之後用AVG掃過是中了一個高風險的hijackthis...已立即刪除,亦沒有開過任何exe檔,該有問題的exe檔為 4242.exe...試過用另一電腦download過其他的殺毒程式但仍是無法找到病毒,亦無法做系統還原...因電腦內有大量重要data不想重裝(不是照片)所以很頭痛...最擔心的是病毒仍在電腦內或病毒已破壞了我的電腦內的檔案!我已用過了五六款不同的殺毒軟件,而仍是未能找到病毒...我開了一個hijackthis file來看過,詳情如下:
hijackthis log...
Logfile of Trend Micro HijackThis v2.0.0 (BETA) Scan saved at 23:19:02, on 10/2/2008 Platform: Windows XP SP2 (WinNT 5.01.2600) Boot mode: Normal Running processes: C:\\WINDOWS\\System32\\smss.exe C:\\WINDOWS\\system32\\winlogon.exe
C:\\WINDOWS\\system32\\services.exe C:\\WINDOWS\\system32\\lsass.exe C:\\WINDOWS\\system32\\svchost.exe C:\\WINDOWS\\System32\\svchost.exe C:\\WINDOWS\\system32\\spoolsv.exe C:\\Program Files\\Grisoft\\AVG Anti-Spyware 7.5\\guard.exe C:\\PROGRA~1\\Grisoft\\AVGFRE~1\\avgamsvr.exe
C:\\PROGRA~1\\Grisoft\\AVGFRE~1\\avgupsvc.exe C:\\PROGRA~1\\Grisoft\\AVGFRE~1\\avgemc.exe C:\\Program Files\\Common Files\\Microsoft Shared\\VS7DEBUG\\MDM.EXE C:\\WINDOWS\\Explorer.EXE C:\\WINDOWS\\system32\\ctfmon.exe C:\\WINDOWS\\system32\\hkcmd.exe C:\\WINDOWS\\system32\\igfxpers.exe
C:\\Program Files\\CyberLink\\PowerDVD\\PDVDServ.exe C:\\Program Files\\D-Tools\\daemon.exe C:\\PROGRA~1\\Grisoft\\AVGFRE~1\\avgcc.exe C:\\Program Files\\Grisoft\\AVG Anti-Spyware 7.5\\avgas.exe C:\\Program Files\\Java\\j2re1.4.2_04\\bin\\jusched.exe C:\\Program Files\\FlashGet\\FlashGet.exe
C:\\Program Files\\Messenger\\msmsgs.exe C:\\Program Files\\Microsoft Chinese Date & Time\\ICalClk.exe C:\\Program Files\\Adobe\\Acrobat 6.0\\Distillr\\acrotray.exe C:\\PROGRA~1\\Yahoo!\\MESSEN~1\\ymsgr_tray.exe C:\\WINDOWS\\system32\\taskmgr.exe C:\\Program Files\\WinRAR\\WinRAR.exe
C:\\DOCUME~1\\LO\\LOCALS~1\\Temp\\Rar$EX00.329\\HiJackThis_v2.exe C:\\Program Files\\Internet Explorer\\iexplore.exe C:\\WINDOWS\\system32\\NOTEPAD.EXE R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\\Program Files\\Yahoo!\\Companion\\Installs\\cpn\\yt.dll
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\\Program Files\\Yahoo!\\Companion\\Installs\\cpn\\yt.dll O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\\Program Files\\Adobe\\Acrobat 6.0\\Acrobat\\ActiveX\\AcroIEHelper.dll
O2 - BHO: flashget urlcatch - {2F364306-AA45-47B5-9F9D-39A8B94E7EF7} - C:\\Program Files\\FlashGet\\jccatch.dll O2 - BHO: AcroIEToolbarHelper Class - {AE7CD045-E861-484f-8273-0445EE161910} - C:\\Program Files\\Adobe\\Acrobat 6.0\\Acrobat\\AcroIEFavClient.dll
O2 - BHO: FlashGet GetFlash Class - {F156768E-81EF-470C-9057-481BA8380DBA} - C:\\Program Files\\FlashGet\\getflash.dll O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\\Program Files\\Adobe\\Acrobat 6.0\\Acrobat\\AcroIEFavClient.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\\Program Files\\Yahoo!\\Companion\\Installs\\cpn\\yt.dll O4 - HKLM\\..\\Run: [IMJPMIG8.1] C:\\WINDOWS\\IME\\imjp8_1\\IMJPMIG.EXE /Spoil /RemAdvDef /Migration32 O4 - HKLM\\..\\Run: [SigmatelSysTrayApp] sttray.exe
O4 - HKLM\\..\\Run: [IntelAudioStudio] "C:\\Program Files\\Intel Audio Studio\\IntelAudioStudio.exe" BOOT O4 - HKLM\\..\\Run: [igfxtray] C:\\WINDOWS\\system32\\igfxtray.exe O4 - HKLM\\..\\Run: [igfxhkcmd] C:\\WINDOWS\\system32\\hkcmd.exe O4 - HKLM\\..\\Run: [igfxpers] C:\\WINDOWS\\system32\\igfxpers.exe
O4 - HKLM\\..\\Run: [CJIMETIPSYNC] C:\\Program Files\\Common Files\\Microsoft Shared\\IME\\IMTC65\\CHANGJIE\\CINTLCFG.EXE /CJIMETIPSync O4 - HKLM\\..\\Run: [PHIMETIPSYNC] C:\\Program Files\\Common Files\\Microsoft Shared\\IME\\IMTC65\\PHONETIC\\TINTLCFG.EXE /PHIMETIPSync
O4 - HKLM\\..\\Run: [NeroFilterCheck] C:\\WINDOWS\\system32\\NeroCheck.exe O4 - HKLM\\..\\Run: [RemoteControl] "C:\\Program Files\\CyberLink\\PowerDVD\\PDVDServ.exe" O4 - HKLM\\..\\Run: [DAEMON Tools-1033] "C:\\Program Files\\D-Tools\\daemon.exe" -lang 1033
O4 - HKLM\\..\\Run: [AVG7_CC] C:\\PROGRA~1\\Grisoft\\AVGFRE~1\\avgcc.exe /STARTUP O4 - HKLM\\..\\Run: [!AVG Anti-Spyware] "C:\\Program Files\\Grisoft\\AVG Anti-Spyware 7.5\\avgas.exe" /minimized O4 - HKLM\\..\\Run: [SunJavaUpdateSched] C:\\Program Files\\Java\\j2re1.4.2_04\\bin\\jusched.exe
O4 - HKLM\\..\\Run: [Flashget] "C:\\Program Files\\FlashGet\\FlashGet.exe" /min O4 - HKCU\\..\\Run: [ctfmon.exe] C:\\WINDOWS\\system32\\ctfmon.exe O4 - HKCU\\..\\Run: [MSMSGS] "C:\\Program Files\\Messenger\\msmsgs.exe" /background
O4 - HKCU\\..\\Run: [MSCalsClocks] C:\\Program Files\\Microsoft Chinese Date & Time\\ICalClk.exe O4 - HKCU\\..\\Run: [Yahoo! Pager] "C:\\PROGRA~1\\Yahoo!\\MESSEN~1\\YAHOOM~1.EXE" -quiet O4 - HKCU\\..\\Run: [foxy] "C:\\Program Files\\Foxy\\Foxy.exe" -tray
O4 - HKUS\\S-1-5-19\\..\\Run: [ctfmon.exe] C:\\WINDOWS\\System32\\CTFMON.EXE (User 'LOCAL SERVICE') O4 - HKUS\\S-1-5-19\\..\\Run: [AVG7_Run] C:\\PROGRA~1\\Grisoft\\AVGFRE~1\\avgw.exe /RUNONCE (User 'LOCAL SERVICE')
O4 - HKUS\\S-1-5-20\\..\\Run: [ctfmon.exe] C:\\WINDOWS\\System32\\CTFMON.EXE (User 'NETWORK SERVICE') O4 - HKUS\\S-1-5-18\\..\\Run: [ctfmon.exe] C:\\WINDOWS\\System32\\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\\.DEFAULT\\..\\Run: [ctfmon.exe] C:\\WINDOWS\\System32\\CTFMON.EXE (User 'Default user') O8 - Extra context menu item: &使用 FlashGet 下載 - C:\\Program Files\\FlashGet\\jc_link.htm
