瑞星卡卡安全论坛技术交流区反病毒/反流氓软件论坛 【求助】续贴,附上日志,请高手帮忙看是否有毒

12   1  /  2  页   跳转

【求助】续贴,附上日志,请高手帮忙看是否有毒

收藏
葡萄眼睛
头像
初生襁褓狮
  • 帖子:11
  • 注册: 2007-05-18
  • 来自:
发表于: 2007-05-19 00:05 | 只看楼主 短消息 资料
字号: 1楼

【求助】续贴,附上日志,请高手帮忙看是否有毒

先解释一下,因为是法语系统的电脑所以日志有小部分乱码但不影响整体,万分感谢!!

[CODE]

2007-05-18,17:46:36

System Repair Engineer 2.4.12.806
Smallfrogs (http://www.KZTechs.com)

Windows XP Professional Service Pack 2 (Build 2600) - ?????? - ????

???????:
    ???????(???????????????)
    ??????
    ???????(????????)
    ????
    Winsock ???
    Autorun.inf
    HOSTS ??


????
???
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
    <ctfmon.exe><C:\WINDOWS\system32\ctfmon.exe>  [(Verified)Microsoft Windows Publisher]
    <msnmsgr><"C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background>  [(Verified)Microsoft Corporation]
    <VoipStunt><; "E:\Program Files\VoipStunt.com\VoipStunt\VoipStunt.exe" -nosplash -minimized>  [(Verified)Finarea SA]
    <MSMSGS><"C:\Program Files\Messenger\MSMSGS.EXE" /background>  [(Verified)Microsoft Corporation]
    <VoipBuster><; "E:\Program Files\VoipBuster.com\VoipBuster\VoipBuster.exe" -nosplash -minimized>  [N/A]
[HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows]
    <load><>  [N/A]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
    <igfxhkcmd><C:\WINDOWS\system32\hkcmd.exe>  [(Verified)Microsoft Windows Hardware Compatibility Publisher]
    <High Definition Audio Property Page Shortcut><HDAShCut.exe>  [(Verified)Microsoft Windows XP Publisher]
    <SkyTel><SkyTel.EXE>  [(Verified)Microsoft Windows Hardware Compatibility Publisher]
    <Alcmtr><ALCMTR.EXE>  [(Verified)Microsoft Windows Hardware Compatibility Publisher]
    <IntelZeroConfig><"C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe">  [Intel Corporation]
    <IntelWireless><"C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe" /tf Intel PROSet/Wireless>  [Intel Corporation]
    <EOUApp><"C:\Program Files\Intel\Wireless\Bin\EOUWiz.exe">  [Intel Corporation]
    <CHotkey><mHotkey.exe>  [Chicony]
    <SMSERIAL><sm56hlpr.exe>  [(Verified)Microsoft Windows Hardware Compatibility Publisher]
    <KTPWare><C:\Program Files\Elantech\ktp.exe>  []
    <RemoteControl><"C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe">  [Cyberlink Corp.]
    <NeroFilterCheck><C:\WINDOWS\system32\NeroCheck.exe>  [Ahead Software Gmbh]
    <InCD><C:\Program Files\Ahead\InCD\InCD.exe>  [Nero AG]
    <IMJPMIG8.1><"C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32>  [(Verified)Microsoft Windows Publisher]
    <MSPY2002><C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC>  [(Verified)Microsoft Windows Publisher]
    <PHIME2002ASync><C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC>  [(Verified)Microsoft Windows Publisher]
    <PHIME2002A><C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName>  [(Verified)Microsoft Windows Publisher]
    <IMSCMIG40W><C:\PROGRA~1\FICHIE~1\MICROS~1\IME\IMSC40W\IMSCMIG.EXE /SetPreload /Log>  [Microsoft Corporation]
    <Logitech Hardware Abstraction Layer><KHALMNPR.EXE>  [(Verified)Microsoft Windows Hardware Compatibility Publisher]
    <Kernel and Hardware Abstraction Layer><KHALMNPR.EXE>  [(Verified)Microsoft Windows Hardware Compatibility Publisher]
    <CdnCtr><C:\Program Files\CNNIC\Cdn\cdnup.exe>  []
    <Google IME Autoupdater><"C:\Program Files\Google\Google Pinyin\GooglePinyinDaemon.exe">  [(Verified)Google Inc]
    <ShStatEXE><"C:\Program Files\Network Associates\VirusScan\SHSTAT.EXE" /STANDALONE>  [Network Associates, Inc.]
    <McAfeeUpdaterUI><"C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe" /StartedFromRunKey>  [Network Associates, Inc.]
    <Network Associates Error Reporting Service><"C:\Program Files\Fichiers communs\Network Associates\TalkBack\TBMon.exe">  [Network Associates, Inc.]
    <QuickTime Task><"C:\Program Files\QuickTime\qttask.exe" -atboottime>  [Apple Inc.]
    <wosa><C:\DOCUME~1\YXIUAN~1\LOCALS~1\Temp\woso.exe>  [N/A]
    <ztsa><C:\DOCUME~1\YXIUAN~1\LOCALS~1\Temp\ztso.exe>  []
    <mhsa><C:\DOCUME~1\YXIUAN~1\LOCALS~1\Temp\mhso.exe>  []
    <fysa><C:\DOCUME~1\YXIUAN~1\LOCALS~1\Temp\fyso.exe>  []
    <jtsa><C:\DOCUME~1\YXIUAN~1\LOCALS~1\Temp\jtso.exe>  []
    <wlsa><C:\DOCUME~1\YXIUAN~1\LOCALS~1\Temp\wlso.exe>  []
    <wgsa><C:\DOCUME~1\YXIUAN~1\LOCALS~1\Temp\wgso.exe>  []
    <wmsa><C:\DOCUME~1\YXIUAN~1\LOCALS~1\Temp\wmso.exe>  []
    <qjsa><C:\DOCUME~1\YXIUAN~1\LOCALS~1\Temp\qjso.exe>  []
    <rxsa><C:\DOCUME~1\YXIUAN~1\LOCALS~1\Temp\rxso.exe>  []
    <wdsa><C:\DOCUME~1\YXIUAN~1\LOCALS~1\Temp\wdso.exe>  []
    <tlsa><C:\DOCUME~1\YXIUAN~1\LOCALS~1\Temp\tlso.exe>  []
    <dasa><C:\DOCUME~1\YXIUAN~1\LOCALS~1\Temp\daso.exe>  []
    <igfxpers><; C:\WINDOWS\system32\igfxpers.exe>  [(Verified)Microsoft Windows Hardware Compatibility Publisher]
    <igfxtray><; C:\WINDOWS\system32\igfxtray.exe>  [(Verified)Microsoft Windows Hardware Compatibility Publisher]
    <PrevxOne><; "C:\Program Files\Prevx1\PXConsole.exe">  [Prevx]
    <RTHDCPL><; RTHDCPL.EXE>  [(Verified)Microsoft Windows Hardware Compatibility Publisher]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
    <shell><Explorer.exe>  [(Verified)Microsoft Windows Publisher]
    <Userinit><C:\WINDOWS\system32\userinit.exe,>  [(Verified)Microsoft Windows Publisher]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Windows]
    <AppInit_DLLs><>  [N/A]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
    <GinaDLL><IWPDGINA.DLL>  [Intel Corporation]
    <UIHost><logonui.exe>  [(Verified)Microsoft Windows Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
    <{01F6EB6F-AB5C-1FDD-6E5B-FB6EE3CC6CD6}><C:\Program Files\Internet Explorer\HiJack.dll>  [Microsoft Corporation]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
    <WPDShServiceObj><C:\WINDOWS\system32\WPDShServiceObj.dll>  [(Verified)Microsoft Windows Component Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\igfxcui]
    <WinlogonNotify: igfxcui><igfxdev.dll>  [(Verified)Microsoft Windows Hardware Compatibility Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WgaLogon]
    <WinlogonNotify: WgaLogon><WgaLogon.dll>  [(Verified)Microsoft Corporation]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\<{12d0ed0d-0ee0-4f90-8827-78cefb8f4988}]
    <IE7 Uninstall Stub><C:\WINDOWS\system32\ieudinit.exe>  [(Verified)Microsoft Windows Component Publisher]
最后编辑2007-05-22 11:03:33
分享到:
gototop
 
葡萄眼睛
头像
初生襁褓狮
  • 帖子:11
  • 注册: 2007-05-18
  • 来自:
发表于: 2007-05-19 00:06 | 只看楼主 短消息 资料
字号: 2楼

【回复“葡萄眼睛”的帖子】

==================================
?????
[Lancement rapide d'Adobe Reader]
  <C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage\Lancement rapide d'Adobe Reader.lnk --> C:\PROGRA~1\Adobe\ACROBA~1.0\Reader\READER~1.EXE [Adobe Systems Incorporated]><N>
[Logitech SetPoint]
  <C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage\Logitech SetPoint.lnk --> C:\PROGRA~1\Logitech\SetPoint\SetPoint.exe [Logitech Inc.]><N>

==================================
??
[Intel(R) PROSet/Wireless Event Log / EvtEng][Running/Auto Start]
  <C:\Program Files\Intel\Wireless\Bin\EvtEng.exe><Intel Corporation>
[Windows Presentation Foundation Font Cache 3.0.0.0 / FontCache3.0.0.0][Stopped/Manual Start]
  <c:\WINDOWS\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe><Microsoft Corporation>
[Accès du périphérique d'interface utilisateur / HidServ][Stopped/Disabled]
  <C:\WINDOWS\System32\svchost.exe -k netsvcs-->%SystemRoot%\System32\hidserv.dll><N/A>
[Windows CardSpace / idsvc][Stopped/Manual Start]
  <"C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe"><Microsoft Corporation>
[InCD Helper / InCDsrv][Running/Auto Start]
  <C:\Program Files\Ahead\InCD\InCDsrv.exe><Nero AG>
[InCD Helper (read only) / InCDsrvR][Stopped/Auto Start]
  <C:\Program Files\Ahead\InCD\InCDsrv.exe -r><Nero AG>
[Service Framework McAfee / McAfeeFramework][Running/Auto Start]
  <C:\Program Files\Network Associates\Common Framework\FrameworkService.exe /ServiceStart><Network Associates, Inc.>
[Network Associates McShield / McShield][Running/Auto Start]
  <"C:\Program Files\Network Associates\VirusScan\Mcshield.exe"><Network Associates, Inc.>
[Network Associates Task Manager / McTaskManager][Running/Auto Start]
  <"C:\Program Files\Network Associates\VirusScan\VsTskMgr.exe"><Network Associates, Inc.>
[Net.Tcp Port Sharing Service / NetTcpPortSharing][Stopped/Disabled]
  <"C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe"><Microsoft Corporation>
[Prevx Agent / PREVXAgent][Running/Auto Start]
  <"C:\Program Files\Prevx1\PXAgent.exe" -f><Prevx>
[Intel(R) PROSet/Wireless Registry Service / RegSrvc][Running/Auto Start]
  <C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe><Intel Corporation>
[Intel(R) PROSet/Wireless Service / S24EventMonitor][Running/Auto Start]
  <C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe><Intel Corporation>
[Intel(R) PROSet/Wireless SSO Service / WLANKEEPER][Running/Auto Start]
  <C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe><Intel(R) Corporation>

==================================
????
[AEGIS Protocol (IEEE 802.1x) v3.4.10.0 / AegisP][Running/Auto Start]
  <system32\DRIVERS\AegisP.sys><Meetinghouse Data Communications>
[Microsoft UAA Function Driver for High Definition Audio Service / HdAudAddService][Stopped/Manual Start]
  <system32\drivers\HdAudio.sys><Windows (R) Server 2003 DDK provider>
[Microsoft UAA Bus Driver for High Definition Audio / HDAudBus][Running/Manual Start]
  <system32\DRIVERS\HDAudBus.sys><Windows (R) Server 2003 DDK provider>
[ialm / ialm][Running/Manual Start]
  <system32\DRIVERS\ialmnt5.sys><Intel Corporation>
[InCDPass / InCDPass][Running/System Start]
  <System32\DRIVERS\InCDPass.sys><Nero AG>
[Service for Realtek HD Audio (WDM) / IntcAzAudAddService][Running/Manual Start]
  <system32\drivers\RtkHDAud.sys><Realtek Semiconductor Corp.>
[Elantech Touchpad / Ktp][Stopped/Manual Start]
  <system32\DRIVERS\Ktp.sys><ELANTECH Devices Corp.>
[Logitech SetPoint Keyboard Driver / L8042Kbd][Running/Manual Start]
  <system32\DRIVERS\L8042Kbd.sys><Logitech Inc.>
[SetPoint PS/2 Mouse Filter Driver / L8042mou][Running/Manual Start]
  <system32\DRIVERS\L8042mou.Sys><Logitech Inc.>
[LBeepKE / LBeepKE][Running/Auto Start]
  <System32\Drivers\LBeepKE.sys><Logitech Inc.>
[SetPoint HID Mouse Filter Driver / LHidKe][Running/Manual Start]
  <system32\DRIVERS\LHidKE.Sys><Logitech Inc.>
[SetPoint USB Receiver device driver / LHidUsbK][Running/Manual Start]
  <System32\Drivers\LHidUsbK.Sys><Logitech Inc.>
[SetPoint Mouse Filter Driver / LMouKE][Running/Manual Start]
  <system32\DRIVERS\LMouKE.Sys><Logitech Inc.>
[NaiAvFilter1 / NaiAvFilter1][Running/Manual Start]
  <system32\drivers\naiavf5x.sys><Network Associates, Inc.>
[NaiAvTdi1 / NaiAvTdi1][Running/System Start]
  <system32\drivers\mvstdi5x.sys><Network Associates, Inc.>
[PREVX Kernel Mode Agent / PrevxDriver][Running/Boot Start]
  <\SystemRoot\system32\DRIVERS\pxfsf.sys><Prevx Limited, http://www.prevx1.com/>
[PREVX Emulator driver / PREVXEmulator][Running/Manual Start]
  <system32\DRIVERS\PxEmu.sys><Prevx Limited, http://www.prevx1.com/>
[PREVX TDI filter / PREVXTdi][Running/System Start]
  <system32\DRIVERS\pxtdi.sys><Prevx Limited, http://www.prevx1.com/>
[Pilote de liaison parallèle directe / Ptilink][Running/Manual Start]
  <system32\DRIVERS\ptilink.sys><Parallel Technologies, Inc.>
[PREVX Rootkitscan driver / PXRDDriver][Running/System Start]
  <system32\DRIVERS\pxrd.sys><N/A>
[Realtek 10/100/1000 NIC Family all in one NDIS XP Driver / RTL8023xp][Running/Manual Start]
  <system32\DRIVERS\Rtnicxp.sys><Realtek Semiconductor Corporation>
[Transport RLAN / s24trans][Running/Auto Start]
  <system32\DRIVERS\s24trans.sys><Intel Corporation>
[Secdrv / Secdrv][Stopped/Manual Start]
  <system32\DRIVERS\secdrv.sys><N/A>
[smserial / smserial][Running/Manual Start]
  <system32\DRIVERS\smserial.sys><Motorola Inc.>
[Pilote de filtrage Sony USB (SONYPVU1) / SONYPVU1][Stopped/Manual Start]
  <system32\DRIVERS\SONYPVU1.SYS><Sony Corporation>
[tifm21 / tifm21][Running/Manual Start]
  <system32\drivers\tifm21.sys><Texas Instruments>
[Intel(R) PRO/Wireless 3945ABG Adapter Driver / w39n51][Running/Manual Start]
  <system32\DRIVERS\w39n51.sys><Intel? Corporation>
[EntDrv51 / EntDrv51][Running/Manual Start]
  <\??\C:\WINDOWS\system32\drivers\EntDrv51.sys><Network Associates, Inc>
gototop
 
葡萄眼睛
头像
初生襁褓狮
  • 帖子:11
  • 注册: 2007-05-18
  • 来自:
发表于: 2007-05-19 00:07 | 只看楼主 短消息 资料
字号: 3楼

【回复“葡萄眼睛”的帖子】

==================================
??????
[]
  {53707962-6F74-2D53-2644-206D7942484F} <C:\PROGRA~1\SPYBOT~1\SDHelper.dll, Safer Networking Limited>
[URLDetector Class]
  {55EA1964-F5E4-4D6A-B9B2-125B37655FCB} <C:\Documents and Settings\All Users\Application Data\Prevx\pxbho.dll, Prevx Ltd.>
[CdnForIE Class]
  {5C3853CF-C7E0-4946-B3FA-1ABDB6F48108} <C:\PROGRA~1\CNNIC\Cdn\cdnforie.dll, CNNIC>
[Windows Live Sign-in Helper]
  {9030D464-4C02-4ABF-8ECC-5164760863C6} <C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll, Microsoft Corporation>
[CdnForIE Class]
  {5C3853CF-C7E0-4946-B3FA-1ABDB6F48108} <C:\PROGRA~1\CNNIC\Cdn\cdnforie.dll, CNNIC>
[&Rechercher]
  {92780B25-18CC-41C8-B9BE-3C9C571A8263} <C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL, Microsoft Corporation>
[]
  {e2e2dd38-d088-4134-82b7-f2ba38496583} <%windir%\Network Diagnostic\xpnetdiag.exe, N/A>
[Messenger]
  {FB5F1910-F110-11d2-BB9E-00C04F795683} <C:\Program Files\Messenger\MSMSGS.EXE, Microsoft Corporation>
[WUWebControl Class]
  {6414512B-B978-451D-A0D8-FCFDF33E833C} <C:\WINDOWS\system32\wuweb.dll, Microsoft Corporation>
[MUWebControl Class]
  {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} <C:\WINDOWS\system32\muweb.dll, Microsoft Corporation>
[Shockwave Flash Object]
  {D27CDB6E-AE6D-11CF-96B8-444553540000} <C:\WINDOWS\system32\Macromed\Flash\Flash9b.ocx, Adobe Systems, Inc.>
[Windows Genuine Advantage Validation Tool]
  {17492023-C23A-453E-A040-C7C580BBF700} <C:\WINDOWS\system32\legitcheckcontrol.dll, Microsoft Corporation>
[DHTML Edit Control Safe for Scripting for IE5]
  {2D360201-FFF5-11D1-8D03-00A0C959BC0A} <C:\Program Files\Fichiers communs\Microsoft Shared\Triedit\dhtmled.ocx, Microsoft Corporation>
[XML Document]
  {48123BC4-99D9-11D1-A6B3-00C04FD91555} <C:\WINDOWS\system32\msxml3.dll, Microsoft Corporation>
[]
  {53707962-6F74-2D53-2644-206D7942484F} <C:\PROGRA~1\SPYBOT~1\SDHelper.dll, Safer Networking Limited>
[Shell Name Space]
  {55136805-B2DE-11D1-B9F2-00A0C98BC547} <C:\WINDOWS\system32\ieframe.dll, Microsoft Corporation>
[URLDetector Class]
  {55EA1964-F5E4-4D6A-B9B2-125B37655FCB} <C:\Documents and Settings\All Users\Application Data\Prevx\pxbho.dll, Prevx Ltd.>
[CdnForIE Class]
  {5C3853CF-C7E0-4946-B3FA-1ABDB6F48108} <C:\PROGRA~1\CNNIC\Cdn\cdnforie.dll, CNNIC>
[WUWebControl Class]
  {6414512B-B978-451D-A0D8-FCFDF33E833C} <C:\WINDOWS\system32\wuweb.dll, Microsoft Corporation>
[Windows Media Player]
  {6BF52A52-394A-11D3-B153-00C04F79FAA6} <C:\WINDOWS\system32\wmp.dll, Microsoft Corporation>
[MUWebControl Class]
  {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} <C:\WINDOWS\system32\muweb.dll, Microsoft Corporation>
[Active Desktop Mover]
  {72267F6A-A6F9-11D0-BC94-00C04FB67863} <%SystemRoot%\system32\SHELL32.dll, N/A>
[Microsoft Web Browser]
  {8856F961-340A-11D0-A96B-00C04FD705A2} <C:\WINDOWS\system32\ieframe.dll, Microsoft Corporation>
[Windows Live Sign-in Helper]
  {9030D464-4C02-4ABF-8ECC-5164760863C6} <C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll, Microsoft Corporation>
[SearchAssistantOC]
  {B45FF030-4447-11D2-85DE-00C04FA35C89} <%SystemRoot%\system32\shdocvw.dll, N/A>
[AUDIO__MP3 Moniker Class]
  {CD3AFA76-B84F-48F0-9393-7EDC34128127} <C:\WINDOWS\system32\wmp.dll, Microsoft Corporation>
[Windows Live Sign-in Control]
  {D2517915-48CE-4286-970F-921E881B8C5C} <C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll, Microsoft Corporation>
[Shockwave Flash Object]
  {D27CDB6E-AE6D-11CF-96B8-444553540000} <C:\WINDOWS\system32\Macromed\Flash\Flash9b.ocx, Adobe Systems, Inc.>
[XML HTTP Request]
  {ED8C108E-4349-11D2-91A4-00C04F7969E8} <C:\WINDOWS\system32\msxml3.dll, Microsoft Corporation>
[XML HTTP]
  {F6D90F16-9C73-11D3-B32E-00C04F990BB4} <C:\WINDOWS\system32\msxml3.dll, Microsoft Corporation>
gototop
 
葡萄眼睛
头像
初生襁褓狮
  • 帖子:11
  • 注册: 2007-05-18
  • 来自:
发表于: 2007-05-19 00:08 | 只看楼主 短消息 资料
字号: 4楼

【回复“葡萄眼睛”的帖子】

==================================
???????
[PID: 888][\SystemRoot\System32\smss.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 948][\??\C:\WINDOWS\system32\csrss.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 972][\??\C:\WINDOWS\system32\winlogon.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
    [C:\WINDOWS\system32\IWPDGINA.DLL]  [Intel Corporation, 10, 1, 1, 12]
    [C:\Program Files\Intel\Wireless\Bin\SsoGnFRA.dll]  [Intel Corporation, 10, 1, 1, 12]
    [C:\WINDOWS\system32\WgaLogon.dll]  [Microsoft Corporation, 1.7.0018.5]
    [C:\WINDOWS\system32\GOOGLEPINYIN.IME]  [Google Inc., ]
    [C:\WINDOWS\system32\msacm32.drv]  [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)]
[PID: 1020][C:\WINDOWS\system32\services.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
    [C:\WINDOWS\AppPatch\AcAdProc.dll]  [Microsoft Corporation, 5.1.2600.3008 (xpsp.061004-0027)]
    [C:\WINDOWS\system32\EntApi.dll]  [Network Associates, Inc, 8.0.0.240]
    [C:\WINDOWS\system32\Normaliz.dll]  [Microsoft Corporation, 6.0.5441.0 (winmain(wmbla).060628-1735)]
    [C:\WINDOWS\system32\iertutil.dll]  [Microsoft Corporation, 7.00.6000.16441 (vista_gdr.070219-1500)]
[PID: 1032][C:\WINDOWS\system32\lsass.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
    [C:\WINDOWS\system32\EntApi.dll]  [Network Associates, Inc, 8.0.0.240]
    [C:\WINDOWS\system32\Normaliz.dll]  [Microsoft Corporation, 6.0.5441.0 (winmain(wmbla).060628-1735)]
    [C:\WINDOWS\system32\iertutil.dll]  [Microsoft Corporation, 7.00.6000.16441 (vista_gdr.070219-1500)]
[PID: 1196][C:\WINDOWS\system32\svchost.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
    [C:\WINDOWS\system32\EntApi.dll]  [Network Associates, Inc, 8.0.0.240]
    [C:\WINDOWS\system32\Normaliz.dll]  [Microsoft Corporation, 6.0.5441.0 (winmain(wmbla).060628-1735)]
    [C:\WINDOWS\system32\iertutil.dll]  [Microsoft Corporation, 7.00.6000.16441 (vista_gdr.070219-1500)]
[PID: 1272][C:\WINDOWS\system32\svchost.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
    [C:\WINDOWS\system32\EntApi.dll]  [Network Associates, Inc, 8.0.0.240]
    [C:\WINDOWS\system32\Normaliz.dll]  [Microsoft Corporation, 6.0.5441.0 (winmain(wmbla).060628-1735)]
    [C:\WINDOWS\system32\iertutil.dll]  [Microsoft Corporation, 7.00.6000.16441 (vista_gdr.070219-1500)]
[PID: 1520][C:\WINDOWS\System32\svchost.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
    [C:\WINDOWS\system32\Normaliz.dll]  [Microsoft Corporation, 6.0.5441.0 (winmain(wmbla).060628-1735)]
    [C:\WINDOWS\system32\iertutil.dll]  [Microsoft Corporation, 7.00.6000.16441 (vista_gdr.070219-1500)]
    [C:\WINDOWS\system32\EntApi.dll]  [Network Associates, Inc, 8.0.0.240]
[PID: 2288][C:\WINDOWS\Explorer.EXE]  [Microsoft Corporation, 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)]
    [C:\WINDOWS\system32\Normaliz.dll]  [Microsoft Corporation, 6.0.5441.0 (winmain(wmbla).060628-1735)]
    [C:\WINDOWS\system32\iertutil.dll]  [Microsoft Corporation, 7.00.6000.16441 (vista_gdr.070219-1500)]
    [C:\WINDOWS\system32\EntApi.dll]  [Network Associates, Inc, 8.0.0.240]
    [C:\WINDOWS\system32\GOOGLEPINYIN.IME]  [Google Inc., ]
    [C:\WINDOWS\system32\ieframe.dll]  [Microsoft Corporation, 7.00.6000.16441 (vista_gdr.070219-1500)]
    [C:\WINDOWS\system32\WPDShServiceObj.dll]  [Microsoft Corporation, 5.2.5721.5145 (WMP_11.061018-2006)]
    [C:\WINDOWS\system32\PortableDeviceTypes.dll]  [Microsoft Corporation, 5.2.5721.5145 (WMP_11.061018-2006)]
    [C:\WINDOWS\system32\PortableDeviceApi.dll]  [Microsoft Corporation, 5.2.5721.5145 (WMP_11.061018-2006)]
    [C:\WINDOWS\system32\msacm32.drv]  [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)]
    [C:\Program Files\Internet Explorer\HiJack.dll]  [Microsoft Corporation, 1. 0. 0. 1]
    [C:\DOCUME~1\YXIUAN~1\LOCALS~1\Temp\ztso0.dll]  [N/A, ]
    [C:\DOCUME~1\YXIUAN~1\LOCALS~1\Temp\mhso0.dll]  [N/A, ]
    [C:\DOCUME~1\YXIUAN~1\LOCALS~1\Temp\fyso0.dll]  [N/A, ]
    [C:\DOCUME~1\YXIUAN~1\LOCALS~1\Temp\jtso0.dll]  [N/A, ]
    [C:\DOCUME~1\YXIUAN~1\LOCALS~1\Temp\wlso0.dll]  [N/A, ]
    [C:\DOCUME~1\YXIUAN~1\LOCALS~1\Temp\wgso0.dll]  [N/A, ]
    [C:\DOCUME~1\YXIUAN~1\LOCALS~1\Temp\wmso0.dll]  [N/A, ]
    [C:\DOCUME~1\YXIUAN~1\LOCALS~1\Temp\qjso0.dll]  [N/A, ]
    [C:\Program Files\Network Associates\VirusScan\scriptproxy.dll]  [Network Associates, Inc., 8.0.0.912]
    [C:\Program Files\Network Associates\VirusScan\mytilus.dll]  [Network Associates, Inc., 8.0.0.251]
    [C:\Program Files\Network Associates\VirusScan\Res0C\McShield.dll]  [Network Associates, Inc., 8.0.0.251]
    [C:\Program Files\Fichiers communs\Network Associates\Engine\mcscan32.dll]  [McAfee, Inc., 5.1.00]
    [C:\DOCUME~1\YXIUAN~1\LOCALS~1\Temp\rxso0.dll]  [N/A, ]
    [C:\DOCUME~1\YXIUAN~1\LOCALS~1\Temp\wdso0.dll]  [N/A, ]
    [C:\DOCUME~1\YXIUAN~1\LOCALS~1\Temp\tlso0.dll]  [N/A, ]
    [C:\DOCUME~1\YXIUAN~1\LOCALS~1\Temp\daso0.dll]  [N/A, ]
    [C:\Program Files\Adobe\Acrobat 7.0\ActiveX\PDFShell.dll]  [Adobe Systems, Inc., 7.0.0.0]
    [C:\Program Files\Ahead\InCD\incdshx.dll]  [Nero AG, 4, 3, 23, 2]
    [C:\WINDOWS\system32\igfxpph.dll]  [Intel Corporation, 3.0.0.4543]
    [C:\WINDOWS\system32\hccutils.DLL]  [Intel Corporation, 3.0.0.4543]
    [C:\WINDOWS\system32\igfxres.dll]  [Intel Corporation, 3.0.0.4543]
    [C:\WINDOWS\system32\igfxress.dll]  [Intel Corporation, 3.0.0.4543]
    [C:\WINDOWS\system32\igfxsrvc.dll]  [Intel Corporation, 3.0.0.4543]
    [C:\PROGRA~1\SPYBOT~1\SDHelper.dll]  [Safer Networking Limited, 1, 4, 0, 0]
    [C:\Program Files\Microsoft Office\OFFICE11\msohev.dll]  [Microsoft Corporation, 11.0.5510]
    [C:\Program Files\PowerArchiver\PASHLEXT.DLL]  [ConeXware, Inc., 9.6.1.3]
    [C:\Program Files\Network Associates\VirusScan\shext.dll]  [Network Associates, Inc., 8.0.0.912]
    [C:\Program Files\Network Associates\VirusScan\RES0c\ShExtRes.dll]  [Network Associates, Inc., 8.0.0.912]
[PID: 2332][C:\WINDOWS\system32\ctfmon.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
    [C:\WINDOWS\system32\GOOGLEPINYIN.IME]  [Google Inc., ]
    [C:\WINDOWS\system32\Normaliz.dll]  [Microsoft Corporation, 6.0.5441.0 (winmain(wmbla).060628-1735)]
    [C:\WINDOWS\system32\iertutil.dll]  [Microsoft Corporation, 7.00.6000.16441 (vista_gdr.070219-1500)]
[PID: 3196][C:\WINDOWS\system32\hkcmd.exe]  [Intel Corporation, 3.0.0.4543]
    [C:\WINDOWS\system32\hccutils.DLL]  [Intel Corporation, 3.0.0.4543]
    [C:\WINDOWS\system32\igfxsrvc.dll]  [Intel Corporation, 3.0.0.4543]
    [C:\WINDOWS\system32\GOOGLEPINYIN.IME]  [Google Inc., ]
    [C:\WINDOWS\system32\igfxres.dll]  [Intel Corporation, 3.0.0.4543]
gototop
 
葡萄眼睛
头像
初生襁褓狮
  • 帖子:11
  • 注册: 2007-05-18
  • 来自:
发表于: 2007-05-19 00:10 | 只看楼主 短消息 资料
字号: 5楼

【回复“葡萄眼睛”的帖子】

[PID: 3296][C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe]  [Intel Corporation, 10, 1, 1, 45]
    [C:\Program Files\Intel\Wireless\bin\PfMgrApi.dll]  [Intel Corporation, 10, 1, 1, 48]
    [C:\Program Files\Intel\Wireless\bin\TraceAPI.DLL]  [Intel Corporation, 10, 1, 1, 5]
    [C:\Program Files\Intel\Wireless\bin\PsRegApi.dll]  [Intel Corporation, 10, 1, 1, 2]
    [C:\Program Files\Intel\Wireless\bin\DbEngine.dll]  [Intel Corporation, 10, 1, 1, 14]
    [C:\Program Files\Intel\Wireless\bin\LIBEAY32.dll]  [N/A, ]
    [C:\Program Files\Intel\Wireless\bin\IntStngs.dll]  [, 10, 1, 1, 3]
    [C:\Program Files\Intel\Wireless\bin\MurocApi.dll]  [Intel Corporation, 10, 1, 1, 39]
    [C:\Program Files\Intel\Wireless\bin\S24MUDLL.dll]  [Intel Corporation, 10, 1, 1, 1]
    [C:\Program Files\Intel\Wireless\Bin\ZcSvcFRA.dll]  [Intel Corporation, 10, 1, 1, 45]
    [C:\WINDOWS\system32\GOOGLEPINYIN.IME]  [Google Inc., ]
[PID: 3312][C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe]  [Intel Corporation, 10, 1, 1, 19]
    [C:\Program Files\Intel\Wireless\Bin\PsRegApi.dll]  [Intel Corporation, 10, 1, 1, 2]
    [C:\Program Files\Intel\Wireless\Bin\LIBEAY32.dll]  [N/A, ]
    [C:\Program Files\Intel\Wireless\Bin\IntStngs.dll]  [, 10, 1, 1, 3]
    [C:\Program Files\Intel\Wireless\Bin\TraceAPI.DLL]  [Intel Corporation, 10, 1, 1, 5]
    [C:\Program Files\Intel\Wireless\Bin\FrWrkFRA.dll]  [Intel Corporation, 10, 1, 1, 19]
    [C:\WINDOWS\system32\GOOGLEPINYIN.IME]  [Google Inc., ]
    [C:\Program Files\Intel\Wireless\Bin\FrameworkPlugins\ConnMgr.dll]  [Intel Corporation, 10, 1, 1, 164]
    [C:\Program Files\Intel\Wireless\Bin\MurocApi.dll]  [Intel Corporation, 10, 1, 1, 39]
    [C:\Program Files\Intel\Wireless\Bin\S24MUDLL.dll]  [Intel Corporation, 10, 1, 1, 1]
    [C:\Program Files\Intel\Wireless\Bin\PfMgrApi.dll]  [Intel Corporation, 10, 1, 1, 48]
    [C:\Program Files\Intel\Wireless\Bin\DbEngine.dll]  [Intel Corporation, 10, 1, 1, 14]
    [C:\Program Files\Intel\Wireless\Bin\IntWAFRA.dll]  [Intel Corporation, 10, 1, 1, 164]
[PID: 3336][C:\Program Files\Intel\Wireless\Bin\EOUWiz.exe]  [Intel Corporation, 10, 1, 1, 17]
    [C:\Program Files\Intel\Wireless\Bin\PsRegApi.dll]  [Intel Corporation, 10, 1, 1, 2]
    [C:\Program Files\Intel\Wireless\Bin\MurocApi.dll]  [Intel Corporation, 10, 1, 1, 39]
    [C:\Program Files\Intel\Wireless\Bin\S24MUDLL.dll]  [Intel Corporation, 10, 1, 1, 1]
    [C:\Program Files\Intel\Wireless\Bin\TraceAPI.DLL]  [Intel Corporation, 10, 1, 1, 5]
    [C:\Program Files\Intel\Wireless\Bin\IntStngs.dll]  [, 10, 1, 1, 3]
    [C:\Program Files\Intel\Wireless\Bin\LIBEAY32.dll]  [N/A, ]
    [C:\Program Files\Intel\Wireless\Bin\PfMgrApi.dll]  [Intel Corporation, 10, 1, 1, 48]
    [C:\Program Files\Intel\Wireless\Bin\DbEngine.dll]  [Intel Corporation, 10, 1, 1, 14]
    [C:\Program Files\Intel\Wireless\Bin\EOUWzFRA.dll]  [Intel Corporation, 10, 1, 1, 17]
    [C:\WINDOWS\system32\GOOGLEPINYIN.IME]  [Google Inc., ]
    [C:\WINDOWS\system32\Normaliz.dll]  [Microsoft Corporation, 6.0.5441.0 (winmain(wmbla).060628-1735)]
    [C:\WINDOWS\system32\iertutil.dll]  [Microsoft Corporation, 7.00.6000.16441 (vista_gdr.070219-1500)]
[PID: 3372][C:\WINDOWS\mHotkey.exe]  [Chicony, 2, 2, 1, 0]
    [C:\WINDOWS\HKNTDLL.dll]  [N/A, ]
    [C:\WINDOWS\system32\GOOGLEPINYIN.IME]  [Google Inc., ]
    [C:\WINDOWS\system32\msacm32.drv]  [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)]
[PID: 3468][C:\WINDOWS\sm56hlpr.exe]  [Motorola Inc., 6.11.02]
    [C:\WINDOWS\sm56eng.dll]  [N/A, ]
    [C:\WINDOWS\sm56fra.dll]  [N/A, ]
    [C:\WINDOWS\sm56brz.dll]  [N/A, ]
    [C:\WINDOWS\sm56chs.dll]  [N/A, ]
    [C:\WINDOWS\sm56cht.dll]  [N/A, ]
    [C:\WINDOWS\sm56ger.dll]  [N/A, ]
    [C:\WINDOWS\sm56itl.dll]  [N/A, ]
    [C:\WINDOWS\sm56jpn.dll]  [N/A, ]
    [C:\WINDOWS\sm56spn.dll]  [N/A, ]
    [C:\WINDOWS\system32\GOOGLEPINYIN.IME]  [Google Inc., ]
[PID: 3540][C:\WINDOWS\system32\conime.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
    [C:\WINDOWS\system32\GOOGLEPINYIN.IME]  [Google Inc., ]
[PID: 3568][C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe]  [Cyberlink Corp., 6.00.1027]
    [C:\WINDOWS\system32\GOOGLEPINYIN.IME]  [Google Inc., ]
    [C:\Program Files\CyberLink\PowerDVD\CLRCEngine2.dll]  [CyberLink Corp., 3.2.2021 ]
[PID: 3732][C:\Program Files\Ahead\InCD\InCD.exe]  [Nero AG, 4, 3, 23, 2]
    [C:\Program Files\Ahead\InCD\InCdApi.dll]  [Nero AG, 4, 3, 23, 2]
    [C:\WINDOWS\system32\GOOGLEPINYIN.IME]  [Google Inc., ]
    [C:\Program Files\Fichiers communs\Ahead\Lib\DriveLocker.dll]  [Ahead Software AG, 1, 0, 0, 17]
    [C:\Program Files\Ahead\InCD\incdshx.dll]  [Nero AG, 4, 3, 23, 2]
[PID: 736][C:\Program Files\CNNIC\Cdn\cdnup.exe]  [, 2, 4, 0, 6]
    [C:\WINDOWS\system32\Normaliz.dll]  [Microsoft Corporation, 6.0.5441.0 (winmain(wmbla).060628-1735)]
    [C:\WINDOWS\system32\iertutil.dll]  [Microsoft Corporation, 7.00.6000.16441 (vista_gdr.070219-1500)]
    [C:\WINDOWS\system32\GOOGLEPINYIN.IME]  [Google Inc., ]
[PID: 1408][C:\Program Files\Google\Google Pinyin\GooglePinyinDaemon.exe]  [Google Inc., 1, 0, 0, 1]
    [C:\WINDOWS\system32\Normaliz.dll]  [Microsoft Corporation, 6.0.5441.0 (winmain(wmbla).060628-1735)]
    [C:\WINDOWS\system32\iertutil.dll]  [Microsoft Corporation, 7.00.6000.16441 (vista_gdr.070219-1500)]
    [C:\WINDOWS\system32\GooglePinyin.ime]  [Google Inc., ]
gototop
 
葡萄眼睛
头像
初生襁褓狮
  • 帖子:11
  • 注册: 2007-05-18
  • 来自:
发表于: 2007-05-19 00:11 | 只看楼主 短消息 资料
字号: 6楼

【回复“葡萄眼睛”的帖子】

[PID: 404][C:\Program Files\Network Associates\VirusScan\SHSTAT.EXE]  [Network Associates, Inc., 8.0.0.912]
    [C:\Program Files\Network Associates\VirusScan\SHUTIL.dll]  [Network Associates, Inc., 8.0.0.912]
    [C:\Program Files\Network Associates\VirusScan\naiwmain.dll]  [Network Associates, Inc., 8.0.0.912]
    [C:\Program Files\Network Associates\VirusScan\RES0c\shstat.dll]  [Network Associates, Inc., 8.0.0.912]
    [C:\Program Files\Network Associates\VirusScan\RES0c\Product.dll]  [Network Associates, Inc., 8.0.0.912]
    [C:\Program Files\Network Associates\VirusScan\RES0c\McShield.dll]  [Network Associates, Inc., 8.0.0.251]
    [C:\Program Files\Network Associates\VirusScan\RES0c\Shutilrc.dll]  [Network Associates, Inc., 8.0.0.912]
    [C:\Program Files\Network Associates\VirusScan\Graphics.dll]  [Network Associates, Inc., 8.0.0.912]
    [C:\WINDOWS\system32\GOOGLEPINYIN.IME]  [Google Inc., ]
    [C:\WINDOWS\system32\ieframe.dll]  [Microsoft Corporation, 7.00.6000.16441 (vista_gdr.070219-1500)]
    [C:\WINDOWS\system32\iertutil.dll]  [Microsoft Corporation, 7.00.6000.16441 (vista_gdr.070219-1500)]
[PID: 1680][C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe]  [Network Associates, Inc., 3.5.0.412]
    [C:\Program Files\Network Associates\Common Framework\nailog.dll]  [Network Associates, Inc., 3.5.0.474]
    [C:\Program Files\Network Associates\Common Framework\naCmnLib.dll]  [Network Associates, Inc., 3.5.0.474]
    [C:\Program Files\Network Associates\Common Framework\naXML.dll]  [Network Associates, Inc., 3.5.0.474]
    [C:\Program Files\Network Associates\Common Framework\040C\UpdRes.dll]  [Network Associates, Inc., 3.5.0.412]
    [C:\Program Files\Network Associates\Common Framework\040C\AgentRes.dll]  [Network Associates, Inc., 3.5.0.412]
    [C:\WINDOWS\system32\GOOGLEPINYIN.IME]  [Google Inc., ]
    [C:\Program Files\Network Associates\Common Framework\SecureFrameworkFactory.dll]  [Network Associates, Inc., 3.5.0.412]
[PID: 2104][C:\Program Files\Fichiers communs\Network Associates\TalkBack\TBMon.exe]  [Network Associates, Inc., 2.0.275.0]
    [C:\WINDOWS\system32\GOOGLEPINYIN.IME]  [Google Inc., ]
    [C:\Program Files\Fichiers communs\Network Associates\TalkBack\dbghelp.dll]  [Microsoft Corporation, 6.0.0017.0 (DbgBuild.020528-1721)]
[PID: 2320][C:\PROGRA~1\Intel\Wireless\Bin\Dot1XCfg.exe]  [Intel Corporation, 10, 1, 1, 84]
    [C:\PROGRA~1\Intel\Wireless\Bin\acAuth.dll]  [, 4.0.23.0 2006-03-10 14:49:28]
    [C:\PROGRA~1\Intel\Wireless\Bin\C1XStngs.dll]  [Intel Corporation, 10, 1, 1, 31]
    [C:\PROGRA~1\Intel\Wireless\Bin\PsRegApi.dll]  [Intel Corporation, 10, 1, 1, 2]
    [C:\PROGRA~1\Intel\Wireless\Bin\IntStngs.dll]  [, 10, 1, 1, 3]
    [C:\PROGRA~1\Intel\Wireless\Bin\TraceAPI.DLL]  [Intel Corporation, 10, 1, 1, 5]
    [C:\PROGRA~1\Intel\Wireless\Bin\IWMSPROV.DLL]  [N/A, ]
    [C:\Program Files\Intel\Wireless\Bin\C8021FRA.dll]  [Intel Corporation, 10, 1, 1, 31]
    [C:\PROGRA~1\Intel\Wireless\Bin\LSAWRAPI.dll]  [Intel Corporation, 10, 1, 1, 1]
    [C:\WINDOWS\system32\GOOGLEPINYIN.IME]  [Google Inc., ]
    [C:\PROGRA~1\Intel\Wireless\Bin\PfMgrApi.dll]  [Intel Corporation, 10, 1, 1, 48]
    [C:\PROGRA~1\Intel\Wireless\Bin\DbEngine.dll]  [Intel Corporation, 10, 1, 1, 14]
    [C:\PROGRA~1\Intel\Wireless\Bin\LIBEAY32.dll]  [N/A, ]
[PID: 2056][C:\Program Files\MSN Messenger\MsnMsgr.Exe]  [Microsoft Corporation, 8.1.0178.00]
    [C:\Program Files\MSN Messenger\MSNCore.dll]  [Microsoft Corporation, 8.1.0178.00]
    [C:\WINDOWS\system32\Normaliz.dll]  [Microsoft Corporation, 6.0.5441.0 (winmain(wmbla).060628-1735)]
    [C:\WINDOWS\system32\iertutil.dll]  [Microsoft Corporation, 7.00.6000.16441 (vista_gdr.070219-1500)]
    [C:\Program Files\MSN Messenger\msidcrl40.dll]  [Microsoft Corporation, 4.100.313.1]
    [C:\Program Files\MSN Messenger\ContactsUX.dll]  [Microsoft Corporation, 8.1.0178.00]
    [C:\Program Files\MSN Messenger\msgslang.8.1.0178.00.dll]  [Microsoft Corporation, 8.1.0178.00]
    [C:\Program Files\MSN Messenger\msgsres.dll]  [Microsoft Corporation, 8.1.0178.00]
    [C:\WINDOWS\system32\GOOGLEPINYIN.IME]  [Google Inc., ]
    [C:\Program Files\MSN Messenger\MSGSWCAM.dll]  [Microsoft Corporation, 8.1.0178.00]
    [C:\WINDOWS\system32\sirenacm.dll]  [Microsoft Corp., 8.1.0178.00]
    [C:\WINDOWS\system32\msdmo.dll]  [, ]
    [C:\DOCUME~1\YXIUAN~1\LOCALS~1\Temp\daso0.dll]  [N/A, ]
    [C:\DOCUME~1\YXIUAN~1\LOCALS~1\Temp\tlso0.dll]  [N/A, ]
    [C:\DOCUME~1\YXIUAN~1\LOCALS~1\Temp\wdso0.dll]  [N/A, ]
    [C:\DOCUME~1\YXIUAN~1\LOCALS~1\Temp\rxso0.dll]  [N/A, ]
    [C:\DOCUME~1\YXIUAN~1\LOCALS~1\Temp\qjso0.dll]  [N/A, ]
    [C:\DOCUME~1\YXIUAN~1\LOCALS~1\Temp\wmso0.dll]  [N/A, ]
    [C:\DOCUME~1\YXIUAN~1\LOCALS~1\Temp\wgso0.dll]  [N/A, ]
    [C:\DOCUME~1\YXIUAN~1\LOCALS~1\Temp\wlso0.dll]  [N/A, ]
    [C:\DOCUME~1\YXIUAN~1\LOCALS~1\Temp\jtso0.dll]  [N/A, ]
    [C:\DOCUME~1\YXIUAN~1\LOCALS~1\Temp\fyso0.dll]  [N/A, ]
    [C:\DOCUME~1\YXIUAN~1\LOCALS~1\Temp\mhso0.dll]  [N/A, ]
    [C:\DOCUME~1\YXIUAN~1\LOCALS~1\Temp\ztso0.dll]  [N/A, ]
    [C:\Program Files\MSN Messenger\lmcdata.dll]  [Microsoft Corporation, 8.1.0178.00]
    [C:\Program Files\MSN Messenger\contact.dll]  [Microsoft Corporation, 8.1.0178.00]
    [C:\Program Files\Network Associates\VirusScan\scriptproxy.dll]  [Network Associates, Inc., 8.0.0.912]
    [C:\Program Files\Network Associates\VirusScan\mytilus.dll]  [Network Associates, Inc., 8.0.0.251]
    [C:\Program Files\Network Associates\VirusScan\Res0C\McShield.dll]  [Network Associates, Inc., 8.0.0.251]
    [C:\Program Files\Fichiers communs\Network Associates\Engine\mcscan32.dll]  [McAfee, Inc., 5.1.00]
    [C:\WINDOWS\system32\ieframe.dll]  [Microsoft Corporation, 7.00.6000.16441 (vista_gdr.070219-1500)]
    [C:\Program Files\MSN Messenger\dfsr.dll]  [Microsoft Corporation, 8.1.0178.00]
    [C:\Program Files\MSN Messenger\abssm.dll]  [Microsoft Corporation, 8.1.0178.00]
    [C:\Program Files\MSN Messenger\custsat.dll]  [Microsoft Corporation, 9.0.3790.2428 (srv03_sp1_qfe.050422-1043)]
    [C:\Program Files\MSN Messenger\usnsvcps.dll]  [Microsoft Corporation, 8.1.0178.00]
    [C:\Program Files\MSN Messenger\fsshext.8.1.0178.00.dll]  [Microsoft Corporation, 8.1.0178.00]
    [C:\WINDOWS\system32\Macromed\Flash\Flash9b.ocx]  [Adobe Systems, Inc., 9,0,28,0]
    [C:\WINDOWS\system32\msacm32.drv]  [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)]
gototop
 
葡萄眼睛
头像
初生襁褓狮
  • 帖子:11
  • 注册: 2007-05-18
  • 来自:
发表于: 2007-05-19 00:12 | 只看楼主 短消息 资料
字号: 7楼

【回复“葡萄眼睛”的帖子】

[PID: 2880][E:\Program Files\VoipStunt.com\VoipStunt\VoipStunt.exe]  [VoipStunt, 3, 0, 408, 0]
    [C:\WINDOWS\system32\Normaliz.dll]  [Microsoft Corporation, 6.0.5441.0 (winmain(wmbla).060628-1735)]
    [C:\WINDOWS\system32\iertutil.dll]  [Microsoft Corporation, 7.00.6000.16441 (vista_gdr.070219-1500)]
    [C:\WINDOWS\system32\odbcbcp.dll]  [Microsoft Corporation, 2000.085.1117.00 (xpsp_sp2_rtm.040803-2158)]
    [C:\WINDOWS\system32\msacm32.drv]  [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)]
    [C:\WINDOWS\system32\GOOGLEPINYIN.IME]  [Google Inc., ]
    [C:\WINDOWS\system32\ieframe.dll]  [Microsoft Corporation, 7.00.6000.16441 (vista_gdr.070219-1500)]
    [C:\Program Files\Network Associates\VirusScan\scriptproxy.dll]  [Network Associates, Inc., 8.0.0.912]
    [C:\Program Files\Network Associates\VirusScan\mytilus.dll]  [Network Associates, Inc., 8.0.0.251]
    [C:\Program Files\Network Associates\VirusScan\Res0C\McShield.dll]  [Network Associates, Inc., 8.0.0.251]
    [C:\Program Files\Fichiers communs\Network Associates\Engine\mcscan32.dll]  [McAfee, Inc., 5.1.00]
    [C:\WINDOWS\system32\netfxperf.dll]  [Microsoft Corporation, 1.1.4322.573]
    [C:\WINDOWS\system32\mscoree.dll]  [Microsoft Corporation, 2.0.50727.42 (RTM.050727-4200)]
    [C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\perfcounter.dll]  [Microsoft Corporation, 2.0.50727.42 (RTM.050727-4200)]
    [C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorwks.dll]  [Microsoft Corporation, 2.0.50727.42 (RTM.050727-4200)]
    [C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\CorperfmonExt.dll]  [Microsoft Corporation, 2.0.50727.42 (RTM.050727-4200)]
    [C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_perf.dll]  [Microsoft Corporation, 2.0.50727.42 (RTM.050727-4200)]
    [C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\aspnet_isapi.dll]  [Microsoft Corporation, 1.1.4322.2032]
    [C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\MSVCR71.dll]  [Microsoft Corporation, 7.10.3052.4]
    [C:\PROGRA~1\FICHIE~1\SYSTEM\MSMAPI\1036\MSMAPI32.DLL]  [Microsoft Corporation, 11.0.8002]
    [C:\Program Files\Fichiers communs\Microsoft Shared\office11\mso.dll]  [Microsoft Corporation, 11.0.8132]
[PID: 3144][C:\Program Files\Messenger\MSMSGS.EXE]  [Microsoft Corporation, 4.7.2009]
    [C:\WINDOWS\system32\EntApi.dll]  [Network Associates, Inc, 8.0.0.240]
    [C:\WINDOWS\system32\Normaliz.dll]  [Microsoft Corporation, 6.0.5441.0 (winmain(wmbla).060628-1735)]
    [C:\WINDOWS\system32\iertutil.dll]  [Microsoft Corporation, 7.00.6000.16441 (vista_gdr.070219-1500)]
    [C:\Program Files\Messenger\MSGSLANG.DLL]  [Microsoft Corporation, 4.7.2009]
    [C:\WINDOWS\system32\GOOGLEPINYIN.IME]  [Google Inc., ]
    [C:\PROGRA~1\MESSEN~1\rtcimsp.dll]  [Microsoft Corporation, 4.0.3599.0 (Lab02_N(ntvbl02).020107-1351)]
    [C:\WINDOWS\system32\msacm32.drv]  [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)]
    [C:\WINDOWS\system32\msdmo.dll]  [, ]
[PID: 3804][C:\Program Files\Microsoft Office\OFFICE11\WINWORD.EXE]  [Microsoft Corporation, 11.0.8134]
    [C:\WINDOWS\system32\EntApi.dll]  [Network Associates, Inc, 8.0.0.240]
    [C:\WINDOWS\system32\Normaliz.dll]  [Microsoft Corporation, 6.0.5441.0 (winmain(wmbla).060628-1735)]
    [C:\WINDOWS\system32\iertutil.dll]  [Microsoft Corporation, 7.00.6000.16441 (vista_gdr.070219-1500)]
    [C:\Program Files\Fichiers communs\Microsoft Shared\office11\mso.dll]  [Microsoft Corporation, 11.0.8132]
    [C:\WINDOWS\system32\GOOGLEPINYIN.IME]  [Google Inc., ]
    [C:\Program Files\Fichiers communs\Microsoft Shared\office11\riched20.dll]  [Microsoft Corporation, 5.50.99.2014]
    [C:\Program Files\Microsoft Office\OFFICE11\msostyle.dll]  [Microsoft Corporation, 11.0.5510]
    [C:\DOCUME~1\YXIUAN~1\LOCALS~1\Temp\daso0.dll]  [N/A, ]
    [C:\DOCUME~1\YXIUAN~1\LOCALS~1\Temp\tlso0.dll]  [N/A, ]
    [C:\DOCUME~1\YXIUAN~1\LOCALS~1\Temp\wdso0.dll]  [N/A, ]
    [C:\DOCUME~1\YXIUAN~1\LOCALS~1\Temp\rxso0.dll]  [N/A, ]
    [C:\DOCUME~1\YXIUAN~1\LOCALS~1\Temp\qjso0.dll]  [N/A, ]
    [C:\DOCUME~1\YXIUAN~1\LOCALS~1\Temp\wmso0.dll]  [N/A, ]
    [C:\DOCUME~1\YXIUAN~1\LOCALS~1\Temp\wgso0.dll]  [N/A, ]
    [C:\DOCUME~1\YXIUAN~1\LOCALS~1\Temp\wlso0.dll]  [N/A, ]
    [C:\DOCUME~1\YXIUAN~1\LOCALS~1\Temp\jtso0.dll]  [N/A, ]
    [C:\DOCUME~1\YXIUAN~1\LOCALS~1\Temp\fyso0.dll]  [N/A, ]
    [C:\DOCUME~1\YXIUAN~1\LOCALS~1\Temp\mhso0.dll]  [N/A, ]
    [C:\DOCUME~1\YXIUAN~1\LOCALS~1\Temp\ztso0.dll]  [N/A, ]
    [C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\mdiui.dll]  [Microsoft Corporation, 11.3.2175.0]
    [C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\mdigraph.dll]  [Microsoft Corporation, 11.3.2175.0]
    [C:\PROGRA~1\FICHIE~1\MICROS~1\SMARTT~1\METCONV.DLL]  [Microsoft Corporation, 11.0.6467]
    [C:\PROGRA~1\FICHIE~1\MICROS~1\SMARTT~1\INTLNAME.DLL]  [Microsoft Corporation, 11.0.6467]
    [C:\PROGRA~1\FICHIE~1\MICROS~1\SMARTT~1\FNAME.DLL]  [Microsoft Corporation, 11.0.5510]
    [C:\Program Files\Fichiers communs\Microsoft Shared\PROOF\MSSP3FR.DLL]  [Microsoft Corporation, 5.0.6466]
    [C:\PROGRA~1\FICHIE~1\MICROS~1\SMARTT~1\1036\stintl.dll]  [Microsoft Corporation, 11.0.5510]
    [C:\Program Files\Fichiers communs\Microsoft Shared\PROOF\mslid.dll]  [Microsoft Corporation, 1.0.2305]
    [C:\Program Files\Fichiers communs\Microsoft Shared\PROOF\1036\MSGR3FR.DLL]  [Microsoft Corporation, 5.1.3019.1]
    [C:\Program Files\Microsoft Office\OFFICE11\GdiPlus.DLL]  [Microsoft Corporation, 6.0.3275.0]
    [C:\Program Files\Fichiers communs\Microsoft Shared\PROOF\MSSPELL3.DLL]  [Microsoft Corporation, 1.1.6215]
    [C:\Program Files\Fichiers communs\Microsoft Shared\PROOF\MSSp3FR.lex]  [Microsoft Corporation, 5.0.6466]
    [C:\PROGRA~1\FICHIE~1\MICROS~1\SMARTT~1\FPERSON.DLL]  [Microsoft Corporation, 11.0.5510]
    [C:\PROGRA~1\FICHIE~1\MICROS~1\SMARTT~1\MOFL.DLL]  [Microsoft Corporation, 11.0.5510]
    [C:\Program Files\Fichiers communs\Microsoft Shared\OFFICE11\MSXML5.DLL]  [Microsoft Corporation, 5.10.2930.0]
    [C:\PROGRA~1\FICHIE~1\MICROS~1\SMARTT~1\FDATE.DLL]  [Microsoft Corporation, 11.0.5510]
gototop
 
葡萄眼睛
头像
初生襁褓狮
  • 帖子:11
  • 注册: 2007-05-18
  • 来自:
发表于: 2007-05-19 00:12 | 只看楼主 短消息 资料
字号: 8楼

【回复“葡萄眼睛”的帖子】

[PID: 2540][C:\Program Files\Microsoft Office\OFFICE11\POWERPNT.EXE]  [Microsoft Corporation, 11.0.8135]
    [C:\WINDOWS\system32\EntApi.dll]  [Network Associates, Inc, 8.0.0.240]
    [C:\WINDOWS\system32\Normaliz.dll]  [Microsoft Corporation, 6.0.5441.0 (winmain(wmbla).060628-1735)]
    [C:\WINDOWS\system32\iertutil.dll]  [Microsoft Corporation, 7.00.6000.16441 (vista_gdr.070219-1500)]
    [C:\Program Files\Fichiers communs\Microsoft Shared\office11\mso.dll]  [Microsoft Corporation, 11.0.8132]
    [C:\Program Files\Microsoft Office\OFFICE11\1036\ppintl.dll]  [Microsoft Corporation, 11.0.6565]
    [C:\WINDOWS\system32\GOOGLEPINYIN.IME]  [Google Inc., ]
    [C:\Program Files\Microsoft Office\OFFICE11\GdiPlus.DLL]  [Microsoft Corporation, 6.0.3275.0]
    [C:\DOCUME~1\YXIUAN~1\LOCALS~1\Temp\daso0.dll]  [N/A, ]
    [C:\DOCUME~1\YXIUAN~1\LOCALS~1\Temp\tlso0.dll]  [N/A, ]
    [C:\DOCUME~1\YXIUAN~1\LOCALS~1\Temp\wdso0.dll]  [N/A, ]
    [C:\DOCUME~1\YXIUAN~1\LOCALS~1\Temp\rxso0.dll]  [N/A, ]
    [C:\DOCUME~1\YXIUAN~1\LOCALS~1\Temp\qjso0.dll]  [N/A, ]
    [C:\DOCUME~1\YXIUAN~1\LOCALS~1\Temp\wmso0.dll]  [N/A, ]
    [C:\DOCUME~1\YXIUAN~1\LOCALS~1\Temp\wgso0.dll]  [N/A, ]
    [C:\DOCUME~1\YXIUAN~1\LOCALS~1\Temp\wlso0.dll]  [N/A, ]
    [C:\DOCUME~1\YXIUAN~1\LOCALS~1\Temp\jtso0.dll]  [N/A, ]
    [C:\DOCUME~1\YXIUAN~1\LOCALS~1\Temp\fyso0.dll]  [N/A, ]
    [C:\DOCUME~1\YXIUAN~1\LOCALS~1\Temp\mhso0.dll]  [N/A, ]
    [C:\DOCUME~1\YXIUAN~1\LOCALS~1\Temp\ztso0.dll]  [N/A, ]
    [C:\WINDOWS\system32\icm32.dll]  [Microsoft Corporation, 5.1.2600.2709 (xpsp_sp2_gdr.050628-1518)]
    [C:\Program Files\Fichiers communs\Microsoft Shared\office11\riched20.dll]  [Microsoft Corporation, 5.50.99.2014]
    [C:\Program Files\Microsoft Office\OFFICE11\msostyle.dll]  [Microsoft Corporation, 11.0.5510]
[PID: 2736][E:\Program Files\Maxthon\Maxthon.exe]  [Maxthon International Ltd., 1, 5, 6, 42]
    [E:\Program Files\Maxthon\maxzlib.dll]  [ , 1, 0, 0, 2]
    [C:\WINDOWS\system32\iertutil.dll]  [Microsoft Corporation, 7.00.6000.16441 (vista_gdr.070219-1500)]
    [C:\WINDOWS\system32\Normaliz.dll]  [Microsoft Corporation, 6.0.5441.0 (winmain(wmbla).060628-1735)]
    [C:\WINDOWS\system32\GOOGLEPINYIN.IME]  [Google Inc., ]
    [C:\WINDOWS\system32\ieframe.dll]  [Microsoft Corporation, 7.00.6000.16441 (vista_gdr.070219-1500)]
    [C:\WINDOWS\system32\odbcbcp.dll]  [Microsoft Corporation, 2000.085.1117.00 (xpsp_sp2_rtm.040803-2158)]
    [C:\Program Files\Network Associates\VirusScan\scriptproxy.dll]  [Network Associates, Inc., 8.0.0.912]
    [C:\Program Files\Network Associates\VirusScan\mytilus.dll]  [Network Associates, Inc., 8.0.0.251]
    [C:\Program Files\Network Associates\VirusScan\Res0C\McShield.dll]  [Network Associates, Inc., 8.0.0.251]
    [C:\Program Files\Fichiers communs\Network Associates\Engine\mcscan32.dll]  [McAfee, Inc., 5.1.00]
    [E:\Program Files\Maxthon\Services\RealTime\real_time.dll]  [, 1, 0, 0, 1]
    [C:\DOCUME~1\YXIUAN~1\LOCALS~1\Temp\daso0.dll]  [N/A, ]
    [C:\DOCUME~1\YXIUAN~1\LOCALS~1\Temp\tlso0.dll]  [N/A, ]
    [C:\DOCUME~1\YXIUAN~1\LOCALS~1\Temp\wdso0.dll]  [N/A, ]
    [C:\DOCUME~1\YXIUAN~1\LOCALS~1\Temp\rxso0.dll]  [N/A, ]
    [C:\DOCUME~1\YXIUAN~1\LOCALS~1\Temp\qjso0.dll]  [N/A, ]
    [C:\DOCUME~1\YXIUAN~1\LOCALS~1\Temp\wmso0.dll]  [N/A, ]
    [C:\DOCUME~1\YXIUAN~1\LOCALS~1\Temp\wgso0.dll]  [N/A, ]
    [C:\DOCUME~1\YXIUAN~1\LOCALS~1\Temp\wlso0.dll]  [N/A, ]
    [C:\DOCUME~1\YXIUAN~1\LOCALS~1\Temp\jtso0.dll]  [N/A, ]
    [C:\DOCUME~1\YXIUAN~1\LOCALS~1\Temp\fyso0.dll]  [N/A, ]
    [C:\DOCUME~1\YXIUAN~1\LOCALS~1\Temp\mhso0.dll]  [N/A, ]
    [C:\DOCUME~1\YXIUAN~1\LOCALS~1\Temp\ztso0.dll]  [N/A, ]
    [C:\WINDOWS\HKNTDLL.dll]  [N/A, ]
    [C:\WINDOWS\system32\msacm32.drv]  [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)]
    [C:\WINDOWS\system32\Macromed\Flash\Flash9b.ocx]  [Adobe Systems, Inc., 9,0,28,0]
    [C:\WINDOWS\system32\PortableDeviceApi.dll]  [Microsoft Corporation, 5.2.5721.5145 (WMP_11.061018-2006)]
[PID: 2496][E:\outils\SREng.EXE]  [Smallfrogs Studio, 2.4.12.806]
    [C:\WINDOWS\system32\Normaliz.dll]  [Microsoft Corporation, 6.0.5441.0 (winmain(wmbla).060628-1735)]
    [C:\WINDOWS\system32\iertutil.dll]  [Microsoft Corporation, 7.00.6000.16441 (vista_gdr.070219-1500)]
    [C:\WINDOWS\system32\GOOGLEPINYIN.IME]  [Google Inc., ]
    [C:\DOCUME~1\YXIUAN~1\LOCALS~1\Temp\daso0.dll]  [N/A, ]
    [C:\DOCUME~1\YXIUAN~1\LOCALS~1\Temp\tlso0.dll]  [N/A, ]
    [C:\DOCUME~1\YXIUAN~1\LOCALS~1\Temp\wdso0.dll]  [N/A, ]
    [C:\DOCUME~1\YXIUAN~1\LOCALS~1\Temp\rxso0.dll]  [N/A, ]
    [C:\DOCUME~1\YXIUAN~1\LOCALS~1\Temp\qjso0.dll]  [N/A, ]
    [C:\DOCUME~1\YXIUAN~1\LOCALS~1\Temp\wmso0.dll]  [N/A, ]
    [C:\DOCUME~1\YXIUAN~1\LOCALS~1\Temp\wgso0.dll]  [N/A, ]
    [C:\DOCUME~1\YXIUAN~1\LOCALS~1\Temp\wlso0.dll]  [N/A, ]
    [C:\DOCUME~1\YXIUAN~1\LOCALS~1\Temp\jtso0.dll]  [N/A, ]
    [C:\DOCUME~1\YXIUAN~1\LOCALS~1\Temp\fyso0.dll]  [N/A, ]
    [C:\DOCUME~1\YXIUAN~1\LOCALS~1\Temp\mhso0.dll]  [N/A, ]
    [C:\DOCUME~1\YXIUAN~1\LOCALS~1\Temp\ztso0.dll]  [N/A, ]
    [C:\Program Files\Network Associates\VirusScan\scriptproxy.dll]  [Network Associates, Inc., 8.0.0.912]
    [C:\Program Files\Network Associates\VirusScan\mytilus.dll]  [Network Associates, Inc., 8.0.0.251]
    [C:\Program Files\Network Associates\VirusScan\Res0C\McShield.dll]  [Network Associates, Inc., 8.0.0.251]
    [C:\Program Files\Fichiers communs\Network Associates\Engine\mcscan32.dll]  [McAfee, Inc., 5.1.00]
    [C:\PROGRA~1\MICROS~2\OFFICE11\MCPS.DLL]  [Microsoft Corporation, 11.0.6551]

==================================
????
.TXT  OK. [%SystemRoot%\system32\NOTEPAD.EXE %1]
.EXE  OK. ["%1" %*]
.COM  OK. ["%1" %*]
.PIF  OK. ["%1" %*]
.REG  OK. [regedit.exe "%1"]
.BAT  OK. ["%1" %*]
.SCR  OK. ["%1" /S]
.CHM  OK. ["C:\WINDOWS\hh.exe" %1]
.HLP  OK. [%SystemRoot%\System32\winhlp32.exe %1]
.INI  OK. [%SystemRoot%\System32\NOTEPAD.EXE %1]
.INF  OK. [%SystemRoot%\System32\NOTEPAD.EXE %1]
.VBS  OK. [%SystemRoot%\System32\WScript.exe "%1" %*]
.JS  OK. [%SystemRoot%\System32\WScript.exe "%1" %*]
.LNK  OK. [{00021401-0000-0000-C000-000000000046}]

==================================
Winsock ???
N/A

==================================
Autorun.inf
N/A

==================================
HOSTS ??
127.0.0.1      localhost

==================================
API HOOK
N/A

==================================
????
N/A

==================================


[/CODE]
gototop
 
agee
头像
飘泊而立狮
  • 帖子:543
  • 注册: 2007-01-26
  • 来自:
发表于: 2007-05-19 01:10 | 短消息 资料
字号: 9楼

以下启动项可疑
<wosa><C:\DOCUME~1\YXIUAN~1\LOCALS~1\Temp\woso.exe> [N/A]
<ztsa><C:\DOCUME~1\YXIUAN~1\LOCALS~1\Temp\ztso.exe> []
<mhsa><C:\DOCUME~1\YXIUAN~1\LOCALS~1\Temp\mhso.exe> []
<fysa><C:\DOCUME~1\YXIUAN~1\LOCALS~1\Temp\fyso.exe> []
<jtsa><C:\DOCUME~1\YXIUAN~1\LOCALS~1\Temp\jtso.exe> []
<wlsa><C:\DOCUME~1\YXIUAN~1\LOCALS~1\Temp\wlso.exe> []
<wgsa><C:\DOCUME~1\YXIUAN~1\LOCALS~1\Temp\wgso.exe> []
<wmsa><C:\DOCUME~1\YXIUAN~1\LOCALS~1\Temp\wmso.exe> []
<qjsa><C:\DOCUME~1\YXIUAN~1\LOCALS~1\Temp\qjso.exe> []
<rxsa><C:\DOCUME~1\YXIUAN~1\LOCALS~1\Temp\rxso.exe> []
<wdsa><C:\DOCUME~1\YXIUAN~1\LOCALS~1\Temp\wdso.exe> []
<tlsa><C:\DOCUME~1\YXIUAN~1\LOCALS~1\Temp\tlso.exe> []
<dasa><C:\DOCUME~1\YXIUAN~1\LOCALS~1\Temp\daso.exe> []
以下进程调用文件可疑
[C:\DOCUME~1\YXIUAN~1\LOCALS~1\Temp\ztso0.dll] [N/A, ]
[C:\DOCUME~1\YXIUAN~1\LOCALS~1\Temp\mhso0.dll] [N/A, ]
[C:\DOCUME~1\YXIUAN~1\LOCALS~1\Temp\fyso0.dll] [N/A, ]
[C:\DOCUME~1\YXIUAN~1\LOCALS~1\Temp\jtso0.dll] [N/A, ]
[C:\DOCUME~1\YXIUAN~1\LOCALS~1\Temp\wlso0.dll] [N/A, ]
[C:\DOCUME~1\YXIUAN~1\LOCALS~1\Temp\wgso0.dll] [N/A, ]
[C:\DOCUME~1\YXIUAN~1\LOCALS~1\Temp\wmso0.dll] [N/A, ]
[C:\DOCUME~1\YXIUAN~1\LOCALS~1\Temp\qjso0.dll] [N/A, ]
[C:\DOCUME~1\YXIUAN~1\LOCALS~1\Temp\rxso0.dll] [N/A, ]
[C:\DOCUME~1\YXIUAN~1\LOCALS~1\Temp\wdso0.dll] [N/A, ]
[C:\DOCUME~1\YXIUAN~1\LOCALS~1\Temp\tlso0.dll] [N/A, ]
[C:\DOCUME~1\YXIUAN~1\LOCALS~1\Temp\daso0.dll] [N/A, ]

删除相应启动项后,清空IE缓存
gototop
 
loveperday
头像
初生襁褓狮
  • 帖子:824
  • 注册: 2007-05-11
  • 来自:
发表于: 2007-05-19 01:12 | 短消息 资料
字号: 10楼

========Content========
注册表删除:
<wosa><C:\DOCUME~1\YXIUAN~1\LOCALS~1\Temp\woso.exe> [N/A]
<ztsa><C:\DOCUME~1\YXIUAN~1\LOCALS~1\Temp\ztso.exe> []
<mhsa><C:\DOCUME~1\YXIUAN~1\LOCALS~1\Temp\mhso.exe> []
<fysa><C:\DOCUME~1\YXIUAN~1\LOCALS~1\Temp\fyso.exe> []
<jtsa><C:\DOCUME~1\YXIUAN~1\LOCALS~1\Temp\jtso.exe> []
<wlsa><C:\DOCUME~1\YXIUAN~1\LOCALS~1\Temp\wlso.exe> []
<wgsa><C:\DOCUME~1\YXIUAN~1\LOCALS~1\Temp\wgso.exe> []
<wmsa><C:\DOCUME~1\YXIUAN~1\LOCALS~1\Temp\wmso.exe> []
<qjsa><C:\DOCUME~1\YXIUAN~1\LOCALS~1\Temp\qjso.exe> []
<rxsa><C:\DOCUME~1\YXIUAN~1\LOCALS~1\Temp\rxso.exe> []
<wdsa><C:\DOCUME~1\YXIUAN~1\LOCALS~1\Temp\wdso.exe> []
<tlsa><C:\DOCUME~1\YXIUAN~1\LOCALS~1\Temp\tlso.exe> []
<dasa><C:\DOCUME~1\YXIUAN~1\LOCALS~1\Temp\daso.exe> []
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
<{01F6EB6F-AB5C-1FDD-6E5B-FB6EE3CC6CD6}><C:\Program Files\Internet Explorer\HiJack.dll> [Microsoft Corporation]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\<{12d0ed0d-0ee0-4f90-8827-78cefb8f4988}]

文件删除:
[C:\Program Files\Internet Explorer\HiJack.dll] [Microsoft Corporation, 1. 0. 0. 1]
以下这些是木马,但都在临时文件夹里面。所以你直接清空临时文件夹就好了。
[C:\DOCUME~1\YXIUAN~1\LOCALS~1\Temp\daso0.dll] [N/A, ]
[C:\DOCUME~1\YXIUAN~1\LOCALS~1\Temp\tlso0.dll] [N/A, ]
[C:\DOCUME~1\YXIUAN~1\LOCALS~1\Temp\wdso0.dll] [N/A, ]
[C:\DOCUME~1\YXIUAN~1\LOCALS~1\Temp\rxso0.dll] [N/A, ]
[C:\DOCUME~1\YXIUAN~1\LOCALS~1\Temp\qjso0.dll] [N/A, ]
[C:\DOCUME~1\YXIUAN~1\LOCALS~1\Temp\wmso0.dll] [N/A, ]
[C:\DOCUME~1\YXIUAN~1\LOCALS~1\Temp\wgso0.dll] [N/A, ]
[C:\DOCUME~1\YXIUAN~1\LOCALS~1\Temp\wlso0.dll] [N/A, ]
[C:\DOCUME~1\YXIUAN~1\LOCALS~1\Temp\jtso0.dll] [N/A, ]
[C:\DOCUME~1\YXIUAN~1\LOCALS~1\Temp\fyso0.dll] [N/A, ]
[C:\DOCUME~1\YXIUAN~1\LOCALS~1\Temp\mhso0.dll] [N/A, ]
[C:\DOCUME~1\YXIUAN~1\LOCALS~1\Temp\ztso0.dll] [N/A, ]
清理完后可以自己再扫一次日志,比对一下。
gototop
 
<<上一主题|下一主题>>
12   1  /  2  页   跳转
页面顶部
Powered by Discuz!NT