高考问答国产户外刀具排行榜:Ezthemes WhenUSaveNow Installer是什么
来源:百度文库 编辑:高考问答 时间:2024/04/28 00:48:10
我机器里有个这个东西
我怎么删掉它啊
是一个木马,关于它的进程请看PID: 500][\SystemRoot\System32\smss.exe] <Microsoft Corporation><5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)>
[PID: 656][\??\C:\WINDOWS\system32\csrss.exe] <Microsoft Corporation><5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)>
[PID: 684][\??\C:\WINDOWS\system32\winlogon.exe] <Microsoft Corporation><5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)>
[C:\PROGRA~1\Agnitum\OUTPOS~1\wl_hook.dll] <Agnitum Ltd.><3.51.759.6511>
[PID: 732][C:\WINDOWS\system32\services.exe] <Microsoft Corporation><5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)>
[PID: 752][C:\WINDOWS\system32\lsass.exe] <Microsoft Corporation><5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)>
[PID: 924][C:\WINDOWS\system32\svchost.exe] <Microsoft Corporation><5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)>
[PID: 972][C:\WINDOWS\system32\svchost.exe] <Microsoft Corporation><5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)>
[PID: 1040][C:\WINDOWS\System32\svchost.exe] <Microsoft Corporation><5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)>
[PID: 1108][C:\WINDOWS\system32\svchost.exe] <Microsoft Corporation><5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)>
[PID: 1152][C:\WINDOWS\system32\svchost.exe] <Microsoft Corporation><5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)>
[PID: 1276][C:\WINDOWS\system32\spoolsv.exe] <Microsoft Corporation><5.1.2600.2696 (xpsp_sp2_gdr.050610-1519)>
[PID: 1644][C:\WINDOWS\Explorer.EXE] <Microsoft Corporation><6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)>
[C:\WINDOWS\system32\igfxpph.dll] <Intel Corporation><3.0.0.4543>
[C:\WINDOWS\system32\hccutils.DLL] <Intel Corporation><3.0.0.4543>
[C:\WINDOWS\system32\igfxres.dll] <Intel Corporation><3.0.0.4543>
[C:\WINDOWS\system32\igfxress.dll] <Intel Corporation><3.0.0.4543>
[C:\WINDOWS\system32\igfxsrvc.dll] <Intel Corporation><3.0.0.4543>
[PID: 1692][C:\WINDOWS\system32\inetsrv\inetinfo.exe] <Microsoft Corporation><5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)>
[PID: 1716][C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE] <Microsoft Corporation><7.10.3077>
[PID: 1828][C:\PROGRA~1\MI6841~1\MSSQL\binn\sqlservr.exe] <Microsoft Corporation><2000.080.2039.00>
[PID: 1892][C:\WINDOWS\AGRSMMSG.exe] <Agere Systems><2.1.60 2.1.60 09/09/2005 11:20:53>
[PID: 1900][C:\Program Files\Synaptics\SynTP\SynTPEnh.exe] <Synaptics, Inc.><8.0.16 08Jul05>
[C:\WINDOWS\system32\SynCOM.dll] <Synaptics, Inc.><8.0.16 08Jul05>
[C:\WINDOWS\system32\SynTPAPI.dll] <Synaptics, Inc.><8.0.16 08Jul05>
[PID: 1928][C:\WINDOWS\system32\igfxtray.exe] <Intel Corporation><3.0.0.4543>
[C:\WINDOWS\system32\hccutils.DLL] <Intel Corporation><3.0.0.4543>
[C:\WINDOWS\system32\igfxsrvc.dll] <Intel Corporation><3.0.0.4543>
[C:\WINDOWS\system32\igfxres.dll] <Intel Corporation><3.0.0.4543>
[C:\WINDOWS\system32\igfxress.dll] <Intel Corporation><3.0.0.4543>
[PID: 1976][C:\WINDOWS\system32\ctfmon.exe] <Microsoft Corporation><5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)>
[PID: 244][C:\Program Files\Internet explorer\Iexplore.exe] <Microsoft Corporation><6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)>
[PID: 264][C:\WINDOWS\system32\o2flash.exe] <N/A><N/A>
[PID: 280][C:\Program Files\Agnitum\Outpost Firewall\outpost.exe] <Agnitum Ltd.><3.5.462.6330>
[C:\Program Files\Agnitum\Outpost Firewall\engine.dll] <Agnitum Ltd.><3.51.759.6511>
[C:\Program Files\Agnitum\Outpost Firewall\op_utils.dll] <Agnitum Ltd.><3.51.759.6511>
[C:\Program Files\Agnitum\Outpost Firewall\Plugins\File\file_int.ofp] <Agnitum Ltd.><3.51.759.6511>
[C:\Program Files\Agnitum\Outpost Firewall\Plugins\Web\web_int.ofp] <Agnitum Ltd.><3.51.759.6511>
[C:\Program Files\Agnitum\Outpost Firewall\Plugins\BrowserBar\op_hdlr.dll] <Agnitum Ltd.><3.51.759.6511>
[C:\Program Files\Agnitum\Outpost Firewall\op_data.dll] <Agnitum Ltd.><3.51.759.6511>
[C:\Program Files\Agnitum\Outpost Firewall\netstat.ofp] <Agnitum Ltd.><3.51.759.6511>
[C:\Program Files\Agnitum\Outpost Firewall\Plugins\Protect\prot_int.ofp] <Agnitum Ltd.><3.51.759.6511>
[C:\Program Files\Agnitum\Outpost Firewall\Plugins\AntiSpyware\sp_ui.ofp] <Agnitum Ltd.><3.51.759.6511>
[C:\Program Files\Agnitum\Outpost Firewall\Plugins\AntiSpyware\sp_cure.dll] <Agnitum Ltd.><3.51.759.6511>
[C:\Program Files\Agnitum\Outpost Firewall\Plugins\AntiSpyware\sp_mon.dll] <Agnitum Ltd.><3.51.759.6511>
[C:\Program Files\Agnitum\Outpost Firewall\Plugins\AntiSpyware\sp_scan.dll] <Agnitum Ltd.><3.51.759.6511>
[C:\Program Files\Agnitum\Outpost Firewall\zlib.dll] <Jean-loup Gailly and Mark Adler><1, 1, 4, 0>
[C:\Program Files\Agnitum\Outpost Firewall\unrar.dll] <N/A><N/A>
[C:\Program Files\Agnitum\Outpost Firewall\op_cmn.dll] <Agnitum Ltd.><3.51.759.6511>
[C:\Program Files\Agnitum\Outpost Firewall\opst_ui.dll] <Agnitum Ltd.><3.51.759.6511>
[C:\Program Files\Agnitum\Outpost Firewall\op_ctrls.dll] <Agnitum Ltd.><3.51.759.6511>
[C:\Program Files\Agnitum\Outpost Firewall\logo_rc.dll] <Agnitum Ltd.><3.51.759.6511>
[PID: 416][C:\Program Files\TP-LINK\TL-WN321G客户端应用程序\Installer\WINXP\TWCU.exe] <TP-LINK TECHNOLOGIES CO., LTD.><1, 1, 6, 0>
[C:\Program Files\TP-LINK\TL-WN321G客户端应用程序\Installer\WINXP\AegisE5.dll] <Meetinghouse Data Communications><3, 3, 10, 0>
[PID: 588][C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe] <Microsoft Corporation><2000.080.2039.00>
[PID: 1568][C:\WINDOWS\System32\alg.exe] <Microsoft Corporation><5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)>
[PID: 2112][C:\Documents and Settings\Administrator\桌面\SREng.exe] <Smallfrogs Studio><2.0.12.350>
[PID: 2260][C:\Program Files\Common Files\Agnitum Shared\aupdate\aupdrun.exe] <Agnitum Ltd.><3.51.759.6511>
[C:\Program Files\Common Files\Agnitum Shared\aupdate\aupdate.dll] <Agnitum Ltd.><3.51.759.6511>
[C:\Program Files\Common Files\Agnitum Shared\aupdate\zlib.dll] <Jean-loup Gailly and Mark Adler><1, 1, 4, 0>
==================================
文件关联
.TXT OK. [%SystemRoot%\system32\NOTEPAD.EXE %1]
.EXE OK. ["%1" %*]
.COM OK. ["%1" %*]
.PIF OK. ["%1" %*]
.REG OK. [regedit.exe "%1"]
.BAT OK. ["%1" %*]
.SCR OK. ["%1" /S]
.CHM OK. ["C:\WINDOWS\hh.exe" %1]
.HLP OK. [%SystemRoot%\System32\winhlp32.exe %1]
.INI OK. [%SystemRoot%\System32\NOTEPAD.EXE %1]
.INF OK. [%SystemRoot%\System32\NOTEPAD.EXE %1]
.VBS OK. [%SystemRoot%\System32\WScript.exe "%1" %*]
.JS OK. [%SystemRoot%\System32\WScript.exe "%1" %*]
.LNK OK. [{00021401-0000-0000-C000-000000000046}]
希望你安装一个ewido4.0版本的杀木马软件来杀除他,还有不懂的加我的QQ:57667755我可以帮你