瑞星卡卡安全论坛技术交流区反病毒/反流氓软件论坛 中了流行木马137.ini,望赐教!谢谢!

12   1  /  2  页   跳转

中了流行木马137.ini,望赐教!谢谢!

收藏
zjhzlz
头像
初生襁褓狮
  • 帖子:8
  • 注册: 2007-11-15
  • 来自:
发表于: 2007-11-16 18:42 | 只看楼主 短消息 资料
字号: 1楼

中了流行木马137.ini,望赐教!谢谢!

症状好像也没觉得,我这里是网吧!
每台电脑都用这情况,现在的感觉是盗号多了一点!
我把电脑断网,进安全模式查杀成功,但一重起那病毒又来了!(网头我已经拔了)
用瑞星卡卡查是流行木马(137).ini
  但用360度查就是MSSYS32
如果用瑞星杀毒软件查没有显示!
请帮我看看!谢谢~~~~~~

[用户系统信息]Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1)
最后编辑2007-11-28 15:34:16
分享到:
gototop
 
zjhzlz
头像
初生襁褓狮
  • 帖子:8
  • 注册: 2007-11-15
  • 来自:
发表于: 2007-11-18 20:15 | 只看楼主 短消息 资料
字号: 2楼

顶起来~~~~~~~
gototop
 
琼台听雨
头像
自信弱冠狮
  • 帖子:464
  • 注册: 2007-02-07
  • 来自:
发表于: 2007-11-18 22:27 | 短消息 资料
字号: 3楼

看什么?有日志没有?
gototop
 
zjhzlz
头像
初生襁褓狮
  • 帖子:8
  • 注册: 2007-11-15
  • 来自:
发表于: 2007-11-19 12:18 | 只看楼主 短消息 资料
字号: 4楼

怎么才能把病毒给杀了!谢谢!
gototop
 
ssuusu
头像
初生襁褓狮
  • 帖子:112
  • 注册: 2006-06-25
  • 来自:
发表于: 2007-11-19 14:34 | 短消息 资料
字号: 5楼

什么网吧~~~不上还原吗?还是被穿透?
据体说明一下~~是系统盘被中毒还是别的盘符~~~或扫个日记~~
你们网吧管理员也太烂了吧~~都什么年代了
gototop
 
火影忍者
头像
横据古稀狮
  • 帖子:7855
  • 注册: 2006-06-29
  • 来自:火星
发表于: 2007-11-19 17:47 | 短消息 资料
字号: 6楼


下载 System Repair Engineer,
http://www.kztechs.com/sreng/download.html
1 解压缩sreng2.zip
2 运行SREngPS.exe
3 智能扫描=》扫描=》保存报告
4 把日志中的报告完整拷贝贴上来,不要修改
日志一次发不完,请分次发上来
gototop
 
zjhzlz
头像
初生襁褓狮
  • 帖子:8
  • 注册: 2007-11-15
  • 来自:
发表于: 2007-11-23 11:08 | 只看楼主 短消息 资料
字号: 7楼



2007-11-23,10:47:14

System Repair Engineer 2.5.16.900
Smallfrogs (http://www.KZTechs.com)

Windows Server 2003 Standard Edition Service Pack 1 (Build 3790) - 管理权限用户 - 完整功能

以下内容被选中:
    所有的启动项目(包括注册表、启动文件夹、服务等)
    浏览器加载项
    正在运行的进程(包括进程模块信息)
    文件关联
    Winsock 提供者
    Autorun.inf
    HOSTS 文件
    进程特权扫描


启动项目
注册表
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
    <ctfmon.exe><C:\WINDOWS\system32\ctfmon.exe>  [(Verified)Microsoft Windows Publisher]
[HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows]
    <load><>  [N/A]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
    <IMJPMIG8.1><"C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32>  [(Verified)Microsoft Windows Publisher]
    <IMEKRMIG6.1><C:\WINDOWS\ime\imkr6_1\IMEKRMIG.EXE>  [(Verified)Microsoft Windows Publisher]
    <PHIME2002ASync><C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC>  [(Verified)Microsoft Windows Publisher]
    <PHIME2002A><C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName>  [(Verified)Microsoft Windows Publisher]
    <ArpProtect><E:\tool\ndeermenu\ArpProtect.exe>  [Keiven Software.,Ltd]
    <GenProtect><C:\WINDOWS\bmolqa.exe>  []
    <AVPSrv><C:\WINDOWS\AVPSrv.exE>  [N/A]
    <DbgHlp32><C:\WINDOWS\DbgHlp32.exe>  []
    <WinSysM><C:\WINDOWS\235780M.exe>  []
    <LotusHlp><C:\WINDOWS\LotusHlp.exe>  []
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\RunOnce]
    <KKDelay><D:\Program Files\Rising\AntiSpyware\RunOnce.exe>  [Beijing Rising Technology Co., Ltd.]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run]
    <MSDCG32    ><LYLeador.exe>  [N/A]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
    <shell><Explorer.exe>  [(Verified)Microsoft Windows Publisher]
    <Userinit><C:\WINDOWS\system32\userinit.exe,>  [(Verified)Microsoft Windows Publisher]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Windows]
    <AppInit_DLLs><>  [N/A]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
    <UIHost><%SystemRoot%\system32\logonui.exe>  [(Verified)Microsoft Windows Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{2C7339CF-2B09-4501-B3F3-F3508C9228ED}]
    <Themes Setup><%SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll>  [N/A]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{44BBA840-CC51-11CF-AAFA-00AA00B6015C}]
    <Microsoft Outlook Express 6><"%ProgramFiles%\Outlook Express\setup50.exe" /APP:OE /CALLER:WINNT /user /install>  [N/A]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{44BBA842-CC51-11CF-AAFA-00AA00B6015B}]
    <NetMeeting 3.01><rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msnetmtg.inf,NetMtg.Install.PerUser.NT>  [(Verified)Microsoft Windows Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{6BF52A52-394A-11d3-B153-00C04F79FAA6}]
    <Microsoft Windows Media Player><rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\wmp.inf,PerUserStub>  [(Verified)Microsoft Windows Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{7790769C-0471-11d2-AF11-00C04FA35D02}]
    <通讯簿 6><"%ProgramFiles%\Outlook Express\setup50.exe" /APP:WAB /CALLER:WINNT /user /install>  [N/A]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{89B4C1CD-B018-4511-B0A1-5476DBF70820}]
    <N/A><C:\WINDOWS\system32\Rundll32.exe C:\WINDOWS\system32\mscories.dll,Install>  [(Verified)Microsoft Windows Publisher]

==================================
启动文件夹
[服务管理器]
  <C:\Documents and Settings\All Users\「开始」菜单\程序\启动\服务管理器.lnk --> C:\PROGRA~1\MICROS~1\80\Tools\Binn\sqlmangr.exe [Microsoft Corporation]><N>

==================================
服务
[A6560D5E / A6560D5E][Stopped/Auto Start]
  <C:\WINDOWS\system32\7C9EC208.EXE -k><Microsoft Corporation>
[Human Interface Device Access / HidServ][Stopped/Disabled]
  <C:\WINDOWS\System32\svchost.exe -k netsvcs-->%SystemRoot%\System32\hidserv.dll><N/A>
[MSSQLSERVER / MSSQLSERVER][Running/Auto Start]
  <C:\Program Files\Microsoft SQL Server\MSSQL\Binn\sqlservr.exe -sMSSQLSERVER><Microsoft Corporation>
[MSSQLServerADHelper / MSSQLServerADHelper][Stopped/Manual Start]
  <C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqladhlp.exe><Microsoft Corporation>
[NDClient / NDClient][Running/Auto Start]
  <D:\Program Files\Rainsoft\NetDetective\NDClient.exe><Rainsoft Company>
[NDUpgrade / NDUpgrade][Stopped/Disabled]
  <D:\Program Files\Rainsoft\NetDetective\NDUpgrade.exe><Rainsoft Company>
[NetDetective / NetDetective][Running/Auto Start]
  <D:\Program Files\Rainsoft\NetDetective\NetDetective.exe><Rainsoft Company>
[SQLSERVERAGENT / SQLSERVERAGENT][Stopped/Manual Start]
  <C:\Program Files\Microsoft SQL Server\MSSQL\Binn\sqlagent.EXE -i MSSQLSERVER><Microsoft Corporation>
[WbemCtrl / WbemCtrl][Running/Manual Start]
  <"D:\Program Files\Rainsoft\NetDetective\WbemCtrl.exe"><上海雨人软件开发有限公司>

==================================
驱动程序
[IP in IP Tunnel Driver / IpInIp][Stopped/Manual Start]
  <system32\DRIVERS\ipinip.sys><N/A>
[NetGroup Packet Filter Driver / NPF][Running/Manual Start]
  <system32\drivers\npf.sys><NetGroup - Politecnico di Torino>
[nv / nv][Running/Manual Start]
  <system32\DRIVERS\nv4_mini.sys><NVIDIA Corporation>
[Direct Parallel Link Driver / Ptilink][Running/Manual Start]
  <system32\DRIVERS\ptilink.sys><Parallel Technologies, Inc.>
[Realtek RTL8139(A/B/C)-based PCI Fast Ethernet Adapter NT Driver / rtl8139][Running/Manual Start]
  <system32\DRIVERS\RTL8139.SYS><Realtek Semiconductor Corporation>
[Secdrv / Secdrv][Stopped/Manual Start]
  <system32\DRIVERS\secdrv.sys><Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.>

==================================
浏览器加载项
[]
  {242F800B-2172-4659-A381-476B66E3DE2A} <C:\WINDOWS\system32\pavxbeyaornzr.dll, >
[FGCatchUrl]
  {2F364306-AA45-47B5-9F9D-39A8B94E7EF7} <d:\Program Files\FlashGet\jccatch.dll, www.flashget.com>
[FlashGet GetFlash Class]
  {F156768E-81EF-470C-9057-481BA8380DBA} <d:\Program Files\FlashGet\getflash.dll, www.flashget.com>
[快车]
  {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} <d:\Program Files\FlashGet\FlashGet.exe, FlashGet.com>
[AxReader Class]
  {B7E69D85-E810-468E-8BC8-83668F4CFA12} <C:\WINDOWS\Downloaded Program Files\RsAxReader.dll, 上海雨人软件开发有限公司>
[Shockwave Flash Object]
  {D27CDB6E-AE6D-11CF-96B8-444553540000} <C:\WINDOWS\system32\Macromed\Flash\Flash9e.ocx, Adobe Systems, Inc.>
[HTML Document]
  {25336920-03F9-11CF-8FD0-00AA00686F13} <%SystemRoot%\system32\mshtml.dll, N/A>
[WUWebControl Class]
  {6414512B-B978-451D-A0D8-FCFDF33E833C} <C:\WINDOWS\system32\wuweb.dll, Microsoft Corporation>
[SearchAssistantOC]
  {B45FF030-4447-11D2-85DE-00C04FA35C89} <%SystemRoot%\system32\shdocvw.dll, N/A>
[AxReader Class]
  {B7E69D85-E810-468E-8BC8-83668F4CFA12} <C:\WINDOWS\Downloaded Program Files\RsAxReader.dll, 上海雨人软件开发有限公司>
[RDS.DataSpace]
  {BD96C556-65A3-11D0-983A-00C04FC29E36} <C:\Program Files\Common Files\System\msadc\msadco.dll, Microsoft Corporation>
[DHTML Edit Control Safe for Scripting for IE6]
  {BF3FF9A2-AC03-40A1-BA0F-F31076325AA7} <C:\Program Files\Common Files\Microsoft Shared\Triedit\dhtmled.ocx, Microsoft Corporation>
[VIDEO__AVI Moniker Class]
  {CD3AFA88-B84F-48F0-9393-7EDC34128127} <C:\WINDOWS\system32\wmp.dll, Microsoft Corporation>
[VIDEO__X_MS_WMV Moniker Class]
  {CD3AFA94-B84F-48F0-9393-7EDC34128127} <C:\WINDOWS\system32\wmp.dll, Microsoft Corporation>
[Shockwave Flash Object]
  {D27CDB6E-AE6D-11CF-96B8-444553540000} <C:\WINDOWS\system32\Macromed\Flash\Flash9e.ocx, Adobe Systems, Inc.>
[XML HTTP Request]
  {ED8C108E-4349-11D2-91A4-00C04F7969E8} <C:\WINDOWS\system32\msxml3.dll, Microsoft Corporation>
[FGAutoLive]
  {F90D830D-C175-4bbe-82C7-FF94669A4C42} <d:\Program Files\FlashGet\fgupdate.dll, www.flashget.com>
[FGCatchUrl]
  {FB5DA724-162B-11D3-8B9B-AA70B4B0B524} <d:\Program Files\FlashGet\jccatch.dll, www.flashget.com>
[&使用快车(FlashGet)下载]
  <d:\Program Files\FlashGet\jc_link.htm, N/A>
[&使用快车(FlashGet)下载全部链接]
  <d:\Program Files\FlashGet\jc_all.htm, N/A>
gototop
 
zjhzlz
头像
初生襁褓狮
  • 帖子:8
  • 注册: 2007-11-15
  • 来自:
发表于: 2007-11-23 11:19 | 只看楼主 短消息 资料
字号: 8楼

正在运行的进程
[PID: 324 / SYSTEM][\SystemRoot\System32\smss.exe]  [Microsoft Corporation, 5.2.3790.1830 (srv03_sp1_rtm.050324-1447)]
[PID: 396 / SYSTEM][\??\C:\WINDOWS\system32\csrss.exe]  [Microsoft Corporation, 5.2.3790.0 (srv03_rtm.030324-2048)]
[PID: 1052 / SYSTEM][\??\C:\WINDOWS\system32\winlogon.exe]  [Microsoft Corporation, 5.2.3790.1830 (srv03_sp1_rtm.050324-1447)]
    [C:\WINDOWS\system32\198EB394.DLL]  [Microsoft Corporation, ]
[PID: 1096 / SYSTEM][C:\WINDOWS\system32\services.exe]  [Microsoft Corporation, 5.2.3790.1830 (srv03_sp1_rtm.050324-1447)]
    [C:\WINDOWS\system32\198EB394.DLL]  [Microsoft Corporation, ]
[PID: 1108 / SYSTEM][C:\WINDOWS\system32\lsass.exe]  [Microsoft Corporation, 5.2.3790.0 (srv03_rtm.030324-2048)]
    [C:\WINDOWS\system32\198EB394.DLL]  [Microsoft Corporation, ]
[PID: 1296 / SYSTEM][C:\WINDOWS\system32\svchost.exe]  [Microsoft Corporation, 5.2.3790.1830 (srv03_sp1_rtm.050324-1447)]
    [C:\WINDOWS\system32\198EB394.DLL]  [Microsoft Corporation, ]
[PID: 1376 / NETWORK SERVICE][C:\WINDOWS\system32\svchost.exe]  [Microsoft Corporation, 5.2.3790.1830 (srv03_sp1_rtm.050324-1447)]
[PID: 1428 / NETWORK SERVICE][C:\WINDOWS\system32\svchost.exe]  [Microsoft Corporation, 5.2.3790.1830 (srv03_sp1_rtm.050324-1447)]
[PID: 1456 / LOCAL SERVICE][C:\WINDOWS\system32\svchost.exe]  [Microsoft Corporation, 5.2.3790.1830 (srv03_sp1_rtm.050324-1447)]
[PID: 1488 / SYSTEM][C:\WINDOWS\System32\svchost.exe]  [Microsoft Corporation, 5.2.3790.1830 (srv03_sp1_rtm.050324-1447)]
    [C:\WINDOWS\system32\198EB394.DLL]  [Microsoft Corporation, ]
[PID: 1628 / SYSTEM][C:\WINDOWS\system32\spoolsv.exe]  [Microsoft Corporation, 5.2.3790.1830 (srv03_sp1_rtm.050324-1447)]
    [C:\WINDOWS\system32\198EB394.DLL]  [Microsoft Corporation, ]
[PID: 1652 / NETWORK SERVICE][C:\WINDOWS\system32\msdtc.exe]  [Microsoft Corporation, 2001.12.4720.1830 (srv03_sp1_rtm.050324-1447)]
[PID: 1904 / Administrator][C:\WINDOWS\Explorer.EXE]  [Microsoft Corporation, 6.00.3790.1830 (srv03_sp1_rtm.050324-1447)]
    [C:\WINDOWS\235780MM.DLL]  [N/A, ]
    [C:\WINDOWS\system32\DbgHlp32.dll]  [N/A, ]
    [C:\WINDOWS\system32\GenProtect.dll]  [N/A, ]
    [C:\WINDOWS\system32\LotusHlp.dll]  [N/A, ]
    [C:\WINDOWS\system32\198EB394.DLL]  [Microsoft Corporation, ]
[PID: 224 / SYSTEM][C:\WINDOWS\system32\inetsrv\inetinfo.exe]  [Microsoft Corporation, 6.0.3790.1830 (srv03_sp1_rtm.050324-1447)]
    [C:\WINDOWS\system32\198EB394.DLL]  [Microsoft Corporation, ]
[PID: 352 / SYSTEM][C:\Program Files\Microsoft SQL Server\MSSQL\Binn\sqlservr.exe]  [Microsoft Corporation, 2000.080.0760.00]
    [C:\Program Files\Microsoft SQL Server\MSSQL\Binn\OPENDS60.DLL]  [Microsoft Corporation, 2000.080.0194.00]
    [C:\Program Files\Microsoft SQL Server\MSSQL\Binn\UMS.DLL]  [Microsoft Corporation, 2000.080.0760.00]
    [C:\Program Files\Microsoft SQL Server\MSSQL\Binn\SQLSORT.DLL]  [Microsoft Corporation, 2000.080.0760.00]
    [C:\Program Files\Microsoft SQL Server\MSSQL\Binn\Resources\2052\sqlevn70.RLL]  [Microsoft Corporation, 2000.080.0760.00]
    [C:\Program Files\Microsoft SQL Server\MSSQL\binn\SSNETLIB.dll]  [Microsoft Corporation, 2000.080.0766.00]
    [C:\Program Files\Microsoft SQL Server\MSSQL\binn\SSNMPN70.dll]  [Microsoft Corporation, 2000.080.0534.00]
    [C:\Program Files\Microsoft SQL Server\MSSQL\Binn\SSmsLPCn.dll]  [Microsoft Corporation, 2000.080.0760.00]
    [C:\WINDOWS\system32\198EB394.DLL]  [Microsoft Corporation, ]
[PID: 404 / Administrator][C:\WINDOWS\system32\ctfmon.exe]  [Microsoft Corporation, 5.2.3790.1830 (srv03_sp1_rtm.050324-1447)]
    [C:\WINDOWS\system32\LotusHlp.dll]  [N/A, ]
    [C:\WINDOWS\system32\DbgHlp32.dll]  [N/A, ]
    [C:\WINDOWS\system32\GenProtect.dll]  [N/A, ]
    [C:\WINDOWS\system32\198EB394.DLL]  [Microsoft Corporation, ]
[PID: 424 / LOCAL SERVICE][C:\WINDOWS\system32\svchost.exe]  [Microsoft Corporation, 5.2.3790.1830 (srv03_sp1_rtm.050324-1447)]
[PID: 676 / Administrator][C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe]  [Microsoft Corporation, 2000.080.0760.00]
    [C:\WINDOWS\system32\SQLUNIRL.dll]  [Microsoft Corporation, 2000.080.0728.00]
    [C:\Program Files\Microsoft SQL Server\80\Tools\Binn\W95SCM.dll]  [Microsoft Corporation, 2000.080.0760.00]
    [C:\Program Files\Microsoft SQL Server\80\Tools\Binn\SQLSVC.dll]  [Microsoft Corporation, 2000.080.0760.00]
    [C:\WINDOWS\system32\odbcbcp.dll]  [Microsoft Corporation, 2000.086.1830.00 (srv03_sp1_rtm.050324-1447)]
    [C:\Program Files\Microsoft SQL Server\80\Tools\Binn\SQLRESLD.dll]  [Microsoft Corporation, 2000.080.0382.00]
    [C:\Program Files\Microsoft SQL Server\80\Tools\Binn\Resources\2052\SQLSVC.RLL]  [Microsoft Corporation, 2000.080.0194.00]
    [C:\Program Files\Microsoft SQL Server\80\Tools\Binn\Resources\2052\sqlmangr.RLL]  [Microsoft Corporation, 2000.080.0194.00]
    [C:\WINDOWS\system32\DbgHlp32.dll]  [N/A, ]
    [C:\WINDOWS\system32\GenProtect.dll]  [N/A, ]
    [C:\WINDOWS\system32\LotusHlp.dll]  [N/A, ]
    [C:\WINDOWS\system32\198EB394.DLL]  [Microsoft Corporation, ]
[PID: 756 / SYSTEM][C:\WINDOWS\System32\svchost.exe]  [Microsoft Corporation, 5.2.3790.1830 (srv03_sp1_rtm.050324-1447)]
    [C:\WINDOWS\system32\198EB394.DLL]  [Microsoft Corporation, ]
[PID: 856 / SYSTEM][D:\Program Files\Rainsoft\NetDetective\NDClient.exe]  [Rainsoft Company, 3.6.3.1]
    [C:\WINDOWS\system32\MFC71U.DLL]  [Microsoft Corporation, 7.10.3077.0]
    [C:\WINDOWS\system32\MSVCR71.dll]  [Microsoft Corporation, 7.10.3052.4]
    [C:\WINDOWS\system32\MSVCP71.dll]  [Microsoft Corporation, 7.10.3077.0]
    [C:\WINDOWS\system32\MFC71CHS.DLL]  [Microsoft Corporation, 7.10.3077.0]
    [D:\Program Files\Rainsoft\NetDetective\SecDll.dll]  [上海雨人软件开发有限公司, 3, 5, 1, 0]
    [C:\WINDOWS\system32\capicom.dll]  [Microsoft Corporation, 2, 0, 0, 1]
    [C:\Program Files\Common Files\System\Ole DB\sqloledb.dll]  [Microsoft Corporation, 2000.086.1830.00 (srv03_sp1_rtm.050324-1447)]
    [C:\WINDOWS\system32\DBNETLIB.DLL]  [Microsoft Corporation, 2000.086.1830 (srv03_sp1_rtm.050324-1447)]
    [C:\WINDOWS\system32\198EB394.DLL]  [Microsoft Corporation, ]
[PID: 1260 / SYSTEM][D:\Program Files\Rainsoft\NetDetective\NetDetective.exe]  [Rainsoft Company, 3.6.3.4]
    [D:\Program Files\Rainsoft\NetDetective\SecDll.dll]  [上海雨人软件开发有限公司, 3, 5, 1, 0]
    [C:\WINDOWS\system32\MSVCR71.dll]  [Microsoft Corporation, 7.10.3052.4]
    [C:\WINDOWS\system32\MFC71U.DLL]  [Microsoft Corporation, 7.10.3077.0]
    [C:\WINDOWS\system32\MSVCP71.dll]  [Microsoft Corporation, 7.10.3077.0]
    [D:\Program Files\Rainsoft\NetDetective\NDGetBuf2.dll]  [Rainsoft, 1, 0, 0, 3]
    [C:\WINDOWS\system32\wpcap.dll]  [NetGroup - Politecnico di Torino, 3, 1, 0, 23]
    [C:\WINDOWS\system32\packet.dll]  [NetGroup - Politecnico di Torino, 3, 1, 0, 23]
    [C:\WINDOWS\system32\WanPacket.dll]  [NetGroup - Politecnico di Torino, 3, 1, 0, 23]
    [C:\WINDOWS\system32\MFC71CHS.DLL]  [Microsoft Corporation, 7.10.3077.0]
    [C:\WINDOWS\system32\capicom.dll]  [Microsoft Corporation, 2, 0, 0, 1]
    [C:\Program Files\Common Files\System\Ole DB\sqloledb.dll]  [Microsoft Corporation, 2000.086.1830.00 (srv03_sp1_rtm.050324-1447)]
    [C:\WINDOWS\system32\DBNETLIB.DLL]  [Microsoft Corporation, 2000.086.1830 (srv03_sp1_rtm.050324-1447)]
    [C:\Program Files\Common Files\System\Ole DB\SQLOLEDB.RLL]  [Microsoft Corporation, 2000.086.1830.00 (srv03_sp1_rtm.050324-1447)]
[PID: 1372 / SYSTEM][C:\WINDOWS\System32\svchost.exe]  [Microsoft Corporation, 5.2.3790.1830 (srv03_sp1_rtm.050324-1447)]
[PID: 3164 / Administrator][C:\Program Files\Internet Explorer\iexplore.exe]  [Microsoft Corporation, 6.00.3790.1830 (srv03_sp1_rtm.050324-1447)]
    [C:\WINDOWS\system32\LotusHlp.dll]  [N/A, ]
    [C:\WINDOWS\system32\DbgHlp32.dll]  [N/A, ]
    [C:\WINDOWS\system32\GenProtect.dll]  [N/A, ]
gototop
 
zjhzlz
头像
初生襁褓狮
  • 帖子:8
  • 注册: 2007-11-15
  • 来自:
发表于: 2007-11-23 11:23 | 只看楼主 短消息 资料
字号: 9楼

[PID: 3208 / SYSTEM][c:\windows\system32\inetsrv\w3wp.exe]  [Microsoft Corporation, 6.0.3790.1830 (srv03_sp1_rtm.050324-1447)]
    [\\?\C:\WINDOWS\system32\inetsrv\asp.dll]  [Microsoft Corporation, 6.0.3790.1830 (srv03_sp1_rtm.050324-1447)]
    [D:\Program Files\Rainsoft\NetDetective\Nw3.dll]  [上海雨人软件开发有限公司, 3, 5, 1, 1]
    [D:\Program Files\Rainsoft\NetDetective\EnumHost.dll]  [Rainsoft Company, 3.5.0.0]
    [C:\WINDOWS\system32\MFC71U.DLL]  [Microsoft Corporation, 7.10.3077.0]
    [C:\WINDOWS\system32\MSVCR71.dll]  [Microsoft Corporation, 7.10.3052.4]
    [C:\WINDOWS\system32\MSVCP71.dll]  [Microsoft Corporation, 7.10.3077.0]
    [C:\WINDOWS\system32\MFC71CHS.DLL]  [Microsoft Corporation, 7.10.3077.0]
    [\\?\C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\aspnet_isapi.dll]  [Microsoft Corporation, 1.1.4322.2407]
    [C:\WINDOWS\system32\mscoree.dll]  [Microsoft Corporation, 2.0.50727.253 (QFE.050727-2500)]
    [c:\windows\assembly\gac\system.web\1.0.5000.0__b03f5f7f11d50a3a\system.web.dll]  [Microsoft Corporation, 1.1.4322.2407]
    [c:\windows\assembly\gac\system\1.0.5000.0__b77a5c561934e089\system.dll]  [Microsoft Corporation, 1.1.4322.2407]
    [c:\windows\assembly\gac\system.drawing\1.0.5000.0__b03f5f7f11d50a3a\system.drawing.dll]  [Microsoft Corporation, 1.1.4322.2300]
    [c:\windows\assembly\gac\system.xml\1.0.5000.0__b77a5c561934e089\system.xml.dll]  [Microsoft Corporation, 1.1.4322.2300]
    [c:\windows\assembly\gac\system.data\1.0.5000.0__b77a5c561934e089\system.data.dll]  [Microsoft Corporation, 1.1.4322.2300]
    [c:\windows\assembly\gac\system.enterpriseservices\1.0.5000.0__b03f5f7f11d50a3a\system.enterpriseservices.dll]  [Microsoft Corporation, 1.1.4322.2300]
    [c:\windows\assembly\gac\system.web.regularexpressions\1.0.5000.0__b03f5f7f11d50a3a\system.web.regularexpressions.dll]  [Microsoft Corporation, 1.1.4322.2300]
    [c:\windows\assembly\gac\microsoft.visualc\7.0.5000.0__b03f5f7f11d50a3a\microsoft.visualc.dll]  [Microsoft Corporation, 7.10.3052.4]
    [c:\windows\assembly\gac\system.directoryservices\1.0.5000.0__b03f5f7f11d50a3a\system.directoryservices.dll]  [Microsoft Corporation, 1.1.4322.2300]
    [c:\windows\assembly\gac\system.runtime.remoting\1.0.5000.0__b77a5c561934e089\system.runtime.remoting.dll]  [Microsoft Corporation, 1.1.4322.2300]
    [c:\windows\assembly\gac\system.runtime.serialization.formatters.soap\1.0.5000.0__b03f5f7f11d50a3a\system.runtime.serialization.formatters.soap.dll]  [Microsoft Corporation, 1.1.4322.2300]
    [c:\windows\assembly\gac\cscompmgd\7.0.5000.0__b03f5f7f11d50a3a\cscompmgd.dll]  [ , 7.10.3052.4]
    [c:\windows\assembly\gac\system.web.mobile\1.0.5000.0__b03f5f7f11d50a3a\system.web.mobile.dll]  [Microsoft Corporation, 1.1.4322.2300]
    [c:\windows\assembly\gac\system.design\1.0.5000.0__b03f5f7f11d50a3a\system.design.dll]  [Microsoft Corporation, 1.1.4322.2300]
    [c:\windows\assembly\gac\system.windows.forms\1.0.5000.0__b77a5c561934e089\system.windows.forms.dll]  [Microsoft Corporation, 1.1.4322.2300]
    [c:\windows\assembly\gac\accessibility\1.0.5000.0__b03f5f7f11d50a3a\accessibility.dll]  [Microsoft Corporation, 1.1.4322.573]
    [c:\windows\microsoft.net\framework\v1.1.4322\temporary asp.net files\root\c2b8acf4\ac69c8eb\2lz5ibup.dll]  [N/A, ]
    [c:\windows\microsoft.net\framework\v1.1.4322\temporary asp.net files\root\c2b8acf4\ac69c8eb\assembly\dl2\83ecb28e\00221740_e49dc601\rainsoft_oembar.dll]  [ , 1.0.2374.40553]
    [c:\windows\microsoft.net\framework\v1.1.4322\temporary asp.net files\root\c2b8acf4\ac69c8eb\assembly\dl2\f36247db\0017b758_e814c601\interop.nw3lib.dll]  [ , 1.0.0.0]
    [c:\windows\assembly\gac\system.enterpriseservices\1.0.5000.0__b03f5f7f11d50a3a\system.enterpriseservices.thunk.dll]  [Microsoft Corporation, 1.1.4322.2300]
    [C:\WINDOWS\system32\dbnetlib.dll]  [Microsoft Corporation, 2000.086.1830 (srv03_sp1_rtm.050324-1447)]
    [c:\windows\assembly\gac\mscorlib.resources\1.0.5000.0_zh-chs_b77a5c561934e089\mscorlib.resources.dll]  [Microsoft Corporation, 1.1.4322.573]
    [c:\windows\microsoft.net\framework\v1.1.4322\temporary asp.net files\root\c2b8acf4\ac69c8eb\wnke7hpk.dll]  [N/A, ]
    [c:\windows\microsoft.net\framework\v1.1.4322\temporary asp.net files\root\c2b8acf4\ac69c8eb\uttjnrkv.dll]  [N/A, ]
    [c:\windows\microsoft.net\framework\v1.1.4322\temporary asp.net files\root\c2b8acf4\ac69c8eb\assembly\dl2\f0b35f91\0087efbd_3a20c401\interop.capicom.dll]  [ , 2.0.0.0]
    [C:\WINDOWS\system32\capicom.dll]  [Microsoft Corporation, 2, 0, 0, 1]
    [c:\windows\microsoft.net\framework\v1.1.4322\temporary asp.net files\root\c2b8acf4\ac69c8eb\szyk9tll.dll]  [ , 0.0.0.0]
    [c:\windows\microsoft.net\framework\v1.1.4322\temporary asp.net files\root\c2b8acf4\ac69c8eb\abomhebj.dll]  [N/A, ]
    [c:\windows\microsoft.net\framework\v1.1.4322\temporary asp.net files\root\c2b8acf4\ac69c8eb\fmje5hdu.dll]  [N/A, ]
[PID: 2524 / SYSTEM][D:\Program Files\Rainsoft\NetDetective\WbemCtrl.exe]  [上海雨人软件开发有限公司, 3, 5, 1, 1]
    [D:\Program Files\Rainsoft\NetDetective\SecDll.dll]  [上海雨人软件开发有限公司, 3, 5, 1, 0]
    [C:\WINDOWS\system32\MSVCR71.dll]  [Microsoft Corporation, 7.10.3052.4]
    [C:\WINDOWS\system32\capicom.dll]  [Microsoft Corporation, 2, 0, 0, 1]
[PID: 2576 / NETWORK SERVICE][C:\WINDOWS\system32\wbem\wmiprvse.exe]  [Microsoft Corporation, 5.2.3790.1830 (srv03_sp1_rtm.050324-1447)]
[PID: 2692 / Administrator][D:\Downloads\sreng2\SREngPS.EXE]  [Smallfrogs Studio, 2.5.16.900]
    [C:\WINDOWS\system32\LotusHlp.dll]  [N/A, ]
    [C:\WINDOWS\system32\DbgHlp32.dll]  [N/A, ]
    [C:\WINDOWS\system32\GenProtect.dll]  [N/A, ]
[PID: 2776 / Administrator][C:\WINDOWS\system32\wuauclt.exe]  [Microsoft Corporation, 7.0.6000.381 (winmain(wmbla).070730-1740)]
[PID: 2812 / Administrator][D:\Downloads\sreng2\SREngPS.EXE]  [Smallfrogs Studio, 2.5.16.900]
    [C:\WINDOWS\system32\LotusHlp.dll]  [N/A, ]
    [C:\WINDOWS\system32\DbgHlp32.dll]  [N/A, ]
    [C:\WINDOWS\system32\GenProtect.dll]  [N/A, ]
    [D:\Downloads\sreng2\Upload\3rdUpd.DLL]  [Smallfrogs Studio, 2, 1, 0, 15]
gototop
 
zjhzlz
头像
初生襁褓狮
  • 帖子:8
  • 注册: 2007-11-15
  • 来自:
发表于: 2007-11-23 11:23 | 只看楼主 短消息 资料
字号: 10楼

文件关联
.TXT  OK. [%SystemRoot%\system32\NOTEPAD.EXE %1]
.EXE  OK. ["%1" %*]
.COM  OK. ["%1" %*]
.PIF  OK. ["%1" %*]
.REG  OK. [regedit.exe "%1"]
.BAT  OK. ["%1" %*]
.SCR  OK. ["%1" /S]
.CHM  OK. ["C:\WINDOWS\hh.exe" %1]
.HLP  OK. [%SystemRoot%\System32\winhlp32.exe %1]
.INI  OK. [%SystemRoot%\System32\NOTEPAD.EXE %1]
.INF  OK. [%SystemRoot%\System32\NOTEPAD.EXE %1]
.VBS  OK. [%SystemRoot%\System32\WScript.exe "%1" %*]
.JS  OK. [%SystemRoot%\System32\WScript.exe "%1" %*]
.LNK  OK. [{00021401-0000-0000-C000-000000000046}]

==================================
Winsock 提供者
N/A

==================================
Autorun.inf
[C:\]
[AutoRun]
open=auto.exe
shellexecute=auto.exe
shell\Auto\command=auto.exe
[D:\]
[AutoRun]
open=auto.exe
shellexecute=auto.exe
shell\Auto\command=auto.exe
[E:\]
[AutoRun]
open=auto.exe
shellexecute=auto.exe
shell\Auto\command=auto.exe

==================================
HOSTS 文件
127.0.0.1      localhost

==================================
进程特权扫描
N/A

==================================
API HOOK
N/A

==================================
隐藏进程
N/A

==================================


[/CODE]
gototop
 
<<上一主题|下一主题>>
12   1  /  2  页   跳转
页面顶部
Powered by Discuz!NT