南海人
   
|
分享:
▼
x0
|
我的電腦中了tmp.edb 位置c:/WINDOWS/SYSTEM32/Catroot2 聽說是中國網軍的木馬,在一般模式刪不掉它,電腦會顯示有人或其他程式正在使用中,請關閉所有可能程式後再試,,,如果在安全模式下,則找不到它的存在.... 拜託版主大大,幫幫我,謝謝, PS:卡巴斯基掃不到它  
|
|
 x0
[樓 主]
From:臺灣 | Posted:2006-12-25 22:08 |
|
|
南海人
|
分享:
▲
▼
下面是引用upside於2006-12-26 01:17發表的 :
光只有此檔案名稱 無法正確判斷 請列出 防毒程式偵測出來的病毒名稱
我查詢了一下 剛好與之前我所發的解決方案 其中一個檔名相同
可以測試解除看看
http://bbs.mychat.to/read.php?tid=590504 病毒名称: Trojan-Downloader.Win32.Delf.ain 病毒类型: 木马 文件 MD5: 8B10932BA81F41561EA62FF3E0426A17 公开范围: 完全公开 危害等级: 中 文件长度: 66,056 字节 感染系统: windows98以上版本 开发工具: Microsoft Visual C++ 6.0 加壳类型: 未知壳 命名对照: Symentec[Hacktool] Mcafee[无] 病毒描述: 该病毒属木马类,病毒运行后在%system32%\CatRoot2下新建了大量.log文件,用以记录键盘操作,从而盗取用户敏感信息,并以邮件的形式发送给病毒作者。释放修改系统时间的文件到文件夹%system32%\CatRoot2下,使病毒文件的新建时间与系统时间不一至,同时释放文件碎片恢复文件%system32%\CatRoot2\.edb.chk,此文件可以恢复被删除的病毒文件,给手工删除此病毒带来了一定的困难。此病毒对用户有一定危害。 行为分析: 1、病毒运行后在%system32%\CatRoot2下新建了大量.log文件,用以记录键盘操作: %system32%\CatRoot2\res1.log %system32%\CatRoot2\res2.log %system32%\CatRoot2\edb.log %system32%\CatRoot2\dberr.txt %system32%\CatRoot2\edbtmp.log %system32%\CatRoot2\edb0001b.log 2、病毒记录键盘操作,并以邮件的形式发送给病毒作者: 病毒作者邮箱:refdom@263.net 3、释放修改系统时间的文件到文件夹%system32%\CatRoot2下,使病毒文件的新建时间与系统时间不一至: %system32%\CatRoot2\{127D0A1D-4EF2-11D1-8608-00C04FC295EE}\catdb %system32%\CatRoot2\{127D0A1D-4EF2-11D1-8608-00C04FC295EE}\TimeStamp %system32%\CatRoot2\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\ catdb %system32%\CatRoot2\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\ TimeStamp %system32%\CatRoot2\tmp.edb 4、释放文件碎片恢复文件,用来恢复被删除的病毒文件,从而给手工删除此病毒带来了一定的困难: %system32%\CatRoot2\.edb.chk 注:% System%是一个可变路径。病毒通过查询操作系统来决定当前System文件夹的位置。Windows2000/NT中默认的安装路径是C:\Winnt\System32,windows95/98/me中默认的安装路径是C:\Windows\System,windowsXP中默认的安装路径是C:\Windows\System32。 以上是我在用google找到的大陸網站內文,跟我的電腦目前的情形完全一樣,請版主大大幫我,看有什麼辦法清掉它.謝謝您!
|
|
|
x0
[2 樓]
From:臺灣 | Posted:2006-12-28 23:23 |
|
|
南海人
|
分享:
▲
▼
下面是引用upside於2006-12-29 19:21發表的 :
雖然目前可以立即刪除該木馬建立的檔案
但是並不能解決問題
請立即以下連結分析出系統資料 讓小弟來分析
以便製出批次查殺工具
http://bbs.mychat.to/read.php?tid=592517 複製程式
2006-12-29,22:19:03
System Repair Engineer 2.3.13.690
Smallfrogs ([url]http://www.KZTechs.com[/url])
Windows XP Professional Service Pack 2 (Build 2600)
- Administrative User - Completed Functions Allowed
Follow item(s) have been choosed:
All Boot Items (Including Registry, Startup Folders, Services and so on)
Browser Add-ons
Runing Processes (Including process model information)
File Associations
Winsock Provider
Autorun.Inf
HOSTS File
Boot Items
Registry
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
<ctfmon.exe><C:\WINDOWS\system32\ctfmon.exe> [(Verified)Microsoft Corporation]
<MsnMsgr><"C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background> [N/A]
<MSCalsClocks><C:\Program Files\Microsoft Chinese Date & Time\ICalClk.exe> [Microsoft Corporation]
[HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows]
<load><> [N/A]
<run><> [N/A]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
<AVP><"C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 6.0\avp.exe"> [Kaspersky Lab]
<Device Detector><DevDetect.exe -autorun> [N/A]
<SunServer><C:\Program Files\Sunbelt Software\CounterSpy\Consumer\sunserver.exe> [Sunbelt Software]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
<shell><Explorer.exe> [(Verified)Microsoft Corporation]
<Userinit><C:\WINDOWS\system32\userinit.exe,> [(Verified)Microsoft Corporation]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Windows]
<AppInit_DLLs><"C:\PROGRA~1\KASPER~1\KASPER~1.0\adialhk.dll"> [Kaspersky Lab]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
<UIHost><logonui.exe> [(Verified)Microsoft Corporation]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
<WPDShServiceObj><C:\WINDOWS\system32\WPDShServiceObj.dll> [(Verified)Microsoft Corporation]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\klogon]
<WinlogonNotify: klogon><C:\WINDOWS\system32\klogon.dll> [Kaspersky Lab]
==================================
Startup Folders
N/A
==================================
Services
[ASP.NET State Service / aspnet_state][Stopped/Manual Start]
<C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\aspnet_state.exe><Microsoft Corporation>
[Ati HotKey Poller / Ati HotKey Poller][Running/Auto Start]
<C:\WINDOWS\system32\Ati2evxx.exe><ATI Technologies Inc.>
[ATI Smart / ATI Smart][Stopped/Auto Start]
<C:\WINDOWS\system32\ati2sgag.exe><>
[Kaspersky Internet Security 6.0 / AVP][Running/Auto Start]
<"C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 6.0\avp.exe" -r><Kaspersky Lab>
[Human Interface Device Access / HidServ][Stopped/Disabled]
<C:\WINDOWS\System32\svchost.exe -k netsvcs-->%SystemRoot%\System32\hidserv.dll><N/A>
[PDEngine / PDEngine][Stopped/Manual Start]
<C:\Program Files\Raxco\PerfectDisk\PDEngine.exe><Raxco Software, Inc.>
[PDScheduler / PDSched][Running/Auto Start]
<C:\Program Files\Raxco\PerfectDisk\PDSched.exe><Raxco Software, Inc.>
[Windows Driver Foundation - User-mode Driver Framework / WudfSvc][Stopped/Manual Start]
<C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup-->%SystemRoot%\System32\WUDFSvc.dll><Microsoft Corporation>
==================================
Drivers
[ati2mtag / ati2mtag][Running/Manual Start]
<system32\DRIVERS\ati2mtag.sys><ATI Technologies Inc.>
[dump_wmimmc / dump_wmimmc][Running/Manual Start]
<\??\C:\WINDOWS\system32\drivers\dump_wmimmc.sys><N/A>
[VIA PCI 10/100Mb Fast Ethernet Adapter NT Driver / FETNDIS][Running/Manual Start]
<System32\DRIVERS\fetnd5.sys><VIA Technologies, Inc.>
[kl1 / kl1][Running/Boot Start]
<\SystemRoot\system32\drivers\kl1.sys><Kaspersky Lab>
[klif / klif][Running/System Start]
<\??\C:\WINDOWS\system32\drivers\klif.sys><Kaspersky Lab>
[npkcrypt / npkcrypt][Running/Auto Start]
<\??\C:\Program Files\Gamania\MapleStory\npkcrypt.sys><INCA Internet Co., Ltd.>
[直接平行連接埠連結驅動程式 / Ptilink][Running/Manual Start]
<System32\DRIVERS\ptilink.sys><Parallel Technologies, Inc.>
[Realtek RTL8139(A/B/C)-based PCI Fast Ethernet Adapter NT Driver / rtl8139][Stopped/Manual Start]
<System32\DRIVERS\RTL8139.SYS><Realtek Semiconductor Corporation>
[Secdrv / Secdrv][Stopped/Manual Start]
<System32\DRIVERS\secdrv.sys><N/A>
[ViaIde / ViaIde][Running/Boot Start]
<\SystemRoot\system32\DRIVERS\viaide.sys><Microsoft Corporation>
[Windows Driver Foundation - User-mode Driver Framework Platform Driver / WudfPf][Stopped/Manual Start]
<system32\DRIVERS\WudfPf.sys><Microsoft Corporation>
[Windows Driver Foundation - User-mode Driver Framework Reflector / WudfRd][Stopped/Manual Start]
<system32\DRIVERS\wudfrd.sys><Microsoft Corporation>
[Padus ASPI Shell / pfc][Stopped/Manual Start]
<system32\drivers\pfc.sys><Padus, Inc.>
[NPPTNT2 / NPPTNT2][Running/Manual Start]
<\??\C:\WINDOWS\system32\npptNT2.sys><INCA Internet Co., Ltd.>
==================================
Browser Add-ons
[AcroIEHlprObj Class]
{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} <C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll, Adobe Systems Incorporated>
[NTIECatcher Class]
{C56CB6B0-0D96-11D6-8C65-B2868B609932} <C:\Program Files\Xi\NetTransport 2\NTIEHelper.dll, Xi>
[網頁]
{1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} <C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 6.0\scieplugin.dll, Kaspersky Lab>
[Shockwave Flash Object]
{D27CDB6E-AE6D-11CF-96B8-444553540000} <C:\WINDOWS\system32\Macromed\Flash\Flash9b.ocx, Adobe Systems, Inc.>
[AcroIEHlprObj Class]
{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} <C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll, Adobe Systems Incorporated>
[NTIECatcher Class]
{C56CB6B0-0D96-11D6-8C65-B2868B609932} <C:\Program Files\Xi\NetTransport 2\NTIEHelper.dll, Xi>
[Shockwave Flash Object]
{D27CDB6E-AE6D-11CF-96B8-444553540000} <C:\WINDOWS\system32\Macromed\Flash\Flash9b.ocx, Adobe Systems, Inc.>
[使用影音傳送帶下載]
<C:\Program Files\Xi\NetTransport 2\NTAddLink.html, N/A>
[使用影音傳送帶下載全部連結]
<C:\Program Files\Xi\NetTransport 2\NTAddList.html, N/A>
==================================
Running Processes
[PID: 596][\SystemRoot\System32\smss.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 664][\??\C:\WINDOWS\system32\csrss.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[C:\Program Files\Gamania\MapleStory\GameGuard\npggNT.des] [INCA Internet Co., Ltd., 2006, 10, 11, 1]
[PID: 692][\??\C:\WINDOWS\system32\winlogon.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[C:\WINDOWS\system32\Ati2evxx.dll] [ATI Technologies Inc., 6.14.10.4129]
[C:\WINDOWS\system32\klogon.dll] [Kaspersky Lab, 6.0.1.360]
[C:\Program Files\Gamania\MapleStory\GameGuard\npggNT.des] [INCA Internet Co., Ltd., 2006, 10, 11, 1]
[PID: 736][C:\WINDOWS\system32\services.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[C:\Program Files\Gamania\MapleStory\GameGuard\npggNT.des] [INCA Internet Co., Ltd., 2006, 10, 11, 1]
[PID: 748][C:\WINDOWS\system32\lsass.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[C:\Program Files\Gamania\MapleStory\GameGuard\npggNT.des] [INCA Internet Co., Ltd., 2006, 10, 11, 1]
[PID: 912][C:\WINDOWS\system32\Ati2evxx.exe] [ATI Technologies Inc., 6.14.10.4129]
[C:\WINDOWS\system32\Ati2edxx.dll] [ATI Technologies, Inc., 6, 14, 10, 2500]
[C:\Program Files\Gamania\MapleStory\GameGuard\npggNT.des] [INCA Internet Co., Ltd., 2006, 10, 11, 1]
[PID: 924][C:\WINDOWS\system32\svchost.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[C:\Program Files\Gamania\MapleStory\GameGuard\npggNT.des] [INCA Internet Co., Ltd., 2006, 10, 11, 1]
[PID: 1020][C:\WINDOWS\system32\svchost.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[C:\Program Files\Gamania\MapleStory\GameGuard\npggNT.des] [INCA Internet Co., Ltd., 2006, 10, 11, 1]
[PID: 1128][C:\WINDOWS\System32\svchost.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 6.0\adialhk.dll] [Kaspersky Lab, 6.0.1.360]
[C:\Program Files\Gamania\MapleStory\GameGuard\npggNT.des] [INCA Internet Co., Ltd., 2006, 10, 11, 1]
[PID: 1176][C:\WINDOWS\system32\svchost.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[C:\Program Files\Gamania\MapleStory\GameGuard\npggNT.des] [INCA Internet Co., Ltd., 2006, 10, 11, 1]
[PID: 1280][C:\WINDOWS\system32\svchost.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[C:\Program Files\Gamania\MapleStory\GameGuard\npggNT.des] [INCA Internet Co., Ltd., 2006, 10, 11, 1]
[PID: 1528][C:\WINDOWS\system32\spoolsv.exe] [Microsoft Corporation, 5.1.2600.2696 (xpsp_sp2_gdr.050610-1519)]
[C:\Program Files\Gamania\MapleStory\GameGuard\npggNT.des] [INCA Internet Co., Ltd., 2006, 10, 11, 1]
[PID: 1668][C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 6.0\avp.exe] [Kaspersky Lab, 6.0.1.360]
[C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 6.0\prremote.dll] [Kaspersky Lab, 6.0.1.360]
[C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 6.0\FSSync.dll] [Kaspersky Lab, 6.0.5.0]
[C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 6.0\AVPGS.PPL] [Kaspersky Lab, 6.0.1.360]
[C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 6.0\prloader.dll] [Kaspersky Lab, 6.0.1.360]
[C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 6.0\prkernel.ppl] [Kaspersky Lab, 6.0.1.360]
[c:\program files\kaspersky lab\kaspersky internet security 6.0\pxstub.ppl] [Kaspersky Lab, 6.0.1.360]
[c:\program files\kaspersky lab\kaspersky internet security 6.0\params.ppl] [Kaspersky Lab, 6.0.1.360]
[c:\program files\kaspersky lab\kaspersky internet security 6.0\winreg.ppl] [Kaspersky Lab, 6.0.1.360]
[c:\program files\kaspersky lab\kaspersky internet security 6.0\tm.ppl] [Kaspersky Lab, 6.0.1.360]
[c:\program files\kaspersky lab\kaspersky internet security 6.0\nfio.ppl] [Kaspersky Lab, 6.0.1.360]
[c:\program files\kaspersky lab\kaspersky internet security 6.0\fsdrvplgn.ppl] [Kaspersky Lab, 6.0.1.360]
[c:\program files\kaspersky lab\kaspersky internet security 6.0\bl.ppl] [Kaspersky Lab, 6.0.1.360]
[c:\program files\kaspersky lab\kaspersky internet security 6.0\wmihlpr.ppl] [Kaspersky Lab, 6.0.1.360]
[c:\program files\kaspersky lab\kaspersky internet security 6.0\ndetect.ppl] [Kaspersky Lab, 6.0.1.360]
[c:\program files\kaspersky lab\kaspersky internet security 6.0\crpthlpr.ppl] [Kaspersky Lab, 6.0.1.360]
[c:\program files\kaspersky lab\kaspersky internet security 6.0\schedule.ppl] [Kaspersky Lab, 6.0.1.360]
[c:\program files\kaspersky lab\kaspersky internet security 6.0\timer.ppl] [Kaspersky Lab, 6.0.1.360]
[c:\program files\kaspersky lab\kaspersky internet security 6.0\thpimpl.ppl] [Kaspersky Lab, 6.0.1.360]
[c:\program files\kaspersky lab\kaspersky internet security 6.0\lic60.ppl] [Kaspersky Lab, 6.0.1.360]
[c:\program files\kaspersky lab\kaspersky internet security 6.0\report.ppl] [Kaspersky Lab, 6.0.1.360]
[c:\program files\kaspersky lab\kaspersky internet security 6.0\hashmd5.ppl] [Kaspersky Lab, 6.0.1.360]
[c:\program files\kaspersky lab\kaspersky internet security 6.0\avs.ppl] [Kaspersky Lab, 6.0.1.360]
[c:\program files\kaspersky lab\kaspersky internet security 6.0\avpmgr.ppl] [Kaspersky Lab, 6.0.1.360]
[c:\program files\kaspersky lab\kaspersky internet security 6.0\wdiskio.ppl] [Kaspersky Lab, 6.0.1.360]
[c:\program files\kaspersky lab\kaspersky internet security 6.0\avlib.ppl] [Kaspersky Lab, 6.0.1.360]
[c:\program files\kaspersky lab\kaspersky internet security 6.0\avspm.ppl] [Kaspersky Lab, 6.0.1.360]
[c:\program files\kaspersky lab\kaspersky internet security 6.0\avp3info.ppl] [Kaspersky Lab, 6.0.1.360]
[c:\program files\kaspersky lab\kaspersky internet security 6.0\antispam.ppl] [Kaspersky Lab, 6.0.1.360]
[c:\program files\kaspersky lab\kaspersky internet security 6.0\adialtsk.ppl] [Kaspersky Lab, 6.0.1.360]
[c:\program files\kaspersky lab\kaspersky internet security 6.0\oas.ppl] [Kaspersky Lab, 6.0.1.360]
[c:\program files\kaspersky lab\kaspersky internet security 6.0\ahids.ppl] [Kaspersky Lab, 6.0.1.360]
[C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 6.0\CKAHUM.dll] [Kaspersky Lab, 6.0.1.1]
[C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 6.0\CKAHComm.dll] [Kaspersky Lab, 6.0.1.1]
[C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 6.0\ckahrule.dll] [Kaspersky Lab, 6.0.1.1]
[c:\program files\kaspersky lab\kaspersky internet security 6.0\aphish.ppl] [Kaspersky Lab, 6.0.1.360]
[c:\program files\kaspersky lab\kaspersky internet security 6.0\mc.ppl] [Kaspersky Lab, 6.0.1.360]
[c:\program files\kaspersky lab\kaspersky internet security 6.0\procmon.ppl] [Kaspersky Lab, 6.0.1.360]
[c:\program files\kaspersky lab\kaspersky internet security 6.0\sc.ppl] [Kaspersky Lab, 6.0.1.360]
[c:\program files\kaspersky lab\kaspersky internet security 6.0\httpscan.ppl] [Kaspersky Lab, 6.0.1.360]
[C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 6.0\klaveng.dll] [N/A, N/A]
[c:\program files\kaspersky lab\kaspersky internet security 6.0\aphisht.ppl] [Kaspersky Lab, 6.0.1.360]
[c:\program files\kaspersky lab\kaspersky internet security 6.0\popupchk.ppl] [Kaspersky Lab, 6.0.1.360]
[c:\program files\kaspersky lab\kaspersky internet security 6.0\og.ppl] [Kaspersky Lab, 6.0.1.360]
[c:\program files\kaspersky lab\kaspersky internet security 6.0\pdm.ppl] [Kaspersky Lab, 6.0.1.360]
[c:\program files\kaspersky lab\kaspersky internet security 6.0\httpanlz.ppl] [Kaspersky Lab, 6.0.1.360]
[c:\program files\kaspersky lab\kaspersky internet security 6.0\dtreg.ppl] [Kaspersky Lab, 6.0.1.360]
[c:\program files\kaspersky lab\kaspersky internet security 6.0\sfdb.ppl] [Kaspersky Lab, 6.0.1.360]
[c:\program files\kaspersky lab\kaspersky internet security 6.0\trafficmonitor2.ppl] [Kaspersky Lab, 6.0.1.360]
[C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 6.0\SSLEAY32.dll] [The OpenSSL Project, [url]http://www.openssl.org/[/url], 0.9.8b]
[C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 6.0\LIBEAY32.dll] [The OpenSSL Project, [url]http://www.openssl.org/[/url], 0.9.8b]
[c:\program files\kaspersky lab\kaspersky internet security 6.0\prutil.ppl] [Kaspersky Lab, 6.0.1.360]
[c:\program files\kaspersky lab\kaspersky internet security 6.0\spamtst.ppl] [Kaspersky Lab, 6.0.1.360]
[c:\program files\kaspersky lab\kaspersky internet security 6.0\avp1.ppl] [Kaspersky Lab, 6.0.1.360]
[c:\program files\kaspersky lab\kaspersky internet security 6.0\l_llio.ppl] [Kaspersky Lab, 6.0.1.360]
[c:\program files\kaspersky lab\kaspersky internet security 6.0\smtpprotocoller.ppl] [Kaspersky Lab, 6.0.1.360]
[c:\program files\kaspersky lab\kaspersky internet security 6.0\pop3protocoller.ppl] [Kaspersky Lab, 6.0.1.360]
[c:\program files\kaspersky lab\kaspersky internet security 6.0\maildisp.ppl] [Kaspersky Lab, 6.0.1.360]
[c:\program files\kaspersky lab\kaspersky internet security 6.0\imapprotocoller.ppl] [Kaspersky Lab, 6.0.1.360]
[c:\program files\kaspersky lab\kaspersky internet security 6.0\nntpprotocoller.ppl] [Kaspersky Lab, 6.0.1.360]
[c:\program files\kaspersky lab\kaspersky internet security 6.0\ahfw.ppl] [Kaspersky Lab, 6.0.1.360]
[c:\program files\kaspersky lab\kaspersky internet security 6.0\resip.ppl] [Kaspersky Lab, 6.0.1.360]
[c:\program files\kaspersky lab\kaspersky internet security 6.0\ichk2.ppl] [Kaspersky Lab, 6.0.1.360]
[c:\program files\kaspersky lab\kaspersky internet security 6.0\icheckersa.ppl] [Kaspersky Lab, 6.0.1.360]
[c:\program files\kaspersky lab\kaspersky internet security 6.0\hashcont.ppl] [Kaspersky Lab, 6.0.1.360]
[c:\program files\kaspersky lab\kaspersky internet security 6.0\hccmp.ppl] [Kaspersky Lab, 6.0.1.360]
[c:\program files\kaspersky lab\kaspersky internet security 6.0\iwgen.ppl] [Kaspersky Lab, 6.0.1.360]
[c:\program files\kaspersky lab\kaspersky internet security 6.0\tempfile.ppl] [Kaspersky Lab, 6.0.1.360]
[c:\program files\kaspersky lab\kaspersky internet security 6.0\uniarc.ppl] [Kaspersky Lab, 6.0.0.16]
[c:\program files\kaspersky lab\kaspersky internet security 6.0\minizip.ppl] [Kaspersky Lab, 6.0.0.16]
[c:\program files\kaspersky lab\kaspersky internet security 6.0\cab.ppl] [Kaspersky Lab, 6.0.0.16]
[c:\program files\kaspersky lab\kaspersky internet security 6.0\arj.ppl] [Kaspersky Lab, 6.0.0.16]
[c:\program files\kaspersky lab\kaspersky internet security 6.0\rar.ppl] [Kaspersky Lab, 6.0.1.360]
[c:\program files\kaspersky lab\kaspersky internet security 6.0\lha.ppl] [Kaspersky Lab, 6.0.1.360]
[c:\program files\kaspersky lab\kaspersky internet security 6.0\mdb.ppl] [Kaspersky Lab, 6.0.1.360]
[c:\program files\kaspersky lab\kaspersky internet security 6.0\msoe.ppl] [Kaspersky Lab, 6.0.1.360]
[c:\program files\kaspersky lab\kaspersky internet security 6.0\ods.ppl] [Kaspersky Lab, 6.0.1.360]
[c:\program files\kaspersky lab\kaspersky internet security 6.0\buffer.ppl] [Kaspersky Lab, 6.0.1.360]
[c:\program files\kaspersky lab\kaspersky internet security 6.0\memscan.ppl] [Kaspersky Lab, 6.0.1.360]
[c:\program files\kaspersky lab\kaspersky internet security 6.0\memmodsc.ppl] [Kaspersky Lab, 6.0.1.360]
[c:\program files\kaspersky lab\kaspersky internet security 6.0\ntfsstrm.ppl] [Kaspersky Lab, 6.0.1.360]
[c:\program files\kaspersky lab\kaspersky internet security 6.0\btdisk.ppl] [Kaspersky Lab, 6.0.1.360]
[c:\program files\kaspersky lab\kaspersky internet security 6.0\startupenum2.ppl] [Kaspersky Lab, 6.0.1.360]
[c:\program files\kaspersky lab\kaspersky internet security 6.0\inifile.ppl] [Kaspersky Lab, 6.0.1.360]
[c:\program files\kaspersky lab\kaspersky internet security 6.0\btimages.ppl] [Kaspersky Lab, 6.0.1.360]
[c:\program files\kaspersky lab\kaspersky internet security 6.0\qb.ppl] [Kaspersky Lab, 6.0.1.360]
[c:\program files\kaspersky lab\kaspersky internet security 6.0\updater2005.ppl] [Kaspersky Lab, 6.0.1.360]
[c:\program files\kaspersky lab\kaspersky internet security 6.0\productinfo.ppl] [Kaspersky Lab, 6.0.1.360]
[c:\program files\kaspersky lab\kaspersky internet security 6.0\updater.ppl] [Kaspersky Lab, 6.0.1.360]
[c:\program files\kaspersky lab\kaspersky internet security 6.0\diff.ppl] [Kaspersky Lab, 6.0.1.360]
[c:\program files\kaspersky lab\kaspersky internet security 6.0\base64p.ppl] [Kaspersky Lab, 6.0.1.360]
[c:\program files\kaspersky lab\kaspersky internet security 6.0\updateinfo.ppl] [Kaspersky Lab, 6.0.1.360]
[c:\program files\kaspersky lab\kaspersky internet security 6.0\updateobjectinfo.ppl] [Kaspersky Lab, 6.0.1.360]
[c:\program files\kaspersky lab\kaspersky internet security 6.0\netsession.ppl] [Kaspersky Lab, 6.0.1.360]
[c:\program files\kaspersky lab\kaspersky internet security 6.0\socket.ppl] [Kaspersky Lab, 6.0.1.360]
[c:\program files\kaspersky lab\kaspersky internet security 6.0\ftpsession.ppl] [Kaspersky Lab, 6.0.1.360]
[c:\program files\kaspersky lab\kaspersky internet security 6.0\base64.ppl] [Kaspersky Lab, 6.0.1.360]
[c:\program files\kaspersky lab\kaspersky internet security 6.0\updatecategory.ppl] [Kaspersky Lab, 6.0.1.360]
[c:\program files\kaspersky lab\kaspersky internet security 6.0\httpsession.ppl] [Kaspersky Lab, 6.0.1.360]
[c:\program files\kaspersky lab\kaspersky internet security 6.0\ntlm.ppl] [Kaspersky Lab, 6.0.1.360]
[c:\program files\kaspersky lab\kaspersky internet security 6.0\updateinstaller.ppl] [Kaspersky Lab, 6.0.1.360]
[c:\program files\kaspersky lab\kaspersky internet security 6.0\baseinstaller.ppl] [Kaspersky Lab, 6.0.1.360]
[c:\program files\kaspersky lab\kaspersky internet security 6.0\execinstaller.ppl] [Kaspersky Lab, 6.0.1.360]
[c:\program files\kaspersky lab\kaspersky internet security 6.0\prseqio.ppl] [Kaspersky Lab, 6.0.1.360]
[c:\program files\kaspersky lab\kaspersky internet security 6.0\inflate.ppl] [Kaspersky Lab, 6.0.0.16]
[c:\program files\kaspersky lab\kaspersky internet security 6.0\unlzx.ppl] [Kaspersky Lab, 6.0.0.16]
[c:\program files\kaspersky lab\kaspersky internet security 6.0\mdmap.ppl] [Kaspersky Lab, 6.0.0.16]
[c:\program files\kaspersky lab\kaspersky internet security 6.0\unstored.ppl] [Kaspersky Lab, 6.0.0.16]
[C:\Program Files\Gamania\MapleStory\GameGuard\npggNT.des] [INCA Internet Co., Ltd., 2006, 10, 11, 1]
[PID: 1820][C:\Program Files\Raxco\PerfectDisk\PDSched.exe] [Raxco Software, Inc., 6, 0, 0, 31]
[C:\Program Files\Raxco\PerfectDisk\PDCommon.dll] [Raxco Software, Inc., 6, 0, 0, 31]
[C:\Program Files\Raxco\PerfectDisk\PDLangEN.dll] [Raxco Software, Inc., 6, 0, 0, 31]
[C:\Program Files\Raxco\PerfectDisk\PDSchedPS.dll] [Raxco Software, Inc., 6, 0, 0, 31]
[C:\Program Files\Raxco\PerfectDisk\PDEnginePS.dll] [Raxco Software, Inc., 6, 0, 0, 31]
[C:\Program Files\Common Files\Raxco\AutoUpdps.dll] [Raxco Software, Inc., 6, 0, 0, 3]
[C:\Program Files\Gamania\MapleStory\GameGuard\npggNT.des] [INCA Internet Co., Ltd., 2006, 10, 11, 1]
[PID: 668][C:\WINDOWS\system32\Ati2evxx.exe] [ATI Technologies Inc., 6.14.10.4129]
[C:\WINDOWS\system32\Ati2edxx.dll] [ATI Technologies, Inc., 6, 14, 10, 2500]
[C:\Program Files\Gamania\MapleStory\GameGuard\npggNT.des] [INCA Internet Co., Ltd., 2006, 10, 11, 1]
[PID: 1116][C:\WINDOWS\Explorer.EXE] [Microsoft Corporation, 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)]
[C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll] [Adobe Systems Incorporated, 6.0.1.2003110300]
[C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 6.0\adialhk.dll] [Kaspersky Lab, 6.0.1.360]
[C:\Program Files\WinRAR\rarext.dll] [N/A, N/A]
[C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 6.0\ShellEx.dll] [Kaspersky Lab, 6.0.1.360]
[C:\Program Files\ATI Technologies\ATI.ACE\atiacmxx.dll] [, 1, 0, 0, 1]
[C:\Program Files\Sunbelt Software\CounterSpy\Consumer\SunExecuteHook.dll] [Sunbelt Software, 1.02.0097]
[C:\WINDOWS\system32\VB6CHT.DLL] [Microsoft Corporation, 6.00.8988]
[C:\Program Files\Gamania\MapleStory\GameGuard\npggNT.des] [INCA Internet Co., Ltd., 2006, 10, 11, 1]
[C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 6.0\prremote.dll] [Kaspersky Lab, 6.0.1.360]
[C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 6.0\prloader.dll] [Kaspersky Lab, 6.0.1.360]
[PID: 1316][C:\WINDOWS\System32\alg.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[C:\Program Files\Gamania\MapleStory\GameGuard\npggNT.des] [INCA Internet Co., Ltd., 2006, 10, 11, 1]
[PID: 1912][C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 6.0\avp.exe] [Kaspersky Lab, 6.0.1.360]
[C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 6.0\prremote.dll] [Kaspersky Lab, 6.0.1.360]
[C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 6.0\FSSync.dll] [Kaspersky Lab, 6.0.5.0]
[C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 6.0\AVPGS.PPL] [Kaspersky Lab, 6.0.1.360]
[C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 6.0\prloader.dll] [Kaspersky Lab, 6.0.1.360]
[C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 6.0\prkernel.ppl] [Kaspersky Lab, 6.0.1.360]
[c:\program files\kaspersky lab\kaspersky internet security 6.0\pxstub.ppl] [Kaspersky Lab, 6.0.1.360]
[c:\program files\kaspersky lab\kaspersky internet security 6.0\params.ppl] [Kaspersky Lab, 6.0.1.360]
[c:\program files\kaspersky lab\kaspersky internet security 6.0\winreg.ppl] [Kaspersky Lab, 6.0.1.360]
[c:\program files\kaspersky lab\kaspersky internet security 6.0\avpgui.ppl] [Kaspersky Lab, 6.0.1.360]
[c:\program files\kaspersky lab\kaspersky internet security 6.0\nfio.ppl] [Kaspersky Lab, 6.0.1.360]
[c:\program files\kaspersky lab\kaspersky internet security 6.0\fsdrvplgn.ppl] [Kaspersky Lab, 6.0.1.360]
[c:\program files\kaspersky lab\kaspersky internet security 6.0\basegui.ppl] [Kaspersky Lab, 6.0.1.360]
[c:\program files\kaspersky lab\kaspersky internet security 6.0\thpimpl.ppl] [Kaspersky Lab, 6.0.1.360]
[c:\program files\kaspersky lab\kaspersky internet security 6.0\qb.ppl] [Kaspersky Lab, 6.0.1.360]
[C:\Program Files\Gamania\MapleStory\GameGuard\npggNT.des] [INCA Internet Co., Ltd., 2006, 10, 11, 1]
[c:\program files\kaspersky lab\kaspersky internet security 6.0\report.ppl] [Kaspersky Lab, 6.0.1.360]
[PID: 392][C:\WINDOWS\system32\ctfmon.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[C:\Program Files\Gamania\MapleStory\GameGuard\npggNT.des] [INCA Internet Co., Ltd., 2006, 10, 11, 1]
[PID: 452][C:\Program Files\Microsoft Chinese Date & Time\ICalClk.exe] [Microsoft Corporation, 1.0.0129.0]
[C:\Program Files\Gamania\MapleStory\GameGuard\npggNT.des] [INCA Internet Co., Ltd., 2006, 10, 11, 1]
[PID: 2144][C:\Program Files\Common Files\ACD Systems\EN\DevDetect.exe] [ACD Systems, Ltd., 3,1,40,0]
[C:\Program Files\Common Files\ACD Systems\MFC71.DLL] [Microsoft Corporation, 7.10.3077.0]
[C:\Program Files\Common Files\ACD Systems\MSVCR71.dll] [Microsoft Corporation, 7.10.3052.4]
[C:\Program Files\Common Files\ACD Systems\MSVCP71.dll] [Microsoft Corporation, 7.10.3077.0]
[C:\Program Files\Gamania\MapleStory\GameGuard\npggNT.des] [INCA Internet Co., Ltd., 2006, 10, 11, 1]
[PID: 540][C:\WINDOWS\system32\svchost.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[C:\Program Files\Gamania\MapleStory\GameGuard\npggNT.des] [INCA Internet Co., Ltd., 2006, 10, 11, 1]
[PID: 1452][C:\Program Files\Internet Explorer\iexplore.exe] [Microsoft Corporation, 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)]
[C:\Program Files\Gamania\MapleStory\GameGuard\npggNT.des] [INCA Internet Co., Ltd., 2006, 10, 11, 1]
[C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll] [Adobe Systems Incorporated, 6.0.1.2003110300]
[C:\Program Files\Xi\NetTransport 2\NTIEHelper.dll] [Xi, 1.60.11]
[C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 6.0\scrchpg.dll] [Kaspersky Lab, 1.0.6.360]
[C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 6.0\klscav.dll] [Kaspersky Lab, 6.0.1.360]
[C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 6.0\prremote.dll] [Kaspersky Lab, 6.0.1.360]
[C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 6.0\prloader.dll] [Kaspersky Lab, 6.0.1.360]
[C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 6.0\prkernel.ppl] [Kaspersky Lab, 6.0.1.360]
[c:\program files\kaspersky lab\kaspersky internet security 6.0\params.ppl] [Kaspersky Lab, 6.0.1.360]
[c:\program files\kaspersky lab\kaspersky internet security 6.0\pxstub.ppl] [Kaspersky Lab, 6.0.1.360]
[c:\program files\kaspersky lab\kaspersky internet security 6.0\tempfile.ppl] [Kaspersky Lab, 6.0.1.360]
[C:\WINDOWS\system32\Macromed\Flash\Flash9b.ocx] [Adobe Systems, Inc., 9,0,28,0]
[c:\program files\kaspersky lab\kaspersky internet security 6.0\nfio.ppl] [Kaspersky Lab, 6.0.1.360]
[c:\program files\kaspersky lab\kaspersky internet security 6.0\fsdrvplgn.ppl] [Kaspersky Lab, 6.0.1.360]
[c:\program files\kaspersky lab\kaspersky internet security 6.0\basegui.ppl] [Kaspersky Lab, 6.0.1.360]
[c:\program files\kaspersky lab\kaspersky internet security 6.0\winreg.ppl] [Kaspersky Lab, 6.0.1.360]
[PID: 2892][C:\Program Files\Xi\NetTransport 2\NetTransport.exe] [Xi, 1.87.258]
[C:\Program Files\Gamania\MapleStory\GameGuard\npggNT.des] [INCA Internet Co., Ltd., 2006, 10, 11, 1]
[C:\Program Files\Xi\NetTransport 2\libssl.dll] [Xi, 0.97c.14]
[C:\Program Files\Xi\NetTransport 2\libssh.dll] [Xi, 3.1.006]
[PID: 2240][C:\Documents and Settings\Administrator\桌面\SREng.EXE] [Smallfrogs Studio, 2.3.13.690]
[C:\Program Files\Gamania\MapleStory\GameGuard\npggNT.des] [INCA Internet Co., Ltd., 2006, 10, 11, 1]
==================================
File Associations
.TXT OK. [%SystemRoot%\system32\NOTEPAD.EXE %1]
.EXE OK. ["%1" %*]
.COM OK. ["%1" %*]
.PIF OK. ["%1" %*]
.REG OK. [regedit.exe "%1"]
.BAT OK. ["%1" %*]
.SCR OK. ["%1" /S]
.CHM OK. ["C:\WINDOWS\hh.exe" %1]
.HLP OK. [%SystemRoot%\System32\winhlp32.exe %1]
.INI OK. [%SystemRoot%\System32\NOTEPAD.EXE %1]
.INF OK. [%SystemRoot%\System32\NOTEPAD.EXE %1]
.VBS OK. [%SystemRoot%\System32\WScript.exe "%1" %*]
.JS OK. [%SystemRoot%\System32\WScript.exe "%1" %*]
.LNK OK. [{00021401-0000-0000-C000-000000000046}]
==================================
Winsock Provider
N/A
==================================
Autorun.Inf
N/A
==================================
HOSTS File
127.0.0.1 localhost
==================================
API HOOK
Warning! System Repair Engineer
remind you that following
functions have modified to
abnormal values by unknown
reasons:
Entry Error: NtLoadDriver
Entry Error: NtOpenProcess
Entry Error: NtQuerySystemInformation
Entry Error: NtTerminateProcess
Entry Error: NtTerminateThread
Entry Error: ZwOpenProcess
Entry Error: ZwTerminateProcess
Entry Error: ZwTerminateThread
Entry Error: LoadLibraryExW
Entry Error: MoveFileW
Entry Error: DeviceIoControl
Entry Error: ReadProcessMemory
Entry Error: WriteProcessMemory
==================================
以上LOG請大大幫忙,感恩 
|
|
|
x0
[6 樓]
From:臺灣 | Posted:2006-12-29 22:30 |
|
|
南海人
|
分享:
▲
▼
下面是引用upside於2006-12-30 10:15發表的 :
看了一整晚 從報表中來看 並無異常
是否已被防毒程式刪除
嗯 感覺是誤判
請到安全模式下 將 C:\WINDOWS\SYSTEM32\CatRoot2
這個資料夾 檔名 改成 CatRoot2TMP 再重新開機測試 我遵照大大的指示去做了一次(重新開機後,電腦又新建了CatRoot2),另外也做了一次變更CatRoot2資料夾中另二個資料夾的名字,不過都沒效,它一樣會再出現.我勒,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,, 
|
|
|
x0
[8 樓]
From:臺灣 | Posted:2006-12-30 12:58 |
|
|
|
