怀疑木马，窗口自动弹出一二秒钟自动关闭！

显示全部楼层 · 发表于 2011-10-16 10:34:49

本帖最后由 yzjxue 于 2011-10-16 10:36 编辑

有时窗口自动跳出 1 . 2 秒还没用看清然后就自动关闭，（窗口感觉像CMD 的窗口，不过不确定）
系统WIN7 32 位

最近有时候网速会突然变慢，网页打不开，Q显示正常。不过断网后，重新连接，重新打开浏览器又正常了！杀毒也没杀到什么
也没有发现其他什么问题！怀疑木马？

2011-10-11,18:36:51
System Repair Engineer 2.8.4.1331
Smallfrogs (http://www.KZTechs.com)
Windows 7 Ultimate Edition Service Pack 1 (Build 7601) - 管理权限用户 - 完整功能
以下内容被选中：
所有的启动项目（包括注册表、启动文件夹、服务等）
浏览器加载项
正在运行的进程（包括进程模块信息）
文件关联
Winsock 提供者
Autorun.inf
HOSTS 文件
进程特权扫描
计划任务
Windows 安全更新检查
API HOOK
隐藏进程
启动项目
注册表
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
<Sidebar><C:\Program Files\Windows Sidebar\sidebar.exe /autoRun> [(Verified)Microsoft Windows]
<YY><; G:\Program Files\duowan\yy-3.0\yylauncher.exe> [(Verified)Duowan Entertainment Information Technology (Beijing) Co., Ltd.]
[HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows]
<load><> [N/A]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
<RTHDVCPL><C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe -s> [(Verified)Realtek Semiconductor Corp]
<BeatTrojanWall><C:\Program Files\木马清除大师2010安全套装\木马清除大师防火墙2010\BeatTrojanWall.exe> [Lofocus(洛克思)安全实验室]
<!!QQKav><; F:\杀毒\qqkav.exe> [Jsing.Net & QQKav.Com]
<Stormtray><; G:\Program Files\StormII\Stormtray.exe /Start> [(Verified)北京暴风网际]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
<shell><explorer.exe> [(Verified)Microsoft Windows]
<Userinit><C:\Windows\system32\userinit.exe,> [(Verified)Microsoft Windows]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Windows]
<AppInit_DLLs><> [N/A]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
<WebCheck><> [N/A]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\>{22d6f312-b0f6-11d0-94ab-0080c74c7e95}]
<Microsoft Windows Media Player><%SystemRoot%\system32\unregmp2.exe /ShowWMP> [(Verified)Microsoft Windows]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\>{26923b43-4d38-484f-9b9e-de460746276c}]
<Internet Explorer><C:\Windows\System32\ie4uinit.exe -UserIconConfig> [(Verified)Microsoft Windows]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\>{60B49E34-C7CC-11D0-8953-00A0C90347FF}]
<Browser Customizations><"C:\Windows\System32\rundll32.exe" "C:\Windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP> [(Verified)Microsoft Windows]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{2C7339CF-2B09-4501-B3F3-F3508C9228ED}]
<Themes Setup><%SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll> [File is missing]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{44BBA840-CC51-11CF-AAFA-00AA00B6015C}]
<Microsoft Windows><"%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE> [File is missing]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{6BF52A52-394A-11d3-B153-00C04F79FAA6}]
<Microsoft Windows Media Player><%SystemRoot%\system32\unregmp2.exe /FirstLogon /Shortcuts /RegBrowsers /ResetMUI> [(Verified)Microsoft Windows]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{89820200-ECBD-11cf-8B85-00AA005B4340}]
<Windows Desktop Update><regsvr32.exe /s /n /i:U shell32.dll> [(Verified)Microsoft Windows]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{89820200-ECBD-11cf-8B85-00AA005B4383}]
<Web Platform Customizations><C:\Windows\System32\ie4uinit.exe -BaseSettings> [(Verified)Microsoft Windows]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{89B4C1CD-B018-4511-B0A1-5476DBF70820}]
<N/A><C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install> [(Verified)Microsoft Corporation]
==================================
启动文件夹
N/A
==================================
服务
[ICBC Daemon Service / ICBC Daemon Service][Running/Auto Start]
<C:\Program Files\ICBCEbankTools\ICBCAntiPhishing\ICBC_WIN32\IcbcDaemon.exe><N/A>
[MPAV Service / MPAVService][Running/Auto Start]
<f:\Program Files\MPAV\MPAVSvc.exe><Micropoint Corporation>
[MPSVC Service / MPSVCService][Running/Auto Start]
<f:\Program Files\Micropoint\MPSvc.exe><Micropoint Corporation>
[NVIDIA Driver Helper Service / NVSvc][Running/Auto Start]
<C:\Windows\system32\nvvsvc.exe><NVIDIA Corporation>
[木马清除大师配置性服务 / 木马清除大师配置性服务][Stopped/Auto Start]
<C:\Program Files\木马清除大师2010安全套装\木马清除大师2010\BeatTrojanSvc.exe><Lofocus(洛克思)安全实验室>
==================================
驱动程序
[adp94xx / adp94xx][Stopped/Manual Start]
<\SystemRoot\system32\drivers\adp94xx.sys><Adaptec, Inc.>
[adpahci / adpahci][Stopped/Manual Start]
<\SystemRoot\system32\drivers\adpahci.sys><Adaptec, Inc.>
[adpu320 / adpu320][Stopped/Manual Start]
<\SystemRoot\system32\drivers\adpu320.sys><Adaptec, Inc.>
[aic78xx / aic78xx][Stopped/Manual Start]
<\SystemRoot\system32\drivers\djsvs.sys><Adaptec, Inc.>
[aliide / aliide][Stopped/Manual Start]
<\SystemRoot\system32\drivers\aliide.sys><Acer Laboratories Inc.>
[amdsata / amdsata][Stopped/Manual Start]
<\SystemRoot\system32\drivers\amdsata.sys><Advanced Micro Devices>
[amdsbs / amdsbs][Stopped/Manual Start]
<\SystemRoot\system32\drivers\amdsbs.sys><AMD Technologies Inc.>
[amdxata / amdxata][Running/Boot Start]
<\SystemRoot\system32\drivers\amdxata.sys><Advanced Micro Devices>
[arc / arc][Stopped/Manual Start]
<\SystemRoot\system32\drivers\arc.sys><Adaptec, Inc.>
[arcsas / arcsas][Stopped/Manual Start]
<\SystemRoot\system32\drivers\arcsas.sys><Adaptec, Inc.>
[Broadcom NetXtreme II VBD / b06bdrv][Stopped/Manual Start]
<\SystemRoot\system32\drivers\bxvbdx.sys><Broadcom Corporation>
[Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0 / b57nd60x][Stopped/Manual Start]
<system32\DRIVERS\b57nd60x.sys><Broadcom Corporation>
[BeatTrojanHelperOne / BeatTrojanHelperOne][Running/Auto Start]
<\??\C:\Program Files\木马清除大师2010安全套装\木马清除大师2010\BeatTrojanHelperOne.sys><N/A>
[Brother USB Mass-Storage Lower Filter Driver / BrFiltLo][Stopped/Manual Start]
<\SystemRoot\system32\drivers\BrFiltLo.sys><Brother Industries, Ltd.>
[Brother USB Mass-Storage Upper Filter Driver / BrFiltUp][Stopped/Manual Start]
<\SystemRoot\system32\drivers\BrFiltUp.sys><Brother Industries, Ltd.>
[Brother MFC Serial Port Interface Driver (WDM) / Brserid][Stopped/Manual Start]
<\SystemRoot\System32\Drivers\Brserid.sys><Brother Industries Ltd.>
[Brother WDM Serial driver / BrSerWdm][Stopped/Manual Start]
<\SystemRoot\System32\Drivers\BrSerWdm.sys><Brother Industries Ltd.>
[Brother MFC USB Fax Only Modem / BrUsbMdm][Stopped/Manual Start]
<\SystemRoot\System32\Drivers\BrUsbMdm.sys><Brother Industries Ltd.>
[Brother MFC USB Serial WDM Driver / BrUsbSer][Stopped/Manual Start]
<\SystemRoot\System32\Drivers\BrUsbSer.sys><Brother Industries Ltd.>
[cmdide / cmdide][Stopped/Manual Start]
<\SystemRoot\system32\drivers\cmdide.sys><CMD Technology, Inc.>
[cpuz132 / cpuz132][Stopped/Manual Start]
<\??\C:\Users\mdtx\AppData\Local\Temp\DTL132\DTL132_x32.sys><N/A>
[Broadcom NetXtreme II 10 GigE VBD / ebdrv][Stopped/Manual Start]
<\SystemRoot\system32\drivers\evbdx.sys><Broadcom Corporation>
[elxstor / elxstor][Stopped/Manual Start]
<\SystemRoot\system32\drivers\elxstor.sys><Emulex>
[Hauppauge Consumer Infrared Receiver / hcw85cir][Stopped/Manual Start]
<\SystemRoot\system32\drivers\hcw85cir.sys><Hauppauge Computer Works, Inc.>
[HpSAMD / HpSAMD][Stopped/Manual Start]
<\SystemRoot\system32\drivers\HpSAMD.sys><Hewlett-Packard Company>
[HTC Device Driver / HTCAND32][Stopped/Manual Start]
<System32\Drivers\ANDROIDUSB.sys><HTC1124 Inc>
[HWiNFO32/64 Kernel Driver / HWiNFO32][Running/System Start]
<\??\g:\Program Files\MyDrivers\DriverGenius2011\Mydrivers32.SYS><REALiX(tm)>
[iaStorV / iaStorV][Stopped/Manual Start]
<\SystemRoot\system32\drivers\iaStorV.sys><Intel Corporation>
[iirsp / iirsp][Stopped/Manual Start]
<\SystemRoot\system32\drivers\iirsp.sys><Intel Corp./ICP vortex GmbH>
[Service for Realtek HD Audio (WDM) / IntcAzAudAddService][Running/Manual Start]
<system32\drivers\RTKVHDA.sys><Realtek Semiconductor Corp.>
[LSI_FC / LSI_FC][Stopped/Manual Start]
<\SystemRoot\system32\drivers\lsi_fc.sys><LSI Corporation>
[LSI_SAS / LSI_SAS][Stopped/Manual Start]
<\SystemRoot\system32\drivers\lsi_sas.sys><LSI Corporation>
[LSI_SAS2 / LSI_SAS2][Stopped/Manual Start]
<\SystemRoot\system32\drivers\lsi_sas2.sys><LSI Corporation>
[LSI_SCSI / LSI_SCSI][Stopped/Manual Start]
<\SystemRoot\system32\drivers\lsi_scsi.sys><LSI Corporation>
[megasas / megasas][Stopped/Manual Start]
<\SystemRoot\system32\drivers\megasas.sys><LSI Corporation>
[MegaSR / MegaSR][Stopped/Manual Start]
<\SystemRoot\system32\drivers\MegaSR.sys><LSI Corporation, Inc.>
[mp110001 / mp110001][Running/Auto Start]
<system32\drivers\mp110001.sys><Micropoint Corporation>
[mp110002 / mp110002][Running/Auto Start]
<system32\drivers\mp110002.sys><Micropoint Corporation>
[mp110003 / mp110003][Running/Boot Start]
<\SystemRoot\system32\drivers\mp110003.sys><Micropoint Corporation>
[mp110004 / mp110004][Running/Auto Start]
<system32\drivers\mp110004.sys><Micropoint Corporation>
[mp110005 / mp110005][Running/Manual Start]
<system32\drivers\mp110005.sys><Micropoint Corporation>
[mp110006 / mp110006][Running/System Start]
<system32\DRIVERS\mp110006.sys><Micropoint Corporation>
[mp110007 / mp110007][Running/System Start]
<system32\DRIVERS\mp110007.sys><Micropoint Corporation>
[mp110008 / mp110008][Running/Auto Start]
<system32\drivers\mp110008.sys><Micropoint Corporation>
[mp110009 / mp110009][Running/System Start]
<system32\drivers\mp110009.sys><Micropoint Corporation>
[mp110010 / mp110010][Running/Boot Start]
<\SystemRoot\system32\drivers\mp110010.sys><Micropoint Corporation>
[mp110011 / mp110011][Running/System Start]
<system32\drivers\mp110011.sys><Micropoint Corporation>
[mp110012 / mp110012][Running/Boot Start]
<\SystemRoot\system32\drivers\mp110012.sys><Micropoint Corporation>
[mp110013 / mp110013][Running/Boot Start]
<\SystemRoot\system32\drivers\mp110013.sys><Micropoint Corporation>
[Micropoint Net Filter / mp110014][Running/Manual Start]
<system32\DRIVERS\mp110014.sys><Micropoint Corporation>
[mp110020 / mp110020][Running/Boot Start]
<\SystemRoot\system32\drivers\mp110020.sys><Micropoint Corporation>
[mp110021 / mp110021][Running/System Start]
<system32\drivers\mp110021.sys><Micropoint Corporation>
[mp110022 / mp110022][Running/System Start]
<system32\drivers\mp110022.sys><Micropoint Corporation>
[ATK0110 ACPI UTILITY / MTsensor][Running/Manual Start]
<system32\DRIVERS\ASACPI.sys><>
[nfrd960 / nfrd960][Stopped/Manual Start]
<\SystemRoot\system32\drivers\nfrd960.sys><IBM Corporation>
[Service for NVIDIA High Definition Audio Driver / NVHDA][Running/Manual Start]
<system32\drivers\nvhda32v.sys><NVIDIA Corporation>
[nvlddmkm / nvlddmkm][Running/Manual Start]
<system32\DRIVERS\nvlddmkm.sys><NVIDIA Corporation>
[nvraid / nvraid][Stopped/Manual Start]
<\SystemRoot\system32\drivers\nvraid.sys><NVIDIA Corporation>
[nvstor / nvstor][Stopped/Manual Start]
<\SystemRoot\system32\drivers\nvstor.sys><NVIDIA Corporation>
[ql2300 / ql2300][Stopped/Manual Start]
<\SystemRoot\system32\drivers\ql2300.sys><QLogic Corporation>
[ql40xx / ql40xx][Stopped/Manual Start]
<\SystemRoot\system32\drivers\ql40xx.sys><QLogic Corporation>
[Realtek 8167 NT Driver / RTL8167][Running/Manual Start]
<system32\DRIVERS\Rt86win7.sys><Realtek>
[SiSRaid2 / SiSRaid2][Stopped/Manual Start]
<\SystemRoot\system32\drivers\SiSRaid2.sys><Silicon Integrated Systems Corp.>
[SiSRaid4 / SiSRaid4][Stopped/Manual Start]
<\SystemRoot\system32\drivers\sisraid4.sys><Silicon Integrated Systems>
[stexstor / stexstor][Stopped/Manual Start]
<\SystemRoot\system32\drivers\stexstor.sys><Promise Technology>
[VGPU / VGPU][Stopped/Manual Start]
<System32\drivers\rdvgkmd.sys><N/A>
[viaide / viaide][Stopped/Manual Start]
<\SystemRoot\system32\drivers\viaide.sys><VIA Technologies, Inc.>
[vsmraid / vsmraid][Stopped/Manual Start]
<\SystemRoot\system32\drivers\vsmraid.sys><VIA Technologies Inc.,Ltd>
[Look 312P / ZSMC301b][Stopped/Manual Start]
<System32\Drivers\usbVM31b.sys><VM>
==================================
浏览器加载项
[ICBC Anti-Phishing class]
{BB4491A2-D11A-4c6b-91C0-B53246A3122B} <C:\Program Files\ICBCEbankTools\ICBCAntiPhishing\ICBC_WIN32\Icbc_AntiPhishing.dll, (Signed) 中国工商银行>
[Axcleanctrl Class]
{36C9539B-49D2-01C7-9C6D-10DACDFEA59C} <C:\Windows\system32\icbcclean.dll, (Signed) >
[GDGetTokenInfo Class]
{3AA9CF07-DF20-48FF-98BE-DED276E40146} <C:\Windows\system32\GDREAD~1.DLL, (Signed) >
[EditCtrl Class]
{488A4255-3236-44B3-8F27-FA1AECAA8844} <C:\Windows\system32\aliedit\aliedit.dll, (Signed) >
[SfEdit32 Control]
{69A5F9C4-01CB-470B-8161-CE67313E3CF4} <C:\Windows\system32\99Bill\SfEdit32.dll, (Signed) 99BILL Corp.>
[AxInputControl Class]
{73E4740C-08EB-4133-896B-8D0A7C9EE3CD} <C:\Windows\system32\InputControl.dll, (Signed) >
[GDGetVer Class]
{7CCE07A5-A590-4554-B5C3-082840D7012E} <C:\Windows\DOWNLO~1\ICBC_G~1.DLL, (Signed) >
[InfoSecICBCNetSign Class]
{B1FBC1AD-5644-4084-882A-0F8BA85E7506} <C:\Windows\DOWNLO~1\ICBC_N~1.DLL, (Signed) Infosec Technologies Co., Ltd.>
[Shockwave Flash Object]
{D27CDB6E-AE6D-11CF-96B8-444553540000} <C:\Windows\system32\Macromed\Flash\Flash10u.ocx, (Signed) Adobe Systems, Inc.>
[InstallHelper Class]
{1DABF8D5-8430-4985-9B7F-A30E53D709B3} <G:\绿色软件\QQ\Plugin\Com.Tencent.QQMusic\bin\QQMusic\MMInstaller.dll, (Signed) Tencent>
[HTML Document]
{25336920-03F9-11CF-8FD0-00AA00686F13} <C:\Windows\System32\mshtml.dll, (Signed) Microsoft Corporation>
[Axcleanctrl Class]
{36C9539B-49D2-01C7-9C6D-10DACDFEA59C} <C:\Windows\system32\icbcclean.dll, (Signed) >
[GDGetTokenInfo Class]
{3AA9CF07-DF20-48FF-98BE-DED276E40146} <C:\Windows\system32\GDREAD~1.DLL, (Signed) >
[EditCtrl Class]
{488A4255-3236-44B3-8F27-FA1AECAA8844} <C:\Windows\system32\aliedit\aliedit.dll, (Signed) >
[SfEdit32 Control]
{69A5F9C4-01CB-470B-8161-CE67313E3CF4} <C:\Windows\system32\99Bill\SfEdit32.dll, (Signed) 99BILL Corp.>
[Windows Media Player]
{6BF52A52-394A-11D3-B153-00C04F79FAA6} <%SystemRoot%\system32\wmp.dll, (Signed) N/A>
[AxInputControl Class]
{73E4740C-08EB-4133-896B-8D0A7C9EE3CD} <C:\Windows\system32\InputControl.dll, (Signed) >
[GDGetVer Class]
{7CCE07A5-A590-4554-B5C3-082840D7012E} <C:\Windows\DOWNLO~1\ICBC_G~1.DLL, (Signed) >
[Microsoft Web Browser]
{8856F961-340A-11D0-A96B-00C04FD705A2} <C:\Windows\System32\ieframe.dll, (Signed) Microsoft Corporation>
[XML DOM Document 6.0]
{88D96A05-F192-11D4-A65F-0040963251E5} <%SystemRoot%\System32\msxml6.dll, (Signed) N/A>
[InfoSecICBCNetSign Class]
{B1FBC1AD-5644-4084-882A-0F8BA85E7506} <C:\Windows\DOWNLO~1\ICBC_N~1.DLL, (Signed) Infosec Technologies Co., Ltd.>
[Shockwave Flash Object]
{D27CDB6E-AE6D-11CF-96B8-444553540000} <C:\Windows\system32\Macromed\Flash\Flash10u.ocx, (Signed) Adobe Systems, Inc.>
[PlayerCtrl Class]
{E05BC2A3-9A46-4a32-80C9-023A473F5B23} <G:\绿色软件\QQ\Plugin\Com.Tencent.QQMusic\bin\QQMusic\QzoneMusic.dll, (Signed) Tencent>
[SSOForPTLogin2 Class]
{EAAED308-7322-4B9B-965E-171933ADD473} <C:\Program Files\Common Files\Tencent\TXSSO\1.2.1.30\Bin\SSOAxCtrlForPTLogin.dll, (Signed) >
[TimwpDll.TimwpCheck]
{ED4CA2E5-0EEA-44C1-AD7E-74A07A7507A4} <G:\绿色软件\QQ\Bin\Timwp.dll, (Signed) Tencent>
[XML HTTP Request]
{ED8C108E-4349-11D2-91A4-00C04F7969E8} <%SystemRoot%\System32\msxml3.dll, (Signed) N/A>
[XML HTTP]
{F6D90F16-9C73-11D3-B32E-00C04F990BB4} <%SystemRoot%\System32\msxml3.dll, (Signed) N/A>
==================================
正在运行的进程
[PID: 296 / SYSTEM][\SystemRoot\System32\smss.exe] [(Verified) Microsoft Corporation, 6.1.7600.16385 (win7_rtm.090713-1255)]
[PID: 456 / SYSTEM][C:\Windows\system32\csrss.exe] [(Verified) Microsoft Corporation, 6.1.7600.16385 (win7_rtm.090713-1255)]
[PID: 524 / SYSTEM][C:\Windows\system32\wininit.exe] [(Verified) Microsoft Corporation, 6.1.7600.16385 (win7_rtm.090713-1255)]
[f:\Program Files\Micropoint\mp110031.dll] [Micropoint Corporation, 2.0.47.1498]
[PID: 532 / SYSTEM][C:\Windows\system32\csrss.exe] [(Verified) Microsoft Corporation, 6.1.7600.16385 (win7_rtm.090713-1255)]
[PID: 576 / SYSTEM][C:\Windows\system32\services.exe] [(Verified) Microsoft Corporation, 6.1.7600.16385 (win7_rtm.090713-1255)]
[f:\Program Files\Micropoint\mp110031.dll] [Micropoint Corporation, 2.0.47.1498]
[C:\Program Files\木马清除大师2010安全套装\木马清除大师防火墙2010\BeatWall.dll] [Lofocus(洛克思)安全实验室, 2, 0, 0, 1]
[PID: 600 / SYSTEM][C:\Windows\system32\lsass.exe] [(Verified) Microsoft Corporation, 6.1.7600.16385 (win7_rtm.090713-1255)]
[PID: 608 / SYSTEM][C:\Windows\system32\lsm.exe] [(Verified) Microsoft Corporation, 6.1.7600.16385 (win7_rtm.090713-1255)]
[f:\Program Files\Micropoint\mp110031.dll] [Micropoint Corporation, 2.0.47.1498]
[PID: 644 / SYSTEM][C:\Windows\system32\winlogon.exe] [(Verified) Microsoft Corporation, 6.1.7601.17514 (win7sp1_rtm.101119-1850)]
[PID: 760 / SYSTEM][C:\Windows\system32\svchost.exe] [(Verified) Microsoft Corporation, 6.1.7600.16385 (win7_rtm.090713-1255)]
[f:\Program Files\Micropoint\mp110031.dll] [Micropoint Corporation, 2.0.47.1498]
[PID: 824 / SYSTEM][C:\Windows\system32\nvvsvc.exe] [NVIDIA Corporation, 8.17.12.7080]
[f:\Program Files\Micropoint\mp110031.dll] [Micropoint Corporation, 2.0.47.1498]
[C:\Program Files\NVIDIA Corporation\Display\NVXDBat.dll] [NVIDIA Corporation, 7.17.12.7080]
[PID: 968 / NETWORK SERVICE][C:\Windows\system32\svchost.exe] [(Verified) Microsoft Corporation, 6.1.7600.16385 (win7_rtm.090713-1255)]
[C:\Program Files\木马清除大师2010安全套装\木马清除大师防火墙2010\BeatWall.dll] [Lofocus(洛克思)安全实验室, 2, 0, 0, 1]
[f:\Program Files\Micropoint\mp110031.dll] [Micropoint Corporation, 2.0.47.1498]
[PID: 1096 / LOCAL SERVICE][C:\Windows\System32\svchost.exe] [(Verified) Microsoft Corporation, 6.1.7600.16385 (win7_rtm.090713-1255)]
[f:\Program Files\Micropoint\mp110031.dll] [Micropoint Corporation, 2.0.47.1498]
[PID: 1480 / SYSTEM][C:\Windows\System32\svchost.exe] [(Verified) Microsoft Corporation, 6.1.7600.16385 (win7_rtm.090713-1255)]
[f:\Program Files\Micropoint\mp110031.dll] [Micropoint Corporation, 2.0.47.1498]
[PID: 1608 / SYSTEM][C:\Windows\system32\svchost.exe] [(Verified) Microsoft Corporation, 6.1.7600.16385 (win7_rtm.090713-1255)]
[f:\Program Files\Micropoint\mp110031.dll] [Micropoint Corporation, 2.0.47.1498]
[C:\Program Files\木马清除大师2010安全套装\木马清除大师防火墙2010\BeatWall.dll] [Lofocus(洛克思)安全实验室, 2, 0, 0, 1]
[PID: 1920 / LOCAL SERVICE][C:\Windows\system32\svchost.exe] [(Verified) Microsoft Corporation, 6.1.7600.16385 (win7_rtm.090713-1255)]
[f:\Program Files\Micropoint\mp110031.dll] [Micropoint Corporation, 2.0.47.1498]
[PID: 128 / NETWORK SERVICE][C:\Windows\system32\svchost.exe] [(Verified) Microsoft Corporation, 6.1.7600.16385 (win7_rtm.090713-1255)]
[f:\Program Files\Micropoint\mp110031.dll] [Micropoint Corporation, 2.0.47.1498]
[PID: 468 / SYSTEM][C:\Program Files\NVIDIA Corporation\Display\NvXDSync.exe] [NVIDIA Corporation, 7.17.12.7080]
[f:\Program Files\Micropoint\mp110031.dll] [Micropoint Corporation, 2.0.47.1498]
[C:\Program Files\NVIDIA Corporation\Display\NVXDApiX.dll] [NVIDIA Corporation, 7.17.12.7080]
[C:\Program Files\NVIDIA Corporation\Display\NvUI.dll] [NVIDIA Corporation, 7.17.12.7080]
[C:\Windows\system32\nvapi.dll] [NVIDIA Corporation, 8.17.12.7080]
[C:\Program Files\NVIDIA Corporation\Display\NVXDBat.dll] [NVIDIA Corporation, 7.17.12.7080]
[PID: 348 / SYSTEM][C:\Windows\system32\nvvsvc.exe] [NVIDIA Corporation, 8.17.12.7080]
[f:\Program Files\Micropoint\mp110031.dll] [Micropoint Corporation, 2.0.47.1498]
[C:\Windows\system32\NVSVC.DLL] [NVIDIA Corporation, 8.17.12.7080]
[C:\Windows\system32\nvapi.dll] [NVIDIA Corporation, 8.17.12.7080]
[C:\Windows\system32\NVSVCR.DLL] [NVIDIA Corporation, 8.17.12.7080]
[C:\Program Files\NVIDIA Corporation\Display\NVXDBat.dll] [NVIDIA Corporation, 7.17.12.7080]
[C:\Program Files\NVIDIA Corporation\Display\NVXDPlcy.dll] [NVIDIA Corporation, 7.17.12.7080]
[PID: 1708 / SYSTEM][C:\Windows\System32\spoolsv.exe] [(Verified) Microsoft Corporation, 6.1.7600.16385 (win7_rtm.090713-1255)]
[f:\Program Files\Micropoint\mp110031.dll] [Micropoint Corporation, 2.0.47.1498]
[C:\Program Files\木马清除大师2010安全套装\木马清除大师防火墙2010\BeatWall.dll] [Lofocus(洛克思)安全实验室, 2, 0, 0, 1]
[PID: 1712 / SYSTEM][C:\Windows\system32\taskeng.exe] [(Verified) Microsoft Corporation, 6.1.7600.16385 (win7_rtm.090713-1255)]
[PID: 1980 / SYSTEM][g:\PROGRA~1\SOGOUI~1\600~1.623\SGTool.exe] [Sogou.com Inc., 6.0.0.6236]
[f:\Program Files\Micropoint\mp110031.dll] [Micropoint Corporation, 2.0.47.1498]
[PID: 316 / LOCAL SERVICE][C:\Windows\system32\svchost.exe] [(Verified) Microsoft Corporation, 6.1.7600.16385 (win7_rtm.090713-1255)]
[f:\Program Files\Micropoint\mp110031.dll] [Micropoint Corporation, 2.0.47.1498]
[C:\Program Files\木马清除大师2010安全套装\木马清除大师防火墙2010\BeatWall.dll] [Lofocus(洛克思)安全实验室, 2, 0, 0, 1]
[PID: 2164 / SYSTEM][C:\Program Files\ICBCEbankTools\ICBCAntiPhishing\ICBC_WIN32\IcbcDaemon.exe] [N/A, ]
[f:\Program Files\Micropoint\mp110031.dll] [Micropoint Corporation, 2.0.47.1498]
[PID: 2276 / SYSTEM][C:\Program Files\木马清除大师2010安全套装\木马清除大师2010\BeatTrojanShields.exe] [Lofocus(洛克思)安全实验室, 4, 6, 0, 0]
[f:\Program Files\Micropoint\mp110031.dll] [Micropoint Corporation, 2.0.47.1498]
[PID: 2772 / NETWORK SERVICE][C:\Windows\system32\svchost.exe] [(Verified) Microsoft Corporation, 6.1.7600.16385 (win7_rtm.090713-1255)]
[f:\Program Files\Micropoint\mp110031.dll] [Micropoint Corporation, 2.0.47.1498]
[C:\Program Files\木马清除大师2010安全套装\木马清除大师防火墙2010\BeatWall.dll] [Lofocus(洛克思)安全实验室, 2, 0, 0, 1]
[PID: 2964 / mdtx][C:\Windows\system32\taskhost.exe] [(Verified) Microsoft Corporation, 6.1.7600.16385 (win7_rtm.090713-1255)]
[PID: 3060 / mdtx][C:\Windows\system32\Dwm.exe] [(Verified) Microsoft Corporation, 6.1.7600.16385 (win7_rtm.090713-1255)]
[C:\Windows\system32\nvwgf2um.dll] [NVIDIA Corporation, 8.17.12.7080]
[PID: 3108 / mdtx][C:\Windows\Explorer.EXE] [(Verified) Microsoft Corporation, 6.1.7600.16385 (win7_rtm.090713-1255)]
[f:\Program Files\Micropoint\mp110031.dll] [Micropoint Corporation, 2.0.47.1498]
[C:\Program Files\木马清除大师2010安全套装\木马清除大师2010\BtHelpSeven.dll] [Lofocus (洛克思)安全实验室, 6, 0, 0, 0]
[C:\Windows\system32\FXSAPI.dll] [Microsoft Corporation, 6.1.7600.16385 (win7_rtm.090713-1255)]
[PID: 3576 / mdtx][C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe] [Realtek Semiconductor, 1, 0, 0, 667]
[f:\Program Files\Micropoint\mp110031.dll] [Micropoint Corporation, 2.0.47.1498]
[C:\Windows\system32\RTCOM\RtkCfg.dll] [Realtek Semiconductor Corp., 1.0.0.2]
[C:\Windows\system32\RtkAPO.dll] [Realtek Semiconductor Corp., 11, 0, 6000, 216]
[PID: 3604 / mdtx][C:\Program Files\木马清除大师2010安全套装\木马清除大师防火墙2010\BeatTrojanWall.exe] [Lofocus(洛克思)安全实验室, 2.0.0.1]
[C:\Program Files\木马清除大师2010安全套装\木马清除大师防火墙2010\BeatWall.dll] [Lofocus(洛克思)安全实验室, 2, 0, 0, 1]
[f:\Program Files\Micropoint\mp110031.dll] [Micropoint Corporation, 2.0.47.1498]
[C:\Program Files\木马清除大师2010安全套装\木马清除大师防火墙2010\Office2007Black.dll] [Codejock Software, 12, 0, 1, 0]
[C:\Program Files\木马清除大师2010安全套装\木马清除大师防火墙2010\CheckPE.dll] [N/A, ]
[PID: 3616 / mdtx][C:\Program Files\Windows Sidebar\sidebar.exe] [Microsoft Corporation, 6.1.7600.16385 (win7_rtm.090713-1255)]
[f:\Program Files\MPAV\mp110200.dll] [Micropoint Corporation, 1, 2, 10581, 19]
[PID: 3808 / SYSTEM][C:\Windows\system32\wbem\wmiprvse.exe] [(Verified) Microsoft Corporation, 6.1.7601.17514 (win7sp1_rtm.101119-1850)]
[PID: 3932 / SYSTEM][C:\Program Files\木马清除大师2010安全套装\木马清除大师2010\BeatTrojanMon.exe] [Lofocus(洛克思)安全实验室, 6, 0, 0, 0]
[f:\Program Files\Micropoint\mp110031.dll] [Micropoint Corporation, 2.0.47.1498]
[C:\Program Files\木马清除大师2010安全套装\木马清除大师2010\BtHelpOne.dll] [Lofocus(洛克思)安全实验室, 4, 6, 0, 0]
[C:\Program Files\木马清除大师2010安全套装\木马清除大师2010\EgHelperOne.dll] [Lofocus(洛克思)安全实验室, 5, 0, 0, 0]
[C:\Program Files\木马清除大师2010安全套装\木马清除大师2010\BtHelpThree.dll] [Lofocus(洛克思)安全实验室, 4, 6, 0, 0]
[C:\Program Files\木马清除大师2010安全套装\木马清除大师2010\SystemGuardDelete.dll] [Lofocus(洛克思)安全实验室, 4, 6, 0, 0]
[C:\Program Files\木马清除大师2010安全套装\木马清除大师2010\BtHelpEight.dll] [Lofocus(洛克思)安全实验室, 4, 6, 0, 0]
[C:\Program Files\木马清除大师2010安全套装\木马清除大师2010\SystemGuardHelper.dll] [Lofocus(洛克思)安全实验室, 4, 6, 0, 0]
[C:\Program Files\木马清除大师2010安全套装\木马清除大师2010\BtHelpTwo.dll] [Lofocus(洛克思)安全实验室, 5, 0, 0, 0]
[C:\Program Files\木马清除大师2010安全套装\木马清除大师2010\Office2007Black.dll] [Codejock Software, 12, 0, 1, 0]
[PID: 1748 / SYSTEM][C:\Windows\system32\SearchIndexer.exe] [(Verified) Microsoft Corporation, 7.00.7600.16385 (win7_rtm.090713-1255)]
[PID: 2500 / mdtx][C:\Windows\system32\SearchProtocolHost.exe] [(Verified) Microsoft Corporation, 7.00.7600.16385 (win7_rtm.090713-1255)]
[PID: 2488 / SYSTEM][C:\Windows\system32\SearchFilterHost.exe] [(Verified) Microsoft Corporation, 7.00.7600.16385 (win7_rtm.090713-1255)]
[PID: 3516 / mdtx][C:\Users\mdtx\AppData\Local\Temp\HZ$D.173.2516\HZ$D.173.2517\SREngLdr.EXE] [Smallfrogs Studio, 2.8.4.1331]
[f:\Program Files\Micropoint\mp110031.dll] [Micropoint Corporation, 2.0.47.1498]
[PID: 3504 / mdtx][C:\Users\mdtx\AppData\Local\Temp\HZ$D.173.2516\HZ$D.173.2517\SRE2c5db0ca.EXE] [Smallfrogs Studio, 2.8.4.1331]
[f:\Program Files\Micropoint\mp110031.dll] [Micropoint Corporation, 2.0.47.1498]
[C:\Program Files\木马清除大师2010安全套装\木马清除大师防火墙2010\BeatWall.dll] [Lofocus(洛克思)安全实验室, 2, 0, 0, 1]
==================================
文件关联
.TXT OK. [%SystemRoot%\system32\NOTEPAD.EXE %1]
.EXE OK. ["%1" %*]
.COM OK. ["%1" %*]
.PIF OK. ["%1" %*]
.REG OK. [regedit.exe "%1"]
.BAT OK. ["%1" %*]
.SCR OK. ["%1" /S]
.CHM OK. ["%SystemRoot%\hh.exe" %1]
.HLP OK. [%SystemRoot%\winhlp32.exe %1]
.INI OK. [%SystemRoot%\system32\NOTEPAD.EXE %1]
.INF OK. [%SystemRoot%\system32\NOTEPAD.EXE %1]
.VBS OK. ["%SystemRoot%\System32\WScript.exe" "%1" %*]
.JS OK. [%SystemRoot%\System32\WScript.exe "%1" %*]
.LNK OK. [{00021401-0000-0000-C000-000000000046}]
==================================
Winsock 提供者
BeatTrojanWall over [MSAFD Tcpip [TCP/IP]]
C:\Program Files\木马清除大师2010安全套装\木马清除大师防火墙2010\BeatWall.dll(Lofocus(洛克思)安全实验室, 木马清除大师防火墙组件)
BeatTrojanWall over [MSAFD Tcpip [UDP/IP]]
C:\Program Files\木马清除大师2010安全套装\木马清除大师防火墙2010\BeatWall.dll(Lofocus(洛克思)安全实验室, 木马清除大师防火墙组件)
BeatTrojanWall over [RSVP TCP 服务提供商]
C:\Program Files\木马清除大师2010安全套装\木马清除大师防火墙2010\BeatWall.dll(Lofocus(洛克思)安全实验室, 木马清除大师防火墙组件)
BeatTrojanWall over [RSVP UDP 服务提供商]
C:\Program Files\木马清除大师2010安全套装\木马清除大师防火墙2010\BeatWall.dll(Lofocus(洛克思)安全实验室, 木马清除大师防火墙组件)
BeatTrojanWall
C:\Program Files\木马清除大师2010安全套装\木马清除大师防火墙2010\BeatWall.dll(Lofocus(洛克思)安全实验室, 木马清除大师防火墙组件)
==================================
Autorun.inf
N/A
==================================
HOSTS 文件
N/A
==================================
进程特权扫描
N/A
==================================
计划任务
[已启用] \\Drivergenius drivers check service
g:\Program Files\MyDrivers\DriverGenius2011\DriverGenius.exe -static
[已启用] \\SogouImeMgr
g:\PROGRA~1\SOGOUI~1\600~1.623\SGTool.exe --appid=pinyinrepair /S
[已启用] \\WpsUpdateTask_mdtx
g:\Program Files\Kingsoft\WPS Office Personal\office6\wpsupdate.exe -from=task
[已禁用] \Microsoft\Windows\Active Directory Rights Management Services Client\AD RMS Rights Policy Template Management (Automated)
N/A
[已启用] \Microsoft\Windows\Active Directory Rights Management Services Client\AD RMS Rights Policy Template Management (Manual)
N/A
[已禁用] \Microsoft\Windows\AppID\PolicyConverter
%windir%\system32\appidpolicyconverter.exe
[已禁用] \Microsoft\Windows\AppID\VerifiedPublisherCertStoreCheck
%windir%\system32\appidcertstorecheck.exe
[已启用] \Microsoft\Windows\Application Experience\AitAgent
aitagent
[已启用] \Microsoft\Windows\Application Experience\ProgramDataUpdater
%windir%\system32\rundll32.exe aepdu.dll,AePduRunUpdate
[已启用] \Microsoft\Windows\Autochk\Proxy
%windir%\system32\rundll32.exe /d acproxy.dll,PerformAutochkOperations
[已启用] \Microsoft\Windows\Bluetooth\UninstallDeviceTask
BthUdTask.exe $(Arg0)
[已启用] \Microsoft\Windows\CertificateServicesClient\SystemTask
N/A
[已启用] \Microsoft\Windows\CertificateServicesClient\UserTask
N/A
[已禁用] \Microsoft\Windows\CertificateServicesClient\UserTask-Roam
N/A
[已启用] \Microsoft\Windows\Customer Experience Improvement Program\Consolidator
%SystemRoot%\System32\wsqmcons.exe
[已启用] \Microsoft\Windows\Defrag\ScheduledDefrag
%windir%\system32\defrag.exe -c
[已启用] \Microsoft\Windows\Location\Notifications
%windir%\System32\LocationNotifications.exe
[已启用] \Microsoft\Windows\Maintenance\WinSAT
N/A
[已启用] \Microsoft\Windows\Media Center\ActivateWindowsSearch
%SystemRoot%\ehome\ehPrivJob.exe /DoActivateWindowsSearch
[已启用] \Microsoft\Windows\Media Center\ConfigureInternetTimeService
%SystemRoot%\ehome\ehPrivJob.exe /DoConfigureInternetTimeService
[已启用] \Microsoft\Windows\Media Center\DispatchRecoveryTasks
%SystemRoot%\ehome\ehPrivJob.exe /DoRecoveryTasks $(Arg0)
[已启用] \Microsoft\Windows\Media Center\ehDRMInit
%SystemRoot%\ehome\ehPrivJob.exe /DRMInit
[已启用] \Microsoft\Windows\Media Center\InstallPlayReady
%SystemRoot%\ehome\ehPrivJob.exe /InstallPlayReady $(Arg0)
[已启用] \Microsoft\Windows\Media Center\mcupdate
%SystemRoot%\ehome\mcupdate $(Arg0)
[已启用] \Microsoft\Windows\Media Center\MediaCenterRecoveryTask
%SystemRoot%\ehome\mcupdate.exe -MediaCenterRecoveryTask
[已启用] \Microsoft\Windows\Media Center\MediaCenterRecoveryTask
%SystemRoot%\ehome\mcupdate.exe -MediaCenterRecoveryTask
[已启用] \Microsoft\Windows\Media Center\ObjectStoreRecoveryTask
%SystemRoot%\ehome\mcupdate.exe -ObjectStoreRecoveryTask
[已启用] \Microsoft\Windows\Media Center\ObjectStoreRecoveryTask
%SystemRoot%\ehome\mcupdate.exe -ObjectStoreRecoveryTask
[已启用] \Microsoft\Windows\Media Center\OCURActivate
%SystemRoot%\ehome\ehPrivJob.exe /OCURActivate
[已启用] \Microsoft\Windows\Media Center\OCURDiscovery
%SystemRoot%\ehome\ehPrivJob.exe /OCURDiscovery $(Arg0)
[已启用] \Microsoft\Windows\Media Center\PBDADiscovery
%SystemRoot%\ehome\ehPrivJob.exe /PBDADiscovery
[已启用] \Microsoft\Windows\Media Center\PBDADiscoveryW1
%SystemRoot%\ehome\ehPrivJob.exe /wait:7 /PBDADiscovery
[已启用] \Microsoft\Windows\Media Center\PBDADiscoveryW2
%SystemRoot%\ehome\ehPrivJob.exe /wait:90 /PBDADiscovery
[已禁用] \Microsoft\Windows\Media Center\PeriodicScanRetry
%windir%\ehome\MCUpdate.exe -pscn 0
[已启用] \Microsoft\Windows\Media Center\PvrRecoveryTask
%SystemRoot%\ehome\mcupdate.exe -PvrRecoveryTask
[已启用] \Microsoft\Windows\Media Center\PvrRecoveryTask
%SystemRoot%\ehome\mcupdate.exe -PvrRecoveryTask
[已启用] \Microsoft\Windows\Media Center\PvrScheduleTask
%SystemRoot%\ehome\mcupdate.exe -PvrSchedule
[已启用] \Microsoft\Windows\Media Center\PvrScheduleTask
%SystemRoot%\ehome\mcupdate.exe -PvrSchedule
[已禁用] \Microsoft\Windows\Media Center\RecordingRestart
%SystemRoot%\ehome\ehrec /RestartRecording
[已启用] \Microsoft\Windows\Media Center\RegisterSearch
%SystemRoot%\ehome\ehPrivJob.exe /DoRegisterSearch $(Arg0)
[已启用] \Microsoft\Windows\Media Center\ReindexSearchRoot
%SystemRoot%\ehome\ehPrivJob.exe /DoReindexSearchRoot
[已启用] \Microsoft\Windows\Media Center\SqlLiteRecoveryTask
%SystemRoot%\ehome\mcupdate.exe -SqlLiteRecoveryTask
[已启用] \Microsoft\Windows\Media Center\SqlLiteRecoveryTask
%SystemRoot%\ehome\mcupdate.exe -SqlLiteRecoveryTask
[已启用] \Microsoft\Windows\Media Center\StartRecording
%SystemRoot%\ehome\ehrec /StartRecording
[已启用] \Microsoft\Windows\Media Center\UpdateRecordPath
%SystemRoot%\ehome\ehPrivJob.exe /DoUpdateRecordPath $(Arg0)
[已启用] \Microsoft\Windows\MobilePC\HotStart
N/A
[已启用] \Microsoft\Windows\MUI\LPRemove
%windir%\system32\lpremove.exe
[已启用] \Microsoft\Windows\Multimedia\SystemSoundsService
N/A
[已启用] \Microsoft\Windows\NetTrace\GatherNetworkInfo
%windir%\system32\gatherNetworkInfo.vbs
[已禁用] \Microsoft\Windows\Offline Files\Background Synchronization
N/A
[已禁用] \Microsoft\Windows\Offline Files\Logon Synchronization
N/A
[已启用] \Microsoft\Windows\Power Efficiency Diagnostics\AnalyzeSystem
%SystemRoot%\System32\powercfg.exe -energy -auto
[已启用] \Microsoft\Windows\Ras\MobilityManager
N/A
[已禁用] \Microsoft\Windows\SideShow\AutoWake
N/A
[已启用] \Microsoft\Windows\SideShow\GadgetManager
N/A
[已禁用] \Microsoft\Windows\SideShow\SessionAgent
N/A
[已禁用] \Microsoft\Windows\SideShow\SystemDataProviders
N/A
[已启用] \Microsoft\Windows\SystemRestore\SR
%windir%\system32\rundll32.exe /d srrstr.dll,ExecuteScheduledSPPCreation
[已启用] \Microsoft\Windows\Tcpip\IpAddressConflict1
%windir%\system32\rundll32.exe ndfapi.dll,NdfRunDllDuplicateIPOffendingSystem
[已启用] \Microsoft\Windows\Tcpip\IpAddressConflict2
%windir%\system32\rundll32.exe ndfapi.dll,NdfRunDllDuplicateIPDefendingSystem
[已启用] \Microsoft\Windows\Time Synchronization\SynchronizeTime
%windir%\system32\sc.exe start w32time task_started
[已启用] \Microsoft\Windows\UPnP\UPnPHostConfig
sc.exe config upnphost start= auto
[已禁用] \Microsoft\Windows\User Profile Service\HiveUploadTask
N/A
[已启用] \Microsoft\Windows\Windows Error Reporting\QueueReporting
%windir%\system32\wermgr.exe -queuereporting
[已启用] \Microsoft\Windows\Windows Media Sharing\UpdateLibrary
"%ProgramFiles%\Windows Media Player\wmpnscfg.exe"
[已启用] \Microsoft\Windows\WindowsBackup\ConfigNotification
%systemroot%\System32\sdclt.exe /CONFIGNOTIFICATION
[已禁用] \Microsoft\Windows\WindowsColorSystem\Calibration Loader
N/A
==================================
Windows 安全更新检查
N/A
==================================
API HOOK
N/A
==================================
隐藏进程
N/A
==================================

复制代码

显示全部楼层 · 发表于 2011-10-16 10:39:46

告诉你一些简单的操作把。
1，查看有没有可疑进程。
2，查看开机启动项，服务什么的。
3，在你感觉电脑不正常的时候可以试试 CMD --- netstat -on 查看是否有可疑连接。

你还可以使用一些软件查看你加载的DLL文件什么的去分辨他们。。

菜鸟一个，也只有一些普通的建议，说的不好请别介意。

显示全部楼层 · 发表于 2011-10-16 10:47:56

相惜，不离发表于 2011-10-16 10:39
告诉你一些简单的操作把。
1，查看有没有可疑进程。
2，查看开机启动项，服务什么的。

谢谢，不过不会看啊。！

显示全部楼层 · 发表于 2011-10-16 10:50:59

yzjxue 发表于 2011-10-16 10:47
谢谢，不过不会看啊。！

你是说netstat命令吗？你打 netstat -no 之后他会把你现在的网络连接都列出来。而且后面都会跟PID 标识出连接网络的进程你可以在任务管理器-查看-PID 选项勾选然后就可以在任务管理器看出来你的什么进程在连接网络。然后判定可疑进程如果没有就没有拉。。

显示全部楼层 · 发表于 2011-10-16 10:52:16

把Winsock重置一下，其实不行就把那个什么木马大师卸了换金山卫士，那个木马大师很鸡肋

显示全部楼层 · 发表于 2011-10-16 10:52:44

yzjxue 发表于 2011-10-16 10:47
谢谢，不过不会看啊。！

日志没有什么问题，建议先配合金山急救箱+windows清理助手做一下扫描，看看有无线索。CMD弹窗有无特定的触发条件？还有，看到你装了木马清除大师和qqkav，不知是否是这两个的影响？

显示全部楼层 · 发表于 2011-10-16 10:57:02

呵呵，专业的来了。LZ问问他们把。

显示全部楼层 · 发表于 2011-10-16 10:58:21

相惜，不离发表于 2011-10-16 10:50
你是说netstat命令吗？你打 netstat -no 之后他会把你现在的网络连接都列出来。而且后面都会跟PID ...

感谢我试试，！不过我时菜鸟。联网的进程要判断出来那些是正常的联网那些是恶意的联网有点难度！

显示全部楼层 · 发表于 2011-10-16 10:59:52

yzjxue 发表于 2011-10-16 10:58
感谢我试试，！不过我时菜鸟。联网的进程要判断出来那些是正常的联网那些是恶意的联网有点难度！

多百度，百度是个好东西、呵呵而且你可以把图发到论坛让人看看呗

显示全部楼层 · 发表于 2011-10-16 11:01:39

强妈威武发表于 2011-10-16 10:52
把Winsock重置一下，其实不行就把那个什么木马大师卸了换金山卫士，那个木马大师很鸡肋

这个WINSOCK 重置怎么操作！这个木马清除大师应该还是又点用吧。前段时间微点其他杀毒软件都没有杀出的木马也给他杀出了。！这二个都是买的！微点和木马清除大师！金山卫士应该不错，我想同时安装不知道会不会冲突

[已解决] 怀疑木马，窗口自动弹出一二秒钟自动关闭！