瑞星卡卡安全论坛

首页 » 技术交流区 » 反病毒/反流氓软件论坛 » 【求助】电脑TEMP目录下出现f1.exe,f2.exe……f12.exe,跪谢!
一上又一上 - 2007-6-1 15:08:00
【求助】电脑TEMP目录下出现f1.exe,f2.exe……f12.exe,跪谢!

中毒了,请各位大虾帮忙看看,我拔掉网线或者禁用网卡电脑就正常,但是只要一连上网,在C盘下的temp目录下就出现N多个f1.exe,f2.exe……f12.exe,没完没了,我电脑的杀毒软件就一直报警,现在已经隔离了7000多个了,我实在是没辙了,请大家帮帮忙,万分感激。附上报警通知以及seng扫描报告:

扫描类型: 实时防护 扫描
事件: 已发现病毒!
病毒名称: Trojan.Packed.NsAnti
文件: C:\DOCUME~1\user\LOCALS~1\Temp\f10.exe
位置:隔离区
计算机:GXH
用户:user
采用的操作:隔离 成功 : 拒绝访问
发现的日期: 2007年6月1日  13:44:35


独孤剑客 - 2007-6-1 15:11:00
上日志,清空临时文件夹!
一上又一上 - 2007-6-1 15:12:00

启动项目
注册表
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
    <ctfmon.exe><C:\WINDOWS\system32\ctfmon.exe>  [(Verified)Microsoft Windows Publisher]
[HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows]
    <load><>  [N/A]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
    <IMJPMIG8.1><"C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32>  [(Verified)Microsoft Windows Publisher]
    <PHIME2002ASync><C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC>  [(Verified)Microsoft Windows Publisher]
    <PHIME2002A><C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName>  [(Verified)Microsoft Windows Publisher]
    <vptray><C:\Program Files\Symantec_Client_Security\Symantec AntiVirus\vptray.exe>  [Symantec Corporation]
    <iamapp><C:\PROGRA~1\SYMANT~1\SYMANT~2\IAMAPP.EXE>  [(Verified)Symantec Corporation]
    <MSConfig><C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto>  [(Verified)Microsoft Windows Publisher]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
    <shell><Explorer.exe>  [(Verified)Microsoft Windows Publisher]
    <Userinit><C:\WINDOWS\system32\userinit.exe,>  [(Verified)Microsoft Windows Publisher]
    <UIHost><logonui.exe>  [(Verified)Microsoft Windows Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
    <{06A68AD9-FF56-6E73-937B-B893E72F6226}><C:\Program Files\Common Files\Microsoft Shared\MSINFO\WinInfo.rxk>  []

==================================
启动文件夹
N/A

==================================
服务
[ANSYS FLEXlm license manager / ANSYS FLEXlm license manager][Running/Auto Start]
  <C:\Program Files\Ansys Inc\Shared Files\Licensing\intel\lmgrd.exe><Macrovision Corporation>
[Autodesk Network Licensing Service / Autodesk Network Licensing Service][Stopped/Manual Start]
  <C:\Program Files\Common Files\Autodesk Shared\Service\AdskNetSrv.exe><Autodesk, Inc.>
[C-DillaSrv / C-DillaSrv][Running/Auto Start]
  <C:\WINDOWS\system32\DRIVERS\CDANTSRV.EXE><C-Dilla Ltd>
[DefWatch / DefWatch][Running/Auto Start]
  <C:\PROGRA~1\SYMANT~1\SYMANT~1\DefWatch.exe><Symantec Corporation>
[Human Interface Device Access / HidServ][Stopped/Disabled]
  <C:\WINDOWS\System32\svchost.exe -k netsvcs-->%SystemRoot%\System32\hidserv.dll><N/A>
[Symantec Client Firewall Service / NISSERV][Running/Auto Start]
  <"C:\Program Files\Symantec_Client_Security\Symantec Client Firewall\NISSERV.EXE"><Symantec Corporation>
[Symantec Client Firewall Accounts Manager / NISUM][Running/Manual Start]
  <"C:\Program Files\Symantec_Client_Security\Symantec Client Firewall\NISUM.EXE"><Symantec Corporation>
[Symantec AntiVirus Client / Norton AntiVirus Server][Running/Auto Start]
  <C:\PROGRA~1\SYMANT~1\SYMANT~1\Rtvscan.exe><Symantec Corporation>
[Symantec Client Firewall Proxy Service / SymPxSvc][Running/Auto Start]
  <"C:\Program Files\Symantec_Client_Security\Symantec Client Firewall\SymPxSvc.exe"><Symantec Corporation>

==================================
驱动程序
[aeaudio / aeaudio][Running/Manual Start]
  <system32\drivers\aeaudio.sys><Andrea Electronics Corporation>
[dtscsi / dtscsi][Stopped/Manual Start]
  <\SystemRoot\System32\Drivers\dtscsi.sys><DT Soft Ltd.>
[Intel(R) PRO Adapter Driver / E100B][Running/Manual Start]
  <system32\DRIVERS\e100b325.sys><Intel Corporation>
[HOSTNT / HOSTNT][Running/Auto Start]
  <\??\C:\WINDOWS\system32\drivers\hostnt.sys><N/A>
[ialm / ialm][Running/Manual Start]
  <system32\DRIVERS\ialmnt5.sys><Intel Corporation>
[MHDRV / MHDRV][Running/Auto Start]
  <\??\C:\WINDOWS\system32\drivers\mhdrv.sys><Windows (R) 2000 DDK provider>
[NAVAP / NAVAP][Running/Manual Start]
  <\??\C:\PROGRA~1\SYMANT~1\SYMANT~1\NAVAP.sys><Symantec Corporation>
[NAVAPEL / NAVAPEL][Running/Auto Start]
  <\??\C:\Program Files\Symantec_Client_Security\Symantec AntiVirus\NAVAPEL.SYS><Symantec Corporation>
[NAVENG / NAVENG][Running/Manual Start]
  <\??\C:\PROGRA~1\COMMON~1\SYMANT~1\VIRUSD~1\20070531.019\NAVENG.sys><Symantec Corporation>
[NAVEX15 / NAVEX15][Running/Manual Start]
  <\??\C:\PROGRA~1\COMMON~1\SYMANT~1\VIRUSD~1\20070531.019\NAVEX15.sys><Symantec Corporation>
[npkcrypt / npkcrypt][Running/Auto Start]
  <\??\C:\Program Files\Tencent\QQ\npkcrypt.sys><INCA Internet Co., Ltd.>
[npkcusb / npkcusb][Running/Auto Start]
  <\??\C:\Program Files\Tencent\QQ\npkcusb.sys><INCA Internet Co., Ltd.>
[Direct Parallel Link Driver / Ptilink][Running/Manual Start]
  <system32\DRIVERS\ptilink.sys><Parallel Technologies, Inc.>
[Secdrv / Secdrv][Stopped/Manual Start]
  <system32\DRIVERS\secdrv.sys><N/A>
[smwdm / smwdm][Running/Manual Start]
  <system32\drivers\smwdm.sys><Analog Devices, Inc.>
[sptd / sptd][Running/Boot Start]
  <\SystemRoot\System32\Drivers\sptd.sys><N/A>
[SYMDNS / SYMDNS][Running/Manual Start]
  <\??\C:\WINDOWS\system32\Drivers\SYMDNS.SYS><Symantec Corporation>
[SymEvent / SymEvent][Running/Manual Start]
  <\??\C:\Program Files\Symantec\SYMEVENT.SYS><Symantec Corporation>
[SYMFW / SYMFW][Running/Manual Start]
  <\??\C:\WINDOWS\system32\Drivers\SYMFW.SYS><Symantec Corporation>
[SYMIDS / SYMIDS][Running/Manual Start]
  <\??\C:\WINDOWS\system32\Drivers\SYMIDS.SYS><Symantec Corporation>
[SYMIDSCO / SYMIDSCO][Running/Manual Start]
  <\??\C:\WINDOWS\system32\Drivers\SYMIDSCO.SYS><Symantec Corporation>
[SYMNDIS / SYMNDIS][Running/Manual Start]
  <\??\C:\WINDOWS\system32\Drivers\SYMNDIS.SYS><Symantec Corporation>
[SYMREDRV / SYMREDRV][Running/Manual Start]
  <\??\C:\WINDOWS\system32\Drivers\SYMREDRV.SYS><Symantec Corporation>
[SYMTDI / SYMTDI][Running/Auto Start]
  <\??\C:\WINDOWS\system32\Drivers\SYMTDI.SYS><Symantec Corporation>

==================================
浏览器加载项
[AcroIEHlprObj Class]
  {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} <D:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll, Adobe Systems Incorporated>
[Thunder Browser Helper]
  {889D2FEB-5411-4565-8998-1DD2C5261283} <C:\Program Files\Thunder Network\Thunder\ComDlls\XunLeiBHO_007.dll, Thunder Networking Technologies,LTD>
[AcroIEToolbarHelper Class]
  {AE7CD045-E861-484f-8273-0445EE161910} <D:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll, Adobe Systems Incorporated>
[启动迅雷5]
  {09BA8F6D-CB54-424B-839C-C2A6C8E6B436} <C:\Program Files\Thunder Network\Thunder\Thunder.exe, Thunder Networking Technologies,LTD>
[浩方对战平台]
  {0A155D3C-68E2-4215-A47A-E800A446447A} <D:\Program Files\浩方对战平台\GameClient.exe, N/A>
[信息检索(&R)]
  {92780B25-18CC-41C8-B9BE-3C9C571A8263} <C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL, Microsoft Corporation>
[QQ]
  {c95fe080-8f5d-11d2-a20b-00aa003c157b} <C:\Program Files\Tencent\QQ\QQ.EXE, TENCENT>
[Messenger]
  {FB5F1910-F110-11d2-BB9E-00C04F795683} <C:\Program Files\Messenger\msmsgs.exe, Microsoft Corporation>
[Adobe PDF]
  {47833539-D0C5-4125-9FA8-0819E2EAAC93} <D:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll, Adobe Systems Incorporated>
[XDownload Class]
  {165D83D3-359C-4783-9BF0-6FA6DC42A3F1} <C:\WINDOWS\Downloaded Program Files\SSDownload.dll, 北京世纪超星>
[SSReaderPlug]
  {1DE88635-1C72-401E-B23B-93FA86D30F3B} <C:\WINDOWS\DOWNLO~1\SSREAD~1.DLL, 北京超星>
[InstaFred]
  {1F831FA1-42FC-11D4-95A6-0080AD30DCE1} <C:\WINDOWS\DOWNLO~1\InstFred.ocx, Autodesk, Inc.>
[AcDcToday 控件]
  {78AF2F24-A9C3-11D3-BF8C-0060B0FCC122} <C:\WINDOWS\DOWNLO~1\ACDCTO~1.OCX, Autodesk>
[MessengerStatsClient Class]
  {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} <C:\WINDOWS\Downloaded Program Files\messengerstatsclient.dll, Microsoft Corporation>
[NOXLATE-BANR]
  {AE563722-B4F5-11D4-A415-00108302FDFD} <C:\WINDOWS\DOWNLO~1\InstBanr.ocx, Autodesk, Inc.>
[Shockwave Flash Object]
  {D27CDB6E-AE6D-11CF-96B8-444553540000} <C:\WINDOWS\system32\Macromed\Flash\Flash9b.ocx, Adobe Systems, Inc.>
[AcPreview 控件]
  {F281A59C-7B65-11D3-8617-0010830243BD} <C:\WINDOWS\DOWNLO~1\ACPREV~1.OCX, Autodesk>
[AcroIEHlprObj Class]
  {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} <D:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll, Adobe Systems Incorporated>
[HTML Document]
  {25336920-03F9-11CF-8FD0-00AA00686F13} <%SystemRoot%\system32\mshtml.dll, N/A>
[Adobe PDF]
  {47833539-D0C5-4125-9FA8-0819E2EAAC93} <D:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll, Adobe Systems Incorporated>
[Thunder Browser Helper]
  {889D2FEB-5411-4565-8998-1DD2C5261283} <C:\Program Files\Thunder Network\Thunder\ComDlls\XunLeiBHO_007.dll, Thunder Networking Technologies,LTD>
[AcroIEToolbarHelper Class]
  {AE7CD045-E861-484F-8273-0445EE161910} <D:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll, Adobe Systems Incorporated>
[RDS.DataSpace]
  {BD96C556-65A3-11D0-983A-00C04FC29E36} <C:\Program Files\Common Files\System\msadc\msadco.dll, Microsoft Corporation>
[Shockwave Flash Object]
  {D27CDB6E-AE6D-11CF-96B8-444553540000} <C:\WINDOWS\system32\Macromed\Flash\Flash9b.ocx, Adobe Systems, Inc.>

==================================
一上又一上 - 2007-6-1 15:13:00
正在运行的进程
[PID: 636][\SystemRoot\System32\smss.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 692][\??\C:\WINDOWS\system32\csrss.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 720][\??\C:\WINDOWS\system32\winlogon.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
    [C:\WINDOWS\system32\msacm32.drv]  [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)]
[PID: 1236][C:\WINDOWS\Explorer.EXE]  [Microsoft Corporation, 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)]
    [C:\Program Files\Common Files\Microsoft Shared\MSINFO\WinInfo.rxk]  [N/A, ]
    [D:\Program Files\Adobe\Acrobat 7.0\ActiveX\PDFShell.dll]  [Adobe Systems, Inc., 7.0.0.0]
    [D:\Program Files\Adobe\Acrobat 7.0\ActiveX\PDFShell.CHS]  [Adobe Systems, Inc., 7.0.0.0]
    [C:\WINDOWS\system32\igfxpph.dll]  [Intel Corporation, 3.0.0.3889]
    [C:\WINDOWS\system32\hccutils.DLL]  [Intel Corporation, 3.0.0.3889]
    [C:\WINDOWS\system32\igfxres.dll]  [Intel Corporation, 3.0.0.3889]
    [C:\WINDOWS\system32\igfxsrvc.dll]  [Intel Corporation, 3.0.0.3889]
    [C:\WINDOWS\system32\igfxdev.dll]  [Intel Corporation, 3.0.0.3889]
    [D:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll]  [Adobe Systems Incorporated, 7.0.5.2005092300]
    [C:\WINDOWS\system32\MSVCR71.dll]  [Microsoft Corporation, 7.10.3052.4]
    [C:\WINDOWS\system32\msacm32.drv]  [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)]
    [C:\Program Files\Common Files\Symantec Shared\SSC\vpshell2.dll]  [Symantec Corporation, 8.1.0.821]
    [D:\Program Files\Autodesk\Inventor 11\Bin\DT.dll]  [Autodesk, Inc., 11, 0, 0000, 29000]
    [D:\Program Files\Autodesk\Inventor 11\Bin\fb.dll]  [Autodesk, 11, 0, 0000, 29000]
    [D:\Program Files\Autodesk\Inventor 11\Bin\persist.dll]  [Autodesk, Inc., 11, 0, 0000, 29000]
    [D:\Program Files\Autodesk\Inventor 11\Bin\acge120I.dll]  [Autodesk, Inc., 12.0.0.5950]
    [D:\Program Files\Autodesk\Inventor 11\Bin\dummyprofile.dll]  [Autodesk, Inc., 11, 0, 0000, 29000]
    [D:\Program Files\Autodesk\Inventor 11\Bin\rse.dll]  [Autodesk, Inc., 11, 0, 0000, 29000]
    [D:\Program Files\Autodesk\Inventor 11\Bin\utx.dll]  [Autodesk, Inc., 11, 0, 0000, 29003]
    [D:\Program Files\Autodesk\Inventor 11\Bin\MSVCP71.dll]  [Microsoft Corporation, 7.10.3077.0]
    [D:\Program Files\Autodesk\Inventor 11\Bin\GRData.dll]  [Autodesk, Inc., 11, 0, 0000, 29000]
    [D:\Program Files\Autodesk\Inventor 11\Bin\RP.dll]  [Autodesk, Inc., 11, 0, 0000, 29000]
    [D:\Program Files\Autodesk\Inventor 11\Bin\DtRes.dll]  [Autodesk, Inc., 11, 0, 0000, 29000]
    [C:\Program Files\WinRAR\rarext.dll]  [N/A, ]
    [C:\Program Files\Common Files\Autodesk shared\dwf common\DWFShellExtension.dll]  [Autodesk, Inc., 1.1.0.278]
    [D:\Program Files\Adobe\Acrobat 7.0\Acrobat Elements\ContextMenu.dll]  [Adobe Systems Inc., 7.0.5.2005092300\0]
    [C:\WINDOWS\system32\MFC71.DLL]  [Microsoft Corporation, 7.10.3077.0]
    [C:\WINDOWS\system32\MFC71CHS.DLL]  [Microsoft Corporation, 7.10.3077.0]
    [D:\Program Files\Adobe\Acrobat 7.0\Acrobat Elements\ContextMenu.chs]  [Adobe Systems Inc., 7.0.5.2005092300\0]
    [C:\WINDOWS\system32\dfshim.dll]  [Microsoft Corporation, 2.0.50727.42 (RTM.050727-4200)]
    [C:\WINDOWS\system32\mscoree.dll]  [Microsoft Corporation, 2.0.50727.42 (RTM.050727-4200)]
    [C:\WINDOWS\system32\msadp32.acm]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
    [C:\Program Files\Thunder Network\Thunder\ComDlls\XunLeiBHO_007.dll]  [Thunder Networking Technologies,LTD, 5, 0, 1, 4]
    [C:\Program Files\Microsoft Office\OFFICE11\msohev.dll]  [Microsoft Corporation, 11.0.5510]
[PID: 2096][C:\Program Files\Symantec_Client_Security\Symantec AntiVirus\vptray.exe]  [Symantec Corporation, 8.1.0.821]
    [C:\Program Files\Symantec_Client_Security\Symantec AntiVirus\Cliproxy.dll]  [Symantec Corporation, 8.1.0.821]
    [C:\Program Files\Symantec_Client_Security\Symantec AntiVirus\NAVNTUTL.DLL]  [Symantec/Peter Norton Group, 1, 0, 0, 1]
    [C:\Program Files\Symantec_Client_Security\Symantec AntiVirus\Cliscan.dll]  [Symantec Corporation, 8.1.0.821]
    [C:\Program Files\Common Files\Microsoft Shared\MSINFO\WinInfo.rxk]  [N/A, ]
[PID: 2104][C:\PROGRA~1\SYMANT~1\SYMANT~2\IAMAPP.EXE]  [Symantec Corporation, 5.1.0.822]
    [C:\PROGRA~1\SYMANT~1\SYMANT~2\iamevent.dll]  [Symantec Corporation, 5.1.0.822]
    [C:\PROGRA~1\SYMANT~1\SYMANT~2\NISRES.DLL]  [N/A, ]
    [C:\WINDOWS\system32\SYMSTORE.dll]  [Symantec Corporation, 4.6.1.58]
    [C:\PROGRA~1\SYMANT~1\SYMANT~2\IAMLOG.dll]  [Symantec Corporation, 5.1.0.822]
    [C:\PROGRA~1\SYMANT~1\SYMANT~2\N32USERL.DLL]  [Symantec Corporation, 5.1.0.822]
    [C:\PROGRA~1\SYMANT~1\SYMANT~2\UMCBK.DLL]  [Symantec Corporation, 5.1.0.822]
    [C:\PROGRA~1\SYMANT~1\SYMANT~2\NISALERT.DLL]  [Symantec Corporation, 5.1.0.822]
    [C:\Program Files\Symantec_Client_Security\Symantec Client Firewall\NISUMPS.DLL]  [Symantec Corporation, 5.1.0.822]
    [C:\Program Files\Symantec_Client_Security\Symantec AntiVirus\Cliproxy.dll]  [Symantec Corporation, 8.1.0.821]
    [C:\Program Files\Symantec_Client_Security\Symantec AntiVirus\NAVNTUTL.DLL]  [Symantec/Peter Norton Group, 1, 0, 0, 1]
    [C:\Program Files\Common Files\Microsoft Shared\MSINFO\WinInfo.rxk]  [N/A, ]
    [C:\PROGRA~1\SYMANT~1\SYMANT~2\IAMCPL.CPL]  [Symantec Corporation, 5.1.0.822]
    [C:\PROGRA~1\SYMANT~1\SYMANT~2\tlevel.dll]  [Symantec Corporation, 5.1.0.822]
    [C:\PROGRA~1\SYMANT~1\SYMANT~2\NAVAPI32.DLL]  [Symantec Corp., 4.1.0.15]
    [C:\WINDOWS\system32\msacm32.drv]  [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)]
    [C:\Program Files\Common Files\Symantec Shared\BRUNOALE.DLL]  [Symantec Corporation, 5.1.0.822]
    [C:\Program Files\Common Files\Symantec Shared\PProfile.dll]  [Symantec Corporation, 5.1.0.822]
[PID: 2112][C:\WINDOWS\system32\ctfmon.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 2196][C:\Program Files\Symantec_Client_Security\Symantec Client Firewall\ATRACK.EXE]  [Symantec Corporation, 5.1.0.822]
    [C:\Program Files\Symantec_Client_Security\Symantec Client Firewall\iamevent.dll]  [Symantec Corporation, 5.1.0.822]
    [C:\Program Files\Symantec_Client_Security\Symantec Client Firewall\NISRES.DLL]  [N/A, ]
    [C:\WINDOWS\system32\SYMSTORE.dll]  [Symantec Corporation, 4.6.1.58]
    [C:\Program Files\Symantec_Client_Security\Symantec Client Firewall\NISUMPS.DLL]  [Symantec Corporation, 5.1.0.822]
    [C:\Program Files\Symantec_Client_Security\Symantec Client Firewall\tdit_msg.dll]  [Symantec Corporation, 5.1.0.822]
[PID: 2284][C:\Program Files\Autodesk Network License Manager\lmgrd.exe]  [Macrovision Corporation, 10, 8, 0, 0]
[PID: 2296][C:\Program Files\Autodesk Network License Manager\adskflex.exe]  [N/A, ]
[PID: 2544][C:\WINDOWS\system32\conime.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 828][C:\Program Files\Maxthon\Maxthon.exe]  [MY Soft Technology, 1, 5, 0, 95]
    [C:\Program Files\Maxthon\maxzlib.dll]  [ , 1, 0, 0, 2]
    [C:\WINDOWS\system32\odbcbcp.dll]  [Microsoft Corporation, 2000.085.1117.00 (xpsp_sp2_rtm.040803-2158)]
    [C:\WINDOWS\system32\mscoree.dll]  [Microsoft Corporation, 2.0.50727.42 (RTM.050727-4200)]
    [C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\CorperfmonExt.dll]  [Microsoft Corporation, 2.0.50727.42 (RTM.050727-4200)]
    [C:\PROGRA~1\COMMON~1\SYSTEM\MSMAPI\2052\MSMAPI32.DLL]  [Microsoft Corporation, 11.0.5601]
    [C:\Program Files\Common Files\Microsoft Shared\office11\mso.dll]  [Microsoft Corporation, 11.0.5606]
    [C:\Program Files\Common Files\Microsoft Shared\INK\PENCHS.DLL]  [Microsoft Corporation, 1.0.1038.0]
    [C:\Program Files\Common Files\Microsoft Shared\INK\SKCHOBJ.DLL]  [Microsoft Corporation, 1.0.1038.0]
    [C:\Program Files\Maxthon\Services\RealTime\real_time.dll]  [, 1, 0, 0, 1]
    [C:\WINDOWS\system32\msacm32.drv]  [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)]
    [C:\WINDOWS\system32\UNISPIM.IME]  [北京清华紫光软件股份有限公司, 3.0.0.0 alpha 21225]
    [C:\WINDOWS\system32\msdmo.dll]  [, ]
    [C:\Program Files\Ringz Studio\Storm Codec\Codecs\VSFilter.dll]  [Gabest, 1, 0, 1, 3]
    [C:\Program Files\Ringz Studio\Storm Codec\Codecs\PmpSplt.ax]  [cooleyes, 1, 0, 0, 8]
    [C:\Program Files\Ringz Studio\Storm Codec\Codecs\RMSplt.ax]  [Gabest, 1, 0, 1, 1]
    [C:\WINDOWS\system32\ffdshow.ax]  [, 1.0.2.2028]
    [C:\WINDOWS\system32\MSVCR71.dll]  [Microsoft Corporation, 7.10.3052.4]
    [C:\WINDOWS\system32\Macromed\Flash\Flash9b.ocx]  [Adobe Systems, Inc., 9,0,28,0]
    [C:\WINDOWS\system32\upengine.dll]  [北京清华紫光软件股份有限公司, 3.0.0.0 alpha 21225]
[PID: 3880][E:\Downloads\System Repair Engineer2.4\SREng.EXE]  [Smallfrogs Studio, 2.4.12.806]

==================================
文件关联
.TXT  OK. [%SystemRoot%\system32\NOTEPAD.EXE %1]
.EXE  OK. ["%1" %*]
.COM  OK. ["%1" %*]
.PIF  OK. ["%1" %*]
.REG  OK. [regedit.exe "%1"]
.BAT  OK. ["%1" %*]
.SCR  OK. ["%1" /S]
.CHM  OK. ["C:\WINDOWS\hh.exe" %1]
.HLP  OK. [%SystemRoot%\system32\winhlp32.exe %1]
.INI  OK. [%SystemRoot%\system32\NOTEPAD.EXE %1]
.INF  OK. [%SystemRoot%\system32\NOTEPAD.EXE %1]
.VBS  OK. [%SystemRoot%\System32\WScript.exe "%1" %*]
.JS  OK. [%SystemRoot%\System32\WScript.exe "%1" %*]
.LNK  OK. [{00021401-0000-0000-C000-000000000046}]
==================================
Winsock 提供者
N/A

==================================
Autorun.inf
N/A

==================================
HOSTS 文件
127.0.0.1      localhost

==================================
API HOOK
N/A

==================================
隐藏进程
N/A

==================================

一上又一上 - 2007-6-1 15:15:00
【回复“独孤剑客”的帖子】

谢谢2楼关注,临时文件夹我已经清空好多次了,但是不行,删了马上就有了
newcenturymoon - 2007-6-1 15:17:00
貌似找不到 那个下载器
天月来了 - 2007-6-1 15:49:00
阳光哦

现在怎的了?

驱动不肯动,日志也不细看了。

你说这个象吗?

启动项目
注册表
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
<{06A68AD9-FF56-6E73-937B-B893E72F6226}><C:\Program Files\Common Files\Microsoft Shared\MSINFO\WinInfo.rxk> []
newcenturymoon - 2007-6-1 16:20:00
:\Program Files\Common Files\Microsoft Shared\MSINFO\WinInfo.rxk
不是根源 只是 其中一个木马
关键找到那个下载器...
一上又一上 - 2007-6-4 9:35:00
怎么找那个下载器啊?怎么没人指教啊?
1
查看完整版本: 【求助】电脑TEMP目录下出现f1.exe,f2.exe……f12.exe,跪谢!
© 2000 - 2026 Rising Corp. Ltd.