设为首页收藏本站
开启辅助访问

service.exe中的木马?!

 您所在的位置:网站首页 adobearmexe service.exe中的木马?!

service.exe中的木马?!

#service.exe中的木马?!| 来源: 网络整理| 查看: 265

好的,我使用所有这些程序进行了测试,但没有发现类似AVERAGE的内容 文件:

GMEROne

GMER 1.0.15.15641 - http://www.gmer.net Rootkit quick scan 2012-02-01 17:43:42 Windows 5.1.2600 Service Pack 3 Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-3 SAMSUNG_HM320II rev.2AC101C4 Running: ff5j9dep.exe; Driver: C:\DOCUME~1\Owner\LOCALS~1\Temp\ffddakog.sys ---- Devices - GMER 1.0.15 ---- Device owAZEVAoRGRCZ \Device\Ide\IdeDeviceP0T0L0-3 RGRCZ@J@ Device owAZEVAoRGRCZ \Device\Ide\IdePort0 RGRCZ@J@ Device owAZEVAoRGRCZ \Device\Ide\IdePort1 RGRCZ@J@ Device owAZEVAoRGRCZ \Device\Ide\IdePort2 RGRCZ@J@ Device owAZEVAoRGRCZ \Device\Ide\IdePort3 RGRCZ@J@ Device owAZEVAoRGRCZ \Device\Ide\IdeDeviceP1T0L0-e RGRCZ@J@ AttachedDevice \FileSystem\Ntfs \Ntfs AVGIDSFilter.Sys (IDS Application Activity Monitor Filter Driver./AVG Technologies CZ, s.r.o. ) AttachedDevice \Driver\Tcpip \Device\Ip avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.) AttachedDevice \Driver\Tcpip \Device\Tcp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.) AttachedDevice \Driver\Tcpip \Device\Udp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.) AttachedDevice \Driver\Tcpip \Device\RawIp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.) ---- EOF - GMER 1.0.15 ----

通用汽车

GMER 1.0.15.15641 - http://www.gmer.net Rootkit scan 2012-02-01 19:13:50 Windows 5.1.2600 Service Pack 3 Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-3 SAMSUNG_HM320II rev.2AC101C4 Running: ff5j9dep.exe; Driver: C:\DOCUME~1\Owner\LOCALS~1\Temp\ffddakog.sys ---- System - GMER 1.0.15 ---- SSDT \SystemRoot\system32\DRIVERS\AVGIDSShim.Sys (IDS Application Activity Monitor Loader Driver./AVG Technologies CZ, s.r.o. ) ZwOpenProcess [0xB2DEBF3C] SSDT \SystemRoot\system32\DRIVERS\AVGIDSShim.Sys (IDS Application Activity Monitor Loader Driver./AVG Technologies CZ, s.r.o. ) ZwTerminateProcess [0xB2DEBFE4] SSDT \SystemRoot\system32\DRIVERS\AVGIDSShim.Sys (IDS Application Activity Monitor Loader Driver./AVG Technologies CZ, s.r.o. ) ZwTerminateThread [0xB2DEC080] SSDT \SystemRoot\system32\DRIVERS\AVGIDSShim.Sys (IDS Application Activity Monitor Loader Driver./AVG Technologies CZ, s.r.o. ) ZwWriteVirtualMemory [0xB2DEC11C] ---- Devices - GMER 1.0.15 ---- AttachedDevice \FileSystem\Ntfs \Ntfs AVGIDSFilter.Sys (IDS Application Activity Monitor Filter Driver./AVG Technologies CZ, s.r.o. ) AttachedDevice \Driver\Tcpip \Device\Ip avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.) AttachedDevice \Driver\Tcpip \Device\Tcp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.) Device owAZEVAoRGRCZ \Device\Ide\IdeDeviceP0T0L0-3 RGRCZ@J@ Device owAZEVAoRGRCZ \Device\Ide\IdePort0 RGRCZ@J@ Device owAZEVAoRGRCZ \Device\Ide\IdePort1 RGRCZ@J@ Device owAZEVAoRGRCZ \Device\Ide\IdePort2 RGRCZ@J@ Device owAZEVAoRGRCZ \Device\Ide\IdePort3 RGRCZ@J@ Device owAZEVAoRGRCZ \Device\Ide\IdeDeviceP1T0L0-e RGRCZ@J@ AttachedDevice \Driver\Tcpip \Device\Udp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.) AttachedDevice \Driver\Tcpip \Device\RawIp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.) ---- Registry - GMER 1.0.15 ---- Reg HKLM\SYSTEM\CurrentControlSet\Control\Session Manager@PendingFileRenameOperations ???1????\??\C:\WINDOWS\system32\drivers\p8jt4c.sys?L?O???????????H?????????????5?H??????0???????SMC EZ Connect USB/Ethernet Series Converter - Packet Scheduler Miniport?r??\Device\{173DC3D4-FCA3-4B60-8037-47C1D7675918}??De???????Y???Y??????x????W?????????????X?X8??????????8???????-???-?-CA???????????I???????????????I???8?@???????Z?????Y??????????????????????????????????????6????#?????????????????????????6????????????????????????????????? ??????????????????????????????????????????????????7????#?????????????????????????7?????"???????????????????????????????!???@????????????????????6??????&???@???????????????????????????????@???????????????6???"???@???????????????????????????????????????????????7??(Standard system devices)???{36FC9E60-C465-11CF-8056-444553540000}\0000?????{8ECC055D-047F-11D1-A537-0000F8753ED1}\0010???(??????????Y???????e??{8ECC055D-047F-11D1-A537-0000F8753ED1}?003??{8ECC055D-047F-11D1-A537-0000F8753ED1}\0020?????{8ECC055D-047F-11D1-A537-0000F8753ED1}\0024?????????????????????????????5???? ????? ---- EOF - GMER 1.0.15 ----

空出的恶意软件字节

Malwarebytes Anti-Malware (Trial) 1.60.1.1000 www.malwarebytes.org Database version: v2012.01.31.06 Windows XP Service Pack 3 x86 NTFS Internet Explorer 6.0.2900.5512 Owner :: SAMSUNG-NPR467 [administrator] Protection: Enabled 1/02/2012 8:02:14 AM mbam-log-2012-02-01 (08-02-14).txt Scan type: Full scan Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM Scan options disabled: P2P Objects scanned: 422076 Time elapsed: 1 hour(s), 42 minute(s), 1 second(s) Memory Processes Detected: 0 (No malicious items detected) Memory Modules Detected: 0 (No malicious items detected) Registry Keys Detected: 0 (No malicious items detected) Registry Values Detected: 0 (No malicious items detected) Registry Data Items Detected: 0 (No malicious items detected) Folders Detected: 0 (No malicious items detected) Files Detected: 0 (No malicious items detected) (end)

和DDS

DDS.txt

. DDS (Ver_2011-08-26.01) - NTFSx86 Internet Explorer: 6.0.2900.5512 BrowserJavaVersion: 1.6.0_25 Run by Owner at 19:21:41 on 2012-02-01 Microsoft Windows XP Professional 5.1.2600.3.1252.61.1033.18.2043.1090 [GMT 11:00] . AV: AVG Anti-Virus Free Edition 2012 *Enabled/Updated* {17DDD097-36FF-435F-9E1B-52D74245D6BF} . ============== Running Processes =============== . C:\WINDOWS\system32\nvsvc32.exe C:\WINDOWS\system32\svchost -k DcomLaunch svchost.exe C:\WINDOWS\System32\svchost.exe -k netsvcs svchost.exe svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\Explorer.EXE C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe C:\Program Files\Common Files\Java\Java Update\jusched.exe C:\Program Files\AGEIA Technologies\TrayIcon.exe C:\program files\real\realplayer\update\realsched.exe C:\Program Files\AVG Secure Search\vprot.exe C:\Program Files\LogMeIn Hamachi\hamachi-2-ui.exe D:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Skype\Phone\Skype.exe C:\Documents and Settings\Owner\Application Data\Dropbox\bin\Dropbox.exe svchost.exe C:\Program Files\LogMeIn Hamachi\hamachi-2.exe C:\Program Files\Java\jre6\bin\jqs.exe D:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe c:\PROGRA~1\mcafee\SITEAD~1\mcsacore.exe C:\WINDOWS\system32\PnkBstrA.exe C:\Program Files\CyberLink\Shared Files\RichVideo.exe C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe C:\WINDOWS\system32\svchost.exe -k imgsvc C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\10.0.6\ToolbarUpdater.exe C:\WINDOWS\system32\rundll32.exe C:\Program Files\Common Files\Java\Java Update\jucheck.exe C:\Program Files\AVG\AVG2012\AVGIDSAgent.exe C:\Program Files\AVG\AVG2012\avgwdsvc.exe C:\Program Files\AVG\AVG2012\avgnsx.exe C:\Program Files\AVG\AVG2012\avgemcx.exe C:\Program Files\AVG\AVG2012\avgrsx.exe C:\Program Files\AVG\AVG2012\avgcsrvx.exe C:\Program Files\AVG\AVG2012\avgtray.exe E:\Program Files\Mozilla Firefox\firefox.exe C:\WINDOWS\system32\wuauclt.exe E:\Program Files\Mozilla Firefox\plugin-container.exe . ============== Pseudo HJT Report =============== . uSearchURL,(Default) = hxxp://au.search.yahoo.com/search?fr=mcafee&p=%s%s uURLSearchHooks: H - No File uURLSearchHooks: McAfee SiteAdvisor Toolbar: {0ebbbe48-bad4-4b4c-8e5a-516abecae064} - c:\progra~1\mcafee\sitead~1\mcieplg.dll mURLSearchHooks: H - No File BHO: {0BFEE087-861D-43FB-B38B-B17C9CAD9B71} - No File BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll BHO: RealPlayer Download and Record Plugin for Internet Explorer: {3049c3e9-b461-4bc5-8870-4c09146192ca} - c:\documents and settings\all users\application data\real\realplayer\browserrecordplugin\ie\rpbrowserrecordplugin.dll BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - c:\program files\avg\avg2012\avgssie.dll BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File BHO: Search Helper: {6ebf7485-159f-4bff-a14f-b9e3aac4465b} - c:\program files\microsoft\search enhancement pack\search helper\SearchHelper.dll BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll BHO: AVG Security Toolbar: {95b7759c-8c7f-4bf1-b163-73684a933233} - c:\program files\avg secure search\10.0.0.7\AVG Secure Search_toolbar.dll BHO: Skype Browser Helper: {ae805869-2e5c-4ed4-8f7b-f1f7851a4497} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll BHO: McAfee SiteAdvisor BHO: {b164e929-a1b6-4a06-b104-2cd0e90a88ff} - c:\progra~1\mcafee\sitead~1\mcieplg.dll BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll BHO: Windows Live Toolbar Helper: {e15a8dc0-8516-42a1-81ea-dc94ec1acf10} - c:\program files\windows live\toolbar\wltcore.dll BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll TB: &Windows Live Toolbar: {21fa44ef-376d-4d53-9b0f-8a89d3229068} - c:\program files\windows live\toolbar\wltcore.dll TB: {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No File TB: McAfee SiteAdvisor Toolbar: {0ebbbe48-bad4-4b4c-8e5a-516abecae064} - c:\progra~1\mcafee\sitead~1\mcieplg.dll TB: AVG Security Toolbar: {95b7759c-8c7f-4bf1-b163-73684a933233} - c:\program files\avg secure search\10.0.0.7\AVG Secure Search_toolbar.dll {e7df6bff-55a5-4eb7-a673-4ed3e9456d39} uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe uRun: [Skype] "c:\program files\skype\phone\Skype.exe" /nosplash /minimized uRunOnce: [FlashPlayerUpdate] c:\windows\system32\macromed\flash\FlashUtil10w_Plugin.exe -update plugin mRun: [AVG_TRAY] "c:\program files\avg\avg2012\avgtray.exe" mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe" mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe" mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe" mRun: [AGEIA PhysX SysTray] c:\program files\ageia technologies\TrayIcon.exe mRun: [TkBellExe] "c:\program files\real\realplayer\update\realsched.exe" -osboot mRun: [vProt] "c:\program files\avg secure search\vprot.exe" mRun: [LogMeIn Hamachi Ui] "c:\program files\logmein hamachi\hamachi-2-ui.exe" --auto-start mRun: [ROC_roc_dec12] "c:\program files\avg secure search\ROC_roc_dec12.exe" /PROMPT /CMPID=roc_dec12 mRun: [Malwarebytes' Anti-Malware] "d:\program files\malwarebytes' anti-malware\mbamgui.exe" /starttray dRun: [CTFMON.EXE] c:\windows\system32\CTFMON.EXE StartupFolder: c:\docume~1\owner\startm~1\programs\startup\dropbox.lnk - c:\documents and settings\owner\application data\dropbox\bin\Dropbox.exe StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\mcafee~1.lnk - c:\program files\mcafee security scan\2.0.181\SSScheduler.exe IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office12\EXCEL.EXE/3000 IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe IE: {E57F3E1C-58CE-4B73-BCD0-BA34553E8731} IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - c:\program files\windows live\writer\WriterBrowserExtension.dll IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~2\office12\ONBttnIE.dll IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office12\REFIEBAR.DLL DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_25-windows-i586.cab DPF: {CAFEEFAC-0016-0000-0025-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_25-windows-i586.cab DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_25-windows-i586.cab DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab TCP: Interfaces\{F37F09FE-7A32-48AA-9AC3-8AE6A5E9DEF9} : DhcpNameServer = 10.0.0.138 Handler: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\progra~1\mcafee\sitead~1\McIEPlg.dll Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - c:\program files\avg\avg2012\avgpp.dll Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\progra~1\mcafee\sitead~1\McIEPlg.dll Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll Handler: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - c:\program files\common files\avg secure search\viprotocolinstaller\10.0.6\ViProtocol.dll SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll . ================= FIREFOX =================== . FF - ProfilePath - c:\documents and settings\owner\application data\mozilla\firefox\profiles\5kt9iztg.default\ FF - prefs.js: browser.search.selectedEngine - Secure Search FF - prefs.js: keyword.URL - hxxp://au.search.yahoo.com/search?fr=mcafee&p= FF - plugin: c:\documents and settings\all users\application data\nexonus\ngm\npNxGameUS.dll FF - plugin: c:\documents and settings\all users\application data\real\realplayer\browserrecordplugin\mozillaplugins\nprpchromebrowserrecordext.dll FF - plugin: c:\documents and settings\all users\application data\real\realplayer\browserrecordplugin\mozillaplugins\nprphtml5videoshim.dll FF - plugin: c:\documents and settings\owner\local settings\application data\unity\webplayer\loader\npUnity3D32.dll FF - plugin: c:\program files\adobe\reader 9.0\reader\air\nppdf32.dll FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll FF - plugin: c:\program files\mcafee\siteadvisor\NPMcFFPlg32.dll FF - plugin: c:\program files\microsoft silverlight\4.0.60831.0\npctrlui.dll FF - plugin: c:\program files\microsoft\office live\npOLW.dll FF - plugin: c:\program files\pando networks\media booster\npPandoWebPlugin.dll FF - plugin: c:\program files\windows live\photo gallery\NPWLPG.dll . ============= SERVICES / DRIVERS =============== . R0 AVGIDSEH;AVGIDSEH;c:\windows\system32\drivers\AVGIDSEH.sys [2011-2-22 23120] R0 Avgrkx86;AVG Anti-Rootkit Driver;c:\windows\system32\drivers\avgrkx86.sys [2011-1-19 32592] R1 Avgldx86;AVG AVI Loader Driver;c:\windows\system32\drivers\avgldx86.sys [2011-1-7 230608] R1 Avgmfx86;AVG Mini-Filter Resident Anti-Virus Shield;c:\windows\system32\drivers\avgmfx86.sys [2011-3-1 40016] R1 Avgtdix;AVG TDI Driver;c:\windows\system32\drivers\avgtdix.sys [2011-2-10 295248] R2 AVGIDSAgent;AVGIDSAgent;c:\program files\avg\avg2012\AVGIDSAgent.exe [2011-10-12 4433248] R2 avgwd;AVG WatchDog;c:\program files\avg\avg2012\avgwdsvc.exe [2011-8-2 192776] R2 Hamachi2Svc;LogMeIn Hamachi Tunneling Engine;c:\program files\logmein hamachi\hamachi-2.exe [2011-8-15 1361288] R2 MBAMService;MBAMService;d:\program files\malwarebytes' anti-malware\mbamservice.exe [2012-2-1 652360] R2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;c:\progra~1\mcafee\sitead~1\mcsacore.exe [2011-9-18 94880] R2 vToolbarUpdater;vToolbarUpdater;c:\program files\common files\avg secure search\vtoolbarupdater\10.0.6\ToolbarUpdater.exe [2012-1-18 909152] R3 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\drivers\AVGIDSDriver.sys [2011-3-30 134608] R3 AVGIDSFilter;AVGIDSFilter;c:\windows\system32\drivers\AVGIDSFilter.sys [2011-2-10 24272] R3 AVGIDSShim;AVGIDSShim;c:\windows\system32\drivers\AVGIDSShim.sys [2011-2-10 16720] R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2012-2-1 20464] R3 NVHDA;Service for NVIDIA High Definition Audio Driver;c:\windows\system32\drivers\nvhda32.sys [2011-4-14 119272] R3 xcpip;TCP/IP Protocol Driver;c:\windows\system32\drivers\xcpip.sys --> c:\windows\system32\drivers\xcpip.sys [?] R3 xpsec;IPSEC driver;c:\windows\system32\drivers\xpsec.sys --> c:\windows\system32\drivers\xpsec.sys [?] S0 TfFsMon;TfFsMon;c:\windows\system32\drivers\tffsmon.sys --> c:\windows\system32\drivers\TfFsMon.sys [?] S0 TfSysMon;TfSysMon;c:\windows\system32\drivers\tfsysmon.sys --> c:\windows\system32\drivers\TfSysMon.sys [?] S2 0228601328074703mcinstcleanup;McAfee Application Installer Cleanup (0228601328074703);c:\windows\temp\022860~1.exe -cleanup -nolog --> c:\windows\temp\022860~1.EXE -cleanup -nolog [?] S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384] S3 ADM8511;ADMtek ADM8511/AN986 USB To Fast Ethernet Converter;c:\windows\system32\drivers\ADM8511.SYS [2011-4-14 20160] S3 Ambfilt;Ambfilt;c:\windows\system32\drivers\Ambfilt.sys [2011-4-14 1691480] S3 AVG Security Toolbar Service;AVG Security Toolbar Service;c:\program files\avg\avg10\toolbar\ToolbarBroker.exe [2011-4-14 947528] S3 EagleXNt;EagleXNt;\??\c:\windows\system32\drivers\eaglexnt.sys --> c:\windows\system32\drivers\EagleXNt.sys [?] S3 McComponentHostService;McAfee Security Scan Component Host Service;c:\program files\mcafee security scan\2.0.181\McCHSvc.exe [2010-1-15 227232] S3 p8jt4c.sys;p8jt4c.sys;\??\c:\windows\system32\drivers\p8jt4c.sys --> c:\windows\system32\drivers\p8jt4c.sys [?] S3 TfNetMon;TfNetMon;\??\c:\windows\system32\drivers\tfnetmon.sys --> c:\windows\system32\drivers\TfNetMon.sys [?] S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2010-3-18 753504] . =============== Created Last 30 ================ . 2012-01-31 14:26:33 -------- d-----w- c:\documents and settings\owner\application data\Malwarebytes 2012-01-31 14:26:08 -------- d-----w- c:\documents and settings\all users\application data\Malwarebytes 2012-01-31 14:26:07 20464 ----a-w- c:\windows\system32\drivers\mbam.sys 2012-01-31 11:36:51 -------- d-----w- c:\documents and settings\all users\application data\PC Tools 2012-01-19 01:38:21 -------- d-----w- c:\documents and settings\owner\application data\AVG Secure Search 2012-01-17 10:18:51 -------- d-----r- c:\program files\Skype 2012-01-11 10:22:52 -------- d-----w- c:\windows\system32\appmgmt 2012-01-10 09:05:40 -------- d-----w- c:\documents and settings\owner\local settings\application data\Help . ==================== Find3M ==================== . 2012-01-28 11:40:46 138160 ----a-w- c:\windows\system32\drivers\PnkBstrK.sys 2012-01-28 11:36:13 271200 ----a-w- c:\windows\system32\PnkBstrB.xtr 2012-01-28 11:36:13 271200 ----a-w- c:\windows\system32\PnkBstrB.exe 2012-01-28 09:16:39 271200 ----a-w- c:\windows\system32\PnkBstrB.ex0 2011-11-26 08:22:39 1700352 ----a-w- c:\windows\system32\gdiplus.dll 2011-11-26 08:22:39 1060864 ----a-w- c:\windows\system32\mfc71.dll 2011-11-25 21:57:19 293376 ----a-w- c:\windows\system32\winsrv.dll 2011-11-23 13:25:32 1859584 ----a-w- c:\windows\system32\win32k.sys 2011-11-18 12:35:08 60416 ----a-w- c:\windows\system32\packager.exe 2011-11-16 14:21:44 354816 ----a-w- c:\windows\system32\winhttp.dll 2011-11-16 14:21:44 152064 ----a-w- c:\windows\system32\schannel.dll 2011-11-03 15:28:36 386048 ----a-w- c:\windows\system32\qdvd.dll 2011-11-03 15:28:36 1292288 ----a-w- c:\windows\system32\quartz.dll . ============= FINISH: 19:22:00.25 ===============

AVG仍会使用该木马进行扫描,甚至还有截图

Uploaded with ImageShack.us

另外,另一个有趣的事情是服务旁边的“(Number)”不断变化,为什么?



【本文地址】


今日新闻

推荐新闻

CopyRight 2018-2019 办公设备维修网 版权所有 豫ICP备15022753号-3