瑞星卡卡安全论坛技术交流区反病毒/反流氓软件论坛 高手帮忙看看,是不是中了什么木马?

1   1  /  1  页   跳转

[求助] 高手帮忙看看,是不是中了什么木马?

收藏
ajinn
头像
初生襁褓狮
  • 帖子:2
  • 注册: 2008-06-10
  • 来自:
发表于: 2008-06-10 17:25 | 只看楼主 短消息 资料
字号: 1楼

高手帮忙看看,是不是中了什么木马?

迅雷5不能运行,运行一下就没任何反应了,重装迅雷也没有用。
TM2008Beta也不能运行,运行就出现初始化错误提示。

[复制到剪贴板]
CODE:
2008-06-10,11:42:40
System Repair Engineer 2.5.16.900
Smallfrogs ([url]http://www.KZTechs.com[/url])
Windows XP Professional Service Pack 3 (Build 2600) - 管理权限用户 - 完整功能
以下内容被选中:
    所有的启动项目(包括注册表、启动文件夹、服务等)
    浏览器加载项
    正在运行的进程(包括进程模块信息)
    文件关联
    Winsock 提供者
    Autorun.inf
    HOSTS 文件
    进程特权扫描

启动项目
注册表
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
    <ctfmon.exe><C:\WINDOWS\system32\ctfmon.exe>  [(Verified)Microsoft Windows Component Publisher]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
    <IgfxTray><C:\WINDOWS\system32\igfxtray.exe>  [(Verified)Microsoft Windows Component Publisher]
    <HotKeysCmds><C:\WINDOWS\system32\hkcmd.exe>  [(Verified)Microsoft Windows Component Publisher]
    <HControl><C:\WINDOWS\ATK0100\HControl.exe>  [(Verified)Microsoft Windows Component Publisher]
    <SoundMan><SOUNDMAN.EXE>  [(Verified)Microsoft Corporation]
    <nod32kui><C:\Program Files\ESET\nod32kui.exe /WAITSERVICE>  [Eset ]
    <360Safetray><d:\360safe\safemon\360tray.exe /start>  [(Verified)Qizhi Software (beijing) Co. Ltd]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
    <shell><Explorer.exe>  [(Verified)Microsoft Windows Component Publisher]
    <Userinit><C:\WINDOWS\system32\userinit.exe,>  [(Verified)Microsoft Windows Component Publisher]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Windows]
    <AppInit_DLLs><>  [N/A]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
    <UIHost><logonui.exe>  [(Verified)Microsoft Corporation]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\<{12d0ed0d-0ee0-4f90-8827-78cefb8f4988}]
    <IE7 Uninstall Stub><C:\WINDOWS\system32\ieudinit.exe>  [(Verified)Microsoft Windows Component Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\>{26923b43-4d38-484f-9b9e-de460746276c}]
    <Internet Explorer><%systemroot%\system32\shmgrate.exe OCInstallUserConfigIE>  [N/A]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\>{881dd1c5-3dcf-431b-b061-f3f88e8be88a}]
    <Outlook Express><%systemroot%\system32\shmgrate.exe OCInstallUserConfigOE>  [N/A]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{2C7339CF-2B09-4501-B3F3-F3508C9228ED}]
    <Themes Setup><%SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll>  [N/A]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{44BBA840-CC51-11CF-AAFA-00AA00B6015C}]
    <Microsoft Outlook Express 6><"%ProgramFiles%\Outlook Express\setup50.exe" /APP:OE /CALLER:WINNT /user /install>  [N/A]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{44BBA842-CC51-11CF-AAFA-00AA00B6015B}]
    <NetMeeting 3.01><rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msnetmtg.inf,NetMtg.Install.PerUser.NT>  [(Verified)Microsoft Windows Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{5945c046-1e7d-11d1-bc44-00c04fd912be}]
    <Windows Messenger 4.7><rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msmsgs.inf,BLC.QuietInstall.PerUser>  [(Verified)Microsoft Windows Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{6BF52A52-394A-11d3-B153-00C04F79FAA6}]
    <Microsoft Windows Media Player><rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\wmp10.inf,PerUserStub>  [(Verified)Microsoft Windows Component Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{7790769C-0471-11d2-AF11-00C04FA35D02}]
    <通讯簿 6><"%ProgramFiles%\Outlook Express\setup50.exe" /APP:WAB /CALLER:WINNT /user /install>  [N/A]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{89B4C1CD-B018-4511-B0A1-5476DBF70820}]
    <N/A><C:\WINDOWS\system32\Rundll32.exe C:\WINDOWS\system32\mscories.dll,Install>  [Microsoft Corporation]
==================================
启动文件夹
N/A
==================================
服务
[Human Interface Device Access / HidServ][Stopped/Auto Start]
  <C:\WINDOWS\System32\svchost.exe -k netsvcs-->%SystemRoot%\System32\hidserv.dll><N/A>
[MySQL / MySQL][Stopped/Manual Start]
  <"C:\Program Files\MySQL\MySQL Server 5.0\bin\mysqld-nt" --defaults-file="C:\Program Files\MySQL\MySQL Server 5.0\my.ini" MySQL><N/A>
[NOD32 Kernel Service / NOD32krn][Running/Auto Start]
  <C:\Program Files\ESET\nod32krn.exe><Eset>
[Kerio Personal Firewall / PersFw][Running/Auto Start]
  <"C:\Program Files\Kerio\Personal Firewall\persfw.exe"><Kerio Technologies>
[Remote Packet Capture Protocol v.0 (experimental) / rpcapd][Stopped/Manual Start]
  <"C:\Program Files\WinPcap\rpcapd.exe" -d -f "C:\Program Files\WinPcap\rpcapd.ini"><CACE Technologies>
[PC Tools Auxiliary Service / sdAuxService][Stopped/Manual Start]
  <C:\Program Files\Spyware Doctor\pctsAuxs.exe><PC Tools>
[PC Tools Security Service / sdCoreService][Stopped/Manual Start]
  <C:\Program Files\Spyware Doctor\pctsSvc.exe><PC Tools>
[Automatic Updates / wuauserv][Stopped/Disabled]
  <C:\WINDOWS\System32\svchost.exe -k netsvcs-->C:\WINDOWS\system32\wuauserv.dll><N/A>
==================================
驱动程序
[AEGIS Protocol (IEEE 802.1x) v3.4.3.0 / AegisP][Running/Auto Start]
  <system32\DRIVERS\AegisP.sys><Meetinghouse Data Communications>
[Service for Realtek AC97 Audio (WDM) / ALCXWDM][Running/Manual Start]
  <system32\drivers\ALCXWDM.SYS><Realtek Semiconductor Corp.>
[amon / amon][Running/Auto Start]
  <\??\C:\WINDOWS\system32\drivers\amon.sys><Eset>
[ASUS 802.11网络适配卡驱动程序 / BCM43XX][Stopped/Manual Start]
  <system32\DRIVERS\bcmwl5.sys><Broadcom Corporation>
[CSNPD51 NDIS Protocol Driver / CSNPD51][Stopped/Manual Start]
  <System32\Drivers\CSNPD51.sys><Colasoft Co., Ltd.>
[CSNPD51a64 NDIS Protocol Driver / CSNPD51a64][Stopped/Manual Start]
  <System32\Drivers\CSNPD51a64.sys><N/A>
[CSTDIDRV / CSTDIDRV][Stopped/Manual Start]
  <System32\Drivers\CSTDI50.sys><N/A>
[Kerio Personal Firewall Driver / fwdrv][Running/System Start]
  <system32\Drivers\fwdrv.sys><N/A>
[ialm / ialm][Running/Manual Start]
  <system32\DRIVERS\ialmnt5.sys><Intel Corporation>
[File Security Driver / IKFileSec][Stopped/Manual Start]
  <\SystemRoot\system32\drivers\ikfilesec.sys><PCTools Research Pty Ltd.>
[System Filter Driver / IKSysFlt][Stopped/Manual Start]
  <system32\drivers\iksysflt.sys><PCTools Research Pty Ltd.>
[System Security Driver / IKSysSec][Stopped/Manual Start]
  <system32\drivers\iksyssec.sys><PCTools Research Pty Ltd.>
[KQEMU virtualisation module for QEMU / kqemu][Stopped/Manual Start]
  <system32\DRIVERS\kqemu.sys><N/A>
[ATK0100 ACPI UTILITY / MTsensor][Running/Manual Start]
  <system32\DRIVERS\ATKACPI.sys><>
[nod32drv / nod32drv][Running/System Start]
  <\??\C:\WINDOWS\system32\drivers\nod32drv.sys><N/A>
[NetGroup Packet Filter Driver / NPF][Stopped/Manual Start]
  <system32\drivers\npf.sys><CACE Technologies>
[npkcrypt / npkcrypt][Stopped/Auto Start]
  <\??\d:\Tencent\TM\TMDlls\npkcrypt.sys><N/A>
[Direct Parallel Link Driver / Ptilink][Running/Manual Start]
  <system32\DRIVERS\ptilink.sys><Parallel Technologies, Inc.>
[Realtek RTL8139(A/B/C)-based PCI Fast Ethernet Adapter NT Driver / rtl8139][Running/Manual Start]
  <system32\DRIVERS\RTL8139.SYS><Realtek Semiconductor Corporation>
[Secdrv / Secdrv][Stopped/Manual Start]
  <system32\DRIVERS\secdrv.sys><Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.>
==================================
浏览器加载项
[Thunder Browser Helper]
  {889D2FEB-5411-4565-8998-1DD2C5261283} <C:\Program Files\Thunder\ComDlls\XunLeiBHO_007.dll, Thunder Networking Technologies,LTD>
[SafeMon Class]
  {B69F34DD-F0F9-42DC-9EDD-957187DA688D} <d:\360safe\safemon\safemon.dll, 360.CN>
[MiniFlashGetBHO]
  {C74E94A7-B7BD-4891-9328-455395BCC7AD} <C:\Program Files\FlashGet Mini\libMiniBHO.dll, FlashGet Inc>
[启动迅雷5]
  {09BA8F6D-CB54-424B-839C-C2A6C8E6B436} <, N/A>
[PPLive]
  {95B3F550-91C4-4627-BCC4-521288C52977} <C:\Program Files\PPLive\PPLive.exe, N/A>
[]
  {e2e2dd38-d088-4134-82b7-f2ba38496583} <%windir%\Network Diagnostic\xpnetdiag.exe, N/A>
[Messenger]
  {FB5F1910-F110-11d2-BB9E-00C04F795683} <C:\Program Files\Messenger\msmsgs.exe, Microsoft Corporation>
[ICBC Security Ctrl]
  {5AB9367B-DD7F-411D-A030-DF7DE5E17AAE} <C:\WINDOWS\DOWNLO~1\NETBAN~1.OCX, Industrial and Commercial Bank of China>
[AxInputControl Class]
  {73E4740C-08EB-4133-896B-8D0A7C9EE3CD} <C:\WINDOWS\DOWNLO~1\CONFLICT.1\INPUTC~1.DLL, >
[AxSubmitControl Class]
  {8D9E0B29-563C-4226-86C1-5FF2AE77E1D2} <C:\WINDOWS\DOWNLO~1\CONFLICT.1\SUBMIT~1.DLL, >
[XML DOM Document]
  {2933BF90-7B36-11D2-B20E-00C04F983E60} <C:\WINDOWS\system32\msxml3.dll, Microsoft Corporation>
[Microsoft Terminal Services Client Control (redist)]
  {4eb89ff4-7f78-4a0f-8b8d-2bf02e94e4b2} <%systemroot%\system32\mstscax.dll, N/A>
[Microsoft Terminal Services Client Control (redist)]
  {4EDCB26C-D24C-4e72-AF07-B576699AC0DE} <%systemroot%\system32\mstscax.dll, N/A>
[Windows Media Player]
  {6BF52A52-394A-11D3-B153-00C04F79FAA6} <C:\WINDOWS\system32\wmp.dll, Microsoft Corporation>
[Microsoft Terminal Services Client Control (redist)]
  {7390f3d8-0439-4c05-91e3-cf5cb290c3d0} <%systemroot%\system32\mstscax.dll, N/A>
[Microsoft Terminal Services Client Control (redist)]
  {7584c670-2274-4efb-b00b-d6aaba6d3850} <%systemroot%\system32\mstscax.dll, N/A>
[Thunder Browser Helper]
  {889D2FEB-5411-4565-8998-1DD2C5261283} <C:\Program Files\Thunder\ComDlls\XunLeiBHO_007.dll, Thunder Networking Technologies,LTD>
[XML DOM 文档 5.0]
  {88D969E5-F192-11D4-A65F-0040963251E5} <C:\Program Files\Common Files\Microsoft Shared\OFFICE11\MSXML5.DLL, Microsoft Corporation>
[Microsoft Terminal Services Client Control (redist)]
  {9059f30f-4eb1-4bd2-9fdc-36f43a218f4a} <%systemroot%\system32\mstscax.dll, N/A>
[SafeMon Class]
  {B69F34DD-F0F9-42DC-9EDD-957187DA688D} <d:\360safe\safemon\safemon.dll, 360.CN>
[MiniFlashGetBHO]
  {C74E94A7-B7BD-4891-9328-455395BCC7AD} <C:\Program Files\FlashGet Mini\libMiniBHO.dll, FlashGet Inc>
[Shockwave Flash Object]
  {D27CDB6E-AE6D-11CF-96B8-444553540000} <C:\WINDOWS\system32\Macromed\Flash\Flash9f.ocx, Adobe Systems, Inc.>
[XML HTTP]
  {F6D90F16-9C73-11D3-B32E-00C04F990BB4} <C:\WINDOWS\system32\msxml3.dll, Microsoft Corporation>
[使用迅雷下载]
  <C:\Program Files\Thunder\Program\geturl.htm, N/A>
[导出到 Microsoft Office Excel(&X)]
  <res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000, N/A>
==================================


用户系统信息:Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; .NET CLR 2.0.50727; TheWorld)

附件附件:

文件名:SREngLOG.log
下载次数:122
文件类型:application/octet-stream
文件大小:
上传时间:2008-6-10 17:25:18
描述:log
分享到:
gototop
 
ajinn
头像
初生襁褓狮
  • 帖子:2
  • 注册: 2008-06-10
  • 来自:
发表于: 2008-06-10 17:27 | 只看楼主 短消息 资料
字号: 2楼

回复: 高手帮忙看看,是不是中了什么木马?



[复制到剪贴板]
CODE:
==================================
正在运行的进程
[PID: 404][\SystemRoot\System32\smss.exe]  [Microsoft Corporation, 5.1.2600.5512 (xpsp.080413-2111)]
[PID: 456][\??\C:\WINDOWS\system32\csrss.exe]  [Microsoft Corporation, 5.1.2600.5512 (xpsp.080413-2111)]
[PID: 480][\??\C:\WINDOWS\system32\winlogon.exe]  [Microsoft Corporation, 5.1.2600.5512 (xpsp.080413-2113)]
    [C:\WINDOWS\system32\msacm32.drv]  [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)]
    [C:\WINDOWS\system32\igfxsrvc.dll]  [Intel Corporation, 3.0.0.3865]
    [C:\WINDOWS\system32\hccutils.DLL]  [Intel Corporation, 3.0.0.3865]
[PID: 528][C:\WINDOWS\system32\services.exe]  [Microsoft Corporation, 5.1.2600.5512 (xpsp.080413-2111)]
    [C:\WINDOWS\AppPatch\AcAdProc.dll]  [Microsoft Corporation, 5.1.2600.5512 (xpsp.080413-2105)]
[PID: 540][C:\WINDOWS\system32\lsass.exe]  [Microsoft Corporation, 5.1.2600.5512 (xpsp.080413-2113)]
[PID: 716][C:\WINDOWS\system32\svchost.exe]  [Microsoft Corporation, 5.1.2600.5512 (xpsp.080413-2111)]
[PID: 780][C:\WINDOWS\system32\svchost.exe]  [Microsoft Corporation, 5.1.2600.5512 (xpsp.080413-2111)]
    [C:\WINDOWS\system32\imon.dll]  [Eset , 2, 70, 39 ]
    [C:\Program Files\ESET\pr_imon.dll]  [N/A, ]
[PID: 828][C:\WINDOWS\System32\svchost.exe]  [Microsoft Corporation, 5.1.2600.5512 (xpsp.080413-2111)]
    [C:\WINDOWS\system32\Normaliz.dll]  [Microsoft Corporation, 6.0.5441.0 (winmain(wmbla).060628-1735)]
    [C:\WINDOWS\system32\iertutil.dll]  [Microsoft Corporation, 7.00.6000.16640 (vista_gdr.080213-1606)]
    [C:\WINDOWS\system32\imon.dll]  [Eset , 2, 70, 39 ]
    [C:\Program Files\ESET\pr_imon.dll]  [N/A, ]
[PID: 904][C:\WINDOWS\system32\svchost.exe]  [Microsoft Corporation, 5.1.2600.5512 (xpsp.080413-2111)]
    [C:\WINDOWS\system32\imon.dll]  [Eset , 2, 70, 39 ]
    [C:\Program Files\ESET\pr_imon.dll]  [N/A, ]
[PID: 988][C:\WINDOWS\system32\spoolsv.exe]  [Microsoft Corporation, 5.1.2600.5512 (xpsp.080413-0852)]
    [C:\WINDOWS\system32\ZLhp1020.DLL]  [Zenographics, Inc., 5, 60, 425, 0]
    [C:\WINDOWS\System32\spool\PRTPROCS\W32X86\IMFPrint.DLL]  [Zenographics, Inc., 5, 54, 330, 0]
    [C:\WINDOWS\system32\Imf32.dll]  [Zenographics, Inc., 5, 60, 1204, 0]
    [C:\WINDOWS\system32\ZTAG32.dll]  [Zenographics, Inc., 5, 60, 1210, 0]
    [C:\WINDOWS\system32\ZSPOOL.dll]  [Zenographics, Inc., 6, 1, 1, 0]
    [C:\WINDOWS\System32\spool\PRTPROCS\W32X86\mdippr.dll]  [Microsoft Corporation, 11.3.8166.2]
    [C:\WINDOWS\System32\spool\PRTPROCS\W32X86\vprproc.dll]  [Windows (R) 2000 DDK provider, 5.00.2195.1620]
    [C:\WINDOWS\System32\spool\PRTPROCS\W32X86\ZIMFPrnt.DLL]  [Zenographics, Inc., 6, 1, 1, 0]
    [C:\WINDOWS\system32\ZIMF.dll]  [Zenographics, Inc., 5, 70, 616, 0]
    [C:\WINDOWS\system32\ZTAG.dll]  [Zenographics, Inc., 5, 60, 1210, 0]
[PID: 1072][C:\Program Files\ESET\nod32krn.exe]  [Eset , 2, 70, 39 ]
    [C:\Program Files\ESET\nod32krr.dll]  [Eset , 2, 70, 39 ]
    [C:\Program Files\ESET\ps_amon.dll]  [Eset , 2, 70, 39 ]
    [C:\Program Files\ESET\pr_amon.dll]  [Eset , 2, 70, 39 ]
    [C:\Program Files\ESET\ps_dmon.dll]  [Eset , 2, 70, 39 ]
    [C:\Program Files\ESET\pr_dmon.dll]  [N/A, ]
    [C:\Program Files\ESET\ps_emon.dll]  [Eset , 2, 70, 39 ]
    [C:\Program Files\ESET\pr_emon.dll]  [N/A, ]
    [C:\WINDOWS\system32\imon.dll]  [Eset , 2, 70, 39 ]
    [C:\Program Files\ESET\pr_imon.dll]  [N/A, ]
    [C:\Program Files\ESET\ps_nod32.dll]  [Eset , 2, 70, 39 ]
    [C:\Program Files\ESET\pr_nod32.dll]  [Eset , 2, 70, 39 ]
    [C:\Program Files\ESET\ps_upd.dll]  [Eset , 2, 70, 39 ]
    [C:\Program Files\ESET\pr_upd.dll]  [N/A, ]
[PID: 1084][C:\Program Files\Kerio\Personal Firewall\persfw.exe]  [Kerio Technologies, 2, 1, 5, 0]
    [C:\WINDOWS\system32\imon.dll]  [Eset , 2, 70, 39 ]
    [C:\Program Files\ESET\pr_imon.dll]  [N/A, ]
    [D:\360safe\safemon\safemon.dll]  [360.CN, 4, 1, 5, 1001]
[PID: 864][C:\WINDOWS\Explorer.EXE]  [Microsoft Corporation, 6.00.2900.5512 (xpsp.080413-2105)]
    [C:\WINDOWS\system32\Normaliz.dll]  [Microsoft Corporation, 6.0.5441.0 (winmain(wmbla).060628-1735)]
    [C:\WINDOWS\system32\iertutil.dll]  [Microsoft Corporation, 7.00.6000.16640 (vista_gdr.080213-1606)]
    [C:\WINDOWS\system32\ieframe.dll]  [Microsoft Corporation, 7.00.6000.16640 (vista_gdr.080213-1606)]
    [D:\360safe\safemon\safemon.dll]  [360.CN, 4, 1, 5, 1001]
    [C:\Program Files\OpenOffice.org 2.4\program\shlxthdl.dll]  [Sun Microsystems, Inc., 2.03]
    [C:\Program Files\OpenOffice.org 2.4\program\MSVCR71.dll]  [Microsoft Corporation, 7.10.3052.4]
    [C:\Program Files\OpenOffice.org 2.4\program\stlport_vc7145.dll]  [STLport Consulting, Inc., 4.5.2003.0120]
    [C:\Program Files\OpenOffice.org 2.4\program\MSVCP71.dll]  [Microsoft Corporation, 7.10.3077.0]
    [C:\WINDOWS\system32\msacm32.drv]  [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)]
    [C:\WINDOWS\system32\igfxpph.dll]  [Intel Corporation, 3.0.0.3865]
    [C:\WINDOWS\system32\hccutils.DLL]  [Intel Corporation, 3.0.0.3865]
    [C:\Program Files\Thunder\ComDlls\XunLeiBHO_007.dll]  [Thunder Networking Technologies,LTD, 5, 0, 1, 4]
    [C:\Program Files\Microsoft Office\OFFICE11\msohev.dll]  [Microsoft Corporation, 11.0.5510]
    [C:\Program Files\WinRAR\rarext.dll]  [N/A, ]
    [C:\Program Files\Notepad++\nppcm.dll]  [Burgaud.com, 1.2.1]
    [C:\Program Files\ESET\nodshex.dll]  [N/A, ]
    [C:\Program Files\Vim\vim64\gvimext.dll]  [Tianmiao Hu's Developer Studio, 1, 0, 0, 1]
    [C:\Program Files\7-Zip\7-zip.dll]  [Igor Pavlov, 4.57]
[PID: 520][C:\WINDOWS\system32\hkcmd.exe]  [Intel Corporation, 3.0.0.3865]
    [C:\WINDOWS\system32\hccutils.DLL]  [Intel Corporation, 3.0.0.3865]
    [C:\WINDOWS\system32\igfxdev.dll]  [Intel Corporation, 3.0.0.3865]
    [C:\WINDOWS\system32\igfxsrvc.dll]  [Intel Corporation, 3.0.0.3865]
    [C:\WINDOWS\system32\igfxhk.dll]  [Intel Corporation, 3.0.0.3865]
    [C:\WINDOWS\system32\igfxres.dll]  [Intel Corporation, 3.0.0.3865]
    [D:\360safe\safemon\safemon.dll]  [360.CN, 4, 1, 5, 1001]
[PID: 776][C:\WINDOWS\ATK0100\HControl.exe]  [, 1043, 2, 15, 50]
    [C:\WINDOWS\ATK0100\CMSSC.dll]  [N/A, ]
    [C:\WINDOWS\ATK0100\inter_f2.dll]  [ATK, 1043, 2, 15, 46]
    [C:\WINDOWS\ATK0100\ATKWLIOC.DLL]  [ACTIONTEC Electronics,Inc, 2.01.02]
    [C:\WINDOWS\ATK0100\SiSPkt.dll]  [Silicon Integrated Systems Corp., 1, 0, 0, 45]
    [D:\360safe\safemon\safemon.dll]  [360.CN, 4, 1, 5, 1001]
    [C:\WINDOWS\system32\msacm32.drv]  [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)]
[PID: 1864][C:\WINDOWS\SOUNDMAN.EXE]  [Realtek Semiconductor Corp., 5.1.0.34]
[PID: 1928][C:\Program Files\ESET\nod32kui.exe]  [Eset , 2, 70, 39 ]
    [C:\Program Files\ESET\nod32rui.dll]  [N/A, ]
    [D:\360safe\safemon\safemon.dll]  [360.CN, 4, 1, 5, 1001]
    [C:\Program Files\ESET\pu_amon.dll]  [Eset , 2, 70, 39 ]
    [C:\Program Files\ESET\pr_amon.dll]  [Eset , 2, 70, 39 ]
    [C:\Program Files\ESET\pu_dmon.dll]  [Eset , 2, 70, 39 ]
    [C:\Program Files\ESET\pr_dmon.dll]  [N/A, ]
    [C:\Program Files\ESET\pu_emon.dll]  [Eset , 2, 70, 39 ]
    [C:\Program Files\ESET\pr_emon.dll]  [N/A, ]
    [C:\Program Files\ESET\pu_imon.dll]  [Eset , 2, 70, 39 ]
    [C:\Program Files\ESET\pr_imon.dll]  [N/A, ]
    [C:\Program Files\ESET\pu_nod32.dll]  [Eset , 2, 70, 39 ]
    [C:\Program Files\ESET\pr_nod32.dll]  [Eset , 2, 70, 39 ]
    [C:\Program Files\ESET\pu_upd.dll]  [Eset , 2, 70, 39 ]
    [C:\Program Files\ESET\pr_upd.dll]  [N/A, ]
[PID: 1904][D:\360safe\safemon\360tray.exe]  [奇虎网, 4, 1, 8, 1002]
    [C:\WINDOWS\system32\iertutil.dll]  [Microsoft Corporation, 7.00.6000.16640 (vista_gdr.080213-1606)]
    [C:\WINDOWS\system32\Normaliz.dll]  [Microsoft Corporation, 6.0.5441.0 (winmain(wmbla).060628-1735)]
    [D:\360safe\safemon\safemon.dll]  [360.CN, 4, 1, 5, 1001]
    [D:\360safe\safemon\SafeKrnl.dll]  [奇虎网, 4, 1, 8, 1001]
    [D:\360safe\AntiAdwa.dll]  [360Safe.com, 4, 1, 5, 1001]
    [D:\360safe\live.dll]  [360.cn, 1, 0, 1, 1027]
    [C:\WINDOWS\system32\imon.dll]  [Eset , 2, 70, 39 ]
    [C:\Program Files\ESET\pr_imon.dll]  [N/A, ]
[PID: 172][C:\WINDOWS\system32\ctfmon.exe]  [Microsoft Corporation, 5.1.2600.5512 (xpsp.080413-2105)]
    [D:\360safe\safemon\safemon.dll]  [360.CN, 4, 1, 5, 1001]
[PID: 1028][C:\WINDOWS\ATK0100\ATKOSD.exe]  [, 1043, 2, 15, 49]
    [D:\360safe\safemon\safemon.dll]  [360.CN, 4, 1, 5, 1001]
[PID: 1164][C:\Program Files\TheWorld 2.0\TheWorld.exe]  [Phoenix Studio, 2, 1, 2, 4]
    [C:\WINDOWS\system32\Normaliz.dll]  [Microsoft Corporation, 6.0.5441.0 (winmain(wmbla).060628-1735)]
    [C:\WINDOWS\system32\iertutil.dll]  [Microsoft Corporation, 7.00.6000.16640 (vista_gdr.080213-1606)]
    [D:\360safe\safemon\safemon.dll]  [360.CN, 4, 1, 5, 1001]
    [C:\WINDOWS\system32\ieframe.dll]  [Microsoft Corporation, 7.00.6000.16640 (vista_gdr.080213-1606)]
    [C:\Program Files\Common Files\Microsoft Shared\OFFICE11\MSOXMLMF.DLL]  [Microsoft Corporation, 11.0.5510]
    [C:\WINDOWS\system32\imon.dll]  [Eset , 2, 70, 39 ]
    [C:\Program Files\ESET\pr_imon.dll]  [N/A, ]
    [C:\WINDOWS\system32\SOGOUPY.IME]  [Sohu.com Inc., 2, 0, 0, 1]
    [C:\WINDOWS\system32\dllMergeDict.dll]  [N/A, ]
    [C:\Program Files\SogouInput\Plugin\SgImeWord.dll]  [, 1, 0, 0, 31]
    [C:\WINDOWS\system32\msacm32.drv]  [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)]
    [C:\Program Files\Internet Explorer\ieproxy.dll]  [Microsoft Corporation, 7.00.5730.13 (longhorn(wmbla).070711-1130)]
    [C:\WINDOWS\system32\Macromed\Flash\Flash9f.ocx]  [Adobe Systems, Inc., 9,0,124,0]
    [C:\WINDOWS\system32\mscoree.dll]  [Microsoft Corporation, 2.0.50727.42 (RTM.050727-4200)]
    [C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorie.dll]  [Microsoft Corporation, 2.0.50727.42 (RTM.050727-4200)]
[PID: 1396][C:\WINDOWS\system32\conime.exe]  [Microsoft Corporation, 5.1.2600.5512 (xpsp.080413-2105)]
    [D:\360safe\safemon\safemon.dll]  [360.CN, 4, 1, 5, 1001]
[PID: 1240][C:\Program Files\Microsoft Office\OFFICE11\WINWORD.EXE]  [Microsoft Corporation, 11.0.8202]
    [C:\Program Files\Common Files\Microsoft Shared\office11\mso.dll]  [Microsoft Corporation, 11.0.6568]
    [D:\360safe\safemon\safemon.dll]  [360.CN, 4, 1, 5, 1001]
    [C:\Program Files\Common Files\Microsoft Shared\office11\riched20.dll]  [Microsoft Corporation, 5.50.99.2010]
    [C:\WINDOWS\system32\SOGOUPY.IME]  [Sohu.com Inc., 2, 0, 0, 1]
    [C:\WINDOWS\system32\dllMergeDict.dll]  [N/A, ]
    [C:\Program Files\SogouInput\Plugin\SgImeWord.dll]  [, 1, 0, 0, 31]
    [C:\Program Files\Microsoft Office\OFFICE11\msostyle.dll]  [Microsoft Corporation, 11.0.5510]
    [C:\Program Files\Microsoft Office\OFFICE11\GdiPlus.DLL]  [Microsoft Corporation, 6.0.3275.0]
    [C:\PROGRA~1\COMMON~1\MICROS~1\SMARTT~1\INTLNAME.DLL]  [Microsoft Corporation, 11.0.6467]
    [C:\Program Files\Common Files\Microsoft Shared\PROOF\mslid.dll]  [Microsoft Corporation, 1.0.2305]
    [C:\Program Files\Common Files\Microsoft Shared\Smart Tag\CHDATEST.DLL]  [Microsoft Corporation, 2.00]
    [C:\WINDOWS\system32\MSVBVM60.DLL]  [Microsoft Corporation, 6.00.9802]
    [C:\Program Files\Common Files\Microsoft Shared\Smart Tag\Chinese Measurement Converter\CHMETCNV.DLL]  [Microsoft Corp., 1.00]
    [C:\PROGRA~1\COMMON~1\MICROS~1\SMARTT~1\FNAME.DLL]  [Microsoft Corporation, 11.0.5510]
    [C:\PROGRA~1\COMMON~1\MICROS~1\SMARTT~1\2052\stintl.dll]  [Microsoft Corporation, 11.0.5510]
    [C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\ZSDNT5UI.DLL]  [Zenographics, Inc., 0, 3, 2911, 1]
    [C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\ZSDDM.DLL]  [Zenographics, Inc., 6, 20, 1611, 0]
    [C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\ZSPOOL.dll]  [Zenographics, Inc., 6, 1, 1, 0]
    [C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\ZGDI.dll]  [Zenographics, Inc., 5, 60, 709, 0]
    [C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\ZTAG.dll]  [Zenographics, Inc., 5, 60, 1210, 0]
    [C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\ZSDDMUI.DLL]  [Zenographics, Inc., 6, 2, 411, 0]
    [C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\ZSR.dll]  [Zenographics, Inc., 6, 20, 1625, 0]
    [C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\ZIMFDRV.DLL]  [Zenographics, Inc., 0, 3, 5209, 0]
    [C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\ZIMF.dll]  [Zenographics, Inc., 5, 70, 616, 0]
    [C:\WINDOWS\system32\Normaliz.dll]  [Microsoft Corporation, 6.0.5441.0 (winmain(wmbla).060628-1735)]
    [C:\WINDOWS\system32\iertutil.dll]  [Microsoft Corporation, 7.00.6000.16640 (vista_gdr.080213-1606)]
[PID: 1232][C:\Program Files\WinRAR\WinRAR.exe]  [N/A, ]
    [D:\360safe\safemon\safemon.dll]  [360.CN, 4, 1, 5, 1001]
    [C:\WINDOWS\system32\Audiodev.dll]  [Microsoft Corporation, 5.2.3802.3802 built by: dnsrv(bld4act)]
    [C:\WINDOWS\system32\iertutil.dll]  [Microsoft Corporation, 7.00.6000.16640 (vista_gdr.080213-1606)]
    [C:\WINDOWS\system32\Normaliz.dll]  [Microsoft Corporation, 6.0.5441.0 (winmain(wmbla).060628-1735)]
    [C:\WINDOWS\system32\ieframe.dll]  [Microsoft Corporation, 7.00.6000.16640 (vista_gdr.080213-1606)]
[PID: 1348][C:\DOCUME~1\why\LOCALS~1\Temp\Rar$EX00.813\sreng2\SREngPS.EXE]  [Smallfrogs Studio, 2.5.16.900]
    [C:\WINDOWS\system32\Normaliz.dll]  [Microsoft Corporation, 6.0.5441.0 (winmain(wmbla).060628-1735)]
    [C:\WINDOWS\system32\iertutil.dll]  [Microsoft Corporation, 7.00.6000.16640 (vista_gdr.080213-1606)]
    [D:\360safe\safemon\safemon.dll]  [360.CN, 4, 1, 5, 1001]
    [C:\DOCUME~1\why\LOCALS~1\Temp\Rar$EX00.813\sreng2\Upload\3rdUpd.DLL]  [Smallfrogs Studio, 2, 1, 0, 15]
    [C:\DOCUME~1\why\LOCALS~1\Temp\Rar$EX00.813\sreng2\Plugins\NTFSTREAM.SRE]  [Smallfrogs Studio, 1, 0, 0, 5]
==================================
文件关联
.TXT  Error. [C:\WINDOWS\notepad.exe %1]
.EXE  OK. ["%1" %*]
.COM  OK. ["%1" %*]
.PIF  OK. ["%1" %*]
.REG  OK. [regedit.exe "%1"]
.BAT  OK. ["%1" %*]
.SCR  OK. ["%1" /S]
.CHM  Error. ["hh.exe" %1]
.HLP  OK. [%SystemRoot%\System32\winhlp32.exe %1]
.INI  Error. [C:\WINDOWS\System32\NOTEPAD.EXE %1]
.INF  OK. [%SystemRoot%\System32\NOTEPAD.EXE %1]
.VBS  OK. [%SystemRoot%\System32\WScript.exe "%1" %*]
.JS  OK. [%SystemRoot%\System32\WScript.exe "%1" %*]
.LNK  OK. [{00021401-0000-0000-C000-000000000046}]
==================================
Winsock 提供者
NOD32 protected [MSAFD Tcpip [TCP/IP]]
    C:\WINDOWS\system32\imon.dll(Eset , NOD32 IMON - Internet scanning support)
NOD32 protected [MSAFD Tcpip [UDP/IP]]
    C:\WINDOWS\system32\imon.dll(Eset , NOD32 IMON - Internet scanning support)
NOD32 protected [MSAFD Tcpip [RAW/IP]]
    C:\WINDOWS\system32\imon.dll(Eset , NOD32 IMON - Internet scanning support)
NOD32 protected [RSVP UDP Service Provider]
    C:\WINDOWS\system32\imon.dll(Eset , NOD32 IMON - Internet scanning support)
NOD32 protected [RSVP TCP Service Provider]
    C:\WINDOWS\system32\imon.dll(Eset , NOD32 IMON - Internet scanning support)
NOD32
    C:\WINDOWS\system32\imon.dll(Eset , NOD32 IMON - Internet scanning support)
==================================
Autorun.inf
N/A
==================================
HOSTS 文件
127.0.0.1      localhost
==================================
进程特权扫描
特殊特权被允许: SeLoadDriverPrivilege [PID = 1164, C:\PROGRAM FILES\THEWORLD 2.0\THEWORLD.EXE]
特殊特权被允许: SeLoadDriverPrivilege [PID = 1232, C:\PROGRAM FILES\WINRAR\WINRAR.EXE]
==================================
API HOOK
N/A
==================================
隐藏进程
N/A
==================================
gototop
 
天月来了
头像
版主
  • 帖子:76904
  • 注册: 2007-02-06
  • 来自:
发表于: 2008-06-10 17:31 | 短消息 资料
字号: 3楼

回复:高手帮忙看看,是不是中了什么木马?

日志 没看出什么

可能系统已经不够稳定了

能还原系统,就试着还原吧
百年以后,你的墓碑旁 刻着的名字不是我
gototop
 
<<上一主题|下一主题>>
1   1  /  1  页   跳转
页面顶部
Powered by Discuz!NT