强进酒 - 2006-2-23 23:55:00
各位高手,电脑里有一个adware,瑞星查不出来。开始电脑开关机的速度变慢,后来C盘剩余容量变小,cpu占用量增大。下了Windows Defender(Beta2),查出一个,但是也删不掉,我把Windows Defender的描述和瑞星防火墙的日志都贴出来,请高手帮忙看看怎么办啊,多谢了!
这是 Windows Defender的描述:
Category:
Adware
Description:
This program has potentially unwanted behavior.
Advice:
Remove this software immediately.
Resources:
regkey:
HKLM\Software\Classes\CLSID\{FC148228-87E1-4D00-AC06-58DCAA52A4D1}
clsid:
HKLM\Software\Classes\CLSID\{FC148228-87E1-4D00-AC06-58DCAA52A4D1}
file:
C:\WINDOWS\system32\vtsqn.dll
regkey:
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{FC148228-87E1-4D00-AC06-58DCAA52A4D1}
regkey:
HKLM\SOFTWARE\CLASSES\CLSID\{FC148228-87E1-4D00-AC06-58DCAA52A4D1}
bho:
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{FC148228-87E1-4D00-AC06-58DCAA52A4D1}
clsid:
HKLM\SOFTWARE\CLASSES\CLSID\{FC148228-87E1-4D00-AC06-58DCAA52A4D1}
process:
pid:3388
Summary:
Application Registration change occurred.
This agent monitors the various ways which allow a program, script, or executable to be started independent of an application.
Checkpoint:
Class IDs
下面是防火墙的日志:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
+ SynTPLpr TouchPad Driver Helper Application Synaptics, Inc. C:\PROGRAM FILES\SYNAPTICS\SYNTP\SYNTPLPR.EXE
+ SynTPEnh Synaptics TouchPad Enhancements Synaptics, Inc. C:\PROGRAM FILES\SYNAPTICS\SYNTP\SYNTPENH.EXE
+ TPKMAPHELPER Keyboard Customizer IBM Corp. C:\PROGRAM FILES\THINKPAD\UTILITIES\TPKMAPAP.EXE
+ TpShocks IBM Active Protection System IBM Corp. C:\WINDOWS\system32\TPSHOCKS.EXE
+ TPHOTKEY C:\PROGRA~1\THINKPAD\PKGMGR\HOTKEY\TPHKMGR.EXE
+ ControlCenter PSuite Control Center UPEK Inc. C:\PROGRAM FILES\IBM FINGERPRINT SOFTWARE\CTLCNTR.EXE
+ TP4EX IBM TrackPoint Accessibility Features IBM Corporation C:\WINDOWS\system32\TP4EX.EXE
+ EZEJMNAP IBM ThinkPad EasyEject Support Application IBM Corp. C:\PROGRA~1\THINKPAD\UTILIT~1\EZEJMNAP.EXE
+ ATIPTA ATI Desktop Control Panel ATI Technologies, Inc. C:\PROGRAM FILES\ATI TECHNOLOGIES\ATI CONTROL PANEL\ATIPTAXX.EXE
+ UC_Start C:\PROGRAM FILES\IBM\UPDATER\\UCSTARTUP.EXE
+ UpdateManager Sonic Update Manager Sonic Solutions C:\PROGRAM FILES\COMMON FILES\SONIC\UPDATE MANAGER\SGTRAY.EXE
+ dla Drive Letter Access Component Sonic Solutions C:\WINDOWS\SYSTEM32\DLA\TFSWCTRL.EXE
+ IBMPRC ibmprc Application IBM Corp. C:\IBMTOOLS\UTILS\IBMPRC.EXE
+ QCWLICON IBM Access Connections - Wireless Status Icon. IBM Corp. C:\PROGRAM FILES\THINKPAD\CONNECTUTILITIES\QCWLICON.EXE
+ PWRMGRTR IBM ThinkPad Power Manager Background Monitor and Tray Battery Gauge IBM Corp. C:\PROGRA~1\THINKPAD\UTILIT~1\PWRMGRTR.DLL
+ IMJPMIG8.1 ; C:\WINDOWS\IME\IMJP8_1\IMJPMIG.EXE
+ IMEKRMIG6.1 ; C:\WINDOWS\IME\IMKR6_1\IMEKRMIG.EXE
+ MSPY2002 C:\WINDOWS\SYSTEM32\IME\PINTLGNT\IMSCINST.EXE
+ secure Redirect MFC Application C:\WINDOWS\SYSTEM32\YMDWMX.EXE
+ iTunesHelper F:\PROGRAM FILES\ITUNESHELPER.EXE
+ TkBellExe RealNetworks Scheduler RealNetworks, Inc. C:\PROGRAM FILES\COMMON FILES\REAL\UPDATE_OB\REALSCHED.EXE
C:\Documents and Settings\All Users\Start Menu\Programs\Startup
+ Adobe Reader Speed Launch.lnk Adobe Acrobat SpeedLauncher Adobe Systems Incorporated C:\PROGRA~1\ADOBE\ACROBA~1.0\READER\READER~1.EXE
HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows\Load
+ (?�x�7 (?�x�7
HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows\Run
+ �?�x�7 �?�x�7.EXE
强进酒 - 2006-2-23 23:59:00
多谢啦,可能是个很简单的问题,但我实在是个菜鸟:(只好有劳各位高手了!
不言放弃 - 2006-2-24 8:17:00
删除C:\WINDOWS\system32\vtsqn.dll
强进酒 - 2006-2-24 8:31:00
多谢!
但是怎么删除呢?我试了一下,不能直接删除啊,要怎么做呢?
BlackStone - 2006-2-24 8:42:00
强进酒 - 2006-2-24 9:05:00
多谢回复!!
我刚才试了一下,选择全部解锁,然后就蓝屏,然后就自动重起了。启动之后,发现还是没有删掉,唉。
BlackStone - 2006-2-24 9:14:00
选择重命名试试
强进酒 - 2006-2-24 9:22:00
刚才又用unlocker删了一次,跟第一次一样的情况,还是没有删除。不言放弃,BlackStone,多谢热心帮忙。怎么用重命名呢?给那个文件换个名字删除吗?
不言放弃 - 2006-2-24 9:50:00
【回复“强进酒”的帖子】
参考http://www.xfilt.com/tech/trojan-horse.htm
BlackStone - 2006-2-24 10:25:00
【回复“强进酒”的帖子】
Unlocker工具就有重命名功能的
© 2000 - 2026 Rising Corp. Ltd.