引用 | 編輯
andyzung
2007-02-23 17:56 |
樓主
▼ |
||
x0
每次使用Active Virus Shield掃毒的時候都會跳出一個視窗掃到病毒Trojan program: Trojan-Proxy.Win32.Horst.xc file: c:\xxx\xxxx\setup.exe(這個setup.exe位置出現不一定會亂跑) 殺掉後還是一直出現,每次位置都不一樣,也無法徹底把他清除掉 希望大家幫幫忙 ps:有試用過板上的獵殺特洛伊,AVG也無法清除 x0
|
引用 | 編輯
andyzung
2007-02-23 19:29 |
2樓
▲ ▼ |
剛試過NOD32沒掃到毒
複製程式 2007-02-23,19:26:56 System Repair Engineer 2.3.13.690 Smallfrogs ([url]http://www.KZTechs.com[/url]) Windows XP Professional Service Pack 2 (Build 2600) - Administrative User - Completed Functions Allowed Follow item(s) have been choosed: All Boot Items (Including Registry, Startup Folders, Services and so on) Browser Add-ons Runing Processes (Including process model information) File Associations Winsock Provider Autorun.Inf HOSTS File Boot Items Registry [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run] <ctfmon.exe><C:\WINDOWS\system32\ctfmon.exe> [(Verified)Microsoft Corporation] <msnmsgr><"C:\Program Files\MSN Messenger\msnmsgr.exe" /background> [(Verified)Microsoft Corporation] <Yahoo! Pager><"C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE" -quiet> [(Verified)Yahoo! Inc.] <Skype><"C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized> [(Verified)Skype Technologies S.A.] <ezHelper><C:\Program Files\ezHelper\ezHelper.exe 300> [N/A] <SRS Audio Sandbox><"C:\Program Files\SRS Labs\Audio Sandbox\SRSSSC.exe" /hideme> [SRS Labs, Inc.] [HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows] <run><> [N/A] [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run] <SunJavaUpdateSched><"C:\Program Files\Java\jre1.5.0_10\bin\jusched.exe"> [Sun Microsystems, Inc.] <nod32kui><"C:\Program Files\Eset\nod32kui.exe" /WAITSERVICE> [(Verified)Eset ] [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon] <shell><Explorer.exe> [(Verified)Microsoft Corporation] <Userinit><C:\WINDOWS\system32\userinit.exe,> [(Verified)Microsoft Corporation] [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Windows] <AppInit_DLLs><> [N/A] [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon] <UIHost><logonui.exe> [(Verified)Microsoft Corporation] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks] <{57B86673-276A-48B2-BAE7-C6DBB3020EB8}><C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\shellexecutehook.dll> [Anti-Malware Development a.s.] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad] <WPDShServiceObj><C:\WINDOWS\system32\WPDShServiceObj.dll> [(Verified)Microsoft Corporation] ================================== Startup Folders [Microsoft Office] <C:\Documents and Settings\All Users.WINDOWS\「開始」功能表\程式集\啟動\Microsoft Office.lnk --> C:\PROGRA~1\MICROS~2\Office10\OSA.EXE [Microsoft Corporation]><N> [AutoCAD 啟動加速器] <C:\Documents and Settings\All Users.WINDOWS\「開始」功能表\程式集\啟動\AutoCAD 啟動加速器.lnk --> C:\PROGRA~1\COMMON~1\AUTODE~1\ACSTAR~1.EXE [Autodesk, Inc]><N> ================================== Services [ASP.NET State Service / aspnet_state][Stopped/Manual Start] <C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\aspnet_state.exe><Microsoft Corporation> [Autodesk Licensing Service / Autodesk Licensing Service][Stopped/Manual Start] <"C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe"><Autodesk> [AVG Anti-Spyware Guard / AVG Anti-Spyware Guard][Running/Auto Start] <C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe><Anti-Malware Development a.s.> [Human Interface Device Access / HidServ][Stopped/Disabled] <C:\WINDOWS\System32\svchost.exe -k netsvcs-->%SystemRoot%\System32\hidserv.dll><N/A> [NOD32 Kernel Service / NOD32krn][Running/Auto Start] <"C:\Program Files\Eset\nod32krn.exe"><Eset> [SRS Labs License Service / SRS Labs License Service][Stopped/Manual Start] <"C:\Program Files\Common Files\SRS Labs Shared\Service\srslabslicenseservice.exe"><SRS Labs> [STI Simulator / STI Simulator][Running/Auto Start] <C:\WINDOWS\System32\PAStiSvc.exe><N/A> ================================== Drivers [Service for Realtek AC97 Audio (WDM) / ALCXWDM][Running/Manual Start] <system32\drivers\ALCXWDM.SYS><Realtek Semiconductor Corp.> [AMON / AMON][Running/Auto Start] <\SystemRoot\system32\drivers\amon.sys><Eset> [AVG Anti-Spyware Driver / AVG Anti-Spyware Driver][Running/System Start] <\??\C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.sys><N/A> [AVG Anti-Spyware Clean Driver / AvgAsCln][Running/System Start] <System32\DRIVERS\AvgAsCln.sys><GRISOFT, s.r.o.> [C-Media WDM Audio Interface / cmuda][Stopped/Manual Start] <system32\drivers\cmuda.sys><C-Media Inc> [gdrv / gdrv][Stopped/Manual Start] <\??\C:\WINDOWS\gdrv.sys><N/A> [nod32drv / nod32drv][Running/System Start] <\SystemRoot\system32\drivers\nod32drv.sys><N/A> [Padus ASPI Shell / pfc][Running/Manual Start] <system32\drivers\pfc.sys><Padus, Inc.> [直接平行連接埠連結驅動程式 / Ptilink][Running/Manual Start] <system32\DRIVERS\ptilink.sys><Parallel Technologies, Inc.> [Secdrv / Secdrv][Stopped/Manual Start] <system32\DRIVERS\secdrv.sys><N/A> [SiS315 / SiS315][Running/Manual Start] <system32\DRIVERS\sisgrp.sys><Silicon Integrated Systems Corporation> [Service for ACྜྷ Sample Driver (WDM) / SiS7018][Stopped/Manual Start] <system32\drivers\ac97sis.sys><Silicon Integrated Systems Corp.> [siside / siside][Running/Boot Start] <\SystemRoot\system32\DRIVERS\siside.sys><Silicon Integrated Systems Corp.> [SiSkp / SiSkp][Running/System Start] <system32\DRIVERS\srvkp.sys><Silicon Integrated Systems Corporation> [SiS PCI Fast Ethernet Adapter Driver / SISNIC][Stopped/Manual Start] <system32\DRIVERS\sisnic.sys><SiS Corporation> [SiS PCI Fast Ethernet Adapter Driver for NDIS51 / SISNICXP][Running/Manual Start] <system32\DRIVERS\sisnicxp.sys><SiS Corporation> [USB PC Camera (SNPSTD3) / SNPSTD3][Running/Manual Start] <system32\DRIVERS\snpstd3.sys><> [SRS Labs Audio Sandbox (WDM) / SRS_SSCFilter][Running/Manual Start] <system32\drivers\srs_sscfilter.sys><N/A> [TCP/IP Protocol Driver / Tcpip][Running/System Start] <system32\DRIVERS\tcpip.sys><Microsoft Corporation> [TSP / TSP][Stopped/Manual Start] <\??\C:\WINDOWS\system32\drivers\klif.sys><N/A> [世界標準電傳轉碼器 / WSTCODEC][Stopped/Manual Start] <system32\DRIVERS\WSTCODEC.SYS><Microsoft Corporation> ================================== Browser Add-ons [Yahoo! Toolbar Helper] {02478D38-C3F9-4EFB-9B51-7695ECA05670} <C:\Program Files\Yahoo!\Companion\Installs\cpn1\yt.dll, Yahoo! Inc.> [AcroIEHlprObj Class] {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} <C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll, Adobe Systems Incorporated> [SSVHelper Class] {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} <C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll, Sun Microsystems, Inc.> [NTIECatcher Class] {C56CB6B0-0D96-11D6-8C65-B2868B609932} <C:\Program Files\Xi\NetTransport 2\NTIEHelper.dll, Xi> [Java Plug-in 1.5.0_10] {08B0E5C0-4FCB-11CF-AAA5-00401C608501} <C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll, Sun Microsystems, Inc.> [ALiBaBar] {0A1375E1-56C2-11D6-8E45-8933A0FB5235} <C:\PROGRA~1\ALiBaBar\ALiBaBar.dll, Alfred, C. S. Li> [Yahoo! Toolbar] {EF99BD32-C1FB-11D2-892F-0090271D4F88} <C:\Program Files\Yahoo!\Companion\Installs\cpn1\yt.dll, Yahoo! Inc.> [YInstStarter Class] {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} <C:\Program Files\Yahoo!\Common\yinsthelper.dll, Yahoo! Inc.> [WUWebControl Class] {6414512B-B978-451D-A0D8-FCFDF33E833C} <C:\WINDOWS\system32\wuweb.dll, Microsoft Corporation> [Java Plug-in 1.5.0_10] {8AD9C840-044E-11D1-B3E9-00805F499D93} <C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll, Sun Microsystems, Inc.> [Java Plug-in 1.5.0_10] {CAFEEFAC-0015-0000-0010-ABCDEFFEDCBA} <C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll, Sun Microsystems, Inc.> [Java Plug-in 1.5.0_10] {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} <C:\Program Files\Java\jre1.5.0_10\bin\npjpi150_10.dll, Sun Microsystems, Inc.> [PopCapLoader Object] {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} <C:\WINDOWS\Downloaded Program Files\popcaploader.dll, N/A> [Rising Web Scan Object] {E4E2F180-CB8B-4DE9-ACBB-DA745D3BA153} <C:\WINDOWS\Downloaded Program Files\OL2005.dll, Beijing Rising Technology Co., Ltd.> [Yahoo! Toolbar Helper] {02478D38-C3F9-4EFB-9B51-7695ECA05670} <C:\Program Files\Yahoo!\Companion\Installs\cpn1\yt.dll, Yahoo! Inc.> [AcroIEHlprObj Class] {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} <C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll, Adobe Systems Incorporated> [Web Browser Applet Control] {08B0E5C0-4FCB-11CF-AAA5-00401C608501} <C:\WINDOWS\system32\msjava.dll, Microsoft Corporation> [ALiBaBar] {0A1375E1-56C2-11D6-8E45-8933A0FB5235} <C:\PROGRA~1\ALiBaBar\ALiBaBar.dll, Alfred, C. S. Li> [Windows Genuine Advantage Validation Tool] {17492023-C23A-453E-A040-C7C580BBF700} <C:\WINDOWS\system32\LegitCheckControl.dll, Microsoft Corporation> [HtmlDlgSafeHelper Class] {3050F819-98B5-11CF-BB82-00AA00BDCE0B} <C:\WINDOWS\system32\mshtmled.dll, Microsoft Corporation> [YInstStarter Class] {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} <C:\Program Files\Yahoo!\Common\yinsthelper.dll, Yahoo! Inc.> [WUWebControl Class] {6414512B-B978-451D-A0D8-FCFDF33E833C} <C:\WINDOWS\system32\wuweb.dll, Microsoft Corporation> [Windows Media Player] {6BF52A52-394A-11D3-B153-00C04F79FAA6} <C:\WINDOWS\system32\wmp.dll, Microsoft Corporation> [SSVHelper Class] {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} <C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll, Sun Microsystems, Inc.> [Microsoft Web Browser] {8856F961-340A-11D0-A96B-00C04FD705A2} <C:\WINDOWS\system32\shdocvw.dll, Microsoft Corporation> [RMGetLicense Class] {A9FC132B-096D-460B-B7D5-1DB0FAE0C062} <C:\WINDOWS\system32\msnetobj.dll, Microsoft Corporation> [SearchAssistantOC] {B45FF030-4447-11D2-85DE-00C04FA35C89} <%SystemRoot%\system32\shdocvw.dll, N/A> [NTIECatcher Class] {C56CB6B0-0D96-11D6-8C65-B2868B609932} <C:\Program Files\Xi\NetTransport 2\NTIEHelper.dll, Xi> [AUDIO__MID Moniker Class] {CD3AFA74-B84F-48F0-9393-7EDC34128127} <C:\WINDOWS\system32\wmp.dll, Microsoft Corporation> [AUDIO__X_MS_WMA Moniker Class] {CD3AFA84-B84F-48F0-9393-7EDC34128127} <C:\WINDOWS\system32\wmp.dll, Microsoft Corporation> [VIDEO__X_MS_WMV Moniker Class] {CD3AFA94-B84F-48F0-9393-7EDC34128127} <C:\WINDOWS\system32\wmp.dll, Microsoft Corporation> [Shockwave Flash Object] {D27CDB6E-AE6D-11CF-96B8-444553540000} <C:\WINDOWS\system32\Macromed\Flash\Flash9.ocx, Adobe Systems, Inc.> [GetInfo Class] {D5184A39-CBDF-4A4F-AC1A-7A45A852C883} <C:\PROGRA~1\YAHOO!\COMMON\yverinfo.dll, Yahoo! Inc.> [MessengerChecker Class] {DA4F543C-C8A9-4E88-9A79-548CBB46F18F} <C:\Program Files\Yahoo!\Messenger\YPagerChecker.dll, Yahoo! Inc.> [Yahoo! Toolbar] {EF99BD32-C1FB-11D2-892F-0090271D4F88} <C:\Program Files\Yahoo!\Companion\Installs\cpn1\yt.dll, Yahoo! Inc.> [Foxy 下載] <res://C:\Program Files\Foxy\Foxy.exe/download.htm, N/A> [Foxy 搜尋] <res://C:\Program Files\Foxy\Foxy.exe/search.htm, N/A> [匯出至 Microsoft Excel(&X)] <res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000, N/A> [設為 Messenger Live 頭像] <C:\Program Files\MSNShell\Bin\SetMSNDP.htm, N/A> ================================== Running Processes [PID: 456][\SystemRoot\System32\smss.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)] [PID: 524][\??\C:\WINDOWS\system32\csrss.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)] [PID: 548][\??\C:\WINDOWS\system32\winlogon.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)] [C:\WINDOWS\system32\uxtheme.dll] [Microsoft Corporation, 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)] [PID: 592][C:\WINDOWS\system32\services.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)] [PID: 604][C:\WINDOWS\system32\lsass.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)] [C:\WINDOWS\system32\UxTheme.dll] [Microsoft Corporation, 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)] [C:\WINDOWS\system32\imon.dll] [Eset , 2, 70, 27 ] [C:\Program Files\Eset\pr_imon.dll] [N/A, N/A] [PID: 752][C:\WINDOWS\system32\svchost.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)] [C:\WINDOWS\system32\UxTheme.dll] [Microsoft Corporation, 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)] [PID: 800][C:\WINDOWS\system32\svchost.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)] [C:\WINDOWS\system32\UxTheme.dll] [Microsoft Corporation, 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)] [C:\WINDOWS\system32\imon.dll] [Eset , 2, 70, 27 ] [C:\Program Files\Eset\pr_imon.dll] [N/A, N/A] [PID: 888][C:\WINDOWS\System32\svchost.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)] [C:\WINDOWS\System32\UxTheme.dll] [Microsoft Corporation, 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)] [C:\WINDOWS\system32\imon.dll] [Eset , 2, 70, 27 ] [C:\Program Files\Eset\pr_imon.dll] [N/A, N/A] [PID: 932][C:\WINDOWS\system32\svchost.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)] [C:\WINDOWS\system32\UxTheme.dll] [Microsoft Corporation, 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)] [C:\WINDOWS\system32\imon.dll] [Eset , 2, 70, 27 ] [C:\Program Files\Eset\pr_imon.dll] [N/A, N/A] [PID: 1008][C:\WINDOWS\system32\svchost.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)] [C:\WINDOWS\system32\UxTheme.dll] [Microsoft Corporation, 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)] [PID: 1084][C:\WINDOWS\Explorer.EXE] [Microsoft Corporation, 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)] [C:\WINDOWS\system32\UxTheme.dll] [Microsoft Corporation, 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)] [C:\WINDOWS\system32\AcSignIcon.dll] [Autodesk, 16.2.54.0] [C:\Program Files\Common Files\Autodesk Shared\AcSignCore16.dll] [Autodesk, 16.2.54.0] [C:\Program Files\WinRAR\rarext.dll] [N/A, N/A] [C:\PROGRA~1\YAHOO!\COMMON\ymmapi.dll] [Yahoo! Inc., 2005, 1, 1, 4] [C:\Program Files\Eset\nodshex.dll] [N/A, N/A] [C:\Documents and Settings\Administrator.MYCHAT-07467BD2\Application Data\Foxy\LinkMaker.dll] [N/A, 1, 1, 0, 0] [C:\WINDOWS\system32\contmenu.dll] [N/A, N/A] [C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\context.dll] [Anti-Malware Development a.s., 7, 5, 0, 49] [C:\WINDOWS\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.163_x-ww_681e29fb\MSVCR80.dll] [Microsoft Corporation, 8.00.50727.163] [C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll] [Adobe Systems Incorporated, 6.0.1.2003110300] [C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\shellexecutehook.dll] [Anti-Malware Development a.s., 7, 5, 0, 47] [PID: 1204][C:\WINDOWS\system32\spoolsv.exe] [Microsoft Corporation, 5.1.2600.2696 (xpsp_sp2_gdr.050610-1519)] [C:\WINDOWS\system32\UxTheme.dll] [Microsoft Corporation, 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)] [PID: 1316][C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe] [Anti-Malware Development a.s., 7, 5, 0, 47] [C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\engine.dll] [Anti-Malware Development a.s., 4, 2, 0, 15] [PID: 1364][C:\Program Files\Eset\nod32krn.exe] [Eset , 2, 70, 27 ] [C:\Program Files\Eset\nod32krr.dll] [Eset , 2, 70, 27 ] [C:\Program Files\Eset\ps_amon.dll] [Eset , 2, 70, 27 ] [C:\Program Files\Eset\pr_amon.dll] [Eset , 2, 70, 27 ] [C:\Program Files\Eset\ps_dmon.dll] [Eset , 2, 70, 27 ] [C:\Program Files\Eset\pr_dmon.dll] [N/A, N/A] [C:\Program Files\Eset\ps_emon.dll] [Eset , 2, 70, 27 ] [C:\Program Files\Eset\pr_emon.dll] [N/A, N/A] [C:\WINDOWS\system32\imon.dll] [Eset , 2, 70, 27 ] [C:\Program Files\Eset\pr_imon.dll] [N/A, N/A] [C:\Program Files\Eset\ps_nod32.dll] [Eset , 2, 70, 27 ] [C:\Program Files\Eset\pr_nod32.dll] [Eset , 2, 70, 27 ] [C:\Program Files\Eset\ps_upd.dll] [Eset , 2, 70, 27 ] [C:\Program Files\Eset\pr_upd.dll] [N/A, N/A] [C:\WINDOWS\system32\uxtheme.dll] [Microsoft Corporation, 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)] [PID: 1480][C:\WINDOWS\System32\PAStiSvc.exe] [N/A, N/A] [PID: 1532][C:\WINDOWS\system32\svchost.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)] [C:\WINDOWS\system32\UxTheme.dll] [Microsoft Corporation, 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)] [PID: 1912][C:\Program Files\Java\jre1.5.0_10\bin\jusched.exe] [Sun Microsystems, Inc., 5.0.100.3] [C:\WINDOWS\system32\uxtheme.dll] [Microsoft Corporation, 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)] [PID: 1936][C:\WINDOWS\System32\alg.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)] [C:\WINDOWS\System32\UxTheme.dll] [Microsoft Corporation, 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)] [C:\WINDOWS\system32\imon.dll] [Eset , 2, 70, 27 ] [C:\Program Files\Eset\pr_imon.dll] [N/A, N/A] [PID: 1944][C:\Program Files\Eset\nod32kui.exe] [Eset , 2, 70, 27 ] [C:\Program Files\Eset\nod32rui.dll] [N/A, N/A] [C:\WINDOWS\system32\uxtheme.dll] [Microsoft Corporation, 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)] [C:\Program Files\Eset\pu_amon.dll] [Eset , 2, 70, 27 ] [C:\Program Files\Eset\pr_amon.dll] [Eset , 2, 70, 27 ] [C:\Program Files\Eset\pu_dmon.dll] [Eset , 2, 70, 27 ] [C:\Program Files\Eset\pr_dmon.dll] [N/A, N/A] [C:\Program Files\Eset\pu_emon.dll] [Eset , 2, 70, 27 ] [C:\Program Files\Eset\pr_emon.dll] [N/A, N/A] [C:\Program Files\Eset\pu_imon.dll] [Eset , 2, 70, 27 ] [C:\Program Files\Eset\pr_imon.dll] [N/A, N/A] [C:\Program Files\Eset\pu_nod32.dll] [Eset , 2, 70, 27 ] [C:\Program Files\Eset\pr_nod32.dll] [Eset , 2, 70, 27 ] [C:\Program Files\Eset\pu_upd.dll] [Eset , 2, 70, 27 ] [C:\Program Files\Eset\pr_upd.dll] [N/A, N/A] [PID: 1956][C:\WINDOWS\system32\ctfmon.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)] [C:\WINDOWS\system32\UxTheme.dll] [Microsoft Corporation, 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)] [PID: 1980][C:\Program Files\MSN Messenger\msnmsgr.exe] [Microsoft Corporation, 8.1.0178.00] [C:\WINDOWS\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.163_x-ww_681e29fb\MSVCR80.dll] [Microsoft Corporation, 8.00.50727.163] [C:\WINDOWS\system32\UxTheme.dll] [Microsoft Corporation, 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)] [C:\Program Files\MSN Messenger\CRYPTNET.dll] [N/A, N/A] [C:\Program Files\MSNShell\Bin\ShellDll02.dll] [MSNShell Team, 4.2.28.25] [C:\Program Files\MSNShell\Bin\ShellDll.dll] [N/A, N/A] [C:\WINDOWS\system32\msdmo.dll] [N/A, N/A] [C:\WINDOWS\system32\imon.dll] [Eset , 2, 70, 27 ] [C:\Program Files\Eset\pr_imon.dll] [N/A, N/A] [C:\WINDOWS\system32\vsnpstd3.dll] [ , 1, 0, 1, 6] [PID: 2020][C:\Program Files\Skype\Phone\Skype.exe] [Skype Technologies S.A., 3.0.1.214] [C:\WINDOWS\system32\uxtheme.dll] [Microsoft Corporation, 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)] [C:\WINDOWS\system32\imon.dll] [Eset , 2, 70, 27 ] [C:\Program Files\Eset\pr_imon.dll] [N/A, N/A] [C:\WINDOWS\system32\msdmo.dll] [N/A, N/A] [PID: 144][C:\Program Files\SRS Labs\Audio Sandbox\SRSSSC.exe] [SRS Labs, Inc., 1.2.0.0] [C:\WINDOWS\system32\uxtheme.dll] [Microsoft Corporation, 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)] [PID: 568][C:\Program Files\Skype\Plugin Manager\SkypePM.exe] [Skype Technologies, 1.0.0.217] [C:\WINDOWS\system32\uxtheme.dll] [Microsoft Corporation, 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)] [C:\Program Files\Skype\Plugin Manager\ezPMUtils.dll] [EasyBits Software Corp., 1.0.0.593] [PID: 3412][C:\WINDOWS\system32\conime.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)] [C:\WINDOWS\system32\UxTheme.dll] [Microsoft Corporation, 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)] [PID: 3048][C:\Program Files\Mozilla Firefox\firefox.exe] [Mozilla Corporation, 1.8.1.1: 2006120418] [C:\Program Files\Mozilla Firefox\js3250.dll] [Netscape Communications Corporation, 4.0] [C:\Program Files\Mozilla Firefox\nspr4.dll] [Netscape Communications Corporation, 4.6.4] [C:\Program Files\Mozilla Firefox\xpcom_core.dll] [Mozilla Foundation, 1.8.1.1: 2006120418] [C:\Program Files\Mozilla Firefox\plc4.dll] [Netscape Communications Corporation, 4.6.4] [C:\Program Files\Mozilla Firefox\plds4.dll] [Netscape Communications Corporation, 4.6.4] [C:\Program Files\Mozilla Firefox\smime3.dll] [Mozilla Foundation, 3.11.4 Basic ECC] [C:\Program Files\Mozilla Firefox\nss3.dll] [Mozilla Foundation, 3.11.4 Basic ECC] [C:\Program Files\Mozilla Firefox\softokn3.dll] [Mozilla Foundation, 3.11.4 Basic ECC] [C:\Program Files\Mozilla Firefox\ssl3.dll] [Mozilla Foundation, 3.11.4 Basic ECC] [C:\Program Files\Mozilla Firefox\xpcom_compat.dll] [Mozilla Foundation, 1.8.1.1: 2006120418] [C:\WINDOWS\system32\uxtheme.dll] [Microsoft Corporation, 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)] [C:\Program Files\Mozilla Firefox\components\myspell.dll] [Mozilla Foundation, 1.8.1.1: 2006120418] [C:\WINDOWS\system32\imon.dll] [Eset , 2, 70, 27 ] [C:\Program Files\Eset\pr_imon.dll] [N/A, N/A] [C:\Program Files\Mozilla Firefox\components\jar50.dll] [Mozilla Foundation, 1.8.1.1: 2006120418] [C:\Program Files\Mozilla Firefox\freebl3.dll] [Mozilla Foundation, 3.11.4 Basic ECC] [C:\Program Files\Mozilla Firefox\nssckbi.dll] [Mozilla Foundation, 1.62] [C:\Program Files\Mozilla Firefox\components\spellchk.dll] [Mozilla Foundation, 1.8.1.1: 2006120418] [C:\WINDOWS\system32\AcSignIcon.dll] [Autodesk, 16.2.54.0] [C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\shellexecutehook.dll] [Anti-Malware Development a.s., 7, 5, 0, 47] [PID: 2156][C:\DOCUME~1\ADMINI~1.MYC\LOCALS~1\Temp\Rar$EX00.829\SREng.EXE] [Smallfrogs Studio, 2.3.13.690] [C:\WINDOWS\system32\uxtheme.dll] [Microsoft Corporation, 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)] [C:\WINDOWS\system32\imon.dll] [Eset , 2, 70, 27 ] [C:\Program Files\Eset\pr_imon.dll] [N/A, N/A] ================================== File Associations .TXT OK. [%SystemRoot%\system32\NOTEPAD.EXE %1] .EXE OK. ["%1" %*] .COM OK. ["%1" %*] .PIF OK. ["%1" %*] .REG OK. [regedit.exe "%1"] .BAT OK. ["%1" %*] .SCR Error. [AutoCADScriptFile] .CHM OK. ["C:\WINDOWS\hh.exe" %1] .HLP OK. [%SystemRoot%\System32\winhlp32.exe %1] .INI OK. [%SystemRoot%\System32\NOTEPAD.EXE %1] .INF OK. [%SystemRoot%\System32\NOTEPAD.EXE %1] .VBS OK. [%SystemRoot%\System32\WScript.exe "%1" %*] .JS OK. [%SystemRoot%\System32\WScript.exe "%1" %*] .LNK OK. [{00021401-0000-0000-C000-000000000046}] ================================== Winsock Provider NOD32 protected [MSAFD Tcpip [TCP/IP]] C:\WINDOWS\system32\imon.dll(Eset , NOD32 IMON - Internet scanning support) NOD32 protected [MSAFD Tcpip [UDP/IP]] C:\WINDOWS\system32\imon.dll(Eset , NOD32 IMON - Internet scanning support) NOD32 protected [MSAFD Tcpip [RAW/IP]] C:\WINDOWS\system32\imon.dll(Eset , NOD32 IMON - Internet scanning support) NOD32 protected [RSVP UDP Service Provider] C:\WINDOWS\system32\imon.dll(Eset , NOD32 IMON - Internet scanning support) NOD32 protected [RSVP TCP Service Provider] C:\WINDOWS\system32\imon.dll(Eset , NOD32 IMON - Internet scanning support) NOD32 C:\WINDOWS\system32\imon.dll(Eset , NOD32 IMON - Internet scanning support) ================================== Autorun.Inf N/A ================================== HOSTS File 127.0.0.1 localhost ================================== API HOOK N/A ================================== x0 |
引用 | 編輯
upside
2007-03-01 12:53 |
4樓
▲ ▼ |
[PopCapLoader Object]
{DF780F87-FF2B-4DF8-92D0-73DB16A1543A} <C:\WINDOWS\Downloaded Program Files\popcaploader.dll, N/A> [Rising Web Scan Object] {E4E2F180-CB8B-4DE9-ACBB-DA745D3BA153} <C:\WINDOWS\Downloaded Program Files\OL2005.dll, Beijing Rising Technology Co., Ltd.> <ezHelper><C:\Program Files\ezHelper\ezHelper.exe 300> [N/A] [gdrv / gdrv][Stopped/Manual Start] <\??\C:\WINDOWS\gdrv.sys><N/A> gdrv.sys 好像是技嘉的工具程式之一,假如他沒有用技嘉的產品,那就砍了吧! 假如那支setup.exe又出現,建議上傳到VT檢查其他防軟的反應 還有,我建議用Icesword>Function>System Check功能檢查一下是否有隱藏程序存在 x0 |