12   1  /  2  页   跳转

[求助] 灰鸽子病毒

收藏
Qualityman
头像
初生襁褓狮
  • 帖子:9
  • 注册: 2009-11-11
  • 来自:
发表于: 2009-11-11 16:55 | 只看楼主 短消息 资料
字号: 1楼

灰鸽子病毒

最近安装了一个程序,突然在任务栏上出现了一个图标灰色的电脑,显示Graypigeon,请问各位高手,我的电脑是不是感染了灰鸽子病毒,用瑞星提供的专杀工具,提示没检测到病毒,请高手指点!



用户系统信息:Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.0; Maxthon; .NET CLR 2.0.50727)
分享到:
gototop
 
帅哥阿福
头像
雄霸杖朝狮
  • 帖子:21071
  • 注册: 2006-03-29
  • 来自:米兰
论坛8周年活动礼物祖国六十华诞09欢乐圣诞
发表于: 2009-11-11 16:57 | 短消息 资料
字号: 2楼

回复:灰鸽子病毒

扫SRENG日志后,将扫描结果以附件形式发这论坛来
下载SRENG工具:http://www.kztechs.com/sreng/download.html
SRENG工具的扫描日志操作,看这贴2楼:http://bbs.ikaka.com/showtopic-8442813.aspx
╭∩╮(︶︿︶)╭∩╮
gototop
 
Qualityman
头像
初生襁褓狮
  • 帖子:9
  • 注册: 2009-11-11
  • 来自:
发表于: 2009-11-12 08:41 | 只看楼主 短消息 资料
字号: 3楼

回复:灰鸽子病毒

[CODE]

2009-11-12,08:32:07

System Repair Engineer 2.8.1.1279
Smallfrogs (http://www.KZTechs.com)

Windows 2000 Professional Service Pack 4 (Build 2195) - Administrative User - Completed Functions Allowed

Follow item(s) have been selected:
    All Boot Items (Including Registry, Startup Folders, Services and so on)
    Browser Add-ons
    Running Processes (Including process model information)
    File Associations
    Winsock Provider
    Autorun.Inf
    HOSTS File
    Process Privileges Scan
    Scheduled Tasks
    Windows Security Update Check
    API HOOK
    Hidden Process


Boot Items
Registry
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
    <ctfmon.exe><ctfmon.exe>  [Microsoft Corporation]
    <ISUSPM><"C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe" -scheduler>  [(Verified)Macrovision Corporation]
[HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows]
    <load><>  [N/A]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
    <Synchronization Manager><mobsync.exe /logon>  [(Verified)Microsoft Windows 2000 Publisher]
    <IMSCMig><C:\PROGRA~1\COMMON~1\MICROS~1\IME\IMSC40A\IMSCMIG.EXE /Preload>  [(Verified)Microsoft Corporation]
    <StormCodec_Helper><"C:\Program Files\Ringz Studio\Storm Codec\StormSet.exe" /S /opti>  []
    <IEAN><G:\Program Files\PDF阅读器\iean.e>  [File is missing]
    <UnlockerAssistant><"C:\Program Files\Unlocker\UnlockerAssistant.exe">  [File is missing]
    <IntelAPMClient><"C:\Program Files\LANDesk\LDClient\amclient.exe" /apm /s /ro /Retry=2 /Tspan=60 /Rstart>  [LANDesk Software, Ltd.]
    <SDClientMonitor><"C:\Program Files\LANDesk\LDClient\webportal\sdclientmonitor.exe">  [LANDesk Software, Ltd.]
    <SunJavaUpdateSched><"C:\Program Files\Java\j2re1.4.2_15\bin\jusched.exe">  []
    <ShStatEXE><"C:\Program Files\McAfee\VirusScan Enterprise\SHSTAT.EXE" /STANDALONE>  [(Verified)"McAfee, Inc."]
    <McAfeeUpdaterUI><"C:\Program Files\Network Associates\Common Framework\udaterui.exe" /StartedFromRunKey>  [(Verified)"McAfee, Inc."]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
    <shell><Explorer.exe>  [(Verified)Microsoft Windows 2000 Publisher]
    <Userinit><C:\WINNT\System32\userinit.exe,>  [(Verified)Microsoft Windows 2000 Publisher]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Windows]
    <AppInit_DLLs><>  [N/A]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
    <{AEB6717E-7E19-11d0-97EE-00C04FD91972}><shell32.dll>  [(Verified)Microsoft Windows Component Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
    <Network.ConnectionTray><C:\WINNT\system32\NETSHELL.dll>  [(Verified)Microsoft Windows 2000 Publisher]
    <WebCheck><%SystemRoot%\System32\webcheck.dll>  [(Verified)Microsoft Windows Component Publisher]
    <SysTray><stobject.dll>  [(Verified)Microsoft Windows 2000 Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\crypt32chain]
    <WinlogonNotify: crypt32chain><crypt32.dll>  [(Verified)Microsoft Windows 2000 Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\cryptnet]
    <WinlogonNotify: cryptnet><cryptnet.dll>  [(Verified)Microsoft Windows 2000 Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\cscdll]
    <WinlogonNotify: cscdll><cscdll.dll>  [(Verified)Microsoft Windows 2000 Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\sclgntfy]
    <WinlogonNotify: sclgntfy><sclgntfy.dll>  [(Verified)Microsoft Windows 2000 Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\SensLogn]
    <WinlogonNotify: SensLogn><WlNotify.dll>  [(Verified)Microsoft Windows 2000 Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\wzcnotif]
    <WinlogonNotify: wzcnotif><wzcdlg.dll>  [(Verified)Microsoft Windows 2000 Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler]
    <{438755C2-A8BA-11D1-B96B-00A0C90312E1}><%SystemRoot%\System32\browseui.dll>  [(Verified)Microsoft Windows Component Publisher]
    <{8C7461EF-2B13-11d2-BE35-3078302C2030}><%SystemRoot%\System32\browseui.dll>  [(Verified)Microsoft Windows Component Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\>{22d6f312-b0f6-11d0-94ab-0080c74c7e95}]
    <Windows Media Player><C:\WINNT\inf\unregmp2.exe /ShowWMP>  [(Verified)Microsoft Windows Component Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\>{26923b43-4d38-484f-9b9e-de460746276c}]
    <Internet Explorer Access><"C:\WINNT\system32\shmgrate.exe" OCInstallUserConfigIE>  [File is missing]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\>{60B49E34-C7CC-11D0-8953-00A0C90347FF}MICROS]
    <自定义浏览器><RunDLL32 IEDKCS32.DLL,BrandIE4 SIGNUP>  [(Verified)Microsoft Windows Component Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\>{881dd1c5-3dcf-431b-b061-f3f88e8be88a}]
    <Outlook Express Access><"C:\WINNT\system32\shmgrate.exe" OCInstallUserConfigOE>  [File is missing]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{44BBA840-CC51-11CF-AAFA-00AA00B6015C}]
    <Microsoft Outlook Express 6><"%ProgramFiles%\Outlook Express\setup50.exe" /APP:OE /CALLER:WINNT /user /install>  [File is missing]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{44BBA842-CC51-11CF-AAFA-00AA00B6015B}]
    <NetMeeting 3.01><rundll32.exe advpack.dll,LaunchINFSection C:\WINNT\INF\msnetmtg.inf,NetMtg.Install.PerUser.NT>  [(Verified)Microsoft Windows 2000 Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{6A5110B5-E14B-4268-A065-EF89FF33C325}]
    <EnableRevocation><regsvr32.exe /s /n /i:"S 2 true 3 true 4 true 5 true 6 true 7 true" initpki.dll>  [(Verified)Microsoft Windows 2000 Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{6BF52A52-394A-11d3-B153-00C04F79FAA6}]
    <Microsoft Windows Media Player><rundll32.exe advpack.dll,LaunchINFSection C:\WINNT\INF\wmp.inf,PerUserStub>  []
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{7790769C-0471-11d2-AF11-00C04FA35D02}]
    <Address Book 5><"%ProgramFiles%\Outlook Express\setup50.exe" /APP:WAB /CALLER:WINNT /user /install>  [File is missing]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{89820200-ECBD-11cf-8B85-00AA005B4340}]
    <Windows Desktop Update><regsvr32.exe /s /n /i:U shell32.dll>  [(Verified)Microsoft Windows 2000 Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{89820200-ECBD-11cf-8B85-00AA005B4383}]
    <Internet Explorer 6><%SystemRoot%\System32\ie4uinit.exe>  [(Verified)Microsoft Windows Component Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{89B4C1CD-B018-4511-B0A1-5476DBF70820}]
    <N/A><C:\WINNT\system32\Rundll32.exe C:\WINNT\system32\mscories.dll,Install>  [Microsoft Corporation]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{9EF0045A-CDD9-438e-95E6-02B9AFEC8E11}]
    <CRLUpdate><%SystemRoot%\System32\updcrl.exe -e -u %SystemRoot%\System32\verisignpub1.crl>  [File is missing]
[HKEY_CURRENT_USER\Control Panel\Desktop]
    <SCRNSAVE.EXE><C:\WINNT\system32\星夜.SCR>  [Acme Photo Software]

==================================
gototop
 
Qualityman
头像
初生襁褓狮
  • 帖子:9
  • 注册: 2009-11-11
  • 来自:
发表于: 2009-11-12 08:42 | 只看楼主 短消息 资料
字号: 4楼

回复:灰鸽子病毒

==================================
Startup Folders
[Microsoft Office]
  <C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Microsoft Office.lnk --> C:\PROGRA~1\MICROS~4\Office\OSA9.EXE [Microsoft Corporation]><N>

==================================
Services
[AutoExNT / AutoExNT][Stopped/Auto Start]
  <C:\WINNT\system32\AutoExNT.Exe><N/A>
[LANDesk(R) Management Agent / CBA8][Running/Auto Start]
  <"C:\Program Files\LANDesk\Shared Files\residentagent.exe"><LANDesk Software, Ltd.>
[CLKPCI_UNIT0 / CLKPCI_UNIT0][Stopped/Manual Start]
  <C:\Program Files\OMRON\FinsServerNT\bin\clkpciunit00.exe><(File is missing)>
[CLK_UNIT0 / CLK_UNIT0][Stopped/Manual Start]
  <C:\Program Files\OMRON\FinsServerNT\bin\clkunit.exe><(File is missing)>
[CPU_UNIT / CPU_UNIT][Stopped/Manual Start]
  <C:\Program Files\OMRON\FinsServerNT\bin\CpuUnit.exe><(File is missing)>
[CS1BUS_UNIT0 / CS1BUS_UNIT0][Stopped/Manual Start]
  <C:\Program Files\OMRON\FinsServerNT\bin\Cs1BusUnit0.exe><(File is missing)>
[CS1BUS_UNIT1 / CS1BUS_UNIT1][Stopped/Manual Start]
  <C:\Program Files\OMRON\FinsServerNT\bin\Cs1BusUnit1.exe><(File is missing)>
[CS1BUS_UNIT2 / CS1BUS_UNIT2][Stopped/Manual Start]
  <C:\Program Files\OMRON\FinsServerNT\bin\Cs1BusUnit2.exe><(File is missing)>
[CS1BUS_UNIT3 / CS1BUS_UNIT3][Stopped/Manual Start]
  <C:\Program Files\OMRON\FinsServerNT\bin\Cs1BusUnit3.exe><(File is missing)>
[CS1SYS_UNIT0 / CS1SYS_UNIT0][Stopped/Manual Start]
  <C:\Program Files\OMRON\FinsServerNT\bin\Cs1SysUnit0.exe><(File is missing)>
[CS1SYS_UNIT1 / CS1SYS_UNIT1][Stopped/Manual Start]
  <C:\Program Files\OMRON\FinsServerNT\bin\Cs1SysUnit1.exe><(File is missing)>
[CS1SYS_UNIT2 / CS1SYS_UNIT2][Stopped/Manual Start]
  <C:\Program Files\OMRON\FinsServerNT\bin\Cs1SysUnit2.exe><(File is missing)>
[CS1SYS_UNIT3 / CS1SYS_UNIT3][Stopped/Manual Start]
  <C:\Program Files\OMRON\FinsServerNT\bin\Cs1SysUnit3.exe><(File is missing)>
[Logical Disk Manager Administrative Service / dmadmin][Stopped/Manual Start]
  <C:\WINNT\System32\dmadmin.exe /com><VERITAS Software Corp.>
[DameWare Mini Remote Control / DWMRCS][Running/Auto Start]
  <C:\WINNT\SYSTEM32\DWRCS.EXE -service><DameWare Development>
[FgwSocketProxy / FgwSocketProxy][Stopped/Manual Start]
  <C:\Program Files\OMRON\FinsServerNT\bin\FgwSocketProxy.exe><(File is missing)>
[Google Updater Service / gusvc][Stopped/Manual Start]
  <"C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe"><Google>
[Intel Local Scheduler Service / Intel Local Scheduler Service][Running/Auto Start]
  <"C:\Program Files\LANDesk\LDClient\LocalSch.EXE"><LANDesk Software, Ltd.>
[Intel PDS / Intel PDS][Running/Auto Start]
  <C:\WINNT\system32\CBA\pds.exe><LANDesk Software Ltd.>
[LANDesk Targeted Multicast / Intel Targeted Multicast][Running/Auto Start]
  <C:\Program Files\LANDesk\LDClient\tmcsvc.exe><LANDesk Software, Ltd.>
[LANDesk Remote Control Service / ISSUSER][Running/Auto Start]
  <C:\PROGRA~1\LANDesk\LDClient\issuser.exe /SERVICE><LANDesk Software, Ltd.>
[ji / ji][Stopped/Auto Start]
  <C:\WINNT\Hacker.com.cn.exe><N/A>
[MapAgent / MapAgent][Stopped/Manual Start]
  <C:\Program Files\OMRON\FinsServerNT\bin\MapAgent.exe><(File is missing)>
[McAfee Engine Service / McAfeeEngineService][Running/Auto Start]
  <"C:\Program Files\McAfee\VirusScan Enterprise\engineserver.exe"><McAfee, Inc.>
[McAfee Framework Service / McAfeeFramework][Running/Auto Start]
  <"C:\Program Files\Network Associates\Common Framework\FrameworkService.exe" /ServiceStart><McAfee, Inc.>
[McAfee McShield / McShield][Running/Auto Start]
  <"C:\Program Files\McAfee\VirusScan Enterprise\Mcshield.exe"><McAfee, Inc.>
[McAfee Task Manager / McTaskManager][Running/Auto Start]
  <"C:\Program Files\McAfee\VirusScan Enterprise\VsTskMgr.exe"><McAfee, Inc.>
[McAfee Validation Trust Protection Service / mfevtp][Running/Auto Start]
  <C:\WINNT\system32\mfevtps.exe><McAfee, Inc.>
[Multi-user Cleanup Service / Multi-user Cleanup Service][Running/Auto Start]
  <"C:\Program Files\lotus\notes\ntmulti.exe"><IBM Corp>
[NameSpaceServer / NameSpaceServer][Stopped/Auto Start]
  <C:\Program Files\OMRON\FinsServerNT\bin\NsServer.exe><(File is missing)>
[SLKPCI_UNIT0 / SLKPCI_UNIT0][Stopped/Manual Start]
  <C:\Program Files\OMRON\FinsServerNT\bin\slkpciunit00.exe><(File is missing)>
[LANDesk(R) Software Monitoring Service / Softmon][Running/Auto Start]
  <"C:\Program Files\LANDesk\LDClient\softmon.exe"><LANDesk Software, Ltd.>
[SysmacBoard Unit / SysmacBoard Unit][Stopped/Manual Start]
  <C:\Program Files\OMRON\FinsServerNT\bin\SmapUnit.exe><(File is missing)>
[SysmacLink Unit / SysmacLink Unit][Stopped/Manual Start]
  <C:\Program Files\OMRON\FinsServerNT\bin\slkcons.exe><(File is missing)>
[VNC Server Version 4 / WinVNC4][Stopped/Auto Start]
  <"C:\Program Files\RealVNC\VNC4\WinVNC4.exe" -service><RealVNC Ltd.>
[Portable Media Serial Number Service / WmdmPmSN][Stopped/Manual Start]
  <C:\WINNT\System32\svchost.exe -k netsvcs-->C:\WINNT\System32\mspmsnsv.dll><Microsoft Corporation>

==================================
Drivers
[Advantech PCI1710 Device / ADS1710S][Stopped/Auto Start]
  <System32\Drivers\ADS1710S.sys><N/A>
[Advantech PCI1733 Device / ADS1733S][Running/Auto Start]
  <System32\Drivers\ADS1733S.sys><Advantech Automation Corp.>
[C-Dilla / C-Dilla][Stopped/Manual Start]
  <\??\C:\WINNT\system32\drivers\CDANT.SYS><N/A>
[Cdsys / Cdsys][Stopped/Manual Start]
  <\??\C:\WINNT\system32\cdcd.sys><N/A>
[Controller Link / Controller Link][Stopped/Manual Start]
  <\SystemRoot\System32\Drivers\ntclk.sys><Windows (R) 2000 DDK provider>
[cs1sys / cs1sys][Stopped/Manual Start]
  <\SystemRoot\System32\Drivers\cs1sys.sys><Omron>
[dmboot / dmboot][Stopped/Disabled]
  <System32\drivers\dmboot.sys><VERITAS Software Corp.>
[Logical Disk Manager Driver / dmio][Running/Boot Start]
  <\SystemRoot\System32\drivers\dmio.sys><VERITAS Software Corp.>
[dmload / dmload][Running/Boot Start]
  <\SystemRoot\System32\drivers\dmload.sys><VERITAS Software Corp.>
[Intel(R) PRO/1000 Adapter Driver / E1000][Running/Manual Start]
  <System32\DRIVERS\e1000nt5.sys><Intel Corporation>
[HWiNFO32 核心驱动程序 / HWiNFO32][Running/Auto Start]
  <\??\C:\Program Files\HWiNFO32\HWiNFO32.SYS><REALiX(tm)>
[ialm / ialm][Running/Manual Start]
  <System32\DRIVERS\ialmnt5.sys><Intel Corporation>
[ibsdbeo1hq / ibsdbeo1hq][Stopped/Auto Start]
  <\??\C:\WINNT\system32\drivers\ibsdbeo1hq.sys><N/A>
[IdeBusDr / IdeBusDr][Running/Boot Start]
  <\SystemRoot\system32\DRIVERS\IdeBusDr.sys><Intel Corporation>
[Intel(R) Ultra ATA Controller / IdeChnDr][Running/Boot Start]
  <\SystemRoot\system32\DRIVERS\IdeChnDr.sys><Intel Corporation>
[Intel Remote Control Helper / Intel Remote Control Helper][Stopped/Manual Start]
  <\SystemRoot\system32\drivers\rch.sys><N/A>
[Screen Blanking driver for Remote Control / ldblank][Running/Manual Start]
  <system32\DRIVERS\ldblank.sys><LANDesk Software, Ltd.>
[ldmirror / ldmirror][Running/Manual Start]
  <system32\DRIVERS\ldmirror.sys><LANDesk Software, Ltd.>
[McAfee Inc. mfeapfk / mfeapfk][Running/Manual Start]
  <system32\drivers\mfeapfk.sys><McAfee, Inc.>
[McAfee Inc. mfeavfk / mfeavfk][Running/Manual Start]
  <system32\drivers\mfeavfk.sys><McAfee, Inc.>
[McAfee Inc. mfebopk / mfebopk][Running/Manual Start]
  <system32\drivers\mfebopk.sys><McAfee, Inc.>
[McAfee Inc. mfehidk / mfehidk][Running/Boot Start]
  <\SystemRoot\system32\drivers\mfehidk.sys><McAfee, Inc.>
[McAfee Inc. mferkdet / mferkdet][Stopped/Manual Start]
  <system32\drivers\mferkdet.sys><McAfee, Inc.>
[VSCore mferkdk / mferkdk][Stopped/System Start]
  <\??\C:\Program Files\McAfee\VirusScan Enterprise\mferkdk.sys><N/A>
[McAfee Inc. mfetdik / mfetdik][Running/System Start]
  <system32\drivers\mfetdik.sys><McAfee, Inc.>
[Mirror Filter Driver for Uninstall / mirrorflt][Running/Manual Start]
  <system32\DRIVERS\mirrorflt.sys><LANDesk Software, Ltd.>
[npkcrypt / npkcrypt][Running/Auto Start]
  <\??\C:\Program Files\Tencent\qq\npkcrypt.sys><INCA Internet Co., Ltd.>
[ntcs1pci / ntcs1pci][Stopped/Manual Start]
  <\SystemRoot\System32\Drivers\ntcs1pci.sys><Omron>
[Upper Class Filter Driver / NTIDrvr][Running/System Start]
  <system32\DRIVERS\NTIDrvr.sys><NewTech Infosystems, Inc.>
[OMCI / OMCI][Running/System Start]
  <\SystemRoot\SYSTEM32\DRIVERS\OMCI.SYS><Dell Computer Corporation>
[oreans32 / oreans32][Running/System Start]
  <\??\C:\WINNT\system32\drivers\oreans32.sys><N/A>
[Direct Parallel Link Driver / Ptilink][Running/Manual Start]
  <System32\DRIVERS\ptilink.sys><Parallel Technologies, Inc.>
[PxHelp20 / PxHelp20][Running/Boot Start]
  <\SystemRoot\system32\DRIVERS\PxHelp20.sys><Sonic Solutions>
[s1utai / s1utai7][Stopped/Boot Start]
  <\SystemRoot\System32\DRIVERS\s1utai7.sys><N/A>
[Prolific Serial port driver / Ser2pl][Stopped/Manual Start]
  <system32\DRIVERS\ser2pl.sys><Prolific Technology Inc.>
[smwdm / smwdm][Running/Manual Start]
  <system32\drivers\smwdm.sys><Analog Devices, Inc.>
[Sony Memory Stick Driver(SONYPVM1) / SONYPVM1][Running/Boot Start]
  <\SystemRoot\system32\DRIVERS\SONYPVM1.SYS><Sony Corporation>
[Sony USB Filter Driver (SONYPVU1) / SONYPVU1][Stopped/Manual Start]
  <system32\DRIVERS\SONYPVU1.SYS><Sony Corporation>
[sysHostSvc / sysHostSvc][Running/Auto Start]
  <\??\C:\WINNT\system32\drivers\GuiHelp.sys><Microsoft Corporation>
[SysmacBoard / SysmacBoard][Stopped/Manual Start]
  <\SystemRoot\System32\Drivers\SmapNT.sys><N/A>
[SysmacLink / SysmacLink][Stopped/Manual Start]
  <\SystemRoot\System32\Drivers\ntslk.sys><Microsoft Corporation>
[Intel(R) Graphics Platform (SoftBIOS) Driver / {6080A529-897E-4629-A488-ABA0C29B635E}][Running/System Start]
  <system32\drivers\ialmsbw.sys><Intel Corporation>
[Intel(R) Graphics Chipset (KCH) Driver / {D31A0762-0CEB-444e-ACFF-B049A1F6FE91}][Running/Manual Start]
  <system32\drivers\ialmkchw.sys><Intel Corporation>

==================================
gototop
 
Qualityman
头像
初生襁褓狮
  • 帖子:9
  • 注册: 2009-11-11
  • 来自:
发表于: 2009-11-12 08:44 | 只看楼主 短消息 资料
字号: 5楼

回复:灰鸽子病毒

Browser Add-ons
[ThunderAtOnce Class]
  {01443AEC-0FD1-40fd-9C87-E93D1494C233} <C:\Program Files\Thunder Network\Thunder\ComDlls\TDAtOnce_Now.dll, (Signed) Thunder Networking Technologies,LTD>
[Thunder Browser Helper]
  {06849E9E-C8D7-4D59-B87D-784B7D6BE0B3} <C:\Program Files\Thunder Network\Thunder\ComDlls\xunleiBHO_Now.dll, (Signed) Thunder Networking Technologies,LTD>
[scriptproxy]
  {7DB2D5A0-7241-4E79-B68D-6309F01C5231} <C:\Program Files\McAfee\VirusScan Enterprise\scriptsn.dll, (Signed) McAfee, Inc.>
[]
  {CAE05C12-C151-11D4-9B88-0000B4C2C1C0} <C:\WINNT\system32\regsvr32.exe, (Signed) Microsoft Corporation>
[Web Browser Applet Control]
  {08B0E5C0-4FCB-11CF-AAA5-00401C608501} <C:\WINNT\system32\msjava.dll, Microsoft Corporation>
[启动迅雷5]
  {09BA8F6D-CB54-424B-839C-C2A6C8E6B436} <C:\Program Files\Thunder Network\Thunder\Thunder.exe, Thunder Networking Technologies,LTD>
[Instant Messenger]
  {0F7DE07D-BD74-4991-9D5F-ECBB8391875D} <http://cn.rd.yahoo.com/home/messenger/bjk/clientbtn/?http://cn.messenger.yahoo.com/, N/A>
[PowerWord]
  {9A687CA6-D585-4947-9ED9-BE96071F5CD9} <C:\PROGRA~1\Kingsoft\POWERW~1\XDictExB.dll, 金山软件股份有限公司>
[@shdoclc.dll,-866]
  {c95fe080-8f5d-11d2-a20b-00aa003c157a} <, >
[QQ]
  {c95fe080-8f5d-11d2-a20b-00aa003c157b} <, >
[QQIEFloatBarCfgCmd Class]
  {DEDEB80D-FA35-45d9-9460-4983E5A8AFE6} <C:\Program Files\Tencent\QQ\QQIEHelper.dll, 深圳市腾讯计算机系统有限公司>
[电台(&R)]
  {8E718888-423F-11D2-876E-00A0C9082467} <C:\WINNT\System32\msdxm.ocx, (Signed) >
[ChartFX IE Client Object]
  {08C818C3-2F1E-11D0-9223-00A0244D2920} <C:\WINNT\Downloaded Program Files\cfxax32.ocx, (Signed) Software FX, Inc.>
[iTrusPTA Class]
  {1E0DFFCF-27FF-4574-849B-55007349FEDA} <C:\WINNT\system32\aliedit\pta.dll, (Signed) >
[EditCtrl Class]
  {488A4255-3236-44B3-8F27-FA1AECAA8844} <C:\WINNT\system32\aliedit\aliedit.dll, (Signed) >
[Java Plug-in 1.4.2_15]
  {8AD9C840-044E-11D1-B3E9-00805F499D93} <C:\Program Files\Java\j2re1.4.2_15\bin\npjpi142_15.dll, JavaSoft / Sun Microsystems, Inc.>
[]
  {9F1C11AA-197B-4942-BA54-47A8489BB47F} <, >
[]
  {B27CDB6E-AE6D-11CF-96B8-444553540000} <, >
[ChartGrd.SeaGrid]
  {BCFA9325-D5B4-11D1-B0CF-080009BB19BD} <C:\WINNT\Downloaded Program Files\ChartGrd.ocx, Seagate Technology Inc>
[Java Plug-in 1.4.2_15]
  {CAFEEFAC-0014-0002-0015-ABCDEFFEDCBA} <C:\Program Files\Java\j2re1.4.2_15\bin\npjpi142_15.dll, JavaSoft / Sun Microsystems, Inc.>
[Shockwave Flash Object]
  {D27CDB6E-AE6D-11CF-96B8-444553540000} <C:\WINNT\system32\Macromed\Flash\Flash9f.ocx, (Signed) Adobe Systems, Inc.>
[WangWangObj Class]
  {6E213FC7-DD5A-4115-B7E6-D4C7838C361E} <G:\Program Files\Alisoft\WangWang\WangWangX6.dll, (Signed) 阿里巴巴软件(上海)有限公司>
[InfoCheck Class]
  {F91BA567-79B9-467E-BC97-5DBA01BBC5EE} <G:\Program Files\Alisoft\Alitalk\Ali_Check.dll, (Signed) >
[InstallCheck Class]
  {FFB8C97E-39D4-4E8A-9FE4-B451A0D6CA65} <G:\Program Files\Alisoft\Alitalk\Ali_Check.dll, (Signed) >

==================================
Running Processes
[PID: 152][\SystemRoot\System32\smss.exe]  [(Verified) Microsoft Corporation, 5.00.2195.6601]
[PID: 172][\??\C:\WINNT\system32\csrss.exe]  [(Verified) Microsoft Corporation, 5.00.2195.6601]
[PID: 192][\??\C:\WINNT\system32\winlogon.exe]  [(Verified) Microsoft Corporation, 5.00.2195.6997]
    [C:\WINNT\system32\ATL.DLL]  [Microsoft Corporation, 3.00.9794]
[PID: 220][C:\WINNT\system32\services.exe]  [(Verified) Microsoft Corporation, 5.00.2195.7035]
    [C:\WINNT\system32\dmserver.dll]  [VERITAS Software Corp., 2195.6605.297.3]
[PID: 232][C:\WINNT\system32\lsass.exe]  [(Verified) Microsoft Corporation, 5.00.2195.7011]
    [C:\WINNT\system32\MFC42LOC.DLL]  [Microsoft Corporation, 6.00.8168.0]
[PID: 412][C:\WINNT\system32\svchost.exe]  [(Verified) Microsoft Corporation, 5.00.2134.1]
[PID: 440][C:\WINNT\system32\spoolsv.exe]  [(Verified) Microsoft Corporation, 5.00.2195.7059]
[PID: 540][C:\Program Files\LANDesk\Shared Files\residentagent.exe]  [LANDesk Software, Ltd., 8.7.0.23]
    [C:\Program Files\LANDesk\Shared Files\pds2lis.dll]  [LANDesk Software, Ltd., 8.7.0.23]
    [C:\Program Files\LANDesk\Shared Files\cbaroot\extensions\proxyext.dll]  [LANDesk Software, Ltd., 8.7.0.23]
    [C:\Program Files\LANDesk\Shared Files\cbaroot\extensions\lclxsvc.dll]  [LANDesk Software, Ltd.  , 8.70.0.109]
    [C:\WINNT\system32\PDS.DLL]  [LANDesk Software Ltd., 6.12.0.144 E]
    [C:\WINNT\system32\NTS.dll]  [LANDesk Software Ltd., 6.12.0.144 E]
[PID: 564][C:\WINNT\SYSTEM32\DWRCS.EXE]  [DameWare Development, 3, 66, 0, 0]
[PID: 584][C:\WINNT\System32\svchost.exe]  [(Verified) Microsoft Corporation, 5.00.2134.1]
    [C:\WINNT\System32\ATL.DLL]  [Microsoft Corporation, 3.00.9794]
[PID: 612][C:\WINNT\system32\hidserv.exe]  [(Verified) Microsoft Corporation, 5.00.2195.6655]
[PID: 628][C:\Program Files\LANDesk\LDClient\LocalSch.EXE]  [LANDesk Software, Ltd., 8.70.5.5  ]
    [C:\Program Files\LANDesk\LDClient\LTAPI.DLL]  [LANDesk Software, Ltd., 8.70.7.2 ]
[PID: 676][C:\WINNT\system32\CBA\pds.exe]  [LANDesk Software Ltd., 6.12.0.144 E]
    [C:\WINNT\system32\PDS.DLL]  [LANDesk Software Ltd., 6.12.0.144 E]
    [C:\WINNT\system32\NTS.dll]  [LANDesk Software Ltd., 6.12.0.144 E]
    [C:\WINNT\system32\loc32vc0.dll]  [LANDesk? Software Ltd., 7.00.0.88]
    [C:\WINNT\system32\CSL.DLL]  [Intel? Corporation, 6.12.0.117 E]
    [C:\WINNT\system32\CSSM32s.dll]  [Intel Corporation, 1, 1, 2, 3]
[PID: 768][C:\Program Files\LANDesk\LDClient\tmcsvc.exe]  [LANDesk Software, Ltd., 8.70.6.1 ]
    [C:\Program Files\LANDesk\LDClient\tmcclnt.dll]  [LANDesk Software, Ltd., 8.70.7.5 ]
    [C:\Program Files\LANDesk\LDClient\lddwnld.DLL]  [LANDesk Software, Ltd., 8.70.7.9  ]
    [C:\Program Files\LANDesk\LDClient\ldredirect.dll]  [, 8.70.7.2  ]
    [C:\Program Files\LANDesk\LDClient\uncauthentication.dll]  [N/A, ]
[PID: 772][C:\PROGRA~1\LANDesk\LDClient\issuser.exe]  [LANDesk Software, Ltd., 8.70.7.22  ]
    [C:\PROGRA~1\LANDesk\LDClient\LIBEAY32.dll]  [The OpenSSL Project, http://www.openssl.org/, 0.9.8c]
    [C:\PROGRA~1\LANDesk\LDClient\SSLEAY32.dll]  [The OpenSSL Project, http://www.openssl.org/, 0.9.8c]
    [C:\PROGRA~1\LANDesk\LDClient\ENUiuser.dll]  [LANDesk Software, Ltd., 8.70.7.3  ]
    [C:\PROGRA~1\LANDesk\LDClient\ISSFTCLT.DLL]  [LANDesk Software, Ltd., 8.70.6.5 ]
    [C:\PROGRA~1\LANDesk\LDClient\irclog.dll]  [LANDesk Software, Ltd., 8.70.0.109]
    [C:\WINNT\system32\MSVCP71.dll]  [Microsoft Corporation, 7.10.3077.0]
    [C:\WINNT\system32\MSVCR71.dll]  [Microsoft Corporation, 7.10.3052.4]
[PID: 864][C:\PROGRA~1\LANDesk\LDClient\rcgui.exe]  [LANDesk Software, Ltd., 8.70.7.9  ]
    [C:\PROGRA~1\LANDesk\LDClient\ENUrcgui.dll]  [LANDesk Software, Ltd., 8.70.7.8  ]
    [C:\PROGRA~1\LANDesk\LDClient\ISSUIFX.DLL]  [LANDesk Software, Ltd., 8.70.6.3 ]
    [C:\PROGRA~1\LANDesk\LDClient\ISSCLIP.DLL]  [LANDesk Software, Ltd., 8.70.5.3  ]
[PID: 876][C:\Program Files\McAfee\VirusScan Enterprise\engineserver.exe]  [McAfee, Inc., VSCORE.14.1.0.496.x86]
    [C:\Program Files\McAfee\VirusScan Enterprise\mytilus3_worker.dll]  [McAfee, Inc., VSCORE.14.1.0.496.x86]
    [C:\Program Files\McAfee\VirusScan Enterprise\mytilus3_server.dll]  [McAfee, Inc., VSCORE.14.1.0.496.x86]
    [C:\Program Files\McAfee\VirusScan Enterprise\LockDown.dll]  [McAfee, Inc., VSCORE.14.1.0.496.x86]
    [C:\Program Files\McAfee\VirusScan Enterprise\RES0900\McShield.dll]  [McAfee, Inc., VSCORE.14.1.0.496]
[PID: 940][C:\PROGRA~1\LANDesk\LDClient\collector.exe]  [LANDesk Software, Ltd., 8.70.7.3  ]
gototop
 
Qualityman
头像
初生襁褓狮
  • 帖子:9
  • 注册: 2009-11-11
  • 来自:
发表于: 2009-11-12 08:47 | 只看楼主 短消息 资料
字号: 6楼

回复:灰鸽子病毒

[C:\WINNT\system32\MSVCP71.dll]  [Microsoft Corporation, 7.10.3077.0]
    [C:\WINNT\system32\MSVCR71.dll]  [Microsoft Corporation, 7.10.3052.4]
[PID: 968][C:\PROGRA~1\LANDesk\LDClient\LDregwatch.exe]  [N/A, ]
    [C:\WINNT\system32\MSVCP71.dll]  [Microsoft Corporation, 7.10.3077.0]
    [C:\WINNT\system32\MSVCR71.dll]  [Microsoft Corporation, 7.10.3052.4]
[PID: 984][C:\Program Files\Network Associates\Common Framework\FrameworkService.exe]  [McAfee, Inc., 4.0.0.1494]
    [C:\Program Files\Network Associates\Common Framework\nailog3.dll]  [McAfee, Inc., 4.0.0.1494]
    [C:\Program Files\Network Associates\Common Framework\MSVCR71.dll]  [Microsoft Corporation, 7.10.3052.4]
    [C:\Program Files\Network Associates\Common Framework\naxml3_71.dll]  [McAfee, Inc., 4.0.0.1494]
    [C:\Program Files\Network Associates\Common Framework\MSVCP71.dll]  [Microsoft Corporation, 7.10.3077.0]
    [C:\Program Files\Network Associates\Common Framework\naCmnLib3_71.dll]  [McAfee, Inc., 4.0.0.1494]
    [C:\Program Files\Network Associates\Common Framework\applib.dll]  [McAfee, Inc., 4.0.0.1494]
    [C:\Program Files\Network Associates\Common Framework\cryptocme2.dll]  [N/A, ]
    [C:\Program Files\Network Associates\Common Framework\0409\AgentRes.dll]  [McAfee, Inc., 4.0.0.1494]
    [C:\Program Files\Network Associates\Common Framework\Logging.dll]  [McAfee, Inc., 4.0.0.1494]
    [C:\Program Files\Network Associates\Common Framework\UserSpace.Dll]  [McAfee, Inc., 4.0.0.1494]
    [C:\Program Files\Network Associates\Common Framework\SecureFrameworkFactory3.dll]  [McAfee, Inc., 4.0.0.1494]
    [C:\Program Files\Network Associates\Common Framework\Management.dll]  [McAfee, Inc., 4.0.0.1494]
    [C:\Program Files\Network Associates\Common Framework\naPolicyManager.dll]  [McAfee, Inc., 4.0.0.1494]
    [C:\Program Files\Network Associates\Common Framework\UpdateSubSys.Dll]  [McAfee, Inc., 4.0.0.1494]
    [C:\Program Files\Network Associates\Common Framework\updater.dll]  [McAfee, Inc., 4.0.0.1494]
    [C:\Program Files\Network Associates\Common Framework\ipcchannel.dll]  [McAfee, Inc., 4.0.0.1494]
    [C:\Program Files\Network Associates\Common Framework\boost_thread-vc71-mt-1_32.dll]  [N/A, ]
    [C:\Program Files\Network Associates\Common Framework\mfeCmnLib71.dll]  [McAfee, Inc., 4.0.0.1494]
    [C:\Program Files\Network Associates\Common Framework\Scheduler.dll]  [McAfee, Inc., 4.0.0.1494]
    [C:\Program Files\Network Associates\Common Framework\Agent.dll]  [McAfee, Inc., 4.0.0.1494]
    [C:\Program Files\Network Associates\Common Framework\nainet.dll]  [McAfee, Inc., 4.0.0.1494]
    [C:\Program Files\Network Associates\Common Framework\mfecurl.dll]  [McAfee, Inc., 1.0.0.151]
    [C:\Program Files\Network Associates\Common Framework\mfezlib.dll]  [McAfee, Inc., 1.0.0.151]
    [C:\Program Files\Network Associates\Common Framework\inetmgr.dll]  [McAfee, Inc., 4.0.0.1494]
    [C:\Program Files\Network Associates\Common Framework\naSPIPE.dll]  [McAfee, Inc., 4.0.0.1494]
    [C:\Program Files\Network Associates\Common Framework\cmalib.dll]  [McAfee, Inc., 4.0.0.1494]
    [C:\Program Files\Network Associates\Common Framework\ListenServer.dll]  [McAfee, Inc., 4.0.0.1494]
    [C:\Program Files\Network Associates\Common Framework\TCSubSys.dll]  [McAfee, Inc., 4.0.0.1494]
    [C:\Program Files\Network Associates\Common Framework\Genevtinf3.dll]  [McAfee, Inc., 4.0.0.1494]
[PID: 900][C:\Program Files\McAfee\VirusScan Enterprise\VsTskMgr.exe]  [McAfee, Inc., 8.7.0.659]
    [C:\Program Files\McAfee\VirusScan Enterprise\LockDown.dll]  [McAfee, Inc., VSCORE.14.1.0.496.x86]
    [C:\Program Files\McAfee\VirusScan Enterprise\mytilus3_worker.dll]  [McAfee, Inc., VSCORE.14.1.0.496.x86]
    [C:\Program Files\McAfee\VirusScan Enterprise\shutil.dll]  [McAfee, Inc., 8.7.0.659]
    [C:\Program Files\McAfee\VirusScan Enterprise\wmain.dll]  [McAfee, Inc., 8.7.0.570]
    [C:\Program Files\McAfee\VirusScan Enterprise\condl.dll]  [McAfee, Inc., 8.7.0.570]
    [C:\Program Files\McAfee\VirusScan Enterprise\RES0900\McShield.dll]  [McAfee, Inc., VSCORE.14.1.0.496]
    [C:\Program Files\McAfee\VirusScan Enterprise\MIDUtil.Dll]  [McAfee, Inc., 8.7.0.133]
[PID: 1052][C:\WINNT\Explorer.EXE]  [(Verified) Microsoft Corporation, 5.00.3700.6690]
    [C:\WINNT\system32\ATL.DLL]  [Microsoft Corporation, 3.00.9794]
    [C:\WINNT\system32\MSCTF.dll]  [Microsoft Corporation, 1.00.2409.34 built by: Lab06_N]
    [C:\Program Files\Network Associates\Common Framework\JrMac.dll]  [McAfee, Inc., 1.0.0.129]
    [C:\Program Files\Thunder Network\Thunder\ComDlls\TDAtOnce_Now.dll]  [Thunder Networking Technologies,LTD, 1.0.2.9]
    [C:\Program Files\Thunder Network\Thunder\ComDlls\xunleiBHO_Now.dll]  [Thunder Networking Technologies,LTD, 5, 0, 3, 11]
    [C:\Program Files\Thunder Network\Thunder\Components\ResWorker\DsBho_00.dll]  [, 1, 0, 0, 4]
    [C:\WINNT\system32\MSVCP60.dll]  [Microsoft Corporation, 6.00.8972.0]
    [C:\Program Files\Thunder Network\Thunder\Components\ResWorker\DataProcessor_00.dll]  [Thunder Networking Technologies,LTD, 1, 0, 0, 6]
    [C:\Program Files\McAfee\VirusScan Enterprise\scriptsn.dll]  [McAfee, Inc., VSCORE.14.1.0.496.x86]
gototop
 
Qualityman
头像
初生襁褓狮
  • 帖子:9
  • 注册: 2009-11-11
  • 来自:
发表于: 2009-11-12 08:51 | 只看楼主 短消息 资料
字号: 7楼

回复:灰鸽子病毒

[C:\WINNT\system32\JScript.dll]  [Microsoft Corporation, 5.6.0.8837]
    [C:\Program Files\McAfee\VirusScan Enterprise\mytilus3.dll]  [McAfee, Inc., VSCORE.14.1.0.496.x86]
    [C:\Program Files\McAfee\VirusScan Enterprise\mytilus3_worker.dll]  [McAfee, Inc., VSCORE.14.1.0.496.x86]
    [C:\Program Files\McAfee\VirusScan Enterprise\RES0900\McShield.dll]  [McAfee, Inc., VSCORE.14.1.0.496]
    [C:\WINNT\system32\msimtf.dll]  [Microsoft Corporation, 1.00.2409.34 built by: Lab06_N]
    [C:\Program Files\WinRAR\rarext.dll]  [N/A, ]
[PID: 1124][C:\WINNT\system32\mfevtps.exe]  [McAfee, Inc., SYSCORE.14.1.0.551.x86]
[PID: 1140][C:\Program Files\lotus\notes\ntmulti.exe]  [IBM Corp, 7.0.20.6269]
[PID: 1164][C:\WINNT\system32\regsvc.exe]  [(Verified) Microsoft Corporation, 5.00.2195.6701]
[PID: 1196][C:\WINNT\system32\MSTask.exe]  [(Verified) Microsoft Corporation, 4.71.2195.6972]
[PID: 1212][C:\Program Files\LANDesk\LDClient\softmon.exe]  [LANDesk Software, Ltd., 8.70.7.14  ]
    [C:\Program Files\LANDesk\LDClient\ENUsftmn.dll]  [LANDesk Software, Ltd., 8.70.0.109]
    [C:\Program Files\LANDesk\LDClient\PSAPI.DLL]  [Microsoft Corporation, 5.1.2600.1106 (xpsp1.020828-1920)]
    [C:\Program Files\LANDesk\LDClient\ThinstallManageApi.dll]  [N/A, ]
[PID: 1260][C:\Program Files\Network Associates\Common Framework\naPrdMgr.exe]  [McAfee, Inc., 4.0.0.1494]
    [C:\Program Files\Network Associates\Common Framework\naxml3_71.dll]  [McAfee, Inc., 4.0.0.1494]
    [C:\Program Files\Network Associates\Common Framework\MSVCP71.dll]  [Microsoft Corporation, 7.10.3077.0]
    [C:\Program Files\Network Associates\Common Framework\MSVCR71.dll]  [Microsoft Corporation, 7.10.3052.4]
    [C:\Program Files\Network Associates\Common Framework\nailog3.dll]  [McAfee, Inc., 4.0.0.1494]
    [C:\Program Files\Network Associates\Common Framework\naCmnLib3_71.dll]  [McAfee, Inc., 4.0.0.1494]
    [C:\Program Files\Network Associates\Common Framework\applib.dll]  [McAfee, Inc., 4.0.0.1494]
    [C:\Program Files\Network Associates\Common Framework\cryptocme2.dll]  [N/A, ]
    [C:\Program Files\Network Associates\Common Framework\0409\AgentRes.dll]  [McAfee, Inc., 4.0.0.1494]
    [C:\Program Files\Network Associates\Common Framework\agentplugin.dll]  [McAfee, Inc., 4.0.0.1494]
    [C:\Program Files\Network Associates\Common Framework\mfeCmnLib71.dll]  [McAfee, Inc., 4.0.0.1494]
    [C:\Program Files\McAfee\VirusScan Enterprise\VsPlugin.dll]  [McAfee, Inc., 8.7.0.659]
    [C:\Program Files\Network Associates\Common Framework\UpdPlug.Dll]  [McAfee, Inc., 4.0.0.1494]
    [C:\Program Files\Network Associates\Common Framework\SecureFrameworkFactory3.dll]  [McAfee, Inc., 4.0.0.1494]
    [C:\Program Files\Network Associates\Common Framework\pcrplug.dll]  [McAfee, Inc., 4.0.0.1494]
[PID: 1288][C:\WINNT\System32\WBEM\WinMgmt.exe]  [(Verified) Microsoft Corporation, 1.50.1085.0100]
    [C:\WINNT\system32\spool\DRIVERS\W32X86\3\UNIDRVUI.DLL]  [Microsoft Corporation, 6.0.6000.16386 (vista_rtm.061101-2205)]
    [C:\WINNT\system32\SDBAPIU.DLL]  [Microsoft Corporation, 1, 0, 0, 1]
[PID: 1348][C:\WINNT\system32\svchost.exe]  [(Verified) Microsoft Corporation, 5.00.2134.1]
[PID: 1412][C:\Program Files\McAfee\VirusScan Enterprise\Mcshield.exe]  [McAfee, Inc., VSCORE.14.1.0.496.x86]
    [C:\Program Files\McAfee\VirusScan Enterprise\LockDown.dll]  [McAfee, Inc., VSCORE.14.1.0.496.x86]
    [C:\Program Files\McAfee\VirusScan Enterprise\mytilus3.dll]  [McAfee, Inc., VSCORE.14.1.0.496.x86]
    [C:\Program Files\McAfee\VirusScan Enterprise\mytilus3_worker.dll]  [McAfee, Inc., VSCORE.14.1.0.496.x86]
    [C:\Program Files\McAfee\VirusScan Enterprise\mytilus3_server.dll]  [McAfee, Inc., VSCORE.14.1.0.496.x86]
    [C:\Program Files\McAfee\VirusScan Enterprise\RES0900\McShield.dll]  [McAfee, Inc., VSCORE.14.1.0.496]
    [C:\Program Files\McAfee\VirusScan Enterprise\FTL.Dll]  [McAfee, Inc., VSCORE.14.1.0.496.x86]
    [C:\Program Files\McAfee\VirusScan Enterprise\mfebopa.dll]  [McAfee, Inc., SYSCORE.14.1.0.551.x86]
    [C:\Program Files\McAfee\VirusScan Enterprise\mfehida.dll]  [McAfee, Inc., SYSCORE.14.1.0.551.x86]
    [C:\Program Files\McAfee\VirusScan Enterprise\mfeapfa.dll]  [McAfee, Inc., SYSCORE.14.1.0.551.x86]
    [C:\Program Files\McAfee\VirusScan Enterprise\mfeavfa.dll]  [McAfee, Inc., SYSCORE.14.1.0.551.x86]
    [C:\Program Files\Common Files\McAfee\Engine\mcscan32.dll]  [McAfee, Inc., 5.4.00]
[PID: 1436][C:\Program Files\LANDesk\LDClient\webportal\sdclientmonitor.exe]  [LANDesk Software, Ltd., 8.70.7.3 ]
[PID: 1476][C:\Program Files\McAfee\VirusScan Enterprise\mfeann.exe]  [McAfee, Inc., VSCORE.14.1.0.496.x86]
    [C:\Program Files\McAfee\VirusScan Enterprise\LockDown.dll]  [McAfee, Inc., VSCORE.14.1.0.496.x86]
    [C:\Program Files\McAfee\VirusScan Enterprise\naiann.dll]  [McAfee, Inc., 8.7.0.659]
    [C:\Program Files\McAfee\VirusScan Enterprise\mytilus3.dll]  [McAfee, Inc., VSCORE.14.1.0.496.x86]
    [C:\Program Files\McAfee\VirusScan Enterprise\mytilus3_worker.dll]  [McAfee, Inc., VSCORE.14.1.0.496.x86]
    [C:\Program Files\McAfee\VirusScan Enterprise\VsEvntUI.dll]  [N/A, ]
    [C:\Program Files\McAfee\VirusScan Enterprise\NAEvent.dll]  [McAfee, Inc., VSCORE.14.1.0.496.x86]
    [C:\Program Files\McAfee\VirusScan Enterprise\shutil.dll]  [McAfee, Inc., 8.7.0.659]
    [C:\Program Files\McAfee\VirusScan Enterprise\wmain.dll]  [McAfee, Inc., 8.7.0.570]
    [C:\Program Files\McAfee\VirusScan Enterprise\RES0402\McShield.dll]  [McAfee, Inc., VSCORE.14.1.0.496]
    [C:\Program Files\Network Associates\Common Framework\Genevtinf3.dll]  [McAfee, Inc., 4.0.0.1494]
[PID: 1400][C:\Program Files\Java\j2re1.4.2_15\bin\jusched.exe]  [N/A, ]
[PID: 1504][C:\Program Files\McAfee\VirusScan Enterprise\SHSTAT.EXE]  [McAfee, Inc., 8.7.0.659]
    [C:\Program Files\McAfee\VirusScan Enterprise\LockDown.dll]  [McAfee, Inc., VSCORE.14.1.0.496.x86]
    [C:\Program Files\McAfee\VirusScan Enterprise\ftcfg.dll]  [McAfee, Inc., 8.7.0.659]
    [C:\Program Files\McAfee\VirusScan Enterprise\mytilus3.dll]  [McAfee, Inc., VSCORE.14.1.0.496.x86]
    [C:\Program Files\McAfee\VirusScan Enterprise\mytilus3_worker.dll]  [McAfee, Inc., VSCORE.14.1.0.496.x86]
    [C:\Program Files\McAfee\VirusScan Enterprise\wmain.dll]  [McAfee, Inc., 8.7.0.570]
    [C:\Program Files\McAfee\VirusScan Enterprise\shutil.dll]  [McAfee, Inc., 8.7.0.659]
    [C:\Program Files\McAfee\VirusScan Enterprise\RES0900\McShield.dll]  [McAfee, Inc., VSCORE.14.1.0.496]
    [C:\Program Files\McAfee\VirusScan Enterprise\Graphics.dll]  [McAfee, Inc., 8.7.0.570]
    [C:\WINNT\system32\MSCTF.dll]  [Microsoft Corporation, 1.00.2409.34 built by: Lab06_N]
[PID: 1492][C:\Program Files\Java\j2re1.4.2_15\bin\jucheck.exe]  [, 1, 0, 0, 1]
    [C:\WINNT\system32\MSCTF.dll]  [Microsoft Corporation, 1.00.2409.34 built by: Lab06_N]
[PID: 1512][C:\Program Files\Network Associates\Common Framework\udaterui.exe]  [McAfee, Inc., 4.0.0.1494]
    [C:\Program Files\Network Associates\Common Framework\nailog3.dll]  [McAfee, Inc., 4.0.0.1494]
    [C:\Program Files\Network Associates\Common Framework\MSVCR71.dll]  [Microsoft Corporation, 7.10.3052.4]
    [C:\Program Files\Network Associates\Common Framework\naCmnLib3_71.dll]  [McAfee, Inc., 4.0.0.1494]
    [C:\Program Files\Network Associates\Common Framework\naxml3_71.dll]  [McAfee, Inc., 4.0.0.1494]
    [C:\Program Files\Network Associates\Common Framework\MSVCP71.dll]  [Microsoft Corporation, 7.10.3077.0]
    [C:\Program Files\Network Associates\Common Framework\applib.dll]  [McAfee, Inc., 4.0.0.1494]
    [C:\Program Files\Network Associates\Common Framework\cmalib.dll]  [McAfee, Inc., 4.0.0.1494]
    [C:\Program Files\Network Associates\Common Framework\cryptocme2.dll]  [N/A, ]
    [C:\Program Files\Network Associates\Common Framework\0409\UpdRes.dll]  [McAfee, Inc., 4.0.0.1494]
    [C:\Program Files\Network Associates\Common Framework\0409\AgentRes.dll]  [McAfee, Inc., 4.0.0.1494]
    [C:\WINNT\system32\MSCTF.dll]  [Microsoft Corporation, 1.00.2409.34 built by: Lab06_N]
    [C:\Program Files\Network Associates\Common Framework\SecureFrameworkFactory3.dll]  [McAfee, Inc., 4.0.0.1494]
[PID: 1520][C:\WINNT\system32\ctfmon.exe]  [Microsoft Corporation, 1.00.2409.34 built by: Lab06_N]
    [C:\WINNT\system32\MSCTF.dll]  [Microsoft Corporation, 1.00.2409.34 built by: Lab06_N]
    [C:\WINNT\system32\MSUTB.dll]  [Microsoft Corporation, 1.00.2409.34 built by: Lab06_N]
[PID: 1528][C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe]  [Macrovision Corporation, 6, 0, 100, 54472]
    [C:\WINNT\system32\MSCTF.dll]  [Microsoft Corporation, 1.00.2409.34 built by: Lab06_N]
[PID: 1792][C:\Program Files\Network Associates\Common Framework\McTray.exe]  [McAfee, Inc., 1.0.0.129]
    [C:\Program Files\Network Associates\Common Framework\JrMac.dll]  [McAfee, Inc., 1.0.0.129]
    [C:\WINNT\system32\MSCTF.dll]  [Microsoft Corporation, 1.00.2409.34 built by: Lab06_N]
[PID: 216][C:\WINNT\System32\svchost.exe]  [(Verified) Microsoft Corporation, 5.00.2134.1]
[PID: 2196][C:\Program Files\Lotus\notes\NLNOTES.EXE]  [IBM Corp, 7.0.20.6269]
    [C:\Program Files\Lotus\notes\nnotesws.dll]  [IBM Corp, 7.0.20.6269]
    [C:\Program Files\Lotus\notes\nnotes.dll]  [IBM Corp, 7.0.20.6269]
    [C:\Program Files\Lotus\notes\nxmlproc.dll]  [IBM Corp, 7.0.20.6269]
    [C:\Program Files\Lotus\notes\MSVCP71.dll]  [Microsoft Corporation, 7.10.3077.0]
    [C:\Program Files\Lotus\notes\MSVCR71.dll]  [Microsoft Corporation, 7.10.3052.4]
    [C:\Program Files\Lotus\notes\js32.dll]  [IBM Corp, 7.0.20.6269]
    [C:\Program Files\Lotus\notes\NLSCCSTR.DLL]  [IBM Corp, 7.0.20.6269]
    [C:\Program Files\Lotus\notes\ndgts.dll]  [IBM Corp, 7.0.20.6269]
    [C:\Program Files\Lotus\notes\LTOUIN22.dll]  [Lotus Development Corporation., 2.2.0.8911]
    [C:\Program Files\Lotus\notes\nplugins.dll]  [IBM Corp, 7.0.20.6269]
    [C:\WINNT\system32\MSCTF.dll]  [Microsoft Corporation, 1.00.2409.34 built by: Lab06_N]
    [C:\Program Files\Lotus\notes\NSTRINGS.DLL]  [IBM Corp, 7.0.20.6269]
    [C:\Program Files\Lotus\notes\namhook.DLL]  [IBM Corp, 7.0.20.6269]
    [C:\Program Files\Lotus\notes\nTCP.DLL]  [IBM Corp, 7.0.20.6269]
    [C:\Program Files\Lotus\notes\nstclientu.dll]  [IBM Corp, 7.0.20.6269]
    [C:\Program Files\Lotus\notes\MFC71U.DLL]  [Microsoft Corporation, 7.10.3077.0]
    [C:\Program Files\Lotus\notes\nimuiu.dll]  [IBM Corp, 7.0.20.6269]
    [C:\Program Files\Lotus\notes\nimuires.dll]  [, 3, 1, 0, 1]
    [C:\Program Files\Lotus\notes\nNTCP.DLL]  [IBM Corp, 7.0.20.6269]
    [C:\Program Files\Lotus\notes\nlsxbe.DLL]  [IBM Corp, 7.0.20.6269]
    [C:\Program Files\Lotus\notes\naldaemn.DLL]  [IBM Corp, 7.0.20.6269]
    [C:\Program Files\Lotus\notes\nDBNotes.DLL]  [IBM Corp, 7.0.20.6269]
    [C:\WINNT\system32\ATL.DLL]  [Microsoft Corporation, 3.00.9794]
    [C:\WINNT\system32\SOGOUPY.IME]  [Sogou.com Inc., 4.1.3.2396]
[PID: 2228][G:\Program Files\China Mobile\Fetion\FetionFX.exe]  [China Mobile, 3.4.1280.0]
    [C:\WINNT\system32\mscoree.dll]  [Microsoft Corporation, 2.0.50727.42 (RTM.050727-4200)]
    [C:\WINNT\Microsoft.NET\Framework\v2.0.50727\mscorwks.dll]  [Microsoft Corporation, 2.0.50727.42 (RTM.050727-4200)]
    [C:\WINNT\system32\MSVCR80.dll]  [Microsoft Corporation, 8.00.50727.762]
    [C:\WINNT\assembly\NativeImages_v2.0.50727_32\mscorlib\80a406418764894b829b503eea279bd0\mscorlib.ni.dll]  [Microsoft Corporation, 2.0.50727.42 (RTM.050727-4200)]
    [C:\WINNT\system32\MSCTF.dll]  [Microsoft Corporation, 1.00.2409.34 built by: Lab06_N]
    [C:\WINNT\Microsoft.NET\Framework\v2.0.50727\mscorjit.dll]  [Microsoft Corporation, 2.0.50727.42 (RTM.050727-4200)]
    [C:\WINNT\assembly\GAC_MSIL\System.Windows.Forms\2.0.0.0__b77a5c561934e089\System.Windows.Forms.dll]  [Microsoft Corporation, 2.0.50727.1433 (REDBITS.050727-1400)]
    [C:\WINNT\assembly\NativeImages_v2.0.50727_32\System\613c9bf2d12de346a9fd603c3fa8d52f\System.ni.dll]  [Microsoft Corporation, 2.0.50727.42 (RTM.050727-4200)]
    [G:\Program Files\China Mobile\Fetion\ImpsControls.dll]  [China Mobile, 3.0.0.0]
    [C:\WINNT\assembly\NativeImages_v2.0.50727_32\System.Drawing\5ab3c3eb857b464fa2e4e4087d5be8d2\System.Drawing.ni.dll]  [Microsoft Corporation, 2.0.50727.42 (RTM.050727-4200)]
    [G:\Program Files\China Mobile\Fetion\ImpsPcBase.dll]  [China Mobile, 3.0.0.0]
    [C:\WINNT\assembly\NativeImages_v2.0.50727_32\System.Xml\cd45e87e11cbc84ab12be20346526441\System.Xml.ni.dll]  [Microsoft Corporation, 2.0.50727.42 (RTM.050727-4200)]
    [G:\Program Files\China Mobile\Fetion\ImpsClientBase.dll]  [China Mobile, 3.0.0.0]
    [G:\Program Files\China Mobile\Fetion\ImpsClientUtils.dll]  [China Mobile, 3.0.0.0]
    [G:\Program Files\China Mobile\Fetion\ImpsClientResource.dll]  [China Mobile, 3.0.0.0]
    [G:\Program Files\China Mobile\Fetion\ImpsClientCore.dll]  [China Mobile, 3.0.0.0]
    [G:\Program Files\China Mobile\Fetion\ImpsBase.dll]  [China Mobile, 3.0.0.0]
    [C:\WINNT\Microsoft.NET\Framework\v2.0.50727\Gdiplus.dll]  [Microsoft Corporation, 5.1.3102.3352 (xpsp_sp2_qfe.080415-1302)]
    [C:\WINNT\assembly\NativeImages_v2.0.50727_32\Accessibility\ddd3f7a67c46664a865207f7cf4f58dc\Accessibility.ni.dll]  [Microsoft Corporation, 2.0.50727.42 (RTM.050727-4200)]
    [C:\WINNT\assembly\NativeImages_v2.0.50727_32\System.Configuration\dd6c45b1fcafdd4f902d66a17bbb843b\System.Configuration.ni.dll]  [Microsoft Corporation, 2.0.50727.42 (RTM.050727-4200)]
    [G:\Program Files\China Mobile\Fetion\NCindy.dll]  [China Mobile, 3.0.0.0]
    [C:\WINNT\Microsoft.NET\Framework\v2.0.50727\diasymreader.dll]  [Microsoft Corporation, 8.0.50727.42 (RTM.050727-4200)]
    [G:\Program Files\China Mobile\Fetion\Interop.DynamicGifCtlLib.dll]  [ , 1.0.0.0]
    [G:\Program Files\China Mobile\Fetion\ImpsPcCommLayer.dll]  [China Mobile, 3.0.0.0]
    [G:\Program Files\China Mobile\Fetion\ImpsClientData.dll]  [China Mobile, 3.0.0.0]
    [G:\Program Files\China Mobile\Fetion\sensmon.dll]  [China Mobile, 1.0.0.1]
    [G:\Program Files\China Mobile\Fetion\SQLite.Interop.DLL]  [, 1.0.44.0]
    [G:\Program Files\China Mobile\Fetion\Interop.WMPLib.dll]  [ , 1.0.0.0]
    [G:\Program Files\China Mobile\Fetion\AxInterop.WMPLib.dll]  [, 1.0.0.0]
    [C:\WINNT\System32\wmp.dll]  [Microsoft Corporation, 9.00.00.3364]
    [C:\Program Files\McAfee\VirusScan Enterprise\scriptsn.dll]  [McAfee, Inc., VSCORE.14.1.0.496.x86]
    [C:\WINNT\system32\JScript.dll]  [Microsoft Corporation, 5.6.0.8837]
    [C:\Program Files\McAfee\VirusScan Enterprise\mytilus3.dll]  [McAfee, Inc., VSCORE.14.1.0.496.x86]
    [C:\Program Files\McAfee\VirusScan Enterprise\mytilus3_worker.dll]  [McAfee, Inc., VSCORE.14.1.0.496.x86]
    [C:\Program Files\McAfee\VirusScan Enterprise\RES0900\McShield.dll]  [McAfee, Inc., VSCORE.14.1.0.496]
    [C:\WINNT\system32\msimtf.dll]  [Microsoft Corporation, 1.00.2409.34 built by: Lab06_N]
    [C:\WINNT\system32\Macromed\Flash\Flash9f.ocx]  [Adobe Systems, Inc., 9,0,124,0]
[PID: 2136][C:\WINNT\system32\wuauclt.exe]  [(Verified) Microsoft Corporation, 7.1.6001.65 (Longhorn(wmbla).080123-1638)]
    [C:\WINNT\system32\MSCTF.dll]  [Microsoft Corporation, 1.00.2409.34 built by: Lab06_N]
[PID: 2080][C:\Program Files\Maxthon\Maxthon.exe]  [Maxthon International Ltd., 1, 6, 3, 80]
    [C:\Program Files\Maxthon\maxzlib.dll]  [ , 1, 0, 0, 2]
    [C:\WINNT\system32\MSCTF.dll]  [Microsoft Corporation, 1.00.2409.34 built by: Lab06_N]
    [C:\WINNT\system32\mscoree.dll]  [Microsoft Corporation, 2.0.50727.42 (RTM.050727-4200)]
    [C:\WINNT\Microsoft.NET\Framework\v2.0.50727\CorperfmonExt.dll]  [Microsoft Corporation, 2.0.50727.42 (RTM.050727-4200)]
    [C:\WINNT\system32\MSVCR80.dll]  [Microsoft Corporation, 8.00.50727.762]
    [C:\Program Files\Maxthon\Services\RealTime\real_time.dll]  [, 1, 0, 0, 1]
    [C:\WINNT\system32\ATL.DLL]  [Microsoft Corporation, 3.00.9794]
    [C:\WINNT\system32\MFC42LOC.DLL]  [Microsoft Corporation, 6.00.8168.0]
    [C:\Program Files\McAfee\VirusScan Enterprise\scriptsn.dll]  [McAfee, Inc., VSCORE.14.1.0.496.x86]
    [C:\WINNT\system32\JScript.dll]  [Microsoft Corporation, 5.6.0.8837]
    [C:\Program Files\McAfee\VirusScan Enterprise\mytilus3.dll]  [McAfee, Inc., VSCORE.14.1.0.496.x86]
    [C:\Program Files\McAfee\VirusScan Enterprise\mytilus3_worker.dll]  [McAfee, Inc., VSCORE.14.1.0.496.x86]
    [C:\Program Files\McAfee\VirusScan Enterprise\RES0900\McShield.dll]  [McAfee, Inc., VSCORE.14.1.0.496]
    [C:\WINNT\system32\msdmo.dll]  [, ]
[PID: 1664][C:\Program Files\Lotus\notes\ntaskldr.EXE]  [IBM Corp, 7.0.20.6269]
    [C:\Program Files\Lotus\notes\nnotes.dll]  [IBM Corp, 7.0.20.6269]
    [C:\Program Files\Lotus\notes\nxmlproc.dll]  [IBM Corp, 7.0.20.6269]
    [C:\Program Files\Lotus\notes\MSVCP71.dll]  [Microsoft Corporation, 7.10.3077.0]
    [C:\Program Files\Lotus\notes\MSVCR71.dll]  [Microsoft Corporation, 7.10.3052.4]
    [C:\Program Files\Lotus\notes\js32.dll]  [IBM Corp, 7.0.20.6269]
    [C:\Program Files\Lotus\notes\NLSCCSTR.DLL]  [IBM Corp, 7.0.20.6269]
    [C:\Program Files\Lotus\notes\ndgts.dll]  [IBM Corp, 7.0.20.6269]
    [C:\Program Files\Lotus\notes\NSTRINGS.DLL]  [IBM Corp, 7.0.20.6269]
    [C:\Program Files\Lotus\notes\namhook.DLL]  [IBM Corp, 7.0.20.6269]
    [C:\Program Files\Lotus\notes\nhkdaemn.DLL]  [IBM Corp, 7.0.20.6269]
    [C:\Program Files\Lotus\notes\nhldaemn.DLL]  [IBM Corp, 7.0.20.6269]
    [C:\Program Files\Lotus\notes\nTCP.DLL]  [IBM Corp, 7.0.20.6269]
[PID: 2312][C:\Program Files\Microsoft Office2000\Office\EXCEL.EXE]  [Microsoft Corporation, 9.0.6627]
    [C:\Program Files\Microsoft Office2000\Office\MSO9.DLL]  [Microsoft Corporation, 9.0.6926]
    [C:\WINNT\system32\MSCTF.dll]  [Microsoft Corporation, 1.00.2409.34 built by: Lab06_N]
    [C:\WINNT\system32\spool\DRIVERS\W32X86\3\UNIDRVUI.DLL]  [Microsoft Corporation, 6.0.6000.16386 (vista_rtm.061101-2205)]
    [C:\WINNT\system32\spool\DRIVERS\W32X86\3\UNIDRV.DLL]  [Microsoft Corporation, 6.0.6000.16386 (vista_rtm.061101-2205)]
    [C:\Program Files\Microsoft Office2000\Office\msohev.dll]  [Microsoft Corporation, 9.0.3508]
    [C:\WINNT\system32\ATL.DLL]  [Microsoft Corporation, 3.00.9794]
[PID: 1800][C:\Program Files\LANDesk\LDClient\LDIScn32.EXE]  [LANDesk Software, Ltd., 8.70.8.4    ]
    [C:\WINNT\system32\elogapi.dll]  [LANDesk Software, Ltd., 8.70.0.109]
    [C:\Program Files\LANDesk\LDClient\loc32vc0.dll]  [Intel, 3, 0, 0, 2]
    [C:\WINNT\system32\MSVCR71.dll]  [Microsoft Corporation, 7.10.3052.4]
    [C:\Program Files\LANDesk\LDClient\YGrep32.dll]  [Yves Roumazeilles, 6.05]
    [C:\WINNT\SYSTEM32\ENUELOG.DLL]  [LANDesk? Software Ltd.  , 7.00.0.88]
    [C:\Program Files\LANDesk\LDClient\ENUscn32.dll]  [LANDesk Software, Ltd., 8.70.7.5    ]
[PID: 2216][C:\Program Files\WinRAR\WinRAR.exe]  [N/A, ]
    [C:\WINNT\system32\MSCTF.dll]  [Microsoft Corporation, 1.00.2409.34 built by: Lab06_N]
[PID: 1272][C:\DOCUME~1\343380\LOCALS~1\Temp\Rar$EX00.250\SREngLdr.EXE]  [Smallfrogs Studio, 2.8.1.1279]
[PID: 1584][C:\DOCUME~1\343380\LOCALS~1\Temp\Rar$EX00.250\SREbb617af3.EXE]  [Smallfrogs Studio, 2.8.1.1279]
    [C:\WINNT\system32\MSCTF.dll]  [Microsoft Corporation, 1.00.2409.34 built by: Lab06_N]
    [C:\DOCUME~1\343380\LOCALS~1\Temp\Rar$EX00.250\Upload\3rdUpd.DLL]  [Smallfrogs Studio, 2, 1, 0, 15]
    [C:\WINNT\system32\ATL.DLL]  [Microsoft Corporation, 3.00.9794]
[PID: 2376][C:\Program Files\SogouInput\4.1.3.2396\ImeUtil.exe]  [Sogou.com Inc., 4.1.3.2396]
    [C:\Program Files\SogouInput\4.1.3.2396\HWSignature.dll]  [Sogou.com Inc., 4.1.3.2396]
    [C:\Program Files\SogouInput\4.1.3.2396\ZipLib.dll]  [Sogou.com Inc., 4.1.3.2396]
gototop
 
Qualityman
头像
初生襁褓狮
  • 帖子:9
  • 注册: 2009-11-11
  • 来自:
发表于: 2009-11-12 08:52 | 只看楼主 短消息 资料
字号: 8楼

回复:灰鸽子病毒

==================================
File Associations
.TXT  Error. [C:\WINNT\NOTEPAD.EXE %1]
.EXE  OK. ["%1" %*]
.COM  OK. ["%1" %*]
.PIF  Error. ["%1" /S]
.REG  OK. [regedit.exe "%1"]
.BAT  OK. ["%1" %*]
.SCR  Error. []
.CHM  OK. ["C:\WINNT\hh.exe" %1]
.HLP  OK. [%SystemRoot%\System32\winhlp32.exe %1]
.INI  OK. [%SystemRoot%\System32\NOTEPAD.EXE %1]
.INF  OK. [%SystemRoot%\System32\NOTEPAD.EXE %1]
.VBS  OK. [%SystemRoot%\System32\WScript.exe "%1" %*]
.JS  OK. [%SystemRoot%\System32\WScript.exe "%1" %*]
.LNK  OK. [{00021401-0000-0000-C000-000000000046}]

==================================
gototop
 
Qualityman
头像
初生襁褓狮
  • 帖子:9
  • 注册: 2009-11-11
  • 来自:
发表于: 2009-11-12 08:53 | 只看楼主 短消息 资料
字号: 9楼

回复:灰鸽子病毒

Winsock Provider
N/A

==================================
Autorun.Inf
N/A

==================================
HOSTS File
127.0.0.1      localhost

==================================
Process Privileges Scan
Special Privileges Enabled: SeLoadDriverPrivilege [PID = 628, C:\PROGRAM FILES\LANDESK\LDCLIENT\LOCALSCH.EXE]
Special Privileges Enabled: SeLoadDriverPrivilege [PID = 676, C:\WINNT\SYSTEM32\CBA\PDS.EXE]
Special Privileges Enabled: SeSystemtimePrivilege [PID = 676, C:\WINNT\SYSTEM32\CBA\PDS.EXE]
Special Privileges Enabled: SeLoadDriverPrivilege [PID = 768, C:\PROGRAM FILES\LANDESK\LDCLIENT\TMCSVC.EXE]
Special Privileges Enabled: SeLoadDriverPrivilege [PID = 772, C:\PROGRA~1\LANDESK\LDCLIENT\ISSUSER.EXE]
Special Privileges Enabled: SeLoadDriverPrivilege [PID = 864, C:\PROGRA~1\LANDESK\LDCLIENT\RCGUI.EXE]
Special Privileges Enabled: SeLoadDriverPrivilege [PID = 1140, C:\PROGRAM FILES\LOTUS\NOTES\NTMULTI.EXE]
Special Privileges Enabled: SeLoadDriverPrivilege [PID = 1212, C:\PROGRAM FILES\LANDESK\LDCLIENT\SOFTMON.EXE]
Special Privileges Enabled: SeLoadDriverPrivilege [PID = 1436, C:\PROGRAM FILES\LANDESK\LDCLIENT\WEBPORTAL\SDCLIENTMONITOR.EXE]
Special Privileges Enabled: SeLoadDriverPrivilege [PID = 1400, C:\PROGRAM FILES\JAVA\J2RE1.4.2_15\BIN\JUSCHED.EXE]
Special Privileges Enabled: SeLoadDriverPrivilege [PID = 1492, C:\PROGRAM FILES\JAVA\J2RE1.4.2_15\BIN\JUCHECK.EXE]
Special Privileges Enabled: SeLoadDriverPrivilege [PID = 1520, C:\WINNT\SYSTEM32\CTFMON.EXE]
Special Privileges Enabled: SeLoadDriverPrivilege [PID = 2196, C:\PROGRAM FILES\LOTUS\NOTES\NLNOTES.EXE]
Special Privileges Enabled: SeDebugPrivilege [PID = 2228, G:\PROGRAM FILES\CHINA MOBILE\FETION\FETIONFX.EXE]
Special Privileges Enabled: SeLoadDriverPrivilege [PID = 2228, G:\PROGRAM FILES\CHINA MOBILE\FETION\FETIONFX.EXE]
Special Privileges Enabled: SeLoadDriverPrivilege [PID = 2080, C:\PROGRAM FILES\MAXTHON\MAXTHON.EXE]
Special Privileges Enabled: SeLoadDriverPrivilege [PID = 1664, C:\PROGRAM FILES\LOTUS\NOTES\NTASKLDR.EXE]
Special Privileges Enabled: SeLoadDriverPrivilege [PID = 2312, C:\PROGRAM FILES\MICROSOFT OFFICE2000\OFFICE\EXCEL.EXE]
Special Privileges Enabled: SeLoadDriverPrivilege [PID = 1800, C:\PROGRAM FILES\LANDESK\LDCLIENT\LDISCN32.EXE]
Special Privileges Enabled: SeLoadDriverPrivilege [PID = 2216, C:\PROGRAM FILES\WINRAR\WINRAR.EXE]
Special Privileges Enabled: SeLoadDriverPrivilege [PID = 1272, C:\DOCUME~1\343380\LOCALS~1\TEMP\RAR$EX00.250\SRENGLDR.EXE]

==================================
Scheduled Tasks
N/A

==================================
Windows Security Update Check
N/A

==================================
API HOOK
N/A

==================================
Hidden Process
    [888] C:\Program Files\Internet Explorer\IEXPLORE.EXE

==================================


[/CODE]
gototop
 
帅哥阿福
头像
雄霸杖朝狮
  • 帖子:21071
  • 注册: 2006-03-29
  • 来自:米兰
论坛8周年活动礼物祖国六十华诞09欢乐圣诞
发表于: 2009-11-12 11:22 | 短消息 资料
字号: 10楼

回复:灰鸽子病毒

C:\WINNT\system32\AutoExNT.Exe
C:\WINNT\Hacker.com.cn.exe
C:\WINNT\system32\drivers\CDANT.SYS
C:\WINNT\system32\cdcd.sys
C:\WINNT\system32\drivers\ibsdbeo1hq.sys
C:\WINNT\System32\DRIVERS\s1utai7.sys
上传病毒样本到文件上报中心,地址为:http://mailcenter.rising.com.cn/filecheck/

上报后,可根据生成的查询编号来查询处理进度。
╭∩╮(︶︿︶)╭∩╮
gototop
 
<<上一主题|下一主题>>
12   1  /  2  页   跳转
页面顶部
Powered by Discuz!NT