[軟體]灌了卡巴2009和使用EFix491後不能上網

看板AntiVirus (防毒)作者ibanez99 (焦鳥頭)時間17年前 (2009/01/05 01:48)推噓4(4推 0噓 9→)

留言13則, 3人參與討論串1/1

今天用了朋友的隨身碟後，發現我好像中了隨身碟病毒因為到我的電腦開啟Ｄ槽後還會多跳出一個視窗之前電腦有灌卡巴７的版本，可是是用試用金鑰匙一個多月前就不能更新了所以就去卡巴官網下載２００９版看可不可以試用把原本安裝的刪除掉後裝新的在裝新的過程有跑出一個視窗上面顯示”正在複製檔案” 我也沒理他，不過安裝的進度停止了用工作管理員查看發現那個”正在複製檔案”的視窗沒有回應把他結束工作後就可以繼續安裝了不過安裝完重新開機到桌面後呈現籃底白字畫面，鍵盤ＬＥＤ燈也沒反應就按ＲＥＳＴ鍵，後來就可以正常使用我怕新版卡巴和我電腦不相容（ＸＰ　ＳＰ２），於是把他刪了不過電腦裡還有有隨身碟病毒，我就想起之前有在網路下載ＥＦｉｘ４９１用了之後好像有刪掉一些檔案，重新開機後我才發現我沒有網路　網路也沒被學校停權我以為是我的ＥＦｉｘ版本太舊就從別人的電腦下載較新版的４．９７５執行後好像沒有刪掉任何檔案不知道是我安裝卡巴的時候就沒網路還是用了ＥＦｉｘ之後我看控制台的網路連線已接收和已傳送的封包都是０打開防火牆顯示”無法顯示WINDOWS防火牆設定值，是否啟動ＩＣＳ服務” 按”是”之後出現”無法啟動ＩＣＳ服務” 這是４９１的ＬＯＧ 4.91 2009-01-05 00:19:20.593 [CODE] EFIX 4.91 - Administrator 2009-01-05 0:21:05.17 - NTFS Microsoft Windows XP [版本 5.1.2600] - Service Pack 2 執行位置: F:\工具\KAVO超強殺毒軟體 * 已建立系統還原點. 提示： Repair "C:\WINDOWS\SYSTEM32\DRIVERS\TDI.SYS" Failed. [Error code - Source Files not found.] ======================================================= EFix刪除的檔案列表: c:\autorun.inf c:\jg6w3yx.com c:\windows\system32\drivers\klif.sys c:\windows\system32\j3ewro.exe c:\windows\system32\jwedsfdo0.dll d:\autorun.inf d:\jg6w3yx.com e:\autorun.inf e:\jg6w3yx.com f:\autorun.inf f:\jg6w3yx.com ======================================================= EFix刪除的登錄值列表: [HKEY_CURRENT_USER\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN] "jvsoft"=- 登錄值刪除前的值. "HKEY_CURRENT_USER\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN":jvsoft C:\WINDOWS\system32\j3ewro.exe ======================================================= EFix刪除的檔案備份位置列表: c:\a.exe => C:\NEFix\backup\files\c\a.exe c:\autorun.inf => C:\NEFix\backup\files\c\autorun.inf c:\jg6w3yx.com => C:\NEFix\backup\files\c\jg6w3yx.com c:\o93ml8.bat => C:\NEFix\backup\files\c\o93ml8.bat c:\WINDOWS\system32\j3ewro.exe => C:\NEFix\backup\files\c\WINDOWS\system32\j3ewro.exe c:\WINDOWS\system32\jwedsfdo0.dll => C:\NEFix\backup\files\c\WINDOWS\system32\jwedsfdo0.dll c:\WINDOWS\system32\jwedsfdo1.dll => C:\NEFix\backup\files\c\WINDOWS\system32\jwedsfdo1.dll c:\WINDOWS\system32\kxvo.exe => C:\NEFix\backup\files\c\WINDOWS\system32\kxvo.exe c:\WINDOWS\system32\kxvo0.dll => C:\NEFix\backup\files\c\WINDOWS\system32\kxvo0.dll c:\WINDOWS\system32\kxvo1.dll => C:\NEFix\backup\files\c\WINDOWS\system32\kxvo1.dll c:\WINDOWS\system32\drivers\klif.sys => C:\NEFix\backup\files\c\WINDOWS\system32\drivers\klif.sys d:\a.exe => C:\NEFix\backup\files\d\a.exe d:\autorun.inf => C:\NEFix\backup\files\d\autorun.inf d:\jg6w3yx.com => C:\NEFix\backup\files\d\jg6w3yx.com d:\o93ml8.bat => C:\NEFix\backup\files\d\o93ml8.bat e:\a.exe => C:\NEFix\backup\files\e\a.exe e:\autorun.inf => C:\NEFix\backup\files\e\autorun.inf e:\jg6w3yx.com => C:\NEFix\backup\files\e\jg6w3yx.com e:\o93ml8.bat => C:\NEFix\backup\files\e\o93ml8.bat f:\a.exe => C:\NEFix\backup\files\f\a.exe f:\autorun.inf => C:\NEFix\backup\files\f\autorun.inf f:\jg6w3yx.com => C:\NEFix\backup\files\f\jg6w3yx.com f:\o93ml8.bat => C:\NEFix\backup\files\f\o93ml8.bat ======================================================= 各磁碟根目錄含有隱藏和系統屬性的檔案 : --sha-w 8 2006-07-07 07:49:34 E:\_desktop.ini ======================================================= Created 2008-12 -- 2009-01 Files: 2009-01-05 . 2009-01-05 00:16 d--hs---- C:\Config.Msi 2008-12-30 . 2009-01-01 23:10 d-------- C:\Documents and Settings\Administrator\咕嚕咕嚕魔法陣 2008-12-30 . 2008-12-30 16:21 --ah----- 268 C:\sqmdata04.sqm 2009-01-05 . 2009-01-05 00:04 --a------ 96976 C:\WINDOWS\SYSTEM32\DRIVERS\klin.dat 2009-01-05 . 2009-01-05 00:04 --a------ 87855 C:\WINDOWS\SYSTEM32\DRIVERS\klick.dat 2008-12-14 . 2001-08-17 14:02 --a------ 9600 C:\WINDOWS\SYSTEM32\DRIVERS\hidusb.sys ======================================================= 執行中的程序: C:\WINDOWS\System32\alg.exe <Microsoft Corporation> C:\WINDOWS\system32\wdfmgr.exe <Microsoft Corporation> C:\WINDOWS\system32\hkcmd.exe <Intel Corporation> C:\WINDOWS\SOUNDMAN.EXE <Realtek Semiconductor Corp.> C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe <Yahoo! Inc.> C:\Program Files\Messenger\msmsgs.exe <Microsoft Corporation> C:\Program Files\Rainlendar2\Rainlendar2.exe <N/A> C:\Program Files\Logitech\SetPoint\SetPoint.exe <Logitech, Inc.> C:\Program Files\Common Files\Logishrd\KHAL2\KHALMNPR.EXE <Logitech, Inc.> C:\WINDOWS\system32\wbem\wmiprvse.exe <Microsoft Corporation> C:\WINDOWS\system32\cmd.exe <Microsoft Corporation> C:\WINDOWS\explorer.exe <Microsoft Corporation> ======================================================= HOSTS: Hosts Path: C:\WINDOWS\System32\drivers\etc\hosts 登錄值列表 *** 注意 : 部分正常值不會顯示 *** HKEY_LOCAL_MACHINE\software\microsoft\internet explorer\main Search Page hxxp://red.clientapps.yahoo.com/customize/ie/defaults/sp/msgr8/*http://tw.search.yahoo.com [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2002-12-31 20:00 15360] "MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [2005-02-22 08:57 1611488] "ezHelper"="C:\Program Files\ezHelper\ezHelper.exe" [File Not Found.] "Rainlendar2"="C:\Program Files\Rainlendar2\Rainlendar2.exe" [2007-01-01 21:31 986112] "foxy"="E:\Foxy\Foxy\Foxy.exe" [File Not Found.] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "IMJPMIG8.1"="C:\WINDOWS\IME\imjp8_1\IMJPMIG.exe" [2002-12-31 20:00 208952] "IgfxTray"="C:\WINDOWS\system32\igfxtray.exe" [2004-07-01 12:02 155648] "HotKeysCmds"="C:\WINDOWS\system32\hkcmd.exe" [2004-07-01 11:58 118784] "SoundMan"=SOUNDMAN.EXE [2006-08-03 05:12 577536 C:\WINDOWS\soundman.exe] "Logitech Hardware Abstraction Layer"=KHALMNPR.EXE [2007-11-29 02:17 55824 C:\WINDOWS\KHALMNPR.Exe] "Super Rabbit SRRestore"="C:\PROGRA~1\SUPERR~1\magicset\SRRest.exe" [2005-09-19 06:53 195584] "CJIMETIPSYNC"="C:\Program Files\Common Files\Microsoft Shared\IME\IMTC65\CHANGJIE\CINTLCFG.exe" [2003-07-14 22:57 63040] "PHIMETIPSYNC"="C:\Program Files\Common Files\Microsoft Shared\IME\IMTC65\PHONETIC\TINTLCFG.exe" [2003-07-14 22:57 95296] "Ulead AutoDetector v2"="C:\Program Files\Common Files\Ulead Systems\AutoDetector\monitor.exe" [2004-11-26 11:43 90112] "YSearchProtection"="C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe" [2007-06-08 22:59 224248] "BluetoothAuthenticationAgent"=bthprops.cpl [2002-12-31 20:00 110592 C:\WINDOWS\system32\bthprops.cpl] "Kernel and Hardware Abstraction Layer"=KHALMNPR.EXE [2007-11-29 02:17 55824 C:\WINDOWS\KHALMNPR.Exe] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "ctfmon.exe"=ctfmon.exe [2002-12-31 20:00 15360 C:\WINDOWS\system32\ctfmon.exe] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{01443AEC-0FD1-40fd-9C87-E93D1494C233}] . 2007-06-08 17:50 124632 C:\Program Files\Thunder Network\Thunder\ComDlls\TDAtOnce_Now.dll [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D37-C3F9-4EFB-9B51-7695ECA05670}] . 2007-06-08 17:49 100056 C:\Program Files\Thunder Network\Thunder\ComDlls\xunleiBHO_Now.dll [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4efb-9B51-7695ECA05670}] . 2007-10-20 05:56 817936 C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}] . 2006-10-22 23:08 62080 C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{0A0DDBD3-6641-40B9-873F-BBDD26D6C14E}] . 2008-12-18 02:57 147928 C:\Program Files\easyMule\modules\IE2EM.dll [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{2F364306-AA45-47B5-9F9D-39A8B94E7EF7}] . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0}] . 2006-09-27 17:45 544032 C:\Program Files\Windows Live Toolbar\msntb.dll [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\LBTWlgn] "DLLName"="c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll" 2008-01-09 12:30 72208 c:\Program Files\Common Files\Logishrd\Bluetooth\LBTWLgn.dll [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\LBTWlgn\Event] "DLLName"="wlnotify.dll" 2002-12-31 20:00 89088 C:\WINDOWS\system32\wlnotify.dll [HKEY_CURRENT_USER\control panel\desktop] "SCRNSAVE.EXE"="C:\WINDOWS\system32\ssmypics.scr" MD5: 50d8db3bf83670339a8616eb5a75bf06 2007-06-13 21:10 977920 C:\WINDOWS\explorer.exe MD5: 22d35e9dc89810755f27d7b33e6ecc1c 2002-12-31 20:00 976896 C:\WINDOWS\$NtUninstallKB938828$\explorer.exe MD5: 50d8db3bf83670339a8616eb5a75bf06 2007-06-13 21:10 977920 C:\WINDOWS\system32\dllcache\explorer.exe MD5: f3a20a3c6a4df7fe038f4cca70080b10 2002-12-31 20:00 23552 C:\WINDOWS\system32\userinit.exe MD5: 90463a559a0d57b5d4b3e698e1bdde92 2002-12-31 20:00 108032 C:\WINDOWS\system32\services.exe 沒有數位簽章的系統檔案 MD5: bd8686216e34e22c4ed45a2320b2bea1 2006-04-20 20:18 360576 C:\WINDOWS\SYSTEM32\DRIVERS\TCPIP.SYS <Microsoft Corporation> C:\Documents and Settings\All Users\「開始」功能表\程式集\啟動\ Adobe Reader Speed Launch.lnk - C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe [2006-10-23 01:48:20 40048] Adobe Reader Synchronizer.lnk - C:\Program Files\Adobe\Reader 8.0\Reader\AdobeCollabSync.exe [2006-10-23 00:01:50 734872] Logitech SetPoint.lnk - C:\Program Files\Logitech\SetPoint\SetPoint.exe [2008-03-17 11:10:52 789008] 服務 \ 驅動列表: 顯示方式 : 啟動狀態服務名稱;顯示名稱;檔案名稱啟動狀態 : S0 = Boot Start S1 = System Start S2 = Auto Start S3 = Manual Start S4 = Disable S9 = Unknow S3 NOWMEMDF;NOWMEMDF;"C:\WINDOWS\system32\NOWMEMDF.sys" [2005-11-02 19:23 14464] 可能被修改數值的系統服務 \ 驅動數值 (參考用) : S2 BthServ;Bluetooth Support Service;"C:\WINDOWS\System32\bthserv.dll" [2002-12-31 20:00 30208] S3 LMouKE;SetPoint Mouse Filter Driver;"C:\WINDOWS\SYSTEM32\DRIVERS\LMouKE.Sys" [2007-11-29 02:18 78992] ======================================================= WINSOCK FILE LIST: 010 : c:\windows\system32\wshbth.dll --a------ 2002-12-31 20:00 108032 工作排程資料夾內的資料: 2009-01-04 C:\WINDOWS\TASKS\查看 Windows Live Toolbar 的更新資訊.job - C:\Program Files\Windows Live Toolbar\MSNTBUP.EXE [2006-09-27 17:39 90624] ======================================================= catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, hxxp://www.gmer.net SCANNING HIDDEN FILES ... SCANNING HIDDEN PROCESSES ... SCANNING HIDDEN AUTOSTART ENTRIES ... . ======================================================= 4.91 2008-11-14 11:31:31.875 C:\NEFIX\BACKUP\LOG1.TXT ======================================================= 磁碟空間 C: - 5,310,701,568 位元組可用磁碟空間 E: - 3,635,163,136 位元組可用磁碟空間 D: - 302,673,920 位元組可用磁碟空間 F: - 1,155,211,264 位元組可用掃描結束時間: 2009-01-05 0:22:15.96 [/CODE] 文章有點長　在這裡先謝謝解答了！！ -- ※ 發信站: 批踢踢實業坊(ptt.cc) ◆ From: 140.118.233.81 ※ 編輯: ibanez99 來自: 140.118.233.81 (01/05 02:00)