BYR Achieve · 镜像论坛

嘻嘻，帮个忙呗，帮我看看剪出来的这些进程等

zcm5302005

2006/3/1镜像同步2 回复

机子中木马了，绝对是中了，winlogon.exe占用的内存达到了2888k 当然还查不出来病毒木马，因为是他们刚写出来的想寻求解决办法呀 C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\system32\Rundll32.exe C:\WINDOWS\system32\rundll32.exe C:\WINDOWS\system32\conime.exe O4 - 启动项HKLM\\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_04\bin\jusched.exe O4 - 启动项HKLM\\Run: [IMSCMig] C:\PROGRA~1\COMMON~1\MICROS~1\IME\IMSC40A\IMSCMIG.EXE /Preload O4 - 启动项HKLM\\Run: [ExFilter] Rundll32.exe C:\WINDOWS\system32\hookdll.dll,ExecFilter solo O4 - 启动项HKLM\\Run: [helper.dll] C:\WINDOWS\system32\rundll32.exe C:\PROGRA~1\3721\helper.dll,Rundll32 O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - Global Startup: Utility Tray.lnk = C:\WINDOWS\system32\sistray.exe O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1130589318359 O16 - DPF: {AC3A36A8-9BFF-410A-A33D-2279FFEB69D2} (QQPlayer Control) - http://219.133.62.236/QQPlayer.cab O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMessengerSetupDownloader.cab O18 - 列举现有的协议: koboo - {7DEE9D05-FA0A-4416-A6F3-6537D0EAB6A6} - C:\WINDOWS\system32\mbprot.dll O18 - Filter: application/xhtml+xml - {32F66A26-7614-11D4-BD11-00104BD3F987} - C:\Program Files\Design Science\MathPlayer\MathMLMimer.dll O18 - Filter: text/xml; charset=iso-8859-1 - {32F66A26-7614-11D4-BD11-00104BD3F987} - C:\Program Files\Design Science\MathPlayer\MathMLMimer.dll O18 - Filter: text/xml; charset=utf-8 - {32F66A26-7614-11D4-BD11-00104BD3F987} - C:\Program Files\Design Science\MathPlayer\MathMLMimer.dll O20 - Winlogon Notify: NavLogon - C:\WINDOWS\system32\NavLogon.dll O23 - NT 服务: Machine Debug Manager (MDM) - Unknown owner - (no file) O23 - NT 服务: pdfFactory Pro 分配器 v2 - Unknown owner - C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\fppdis2a.exe" /service (file missing) O23 - NT 服务: Port Reporter (PortReporter) - Unknown owner - C:\Program Files\PortReporter\portreporter.exe (file missing)

订阅后，新回复会通过你的通知中心匿名送达。