史萊姆論壇 - 查看單個文章 - 中毒Trojan-psw.win32.magania.im

plunderer · 2007-04-15, 02:41 PM

R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)

O2 - BHO: (no name) - {4E7BD74F-2B8D-469E-90F0-F66AB581A933} - (no file)

O2 - BHO: NAV Helper - {A8F38D8D-E480-4D52-B7A2-731BB6995FDD} - D:\Program Files\Norton SystemWorks\Norton AntiVirus\NavShExt.dll (file missing)

O3 - Toolbar: Norton AntiVirus - {C4069E3A-68F1-403E-B40E-20066696354B} - D:\Program Files\Norton SystemWorks\Norton AntiVirus\NavShExt.dll (file missing)

O9 - Extra button: (no name) - {0062C9BD-B349-40DE-91A0-755F37ACD559} - (no file)

O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
SharedTaskScheduler Registry key autorun
Only a CWS variant has been known to use this. Consult a HJT expert before cleaning anything.

O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll

O23 - Service: LiveUpdate - Unknown owner - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE (file missing)
File Missing
When a file is missing, you should always have HijackThis fix the item.

O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Unknown owner - D:\Program Files\Norton SystemWorks\Norton AntiVirus\navapsvc.exe (file missing)

O23 - Service: Norton AntiVirus Firewall Monitor Service (NPFMntor) - Unknown owner - D:\Program Files\Norton SystemWorks\Norton AntiVirus\IWP\NPFMntor.exe (file missing)
File Missing
When a file is missing, you should always have HijackThis fix the item.

O23 - Service: Symantec AVScan (SAVScan) - Unknown owner - D:\Program Files\Norton SystemWorks\Norton AntiVirus\SAVScan.exe (file missing)

O23 - Service: 自動 LiveUpdate 排程器 - Unknown owner - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe (file missing)

上面這些是檔案遺失或沒必要的, 都可選擇修復

O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
Unknown Item
日文輸入法

O4 - HKLM\..\Run: [IMEKRMIG6.1] C:\WINDOWS\ime\imkr6_1\IMEKRMIG.EXE
IMEKRMIG6.1
韓文輸入法

O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC
拼音輸入法

這幾項若用不到也可選擇修復, 少佔記憶體

其他看不出有病毒或木馬的痕跡

2007-04-15, 02:41 PM	#16 (permalink)
plunderer 長老會員榮譽勳章勳章總數8 UID - 74024 在線等級: 註冊日期: 2003-05-31 文章: 1399 精華: 0 現金: 507220 金幣資產: 608580 金幣	R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file) O2 - BHO: (no name) - {4E7BD74F-2B8D-469E-90F0-F66AB581A933} - (no file) O2 - BHO: NAV Helper - {A8F38D8D-E480-4D52-B7A2-731BB6995FDD} - D:\Program Files\Norton SystemWorks\Norton AntiVirus\NavShExt.dll (file missing) O3 - Toolbar: Norton AntiVirus - {C4069E3A-68F1-403E-B40E-20066696354B} - D:\Program Files\Norton SystemWorks\Norton AntiVirus\NavShExt.dll (file missing) O9 - Extra button: (no name) - {0062C9BD-B349-40DE-91A0-755F37ACD559} - (no file) O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll SharedTaskScheduler Registry key autorun Only a CWS variant has been known to use this. Consult a HJT expert before cleaning anything. O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll O23 - Service: LiveUpdate - Unknown owner - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE (file missing) File Missing When a file is missing, you should always have HijackThis fix the item. O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Unknown owner - D:\Program Files\Norton SystemWorks\Norton AntiVirus\navapsvc.exe (file missing) O23 - Service: Norton AntiVirus Firewall Monitor Service (NPFMntor) - Unknown owner - D:\Program Files\Norton SystemWorks\Norton AntiVirus\IWP\NPFMntor.exe (file missing) File Missing When a file is missing, you should always have HijackThis fix the item. O23 - Service: Symantec AVScan (SAVScan) - Unknown owner - D:\Program Files\Norton SystemWorks\Norton AntiVirus\SAVScan.exe (file missing) O23 - Service: 自動 LiveUpdate 排程器 - Unknown owner - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe (file missing) 上面這些是檔案遺失或沒必要的, 都可選擇修復 O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32 Unknown Item 日文輸入法 O4 - HKLM\..\Run: [IMEKRMIG6.1] C:\WINDOWS\ime\imkr6_1\IMEKRMIG.EXE IMEKRMIG6.1 韓文輸入法 O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC 拼音輸入法這幾項若用不到也可選擇修復, 少佔記憶體其他看不出有病毒或木馬的痕跡
	__________________ 刑天舞干戚
	送花文章: 6, 收花文章: 575 篇, 收花: 1747 次