真诚求助:Trojan.dropper(bind_40055.exe),附杀毒间10余种其它毒查杀过程 bbs.ikaka.com

helloxp - 2006-10-20 10:51:00

症状：无论上何网，过一会Symentec ver.10便跳出感染了Trojan.dropper木马病毒，并在temp和Internet temporary里生成bind_40055.exe文件（如图所示），接下来symentec显示已清除，并且我几次启动至安全模式，将有bind_40055.exe的文件夹全删除，但重新启动后，有几次还未上网，就会跳出同样的问题，一上网又会跳出，有好几次死机显示蓝屏，实在是烦得很，最后附有SREN的报告，下面是我这两天杀毒的艰苦历程，期间杀了不下10种毒或恶意软件，其中心得对大家可能有用，但就是这个找不到原因，而且会不断有新的恶意插件被安装，可能和这个有关，另外现在上网后，进程里显示的是大写的IEXPLORE.EXE(以前都是小写的)，但数量和用户都是正常的，搜了一下，也是在正常的Internet explore的目录下，但总觉怪怪的，文章有点长，但碰到的东西比较典型，忘高手仔细分析并赐教。

起因：公司杀毒软件升级，由Symantec Ver.8升到Ver.10,但可能病毒安装公司水平不够，并未先将服务器上病毒杀除，当电脑一连到公司的局域网上，立刻遭受病毒袭击。

1. 其先我并未在公司，所以开始并未升级，联网后Symantec Ver.8显示中了infosteal木马病毒，但无法删除病毒程序，后由本人花了一上午时间，经SRE2分析，终于找到元凶mywow.dll和mywl.dll文件，重起至安全模式，除清。
2.午饭后，原以为可安心工作，上网查资料，立刻遭受Downloader木马病毒和QQ木马病毒（我重未使用过QQ），但由Symentec Ver.8检出并杀除。
3.随连到公司系统上，立刻Symentec Ver.8显示中了W32.looked.p蠕虫病毒，在杀病毒同时将本机公司系统.exe文件删除，此时公司请的维护公司正在公司，立刻连到公司服务器上，将Symentec升级至ver.10，但实际服务器上病毒泛滥，Symentec早就感染了病毒，本机升级后查出很多.exe文件被W32.Looked.P感染，而且不能清除，Symentec只能通过删除文件来杀毒，但因已被感染，查到一半便查不下去，后连着两天由杀毒公司重新安装，所有电脑隔离杀毒终于基本杀清。
4.正以为可舒一口气时，试一下上网，先是跳出CNNIC恶意软件安装，好不容易卸载，又跳出百度超级搜霸强行安装，不过这些还算简单，一一搞定
5.又上网试了一会，Symentec便跳出感染了Trojan.dropper木马病毒，具体如开头所示，期间我查了很多网站，又仔细分析了进程，同样用了HiJack和SREN2，又发现了1）.IEHelper_5048.dll(就是怎样删也删不掉，最后看了瑞星的推荐用权限控制终于删掉，并将regedit里的相关也删了，不过不知为什么SREN里还是显示有)
2). <DTService><rundll32.exe C:\WINDOWS\system32\soundmix.dll,Load>非法进程，手工删除
3).<C:\WINDOWS\SYSTEM32\RUNDLL.EXEC:\WINDOWS\SYSTEM32\WBEM\AZDUKE38.DLL,Export 1087非法进程，手工删除
4). <C:\WINDOWS\system32\clipsvr.exe及powermrng.exe非法进程（就是不论用什么搜索都会跳到Yahoo搜索），手工删除
5).写这段文字的时候，刚刚在网上想找一下方法，但又中了HENBANG的强行安装，所以SREN里会有，但我想这应该不是bind_40055.
6).SREN里还有一些可疑项目，如
[OMEY / OMEY]
<C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\OMEY.exe><N/A>，但搜了一遍并未发现

好像这次中了病毒后，机器特别容易中各种恶意插件和木马病毒，不知为什么，我的是正版的XP HOME版，基本该升级的都升了，而且这次之前，就是有一些恶意插件也会被microsoft defender和Symentec档掉，但不知为何升级了反而防护能力差了。基本上这两天就是这些，虽然杀的辛苦，但也学了不少东西，

附件: 77028520061020104242.png

helloxp - 2006-10-20 10:53:00

2006-10-19,21:13:26

System Repair Engineer 2.2.6.605

Windows XP Home Edition Service Pack 2 (Build 2600)
- 管理权限用户 - 完整功能

启动项目
注册表
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
<ctfmon.exe><C:\WINDOWS\system32\ctfmon.exe> [(Verified)Microsoft Corporation]
<swg><C:\Program Files\Google\GoogleToolbarNotifier\1.0.720.4156\GoogleToolbarNotifier.exe> [(Verified)Google Inc.]
[HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows]
<load><> [N/A]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
<IMJPMIG8.1><"C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32> [(Verified)Microsoft Corporation]
<IgfxTray><C:\WINDOWS\system32\igfxtray.exe> [(Verified)Intel Corporation]
<HotKeysCmds><C:\WINDOWS\system32\hkcmd.exe> [(Verified)Intel Corporation]
<IMSCMig><C:\PROGRA~1\COMMON~1\MICROS~1\IME\IMSC40A\IMSCMIG.EXE /Preload> [(Verified)Microsoft Corporation]
<Windows Defender><"C:\Program Files\Windows Defender\MSASCui.exe" -hide> [(Verified)Microsoft Corporation]
<PHIME2002ASync><C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE /SYNC> [(Verified)Microsoft Corporation]
<PHIME2002A><C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE /IMEName> [(Verified)Microsoft Corporation]
<KernelFaultCheck><%systemroot%\system32\dumprep 0 -k> [N/A]
<ccApp><"C:\Program Files\Common Files\Symantec Shared\ccApp.exe"> [(Verified)Symantec Corporation]
<vptray><C:\PROGRA~1\SYMANT~2\VPTray.exe> [(Verified)Symantec Corporation]
<MSConfig><C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto> [(Verified)Microsoft Corporation]
<RichMedia><C:\WINDOWS\system32\Rundll32.exe "C:\PROGRA~1\pcast\hbcast.dll",WaitWindows> [Shanghai Henbang Technology Co., Ltd]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run]
<DTService><rundll32.exe C:\WINDOWS\system32\soundmix.dll,Load> []
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
<shell><Explorer.exe> [(Verified)Microsoft Corporation]
<Userinit><C:\WINDOWS\system32\userinit.exe,> [(Verified)Microsoft Corporation]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Windows]
<AppInit_DLLs><> [N/A]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
<UIHost><logonui.exe> [(Verified)Microsoft Corporation]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
<{091EB208-39DD-417D-A5DD-7E2C2D8FB9CB}><C:\PROGRA~1\WIFD1F~1\MpShHook.dll> [(Verified)Microsoft Corporation]
<{56F9679E-7826-4C84-81F3-532071A8BCC5}><C:\Program Files\Windows Desktop Search\MSNLNamespaceMgr.dll> [Microsoft Corporation]

==================================
启动文件夹
[FTP Utility]
<C:\Documents and Settings\All Users\「开始」菜单\程序\启动\FTP Utility.lnk --> C:\PROGRA~1\KONICA~1\FTPUTI~1\KMFtp.exe [KONICA MINOLTA BUSINESS TECHNOLOGIES, INC.]><N>

==================================
服务
[Application Management / AppMgmt]
<C:\WINDOWS\system32\svchost.exe -k netsvcs-->%SystemRoot%\System32\appmgmts.dll><N/A>
[NT Data Provider / BUZOR]
<C:\WINDOWS\SYSTEM32\RUNDLL.EXE C:\WINDOWS\SYSTEM32\WBEM\AZDUKE38.DLL,Export 1087><Microsoft Corporation>
[Symantec Event Manager / ccEvtMgr]
<"C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe"><Symantec Corporation>
[Symantec Settings Manager / ccSetMgr]
<"C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe"><Symantec Corporation>
[ClipBook / ClipBook]
<C:\WINDOWS\system32\clipsvr.exe><N/A>
[Symantec AntiVirus Definition Watcher / DefWatch]
<"C:\Program Files\Symantec AntiVirus\DefWatch.exe"><Symantec Corporation>
[EPSON Printer Status Agent2 / EPSONStatusAgent2]
<C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe><SEIKO EPSON CORPORATION>
[SVCHOST.EXE / Event Log]
<><N/A>
[Human Interface Device Access / HidServ]
<C:\WINDOWS\System32\svchost.exe -k netsvcs-->%SystemRoot%\System32\hidserv.dll><N/A>
[InstallDriver Table Manager / IDriverT]
<"C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe"><Macrovision Corporation>
[Windows Gateway / Indtry]
<C:\WINDOWS\System32\svchost.exe -k netsvcs-->C:\WINDOWS\system32\ovioxt90.dll><Microsoft Corporation>
[Microsoft Digital Identity Service / InfoCard Service]
<><N/A>
[Indigo Tcp Port Sharing Service / itcppss]
<><N/A>
[LiveUpdate / LiveUpdate]
<"C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE"><Symantec Corporation>
[Machine Debug Manager / MDM]
<><N/A>
[Intel NCS NetService / NetSvc]
<C:\Program Files\Intel\NCS\Sync\NetSvc.exe><Intel(R) Corporation>
[OMEY / OMEY]
<C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\OMEY.exe><N/A>
[RegSrvc / RegSrvc]
<C:\WINDOWS\System32\RegSrvc.exe><Intel Corporation>
[Spectrum24 Event Monitor / S24EventMonitor]
<C:\WINDOWS\System32\S24EvMon.exe><Intel Corporation>
[SavRoam / SavRoam]
<"C:\Program Files\Symantec AntiVirus\SavRoam.exe"><symantec>
[Symantec Network Drivers Service / SNDSrvc]
<"C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe"><Symantec Corporation>
[Symantec SPBBCSvc / SPBBCSvc]
<"C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe"><Symantec Corporation>
[Symantec AntiVirus / Symantec AntiVirus]
<"C:\Program Files\Symantec AntiVirus\Rtvscan.exe"><Symantec Corporation>
==================================

helloxp - 2006-10-20 10:55:00

浏览器加载项
[]
{16B770A0-0E87-4278-B748-2460D64A8386} <C:\Documents and Settings\All Users\Application Data\Microsoft\UserData\IEHelper_5048.dll, N/A>
[Google Toolbar Helper]
{AA58ED58-01DD-4d91-8333-CF10577473F7} <c:\program files\google\googletoolbar1.dll, Google Inc.>
[isObject Class]
{BE0B5843-553A-48C2-9A42-258A1D791AFC} <C:\PROGRA~1\pcast\hbcast.dll, Shanghai Henbang Technology Co., Ltd>
[Adobe PDF]
{47833539-D0C5-4125-9FA8-0819E2EAAC93} <C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll, N/A>
[&Google]
{2318C2B1-4965-11d4-9B18-009027A5CD4F} <c:\program files\google\googletoolbar1.dll, Google Inc.>
[Web Browser Applet Control]
{08B0E5C0-4FCB-11CF-AAA5-00401C608501} <C:\WINDOWS\System32\msjava.dll, N/A>
[]
{16B770A0-0E87-4278-B748-2460D64A8386} <C:\Documents and Settings\All Users\Application Data\Microsoft\UserData\IEHelper_5048.dll, N/A>
[&Google]
{2318C2B1-4965-11D4-9B18-009027A5CD4F} <c:\program files\google\googletoolbar1.dll, Google Inc.>
[Adobe PDF]
{47833539-D0C5-4125-9FA8-0819E2EAAC93} <C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll, N/A>
[Windows Desktop Search Combo Control]
{4E430174-1673-4FF3-BF28-A3B37F6573E7} <C:\Program Files\Windows Desktop Search\wdsShell.dll, Microsoft Corporation>
[Google Toolbar Helper]
{AA58ED58-01DD-4D91-8333-CF10577473F7} <c:\program files\google\googletoolbar1.dll, Google Inc.>
[Shockwave Flash Object]
{D27CDB6E-AE6D-11CF-96B8-444553540000} <C:\WINDOWS\system32\Macromed\Flash\Flash8a.ocx, Macromedia, Inc.>
[&Windows Live Search]
<res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm, N/A>
[Open in new background tab]
<res://C:\Program Files\Windows Live Toolbar\Components\en-us\msntabres.dll.mui/229?2bcb1bd3e1154a12ac2c4faec1cfd712, N/A>
[Open in new foreground tab]
<res://C:\Program Files\Windows Live Toolbar\Components\en-us\msntabres.dll.mui/230?2bcb1bd3e1154a12ac2c4faec1cfd712, N/A>
[使用网际快车下载]
<, N/A>
[使用网际快车下载全部链接]
<, N/A>
[导出到 Microsoft Excel(&x)]
<res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000, N/A>
[导出到 Microsoft Office Excel(&X)]
<res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000, N/A>

==================================
正在运行的进程
[PID: 976][\SystemRoot\System32\smss.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 1316][\??\C:\WINDOWS\system32\csrss.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 1628][\??\C:\WINDOWS\system32\winlogon.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 2004][C:\WINDOWS\system32\services.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 2016][C:\WINDOWS\system32\lsass.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 956][C:\WINDOWS\system32\svchost.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 1272][C:\WINDOWS\system32\svchost.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 1452][C:\Program Files\Windows Defender\MsMpEng.exe] [Microsoft Corporation, 1.1.1347.0]
[PID: 1812][C:\WINDOWS\System32\svchost.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 236][C:\WINDOWS\System32\S24EvMon.exe] [Intel Corporation , 4, 1, 0, 3]
[PID: 476][C:\WINDOWS\System32\svchost.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 832][C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe] [Symantec Corporation, 104.0.7.3]
[C:\Program Files\Common Files\Symantec Shared\ccL40.dll] [Symantec Corporation, 104.0.7.3]
[C:\Program Files\Common Files\Symantec Shared\ccVrTrst.dll] [Symantec Corporation, 104.0.7.3]
[C:\Program Files\Common Files\Symantec Shared\ccSetEvt.dll] [Symantec Corporation, 104.0.7.3]
[PID: 868][C:\WINDOWS\Explorer.EXE] [Microsoft Corporation, 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)]
[C:\WINDOWS\system32\soundmix.dll] [, 1, 4, 0, 0]
[C:\WINDOWS\system32\ext\dtdl.dll] [N/A, N/A]
[C:\WINDOWS\system32\ext\dtsm.dll] [N/A, N/A]
[C:\Program Files\Common Files\Symantec Shared\SSC\vpshell2.dll] [Symantec Corporation, 10.1.0.394]
[C:\Program Files\WinRAR\rarext.dll] [N/A, N/A]
[C:\Program Files\Adobe\Acrobat 7.0\ActiveX\PDFShell.dll] [Adobe Systems, Inc., 7.0.0.0]

helloxp - 2006-10-20 10:55:00

[C:\Program Files\Nokia\Nokia PC Suite 6\PhoneBrowser.dll] [Nokia, 6, 70, 24, 4]
[C:\Program Files\Nokia\Nokia PC Suite 6\PCSCM.dll] [Nokia, 6, 70, 58, 3]
[C:\WINDOWS\system32\ConnAPI.DLL] [Nokia., 6, 70, 39, 5]
[C:\Program Files\Nokia\Nokia PC Suite 6\Lang\PhoneBrowser_chi-sc.nlr] [Nokia, 6, 70, 7, 1]
[C:\Program Files\Nokia\Nokia PC Suite 6\Resource\PhoneBrowser_Nokia.ngr] [Nokia, 6, 70, 7, 0]
[PID: 1604][C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe] [Symantec Corporation, 104.0.7.3]
[C:\Program Files\Common Files\Symantec Shared\ccL40.dll] [Symantec Corporation, 104.0.7.3]
[C:\Program Files\Common Files\Symantec Shared\ccVrTrst.dll] [Symantec Corporation, 104.0.7.3]
[C:\Program Files\Common Files\Symantec Shared\ccSet.dll] [Symantec Corporation, 104.0.7.3]
[C:\PROGRA~1\COMMON~1\SYMANT~1\SPBBC\SPBBCEVT.DLL] [Symantec Corporation, 2.2.0.5]
[C:\PROGRA~1\COMMON~1\SYMANT~1\CCSETEVT.DLL] [Symantec Corporation, 104.0.7.3]
[PID: 356][C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe] [Symantec Corporation, 2.2.0.5]
[C:\Program Files\Common Files\Symantec Shared\ccVrTrst.dll] [Symantec Corporation, 104.0.7.3]
[C:\Program Files\Common Files\Symantec Shared\ccL40.dll] [Symantec Corporation, 104.0.7.3]
[C:\Program Files\Common Files\Symantec Shared\ccSet.dll] [Symantec Corporation, 104.0.7.3]
[C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCEvt.dll] [Symantec Corporation, 2.2.0.5]
[C:\Program Files\Common Files\Symantec Shared\SPBBC\bbRGen.dll] [Symantec Corporation, 2.2.0.5]
[PID: 460][C:\WINDOWS\system32\spoolsv.exe] [Microsoft Corporation, 5.1.2600.2696 (xpsp_sp2_gdr.050610-1519)]
[C:\WINDOWS\System32\AdobePDF.dll] [Adobe Systems Incorporated., 6.0.000]
[C:\Program Files\Adobe\Acrobat 6.0\Distillr\adistres.dll] [Adobe Systems Incorporated., 6.0.0.2003051500]
[C:\WINDOWS\system32\E_SL2311.DLL] [SEIKO EPSON CORPORATION, 2, 11, 0, 0]
[C:\WINDOWS\System32\spool\PRTPROCS\W32X86\FSPPMFP.DLL] [N/A, 1, 0, 0, 0]
[PID: 936][C:\Program Files\Symantec AntiVirus\DefWatch.exe] [Symantec Corporation, 10.1.0.394]
[C:\Program Files\Common Files\Symantec Shared\ccL40.dll] [Symantec Corporation, 104.0.7.3]
[PID: 1116][C:\WINDOWS\System32\RegSrvc.exe] [Intel Corporation, 4, 1, 0, 0]
[PID: 816][C:\Program Files\Symantec AntiVirus\SavRoam.exe] [symantec, 10.1.0.394]
[C:\Program Files\Common Files\Symantec Shared\SSC\Transman.dll] [Symantec Corporation, 10.1.0.394]
[C:\WINDOWS\system32\CBA.DLL] [LANDesk Software Ltd., 6.12.0.142 E]
[C:\WINDOWS\system32\MsgSys.dll] [LANDesk Software Ltd., 6.12.0.142 E]
[C:\WINDOWS\system32\NTS.dll] [LANDesk Software Ltd., 6.12.0.142 E]
[C:\WINDOWS\system32\PDS.DLL] [LANDesk Software Ltd., 6.12.0.142 E]
[c:\program files\common files\symantec shared\ssc\ScsComms.dll] [Symantec Corporation, 10.1.0.394]
[PID: 780][C:\WINDOWS\System32\tcpsvcs.exe] [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)]
[PID: 824][C:\WINDOWS\System32\snmp.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 844][C:\WINDOWS\System32\svchost.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 884][C:\Program Files\Symantec AntiVirus\Rtvscan.exe] [Symantec Corporation, 10.1.0.394]
[C:\WINDOWS\system32\CBA.DLL] [LANDesk Software Ltd., 6.12.0.142 E]
[C:\WINDOWS\system32\MsgSys.dll] [LANDesk Software Ltd., 6.12.0.142 E]
[C:\WINDOWS\system32\NTS.dll] [LANDesk Software Ltd., 6.12.0.142 E]
[C:\WINDOWS\system32\PDS.DLL] [LANDesk Software Ltd., 6.12.0.142 E]
[C:\Program Files\Symantec AntiVirus\NAVLU.dll] [Symantec Corporation, 10.1.0.394]
[C:\Program Files\Common Files\Symantec Shared\ccL40.dll] [Symantec Corporation, 104.0.7.3]
[C:\Program Files\Symantec AntiVirus\NAVNTUTL.DLL] [Symantec Corporation, 10.1.0.394]
[c:\program files\common files\symantec shared\ssc\ScsComms.dll] [Symantec Corporation, 10.1.0.394]
[C:\Program Files\Symantec AntiVirus\I2ldvp3.dll] [Symantec Corporation, 10.1.0.394]
[C:\Program Files\Common Files\Symantec Shared\ccVrTrst.dll] [Symantec Corporation, 104.0.7.3]
[C:\Program Files\Common Files\Symantec Shared\ccDec.dll] [Symantec Corporation, 104.0.7.3]
[C:\Program Files\Common Files\Symantec Shared\Decomposers\decsdk.dll] [Symantec Corporation, 3.02.14.08]
[C:\Program Files\Common Files\Symantec Shared\Decomposers\Dec2.dll] [Symantec Corporation, 3.02.14.08]
[C:\Program Files\Common Files\Symantec Shared\Decomposers\Dec2ID.dll] [Symantec Corporation, 3.02.14.08]
[C:\Program Files\Common Files\Symantec Shared\Decomposers\Dec2Zip.dll] [Symantec Corporation, 3.02.14.08]
[C:\Program Files\Common Files\Symantec Shared\Decomposers\Dec2SS.dll] [Symantec Corporation, 3.02.14.08]
[C:\Program Files\Common Files\Symantec Shared\Decomposers\Dec2GZIP.dll] [Symantec Corporation, 3.02.14.08]

helloxp - 2006-10-20 10:57:00

[C:\Program Files\Common Files\Symantec Shared\Decomposers\Dec2CAB.dll] [Symantec Corporation, 3.02.14.08]
[C:\Program Files\Common Files\Symantec Shared\Decomposers\Dec2LHA.dll] [Symantec Corporation, 3.02.14.08]
[C:\Program Files\Common Files\Symantec Shared\Decomposers\Dec2ARJ.dll] [Symantec Corporation, 3.02.14.08]
[C:\Program Files\Common Files\Symantec Shared\Decomposers\Dec2TNEF.dll] [Symantec Corporation, 3.02.14.08]
[C:\Program Files\Common Files\Symantec Shared\Decomposers\Dec2LZ.dll] [Symantec Corporation, 3.02.14.08]
[C:\Program Files\Common Files\Symantec Shared\Decomposers\Dec2AMG.dll] [Symantec Corporation, 3.02.14.08]
[C:\Program Files\Common Files\Symantec Shared\Decomposers\Dec2RAR.dll] [Symantec Corporation, 3.02.14.08]
[C:\Program Files\Common Files\Symantec Shared\Decomposers\Dec2TAR.dll] [Symantec Corporation, 3.02.14.08]
[C:\Program Files\Common Files\Symantec Shared\Decomposers\Dec2RTF.dll] [Symantec Corporation, 3.02.14.08]
[C:\Program Files\Common Files\Symantec Shared\Decomposers\Dec2Text.dll] [Symantec Corporation, 3.02.14.08]
[C:\Program Files\Common Files\Symantec Shared\ccScan.dll] [Symantec Corporation, 104.0.7.3]
[C:\Program Files\Common Files\Symantec Shared\ecmldr32.DLL] [Symantec Corporation, 51.3.0.11]
[C:\PROGRA~1\COMMON~1\SYMANT~1\VIRUSD~1\20061018.039\ccEraser.dll] [Symantec Corporation, 106.3.0.29]
[C:\Program Files\Symantec AntiVirus\DefUtDCD.dll] [Symantec Corporation, 3.1.13a.0]
[C:\PROGRA~1\COMMON~1\SYMANT~1\VIRUSD~1\20061018.039\ecmsvr32.dll] [Symantec Corporation, 61.3.0.18]
[C:\PROGRA~1\COMMON~1\SYMANT~1\VIRUSD~1\20061018.039\NAVEX32a.DLL] [Symantec Corporation, 20061.3.0.12]
[C:\PROGRA~1\COMMON~1\SYMANT~1\VIRUSD~1\20061018.039\NAVENG32.DLL] [Symantec Corporation, 20061.3.0.12]
[C:\Program Files\Symantec AntiVirus\SAVRT32.DLL] [Symantec Corporation, 9.7.1.4]
[C:\Program Files\Symantec AntiVirus\IMail.dll] [Symantec Corporation, 10.1.0.394]
[C:\Program Files\Symantec AntiVirus\NotesExt.dll] [Symantec Corporation, 10.1.0.394]
[C:\Program Files\Symantec AntiVirus\vpmsece4.dll] [Symantec Corporation, 10.1.0.394]
[C:\Program Files\Symantec AntiVirus\SymProtectStorage.dll] [Symantec Corporation, 10.1.0.394]
[C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCEvt.dll] [Symantec Corporation, 2.2.0.5]
[C:\Program Files\Common Files\Symantec Shared\SSC\scandlgs.dll] [Symantec Corporation, 10.1.0.394]
[C:\Program Files\Symantec AntiVirus\Cliscan.dll] [Symantec Corporation, 10.1.0.394]
[C:\Program Files\Common Files\Symantec Shared\SSC\LDVPCtls.ocx] [Symantec Corporation, 10.1.0.394]
[PID: 304][C:\WINDOWS\System32\wdfmgr.exe] [Microsoft Corporation, 5.2.3790.1230 built by: DNSRV(bld4act)]
[PID: 1864][C:\WINDOWS\System32\alg.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 2652][C:\WINDOWS\system32\hkcmd.exe] [Intel Corporation, 3.0.0.3889]
[C:\WINDOWS\system32\hccutils.DLL] [Intel Corporation, 3.0.0.3889]
[C:\WINDOWS\system32\igfxdev.dll] [Intel Corporation, 3.0.0.3889]
[C:\WINDOWS\system32\igfxsrvc.dll] [Intel Corporation, 3.0.0.3889]
[C:\WINDOWS\system32\igfxres.dll] [Intel Corporation, 3.0.0.3889]
[C:\WINDOWS\system32\igfxhk.dll] [Intel Corporation, 3.0.0.3889]
[PID: 2912][C:\Program Files\Windows Defender\MSASCui.exe] [Microsoft Corporation, 1.1.1347.0]
[PID: 3364][C:\Program Files\Common Files\Symantec Shared\ccApp.exe] [Symantec Corporation, 104.0.7.3]
[C:\Program Files\Common Files\Symantec Shared\ccL40.dll] [Symantec Corporation, 104.0.7.3]
[C:\Program Files\Common Files\Symantec Shared\ccVrTrst.dll] [Symantec Corporation, 104.0.7.3]
[C:\PROGRA~1\COMMON~1\SYMANT~1\CCALERT.DLL] [Symantec Corporation, 104.0.7.3]
[C:\PROGRA~1\COMMON~1\SYMANT~1\CCEMLPXY.DLL] [Symantec Corporation, 104.0.7.3]
[C:\PROGRA~1\COMMON~1\SYMANT~1\rcEmlPxy.dll] [Symantec Corporation, 104.0.7.3]
[C:\Program Files\Common Files\Symantec Shared\ccSet.dll] [Symantec Corporation, 104.0.7.3]
[C:\WINDOWS\system32\SYMREDIR.DLL] [Symantec Corporation, 6.0.2.211]
[C:\Program Files\Common Files\Symantec Shared\ccSetEvt.dll] [Symantec Corporation, 104.0.7.3]
[C:\Program Files\Common Files\Symantec Shared\ccProSub.dll] [Symantec Corporation, 104.0.7.3]
[C:\Program Files\Symantec AntiVirus\SavEmail.dll] [Symantec Corporation, 10.1.0.394]
[PID: 3664][C:\PROGRA~1\SYMANT~2\VPTray.exe] [Symantec Corporation, 10.1.0.394]
[C:\Program Files\Common Files\Symantec Shared\ccL40.dll] [Symantec Corporation, 104.0.7.3]
[C:\Program Files\Symantec AntiVirus\SAVRT32.DLL] [Symantec Corporation, 9.7.1.4]
[C:\Program Files\Common Files\Symantec Shared\ccSetEvt.dll] [Symantec Corporation, 104.0.7.3]
[C:\Program Files\Common Files\Symantec Shared\ccVrTrst.dll] [Symantec Corporation, 104.0.7.3]
[C:\Program Files\Common Files\Symantec Shared\ccProSub.dll] [Symantec Corporation, 104.0.7.3]
[C:\Program Files\Common Files\Symantec Shared\ccAlert.dll] [Symantec Corporation, 104.0.7.3]
[C:\Program Files\Common Files\Symantec Shared\ccSet.dll] [Symantec Corporation, 104.0.7.3]
[C:\Program Files\Symantec AntiVirus\Cliproxy.dll] [Symantec Corporation, 10.1.0.394]
[C:\Program Files\Symantec AntiVirus\NAVNTUTL.DLL] [Symantec Corporation, 10.1.0.394]
[C:\Program Files\Symantec AntiVirus\Cliscan.dll] [Symantec Corporation, 10.1.0.394]
[PID: 1140][C:\WINDOWS\system32\ctfmon.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 2636][C:\Program Files\Google\GoogleToolbarNotifier\1.0.720.4156\GoogleToolbarNotifier.exe] [Google Inc., 1, 0, 720, 4156]
[C:\Program Files\Google\GoogleToolbarNotifier\1.0.720.4156\res_zh-CN.dll] [Google Inc., 1, 0, 720, 4156]
[C:\Program Files\Google\GoogleToolbarNotifier\1.0.720.4156\swg.dll] [Google Inc., 1, 0, 720, 4156]
[PID: 3860][C:\Program Files\KONICA MINOLTA\FTP Utility\KMFtp.exe] [KONICA MINOLTA BUSINESS TECHNOLOGIES, INC., 1, 0, 0, 0]
[C:\Program Files\KONICA MINOLTA\FTP Utility\KMFtpCM.dll] [KONICA MINOLTA BUSINESS TECHNOLOGIES, INC., 1, 0, 0, 0]
[C:\Program Files\KONICA MINOLTA\FTP Utility\KMFtpEV.dll] [KONICA MINOLTA BUSINESS TECHNOLOGIES, INC., 1, 0, 0, 0]
[C:\Program Files\KONICA MINOLTA\FTP Utility\KMFtpVR.dll] [KONICA MINOLTA BUSINESS TECHNOLOGIES, INC., 1, 0, 0, 0]
[C:\Program Files\KONICA MINOLTA\FTP Utility\KMFtpSN.dll] [KONICA MINOLTA BUSINESS TECHNOLOGIES, INC., 1, 0, 0, 0]
[C:\Program Files\KONICA MINOLTA\FTP Utility\KMFTPReg.dll] [KONICA MINOLTA BUSINESS TECHNOLOGIES, INC, 1, 0, 0, 0]
[PID: 340][C:\Program Files\Internet Explorer\iexplore.exe] [Microsoft Corporation, 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)]
[c:\program files\google\googletoolbar1.dll] [Google Inc., 4, 0, 1019, 9238]
[C:\WINDOWS\system32\Macromed\Flash\Flash8a.ocx] [Macromedia, Inc., 8,0,24,0]
[C:\WINDOWS\system32\Macromed\Common\SwSupport.dll] [Macromedia, Inc., 10.0.1r4]
[PID: 1744][c:\windows\pmsgr.exe] [Microsoft Corporation, 5.2.3790.1830]
[PID: 3272][C:\DOCUME~1\xy\LOCALS~1\Temp\Rar$EX03.166\SREng\SREng.exe]

==================================
Winsock 提供者
N/A

==================================
Autorun.inf
N/A

==================================
HOSTS 文件
127.0.0.1 localhost

==================================

瑞星卡卡安全论坛