瑞星卡卡安全论坛技术交流区反病毒/反流氓软件论坛 【求助】NOD32 整天弹出Win32/Adware.Cinmus病毒

1   1  /  1  页   跳转

【求助】NOD32 整天弹出Win32/Adware.Cinmus病毒

收藏
woxiang
头像
初生襁褓狮
  • 帖子:4
  • 注册: 2007-04-24
  • 来自:
发表于: 2007-04-24 18:40 | 只看楼主 短消息 资料
字号: 1楼

【求助】NOD32 整天弹出Win32/Adware.Cinmus病毒

NOD32日志为:

时间    模块    对象    名称    病毒    操作    用户    信息
2007-4-24 12:32:49    文件    文件    C:\WINDOWS\TEMP\5FAF5EF0.exe    变种的 Win32/Adware.Cinmus 应用程序    已隔离 - 已删除    NT AUTHORITY\SYSTEM    下列程序新建文件时发生事件: \??\C:\WINDOWS\system32\winlogon.exe. 文件已被移至隔离区。
2007-4-24 12:17:30    文件    文件    C:\WINDOWS\TEMP\48675362.exe    变种的 Win32/Adware.Cinmus 应用程序    已隔离 - 已删除    NT AUTHORITY\SYSTEM    下列程序新建文件时发生事件: \??\C:\WINDOWS\system32\winlogon.exe. 文件已被移至隔离区。
2007-4-24 12:12:32    文件    文件    C:\WINDOWS\TEMP\42AF4F7E.exe    变种的 Win32/Adware.Cinmus 应用程序    已隔离 - 已删除    NT AUTHORITY\SYSTEM    下列程序新建文件时发生事件: \??\C:\WINDOWS\system32\winlogon.exe. 文件已被移至隔离区。


sreng2日志为:
[CODE]

2007-04-24,18:17:17

System Repair Engineer 2.4.12.806
Smallfrogs (http://www.KZTechs.com)

Windows XP Professional Service Pack 2 (Build 2600) - 管理权限用户 - 完整功能

以下内容被选中:
    所有的启动项目(包括注册表、启动文件夹、服务等)
    浏览器加载项
    正在运行的进程(包括进程模块信息)
    文件关联
    Winsock 提供者
    Autorun.inf
    HOSTS 文件


启动项目
注册表
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
    <ctfmon.exe><C:\WINDOWS\system32\ctfmon.exe>  [(Verified)Microsoft Windows Publisher]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
    <PHIME2002ASync><C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC>  [(Verified)Microsoft Windows Publisher]
    <PHIME2002A><C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName>  [(Verified)Microsoft Windows Publisher]
    <HControl><C:\WINDOWS\ATK0100\HControl.exe>  [(Verified)Microsoft Windows Hardware Compatibility Publisher]
    <nod32kui><"C:\Program Files\Eset\nod32kui.exe" /WAITSERVICE>  [Eset ]
    <SynTPEnh><C:\Program Files\Synaptics\SynTP\SynTPEnh.exe>  [(Verified)Microsoft Windows Publisher]
    <Power_Gear><C:\Program Files\ASUS\Power4 Gear\BatteryLife.exe 1>  [N/A]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
    <shell><Explorer.exe>  [(Verified)]
    <Userinit><C:\WINDOWS\system32\userinit.exe,>  [(Verified)Microsoft Windows Publisher]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Windows]
    <AppInit_DLLs><>  [N/A]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
    <UIHost><E:\soft\优化系统\登陆界面更换器\登录界面\Qs Inspirat Reloaded 1\logonui.exe>  [Microsoft Corporation]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
    <WPDShServiceObj><C:\WINDOWS\system32\WPDShServiceObj.dll>  [(Verified)Microsoft Windows Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WBSrv]
    <WinlogonNotify: WBSrv><D:\Program Files\WindowBlinds\wbsrv.dll>  [Stardock]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WgaLogon]
    <WinlogonNotify: WgaLogon><WgaLogon.dll>  [(Verified)Microsoft Corporation]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    <BitComet><; "D:\Program Files\BitComet\BitComet.exe">  [www.BitComet.com]
    <eMuleAutoStart><; D:\Program Files\eMule\emule.exe -AutoStart>  [http://www.emule.org.cn]
    <Hanami><; >  [N/A]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    <IMJPMIG8.1><; "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32>  [(Verified)Microsoft Windows Publisher]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    <MSMSGS><; "C:\Program Files\Messenger\msmsgs.exe" /background>  [(Verified)Microsoft Windows XP Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    <RTHDCPL><; RTHDCPL.EXE>  [(Verified)Microsoft Windows Publisher]
    <StormCodec_Helper><; "d:\Program Files\Ringz Studio\Storm Codec\StormSet.exe" /S /opti>  []

==================================
启动文件夹
N/A

==================================
服务
[Messanger Accelerator / Accelerator Tools][Stopped/Disabled]
  <><N/A>
[ASP.NET State Service / aspnet_state][Stopped/Manual Start]
  <C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\aspnet_state.exe><Microsoft Corporation>
[Ati HotKey Poller / Ati HotKey Poller][Running/Auto Start]
  <C:\WINDOWS\system32\Ati2evxx.exe><ATI Technologies Inc.>
[Autodesk Licensing Service / Autodesk Licensing Service][Stopped/Manual Start]
  <"C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe"><Autodesk>
[Human Interface Device Access / HidServ][Stopped/Disabled]
  <C:\WINDOWS\System32\svchost.exe -k netsvcs-->%SystemRoot%\System32\hidserv.dll><N/A>
[LightScribeService Direct Disc Labeling Service / LightScribeService][Running/Auto Start]
  <"C:\Program Files\Common Files\LightScribe\LSSrvc.exe"><Hewlett-Packard Company>
[NOD32 Kernel Service / NOD32krn][Running/Auto Start]
  <"C:\Program Files\Eset\nod32krn.exe"><Eset>
[Qvod Terminal / Qvod Terminal][Stopped/Disabled]
  <C:\Program Files\QvodPlayer\QvodTerminal.exe><N/A>

==================================
驱动程序
[acpidisk / acpidisk][Running/Auto Start]
  <\??\C:\WINDOWS\system32\drivers\acpidisk.sys><N/A>
[AMON / AMON][Running/Auto Start]
  <\??\C:\WINDOWS\system32\drivers\amon.sys><Eset>
[ati2mtag / ati2mtag][Running/Manual Start]
  <system32\DRIVERS\ati2mtag.sys><ATI Technologies Inc.>
[Bluetooth Audio Service / BlueletAudio][Stopped/Manual Start]
  <system32\DRIVERS\blueletaudio.sys><IVT Corporation>
[Bluetooth PAN Network Adapter / BT][Stopped/Manual Start]
  <system32\DRIVERS\btnetdrv.sys><IVT Corporation>
[Bluetooth USB For Bluetooth Service / Btcsrusb][Stopped/Manual Start]
  <System32\Drivers\btcusb.sys><IVT Corporation>
[Bluetooth HID Enumerator / BTHidEnum][Stopped/Manual Start]
  <system32\DRIVERS\vbtenum.sys><N/A>
[Bluetooth HID Manager Service / BTHidMgr][Running/Boot Start]
  <\SystemRoot\System32\Drivers\BTHidMgr.sys><IVT Corporation>
[CdaC15BA / CdaC15BA][Running/Auto Start]
  <\??\C:\WINDOWS\system32\drivers\CdaC15BA.SYS><Macrovision Europe Ltd>
[dtscsi / dtscsi][Running/Manual Start]
  <\SystemRoot\System32\Drivers\dtscsi.sys><N/A>
[gixfue15 / gixfue15][Stopped/Boot Start]
  <\SystemRoot\system32\\drivers\\system32\\drivers\\%s.sys.sys><N/A>
[Microsoft 用于 High Definition Audio 的 UAA 总线驱动程序 / HDAudBus][Running/Manual Start]
  <system32\DRIVERS\HDAudBus.sys><Windows (R) Server 2003 DDK provider>
[HSFHWAZL / HSFHWAZL][Running/Manual Start]
  <system32\DRIVERS\HSFHWAZL.sys><Conexant Systems, Inc.>
[HSF_DP / HSF_DP][Running/Manual Start]
  <system32\DRIVERS\HSF_DP.sys><Conexant Systems, Inc.>
[Service for Realtek HD Audio (WDM) / IntcAzAudAddService][Running/Manual Start]
  <system32\drivers\RtkHDAud.sys><Realtek Semiconductor Corp.>
[litjuv23 / litjuv23][Stopped/Boot Start]
  <\SystemRoot\system32\\drivers\\system32\\drivers\\%s.sys.sys><N/A>
[mdmxsdk / mdmxsdk][Running/Auto Start]
  <system32\DRIVERS\mdmxsdk.sys><Conexant>
[ATK0100 ACPI UTILITY / MTsensor][Running/Manual Start]
  <system32\DRIVERS\ATKACPI.sys><>
[npkcrypt / npkcrypt][Running/Auto Start]
  <\??\D:\Program Files\Tencent\QQ\npkcrypt.sys><INCA Internet Co., Ltd.>
[Direct Parallel Link Driver / Ptilink][Running/Manual Start]
  <system32\DRIVERS\ptilink.sys><Parallel Technologies, Inc.>
[rimsptsk / rimsptsk][Running/Boot Start]
  <\SystemRoot\system32\DRIVERS\rimsptsk.sys><REDC>
[Realtek 10/100/1000 PCI NIC Family NDIS XP Driver / RTL8023xp][Running/Manual Start]
  <system32\DRIVERS\Rtnicxp.sys><Realtek Semiconductor Corporation>
[Realtek RTL8139(A/B/C)-based PCI Fast Ethernet Adapter NT Driver / rtl8139][Stopped/Manual Start]
  <system32\DRIVERS\RTL8139.SYS><Realtek Semiconductor Corporation>
[ruvnwd2 / ruvnwd20][Stopped/Boot Start]
  <\SystemRoot\System32\DRIVERS\ruvnwd20.sys><N/A>
[Secdrv / Secdrv][Stopped/Manual Start]
  <system32\DRIVERS\secdrv.sys><N/A>
[sptd / sptd][Running/Boot Start]
  <\SystemRoot\System32\Drivers\sptd.sys><N/A>
[SRS Labs Audio Sandbox (WDM) / SRS_SSCFilter][Stopped/Manual Start]
  <system32\drivers\srs_sscfilter.sys><>
[USB2.0 1.3M Web Cam / SynMini][Running/Manual Start]
  <System32\Drivers\SynMini.sys><Syntek America Inc.>
[USB2.0 1.3M Web Cam Still Image / SynScan][Running/Manual Start]
  <System32\Drivers\SynScan.sys><Syntek America Inc.>
[Synaptics TouchPad Driver / SynTP][Running/Manual Start]
  <system32\DRIVERS\SynTP.sys><Synaptics, Inc.>
[Virtual Serial port driver / VComm][Stopped/Manual Start]
  <system32\DRIVERS\VComm.sys><IVT Corporation>
[Bluetooth VComm Manager Service / VcommMgr][Stopped/Manual Start]
  <System32\Drivers\VcommMgr.sys><IVT Corporation>
[VMware Network Application Interface / vmnetUserif][Running/Auto Start]
  <\??\C:\WINDOWS\system32\drivers\vmnetUserif.sys><VMware, Inc.>
[VMware vmx86 / vmx86][Running/Auto Start]
  <\??\C:\WINDOWS\system32\drivers\vmx86.sys><VMware, Inc.>
[winachsf / winachsf][Running/Manual Start]
  <system32\DRIVERS\HSF_CNXT.sys><Conexant Systems, Inc.>
[World Standard Teletext Codec / WSTCODEC][Stopped/Manual Start]
  <system32\DRIVERS\WSTCODEC.SYS><Microsoft Corporation>
[yrfvqr7 / yrfvqr72][Running/Boot Start]
  <\SystemRoot\System32\DRIVERS\yrfvqr72.sys><Microsoft Corporation>

==================================

最后编辑2007-04-24 18:34:39
分享到:
gototop
 
woxiang
头像
初生襁褓狮
  • 帖子:4
  • 注册: 2007-04-24
  • 来自:
发表于: 2007-04-24 18:43 | 只看楼主 短消息 资料
字号: 2楼

浏览器加载项
[ThunderAtOnce Class]
  {01443AEC-0FD1-40fd-9C87-E93D1494C233} <D:\Program Files\Thunder\ComDlls\TDAtOnce_Now.dll, Thunder Networking Technologies,LTD>
[Thunder Browser Helper]
  {889D2FEB-5411-4565-8998-1DD2C5261283} <D:\Program Files\Thunder\ComDlls\xunleiBHO_Now.dll, Thunder Networking Technologies,LTD>
[浩方对战平台]
  {0A155D3C-68E2-4215-A47A-E800A446447A} <E:\music\game\浩方对战平台\GameClient.exe, 上海浩方在线信息技术有限公司>
[QQ]
  {c95fe080-8f5d-11d2-a20b-00aa003c157b} <D:\Program Files\Tencent\QQ\QQ.EXE, TENCENT>
[Windows Live Safety Center Base Module]
  {5ED80217-570B-4DA9-BF44-BE107C0EC166} <C:\WINDOWS\Downloaded Program Files\wlscBase.dll, Microsoft Corporation>
[PeerDraw Class]
  {10072CEC-8CC1-11D1-986E-00A0C955B42E} <C:\Program Files\Common Files\Microsoft Shared\VGX\vgx.dll, Microsoft Corporation>
[Windows Media Player]
  {22D6F312-B0F6-11D0-94AB-0080C74C7E95} <C:\WINDOWS\system32\wmpdxm.dll, Microsoft Corporation>
[Windows Live Safety Center Base Module]
  {5ED80217-570B-4DA9-BF44-BE107C0EC166} <C:\WINDOWS\Downloaded Program Files\wlscBase.dll, Microsoft Corporation>
[Windows Media Player]
  {6BF52A52-394A-11D3-B153-00C04F79FAA6} <C:\WINDOWS\system32\wmp.dll, Microsoft Corporation>
[Active Desktop Mover]
  {72267F6A-A6F9-11D0-BC94-00C04FB67863} <%SystemRoot%\system32\SHELL32.dll, N/A>
[Thunder Browser Helper]
  {889D2FEB-5411-4565-8998-1DD2C5261283} <D:\Program Files\Thunder\ComDlls\xunleiBHO_Now.dll, Thunder Networking Technologies,LTD>
[Windows Live Safety Center Control Module]
  {8E5C8BEE-1887-414C-8AC9-7C3951F28476} <C:\Program Files\Windows Live Safety Center\wlscCtrl.dll, Microsoft Corporation>
[RMGetLicense Class]
  {A9FC132B-096D-460B-B7D5-1DB0FAE0C062} <C:\WINDOWS\system32\msnetobj.dll, Microsoft Corporation>
[SearchAssistantOC]
  {B45FF030-4447-11D2-85DE-00C04FA35C89} <%SystemRoot%\system32\shdocvw.dll, N/A>
[RDS.DataSpace]
  {BD96C556-65A3-11D0-983A-00C04FC29E36} <C:\Program Files\Common Files\System\msadc\msadco.dll, Microsoft Corporation>
[VIDEO__X_MS_WMV Moniker Class]
  {CD3AFA94-B84F-48F0-9393-7EDC34128127} <C:\WINDOWS\system32\wmp.dll, Microsoft Corporation>
[Shockwave Flash Object]
  {D27CDB6E-AE6D-11CF-96B8-444553540000} <C:\WINDOWS\system32\Macromed\Flash\Flash9b.ocx, Adobe Systems, Inc.>
[使用迅雷下载]
  <D:\Program Files\Thunder\Program\geturl.htm, N/A>
[使用迅雷下载全部链接]
  <D:\Program Files\Thunder\Program\getallurl.htm, N/A>

==================================
gototop
 
woxiang
头像
初生襁褓狮
  • 帖子:4
  • 注册: 2007-04-24
  • 来自:
发表于: 2007-04-24 18:44 | 只看楼主 短消息 资料
字号: 3楼

正在运行的进程
[PID: 588][\SystemRoot\System32\smss.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 640][\??\C:\WINDOWS\system32\csrss.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 668][\??\C:\WINDOWS\system32\winlogon.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
    [C:\WINDOWS\system32\Ati2evxx.dll]  [ATI Technologies Inc., 6.14.10.4117]
    [D:\Program Files\WindowBlinds\wbsrv.dll]  [Stardock, 5, 0, 0, 1]
    [D:\Program Files\WindowBlinds\wblind.dll]  [Stardock Corporation, 5.02]
    [D:\Program Files\WindowBlinds\wbhelp.dll]  [Stardock.Net, Inc, 4.01]
    [C:\WINDOWS\system32\winlib .dll]  [N/A, ]
    [C:\WINDOWS\system32\msacm32.drv]  [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)]
    [C:\WINDOWS\system32\imon.dll]  [Eset , 2, 51, 26 ]
    [C:\Program Files\Eset\pr_imon.dll]  [N/A, ]
[PID: 716][C:\WINDOWS\system32\services.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
    [C:\WINDOWS\AppPatch\AcAdProc.dll]  [Microsoft Corporation, 5.1.2600.3008 (xpsp.061004-0027)]
[PID: 728][C:\WINDOWS\system32\lsass.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
    [C:\WINDOWS\system32\imon.dll]  [Eset , 2, 51, 26 ]
    [C:\Program Files\Eset\pr_imon.dll]  [N/A, ]
[PID: 1912][C:\WINDOWS\Explorer.EXE]  [Microsoft Corporation, 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)]
    [C:\WINDOWS\system32\WPDShServiceObj.dll]  [Microsoft Corporation, 5.2.5721.5145 (WMP_11.061018-2006)]
    [C:\WINDOWS\system32\PortableDeviceTypes.dll]  [Microsoft Corporation, 5.2.5721.5145 (WMP_11.061018-2006)]
    [C:\WINDOWS\system32\msacm32.drv]  [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)]
    [C:\WINDOWS\system32\PortableDeviceApi.dll]  [Microsoft Corporation, 5.2.5721.5145 (WMP_11.061018-2006)]
    [C:\WINDOWS\system32\yrfvqr72.dll]  [, 1, 1, 1, 1010]
    [D:\Program Files\Microsoft Office 2003\Office\msohev.dll]  [Microsoft Corporation, 11.0.5510]
    [D:\Program Files\WinRAR\rarext.dll]  [N/A, ]
    [C:\Program Files\Eset\nodshex.dll]  [N/A, ]
[PID: 1084][C:\WINDOWS\ATK0100\HControl.exe]  [, 1043, 2, 15, 63]
    [C:\WINDOWS\ATK0100\CMSSC.dll]  [N/A, ]
    [C:\WINDOWS\ATK0100\inter_f2.dll]  [ATK, 1043, 2, 15, 52]
    [C:\WINDOWS\ATK0100\ATKWLIOC.DLL]  [ACTIONTEC Electronics,Inc, 2.01.02]
    [C:\WINDOWS\ATK0100\SiSPkt.dll]  [Silicon Integrated Systems Corp., 1, 0, 0, 45]
    [C:\WINDOWS\system32\msacm32.drv]  [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)]
    [C:\WINDOWS\system32\yrfvqr72.dll]  [, 1, 1, 1, 1010]
    [C:\WINDOWS\system32\SynCOM.dll]  [Synaptics, Inc., 8.1.5 18Aug05]
[PID: 1156][C:\Program Files\Eset\nod32kui.exe]  [Eset , 2, 51, 26 ]
    [C:\Program Files\Eset\nod32rui.dll]  [N/A, ]
    [C:\WINDOWS\system32\yrfvqr72.dll]  [, 1, 1, 1, 1010]
    [C:\Program Files\Eset\pu_amon.dll]  [Eset , 2, 51, 26 ]
    [C:\Program Files\Eset\pr_amon.dll]  [Eset , 2, 51, 26 ]
    [C:\Program Files\Eset\pu_dmon.dll]  [Eset , 2, 51, 26 ]
    [C:\Program Files\Eset\pr_dmon.dll]  [N/A, ]
    [C:\Program Files\Eset\pu_emon.dll]  [Eset , 2, 51, 26 ]
    [C:\Program Files\Eset\pr_emon.dll]  [N/A, ]
    [C:\Program Files\Eset\pu_imon.dll]  [Eset , 2, 51, 26 ]
    [C:\Program Files\Eset\pr_imon.dll]  [N/A, ]
    [C:\Program Files\Eset\pu_mirr.dll]  [Eset , 2, 51, 26 ]
    [C:\Program Files\Eset\pr_mirr.dll]  [N/A, ]
    [C:\Program Files\Eset\pu_nod32.dll]  [Eset , 2, 51, 26 ]
    [C:\Program Files\Eset\pr_nod32.dll]  [Eset , 2, 51, 26 ]
    [C:\Program Files\Eset\pu_upd.dll]  [Eset , 2, 51, 26 ]
    [C:\Program Files\Eset\pr_upd.dll]  [N/A, ]
[PID: 1220][C:\Program Files\Synaptics\SynTP\SynTPEnh.exe]  [Synaptics, Inc., 8.1.5 18Aug05]
    [C:\WINDOWS\system32\SynCOM.dll]  [Synaptics, Inc., 8.1.5 18Aug05]
    [C:\WINDOWS\system32\SynTPAPI.dll]  [Synaptics, Inc., 8.1.5 18Aug05]
[PID: 1240][C:\Program Files\ASUS\Power4 Gear\BatteryLife.exe]  [ASUSTeK Computer Inc., 1043, 6, 15, 112]
    [C:\Program Files\ASUS\Power4 Gear\ATKMETHOD.dll]  [ASUSTeK Computer Inc., 1043, 6, 15, 112]
[PID: 1412][C:\WINDOWS\ATK0100\ATKOSD.exe]  [, 1043, 2, 15, 63]
    [C:\WINDOWS\system32\yrfvqr72.dll]  [, 1, 1, 1, 1010]
[PID: 1600][C:\WINDOWS\system32\ctfmon.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
    [C:\WINDOWS\system32\yrfvqr72.dll]  [, 1, 1, 1, 1010]
[PID: 1904][C:\WINDOWS\system32\conime.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
    [C:\WINDOWS\system32\yrfvqr72.dll]  [, 1, 1, 1, 1010]
[PID: 2828][D:\Program Files\TheWorld\TheWorld.exe]  [Phoenix Studio, 2, 0, 3, 2]
    [C:\WINDOWS\system32\yrfvqr72.dll]  [, 1, 1, 1, 1010]
[PID: 2620][C:\WINDOWS\system32\NOTEPAD.EXE]  [, 1, 1, 0, 8]
    [C:\WINDOWS\system32\yrfvqr72.dll]  [, 1, 1, 1, 1010]
[PID: 2160][D:\Program Files\TheWorld\TheWorld.exe]  [Phoenix Studio, 2, 0, 3, 2]
    [C:\WINDOWS\system32\yrfvqr72.dll]  [, 1, 1, 1, 1010]
    [C:\WINDOWS\system32\imon.dll]  [Eset , 2, 51, 26 ]
    [C:\Program Files\Eset\pr_imon.dll]  [N/A, ]
    [C:\WINDOWS\system32\msacm32.drv]  [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)]
    [C:\WINDOWS\system32\WINABCX.IME]  [PKUETI, 5.22.216]
    [C:\WINDOWS\system32\Macromed\Flash\Flash9b.ocx]  [Adobe Systems, Inc., 9,0,28,0]
[PID: 504][D:\Program Files\Thunder\Program\Thunder5.exe]  [Thunder Networking Technologies,LTD, 5, 6, 1, 291]
    [D:\Program Files\Thunder\Program\ThunderEx.dll]  [, 1, 1, 0, 1]
    [C:\WINDOWS\system32\yrfvqr72.dll]  [, 1, 1, 1, 1010]
    [D:\Program Files\Thunder\Program\TaskManager.dll]  [Thunder Networking Technologies,LTD, 1, 1, 0, 20]
    [D:\Program Files\Thunder\Program\download_interface.dll]  [Thunder Networking Technologies,LTD, 2, 14, 2, 75]
    [D:\Program Files\Thunder\Program\stlport_vc646.dll]  [STLport Consulting, Inc., 4.6.2003.1031]
    [D:\Program Files\Thunder\Program\asyn_dns.dll]  [Thunder Networking Technologies,LTD, 2, 14, 2, 75]
    [C:\WINDOWS\system32\imon.dll]  [Eset , 2, 51, 26 ]
    [C:\Program Files\Eset\pr_imon.dll]  [N/A, ]
    [D:\Program Files\Thunder\Program\BHOStub.dll]  [Thunder Networking Technologies,LTD, 1, 1, 0, 8]
    [D:\Program Files\Thunder\Components\DownAndPlay\DownAndPlay.dll]  [, 1, 0, 0, 1]
    [D:\Program Files\Thunder\Program\iTargetAD.dll]  [N/A, ]
    [D:\Program Files\Thunder\Components\Community\XLCommunity.dll]  [Thunder Networking Technologies,LTD, 1, 0, 6, 25]
    [D:\Program Files\Thunder\Components\DiagnoseHelper\DiagnoseHelper.dll]  [Thunder Networking Technologies,LTD, 1, 1, 1, 16]
    [D:\Program Files\Thunder\Components\ExplorerHelper\ExplorerHelper.dll]  [Thunder Networking Technologies,LTD, 1, 0, 4, 15]
    [D:\Program Files\Thunder\Components\PortVerify\PortVerify.dll]  [Thunder Networking Technologies,LTD, 1, 0, 0, 1]
    [D:\Program Files\Thunder\Program\RegisterDll.dll]  [Thunder Networking Technologies,LTD, 2, 13, 2, 61]
    [D:\Program Files\Thunder\Plugins\BhoAdv\bho_adv.dll]  [深圳市迅雷网络技术有限公司, 1.0.1.0]
    [D:\Program Files\Thunder\Program\XLNet.Dll]  [Thunder Networking Technologies,LTD, 1, 2, 0, 8]
    [C:\WINDOWS\system32\msacm32.drv]  [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)]
[PID: 3728][D:\Personal\Desktop\sreng2\SREng.EXE]  [Smallfrogs Studio, 2.4.12.806]
    [C:\WINDOWS\system32\yrfvqr72.dll]  [, 1, 1, 1, 1010]
    [C:\WINDOWS\system32\imon.dll]  [Eset , 2, 51, 26 ]
    [C:\Program Files\Eset\pr_imon.dll]  [N/A, ]

==================================
gototop
 
woxiang
头像
初生襁褓狮
  • 帖子:4
  • 注册: 2007-04-24
  • 来自:
发表于: 2007-04-24 18:44 | 只看楼主 短消息 资料
字号: 4楼

文件关联
.TXT  OK. [%SystemRoot%\system32\NOTEPAD.EXE %1]
.EXE  OK. ["%1" %*]
.COM  OK. ["%1" %*]
.PIF  OK. ["%1" %*]
.REG  OK. [regedit.exe "%1"]
.BAT  OK. ["%1" %*]
.SCR  Error. [AutoCADScriptFile]
.CHM  OK. ["C:\WINDOWS\hh.exe" %1]
.HLP  OK. [%SystemRoot%\System32\winhlp32.exe %1]
.INI  OK. [%SystemRoot%\System32\NOTEPAD.EXE %1]
.INF  OK. [%SystemRoot%\System32\NOTEPAD.EXE %1]
.VBS  OK. [%SystemRoot%\System32\WScript.exe "%1" %*]
.JS  OK. [%SystemRoot%\System32\WScript.exe "%1" %*]
.LNK  OK. [{00021401-0000-0000-C000-000000000046}]

==================================
Winsock 提供者
NOD32 protected [MSAFD Tcpip [TCP/IP]]
    C:\WINDOWS\system32\imon.dll(Eset , NOD32 IMON - Internet scanning support)
NOD32 protected [MSAFD Tcpip [UDP/IP]]
    C:\WINDOWS\system32\imon.dll(Eset , NOD32 IMON - Internet scanning support)
NOD32 protected [MSAFD Tcpip [RAW/IP]]
    C:\WINDOWS\system32\imon.dll(Eset , NOD32 IMON - Internet scanning support)
NOD32 protected [RSVP UDP Service Provider]
    C:\WINDOWS\system32\imon.dll(Eset , NOD32 IMON - Internet scanning support)
NOD32 protected [RSVP TCP Service Provider]
    C:\WINDOWS\system32\imon.dll(Eset , NOD32 IMON - Internet scanning support)
NOD32
    C:\WINDOWS\system32\imon.dll(Eset , NOD32 IMON - Internet scanning support)

==================================
Autorun.inf
N/A

==================================
HOSTS 文件
127.0.0.1      localhost

==================================
API HOOK
N/A

==================================
隐藏进程
N/A

==================================


[/CODE]
gototop
 
<<上一主题|下一主题>>
1   1  /  1  页   跳转
页面顶部
Powered by Discuz!NT