瑞星卡卡安全论坛技术交流区反病毒/反流氓软件论坛 【求助】帮帮我分析这个SREngLOG日志~谢谢了!

1   1  /  1  页   跳转

【求助】帮帮我分析这个SREngLOG日志~谢谢了!

收藏
白鸥海客
头像
飘泊而立狮
  • 帖子:438
  • 注册: 2005-01-17
  • 来自:
发表于: 2007-03-20 09:57 | 只看楼主 短消息 资料
字号: 1楼

【求助】帮帮我分析这个SREngLOG日志~谢谢了!

启动项目
注册表
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
    <ctfmon.exe><C:\WINDOWS\system32\ctfmon.exe>  [(Verified)Microsoft Corporation]
[HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows]
    <load><>  [N/A]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
    <OrderReminder><C:\Program Files\Hewlett-Packard\OrderReminder\OrderReminder.exe>  [Hewlett-Packard]
    <ccApp><"C:\Program Files\Common Files\Symantec Shared\ccApp.exe">  [(Verified)Symantec Corporation]
    <vptray><C:\PROGRA~1\SYMANT~1\VPTray.exe>  [(Verified)Symantec Corporation]
    <MSConfig><C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto>  [(Verified)Microsoft Corporation]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run]
    <main><rundll32.exe "C:\program files\internet explorer\use20.dll" mymain>  [N/A]
    <usrinit><C:\WINDOWS\system32\usrinit.exe>  []
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
    <shell><Explorer.exe>  [(Verified)Microsoft Corporation]
    <Userinit><C:\WINDOWS\system32\userinit.exe,rundll32.exe C:\WINDOWS\system32\winsys16_070307.dll start>  [N/A]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Windows]
    <AppInit_DLLs><>  [N/A]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
    <UIHost><logonui.exe>  [(Verified)Microsoft Corporation]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
    <{A16CA976-4B8D-47FC-A9F4-651C17B636EC}><C:\WINDOWS\system32\msow32cn.dll>  [TEC Solutions Limited.]
    <{4BAB150F-DD97-476D-9C1E-41B6CDC0CA7A}><C:\PROGRA~1\Yahoo!\Assistant\yClickOn.dll>  [N/A]
    <{B8A170A8-7AD3-4678-B2FE-F2D7381CC1B5}><C:\Program Files\Internet Explorer\Connection Wizard\isignup.sys>  [N/A]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
    <dqgr><C:\PROGRA~1\cpfq\dqgr.dll>  [N/A]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\igfxcui]
    <WinlogonNotify: igfxcui><igfxdev.dll>  [(Verified)Intel Corporation]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\NavLogon]
    <WinlogonNotify: NavLogon><C:\WINDOWS\system32\NavLogon.dll>  [(Verified)Symantec Corporation]
[HKEY_CURRENT_USER\Control Panel\Desktop]
    <SCRNSAVE.EXE><C:\WINDOWS\system32\coopen.scr>  [N/A]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    <ccApp><; "C:\Program Files\Common Files\Symantec Shared\ccApp.exe">  [(Verified)Symantec Corporation]
    <Client Access Check Version><; "C:\Program Files\IBM\Client Access\cwbckver.exe" LOGIN>  [N/A]
    <Client Access Express Welcome><; "C:\Program Files\IBM\Client Access\cwbwlwiz.exe">  [IBM Corporation]
    <Client Access Help Update><; "C:\Program Files\IBM\Client Access\cwbinhlp.exe">  [IBM Corporation]
    <Client Access Service><; "C:\Program Files\IBM\Client Access\cwbsvstr.exe">  [IBM Corporation]
    <DLA><; C:\WINDOWS\System32\DLA\DLACTRLW.EXE>  [Sonic Solutions]
    <DMXLauncher><; C:\Program Files\Dell\Media Experience\DMXLauncher.exe>  [N/A]
    <HotKeysCmds><; C:\WINDOWS\system32\hkcmd.exe>  [(Verified)Intel Corporation]
    <IgfxTray><; C:\WINDOWS\system32\igfxtray.exe>  [(Verified)Intel Corporation]
    <IMJPMIG8.1><; "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32>  [(Verified)Microsoft Corporation]
    <IMSCMig><; C:\PROGRA~1\COMMON~1\MICROS~1\IME\IMSC40A\IMSCMIG.EXE /Preload>  [(Verified)Microsoft Corporation]
    <ISUSPM Startup><; C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup>  [InstallShield Software Corporation]
    <ISUSScheduler><; "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start>  [InstallShield Software Corporation]
    <kernel32><; C:\WINDOWS\Kernel32.exe>  [N/A]
    <KernelFaultCheck><; %systemroot%\system32\dumprep 0 -k>  [N/A]
    <kernelmh><; C:\WINDOWS\Kernelmh.exe>  [N/A]
    <kernelwl><; C:\WINDOWS\Kernelwl.exe>  [N/A]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    <MSMSGS><; "C:\Program Files\Messenger\msmsgs.exe" /background>  [(Verified)Microsoft Corporation]
    <MsnMsgr><; "C:\Program Files\MSN Messenger\msnmsgr.exe" /background>  [N/A]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    <Persistence><; C:\WINDOWS\system32\igfxpers.exe>  [(Verified)Intel Corporation]
    <PHIME2002A><; C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName>  [(Verified)Microsoft Corporation]
    <PHIME2002ASync><; C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC>  [(Verified)Microsoft Corporation]
    <SoundMAXPnP><; C:\Program Files\Analog Devices\Core\smax4pnp.exe>  [(Verified)Analog Devices, Inc.]
    <SunJavaUpdateSched><; C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe>  [N/A]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    <swg><; C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe>  [(Verified)Google Inc.]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    <vptray><; C:\PROGRA~1\SYMANT~1\VPTray.exe>  [(Verified)Symantec Corporation]
    <Windows木马防火墙><; C:\Documents and Settings\FSYGDPC\桌面\Windows木马清道夫 8.8上网必备绿色注册可升级版\ftcsetup\Trojanwall.exe>  [风云谷]

==================================
启动文件夹
N/A

==================================
服务
[Application Management / AppMgmt][Stopped/Manual Start]
  <C:\WINDOWS\system32\svchost.exe -k netsvcs-->%SystemRoot%\System32\appmgmts.dll><N/A>
[ASP.NET State Service / aspnet_state][Stopped/Manual Start]
  <C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\aspnet_state.exe><Microsoft Corporation>
[Symantec Event Manager / ccEvtMgr][Running/Auto Start]
  <"C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe"><Symantec Corporation>
[Symantec Password Validation / ccPwdSvc][Stopped/Manual Start]
  <"C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe"><Symantec Corporation>
[Symantec Settings Manager / ccSetMgr][Running/Auto Start]
  <"C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe"><Symantec Corporation>
[iSeries Access Windows 版远程命令 / Cwbrxd][Stopped/Manual Start]
  <C:\WINDOWS\CWBRXD.EXE><IBM Corporation>
[Symantec AntiVirus Definition Watcher / DefWatch][Running/Auto Start]
  <"C:\Program Files\Symantec AntiVirus\DefWatch.exe"><Symantec Corporation>
[F367236A / F367236A][Stopped/Auto Start]
  <C:\WINDOWS\system32\F367236A.EXE -service><Microsoft Corporation>
[Std fsft Service / fsft][Stopped/Auto Start]
  <C:\WINDOWS\system32\rundll32.exe C:\PROGRA~1\xkal\kxkv.dll,Service -s><Microsoft Corporation>
[Google Updater Service / gusvc][Stopped/Manual Start]
  <"C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe"><Google>
[Navoct / Navoct][Running/Auto Start]
  <C:\WINDOWS\System32\svchost.exe -k netsvcs-->C:\Program Files\iesnap\navoct.dll>< >
[Intel NCS NetService / NetSvc][Stopped/Manual Start]
  <C:\Program Files\Intel\PROSetWired\NCS\Sync\NetSvc.exe><Intel(R) Corporation>
[SavRoam / SavRoam][Running/Auto Start]
  <"C:\Program Files\Symantec AntiVirus\SavRoam.exe"><symantec>
[Symantec Network Drivers Service / SNDSrvc][Stopped/Manual Start]
  <"C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe"><Symantec Corporation>
[Symantec SPBBCSvc / SPBBCSvc][Stopped/Manual Start]
  <"C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe"><Symantec Corporation>
[Symantec AntiVirus / Symantec AntiVirus][Running/Auto Start]
  <"C:\Program Files\Symantec AntiVirus\Rtvscan.exe"><Symantec Corporation>
[Windows Explorer Helper / Winehplr][Stopped/Auto Start]
  <C:\Program Files\Common Files\System\WinRdg32.exe><TEC Solutions Limited.>
最后编辑2007-03-20 15:44:27
分享到:
gototop
 
白鸥海客
头像
飘泊而立狮
  • 帖子:438
  • 注册: 2005-01-17
  • 来自:
发表于: 2007-03-20 09:58 | 只看楼主 短消息 资料
字号: 2楼

驱动程序
[abp480n5 / abp480n5][Stopped/Disabled]
  <\SystemRoot\system32\DRIVERS\ABP480N5.SYS><Microsoft Corporation>
[ADProt / ADProt][Stopped/System Start]
  <\SystemRoot\system32\drivers\ADProt.sys><N/A>
[adpu160m / adpu160m][Stopped/Disabled]
  <\SystemRoot\system32\DRIVERS\adpu160m.sys><Microsoft Corporation>
[Aha154x / Aha154x][Stopped/Disabled]
  <\SystemRoot\system32\DRIVERS\aha154x.sys><Microsoft Corporation>
[aic78u2 / aic78u2][Stopped/Disabled]
  <\SystemRoot\system32\DRIVERS\aic78u2.sys><Microsoft Corporation>
[aic78xx / aic78xx][Stopped/Disabled]
  <\SystemRoot\system32\DRIVERS\aic78xx.sys><Microsoft Corporation>
[AliIde / AliIde][Stopped/Disabled]
  <\SystemRoot\system32\DRIVERS\aliide.sys><Acer Laboratories Inc.>
[AMD AGP Bus Filter Driver / amdagp][Stopped/Disabled]
  <\SystemRoot\system32\DRIVERS\amdagp.sys><Advanced Micro Devices, Inc.>
[asc / asc][Stopped/Disabled]
  <\SystemRoot\system32\DRIVERS\asc.sys><Advanced System Products, Inc.>
[asc3350p / asc3350p][Stopped/Disabled]
  <\SystemRoot\system32\DRIVERS\asc3350p.sys><Microsoft Corporation>
[asc3550 / asc3550][Stopped/Disabled]
  <\SystemRoot\system32\DRIVERS\asc3550.sys><Advanced System Products, Inc.>
[cd20xrnt / cd20xrnt][Stopped/Disabled]
  <\SystemRoot\system32\DRIVERS\cd20xrnt.sys><Microsoft Corporation>
[CmdIde / CmdIde][Stopped/Disabled]
  <\SystemRoot\system32\DRIVERS\cmdide.sys><CMD Technology, Inc.>
[dac2w2k / dac2w2k][Stopped/Disabled]
  <\SystemRoot\system32\DRIVERS\dac2w2k.sys><Mylex Corporation>
[DLABOIOM / DLABOIOM][Running/Auto Start]
  <System32\DLA\DLABOIOM.SYS><Sonic Solutions>
[DLACDBHM / DLACDBHM][Running/System Start]
  <System32\Drivers\DLACDBHM.SYS><Sonic Solutions>
[DLADResN / DLADResN][Running/Auto Start]
  <System32\DLA\DLADResN.SYS><Sonic Solutions>
[DLAIFS_M / DLAIFS_M][Running/Auto Start]
  <System32\DLA\DLAIFS_M.SYS><Sonic Solutions>
[DLAOPIOM / DLAOPIOM][Running/Auto Start]
  <System32\DLA\DLAOPIOM.SYS><Sonic Solutions>
[DLAPoolM / DLAPoolM][Running/Auto Start]
  <System32\DLA\DLAPoolM.SYS><Sonic Solutions>
[DLARTL_N / DLARTL_N][Running/System Start]
  <System32\Drivers\DLARTL_N.SYS><Sonic Solutions>
[DLAUDFAM / DLAUDFAM][Running/Auto Start]
  <System32\DLA\DLAUDFAM.SYS><Sonic Solutions>
[DLAUDF_M / DLAUDF_M][Running/Auto Start]
  <System32\DLA\DLAUDF_M.SYS><Sonic Solutions>
[dpti2o / dpti2o][Stopped/Disabled]
  <\SystemRoot\system32\DRIVERS\dpti2o.sys><Microsoft Corporation>
[DRVMCDB / DRVMCDB][Running/Boot Start]
  <\SystemRoot\System32\Drivers\DRVMCDB.SYS><Sonic Solutions>
[DRVNDDM / DRVNDDM][Running/Auto Start]
  <System32\Drivers\DRVNDDM.SYS><Sonic Solutions>
[Intel(R) PRO Adapter Driver / E100B][Running/Manual Start]
  <system32\DRIVERS\e100b325.sys><Intel Corporation>
[Symantec Eraser Control driver / eeCtrl][Running/System Start]
  <\??\C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys><Symantec Corporation>
[ialm / ialm][Running/Manual Start]
  <system32\DRIVERS\ialmnt5.sys><Intel Corporation>
[ini910u / ini910u][Stopped/Disabled]
  <\SystemRoot\system32\DRIVERS\ini910u.sys><Microsoft Corporation>
[Network Packet Filter / IPNPF][Running/Manual Start]
  <system32\drivers\ipnpf.sys><Politecnico di Torino>
[mraid35x / mraid35x][Stopped/Disabled]
  <\SystemRoot\system32\DRIVERS\mraid35x.sys><American Megatrends Inc.>
[NAVENG / NAVENG][Running/Manual Start]
  <\??\C:\PROGRA~1\COMMON~1\SYMANT~1\VIRUSD~1\20070318.009\naveng.sys><Symantec Corporation>
[NAVEX15 / NAVEX15][Running/Manual Start]
  <\??\C:\PROGRA~1\COMMON~1\SYMANT~1\VIRUSD~1\20070318.009\navex15.sys><Symantec Corporation>
[npkcrypt / npkcrypt][Running/Auto Start]
  <\??\C:\Program Files\Tencent\qq\npkcrypt.sys><INCA Internet Co., Ltd.>
[npkcusb / npkcusb][Running/Manual Start]
  <\??\C:\Program Files\Tencent\qq\npkcusb.sys><INCA Internet Co., Ltd.>
[nv / nv][Stopped/Manual Start]
  <system32\DRIVERS\nv4_mini.sys><NVIDIA Corporation>
[Direct Parallel Link Driver / Ptilink][Running/Manual Start]
  <system32\DRIVERS\ptilink.sys><Parallel Technologies, Inc.>
[PxHelp20 / PxHelp20][Running/Boot Start]
  <\SystemRoot\System32\Drivers\PxHelp20.sys><Sonic Solutions>
[ql1080 / ql1080][Stopped/Disabled]
  <\SystemRoot\system32\DRIVERS\ql1080.sys><QLogic Corporation>
[Ql10wnt / Ql10wnt][Stopped/Disabled]
  <\SystemRoot\system32\DRIVERS\ql10wnt.sys><Microsoft Corporation>
[ql12160 / ql12160][Stopped/Disabled]
  <\SystemRoot\system32\DRIVERS\ql12160.sys><QLogic Corporation>
[ql1280 / ql1280][Stopped/Disabled]
  <\SystemRoot\system32\DRIVERS\ql1280.sys><QLogic Corporation>
[R2A / R2A][Stopped/Manual Start]
  <\??\C:\WINDOWS\system32a2.sys><N/A>
[USB Token Holder Service / R5BaseSmc][Running/Manual Start]
  <system32\DRIVERS\smccard.sys><OEM>
[SAVRT / SAVRT][Running/System Start]
  <\??\C:\Program Files\Symantec AntiVirus\savrt.sys><Symantec Corporation>
[SAVRTPEL / SAVRTPEL][Running/System Start]
  <\??\C:\Program Files\Symantec AntiVirus\Savrtpel.sys><Symantec Corporation>
[Secdrv / Secdrv][Stopped/Manual Start]
  <system32\DRIVERS\secdrv.sys><N/A>
[senfilt / senfilt][Running/Manual Start]
  <system32\drivers\senfilt.sys><Creative Technology Ltd.>
[SIS AGP Bus Filter / sisagp][Stopped/Disabled]
  <\SystemRoot\system32\DRIVERS\sisagp.sys><Silicon Integrated Systems Corporation>
[smwdm / smwdm][Running/Manual Start]
  <system32\drivers\smwdm.sys><Analog Devices, Inc.>
[Sparrow / Sparrow][Stopped/Disabled]
  <\SystemRoot\system32\DRIVERS\sparrow.sys><Adaptec, Inc.>
[SPBBCDrv / SPBBCDrv][Stopped/Manual Start]
  <\??\C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCDrv.sys><Symantec Corporation>
[symc810 / symc810][Stopped/Disabled]
  <\SystemRoot\system32\DRIVERS\symc810.sys><Symbios Logic Inc.>
[symc8xx / symc8xx][Stopped/Disabled]
  <\SystemRoot\system32\DRIVERS\symc8xx.sys><LSI Logic>
[SymEvent / SymEvent][Running/Manual Start]
  <\??\C:\Program Files\Symantec\SYMEVENT.SYS><Symantec Corporation>
[SYMREDRV / SYMREDRV][Running/Manual Start]
  <\SystemRoot\System32\Drivers\SYMREDRV.SYS><Symantec Corporation>
[SYMTDI / SYMTDI][Running/System Start]
  <\SystemRoot\System32\Drivers\SYMTDI.SYS><Symantec Corporation>
[sym_hi / sym_hi][Stopped/Disabled]
  <\SystemRoot\system32\DRIVERS\sym_hi.sys><LSI Logic>
[sym_u3 / sym_u3][Stopped/Disabled]
  <\SystemRoot\system32\DRIVERS\sym_u3.sys><LSI Logic>
[TosIde / TosIde][Stopped/Disabled]
  <\SystemRoot\system32\DRIVERS\toside.sys><Microsoft Corporation>
[ultra / ultra][Stopped/Disabled]
  <\SystemRoot\system32\DRIVERS\ultra.sys><Promise Technology, Inc.>
[ViaIde / ViaIde][Stopped/Disabled]
  <\SystemRoot\system32\DRIVERS\viaide.sys><Microsoft Corporation>
[CRW-Vu SCReader / WATCHKEY][Stopped/Auto Start]
  <system32\DRIVERS\wdkey.SYS><Beijing WatchData System Co., Ltd.>
[WINIO / WINIO][Stopped/Manual Start]
  <\??\C:\WINDOWS\Downloaded Program Files\CONFLICT.1\winio.sys><N/A>
gototop
 
白鸥海客
头像
飘泊而立狮
  • 帖子:438
  • 注册: 2005-01-17
  • 来自:
发表于: 2007-03-20 09:59 | 只看楼主 短消息 资料
字号: 3楼

浏览器加载项
[AcroIEHlprObj Class]
  {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} <C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll, Adobe Systems Incorporated>
[QQBrowserHelperObject Class]
  {54EBD53A-9BC1-480B-966A-843A333CA162} <C:\Program Files\Tencent\QQ\QQIEHelper.dll, 深圳市腾讯计算机系统有限公司>
[IEInit Class]
  {5B02EBA1-EFDD-477D-A37F-05383165C9C0} <C:\WINDOWS\system32\drivers\usrinit.dll, >
[DriveLetterAccess]
  {5CA3D70E-1895-11CF-8E15-001234567890} <C:\WINDOWS\System32\DLA\DLASHX_W.DLL, Sonic Solutions>
[IeCatch2 Class]
  {A5366673-E8CA-11D3-9CD9-0090271D075B} <C:\PROGRA~1\FlashGet\Jccatch.dll, Amaze Soft>
[Google Toolbar Helper]
  {AA58ED58-01DD-4d91-8333-CF10577473F7} <c:\program files\google\googletoolbar3.dll, Google Inc.>
[QQ]
  {c95fe080-8f5d-11d2-a20b-00aa003c157b} <C:\Program Files\Tencent\qq\QQ.EXE, TENCENT>
[QQIEFloatBarCfgCmd Class]
  {DEDEB80D-FA35-45d9-9460-4983E5A8AFE6} <C:\Program Files\Tencent\QQ\QQIEHelper.dll, 深圳市腾讯计算机系统有限公司>
[FlashGet Bar]
  {E0E899AB-F487-11D5-8D29-0050BA6940E3} <C:\PROGRA~1\FlashGet\fgiebar.dll, Amaze Soft>
[&Google]
  {2318C2B1-4965-11d4-9B18-009027A5CD4F} <c:\program files\google\googletoolbar3.dll, Google Inc.>
[AcroIEHlprObj Class]
  {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} <C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll, Adobe Systems Incorporated>
[&Google]
  {2318C2B1-4965-11D4-9B18-009027A5CD4F} <c:\program files\google\googletoolbar3.dll, Google Inc.>
[QQBrowserHelperObject Class]
  {54EBD53A-9BC1-480B-966A-843A333CA162} <C:\Program Files\Tencent\QQ\QQIEHelper.dll, 深圳市腾讯计算机系统有限公司>
[IEInit Class]
  {5B02EBA1-EFDD-477D-A37F-05383165C9C0} <C:\WINDOWS\system32\drivers\usrinit.dll, >
[DriveLetterAccess]
  {5CA3D70E-1895-11CF-8E15-001234567890} <C:\WINDOWS\System32\DLA\DLASHX_W.DLL, Sonic Solutions>
[IeCatch2 Class]
  {A5366673-E8CA-11D3-9CD9-0090271D075B} <C:\PROGRA~1\FlashGet\Jccatch.dll, Amaze Soft>
[Google Toolbar Helper]
  {AA58ED58-01DD-4D91-8333-CF10577473F7} <c:\program files\google\googletoolbar3.dll, Google Inc.>
[RDS.DataSpace]
  {BD96C556-65A3-11D0-983A-00C04FC29E36} <C:\Program Files\Common Files\System\msadc\msadco.dll, Microsoft Corporation>
[FlashGet Bar]
  {E0E899AB-F487-11D5-8D29-0050BA6940E3} <C:\PROGRA~1\FlashGet\fgiebar.dll, Amaze Soft>
[上传到QQ网络硬盘]
  <C:\Program Files\Tencent\qq\AddToNetDisk.htm, N/A>
[导出到 Microsoft Office Excel(&X)]
  <res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000, N/A>
[添加到QQ自定义面板]
  <C:\Program Files\Tencent\qq\AddPanel.htm, N/A>
[添加到QQ表情]
  <C:\Program Files\Tencent\qq\AddEmotion.htm, N/A>
[用QQ彩信发送该图片]
  <C:\Program Files\Tencent\qq\SendMMS.htm, N/A>
gototop
 
白鸥海客
头像
飘泊而立狮
  • 帖子:438
  • 注册: 2005-01-17
  • 来自:
发表于: 2007-03-20 09:59 | 只看楼主 短消息 资料
字号: 4楼

正在运行的进程
[PID: 984][\SystemRoot\System32\smss.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 1040][\??\C:\WINDOWS\system32\csrss.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 1064][\??\C:\WINDOWS\system32\winlogon.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
    [C:\WINDOWS\system32\NavLogon.dll]  [Symantec Corporation, 10.0.1.1000]
    [C:\WINDOWS\system32\WinWdg32.dll]  [TEC Solutions Limited., 2, 84, 2719, 0]
    [C:\WINDOWS\system32\thooks.dll]  [TEC Solutions Limited., 2, 84, 2719, 0]
    [C:\WINDOWS\system32\winhafn.dll]  [TEC Solutions Limited., 1, 0, 7, 19]
    [C:\WINDOWS\system32\winhason.dll]  [TEC Solutions Limited., 1, 0, 7, 19]
    [C:\WINDOWS\system32\winhashn.dll]  [TEC Solutions Limited., 1, 0, 7, 19]
[PID: 1108][C:\WINDOWS\system32\services.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 1120][C:\WINDOWS\system32\lsass.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 1300][C:\WINDOWS\system32\svchost.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
    [C:\WINDOWS\system32\winoa32.dll]  [TEC Solutions Limited., 2, 84, 2719, 0]
    [C:\WINDOWS\system32\thooks.dll]  [TEC Solutions Limited., 2, 84, 2719, 0]
    [C:\WINDOWS\system32\oblknet.dll]  [TEC Solutions Limited., 2, 84, 2718, 0]
    [C:\WINDOWS\system32\ippcap.dll]  [Politecnico di Torino, 3, 0, 0, 18]
    [C:\WINDOWS\system32\IPpacket.dll]  [Politecnico di Torino, 3, 0, 0, 20]
    [C:\WINDOWS\system32\orcsdll.dll]  [TEC Solutions Limited., 2, 84, 2718, 0]
    [C:\WINDOWS\system32\orcshook.dll]  [TEC Solutions Limited., 2, 84, 2718, 0]
    [C:\WINDOWS\system32\winhafn.dll]  [TEC Solutions Limited., 1, 0, 7, 19]
[PID: 1376][C:\WINDOWS\system32\svchost.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 1464][C:\WINDOWS\System32\svchost.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
    [c:\program files\iesnap\navoct.dll]  [ , 1, 0, 1, 1]
    [c:\PROGRA~1\iesnap\navstub.dll]  [, 1, 0, 1, 1]
    [C:\WINDOWS\system32\winhafn.dll]  [TEC Solutions Limited., 1, 0, 7, 19]
    [C:\WINDOWS\system32\winhason.dll]  [TEC Solutions Limited., 1, 0, 7, 19]
    [C:\WINDOWS\system32\winhashn.dll]  [TEC Solutions Limited., 1, 0, 7, 19]
    [C:\WINDOWS\system32\thooks.dll]  [TEC Solutions Limited., 2, 84, 2719, 0]
[PID: 1540][C:\WINDOWS\system32\svchost.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 1584][C:\WINDOWS\system32\svchost.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 1744][C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe]  [Symantec Corporation, 103.5.4.3]
    [C:\Program Files\Common Files\Symantec Shared\ccL35.dll]  [Symantec Corporation, 103.5.4.3]
    [C:\Program Files\Common Files\Symantec Shared\ccVrTrst.dll]  [Symantec Corporation, 103.5.4.3]
    [C:\Program Files\Common Files\Symantec Shared\ccSetEvt.dll]  [Symantec Corporation, 103.5.4.3]
[PID: 1772][C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe]  [Symantec Corporation, 103.5.4.3]
    [C:\Program Files\Common Files\Symantec Shared\ccL35.dll]  [Symantec Corporation, 103.5.4.3]
    [C:\Program Files\Common Files\Symantec Shared\ccVrTrst.dll]  [Symantec Corporation, 103.5.4.3]
    [C:\PROGRA~1\COMMON~1\SYMANT~1\SPBBC\BB.DLL]  [Symantec Corporation, 1,5,1,3]
    [C:\PROGRA~1\COMMON~1\SYMANT~1\SPBBC\SPBBCEVT.DLL]  [Symantec Corporation, 1,5,1,3]
    [C:\Program Files\Common Files\Symantec Shared\ccSet.dll]  [Symantec Corporation, 103.5.4.3]
    [C:\PROGRA~1\COMMON~1\SYMANT~1\CCSETEVT.DLL]  [Symantec Corporation, 103.5.4.3]
[PID: 1908][C:\WINDOWS\system32\spoolsv.exe]  [Microsoft Corporation, 5.1.2600.2696 (xpsp_sp2_gdr.050610-1519)]
    [C:\WINDOWS\system32\dwmonnt.dll]  [Fuji Xerox, 4.0.0.11]
    [C:\WINDOWS\system32\hptcpmon.dll]  [Hewlett Packard, 2.52.01.002]
    [C:\WINDOWS\system32\hpzjrd01.dll]  [Hewlett Packard, 1.00.01.006]
    [C:\WINDOWS\system32\HPZJSN01.dll]  [Hewlett Packard Company, 1, 0, 0, 3]
    [C:\WINDOWS\system32\HPTcpMUI.dll]  [Microsoft Corporation, 2.52.01.002]
    [C:\WINDOWS\system32\hptcpmib.dll]  [Hewlett Packard, 2.52.01.002]
    [C:\WINDOWS\system32\ZLhp1020.DLL]  [Zenographics, Inc., 5, 53, 2714, 0]
    [C:\WINDOWS\system32\ZLM.dll]  [Zenographics, Inc., 5, 50, 1416, 0]
    [C:\WINDOWS\System32\spool\PRTPROCS\W32X86\dwpp.dll]  [Fuji Xerox, 4.0.5.104 [ENG]]
    [C:\WINDOWS\System32\spool\PRTPROCS\W32X86\IMFPrint.DLL]  [Zenographics, Inc., 5, 54, 330, 0]
    [C:\WINDOWS\system32\Imf32.dll]  [Zenographics, Inc., 5, 60, 1204, 0]
    [C:\WINDOWS\system32\ZTAG32.dll]  [Zenographics, Inc., 5, 60, 1210, 0]
    [C:\WINDOWS\system32\ZSPOOL.dll]  [Zenographics, Inc., 5, 51, 709, 0]
    [c:\PROGRA~1\iesnap\navstub.dll]  [, 1, 0, 1, 1]
    [C:\WINDOWS\system32\winhafn.dll]  [TEC Solutions Limited., 1, 0, 7, 19]
    [C:\WINDOWS\system32\winhason.dll]  [TEC Solutions Limited., 1, 0, 7, 19]
    [C:\WINDOWS\system32\winhashn.dll]  [TEC Solutions Limited., 1, 0, 7, 19]
    [C:\WINDOWS\system32\thooks.dll]  [TEC Solutions Limited., 2, 84, 2719, 0]
[PID: 1944][C:\WINDOWS\System32\SCardSvr.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 284][C:\WINDOWS\Explorer.EXE]  [Microsoft Corporation, 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)]
    [C:\WINDOWS\system32\msow32cn.dll]  [TEC Solutions Limited., 2, 84, 2719, 0]
    [C:\Program Files\cpfq\dqgr.nls]  [N/A, N/A]
    [c:\PROGRA~1\iesnap\navstub.dll]  [, 1, 0, 1, 1]
    [C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll]  [Adobe Systems Incorporated, 7.0.0.2004121400]
    [C:\WINDOWS\system32\drivers\usrinit.dll]  [, 1, 0, 0, 1]
    [C:\Program Files\Internet Explorer\Connection Wizard\isignup.sys]  [N/A, N/A]
    [C:\WINDOWS\system32\igfxsrvc.dll]  [Intel Corporation, 3.0.0.4299]
    [C:\WINDOWS\system32\winhafn.dll]  [TEC Solutions Limited., 1, 0, 7, 19]
    [C:\WINDOWS\system32\winhason.dll]  [TEC Solutions Limited., 1, 0, 7, 19]
    [C:\WINDOWS\system32\winhashn.dll]  [TEC Solutions Limited., 1, 0, 7, 19]
    [C:\WINDOWS\system32\thooks.dll]  [TEC Solutions Limited., 2, 84, 2719, 0]
    [C:\WINDOWS\system32\shlcn32.dll]  [TEC Solutions Limited., 2, 84, 2719, 0]
    [C:\WINDOWS\system32\winimhs.dll]  [TEC Solutions Limited, 2, 84, 2718, 0]
    [C:\WINDOWS\system32\winimhc.dll]  [TEC Solutions Limited, 2, 84, 2718, 0]
    [C:\Program Files\Adobe\Acrobat 7.0\ActiveX\PDFShell.dll]  [Adobe Systems, Inc., 7.0.0.0]
    [C:\WINDOWS\system32\igfxpph.dll]  [Intel Corporation, 3.0.0.4299]
    [C:\WINDOWS\system32\hccutils.DLL]  [Intel Corporation, 3.0.0.4299]
    [C:\WINDOWS\system32\igfxres.dll]  [Intel Corporation, 3.0.0.4299]
    [C:\WINDOWS\system32\igfxress.dll]  [Intel Corporation, 3.0.0.4299]
[PID: 476][C:\Program Files\Symantec AntiVirus\DefWatch.exe]  [Symantec Corporation, 10.0.1.1000]
[PID: 684][C:\Program Files\Symantec AntiVirus\SavRoam.exe]  [symantec, 10.0.1.1000]
    [C:\Program Files\Common Files\Symantec Shared\SSC\Transman.dll]  [Symantec Corporation, 10.0.1.1000]
    [C:\WINDOWS\system32\CBA.DLL]  [LANDesk Software Ltd., 6.12.0.137 E]
    [C:\WINDOWS\system32\MsgSys.dll]  [LANDesk Software Ltd., 6.12.0.137 E]
    [C:\WINDOWS\system32\NTS.dll]  [LANDesk Software Ltd., 6.12.0.137 E]
    [C:\WINDOWS\system32\PDS.DLL]  [LANDesk Software Ltd., 6.12.0.137 E]
    [c:\program files\common files\symantec shared\ssc\ScsComms.dll]  [Symantec Corporation, 10.0.1.1000]
[PID: 800][C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe]  [Google Inc., 1, 2, 1128, 5462]
gototop
 
白鸥海客
头像
飘泊而立狮
  • 帖子:438
  • 注册: 2005-01-17
  • 来自:
发表于: 2007-03-20 09:59 | 只看楼主 短消息 资料
字号: 5楼

[C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\res_zh-CN.dll]  [Google Inc., 1, 2, 1128, 5462]
    [C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\swg.dll]  [Google Inc., 1, 2, 1128, 5462]
    [c:\PROGRA~1\iesnap\navstub.dll]  [, 1, 0, 1, 1]
    [C:\Program Files\Internet Explorer\Connection Wizard\isignup.sys]  [N/A, N/A]
    [C:\WINDOWS\system32\winimhc.dll]  [TEC Solutions Limited, 2, 84, 2718, 0]
    [C:\WINDOWS\system32\winhafn.dll]  [TEC Solutions Limited., 1, 0, 7, 19]
    [C:\WINDOWS\system32\winhason.dll]  [TEC Solutions Limited., 1, 0, 7, 19]
    [C:\WINDOWS\system32\winhashn.dll]  [TEC Solutions Limited., 1, 0, 7, 19]
    [C:\WINDOWS\system32\thooks.dll]  [TEC Solutions Limited., 2, 84, 2719, 0]
[PID: 948][C:\Program Files\Symantec AntiVirus\Rtvscan.exe]  [Symantec Corporation, 10.0.1.1000]
    [C:\WINDOWS\system32\CBA.DLL]  [LANDesk Software Ltd., 6.12.0.137 E]
    [C:\WINDOWS\system32\MsgSys.dll]  [LANDesk Software Ltd., 6.12.0.137 E]
    [C:\WINDOWS\system32\NTS.dll]  [LANDesk Software Ltd., 6.12.0.137 E]
    [C:\WINDOWS\system32\PDS.DLL]  [LANDesk Software Ltd., 6.12.0.137 E]
    [C:\Program Files\Symantec AntiVirus\NAVLU.dll]  [Symantec Corporation, 10.0.1.1000]
    [C:\Program Files\Symantec AntiVirus\NAVNTUTL.DLL]  [Symantec Corporation, 10.0.1.1000]
    [c:\program files\common files\symantec shared\ssc\ScsComms.dll]  [Symantec Corporation, 10.0.1.1000]
    [C:\Program Files\Symantec AntiVirus\I2ldvp3.dll]  [Symantec Corporation, 10.0.1.1000]
    [C:\Program Files\Common Files\Symantec Shared\ccVrTrst.dll]  [Symantec Corporation, 103.5.4.3]
    [C:\Program Files\Common Files\Symantec Shared\ccL35.dll]  [Symantec Corporation, 103.5.4.3]
    [C:\Program Files\Common Files\Symantec Shared\ccDec.dll]  [Symantec Corporation, 103.5.4.3]
    [C:\Program Files\Common Files\Symantec Shared\Decomposers\decsdk.dll]  [Symantec Corporation, 3.02.12.35]
    [C:\Program Files\Common Files\Symantec Shared\Decomposers\Dec2.dll]  [Symantec Corporation, 3.02.12.35]
    [C:\Program Files\Common Files\Symantec Shared\Decomposers\Dec2ID.dll]  [Symantec Corporation, 3.02.12.35]
    [C:\Program Files\Common Files\Symantec Shared\Decomposers\Dec2Zip.dll]  [Symantec Corporation, 3.02.12.35]
    [C:\Program Files\Common Files\Symantec Shared\Decomposers\Dec2SS.dll]  [Symantec Corporation, 3.02.12.35]
    [C:\Program Files\Common Files\Symantec Shared\Decomposers\Dec2GZIP.dll]  [Symantec Corporation, 3.02.12.35]
    [C:\Program Files\Common Files\Symantec Shared\Decomposers\Dec2CAB.dll]  [Symantec Corporation, 3.02.12.35]
    [C:\Program Files\Common Files\Symantec Shared\Decomposers\Dec2LHA.dll]  [Symantec Corporation, 3.02.12.35]
    [C:\Program Files\Common Files\Symantec Shared\Decomposers\Dec2ARJ.dll]  [Symantec Corporation, 3.02.12.35]
    [C:\Program Files\Common Files\Symantec Shared\Decomposers\Dec2TNEF.dll]  [Symantec Corporation, 3.02.12.35]
    [C:\Program Files\Common Files\Symantec Shared\Decomposers\Dec2LZ.dll]  [Symantec Corporation, 3.02.12.35]
    [C:\Program Files\Common Files\Symantec Shared\Decomposers\Dec2AMG.dll]  [Symantec Corporation, 3.02.12.35]
    [C:\Program Files\Common Files\Symantec Shared\Decomposers\Dec2RAR.dll]  [Symantec Corporation, 3.02.12.35]
    [C:\Program Files\Common Files\Symantec Shared\Decomposers\Dec2TAR.dll]  [Symantec Corporation, 3.02.12.35]
    [C:\Program Files\Common Files\Symantec Shared\Decomposers\Dec2RTF.dll]  [Symantec Corporation, 3.02.12.35]
    [C:\Program Files\Common Files\Symantec Shared\Decomposers\Dec2Text.dll]  [Symantec Corporation, 3.02.12.35]
    [C:\Program Files\Common Files\Symantec Shared\ccScan.dll]  [Symantec Corporation, 103.5.4.3]
    [C:\Program Files\Common Files\Symantec Shared\ecmldr32.DLL]  [Symantec Corporation, 1.4.0.11]
    [C:\PROGRA~1\COMMON~1\SYMANT~1\VIRUSD~1\20070318.009\ccEraser.dll]  [Symantec Corporation, 107.1.1.3]
    [C:\Program Files\Symantec AntiVirus\DefUtDCD.dll]  [Symantec Corporation, 3.1.13a.0]
    [C:\PROGRA~1\COMMON~1\SYMANT~1\VIRUSD~1\20070318.009\ecmsvr32.dll]  [Symantec Corporation, 71.1.0.11]
    [C:\PROGRA~1\COMMON~1\SYMANT~1\VIRUSD~1\20070318.009\NAVEX32a.DLL]  [Symantec Corporation, 20071.1.1.10]
    [C:\PROGRA~1\COMMON~1\SYMANT~1\VIRUSD~1\20070318.009\NAVENG32.DLL]  [Symantec Corporation, 20071.1.1.10]
    [C:\Program Files\Symantec AntiVirus\NAVAP32.DLL]  [Symantec Corporation, 9.5.0.44]
    [C:\Program Files\Symantec AntiVirus\SAVRT32.DLL]  [Symantec Corporation, 9.5.0.44]
    [C:\Program Files\Symantec AntiVirus\IMail.dll]  [Symantec Corporation, 10.0.1.1000]
    [c:\PROGRA~1\iesnap\navstub.dll]  [, 1, 0, 1, 1]
    [C:\Program Files\Symantec AntiVirus\NotesExt.dll]  [Symantec Corporation, 10.0.1.1000]
    [C:\Program Files\Symantec AntiVirus\vpmsece3.dll]  [Symantec Corporation, 10.0.1.1000]
    [C:\Program Files\Symantec AntiVirus\SymProtectStorage.dll]  [Symantec Corporation, 10.0.1.1000]
    [C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCEvt.dll]  [Symantec Corporation, 1,5,1,3]
    [C:\WINDOWS\system32\winhafn.dll]  [TEC Solutions Limited., 1, 0, 7, 19]
    [C:\WINDOWS\system32\winhason.dll]  [TEC Solutions Limited., 1, 0, 7, 19]
    [C:\WINDOWS\system32\winhashn.dll]  [TEC Solutions Limited., 1, 0, 7, 19]
    [C:\WINDOWS\system32\thooks.dll]  [TEC Solutions Limited., 2, 84, 2719, 0]
    [C:\Program Files\Common Files\Symantec Shared\SSC\scandlgs.dll]  [Symantec Corporation, 10.0.1.1000]
    [C:\Program Files\Symantec AntiVirus\Cliscan.dll]  [Symantec Corporation, 10.0.1.1000]
[PID: 1308][C:\WINDOWS\system32\ctfmon.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
    [c:\PROGRA~1\iesnap\navstub.dll]  [, 1, 0, 1, 1]
    [C:\Program Files\Internet Explorer\Connection Wizard\isignup.sys]  [N/A, N/A]
    [C:\WINDOWS\system32\winhafn.dll]  [TEC Solutions Limited., 1, 0, 7, 19]
    [C:\WINDOWS\system32\winhason.dll]  [TEC Solutions Limited., 1, 0, 7, 19]
    [C:\WINDOWS\system32\winhashn.dll]  [TEC Solutions Limited., 1, 0, 7, 19]
    [C:\WINDOWS\system32\thooks.dll]  [TEC Solutions Limited., 2, 84, 2719, 0]
    [C:\WINDOWS\system32\winimhc.dll]  [TEC Solutions Limited, 2, 84, 2718, 0]
[PID: 1576][C:\WINDOWS\system32\rundll32.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
    [C:\program files\internet explorer\use20.dll]  [N/A, N/A]
    [c:\PROGRA~1\iesnap\navstub.dll]  [, 1, 0, 1, 1]
    [C:\Program Files\Internet Explorer\Connection Wizard\isignup.sys]  [N/A, N/A]
    [C:\WINDOWS\system32\winimhc.dll]  [TEC Solutions Limited, 2, 84, 2718, 0]
    [C:\WINDOWS\system32\winhafn.dll]  [TEC Solutions Limited., 1, 0, 7, 19]
    [C:\WINDOWS\system32\winhason.dll]  [TEC Solutions Limited., 1, 0, 7, 19]
    [C:\WINDOWS\system32\winhashn.dll]  [TEC Solutions Limited., 1, 0, 7, 19]
    [C:\WINDOWS\system32\thooks.dll]  [TEC Solutions Limited., 2, 84, 2719, 0]
[PID: 1684][C:\Program Files\Hewlett-Packard\OrderReminder\OrderReminder.exe]  [Hewlett-Packard, 2, 0, 1, 26]
[PID: 1696][C:\Program Files\Common Files\Symantec Shared\ccApp.exe]  [Symantec Corporation, 103.5.4.3]
    [C:\Program Files\Common Files\Symantec Shared\ccL35.dll]  [Symantec Corporation, 103.5.4.3]
    [c:\PROGRA~1\iesnap\navstub.dll]  [, 1, 0, 1, 1]
    [C:\Program Files\Common Files\Symantec Shared\ccVrTrst.dll]  [Symantec Corporation, 103.5.4.3]
    [C:\PROGRA~1\COMMON~1\SYMANT~1\CCALERT.DLL]  [Symantec Corporation, 103.5.4.3]
    [C:\PROGRA~1\COMMON~1\SYMANT~1\CCEMLPXY.DLL]  [Symantec Corporation, 103.5.4.3]
    [C:\WINDOWS\system32\SYMREDIR.DLL]  [Symantec Corporation, 5.5.2.1]
    [C:\Program Files\Common Files\Symantec Shared\ccSetEvt.dll]  [Symantec Corporation, 103.5.4.3]
    [C:\Program Files\Common Files\Symantec Shared\ccProSub.dll]  [Symantec Corporation, 103.5.4.3]
    [C:\Program Files\Symantec AntiVirus\SavEmail.dll]  [Symantec Corporation, 10.0.1.1000]
    [C:\Program Files\Internet Explorer\Connection Wizard\isignup.sys]  [N/A, N/A]
    [C:\WINDOWS\system32\winimhc.dll]  [TEC Solutions Limited, 2, 84, 2718, 0]
    [C:\WINDOWS\system32\winhafn.dll]  [TEC Solutions Limited., 1, 0, 7, 19]
    [C:\WINDOWS\system32\winhason.dll]  [TEC Solutions Limited., 1, 0, 7, 19]
    [C:\WINDOWS\system32\winhashn.dll]  [TEC Solutions Limited., 1, 0, 7, 19]
    [C:\WINDOWS\system32\thooks.dll]  [TEC Solutions Limited., 2, 84, 2719, 0]
[PID: 2176][C:\PROGRA~1\SYMANT~1\VPTray.exe]  [Symantec Corporation, 10.0.1.1000]
    [C:\Program Files\Symantec AntiVirus\SAVRT32.DLL]  [Symantec Corporation, 9.5.0.44]
    [c:\PROGRA~1\iesnap\navstub.dll]  [, 1, 0, 1, 1]
    [C:\Program Files\Internet Explorer\Connection Wizard\isignup.sys]  [N/A, N/A]
    [C:\Program Files\Symantec AntiVirus\Cliscan.dll]  [Symantec Corporation, 10.0.1.1000]
    [C:\PROGRA~1\SYMANT~1\NAVNTUTL.DLL]  [Symantec Corporation, 10.0.1.1000]
    [C:\Program Files\Symantec AntiVirus\Cliproxy.dll]  [Symantec Corporation, 10.0.1.1000]
    [C:\WINDOWS\system32\winhafn.dll]  [TEC Solutions Limited., 1, 0, 7, 19]
    [C:\WINDOWS\system32\winhason.dll]  [TEC Solutions Limited., 1, 0, 7, 19]
    [C:\WINDOWS\system32\winhashn.dll]  [TEC Solutions Limited., 1, 0, 7, 19]
    [C:\WINDOWS\system32\thooks.dll]  [TEC Solutions Limited., 2, 84, 2719, 0]
    [C:\WINDOWS\system32\winimhc.dll]  [TEC Solutions Limited, 2, 84, 2718, 0]
[PID: 2292][C:\WINDOWS\System32\alg.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 4072][C:\WINDOWS\system32\wuauclt.exe]  [Microsoft Corporation, 5.8.0.2469 built by: lab01_n(wmbla)]
    [C:\WINDOWS\system32\winimhc.dll]  [TEC Solutions Limited, 2, 84, 2718, 0]
    [C:\Program Files\Internet Explorer\Connection Wizard\isignup.sys]  [N/A, N/A]
    [c:\PROGRA~1\iesnap\navstub.dll]  [, 1, 0, 1, 1]
    [C:\WINDOWS\system32\winhafn.dll]  [TEC Solutions Limited., 1, 0, 7, 19]
    [C:\WINDOWS\system32\winhason.dll]  [TEC Solutions Limited., 1, 0, 7, 19]
    [C:\WINDOWS\system32\winhashn.dll]  [TEC Solutions Limited., 1, 0, 7, 19]
    [C:\WINDOWS\system32\thooks.dll]  [TEC Solutions Limited., 2, 84, 2719, 0]
[PID: 3360][E:\SRE\SREng.EXE]  [Smallfrogs Studio, 2.3.13.690]
    [C:\WINDOWS\system32\winimhc.dll]  [TEC Solutions Limited, 2, 84, 2718, 0]
    [C:\Program Files\Internet Explorer\Connection Wizard\isignup.sys]  [N/A, N/A]
    [c:\PROGRA~1\iesnap\navstub.dll]  [, 1, 0, 1, 1]
    [C:\WINDOWS\system32\winhafn.dll]  [TEC Solutions Limited., 1, 0, 7, 19]
    [C:\WINDOWS\system32\winhason.dll]  [TEC Solutions Limited., 1, 0, 7, 19]
    [C:\WINDOWS\system32\winhashn.dll]  [TEC Solutions Limited., 1, 0, 7, 19]
    [C:\WINDOWS\system32\thooks.dll]  [TEC Solutions Limited., 2, 84, 2719, 0]
gototop
 
白鸥海客
头像
飘泊而立狮
  • 帖子:438
  • 注册: 2005-01-17
  • 来自:
发表于: 2007-03-20 10:00 | 只看楼主 短消息 资料
字号: 6楼

文件关联
.TXT  OK. [%SystemRoot%\system32\NOTEPAD.EXE %1]
.EXE  OK. ["%1" %*]
.COM  OK. ["%1" %*]
.PIF  OK. ["%1" %*]
.REG  OK. [regedit.exe "%1"]
.BAT  OK. ["%1" %*]
.SCR  OK. ["%1" /S]
.CHM  Error. ["hh.exe" %1]
.HLP  OK. [%SystemRoot%\System32\winhlp32.exe %1]
.INI  OK. [%SystemRoot%\system32\NOTEPAD.EXE %1]
.INF  OK. [%SystemRoot%\system32\NOTEPAD.EXE %1]
.VBS  OK. [%SystemRoot%\System32\WScript.exe "%1" %*]
.JS  OK. [%SystemRoot%\System32\WScript.exe "%1" %*]
.LNK  OK. [{00021401-0000-0000-C000-000000000046}]

==================================
Winsock 提供者
N/A

==================================
Autorun.inf
N/A

==================================
HOSTS 文件
127.0.0.1      localhost
127.0.0.1    test.nicemm.cn
127.0.0.1    new3.etsoft.com.cn
127.0.0.1    www.djdj110.com
127.0.0.1    www.gaodumm.com
127.0.0.1    www.88cc8.com
127.0.0.1    wg770.com
127.0.0.1    www.y988.com
127.0.0.1    ads.9168a.com
127.0.0.1    www.flashsky.com
127.0.0.1    xzn.2000y.net
127.0.0.1    www.hifi168.com

==================================
API HOOK
N/A

==================================


[/CODE]
gototop
 
白鸥海客
头像
飘泊而立狮
  • 帖子:438
  • 注册: 2005-01-17
  • 来自:
发表于: 2007-03-20 10:00 | 只看楼主 短消息 资料
字号: 7楼

杀毒软件不停的报警、拦截,杀都杀不光啊
gototop
 
枫笑九洲
头像
强壮不惑狮
  • 帖子:881
  • 注册: 2007-03-19
  • 来自:
发表于: 2007-03-20 10:06 | 短消息 资料
字号: 8楼

先用超级兔子或安全卫士清理流氓软件先
gototop
 
baohe
头像
大版主
  • 帖子:72578
  • 注册: 2003-04-10
  • 来自:
年度优秀版主奖端午辟邪香囊卡卡名人堂就爱不长大论坛9周年纪念09欢乐圣诞十周年年度风云人物2012我眼中的你们茶馆劳模瑞星金牌用户十一周年勋章
发表于: 2007-03-20 10:19 | 短消息 资料
字号: 9楼

【回复“白鸥海客”的帖子】
用IceSword。
1、禁止进程创建。
2、强制卸除下列进程中的病毒模块:

[PID: 284][C:\WINDOWS\Explorer.EXE] [Microsoft Corporation, 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)]
[C:\WINDOWS\system32\drivers\usrinit.dll] [, 1, 0, 0, 1]
[PID: 1576][C:\WINDOWS\system32\rundll32.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[C:\program files\internet explorer\use20.dll] [N/A, N/A]
[C:\Program Files\Internet Explorer\Connection Wizard\isignup.sys] [N/A, N/A]
[PID: 2176][C:\PROGRA~1\SYMANT~1\VPTray.exe] [Symantec Corporation, 10.0.1.1000]
[C:\Program Files\Internet Explorer\Connection Wizard\isignup.sys] [N/A, N/A]

3、删除下列启动项、驱动项:
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run]
<main><rundll32.exe "C:\program files\internet explorer\use20.dll" mymain> [N/A]
<usrinit><C:\WINDOWS\system32\usrinit.exe> []
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
<{A16CA976-4B8D-47FC-A9F4-651C17B636EC}><C:\WINDOWS\system32\msow32cn.dll> [TEC Solutions Limited.]
<{4BAB150F-DD97-476D-9C1E-41B6CDC0CA7A}><C:\PROGRA~1\Yahoo!\Assistant\yClickOn.dll> [N/A]
<{B8A170A8-7AD3-4678-B2FE-F2D7381CC1B5}><C:\Program Files\Internet Explorer\Connection Wizard\isignup.sys> [N/A]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
<dqgr><C:\PROGRA~1\cpfq\dqgr.dll> [N/A]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
[InstallShield Software Corporation]
<kernel32><; C:\WINDOWS\Kernel32.exe> [N/A]
<kernelmh><; C:\WINDOWS\Kernelmh.exe> [N/A]
<kernelwl><; C:\WINDOWS\Kernelwl.exe> [N/A]
[WINIO / WINIO][Stopped/Manual Start]
<\??\C:\WINDOWS\Downloaded Program Files\CONFLICT.1\winio.sys><N/A>
[ADProt / ADProt][Stopped/System Start]
<\SystemRoot\system32\drivers\ADProt.sys><N/A>
[R2A / R2A][Stopped/Manual Start]
<\??\C:\WINDOWS\system32a2.sys><N/A>
4、编辑Userinit项(去掉其中的rundll32.exe C:\WINDOWS\system32\winsys16_070307.dll):
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
<Userinit><C:\WINDOWS\system32\userinit.exe,rundll32.exe C:\WINDOWS\system32\winsys16_070307.dll start> [N/A]
5、删除相应文件。

6、取消IceSword的“禁止进程创建”。

另:C:\Program Files\cpfq\dqgr.nls————这是什么?是不是你自己装的?
gototop
 
白鸥海客
头像
飘泊而立狮
  • 帖子:438
  • 注册: 2005-01-17
  • 来自:
发表于: 2007-03-20 15:54 | 只看楼主 短消息 资料
字号: 10楼

谢谢baohe斑竹!
杀完以后就好了,没有再报警.
那个cpfq我也不知道是什么,删了~~
gototop
 
<<上一主题|下一主题>>
1   1  /  1  页   跳转
页面顶部
Powered by Discuz!NT