瑞星卡卡安全论坛技术交流区反病毒/反流氓软件论坛 win2000服务器,我确认有病毒,就是找不到,发个日志帮我看看

1   1  /  1  页   跳转

win2000服务器,我确认有病毒,就是找不到,发个日志帮我看看

收藏
本主题由 版主 政府 于 2009-9-1 9:07:08 执行 移动主题 操作
sky_wl
头像
初生襁褓狮
  • 帖子:12
  • 注册: 2009-08-28
  • 来自:
发表于: 2009-09-01 08:49 | 显示全部 短消息 资料
字号: 1楼

win2000服务器,我确认有病毒,就是找不到,发个日志帮我看看

以下内容被选中:
    所有的启动项目(包括注册表、启动文件夹、服务等)
    浏览器加载项
    正在运行的进程(包括进程模块信息)
    文件关联
    Winsock 提供者
    Autorun.inf
    HOSTS 文件
    进程特权扫描
    计划任务
    Windows 安全更新检查
    API HOOK
    隐藏进程

启动项目
注册表
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
    <Internat.exe><internat.exe>  [(Verified)Microsoft Windows 2000 Publisher]
    <Super Rabbit Desktop Search><C:\Documents and Settings\Administrator\My Documents\sr799\MagicSet\SRSearch.exe>  []
[HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows]
    <load><>  [N/A]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
    <MS-4011 Memory Patch><C:\RavSasser.exe -Patch>  [Beijing Rising Tech. Co., Ltd.]
    <fix><C:\Program Files\360\360safe\fix.exe>  [360安全中心]
    <360Safetray><C:\Program Files\360\360safe\safemon\360Tray.exe /start>  [(Verified)Qizhi Software (beijing) Co. Ltd]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
    <shell><Explorer.exe>  [(Verified)Microsoft Windows 2000 Publisher]
    <Userinit><C:\WINNT\system32\userinit.exe,>  [(Verified)Microsoft Windows 2000 Publisher]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Windows]
    <AppInit_DLLs><>  [N/A]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
    <{AEB6717E-7E19-11d0-97EE-00C04FD91972}><shell32.dll>  [(Verified)Microsoft Windows 2000 Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
    <Network.ConnectionTray><C:\WINNT\system32\NETSHELL.dll>  [(Verified)Microsoft Windows 2000 Publisher]
    <WebCheck><%SystemRoot%\System32\webcheck.dll>  [(Verified)Microsoft Windows Component Publisher]
    <SysTray><stobject.dll>  [(Verified)Microsoft Windows 2000 Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\crypt32chain]
    <WinlogonNotify: crypt32chain><crypt32.dll>  [(Verified)Microsoft Windows 2000 Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\cryptnet]
    <WinlogonNotify: cryptnet><cryptnet.dll>  [(Verified)Microsoft Windows 2000 Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\cscdll]
    <WinlogonNotify: cscdll><cscdll.dll>  [(Verified)Microsoft Windows 2000 Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\sclgntfy]
    <WinlogonNotify: sclgntfy><sclgntfy.dll>  [(Verified)Microsoft Windows 2000 Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\SensLogn]
    <WinlogonNotify: SensLogn><WlNotify.dll>  [(Verified)Microsoft Windows 2000 Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\termsrv]
    <WinlogonNotify: termsrv><wlnotify.dll>  [(Verified)Microsoft Windows 2000 Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler]
    <{438755C2-A8BA-11D1-B96B-00A0C90312E1}><%SystemRoot%\System32\browseui.dll>  [(Verified)Microsoft Windows Component Publisher]
    <{8C7461EF-2B13-11d2-BE35-3078302C2030}><%SystemRoot%\System32\browseui.dll>  [(Verified)Microsoft Windows Component Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\>{60B49E34-C7CC-11D0-8953-00A0C90347FF}MICROS]
    <自定义浏览器><RunDLL32 IEDKCS32.DLL,BrandIE4 SIGNUP>  [(Verified)Microsoft Windows Component Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{22d6f312-b0f6-11d0-94ab-0080c74c7e95}]
    <Microsoft Windows Media Player 6.4><rundll32.exe advpack.dll,LaunchINFSection C:\WINNT\INF\mplayer2.inf,PerUserStub.NT>  [(Verified)Microsoft Windows 2000 Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{44BBA840-CC51-11CF-AAFA-00AA00B6015C}]
    <Microsoft Outlook Express 6><"%ProgramFiles%\Outlook Express\setup50.exe" /APP:OE /CALLER:WINNT /user /install>  [File is missing]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{44BBA842-CC51-11CF-AAFA-00AA00B6015B}]
    <NetMeeting 3.01><rundll32.exe advpack.dll,LaunchINFSection C:\WINNT\INF\msnetmtg.inf,NetMtg.Install.PerUser.NT>  [(Verified)Microsoft Windows 2000 Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{6A5110B5-E14B-4268-A065-EF89FF33C325}]
    <EnableRevocation><regsvr32.exe /s /n /i:"S 2 true 3 true 4 true 5 true 6 true 7 true" initpki.dll>  [(Verified)Microsoft Windows 2000 Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{7790769C-0471-11d2-AF11-00C04FA35D02}]
    <Address Book 5><"%ProgramFiles%\Outlook Express\setup50.exe" /APP:WAB /CALLER:WINNT /user /install>  [File is missing]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{89820200-ECBD-11cf-8B85-00AA005B4340}]
    <Windows 桌面更新><regsvr32.exe /s /n /i:U shell32.dll>  [(Verified)Microsoft Windows 2000 Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{89820200-ECBD-11cf-8B85-00AA005B4383}]
    <Internet Explorer 6><%SystemRoot%\System32\ie4uinit.exe>  [(Verified)Microsoft Windows Component Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{9EF0045A-CDD9-438e-95E6-02B9AFEC8E11}]
    <CRLUpdate><%SystemRoot%\System32\updcrl.exe -e -u %SystemRoot%\System32\verisignpub1.crl>  [File is missing]
==================================
启动文件夹
N/A
==================================
服务
[Logical Disk Manager Administrative Service / dmadmin][Stopped/Manual Start]
  <C:\WINNT\System32\dmadmin.exe /com><VERITAS Software Corp.>
[Cluster Monitor Service / HAMonitorService][Stopped/Manual Start]
  <C:\Program Files\LongerHA\MonitorService.exe><N/A>
[Cluster Service / HAService][Stopped/Auto Start]
  <C:\Program Files\LongerHA\Service.exe><N/A>
[OracleOraHome81Agent / OracleOraHome81Agent][Stopped/Manual Start]
  <c:\Oracle\Ora81\bin\dbsnmp.exe><oracle>
[OracleOraHome81ClientCache / OracleOraHome81ClientCache][Stopped/Manual Start]
  <c:\Oracle\Ora81\BIN\ONRSD.EXE><N/A>
[OracleOraHome81DataGatherer / OracleOraHome81DataGatherer][Stopped/Manual Start]
  <c:\Oracle\Ora81\bin\vppdc.exe><N/A>
[OracleOraHome81ManagementServer / OracleOraHome81ManagementServer][Stopped/Manual Start]
  <c:\Oracle\Ora81\bin\OMSNTsrv.exe><N/A>
[OracleOraHome81TNSListener / OracleOraHome81TNSListener][Running/Auto Start]
  <c:\Oracle\Ora81\BIN\TNSLSNR ><N/A>
[OracleServiceO8I / OracleServiceO8I][Running/Auto Start]
  <c:\oracle\ora81\bin\ORACLE.EXE O8I><Oracle Corporation>
[OracleWebAssistant0 / OracleWebAssistant0][Running/Auto Start]
  <c:\Oracle\Ora81\BIN\OWASTSVR.EXE><Oracle Corporation>
[RsCCenter / RsCCenter][Stopped/Auto Start]
  <><(File is missing)>
==================================
驱动程序
[360AntiArp / 360AntiArp][Running/System Start]
  <\??\C:\WINNT\System32\drivers\360AntiArp.sys><360安全中心>
[atirage / atirage][Running/Manual Start]
  <System32\DRIVERS\atiragem.sys><ATI Technologies Inc.>
[BaseTDI / BaseTDI][Running/Auto Start]
  <System32\DRIVERS\BaseTDI.SYS><Beijing Rising Technology Co., Ltd.>
[dmboot / dmboot][Stopped/Disabled]
  <System32\drivers\dmboot.sys><VERITAS Software Corp.>
[Logical Disk Manager Driver / dmio][Running/Boot Start]
  <\SystemRoot\System32\drivers\dmio.sys><VERITAS Software Corp.>
[dmload / dmload][Running/Boot Start]
  <\SystemRoot\System32\drivers\dmload.sys><VERITAS Software Corp.>
[HP 10/100TX PCI LAN Adapter NT Driver / HPTX][Running/Manual Start]
  <System32\DRIVERS\hptxnt5.sys><Hewlett-Packard Company>
[mraid2k / mraid2k][Running/Boot Start]
  <\SystemRoot\System32\DRIVERS\mraid2k.sys><American Megatrends, Inc.>
[mraid35x / mraid35x][Running/Boot Start]
  <\SystemRoot\System32\DRIVERS\mraid35x.sys><American MegaTrends Inc.>
[New0 / New0][Stopped/Auto Start]
  <\??\C:\WINNT\System32\new.sys><N/A>
[DDK PACKET Protocol / Packet][Running/Manual Start]
  <System32\DRIVERS\ProtoDrv.sys><360安全中心>
[Direct Parallel Link Driver / Ptilink][Running/Manual Start]
  <System32\DRIVERS\ptilink.sys><Parallel Technologies, Inc.>
==================================
浏览器加载项
[SafeMon Class]
  {B69F34DD-F0F9-42DC-9EDD-957187DA688D} <D:\360safe\safemon\safemon.dll, 奇虎网>
[@shdoclc.dll,-866]
  {c95fe080-8f5d-11d2-a20b-00aa003c157a} <, >
[电台(&R)]
  {8E718888-423F-11D2-876E-00A0C9082467} <C:\WINNT\System32\msdxm.ocx, Microsoft Corporation>
[WebBasedClientInstall Class]
  {D30CA0FD-1CA0-11D4-AC78-006008A9A8BC} <C:\WINNT\Downloaded Program Files\WebInst.Dll, (Signed) Symantec Corporation>
[360SafeLive]
  {87515F61-A66C-4319-A0E0-D416CB8059E3} <D:\360safe\live.dll, 360safe.com>
==================================
正在运行的进程
[PID: 168][\SystemRoot\System32\smss.exe]  [(Verified) Microsoft Corporation, 5.00.2195.2901]
[PID: 188][\??\C:\WINNT\system32\csrss.exe]  [(Verified) Microsoft Corporation, 5.00.2195.2581]
[PID: 180][\??\C:\WINNT\system32\winlogon.exe]  [(Verified) Microsoft Corporation, 5.00.2195.2953]
[PID: 236][C:\WINNT\system32\services.exe]  [(Verified) Microsoft Corporation, 5.00.2195.2780]
    [C:\WINNT\system32\dmserver.dll]  [VERITAS Software Corp., 2195.2778.297.3]
[PID: 248][C:\WINNT\system32\lsass.exe]  [(Verified) Microsoft Corporation, 5.00.2195.2964]
[PID: 420][C:\WINNT\system32\svchost.exe]  [(Verified) Microsoft Corporation, 5.00.2134.1]
[PID: 448][C:\WINNT\system32\spoolsv.exe]  [(Verified) Microsoft Corporation, 5.00.2161.1]
[PID: 476][C:\WINNT\System32\msdtc.exe]  [(Verified) Microsoft Corporation, 1999.9.3421.3]
    [c:\Oracle\Ora81\bin\ociw32.dll]  [Oracle Corporation, 8.0.5.0.0]
[PID: 604][C:\WINNT\System32\svchost.exe]  [(Verified) Microsoft Corporation, 5.00.2134.1]
[PID: 632][C:\WINNT\System32\llssrv.exe]  [(Verified) Microsoft Corporation, 5.00.2195.2649]
[PID: 684][c:\Oracle\Ora81\BIN\TNSLSNR.exe]  [N/A, ]
    [c:\Oracle\Ora81\BIN\oransgr8.dll]  [Oracle Corporation, 8.1.6.0.0]
    [c:\Oracle\Ora81\BIN\oran8.dll]  [Oracle Corporation, 8.1.6.0.0]
    [c:\Oracle\Ora81\BIN\oranl8.dll]  [Oracle Corporation, 8.1.6.0.0]
    [c:\Oracle\Ora81\BIN\oranldap8.dll]  [Oracle Corporation, 8.1.6.0.0]
    [c:\Oracle\Ora81\BIN\orannzsbb8.dll]  [Oracle Corporation, 8.1.6.0.0]
    [c:\Oracle\Ora81\BIN\oracore8.dll]  [Oracle Corporation, 8.1.3.0.0]
    [c:\Oracle\Ora81\BIN\oranls8.dll]  [Oracle Corporation, 8.1.6.0.0]
    [c:\Oracle\Ora81\BIN\orageneric8.dll]  [Oracle Corporation, 8.1.6.0.0]
    [c:\Oracle\Ora81\BIN\oracommon8.dll]  [Oracle Corporation, 8.1.6.0.0]
    [c:\Oracle\Ora81\BIN\oraclient8.dll]  [Oracle Corporation, 8.1.6.0.0]
    [c:\Oracle\Ora81\BIN\oravsn8.dll]  [Oracle Corporation, 8.1.6.0.0]
    [c:\Oracle\Ora81\BIN\orawtc8.dll]  [Oracle Corporation, 8.1.6.0.0]
    [c:\Oracle\Ora81\BIN\oranro8.dll]  [Oracle Corporation, 8.1.6.0.0]
    [c:\Oracle\Ora81\BIN\orapls8.dll]  [Oracle Corporation, 8]
    [c:\Oracle\Ora81\BIN\oraslax8.dll]  [Oracle Corporation, 8]
    [c:\Oracle\Ora81\BIN\orasql8.dll]  [Oracle Corporation, 8.1.6.0.0]
    [c:\Oracle\Ora81\BIN\oraldapclnt8.dll]  [Oracle Corporation, 8.1.5.0.0]
    [c:\Oracle\Ora81\BIN\ORATRACE8.dll]  [N/A, ]
    [c:\Oracle\Ora81\BIN\orancrypt8.dll]  [Oracle Corporation, 8.1.6.0.0]
    [c:\Oracle\Ora81\BIN\oranhost8.dll]  [Oracle Corporation, 8.1.6.0.0]
    [c:\Oracle\Ora81\BIN\oranoname8.dll]  [Oracle Corporation, 8.1.6.0.0]
    [c:\Oracle\Ora81\BIN\orancds8.dll]  [Oracle Corporation, 8.1.6.0.0]
    [c:\Oracle\Ora81\BIN\orantns8.dll]  [Oracle Corporation, 8.1.6.0.0]
    [c:\Oracle\Ora81\BIN\orannds8.dll]  [Oracle Corporation, 8.1.6.0.0]
    [c:\Oracle\Ora81\BIN\orannms8.dll]  [N/A, ]
    [c:\Oracle\Ora81\bin\oranipc8.dll]  [Oracle Corporation, 8.1.6.0.0]
    [c:\Oracle\Ora81\bin\orantcp8.dll]  [Oracle Corporation, 8.1.6.0.0]
    [c:\Oracle\Ora81\bin\oranbeq8.dll]  [Oracle Corporation, 8.1.6.0.0]
[PID: 764][c:\oracle\ora81\bin\ORACLE.EXE]  [Oracle Corporation, 8.1.6.0.0]
    [c:\oracle\ora81\bin\oraclient8.dll]  [Oracle Corporation, 8.1.6.0.0]
    [c:\oracle\ora81\bin\oracore8.dll]  [Oracle Corporation, 8.1.3.0.0]
    [c:\oracle\ora81\bin\oranls8.dll]  [Oracle Corporation, 8.1.6.0.0]
    [c:\oracle\ora81\bin\oravsn8.dll]  [Oracle Corporation, 8.1.6.0.0]
    [c:\oracle\ora81\bin\oracommon8.dll]  [Oracle Corporation, 8.1.6.0.0]
    [c:\oracle\ora81\bin\orageneric8.dll]  [Oracle Corporation, 8.1.6.0.0]
    [c:\oracle\ora81\bin\orawtc8.dll]  [Oracle Corporation, 8.1.6.0.0]
    [c:\oracle\ora81\bin\oranl8.dll]  [Oracle Corporation, 8.1.6.0.0]
    [c:\oracle\ora81\bin\oran8.dll]  [Oracle Corporation, 8.1.6.0.0]
    [c:\oracle\ora81\bin\orancrypt8.dll]  [Oracle Corporation, 8.1.6.0.0]
    [c:\oracle\ora81\bin\oranro8.dll]  [Oracle Corporation, 8.1.6.0.0]
    [c:\oracle\ora81\bin\orannzsbb8.dll]  [Oracle Corporation, 8.1.6.0.0]
    [c:\oracle\ora81\bin\oranldap8.dll]  [Oracle Corporation, 8.1.6.0.0]
    [c:\oracle\ora81\bin\oraldapclnt8.dll]  [Oracle Corporation, 8.1.5.0.0]
    [c:\oracle\ora81\bin\oranhost8.dll]  [Oracle Corporation, 8.1.6.0.0]
    [c:\oracle\ora81\bin\oranoname8.dll]  [Oracle Corporation, 8.1.6.0.0]
    [c:\oracle\ora81\bin\orancds8.dll]  [Oracle Corporation, 8.1.6.0.0]
    [c:\oracle\ora81\bin\orantns8.dll]  [Oracle Corporation, 8.1.6.0.0]
    [c:\oracle\ora81\bin\orannds8.dll]  [Oracle Corporation, 8.1.6.0.0]
    [c:\oracle\ora81\bin\orannms8.dll]  [N/A, ]
    [c:\oracle\ora81\bin\ORATRACE8.dll]  [N/A, ]
    [c:\oracle\ora81\bin\orapls8.dll]  [Oracle Corporation, 8]
    [c:\oracle\ora81\bin\oraslax8.dll]  [Oracle Corporation, 8]
    [c:\oracle\ora81\bin\orasql8.dll]  [Oracle Corporation, 8.1.6.0.0]
    [c:\oracle\ora81\bin\oraplp8.dll]  [Oracle Corporation, 8]
    [c:\oracle\ora81\bin\oradbicx8.dll]  [Oracle Corporation, 8]
    [c:\oracle\ora81\bin\orajox8.dll]  [N/A, ]
    [c:\oracle\ora81\bin\oransgr8.dll]  [Oracle Corporation, 8.1.6.0.0]
    [c:\Oracle\Ora81\bin\oranbeq8.dll]  [Oracle Corporation, 8.1.6.0.0]
    [c:\Oracle\Ora81\bin\orannts8.dll]  [Oracle Corporation, 8.1.6.0.0]
    [c:\Oracle\Ora81\bin\orantcp8.dll]  [Oracle Corporation, 8.1.6.0.0]
    [C:\ORACLE\ORA81\JAVAVM\ADMIN\orajox8oracle_aurora_rdbms.dll]  [N/A, ]
    [C:\ORACLE\ORA81\JAVAVM\ADMIN\orajox8java_lang.dll]  [N/A, ]
    [C:\ORACLE\ORA81\JAVAVM\ADMIN\orajox8java_io.dll]  [N/A, ]
    [C:\ORACLE\ORA81\JAVAVM\ADMIN\orajox8java_util.dll]  [N/A, ]
    [C:\ORACLE\ORA81\JAVAVM\ADMIN\orajox8oracle_aurora_vm.dll]  [N/A, ]
    [C:\ORACLE\ORA81\JAVAVM\ADMIN\orajox8java_security.dll]  [N/A, ]
    [C:\ORACLE\ORA81\JAVAVM\ADMIN\orajox8java_lang_reflect.dll]  [N/A, ]
    [C:\ORACLE\ORA81\JAVAVM\ADMIN\orajox8oracle_gss_util.dll]  [N/A, ]
    [C:\ORACLE\ORA81\JAVAVM\ADMIN\orajox8sun_io.dll]  [N/A, ]
    [C:\ORACLE\ORA81\JAVAVM\ADMIN\orajox8java_lang_ref.dll]  [N/A, ]
    [C:\ORACLE\ORA81\JAVAVM\ADMIN\orajox8sun_security_action.dll]  [N/A, ]
    [C:\ORACLE\ORA81\JAVAVM\ADMIN\orajox8sun_misc.dll]  [N/A, ]
    [C:\ORACLE\ORA81\JAVAVM\ADMIN\orajox8oracle_sql.dll]  [N/A, ]
    [C:\ORACLE\ORA81\JAVAVM\ADMIN\orajox8java_sql.dll]  [N/A, ]
    [C:\ORACLE\ORA81\JAVAVM\ADMIN\orajox8sun_security_provider.dll]  [N/A, ]
    [C:\ORACLE\ORA81\JAVAVM\ADMIN\orajox8oracle_jdbc_driver.dll]  [N/A, ]
    [C:\Oracle\Ora81\BIN\COREJAVA.DLL]  [N/A, ]
    [C:\ORACLE\ORA81\JAVAVM\ADMIN\orajox8java_math.dll]  [N/A, ]
    [C:\ORACLE\ORA81\JAVAVM\ADMIN\orajox8oracle_aurora_rdbms_security.dll]  [N/A, ]
    [C:\ORACLE\ORA81\JAVAVM\ADMIN\orajox8oracle_aurora_realm.dll]  [N/A, ]
    [C:\ORACLE\ORA81\JAVAVM\ADMIN\orajox8com_sun_server_realm.dll]  [N/A, ]
    [C:\ORACLE\ORA81\JAVAVM\ADMIN\orajox8oracle_jdbc_kprb.dll]  [N/A, ]
    [C:\ORACLE\ORA81\JAVAVM\ADMIN\orajox8oracle_jdbc_dbaccess.dll]  [N/A, ]
    [C:\ORACLE\ORA81\JAVAVM\ADMIN\orajox8oracle_aurora_memoryManager.dll]  [N/A, ]
[PID: 788][c:\Oracle\Ora81\BIN\OWASTSVR.EXE]  [Oracle Corporation, 8.1.6.0.0]
    [c:\Oracle\Ora81\BIN\oraclient8.dll]  [Oracle Corporation, 8.1.6.0.0]
    [c:\Oracle\Ora81\BIN\oracore8.dll]  [Oracle Corporation, 8.1.3.0.0]
    [c:\Oracle\Ora81\BIN\oranls8.dll]  [Oracle Corporation, 8.1.6.0.0]
    [c:\Oracle\Ora81\BIN\oravsn8.dll]  [Oracle Corporation, 8.1.6.0.0]
    [c:\Oracle\Ora81\BIN\oracommon8.dll]  [Oracle Corporation, 8.1.6.0.0]
    [c:\Oracle\Ora81\BIN\orageneric8.dll]  [Oracle Corporation, 8.1.6.0.0]
    [c:\Oracle\Ora81\BIN\orawtc8.dll]  [Oracle Corporation, 8.1.6.0.0]
    [c:\Oracle\Ora81\BIN\oranl8.dll]  [Oracle Corporation, 8.1.6.0.0]
    [c:\Oracle\Ora81\BIN\oran8.dll]  [Oracle Corporation, 8.1.6.0.0]
    [c:\Oracle\Ora81\BIN\orancrypt8.dll]  [Oracle Corporation, 8.1.6.0.0]
    [c:\Oracle\Ora81\BIN\oranro8.dll]  [Oracle Corporation, 8.1.6.0.0]
    [c:\Oracle\Ora81\BIN\orannzsbb8.dll]  [Oracle Corporation, 8.1.6.0.0]
    [c:\Oracle\Ora81\BIN\oranldap8.dll]  [Oracle Corporation, 8.1.6.0.0]
    [c:\Oracle\Ora81\BIN\oraldapclnt8.dll]  [Oracle Corporation, 8.1.5.0.0]
    [c:\Oracle\Ora81\BIN\oranhost8.dll]  [Oracle Corporation, 8.1.6.0.0]
    [c:\Oracle\Ora81\BIN\oranoname8.dll]  [Oracle Corporation, 8.1.6.0.0]
    [c:\Oracle\Ora81\BIN\orancds8.dll]  [Oracle Corporation, 8.1.6.0.0]
    [c:\Oracle\Ora81\BIN\orantns8.dll]  [Oracle Corporation, 8.1.6.0.0]
    [c:\Oracle\Ora81\BIN\orannds8.dll]  [Oracle Corporation, 8.1.6.0.0]
    [c:\Oracle\Ora81\BIN\orannms8.dll]  [N/A, ]
    [c:\Oracle\Ora81\BIN\ORATRACE8.dll]  [N/A, ]
    [c:\Oracle\Ora81\BIN\orapls8.dll]  [Oracle Corporation, 8]
    [c:\Oracle\Ora81\BIN\oraslax8.dll]  [Oracle Corporation, 8]
    [c:\Oracle\Ora81\BIN\orasql8.dll]  [Oracle Corporation, 8.1.6.0.0]
    [c:\Oracle\Ora81\BIN\OWASMUS.DLL]  [N/A, ]
[PID: 820][C:\WINNT\system32\regsvc.exe]  [(Verified) Microsoft Corporation, 5.00.2195.2104]
[PID: 824][C:\WINNT\system32\MSTask.exe]  [(Verified) Microsoft Corporation, 4.71.2195.1]
[PID: 908][C:\WINNT\System32\WBEM\WinMgmt.exe]  [(Verified) Microsoft Corporation, 1.50.1085.0029]
[PID: 924][C:\WINNT\System32\inetsrv\inetinfo.exe]  [(Verified) Microsoft Corporation, 5.00.0984]
    [c:\Oracle\Ora81\bin\ociw32.dll]  [Oracle Corporation, 8.0.5.0.0]
[PID: 964][C:\WINNT\system32\Dfssvc.exe]  [(Verified) Microsoft Corporation, 5.00.2195.2841]
[PID: 1312][C:\WINNT\System32\svchost.exe]  [(Verified) Microsoft Corporation, 5.00.2134.1]
[PID: 1404][C:\WINNT\Explorer.EXE]  [(Verified) Microsoft Corporation, 5.00.3315.2846]

用户系统信息:Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.4506.2152; .NET CLR 3.5.30729)
分享到:
gototop
 
sky_wl
头像
初生襁褓狮
  • 帖子:12
  • 注册: 2009-08-28
  • 来自:
发表于: 2009-09-01 08:50 | 显示全部 短消息 资料
字号: 2楼

回复:win2000服务器,我确认有病毒,就是找不到,发个日志帮我看看

[C:\Program Files\360\360safe\safemon\safemon.dll]  [360.CN, 5, 0, 0, 1021]
    [D:\360safe\safemon\safemon.dll]  [奇虎网, 3, 6, 4, 1001]
[PID: 1196][C:\Program Files\360\360safe\safemon\360Tray.exe]  [360安全中心, 5, 0, 0, 1020]
    [C:\Program Files\360\360safe\safemon\360compro.dll]  [360安全中心, 1, 0, 0, 1009]
    [C:\Program Files\360\360safe\safemon\safemon.dll]  [360.CN, 5, 0, 0, 1021]
    [C:\Program Files\360\360safe\safemon\urlproc.dll]  [360.CN, 1, 0, 0, 1006]
    [C:\Program Files\360\360safe\safemon\SafeKrnl.dll]  [奇虎网, 5, 0, 0, 1004]
    [C:\Program Files\360\360safe\AntiAdwa.dll]  [360Safe.com, 4, 2, 0, 1002]
    [C:\Program Files\360\360safe\safemon\360webpro.dll]  [360.CN, 1, 0, 0, 1008]
    [C:\Program Files\360\360safe\live.dll]  [360.cn, 1, 0, 2, 1007]
    [C:\Program Files\360\360safe\Antieng.dll]  [360Safe.com, 5, 0, 0, 1002]
    [C:\Program Files\360\360safe\pdown.dll]  [360Safe.com, 1, 1, 0, 0]
    [C:\Program Files\360\360safe\LiveUpd360.dll]  [360Safe.com, 1, 1, 0, 1007]
    [C:\Program Files\360\360safe\360net.dll]  [奇虎网, 1, 1, 3, 1006]
[PID: 1236][C:\WINNT\System32\internat.exe]  [(Verified) Microsoft Corporation, 5.00.2920.0000]
[PID: 892][C:\WINNT\System32\conime.exe]  [(Verified) Microsoft Corporation, 5.00.2180.1]
    [C:\Program Files\360\360safe\safemon\safemon.dll]  [360.CN, 5, 0, 0, 1021]
[PID: 864][C:\WINNT\System32\dllhost.exe]  [(Verified) Microsoft Corporation, 5.00.2195.2815]
    [c:\Oracle\Ora81\bin\ociw32.dll]  [Oracle Corporation, 8.0.5.0.0]
[PID: 1296][C:\zxbf\sreng2[1].8.1.1279版\sr-engldr.EXE]  [Smallfrogs Studio, 2.8.1.1279]
[PID: 1480][C:\zxbf\sreng2[1].8.1.1279版\SRE248f5e71.EXE]  [Smallfrogs Studio, 2.8.1.1279]
    [C:\Program Files\360\360safe\safemon\safemon.dll]  [360.CN, 5, 0, 0, 1021]
    [C:\zxbf\sreng2[1].8.1.1279版\Upload\3rdUpd.DLL]  [Smallfrogs Studio, 2, 1, 0, 15]

==================================
文件关联
.TXT  OK. [%SystemRoot%\system32\NOTEPAD.EXE %1]
.EXE  OK. ["%1" %*]
.COM  OK. ["%1" %*]
.PIF  OK. ["%1" %*]
.REG  OK. [regedit.exe "%1"]
.BAT  OK. ["%1" %*]
.SCR  OK. ["%1" /S]
.CHM  OK. ["C:\WINNT\hh.exe" %1]
.HLP  OK. [%SystemRoot%\System32\winhlp32.exe %1]
.INI  OK. [%SystemRoot%\System32\NOTEPAD.EXE %1]
.INF  OK. [%SystemRoot%\System32\NOTEPAD.EXE %1]
.VBS  OK. [%SystemRoot%\System32\WScript.exe "%1" %*]
.JS  OK. [%SystemRoot%\System32\WScript.exe "%1" %*]
.LNK  OK. [{00021401-0000-0000-C000-000000000046}]

==================================
Winsock 提供者
N/A

==================================
Autorun.inf
N/A

==================================
HOSTS 文件
127.0.0.1      localhost
10.43.113.195  ttaserver  ttaserver.tta.com.cn
144.40.16.23      www.360safe.com
144.40.16.23      my.360safe.com
144.40.16.23      dl.360safe.com
144.40.16.23      update.360safe.com
144.40.16.23      updatem.360safe.com
144.40.16.23      boxinst.360safe.com
144.40.16.23      softm.update.360safe.com
144.40.16.23      baike.360.cn
144.40.16.23      bimg.360.cn
144.40.16.23      img.360.cn
144.40.16.23      soft.360.cn
144.40.16.23      360.qihoo.com
144.40.16.23      pimg.qihoo.com
144.40.16.23      uimg.qihoo.com
144.40.16.23      aimg.qihoo.com
144.40.16.23      ardownload.adobe.com
144.40.16.23      fpdownload.macromedia.com

==================================
进程特权扫描
特殊特权被允许: SeLoadDriverPrivilege [PID = 684, C:\ORACLE\ORA81\BIN\TNSLSNR.EXE]
特殊特权被允许: SeLoadDriverPrivilege [PID = 764, C:\ORACLE\ORA81\BIN\ORACLE.EXE]
特殊特权被允许: SeLoadDriverPrivilege [PID = 788, C:\ORACLE\ORA81\BIN\OWASTSVR.EXE]
特殊特权被允许: SeLoadDriverPrivilege [PID = 1296, C:\ZXBF\SRENG2[1].8.1.1279版\SR-ENGLDR.EXE]

==================================
计划任务
N/A

==================================
Windows 安全更新检查
N/A

==================================
API HOOK
入口点错误:CreateProcessW (危险等级: 高,  被下面模块所HOOK: C:\Program Files\360\360safe\safemon\safemon.dll)
入口点错误:SHBrowseForFolder (危险等级: 高,  被下面模块所HOOK: 0x4483F5C8)
入口点错误:SHBrowseForFolderA (危险等级: 高,  被下面模块所HOOK: 0x4483F5C8)

==================================
隐藏进程
N/A
gototop
 
<<上一主题|下一主题>>
1   1  /  1  页   跳转
页面顶部
Powered by Discuz!NT