瑞星卡卡安全论坛
langbao - 2007-4-17 18:51:00
每次开机瑞星监控就提示ctfmon.exe修改注册表,高手帮忙 操作方式 添加
请问怎么回事啊,最近才出现的,每次开机都有
另外附带问一个问题,瑞星查出来一些病毒提示需要解压缩后杀毒,但是那个压缩包的路径看得人一头雾水,根本无法找到那么些地址,又是数字又是符号乱码什么都有,那些病毒怎么解决掉?
孤独更可靠 - 2007-4-17 18:55:00
1\如果ctfmon.exe是在C:\Windows\system32下的,允许
2\问题太模糊了
看到病毒的压缩包,如果是没有用的话,直接删除掉
newcenturymoon - 2007-4-17 18:59:00
ctfmon那个应该没问题
langbao - 2007-4-17 19:09:00
问题1是我知道那个东西是安全的,是输入法,但是为什么每次开机都会出现修改注册表的提示,以前都不会?我每次都是点的同意修改,但是下次开机照样会提示修改注册表!
问题2关键是他提示的那个压缩包根本就找不到,他给出的那个路径太长了,而且全是写数字乱码符号什么的?怎么去找那些压缩包?更别说删出了!
孤独更可靠 - 2007-4-17 19:35:00
1\修改时候选上,每次都依照此规则
2\找不到?显示所有隐藏文件
先清空临时文件
我的电脑-系统盘(C盘?)-属性-磁盘清理-全部勾选上-点确定即可
按F3查找,输入
*.rar
*.zip
呵呵,最常用的格式
按你说名字很长?查找起来也很方便吧?
天月来了 - 2007-4-17 19:51:00
那出提示时的图呢?
抓一个来。
�火影忍者 - 2007-4-17 20:27:00
每次启动都出现,
扫个日志上来吧..
langbao2 - 2007-4-17 21:07:00
进程名称 路径 数值名称 数值数据 操作日期 操作方式 操作结果
D:\360安全卫士\360Safe.exe HKEY_CURRENT_USER\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\WINDOWS load 2007-03-06 18:51 删除 同意修改
C:\WINDOWS\system32\nvsvc32.exe HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN NvCplDaemon RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup 2007-03-06 18:55 修改 拒绝修改
C:\WINDOWS\system32\nvsvc32.exe HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN NvCplDaemon RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup 2007-03-06 19:52 修改 同意修改
C:\WINDOWS\system32\RUNDLL32.EXE HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN NvMediaCenter RunDLL32.exe NvMCTray.dll,NvTaskbarInit 2007-03-06 22:19 修改 同意修改
D:\360安全卫士\360Safe.exe HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN\360DISABLED load 2007-03-09 11:56 删除 同意修改
D:\360安全卫士\360Safe.exe HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN\360DISABLED default 2007-03-09 11:56 删除 同意修改
D:\Windows优化大师\WoptiUtilities.exe HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN !AVG Anti-Spyware 2007-03-09 12:02 删除 同意修改
D:\AVG Anti-Spyware 7.5\avgas.exe HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN !AVG Anti-Spyware "D:\AVG Anti-Spyware 7.5\avgas.exe" /minimized 2007-03-09 12:02 修改 同意修改
D:\360安全卫士\360Safe.exe HKEY_CURRENT_USER\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\WINDOWS load 2007-03-09 12:51 删除 同意修改
D:\360安全卫士\360Safe.exe HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUNONCE 360Safe Rundll32.exe D:\360安~1\AntiAdwa.dll,KillAdware 2007-03-09 12:51 修改 同意修改
C:\WINDOWS\system32\Rundll32.exe HKEY_CURRENT_USER\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\WINDOWS load 2007-03-09 12:52 删除 同意修改
D:\360安全卫士\360Safe.exe HKEY_CURRENT_USER\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\WINDOWS load 2007-03-10 11:27 删除 同意修改
D:\360安全卫士\360Safe.exe HKEY_CURRENT_USER\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\WINDOWS load 2007-03-10 17:39 删除 同意修改
D:\360安全卫士\360Safe.exe HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUNONCE 360Safe Rundll32.exe D:\360安~1\AntiAdwa.dll,KillAdware 2007-03-10 17:40 修改 同意修改
C:\WINDOWS\system32\Rundll32.exe HKEY_CURRENT_USER\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\WINDOWS load 2007-03-10 17:41 删除 同意修改
D:\360安全卫士\360Safe.exe HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN 360Safetray D:\360安全卫士\safemon\360Tray.exe /start 2007-03-10 17:42 修改 同意修改
D:\360安全卫士\safemon\360Tray.exe HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN 360Safetray 2007-03-10 17:44 删除 同意修改
D:\Windows优化大师\WoptiUtilities.exe HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN !AVG Anti-Spyware 2007-03-13 12:43 删除 同意修改
langbao2 - 2007-4-17 21:08:00
D:\AVG Anti-Spyware 7.5\avgas.exe HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN !AVG Anti-Spyware "D:\AVG Anti-Spyware 7.5\avgas.exe" /minimized 2007-03-13 12:43 修改 同意修改
D:\360安全卫士\360Safe.exe HKEY_CURRENT_USER\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\WINDOWS load 2007-03-13 22:33 删除 同意修改
C:\WINDOWS\system32\rundll32.exe HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN domino C:\WINDOWS\domino.exe 2007-03-18 13:56 修改 同意修改
C:\WINDOWS\system32\rundll32.exe HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN VMSnap1 C:\WINDOWS\VMSnap1.exe 2007-03-18 13:56 修改 同意修改
C:\WINDOWS\system32\rundll32.exe HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUNONCE MSPCLOCK rundll32.exe streamci,StreamingDeviceSetup {97ebaacc-95bd-11d0-a3ea-00a0c9223196},{53172480-4791-11D0-A5D6-28DB04C10000},{53172480-4791-11D0-A5D6-28DB04C10000}2007-03-18 13:56 修改 同意修改
C:\WINDOWS\system32\rundll32.exe HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUNONCE MSPQM rundll32.exe streamci,StreamingDeviceSetup {DDF4358E-BB2C-11D0-A42F-00A0C9223196},{97EBAACB-95BD-11D0-A3EA-00A0C9223196},{97EBAACB-95BD-11D0-A3EA-00A0C9223196}2007-03-18 13:56 修改 同意修改
C:\WINDOWS\system32\rundll32.exe HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUNONCE MSKSSRV rundll32.exe streamci,StreamingDeviceSetup {96E080C7-143C-11D1-B40F-00A0C9223196},{3C0D501A-140B-11D1-B40F-00A0C9223196},{3C0D501A-140B-11D1-B40F-00A0C9223196}2007-03-18 13:56 修改 同意修改
C:\WINDOWS\system32\rundll32.exe HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUNONCE CCDECODE0 rundll32.exe streamci,StreamingDeviceSetup {562370a8-f8dd-11d2-bc64-00a0c95ec22e},GLOBAL,{07DAD660-22F1-11d1-A9F4-00C04FBBDE8F},C:\WINDOWS\INF\CCDECODE.inf,CCDECODE.Interface.Install2007-03-18 13:56 修改 同意修改
C:\WINDOWS\system32\rundll32.exe HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUNONCE nabtsfec0 rundll32.exe streamci,StreamingDeviceSetup {07DAD662-22F1-11d1-A9F4-00C04FBBDE8F},GLOBAL,{07DAD660-22F1-11d1-A9F4-00C04FBBDE8F},C:\WINDOWS\INF\nabtsfec.inf,NABTSFEC.Interface.Install2007-03-18 13:56 修改 同意修改
C:\WINDOWS\system32\rundll32.exe HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUNONCE WSTCODEC0 rundll32.exe streamci,StreamingDeviceSetup {70BC06E0-5666-11d3-A184-00105AEF9F33},GLOBAL,{07DAD660-22F1-11d1-A9F4-00C04FBBDE8F},C:\WINDOWS\INF\WSTCODEC.inf,WSTCODEC.Interface.Install2007-03-18 13:56 修改 同意修改
C:\WINDOWS\system32\rundll32.exe HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUNONCE SLIP0 rundll32.exe streamci,StreamingDeviceSetup {03884CB6-E89A-4deb-B69E-8DC621686E6A},GLOBAL,{FD0A5AF4-B41D-11d2-9C95-00C04F7971E0},C:\WINDOWS\INF\slip.inf,VBIcodec2007-03-18 13:56 修改 同意修改
C:\WINDOWS\system32\rundll32.exe HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUNONCE STREAMIP0 rundll32.exe streamci,StreamingDeviceSetup {D84D449B-62FB-4ebb-B969-5183ED3DFB51},GLOBAL,{71985F4A-1CA1-11d3-9CC8-00C04F7971E0},C:\WINDOWS\INF\streamip.inf,BDAcodec2007-03-18 13:56 修改 同意修改
C:\WINDOWS\system32\rundll32.exe HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUNONCE NDISIP0 rundll32.exe streamci,StreamingDeviceSetup {48926476-2cae-4ded-a86e-73ddebed6779},NDISIP,{9aa4a2cc-81e0-4cfd-802f-0f74526d2bd3},C:\WINDOWS\INF\ndisip.inf,NdisIP.Reg2007-03-18 13:56 修改 同意修改
D:\360安全卫士\360Safe.exe HKEY_CURRENT_USER\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\WINDOWS load 2007-03-19 13:45 删除 同意修改
D:\360安全卫士\360Safe.exe HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN 360Safetray D:\360安全卫士\safemon\360Tray.exe /start 2007-03-25 00:55 修改 同意修改
D:\360安全卫士\safemon\360Tray.exe HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN domino 2007-03-25 11:05 删除 同意修改
D:\360安全卫士\safemon\360Tray.exe HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN VMSnap1 2007-03-25 11:05 删除 拒绝修改
langbao2 - 2007-4-17 21:08:00
D:\360安全卫士\safemon\360Tray.exe HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN VMSnap1 2007-03-25 11:05 删除 拒绝修改
D:\360安全卫士\safemon\360tray.exe HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN VMSnap1 2007-03-25 11:06 删除 拒绝修改
D:\360安全卫士\safemon\360tray.exe HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN VMSnap1 2007-03-25 11:07 删除 拒绝修改
HKEY_CURRENT_USER\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN MSMSGS "C:\Program Files\Messenger\msmsgs.exe" /background 2007-03-26 13:36 修改 同意修改
D:\360安全卫士\360Safe.exe HKEY_CURRENT_USER\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\WINDOWS load 2007-03-27 23:36 删除 同意修改
D:\Windows优化大师\WoptiUtilities.exe HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN 360Safetray 2007-03-28 23:10 删除 同意修改
D:\360安全卫士\360Safe.exe HKEY_CURRENT_USER\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\WINDOWS load 2007-04-01 01:03 删除 同意修改
D:\360安全卫士\360Safe.exe HKEY_CURRENT_USER\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\WINDOWS load 2007-04-01 22:20 删除 同意修改
C:\DOCUME~1\XXX\LOCALS~1\Temp\upxdnd.exe HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN upxdnd C:\DOCUME~1\XXX\LOCALS~1\Temp\upxdnd.exe 2007-04-01 22:26 修改 同意修改
C:\WINDOWS\cmdbcs.exe HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN cmdbcs C:\WINDOWS\cmdbcs.exe 2007-04-01 22:27 修改 同意修改
HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN winform C:\WINDOWS\winform.exe 2007-04-01 22:27 修改 同意修改
HKEY_CURRENT_USER\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN khlei0uwg C:\DOCUME~1\XXX\LOCALS~1\Temp\rundl132.exe 2007-04-01 22:27 修改 同意修改
HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN mppds C:\WINDOWS\mppds.exe 2007-04-01 22:27 修改 同意修改
C:\WINDOWS\system32\rundll32.exe HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUNONCE GrpConv grpconv -o 2007-04-01 22:29 修改 同意修改
D:\360安全卫士\360Safe.exe HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN upxdnd 2007-04-01 22:31 删除 同意修改
D:\360安全卫士\360Safe.exe HKEY_CURRENT_USER\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN\360DISABLED default 2007-04-01 22:31 添加 同意修改
D:\360安全卫士\360Safe.exe HKEY_CURRENT_USER\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN\360DISABLED svc rem C:\DOCUME~1\XXX\LOCALS~1\Temp\spolive.exe 2007-04-01 22:31 修改 同意修改
D:\360安全卫士\360Safe.exe HKEY_CURRENT_USER\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\WINDOWS load 2007-04-01 22:31 删除 同意修改
C:\WINDOWS\system32\Rundll32.exe HKEY_CURRENT_USER\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\WINDOWS load 2007-04-01 22:32 删除 同意修改
langbao2 - 2007-4-17 21:09:00
C:\WINDOWS\system32\dumprep.exe HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN KernelFaultCheck 2007-04-01 22:33 删除 同意修改
C:\Program Files\AresMaX\Max.exe HKEY_CLASSES_ROOT\TXTFILE\SHELL\OPEN\COMMAND C:\WINDOWS\notepad.exe %1 2007-04-01 22:41 修改 同意修改
C:\WINDOWS\system32\Restore\rstrui.exe HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUNONCE *Restore C:\WINDOWS\system32\restore\rstrui.exe -i 2007-04-01 22:48 修改 同意修改
E:\临时下载文件夹\SREng.EXE HKEY_CLASSES_ROOT\INIFILE\SHELL\OPEN\COMMAND 2007-04-01 23:12 修改 同意修改
E:\临时下载文件夹\SREng.EXE HKEY_CLASSES_ROOT\INFFILE\SHELL\OPEN\COMMAND 2007-04-01 23:12 修改 同意修改
E:\临时下载文件夹\SREng.EXE HKEY_CLASSES_ROOT\.VBS vbsfile 2007-04-01 23:12 修改 同意修改
D:\超级巡警\ast\ast.exe HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN Anti-Spy Tools D:\超级巡警\ast\ast.exe -min 2007-04-02 13:10 修改 同意修改
D:\超级巡警\ast\ast.exe HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN Anti-Spy Tools 2007-04-02 13:54 删除 同意修改
D:\Windows优化大师\WoptiUtilities.exe HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN NvCplDaemon 2007-04-07 21:45 删除 同意修改
D:\Windows优化大师\WoptiUtilities.exe HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN NvMediaCenter 2007-04-07 21:45 删除 同意修改
D:\Windows优化大师\WoptiUtilities.exe HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN !AVG Anti-Spyware 2007-04-07 21:45 删除 同意修改
D:\Windows优化大师\WoptiUtilities.exe HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN VMSnap1 2007-04-07 21:45 删除 同意修改
D:\Windows优化大师\WoptiUtilities.exe HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN 360Safetray 2007-04-07 21:45 删除 同意修改
D:\AVG Anti-Spyware 7.5\avgas.exe HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN !AVG Anti-Spyware "D:\AVG Anti-Spyware 7.5\avgas.exe" /minimized 2007-04-14 12:37 修改 同意修改
D:\黄山IE修复专家\hsreg.exe HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN !AVG Anti-Spyware 2007-04-14 12:42 删除 拒绝修改
D:\黄山IE修复专家\hsreg.exe HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN 360Safetray 2007-04-14 12:42 删除 拒绝修改
D:\黄山IE修复专家\hsreg.exe HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN NvCplDaemon 2007-04-14 12:42 删除 拒绝修改
C:\WINDOWS\regedit.exe HKEY_CURRENT_USER\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\POLICIES\SYSTEM DisableRegistryTools 2007-04-14 12:42 修改 拒绝修改
langbao2 - 2007-4-17 21:09:00
C:\WINDOWS\regedit.exe HKEY_CLASSES_ROOT\.VBS vbsfile 2007-04-14 12:42 修改 拒绝修改
C:\WINDOWS\regedit.exe HKEY_CURRENT_USER\SOFTWARE\POLICIES\MICROSOFT\INTERNET EXPLORER\CONTROL PANEL HomePage 2007-04-14 12:42 修改 拒绝修改
C:\WINDOWS\regedit.exe HKEY_CURRENT_USER\SOFTWARE\MICROSOFT\INTERNET EXPLORER searchurl about:blank 2007-04-14 12:42 修改 拒绝修改
C:\WINDOWS\regedit.exe HKEY_CURRENT_USER\SOFTWARE\POLICIES\MICROSOFT\INTERNET EXPLORER\RESTRICTIONS NoViewSource 2007-04-14 12:42 修改 拒绝修改
C:\WINDOWS\regedit.exe HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\INTERNET EXPLORER searchurl about:blank 2007-04-14 12:42 修改 拒绝修改
C:\WINDOWS\regedit.exe HKEY_LOCAL_MACHINE\SOFTWARE\POLICIES\MICROSOFT\INTERNET EXPLORER\RESTRICTIONS NoViewSource 2007-04-14 12:42 修改 拒绝修改
C:\WINDOWS\regedit.exe HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\URL\DEFAULTPREFIX default 2007-04-14 12:42 删除 拒绝修改
C:\WINDOWS\regedit.exe HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\URL\PREFIXES www http:// 2007-04-14 12:42 修改 拒绝修改
C:\WINDOWS\regedit.exe HKEY_CURRENT_USER\SOFTWARE\POLICIES\MICROSOFT\INTERNET EXPLORER\RESTRICTIONS NoBrowserContextMenu 2007-04-14 12:42 修改 拒绝修改
C:\WINDOWS\regedit.exe HKEY_CURRENT_USER\SOFTWARE\POLICIES\MICROSOFT\INTERNET EXPLORER\RESTRICTIONS NoViewSource 2007-04-14 12:42 修改 拒绝修改
C:\WINDOWS\regedit.exe HKEY_LOCAL_MACHINE\SOFTWARE\POLICIES\MICROSOFT\INTERNET EXPLORER\RESTRICTIONS NoViewSource 2007-04-14 12:42 修改 拒绝修改
C:\WINDOWS\regedit.exe HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN default 2007-04-14 12:42 删除 拒绝修改
C:\WINDOWS\regedit.exe HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUNSERVICES default 2007-04-14 12:42 删除 拒绝修改
C:\WINDOWS\regedit.exe HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUNONCE default 2007-04-14 12:42 删除 拒绝修改
C:\WINDOWS\system32\ctfmon.exe HKEY_CURRENT_USER\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN default 2007-04-14 12:42 添加 拒绝修改
C:\WINDOWS\system32\ctfmon.exe HKEY_CURRENT_USER\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN default 2007-04-14 12:42 添加 拒绝修改
C:\WINDOWS\regedit.exe HKEY_CURRENT_USER\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN default 2007-04-14 12:42 添加 拒绝修改
C:\WINDOWS\regedit.exe HKEY_CURRENT_USER\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN default 2007-04-14 12:42 添加 拒绝修改
C:\WINDOWS\regedit.exe HKEY_CURRENT_USER\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUNONCE default 2007-04-14 12:42 添加 拒绝修改
C:\WINDOWS\regedit.exe HKEY_CURRENT_USER\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUNONCE default 2007-04-14 12:42 添加 拒绝修改
C:\WINDOWS\regedit.exe HKEY_CURRENT_USER\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUNSERVICES default 2007-04-14 12:42 添加 拒绝修改
C:\WINDOWS\regedit.exe HKEY_CURRENT_USER\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUNSERVICES default 2007-04-14 12:42 添加 拒绝修改
D:\黄山IE修复专家\hsreg.exe HKEY_CURRENT_USER\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\WINDOWS load 2007-04-14 12:42 修改 拒绝修改
langbao2 - 2007-4-17 21:10:00
D:\黄山IE修复专家\hsreg.exe HKEY_CURRENT_USER\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\WINDOWS run 2007-04-14 12:42 修改 拒绝修改
D:\黄山IE修复专家\hsreg.exe HKEY_CURRENT_USER\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\WINDOWS load 2007-04-14 12:42 删除 拒绝修改
D:\黄山IE修复专家\hsreg.exe HKEY_CURRENT_USER\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\WINDOWS load 2007-04-14 12:42 修改 拒绝修改
D:\黄山IE修复专家\hsreg.exe HKEY_CURRENT_USER\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\WINDOWS run 2007-04-14 12:42 修改 拒绝修改
D:\黄山IE修复专家\hsreg.exe HKEY_CURRENT_USER\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\WINDOWS load 2007-04-14 12:42 删除 拒绝修改
C:\WINDOWS\system32\ctfmon.exe HKEY_CURRENT_USER\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN default 2007-04-14 13:44 添加 拒绝修改
C:\WINDOWS\system32\ctfmon.exe HKEY_CURRENT_USER\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN default 2007-04-14 13:45 添加 拒绝修改
D:\Bitcomet\BitComet.exe HKEY_CURRENT_USER\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN default 2007-04-14 15:20 添加 同意修改
C:\WINDOWS\system32\ctfmon.exe HKEY_CURRENT_USER\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN default 2007-04-14 15:22 添加 同意修改
E:\临时下载文件夹\setup.exe HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN 360Safetray D:\360安全卫士\safemon\360tray.exe 2007-04-14 15:48 修改 同意修改
D:\Bitcomet\BitComet.exe HKEY_CURRENT_USER\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN default 2007-04-14 20:03 添加 同意修改
C:\WINDOWS\system32\ctfmon.exe HKEY_CURRENT_USER\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN default 2007-04-14 20:08 添加 同意修改
C:\WINDOWS\system32\ctfmon.exe HKEY_CURRENT_USER\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN default 2007-04-14 20:18 添加 同意修改
D:\Bitcomet\BitComet.exe HKEY_CURRENT_USER\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN default 2007-04-14 23:34 添加 同意修改
C:\WINDOWS\system32\ctfmon.exe HKEY_CURRENT_USER\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN default 2007-04-15 10:56 添加 同意修改
C:\WINDOWS\system32\ctfmon.exe HKEY_CURRENT_USER\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN default 2007-04-16 18:29 添加 同意修改
C:\WINDOWS\system32\ctfmon.exe HKEY_CURRENT_USER\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN default 2007-04-17 17:25 添加 同意修改
C:\WINDOWS\system32\ctfmon.exe HKEY_CURRENT_USER\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN default 2007-04-17 17:36 添加 同意修改
D:\360安全卫士\360safe.exe HKEY_CURRENT_USER\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\WINDOWS load 2007-04-17 19:05 删除 同意修改
D:\360安全卫士\360safe.exe HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCH CustomizeSearch http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm 2007-04-17 19:05 修改 同意修改
D:\360安全卫士\360safe.exe HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCH SearchAssistant http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm 2007-04-17 19:05 修改 同意修改
D:\360安全卫士\360safe.exe HKEY_CURRENT_USER\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\WINDOWS load 2007-04-17 19:06 删除 同意修改
D:\360安全卫士\safemon\360tray.exe HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN 360Safetray D:\360安全卫士\safemon\360tray.exe /start 2007-04-17 19:18 修改 同意修改
以上是问题1的日志
langbao2 - 2007-4-17 21:13:00
病毒名称 发现日期 扫描方式 路径 文件 病毒来源
Trojan.DL.MnLess.ej 2007-04-12 19:46 手动扫描 C: 112.exe>>$WINDIR\temp\host.exe>>$TEMP\china-so.exe>>upx_b 本机
Trojan.DL.MnLess.ej 2007-04-12 19:46 手动扫描 C: 112.exe>>$WINDIR\temp\host.exe>>$TEMP\china-so.exe>>upx_b 本机
Trojan.DL.MnLess.ej 2007-04-12 19:46 手动扫描 C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\QS94V6XB 1260[1].exe>>$TEMP\china-so.exe>>upx_b 本机
Trojan.DL.MnLess.ej 2007-04-12 19:46 手动扫描 C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\QS94V6XB 1260[1].exe>>$TEMP\china-so.exe>>upx_b 本机
Trojan.IMMSG.TBMSG.dn 2007-04-12 19:46 手动扫描 C:\Documents and Settings\xxx\Local Settings\Temp c1273.exe>>$TEMP\yaku0051.exe 本机
Trojan.DL.MnLess.ej 2007-04-12 19:46 手动扫描 C:\Documents and Settings\xxx\Local Settings\Temporary Internet Files\Content.IE5\H8G9RU1D 109[1].exe>>$WINDIR\temp\host.exe>>$TEMP\china-so.exe>>upx_b 本机
Trojan.DL.MnLess.ej 2007-04-12 19:46 手动扫描 C:\Documents and Settings\xxx\Local Settings\Temporary Internet Files\Content.IE5\H8G9RU1D 109[1].exe>>$WINDIR\temp\host.exe>>$TEMP\china-so.exe>>upx_b 本机
Trojan.IMMSG.TBMSG.dn 2007-04-12 19:47 手动扫描 C:\Documents and Settings\xxx\Local Settings\Temporary Internet Files\Content.IE5\L7MHE42G c1273[1].exe>>$TEMP\yaku0051.exe 本机
Trojan.Clicker.Agent.bdk 2007-04-12 19:48 手动扫描 C:\Program Files\Common Files ad2180.exe>>$COMMONFILES\CPUSH\cpush.tmp 本机
Trojan.DL.MnLess.ej 2007-04-12 19:48 手动扫描 C:\WINDOWS 109.exe>>$WINDIR\temp\host.exe>>$TEMP\china-so.exe>>upx_b 本机
Trojan.DL.MnLess.ej 2007-04-12 19:48 手动扫描 C:\WINDOWS 109.exe>>$WINDIR\temp\host.exe>>$TEMP\china-so.exe>>upx_b 本机
Trojan.DL.MnLess.ej 2007-04-12 19:48 手动扫描 C:\WINDOWS 1260.exe>>$TEMP\china-so.exe>>upx_b 本机
Trojan.DL.MnLess.ej 2007-04-12 19:48 手动扫描 C:\WINDOWS 1260.exe>>$TEMP\china-so.exe>>upx_b 本机
Trojan.DL.MnLess.ej 2007-04-12 19:53 手动扫描 C:\WINDOWS\Temp host.exe>>$TEMP\china-so.exe>>upx_b 本机
Trojan.DL.MnLess.ej 2007-04-12 19:53 手动扫描 C:\WINDOWS\Temp host.exe>>$TEMP\china-so.exe>>upx_b 本机
Trojan.DL.MnLess.ej 2007-04-12 19:58 手动扫描 C: 112.exe>>$WINDIR\temp\host.exe>>$TEMP\china-so.exe>>upx_b 本机
Trojan.DL.MnLess.ej 2007-04-12 19:58 手动扫描 C: 112.exe>>$WINDIR\temp\host.exe>>$TEMP\china-so.exe>>upx_b 本机
Trojan.DL.MnLess.ej 2007-04-12 19:58 手动扫描 C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\QS94V6XB 1260[1].exe>>$TEMP\china-so.exe>>upx_b 本机
Trojan.DL.MnLess.ej 2007-04-12 19:58 手动扫描 C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\QS94V6XB 1260[1].exe>>$TEMP\china-so.exe>>upx_b 本机
Trojan.IMMSG.TBMSG.dn 2007-04-12 19:58 手动扫描 C:\Documents and Settings\xxx\Local Settings\Temp c1273.exe>>$TEMP\yaku0051.exe 本机
Trojan.DL.MnLess.ej 2007-04-12 19:58 手动扫描 C:\Documents and Settings\xxx\Local Settings\Temporary Internet Files\Content.IE5\H8G9RU1D 109[1].exe>>$WINDIR\temp\host.exe>>$TEMP\china-so.exe>>upx_b 本机
Trojan.DL.MnLess.ej 2007-04-12 19:58 手动扫描 C:\Documents and Settings\xxx\Local Settings\Temporary Internet Files\Content.IE5\H8G9RU1D 109[1].exe>>$WINDIR\temp\host.exe>>$TEMP\china-so.exe>>upx_b 本机
langbao2 - 2007-4-17 21:14:00
Trojan.IMMSG.TBMSG.dn 2007-04-12 19:58 手动扫描 C:\Documents and Settings\xxx\Local Settings\Temporary Internet Files\Content.IE5\L7MHE42G c1273[1].exe>>$TEMP\yaku0051.exe 本机
Trojan.Clicker.Agent.bdk 2007-04-12 19:58 手动扫描 C:\Program Files\Common Files ad2180.exe>>$COMMONFILES\CPUSH\cpush.tmp 本机
Trojan.DL.MnLess.ej 2007-04-12 19:58 手动扫描 C:\WINDOWS 109.exe>>$WINDIR\temp\host.exe>>$TEMP\china-so.exe>>upx_b 本机
Trojan.DL.MnLess.ej 2007-04-12 19:58 手动扫描 C:\WINDOWS 109.exe>>$WINDIR\temp\host.exe>>$TEMP\china-so.exe>>upx_b 本机
Trojan.DL.MnLess.ej 2007-04-12 19:58 手动扫描 C:\WINDOWS 1260.exe>>$TEMP\china-so.exe>>upx_b 本机
Trojan.DL.MnLess.ej 2007-04-12 19:58 手动扫描 C:\WINDOWS 1260.exe>>$TEMP\china-so.exe>>upx_b 本机
Trojan.DL.MnLess.ej 2007-04-12 19:58 手动扫描 C:\WINDOWS\Temp host.exe>>$TEMP\china-so.exe>>upx_b 本机
Trojan.DL.MnLess.ej 2007-04-12 19:58 手动扫描 C:\WINDOWS\Temp host.exe>>$TEMP\china-so.exe>>upx_b 本机
Trojan.DL.MnLess.ej 2007-04-12 20:00 手动扫描 C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\QS94V6XB 1260[1].exe>>$TEMP\china-so.exe>>upx_b 本机
Trojan.DL.MnLess.ej 2007-04-12 20:00 手动扫描 C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\QS94V6XB 1260[1].exe>>$TEMP\china-so.exe>>upx_b 本机
Trojan.IMMSG.TBMSG.dn 2007-04-12 20:00 手动扫描 C:\Documents and Settings\xxx\Local Settings\Temp c1273.exe>>$TEMP\yaku0051.exe 本机
Trojan.DL.MnLess.ej 2007-04-12 20:01 手动扫描 C:\Documents and Settings\xxx\Local Settings\Temporary Internet Files\Content.IE5\H8G9RU1D 109[1].exe>>$WINDIR\temp\host.exe>>$TEMP\china-so.exe>>upx_b 本机
Trojan.DL.MnLess.ej 2007-04-12 20:01 手动扫描 C:\Documents and Settings\xxx\Local Settings\Temporary Internet Files\Content.IE5\H8G9RU1D 109[1].exe>>$WINDIR\temp\host.exe>>$TEMP\china-so.exe>>upx_b 本机
Trojan.IMMSG.TBMSG.dn 2007-04-12 20:01 手动扫描 C:\Documents and Settings\xxx\Local Settings\Temporary Internet Files\Content.IE5\L7MHE42G c1273[1].exe>>$TEMP\yaku0051.exe 本机
Trojan.Clicker.Agent.bdk 2007-04-12 20:01 手动扫描 C:\Program Files\Common Files ad2180.exe>>$COMMONFILES\CPUSH\cpush.tmp 本机
Trojan.DL.MnLess.ej 2007-04-12 20:02 手动扫描 C:\WINDOWS 109.exe>>$WINDIR\temp\host.exe>>$TEMP\china-so.exe>>upx_b 本机
Trojan.DL.MnLess.ej 2007-04-12 20:02 手动扫描 C:\WINDOWS 109.exe>>$WINDIR\temp\host.exe>>$TEMP\china-so.exe>>upx_b 本机
Trojan.DL.MnLess.ej 2007-04-12 20:02 手动扫描 C:\WINDOWS 1260.exe>>$TEMP\china-so.exe>>upx_b 本机
Trojan.DL.MnLess.ej 2007-04-12 20:02 手动扫描 C:\WINDOWS 1260.exe>>$TEMP\china-so.exe>>upx_b 本机
Trojan.DL.MnLess.ej 2007-04-12 20:03 手动扫描 C:\WINDOWS\Temp host.exe>>$TEMP\china-so.exe>>upx_b 本机
Trojan.DL.MnLess.ej 2007-04-12 20:03 手动扫描 C:\WINDOWS\Temp host.exe>>$TEMP\china-so.exe>>upx_b 本机
Trojan.DL.MnLess.ej 2007-04-12 20:20 手动扫描 C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\QS94V6XB 1260[1].exe>>$TEMP\china-so.exe>>upx_b 本机
Trojan.DL.MnLess.ej 2007-04-12 20:20 手动扫描 C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\QS94V6XB 1260[1].exe>>$TEMP\china-so.exe>>upx_b 本机
langbao2 - 2007-4-17 21:16:00
Trojan.IMMSG.TBMSG.dn 2007-04-12 20:20 手动扫描 C:\Documents and Settings\xxx\Local Settings\Temp c1273.exe>>$TEMP\yaku0051.exe 本机
Trojan.DL.MnLess.ej 2007-04-12 20:20 手动扫描 C:\Documents and Settings\xxx\Local Settings\Temporary Internet Files\Content.IE5\H8G9RU1D 109[1].exe>>$WINDIR\temp\host.exe>>$TEMP\china-so.exe>>upx_b 本机
Trojan.DL.MnLess.ej 2007-04-12 20:20 手动扫描 C:\Documents and Settings\xxx\Local Settings\Temporary Internet Files\Content.IE5\H8G9RU1D 109[1].exe>>$WINDIR\temp\host.exe>>$TEMP\china-so.exe>>upx_b 本机
Trojan.IMMSG.TBMSG.dn 2007-04-12 20:20 手动扫描 C:\Documents and Settings\xxx\Local Settings\Temporary Internet Files\Content.IE5\L7MHE42G c1273[1].exe>>$TEMP\yaku0051.exe 本机
Trojan.Clicker.Agent.bdk 2007-04-12 20:20 手动扫描 C:\Program Files\Common Files ad2180.exe>>$COMMONFILES\CPUSH\cpush.tmp 本机
Trojan.DL.MnLess.ej 2007-04-12 20:20 手动扫描 C:\WINDOWS 109.exe>>$WINDIR\temp\host.exe>>$TEMP\china-so.exe>>upx_b 本机
Trojan.DL.MnLess.ej 2007-04-12 20:20 手动扫描 C:\WINDOWS 109.exe>>$WINDIR\temp\host.exe>>$TEMP\china-so.exe>>upx_b 本机
Trojan.DL.MnLess.ej 2007-04-12 20:20 手动扫描 C:\WINDOWS 1260.exe>>$TEMP\china-so.exe>>upx_b 本机
Trojan.DL.MnLess.ej 2007-04-12 20:20 手动扫描 C:\WINDOWS 1260.exe>>$TEMP\china-so.exe>>upx_b 本机
Trojan.DL.MnLess.ej 2007-04-12 20:20 手动扫描 C:\WINDOWS\Temp host.exe>>$TEMP\china-so.exe>>upx_b 本机
Trojan.DL.MnLess.ej 2007-04-12 20:20 手动扫描 C:\WINDOWS\Temp host.exe>>$TEMP\china-so.exe>>upx_b 本机
Trojan.DL.MnLess.ej 2007-04-12 20:21 手动扫描 C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\QS94V6XB 1260[1].exe>>$TEMP\china-so.exe>>upx_b 本机
Trojan.DL.MnLess.ej 2007-04-12 20:21 手动扫描 C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\QS94V6XB 1260[1].exe>>$TEMP\china-so.exe>>upx_b 本机
Trojan.IMMSG.TBMSG.dn 2007-04-12 20:21 手动扫描 C:\Documents and Settings\xxx\Local Settings\Temp c1273.exe>>$TEMP\yaku0051.exe 本机
Trojan.DL.MnLess.ej 2007-04-12 20:21 手动扫描 C:\Documents and Settings\xxx\Local Settings\Temporary Internet Files\Content.IE5\H8G9RU1D 109[1].exe>>$WINDIR\temp\host.exe>>$TEMP\china-so.exe>>upx_b 本机
Trojan.DL.MnLess.ej 2007-04-12 20:21 手动扫描 C:\Documents and Settings\xxx\Local Settings\Temporary Internet Files\Content.IE5\H8G9RU1D 109[1].exe>>$WINDIR\temp\host.exe>>$TEMP\china-so.exe>>upx_b 本机
Trojan.IMMSG.TBMSG.dn 2007-04-12 20:21 手动扫描 C:\Documents and Settings\xxx\Local Settings\Temporary Internet Files\Content.IE5\L7MHE42G c1273[1].exe>>$TEMP\yaku0051.exe 本机
Trojan.Clicker.Agent.bdk 2007-04-12 20:21 手动扫描 C:\Program Files\Common Files ad2180.exe>>$COMMONFILES\CPUSH\cpush.tmp 本机
Trojan.DL.MnLess.ej 2007-04-12 20:21 手动扫描 C:\WINDOWS 109.exe>>$WINDIR\temp\host.exe>>$TEMP\china-so.exe>>upx_b 本机
勇闯猪罗纪 - 2007-4-17 21:16:00
这是什么东东扫出来的日志?
看着真不习惯 哈哈
下载 System Repair Engineer,
http://www.kztechs.com/sreng/download.html
1 解压缩sreng2.zip (在正常模式下 不要在安全模式下扫描)
2 关闭一切多余的程序。不然扫出来的日志太乱。
3 运行SREng.exe
4 智能扫描=》扫描=》保存报告
5 把日志中的报告完整拷贝贴上来,不要修改
langbao2 - 2007-4-17 21:17:00
Trojan.DL.MnLess.ej 2007-04-12 20:21 手动扫描 C:\WINDOWS 109.exe>>$WINDIR\temp\host.exe>>$TEMP\china-so.exe>>upx_b 本机
Trojan.DL.MnLess.ej 2007-04-12 20:21 手动扫描 C:\WINDOWS 1260.exe>>$TEMP\china-so.exe>>upx_b 本机
Trojan.DL.MnLess.ej 2007-04-12 20:21 手动扫描 C:\WINDOWS 1260.exe>>$TEMP\china-so.exe>>upx_b 本机
Trojan.DL.MnLess.ej 2007-04-12 20:21 手动扫描 C:\WINDOWS\Temp host.exe>>$TEMP\china-so.exe>>upx_b 本机
Trojan.DL.MnLess.ej 2007-04-12 20:21 手动扫描 C:\WINDOWS\Temp host.exe>>$TEMP\china-so.exe>>upx_b 本机
Trojan.IMMSG.TBMSG.dn 2007-04-12 20:22 手动扫描 C:\Documents and Settings\xxx\Local Settings\Temp c1273.exe>>$TEMP\yaku0051.exe 本机
Trojan.DL.MnLess.ej 2007-04-12 20:23 手动扫描 C:\Documents and Settings\xxx\Local Settings\Temporary Internet Files\Content.IE5\H8G9RU1D 109[1].exe>>$WINDIR\temp\host.exe>>$TEMP\china-so.exe>>upx_b 本机
Trojan.DL.MnLess.ej 2007-04-12 20:23 手动扫描 C:\Documents and Settings\xxx\Local Settings\Temporary Internet Files\Content.IE5\H8G9RU1D 109[1].exe>>$WINDIR\temp\host.exe>>$TEMP\china-so.exe>>upx_b 本机
Trojan.DL.MnLess.ej 2007-04-12 20:23 手动扫描 C:\Documents and Settings\xxx\Local Settings\Temporary Internet Files\Content.IE5\H8G9RU1D 109[1].exe>>$WINDIR\temp\host.exe>>$TEMP\china-so.exe>>upx_b 本机
Trojan.DL.MnLess.ej 2007-04-12 20:23 手动扫描 C:\Documents and Settings\xxx\Local Settings\Temporary Internet Files\Content.IE5\H8G9RU1D 109[1].exe>>$WINDIR\temp\host.exe>>$TEMP\china-so.exe>>upx_b 本机
Trojan.IMMSG.TBMSG.dn 2007-04-12 20:24 手动扫描 C:\Documents and Settings\xxx\Local Settings\Temporary Internet Files\Content.IE5\L7MHE42G c1273[1].exe>>$TEMP\yaku0051.exe 本机
Trojan.Clicker.Agent.bdk 2007-04-12 20:25 手动扫描 C:\Program Files\Common Files ad2180.exe>>$COMMONFILES\CPUSH\cpush.tmp 本机
Trojan.DL.MnLess.ej 2007-04-12 20:26 手动扫描 C:\WINDOWS 109.exe>>$WINDIR\temp\host.exe>>$TEMP\china-so.exe>>upx_b 本机
Trojan.DL.MnLess.ej 2007-04-12 20:26 手动扫描 C:\WINDOWS 109.exe>>$WINDIR\temp\host.exe>>$TEMP\china-so.exe>>upx_b 本机
Trojan.DL.MnLess.ej 2007-04-12 20:26 手动扫描 C:\WINDOWS 1260.exe>>$TEMP\china-so.exe>>upx_b 本机
Trojan.DL.MnLess.ej 2007-04-12 20:26 手动扫描 C:\WINDOWS 1260.exe>>$TEMP\china-so.exe>>upx_b 本机
Trojan.DL.MnLess.ej 2007-04-12 20:27 手动扫描 C:\WINDOWS 1260.exe>>$TEMP\china-so.exe>>upx_b 本机
Trojan.DL.MnLess.ej 2007-04-12 20:27 手动扫描 C:\WINDOWS 1260.exe>>$TEMP\china-so.exe>>upx_b 本机
Trojan.DL.MnLess.ej 2007-04-12 20:29 手动扫描 C:\WINDOWS\Temp host.exe>>$TEMP\china-so.exe>>upx_b 本机
Trojan.DL.MnLess.ej 2007-04-12 20:29 手动扫描 C:\WINDOWS\Temp host.exe>>$TEMP\china-so.exe>>upx_b 本机
Trojan.DL.Small.uua 2007-04-13 19:07 手动扫描 C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\MTZDFHMX eb10[1].exe>>$SYSDIR\drivers\drwtsm32.exe 本机
Trojan.DL.Small.uua 2007-04-13 19:10 手动扫描 C:\WINDOWS eb10.exe>>$SYSDIR\drivers\drwtsm32.exe 本机
Trojan.DL.MNLess.oq 2007-04-14 15:29 文件监控 C:\System Volume Information\_restore{B3BD4BE9-F09E-40CD-9902-890FC0244E3A}\RP109\A0034063.exe>>$TEMP\$TEMP\574.exe>>$TEMPDoSSSetup.dll
Trojan.DL.Small.uua 2007-04-14 15:29 文件监控 C:\System Volume Information\_restore{B3BD4BE9-F09E-40CD-9902-890FC0244E3A}\RP114\A0036107.exe>>$SYSDIR\drivers drwtsm32.exe
Trojan.DL.MNLess.oq 2007-04-14 20:43 文件监控 C:\System Volume Information\_restore{B3BD4BE9-F09E-40CD-9902-890FC0244E3A}\RP109\A0034063.exe>>$TEMP\$TEMP\574.exe>>$TEMPDoSSSetup.dll
Trojan.DL.Small.uua 2007-04-14 20:43 文件监控 C:\System Volume Information\_restore{B3BD4BE9-F09E-40CD-9902-890FC0244E3A}\RP114\A0036107.exe>>$SYSDIR\drivers drwtsm32.exe
Trojan.DL.MNLess.oq 2007-04-14 21:01 文件监控 C:\System Volume Information\_restore{B3BD4BE9-F09E-40CD-9902-890FC0244E3A}\RP109\A0034063.exe>>$TEMP\$TEMP\574.exe>>$TEMPDoSSSetup.dll
Trojan.DL.Small.uua 2007-04-14 21:01 文件监控 C:\System Volume Information\_restore{B3BD4BE9-F09E-40CD-9902-890FC0244E3A}\RP114\A0036107.exe>>$SYSDIR\drivers drwtsm32.exe
Trojan.DL.MNLess.oq 2007-04-15 13:57 文件监控 C:\System Volume Information\_restore{B3BD4BE9-F09E-40CD-9902-890FC0244E3A}\RP109\A0034063.exe>>$TEMP\$TEMP\574.exe>>$TEMPDoSSSetup.dll
Trojan.DL.Small.uua 2007-04-15 13:57 文件监控 C:\System Volume Information\_restore{B3BD4BE9-F09E-40CD-9902-890FC0244E3A}\RP114\A0036107.exe>>$SYSDIR\drivers drwtsm32.exe
langbao2 - 2007-4-17 21:19:00
以上是问题2的日志
至16楼。
不好意,我不太会,我直接用的瑞星日志查看然后点的导出日志。。
1
© 2000 - 2026 Rising Corp. Ltd.