查看單個文章
舊 2006-04-13, 04:51 PM   #1
psac
榮譽會員
 
psac 的頭像
榮譽勳章
UID - 3662
在線等級: 級別:30 | 在線時長:1048小時 | 升級還需:37小時級別:30 | 在線時長:1048小時 | 升級還需:37小時級別:30 | 在線時長:1048小時 | 升級還需:37小時級別:30 | 在線時長:1048小時 | 升級還需:37小時級別:30 | 在線時長:1048小時 | 升級還需:37小時
註冊日期: 2002-12-07
住址: 木柵市立動物園
文章: 17381
現金: 5253 金幣
資產: 33853 金幣
預設 幫我看一下掃瞄日誌

【求助幫我看一下掃瞄日誌(以一NOD32 一年昇級ID相謝)


Q:

發帖必看!病毒救援區版規--(附常用工具+查毒網站)裡面的System Repair Engineer掃瞄,把日誌貼上來。或請用hijackthis掃瞄並儲存日誌,把日誌內容發上來供大家分析~

http://www.merijn.org/files/hijackthis.zip


D:\Program Files\Tencent\QQPetNurse.exe
C:\WINDOWS\explorer.exe
D:\Program Files\HijackThis.exe

R3 - 預設值的URLSearchHook丟失掉。用HijackThis修復
O2 - BHO: ThunderIEHelper - {0005A87D-D626-4B3A-84F9-1D9571695F55} - C:\WINDOWS\system32\xunleibho_v14.dll
O4 - 啟動項HKLM\\Run: [twister] "C:\Program Files\Filseclab\Twister\twister.exe" -a
O4 - 啟動項HKLM\\Run: [nod32kui] "C:\Program Files\Eset\nod32kui.exe" /WAITSERVICE
O4 - 啟動項HKLM\\Run: [Zone Labs Client] C:\Program Files\CA\eTrust Internet Security Suite\eTrust Personal Firewall\ca.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O8 - IE右鍵表單中的新增項目: &使用迅雷下載 - C:\Program Files\Thunder Network\Thunder\geturl.htm
O8 - IE右鍵表單中的新增項目: &使用迅雷下載全部連接 - C:\Program Files\Thunder Network\Thunder\getallurl.htm
O8 - IE右鍵表單中的新增項目: 上傳到QQ網路硬碟 - D:\Program Files\Tencent\AddToNetDisk.htm
O8 - IE右鍵表單中的新增項目: 匯出到 Microsoft Office Excel(&X) - res://C:\PROGRA~1\MICROS~1\OFFICE11\EXCEL.EXE/3000
O8 - IE右鍵表單中的新增項目: 增加到QQ自訂面板 - D:\Program Files\Tencent\AddPanel.htm
O8 - IE右鍵表單中的新增項目: 增加到QQ表情 - D:\Program Files\Tencent\AddEmotion.htm
O8 - IE右鍵表單中的新增項目: 用QQ彩信傳送該圖片 - D:\Program Files\Tencent\SendMMS.htm
O8 - IE右鍵表單中的新增項目: 轉換成簡體中文(&S) - res://C:\WINDOWS\system32\tcscconv.dll/tosimp
O8 - IE右鍵表單中的新增項目: 轉換成繁體中文(&T) - res://C:\WINDOWS\system32\tcscconv.dll/totrad
O14 - IERESET.INF: SEARCH_PAGE_URL=
O14 - IERESET.INF: START_PAGE_URL=
O17 - HKLM\System\CCS\Services\Tcpip\..\{2D387E65-DEB0-48C9-B501-F75A2B6CD2E4}: NameServer = 61.177.7.1 221.228.255.1
O18 - 列舉現有的傳輸協定: livecall - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O18 - 列舉現有的傳輸協定: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O18 - 列舉現有的傳輸協定: talkto - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O23 - NT 服務: C-DillaCdaC11BA - Macrovision - C:\WINDOWS\system32\drivers\CDAC11BA.EXE
O23 - NT 服務: ewido security suite control - ewido networks - C:\Program Files\ewido anti-malware\ewidoctrl.exe
O23 - NT 服務: NOD32 Kernel Service (NOD32krn) - Eset - C:\Program Files\Eset\nod32krn.exe
O23 - NT 服務: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - NT 服務: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZONELABS\vsmon.exe





2006-04-13,14:16:35

System Repair Engineer 2.0.12.350 (2.0 RC 1)
Windows XP Professional Service Pack 2 - 管理權限用戶 - 完整功能

以下內容被選:
所有的啟動項目(包括註冊表、啟動檔案夾、服務等)
瀏覽器載入項
正在執行的工作(包括工作模組訊息)
文件關聯


啟動項目
註冊表
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
<ctfmon.exe><; C:\WINDOWS\system32\ctfmon.exe>
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
<bgswitch><; C:\WINDOWS\system32\bgswitch.exe>
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
<IncrediMail><; C:\PROGRA~1\INCRED~1\bin\IncMail.exe /c>
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
<NvMediaCenter><; RUNDLL32.EXE C:\WINDOWS\system32\NVMCTRAY.DLL,NvTaskbarInit>
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
<VoipDiscount><; "C:\Program Files\VoipDiscount.com\VoipDiscount\VoipDiscount.exe" -nosplash -minimized>
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
<twister><"C:\Program Files\Filseclab\Twister\twister.exe" -a>
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
<nod32kui><"C:\Program Files\Eset\nod32kui.exe" /WAITSERVICE>
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
<Zone Labs Client><C:\Program Files\CA\eTrust Internet Security Suite\eTrust Personal Firewall\ca.exe>
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
<EssSpkPhone><; essspk.exe>
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
<hxgame-update><; >
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
<ICQ Lite><; C:\Program Files\ICQLite\ICQLite.exe -minimize>
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
<IMJPMIG8.1><; "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32>
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
<IMSCMIG40W><; C:\PROGRA~1\COMMON~1\MICROS~1\IME\IMSC40W\IMSCMIG.EXE /SetPreload /Log>
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
<NvCplDaemon><; RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup>
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
<nwiz><; nwiz.exe /install>
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
<PHIME2002A><; C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName>
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
<PHIME2002ASync><; C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC>
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
<TkBellExe><; "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot>
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
<WangWang><; "C:\Program Files\淘寶網\淘寶旺旺\WangWang.EXE">
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
<shell><Explorer.exe>
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
<Userinit><C:\WINDOWS\system32\userinit.exe,>

==================================
啟動檔案夾
服務
[C-DillaCdaC11BA / C-DillaCdaC11BA]
<C:\WINDOWS\system32\drivers\CDAC11BA.EXE><Macrovision>
[ewido security suite control / ewido security suite control]
<C:\Program Files\ewido anti-malware\ewidoctrl.exe><ewido networks>
[NOD32 Kernel Service / NOD32krn]
<"C:\Program Files\Eset\nod32krn.exe"><Eset >
[NVIDIA Driver Helper Service / NVSvc]
<C:\WINDOWS\system32\nvsvc32.exe><NVIDIA Corporation>
[TrueVector Internet Monitor / vsmon]
<C:\WINDOWS\system32\ZONELABS\vsmon.exe -service><Zone Labs, LLC>

==================================
瀏覽器載入項
[ThunderIEHelper Class]
{0005A87D-D626-4B3A-84F9-1D9571695F55} <C:\WINDOWS\system32\xunleibho_v14.dll, Thunder Networking Technologies,LTD>
[ThunderIEHelper Class]
{0005A87D-D626-4B3A-84F9-1D9571695F55} <C:\WINDOWS\system32\xunleibho_v14.dll, Thunder Networking Technologies,LTD>
[Edit Class]
{0CA54D3F-CEAE-48AF-9A2B-31909CB9515D} <C:\WINDOWS\system32\CMBEdit.dll, >
[Windows Genuine Advantage Validation Tool]
{17492023-C23A-453E-A040-C7C580BBF700} <C:\WINDOWS\system32\legitcheckcontrol.dll, Microsoft Corp.>
[Shell Name Space]
{55136805-B2DE-11D1-B9F2-00A0C98BC547} <%SystemRoot%\system32\shdocvw.dll, N/A>
[Windows Media Player]
{6BF52A52-394A-11D3-B153-00C04F79FAA6} <C:\WINDOWS\system32\wmp.dll, Microsoft Corporation>
[MUWebControl Class]
{6E32070A-766D-4EE6-879C-DC1FA91D2FC3} <C:\WINDOWS\system32\muweb.dll, Microsoft Corporation>
[Microsoft Scriptlet Component]
{AE24FDAE-03C6-11D1-8B76-0080C744F389} <C:\WINDOWS\system32\mshtml.dll, Microsoft Corporation>
[Shockwave Flash Object]
{D27CDB6E-AE6D-11CF-96B8-444553540000} <C:\WINDOWS\system32\macromed\flash\Flash85.ocx, Macromedia, Inc.>
[&使用迅雷下載]
<C:\Program Files\Thunder Network\Thunder\geturl.htm, N/A>
[&使用迅雷下載全部連接]
<C:\Program Files\Thunder Network\Thunder\getallurl.htm, N/A>
[上傳到QQ網路硬碟]
<D:\Program Files\Tencent\AddToNetDisk.htm, N/A>
[匯出到 Microsoft Office Excel(&X)]
<res://C:\PROGRA~1\MICROS~1\OFFICE11\EXCEL.EXE/3000, N/A>
[增加到QQ自訂面板]
<D:\Program Files\Tencent\AddPanel.htm, N/A>
[增加到QQ表情]
<D:\Program Files\Tencent\AddEmotion.htm, N/A>
[用QQ彩信傳送該圖片]
<D:\Program Files\Tencent\SendMMS.htm, N/A>
[轉換成簡體中文(&S)]
<res://C:\WINDOWS\system32\tcscconv.dll/tosimp, N/A>
[轉換成繁體中文(&T)]
<res://C:\WINDOWS\system32\tcscconv.dll/totrad, N/A>

==================================
正在執行的工作
[PID: 544][\SystemRoot\System32\smss.exe] <Microsoft Corporation><5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)>
[PID: 600][\??\C:\WINDOWS\system32\csrss.exe] <Microsoft Corporation><5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)>
[PID: 624][\??\C:\WINDOWS\system32\winlogon.exe] <Microsoft Corporation><5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)>
[PID: 668][C:\WINDOWS\system32\services.exe] <Microsoft Corporation><5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)>
[PID: 680][C:\WINDOWS\system32\lsass.exe] <Microsoft Corporation><5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)>
[PID: 836][C:\WINDOWS\system32\svchost.exe] <Microsoft Corporation><5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)>
[PID: 900][C:\WINDOWS\system32\svchost.exe] <Microsoft Corporation><5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)>
[C:\WINDOWS\system32\imon.dll] <Eset ><2, 51, 23 >
[C:\Program Files\Eset\pr_imon.dll] <N/A><N/A>
[PID: 1004][C:\WINDOWS\System32\svchost.exe] <Microsoft Corporation><5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)>
[C:\WINDOWS\system32\imon.dll] <Eset ><2, 51, 23 >
[C:\Program Files\Eset\pr_imon.dll] <N/A><N/A>
[PID: 1056][C:\WINDOWS\system32\svchost.exe] <Microsoft Corporation><5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)>
[C:\WINDOWS\system32\imon.dll] <Eset ><2, 51, 23 >
[C:\Program Files\Eset\pr_imon.dll] <N/A><N/A>
[PID: 1148][C:\WINDOWS\system32\svchost.exe] <Microsoft Corporation><5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)>
[C:\WINDOWS\system32\imon.dll] <Eset ><2, 51, 23 >
[C:\Program Files\Eset\pr_imon.dll] <N/A><N/A>
[PID: 1512][C:\WINDOWS\system32\spoolsv.exe] <Microsoft Corporation><5.1.2600.2696 (xpsp_sp2_gdr.050610-1519)>
[PID: 1568][C:\WINDOWS\System32\SCardSvr.exe] <Microsoft Corporation><5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)>
[PID: 1712][C:\Program Files\Filseclab\Twister\twister.exe] <Filseclab Corporation><6, 0, 2, 18851>
[C:\Program Files\Filseclab\Twister\Twshlext.DLL] <FILSECLAB Corp.><1, 0, 1, 935>
[C:\Program Files\Filseclab\Twister\Quarantine.dll] <FILSECLAB Corp.><1, 0, 0, 487>
[C:\Program Files\Filseclab\Twister\W32Tools.dll] <FILSECLAB Corp.><1, 0, 0, 659>
[C:\Program Files\Filseclab\Twister\Virsubm.dll] <FILSECLAB Corp.><1, 0, 0, 184>
[C:\Program Files\Filseclab\Twister\emlib.dll] <FILSECLAB Corp.><1, 0, 0, 718>
[C:\Program Files\Filseclab\Twister\Regpro.dll] <FILSECLAB Corporation><1, 0, 0, 147>
[C:\Program Files\Filseclab\Twister\Decexp.dll] <FILSECLAB Corp.><1, 0, 0, 1648>
[C:\Program Files\Filseclab\Twister\Unchm.dll] <FILSECLAB Corp.><1, 0, 0, 80>
[C:\Program Files\Filseclab\Twister\unrar.dll] <N/A><N/A>
[C:\Program Files\Filseclab\Twister\unzip32.dll] <Info-ZIP><5.52>
[C:\Program Files\Filseclab\Twister\unacev2.dll] <N/A><N/A>
[C:\Program Files\Filseclab\Twister\plus.dll] <Filseclab Corporation><2.0.502.1050>
[PID: 1720][C:\Program Files\Eset\nod32kui.exe] <Eset ><2, 51, 23 >
[C:\Program Files\Eset\nod32rui.dll] <N/A><N/A>
[C:\Program Files\Eset\pu_amon.dll] <Eset ><2, 51, 23 >
[C:\Program Files\Eset\pr_amon.dll] <Eset ><2, 51, 23 >
[C:\Program Files\Eset\pu_dmon.dll] <Eset ><2, 51, 23 >
[C:\Program Files\Eset\pr_dmon.dll] <N/A><N/A>
[C:\Program Files\Eset\pu_emon.dll] <Eset ><2, 51, 23 >
[C:\Program Files\Eset\pr_emon.dll] <N/A><N/A>
[C:\Program Files\Eset\pu_imon.dll] <Eset ><2, 51, 23 >
[C:\Program Files\Eset\pr_imon.dll] <N/A><N/A>
[C:\Program Files\Eset\pu_nod32.dll] <Eset ><2, 51, 23 >
[C:\Program Files\Eset\pr_nod32.dll] <Eset ><2, 51, 23 >
[C:\Program Files\Eset\pu_upd.dll] <Eset ><2, 51, 23 >
[C:\Program Files\Eset\pr_upd.dll] <N/A><N/A>
[PID: 1740][C:\WINDOWS\system32\ctfmon.exe] <Microsoft Corporation><5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)>
[PID: 400][C:\WINDOWS\system32\drivers\CDAC11BA.EXE] <Macrovision><4.20.020>
[PID: 456][C:\Program Files\Eset\nod32krn.exe] <Eset ><2, 51, 23 >
[C:\Program Files\Eset\nod32krr.dll] <Eset ><2, 51, 23 >
[C:\Program Files\Eset\ps_amon.dll] <Eset ><2, 51, 23 >
[C:\Program Files\Eset\pr_amon.dll] <Eset ><2, 51, 23 >
[C:\Program Files\Eset\ps_dmon.dll] <Eset ><2, 51, 23 >
[C:\Program Files\Eset\pr_dmon.dll] <N/A><N/A>
[C:\Program Files\Eset\ps_emon.dll] <Eset ><2, 51, 23 >
[C:\Program Files\Eset\pr_emon.dll] <N/A><N/A>
[C:\WINDOWS\system32\imon.dll] <Eset ><2, 51, 23 >
[C:\Program Files\Eset\pr_imon.dll] <N/A><N/A>
[C:\Program Files\Eset\ps_nod32.dll] <Eset ><2, 51, 23 >
[C:\Program Files\Eset\pr_nod32.dll] <Eset ><2, 51, 23 >
[C:\Program Files\Eset\ps_upd.dll] <Eset ><2, 51, 23 >
[C:\Program Files\Eset\pr_upd.dll] <N/A><N/A>
[PID: 472][C:\WINDOWS\system32\nvsvc32.exe] <NVIDIA Corporation><6.14.10.4523>
[PID: 492][C:\WINDOWS\system32\wdfmgr.exe] <Microsoft Corporation><5.2.3790.1230 built by: dnsrv(bld4act)>
[PID: 224][C:\WINDOWS\System32\alg.exe] <Microsoft Corporation><5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)>
[C:\WINDOWS\system32\imon.dll] <Eset ><2, 51, 23 >
[C:\Program Files\Eset\pr_imon.dll] <N/A><N/A>
[PID: 4044][D:\Program Files\GreenBrowser\GreenBrowser.exe] <MoreQuick><1, 0, 0, 0>
[C:\WINDOWS\system32\AcSignIcon.dll] <Autodesk><16.0.0.86>
[C:\WINDOWS\system32\imon.dll] <Eset ><2, 51, 23 >
[C:\Program Files\Eset\pr_imon.dll] <N/A><N/A>
[C:\Program Files\Common Files\Autodesk Shared\AcSignCore16.dll] <Autodesk><16.0.0.86>
[C:\WINDOWS\system32\msdmo.dll] <N/A><N/A>
[PID: 3908][D:\Program Files\Tencent\QQ.exe] <TENCENT><0, 0, 0, 0>
[D:\Program Files\Tencent\CoralAssist.DLL] <Coral Team><4.5.0 build 20060324>
[D:\Program Files\Tencent\CoralQQ.DLL] <Coral Team><4.5 Build 20060324>
[D:\Program Files\Tencent\IPSearcher.dll] <N/A><1.0.0.4>
[D:\Program Files\Tencent\QQBaseClassInDll.dll] <><1, 0, 0, 1>
[D:\Program Files\Tencent\BasicCtrlDll.dll] <Tencent><5, 0, 200, 14>
[D:\Program Files\Tencent\QQHelperDll.dll] <><1, 0, 0, 1>
[D:\Program Files\Tencent\QQAPI.dll] <><1, 0, 0, 1>
[d:\Program Files\Tencent\TIMProxy.dll] <tencent><0, 3, 2, 4>
[D:\Program Files\Tencent\LoginCtrl.dll] <><1, 0, 0, 1>
[D:\Program Files\Tencent\npkcntc.dll] <INCA Internet Co., Ltd.><2005, 9, 1, 1>
[D:\Program Files\Tencent\npkpdb.dll] <INCA Internet Co., Ltd.><2003, 10, 1, 1>
[D:\Program Files\Tencent\QQRes.dll] <tencent><1, 0, 0, 1>
[D:\Program Files\Tencent\QQMainFrame.dll] <N/A><N/A>
[D:\Program Files\Tencent\CQQApplication.dll] <N/A><N/A>
[C:\WINDOWS\system32\imon.dll] <Eset ><2, 51, 23 >
[C:\Program Files\Eset\pr_imon.dll] <N/A><N/A>
[D:\Program Files\Tencent\NewSkin.dll] <><1, 0, 0, 1>
[D:\Program Files\Tencent\HostingMgr.dll] <><1, 0, 0, 1>
[D:\Program Files\Tencent\CameraDll.dll] <><1, 0, 0, 1>
[D:\Program Files\Tencent\MailSummary.dll] <><1, 0, 0, 1>
[D:\Program Files\Tencent\QQSpace.dll] <><1, 0, 0, 1>
[D:\Program Files\Tencent\QQAllInOne.dll] <N/A><N/A>
[D:\Program Files\Tencent\SCCore.dll] <N/A><N/A>
[C:\WINDOWS\system32\msdmo.dll] <N/A><N/A>
[D:\Program Files\Tencent\QQGroupMng.dll] <><1, 0, 0, 1>
[D:\Program Files\Tencent\QQSysMsgMng.dll] <N/A><N/A>
[D:\Program Files\Tencent\UserDefinedHead.dll] <><1, 0, 0, 1>
[D:\Program Files\Tencent\QQPlugin.dll] <N/A><N/A>
[D:\Program Files\Tencent\QQCustomFace.dll] <N/A><N/A>
[D:\Program Files\Tencent\QQPet.dll] <><1, 0, 0, 1>
[D:\Program Files\Tencent\LongConnection.dll] <tencent><5, 0, 201, 14>
[D:\Program Files\Tencent\GroupConnection.dll] <Tencent><0, 3, 3, 5>
[D:\Program Files\Tencent\QQConfigPlugin.dll] <><1, 0, 0, 1>
[D:\Program Files\Tencent\QRingMng.dll] <N/A><N/A>
[D:\Program Files\Tencent\QQAvatar.dll] <N/A><N/A>
[D:\Program Files\Tencent\FlashAvatarDll.dll] <><1, 4, 0, 1>
[C:\WINDOWS\system32\macromed\flash\Flash85.ocx] <Macromedia, Inc.><8,5,0,133>
[D:\Program Files\Tencent\ImageOle.dll] <TODO: <Company name>><1.0.0.1>
[D:\Program Files\Tencent\QQMagicFace.dll] <><1, 0, 0, 1>
[D:\Program Files\Tencent\QQSceneMng.dll] <N/A><N/A>
[D:\Program Files\Tencent\QQSettingCtrl.dll] <><1, 0, 0, 1>
[D:\Program Files\Tencent\CommercesMng.dll] <><1, 0, 0, 1>
[D:\Program Files\Tencent\PersonalDesktop.dll] <深圳市騰訊電腦系統公司QQ工作小組><1, 0, 0, 2>
[D:\Program Files\Tencent\QQUdpGetFileLib.dll] <tencent><0, 2, 2, 3>
[D:\Program Files\Tencent\QQAddr.dll] <深圳市騰訊電腦系統有限公司><5, 0, 101, 140>
[D:\Program Files\Tencent\QQZip.dll] <tencent><0, 3, 2, 4>
[D:\Program Files\Tencent\QQPhoneHelper.dll] <騰訊科技(深圳)有限公司><2, 0, 2, 21>
[PID: 992][D:\Program Files\Tencent\TIMPlatform.exe] <tencent><0, 3, 1, 8>
[d:\Program Files\Tencent\TIMProxy.dll] <tencent><0, 3, 2, 4>
[PID: 2680][D:\Program Files\Tencent\QQPetNurse.exe] <永恆E網><2.1.0.5>
[C:\WINDOWS\system32\imon.dll] <Eset ><2, 51, 23 >
[C:\Program Files\Eset\pr_imon.dll] <N/A><N/A>
[C:\WINDOWS\system32\macromed\flash\Flash85.ocx] <Macromedia, Inc.><8,5,0,133>
[PID: 1888][D:\Program Files\Tencent\qqpet\qqpet.exe] <騰訊公司><2, 33, 200, 47>
[D:\Program Files\Tencent\qqpet\QQPetResDownload.dll] <><5, 3, 200, 47>
[D:\Program Files\Tencent\qqpet\QQPetCommunity.dll] <><5, 3, 200, 47>
[C:\WINDOWS\system32\imon.dll] <Eset ><2, 51, 23 >
[C:\Program Files\Eset\pr_imon.dll] <N/A><N/A>
[C:\WINDOWS\system32\macromed\flash\Flash85.ocx] <Macromedia, Inc.><8,5,0,133>
[PID: 3500][C:\WINDOWS\explorer.exe] <Microsoft Corporation><6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)>
[C:\WINDOWS\system32\AcSignIcon.dll] <Autodesk><16.0.0.86>
[C:\Program Files\Common Files\Autodesk Shared\AcSignCore16.dll] <Autodesk><16.0.0.86>
[C:\Program Files\WinRAR\rarext.dll] <N/A><N/A>
[C:\PROGRA~1\FILSEC~1\Twister\Twshlext.dll] <FILSECLAB Corp.><1, 0, 1, 935>
[C:\Program Files\Eset\nodshex.dll] <N/A><N/A>
[C:\WINDOWS\system32\xunleibho_v14.dll] <Thunder Networking Technologies,LTD><4, 6, 0, 62>
[C:\WINDOWS\system32\MP3ext.dll] <Michael Mutschler><3.4.23>
[PID: 120][C:\WINDOWS\system32\svchost.exe] <Microsoft Corporation><5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)>
[PID: 1076][D:\new\SREng.exe] <Smallfrogs Studio><2.0.12.350>
[C:\WINDOWS\system32\imon.dll] <Eset ><2, 51, 23 >
[C:\Program Files\Eset\pr_imon.dll] <N/A><N/A>

==================================
文件關聯
.TXT OK. [%SystemRoot%\System32\NOTEPAD.EXE %1]
.EXE OK. ["%1" %*]
.COM OK. ["%1" %*]
.PIF OK. ["%1" %*]
.REG OK. [regedit.exe "%1"]
.BAT OK. ["%1" %*]
.SCR Error. [AutoCADScriptFile]
.CHM Error. [C:\WINDOWS\hh.exe %1]
.HLP Error. [C:\WINDOWS\winhlp32.exe %1]
.INI OK. [%SystemRoot%\System32\NOTEPAD.EXE %1]
.INF OK. [%SystemRoot%\System32\NOTEPAD.EXE %1]
.VBS OK. [%SystemRoot%\System32\WScript.exe "%1" %*]
.JS OK. [%SystemRoot%\System32\WScript.exe "%1" %*]
.LNK OK. [{00021401-0000-0000-C000-000000000046}]

==================================
Winsock 提供者
NOD32 protected [MSAFD Tcpip [TCP/IP]]
C:\WINDOWS\system32\imon.dll(Eset , NOD32 IMON - Internet scanning support)
NOD32 protected [MSAFD Tcpip [UDP/IP]]
C:\WINDOWS\system32\imon.dll(Eset , NOD32 IMON - Internet scanning support)
NOD32 protected [MSAFD Tcpip [RAW/IP]]
C:\WINDOWS\system32\imon.dll(Eset , NOD32 IMON - Internet scanning support)
NOD32 protected [RSVP UDP Service Provider]
C:\WINDOWS\system32\imon.dll(Eset , NOD32 IMON - Internet scanning support)
NOD32 protected [RSVP TCP Service Provider]
C:\WINDOWS\system32\imon.dll(Eset , NOD32 IMON - Internet scanning support)
NOD32
C:\WINDOWS\system32\imon.dll(Eset , NOD32 IMON - Internet scanning support)

==================================




幫我看看有沒有不正常的地方,我電腦開機啟動非常非常慢,進入桌面後幾乎要2-3分鍾才能正常啟動牆,殺毒軟體。還有一個可疑的地方就是按鍵輸入QQ密碼的時候有個10秒的假當現象...

不管有沒有病毒木馬,我願以一個NOD32 一年ID 相謝.我會把序列號PM給你。



A:
修復:
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
<hxgame-update><; >
瀏覽器載入項
[Edit Class]
{0CA54D3F-CEAE-48AF-9A2B-31909CB9515D} <C:\WINDOWS\system32\CMBEdit.dll, >
文件關聯
.SCR Error. [AutoCADScriptFile]
.CHM Error. [C:\WINDOWS\hh.exe %1]
.HLP Error. [C:\WINDOWS\winhlp32.exe %1]

然後移除:C:\WINDOWS\system32\CMBEdit.dll



Q:
NOD32 ID 已發,謝謝

C:\WINDOWS\system32\CMBEdit.dll但這個是招商銀行的安全控件啊!

C:\WINDOWS\hh.exe %1 這個是和CHM文件有關的東西麼 有什麼用?




A:




自己確定C:\WINDOWS\system32\CMBEdit.dll是招商銀行的安全控件那就不用動它~
hh.exe %1 的確是CHM格式的關聯用SREng進行修復即可~
__________________
http://bbsimg.qianlong.com/upload/01/08/29/68/1082968_1136014649812.gif
psac 目前離線  
送花文章: 3, 收花文章: 1631 篇, 收花: 3205 次