1   1  /  1  页   跳转

求帮助``中了很多病毒``谢谢了

收藏
老进不了啊
头像
初生襁褓狮
  • 帖子:34
  • 注册: 2005-01-27
  • 来自:
发表于: 2007-10-13 18:05 | 显示全部 短消息 资料
字号: 1楼

求帮助``中了很多病毒``谢谢了

启动项目
注册表
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
    <Skype><; "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized>  [(Verified)Skype Technologies SA]
[HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows]
    <load><>  [N/A]
    <run><>  [N/A]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
    <Synchronization Manager><mobsync.exe /logon>  [(Verified)Microsoft Windows 2000 Publisher]
    <360Safetray><C:\Program Files\360safe\safemon\360tray.exe /start>  [奇虎网]
    <runeip><"C:\Program Files\Rising\AntiSpyware\runiep.exe" /startup>  [Beijing Rising Technology Co., Ltd.]
    <WinSysM><C:\WINNT\IGM.exe>  []
    <WinSys><C:\WINNT\IGW.exe>  []
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
    <shell><Explorer.exe>  [(Verified)Microsoft Windows 2000 Publisher]
    <Userinit><C:\WINNT\system32\userinit.exe,>  [(Verified)Microsoft Windows 2000 Publisher]
    <GinaDLL><C:\WINNT\system32\awgina.dll>  [Symantec Corporation]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\NavLogon]
    <WinlogonNotify: NavLogon><C:\WINNT\system32\NavLogon.dll>  []
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\>{26923b43-4d38-484f-9b9e-de460746276c}]
    <Internet Explorer 访问><"C:\WINNT\System32\shmgrate.exe" OCInstallUserConfigIE>  [N/A]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\>{881dd1c5-3dcf-431b-b061-f3f88e8be88a}]
    <Outlook Express 访问><"C:\WINNT\System32\shmgrate.exe" OCInstallUserConfigOE>  [N/A]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{22d6f312-b0f6-11d0-94ab-0080c74c7e95}]
    <Microsoft Windows Media Player 6.4><rundll32.exe advpack.dll,LaunchINFSection C:\WINNT\INF\mplayer2.inf,PerUserStub.NT>  [(Verified)Microsoft Windows 2000 Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{44BBA840-CC51-11CF-AAFA-00AA00B6015C}]
    <Microsoft Outlook Express 6><"%ProgramFiles%\Outlook Express\setup50.exe" /APP:OE /CALLER:WINNT /user /install>  [N/A]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{44BBA842-CC51-11CF-AAFA-00AA00B6015B}]
    <NetMeeting 3.01><rundll32.exe advpack.dll,LaunchINFSection C:\WINNT\INF\msnetmtg.inf,NetMtg.Install.PerUser.NT>  [(Verified)Microsoft Windows 2000 Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{7790769C-0471-11d2-AF11-00C04FA35D02}]
    <Address Book 5><"%ProgramFiles%\Outlook Express\setup50.exe" /APP:WAB /CALLER:WINNT /user /install>  [N/A]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{9EF0045A-CDD9-438e-95E6-02B9AFEC8E11}]
    <CRLUpdate><%SystemRoot%\system32\updcrl.exe -e -u %SystemRoot%\system32\verisignpub1.crl>  [N/A]
[HKEY_CURRENT_USER\Control Panel\Desktop]
    <SCRNSAVE.EXE><C:\WINNT\system32\ssbezier.scr>  [(Verified)Microsoft Windows 2000 Publisher]

==================================

[用户系统信息]Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.0)
最后编辑2007-10-13 18:05:12
分享到:
gototop
 
老进不了啊
头像
初生襁褓狮
  • 帖子:34
  • 注册: 2005-01-27
  • 来自:
发表于: 2007-10-13 18:12 | 显示全部 短消息 资料
字号: 2楼

服务
[4643EB8C / 4643EB8C][Stopped/Auto Start]
  <C:\WINNT\system32\B0482256.EXE -k><N/A>
[pcAnywhere Host Service / awhost32][Running/Auto Start]
  <C:\Program Files\Symantec\pcAnywhere\awhost32.exe><Symantec Corporation>
[DefWatch / DefWatch][Running/Auto Start]
  <C:\PROGRA~1\SYMANT~1\SYMANT~1\DefWatch.exe><Symantec Corporation>
[Logical Disk Manager Administrative Service / dmadmin][Stopped/Manual Start]
  <C:\WINNT\System32\dmadmin.exe /com><VERITAS Software Corp.>
[hutptp / hutptp][Running/Auto Start]
  <C:\WINNT\system32\svchost.exe -k hutptp-->%SystemRoot%\System32\ojtibk.dll><N/A>
[Symantec AntiVirus Client / Norton AntiVirus Server][Running/Auto Start]
  <C:\PROGRA~1\SYMANT~1\SYMANT~1\Rtvscan.exe><Symantec Corporation>
[Numeric dsts processo / Numeric dsts processo][Stopped/Auto Start]
  <C:\WINNT\Numeric><N/A>
[SonicWall VPN Client Service / RampartSvc][Stopped/Manual Start]
  <C:\Program Files\SonicWALL\SonicWALL Global VPN Client\RampartSvc.exe><>
[SmartLinkService / SLService][Running/Auto Start]
  <slserv.exe><>
[WebComitoins / WebComitoins][Running/Auto Start]
  <C:\Program Files\Windows Media Player\splayer.exe><N/A>
[Telephotsgoogle / Winownes][Stopped/Auto Start]
  <C:\WINNT\system32\sedrsvedt.exe><N/A>
gototop
 
老进不了啊
头像
初生襁褓狮
  • 帖子:34
  • 注册: 2005-01-27
  • 来自:
发表于: 2007-10-13 18:12 | 显示全部 短消息 资料
字号: 3楼

驱动程序
[Service for Realtek AC97 Audio (WDM) / ALCXWDM][Running/Manual Start]
  <system32\drivers\ALCXWDM.SYS><Realtek Semiconductor Corp.>
[at3yi / at3yi1][Running/Boot Start]
  <\SystemRoot\System32\DRIVERS\at3yi1.sys><N/A>
[awlegacy / awlegacy][Running/System Start]
  <\SystemRoot\System32\Drivers\awlegacy.sys><Symantec Corporation>
[AW_HOST / AW_HOST][Running/System Start]
  <system32\drivers\aw_host5.sys><Symantec Corporation>
[DM9601 USB To Fast Ethernet Adapter / DM9USB][Running/Manual Start]
  <system32\DRIVERS\dm9usb.sys><DAVICOM Semiconductor, Inc.>
[dmboot / dmboot][Stopped/Disabled]
  <System32\drivers\dmboot.sys><VERITAS Software Corp.>
[Logical Disk Manager Driver / dmio][Running/Boot Start]
  <\SystemRoot\System32\drivers\dmio.sys><VERITAS Software Corp.>
[dmload / dmload][Running/Boot Start]
  <\SystemRoot\System32\drivers\dmload.sys><VERITAS Software Corp.>
[Deterministic Network Enhancer Miniport / DNE][Running/Manual Start]
  <system32\DRIVERS\dne2000.sys><Deterministic Networks, Inc.>
[WAN Miniport Driver For PPPoE Protocol / GNetPPPoE][Running/Manual Start]
  <system32\DRIVERS\PPPoE.SYS><Guangdong Data Communications Network Co.Ltd.>
[gw0o9bkh / gw0o9bkh][Stopped/Auto Start]
  <\??\C:\WINNT\system32\drivers\gw0o9bkh.sys><N/A>
[ialm / ialm][Running/Manual Start]
  <system32\DRIVERS\ialmnt5.sys><Intel Corporation>
[Mtlmnt5 / Mtlmnt5][Stopped/Manual Start]
  <system32\DRIVERS\Mtlmnt5.sys><>
[Mtlstrm / Mtlstrm][Stopped/Manual Start]
  <system32\DRIVERS\Mtlstrm.sys><>
[NAVAP / NAVAP][Running/Manual Start]
  <\??\C:\PROGRA~1\SYMANT~1\SYMANT~1\NAVAP.sys><Symantec Corporation>
[NAVAPEL / NAVAPEL][Running/Auto Start]
  <\??\C:\Program Files\Symantec_Client_Security\Symantec AntiVirus\NAVAPEL.SYS><Symantec Corporation>
[NAVENG / NAVENG][Running/Manual Start]
  <\??\C:\PROGRA~1\COMMON~1\SYMANT~1\VIRUSD~1\20070921.002\NAVENG.sys><Symantec Corporation>
[NAVEX15 / NAVEX15][Running/Manual Start]
  <\??\C:\PROGRA~1\COMMON~1\SYMANT~1\VIRUSD~1\20070921.002\NAVEX15.sys><Symantec Corporation>
[NtMtlFax / NtMtlFax][Stopped/Manual Start]
  <system32\DRIVERS\NtMtlFax.sys><>
[protectorservice / protectorservice][Stopped/Manual Start]
  <\??\C:\Program Files\Internet Explorer\protector.sys><N/A>
[Direct Parallel Link Driver / Ptilink][Running/Manual Start]
  <System32\DRIVERS\ptilink.sys><Parallel Technologies, Inc.>
[SonicWALL IPsec Driver / RCFOX][Running/Auto Start]
  <\??\C:\WINNT\system32\Drivers\RCFOX.sys><SonicWALL, Inc.>
[SonicWALL VPN Adapter / rcvpn][Running/Manual Start]
  <system32\DRIVERS\rcvpn.sys><SonicWALL, Inc.>
[RecAgent / RecAgent][Stopped/Manual Start]
  <\??\C:\WINNT\system32\DRIVERS\RecAgent.sys><>
[RsAntiSpyware / RsAntiSpyware][Running/Boot Start]
  <\SystemRoot\system32\drivers\RsBoot.sys><Beijing Rising Technology Co., Ltd.>
[Realtek RTL8139-based PCI Fast Ethernet Adapter NT Driver / rtl8139][Running/Manual Start]
  <System32\DRIVERS\RTL8139.SYS><Realtek Semiconductor Corporation>
[SmartLink AMR_PCI Driver / Slntamr][Stopped/Manual Start]
  <system32\DRIVERS\slntamr.sys><>
[SlNtHal / SlNtHal][Stopped/Manual Start]
  <system32\DRIVERS\Slnthal.sys><>
[SlWdmSup / SlWdmSup][Stopped/Manual Start]
  <system32\DRIVERS\SlWdmSup.sys><Vireo Software>
[SymEvent / SymEvent][Running/Manual Start]
  <\??\C:\PROGRA~1\Symantec\SYMEVENT.SYS><Symantec Corporation>
[yutptpud / yutptpud][Running/Auto Start]
  <\??\C:\WINNT\system32\drivers\ojtibk.sys><N/A>
[ZT6688 USB To Fast Ethernet Adapter / ZT6688][Stopped/Manual Start]
  <system32\DRIVERS\ZT6688.sys><DAVICOM Semiconductor, Inc.>
[Intel(R) Graphics Platform (SoftBIOS) Driver / {6080A529-897E-4629-A488-ABA0C29B635E}][Running/Manual Start]
  <system32\drivers\ialmsbw.sys><Intel Corporation>
[Intel(R) Graphics Chipset (KCH) Driver / {D31A0762-0CEB-444e-ACFF-B049A1F6FE91}][Running/Manual Start]
  <system32\drivers\ialmkchw.sys><Intel Corporation>

==================================
gototop
 
老进不了啊
头像
初生襁褓狮
  • 帖子:34
  • 注册: 2005-01-27
  • 来自:
发表于: 2007-10-13 18:15 | 显示全部 短消息 资料
字号: 4楼

浏览器加载项
[电台(&R)]
  {8E718888-423F-11D2-876E-00A0C9082467} <C:\WINNT\system32\msdxm.ocx, Microsoft Corporation>
[Edit Class]
  {0CA54D3F-CEAE-48AF-9A2B-31909CB9515D} <C:\WINNT\system32\CMBEdit.dll, >
[Shockwave Flash Object]
  {D27CDB6E-AE6D-11CF-96B8-444553540000} <C:\WINNT\system32\macromed\flash\Flash.ocx, Macromedia, Inc.>
[360SafeLive]
  {87515F61-A66C-4319-A0E0-D416CB8059E3} <C:\Program Files\360safe\live.dll, 360safe.com>

==================================
正在运行的进程
[PID: 148][\SystemRoot\System32\smss.exe]  [Microsoft Corporation, 5.00.2195.6601]
[PID: 180][\??\C:\WINNT\system32\csrss.exe]  [Microsoft Corporation, 5.00.2195.6601]
[PID: 200][\??\C:\WINNT\system32\winlogon.exe]  [Microsoft Corporation, 5.00.2195.6898]
    [C:\WINNT\system32\awgina.dll]  [Symantec Corporation, 10.0.0.361]
    [c:\winnt\system32\ojtibk.dll]  [N/A, ]
    [C:\WINNT\system32\wdmaud.drv]  [Microsoft Corporation, 5.00.2195.6673]
    [C:\WINNT\system32\msacm32.drv]  [Microsoft Corporation, 5.00.2134.1]
    [C:\WINNT\system32\NavLogon.dll]  [N/A, ]
[PID: 228][C:\WINNT\system32\services.exe]  [Microsoft Corporation, 5.00.2195.6700]
    [C:\WINNT\system32\dmserver.dll]  [VERITAS Software Corp., 2195.6605.297.3]
[PID: 240][C:\WINNT\system32\lsass.exe]  [Microsoft Corporation, 5.00.2195.6902]
[PID: 436][C:\WINNT\system32\svchost.exe]  [Microsoft Corporation, 5.00.2134.1]
[PID: 460][C:\WINNT\system32\spoolsv.exe]  [Microsoft Corporation, 5.00.2195.6659]
    [C:\WINNT\system32\awmon.dll]  [Symantec Corporation, 9.2.1]
[PID: 492][C:\Program Files\Symantec\pcAnywhere\awhost32.exe]  [Symantec Corporation, 10.0.0.361]
    [C:\Program Files\Symantec\pcAnywhere\Util.dll]  [Symantec Corporation, 10.0.0.361]
    [C:\WINNT\system32\MSVCP60.dll]  [Microsoft Corporation, 6.00.8972.0]
    [C:\Program Files\Symantec\pcAnywhere\TrayIcon.dll]  [Symantec Corporation, 10.0.0.361]
    [C:\Program Files\Symantec\pcAnywhere\InstData.dll]  [Symantec Corporation, 10.0.0.361]
    [C:\Program Files\Symantec\pcAnywhere\awcfgmgr.dll]  [Symantec Corporation, 10.0.0.361]
    [C:\Program Files\Symantec\pcAnywhere\S32PCAG.DLL]  [Symantec Corporation, 15.0.0.14]
    [C:\Program Files\Symantec\pcAnywhere\AWSES32.dll]  [Symantec Corporation, 10.0.0.361]
    [C:\Program Files\Symantec\pcAnywhere\awofrwrk.dll]  [Symantec Corporation, 10.0.0.361]
    [C:\Program Files\Symantec\pcAnywhere\awio.dll]  [N/A, ]
    [C:\Program Files\Symantec\pcAnywhere\dundata.dll]  [Symantec Corporation, 10.0.0.361]
    [C:\Program Files\Symantec\pcAnywhere\PowerMgr.dll]  [Symantec Corporation, 10.0.0.361]
    [C:\Program Files\Symantec\pcAnywhere\PCACMNDG.dll]  [, 1, 0, 0, 1]
    [C:\Program Files\Symantec\pcAnywhere\awgui32.dll]  [Symantec Corporation, 10.0.0.361]
    [C:\Program Files\Symantec\pcAnywhere\AWDS32.dll]  [Symantec Corporation, 10.0.0.361]
    [C:\Program Files\Symantec\pcAnywhere\awcm32.dll]  [Symantec Corporation, 10.0.0.361]
    [C:\Program Files\Symantec\pcAnywhere\crypto.dll]  [Symantec Corporation, 10.0.0.361]
    [C:\Program Files\Symantec\pcAnywhere\awtime32.dll]  [Symantec Corporation, 10.0.0.361]
    [C:\Program Files\Symantec\pcAnywhere\AWHK32.dll]  [Symantec Corporation, 10.0.0.361]
    [C:\Program Files\Symantec\pcAnywhere\pcaime.dll]  [Symantec Corporation, 10.0.0.361]
    [C:\Program Files\Symantec\pcAnywhere\awres-host.dll]  [Symantec Corporation, 10.0.0.361]
    [C:\Program Files\Symantec\pcAnywhere\AwioResources.dll]  [Symantec Corporation, 10.0.0.361]
    [C:\Program Files\Symantec\pcAnywhere\AWHPILOT.DLL]  [Symantec Corporation, 10.0.0.361]
    [C:\Program Files\Symantec\pcAnywhere\awlog32.dll]  [Symantec Corporation, 10.0.0.361]
    [C:\Program Files\Symantec\pcAnywhere\snmputil.dll]  [Symantec Corporation, 10.0.0.361]
    [C:\Program Files\Symantec\pcAnywhere\libsnmp.dll]  [Symantec Corporation, 10.0.0.361]
    [C:\Program Files\Symantec\pcAnywhere\AWCONN32.DLL]  [Symantec Corporation, 10.0.0.361]
    [C:\Program Files\Symantec\pcAnywhere\AW32TCP.DLL]  [Symantec Corporation, 10.0.0.361]
    [c:\winnt\system32\ojtibk.dll]  [N/A, ]
[PID: 508][C:\PROGRA~1\SYMANT~1\SYMANT~1\DefWatch.exe]  [Symantec Corporation, 8.1.0.821]
[PID: 528][C:\WINNT\System32\svchost.exe]  [Microsoft Corporation, 5.00.2134.1]
    [C:\WINNT\System32\unimdm.tsp]  [Microsoft Corporation, 5.00.2195.6601]
    [C:\WINNT\System32\kmddsp.tsp]  [Microsoft Corporation, 5.00.2150.1]
    [C:\WINNT\System32\ndptsp.tsp]  [Microsoft Corporation, 5.00.2143.1]
    [C:\WINNT\System32\ipconf.tsp]  [Microsoft Corporation, 5.00.2143.1]
    [C:\WINNT\System32\h323.tsp]  [Microsoft Corporation, 5.00.2195.6901]
[PID: 564][C:\WINNT\system32\svchost.exe]  [Microsoft Corporation, 5.00.2134.1]
    [c:\winnt\system32\ojtibk.dll]  [N/A, ]
[PID: 584][C:\PROGRA~1\SYMANT~1\SYMANT~1\Rtvscan.exe]  [Symantec Corporation, 8.1.0.821]
    [C:\WINNT\system32\CBA.DLL]  [Intel? Corporation, 6.12.0.105 E]
    [C:\WINNT\system32\MsgSys.dll]  [Intel? Corporation, 6.12.0.105 E]
    [C:\WINNT\system32\NTS.dll]  [Intel? Corporation, 6.12.0.105 E]
    [C:\WINNT\system32\PDS.DLL]  [Intel? Corporation, 6.12.0.105 E]
    [C:\PROGRA~1\SYMANT~1\SYMANT~1\NAVLU.dll]  [Symantec Corporation, 8.1.0.821]
    [C:\PROGRA~1\SYMANT~1\SYMANT~1\NAVNTUTL.DLL]  [Symantec/Peter Norton Group, 1, 0, 0, 1]
    [C:\PROGRA~1\SYMANT~1\SYMANT~1\i2ldvp3.dll]  [Symantec Corporation, 8.1.0.821]
    [C:\PROGRA~1\SYMANT~1\SYMANT~1\NAVAPI32.DLL]  [Symantec Corp., 4.2.0.7]
    [C:\PROGRA~1\COMMON~1\SYMANT~1\VIRUSD~1\20070921.002\NAVEX32a.DLL]  [Symantec Corporation, 20071.3.0.24]
    [C:\PROGRA~1\COMMON~1\SYMANT~1\VIRUSD~1\20070921.002\NAVENG32.DLL]  [Symantec Corporation, 20071.3.0.24]
    [C:\Program Files\Symantec_Client_Security\Symantec AntiVirus\NAVAP32.DLL]  [Symantec Corporation, 9.1.0.26]
    [c:\winnt\system32\ojtibk.dll]  [N/A, ]
    [C:\PROGRA~1\COMMON~1\SYMANT~1\SSC\Scandlgs.dll]  [Symantec Corporation, 8.1.0.821]
    [C:\WINNT\system32\MSVCP60.dll]  [Microsoft Corporation, 6.00.8972.0]
[PID: 648][C:\WINNT\system32\regsvc.exe]  [Microsoft Corporation, 5.00.2195.6701]
[PID: 664][C:\WINNT\system32\MSTask.exe]  [Microsoft Corporation, 4.71.2195.6704]
    [c:\winnt\system32\ojtibk.dll]  [N/A, ]
[PID: 720][C:\WINNT\system32\slserv.exe]  [ , 2.80.00(24Apr2000)]
[PID: 784][C:\WINNT\System32\WBEM\WinMgmt.exe]  [Microsoft Corporation, 1.50.1085.0100]
[PID: 808][C:\program files\internet explorer\IEXPLORE.EXE]  [Microsoft Corporation, 6.00.2800.1106]
    [c:\winnt\system32\ojtibk.dll]  [N/A, ]
[PID: 812][C:\WINNT\system32\svchost.exe]  [Microsoft Corporation, 5.00.2134.1]
gototop
 
老进不了啊
头像
初生襁褓狮
  • 帖子:34
  • 注册: 2005-01-27
  • 来自:
发表于: 2007-10-13 18:15 | 显示全部 短消息 资料
字号: 5楼

[C:\WINNT\system32\msxml3.dll]  [Microsoft Corporation, 8.30.9926.0]
[PID: 1136][C:\WINNT\Explorer.EXE]  [Microsoft Corporation, 5.00.3700.6690]
    [C:\WINNT\AppPatch\AcLayers.DLL]  [Microsoft Corporation, 5.00.2195.6717]
    [c:\winnt\system32\ojtibk.dll]  [N/A, ]
    [C:\WINNT\system32\kslszdbi9.dll]  [N/A, ]
    [C:\WINNT\system32\wdmaud.drv]  [Microsoft Corporation, 5.00.2195.6673]
    [C:\WINNT\system32\msacm32.drv]  [Microsoft Corporation, 5.00.2134.1]
    [C:\Program Files\Rising\AntiSpyware\ieprot.dll]  [Beijing Rising Technology Co., Ltd., 1, 0, 0, 12]
    [C:\Program Files\360safe\safemon\safemon.dll]  [奇虎网, 3, 6, 4, 1001]
    [C:\Program Files\WinRAR\rarext.dll]  [N/A, ]
    [C:\Program Files\Common Files\Symantec Shared\SSC\vpshell2.dll]  [Symantec Corporation, 8.1.0.821]
    [C:\WINNT\system32\msadp32.acm]  [Microsoft Corporation, 5.00.2134.1]
[PID: 1292][C:\Program Files\360safe\safemon\360tray.exe]  [奇虎网, 3, 6, 4, 2001]
    [c:\winnt\system32\ojtibk.dll]  [N/A, ]
    [C:\Program Files\360safe\safemon\safemon.dll]  [奇虎网, 3, 6, 4, 1001]
    [C:\Program Files\360safe\safemon\SafeKrnl.dll]  [奇虎网, 3, 6, 0, 1001]
    [C:\Program Files\360safe\AntiAdwa.dll]  [360Safe.com, 3, 6, 3, 1001]
    [C:\Program Files\Rising\AntiSpyware\ieprot.dll]  [Beijing Rising Technology Co., Ltd., 1, 0, 0, 12]
[PID: 1324][C:\WINNT\IGM.exe]  [N/A, ]
[PID: 1352][C:\WINNT\IGW.exe]  [N/A, ]
[PID: 1384][C:\Program Files\ChinaNet\VnetClient.exe]  [, 2005, 3, 7, 1]
    [C:\Program Files\ChinaNet\Communicate.dll]  [0, 2005, 3, 3, 1]
    [C:\Program Files\ChinaNet\DialModule.dll]  [, 2005, 3, 22, 1]
    [C:\Program Files\ChinaNet\MFC42.DLL]  [Microsoft Corporation, 6.00.8665.0]
    [C:\Program Files\360safe\safemon\safemon.dll]  [奇虎网, 3, 6, 4, 1001]
    [c:\winnt\system32\ojtibk.dll]  [N/A, ]
    [C:\PROGRA~1\ChinaNet\CLIENT~1.DLL]  [, 2004, 2, 28, 1]
    [C:\PROGRA~1\ChinaNet\PLUGIN~1.OCX]  [, 2005, 3, 7, 1]
    [C:\PROGRA~1\ChinaNet\sign.dll]  [0, 2004, 12, 1, 1]
    [C:\PROGRA~1\ChinaNet\WEBPLU~1.DLL]  [, 2005, 2, 17, 1]
    [C:\PROGRA~1\ChinaNet\PostPlug.dll]  [, 2004, 12, 16, 2]
    [C:\PROGRA~1\ChinaNet\ADVERT~1.OCX]  [, 2004, 12, 30, 0]
    [C:\PROGRA~1\ChinaNet\VnetBs.ocx]  [, 2004, 11, 18, 1]
    [C:\PROGRA~1\ChinaNet\ACCOUN~2.DLL]  [, 2005, 3, 3, 1]
    [C:\PROGRA~1\ChinaNet\AccountMgr.dll]  [, 2005, 3, 7, 2]
    [C:\PROGRA~1\ChinaNet\PLUGIN~2.OCX]  [, 2005, 2, 24, 1]
    [C:\PROGRA~1\ChinaNet\NEWMES~1.DLL]  [, 2004, 11, 25, 0]
    [C:\PROGRA~1\ChinaNet\PassCtrl.dll]  [, 1, 0, 0, 1]
    [C:\PROGRA~1\ChinaNet\PlugPush.dll]  [, 2004, 12, 21, 1]
    [C:\PROGRA~1\ChinaNet\ALLINT~1.DLL]  [, 2004, 11, 23, 1]
    [C:\PROGRA~1\ChinaNet\VNETLO~1.OCX]  [, 2005, 3, 1, 1]
    [C:\PROGRA~1\ChinaNet\StatNum.dll]  [, 2004, 11, 18, 1]
    [C:\PROGRA~1\ChinaNet\VNETON~1.OCX]  [, 2005, 3, 2, 1]
    [C:\PROGRA~1\ChinaNet\ALLFUN~1.DLL]  [, 2005, 3, 9, 1]
    [C:\PROGRA~1\ChinaNet\VnetOptLog.dll]  [, 2004, 11, 23, 1]
    [C:\PROGRA~1\ChinaNet\DialogStyle.dll]  [, 1, 0, 0, 1]
    [C:\PROGRA~1\ChinaNet\Timer.ocx]  [, 2004, 11, 25, 1]
    [C:\PROGRA~1\ChinaNet\VnetSkin.ocx]  [GDDC, 1, 0, 0, 1]
    [C:\PROGRA~1\ChinaNet\VNETUP~1.OCX]  [, 1, 0, 0, 1]
    [C:\Program Files\Rising\AntiSpyware\ieprot.dll]  [Beijing Rising Technology Co., Ltd., 1, 0, 0, 12]
    [C:\WINNT\system32\macromed\flash\Flash.ocx]  [Macromedia, Inc., 7,0,19,0]
    [C:\WINNT\system32\wdmaud.drv]  [Microsoft Corporation, 5.00.2195.6673]
    [C:\WINNT\system32\msacm32.drv]  [Microsoft Corporation, 5.00.2134.1]
    [C:\WINNT\system32\msadp32.acm]  [Microsoft Corporation, 5.00.2134.1]
    [C:\PROGRA~1\ChinaNet\DlgSkin.ocx]  [, 1, 0, 0, 1]
[PID: 1564][C:\Program Files\Internet Explorer\iexplore.exe]  [Microsoft Corporation, 6.00.2800.1106]
    [C:\Program Files\360safe\safemon\safemon.dll]  [奇虎网, 3, 6, 4, 1001]
    [c:\winnt\system32\ojtibk.dll]  [N/A, ]
    [C:\Program Files\Rising\AntiSpyware\ieprot.dll]  [Beijing Rising Technology Co., Ltd., 1, 0, 0, 12]
    [C:\WINNT\system32\macromed\flash\Flash.ocx]  [Macromedia, Inc., 7,0,19,0]
    [C:\WINNT\system32\wdmaud.drv]  [Microsoft Corporation, 5.00.2195.6673]
    [C:\WINNT\system32\msacm32.drv]  [Microsoft Corporation, 5.00.2134.1]
    [C:\WINNT\system32\msadp32.acm]  [Microsoft Corporation, 5.00.2134.1]
[PID: 1772][C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\Rar$EX01.859\SREngPS.EXE]  [Smallfrogs Studio, 2.5.16.900]
    [C:\Program Files\360safe\safemon\safemon.dll]  [奇虎网, 3, 6, 4, 1001]
    [c:\winnt\system32\ojtibk.dll]  [N/A, ]
    [C:\Program Files\Rising\AntiSpyware\ieprot.dll]  [Beijing Rising Technology Co., Ltd., 1, 0, 0, 12]
    [C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\Rar$EX01.859\Upload\3rdUpd.DLL]  [Smallfrogs Studio, 2, 1, 0, 15]

==================================
文件关联
.TXT  OK. [%SystemRoot%\system32\NOTEPAD.EXE %1]
.EXE  OK. ["%1" %*]
.COM  OK. ["%1" %*]
.PIF  OK. ["%1" %*]
.REG  OK. [regedit.exe "%1"]
.BAT  OK. ["%1" %*]
.SCR  OK. ["%1" /S]
.CHM  OK. ["C:\WINNT\hh.exe" %1]
.HLP  OK. [%SystemRoot%\system32\winhlp32.exe %1]
.INI  OK. [%SystemRoot%\system32\NOTEPAD.EXE %1]
.INF  OK. [%SystemRoot%\system32\NOTEPAD.EXE %1]
.VBS  OK. [%SystemRoot%\System32\WScript.exe "%1" %*]
.JS  OK. [%SystemRoot%\System32\WScript.exe "%1" %*]
.LNK  OK. [{00021401-0000-0000-C000-000000000046}]
gototop
 
老进不了啊
头像
初生襁褓狮
  • 帖子:34
  • 注册: 2005-01-27
  • 来自:
发表于: 2007-10-13 18:16 | 显示全部 短消息 资料
字号: 6楼

Winsock 提供者
N/A

==================================
Autorun.inf
N/A

==================================
HOSTS 文件
127.0.0.1      localhost

==================================
进程特权扫描
特殊特权被允许: SeLoadDriverPrivilege [PID = 584, C:\PROGRA~1\SYMANT~1\SYMANT~1\RTVSCAN.EXE]
特殊特权被允许: SeLoadDriverPrivilege [PID = 720, C:\WINNT\SYSTEM32\SLSERV.EXE]
特殊特权被允许: SeDebugPrivilege [PID = 1292, C:\PROGRAM FILES\360SAFE\SAFEMON\360TRAY.EXE]
特殊特权被允许: SeLoadDriverPrivilege [PID = 1292, C:\PROGRAM FILES\360SAFE\SAFEMON\360TRAY.EXE]
特殊特权被允许: SeLoadDriverPrivilege [PID = 1324, C:\WINNT\IGM.EXE]
特殊特权被允许: SeLoadDriverPrivilege [PID = 1352, C:\WINNT\IGW.EXE]
特殊特权被允许: SeLoadDriverPrivilege [PID = 1384, C:\PROGRAM FILES\CHINANET\VNETCLIENT.EXE]
特殊特权被允许: SeLoadDriverPrivilege [PID = 1956, C:\PROGRAM FILES\INTERNET EXPLORER\SVCH0ST.EXE]

==================================
API HOOK
入口点错误:CreateProcessA (危险等级: 高,  被下面模块所HOOK: C:\Program Files\360safe\safemon\safemon.dll)
入口点错误:CreateProcessW (危险等级: 高,  被下面模块所HOOK: C:\Program Files\360safe\safemon\safemon.dll)

==================================
隐藏进程
    [772] C:\Program Files\Windows Media Player\splayer.exe

==================================


[/CODE]
gototop
 
<<上一主题|下一主题>>
1   1  /  1  页   跳转
页面顶部
Powered by Discuz!NT