瑞星卡卡安全论坛
五月雷 - 2007-2-2 12:53:00
公司服务器托管在电信机房(公司有好几个网站),昨天下午突然无法连接,赶紧赶到机房查看,诺顿企业版已经被废,用SRENG和SSM查看,发现很多可疑进程和可执行文件,更可恶的是,在WINNT/DEBUG 下面有个字符很长的文件里面 发现 cstrike 是的 就是CS游戏
目瞪口呆.....这个黑客居然给我们上传了CS..... 继续查发现 svcohost.dll svchost.dll svchostkey.dll svchostdll.dll 很明显的灰鸽子 无语中....这个时候,网络管理显示有陌生IP(经查是北京网通某机房IP,估计也和我们一样,是个肉鸡)利用3389端口登录,SSM开始不断跳出对话框,C:\WINNT\EXPLORER.EXE试图允许C:\WINNT\system32\CMD.EXE 难道黑客现在在登录我们服务器? 点击了同意,马上CMD.EXE又试图运行一些可疑的EXE文件(quser.exe net1.exe abby.exe等)一一阻止,可是SSM还是不断弹出窗口,都是先用某个WINDOWS程序运行CME.EXE,然后CMD.EXE调用其他命令或程序,ipconfig,shutdownsystem(没想到SSM连关机命令都能阻止),唉 可惜水平有限,也没有什么办法和对方抗衡,网线一拔,备份好数据,重装系统把。重装好系统,装好诺顿更新,补丁打好,全盘扫描,其他盘也杀出很多病毒,天色已晚,快24点了....装好PcAnywhere,明天再远程弄把
一大早到公司,PcAnywhere登录,仔细检查下系统文件,又发现很多可疑文件,无语,这个黑客真的是盯上我们了,公司业务还要正常运行,要弄也得晚上去电信机房弄,现在就将就着先把,用SRENG扫描个日志,发给各位看看,帮我分析下,给点对策,谢谢拉
经常潜水逛卡卡论坛....里面推荐的小工具都非常不错 =.=
五月雷 - 2007-2-2 12:53:00
2007-02-02,11:51:57
System Repair Engineer 2.2.6.605
Smallfrogs (http://www.KZTechs.com)
Windows Server 2003 Enterprise Edition Service Pack 1 (Build 3790)
- 管理权限用户 - 完整功能
以下内容被选中:
所有的启动项目(包括注册表、启动文件夹、服务等)
浏览器加载项
正在运行的进程(包括进程模块信息)
文件关联
Winsock 提供者
Autorun.inf
HOSTS 文件
启动项目
注册表
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
<ctfmon.exe><C:\WINDOWS\system32\ctfmon.exe> [(Verified)Microsoft Corporation]
[HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows]
<load><> [N/A]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
<IMJPMIG8.1><"C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32> [(Verified)Microsoft Corporation]
<IMEKRMIG6.1><C:\WINDOWS\ime\imkr6_1\IMEKRMIG.EXE> [(Verified)Microsoft Corporation]
<PHIME2002ASync><C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC> [(Verified)Microsoft Corporation]
<PHIME2002A><C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName> [(Verified)Microsoft Corporation]
<ccApp><"C:\Program Files\Common Files\Symantec Shared\ccApp.exe"> [(Verified)Symantec Corporation]
<vptray><C:\PROGRA~1\SYMANT~1\VPTray.exe> [(Verified)Symantec Corporation]
<runeip><C:\Program Files\Rising\AntiSpyware\runiep.exe> [Beijing Rising Technology Co., Ltd.]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\RunOnce]
<KKDelay><C:\Program Files\Rising\AntiSpyware\RunOnce.exe> [Beijing Rising Technology Co., Ltd.]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
<shell><Explorer.exe> [(Verified)Microsoft Corporation]
<Userinit><C:\WINDOWS\system32\userinit.exe,> [(Verified)Microsoft Corporation]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Windows]
<AppInit_DLLs><> [N/A]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
<UIHost><%SystemRoot%\system32\logonui.exe> [(Verified)Microsoft Corporation]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
<{C47B9ECE-41D4-4ECD-BDDA-E17D068D99C2}><C:\WINDOWS\system32\hggdccc.dll> [N/A]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\hggdccc]
<WinlogonNotify: hggdccc><hggdccc.dll> [N/A]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\NavLogon]
<WinlogonNotify: NavLogon><C:\WINDOWS\system32\NavLogon.dll> [(Verified)Symantec Corporation]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\PCANotify]
<WinlogonNotify: PCANotify><PCANotify.dll> [Symantec Corporation]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\pmnli]
<WinlogonNotify: pmnli><C:\WINDOWS\system32\pmnli.dll> [N/A]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\qomlijg]
<WinlogonNotify: qomlijg><qomlijg.dll> [N/A]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\yaywvvt]
<WinlogonNotify: yaywvvt><yaywvvt.dll> [N/A]
五月雷 - 2007-2-2 12:54:00
==================================
启动文件夹
[FTP Server Manager]
<C:\Documents and Settings\All Users\「开始」菜单\程序\启动\FTP Server Manager.lnk --> C:\WINDOWS\Installer\{BEA1E78E-940D-491E-A635-85E003D1E09C}\ftpmanager.exe2_BEA1E78E940D491EA63585E003D1E09C_1.exe [InstallShield Software Corp.]><N>
[Microsoft Office]
<C:\Documents and Settings\All Users\「开始」菜单\程序\启动\Microsoft Office.lnk --> C:\PROGRA~1\MICROS~1\Office\OSA9.EXE [Microsoft Corporation]><N>
[服务管理器]
<C:\Documents and Settings\All Users\「开始」菜单\程序\启动\服务管理器.lnk --> C:\PROGRA~1\MICROS~4\80\Tools\Binn\sqlmangr.exe [Microsoft Corporation]><N>
[快捷方式 到 startup]
<C:\Documents and Settings\Administrator\「开始」菜单\程序\启动\快捷方式 到 startup.lnk --> D:\tomcat\bin\startup.bat [N/A]><N>
==================================
服务
[pcAnywhere Host Service / awhost32]
<C:\Program Files\Symantec\pcAnywhere\awhost32.exe><Symantec Corporation>
[Symantec Event Manager / ccEvtMgr]
<"C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe"><Symantec Corporation>
[Symantec Password Validation / ccPwdSvc]
<"C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe"><Symantec Corporation>
[Symantec Settings Manager / ccSetMgr]
<"C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe"><Symantec Corporation>
[Symantec AntiVirus Definition Watcher / DefWatch]
<"C:\Program Files\Symantec AntiVirus\DefWatch.exe"><Symantec Corporation>
[Windows Host Services / DLLHOST32]
<"C:\WINDOWS\system\dllhost.exe"><N/A>
[Sonic FTP Server / FTPServer]
<"C:\Program Files\Sonic FTP Server\ftpservice.exe"><N/A>
[Human Interface Device Access / HidServ]
<C:\WINDOWS\System32\svchost.exe -k netsvcs-->%SystemRoot%\System32\hidserv.dll><N/A>
[Intel PDS / Intel PDS]
<C:\WINDOWS\system32\CBA\pds.exe><Intel? Corporation>
[Microsoft Search / MSSEARCH]
<"C:\Program Files\Common Files\System\MSSearch\Bin\mssearch.exe"><Microsoft Corporation>
[MSSQLSERVER / MSSQLSERVER]
<C:\PROGRA~1\MICROS~4\MSSQL\binn\sqlservr.exe><Microsoft Corporation>
[MSSQLServerADHelper / MSSQLServerADHelper]
<C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqladhlp.exe><Microsoft Corporation>
[Symantec SPBBCSvc / SPBBCSvc]
<"C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe"><Symantec Corporation>
[SQLSERVERAGENT / SQLSERVERAGENT]
<C:\Program Files\Microsoft SQL Server\MSSQL\binn\sqlagent.exe -i MSSQLSERVER><Microsoft Corporation>
[Symantec AntiVirus / Symantec AntiVirus]
<"C:\Program Files\Symantec AntiVirus\Rtvscan.exe"><Symantec Corporation>
[IMail Web Calendar Service / IWebCal]
<C:\IMail\IWebCal.exe><Ipswitch, Inc.>
[IMail Web Service / IWEBMSG]
<C:\IMail\iwebmsg.exe><Ipswitch, Inc.>
[IMail Monitor Service / IMonitor]
<C:\IMail\IMonitor.exe><Ipswitch, Inc.>
[IMail LDAP Server / ILDAP]
<C:\IMail\ILDAP.exe><Ipswitch, Inc.>
[IMail FINGER Server / FINGRD32]
<C:\IMail\FINGRD32.exe><Ipswitch, Inc.>
[IMail IMAP4 Server / IMAP4D32]
<C:\IMail\IMAP4D32.exe><Ipswitch, Inc.>
[IMail POP3 Server / POP3D32]
<C:\IMail\POP3D32.exe><Ipswitch, Inc.>
[IMail WHOIS Server / WHOISD32]
<C:\IMail\WHOISD32.exe><Ipswitch, Inc.>
[IMail Sys Logger Service / SYSLOGD]
<C:\IMail\SYSLOGD.exe><Ipswitch, Inc.>
[IMail PWD Server / PSERVE]
<C:\IMail\PSERVE.exe><Ipswitch, Inc.>
==================================
五月雷 - 2007-2-2 12:54:00
驱动程序
[a347bus / a347bus]
<\SystemRoot\system32\DRIVERS\a347bus.sys><>
[a347scsi / a347scsi]
<\SystemRoot\System32\Drivers\a347scsi.sys><>
[标准 IDE/ESDI 硬盘控制器 / atapi]
<\SystemRoot\system32\DRIVERS\atapi.sys><N/A>
[ati2mpad / ati2mpad]
<system32\DRIVERS\ati2mpad.sys><ATI Technologies Inc.>
[awecho / awecho]
<system32\drivers\awechomd.sys><Symantec Corporation>
[awlegacy / awlegacy]
<\SystemRoot\System32\Drivers\awlegacy.sys><Symantec Corporation>
[AW_HOST / AW_HOST]
<system32\drivers\aw_host5.sys><Symantec Corporation>
[dpti2o / dpti2o]
<\SystemRoot\system32\DRIVERS\dpti2o.sys><Adaptec, Inc.>
[Intel(R) PRO/1000 Network Connection Driver / E1000]
<system32\DRIVERS\e1000325.sys><Intel Corporation>
[Symantec Eraser Control driver / eeCtrl]
<\??\C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys><Symantec Corporation>
[Gernuwa / Gernuwa]
<C:\WINDOWS\SYSTEM32\DRIVERS\Gernuwa.SYS><Symantec Corporation>
[IP in IP Tunnel Driver / IpInIp]
<system32\DRIVERS\ipinip.sys><N/A>
[NAVENG / NAVENG]
<\??\C:\PROGRA~1\COMMON~1\SYMANT~1\VIRUSD~1\20070131.021\naveng.sys><Symantec Corporation>
[NAVEX15 / NAVEX15]
<\??\C:\PROGRA~1\COMMON~1\SYMANT~1\VIRUSD~1\20070131.021\navex15.sys><Symantec Corporation>
[Direct Parallel Link Driver / Ptilink]
<system32\DRIVERS\ptilink.sys><Parallel Technologies, Inc.>
[SAVRT / SAVRT]
<\??\C:\Program Files\Symantec AntiVirus\savrt.sys><Symantec Corporation>
[SAVRTPEL / SAVRTPEL]
<\??\C:\Program Files\Symantec AntiVirus\Savrtpel.sys><Symantec Corporation>
[Secdrv / Secdrv]
<system32\DRIVERS\secdrv.sys><Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.>
[SPBBCDrv / SPBBCDrv]
<\??\C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCDrv.sys><Symantec Corporation>
[SymEvent / SymEvent]
<\??\C:\Program Files\Symantec\SYMEVENT.SYS><Symantec Corporation>
[RsAntiSpyware / RsAntiSpyware]
<\SystemRoot\system32\drivers\RsBoot.sys><Beijing Rising>
==================================
浏览器加载项
[]
{2BB9EC7C-29EA-4C3A-AD40-57D4BF41F152} <C:\WINDOWS\system32\pmnli.dll, N/A>
[]
{68D5CF1D-EC5C-4bdd-A9EF-F0E517565D50} <C:\WINDOWS\system32\fdqjbdcy.dll, N/A>
[卡卡上网安全助手]
{DB9ECD4F-FB8F-4311-B3CE-90B976C2707C} <C:\WINDOWS\system32\KakaTool.dll, Beijing Rising Technology Co., Ltd.>
[]
{2BB9EC7C-29EA-4C3A-AD40-57D4BF41F152} <C:\WINDOWS\system32\pmnli.dll, N/A>
[WUWebControl Class]
{6414512B-B978-451D-A0D8-FCFDF33E833C} <C:\WINDOWS\system32\wuweb.dll, Microsoft Corporation>
[]
{68D5CF1D-EC5C-4BDD-A9EF-F0E517565D50} <C:\WINDOWS\system32\fdqjbdcy.dll, N/A>
[卡卡上网安全助手]
{AFF6E516-CBE5-4F8A-9C2F-38A68013E766} <C:\WINDOWS\system32\KakaTool.dll, Beijing Rising Technology Co., Ltd.>
[SearchAssistantOC]
{B45FF030-4447-11D2-85DE-00C04FA35C89} <%SystemRoot%\system32\shdocvw.dll, N/A>
[卡卡上网安全助手]
{DB9ECD4F-FB8F-4311-B3CE-90B976C2707C} <C:\WINDOWS\system32\KakaTool.dll, Beijing Rising Technology Co., Ltd.>
[XML HTTP Request]
{ED8C108E-4349-11D2-91A4-00C04F7969E8} <C:\WINDOWS\system32\msxml3.dll, Microsoft Corporation>
[XML HTTP]
{F6D90F16-9C73-11D3-B32E-00C04F990BB4} <C:\WINDOWS\system32\msxml3.dll, Microsoft Corporation>
==================================
五月雷 - 2007-2-2 12:56:00
正在运行的进程
[PID: 580][\SystemRoot\System32\smss.exe] [Microsoft Corporation, 5.2.3790.1830 (srv03_sp1_rtm.050324-1447)]
[PID: 740][\??\C:\WINDOWS\system32\csrss.exe] [Microsoft Corporation, 5.2.3790.0 (srv03_rtm.030324-2048)]
[PID: 892][\??\C:\WINDOWS\system32\winlogon.exe] [Microsoft Corporation, 5.2.3790.1830 (srv03_sp1_rtm.050324-1447)]
[C:\WINDOWS\system32\PCANotify.dll] [Symantec Corporation, 11.5.0.121]
[C:\WINDOWS\system32\pmnli.dll] [N/A, N/A]
[C:\WINDOWS\system32\hggdccc.dll] [N/A, N/A]
[C:\WINDOWS\system32\qomlijg.dll] [N/A, N/A]
[C:\WINDOWS\system32\yaywvvt.dll] [N/A, N/A]
[C:\WINDOWS\system32\NavLogon.dll] [Symantec Corporation, 10.0.0.359]
[PID: 952][C:\WINDOWS\system32\services.exe] [Microsoft Corporation, 5.2.3790.1830 (srv03_sp1_rtm.050324-1447)]
[PID: 980][C:\WINDOWS\system32\lsass.exe] [Microsoft Corporation, 5.2.3790.0 (srv03_rtm.030324-2048)]
[PID: 1176][C:\WINDOWS\system32\svchost.exe] [Microsoft Corporation, 5.2.3790.1830 (srv03_sp1_rtm.050324-1447)]
[PID: 1252][C:\WINDOWS\system32\svchost.exe] [Microsoft Corporation, 5.2.3790.1830 (srv03_sp1_rtm.050324-1447)]
[PID: 1352][C:\WINDOWS\system32\svchost.exe] [Microsoft Corporation, 5.2.3790.1830 (srv03_sp1_rtm.050324-1447)]
[PID: 1404][C:\WINDOWS\system32\svchost.exe] [Microsoft Corporation, 5.2.3790.1830 (srv03_sp1_rtm.050324-1447)]
[PID: 1432][C:\WINDOWS\System32\svchost.exe] [Microsoft Corporation, 5.2.3790.1830 (srv03_sp1_rtm.050324-1447)]
[C:\WINDOWS\system32\NicCo32.dll] [Intel Corporation, 1.0.5.0 built by: WinDDK]
[PID: 1548][C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe] [Symantec Corporation, 103.5.1.9]
[C:\Program Files\Common Files\Symantec Shared\ccL35.dll] [Symantec Corporation, 103.5.1.9]
[C:\Program Files\Common Files\Symantec Shared\ccVrTrst.dll] [Symantec Corporation, 103.5.1.9]
[C:\Program Files\Common Files\Symantec Shared\ccSetEvt.dll] [Symantec Corporation, 103.5.1.9]
[PID: 1588][C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe] [Symantec Corporation, 103.5.1.9]
[C:\Program Files\Common Files\Symantec Shared\ccL35.dll] [Symantec Corporation, 103.5.1.9]
[C:\Program Files\Common Files\Symantec Shared\ccVrTrst.dll] [Symantec Corporation, 103.5.1.9]
[C:\PROGRA~1\COMMON~1\SYMANT~1\SPBBC\BB.DLL] [Symantec Corporation, 1,5,1,3]
[C:\PROGRA~1\COMMON~1\SYMANT~1\SPBBC\SPBBCEVT.DLL] [Symantec Corporation, 1,5,1,3]
[C:\Program Files\Common Files\Symantec Shared\ccSet.dll] [Symantec Corporation, 103.5.1.9]
[C:\PROGRA~1\COMMON~1\SYMANT~1\CCSETEVT.DLL] [Symantec Corporation, 103.5.1.9]
[PID: 1816][C:\WINDOWS\system32\spoolsv.exe] [Microsoft Corporation, 5.2.3790.1830 (srv03_sp1_rtm.050324-1447)]
[C:\WINDOWS\system32\awmon.dll] [Symantec Corporation, 9.2.1]
[PID: 1844][C:\WINDOWS\system32\msdtc.exe] [Microsoft Corporation, 2001.12.4720.1830 (srv03_sp1_rtm.050324-1447)]
[PID: 2032][C:\Program Files\Symantec\pcAnywhere\awhost32.exe] [Symantec Corporation, 11.5.0.121]
[C:\Program Files\Symantec\pcAnywhere\Util.dll] [Symantec Corporation, 11.5.0.121]
[C:\Program Files\Symantec\pcAnywhere\InstData.dll] [Symantec Corporation, 11.5.0.121]
[C:\Program Files\Symantec\pcAnywhere\awcfgmgr.dll] [Symantec Corporation, 11.5.0.121]
[C:\Program Files\Symantec\pcAnywhere\S32PCAG.DLL] [Symantec Corporation, 15.0.0.14]
[C:\Program Files\Symantec\pcAnywhere\AWSES32.dll] [Symantec Corporation, 11.5.0.121]
[C:\Program Files\Symantec\pcAnywhere\awofrwrk.dll] [Symantec Corporation, 11.5.0.121]
[C:\Program Files\Symantec\pcAnywhere\awio.dll] [Symantec Corporation, 11.5.0.121]
[C:\Program Files\Symantec\pcAnywhere\PowerMgr.dll] [Symantec Corporation, 11.5.0.121]
[C:\Program Files\Symantec\pcAnywhere\PCACMNDG.dll] [Symantec Corporation, 11.5.0.121]
[C:\Program Files\Symantec\pcAnywhere\awgui32.dll] [Symantec Corporation, 11.5.0.121]
[C:\Program Files\Symantec\pcAnywhere\AWDS32.dll] [Symantec Corporation, 11.5.0.121]
[C:\Program Files\Symantec\pcAnywhere\awcm32.dll] [Symantec Corporation, 11.5.0.121]
[C:\Program Files\Symantec\pcAnywhere\crypto.dll] [Symantec Corporation, 11.5.0.121]
[C:\Program Files\Symantec\pcAnywhere\awtime32.dll] [Symantec Corporation, 11.5.0.121]
[C:\Program Files\Symantec\pcAnywhere\pcaime.dll] [Symantec Corporation, 11.5.0.121]
[C:\Program Files\Symantec\pcAnywhere\awRes-all.dll] [Symantec Corporation, 11.5.0.121]
[C:\Program Files\Symantec\pcAnywhere\awres-host.dll] [Symantec Corporation, 11.5.0.121]
[C:\Program Files\Symantec\pcAnywhere\AWHXPRB.DLL] [Symantec Corporation, 11.5.0.121]
[C:\Program Files\Symantec\pcAnywhere\awhprobedll.dll] [Symantec Corporation, 11.5.0.121]
[C:\Program Files\Symantec\pcAnywhere\TrayIcon.dll] [Symantec Corporation, 11.5.0.121]
[C:\Program Files\Symantec\pcAnywhere\AWDSP32.dll] [Symantec Corporation, 11.5.0.121]
[C:\Program Files\Symantec\pcAnywhere\awcp.dll] [Symantec Corporation, 11.5.0.121]
[C:\Program Files\Symantec\pcAnywhere\IMPLODE.DLL] [PKWare, 1, 0, 0, 1]
[C:\Program Files\Symantec\pcAnywhere\AWHK32.dll] [Symantec Corporation, 11.5.0.121]
[C:\Program Files\Symantec\pcAnywhere\ijl20.dll] [Intel Corporation, 2,0,13,45]
[C:\Program
五月雷 - 2007-2-2 12:57:00
Files\Symantec\pcAnywhere\AwioResources.dll] [Symantec Corporation, 11.5.0.121]
[C:\Program Files\Symantec\pcAnywhere\AWHPILOT.DLL] [Symantec Corporation, 11.5.0.121]
[C:\Program Files\Symantec\pcAnywhere\awhutil.dll] [Symantec Corporation, 11.5.0.121]
[C:\Program Files\Symantec\pcAnywhere\crypshim.dll] [Symantec Corporation, 11.5.0.121]
[C:\Program Files\Symantec\pcAnywhere\SymCrypt.dll] [Symantec Corporation, 1.0.0.8]
[C:\Program Files\Symantec\pcAnywhere\awlog32.dll] [Symantec Corporation, 11.5.0.121]
[C:\Program Files\Symantec\pcAnywhere\snmputil.dll] [Symantec Corporation, 11.5.0.121]
[C:\Program Files\Symantec\pcAnywhere\libsnmp.dll] [Symantec Corporation, 11.5.0.121]
[C:\Program Files\Symantec\pcAnywhere\AWCONN32.DLL] [Symantec Corporation, 11.5.0.121]
[C:\Program Files\Symantec\pcAnywhere\AWHLOGON.DLL] [Symantec Corporation, 11.5.0.121]
[C:\Program Files\Symantec\pcAnywhere\AWHSEQ.DLL] [Symantec Corporation, 11.5.0.121]
[C:\Program Files\Symantec\pcAnywhere\AW32TCP.DLL] [Symantec Corporation, 11.5.0.121]
[C:\Program Files\Symantec\pcAnywhere\RMcommServer.dll] [Symantec Corporation, 11.5.0.121]
[C:\Program Files\Symantec\pcAnywhere\RMcomm.dll] [Symantec Corporation, 11.5.0.121]
[C:\Program Files\Symantec\pcAnywhere\DSMgr.dll] [Symantec Corporation, 11.5.0.121]
[C:\Program Files\Symantec\pcAnywhere\awxfer.dll] [Symantec Corporation, 11.5.0.121]
[C:\Program Files\Symantec\pcAnywhere\ftstatus.dll] [Symantec Corporation, 11.5.0.121]
[C:\Program Files\Symantec\pcAnywhere\FTStatusResources.dll] [Symantec Corporation, 11.5.0.121]
[C:\Program Files\Symantec\pcAnywhere\CMDQENG.DLL] [Symantec Corporation, 11.5.0.121]
[C:\Program Files\Symantec\pcAnywhere\LocalEng.DLL] [Symantec Corporation, 11.5.0.121]
[C:\Program Files\Rising\AntiSpyware\ieprot.dll] [Beijing Rising Technology Co., Ltd., 1, 0, 0, 8]
[PID: 216][C:\Program Files\Symantec AntiVirus\DefWatch.exe] [Symantec Corporation, 10.0.0.359]
[PID: 392][C:\WINDOWS\System32\svchost.exe] [Microsoft Corporation, 5.2.3790.1830 (srv03_sp1_rtm.050324-1447)]
[PID: 404][C:\Program Files\Sonic FTP Server\ftpservice.exe] [N/A, N/A]
[PID: 552][C:\WINDOWS\system32\CBA\pds.exe] [Intel? Corporation, 6.12.0.130 E]
[C:\WINDOWS\system32\PDS.DLL] [Intel? Corporation, 6.12.0.130 E]
[C:\WINDOWS\system32\NTS.dll] [Intel? Corporation, 6.12.0.130 E]
[C:\WINDOWS\system32\loc32vc0.dll] [Intel, 3, 0, 0, 2]
[PID: 3064][C:\WINDOWS\System32\svchost.exe] [Microsoft Corporation, 5.2.3790.1830 (srv03_sp1_rtm.050324-1447)]
[PID: 3460][C:\WINDOWS\Explorer.EXE] [Microsoft Corporation, 6.00.3790.1830 (srv03_sp1_rtm.050324-1447)]
[C:\WINDOWS\system32\pmnli.dll] [N/A, N/A]
[C:\WINDOWS\system32\hggdccc.dll] [N/A, N/A]
[C:\Program Files\Common Files\Symantec Shared\SSC\vpshell2.dll] [Symantec Corporation, 10.0.0.359]
[C:\Program Files\Symantec\pcAnywhere\AWHK32.dll] [Symantec Corporation, 11.5.0.121]
[D:\PROGRA~1\ALCOHO~1\ALCOHO~1\AXShlEx.dll] [Alcohol Soft Development Team, 1.4.7.1024]
[C:\Program Files\Rising\AntiSpyware\ieprot.dll] [Beijing Rising Technology Co., Ltd., 1, 0, 0, 8]
[C:\WINDOWS\system32\fdqjbdcy.dll] [N/A, N/A]
[C:\Program Files\WinRAR\rarext.dll] [N/A, N/A]
[PID: 4092][C:\Program Files\Common Files\Symantec Shared\ccApp.exe] [Symantec Corporation, 103.5.1.9]
[C:\Program Files\Common Files\Symantec Shared\ccL35.dll] [Symantec Corporation, 103.5.1.9]
[C:\Program Files\Common Files\Symantec Shared\ccVrTrst.dll] [Symantec Corporation, 103.5.1.9]
[C:\PROGRA~1\COMMON~1\SYMANT~1\CCALERT.DLL] [Symantec Corporation, 103.5.1.9]
[C:\Program Files\Symantec\pcAnywhere\AWHK32.dll] [Symantec Corporation, 11.5.0.121]
[C:\Program Files\Rising\AntiSpyware\ieprot.dll] [Beijing Rising Technology Co., Ltd., 1, 0, 0, 8]
[PID: 2044][C:\PROGRA~1\SYMANT~1\VPTray.exe] [Symantec Corporation, 10.0.0.359]
[C:\Program Files\Symantec AntiVirus\SAVRT32.DLL] [Symantec Corporation, 9.5.0.44]
[C:\Program Files\Symantec AntiVirus\Cliproxy.dll] [Symantec Corporation, 10.0.0.359]
[C:\PROGRA~1\SYMANT~1\NAVNTUTL.DLL] [Symantec Corporation, 10.0.0.359]
[c:\program files\common files\symantec shared\ssc\ScsComms.dll] [Symantec Corporation, 10.0.0.359]
[C:\WINDOWS\system32\nts.dll] [Intel? Corporation, 6.12.0.130 E]
[C:\WINDOWS\system32\cba.dll] [Intel? Corporation, 6.12.0.130 E]
[C:\WINDOWS\system32\MsgSys.dll] [Intel? Corporation, 6.12.0.130 E]
[C:\WINDOWS\system32\PDS.DLL] [Intel? Corporation, 6.12.0.130 E]
[C:\Program Files\Symantec\pcAnywhere\AWHK32.dll] [Symantec Corporation, 11.5.0.121]
[C:\Program Files\Rising\AntiSpyware\ieprot.dll] [Beijing Rising Technology Co., Ltd., 1, 0, 0, 8]
[PID: 372][C:\WINDOWS\system32\ctfmon.exe] [Microsoft Corporation, 5.2.3790.1830 (srv03_sp1_rtm.050324-1447)]
[C:\Program Files\Symantec\pcAnywhere\AWHK32.dll] [Symantec Corporation, 11.5.0.121]
[C:\Program Files\Rising\AntiSpyware\ieprot.dll] [Beijing Rising Technology Co., Ltd., 1, 0, 0, 8]
[PID: 660][C:\Program Files\Sonic FTP Server\ftpmanager.exe] [N/A, N/A]
[C:\Program Files\Symantec\pcAnywhere\AWHK32.dll] [Symantec Corporation, 11.5.0.121]
[C:\Program Files\Rising\AntiSpyware\ieprot.dll] [Beijing Rising Technology Co., Ltd., 1, 0, 0, 8]
[PID: 232][C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe] [Microsoft Corporation, 2000.080.2039.00]
[C:\Program Files\Symantec\pcAnywhere\AWHK32.dll] [Symantec Corporation, 11.5.0.121]
[C:\Program Files\Rising\AntiSpyware\ieprot.dll] [Beijing Rising Technology Co., Ltd., 1, 0, 0, 8]
[PID: 808][C:\WINDOWS\system32\conime.exe] [Microsoft Corporation, 5.2.3790.1830 (srv03_sp1_rtm.050324-1447)]
[C:\Program Files\Symantec\pcAnywhere\AWHK32.dll] [Symantec Corporation, 11.5.0.121]
[C:\Program Files\Rising\AntiSpyware\ieprot.dll] [Beijing Rising Technology Co., Ltd., 1, 0, 0, 8]
[PID: 3692][C:\WINDOWS\system32\wbem\wmiprvse.exe] [Microsoft Corporation, 5.2.3790.1830 (srv03_sp1_rtm.050324-1447)]
[PID: 364][C:\PROGRA~1\MICROS~4\MSSQL\binn\sqlservr.exe] [Microsoft Corporation, 2000.080.2039.00]
[PID: 3848][C:\Sun\AppServer\JDK\bin\java.exe] [Sun Microsystems, Inc., 5.0.20.9]
[C:\Sun\AppServer\JDK\jre\bin\client\jvm.dll] [Sun Microsystems, Inc., 5.0.20.9]
[C:\Sun\AppServer\JDK\jre\bin\hpi.dll] [Sun Microsystems, Inc., 5.0.20.9]
[C:\Sun\AppServer\JDK\jre\bin\verify.dll] [Sun Microsystems, Inc., 5.0.20.9]
[C:\Sun\AppServer\JDK\jre\bin\java.dll] [Sun Microsystems, Inc., 5.0.20.9]
[C:\Sun\AppServer\JDK\jre\bin\zip.dll] [Sun Microsystems, Inc., 5.0.20.9]
[C:\Sun\AppServer\jdk\jre\bin\net.dll] [Sun Microsystems, Inc., 5.0.20.9]
[PID: 3532][C:\WINDOWS\System32\svchost.exe] [Microsoft Corporation, 5.2.3790.1830 (srv03_sp1_rtm.050324-1447)]
[PID: 5608][C:\WINDOWS\System32\NOTEPAD.EXE] [Microsoft Corporation, 5.2.3790.1830 (srv03_sp1_rtm.050324-1447)]
[C:\Program Files\Symantec\pcAnywhere\AWHK32.dll] [Symantec Corporation, 11.5.0.121]
[C:\Program Files\Rising\AntiSpyware\ieprot.dll] [Beijing Rising Technology Co., Ltd., 1, 0, 0, 8]
[PID: 6056][C:\WINDOWS\system32\inetsrv\inetinfo.exe] [Microsoft Corporation, 6.0.3790.1830 (srv03_sp1_rtm.050324-1447)]
[PID: 4620][C:\WINDOWS\System32\svchost.exe] [Microsoft Corporation, 5.2.3790.1830 (srv03_sp1_rtm.050324-1447)]
[PID: 5372][c:\windows\system32\inetsrv\w3wp.exe]
五月雷 - 2007-2-2 12:57:00
[Microsoft Corporation, 6.0.3790.1830 (srv03_sp1_rtm.050324-1447)]
[\\?\C:\php\sapi\php4isapi.dll] [N/A, N/A]
[C:\WINDOWS\system32\php4ts.dll] [The PHP Group, 4.4.0.0]
[c:\php\extensions\php_domxml.dll] [N/A, N/A]
[c:\php\dlls\iconv.dll] [Free Software Foundation, 1.9]
[c:\php\extensions\php_iconv.dll] [N/A, N/A]
[c:\php\extensions\php_java.dll] [N/A, N/A]
[PID: 780][c:\windows\system32\inetsrv\w3wp.exe] [Microsoft Corporation, 6.0.3790.1830 (srv03_sp1_rtm.050324-1447)]
[C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\Temporary ASP.NET Files\root\ac9331d3\1491ea63\App_Code.h_pjnuhd.dll] [N/A, 0.0.0.0]
[C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\Temporary ASP.NET Files\root\ac9331d3\1491ea63\assembly\dl3\bc4a9545\94f0f648_68f6c601\TbeCares.DLL] [ , 1.0.2484.30215]
[C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\Temporary ASP.NET Files\root\ac9331d3\1491ea63\assembly\dl3\d7ed3ddd\167ec45b_b483c601\AjaxPro.2.DLL] [Michael Schwarz, 5.11.4.2]
[C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\Temporary ASP.NET Files\root\ac9331d3\1491ea63\App_Web_tbe_av_v2.ashx.cdcab7d2.d3iafcmj.dll] [N/A, 0.0.0.0]
[C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\Temporary ASP.NET Files\root\ac9331d3\1491ea63\App_Web_tbe_av.ashx.cdcab7d2.-i3re_wv.dll] [N/A, 0.0.0.0]
[C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\Temporary ASP.NET Files\root\ac9331d3\1491ea63\App_Web_tbe_rt.ashx.cdcab7d2.rt0_9uw1.dll] [N/A, 0.0.0.0]
[C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\Temporary ASP.NET Files\root\9a96a507\a9670886\assembly\dl3\fecc6a65\e8fb0487_292ac701\AjaxPro.2.DLL] [Michael Schwarz, 6.7.2.1]
[C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\Temporary ASP.NET Files\root\9a96a507\a9670886\assembly\dl3\a7206fae\f6f5da85_292ac701\Interop.MoncaEncryptLib.DLL] [ , 1.0.0.0]
[C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\Temporary ASP.NET Files\root\9a96a507\a9670886\assembly\dl3\bdced42c\8c81b480_292ac701\TbeCares.DLL] [ , 1.0.2336.16074]
[C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\Temporary ASP.NET Files\root\9a96a507\a9670886\App_WebReferences.s-kah72j.dll] [N/A, 0.0.0.0]
[C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\Temporary ASP.NET Files\root\9a96a507\a9670886\App_Code.yfwrpm8c.dll] [N/A, 1.0.2589.19355]
[C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\Temporary ASP.NET Files\root\9a96a507\a9670886\App_Web_zrsgp1-3.dll] [N/A, N/A]
[C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\Temporary ASP.NET Files\root\9a96a507\a9670886\App_Web_zbsflx1g.dll] [N/A, N/A]
[C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\Temporary ASP.NET Files\root\9a96a507\a9670886\App_Web_operatorlogin.aspx.fdf7a39c.cjmtuip5.dll] [N/A, N/A]
[C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\Temporary ASP.NET Files\root\9a96a507\a9670886\App_Web_indexframe.aspx.fdf7a39c.dxdebu7u.dll] [N/A, N/A]
[C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\Temporary ASP.NET Files\root\9a96a507\a9670886\App_Web_index.aspx.fdf7a39c.y8x3zwwo.dll] [N/A, 0.0.0.0]
[C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\Temporary ASP.NET Files\root\9a96a507\a9670886\App_Web_default.aspx.fdf7a39c.6l8ku4cu.dll] [N/A, N/A]
[C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\Temporary ASP.NET Files\root\9a96a507\a9670886\App_Web_stateadd1_edit.aspx.fdf7a39c._ipdtkvv.dll] [N/A, N/A]
[C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\Temporary ASP.NET Files\root\9a96a507\a9670886\App_Web_calendarform.aspx.fdf7a39c.2ifdzypa.dll] [N/A, N/A]
[C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\Temporary ASP.NET Files\root\9a96a507\a9670886\App_Web_searchflight.aspx.473cc45b.f25k_0yu.dll] [N/A, N/A]
[C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\Temporary ASP.NET Files\root\9a96a507\a9670886\App_Web_nwj0vb_e.dll] [N/A, N/A]
[C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\Temporary ASP.NET Files\root\9a96a507\a9670886\App_Web_showairways.aspx.473cc45b.tjir2cmi.dll] [N/A, N/A]
[PID: 3752][C:\IMail\IMonitor.exe] [Ipswitch, Inc. , 3, 3, 11, 8]
[C:\IMail\IMailsec.dll] [Ipswitch, Inc. , 3, 3, 5, 4]
[C:\IMail\ipnotify.dll] [Ipswitch, Inc. , 3, 3, 11, 8]
[PID: 4904][C:\IMail\IMAP4D32.exe] [Ipswitch, Inc. , 3, 3, 11, 8]
[C:\IMail\IMailsec.dll] [Ipswitch, Inc. , 3, 3, 5, 4]
[C:\IMail\Mailbox.dll] [Ipswitch, Inc. , 3, 3, 5, 4]
五月雷 - 2007-2-2 12:58:00
[PID: 5984][C:\WINDOWS\system32\taskmgr.exe] [Microsoft Corporation, 5.2.3790.1830 (srv03_sp1_rtm.050324-1447)]
[C:\Program Files\Symantec\pcAnywhere\AWHK32.dll] [Symantec Corporation, 11.5.0.121]
[C:\Program Files\Rising\AntiSpyware\ieprot.dll] [Beijing Rising Technology Co., Ltd., 1, 0, 0, 8]
[PID: 2212][C:\WINDOWS\system\dllhost.exe] [N/A, N/A]
[PID: 1140][C:\Program Files\Rising\AntiSpyware\runiep.exe] [Beijing Rising Technology Co., Ltd., 1, 0, 1, 6]
[C:\Program Files\Rising\AntiSpyware\iep_ctrl.dll] [Beijing Rising Technology Co., Ltd., 1, 0, 0, 4]
[C:\Program Files\Rising\AntiSpyware\ieprot.dll] [Beijing Rising Technology Co., Ltd., 1, 0, 0, 8]
[C:\Program Files\Symantec\pcAnywhere\AWHK32.dll] [Symantec Corporation, 11.5.0.121]
[PID: 2272][C:\Program Files\Rising\AntiSpyware\Ras.exe] [Beijing Rising Technology Co., Ltd., 1, 0, 4, 5]
[C:\Program Files\Symantec\pcAnywhere\AWHK32.dll] [Symantec Corporation, 11.5.0.121]
[C:\Program Files\Rising\AntiSpyware\RasGui.dll] [Beijing Rising Technology Co., Ltd., 1, 0, 0, 19]
[C:\WINDOWS\system32\hggdccc.dll] [N/A, N/A]
[C:\Program Files\Rising\AntiSpyware\ieprot.dll] [Beijing Rising Technology Co., Ltd., 1, 0, 0, 8]
[C:\Program Files\Rising\AntiSpyware\engine.dll] [Beijing Rising Technology Co., Ltd., 19, 0, 0, 20]
[C:\Program Files\Rising\AntiSpyware\zip.dll] [rising, 13, 0, 0, 1]
[PID: 5588][C:\Program Files\Internet Explorer\iexplore.exe] [Microsoft Corporation, 6.00.3790.1830 (srv03_sp1_rtm.050324-1447)]
[C:\Program Files\Symantec\pcAnywhere\AWHK32.dll] [Symantec Corporation, 11.5.0.121]
[C:\WINDOWS\system32\pmnli.dll] [N/A, N/A]
[C:\WINDOWS\system32\fdqjbdcy.dll] [N/A, N/A]
[C:\WINDOWS\system32\KakaTool.dll] [Beijing Rising Technology Co., Ltd., 2, 0, 2, 6]
[C:\Program Files\Rising\AntiSpyware\ieprot.dll] [Beijing Rising Technology Co., Ltd., 1, 0, 0, 8]
[PID: 4660][C:\Program Files\Symantec AntiVirus\Rtvscan.exe] [Symantec Corporation, 10.0.0.359]
[C:\WINDOWS\system32\CBA.DLL] [Intel? Corporation, 6.12.0.130 E]
[C:\WINDOWS\system32\MsgSys.dll] [Intel? Corporation, 6.12.0.130 E]
[C:\WINDOWS\system32\NTS.dll] [Intel? Corporation, 6.12.0.130 E]
[C:\WINDOWS\system32\PDS.DLL] [Intel? Corporation, 6.12.0.130 E]
[C:\Program Files\Symantec AntiVirus\NAVLU.dll] [Symantec Corporation, 10.0.0.359]
[C:\Program Files\Symantec AntiVirus\NAVNTUTL.DLL] [Symantec Corporation, 10.0.0.359]
[c:\program files\common files\symantec shared\ssc\ScsComms.dll] [Symantec Corporation, 10.0.0.359]
[C:\Program Files\Symantec AntiVirus\I2ldvp3.dll] [Symantec Corporation, 10.0.0.359]
[C:\Program Files\Common Files\Symantec Shared\ccVrTrst.dll] [Symantec Corporation, 103.5.1.9]
[C:\Program Files\Common Files\Symantec Shared\ccL35.dll] [Symantec Corporation, 103.5.1.9]
[C:\Program Files\Common Files\Symantec Shared\ccDec.dll] [Symantec Corporation, 103.5.1.9]
[C:\Program Files\Common Files\Symantec Shared\Decomposers\decsdk.dll] [Symantec Corporation, 3.02.12.35]
[C:\Program Files\Common Files\Symantec Shared\Decomposers\Dec2.dll] [Symantec Corporation, 3.02.12.35]
[C:\Program Files\Common Files\Symantec Shared\Decomposers\Dec2ID.dll] [Symantec Corporation, 3.02.12.35]
[C:\Program Files\Common Files\Symantec Shared\Decomposers\Dec2Zip.dll] [Symantec Corporation, 3.02.12.35]
[C:\Program Files\Common Files\Symantec Shared\Decomposers\Dec2SS.dll] [Symantec Corporation, 3.02.12.35]
[C:\Program Files\Common Files\Symantec Shared\Decomposers\Dec2GZIP.dll] [Symantec Corporation, 3.02.12.35]
[C:\Program Files\Common Files\Symantec Shared\Decomposers\Dec2CAB.dll] [Symantec Corporation, 3.02.12.35]
[C:\Program Files\Common Files\Symantec Shared\Decomposers\Dec2LHA.dll] [Symantec Corporation, 3.02.12.35]
[C:\Program Files\Common Files\Symantec Shared\Decomposers\Dec2ARJ.dll] [Symantec Corporation, 3.02.12.35]
[C:\Program Files\Common Files\Symantec Shared\Decomposers\Dec2TNEF.dll] [Symantec Corporation, 3.02.12.35]
[C:\Program Files\Common Files\Symantec Shared\Decomposers\Dec2LZ.dll] [Symantec Corporation, 3.02.12.35]
[C:\Program Files\Common Files\Symantec Shared\Decomposers\Dec2AMG.dll] [Symantec Corporation, 3.02.12.35]
[C:\Program Files\Common Files\Symantec Shared\Decomposers\Dec2RAR.dll] [Symantec Corporation, 3.02.12.35]
[C:\Program Files\Common Files\Symantec Shared\Decomposers\Dec2TAR.dll] [Symantec Corporation, 3.02.12.35]
[C:\Program Files\Common Files\Symantec Shared\Decomposers\Dec2RTF.dll] [Symantec Corporation, 3.02.12.35]
[C:\Program Files\Common Files\Symantec Shared\Decomposers\Dec2Text.dll] [Symantec Corporation, 3.02.12.35]
[C:\Program Files\Common Files\Symantec Shared\ccScan.dll] [Symantec Corporation, 103.5.1.9]
[C:\Program Files\Common Files\Symantec Shared\ecmldr32.DLL] [Symantec Corporation, 1.4.0.11]
[C:\PROGRA~1\COMMON~1\SYMANT~1\VIRUSD~1\20070131.021\ccEraser.dll] [Symantec Corporation, 106.3.3.2]
[C:\Program Files\Symantec AntiVirus\DefUtDCD.dll] [Symantec Corporation, 3.1.13a.0]
[C:\PROGRA~1\COMMON~1\SYMANT~1\VIRUSD~1\20070131.021\ecmsvr32.dll] [Symantec Corporation, 71.1.0.11]
[C:\PROGRA~1\COMMON~1\SYMANT~1\VIRUSD~1\20070131.021\NAVEX32a.DLL] [Symantec Corporation, 20071.1.1.10]
[C:\PROGRA~1\COMMON~1\SYMANT~1\VIRUSD~1\20070131.021\NAVENG32.DLL] [Symantec Corporation, 20071.1.1.10]
[C:\Program Files\Symantec AntiVirus\NAVAP32.DLL] [Symantec Corporation, 9.5.0.44]
[C:\Program Files\Symantec AntiVirus\SAVRT32.DLL] [Symantec Corporation, 9.5.0.44]
[C:\Program Files\Symantec AntiVirus\SymProtectStorage.dll] [Symantec Corporation, 10.0.0.359]
[C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCEvt.dll] [Symantec Corporation, 1,5,1,3]
[C:\Program Files\Symantec\pcAnywhere\AWHK32.dll] [Symantec Corporation, 11.5.0.121]
[C:\Program Files\Rising\AntiSpyware\ieprot.dll] [Beijing Rising Technology Co., Ltd., 1, 0, 0, 8]
[PID: 2572][C:\Documents and Settings\Administrator\桌面\20061271247623938\AVG Anti-Spyware 7.5\avgas.exe] [Anti-Malware Development a.s., 7, 5, 0, 50]
[C:\Documents and Settings\Administrator\桌面\20061271247623938\AVG Anti-Spyware 7.5\engine.dll] [Anti-Malware Development a.s., 4, 2, 0, 15]
[C:\Program Files\Symantec\pcAnywhere\AWHK32.dll] [Symantec Corporation, 11.5.0.121]
[C:\Program Files\Rising\AntiSpyware\ieprot.dll] [Beijing Rising Technology Co., Ltd., 1, 0, 0, 8]
[PID: 2592][E:\softbak\temp\SREng\SREng.exe] [Smallfrogs Studio, 2.2.6.605]
[C:\Program Files\Symantec\pcAnywhere\AWHK32.dll] [Symantec Corporation, 11.5.0.121]
[C:\Program Files\Rising\AntiSpyware\ieprot.dll] [Beijing Rising Technology Co., Ltd., 1, 0, 0, 8]
==================================
文件关联
.TXT OK. [%SystemRoot%\system32\NOTEPAD.EXE %1]
.EXE OK. ["%1" %*]
.COM OK. ["%1" %*]
.PIF OK. ["%1" %*]
.REG OK. [regedit.exe "%1"]
.BAT OK. ["%1" %*]
.SCR OK. ["%1" /S]
.CHM OK. ["C:\WINDOWS\hh.exe" %1]
.HLP OK. [%SystemRoot%\System32\winhlp32.exe %1]
.INI OK. [%SystemRoot%\System32\NOTEPAD.EXE %1]
.INF OK. [%SystemRoot%\System32\NOTEPAD.EXE %1]
.VBS OK. [%SystemRoot%\System32\WScript.exe "%1" %*]
.JS OK. [%SystemRoot%\System32\WScript.exe "%1" %*]
.LNK OK. [{00021401-0000-0000-C000-000000000046}]
==================================
Winsock 提供者
N/A
==================================
Autorun.inf
N/A
==================================
HOSTS 文件
127.0.0.1 localhost
==================================
五月雷 - 2007-2-2 12:59:00
请大家多多帮忙看看,给点意见......
五月雷 - 2007-2-2 13:18:00
顶啊 沉的太快了
五月雷 - 2007-2-2 13:25:00
大家都吃饭去了吗?
五月雷 - 2007-2-2 13:43:00
论坛人真多 一会帖子就沉了
303266474 - 2007-2-2 13:57:00
说实话,没看出来什么明显的.楼下看出来了吗?
五月雷 - 2007-2-2 14:05:00
系统是新装的 但是今天上去看system下面有好几个可疑文件了
rixing123456 - 2007-2-2 14:11:00
路过...帮你顶一下
五月雷 - 2007-2-2 14:52:00
谢谢楼上的
五月雷 - 2007-2-2 17:06:00
有没有高手指点一下?
长期潜水 - 2007-2-2 17:15:00
WinlogonNotify下的几个DLL
系统补丁是否都打齐了?
现在重点不是杀毒,而是弄清楚如何被入侵的
五月雷 - 2007-2-2 17:39:00
WinlogonNotify: hggdccc><hggdccc.dll> [N/A]
WinlogonNotify: pmnli><C:\WINDOWS\system32\pmnli.dll> [N/A]
WinlogonNotify: qomlijg><qomlijg.dll> [N/A]
WinlogonNotify: yaywvvt><yaywvvt.dll> [N/A]
这几个DLL 确实很可疑 谢谢提醒 貌似帖子我发错地方了。。我应该去安全软件论坛发的。。。平常只逛这个版区 其他版区没去过
入侵防范....说实话 经验不多 愁啊
1
© 2000 - 2026 Rising Corp. Ltd.