|
|
|||||||
| 論壇說明 | 標記討論區已讀 |
|
歡迎您來到『史萊姆論壇』 ^___^ 您目前正以訪客的身份瀏覽本論壇,訪客所擁有的權限將受到限制,您可以瀏覽本論壇大部份的版區與文章,但您將無法參與任何討論或是使用私人訊息與其他會員交流。若您希望擁有完整的使用權限,請註冊成為我們的一份子,註冊的程序十分簡單、快速,而且最重要的是--註冊是完全免費的! 請點擊這裡:『註冊成為我們的一份子!』 |
 |
|
|
主題工具 | 顯示模式 |
|
|
2006-05-31, 03:52 AM
|
#1 (permalink) | |
|
榮譽會員
 
|
引用:
中毒!斷離線.安全模式查殺....天堂木馬變種 HijackThis 1.99.1 可查看被加載入的登錄 貼上看... http://www.majorgeeks.com/download3155.html http://www.slime2.com.tw/forums/show...ght=HijackThis http://www.slime2.com.tw/forums/show...ght=HijackThis 請先進入安全模式 執行>regedit>HKEY_CURRENT_USER>SOFTWARE>Microsoft>Windows>CurrentVersion>Run 刪除Kerne0223 = "%System%\Kerne0223.exe"登錄值 到資料夾C:\Windows\System32 找到 Kerne0223.exe 手動刪除 再次進入登錄檔編輯器 執行>regedit>HKEY_CLASSES_ROOT>CLSID>{3EA18648-FAF6-490D-9C92-8FD729028A58}>InprocServer32 刪除 @ = "%System%\RegistryInfo2.dll" 在HKEY_LOCAL_MACHINE>SOFTWARE>Microsoft>Windows>CurrentVersion>Explorer>ShellExecuteHooks 刪除 {3EA18648-FAF6-490D-9C92-8FD729028A58} 重新開機即可 |
|
|
送花文章: 3,
|
|
2006-06-05, 12:23 PM
|
#2 (permalink) |
|
長老會員
 
|
謝謝兩位大大 花那麼多心思時間幫忙
試了好多可以進入登錄編輯器 但無法 執行regedit>HKEY_CURRENT_USER>SOFTWARE>Microsoft>Windows>CurrentVersion>Run 如果是 直接到磁碟機 也無法直接刪除那個檔案 桌面上的 我的電腦捷徑 也消失了 請問 各位 高手 該怎麼解決? 謝謝大家 |
|
__________________ 勇氣鼓舞運氣  Just Do It !!  You Are What You Think You Are  善念充滿^^ 惡念退散 !!  沒有能不能成功 只有願不願意付出代價  趴下是真功夫 
|
|
|
|
送花文章: 40448,
|
|
2006-06-06, 09:23 PM
|
#3 (permalink) | |
|
榮譽會員
|
引用:
HijackThis 1.99.1下載這軟體...貼上來看... http://www.infos-du-net.com/telecharger/HijackThis.html |
|
__________________
|
||
|
|
送花文章: 3,
|
|
2006-06-06, 09:42 PM
|
#4 (permalink) |
|
長老會員
|
Logfile of HijackThis v1.99.1
Scan saved at 下午 09:38:32, on 2006/6/6 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\Explorer.EXE C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe C:\Program Files\Winamp\winampa.exe C:\WINDOWS\Config\svhost32.exe C:\WINDOWS\system32\ctfmon.exe C:\WINDOWS\system32\Kerne0223.exe C:\Program Files\Norton AntiVirus\navapsvc.exe C:\Program Files\MSN Messenger\msnmsgr.exe C:\Program Files\Yahoo!\Messenger\YPager.exe C:\Program Files\Internet Explorer\iexplore.exe F:\自己抓的程式\HijackThis.exe O2 - BHO: CNavExtBho Class - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll O4 - HKLM\..\Run: [IMJPMIG8.1] ; "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32 O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe" O4 - HKLM\..\Run: [CJIMETIPSYNC] C:\Program Files\Common Files\Microsoft Shared\IME\IMTC65\CHANGJIE\CINTLCFG.EXE /CJIMETIPSync O4 - HKLM\..\Run: [PHIMETIPSYNC] C:\Program Files\Common Files\Microsoft Shared\IME\IMTC65\PHONETIC\TINTLCFG.EXE /PHIMETIPSync O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe O4 - HKLM\..\Run: [fzg] C:\WINDOWS\Config\svhost32.exe O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [Kerne0223] C:\WINDOWS\system32\Kerne0223.exe O8 - Extra context menu item: 使用影音傳送帶下載 - C:\Program Files\Xi\NetTransport 2\NTAddLink.html O8 - Extra context menu item: 使用影音傳送帶下載全部連結 - C:\Program Files\Xi\NetTransport 2\NTAddList.html O8 - Extra context menu item: 匯出至 Microsoft Office Excel(&X) - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 O9 - Extra button: 參考資料 - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL O9 - Extra button: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\PROGRA~1\YAHOO!\MESSEN~1\YPAGER.EXE O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\PROGRA~1\YAHOO!\MESSEN~1\YPAGER.EXE O10 - Unknown file in Winsock LSP: c:\windows\system32\mprxpau.dll O10 - Unknown file in Winsock LSP: c:\windows\system32\mprxpau.dll O14 - IERESET.INF: START_PAGE_URL=tw.yahoo.com O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/S...in/AvSniff.cab O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/S.../bin/cabsa.cab O16 - DPF: {6E5A37BF-FD42-463A-877C-4EB7002E68AE} (Housecall ActiveX 6.5) - http://housecall65.trendmicro.com/ho...vex/hcImpl.cab O16 - DPF: {EF791A6B-FC12-4C68-99EF-FB9E207A39E6} (McFreeScan Class) - http://download.mcafee.com/molbin/is...74/mcfscan.cab O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing) O18 - Filter: text/x-mrml - {C51721BE-858B-4A66-A8BF-D2882FF49820} - C:\Program Files\Common Files\A&W\MidRadio.ocx O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe O23 - Service: Norton AntiVirus Firewall Monitor Service (NPFMntor) - Symantec Corporation - C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton AntiVirus\SAVScan.exe O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe 不好意思 麻煩您費心了 |
|
|
送花文章: 40448,
|
混合模式
