瑞星卡卡安全论坛技术交流区反病毒/反流氓软件论坛 【求助】有2个winlogon进程,怎么都搞不掉,急等

12   2  /  2  页   跳转

【求助】有2个winlogon进程,怎么都搞不掉,急等

收藏
如影随行1
头像
初生襁褓狮
  • 帖子:50
  • 注册: 2006-10-11
  • 来自:
发表于: 2006-10-11 18:20 | 只看楼主 短消息 资料
字号: 11楼

[C:\Program Files\Alwil Software\Avast4\AhJsctNs.dll]  <ALWIL Software><4, 7, 889, 0>
[PID: 296][C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe]  <N/A><N/A>
    [C:\Program Files\Alwil Software\Avast4\aswCmnS.dll]  <ALWIL Software><4, 7, 889, 0>
    [C:\Program Files\Alwil Software\Avast4\aswCmnOS.dll]  <ALWIL Software><4, 7, 889, 0>
    [C:\Program Files\Alwil Software\Avast4\aswCmnB.dll]  <ALWIL Software><4, 7, 889, 0>
[PID: 308][C:\Program Files\Alwil Software\Avast4\ashServ.exe]  <N/A><4, 7, 889, 0>
    [C:\Program Files\Alwil Software\Avast4\aswAux.dll]  <ALWIL Software><4, 7, 889, 0>
    [C:\Program Files\Alwil Software\Avast4\aswCmnB.dll]  <ALWIL Software><4, 7, 889, 0>
    [C:\Program Files\Alwil Software\Avast4\aswCmnOS.dll]  <ALWIL Software><4, 7, 889, 0>
    [C:\Program Files\Alwil Software\Avast4\aswEngin.dll]  <ALWIL Software><4, 7, 892, 0>
    [C:\Program Files\Alwil Software\Avast4\aswScan.dll]  <ALWIL Software><4, 7, 889, 0>
    [C:\Program Files\Alwil Software\Avast4\aswCmnS.dll]  <ALWIL Software><4, 7, 889, 0>
    [C:\Program Files\Alwil Software\Avast4\ashBase.dll]  <ALWIL Software><4, 7, 889, 0>
    [C:\Program Files\Alwil Software\Avast4\ashTask.dll]  <ALWIL Software><4, 7, 889, 0>
    [C:\Program Files\Alwil Software\Avast4\aswInteg.dll]  <ALWIL Software><4, 7, 889, 0>
    [C:\Program Files\Alwil Software\Avast4\aswIdle.dll]  <ALWIL Software><4, 7, 889, 0>
    [C:\Program Files\Alwil Software\Avast4\Aavm4h.dll]  <ALWIL Software><4, 7, 889, 0>
    [C:\Program Files\Alwil Software\Avast4\ChineseS\Base.dll]  <ALWIL Software><4, 7, 889, 0>
    [C:\Program Files\Alwil Software\Avast4\UNACEV2.DLL]  <N/A><N/A>
    [C:\Program Files\Alwil Software\Avast4\AhResStd.dll]  <ALWIL Software><4, 7, 889, 0>
    [C:\Program Files\Alwil Software\Avast4\AhResWS.dll]  <ALWIL Software><4, 7, 889, 0>
    [C:\Program Files\Alwil Software\Avast4\AhResJs.dll]  <ALWIL Software><4, 7, 889, 0>
    [C:\Program Files\Alwil Software\Avast4\AhResMai.dll]  <ALWIL Software><4, 7, 889, 0>
    [C:\Program Files\Alwil Software\Avast4\ahResMes.dll]  <ALWIL Software><4, 7, 889, 0>
    [C:\Program Files\Alwil Software\Avast4\AhResNS.dll]  <ALWIL Software><4, 7, 889, 0>
    [C:\Program Files\Alwil Software\Avast4\AhResOut.dll]  <ALWIL Software><4, 7, 889, 0>
    [C:\Program Files\Alwil Software\Avast4\ahResP2P.dll]  <ALWIL Software><4, 7, 889, 0>
    [C:\Program Files\Alwil Software\Avast4\ashSSqlt.dll]  <ALWIL Software><4, 6, 763, 0>
    [C:\Program Files\Alwil Software\Avast4\AhJsctNs.dll]  <ALWIL Software><4, 7, 889, 0>
[PID: 464][C:\WINDOWS\System32\svchost.exe]  <Microsoft Corporation><5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)>
[PID: 948][C:\WINDOWS\system32\svchost.exe]  <Microsoft Corporation><5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)>
[PID: 1152][C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe]  <ALWIL Software><4, 7, 889, 0>
    [C:\Program Files\Alwil Software\Avast4\ashUInt.dll]  <ALWIL Software><4, 7, 889, 0>
    [C:\Program Files\Alwil Software\Avast4\ashBase.dll]  <ALWIL Software><4, 7, 889, 0>
    [C:\Program Files\Alwil Software\Avast4\aswCmnOS.dll]  <ALWIL Software><4, 7, 889, 0>
    [C:\Program Files\Alwil Software\Avast4\aswCmnB.dll]  <ALWIL Software><4, 7, 889, 0>
    [C:\Program Files\Alwil Software\Avast4\aswCmnS.dll]  <ALWIL Software><4, 7, 889, 0>
    [C:\Program Files\Alwil Software\Avast4\XT1922.dll]  <Codejock Software><1, 9, 4, 0>
    [C:\Program Files\Alwil Software\Avast4\Aavm4h.dll]  <ALWIL Software><4, 7, 889, 0>
    [C:\Program Files\Alwil Software\Avast4\ashTask.dll]  <ALWIL Software><4, 7, 889, 0>
    [C:\Program Files\Alwil Software\Avast4\aswAux.dll]  <ALWIL Software><4, 7, 889, 0>
    [C:\Program Files\Alwil Software\Avast4\AhResMai.dll]  <ALWIL Software><4, 7, 889, 0>
    [C:\Program Files\Alwil Software\Avast4\ChineseS\Base.dll]  <ALWIL Software><4, 7, 889, 0>
    [C:\Program Files\Alwil Software\Avast4\aswEngin.dll]  <ALWIL Software><4, 7, 892, 0>
    [C:\Program Files\Alwil Software\Avast4\aswScan.dll]  <ALWIL Software><4, 7, 889, 0>
    [C:\Program Files\Alwil Software\Avast4\ChineseS\Lang.dll]  <ALWIL Software><4, 7, 889, 0>
    [C:\Program Files\Alwil Software\Avast4\ChineseS\langmai.dll]  <ALWIL Software><4, 7, 889, 0>
    [C:\Program Files\Alwil Software\Avast4\AhJsctNs.dll]  <ALWIL Software><4, 7, 889, 0>
[PID: 1356][C:\Program Files\Alwil Software\Avast4\ashWebSv.exe]  <ALWIL Software><4, 7, 889, 0>
    [C:\Program Files\Alwil Software\Avast4\ashBase.dll]  <ALWIL Software><4, 7, 889, 0>
    [C:\Program Files\Alwil Software\Avast4\aswCmnOS.dll]  <ALWIL Software><4, 7, 889, 0>
    [C:\Program Files\Alwil Software\Avast4\aswCmnB.dll]  <ALWIL Software><4, 7, 889, 0>
    [C:\Program Files\Alwil Software\Avast4\aswCmnS.dll]  <ALWIL Software><4, 7, 889, 0>
    [C:\Program Files\Alwil Software\Avast4\Aavm4h.dll]  <ALWIL Software><4, 7, 889, 0>
    [C:\Program Files\Alwil Software\Avast4\ashTask.dll]  <ALWIL Software><4, 7, 889, 0>
    [C:\Program Files\Alwil Software\Avast4\aswAux.dll]  <ALWIL Software><4, 7, 889, 0>
    [C:\Program Files\Alwil Software\Avast4\ChineseS\Base.dll]  <ALWIL Software><4, 7, 889, 0>
    [C:\Program Files\Alwil Software\Avast4\ashWsFtr.dll]  <ALWIL Software><4, 7, 889, 0>
    [C:\Program Files\Alwil Software\Avast4\aswScan.dll]  <ALWIL Software><4, 7, 889, 0>
    [C:\PROGRA~1\ALWILS~1\Avast4\AhResWs.dll]  <ALWIL Software><4, 7, 889, 0>
    [C:\Program Files\Alwil Software\Avast4\aswEngin.dll]  <ALWIL Software><4, 7, 892, 0>
[PID: 1868][c:\windows\system32\wbem\winlogon.exe]  <Microsoft><1.0.0.0>
    [C:\Program Files\Alwil Software\Avast4\AhJsctNs.dll]  <ALWIL Software><4, 7, 889, 0>
[PID: 1316][C:\WINDOWS\System32\alg.exe]  <Microsoft Corporation><5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)>
[PID: 3868][C:\WINDOWS\system32\wuauclt.exe]  <Microsoft Corporation><5.8.0.2469 built by: lab01_n(wmbla)>
[PID: 496][C:\WINDOWS\system32\rundll32.exe]  <Microsoft Corporation><5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)>
    [C:\Program Files\DeskAdTop\Run.dll]  <><1, 0, 0, 1>
    [C:\Program Files\Alwil Software\Avast4\AhJsctNs.dll]  <ALWIL Software><4, 7, 889, 0>
    [C:\Program Files\DeskAdTop\fshook.dll]  <><1, 0, 0, 1>
[PID: 2988][C:\Documents and Settings\Owner\桌面\SREng2\SREng.exe]  <Smallfrogs Studio><2.0.21.505>
    [C:\Program Files\Alwil Software\Avast4\AhJsctNs.dll]  <ALWIL Software><4, 7, 889, 0>
    [C:\Program Files\DeskAdTop\fshook.dll]  <><1, 0, 0, 1>
[PID: 3000][C:\Program Files\Internet Explorer\IEXPLORE.EXE]  <Microsoft Corporation><6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)>
    [C:\Program Files\Alwil Software\Avast4\AhJsctNs.dll]  <ALWIL Software><4, 7, 889, 0>
    [C:\Program Files\DeskAdTop\fshook.dll]  <><1, 0, 0, 1>
    [C:\Program Files\DeskAdTop\deskipn.dll]  <><1, 0, 0, 1>
    [C:\WINDOWS\system32\sys32version.dll]  <N/A><N/A>
    [C:\WINDOWS\system32\Macromed\Flash\Flash9.ocx]  <Adobe Systems, Inc.><9,0,16,0>
[PID: 3228][C:\Program Files\Internet Explorer\iexplore.exe]  <Microsoft Corporation><6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)>
    [C:\Program Files\Alwil Software\Avast4\AhJsctNs.dll]  <ALWIL Software><4, 7, 889, 0>
    [C:\Program Files\DeskAdTop\deskipn.dll]  <><1, 0, 0, 1>
    [C:\WINDOWS\system32\sys32version.dll]  <N/A><N/A>

==================================
文件关联
.TXT  OK. [%SystemRoot%\system32\NOTEPAD.EXE %1]
.EXE  OK. ["%1" %*]
.COM  OK. ["%1" %*]
.PIF  OK. ["%1" %*]
.REG  OK. [regedit.exe "%1"]
.BAT  OK. ["%1" %*]
.SCR  OK. ["%1" /S]
.CHM  Error. ["hh.exe" %1]
.HLP  Error. [winhlp32.exe %1]
.INI  OK. [%SystemRoot%\System32\NOTEPAD.EXE %1]
.INF  OK. [%SystemRoot%\System32\NOTEPAD.EXE %1]
.VBS  OK. [%SystemRoot%\System32\WScript.exe "%1" %*]
.JS  OK. [%SystemRoot%\System32\WScript.exe "%1" %*]
.LNK  OK. [{00021401-0000-0000-C000-000000000046}]

==================================
Winsock 提供者

==================================
gototop
 
如影随行1
头像
初生襁褓狮
  • 帖子:50
  • 注册: 2006-10-11
  • 来自:
发表于: 2006-10-11 18:35 | 只看楼主 短消息 资料
字号: 12楼

在此日志前已将rundl132.dll从注册表清除
gototop
 
snliuxun
头像
初生襁褓狮
  • 帖子:181
  • 注册: 2006-10-08
  • 来自:
发表于: 2006-10-11 20:48 | 短消息 资料
字号: 13楼

用sreng2修复以下项
打开sereng2点 启动项目  注册表
删除以下项
C:\setupcmd.exe

然后点 服务 点 "win32 服务应用程序" 勾选 隐藏微软服务
选分别先下列服务 设置为disabled 或 否
[systeem / systeem]
<C:\WINDOWS\G_Server1.23.exe>
打开sreng2
点 系统修恢 浏览器加载项
删除以下项
C:\Program Files\DeskAdTop\deskipn.dll
C:\WINDOWS\system32\sys32version.dll





打开sreng2
点 系统修复 文件关联 点全选 点修复

重启安全模用超级兔子清理所有提示垃圾软件
删除以下文件
结束c:\windows\system32\wbem\winlogon.exe进程
杀进程工具procexp
下载地址:http://www.liuxun.net.cn/soft/tools/index_2.html

C:\Program Files\DeskAdTop\deskipn.dll
C:\WINDOWS\system32\sys32version.dll
C:\Program Files\DeskAdTop\fshook.dll
C:\Program Files\DeskAdTop\Run.dll
C:\WINDOWS\G_Server1.23.exe
c:\windows\system32\wbem\winlogon.exe
C:\setupcmd.exe
gototop
 
我无邪
头像
高贵耄耋狮
  • 帖子:20720
  • 注册: 2004-06-10
  • 来自:广西玉林
发表于: 2006-10-11 21:21 | 短消息 资料
字号: 14楼

楼主要密切注意c:\windows\system32\wbem\winlogon.exe
如果重启后,他还在
请到www.27814939.ys168.com,点“我的软件”下载ForceKill.exe
删除
c:\windows\system32\wbem\winlogon.exe
删除时勾选“防止文件再次生成”点“删除”
gototop
 
如影随行1
头像
初生襁褓狮
  • 帖子:50
  • 注册: 2006-10-11
  • 来自:
发表于: 2006-10-12 12:33 | 只看楼主 短消息 资料
字号: 15楼

Winlogon的问题不在了,又出现新的问题

2006-10-12,12:18:56

System Repair Engineer 2.2.6.605
Smallfrogs (http://www.KZTechs.com)

Windows XP Home Edition Service Pack 2 (Build 2600)
- 管理权限用户 - 完整功能

以下内容被选中:
    所有的启动项目(包括注册表、启动文件夹、服务等)
    浏览器加载项
    正在运行的进程(包括进程模块信息)
    文件关联
    Winsock 提供者
    Autorun.inf
    HOSTS 文件


启动项目
注册表
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
    <ctfmon.exe><C:\windows\system32\ctfmon.exe>  [(Verified)Microsoft Corporation]
[HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows]
    <load><C:\PROGRA~1\svhost32.exe>  [N/A]
    <run><>  [N/A]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
    <IMJPMIG8.1><"C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32>  [(Verified)Microsoft Corporation]
    <PHIME2002ASync><C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC>  [(Verified)Microsoft Corporation]
    <PHIME2002A><C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName>  [(Verified)Microsoft Corporation]
    <SoundMAXPnP><C:\Program Files\Analog Devices\Core\smax4pnp.exe>  [(Verified)Analog Devices, Inc.]
    <IgfxTray><C:\WINDOWS\system32\igfxtray.exe>  [(Verified)Intel Corporation]
    <HotKeysCmds><C:\WINDOWS\system32\hkcmd.exe>  [(Verified)Intel Corporation]
    <avast!><C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe>  [(Verified)N/A]
    <IMSCMig><; C:\PROGRA~1\COMMON~1\MICROS~1\IME\IMSC40A\IMSCMIG.EXE /Preload>  [(Verified)Microsoft Corporation]
    <pdfFactory Pro 分配器 v2><"C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\fppdis2a.exe" /runonce>  [FinePrint Software, LLC]
    <Tray><C:\windows\command\rundll32.exe>  [N/A]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
    <shell><Explorer.exe>  [(Verified)Microsoft Corporation]
    <Userinit><C:\windows\system32\userinit.exe,>  [(Verified)Microsoft Corporation]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Windows]
    <AppInit_DLLs><>  [N/A]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
    <UIHost><logonui.exe>  [(Verified)Microsoft Corporation]

==================================
启动文件夹
N/A

==================================
服务
[avast! iAVS4 Control Service / aswUpdSv]
  <"C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe"><N/A>
[avast! Antivirus / avast! Antivirus]
  <"C:\Program Files\Alwil Software\Avast4\ashServ.exe"><N/A>
[avast! Mail Scanner / avast! Mail Scanner]
  <"C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service><ALWIL Software>
[avast! Web Scanner / avast! Web Scanner]
  <"C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service><ALWIL Software>

==================================
驱动程序
[avast! Asynchronous Virus Monitor / Aavmker4]
  <C:\windows\SYSTEM32\DRIVERS\Aavmker4.SYS><ALWIL Software>
[avast! Standard Shield Support / aswMon2]
  <C:\windows\SYSTEM32\DRIVERS\aswMon2.SYS><ALWIL Software>
[aswRdr / aswRdr]
  <C:\windows\SYSTEM32\DRIVERS\aswRdr.SYS><ALWIL Software>
[avast! Network Shield Support / aswTdi]
  <C:\windows\SYSTEM32\DRIVERS\aswTdi.SYS><ALWIL Software>
[Broadcom 440x 10/100 Integrated Controller XP Driver / bcm4sbxp]
  <system32\DRIVERS\bcm4sbxp.sys><Broadcom Corporation>
[cmswpy49 / cmswpy49]
  <\??\C:\WINDOWS\system32\drivers\cmswpy49.sys><Microsoft Corporation>
[ialm / ialm]
  <system32\DRIVERS\ialmnt5.sys><Intel Corporation>
[OMCI / OMCI]
  <\SystemRoot\SYSTEM32\DRIVERS\OMCI.SYS><Dell Computer Corporation>
[Direct Parallel Link Driver / Ptilink]
  <system32\DRIVERS\ptilink.sys><Parallel Technologies, Inc.>
[senfilt / senfilt]
  <system32\drivers\senfilt.sys><Creative Technology Ltd.>
[uamlif18 / uamlif18]
  <\??\C:\WINDOWS\system32\drivers\uamlif18.sys><Microsoft Corporation>

==================================
浏览器加载项
[Shockwave Flash Object]
  {D27CDB6E-AE6D-11CF-96B8-444553540000} <C:\WINDOWS\system32\Macromed\Flash\Flash9.ocx, Adobe Systems, Inc.>
[HTML Document]
  {25336920-03F9-11CF-8FD0-00AA00686F13} <%SystemRoot%\system32\mshtml.dll, N/A>
[Active Desktop Mover]
  {72267F6A-A6F9-11D0-BC94-00C04FB67863} <%SystemRoot%\system32\SHELL32.dll, N/A>
[eqiso Toolbar]
  {B7D3E479-CC68-42B5-A338-938ECE35F419} <C:\Program Files\EqisoToolbar\eqiso.dll, N/A>
[AUDIO__X_MS_WMA Moniker Class]
  {CD3AFA84-B84F-48F0-9393-7EDC34128127} <C:\WINDOWS\system32\wmp.dll, Microsoft Corporation>
[Shockwave Flash Object]
  {D27CDB6E-AE6D-11CF-96B8-444553540000} <C:\WINDOWS\system32\Macromed\Flash\Flash9.ocx, Adobe Systems, Inc.>
[使用网际快车下载]
  <C:\Program Files\FlashGet\jc_link.htm, N/A>
[使用网际快车下载全部链接]
  <C:\Program Files\FlashGet\jc_all.htm, N/A>
[导出到 Microsoft Office Excel(&X)]
  <res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000, N/A>

==================================
正在运行的进程
[PID: 364][\SystemRoot\System32\smss.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 592][\??\C:\windows\system32\csrss.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 616][\??\C:\WINDOWS\system32\winlogon.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 660][C:\windows\system32\services.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 672][C:\windows\system32\lsass.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 824][C:\windows\system32\svchost.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 888][C:\windows\system32\svchost.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 980][C:\windows\System32\svchost.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 1028][C:\windows\system32\svchost.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 1136][C:\windows\system32\svchost.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 1484][C:\windows\system32\spoolsv.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
    [C:\windows\system32\fppmon2.dll]  [FinePrint Software, LLC, 2.10]
    [C:\windows\system32\fppr232.dll]  [FinePrint Software, LLC, 2.10]
[PID: 1504][C:\windows\Explorer.EXE]  [Microsoft Corporation, 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)]
    [C:\windows\system32\tdll.dll]  [N/A, N/A]
    [C:\Program Files\Alwil Software\Avast4\AhJsctNs.dll]  [ALWIL Software, 4, 7, 889, 0]
[PID: 1672][C:\WINDOWS\system32\hkcmd.exe]  [Intel Corporation, 3.0.0.3889]
    [C:\WINDOWS\system32\hccutils.DLL]  [Intel Corporation, 3.0.0.3889]
    [C:\WINDOWS\system32\igfxdev.dll]  [Intel Corporation, 3.0.0.3889]
    [C:\WINDOWS\system32\igfxsrvc.dll]  [Intel Corporation, 3.0.0.3889]
    [C:\WINDOWS\system32\igfxhk.dll]  [Intel Corporation, 3.0.0.3889]
    [C:\WINDOWS\system32\igfxres.dll]  [Intel Corporation, 3.0.0.3889]
    [C:\windows\system32\tdll.dll]  [N/A, N/A]
[PID: 1680][C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe]  [N/A, 5, 0, 0, 0]
    [C:\PROGRA~1\ALWILS~1\Avast4\aswCmnOS.dll]  [ALWIL Software, 4, 7, 889, 0]
    [C:\PROGRA~1\ALWILS~1\Avast4\ashBase.dll]  [ALWIL Software, 4, 7, 889, 0]
    [C:\PROGRA~1\ALWILS~1\Avast4\aswCmnB.dll]  [ALWIL Software, 4, 7, 889, 0]
    [C:\PROGRA~1\ALWILS~1\Avast4\aswCmnS.dll]  [ALWIL Software, 4, 7, 889, 0]
    [C:\PROGRA~1\ALWILS~1\Avast4\ashTask.dll]  [ALWIL Software, 4, 7, 889, 0]
    [C:\PROGRA~1\ALWILS~1\Avast4\aswAux.dll]  [ALWIL Software, 4, 7, 889, 0]
    [C:\PROGRA~1\ALWILS~1\Avast4\Aavm4h.dll]  [ALWIL Software, 4, 7, 889, 0]
    [C:\Program Files\Alwil Software\Avast4\ChineseS\Base.dll]  [ALWIL Software, 4, 7, 889, 0]
    [C:\Program Files\Alwil Software\Avast4\ChineseS\Lang.dll]  [ALWIL Software, 4, 7, 889, 0]
    [C:\PROGRA~1\ALWILS~1\Avast4\AavmRpch.dll]  [ALWIL Software, 4, 7, 889, 0]
    [C:\windows\system32\tdll.dll]  [N/A, N/A]
    [c:\program files\alwil software\avast4\ahruistd.dll]  [ALWIL Software, 4, 7, 889, 0]
    [C:\PROGRA~1\ALWILS~1\Avast4\ashUInt.dll]  [ALWIL Software, 4, 7, 889, 0]
    [C:\PROGRA~1\ALWILS~1\Avast4\XT1922.dll]  [Codejock Software, 1, 9, 4, 0]
    [c:\program files\alwil software\avast4\ahruiws.dll]  [ALWIL Software, 4, 7, 889, 0]
    [c:\program files\alwil software\avast4\ahruijs.dll]  [N/A, 4, 7, 889, 0]
    [c:\program files\alwil software\avast4\ahruimai.dll]  [ALWIL Software, 4, 7, 889, 0]
    [c:\program files\alwil software\avast4\ahruimes.dll]  [ALWIL Software, 4, 7, 889, 0]
    [c:\program files\alwil software\avast4\ahruins.dll]  [ALWIL Software, 4, 7, 889, 0]
    [c:\program files\alwil software\avast4\ahruiout.dll]  [ALWIL Software, 4, 7, 889, 0]
    [c:\program files\alwil software\avast4\ahruip2p.dll]  [ALWIL Software, 4, 7, 889, 0]
    [C:\Program Files\Alwil Software\Avast4\AhJsctNs.dll]  [ALWIL Software, 4, 7, 889, 0]
gototop
 
如影随行1
头像
初生襁褓狮
  • 帖子:50
  • 注册: 2006-10-11
  • 来自:
发表于: 2006-10-12 12:34 | 只看楼主 短消息 资料
字号: 16楼

[C:\windows\system32\dllwm.dll]  [N/A, N/A]
[PID: 1696][C:\windows\system32\ctfmon.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
    [C:\windows\system32\tdll.dll]  [N/A, N/A]
[PID: 1920][C:\windows\system32\conime.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
    [C:\windows\system32\tdll.dll]  [N/A, N/A]
[PID: 1984][C:\windows\1Sy.exe]  [N/A, N/A]
    [C:\windows\system32\tdll.dll]  [N/A, N/A]
[PID: 148][C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe]  [N/A, N/A]
    [C:\Program Files\Alwil Software\Avast4\aswCmnS.dll]  [ALWIL Software, 4, 7, 889, 0]
    [C:\Program Files\Alwil Software\Avast4\aswCmnOS.dll]  [ALWIL Software, 4, 7, 889, 0]
    [C:\Program Files\Alwil Software\Avast4\aswCmnB.dll]  [ALWIL Software, 4, 7, 889, 0]
[PID: 164][C:\Program Files\Alwil Software\Avast4\ashServ.exe]  [N/A, 4, 7, 889, 0]
    [C:\Program Files\Alwil Software\Avast4\aswAux.dll]  [ALWIL Software, 4, 7, 889, 0]
    [C:\Program Files\Alwil Software\Avast4\aswCmnB.dll]  [ALWIL Software, 4, 7, 889, 0]
    [C:\Program Files\Alwil Software\Avast4\aswCmnOS.dll]  [ALWIL Software, 4, 7, 889, 0]
    [C:\Program Files\Alwil Software\Avast4\aswEngin.dll]  [ALWIL Software, 4, 7, 892, 0]
    [C:\Program Files\Alwil Software\Avast4\aswScan.dll]  [ALWIL Software, 4, 7, 889, 0]
    [C:\Program Files\Alwil Software\Avast4\aswCmnS.dll]  [ALWIL Software, 4, 7, 889, 0]
    [C:\Program Files\Alwil Software\Avast4\ashBase.dll]  [ALWIL Software, 4, 7, 889, 0]
    [C:\Program Files\Alwil Software\Avast4\ashTask.dll]  [ALWIL Software, 4, 7, 889, 0]
    [C:\Program Files\Alwil Software\Avast4\aswInteg.dll]  [ALWIL Software, 4, 7, 889, 0]
    [C:\Program Files\Alwil Software\Avast4\aswIdle.dll]  [ALWIL Software, 4, 7, 889, 0]
    [C:\Program Files\Alwil Software\Avast4\Aavm4h.dll]  [ALWIL Software, 4, 7, 889, 0]
    [C:\Program Files\Alwil Software\Avast4\ChineseS\Base.dll]  [ALWIL Software, 4, 7, 889, 0]
    [C:\Program Files\Alwil Software\Avast4\UNACEV2.DLL]  [N/A, N/A]
    [C:\Program Files\Alwil Software\Avast4\AhResStd.dll]  [ALWIL Software, 4, 7, 889, 0]
    [C:\Program Files\Alwil Software\Avast4\AhResWS.dll]  [ALWIL Software, 4, 7, 889, 0]
    [C:\Program Files\Alwil Software\Avast4\AhResJs.dll]  [ALWIL Software, 4, 7, 889, 0]
    [C:\Program Files\Alwil Software\Avast4\AhResMai.dll]  [ALWIL Software, 4, 7, 889, 0]
    [C:\Program Files\Alwil Software\Avast4\ahResMes.dll]  [ALWIL Software, 4, 7, 889, 0]
    [C:\Program Files\Alwil Software\Avast4\AhResNS.dll]  [ALWIL Software, 4, 7, 889, 0]
    [C:\Program Files\Alwil Software\Avast4\AhResOut.dll]  [ALWIL Software, 4, 7, 889, 0]
    [C:\Program Files\Alwil Software\Avast4\ahResP2P.dll]  [ALWIL Software, 4, 7, 889, 0]
    [C:\Program Files\Alwil Software\Avast4\ashSSqlt.dll]  [ALWIL Software, 4, 6, 763, 0]
    [C:\Program Files\Alwil Software\Avast4\AhJsctNs.dll]  [ALWIL Software, 4, 7, 889, 0]
    [C:\Program Files\Alwil Software\Avast4\aswRes.dll]  [ALWIL Software, 4, 7, 889, 0]
[PID: 468][C:\Program Files\svhost32.exe]  [N/A, N/A]
    [C:\windows\system32\dllwm.dll]  [N/A, N/A]
    [C:\windows\system32\tdll.dll]  [N/A, N/A]
[PID: 576][C:\windows\system32\svchost.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 1300][C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe]  [ALWIL Software, 4, 7, 889, 0]
    [C:\Program Files\Alwil Software\Avast4\ashUInt.dll]  [ALWIL Software, 4, 7, 889, 0]
    [C:\Program Files\Alwil Software\Avast4\ashBase.dll]  [ALWIL Software, 4, 7, 889, 0]
    [C:\Program Files\Alwil Software\Avast4\aswCmnOS.dll]  [ALWIL Software, 4, 7, 889, 0]
    [C:\Program Files\Alwil Software\Avast4\aswCmnB.dll]  [ALWIL Software, 4, 7, 889, 0]
    [C:\Program Files\Alwil Software\Avast4\aswCmnS.dll]  [ALWIL Software, 4, 7, 889, 0]
    [C:\Program Files\Alwil Software\Avast4\XT1922.dll]  [Codejock Software, 1, 9, 4, 0]
    [C:\Program Files\Alwil Software\Avast4\Aavm4h.dll]  [ALWIL Software, 4, 7, 889, 0]
    [C:\Program Files\Alwil Software\Avast4\ashTask.dll]  [ALWIL Software, 4, 7, 889, 0]
    [C:\Program Files\Alwil Software\Avast4\aswAux.dll]  [ALWIL Software, 4, 7, 889, 0]
    [C:\Program Files\Alwil Software\Avast4\AhResMai.dll]  [ALWIL Software, 4, 7, 889, 0]
    [C:\Program Files\Alwil Software\Avast4\ChineseS\Base.dll]  [ALWIL Software, 4, 7, 889, 0]
    [C:\Program Files\Alwil Software\Avast4\aswEngin.dll]  [ALWIL Software, 4, 7, 892, 0]
    [C:\Program Files\Alwil Software\Avast4\aswScan.dll]  [ALWIL Software, 4, 7, 889, 0]
    [C:\Program Files\Alwil Software\Avast4\ChineseS\Lang.dll]  [ALWIL Software, 4, 7, 889, 0]
    [C:\Program Files\Alwil Software\Avast4\ChineseS\langmai.dll]  [ALWIL Software, 4, 7, 889, 0]
    [C:\Program Files\Alwil Software\Avast4\AhJsctNs.dll]  [ALWIL Software, 4, 7, 889, 0]
[PID: 1316][C:\Program Files\Alwil Software\Avast4\ashWebSv.exe]  [ALWIL Software, 4, 7, 889, 0]
    [C:\Program Files\Alwil Software\Avast4\ashBase.dll]  [ALWIL Software, 4, 7, 889, 0]
    [C:\Program Files\Alwil Software\Avast4\aswCmnOS.dll]  [ALWIL Software, 4, 7, 889, 0]
    [C:\Program Files\Alwil Software\Avast4\aswCmnB.dll]  [ALWIL Software, 4, 7, 889, 0]
    [C:\Program Files\Alwil Software\Avast4\aswCmnS.dll]  [ALWIL Software, 4, 7, 889, 0]
    [C:\Program Files\Alwil Software\Avast4\Aavm4h.dll]  [ALWIL Software, 4, 7, 889, 0]
    [C:\Program Files\Alwil Software\Avast4\ashTask.dll]  [ALWIL Software, 4, 7, 889, 0]
    [C:\Program Files\Alwil Software\Avast4\aswAux.dll]  [ALWIL Software, 4, 7, 889, 0]
    [C:\Program Files\Alwil Software\Avast4\ChineseS\Base.dll]  [ALWIL Software, 4, 7, 889, 0]
    [C:\Program Files\Alwil Software\Avast4\ashWsFtr.dll]  [ALWIL Software, 4, 7, 889, 0]
    [C:\Program Files\Alwil Software\Avast4\aswScan.dll]  [ALWIL Software, 4, 7, 889, 0]
    [C:\PROGRA~1\ALWILS~1\Avast4\AhResWs.dll]  [ALWIL Software, 4, 7, 889, 0]
    [C:\Program Files\Alwil Software\Avast4\aswEngin.dll]  [ALWIL Software, 4, 7, 892, 0]
[PID: 2176][C:\windows\System32\alg.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 2456][C:\windows\system32\wuauclt.exe]  [Microsoft Corporation, 5.8.0.2469 built by: lab01_n(wmbla)]
[PID: 2616][C:\windows\system32\wuauclt.exe]  [Microsoft Corporation, 5.8.0.2469 built by: lab01_n(wmbla)]
    [C:\Program Files\Alwil Software\Avast4\AhJsctNs.dll]  [ALWIL Software, 4, 7, 889, 0]
[PID: 2644][C:\Documents and Settings\Owner\桌面\SREng\SREng.exe]  [Smallfrogs Studio, 2.2.6.605]
    [C:\Program Files\Alwil Software\Avast4\AhJsctNs.dll]  [ALWIL Software, 4, 7, 889, 0]
    [C:\windows\system32\tdll.dll]  [N/A, N/A]

==================================
文件关联
.TXT  OK. [%SystemRoot%\system32\NOTEPAD.EXE %1]
.EXE  OK. ["%1" %*]
.COM  OK. ["%1" %*]
.PIF  OK. ["%1" %*]
.REG  OK. [regedit.exe "%1"]
.BAT  OK. ["%1" %*]
.SCR  OK. ["%1" /S]
.CHM  OK. ["C:\windows\hh.exe" %1]
.HLP  OK. [%SystemRoot%\system32\winhlp32.exe %1]
.INI  OK. [%SystemRoot%\system32\NOTEPAD.EXE %1]
.INF  OK. [%SystemRoot%\system32\NOTEPAD.EXE %1]
.VBS  OK. [%SystemRoot%\System32\WScript.exe "%1" %*]
.JS  OK. [%SystemRoot%\System32\WScript.exe "%1" %*]
.LNK  OK. [{00021401-0000-0000-C000-000000000046}]

==================================
Winsock 提供者
N/A

==================================
Autorun.inf
N/A

==================================
HOSTS 文件
127.0.0.1      localhost

==================================
gototop
 
如影随行1
头像
初生襁褓狮
  • 帖子:50
  • 注册: 2006-10-11
  • 来自:
发表于: 2006-10-12 12:36 | 只看楼主 短消息 资料
字号: 17楼

此为在上面这个日志前启动进安全模式下的日志


006-10-12,12:03:59

System Repair Engineer 2.2.6.605
Smallfrogs (http://www.KZTechs.com)

Windows XP Home Edition Service Pack 2 (Build 2600)
- 管理权限用户 - 完整功能

以下内容被选中:
    所有的启动项目(包括注册表、启动文件夹、服务等)
    浏览器加载项
    正在运行的进程(包括进程模块信息)
    文件关联
    Winsock 提供者
    Autorun.inf
    HOSTS 文件


启动项目
注册表
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
    <ctfmon.exe><C:\windows\system32\ctfmon.exe>  [(Verified)Microsoft Corporation]
[HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows]
    <load><C:\windows\rundl132.exe>  []
    <run><>  [N/A]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
    <IMJPMIG8.1><"C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32>  [(Verified)Microsoft Corporation]
    <PHIME2002ASync><C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC>  [(Verified)Microsoft Corporation]
    <PHIME2002A><C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName>  [(Verified)Microsoft Corporation]
    <SoundMAXPnP><C:\Program Files\Analog Devices\Core\smax4pnp.exe>  [N/A]
    <IgfxTray><C:\WINDOWS\system32\igfxtray.exe>  [(Verified)Intel Corporation]
    <HotKeysCmds><C:\WINDOWS\system32\hkcmd.exe>  [(Verified)Intel Corporation]
    <avast!><C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe>  [(Verified)N/A]
    <IMSCMig><; C:\PROGRA~1\COMMON~1\MICROS~1\IME\IMSC40A\IMSCMIG.EXE /Preload>  [(Verified)Microsoft Corporation]
    <pdfFactory Pro 分配器 v2><"C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\fppdis2a.exe" /runonce>  [FinePrint Software, LLC]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
    <shell><Explorer.exe>  [(Verified)Microsoft Corporation]
    <Userinit><C:\windows\system32\userinit.exe,>  [(Verified)Microsoft Corporation]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Windows]
    <AppInit_DLLs><>  [N/A]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
    <UIHost><logonui.exe>  [(Verified)Microsoft Corporation]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
    <{AEB6717E-7E19-11d0-97EE-00C04FD91972}><shell32.dll>  [(Verified)Microsoft Corporation]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
    <PostBootReminder><%SystemRoot%\system32\SHELL32.dll>  [(Verified)Microsoft Corporation]
    <CDBurn><%SystemRoot%\system32\SHELL32.dll>  [(Verified)Microsoft Corporation]
    <WebCheck><%SystemRoot%\system32\webcheck.dll>  [(Verified)Microsoft Corporation]
    <SysTray><C:\WINDOWS\system32\stobject.dll>  [(Verified)Microsoft Corporation]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\crypt32chain]
    <WinlogonNotify: crypt32chain><crypt32.dll>  [(Verified)Microsoft Corporation]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\cryptnet]
    <WinlogonNotify: cryptnet><cryptnet.dll>  [(Verified)Microsoft Corporation]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\cscdll]
    <WinlogonNotify: cscdll><cscdll.dll>  [(Verified)Microsoft Corporation]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ScCertProp]
    <WinlogonNotify: ScCertProp><wlnotify.dll>  [(Verified)Microsoft Corporation]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\Schedule]
    <WinlogonNotify: Schedule><wlnotify.dll>  [(Verified)Microsoft Corporation]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\sclgntfy]
    <WinlogonNotify: sclgntfy><sclgntfy.dll>  [(Verified)Microsoft Corporation]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\SensLogn]
    <WinlogonNotify: SensLogn><WlNotify.dll>  [(Verified)Microsoft Corporation]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\termsrv]
    <WinlogonNotify: termsrv><wlnotify.dll>  [(Verified)Microsoft Corporation]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\wlballoon]
    <WinlogonNotify: wlballoon><wlnotify.dll>  [(Verified)Microsoft Corporation]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler]
    <{438755C2-A8BA-11D1-B96B-00A0C90312E1}><%SystemRoot%\system32\browseui.dll>  [(Verified)Microsoft Corporation]
    <{8C7461EF-2B13-11d2-BE35-3078302C2030}><%SystemRoot%\system32\browseui.dll>  [(Verified)Microsoft Corporation]
[HKEY_CURRENT_USER\Control Panel\Desktop]
    <SCRNSAVE.EXE><C:\WINDOWS\System32\logon.scr>  [(Verified)Microsoft Corporation]

==================================
启动文件夹
N/A

==================================
服务
[avast! iAVS4 Control Service / aswUpdSv]
  <"C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe"><N/A>
[avast! Antivirus / avast! Antivirus]
  <"C:\Program Files\Alwil Software\Avast4\ashServ.exe"><N/A>
[avast! Mail Scanner / avast! Mail Scanner]
  <"C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service><ALWIL Software>
[avast! Web Scanner / avast! Web Scanner]
  <"C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service><ALWIL Software>

==================================
驱动程序
[avast! Asynchronous Virus Monitor / Aavmker4]
  <C:\windows\SYSTEM32\DRIVERS\Aavmker4.SYS><ALWIL Software>
[avast! Standard Shield Support / aswMon2]
  <C:\windows\SYSTEM32\DRIVERS\aswMon2.SYS><ALWIL Software>
[aswRdr / aswRdr]
  <C:\windows\SYSTEM32\DRIVERS\aswRdr.SYS><ALWIL Software>
[avast! Network Shield Support / aswTdi]
  <C:\windows\SYSTEM32\DRIVERS\aswTdi.SYS><ALWIL Software>
[Broadcom 440x 10/100 Integrated Controller XP Driver / bcm4sbxp]
  <system32\DRIVERS\bcm4sbxp.sys><Broadcom Corporation>
[cmswpy49 / cmswpy49]
  <\??\C:\WINDOWS\system32\drivers\cmswpy49.sys><Microsoft Corporation>
[ialm / ialm]
  <system32\DRIVERS\ialmnt5.sys><Intel Corporation>
[OMCI / OMCI]
  <\SystemRoot\SYSTEM32\DRIVERS\OMCI.SYS><Dell Computer Corporation>
[Direct Parallel Link Driver / Ptilink]
  <system32\DRIVERS\ptilink.sys><Parallel Technologies, Inc.>
[senfilt / senfilt]
  <system32\drivers\senfilt.sys><Creative Technology Ltd.>
[uamlif18 / uamlif18]
  <\??\C:\WINDOWS\system32\drivers\uamlif18.sys><Microsoft Corporation>

==================================
浏览器加载项
[Shockwave Flash Object]
  {D27CDB6E-AE6D-11CF-96B8-444553540000} <C:\WINDOWS\system32\Macromed\Flash\Flash9.ocx, Adobe Systems, Inc.>
[HTML Document]
  {25336920-03F9-11CF-8FD0-00AA00686F13} <%SystemRoot%\system32\mshtml.dll, N/A>
[Active Desktop Mover]
  {72267F6A-A6F9-11D0-BC94-00C04FB67863} <%SystemRoot%\system32\SHELL32.dll, N/A>
[eqiso Toolbar]
  {B7D3E479-CC68-42B5-A338-938ECE35F419} <C:\Program Files\EqisoToolbar\eqiso.dll, N/A>
[AUDIO__X_MS_WMA Moniker Class]
  {CD3AFA84-B84F-48F0-9393-7EDC34128127} <C:\WINDOWS\system32\wmp.dll, Microsoft Corporation>
[Shockwave Flash Object]
  {D27CDB6E-AE6D-11CF-96B8-444553540000} <C:\WINDOWS\system32\Macromed\Flash\Flash9.ocx, Adobe Systems, Inc.>
[使用网际快车下载]
  <C:\Program Files\FlashGet\jc_link.htm, N/A>
[使用网际快车下载全部链接]
  <C:\Program Files\FlashGet\jc_all.htm, N/A>
[导出到 Microsoft Office Excel(&X)]
  <res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000, N/A>

==================================
正在运行的进程
[PID: 132][\SystemRoot\System32\smss.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 188][\??\C:\windows\system32\csrss.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 212][\??\C:\WINDOWS\system32\winlogon.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 256][C:\windows\system32\services.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 268][C:\windows\system32\lsass.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 400][C:\windows\system32\svchost.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 464][C:\windows\system32\svchost.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 520][C:\windows\system32\svchost.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 728][C:\windows\Explorer.EXE]  [Microsoft Corporation, 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)]
    [C:\windows\system32\msdmo.dll]  [N/A, N/A]
    [C:\Program Files\WinRAR\rarext.dll]  [N/A, N/A]
    [C:\Program Files\Alwil Software\Avast4\ashShell.dll]  [ALWIL Software, 4, 7, 889, 0]
[PID: 960][C:\windows\system32\conime.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 1084][C:\Documents and Settings\Owner\桌面\SREng\SREng.exe]  [Smallfrogs Studio, 2.2.6.605]

==================================
文件关联
.TXT  OK. [%SystemRoot%\system32\NOTEPAD.EXE %1]
.EXE  OK. ["%1" %*]
.COM  OK. ["%1" %*]
.PIF  OK. ["%1" %*]
.REG  OK. [regedit.exe "%1"]
.BAT  OK. ["%1" %*]
.SCR  OK. ["%1" /S]
.CHM  OK. ["C:\windows\hh.exe" %1]
.HLP  OK. [%SystemRoot%\system32\winhlp32.exe %1]
.INI  OK. [%SystemRoot%\system32\NOTEPAD.EXE %1]
.INF  OK. [%SystemRoot%\system32\NOTEPAD.EXE %1]
.VBS  OK. [%SystemRoot%\System32\WScript.exe "%1" %*]
.JS  OK. [%SystemRoot%\System32\WScript.exe "%1" %*]
.LNK  OK. [{00021401-0000-0000-C000-000000000046}]

==================================
Winsock 提供者
N/A

==================================
Autorun.inf
N/A

==================================
HOSTS 文件
127.0.0.1      localhost

==================================
gototop
 
如影随行1
头像
初生襁褓狮
  • 帖子:50
  • 注册: 2006-10-11
  • 来自:
发表于: 2006-10-12 12:58 | 只看楼主 短消息 资料
字号: 18楼

进安全模式后没有任何操作,在进安全模式前试图用Icesword 模块分析找到explore.exe 中的dll.dll中断,然后删除,结果未果

解决2个winlogon问题后,短时正常,后avast报告发现病毒,并有访问外部网站病毒

2006-10-10 12:15:37Owner160Sign of "Win32:Trojano-DF [Trj]" has been found in "c:\program files\3721\ske\wmpns.dll" file.
2006-10-10 13:59:42Owner460Sign of "Win32:Adware-gen. [Adw]" has been found in "C:\WINDOWS\system32\mssv132.exe" file.
2006-10-10 14:02:10Owner460Sign of "Win32:Agent-BRC [Trj]" has been found in "C:\WINDOWS\Setup_YH0017.exe\[ASPack]" file.
2006-10-10 14:07:00Owner460Sign of "Win32:QQpass-BM [Trj]" has been found in "C:\Program Files\Internet Explorer\PLUGINS\system16.sys\[UPX]" file.
2006-10-10 14:07:16Owner460Sign of "Win32:Lmir-BI [Trj]" has been found in "C:\Program Files\Internet Explorer\boot3.exe\[NsPack]" file.
2006-10-10 14:09:48Owner460Sign of "Win32:Spyware-gen. [Trj]" has been found in "C:\Program Files\SearchCar\SearchCar.dll" file.
2006-10-10 14:11:14Owner460Sign of "Win32:Trojano-DF [Trj]" has been found in "C:\Program Files\3721\ske\wmpns.dll" file.
2006-10-10 14:11:20Owner460Sign of "Win32:Trojano-DF [Trj]" has been found in "C:\Program Files\3721\ske\wmpns.cab\wmpns.dll" file.
2006-10-10 14:11:25Owner460Sign of "Win32:Trojano-DF [Trj]" has been found in "C:\Program Files\3721\ske\snpmw.dll" file.
2006-10-10 15:28:11Owner1948Sign of "Win32:StartPage-189 [Trj]" has been found in "C:\Documents and Settings\Owner\桌面\RegClean.com" file.
2006-10-11 9:04:10SYSTEM192Sign of "Win32:Agent-BQC [Trj]" has been found in "C:\Program Files\ProcView32\cnnic.exe" file.
2006-10-11 9:10:03SYSTEM192Sign of "Win32:Delf-YQ [Trj]" has been found in "http://www.wangyou315.com/xiazai/down.exe" file.
2006-10-11 11:14:47SYSTEM292Sign of "Win32:Lineage-318 [Trj]" has been found in "C:\Documents and Settings\Owner\Local Settings\Temporary Internet Files\Content.IE5\IV5LD5WU\rxjh[1].exe\[UPX]" file.
2006-10-11 11:15:43SYSTEM292Sign of "Win32:Lineage-318 [Trj]" has been found in "C:\WINDOWS\1Sy.exe\[UPX]" file.
2006-10-11 11:16:17SYSTEM292Sign of "Win32:Delf-YQ [Trj]" has been found in "http://www.wangyou315.com/xiazai/down.exe" file.
2006-10-11 11:32:37SYSTEM292Sign of "Win32:QQpass-X [Trj]" has been found in "C:\WINDOWS\system32\msdll.dll" file.
2006-10-11 11:32:45SYSTEM292Sign of "Win32:Lineage-351 [Trj]" has been found in "C:\Documents and Settings\Owner\Local Settings\Temporary Internet Files\Content.IE5\MNZTSSPG\wm[1].exe\[Upack]" file.
2006-10-11 11:34:17SYSTEM292Sign of "Win32:Lineage-351 [Trj]" has been found in "C:\WINDOWS\4Sy.exe\[Upack]" file.
2006-10-11 11:34:17SYSTEM292Sign of "Win32:Lineage-351 [Trj]" has been found in "C:\WINDOWS\4Sy.exe\[Upack]" file.
2006-10-11 11:39:01SYSTEM308Sign of "Win32:QQpass-X [Trj]" has been found in "C:\WINDOWS\system32\msdll.dll" file.
2006-10-11 11:41:30SYSTEM308Sign of "Win32:QQpass-X [Trj]" has been found in "C:\WINDOWS\system32\msdll.dll" file.
2006-10-11 11:41:41SYSTEM308Sign of "Win32:QQpass-X [Trj]" has been found in "C:\WINDOWS\system32\msdll.dll" file.
2006-10-11 11:41:44SYSTEM308Sign of "Win32:QQpass-X [Trj]" has been found in "C:\WINDOWS\system32\msdll.dll" file.
2006-10-11 11:42:55SYSTEM308Sign of "Win32:QQpass-X [Trj]" has been found in "C:\WINDOWS\system32\msdll.dll" file.
2006-10-11 13:33:15Owner1976Sign of "Win32:Downloader-CR [Trj]" has been found in "c:\documents and settings\owner\桌面\trojan.psw.misc.gen专杀.exe\[ASPack]" file.
2006-10-11 13:43:35Owner1600Sign of "Win32:Agent-BRC [Trj]" has been found in "C:\WINDOWS\Setup_YH0017.exe\[ASPack]" file.
2006-10-11 15:34:52Owner388Sign of "Win32:Lineage-318 [Trj]" has been found in "C:\Documents and Settings\Owner\Local Settings\Temporary Internet Files\Content.IE5\CDQ74D2V\rxjh[1].exe\[UPX]" file.
2006-10-11 15:35:06Owner388Sign of "Win32:Netsky-AF [Wrm]" has been found in "传入邮件 'Mail Delivery (failure wj@rufn88.com)' 起: jrpark@poskom.co.kr, 止: wj@rufn88.com\message.scr#3326862776" file.
2006-10-11 15:35:18Owner388Sign of "Win32:Netsky-AF [Wrm]" has been found in "传入邮件 'Mail Delivery (failure wj@rufn88.com)' 起: slcksh@foa.go.kr, 止: wj@rufn88.com\message.scr#3326862776" file.
2006-10-11 15:37:55Owner388Sign of "Win32:Lineage-318 [Trj]" has been found in "C:\WINDOWS\1Sy.exe\[UPX]" file.
2006-10-11 15:38:49Owner388Sign of "Win32:Lineage-318 [Trj]" has been found in "C:\WINDOWS\1Sy.exe\[UPX]" file.
2006-10-11 15:39:20Owner388Sign of "Win32:Plunix-D [Trj]" has been found in "C:\Documents and Settings\Owner\桌面\tools virus\灰鸽子清除器B3.exe\[NsPack]" file.
2006-10-11 15:40:14Owner388Sign of "Win32:Downloader-CR [Trj]" has been found in "C:\Documents and Settings\Owner\桌面\tools virus\Trojan.PSW.Misc.Gen专杀.exe\[ASPack]" file.
2006-10-11 17:19:56SYSTEM224Sign of "Win32:Small-CAW [Trj]" has been found in "http://ma.98joy.com/40143.exe" file.
2006-10-11 17:20:14SYSTEM224Sign of "Win32:Tiny-BT [Trj]" has been found in "http://www.9000music.com/a/a.exe" file.

gototop
 
如影随行1
头像
初生襁褓狮
  • 帖子:50
  • 注册: 2006-10-11
  • 来自:
发表于: 2006-10-12 12:59 | 只看楼主 短消息 资料
字号: 19楼

2006-10-11 15:35:06Owner388Sign of "Win32:Netsky-AF [Wrm]" has been found in "传入邮件 'Mail Delivery (failure wj@rufn88.com)' 起: jrpark@poskom.co.kr, 止: wj@rufn88.com\message.scr#3326862776" file.
2006-10-11 15:35:18Owner388Sign of "Win32:Netsky-AF [Wrm]" has been found in "传入邮件 'Mail Delivery (failure wj@rufn88.com)' 起: slcksh@foa.go.kr, 止: wj@rufn88.com\message.scr#3326862776" file.
2006-10-11 15:37:55Owner388Sign of "Win32:Lineage-318 [Trj]" has been found in "C:\WINDOWS\1Sy.exe\[UPX]" file.
2006-10-11 15:38:49Owner388Sign of "Win32:Lineage-318 [Trj]" has been found in "C:\WINDOWS\1Sy.exe\[UPX]" file.
2006-10-11 15:39:20Owner388Sign of "Win32:Plunix-D [Trj]" has been found in "C:\Documents and Settings\Owner\桌面\tools virus\灰鸽子清除器B3.exe\[NsPack]" file.
2006-10-11 15:40:14Owner388Sign of "Win32:Downloader-CR [Trj]" has been found in "C:\Documents and Settings\Owner\桌面\tools virus\Trojan.PSW.Misc.Gen专杀.exe\[ASPack]" file.
2006-10-11 17:19:56SYSTEM224Sign of "Win32:Small-CAW [Trj]" has been found in "http://ma.98joy.com/40143.exe" file.
2006-10-11 17:20:14SYSTEM224Sign of "Win32:Tiny-BT [Trj]" has been found in "http://www.9000music.com/a/a.exe" file.
2006-10-11 17:20:19SYSTEM224Sign of "Win32:Wow-AK [Trj]" has been found in "C:\Documents and Settings\LocalService.NT AUTHORITY\Local Settings\Temporary Internet Files\Content.IE5\QLIVBME8\dll1[1].exe\[FSG]" file.
2006-10-11 17:22:23SYSTEM224Sign of "Win32:Delf-APJ [Trj]" has been found in "C:\Documents and Settings\LocalService.NT AUTHORITY\Local Settings\Temporary Internet Files\Content.IE5\VFX4ZMKM\dll2[1].exe" file.
2006-10-11 17:22:26SYSTEM224Sign of "Win32:Delf-APJ [Trj]" has been found in "C:\Documents and Settings\LocalService.NT AUTHORITY\Local Settings\Temporary Internet Files\Content.IE5\G9YRW5EJ\dll2[1].exe" file.
2006-10-11 17:22:35SYSTEM224Sign of "Win32:Delf-APJ [Trj]" has been found in "C:\Documents and Settings\LocalService.NT AUTHORITY\Local Settings\Temporary Internet Files\Content.IE5\C5YZCXQB\dll4[1].exe" file.
2006-10-11 17:22:37SYSTEM224Sign of "Win32:Wow-AK [Trj]" has been found in "C:\Program Files\Internet Explorer\dll1.exe\[FSG]" file.
2006-10-11 17:22:41SYSTEM224Sign of "Win32:Delf-APJ [Trj]" has been found in "C:\Program Files\Internet Explorer\dll2.exe" file.
2006-10-11 17:22:44SYSTEM224Sign of "Win32:Delf-APJ [Trj]" has been found in "C:\Program Files\Internet Explorer\dll4.exe" file.
2006-10-11 17:22:46SYSTEM224Sign of "Win32:Delf-APJ [Trj]" has been found in "C:\Documents and Settings\LocalService.NT AUTHORITY\Local Settings\Temporary Internet Files\Content.IE5\G9YRW5EJ\dll2[1].exe" file.
2006-10-11 17:22:46SYSTEM224Sign of "Win32:Delf-APJ [Trj]" has been found in "C:\Program Files\Internet Explorer\dll4.exe" file.
2006-10-11 17:22:47SYSTEM224Sign of "Win32:Delf-APJ [Trj]" has been found in "C:\Program Files\Internet Explorer\dll2.exe" file.
2006-10-11 17:22:47SYSTEM224Sign of "Win32:MianCrypt-gen [Trj]" has been found in "C:\Documents and Settings\LocalService.NT AUTHORITY\Local Settings\Temporary Internet Files\Content.IE5\QLIVBME8\dll5[1].exe" file.
2006-10-11 17:23:01SYSTEM224Sign of "Win32:Delf-APJ [Trj]" has been found in "C:\Program Files\Internet Explorer\dll2.exe" file.
2006-10-11 17:23:06SYSTEM224Sign of "Win32:MianCrypt-gen [Trj]" has been found in "C:\Program Files\Internet Explorer\dll5.exe" file.
2006-10-11 17:23:18SYSTEM224Sign of "Win32:Delf-APJ [Trj]" has been found in "C:\Program Files\Internet Explorer\dll4.exe" file.
2006-10-11 17:23:22SYSTEM224Sign of "Win32:MianCrypt-gen [Trj]" has been found in "C:\Program Files\Internet Explorer\dll5.exe" file.
2006-10-11 18:44:00Owner3436Sign of "Win32:Lineage-318 [Trj]" has been found in "C:\WINDOWS\1Sy.exe\[UPX]" file.
2006-10-11 18:48:46Owner3436Sign of "Win32:Downloader-CR [Trj]" has been found in "C:\Documents and Settings\Owner\桌面\tools virus\LSASS专杀.rar\Trojan.PSW.Misc.Gen专杀.exe\[ASPack]" file.
2006-10-11 19:25:17SYSTEM232Sign of "Win32:Small-CAW [Trj]" has been found in "C:\windows\system32\drivers\etcdriver\bind_40123.exe" file.
2006-10-11 21:22:27SYSTEM200Sign of "Win32:Small-CAW [Trj]" has been found in "http://ma.98joy.com/40143.exe" file.
2006-10-11 21:22:43SYSTEM200Sign of "Win32:Tiny-BT [Trj]" has been found in "http://www.9000music.com/a/a.exe" file.
2006-10-11 21:22:47SYSTEM200Sign of "Win32:Delf-APJ [Trj]" has been found in "C:\Documents and Settings\LocalService.NT AUTHORITY\Local Settings\Temporary Internet Files\Content.IE5\SLYZK1EV\dll2[2].exe" file.
2006-10-11 21:22:59SYSTEM200Sign of "Win32:Delf-APJ [Trj]" has been found in "C:\Documents and Settings\LocalService.NT AUTHORITY\Local Settings\Temporary Internet Files\Content.IE5\SLYZK1EV\dll2[1].exe" file.
2006-10-11 21:23:03SYSTEM200Sign of "Win32:Wow-AK [Trj]" has been found in "C:\Documents and Settings\LocalService.NT AUTHORITY\Local Settings\Temporary Internet Files\Content.IE5\KGA9VTCC\dll1[1].exe\[FSG]" file.
2006-10-11 21:23:56SYSTEM200Sign of "Win32:Delf-APJ [Trj]" has been found in "C:\Program Files\Internet Explorer\dll2.exe" file.
2006-10-11 21:23:58SYSTEM200Sign of "Win32:Delf-APJ [Trj]" has been found in "C:\Documents and Settings\LocalService.NT AUTHORITY\Local Settings\Temporary Internet Files\Content.IE5\89MJWDU7\dll4[1].exe" file.
2006-10-11 21:24:00SYSTEM200Sign of "Win32:Wow-AK [Trj]" has been found in "C:\Program Files\Internet Explorer\dll1.exe\[FSG]" file.
2006-10-11 21:24:02SYSTEM200Sign of "Win32:Delf-APJ [Trj]" has been found in "C:\Program Files\Internet Explorer\dll2.exe" file.
2006-10-11 21:24:03SYSTEM200Sign of "Win32:Delf-APJ [Trj]" has been found in "C:\Program Files\Internet Explorer\dll4.exe" file.
2006-10-11 21:24:32SYSTEM200Sign of "Win32:Wow-AK [Trj]" has been found in "C:\Program Files\Internet Explorer\dll1.exe\[FSG]" file.
2006-10-11 21:24:37SYSTEM200Sign of "Win32:MianCrypt-gen [Trj]" has been found in "C:\Documents and Settings\LocalService.NT AUTHORITY\Local Settings\Temporary Internet Files\Content.IE5\KGA9VTCC\dll5[1].exe" file.
2006-10-11 21:24:37SYSTEM200Sign of "Win32:Delf-APJ [Trj]" has been found in "C:\Program Files\Internet Explorer\dll4.exe" file.
2006-10-11 21:24:37SYSTEM200Sign of "Win32:MianCrypt-gen [Trj]" has been found in "C:\Program Files\Internet Explorer\dll5.exe" file.
2006-10-11 21:24:37SYSTEM200Sign of "Win32:MianCrypt-gen [Trj]" has been found in "C:\Program Files\Internet Explorer\dll5.exe" file.
2006-10-11 21:24:37SYSTEM200Sign of "Win32:Delf-APJ [Trj]" has been found in "C:\Program Files\Internet Explorer\dll2.exe" file.
2006-10-11 21:24:37SYSTEM200Sign of "Win32:Delf-APJ [Trj]" has been found in "C:\Program Files\Internet Explorer\dll4.exe" file.
2006-10-11 21:24:37SYSTEM200Sign of "Win32:MianCrypt-gen [Trj]" has been found in "C:\Program Files\Internet Explorer\dll5.exe" file.
2006-10-12 10:58:38SYSTEM2008Sign of "Win32:Netsky-AF [Wrm]" has been found in "传入邮件 'Mail Delivery (failure wj@rufn88.com)' 起: lola@sexnet.com, 止: wj@rufn88.com\message.scr#3326862776" file.
2006-10-12 11:05:40SYSTEM2008Sign of "Win32:Lineage-318 [Trj]" has been found in "http://www.wmsjsf.com/image/rxjh.exe\[UPX]" file.
2006-10-12 11:05:54SYSTEM2008Sign of "Win32:Lineage-351 [Trj]" has been found in "http://www.wmsjsf.com/image/wm.exe\[Upack]" file.
2006-10-12 12:06:24SYSTEM164Sign of "Win32:QQpass-X [Trj]" has been found in "C:\windows\system32\dllwm.dll" file.
2006-10-12 12:17:22SYSTEM164Sign of "Win32:Lineage-351 [Trj]" has been found in "C:\progra~1\svhost32.exe\[Upack]" file.
2006-10-12 12:18:48SYSTEM164Sign of "Win32:Lineage-318 [Trj]" has been found in "C:\WINDOWS\1SY.EXE\[UPX]" file.

gototop
 
<<上一主题|下一主题>>
12   2  /  2  页   跳转
页面顶部
Powered by Discuz!NT