瑞星卡卡安全论坛技术交流区反病毒/反流氓软件论坛 在线等,中了木马弹窗口,有个system.exe可疑文件,副日志0

1   1  /  1  页   跳转

[求助] 在线等,中了木马弹窗口,有个system.exe可疑文件,副日志0

收藏
哪个拉螺丝
头像
初生襁褓狮
  • 帖子:26
  • 注册: 2006-11-11
  • 来自:
发表于: 2008-12-18 22:17 | 只看楼主 短消息 资料
字号: 1楼

在线等,中了木马弹窗口,有个system.exe可疑文件,副日志0

马上幅日志,另外瑞星杀毒,防火墙都被关了

用户系统信息:Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; Foxy/2)

附件附件:

文件名:SREngLOG.log
下载次数:95
文件类型:application/octet-stream
文件大小:
上传时间:2008-12-18 22:20:26
描述:log

最后编辑哪个拉螺丝 最后编辑于 2008-12-18 22:20:26
分享到:
gototop
 
哪个拉螺丝
头像
初生襁褓狮
  • 帖子:26
  • 注册: 2006-11-11
  • 来自:
发表于: 2008-12-18 22:18 | 只看楼主 短消息 资料
字号: 2楼

回复:在线等,中了木马弹窗口,有个system.exe可疑文件,副日志0

[CODE]

2008-12-18,22:18:11

System Repair Engineer 2.6.12.1018
Smallfrogs (http://www.KZTechs.com)

Windows XP Professional Service Pack 3 (Build 2600) - 管理权限用户 - 完整功能

以下内容被选中:
    所有的启动项目(包括注册表、启动文件夹、服务等)
    浏览器加载项
    正在运行的进程(包括进程模块信息)
    文件关联
    Winsock 提供者
    Autorun.inf
    HOSTS 文件
    进程特权扫描


启动项目
注册表
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
    <ctfmon.exe><C:\WINDOWS\system32\ctfmon.exe>  [(Verified)Microsoft Windows Component Publisher]
    <eMuleAutoStart><E:\eMule\emule.exe -AutoStart>  [(Verified)"Shanghai Source Networking Technology Co., Ltd"]
    <PPS Accelerator><C:\Program Files\PPStream\ppsap.exe>  [(Verified)SHANGHAI ZHONGYUAN NETWORKS LIMITED]
[HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows]
    <load><>  [N/A]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
    <IMJPMIG8.1><"C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32>  [(Verified)Microsoft Windows Publisher]
    <PHIME2002ASync><C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC>  [(Verified)Microsoft Windows Publisher]
    <PHIME2002A><C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName>  [(Verified)Microsoft Windows Publisher]
    <nwiz><nwiz.exe /install>  []
    <SoundMan><SOUNDMAN.EXE>  [(Verified)Microsoft Windows Hardware Compatibility Publisher]
    <RfwMain><"C:\Program Files\Rising\Rfw\rfwmain.exe" -Startup>  [(Verified)Beijing Rising Information Technology Corporation Limited]
    <RavTask><"C:\Program Files\Rising\Rav\RavTask.exe" -system>  [(Verified)Beijing Rising Information Technology Corporation Limited]
    <IMSCMig><C:\PROGRA~1\COMMON~1\MICROS~1\IME\IMSC40A\IMSCMIG.EXE /Preload>  [(Verified)Microsoft Corporation]
    <Adobe Reader Speed Launcher><"C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe">  [(Verified)"Adobe Systems, Incorporated"]
    <TkBellExe><"C:\Program Files\Common Files\Real\Update_OB\realsched.exe"  -osboot>  [(Verified)"RealNetworks, Inc."]
    <DLA><C:\WINDOWS\System32\DLA\DLACTRLW.EXE>  [Sonic Solutions]
    <Grid Service><"C:\Program Files\GridService\peer.exe" -n Grid>  [FS2YOU]
    <NvCplDaemon><RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup>  [(Verified)Microsoft Windows Hardware Compatibility Publisher]
    <HBService32><System.exe>  [HB Software]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run]
    <Alcmtr><aliv64.exe>  []
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
    <shell><Explorer.exe>  [(Verified)Microsoft Windows Component Publisher]
    <Userinit><C:\WINDOWS\system32\userinit.exe,>  [(Verified)]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Windows]
    <AppInit_DLLs><HBTL.dll,HBmhly.dll,HBASKTAO.dll,HBXMJ.dll,HBWOW.dll,HBLYFX.dll>  []
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
    <UIHost><logonui.exe>  [(Verified)Microsoft Windows Component Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
    <{32CD708B-60A7-4C00-9377-D73EAA495F0F}><C:\WINDOWS\system32\RavExt.dll>  [(Verified)Beijing Rising Information Technology Corporation Limited]
    <{F65BDEC7-4BF3-4512-840F-68B166B6D7AC}><F65BDEC7.dll>  []
    <{E0D39066-96D7-4891-8527-488ADAFCD60F}><E0D39066.dll>  []
    <{9CA963CA-107C-4089-B0AB-31380F90D7E3}><9CA963CA.dll>  []
    <{E783C505-FA27-48BD-9B35-C84E5CEA523F}><E783C505.dll>  []
    <{08223B03-1B38-4A33-A83A-A4D3CC1D6E4E}><08223B03.dll>  []
    <{DFB3DAC5-B0B5-4B05-BFCF-FB42737778FA}><DFB3DAC5.dll>  []
    <{E1384213-0948-4A60-A9E3-875B191CC2E7}><E1384213.dll>  []
    <{122B901E-493F-4AD9-BC69-7DE8C3E52FCC}><122B901E.dll>  []
    <{16AF66EB-93C8-49F9-BB09-B4F87CEDCE46}><16AF66EB.dll>  []
    <{A1A6BC2E-C6A1-43C1-8884-A31D772F42B8}><A1A6BC2E.dll>  []
    <{56BC86C7-0692-4F94-A2C1-6CF1DBF8096C}><56BC86C7.dll>  []
    <{198FF3D8-56F1-466B-A36F-F9C28B43E440}><198FF3D8.dll>  []
    <{BA7EDF54-8408-4B21-B351-7B447B344BA4}><BA7EDF54.dll>  []
    <{2EF0D734-21FD-4225-A1A2-BCD296182AAF}><2EF0D734.dll>  []
    <{1FD51F1F-97E4-498C-AB12-93332EEAD266}><1FD51F1F.dll>  []
    <{E4814792-EFA3-4C20-93D0-8B130A59F9A8}><E4814792.dll>  []
    <{DFEC5CB7-E2AA-4B0A-BEB3-D140E59ED53A}><DFEC5CB7.dll>  []
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\<{12d0ed0d-0ee0-4f90-8827-78cefb8f4988}]
    <IE7 Uninstall Stub><C:\WINDOWS\system32\ieudinit.exe>  [(Verified)Microsoft Windows Component Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\>{26923b43-4d38-484f-9b9e-de460746276c}]
    <Internet Explorer><%systemroot%\system32\shmgrate.exe OCInstallUserConfigIE>  [File is missing]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\>{881dd1c5-3dcf-431b-b061-f3f88e8be88a}]
    <Outlook Express><%systemroot%\system32\shmgrate.exe OCInstallUserConfigOE>  [File is missing]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{2C7339CF-2B09-4501-B3F3-F3508C9228ED}]
    <Themes Setup><%SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll>  [File is missing]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{44BBA840-CC51-11CF-AAFA-00AA00B6015C}]
    <Microsoft Outlook Express 6><"%ProgramFiles%\Outlook Express\setup50.exe" /APP:OE /CALLER:WINNT /user /install>  [File is missing]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{44BBA842-CC51-11CF-AAFA-00AA00B6015B}]
    <NetMeeting 3.01><rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msnetmtg.inf,NetMtg.Install.PerUser.NT>  [(Verified)Microsoft Windows Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{5945c046-1e7d-11d1-bc44-00c04fd912be}]
    <Windows Messenger 4.7><rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msmsgs.inf,BLC.QuietInstall.PerUser>  [(Verified)Microsoft Windows Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{6BF52A52-394A-11d3-B153-00C04F79FAA6}]
    <Microsoft Windows Media Player><rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\wmp.inf,PerUserStub>  [(Verified)Microsoft Windows Component Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{7790769C-0471-11d2-AF11-00C04FA35D02}]
    <通讯簿 6><"%ProgramFiles%\Outlook Express\setup50.exe" /APP:WAB /CALLER:WINNT /user /install>  [File is missing]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\CCenter.exe]
    <IFEO[CCenter.exe]><svchost.exe>  [(Verified)Microsoft Windows Component Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\RavMon.exe]
    <IFEO[RavMon.exe]><svchost.exe>  [(Verified)Microsoft Windows Component Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\RavMonD.exe]
    <IFEO[RavMonD.exe]><svchost.exe>  [(Verified)Microsoft Windows Component Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\RavStub.exe]
    <IFEO[RavStub.exe]><svchost.exe>  [(Verified)Microsoft Windows Component Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\RavTask.exe]
    <IFEO[RavTask.exe]><svchost.exe>  [(Verified)Microsoft Windows Component Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\rfwmain.exe]
    <IFEO[rfwmain.exe]><svchost.exe>  [(Verified)Microsoft Windows Component Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\rfwsrv.exe]
    <IFEO[rfwsrv.exe]><svchost.exe>  [(Verified)Microsoft Windows Component Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\rfwstub.exe]
    <IFEO[rfwstub.exe]><svchost.exe>  [(Verified)Microsoft Windows Component Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\Thunder5.exe]
    <IFEO[Thunder5.exe]><svchost.exe>  [(Verified)Microsoft Windows Component Publisher]

==================================
启动文件夹
[QQ游戏启动加速程序]
  <C:\Documents and Settings\liuJ\「开始」菜单\程序\启动\QQ游戏启动加速程序.lnk --> C:\PROGRA~1\Tencent\QQGame\Accel.exe [深圳市腾讯计算机系统有限公司]><N>

==================================
服务
[##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## / Bonjour Service][Running/Auto Start]
  <"C:\Program Files\Bonjour\mDNSResponder.exe"><Apple Computer, Inc.>
[Contrl Center of Storm Media / ccosm][Running/Auto Start]
  <C:\Program Files\StormII\stormliv.exe /asservice><北京暴风网际科技有限公司>
[DCOM 服务器进程启动器 / DcomLaunch][Running/Auto Start]
  <C:\WINDOWS\system32\svchost -k DcomLaunch-->%SystemRoot%\system32\rpcss.dll><N/A>
[FLEXnet Licensing Service / FLEXnet Licensing Service][Stopped/Manual Start]
  <"C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe"><Macrovision Europe Ltd.>
[Human Interface Device Access / HidServ][Stopped/Disabled]
  <C:\WINDOWS\System32\svchost.exe -k netsvcs-->%SystemRoot%\System32\hidserv.dll><N/A>
[NVIDIA Display Driver Service / NVSvc][Running/Auto Start]
  <C:\WINDOWS\system32\nvsvc32.exe><NVIDIA Corporation>
[Rising Proxy  Service / RfwProxySrv][Running/Auto Start]
  <C:\Program Files\Rising\Rfw\rfwProxy.exe><Beijing Rising Information Technology Co., Ltd.>
[Rising Personal Firewall Service / RfwService][Stopped/Auto Start]
  <C:\Program Files\Rising\Rfw\rfwsrv.exe><Beijing Rising Information Technology Co., Ltd.>
[Remote Procedure Call (RPC) / RpcSs][Running/Auto Start]
  <C:\WINDOWS\system32\svchost -k rpcss-->c:\windows\system32\rpcss.dll><N/A>
[Rising Process Communication Center / RsCCenter][Stopped/Auto Start]
  <"C:\Program Files\Rising\Rav\CCenter.exe"><Beijing Rising Information Technology Co., Ltd.>
[Rising RealTime Monitor / RsRavMon][Stopped/Auto Start]
  <"C:\PROGRAM FILES\RISING\RAV\Ravmond.exe"><Beijing Rising Information Technology Co., Ltd.>
[Sony SPTI Service / SPTISRV][Stopped/Manual Start]
  <C:\PROGRA~1\COMMON~1\SONYSH~1\AVLib\Sptisrv.exe><Sony Corporation>
gototop
 
哪个拉螺丝
头像
初生襁褓狮
  • 帖子:26
  • 注册: 2006-11-11
  • 来自:
发表于: 2008-12-18 22:18 | 只看楼主 短消息 资料
字号: 3楼

回复:在线等,中了木马弹窗口,有个system.exe可疑文件,副日志0

==================================
驱动程序
[Service for Realtek AC97 Audio (WDM) / ALCXWDM][Running/Manual Start]
  <system32\drivers\ALCXWDM.SYS><Realtek Semiconductor Corp.>
[b770ca2 / b770ca2][Running/Manual Start]
  <\??\C:\WINDOWS\system32\b770ca2.sys><N/A>
[DLABOIOM / DLABOIOM][Running/Auto Start]
  <System32\DLA\DLABOIOM.SYS><Sonic Solutions>
[DLACDBHM / DLACDBHM][Running/System Start]
  <System32\Drivers\DLACDBHM.SYS><Sonic Solutions>
[DLADResN / DLADResN][Running/Auto Start]
  <System32\DLA\DLADResN.SYS><Sonic Solutions>
[DLAIFS_M / DLAIFS_M][Running/Auto Start]
  <System32\DLA\DLAIFS_M.SYS><Sonic Solutions>
[DLAOPIOM / DLAOPIOM][Running/Auto Start]
  <System32\DLA\DLAOPIOM.SYS><Sonic Solutions>
[DLAPoolM / DLAPoolM][Running/Auto Start]
  <System32\DLA\DLAPoolM.SYS><Sonic Solutions>
[DLARTL_N / DLARTL_N][Running/System Start]
  <System32\Drivers\DLARTL_N.SYS><Sonic Solutions>
[DLAUDFAM / DLAUDFAM][Running/Auto Start]
  <System32\DLA\DLAUDFAM.SYS><Sonic Solutions>
[DLAUDF_M / DLAUDF_M][Running/Auto Start]
  <System32\DLA\DLAUDF_M.SYS><Sonic Solutions>
[DRVMCDB / DRVMCDB][Running/Boot Start]
  <\SystemRoot\System32\Drivers\DRVMCDB.SYS><Sonic Solutions>
[DRVNDDM / DRVNDDM][Running/Auto Start]
  <System32\Drivers\DRVNDDM.SYS><Sonic Solutions>
[HookCont / HookCont][Running/System Start]
  <\SystemRoot\system32\drivers\HookCont.sys><Beijing Rising Information Technology Co., Ltd.>
[HookNtos / HookNtos][Running/System Start]
  <\SystemRoot\system32\drivers\HookNtos.sys><Beijing Rising Information Technology Co., Ltd.>
[HookReg / HookReg][Running/System Start]
  <\SystemRoot\system32\drivers\HookReg.sys><Beijing Rising Information Technology Co., Ltd.>
[HookSys / HookSys][Stopped/Disabled]
  <\SystemRoot\system32\drivers\HookSys.sys><Beijing Rising Information Technology Co., Ltd.>
[HookUrl / HookUrl][Running/Auto Start]
  <\??\C:\Program Files\Rising\Rfw\HookUrl.sys><Beijing Rising Information Technology Co., Ltd.>
[msiffei / msiffei][Stopped/Manual Start]
  <System32\Drivers\msiffei.sys><N/A>
[npkcrypt / npkcrypt][Stopped/Manual Start]
  <\??\C:\WINDOWS\system32\npkcrypt.sys><N/A>
[npkycryp / npkycryp][Stopped/Manual Start]
  <\??\C:\WINDOWS\system32\npkycryp.sys><N/A>
[nv / nv][Running/Manual Start]
  <system32\DRIVERS\nv4_mini.sys><NVIDIA Corporation>
[NVIDIA nForce Networking Controller Driver / NVENETFD][Running/Manual Start]
  <system32\DRIVERS\NVENETFD.sys><NVIDIA Corporation>
[NVIDIA Network Bus Enumerator / nvnetbus][Running/Manual Start]
  <system32\DRIVERS\nvnetbus.sys><NVIDIA Corporation>
[Direct Parallel Link Driver / Ptilink][Running/Manual Start]
  <system32\DRIVERS\ptilink.sys><Parallel Technologies, Inc.>
[PxHelp20 / PxHelp20][Running/Boot Start]
  <\SystemRoot\system32\Drivers\PxHelp20.sys><Sonic Solutions>
[Rising  Rfwbase Driver / RfwBase][Running/Auto Start]
  <System32\DRIVERS\rfwbase.SYS><Beijing Rising Information Technology Co., Ltd.>
[RsFwDrv / RsFwDrv][Running/System Start]
  <\??\C:\Program Files\Rising\Rfw\RsFwDrv.sys><Beijing Rising Information Technology Co., Ltd.>
[RsNTGDI / RsNTGDI][Running/Boot Start]
  <\SystemRoot\system32\Drivers\RsNTGdi.sys><Beijing Rising Information Technology Co., Ltd.>
[Secdrv / Secdrv][Stopped/Manual Start]
  <system32\DRIVERS\secdrv.sys><Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.>
[sptd / sptd][Running/Boot Start]
  <\SystemRoot\System32\Drivers\sptd.sys><N/A>
[wmpobj / wmpobj][Running/Auto Start]
  <\??\C:\Documents and Settings\All Users\Application Data\Microsoft\Media Player\obj\wmpobj.sys><N/A>

==================================
浏览器加载项
[ThunderAtOnce Class]
  {01443AEC-0FD1-40fd-9C87-E93D1494C233} <C:\Program Files\Thunder Network\Thunder\ComDlls\TDAtOnce_Now.dll, (Signed) Thunder Networking Technologies,LTD>
[Adobe PDF Reader Link Helper]
  {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} <C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll, (Signed) Adobe Systems Incorporated>
[CAdLogic Object]
  {11F09AFD-75AD-4E51-AB43-E09E9351CE16} <C:\Program Files\Common Files\PushWare\cpush.dll, >
[FG2CatchUrl]
  {1F364306-AA45-47B5-9F9D-39A8B94E7EF1} <C:\Program Files\FlashGet Network\Flashget\ComDlls\bhoCATCH.dll, (Signed) FlashGet>
[DriveLetterAccess]
  {5CA3D70E-1895-11CF-8E15-001234567890} <C:\WINDOWS\System32\DLA\DLASHX_W.DLL, Sonic Solutions>
[]
  {72C7B634-DEB3-48BD-90C1-6BBBFE171C75} <, >
[Thunder Browser Helper]
  {889D2FEB-5411-4565-8998-1DD2C5261283} <C:\Program Files\Thunder Network\Thunder\ComDlls\xunleiBHO_Now.dll, (Signed) Thunder Networking Technologies,LTD>
[JavaSunSurf Class]
  {AAB6C1A0-F3A4-4DAC-A922-F82E601E73A8} <C:\Documents and Settings\All Users\Application Data\Microsoft\OFFICE\USERDATA\webbrowser_2263.dll, >
[启动迅雷5]
  {09BA8F6D-CB54-424B-839C-C2A6C8E6B436} <C:\Program Files\Thunder Network\Thunder\Thunder.exe, Thunder Networking Technologies,LTD>
[浩方对战平台]
  {0A155D3C-68E2-4215-A47A-E800A446447A} <, >
[信息检索(&R)]
  {92780B25-18CC-41C8-B9BE-3C9C571A8263} <C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL, (Signed) Microsoft Corporation>
[]
  {e2e2dd38-d088-4134-82b7-f2ba38496583} <%windir%\Network Diagnostic\xpnetdiag.exe, (Signed) N/A>
[Messenger]
  {FB5F1910-F110-11d2-BB9E-00C04F795683} <C:\Program Files\Messenger\msmsgs.exe, (Signed) Microsoft Corporation>
[PowerPlayer Control]
  {5EC7C511-CD0F-42E6-830C-1BD9882F3458} <C:\PROGRA~1\PPStream\POWERP~1.DLL, (Signed) PPStream Inc.>
[ChatCommControl Control]
  {688C15EE-9C38-471D-9E46-BB842E30246F} <C:\WINDOWS\DOWNLO~1\NaraChat.ocx, NaraSoft>
[DLoader Class]
  {78ABDC59-D8E7-44D3-9A76-9A0918C52B4A} <C:\WINDOWS\Downloaded Program Files\downloader.dll, Sina Com>
[SLViewer Control]
  {8EEB54D5-CC70-40E4-B015-AC478C02ECC8} <C:\WINDOWS\system32\SLViewer.ocx, DideoNET Co., Ltd.>
[KooPlayer Control]
  {C728DAB8-FDF5-4CD7-89DD-879D25794C77} <C:\WINDOWS\DOWNLO~1\CCTVKO~1.OCX, (Signed) CCTV.COM>
[Shockwave Flash Object]
  {D27CDB6E-AE6D-11CF-96B8-444553540000} <C:\WINDOWS\system32\Macromed\Flash\Flash9f.ocx, (Signed) Adobe Systems, Inc.>
[]
  {00EF2092-6AC5-47C0-BD25-CF2D5D657FEB} <, >
[ThunderAtOnce Class]
  {01443AEC-0FD1-40FD-9C87-E93D1494C233} <C:\Program Files\Thunder Network\Thunder\ComDlls\TDAtOnce_Now.dll, (Signed) Thunder Networking Technologies,LTD>
[MMCPlayer Class]
  {05C1004E-2596-48E5-8E26-39362985EEB9} <C:\Program Files\sohutv_web\MMCShell.dll, (Signed) Sohu.com Inc.>
[Adobe PDF Reader Link Helper]
  {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} <C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll, (Signed) Adobe Systems Incorporated>
[ULiveCtrl Control]
  {070CA17A-4BD2-4612-83B4-32B1B9159B48} <C:\PROGRA~1\sina\SINAWE~1\301~1.6BE\UCLIVE~1.OCX, 北京新浪信息技术有限公司>
[]
  {09BA8F6D-CB54-424B-839C-C2A6C8E6B436} <, >
[]
  {0A155D3C-68E2-4215-A47A-E800A446447A} <, >
[GerneralPeerID Class]
  {0A47E819-F82E-4D5D-B806-6A9EA94D68CD} <C:\Program Files\Thunder Network\Thunder\Components\InMedia\peerid.dll, >
[CAdLogic Object]
  {11F09AFD-75AD-4E51-AB43-E09E9351CE16} <C:\Program Files\Common Files\PushWare\cpush.dll, >
[Fade]
  {16B280C5-EE70-11D1-9066-00C04FD9189D} <C:\WINDOWS\system32\Dxtmsft.dll, (Signed) Microsoft Corporation>
[]
  {174DF291-FC74-4B8F-AFF9-A1617956ACDF} <, >
[EWA Control]
  {18226BF8-DC0B-4D81-80E9-A41AE37BB73A} <C:\PROGRA~1\COMMON~1\Synacast\SynaLive\SYNACA~1.OCX, (Signed) Synacast>
[FG2CatchUrl]
  {1F364306-AA45-47B5-9F9D-39A8B94E7EF1} <C:\Program Files\FlashGet Network\Flashget\ComDlls\bhoCATCH.dll, (Signed) FlashGet>
[Windows Media Player]
  {22D6F312-B0F6-11D0-94AB-0080C74C7E95} <C:\WINDOWS\system32\wmpdxm.dll, (Signed) Microsoft Corporation>
[]
  {2318C2B1-4965-11D4-9B18-009027A5CD4F} <, >
[XML DOM Document]
  {2933BF90-7B36-11D2-B20E-00C04F983E60} <%SystemRoot%\system32\msxml3.dll, (Signed) N/A>
[]
  {2CACD7BB-1C59-4BBB-8E81-6E83F82C813B} <, >
[DHTML Edit Control Safe for Scripting for IE5]
  {2D360201-FFF5-11D1-8D03-00A0C959BC0A} <C:\Program Files\Common Files\Microsoft Shared\Triedit\dhtmled.ocx, (Signed) Microsoft Corporation>
[]
  {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} <, >
[]
  {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} <, >
[HtmlDlgSafeHelper Class]
  {3050F819-98B5-11CF-BB82-00AA00BDCE0B} <C:\WINDOWS\system32\mshtmled.dll, (Signed) Microsoft Corporation>
[Zyzzyva]
  {30FA9641-9CFE-4D71-A3AA-DF8B6FA02FCC} <, >
[IETag Factory]
  {38481807-CA0E-42D2-BF39-B33AF135CC4D} <C:\PROGRA~1\COMMON~1\MICROS~1\SMARTT~1\IETAG.DLL, (Signed) Microsoft Corporation>
[HHCtrl Object]
  {41B23C28-488E-4E5C-ACE2-BB0BBABE99E8} <C:\WINDOWS\system32\hhctrl.ocx, (Signed) Microsoft Corporation>
[Microsoft Office Control]
  {4453D895-F2A1-4A38-A285-1EF9BD3F6D5D} <C:\PROGRA~1\MICROS~3\OFFICE11\AUTHZAX.DLL, (Signed) Microsoft Corporation>
[XML Document]
  {48123BC4-99D9-11D1-A6B3-00C04FD91555} <%SystemRoot%\system32\msxml3.dll, (Signed) N/A>
[Thunder Agent Class]
  {485463B7-8FB2-4B3B-B29B-8B919B0EACCE} <C:\Program Files\Thunder Network\Thunder\ComDlls\ThunderAgent_Now.dll, (Signed) Thunder Networking Technologies,LTD>
[IE2EMUrlTaker Class]
  {48618374-565F-4CA0-B8CD-6F496C997FAF} <E:\eMule\IE2EM.dll, (Signed) VeryCD.com>
[Microsoft Terminal Services Client Control (redist)]
  {4eb89ff4-7f78-4a0f-8b8d-2bf02e94e4b2} <%systemroot%\system32\mstscax.dll, (Signed) N/A>
[Microsoft Terminal Services Client Control (redist)]
  {4EDCB26C-D24C-4e72-AF07-B576699AC0DE} <%systemroot%\system32\mstscax.dll, (Signed) N/A>
[HHCtrl Object]
  {52A2AAAE-085D-4187-97EA-8C30DB990436} <C:\WINDOWS\system32\hhctrl.ocx, (Signed) Microsoft Corporation>
[Shell Name Space]
  {55136805-B2DE-11D1-B9F2-00A0C98BC547} <C:\WINDOWS\system32\ieframe.dll, (Signed) Microsoft Corporation>
[DriveLetterAccess]
  {5CA3D70E-1895-11CF-8E15-001234567890} <C:\WINDOWS\System32\DLA\DLASHX_W.DLL, Sonic Solutions>
[PowerPlayer Control]
  {5EC7C511-CD0F-42E6-830C-1BD9882F3458} <C:\PROGRA~1\PPStream\POWERP~1.DLL, (Signed) PPStream Inc.>
[XMP Class]
  {6483F145-A768-4C41-AACC-52D4D7845851} <C:\Documents and Settings\All Users\Application Data\Thunder Network\KanKan\xplayer.dll_1_work, Xunlei Networking Technologies,LTD>
[ChatCommControl Control]
  {688C15EE-9C38-471D-9E46-BB842E30246F} <C:\WINDOWS\DOWNLO~1\NaraChat.ocx, NaraSoft>
[XDRM]
  {693571CB-54A3-4E90-9D52-EEAE1334E2D3} <C:\Documents and Settings\All Users\Application Data\Thunder Network\KanKan\xdrm.dll_1_work, >
[StormPlayer Object]
  {6BE52E1D-E586-474F-A6E2-1A85A9B4D9FB} <C:\Program Files\StormII\mps.dll, (Signed) 北京暴风网际科技有限公司>
[Windows Media Player]
  {6BF52A52-394A-11D3-B153-00C04F79FAA6} <C:\WINDOWS\system32\wmp.dll, (Signed) Microsoft Corporation>
[]
  {72C7B634-DEB3-48BD-90C1-6BBBFE171C75} <, >
[Microsoft Terminal Services Client Control (redist)]
  {7390f3d8-0439-4c05-91e3-cf5cb290c3d0} <%systemroot%\system32\mstscax.dll, (Signed) N/A>
[WBEM Scripting Sink]
  {75718C9A-F029-11D1-A1AC-00C04FB6C223} <C:\WINDOWS\system32\wbem\wbemdisp.dll, (Signed) Microsoft Corporation>
[Microsoft Terminal Services Client Control (redist)]
  {7584c670-2274-4efb-b00b-d6aaba6d3850} <%systemroot%\system32\mstscax.dll, (Signed) N/A>
[MediaComm Class]
  {7670648D-461B-42AF-BDFE-46D26AF5EFF2} <C:\Program Files\Thunder Network\Thunder\Components\InMedia\MediaAddin18.dll, (Signed) Thunder Networking Technologies,LTD>
[WBEM Scripting Locator]
  {76A64158-CB41-11D1-8B02-00600806D9B6} <C:\WINDOWS\system32\wbem\wbemdisp.dll, (Signed) Microsoft Corporation>
[DLoader Class]
  {78ABDC59-D8E7-44D3-9A76-9A0918C52B4A} <C:\WINDOWS\Downloaded Program Files\downloader.dll, Sina Com>
[Peer Adapter]
  {80E18282-3716-48CA-B50C-F7B7F6A32791} <, >
[Microsoft Web Browser]
  {8856F961-340A-11D0-A96B-00C04FD705A2} <C:\WINDOWS\system32\ieframe.dll, (Signed) Microsoft Corporation>
[Thunder Browser Helper]
  {889D2FEB-5411-4565-8998-1DD2C5261283} <C:\Program Files\Thunder Network\Thunder\ComDlls\xunleiBHO_Now.dll, (Signed) Thunder Networking Technologies,LTD>
[XML DOM 文档 5.0]
  {88D969E5-F192-11D4-A65F-0040963251E5} <C:\Program Files\Common Files\Microsoft Shared\OFFICE11\MSXML5.DLL, Microsoft Corporation>
[XML HTTP 5.0]
  {88D969EA-F192-11D4-A65F-0040963251E5} <C:\Program Files\Common Files\Microsoft Shared\OFFICE11\MSXML5.DLL, Microsoft Corporation>
[XML DOM Document 6.0]
  {88D96A05-F192-11D4-A65F-0040963251E5} <C:\WINDOWS\system32\msxml6.dll, (Signed) Microsoft Corporation>
[Free Threaded XML DOM Document 6.0]
  {88D96A06-F192-11D4-A65F-0040963251E5} <C:\WINDOWS\system32\msxml6.dll, (Signed) Microsoft Corporation>
[XSL Template 6.0]
  {88D96A08-F192-11D4-A65F-0040963251E5} <C:\WINDOWS\system32\msxml6.dll, (Signed) Microsoft Corporation>
[XML HTTP 6.0]
  {88D96A0A-F192-11D4-A65F-0040963251E5} <C:\WINDOWS\system32\msxml6.dll, (Signed) Microsoft Corporation>
[SLViewer Control]
  {8EEB54D5-CC70-40E4-B015-AC478C02ECC8} <C:\WINDOWS\system32\SLViewer.ocx, DideoNET Co., Ltd.>
[Microsoft Terminal Services Client Control (redist)]
  {9059f30f-4eb1-4bd2-9fdc-36f43a218f4a} <%systemroot%\system32\mstscax.dll, (Signed) N/A>
[]
  {92780B25-18CC-41C8-B9BE-3C9C571A8263} <, >
[RMGetLicense Class]
  {A9FC132B-096D-460B-B7D5-1DB0FAE0C062} <C:\WINDOWS\system32\msnetobj.dll, (Signed) Microsoft Corporation>
[]
  {AA58ED58-01DD-4D91-8333-CF10577473F7} <, >
[JavaSunSurf Class]
  {AAB6C1A0-F3A4-4DAC-A922-F82E601E73A8} <C:\Documents and Settings\All Users\Application Data\Microsoft\OFFICE\USERDATA\webbrowser_2263.dll, >
[DapCtrl Class]
  {ACACC6EB-1FBA-4E13-A729-53AEB2DF54F8} <C:\Program Files\Common Files\Thunder Network\KanKan\DapCtrl.2.1.5805.77.(227).dll, ShenZhen Thunder Networking Technologies Ltd.>
[]
  {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} <, >
[SearchAssistantOC]
  {B45FF030-4447-11D2-85DE-00C04FA35C89} <%SystemRoot%\system32\shdocvw.dll, (Signed) N/A>
[Messenger Object]
  {B69003B3-C55E-4B48-836C-BC5946FC3B28} <C:\Program Files\Messenger\msgsc.dll, (Signed) Microsoft Corporation>
[KooPlayer Control]
  {C728DAB8-FDF5-4CD7-89DD-879D25794C77} <C:\WINDOWS\DOWNLO~1\CCTVKO~1.OCX, (Signed) CCTV.COM>
[QQPlayerCtrl Class]
  {CD108273-D434-43E6-AA90-1469F97EB398} <C:\Program Files\Tencent\QQ\QzoneMusic.dll, (Signed) 深圳腾讯科技>
[AUDIO__MP3 Moniker Class]
  {CD3AFA76-B84F-48F0-9393-7EDC34128127} <C:\WINDOWS\system32\wmp.dll, (Signed) Microsoft Corporation>
[VIDEO__X_MS_ASF Moniker Class]
  {CD3AFA8F-B84F-48F0-9393-7EDC34128127} <C:\WINDOWS\system32\wmp.dll, (Signed) Microsoft Corporation>
[VIDEO__X_MS_WMV Moniker Class]
  {CD3AFA94-B84F-48F0-9393-7EDC34128127} <C:\WINDOWS\system32\wmp.dll, (Signed) Microsoft Corporation>
[RealPlayer G2 Control]
  {CFCDAA03-8BE4-11CF-B84B-0020AFBBCCFA} <C:\WINDOWS\system32\rmoc3260.dll, (Signed) RealNetworks, Inc.>
[Shockwave Flash Object]
  {D27CDB6E-AE6D-11CF-96B8-444553540000} <C:\WINDOWS\system32\Macromed\Flash\Flash9f.ocx, (Signed) Adobe Systems, Inc.>
[Microsoft Agent Control 2.0]
  {D45FD31B-5C6E-11D1-9EC1-00C04FD7081F} <C:\WINDOWS\msagent\agentctl.dll, (Signed) Microsoft Corporation>
[Microsoft Silverlight]
  {DFEAF541-F3E1-4C24-ACAC-99C30715084A} <C:\Program Files\Microsoft Silverlight\2.0.31005.0\npctrl.dll, (Signed)  Microsoft Corporation>
[PlayerCtrl Class]
  {E05BC2A3-9A46-4A32-80C9-023A473F5B23} <C:\Program Files\Tencent\QQ\QzoneMusic.dll, (Signed) 深圳腾讯科技>
[]
  {E2E2DD38-D088-4134-82B7-F2BA38496583} <, >
[PasswordEditCtrl Class]
  {E787FD25-8D7C-4693-AE67-9406BC6E22DF} <C:\WINDOWS\system32\qqedit\qqedit.dll, (Signed) 腾讯科技(深圳)有限公司>
[]
  {EAB7A1CC-C77B-45E5-9AC2-AD037D047BCC} <, >
[TimwpDll.TimwpCheck]
  {ED4CA2E5-0EEA-44C1-AD7E-74A07A7507A4} <C:\PROGRA~1\Tencent\QQ\Timwp.dll, (Signed) TENCENT>
[XML HTTP Request]
  {ED8C108E-4349-11D2-91A4-00C04F7969E8} <%SystemRoot%\system32\msxml3.dll, (Signed) N/A>
[Thunder DapPlayer]
  {EEDD6FF9-13DE-496B-9A1C-D78B3215E266} <C:\Program Files\Thunder Network\Thunder\Components\DownAndPlay\DapPlayer3.0.5712.71.663.dll, ShenZhen Thunder Networking Technologies Ltd.>
[PPLive Lite Class]
  {EF0D1A14-1033-41A2-A589-240C01EDC078} <C:\Program Files\PPLive\Plugin\pplugin.dll, (Signed) >
[Snapshot Viewer Control 11.0]
  {F0E42D50-368C-11D0-AD81-00A0C90DC8D9} <C:\Program Files\Common Files\Microsoft Shared\Snapshot Viewer\SNAPVIEW.OCX, (Signed) Microsoft Corporation>
[XPPlayer Class]
  {F3E70CEA-956E-49CC-B444-73AFE593AD7F} <C:\Program Files\Common Files\Thunder Network\KanKan\PPlayer.2.1.5853.212.(227).dll, Xunlei Networking Technologies,LTD>
[XML DOM Document 3.0]
  {F5078F32-C551-11D3-89B9-0000F81FE221} <%SystemRoot%\system32\msxml3.dll, (Signed) N/A>
[Free Threaded XML DOM Document 3.0]
  {F5078F33-C551-11D3-89B9-0000F81FE221} <%SystemRoot%\system32\msxml3.dll, (Signed) N/A>
[XML HTTP 3.0]
  {F5078F35-C551-11D3-89B9-0000F81FE221} <%SystemRoot%\system32\msxml3.dll, (Signed) N/A>
[XSL Template 3.0]
  {F5078F36-C551-11D3-89B9-0000F81FE221} <%SystemRoot%\system32\msxml3.dll, (Signed) N/A>
[XML DOM Document]
  {F6D90F11-9C73-11D3-B32E-00C04F990BB4} <%SystemRoot%\system32\msxml3.dll, (Signed) N/A>
[XML HTTP]
  {F6D90F16-9C73-11D3-B32E-00C04F990BB4} <%SystemRoot%\system32\msxml3.dll, (Signed) N/A>
[FG2CatchUrl]
  {FB5DA724-162B-11D3-8B9B-AA70B4B0B525} <C:\Program Files\FlashGet Network\Flashget\ComDlls\bhoCATCH.dll, (Signed) FlashGet>
[]
  {FB5F1910-F110-11D2-BB9E-00C04F795683} <, >
[Messenger Application]
  {FB7199AB-79BF-11D2-8D94-0000F875C541} <C:\Program Files\Messenger\msgsc.dll, (Signed) Microsoft Corporation>
[IERPCtl Class]
  {FDC7A535-4070-4B92-A0EA-D9994BCC0DC5} <C:\Program Files\Real\RealPlayer\rpplugins\ierpplug.dll, (Signed) RealNetworks, Inc.>
[&U使用纳米机器人下载并收藏]
  <C:\Program Files\NamiRobot\Data\du.html, N/A>
[Foxy 下载]
  <res://C:\Program Files\Foxy 2\Foxy.exe/download.htm, N/A>
[Foxy 搜索]
  <res://C:\Program Files\Foxy 2\Foxy.exe/search.htm, N/A>
[使用快车(Flas&hGet)下载]
  <C:\Program Files\FlashGet Network\Flashget\ComDlls\Bholink.htm, N/A>
[使用快车(Flash&Get)下载全部链接]
  <C:\Program Files\FlashGet Network\Flashget\ComDlls\Bhoall.htm, N/A>
[使用迅雷下载]
  <C:\Program Files\Thunder Network\Thunder\Program\geturl.htm, N/A>
[使用迅雷下载全部链接]
  <C:\Program Files\Thunder Network\Thunder\Program\getallurl.htm, N/A>
[导出到 Microsoft Office Excel(&X)]
  <res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000, N/A>
[添加到QQ表情]
  <C:\Program Files\Tencent\QQ\AddEmotion.htm, N/A>
gototop
 
哪个拉螺丝
头像
初生襁褓狮
  • 帖子:26
  • 注册: 2006-11-11
  • 来自:
发表于: 2008-12-18 22:19 | 只看楼主 短消息 资料
字号: 4楼

回复:在线等,中了木马弹窗口,有个system.exe可疑文件,副日志0

==================================
正在运行的进程
[PID: 612 / SYSTEM][\SystemRoot\System32\smss.exe]  [Microsoft Corporation, 5.1.2600.5512 (xpsp.080413-2111)]
[PID: 668 / SYSTEM][\??\C:\WINDOWS\system32\csrss.exe]  [Microsoft Corporation, 5.1.2600.5512 (xpsp.080413-2111)]
    [C:\WINDOWS\system32\csrss.dll]  [N/A, ]
    [C:\WINDOWS\system32\sh05014.dll]  [N/A, ]
    [C:\WINDOWS\system32\Normaliz.dll]  [Microsoft Corporation, 6.0.5441.0 (winmain(wmbla).060628-1735)]
    [C:\WINDOWS\system32\iertutil.dll]  [Microsoft Corporation, 7.00.6000.16705 (vista_gdr.080618-1506)]
    [C:\WINDOWS\system32\sh09015.dll]  [N/A, ]
    [C:\WINDOWS\system32\sh14027.dll]  [N/A, ]
    [C:\WINDOWS\system32\sh17043.dll]  [N/A, ]
    [C:\WINDOWS\system32\sh18041.dll]  [N/A, ]
    [C:\WINDOWS\system32\sh19026.dll]  [N/A, ]
    [C:\WINDOWS\system32\sh27013.dll]  [N/A, ]
[PID: 692 / SYSTEM][\??\C:\WINDOWS\system32\winlogon.exe]  [Microsoft Corporation, 5.1.2600.5512 (xpsp.080413-2113)]
    [C:\WINDOWS\system32\HBTL.dll]  [N/A, ]
    [C:\WINDOWS\system32\HBmhly.dll]  [N/A, ]
    [C:\WINDOWS\system32\HBASKTAO.dll]  [N/A, ]
    [C:\WINDOWS\system32\Normaliz.dll]  [Microsoft Corporation, 6.0.5441.0 (winmain(wmbla).060628-1735)]
    [C:\WINDOWS\system32\iertutil.dll]  [Microsoft Corporation, 7.00.6000.16705 (vista_gdr.080618-1506)]
    [C:\WINDOWS\system32\HBXMJ.dll]  [N/A, ]
    [C:\WINDOWS\system32\HBWOW.dll]  [N/A, ]
    [C:\WINDOWS\system32\HBLYFX.dll]  [N/A, ]
    [C:\WINDOWS\system32\msacm32.drv]  [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)]
    [C:\WINDOWS\system32\aliv64.dll]  [N/A, ]
[PID: 740 / SYSTEM][C:\WINDOWS\system32\services.exe]  [Microsoft Corporation, 5.1.2600.5512 (xpsp.080413-2111)]
    [C:\WINDOWS\AppPatch\AcAdProc.dll]  [Microsoft Corporation, 5.1.2600.5512 (xpsp.080413-2105)]
[PID: 752 / SYSTEM][C:\WINDOWS\system32\lsass.exe]  [Microsoft Corporation, 5.1.2600.5512 (xpsp.080413-2113)]
[PID: 936 / SYSTEM][C:\WINDOWS\system32\svchost.exe]  [Microsoft Corporation, 5.1.2600.5512 (xpsp.080413-2111)]
    [c:\windows\system32\rpcss.dll]  [N/A, ]
    [C:\WINDOWS\system32\spcss.dll]  [Microsoft Corporation, 5.1.2600.5512 (xpsp.080413-2108)]
    [C:\WINDOWS\system32\aliv64.dll]  [N/A, ]
    [C:\WINDOWS\system32\Normaliz.dll]  [Microsoft Corporation, 6.0.5441.0 (winmain(wmbla).060628-1735)]
    [C:\WINDOWS\system32\iertutil.dll]  [Microsoft Corporation, 7.00.6000.16705 (vista_gdr.080618-1506)]
    [C:\Program Files\Bonjour\mdnsNSP.dll]  [Apple Computer, Inc., 1,0,3,1]
    [C:\WINDOWS\system32\DFEC5CB7.dll]  [N/A, ]
    [C:\WINDOWS\system32\2EF0D734.dll]  [N/A, ]
    [C:\WINDOWS\system32\56BC86C7.dll]  [N/A, ]
    [C:\WINDOWS\system32\A1A6BC2E.dll]  [N/A, ]
    [C:\WINDOWS\system32\16AF66EB.dll]  [N/A, ]
    [C:\WINDOWS\system32\122B901E.dll]  [N/A, ]
    [C:\WINDOWS\system32\DFB3DAC5.dll]  [N/A, ]
    [C:\WINDOWS\system32\E783C505.dll]  [N/A, ]
    [C:\WINDOWS\system32\08223B03.dll]  [N/A, ]
[PID: 1000 / SYSTEM][C:\WINDOWS\system32\svchost.exe]  [Microsoft Corporation, 5.1.2600.5512 (xpsp.080413-2111)]
    [c:\windows\system32\rpcss.dll]  [N/A, ]
    [C:\WINDOWS\system32\spcss.dll]  [Microsoft Corporation, 5.1.2600.5512 (xpsp.080413-2108)]
    [C:\Program Files\Bonjour\mdnsNSP.dll]  [Apple Computer, Inc., 1,0,3,1]
[PID: 1108 / SYSTEM][C:\WINDOWS\System32\svchost.exe]  [Microsoft Corporation, 5.1.2600.5512 (xpsp.080413-2111)]
    [C:\WINDOWS\system32\Normaliz.dll]  [Microsoft Corporation, 6.0.5441.0 (winmain(wmbla).060628-1735)]
    [C:\WINDOWS\system32\iertutil.dll]  [Microsoft Corporation, 7.00.6000.16705 (vista_gdr.080618-1506)]
    [C:\WINDOWS\system32\wups2.dll]  [Microsoft Corporation, 7.2.6001.788 (winmain_oob/wu_wsuswlc(wmbla).081016-1330)]
    [C:\Program Files\Bonjour\mdnsNSP.dll]  [Apple Computer, Inc., 1,0,3,1]
[PID: 1252 / NETWORK SERVICE][C:\WINDOWS\system32\svchost.exe]  [Microsoft Corporation, 5.1.2600.5512 (xpsp.080413-2111)]
[PID: 1284 / LOCAL SERVICE][C:\WINDOWS\system32\svchost.exe]  [Microsoft Corporation, 5.1.2600.5512 (xpsp.080413-2111)]
    [C:\WINDOWS\system32\Normaliz.dll]  [Microsoft Corporation, 6.0.5441.0 (winmain(wmbla).060628-1735)]
    [C:\WINDOWS\system32\iertutil.dll]  [Microsoft Corporation, 7.00.6000.16705 (vista_gdr.080618-1506)]
[PID: 1360 / SYSTEM][C:\Program Files\Rising\Rfw\rfwProxy.exe]  [Beijing Rising Information Technology Co., Ltd., 7.0.0.38]
    [C:\WINDOWS\system32\MFC71.DLL]  [Microsoft Corporation, 7.10.3077.0]
    [C:\WINDOWS\system32\MSVCR71.dll]  [Microsoft Corporation, 7.10.3052.4]
    [C:\WINDOWS\system32\HBTL.dll]  [N/A, ]
    [C:\WINDOWS\system32\HBmhly.dll]  [N/A, ]
    [C:\WINDOWS\system32\HBASKTAO.dll]  [N/A, ]
    [C:\WINDOWS\system32\Normaliz.dll]  [Microsoft Corporation, 6.0.5441.0 (winmain(wmbla).060628-1735)]
    [C:\WINDOWS\system32\iertutil.dll]  [Microsoft Corporation, 7.00.6000.16705 (vista_gdr.080618-1506)]
    [C:\WINDOWS\system32\HBXMJ.dll]  [N/A, ]
    [C:\WINDOWS\system32\HBWOW.dll]  [N/A, ]
    [C:\WINDOWS\system32\HBLYFX.dll]  [N/A, ]
    [C:\Program Files\Rising\Rfw\ProcCom.dll]  [Beijing Rising Information Technology Co., Ltd., 20, 0, 0, 20]
    [C:\Program Files\Rising\Rfw\RsCommX2.dll]  [Beijing Rising Information Technology Co., Ltd., 20, 0, 0, 20]
    [C:\Program Files\Rising\Rfw\RfwRule.dll]  [Beijing Rising Information Technology Co., Ltd., 7.0.0.17]
    [C:\Program Files\Rising\Rfw\urlrule.dll]  [Beijing Rising Information Technology Co., Ltd., 1.0.0.15]
    [C:\Program Files\Rising\Rfw\MonMid.dll]  [Beijing Rising Information Technology Co., Ltd., 7.0.0.6]
[PID: 1664 / liuJ][C:\WINDOWS\explorer.exe]  [Microsoft Corporation, 6.00.2900.5512 (xpsp.080413-2105)]
    [C:\WINDOWS\system32\Normaliz.dll]  [Microsoft Corporation, 6.0.5441.0 (winmain(wmbla).060628-1735)]
    [C:\WINDOWS\system32\iertutil.dll]  [Microsoft Corporation, 7.00.6000.16705 (vista_gdr.080618-1506)]
    [C:\WINDOWS\system32\HBTL.dll]  [N/A, ]
    [C:\WINDOWS\system32\HBmhly.dll]  [N/A, ]
    [C:\WINDOWS\system32\HBASKTAO.dll]  [N/A, ]
    [C:\WINDOWS\system32\HBXMJ.dll]  [N/A, ]
    [C:\WINDOWS\system32\HBWOW.dll]  [N/A, ]
    [C:\WINDOWS\system32\HBLYFX.dll]  [N/A, ]
    [C:\WINDOWS\system32\ieframe.dll]  [Microsoft Corporation, 7.00.6000.16705 (vista_gdr.080618-1506)]
    [C:\WINDOWS\system32\RavExt.dll]  [Beijing Rising Information Technology Co., Ltd., 20.0.0.18]
    [C:\WINDOWS\system32\F65BDEC7.dll]  [N/A, ]
    [C:\WINDOWS\system32\sslsocket.dll]  [, 3, 6, 6, 0]
    [C:\WINDOWS\system32\E0D39066.dll]  [N/A, ]
    [C:\WINDOWS\system32\9CA963CA.dll]  [N/A, ]
    [C:\WINDOWS\system32\E783C505.dll]  [N/A, ]
    [C:\WINDOWS\system32\08223B03.dll]  [N/A, ]
    [C:\WINDOWS\system32\DFB3DAC5.dll]  [N/A, ]
    [C:\WINDOWS\system32\E1384213.dll]  [N/A, ]
    [C:\WINDOWS\system32\122B901E.dll]  [N/A, ]
    [C:\WINDOWS\system32\16AF66EB.dll]  [N/A, ]
    [C:\WINDOWS\system32\A1A6BC2E.dll]  [N/A, ]
    [C:\WINDOWS\system32\56BC86C7.dll]  [N/A, ]
    [C:\WINDOWS\system32\198FF3D8.dll]  [N/A, ]
    [C:\WINDOWS\system32\BA7EDF54.dll]  [N/A, ]
    [C:\WINDOWS\system32\2EF0D734.dll]  [N/A, ]
    [C:\WINDOWS\system32\1FD51F1F.dll]  [N/A, ]
    [C:\WINDOWS\system32\E4814792.dll]  [N/A, ]
    [C:\WINDOWS\system32\DFEC5CB7.dll]  [N/A, ]
    [C:\Program Files\WinRAR\rarext.dll]  [N/A, ]
    [C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\PDFShell.dll]  [Adobe Systems, Inc., 8.1.0.0]
    [C:\WINDOWS\system32\msacm32.drv]  [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)]
    [C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\PDFShell.CHS]  [Adobe Systems, Inc., 8.0.0.0]
    [C:\WINDOWS\system32\nvcpl.dll]  [NVIDIA Corporation, 6.14.11.7516]
    [C:\WINDOWS\system32\NVRSZHC.DLL]  [NVIDIA Corporation, 6.14.11.7516]
    [C:\WINDOWS\system32\nvapi.dll]  [NVIDIA Corporation, 6.14.11.7516]
    [C:\WINDOWS\system32\nvshell.dll]  [, ]
    [C:\Program Files\Rising\Rav\RSCOMMON.DLL]  [Beijing Rising Information Technology Co., Ltd., 20, 0, 0, 17]
    [C:\Program Files\NamiRobot\Data\NamipanExt1.dll]  [N/A, ]
    [C:\WINDOWS\system32\MSVCR71.dll]  [Microsoft Corporation, 7.10.3052.4]
    [C:\Documents and Settings\liuJ\Application Data\Foxy\LinkMaker.dll]  [, 2, 0, 0, 0]
    [C:\WINDOWS\system32\aliv64.dll]  [N/A, ]
    [C:\Program Files\Thunder Network\Thunder\ComDlls\TDAtOnce_Now.dll]  [Thunder Networking Technologies,LTD, 1.0.5.29]
    [C:\Program Files\Thunder Network\Thunder\ComDlls\xunleiBHO_Now.dll]  [Thunder Networking Technologies,LTD, 5, 0, 8, 96]
    [C:\Program Files\Thunder Network\Thunder\Components\ResWorker\DsBho_00.dll]  [Thunder Networking Technologies,LTD, 1, 0, 0, 20]
    [C:\Program Files\Thunder Network\Thunder\Components\ResWorker\DataProcessor_00.dll]  [Thunder Networking Technologies,LTD, 1, 0, 0, 16]
    [C:\WINDOWS\system32\msdmo.dll]  [, ]
    [C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll]  [Adobe Systems Incorporated, 8.0.0.2006102200]
    [C:\WINDOWS\System32\DLA\DLASHX_W.DLL]  [Sonic Solutions, 5.20.34a]
    [C:\WINDOWS\system32\DLAAPI_W.DLL]  [Sonic Solutions, 5.20.34a]
    [C:\WINDOWS\System32\DLA\DLACResW.dll]  [Sonic Solutions, 5.20.34a]
    [C:\Program Files\Microsoft Office\OFFICE11\msohev.dll]  [Microsoft Corporation, 11.0.5510]
[PID: 1796 / SYSTEM][C:\WINDOWS\system32\spoolsv.exe]  [Microsoft Corporation, 5.1.2600.5512 (xpsp.080413-0852)]
    [C:\WINDOWS\system32\HBTL.dll]  [N/A, ]
    [C:\WINDOWS\system32\HBmhly.dll]  [N/A, ]
    [C:\WINDOWS\system32\HBASKTAO.dll]  [N/A, ]
    [C:\WINDOWS\system32\Normaliz.dll]  [Microsoft Corporation, 6.0.5441.0 (winmain(wmbla).060628-1735)]
    [C:\WINDOWS\system32\iertutil.dll]  [Microsoft Corporation, 7.00.6000.16705 (vista_gdr.080618-1506)]
    [C:\WINDOWS\system32\HBXMJ.dll]  [N/A, ]
    [C:\WINDOWS\system32\HBWOW.dll]  [N/A, ]
    [C:\WINDOWS\system32\HBLYFX.dll]  [N/A, ]
    [C:\WINDOWS\system32\mdimon.dll]  [Microsoft Corporation, 11.3.2175.0]
    [C:\WINDOWS\System32\spool\PRTPROCS\W32X86\mdippr.dll]  [Microsoft Corporation, 11.3.2175.0]
    [C:\Program Files\Bonjour\mdnsNSP.dll]  [Apple Computer, Inc., 1,0,3,1]
[PID: 436 / SYSTEM][C:\Program Files\Bonjour\mDNSResponder.exe]  [Apple Computer, Inc., 1,0,3,1]
gototop
 
哪个拉螺丝
头像
初生襁褓狮
  • 帖子:26
  • 注册: 2006-11-11
  • 来自:
发表于: 2008-12-18 22:19 | 只看楼主 短消息 资料
字号: 5楼

回复:在线等,中了木马弹窗口,有个system.exe可疑文件,副日志0

l]  [N/A, ]
    [C:\WINDOWS\system32\HBmhly.dll]  [N/A, ]
    [C:\WINDOWS\system32\HBASKTAO.dll]  [N/A, ]
    [C:\WINDOWS\system32\Normaliz.dll]  [Microsoft Corporation, 6.0.5441.0 (winmain(wmbla).060628-1735)]
    [C:\WINDOWS\system32\iertutil.dll]  [Microsoft Corporation, 7.00.6000.16705 (vista_gdr.080618-1506)]
    [C:\WINDOWS\system32\HBXMJ.dll]  [N/A, ]
    [C:\WINDOWS\system32\HBWOW.dll]  [N/A, ]
    [C:\WINDOWS\system32\HBLYFX.dll]  [N/A, ]
[PID: 460 / SYSTEM][C:\Program Files\StormII\stormliv.exe]  [北京暴风网际科技有限公司, 3, 8, 10, 15]
    [C:\Program Files\StormII\MSVCP60.dll]  [Microsoft Corporation, 6.02.3104.0]
    [C:\WINDOWS\system32\Normaliz.dll]  [Microsoft Corporation, 6.0.5441.0 (winmain(wmbla).060628-1735)]
    [C:\WINDOWS\system32\iertutil.dll]  [Microsoft Corporation, 7.00.6000.16705 (vista_gdr.080618-1506)]
    [C:\WINDOWS\system32\HBTL.dll]  [N/A, ]
    [C:\WINDOWS\system32\HBmhly.dll]  [N/A, ]
    [C:\WINDOWS\system32\HBASKTAO.dll]  [N/A, ]
    [C:\WINDOWS\system32\HBXMJ.dll]  [N/A, ]
    [C:\WINDOWS\system32\HBWOW.dll]  [N/A, ]
    [C:\WINDOWS\system32\HBLYFX.dll]  [N/A, ]
    [C:\Program Files\Bonjour\mdnsNSP.dll]  [Apple Computer, Inc., 1,0,3,1]
    [C:\Program Files\StormII\bfoptdll.dll]  [北京暴风网际科技有限公司, 3, 8, 7, 16]
    [C:\Program Files\StormII\box\BoxLog.dll]  [北京暴风网际科技有限公司, 3, 8, 11, 3]
[PID: 596 / SYSTEM][C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE]  [Microsoft Corporation, 7.00.9466]
    [C:\WINDOWS\system32\HBTL.dll]  [N/A, ]
    [C:\WINDOWS\system32\HBmhly.dll]  [N/A, ]
    [C:\WINDOWS\system32\HBASKTAO.dll]  [N/A, ]
    [C:\WINDOWS\system32\Normaliz.dll]  [Microsoft Corporation, 6.0.5441.0 (winmain(wmbla).060628-1735)]
    [C:\WINDOWS\system32\iertutil.dll]  [Microsoft Corporation, 7.00.6000.16705 (vista_gdr.080618-1506)]
    [C:\WINDOWS\system32\HBXMJ.dll]  [N/A, ]
    [C:\WINDOWS\system32\HBWOW.dll]  [N/A, ]
    [C:\WINDOWS\system32\HBLYFX.dll]  [N/A, ]
    [C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\2052\mdmui.dll]  [Microsoft Corporation, 7.00.9466]
[PID: 636 / SYSTEM][C:\WINDOWS\system32\nvsvc32.exe]  [NVIDIA Corporation, 6.14.11.7516]
    [C:\WINDOWS\system32\HBTL.dll]  [N/A, ]
    [C:\WINDOWS\system32\HBmhly.dll]  [N/A, ]
    [C:\WINDOWS\system32\HBXMJ.dll]  [N/A, ]
    [C:\WINDOWS\system32\HBLYFX.dll]  [N/A, ]
    [C:\WINDOWS\system32\nvapi.dll]  [NVIDIA Corporation, 6.14.11.7516]
[PID: 1056 / liuJ][C:\WINDOWS\system32\wscntfy.exe]  [Microsoft Corporation, 5.1.2600.5512 (xpsp.080413-2108)]
    [C:\WINDOWS\system32\HBTL.dll]  [N/A, ]
    [C:\WINDOWS\system32\HBmhly.dll]  [N/A, ]
    [C:\WINDOWS\system32\HBXMJ.dll]  [N/A, ]
    [C:\WINDOWS\system32\HBLYFX.dll]  [N/A, ]
    [C:\WINDOWS\system32\DFEC5CB7.dll]  [N/A, ]
    [C:\WINDOWS\system32\2EF0D734.dll]  [N/A, ]
    [C:\WINDOWS\system32\56BC86C7.dll]  [N/A, ]
    [C:\WINDOWS\system32\A1A6BC2E.dll]  [N/A, ]
    [C:\WINDOWS\system32\16AF66EB.dll]  [N/A, ]
    [C:\WINDOWS\system32\122B901E.dll]  [N/A, ]
    [C:\WINDOWS\system32\DFB3DAC5.dll]  [N/A, ]
    [C:\WINDOWS\system32\E783C505.dll]  [N/A, ]
    [C:\WINDOWS\system32\08223B03.dll]  [N/A, ]
[PID: 2104 / LOCAL SERVICE][C:\WINDOWS\System32\alg.exe]  [Microsoft Corporation, 5.1.2600.5512 (xpsp.080413-0852)]
    [C:\WINDOWS\System32\HBTL.dll]  [N/A, ]
    [C:\WINDOWS\System32\HBmhly.dll]  [N/A, ]
    [C:\WINDOWS\System32\HBXMJ.dll]  [N/A, ]
    [C:\WINDOWS\System32\HBLYFX.dll]  [N/A, ]
[PID: 2636 / liuJ][C:\WINDOWS\SOUNDMAN.EXE]  [Realtek Semiconductor Corp., 5, 1, 0, 56]
    [C:\WINDOWS\system32\HBTL.dll]  [N/A, ]
    [C:\WINDOWS\system32\HBmhly.dll]  [N/A, ]
    [C:\WINDOWS\system32\HBXMJ.dll]  [N/A, ]
    [C:\WINDOWS\system32\HBLYFX.dll]  [N/A, ]
    [C:\WINDOWS\system32\DFEC5CB7.dll]  [N/A, ]
    [C:\WINDOWS\system32\2EF0D734.dll]  [N/A, ]
    [C:\WINDOWS\system32\56BC86C7.dll]  [N/A, ]
    [C:\WINDOWS\system32\A1A6BC2E.dll]  [N/A, ]
    [C:\WINDOWS\system32\16AF66EB.dll]  [N/A, ]
    [C:\WINDOWS\system32\122B901E.dll]  [N/A, ]
    [C:\WINDOWS\system32\DFB3DAC5.dll]  [N/A, ]
    [C:\WINDOWS\system32\E783C505.dll]  [N/A, ]
    [C:\WINDOWS\system32\08223B03.dll]  [N/A, ]
[PID: 2860 / liuJ][C:\WINDOWS\System32\DLA\DLACTRLW.EXE]  [Sonic Solutions, 5.20.34a]
    [C:\WINDOWS\system32\DLAAPI_W.DLL]  [Sonic Solutions, 5.20.34a]
    [C:\WINDOWS\System32\DLA\DLACResW.dll]  [Sonic Solutions, 5.20.34a]
    [C:\WINDOWS\system32\HBTL.dll]  [N/A, ]
    [C:\WINDOWS\system32\HBmhly.dll]  [N/A, ]
    [C:\WINDOWS\system32\HBASKTAO.dll]  [N/A, ]
    [C:\WINDOWS\system32\Normaliz.dll]  [Microsoft Corporation, 6.0.5441.0 (winmain(wmbla).060628-1735)]
    [C:\WINDOWS\system32\iertutil.dll]  [Microsoft Corporation, 7.00.6000.16705 (vista_gdr.080618-1506)]
    [C:\WINDOWS\system32\HBXMJ.dll]  [N/A, ]
    [C:\WINDOWS\system32\HBWOW.dll]  [N/A, ]
    [C:\WINDOWS\system32\HBLYFX.dll]  [N/A, ]
    [C:\WINDOWS\system32\DFEC5CB7.dll]  [N/A, ]
    [C:\WINDOWS\system32\2EF0D734.dll]  [N/A, ]
    [C:\WINDOWS\system32\56BC86C7.dll]  [N/A, ]
    [C:\WINDOWS\system32\A1A6BC2E.dll]  [N/A, ]
    [C:\WINDOWS\system32\16AF66EB.dll]  [N/A, ]
    [C:\WINDOWS\system32\122B901E.dll]  [N/A, ]
    [C:\WINDOWS\system32\DFB3DAC5.dll]  [N/A, ]
    [C:\WINDOWS\system32\E783C505.dll]  [N/A, ]
    [C:\WINDOWS\system32\08223B03.dll]  [N/A, ]
[PID: 2868 / liuJ][C:\Program Files\GridService\peer.exe]  [FS2YOU, 2, 1, 10, 8242]
    [C:\WINDOWS\system32\Normaliz.dll]  [Microsoft Corporation, 6.0.5441.0 (winmain(wmbla).060628-1735)]
    [C:\WINDOWS\system32\iertutil.dll]  [Microsoft Corporation, 7.00.6000.16705 (vista_gdr.080618-1506)]
    [C:\WINDOWS\system32\HBTL.dll]  [N/A, ]
    [C:\WINDOWS\system32\HBmhly.dll]  [N/A, ]
    [C:\WINDOWS\system32\HBASKTAO.dll]  [N/A, ]
    [C:\WINDOWS\system32\HBXMJ.dll]  [N/A, ]
    [C:\WINDOWS\system32\HBWOW.dll]  [N/A, ]
    [C:\WINDOWS\system32\HBLYFX.dll]  [N/A, ]
    [C:\Program Files\Bonjour\mdnsNSP.dll]  [Apple Computer, Inc., 1,0,3,1]
    [C:\WINDOWS\system32\DFEC5CB7.dll]  [N/A, ]
    [C:\WINDOWS\system32\2EF0D734.dll]  [N/A, ]
    [C:\WINDOWS\system32\56BC86C7.dll]  [N/A, ]
    [C:\WINDOWS\system32\A1A6BC2E.dll]  [N/A, ]
    [C:\WINDOWS\system32\16AF66EB.dll]  [N/A, ]
    [C:\WINDOWS\system32\122B901E.dll]  [N/A, ]
    [C:\WINDOWS\system32\DFB3DAC5.dll]  [N/A, ]
    [C:\WINDOWS\system32\E783C505.dll]  [N/A, ]
    [C:\WINDOWS\system32\08223B03.dll]  [N/A, ]
[PID: 2904 / liuJ][C:\WINDOWS\system32\System.exe]  [HB Software, 1, 2, 1, 1007]
    [C:\WINDOWS\system32\HBTL.dll]  [N/A, ]
    [C:\WINDOWS\system32\HBmhly.dll]  [N/A, ]
    [C:\WINDOWS\system32\HBASKTAO.dll]  [N/A, ]
    [C:\WINDOWS\system32\Normaliz.dll]  [Microsoft Corporation, 6.0.5441.0 (winmain(wmbla).060628-1735)]
    [C:\WINDOWS\system32\iertutil.dll]  [Microsoft Corporation, 7.00.6000.16705 (vista_gdr.080618-1506)]
    [C:\WINDOWS\system32\HBXMJ.dll]  [N/A, ]
    [C:\WINDOWS\system32\HBWOW.dll]  [N/A, ]
    [C:\WINDOWS\system32\HBLYFX.dll]  [N/A, ]
    [C:\WINDOWS\system32\DFEC5CB7.dll]  [N/A, ]
    [C:\WINDOWS\system32\2EF0D734.dll]  [N/A, ]
    [C:\WINDOWS\system32\56BC86C7.dll]  [N/A, ]
    [C:\WINDOWS\system32\A1A6BC2E.dll]  [N/A, ]
    [C:\WINDOWS\system32\16AF66EB.dll]  [N/A, ]
    [C:\WINDOWS\system32\122B901E.dll]  [N/A, ]
    [C:\WINDOWS\system32\DFB3DAC5.dll]  [N/A, ]
    [C:\WINDOWS\system32\E783C505.dll]  [N/A, ]
    [C:\WINDOWS\system32\08223B03.dll]  [N/A, ]
[PID: 2916 / liuJ][C:\WINDOWS\system32\ctfmon.exe]  [Microsoft Corporation, 5.1.2600.5512 (xpsp.080413-2105)]
    [C:\WINDOWS\system32\HBTL.dll]  [N/A, ]
    [C:\WINDOWS\system32\HBmhly.dll]  [N/A, ]
    [C:\WINDOWS\system32\HBASKTAO.dll]  [N/A, ]
    [C:\WINDOWS\system32\Normaliz.dll]  [Microsoft Corporation, 6.0.5441.0 (winmain(wmbla).060628-1735)]
    [C:\WINDOWS\system32\iertutil.dll]  [Microsoft Corporation, 7.00.6000.16705 (vista_gdr.080618-1506)]
    [C:\WINDOWS\system32\HBXMJ.dll]  [N/A, ]
    [C:\WINDOWS\system32\HBWOW.dll]  [N/A, ]
    [C:\WINDOWS\system32\HBLYFX.dll]  [N/A, ]
    [C:\WINDOWS\system32\DFEC5CB7.dll]  [N/A, ]
    [C:\WINDOWS\system32\2EF0D734.dll]  [N/A, ]
    [C:\WINDOWS\system32\56BC86C7.dll]  [N/A, ]
    [C:\WINDOWS\system32\A1A6BC2E.dll]  [N/A, ]
    [C:\WINDOWS\system32\16AF66EB.dll]  [N/A, ]
    [C:\WINDOWS\system32\122B901E.dll]  [N/A, ]
    [C:\WINDOWS\system32\DFB3DAC5.dll]  [N/A, ]
    [C:\WINDOWS\system32\E783C505.dll]  [N/A, ]
    [C:\WINDOWS\system32\08223B03.dll]  [N/A, ]
[PID: 3028 / liuJ][C:\Program Files\PPStream\ppsap.exe]  [PPStream Inc, 1, 0, 11, 160]
    [C:\WINDOWS\system32\Normaliz.dll]  [Microsoft Corporation, 6.0.5441.0 (winmain(wmbla).060628-1735)]
    [C:\WINDOWS\system32\iertutil.dll]  [Microsoft Corporation, 7.00.6000.16705 (vista_gdr.080618-1506)]
    [C:\WINDOWS\system32\HBTL.dll]  [N/A, ]
    [C:\WINDOWS\system32\HBmhly.dll]  [N/A, ]
    [C:\WINDOWS\system32\HBASKTAO.dll]  [N/A, ]
    [C:\WINDOWS\system32\HBXMJ.dll]  [N/A, ]
    [C:\WINDOWS\system32\HBWOW.dll]  [N/A, ]
    [C:\WINDOWS\system32\HBLYFX.dll]  [N/A, ]
    [C:\WINDOWS\system32\DFEC5CB7.dll]  [N/A, ]
    [C:\WINDOWS\system32\2EF0D734.dll]  [N/A, ]
    [C:\WINDOWS\system32\56BC86C7.dll]  [N/A, ]
    [C:\WINDOWS\system32\A1A6BC2E.dll]  [N/A, ]
    [C:\WINDOWS\system32\16AF66EB.dll]  [N/A, ]
    [C:\WINDOWS\system32\122B901E.dll]  [N/A, ]
    [C:\WINDOWS\system32\DFB3DAC5.dll]  [N/A, ]
    [C:\WINDOWS\system32\E783C505.dll]  [N/A, ]
    [C:\WINDOWS\system32\08223B03.dll]  [N/A, ]
    [C:\Program Files\PPStream\vodnet.dll]  [PPStream Inc., 1, 0, 11, 160]
    [C:\Program Files\PPStream\vodres.dll]  [PPStream Inc., 1, 0, 11, 160]
    [C:\Program Files\Bonjour\mdnsNSP.dll]  [Apple Computer, Inc., 1,0,3,1]
    [C:\Program Files\PPStream\PPSMedia.dll]  [PPStream Inc., 1.0.0.1]
[PID: 2672 / liuJ][C:\Program Files\Internet Explorer\iexplore.exe]  [Microsoft Corporation, 7.00.6000.16705 (vista_gdr.080618-1506)]
    [C:\WINDOWS\system32\iertutil.dll]  [Microsoft Corporation, 7.00.6000.16705 (vista_gdr.080618-1506)]
    [C:\WINDOWS\system32\HBTL.dll]  [N/A, ]
    [C:\WINDOWS\system32\HBmhly.dll]  [N/A, ]
    [C:\WINDOWS\system32\HBASKTAO.dll]  [N/A, ]
    [C:\WINDOWS\system32\Normaliz.dll]  [Microsoft Corporation, 6.0.5441.0 (winmain(wmbla).060628-1735)]
    [C:\WINDOWS\system32\HBXMJ.dll]  [N/A, ]
    [C:\WINDOWS\system32\HBWOW.dll]  [N/A, ]
    [C:\WINDOWS\system32\HBLYFX.dll]  [N/A, ]
    [C:\WINDOWS\system32\IEFRAME.dll]  [Microsoft Corporation, 7.00.6000.16705 (vista_gdr.080618-1506)]
    [C:\WINDOWS\system32\IEUI.dll]  [Microsoft Corporation, 7.00.5730.13 (longhorn(wmbla).070711-1130)]
    [C:\WINDOWS\system32\xmllite.dll]  [Microsoft Corporation, 1.00.1018.0]
    [C:\Program Files\Microsoft Office\OFFICE11\msohev.dll]  [Microsoft Corporation, 11.0.5510]
    [C:\Program Files\Internet Explorer\ieproxy.dll]  [Microsoft Corporation, 7.00.5730.13 (longhorn(wmbla).070711-1130)]
    [C:\WINDOWS\system32\DFEC5CB7.dll]  [N/A, ]
    [C:\WINDOWS\system32\2EF0D734.dll]  [N/A, ]
    [C:\WINDOWS\system32\56BC86C7.dll]  [N/A, ]
    [C:\WINDOWS\system32\A1A6BC2E.dll]  [N/A, ]
    [C:\WINDOWS\system32\16AF66EB.dll]  [N/A, ]
    [C:\WINDOWS\system32\122B901E.dll]  [N/A, ]
    [C:\WINDOWS\system32\DFB3DAC5.dll]  [N/A, ]
    [C:\WINDOWS\system32\E783C505.dll]  [N/A, ]
    [C:\WINDOWS\system32\08223B03.dll]  [N/A, ]
    [C:\Program Files\Thunder Network\Thunder\ComDlls\TDAtOnce_Now.dll]  [Thunder Networking Technologies,LTD, 1.0.5.29]
    [C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll]  [Adobe Systems Incorporated, 8.0.0.2006102200]
    [C:\Program Files\Common Files\PushWare\cpush.dll]  [, 1.1.1.7]
    [C:\WINDOWS\System32\DLA\DLASHX_W.DLL]  [Sonic Solutions, 5.20.34a]
    [C:\WINDOWS\system32\DLAAPI_W.DLL]  [Sonic Solutions, 5.20.34a]
    [C:\WINDOWS\System32\DLA\DLACResW.dll]  [Sonic Solutions, 5.20.34a]
    [C:\Program Files\Bonjour\mdnsNSP.dll]  [Apple Computer, Inc., 1,0,3,1]
    [C:\Program Files\Thunder Network\Thunder\ComDlls\xunleiBHO_Now.dll]  [Thunder Networking Technologies,LTD, 5, 0, 8, 96]
    [C:\Program Files\Thunder Network\Thunder\Components\ResWorker\DsBho_00.dll]  [Thunder Networking Technologies,LTD, 1, 0, 0, 20]
    [C:\Program Files\Thunder Network\Thunder\Components\ResWorker\DataProcessor_00.dll]  [Thunder Networking Technologies,LTD, 1, 0, 0, 16]
    [C:\Documents and Settings\All Users\Application Data\Microsoft\OFFICE\USERDATA\webbrowser_2263.dll]  [, 4, 0, 5, 0]
    [C:\WINDOWS\system32\ieapfltr.dll]  [Microsoft Corporation, 7.0.6000.16461]
    [C:\Program Files\Rising\Rav\RavScrCh.dll]  [Beijing Rising Information Technology Co., Ltd., 20, 0, 0, 5]
    [C:\WINDOWS\system32\msacm32.drv]  [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)]
    [C:\WINDOWS\system32\Macromed\Flash\Flash9f.ocx]  [Adobe Systems, Inc., 9,0,124,0]
[PID: 1656 / liuJ][C:\WINDOWS\system32\conime.exe]  [Microsoft Corporation, 5.1.2600.5512 (xpsp.080413-2105)]
    [C:\WINDOWS\system32\HBTL.dll]  [N/A, ]
    [C:\WINDOWS\system32\HBmhly.dll]  [N/A, ]
    [C:\WINDOWS\system32\HBXMJ.dll]  [N/A, ]
    [C:\WINDOWS\system32\HBLYFX.dll]  [N/A, ]
    [C:\WINDOWS\system32\DFEC5CB7.dll]  [N/A, ]
    [C:\WINDOWS\system32\2EF0D734.dll]  [N/A, ]
    [C:\WINDOWS\system32\56BC86C7.dll]  [N/A, ]
    [C:\WINDOWS\system32\A1A6BC2E.dll]  [N/A, ]
    [C:\WINDOWS\system32\16AF66EB.dll]  [N/A, ]
    [C:\WINDOWS\system32\122B901E.dll]  [N/A, ]
    [C:\WINDOWS\system32\DFB3DAC5.dll]  [N/A, ]
    [C:\WINDOWS\system32\E783C505.dll]  [N/A, ]
    [C:\WINDOWS\system32\08223B03.dll]  [N/A, ]
[PID: 732 / liuJ][C:\Program Files\Internet Explorer\iexplore.exe]  [Microsoft Corporation, 7.00.6000.16705 (vista_gdr.080618-1506)]
    [C:\WINDOWS\system32\iertutil.dll]  [Microsoft Corporation, 7.00.6000.16705 (vista_gdr.080618-1506)]
    [C:\WINDOWS\system32\HBTL.dll]  [N/A, ]
    [C:\WINDOWS\system32\HBmhly.dll]  [N/A, ]
    [C:\WINDOWS\system32\HBASKTAO.dll]  [N/A, ]
    [C:\WINDOWS\system32\Normaliz.dll]  [Microsoft Corporation, 6.0.5441.0 (winmain(wmbla).060628-1735)]
    [C:\WINDOWS\system32\HBXMJ.dll]  [N/A, ]
    [C:\WINDOWS\system32\HBWOW.dll]  [N/A, ]
    [C:\WINDOWS\system32\HBLYFX.dll]  [N/A, ]
    [C:\WINDOWS\system32\IEFRAME.dll]  [Microsoft Corporation, 7.00.6000.16705 (vista_gdr.080618-1506)]
    [C:\WINDOWS\system32\IEUI.dll]  [Microsoft Corporation, 7.00.5730.13 (longhorn(wmbla).070711-1130)]
    [C:\WINDOWS\system32\xmllite.dll]  [Microsoft Corporation, 1.00.1018.0]
    [C:\Program Files\Microsoft Office\OFFICE11\msohev.dll]  [Microsoft Corporation, 11.0.5510]
    [C:\Program Files\Internet Explorer\ieproxy.dll]  [Microsoft Corporation, 7.00.5730.13 (longhorn(wmbla).070711-1130)]
    [C:\WINDOWS\system32\DFEC5CB7.dll]  [N/A, ]
    [C:\WINDOWS\system32\2EF0D734.dll]  [N/A, ]
    [C:\WINDOWS\system32\56BC86C7.dll]  [N/A, ]
    [C:\WINDOWS\system32\A1A6BC2E.dll]  [N/A, ]
    [C:\WINDOWS\system32\16AF66EB.dll]  [N/A, ]
    [C:\WINDOWS\system32\122B901E.dll]  [N/A, ]
    [C:\WINDOWS\system32\DFB3DAC5.dll]  [N/A, ]
    [C:\WINDOWS\system32\E783C505.dll]  [N/A, ]
    [C:\WINDOWS\system32\08223B03.dll]  [N/A, ]
    [C:\Program Files\Thunder Network\Thunder\ComDlls\TDAtOnce_Now.dll]  [Thunder Networking Technologies,LTD, 1.0.5.29]
    [C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll]  [Adobe Systems Incorporated, 8.0.0.2006102200]
    [C:\Program Files\Common Files\PushWare\cpush.dll]  [, 1.1.1.7]
    [C:\WINDOWS\System32\DLA\DLASHX_W.DLL]  [Sonic Solutions, 5.20.34a]
    [C:\WINDOWS\system32\DLAAPI_W.DLL]  [Sonic Solutions, 5.20.34a]
    [C:\WINDOWS\System32\DLA\DLACResW.dll]  [Sonic Solutions, 5.20.34a]
    [C:\Program Files\Bonjour\mdnsNSP.dll]  [Apple Computer, Inc., 1,0,3,1]
    [C:\Program Files\Thunder Network\Thunder\ComDlls\xunleiBHO_Now.dll]  [Thunder Networking Technologies,LTD, 5, 0, 8, 96]
    [C:\Program Files\Thunder Network\Thunder\Components\ResWorker\DsBho_00.dll]  [Thunder Networking Technologies,LTD, 1, 0, 0, 20]
    [C:\Program Files\Thunder Network\Thunder\Components\ResWorker\DataProcessor_00.dll]  [Thunder Networking Technologies,LTD, 1, 0, 0, 16]
    [C:\Documents and Settings\All Users\Application Data\Microsoft\OFFICE\USERDATA\webbrowser_2263.dll]  [, 4, 0, 5, 0]
    [C:\WINDOWS\system32\ieapfltr.dll]  [Microsoft Corporation, 7.0.6000.16461]
    [C:\Program Files\Rising\Rav\RavScrCh.dll]  [Beijing Rising Information Technology Co., Ltd., 20, 0, 0, 5]
    [C:\WINDOWS\system32\F65BDEC7.dll]  [N/A, ]
    [C:\WINDOWS\system32\E0D39066.dll]  [N/A, ]
    [C:\WINDOWS\system32\9CA963CA.dll]  [N/A, ]
    [C:\WINDOWS\system32\E1384213.dll]  [N/A, ]
    [C:\WINDOWS\system32\198FF3D8.dll]  [N/A, ]
    [C:\WINDOWS\system32\BA7EDF54.dll]  [N/A, ]
    [C:\WINDOWS\system32\1FD51F1F.dll]  [N/A, ]
    [C:\WINDOWS\system32\E4814792.dll]  [N/A, ]
gototop
 
哪个拉螺丝
头像
初生襁褓狮
  • 帖子:26
  • 注册: 2006-11-11
  • 来自:
发表于: 2008-12-18 22:19 | 只看楼主 短消息 资料
字号: 6楼

回复:在线等,中了木马弹窗口,有个system.exe可疑文件,副日志0

es\WinRAR\WinRAR.exe]  [N/A, ]
    [C:\WINDOWS\system32\HBTL.dll]  [N/A, ]
    [C:\WINDOWS\system32\HBmhly.dll]  [N/A, ]
    [C:\WINDOWS\system32\HBASKTAO.dll]  [N/A, ]
    [C:\WINDOWS\system32\Normaliz.dll]  [Microsoft Corporation, 6.0.5441.0 (winmain(wmbla).060628-1735)]
    [C:\WINDOWS\system32\iertutil.dll]  [Microsoft Corporation, 7.00.6000.16705 (vista_gdr.080618-1506)]
    [C:\WINDOWS\system32\HBXMJ.dll]  [N/A, ]
    [C:\WINDOWS\system32\HBWOW.dll]  [N/A, ]
    [C:\WINDOWS\system32\HBLYFX.dll]  [N/A, ]
    [C:\WINDOWS\system32\DFEC5CB7.dll]  [N/A, ]
    [C:\WINDOWS\system32\2EF0D734.dll]  [N/A, ]
    [C:\WINDOWS\system32\56BC86C7.dll]  [N/A, ]
    [C:\WINDOWS\system32\A1A6BC2E.dll]  [N/A, ]
    [C:\WINDOWS\system32\16AF66EB.dll]  [N/A, ]
    [C:\WINDOWS\system32\122B901E.dll]  [N/A, ]
    [C:\WINDOWS\system32\DFB3DAC5.dll]  [N/A, ]
    [C:\WINDOWS\system32\E783C505.dll]  [N/A, ]
    [C:\WINDOWS\system32\08223B03.dll]  [N/A, ]
    [C:\WINDOWS\system32\F65BDEC7.dll]  [N/A, ]
    [C:\WINDOWS\system32\E0D39066.dll]  [N/A, ]
    [C:\WINDOWS\system32\9CA963CA.dll]  [N/A, ]
    [C:\WINDOWS\system32\E1384213.dll]  [N/A, ]
    [C:\WINDOWS\system32\198FF3D8.dll]  [N/A, ]
    [C:\WINDOWS\system32\BA7EDF54.dll]  [N/A, ]
    [C:\WINDOWS\system32\1FD51F1F.dll]  [N/A, ]
    [C:\WINDOWS\system32\E4814792.dll]  [N/A, ]
    [C:\WINDOWS\system32\ieframe.dll]  [Microsoft Corporation, 7.00.6000.16705 (vista_gdr.080618-1506)]
[PID: 2060 / liuJ][C:\DOCUME~1\liuJ\LOCALS~1\Temp\Rar$EX00.766\SREngLdr.EXE]  [Smallfrogs Studio, 2.6.12.1018]
    [C:\WINDOWS\system32\HBmhly.dll]  [N/A, ]
    [C:\WINDOWS\system32\HBASKTAO.dll]  [N/A, ]
    [C:\WINDOWS\system32\Normaliz.dll]  [Microsoft Corporation, 6.0.5441.0 (winmain(wmbla).060628-1735)]
    [C:\WINDOWS\system32\iertutil.dll]  [Microsoft Corporation, 7.00.6000.16705 (vista_gdr.080618-1506)]
    [C:\WINDOWS\system32\HBWOW.dll]  [N/A, ]
    [C:\WINDOWS\system32\HBTL.dll]  [N/A, ]
    [C:\WINDOWS\system32\HBLYFX.dll]  [N/A, ]
    [C:\WINDOWS\system32\HBXMJ.dll]  [N/A, ]
[PID: 3372 / liuJ][C:\DOCUME~1\liuJ\LOCALS~1\Temp\Rar$EX00.766\SREcead1a71.EXE]  [Smallfrogs Studio, 2.6.12.1018]
    [C:\WINDOWS\system32\Normaliz.dll]  [Microsoft Corporation, 6.0.5441.0 (winmain(wmbla).060628-1735)]
    [C:\WINDOWS\system32\iertutil.dll]  [Microsoft Corporation, 7.00.6000.16705 (vista_gdr.080618-1506)]
    [C:\WINDOWS\system32\HBmhly.dll]  [N/A, ]
    [C:\WINDOWS\system32\HBASKTAO.dll]  [N/A, ]
    [C:\WINDOWS\system32\HBWOW.dll]  [N/A, ]
    [C:\WINDOWS\system32\HBTL.dll]  [N/A, ]
    [C:\WINDOWS\system32\HBLYFX.dll]  [N/A, ]
    [C:\WINDOWS\system32\HBXMJ.dll]  [N/A, ]
    [C:\WINDOWS\system32\DFEC5CB7.dll]  [N/A, ]
    [C:\WINDOWS\system32\2EF0D734.dll]  [N/A, ]
    [C:\WINDOWS\system32\56BC86C7.dll]  [N/A, ]
    [C:\WINDOWS\system32\A1A6BC2E.dll]  [N/A, ]
    [C:\WINDOWS\system32\16AF66EB.dll]  [N/A, ]
    [C:\WINDOWS\system32\122B901E.dll]  [N/A, ]
    [C:\WINDOWS\system32\DFB3DAC5.dll]  [N/A, ]
    [C:\WINDOWS\system32\E783C505.dll]  [N/A, ]
    [C:\WINDOWS\system32\08223B03.dll]  [N/A, ]
    [C:\DOCUME~1\liuJ\LOCALS~1\Temp\Rar$EX00.766\Upload\3rdUpd.DLL]  [Smallfrogs Studio, 2, 1, 0, 15]
    [C:\Program Files\Bonjour\mdnsNSP.dll]  [Apple Computer, Inc., 1,0,3,1]

==================================
文件关联
.TXT  Error. [C:\WINDOWS\notepad.exe %1]
.EXE  OK. ["%1" %*]
.COM  OK. ["%1" %*]
.PIF  OK. ["%1" %*]
.REG  OK. [regedit.exe "%1"]
.BAT  OK. ["%1" %*]
.SCR  OK. ["%1" /S]
.CHM  Error. ["hh.exe" %1]
.HLP  OK. [%SystemRoot%\System32\winhlp32.exe %1]
.INI  Error. [C:\WINDOWS\System32\NOTEPAD.EXE %1]
.INF  OK. [%SystemRoot%\System32\NOTEPAD.EXE %1]
.VBS  OK. [%SystemRoot%\System32\WScript.exe "%1" %*]
.JS  OK. [%SystemRoot%\System32\WScript.exe "%1" %*]
.LNK  OK. [{00021401-0000-0000-C000-000000000046}]

==================================
Winsock 提供者
N/A

==================================
Autorun.inf
N/A

==================================
HOSTS 文件
127.0.0.1      v.onondown.com.cn
127.0.0.2      ymsdasdw1.cn
127.0.0.3      h96b.info
127.0.0.0      www.bypk.com
127.0.0.1      va9sdhun23.cn
127.0.0.2      bnasnd83nd.cn
127.0.0.0      www.gamehacker.com.cn
127.0.0.0      gamehacker.com.cn
127.0.0.3      adlaji.cn
127.0.0.1      858656.com
127.1.1.1      bnasnd83nd.cn
127.1.1.1      555.hfdy2828.com
127.1.1.1      666.hfdy2828.com
127.0.1.1      59.34.216.143
127.0.0.1      my123.com
127.0.0.0      user1.12-27.net
127.0.0.1      8749.com
127.0.0.0      fengent.cn
127.0.0.1      4199.com
127.0.0.1      user1.16-22.net
127.0.0.1      www.oiuyt.net
127.0.0.1      61.164.118.209
127.0.0.1      7379.com
127.0.0.1      2be37c5f.3f6e2cc5f0b.com
127.0.0.1      7255.com
127.0.0.1      user1.23-12.net
127.0.0.1      59.34.216.225
127.0.0.1      avzhan.3322.org
127.0.0.1      avzhan.3322.org
127.0.0.1      down.ombb888.cn
127.0.0.1      down.ombb888.cn
127.0.0.1      www.mmd178.cn
127.0.0.1      61.160.210.41
127.0.0.1      61.160.210.42
127.0.0.1      61.160.210.43
127.0.0.1      61.160.210.44
127.0.0.1      61.160.210.45
127.0.0.1      61.160.210.46
127.0.0.1      3448.com
127.0.0.1      www.guccia.net
127.0.0.1      7939.com
127.0.0.1      a.o1o1o1.nEt
127.0.0.1      8009.com
127.0.0.1      user1.12-73.cn
127.0.0.1      piaoxue.com
127.0.0.1      3n8nlasd.cn
127.0.0.1      kzdh.com
127.0.0.0      www.sony888.cn
127.0.0.1      about.blank.la
127.0.0.0      user1.asp-33.cn
127.0.0.1      6781.com
127.0.0.0      www.netkwek.cn
127.0.0.1      7322.com
127.0.0.0      ymsdkad6.cn
127.0.0.1      localhost
127.0.0.0      www.lkwueir.cn
127.0.0.1      06.jacai.com
127.0.1.1      user1.23-17.net
127.0.0.1      1.jopenkk.com
127.0.0.0      upa.luzhiai.net
127.0.0.1      1.jopenqc.com
127.0.0.0      www.guccia.net
127.0.0.1      1.joppnqq.com
127.0.0.0      4m9mnlmi.cn
127.0.0.1      1.xqhgm.com
127.0.0.0      mm119mkssd.cn
127.0.0.1      100.332233.com
127.0.0.0      61.128.171.115:8080
127.0.0.1      121.11.90.79
127.0.0.0      www.1119111.com
127.0.0.1      121565.net
127.0.0.0      win.nihao69.cn
127.0.0.1      125.90.88.38
127.0.0.1      16888.6to23.com
127.0.0.1      2.joppnqq.com
127.0.0.0      puc.lianxiac.net
127.0.0.1      204.177.92.68
127.0.0.0      pud.lianxiac.net
127.0.0.1      210.74.145.236
127.0.0.0      210.76.0.133
127.0.0.1      219.129.239.220
127.0.0.0      61.166.32.2
127.0.0.1      219.153.40.221
127.0.0.0      218.92.186.27
127.0.0.1      219.153.46.27
127.0.0.0      www.fsfsfag.cn
127.0.0.1      219.153.52.123
127.0.0.0      ovo.ovovov.cn
127.0.0.1      221.195.42.71
127.0.0.0      dw.com.com
127.0.0.1      222.73.218.115
127.0.0.1      203.110.168.233:80
127.0.0.1      3.joppnqq.com
127.0.0.1      203.110.168.221:80
127.0.0.1      363xx.com
127.0.0.1      www1.ip10086.com.cm
127.0.0.1      4199.com
127.0.0.1      blog.ip10086.com.cn
127.0.0.1      43242.com
127.0.0.1      www.ccji68.cn
127.0.0.1      5.xqhgm.com
127.0.0.0      t.myblank.cn
127.0.0.1      520.mm5208.com
127.0.0.0      x.myblank.cn
127.0.0.1      59.34.131.54
127.0.0.1      210.51.45.5
127.0.0.1      59.34.198.228
127.0.0.1      www.ew1q.cn
127.0.0.1      59.34.198.88
127.0.0.1      59.34.198.97
127.0.0.1      60.190.114.101
127.0.0.1      60.190.218.34
127.0.0.0      qq-xing.com.cn
127.0.0.1      60.191.124.252
127.0.0.1      61.145.117.212
127.0.0.1      61.157.109.222
127.0.0.1      75.126.3.216
127.0.0.1      75.126.3.217
127.0.0.1      75.126.3.218
127.0.0.0      59.125.231.177:17777
127.0.0.1      75.126.3.220
127.0.0.1      75.126.3.221
127.0.0.1      75.126.3.222
127.0.0.1      772630.com
127.0.0.1      832823.cn
127.0.0.1      8749.com
127.0.0.1      888.jopenqc.com
127.0.0.1      89382.cn
127.0.0.1      8v8.biz
127.0.0.1      97725.com
127.0.0.1      9gg.biz
127.0.0.1      www.9000music.com
127.0.0.1      test.591jx.com
127.0.0.1      a.topxxxx.cn
127.0.0.1      picon.chinaren.com
127.0.0.1      www.5566.net
127.0.0.1      p.qqkx.com
127.0.0.1      news.netandtv.com
127.0.0.1      z.neter888.cn
127.0.0.1      b.myblank.cn
127.0.0.1      wvw.wokutu.com
127.0.0.1      unionch.qyule.com
127.0.0.1      www.qyule.com
127.0.0.1      it.itjc.cn
127.0.0.1      www.linkwww.com
127.0.0.1      vod.kaicn.com
127.0.0.1      www.tx8688.com
127.0.0.1      b.neter888.cn
127.0.0.1      promote.huanqiu.com
127.0.0.1      www.huanqiu.com
127.0.0.1      www.haokanla.com
127.0.0.1      play.unionsky.cn
127.0.0.1      www.52v.com
127.0.0.1      www.gghka.cn
127.0.0.1      icon.ajiang.net
127.0.0.1      new.ete.cn
127.0.0.1      www.stiae.cn
127.0.0.1      o.neter888.cn
127.0.0.1      comm.jinti.com
127.0.0.1      www.google-analytics.com
127.0.0.1      hz.mmstat.com
127.0.0.1      www.game175.cn
127.0.0.1      x.neter888.cn
127.0.0.1      z.neter888.cn
127.0.0.1      p.etimes888.com
127.0.0.1      hx.etimes888.com
127.0.0.1      abc.qqkx.com
127.0.0.1      dm.popdm.cn
127.0.0.1      www.yl9999.com
127.0.0.1      www.dajiadoushe.cn
127.0.0.1      v.onondown.com.cn
127.0.0.1      www.interoo.net
127.0.0.1      bally1.bally-bally.net
127.0.0.1      www.bao5605509.cn
127.0.0.1      www.rty456.cn
127.0.0.1      www.werqwer.cn
127.0.0.1      1.360-1.cn
127.0.0.1      user1.23-16.net
127.0.0.1      61.160.213.143
127.0.0.1      qq.xiaoxiao02.cn
127.0.0.1      baoge.9966.org
127.0.0.1      www.oiuyt.net
127.0.0.1      www.guccia.net
127.0.0.1      www.interoo.net
127.0.0.1      upa.netsool.net
127.0.0.1      qq.gong2008.com
127.0.0.1      2008tl.copyip.com
127.0.0.1      tla.laozihuolaile.cn
127.0.0.1      www.tx6868.cn
127.0.0.1      p001.tiloaiai.com
127.0.0.1      s1.tl8tl.com
127.0.0.1      s1.gong2008.com
127.0.0.1      js.users.51.la
127.0.0.1      vip2.51.la
127.0.0.1      web.51.la
127.0.0.1      4b3ce56f9g.3f6e2cc5f0b.com
127.0.0.1      2be37c5f.3f6e2cc5f0b.com

==================================
进程特权扫描
特殊特权被允许: SeDebugPrivilege [PID = 2860, C:\WINDOWS\SYSTEM32\DLA\DLACTRLW.EXE]
特殊特权被允许: SeLoadDriverPrivilege [PID = 2860, C:\WINDOWS\SYSTEM32\DLA\DLACTRLW.EXE]
特殊特权被允许: SeDebugPrivilege [PID = 2868, C:\PROGRAM FILES\GRIDSERVICE\PEER.EXE]
特殊特权被允许: SeLoadDriverPrivilege [PID = 2868, C:\PROGRAM FILES\GRIDSERVICE\PEER.EXE]
特殊特权被允许: SeDebugPrivilege [PID = 2904, C:\WINDOWS\SYSTEM32\SYSTEM.EXE]
特殊特权被允许: SeLoadDriverPrivilege [PID = 2904, C:\WINDOWS\SYSTEM32\SYSTEM.EXE]
特殊特权被允许: SeDebugPrivilege [PID = 532, C:\PROGRAM FILES\WINRAR\WINRAR.EXE]
特殊特权被允许: SeLoadDriverPrivilege [PID = 532, C:\PROGRAM FILES\WINRAR\WINRAR.EXE]
特殊特权被允许: SeDebugPrivilege [PID = 2060, C:\DOCUME~1\LIUJ\LOCALS~1\TEMP\RAR$EX00.766\SRENGLDR.EXE]
特殊特权被允许: SeLoadDriverPrivilege [PID = 2060, C:\DOCUME~1\LIUJ\LOCALS~1\TEMP\RAR$EX00.766\SRENGLDR.EXE]

==================================
API HOOK
N/A

==================================
隐藏进程
N/A

==================================


[/CODE]
gototop
 
哪个拉螺丝
头像
初生襁褓狮
  • 帖子:26
  • 注册: 2006-11-11
  • 来自:
发表于: 2008-12-19 00:02 | 只看楼主 短消息 资料
字号: 7楼

回复:在线等,中了木马弹窗口,有个system.exe可疑文件,副日志0

人呢?
gototop
 
<<上一主题|下一主题>>
1   1  /  1  页   跳转
页面顶部
Powered by Discuz!NT