瑞星卡卡安全论坛
zslzsl - 2006-12-30 17:09:00
前不久中了Trojan-PSW.Win32.OnLineGames.bs 卡巴杀不掉 ewido查不出来
在C:\Documents and Settings\Administrator.6B03C864A81D41D\Local Settings\Temp文件夹下多了几个病毒文件
1.exe
2.exe
3.exe
mhs2.dll
wlzs.dll
ztq.dll
还有一个文件夹zt2,里面有一个svchost.exe
上面几个文件删了后又会出来,在安全模式下删了也没用 并且在安全模式下自启动项中的mhs2.dllwlzs.dll删了还会出来
我试过killbox也没用
这些文件就象幽灵一样挥之不去 快折磨死我了~~
这个病毒貌似有其他的进程做后门,但我不会找
望高手指点一二 告诉我这个病毒的后台到底在哪 该怎么清除 感激不尽!!!!
鸟儿天上飞 - 2006-12-30 17:13:00
上sreng
②下载地址: http://www.kztechs.com/sreng/sreng2.zip(443K)
zslzsl - 2006-12-30 17:19:00
2006-12-30,17:03:55
System Repair Engineer 2.2.6.605
Smallfrogs (http://www.KZTechs.com)
Windows XP Professional Service Pack 2 (Build 2600)
- 管理权限用户 - 完整功能
以下内容被选中:
所有的启动项目(包括注册表、启动文件夹、服务等)
浏览器加载项
正在运行的进程(包括进程模块信息)
文件关联
Winsock 提供者
Autorun.inf
HOSTS 文件
启动项目
注册表
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
<ctfmon.exe><C:\WINDOWS\system32\ctfmon.exe> [(Verified)Microsoft Corporation]
<myZt2><C:\DOCUME~1\ADMINI~1.6B0\LOCALS~1\Temp\Zt2\SVCH0ST.EXE> [N/A]
[HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows]
<load><> [N/A]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
<IMJPMIG8.1><"C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32> [(Verified)Microsoft Corporation]
<PHIME2002ASync><C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC> [(Verified)Microsoft Corporation]
<PHIME2002A><C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName> [(Verified)Microsoft Corporation]
<yassistse><"C:\PROGRA~1\Yahoo!\Assistant\yassistse.exe"> [(Verified)Yahoo! China]
<NvCplDaemon><RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup> [NVIDIA Corporation]
<KAVPersonal50><"f:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Personal\kav.exe" /minimize> [Kaspersky Lab]
<IMSCMig><C:\PROGRA~1\COMMON~1\MICROS~1\IME\IMSC40A\IMSCMIG.EXE /Preload> [(Verified)Microsoft Corporation]
<HPDJ Taskbar Utility><C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb09.exe> [(Verified)HP]
<HP Component Manager><"C:\Program Files\HP\hpcoretech\hpcmpmgr.exe"> [Hewlett-Packard Company]
<DeviceDiscovery><C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe> [Hewlett-Packard]
<!ewido><"F:\Program Files\ewido anti-spyware 4.0\ewido.exe" /minimized> [Anti-Malware Development a.s.]
<StormCodec_Helper><"f:\Program Files\Ringz Studio\Storm Codec\StormSet.exe" /S /opti> [N/A]
<adx.exe><C:\Program Files\real\adx.exe> [Microsoft Corporation]
<KernelFaultCheck><; %systemroot%\system32\dumprep 0 -k> [N/A]
<mhs2><C:\DOCUME~1\ADMINI~1.6B0\LOCALS~1\Temp\2.exe> [N/A]
<wlzs><C:\DOCUME~1\ADMINI~1.6B0\LOCALS~1\Temp\3.exe> [N/A]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
<shell><Explorer.exe> [(Verified)Microsoft Corporation]
<Userinit><C:\WINDOWS\system32\userinit.exe> [(Verified)Microsoft Corporation]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Windows]
<AppInit_DLLs><338448M.BMP> [N/A]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
<UIHost><logonui.exe> [(Verified)Microsoft Corporation]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
<{E568441B-9EF3-49F8-9A67-4141AC41ADD4}><C:\PROGRA~1\Yahoo!\ASSIST~1\assist\ypatch.dll> [(Verified)Yahoo! China]
<{6E44887F-5214-41F2-AB46-4728735C4CC6}><C:\Program Files\Internet Explorer\PLUGINS\System8.sys> [N/A]
<{9C0CFA58-3A6F-51ba-9EFE-5320F4F62FB1}><C:\WINDOWS\system32\bdscheca100.dll> [N/A]
<{57B86673-276A-48B2-BAE7-C6DBB3020EB8}><f:\Program Files\ewido anti-spyware 4.0\shellexecutehook.dll> [Anti-Malware Development a.s.]
<{99F1D023-7CEB-4586-80F7-BB1A98DB7602}><C:\Program Files\Internet Explorer\IEXPLORE.Sys> [N/A]
<{FEB94F5A-69F3-4645-8C2B-9E71D270AF2E}><C:\Program Files\Internet Explorer\IEXPLORE.Dat> [N/A]
<{923509F1-45CB-4EC0-BDE0-1DED35B8FD60}><C:\Program Files\Internet Explorer\IEXPLORE.win> [N/A]
<{87DB138F-7F91-49A8-82A4-8A7BFC6E48D1}><C:\WINDOWS\debug\userMode\8808.dll> [N/A]
==================================
启动文件夹
N/A
==================================
服务
[ATK Keyboard Service / ATKKeyboardService]
<C:\WINDOWS\ATKKBService.exe><ASUSTeK COMPUTER INC.>
[ewido anti-spyware 4.0 guard / ewido anti-spyware 4.0 guard]
<f:\Program Files\ewido anti-spyware 4.0\guard.exe><Anti-Malware Development a.s.>
[Human Interface Device Access / HidServ]
<C:\WINDOWS\System32\svchost.exe -k netsvcs-->%SystemRoot%\System32\hidserv.dll><N/A>
[InstallDriver Table Manager / IDriverT]
<"C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe"><Macrovision Corporation>
[kavsvc / kavsvc]
<"f:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Personal\kavsvc.exe"><Kaspersky Lab>
[NVIDIA Display Driver Service / NVSvc]
<C:\WINDOWS\system32\nvsvc32.exe><NVIDIA Corporation>
[Visual Studio Analyzer RPC bridge / Visual Studio Analyzer RPC bridge]
<F:\Program Files\Microsoft Visual Studio\Common\Tools\VS-Ent98\Vanalyzr\varpc.exe><Microsoft Corporation>
[Windows DHCP Service / WinDHCPsvc]
<C:\WINDOWS\system32\rundll32.exe windhcp.ocx,start><Microsoft Corporation>
[WinXP DHCP Service / WinXPDHCPsvc]
<C:\WINDOWS\system32\rundll32.exe xpdhcp.dll,start><Microsoft Corporation>
==================================
驱动程序
[ADI UAA Function Driver for High Definition Audio Service / ADIHdAudAddService]
<system32\drivers\ADIHdAud.sys><Analog Devices, Inc.>
[AEAudio Service / AEAudioService]
<system32\drivers\AEAudio.sys><Andrea Electronics Corporation>
[ASUS Virtual Video Capture Device Driver / asusgsb]
<system32\drivers\asusgsb32.sys><ASUSTeK Computer Inc.>
[Asushwio / Asushwio]
<\??\C:\WINDOWS\system32\drivers\Asushwio.sys><N/A>
[Enhanced Display Driver Helper Service / asuskbnt]
<system32\drivers\atkkbnt.sys><ASUSTeK COMPUTER INC.>
[HelloNet PPPoE 虚拟网卡 / BRPPPOE]
<system32\DRIVERS\brpppoe.sys><N/A>
[Closed Caption Decoder / CCDECODE]
<system32\DRIVERS\CCDECODE.sys><N/A>
[EIO / EIO]
<\??\C:\WINDOWS\system32\drivers\EIO.sys><ASUSTeK Computer Inc.>
[ewido anti-spyware 4.0 driver / ewido anti-spyware 4.0 driver]
<\??\f:\Program Files\ewido anti-spyware 4.0\guard.sys><N/A>
[VIA PCI 10/100Mb Fast Ethernet Adapter NT Driver / FETNDIS]
<system32\DRIVERS\fetnd5.sys><VIA Technologies, Inc.>
[Microsoft UAA Function Driver for High Definition Audio Service / HdAudAddService]
<system32\drivers\HdAudio.sys><Windows (R) Server 2003 DDK provider>
[Microsoft UAA Bus Driver for High Definition Audio / HDAudBus]
<system32\DRIVERS\HDAudBus.sys><Windows (R) Server 2003 DDK provider>
[Kl1 / Kl1]
<\SystemRoot\System32\drivers\kl1.sys><Kaspersky Lab>
[Klif / Klif]
<System32\drivers\klif.sys><Kaspersky Labs>
[Klmc / Klmc]
<System32\drivers\klmc.sys><Kaspersky Lab>
[ATK0110 ACPI UTILITY / MTsensor]
<system32\DRIVERS\ASACPI.sys><>
[NABTS/FEC VBI Codec / NABTSFEC]
<system32\DRIVERS\NABTSFEC.sys><N/A>
[Microsoft TV/Video Connection / NdisIP]
<system32\DRIVERS\NdisIP.sys><N/A>
[npkcrypt / npkcrypt]
<\??\F:\Program Files\Tencent\qq\npkcrypt.sys><N/A>
[nv / nv]
<system32\DRIVERS\nv4_mini.sys><NVIDIA Corporation>
[Direct Parallel Link Driver / Ptilink]
<system32\DRIVERS\ptilink.sys><Parallel Technologies, Inc.>
[Secdrv / Secdrv]
<system32\DRIVERS\secdrv.sys><N/A>
[SenFilt Service / SenFiltService]
<system32\drivers\Senfilt.sys><Sensaura>
[BDA Slip De-Framer / SLIP]
<system32\DRIVERS\SLIP.sys><N/A>
[BDA IPSink / streamip]
<system32\DRIVERS\StreamIP.sys><N/A>
zslzsl - 2006-12-30 17:20:00
==================================
浏览器加载项
[AcroIEHlprObj Class]
{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} <F:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll, Adobe Systems Incorporated>
[BHOHelper Class]
{67A90DD5-128D-43AB-B97C-565D2DD42A28} <C:\Program Files\real\atloader.dll, Microsoft Corporation>
[BHOHelper Class]
{67A90DD6-128D-43AB-B97C-565D2DD42A28} <C:\Program Files\real\atloader.dll, Microsoft Corporation>
[Thunder Browser Helper]
{889D2FEB-5411-4565-8998-1DD2C5261283} <f:\Program Files\Thunder Network\Thunder\ComDlls\XunLeiBHO_002.dll, Thunder Networking Technologies,LTD>
[assist]
{FE3ECAE7-0A37-4506-8A7D-3CC9A04D2CA8} <C:\PROGRA~1\Yahoo!\ASSIST~1\Assist\yassist.dll, Yahoo! China>
[启动迅雷]
{0062C9BD-B349-40DE-91A0-755F37ACD559} <f:\Program Files\Thunder Network\Thunder\Thunder.exe, Thunder Networking Technologies,LTD>
[雅虎助手]
{5D73EE86-05F1-49ed-B850-E423120EC338} <http://cn.zs.yahoo.com/start.htm?source=yzs_icon&btn=yassistnew, N/A>
[番茄花园]
{6096E38F-5AC1-4391-8EC4-75DFA92FB32F} <http://www.tomatolei.com, N/A>
[信息检索(&R)]
{92780B25-18CC-41C8-B9BE-3C9C571A8263} <F:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL, Microsoft Corporation>
[易趣购物]
{BE9C13C3-9E46-4db1-BC05-BD8DA44599F2} <http://adfarm.mediaplex.com/ad/ck/4080-22910-9640-151?cn=song;icon;hp&mpro=http://www.ebay.com.cn, N/A>
[雅虎助手]
{406F94F0-504F-4A40-8DFD-58B0666ABEBD} <C:\PROGRA~1\Yahoo!\ASSIST~1\Assist\yasbar0.dll, yahoo! china>
[Shockwave Flash Object]
{D27CDB6E-AE6D-11CF-96B8-444553540000} <C:\WINDOWS\system32\Macromed\Flash\Flash9b.ocx, Adobe Systems, Inc.>
[AcroIEHlprObj Class]
{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} <F:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll, Adobe Systems Incorporated>
[HTML Document]
{25336920-03F9-11CF-8FD0-00AA00686F13} <%SystemRoot%\system32\mshtml.dll, N/A>
[DHTML Edit Control Safe for Scripting for IE5]
{2D360201-FFF5-11D1-8D03-00A0C959BC0A} <C:\Program Files\Common Files\Microsoft Shared\Triedit\dhtmled.ocx, Microsoft Corporation>
[Tabular Data Control]
{333C7BC4-460F-11D0-BC04-0080C7055A83} <C:\WINDOWS\system32\tdc.ocx, Microsoft Corporation>
[IETag Factory]
{38481807-CA0E-42D2-BF39-B33AF135CC4D} <C:\PROGRA~1\COMMON~1\MICROS~1\SMARTT~1\IETAG.DLL, Microsoft Corporation>
[雅虎助手]
{406F94F0-504F-4A40-8DFD-58B0666ABEBD} <C:\PROGRA~1\Yahoo!\ASSIST~1\Assist\yasbar0.dll, yahoo! china>
[Yahoo!Live]
{57421194-58FB-49AE-9B4F-FD48869B9AD4} <C:\PROGRA~1\Yahoo!\ASSIST~1\yalive.dll, yahoo! china>
[BHOHelper Class]
{67A90DD5-128D-43AB-B97C-565D2DD42A28} <C:\Program Files\real\atloader.dll, Microsoft Corporation>
[BHOHelper Class]
{67A90DD6-128D-43AB-B97C-565D2DD42A28} <C:\Program Files\real\atloader.dll, Microsoft Corporation>
[Windows Media Player]
{6BF52A52-394A-11D3-B153-00C04F79FAA6} <C:\WINDOWS\system32\wmp.dll, Microsoft Corporation>
[Thunder Browser Helper]
{889D2FEB-5411-4565-8998-1DD2C5261283} <f:\Program Files\Thunder Network\Thunder\ComDlls\XunLeiBHO_002.dll, Thunder Networking Technologies,LTD>
[RDS.DataSpace]
{BD96C556-65A3-11D0-983A-00C04FC29E36} <C:\Program Files\Common Files\system\msadc\msadco.dll, Microsoft Corporation>
[Shockwave Flash Object]
{D27CDB6E-AE6D-11CF-96B8-444553540000} <C:\WINDOWS\system32\Macromed\Flash\Flash9b.ocx, Adobe Systems, Inc.>
[ADXAutoLive]
{E5212436-921F-44a3-8865-11C0B9BA4AF2} <C:\Program Files\real\autolive.dll, Microsoft Corporation>
[ADXAutoLive]
{E5212437-921F-44a3-8865-11C0B9BA4AF2} <C:\PROGRA~1\real\autolive.dll, Microsoft Corporation>
[assist]
{FE3ECAE7-0A37-4506-8A7D-3CC9A04D2CA8} <C:\PROGRA~1\Yahoo!\ASSIST~1\Assist\yassist.dll, Yahoo! China>
[&使用迅雷下载]
<f:\Program Files\Thunder Network\Thunder\Program\GetUrl.htm, N/A>
[&使用迅雷下载全部链接]
<f:\Program Files\Thunder Network\Thunder\Program\GetAllUrl.htm, N/A>
[上传到QQ网络硬盘]
<F:\Program Files\Tencent\qq\AddToNetDisk.htm, N/A>
[导出到 Microsoft Office Excel(&X)]
<res://F:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000, N/A>
[添加到QQ自定义面板]
<F:\Program Files\Tencent\qq\AddPanel.htm, N/A>
[添加到QQ表情]
<F:\Program Files\Tencent\qq\AddEmotion.htm, N/A>
[用QQ彩信发送该图片]
<F:\Program Files\Tencent\qq\SendMMS.htm, N/A>
[雅虎搜索]
<res://C:\PROGRA~1\Yahoo!\ASSIST~1\Assist\yasbar0.dll/203, N/A>
==================================
正在运行的进程
[PID: 688][\SystemRoot\System32\smss.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 736][\??\C:\WINDOWS\system32\csrss.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 760][\??\C:\WINDOWS\system32\winlogon.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 804][C:\WINDOWS\system32\services.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 816][C:\WINDOWS\system32\lsass.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 972][C:\WINDOWS\system32\svchost.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 1052][C:\WINDOWS\system32\svchost.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 1172][C:\WINDOWS\System32\svchost.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 1256][C:\WINDOWS\system32\svchost.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 1332][C:\WINDOWS\system32\svchost.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 1524][C:\WINDOWS\system32\spoolsv.exe] [Microsoft Corporation, 5.1.2600.2696 (xpsp_sp2_gdr.050610-1519)]
[C:\WINDOWS\system32\hpzsnt09.dll] [HP, 2.236.4.0]
[PID: 1764][C:\WINDOWS\Explorer.EXE] [Microsoft Corporation, 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)]
[C:\PROGRA~1\Yahoo!\ASSIST~1\assist\ypatch.dll] [Yahoo! China, 3, 1, 7, 1023]
[C:\Program Files\Internet Explorer\PLUGINS\System8.sys] [N/A, N/A]
[C:\Program Files\Internet Explorer\IEXPLORE.Dat] [N/A, N/A]
[C:\WINDOWS\debug\userMode\8808.dll] [N/A, N/A]
[C:\Program Files\real\adx.dll] [Microsoft Corporation, 5, 1, 2606, 1229]
[C:\Program Files\real\bhomgr.dll] [Microsoft Corporation, 5, 1, 2606, 1229]
[C:\Program Files\real\urlcatch.dll] [Microsoft Corporation, 5, 1, 2606, 1229]
[C:\Program Files\real\atloader.dll] [Microsoft Corporation, 5, 1, 2606, 1229]
[C:\Program Files\real\autolive.dll] [Microsoft Corporation, 5, 1, 2606, 1229]
[C:\WINDOWS\system32\xpdhcp.dll] [N/A, N/A]
[f:\Program Files\ewido anti-spyware 4.0\shellexecutehook.dll] [Anti-Malware Development a.s., 4, 0, 0, 172]
[C:\WINDOWS\system32\windhcp.ocx] [N/A, N/A]
[C:\WINDOWS\338448M.BMP] [N/A, N/A]
[C:\DOCUME~1\ADMINI~1.6B0\LOCALS~1\Temp\ZtgL.dll] [N/A, N/A]
[F:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll] [Adobe Systems Incorporated, 7.0.0.2004121400]
[f:\Program Files\Thunder Network\Thunder\ComDlls\XunLeiBHO_002.dll] [Thunder Networking Technologies,LTD, 5, 0, 0, 2]
[C:\PROGRA~1\Yahoo!\ASSIST~1\Assist\yassist.dll] [Yahoo! China, 3, 1, 3, 1018]
[F:\Program Files\Adobe\Acrobat 7.0\ActiveX\PDFShell.dll] [Adobe Systems, Inc., 7.0.0.0]
[f:\Program Files\Unlocker\UnlockerCOM.dll] [N/A, N/A]
[f:\Program Files\WinRAR\rarext.dll] [N/A, N/A]
[f:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Personal\shellex.dll] [Kaspersky Lab, 5.0.388.1]
[f:\Program Files\ewido anti-spyware 4.0\context.dll] [Anti-Malware Development a.s., 4, 0, 0, 172]
[PID: 1904][F:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Personal\kav.exe] [Kaspersky Lab, 5.0.388.1]
[F:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Personal\FSSync.dll] [Kaspersky Lab, 5.0.388.0]
[F:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Personal\klipc.dll] [Kaspersky Lab, 5.0.388.0]
[F:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Personal\GuiDlgs.dll] [Kaspersky Lab, 5.0.388.1]
[F:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Personal\KLCMN.dll] [Kaspersky Lab, 5.0.388.1]
[F:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Personal\KLUtil.dll] [Kaspersky Lab, 5.0.388.1]
[F:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Personal\CCIFACE.dll] [Kaspersky Lab, 5.0.388.1]
[F:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Personal\rpt.dll] [Kaspersky Lab, 5.0.388.2]
[F:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Personal\ChkTool.DLL] [Kaspersky Lab, 5.0.388.1]
[F:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Personal\KAVMWnd.dll] [Kaspersky Lab, 5.0.388.1]
[F:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Personal\COLOC.dll] [Kaspersky Lab, 5.0.388.1]
[F:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Personal\GULOC.dll] [Kaspersky Lab, 5.0.388.1]
[F:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Personal\MALOC.dll] [Kaspersky Lab, 5.0.388.1]
[C:\Program Files\real\bhomgr.dll] [Microsoft Corporation, 5, 1, 2606, 1229]
[C:\Program Files\Internet Explorer\PLUGINS\System8.sys] [N/A, N/A]
[F:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Personal\AVLOC.dll] [Kaspersky Lab, 5.0.388.1]
[C:\WINDOWS\debug\userMode\8808.dll] [N/A, N/A]
[C:\Program Files\Internet Explorer\IEXPLORE.Dat] [N/A, N/A]
[C:\DOCUME~1\ADMINI~1.6B0\LOCALS~1\Temp\ZtgL.dll] [N/A, N/A]
zslzsl - 2006-12-30 17:21:00
[PID: 1920][C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb09.exe] [HP, 2.236.4.0]
[C:\WINDOWS\system32\spool\drivers\w32x86\3\HPZR3209.dll] [HP, 2.236.4.0]
[C:\Program Files\real\bhomgr.dll] [Microsoft Corporation, 5, 1, 2606, 1229]
[C:\Program Files\Internet Explorer\PLUGINS\System8.sys] [N/A, N/A]
[C:\WINDOWS\debug\userMode\8808.dll] [N/A, N/A]
[C:\Program Files\Internet Explorer\IEXPLORE.Dat] [N/A, N/A]
[PID: 1928][C:\Program Files\HP\hpcoretech\hpcmpmgr.exe] [Hewlett-Packard Company, 2.1.1]
[C:\Program Files\Internet Explorer\PLUGINS\System8.sys] [N/A, N/A]
[C:\Program Files\real\bhomgr.dll] [Microsoft Corporation, 5, 1, 2606, 1229]
[C:\WINDOWS\debug\userMode\8808.dll] [N/A, N/A]
[C:\Program Files\Internet Explorer\IEXPLORE.Dat] [N/A, N/A]
[PID: 1936][C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe] [Hewlett-Packard, 1, 0, 0, 1]
[C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpodvd08.dll] [Hewlett-Packard, 2, 0, 2, 2]
[C:\Program Files\Internet Explorer\PLUGINS\System8.sys] [N/A, N/A]
[C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqcxm08.dll] [Hewlett-Packard Co., 4.2.0.127]
[C:\WINDOWS\debug\userMode\8808.dll] [N/A, N/A]
[C:\Program Files\Internet Explorer\IEXPLORE.Dat] [N/A, N/A]
[PID: 1948][F:\Program Files\ewido anti-spyware 4.0\ewido.exe] [Anti-Malware Development a.s., 4, 0, 0, 201]
[F:\Program Files\ewido anti-spyware 4.0\engine.dll] [Anti-Malware Development a.s., 4, 0, 0, 172]
[C:\Program Files\Internet Explorer\PLUGINS\System8.sys] [N/A, N/A]
[C:\Program Files\real\bhomgr.dll] [Microsoft Corporation, 5, 1, 2606, 1229]
[C:\WINDOWS\debug\userMode\8808.dll] [N/A, N/A]
[C:\Program Files\Internet Explorer\IEXPLORE.Dat] [N/A, N/A]
[C:\PROGRA~1\Yahoo!\ASSIST~1\assist\ypatch.dll] [Yahoo! China, 3, 1, 7, 1023]
[C:\DOCUME~1\ADMINI~1.6B0\LOCALS~1\Temp\ZtgL.dll] [N/A, N/A]
[PID: 276][C:\WINDOWS\system32\ctfmon.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[C:\Program Files\Internet Explorer\PLUGINS\System8.sys] [N/A, N/A]
[C:\WINDOWS\debug\userMode\8808.dll] [N/A, N/A]
[C:\Program Files\Internet Explorer\IEXPLORE.Dat] [N/A, N/A]
[PID: 368][C:\WINDOWS\ATKKBService.exe] [ASUSTeK COMPUTER INC., 1, 0, 0, 0]
[PID: 524][f:\Program Files\ewido anti-spyware 4.0\guard.exe] [Anti-Malware Development a.s., 4, 0, 0, 172]
[f:\Program Files\ewido anti-spyware 4.0\engine.dll] [Anti-Malware Development a.s., 4, 0, 0, 172]
[PID: 600][f:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Personal\kavsvc.exe] [Kaspersky Lab, 5.0.388.1]
[f:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Personal\FSSync.dll] [Kaspersky Lab, 5.0.388.0]
[f:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Personal\pr_rmt.dll] [Kaspersky Lab, 5.0.388.0]
[f:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Personal\klipc.dll] [Kaspersky Lab, 5.0.388.0]
[f:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Personal\CCIFACE.dll] [Kaspersky Lab, 5.0.388.1]
[f:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Personal\KLUtil.dll] [Kaspersky Lab, 5.0.388.1]
[f:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Personal\rpt.dll] [Kaspersky Lab, 5.0.388.2]
[f:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Personal\ChkTool.DLL] [Kaspersky Lab, 5.0.388.1]
[f:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Personal\prloader.dll] [Kaspersky Lab, 5.0.388.0]
[f:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Personal\prkernel.ppl] [Kaspersky Lab, 5.0.388.0]
[f:\program files\kaspersky lab\kaspersky anti-virus personal\startups.ppl] [Kaspersky Lab, 5.0.388.0]
[f:\program files\kaspersky lab\kaspersky anti-virus personal\pr_srv.ppl] [Kaspersky Lab, 5.0.388.0]
[f:\program files\kaspersky lab\kaspersky anti-virus personal\pr_clnt.ppl] [Kaspersky Lab, 5.0.388.0]
[f:\program files\kaspersky lab\kaspersky anti-virus personal\prstring.ppl] [Kaspersky Lab, 5.0.388.0]
[f:\program files\kaspersky lab\kaspersky anti-virus personal\l_llio.ppl] [Kaspersky Lab, 5.0.388.0]
[f:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Personal\avp_iont.dll] [Kaspersky Lab, 5.0.0.0]
[f:\program files\kaspersky lab\kaspersky anti-virus personal\inflate.ppl] [Kaspersky Lab, 5.0.388.16]
[f:\program files\kaspersky lab\kaspersky anti-virus personal\avlib.ppl] [Kaspersky Lab, 5.0.391.0]
[f:\program files\kaspersky lab\kaspersky anti-virus personal\arj.ppl] [Kaspersky Lab, 5.0.388.16]
[f:\program files\kaspersky lab\kaspersky anti-virus personal\arjpack.ppl] [Kaspersky Lab, 5.0.388.16]
[f:\program files\kaspersky lab\kaspersky anti-virus personal\avp1.ppl] [Kaspersky Lab, 5.0.388.0]
[f:\program files\kaspersky lab\kaspersky anti-virus personal\avpgs.ppl] [Kaspersky Lab, 5.0.388.0]
[f:\program files\kaspersky lab\kaspersky anti-virus personal\avpmgr.ppl] [Kaspersky Lab, 5.0.388.0]
[f:\program files\kaspersky lab\kaspersky anti-virus personal\wdiskio.ppl] [Kaspersky Lab, 5.0.388.0]
[f:\program files\kaspersky lab\kaspersky anti-virus personal\btdisk.ppl] [Kaspersky Lab, 5.0.388.0]
[f:\program files\kaspersky lab\kaspersky anti-virus personal\buffer.ppl] [Kaspersky Lab, 5.0.388.0]
[f:\program files\kaspersky lab\kaspersky anti-virus personal\cab.ppl] [Kaspersky Lab, 5.0.390.16]
[f:\program files\kaspersky lab\kaspersky anti-virus personal\deflate.ppl] [Kaspersky Lab, 5.0.388.16]
[f:\program files\kaspersky lab\kaspersky anti-virus personal\dmap.ppl] [Kaspersky Lab, 5.0.388.16]
[f:\program files\kaspersky lab\kaspersky anti-virus personal\dtreg.ppl] [Kaspersky Lab, 5.0.388.0]
[f:\program files\kaspersky lab\kaspersky anti-virus personal\explode.ppl] [Kaspersky Lab, 5.0.388.16]
[f:\program files\kaspersky lab\kaspersky anti-virus personal\hashcont.ppl] [Kaspersky Lab, 5.0.388.0]
[f:\program files\kaspersky lab\kaspersky anti-virus personal\hashmd5.ppl] [Kaspersky Lab, 5.0.388.0]
[f:\program files\kaspersky lab\kaspersky anti-virus personal\hccmp.ppl] [Kaspersky Lab, 5.0.388.0]
[f:\program files\kaspersky lab\kaspersky anti-virus personal\ichk2.ppl] [Kaspersky Lab, 5.0.388.0]
[f:\program files\kaspersky lab\kaspersky anti-virus personal\ichstrms.ppl] [Kaspersky Lab, 5.0.388.0]
[f:\program files\kaspersky lab\kaspersky anti-virus personal\klonacci.ppl] [Kaspersky Lab, 5.0.388.230]
[f:\program files\kaspersky lab\kaspersky anti-virus personal\mailmsg.ppl] [Kaspersky Lab, 5.0.388.0]
[f:\program files\kaspersky lab\kaspersky anti-virus personal\mchk.ppl] [Kaspersky Lab, 5.0.388.1]
[f:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Personal\klcp.dll] [Kaspersky Lab, 5.0.388.1]
[f:\program files\kaspersky lab\kaspersky anti-virus personal\mdmap.ppl] [Kaspersky Lab, 5.0.388.16]
[f:\program files\kaspersky lab\kaspersky anti-virus personal\memmodsc.ppl] [Kaspersky Lab, 5.0.388.0]
[f:\program files\kaspersky lab\kaspersky anti-virus personal\memscan.ppl] [Kaspersky Lab, 5.0.388.0]
[f:\program files\kaspersky lab\kaspersky anti-virus personal\minizip.ppl] [Kaspersky Lab, 5.0.388.16]
[f:\program files\kaspersky lab\kaspersky anti-virus personal\msoe.ppl] [Kaspersky Lab, 5.0.388.0]
[f:\program files\kaspersky lab\kaspersky anti-virus personal\nfio.ppl] [Kaspersky Lab, 5.0.388.0]
[f:\program files\kaspersky lab\kaspersky anti-virus personal\ntfsstrm.ppl] [Kaspersky Lab, 5.0.388.0]
[f:\program files\kaspersky lab\kaspersky anti-virus personal\passdmap.ppl] [Kaspersky Lab, 5.0.388.0]
[f:\program files\kaspersky lab\kaspersky anti-virus personal\prseqio.ppl] [Kaspersky Lab, 5.0.388.0]
[f:\program files\kaspersky lab\kaspersky anti-virus personal\prutil.ppl] [Kaspersky Lab, 5.0.388.0]
[f:\program files\kaspersky lab\kaspersky anti-virus personal\qio.ppl] [Kaspersky Lab, 5.0.0.16]
[f:\program files\kaspersky lab\kaspersky anti-virus personal\quantum.ppl] [Kaspersky Lab, 5.0.388.0]
[f:\program files\kaspersky lab\kaspersky anti-virus personal\rar.ppl] [Kaspersky Lab, 5.0.388.0]
[f:\program files\kaspersky lab\kaspersky anti-virus personal\sfdb.ppl] [Kaspersky Lab, 5.0.388.0]
[f:\program files\kaspersky lab\kaspersky anti-virus personal\stored.ppl] [Kaspersky Lab, 5.0.388.16]
[f:\program files\kaspersky lab\kaspersky anti-virus personal\superio.ppl] [Kaspersky Lab, 5.0.388.0]
[f:\program files\kaspersky lab\kaspersky anti-virus personal\tempfile.ppl] [Kaspersky Lab, 5.0.388.0]
[f:\program files\kaspersky lab\kaspersky anti-virus personal\unarj.ppl] [Kaspersky Lab, 5.0.388.16]
[f:\program files\kaspersky lab\kaspersky anti-virus personal\uniarc.ppl] [Kaspersky Lab, 5.0.388.16]
[f:\program files\kaspersky lab\kaspersky anti-virus personal\unlzx.ppl] [Kaspersky Lab, 5.0.388.16]
[f:\program files\kaspersky lab\kaspersky anti-virus personal\unreduce.ppl] [Kaspersky Lab, 5.0.388.16]
[f:\program files\kaspersky lab\kaspersky anti-virus personal\unshrink.ppl] [Kaspersky Lab, 5.0.388.16]
[f:\program files\kaspersky lab\kaspersky anti-virus personal\unstored.ppl] [Kaspersky Lab, 5.0.388.16]
[f:\program files\kaspersky lab\kaspersky anti-virus personal\winreg.ppl] [Kaspersky Lab, 5.0.388.0]
[f:\program files\kaspersky lab\kaspersky anti-virus personal\xorio.ppl] [Kaspersky Lab, 5.0.388.16]
[f:\program files\kaspersky lab\kaspersky anti-virus personal\zcompare.ppl] [Kaspersky Lab, 5.0.388.0]
[f:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Personal\wcswmi.dll] [Kaspersky Lab, 5.0.388.1]
[f:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Personal\KLOnAcc.dll] [Kaspersky Lab, 5.0.388.1]
[f:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Personal\ccclient.dll] [Kaspersky Lab, 5.0.388.1]
[f:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Personal\KLCKAH.dll] [Kaspersky Lab, 5.0.388.1]
[f:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Personal\CKAHUM.dll] [Kaspersky Lab, 5.0.388.1]
[f:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Personal\CKAHComm.dll] [Kaspersky Lab, 5.0.388.1]
[f:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Personal\ckahrule.dll] [Kaspersky Lab, 5.0.388.1]
[f:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Personal\scrch_ag.dll] [Kaspersky Lab, 5.0.388.1]
[f:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Personal\mcproxy.dll] [Kaspersky Lab, 5.0.388.1]
[f:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Personal\mcpr.dll] [Kaspersky Lab, 5.0.388.1]
[f:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Personal\mailappl.dll] [Kaspersky Lab, 5.0.388.1]
zslzsl - 2006-12-30 17:22:00
[PID: 1144][C:\WINDOWS\system32\nvsvc32.exe] [NVIDIA Corporation, 6.14.10.8391]
[PID: 1244][C:\WINDOWS\system32\wdfmgr.exe] [Microsoft Corporation, 5.2.3790.1230 built by: dnsrv(bld4act)]
[PID: 884][C:\WINDOWS\System32\alg.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 4028][f:\Program Files\Tencent\TT\TTraveler.exe] [腾讯公司, 3.1.0.261]
[C:\Program Files\real\bhomgr.dll] [Microsoft Corporation, 5, 1, 2606, 1229]
[C:\Program Files\Internet Explorer\PLUGINS\System8.sys] [N/A, N/A]
[f:\Program Files\Tencent\TT\Plugins\QQFloatBar\QQFloatBar4TT2.dll] [腾讯公司, 1, 1, 0, 5]
[f:\Program Files\Tencent\TT\Plugins\TWeather\TWeather.dll] [, 1, 0, 0, 3]
[C:\WINDOWS\debug\userMode\8808.dll] [N/A, N/A]
[C:\Program Files\Internet Explorer\IEXPLORE.Dat] [N/A, N/A]
[f:\Program Files\Tencent\TT\PersonalDesktop.dll] [深圳市腾讯计算机系统公司QQ工作小组, 1, 0, 0, 4]
[f:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Personal\scrchpg.dll] [Kaspersky Lab, 5.0.1.18]
[f:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Personal\scrch_ag.dll] [Kaspersky Lab, 5.0.388.1]
[f:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Personal\FSSync.dll] [Kaspersky Lab, 5.0.388.0]
[f:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Personal\pr_rmt.dll] [Kaspersky Lab, 5.0.388.0]
[f:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Personal\ccclient.dll] [Kaspersky Lab, 5.0.388.1]
[f:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Personal\klipc.dll] [Kaspersky Lab, 5.0.388.0]
[f:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Personal\KLUtil.dll] [Kaspersky Lab, 5.0.388.1]
[f:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Personal\rpt.dll] [Kaspersky Lab, 5.0.388.2]
[f:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Personal\CCIFACE.dll] [Kaspersky Lab, 5.0.388.1]
[f:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Personal\prloader.dll] [Kaspersky Lab, 5.0.388.0]
[f:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Personal\prkernel.ppl] [Kaspersky Lab, 5.0.388.0]
[f:\program files\kaspersky lab\kaspersky anti-virus personal\prstring.ppl] [Kaspersky Lab, 5.0.388.0]
[f:\program files\kaspersky lab\kaspersky anti-virus personal\pr_srv.ppl] [Kaspersky Lab, 5.0.388.0]
[f:\program files\kaspersky lab\kaspersky anti-virus personal\pr_clnt.ppl] [Kaspersky Lab, 5.0.388.0]
[f:\program files\kaspersky lab\kaspersky anti-virus personal\tempfile.ppl] [Kaspersky Lab, 5.0.388.0]
[C:\DOCUME~1\ADMINI~1.6B0\LOCALS~1\Temp\ZtgL.dll] [N/A, N/A]
[C:\Program Files\real\urlcatch.dll] [Microsoft Corporation, 5, 1, 2606, 1229]
[C:\WINDOWS\system32\Macromed\Flash\Flash9b.ocx] [Adobe Systems, Inc., 9,0,28,0]
[C:\PROGRA~1\Yahoo!\ASSIST~1\assist\ypatch.dll] [Yahoo! China, 3, 1, 7, 1023]
[PID: 2080][F:\Program Files\ADSL拨号王\HNMainUI.exe] [N/A, 2, 3, 0, 1]
[F:\Program Files\ADSL拨号王\HNKernel.dll] [HelloNet, 2.2.0.1]
[F:\Program Files\ADSL拨号王\HNUtils.dll] [N/A, 2, 2, 0, 1]
[C:\Program Files\real\bhomgr.dll] [Microsoft Corporation, 5, 1, 2606, 1229]
[C:\Program Files\Internet Explorer\PLUGINS\System8.sys] [N/A, N/A]
[F:\Program Files\ADSL拨号王\HNRes_0804.dll] [N/A, 2, 2, 0, 1]
[F:\Program Files\ADSL拨号王\plugins\Diagnose.dll] [HelloNet, 2.2.0.1]
[C:\WINDOWS\debug\userMode\8808.dll] [N/A, N/A]
[C:\Program Files\Internet Explorer\IEXPLORE.Dat] [N/A, N/A]
[PID: 3728][F:\Program Files\Tencent\qq\QQ.exe] [TENCENT, 0, 0, 0, 0]
[F:\Program Files\Tencent\qq\CoralAssist.DLL] [Coral Team, 4.5.0 build 20060515]
[F:\Program Files\Tencent\qq\CoralQQ.DLL] [Coral Team, 4.5.4 Build 20061001]
[F:\Program Files\Tencent\qq\ipsearcher.dll] [, 1.0.0.3]
[F:\Program Files\Tencent\qq\QQBaseClassInDll.dll] [, 1, 0, 0, 1]
[F:\Program Files\Tencent\qq\QQHelperDll.dll] [, 1, 0, 0, 1]
[F:\Program Files\Tencent\qq\BasicCtrlDll.dll] [Tencent, 5, 0, 200, 370]
[C:\Program Files\real\bhomgr.dll] [Microsoft Corporation, 5, 1, 2606, 1229]
[C:\Program Files\Internet Explorer\PLUGINS\System8.sys] [N/A, N/A]
[F:\Program Files\Tencent\qq\LoginCtrl.dll] [, 1, 0, 0, 1]
[F:\Program Files\Tencent\qq\npkcntc.dll] [INCA Internet Co., Ltd., 2006, 6, 27, 1]
[F:\Program Files\Tencent\qq\npkpdb.dll] [INCA Internet Co., Ltd., 2003, 10, 1, 1]
[F:\Program Files\Tencent\qq\QQAPI.dll] [, 1, 0, 0, 1]
[F:\Program Files\Tencent\qq\TIMProxy.dll] [tencent, 0, 3, 2, 4]
[C:\WINDOWS\debug\userMode\8808.dll] [N/A, N/A]
[C:\Program Files\Internet Explorer\IEXPLORE.Dat] [N/A, N/A]
[F:\Program Files\Tencent\qq\QQRes.dll] [tencent, 1, 0, 0, 1]
[F:\Program Files\Tencent\qq\QQMainFrame.dll] [N/A, N/A]
[F:\Program Files\Tencent\qq\CQQApplication.dll] [N/A, N/A]
[F:\Program Files\Tencent\qq\NewSkin.dll] [, 1, 0, 0, 1]
[F:\Program Files\Tencent\qq\HostingMgr.dll] [, 1, 0, 0, 1]
[F:\Program Files\Tencent\qq\CameraDll.dll] [, 1, 0, 0, 1]
[F:\Program Files\Tencent\qq\MailSummary.dll] [, 1, 0, 0, 1]
[F:\Program Files\Tencent\qq\QQSpace.dll] [, 1, 0, 0, 1]
[C:\WINDOWS\system32\msdmo.dll] [N/A, N/A]
[F:\Program Files\Tencent\qq\QQGroupMng.dll] [, 1, 0, 0, 1]
[F:\Program Files\Tencent\qq\GroupLive.dll] [N/A, N/A]
[F:\Program Files\Tencent\qq\QQSysMsgMng.dll] [N/A, N/A]
[F:\Program Files\Tencent\qq\LongConnection.dll] [tencent, 5, 0, 200, 160]
[F:\Program Files\Tencent\qq\UserDefinedHead.dll] [, 1, 0, 0, 1]
[F:\Program Files\Tencent\qq\QQPlugin.dll] [N/A, N/A]
[F:\Program Files\Tencent\qq\QQConfigPlugin.dll] [, 1, 0, 0, 1]
[F:\Program Files\Tencent\qq\QRingMng.dll] [N/A, N/A]
[F:\Program Files\Tencent\qq\QQAvatar.dll] [N/A, N/A]
[F:\Program Files\Tencent\qq\FlashAvatarDll.dll] [, 1, 4, 0, 1]
[F:\Program Files\Tencent\qq\QQPet.dll] [, 1, 0, 0, 1]
[F:\Program Files\Tencent\qq\QQAllInOne.dll] [N/A, N/A]
[F:\Program Files\Tencent\qq\SCCore.dll] [TENCENT, 2, 0, 0, 1]
[F:\Program Files\Tencent\qq\QQCustomFace.dll] [N/A, N/A]
[C:\WINDOWS\system32\l3codeca.acm] [Fraunhofer Institut Integrierte Schaltungen IIS, 1, 9, 0, 0305]
zslzsl - 2006-12-30 17:23:00
[F:\Program Files\Tencent\qq\BQQApplication.dll] [N/A, N/A]
[C:\WINDOWS\system32\Macromed\Flash\Flash9b.ocx] [Adobe Systems, Inc., 9,0,28,0]
[F:\Program Files\Tencent\qq\QQSceneMng.dll] [N/A, N/A]
[F:\Program Files\Tencent\qq\ImageOle.dll] [TODO: <Company name>, 1.0.0.1]
[f:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Personal\scrchpg.dll] [Kaspersky Lab, 5.0.1.18]
[f:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Personal\scrch_ag.dll] [Kaspersky Lab, 5.0.388.1]
[f:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Personal\FSSync.dll] [Kaspersky Lab, 5.0.388.0]
[f:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Personal\pr_rmt.dll] [Kaspersky Lab, 5.0.388.0]
[f:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Personal\ccclient.dll] [Kaspersky Lab, 5.0.388.1]
[f:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Personal\klipc.dll] [Kaspersky Lab, 5.0.388.0]
[f:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Personal\KLUtil.dll] [Kaspersky Lab, 5.0.388.1]
[f:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Personal\rpt.dll] [Kaspersky Lab, 5.0.388.2]
[f:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Personal\CCIFACE.dll] [Kaspersky Lab, 5.0.388.1]
[f:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Personal\prloader.dll] [Kaspersky Lab, 5.0.388.0]
[f:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Personal\prkernel.ppl] [Kaspersky Lab, 5.0.388.0]
[f:\program files\kaspersky lab\kaspersky anti-virus personal\prstring.ppl] [Kaspersky Lab, 5.0.388.0]
[f:\program files\kaspersky lab\kaspersky anti-virus personal\pr_srv.ppl] [Kaspersky Lab, 5.0.388.0]
[f:\program files\kaspersky lab\kaspersky anti-virus personal\pr_clnt.ppl] [Kaspersky Lab, 5.0.388.0]
[f:\program files\kaspersky lab\kaspersky anti-virus personal\tempfile.ppl] [Kaspersky Lab, 5.0.388.0]
[F:\Program Files\Tencent\qq\qqgroupdisk.dll] [深圳腾讯科技, 2, 1, 101, 40]
[F:\Program Files\Tencent\qq\GroupConnection.dll] [Tencent, 0, 3, 3, 5]
[C:\PROGRA~1\Yahoo!\ASSIST~1\assist\ypatch.dll] [Yahoo! China, 3, 1, 7, 1023]
[f:\Program Files\ewido anti-spyware 4.0\shellexecutehook.dll] [Anti-Malware Development a.s., 4, 0, 0, 172]
[F:\Program Files\Tencent\qq\CommercesMng.dll] [, 1, 0, 0, 1]
[F:\Program Files\Tencent\qq\PersonalDesktop.dll] [深圳市腾讯计算机系统公司QQ工作小组, 1, 0, 0, 2]
[F:\Program Files\Tencent\qq\QQAddr.dll] [深圳市腾讯计算机系统有限公司, 5, 0, 101, 240]
[F:\Program Files\Tencent\qq\QQPhoneHelper.dll] [腾讯科技(深圳)有限公司, 2, 1, 2, 23]
[C:\DOCUME~1\ADMINI~1.6B0\LOCALS~1\Temp\ZtgL.dll] [N/A, N/A]
[PID: 3844][C:\WINDOWS\system32\taskmgr.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[C:\Program Files\real\bhomgr.dll] [Microsoft Corporation, 5, 1, 2606, 1229]
[C:\Program Files\Internet Explorer\PLUGINS\System8.sys] [N/A, N/A]
[C:\WINDOWS\debug\userMode\8808.dll] [N/A, N/A]
[C:\Program Files\Internet Explorer\IEXPLORE.Dat] [N/A, N/A]
[C:\DOCUME~1\ADMINI~1.6B0\LOCALS~1\Temp\ZtgL.dll] [N/A, N/A]
[PID: 3992][F:\Program Files\Tencent\qq\TIMPlatform.exe] [tencent, 0, 3, 1, 8]
[C:\Program Files\real\bhomgr.dll] [Microsoft Corporation, 5, 1, 2606, 1229]
[C:\Program Files\Internet Explorer\PLUGINS\System8.sys] [N/A, N/A]
[F:\Program Files\Tencent\qq\LoginCtrl.dll] [, 1, 0, 0, 1]
[F:\Program Files\Tencent\qq\BasicCtrlDll.dll] [Tencent, 5, 0, 200, 370]
[F:\Program Files\Tencent\qq\QQBaseClassInDll.dll] [, 1, 0, 0, 1]
[F:\Program Files\Tencent\qq\QQHelperDll.dll] [, 1, 0, 0, 1]
[F:\Program Files\Tencent\qq\npkcntc.dll] [INCA Internet Co., Ltd., 2006, 6, 27, 1]
[F:\Program Files\Tencent\qq\npkpdb.dll] [INCA Internet Co., Ltd., 2003, 10, 1, 1]
[C:\WINDOWS\debug\userMode\8808.dll] [N/A, N/A]
[C:\Program Files\Internet Explorer\IEXPLORE.Dat] [N/A, N/A]
[F:\Program Files\Tencent\qq\TIMProxy.dll] [tencent, 0, 3, 2, 4]
[PID: 2516][C:\DOCUME~1\ADMINI~1.6B0\LOCALS~1\Temp\Zt2\SVCH0ST.EXE] [N/A, N/A]
[C:\DOCUME~1\ADMINI~1.6B0\LOCALS~1\Temp\ZtgL.dll] [N/A, N/A]
[PID: 1544][C:\WINDOWS\system32\ctfmon.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 2436][C:\WINDOWS\system32\mdm.exe] [Microsoft Corporation, 6.00.8149]
[C:\Program Files\real\bhomgr.dll] [Microsoft Corporation, 5, 1, 2606, 1229]
[C:\Program Files\Internet Explorer\PLUGINS\System8.sys] [N/A, N/A]
[C:\WINDOWS\debug\userMode\8808.dll] [N/A, N/A]
[C:\Program Files\Internet Explorer\IEXPLORE.Dat] [N/A, N/A]
[PID: 2836][f:\Program Files\Tencent\TT\TCPlus.exe] [腾讯公司, 1, 0, 0, 5]
[C:\Program Files\real\bhomgr.dll] [Microsoft Corporation, 5, 1, 2606, 1229]
[C:\Program Files\Internet Explorer\PLUGINS\System8.sys] [N/A, N/A]
[f:\Program Files\Tencent\TT\QQDownload.dll] [Tencent Technology (Shenzhen) Company Limited, 1, 0, 101, 28]
[f:\Program Files\Tencent\TT\TNProxy.dll] [Tencent Technology(Shenzhen) Company Limited, 2, 1, 101, 60]
[C:\WINDOWS\debug\userMode\8808.dll] [N/A, N/A]
[C:\Program Files\Internet Explorer\IEXPLORE.Dat] [N/A, N/A]
[C:\DOCUME~1\ADMINI~1.6B0\LOCALS~1\Temp\ZtgL.dll] [N/A, N/A]
[PID: 1108][F:\zsl\实用程序\SREng.exe] [Smallfrogs Studio, 2.2.6.605]
[C:\Program Files\real\bhomgr.dll] [Microsoft Corporation, 5, 1, 2606, 1229]
[C:\Program Files\Internet Explorer\PLUGINS\System8.sys] [N/A, N/A]
[C:\WINDOWS\debug\userMode\8808.dll] [N/A, N/A]
[C:\Program Files\Internet Explorer\IEXPLORE.Dat] [N/A, N/A]
[C:\DOCUME~1\ADMINI~1.6B0\LOCALS~1\Temp\ZtgL.dll] [N/A, N/A]
==================================
文件关联
.TXT OK. [%SystemRoot%\system32\NOTEPAD.EXE %1]
.EXE OK. ["%1" %*]
.COM OK. ["%1" %*]
.PIF OK. ["%1" %*]
.REG OK. [regedit.exe "%1"]
.BAT OK. ["%1" %*]
.SCR OK. ["%1" /S]
.CHM OK. ["C:\WINDOWS\hh.exe" %1]
.HLP OK. [%SystemRoot%\System32\winhlp32.exe %1]
.INI OK. [%SystemRoot%\System32\NOTEPAD.EXE %1]
.INF OK. [%SystemRoot%\System32\NOTEPAD.EXE %1]
.VBS OK. [%SystemRoot%\System32\WScript.exe "%1" %*]
.JS OK. [%SystemRoot%\System32\WScript.exe "%1" %*]
.LNK OK. [{00021401-0000-0000-C000-000000000046}]
==================================
Winsock 提供者
N/A
==================================
Autorun.inf
N/A
==================================
HOSTS 文件
N/A
==================================
afkp4e7 - 2006-12-30 17:27:00
修了也不解决问题
据说是局域网传播
打齐补丁的没事
现在更新不了
主要的在x:\Documents and Settings\Default User\Local Settings\Temporary Internet Files\Content.IE5下的目录中搂主去看下
搂主把x:\Documents and Settings\Default User\Local Settings\Temporary Internet Files文件夹的权限都去了能暂时解决问题
如果是xp系统没办法了
附件:
79532220061230171925.JPG
zslzsl - 2006-12-30 17:33:00
afkp4e7 - 2006-12-30 17:42:00
xp加不了权限
那下边都是没找到好办法
用ssm有点复杂
afkp4e7 - 2006-12-30 17:44:00
我这有10几个这样的呢
都怪我犯懒没给打补丁
我先按上边的作的现在没事
我问过猫老大
他也没给我回复
zslzsl - 2006-12-30 17:58:00
还是谢谢afkp4e7了 我再想想办法把 ~~高手门帮帮我啊~~~
baohe - 2006-12-30 18:13:00
| 引用: |
【afkp4e7的贴子】我这有10几个这样的呢
都怪我犯懒没给打补丁
我先按上边的作的现在没事
我问过猫老大
他也没给我回复
……………… |
只要知道病毒文件名及其路径,下面贴子中的“土办法”也能“治病”。
http://forum.ikaka.com/topic.asp?board=28&artid=8242316 ————11楼的图
afkp4e7 - 2006-12-30 18:17:00
猫老大能查出利用的哪个漏洞么
更新不能用
找一个的补丁还相对容易些
zslzsl - 2006-12-30 18:20:00
谢谢猫老大了~~今天米时间了~~明天试试土办法~~谢了~~收藏了~~
baohe - 2006-12-30 18:21:00
| 引用: |
【afkp4e7的贴子】猫老大能查出利用的哪个漏洞么
更新不能用
找一个的补丁还相对容易些
……………… |
不太清楚。最近不太关心漏洞的问题了。
我的系统欠10余个补丁没打(若都打上,有些病毒玩儿不了)。
有诸多“门神”守护,目前为止,系统还没什么问题。
afkp4e7 - 2006-12-30 18:24:00
那这几个破东西只能等光纤好才能彻底了断
水树雨下 - 2006-12-30 18:26:00
建议楼主把补丁下载到硬盘保存,重做系统后随时可以打
afkp4e7 - 2006-12-30 18:30:00
我这有2000sp4以后的补丁
xp的没
喊喊谁有备份
找个空间
为人民服务一下
水树雨下 - 2006-12-30 18:32:00
空间我有,1G的,补丁也有,12月之前的
afkp4e7 - 2006-12-30 18:37:00
你会搞么
不知道上边的问题是哪个漏洞的问题
我都没把那10多台的补丁打上
54*10一想就晕了
去了权限现在貌似安全
水树雨下 - 2006-12-30 18:40:00
没研究过,我现在连sp2都没装,只打了80多个补丁,谁需要什么补丁说个话,我有的话可以贡献一下
1
© 2000 - 2026 Rising Corp. Ltd.