標題:
window file 有問題(中毒)uhthn麻煩幫幫手
[打印本頁]
作者:
小羊
時間:
2009-4-19 16:52
標題:
window file 有問題(中毒)uhthn麻煩幫幫手
我想問 如果我個防毒check到window system32入邊有file(oodbs.exe.VIR) 中左毒
可以點做? 唔del得既話 應該fix? and點fix?
唔該幫幫手!!uhthn見字麻煩幫幫手 我係冒名而來
以下係HijackThis check既log
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 上午 11:53:55, on 2009/4/9
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2
Boot mode: Normal
Running processes:
D:\WINDOWS\System32\smss.exe
D:\WINDOWS\system32\winlogon.exe
D:\WINDOWS\system32\services.exe
D:\WINDOWS\system32\lsass.exe
D:\WINDOWS\system32\svchost.exe
D:\WINDOWS\System32\svchost.exe
D:\WINDOWS\system32\svchost.exe
D:\WINDOWS\system32\spoolsv.exe
D:\WINDOWS\Explorer.EXE
D:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
D:\Program Files\Bonjour\mDNSResponder.exe
D:\Program Files\Nero\Nero 7\InCD\InCDsrv.exe
D:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\PowerDVD\PDVDServ.exe
D:\WINDOWS\system32\oodag.exe
D:\Program Files\CyberLink\Shared Files\RichVideo.exe
D:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
D:\Program Files\Nero\Nero 7\InCD\NBHGui.exe
D:\Program Files\Nero\Nero 7\InCD\InCD.exe
D:\WINDOWS\system32\RUNDLL32.EXE
D:\WINDOWS\RTHDCPL.EXE
D:\WINDOWS\system32\svchost.exe
D:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\TP-LINK\TL-WN310G_350G_351Gv5.0_TL-WN360Gv1.0\TWCU.exe
D:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\iTunes\iTunesHelper.exe
D:\PROGRA~1\Nokia\NOKIAP~1\LAUNCH~1.EXE
C:\Program Files\Filseclab\Twister\twister.exe
D:\WINDOWS\system32\ctfmon.exe
D:\Program Files\Windows Live\Messenger\msnmsgr.exe
D:\Program Files\Common Files\PCSuite\Services\ServiceLayer.exe
D:\Program Files\PPStream\ppsap.exe
D:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
D:\Program Files\Common Files\Filseclab\FilMsg.exe
D:\Program Files\iPod\bin\iPodService.exe
D:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
D:\Program Files\Windows Live\Contacts\wlcomm.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\TTPlayer\TTPlayer.exe
D:\Documents and Settings\Administrator\桌面\HijackThis.exe
D:\WINDOWS\System32\NOTEPAD.EXE
D:\WINDOWS\system32\wuauclt.exe
接下
作者:
小羊
時間:
2009-4-19 17:45
R3 - URLSearchHook: Yahoo!奇摩捷徑列 - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O2 - BHO: HP Print Enhancer - {0347C33E-8762-4905-BF09-768834316C61} - D:\Program Files\HP\Smart Web Printing\hpswp_printenhancer.dll
O2 - BHO: HP Print Clips - {053F9267-DC04-4294-A72C-58F732D338C0} - D:\Program Files\HP\Smart Web Printing\hpswp_framework.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - D:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: IEVkbdBHO - {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - D:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\ievkbd.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - D:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SearchHelper.dll
O2 - BHO: Windows Live 登入小幫手 - {9030D464-4C02-4ABF-8ECC-5164760863C6} - D:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Windows Live Toolbar Helper - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - D:\Program Files\Windows Live\Toolbar\wltcore.dll
O3 - Toolbar: &Windows Live Toolbar - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - D:\Program Files\Windows Live\Toolbar\wltcore.dll
O4 - HKLM\..\Run: [IMJPMIG8.1] "D:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [PHIME2002ASync] D:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] D:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [LanguageShortcut] "C:\Program Files\PowerDVD\Language\Language.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] D:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [SecurDisc] D:\Program Files\Nero\Nero 7\InCD\NBHGui.exe
O4 - HKLM\..\Run: [InCD] D:\Program Files\Nero\Nero 7\InCD\InCD.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE D:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE D:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [HP Software Update] D:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [TWCU] "C:\Program Files\TP-LINK\TL-WN310G_350G_351Gv5.0_TL-WN360Gv1.0\TWCU.exe" -nogui
O4 - HKLM\..\Run: [TkBellExe] "D:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [AppleSyncNotifier] D:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe
O4 - HKLM\..\Run: [QuickTime Task] "D:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [PCSuiteTrayApplication] D:\PROGRA~1\Nokia\NOKIAP~1\LAUNCH~1.EXE -startup
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [AVP] "D:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\avp.exe"
O4 - HKLM\..\Run: [twister] "C:\Program Files\Filseclab\Twister\twister.exe" -a
O4 - HKCU\..\Run: [ctfmon.exe] D:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [msnmsgr] "D:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [PPS Accelerator] D:\Program Files\PPStream\ppsap.exe
O4 - HKUS\S-1-5-19\..\Run: [ctfmon.exe] ctfmon.exe (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\RunOnce: [nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [ctfmon.exe] ctfmon.exe (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [ctfmon.exe] ctfmon.exe (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunOnce: [nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [ctfmon.exe] ctfmon.exe (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunOnce: [nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'Default user')
O8 - Extra context menu item: "新增至廣告橫幅防護" - D:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\ie_banner_deny.htm
O8 - Extra context menu item: Foxy 下載 - res://C:\Program Files\Foxy\Foxy.exe/download.htm
O8 - Extra context menu item: Foxy 搜尋 - res://C:\Program Files\Foxy\Foxy.exe/search.htm
O8 - Extra context menu item: 匯出至 Microsoft Office Excel(&X) - res://D:\PROGRA~1\MICROS~1\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: 網頁流量防護狀態 - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - D:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\SCIEPlgn.dll
O9 - Extra button: 發佈至部落格 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - D:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: 使用 Windows Live Writer 發佈至部落格(&B) - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - D:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: HP 剪貼本 - {58ECB495-38F0-49cb-A538-10282ABF65E7} - D:\Program Files\HP\Smart Web Printing\hpswp_extensions.dll
O9 - Extra button: HP 智慧型選取 - {700259D7-1666-479a-93B1-3250410481E8} - D:\Program Files\HP\Smart Web Printing\hpswp_extensions.dll
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - D:\Program Files\Yahoo!\Common\yinsthelper.dll
O18 - Protocol: about - {3050F406-98B5-11CF-BB82-00AA00BDCE0B} - D:\WINDOWS\system32\mshtml.dll
O18 - Protocol: cdl - {3DD53D40-7B8B-11D0-B013-00AA0059CE02} - D:\WINDOWS\system32\urlmon.dll
O18 - Protocol: dvd - {12D51199-0DB5-46FE-A120-47A3D7D937CC} - D:\WINDOWS\system32\msvidctl.dll
O18 - Protocol: file - {79EAC9E7-BAF9-11CE-8C82-00AA004BA90B} - D:\WINDOWS\system32\urlmon.dll
O18 - Protocol: ftp - {79EAC9E3-BAF9-11CE-8C82-00AA004BA90B} - D:\WINDOWS\system32\urlmon.dll
O18 - Protocol: gopher - {79EAC9E4-BAF9-11CE-8C82-00AA004BA90B} - D:\WINDOWS\system32\urlmon.dll
O18 - Protocol: http - {79EAC9E2-BAF9-11CE-8C82-00AA004BA90B} - D:\WINDOWS\system32\urlmon.dll
O18 - Protocol: https - {79EAC9E5-BAF9-11CE-8C82-00AA004BA90B} - D:\WINDOWS\system32\urlmon.dll
O18 - Protocol: ipp - (no CLSID) - (no file)
O18 - Protocol: its - {9D148291-B9C8-11D0-A4CC-0000F80149F6} - D:\WINDOWS\system32\itss.dll
O18 - Protocol: javascript - {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - D:\WINDOWS\system32\mshtml.dll
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - D:\PROGRA~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL
O18 - Protocol: local - {79EAC9E7-BAF9-11CE-8C82-00AA004BA90B} - D:\WINDOWS\system32\urlmon.dll
O18 - Protocol: mailto - {3050F3DA-98B5-11CF-BB82-00AA00BDCE0B} - D:\WINDOWS\system32\mshtml.dll
O18 - Protocol: mhtml - {05300401-BCBC-11D0-85E3-00C04FD85AB4} - D:\WINDOWS\system32\inetcomm.dll
O18 - Protocol: mk - {79EAC9E6-BAF9-11CE-8C82-00AA004BA90B} - D:\WINDOWS\system32\urlmon.dll
O18 - Protocol: ms-its - {9D148291-B9C8-11D0-A4CC-0000F80149F6} - D:\WINDOWS\system32\itss.dll
O18 - Protocol: msdaipp - (no CLSID) - (no file)
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - D:\PROGRA~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL
O18 - Protocol: res - {3050F3BC-98B5-11CF-BB82-00AA00BDCE0B} - D:\WINDOWS\system32\mshtml.dll
O18 - Protocol: sysimage - {76E67A63-06E9-11D2-A840-006008059382} - D:\WINDOWS\system32\mshtml.dll
O18 - Protocol: tv - {CBD30858-AF45-11D2-B6D6-00C04FBBDE6E} - D:\WINDOWS\system32\msvidctl.dll
O18 - Protocol: vbscript - {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - D:\WINDOWS\system32\mshtml.dll
O18 - Protocol: wia - {13F3EA8B-91D7-4F0A-AD76-D2853AC8BECE} - D:\WINDOWS\system32\wiascr.dll
O18 - Protocol: wlmailhtml - {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - D:\Program Files\Windows Live\Mail\mailcomm.dll
O23 - Service: TP-LINK Configuration Service (ACS) - Atheros - D:\WINDOWS\system32\acs.exe
O23 - Service: Apple Mobile Device - Apple Inc. - D:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Kaspersky Internet Security (avp) - Kaspersky Lab - D:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\avp.exe
O23 - Service: Bonjour 服務 (Bonjour Service) - Apple Inc. - D:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: InCD Helper (InCDsrv) - Nero AG - D:\Program Files\Nero\Nero 7\InCD\InCDsrv.exe
O23 - Service: iPod 服務 (iPod Service) - Apple Inc. - D:\Program Files\iPod\bin\iPodService.exe
O23 - Service: NBService - Nero AG - D:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - D:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - D:\WINDOWS\system32\nvsvc32.exe
O23 - Service: O&O Defrag - O&O Software GmbH - D:\WINDOWS\system32\oodag.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - D:\Program Files\CyberLink\Shared Files\RichVideo.exe
O23 - Service: ServiceLayer - Nokia. - D:\Program Files\Common Files\PCSuite\Services\ServiceLayer.exe
--
End of file - 11437 bytes
作者:
囡囡妹@@
時間:
2009-4-21 00:25
將個文件 上傳到 呢個 網上 檢查
http://www.virustotal.com/
貼上結果
作者:
小羊
時間:
2009-4-21 04:50
首先 唔該晒你幫忙
出現以下結果 & 我個防毒(費爾托斯)出現 禁止上傳個檔案執行
""Exception
Please report failure as: ErrorTime= "Apr 10 18:41:36" ""
我有試過用其他檔案upload,係做到結果出黎
但係用個有毒既檔案(oodbs.exe.VIR)就唔得
出現以下 同埋以上""...""
""0 bytes size received / Se ha recibido un archivo vacio ""
作者:
囡囡妹@@
時間:
2009-4-22 01:10
先暫停 費爾 的檔案保護(監控)
作者:
小羊
時間:
2009-4-22 05:02
係 出左以下既結果
反病毒引擎 版本 最後更新 掃瞄結果
a-squared 4.0.0.93 2009.02.16 -
AhnLab-V3 5.0.0.2 2009.02.16 -
AntiVir 7.9.0.79 2009.02.16 -
Authentium 5.1.0.4 2009.02.15 -
Avast 4.8.1335.0 2009.02.16 -
AVG 8.0.0.237 2009.02.16 -
BitDefender 7.2 2009.02.16 -
CAT-QuickHeal 10.00 2009.02.16 -
ClamAV 0.94.1 2009.02.16 -
Comodo 978 2009.02.15 -
DrWeb 4.44.0.09170 2009.02.16 -
eSafe 7.0.17.0 2009.02.15
Suspicious File
eTrust-Vet 31.6.6358 2009.02.16 -
F-Prot 4.4.4.56 2009.02.15 -
F-Secure 8.0.14470.0 2009.02.16 -
Fortinet 3.117.0.0 2009.02.16 -
GData 19 2009.02.16 -
Ikarus T3.1.1.45.0 2009.02.16 -
K7AntiVirus 7.10.630 2009.02.14 -
Kaspersky 7.0.0.125 2009.02.16 -
McAfee 5527 2009.02.15 -
McAfee+Artemis 5527 2009.02.15 -
Microsoft 1.4306 2009.02.16 -
NOD32 3856 2009.02.16 -
Norman 6.00.02 2009.02.13 -
nProtect 2009.1.8.0 2009.02.16
Trojan/W32.Krap.112128
Panda 10.0.0.10 2009.02.15 -
PCTools 4.4.2.0 2009.02.16 -
Prevx1 V2 2009.02.16 -
Rising 21.17.02.00 2009.02.16 -
SecureWeb-Gateway 6.7.6 2009.02.16
Trojan.Crypt.LooksLike.XPACK
Sophos 4.38.0 2009.02.16 -
Sunbelt 3.2.1851.2 2009.02.12
VIPRE.Suspicious
Symantec 10 2009.02.16 -
TheHacker 6.3.2.2.258 2009.02.16 -
TrendMicro 8.700.0.1004 2009.02.16 -
VBA32 3.12.8.12 2009.02.16 -
ViRobot 2009.2.16.1609 2009.02.16 -
VirusBuster 4.5.11.0 2009.02.15 -
附加訊息
File size: 112128 bytes
MD5...: 7fe86776965e7d10585cd757165f3526
SHA1..: 8cd1b18ce9b7b25882ac37d3cfea930d04994bad
SHA256: 198383179066f7a448d0987b4307b6e22c1ca6fb90e75ef647e7c99c9bac20bd
SHA512: 6550b1d6590fdca474e32f74515fd558beee697613023e76344074bd9dd9a211
46935ac9dc8d8781d835c0581f4cc1ad7fb869ddfc6c5accfd8a42fe5db23484
ssdeep: 3072:CZ0KT7ZBOcPxg//U/KiciXqgspNm767j1jd11:a0KXPjZg//4xq5o767j1j
d1
PEiD..: -
TrID..: File type identification
Generic Win/DOS Executable (49.9%)
DOS Executable Generic (49.8%)
Autodesk FLIC Image File (extensions: flc, fli, cel) (0.1%)
PEInfo: PE Structure information
( base data )
entrypointaddress.: 0x3648c
timedatestamp.....: 0x447f7e95 (Thu Jun 01 23:56:05 2006)
machinetype.......: 0x14c (I386)
( 2 sections )
name viradd virsiz rawdsiz ntrpy md5
0x1000 0x339ac 0x19c00 8.00 c1cb635373faa611007540d8b6a22338
0x35000 0x155c 0x1600 6.58 6d3282e546d3ab932e6211d1e6b0e383
( 2 imports )
> ootmapi.dll: _OOLoadDriver@4
> NTDLL.dll: ZwDisplayString
( 0 exports )
CWSandbox info:
http://research.sunbelt-software ... d10585cd757165f3526
作者:
小羊
時間:
2009-4-23 07:05
麻煩幫幫手
問題還未解決
作者:
囡囡妹@@
時間:
2009-4-24 21:07
想問一問 你個 O&O Defrag 係官方版本 定係 破解版?
作者:
小羊
時間:
2009-4-25 01:13
我唸應該係官方的
因為呢個O&O Defrag,係我裝window隻碟入邊附帶的
作者:
小羊
時間:
2009-4-27 23:41
請盡快回覆我
這個檔案令我忐忑不安
麻煩晒
作者:
囡囡妹@@
時間:
2009-4-28 08:07
個File 我個人黎睇 , 係誤報 , 因為個File 係 O&O D .
你先 把檔案 加入 費爾既 信任名單中 / 安裝最新版 O&O
作者:
小羊
時間:
2009-4-29 08:04
唔該晒
如果話 我不太常用O&O D這個程式
而這個屬於危險的檔案又因他而起
我可唔可以uninstall左佢?
歡迎光臨 UFunFun 討論區 (http://www.ufunfun.com/)
Powered by Discuz! 6.0.0