[中毒] 我電腦開機後會無預警關機重開，是中了什麼毒。

看板AntiVirus作者winzip390 (愛玩儒)時間15年前 (2009/01/31 22:10)推噓1(1推 0噓 0→)

留言1則, 1人參與討論串1/1

1.問題描述：電腦開機後會無預警，關機重開！今天才這樣是不是中了什麼毒? 因為用EFIX 4.977掃過。麻煩一下大家幫我看一下。 2.掃毒報告： 4.977 2009-01-31 21:59:21.296 [CODE] EFIX 4.977 2009-01-07.18 - 2009-01-31 21:59:53.14 - NTFS Microsoft Windows XP Service Pack 2 - Administrator 執行位置: C:\Documents and Settings\Administrator\桌面\EFix4977.exe * 已建立系統還原點. 提示：未安裝安全性更新 KB958644 [MS08-067] 未安裝安全性更新 KB960714 [MS08-078] ======================================================= EFix刪除的檔案列表: c:\docume~1\admini~1\locals~1\temp\e_4\com.run c:\docume~1\admini~1\locals~1\temp\e_4\dp1.fne c:\docume~1\admini~1\locals~1\temp\e_4\eapi.fne c:\docume~1\admini~1\locals~1\temp\e_4\internet.fne c:\docume~1\admini~1\locals~1\temp\e_4\krnln.fnr c:\docume~1\admini~1\locals~1\temp\e_4\regex.fnr c:\docume~1\admini~1\locals~1\temp\e_4\shell.fne c:\docume~1\admini~1\locals~1\temp\e_4\spec.fne c:\docume~1\admini~1\locals~1\temp\gameeeeeee.vbs c:\documents and settings\administrator\「開始」功能表\程式集\啟動\﹛﹛﹛.lnk c:\documents and settings\all users\「開始」功能表\程式集\啟動\adobe gamma loader.lnk c:\jg6w3yx.com c:\program files\common files\adobe\calibration\adobe gamma loader.exe c:\windows\system32\xp-2faac885.exe d:\jg6w3yx.com e:\jg6w3yx.com ======================================================= EFix修改的登錄值列表: 沒有刪除任何登錄值. ======================================================= EFix刪除的檔案備份位置列表: C:\8tss2gwq.bat => C:\NEFix\backup\files\C\8tss2gwq.bat C:\autorun.inf => C:\NEFix\backup\files\C\autorun.inf C:\jg6w3yx.com => C:\NEFix\backup\files\C\jg6w3yx.com C:\Documents and Settings\Administrator\「開始」功能表\程式集\啟動\﹛﹛﹛.lnk => C:\NEFix\backup\files\C\Documents and Settings\Administrator\「開始」功能表\程式集\啟動\﹛﹛﹛.lnk C:\Documents and Settings\All Users\「開始」功能表\程式集\啟動\Adobe Gamma Loader.lnk => C:\NEFix\backup\files\C\Documents and Settings\All Users\「開始」功能表\程式集\啟動\Adobe Gamma Loader.lnk C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\Gameeeeeee.vbs => C:\NEFix\backup\files\C\DOCUME~1\ADMINI~1\LOCALS~1\Temp\Gameeeeeee.vbs C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\E_4\com.run => C:\NEFix\backup\files\C\DOCUME~1\ADMINI~1\LOCALS~1\Temp\E_4\com.run C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\E_4\dp1.fne => C:\NEFix\backup\files\C\DOCUME~1\ADMINI~1\LOCALS~1\Temp\E_4\dp1.fne C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\E_4\eAPI.fne => C:\NEFix\backup\files\C\DOCUME~1\ADMINI~1\LOCALS~1\Temp\E_4\eAPI.fne C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\E_4\internet.fne => C:\NEFix\backup\files\C\DOCUME~1\ADMINI~1\LOCALS~1\Temp\E_4\internet.fne C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\E_4\krnln.fnr => C:\NEFix\backup\files\C\DOCUME~1\ADMINI~1\LOCALS~1\Temp\E_4\krnln.fnr C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\E_4\RegEx.fnr => C:\NEFix\backup\files\C\DOCUME~1\ADMINI~1\LOCALS~1\Temp\E_4\RegEx.fnr C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\E_4\shell.fne => C:\NEFix\backup\files\C\DOCUME~1\ADMINI~1\LOCALS~1\Temp\E_4\shell.fne C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\E_4\spec.fne => C:\NEFix\backup\files\C\DOCUME~1\ADMINI~1\LOCALS~1\Temp\E_4\spec.fne C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe => C:\NEFix\backup\files\C\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe C:\WINDOWS\system32\j3ewro.exe => C:\NEFix\backup\files\C\WINDOWS\system32\j3ewro.exe C:\WINDOWS\system32\jwedsfdo0.dll => C:\NEFix\backup\files\C\WINDOWS\system32\jwedsfdo0.dll C:\WINDOWS\system32\jwedsfdo1.dll => C:\NEFix\backup\files\C\WINDOWS\system32\jwedsfdo1.dll C:\WINDOWS\system32\kxvo.exe => C:\NEFix\backup\files\C\WINDOWS\system32\kxvo.exe C:\WINDOWS\system32\kxvo0.dll => C:\NEFix\backup\files\C\WINDOWS\system32\kxvo0.dll C:\WINDOWS\system32\kxvo1.dll => C:\NEFix\backup\files\C\WINDOWS\system32\kxvo1.dll C:\WINDOWS\system32\XP-2FAAC885.EXE => C:\NEFix\backup\files\C\WINDOWS\system32\XP-2FAAC885.EXE D:\8tss2gwq.bat => C:\NEFix\backup\files\D\8tss2gwq.bat D:\autorun.inf => C:\NEFix\backup\files\D\autorun.inf D:\jg6w3yx.com => C:\NEFix\backup\files\D\jg6w3yx.com E:\8tss2gwq.bat => C:\NEFix\backup\files\E\8tss2gwq.bat E:\autorun.inf => C:\NEFix\backup\files\E\autorun.inf E:\jg6w3yx.com => C:\NEFix\backup\files\E\jg6w3yx.com G:\8tss2gwq.bat => C:\NEFix\backup\files\G\8tss2gwq.bat G:\autorun.inf => C:\NEFix\backup\files\G\autorun.inf ======================================================= 各磁碟根目錄含有隱藏屬性的資料夾 : d-sh--w 0 2009-01-16 15:47:52 D:\gvod_cache_data d-sh--w 0 2009-01-17 15:41:54 D:\vod_cache_data ======================================================= ********** Created 2008-12 -- 2009-01 Files: ********** 2009-01-31 18:35 . 2009-01-31 20:12 d-------- <DIR> C:\WINDOWS\minidump 2009-01-16 23:48 . 2009-01-16 23:48 d-------- <DIR> C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\tddcdat 2009-01-16 23:47 . 2009-01-16 23:47 d-------- <DIR> C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\sceneadworkspace 2009-01-16 20:46 . 2009-01-16 20:46 d-------- <DIR> C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\daps 2009-01-10 21:06 . 2009-01-31 21:27 d-------- <DIR> C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\messengercache 2009-01-10 00:32 . 2009-01-28 10:32 d-------- <DIR> C:\Program Files\ppstream 2009-01-10 00:19 . 2009-01-31 17:44 d-------- <DIR> C:\Program Files\msn messenger 2008-12-19 22:14 . 2008-12-19 22:14 d---s---- <DIR> C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\temporary internet files 2008-12-19 22:14 . 2008-12-19 22:14 d---s---- <DIR> C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\history 2008-12-19 22:14 . 2009-01-31 21:49 d---s---- <DIR> C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\cookies 2008-12-19 22:09 . 2009-01-31 21:59 d-------- <DIR> C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\e_4 2008-12-19 22:07 . 2008-12-19 22:07 d-------- <DIR> C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\{9a346205-ea92-4406-b1ab-50379da3f057} 2008-12-19 22:03 . 2008-12-19 22:03 d-------- <DIR> C:\Program Files\autodesk 2009-01-31 21:59 . 2009-01-31 21:59 --a----t- 16,384 C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\perflib_perfdata_970.dat 2009-01-31 21:55 . 2009-01-31 21:55 --a----t- 16,384 C:\WINDOWS\temp\perflib_perfdata_7c4.dat 2009-01-31 21:55 . 2009-01-31 21:55 --a----t- 16,384 C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\perflib_perfdata_a0.dat 2009-01-16 20:46 . 2009-01-16 23:47 --a------ 99 C:\WINDOWS\system32\cid_store.dat 2009-01-16 20:46 . 2009-01-17 22:56 --a------ 26 C:\WINDOWS\system32\xlhcc.dat 2009-01-16 20:45 . 2009-01-16 20:45 --a------ 20 C:\WINDOWS\system32\pub_store.dat 2008-12-19 22:15 . 2008-12-19 22:15 ---hs---- 16,896 C:\WINDOWS\system32\winzcreg.exe 2008-12-19 22:15 . 2008-12-24 19:39 --a------ 16,896 C:\WINDOWS\system32\132e5.exe 2008-12-19 22:09 . 2009-01-31 21:51 --a------ 782 C:\WINDOWS\system32\og.dll 2008-12-19 22:09 . 2009-01-31 21:24 --a------ 2,404 C:\WINDOWS\system32\ul.dll 2008-12-19 22:02 . 2006-03-31 12:40 --a------ 2,388,176 C:\WINDOWS\system32\d3dx9_30.dll . ********** Modified 2008-11 -- 2009-01 files: ********** 2009-01-31 13:57:41 ----a-w 58,732 C:\WINDOWS\system32\perfc009.dat 2009-01-31 13:57:41 ----a-w 392,432 C:\WINDOWS\system32\perfh009.dat 2009-01-31 13:57:41 ----a-w 3,218 C:\WINDOWS\system32\PerfStringBackup.TMP 2009-01-31 13:57:41 ----a-w 270,204 C:\WINDOWS\system32\prfh0404.dat 2009-01-31 13:57:41 ----a-w 100,792 C:\WINDOWS\system32\prfc0404.dat 2009-01-31 13:52:28 --s-a-w 2,048 C:\WINDOWS\bootstat.dat 2008-12-20 01:20:40 ----a-w 146,016 C:\WINDOWS\system32\FNTCACHE.DAT . ======================================================= 執行中的程序: [PID: 900] C:\WINDOWS\system32\Ati2evxx.exe [ATI Technologies Inc.] [PID: 1392] C:\WINDOWS\system32\Ati2evxx.exe [ATI Technologies Inc.] [PID: 1472] C:\WINDOWS\system32\spoolsv.exe [Microsoft Corporation] [PID: 1368] C:\WINDOWS\system32\conime.exe [Microsoft Corporation] [PID: 120] C:\WINDOWS\System32\alg.exe [Microsoft Corporation] [PID: 1344] C:\WINDOWS\system32\wscntfy.exe [Microsoft Corporation] [PID: 160] C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe [Yahoo! Inc.] [PID: 1988] C:\WINDOWS\system32\wbem\wmiprvse.exe [Microsoft Corporation] [PID: 912] C:\WINDOWS\system32\ctfmon.exe [Microsoft Corporation] [PID: 2376] C:\WINDOWS\system32\wbem\wmiprvse.exe [Microsoft Corporation] [PID: 2216] C:\WINDOWS\system32\cmd.exe [Microsoft Corporation] ======================================================= 登錄值列表 *** 注意 : 部分正常值不會顯示 *** [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" 2004-07-12 08:00 15360 [Microsoft Corporation] "swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" 2008-11-23 18:48 68856 [Google Inc.] "PPS Accelerator"="C:\Program Files\PPStream\ppsap.exe" 2008-12-11 18:06 210296 [PPStream Inc] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "IMJPMIG8.1"="C:\WINDOWS\IME\imjp8_1\IMJPMIG.exe" 2004-07-12 08:00 208952 [Microsoft Corporation] "StartCCC"="C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" 2006-11-10 12:35 90112 [<N/A>] [X] "HDAudDeck"="C:\Program Files\VIA\VIAudioi\HDADeck\HDeck.exe" 2008-02-26 15:32 29757440 [VIA Technologies, Inc.] "ISUSPM Startup"="C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe" 2004-04-17 12:41 196608 [InstallShield Software Corporation] "ISUSScheduler"="C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" 2004-04-13 06:07 69632 [InstallShield Software Corporation] "CorelDRAW Graphics Suite 11b"="C:\Program Files\Corel\Corel Graphics 12\Languages\CT\Programs\Registration.exe" 2004-06-16 15:25 729088 [Corel Corporation] "TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" 2008-08-08 21:16 185896 [RealNetworks, Inc.] "XP-2FAAC885"="C:\WINDOWS\system32\XP-2FAAC885.EXE" [File Not Found.] "KernelFaultCheck"="C:\WINDOWS\system32\dumprep 0 -k" [X] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "ctfmon.exe"="C:\WINDOWS\system32\CTFMON.EXE" 2004-07-12 08:00 15360 [Microsoft Corporation] [HKEY_LOCAL_MACHINE\~\Explorer\Browser Helper Objects\{01443AEC-0FD1-40fd-9C87-E93D1494C233}] . 2008-12-24 12:54 142600 E:\迅雷\ComDlls\TDAtOnce_Now.dll [HKEY_LOCAL_MACHINE\~\Explorer\Browser Helper Objects\{02478D38-C3F9-4efb-9B51-7695ECA05670}] [HKEY_LOCAL_MACHINE\~\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}] . 2003-05-15 00:47 50376 C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll [HKEY_LOCAL_MACHINE\~\Explorer\Browser Helper Objects\{3049C3E9-B461-4BC5-8870-4C09146192CA}] . 2008-08-08 21:16 308856 C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll [HKEY_LOCAL_MACHINE\~\Explorer\Browser Helper Objects\{889D2FEB-5411-4565-8998-1DD2C5261283}] . 2008-12-24 12:54 128464 E:\迅雷\ComDlls\xunleiBHO_Now.dll [HKEY_LOCAL_MACHINE\~\Explorer\Browser Helper Objects\{AA58ED58-01DD-4d91-8333-CF10577473F7}] . 2008-08-08 21:16 2403392 c:\Program Files\Google\GoogleToolbar1.dll [HKEY_LOCAL_MACHINE\~\Explorer\Browser Helper Objects\{AF69DE43-7D58-4638-B6FA-CE66B5AD205D}] . 2008-11-23 18:48 737776 C:\Program Files\Google\GoogleToolbarNotifier\3.1.807.1746\swg.dll [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32] "msacm.divxa32"="C:\WINDOWS\system32\msaud32_divx.acm" [Microsoft Corporation] [HKEY_CURRENT_USER\control panel\desktop] "Wallpaper"=C:\Documents and Settings\Administrator\Local Settings\Application Data\Microsoft\Wallpaper1.bmp MD5: 453888766da789f18fbbf5b20e4bc17f 2004-07-12 08:00 976896 C:\WINDOWS\explorer.exe MD5: 453888766da789f18fbbf5b20e4bc17f 2004-07-12 08:00 976896 C:\WINDOWS\system32\dllcache\explorer.exe MD5: f3a20a3c6a4df7fe038f4cca70080b10 2004-07-12 08:00 23552 C:\WINDOWS\system32\userinit.exe MD5: f3a20a3c6a4df7fe038f4cca70080b10 2004-07-12 08:00 23552 C:\WINDOWS\system32\dllcache\userinit.exe 沒有數位簽章的系統檔案 MD5: 3bb4b08619c111c7be8bda07aa0de6a2 2004-07-12 08:00 359040 C:\WINDOWS\system32\DRIVERS\TCPIP.SYS <Microsoft Corporation> 服務 \ 驅動列表: 顯示方式 : 啟動狀態服務名稱;顯示名稱;檔案名稱啟動狀態 : S0 = Boot Start S1 = System Start S2 = Auto Start S3 = Manual Start S4 = Disable S9 = Unknow S3 L1e;Miniport Driver for Atheros AR8121/AR8113 PCI-E Ethernet Controller;"C:\WINDOWS\system32\DRIVERS\l1e51x86.sys" [2008-02-02 23:54 36864] S3 Ndowoopmsa;Ndowoopmsa;"C:\WINDOWS\system32\drivers\tcpip.sys" [2004-07-12 08:00 359040] S3 pccsmcfd;PCCS Mode Change Filter Driver;"C:\WINDOWS\system32\DRIVERS\pccsmcfd.sys" [2007-09-17 15:53 21632] S3 sscdbus;SAMSUNG USB Composite Device driver (WDM);"C:\WINDOWS\system32\DRIVERS\sscdbus.sys" [2007-07-03 16:54 80552] S3 sscdmdfl;SAMSUNG Mobile Modem Filter;"C:\WINDOWS\system32\DRIVERS\sscdmdfl.sys" [2007-07-03 16:57 11944] S3 sscdmdm;SAMSUNG Mobile Modem Drivers;"C:\WINDOWS\system32\DRIVERS\sscdmdm.sys" [2007-07-03 16:58 106792] S3 upperdev;upperdev;"C:\WINDOWS\system32\DRIVERS\usbser_lowerflt.sys" [File Not Found.] S3 VIAHdAudAddService;VIA High Definition Audio Driver Service;"C:\WINDOWS\system32\drivers\viahduaa.sys" [2008-02-14 11:36 222976] ======================================================= catchme 0.3.1367 W2K/XP/Vista - userland rootkit detector by Gmer, hxxp://www.gmer.net 掃描被隱藏的檔案：掃描被隱藏的程序：掃描被隱藏的啟動模組： HKLM\Software\Microsoft\Windows\CurrentVersion\Run HDAudDeck = C:\Program Files\VIA\VIAudioi\HDADeck\HDeck.exe 1???????????????????????????????????????????????? 被隱藏的檔案數量：0 ======================================================= IE 首頁設定: Internet Explorer Version: 6.0.2900.2180 HKLM - Search Page = hxxp://tw.rd.yahoo.com/customize/ie/defaults/sp/msgr9/*hxxp://tw.search.yahoo.com HKCU - Start Page = hxxp://tw.yahoo.com/ HKCU - Extra menu item: 使用迅雷下載 - E:\迅雷\Program\GetUrl.htm HKCU - Extra menu item: 使用迅雷下載全部鏈接 - E:\迅雷\Program\GetAllUrl.htm HKCU - Extra menu item: 匯出至 Microsoft Excel(&X) - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000 HKLM - Extensions: {09BA8F6D-CB54-424B-839C-C2A6C8E6B436} - E:\迅雷\Thunder.exe HKLM - Extensions: {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe . ======================================================= 2008-08-25 19:47:05.51 C:\nefix\BACKUP\log1.txt 2009-01-31 21:52:36.78 C:\nefix\BACKUP\LOG10.TXT 2008-08-30 23:46:17.89 C:\nefix\BACKUP\log2.txt 2008-09-06 13:26:45.81 C:\nefix\BACKUP\log3.txt 2008-09-12 12:51:42.81 C:\nefix\BACKUP\log4.txt 2008-09-14 0:06:37.31 C:\nefix\BACKUP\log5.txt 2008-10-10 11:40:43.31 C:\nefix\BACKUP\log6.txt 2008-11-07 17:06:58.07 C:\nefix\BACKUP\log7.txt 2008-11-28 23:42:44.37 C:\nefix\BACKUP\log8.txt 2009-01-29 13:55:13.73 C:\nefix\BACKUP\log9.txt ======================================================= 磁碟空間 C: - 74,006,327,296 位元組可用磁碟空間 D: - 80,510,230,528 位元組可用磁碟空間 E: - 78,037,975,040 位元組可用 ======================================================= 掃描結束時間: 2009-01-31 22:00:32.50 [/CODE] -- -- ※ 發信站: 批踢踢實業坊(ptt.cc) ◆ From: 119.15.239.18

推

newdark

01/31 22:58, , 1^F

01/31 22:58, 1^F

‣ 返回看板[ AntiVirus ] 防毒

‣ 更多 winzip390 的文章

文章代碼(AID): #19X5ldY- (AntiVirus)