瑞星卡卡安全论坛技术交流区反病毒/反流氓软件论坛 难搞的Infostealer,求高手帮忙啊!(有日志)

1   1  /  1  页   跳转

难搞的Infostealer,求高手帮忙啊!(有日志)

收藏
长发方丈
头像
初生襁褓狮
  • 帖子:16
  • 注册: 2006-10-07
  • 来自:
发表于: 2007-03-06 17:32 | 只看楼主 短消息 资料
字号: 1楼

难搞的Infostealer,求高手帮忙啊!(有日志)

每次开机都报病毒(诺顿的):Scan type:  Auto-Protect Scan
Event:  Threat Found!
Threat: Infostealer
File:  C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\qq.exe
Location:  C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp
Computer:  WUXINXIN
User:  wuxx
Action taken:  Clean failed : Quarantine failed : Delete succeeded : Access denied
Date found: 星期二, 三月 06, 2007  5:12:30 下午





[CODE]

2007-03-06,17:14:03

System Repair Engineer 2.3.13.690
Smallfrogs (http://www.KZTechs.com)

Windows XP Professional Service Pack 1 (Build 2600)
- 管理权限用户 - 完整功能

以下内容被选中:
    所有的启动项目(包括注册表、启动文件夹、服务等)
    浏览器加载项
    正在运行的进程(包括进程模块信息)
    文件关联
    Winsock 提供者
    Autorun.inf
    HOSTS 文件


启动项目
注册表
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
    <ctfmon.exe><C:\WINDOWS\System32\ctfmon.exe>  [(Verified)Microsoft Corporation]
    <MsnMsgr><"C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background>  [Microsoft Corporation]
    <eMuleAutoStart><C:\Program Files\eMule\eMule.exe -AutoStart>  [N/A]
    <NetSP - restore settings on power failure><"C:\Program Files\AT&T Network Client\NetSP.exe" -show>  [AT&T]
[HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows]
    <load><>  [N/A]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
    <IMJPMIG8.1><"C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32>  [(Verified)Microsoft Corporation]
    <PHIME2002ASync><C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE /SYNC>  [(Verified)Microsoft Corporation]
    <PHIME2002A><C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE /IMEName>  [(Verified)Microsoft Corporation]
    <MSPY2002><C:\WINDOWS\System32\IME\PINTLGNT\ImScInst.exe /SYNC>  [(Verified)N/A]
    <TrackPointSrv><tp4serv.exe>  [(Verified)IBM Corporation]
    <TPHOTKEY><C:\PROGRA~1\ThinkPad\PkgMgr\HOTKEY\TPHKMGR.exe>  [N/A]
    <TPKMAPMN><C:\Program Files\ThinkPad\Utilities\TpKmapMn.exe>  [N/A]
    <BMMGAG><RunDll32 C:\PROGRA~1\ThinkPad\UTILIT~1\pwrmonit.dll,StartPwrMonitor>  [IBM Corp.]
    <BMMLREF><C:\Program Files\ThinkPad\Utilities\BMMLREF.EXE>  [N/A]
    <C4EBReg><"C:\progra~1\c4ebreg\c4ebreg.exe" /q>  [IBM Global Services]
    <ISSI EZUpdate Service><"c:\sdwork\issimsvc.exe">  [IBM Global Services]
    <IgfxTray><C:\WINDOWS\System32\igfxtray.exe>  [(Verified)Intel Corporation]
    <HotKeysCmds><C:\WINDOWS\System32\hkcmd.exe>  [(Verified)Intel Corporation]
    <TpShocks><TpShocks.exe>  [IBM Corp.]
    <TPKMAPHELPER><C:\Program Files\ThinkPad\Utilities\TpKmapAp.exe -helper>  [IBM Corp.]
    <ccApp><"C:\Program Files\Common Files\Symantec Shared\ccApp.exe">  [(Verified)Symantec Corporation]
    <vptray><C:\PROGRA~1\SYMANT~1\VPTray.exe>  [(Verified)Symantec Corporation]
    <QCWLICON><C:\PROGRA~1\ThinkPad\CONNEC~1\QCWLIcon.exe>  [IBM Corp.]
    <ISAMTray><"C:\progra~1\c4ebreg\isamtray.exe">  [IBM Global Services]
    <KernelFaultCheck><%systemroot%\system32\dumprep 0 -k>  [N/A]
    <Zone Labs Client><"C:\Program Files\Zone Labs\Integrity Client\iclient.exe">  [(Verified)Check Point Inc.]
    <stgclean><c:\sdwork\w32main2.exe /cleanup>  [IBM Global Services]
    <QCTray><C:\PROGRA~1\ThinkPad\CONNEC~1\QCTray.exe>  [IBM Corp.]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run]
    <twin><C:\WINDOWS\System32\twunk32.exe>  [N/A]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
    <shell><Explorer.exe>  [(Verified)Microsoft Corporation]
    <Userinit><C:\WINDOWS\system32\userinit.exe,>  [(Verified)Microsoft Corporation]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Windows]
    <AppInit_DLLs><>  [N/A]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
    <UIHost><logonui.exe>  [(Verified)Microsoft Corporation]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
    <{A6011F8F-A7F8-49AA-9ADA-49127D43138F}><C:\Program Files\Common Files\Microsoft Shared\MSINFO\NewInfo.rxk>  [N/A]
    <{DD7D4640-4464-48C0-82FD-21338366D2D2}><C:\Program Files\Internet Explorer\InfoMs.tdm>  [N/A]
    <{754FB7D8-B8FE-4810-B363-A788CD060F1F}><C:\Program Files\Internet Explorer\PLUGINS\SystemKb.sys>  [N/A]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\atmgrtok]
    <WinlogonNotify: atmgrtok><atmgrtok.dll>  [N/A]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\NavLogon]
    <WinlogonNotify: NavLogon><C:\WINDOWS\System32\NavLogon.dll>  [(Verified)Symantec Corporation]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\pcsinst]
    <WinlogonNotify: pcsinst><pcsinst.dll>  [IBM]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\QConGina]
    <WinlogonNotify: QConGina><QConGina.dll>  [IBM Corp.]

==================================
启动文件夹
N/A

==================================
服务
[ACU Configuration Service / ACS][Running/Manual Start]
  <C:\WINDOWS\System32\acs.exe><N/A>
[AppnNode / AppnNode][Stopped/Manual Start]
  <c:\WINDOWS\System32\Drivers\appnnode.exe><IBM Corporation>
[ASP.NET State Service / aspnet_state][Stopped/Manual Start]
  <C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\aspnet_state.exe><Microsoft Corporation>
[Bluetooth Service / btwdins][Running/Auto Start]
  <C:\Program Files\IBM\Bluetooth Software\bin\btwdins.exe><WIDCOMM, Inc.>
[Symantec Event Manager / ccEvtMgr][Running/Auto Start]
  <"C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe"><Symantec Corporation>
[Symantec Password Validation / ccPwdSvc][Stopped/Manual Start]
  <"C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe"><Symantec Corporation>
[Symantec Settings Manager / ccSetMgr][Running/Auto Start]
  <"C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe"><Symantec Corporation>
[Symantec AntiVirus Definition Watcher / DefWatch][Running/Auto Start]
  <"C:\Program Files\Symantec AntiVirus\DefWatch.exe"><Symantec Corporation>
[Human Interface Device Access / HidServ][Stopped/Disabled]
  <C:\WINDOWS\System32\svchost.exe -k netsvcs-->%SystemRoot%\System32\hidserv.dll><N/A>
[IBM PM Service / IBMPMSVC][Running/Auto Start]
  <C:\WINDOWS\System32\ibmpmsvc.exe><N/A>
[IBM Standard Asset Manager Service / ISAMSvc][Running/Auto Start]
  <C:\progra~1\c4ebreg\c4ebreg.exe><IBM Global Services>
[ISSI EZUpdate / ISSIMon][Running/Auto Start]
  <c:\sdwork\issimsvc.exe><IBM Global Services>
[IBM Enterprise Extender / ldlcserv][Running/Auto Start]
  <c:\WINDOWS\System32\Drivers\ldlcserv.exe><IBM Corporation>
[Machine Debug Manager / MDM][Running/Auto Start]
  <"C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe"><Microsoft Corporation>
[Multi-user Cleanup Service / Multi-user Cleanup Service][Running/Auto Start]
  <C:\Notes\ntmulti.exe><IBM Corp>
[Network Configuration Service / NetCfgSvr][Running/Auto Start]
  <C:\PROGRA~1\AT&TNE~1\NetCfgSv.EXE><AT&T>
[QCONSVC / QCONSVC][Running/Auto Start]
  <System32\QCONSVC.EXE><N/A>
[SavRoam / SavRoam][Stopped/Manual Start]
  <"C:\Program Files\Symantec AntiVirus\SavRoam.exe"><symantec>
[Symantec Network Drivers Service / SNDSrvc][Stopped/Manual Start]
  <"C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe"><Symantec Corporation>
[Symantec AntiVirus / Symantec AntiVirus][Running/Auto Start]
  <"C:\Program Files\Symantec AntiVirus\Rtvscan.exe"><Symantec Corporation>
[IBM KCU Service / TpKmpSVC][Running/Auto Start]
  <C:\WINDOWS\system32\TpKmpSVC.exe><N/A>
[IBM Trace Facility / TrcBoot][Running/Auto Start]
  <c:\WINDOWS\System32\Drivers\trcboot.exe><IBM Corporation>
[TrueVector Internet Monitor / vsmon][Running/Auto Start]
  <C:\WINDOWS\system32\ZoneLabs\vsmon.exe -service><Check Point Inc.>
[WRT Service / WRTService][Running/Auto Start]
  <C:\WINDOWS\WRTService.exe><N/A>

==================================
最后编辑2007-03-06 18:38:40
分享到:
gototop
 
长发方丈
头像
初生襁褓狮
  • 帖子:16
  • 注册: 2006-10-07
  • 来自:
发表于: 2007-03-06 17:36 | 只看楼主 短消息 资料
字号: 2楼

浏览器加载项
[Yahoo! Toolbar Helper]
  {02478D38-C3F9-4EFB-9B51-7695ECA05670} <C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll, Yahoo! Inc.>
[AcroIEHlprObj Class]
  {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} <C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll, Adobe Systems Incorporated>
[]
  {08B0E5C0-4FCB-11CF-AAA5-00401C608501} <C:\WINDOWS\System32\msjava.dll, Microsoft Corporation>
[@btrez.dll,-4015]
  {CCA281CA-C863-46ef-9331-5C8D4460577F} <, N/A>
[电台(&R)]
  {8E718888-423F-11D2-876E-00A0C9082467} <C:\WINDOWS\System32\msdxm.ocx, Microsoft Corporation>
[Yahoo! Toolbar]
  {EF99BD32-C1FB-11D2-892F-0090271D4F88} <C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll, Yahoo! Inc.>
[Edit Class]
  {0CA54D3F-CEAE-48AF-9A2B-31909CB9515D} <C:\WINDOWS\System32\CMBEdit.dll, >
[One Force Compplanner]
  {5F30F398-64B6-4D5B-AF59-164FB61F56A6} <C:\WINDOWS\System32\MSJAVA.DLL, Microsoft Corporation>
[LNWebAssist Class]
  {9519B2A2-6592-4E41-8290-D0298459270C} <C:\WINDOWS\DOWNLO~1\LNWEBA~1.DLL, IBM Corporation>
[Shockwave Flash Object]
  {D27CDB6E-AE6D-11CF-96B8-444553540000} <C:\WINDOWS\system32\Macromed\Flash\Flash9.ocx, Adobe Systems, Inc.>
[发送到 Bluetooth(&B)]
  <C:\Program Files\IBM\Bluetooth Software\btsendto_ie_ctx.htm, N/A>
[导出到 Microsoft Excel(&x)]
  <res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000, N/A>
gototop
 
长发方丈
头像
初生襁褓狮
  • 帖子:16
  • 注册: 2006-10-07
  • 来自:
发表于: 2007-03-06 17:36 | 只看楼主 短消息 资料
字号: 3楼

正在运行的进程
[PID: 776][\SystemRoot\System32\smss.exe]  [Microsoft Corporation, 5.1.2600.1106 (xpsp1.020828-1920)]
[PID: 824][\??\C:\WINDOWS\system32\csrss.exe]  [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)]
[PID: 848][\??\C:\WINDOWS\system32\winlogon.exe]  [Microsoft Corporation, 5.1.2600.1557 (xpsp2_gdr.040517-1325)]
    [c:\Program Files\IBM\Personal Communications\atmgrtok.dll]  [IBM Corporation, 5070.0.3223.68]
    [c:\Program Files\IBM\Personal Communications\MILLUTIL.DLL]  [IBM Corporation, 5070.0.3223.68]
    [C:\WINDOWS\System32\NavLogon.dll]  [Symantec Corporation, 9.0.3.1000]
    [C:\WINDOWS\system32\pcsinst.dll]  [IBM, 1, 0, 0, 1]
[PID: 892][C:\WINDOWS\system32\services.exe]  [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)]
[PID: 904][C:\WINDOWS\system32\lsass.exe]  [Microsoft Corporation, 5.1.2600.1106 (xpsp1.020828-1920)]
[PID: 1056][C:\WINDOWS\System32\ibmpmsvc.exe]  [N/A, N/A]
[PID: 1116][C:\WINDOWS\system32\svchost.exe]  [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)]
    [C:\Program Files\Internet Explorer\InfoMs.tdm]  [N/A, N/A]
[PID: 1248][C:\WINDOWS\System32\svchost.exe]  [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)]
    [C:\Program Files\Zone Labs\Integrity Client\zlxeap.dll]  [Check Point Inc., 6.0.202.000]
[PID: 1556][C:\WINDOWS\System32\svchost.exe]  [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)]
[PID: 1588][C:\WINDOWS\System32\svchost.exe]  [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)]
[PID: 1792][C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe]  [Symantec Corporation, 2.2.2.008]
    [C:\WINDOWS\System32\MSVCP70.dll]  [Microsoft Corporation, 7.00.9466.0]
    [C:\WINDOWS\System32\MSVCR70.dll]  [Microsoft Corporation, 7.00.9466.0]
    [C:\Program Files\Common Files\Symantec Shared\ccVrTrst.dll]  [Symantec Corporation, 2.2.2.008]
[PID: 1816][C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe]  [Symantec Corporation, 2.2.2.008]
    [C:\WINDOWS\System32\MSVCP70.dll]  [Microsoft Corporation, 7.00.9466.0]
    [C:\WINDOWS\System32\MSVCR70.dll]  [Microsoft Corporation, 7.00.9466.0]
    [C:\Program Files\Common Files\Symantec Shared\ccVrTrst.dll]  [Symantec Corporation, 2.2.2.008]
    [C:\PROGRA~1\COMMON~1\SYMANT~1\CCSETEVT.DLL]  [Symantec Corporation, 2.2.2.008]
[PID: 1928][C:\WINDOWS\system32\spoolsv.exe]  [Microsoft Corporation, 5.1.2600.1699 (xpsp2.050610-1533)]
    [C:\WINDOWS\system32\bthcrp.dll]  [WIDCOMM, Inc., 1.4.3 Build 4]
    [C:\WINDOWS\system32\WidcommSdk.dll]  [WIDCOMM, Inc., 1.4.3 Build 4]
    [C:\WINDOWS\system32\wbtapi.dll]  [WIDCOMM, Inc., 1.4.3 Build 4]
    [C:\WINDOWS\system32\CNAB4LMK.DLL]  [CANON INC., 1.02.0.004]
    [C:\WINDOWS\system32\CNAB4SMK.DLL]  [CANON INC., 1.02.0.004]
    [C:\WINDOWS\system32\CNAB4PTU.DLL]  [CANON INC., 1.02.0.004]
    [C:\WINDOWS\system32\selnt.dll]  [N/A, N/A]
    [C:\WINDOWS\system32\pdclntif.dll]  [N/A, N/A]
    [C:\WINDOWS\system32\pdprDlg.dll]  [N/A, N/A]
    [C:\WINDOWS\system32\pdresrc.dll]  [N/A, N/A]
    [C:\WINDOWS\system32\psmmonnt.dll]  [N/A, N/A]
    [C:\WINDOWS\system32\CNAB4EMU.DLL]  [CANON INC., 1.02.0.004]
[PID: 728][c:\WINDOWS\System32\Drivers\trcboot.exe]  [IBM Corporation, 5070.0.3223.68]
[PID: 752][c:\Program Files\IBM\Personal Communications\PCS_AGNT.EXE]  [IBM Corporation, 5070.0.3223.68]
    [c:\Program Files\IBM\Personal Communications\DEFSECUR.DLL]  [IBM Corporation, 5070.0.3223.68]
    [c:\Program Files\IBM\Personal Communications\ATMGRTOK.DLL]  [IBM Corporation, 5070.0.3223.68]
    [c:\Program Files\IBM\Personal Communications\MILLUTIL.DLL]  [IBM Corporation, 5070.0.3223.68]
    [c:\Program Files\IBM\Personal Communications\PCSWLIB.dll]  [IBM Corporation, 5070.0.3223.192]
    [c:\Program Files\IBM\Personal Communications\PCSPREF.dll]  [IBM Corporation, 5070.0.3223.192]
    [c:\Program Files\IBM\Personal Communications\PCSCLIB.dll]  [IBM Corporation, 5070.0.3223.192]
    [c:\Program Files\IBM\Personal Communications\PCSMSG.dll]  [IBM Corporation, 5070.0.3223.192]
    [c:\Program Files\IBM\Personal Communications\PCSW32X.dll]  [IBM Corporation, 5070.0.3223.68]
    [c:\Program Files\IBM\Personal Communications\PCSWLIBI.dll]  [IBM Corporation, 5070.0.3223.192]
    [c:\Program Files\IBM\Personal Communications\NODEINIT.DLL]  [IBM Corporation, 5070.0.3223.68]
    [c:\Program Files\IBM\Trace Facility\NSTRC.dll]  [IBM Corporation, 5070.0.3223.68]
    [c:\Program Files\IBM\Personal Communications\SPELLING.DLL]  [IBM Corporation, 5070.0.3223.68]
    [c:\Program Files\IBM\Trace Facility\FMT_UTIL.dll]  [IBM Corporation, 5070.0.3223.68]
    [c:\Program Files\IBM\Personal Communications\PCSCAPI.dll]  [IBM Corporation, 5070.0.3223.68]
    [c:\Program Files\IBM\Personal Communications\OOCSVCS2.dll]  [N/A, N/A]
    [c:\Program Files\IBM\Personal Communications\MESSAGE.DLL]  [IBM Corporation, 5070.0.3223.68]
    [c:\Program Files\IBM\Personal Communications\MSGIO.dll]  [IBM Corporation, 5070.0.3223.68]
[PID: 120][C:\Program Files\IBM\Bluetooth Software\bin\btwdins.exe]  [WIDCOMM, Inc., 1.4.3 Build 4]
[PID: 812][C:\Program Files\Symantec AntiVirus\DefWatch.exe]  [Symantec Corporation, 9.0.3.1000]
[PID: 1024][C:\progra~1\c4ebreg\c4ebreg.exe]  [IBM Global Services, 6.20]
    [C:\progra~1\c4ebreg\osprules.dll]  [IBM Global Services, 1.8]
    [C:\progra~1\c4ebreg\python23.dll]  [Python Software Foundation, 2.3.4]
    [C:\progra~1\c4ebreg\pmemw.dll]  [N/A, N/A]
gototop
 
长发方丈
头像
初生襁褓狮
  • 帖子:16
  • 注册: 2006-10-07
  • 来自:
发表于: 2007-03-06 17:37 | 只看楼主 短消息 资料
字号: 4楼

[PID: 292][c:\sdwork\issimsvc.exe]  [IBM Global Services, 2.13]
[PID: 1168][C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe]  [Microsoft Corporation, 7.00.9064.9150]
[PID: 1452][C:\Notes\ntmulti.exe]  [IBM Corp, 7.0.00.5226]
[PID: 1292][C:\PROGRA~1\AT&TNE~1\NetCfgSv.EXE]  [AT&T, 6.4.0.3000]
    [C:\PROGRA~1\AT&TNE~1\NetClient.dll]  [AT&T, 6.4.1.2004]
    [C:\Program Files\Common Files\Microsoft Shared\MSINFO\NewInfo.rxk]  [N/A, N/A]
    [C:\WINDOWS\System32\vsdata.dll]  [Check Point Inc., 6.0.202.000]
    [C:\WINDOWS\System32\VSINIT.dll]  [Check Point Inc., 6.0.202.000]
[PID: 1544][C:\WINDOWS\System32\QCONSVC.EXE]  [IBM Corp., 3, 5, 3, 0]
[PID: 1736][C:\WINDOWS\System32\svchost.exe]  [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)]
[PID: 1972][C:\Program Files\Symantec AntiVirus\Rtvscan.exe]  [Symantec Corporation, 9.0.3.1000]
    [C:\WINDOWS\System32\CBA.DLL]  [Intel? Corporation, 6.12.0.130 E]
    [C:\WINDOWS\System32\MsgSys.dll]  [Intel? Corporation, 6.12.0.130 E]
    [C:\WINDOWS\System32\NTS.dll]  [Intel? Corporation, 6.12.0.130 E]
    [C:\WINDOWS\System32\PDS.DLL]  [Intel? Corporation, 6.12.0.130 E]
    [C:\Program Files\Symantec AntiVirus\NAVLU.dll]  [Symantec Corporation, 9.0.3.1000]
    [C:\Program Files\Symantec AntiVirus\I2ldvp3.dll]  [Symantec Corporation, 9.0.3.1000]
    [C:\Program Files\Symantec AntiVirus\ecmldr32.DLL]  [Symantec Corp., 1.1.0.3]
    [C:\Program Files\Symantec AntiVirus\SAVRT32.DLL]  [Symantec Corporation, 9.3.0.28]
    [C:\Program Files\Symantec AntiVirus\NAVNTUTL.DLL]  [Symantec Corporation, 9.0.3.1000]
    [C:\PROGRA~1\COMMON~1\SYMANT~1\VIRUSD~1\20070302.052\ecmsvr32.dll]  [Symantec Corporation, 71.1.0.11]
    [C:\PROGRA~1\COMMON~1\SYMANT~1\VIRUSD~1\20070302.052\NAVEX32a.DLL]  [Symantec Corporation, 20071.1.1.10]
    [C:\PROGRA~1\COMMON~1\SYMANT~1\VIRUSD~1\20070302.052\NAVENG32.DLL]  [Symantec Corporation, 20071.1.1.10]
    [C:\Program Files\Symantec AntiVirus\IMail.dll]  [Symantec Corporation, 9.0.3.1000]
    [C:\Program Files\Symantec AntiVirus\NotesExt.dll]  [Symantec Corporation, 9.0.3.1000]
    [C:\Program Files\Symantec AntiVirus\vpmsece2.dll]  [Symantec Corporation, 9.0.3.1000]
    [C:\Program Files\Symantec AntiVirus\DecSDK.dll]  [Symantec Corporation, 3.02.12.09]
    [C:\Program Files\Symantec AntiVirus\Dec2.dll]  [Symantec Corporation, 3.02.12.09]
    [C:\Program Files\Symantec AntiVirus\Dec2ID.dll]  [Symantec Corporation, 3.02.12.09]
    [C:\Program Files\Symantec AntiVirus\Dec2ZIP.dll]  [Symantec Corporation, 3.02.12.09]
    [C:\Program Files\Symantec AntiVirus\Dec2SS.dll]  [Symantec Corporation, 3.02.12.09]
    [C:\Program Files\Symantec AntiVirus\Dec2GZIP.dll]  [Symantec Corporation, 3.02.12.09]
    [C:\Program Files\Symantec AntiVirus\Dec2CAB.dll]  [Symantec Corporation, 3.02.12.09]
    [C:\Program Files\Symantec AntiVirus\Dec2LHA.dll]  [Symantec Corporation, 3.02.12.09]
    [C:\Program Files\Symantec AntiVirus\Dec2ARJ.dll]  [Symantec Corporation, 3.02.12.09]
    [C:\Program Files\Symantec AntiVirus\Dec2TNEF.dll]  [Symantec Corporation, 3.02.12.09]
    [C:\Program Files\Symantec AntiVirus\Dec2LZ.dll]  [Symantec Corporation, 3.02.12.09]
    [C:\Program Files\Symantec AntiVirus\Dec2AMG.dll]  [Symantec Corporation, 3.02.12.09]
    [C:\Program Files\Symantec AntiVirus\Dec2TAR.dll]  [Symantec Corporation, 3.02.12.09]
    [C:\Program Files\Symantec AntiVirus\Dec2RTF.dll]  [Symantec Corporation, 3.02.12.09]
    [C:\Program Files\Symantec AntiVirus\Dec2Text.dll]  [Symantec Corporation, 3.02.12.09]
    [C:\Program Files\Common Files\Symantec Shared\SSC\scandlgs.dll]  [Symantec Corporation, 9.0.3.1000]
    [C:\Program Files\Common Files\Symantec Shared\SSC\LDVPCtls.ocx]  [Symantec Corporation, 9.0.3.1000]
[PID: 172][C:\WINDOWS\system32\TpKmpSVC.exe]  [N/A, N/A]
[PID: 300][C:\WINDOWS\System32\wdfmgr.exe]  [Microsoft Corporation, 5.2.3790.1230 built by: DNSRV(bld4act)]
[PID: 420][C:\WINDOWS\WRTService.exe]  [N/A, N/A]
[PID: 564][c:\WINDOWS\System32\Drivers\ldlcserv.exe]  [IBM Corporation, 5070.0.3223.68]
[PID: 1668][C:\WINDOWS\Explorer.EXE]  [Microsoft Corporation, 6.00.2800.1221 (xpsp2.030511-1403)]
    [C:\Program Files\Common Files\Microsoft Shared\MSINFO\NewInfo.rxk]  [N/A, N/A]
    [C:\Program Files\Internet Explorer\InfoMs.tdm]  [N/A, N/A]
    [C:\Program Files\WinRAR\rarext.dll]  [N/A, N/A]
    [C:\Program Files\Common Files\Symantec Shared\SSC\vpshell2.dll]  [Symantec Corporation, 9.0.3.1000]
[PID: 1712][C:\WINDOWS\System32\CNAB4RPK.EXE]  [CANON INC., 1.02.0.004]
[PID: 1440][C:\WINDOWS\System32\tp4serv.exe]  [IBM Corporation, 3.09]
    [C:\WINDOWS\System32\tp4uires.dll]  [N/A, N/A]
    [C:\Program Files\Internet Explorer\InfoMs.tdm]  [N/A, N/A]
[PID: 952][C:\PROGRA~1\ThinkPad\PkgMgr\HOTKEY\TPHKMGR.exe]  [N/A, N/A]
    [C:\Program Files\Common Files\Microsoft Shared\MSINFO\NewInfo.rxk]  [N/A, N/A]
    [C:\Program Files\ThinkPad\PkgMgr\HOTKEY_2\tphk_2k.dll]  [N/A, N/A]
    [C:\WINDOWS\System32\Oemdspif.dll]  [Intel Corporation, 3.0.0.2350]
    [C:\WINDOWS\System32\igfxdev.dll]  [Intel Corporation, 3.0.0.2350]
    [C:\PROGRA~1\ThinkPad\PkgMgr\HOTKEY\tpfnf7.dll]  [N/A, N/A]
    [C:\Program Files\Internet Explorer\InfoMs.tdm]  [N/A, N/A]
[PID: 1520][C:\Program Files\ThinkPad\Utilities\TpKmapMn.exe]  [N/A, N/A]
    [C:\Program Files\ThinkPad\Utilities\TpKmapHk.dll]  [N/A, N/A]
    [C:\Program Files\Internet Explorer\InfoMs.tdm]  [N/A, N/A]
[PID: 1368][C:\Program Files\ThinkPad\PkgMgr\HOTKEY\TPONSCR.exe]  [N/A, N/A]
    [C:\Program Files\Internet Explorer\InfoMs.tdm]  [N/A, N/A]
[PID: 2052][C:\Program Files\ThinkPad\PkgMgr\HOTKEY_1\TpScrex.exe]  [IBM Corporation, 1.06]
    [C:\Program Files\Internet Explorer\InfoMs.tdm]  [N/A, N/A]
[PID: 2188][C:\WINDOWS\System32\igfxtray.exe]  [Intel Corporation, 3.0.0.2350]
    [C:\WINDOWS\System32\hccutils.DLL]  [Intel Corporation, 3.0.0.2350]
    [C:\WINDOWS\System32\igfxdev.dll]  [Intel Corporation, 3.0.0.2350]
    [C:\WINDOWS\System32\igfxsrvc.dll]  [Intel Corporation, 3.0.0.2350]
    [C:\WINDOWS\System32\igfxres.dll]  [Intel Corporation, 3.0.0.2350]
    [C:\WINDOWS\System32\igfxress.dll]  [Intel Corporation, 3.0.0.2350]
    [C:\Program Files\Internet Explorer\InfoMs.tdm]  [N/A, N/A]
[PID: 2196][C:\WINDOWS\System32\hkcmd.exe]  [Intel Corporation, 3.0.0.2350]
    [C:\WINDOWS\System32\hccutils.DLL]  [Intel Corporation, 3.0.0.2350]
    [C:\WINDOWS\System32\igfxdev.dll]  [Intel Corporation, 3.0.0.2350]
    [C:\WINDOWS\System32\igfxsrvc.dll]  [Intel Corporation, 3.0.0.2350]
    [C:\WINDOWS\System32\igfxhk.dll]  [Intel Corporation, 3.0.0.2350]
    [C:\WINDOWS\System32\igfxres.dll]  [Intel Corporation, 3.0.0.2350]
    [C:\Program Files\Internet Explorer\InfoMs.tdm]  [N/A, N/A]
[PID: 2208][C:\WINDOWS\System32\TpShocks.exe]  [IBM Corp., 1, 0, 0, 1]
    [C:\WINDOWS\System32\Sensor.dll]  [N/A, N/A]
gototop
 
长发方丈
头像
初生襁褓狮
  • 帖子:16
  • 注册: 2006-10-07
  • 来自:
发表于: 2007-03-06 17:37 | 只看楼主 短消息 资料
字号: 5楼

[C:\Program Files\Internet Explorer\InfoMs.tdm]  [N/A, N/A]
[PID: 2248][C:\Program Files\Common Files\Symantec Shared\ccApp.exe]  [Symantec Corporation, 2.2.2.008]
    [C:\WINDOWS\System32\MSVCP70.dll]  [Microsoft Corporation, 7.00.9466.0]
    [C:\WINDOWS\System32\MSVCR70.dll]  [Microsoft Corporation, 7.00.9466.0]
    [C:\Program Files\Common Files\Symantec Shared\ccVrTrst.dll]  [Symantec Corporation, 2.2.2.008]
    [C:\Program Files\Symantec\LiveUpdate\ProductRegCom.DLL]  [Symantec Corporation, 2.0.39.0]
    [C:\Program Files\Symantec\LiveUpdate\LuComServerPS.DLL]  [Symantec Corporation, 2.0.39.0]
    [C:\PROGRA~1\COMMON~1\SYMANT~1\CCALERT.DLL]  [Symantec Corporation, 2.2.2.008]
    [C:\PROGRA~1\COMMON~1\SYMANT~1\CCEMLPXY.DLL]  [Symantec Corporation, 2.2.2.008]
    [C:\WINDOWS\System32\SYMREDIR.dll]  [Symantec Corporation, 5.3.6.13]
    [C:\Program Files\Common Files\Symantec Shared\ccSetEvt.dll]  [Symantec Corporation, 2.2.2.008]
    [C:\Program Files\Symantec AntiVirus\SavEmail.dll]  [Symantec Corporation, 9.0.3.1000]
    [C:\Program Files\Common Files\Symantec Shared\ccProSub.dll]  [Symantec Corporation, 2.2.2.008]
    [C:\Program Files\Internet Explorer\InfoMs.tdm]  [N/A, N/A]
[PID: 2300][C:\PROGRA~1\SYMANT~1\VPTray.exe]  [Symantec Corporation, 9.0.3.1000]
    [C:\Program Files\Symantec AntiVirus\SAVRT32.DLL]  [Symantec Corporation, 9.3.0.28]
    [C:\Program Files\Symantec AntiVirus\Cliscan.dll]  [Symantec Corporation, 9.0.3.1000]
    [C:\PROGRA~1\SYMANT~1\NAVNTUTL.DLL]  [Symantec Corporation, 9.0.3.1000]
    [C:\Program Files\Symantec AntiVirus\Cliproxy.dll]  [Symantec Corporation, 9.0.3.1000]
    [C:\Program Files\Internet Explorer\InfoMs.tdm]  [N/A, N/A]
[PID: 2420][C:\PROGRA~1\ThinkPad\CONNEC~1\QCWLIcon.exe]  [IBM Corp., 3, 5, 3, 0]
    [C:\PROGRA~1\ThinkPad\CONNEC~1\QCON.dll]  [IBM Corp., 3, 5, 3, 0]
    [C:\PROGRA~1\ThinkPad\CONNEC~1\MerlinC201.dll]  [Novatel Wireless Inc., 1, 0, 0, 1]
    [C:\PROGRA~1\ThinkPad\CONNEC~1\ClymerWrap_2.dll]  [N/A, N/A]
    [C:\WINDOWS\System32\athcfg11.dll]  [Atheros, 3.1.102.22]
    [C:\PROGRA~1\ThinkPad\CONNEC~1\Res\SC\IconRes.dll]  [N/A, N/A]
    [C:\Program Files\Internet Explorer\InfoMs.tdm]  [N/A, N/A]
[PID: 2440][C:\WINDOWS\System32\acs.exe]  [N/A, N/A]
    [C:\WINDOWS\System32\athcfg11.dll]  [Atheros, 3.1.102.22]
    [C:\PROGRA~1\ThinkPad\CONNEC~1\QcAthExt.dll]  [N/A, N/A]
    [C:\WINDOWS\System32\AegisE5.dll]  [Meetinghouse Data Communications, 1, 8, 50, 2]
[PID: 2460][C:\progra~1\c4ebreg\isamtray.exe]  [IBM Global Services, 6.20]
    [C:\Program Files\Internet Explorer\InfoMs.tdm]  [N/A, N/A]
[PID: 2888][C:\PROGRA~1\ThinkPad\CONNEC~1\QCTray.exe]  [IBM Corp., 3, 5, 3, 0]
    [C:\PROGRA~1\ThinkPad\CONNEC~1\QCON.dll]  [IBM Corp., 3, 5, 3, 0]
    [C:\PROGRA~1\ThinkPad\CONNEC~1\MerlinC201.dll]  [Novatel Wireless Inc., 1, 0, 0, 1]
    [C:\PROGRA~1\ThinkPad\CONNEC~1\Res\SC\TrayRes.dll]  [N/A, N/A]
    [C:\PROGRA~1\ThinkPad\CONNEC~1\ClymerWrap_2.dll]  [N/A, N/A]
    [C:\WINDOWS\System32\athcfg11.dll]  [Atheros, 3.1.102.22]
    [C:\PROGRA~1\ThinkPad\CONNEC~1\ANCA.dll]  [IBM Corp., 8.3]
    [C:\PROGRA~1\ThinkPad\CONNEC~1\ANC.dll]  [IBM Corp., 8.3]
    [C:\Program Files\Internet Explorer\InfoMs.tdm]  [N/A, N/A]
[PID: 2996][C:\WINDOWS\System32\ctfmon.exe]  [Microsoft Corporation, 5.1.2600.1106 (xpsp1.020828-1920)]
    [C:\Program Files\Internet Explorer\InfoMs.tdm]  [N/A, N/A]
[PID: 3032][C:\Program Files\MSN Messenger\MsnMsgr.Exe]  [Microsoft Corporation, 7.5.0324]
    [C:\Program Files\MSN Messenger\msidcrl.dll]  [Microsoft Corp., 3.200.60.1]
    [C:\Program Files\MSN Messenger\MSGSLANG.DLL]  [Microsoft Corporation, 7.5.0324]
    [C:\WINDOWS\System32\msdmo.dll]  [N/A, N/A]
    [C:\Program Files\Internet Explorer\InfoMs.tdm]  [N/A, N/A]
[PID: 3964][C:\WINDOWS\System32\conime.exe]  [Microsoft Corporation, 5.1.2600.1106 (xpsp1.020828-1920)]
    [C:\Program Files\Internet Explorer\InfoMs.tdm]  [N/A, N/A]
[PID: 3376][\\9.181.2.174\chaohui\kill\sreng2\SREng.EXE]  [N/A, N/A]
    [C:\Program Files\Internet Explorer\InfoMs.tdm]  [N/A, N/A]

==================================
gototop
 
长发方丈
头像
初生襁褓狮
  • 帖子:16
  • 注册: 2006-10-07
  • 来自:
发表于: 2007-03-06 17:38 | 只看楼主 短消息 资料
字号: 6楼

文件关联
.TXT  OK. [%SystemRoot%\system32\NOTEPAD.EXE %1]
.EXE  OK. ["%1" %*]
.COM  OK. ["%1" %*]
.PIF  OK. ["%1" %*]
.REG  OK. [regedit.exe "%1"]
.BAT  OK. ["%1" %*]
.SCR  OK. ["%1" /S]
.CHM  OK. ["C:\WINDOWS\hh.exe" %1]
.HLP  OK. [%SystemRoot%\System32\winhlp32.exe %1]
.INI  OK. [%SystemRoot%\System32\NOTEPAD.EXE %1]
.INF  OK. [%SystemRoot%\System32\NOTEPAD.EXE %1]
.VBS  OK. [%SystemRoot%\System32\WScript.exe "%1" %*]
.JS  OK. [%SystemRoot%\System32\WScript.exe "%1" %*]
.LNK  OK. [{00021401-0000-0000-C000-000000000046}]

==================================
Winsock 提供者
N/A

==================================
Autorun.inf
N/A

==================================
HOSTS 文件
127.0.0.1      localhost

==================================
API HOOK
N/A

==================================


[/CODE]
gototop
 
长发方丈
头像
初生襁褓狮
  • 帖子:16
  • 注册: 2006-10-07
  • 来自:
发表于: 2007-03-06 18:05 | 只看楼主 短消息 资料
字号: 7楼

版主在吗
gototop
 
长发方丈
头像
初生襁褓狮
  • 帖子:16
  • 注册: 2006-10-07
  • 来自:
发表于: 2007-03-06 18:48 | 只看楼主 短消息 资料
字号: 8楼

再顶,急啊
gototop
 
<<上一主题|下一主题>>
1   1  /  1  页   跳转
页面顶部
Powered by Discuz!NT