軟體 - ie老自動彈出視窗

psac · 2006-06-01, 06:02 AM

Q:

我的ie老自動彈出視窗請大家看下。
我的ie老自動彈出視窗請大家看下是那個工作行程的問題，怎麼解決？
我用惡意軟件清理助手在安全模式下清理了也不行！鬱悶中！
[PID: 472][\SystemRoot\System32\smss.exe] <Microsoft Corporation><5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)>
[PID: 528][\??\C:\WINDOWS\system32\csrss.exe] <Microsoft Corporation><5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)>
[PID: 552][\??\C:\WINDOWS\system32\winlogon.exe] <Microsoft Corporation><5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)>
[PID: 596][C:\WINDOWS\system32\services.exe] <Microsoft Corporation><5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)>
[PID: 608][C:\WINDOWS\system32\lsass.exe] <Microsoft Corporation><5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)>
[PID: 756][C:\WINDOWS\system32\svchost.exe] <Microsoft Corporation><5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)>
[PID: 800][C:\WINDOWS\system32\svchost.exe] <Microsoft Corporation><5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)>
[PID: 860][C:\WINDOWS\System32\svchost.exe] <Microsoft Corporation><5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)>
[PID: 956][C:\WINDOWS\system32\svchost.exe] <Microsoft Corporation><5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)>
[PID: 972][C:\WINDOWS\system32\svchost.exe] <Microsoft Corporation><5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)>
[PID: 1280][C:\WINDOWS\system32\spoolsv.exe] <Microsoft Corporation><5.1.2600.2696 (xpsp_sp2_gdr.050610-1519)>
[PID: 1288][C:\WINDOWS\Explorer.EXE] <Microsoft Corporation><6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)>
[C:\Program Files\WinRAR\rarext.dll] <N/A><N/A>
[C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Personal\shellex.dll] <Kaspersky Lab><5.0.676.1>
[C:\WINDOWS\system32\PYJJU.IME] <北京六合源軟件技術有限公司><2, 2, 0, 4>
[C:\WINDOWS\system32\MicrosoftNet.dll] <TODO: <公司名>><1.0.0.1>
[d:\Thunder Network\Thunder\ComDlls\XunLeiBHO_001.dll] <Thunder Networking Technologies,LTD><5, 0, 0, 1>
[d:\NetTransport 2\NTIEHelper.dll] <Xi><1.91.12>
[PID: 1528][C:\WINDOWS\system32\RUNDLL32.EXE] <Microsoft Corporation><5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)>
[C:\WINDOWS\system32\NvMcTray.dll] <NVIDIA Corporation><6.14.10.6085>
[PID: 1536][C:\Program Files\Common Files\Real\Update_OB\realsched.exe] <RealNetworks, Inc.><0.1.0.3018>
[PID: 1552][C:\WINDOWS\system32\ctfmon.exe] <Microsoft Corporation><5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)>
[PID: 1560][C:\Program Files\pcsporl\Sporl.exe] <N/A><N/A>
[C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Personal\scrchpg.dll] <Kaspersky Lab><5.0.676.20>
[C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Personal\scbridge.dll] <Kaspersky Lab><5.0.676.1>
[C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Personal\klipc.dll] <Kaspersky Lab><5.0.676.0>
[C:\WINDOWS\system32\Macromed\Flash\Flash8b.ocx] <Macromedia, Inc.><8,0,24,0>
[PID: 1764][C:\WINDOWS\system32\nvsvc32.exe] <NVIDIA Corporation><6.14.10.6085>
[PID: 1904][C:\WINDOWS\system32\wdfmgr.exe] <Microsoft Corporation><5.2.3790.1230 built by: DNSRV(bld4act)>
[PID: 1672][C:\WINDOWS\System32\alg.exe] <Microsoft Corporation><5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)>
[PID: 2108][C:\Program Files\Maxthon\Maxthon.exe] <Maxthon International Ltd.><1, 5, 1, 39>
[C:\Program Files\Maxthon\maxzlib.dll] < ><1, 0, 0, 2>
[C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Personal\scrchpg.dll] <Kaspersky Lab><5.0.676.20>
[C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Personal\scbridge.dll] <Kaspersky Lab><5.0.676.1>
[C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Personal\klipc.dll] <Kaspersky Lab><5.0.676.0>
[C:\Program Files\Maxthon\Services\RealTime\real_time.dll] <><1, 0, 0, 1>
[C:\WINDOWS\system32\PYJJU.IME] <北京六合源軟件技術有限公司><2, 2, 0, 4>
[C:\WINDOWS\system32\Macromed\Flash\Flash8b.ocx] <Macromedia, Inc.><8,0,24,0>
[PID: 3260][C:\WINDOWS\system32\PYINTAU.EXE] <北京六合源軟件技術有限公司><2, 2, 1, 4>
[C:\WINDOWS\system32\PYCODEU.dll] <北京六合源軟件技術有限公司><2, 2, 0, 4>
[C:\WINDOWS\system32\PYJJCZU.dll] <北京六合源軟件技術有限公司><2, 2, 0, 0>
[PID: 2588][d:\Thunder Network\Thunder\Program\Thunder5.exe] <Thunder Networking Technologies,LTD><5.1.6.198>
[d:\Thunder Network\Thunder\Program\updatedownload.dll] <Thunder Networking Technologies,LTD><1, 0, 1, 3>
[d:\Thunder Network\Thunder\Program\download_interface.dll] <Thunder Networking Technologies,LTD><1, 0, 2, 69>
[d:\Thunder Network\Thunder\Program\log4cplus.dll] <><1, 0, 2, 1>
[d:\Thunder Network\Thunder\Program\stlport_vc646.dll] <STLport Consulting, Inc.><4.6.2003.1031>
[d:\Thunder Network\Thunder\Program\asyn_dns.dll] <N/A><N/A>
[d:\Thunder Network\Thunder\Program\msgmanage.dll] <Thunder Networking Technologies,LTD><1, 0, 0, 15>
[d:\Thunder Network\Thunder\Program\historyinfo_manage.dll] <Thunder Networking Technologies,LTD><5, 2, 0, 148>
[d:\Thunder Network\Thunder\Program\RegisterDll.dll] <Thunder Networking Technologies,LTD><1, 2, 0, 7>
[d:\Thunder Network\Thunder\Program\FloatBar.dll] <Thunder Networking Technologies,LTD><1, 0, 0, 2>
[d:\Thunder Network\Thunder\Components\InMedia\iEmbedShell.dll] <　><1, 0, 0, 5>
[d:\Thunder Network\Thunder\Components\InMedia\iEmbed.dll] <　><2, 1, 0, 29>
[d:\Thunder Network\Thunder\Components\P4PClient\P4PClient.dll] <Thunder Networking Technologies,LTD><1, 0, 0, 4>
[d:\Thunder Network\Thunder\Program\iTargetAd.dll] <Thunder Networking Technologies,LTD><1, 0, 0, 60>
[C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Personal\scrchpg.dll] <Kaspersky Lab><5.0.676.20>
[C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Personal\scbridge.dll] <Kaspersky Lab><5.0.676.1>
[C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Personal\klipc.dll] <Kaspersky Lab><5.0.676.0>
[PID: 168][C:\Documents and Settings\admin\桌面\掃瞄工具\SREng.exe] <Smallfrogs Studio><2.0.12.350>
瀏覽器載入項：
瀏覽器載入項
[CaiShowBH Class]
{3AF40CB8-B3BA-4E2D-8968-4BF8DB172997} <C:\Program Files\CaiShow Tech\CaiShow\BrowerHelper.dll, TODO: <公司名>>
[QQBrowserHelperObject Class]
{54EBD53A-9BC1-480B-966A-843A333CA162} <D:\Tencent\qq\QQIEHelper.dll, 深圳市騰訊電腦系統有限公司>
[NetAccelerate Class]
{5673A7C0-95CC-4646-BB07-3BD71234CEF9} <C:\WINDOWS\system32\MicrosoftNet.dll, TODO: <公司名>>
[Thunder Browser Helper]
{889D2FEB-5411-4565-8998-1DD2C5261283} <d:\Thunder Network\Thunder\ComDlls\XunLeiBHO_001.dll, Thunder Networking Technologies,LTD>
[NTIECatcher Class]
{C56CB6B0-0D96-11D6-8C65-B2868B609932} <d:\NetTransport 2\NTIEHelper.dll, Xi>
[QQ]
{c95fe080-8f5d-11d2-a20b-00aa003c157b} <D:\Tencent\qq\QQ.EXE, TENCENT>
[QQIEFloatBarCfgCmd Class]
{DEDEB80D-FA35-45d9-9460-4983E5A8AFE6} <D:\Tencent\qq\QQIEHelper.dll, 深圳市騰訊電腦系統有限公司>
[Messenger]
{FB5F1910-F110-11d2-BB9E-00C04F795683} <C:\Program Files\Messenger\msmsgs.exe, Microsoft Corporation>
[金山快譯(&K)]
{6C3797D2-3FEF-4cd4-B654-D3AE55B4128C} <d:\FASTAI~1\IEBand.dll, >
[CEditCtrl Object]
{488A4255-3236-44B3-8F27-FA1AECAA8844} <C:\WINDOWS\system32\aliedit\AliEdit.dll, www.alipay.com>
[WebActivater Control]
{C661F36D-DF85-4EF4-83C7-E107B83D04B1} <C:\WINDOWS\system32\3DShowVM.ocx, QQ>
[Shockwave Flash Object]
{D27CDB6E-AE6D-11CF-96B8-444553540000} <C:\WINDOWS\system32\Macromed\Flash\Flash8b.ocx, Macromedia, Inc.>
[Shell Automation Service]
{13709620-C279-11CE-A49E-444553540000} <%SystemRoot%\system32\SHELL32.dll, N/A>
[RealPlayer SMIL Download Handler]
{224E833B-2CC6-42D9-AE39-90B6A38A4FA2} <C:\WINDOWS\system32\rmoc3260.dll, RealNetworks, Inc.>
[Windows Media Player]
{22D6F312-B0F6-11D0-94AB-0080C74C7E95} <C:\WINDOWS\system32\wmpdxm.dll, Microsoft Corporation>
[HTML Document]
{25336920-03F9-11CF-8FD0-00AA00686F13} <%SystemRoot%\system32\mshtml.dll, N/A>
[CaiShowBH Class]
{3AF40CB8-B3BA-4E2D-8968-4BF8DB172997} <C:\Program Files\CaiShow Tech\CaiShow\BrowerHelper.dll, TODO: <公司名>>
[CEditCtrl Object]
{488A4255-3236-44B3-8F27-FA1AECAA8844} <C:\WINDOWS\system32\aliedit\AliEdit.dll, www.alipay.com>
[HHCtrl Object]
{52A2AAAE-085D-4187-97EA-8C30DB990436} <C:\WINDOWS\system32\hhctrl.ocx, Microsoft Corporation>
[QQBrowserHelperObject Class]
{54EBD53A-9BC1-480B-966A-843A333CA162} <D:\Tencent\qq\QQIEHelper.dll, 深圳市騰訊電腦系統有限公司>
[NetAccelerate Class]
{5673A7C0-95CC-4646-BB07-3BD71234CEF9} <C:\WINDOWS\system32\MicrosoftNet.dll, TODO: <公司名>>
[金山快譯(&K)]
{6C3797D2-3FEF-4CD4-B654-D3AE55B4128C} <d:\FASTAI~1\IEBand.dll, >
[Thunder Browser Helper]
{889D2FEB-5411-4565-8998-1DD2C5261283} <d:\Thunder Network\Thunder\ComDlls\XunLeiBHO_001.dll, Thunder Networking Technologies,LTD>
[Microsoft Scriptlet Component]
{AE24FDAE-03C6-11D1-8B76-0080C744F389} <C:\WINDOWS\system32\mshtml.dll, Microsoft Corporation>
[SearchAssistantOC]
{B45FF030-4447-11D2-85DE-00C04FA35C89} <%SystemRoot%\system32\shdocvw.dll, N/A>
[NTIECatcher Class]
{C56CB6B0-0D96-11D6-8C65-B2868B609932} <d:\NetTransport 2\NTIEHelper.dll, Xi>
[RealPlayer G2 Control]
{CFCDAA03-8BE4-11CF-B84B-0020AFBBCCFA} <C:\WINDOWS\system32\rmoc3260.dll, RealNetworks, Inc.>
[Shockwave Flash Object]
{D27CDB6E-AE6D-11CF-96B8-444553540000} <C:\WINDOWS\system32\Macromed\Flash\Flash8b.ocx, Macromedia, Inc.>
[>>彩信發送<<]
<res://C:\PROGRA~1\MMSASS~1\Mmsass~1.dll/mms.htm, N/A>
[上傳到QQ網路硬碟]
<D:\Tencent\qq\AddToNetDisk.htm, N/A>
[使用影音傳送帶下載]
<D:\NetTransport 2\NTAddLink.html, N/A>
[使用影音傳送帶下載全部鏈接]
<D:\NetTransport 2\NTAddList.html, N/A>
[使用迅雷下載]
<d:\Thunder Network\Thunder\Program\GetUrl.htm, N/A>
[使用迅雷下載全部鏈接]
<d:\Thunder Network\Thunder\Program\GetAllUrl.htm, N/A>
[新增到QQ自定義面板]
<D:\Tencent\qq\AddPanel.htm, N/A>
[新增到QQ表情]
<D:\Tencent\qq\AddEmotion.htm, N/A>
[新增到雅虎訂閱(&Y)]
<res://C:\PROGRA~1\Yahoo!\ASSIST~1\Assist\yrss.dll/YRSSMENUEXT, N/A>
[用QQ彩信發送該圖片]
<D:\Tencent\qq\SendMMS.htm, N/A>
[用炫彩圖鈴發送該圖片]
<C:\Program Files\CaiShow Tech\CaiShow\SendMMS.htm, N/A>
[訪問唯一下載查找]
<http://www.onlydown.cn/down.htm, N/A>
2006-05-31,17:42:32

System Repair Engineer 2.0.12.350 (2.0 RC 1)
Windows XP Professional Service Pack 2 - 管理權限用戶 - 完整功能

以下內容被選中：
所有的啟動專案（包括註冊表、啟動資料夾、服務等）
瀏覽器載入項
正在執行的工作行程（包括工作行程模塊訊息）
文件關聯

啟動專案
註冊表
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
<ctfmon.exe><C:\WINDOWS\system32\ctfmon.exe>
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
<ScanRegistry><C:\Program Files\pcsporl\Sporl.exe>
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
<caishowmanage><C:\Program Files\CaiShow Tech\CaiShow\UpdateManager.EXE>
[HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows]
<load><>
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
<IMJPMIG8.1><"C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32>
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
<PHIME2002ASync><C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC>
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
<PHIME2002A><C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName>
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
<NvCplDaemon><RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup>
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
<nwiz><nwiz.exe /install>
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
<NvMediaCenter><RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit>
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
<TkBellExe><"C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot>
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
<KAVPersonal50><"C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Personal\kav.exe" /minimize>
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
<shell><Explorer.exe>
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
<Userinit><C:\WINDOWS\system32\userinit.exe,C:\Program Files\Eset\freeme.exe /s,>
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Windows]
<AppInit_DLLs><>

==================================
啟動資料夾
服務
[HID Input Service Time / HID sever]
<C:\WINDOWS\system32\Hsever.exe><N/A>
[Kaspersky Anti-Virus Service / kavsvc]
<"C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Personal\kavsvc.exe"><Kaspersky Lab>
[NVIDIA Display Driver Service / NVSvc]
<C:\WINDOWS\system32\nvsvc32.exe><NVIDIA Corporation>
[winaua / winaua]
<C:\DOCUME~1\admin\LOCALS~1\Temp\aua1\aua1.exe -R><N/A>

==================================
瀏覽器載入項
[CaiShowBH Class]
{3AF40CB8-B3BA-4E2D-8968-4BF8DB172997} <C:\Program Files\CaiShow Tech\CaiShow\BrowerHelper.dll, TODO: <公司名>>
[QQBrowserHelperObject Class]
{54EBD53A-9BC1-480B-966A-843A333CA162} <D:\Tencent\qq\QQIEHelper.dll, 深圳市騰訊電腦系統有限公司>
[NetAccelerate Class]
{5673A7C0-95CC-4646-BB07-3BD71234CEF9} <C:\WINDOWS\system32\MicrosoftNet.dll, TODO: <公司名>>
[Thunder Browser Helper]
{889D2FEB-5411-4565-8998-1DD2C5261283} <d:\Thunder Network\Thunder\ComDlls\XunLeiBHO_001.dll, Thunder Networking Technologies,LTD>
[NTIECatcher Class]
{C56CB6B0-0D96-11D6-8C65-B2868B609932} <d:\NetTransport 2\NTIEHelper.dll, Xi>
[QQ]
{c95fe080-8f5d-11d2-a20b-00aa003c157b} <D:\Tencent\qq\QQ.EXE, TENCENT>
[QQIEFloatBarCfgCmd Class]
{DEDEB80D-FA35-45d9-9460-4983E5A8AFE6} <D:\Tencent\qq\QQIEHelper.dll, 深圳市騰訊電腦系統有限公司>
[Messenger]
{FB5F1910-F110-11d2-BB9E-00C04F795683} <C:\Program Files\Messenger\msmsgs.exe, Microsoft Corporation>
[金山快譯(&K)]
{6C3797D2-3FEF-4cd4-B654-D3AE55B4128C} <d:\FASTAI~1\IEBand.dll, >
[CEditCtrl Object]
{488A4255-3236-44B3-8F27-FA1AECAA8844} <C:\WINDOWS\system32\aliedit\AliEdit.dll, www.alipay.com>
[WebActivater Control]
{C661F36D-DF85-4EF4-83C7-E107B83D04B1} <C:\WINDOWS\system32\3DShowVM.ocx, QQ>
[Shockwave Flash Object]
{D27CDB6E-AE6D-11CF-96B8-444553540000} <C:\WINDOWS\system32\Macromed\Flash\Flash8b.ocx, Macromedia, Inc.>
[Shell Automation Service]
{13709620-C279-11CE-A49E-444553540000} <%SystemRoot%\system32\SHELL32.dll, N/A>
[RealPlayer SMIL Download Handler]
{224E833B-2CC6-42D9-AE39-90B6A38A4FA2} <C:\WINDOWS\system32\rmoc3260.dll, RealNetworks, Inc.>
[Windows Media Player]
{22D6F312-B0F6-11D0-94AB-0080C74C7E95} <C:\WINDOWS\system32\wmpdxm.dll, Microsoft Corporation>
[HTML Document]
{25336920-03F9-11CF-8FD0-00AA00686F13} <%SystemRoot%\system32\mshtml.dll, N/A>
[CaiShowBH Class]
{3AF40CB8-B3BA-4E2D-8968-4BF8DB172997} <C:\Program Files\CaiShow Tech\CaiShow\BrowerHelper.dll, TODO: <公司名>>
[CEditCtrl Object]
{488A4255-3236-44B3-8F27-FA1AECAA8844} <C:\WINDOWS\system32\aliedit\AliEdit.dll, www.alipay.com>
[HHCtrl Object]
{52A2AAAE-085D-4187-97EA-8C30DB990436} <C:\WINDOWS\system32\hhctrl.ocx, Microsoft Corporation>
[QQBrowserHelperObject Class]
{54EBD53A-9BC1-480B-966A-843A333CA162} <D:\Tencent\qq\QQIEHelper.dll, 深圳市騰訊電腦系統有限公司>
[NetAccelerate Class]
{5673A7C0-95CC-4646-BB07-3BD71234CEF9} <C:\WINDOWS\system32\MicrosoftNet.dll, TODO: <公司名>>
[金山快譯(&K)]
{6C3797D2-3FEF-4CD4-B654-D3AE55B4128C} <d:\FASTAI~1\IEBand.dll, >
[Thunder Browser Helper]
{889D2FEB-5411-4565-8998-1DD2C5261283} <d:\Thunder Network\Thunder\ComDlls\XunLeiBHO_001.dll, Thunder Networking Technologies,LTD>
[Microsoft Scriptlet Component]
{AE24FDAE-03C6-11D1-8B76-0080C744F389} <C:\WINDOWS\system32\mshtml.dll, Microsoft Corporation>
[SearchAssistantOC]
{B45FF030-4447-11D2-85DE-00C04FA35C89} <%SystemRoot%\system32\shdocvw.dll, N/A>
[NTIECatcher Class]
{C56CB6B0-0D96-11D6-8C65-B2868B609932} <d:\NetTransport 2\NTIEHelper.dll, Xi>
[RealPlayer G2 Control]
{CFCDAA03-8BE4-11CF-B84B-0020AFBBCCFA} <C:\WINDOWS\system32\rmoc3260.dll, RealNetworks, Inc.>
[Shockwave Flash Object]
{D27CDB6E-AE6D-11CF-96B8-444553540000} <C:\WINDOWS\system32\Macromed\Flash\Flash8b.ocx, Macromedia, Inc.>
[>>彩信發送<<]
<res://C:\PROGRA~1\MMSASS~1\Mmsass~1.dll/mms.htm, N/A>
[上傳到QQ網路硬碟]
<D:\Tencent\qq\AddToNetDisk.htm, N/A>
[使用影音傳送帶下載]
<D:\NetTransport 2\NTAddLink.html, N/A>
[使用影音傳送帶下載全部鏈接]
<D:\NetTransport 2\NTAddList.html, N/A>
[使用迅雷下載]
<d:\Thunder Network\Thunder\Program\GetUrl.htm, N/A>
[使用迅雷下載全部鏈接]
<d:\Thunder Network\Thunder\Program\GetAllUrl.htm, N/A>
[新增到QQ自定義面板]
<D:\Tencent\qq\AddPanel.htm, N/A>
[新增到QQ表情]
<D:\Tencent\qq\AddEmotion.htm, N/A>
[新增到雅虎訂閱(&Y)]
<res://C:\PROGRA~1\Yahoo!\ASSIST~1\Assist\yrss.dll/YRSSMENUEXT, N/A>
[用QQ彩信發送該圖片]
<D:\Tencent\qq\SendMMS.htm, N/A>
[用炫彩圖鈴發送該圖片]
<C:\Program Files\CaiShow Tech\CaiShow\SendMMS.htm, N/A>
[訪問唯一下載查找]
<http://www.onlydown.cn/down.htm, N/A>

==================================
正在執行的工作行程
[PID: 480][\SystemRoot\System32\smss.exe] <Microsoft Corporation><5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)>
[PID: 536][\??\C:\WINDOWS\system32\csrss.exe] <Microsoft Corporation><5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)>
[PID: 560][\??\C:\WINDOWS\system32\winlogon.exe] <Microsoft Corporation><5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)>
[PID: 604][C:\WINDOWS\system32\services.exe] <Microsoft Corporation><5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)>
[PID: 616][C:\WINDOWS\system32\lsass.exe] <Microsoft Corporation><5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)>
[PID: 756][C:\WINDOWS\system32\svchost.exe] <Microsoft Corporation><5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)>
[PID: 804][C:\WINDOWS\system32\svchost.exe] <Microsoft Corporation><5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)>
[PID: 840][C:\WINDOWS\System32\svchost.exe] <Microsoft Corporation><5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)>
[PID: 888][C:\WINDOWS\system32\svchost.exe] <Microsoft Corporation><5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)>
[PID: 948][C:\WINDOWS\system32\svchost.exe] <Microsoft Corporation><5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)>
[PID: 1240][C:\WINDOWS\system32\spoolsv.exe] <Microsoft Corporation><5.1.2600.2696 (xpsp_sp2_gdr.050610-1519)>
[PID: 1440][C:\WINDOWS\system32\nvsvc32.exe] <NVIDIA Corporation><6.14.10.6085>
[PID: 1532][C:\WINDOWS\system32\wdfmgr.exe] <Microsoft Corporation><5.2.3790.1230 built by: DNSRV(bld4act)>
[PID: 1812][C:\WINDOWS\System32\alg.exe] <Microsoft Corporation><5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)>
[PID: 1988][C:\WINDOWS\system32\ctfmon.exe] <Microsoft Corporation><5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)>
[PID: 1968][C:\WINDOWS\system32\RUNDLL32.EXE] <Microsoft Corporation><5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)>
[C:\WINDOWS\system32\NvMcTray.dll] <NVIDIA Corporation><6.14.10.6085>
[PID: 1976][C:\Program Files\Common Files\Real\Update_OB\realsched.exe] <RealNetworks, Inc.><0.1.0.3018>
[PID: 136][C:\Program Files\pcsporl\Sporl.exe] <N/A><N/A>
[C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Personal\scrchpg.dll] <Kaspersky Lab><5.0.676.20>
[C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Personal\scbridge.dll] <Kaspersky Lab><5.0.676.1>
[C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Personal\klipc.dll] <Kaspersky Lab><5.0.676.0>
[PID: 1048][C:\Program Files\Maxthon\Maxthon.exe] <Maxthon International Ltd.><1, 5, 1, 39>
[C:\Program Files\Maxthon\maxzlib.dll] < ><1, 0, 0, 2>
[C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Personal\scrchpg.dll] <Kaspersky Lab><5.0.676.20>
[C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Personal\scbridge.dll] <Kaspersky Lab><5.0.676.1>
[C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Personal\klipc.dll] <Kaspersky Lab><5.0.676.0>
[C:\Program Files\Maxthon\Services\RealTime\real_time.dll] <><1, 0, 0, 1>
[C:\WINDOWS\system32\Macromed\Flash\Flash8b.ocx] <Macromedia, Inc.><8,0,24,0>
[PID: 992][C:\WINDOWS\explorer.exe] <Microsoft Corporation><6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)>
[C:\WINDOWS\system32\MicrosoftNet.dll] <TODO: <公司名>><1.0.0.1>
[d:\Thunder Network\Thunder\ComDlls\XunLeiBHO_001.dll] <Thunder Networking Technologies,LTD><5, 0, 0, 1>
[d:\NetTransport 2\NTIEHelper.dll] <Xi><1.91.12>
[PID: 1120][C:\Documents and Settings\admin\桌面\掃瞄工具\SREng.exe] <Smallfrogs Studio><2.0.12.350>

==================================
文件關聯
.TXT OK. [%SystemRoot%\system32\NOTEPAD.EXE %1]
.EXE OK. ["%1" %*]
.COM OK. ["%1" %*]
.PIF OK. ["%1" %*]
.REG OK. [regedit.exe "%1"]
.BAT OK. ["%1" %*]
.SCR OK. ["%1" /S]
.CHM OK. ["C:\WINDOWS\hh.exe" %1]
.HLP OK. [%SystemRoot%\System32\winhlp32.exe %1]
.INI OK. [%SystemRoot%\System32\NOTEPAD.EXE %1]
.INF OK. [%SystemRoot%\System32\NOTEPAD.EXE %1]
.VBS OK. [%SystemRoot%\System32\WScript.exe "%1" %*]
.JS OK. [%SystemRoot%\System32\WScript.exe "%1" %*]
.LNK OK. [{00021401-0000-0000-C000-000000000046}]

==================================
Winsock 提供者

==================================

A:

開始執行 services.msc 　　禁用下面名稱的服務
winaua

再次執行 System Repair Engineer 在"系統修復"->"瀏覽器載入項" 中刪除下面專案

[NetAccelerate Class]
{5673A7C0-95CC-4646-BB07-3BD71234CEF9} <C:\WINDOWS\system32\MicrosoftNet.dll, TODO: <公司名>>
[NetAccelerate Class]
{5673A7C0-95CC-4646-BB07-3BD71234CEF9} <C:\WINDOWS\system32\MicrosoftNet.dll, TODO: <公司名>>

清空資料夾 C:\DOCUME~1\admin\LOCALS~1\Temp
C:\WINDOWS\system32\MicrosoftNet.dll <--刪除此文件

or...

用System Repair Engineer刪除
啟動項：
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
<ScanRegistry><C:\Program Files\pcsporl\Sporl.exe>

服務：
[winaua / winaua]
<C:\DOCUME~1\admin\LOCALS~1\Temp\aua1\aua1.exe -R><N/A>

瀏覽器載入項：
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
<caishowmanage><C:\Program Files\CaiShow Tech\CaiShow\UpdateManager.EXE>
[CaiShowBH Class]
{3AF40CB8-B3BA-4E2D-8968-4BF8DB172997} <C:\Program Files\CaiShow Tech\CaiShow\BrowerHelper.dll, TODO: <公司名>>
[NetAccelerate Class]
{5673A7C0-95CC-4646-BB07-3BD71234CEF9} <C:\WINDOWS\system32\MicrosoftNet.dll, TODO: <公司名>>
[CaiShowBH Class]
{3AF40CB8-B3BA-4E2D-8968-4BF8DB172997} <C:\Program Files\CaiShow Tech\CaiShow\BrowerHelper.dll, TODO: <公司名>>
[用炫彩圖鈴發送該圖片]
<C:\Program Files\CaiShow Tech\CaiShow\SendMMS.htm, N/A>

重新啟動後刪除以上對應文件(Sporl.exe的文件暫時不刪)。

C:\Program Files\pcsporl\Sporl.exe這個程式很可疑，你知道是什麼嗎？能否壓縮後發給我moonforest#163.com

psac · 2006-06-01, 09:51 AM

發現一個非常強悍的木馬..木馬剋星等均未搞定

在單位同事的電腦裡面發現了一個非常強悍的木馬...剛才在劍盟查了一下..好像是一個用來盜QQ號的木馬..不過經過了特殊的封裝..
機器上裝的NOD32能查出來..但殺不了..
然後換了N種殺毒軟件..如瑞星..江民等..結果根本就查都查不出來
再換木馬剋星..木馬殺客...木馬防線...也沒有任何效果
再用HIJACKTHIS分析...沒有任何異常..
狂汗...前來求助
病毒會自動的在我的文檔__Local Settings__TEMP裡面建立一個HUMEN1.exe(具體是不是這個名字我記不太清了)..工作行程裡面卻看不到什麼非法工作行程.....
確定是個木馬程式....用來盜取QQ號及密碼...將結果自動發送到一個@tom.com的郵箱裡面去
有沒有比較好的方法搞定啊??

附 SRENG.log日誌
2006-05-26,08:02:38

System Repair Engineer 2.0.12.350 (2.0 RC 1)
Windows XP Professional Service Pack 2 - 管理權限用戶 - 完整功能

以下內容被選中：
所有的啟動專案（包括註冊表、啟動資料夾、服務等）
瀏覽器載入項
正在執行的工作行程（包括工作行程模塊訊息）
文件關聯

啟動專案
註冊表
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
<ctfmon.exe><C:\WINDOWS\system32\ctfmon.exe>
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
<IMJPMIG8.1><"C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32>
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
<PHIME2002ASync><C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC>
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
<Thunder><"C:\Program Files\Thunder Network\Thunder\ThunderShell.exe" /s>
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
<nod32kui><"C:\Program Files\Eset\nod32kui.exe" /WAITSERVICE>
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
<TrojanScanner><C:\Program Files\Trojan Remover\Trjscan.exe>
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
<AGB5Monitor><C:\Program Files\Antiy Labs\AGuard\AGuard.exe /AutoRun>
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
<shell><Explorer.exe>
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
<Userinit><C:\Windows\system32\userinit.exe,>
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Windows]
<AppInit_DLLs><>

==================================
啟動資料夾
[騰訊QQ珊瑚蟲版]
<C:\Documents and Settings\new\「開始」表菜單\程式\啟動\騰訊QQ珊瑚蟲版.lnk><N>

==================================
服務
[NOD32 Kernel Service / NOD32krn]
<"C:\Program Files\Eset\nod32krn.exe"><Eset >

==================================
瀏覽器載入項
[江民線上殺毒]
{06926B30-424E-4f1c-8EE3-543CD96573DC} <http://club.jiangmin.com/kvscan/KvOnline.asp, N/A>
[微軟]
{6096E38F-5AC1-4391-8EC4-75DFA92FB32F} <http://www.microsoft.com/china/index.htm, N/A>
[QQIEFloatBarCfgCmd Class]
{DEDEB80D-FA35-45d9-9460-4983E5A8AFE6} <C:\Program Files\Tencent\QQ\QQIEHelper.dll, N/A>
[PowerPlr Control]
{2354A44B-3CEB-4829-9940-545B03103538} <C:\WINDOWS\DOWNLO~1\PowerPlr.ocx, Powerise Digital>
[Shockwave Flash Object]
{D27CDB6E-AE6D-11CF-96B8-444553540000} <C:\WINDOWS\system32\Macromed\Flash\Flash8a.ocx, Macromedia, Inc.>
[Rising Web Scan Object]
{E4E2F180-CB8B-4DE9-ACBB-DA745D3BA153} <C:\WINDOWS\Downloaded Program Files\OL2005.dll, Beijing Rising Technology Co., Ltd.>
[HTML Document]
{25336920-03F9-11CF-8FD0-00AA00686F13} <%SystemRoot%\system32\mshtml.dll, N/A>
[HHCtrl Object]
{52A2AAAE-085D-4187-97EA-8C30DB990436} <C:\WINDOWS\system32\hhctrl.ocx, Microsoft Corporation>
[KvScan Control]
{626AEE7D-DC95-4405-8F9E-9FB1EA80AEDE} <C:\WINDOWS\KVSCAN~1\KvKill.ocx, jiangmin>
[Microsoft Scriptlet Component]
{AE24FDAE-03C6-11D1-8B76-0080C744F389} <C:\WINDOWS\system32\mshtml.dll, Microsoft Corporation>
[SearchAssistantOC]
{B45FF030-4447-11D2-85DE-00C04FA35C89} <%SystemRoot%\system32\shdocvw.dll, N/A>
[Shockwave Flash Object]
{D27CDB6E-AE6D-11CF-96B8-444553540000} <C:\WINDOWS\system32\Macromed\Flash\Flash8a.ocx, Macromedia, Inc.>
[Rising Web Scan Object]
{E4E2F180-CB8B-4DE9-ACBB-DA745D3BA153} <C:\WINDOWS\Downloaded Program Files\OL2005.dll, Beijing Rising Technology Co., Ltd.>
[&使用迅雷下載]
<C:\Program Files\Thunder Network\Thunder\geturl.htm, N/A>
[&使用迅雷下載全部鏈接]
<C:\Program Files\Thunder Network\Thunder\getallurl.htm, N/A>
[上傳到QQ網路硬碟]
<C:\Program Files\Tencent\QQ\AddToNetDisk.htm, N/A>
[使用KuGoo3下載(&K)]
<D:\Program Files\KuGoo2\KuGoo3DownX.htm, N/A>
[使用影音傳送帶下載]
<C:\Program Files\Xi\NetTransport 2\NTAddLink.html, N/A>
[使用影音傳送帶下載全部鏈接]
<C:\Program Files\Xi\NetTransport 2\NTAddList.html, N/A>
[匯出到 Microsoft Office Excel(&X)]
<res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000, N/A>
[新增到QQ自定義面板]
<C:\Program Files\Tencent\QQ\AddPanel.htm, N/A>
[新增到QQ表情]
<C:\Program Files\Tencent\QQ\AddEmotion.htm, N/A>

==================================
正在執行的工作行程
[PID: 472][\SystemRoot\System32\smss.exe] <Microsoft Corporation><5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)>
[PID: 520][\??\C:\WINDOWS\system32\csrss.exe] <Microsoft Corporation><5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)>
[PID: 544][\??\C:\WINDOWS\system32\winlogon.exe] <Microsoft Corporation><5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)>
[PID: 588][C:\WINDOWS\system32\services.exe] <Microsoft Corporation><5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)>
[PID: 600][C:\WINDOWS\system32\lsass.exe] <Microsoft Corporation><5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)>
[C:\WINDOWS\system32\imon.dll] <Eset ><2, 51, 26 >
[C:\Program Files\Eset\pr_imon.dll] <N/A><N/A>
[PID: 768][C:\WINDOWS\system32\svchost.exe] <Microsoft Corporation><5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)>
[PID: 812][C:\WINDOWS\system32\svchost.exe] <Microsoft Corporation><5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)>
[C:\WINDOWS\system32\imon.dll] <Eset ><2, 51, 26 >
[C:\Program Files\Eset\pr_imon.dll] <N/A><N/A>
[PID: 892][C:\WINDOWS\System32\svchost.exe] <Microsoft Corporation><5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)>
[C:\WINDOWS\system32\imon.dll] <Eset ><2, 51, 26 >
[C:\Program Files\Eset\pr_imon.dll] <N/A><N/A>
[PID: 992][C:\WINDOWS\system32\svchost.exe] <Microsoft Corporation><5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)>
[C:\WINDOWS\system32\imon.dll] <Eset ><2, 51, 26 >
[C:\Program Files\Eset\pr_imon.dll] <N/A><N/A>
[PID: 1028][C:\WINDOWS\system32\svchost.exe] <Microsoft Corporation><5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)>
[C:\WINDOWS\system32\imon.dll] <Eset ><2, 51, 26 >
[C:\Program Files\Eset\pr_imon.dll] <N/A><N/A>
[PID: 1244][C:\WINDOWS\Explorer.EXE] <Microsoft Corporation><6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)>
[C:\Program Files\Common Files\Microsoft Shared\MSINFO\InfoMz.Ime] <N/A><N/A>
[C:\WINDOWS\system32\imon.dll] <Eset ><2, 51, 26 >
[C:\Program Files\Eset\pr_imon.dll] <N/A><N/A>
[C:\WINDOWS\system32\Macromed\Flash\Flash8a.ocx] <Macromedia, Inc.><8,0,24,0>
[C:\Program Files\WinRAR\rarext.dll] <N/A><N/A>
[PID: 1292][C:\WINDOWS\system32\spoolsv.exe] <Microsoft Corporation><5.1.2600.2696 (xpsp_sp2_gdr.050610-1519)>
[PID: 1400][C:\Program Files\Thunder Network\Thunder\ThunderShell.exe] <Thunder Networking Technologies,LTD><5.0.1.84>
[C:\Program Files\Thunder Network\Thunder\UpdateExec.Dll] <Thunder Networking Technologies,LTD><1, 0, 0, 1>
[PID: 1408][C:\Program Files\Eset\nod32kui.exe] <Eset ><2, 51, 26 >
[C:\Program Files\Eset\nod32rui.dll] <N/A><N/A>
[C:\Program Files\Eset\pu_amon.dll] <Eset ><2, 51, 26 >
[C:\Program Files\Eset\pr_amon.dll] <Eset ><2, 51, 26 >
[C:\Program Files\Eset\pu_dmon.dll] <Eset ><2, 51, 26 >
[C:\Program Files\Eset\pr_dmon.dll] <N/A><N/A>
[C:\Program Files\Eset\pu_emon.dll] <Eset ><2, 51, 26 >
[C:\Program Files\Eset\pr_emon.dll] <N/A><N/A>
[C:\Program Files\Eset\pu_imon.dll] <Eset ><2, 51, 26 >
[C:\Program Files\Eset\pr_imon.dll] <N/A><N/A>
[C:\Program Files\Eset\pu_mirr.dll] <Eset ><2, 51, 26 >
[C:\Program Files\Eset\pr_mirr.dll] <N/A><N/A>
[C:\Program Files\Eset\pu_nod32.dll] <Eset ><2, 51, 26 >
[C:\Program Files\Eset\pr_nod32.dll] <Eset ><2, 51, 26 >
[C:\Program Files\Eset\pu_upd.dll] <Eset ><2, 51, 26 >
[C:\Program Files\Eset\pr_upd.dll] <N/A><N/A>
[PID: 1452][C:\Program Files\Antiy Labs\AGuard\AGuard.exe] <Antiy Labs><2, 2, 6, 0>
[C:\Program Files\Common Files\Antiy Labs\Base\AVLeachSDK.dll] <Antiy Labs><2, 0, 2, 0>
[C:\Program Files\Common Files\Antiy Labs\Base\Module\APack.dll] <Antiy Labs><1, 0, 1, 1>
[C:\Program Files\Common Files\Antiy Labs\Base\Module\ATrojan.dll] <Antiy Labs><1, 0, 7, 0>
[C:\Program Files\Common Files\Antiy Labs\Base\Module\KillTrojan.dll] <Antiy Labs><1, 0, 0, 1>
[C:\Program Files\Common Files\Antiy Labs\Base\Module\MiscFix.dll] <Antiy Labs><1, 0, 1, 0>
[C:\WINDOWS\system32\imon.dll] <Eset ><2, 51, 26 >
[C:\Program Files\Eset\pr_imon.dll] <N/A><N/A>
[PID: 1464][C:\WINDOWS\system32\ctfmon.exe] <Microsoft Corporation><5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)>
[PID: 1728][C:\Program Files\Eset\nod32krn.exe] <Eset ><2, 51, 26 >
[C:\Program Files\Eset\nod32krr.dll] <Eset ><2, 51, 26 >
[C:\Program Files\Eset\ps_amon.dll] <Eset ><2, 51, 26 >
[C:\Program Files\Eset\pr_amon.dll] <Eset ><2, 51, 26 >
[C:\Program Files\Eset\ps_dmon.dll] <Eset ><2, 51, 26 >
[C:\Program Files\Eset\pr_dmon.dll] <N/A><N/A>
[C:\Program Files\Eset\ps_emon.dll] <Eset ><2, 51, 26 >
[C:\Program Files\Eset\pr_emon.dll] <N/A><N/A>
[C:\WINDOWS\system32\imon.dll] <Eset ><2, 51, 26 >
[C:\Program Files\Eset\pr_imon.dll] <N/A><N/A>
[C:\Program Files\Eset\ps_mirr.dll] <Eset ><2, 51, 26 >
[C:\Program Files\Eset\pr_mirr.dll] <N/A><N/A>
[C:\Program Files\Eset\ps_nod32.dll] <Eset ><2, 51, 26 >
[C:\Program Files\Eset\pr_nod32.dll] <Eset ><2, 51, 26 >
[C:\Program Files\Eset\ps_upd.dll] <Eset ><2, 51, 26 >
[C:\Program Files\Eset\pr_upd.dll] <N/A><N/A>
[PID: 1776][C:\WINDOWS\system32\svchost.exe] <Microsoft Corporation><5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)>
[PID: 1876][C:\WINDOWS\system32\wdfmgr.exe] <Microsoft Corporation><5.2.3790.1230 built by: dnsrv(bld4act)>
[PID: 1212][C:\WINDOWS\system32\wuauclt.exe] <Microsoft Corporation><5.8.0.2469 built by: lab01_n(wmbla)>
[PID: 2148][C:\WINDOWS\system32\wuauclt.exe] <Microsoft Corporation><5.8.0.2469 built by: lab01_n(wmbla)>
[PID: 2228][C:\Documents and Settings\new\桌面\SREng.exe] <Smallfrogs Studio><2.0.12.350>
[C:\WINDOWS\system32\imon.dll] <Eset ><2, 51, 26 >
[C:\Program Files\Eset\pr_imon.dll] <N/A><N/A>

==================================
文件關聯
.TXT Error. [NOTEPAD.EXE %1]
.EXE OK. ["%1" %*]
.COM OK. ["%1" %*]
.PIF OK. ["%1" %*]
.REG OK. [regedit.exe "%1"]
.BAT OK. ["%1" %*]
.SCR OK. ["%1" /S]
.CHM OK. ["C:\WINDOWS\hh.exe" %1]
.HLP OK. [%SystemRoot%\System32\winhlp32.exe %1]
.INI OK. [%SystemRoot%\System32\NOTEPAD.EXE %1]
.INF OK. [%SystemRoot%\System32\NOTEPAD.EXE %1]
.VBS OK. [%SystemRoot%\System32\WScript.exe "%1" %*]
.JS OK. [%SystemRoot%\System32\WScript.exe "%1" %*]
.LNK OK. [{00021401-0000-0000-C000-000000000046}]

==================================
Winsock 提供者
NOD32 protected [MSAFD Tcpip [TCP/IP]]
C:\WINDOWS\system32\imon.dll(Eset , NOD32 IMON - Internet scanning support)
NOD32 protected [MSAFD Tcpip [UDP/IP]]
C:\WINDOWS\system32\imon.dll(Eset , NOD32 IMON - Internet scanning support)
NOD32 protected [MSAFD Tcpip [RAW/IP]]
C:\WINDOWS\system32\imon.dll(Eset , NOD32 IMON - Internet scanning support)
NOD32 protected [RSVP UDP Service Provider]
C:\WINDOWS\system32\imon.dll(Eset , NOD32 IMON - Internet scanning support)
NOD32 protected [RSVP TCP Service Provider]
C:\WINDOWS\system32\imon.dll(Eset , NOD32 IMON - Internet scanning support)
NOD32
C:\WINDOWS\system32\imon.dll(Eset , NOD32 IMON - Internet scanning support)

==================================

A:

請用 System Repair Engineer 掃瞄一個log貼上來。
1 解壓縮Sreng2.zip
2 執行Sreng2.exe
3 智慧式掃瞄——掃瞄——儲存報告
4 把日誌sreng.log中的報告內容完整拷貝貼上來，不要修改

Q:

NOD殺毒提示
文件：
ＨＴＴＰ://www.32881.com/soft/humen1.exe
病毒:
變種的 win32/trojandownloader.Agent.pd木馬

A:

先隔離了再說吧，看來NOD還真強啊，呵呵，越來越喜歡NOD了～～

用killbox刪除
C:\Program Files\Common Files\Microsoft Shared\MSINFO\InfoMz.Ime
C:\Program Files\Common Files\Microsoft Shared\MSInfo\InfoMs.Ime（如果有的話）

2006-06-01, 06:02 AM	#1
psac 榮譽會員榮譽勳章勳章總數19 UID - 3662 在線等級: 註冊日期: 2002-12-07 住址: 木柵市立動物園文章: 17381 精華: 2 現金: 5253 金幣資產: 33853 金幣	軟體 - ie老自動彈出視窗 Q: 我的ie老自動彈出視窗請大家看下。我的ie老自動彈出視窗請大家看下是那個工作行程的問題，怎麼解決？我用惡意軟件清理助手在安全模式下清理了也不行！鬱悶中！ [PID: 472][\SystemRoot\System32\smss.exe] <Microsoft Corporation><5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)> [PID: 528][\??\C:\WINDOWS\system32\csrss.exe] <Microsoft Corporation><5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)> [PID: 552][\??\C:\WINDOWS\system32\winlogon.exe] <Microsoft Corporation><5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)> [PID: 596][C:\WINDOWS\system32\services.exe] <Microsoft Corporation><5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)> [PID: 608][C:\WINDOWS\system32\lsass.exe] <Microsoft Corporation><5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)> [PID: 756][C:\WINDOWS\system32\svchost.exe] <Microsoft Corporation><5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)> [PID: 800][C:\WINDOWS\system32\svchost.exe] <Microsoft Corporation><5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)> [PID: 860][C:\WINDOWS\System32\svchost.exe] <Microsoft Corporation><5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)> [PID: 956][C:\WINDOWS\system32\svchost.exe] <Microsoft Corporation><5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)> [PID: 972][C:\WINDOWS\system32\svchost.exe] <Microsoft Corporation><5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)> [PID: 1280][C:\WINDOWS\system32\spoolsv.exe] <Microsoft Corporation><5.1.2600.2696 (xpsp_sp2_gdr.050610-1519)> [PID: 1288][C:\WINDOWS\Explorer.EXE] <Microsoft Corporation><6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)> [C:\Program Files\WinRAR\rarext.dll] <N/A><N/A> [C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Personal\shellex.dll] <Kaspersky Lab><5.0.676.1> [C:\WINDOWS\system32\PYJJU.IME] <北京六合源軟件技術有限公司><2, 2, 0, 4> [C:\WINDOWS\system32\MicrosoftNet.dll] <TODO: <公司名>><1.0.0.1> [d:\Thunder Network\Thunder\ComDlls\XunLeiBHO_001.dll] <Thunder Networking Technologies,LTD><5, 0, 0, 1> [d:\NetTransport 2\NTIEHelper.dll] <Xi><1.91.12> [PID: 1528][C:\WINDOWS\system32\RUNDLL32.EXE] <Microsoft Corporation><5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)> [C:\WINDOWS\system32\NvMcTray.dll] <NVIDIA Corporation><6.14.10.6085> [PID: 1536][C:\Program Files\Common Files\Real\Update_OB\realsched.exe] <RealNetworks, Inc.><0.1.0.3018> [PID: 1552][C:\WINDOWS\system32\ctfmon.exe] <Microsoft Corporation><5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)> [PID: 1560][C:\Program Files\pcsporl\Sporl.exe] <N/A><N/A> [C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Personal\scrchpg.dll] <Kaspersky Lab><5.0.676.20> [C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Personal\scbridge.dll] <Kaspersky Lab><5.0.676.1> [C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Personal\klipc.dll] <Kaspersky Lab><5.0.676.0> [C:\WINDOWS\system32\Macromed\Flash\Flash8b.ocx] <Macromedia, Inc.><8,0,24,0> [PID: 1764][C:\WINDOWS\system32\nvsvc32.exe] <NVIDIA Corporation><6.14.10.6085> [PID: 1904][C:\WINDOWS\system32\wdfmgr.exe] <Microsoft Corporation><5.2.3790.1230 built by: DNSRV(bld4act)> [PID: 1672][C:\WINDOWS\System32\alg.exe] <Microsoft Corporation><5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)> [PID: 2108][C:\Program Files\Maxthon\Maxthon.exe] <Maxthon International Ltd.><1, 5, 1, 39> [C:\Program Files\Maxthon\maxzlib.dll] < ><1, 0, 0, 2> [C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Personal\scrchpg.dll] <Kaspersky Lab><5.0.676.20> [C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Personal\scbridge.dll] <Kaspersky Lab><5.0.676.1> [C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Personal\klipc.dll] <Kaspersky Lab><5.0.676.0> [C:\Program Files\Maxthon\Services\RealTime\real_time.dll] <><1, 0, 0, 1> [C:\WINDOWS\system32\PYJJU.IME] <北京六合源軟件技術有限公司><2, 2, 0, 4> [C:\WINDOWS\system32\Macromed\Flash\Flash8b.ocx] <Macromedia, Inc.><8,0,24,0> [PID: 3260][C:\WINDOWS\system32\PYINTAU.EXE] <北京六合源軟件技術有限公司><2, 2, 1, 4> [C:\WINDOWS\system32\PYCODEU.dll] <北京六合源軟件技術有限公司><2, 2, 0, 4> [C:\WINDOWS\system32\PYJJCZU.dll] <北京六合源軟件技術有限公司><2, 2, 0, 0> [PID: 2588][d:\Thunder Network\Thunder\Program\Thunder5.exe] <Thunder Networking Technologies,LTD><5.1.6.198> [d:\Thunder Network\Thunder\Program\updatedownload.dll] <Thunder Networking Technologies,LTD><1, 0, 1, 3> [d:\Thunder Network\Thunder\Program\download_interface.dll] <Thunder Networking Technologies,LTD><1, 0, 2, 69> [d:\Thunder Network\Thunder\Program\log4cplus.dll] <><1, 0, 2, 1> [d:\Thunder Network\Thunder\Program\stlport_vc646.dll] <STLport Consulting, Inc.><4.6.2003.1031> [d:\Thunder Network\Thunder\Program\asyn_dns.dll] <N/A><N/A> [d:\Thunder Network\Thunder\Program\msgmanage.dll] <Thunder Networking Technologies,LTD><1, 0, 0, 15> [d:\Thunder Network\Thunder\Program\historyinfo_manage.dll] <Thunder Networking Technologies,LTD><5, 2, 0, 148> [d:\Thunder Network\Thunder\Program\RegisterDll.dll] <Thunder Networking Technologies,LTD><1, 2, 0, 7> [d:\Thunder Network\Thunder\Program\FloatBar.dll] <Thunder Networking Technologies,LTD><1, 0, 0, 2> [d:\Thunder Network\Thunder\Components\InMedia\iEmbedShell.dll] <　><1, 0, 0, 5> [d:\Thunder Network\Thunder\Components\InMedia\iEmbed.dll] <　><2, 1, 0, 29> [d:\Thunder Network\Thunder\Components\P4PClient\P4PClient.dll] <Thunder Networking Technologies,LTD><1, 0, 0, 4> [d:\Thunder Network\Thunder\Program\iTargetAd.dll] <Thunder Networking Technologies,LTD><1, 0, 0, 60> [C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Personal\scrchpg.dll] <Kaspersky Lab><5.0.676.20> [C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Personal\scbridge.dll] <Kaspersky Lab><5.0.676.1> [C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Personal\klipc.dll] <Kaspersky Lab><5.0.676.0> [PID: 168][C:\Documents and Settings\admin\桌面\掃瞄工具\SREng.exe] <Smallfrogs Studio><2.0.12.350> 瀏覽器載入項：瀏覽器載入項 [CaiShowBH Class] {3AF40CB8-B3BA-4E2D-8968-4BF8DB172997} <C:\Program Files\CaiShow Tech\CaiShow\BrowerHelper.dll, TODO: <公司名>> [QQBrowserHelperObject Class] {54EBD53A-9BC1-480B-966A-843A333CA162} <D:\Tencent\qq\QQIEHelper.dll, 深圳市騰訊電腦系統有限公司> [NetAccelerate Class] {5673A7C0-95CC-4646-BB07-3BD71234CEF9} <C:\WINDOWS\system32\MicrosoftNet.dll, TODO: <公司名>> [Thunder Browser Helper] {889D2FEB-5411-4565-8998-1DD2C5261283} <d:\Thunder Network\Thunder\ComDlls\XunLeiBHO_001.dll, Thunder Networking Technologies,LTD> [NTIECatcher Class] {C56CB6B0-0D96-11D6-8C65-B2868B609932} <d:\NetTransport 2\NTIEHelper.dll, Xi> [QQ] {c95fe080-8f5d-11d2-a20b-00aa003c157b} <D:\Tencent\qq\QQ.EXE, TENCENT> [QQIEFloatBarCfgCmd Class] {DEDEB80D-FA35-45d9-9460-4983E5A8AFE6} <D:\Tencent\qq\QQIEHelper.dll, 深圳市騰訊電腦系統有限公司> [Messenger] {FB5F1910-F110-11d2-BB9E-00C04F795683} <C:\Program Files\Messenger\msmsgs.exe, Microsoft Corporation> [金山快譯(&K)] {6C3797D2-3FEF-4cd4-B654-D3AE55B4128C} <d:\FASTAI~1\IEBand.dll, > [CEditCtrl Object] {488A4255-3236-44B3-8F27-FA1AECAA8844} <C:\WINDOWS\system32\aliedit\AliEdit.dll, www.alipay.com> [WebActivater Control] {C661F36D-DF85-4EF4-83C7-E107B83D04B1} <C:\WINDOWS\system32\3DShowVM.ocx, QQ> [Shockwave Flash Object] {D27CDB6E-AE6D-11CF-96B8-444553540000} <C:\WINDOWS\system32\Macromed\Flash\Flash8b.ocx, Macromedia, Inc.> [Shell Automation Service] {13709620-C279-11CE-A49E-444553540000} <%SystemRoot%\system32\SHELL32.dll, N/A> [RealPlayer SMIL Download Handler] {224E833B-2CC6-42D9-AE39-90B6A38A4FA2} <C:\WINDOWS\system32\rmoc3260.dll, RealNetworks, Inc.> [Windows Media Player] {22D6F312-B0F6-11D0-94AB-0080C74C7E95} <C:\WINDOWS\system32\wmpdxm.dll, Microsoft Corporation> [HTML Document] {25336920-03F9-11CF-8FD0-00AA00686F13} <%SystemRoot%\system32\mshtml.dll, N/A> [CaiShowBH Class] {3AF40CB8-B3BA-4E2D-8968-4BF8DB172997} <C:\Program Files\CaiShow Tech\CaiShow\BrowerHelper.dll, TODO: <公司名>> [CEditCtrl Object] {488A4255-3236-44B3-8F27-FA1AECAA8844} <C:\WINDOWS\system32\aliedit\AliEdit.dll, www.alipay.com> [HHCtrl Object] {52A2AAAE-085D-4187-97EA-8C30DB990436} <C:\WINDOWS\system32\hhctrl.ocx, Microsoft Corporation> [QQBrowserHelperObject Class] {54EBD53A-9BC1-480B-966A-843A333CA162} <D:\Tencent\qq\QQIEHelper.dll, 深圳市騰訊電腦系統有限公司> [NetAccelerate Class] {5673A7C0-95CC-4646-BB07-3BD71234CEF9} <C:\WINDOWS\system32\MicrosoftNet.dll, TODO: <公司名>> [金山快譯(&K)] {6C3797D2-3FEF-4CD4-B654-D3AE55B4128C} <d:\FASTAI~1\IEBand.dll, > [Thunder Browser Helper] {889D2FEB-5411-4565-8998-1DD2C5261283} <d:\Thunder Network\Thunder\ComDlls\XunLeiBHO_001.dll, Thunder Networking Technologies,LTD> [Microsoft Scriptlet Component] {AE24FDAE-03C6-11D1-8B76-0080C744F389} <C:\WINDOWS\system32\mshtml.dll, Microsoft Corporation> [SearchAssistantOC] {B45FF030-4447-11D2-85DE-00C04FA35C89} <%SystemRoot%\system32\shdocvw.dll, N/A> [NTIECatcher Class] {C56CB6B0-0D96-11D6-8C65-B2868B609932} <d:\NetTransport 2\NTIEHelper.dll, Xi> [RealPlayer G2 Control] {CFCDAA03-8BE4-11CF-B84B-0020AFBBCCFA} <C:\WINDOWS\system32\rmoc3260.dll, RealNetworks, Inc.> [Shockwave Flash Object] {D27CDB6E-AE6D-11CF-96B8-444553540000} <C:\WINDOWS\system32\Macromed\Flash\Flash8b.ocx, Macromedia, Inc.> [>>彩信發送<<] <res://C:\PROGRA~1\MMSASS~1\Mmsass~1.dll/mms.htm, N/A> [上傳到QQ網路硬碟] <D:\Tencent\qq\AddToNetDisk.htm, N/A> [使用影音傳送帶下載] <D:\NetTransport 2\NTAddLink.html, N/A> [使用影音傳送帶下載全部鏈接] <D:\NetTransport 2\NTAddList.html, N/A> [使用迅雷下載] <d:\Thunder Network\Thunder\Program\GetUrl.htm, N/A> [使用迅雷下載全部鏈接] <d:\Thunder Network\Thunder\Program\GetAllUrl.htm, N/A> [新增到QQ自定義面板] <D:\Tencent\qq\AddPanel.htm, N/A> [新增到QQ表情] <D:\Tencent\qq\AddEmotion.htm, N/A> [新增到雅虎訂閱(&Y)] <res://C:\PROGRA~1\Yahoo!\ASSIST~1\Assist\yrss.dll/YRSSMENUEXT, N/A> [用QQ彩信發送該圖片] <D:\Tencent\qq\SendMMS.htm, N/A> [用炫彩圖鈴發送該圖片] <C:\Program Files\CaiShow Tech\CaiShow\SendMMS.htm, N/A> [訪問唯一下載查找] <http://www.onlydown.cn/down.htm, N/A> 2006-05-31,17:42:32 System Repair Engineer 2.0.12.350 (2.0 RC 1) Windows XP Professional Service Pack 2 - 管理權限用戶 - 完整功能以下內容被選中：所有的啟動專案（包括註冊表、啟動資料夾、服務等）瀏覽器載入項正在執行的工作行程（包括工作行程模塊訊息）文件關聯啟動專案註冊表 [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run] <ctfmon.exe><C:\WINDOWS\system32\ctfmon.exe> [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run] <ScanRegistry><C:\Program Files\pcsporl\Sporl.exe> [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run] <caishowmanage><C:\Program Files\CaiShow Tech\CaiShow\UpdateManager.EXE> [HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows] <load><> [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run] <IMJPMIG8.1><"C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32> [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run] <PHIME2002ASync><C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC> [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run] <PHIME2002A><C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName> [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run] <NvCplDaemon><RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup> [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run] <nwiz><nwiz.exe /install> [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run] <NvMediaCenter><RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit> [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run] <TkBellExe><"C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot> [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run] <KAVPersonal50><"C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Personal\kav.exe" /minimize> [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon] <shell><Explorer.exe> [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon] <Userinit><C:\WINDOWS\system32\userinit.exe,C:\Program Files\Eset\freeme.exe /s,> [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Windows] <AppInit_DLLs><> ================================== 啟動資料夾服務 [HID Input Service Time / HID sever] <C:\WINDOWS\system32\Hsever.exe><N/A> [Kaspersky Anti-Virus Service / kavsvc] <"C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Personal\kavsvc.exe"><Kaspersky Lab> [NVIDIA Display Driver Service / NVSvc] <C:\WINDOWS\system32\nvsvc32.exe><NVIDIA Corporation> [winaua / winaua] <C:\DOCUME~1\admin\LOCALS~1\Temp\aua1\aua1.exe -R><N/A> ================================== 瀏覽器載入項 [CaiShowBH Class] {3AF40CB8-B3BA-4E2D-8968-4BF8DB172997} <C:\Program Files\CaiShow Tech\CaiShow\BrowerHelper.dll, TODO: <公司名>> [QQBrowserHelperObject Class] {54EBD53A-9BC1-480B-966A-843A333CA162} <D:\Tencent\qq\QQIEHelper.dll, 深圳市騰訊電腦系統有限公司> [NetAccelerate Class] {5673A7C0-95CC-4646-BB07-3BD71234CEF9} <C:\WINDOWS\system32\MicrosoftNet.dll, TODO: <公司名>> [Thunder Browser Helper] {889D2FEB-5411-4565-8998-1DD2C5261283} <d:\Thunder Network\Thunder\ComDlls\XunLeiBHO_001.dll, Thunder Networking Technologies,LTD> [NTIECatcher Class] {C56CB6B0-0D96-11D6-8C65-B2868B609932} <d:\NetTransport 2\NTIEHelper.dll, Xi> [QQ] {c95fe080-8f5d-11d2-a20b-00aa003c157b} <D:\Tencent\qq\QQ.EXE, TENCENT> [QQIEFloatBarCfgCmd Class] {DEDEB80D-FA35-45d9-9460-4983E5A8AFE6} <D:\Tencent\qq\QQIEHelper.dll, 深圳市騰訊電腦系統有限公司> [Messenger] {FB5F1910-F110-11d2-BB9E-00C04F795683} <C:\Program Files\Messenger\msmsgs.exe, Microsoft Corporation> [金山快譯(&K)] {6C3797D2-3FEF-4cd4-B654-D3AE55B4128C} <d:\FASTAI~1\IEBand.dll, > [CEditCtrl Object] {488A4255-3236-44B3-8F27-FA1AECAA8844} <C:\WINDOWS\system32\aliedit\AliEdit.dll, www.alipay.com> [WebActivater Control] {C661F36D-DF85-4EF4-83C7-E107B83D04B1} <C:\WINDOWS\system32\3DShowVM.ocx, QQ> [Shockwave Flash Object] {D27CDB6E-AE6D-11CF-96B8-444553540000} <C:\WINDOWS\system32\Macromed\Flash\Flash8b.ocx, Macromedia, Inc.> [Shell Automation Service] {13709620-C279-11CE-A49E-444553540000} <%SystemRoot%\system32\SHELL32.dll, N/A> [RealPlayer SMIL Download Handler] {224E833B-2CC6-42D9-AE39-90B6A38A4FA2} <C:\WINDOWS\system32\rmoc3260.dll, RealNetworks, Inc.> [Windows Media Player] {22D6F312-B0F6-11D0-94AB-0080C74C7E95} <C:\WINDOWS\system32\wmpdxm.dll, Microsoft Corporation> [HTML Document] {25336920-03F9-11CF-8FD0-00AA00686F13} <%SystemRoot%\system32\mshtml.dll, N/A> [CaiShowBH Class] {3AF40CB8-B3BA-4E2D-8968-4BF8DB172997} <C:\Program Files\CaiShow Tech\CaiShow\BrowerHelper.dll, TODO: <公司名>> [CEditCtrl Object] {488A4255-3236-44B3-8F27-FA1AECAA8844} <C:\WINDOWS\system32\aliedit\AliEdit.dll, www.alipay.com> [HHCtrl Object] {52A2AAAE-085D-4187-97EA-8C30DB990436} <C:\WINDOWS\system32\hhctrl.ocx, Microsoft Corporation> [QQBrowserHelperObject Class] {54EBD53A-9BC1-480B-966A-843A333CA162} <D:\Tencent\qq\QQIEHelper.dll, 深圳市騰訊電腦系統有限公司> [NetAccelerate Class] {5673A7C0-95CC-4646-BB07-3BD71234CEF9} <C:\WINDOWS\system32\MicrosoftNet.dll, TODO: <公司名>> [金山快譯(&K)] {6C3797D2-3FEF-4CD4-B654-D3AE55B4128C} <d:\FASTAI~1\IEBand.dll, > [Thunder Browser Helper] {889D2FEB-5411-4565-8998-1DD2C5261283} <d:\Thunder Network\Thunder\ComDlls\XunLeiBHO_001.dll, Thunder Networking Technologies,LTD> [Microsoft Scriptlet Component] {AE24FDAE-03C6-11D1-8B76-0080C744F389} <C:\WINDOWS\system32\mshtml.dll, Microsoft Corporation> [SearchAssistantOC] {B45FF030-4447-11D2-85DE-00C04FA35C89} <%SystemRoot%\system32\shdocvw.dll, N/A> [NTIECatcher Class] {C56CB6B0-0D96-11D6-8C65-B2868B609932} <d:\NetTransport 2\NTIEHelper.dll, Xi> [RealPlayer G2 Control] {CFCDAA03-8BE4-11CF-B84B-0020AFBBCCFA} <C:\WINDOWS\system32\rmoc3260.dll, RealNetworks, Inc.> [Shockwave Flash Object] {D27CDB6E-AE6D-11CF-96B8-444553540000} <C:\WINDOWS\system32\Macromed\Flash\Flash8b.ocx, Macromedia, Inc.> [>>彩信發送<<] <res://C:\PROGRA~1\MMSASS~1\Mmsass~1.dll/mms.htm, N/A> [上傳到QQ網路硬碟] <D:\Tencent\qq\AddToNetDisk.htm, N/A> [使用影音傳送帶下載] <D:\NetTransport 2\NTAddLink.html, N/A> [使用影音傳送帶下載全部鏈接] <D:\NetTransport 2\NTAddList.html, N/A> [使用迅雷下載] <d:\Thunder Network\Thunder\Program\GetUrl.htm, N/A> [使用迅雷下載全部鏈接] <d:\Thunder Network\Thunder\Program\GetAllUrl.htm, N/A> [新增到QQ自定義面板] <D:\Tencent\qq\AddPanel.htm, N/A> [新增到QQ表情] <D:\Tencent\qq\AddEmotion.htm, N/A> [新增到雅虎訂閱(&Y)] <res://C:\PROGRA~1\Yahoo!\ASSIST~1\Assist\yrss.dll/YRSSMENUEXT, N/A> [用QQ彩信發送該圖片] <D:\Tencent\qq\SendMMS.htm, N/A> [用炫彩圖鈴發送該圖片] <C:\Program Files\CaiShow Tech\CaiShow\SendMMS.htm, N/A> [訪問唯一下載查找] <http://www.onlydown.cn/down.htm, N/A> ================================== 正在執行的工作行程 [PID: 480][\SystemRoot\System32\smss.exe] <Microsoft Corporation><5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)> [PID: 536][\??\C:\WINDOWS\system32\csrss.exe] <Microsoft Corporation><5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)> [PID: 560][\??\C:\WINDOWS\system32\winlogon.exe] <Microsoft Corporation><5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)> [PID: 604][C:\WINDOWS\system32\services.exe] <Microsoft Corporation><5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)> [PID: 616][C:\WINDOWS\system32\lsass.exe] <Microsoft Corporation><5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)> [PID: 756][C:\WINDOWS\system32\svchost.exe] <Microsoft Corporation><5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)> [PID: 804][C:\WINDOWS\system32\svchost.exe] <Microsoft Corporation><5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)> [PID: 840][C:\WINDOWS\System32\svchost.exe] <Microsoft Corporation><5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)> [PID: 888][C:\WINDOWS\system32\svchost.exe] <Microsoft Corporation><5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)> [PID: 948][C:\WINDOWS\system32\svchost.exe] <Microsoft Corporation><5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)> [PID: 1240][C:\WINDOWS\system32\spoolsv.exe] <Microsoft Corporation><5.1.2600.2696 (xpsp_sp2_gdr.050610-1519)> [PID: 1440][C:\WINDOWS\system32\nvsvc32.exe] <NVIDIA Corporation><6.14.10.6085> [PID: 1532][C:\WINDOWS\system32\wdfmgr.exe] <Microsoft Corporation><5.2.3790.1230 built by: DNSRV(bld4act)> [PID: 1812][C:\WINDOWS\System32\alg.exe] <Microsoft Corporation><5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)> [PID: 1988][C:\WINDOWS\system32\ctfmon.exe] <Microsoft Corporation><5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)> [PID: 1968][C:\WINDOWS\system32\RUNDLL32.EXE] <Microsoft Corporation><5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)> [C:\WINDOWS\system32\NvMcTray.dll] <NVIDIA Corporation><6.14.10.6085> [PID: 1976][C:\Program Files\Common Files\Real\Update_OB\realsched.exe] <RealNetworks, Inc.><0.1.0.3018> [PID: 136][C:\Program Files\pcsporl\Sporl.exe] <N/A><N/A> [C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Personal\scrchpg.dll] <Kaspersky Lab><5.0.676.20> [C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Personal\scbridge.dll] <Kaspersky Lab><5.0.676.1> [C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Personal\klipc.dll] <Kaspersky Lab><5.0.676.0> [PID: 1048][C:\Program Files\Maxthon\Maxthon.exe] <Maxthon International Ltd.><1, 5, 1, 39> [C:\Program Files\Maxthon\maxzlib.dll] < ><1, 0, 0, 2> [C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Personal\scrchpg.dll] <Kaspersky Lab><5.0.676.20> [C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Personal\scbridge.dll] <Kaspersky Lab><5.0.676.1> [C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Personal\klipc.dll] <Kaspersky Lab><5.0.676.0> [C:\Program Files\Maxthon\Services\RealTime\real_time.dll] <><1, 0, 0, 1> [C:\WINDOWS\system32\Macromed\Flash\Flash8b.ocx] <Macromedia, Inc.><8,0,24,0> [PID: 992][C:\WINDOWS\explorer.exe] <Microsoft Corporation><6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)> [C:\WINDOWS\system32\MicrosoftNet.dll] <TODO: <公司名>><1.0.0.1> [d:\Thunder Network\Thunder\ComDlls\XunLeiBHO_001.dll] <Thunder Networking Technologies,LTD><5, 0, 0, 1> [d:\NetTransport 2\NTIEHelper.dll] <Xi><1.91.12> [PID: 1120][C:\Documents and Settings\admin\桌面\掃瞄工具\SREng.exe] <Smallfrogs Studio><2.0.12.350> ================================== 文件關聯 .TXT OK. [%SystemRoot%\system32\NOTEPAD.EXE %1] .EXE OK. ["%1" %] .COM OK. ["%1" %] .PIF OK. ["%1" %] .REG OK. [regedit.exe "%1"] .BAT OK. ["%1" %] .SCR OK. ["%1" /S] .CHM OK. ["C:\WINDOWS\hh.exe" %1] .HLP OK. [%SystemRoot%\System32\winhlp32.exe %1] .INI OK. [%SystemRoot%\System32\NOTEPAD.EXE %1] .INF OK. [%SystemRoot%\System32\NOTEPAD.EXE %1] .VBS OK. [%SystemRoot%\System32\WScript.exe "%1" %] .JS OK. [%SystemRoot%\System32\WScript.exe "%1" %] .LNK OK. [{00021401-0000-0000-C000-000000000046}] ================================== Winsock 提供者 ================================== A: 開始執行 services.msc 　　禁用下面名稱的服務 winaua 再次執行 System Repair Engineer 在"系統修復"->"瀏覽器載入項" 中刪除下面專案 [NetAccelerate Class] {5673A7C0-95CC-4646-BB07-3BD71234CEF9} <C:\WINDOWS\system32\MicrosoftNet.dll, TODO: <公司名>> [NetAccelerate Class] {5673A7C0-95CC-4646-BB07-3BD71234CEF9} <C:\WINDOWS\system32\MicrosoftNet.dll, TODO: <公司名>> 清空資料夾 C:\DOCUME~1\admin\LOCALS~1\Temp C:\WINDOWS\system32\MicrosoftNet.dll <--刪除此文件 or... 用System Repair Engineer刪除啟動項： [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run] <ScanRegistry><C:\Program Files\pcsporl\Sporl.exe> 服務： [winaua / winaua] <C:\DOCUME~1\admin\LOCALS~1\Temp\aua1\aua1.exe -R><N/A> 瀏覽器載入項： [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run] <caishowmanage><C:\Program Files\CaiShow Tech\CaiShow\UpdateManager.EXE> [CaiShowBH Class] {3AF40CB8-B3BA-4E2D-8968-4BF8DB172997} <C:\Program Files\CaiShow Tech\CaiShow\BrowerHelper.dll, TODO: <公司名>> [NetAccelerate Class] {5673A7C0-95CC-4646-BB07-3BD71234CEF9} <C:\WINDOWS\system32\MicrosoftNet.dll, TODO: <公司名>> [CaiShowBH Class] {3AF40CB8-B3BA-4E2D-8968-4BF8DB172997} <C:\Program Files\CaiShow Tech\CaiShow\BrowerHelper.dll, TODO: <公司名>> [用炫彩圖鈴發送該圖片] <C:\Program Files\CaiShow Tech\CaiShow\SendMMS.htm, N/A> 重新啟動後刪除以上對應文件(Sporl.exe的文件暫時不刪)。 C:\Program Files\pcsporl\Sporl.exe這個程式很可疑，你知道是什麼嗎？能否壓縮後發給我moonforest#163.com

	送花文章: 3, 收花文章: 1631 篇, 收花: 3205 次

2006-06-01, 09:51 AM	#2 (permalink)
psac 榮譽會員榮譽勳章勳章總數19 UID - 3662 在線等級: 註冊日期: 2002-12-07 住址: 木柵市立動物園文章: 17381 精華: 2 現金: 5253 金幣資產: 33853 金幣	發現一個非常強悍的木馬..木馬剋星等均未搞定在單位同事的電腦裡面發現了一個非常強悍的木馬...剛才在劍盟查了一下..好像是一個用來盜QQ號的木馬..不過經過了特殊的封裝.. 機器上裝的NOD32能查出來..但殺不了.. 然後換了N種殺毒軟件..如瑞星..江民等..結果根本就查都查不出來再換木馬剋星..木馬殺客...木馬防線...也沒有任何效果再用HIJACKTHIS分析...沒有任何異常.. 狂汗...前來求助病毒會自動的在我的文檔__Local Settings__TEMP裡面建立一個HUMEN1.exe(具體是不是這個名字我記不太清了)..工作行程裡面卻看不到什麼非法工作行程..... 確定是個木馬程式....用來盜取QQ號及密碼...將結果自動發送到一個@tom.com的郵箱裡面去有沒有比較好的方法搞定啊?? 附 SRENG.log日誌 2006-05-26,08:02:38 System Repair Engineer 2.0.12.350 (2.0 RC 1) Windows XP Professional Service Pack 2 - 管理權限用戶 - 完整功能以下內容被選中：所有的啟動專案（包括註冊表、啟動資料夾、服務等）瀏覽器載入項正在執行的工作行程（包括工作行程模塊訊息）文件關聯啟動專案註冊表 [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run] <ctfmon.exe><C:\WINDOWS\system32\ctfmon.exe> [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run] <IMJPMIG8.1><"C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32> [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run] <PHIME2002ASync><C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC> [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run] <Thunder><"C:\Program Files\Thunder Network\Thunder\ThunderShell.exe" /s> [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run] <nod32kui><"C:\Program Files\Eset\nod32kui.exe" /WAITSERVICE> [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run] <TrojanScanner><C:\Program Files\Trojan Remover\Trjscan.exe> [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run] <AGB5Monitor><C:\Program Files\Antiy Labs\AGuard\AGuard.exe /AutoRun> [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon] <shell><Explorer.exe> [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon] <Userinit><C:\Windows\system32\userinit.exe,> [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Windows] <AppInit_DLLs><> ================================== 啟動資料夾 [騰訊QQ珊瑚蟲版] <C:\Documents and Settings\new\「開始」表菜單\程式\啟動\騰訊QQ珊瑚蟲版.lnk><N> ================================== 服務 [NOD32 Kernel Service / NOD32krn] <"C:\Program Files\Eset\nod32krn.exe"><Eset > ================================== 瀏覽器載入項 [江民線上殺毒] {06926B30-424E-4f1c-8EE3-543CD96573DC} <http://club.jiangmin.com/kvscan/KvOnline.asp, N/A> [微軟] {6096E38F-5AC1-4391-8EC4-75DFA92FB32F} <http://www.microsoft.com/china/index.htm, N/A> [QQIEFloatBarCfgCmd Class] {DEDEB80D-FA35-45d9-9460-4983E5A8AFE6} <C:\Program Files\Tencent\QQ\QQIEHelper.dll, N/A> [PowerPlr Control] {2354A44B-3CEB-4829-9940-545B03103538} <C:\WINDOWS\DOWNLO~1\PowerPlr.ocx, Powerise Digital> [Shockwave Flash Object] {D27CDB6E-AE6D-11CF-96B8-444553540000} <C:\WINDOWS\system32\Macromed\Flash\Flash8a.ocx, Macromedia, Inc.> [Rising Web Scan Object] {E4E2F180-CB8B-4DE9-ACBB-DA745D3BA153} <C:\WINDOWS\Downloaded Program Files\OL2005.dll, Beijing Rising Technology Co., Ltd.> [HTML Document] {25336920-03F9-11CF-8FD0-00AA00686F13} <%SystemRoot%\system32\mshtml.dll, N/A> [HHCtrl Object] {52A2AAAE-085D-4187-97EA-8C30DB990436} <C:\WINDOWS\system32\hhctrl.ocx, Microsoft Corporation> [KvScan Control] {626AEE7D-DC95-4405-8F9E-9FB1EA80AEDE} <C:\WINDOWS\KVSCAN~1\KvKill.ocx, jiangmin> [Microsoft Scriptlet Component] {AE24FDAE-03C6-11D1-8B76-0080C744F389} <C:\WINDOWS\system32\mshtml.dll, Microsoft Corporation> [SearchAssistantOC] {B45FF030-4447-11D2-85DE-00C04FA35C89} <%SystemRoot%\system32\shdocvw.dll, N/A> [Shockwave Flash Object] {D27CDB6E-AE6D-11CF-96B8-444553540000} <C:\WINDOWS\system32\Macromed\Flash\Flash8a.ocx, Macromedia, Inc.> [Rising Web Scan Object] {E4E2F180-CB8B-4DE9-ACBB-DA745D3BA153} <C:\WINDOWS\Downloaded Program Files\OL2005.dll, Beijing Rising Technology Co., Ltd.> [&使用迅雷下載] <C:\Program Files\Thunder Network\Thunder\geturl.htm, N/A> [&使用迅雷下載全部鏈接] <C:\Program Files\Thunder Network\Thunder\getallurl.htm, N/A> [上傳到QQ網路硬碟] <C:\Program Files\Tencent\QQ\AddToNetDisk.htm, N/A> [使用KuGoo3下載(&K)] <D:\Program Files\KuGoo2\KuGoo3DownX.htm, N/A> [使用影音傳送帶下載] <C:\Program Files\Xi\NetTransport 2\NTAddLink.html, N/A> [使用影音傳送帶下載全部鏈接] <C:\Program Files\Xi\NetTransport 2\NTAddList.html, N/A> [匯出到 Microsoft Office Excel(&X)] <res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000, N/A> [新增到QQ自定義面板] <C:\Program Files\Tencent\QQ\AddPanel.htm, N/A> [新增到QQ表情] <C:\Program Files\Tencent\QQ\AddEmotion.htm, N/A> ================================== 正在執行的工作行程 [PID: 472][\SystemRoot\System32\smss.exe] <Microsoft Corporation><5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)> [PID: 520][\??\C:\WINDOWS\system32\csrss.exe] <Microsoft Corporation><5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)> [PID: 544][\??\C:\WINDOWS\system32\winlogon.exe] <Microsoft Corporation><5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)> [PID: 588][C:\WINDOWS\system32\services.exe] <Microsoft Corporation><5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)> [PID: 600][C:\WINDOWS\system32\lsass.exe] <Microsoft Corporation><5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)> [C:\WINDOWS\system32\imon.dll] <Eset ><2, 51, 26 > [C:\Program Files\Eset\pr_imon.dll] <N/A><N/A> [PID: 768][C:\WINDOWS\system32\svchost.exe] <Microsoft Corporation><5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)> [PID: 812][C:\WINDOWS\system32\svchost.exe] <Microsoft Corporation><5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)> [C:\WINDOWS\system32\imon.dll] <Eset ><2, 51, 26 > [C:\Program Files\Eset\pr_imon.dll] <N/A><N/A> [PID: 892][C:\WINDOWS\System32\svchost.exe] <Microsoft Corporation><5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)> [C:\WINDOWS\system32\imon.dll] <Eset ><2, 51, 26 > [C:\Program Files\Eset\pr_imon.dll] <N/A><N/A> [PID: 992][C:\WINDOWS\system32\svchost.exe] <Microsoft Corporation><5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)> [C:\WINDOWS\system32\imon.dll] <Eset ><2, 51, 26 > [C:\Program Files\Eset\pr_imon.dll] <N/A><N/A> [PID: 1028][C:\WINDOWS\system32\svchost.exe] <Microsoft Corporation><5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)> [C:\WINDOWS\system32\imon.dll] <Eset ><2, 51, 26 > [C:\Program Files\Eset\pr_imon.dll] <N/A><N/A> [PID: 1244][C:\WINDOWS\Explorer.EXE] <Microsoft Corporation><6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)> [C:\Program Files\Common Files\Microsoft Shared\MSINFO\InfoMz.Ime] <N/A><N/A> [C:\WINDOWS\system32\imon.dll] <Eset ><2, 51, 26 > [C:\Program Files\Eset\pr_imon.dll] <N/A><N/A> [C:\WINDOWS\system32\Macromed\Flash\Flash8a.ocx] <Macromedia, Inc.><8,0,24,0> [C:\Program Files\WinRAR\rarext.dll] <N/A><N/A> [PID: 1292][C:\WINDOWS\system32\spoolsv.exe] <Microsoft Corporation><5.1.2600.2696 (xpsp_sp2_gdr.050610-1519)> [PID: 1400][C:\Program Files\Thunder Network\Thunder\ThunderShell.exe] <Thunder Networking Technologies,LTD><5.0.1.84> [C:\Program Files\Thunder Network\Thunder\UpdateExec.Dll] <Thunder Networking Technologies,LTD><1, 0, 0, 1> [PID: 1408][C:\Program Files\Eset\nod32kui.exe] <Eset ><2, 51, 26 > [C:\Program Files\Eset\nod32rui.dll] <N/A><N/A> [C:\Program Files\Eset\pu_amon.dll] <Eset ><2, 51, 26 > [C:\Program Files\Eset\pr_amon.dll] <Eset ><2, 51, 26 > [C:\Program Files\Eset\pu_dmon.dll] <Eset ><2, 51, 26 > [C:\Program Files\Eset\pr_dmon.dll] <N/A><N/A> [C:\Program Files\Eset\pu_emon.dll] <Eset ><2, 51, 26 > [C:\Program Files\Eset\pr_emon.dll] <N/A><N/A> [C:\Program Files\Eset\pu_imon.dll] <Eset ><2, 51, 26 > [C:\Program Files\Eset\pr_imon.dll] <N/A><N/A> [C:\Program Files\Eset\pu_mirr.dll] <Eset ><2, 51, 26 > [C:\Program Files\Eset\pr_mirr.dll] <N/A><N/A> [C:\Program Files\Eset\pu_nod32.dll] <Eset ><2, 51, 26 > [C:\Program Files\Eset\pr_nod32.dll] <Eset ><2, 51, 26 > [C:\Program Files\Eset\pu_upd.dll] <Eset ><2, 51, 26 > [C:\Program Files\Eset\pr_upd.dll] <N/A><N/A> [PID: 1452][C:\Program Files\Antiy Labs\AGuard\AGuard.exe] <Antiy Labs><2, 2, 6, 0> [C:\Program Files\Common Files\Antiy Labs\Base\AVLeachSDK.dll] <Antiy Labs><2, 0, 2, 0> [C:\Program Files\Common Files\Antiy Labs\Base\Module\APack.dll] <Antiy Labs><1, 0, 1, 1> [C:\Program Files\Common Files\Antiy Labs\Base\Module\ATrojan.dll] <Antiy Labs><1, 0, 7, 0> [C:\Program Files\Common Files\Antiy Labs\Base\Module\KillTrojan.dll] <Antiy Labs><1, 0, 0, 1> [C:\Program Files\Common Files\Antiy Labs\Base\Module\MiscFix.dll] <Antiy Labs><1, 0, 1, 0> [C:\WINDOWS\system32\imon.dll] <Eset ><2, 51, 26 > [C:\Program Files\Eset\pr_imon.dll] <N/A><N/A> [PID: 1464][C:\WINDOWS\system32\ctfmon.exe] <Microsoft Corporation><5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)> [PID: 1728][C:\Program Files\Eset\nod32krn.exe] <Eset ><2, 51, 26 > [C:\Program Files\Eset\nod32krr.dll] <Eset ><2, 51, 26 > [C:\Program Files\Eset\ps_amon.dll] <Eset ><2, 51, 26 > [C:\Program Files\Eset\pr_amon.dll] <Eset ><2, 51, 26 > [C:\Program Files\Eset\ps_dmon.dll] <Eset ><2, 51, 26 > [C:\Program Files\Eset\pr_dmon.dll] <N/A><N/A> [C:\Program Files\Eset\ps_emon.dll] <Eset ><2, 51, 26 > [C:\Program Files\Eset\pr_emon.dll] <N/A><N/A> [C:\WINDOWS\system32\imon.dll] <Eset ><2, 51, 26 > [C:\Program Files\Eset\pr_imon.dll] <N/A><N/A> [C:\Program Files\Eset\ps_mirr.dll] <Eset ><2, 51, 26 > [C:\Program Files\Eset\pr_mirr.dll] <N/A><N/A> [C:\Program Files\Eset\ps_nod32.dll] <Eset ><2, 51, 26 > [C:\Program Files\Eset\pr_nod32.dll] <Eset ><2, 51, 26 > [C:\Program Files\Eset\ps_upd.dll] <Eset ><2, 51, 26 > [C:\Program Files\Eset\pr_upd.dll] <N/A><N/A> [PID: 1776][C:\WINDOWS\system32\svchost.exe] <Microsoft Corporation><5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)> [PID: 1876][C:\WINDOWS\system32\wdfmgr.exe] <Microsoft Corporation><5.2.3790.1230 built by: dnsrv(bld4act)> [PID: 1212][C:\WINDOWS\system32\wuauclt.exe] <Microsoft Corporation><5.8.0.2469 built by: lab01_n(wmbla)> [PID: 2148][C:\WINDOWS\system32\wuauclt.exe] <Microsoft Corporation><5.8.0.2469 built by: lab01_n(wmbla)> [PID: 2228][C:\Documents and Settings\new\桌面\SREng.exe] <Smallfrogs Studio><2.0.12.350> [C:\WINDOWS\system32\imon.dll] <Eset ><2, 51, 26 > [C:\Program Files\Eset\pr_imon.dll] <N/A><N/A> ================================== 文件關聯 .TXT Error. [NOTEPAD.EXE %1] .EXE OK. ["%1" %] .COM OK. ["%1" %] .PIF OK. ["%1" %] .REG OK. [regedit.exe "%1"] .BAT OK. ["%1" %] .SCR OK. ["%1" /S] .CHM OK. ["C:\WINDOWS\hh.exe" %1] .HLP OK. [%SystemRoot%\System32\winhlp32.exe %1] .INI OK. [%SystemRoot%\System32\NOTEPAD.EXE %1] .INF OK. [%SystemRoot%\System32\NOTEPAD.EXE %1] .VBS OK. [%SystemRoot%\System32\WScript.exe "%1" %] .JS OK. [%SystemRoot%\System32\WScript.exe "%1" %] .LNK OK. [{00021401-0000-0000-C000-000000000046}] ================================== Winsock 提供者 NOD32 protected [MSAFD Tcpip [TCP/IP]] C:\WINDOWS\system32\imon.dll(Eset , NOD32 IMON - Internet scanning support) NOD32 protected [MSAFD Tcpip [UDP/IP]] C:\WINDOWS\system32\imon.dll(Eset , NOD32 IMON - Internet scanning support) NOD32 protected [MSAFD Tcpip [RAW/IP]] C:\WINDOWS\system32\imon.dll(Eset , NOD32 IMON - Internet scanning support) NOD32 protected [RSVP UDP Service Provider] C:\WINDOWS\system32\imon.dll(Eset , NOD32 IMON - Internet scanning support) NOD32 protected [RSVP TCP Service Provider] C:\WINDOWS\system32\imon.dll(Eset , NOD32 IMON - Internet scanning support) NOD32 C:\WINDOWS\system32\imon.dll(Eset , NOD32 IMON - Internet scanning support) ================================== A: 請用 System Repair Engineer 掃瞄一個log貼上來。 1 解壓縮Sreng2.zip 2 執行Sreng2.exe 3 智慧式掃瞄——掃瞄——儲存報告 4 把日誌sreng.log中的報告內容完整拷貝貼上來，不要修改 Q: NOD殺毒提示文件：ＨＴＴＰ://www.32881.com/soft/humen1.exe 病毒: 變種的 win32/trojandownloader.Agent.pd木馬 A: 先隔離了再說吧，看來NOD還真強啊，呵呵，越來越喜歡NOD了～～用killbox刪除 C:\Program Files\Common Files\Microsoft Shared\MSINFO\InfoMz.Ime C:\Program Files\Common Files\Microsoft Shared\MSInfo\InfoMs.Ime（如果有的話）

	送花文章: 3, 收花文章: 1631 篇, 收花: 3205 次

主題工具
顯示可列印版本郵寄本頁給好友
顯示模式
平板模式切換到混合模式切換到樹形模式

Google 提供的廣告