求助这个Trojan.PSW.Win32.TLOnline.ac怎么杀 bbs.ikaka.com

ID冰 - 2007-8-16 23:54:00

Trojan.PSW.Win32.TLOnline.ac开机就检测出来,显示删除在重起依然存在,谁会帮帮我

[用户系统信息]Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1)

ID冰 - 2007-8-17 0:04:00

进程名称路径数值名称数值数据操作日期操作方式操作结果
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\GLB2B.tmp HKEY_CURRENT_USER\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN Yahoo! Pager "d:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet 2007-06-22 15:09 修改同意修改
C:\Documents and Settings\Administrator\Local Settings\Temp\{464DBA87-4802-4D25-BC47-CC5842280BE7}\{3DE5E7D4-7B88-403C-A3FD-2017A8240C5B}\GoogleToolbarInstaller_en.exeHKEY_CURRENT_USER\SOFTWARE\MICROSOFT\INTERNET EXPLORER\MAIN Search Page http://www.google.com 2007-06-24 07:20 修改同意修改
C:\Documents and Settings\Administrator\Local Settings\Temp\{464DBA87-4802-4D25-BC47-CC5842280BE7}\{3DE5E7D4-7B88-403C-A3FD-2017A8240C5B}\GoogleToolbarInstaller_en.exeHKEY_CURRENT_USER\SOFTWARE\MICROSOFT\INTERNET EXPLORER\MAIN Search Bar http://www.google.com/ie 2007-06-24 07:20 修改同意修改
C:\Documents and Settings\Administrator\Local Settings\Temp\{464DBA87-4802-4D25-BC47-CC5842280BE7}\{3DE5E7D4-7B88-403C-A3FD-2017A8240C5B}\GoogleToolbarInstaller_en.exeHKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCH SearchAssistant http://www.google.com/ie 2007-06-24 07:20 修改同意修改
C:\Documents and Settings\Administrator\Local Settings\Temp\{464DBA87-4802-4D25-BC47-CC5842280BE7}\{3DE5E7D4-7B88-403C-A3FD-2017A8240C5B}\GoogleToolbarInstaller_en.exeHKEY_CURRENT_USER\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHURL default 2007-06-24 07:20 添加同意修改
C:\Documents and Settings\Administrator\Local Settings\Temp\{464DBA87-4802-4D25-BC47-CC5842280BE7}\{3DE5E7D4-7B88-403C-A3FD-2017A8240C5B}\GoogleToolbarInstaller_en.exeHKEY_CURRENT_USER\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHURL provider gogl 2007-06-24 07:20 修改同意修改
C:\Program Files\Google\GoogleToolbarNotifier\1.0.720.3640\GoogleToolbarNotifier.exeHKEY_CURRENT_USER\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN swg C:\Program Files\Google\GoogleToolbarNotifier\1.0.720.3640\GoogleToolbarNotifier.exe2007-06-24 07:21 修改同意修改
C:\Program Files\Google\GoogleToolbarNotifier\1.0.720.3640\GoogleToolbarNotifier.exeHKEY_CURRENT_USER\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHURL default 2007-06-24 07:21 添加同意修改
C:\Program Files\Google\GoogleToolbarNotifier\1.0.720.3640\GoogleToolbarNotifier.exeHKEY_CURRENT_USER\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHURL default 2007-06-24 19:53 添加同意修改
C:\Program Files\Google\GoogleToolbarNotifier\1.0.720.3640\GoogleToolbarNotifier.exeHKEY_CURRENT_USER\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHURL default 2007-06-25 07:50 添加同意修改
C:\Program Files\Google\GoogleToolbarNotifier\1.0.720.3640\GoogleToolbarNotifier.exeHKEY_CURRENT_USER\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHURL default 2007-06-25 20:17 添加同意修改
C:\Program Files\Google\GoogleToolbarNotifier\1.0.720.3640\GoogleToolbarNotifier.exeHKEY_CURRENT_USER\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHURL default 2007-06-26 06:25 添加拒绝修改
C:\Program Files\Google\GoogleToolbarNotifier\1.0.720.3640\GoogleToolbarNotifier.exeHKEY_CURRENT_USER\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHURL default 2007-06-26 06:25 添加拒绝修改
C:\Program Files\Google\GoogleToolbarNotifier\1.0.720.3640\GoogleToolbarNotifier.exeHKEY_CURRENT_USER\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHURL default 2007-06-26 13:29 添加同意修改
C:\WINDOWS\system32\dumprep.exe HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN KernelFaultCheck 2007-06-28 13:26 删除同意修改
C:\WINDOWS\system32\rundll32.exe HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN BigDogPath C:\WINDOWS\VM_STI.EXE PC Camera CAMCAN 2007-06-29 11:02 修改同意修改
C:\WINDOWS\system32\rundll32.exe HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUNONCE MSPCLOCK RUNDLL32.exe streamci,StreamingDeviceSetup {97ebaacc-95bd-11d0-a3ea-00a0c9223196},{53172480-4791-11D0-A5D6-28DB04C10000},{53172480-4791-11D0-A5D6-28DB04C10000}2007-06-29 11:02 修改同意修改
C:\WINDOWS\system32\rundll32.exe HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUNONCE MSPQM RUNDLL32.exe streamci,StreamingDeviceSetup {DDF4358E-BB2C-11D0-A42F-00A0C9223196},{97EBAACB-95BD-11D0-A3EA-00A0C9223196},{97EBAACB-95BD-11D0-A3EA-00A0C9223196}2007-06-29 11:02 修改同意修改
C:\WINDOWS\system32\rundll32.exe HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUNONCE MSKSSRV RUNDLL32.exe streamci,StreamingDeviceSetup {96E080C7-143C-11D1-B40F-00A0C9223196},{3C0D501A-140B-11D1-B40F-00A0C9223196},{3C0D501A-140B-11D1-B40F-00A0C9223196}2007-06-29 11:02 修改同意修改
C:\WINDOWS\system32\rundll32.exe HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUNONCE CCDECODE0 rundll32.exe streamci,StreamingDeviceSetup {562370a8-f8dd-11d2-bc64-00a0c95ec22e},GLOBAL,{07DAD660-22F1-11d1-A9F4-00C04FBBDE8F},C:\WINDOWS\INF\CCDECODE.inf,CCDECODE.Interface.Install2007-06-29 11:02 修改同意修改
C:\WINDOWS\system32\rundll32.exe HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUNONCE

ID冰 - 2007-8-17 0:04:00

nabtsfec0 rundll32.exe streamci,StreamingDeviceSetup {07DAD662-22F1-11d1-A9F4-00C04FBBDE8F},GLOBAL,{07DAD660-22F1-11d1-A9F4-00C04FBBDE8F},C:\WINDOWS\INF\nabtsfec.inf,NABTSFEC.Interface.Install2007-06-29 11:02 修改同意修改
C:\WINDOWS\system32\rundll32.exe HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUNONCE WSTCODEC0 rundll32.exe streamci,StreamingDeviceSetup {70BC06E0-5666-11d3-A184-00105AEF9F33},GLOBAL,{07DAD660-22F1-11d1-A9F4-00C04FBBDE8F},C:\WINDOWS\INF\WSTCODEC.inf,WSTCODEC.Interface.Install2007-06-29 11:02 修改同意修改
C:\WINDOWS\system32\rundll32.exe HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUNONCE SLIP0 rundll32.exe streamci,StreamingDeviceSetup {03884CB6-E89A-4deb-B69E-8DC621686E6A},GLOBAL,{FD0A5AF4-B41D-11d2-9C95-00C04F7971E0},C:\WINDOWS\INF\slip.inf,VBIcodec2007-06-29 11:02 修改同意修改
C:\WINDOWS\system32\rundll32.exe HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUNONCE STREAMIP0 rundll32.exe streamci,StreamingDeviceSetup {D84D449B-62FB-4ebb-B969-5183ED3DFB51},GLOBAL,{71985F4A-1CA1-11d3-9CC8-00C04F7971E0},C:\WINDOWS\INF\streamip.inf,BDAcodec2007-06-29 11:02 修改同意修改
C:\WINDOWS\system32\rundll32.exe HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUNONCE NDISIP0 rundll32.exe streamci,StreamingDeviceSetup {48926476-2cae-4ded-a86e-73ddebed6779},NDISIP,{9aa4a2cc-81e0-4cfd-802f-0f74526d2bd3},C:\WINDOWS\INF\ndisip.inf,NdisIP.Reg2007-06-29 11:02 修改同意修改
C:\WINDOWS\system32\rundll32.exe HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUNONCE MSPCLOCK RUNDLL32.exe streamci,StreamingDeviceSetup {97ebaacc-95bd-11d0-a3ea-00a0c9223196},{53172480-4791-11D0-A5D6-28DB04C10000},{53172480-4791-11D0-A5D6-28DB04C10000}2007-06-29 11:33 修改同意修改
C:\WINDOWS\system32\rundll32.exe HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUNONCE MSPQM RUNDLL32.exe streamci,StreamingDeviceSetup {DDF4358E-BB2C-11D0-A42F-00A0C9223196},{97EBAACB-95BD-11D0-A3EA-00A0C9223196},{97EBAACB-95BD-11D0-A3EA-00A0C9223196}2007-06-29 11:33 修改同意修改
C:\WINDOWS\system32\rundll32.exe HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUNONCE MSKSSRV RUNDLL32.exe streamci,StreamingDeviceSetup {96E080C7-143C-11D1-B40F-00A0C9223196},{3C0D501A-140B-11D1-B40F-00A0C9223196},{3C0D501A-140B-11D1-B40F-00A0C9223196}2007-06-29 11:33 修改同意修改
C:\WINDOWS\system32\rundll32.exe HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUNONCE CCDECODE0 rundll32.exe streamci,StreamingDeviceSetup {562370a8-f8dd-11d2-bc64-00a0c95ec22e},GLOBAL,{07DAD660-22F1-11d1-A9F4-00C04FBBDE8F},C:\WINDOWS\INF\CCDECODE.inf,CCDECODE.Interface.Install2007-06-29 11:33 修改同意修改
C:\WINDOWS\system32\rundll32.exe HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUNONCE nabtsfec0 rundll32.exe streamci,StreamingDeviceSetup {07DAD662-22F1-11d1-A9F4-00C04FBBDE8F},GLOBAL,{07DAD660-22F1-11d1-A9F4-00C04FBBDE8F},C:\WINDOWS\INF\nabtsfec.inf,NABTSFEC.Interface.Install2007-06-29 11:33 修改同意修改
C:\WINDOWS\system32\rundll32.exe HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUNONCE WSTCODEC0 rundll32.exe streamci,StreamingDeviceSetup {70BC06E0-5666-11d3-A184-00105AEF9F33},GLOBAL,{07DAD660-22F1-11d1-A9F4-00C04FBBDE8F},C:\WINDOWS\INF\WSTCODEC.inf,WSTCODEC.Interface.Install2007-06-29 11:33 修改同意修改
C:\WINDOWS\system32\rundll32.exe HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUNONCE SLIP0 rundll32.exe streamci,StreamingDeviceSetup {03884CB6-E89A-4deb-B69E-8DC621686E6A},GLOBAL,{FD0A5AF4-B41D-11d2-9C95-00C04F7971E0},C:\WINDOWS\INF\slip.inf,VBIcodec2007-06-29 11:33 修改同意修改
C:\WINDOWS\system32\rundll32.exe HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUNONCE STREAMIP0 rundll32.exe streamci,StreamingDeviceSetup {D84D449B-62FB-4ebb-B969-5183ED3DFB51},GLOBAL,{71985F4A-1CA1-11d3-9CC8-00C04F7971E0},C:\WINDOWS\INF\streamip.inf,BDAcodec2007-06-29 11:33 修改同意修改
C:\WINDOWS\system32\rundll32.exe HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUNONCE NDISIP0 rundll32.exe streamci,StreamingDeviceSetup {48926476-2cae-4ded-a86e-73ddebed6779},NDISIP,{9aa4a2cc-81e0-4cfd-802f-0f74526d2bd3},C:\WINDOWS\INF\ndisip.inf,NdisIP.Reg2007-06-29 11:33 修改同意修改
C:\WINDOWS\system32\rundll32.exe HKEY_CURRENT_USER\SOFTWARE\MICROSOFT\INTERNET EXPLORER\MAIN Start Page about:blank 2007-07-03 09:05 修改同意修改
C:\WINDOWS\System32\msiexec.exe HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN\OPTIONALCOMPONENTS\IMAIL

ID冰 - 2007-8-17 0:05:00

default 2007-07-24 18:00 添加同意修改
C:\WINDOWS\System32\msiexec.exe HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN\OPTIONALCOMPONENTS default 2007-07-24 18:01 添加同意修改
C:\WINDOWS\System32\msiexec.exe HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN\OPTIONALCOMPONENTS\IMAIL default 2007-07-24 18:01 添加同意修改
C:\WINDOWS\System32\msiexec.exe HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN\OPTIONALCOMPONENTS\IMAIL Installed 1 2007-07-24 18:01 修改同意修改
C:\WINDOWS\System32\msiexec.exe HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN\OPTIONALCOMPONENTS\MAPI default 2007-07-24 18:01 添加同意修改
C:\WINDOWS\System32\msiexec.exe HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN\OPTIONALCOMPONENTS\MAPI Installed 1 2007-07-24 18:01 修改同意修改
C:\WINDOWS\System32\msiexec.exe HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN\OPTIONALCOMPONENTS\MAPI NoChange 1 2007-07-24 18:01 修改同意修改
C:\WINDOWS\System32\msiexec.exe HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN\OPTIONALCOMPONENTS\MSFS default 2007-07-24 18:01 添加同意修改
C:\WINDOWS\System32\msiexec.exe HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN\OPTIONALCOMPONENTS\MSFS Installed 1 2007-07-24 18:01 修改同意修改
C:\Program Files\Internet Explorer\iexplore.exe HKEY_CLASSES_ROOT\.HTM\OPENWITHLIST\FRONTPG.EXE default 2007-07-24 19:54 添加同意修改
C:\WINDOWS\system32\rundll32.exe HKEY_CLASSES_ROOT\.HTM\OPENWITHLIST\MICROSOFT FRONTPAGE\SHELL\EDIT default 2007-07-24 21:20 添加拒绝修改
C:\WINDOWS\system32\rundll32.exe HKEY_CLASSES_ROOT\.HTM\OPENWITHLIST\MICROSOFT FRONTPAGE default 2007-07-24 21:20 添加拒绝修改
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\5.exe HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN AVPZX C:\WINDOWS\Fonts\AVPZX.exe 2007-08-16 11:23 修改同意修改
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\11.exe HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN RAV00A0 C:\WINDOWS\System32\RAV00A0.exe 2007-08-16 11:24 修改同意修改
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\14.exe HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN AVPDH C:\WINDOWS\System32\AVPDH.exe 2007-08-16 11:24 修改同意修改
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\17.exe HKEY_CURRENT_USER\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\WINDOWS load ??ā 2007-08-16 11:24 修改拒绝修改
C:\WINDOWS\System32\ctfnom.exe HKEY_CURRENT_USER\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\WINDOWS load 劐?ā 2007-08-16 11:33 修改拒绝修改
C:\Program Files\360safe\360Safe.exe HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN 360Safetray C:\Program Files\360safe\safemon\360Tray.exe /start 2007-08-16 16:40 修改同意修改
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\~nsu.tmp\Au_.exe HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN !AVG Anti-Spyware 2007-08-16 17:34 删除同意修改
E:\111\ewido升级版本AVG7.5已破解!保证升级不反弹avgas-setup-7.5.0.50.exeHKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN !AVG Anti-Spyware "D:\2\AVG Anti-Spyware 7.5\avgas.exe" /minimized 2007-08-16 17:40 修改同意修改
C:\WINDOWS\system32\rundll32.exe HKEY_CURRENT_USER\SOFTWARE\MICROSOFT\INTERNET EXPLORER\MAIN Start Page about:blank 2007-08-16 20:45 修改同意修改

瑞星卡卡安全论坛