今日第二帖：下午系统被劫持——晕，这种事情终于让我给碰上了

xpn282

事后，我检查了一下麦咖啡的监控日志。发现，
2007-3-28        11:30:36        已由访问保护规则禁止         HSIAO\Owner        C:\Program Files\Common Files\Network Associates\TalkBack\TBMon.exe        C:\Program Files\Common Files\Network Associates\TalkBack\Data\TalkBack.ini        防病毒爆发控制:将所有共享项设为只读        已阻止的操作: 写入
2007-4-1        10:16:05        已由访问保护规则禁止         HSIAO\Owner        C:\Program Files\Common Files\Network Associates\TalkBack\TBMon.exe        C:\Program Files\Common Files\Network Associates\TalkBack\Data\TalkBack.ini        防病毒爆发控制:将所有共享项设为只读        已阻止的操作: 写入

警报，由此可见，这家伙几天之前就试图给我装talkback.exe这个软件，但由于规则阻挡没有成功，昨天又又给我装还是没有成功。肯定后来由于我把规则停掉，终于成功，侵入我的电脑。

这些都是正常行为...Network Associates里的东西都是MDF的

[ 本帖最后由 xpn282 于 2007-4-2 20:55 编辑 ]

wooyard

有意思，等待事件进展。。。

zea10t

你的报告没贴完吧？没有驱动和服务。

不过看你贴的这些貌似没什么问题，还是等高手来看吧。

kaigoal

我还没有遇到过这种情况。

jojoliuxiao

服务
[System Performance Monitor / AotoLogon][Stopped/Auto Start]
  <><N/A>
[Application Management / AppMgmt][Stopped/Manual Start]
  <C:\WINDOWS\system32\svchost.exe -k netsvcs-->%SystemRoot%\System32\appmgmts.dll><N/A>
[AVG Anti-Spyware Guard / AVG Anti-Spyware Guard][Running/Auto Start]
  <d:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe><Anti-Malware Development a.s.>
[McAfee Desktop Firewall Service / FireSvc][Running/Auto Start]
  <d:\PROGRA~1\NETWOR~1\MCAFEE~1\FireSvc.exe><McAfee, Inc.>
[McAfee Framework Service / McAfeeFramework][Running/Auto Start]
  <"D:\Program Files\McAfee\Common Framework\FrameworkService.exe" /ServiceStart><McAfee, Inc.>
[McAfee McShield / McShield][Running/Auto Start]
  <"D:\Program Files\McAfee\VirusScan Enterprise\Mcshield.exe"><McAfee, Inc.>
[McAfee Task Manager / McTaskManager][Running/Auto Start]
  <"D:\Program Files\McAfee\VirusScan Enterprise\VsTskMgr.exe"><McAfee, Inc.>

jojoliuxiao

驱动程序
[Lenovo Virtual Power Controller Driver / ACPIVPC][Running/Manual Start]
  <system32\DRIVERS\AcpiVpc.sys><Lenovo Corporation>
[AVG Anti-Spyware Driver / AVG Anti-Spyware Driver][Running/System Start]
  <\??\d:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.sys><N/A>
[AVG Anti-Spyware Clean Driver / AvgAsCln][Running/System Start]
  <System32\DRIVERS\AvgAsCln.sys><GRISOFT, s.r.o.>
[Lenovo EasyCamera / Cam5603D][Running/Manual Start]
  <System32\Drivers\BisonCam.sys><Bison Electronics. Inc.>
[McAfee Desktop Firewall / FireHook][Running/System Start]
  <\??\C:\WINDOWS\system32\Drivers\Firehk5x.sys><McAfee, Inc.>
[firelm01 / firelm01][Running/Manual Start]
  <\??\C:\WINDOWS\system32\drivers\firelm01.sys><N/A>
[McAfee Desktop Firewall Policy Manager Driver / FirePM][Running/Boot Start]
  <\SystemRoot\System32\Drivers\FirePM.sys><McAfee, Inc.>
[McAfee Desktop Firewall TDI Driver / FireTDI][Running/System Start]
  <\??\C:\WINDOWS\system32\Drivers\FireTDI.sys><McAfee, Inc.>
[Microsoft UAA Function Driver for High Definition Audio Service / HdAudAddService][Running/Manual Start]
  <system32\drivers\CHDAud.sys><Conexant Systems Inc.>
[Microsoft UAA Bus Driver for High Definition Audio / HDAudBus][Running/Manual Start]
  <system32\DRIVERS\HDAudBus.sys><Windows (R) Server 2003 DDK provider>
[HSFHWAZL / HSFHWAZL][Running/Manual Start]
  <system32\DRIVERS\HSFHWAZL.sys><Conexant Systems, Inc.>
[HSF_DPV / HSF_DPV][Running/Manual Start]
  <system32\DRIVERS\HSF_DPV.sys><Conexant Systems, Inc.>
[ialm / ialm][Running/Manual Start]
  <system32\DRIVERS\ialmnt5.sys><Intel Corporation>
[mdmxsdk / mdmxsdk][Running/Auto Start]
  <system32\DRIVERS\mdmxsdk.sys><Conexant>
[McAfee Inc. / mfeapfk][Running/Manual Start]
  <system32\drivers\mfeapfk.sys><McAfee, Inc.>
[McAfee Inc. / mfeavfk][Running/Manual Start]
  <system32\drivers\mfeavfk.sys><McAfee, Inc.>
[McAfee Inc. / mfebopk][Running/Manual Start]
  <system32\drivers\mfebopk.sys><McAfee, Inc.>
[McAfee Inc. / mfehidk][Running/Manual Start]
  <system32\drivers\mfehidk.sys><McAfee, Inc.>
[VSCore mferkdk / mferkdk][Running/System Start]
  <\??\D:\Program Files\McAfee\VirusScan Enterprise\mferkdk.sys><McAfee, Inc.>
[McAfee Inc. / mfetdik][Running/System Start]
  <system32\drivers\mfetdik.sys><McAfee, Inc.>
[npkcrypt / npkcrypt][Running/Auto Start]
  <\??\D:\Program Files\Tencent\QQ\npkcrypt.sys><INCA Internet Co., Ltd.>
[npkcusb / npkcusb][Running/Auto Start]
  <\??\D:\Program Files\Tencent\QQ\npkcusb.sys><INCA Internet Co., Ltd.>
[PCANDIS5 Protocol Driver / PCANDIS5][Stopped/Manual Start]
  <\??\D:\PROGRA~1\WIRELE~1\PCANDIS5.SYS><Printing Communications Assoc., Inc. (PCAUSA)>
[Direct Parallel Link Driver / Ptilink][Running/Manual Start]
  <system32\DRIVERS\ptilink.sys><Parallel Technologies, Inc.>
[Secdrv / Secdrv][Stopped/Manual Start]
  <system32\DRIVERS\secdrv.sys><N/A>
[SMC IrCC Miniport Device Driver / SMCIRDA][Running/Manual Start]
  <system32\DRIVERS\smcirda.sys><SMC>
[Sony USB Filter Driver (SONYPVU1) / SONYPVU1][Stopped/Manual Start]
  <system32\DRIVERS\SONYPVU1.SYS><Sony Corporation>
[sptd / sptd][Running/Boot Start]
  <\SystemRoot\System32\Drivers\sptd.sys><N/A>
[Synaptics TouchPad Driver / SynTP][Running/Manual Start]
  <system32\DRIVERS\SynTP.sys><Synaptics, Inc.>
[tifm21 / tifm21][Running/Manual Start]
  <system32\drivers\tifm21.sys><Texas Instruments>
[Conexant Setup API / UIUSys][Stopped/Manual Start]
  <system32\DRIVERS\UIUSYS.SYS><Conexant Systems, Inc>
[Intel(R) PRO/Wireless 3945ABG Adapter Driver / w39n51][Running/Manual Start]
  <system32\DRIVERS\w39n51.sys><Intel? Corporation>
[winachsf / winachsf][Running/Manual Start]
  <system32\DRIVERS\HSF_CNXT.sys><Conexant Systems, Inc.>
[World Standard Teletext Codec / WSTCODEC][Stopped/Manual Start]
  <system32\DRIVERS\WSTCODEC.SYS><Microsoft Corporation>
[NDIS5.1 Miniport Driver for Marvell Yukon Ethernet Controller / yukonwxp][Stopped/Manual Start]
  <system32\DRIVERS\yk51x86.sys><Marvell>
[17403625 / 17403625][Running/]
  <2 - 系统找不到指定的文件。
><N/A>

jojoliuxiao

我想着那两个报告就能看出问题来。昨晚又无法上网了，为了安全起见，我直接就把网络关掉了。

请问高手，有没有可能是因为我用了不明的无线网络，对方是利用局域网的可用的漏洞，例如原理类似网络执法官的东东弄的？

我准备考虑重新下载小邪邪版主的加强版的规则了

jojoliuxiao

我以前也是觉得这种事情离我很远，要不是游戏里出现的问题，我也没有意识到电脑被黑了。我现在担心的是电脑里的东西已经被掏空了。然后他才现身。如果对方没有动静，或许我们永远不知道有个人在利用网络监视你的一举一动