桌面\sreng2\Upload\3rdUpd.DLL]  [Smallfrogs Studio, 2, 1, 0, 15]
    [C:\WINDOWS\System32\bvbqbr.dll]  [N/A, ]
    [C:\WINDOWS\System32\isapir.dll]  [N/A, ]
    [C:\WINDOWS\System32\MsIMMs32.dll]  [N/A, ]
    [C:\WINDOWS\System32\mppds.dll]  [N/A, ]
    [C:\WINDOWS\System32\AVPSrv.dll]  [N/A, ]
    [C:\WINDOWS\System32\Kvsc3.dll]  [N/A, ]
    [C:\PROGRA~1\MICROS~2\OFFICE11\MCPS.DLL]  [Microsoft Corporation, 11.0.6551]

==================================
文件關聯
.TXT  OK. [%SystemRoot%\system32\NOTEPAD.EXE %1]
.EXE  OK. ["%1" %*]
.COM  OK. ["%1" %*]
.PIF  OK. ["%1" %*]
.REG  OK. [regedit.exe "%1"]
.BAT  OK. ["%1" %*]
.SCR  OK. ["%1" /S]
.CHM  OK. ["C:\WINDOWS\hh.exe" %1]
.HLP  OK. [%SystemRoot%\system32\winhlp32.exe %1]
.INI  OK. [%SystemRoot%\system32\NOTEPAD.EXE %1]
.INF  OK. [%SystemRoot%\system32\NOTEPAD.EXE %1]
.VBS  OK. [%SystemRoot%\System32\WScript.exe "%1" %*]
.JS   OK. [%SystemRoot%\System32\WScript.exe "%1" %*]
.LNK  OK. [{00021401-0000-0000-C000-000000000046}]

==================================
Winsock 提供者
MSAFD ICMP
    C:\WINDOWS\System32\isapir.dll(, N/A)
MSAFD ICMP
    C:\WINDOWS\System32\isapir.dll(, N/A)

==================================
Autorun.inf
[C:\]
[autorun]
shell\open=Open
shell\open\Command=C:\WINDOWS\help\529141B59150.EXE -s
open=auto.exe
shellexecute=auto.exe
shell\Auto\command=auto.exe
[D:\]
[AutoRun]
open=auto.exe
shellexecute=auto.exe
shell\Auto\command=auto.exe

==================================
HOSTS 文件
127.0.0.1       localhost

==================================
進程特權掃描
特殊特權被允許: SeLoadDriverPrivilege [PID = 744, C:\WINDOWS\SYSTEM32\WINLOGON.EXE]
特殊特權被允許: SeDebugPrivilege [PID = 1484, C:\WINDOWS\INSTALLER\SERVICES.EXE]
特殊特權被允許: SeLoadDriverPrivilege [PID = 272, C:\WINDOWS\IGM.EXE]
特殊特權被允許: SeLoadDriverPrivilege [PID = 3196, C:\WINDOWS\IGM.EXE]
特殊特權被允許: SeLoadDriverPrivilege [PID = 3348, C:\WINDOWS\IGM.EXE]
特殊特權被允許: SeLoadDriverPrivilege [PID = 3464, C:\PROGRAM FILES\FOXY\FOXY.EXE]
特殊特權被允許: SeLoadDriverPrivilege [PID = 852, C:\WINDOWS\IGM.EXE]

==================================
API HOOK
N/A

==================================
隱藏進程
N/A

==================================





獻花 x0 回到頂端 [樓 主] From:臺灣 | Posted:2007-10-20 01:49 |
upside 手機 葫蘆墩家族
個人頭像
個人文章 個人相簿 個人日記 個人地圖
特殊貢獻獎 社區建設獎 優秀管理員勳章
頭銜:反病毒 反詐騙 反虐犬   反病毒 反詐騙 反虐犬  
版主
分享: 轉寄此文章 Facebook Plurk Twitter 複製連結到剪貼簿 轉換為繁體 轉換為簡體 載入圖片

建議先安裝 正式的防毒軟來掃毒 如: 卡巴或NOD32
樓主所中之毒 相當多又複雜 一一手動刪除 會花很多時間
還是以掃毒軟體快又有效

FOXY.BT.CB.這類的傳輸軟體為何容易使電腦中毒?
A:這是一直以來 網路上最大謠言之一
並不是這些軟體容易中毒 而是你去下載來的東西 如:軟體.影片
這些才是有可能會讓使用者中毒
我仍然要說 我下載的量 相當大 甚麼都有
還沒遇過幾隻毒 這只是可能的來源之一
不過我看到你的毒 都是外來的流氓插件與U盤病毒
並非直接從網路下載所中之毒 別把所有問題 都推給 這些下載軟體
他們只是一種軟體傳輸介面軟體 他們本身沒有毒
會中毒 是你自己要去下載那些奇怪的檔案


爸爸 你一路好走
獻花 x0 回到頂端 [1 樓] From:臺灣和信超媒體寬帶網 | Posted:2007-10-20 02:38 |
tinisme
數位造型
個人文章 個人相簿 個人日記 個人地圖
路人甲
級別: 路人甲 該用戶目前不上站
推文 x0 鮮花 x0
分享: 轉寄此文章 Facebook Plurk Twitter 複製連結到剪貼簿 轉換為繁體 轉換為簡體 載入圖片

原來如此

如果這種情形

是否直接重灌會比較妥當?

畢竟我的C槽都沒什麼重要的資料

但是我怕會不斷復發= =

因為這台電腦是我們全家人在用

像我這次出門1個禮拜回來

居然掃到1000多隻毒<--都集中在C槽的系統檔案

我個人是不太使用傳輸軟體的

因為我開電腦除了上網就是玩魔獸跟星海= =

但我又無法禁止家人使用(畢竟用這些傳輸軟體既免費又方便)

而卡巴我以前有用過

但是這台電腦有點年紀了

記憶體又只有512MB

開機實在相當慢...

而這個病毒掃到的位置又在記憶體上...

我也不太清楚重灌是否有效

我目前除了EWIDO的免費防毒軟體之外

還有用趨勢科技的 SYSTEM CLEANER

想順便請問 SYSTEM CLEANER 這種簡單的掃毒軟體

是否在安全模式下才能發揮作用?

因為他LOG出來 都會顯示一些病毒無法刪除

或是大大可以推薦我ㄧ個比較不佔系統資源的防毒軟體嗎?

非常感謝 表情


獻花 x0 回到頂端 [2 樓] From:臺灣中華HiNet | Posted:2007-10-20 04:01 |
彗星風采 手機
個人頭像
個人文章 個人相簿 個人日記 個人地圖
小人物
級別: 小人物 該用戶目前不上站
推文 x0 鮮花 x24
分享: 轉寄此文章 Facebook Plurk Twitter 複製連結到剪貼簿 轉換為繁體 轉換為簡體 載入圖片

下面是引用tinisme於2007-10-20 04:01發表的 :
原來如此

如果這種情形

是否直接重灌會比較妥當?
.......
中這種U盤病毒重灌是沒有用的..而且一般針對樓主您這種情形的專殺工具也解決不了您的問題..個人是建議樓主您可先參考置頂文章線上掃毒總匯以多家掃毒交叉掃描筆對看看..如果有病毒重生或殺不掉的問題..請將中毒路徑及掃描報告貼上來..再配合SREng的Log應該就可以解決您的問題了..


獻花 x0 回到頂端 [3 樓] From:臺灣中華電信HINET | Posted:2007-10-20 05:08 |
tinisme
數位造型
個人文章 個人相簿 個人日記 個人地圖
路人甲
級別: 路人甲 該用戶目前不上站
推文 x0 鮮花 x0
分享: 轉寄此文章 Facebook Plurk Twitter 複製連結到剪貼簿 轉換為繁體 轉換為簡體 載入圖片

我把整台電腦格式化了

我也去網路抓了一些專殺U盤病毒的程式來用

目前應該沒有問題了@@

感謝你們的回覆


獻花 x0 回到頂端 [4 樓] From:臺灣中華HiNet | Posted:2007-10-25 04:49 |

首頁  發表文章 發表投票 回覆文章
Powered by PHPWind v1.3.6
Copyright © 2003-04 PHPWind
Processed in 0.061375 second(s),query:16 Gzip disabled
本站由 瀛睿律師事務所 擔任常年法律顧問 | 免責聲明 | 本網站已依台灣網站內容分級規定處理 | 連絡我們 | 訪客留言