overclockzonefanpage  overclockzoneth  TV  RSS  


Results 1 to 3 of 3

Thread: ไวรัสหรือเปล่าครับช่วยทีครับ

  1. #1
    OverclockZone Member NoVicE's Avatar
    Join Date
    29 Apr 2007

    Default ไวรัสหรือเปล่าครับช่วยทีครับ



    ตามในรูปเลยครับขึ้นมาเป็นบางช่วงครับ จะบ่อยโดยเฉพาะตอนคลิกที่ลิ้งค์(เม้าท์เป็นรูปมือ)ตอนอ่านHelpของโปรแกรมต่าง แต่ลิงค์เว็บไซต์คลิกแล้วไม่ขึ้นครับ อยู่เฉยๆทิ้งเครื่องไว้บางทีก็ขึ้น มันคืออะไรช่วยทีครับ

  2. #2
    เมพขิงๆ Mania ! TWK.'s Avatar
    Join Date
    5 Dec 2006
    Location
    ทริป เหมืองปิล๊อก (กาญจนบุรี)

    Default

    เป็นไปได้
    หรือ สปายแวร์ นะ

  3. #3
    OverclockZone Member NoVicE's Avatar
    Join Date
    29 Apr 2007

    Default

    Quote Originally Posted by TWK. View Post
    เป็นไปได้
    หรือ สปายแวร์ นะ
    ลองดู log ไฟล์ให้ทีสิครับตัวไหนสมควรฟิก
    Code:
    Logfile of HijackThis v1.99.1
    Scan saved at 10:07:56, on 16/06/2551
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
    
    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\system32\cisvc.exe
    C:\PROGRA~1\SYMANT~1\SYMANT~1\DefWatch.exe
    C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
    C:\WINDOWS\Explorer.EXE
    C:\PROGRA~1\SYMANT~1\SYMANT~1\Rtvscan.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\Pure Networks\Network Magic\nmsrvc.exe
    C:\WINDOWS\system32\igfxtray.exe
    C:\Program Files\Security Administrator\newlock.exe
    C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\fpdisp5a.exe
    C:\PROGRA~1\SYMANT~1\SYMANT~1\vptray.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\USB Safely Remove\USBSafelyRemove.exe
    C:\Program Files\XemiComputers\Active Desktop Calendar\ADC.exe
    C:\PVSW\Bin\W3DBSMGR.EXE
    C:\Program Files\Stardock\ObjectDock\ObjectDock.exe
    C:\Program Files\Mozilla Firefox\firefox.exe
    C:\WINDOWS\system32\cidaemon.exe
    C:\WINDOWS\system32\cidaemon.exe
    C:\Program Files\Microsoft Office\Office10\EXCEL.EXE
    C:\Program Files\10-Strike LANState\LANState.exe
    C:\Program Files\Fuji Xerox\DocuWorks\bin\dwdesk.exe
    C:\WINDOWS\system32\cmd.exe
    C:\Documents and Settings\AC012.AU-THAN\Desktop\ProcessExplorer\HijackThis.exe
    
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = 
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = 
    R3 - URLSearchHook: Foxit Toolbar - {73c7d5b0-7b03-444a-84c7-ce1ba03b5573} - C:\Program Files\Foxit\tbFoxi.dll
    O1 - Hosts: 127.255.255.255 serial.alcohol-soft.com
    O1 - Hosts: 127.255.255.255 www.alcohol-soft.com
    O1 - Hosts: 127.255.255.255 images.alcohol-soft.com
    O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0
    
    \Acrobat\ActiveX\AcroIEHelper.dll
    O2 - BHO: Flashget Catch Url Class - {2F364306-AA45-47B5-9F9D-39A8B94E7EF7} - C:\Program Files\FlashGet\jccatch.dll
    O2 - BHO: Foxit Toolbar - {73c7d5b0-7b03-444a-84c7-ce1ba03b5573} - C:\Program Files\Foxit\tbFoxi.dll
    O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
    O2 - BHO: AcroIEToolbarHelper Class - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 6.0
    
    \Acrobat\AcroIEFavClient.dll
    O2 - BHO: gFlash Class - {F156768E-81EF-470C-9057-481BA8380DBA} - C:\Program Files\FlashGet\getflash.dll
    O3 - Toolbar: FlashGet - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - C:\Program Files\FlashGet\fgiebar.dll
    O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 6.0
    
    \Acrobat\AcroIEFavClient.dll
    O3 - Toolbar: Foxit Toolbar - {73c7d5b0-7b03-444a-84c7-ce1ba03b5573} - C:\Program Files\Foxit\tbFoxi.dll
    O4 - HKLM\..\Run: [bdmreg] C:\WINDOWS\system32\bdmreg.exe
    O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
    O4 - HKLM\..\Run: [00saskda] "C:\Program Files\Security Administrator\newlock.exe" saskda
    O4 - HKLM\..\Run: [FinePrint Dispatcher v5] "C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\fpdisp5a.exe" 
    
    /source=HKLM
    O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
    O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\SYMANT~1\vptray.exe
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [USB Safely Remove] C:\Program Files\USB Safely Remove\USBSafelyRemove.exe /startup
    O4 - HKCU\..\Run: [Active Desktop Calendar] C:\Program Files\XemiComputers\Active Desktop Calendar\ADC.exe
    O4 - Startup: Stardock ObjectDock.lnk = C:\Program Files\Stardock\ObjectDock\ObjectDock.exe
    O4 - Global Startup: Pervasive.SQL Workstation Engine.lnk = C:\PVSW\Bin\W3DBSMGR.EXE
    O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
    O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Toolbars\Restrictions present
    O8 - Extra context menu item: &ดาวน์โหลดทั้งหมดโดยใช้ FlashGet - C:\Program Files\FlashGet\jc_all.htm
    O8 - Extra context menu item: &ดาวน์โหลดโดยใช้  FlashGet - C:\Program Files\FlashGet\jc_link.htm
    O8 - Extra context menu item: ส่&งออกไปยัง Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_01
    
    \bin\npjpi150_01.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program 
    
    Files\Java\jre1.5.0_01\bin\npjpi150_01.dll
    O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11
    
    \REFIEBAR.DLL
    O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\flashget.exe
    O9 - Extra 'Tools' menuitem: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\flashget.exe
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program 
    
    Files\Messenger\msmsgs.exe
    O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - 
    
    http://gfx1.hotmail.com/mail/w2/resources/MSNPUpld.cab
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = AU-THAN
    O17 - HKLM\Software\..\Telephony: DomainName = AU-THAN
    O17 - HKLM\System\CCS\Services\Tcpip\..\{D26608CA-AD8C-427F-B04B-618ADA4EF97A}: NameServer = 
    
    192.168.1.2,192.168.1.1
    O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = AU-THAN.COM
    O17 - HKLM\System\CS2\Services\Tcpip\Parameters: Domain = AU-THAN
    O17 - HKLM\System\CS3\Services\Tcpip\Parameters: Domain = AU-THAN
    O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WINDOW~3\MESSEN~1
    
    \MSGRAP~1.DLL
    O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WINDOW~3\MESSEN~1
    
    \MSGRAP~1.DLL
    O18 - Protocol: pure-go - {4746C79A-2042-4332-8650-48966E44ABA8} - C:\Program Files\Common Files\Pure Networks 
    
    Shared\puresp3.dll
    O20 - Winlogon Notify: NavLogon - C:\WINDOWS\system32\NavLogon.dll
    O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems 
    
    Shared\Service\Adobelmsvc.exe
    O23 - Service: ConfigFree Service (CFSvcs) - Unknown owner - C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe (file 
    
    missing)
    O23 - Service: DefWatch - Symantec Corporation - C:\PROGRA~1\SYMANT~1\SYMANT~1\DefWatch.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common 
    
    Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
    O23 - Service: LckFldService - Unknown owner - C:\WINDOWS\system32\LckFldService.exe
    O23 - Service: BitDefender Desktop Update Service (LIVESRV) - Unknown owner - (no file)
    O23 - Service: Pure Networks Net2Go Service (nmraapache) - Unknown owner - C:\Program Files\Pure Networks\Network 
    
    Magic\WebServer\bin\nmraapache.exe" -k runservice (file missing)
    O23 - Service: Pure Networks Network Magic Service (nmservice) - Pure Networks, Inc. - C:\Program Files\Pure 
    
    Networks\Network Magic\nmsrvc.exe
    O23 - Service: NOD32 Kernel Service (NOD32krn) - Unknown owner - C:\Program Files\Eset\nod32krn.exe (file missing)
    O23 - Service: Symantec AntiVirus Client (Norton AntiVirus Server) - Symantec Corporation - C:\PROGRA~1\SYMANT~1
    
    \SYMANT~1\Rtvscan.exe
    O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe



Bookmarks

Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •