瑞星卡卡安全论坛技术交流区反病毒/反流氓软件论坛 [求助]byetmr.exe病毒,欢迎大家讨论,附病毒原本下载!

1   1  /  1  页   跳转

[求助]byetmr.exe病毒,欢迎大家讨论,附病毒原本下载!

收藏
天子疯Oo
头像
初生襁褓狮
  • 帖子:3
  • 注册: 2007-04-01
  • 来自:
发表于: 2007-04-01 05:27 | 只看楼主 短消息 资料
字号: 1楼

[求助]byetmr.exe病毒,欢迎大家讨论,附病毒原本下载!


这个是原病毒,解压密码123,希望大家给看下!
启动项目
注册表
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
    <ctfmon.exe><E:\WINDOWS\system32\ctfmon.exe>  [(Verified)Microsoft Windows Publisher]
    <BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}><"E:\Program Files\Common Files\Ahead\lib\NMBgMonitor.exe">  [Nero AG]
    <NvMediaCenter><RUNDLL32.EXE E:\WINDOWS\system32\NVMCTRAY.DLL,NvTaskbarInit>  [(Verified)Microsoft Windows Hardware Compatibility Publisher]
    <svc><E:\DOCUME~1\tian\LOCALS~1\Temp\byetmr.exe>  [Microsoft Corporation]
    <usbmon><C:\TDdownload\USBCleaner6.0\usbmon.exe>  [zju]
[HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows]
    <load><>  [N/A]
    <run><>  [N/A]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
    <IMJPMIG8.1><"E:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32>  [(Verified)Microsoft Windows Publisher]
    <PHIME2002ASync><E:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC>  [(Verified)Microsoft Windows Publisher]
    <PHIME2002A><E:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName>  [(Verified)Microsoft Windows Publisher]
    <WebThunder><E:\Program Files\Thunder Network\WebThunder\WebThunder.exe>  [深圳市迅雷网络技术有限公司]
    <StormCodec_Helper><"E:\Program Files\Ringz Studio\Storm Codec\StormSet.exe" /S /opti>  []
    <NWEReboot><>  [N/A]
    <NeroFilterCheck><E:\WINDOWS\system32\NeroCheck.exe>  [Ahead Software Gmbh]
    <Easy-PrintToolBox><E:\Program Files\Canon\Easy-PrintToolBox\BJPSMAIN.EXE /logon>  [CANON INC.]
    <KernelFaultCheck><%systemroot%\system32\dumprep 0 -k>  [N/A]
    <NvCplDaemon><RUNDLL32.EXE E:\WINDOWS\system32\NvCpl.dll,NvStartup>  [(Verified)Microsoft Windows Hardware Compatibility Publisher]
    <nwiz><nwiz.exe /install>  [NVIDIA Corporation]
    <load><E:\WINDOWS\uninstall\rundl132.exe>  []
    <upxdnd><E:\DOCUME~1\tian\LOCALS~1\Temp\upxdnd.exe>  []
    <cmdbcs><E:\WINDOWS\cmdbcs.exe>  []
    <mppds><E:\WINDOWS\mppds.exe>  []
    <winform><E:\WINDOWS\winform.exe>  []
    <msccrt><E:\WINDOWS\msccrt.exe>  []
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run]
    <twin><E:\WINDOWS\system32\ctfnom.exe>  [Microsoft Corporation]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
    <shell><Explorer.exe>  [(Verified)Microsoft Windows Publisher]
    <Userinit><E:\WINDOWS\system32\userinit.exe,>  [(Verified)Microsoft Windows Publisher]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Windows]
    <AppInit_DLLs><>  [N/A]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
    <UIHost><logonui.exe>  [(Verified)Microsoft Windows Publisher]



服务
[Human Interface Device Access / HidServ][Stopped/Disabled]
  <E:\WINDOWS\System32\svchost.exe -k netsvcs-->%SystemRoot%\System32\hidserv.dll><N/A>
[NVIDIA Display Driver Service / NVSvc][Running/Auto Start]
  <E:\WINDOWS\system32\nvsvc32.exe><NVIDIA Corporation>



驱动程序
[Service for Realtek AC97 Audio (WDM) / ALCXWDM][Stopped/Manual Start]
  <system32\drivers\ALCXWDM.SYS><N/A>
[InCD File System / InCDFs][Stopped/Disabled]
  <system32\drivers\InCDFs.sys><N/A>
[InCDPass / InCDPass][Stopped/System Start]
  <system32\drivers\InCDPass.sys><N/A>
[InCD Reader / InCDRm][Stopped/System Start]
  <system32\drivers\InCDRm.sys><N/A>
[Netgroup Packet Filter / NPF][Running/Manual Start]
  <system32\drivers\npf.sys><CACE Technologies>
[nv / nv][Running/Manual Start]
  <system32\DRIVERS\nv4_mini.sys><NVIDIA Corporation>
[Direct Parallel Link Driver / Ptilink][Running/Manual Start]
  <system32\DRIVERS\ptilink.sys><Parallel Technologies, Inc.>
[Realtek RTL8139(A/B/C)-based PCI Fast Ethernet Adapter NT Driver / rtl8139][Running/Manual Start]
  <system32\DRIVERS\RTL8139.SYS><Realtek Semiconductor Corporation>
[Secdrv / Secdrv][Stopped/Manual Start]
  <system32\DRIVERS\secdrv.sys><N/A>
[TSP / TSP][Stopped/Manual Start]
  <\??\E:\WINDOWS\system32\drivers\klif.sys><N/A>
[ViaIde / ViaIde][Running/Boot Start]
  <\SystemRoot\system32\DRIVERS\viaide.sys><Microsoft Corporation>
[VIA AC'97 Audio Controller (WDM) / VIAudio][Running/Manual Start]
  <system32\drivers\viaudios.sys><VIA Technologies, Inc.>
最后编辑2007-05-06 08:53:14.530000000
分享到:
gototop
 
天子疯Oo
头像
初生襁褓狮
  • 帖子:3
  • 注册: 2007-04-01
  • 来自:
发表于: 2007-04-01 05:29 | 只看楼主 短消息 资料
字号: 2楼

正在运行的进程
[PID: 428][\SystemRoot\System32\smss.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 484][\??\E:\WINDOWS\system32\csrss.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 508][\??\E:\WINDOWS\system32\winlogon.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
    [E:\WINDOWS\system32\msacm32.drv]  [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)]
[PID: 552][E:\WINDOWS\system32\services.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 564][E:\WINDOWS\system32\lsass.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 716][E:\WINDOWS\system32\svchost.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 772][E:\WINDOWS\system32\svchost.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 836][E:\WINDOWS\System32\svchost.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 884][E:\WINDOWS\system32\svchost.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 928][E:\WINDOWS\system32\svchost.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 1276][E:\WINDOWS\system32\spoolsv.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
    [E:\WINDOWS\system32\CNMLM6e.DLL]  [CANON INC., 1.80.2.50]
    [E:\WINDOWS\System32\spool\PRTPROCS\W32X86\CNMPD6e.DLL]  [CANON INC., 1.80.2.50]
    [E:\WINDOWS\System32\spool\DRIVERS\W32X86\3\CNMUI6e.DLL]  [CANON INC., 1.80.2.50]
[PID: 1796][E:\WINDOWS\system32\conime.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 1844][E:\WINDOWS\system32\ctfmon.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 1860][E:\Program Files\Common Files\Ahead\lib\NMBgMonitor.exe]  [Nero AG, 1, 0, 0, 1]
    [E:\Program Files\Common Files\Ahead\lib\MSVCP71.dll]  [Microsoft Corporation, 7.10.3077.0]
    [E:\Program Files\Common Files\Ahead\lib\MSVCR71.dll]  [Microsoft Corporation, 7.10.3052.4]
    [E:\Program Files\Common Files\Ahead\lib\NMIndexStoreSvrPS.dll]  [Nero AG, 1, 0, 0, 1]
    [E:\Program Files\Common Files\Ahead\lib\NMDataServices.dll]  [Nero AG, 1, 0, 0, 1]
[PID: 1900][E:\WINDOWS\system32\RUNDLL32.EXE]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
    [E:\WINDOWS\system32\NVMCTRAY.DLL]  [NVIDIA Corporation, 6.14.10.5303]
[PID: 1916][E:\DOCUME~1\tian\LOCALS~1\Temp\byetmr.exe]  [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)]
    [E:\DOCUME~1\tian\LOCALS~1\Temp\packet.dll]  [CACE Technologies, 3, 1, 0, 27]
    [E:\DOCUME~1\tian\LOCALS~1\Temp\WanPacket.dll]  [CACE Technologies, 3, 1, 0, 27]
    [E:\DOCUME~1\tian\LOCALS~1\Temp\NPPTools.dll]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 2032][E:\WINDOWS\system32\conime.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 392][E:\WINDOWS\system32\nvsvc32.exe]  [NVIDIA Corporation, 6.14.10.5303]
[PID: 2004][E:\WINDOWS\system32\wscntfy.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 112][E:\WINDOWS\System32\alg.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 676][E:\Program Files\Thunder Network\WebThunder\WebThunder.exe]  [深圳市迅雷网络技术有限公司, 1, 6, 0, 87]
    [E:\Program Files\Thunder Network\WebThunder\taskmanage.dll]  [Thunder Networking Technologies,LTD, 1, 6, 0, 87]
    [E:\Program Files\Thunder Network\WebThunder\download_interface.dll]  [Thunder Networking Technologies,LTD, 2, 12, 3, 46]
    [E:\Program Files\Thunder Network\WebThunder\asyn_dns.dll]  [Thunder Networking Technologies,LTD, 2, 12, 3, 46]
    [E:\Program Files\Thunder Network\WebThunder\RegisterDll.dll]  [Thunder Networking Technologies,LTD, 2, 2, 1, 43]
    [E:\Program Files\Thunder Network\WebThunder\historyinfo_manage.dll]  [Thunder Networking Technologies,LTD, 5, 3, 0, 228]
    [E:\Program Files\Thunder Network\WebThunder\iEmbedShell.dll]  [ , 1, 0, 0, 14]
    [E:\Program Files\Thunder Network\WebThunder\iEmbed07.dll]  [ , 3, 1, 0, 58]
    [E:\WINDOWS\system32\msacm32.drv]  [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)]
    [E:\WINDOWS\system32\Macromed\Flash\Flash9b.ocx]  [Adobe Systems, Inc., 9,0,28,0]
[PID: 3484][E:\Program Files\Nero\Nero 7\Nero Vision\NeroVision.exe]  [Nero AG, 4,0,0,1]
    [E:\Program Files\Nero\Nero 7\Nero Vision\HDCC.dll]  [Ahead Software AG
Karlsbad
Germany
Phone: ++49-7248-911-800
Fax: ++49-7248-911-888
e-mail: inf, 5, 9, 9, 6]
gototop
 
天子疯Oo
头像
初生襁褓狮
  • 帖子:3
  • 注册: 2007-04-01
  • 来自:
发表于: 2007-04-01 05:30 | 只看楼主 短消息 资料
字号: 3楼

[E:\Program Files\Nero\Nero 7\Nero Vision\GCLib.dll]  [Nero AG, 4,0,0,1]
    [E:\Program Files\Nero\Nero 7\Nero Vision\GCCore.dll]  [Nero AG, 4,0,0,1]
    [E:\Program Files\Nero\Nero 7\Nero Vision\MSVCP71.dll]  [Microsoft Corporation, 7.10.3077.0]
    [E:\Program Files\Nero\Nero 7\Nero Vision\MSVCR71.dll]  [Microsoft Corporation, 7.10.3052.4]
    [E:\Program Files\Nero\Nero 7\Nero Vision\AMCDocBase.dll]  [Nero AG, 4,0,0,1]
    [E:\Program Files\Nero\Nero 7\Nero Vision\MMTools.dll]  [Nero AG, 4,0,0,1]
    [E:\Program Files\Nero\Nero 7\Nero Vision\GDIPainter.dll]  [Nero AG, 4,0,0,1]
    [E:\Program Files\Nero\Nero 7\Nero Vision\AMCLib.dll]  [Nero AG, 4,0,0,1]
    [E:\Program Files\Nero\Nero 7\Nero Vision\AMCDOM.dll]  [Nero AG, 4,0,0,1]
    [E:\Program Files\Nero\Nero 7\Nero Vision\AMCUIBase.dll]  [Nero AG, 4,0,0,1]
    [E:\Program Files\Nero\Nero 7\Nero Vision\AMCUIBase-CHS.NLS]  [Nero AG, 4,0,0,1]
    [E:\Program Files\Nero\Nero 7\Nero Vision\NeroVision-CHS.NLS]  [Nero AG, 4,0,0,1]
    [E:\WINDOWS\system32\imagXpr7.dll]  [Pegasus Imaging Corp., 7.0.46.0]
    [E:\WINDOWS\system32\ImagX7.dll]  [Pegasus Imaging Corp., 7.0.46.0]
    [E:\WINDOWS\system32\ImagXR7.dll]  [Pegasus Imaging Corp., 7.0.476.0]
    [E:\Program Files\Nero\Nero 7\Nero Vision\GCFX.DLL]  [Nero AG, 4,0,0,1]
    [E:\Program Files\Nero\Nero 7\Nero Vision\GCFX-CHS.NLS]  [Nero AG, 4,0,0,1]
    [E:\Program Files\Nero\Nero 7\Nero Vision\NeVideoFX.dll]  [Ahead Software AG, 1, 1, 0, 865]
    [E:\Program Files\Nero\Nero 7\Nero Vision\NeVideoFX-Chs.nls]  [Nero AG, 4,0,0,1]
    [E:\Program Files\Nero\Nero 7\Nero Vision\NeVideoFX.bitmaps]  [Ahead Software, 1, 0, 0, 3]
    [E:\Program Files\Nero\Nero 7\Nero Vision\NeVideoFXW.dll]  [Ahead Software AG
Karlsbad
Germany
Phone: +49-7248-911-800
Fax: +49-7248-911-888
e-mail: info@, 1, 0, 1, 12]
    [E:\Program Files\Nero\Nero 7\Nero Vision\NeVideoFXW-Chs.nls]  [Ahead Software AG
Karlsbad
Germany
Phone: +49-7248-911-800
Fax: +49-7248-911-888
e-mail: info@, 1, 0, 1, 12]
    [E:\Program Files\Common Files\Ahead\lib\AdvrCntr2.dll]  [Nero AG, 2,0,0, 3021]
    [E:\Program Files\Common Files\Ahead\lib\ShellManager.dll]  [Nero AG, 0.9.0.9]
    [E:\Program Files\Common Files\Ahead\lib\GCHW.dll]  [Nero AG, 3,9,0,11]
    [E:\WINDOWS\system32\msdmo.dll]  [, ]
    [E:\WINDOWS\system32\msacm32.drv]  [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)]
    [E:\Program Files\Nero\Nero 7\Core\NeroAPI.dll]  [Nero AG, 7, 0, 0, 0]
    [E:\Program Files\Nero\Nero 7\Core\ISOFS.dll]  [Nero AG, 7, 0, 0, 0]
    [E:\Program Files\Nero\Nero 7\Core\CDCopy.dll]  [Nero AG, 7, 0, 0, 0]
    [E:\Program Files\Nero\Nero 7\Core\newtrf.dll]  [Nero AG, 7, 0, 0, 0]
    [E:\Program Files\Nero\Nero 7\Core\NeroErr.dll]  [Nero AG, 7, 0, 0, 0]
    [E:\WINDOWS\system32\MFC71.DLL]  [Microsoft Corporation, 7.10.3077.0]
    [E:\Program Files\Nero\Nero 7\Core\NeRSDB.dll]  [Nero AG, 2, 0, 2, 13]
    [E:\Program Files\Nero\Nero 7\Core\image.dll]  [Nero AG, 7, 0, 0, 0]
    [E:\Program Files\Common Files\Ahead\lib\DriveLocker.dll]  [Ahead Software AG, 1, 0, 0, 17]
    [E:\Program Files\Nero\Nero 7\Core\MMC.DLL]  [Nero AG, 7, 0, 0, 0]
    [E:\Program Files\Nero\Nero 7\Nero Vision\ExpressUI.dll]  [Nero AG, 4,0,0,1]
    [E:\Program Files\Nero\Nero 7\Nero Vision\GCHWCfg.dll]  [Nero AG, 4,0,0,1]
    [E:\Program Files\Nero\Nero 7\Nero Vision\GCLocale.dll]  [Nero AG, 4,0,0,1]
    [E:\Program Files\Nero\Nero 7\Nero Vision\GCLocale-CHS.NLS]  [Nero AG, 4,0,0,1]
    [E:\Program Files\Nero\Nero 7\Nero Vision\GCHWCfg-CHS.NLS]  [Nero AG, 4,0,0,1]
    [E:\Program Files\Nero\Nero 7\Nero Vision\ExpressUI-CHS.NLS]  [Nero AG, 4,0,0,1]
    [E:\Program Files\Nero\Nero 7\Nero Vision\ExpressDoc.dll]  [Nero AG, 4,0,0,1]
    [E:\Program Files\Nero\Nero 7\Nero Vision\DVDUI.dll]  [Nero AG, 4,0,0,1]
    [E:\Program Files\Nero\Nero 7\Nero Vision\DVDUI-CHS.NLS]  [Nero AG, 4,0,0,1]
    [E:\Program Files\Nero\Nero 7\Nero Vision\DVDDoc.dll]  [Nero AG, 4,0,0,1]
    [E:\Program Files\Common Files\Ahead\lib\NeroFileDialog.dll]  [Nero AG, 1, 0, 0, 1]
    [E:\Program Files\Common Files\Ahead\lib\MFC71U.DLL]  [Microsoft Corporation, 7.10.3077.0]
    [E:\Program Files\Common Files\Ahead\lib\BCGCBPRO730u.dll]  [BCGSoft Ltd, 7, 30, 0, 0]
    [E:\Program Files\Common Files\Ahead\lib\MediaLibraryNSE.dll]  [Nero AG, 1, 0, 0, 1]
    [E:\Program Files\Common Files\Ahead\lib\NeroSearch.dll]  [Nero AG, 1, 0, 0, 1]
    [E:\Program Files\Common Files\Ahead\lib\NMSearch.dll]  [Nero AG, 1, 0, 0, 1]
    [E:\Program Files\Common Files\Ahead\lib\GCCapture.ax]  [Nero AG, 4,0,0,1]
    [E:\Program Files\Nero\Nero 7\Nero Vision\GCFilter.ax]  [Nero AG, 4,0,0,1]
    [E:\Program Files\Common Files\Ahead\DSFilter\NeVideo.ax]  [Nero AG, 4, 2, 0, 27f]
    [E:\Program Files\Common Files\Ahead\DSFilter\NeVideoAnalyzer.ax]  [Nero AG, 4, 2, 0, 27f]
    [E:\Program Files\Common Files\Ahead\DSFilter\NeSplitter.ax]  [Nero AG, 4, 2, 0, 27f]
    [E:\WINDOWS\system32\ffdshow.ax]  [, 1.0.2.2028]
    [E:\Program Files\Ringz Studio\Storm Codec\Codecs\VSFilter.dll]  [Gabest, 1, 0, 1, 3]
    [E:\Program Files\Ringz Studio\Storm Codec\Codecs\TTL2Dec.dll]  [N/A, ]
    [E:\Program Files\Common Files\Ahead\DSFilter\NeResize.ax]  [Nero AG, 4, 2, 0, 27f]
    [E:\Program Files\Common Files\Ahead\DSFilter\NeroVideoProc.ax]  [Nero AG, 4, 2, 0, 27f]
    [E:\Program Files\Common Files\Ahead\DSFilter\NeroFormatConv.ax]  [Nero AG, 4, 2, 0, 27f]
    [E:\Program Files\Ringz Studio\Storm Codec\Codecs\splitter.ax]  [, 1.6.338.23]
    [E:\Program Files\Ringz Studio\Storm Codec\Codecs\mkzlib.dll]  [N/A, ]
    [E:\Program Files\Ringz Studio\Storm Codec\Codecs\mkunicode.dll]  [N/A, ]
    [E:\Program Files\Ringz Studio\Storm Codec\Codecs\mkx.dll]  [N/A, ]
    [E:\Program Files\Ringz Studio\Storm Codec\Codecs\mp4.dll]  [N/A, ]
    [E:\Program Files\Nero\Nero 7\Nero Vision\DVDEngine.dll]  [Nero AG, 3, 9, 0, 41]
    [E:\Program Files\Nero\Nero 7\Nero Vision\NeroMediaCon.DLL]  [Nero AG, 4, 2, 0, 27f]
    [E:\Program Files\Common Files\Ahead\DSFilter\NeAudioConv.ax]  [Nero AG, 4, 2, 0, 27f]
    [E:\Program Files\KuGoo3\kgmpg.dll]  [ , 1, 0, 4, 1]
    [E:\Program Files\Nero\Nero 7\Nero Vision\em2v.dll]  [Nero AG, 4, 2, 0, 27f]
    [E:\Program Files\Nero\Nero 7\Nero Vision\NeAcEnc.dll]  [Nero AG, 4, 2, 0, 27f]
    [E:\Program Files\Common Files\Ahead\DSFilter\NeAudio.ax]  [Nero AG, 4, 2, 0, 27f]
    [E:\Program Files\Common Files\Ahead\Lib\NeroIPP.dll]  [Nero AG, 4, 2, 0, 27f]
[PID: 2864][C:\TDdownload\USBCleaner6.0\usbmon.exe]  [zju, 1.00]
    [E:\WINDOWS\system32\MSVBVM60.DLL]  [Microsoft Corporation, 6.00.9690]
[PID: 2436][E:\WINDOWS\explorer.exe]  [Microsoft Corporation, 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)]
    [E:\WINDOWS\system32\msacm32.drv]  [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)]
    [E:\Program Files\Common Files\Ahead\lib\NeroDigitalExt.dll]  [Nero AG, 2, 0, 0, 7]
    [E:\Program Files\Common Files\Ahead\lib\MFC71.DLL]  [Microsoft Corporation, 7.10.3077.0]
    [E:\Program Files\Common Files\Ahead\lib\MSVCR71.dll]  [Microsoft Corporation, 7.10.3052.4]
    [E:\Program Files\Common Files\Ahead\lib\MSVCP71.dll]  [Microsoft Corporation, 7.10.3077.0]
    [E:\WINDOWS\system32\nvshell.dll]  [NVIDIA Corporation, 6.14.10.5303]
    [E:\WINDOWS\system32\NVWRSZHC.DLL]  [NVIDIA Corporation, 6.14.10.5303]
    [E:\Program Files\Thunder Network\WebThunder\WebThunderBHO_016.dll]  [Thunder Networking Technologies,LTD, 6, 0, 0, 5]
    [E:\Program Files\WinRAR\rarext.dll]  [N/A, ]
[PID: 164][E:\Program Files\Internet Explorer\iexplore.exe]  [Microsoft Corporation, 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)]
    [E:\Program Files\Thunder Network\WebThunder\WebThunderBHO_016.dll]  [Thunder Networking Technologies,LTD, 6, 0, 0, 5]
    [E:\WINDOWS\system32\msacm32.drv]  [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)]
    [E:\WINDOWS\system32\Macromed\Flash\Flash9b.ocx]  [Adobe Systems, Inc., 9,0,28,0]
[PID: 1648][E:\Program Files\Internet Explorer\IEXPLORE.EXE]  [Microsoft Corporation, 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)]
    [E:\Program Files\Thunder Network\WebThunder\WebThunderBHO_016.dll]  [Thunder Networking Technologies,LTD, 6, 0, 0, 5]
    [E:\WINDOWS\system32\msacm32.drv]  [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)]
    [E:\WINDOWS\system32\Macromed\Flash\Flash9b.ocx]  [Adobe Systems, Inc., 9,0,28,0]
[PID: 2756][E:\DOCUME~1\tian\LOCALS~1\Temp\041865.exe]  [北京江民新科技术有限公司, 4, 0, 7, 124]
[PID: 232][C:\TDdownload\SREng.EXE]  [Smallfrogs Studio, 2.4.12.806]
    [C:\TDdownload\Plugins\NWMON.SRE]  [Smallfrogs Studio, 1, 0, 0, 8]
gototop
 
kakak33
头像
初生襁褓狮
  • 帖子:2
  • 注册: 2007-05-06
  • 来自:
发表于: 2007-05-06 08:51 | 短消息 资料
字号: 4楼

样本在哪儿
gototop
 
kakak33
头像
初生襁褓狮
  • 帖子:2
  • 注册: 2007-05-06
  • 来自:
发表于: 2007-05-06 08:53 | 短消息 资料
字号: 5楼

样本在哪儿
gototop
 
<<上一主题|下一主题>>
1   1  /  1  页   跳转
页面顶部
Powered by Discuz!NT