瑞星卡卡安全论坛技术交流区反病毒/反流氓软件论坛 账号被盗,高手帮忙看下什么问题!!!在线等

12   1  /  2  页   跳转

[求助] 账号被盗,高手帮忙看下什么问题!!!在线等

账号被盗,高手帮忙看下什么问题!!!在线等

[Kaspersky Lab Boot Guard Driver / klbg][Running/Boot Start]
  <\SystemRoot\system32\drivers\klbg.sys><Kaspersky Lab>
[Kaspersky Lab Driver / KLIF][Running/System Start]
  <system32\DRIVERS\klif.sys><Kaspersky Lab>
[Kaspersky Anti-Virus NDIS Filter / klim5][Running/Manual Start]
  <system32\DRIVERS\klim5.sys><Kaspersky Lab>
[Kaspersky Lab KLMOUFLT / klmouflt][Running/Manual Start]
  <system32\DRIVERS\klmouflt.sys><Kaspersky Lab>
[nv / nv][Running/Manual Start]
  <system32\DRIVERS\nv4_mini.sys><NVIDIA Corporation>
[nvgts / nvgts][Running/Boot Start]
  <\SystemRoot\system32\drivers\nvgts.sys><NVIDIA Corporation>
[Direct Parallel Link Driver / Ptilink][Running/Manual Start]
  <system32\DRIVERS\ptilink.sys><Parallel Technologies, Inc.>
[Realtek 10/100/1000 PCI-E NIC Family NDIS XP Driver / RTLE8023xp][Running/Manual Start]
  <system32\DRIVERS\Rtenicxp.sys><Realtek Semiconductor Corporation>
[Secdrv / Secdrv][Stopped/Manual Start]
  <system32\DRIVERS\secdrv.sys><Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.>
[SATALink driver accelerator / SiFilter][Running/Boot Start]
  <\SystemRoot\system32\drivers\SiWinAcc.sys><Silicon Image, Inc.>
[TCP/IP Protocol Driver / Tcpip][Running/System Start]
  <system32\DRIVERS\tcpip.sys><Microsoft Corporation>
[VMware Pointing Device / vmmouse][Running/Manual Start]
  <system32\DRIVERS\vmmouse.sys><VMware, Inc.>

==================================
浏览器加载项
[ThunderAtOnce Class]
  {01443AEC-0FD1-40fd-9C87-E93D1494C233} <C:\Program Files\Thunder Network\Thunder\ComDlls\TDAtOnce_Now.dll, (Signed) 深圳市迅雷网络技术有限公司>
[DetectAddin Class]
  {2D90D33C-DE76-42D0-9040-E4466DDC24AC} <C:\Program Files\Thunder Network\Thunder\Program\EmbedDetectNow.dll, (Signed) Xunlei>
[IEVkbdBHO Class]
  {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} <C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\ievkbd.dll, (Signed) Kaspersky Lab>
[IEFXZ]
  {6A49F431-2A2E-41a5-9080-0F41D1A3AEC2} <C:\PROGRA~1\IEfxz\iefxz.dll, >
[Thunder Browser Helper]
  {889D2FEB-5411-4565-8998-1DD2C5261283} <C:\Program Files\Thunder Network\Thunder\ComDlls\xunleiBHO_Now.dll, (Signed) 深圳市迅雷网络技术有限公司>
[FilterBHO Class]
  {E33CF602-D945-461A-83F0-819F76A199F8} <C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\klwtbbho.dll, (Signed) Kaspersky Lab>
[VirtualKeyboardButtonHandler Class]
  {4248FE82-7FCB-46AC-B270-339F08212110} <C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\klwtbbho.dll, (Signed) Kaspersky Lab>
[查看网页全部图片]
  {548BF84E-9665-47f9-B635-7380F8943E90} <, >
[信息检索(&R)]
  {92780B25-18CC-41C8-B9BE-3C9C571A8263} <C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL, (Signed) Microsoft Corporation>
[FilterButtonHandler Class]
  {CCF151D8-D089-449F-A5A4-D9909053F20F} <C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\klwtbbho.dll, (Signed) Kaspersky Lab>
[IEFXZTool]
  {61F0024B-8278-4999-B7E6-2718426D9FE6} <C:\PROGRA~1\IEfxz\iefxz.dll, >
[KUpdateObj2 Class]
  {D82303B7-A754-4DCB-8AFC-8CF99435AACE} <C:\WINDOWS\system32\KingSoft\KOS\UpdateOcx2.dll, (Signed) Kingsoft Corporation>
[ThunderAtOnce Class]
  {01443AEC-0FD1-40FD-9C87-E93D1494C233} <C:\Program Files\Thunder Network\Thunder\ComDlls\TDAtOnce_Now.dll, (Signed) 深圳市迅雷网络技术有限公司>
[Windows Media Player]
  {22D6F312-B0F6-11D0-94AB-0080C74C7E95} <C:\WINDOWS\system32\wmpdxm.dll, (Signed) Microsoft Corporation>
[DetectAddin Class]
  {2D90D33C-DE76-42D0-9040-E4466DDC24AC} <C:\Program Files\Thunder Network\Thunder\Program\EmbedDetectNow.dll, (Signed) Xunlei>
[VirtualKeyboardButtonHandler Class]
  {4248FE82-7FCB-46AC-B270-339F08212110} <C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\klwtbbho.dll, (Signed) Kaspersky Lab>
[Thunder Agent Class]
  {485463B7-8FB2-4B3B-B29B-8B919B0EACCE} <C:\Program Files\Thunder Network\Thunder\ComDlls\ThunderAgent5.9.17.1342.dll, (Signed) 深圳市迅雷网络技术有限公司>
[]
  {548BF84E-9665-47F9-B635-7380F8943E90} <, >
[IEVkbdBHO Class]
  {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} <C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\ievkbd.dll, (Signed) Kaspersky Lab>
[]
  {61F0024B-8278-4999-B7E6-2718426D9FE6} <, >
[XMP Class]
  {6483F145-A768-4C41-AACC-52D4D7845851} <C:\Documents and Settings\All Users\Application Data\Thunder Network\KanKan\xplayer.dll_1_work, Xunlei Networking Technologies,LTD>
[IEFXZHelper]
  {6A49F431-2A2E-41A5-9080-0F41D1A3AEC1} <C:\PROGRA~1\IEfxz\iefxz.dll, >
[IEFXZ]
  {6A49F431-2A2E-41A5-9080-0F41D1A3AEC2} <C:\PROGRA~1\IEfxz\iefxz.dll, >
[Windows Media Player]
  {6BF52A52-394A-11D3-B153-00C04F79FAA6} <C:\WINDOWS\system32\wmp.dll, (Signed) Microsoft Corporation>
[MediaComm Class]
  {7670648D-461B-42AF-BDFE-46D26AF5EFF2} <C:\Program Files\Thunder Network\Thunder\Components\InMedia\MediaAddin18.dll, N/A>
[Thunder Browser Helper]
  {889D2FEB-5411-4565-8998-1DD2C5261283} <C:\Program Files\Thunder Network\Thunder\ComDlls\xunleiBHO_Now.dll, (Signed) 深圳市迅雷网络技术有限公司>
[XML DOM 文档 5.0]
  {88D969E5-F192-11D4-A65F-0040963251E5} <C:\Program Files\Common Files\Microsoft Shared\OFFICE11\MSXML5.DLL, (Signed) Microsoft Corporation>
[XML DOM Document 6.0]
  {88D96A05-F192-11D4-A65F-0040963251E5} <C:\WINDOWS\system32\msxml6.dll, (Signed) Microsoft Corporation>
[]
  {92780B25-18CC-41C8-B9BE-3C9C571A8263} <, >
[OFrameObject Class]
  {9701758C-4373-482E-B13C-776C048EC890} <C:\Program Files\Common Files\Thunder Network\KanKan\DapCtrl.2.3.5919.287.(465).dll, (Signed) ShenZhen Thunder Networking Technologies Ltd.>
[VersionDetector Class]
  {9EFF1953-9694-47B1-AEF6-B2A3FE8BFE9B} <C:\Program Files\Common Files\Thunder Network\KanKan\vd.1.1.0.30.(169).dll, (Signed) 深圳市迅雷网络技术有限公司>
[HallToolkit Class]
  {A24E6133-404F-4431-A296-2DE576FC5AEE} <C:\Program Files\Common Files\Thunder Network\XLGame\HallTool.1.0.0.5.(169).dll, (Signed) 深圳市迅雷网络技术有限公司>
[APlayer Control]
  {A9322148-C691-4B9D-91FC-B9C461DBE9DD} <C:\Program Files\Common Files\Thunder Network\APlayer\APlayer_001.dll, (Signed) ShenZhen Thunder Networking Technologies, LTD>
[DapCtrl Class]
  {ACACC6EB-1FBA-4E13-A729-53AEB2DF54F8} <C:\Program Files\Common Files\Thunder Network\KanKan\DapCtrl.2.3.5919.287.(465).dll, (Signed) ShenZhen Thunder Networking Technologies Ltd.>
[FilterButtonHandler Class]
  {CCF151D8-D089-449F-A5A4-D9909053F20F} <C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\klwtbbho.dll, (Signed) Kaspersky Lab>
[VIDEO__X_MS_ASF Moniker Class]
  {CD3AFA8F-B84F-48F0-9393-7EDC34128127} <C:\WINDOWS\system32\wmp.dll, (Signed) Microsoft Corporation>
[Shockwave Flash Object]
  {D27CDB6E-AE6D-11CF-96B8-444553540000} <C:\WINDOWS\system32\Macromed\Flash\Flash10e.ocx, (Signed) Adobe Systems, Inc.>
[KUpdateObj2 Class]
  {D82303B7-A754-4DCB-8AFC-8CF99435AACE} <C:\WINDOWS\system32\KingSoft\KOS\UpdateOcx2.dll, (Signed) Kingsoft Corporation>
[FilterBHO Class]
  {E33CF602-D945-461A-83F0-819F76A199F8} <C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\klwtbbho.dll, (Signed) Kaspersky Lab>
[XML HTTP Request]
  {ED8C108E-4349-11D2-91A4-00C04F7969E8} <C:\WINDOWS\system32\msxml3.dll, (Signed) Microsoft Corporation>
[XPPlayer Class]
  {F3E70CEA-956E-49CC-B444-73AFE593AD7F} <C:\Program Files\Common Files\Thunder Network\KanKan\PPlayer.2.1.5871.228.(28).dll, (Signed) Xunlei Networking Technologies,LTD>
[XML HTTP]
  {F6D90F16-9C73-11D3-B32E-00C04F990BB4} <C:\WINDOWS\system32\msxml3.dll, (Signed) Microsoft Corporation>
[使用迅雷下载]
  <C:\Program Files\Thunder Network\Thunder\Program\GetUrl.htm, N/A>
[使用迅雷下载全部链接]
  <C:\Program Files\Thunder Network\Thunder\Program\GetAllUrl.htm, N/A>
[使用迅雷查看图片]
  <C:\Program Files\Thunder Network\Thunder\Program\repairimage.htm, N/A>
[导出到 Microsoft Office Excel(&X)]
  <res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000, N/A>

用户系统信息:Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1)
分享到:
gototop
 

回复:账号被盗,高手帮忙看下什么问题!!!在线等

==================================
正在运行的进程
[PID: 1020 / SYSTEM][\SystemRoot\System32\smss.exe]  [(Verified) Microsoft Corporation, 5.1.2600.5512 (xpsp.080413-2111)]
[PID: 1072 / SYSTEM][\??\C:\WINDOWS\system32\csrss.exe]  [(Verified) Microsoft Corporation, 5.1.2600.5512 (xpsp.080413-2111)]
[PID: 1096 / SYSTEM][\??\C:\WINDOWS\system32\winlogon.exe]  [Microsoft Corporation, 5.1.2600.5512 (xpsp.080413-2113)]
    [C:\WINDOWS\system32\uxtheme.dll]  [Microsoft Corporation, 6.00.2900.5512 (xpsp.080413-2105)]
    [C:\WINDOWS\system32\klogon.dll]  [Kaspersky Lab, 9.0.0.736]
[PID: 1148 / SYSTEM][C:\WINDOWS\system32\services.exe]  [(Verified) Microsoft Corporation, 5.1.2600.5512 (xpsp.080413-2111)]
[PID: 1160 / SYSTEM][C:\WINDOWS\system32\lsass.exe]  [(Verified) Microsoft Corporation, 5.1.2600.5512 (xpsp.080413-2113)]
    [C:\WINDOWS\system32\UxTheme.dll]  [Microsoft Corporation, 6.00.2900.5512 (xpsp.080413-2105)]
[PID: 1352 / SYSTEM][C:\WINDOWS\system32\svchost.exe]  [(Verified) Microsoft Corporation, 5.1.2600.5512 (xpsp.080413-2111)]
    [C:\WINDOWS\system32\UxTheme.dll]  [Microsoft Corporation, 6.00.2900.5512 (xpsp.080413-2105)]
[PID: 1444 / NETWORK SERVICE][C:\WINDOWS\system32\svchost.exe]  [(Verified) Microsoft Corporation, 5.1.2600.5512 (xpsp.080413-2111)]
    [C:\WINDOWS\system32\UxTheme.dll]  [Microsoft Corporation, 6.00.2900.5512 (xpsp.080413-2105)]
    [C:\WINDOWS\system32\xunyouip.dll]  [, 1, 0, 0, 2]
[PID: 1612 / SYSTEM][C:\WINDOWS\System32\svchost.exe]  [(Verified) Microsoft Corporation, 5.1.2600.5512 (xpsp.080413-2111)]
    [C:\WINDOWS\System32\UxTheme.dll]  [Microsoft Corporation, 6.00.2900.5512 (xpsp.080413-2105)]
    [C:\WINDOWS\system32\xunyouip.dll]  [, 1, 0, 0, 2]
[PID: 1720 / NETWORK SERVICE][C:\WINDOWS\system32\svchost.exe]  [(Verified) Microsoft Corporation, 5.1.2600.5512 (xpsp.080413-2111)]
    [C:\WINDOWS\system32\UxTheme.dll]  [Microsoft Corporation, 6.00.2900.5512 (xpsp.080413-2105)]
    [C:\WINDOWS\system32\xunyouip.dll]  [, 1, 0, 0, 2]
[PID: 1824 / LOCAL SERVICE][C:\WINDOWS\system32\svchost.exe]  [(Verified) Microsoft Corporation, 5.1.2600.5512 (xpsp.080413-2111)]
    [C:\WINDOWS\system32\UxTheme.dll]  [Microsoft Corporation, 6.00.2900.5512 (xpsp.080413-2105)]
[PID: 1972 / SYSTEM][C:\WINDOWS\system32\spoolsv.exe]  [(Verified) Microsoft Corporation, 5.1.2600.5512 (xpsp.080413-0852)]
    [C:\WINDOWS\system32\UxTheme.dll]  [Microsoft Corporation, 6.00.2900.5512 (xpsp.080413-2105)]
[PID: 376 / Administrator][C:\WINDOWS\Explorer.EXE]  [(Verified) Microsoft Corporation, 6.00.2900.5512 (xpsp.080413-2105)]
    [C:\WINDOWS\system32\UxTheme.dll]  [Microsoft Corporation, 6.00.2900.5512 (xpsp.080413-2105)]
    [C:\Program Files\WinRAR\rarext.dll]  [N/A, ]
    [C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\shellex.dll]  [Kaspersky Lab, 9.0.0.736]
    [C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\MSVCR80.dll]  [Microsoft Corporation, 8.00.50727.762]
    [C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\MSVCP80.dll]  [Microsoft Corporation, 8.00.50727.762]
    [C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\prremote.dll]  [Kaspersky Lab, 9.0.0.736]
    [C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\prloader.dll]  [Kaspersky Lab, 9.0.0.736]
    [C:\Program Files\Thunder Network\Thunder\ComDlls\TDAtOnce_Now.dll]  [深圳市迅雷网络技术有限公司, 5,9,17,1342]
    [C:\Program Files\Thunder Network\Thunder\ComDlls\ATL71.DLL]  [Microsoft Corporation, 7.10.6101.0]
    [C:\Program Files\Thunder Network\Thunder\ComDlls\MSVCP71.dll]  [Microsoft Corporation, 7.10.6030.0]
    [C:\Program Files\Thunder Network\Thunder\ComDlls\MSVCR71.dll]  [Microsoft Corporation, 7.10.6030.0]
    [C:\Program Files\Thunder Network\Thunder\ComDlls\xunleiBHO_Now.dll]  [深圳市迅雷网络技术有限公司, 5,9,17,1342]
[PID: 752 / Administrator][C:\WINDOWS\system32\ctfmon.exe]  [(Verified) Microsoft Corporation, 5.1.2600.5512 (xpsp.080413-2105)]
    [C:\WINDOWS\system32\UxTheme.dll]  [Microsoft Corporation, 6.00.2900.5512 (xpsp.080413-2105)]
[PID: 1532 / SYSTEM][C:\WINDOWS\system32\nvsvc32.exe]  [NVIDIA Corporation, 6.14.11.7824]
    [C:\WINDOWS\system32\nvapi.dll]  [NVIDIA Corporation, 6.14.11.7824]
    [C:\WINDOWS\system32\uxtheme.dll]  [Microsoft Corporation, 6.00.2900.5512 (xpsp.080413-2105)]
[PID: 3208 / LOCAL SERVICE][C:\WINDOWS\System32\alg.exe]  [(Verified) Microsoft Corporation, 5.1.2600.5512 (xpsp.080413-0852)]
    [C:\WINDOWS\System32\UxTheme.dll]  [Microsoft Corporation, 6.00.2900.5512 (xpsp.080413-2105)]
    [C:\WINDOWS\system32\xunyouip.dll]  [, 1, 0, 0, 2]
[PID: 2792 / Administrator][C:\Program Files\Internet Explorer\iexplore.exe]  [Microsoft Corporation, 7.00.6000.16762 (vista_gdr.081013-1507)]
    [C:\WINDOWS\system32\UxTheme.dll]  [Microsoft Corporation, 6.00.2900.5512 (xpsp.080413-2105)]
    [C:\WINDOWS\WinSxS\x86_Microsoft.Windows.GdiPlus_6595b64144ccf1df_1.0.2600.5581_x-ww_dfbc4fc4\gdiplus.dll]  [Microsoft Corporation, 5.1.3102.5581 (xpsp_sp3_qfe.080415-1416)]
    [C:\Program Files\Thunder Network\Thunder\ComDlls\TDAtOnce_Now.dll]  [深圳市迅雷网络技术有限公司, 5,9,17,1342]
    [C:\Program Files\Thunder Network\Thunder\ComDlls\ATL71.DLL]  [Microsoft Corporation, 7.10.6101.0]
    [C:\Program Files\Thunder Network\Thunder\ComDlls\MSVCP71.dll]  [Microsoft Corporation, 7.10.6030.0]
    [C:\Program Files\Thunder Network\Thunder\ComDlls\MSVCR71.dll]  [Microsoft Corporation, 7.10.6030.0]
    [C:\Program Files\Thunder Network\Thunder\Program\EmbedDetectNow.dll]  [Xunlei, 1, 0, 1, 14]
    [C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\ievkbd.dll]  [Kaspersky Lab, 9.0.0.736]
    [C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\MSVCR80.dll]  [Microsoft Corporation, 8.00.50727.762]
    [C:\PROGRA~1\IEfxz\iefxz.dll]  [, 1, 1, 2, 1]
    [C:\Program Files\Thunder Network\Thunder\ComDlls\xunleiBHO_Now.dll]  [深圳市迅雷网络技术有限公司, 5,9,17,1342]
    [C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\klwtbbho.dll]  [Kaspersky Lab, 9.0.0.736]
    [C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\klwtblc.dll]  [Kaspersky Lab, 9.0.0.736]
    [C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\kltbar.dll]  [Kaspersky Lab, 9.0.0.736]
    [C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\MSVCP80.dll]  [Microsoft Corporation, 8.00.50727.762]
    [C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\prremote.dll]  [Kaspersky Lab, 9.0.0.736]
    [C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\prloader.dll]  [Kaspersky Lab, 9.0.0.736]
    [C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\pxstub.ppl]  [Kaspersky Lab, 9.0.0.736]
    [C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\params.ppl]  [Kaspersky Lab, 9.0.0.736]
    [C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\winreg.ppl]  [Kaspersky Lab, 9.0.0.736]
    [C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\propmap.ppl]  [Kaspersky Lab, 9.0.0.736]
    [C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\nfio.ppl]  [Kaspersky Lab, 9.0.0.736]
    [C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\filemap.ppl]  [Kaspersky Lab, 9.0.0.736]
    [C:\WINDOWS\system32\xunyouip.dll]  [, 1, 0, 0, 2]
    [C:\WINDOWS\system32\SOGOUPY.IME]  [Sogou.com Inc., 3.6.0.1653]
    [C:\WINDOWS\system32\Macromed\Flash\Flash10e.ocx]  [Adobe Systems, Inc., 10,0,45,2]
    [C:\Program Files\Thunder Network\Thunder\ComDlls\ThunderAgent5.9.17.1342.dll]  [深圳市迅雷网络技术有限公司, 5,9,17,1342]
[PID: 2120 / Administrator][C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\klwtblfs.exe]  [Kaspersky Lab, 9.0.0.736]
    [C:\WINDOWS\system32\uxtheme.dll]  [Microsoft Corporation, 6.00.2900.5512 (xpsp.080413-2105)]
[PID: 2912 / NETWORK SERVICE][C:\WINDOWS\system32\wbem\wmiprvse.exe]  [(Verified) Microsoft Corporation, 5.1.2600.5512 (xpsp.080413-2108)]
    [C:\WINDOWS\system32\UxTheme.dll]  [Microsoft Corporation, 6.00.2900.5512 (xpsp.080413-2105)]
[PID: 3012 / Administrator][C:\Documents and Settings\Administrator\桌面\sreng2\SREngLdr.EXE]  [Smallfrogs Studio, 2.8.2.1321]
[PID: 1608 / Administrator][C:\Documents and Settings\Administrator\桌面\sreng2\SRE5e459eae.EXE]  [Smallfrogs Studio, 2.8.2.1321]
    [C:\WINDOWS\system32\uxtheme.dll]  [Microsoft Corporation, 6.00.2900.5512 (xpsp.080413-2105)]
    [C:\Documents and Settings\Administrator\桌面\sreng2\Upload\3rdUpd.DLL]  [Smallfrogs Studio, 2, 1, 0, 15]
    [C:\WINDOWS\system32\xunyouip.dll]  [, 1, 0, 0, 2]

==================================
文件关联
.TXT  OK. [%SystemRoot%\system32\NOTEPAD.EXE %1]
.EXE  OK. ["%1" %*]
.COM  OK. ["%1" %*]
.PIF  OK. ["%1" %*]
.REG  OK. [regedit.exe "%1"]
.BAT  OK. ["%1" %*]
.SCR  OK. ["%1" /S]
.CHM  OK. ["C:\WINDOWS\hh.exe" %1]
.HLP  OK. [%SystemRoot%\System32\winhlp32.exe %1]
.INI  OK. [%SystemRoot%\System32\NOTEPAD.EXE %1]
.INF  OK. [%SystemRoot%\System32\NOTEPAD.EXE %1]
.VBS  OK. [%SystemRoot%\System32\WScript.exe "%1" %*]
.JS  OK. [%SystemRoot%\System32\WScript.exe "%1" %*]
.LNK  OK. [{00021401-0000-0000-C000-000000000046}]

==================================
Winsock 提供者
MSAFD Tcpip [TCP/IP]
    C:\WINDOWS\system32\xunyouip.dll(, LSP 动态链接库)
MSAFD Tcpip [UDP/IP]
    C:\WINDOWS\system32\xunyouip.dll(, LSP 动态链接库)
MSAFD Tcpip [RAW/IP]
    C:\WINDOWS\system32\xunyouip.dll(, LSP 动态链接库)
RSVP UDP Service Provider
    C:\WINDOWS\system32\xunyouip.dll(, LSP 动态链接库)
RSVP TCP Service Provider
    C:\WINDOWS\system32\xunyouip.dll(, LSP 动态链接库)

==================================
Autorun.inf
N/A

==================================
HOSTS 文件
127.0.0.1      localhost

==================================
进程特权扫描
特殊特权被允许: SeLoadDriverPrivilege [PID = 1096, C:\WINDOWS\SYSTEM32\WINLOGON.EXE]

==================================
计划任务
N/A

==================================
Windows 安全更新检查
N/A

==================================
API HOOK
N/A

==================================
隐藏进程
N/A

==================================


[/CODE]

附件附件:

文件名:SREngLOG.log
下载次数:168
文件类型:application/octet-stream
文件大小:
上传时间:2010-5-14 15:41:12
描述:log

最后编辑jimcome 最后编辑于 2010-05-14 15:41:12
gototop
 

回复:账号被盗,高手帮忙看下什么问题!!!在线等

没人帮忙看么??
gototop
 

回复:账号被盗,高手帮忙看下什么问题!!!在线等

日志不全呀,将日志打包发送上来。
gototop
 

回复:账号被盗,高手帮忙看下什么问题!!!在线等

怎么打包哦。。。
gototop
 

回复:账号被盗,高手帮忙看下什么问题!!!在线等

已经打包了
gototop
 

回复:账号被盗,高手帮忙看下什么问题!!!在线等

版主看了没哦!!!!
gototop
 

回复:账号被盗,高手帮忙看下什么问题!!!在线等

除了这个文件c:\progra~1\iefxz\iefxz.dll
似乎没看出什么
gototop
 

回复:账号被盗,高手帮忙看下什么问题!!!在线等

删除不了,怎么处理呀。
gototop
 

回复:账号被盗,高手帮忙看下什么问题!!!在线等

日志未见异常。
gototop
 
12   1  /  2  页   跳转
页面顶部
Powered by Discuz!NT