Re: [求救] uret463.exe + 無法上網（關掉掃毒再 …

看板AntiVirus (防毒)作者l60km (/hr)時間16年前 (2009/09/15 01:04)推噓7(7推 0噓 9→)

留言16則, 3人參與討論串1/1

感謝typezero大大，成功下載了google瀏覽器，上網的問題暫時解決了，不過病毒根源還是存在，以下貼上Efix 5.2的掃描報告：再次感激幫忙的大大們<(_ _)> 感覺遇到了很大的毒蟲，需要強力夥伴的支援 Orz ============================================================================ 我將小紅傘關掉再掃描一次的結果：（抱歉我不會自己看） ============================================================================ [code] efix 5.2 20090908.67 - 2009-09-15 8:46:26.23 - FAT32 Microsoft Windows XP Service Pack 3 - CYF 執行位置: C:\Documents and Settings\CYF\桌面\其他\EF.exe * 已建立系統還原點. 提示：未安裝安全性更新 KB971029 ================================================================================ 使用者帳戶列表: Administrator CYF -- Current Guest HelpAssistant SUPPORT_388945a0 ================================================================================ EF刪除的檔案列表: 沒有刪除任何檔案. ================================================================================ EF修改的登錄值列表: 沒有刪除任何登錄值. ================================================================================ EF刪除的檔案備份位置列表: C:\WINDOWS\AhnRpta.exe => C:\ef_backup\backup\C\WINDOWS\AhnRpta.exe.vir C:\WINDOWS\system32\mkfght0.dll => C:\ef_backup\backup\C\WINDOWS\system32\mkfght0.dll.vir C:\WINDOWS\system32\e8main0.dll => C:\ef_backup\backup\C\WINDOWS\system32\e8main0.dll.vir C:\DOCUME~1\CYF\LOCALS~1\Temp\lhgjyit0.dll => C:\ef_backup\backup\C\DOCUME~1\CYF\LOCALS~1\Temp\lhgjyit0.dll.vir C:\DOCUME~1\CYF\LOCALS~1\Temp\lhgjyit1.dll => C:\ef_backup\backup\C\DOCUME~1\CYF\LOCALS~1\Temp\lhgjyit1.dll.vir ================================================================================ Create D30 File Date error. ================================================================================ 執行中的程序: [PID: 1384] C:\Program Files\Intel\Wireless\Bin\EvtEng.exe [ Intel Corporation] [PID: 1440] C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe [ Intel Corporation ] [PID: 1876] C:\WINDOWS\system32\spoolsv.exe [<Verified> Microsoft Corporation] [PID: 1916] C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe [ Avira GmbH] [PID: 212] C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe [ Avira GmbH] [PID: 280] C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe [ Intel Corporation] [PID: 332] C:\WINDOWS\system32\wdfmgr.exe [<Verified> Microsoft Corporation] [PID: 1632] C:\WINDOWS\System32\alg.exe [<Verified> Microsoft Corporation] [PID: 940] C:\WINDOWS\system32\wscntfy.exe [<Verified> Microsoft Corporation] [PID: 1272] C:\WINDOWS\system32\conime.exe [<Verified> Microsoft Corporation] [PID: 1492] C:\WINDOWS\ATK0100\HControl.exe [<Verified> ] [PID: 1512] C:\Program Files\Wireless Console 2\wcourier.exe [ N/A] [PID: 1504] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [<Verified> Synaptics, Inc.] [PID: 1208] C:\Program Files\ASUS\Power4 Gear\BatteryLife.exe [ ASUSTeK Computer Inc.] [PID: 1768] C:\WINDOWS\system32\igfxtray.exe [<Verified> Intel Corporation] [PID: 1488] C:\WINDOWS\system32\hkcmd.exe [<Verified> Intel Corporation] [PID: 1796] C:\WINDOWS\system32\igfxpers.exe [<Verified> Intel Corporation] [PID: 2176] C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe [ Avira GmbH] [PID: 2256] C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe [ Intel Corporation] [PID: 2300] C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe [ Intel Corporation] [PID: 2368] C:\Program Files\Intel\Wireless\Bin\EOUWiz.exe [ Intel Corporation] [PID: 2384] C:\Program Files\Common Files\Real\Update_OB\realsched.exe [<Verified> RealNetworks, Inc.] [PID: 2468] C:\WINDOWS\system32\ctfmon.exe [<Verified> Microsoft Corporation] [PID: 2532] C:\Program Files\PPStream\ppsap.exe [<Verified> PPStream Inc] [PID: 2632] C:\WINDOWS\ATK0100\ATKOSD.exe [<Verified> ] [PID: 2648] C:\PROGRA~1\Intel\Wireless\Bin\Dot1XCfg.exe [ Intel Corporation] [PID: 3520] C:\WINDOWS\system32\IME\Chewing\ChewingServer.exe [ N/A] [PID: 3700] C:\WINDOWS\system32\wuauclt.exe [<Verified> Microsoft Corporation] [PID: 3588] C:\WINDOWS\system32\msiexec.exe [<Verified> Microsoft Corporation] [PID: 2772] C:\WINDOWS\system32\wuauclt.exe [<Verified> Microsoft Corporation] [PID: 1752] C:\WINDOWS\system32\imapi.exe [<Verified> Microsoft Corporation] [PID: 2132] C:\Program Files\Stardock\Fences\Fences.exe [<Verified> Stardock Corporation] 系統執行程序中沒有檔案資訊的動態連結檔: 'spoolsv.exe'(1876) => C:\WINDOWS\system32\TosBtHcrpAPI.dll 'HControl.exe'(1492) => C:\WINDOWS\ATK0100\CMSSC.dll ================================================================================ 登錄值列表 *** 注意 : 部分正常值不會顯示 *** [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [Microsoft Corporation] "Rainlendar2"="C:\Program Files\Rainlendar2\Rainlendar2.exe" [N/A] "PPS Accelerator"="C:\Program Files\PPStream\PPSAP.exe" [PPStream Inc] "ertyuop"="C:\WINDOWS\system32\rttrwq.exe" [File Not Found.] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "IMJPMIG8.1"="C:\WINDOWS\ime\IMJP8_1\imjpmig.exe" [Microsoft Corporation] "HControl"="C:\WINDOWS\ATK0100\HControl.exe" [N/A] "High Definition Audio 屬性頁捷徑"="C:\WINDOWS\system32\HdAShCut.exe" [Windows (R) Server 2003 DDK provider] "Wireless Console 2"="C:\Program Files\Wireless Console 2\wcourier.exe" [N/A] "SynTPEnh"="C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" [Synaptics, Inc.] "ABLKSR"="C:\WINDOWS\ABLKSR\ABLKSR.EXE" [ASYSTeK Computer INC.] "Power_Gear"="C:\Program Files\ASUS\Power4 Gear\BatteryLife.exe" [ASUSTeK Computer Inc.] "igfxtray"="C:\WINDOWS\system32\igfxtray.exe" [Intel Corporation] "igfxhkcmd"="C:\WINDOWS\system32\hkcmd.exe" [Intel Corporation] "igfxpers"="C:\WINDOWS\system32\igfxpers.exe" [Intel Corporation] "DrvIcon"="C:\Program Files\Vista Drive Icon\DrvIcon.exe" [artArmin] "avgnt"="C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" [Avira GmbH] "IntelZeroConfig"="C:\Program Files\Intel\Wireless\Bin\ZCfgSvc.exe" [Intel Corporation] "IntelWireless"="C:\Program Files\Intel\Wireless\Bin\iFrmewrk.exe" [Intel Corporation] "EOUApp"="C:\Program Files\Intel\Wireless\Bin\EOUWiz.exe" [Intel Corporation] "TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [RealNetworks, Inc.] "QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" [Apple Inc.] "PHIMETIPSYNC"="C:\Program Files\Common Files\Microsoft Shared\IME\IMTC65\PHONETIC\TINTLCFG.EXE" [Microsoft Corp.] "CJIMETIPSYNC"="C:\Program Files\Common Files\Microsoft Shared\IME\IMTC65\CHANGJIE\CINTLCFG.EXE" [Microsoft Corp.] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [Microsoft Corporation] [HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Run] "ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [Microsoft Corporation] [HKEY_USERS\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Run] "ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [Microsoft Corporation] [HKEY_USERS\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Run] "ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [Microsoft Corporation] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler] "{EC654325-1273-C2A9-2B7C-45A29BCE2FBD}"="C:\Program Files\Stardock\Fences\DesktopDock.dll" - 2009-02-26 04:49 517480 C:\Program Files\Stardock\Fences\DesktopDock.dll [HKEY_LOCAL_MACHINE\~\Explorer\Browser Helper Objects\{000123B4-9B42-4900-B3F7-F4B073EFC214}] 2009-01-16 10:35 134344 C:\Program Files\Orbitdownloader\orbitcth.dll [HKEY_LOCAL_MACHINE\~\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}] 2004-12-14 01:56 63136 c:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll [HKEY_LOCAL_MACHINE\~\Explorer\Browser Helper Objects\{2F364306-AA45-47B5-9F9D-39A8B94E7EF7}] [HKEY_LOCAL_MACHINE\~\Explorer\Browser Helper Objects\{3049C3E9-B461-4BC5-8870-4C09146192CA}] 2008-11-17 22:29 370296 C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{60B49E34-C7CC-11D0-8953-00A0C90347FF}] "C:\WINDOWS\system32\rundll32.exe" "C:\WINDOWS\system32\iedkcs32.dll",BrandIEActiveSetup SIGNUP [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer] NoCDBurning=0x0 HonorAutoRunSetting=0x1 ASSOC: .Folder= C:\Documents and Settings\All Users\「開始」功能表\程式集\啟動\ Adobe Reader Speed Launch.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [ 2004-12-14 04:44:06 29696 ] Rename operations pending: 001; C:\WINDOWS\system32\969D9A.com ;DELETE; 002; C:\WINDOWS\system32\969D9A1.com ;DELETE; 003; C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\New\mdiui.dll ;TO; C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\mdiui.dll 沒有數位簽章的系統檔案 2008-06-20 19:51 361600 C:\WINDOWS\SYSTEM32\DRIVERS\TCPIP.SYS [Microsoft Corporation] --> 2008-06-20 19:51 361600 C:\WINDOWS\system32\drivers\tcpip.sys [Sigcheck failed.] --> 2008-06-20 19:51 361600 C:\WINDOWS\system32\dllcache\tcpip.sys [Sigcheck ok.] --> 2008-04-14 03:20 361344 C:\WINDOWS\$NtUninstallKB951748$\tcpip.sys [Sigcheck ok.] --> 2008-06-20 18:44 360960 C:\WINDOWS\$hf_mig$\KB951748\SP2QFE\tcpip.sys [Sigcheck ok.] --> 2008-06-20 19:51 361600 C:\WINDOWS\$hf_mig$\KB951748\SP3GDR\tcpip.sys [Sigcheck ok.] --> 2008-06-20 19:59 361600 C:\WINDOWS\$hf_mig$\KB951748\SP3QFE\tcpip.sys [Sigcheck ok.] --> 2004-08-04 20:00 359040 C:\WINDOWS\$NtUninstallKB951748_0$\tcpip.sys [Sigcheck failed.] --> 2008-06-20 18:45 360320 C:\WINDOWS\$NtServicePackUninstall$\tcpip.sys [Sigcheck failed.] --> 2008-04-14 03:20 361344 C:\WINDOWS\ServicePackFiles\i386\tcpip.sys [Sigcheck ok.] ================================================================================ 服務 \ 驅動列表: 顯示方式 : 啟動狀態服務名稱;顯示名稱;檔案名稱 S3 npggsvc;nProtect GameGuard Service;C:\WINDOWS\system32\GameMon.des -service [File Not Found.] S3 napagent;Network Access Protection Agent;C:\WINDOWS\System32\qagentrt.dll [Microsoft Corporation] ================================================================================ 工作排程資料夾內的資料: 2008-11-17 C:\WINDOWS\TASKS\Symantec NetDetect.job - C:\Program Files\Symantec\LiveUpdate\NDETECT.EXE [File Not Found.] 2009-09-11 C:\WINDOWS\TASKS\AppleSoftwareUpdate.job - C:\Program Files\Apple Software Update\SoftwareUpdate.exe [2007-08-29 14:57 558424] IE 首頁設定: Internet Explorer Version: 8.0.6001.18702 HKCU - Start Page = hxxp://tw.yahoo.com/ HKCU - Extra menu item: &Download by Orbit - res://C:\Program Files\Orbitdownloader\orbitmxt.dll/201 HKCU - Extra menu item: &Grab video by Orbit - res://C:\Program Files\Orbitdownloader\orbitmxt.dll/204 HKCU - Extra menu item: Do&wnload selected by Orbit - res://C:\Program Files\Orbitdownloader\orbitmxt.dll/203 HKCU - Extra menu item: Down&load all by Orbit - res://C:\Program Files\Orbitdownloader\orbitmxt.dll/202 HKCU - Extra menu item: Foxy 下載 - res://C:\Program Files\Foxy\Foxy.exe/download.htm HKCU - Extra menu item: Foxy 搜尋 - res://C:\Program Files\Foxy\Foxy.exe/search.htm HKCU - Extra menu item: 使用 FlashGet 下載 - C:\Program Files\FlashGet\jc_link.htm HKCU - Extra menu item: 全部使用 FlashGet 下載 - C:\Program Files\FlashGet\jc_all.htm HKCU - Extra menu item: 匯出至 Microsoft Office Excel(&X) - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 HKCU - Extra menu item: 解除透明圖封鎖 HKLM - Extensions: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe HKLM - Extensions: {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe ================================================================================ Win32/Conficker worm has not been found active in the memory. Do you want to perform scanning and cleaning anyway? (y/n) Nothing was found. Checking for Win32/Conficker.AA files: Nothing was found. ================================================================================ Disk Check Failed. 掃描結束時間: 2009-09-15 8:47:09.31 [/CODE] -- ※ 發信站: 批踢踢實業坊(ptt.cc) ◆ From: 203.67.223.250