瑞星卡卡安全论坛技术交流区反病毒/反流氓软件论坛 【求助】用ewido3.5全面扫描的方式扫描出Spyware.HDTBar

123   2  /  3  页   跳转

【求助】用ewido3.5全面扫描的方式扫描出Spyware.HDTBar

[C:\WINDOWS\system32\SymNeti.DLL] <Symantec Corporation><5.5.1.6>
  [C:\Program Files\Norton Internet Security\Norton AntiVirus\NAVAPSCR.dll] <Symantec Corporation><10.00.13>
  [C:\Program Files\Norton Internet Security\Norton AntiVirus\SAVRT32.DLL] <Symantec Corporation><      >
  [C:\Program Files\Norton Internet Security\Norton AntiVirus\NAVError.dll] <Symantec Corporation><10.00.13>
  [C:\PROGRA~1\NORTON~1\NORTON~1\NAVOpts.dll] <Symantec Corporation><10.00.13>
  [C:\PROGRA~1\NORTON~1\NORTON~1\N32Exclu.dll] <Symantec Corporation><10.00.13>
  [C:\PROGRA~1\NORTON~1\NORTON~1\S32NAVO.DLL] <Symantec Corporation><5.3.0.182>
  [C:\Program Files\Common Files\Symantec Shared\ccSetEvt.dll] <Symantec Corporation><2.1.3.4>
  [C:\Program Files\Common Files\Symantec Shared\ccProSub.dll] <Symantec Corporation><2.1.3.4>
  [C:\Program Files\Norton Internet Security\NISRes.dll] <Symantec Corporation><7.0.0.177>
  [C:\Program Files\Symantec\LiveUpdate\NetDetectController.DLL] <Symantec Corporation><1.90.15.0>
gototop
 

[PID: 304][C:\WINDOWS\Explorer.EXE] <Microsoft Corporation><6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)>
  [C:\PROGRA~1\COMMON~1\SYMANT~1\ANTISPAM\asOEHook.dll] <Symantec Corporation><2004.1.00.147>
  [E:\security suite\shellhook.dll] <N/A><N/A>
[PID: 472][C:\WINDOWS\System32\alg.exe] <Microsoft Corporation><5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)>
[PID: 2100][C:\WINDOWS\SOUNDMAN.EXE] <Realtek Semiconductor Corp.><5.0.19>
[PID: 2172][C:\Program Files\Common Files\Symantec Shared\ccApp.exe] <Symantec Corporation><2.1.3.4>
  [C:\Program Files\Symantec\LiveUpdate\ProductRegCom.DLL] <Symantec Corporation><1.90.15.0>
  [C:\Program Files\Symantec\LiveUpdate\LuComServerPS.DLL] <Symantec Corporation><1.90.15.0>
  [C:\Program Files\Common Files\Symantec Shared\ccVrTrst.dll] <Symantec Corporation><2.1.3.4>
  [C:\PROGRA~1\COMMON~1\SYMANT~1\ANTISPAM\ASLOADER.DLL] <Symantec Corporation><2004.1.00.147>
  [C:\PROGRA~1\COMMON~1\SYMANT~1\ANTISPAM\asOEHook.dll] <Symantec Corporation><2004.1.00.147>
  [C:\PROGRA~1\COMMON~1\SYMANT~1\CCALERT.DLL] <Symantec Corporation><2.1.3.4>
  [C:\PROGRA~1\COMMON~1\SYMANT~1\CCEMLPXY.DLL] <Symantec Corporation><2.1.3.4>
  [C:\WINDOWS\system32\SYMREDIR.dll] <Symantec Corporation><5.5.1.6>
  [C:\PROGRA~1\NORTON~1\ISLALERT.DLL] <Symantec Corporation><7.0.3.8>
  [C:\PROGRA~1\NORTON~1\NISRES.DLL] <Symantec Corporation><7.0.0.177>
  [C:\Program Files\Common Files\Symantec Shared\ccSet.dll] <Symantec Corporation><2.1.3.4>
  [C:\PROGRA~1\NORTON~1\NISPROD.DLL] <Symantec Corporation><7.0.3.8>
  [C:\PROGRA~1\NORTON~1\NORTON~1\CCIMSCAN.DLL] <Symantec Corporation><10.0.2.610>
  [C:\Program Files\Common Files\Symantec Shared\ccSetEvt.dll] <Symantec Corporation><2.1.3.4>
  [C:\PROGRA~1\NORTON~1\NORTON~1\DEFALERT.DLL] <Symantec Corporation><10.00.13>
  [C:\PROGRA~1\NORTON~1\NORTON~1\NAVAPW32.DLL] <Symantec Corporation><10.00.13>
  [C:\PROGRA~1\NORTON~1\NORTON~1\apwutil.dll] <Symantec Corporation><10.00.13>
  [C:\PROGRA~1\NORTON~1\NORTON~1\SAVRT32.DLL] <Symantec Corporation><      >
  [C:\Program Files\Common Files\Symantec Shared\ccProSub.dll] <Symantec Corporation><2.1.3.4>
  [C:\Program Files\Norton Internet Security\NISLCOM.dll] <Symantec Corporation><7.0.3.8>
  [C:\PROGRA~1\NORTON~1\SYMFWAGT.DLL] <Symantec Corporation><7.0.3.700>
  [C:\PROGRA~1\NORTON~1\NISALERT.DLL] <Symantec Corporation><7.0.3.700>
  [C:\WINDOWS\system32\SymNeti.DLL] <Symantec Corporation><5.5.1.6>
  [C:\PROGRA~1\NORTON~1\ccFWRuls.dll] <Symantec Corporation><7.0.3.700>
  [C:\PROGRA~1\NORTON~1\TLevel.dll] <Symantec Corporation><7.0.3.700>
  [C:\Program Files\Common Files\Symantec Shared\AntiSpam\asFilter.dll] <Symantec Corporation><2004.1.00.147>
  [C:\Program Files\Norton Internet Security\Norton AntiVirus\NAVOPTRF.DLL] <Symantec Corporation><10.00.2>
  [C:\Program Files\Norton Internet Security\Norton AntiVirus\apwcmdnt.dll] <Symantec Corporation><10.00.13>
  [C:\Program Files\Common Files\Symantec Shared\ccLogin.dll] <Symantec Corporation><2.1.3.4>
  [C:\Program Files\Common Files\Symantec Shared\AntiSpam\asUniPlg.dll] <Symantec Corporation><2004.1.00.147>
  [C:\Program Files\Common Files\Symantec Shared\AntiSpam\asSpmEvt.dll] <Symantec Corporation><2004.1.00.147>
  [C:\Program Files\Norton Internet Security\Norton AntiVirus\NavEmail.dll] <Symantec Corporation><10.0.2.610>
gototop
 

[C:\Program Files\Common Files\Symantec Shared\ccPxyEvt.dll] <Symantec Corporation><2.1.3.4>
  [C:\Program Files\Norton Internet Security\NisEmail.dll] <Symantec Corporation><7.0.3.8>
  [C:\PROGRA~1\NORTON~1\NORTON~1\NAVOpts.dll] <Symantec Corporation><10.00.13>
  [C:\PROGRA~1\NORTON~1\NORTON~1\N32Exclu.dll] <Symantec Corporation><10.00.13>
  [C:\PROGRA~1\NORTON~1\NORTON~1\S32NAVO.DLL] <Symantec Corporation><5.3.0.182>
  [C:\Program Files\Norton Internet Security\Norton AntiVirus\NAVError.dll] <Symantec Corporation><10.00.13>
  [C:\Program Files\Norton Internet Security\Norton AntiVirus\NAVAPSCR.dll] <Symantec Corporation><10.00.13>
  [C:\Program Files\Common Files\Symantec Shared\LiveReg\iraLSCl2.dll] <Symantec Corporation><2.4.1.2056>
  [C:\Program Files\Common Files\Symantec Shared\LiveReg\IraVcLc3.dll] <Symantec Corporation><2.4.1.2056>
  [C:\Program Files\Symantec\LiveUpdate\NetDetectController.DLL] <Symantec Corporation><1.90.15.0>
[PID: 2288][D:\gcasServ.exe] <Microsoft Corporation><1.00.0615>
[PID: 2296][C:\WINDOWS\system32\ctfmon.exe] <Microsoft Corporation><5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)>
[PID: 2340][D:\gcasDtServ.exe] <Microsoft Corporation><1.00.0615>
  [C:\PROGRA~1\COMMON~1\SYMANT~1\ANTISPAM\asOEHook.dll] <Symantec Corporation><2004.1.00.147>
[PID: 2344][C:\Program Files\Messenger\msmsgs.exe] <Microsoft Corporation><4.7.3001>
[PID: 2616][C:\Program Files\Internet Explorer\iexplore.exe] <Microsoft Corporation><6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)>
  [C:\PROGRA~1\COMMON~1\SYMANT~1\ANTISPAM\asOEHook.dll] <Symantec Corporation><2004.1.00.147>
  [C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll] <Symantec Corporation><7.0.0.177>
  [D:\SPYBOT~1\SDHelper.dll] <Safer Networking Limited><1, 4, 0, 0>
  [E:\qq\QQIEHelper.dll] <深圳市腾讯计算机系统有限公司><1, 1, 0, 5>
  [C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll] <Symantec Corporation><10.00.13>
  [C:\Program Files\Common Files\Symantec Shared\Script Blocking\scrauth.dll] <Symantec Corporation><1, 1, 1, 131>
  [C:\Program Files\Common Files\Symantec Shared\Script Blocking\ScrBlock.dll] <Symantec Corporation><1, 1, 1, 131>
[PID: 2264][C:\Program Files\Internet Explorer\iexplore.exe] <Microsoft Corporation><6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)>
  [C:\PROGRA~1\COMMON~1\SYMANT~1\ANTISPAM\asOEHook.dll] <Symantec Corporation><2004.1.00.147>
  [C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll] <Symantec Corporation><7.0.0.177>
  [D:\SPYBOT~1\SDHelper.dll] <Safer Networking Limited><1, 4, 0, 0>
  [E:\qq\QQIEHelper.dll] <深圳市腾讯计算机系统有限公司><1, 1, 0, 5>
  [C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll] <Symantec Corporation><10.00.13>
  [C:\Program Files\Common Files\Symantec Shared\Script Blocking\scrauth.dll] <Symantec Corporation><1, 1, 1, 131>
  [C:\Program Files\Common Files\Symantec Shared\Script Blocking\ScrBlock.dll] <Symantec Corporation><1, 1, 1, 131>
  [C:\WINDOWS\system32\macromed\flash\Flash.ocx] <Macromedia, Inc.><7,0,19,0>
[PID: 1100][C:\DOCUME~1\张军\LOCALS~1\Temp\Rar$EX00.594\SREng.exe] <Smallfrogs Studio><1.1.0.269>
  [C:\PROGRA~1\COMMON~1\SYMANT~1\ANTISPAM\asOEHook.dll] <Symantec Corporation><2004.1.00.147>

gototop
 

==================================
文件关联
.TXT OK. [C:\WINDOWS\system32\NOTEPAD.EXE %1]
.EXE OK. ["%1" %*]
.COM OK. ["%1" %*]
.PIF OK. ["%1" %*]
.REG OK. [regedit.exe "%1"]
.BAT OK. ["%1" %*]
.SCR OK. ["%1" /S]
.CHM OK. ["C:\WINDOWS\hh.exe" %1]
.HLP OK. [C:\WINDOWS\System32\winhlp32.exe %1]
.INI OK. [C:\WINDOWS\System32\NOTEPAD.EXE %1]
.INF OK. [C:\WINDOWS\System32\NOTEPAD.EXE %1]

==================================

gototop
 

【回复“雪山铁骑”的帖子】
O4 - HKLM\..\Run: [gcasServ] "D:\gcasServ.exe"
这是什么?
gototop
 

【回复“baohe”的帖子】
安装AntiSpyware后会出现这个gcasServ.exe启动项。
gototop
 

引用:
【baohe的贴子】【回复“雪山铁骑”的帖子】
O4 - HKLM\..\Run: [gcasServ] "D:\gcasServ.exe"
这是什么?
...........................

这是Microsoft Antispyware的启动项
gototop
 

【回复“雪山铁骑”的帖子】
请问能提供完整的注册表位置吗?指第一幅图显示的。
gototop
 

baohe斑竹为何ewido 3.5能扫描出Spyware.HDTBar,而诺顿杀毒软件却没查出来,会不会是ewido 3.5误报?请baohe斑竹解释?谢谢!
gototop
 

到该软件主页搜索一下相关资料


Bar?
gototop
 
123   2  /  3  页   跳转
页面顶部
Powered by Discuz!NT