|
論壇說明 |
歡迎您來到『史萊姆論壇』 ^___^ 您目前正以訪客的身份瀏覽本論壇,訪客所擁有的權限將受到限制,您可以瀏覽本論壇大部份的版區與文章,但您將無法參與任何討論或是使用私人訊息與其他會員交流。若您希望擁有完整的使用權限,請註冊成為我們的一份子,註冊的程序十分簡單、快速,而且最重要的是--註冊是完全免費的! 請點擊這裡:『註冊成為我們的一份子!』 |
|
主題工具 | 顯示模式 |
2006-06-01, 06:02 AM | #1 |
榮譽會員
|
軟體 - ie老自動彈出視窗
Q:
我的ie老自動彈出視窗請大家看下。 我的ie老自動彈出視窗請大家看下是那個工作行程的問題,怎麼解決? 我用惡意軟件清理助手在安全模式下清理了也不行!鬱悶中! [PID: 472][\SystemRoot\System32\smss.exe] <Microsoft Corporation><5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)> [PID: 528][\??\C:\WINDOWS\system32\csrss.exe] <Microsoft Corporation><5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)> [PID: 552][\??\C:\WINDOWS\system32\winlogon.exe] <Microsoft Corporation><5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)> [PID: 596][C:\WINDOWS\system32\services.exe] <Microsoft Corporation><5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)> [PID: 608][C:\WINDOWS\system32\lsass.exe] <Microsoft Corporation><5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)> [PID: 756][C:\WINDOWS\system32\svchost.exe] <Microsoft Corporation><5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)> [PID: 800][C:\WINDOWS\system32\svchost.exe] <Microsoft Corporation><5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)> [PID: 860][C:\WINDOWS\System32\svchost.exe] <Microsoft Corporation><5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)> [PID: 956][C:\WINDOWS\system32\svchost.exe] <Microsoft Corporation><5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)> [PID: 972][C:\WINDOWS\system32\svchost.exe] <Microsoft Corporation><5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)> [PID: 1280][C:\WINDOWS\system32\spoolsv.exe] <Microsoft Corporation><5.1.2600.2696 (xpsp_sp2_gdr.050610-1519)> [PID: 1288][C:\WINDOWS\Explorer.EXE] <Microsoft Corporation><6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)> [C:\Program Files\WinRAR\rarext.dll] <N/A><N/A> [C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Personal\shellex.dll] <Kaspersky Lab><5.0.676.1> [C:\WINDOWS\system32\PYJJU.IME] <北京六合源軟件技術有限公司><2, 2, 0, 4> [C:\WINDOWS\system32\MicrosoftNet.dll] <TODO: <公司名>><1.0.0.1> [d:\Thunder Network\Thunder\ComDlls\XunLeiBHO_001.dll] <Thunder Networking Technologies,LTD><5, 0, 0, 1> [d:\NetTransport 2\NTIEHelper.dll] <Xi><1.91.12> [PID: 1528][C:\WINDOWS\system32\RUNDLL32.EXE] <Microsoft Corporation><5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)> [C:\WINDOWS\system32\NvMcTray.dll] <NVIDIA Corporation><6.14.10.6085> [PID: 1536][C:\Program Files\Common Files\Real\Update_OB\realsched.exe] <RealNetworks, Inc.><0.1.0.3018> [PID: 1552][C:\WINDOWS\system32\ctfmon.exe] <Microsoft Corporation><5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)> [PID: 1560][C:\Program Files\pcsporl\Sporl.exe] <N/A><N/A> [C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Personal\scrchpg.dll] <Kaspersky Lab><5.0.676.20> [C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Personal\scbridge.dll] <Kaspersky Lab><5.0.676.1> [C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Personal\klipc.dll] <Kaspersky Lab><5.0.676.0> [C:\WINDOWS\system32\Macromed\Flash\Flash8b.ocx] <Macromedia, Inc.><8,0,24,0> [PID: 1764][C:\WINDOWS\system32\nvsvc32.exe] <NVIDIA Corporation><6.14.10.6085> [PID: 1904][C:\WINDOWS\system32\wdfmgr.exe] <Microsoft Corporation><5.2.3790.1230 built by: DNSRV(bld4act)> [PID: 1672][C:\WINDOWS\System32\alg.exe] <Microsoft Corporation><5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)> [PID: 2108][C:\Program Files\Maxthon\Maxthon.exe] <Maxthon International Ltd.><1, 5, 1, 39> [C:\Program Files\Maxthon\maxzlib.dll] < ><1, 0, 0, 2> [C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Personal\scrchpg.dll] <Kaspersky Lab><5.0.676.20> [C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Personal\scbridge.dll] <Kaspersky Lab><5.0.676.1> [C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Personal\klipc.dll] <Kaspersky Lab><5.0.676.0> [C:\Program Files\Maxthon\Services\RealTime\real_time.dll] <><1, 0, 0, 1> [C:\WINDOWS\system32\PYJJU.IME] <北京六合源軟件技術有限公司><2, 2, 0, 4> [C:\WINDOWS\system32\Macromed\Flash\Flash8b.ocx] <Macromedia, Inc.><8,0,24,0> [PID: 3260][C:\WINDOWS\system32\PYINTAU.EXE] <北京六合源軟件技術有限公司><2, 2, 1, 4> [C:\WINDOWS\system32\PYCODEU.dll] <北京六合源軟件技術有限公司><2, 2, 0, 4> [C:\WINDOWS\system32\PYJJCZU.dll] <北京六合源軟件技術有限公司><2, 2, 0, 0> [PID: 2588][d:\Thunder Network\Thunder\Program\Thunder5.exe] <Thunder Networking Technologies,LTD><5.1.6.198> [d:\Thunder Network\Thunder\Program\updatedownload.dll] <Thunder Networking Technologies,LTD><1, 0, 1, 3> [d:\Thunder Network\Thunder\Program\download_interface.dll] <Thunder Networking Technologies,LTD><1, 0, 2, 69> [d:\Thunder Network\Thunder\Program\log4cplus.dll] <><1, 0, 2, 1> [d:\Thunder Network\Thunder\Program\stlport_vc646.dll] <STLport Consulting, Inc.><4.6.2003.1031> [d:\Thunder Network\Thunder\Program\asyn_dns.dll] <N/A><N/A> [d:\Thunder Network\Thunder\Program\msgmanage.dll] <Thunder Networking Technologies,LTD><1, 0, 0, 15> [d:\Thunder Network\Thunder\Program\historyinfo_manage.dll] <Thunder Networking Technologies,LTD><5, 2, 0, 148> [d:\Thunder Network\Thunder\Program\RegisterDll.dll] <Thunder Networking Technologies,LTD><1, 2, 0, 7> [d:\Thunder Network\Thunder\Program\FloatBar.dll] <Thunder Networking Technologies,LTD><1, 0, 0, 2> [d:\Thunder Network\Thunder\Components\InMedia\iEmbedShell.dll] < ><1, 0, 0, 5> [d:\Thunder Network\Thunder\Components\InMedia\iEmbed.dll] < ><2, 1, 0, 29> [d:\Thunder Network\Thunder\Components\P4PClient\P4PClient.dll] <Thunder Networking Technologies,LTD><1, 0, 0, 4> [d:\Thunder Network\Thunder\Program\iTargetAd.dll] <Thunder Networking Technologies,LTD><1, 0, 0, 60> [C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Personal\scrchpg.dll] <Kaspersky Lab><5.0.676.20> [C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Personal\scbridge.dll] <Kaspersky Lab><5.0.676.1> [C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Personal\klipc.dll] <Kaspersky Lab><5.0.676.0> [PID: 168][C:\Documents and Settings\admin\桌面\掃瞄工具\SREng.exe] <Smallfrogs Studio><2.0.12.350> 瀏覽器載入項: 瀏覽器載入項 [CaiShowBH Class] {3AF40CB8-B3BA-4E2D-8968-4BF8DB172997} <C:\Program Files\CaiShow Tech\CaiShow\BrowerHelper.dll, TODO: <公司名>> [QQBrowserHelperObject Class] {54EBD53A-9BC1-480B-966A-843A333CA162} <D:\Tencent\qq\QQIEHelper.dll, 深圳市騰訊電腦系統有限公司> [NetAccelerate Class] {5673A7C0-95CC-4646-BB07-3BD71234CEF9} <C:\WINDOWS\system32\MicrosoftNet.dll, TODO: <公司名>> [Thunder Browser Helper] {889D2FEB-5411-4565-8998-1DD2C5261283} <d:\Thunder Network\Thunder\ComDlls\XunLeiBHO_001.dll, Thunder Networking Technologies,LTD> [NTIECatcher Class] {C56CB6B0-0D96-11D6-8C65-B2868B609932} <d:\NetTransport 2\NTIEHelper.dll, Xi> [QQ] {c95fe080-8f5d-11d2-a20b-00aa003c157b} <D:\Tencent\qq\QQ.EXE, TENCENT> [QQIEFloatBarCfgCmd Class] {DEDEB80D-FA35-45d9-9460-4983E5A8AFE6} <D:\Tencent\qq\QQIEHelper.dll, 深圳市騰訊電腦系統有限公司> [Messenger] {FB5F1910-F110-11d2-BB9E-00C04F795683} <C:\Program Files\Messenger\msmsgs.exe, Microsoft Corporation> [金山快譯(&K)] {6C3797D2-3FEF-4cd4-B654-D3AE55B4128C} <d:\FASTAI~1\IEBand.dll, > [CEditCtrl Object] {488A4255-3236-44B3-8F27-FA1AECAA8844} <C:\WINDOWS\system32\aliedit\AliEdit.dll, www.alipay.com> [WebActivater Control] {C661F36D-DF85-4EF4-83C7-E107B83D04B1} <C:\WINDOWS\system32\3DShowVM.ocx, QQ> [Shockwave Flash Object] {D27CDB6E-AE6D-11CF-96B8-444553540000} <C:\WINDOWS\system32\Macromed\Flash\Flash8b.ocx, Macromedia, Inc.> [Shell Automation Service] {13709620-C279-11CE-A49E-444553540000} <%SystemRoot%\system32\SHELL32.dll, N/A> [RealPlayer SMIL Download Handler] {224E833B-2CC6-42D9-AE39-90B6A38A4FA2} <C:\WINDOWS\system32\rmoc3260.dll, RealNetworks, Inc.> [Windows Media Player] {22D6F312-B0F6-11D0-94AB-0080C74C7E95} <C:\WINDOWS\system32\wmpdxm.dll, Microsoft Corporation> [HTML Document] {25336920-03F9-11CF-8FD0-00AA00686F13} <%SystemRoot%\system32\mshtml.dll, N/A> [CaiShowBH Class] {3AF40CB8-B3BA-4E2D-8968-4BF8DB172997} <C:\Program Files\CaiShow Tech\CaiShow\BrowerHelper.dll, TODO: <公司名>> [CEditCtrl Object] {488A4255-3236-44B3-8F27-FA1AECAA8844} <C:\WINDOWS\system32\aliedit\AliEdit.dll, www.alipay.com> [HHCtrl Object] {52A2AAAE-085D-4187-97EA-8C30DB990436} <C:\WINDOWS\system32\hhctrl.ocx, Microsoft Corporation> [QQBrowserHelperObject Class] {54EBD53A-9BC1-480B-966A-843A333CA162} <D:\Tencent\qq\QQIEHelper.dll, 深圳市騰訊電腦系統有限公司> [NetAccelerate Class] {5673A7C0-95CC-4646-BB07-3BD71234CEF9} <C:\WINDOWS\system32\MicrosoftNet.dll, TODO: <公司名>> [金山快譯(&K)] {6C3797D2-3FEF-4CD4-B654-D3AE55B4128C} <d:\FASTAI~1\IEBand.dll, > [Thunder Browser Helper] {889D2FEB-5411-4565-8998-1DD2C5261283} <d:\Thunder Network\Thunder\ComDlls\XunLeiBHO_001.dll, Thunder Networking Technologies,LTD> [Microsoft Scriptlet Component] {AE24FDAE-03C6-11D1-8B76-0080C744F389} <C:\WINDOWS\system32\mshtml.dll, Microsoft Corporation> [SearchAssistantOC] {B45FF030-4447-11D2-85DE-00C04FA35C89} <%SystemRoot%\system32\shdocvw.dll, N/A> [NTIECatcher Class] {C56CB6B0-0D96-11D6-8C65-B2868B609932} <d:\NetTransport 2\NTIEHelper.dll, Xi> [RealPlayer G2 Control] {CFCDAA03-8BE4-11CF-B84B-0020AFBBCCFA} <C:\WINDOWS\system32\rmoc3260.dll, RealNetworks, Inc.> [Shockwave Flash Object] {D27CDB6E-AE6D-11CF-96B8-444553540000} <C:\WINDOWS\system32\Macromed\Flash\Flash8b.ocx, Macromedia, Inc.> [>>彩信發送<<] <res://C:\PROGRA~1\MMSASS~1\Mmsass~1.dll/mms.htm, N/A> [上傳到QQ網路硬碟] <D:\Tencent\qq\AddToNetDisk.htm, N/A> [使用影音傳送帶下載] <D:\NetTransport 2\NTAddLink.html, N/A> [使用影音傳送帶下載全部鏈接] <D:\NetTransport 2\NTAddList.html, N/A> [使用迅雷下載] <d:\Thunder Network\Thunder\Program\GetUrl.htm, N/A> [使用迅雷下載全部鏈接] <d:\Thunder Network\Thunder\Program\GetAllUrl.htm, N/A> [新增到QQ自定義面板] <D:\Tencent\qq\AddPanel.htm, N/A> [新增到QQ表情] <D:\Tencent\qq\AddEmotion.htm, N/A> [新增到雅虎訂閱(&Y)] <res://C:\PROGRA~1\Yahoo!\ASSIST~1\Assist\yrss.dll/YRSSMENUEXT, N/A> [用QQ彩信發送該圖片] <D:\Tencent\qq\SendMMS.htm, N/A> [用炫彩圖鈴發送該圖片] <C:\Program Files\CaiShow Tech\CaiShow\SendMMS.htm, N/A> [訪問唯一下載查找] <http://www.onlydown.cn/down.htm, N/A> 2006-05-31,17:42:32 System Repair Engineer 2.0.12.350 (2.0 RC 1) Windows XP Professional Service Pack 2 - 管理權限用戶 - 完整功能 以下內容被選中: 所有的啟動專案(包括註冊表、啟動資料夾、服務等) 瀏覽器載入項 正在執行的工作行程(包括工作行程模塊訊息) 文件關聯 啟動專案 註冊表 [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run] <ctfmon.exe><C:\WINDOWS\system32\ctfmon.exe> [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run] <ScanRegistry><C:\Program Files\pcsporl\Sporl.exe> [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run] <caishowmanage><C:\Program Files\CaiShow Tech\CaiShow\UpdateManager.EXE> [HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows] <load><> [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run] <IMJPMIG8.1><"C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32> [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run] <PHIME2002ASync><C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC> [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run] <PHIME2002A><C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName> [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run] <NvCplDaemon><RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup> [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run] <nwiz><nwiz.exe /install> [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run] <NvMediaCenter><RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit> [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run] <TkBellExe><"C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot> [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run] <KAVPersonal50><"C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Personal\kav.exe" /minimize> [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon] <shell><Explorer.exe> [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon] <Userinit><C:\WINDOWS\system32\userinit.exe,C:\Program Files\Eset\freeme.exe /s,> [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Windows] <AppInit_DLLs><> ================================== 啟動資料夾 服務 [HID Input Service Time / HID sever] <C:\WINDOWS\system32\Hsever.exe><N/A> [Kaspersky Anti-Virus Service / kavsvc] <"C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Personal\kavsvc.exe"><Kaspersky Lab> [NVIDIA Display Driver Service / NVSvc] <C:\WINDOWS\system32\nvsvc32.exe><NVIDIA Corporation> [winaua / winaua] <C:\DOCUME~1\admin\LOCALS~1\Temp\aua1\aua1.exe -R><N/A> ================================== 瀏覽器載入項 [CaiShowBH Class] {3AF40CB8-B3BA-4E2D-8968-4BF8DB172997} <C:\Program Files\CaiShow Tech\CaiShow\BrowerHelper.dll, TODO: <公司名>> [QQBrowserHelperObject Class] {54EBD53A-9BC1-480B-966A-843A333CA162} <D:\Tencent\qq\QQIEHelper.dll, 深圳市騰訊電腦系統有限公司> [NetAccelerate Class] {5673A7C0-95CC-4646-BB07-3BD71234CEF9} <C:\WINDOWS\system32\MicrosoftNet.dll, TODO: <公司名>> [Thunder Browser Helper] {889D2FEB-5411-4565-8998-1DD2C5261283} <d:\Thunder Network\Thunder\ComDlls\XunLeiBHO_001.dll, Thunder Networking Technologies,LTD> [NTIECatcher Class] {C56CB6B0-0D96-11D6-8C65-B2868B609932} <d:\NetTransport 2\NTIEHelper.dll, Xi> [QQ] {c95fe080-8f5d-11d2-a20b-00aa003c157b} <D:\Tencent\qq\QQ.EXE, TENCENT> [QQIEFloatBarCfgCmd Class] {DEDEB80D-FA35-45d9-9460-4983E5A8AFE6} <D:\Tencent\qq\QQIEHelper.dll, 深圳市騰訊電腦系統有限公司> [Messenger] {FB5F1910-F110-11d2-BB9E-00C04F795683} <C:\Program Files\Messenger\msmsgs.exe, Microsoft Corporation> [金山快譯(&K)] {6C3797D2-3FEF-4cd4-B654-D3AE55B4128C} <d:\FASTAI~1\IEBand.dll, > [CEditCtrl Object] {488A4255-3236-44B3-8F27-FA1AECAA8844} <C:\WINDOWS\system32\aliedit\AliEdit.dll, www.alipay.com> [WebActivater Control] {C661F36D-DF85-4EF4-83C7-E107B83D04B1} <C:\WINDOWS\system32\3DShowVM.ocx, QQ> [Shockwave Flash Object] {D27CDB6E-AE6D-11CF-96B8-444553540000} <C:\WINDOWS\system32\Macromed\Flash\Flash8b.ocx, Macromedia, Inc.> [Shell Automation Service] {13709620-C279-11CE-A49E-444553540000} <%SystemRoot%\system32\SHELL32.dll, N/A> [RealPlayer SMIL Download Handler] {224E833B-2CC6-42D9-AE39-90B6A38A4FA2} <C:\WINDOWS\system32\rmoc3260.dll, RealNetworks, Inc.> [Windows Media Player] {22D6F312-B0F6-11D0-94AB-0080C74C7E95} <C:\WINDOWS\system32\wmpdxm.dll, Microsoft Corporation> [HTML Document] {25336920-03F9-11CF-8FD0-00AA00686F13} <%SystemRoot%\system32\mshtml.dll, N/A> [CaiShowBH Class] {3AF40CB8-B3BA-4E2D-8968-4BF8DB172997} <C:\Program Files\CaiShow Tech\CaiShow\BrowerHelper.dll, TODO: <公司名>> [CEditCtrl Object] {488A4255-3236-44B3-8F27-FA1AECAA8844} <C:\WINDOWS\system32\aliedit\AliEdit.dll, www.alipay.com> [HHCtrl Object] {52A2AAAE-085D-4187-97EA-8C30DB990436} <C:\WINDOWS\system32\hhctrl.ocx, Microsoft Corporation> [QQBrowserHelperObject Class] {54EBD53A-9BC1-480B-966A-843A333CA162} <D:\Tencent\qq\QQIEHelper.dll, 深圳市騰訊電腦系統有限公司> [NetAccelerate Class] {5673A7C0-95CC-4646-BB07-3BD71234CEF9} <C:\WINDOWS\system32\MicrosoftNet.dll, TODO: <公司名>> [金山快譯(&K)] {6C3797D2-3FEF-4CD4-B654-D3AE55B4128C} <d:\FASTAI~1\IEBand.dll, > [Thunder Browser Helper] {889D2FEB-5411-4565-8998-1DD2C5261283} <d:\Thunder Network\Thunder\ComDlls\XunLeiBHO_001.dll, Thunder Networking Technologies,LTD> [Microsoft Scriptlet Component] {AE24FDAE-03C6-11D1-8B76-0080C744F389} <C:\WINDOWS\system32\mshtml.dll, Microsoft Corporation> [SearchAssistantOC] {B45FF030-4447-11D2-85DE-00C04FA35C89} <%SystemRoot%\system32\shdocvw.dll, N/A> [NTIECatcher Class] {C56CB6B0-0D96-11D6-8C65-B2868B609932} <d:\NetTransport 2\NTIEHelper.dll, Xi> [RealPlayer G2 Control] {CFCDAA03-8BE4-11CF-B84B-0020AFBBCCFA} <C:\WINDOWS\system32\rmoc3260.dll, RealNetworks, Inc.> [Shockwave Flash Object] {D27CDB6E-AE6D-11CF-96B8-444553540000} <C:\WINDOWS\system32\Macromed\Flash\Flash8b.ocx, Macromedia, Inc.> [>>彩信發送<<] <res://C:\PROGRA~1\MMSASS~1\Mmsass~1.dll/mms.htm, N/A> [上傳到QQ網路硬碟] <D:\Tencent\qq\AddToNetDisk.htm, N/A> [使用影音傳送帶下載] <D:\NetTransport 2\NTAddLink.html, N/A> [使用影音傳送帶下載全部鏈接] <D:\NetTransport 2\NTAddList.html, N/A> [使用迅雷下載] <d:\Thunder Network\Thunder\Program\GetUrl.htm, N/A> [使用迅雷下載全部鏈接] <d:\Thunder Network\Thunder\Program\GetAllUrl.htm, N/A> [新增到QQ自定義面板] <D:\Tencent\qq\AddPanel.htm, N/A> [新增到QQ表情] <D:\Tencent\qq\AddEmotion.htm, N/A> [新增到雅虎訂閱(&Y)] <res://C:\PROGRA~1\Yahoo!\ASSIST~1\Assist\yrss.dll/YRSSMENUEXT, N/A> [用QQ彩信發送該圖片] <D:\Tencent\qq\SendMMS.htm, N/A> [用炫彩圖鈴發送該圖片] <C:\Program Files\CaiShow Tech\CaiShow\SendMMS.htm, N/A> [訪問唯一下載查找] <http://www.onlydown.cn/down.htm, N/A> ================================== 正在執行的工作行程 [PID: 480][\SystemRoot\System32\smss.exe] <Microsoft Corporation><5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)> [PID: 536][\??\C:\WINDOWS\system32\csrss.exe] <Microsoft Corporation><5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)> [PID: 560][\??\C:\WINDOWS\system32\winlogon.exe] <Microsoft Corporation><5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)> [PID: 604][C:\WINDOWS\system32\services.exe] <Microsoft Corporation><5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)> [PID: 616][C:\WINDOWS\system32\lsass.exe] <Microsoft Corporation><5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)> [PID: 756][C:\WINDOWS\system32\svchost.exe] <Microsoft Corporation><5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)> [PID: 804][C:\WINDOWS\system32\svchost.exe] <Microsoft Corporation><5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)> [PID: 840][C:\WINDOWS\System32\svchost.exe] <Microsoft Corporation><5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)> [PID: 888][C:\WINDOWS\system32\svchost.exe] <Microsoft Corporation><5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)> [PID: 948][C:\WINDOWS\system32\svchost.exe] <Microsoft Corporation><5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)> [PID: 1240][C:\WINDOWS\system32\spoolsv.exe] <Microsoft Corporation><5.1.2600.2696 (xpsp_sp2_gdr.050610-1519)> [PID: 1440][C:\WINDOWS\system32\nvsvc32.exe] <NVIDIA Corporation><6.14.10.6085> [PID: 1532][C:\WINDOWS\system32\wdfmgr.exe] <Microsoft Corporation><5.2.3790.1230 built by: DNSRV(bld4act)> [PID: 1812][C:\WINDOWS\System32\alg.exe] <Microsoft Corporation><5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)> [PID: 1988][C:\WINDOWS\system32\ctfmon.exe] <Microsoft Corporation><5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)> [PID: 1968][C:\WINDOWS\system32\RUNDLL32.EXE] <Microsoft Corporation><5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)> [C:\WINDOWS\system32\NvMcTray.dll] <NVIDIA Corporation><6.14.10.6085> [PID: 1976][C:\Program Files\Common Files\Real\Update_OB\realsched.exe] <RealNetworks, Inc.><0.1.0.3018> [PID: 136][C:\Program Files\pcsporl\Sporl.exe] <N/A><N/A> [C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Personal\scrchpg.dll] <Kaspersky Lab><5.0.676.20> [C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Personal\scbridge.dll] <Kaspersky Lab><5.0.676.1> [C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Personal\klipc.dll] <Kaspersky Lab><5.0.676.0> [PID: 1048][C:\Program Files\Maxthon\Maxthon.exe] <Maxthon International Ltd.><1, 5, 1, 39> [C:\Program Files\Maxthon\maxzlib.dll] < ><1, 0, 0, 2> [C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Personal\scrchpg.dll] <Kaspersky Lab><5.0.676.20> [C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Personal\scbridge.dll] <Kaspersky Lab><5.0.676.1> [C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Personal\klipc.dll] <Kaspersky Lab><5.0.676.0> [C:\Program Files\Maxthon\Services\RealTime\real_time.dll] <><1, 0, 0, 1> [C:\WINDOWS\system32\Macromed\Flash\Flash8b.ocx] <Macromedia, Inc.><8,0,24,0> [PID: 992][C:\WINDOWS\explorer.exe] <Microsoft Corporation><6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)> [C:\WINDOWS\system32\MicrosoftNet.dll] <TODO: <公司名>><1.0.0.1> [d:\Thunder Network\Thunder\ComDlls\XunLeiBHO_001.dll] <Thunder Networking Technologies,LTD><5, 0, 0, 1> [d:\NetTransport 2\NTIEHelper.dll] <Xi><1.91.12> [PID: 1120][C:\Documents and Settings\admin\桌面\掃瞄工具\SREng.exe] <Smallfrogs Studio><2.0.12.350> ================================== 文件關聯 .TXT OK. [%SystemRoot%\system32\NOTEPAD.EXE %1] .EXE OK. ["%1" %*] .COM OK. ["%1" %*] .PIF OK. ["%1" %*] .REG OK. [regedit.exe "%1"] .BAT OK. ["%1" %*] .SCR OK. ["%1" /S] .CHM OK. ["C:\WINDOWS\hh.exe" %1] .HLP OK. [%SystemRoot%\System32\winhlp32.exe %1] .INI OK. [%SystemRoot%\System32\NOTEPAD.EXE %1] .INF OK. [%SystemRoot%\System32\NOTEPAD.EXE %1] .VBS OK. [%SystemRoot%\System32\WScript.exe "%1" %*] .JS OK. [%SystemRoot%\System32\WScript.exe "%1" %*] .LNK OK. [{00021401-0000-0000-C000-000000000046}] ================================== Winsock 提供者 ================================== A: 開始 執行 services.msc 禁用下面名稱的服務 winaua 再次執行 System Repair Engineer 在"系統修復"->"瀏覽器載入項" 中刪除下面專案 [NetAccelerate Class] {5673A7C0-95CC-4646-BB07-3BD71234CEF9} <C:\WINDOWS\system32\MicrosoftNet.dll, TODO: <公司名>> [NetAccelerate Class] {5673A7C0-95CC-4646-BB07-3BD71234CEF9} <C:\WINDOWS\system32\MicrosoftNet.dll, TODO: <公司名>> 清空資料夾 C:\DOCUME~1\admin\LOCALS~1\Temp C:\WINDOWS\system32\MicrosoftNet.dll <--刪除此文件 or... 用System Repair Engineer刪除 啟動項: [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run] <ScanRegistry><C:\Program Files\pcsporl\Sporl.exe> 服務: [winaua / winaua] <C:\DOCUME~1\admin\LOCALS~1\Temp\aua1\aua1.exe -R><N/A> 瀏覽器載入項: [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run] <caishowmanage><C:\Program Files\CaiShow Tech\CaiShow\UpdateManager.EXE> [CaiShowBH Class] {3AF40CB8-B3BA-4E2D-8968-4BF8DB172997} <C:\Program Files\CaiShow Tech\CaiShow\BrowerHelper.dll, TODO: <公司名>> [NetAccelerate Class] {5673A7C0-95CC-4646-BB07-3BD71234CEF9} <C:\WINDOWS\system32\MicrosoftNet.dll, TODO: <公司名>> [CaiShowBH Class] {3AF40CB8-B3BA-4E2D-8968-4BF8DB172997} <C:\Program Files\CaiShow Tech\CaiShow\BrowerHelper.dll, TODO: <公司名>> [用炫彩圖鈴發送該圖片] <C:\Program Files\CaiShow Tech\CaiShow\SendMMS.htm, N/A> 重新啟動後刪除以上對應文件(Sporl.exe的文件暫時不刪)。 C:\Program Files\pcsporl\Sporl.exe這個程式很可疑,你知道是什麼嗎?能否壓縮後發給我moonforest#163.com |
送花文章: 3,
|
2006-06-01, 09:51 AM | #2 (permalink) |
榮譽會員
|
發現一個非常強悍的木馬..木馬剋星等均未搞定
在單位同事的電腦裡面發現了一個非常強悍的木馬...剛才在劍盟查了一下..好像是一個用來盜QQ號的木馬..不過經過了特殊的封裝.. 機器上裝的NOD32能查出來..但殺不了.. 然後換了N種殺毒軟件..如瑞星..江民等..結果根本就查都查不出來 再換木馬剋星..木馬殺客...木馬防線...也沒有任何效果 再用HIJACKTHIS分析...沒有任何異常.. 狂汗...前來 求助 病毒會自動的在我的文檔__Local Settings__TEMP裡面建立一個HUMEN1.exe(具體是不是這個名字我記不太清了)..工作行程裡面卻看不到什麼非法工作行程..... 確定是個木馬程式....用來盜取QQ號及密碼...將結果自動發送到一個@tom.com的郵箱裡面去 有沒有比較好的方法搞定啊?? 附 SRENG.log日誌 2006-05-26,08:02:38 System Repair Engineer 2.0.12.350 (2.0 RC 1) Windows XP Professional Service Pack 2 - 管理權限用戶 - 完整功能 以下內容被選中: 所有的啟動專案(包括註冊表、啟動資料夾、服務等) 瀏覽器載入項 正在執行的工作行程(包括工作行程模塊訊息) 文件關聯 啟動專案 註冊表 [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run] <ctfmon.exe><C:\WINDOWS\system32\ctfmon.exe> [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run] <IMJPMIG8.1><"C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32> [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run] <PHIME2002ASync><C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC> [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run] <Thunder><"C:\Program Files\Thunder Network\Thunder\ThunderShell.exe" /s> [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run] <nod32kui><"C:\Program Files\Eset\nod32kui.exe" /WAITSERVICE> [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run] <TrojanScanner><C:\Program Files\Trojan Remover\Trjscan.exe> [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run] <AGB5Monitor><C:\Program Files\Antiy Labs\AGuard\AGuard.exe /AutoRun> [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon] <shell><Explorer.exe> [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon] <Userinit><C:\Windows\system32\userinit.exe,> [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Windows] <AppInit_DLLs><> ================================== 啟動資料夾 [騰訊QQ珊瑚蟲版] <C:\Documents and Settings\new\「開始」表菜單\程式\啟動\騰訊QQ珊瑚蟲版.lnk><N> ================================== 服務 [NOD32 Kernel Service / NOD32krn] <"C:\Program Files\Eset\nod32krn.exe"><Eset > ================================== 瀏覽器載入項 [江民線上殺毒] {06926B30-424E-4f1c-8EE3-543CD96573DC} <http://club.jiangmin.com/kvscan/KvOnline.asp, N/A> [微軟] {6096E38F-5AC1-4391-8EC4-75DFA92FB32F} <http://www.microsoft.com/china/index.htm, N/A> [QQIEFloatBarCfgCmd Class] {DEDEB80D-FA35-45d9-9460-4983E5A8AFE6} <C:\Program Files\Tencent\QQ\QQIEHelper.dll, N/A> [PowerPlr Control] {2354A44B-3CEB-4829-9940-545B03103538} <C:\WINDOWS\DOWNLO~1\PowerPlr.ocx, Powerise Digital> [Shockwave Flash Object] {D27CDB6E-AE6D-11CF-96B8-444553540000} <C:\WINDOWS\system32\Macromed\Flash\Flash8a.ocx, Macromedia, Inc.> [Rising Web Scan Object] {E4E2F180-CB8B-4DE9-ACBB-DA745D3BA153} <C:\WINDOWS\Downloaded Program Files\OL2005.dll, Beijing Rising Technology Co., Ltd.> [HTML Document] {25336920-03F9-11CF-8FD0-00AA00686F13} <%SystemRoot%\system32\mshtml.dll, N/A> [HHCtrl Object] {52A2AAAE-085D-4187-97EA-8C30DB990436} <C:\WINDOWS\system32\hhctrl.ocx, Microsoft Corporation> [KvScan Control] {626AEE7D-DC95-4405-8F9E-9FB1EA80AEDE} <C:\WINDOWS\KVSCAN~1\KvKill.ocx, jiangmin> [Microsoft Scriptlet Component] {AE24FDAE-03C6-11D1-8B76-0080C744F389} <C:\WINDOWS\system32\mshtml.dll, Microsoft Corporation> [SearchAssistantOC] {B45FF030-4447-11D2-85DE-00C04FA35C89} <%SystemRoot%\system32\shdocvw.dll, N/A> [Shockwave Flash Object] {D27CDB6E-AE6D-11CF-96B8-444553540000} <C:\WINDOWS\system32\Macromed\Flash\Flash8a.ocx, Macromedia, Inc.> [Rising Web Scan Object] {E4E2F180-CB8B-4DE9-ACBB-DA745D3BA153} <C:\WINDOWS\Downloaded Program Files\OL2005.dll, Beijing Rising Technology Co., Ltd.> [&使用迅雷下載] <C:\Program Files\Thunder Network\Thunder\geturl.htm, N/A> [&使用迅雷下載全部鏈接] <C:\Program Files\Thunder Network\Thunder\getallurl.htm, N/A> [上傳到QQ網路硬碟] <C:\Program Files\Tencent\QQ\AddToNetDisk.htm, N/A> [使用KuGoo3下載(&K)] <D:\Program Files\KuGoo2\KuGoo3DownX.htm, N/A> [使用影音傳送帶下載] <C:\Program Files\Xi\NetTransport 2\NTAddLink.html, N/A> [使用影音傳送帶下載全部鏈接] <C:\Program Files\Xi\NetTransport 2\NTAddList.html, N/A> [匯出到 Microsoft Office Excel(&X)] <res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000, N/A> [新增到QQ自定義面板] <C:\Program Files\Tencent\QQ\AddPanel.htm, N/A> [新增到QQ表情] <C:\Program Files\Tencent\QQ\AddEmotion.htm, N/A> ================================== 正在執行的工作行程 [PID: 472][\SystemRoot\System32\smss.exe] <Microsoft Corporation><5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)> [PID: 520][\??\C:\WINDOWS\system32\csrss.exe] <Microsoft Corporation><5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)> [PID: 544][\??\C:\WINDOWS\system32\winlogon.exe] <Microsoft Corporation><5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)> [PID: 588][C:\WINDOWS\system32\services.exe] <Microsoft Corporation><5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)> [PID: 600][C:\WINDOWS\system32\lsass.exe] <Microsoft Corporation><5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)> [C:\WINDOWS\system32\imon.dll] <Eset ><2, 51, 26 > [C:\Program Files\Eset\pr_imon.dll] <N/A><N/A> [PID: 768][C:\WINDOWS\system32\svchost.exe] <Microsoft Corporation><5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)> [PID: 812][C:\WINDOWS\system32\svchost.exe] <Microsoft Corporation><5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)> [C:\WINDOWS\system32\imon.dll] <Eset ><2, 51, 26 > [C:\Program Files\Eset\pr_imon.dll] <N/A><N/A> [PID: 892][C:\WINDOWS\System32\svchost.exe] <Microsoft Corporation><5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)> [C:\WINDOWS\system32\imon.dll] <Eset ><2, 51, 26 > [C:\Program Files\Eset\pr_imon.dll] <N/A><N/A> [PID: 992][C:\WINDOWS\system32\svchost.exe] <Microsoft Corporation><5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)> [C:\WINDOWS\system32\imon.dll] <Eset ><2, 51, 26 > [C:\Program Files\Eset\pr_imon.dll] <N/A><N/A> [PID: 1028][C:\WINDOWS\system32\svchost.exe] <Microsoft Corporation><5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)> [C:\WINDOWS\system32\imon.dll] <Eset ><2, 51, 26 > [C:\Program Files\Eset\pr_imon.dll] <N/A><N/A> [PID: 1244][C:\WINDOWS\Explorer.EXE] <Microsoft Corporation><6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)> [C:\Program Files\Common Files\Microsoft Shared\MSINFO\InfoMz.Ime] <N/A><N/A> [C:\WINDOWS\system32\imon.dll] <Eset ><2, 51, 26 > [C:\Program Files\Eset\pr_imon.dll] <N/A><N/A> [C:\WINDOWS\system32\Macromed\Flash\Flash8a.ocx] <Macromedia, Inc.><8,0,24,0> [C:\Program Files\WinRAR\rarext.dll] <N/A><N/A> [PID: 1292][C:\WINDOWS\system32\spoolsv.exe] <Microsoft Corporation><5.1.2600.2696 (xpsp_sp2_gdr.050610-1519)> [PID: 1400][C:\Program Files\Thunder Network\Thunder\ThunderShell.exe] <Thunder Networking Technologies,LTD><5.0.1.84> [C:\Program Files\Thunder Network\Thunder\UpdateExec.Dll] <Thunder Networking Technologies,LTD><1, 0, 0, 1> [PID: 1408][C:\Program Files\Eset\nod32kui.exe] <Eset ><2, 51, 26 > [C:\Program Files\Eset\nod32rui.dll] <N/A><N/A> [C:\Program Files\Eset\pu_amon.dll] <Eset ><2, 51, 26 > [C:\Program Files\Eset\pr_amon.dll] <Eset ><2, 51, 26 > [C:\Program Files\Eset\pu_dmon.dll] <Eset ><2, 51, 26 > [C:\Program Files\Eset\pr_dmon.dll] <N/A><N/A> [C:\Program Files\Eset\pu_emon.dll] <Eset ><2, 51, 26 > [C:\Program Files\Eset\pr_emon.dll] <N/A><N/A> [C:\Program Files\Eset\pu_imon.dll] <Eset ><2, 51, 26 > [C:\Program Files\Eset\pr_imon.dll] <N/A><N/A> [C:\Program Files\Eset\pu_mirr.dll] <Eset ><2, 51, 26 > [C:\Program Files\Eset\pr_mirr.dll] <N/A><N/A> [C:\Program Files\Eset\pu_nod32.dll] <Eset ><2, 51, 26 > [C:\Program Files\Eset\pr_nod32.dll] <Eset ><2, 51, 26 > [C:\Program Files\Eset\pu_upd.dll] <Eset ><2, 51, 26 > [C:\Program Files\Eset\pr_upd.dll] <N/A><N/A> [PID: 1452][C:\Program Files\Antiy Labs\AGuard\AGuard.exe] <Antiy Labs><2, 2, 6, 0> [C:\Program Files\Common Files\Antiy Labs\Base\AVLeachSDK.dll] <Antiy Labs><2, 0, 2, 0> [C:\Program Files\Common Files\Antiy Labs\Base\Module\APack.dll] <Antiy Labs><1, 0, 1, 1> [C:\Program Files\Common Files\Antiy Labs\Base\Module\ATrojan.dll] <Antiy Labs><1, 0, 7, 0> [C:\Program Files\Common Files\Antiy Labs\Base\Module\KillTrojan.dll] <Antiy Labs><1, 0, 0, 1> [C:\Program Files\Common Files\Antiy Labs\Base\Module\MiscFix.dll] <Antiy Labs><1, 0, 1, 0> [C:\WINDOWS\system32\imon.dll] <Eset ><2, 51, 26 > [C:\Program Files\Eset\pr_imon.dll] <N/A><N/A> [PID: 1464][C:\WINDOWS\system32\ctfmon.exe] <Microsoft Corporation><5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)> [PID: 1728][C:\Program Files\Eset\nod32krn.exe] <Eset ><2, 51, 26 > [C:\Program Files\Eset\nod32krr.dll] <Eset ><2, 51, 26 > [C:\Program Files\Eset\ps_amon.dll] <Eset ><2, 51, 26 > [C:\Program Files\Eset\pr_amon.dll] <Eset ><2, 51, 26 > [C:\Program Files\Eset\ps_dmon.dll] <Eset ><2, 51, 26 > [C:\Program Files\Eset\pr_dmon.dll] <N/A><N/A> [C:\Program Files\Eset\ps_emon.dll] <Eset ><2, 51, 26 > [C:\Program Files\Eset\pr_emon.dll] <N/A><N/A> [C:\WINDOWS\system32\imon.dll] <Eset ><2, 51, 26 > [C:\Program Files\Eset\pr_imon.dll] <N/A><N/A> [C:\Program Files\Eset\ps_mirr.dll] <Eset ><2, 51, 26 > [C:\Program Files\Eset\pr_mirr.dll] <N/A><N/A> [C:\Program Files\Eset\ps_nod32.dll] <Eset ><2, 51, 26 > [C:\Program Files\Eset\pr_nod32.dll] <Eset ><2, 51, 26 > [C:\Program Files\Eset\ps_upd.dll] <Eset ><2, 51, 26 > [C:\Program Files\Eset\pr_upd.dll] <N/A><N/A> [PID: 1776][C:\WINDOWS\system32\svchost.exe] <Microsoft Corporation><5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)> [PID: 1876][C:\WINDOWS\system32\wdfmgr.exe] <Microsoft Corporation><5.2.3790.1230 built by: dnsrv(bld4act)> [PID: 1212][C:\WINDOWS\system32\wuauclt.exe] <Microsoft Corporation><5.8.0.2469 built by: lab01_n(wmbla)> [PID: 2148][C:\WINDOWS\system32\wuauclt.exe] <Microsoft Corporation><5.8.0.2469 built by: lab01_n(wmbla)> [PID: 2228][C:\Documents and Settings\new\桌面\SREng.exe] <Smallfrogs Studio><2.0.12.350> [C:\WINDOWS\system32\imon.dll] <Eset ><2, 51, 26 > [C:\Program Files\Eset\pr_imon.dll] <N/A><N/A> ================================== 文件關聯 .TXT Error. [NOTEPAD.EXE %1] .EXE OK. ["%1" %*] .COM OK. ["%1" %*] .PIF OK. ["%1" %*] .REG OK. [regedit.exe "%1"] .BAT OK. ["%1" %*] .SCR OK. ["%1" /S] .CHM OK. ["C:\WINDOWS\hh.exe" %1] .HLP OK. [%SystemRoot%\System32\winhlp32.exe %1] .INI OK. [%SystemRoot%\System32\NOTEPAD.EXE %1] .INF OK. [%SystemRoot%\System32\NOTEPAD.EXE %1] .VBS OK. [%SystemRoot%\System32\WScript.exe "%1" %*] .JS OK. [%SystemRoot%\System32\WScript.exe "%1" %*] .LNK OK. [{00021401-0000-0000-C000-000000000046}] ================================== Winsock 提供者 NOD32 protected [MSAFD Tcpip [TCP/IP]] C:\WINDOWS\system32\imon.dll(Eset , NOD32 IMON - Internet scanning support) NOD32 protected [MSAFD Tcpip [UDP/IP]] C:\WINDOWS\system32\imon.dll(Eset , NOD32 IMON - Internet scanning support) NOD32 protected [MSAFD Tcpip [RAW/IP]] C:\WINDOWS\system32\imon.dll(Eset , NOD32 IMON - Internet scanning support) NOD32 protected [RSVP UDP Service Provider] C:\WINDOWS\system32\imon.dll(Eset , NOD32 IMON - Internet scanning support) NOD32 protected [RSVP TCP Service Provider] C:\WINDOWS\system32\imon.dll(Eset , NOD32 IMON - Internet scanning support) NOD32 C:\WINDOWS\system32\imon.dll(Eset , NOD32 IMON - Internet scanning support) ================================== A: 請用 System Repair Engineer 掃瞄一個log貼上來。 1 解壓縮Sreng2.zip 2 執行Sreng2.exe 3 智慧式掃瞄——掃瞄——儲存報告 4 把日誌sreng.log中的報告內容完整拷貝貼上來,不要修改 Q: NOD殺毒提示 文件: HTTP://www.32881.com/soft/humen1.exe 病毒: 變種的 win32/trojandownloader.Agent.pd木馬 A: 先隔離了再說吧,看來NOD還真強啊,呵呵,越來越喜歡NOD了~~ 用killbox刪除 C:\Program Files\Common Files\Microsoft Shared\MSINFO\InfoMz.Ime C:\Program Files\Common Files\Microsoft Shared\MSInfo\InfoMs.Ime(如果有的話) |
送花文章: 3,
|