|
查看: 2430|回复: 31
|
被无数木马侵袭,其中一个清除了还会再出现
[复制链接]
|
|
|
近日来我的电脑被无数木马侵袭,其中一个msdirectx.sys清除了还会再出现,我已经用了ANTIVIR,TROJAN REMOVER,AVG & EWIDO SECURITY SUITE
谁能救救我? |
|
|
|
|
|
|
|
|
|
|
|
楼主 |
发表于 26-7-2005 01:28 PM
|
显示全部楼层
谁能救我。。。
这几天我赶着用电脑,所以不能把它送去format,各位有什么办法暂时解决这个问题吗?
其他的木马都能够清除,唯独这个清了还会再出现 |
|
|
|
|
|
|
|
|
|
|
|
发表于 26-7-2005 01:55 PM
|
显示全部楼层
原帖由 静谧之眼 于 26-7-2005 01:50 AM 发表
近日来我的电脑被无数木马侵袭,其中一个msdirectx.sys清除了还会再出现,我已经用了ANTIVIR,TROJAN REMOVER,AVG & EWIDO SECURITY SUITE
谁能救救我?
原帖由 静谧之眼 于 26-7-2005 01:28 PM 发表
谁能救我。。。
这几天我赶着用电脑,所以不能把它送去format,各位有什么办法暂时解决这个问题吗?
其他的木马都能够清除,唯独这个清了还会再出现
你可以试用 Microsoft Anti Spyware。
http://download.microsoft.com/do ... iSpywareInstall.exe
1. Off 掉 System Restore。
2. 进 Safe Mode。
3. Scan。
4. Scan 完后, 有 Spyware 就 Delete 掉。
5. Restore 回 Hijacked Browser IE Setting。
6. Restart 电脑。
大功告成。希望可以帮到你。  |
|
|
|
|
|
|
|
|
|
|
|
发表于 26-7-2005 07:54 PM
|
显示全部楼层
|
|
|
|
|
|
|
|
|
|
|
楼主 |
发表于 28-7-2005 09:38 AM
|
显示全部楼层
试过了。。。还是不行。
之前清除过的病毒又回来了,当然也包括怎么清除也清除不掉的sys file,
看来只有送去format了。
是不是不能打开防火墙呢
但是如果不打开,我的winmx又不能下载
啊。。。苦恼啊
我参考了许多帖子,还是拿它没辙
不过还是感谢大家的帮忙,我还会再跟进这里的帖子,希望可以找到解决方法
[ 本帖最后由 静谧之眼 于 28-7-2005 09:42 AM 编辑 ] |
|
|
|
|
|
|
|
|
|
|
|
发表于 28-7-2005 09:52 AM
|
显示全部楼层
|
|
|
|
|
|
|
|
|
|
|
发表于 28-7-2005 11:50 AM
|
显示全部楼层
|
|
|
|
|
|
|
|
|
|
|
发表于 28-7-2005 05:45 PM
|
显示全部楼层
原帖由 静谧之眼 于 28-7-2005 09:38 AM 发表
试过了。。。还是不行。
之前清除过的病毒又回来了,当然也包括怎么清除也清除不掉的sys file,
看来只有送去format了。
是不是不能打开防火墙呢
但是如果不打开,我的winmx又不能下载
啊。。。苦恼啊
我 ...
format了?还没就試看hijackthis,然後post logfiles上来, 記得show hidden files,operating system files等 |
|
|
|
|
|
|
|
|
|
|
|
楼主 |
发表于 28-7-2005 09:30 PM
|
显示全部楼层
之前的不见了,我再次scan却发现了其他的木马,一些是早就被清除的。
谢谢大家的资料提供。我还在参考着,不过就有点苯,一些地方还是不明白。
朋友说这个周末会来帮format,我看着办吧。
嗯,什么是hijackthis 呢? |
|
|
|
|
|
|
|
|
|
|
|
发表于 30-7-2005 11:37 AM
|
显示全部楼层
原帖由 b@st@rd 于 28-7-2005 05:45 PM 发表
format了?还没就試看hijackthis,然後post logfiles上来, 記得show hidden files,operating system files等
我的电脑也是中一直产生msdirectx.sys的Trojan(5.L?! AVG说的)。想知道Hijackthis的Official下载网站是什么?在搜寻器里有不少的连接。 |
|
|
|
|
|
|
|
|
|
|
|
发表于 30-7-2005 11:50 AM
|
显示全部楼层
|
|
|
|
|
|
|
|
|
|
|
发表于 30-7-2005 11:57 AM
|
显示全部楼层
谢谢。
如果中了这木马/病毒,又上网的话,是否骇客可以入侵电脑?
我用着的是视窗XP简体版(SP1)吧?!没有得更新和补丁...=.= |
|
|
|
|
|
|
|
|
|
|
|
楼主 |
发表于 30-7-2005 09:46 PM
|
显示全部楼层
Logfile of HijackThis v1.99.1
Scan saved at 9:39:39 PM, on 7/30/2005
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\LEXPPS.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\rmctrl.exe
C:\Program Files\Microsoft AntiSpyware\gcasServ.exe
C:\WINDOWS\System32\lmk.exe
C:\WINDOWS\System32\mswin32.exe
C:\WINDOWS\System32\winproc.exe
C:\Program Files\AVPersonal\AVGNT.EXE
C:\WINDOWS\System32\ctfmon.exe
C:\Program Files\AVPersonal\AVGUARD.EXE
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\Program Files\AVPersonal\AVWUPSRV.EXE
C:\Program Files\ewido\security suite\ewidoctrl.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\fxssvc.exe
C:\Program Files\Microsoft AntiSpyware\gcasDtServ.exe
C:\WINDOWS\system32\cmd.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\Soulseek\slsk.exe
C:\Program Files\Xi\NetTransport 2\NetTransport.exe
C:\HijackThis.exe
F2 - REG:system.ini: UserInit=userinit.exe,xpjava.exe
O2 - BHO: Yahoo! Companion BHO - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\ycomp5_6_2_0.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: NTIECatcher Class - {C56CB6B0-0D96-11D6-8C65-B2868B609932} - C:\Program Files\Xi\NetTransport 2\NTIEHelper.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\ycomp5_6_2_0.dll
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [RemoteControl] C:\WINDOWS\System32\rmctrl.exe
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [IMEKRMIG6.1] C:\WINDOWS\ime\imkr6_1\IMEKRMIG.EXE
O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\System32\IME\PINTLGNT\ImScInst.exe /SYNC
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [gcasServ] "C:\Program Files\Microsoft AntiSpyware\gcasServ.exe"
O4 - HKLM\..\Run: [Microsoft Intrenet Explorer] lmk.exe
O4 - HKLM\..\Run: [Microsoft Windows 64 Bit] mswin32.exe
O4 - HKLM\..\Run: [Windows Process Manager] winproc.exe
O4 - HKLM\..\Run: [Network Access] winssh.exe
O4 - HKLM\..\Run: [AVGCtrl] "C:\Program Files\AVPersonal\AVGNT.EXE" /min
O4 - HKLM\..\Run: [TrojanScanner] C:\Program Files\Trojan Remover\Trjscan.exe
O4 - HKLM\..\RunServices: [Microsoft Intrenet Explorer] lmk.exe
O4 - HKLM\..\RunServices: [Microsoft Windows 64 Bit] mswin32.exe
O4 - HKLM\..\RunServices: [Windows Process Manager] winproc.exe
O4 - HKLM\..\RunServices: [Network Access] winssh.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\System32\ctfmon.exe
O4 - HKCU\..\RunServices: [li start up] li32.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: 使用影音传送带下载 - C:\Program Files\Xi\NetTransport 2\NTAddLink.html
O8 - Extra context menu item: 使用影音传送带下载全部链接 - C:\Program Files\Xi\NetTransport 2\NTAddList.html
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} (YInstStarter Class) - http://us.dl1.yimg.com/download. ... s/yinst20040510.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMessengerSetupDownloader.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{A0B71D86-F8B3-4198-B7B1-A4F3276E7C1E}: NameServer = 202.188.0.133 202.188.1.5
O23 - Service: AntiVir Service (AntiVirService) - H+BEDV Datentechnik GmbH - C:\Program Files\AVPersonal\AVGUARD.EXE
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: AntiVir Update (AVWUpSrv) - H+BEDV Datentechnik GmbH, Germany - C:\Program Files\AVPersonal\AVWUPSRV.EXE
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido\security suite\ewidoctrl.exe
O23 - Service: ewido security suite guard - ewido networks - C:\Program Files\ewido\security suite\ewidoguard.exe
O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: Mouse Click Monitor (mousecm) - Unknown owner - C:\WINDOWS\System32\mousecm.exe (file missing)
备注-红色是我曾经清除过的,蓝色是我不肯定的
那个msdirect,在我用了off system restore的方法后第二天突然间不见了。现在是陆陆续续的出现一些曾经出现过的木马。
偶尔也会出现lssa.exe的问题,不过现在的情况好过之前还没清除的时候。
大家有什么advice ma? |
|
|
|
|
|
|
|
|
|
|
|
楼主 |
发表于 30-7-2005 10:13 PM
|
显示全部楼层
result is out...
C:\WINDOWS\System32\mswin32.exe
Nasty running process. (mswin32.exe)
W32.SpyBot worm variant
This is a nasty process! You should fix it and try to delete it manually! |
|
|
|
|
|
|
|
|
|
|
|
发表于 30-7-2005 11:22 PM
|
显示全部楼层
请问这该死的木马藏在哪里?谢谢。
Logfile of HijackThis v1.99.1
Scan saved at 23:19:24, on 30-07-2005
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2600.0000)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\xpjava.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\WINDOWS\System32\cisvc.exe
C:\PROGRA~1\Iomega\System32\AppServices.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\Program Files\Iomega\AutoDisk\ADService.exe
C:\WINDOWS\system32\fxssvc.exe
C:\Program Files\CNNIC\Cdn\cdnup.exe
C:\Program Files\Media Access\MediaAccK.exe
C:\Program Files\Winamp\winampa.exe
C:\Program Files\Media Access\MediaAccess.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\QuickTime\qttask.exe
C:\WINDOWS\System32\conime.exe
C:\PROGRA~1\SAMSUN~1\SAMSUN~1\1.1\MOUSE32A.EXE
C:\Program Files\Iomega\DriveIcons\ImgIcon.exe
C:\WINDOWS\System32\gah95on6.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\Program Files\Iomega\AutoDisk\ADUserMon.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\WINDOWS\System32\ctfmon.exe
C:\Program Files\WinZip\WZQKPICK.EXE
C:\Program Files\QBooks\Components\QBAgent\qbdagent2002.exe
C:\Program Files\GetRight\getright.exe
C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\ICQ\ICQ.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\WINDOWS\system32\cmd.exe
C:\WINDOWS\System32\cidaemon.exe
C:\PROGRA~1\WINZIP\winzip32.exe
C:\Downloads\HijackThis.exe
F2 - REG:system.ini: UserInit=userinit.exe,xpjava.exe
O2 - BHO: CNNIC_IDN - {35980F6E-A137-4E50-953D-813BB8556899} - C:\PROGRA~1\CNNIC\Cdn\cdniehlp.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: Adobe Acrobat Control for ActiveX - {CA8A9780-280D-11CF-A24D-444553540000} - C:\PROGRA~1\Adobe\ACROBA~1.0\Reader\ActiveX\pdf.ocx
O2 - BHO: BrowserHelper Class - {EBCDDA60-2A68-11D3-8A43-0060083CFB9C} - C:\WINDOWS\System32\nzdd.dll
O3 - Toolbar: μ?ì¨(&R) - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [CdnCtr] C:\Program Files\CNNIC\Cdn\cdnup.exe
O4 - HKLM\..\Run: [Media Access] C:\Program Files\Media Access\MediaAccK.exe
O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe
O4 - HKLM\..\Run: [WIN DISC REPAIR] repair32.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [SSC_UserPrompt] C:\Program Files\Common Files\Symantec Shared\Security Center\UsrPrmpt.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [MSN MMISSENGER] mssmmspgr.exe
O4 - HKLM\..\Run: [Mirabilis ICQ] C:\Program Files\ICQ\NDetect.exe
O4 - HKLM\..\Run: [LWBMOUSE] C:\PROGRA~1\SAMSUN~1\SAMSUN~1\1.1\MOUSE32A.EXE
O4 - HKLM\..\Run: [Iomega Drive Icons] C:\Program Files\Iomega\DriveIcons\ImgIcon.exe
O4 - HKLM\..\Run: [IMJPMIG8.1] C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [gah95on6] C:\WINDOWS\System32\gah95on6.exe
O4 - HKLM\..\Run: [Deskup] C:\Program Files\Iomega\DriveIcons\deskup.exe /IMGSTART
O4 - HKLM\..\Run: [AVG7_EMC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [ADUserMon] C:\Program Files\Iomega\AutoDisk\ADUserMon.exe
O4 - HKLM\..\RunServices: [MSN MMISSENGER] mssmmspgr.exe
O4 - HKLM\..\RunServices: [WIN DISC REPAIR] repair32.exe
O4 - HKCU\..\Run: [Yahoo! Pager] C:\Program Files\Yahoo!\Messenger\ypager.exe -quiet
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\System32\ctfmon.exe
O4 - HKCU\..\RunOnce: [ICQ] C:\Program Files\ICQ\ICQ.exe -trayboot
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: &Search - http://bar.mywebsearch.com/menusearch.html?p=ZNxmk04984US
O8 - Extra context menu item: Download with GetRight - C:\Program Files\GetRight\GRdownload.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Open with GetRight Browser - C:\Program Files\GetRight\GRbrowse.htm
O8 - Extra context menu item: Save Flash - res://C:\Program Files\UnH Solutions\Flash Saving Plugin\FlashSButton.dll/210
O9 - Extra button: ?D??é?í? - {35980F6E-A137-4E50-953D-813BB8556899} - C:\PROGRA~1\CNNIC\Cdn\cdniehlp.dll
O9 - Extra 'Tools' menuitem: ?D??é?í? - {35980F6E-A137-4E50-953D-813BB8556899} - C:\PROGRA~1\CNNIC\Cdn\cdniehlp.dll
O9 - Extra button: Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes0521.dll
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes0521.dll
O9 - Extra button: Net2Phone - {4B30061A-5B39-11D3-80F8-0090276F843F} - C:\Program Files\Net2Phone\Net2fone.exe
O9 - Extra 'Tools' menuitem: Net2Phone - {4B30061A-5B39-11D3-80F8-0090276F843F} - C:\Program Files\Net2Phone\Net2fone.exe
O9 - Extra button: ICQ Pro - {6224f700-cba3-4071-b251-47cb894244cd} - C:\Program Files\ICQ\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ - {6224f700-cba3-4071-b251-47cb894244cd} - C:\Program Files\ICQ\ICQ.exe
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE (file missing)
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE (file missing)
O9 - Extra button: Flash - {43CF38F3-5AEC-45a3-AD31-04EB06E9C6CA} - C:\Program Files\UnH Solutions\Flash Saving Plugin\FlashSButton.dll (HKCU)
O10 - Unknown file in Winsock LSP: c:\windows\system32\cdnns.dll
O11 - Options group: [CDNCLIENT] ?D??é?í?
O12 - Plugin for .mid: C:\Program Files\Internet Explorer\PLUGINS\npqtplugin2.dll
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O15 - Trusted Zone: http://mail.yahoo.com
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab31267.cab
O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab31267.cab
O16 - DPF: {2FC9A21E-2069-4E47-8235-36318989DB13} (PPSDKActiveXScanner.MainScreen) - http://ppupdates.ca.com/downloads/scanner/axscanner.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by10fd.bay10.hotmail.msn.com/resources/MsnPUpld.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/bi ... Client.cab28578.cab
O16 - DPF: {9A578C98-3C2F-4630-890B-FC04196EF420} (CNNIC_IDN) - http://client.jogo.cn/download/cnnic/cdn_eng.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMessengerSetupDownloader.cab
O16 - DPF: {B9191F79-5613-4C76-AA2A-398534BB8999} (YAddBook Class) - http://us.dl1.yimg.com/download. ... e/yautocomplete.cab
O16 - DPF: {CDCBE0F1-D13A-4F86-A963-3A272D3ABA7E} (VacPro.internazionale_ver15) - http://advnt01.com/dialer/internazionale_ver15.CAB
O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown Class) - http://messenger.zone.msn.com/bi ... owdown.cab31267.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{32D48D51-3786-435B-9FAA-837C0A30BC16}: NameServer = 202.188.0.133 202.188.1.5
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: Iomega App Services - Iomega Corporation - C:\PROGRA~1\Iomega\System32\AppServices.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
O23 - Service: Iomega Active Disk (_IOMEGA_ACTIVE_DISK_SERVICE_) - Iomega Corporation - C:\Program Files\Iomega\AutoDisk\ADService.exe |
|
|
|
|
|
|
|
|
|
|
|
发表于 30-7-2005 11:33 PM
|
显示全部楼层
请问怎样off system restore?谢谢。
AVG一直显示这msdirectx的木马(Trojan horse Collected.5.L)的警告,多次删除后竟然出现这些提示:
[ 本帖最后由 孤单旅行家 于 30-7-2005 11:54 PM 编辑 ] |
|
|
|
|
|
|
|
|
|
|
|
楼主 |
发表于 30-7-2005 11:49 PM
|
显示全部楼层
你可以参考kaisam的帖子,我照着做果然清除了那个顽强的病毒。虽然现在电脑还是被木马侵袭,但情况好多了。至少我能够上网浏览网页了。
你的logfile要贴过去它的index page,analyze才行。
谢谢大家帮忙 |
|
|
|
|
|
|
|
|
|
|
|
发表于 31-7-2005 11:52 AM
|
显示全部楼层
|
昨晚用了Microsoft Anti Spyware,进Safe Mode干掉了不少spy ware, 木马等。但还没重开机。怎样设置Off 掉 System Restore? |
|
|
|
|
|
|
|
|
|
|
|
楼主 |
发表于 31-7-2005 12:39 PM
|
显示全部楼层
go to-> MENU-> ACCESSORIES-> SYSTEM TOOL-> SYSTEM RESTORE-> OFF
我是这么做的,然后才进safe mode scan |
|
|
|
|
|
|
|
|
|
|
|
发表于 31-7-2005 03:42 PM
|
显示全部楼层
静谧之眼,现在的情况如何?你的log file analysis:
1.turn off system restore
Fix checked:
F2 - REG:system.ini: UserInit=userinit.exe,xpjava.exe
O4 - HKLM\..\Run: [Microsoft Windows 64 Bit] mswin32.exe
O4 - HKLM\..\Run: [Network Access] winssh.exe
O4 - HKLM\..\RunServices: [Microsoft Windows 64 Bit] mswin32.exe
O4 - HKLM\..\RunServices: [Network Access] winssh.exe
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
O23 - Service: Mouse Click Monitor (mousecm) - Unknown owner - C:\WINDOWS\System32\mousecm.exe (file missing)
2.然後去Tools>Folder Options>View>tick"Display the contents of system folders", tick"Show hidden files and folders", Uncheck"Hide extensions for known file types", Uncheck"Hide protected operating system files"
3.在safe mode search: C:\WINDOWS\System32\mswin32.exe- delete"mswin32.exe",C:\WINDOWS\System32\mousecm.exe-delete"mousecm.exe"接著
search n delete"winssh.exe","xpjava.exe"(p.s if exist)
4.download n run"Cleanup"-http://www.stevengould.org/downloads/cleanup/CleanUp40.exe for clean(cookies,cache,temp. files),然後use ad-aware,spybot scan again |
|
|
|
|
|
|
|
|
|
| |
 本周最热论坛帖子
|
变色卡
千斤顶
1326 
92
