中毒了!!【求助】 bbs.ikaka.com

muenster - 2006-12-23 7:52:00

大家好!!我现在电脑中毒了，自己不是特别懂，想请大家帮忙。具体情况是这样的，刚开始只是电脑有点慢，没有太注意，觉得可能是网的问题。后来使用U盘从另一台电脑拷文件，到我的电脑上打开后，突然看到有三个文件多了！！一个好象是autorun.文件，是写字板文档，好奇心下我打开了它，可是打不开，三个都是！！后来没理它，把它删掉了，可后来在用硬件删除时出现了个小小的问题，硬件删除的菜单闪了一下就没了，没多心，直接拔下U盘没多想它，后来再使用U盘时这三个文件又出现了，又删掉，觉得奇怪，没多心想想！后来几次开机时，突然注意到我的金山一直关着的，当时一身冷汗，这好几天一直没有杀毒保护！！后来马上手启动金山杀毒，，可是没毒！！后来从办公室同事那里装了外国版的Avira antivirus，查处了"trojanische horst",开始竟然没反应过来，后来才想明白这是"木马"，后来马上开金山木马专杀，打开了闪一秒就没了！！赶快上网查木马，可是浏览器马上自动关闭！！完了！！赶快装NORTON杀毒，后来又在安全模式下杀了两遍，杀了几个小的，和一个木马，木马藏在一个RAR文件里，木马不能被高级删除，普通删了。我又按路径把所在的整个文件删了，总算送了口气。
我的问题：1：我现在安全了么？？我发了份系统报告，希望大仙们指点迷经！！
2：我拿U盘怎么办，哥们说，扔了吧，都被"马"踩的不成样了，可是我当时还接过我的MP3和新买的手机，难道都扔了？？？？？哭死！！！！
3：我是双系统，一中文，一外文，病毒是在中文上发现的，外文几个月前死掉了，我现在再中文上把病毒删掉了，如果我下次偶然进入外文系统，可能不可能病毒再次被激活？？

请各路神仙帮忙！！！！先谢了！！！！

鸟儿天上飞 - 2006-12-23 7:55:00

下个日志看你删干净没有
请下载SREng2（最新版），使用“智能扫描”，按下“扫描”按钮进行扫描，
扫描完成后按下“保存报告”按钮保存报告日志文件（SREng.LOG），把保存的报告
日志文件内容复制-粘贴上来,,日志一次粘不完，分次粘完，请不要修改。

下载地址
http://www.kztechs.com/sreng/sreng2.zip

muenster - 2006-12-23 7:55:00

2006-12-22,23:26:07

System Repair Engineer 2.2.6.605
Smallfrogs (http://www.KZTechs.com)

Windows XP Professional Service Pack 1 (Build 2600)
- 管理权限用户 - 完整功能

以下内容被选中：
所有的启动项目（包括注册表、启动文件夹、服务等）
浏览器加载项
正在运行的进程（包括进程模块信息）
文件关联
Winsock 提供者
Autorun.inf
HOSTS 文件

启动项目
注册表
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
<ctfmon.exe><; F:\WINDOWS\System32\ctfmon.exe> [(Verified)Microsoft Corporation]
<PcSync><; F:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog> [Time Information Services Ltd.]
<Skype><; "F:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized> [(Verified)N/A]
[HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows]
<load><> [N/A]
<run><> [N/A]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
<TkBellExe><"F:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot> [RealNetworks, Inc.]
<PCSuiteTrayApplication><; F:\PROGRA~1\Nokia\NOKIAP~1\LAUNCH~1.EXE -onlytray> [Nokia]
<ccApp><"F:\Program Files\Common Files\Symantec Shared\ccApp.exe"> [(Verified)Symantec Corporation]
<osCheck><"F:\Program Files\Norton AntiVirus\osCheck.exe"> [(Verified)Symantec Corporation]
<Adobe Photo Downloader><; "F:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe"> [Adobe Systems Incorporated]
<DataFinder><; "F:\Program Files\National Instruments\Shared\DataFinder\bin\DataFinder.exe" /auto> [National Instruments]
<IgfxTray><; F:\WINDOWS\System32\igfxtray.exe> [(Verified)Intel Corporation]
<IMJPMIG8.1><; "F:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32> [(Verified)Microsoft Corporation]
<iTunesHelper><; "F:\Program Files\iTunes\iTunesHelper.exe"> [(Verified)Apple Computer, Inc.]
<MINI_BFYY><; F:\Program Files\Ringz Studio\Storm Downloader\StormDownloader.exe> [N/A]
<PHIME2002A><; F:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE /IMEName> [(Verified)Microsoft Corporation]
<PHIME2002ASync><; F:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE /SYNC> [(Verified)Microsoft Corporation]
<stup.exe><; F:\PROGRA~1\TENCENT\Adplus\stup.exe> [Tencent]
<wlovif><; F:\WINDOWS\System32\kernlx.exe> [N/A]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
<shell><Explorer.exe> [(Verified)Microsoft Corporation]
<Userinit><F:\WINDOWS\System32\userinit.exe,> [(Verified)Microsoft Corporation]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Windows]
<AppInit_DLLs><> [N/A]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
<UIHost><logonui.exe> [(Verified)Microsoft Corporation]
[HKEY_CURRENT_USER\Control Panel\Desktop]
<SCRNSAVE.EXE><; F:\Program Files\Kingsoft\Kav 6\KaScrScn.scr> [N/A]

==================================
启动文件夹
N/A

==================================
服务
[Automatic LiveUpdate Scheduler / Automatic LiveUpdate Scheduler]
<"F:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe"><Symantec Corporation>
[Symantec Event Manager / ccEvtMgr]
<"F:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe" /h ccCommon><Symantec Corporation>
[Symantec Settings Manager / ccSetMgr]
<"F:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe" /h ccCommon><Symantec Corporation>
[Symantec Lic NetConnect service / CLTNetCnService]
<"F:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe" /h ccCommon><Symantec Corporation>
[Human Interface Device Access / HidServ]
<F:\WINDOWS\System32\svchost.exe -k netsvcs-->%SystemRoot%\System32\hidserv.dll><N/A>
[iPod Service / iPod Service]
<"F:\Program Files\iPod\bin\iPodService.exe"><Apple Computer, Inc.>
[Symantec IS Password Validation / ISPwdSvc]
<"F:\Program Files\Norton AntiVirus\isPwdSvc.exe"><Symantec Corporation>
[LiveUpdate / LiveUpdate]
<"F:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE"><Symantec Corporation>
[Lookout Citadel Server / LkCitadelServer]
<F:\WINDOWS\System32\lkcitdl.exe><National Instruments, Inc.>
[National Instruments PSP Server Locator / lkClassAds]
<F:\WINDOWS\System32\lkads.exe><National Instruments, Inc.>
[National Instruments Time Synchronization / lkTimeSync]
<F:\WINDOWS\System32\lktsrv.exe><National Instruments, Inc.>
[National Instruments Domain Service / NIDomainService]
<"F:\Program Files\National Instruments\Shared\Security\nidmsrv.exe"><National Instruments, Inc.>
[NILM License Manager / NILM License Manager]
<"F:\Program Files\National Instruments\Shared\License Manager\Bin\lmgrd.exe"><Macrovision Corporation>
[Symantec Core LC / Symantec Core LC]
<"F:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe"><Symantec Corporation>
[Symantec AppCore Service / SymAppCore]
<"F:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe"><Symantec Corporation>

==================================
驱动程序
[408667 / 408667]
<\SystemRoot\System32\drivers\408667.sys><N/A>
[80522 / 80522]
<\SystemRoot\system32\drivers\80522.sys><N/A>
[a0 / a0]
<\SystemRoot\\SystemRoot\System32\drivers\408667.sys><N/A>
[ADProt / ADProt]
<system32\drivers\ADProt.sys><腾讯科技（深圳）有限公司>
[TOSHIBA V92 Software Modem / AgereSoftModem]
<System32\DRIVERS\AGRSM.sys><Agere Systems>
[clldrv6 / clldrv6]
<\SystemRoot\System32\drivers\clldrv6.SYS><miControl>
[Cisco Systems VPN Adapter / CVirtA]
<System32\DRIVERS\CVirtA.sys><Cisco Systems, Inc.>
[Intel(R) PRO Adapter Driver / E100B]
<System32\DRIVERS\e100b325.sys><Intel Corporation>
[Symantec Eraser Control driver / eeCtrl]
<\??\F:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys><Symantec Corporation>
[EraserUtilRebootDrv / EraserUtilRebootDrv]
<\??\F:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys><Symantec Corporation>
[GfSDev / GfSDev]
<\??\F:\PROGRAM FILES\NATIONAL INSTRUMENTS\DIADEM 10.0\GfSDev.sys><National Instruments>
[ialm / ialm]
<System32\DRIVERS\ialmnt5.sys><Intel Corporation>
[NAVENG / NAVENG]
<\??\F:\PROGRA~1\COMMON~1\SYMANT~1\VIRUSD~1\20061222.009\NAVENG.SYS><Symantec Corporation>
[NAVEX15 / NAVEX15]
<\??\F:\PROGRA~1\COMMON~1\SYMANT~1\VIRUSD~1\20061222.009\NAVEX15.SYS><Symantec Corporation>
[Nokia USB Generic / Nokia USB Generic]
<system32\drivers\nmwcdc.sys><Nokia>
[Nokia USB Modem / Nokia USB Modem]
<system32\drivers\nmwcdcm.sys><Nokia>
[Nokia USB Phone Parent / Nokia USB Phone Parent]
<system32\drivers\nmwcd.sys><Nokia>
[Nokia USB Port / Nokia USB Port]
<system32\drivers\nmwcdcj.sys><Nokia>
[npkcrypt / npkcrypt]
<\??\F:\Program Files\Tencent\QQ\npkcrypt.sys><N/A>
[npkycryp / npkycryp]
<\??\F:\Program Files\Tencent\QQ\npkycryp.sys><N/A>
[Direct Parallel Link Driver / Ptilink]
<System32\DRIVERS\ptilink.sys><Parallel Technologies, Inc.>
[Secdrv / Secdrv]
<System32\DRIVERS\secdrv.sys><Macrovision Europe Ltd>
[SPBBCDrv / SPBBCDrv]
<\??\F:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCDrv.sys><Symantec Corporation>
[SRTSP / SRTSP]
<System32\Drivers\SRTSP.SYS><Symantec Corporation>
[SRTSPL / SRTSPL]
<System32\Drivers\SRTSPL.SYS><Symantec Corporation>
[SRTSPX / SRTSPX]
<System32\Drivers\SRTSPX.SYS><Symantec Corporation>
[Audio Driver (WDM) - SigmaTel CODEC / STAC97]
<system32\drivers\stac97.sys><SigmaTel, Inc.>
[SYMDNS / SYMDNS]
<\SystemRoot\System32\Drivers\SYMDNS.SYS><Symantec Corporation>
[SymEvent / SymEvent]
<\??\F:\WINDOWS\System32\Drivers\SYMEVENT.SYS><Symantec Corporation>
[SYMFW / SYMFW]
<\SystemRoot\System32\Drivers\SYMFW.SYS><Symantec Corporation>
[SYMIDS / SYMIDS]
<\SystemRoot\System32\Drivers\SYMIDS.SYS><Symantec Corporation>
[SYMIDSCO / SYMIDSCO]
<\??\F:\PROGRA~1\COMMON~1\SYMANT~1\SymcData\IDS-DI~1\20061216.001\SymIDSCo.sys><Symantec Corporation>
[SYMNDIS / SYMNDIS]
<\SystemRoot\System32\Drivers\SYMNDIS.SYS><Symantec Corporation>
[SYMREDRV / SYMREDRV]
<\SystemRoot\System32\Drivers\SYMREDRV.SYS><Symantec Corporation>
[SYMTDI / SYMTDI]
<\SystemRoot\System32\Drivers\SYMTDI.SYS><Symantec Corporation>
[Intel(R) PRO/Wireless 2200 Adapter 驱动程序 / w22n51]
<System32\DRIVERS\w22n51.sys><Intel? Corporation>
[WinDriver6 / WinDriver6]
<system32\drivers\windrvr6.sys><Jungo>
[World Standard Teletext Codec / WSTCODEC]
<System32\DRIVERS\WSTCODEC.SYS><Microsoft Corporation>
[xriqskx / xriqskx]
<\SystemRoot\System32\drivers\xriqskx.sys><>
[xxgxyhun / xxgxyhun]
<\SystemRoot\System32\DRIVERS\xxgxyhun.sys><YAHOO Corporation>
[VIMICRO USB PC Camera / ZSMC302]
<System32\Drivers\usbVM31b.sys><VM>

muenster - 2006-12-23 7:56:00

浏览器加载项
[&Recherchieren]
{92780B25-18CC-41C8-B9BE-3C9C571A8263} <F:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL, Microsoft Corporation>
[@shdoclc.dll,-866]
{c95fe080-8f5d-11d2-a20b-00aa003c157a} <, N/A>
[QQ]
{c95fe080-8f5d-11d2-a20b-00aa003c157b} <F:\Program Files\Tencent\QQ\QQ.EXE, TENCENT>
[易趣购物]
{DE607145-AC19-425e-863A-3D70ABDF119A} <http://click2.ad4all.net/url2/urlmanage/url.asp?id=5, N/A>
[QQIEFloatBarCfgCmd Class]
{DEDEB80D-FA35-45d9-9460-4983E5A8AFE6} <F:\Program Files\Tencent\QQ\QQIEHelper.dll, N/A>
[电台(&R)]
{8E718888-423F-11D2-876E-00A0C9082467} <F:\WINDOWS\System32\msdxm.ocx, Microsoft Corporation>
[Adobe PDF]
{47833539-D0C5-4125-9FA8-0819E2EAAC93} <F:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll, N/A>
[金山毒霸]
{A9BE2902-C447-420A-BB7F-A5DE921E6138} <F:\PROGRA~1\Kingsoft\KAV6~1\KAIEPlus.DLL, N/A>
[Windows Live Toolbar]
{BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} <F:\Program Files\Windows Live Toolbar\msntb.dll, N/A>
[Shockwave Flash Object]
{D27CDB6E-AE6D-11CF-96B8-444553540000} <F:\WINDOWS\System32\Macromed\Flash\Flash9.ocx, Adobe Systems, Inc.>
[上传到QQ网络硬盘]
<F:\Program Files\Tencent\QQ\AddToNetDisk.htm, N/A>
[添加到QQ自定义面板]
<F:\Program Files\Tencent\QQ\AddPanel.htm, N/A>
[添加到QQ表情]
<F:\Program Files\Tencent\QQ\AddEmotion.htm, N/A>
[用QQ彩信发送该图片]
<F:\Program Files\Tencent\QQ\SendMMS.htm, N/A>

muenster - 2006-12-23 7:59:00

正在运行的进程
[PID: 548][\SystemRoot\System32\smss.exe] [Microsoft Corporation, 5.1.2600.1106 (xpsp1.020828-1920)]
[PID: 612][\??\F:\WINDOWS\system32\csrss.exe] [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)]
[PID: 636][\??\F:\WINDOWS\system32\winlogon.exe] [Microsoft Corporation, 5.1.2600.1106 (xpsp1.020828-1920)]
[PID: 680][F:\WINDOWS\system32\services.exe] [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)]
[PID: 692][F:\WINDOWS\system32\lsass.exe] [Microsoft Corporation, 5.1.2600.1106 (xpsp1.020828-1920)]
[PID: 856][F:\WINDOWS\system32\svchost.exe] [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)]
[PID: 900][F:\WINDOWS\System32\svchost.exe] [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)]
[PID: 972][F:\WINDOWS\System32\svchost.exe] [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)]
[PID: 1048][F:\WINDOWS\System32\svchost.exe] [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)]
[PID: 1276][F:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe] [Symantec Corporation, 106.1.3.3]
[F:\Program Files\Common Files\Symantec Shared\ccL60U.dll] [Symantec Corporation, 106.1.3.3]
[F:\Program Files\Common Files\Symantec Shared\ccVrTrst.dll] [Symantec Corporation, 106.1.3.3]
[F:\Program Files\Common Files\Symantec Shared\ccSvc.dll] [Symantec Corporation, 106.1.3.3]
[F:\Program Files\Common Files\Symantec Shared\ccSet.dll] [Symantec Corporation, 106.1.3.3]
[F:\PROGRA~1\COMMON~1\SYMANT~1\CCSETPLG.DLL] [Symantec Corporation, 106.1.3.3]
[F:\PROGRA~1\NORTON~1\AVPSVC32.DLL] [Symantec Corporation, 14.0.0.89]
[F:\PROGRA~1\NORTON~1\AVPSVC32.loc] [Symantec Corporation, 14.0.0.89]
[F:\Program Files\Norton AntiVirus\AVSubmit.dll] [Symantec Corporation, 14.0.0.89]
[F:\Program Files\Norton AntiVirus\AVSubmit.loc] [Symantec Corporation, 14.0.0.89]
[F:\PROGRA~1\NORTON~1\ISDATASV.DLL] [Symantec Corporation, 10.0.0.247]
[F:\PROGRA~1\COMMON~1\SYMANT~1\NPC\NPCWMIMN.DLL] [Symantec Corporation, 2007.1.00.118]
[F:\PROGRA~1\COMMON~1\SYMANT~1\SNDSVC.DLL] [Symantec Corporation, 7.0.0.170]
[F:\Program Files\Common Files\Symantec Shared\ccL60.dll] [Symantec Corporation, 106.1.3.3]
[F:\PROGRA~1\COMMON~1\SYMANT~1\SUBMIS~1\SUBENG.DLL] [Symantec Corporation, 2.0.0.164]
[F:\PROGRA~1\COMMON~1\SYMANT~1\SUBMIS~1\SUBRES.loc] [Symantec Corporation, 2.0.0.164]
[F:\PROGRA~1\COMMON~1\SYMANT~1\SPBBC\TPROCPLG.DLL] [Symantec Corporation, 3.0.1.10]
[F:\PROGRA~1\COMMON~1\SYMANT~1\CCEVTPLG.DLL] [Symantec Corporation, 106.1.3.3]
[F:\Program Files\Common Files\Symantec Shared\ccEvtCli.dll] [Symantec Corporation, 106.1.3.3]
[F:\PROGRA~1\COMMON~1\SYMANT~1\FIREWALL\FWAGENT.DLL] [Symantec Corporation, 1.0.0.184]
[F:\PROGRA~1\COMMON~1\SYMANT~1\SPBBC\SPBBCEVT.DLL] [Symantec Corporation, 3.0.1.10]
[F:\PROGRA~1\COMMON~1\SYMANT~1\SRTSP\SRTSP32.DLL] [Symantec Corporation, 10.1.3.9]
[F:\Program Files\Common Files\Symantec Shared\ccProSub.dll] [Symantec Corporation, 106.1.3.3]
[F:\PROGRA~1\COMMON~1\SYMANT~1\CCSETEVT.DLL] [Symantec Corporation, 106.1.3.3]
[F:\PROGRA~1\NORTON~1\NAVEVENT.DLL] [Symantec Corporation, 14.0.0.89]
[F:\WINDOWS\SYSTEM32\SYMNETI.DLL] [Symantec Corporation, 7.0.0.170]
[F:\Program Files\Norton AntiVirus\isDataCl.dll] [Symantec Corporation, 10.0.0.247]
[F:\Program Files\Norton AntiVirus\SetEvtHp.dll] [Symantec Corporation, 10.0.0.247]
[F:\Program Files\Common Files\Symantec Shared\AntiVirus\AVIfc.dll] [Symantec Corporation, 1.0.00.194]
[F:\Program Files\Common Files\Symantec Shared\AppCore\AppMgr32.dll] [Symantec Corporation, 1.0.00.101]
[F:\Program Files\Common Files\Symantec Shared\Firewall\FWHelper.dll] [Symantec Corporation, 1.0.0.184]
[F:\Program Files\Norton AntiVirus\fwPlugin.dll] [Symantec Corporation, 10.0.0.247]
[F:\Program Files\Norton AntiVirus\fwEvent.dll] [Symantec Corporation, 10.0.0.247]
[F:\PROGRA~1\COMMON~1\SYMANT~1\OPC\{31011~1\CLTNETCN.DLL] [Symantec Corporation, 7.0.0.108]
[F:\Program Files\Common Files\Symantec Shared\ccALEng.dll] [Symantec Corporation, 106.1.3.3]
[F:\Program Files\Norton AntiVirus\IMCfg.dll] [Symantec Corporation, 10.0.0.247]
[F:\Program Files\Common Files\Symantec Shared\SPBBC\bbRGen.dll] [Symantec Corporation, 3.0.1.10]
[F:\PROGRA~1\COMMON~1\SYMANT~1\SUBMIS~1\SubConn.dll] [Symantec Corporation, 2.0.0.164]
[PID: 1332][F:\WINDOWS\Explorer.EXE] [Microsoft Corporation, 6.00.2800.1106 (xpsp1.020828-1920)]
[F:\PROGRA~1\COMMON~1\SYMANT~1\NPC\NSCEXT.DLL] [Symantec Corporation, 2007.1.00.118]
[F:\Program Files\Common Files\Symantec Shared\ccL60U.dll] [Symantec Corporation, 106.1.3.3]
[F:\Program Files\Adobe\Acrobat 7.0\ActiveX\PDFShell.dll] [Adobe Systems, Inc., 7.0.0.0]
[F:\Program Files\Adobe\Acrobat 7.0\ActiveX\PDFShell.CHS] [Adobe Systems, Inc., 7.0.0.0]
[F:\Program Files\WinRAR\rarext.dll] [N/A, N/A]
[F:\PROGRA~1\NORTON~1\NavShExt.dll] [Symantec Corporation, 14.0.0.89]
[F:\Program Files\Common Files\Symantec Shared\ccVrTrst.dll] [Symantec Corporation, 106.1.3.3]
[F:\PROGRA~1\NORTON~1\NavShExt.loc] [N/A, N/A]
[F:\Program Files\Adobe\Acrobat 7.0\Acrobat Elements\ContextMenu.dll] [Adobe Systems Inc., 7.0.0.2004121400\0]
[F:\Program Files\Adobe\Acrobat 7.0\Acrobat Elements\ContextMenu.chs] [Adobe Systems Inc., 7.0.0.2004121400\0]
[PID: 1432][F:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe] [Symantec Corporation, 1.0.00.101]
[F:\Program Files\Common Files\Symantec Shared\ccL60U.dll] [Symantec Corporation, 106.1.3.3]
[F:\Program Files\Common Files\Symantec Shared\ccVrTrst.dll] [Symantec Corporation, 106.1.3.3]
[F:\Program Files\Common Files\Symantec Shared\AppCore\AppMgr32.dll] [Symantec Corporation, 1.0.00.101]
[F:\Program Files\Common Files\Symantec Shared\AppCore\AppSet32.dll] [Symantec Corporation, 1.0.00.101]
[F:\Program Files\Common Files\Symantec Shared\ccSvc.dll] [Symantec Corporation, 106.1.3.3]
[F:\Program Files\Common Files\Symantec Shared\AntiVirus\AVScan.dll] [Symantec Corporation, 1.0.00.194]
[F:\Program Files\Common Files\Symantec Shared\AntiVirus\AV.loc] [Symantec Corporation, 1.0.00.194]
[F:\Program Files\Common Files\Symantec Shared\AntiVirus\avDefMgr.dll] [Symantec Corporation, 1.0.00.194]
[F:\Program Files\Common Files\Symantec Shared\DefUtDCD.dll] [Symantec Corporation, 3.2.10.0]
[F:\Program Files\Common Files\Symantec Shared\AntiVirus\avModule.dll] [Symantec Corporation, 1.0.00.194]
[F:\Program Files\Common Files\Symantec Shared\QBackup.dll] [Symantec Corporation, 1.0.00.194]
[F:\Program Files\Common Files\Symantec Shared\AntiVirus\AVExclu.dll] [Symantec Corporation, 1.0.00.194]
[F:\Program Files\Common Files\Symantec Shared\SRTSP\Srtsp32.dll] [Symantec Corporation, 10.1.3.9]
[F:\Program Files\Common Files\Symantec Shared\ccProSub.dll] [Symantec Corporation, 106.1.3.3]
[F:\PROGRA~1\COMMON~1\SYMANT~1\ccEvtCli.dll] [Symantec Corporation, 106.1.3.3]
[F:\Program Files\Common Files\Symantec Shared\ccScanw.dll] [Symantec Corporation, 106.1.3.3]

muenster - 2006-12-23 8:00:00

[F:\Program Files\Common Files\Symantec Shared\ecmldr32.DLL] [Symantec Corporation, 61.3.0.17]
[F:\Program Files\Common Files\Symantec Shared\MSL\msl.dll] [Symantec Corporation, 5.0.071.000]
[F:\Program Files\Common Files\Symantec Shared\ccSet.dll] [Symantec Corporation, 106.1.3.3]
[F:\PROGRA~1\COMMON~1\SYMANT~1\VIRUSD~1\20061222.009\ccEraser.dll] [Symantec Corporation, 106.3.3.2]
[F:\Program Files\Common Files\Symantec Shared\COH\AHS.dll] [Symantec Corporation, 6,0,1,3]
[F:\DOCUME~1\ALLUSE~1\APPLIC~1\Symantec\SyKnAppS\SyKnAppS.dll] [Symantec Corporation, 1.1.0.77]
[PID: 1496][F:\WINDOWS\system32\spoolsv.exe] [Microsoft Corporation, 5.1.2600.1699 (xpsp2.050610-1533)]
[F:\WINDOWS\System32\AdobePDF.dll] [Adobe Systems Incorporated., 7.0.0.00]
[F:\Program Files\Adobe\Acrobat 7.0\Distillr\AdistRes.CHS] [N/A, N/A]
[PID: 192][F:\Program Files\Common Files\Real\Update_OB\realsched.exe] [RealNetworks, Inc., 0.1.0.3536]
[PID: 184][F:\Program Files\Common Files\Symantec Shared\ccApp.exe] [Symantec Corporation, 106.1.3.3]
[F:\Program Files\Common Files\Symantec Shared\ccL60U.dll] [Symantec Corporation, 106.1.3.3]
[F:\WINDOWS\System32\SymNeti.dll] [Symantec Corporation, 7.0.0.170]
[F:\Program Files\Common Files\Symantec Shared\ccVrTrst.dll] [Symantec Corporation, 106.1.3.3]
[F:\Program Files\Common Files\Symantec Shared\ccSvc.dll] [Symantec Corporation, 106.1.3.3]
[F:\Program Files\Common Files\Symantec Shared\ccSet.dll] [Symantec Corporation, 106.1.3.3]
[F:\Program Files\Common Files\Symantec Shared\AppCore\AppPlg32.dll] [Symantec Corporation, 1.0.00.101]
[F:\Program Files\Common Files\Symantec Shared\AppCore\AppMgr32.dll] [Symantec Corporation, 1.0.00.101]
[F:\Program Files\Common Files\Symantec Shared\AppCore\AppSet32.dll] [Symantec Corporation, 1.0.00.101]
[F:\PROGRA~1\COMMON~1\SYMANT~1\CCALERT.DLL] [Symantec Corporation, 106.1.3.3]
[F:\PROGRA~1\COMMON~1\SYMANT~1\CCEMLPXY.DLL] [Symantec Corporation, 106.1.3.3]
[F:\Program Files\Norton AntiVirus\fwAlert.dll] [Symantec Corporation, 10.0.0.247]
[F:\Program Files\Norton AntiVirus\fwAlRes.dll] [Symantec Corporation, 10.0.0.247]
[F:\PROGRA~1\NORTON~1\DEFALERT.DLL] [Symantec Corporation, 14.0.0.89]
[F:\PROGRA~1\NORTON~1\AVPAPP32.DLL] [Symantec Corporation, 14.0.0.89]
[F:\Program Files\Common Files\Symantec Shared\NPC\npcTRAY.dll] [Symantec Corporation, 2007.1.00.118]
[F:\Program Files\Common Files\Symantec Shared\CF\PEP2.dll] [Symantec Corporation, 2006.1.00.58]
[F:\Program Files\Common Files\Symantec Shared\COH\sesHlp.dll] [Symantec Corporation, 6,0,1,3]
[F:\Program Files\Common Files\Symantec Shared\ccSetEvt.dll] [Symantec Corporation, 106.1.3.3]
[F:\PROGRA~1\NORTON~1\AVPAPP32.loc] [Symantec Corporation, 14.0.0.89]
[F:\Program Files\Common Files\Symantec Shared\ccProSub.dll] [Symantec Corporation, 106.1.3.3]
[F:\Program Files\Common Files\Symantec Shared\AntiVirus\AVIfc.dll] [Symantec Corporation, 1.0.00.194]
[F:\PROGRA~1\COMMON~1\SYMANT~1\ccEvtCli.dll] [Symantec Corporation, 106.1.3.3]
[F:\Program Files\Norton AntiVirus\isDataCl.dll] [Symantec Corporation, 10.0.0.247]
[F:\Program Files\Common Files\Symantec Shared\NPC\DataPvdr.dll] [Symantec Corporation, 2007.1.00.118]
[F:\Program Files\Common Files\Symantec Shared\NPC\NSCHlpr2.dll] [Symantec Corporation, 2007.1.00.118]
[F:\Program Files\Norton AntiVirus\SetEvtHp.dll] [Symantec Corporation, 10.0.0.247]
[F:\Program Files\Norton AntiVirus\fwEvent.dll] [Symantec Corporation, 10.0.0.247]
[F:\PROGRA~1\COMMON~1\SYMANT~1\rcEmlPxy.dll] [Symantec Corporation, 106.0.1.10]
[F:\WINDOWS\System32\SymRedir.dll] [Symantec Corporation, 7.0.0.170]
[F:\Program Files\Common Files\Symantec Shared\NPC\pcStatus.dll] [Symantec Corporation, 2007.1.00.118]
[F:\Program Files\Common Files\Symantec Shared\NPC\uiLicPlg.dll] [Symantec Corporation, 2007.1.00.118]
[F:\Program Files\Common Files\Symantec Shared\NPC\NSCWSCR2.DLL] [Symantec Corporation, 2007.1.00.118]
[F:\Program Files\Common Files\Symantec Shared\AntiVirus\AVMail.dll] [Symantec Corporation, 1.0.00.194]
[F:\Program Files\Common Files\Symantec Shared\AntiVirus\AVExclu.dll] [Symantec Corporation, 1.0.00.194]
[F:\Program Files\Common Files\Symantec Shared\NPC\PEPEvnt.dll] [Symantec Corporation, 2007.1.00.118]
[F:\PROGRA~1\COMMON~1\SYMANT~1\rcAlert.dll] [Symantec Corporation, 106.0.1.10]
[F:\Program Files\Common Files\Symantec Shared\CF\cfV2Pack.dll] [Symantec Corporation, 2006.1.00.58]
[F:\Program Files\Common Files\Symantec Shared\CF\cfEPack.dll] [Symantec Corporation, 2006.1.00.58]
[F:\Program Files\Common Files\Symantec Shared\SymTheme\1.0\SymTheme.dll] [Symantec Corporation, 1.0.00.79]
[PID: 220][F:\WINDOWS\System32\ctfmon.exe] [Microsoft Corporation, 5.1.2600.1106 (xpsp1.020828-1920)]
[PID: 1872][F:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe] [Symantec Corporation, 3.1.0.99]
[F:\Program Files\Common Files\Symantec Shared\ccVrTrst.dll] [Symantec Corporation, 106.1.3.3]
[F:\Program Files\Common Files\Symantec Shared\ccL60U.dll] [Symantec Corporation, 106.1.3.3]
[PID: 1956][F:\WINDOWS\System32\lkcitdl.exe] [National Instruments, Inc., 4.5.2.0]
[F:\WINDOWS\System32\LKDYNAM.dll] [National Instruments, Inc., 4.6.0.1036]
[F:\WINDOWS\System32\LKSOCK.dll] [National Instruments, Inc., 4.6.0.1036]
[F:\WINDOWS\System32\LKSEC.dll] [National Instruments, Inc., 4.6.0.1036]
[F:\WINDOWS\System32\LKOBENV.dll] [National Instruments, Inc., 4.6.0.1036]
[F:\WINDOWS\System32\nidscmem.dll] [National Instruments, Inc., 1.1.0.1036]
[F:\Program Files\National Instruments\Shared\Security\nidm_client_thinauth.dll] [National Instruments, Inc., 1.1.0.1036]
[PID: 2004][F:\WINDOWS\System32\lkads.exe] [National Instruments, Inc., 4.6.0.1036]
[F:\WINDOWS\System32\LKSOCK.dll] [National Instruments, Inc., 4.6.0.1036]
[F:\WINDOWS\System32\LKSEC.dll] [National Instruments, Inc., 4.6.0.1036]
[F:\WINDOWS\System32\LKDYNAM.dll] [National Instruments, Inc., 4.6.0.1036]
[F:\Program Files\National Instruments\Shared\Security\nidm_client_thinauth.dll] [National Instruments, Inc., 1.1.0.1036]
[PID: 2020][F:\WINDOWS\System32\lktsrv.exe] [National Instruments, Inc., 4.6.0.1036]
[F:\WINDOWS\System32\LKSTIME.dll] [National Instruments, Inc., 4.6.0.1036]
[F:\WINDOWS\System32\LKSOCK.dll] [National Instruments, Inc., 4.6.0.1036]
[F:\WINDOWS\System32\LKSEC.dll] [National Instruments, Inc., 4.6.0.1036]
[F:\WINDOWS\System32\LKDYNAM.dll] [National Instruments, Inc., 4.6.0.1036]
[F:\Program Files\National Instruments\Shared\Security\nidm_client_thinauth.dll] [National Instruments, Inc., 1.1.0.1036]
[PID: 1564][F:\Program Files\National Instruments\Shared\Security\nidmsrv.exe] [National Instruments, Inc., 1.1.0.1036]
[F:\WINDOWS\System32\LKSOCK.dll] [National Instruments, Inc., 4.6.0.1036]
[F:\WINDOWS\System32\LKSEC.dll] [National Instruments, Inc., 4.6.0.1036]
[F:\WINDOWS\System32\LKDYNAM.dll] [National Instruments, Inc., 4.6.0.1036]
[F:\Program Files\National Instruments\Shared\Security\nidm_client_thinauth.dll] [National Instruments, Inc., 1.1.0.1036]

muenster - 2006-12-23 8:01:00

[PID: 516][F:\WINDOWS\System32\svchost.exe] [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)]
[PID: 2124][F:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe] [Symantec Corporation, 1.9.1.1034]
[F:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcnet.dll] [Symantec Corporation, 1.9.1.1034]
[PID: 2252][F:\WINDOWS\System32\wuauclt.exe] [Microsoft Corporation, 5.8.0.2469 built by: lab01_n(wmbla)]
[PID: 1660][F:\Program Files\Mozilla Firefox\firefox.exe] [Mozilla Corporation, 1.8.0.7: 2006091806]
[F:\Program Files\Mozilla Firefox\js3250.dll] [Netscape Communications Corporation, 4.0]
[F:\Program Files\Mozilla Firefox\nspr4.dll] [Netscape Communications Corporation, 4.6.1]
[F:\Program Files\Mozilla Firefox\xpcom_core.dll] [Mozilla Foundation, 1.8.0.7: 2006091806]
[F:\Program Files\Mozilla Firefox\plc4.dll] [Netscape Communications Corporation, 4.6.1]
[F:\Program Files\Mozilla Firefox\plds4.dll] [Netscape Communications Corporation, 4.6.1]
[F:\Program Files\Mozilla Firefox\smime3.dll] [Netscape Communications Corporation, 3.10.2]
[F:\Program Files\Mozilla Firefox\nss3.dll] [Netscape Communications Corporation, 3.10.2]
[F:\Program Files\Mozilla Firefox\softokn3.dll] [Netscape Communications Corporation, 3.10.2]
[F:\Program Files\Mozilla Firefox\ssl3.dll] [Netscape Communications Corporation, 3.10.2]
[F:\Program Files\Mozilla Firefox\xpcom_compat.dll] [Mozilla Foundation, 1.8.0.7: 2006091806]
[F:\Program Files\Mozilla Firefox\components\jar50.dll] [Mozilla Foundation, 1.8.0.7: 2006091806]
[F:\Program Files\Mozilla Firefox\nssckbi.dll] [Netscape Communications Corporation, 1.53]
[F:\Program Files\Mozilla Firefox\plugins\NPSWF32.dll] [N/A, N/A]
[PID: 2092][F:\Documents and Settings\GaoYang\桌面\sreng2\SREng\SREng.exe] [Smallfrogs Studio, 2.2.6.605]

==================================
文件关联
.TXT OK. [%SystemRoot%\system32\NOTEPAD.EXE %1]
.EXE OK. ["%1" %*]
.COM OK. ["%1" %*]
.PIF OK. ["%1" %*]
.REG OK. [regedit.exe "%1"]
.BAT OK. ["%1" %*]
.SCR OK. ["%1" /S]
.CHM OK. ["F:\WINDOWS\hh.exe" %1]
.HLP OK. [%SystemRoot%\System32\winhlp32.exe %1]
.INI OK. [%SystemRoot%\System32\NOTEPAD.EXE %1]
.INF OK. [%SystemRoot%\System32\NOTEPAD.EXE %1]
.VBS OK. [%SystemRoot%\System32\WScript.exe "%1" %*]
.JS OK. [%SystemRoot%\System32\WScript.exe "%1" %*]
.LNK OK. [{00021401-0000-0000-C000-000000000046}]

==================================
Winsock 提供者
N/A

==================================
Autorun.inf
N/A

==================================
HOSTS 文件
127.0.0.1 localhost

==================================

瑞星卡卡安全论坛