瑞星卡卡安全论坛技术交流区反病毒/反流氓软件论坛 经常弹出fx120.net,请教高手哪里出了问题(已更新日志)

1   1  /  1  页   跳转

经常弹出fx120.net,请教高手哪里出了问题(已更新日志)

收藏
ncm羽毛
头像
初生襁褓狮
  • 帖子:6
  • 注册: 2006-09-02
  • 来自:
发表于: 2006-11-26 21:28 | 显示全部 短消息 资料
字号: 1楼

经常弹出fx120.net,请教高手哪里出了问题(已更新日志)

现象就是时不时的会弹出那个fx120.net,可疑的进程没看出来,特扫描了日志,请教一下是哪里带来的问题。


PS:根据红夜鬼的提示下载了新版sreng,重新扫描,日志已发在三楼,请高手过目
最后编辑2006-11-28 14:22:34
分享到:
gototop
 
ncm羽毛
头像
初生襁褓狮
  • 帖子:6
  • 注册: 2006-09-02
  • 来自:
发表于: 2006-11-27 11:17 | 显示全部 短消息 资料
字号: 2楼

版主们不在么?
gototop
 
ncm羽毛
头像
初生襁褓狮
  • 帖子:6
  • 注册: 2006-09-02
  • 来自:
发表于: 2006-11-27 21:20 | 显示全部 短消息 资料
字号: 3楼

【回复“红夜鬼1”的帖子】

多谢楼上,下面是新版SREng扫描的日志,没有修改过.

System Repair Engineer 2.2.6.605
Smallfrogs (http://www.KZTechs.com)

Windows XP Professional Service Pack 1 (Build 2600)
- 管理权限用户 - 完整功能

以下内容被选中:
    所有的启动项目(包括注册表、启动文件夹、服务等)
    浏览器加载项
    正在运行的进程(包括进程模块信息)
    文件关联
    Winsock 提供者
    Autorun.inf
    HOSTS 文件


启动项目
注册表
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
    <ctfmon.exe><F:\WINDOWS\System32\ctfmon.exe>  [(Verified)Microsoft Corporation]
    <bgswitch><f:\WINDOWS\system32\bgswitch.exe>  [N/A]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
    <SKYNET Personal FireWall><E:\PROGRA~1\SKYNET\FIREWALL\pfw.exe>  [广州众达天网技术有限公司]
    <vptray><F:\Program Files\Symantec_Client_Security\Symantec AntiVirus\vptray.exe>  [Symantec Corporation]
    <WinPatrol><E:\TOOLS\安全工具\WinPatrol\winpatrol.exe>  [BillP 工作室]
    <Task Catcher><F:\Program Files\WinPatrol\tasktrap.exe>  [BillP Studios]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
    <shell><Explorer.exe>  [(Verified)Microsoft Corporation]
    <Userinit><F:\WINDOWS\system32\userinit.exe,>  [(Verified)Microsoft Corporation]
    <UIHost><logonui.exe>  [(Verified)Microsoft Corporation]

==================================
启动文件夹
N/A

==================================
服务
[DefWatch / DefWatch]
  <F:\PROGRA~1\SYMANT~1\SYMANT~1\DefWatch.exe><Symantec Corporation>
[ewido security suite control / ewido security suite control]
  <F:\Program Files\ewido\security suite\ewidoctrl.exe><ewido networks>
[ewido security suite guard / ewido security suite guard]
  <F:\Program Files\ewido\security suite\ewidoguard.exe><ewido networks>
[Human Interface Device Access / HidServ]
  <F:\WINDOWS\System32\svchost.exe -k netsvcs-->%SystemRoot%\System32\hidserv.dll><N/A>
[Symantec AntiVirus Client / Norton AntiVirus Server]
  <F:\PROGRA~1\SYMANT~1\SYMANT~1\Rtvscan.exe><Symantec Corporation>
gototop
 
ncm羽毛
头像
初生襁褓狮
  • 帖子:6
  • 注册: 2006-09-02
  • 来自:
发表于: 2006-11-27 21:21 | 显示全部 短消息 资料
字号: 4楼

==================================
驱动程序
[amdfix / amdfix]
  <\??\F:\WINDOWS\System32\drivers\amdfix.sys><Microsoft Corporation>
[A4Tech PS/2 Port Mouse Driver / Amps2prt]
  <System32\DRIVERS\Amps2prt.sys><A4Tech Co.,Ltd.>
[atimpab / atimpab]
  <System32\DRIVERS\atimpab.sys><ATI Technologies Inc.>
[Compaq 10_100 MiniPCI Ethernet NIC Driver / cnxt1803]
  <System32\DRIVERS\cnxt1803.sys><Conexant Systems, Inc.>
[ewido security suite driver / ewido security suite driver]
  <\??\F:\Program Files\ewido\security suite\guard.sys><N/A>
[Grand Tech gt681x NT / GT681x]
  <System32\DRIVERS\gt681x.sys><>
[HCF_MSFT / HCF_MSFT]
  <System32\DRIVERS\HCF_MSFT.sys><Conexant>
[IMMDRV / IMMDRV]
  <\??\F:\Program Files\Filseclab\Twister\immdrv.sys><FILSECLAB Corp.>
[kmsinput / kmsinput]
  <\??\F:\WINDOWS\System32\drivers\kmsinput.sys><N/A>
[MCNAHook.SYS / MCNAHook.SYS]
  <\??\F:\Program Files\System Safety Monitor\MCNAHook.SYS><N/A>
[NAVAP / NAVAP]
  <\??\F:\PROGRA~1\SYMANT~1\SYMANT~1\NAVAP.sys><Symantec Corporation>
[NAVAPEL / NAVAPEL]
  <\??\F:\Program Files\Symantec_Client_Security\Symantec AntiVirus\NAVAPEL.SYS><Symantec Corporation>
[NAVENG / NAVENG]
  <\??\F:\PROGRA~1\COMMON~1\SYMANT~1\VIRUSD~1\20061122.019\NAVENG.sys><Symantec Corporation>
[NAVEX15 / NAVEX15]
  <\??\F:\PROGRA~1\COMMON~1\SYMANT~1\VIRUSD~1\20061122.019\NAVEX15.sys><Symantec Corporation>
[npkcrypt / npkcrypt]
  <\??\D:\Program Files\Tencent\QQ\npkcrypt.sys><INCA Internet Co., Ltd.>
[Direct Parallel Link Driver / Ptilink]
  <System32\DRIVERS\ptilink.sys><Parallel Technologies, Inc.>
[RsAntiSpyware / RsAntiSpyware]
  <\SystemRoot\System32\drivers\RsBoot.sys><Beijing Rising>
[Secdrv / Secdrv]
  <System32\DRIVERS\secdrv.sys><N/A>
[SKNFW / SKNFW]
  <\??\F:\WINDOWS\System32\Drivers\SKNFW.sys><N/A>
[SkyProcs / SkyProcs]
  <\??\E:\PROGRA~1\SKYNET\FIREWALL\SkyProcs.sys><N/A>
[Sony USB Filter Driver (SONYPVU1) / SONYPVU1]
  <System32\DRIVERS\SONYPVU1.SYS><Sony Corporation>
[SymEvent / SymEvent]
  <\??\F:\Program Files\Symantec\SYMEVENT.SYS><Symantec Corporation>
[TDMD / TDMD]
  <F:\WINDOWS\SYSTEM32\DRIVERS\TDMD.SYS><Microsoft Corporation>
[TSP / TSP]
  <\??\F:\WINDOWS\system32\drivers\klif.sys><N/A>
[USB -> COM Driver Service / UsbCom]
  <System32\DRIVERS\UsbCom.sys><Kingsun Semiconductor>
[VIA AC'97 Audio Controller (WDM) / VIAudio]
  <system32\drivers\ac97via.sys><VIA Technologies, Inc.>

==================================
浏览器加载项
[卡卡上网安全助手]
  {DB9ECD4F-FB8F-4311-B3CE-90B976C2707C} <F:\WINDOWS\System32\KakaTool.dll, Beijing Rising Technology Co., Ltd.>
[CEditCtrl Object]
  {488A4255-3236-44B3-8F27-FA1AECAA8844} <F:\WINDOWS\System32\aliedit\AliEdit.dll, www.alipay.com>
[Shockwave Flash Object]
  {D27CDB6E-AE6D-11CF-96B8-444553540000} <F:\WINDOWS\System32\Macromed\Flash\Flash8b.ocx, Macromedia, Inc.>
[&使用迅雷下载]
  <F:\Program Files\Thunder Network\Thunder\Program\GetUrl.htm, N/A>
[&使用迅雷下载全部链接]
  <F:\Program Files\Thunder Network\Thunder\Program\GetAllUrl.htm, N/A>
[上传到QQ网络硬盘]
  <D:\Program Files\Tencent\QQ\AddToNetDisk.htm, N/A>
[添加到QQ自定义面板]
  <D:\Program Files\Tencent\QQ\AddPanel.htm, N/A>
[添加到QQ表情]
  <D:\Program Files\Tencent\QQ\AddEmotion.htm, N/A>
[用QQ彩信发送该图片]
  <D:\Program Files\Tencent\QQ\SendMMS.htm, N/A>
gototop
 
ncm羽毛
头像
初生襁褓狮
  • 帖子:6
  • 注册: 2006-09-02
  • 来自:
发表于: 2006-11-27 21:21 | 显示全部 短消息 资料
字号: 5楼

==================================
正在运行的进程
[PID: 440][\SystemRoot\System32\smss.exe]  [Microsoft Corporation, 5.1.2600.1106 (xpsp1.020828-1920)]
[PID: 512][\??\F:\WINDOWS\system32\csrss.exe]  [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)]
[PID: 536][\??\F:\WINDOWS\system32\winlogon.exe]  [Microsoft Corporation, 5.1.2600.1106 (xpsp1.020828-1920)]
[PID: 600][F:\WINDOWS\system32\services.exe]  [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)]
[PID: 612][F:\WINDOWS\system32\lsass.exe]  [Microsoft Corporation, 5.1.2600.1106 (xpsp1.020828-1920)]
[PID: 776][F:\WINDOWS\system32\svchost.exe]  [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)]
[PID: 824][F:\WINDOWS\System32\svchost.exe]  [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)]
[PID: 864][F:\WINDOWS\system32\spoolsv.exe]  [Microsoft Corporation, 5.1.2600.0 (XPClient.010817-1148)]
    [F:\WINDOWS\system32\fppmon2.dll]  [FinePrint Software, LLC, 2.53]
    [F:\WINDOWS\system32\fppr232.dll]  [FinePrint Software, LLC, 2.53]
    [F:\WINDOWS\System32\spool\PRTPROCS\W32X86\vprproc.dll]  [Windows (R) 2000 DDK provider, 5.00.2195.1620]
[PID: 1244][F:\WINDOWS\System32\alg.exe]  [Microsoft Corporation, 5.1.2600.1106 (xpsp1.020828-1920)]
[PID: 1264][F:\PROGRA~1\SYMANT~1\SYMANT~1\DefWatch.exe]  [Symantec Corporation, 8.1.0.821]
[PID: 1300][F:\PROGRA~1\SYMANT~1\SYMANT~1\Rtvscan.exe]  [Symantec Corporation, 8.1.0.821]
    [F:\WINDOWS\System32\CBA.DLL]  [Intel? Corporation, 6.12.0.105 E]
    [F:\WINDOWS\System32\MsgSys.dll]  [Intel? Corporation, 6.12.0.105 E]
    [F:\WINDOWS\System32\NTS.dll]  [Intel? Corporation, 6.12.0.105 E]
    [F:\WINDOWS\System32\PDS.DLL]  [Intel? Corporation, 6.12.0.105 E]
    [F:\PROGRA~1\SYMANT~1\SYMANT~1\NAVLU.dll]  [Symantec Corporation, 8.1.0.821]
    [F:\PROGRA~1\SYMANT~1\SYMANT~1\NAVNTUTL.DLL]  [Symantec/Peter Norton Group, 1, 0, 0, 1]
    [F:\PROGRA~1\SYMANT~1\SYMANT~1\i2ldvp3.dll]  [Symantec Corporation, 8.1.0.821]
    [F:\PROGRA~1\SYMANT~1\SYMANT~1\NAVAPI32.DLL]  [Symantec Corp., 4.2.0.7]
    [F:\PROGRA~1\COMMON~1\SYMANT~1\VIRUSD~1\20061122.019\NAVEX32a.DLL]  [Symantec Corporation, 20061.3.0.12]
    [F:\PROGRA~1\COMMON~1\SYMANT~1\VIRUSD~1\20061122.019\NAVENG32.DLL]  [Symantec Corporation, 20061.3.0.12]
    [F:\Program Files\Symantec_Client_Security\Symantec AntiVirus\NAVAP32.DLL]  [Symantec Corporation, 9.1.0.26]
[PID: 1432][F:\WINDOWS\Explorer.EXE]  [Microsoft Corporation, 6.00.2800.1106 (xpsp1.020828-1920)]
    [F:\WINDOWS\System32\PATROLPRO.DLL]  [BillP Studios, 1.3.0.0]
    [E:\TOOLS\安全工具\WinPatrol\PATROLPRO.DLL]  [BillP Studios, 1.2.0.0]
    [F:\Program Files\WinRAR\rarext.dll]  [N/A, N/A]
    [F:\PROGRA~1\FILSEC~1\Twister\Twshlext.dll]  [FILSECLAB Corp., 1, 0, 1, 935]
    [F:\Program Files\Common Files\Symantec Shared\SSC\vpshell2.dll]  [Symantec Corporation, 8.1.0.821]
    [F:\Program Files\Nokia\Nokia PC Suite 6\PhoneBrowser.dll]  [Nokia, 6, 70, 24, 4]
    [F:\Program Files\Nokia\Nokia PC Suite 6\PCSCM.dll]  [Nokia, 6, 70, 58, 3]
    [F:\WINDOWS\System32\ConnAPI.DLL]  [Nokia., 6, 70, 39, 5]
    [F:\Program Files\Nokia\Nokia PC Suite 6\Lang\PhoneBrowser_chi-sc.nlr]  [Nokia, 6, 70, 7, 1]
    [F:\Program Files\Nokia\Nokia PC Suite 6\Resource\PhoneBrowser_Nokia.ngr]  [Nokia, 6, 70, 7, 0]
[PID: 1472][F:\WINDOWS\System32\svchost.exe]  [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)]
[PID: 1736][F:\Program Files\Symantec_Client_Security\Symantec AntiVirus\vptray.exe]  [Symantec Corporation, 8.1.0.821]
    [F:\Program Files\Symantec_Client_Security\Symantec AntiVirus\Cliscan.dll]  [Symantec Corporation, 8.1.0.821]
    [F:\Program Files\Symantec_Client_Security\Symantec AntiVirus\NAVNTUTL.DLL]  [Symantec/Peter Norton Group, 1, 0, 0, 1]
[PID: 1812][E:\TOOLS\安全工具\WinPatrol\winpatrol.exe]  [BillP 工作室, 10, 0, 3, 0]
    [E:\TOOLS\安全工具\WinPatrol\PATROLPRO.DLL]  [BillP Studios, 1.2.0.0]
[PID: 1820][F:\Program Files\WinPatrol\tasktrap.exe]  [BillP Studios, 1, 0, 0, 2
Sincerely thanks the original developer coding such a meaty ware
Chinese interface localized by LordFox(狐狸少爷)
For further assistance, contact me with
HH.Feedback@GMail.COM Not to hesitate ^_^]
    [F:\WINDOWS\System32\PATROLPRO.DLL]  [BillP Studios, 1.3.0.0]
    [F:\Program Files\WinPatrol\此软件的原装汉化在WWW.SOFT2CN.COM下载.推荐]  [WwW.Soft2CN.CoM, 1.0.0.98]
    [E:\TOOLS\安全工具\WinPatrol\PATROLPRO.DLL]  [BillP Studios, 1.2.0.0]
[PID: 1828][F:\WINDOWS\System32\ctfmon.exe]  [Microsoft Corporation, 5.1.2600.1106 (xpsp1.020828-1920)]
    [F:\WINDOWS\System32\PATROLPRO.DLL]  [BillP Studios, 1.3.0.0]
    [E:\TOOLS\安全工具\WinPatrol\PATROLPRO.DLL]  [BillP Studios, 1.2.0.0]
[PID: 1836][F:\WINDOWS\system32\bgswitch.exe]  [N/A, N/A]
    [F:\WINDOWS\System32\PATROLPRO.DLL]  [BillP Studios, 1.3.0.0]
    [E:\TOOLS\安全工具\WinPatrol\PATROLPRO.DLL]  [BillP Studios, 1.2.0.0]
[PID: 2044][F:\WINDOWS\System32\svchost.exe]  [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)]
[PID: 812][E:\TOOLS\安全工具\sreng2\SREng\SREng.exe]  [Smallfrogs Studio, 2.2.6.605]
    [F:\WINDOWS\System32\PATROLPRO.DLL]  [BillP Studios, 1.3.0.0]
    [E:\TOOLS\安全工具\WinPatrol\PATROLPRO.DLL]  [BillP Studios, 1.2.0.0]

==================================
文件关联
.TXT  OK. [%SystemRoot%\system32\NOTEPAD.EXE %1]
.EXE  OK. ["%1" %*]
.COM  OK. ["%1" %*]
.PIF  OK. ["%1" %*]
.REG  OK. [regedit.exe "%1"]
.BAT  OK. ["%1" %*]
.SCR  OK. ["%1" /S]
.CHM  OK. ["F:\WINDOWS\hh.exe" %1]
.HLP  OK. [%SystemRoot%\system32\winhlp32.exe %1]
.INI  OK. [%SystemRoot%\system32\NOTEPAD.EXE %1]
.INF  OK. [%SystemRoot%\system32\NOTEPAD.EXE %1]
.VBS  OK. [%SystemRoot%\System32\WScript.exe "%1" %*]
.JS  OK. [%SystemRoot%\System32\WScript.exe "%1" %*]
.LNK  OK. [{00021401-0000-0000-C000-000000000046}]

==================================
Winsock 提供者
N/A

==================================
Autorun.inf
N/A

==================================
HOSTS 文件
N/A

==================================
gototop
 
ncm羽毛
头像
初生襁褓狮
  • 帖子:6
  • 注册: 2006-09-02
  • 来自:
发表于: 2006-11-28 14:31 | 显示全部 短消息 资料
字号: 6楼

多谢楼上:)
gototop
 
<<上一主题|下一主题>>
1   1  /  1  页   跳转
页面顶部
Powered by Discuz!NT