1   1  /  1  页   跳转

[求助] 太奇怪了,求助!

收藏
clnlf2008
头像
初生襁褓狮
  • 帖子:36
  • 注册: 2006-08-02
  • 来自:
发表于: 2009-04-01 16:05 | 只看楼主 短消息 资料
字号: 1楼

太奇怪了,求助!

打开页面AVAST就会报 VBS:obfuscate-gen [tri]
说是木马病毒

怎么杀掉啊  谢谢了!

用户系统信息:Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; Maxthon)
分享到:
gototop
 
帅哥阿福
头像
雄霸杖朝狮
  • 帖子:21071
  • 注册: 2006-03-29
  • 来自:米兰
论坛8周年活动礼物祖国六十华诞09欢乐圣诞
发表于: 2009-04-01 16:08 | 短消息 资料
字号: 2楼

回复:太奇怪了,求助!

是否打开任何页面就报毒?
如果

打开任何网页即报病毒,其实就是利用微软MS07-017中的动态光标处理漏洞的畸形ANI文件,一般由被挂马的网页的相关恶意代码下载。
该漏洞存在于系统关键文件user32.dll中。当进入带有相关恶意代码的网页时,浏览器将会把这种畸形ANI文件下载到本机临时文件夹中,并依照网页脚本执行,将其设置为浏览此页面时鼠标的光标图案。在有瑞星监控的电脑上,当打开带有相关恶意代码的网页,将畸形ANI文件下载到本机临时文件夹中时,瑞星监控将报警,提示发现脚本病毒或网页木马。如果该文件在被下载到临时文件夹时即被瑞星查出,一般处理结果为“清除成功”,而如果该文件在被浏览器调用过程中被发现,瑞星一般将跳过相关代码并提示用户必须“重启电脑后删除文件”。无论是哪种情况,此畸形ANI文件都将不起作用,也就不会下载真正的病毒木马了。
仅仅就这个“病毒”本身而言,处理方法非常简单:关闭浏览器,然后清空IE临时文件夹,升级杀毒。
但是,如果浏览任何网页都会出现此报毒提示,那么就有arp病毒攻击欺骗的情况,某些病毒利用ARP欺骗等手段,在用户收到的网络数据包中自动插入iframe代码,代码指向利用MS07-017漏洞的网址。使得中毒用户,以及局域网中受到此中毒电脑的欺骗攻击的用户,在上任意网站的时候,均会出现脚本病毒或网页木马的报警。针对这种情况,建议首先把补丁打上,其次核实如果是自己的电脑中了毒,应及时清空IE临时目录,升级杀毒;如果是别人的电脑中毒后攻击自己,则下载第三方抓包工具,查找病毒源,找到毒源后,扫SRENG日志发这论坛来
下载SRENG2.6版工具:http://www.kztechs.com/sreng/download.html
SRENG工具的扫描日志操作,看这贴2楼:http://bbs.ikaka.com/showtopic-8442813.aspx
╭∩╮(︶︿︶)╭∩╮
gototop
 
clnlf2008
头像
初生襁褓狮
  • 帖子:36
  • 注册: 2006-08-02
  • 来自:
发表于: 2009-04-01 16:21 | 只看楼主 短消息 资料
字号: 3楼

回复:太奇怪了,求助!

启动项目
注册表
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
    <ctfmon.exe><C:\WINDOWS\system32\ctfmon.exe>  [(Verified)Microsoft Windows Publisher]
    <PC Suite Tray><"C:\Program Files\Nokia\Nokia PC Suite 7\PCSuite.exe" -onlytray>  [Nokia]
[HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows]
    <load><>  [N/A]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
    <IMJPMIG8.1><"C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32>  [(Verified)Microsoft Windows Publisher]
    <PHIME2002ASync><C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC>  [(Verified)Microsoft Windows Publisher]
    <PHIME2002A><C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName>  [(Verified)Microsoft Windows Publisher]
    <igfxtray><C:\WINDOWS\system32\igfxtray.exe>  [(Verified)Microsoft Windows Hardware Compatibility Publisher]
    <igfxhkcmd><C:\WINDOWS\system32\hkcmd.exe>  [(Verified)Microsoft Windows Hardware Compatibility Publisher]
    <igfxpers><C:\WINDOWS\system32\igfxpers.exe>  [(Verified)Microsoft Windows Hardware Compatibility Publisher]
    <High Definition Audio Property Page Shortcut><CHDAudPropShortcut.exe>  [(Verified)Microsoft Windows Hardware Compatibility Publisher]
    <avast!><C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe>  [(Verified)ALWIL Software]
    <Grid Service><"C:\Program Files\GridService\peer.exe" -n Grid>  [FS2YOU]
    <360Safebox><; "C:\Program Files\360Safebox\safeboxTray.exe" /r>  [(Verified)Qizhi Software (beijing) Co. Ltd]
    <EnergyUtility><C:\Program Files\Lenovo\EnergyCut\utilty.exe>  [TODO: <Company name>]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
    <shell><Explorer.exe>  [(Verified)Microsoft Windows Publisher]
    <Userinit><C:\WINDOWS\system32\userinit.exe,>  [(Verified)Microsoft Windows Publisher]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Windows]
    <AppInit_DLLs><>  [N/A]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
    <UIHost><logonui.exe>  [(Verified)Microsoft Windows Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
    <PostBootReminder><%SystemRoot%\system32\SHELL32.dll>  [(Verified)Microsoft Windows Component Publisher]
    <CDBurn><%SystemRoot%\system32\SHELL32.dll>  [(Verified)Microsoft Windows Component Publisher]
    <WebCheck><%SystemRoot%\system32\webcheck.dll>  [(Verified)Microsoft Windows Publisher]
    <SysTray><C:\WINDOWS\system32\stobject.dll>  [(Verified)Microsoft Windows Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\crypt32chain]
    <WinlogonNotify: crypt32chain><crypt32.dll>  [(Verified)Microsoft Windows Component Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\cryptnet]
    <WinlogonNotify: cryptnet><cryptnet.dll>  [(Verified)Microsoft Windows Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\cscdll]
    <WinlogonNotify: cscdll><cscdll.dll>  [(Verified)Microsoft Windows Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\igfxcui]
    <WinlogonNotify: igfxcui><igfxdev.dll>  [(Verified)Microsoft Windows Hardware Compatibility Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ScCertProp]
    <WinlogonNotify: ScCertProp><wlnotify.dll>  [(Verified)Microsoft Windows Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\Schedule]
    <WinlogonNotify: Schedule><wlnotify.dll>  [(Verified)Microsoft Windows Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\sclgntfy]
    <WinlogonNotify: sclgntfy><sclgntfy.dll>  [(Verified)Microsoft Windows Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\SensLogn]
    <WinlogonNotify: SensLogn><WlNotify.dll>  [(Verified)Microsoft Windows Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\termsrv]
    <WinlogonNotify: termsrv><wlnotify.dll>  [(Verified)Microsoft Windows Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\wlballoon]
    <WinlogonNotify: wlballoon><wlnotify.dll>  [(Verified)Microsoft Windows Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler]
    <{438755C2-A8BA-11D1-B96B-00A0C90312E1}><%SystemRoot%\system32\browseui.dll>  [(Verified)Microsoft Windows Component Publisher]
    <{8C7461EF-2B13-11d2-BE35-3078302C2030}><%SystemRoot%\system32\browseui.dll>  [(Verified)Microsoft Windows Component Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\>{22d6f312-b0f6-11d0-94ab-0080c74c7e95}]
    <Microsoft Windows Media Player><C:\WINDOWS\inf\unregmp2.exe /ShowWMP>  [(Verified)Microsoft Windows Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\>{26923b43-4d38-484f-9b9e-de460746276c}]
    <Internet Explorer><%systemroot%\system32\shmgrate.exe OCInstallUserConfigIE>  [File is missing]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\>{60B49E34-C7CC-11D0-8953-00A0C90347FF}MICROS]
    <浏览器自定义组件><RunDLL32 IEDKCS32.DLL,BrandIE4 SIGNUP>  [(Verified)Microsoft Windows Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\>{881dd1c5-3dcf-431b-b061-f3f88e8be88a}]
    <Outlook Express><%systemroot%\system32\shmgrate.exe OCInstallUserConfigOE>  [File is missing]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{2C7339CF-2B09-4501-B3F3-F3508C9228ED}]
    <Themes Setup><%SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll>  [File is missing]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{44BBA840-CC51-11CF-AAFA-00AA00B6015C}]
    <Microsoft Outlook Express 6><"%ProgramFiles%\Outlook Express\setup50.exe" /APP:OE /CALLER:WINNT /user /install>  [File is missing]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{44BBA842-CC51-11CF-AAFA-00AA00B6015B}]
    <NetMeeting 3.01><rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msnetmtg.inf,NetMtg.Install.PerUser.NT>  [(Verified)Microsoft Windows Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{5945c046-1e7d-11d1-bc44-00c04fd912be}]
    <Windows Messenger 4.7><rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msmsgs.inf,BLC.QuietInstall.PerUser>  [(Verified)Microsoft Windows Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{6BF52A52-394A-11d3-B153-00C04F79FAA6}]
    <Microsoft Windows Media Player><rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\wmp.inf,PerUserStub>  [(Verified)Microsoft Windows Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{7790769C-0471-11d2-AF11-00C04FA35D02}]
    <通讯簿 6><"%ProgramFiles%\Outlook Express\setup50.exe" /APP:WAB /CALLER:WINNT /user /install>  [File is missing]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{89820200-ECBD-11cf-8B85-00AA005B4340}]
    <Windows 桌面更新><regsvr32.exe /s /n /i:U shell32.dll>  [(Verified)Microsoft Windows Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{89820200-ECBD-11cf-8B85-00AA005B4383}]
    <Internet Explorer 6><%SystemRoot%\system32\ie4uinit.exe>  [(Verified)Microsoft Windows Publisher]
[HKEY_CURRENT_USER\Control Panel\Desktop]
    <SCRNSAVE.EXE><C:\WINDOWS\system32\logon.scr>  [(Verified)Microsoft Windows Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    <360Safetray><; C:\Program Files\360safe\safemon\360Tray.exe /start>  [(Verified)Qizhi Software (beijing) Co. Ltd]
    <Adobe Reader Speed Launcher><; "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe">  [(Verified)"Adobe Systems, Incorporated"]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    <PC Suite Tray><; "C:\Program Files\Nokia\Nokia PC Suite 7\PCSuite.exe" -onlytray>  [Nokia]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    <SmartAudio><; C:\Program Files\CONEXANT\SmartAudio\SmartAudio.exe -c>  [Conexant]
gototop
 
clnlf2008
头像
初生襁褓狮
  • 帖子:36
  • 注册: 2006-08-02
  • 来自:
发表于: 2009-04-01 16:25 | 只看楼主 短消息 资料
字号: 4楼

回复:太奇怪了,求助!

==================================
启动文件夹
N/A

==================================
服务
[avast! iAVS4 Control Service / aswUpdSv][Running/Auto Start]
  <"C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe"><ALWIL Software>
[avast! Antivirus / avast! Antivirus][Running/Auto Start]
  <"C:\Program Files\Alwil Software\Avast4\ashServ.exe"><ALWIL Software>
[avast! Mail Scanner / avast! Mail Scanner][Running/Manual Start]
  <"C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service><ALWIL Software>
[avast! Web Scanner / avast! Web Scanner][Running/Manual Start]
  <"C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service><ALWIL Software>
[Human Interface Device Access / HidServ][Stopped/Disabled]
  <C:\WINDOWS\System32\svchost.exe -k netsvcs-->%SystemRoot%\System32\hidserv.dll><N/A>
[ServiceLayer / ServiceLayer][Running/Manual Start]
  <"C:\Program Files\PC Connectivity Solution\ServiceLayer.exe"><Nokia.>

==================================
驱动程序
[360AntiArp / 360AntiArp][Running/System Start]
  <\??\C:\WINDOWS\system32\drivers\360AntiArp.sys><360安全中心>
[Lenovo Virtual Power Controller Driver / ACPIVPC][Running/Manual Start]
  <system32\DRIVERS\AcpiVpc.sys><Lenovo Corporation>
[aswFsBlk / aswFsBlk][Running/Auto Start]
  <system32\DRIVERS\aswFsBlk.sys><ALWIL Software>
[Rising TDI Base Driver / BaseTDI][Running/Auto Start]
  <System32\DRIVERS\BaseTDI.SYS><Beijing Rising Technology Co., Ltd.>
[Broadcom 440x 10/100 Integrated Controller XP Driver / bcm4sbxp][Running/Manual Start]
  <system32\DRIVERS\bcm4sbxp.sys><Broadcom Corporation>
[Microsoft UAA Function Driver for High Definition Audio Service / HdAudAddService][Running/Manual Start]
  <system32\drivers\CHDAud.sys><Conexant Systems Inc.>
[Microsoft UAA Bus Driver for High Definition Audio / HDAudBus][Running/Manual Start]
  <system32\DRIVERS\HDAudBus.sys><Windows (R) Server 2003 DDK provider>
[HSFHWAZL / HSFHWAZL][Running/Manual Start]
  <system32\DRIVERS\HSFHWAZL.sys><Conexant Systems, Inc.>
[HSF_DPV / HSF_DPV][Running/Manual Start]
  <system32\DRIVERS\HSF_DPV.sys><Conexant Systems, Inc.>
[ialm / ialm][Running/Manual Start]
  <system32\DRIVERS\ialmnt5.sys><Intel Corporation>
[mdmxsdk / mdmxsdk][Running/Auto Start]
  <system32\DRIVERS\mdmxsdk.sys><Conexant>
[Nokia USB Phone Parent / nmwcd][Stopped/Manual Start]
  <system32\drivers\ccdcmb.sys><Nokia>
[Nokia USB Generic / nmwcdc][Stopped/Manual Start]
  <system32\drivers\ccdcmbo.sys><Nokia>
[Nokia USB Flashing Phone Parent / nmwcdnsu][Stopped/Manual Start]
  <system32\drivers\nmwcdnsu.sys><Nokia>
[Nokia USB Flashing Generic / nmwcdnsuc][Stopped/Manual Start]
  <system32\drivers\nmwcdnsuc.sys><Nokia>
[Netgroup Packet Filter / NPF][Stopped/Manual Start]
  <system32\drivers\npf.sys><Politecnico di Torino>
[DDK PACKET Protocol / Packet][Stopped/Manual Start]
  <system32\DRIVERS\ProtoDrv.sys><360安全中心>
[PCCS Mode Change Filter Driver / pccsmcfd][Stopped/Manual Start]
  <system32\DRIVERS\pccsmcfd.sys><Nokia>
[Direct Parallel Link Driver / Ptilink][Running/Manual Start]
  <system32\DRIVERS\ptilink.sys><Parallel Technologies, Inc.>
[SafeBoxKrnl / SafeBoxKrnl][Running/System Start]
  <\??\C:\WINDOWS\system32\drivers\SafeBoxKrnl.sys><360安全中心>
[Secdrv / Secdrv][Stopped/Manual Start]
  <system32\DRIVERS\secdrv.sys><Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.>
[TCP/IP Protocol Driver / Tcpip][Running/System Start]
  <system32\DRIVERS\tcpip.sys><Microsoft Corporation>
[tifm21 / tifm21][Running/Manual Start]
  <system32\drivers\tifm21.sys><Texas Instruments>
[Conexant Setup API / UIUSys][Stopped/Manual Start]
  <system32\DRIVERS\UIUSYS.SYS><Conexant Systems, Inc>
[upperdev / upperdev][Stopped/Manual Start]
  <system32\DRIVERS\usbser_lowerflt.sys><Windows (R) Codename Longhorn DDK provider>
[UsbserFilt / UsbserFilt][Stopped/Manual Start]
  <system32\DRIVERS\usbser_lowerfltj.sys><Windows (R) Codename Longhorn DDK provider>
[winachsf / winachsf][Running/Manual Start]
  <system32\DRIVERS\HSF_CNXT.sys><Conexant Systems, Inc.>
[360procmon / 360procmon][Running/Manual Start]
  <\??\C:\Program Files\360safe\safemon\360procmon.sys><>

==================================
浏览器加载项
[ThunderAtOnce Class]
  {01443AEC-0FD1-40fd-9C87-E93D1494C233} <C:\Program Files\Thunder Network\Thunder\ComDlls\TDAtOnce_Now.dll, (Signed) Thunder Networking Technologies,LTD>
[Adobe PDF Link Helper]
  {18DF081C-E8AD-4283-A596-FA578C2EBDC3} <C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll, (Signed) Adobe Systems Incorporated>
[Thunder Browser Helper]
  {889D2FEB-5411-4565-8998-1DD2C5261283} <C:\Program Files\Thunder Network\Thunder\ComDlls\xunleiBHO_Now.dll, (Signed) Thunder Networking Technologies,LTD>
[SafeMon Class]
  {B69F34DD-F0F9-42DC-9EDD-957187DA688D} <C:\Program Files\360safe\safemon\safemon.dll, (Signed) 360.CN>
[启动迅雷5]
  {09BA8F6D-CB54-424B-839C-C2A6C8E6B436} <C:\Program Files\Thunder Network\Thunder\Thunder.exe, (Signed) Thunder Networking Technologies,LTD>
[Messenger]
  {FB5F1910-F110-11d2-BB9E-00C04F795683} <C:\Program Files\Messenger\msmsgs.exe, (Signed) Microsoft Corporation>
[PhotoDrawEx Class]
  {05F5F404-7C24-4B39-B5CC-340CEDEB9C0D} <C:\WINDOWS\system32\QQPhotoDrawEx.dll, (Signed) TENCENT>
[EditCtrl Class]
  {488A4255-3236-44B3-8F27-FA1AECAA8844} <C:\WINDOWS\system32\aliedit\aliedit.dll, (Signed) >
[Uploader Control]
  {654921BB-4DEA-41C7-BA97-9A1A5CDA9C72} <C:\WINDOWS\system32\Uploader.ocx, 网易(杭州)网络有限公司>
[CCTVUpdateInstall]
  {AC414988-E5BB-4C2C-873B-EA53D2F3D23A} <C:\Documents and Settings\jxslglgs\Application Data\CCTV\tv\CCTVUpdateInstall.dll, (Signed) >
[Shockwave Flash Object]
  {D27CDB6E-AE6D-11CF-96B8-444553540000} <C:\WINDOWS\system32\Macromed\Flash\Flash10b.ocx, (Signed) Adobe Systems, Inc.>
[ThunderAtOnce Class]
  {01443AEC-0FD1-40FD-9C87-E93D1494C233} <C:\Program Files\Thunder Network\Thunder\ComDlls\TDAtOnce_Now.dll, (Signed) Thunder Networking Technologies,LTD>
[Thunder Browser Helper]
  {889D2FEB-5411-4565-8998-1DD2C5261283} <C:\Program Files\Thunder Network\Thunder\ComDlls\xunleiBHO_Now.dll, (Signed) Thunder Networking Technologies,LTD>
[SafeMon Class]
  {B69F34DD-F0F9-42DC-9EDD-957187DA688D} <C:\Program Files\360safe\safemon\safemon.dll, (Signed) 360.CN>
[&U使用纳米机器人下载并收藏]
  <C:\Program Files\NamiRobot\Data\du.html, N/A>
[使用迅雷下载]
  <C:\Program Files\Thunder Network\Thunder\Program\GetUrl.htm, N/A>
[使用迅雷下载全部链接]
  <C:\Program Files\Thunder Network\Thunder\Program\GetAllUrl.htm, N/A>

==================================
正在运行的进程
[PID: 640 / SYSTEM][\SystemRoot\System32\smss.exe]  [(Verified) Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 692 / SYSTEM][\??\C:\WINDOWS\system32\csrss.exe]  [(Verified) Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 716 / SYSTEM][\??\C:\WINDOWS\system32\winlogon.exe]  [(Verified) Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 760 / SYSTEM][C:\WINDOWS\system32\services.exe]  [(Verified) Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
    [C:\WINDOWS\AppPatch\AcGenral.DLL]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 772 / SYSTEM][C:\WINDOWS\system32\lsass.exe]  [(Verified) Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
    [C:\WINDOWS\AppPatch\AcGenral.DLL]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 944 / SYSTEM][C:\WINDOWS\system32\svchost.exe]  [(Verified) Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
    [C:\WINDOWS\AppPatch\AcGenral.DLL]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 1012 / NETWORK SERVICE][C:\WINDOWS\system32\svchost.exe]  [(Verified) Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
    [C:\WINDOWS\AppPatch\AcGenral.DLL]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 1100 / SYSTEM][C:\WINDOWS\System32\svchost.exe]  [(Verified) Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
    [C:\WINDOWS\AppPatch\AcGenral.DLL]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 1220 / NETWORK SERVICE][C:\WINDOWS\system32\svchost.exe]  [(Verified) Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
    [C:\WINDOWS\AppPatch\AcGenral.DLL]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 1256 / LOCAL SERVICE][C:\WINDOWS\system32\svchost.exe]  [(Verified) Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
    [C:\WINDOWS\AppPatch\AcGenral.DLL]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 1316 / SYSTEM][C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe]  [ALWIL Software, 4, 8, 1287, 0]
    [C:\Program Files\Alwil Software\Avast4\aswCmnS.dll]  [ALWIL Software, 4, 8, 1287, 0]
    [C:\Program Files\Alwil Software\Avast4\aswCmnOS.dll]  [ALWIL Software, 4, 8, 1287, 0]
    [C:\WINDOWS\system32\MSVCP71.dll]  [Microsoft Corporation, 7.10.3077.0]
    [C:\WINDOWS\system32\MSVCR71.dll]  [Microsoft Corporation, 7.10.3052.4]
    [C:\Program Files\Alwil Software\Avast4\aswCmnB.dll]  [ALWIL Software, 4, 8, 1287, 0]
[PID: 1368 / SYSTEM][C:\Program Files\Alwil Software\Avast4\ashServ.exe]  [ALWIL Software, 4, 8, 1287, 0]
    [C:\Program Files\Alwil Software\Avast4\aswAux.dll]  [ALWIL Software, 4, 8, 1287, 0]
    [C:\WINDOWS\system32\MSVCP71.dll]  [Microsoft Corporation, 7.10.3077.0]
    [C:\WINDOWS\system32\MSVCR71.dll]  [Microsoft Corporation, 7.10.3052.4]
    [C:\Program Files\Alwil Software\Avast4\aswCmnB.dll]  [ALWIL Software, 4, 8, 1287, 0]
    [C:\Program Files\Alwil Software\Avast4\aswCmnOS.dll]  [ALWIL Software, 4, 8, 1287, 0]
    [C:\Program Files\Alwil Software\Avast4\aswEngin.dll]  [ALWIL Software, 4, 8, 1287, 0]
    [C:\Program Files\Alwil Software\Avast4\aswScan.dll]  [ALWIL Software, 4, 8, 1287, 0]
    [C:\Program Files\Alwil Software\Avast4\aswCmnS.dll]  [ALWIL Software, 4, 8, 1287, 0]
    [C:\Program Files\Alwil Software\Avast4\ashBase.dll]  [ALWIL Software, 4, 8, 1287, 0]
    [C:\Program Files\Alwil Software\Avast4\ashTask.dll]  [ALWIL Software, 4, 8, 1287, 0]
    [C:\Program Files\Alwil Software\Avast4\aswInteg.dll]  [ALWIL Software, 4, 8, 1287, 0]
    [C:\Program Files\Alwil Software\Avast4\aswIdle.dll]  [ALWIL Software, 4, 8, 1287, 0]
    [C:\Program Files\Alwil Software\Avast4\Aavm4h.dll]  [ALWIL Software, 4, 8, 1287, 0]
    [C:\Program Files\Alwil Software\Avast4\AavmRpch.dll]  [ALWIL Software, 4, 8, 1287, 0]
    [C:\Program Files\Alwil Software\Avast4\ChineseS\Base.dll]  [ALWIL Software, 4, 8, 1287, 0]
    [C:\Program Files\Alwil Software\Avast4\AhResJs.dll]  [ALWIL Software, 4, 8, 1287, 0]
    [C:\Program Files\Alwil Software\Avast4\AhResMai.dll]  [ALWIL Software, 4, 8, 1287, 0]
    [C:\Program Files\Alwil Software\Avast4\ahResMes.dll]  [ALWIL Software, 4, 8, 1287, 0]
    [C:\Program Files\Alwil Software\Avast4\AhResNS.dll]  [ALWIL Software, 4, 8, 1287, 0]
    [C:\Program Files\Alwil Software\Avast4\AhResOut.dll]  [ALWIL Software, 4, 8, 1287, 0]
    [C:\Program Files\Alwil Software\Avast4\ahResP2P.dll]  [ALWIL Software, 4, 8, 1287, 0]
    [C:\Program Files\Alwil Software\Avast4\AhResStd.dll]  [ALWIL Software, 4, 8, 1287, 0]
    [C:\Program Files\Alwil Software\Avast4\AhResWS.dll]  [ALWIL Software, 4, 8, 1287, 0]
    [C:\Program Files\Alwil Software\Avast4\ashSSqlt.dll]  [ALWIL Software, 4, 8, 1287, 0]
    [C:\Program Files\Alwil Software\Avast4\AhJsctNs.dll]  [ALWIL Software, 4, 8, 1287, 0]
    [C:\Program Files\Alwil Software\Avast4\aswRes.dll]  [ALWIL Software, 4, 8, 1287, 0]
[PID: 1600 / jxslglgs][C:\WINDOWS\Explorer.EXE]  [(Verified) Microsoft Corporation, 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)]
    [C:\WINDOWS\AppPatch\AcGenral.DLL]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
    [C:\Program Files\Alwil Software\Avast4\AhJsctNs.dll]  [ALWIL Software, 4, 8, 1287, 0]
    [C:\Program Files\Thunder Network\Thunder\ComDlls\xunleiBHO_Now.dll]  [Thunder Networking Technologies,LTD, 5, 0, 8, 120]
    [C:\Program Files\Thunder Network\Thunder\Components\ResWorker\DsBho_00.dll]  [Thunder Networking Technologies,LTD, 1, 0, 0, 20]
    [C:\Program Files\Thunder Network\Thunder\Components\ResWorker\DataProcessor_00.dll]  [Thunder Networking Technologies,LTD, 1, 0, 0, 16]
    [C:\WINDOWS\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_6b128700\MSVCR80.dll]  [Microsoft Corporation, 8.00.50727.762]
    [C:\Program Files\360safe\safemon\safemon.dll]  [360.CN, 5, 0, 0, 1007]
    [C:\Program Files\Nokia\Nokia PC Suite 7\phonebrowser.dll]  [Nokia, 7, 0, 103, 0]
    [C:\Program Files\Nokia\Nokia PC Suite 7\NGSCM.DLL]  [Nokia, 7, 0, 140, 6]
    [C:\WINDOWS\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_6b128700\MSVCP80.dll]  [Microsoft Corporation, 8.00.50727.762]
    [C:\Program Files\Nokia\Nokia PC Suite 7\Lang\PhoneBrowser_chi-sc.nlr]  [Nokia, 7, 0, 64, 0]
    [C:\Program Files\Nokia\Nokia PC Suite 7\Resource\PhoneBrowser_Nokia.ngr]  [Nokia, 7, 0, 20, 0]
    [C:\Program Files\Thunder Network\Thunder\ComDlls\TDAtOnce_Now.dll]  [Thunder Networking Technologies,LTD, 1.0.5.34]
    [C:\WINDOWS\system32\MSVCP71.dll]  [Microsoft Corporation, 7.10.3077.0]
    [C:\WINDOWS\system32\MSVCR71.dll]  [Microsoft Corporation, 7.10.3052.4]
gototop
 
clnlf2008
头像
初生襁褓狮
  • 帖子:36
  • 注册: 2006-08-02
  • 来自:
发表于: 2009-04-01 16:28 | 只看楼主 短消息 资料
字号: 5楼

回复:太奇怪了,求助!

[C:\Program Files\Alwil Software\Avast4\aswCmnOS.dll]  [ALWIL Software, 4, 8, 1287, 0]
    [C:\Program Files\Alwil Software\Avast4\aswCmnB.dll]  [ALWIL Software, 4, 8, 1287, 0]
    [C:\Program Files\Alwil Software\Avast4\aswCmnS.dll]  [ALWIL Software, 4, 8, 1287, 0]
    [C:\Program Files\Alwil Software\Avast4\Aavm4h.dll]  [ALWIL Software, 4, 8, 1287, 0]
    [C:\Program Files\Alwil Software\Avast4\AavmRpch.dll]  [ALWIL Software, 4, 8, 1287, 0]
    [C:\Program Files\Alwil Software\Avast4\ashTask.dll]  [ALWIL Software, 4, 8, 1287, 0]
    [C:\Program Files\Alwil Software\Avast4\aswAux.dll]  [ALWIL Software, 4, 8, 1287, 0]
    [C:\Program Files\Alwil Software\Avast4\ChineseS\Base.dll]  [ALWIL Software, 4, 8, 1287, 0]
    [C:\Program Files\Alwil Software\Avast4\aswEngin.dll]  [ALWIL Software, 4, 8, 1287, 0]
    [C:\Program Files\Alwil Software\Avast4\aswScan.dll]  [ALWIL Software, 4, 8, 1287, 0]
    [C:\Program Files\Alwil Software\Avast4\ashWsFtr.dll]  [ALWIL Software, 4, 8, 1287, 0]
    [C:\PROGRA~1\ALWILS~1\Avast4\AhResWs.dll]  [ALWIL Software, 4, 8, 1287, 0]
[PID: 2176 / SYSTEM][C:\Program Files\PC Connectivity Solution\ServiceLayer.exe]  [Nokia., 7, 0, 13, 0]
    [C:\Program Files\PC Connectivity Solution\PCCS_DBEngine.dll]  [Nokia, 7, 0, 0, 0]
    [C:\Program Files\Alwil Software\Avast4\AhJsctNs.dll]  [ALWIL Software, 4, 8, 1287, 0]
[PID: 2612 / LOCAL SERVICE][C:\WINDOWS\System32\alg.exe]  [(Verified) Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
    [C:\WINDOWS\AppPatch\AcGenral.DLL]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 2932 / SYSTEM][C:\Program Files\PC Connectivity Solution\Transports\NclUSBSrv.exe]  [, 7, 0, 5, 0]
    [C:\Program Files\Alwil Software\Avast4\AhJsctNs.dll]  [ALWIL Software, 4, 8, 1287, 0]
[PID: 2960 / SYSTEM][C:\Program Files\PC Connectivity Solution\Transports\NclRSSrv.exe]  [, 7, 0, 1, 0]
    [C:\Program Files\Alwil Software\Avast4\AhJsctNs.dll]  [ALWIL Software, 4, 8, 1287, 0]
[PID: 3428 / jxslglgs][D:\杂件\HFQQ2008-0415\HFQQ2008-0415\QQ.exe]  [TENCENT, 8,0,775,1803]
    [D:\杂件\HFQQ2008-0415\HFQQ2008-0415\QQHelperDll.dll]  [TENCENT, 8,0,775,1803]
    [D:\杂件\HFQQ2008-0415\HFQQ2008-0415\BasicCtrlDll.dll]  [TENCENT, 8,0,775,1803]
    [D:\杂件\HFQQ2008-0415\HFQQ2008-0415\MSIMG32.dll]  [N/A, ]
    [D:\杂件\HFQQ2008-0415\HFQQ2008-0415\QQBaseClassInDll.dll]  [TENCENT, 8,0,775,1803]
    [C:\Program Files\Alwil Software\Avast4\AhJsctNs.dll]  [ALWIL Software, 4, 8, 1287, 0]
    [D:\杂件\HFQQ2008-0415\HFQQ2008-0415\FinePlus.dll]  [N/A, ]
    [D:\杂件\HFQQ2008-0415\HFQQ2008-0415\fphelper.dll]  [N/A, ]
    [D:\杂件\HFQQ2008-0415\HFQQ2008-0415\QQAPI.dll]  [TENCENT, 8,0,775,1803]
    [D:\杂件\HFQQ2008-0415\HFQQ2008-0415\QQRes.dll]  [TENCENT, 8,0,775,1803]
    [D:\杂件\HFQQ2008-0415\HFQQ2008-0415\WizardCtrl.dll]  [TENCENT, 8,0,775,1803]
    [D:\杂件\HFQQ2008-0415\HFQQ2008-0415\QQMainFrame.dll]  [N/A, ]
    [D:\杂件\HFQQ2008-0415\HFQQ2008-0415\LoginCtrl.dll]  [TENCENT, 8,0,775,1803]
    [D:\杂件\HFQQ2008-0415\HFQQ2008-0415\LoginCtrlRes.dll]  [TENCENT, 8,0,775,1803]
    [D:\杂件\HFQQ2008-0415\HFQQ2008-0415\QQPlugin.dll]  [N/A, ]
    [D:\杂件\HFQQ2008-0415\HFQQ2008-0415\UnReadMsgMgr.dll]  [N/A, ]
    [D:\杂件\HFQQ2008-0415\HFQQ2008-0415\CQQApplication.dll]  [N/A, ]
    [D:\杂件\HFQQ2008-0415\HFQQ2008-0415\FlashAvatarDll.dll]  [, 1, 4, 0, 1]
    [D:\杂件\HFQQ2008-0415\HFQQ2008-0415\NewSkin.dll]  [TENCENT, 8,0,775,1803]
    [D:\杂件\HFQQ2008-0415\HFQQ2008-0415\MailSummary.dll]  [TENCENT, 8,0,775,1803]
    [D:\杂件\HFQQ2008-0415\HFQQ2008-0415\QQSpace.dll]  [TENCENT, 8,0,775,1803]
    [D:\杂件\HFQQ2008-0415\HFQQ2008-0415\vbscript.dll]  [N/A, ]
    [D:\杂件\HFQQ2008-0415\HFQQ2008-0415\aqing.dll]  [Microsoft Corporation, 5.6.0.8825]
    [C:\WINDOWS\system32\msdmo.dll]  [, ]
    [D:\杂件\HFQQ2008-0415\HFQQ2008-0415\QQKnowledgeSearch.dll]  [TENCENT, 8,0,775,1803]
    [D:\杂件\HFQQ2008-0415\HFQQ2008-0415\OEMApplication.dll]  [TENCENT, 8,0,775,1803]
    [D:\杂件\HFQQ2008-0415\HFQQ2008-0415\QQGroupMng.dll]  [TENCENT, 8,0,775,1803]
    [D:\杂件\HFQQ2008-0415\HFQQ2008-0415\QQAllInOne.dll]  [TENCENT, 8,0,775,1803]
    [D:\杂件\HFQQ2008-0415\HFQQ2008-0415\SCCore.dll]  [TENCENT, 1, 6, 0, 2]
    [D:\杂件\HFQQ2008-0415\HFQQ2008-0415\CameraDll.dll]  [TENCENT, 8,0,775,1803]
    [D:\杂件\HFQQ2008-0415\HFQQ2008-0415\QQPet.dll]  [TENCENT, 8,0,775,1803]
    [D:\杂件\HFQQ2008-0415\HFQQ2008-0415\QQSysMsgMng.dll]  [N/A, ]
    [D:\杂件\HFQQ2008-0415\HFQQ2008-0415\UserDefinedHead.dll]  [TENCENT, 8,0,775,1803]
    [D:\杂件\HFQQ2008-0415\HFQQ2008-0415\QQConfigPlugin.dll]  [TENCENT, 8,0,775,1803]
    [D:\杂件\HFQQ2008-0415\HFQQ2008-0415\QQCustomFace.dll]  [N/A, ]
    [D:\杂件\HFQQ2008-0415\HFQQ2008-0415\QRingMng.dll]  [N/A, ]
    [D:\杂件\HFQQ2008-0415\HFQQ2008-0415\QQAvatar.dll]  [N/A, ]
    [D:\杂件\HFQQ2008-0415\HFQQ2008-0415\LongConnection.dll]  [TENCENT, 8,0,775,1803]
    [D:\杂件\HFQQ2008-0415\HFQQ2008-0415\PhoneAPI.dll]  [TENCENT, 8,0,775,1803]
    [D:\杂件\HFQQ2008-0415\HFQQ2008-0415\DialerAllinOne.dll]  [tencent, 1, 4, 0, 0]
    [D:\杂件\HFQQ2008-0415\HFQQ2008-0415\ImageOle.dll]  [TENCENT, 8,0,775,1803]
    [D:\杂件\HFQQ2008-0415\HFQQ2008-0415\QQLiveQMng.dll]  [TENCENT, 8,0,775,1803]
    [C:\Program Files\Alwil Software\Avast4\AhAScr.dll]  [ALWIL Software, 4, 8, 1287, 0]
    [C:\PROGRA~1\ALWILS~1\Avast4\Aavm4h.dll]  [ALWIL Software, 4, 8, 1287, 0]
    [C:\PROGRA~1\ALWILS~1\Avast4\AavmRpch.dll]  [ALWIL Software, 4, 8, 1287, 0]
    [C:\WINDOWS\system32\MSVCR71.dll]  [Microsoft Corporation, 7.10.3052.4]
    [C:\PROGRA~1\ALWILS~1\Avast4\ashBase.dll]  [ALWIL Software, 4, 8, 1287, 0]
    [C:\WINDOWS\system32\MSVCP71.dll]  [Microsoft Corporation, 7.10.3077.0]
    [C:\PROGRA~1\ALWILS~1\Avast4\aswCmnOS.dll]  [ALWIL Software, 4, 8, 1287, 0]
    [C:\PROGRA~1\ALWILS~1\Avast4\aswCmnB.dll]  [ALWIL Software, 4, 8, 1287, 0]
    [C:\PROGRA~1\ALWILS~1\Avast4\aswCmnS.dll]  [ALWIL Software, 4, 8, 1287, 0]
    [C:\PROGRA~1\ALWILS~1\Avast4\ashTask.dll]  [ALWIL Software, 4, 8, 1287, 0]
    [C:\PROGRA~1\ALWILS~1\Avast4\aswAux.dll]  [ALWIL Software, 4, 8, 1287, 0]
    [D:\杂件\HFQQ2008-0415\HFQQ2008-0415\GroupConnection.dll]  [TENCENT, 8,0,775,1803]
    [D:\杂件\HFQQ2008-0415\HFQQ2008-0415\BQQApplication.dll]  [N/A, ]
    [D:\杂件\HFQQ2008-0415\HFQQ2008-0415\PersonalDesktop.dll]  [TENCENT, 8,0,775,1803]
    [D:\杂件\HFQQ2008-0415\HFQQ2008-0415\QQSceneMng.dll]  [N/A, ]
    [C:\WINDOWS\system32\CHENHU4.IME]  [chenhu, 5.8]
    [C:\WINDOWS\system32\WN.IME]  [深圳世强软件开发部 www.wn51.com, 2008, 3, 20, 1]
    [C:\Program Files\ShiQiang\wnime\Dll32\wnpy_StatusWnd.dll]  [深圳世强软件开发部 www.wn51.com, 2008, 3, 20, 1]
    [C:\Program Files\ShiQiang\wnime\Dll32\wnpy_CompWnd.dll]  [深圳世强软件开发部 www.wn51.com, 2008, 3, 20, 1]
    [C:\Program Files\ShiQiang\wnime\Dll32\wnpy_Query.dll]  [深圳世强软件开发部 www.wn51.com, 2008, 3, 20, 1]
    [C:\Program Files\ShiQiang\wnime\dll32\UserActionInfo.dll]  [深圳世强软件开发部 www.wn51.com, 2008.6.20.1]
    [D:\杂件\HFQQ2008-0415\HFQQ2008-0415\CommercesMng.dll]  [TENCENT, 8,0,775,1803]
    [D:\杂件\HFQQ2008-0415\HFQQ2008-0415\QQAddr.dll]  [深圳市腾讯计算机系统有限公司, 5, 0, 101, 330]
    [D:\杂件\HFQQ2008-0415\HFQQ2008-0415\QQMagicFace.dll]  [TENCENT, 8,0,775,1803]
    [D:\杂件\HFQQ2008-0415\HFQQ2008-0415\QQFileTransfer.dll]  [TENCENT, 8,0,775,1803]
    [D:\杂件\HFQQ2008-0415\HFQQ2008-0415\AddrSearch.dll]  [腾讯科技(深圳)有限公司, 2, 0, 1, 10]
    [C:\Program Files\360safe\safemon\safemon.dll]  [360.CN, 5, 0, 0, 1007]
    [C:\WINDOWS\system32\Macromed\Flash\Flash10b.ocx]  [Adobe Systems, Inc., 10,0,22,87]
[PID: 3488 / jxslglgs][D:\杂件\HFQQ2008-0415\HFQQ2008-0415\TXPlatform.exe]  [Tencent, 1, 0, 170, 0]
    [C:\Program Files\Alwil Software\Avast4\AhJsctNs.dll]  [ALWIL Software, 4, 8, 1287, 0]
[PID: 3700 / jxslglgs][E:\下载软件\江南证券大智慧\internet\hypwise.exe]  [大智慧, 1, 0, 0, 1]
    [E:\下载软件\江南证券大智慧\internet\MFC42.DLL]  [Microsoft Corporation, 6.00.8447.0]
    [C:\Program Files\Alwil Software\Avast4\AhJsctNs.dll]  [ALWIL Software, 4, 8, 1287, 0]
[PID: 1200 / jxslglgs][C:\Program Files\Maxthon\Maxthon.exe]  [Maxthon International Ltd., 1, 6, 5, 18]
    [C:\Program Files\Maxthon\maxzlib.dll]  [ , 1, 0, 0, 2]
    [C:\Program Files\360safe\safemon\safemon.dll]  [360.CN, 5, 0, 0, 1007]
    [C:\Program Files\Alwil Software\Avast4\AhJsctNs.dll]  [ALWIL Software, 4, 8, 1287, 0]
    [C:\Program Files\Maxthon\Services\RealTime\real_time.dll]  [, 1, 0, 0, 1]
    [C:\Program Files\Alwil Software\Avast4\AhAScr.dll]  [ALWIL Software, 4, 8, 1287, 0]
    [C:\PROGRA~1\ALWILS~1\Avast4\Aavm4h.dll]  [ALWIL Software, 4, 8, 1287, 0]
    [C:\PROGRA~1\ALWILS~1\Avast4\AavmRpch.dll]  [ALWIL Software, 4, 8, 1287, 0]
    [C:\WINDOWS\system32\MSVCR71.dll]  [Microsoft Corporation, 7.10.3052.4]
    [C:\PROGRA~1\ALWILS~1\Avast4\ashBase.dll]  [ALWIL Software, 4, 8, 1287, 0]
    [C:\WINDOWS\system32\MSVCP71.dll]  [Microsoft Corporation, 7.10.3077.0]
    [C:\PROGRA~1\ALWILS~1\Avast4\aswCmnOS.dll]  [ALWIL Software, 4, 8, 1287, 0]
    [C:\PROGRA~1\ALWILS~1\Avast4\aswCmnB.dll]  [ALWIL Software, 4, 8, 1287, 0]
    [C:\PROGRA~1\ALWILS~1\Avast4\aswCmnS.dll]  [ALWIL Software, 4, 8, 1287, 0]
    [C:\PROGRA~1\ALWILS~1\Avast4\ashTask.dll]  [ALWIL Software, 4, 8, 1287, 0]
    [C:\PROGRA~1\ALWILS~1\Avast4\aswAux.dll]  [ALWIL Software, 4, 8, 1287, 0]
    [C:\WINDOWS\system32\Macromed\Flash\Flash10b.ocx]  [Adobe Systems, Inc., 10,0,22,87]
[PID: 1884 / jxslglgs][E:\下载软件\sreng2\SREngLdr.EXE]  [Smallfrogs Studio, 2.7.0.1210]
[PID: 1612 / jxslglgs][E:\下载软件\sreng2\SREb9cde47b.EXE]  [Smallfrogs Studio, 2.7.0.1210]
    [C:\Program Files\360safe\safemon\safemon.dll]  [360.CN, 5, 0, 0, 1007]
    [C:\Program Files\Alwil Software\Avast4\AhJsctNs.dll]  [ALWIL Software, 4, 8, 1287, 0]
    [E:\下载软件\sreng2\Upload\3rdUpd.DLL]  [Smallfrogs Studio, 2, 1, 0, 15]

==================================
文件关联
.TXT  OK. [%SystemRoot%\system32\NOTEPAD.EXE %1]
.EXE  OK. ["%1" %*]
.COM  OK. ["%1" %*]
.PIF  OK. ["%1" %*]
.REG  OK. [regedit.exe "%1"]
.BAT  OK. ["%1" %*]
.SCR  OK. ["%1" /S]
.CHM  OK. ["C:\WINDOWS\hh.exe" %1]
.HLP  OK. [%SystemRoot%\System32\winhlp32.exe %1]
.INI  OK. [%SystemRoot%\system32\NOTEPAD.EXE %1]
.INF  OK. [%SystemRoot%\System32\NOTEPAD.EXE %1]
.VBS  OK. [%SystemRoot%\System32\WScript.exe "%1" %*]
.JS  OK. [%SystemRoot%\System32\WScript.exe "%1" %*]
.LNK  OK. [{00021401-0000-0000-C000-000000000046}]

==================================
Winsock 提供者
N/A

==================================
Autorun.inf
N/A

==================================
HOSTS 文件
127.0.0.1      localhost
127.0.0.1        yu.8s7.net
127.0.0.1        2.joppnqq.com
127.0.0.1        wg.47255.com
127.0.0.1        1.joppnqq.com
127.0.0.1        xxx.m111.biz
127.0.0.1        1.jopenqc.com
127.0.0.1        1.jopenkk.com
127.0.0.1        xxx.vh7.biz
127.0.0.1        xxx.j41m.com
127.0.0.1        3.joppnqq.com
127.0.0.1        d.93se.com
127.0.0.1        www.868wg.com
127.0.0.1        xxx.mmma.biz
127.0.0.1        ilove.com
127.0.0.1        tp.shpzhan.cn
127.0.0.1        www.tomwg.com
127.0.0.1        www.cike007.cn
127.0.0.1        www.22aaa.com
127.0.0.1        xx.exiao01.com
127.0.0.1        www.exiao01.com
127.0.0.1        www.exiao01.com
127.0.0.1        new.749571.com
127.0.0.1        xtx.kv8.info
127.0.0.1        cao.kv8.info
127.0.0.1        down.malasc.cn

==================================
进程特权扫描
特殊特权被允许: SeLoadDriverPrivilege [PID = 252, C:\PROGRAM FILES\LENOVO\ENERGYCUT\UTILTY.EXE]
特殊特权被允许: SeLoadDriverPrivilege [PID = 2932, C:\PROGRAM FILES\PC CONNECTIVITY SOLUTION\TRANSPORTS\NCLUSBSRV.EXE]
gototop
 
帅哥阿福
头像
雄霸杖朝狮
  • 帖子:21071
  • 注册: 2006-03-29
  • 来自:米兰
论坛8周年活动礼物祖国六十华诞09欢乐圣诞
发表于: 2009-04-01 16:34 | 短消息 资料
字号: 6楼

回复:太奇怪了,求助!

日志无可疑进程。
hosts文件被修改了,可使用卡卡助手高级工具-系统修复来恢复。
下次记得日志作为附件上发,这么看太费劲了。
╭∩╮(︶︿︶)╭∩╮
gototop
 
clnlf2008
头像
初生襁褓狮
  • 帖子:36
  • 注册: 2006-08-02
  • 来自:
发表于: 2009-04-01 16:39 | 只看楼主 短消息 资料
字号: 7楼

回复:太奇怪了,求助!

谢谢楼上兄弟!
gototop
 
<<上一主题|下一主题>>
1   1  /  1  页   跳转
页面顶部
Powered by Discuz!NT