我用nod32 scan左有幾隻名出左黎, 感謝幫忙
1.Win32/Wigon trogan
2.win32/Joleee.NF worm
3.a variant of Win 32/ Waledac.HI trogan
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 下午 10:39:15, on 2009/3/15
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2
Boot mode: Normal
Running processes:
G:\WINDOWS\System32\smss.exe
G:\WINDOWS\system32\winlogon.exe
G:\WINDOWS\system32\services.exe
G:\WINDOWS\system32\lsass.exe
G:\WINDOWS\system32\Ati2evxx.exe
G:\WINDOWS\system32\svchost.exe
G:\WINDOWS\System32\svchost.exe
G:\WINDOWS\system32\spoolsv.exe
G:\WINDOWS\system32\Ati2evxx.exe
G:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
G:\Program Files\Bonjour\mDNSResponder.exe
G:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
G:\Program Files\GIGABYTE\EnergySaver\GSvr.exe
G:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
G:\Program Files\Google\Update\GoogleUpdate.exe
G:\Program Files\Eset\nod32krn.exe
G:\Program Files\Raxco\PerfectDisk\PDAgent.exe
G:\WINDOWS\system32\svchost.exe
G:\Program Files\UPHClean\uphclean.exe
G:\Program Files\Raxco\PerfectDisk\PDEngine.exe
G:\WINDOWS\Explorer.EXE
G:\Program Files\Eset\nod32kui.exe
G:\WINDOWS\RTHDCPL.EXE
G:\WINDOWS\SOUNDMAN.EXE
G:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
G:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe
G:\Program Files\iTunes\iTunesHelper.exe
G:\WINDOWS\FixCamera.exe
G:\WINDOWS\vsnpstd3.exe
G:\WINDOWS\tsnpstd3.exe
G:\WINDOWS\system32\ctfmon.exe
G:\Program Files\Messenger\msmsgs.exe
G:\Program Files\iPod\bin\iPodService.exe
G:\Program Files\Common Files\Nikon\Monitor\NkMonitor.exe
G:\WINDOWS\system32\cmd.exe
G:\WINDOWS\services.exe
G:\WINDOWS\system32\svchost.exe
G:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R3 - URLSearchHook: DeviceVM Url Search Hook - {0063BF63-BFFF-4B8F-9D26-4267DF7F17DD} - G:\WINDOWS\system32\dvmurl.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - G:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - G:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: FDMIECookiesBHO Class - {CC59E0F9-7E43-44FA-9FAA-8377850BF205} - G:\Program Files\Free Download Manager\iefdm2.dll
O2 - BHO: ALiBaBar_Helper - {CE439C63-384A-747A-A357-23D96B5D652B} - G:\PROGRA~1\ALiBaBar\ALiBaBar.dll
O3 - Toolbar: ALiBaBar - {0A1375E1-56C2-11D6-8E45-8933A0FB5235} - G:\PROGRA~1\ALiBaBar\ALiBaBar.dll
O3 - Toolbar: DAEMON Tools Toolbar - {32099AAC-C132-4136-9E9A-4E364A424E17} - G:\Program Files\DAEMON Tools Toolbar\DTToolbar.dll
O4 - HKLM\..\Run: [IMJPMIG8.1] "G:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "G:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [nod32kui] "G:\Program Files\Eset\nod32kui.exe" /WAITSERVICE
O4 - HKLM\..\Run: [CJIMETIPSYNC] G:\Program Files\Common Files\Microsoft Shared\IME\IMTC65\CHANGJIE\CINTLCFG.EXE /CJIMETIPSync
O4 - HKLM\..\Run: [PHIMETIPSYNC] G:\Program Files\Common Files\Microsoft Shared\IME\IMTC65\PHONETIC\TINTLCFG.EXE /PHIMETIPSync
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [AlcWzrd] ALCWZRD.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [GEST] m点\?
O4 - HKLM\..\Run: [StartCCC] "G:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
O4 - HKLM\..\Run: [QuickTime Task] "G:\Program Files\QuickTime Alternative\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "G:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [FixCamera] G:\WINDOWS\FixCamera.exe
O4 - HKLM\..\Run: [snpstd3] G:\WINDOWS\vsnpstd3.exe
O4 - HKLM\..\Run: [tsnpstd3] G:\WINDOWS\tsnpstd3.exe
O4 - HKLM\..\Run: [services] G:\WINDOWS\services.exe
O4 - HKCU\..\Run: [ctfmon.exe] G:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "G:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [DAEMON Tools Lite] "G:\Program Files\DAEMON Tools Lite\daemon.exe" -autorun
O4 - HKCU\..\Run: [services] G:\WINDOWS\services.exe
O4 - HKLM\..\Policies\Explorer\Run: [services] G:\WINDOWS\services.exe
O4 - HKCU\..\Policies\Explorer\Run: [services] G:\WINDOWS\services.exe
O4 - HKUS\S-1-5-19\..\Run: [ctfmon.exe] G:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [ctfmon.exe] G:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [ctfmon.exe] G:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\Policies\Explorer\Run: [services] G:\WINDOWS\services.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [ctfmon.exe] G:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - HKUS\.DEFAULT\..\Policies\Explorer\Run: [services] G:\WINDOWS\services.exe (User 'Default user')
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Toolbars\Restrictions present
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Toolbars\Restrictions present
O8 - Extra context menu item: Foxy 下載 - res://G:\Program Files\Foxy\Foxy.exe/download.htm
O8 - Extra context menu item: Foxy 搜尋 - res://G:\Program Files\Foxy\Foxy.exe/search.htm
O8 - Extra context menu item: Locate Spot on Map by GPS - G:\Program Files\Opanda\IExif 2.3\IExifMap.htm
O8 - Extra context menu item: View Exif/GPS/IPTC with IExif - G:\Program Files\Opanda\IExif 2.3\IExifCom.htm
O8 - Extra context menu item: 使用 FDM 下載 - file://G:\Program Files\Free Download Manager\dllink.htm
O8 - Extra context menu item: 使用 FDM 下載影片 - file://G:\Program Files\Free Download Manager\dlfvideo.htm
O8 - Extra context menu item: 使用 FDM 下載所有項目 - file://G:\Program Files\Free Download Manager\dlall.htm
O8 - Extra context menu item: 使用 FDM 下載選取項目 - file://G:\Program Files\Free Download Manager\dlselected.htm
O8 - Extra context menu item: 剪貼簿文字: 簡 > 繁 - res://G:\Program Files\ALiBaBar\ALiBaBar.dll/RT_HTML/ClipToTrad
O8 - Extra context menu item: 剪貼簿文字: 繁 > 簡 - res://G:\Program Files\ALiBaBar\ALiBaBar.dll/RT_HTML/ClipToSim
O8 - Extra context menu item: 匯出至 Microsoft Office Excel(&X) - res://G:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: 網頁: [簡體] 顯示 - res://G:\Program Files\ALiBaBar\ALiBaBar.dll/RT_HTML/PageToSim
O8 - Extra context menu item: 網頁: [繁體] 顯示 - res://G:\Program Files\ALiBaBar\ALiBaBar.dll/RT_HTML/PageToTrad
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - G:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java 主控台 - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - G:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: (no name) - {09BA8F6D-CB54-424B-839C-C2A6C8E6B436} - (no file)
O9 - Extra button: 參考資料 - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - G:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - G:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - G:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - G:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - G:\Program Files\Messenger\msmsgs.exe
O23 - Service: Apple Mobile Device - Apple Inc. - G:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - G:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - G:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Bonjour 服務 (Bonjour Service) - Apple Inc. - G:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Cisco Systems, Inc. VPN Service (CVPND) - Cisco Systems, Inc. - G:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
O23 - Service: GEST Service for program management. (GEST Service) - Unknown owner - G:\Program Files\GIGABYTE\EnergySaver\GSvr.exe
O23 - Service: Google Update Service (gupdate1c984902d7df4da) (gupdate1c984902d7df4da) - Google Inc. - G:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - G:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod 服務 (iPod Service) - Apple Inc. - G:\Program Files\iPod\bin\iPodService.exe
O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - G:\Program Files\Eset\nod32krn.exe
O23 - Service: PDAgent - Raxco Software, Inc. - G:\Program Files\Raxco\PerfectDisk\PDAgent.exe
O23 - Service: PDEngine - Raxco Software, Inc. - G:\Program Files\Raxco\PerfectDisk\PDEngine.exe
--
End of file - 8908 bytes