瑞星卡卡安全论坛技术交流区反病毒/反流氓软件论坛 未知系统文件被劫持,以下是一些详细信息如何处理

1   1  /  1  页   跳转

[求助] 未知系统文件被劫持,以下是一些详细信息如何处理

收藏
啊vs水
头像
初生襁褓狮
  • 帖子:28
  • 注册: 2007-09-25
  • 来自:
发表于: 2008-12-03 01:45 | 只看楼主 短消息 资料
字号: 1楼

未知系统文件被劫持,以下是一些详细信息如何处理

HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\auto.exe [Debugger]: (C:\WINDOWS\system32\svchost.exe)
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\boxmod.exe [Debugger]: (C:\WINDOWS\system32\svchost.exe)
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\DrRtp.exe [Debugger]: (C:\WINDOWS\system32\svchost.exe)
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\enc98.EXE [Debugger]: (C:\WINDOWS\system32\svchost.exe)
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\sos.exe [Debugger]: (C:\WINDOWS\system32\svchost.exe)
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ua80.EXE [Debugger]: (C:\WINDOWS\system32\svchost.exe)

用户系统信息:Mozilla/4.0 (compatible;ak; MSIE 8.0; Windows NT 5.1; Trident/4.0; InfoPath.2)
分享到:
gototop
 
天月来了
头像
版主
  • 帖子:76904
  • 注册: 2007-02-06
  • 来自:
发表于: 2008-12-03 08:11 | 短消息 资料
字号: 2楼

回复:未知系统文件被劫持,以下是一些详细信息如何处理

扫SRENG日志发这论坛来

下载最新版本的SRENG工具:http://www.kztechs.com/sreng/download.html
操作方法可以看这贴2楼:http://bbs.ikaka.com/showtopic-8442813.aspx

1 下载的是压缩包,必须解压缩后再运行。
2 运行SREng***.EXE
3 选择主界面左边的:智能扫描=》扫描=》保存报告
4 把报告保存后,将日志文件发这论坛来。

建议日志文件以附件形式发来
点击我这贴右下角的“引用”或最右下角的那个较大的“回复”然后就应该知道怎么发了。
请不要开新贴发日志,就原贴接贴发日志即可。
gototop
 
啊vs水
头像
初生襁褓狮
  • 帖子:28
  • 注册: 2007-09-25
  • 来自:
发表于: 2008-12-03 18:16 | 只看楼主 短消息 资料
字号: 3楼

回复:未知系统文件被劫持,以下是一些详细信息如何处理

2008-12-03,18:10:59

System Repair Engineer 2.7.0.1210
Smallfrogs (http://www.KZTechs.com)

Windows XP Professional Service Pack 3 (Build 2600) - 管理权限用户 - 完整功能

以下内容被选中:
所有的启动项目(包括注册表、启动文件夹、服务等)
浏览器加载项
正在运行的进程(包括进程模块信息)
文件关联
Winsock 提供者
Autorun.inf
HOSTS 文件
进程特权扫描
计划任务
API HOOK
隐藏进程


启动项目


注册表

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
(ctfmon.exe)(C:\WINDOWS\system32\ctfmon.exe) [(Verified)Microsoft Windows Publisher]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
(RTHDCPL)(RTHDCPL.EXE) [Realtek Semiconductor Corp.]
(SkyTel)(SkyTel.EXE) [Realtek Semiconductor Corp.]
(Alcmtr)(ALCMTR.EXE) [Realtek Semiconductor Corp.]
(BigDogPath)(C:\WINDOWS\VM_STI.EXE VIMICRO USB PC Camera) [File is missing]
(egui)("D:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe" /hide /waitservice) [(Verified)"ESET, spol. s r.o."]
(360Safetray)(D:\Program Files\360safe\safemon\360tray.exe /start) [(Verified)Qizhi Software (beijing) Co. Ltd]
(360Antiarp)(D:\Program Files\360safe\antiarp\antiarp.exe /start) [(Verified)Qizhi Software (beijing) Co. Ltd]
(360Safebox)("D:\Program Files\360Safebox\safeboxTray.exe" /r) [(Verified)Qizhi Software (beijing) Co. Ltd]
(Microsoft Pinyin IME Migration)(D:\PROGRA~1\COMMON~1\MICROS~1\IME12\IMESC\IMSCMIG.EXE /INSTALL) [(Verified)Microsoft Corporation]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\RunOnce]
(360Safe)(Rundll32.exe D:\PROGRA~1\360safe\AntiAdwa.dll,KillAdware) [(Verified)Qizhi Software (beijing) Co. Ltd]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
(shell)(Explorer.exe) [(Verified)Microsoft Windows Component Publisher]
(Userinit)(C:\WINDOWS\system32\userinit.exe,) [(Verified)Microsoft Windows Publisher]
(UIHost)(logonui.exe) [(Verified)Microsoft Windows Component Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
({AEB6717E-7E19-11d0-97EE-00C04FD91972})(shell32.dll) [(Verified)Microsoft Windows Component Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
(WebCheck)(C:\WINDOWS\system32\webcheck.dll) [(Verified)Microsoft Windows]
(SysTray)(C:\WINDOWS\system32\stobject.dll) [(Verified)Microsoft Windows Component Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\crypt32chain]
(WinlogonNotify: crypt32chain)(crypt32.dll) [(Verified)Microsoft Windows Component Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\cryptnet]
(WinlogonNotify: cryptnet)(cryptnet.dll) [(Verified)Microsoft Windows Component Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\cscdll]
(WinlogonNotify: cscdll)(cscdll.dll) [(Verified)Microsoft Windows Component Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\dimsntfy]
(WinlogonNotify: dimsntfy)(%SystemRoot%\System32\dimsntfy.dll) [(Verified)Microsoft Windows Component Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ScCertProp]
(WinlogonNotify: ScCertProp)(wlnotify.dll) [(Verified)Microsoft Windows Component Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\Schedule]
(WinlogonNotify: Schedule)(wlnotify.dll) [(Verified)Microsoft Windows Component Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\sclgntfy]
(WinlogonNotify: sclgntfy)(sclgntfy.dll) [(Verified)Microsoft Windows Component Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\SensLogn]
(WinlogonNotify: SensLogn)(WlNotify.dll) [(Verified)Microsoft Windows Component Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\termsrv]
(WinlogonNotify: termsrv)(wlnotify.dll) [(Verified)Microsoft Windows Component Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\wlballoon]
(WinlogonNotify: wlballoon)(wlnotify.dll) [(Verified)Microsoft Windows Component Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler]
({438755C2-A8BA-11D1-B96B-00A0C90312E1})(%SystemRoot%\system32\browseui.dll) [(Verified)Microsoft Windows Component Publisher]
({8C7461EF-2B13-11d2-BE35-3078302C2030})(%SystemRoot%\system32\browseui.dll) [(Verified)Microsoft Windows Component Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\({12d0ed0d-0ee0-4f90-8827-78cefb8f4988}]
(IE7 Uninstall Stub)(C:\WINDOWS\system32\ieudinit.exe) [(Verified)Microsoft Windows]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\){22d6f312-b0f6-11d0-94ab-0080c74c7e95}]
(Microsoft Windows Media Player)(C:\WINDOWS\inf\unregmp2.exe /ShowWMP) [(Verified)Microsoft Windows Component Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\){26923b43-4d38-484f-9b9e-de460746276c}]
(Internet Explorer)(C:\WINDOWS\system32\ie4uinit.exe -UserIconConfig) [(Verified)Microsoft Windows]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\){60B49E34-C7CC-11D0-8953-00A0C90347FF}]
(Browser Customizations)(RunDLL32 IEDKCS32.DLL,BrandIEActiveSetup SIGNUP) [(Verified)Microsoft Windows]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\){60B49E34-C7CC-11D0-8953-00A0C90347FF}MICROS]
(浏览器自定义组件)(RunDLL32 IEDKCS32.DLL,BrandIE4 SIGNUP) [(Verified)Microsoft Windows]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\){881dd1c5-3dcf-431b-b061-f3f88e8be88a}]
(Outlook Express)(%systemroot%\system32\shmgrate.exe OCInstallUserConfigOE) [File is missing]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{2C7339CF-2B09-4501-B3F3-F3508C9228ED}]
(Themes Setup)(%SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll) [File is missing]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{44BBA840-CC51-11CF-AAFA-00AA00B6015C}]
(Microsoft Outlook Express 6)("%ProgramFiles%\Outlook Express\setup50.exe" /APP:OE /CALLER:WINNT /user /install) [File is missing]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{44BBA842-CC51-11CF-AAFA-00AA00B6015B}]
(NetMeeting 3.01)(rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msnetmtg.inf,NetMtg.Install.PerUser.NT) [(Verified)Microsoft Windows Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{5945c046-1e7d-11d1-bc44-00c04fd912be}]
(Windows Messenger 4.7)(rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msmsgs.inf,BLC.QuietInstall.PerUser) [(Verified)Microsoft Windows Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{6BF52A52-394A-11d3-B153-00C04F79FAA6}]
(Microsoft Windows Media Player)(rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\wmp11.inf,PerUserStub) [(Verified)Microsoft Windows Component Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{7790769C-0471-11d2-AF11-00C04FA35D02}]
(通讯簿 6)("%ProgramFiles%\Outlook Express\setup50.exe" /APP:WAB /CALLER:WINNT /user /install) [File is missing]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{89820200-ECBD-11cf-8B85-00AA005B4340}]
(Windows 桌面更新)(regsvr32.exe /s /n /i:U shell32.dll) [(Verified)Microsoft Windows Component Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{89820200-ECBD-11cf-8B85-00AA005B4383}]
(Internet Explorer)(C:\WINDOWS\system32\ie4uinit.exe -BaseSettings) [(Verified)Microsoft Windows]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\auto.exe]
(IFEO[auto.exe])(C:\WINDOWS\system32\svchost.exe) [(Verified)Microsoft Windows Component Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\boxmod.exe]
(IFEO[boxmod.exe])(C:\WINDOWS\system32\svchost.exe) [(Verified)Microsoft Windows Component Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\DrRtp.exe]
(IFEO[DrRtp.exe])(C:\WINDOWS\system32\svchost.exe) [(Verified)Microsoft Windows Component Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\enc98.EXE]
(IFEO[enc98.EXE])(C:\WINDOWS\system32\svchost.exe) [(Verified)Microsoft Windows Component Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\sos.exe]
(IFEO[sos.exe])(C:\WINDOWS\system32\svchost.exe) [(Verified)Microsoft Windows Component Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ua80.EXE]
(IFEO[ua80.EXE])(C:\WINDOWS\system32\svchost.exe) [(Verified)Microsoft Windows Component Publisher]
[HKEY_CURRENT_USER\Control Panel\Desktop]
(SCRNSAVE.EXE)(C:\WINDOWS\System32\logon.scr) [(Verified)Microsoft Windows Component Publisher]




--------------------------------------------------------------------------------
gototop
 
啊vs水
头像
初生襁褓狮
  • 帖子:28
  • 注册: 2007-09-25
  • 来自:
发表于: 2008-12-03 18:19 | 只看楼主 短消息 资料
字号: 4楼

回复:未知系统文件被劫持,以下是一些详细信息如何处理

启动文件夹

N/A



--------------------------------------------------------------------------------



服务

[Adobe LM Service / Adobe LM Service][Stopped/Manual Start]
("D:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe")((File is missing))
[Ati HotKey Poller / Ati HotKey Poller][Running/Auto Start]
(C:\WINDOWS\system32\Ati2evxx.exe)(ATI Technologies Inc.)
[Contrl Center of Storm Media / ccosm][Stopped/Auto Start]
()((File is missing))
[regedit / ClipBackoo][Stopped/Auto Start]
(C:\WINDOWS\system32\regedit)((File is missing))
[ClipBook / ClipSrv][Stopped/Auto Start]
()((File is missing))
[Eset HTTP Server / EhttpSrv][Stopped/Manual Start]
("D:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe")(ESET)
[Eset Service / ekrn][Running/Auto Start]
("D:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe")(ESET)
[Human Interface Device Access / HidServ][Stopped/Disabled]
(C:\WINDOWS\System32\svchost.exe -k netsvcs--)%SystemRoot%\System32\hidserv.dll)(N/A)
[Machine Debug Manager / MDM][Running/Auto Start]
("D:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe")(Microsoft Corporation)
[A播数据后台传输服务 / Qvod Terminal][Stopped/Auto Start]
()((File is missing))
[Windows Media Player Network Sharing Service / WMPNetworkSvc][Stopped/Manual Start]
()((File is missing))
[Windows Driver Foundation - User-mode Driver Framework / WudfSvc][Stopped/Manual Start]
(C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup--)%SystemRoot%\System32\WUDFSvc.dll)(Microsoft Corporation)



--------------------------------------------------------------------------------



驱动程序

[360AntiArp / 360AntiArp][Running/System Start]
(\??\C:\WINDOWS\system32\drivers\360AntiArp.sys)(360安全中心)
[ati2mtag / ati2mtag][Running/Manual Start]
(system32\DRIVERS\ati2mtag.sys)(ATI Technologies Inc.)
[eamon / eamon][Running/Auto Start]
(system32\DRIVERS\eamon.sys)(ESET)
[easdrv / easdrv][Running/System Start]
(system32\DRIVERS\easdrv.sys)(ESET)
[epfwtdir / epfwtdir][Running/System Start]
(system32\DRIVERS\epfwtdir.sys)(N/A)
[f28907d / f28907d][Stopped/Manual Start]
(\??\C:\WINDOWS\system32\f28907d.sys)(N/A)
[gsqdofc / gsqdofc][Stopped/Boot Start]
(\SystemRoot\system32\drivers\yzvifit.sys)(N/A)
[Microsoft 用于 High Definition Audio 的 UAA 总线驱动程序 / HDAudBus][Running/Manual Start]
(system32\DRIVERS\HDAudBus.sys)(Windows (R) Server 2003 DDK provider)
[Service for Realtek HD Audio (WDM) / IntcAzAudAddService][Running/Manual Start]
(system32\drivers\RtkHDAud.sys)(Realtek Semiconductor Corp.)
[DDK PACKET Protocol / Packet][Running/Manual Start]
(system32\DRIVERS\ProtoDrv.sys)(360安全中心)
[Padus ASPI Shell / pfc][Running/Manual Start]
(system32\drivers\pfc.sys)(Padus, Inc.)
[Direct Parallel Link Driver / Ptilink][Running/Manual Start]
(system32\DRIVERS\ptilink.sys)(Parallel Technologies, Inc.)
[PxHelp20 / PxHelp20][Running/Boot Start]
(\SystemRoot\System32\Drivers\PxHelp20.sys)(Sonic Solutions)
[Realtek 10/100/1000 PCI-E NIC Family NDIS XP Driver / RTLE8023xp][Running/Manual Start]
(system32\DRIVERS\Rtenicxp.sys)(Realtek Semiconductor Corporation)
[SafeBoxKrnl / SafeBoxKrnl][Running/System Start]
(\??\C:\WINDOWS\system32\drivers\SafeBoxKrnl.sys)(360安全中心)
[Secdrv / Secdrv][Stopped/Manual Start]
(system32\DRIVERS\secdrv.sys)(Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.)
[TCP/IP Protocol Driver / Tcpip][Running/System Start]
(system32\DRIVERS\tcpip.sys)(Microsoft Corporation)
[TesSafe / TesSafe][Stopped/Manual Start]
(\??\C:\WINDOWS\system32\TesSafe.sys)(TENCENT)
[Windows Driver Foundation - User-mode Driver Framework Platform Driver / WudfPf][Stopped/Manual Start]
(system32\DRIVERS\WudfPf.sys)(Microsoft Corporation)
[Windows Driver Foundation - User-mode Driver Framework Reflector / WudfRd][Stopped/Manual Start]
(system32\DRIVERS\wudfrd.sys)(Microsoft Corporation)
[VIMICRO USB PC Camera / ZSMC302][Running/Manual Start]
(System32\Drivers\usbVM31b.sys)(VM)
[643187 / 643187][Stopped/]
(2 - 系统找不到指定的文件。
)(N/A)
gototop
 
啊vs水
头像
初生襁褓狮
  • 帖子:28
  • 注册: 2007-09-25
  • 来自:
发表于: 2008-12-03 18:19 | 只看楼主 短消息 资料
字号: 5楼

回复:未知系统文件被劫持,以下是一些详细信息如何处理

浏览器加载项

[SafeMon Class]
{B69F34DD-F0F9-42DC-9EDD-957187DA688D} (D:\Program Files\360safe\safemon\safemon.dll, (Signed) 360.CN)
[启动迅雷5]
{09BA8F6D-CB54-424B-839C-C2A6C8E6B436} (D:\Program Files\Thunder Network\Thunder\Thunder.exe, (Signed) Thunder Networking Technologies,LTD)
[信息检索(&R)]
{92780B25-18CC-41C8-B9BE-3C9C571A8263} (D:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL, (Signed) Microsoft Corporation)
[]
{e2e2dd38-d088-4134-82b7-f2ba38496583} (%windir%\Network Diagnostic\xpnetdiag.exe, (Signed) N/A)
[Messenger]
{FB5F1910-F110-11d2-BB9E-00C04F795683} (D:\Program Files\Messenger\msmsgs.exe, (Signed) Microsoft Corporation)
[]
{00000000-12C9-4305-82F9-43058F20E8D2} (, )
[]
{00EF2092-6AC5-47C0-BD25-CF2D5D657FEB} (, )
[ThunderAtOnce Class]
{01443AEC-0FD1-40FD-9C87-E93D1494C233} (D:\Program Files\Thunder Network\Thunder\ComDlls\TDAtOnce_Now.dll, (Signed) Thunder Networking Technologies,LTD)
[DataCtl Class]
{0468C085-CA5B-11D0-AF08-00609797F0E0} (D:\PROGRA~1\MICROS~2\Office12\OUTLCTL.DLL, (Signed) )
[]
{09BA8F6D-CB54-424B-839C-C2A6C8E6B436} (, )
[]
{10A8FBB1-3F62-832B-A7CF-17F3DFBB4985} (, )
[MozheFileInfo Class]
{167C309A-0508-4739-8E5E-6C7128ACE805} (D:\Program Files\Mozhe\AnanClient\ExtensionDLL.dll, N/A)
[]
{18DF081C-E8AD-4283-A596-FA578C2EBDC3} (, )
[]
{2318C2B1-4965-11D4-9B18-009027A5CD4F} (, )
[XML DOM Document]
{2933BF90-7B36-11D2-B20E-00C04F983E60} (%SystemRoot%\system32\msxml3.dll, (Signed) N/A)
[XML Document]
{48123BC4-99D9-11D1-A6B3-00C04FD91555} (%SystemRoot%\system32\msxml3.dll, (Signed) N/A)
[Thunder Agent Class]
{485463B7-8FB2-4B3B-B29B-8B919B0EACCE} (D:\Program Files\Thunder Network\Thunder\ComDlls\ThunderAgent_Now.dll, (Signed) Thunder Networking Technologies,LTD)
[Microsoft Terminal Services Client Control (redist)]
{4eb89ff4-7f78-4a0f-8b8d-2bf02e94e4b2} (%systemroot%\system32\mstscax.dll, (Signed) N/A)
[Microsoft Terminal Services Client Control (redist)]
{4EDCB26C-D24C-4e72-AF07-B576699AC0DE} (%systemroot%\system32\mstscax.dll, (Signed) N/A)
[XML Data Source Object]
{550DDA30-0541-11D2-9CA9-0060B0EC3D39} (%SystemRoot%\system32\msxml3.dll, (Signed) N/A)
[Shell Name Space]
{55136805-B2DE-11D1-B9F2-00A0C98BC547} (C:\WINDOWS\system32\ieframe.dll, (Signed) Microsoft Corporation)
[XMP Class]
{6483F145-A768-4C41-AACC-52D4D7845851} (C:\Documents and Settings\All Users\Application Data\Thunder Network\KanKan\xplayer.dll_1_work, Xunlei Networking Technologies,LTD)
[Windows Media Player]
{6BF52A52-394A-11D3-B153-00C04F79FAA6} (C:\WINDOWS\system32\wmp.dll, (Signed) Microsoft Corporation)
[Microsoft Terminal Services Client Control (redist)]
{7390f3d8-0439-4c05-91e3-cf5cb290c3d0} (%systemroot%\system32\mstscax.dll, (Signed) N/A)
[Microsoft Terminal Services Client Control (redist)]
{7584c670-2274-4efb-b00b-d6aaba6d3850} (%systemroot%\system32\mstscax.dll, (Signed) N/A)
[MediaComm Class]
{7670648D-461B-42AF-BDFE-46D26AF5EFF2} (D:\Program Files\Thunder Network\Thunder\Components\InMedia\MediaAddin18.dll, (Signed) Thunder Networking Technologies,LTD)
[XDownloaddManager Class]
{802F530B-A8F6-4631-AE49-6BACAAC6373E} (D:\Program Files\Thunder Network\Thunder\ComDlls\xunleiBHO_Now.dll, (Signed) Thunder Networking Technologies,LTD)
[360SafeLive]
{87515F61-A66C-4319-A0E0-D416CB8059E3} (D:\Program Files\360safe\live.dll, (Signed) 360.cn)
[Microsoft Web Browser]
{8856F961-340A-11D0-A96B-00C04FD705A2} (C:\WINDOWS\system32\ieframe.dll, (Signed) Microsoft Corporation)
[Thunder Browser Helper]
{889D2FEB-5411-4565-8998-1DD2C5261283} (D:\Program Files\Thunder Network\Thunder\ComDlls\xunleiBHO_Now.dll, (Signed) Thunder Networking Technologies,LTD)
[XML DOM Document 5.0]
{88D969E5-F192-11D4-A65F-0040963251E5} (D:\Program Files\Common Files\Microsoft Shared\OFFICE11\msxml5.dll, (Signed) Microsoft Corporation)
[XML DOM Document 6.0]
{88D96A05-F192-11D4-A65F-0040963251E5} (C:\WINDOWS\system32\msxml6.dll, (Signed) Microsoft Corporation)
[Microsoft Terminal Services Client Control (redist)]
{9059f30f-4eb1-4bd2-9fdc-36f43a218f4a} (%systemroot%\system32\mstscax.dll, (Signed) N/A)
[]
{92780B25-18CC-41C8-B9BE-3C9C571A8263} (, )
[]
{98B7C13A-E9CD-4959-8B46-FBEAB41E42A8} (, )
[]
{AA58ED58-01DD-4D91-8333-CF10577473F7} (, )
[DapCtrl Class]
{ACACC6EB-1FBA-4E13-A729-53AEB2DF54F8} (D:\Program Files\Common Files\Thunder Network\KanKan\DapCtrl.2.2.5807.96.(189).dll, (Signed) ShenZhen Thunder Networking Technologies Ltd.)
[SafeMon Class]
{B69F34DD-F0F9-42DC-9EDD-957187DA688D} (D:\Program Files\360safe\safemon\safemon.dll, (Signed) 360.CN)
[QQPlayerCtrl Class]
{CD108273-D434-43E6-AA90-1469F97EB398} (D:\Program Files\Tencent\QQMusic\QzoneMusic.dll, (Signed) 深圳腾讯科技)
[AUDIO__MP3 Moniker Class]
{CD3AFA76-B84F-48F0-9393-7EDC34128127} (C:\WINDOWS\system32\wmp.dll, (Signed) Microsoft Corporation)
[]
{CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7} (, )
[Shockwave Flash Object]
{D27CDB6E-AE6D-11CF-96B8-444553540000} (C:\WINDOWS\system32\Macromed\Flash\Flash10a.ocx, (Signed) Adobe Systems, Inc.)
[Microsoft Silverlight]
{DFEAF541-F3E1-4C24-ACAC-99C30715084A} (D:\Program Files\Microsoft Silverlight\2.0.31005.0\npctrl.dll, (Signed) Microsoft Corporation)
[PlayerCtrl Class]
{E05BC2A3-9A46-4A32-80C9-023A473F5B23} (D:\Program Files\Tencent\QQMusic\QzoneMusic.dll, (Signed) 深圳腾讯科技)
[]
{E2E2DD38-D088-4134-82B7-F2BA38496583} (, )
[XML HTTP Request]
{ED8C108E-4349-11D2-91A4-00C04F7969E8} (%SystemRoot%\system32\msxml3.dll, (Signed) N/A)
[XPPlayer Class]
{F3E70CEA-956E-49CC-B444-73AFE593AD7F} (D:\Program Files\Common Files\Thunder Network\KanKan\PPlayer.2.1.5871.228.(189).dll, (Signed) Xunlei Networking Technologies,LTD)
[XML DOM Document 3.0]
{F5078F32-C551-11D3-89B9-0000F81FE221} (%SystemRoot%\system32\msxml3.dll, (Signed) N/A)
[Free Threaded XML DOM Document 3.0]
{F5078F33-C551-11D3-89B9-0000F81FE221} (%SystemRoot%\system32\msxml3.dll, (Signed) N/A)
[XML HTTP 3.0]
{F5078F35-C551-11D3-89B9-0000F81FE221} (%SystemRoot%\system32\msxml3.dll, (Signed) N/A)
[XSL Template 3.0]
{F5078F36-C551-11D3-89B9-0000F81FE221} (%SystemRoot%\system32\msxml3.dll, (Signed) N/A)
[Mozhe BHOFilter Class]
{F5617BD8-4B67-49CE-85FD-16D75292B1BC} (D:\Program Files\Mozhe\AnanClient\IEUrlFilter.dll, N/A)
[XML DOM Document]
{F6D90F11-9C73-11D3-B32E-00C04F990BB4} (%SystemRoot%\system32\msxml3.dll, (Signed) N/A)
[XML HTTP]
{F6D90F16-9C73-11D3-B32E-00C04F990BB4} (%SystemRoot%\system32\msxml3.dll, (Signed) N/A)
[]
{FB5F1910-F110-11D2-BB9E-00C04F795683} (, )
[使用迅雷下载]
(D:\Program Files\Thunder Network\Thunder\Program\GetUrl.htm, N/A)
[使用迅雷下载全部链接]
(D:\Program Files\Thunder Network\Thunder\Program\GetAllUrl.htm, N/A)
[导出到 Microsoft Excel(&X)]
(res://D:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000, N/A)
[添加到QQ表情]
(D:\Program Files\Tencent\QQ\AddEmotion.htm, N/A)



--------------------------------------------------------------------------------
gototop
 
天月来了
头像
版主
  • 帖子:76904
  • 注册: 2007-02-06
  • 来自:
发表于: 2008-12-03 18:19 | 短消息 资料
字号: 6楼

回复:未知系统文件被劫持,以下是一些详细信息如何处理

又一个不看回帖内容

只顾自己发着玩的
gototop
 
啊vs水
头像
初生襁褓狮
  • 帖子:28
  • 注册: 2007-09-25
  • 来自:
发表于: 2008-12-03 18:23 | 只看楼主 短消息 资料
字号: 7楼

回复:未知系统文件被劫持,以下是一些详细信息如何处理

正在运行的进程

[PID: 588 / SYSTEM][\SystemRoot\System32\smss.exe] [(Verified) Microsoft Corporation, 5.1.2600.5512 (xpsp.080413-2111)]
[PID: 640 / SYSTEM][\??\C:\WINDOWS\system32\csrss.exe] [(Verified) Microsoft Corporation, 5.1.2600.5512 (xpsp.080413-2111)]
[PID: 668 / SYSTEM][\??\C:\WINDOWS\system32\winlogon.exe] [(Verified) Microsoft Corporation, 5.1.2600.5512 (xpsp.080413-2113)]
[C:\WINDOWS\system32\Ati2evxx.dll] [ATI Technologies Inc., 6.14.10.4132]
[PID: 712 / SYSTEM][C:\WINDOWS\system32\services.exe] [(Verified) Microsoft Corporation, 5.1.2600.5512 (xpsp.080413-2111)]
[PID: 724 / SYSTEM][C:\WINDOWS\system32\lsass.exe] [(Verified) Microsoft Corporation, 5.1.2600.5512 (xpsp.080413-2113)]
[PID: 884 / SYSTEM][C:\WINDOWS\system32\Ati2evxx.exe] [ATI Technologies Inc., 6.14.10.4132]
[C:\WINDOWS\system32\Ati2edxx.dll] [ATI Technologies, Inc., 6, 14, 10, 2500]
[PID: 908 / SYSTEM][C:\WINDOWS\system32\svchost.exe] [(Verified) Microsoft Corporation, 5.1.2600.5512 (xpsp.080413-2111)]
[PID: 984 / NETWORK SERVICE][C:\WINDOWS\system32\svchost.exe] [(Verified) Microsoft Corporation, 5.1.2600.5512 (xpsp.080413-2111)]
[PID: 1084 / SYSTEM][C:\WINDOWS\System32\svchost.exe] [(Verified) Microsoft Corporation, 5.1.2600.5512 (xpsp.080413-2111)]
[PID: 1180 / NETWORK SERVICE][C:\WINDOWS\system32\svchost.exe] [(Verified) Microsoft Corporation, 5.1.2600.5512 (xpsp.080413-2111)]
[PID: 1252 / LOCAL SERVICE][C:\WINDOWS\system32\svchost.exe] [(Verified) Microsoft Corporation, 5.1.2600.5512 (xpsp.080413-2111)]
[PID: 1428 / SYSTEM][C:\WINDOWS\system32\spoolsv.exe] [(Verified) Microsoft Corporation, 5.1.2600.5512 (xpsp.080413-0852)]
[C:\WINDOWS\system32\fppmon3.dll] [FinePrint Software, LLC, 3.17]
[C:\WINDOWS\system32\fppr332.dll] [FinePrint Software, LLC, 3.17]
[C:\WINDOWS\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_6b128700\MSVCR80.dll] [Microsoft Corporation, 8.00.50727.762]
[C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\fppint3.dll] [FinePrint Software, LLC, 3.17]
[C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\fppr332.dll] [FinePrint Software, LLC, 3.17]
[C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\fppgraf3.dll] [FinePrint Software, LLC, 3.17]
[PID: 1600 / SYSTEM][D:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe] [ESET, 3.0.669 ]
[C:\WINDOWS\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_6b128700\MSVCP80.dll] [Microsoft Corporation, 8.00.50727.762]
[C:\WINDOWS\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_6b128700\MSVCR80.dll] [Microsoft Corporation, 8.00.50727.762]
[D:\Program Files\ESET\ESET NOD32 Antivirus\ekrnScan.dll] [ESET, 3.0.669 ]
[D:\Program Files\ESET\ESET NOD32 Antivirus\ekrnAmon.dll] [ESET, 3.0.669 ]
[D:\Program Files\ESET\ESET NOD32 Antivirus\ekrnEmon.dll] [ESET, 3.0.669 ]
[D:\Program Files\ESET\ESET NOD32 Antivirus\ekrnEpfw.dll] [ESET, 3.0.669 ]
[D:\Program Files\ESET\ESET NOD32 Antivirus\ekrnUpdate.dll] [ESET, 3.0.669 ]
[D:\Program Files\ESET\ESET NOD32 Antivirus\updater.dll] [ESET, 3.0.669 ]
[D:\Program Files\ESET\ESET NOD32 Antivirus\ekrnMailPlugins.dll] [ESET, 3.0.669 ]
[PID: 1684 / SYSTEM][D:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe] [Microsoft Corporation, 7.10.3077]
[D:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\2052\mdmui.dll] [Microsoft Corporation, 7.10.3077]
[D:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\msdbg2.dll] [Microsoft Corporation, 7.10.3077]
[PID: 1788 / SYSTEM][C:\WINDOWS\system32\svchost.exe] [(Verified) Microsoft Corporation, 5.1.2600.5512 (xpsp.080413-2111)]
[PID: 380 / 015403][C:\WINDOWS\system32\Ati2evxx.exe] [ATI Technologies Inc., 6.14.10.4132]
[C:\WINDOWS\system32\Ati2edxx.dll] [ATI Technologies, Inc., 6, 14, 10, 2500]
[PID: 500 / 015403][C:\WINDOWS\Explorer.EXE] [(Verified) Microsoft Corporation, 6.00.2900.5512 (xpsp.080413-2105)]
[D:\Program Files\360safe\safemon\safemon.dll] [360.CN, 4, 2, 0, 1005]
[D:\Program Files\Common Files\Adobe\Acrobat\ActiveX\PDFShell.CHS] [Adobe Systems, Inc., 9.0.0.0]
[D:\Program Files\WinRAR\rarext.dll] [N/A, ]
[D:\Program Files\Tencent\QQ\qdshm.dll] [, 1, 0, 101, 20]
[D:\Program Files\ESET\ESET NOD32 Antivirus\shellExt.dll] [ESET, 3.0.669 ]
[C:\WINDOWS\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_6b128700\MSVCR80.dll] [Microsoft Corporation, 8.00.50727.762]
[D:\Program Files\Common Files\Adobe\Acrobat\ActiveX\PDFShell.dll] [Adobe Systems, Inc., 9.0.0.2008061100]
[C:\WINDOWS\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_6b128700\MSVCP80.dll] [Microsoft Corporation, 8.00.50727.762]
[C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\fppint3.dll] [FinePrint Software, LLC, 3.17]
[C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\fppr332.dll] [FinePrint Software, LLC, 3.17]
[C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\fppgraf3.dll] [FinePrint Software, LLC, 3.17]
[PID: 540 / 015403][C:\WINDOWS\system32\ctfmon.exe] [(Verified) Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 1232 / LOCAL SERVICE][C:\WINDOWS\System32\alg.exe] [(Verified) Microsoft Corporation, 5.1.2600.5512 (xpsp.080413-0852)]
[PID: 1376 / 015403][C:\WINDOWS\RTHDCPL.EXE] [Realtek Semiconductor Corp., 2.0.6.6]
[D:\Program Files\360safe\safemon\safemon.dll] [360.CN, 4, 2, 0, 1005]
[PID: 1544 / 015403][C:\WINDOWS\VM_STI.EXE] [BIGDOG, 4, 2, 610, 4]
[C:\WINDOWS\system32\msdmo.dll] [, ]
[C:\WINDOWS\system32\VM31bPrp.Ax] [Vimicro, 1.00.01.00]
[PID: 1588 / 015403][D:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe] [ESET, 3.0.669 ]
[C:\WINDOWS\WinSxS\x86_Microsoft.VC80.MFC_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_3bf8fa05\MFC80U.DLL] [Microsoft Corporation, 8.00.50727.762]
[C:\WINDOWS\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_6b128700\MSVCR80.dll] [Microsoft Corporation, 8.00.50727.762]
[C:\WINDOWS\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_91481303\MFC80CHS.DLL] [Microsoft Corporation, 8.00.50727.762]
[D:\Program Files\360safe\safemon\safemon.dll] [360.CN, 4, 2, 0, 1005]
[D:\Program Files\ESET\ESET NOD32 Antivirus\eguiScan.dll] [ESET, 3.0.669 ]
[D:\Program Files\ESET\ESET NOD32 Antivirus\eguiAmon.dll] [ESET, 3.0.669 ]
[D:\Program Files\ESET\ESET NOD32 Antivirus\eguiEmon.dll] [ESET, 3.0.669 ]
[D:\Program Files\ESET\ESET NOD32 Antivirus\eguiEpfw.dll] [ESET, 3.0.669 ]
[D:\Program Files\ESET\ESET NOD32 Antivirus\eguiUpdate.dll] [ESET, 3.0.669 ]
[D:\Program Files\ESET\ESET NOD32 Antivirus\eguiMailPlugins.dll] [ESET, 3.0.669 ]
[PID: 1452 / 015403][D:\Program Files\360safe\antiarp\antiarp.exe] [360安全中心, 2, 0, 0, 1008]
[D:\Program Files\360safe\safemon\safemon.dll] [360.CN, 4, 2, 0, 1005]
[PID: 3072 / 015403][D:\Program Files\Internet Explorer\iexplore.exe] [Microsoft Corporation, 8.00.6001.18241 (longhorn_ie8_beta2(wmbla).080822-0214)]
[D:\Program Files\360safe\safemon\safemon.dll] [360.CN, 4, 2, 0, 1005]
[PID: 3108 / 015403][D:\Program Files\Internet Explorer\iexplore.exe] [Microsoft Corporation, 8.00.6001.18241 (longhorn_ie8_beta2(wmbla).080822-0214)]
[D:\Program Files\360safe\safemon\safemon.dll] [360.CN, 4, 2, 0, 1005]
[C:\WINDOWS\system32\Macromed\Flash\Flash10a.ocx] [Adobe Systems, Inc., 10,0,12,36]
[PID: 3256 / 015403][D:\Program Files\Internet Explorer\iexplore.exe] [Microsoft Corporation, 8.00.6001.18241 (longhorn_ie8_beta2(wmbla).080822-0214)]
[D:\Program Files\360safe\safemon\safemon.dll] [360.CN, 4, 2, 0, 1005]
[C:\WINDOWS\system32\Macromed\Flash\Flash10a.ocx] [Adobe Systems, Inc., 10,0,12,36]
[PID: 3432 / 015403][D:\Program Files\Internet Explorer\iexplore.exe] [Microsoft Corporation, 8.00.6001.18241 (longhorn_ie8_beta2(wmbla).080822-0214)]
[D:\Program Files\360safe\safemon\safemon.dll] [360.CN, 4, 2, 0, 1005]
[C:\WINDOWS\system32\Macromed\Flash\Flash10a.ocx] [Adobe Systems, Inc., 10,0,12,36]
[PID: 3796 / 015403][D:\Program Files\Internet Explorer\iexplore.exe] [Microsoft Corporation, 8.00.6001.18241 (longhorn_ie8_beta2(wmbla).080822-0214)]
[D:\Program Files\360safe\safemon\safemon.dll] [360.CN, 4, 2, 0, 1005]
[C:\WINDOWS\system32\Macromed\Flash\Flash10a.ocx] [Adobe Systems, Inc., 10,0,12,36]
[D:\Program Files\Thunder Network\Thunder\ComDlls\xunleiBHO_Now.dll] [Thunder Networking Technologies,LTD, 5, 0, 8, 120]
[PID: 464 / 015403][D:\Program Files\Thunder Network\Thunder\Program\Thunder5.exe] [Thunder Networking Technologies,LTD, 5.8.7.625]
[D:\Program Files\Thunder Network\Thunder\Program\BugReport.dll] [Thunder Networking Technologies,LTD, 1, 4, 1, 20]
[D:\Program Files\360safe\safemon\safemon.dll] [360.CN, 4, 2, 0, 1005]
[D:\Program Files\Thunder Network\Thunder\Program\TaskManager.dll] [Thunder Networking Technologies,LTD, 1, 3, 10, 72]
[D:\Program Files\Thunder Network\Thunder\Program\download_interface.dll] [Thunder Networking Technologies,LTD, 3, 3, 2, 325]
[D:\Program Files\Thunder Network\Thunder\Program\mp.dll] [Thunder Networking Technologies,LTD, 1, 0, 2, 2]
[C:\WINDOWS\system32\MSVCP71.dll] [Microsoft Corporation, 7.10.3077.0]
[C:\WINDOWS\system32\MSVCR71.dll] [Microsoft Corporation, 7.10.3052.4]
[D:\Program Files\Thunder Network\Thunder\Program\asyn_frame.dll] [Thunder Networking Technologies,LTD, 1, 4, 2, 30]
[D:\Program Files\Thunder Network\Thunder\Program\ATL71.DLL] [Microsoft Corporation, 7.10.3077.0]
[D:\Program Files\Thunder Network\Thunder\Program\XLNet.Dll] [Thunder Networking Technologies,LTD, 1, 5, 2, 25]
[D:\Program Files\Thunder Network\Thunder\Program\BHOStub.dll] [Thunder Networking Technologies,LTD, 1, 1, 1, 10]
[D:\Program Files\Thunder Network\Thunder\Components\DownAndPlay\DownAndPlay.dll] [, 1, 0, 12, 30]
[D:\Program Files\Thunder Network\Thunder\Program\backend_agent.dll] [Thunder Networking Technologies,LTD, 1, 1, 2, 25]
[D:\Program Files\Thunder Network\Thunder\Program\zlib1.dll] [, 1.2.3]
[D:\Program Files\Thunder Network\Thunder\Program\p2sp.dll] [Thunder Networking Technologies,LTD, 1, 1, 2, 43]
[D:\Program Files\Thunder Network\Thunder\Program\fs.dll] [Thunder Networking Technologies,LTD, 1, 1, 2, 13]
[D:\Program Files\Thunder Network\Thunder\Program\down_dispatcher.dll] [Thunder Networking Technologies,LTD, 1, 0, 2, 29]
[D:\Program Files\Thunder Network\Thunder\Program\ptl.dll] [Thunder Networking Technologies,LTD, 3, 2, 2, 35]
[D:\Program Files\Thunder Network\Thunder\Program\dl_peer_id.dll] [Thunder Networking Technologies,LTD, 3, 1, 2, 3]
[D:\Program Files\Thunder Network\Thunder\Program\xl_stat.dll] [, 1, 0, 2, 7]
[D:\Program Files\Thunder Network\Thunder\Program\p2p_network_com.dll] [, 1, 0, 2, 25]
[D:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\pdm.dll] [Microsoft Corporation, 7.10.3077]
[D:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\2052\mdmui.dll] [Microsoft Corporation, 7.10.3077]
[D:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\msdbg2.dll] [Microsoft Corporation, 7.10.3077]
[D:\Program Files\Thunder Network\Thunder\Program\iTargetAD.dll] [Thunder Networking Technologies,LTD, 1, 0, 4, 35]
[C:\WINDOWS\system32\Macromed\Flash\Flash10a.ocx] [Adobe Systems, Inc., 10,0,12,36]
[D:\Program Files\Thunder Network\Thunder\Program\p2p_upload.dll] [Thunder Networking Technologies,LTD, 1,1,2,13]
[D:\Program Files\Thunder Network\Thunder\Program\p2p.dll] [Thunder Networking Technologies,LTD, 1,1,2,37]
[D:\Program Files\Thunder Network\Thunder\Program\xldc.dll] [Thunder Networking Technologies,LTD, 3, 6, 2, 24]
[D:\Program Files\Thunder Network\Thunder\Program\stream.dll] [Thunder Networking Technologies,LTD, 2, 1, 2, 404]
[D:\Program Files\Thunder Network\Thunder\Program\p2p_local_res.dll] [Thunder Networking Technologies,LTD, 1,1,2,18]
[D:\Program Files\Thunder Network\Thunder\Program\al.dll] [Thunder Networking Technologies,LTD, 1,1,2,23]
[C:\WINDOWS\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_6b128700\MSVCR80.dll] [Microsoft Corporation, 8.00.50727.762]
[D:\Program Files\Thunder Network\Thunder\Components\InMedia\iEmbedShell.dll] [ , 1, 0, 2, 25]
[D:\Program Files\Thunder Network\Thunder\Components\InMedia\iEmbed19.dll] [Thunder Networking Technologies,LTD, 3, 4, 10, 117]
[D:\Program Files\Thunder Network\Thunder\Components\InMedia\PlayerHelper.dll] [thunder, 1, 2, 7, 61]
[D:\Program Files\Thunder Network\Thunder\Components\InMedia\XLIPC.DLL] [Thunder Networking Technologies,LTD, 1, 0, 0, 2]
[D:\Program Files\Thunder Network\Thunder\Components\P4PClient\P4PClient.dll] [Thunder Networking Technologies,LTD, 2, 2, 5, 70]
[D:\Program Files\Thunder Network\Thunder\Components\Community\XLCommunity.dll] [Thunder Networking Technologies,LTD, 2, 6, 0, 99]
[D:\Program Files\Thunder Network\Thunder\Program\RegisterDll.dll] [Thunder Networking Technologies,LTD, 2, 17, 0, 67]
[D:\Program Files\Thunder Network\Thunder\Program\MSVCIRT.dll] [Microsoft Corporation, 7.0.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[D:\Program Files\Thunder Network\Thunder\Program\imdt.dll] [Thunder Networking Technologies,LTD, 1.2.0.21]
[D:\Program Files\Thunder Network\Thunder\Components\Security\ThunderSafe.dll] [深圳市迅雷网络技术有限公司, 2, 1, 7, 102]
[D:\Program Files\Thunder Network\Thunder\Components\Security\ConfigManager.dll] [深圳市迅雷网络技术有限公司, 1, 0, 0, 1]
[D:\Program Files\Thunder Network\Thunder\Components\Security\SafeManager.dll] [Xunlei Networking Technologies,LTD, 1, 0, 5, 20]
[D:\Program Files\Thunder Network\Thunder\Components\Security\SafeStatistic.dll] [Xunlei Networking Technologies,LTD, 1, 0, 0, 1]
[D:\Program Files\Thunder Network\Thunder\Program\XLNetU.Dll] [Thunder Networking Technologies,LTD, 1, 5, 1, 24]
[D:\Program Files\Thunder Network\Thunder\Components\Community\audioCtrl.dll] [Thunder Networking Technologies,LTD, 1, 0, 2, 2]
[D:\Program Files\Thunder Network\Thunder\Components\Community\xlaudio.dll] [, 1, 0, 2, 4]
[D:\Program Files\Thunder Network\Thunder\Program\xlvdt.dll] [Thunder Networking Technologies,LTD, 1.0.2.6]
[D:\Program Files\Thunder Network\Thunder\Plugins\XLSafeHost\XLSafeHost.dll] [深圳市迅雷网络技术有限公司, 1, 2, 9, 90]
[D:\Program Files\Thunder Network\Thunder\Components\InMedia\MediaAddin18.dll] [Thunder Networking Technologies,LTD, 3, 1, 6, 81]
[D:\Program Files\Thunder Network\Thunder\Components\Search\XLSearch.dll] [Thunder Networking Technologies,LTD, 1, 1, 7, 25]
[D:\Program Files\Thunder Network\Thunder\Program\LiveUpdate.dll] [Thunder Networking Technologies,LTD, 1, 2, 4, 26]
[D:\Program Files\Thunder Network\Thunder\Components\XLSoftBase\DrThunderHost.dll] [深圳市迅雷网络技术有限公司, 1.0.0.11]
[D:\Program Files\Thunder Network\Thunder\Components\XLSoftBase\DrKernel.dll] [深圳市迅雷网络技术有限公司, 1.0.0.6]
[D:\Program Files\Thunder Network\Thunder\Components\XLSoftBase\DrSoftIdentifier.dll] [深圳市迅雷网络技术有限公司, 1.0.0.9]
[D:\Program Files\Thunder Network\Thunder\Components\XLSoftBase\DrUpdate.dll] [深圳市迅雷网络技术有限公司, 1.1.0.4]
[D:\Program Files\Thunder Network\Thunder\Plugins\GouGouTop\GouGouTop.dll] [Thunder Networking Technologies,LTD, 1, 0, 2, 5]
[D:\Program Files\Thunder Network\Thunder\Plugins\KanKanTop\KanKanTop.dll] [Thunder Networking Technologies,LTD, 1, 0, 0, 4]
[D:\Program Files\Thunder Network\Thunder\Components\ExplorerHelper\ExplorerHelper.dll] [Thunder Networking Technologies,LTD, 1, 0, 4, 25]
[D:\Program Files\Thunder Network\Thunder\Components\Tips\TipsClient.dll] [Thunder Networking Technologies,LTD, 3, 0, 0, 125]
[D:\Program Files\Thunder Network\Thunder\Components\Tips\XLSkin.dll] [Thunder Networking Technologies,LTD, 1, 0, 0, 2]
[D:\Program Files\Thunder Network\Thunder\Components\VPSHELL\VPSHELL.dll] [迅雷网络, 4, 0, 0, 38]
[D:\Program Files\Thunder Network\Thunder\Program\emule_id.dll] [, 1, 0, 2, 11]
[D:\Program Files\Thunder Network\Thunder\Components\UserExperience\UserExperience.dll] [Thunder Networking Technologies,LTD, 1, 0, 3, 5]
[D:\Program Files\Thunder Network\Thunder\Components\ResWorker\DsXlCom.dll] [, 1, 0, 0, 30]
[D:\Program Files\Thunder Network\Thunder\Components\ResWorker\DataProcessor_00.dll] [Thunder Networking Technologies,LTD, 1, 0, 0, 16]
[D:\Program Files\Thunder Network\Thunder\Components\ResWorker\MediaWorker.dll] [Thunder Networking Technologies,LTD, 1, 2, 0, 22]
[D:\Program Files\Thunder Network\Thunder\Components\DownloadStat\DownloadStat.dll] [Thunder Networking Technologies,LTD, 1, 4, 1, 6]
[D:\Program Files\Thunder Network\Thunder\Program\bd.dll] [Thunder Networking Technologies,LTD, 1, 0, 2, 19]
[PID: 3884 / 015403][D:\Program Files\Tencent\QQ\TXPlatform.exe] [Tencent, 1, 5, 225, 0]
[D:\Program Files\360safe\safemon\safemon.dll] [360.CN, 4, 2, 0, 1005]
[PID: 2536 / 015403][C:\Documents and Settings\015403\桌面\sreng2\SREngLdr.EXE] [Smallfrogs Studio, 2.7.0.1210]
[PID: 2732 / 015403][C:\Documents and Settings\015403\桌面\sreng2\SREbd77c93d.EXE] [Smallfrogs Studio, 2.7.0.1210]
[D:\Program Files\360safe\safemon\safemon.dll] [360.CN, 4, 2, 0, 1005]
[C:\Documents and Settings\015403\桌面\sreng2\Upload\3rdUpd.DLL] [Smallfrogs Studio, 2, 1, 0, 15]
[PID: 1488 / 015403][C:\WINDOWS\system32\conime.exe] [(Verified) Microsoft Corporation, 5.1.2600.5512 (xpsp.080413-2105)]
[D:\Program Files\360safe\safemon\safemon.dll] [360.CN, 4, 2, 0, 1005]--------------------------------------------------------------------------------
文件关联
.TXT OK. [%SystemRoot%\system32\NOTEPAD.EXE %1]
.EXE OK. ["%1" %*]
.COM OK. ["%1" %*]
.PIF OK. ["%1" %*]
.REG OK. [regedit.exe "%1"]
.BAT OK. ["%1" %*]
.SCR OK. ["%1" /S]
.CHM OK. ["C:\WINDOWS\hh.exe" %1]
.HLP OK. [%SystemRoot%\system32\winhlp32.exe %1]
.INI OK. [%SystemRoot%\system32\NOTEPAD.EXE %1]
.INF OK. [%SystemRoot%\system32\NOTEPAD.EXE %1]
.VBS OK. [%SystemRoot%\System32\WScript.exe "%1" %*]
.JS OK. [%SystemRoot%\System32\WScript.exe "%1" %*]
.LNK OK. [{00021401-0000-0000-C000-000000000046}]
--------------------------------------------------------------------------------Winsock 提供者
N/A
--------------------------------------------------------------------------------Autorun.inf
N/A
--------------------------------------------------------------------------------
HOSTS 文件
127.0.0.1 c0mo.com
127.0.0.1 gxgxy.net
127.0.0.1 pvs360.com
127.0.0.1 sl8cjs.cn
127.0.0.1 windowsupdeta.cn
127.0.0.1 up.22x44.com
127.0.0.1 my.531jx.cn
127.0.0.1 nx.51ylb.cn
127.0.0.1 llboss.com
127.0.0.1 down.malasc.cn
127.0.0.1 d2.llsging.com
127.0.0.1 171817.171817.com
127.0.0.1 wg.47255.com
127.0.0.1 www.tomwg.com
127.0.0.1 tp.shpzhan.cn
127.0.0.1 1.joppnqq.com
127.0.0.1 xx.exiao01.com
127.0.0.1 www.22aaa.com
127.0.0.1 ilove.com
127.0.0.1 xxx.mmma.biz
127.0.0.1 www.868wg.com
127.0.0.1 2.joppnqq.com
127.0.0.1 1.jopanqc.com
127.0.0.1 yu.8s7.net
127.0.0.1 1.jopmmqq.com
127.0.0.1 cao.kv8.info
127.0.0.1 xtx.kv8.info
127.0.0.1 new.749571.com
127.0.0.1 xxx.vh7.biz
127.0.0.1 1.jopenkk.com
127.0.0.1 d.93se.com
127.0.0.1 3.joppnqq.com
127.0.0.1 xxx.j41m.com
127.0.0.1 1.jopenqc.com
127.0.0.1 xxx.m111.biz
127.0.0.1 down.18dd.net
127.0.0.1 www.333292.com
127.0.0.1 qqq.hao1658.com
127.0.0.1 qqq.dzydhx.com
127.0.0.1 www.exiao01.com
127.0.0.1 www.cike007.cn



--------------------------------------------------------------------------------



进程特权扫描

特殊特权被允许: SeLoadDriverPrivilege [PID = 1376, C:\WINDOWS\RTHDCPL.EXE]
特殊特权被允许: SeLoadDriverPrivilege [PID = 1544, C:\WINDOWS\VM_STI.EXE]
特殊特权被允许: SeLoadDriverPrivilege [PID = 2536, C:\DOCUMENTS AND SETTINGS\015403\桌面\SRENG2\SRENGLDR.EXE]



--------------------------------------------------------------------------------



计划任务

[已启用] User_Feed_Synchronization-{69D2927E-2B9F-407E-98A9-AD295ECCEF46}.job
C:\WINDOWS\system32\msfeedssync.exe
API HOOK
N/A
隐藏进程
N/A
gototop
 
天月来了
头像
版主
  • 帖子:76904
  • 注册: 2007-02-06
  • 来自:
发表于: 2008-12-03 18:45 | 短消息 资料
字号: 8楼

回复:未知系统文件被劫持,以下是一些详细信息如何处理

建议日志文件以附件形式发来
点击我这贴右下角的“引用”或最右下角的那个较大的“回复”然后就应该知道怎么发了。
请不要开新贴发日志,就原贴接贴发日志即可。
gototop
 
啊vs水
头像
初生襁褓狮
  • 帖子:28
  • 注册: 2007-09-25
  • 来自:
发表于: 2008-12-03 19:47 | 只看楼主 短消息 资料
字号: 9楼

未知系统文件被劫持,以下是一些详细信息如何处理

这个就是我用你所说的那个软件扫描的信息

附件附件:

下载次数:201
文件类型:text/plain
文件大小:
上传时间:2008-12-3 19:47:06
描述:txt
gototop
 
天月来了
头像
版主
  • 帖子:76904
  • 注册: 2007-02-06
  • 来自:
发表于: 2008-12-04 09:01 | 短消息 资料
字号: 10楼

回复:未知系统文件被劫持,以下是一些详细信息如何处理

去安全模式下重新扫描

或者断网,重启电脑,再扫描新日志来
gototop
 
<<上一主题|下一主题>>
1   1  /  1  页   跳转
页面顶部
Powered by Discuz!NT