收藏本站 |切换到宽版 | 更换论坛皮肤
 找回密码  忘记邮箱  QQ快速登录  快速登录  快速注册

卡饭»论坛 安全区 国外杀毒软件 McAfee 每当一开机,explorer.exe就访问网络
返回列表 发新帖
查看: 3066|回复: 3
收起左侧

每当一开机,explorer.exe就访问网络

[复制链接]
wfycwxy
发表于 2007-7-3 15:08:51 | 显示全部楼层 |阅读模式
这几天不知道为什么,只要一开机,防火墙就提示explorer.exe访问网络,用咖啡和绿色版大蜘蛛全盘扫描却什么也没有发现,安全模式下也没有查出病毒。以下是SREng扫描报告,希望有朋友能帮帮我。谢谢。

  2. 2007-07-03,14:09:53
  3. System Repair Engineer 2.4.12.806
  4. Smallfrogs (http://www.KZTechs.com)
  5. Windows XP Professional Service Pack 2 (Build 2600) - 管理权限用户 - 完整功能
  6. 以下内容被选中:
  7.     所有的启动项目(包括注册表、启动文件夹、服务等)
  8.     浏览器加载项
  9.     正在运行的进程(包括进程模块信息)
  10.     文件关联
  11.     Winsock 提供者
  12.     Autorun.inf
  13.     HOSTS 文件

  15. 启动项目
  16. 注册表
  17. [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
  18.     <ctfmon.exe><C:\WINDOWS\system32\ctfmon.exe>  [(Verified)Microsoft Windows Publisher]
  19. [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
  20.     <ShStatEXE><"C:\Program Files\McAfee\VirusScan Enterprise\SHSTAT.EXE" /STANDALONE>  [(Verified)"McAfee, Inc."]
  21.     <McAfeeUpdaterUI><"C:\Program Files\McAfee\Common Framework\UdaterUI.exe" /StartedFromRunKey>  [(Verified)"McAfee, Inc."]
  22.     <GhostSecuritySuite><"D:\Program Files\GhostSecuritySuite\gss.exe" -minimize>  [Ghost Security]
  23. [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
  24.     <shell><Explorer.exe>  [(Verified)Microsoft Windows Publisher]
  25.     <Userinit><C:\WINDOWS\system32\userinit.exe,>  [(Verified)Microsoft Windows Publisher]
  26.     <UIHost><logonui.exe>  [(Verified)Microsoft Windows Publisher]
  27. ==================================
  28. 启动文件夹
  29. [Microsoft Firewall Client 管理]
  30.   <C:\Documents and Settings\All Users\「开始」菜单\程序\启动\Microsoft Firewall Client 管理.lnk --> C:\WINDOWS\Installer\{199B7F78-69B7-47C5-8D4B-A3ED1391FB6B}\NewShortcut1_8C7A59A89ABE459A9A9308C281A4A264.exe [InstallShield Software Corp.]><N>
  31. ==================================
  32. 服务
  33. [Human Interface Device Access / HidServ][Stopped/Disabled]
  34.   <C:\WINDOWS\System32\svchost.exe -k netsvcs-->%SystemRoot%\System32\hidserv.dll><N/A>
  35. [Look 'n' Stop Service / LnSSvc][Running/Auto Start]
  36.   <C:\Program Files\Soft4Ever\looknstop\lnssvc.exe><>
  37. [McAfee Framework Service / McAfeeFramework][Running/Auto Start]
  38.   <"C:\Program Files\McAfee\Common Framework\FrameworkService.exe" /ServiceStart><McAfee, Inc.>
  39. [McAfee McShield / McShield][Running/Auto Start]
  40.   <"C:\Program Files\McAfee\VirusScan Enterprise\Mcshield.exe"><McAfee, Inc.>
  41. [McAfee Task Manager / McTaskManager][Running/Auto Start]
  42.   <"C:\Program Files\McAfee\VirusScan Enterprise\VsTskMgr.exe"><McAfee, Inc.>
  43. [SoundMAX Agent Service / SoundMAX Agent Service (default)][Running/Auto Start]
  44.   <C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe><Analog Devices, Inc.>
  45. ==================================
  46. 驱动程序
  47. [ghostsec / ghostsec][Running/Auto Start]
  48.   <\??\D:\Program Files\GhostSecuritySuite\ghostsec.sys><Ghost Security>
  49. [ialm / ialm][Running/Manual Start]
  50.   <system32\DRIVERS\ialmnt5.sys><Intel Corporation>
  51. [lnsfw1 / lnsfw1][Running/System Start]
  52.   <system32\drivers\lnsfw1.sys><>
  53. [McAfee Inc. / mfeapfk][Running/Manual Start]
  54.   <system32\drivers\mfeapfk.sys><McAfee, Inc.>
  55. [McAfee Inc. / mfeavfk][Running/Manual Start]
  56.   <system32\drivers\mfeavfk.sys><McAfee, Inc.>
  57. [McAfee Inc. / mfebopk][Running/Manual Start]
  58.   <system32\drivers\mfebopk.sys><McAfee, Inc.>
  59. [McAfee Inc. / mfehidk][Running/Manual Start]
  60.   <system32\drivers\mfehidk.sys><McAfee, Inc.>
  61. [VSCore mferkdk / mferkdk][Running/System Start]
  62.   <\??\C:\Program Files\McAfee\VirusScan Enterprise\mferkdk.sys><McAfee, Inc.>
  63. [McAfee Inc. / mfetdik][Running/System Start]
  64.   <system32\drivers\mfetdik.sys><McAfee, Inc.>
  65. [MidiSyn / MidiSyn][Stopped/Manual Start]
  66.   <system32\drivers\MidiSyn.sys><Analog Devices Inc>
  67. [npkcrypt / npkcrypt][Running/Auto Start]
  68.   <\??\D:\Program Files\Tencent\QQ\npkcrypt.sys><INCA Internet Co., Ltd.>
  69. [Direct Parallel Link Driver / Ptilink][Running/Manual Start]
  70.   <system32\DRIVERS\ptilink.sys><Parallel Technologies, Inc.>
  71. [Realtek RTL8139/810x/8169/8110 all in one NDIS NT Driver / RTL8023][Running/Manual Start]
  72.   <system32\DRIVERS\Rtlnic51.sys><Realtek Semiconductor Corporation>
  73. [Realtek RTL8139(A/B/C)-based PCI Fast Ethernet Adapter NT Driver / rtl8139][Stopped/Manual Start]
  74.   <system32\DRIVERS\RTL8139.SYS><Realtek Semiconductor Corporation>
  75. [Secdrv / Secdrv][Stopped/Manual Start]
  76.   <system32\DRIVERS\secdrv.sys><N/A>
  77. [senfilt / senfilt][Running/Manual Start]
  78.   <system32\drivers\senfilt.sys><Sensaura>
  79. [Look 'n' Stop Driver / SFilter][Running/Manual Start]
  80.   <system32\DRIVERS\lnsfw.sys><>
  81. [smwdm / smwdm][Running/Manual Start]
  82.   <system32\drivers\smwdm.sys><Analog Devices, Inc.>
  83. ==================================
  84. 浏览器加载项
  85. [scriptproxy]
  86.   {7DB2D5A0-7241-4E79-B68D-6309F01C5231} <C:\Program Files\McAfee\VirusScan Enterprise\Scriptcl.dll, McAfee, Inc.>
  87. [Thunder Browser Helper]
  88.   {889D2FEB-5411-4565-8998-1DD2C5261283} <D:\Program Files\Thunder Network\Thunder\ComDlls\xunleiBHO_Now.dll, Thunder Networking Technologies,LTD>
  89. [启动迅雷5]
  90.   {09BA8F6D-CB54-424B-839C-C2A6C8E6B436} <D:\Program Files\Thunder Network\Thunder\Thunder.exe, Thunder Networking Technologies,LTD>
  91. [QQ]
  92.   {c95fe080-8f5d-11d2-a20b-00aa003c157b} <D:\Program Files\Tencent\QQ\QQ.EXE, TENCENT>
  93. [Messenger]
  94.   {FB5F1910-F110-11d2-BB9E-00C04F795683} <C:\Program Files\Messenger\msmsgs.exe, Microsoft Corporation>
  95. [Windows Genuine Advantage Validation Tool]
  96.   {17492023-C23A-453E-A040-C7C580BBF700} <C:\WINDOWS\system32\LegitCheckControl.DLL, Microsoft Corporation>
  97. [WUWebControl Class]
  98.   {6414512B-B978-451D-A0D8-FCFDF33E833C} <C:\WINDOWS\system32\wuweb.dll, Microsoft Corporation>
  99. [Shockwave Flash Object]
  100.   {D27CDB6E-AE6D-11CF-96B8-444553540000} <C:\WINDOWS\system32\Macromed\Flash\Flash9c.ocx, Adobe Systems, Inc.>
  101. [PasswordEditCtrl Class]
  102.   {E787FD25-8D7C-4693-AE67-9406BC6E22DF} <C:\WINDOWS\system32\qqedit\qqedit.dll, 腾讯科技(深圳)有限公司>
  103. [Windows Genuine Advantage Validation Tool]
  104.   {17492023-C23A-453E-A040-C7C580BBF700} <C:\WINDOWS\system32\LegitCheckControl.DLL, Microsoft Corporation>
  105. [Windows Media Player]
  106.   {22D6F312-B0F6-11D0-94AB-0080C74C7E95} <C:\WINDOWS\system32\wmpdxm.dll, Microsoft Corporation>
  107. [HTML Document]
  108.   {25336920-03F9-11CF-8FD0-00AA00686F13} <%SystemRoot%\system32\mshtml.dll, N/A>
  109. [DHTML Edit Control Safe for Scripting for IE5]
  110.   {2D360201-FFF5-11D1-8D03-00A0C959BC0A} <C:\Program Files\Common Files\Microsoft Shared\Triedit\dhtmled.ocx, Microsoft Corporation>
  111. [IETag Factory]
  112.   {38481807-CA0E-42D2-BF39-B33AF135CC4D} <C:\PROGRA~1\COMMON~1\MICROS~1\SMARTT~1\IETAG.DLL, Microsoft Corporation>
  113. [Thunder Agent Class]
  114.   {485463B7-8FB2-4B3B-B29B-8B919B0EACCE} <D:\Program Files\Thunder Network\Thunder\ComDlls\ThunderAgent_Now.dll, Thunder Networking Technologies,LTD>
  115. [HHCtrl Object]
  116.   {52A2AAAE-085D-4187-97EA-8C30DB990436} <C:\WINDOWS\system32\hhctrl.ocx, Microsoft Corporation>
  117. [WUWebControl Class]
  118.   {6414512B-B978-451D-A0D8-FCFDF33E833C} <C:\WINDOWS\system32\wuweb.dll, Microsoft Corporation>
  119. [Windows Media Player]
  120.   {6BF52A52-394A-11D3-B153-00C04F79FAA6} <C:\WINDOWS\system32\wmp.dll, Microsoft Corporation>
  121. [scriptproxy]
  122.   {7DB2D5A0-7241-4E79-B68D-6309F01C5231} <C:\Program Files\McAfee\VirusScan Enterprise\Scriptcl.dll, McAfee, Inc.>
  123. [Thunder Browser Helper]
  124.   {889D2FEB-5411-4565-8998-1DD2C5261283} <D:\Program Files\Thunder Network\Thunder\ComDlls\xunleiBHO_Now.dll, Thunder Networking Technologies,LTD>
  125. [Microsoft Scriptlet Component]
  126.   {AE24FDAE-03C6-11D1-8B76-0080C744F389} <C:\WINDOWS\system32\mshtml.dll, Microsoft Corporation>
  127. [SearchAssistantOC]
  128.   {B45FF030-4447-11D2-85DE-00C04FA35C89} <%SystemRoot%\system32\shdocvw.dll, N/A>
  129. [RDS.DataSpace]
  130.   {BD96C556-65A3-11D0-983A-00C04FC29E36} <C:\Program Files\Common Files\System\msadc\msadco.dll, Microsoft Corporation>
  131. [VIDEO__X_MS_ASF Moniker Class]
  132.   {CD3AFA8F-B84F-48F0-9393-7EDC34128127} <C:\WINDOWS\system32\wmp.dll, Microsoft Corporation>
  133. [RealPlayer G2 Control]
  134.   {CFCDAA03-8BE4-11CF-B84B-0020AFBBCCFA} <C:\WINDOWS\system32\rmoc3260.dll, RealNetworks, Inc.>
  135. [OASpirit Control]
  136.   {D23F752B-E061-11D3-98F4-B0770DB2E579} <C:\WINDOWS\DOWNLO~1\OASpirit.ocx, Zero>
  137. [Shockwave Flash Object]
  138.   {D27CDB6E-AE6D-11CF-96B8-444553540000} <C:\WINDOWS\system32\Macromed\Flash\Flash9c.ocx, Adobe Systems, Inc.>
  139. [PasswordEditCtrl Class]
  140.   {E787FD25-8D7C-4693-AE67-9406BC6E22DF} <C:\WINDOWS\system32\qqedit\qqedit.dll, 腾讯科技(深圳)有限公司>
  141. [Vod Class]
  142.   {EEDD6FF9-13DE-496B-9A1C-D78B3215E266} <D:\Program Files\Thunder Network\Thunder\Components\DownAndPlay\DapPlayer1.0.0.41.dll, XunLei>
  143. [上传到QQ网络硬盘]
  144.   <D:\Program Files\Tencent\QQ\AddToNetDisk.htm, N/A>
  145. [使用迅雷下载]
  146.   <D:\Program Files\Thunder Network\Thunder\Program\GetUrl.htm, N/A>
  147. [使用迅雷下载全部链接]
  148.   <D:\Program Files\Thunder Network\Thunder\Program\GetAllUrl.htm, N/A>
  149. [导出到 Microsoft Office Excel(&X)]
  150.   <res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000, N/A>
  151. [添加到QQ自定义面板]
  152.   <D:\Program Files\Tencent\QQ\AddPanel.htm, N/A>
  153. [添加到QQ表情]
  154.   <D:\Program Files\Tencent\QQ\AddEmotion.htm, N/A>
  155. [用QQ彩信发送该图片]
  156.   <D:\Program Files\Tencent\QQ\SendMMS.htm, N/A>
  157. ==================================
  158. 正在运行的进程
  159. [PID: 688][\SystemRoot\System32\smss.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
  160. [PID: 736][\??\C:\WINDOWS\system32\csrss.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
  161. [PID: 1820][C:\WINDOWS\Explorer.EXE]  [Microsoft Corporation, 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)]
  162.     [C:\Program Files\McAfee\Common Framework\JrMac.dll]  [McAfee, Inc., 1.0.0.125]
  163.     [C:\Program Files\McAfee\VirusScan Enterprise\Scriptcl.dll]  [McAfee, Inc., VSCORE.13.3.1.100.x86]
  164.     [C:\WINDOWS\system32\igfxpph.dll]  [Intel Corporation, 3.0.0.3943]
  165.     [C:\WINDOWS\system32\hccutils.DLL]  [Intel Corporation, 3.0.0.3943]
  166. [PID: 2032][C:\Program Files\McAfee\Common Framework\UdaterUI.exe]  [McAfee, Inc., 3.6.0.453]
  167.     [C:\Program Files\McAfee\Common Framework\nailog.dll]  [McAfee, Inc., 3.6.0.453]
  168.     [C:\Program Files\McAfee\Common Framework\MSVCR71.dll]  [Microsoft Corporation, 7.10.3052.4]
  169.     [C:\Program Files\McAfee\Common Framework\naCmnLib71.dll]  [McAfee, Inc., 3.6.0.453]
  170.     [C:\Program Files\McAfee\Common Framework\naXML71.dll]  [N/A, ]
  171.     [C:\Program Files\McAfee\Common Framework\NaiSign.DLL]  [N/A, ]
  172.     [C:\WINDOWS\system32\epoPGPSDK.dll]  [PGP Corporation, 3.5.3]
  173.     [C:\Program Files\McAfee\Common Framework\MSVCP71.dll]  [Microsoft Corporation, 7.10.3077.0]
  174.     [C:\Program Files\McAfee\Common Framework\applib.dll]  [McAfee, Inc., 3.6.0.453]
  175.     [C:\Program Files\McAfee\Common Framework\cmalib.dll]  [McAfee, Inc., 3.6.0.453]
  176.     [C:\Program Files\McAfee\Common Framework\0409\UpdRes.dll]  [McAfee, Inc., 3.6.0.453]
  177.     [C:\Program Files\McAfee\Common Framework\0409\AgentRes.dll]  [McAfee, Inc., 3.6.0.453]
  178.     [C:\Program Files\McAfee\Common Framework\SecureFrameworkFactory.dll]  [McAfee, Inc., 3.6.0.453]
  179. [PID: 2040][D:\Program Files\GhostSecuritySuite\gss.exe]  [Ghost Security, 1.110]
  180. [PID: 116][C:\WINDOWS\system32\ctfmon.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
  181. [PID: 168][C:\Program Files\Microsoft Firewall Client 2004\FwcMgmt.exe]  [Microsoft (R) Corporation, 4.0]
  182. [PID: 344][C:\Program Files\McAfee\Common Framework\McTray.exe]  [McAfee, Inc., 1.0.0.125]
  183.     [C:\Program Files\McAfee\Common Framework\JrMac.dll]  [McAfee, Inc., 1.0.0.125]
  184. [PID: 2980][D:\In Support\System Repair Engineer\SREng.EXE]  [Smallfrogs Studio, 2.4.12.806]
  185. ==================================
  186. 文件关联
  187. .TXT  OK. [%SystemRoot%\system32\NOTEPAD.EXE %1]
  188. .EXE  OK. ["%1" %*]
  189. .COM  OK. ["%1" %*]
  190. .PIF  OK. ["%1" %*]
  191. .REG  OK. [regedit.exe "%1"]
  192. .BAT  OK. ["%1" %*]
  193. .SCR  OK. ["%1" /S]
  194. .CHM  OK. ["C:\WINDOWS\hh.exe" %1]
  195. .HLP  OK. [%SystemRoot%\System32\winhlp32.exe %1]
  196. .INI  OK. [%SystemRoot%\System32\NOTEPAD.EXE %1]
  197. .INF  OK. [%SystemRoot%\System32\NOTEPAD.EXE %1]
  198. .VBS  OK. [%SystemRoot%\System32\WScript.exe "%1" %*]
  199. .JS   OK. [%SystemRoot%\System32\WScript.exe "%1" %*]
  200. .LNK  OK. [{00021401-0000-0000-C000-000000000046}]
  201. ==================================
  202. Winsock 提供者
  203. N/A
  204. ==================================
  205. Autorun.inf
  206. N/A
  207. ==================================
  208. HOSTS 文件
  209. 127.0.0.1       localhost
  210. ==================================
  211. API HOOK
  212. N/A
  213. ==================================
  214. 隐藏进程
  215. N/A
  216. ==================================
复制代码
回复

举报

hifanping
发表于 2007-7-3 17:40:29 | 显示全部楼层
请问日志中    “Winsock 提供者       N/A”
的“Winsock”  是你的机器名吗?
另外,是否勾选了始终拨默认连接

[ 本帖最后由 hifanping 于 2007-7-3 17:47 编辑 ]
回复

举报

zangvip
发表于 2007-7-3 18:20:23 | 显示全部楼层
把它禁掉不叫它访问网络就可以了!`楼主的日志问题 !
回复

举报

zea10t
发表于 2007-7-3 21:43:57 | 显示全部楼层
看日志好像没什么问题,访问的IP和端口是多少?
回复

举报

返回列表 发新帖
高级模式
B Color Image Link Quote Code Smilies
您需要登录后才可以回帖 登录 | 快速注册

本版积分规则

手机版|杀毒软件|软件论坛| 卡饭论坛

Copyright © KaFan  KaFan.cn All Rights Reserved.

Powered by Discuz! X3.4( 沪ICP备2020031077号-2 ) GMT+8, 2024-5-18 10:48 , Processed in 0.133887 second(s), 17 queries .

卡饭网所发布的一切软件、样本、工具、文章等仅限用于学习和研究,不得将上述内容用于商业或者其他非法用途,否则产生的一切后果自负,本站信息来自网络,版权争议问题与本站无关,您必须在下载后的24小时之内从您的电脑中彻底删除上述信息,如有问题请通过邮件与我们联系。

快速回复 客服 返回顶部 返回列表