【讨论】老弹出网页日志 bbs.ikaka.com

有问请答复 - 2006-11-21 8:40:00

HijackThis_zww汉化版扫描日志 V1.99.1
保存于 8:08:37, 日期 2006-11-星期二21
操作系统： Windows XP SP2 (WinNT 5.01.2600)
浏览器： Internet Explorer v6.00 SP2 (6.00.2900.2180)

当前运行的进程：
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\Explorer.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\WINDOWS\system32\ctfmon.exe
C:\PROGRA~1\SYMANT~1\VPTray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\wuaucll.exe
C:\Program Files\Symantec\pcAnywhere\awhost32.exe
C:\Program Files\Symantec AntiVirus\DefWatch.exe
C:\WINDOWS\system32\Com\CSRSS.EXE
C:\Program Files\Symantec AntiVirus\SavRoam.exe
C:\WINDOWS\system32\conime.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\exe
F:\卫平电脑\HJ扫描\HijackThis1991_zww.exe

R3 - 默认的URLSearchHook丢失。用HijackThis修复
F2 - REG:system.ini: Shell=Explorer.exe exe
O3 - IE工具栏增项: 卡卡上网安全助手 - {DB9ECD4F-FB8F-4311-B3CE-90B976C2707C} - C:\WINDOWS\system32\KakaTool.dll
O4 - 启动项HKLM\\Run: [IMJPMIG8.1] ; "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - 启动项HKLM\\Run: [PHIME2002ASync] ; C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - 启动项HKLM\\Run: [PHIME2002A] ; C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - 启动项HKLM\\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - 启动项HKLM\\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - 启动项HKLM\\Run: [vptray] C:\PROGRA~1\SYMANT~1\VPTray.exe
O4 - 启动项HKLM\\Run: [IgfxTray] ; C:\WINDOWS\system32\igfxtray.exe
O4 - 启动项HKLM\\Run: [StormCodec_Helper] ; "C:\Program Files\Ringz Studio\Storm Codec\StormSet.exe" /S /opti
O4 - 启动项HKCU\\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - 启动项HKCU\\Run: [bgswitch] ; C:\WINDOWS\system32\bgswitch.exe
O4 - 启动项HKCU\\Run: [82b436ed904f9a9e3d3d5bb4316ba855] "E:\Documents and Settings\工会委员会\My Documents\d120fast.12012.0.exe" -t 12012.0
O8 - IE右键菜单中的新增项目： &使用迅雷下载 - C:\Program Files\Thunder Network\Thunder\Program\GetUrl.htm
O8 - IE右键菜单中的新增项目： &使用迅雷下载全部链接 - C:\Program Files\Thunder Network\Thunder\Program\GetAllUrl.htm
O8 - IE右键菜单中的新增项目：上传到QQ网络硬盘 - C:\Program Files\Tencent\QQ\AddToNetDisk.htm
O8 - IE右键菜单中的新增项目：添加到QQ自定义面板 - C:\Program Files\Tencent\QQ\AddPanel.htm
O8 - IE右键菜单中的新增项目：添加到QQ表情 - C:\Program Files\Tencent\QQ\AddEmotion.htm
O8 - IE右键菜单中的新增项目：用QQ彩信发送该图片 - C:\Program Files\Tencent\QQ\SendMMS.htm
O9 - 浏览器额外的按钮： (no name) - {DEDEB80D-FA35-45d9-9460-4983E5A8AFE6} - C:\WINDOWS\system32\shdocvw.dll
O9 - 浏览器额外的“工具”菜单项： QQ炫彩工具条设置 - {DEDEB80D-FA35-45d9-9460-4983E5A8AFE6} - C:\WINDOWS\system32\shdocvw.dll
O14 - IERESET.INF: START_PAGE_URL=http://www.tomatolei.com
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1162804722093
O16 - DPF: {A984ED9F-E8DA-44E5-BC18-C14B9ABEF79D} (photo_uploader Control) - http://upload.photo.163.com/photoup.cab
O16 - DPF: {E4E2F180-CB8B-4DE9-ACBB-DA745D3BA153} (Rising Web Scan Object) - http://download.rising.com.cn/register/pcver/autoupgradepad/pcver2006new/OL2006.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{6E2EB819-23FE-4732-B32A-4DFB423B68E0}: NameServer = 202.102.224.68,202.102.227.68
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O20 - Winlogon Notify: NavLogon - C:\WINDOWS\system32\NavLogon.dll
O20 - Winlogon Notify: PCANotify - C:\WINDOWS\SYSTEM32\PCANotify.dll
O23 - NT 服务: pcAnywhere Host Service (awhost32) - Symantec Corporation - C:\Program Files\Symantec\pcAnywhere\awhost32.exe
O23 - NT 服务: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - NT 服务: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - NT 服务: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - NT 服务: Symantec AntiVirus Definition Watcher (DefWatch) - Symantec Corporation - C:\Program Files\Symantec AntiVirus\DefWatch.exe
O23 - NT 服务: GrayPigeon - Unknown owner - C:\WINDOWS\systemexe.exe
O23 - NT 服务: SAVRoam (SavRoam) - symantec - C:\Program Files\Symantec AntiVirus\SavRoam.exe
O23 - NT 服务: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - NT 服务: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - NT 服务: Symantec AntiVirus - Symantec Corporation - C:\Program Files\Symantec AntiVirus\Rtvscan.exe

拉风的高手 - 2006-11-21 8:47:00

C:\WINDOWS\system32\Com\CSRSS.EXE
C:\WINDOWS\exe结束进程删除文件
修复R3 - 默认的URLSearchHook丢失。用HijackThis修复
F2 - REG:system.ini: Shell=Explorer.exe exe
O23 - NT 服务: GrayPigeon - Unknown owner - C:\WINDOWS\systemexe.exe鸽子

高歌猛进 - 2006-11-21 9:21:00

有麻烦了，最好扫个SR上来

有问请答复 - 2006-11-21 10:15:00

2006-11-21,10:04:06

System Repair Engineer 2.2.6.605
Smallfrogs (http://www.KZTechs.com)

Windows XP Professional Service Pack 2 (Build 2600)
- 管理权限用户 - 完整功能

以下内容被选中：
所有的启动项目（包括注册表、启动文件夹、服务等）
浏览器加载项
正在运行的进程（包括进程模块信息）
文件关联
Winsock 提供者
Autorun.inf
HOSTS 文件

启动项目
注册表
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
<ctfmon.exe><C:\WINDOWS\system32\ctfmon.exe> [(Verified)Microsoft Corporation]
<bgswitch><; C:\WINDOWS\system32\bgswitch.exe> [N/A]
<82b436ed904f9a9e3d3d5bb4316ba855><"E:\Documents and Settings\工会委员会\My Documents\d120fast.12012.0.exe" -t 12012.0> [N/A]
[HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows]
<load><> [N/A]
<run><> [N/A]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
<IMJPMIG8.1><; "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32> [(Verified)Microsoft Corporation]
<PHIME2002ASync><; C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC> [(Verified)Microsoft Corporation]
<PHIME2002A><; C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName> [(Verified)Microsoft Corporation]
<HotKeysCmds><C:\WINDOWS\system32\hkcmd.exe> [(Verified)Intel Corporation]
<ccApp><"C:\Program Files\Common Files\Symantec Shared\ccApp.exe"> [(Verified)Symantec Corporation]
<vptray><C:\PROGRA~1\SYMANT~1\VPTray.exe> [(Verified)Symantec Corporation]
<IgfxTray><; C:\WINDOWS\system32\igfxtray.exe> [(Verified)Intel Corporation]
<StormCodec_Helper><; "C:\Program Files\Ringz Studio\Storm Codec\StormSet.exe" /S /opti> [N/A]
<RavTask><"C:\Program Files\Rising\Rav\RavTask.exe" -system> [Beijing Rising Technology Co., Ltd.]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
<shell><Explorer.exe .exe> [N/A]
<Userinit><C:\WINDOWS\system32\userinit.exe,> [(Verified)Microsoft Corporation]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Windows]
<AppInit_DLLs><> [N/A]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
<UIHost><logonui.exe> [(Verified)Microsoft Corporation]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\NavLogon]
<WinlogonNotify: NavLogon><C:\WINDOWS\system32\NavLogon.dll> [(Verified)Symantec Corporation]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\PCANotify]
<WinlogonNotify: PCANotify><PCANotify.dll> [Symantec Corporation]
[HKEY_CURRENT_USER\Control Panel\Desktop]
<SCRNSAVE.EXE><C:\WINDOWS\system32\FLURRY.SCR> [Matt Ginzton]

==================================
启动文件夹
N/A

==================================
服务
[648291 / 648291]
<C:\WINDOWS\system32\648291.EXE -service><Microsoft Corporation>
[pcAnywhere Host Service / awhost32]
<C:\Program Files\Symantec\pcAnywhere\awhost32.exe><Symantec Corporation>
[BDWinIe / BDWinIe]
<C:\WINDOWS\system32\BDWin.exe -service><Microsoft Corporation>
[Symantec Event Manager / ccEvtMgr]
<"C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe"><Symantec Corporation>
[Symantec Password Validation / ccPwdSvc]
<"C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe"><Symantec Corporation>
[Symantec Settings Manager / ccSetMgr]
<"C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe"><Symantec Corporation>
[Symantec AntiVirus Definition Watcher / DefWatch]
<"C:\Program Files\Symantec AntiVirus\DefWatch.exe"><Symantec Corporation>
[Human Interface Device Access / HidServ]
<C:\WINDOWS\System32\svchost.exe -k netsvcs-->%SystemRoot%\System32\hidserv.dll><N/A>
[Rising Process Communication Center / RsCCenter]
<"C:\Program Files\Rising\Rav\CCenter.exe"><Beijing Rising Technology Co., Ltd.>
[SavRoam / SavRoam]
<"C:\Program Files\Symantec AntiVirus\SavRoam.exe"><symantec>
[Symantec Network Drivers Service / SNDSrvc]
<"C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe"><Symantec Corporation>
[Symantec SPBBCSvc / SPBBCSvc]
<"C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe"><Symantec Corporation>
[Symantec AntiVirus / Symantec AntiVirus]
<"C:\Program Files\Symantec AntiVirus\Rtvscan.exe"><Symantec Corporation>

==================================
驱动程序
[aeaudio / aeaudio]
<system32\drivers\aeaudio.sys><Andrea Electronics Corporation>
[awlegacy / awlegacy]
<\SystemRoot\System32\Drivers\awlegacy.sys><Symantec Corporation>
[AW_HOST / AW_HOST]
<system32\drivers\aw_host5.sys><Symantec Corporation>
[Intel(R) PRO Adapter Driver / E100B]
<system32\DRIVERS\e100b325.sys><Intel Corporation>
[Symantec Eraser Control driver / eeCtrl]
<\??\C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys><Symantec Corporation>
[Gernuwa / Gernuwa]
<C:\WINDOWS\SYSTEM32\DRIVERS\Gernuwa.SYS><Symantec Corporation>
[ialm / ialm]
<system32\DRIVERS\ialmnt5.sys><Intel Corporation>
[NAVENG / NAVENG]
<\??\C:\PROGRA~1\COMMON~1\SYMANT~1\VIRUSD~1\20060908.024\naveng.sys><Symantec Corporation>
[NAVEX15 / NAVEX15]
<\??\C:\PROGRA~1\COMMON~1\SYMANT~1\VIRUSD~1\20060908.024\navex15.sys><Symantec Corporation>
[npkcrypt / npkcrypt]
<\??\C:\Program Files\Tencent\QQ\npkcrypt.sys><INCA Internet Co., Ltd.>
[npkcusb / npkcusb]
<\??\C:\Program Files\Tencent\QQ\npkcusb.sys><INCA Internet Co., Ltd.>
[Direct Parallel Link Driver / Ptilink]
<system32\DRIVERS\ptilink.sys><Parallel Technologies, Inc.>
[RsAntiSpyware / RsAntiSpyware]
<\SystemRoot\system32\drivers\RsBoot.sys><Beijing Rising>
[SAVRT / SAVRT]
<\??\C:\Program Files\Symantec AntiVirus\savrt.sys><Symantec Corporation>
[SAVRTPEL / SAVRTPEL]
<\??\C:\Program Files\Symantec AntiVirus\Savrtpel.sys><Symantec Corporation>
[Secdrv / Secdrv]
<system32\DRIVERS\secdrv.sys><N/A>
[smwdm / smwdm]
<system32\drivers\smwdm.sys><Analog Devices, Inc.>
[SPBBCDrv / SPBBCDrv]
<\??\C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCDrv.sys><Symantec Corporation>
[SymEvent / SymEvent]
<\??\C:\Program Files\Symantec\SYMEVENT.SYS><Symantec Corporation>
[SYMREDRV / SYMREDRV]
<\??\C:\WINDOWS\system32\Drivers\SYMREDRV.SYS><Symantec Corporation>
[SYMTDI / SYMTDI]
<\??\C:\WINDOWS\system32\Drivers\SYMTDI.SYS><Symantec Corporation>

==================================
浏览器加载项
[QQIEFloatBarCfgCmd Class]
{DEDEB80D-FA35-45d9-9460-4983E5A8AFE6} <, N/A>
[卡卡上网安全助手]
{DB9ECD4F-FB8F-4311-B3CE-90B976C2707C} <C:\WINDOWS\system32\KakaTool.dll, Beijing Rising Technology Co., Ltd.>
[WUWebControl Class]
{6414512B-B978-451D-A0D8-FCFDF33E833C} <C:\WINDOWS\system32\wuweb.dll, Microsoft Corporation>
[photo_uploader Control]
{A984ED9F-E8DA-44E5-BC18-C14B9ABEF79D} <C:\WINDOWS\DOWNLO~1\PHOTO_~1.OCX, N/A>
[Rising Web Scan Object]
{E4E2F180-CB8B-4DE9-ACBB-DA745D3BA153} <C:\WINDOWS\Downloaded Program Files\OL2005.dll, Beijing Rising Technology Co., Ltd.>
[Active Desktop Mover]
{72267F6A-A6F9-11D0-BC94-00C04FB67863} <%SystemRoot%\system32\SHELL32.dll, N/A>
[Shockwave Flash Object]
{D27CDB6E-AE6D-11CF-96B8-444553540000} <C:\WINDOWS\system32\macromed\flash\Flash85.ocx, Macromedia, Inc.>
[卡卡上网安全助手]
{DB9ECD4F-FB8F-4311-B3CE-90B976C2707C} <C:\WINDOWS\system32\KakaTool.dll, Beijing Rising Technology Co., Ltd.>
[&使用迅雷下载]
<C:\Program Files\Thunder Network\Thunder\Program\GetUrl.htm, N/A>
[&使用迅雷下载全部链接]
<C:\Program Files\Thunder Network\Thunder\Program\GetAllUrl.htm, N/A>
[上传到QQ网络硬盘]
<C:\Program Files\Tencent\QQ\AddToNetDisk.htm, N/A>
[添加到QQ自定义面板]
<C:\Program Files\Tencent\QQ\AddPanel.htm, N/A>
[添加到QQ表情]
<C:\Program Files\Tencent\QQ\AddEmotion.htm, N/A>
[用QQ彩信发送该图片]
<C:\Program Files\Tencent\QQ\SendMMS.htm, N/A>

有问请答复 - 2006-11-21 10:18:00

==================================
正在运行的进程
[PID: 592][\SystemRoot\System32\smss.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 648][\??\C:\WINDOWS\system32\csrss.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 672][\??\C:\WINDOWS\system32\winlogon.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[C:\WINDOWS\system32\PCANotify.dll] [Symantec Corporation, 10.5.1.505]
[C:\WINDOWS\system32\UNISPIM5.IME] [北京紫光华宇软件股份有限公司, 5.0.0.5076]
[C:\WINDOWS\system32\NavLogon.dll] [Symantec Corporation, 10.0.0.359]
[PID: 716][C:\WINDOWS\system32\services.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 728][C:\WINDOWS\system32\lsass.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 888][C:\WINDOWS\system32\svchost.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 960][C:\WINDOWS\system32\svchost.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 1040][C:\Program Files\Rising\Rav\CCenter.exe] [Beijing Rising Technology Co., Ltd., 18, 0, 0, 3]
[PID: 1056][C:\WINDOWS\System32\svchost.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 1116][C:\WINDOWS\system32\svchost.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 1208][C:\WINDOWS\system32\svchost.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 1288][C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe] [Symantec Corporation, 103.5.1.9]
[C:\Program Files\Common Files\Symantec Shared\ccL35.dll] [Symantec Corporation, 103.5.1.9]
[C:\Program Files\Common Files\Symantec Shared\ccVrTrst.dll] [Symantec Corporation, 103.5.1.9]
[PID: 1320][C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe] [Symantec Corporation, 103.5.1.9]
[C:\Program Files\Common Files\Symantec Shared\ccL35.dll] [Symantec Corporation, 103.5.1.9]
[C:\Program Files\Common Files\Symantec Shared\ccVrTrst.dll] [Symantec Corporation, 103.5.1.9]
[C:\PROGRA~1\COMMON~1\SYMANT~1\SPBBC\BB.DLL] [Symantec Corporation, 1,5,1,3]
[C:\PROGRA~1\COMMON~1\SYMANT~1\SPBBC\SPBBCEVT.DLL] [Symantec Corporation, 1,5,1,3]
[C:\Program Files\Common Files\Symantec Shared\ccSet.dll] [Symantec Corporation, 103.5.1.9]
[C:\PROGRA~1\COMMON~1\SYMANT~1\CCSETEVT.DLL] [Symantec Corporation, 103.5.1.9]
[PID: 1432][C:\WINDOWS\Explorer.exe] [Microsoft Corporation, 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)]
[C:\WINDOWS\system32\UNISPIM5.IME] [北京紫光华宇软件股份有限公司, 5.0.0.5076]
[C:\WINDOWS\system32\igfxpph.dll] [Intel Corporation, 3.0.0.3889]
[C:\WINDOWS\system32\hccutils.DLL] [Intel Corporation, 3.0.0.3889]
[C:\WINDOWS\system32\igfxres.dll] [Intel Corporation, 3.0.0.3889]
[C:\WINDOWS\system32\igfxsrvc.dll] [Intel Corporation, 3.0.0.3889]
[C:\WINDOWS\system32\igfxdev.dll] [Intel Corporation, 3.0.0.3889]
[C:\WINDOWS\system32\igfxress.dll] [Intel Corporation, 3.0.0.3889]
[C:\Program Files\WinRAR\rarext.dll] [N/A, N/A]
[C:\WINDOWS\system32\RavExt.dll] [Beijing Rising Technology Co., Ltd., 18, 0, 0, 21]
[C:\Program Files\Common Files\Symantec Shared\SSC\vpshell2.dll] [Symantec Corporation, 10.0.0.359]
[C:\Program Files\Rising\Rav\RSCOMMON.DLL] [Beijing Rising Technology Co., Ltd., 18, 0, 0, 4]
[PID: 1580][C:\WINDOWS\system32\spoolsv.exe] [Microsoft Corporation, 5.1.2600.2696 (xpsp_sp2_gdr.050610-1519)]
[C:\WINDOWS\system32\EBPMON2.DLL] [SEIKO EPSON CORPORATION, 2, 38, 0, 0]
[C:\WINDOWS\system32\awmon.dll] [Symantec Corporation, 9.2.1]
[C:\WINDOWS\system32\Ssgb3mon.dll] [Samsung Electronics., 1, 0, 0, 0]

有问请答复 - 2006-11-21 10:18:00

[PID: 1796][C:\Program Files\Common Files\Symantec Shared\ccApp.exe] [Symantec Corporation, 103.5.1.9]
[C:\Program Files\Common Files\Symantec Shared\ccL35.dll] [Symantec Corporation, 103.5.1.9]
[C:\WINDOWS\system32\UNISPIM5.IME] [北京紫光华宇软件股份有限公司, 5.0.0.5076]
[C:\Program Files\Common Files\Symantec Shared\ccVrTrst.dll] [Symantec Corporation, 103.5.1.9]
[C:\PROGRA~1\COMMON~1\SYMANT~1\CCALERT.DLL] [Symantec Corporation, 103.5.1.9]
[C:\PROGRA~1\COMMON~1\SYMANT~1\CCEMLPXY.DLL] [Symantec Corporation, 103.5.1.9]
[C:\WINDOWS\system32\SYMREDIR.DLL] [Symantec Corporation, 5.5.1.6]
[C:\Program Files\Common Files\Symantec Shared\ccSetEvt.dll] [Symantec Corporation, 103.5.1.9]
[C:\Program Files\Common Files\Symantec Shared\ccProSub.dll] [Symantec Corporation, 103.5.1.9]
[C:\Program Files\Symantec AntiVirus\SavEmail.dll] [Symantec Corporation, 10.0.0.359]
[PID: 1800][C:\WINDOWS\system32\ctfmon.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[C:\WINDOWS\system32\UNISPIM5.IME] [北京紫光华宇软件股份有限公司, 5.0.0.5076]
[PID: 1820][C:\PROGRA~1\SYMANT~1\VPTray.exe] [Symantec Corporation, 10.0.0.359]
[C:\Program Files\Symantec AntiVirus\SAVRT32.DLL] [Symantec Corporation, 9.5.0.44]
[C:\WINDOWS\system32\UNISPIM5.IME] [北京紫光华宇软件股份有限公司, 5.0.0.5076]
[C:\Program Files\Symantec AntiVirus\Cliscan.dll] [Symantec Corporation, 10.0.0.359]
[C:\PROGRA~1\SYMANT~1\NAVNTUTL.DLL] [Symantec Corporation, 10.0.0.359]
[C:\Program Files\Symantec AntiVirus\Cliproxy.dll] [Symantec Corporation, 10.0.0.359]
[PID: 1824][C:\WINDOWS\system32\hkcmd.exe] [Intel Corporation, 3.0.0.3889]
[C:\WINDOWS\system32\hccutils.DLL] [Intel Corporation, 3.0.0.3889]
[C:\WINDOWS\system32\igfxdev.dll] [Intel Corporation, 3.0.0.3889]
[C:\WINDOWS\system32\UNISPIM5.IME] [北京紫光华宇软件股份有限公司, 5.0.0.5076]
[C:\WINDOWS\system32\igfxsrvc.dll] [Intel Corporation, 3.0.0.3889]
[C:\WINDOWS\system32\igfxhk.dll] [Intel Corporation, 3.0.0.3889]
[C:\WINDOWS\system32\igfxres.dll] [Intel Corporation, 3.0.0.3889]
[PID: 1836][C:\Program Files\Rising\Rav\RavTask.exe] [Beijing Rising Technology Co., Ltd., 18, 0, 0, 22]
[C:\Program Files\Rising\Rav\RSCOMMON.DLL] [Beijing Rising Technology Co., Ltd., 18, 0, 0, 4]
[C:\Program Files\Rising\Rav\RSAPPMGR.DLL] [Beijing Rising Technology Co., Ltd., 18, 0, 0, 2]
[C:\Program Files\Rising\Rav\CfgDll.dll] [Beijing Rising Technology Co., Ltd., 18, 0, 0, 11]
[C:\Program Files\Rising\Rav\RsCommX.dll] [rising, 18, 0, 0, 1]
[C:\WINDOWS\system32\UNISPIM5.IME] [北京紫光华宇软件股份有限公司, 5.0.0.5076]
[PID: 1864][C:\WINDOWS\system32\wuaucll.exe] [N/A, N/A]
[C:\WINDOWS\system32\UNISPIM5.IME] [北京紫光华宇软件股份有限公司, 5.0.0.5076]
[PID: 2040][C:\Program Files\Symantec\pcAnywhere\awhost32.exe] [Symantec Corporation, 10.5.1.505]
[C:\Program Files\Symantec\pcAnywhere\Util.dll] [Symantec Corporation, 10.5.1.505]
[C:\Program Files\Symantec\pcAnywhere\InstData.dll] [Symantec Corporation, 10.5.1.505]
[C:\Program Files\Symantec\pcAnywhere\awcfgmgr.dll] [Symantec Corporation, 10.5.1.505]
[C:\Program Files\Symantec\pcAnywhere\S32PCAG.DLL] [Symantec Corporation, 15.0.0.14]
[C:\Program Files\Symantec\pcAnywhere\AWSES32.dll] [Symantec Corporation, 10.5.1.505]
[C:\Program Files\Symantec\pcAnywhere\awofrwrk.dll] [Symantec Corporation, 10.5.1.505]
[C:\Program Files\Symantec\pcAnywhere\awio.dll] [Symantec Corporation, 10.5.1.505]
[C:\Program Files\Symantec\pcAnywhere\dundata.dll] [Symantec Corporation, 10.5.1.505]
[C:\Program Files\Symantec\pcAnywhere\PowerMgr.dll] [Symantec Corporation, 10.5.1.505]
[C:\Program Files\Symantec\pcAnywhere\PCACMNDG.dll] [Symantec Corporation, 10.5.1.505]
[C:\Program Files\Symantec\pcAnywhere\awgui32.dll] [Symantec Corporation, 10.5.1.505]
[C:\Program Files\Symantec\pcAnywhere\AWDS32.dll] [Symantec Corporation, 10.5.1.505]
[C:\Program Files\Symantec\pcAnywhere\awcm32.dll] [Symantec Corporation, 10.5.1.505]
[C:\Program Files\Symantec\pcAnywhere\crypto.dll] [Symantec Corporation, 10.5.1.505]
[C:\Program Files\Symantec\pcAnywhere\awtime32.dll] [Symantec Corporation, 10.5.1.505]
[C:\Program Files\Symantec\pcAnywhere\pcaime.dll] [Symantec Corporation, 10.5.1.505]
[C:\Program Files\Symantec\pcAnywhere\AWHXPRB.dll] [Symantec Corporation, 10.5.1.505]
[C:\Program Files\Symantec\pcAnywhere\AWHPROBEDLL.dll] [Symantec Corporation, 10.5.1.505]
[C:\Program Files\Symantec\pcAnywhere\TrayIcon.dll] [Symantec Corporation, 10.5.1.505]
[C:\Program Files\Symantec\pcAnywhere\AWDSP32.dll] [Symantec Corporation, 10.5.1.505]
[C:\Program Files\Symantec\pcAnywhere\awcp.dll] [Symantec Corporation, 10.5.1.505]
[C:\Program Files\Symantec\pcAnywhere\IMPLODE.DLL] [PKWare, 1, 0, 0, 1]
[C:\Program Files\Symantec\pcAnywhere\AWHK32.dll] [Symantec Corporation, 10.5.1.505]
[C:\Program Files\Symantec\pcAnywhere\awRes-all.dll] [Symantec Corporation, 10.5.1.505]
[C:\Program Files\Symantec\pcAnywhere\ehandres.dll] [Symantec Corporation, 10.5.1.505]
[C:\Program Files\Symantec\pcAnywhere\awres-host.dll] [Symantec Corporation, 10.5.1.505]
[C:\WINDOWS\system32\UNISPIM5.IME] [北京紫光华宇软件股份有限公司, 5.0.0.5076]
[C:\Program Files\Symantec\pcAnywhere\AwioResources.dll] [Symantec Corporation, 10.5.1.505]
[C:\Program Files\Symantec\pcAnywhere\AWHPILOT.DLL] [Symantec Corporation, 10.5.1.505]
[C:\Program Files\Symantec\pcAnywhere\awlog32.dll] [Symantec Corporation, 10.5.1.505]
[C:\Program Files\Symantec\pcAnywhere\snmputil.dll] [Symantec Corporation, 10.5.1.505]
[C:\Program Files\Symantec\pcAnywhere\libsnmp.dll] [Symantec Corporation, 10.5.1.505]
[C:\Program Files\Symantec\pcAnywhere\AWCONN32.DLL] [Symantec Corporation, 10.5.1.505]
[C:\Program Files\Symantec\pcAnywhere\AW32TCP.DLL] [Symantec Corporation, 10.5.1.505]
[PID: 412][C:\Program Files\Symantec AntiVirus\DefWatch.exe] [Symantec Corporation, 10.0.0.359]
[PID: 456][C:\WINDOWS\system32\Com\CSRSS.EXE] [N/A, 1.00]
[C:\WINDOWS\system32\UNISPIM5.IME] [北京紫光华宇软件股份有限公司, 5.0.0.5076]
[PID: 516][C:\Program Files\Symantec AntiVirus\SavRoam.exe] [symantec, 10.0.0.359]
[C:\Program Files\Common Files\Symantec Shared\SSC\Transman.dll] [Symantec Corporation, 10.0.0.359]
[C:\WINDOWS\system32\CBA.DLL] [Intel? Corporation, 6.12.0.130 E]
[C:\WINDOWS\system32\MsgSys.dll] [Intel? Corporation, 6.12.0.130 E]
[C:\WINDOWS\system32\NTS.dll] [Intel? Corporation, 6.12.0.130 E]
[C:\WINDOWS\system32\PDS.DLL] [Intel? Corporation, 6.12.0.130 E]
[c:\program files\common files\symantec shared\ssc\ScsComms.dll] [Symantec Corporation, 10.0.0.359]
[PID: 1340][C:\WINDOWS\system32\wdfmgr.exe] [Microsoft Corporation, 5.2.3790.1230 built by: dnsrv(bld4act)]
[PID: 3128][C:\WINDOWS\system32\uWDF.exe] [Microsoft Corporation, 5.2.3790.1230 built by: dnsrv(bld4act)]
[PID: 3172][C:\WINDOWS\system32\svchost.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 3476][C:\WINDOWS\system32\conime.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[C:\WINDOWS\system32\UNISPIM5.IME] [北京紫光华宇软件股份有限公司, 5.0.0.5076]
[PID: 3504][C:\WINDOWS\.exe] [N/A, N/A]
[C:\WINDOWS\system32\UNISPIM5.IME] [北京紫光华宇软件股份有限公司, 5.0.0.5076]
[PID: 3612][C:\Program Files\TTPlayer\TTPlayer.exe] [Alen Soft, 4, 6, 8, 0]
[C:\Program Files\TTPlayer\ttpcomm.dll] [N/A, N/A]
[C:\Program Files\TTPlayer\ttpres.dll] [Alen Soft, 4, 6, 8, 0]
[C:\WINDOWS\system32\UNISPIM5.IME] [北京紫光华宇软件股份有限公司, 5.0.0.5076]
[C:\Program Files\TTPlayer\AddIn\ttp_asf.dll] [N/A, N/A]
[C:\Program Files\TTPlayer\AddIn\ttp_aac.dll] [N/A, N/A]
[C:\Program Files\TTPlayer\AddIn\ttp_ac3dts.dll] [N/A, N/A]
[C:\Program Files\TTPlayer\AddIn\ttp_lrcsh.dll] [N/A, N/A]
[PID: 1632][C:\Program Files\Internet Explorer\iexplore.exe] [Microsoft Corporation, 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)]
[C:\WINDOWS\system32\UNISPIM5.IME] [北京紫光华宇软件股份有限公司, 5.0.0.5076]
[C:\WINDOWS\system32\KakaTool.dll] [Beijing Rising Technology Co., Ltd., 2, 0, 2, 1]
[C:\WINDOWS\system32\macromed\flash\Flash85.ocx] [Macromedia, Inc., 8,5,0,133]
[PID: 3268][F:\卫平电脑\扫描\SREng\SREng.exe] [Smallfrogs Studio, 2.2.6.605]
[C:\WINDOWS\system32\UNISPIM5.IME] [北京紫光华宇软件股份有限公司, 5.0.0.5076]

==================================
文件关联
.TXT OK. [%SystemRoot%\system32\NOTEPAD.EXE %1]
.EXE Error. [ "%1" %*]
.COM OK. ["%1" %*]
.PIF OK. ["%1" %*]
.REG OK. [regedit.exe "%1"]
.BAT OK. ["%1" %*]
.SCR OK. ["%1" /S]
.CHM OK. ["C:\WINDOWS\hh.exe" %1]
.HLP OK. [%SystemRoot%\System32\winhlp32.exe %1]
.INI OK. [%SystemRoot%\System32\NOTEPAD.EXE %1]
.INF OK. [%SystemRoot%\System32\NOTEPAD.EXE %1]
.VBS OK. [%SystemRoot%\System32\WScript.exe "%1" %*]
.JS OK. [%SystemRoot%\System32\WScript.exe "%1" %*]
.LNK OK. [{00021401-0000-0000-C000-000000000046}]

==================================
Winsock 提供者
N/A

==================================
Autorun.inf
N/A

==================================
HOSTS 文件
127.0.0.1 localhost

瑞星卡卡安全论坛