瑞星卡卡安全论坛技术交流区反病毒/反流氓软件论坛 近来总有人高价买我Q号,我怀疑给人注了木马,请帮我看看SREng扫描报告,谢谢!

12   1  /  2  页   跳转

[求助] 近来总有人高价买我Q号,我怀疑给人注了木马,请帮我看看SREng扫描报告,谢谢!

近来总有人高价买我Q号,我怀疑给人注了木马,请帮我看看SREng扫描报告,谢谢!

您好,近来总人有高价买我的Q号,并且只想在QQ上谈,而不喜欢电话谈和当面交易,我怀疑这些人能通过QQ聊天控制我的电脑,所以用SREng扫描了下,请高手们帮我看看结果,谢谢!

[CODE]
2010-07-30,20:01:35
System Repair Engineer 2.8.2.1321
Smallfrogs (http://www.KZTechs.com)
Windows XP Professional Service Pack 3 (Build 2600) - Administrative User - Completed Functions Allowed
Follow item(s) have been selected:
    All Boot Items (Including Registry, Startup Folders, Services and so on)
    Browser Add-ons
    Running Processes (Including process model information)
    File Associations
    Winsock Provider
    Autorun.Inf
    HOSTS File
    Process Privileges Scan
    Scheduled Tasks
    Windows Security Update Check
    API HOOK
    Hidden Process

Boot Items
Registry
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
    <ctfmon.exe><C:\WINDOWS\system32\ctfmon.exe>  [(Verified)Microsoft Windows Component Publisher]
    <DesktopSprite><C:\Program Files\SnowFox\DesktopSprite2\DesktopSprite.exe>  [SnowFox Studio.]
    <Lingoes><C:\Program Files\Lingoes\Translator2\Lingoes.exe -minimize>  [Lingoes Project]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
    <SynTPEnh><C:\Program Files\Synaptics\SynTP\SynTPEnh.exe>  [(Verified)Microsoft Windows Hardware Compatibility Publisher]
    <QlbCtrl.exe><C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start>  [(Verified)Hewlett-Packard Company]
    <360Safetray><"C:\Program Files\360\360Safe\safemon\360Tray.exe" /start>  [(Verified)Qizhi Software (beijing) Co. Ltd]
    <accrdsub><"c:\Program Files\ActivIdentity\ActivClient\accrdsub.exe">  [(Verified)ActivIdentity]
    <CognizanceTS><rundll32.exe c:\PROGRA~1\HEWLET~1\IAM\Bin\ASTSVCC.dll,RegisterModule>  [(Verified)Bioscrypt, Inc.]
    <AeXAgentLogon><C:\Program Files\Altiris\Altiris Agent\AeXAgentActivate.exe /logon>  [Altiris, Inc.]
    <ccApp><"C:\Program Files\Common Files\Symantec Shared\ccApp.exe">  [(Verified)Symantec Corporation]
    <360Safebox><"C:\Program Files\360Safebox\SafeBoxTray.exe" /r>  [(Verified)Qizhi Software (beijing) Co. Ltd]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
    <shell><Explorer.exe>  [(Verified)Microsoft Windows Component Publisher]
    <Userinit><C:\WINDOWS\system32\userinit.exe,>  [(Verified)Microsoft Windows Component Publisher]
    <GinaDLL><c:\Program Files\Hewlett-Packard\IAM\bin\ocgina.dll>  [(Verified)Bioscrypt, Inc.]
    <UIHost><logonui.exe>  [(Verified)Microsoft Windows Component Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
    <{AEB6717E-7E19-11d0-97EE-00C04FD91972}><shell32.dll>  [(Verified)Microsoft Windows Component Publisher]
    <{FBF23B40-E3F0-101B-8488-00AA003E56F8}><C:\WINDOWS\system32\ieframe.dll>  [(Verified)Microsoft Windows Component Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
    <PostBootReminder><%SystemRoot%\system32\SHELL32.dll>  [(Verified)Microsoft Windows Component Publisher]
    <CDBurn><%SystemRoot%\system32\SHELL32.dll>  [(Verified)Microsoft Windows Component Publisher]
    <WebCheck><C:\WINDOWS\system32\webcheck.dll>  [(Verified)Microsoft Windows Component Publisher]
    <SysTray><C:\WINDOWS\system32\stobject.dll>  [(Verified)Microsoft Windows Component Publisher]
    <WPDShServiceObj><C:\WINDOWS\system32\WPDShServiceObj.dll>  [(Verified)Microsoft Windows Component Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ackpbsc]
    <WinlogonNotify: ackpbsc><c:\WINDOWS\system32\ackpbsc.dll>  [ActivIdentity]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\acunlock]
    <WinlogonNotify: acunlock><c:\Program Files\ActivIdentity\ActivClient\acunlock.dll>  [ActivIdentity]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\crypt32chain]
    <WinlogonNotify: crypt32chain><crypt32.dll>  [(Verified)Microsoft Windows Component Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\cryptnet]
    <WinlogonNotify: cryptnet><cryptnet.dll>  [(Verified)Microsoft Windows Component Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\cscdll]
    <WinlogonNotify: cscdll><cscdll.dll>  [(Verified)Microsoft Windows Component Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\dimsntfy]
    <WinlogonNotify: dimsntfy><%SystemRoot%\System32\dimsntfy.dll>  [(Verified)Microsoft Windows Component Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\OneCard]
    <WinlogonNotify: OneCard><c:\Program Files\Hewlett-Packard\IAM\Bin\ASWLNPkg.dll>  [(Verified)Bioscrypt, Inc.]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ScCertProp]
    <WinlogonNotify: ScCertProp><wlnotify.dll>  [(Verified)Microsoft Windows Component Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\Schedule]
    <WinlogonNotify: Schedule><wlnotify.dll>  [(Verified)Microsoft Windows Component Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\sclgntfy]
    <WinlogonNotify: sclgntfy><sclgntfy.dll>  [(Verified)Microsoft Windows Component Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\SensLogn]
    <WinlogonNotify: SensLogn><WlNotify.dll>  [(Verified)Microsoft Windows Component Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\termsrv]
    <WinlogonNotify: termsrv><wlnotify.dll>  [(Verified)Microsoft Windows Component Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\wlballoon]
    <WinlogonNotify: wlballoon><wlnotify.dll>  [(Verified)Microsoft Windows Component Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler]
    <{438755C2-A8BA-11D1-B96B-00A0C90312E1}><%SystemRoot%\system32\browseui.dll>  [(Verified)Microsoft Windows Component Publisher]
    <{8C7461EF-2B13-11d2-BE35-3078302C2030}><%SystemRoot%\system32\browseui.dll>  [(Verified)Microsoft Windows Component Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\<{12d0ed0d-0ee0-4f90-8827-78cefb8f4988}]
    <IE7 Uninstall Stub><C:\WINDOWS\system32\ieudinit.exe>  [(Verified)Microsoft Windows Component Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\>{22d6f312-b0f6-11d0-94ab-0080c74c7e95}]
    <Microsoft Windows Media Player><C:\WINDOWS\inf\unregmp2.exe /ShowWMP>  [(Verified)Microsoft Windows Component Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\>{26923b43-4d38-484f-9b9e-de460746276c}]
    <Internet Explorer><%systemroot%\system32\shmgrate.exe OCInstallUserConfigIE>  [File is missing]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\>{60B49E34-C7CC-11D0-8953-00A0C90347FF}]
    <Browser Customizations><RunDLL32 IEDKCS32.DLL,BrandIE4 SIGNUP>  [(Verified)Microsoft Windows Component Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\>{60B49E34-C7CC-11D0-8953-00A0C90347FF}MICROS]
    <Browser Customizations><RunDLL32 IEDKCS32.DLL,BrandIE4 SIGNUP>  [(Verified)Microsoft Windows Component Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\>{881dd1c5-3dcf-431b-b061-f3f88e8be88a}]
    <Outlook Express><%systemroot%\system32\shmgrate.exe OCInstallUserConfigOE>  [File is missing]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\aetsprov]
    <N/A><C:\WINDOWS\system32\regsvr32.exe /s C:\WINDOWS\system32\aetsprov.dll>  [File is missing]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{2C7339CF-2B09-4501-B3F3-F3508C9228ED}]
    <Themes Setup><%SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll>  [File is missing]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{44BBA840-CC51-11CF-AAFA-00AA00B6015C}]
    <Microsoft Outlook Express 6><"%ProgramFiles%\Outlook Express\setup50.exe" /APP:OE /CALLER:WINNT /user /install>  [File is missing]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{44BBA842-CC51-11CF-AAFA-00AA00B6015B}]
    <NetMeeting 3.01><rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msnetmtg.inf,NetMtg.Install.PerUser.NT>  [(Verified)Microsoft Windows Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{5945c046-1e7d-11d1-bc44-00c04fd912be}]
    <Windows Messenger 4.7><rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msmsgs.inf,BLC.QuietInstall.PerUser>  [(Verified)Microsoft Windows Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{6BF52A52-394A-11d3-B153-00C04F79FAA6}]
    <Microsoft Windows Media Player><rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\wmp11.inf,PerUserStub>  [(Verified)Microsoft Windows Component Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{7790769C-0471-11d2-AF11-00C04FA35D02}]
    <Address Book 6><"%ProgramFiles%\Outlook Express\setup50.exe" /APP:WAB /CALLER:WINNT /user /install>  [File is missing]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{89820200-ECBD-11cf-8B85-00AA005B4340}]
    <Windows Desktop Update><regsvr32.exe /s /n /i:U shell32.dll>  [(Verified)Microsoft Windows Component Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{89820200-ECBD-11cf-8B85-00AA005B4383}]
    <Internet Explorer><C:\WINDOWS\system32\ie4uinit.exe -BaseSettings>  [(Verified)Microsoft Windows Component Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{89B4C1CD-B018-4511-B0A1-5476DBF70820}]
    <N/A><C:\WINDOWS\system32\Rundll32.exe C:\WINDOWS\system32\mscories.dll,Install>  [(Verified)Microsoft Corporation]
[HKEY_CURRENT_USER\Control Panel\Desktop]
    <SCRNSAVE.EXE><C:\WINDOWS\system32\BUBBLE~1.SCR>  [Microsoft Corporation]
==================================
Startup Folders
[VPN Client]
  <C:\Documents and Settings\All Users\Start Menu\Programs\Startup\VPN Client.lnk --> C:\PROGRA~1\CISCOS~1\VPNCLI~1\vpngui.exe [Cisco Systems, Inc.]><N>
[Freecom Password Protection]
  <C:\Documents and Settings\cpengja\Start Menu\Programs\Startup\Freecom Password Protection.lnk --> C:\PROGRA~1\FREECO~1\Password.exe [Freecom]><N>
[map_driver]
  <C:\Documents and Settings\cpengja\Start Menu\Programs\Startup\map_driver.lnk --> C:\DOCUME~1\cpengja\Desktop\MAP_DR~1.BAT [N/A]><N>
[wnwb]
  <C:\Documents and Settings\cpengja\Start Menu\Programs\Startup\wnwb.lnk --> C:\PROGRA~1\ShiQiang\wnwb\wnwb.exe [深圳世强软件开发部 www.wn51.com ]><N>

用户系统信息:Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.30; .NET CLR 3.0.04506.648; .NET CLR 1.1.4322)

附件附件:

下载次数:162
文件类型:application/octet-stream
文件大小:
上传时间:2010-7-30 20:07:43
描述:log

分享到:
gototop
 

回复:近来总有人高价买我Q号,我怀疑给人注了木马,请帮我看看SREng扫描报告,谢谢!

第二部分:
==================================
Services
[ActivClient Middleware Service / accoca][Running/Auto Start]
  <"c:\Program Files\ActivIdentity\ActivClient\accoca.exe"><ActivIdentity>
[Altiris Agent / AeXNSClient][Running/Auto Start]
  <C:\Program Files\Altiris\Altiris Agent\AeXNSAgent.exe><Altiris, Inc.>
[Agere Modem Call Progress Audio / AgereModemAudio][Running/Auto Start]
  <C:\WINDOWS\system32\agrsmsvc.exe><Agere Systems>
[Ati HotKey Poller / Ati HotKey Poller][Stopped/Manual Start]
  <C:\WINDOWS\system32\Ati2evxx.exe><ATI Technologies Inc.>
[AuthenTec Fingerprint Service / ATService][Running/Auto Start]
  <c:\Program Files\Fingerprint Sensor\AtService.exe><AuthenTec, Inc.>
[Autodesk Licensing Service / Autodesk Licensing Service][Stopped/Manual Start]
  <"C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe"><Autodesk>
[Autodesk Network Licensing Service / Autodesk Network Licensing Service][Stopped/Manual Start]
  <C:\Program Files\Common Files\Autodesk Shared\Service\AdskNetSrv.exe><Autodesk, Inc.>
[Bluetooth Service / btwdins][Stopped/Manual Start]
  <C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe><Broadcom Corporation.>
[Altiris Carbon Copy / CarbonCopy32][Running/Auto Start]
  <C:\WINDOWS\system32\ccsrvc.exe><Altiris>
[Symantec Event Manager / ccEvtMgr][Running/Auto Start]
  <"C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe" /h ccCommon><Symantec Corporation>
[Symantec Settings Manager / ccSetMgr][Running/Auto Start]
  <"C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe" /h ccCommon><Symantec Corporation>
[Cmb WebProtect Support / CMBWPS][Running/Auto Start]
  <C:\Program Files\CMBCHINA\WebProtect\WPService.exe /start><China Merchants Bank>
[Com4QLBEx / Com4QLBEx][Running/Manual Start]
  <"C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe"><Hewlett-Packard Development Company, L.P.>
[Cisco Systems, Inc. VPN Service / CVPND][Running/Auto Start]
  <"C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe"><Cisco Systems, Inc.>
[Windows Presentation Foundation Font Cache 3.0.0.0 / FontCache3.0.0.0][Stopped/Manual Start]
  <c:\WINDOWS\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe><Microsoft Corporation>
[HP ProtectTools Service / HP ProtectTools Service][Running/Auto Start]
  <"c:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\PTChangeFilterService.exe"><Hewlett-Packard Development Company, L.P>
[hpqwmiex / hpqwmiex][Running/Manual Start]
  <"C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe"><Hewlett-Packard Development Company, L.P.>
[Windows CardSpace / idsvc][Stopped/Manual Start]
  <"C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe"><Microsoft Corporation>
[Java Quick Starter / JavaQuickStarterService][Stopped/Manual Start]
  <"C:\Program Files\Java\jre6\bin\jqs.exe" -service -config "C:\Program Files\Java\jre6\lib\deploy\jqs\jqs.conf"><Sun Microsystems, Inc.>
[LiveUpdate / LiveUpdate][Stopped/Manual Start]
  <"C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE"><Symantec Corporation>
[Net.Tcp Port Sharing Service / NetTcpPortSharing][Stopped/Disabled]
  <"C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe"><Microsoft Corporation>
[ServiceLayer / ServiceLayer][Stopped/Manual Start]
  <"C:\Program Files\PC Connectivity Solution\ServiceLayer.exe"><Nokia>
[Symantec Management Client / SmcService][Running/Auto Start]
  <"C:\Program Files\Symantec AntiVirus\Smc.exe"><Symantec Corporation>
[Symantec Network Access Control / SNAC][Stopped/Disabled]
  <"C:\Program Files\Symantec AntiVirus\SNAC.EXE"><Symantec Corporation>
[Symantec Endpoint Protection / Symantec AntiVirus][Running/Auto Start]
  <"C:\Program Files\Symantec AntiVirus\Rtvscan.exe"><Symantec Corporation>
[主动防御 / ZhuDongFangYu][Running/Auto Start]
  <"C:\Program Files\360\360Safe\deepscan\zhudongfangyu.exe"><360.cn>

==================================
Drivers
[360AntiARP / 360AntiARP][Running/System Start]
  <\??\C:\WINDOWS\system32\Drivers\360AntiARP.sys><360安全中心>
[360netmon / 360netmon][Running/System Start]
  <\??\C:\WINDOWS\system32\drivers\360netmon.sys><360.cn>
[360SelfProtection / 360SelfProtection][Running/System Start]
  <system32\drivers\360SelfProtection.sys><360安全中心>
[HP Accelerometer / Accelerometer][Running/Manual Start]
  <system32\DRIVERS\Accelerometer.sys><Hewlett-Packard Corporation>
[ADI UAA Function Driver for High Definition Audio Service / ADIHdAudAddService][Running/Manual Start]
  <system32\drivers\ADIHdAud.sys><Analog Devices, Inc.>
[AE Audio Service / AEAudio][Running/Manual Start]
  <system32\drivers\AEAudio.sys><Andrea Electronics Corporation>
[Agere Systems Soft Modem / AgereSoftModem][Running/Manual Start]
  <system32\DRIVERS\AGRSM.sys><Agere Systems>
[ati2mtag / ati2mtag][Running/Manual Start]
  <system32\DRIVERS\ati2mtag.sys><ATI Technologies Inc.>
[AuthenTec TruePrint USB WDF Driver / ATSwpWDF][Running/Manual Start]
  <System32\Drivers\ATSwpWDF.sys><AuthenTec, Inc.>
[Broadcom NetXtreme Gigabit Ethernet / b57w2k][Stopped/Manual Start]
  <system32\DRIVERS\b57xp32.sys><Broadcom Corporation>
[BAPIDRV / BAPIDRV][Running/System Start]
  <\??\C:\WINDOWS\system32\drivers\BAPIDRV.SYS><360.cn>
[蓝牙音频设备 / btaudio][Running/Manual Start]
  <system32\drivers\btaudio.sys><Broadcom Corporation.>
[蓝牙虚拟通信驱动程序 / BTDriver][Running/Manual Start]
  <system32\DRIVERS\btport.sys><Broadcom Corporation.>
[Bluetooth Bus Enumerator / BTKRNL][Running/Manual Start]
  <system32\DRIVERS\btkrnl.sys><Broadcom Corporation.>
[蓝牙局域网接入服务器 / BTWDNDIS][Running/Manual Start]
  <system32\DRIVERS\btwdndis.sys><Broadcom Corporation.>
[蓝牙调制解调器 / btwmodem][Running/Manual Start]
  <system32\DRIVERS\btwmodem.sys><Broadcom Corporation.>
[WIDCOMM USB Bluetooth Driver / BTWUSB][Running/Manual Start]
  <System32\Drivers\btwusb.sys><Broadcom Corporation.>
[COH_Mon / COH_Mon][Stopped/Manual Start]
  <\??\C:\WINDOWS\system32\Drivers\COH_Mon.sys><Symantec Corporation>
[Cisco Systems VPN Adapter / CVirtA][Stopped/Manual Start]
  <system32\DRIVERS\CVirtA.sys><Cisco Systems, Inc.>
[Cisco Systems Inc. IPSec Driver / CVPNDRVA][Running/Auto Start]
  <\??\C:\WINDOWS\system32\Drivers\CVPNDRVA.sys><Cisco Systems, Inc.>
[DLABOIOM / DLABOIOM][Running/Auto Start]
  <System32\DLA\DLABOIOM.SYS><Sonic Solutions>
[DLACDBHM / DLACDBHM][Running/System Start]
  <System32\Drivers\DLACDBHM.SYS><Sonic Solutions>
[DLADResN / DLADResN][Running/Auto Start]
  <System32\DLA\DLADResN.SYS><Sonic Solutions>
[DLAIFS_M / DLAIFS_M][Running/Auto Start]
  <System32\DLA\DLAIFS_M.SYS><Sonic Solutions>
[DLAOPIOM / DLAOPIOM][Running/Auto Start]
  <System32\DLA\DLAOPIOM.SYS><Sonic Solutions>
[DLAPoolM / DLAPoolM][Running/Auto Start]
  <System32\DLA\DLAPoolM.SYS><Sonic Solutions>
[DLARTL_N / DLARTL_N][Running/System Start]
  <System32\Drivers\DLARTL_N.SYS><Sonic Solutions>
[DLAUDFAM / DLAUDFAM][Running/Auto Start]
  <System32\DLA\DLAUDFAM.SYS><Sonic Solutions>
[DLAUDF_M / DLAUDF_M][Running/Auto Start]
  <System32\DLA\DLAUDF_M.SYS><Sonic Solutions>
[Deterministic Network Enhancer Miniport / DNE][Running/Manual Start]
  <system32\DRIVERS\dne2000.sys><Deterministic Networks, Inc.>
[DRVMCDB / DRVMCDB][Running/Boot Start]
  <\SystemRoot\System32\Drivers\DRVMCDB.SYS><Sonic Solutions>
[DRVNDDM / DRVNDDM][Running/Auto Start]
  <System32\Drivers\DRVNDDM.SYS><Sonic Solutions>
[Intel(R) PRO/1000 PCI Express Network Connection Driver / e1express][Stopped/Manual Start]
  <system32\DRIVERS\e1e5132.sys><N/A>
[Intel(R) Gigabit Network Connections Driver / e1yexpress][Running/Manual Start]
  <system32\DRIVERS\e1y5132.sys><Intel Corporation>
[Symantec Eraser Control driver / eeCtrl][Running/System Start]
  <\??\C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys><Symantec Corporation>
[EfiSystemMon / EfiMon][Running/System Start]
  <System32\Drivers\Efimon.sys><奇虎网>
[EraserUtilRebootDrv / EraserUtilRebootDrv][Running/Manual Start]
  <\??\C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys><Symantec Corporation>
[Freecom Turbo USB 2.0 / FNETTHJM][Stopped/Manual Start]
  <system32\drivers\fnetthjm.sys><FNet Co., Ltd.>
[usb Card Device / ft2kEnum][Running/Manual Start]
  <system32\DRIVERS\ic2kenum.sys><OEM Corporation>
[USB Chip Holder Service / GDBaseSmc][Running/Manual Start]
  <system32\DRIVERS\Chip_smc.sys><OEM>
[USB Chip Service / GD_USB][Stopped/Manual Start]
  <system32\DRIVERS\Chip_usb.sys><>
[HBtnKey / HBtnKey][Running/Manual Start]
  <system32\DRIVERS\cpqbttn.sys><Hewlett-Packard Development Company, L.P.>
[Microsoft UAA Bus Driver for High Definition Audio / HDAudBus][Running/Manual Start]
  <system32\DRIVERS\HDAudBus.sys><Windows (R) Server 2003 DDK provider>
[Intel(R) Management Engine Interface / HECI][Running/Manual Start]
  <system32\DRIVERS\HECI.sys><Intel Corporation>
[HookPort / HookPort][Running/Boot Start]
  <\SystemRoot\System32\Drivers\Hookport.sys><360安全中心>
[HP Disk Filter Driver / hpdskflt][Running/Boot Start]
  <\SystemRoot\system32\DRIVERS\hpdskflt.sys><Hewlett-Packard Corporation>
[HpqKbFilter Driver / HpqKbFiltr][Running/Manual Start]
  <system32\DRIVERS\HpqKbFiltr.sys><Hewlett-Packard Development Company, L.P.>
[Intel AHCI Controller / iaStor][Running/Boot Start]
  <\SystemRoot\system32\DRIVERS\iaStor.sys><Intel Corporation>
[NAVENG / NAVENG][Running/Manual Start]
  <\??\C:\PROGRA~1\COMMON~1\SYMANT~1\VIRUSD~1\20100729.002\NAVENG.SYS><Symantec Corporation>
[NAVEX15 / NAVEX15][Running/Manual Start]
  <\??\C:\PROGRA~1\COMMON~1\SYMANT~1\VIRUSD~1\20100729.002\NAVEX15.SYS><Symantec Corporation>
[Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows XP 32 Bit / NETw5x32][Running/Manual Start]
  <system32\DRIVERS\NETw5x32.sys><Intel Corporation>
[DDK PACKET Protocol / Packet][Running/System Start]
  <system32\DRIVERS\ProtoDrv.sys><360安全中心>
[PCCS Mode Change Filter Driver / pccsmcfd][Stopped/Manual Start]
  <system32\DRIVERS\pccsmcfd.sys><Nokia>
[Direct Parallel Link Driver / Ptilink][Running/Manual Start]
  <system32\DRIVERS\ptilink.sys><Parallel Technologies, Inc.>
[PxHelp20 / PxHelp20][Running/Boot Start]
  <\SystemRoot\system32\Drivers\PxHelp20.sys><Sonic Solutions>
[Quantum DeepScanner Servers / quxxxserv][Running/System Start]
  <\??\C:\WINDOWS\system32\drivers\quxxxrv.sys><360安全中心>
[qutmipc / qutmipc][Running/System Start]
  <\??\C:\WINDOWS\system32\drivers\qutmipc.sys><360安全中心>
[SmartCard Reader Device  / Reader_Device][Running/Manual Start]
  <system32\DRIVERS\usbic2k.sys><OEM>
[rimmptsk / rimmptsk][Running/Auto Start]
  <system32\DRIVERS\rimmptsk.sys><REDC>
[RICOH Smart Card Reader / rismc32][Running/Manual Start]
  <system32\DRIVERS\rismc32.sys><RICOH Company, Ltd.>
[SafeBoxKrnl / SafeBoxKrnl][Running/System Start]
  <\??\C:\WINDOWS\system32\drivers\SafeBoxKrnl.sys><360安全中心>
[Secdrv / Secdrv][Stopped/Manual Start]
  <system32\DRIVERS\secdrv.sys><Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.>
[Sonic Focus DSP Driver / SFAUDIO][Running/Boot Start]
  <\SystemRoot\system32\drivers\sfaudio.sys><Sonic Focus, Inc>
[SMC IrCC Miniport Device Driver / SMCIRDA][Stopped/Manual Start]
  <system32\DRIVERS\smcirda.sys><SMC>
[Sony USB Filter Driver (SONYPVU1) / SONYPVU1][Stopped/Manual Start]
  <system32\DRIVERS\SONYPVU1.SYS><Sony Corporation>
[SPBBCDrv / SPBBCDrv][Running/System Start]
  <\??\C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCDrv.sys><Symantec Corporation>
[SRTSP / SRTSP][Running/System Start]
  <System32\Drivers\SRTSP.SYS><Symantec Corporation>
[SRTSPL / SRTSPL][Stopped/Manual Start]
  <System32\Drivers\SRTSPL.SYS><Symantec Corporation>
[SRTSPX / SRTSPX][Running/System Start]
  <System32\Drivers\SRTSPX.SYS><Symantec Corporation>
[SymEvent / SymEvent][Running/Manual Start]
  <\??\C:\WINDOWS\system32\Drivers\SYMEVENT.SYS><Symantec Corporation>
[Symmpi / Symmpi][Running/Boot Start]
  <\SystemRoot\system32\DRIVERS\symmpi.sys><LSI Logic>
[SYMREDRV / SYMREDRV][Running/Manual Start]
  <\SystemRoot\System32\Drivers\SYMREDRV.SYS><Symantec Corporation>
[SYMTDI / SYMTDI][Running/System Start]
  <\SystemRoot\System32\Drivers\SYMTDI.SYS><Symantec Corporation>
[Synaptics TouchPad Driver / SynTP][Running/Manual Start]
  <system32\DRIVERS\SynTP.sys><Synaptics, Inc.>
[upperdev / upperdev][Stopped/Manual Start]
  <system32\DRIVERS\usbser_lowerflt.sys><N/A>
[UsbserFilt / UsbserFilt][Stopped/Manual Start]
  <system32\DRIVERS\usbser_lowerfltj.sys><N/A>
[vnccom / vnccom][Running/Auto Start]
  <System32\Drivers\vnccom.SYS><RDV Soft>
[vncdrv / vncdrv][Running/Manual Start]
  <system32\DRIVERS\vncdrv.sys><RDV Soft>
[vsdatant / vsdatant][Stopped/Manual Start]
  <\??\C:\WINDOWS\system32\vsdatant.sys><Zone Labs LLC>

==================================
gototop
 

回复:近来总有人高价买我Q号,我怀疑给人注了木马,请帮我看看SREng扫描报告,谢谢!

第三部分:
==================================
Browser Add-ons
[Adobe PDF Link Helper]
  {18DF081C-E8AD-4283-A596-FA578C2EBDC3} <C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll, (Signed) Adobe Systems Incorporated>
[WebProtect]
  {53763D1D-9CA8-4C7C-9756-A8E6B8FC063B} <C:\Program Files\CMBCHINA\WebProtect\WebProtect.dll, (Signed) China Merchants Bank>
[SSVHelper Class]
  {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} <C:\Program Files\Java\jre6\bin\ssv.dll, (Signed) Sun Microsystems, Inc.>
[Windows Live 登录帮助程序]
  {9030D464-4C02-4ABF-8ECC-5164760863C6} <C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll, (Signed) Microsoft Corporation>
[SafeMon Class]
  {B69F34DD-F0F9-42DC-9EDD-957187DA688D} <C:\Program Files\360\360Safe\safemon\safemon.dll, (Signed) 360.cn>
[Java(tm) Plug-In 2 SSV Helper]
  {DBC80044-A445-435b-BC74-9C25C1C588A9} <C:\Program Files\Java\jre6\bin\jp2ssv.dll, Sun Microsystems, Inc.>
[JQSIEStartDetectorImpl Class]
  {E7E6F031-17CE-4C07-BC86-EABFE594F69C} <C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll, Sun Microsystems, Inc.>
[Java Plug-in 1.5.0_10]
  {08B0E5C0-4FCB-11CF-AAA5-00401C608501} <C:\Program Files\Java\jre6\bin\jp2iexp.dll, >
[信息检索(&R)]
  {92780B25-18CC-41C8-B9BE-3C9C571A8263} <C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL, (Signed) Microsoft Corporation>
[@btrez.dll,-4015]
  {CCA281CA-C863-46ef-9331-5C8D4460577F} <, >
[]
  {e2e2dd38-d088-4134-82b7-f2ba38496583} <%windir%\Network Diagnostic\xpnetdiag.exe, (Signed) N/A>
[Messenger]
  {FB5F1910-F110-11d2-BB9E-00C04F795683} <C:\Program Files\Messenger\msmsgs.exe, (Signed) Microsoft Corporation>
[]
  {00000033-9593-4264-8B29-930B3E4EDCCD} <, >
[Edit Class]
  {0CA54D3F-CEAE-48AF-9A2B-31909CB9515D} <C:\WINDOWS\system32\CMBEdit.dll, >
[iTrusPTA Class]
  {1E0DFFCF-27FF-4574-849B-55007349FEDA} <C:\WINDOWS\system32\aliedit\pta.dll, (Signed) >
[GDGetTokenInfo Class]
  {3AA9CF07-DF20-48FF-98BE-DED276E40146} <C:\WINDOWS\system32\GDREAD~1.DLL, >
[]
  {3BFFE033-BF43-11D5-A271-00A024A51325} <, >
[EditCtrl Class]
  {488A4255-3236-44B3-8F27-FA1AECAA8844} <C:\WINDOWS\system32\aliedit\aliedit.dll, (Signed) >
[]
  {536600D3-70FE-4C50-92FB-640F6BFC49AD} <, >
[]
  {5CB840B5-A94E-4AD9-B785-4866E3B04476} <, >
[]
  {62B938C4-4190-4F37-8CF0-A92B0A91CC77} <, >
[ERPageAddin Class]
  {6E2510E6-BF2D-4C78-9F28-2F5C8760F124} <C:\Program Files\eRoom 7\ERAddIn7.ocx, (Signed) EMC>
[AxInputControl Class]
  {73E4740C-08EB-4133-896B-8D0A7C9EE3CD} <C:\WINDOWS\system32\InputControl.dll, >
[]
  {78ABDC59-D8E7-44D3-9A76-9A0918C52B4A} <, >
[Java Plug-in 1.6.0_13]
  {8AD9C840-044E-11D1-B3E9-00805F499D93} <C:\Program Files\Java\jre6\bin\jp2iexp.dll, >
[AxSubmitControl Class]
  {8D9E0B29-563C-4226-86C1-5FF2AE77E1D2} <C:\WINDOWS\system32\SubmitControl.dll, >
[]
  {A4D72433-2E43-42BD-BEFC-434823AF93CE} <, >
[InfoSecICBCNetSign Class]
  {B1FBC1AD-5644-4084-882A-0F8BA85E7506} <C:\WINDOWS\system32\ICBC_N~1.DLL, (Signed) Infosec Technologies Co., Ltd.>
[PJ12chsC Class]
  {B480D352-4710-4E7F-AD4D-D4E58ED5E16D} <C:\WINDOWS\Downloaded Program Files\PJ12chsC.dll, (Signed) Microsoft Corporation>
[]
  {C5D0DFF5-6D39-4F98-88CD-12E8430A6300} <, >
[Java Plug-in 1.5.0_10]
  {CAFEEFAC-0015-0000-0010-ABCDEFFEDCBA} <C:\Program Files\Java\jre6\bin\jp2iexp.dll, >
[Java Plug-in 1.6.0_13]
  {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} <C:\Program Files\Java\jre6\bin\jp2iexp.dll, >
[Java Plug-in 1.6.0_13]
  {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} <C:\Program Files\Java\jre6\bin\npjpi160_13.dll, (Signed) Sun Microsystems, Inc.>
[PjAdoInfo4 Class]
  {E3089160-E8AD-4C5B-B47C-ADDF3DF660DD} <C:\WINDOWS\Downloaded Program Files\PJQUERY12.ocx, (Signed) Microsoft Corporation>
[]
  {E9C9692E-F93C-11D1-ABB0-0040054FC6FB} <, >
[ADODB.Recordset]
  {00000535-0000-0010-8000-00AA006D2EA4} <C:\Program Files\Common Files\System\ado\msado15.dll, (Signed) Microsoft Corporation>
[]
  {01443AEC-0FD1-40FD-9C87-E93D1494C233} <, >
[Adobe PDF Reader Link Helper]
  {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} <C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll, (Signed) Adobe Systems Incorporated>
[]
  {08B0E5C0-4FCB-11CF-AAA5-00401C608501} <, >
[Edit Class]
  {0CA54D3F-CEAE-48AF-9A2B-31909CB9515D} <C:\WINDOWS\system32\CMBEdit.dll, >
[InfosecCertInstall Class]
  {0EB487C8-E9AC-43A6-8C4C-083999B0622F} <C:\WINDOWS\system32\certInStall.dll, >
[Adobe PDF Link Helper]
  {18DF081C-E8AD-4283-A596-FA578C2EBDC3} <C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll, (Signed) Adobe Systems Incorporated>
[iTrusPTA Class]
  {1E0DFFCF-27FF-4574-849B-55007349FEDA} <C:\WINDOWS\system32\aliedit\pta.dll, (Signed) >
[]
  {1E36C446-29F0-4773-A3FB-59C5501446EB} <, >
[]
  {22BF413B-C6D2-4D91-82A9-A0F997BA588C} <, >
[XML DOM Document]
  {2933BF90-7B36-11D2-B20E-00C04F983E60} <C:\WINDOWS\system32\msxml3.dll, (Signed) Microsoft Corporation>
[DHTML Edit Control Safe for Scripting for IE5]
  {2D360201-FFF5-11D1-8D03-00A0C959BC0A} <C:\Program Files\Common Files\Microsoft Shared\Triedit\dhtmled.ocx, (Signed) Microsoft Corporation>
[MS Project Text Conversion Class]
  {2DD5B7DA-E43C-44DC-A69D-B10A34D6FC09} <C:\WINDOWS\Downloaded Program Files\PJTEXTCONV12.dll, (Signed) Microsoft Corporation>
[GDGetTokenInfo Class]
  {3AA9CF07-DF20-48FF-98BE-DED276E40146} <C:\WINDOWS\system32\GDREAD~1.DLL, >
[]
  {47833539-D0C5-4125-9FA8-0819E2EAAC93} <, >
[]
  {485463B7-8FB2-4B3B-B29B-8B919B0EACCE} <, >
[EditCtrl Class]
  {488A4255-3236-44B3-8F27-FA1AECAA8844} <C:\WINDOWS\system32\aliedit\aliedit.dll, (Signed) >
[]
  {5067A26B-1337-4436-8AFE-EE169C2DA79F} <, >
[WebProtect]
  {53763D1D-9CA8-4C7C-9756-A8E6B8FC063B} <C:\Program Files\CMBCHINA\WebProtect\WebProtect.dll, (Signed) China Merchants Bank>
[MS Project Grid Control]
  {53A157C8-38C3-4315-BAA1-F9F3A7D43E37} <C:\WINDOWS\Downloaded Program Files\PJGRID12.ocx, (Signed) Microsoft Corporation>
[isInstalled Class]
  {5852F5ED-8BF4-11D4-A245-0080C6F74284} <C:\Program Files\Java\jre6\bin\wsdetect.dll, Sun Microsystems, Inc.>
[DriveLetterAccess]
  {5CA3D70E-1895-11CF-8E15-001234567890} <C:\WINDOWS\System32\DLA\DLASHX_W.DLL, Sonic Solutions>
[WangWangX Class]
  {5D09DD40-CDC4-4C56-B615-0D1E3B357C2B} <C:\Program Files\AliWangWang\AliIMX.dll, (Signed) Alibaba software (Shanghai) Corporation.>
[Windows Media Player]
  {6BF52A52-394A-11D3-B153-00C04F79FAA6} <C:\WINDOWS\system32\wmp.dll, (Signed) Microsoft Corporation>
[AxInputControl Class]
  {73E4740C-08EB-4133-896B-8D0A7C9EE3CD} <C:\WINDOWS\system32\InputControl.dll, >
[SSVHelper Class]
  {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} <C:\Program Files\Java\jre6\bin\ssv.dll, (Signed) Sun Microsystems, Inc.>
[]
  {77BF5300-1474-4EC7-9980-D32B190E9B07} <, >
[]
  {78ABDC59-D8E7-44D3-9A76-9A0918C52B4A} <, >
[]
  {7CCE07A5-A590-4554-B5C3-082840D7012E} <, >
[]
  {7E853D72-626A-48EC-A868-BA8D5E23E045} <, >
[360SafeLive]
  {87515F61-A66C-4319-A0E0-D416CB8059E3} <C:\Program Files\360\360Safe\Safelive.dll, (Signed) 360.cn>
[Microsoft Web Browser]
  {8856F961-340A-11D0-A96B-00C04FD705A2} <C:\WINDOWS\system32\ieframe.dll, (Signed) Microsoft Corporation>
[]
  {889D2FEB-5411-4565-8998-1DD2C5261283} <, >
[XML DOM Document 5.0]
  {88D969E5-F192-11D4-A65F-0040963251E5} <C:\Program Files\Common Files\Microsoft Shared\OFFICE11\msxml5.dll, (Signed) Microsoft Corporation>
[XML DOM Document 6.0]
  {88D96A05-F192-11D4-A65F-0040963251E5} <C:\WINDOWS\system32\msxml6.dll, (Signed) Microsoft Corporation>
[XML HTTP 6.0]
  {88D96A0A-F192-11D4-A65F-0040963251E5} <C:\WINDOWS\system32\msxml6.dll, (Signed) Microsoft Corporation>
[AxSubmitControl Class]
  {8D9E0B29-563C-4226-86C1-5FF2AE77E1D2} <C:\WINDOWS\system32\SubmitControl.dll, >
[Windows Live 登录帮助程序]
  {9030D464-4C02-4ABF-8ECC-5164760863C6} <C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll, (Signed) Microsoft Corporation>
[ProjOpenFile4 Class]
  {9064EC26-0FA6-44A5-B709-C5632986CEAF} <C:\WINDOWS\Downloaded Program Files\PJQUERY12.ocx, (Signed) Microsoft Corporation>
[SharePoint OpenDocuments Class]
  {9203C2CB-1DC1-482D-967E-597AFF270F0D} <C:\PROGRA~1\MICROS~2\Office12\OWSSUPP.DLL, (Signed) Microsoft Corporation>
[]
  {92780B25-18CC-41C8-B9BE-3C9C571A8263} <, >
[]
  {9701758C-4373-482E-B13C-776C048EC890} <, >
[MS Project Query Class]
  {9C5F1AE3-0F74-4BDB-92E3-F0C8B33BC552} <C:\WINDOWS\Downloaded Program Files\PJQUERY12.ocx, (Signed) Microsoft Corporation>
[]
  {9EFF1953-9694-47B1-AEF6-B2A3FE8BFE9B} <, >
[]
  {A4D72433-2E43-42BD-BEFC-434823AF93CE} <, >
[APlayer Control]
  {A9322148-C691-4B9D-91FC-B9C461DBE9DD} <C:\Program Files\Common Files\Thunder Network\APlayer\APlayer_001.dll, (Signed) ShenZhen Thunder Networking Technologies, LTD>
[]
  {AE7CD045-E861-484F-8273-0445EE161910} <, >
[InfoSecICBCNetSign Class]
  {B1FBC1AD-5644-4084-882A-0F8BA85E7506} <C:\WINDOWS\system32\ICBC_N~1.DLL, (Signed) Infosec Technologies Co., Ltd.>
[PJ12chsC Class]
  {B480D352-4710-4E7F-AD4D-D4E58ED5E16D} <C:\WINDOWS\Downloaded Program Files\PJ12chsC.dll, (Signed) Microsoft Corporation>
[SafeMon Class]
  {B69F34DD-F0F9-42DC-9EDD-957187DA688D} <C:\Program Files\360\360Safe\safemon\safemon.dll, (Signed) 360.cn>
[SharePoint Stssync Handler]
  {BDEADEF5-C265-11D0-BCED-00A0C90AB50F} <C:\PROGRA~1\MICROS~2\Office12\OWSSUPP.DLL, (Signed) Microsoft Corporation>
[Adobe PDF Reader]
  {CA8A9780-280D-11CF-A24D-444553540000} <C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroPDF.dll, (Signed) Adobe Systems, Inc.>
[scano_bean Class]
  {CBEC49AE-E55D-4D06-A375-48D008BCE5FD} <C:\Program Files\Macrowing\edoc2 Client Controls\npctrl.dll, Macrowing IT Co. Ltd.>
[]
  {CCA281CA-C863-46EF-9331-5C8D4460577F} <, >
[AUDIO__MP3 Moniker Class]
  {CD3AFA76-B84F-48F0-9393-7EDC34128127} <C:\WINDOWS\system32\wmp.dll, (Signed) Microsoft Corporation>
[Shockwave Flash Object]
  {D27CDB6E-AE6D-11CF-96B8-444553540000} <C:\WINDOWS\system32\Macromed\Flash\Flash10h.ocx, (Signed) Adobe Systems, Inc.>
[Java(tm) Plug-In 2 SSV Helper]
  {DBC80044-A445-435B-BC74-9C25C1C588A9} <C:\Program Files\Java\jre6\bin\jp2ssv.dll, Sun Microsystems, Inc.>
[]
  {DF21F1DB-80C6-11D3-9483-B03D0EC10000} <, >
[]
  {E1771B7F-98BE-407F-BA67-AA16ADA5D0C5} <C:\PROGRA~1\WINDOW~4\MESSEN~1\MSGSC1~1.DLL, (Signed) Microsoft Corporation>
[NameCtrl Class]
  {E18FEC31-2EA1-49A2-A7A6-902DC0D1FF05} <C:\Program Files\Microsoft Office\Office12\NAME.DLL, (Signed) Microsoft Corporation>
[]
  {E2E2DD38-D088-4134-82B7-F2BA38496583} <, >
[PjAdoInfo4 Class]
  {E3089160-E8AD-4C5B-B47C-ADDF3DF660DD} <C:\WINDOWS\Downloaded Program Files\PJQUERY12.ocx, (Signed) Microsoft Corporation>
[JQSIEStartDetectorImpl Class]
  {E7E6F031-17CE-4C07-BC86-EABFE594F69C} <C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll, Sun Microsystems, Inc.>
[TimwpDll.TimwpCheck]
  {ED4CA2E5-0EEA-44C1-AD7E-74A07A7507A4} <C:\PROGRA~1\Tencent\TM2009\Bin\Timwp.dll, (Signed) Tencent>
[XML HTTP Request]
  {ED8C108E-4349-11D2-91A4-00C04F7969E8} <C:\WINDOWS\system32\msxml3.dll, (Signed) Microsoft Corporation>
[XML DOM Document]
  {F6D90F11-9C73-11D3-B32E-00C04F990BB4} <C:\WINDOWS\system32\msxml3.dll, (Signed) Microsoft Corporation>
[XML HTTP]
  {F6D90F16-9C73-11D3-B32E-00C04F990BB4} <C:\WINDOWS\system32\msxml3.dll, (Signed) Microsoft Corporation>
[]
  {FB5F1910-F110-11D2-BB9E-00C04F795683} <, >
[webmod Class]
  {FEE3C8C5-9BEA-4079-AB36-63ECABFC7392} <C:\WINDOWS\system32\aliedit\alidcp.dll, (Signed) Alipay.com Co.,Ltd>

==================================
gototop
 

回复:近来总有人高价买我Q号,我怀疑给人注了木马,请帮我看看SREng扫描报告,谢谢!

第四部分:
==================================
Running Processes
[PID: 1404 / SYSTEM][\SystemRoot\System32\smss.exe]  [(Verified) Microsoft Corporation, 5.1.2600.5512 (xpsp.080413-2111)]
[PID: 1524 / SYSTEM][\??\C:\WINDOWS\system32\csrss.exe]  [(Verified) Microsoft Corporation, 5.1.2600.5512 (xpsp.080413-2111)]
[PID: 1560 / SYSTEM][\??\C:\WINDOWS\system32\winlogon.exe]  [(Verified) Microsoft Corporation, 5.1.2600.5512 (xpsp.080413-2113)]
    [C:\WINDOWS\system32\APSHook.dll]  [Bioscrypt Inc., 3.0.0.041]
    [c:\Program Files\Hewlett-Packard\IAM\bin\ocgina.dll]  [Bioscrypt Inc., 3.0.0.179]
    [C:\WINDOWS\system32\MSVCR70.dll]  [Microsoft Corporation, 7.00.9955.0]
    [c:\Program Files\Hewlett-Packard\IAM\bin\itmsg.dll]  [Bioscrypt Inc., 1.21.1.492]
    [c:\Program Files\Hewlett-Packard\IAM\bin\brand.dll]  [Hewlett-Packard Company, 4.02.0.40]
    [C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\mscorlib\fee8c8ba9b84a7832274adcbfc9d5ca4\mscorlib.ni.dll]  [Microsoft Corporation, 2.0.50727.1873 (QFEN-1.050727-1800)]
    [c:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\PTHostServices.dll]  [Hewlett-Packard, 4, 00, 11, 0152]
    [C:\WINDOWS\assembly\GAC_MSIL\System.Xml\2.0.0.0__b77a5c561934e089\System.Xml.dll]  [Microsoft Corporation, 2.0.50727.1433 (REDBITS.050727-1400)]
    [C:\WINDOWS\assembly\GAC_MSIL\System\2.0.0.0__b77a5c561934e089\System.dll]  [Microsoft Corporation, 2.0.50727.1433 (REDBITS.050727-1400)]
    [c:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\PTStrings.dll]  [Hewlett-Packard Development Company, L.P., 4.00.11.0152]
    [C:\WINDOWS\assembly\GAC_MSIL\System.Security\2.0.0.0__b03f5f7f11d50a3a\System.Security.dll]  [Microsoft Corporation, 2.0.50727.1433 (REDBITS.050727-1400)]
    [c:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\Interop.PTHstServsLib.dll]  [ , 1.0.0.0]
    [c:\Program Files\Hewlett-Packard\IAM\bin\ItTal.dll]  [Bioscrypt Inc., 4.0.0.233]
    [c:\Program Files\Hewlett-Packard\IAM\bin\ItReports.DLL]  [Bioscrypt Inc., 2.5.0.60]
    [c:\Program Files\Hewlett-Packard\IAM\Bin\AsChnl.dll]  [Bioscrypt Inc., 1.27.1.171]
    [c:\WINDOWS\system32\ackpbsc.dll]  [ActivIdentity, 4,3,0,6]
    [C:\WINDOWS\system32\aclog.dll]  [ActivIdentity, 1,2,0,4]
    [C:\WINDOWS\system32\accrypto.dll]  [ActivIdentity, 2,3,0,5]
    [C:\WINDOWS\system32\ACLIBEAY.dll]  [ActivIdentity, 3,0,0,1]
    [C:\WINDOWS\WinSxS\x86_Microsoft.VC80.MFC_1fc8b3b9a1e18e3b_8.0.50727.4053_x-ww_b77cec8e\MFC80.DLL]  [Microsoft Corporation, 8.00.50727.4053]
    [C:\WINDOWS\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.922_x-ww_92403109\MFC80ENU.DLL]  [Microsoft Corporation, 8.00.50727.922]
    [C:\WINDOWS\system32\Ati2evxx.dll]  [ATI Technologies Inc., 6.14.10.4176]
    [c:\Program Files\Hewlett-Packard\IAM\Bin\ASWLNPkg.dll]  [Bioscrypt Inc., 3.0.0.119]
    [c:\Program Files\Hewlett-Packard\IAM\Bin\TrayIcon.dll]  [Bioscrypt Inc., 3.0.0.404]
    [c:\Program Files\Hewlett-Packard\IAM\Bin\ItDac.DLL]  [Bioscrypt Inc., 1.00.396]
    [C:\WINDOWS\system32\MFC42LOC.DLL]  [Microsoft Corporation, 6.00.8168.0]
    [c:\Program Files\Hewlett-Packard\IAM\Bin\BioAuth.dll]  [Bioscrypt Inc., 3.0.0.514]
    [c:\Program Files\Hewlett-Packard\IAM\Bin\ItClient.dll]  [Bioscrypt Inc., 3.0.0.135]
    [c:\Program Files\Hewlett-Packard\IAM\Bin\ItVCClient.dll]  [Bioscrypt Inc., 3.0.0.220]
    [c:\Program Files\Hewlett-Packard\IAM\Bin\ittalsnap.dll]  [Bioscrypt Inc., 4.0.0.410]
    [c:\Program Files\Hewlett-Packard\IAM\Bin\AuthWiz.dll]  [Bioscrypt Inc., 3.0.0.759]
    [c:\Program Files\Hewlett-Packard\IAM\Bin\ItVCard.dll]  [Bioscrypt Inc., 1.01.217]
    [c:\Program Files\Hewlett-Packard\IAM\Bin\TpmAuth.dll]  [Bioscrypt Inc., 3.0.0.68]
    [c:\Program Files\Hewlett-Packard\IAM\Bin\TokenAuth.dll]  [Bioscrypt Inc., 4.0.0.186]
    [c:\Program Files\Hewlett-Packard\IAM\Bin\NetAdmin.dll]  [Bioscrypt Inc., 3.0.0.200]
    [c:\Program Files\ActivIdentity\ActivClient\acunlock.dll]  [ActivIdentity, 6,1,3,13]
    [C:\WINDOWS\system32\aipingui.dll]  [ActivIdentity, 6,1,3,25]
    [C:\WINDOWS\system32\acevtsub.dll]  [ActivIdentity, 4,3,0,2]
    [C:\WINDOWS\system32\asphat32.dll]  [ActivIdentity, 2,5,0,19]
    [C:\WINDOWS\system32\acerrmes.dll]  [ActivIdentity, 2,5,0,9]
    [C:\WINDOWS\system32\aspcom.dll]  [ActivIdentity, 2,5,0,1]
    [C:\WINDOWS\system32\aicext.dll]  [N/A, ]
    [c:\Program Files\ActivIdentity\ActivClient\Resources\Localized\acerrmrc.dll]  [ActivIdentity, 2,5,0,9]
    [c:\Program Files\ActivIdentity\ActivClient\Resources\Localized\asphatrc.dll]  [ActivIdentity, 2,5,0,19]
    [c:\Program Files\ActivIdentity\ActivClient\Resources\Localized\aipinguirc.dll]  [ActivIdentity, 6,1,3,25]
    [c:\Program Files\ActivIdentity\ActivClient\resources\acCobAPIrc.dll]  [ActivIdentity, 2,5,0,16]
    [c:\Program Files\ActivIdentity\ActivClient\Resources\Localized\acunlockrc.dll]  [ActivIdentity, 6,1,3,13]
    [C:\Program Files\Symantec AntiVirus\SnacNp.dll]  [Symantec Corporation, 11.0.5002.267]
[PID: 1604 / SYSTEM][C:\WINDOWS\system32\services.exe]  [(Verified) Microsoft Corporation, 5.1.2600.5755 (xpsp_sp3_qfe.090206-1316)]
    [C:\WINDOWS\system32\APSHook.dll]  [Bioscrypt Inc., 3.0.0.041]
[PID: 1616 / SYSTEM][C:\WINDOWS\system32\lsass.exe]  [(Verified) Microsoft Corporation, 5.1.2600.5512 (xpsp.080413-2113)]
    [C:\WINDOWS\system32\APSHook.dll]  [Bioscrypt Inc., 3.0.0.041]
    [c:\Program Files\Hewlett-Packard\IAM\bin\ASWLNPkg.dll]  [Bioscrypt Inc., 3.0.0.119]
    [C:\WINDOWS\system32\MSVCR70.dll]  [Microsoft Corporation, 7.00.9955.0]
    [c:\Program Files\Hewlett-Packard\IAM\bin\itmsg.dll]  [Bioscrypt Inc., 1.21.1.492]
    [C:\WINDOWS\system32\aetsprov.dll]  [A.E.T. Europe B.V., 2.3.0.9]
    [C:\WINDOWS\system32\MSVCP71.dll]  [Microsoft Corporation, 7.10.6030.0]
    [C:\WINDOWS\system32\MSVCR71.dll]  [Microsoft Corporation, 7.10.6030.0]
[PID: 1792 / SYSTEM][C:\WINDOWS\System32\svchost.exe]  [(Verified) Microsoft Corporation, 5.1.2600.5512 (xpsp.080413-2111)]
    [C:\WINDOWS\System32\APSHook.dll]  [Bioscrypt Inc., 3.0.0.041]
    [c:\program files\hewlett-packard\iam\bin\aschnl.dll]  [Bioscrypt Inc., 1.27.1.171]
    [c:\program files\hewlett-packard\iam\bin\itmsg.dll]  [Bioscrypt Inc., 1.21.1.492]
    [C:\WINDOWS\system32\MSVCR70.dll]  [Microsoft Corporation, 7.00.9955.0]
    [c:\program files\hewlett-packard\iam\bin\aswlnpkg.dll]  [Bioscrypt Inc., 3.0.0.119]
    [c:\Program Files\Hewlett-Packard\IAM\Bin\BioAuthSrv.dll]  [Bioscrypt Inc., 3.0.0.110]
    [c:\Program Files\Hewlett-Packard\IAM\Bin\ItDac.DLL]  [Bioscrypt Inc., 1.00.396]
    [c:\Program Files\Hewlett-Packard\IAM\Bin\ItReports.DLL]  [Bioscrypt Inc., 2.5.0.60]
    [c:\Program Files\Hewlett-Packard\IAM\Bin\ItAuth.dll]  [Bioscrypt Inc., 1.01.253]
    [c:\Program Files\Hewlett-Packard\IAM\bin\brand.dll]  [Hewlett-Packard Company, 4.02.0.40]
    [c:\Program Files\Hewlett-Packard\IAM\Bin\AuthWiz.dll]  [Bioscrypt Inc., 3.0.0.759]
    [c:\Program Files\Hewlett-Packard\IAM\Bin\TpmAuth.dll]  [Bioscrypt Inc., 3.0.0.68]
    [c:\Program Files\Hewlett-Packard\IAM\Bin\ItVCServer.dll]  [Bioscrypt Inc., 1.00.170]
    [c:\Program Files\Hewlett-Packard\IAM\Bin\ItVCard.dll]  [Bioscrypt Inc., 1.01.217]
    [c:\Program Files\Hewlett-Packard\IAM\Bin\NetAdmin.dll]  [Bioscrypt Inc., 3.0.0.200]
    [c:\Program Files\Hewlett-Packard\IAM\Bin\PETpm.dll]  [Bioscrypt Inc., 3.0.0.11]
    [c:\Program Files\Hewlett-Packard\IAM\Bin\PESched.dll]  [Bioscrypt Inc., 3.0.0.19]
    [c:\Program Files\Hewlett-Packard\IAM\Bin\PEActiveRule.dll]  [Bioscrypt Inc., 1.01.0.45]
    [c:\Program Files\Hewlett-Packard\IAM\Bin\pecustom.dll]  [Bioscrypt Inc., 1.01.0.16]
    [c:\Program Files\Hewlett-Packard\IAM\Bin\PEAuth.dll]  [Bioscrypt Inc., 4.0.0.81]
[PID: 1828 / SYSTEM][c:\Program Files\Fingerprint Sensor\AtService.exe]  [AuthenTec, Inc., 8.0.200.33]
    [C:\WINDOWS\system32\APSHook.dll]  [Bioscrypt Inc., 3.0.0.041]
[PID: 1848 / SYSTEM][C:\WINDOWS\system32\svchost.exe]  [(Verified) Microsoft Corporation, 5.1.2600.5512 (xpsp.080413-2111)]
    [C:\WINDOWS\system32\APSHook.dll]  [Bioscrypt Inc., 3.0.0.041]
[PID: 1908 / NETWORK SERVICE][C:\WINDOWS\system32\svchost.exe]  [(Verified) Microsoft Corporation, 5.1.2600.5512 (xpsp.080413-2111)]
    [C:\WINDOWS\system32\APSHook.dll]  [Bioscrypt Inc., 3.0.0.041]
[PID: 1964 / SYSTEM][C:\WINDOWS\System32\svchost.exe]  [(Verified) Microsoft Corporation, 5.1.2600.5512 (xpsp.080413-2111)]
    [C:\WINDOWS\System32\APSHook.dll]  [Bioscrypt Inc., 3.0.0.041]
    [C:\Program Files\Symantec AntiVirus\SymRasMan.dll]  [Symantec Corporation, 11.0.5002.267]
    [C:\Program Files\Symantec AntiVirus\RasSymEap.dll]  [Symantec Corporation, 11.0.5002.267]
    [C:\WINDOWS\System32\aetsprov.dll]  [A.E.T. Europe B.V., 2.3.0.9]
    [C:\WINDOWS\System32\MSVCP71.dll]  [Microsoft Corporation, 7.10.6030.0]
    [C:\WINDOWS\System32\MSVCR71.dll]  [Microsoft Corporation, 7.10.6030.0]
[PID: 2016 / SYSTEM][C:\WINDOWS\system32\svchost.exe]  [(Verified) Microsoft Corporation, 5.1.2600.5512 (xpsp.080413-2111)]
    [C:\WINDOWS\system32\APSHook.dll]  [Bioscrypt Inc., 3.0.0.041]
[PID: 388 / SYSTEM][C:\Program Files\Symantec AntiVirus\Smc.exe]  [Symantec Corporation, 11.0.5002.301]
    [C:\Program Files\Symantec AntiVirus\Trident.dll]  [Symantec Corporation, 11.0.5002.301]
    [C:\Program Files\Symantec AntiVirus\deuParser.dll]  [Symantec Corporation, 11.0.5002.301]
    [C:\Program Files\Symantec AntiVirus\TseConfig.dll]  [Symantec Corporation, 11.0.5002.301]
    [C:\Program Files\Symantec AntiVirus\SpNet.dll]  [Symantec Corporation, 11.0.5002.301]
    [C:\Program Files\Symantec AntiVirus\SyLog.dll]  [Symantec Corporation, 11.0.5002.301]
    [C:\Program Files\Symantec AntiVirus\NacManager.plg]  [Symantec Corporation, 11.0.5002.301]
    [C:\WINDOWS\WinSxS\x86_Microsoft.VC80.MFC_1fc8b3b9a1e18e3b_8.0.50727.4053_x-ww_b77cec8e\MFC80.DLL]  [Microsoft Corporation, 8.00.50727.4053]
    [C:\Program Files\Symantec AntiVirus\SyLink.dll]  [Symantec Corporation, 11.0.5002.301]
    [C:\Program Files\Symantec AntiVirus\DataMan.dll]  [Symantec Corporation, 11.0.5002.301]
    [C:\Program Files\Symantec AntiVirus\tse.dll]  [Symantec Corporation, 11.0.5002.301]
    [C:\Program Files\Symantec AntiVirus\PSSensor.dll]  [Symantec Corporation, 11.0.5002.301]
    [C:\Program Files\Symantec AntiVirus\SSSensor.dll]  [Symantec Corporation, 11.0.5002.301]
    [C:\Program Files\Symantec AntiVirus\IdsTrafficPipe.dll]  [Symantec Corporation, 11.0.5002.301]
    [C:\Program Files\Symantec AntiVirus\wpsman.dll]  [Symantec Corporation, 11.0.5002.301]
    [C:\Program Files\Symantec AntiVirus\tfman.dll]  [Symantec Corporation, 11.0.5002.301]
    [C:\Program Files\Symantec AntiVirus\SgHI.dll]  [Symantec Corporation, 11.0.5002.301]
    [C:\Program Files\Symantec AntiVirus\SfConfig.dll]  [Symantec Corporation, 11.0.5002.301]
    [C:\Program Files\Symantec AntiVirus\SgConfig.dll]  [Symantec Corporation, 11.0.5002.301]
    [C:\Program Files\Symantec AntiVirus\Netport.dll]  [Symantec Corporation, 11.0.5002.301]
    [C:\WINDOWS\system32\APSHook.dll]  [Bioscrypt Inc., 3.0.0.041]
    [C:\WINDOWS\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.922_x-ww_92403109\MFC80ENU.DLL]  [Microsoft Corporation, 8.00.50727.922]
    [C:\Program Files\Common Files\Symantec Shared\ccL608.dll]  [Symantec Corporation, 106.5.0.10]
    [C:\Program Files\Symantec AntiVirus\res\1033\SmcRes.dll]  [Symantec Corporation, 11.0.5002.301]
    [C:\Program Files\Symantec AntiVirus\AVMan.plg]  [Symantec Corporation, 11.0.5002.301]
    [C:\Program Files\Symantec AntiVirus\GUProxy.plg]  [Symantec Corporation, 11.0.5002.301]
    [C:\Program Files\Symantec AntiVirus\LuMan.plg]  [Symantec Corporation, 11.0.5002.301]
    [C:\Program Files\Symantec AntiVirus\res\1033\AvManRes.dll]  [Symantec Corporation, 11.0.5002.301]
    [C:\Program Files\Symantec AntiVirus\AvPluginImpl.dll]  [Symantec Corporation, 11.0.5002.290]
    [C:\WINDOWS\WinSxS\x86_Microsoft.VC80.ATL_1fc8b3b9a1e18e3b_8.0.50727.4053_x-ww_473666fd\ATL80.DLL]  [Microsoft Corporation, 8.00.50727.4053]
    [C:\Program Files\Symantec AntiVirus\res\1033\GUProxyRes.dll]  [Symantec Corporation, 11.0.5002.301]
    [C:\Program Files\Symantec AntiVirus\res\1033\LUManRes.dll]  [Symantec Corporation, 11.0.5002.301]
    [C:\Program Files\Symantec AntiVirus\res\1033\SgHIRes.dll]  [Symantec Corporation, 11.0.5002.301]
    [C:\Program Files\Symantec AntiVirus\res\1033\SpNetRes.dll]  [Symantec Corporation, 11.0.5002.301]
    [C:\Program Files\Symantec AntiVirus\res\1033\TseRes.dll]  [Symantec Corporation, 11.0.5002.301]
    [C:\Program Files\Common Files\Symantec Shared\ccVrTrst.dll]  [Symantec Corporation, 106.5.0.10]
    [C:\WINDOWS\system32\MSVCP71.dll]  [Microsoft Corporation, 7.10.6030.0]
    [C:\WINDOWS\system32\MSVCR71.dll]  [Microsoft Corporation, 7.10.6030.0]
    [C:\Program Files\Common Files\Symantec Shared\ccL60U.dll]  [Symantec Corporation, 106.5.0.10]
    [C:\Program Files\Symantec AntiVirus\ManagedUnloader.dll]  [Symantec Corporation, 11.0.5002.290]
[PID: 460 / NETWORK SERVICE][C:\WINDOWS\system32\svchost.exe]  [(Verified) Microsoft Corporation, 5.1.2600.5512 (xpsp.080413-2111)]
    [C:\WINDOWS\system32\APSHook.dll]  [Bioscrypt Inc., 3.0.0.041]
[PID: 480 / SYSTEM][C:\Program Files\360\360Safe\deepscan\zhudongfangyu.exe]  [360.cn, 3, 2, 2, 1002]
    [C:\Program Files\360\360Safe\SoftMgr\360SoftMgrS.dll]  [360.cn, 2, 1, 5, 1100]
    [C:\Program Files\360\360Safe\deepscan\CloudCom2.dll]  [360.cn, 3, 2, 3, 3001]
    [C:\WINDOWS\system32\MFC42LOC.DLL]  [Microsoft Corporation, 6.00.8168.0]
    [C:\Program Files\360\360Safe\deepscan\bapi.dll]  [360.cn, 1.0.0.1010]
    [C:\Program Files\360\360Safe\deepscan\heavygate.dll]  [360.cn, 3, 6, 21, 0]
    [C:\Program Files\360\360Safe\deepscan\qutmload.dll]  [360安全中心, 6, 5, 0, 1003]
[PID: 904 / SYSTEM][C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe]  [Symantec Corporation, 106.5.0.10]
    [C:\WINDOWS\system32\MSVCP71.dll]  [Microsoft Corporation, 7.10.6030.0]
    [C:\WINDOWS\system32\MSVCR71.dll]  [Microsoft Corporation, 7.10.6030.0]
    [C:\Program Files\Common Files\Symantec Shared\ccL60U.dll]  [Symantec Corporation, 106.5.0.10]
    [C:\WINDOWS\system32\APSHook.dll]  [Bioscrypt Inc., 3.0.0.041]
    [C:\Program Files\Common Files\Symantec Shared\ccVrTrst.dll]  [Symantec Corporation, 106.5.0.10]
    [C:\Program Files\Common Files\Symantec Shared\ccSvc.dll]  [Symantec Corporation, 106.5.0.10]
    [C:\Program Files\Common Files\Symantec Shared\ccSet.dll]  [Symantec Corporation, 106.5.0.10]
    [C:\PROGRA~1\COMMON~1\SYMANT~1\CCSETPLG.DLL]  [Symantec Corporation, 106.5.0.10]
    [C:\PROGRA~1\COMMON~1\SYMANT~1\SAVSUB~1\SUBENG.DLL]  [Symantec Corporation, 11.0.5002.290]
    [C:\Program Files\Symantec AntiVirus\res\1033\SUBRES.loc]  [Symantec Corporation, 11.0.5002.290]
    [C:\PROGRA~1\COMMON~1\SYMANT~1\SNDSVC.DLL]  [Symantec Corporation, 7.2.5.9]
    [C:\Program Files\Common Files\Symantec Shared\ccL60.dll]  [Symantec Corporation, 106.5.0.10]
    [C:\WINDOWS\system32\SymNeti.dll]  [Symantec Corporation, 7.2.5.9]
    [C:\PROGRA~1\COMMON~1\SYMANT~1\CCEVTPLG.DLL]  [Symantec Corporation, 106.5.0.10]
    [C:\Program Files\Common Files\Symantec Shared\ccEvtCli.dll]  [Symantec Corporation, 106.5.0.10]
    [C:\PROGRA~1\COMMON~1\SYMANT~1\SPBBC\SPBBCEVT.DLL]  [Symantec Corporation, 3.5.0.15]
    [C:\PROGRA~1\COMMON~1\SYMANT~1\SRTSP\SRTSP32.DLL]  [Symantec Corporation, 10.3.0.15]
    [C:\Program Files\Common Files\Symantec Shared\ccProSub.dll]  [Symantec Corporation, 106.5.0.10]
    [C:\PROGRA~1\COMMON~1\SYMANT~1\CCSETEVT.DLL]  [Symantec Corporation, 106.5.0.10]
    [C:\WINDOWS\system32\ATL71.DLL]  [Microsoft Corporation, 7.10.6041.0]
    [C:\PROGRA~1\COMMON~1\SYMANT~1\SAVSUB~1\SubConn.dll]  [Symantec Corporation, 11.0.5002.290]
    [C:\Program Files\Symantec AntiVirus\SAVSubmitter.dll]  [Symantec Corporation, 11.0.5002.290]
    [C:\Program Files\Symantec AntiVirus\res\1033\SAVSubmitterRes.dll]  [Symantec Corporation, 11.0.5002.290]
    [C:\Program Files\Common Files\Symantec Shared\SPBBC\bbRGen.dll]  [Symantec Corporation, 3.5.0.15]
[PID: 1016 / SYSTEM][C:\WINDOWS\system32\spoolsv.exe]  [(Verified) Microsoft Corporation, 5.1.2600.5512 (xpsp.080413-0852)]
gototop
 

回复:近来总有人高价买我Q号,我怀疑给人注了木马,请帮我看看SREng扫描报告,谢谢!

第五部分:
    [C:\WINDOWS\system32\APSHook.dll]  [Bioscrypt Inc., 3.0.0.041]
    [C:\WINDOWS\system32\bthcrp.dll]  [Broadcom Corporation., 5.1.0.4803]
    [C:\WINDOWS\system32\WidcommSdk.dll]  [Broadcom Corporation., 5.1.0.4803]
    [C:\WINDOWS\system32\wbtapi.dll]  [Broadcom Corporation., 5.1.0.4803]
    [C:\WINDOWS\system32\MFC42LOC.DLL]  [Microsoft Corporation, 6.00.8168.0]
    [C:\WINDOWS\system32\CCMONNT.DLL]  [Altiris, 6.2.1144]
    [C:\WINDOWS\system32\cpwmon2k.dll]  [N/A, ]
    [C:\WINDOWS\System32\spool\PRTPROCS\W32X86\mdippr.dll]  [Microsoft Corporation, 11.3.1897.0]
[PID: 1416 / SYSTEM][c:\Program Files\ActivIdentity\ActivClient\accoca.exe]  [ActivIdentity, 4,3,0,3]
    [C:\WINDOWS\system32\aclog.dll]  [ActivIdentity, 1,2,0,4]
    [C:\WINDOWS\system32\ACLIBEAY.dll]  [ActivIdentity, 3,0,0,1]
    [C:\WINDOWS\system32\accrypto.dll]  [ActivIdentity, 2,3,0,5]
    [C:\WINDOWS\WinSxS\x86_Microsoft.VC80.MFC_1fc8b3b9a1e18e3b_8.0.50727.4053_x-ww_b77cec8e\MFC80.DLL]  [Microsoft Corporation, 8.00.50727.4053]
    [C:\WINDOWS\system32\APSHook.dll]  [Bioscrypt Inc., 3.0.0.041]
    [C:\WINDOWS\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.922_x-ww_92403109\MFC80ENU.DLL]  [Microsoft Corporation, 8.00.50727.922]
    [c:\Program Files\ActivIdentity\ActivClient\resources\accocarc.dll]  [ActivIdentity, 4,3,0,3]
[PID: 1748 / SYSTEM][C:\Program Files\Altiris\Altiris Agent\AeXNSAgent.exe]  [Altiris, Inc., 6.0.0.2394]
    [C:\WINDOWS\system32\APSHook.dll]  [Bioscrypt Inc., 3.0.0.041]
    [C:\Program Files\Altiris\Altiris Agent\AeXAgentUI.dll]  [Altiris, Inc., 6.0.0.2394]
    [C:\Program Files\Altiris\Altiris Agent\AeXTaskSchedulerLib.dll]  [Altiris, Inc., 6.0.0.2394]
    [C:\Program Files\Common Files\Altiris\AeXNetComms.dll]  [Altiris, Inc., 6.0.0.2394]
    [C:\Program Files\Altiris\Altiris Agent\AeXSWDAgent.dll]  [Altiris, Inc, 6.0.1540.0]
    [C:\Program Files\Altiris\Altiris Agent\AeXBasicInventory.dll]  [Altiris, Inc., 6.0.0.2394]
    [C:\Program Files\Altiris\Altiris Agent\AeXAMAgent.dll]  [Altiris, Inc., 6, 1, 31, 0]
    [C:\Program Files\Altiris\Carbon Copy\aexcclientagent.dll]  [Altiris, 6.2.1144]
    [C:\Program Files\Altiris\Carbon Copy\MSVCP71.dll]  [Microsoft Corporation, 7.10.3077.0]
    [C:\Program Files\Altiris\Carbon Copy\MSVCR71.dll]  [Microsoft Corporation, 7.10.3052.4]
    [C:\Program Files\Altiris\Altiris Agent\AeXTaskSynchAgent.dll]  [Altiris, 6.1.1030.0]
    [C:\Program Files\Common Files\Altiris\AexPackageDelivery.dll]  [Altiris, Inc., 6.0.0.2394]
    [C:\WINDOWS\system32\AeXSystemPerformance.dll]  [Altiris, Inc., 6, 1, 31, 0]
    [C:\WINDOWS\system32\netfxperf.dll]  [Microsoft Corporation, 1.1.4322.573]
    [C:\PROGRA~1\PASOFTS\ESales\bin\dbctrs8.dll]  [iAnywhere Solutions, Inc., 8.0.2.4272]
    [C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\aspnet_isapi.dll]  [Microsoft Corporation, 1.1.4322.573]
[PID: 1808 / SYSTEM][C:\WINDOWS\system32\agrsmsvc.exe]  [Agere Systems, 1.0.0.7]
    [C:\WINDOWS\system32\APSHook.dll]  [Bioscrypt Inc., 3.0.0.041]
[PID: 328 / SYSTEM][C:\WINDOWS\system32\ccsrvc.exe]  [Altiris, 6.2.1144]
    [C:\WINDOWS\system32\APSHook.dll]  [Bioscrypt Inc., 3.0.0.041]
[PID: 344 / SYSTEM][C:\Program Files\CMBCHINA\WebProtect\WPService.exe]  [China Merchants Bank, 1, 0, 0, 1]
    [C:\WINDOWS\system32\APSHook.dll]  [Bioscrypt Inc., 3.0.0.041]
    [C:\Program Files\CMBCHINA\WebProtect\WebProtectPlus.dll]  [China Merchants Bank, 1, 0, 0, 1]
[PID: 352 / SYSTEM][C:\Program Files\Altiris\Carbon Copy\shellker.exe]  [Altiris, 6.2.1144]
    [C:\Program Files\Altiris\Carbon Copy\MCMSGBOX.dll]  [Altiris, 6.2.1144]
    [C:\Program Files\Altiris\Carbon Copy\MFC71.DLL]  [Microsoft Corporation, 7.10.3077.0]
    [C:\Program Files\Altiris\Carbon Copy\MSVCR71.dll]  [Microsoft Corporation, 7.10.3052.4]
    [C:\Program Files\Altiris\Carbon Copy\CONMGRUI.dll]  [Altiris, 6.2.1144]
    [C:\Program Files\Altiris\Carbon Copy\registry.dll]  [Altiris, 6.2.1144]
    [C:\Program Files\Altiris\Carbon Copy\PhoneBk.dll]  [Altiris, 6.2.1144]
    [C:\Program Files\Altiris\Carbon Copy\Commdevs.dll]  [Altiris, 6.2.1144]
    [C:\Program Files\Altiris\Carbon Copy\NETINFO.dll]  [Altiris, 6.2.1144]
    [C:\Program Files\Altiris\Carbon Copy\userprof.dll]  [Altiris, 6.2.1146]
    [C:\Program Files\Altiris\Carbon Copy\ACommon.dll]  [Altiris, 6.2.1144]
    [C:\Program Files\Altiris\Carbon Copy\MsgLog.dll]  [Altiris, 6.2.1144]
    [C:\Program Files\Altiris\Carbon Copy\MSVCP71.dll]  [Microsoft Corporation, 7.10.3077.0]
    [C:\WINDOWS\system32\APSHook.dll]  [Bioscrypt Inc., 3.0.0.041]
    [C:\WINDOWS\system32\MFC71ENU.DLL]  [Microsoft Corporation, 7.10.3077.0]
    [C:\Program Files\Altiris\Carbon Copy\SECUI.DLL]  [Altiris, 6.2.1144]
    [C:\Program Files\Altiris\Carbon Copy\iutility.dll]  [Altiris, 6.2.1144]
    [C:\Program Files\Altiris\Carbon Copy\CCDOSKEY.DLL]  [Altiris, 6.2.1144]
    [C:\PROGRA~1\Altiris\CARBON~1\gcc.dll]  [Altiris, 6.2.1144]
    [C:\Program Files\Altiris\Carbon Copy\cdwsock.dll]  [Altiris, 6.2.1144]
[PID: 376 / SYSTEM][C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe]  [Cisco Systems, Inc., 5.0.01.0600]
    [C:\WINDOWS\system32\vpnapi.dll]  [N/A, ]
    [C:\WINDOWS\system32\APSHook.dll]  [Bioscrypt Inc., 3.0.0.041]
    [C:\WINDOWS\system32\MFC42LOC.DLL]  [Microsoft Corporation, 6.00.8168.0]
    [C:\WINDOWS\system32\vsdata.dll]  [Zone Labs LLC, 5.5.062.011]
    [C:\WINDOWS\system32\VSINIT.dll]  [Zone Labs LLC, 5.5.062.011]
[PID: 416 / SYSTEM][c:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\PTChangeFilterService.exe]  [Hewlett-Packard Development Company, L.P, 4.00.11.0152]
    [C:\WINDOWS\system32\APSHook.dll]  [Bioscrypt Inc., 3.0.0.041]
    [C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\mscorlib\fee8c8ba9b84a7832274adcbfc9d5ca4\mscorlib.ni.dll]  [Microsoft Corporation, 2.0.50727.1873 (QFEN-1.050727-1800)]
    [C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System\ccfeb59f4a9b75909eb2d1121232a769\System.ni.dll]  [Microsoft Corporation, 2.0.50727.1433 (REDBITS.050727-1400)]
    [C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.ServiceProce#\47d862e0dc37c830cc3397decf6c0590\System.ServiceProcess.ni.dll]  [Microsoft Corporation, 2.0.50727.1433 (REDBITS.050727-1400)]
    [c:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\PTHostServices.dll]  [Hewlett-Packard, 4, 00, 11, 0152]
    [C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Xml\717cce3690d643df19d6a4117283048e\System.Xml.ni.dll]  [Microsoft Corporation, 2.0.50727.1433 (REDBITS.050727-1400)]
    [c:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\PTStrings.dll]  [Hewlett-Packard Development Company, L.P., 4.00.11.0152]
    [c:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\Interop.HPQWMIEXLib.dll]  [ , 1.0.0.0]
    [C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Security\428a3be3d5be01f129e0effdc455d831\System.Security.ni.dll]  [Microsoft Corporation, 2.0.50727.1433 (REDBITS.050727-1400)]
    [C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Drawing\e58e83951091f2616344c5d2a6787660\System.Drawing.ni.dll]  [Microsoft Corporation, 2.0.50727.1433 (REDBITS.050727-1400)]
    [C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\9d25b8eabd8203e4d0490363140c4526\System.Windows.Forms.ni.dll]  [Microsoft Corporation, 2.0.50727.1433 (REDBITS.050727-1400)]
    [C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\01a89fef6b3ccb3f9df478fdc37f590b\System.Runtime.Remoting.ni.dll]  [Microsoft Corporation, 2.0.50727.1433 (REDBITS.050727-1400)]
    [C:\WINDOWS\assembly\GAC_MSIL\System.Management\2.0.0.0__b03f5f7f11d50a3a\System.Management.dll]  [Microsoft Corporation, 2.0.50727.1433 (REDBITS.050727-1400)]
    [c:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\Interop.PTHstServsLib.dll]  [ , 1.0.0.0]
    [C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Web\16a34a274ee877b4cf03d1a1bb57eb82\System.Web.ni.dll]  [Microsoft Corporation, 2.0.50727.1433 (REDBITS.050727-1400)]
    [c:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\BIOSDomain.dll]  [Hewlett-Packard, 4, 00, 11, 0152]
    [c:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\Interop.PTPluginLib.dll]  [ , 1.0.0.0]
    [c:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\HPjCard.dll]  [Hewlett-Packard Development Company, L.P., 4, 00, 11, 0152]
    [C:\WINDOWS\system32\acomx.dll]  [ActivIdentity, 4,4,0,3]
    [C:\WINDOWS\system32\aclog.dll]  [ActivIdentity, 1,2,0,4]
    [C:\WINDOWS\system32\asphat32.dll]  [ActivIdentity, 2,5,0,19]
    [C:\WINDOWS\system32\ackpbsc.dll]  [ActivIdentity, 4,3,0,6]
    [C:\WINDOWS\system32\accrypto.dll]  [ActivIdentity, 2,3,0,5]
    [C:\WINDOWS\system32\ACLIBEAY.dll]  [ActivIdentity, 3,0,0,1]
    [C:\WINDOWS\WinSxS\x86_Microsoft.VC80.MFC_1fc8b3b9a1e18e3b_8.0.50727.4053_x-ww_b77cec8e\MFC80.DLL]  [Microsoft Corporation, 8.00.50727.4053]
    [C:\WINDOWS\system32\acerrmes.dll]  [ActivIdentity, 2,5,0,9]
    [C:\WINDOWS\system32\acevtsub.dll]  [ActivIdentity, 4,3,0,2]
    [C:\WINDOWS\system32\aspcom.dll]  [ActivIdentity, 2,5,0,1]
    [C:\WINDOWS\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.922_x-ww_92403109\MFC80ENU.DLL]  [Microsoft Corporation, 8.00.50727.922]
    [c:\Program Files\ActivIdentity\ActivClient\Resources\Localized\acerrmrc.dll]  [ActivIdentity, 2,5,0,9]
    [C:\WINDOWS\system32\MFC42LOC.DLL]  [Microsoft Corporation, 6.00.8168.0]
    [c:\Program Files\ActivIdentity\ActivClient\Resources\Localized\asphatrc.dll]  [ActivIdentity, 2,5,0,19]
    [C:\WINDOWS\system32\acbsi21.dll]  [ActivIdentity, 4,4,0,2]
    [c:\Program Files\Hewlett-Packard\IAM\Bin\HPPlugIn.dll]  [Bioscrypt Inc., 4.0.0.171]
    [C:\WINDOWS\system32\MSVCR70.dll]  [Microsoft Corporation, 7.00.9955.0]
    [c:\Program Files\Hewlett-Packard\IAM\Bin\itmsg.dll]  [Bioscrypt Inc., 1.21.1.492]
    [c:\Program Files\Hewlett-Packard\IAM\bin\brand.dll]  [Hewlett-Packard Company, 4.02.0.40]
[PID: 800 / NETWORK SERVICE][C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe]  [Microsoft Corporation, 2005.090.2047.00]
    [C:\WINDOWS\system32\APSHook.dll]  [Bioscrypt Inc., 3.0.0.041]
[PID: 1396 / SYSTEM][C:\WINDOWS\system32\svchost.exe]  [(Verified) Microsoft Corporation, 5.1.2600.5512 (xpsp.080413-2111)]
    [C:\WINDOWS\system32\APSHook.dll]  [Bioscrypt Inc., 3.0.0.041]
[PID: 1668 / SYSTEM][C:\Program Files\Symantec AntiVirus\Rtvscan.exe]  [Symantec Corporation, 11.0.5002.290]
    [C:\Program Files\Symantec AntiVirus\I2ldvp3.dll]  [Symantec Corporation, 11.0.5002.290]
    [C:\WINDOWS\system32\APSHook.dll]  [Bioscrypt Inc., 3.0.0.041]
    [C:\Program Files\Common Files\Symantec Shared\ccL608.dll]  [Symantec Corporation, 106.5.0.10]
    [C:\Program Files\Symantec AntiVirus\res\1033\ActaRes.dll]  [Symantec Corporation, 11.0.5002.290]
    [C:\Program Files\Symantec AntiVirus\res\1033\PScanRes.dll]  [Symantec Corporation, 11.0.5002.290]
    [C:\Program Files\Symantec AntiVirus\NAVNTUTL.DLL]  [Symantec Corporation, 11.0.5002.290]
    [C:\Program Files\Common Files\Symantec Shared\ccVrTrst.dll]  [Symantec Corporation, 106.5.0.10]
    [C:\WINDOWS\system32\MSVCP71.dll]  [Microsoft Corporation, 7.10.6030.0]
    [C:\WINDOWS\system32\MSVCR71.dll]  [Microsoft Corporation, 7.10.6030.0]
    [C:\Program Files\Common Files\Symantec Shared\ccL60U.dll]  [Symantec Corporation, 106.5.0.10]
    [C:\Program Files\Common Files\Symantec Shared\SRTSP\SRTSP32.DLL]  [Symantec Corporation, 10.3.0.15]
    [C:\Program Files\Common Files\Symantec Shared\ccProSub.dll]  [Symantec Corporation, 106.5.0.10]
    [C:\PROGRA~1\COMMON~1\SYMANT~1\ccEvtCli.dll]  [Symantec Corporation, 106.5.0.10]
    [C:\Program Files\Common Files\Symantec Shared\ccSvc.dll]  [Symantec Corporation, 106.5.0.10]
    [C:\Program Files\Common Files\Symantec Shared\Global Exceptions\GEDataStore.dll]  [Symantec Corporation, 11.0.5002.290]
    [C:\Program Files\Common Files\Symantec Shared\dec_abi.dll]  [Symantec Corporation, 1.2.5.130]
    [C:\Program Files\Common Files\Symantec Shared\ccScanw.dll]  [Symantec Corporation, 106.5.0.10]
    [C:\Program Files\Common Files\Symantec Shared\ecmldr32.DLL]  [Symantec Corporation, 61.3.0.17]
    [C:\Program Files\Symantec AntiVirus\IMail.dll]  [Symantec Corporation, 11.0.5002.290]
    [C:\WINDOWS\WinSxS\x86_Microsoft.VC80.MFC_1fc8b3b9a1e18e3b_8.0.50727.4053_x-ww_b77cec8e\MFC80.DLL]  [Microsoft Corporation, 8.00.50727.4053]
    [C:\WINDOWS\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.922_x-ww_92403109\MFC80ENU.DLL]  [Microsoft Corporation, 8.00.50727.922]
    [C:\Program Files\Symantec AntiVirus\res\1033\IMailRes.dll]  [Symantec Corporation, 11.0.5002.290]
    [C:\Program Files\Symantec AntiVirus\SymProtectStorage.dll]  [Symantec Corporation, 11.0.5002.290]
    [C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCEvt.dll]  [Symantec Corporation, 3.5.0.15]
    [C:\Program Files\Symantec AntiVirus\RTVScanPS.dll]  [Symantec Corporation, 11.0.5002.290]
    [C:\Program Files\Symantec AntiVirus\ManagedUnloader.dll]  [Symantec Corporation, 11.0.5002.290]
[PID: 3012 / SYSTEM][C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe]  [Hewlett-Packard Development Company, L.P., 2, 00, 5, 4]
    [C:\WINDOWS\system32\APSHook.dll]  [Bioscrypt Inc., 3.0.0.041]
[PID: 3192 / LOCAL SERVICE][C:\WINDOWS\System32\alg.exe]  [(Verified) Microsoft Corporation, 5.1.2600.5512 (xpsp.080413-0852)]
    [C:\WINDOWS\System32\APSHook.dll]  [Bioscrypt Inc., 3.0.0.041]
[PID: 3252 / SYSTEM][C:\WINDOWS\system32\wbem\wmiprvse.exe]  [(Verified) Microsoft Corporation, 5.1.2600.5755 (xpsp_sp3_qfe.090206-1316)]
    [C:\WINDOWS\system32\APSHook.dll]  [Bioscrypt Inc., 3.0.0.041]
[PID: 3792 / LOCAL SERVICE][C:\WINDOWS\System32\SCardSvr.exe]  [(Verified) Microsoft Corporation, 5.1.2600.5512 (xpsp.080413-2113)]
    [C:\WINDOWS\System32\APSHook.dll]  [Bioscrypt Inc., 3.0.0.041]
[PID: 3940 / SYSTEM][C:\WINDOWS\system32\wbem\wmiapsrv.exe]  [(Verified) Microsoft Corporation, 5.1.2600.5512 (xpsp.080413-2108)]
    [C:\WINDOWS\system32\APSHook.dll]  [Bioscrypt Inc., 3.0.0.041]
[PID: 3428 / cpengja][c:\Program Files\Hewlett-Packard\IAM\Bin\AsGHost.exe]  [Bioscrypt Inc., 3.0.0.070]
    [c:\Program Files\Hewlett-Packard\IAM\Bin\itmsg.dll]  [Bioscrypt Inc., 1.21.1.492]
    [C:\WINDOWS\system32\MSVCR70.dll]  [Microsoft Corporation, 7.00.9955.0]
    [C:\WINDOWS\system32\APSHook.dll]  [Bioscrypt Inc., 3.0.0.041]
    [c:\Program Files\Hewlett-Packard\IAM\Bin\ASWallet.dll]  [Bioscrypt Inc., 3.0.0.120]
    [c:\Program Files\Hewlett-Packard\IAM\Bin\ItSSO.dll]  [Bioscrypt Inc., 3.0.0.488]
    [c:\Program Files\Hewlett-Packard\IAM\Bin\RasAdmin.dll]  [Bioscrypt Inc., 1.5.0.31]
    [c:\Program Files\Hewlett-Packard\IAM\Bin\ItReports.DLL]  [Bioscrypt Inc., 2.5.0.60]
    [c:\Program Files\Hewlett-Packard\IAM\Bin\ASWLNPkg.dll]  [Bioscrypt Inc., 3.0.0.119]
    [c:\Program Files\Hewlett-Packard\IAM\Bin\PkiAdmin.dll]  [Bioscrypt Inc., 1.5.0.29]
    [c:\Program Files\Hewlett-Packard\IAM\bin\brand.dll]  [Hewlett-Packard Company, 4.02.0.40]
    [c:\Program Files\Hewlett-Packard\IAM\Bin\ItVCClient.dll]  [Bioscrypt Inc., 3.0.0.220]
    [c:\Program Files\Hewlett-Packard\IAM\Bin\ItVCard.dll]  [Bioscrypt Inc., 1.01.217]
    [c:\Program Files\Hewlett-Packard\IAM\Bin\ItAPS.dll]  [Bioscrypt Inc., 3.0.0.088]
    [c:\Program Files\Hewlett-Packard\IAM\Bin\TrayIcon.dll]  [Bioscrypt Inc., 3.0.0.404]
    [c:\Program Files\Hewlett-Packard\IAM\Bin\BioAuth.dll]  [Bioscrypt Inc., 3.0.0.514]
    [c:\Program Files\Hewlett-Packard\IAM\Bin\ItClient.dll]  [Bioscrypt Inc., 3.0.0.135]
    [c:\Program Files\Hewlett-Packard\IAM\Bin\AuthWiz.dll]  [Bioscrypt Inc., 3.0.0.759]
    [c:\Program Files\Hewlett-Packard\IAM\Bin\TpmAuth.dll]  [Bioscrypt Inc., 3.0.0.68]
    [c:\Program Files\Hewlett-Packard\IAM\Bin\NetAdmin.dll]  [Bioscrypt Inc., 3.0.0.200]
    [c:\Program Files\Hewlett-Packard\IAM\Bin\SSOMngr.dll]  [Bioscrypt Inc., 3.00.0.389]
    [c:\Program Files\Hewlett-Packard\IAM\Bin\AsChnl.dll]  [Bioscrypt Inc., 1.27.1.171]
    [c:\Program Files\Hewlett-Packard\IAM\Bin\ASBioATFSS.dll]  [Bioscrypt Inc., 3.0.0.190]
    [C:\WINDOWS\system32\AFSSClientLib.dll]  [AuthenTec, Inc., 8.0.200.33]
    [c:\Program Files\Hewlett-Packard\IAM\Bin\ittal.dll]  [Bioscrypt Inc., 4.0.0.233]
    [C:\WINDOWS\system32\MFC42LOC.DLL]  [Microsoft Corporation, 6.00.8168.0]
    [c:\Program Files\Hewlett-Packard\IAM\Bin\ItDac.DLL]  [Bioscrypt Inc., 1.00.396]
    [C:\Program Files\360\360Safe\safemon\safemon.dll]  [360.cn, 6, 6, 5, 1005]
[PID: 3424 / cpengja][C:\WINDOWS\Explorer.EXE]  [(Verified) Microsoft Corporation, 6.00.2900.5512 (xpsp.080413-2105)]
    [C:\WINDOWS\system32\APSHook.dll]  [Bioscrypt Inc., 3.0.0.041]
    [C:\WINDOWS\system32\AcSignIcon.dll]  [Autodesk, Inc., 17.2.56.0]
    [C:\WINDOWS\WinSxS\x86_Microsoft.VC80.MFC_1fc8b3b9a1e18e3b_8.0.50727.4053_x-ww_b77cec8e\MFC80U.DLL]  [Microsoft Corporation, 8.00.50727.4053]
    [C:\WINDOWS\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.922_x-ww_92403109\MFC80ENU.DLL]  [Microsoft Corporation, 8.00.50727.922]
    [C:\Program Files\Common Files\Autodesk Shared\AcSignCore16.dll]  [Autodesk, Inc., 17.2.56.0]
    [C:\WINDOWS\system32\btncopy.dll]  [Broadcom Corporation., 5.1.0.4803]
    [C:\Program Files\Nokia\Nokia PC Suite 7\PhoneBrowser.dll]  [Nokia, 7, 1, 108, 0]
    [C:\Program Files\Nokia\Nokia PC Suite 7\NGSCM.DLL]  [Nokia, 7, 1, 156, 0]
    [C:\Program Files\Nokia\Nokia PC Suite 7\Lang\PhoneBrowser_chi-sc.nlr]  [Nokia, 7, 1, 69, 0]
    [C:\Program Files\Nokia\Nokia PC Suite 7\Resource\PhoneBrowser_Nokia.ngr]  [Nokia, 7, 1, 21, 0]
    [c:\Program Files\Hewlett-Packard\IAM\Bin\ItClient.dll]  [Bioscrypt Inc., 3.0.0.135]
    [C:\Program Files\360\360Safe\safemon\safemon.dll]  [360.cn, 6, 6, 5, 1005]
    [C:\Program Files\Lingoes\Translator2\opentext2.dll]  [N/A, ]
    [C:\Program Files\Symantec AntiVirus\SnacNp.dll]  [Symantec Corporation, 11.0.5002.267]
    [C:\Program Files\Common Files\Autodesk Shared\AcShellEx\AcShellExtension.dll]  [Autodesk, 17.2.56.0]
    [C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\PDFShell.dll]  [Adobe Systems, Inc., 9.3.3.177]
    [C:\Program Files\Adobe\Reader 9.0\Reader\viewerps.dll]  [, 9.3.3.177]
    [C:\Program Files\AliWangWang\AliIMExt.dll]  [Alibaba software (Shanghai) Corporation., 1.0.0.1]
    [C:\Program Files\Symantec AntiVirus\vpshell2.dll]  [Symantec Corporation, 11.0.5002.290]
    [C:\Program Files\Common Files\Symantec Shared\ccL608.dll]  [Symantec Corporation, 106.5.0.10]
    [C:\Program Files\Symantec AntiVirus\res\1033\VpShellRes.dll]  [Symantec Corporation, 11.0.5002.290]
    [C:\WINDOWS\system32\YouKuDesktopShell.dll]  [www.youku.com, 1.2.7.1700]
    [C:\Program Files\Common Files\Autodesk Shared\DWF Common\DWFShellExtension.dll]  [Autodesk, Inc., 1.2.0.73]
    [C:\Program Files\Common Files\Autodesk Shared\DWF Common\CHS\DWFShellExtensionRes.dll]  [Autodesk, Inc., 1.2.0.73]
    [C:\Program Files\7-Zip\7-zip.dll]  [Igor Pavlov, 4.66 alpha]
    [C:\Program Files\Autodesk\Inventor 2009\Inventor 2009\Bin\DT.dll]  [Autodesk, Inc., 13, 0, 0000, 23600]
    [C:\Program Files\Autodesk\Inventor 2009\Inventor 2009\Bin\FB.dll]  [Autodesk, 13, 0, 0000, 23600]
    [C:\Program Files\Autodesk\Inventor 2009\Inventor 2009\Bin\persist.dll]  [Autodesk, Inc., 13, 0, 0000, 23600]
    [C:\Program Files\Autodesk\Inventor 2009\Inventor 2009\Bin\acge214I.dll]  [Autodesk, Inc., 214.0.0.5130]
    [C:\Program Files\Autodesk\Inventor 2009\Inventor 2009\Bin\rse.dll]  [Autodesk, Inc., 13, 0, 0000, 23600]
    [C:\Program Files\Autodesk\Inventor 2009\Inventor 2009\Bin\utx.dll]  [Autodesk, Inc., 13, 0, 0000, 23601]
gototop
 

回复:近来总有人高价买我Q号,我怀疑给人注了木马,请帮我看看SREng扫描报告,谢谢!

第六部分:
    [C:\Program Files\Autodesk\Inventor 2009\Inventor 2009\Bin\GRData.dll]  [Autodesk, Inc., 13, 0, 0000, 23600]
    [C:\Program Files\Autodesk\Inventor 2009\Inventor 2009\Bin\RP.dll]  [Autodesk, Inc., 13, 0, 0000, 23600]
    [C:\Program Files\Autodesk\Inventor 2009\Inventor 2009\Bin\AcIOLite.dll]  [Autodesk, Inc., 13, 0, 0000, 23600]
    [C:\Program Files\Autodesk\Inventor 2009\Inventor 2009\Bin\DtRes.dll]  [Autodesk, Inc., 13, 0, 0000, 23600]
[PID: 656 / cpengja][C:\Program Files\Symantec AntiVirus\SmcGui.exe]  [Symantec Corporation, 11.0.5002.301]
    [C:\Program Files\Symantec AntiVirus\DataMan.dll]  [Symantec Corporation, 11.0.5002.301]
    [C:\Program Files\Symantec AntiVirus\SyLog.dll]  [Symantec Corporation, 11.0.5002.301]
    [C:\Program Files\Symantec AntiVirus\SpNet.dll]  [Symantec Corporation, 11.0.5002.301]
    [C:\Program Files\Symantec AntiVirus\NacManager.plg]  [Symantec Corporation, 11.0.5002.301]
    [C:\WINDOWS\WinSxS\x86_Microsoft.VC80.MFC_1fc8b3b9a1e18e3b_8.0.50727.4053_x-ww_b77cec8e\MFC80.DLL]  [Microsoft Corporation, 8.00.50727.4053]
    [C:\Program Files\Symantec AntiVirus\TseConfig.dll]  [Symantec Corporation, 11.0.5002.301]
    [C:\WINDOWS\WinSxS\x86_Microsoft.VC80.ATL_1fc8b3b9a1e18e3b_8.0.50727.4053_x-ww_473666fd\ATL80.DLL]  [Microsoft Corporation, 8.00.50727.4053]
    [C:\WINDOWS\system32\APSHook.dll]  [Bioscrypt Inc., 3.0.0.041]
    [C:\WINDOWS\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.922_x-ww_92403109\MFC80ENU.DLL]  [Microsoft Corporation, 8.00.50727.922]
    [C:\Program Files\Common Files\Symantec Shared\ccL608.dll]  [Symantec Corporation, 106.5.0.10]
    [C:\Program Files\Common Files\Symantec Shared\ccVrTrst.dll]  [Symantec Corporation, 106.5.0.10]
    [C:\WINDOWS\system32\MSVCP71.dll]  [Microsoft Corporation, 7.10.6030.0]
    [C:\WINDOWS\system32\MSVCR71.dll]  [Microsoft Corporation, 7.10.6030.0]
    [C:\Program Files\Common Files\Symantec Shared\ccL60U.dll]  [Symantec Corporation, 106.5.0.10]
    [C:\Program Files\Symantec AntiVirus\res\1033\SmcGuiRes.dll]  [Symantec Corporation, 11.0.5002.301]
    [C:\Program Files\Symantec AntiVirus\res\1033\SpNetRes.dll]  [Symantec Corporation, 11.0.5002.301]
    [C:\Program Files\Symantec AntiVirus\RTVScanPS.dll]  [Symantec Corporation, 11.0.5002.290]
    [C:\WINDOWS\system32\aetsprov.dll]  [A.E.T. Europe B.V., 2.3.0.9]
    [C:\Program Files\Common Files\Symantec Shared\ccSetEvt.dll]  [Symantec Corporation, 106.5.0.10]
    [C:\WINDOWS\system32\ATL71.DLL]  [Microsoft Corporation, 7.10.6041.0]
    [C:\Program Files\Common Files\Symantec Shared\ccProSub.dll]  [Symantec Corporation, 106.5.0.10]
    [C:\PROGRA~1\COMMON~1\SYMANT~1\ccEvtCli.dll]  [Symantec Corporation, 106.5.0.10]
    [C:\Program Files\Common Files\Symantec Shared\ccSvc.dll]  [Symantec Corporation, 106.5.0.10]
    [C:\Program Files\Symantec AntiVirus\ProtectionUtil.dll]  [Symantec Corporation, 11.0.5002.290]
    [C:\WINDOWS\WinSxS\x86_Microsoft.VC80.MFC_1fc8b3b9a1e18e3b_8.0.50727.4053_x-ww_b77cec8e\MFC80U.DLL]  [Microsoft Corporation, 8.00.50727.4053]
    [C:\Program Files\Common Files\Symantec Shared\ccL60U8.dll]  [Symantec Corporation, 106.5.0.10]
    [C:\Program Files\Symantec AntiVirus\res\1033\ProtectionUtilRes.dll]  [Symantec Corporation, 11.0.5002.290]
    [C:\Program Files\Symantec AntiVirus\ProtectionProviderPS.dll]  [Symantec Corporation, 11.0.5002.290]
    [C:\Program Files\Symantec AntiVirus\SavMainUI.dll]  [Symantec Corporation, 11.0.5002.290]
    [C:\Program Files\Symantec AntiVirus\res\1033\SavMainUIRes.dll]  [Symantec Corporation, 11.0.5002.290]
    [C:\Program Files\Symantec AntiVirus\res\1033\ActaRes.dll]  [Symantec Corporation, 11.0.5002.290]
    [C:\Program Files\Symantec AntiVirus\HPPProtectionProviderUI.dll]  [Symantec Corporation, 11.0.5002.290]
    [C:\Program Files\Symantec AntiVirus\res\1033\HPPProtectionproviderUIRes.dll]  [Symantec Corporation, 11.0.5002.290]
    [C:\Program Files\Symantec AntiVirus\Cliproxy.dll]  [Symantec Corporation, 11.0.5002.290]
    [C:\Program Files\Symantec AntiVirus\res\1033\PScanRes.dll]  [Symantec Corporation, 11.0.5002.290]
    [C:\Program Files\Symantec AntiVirus\NAVNTUTL.DLL]  [Symantec Corporation, 11.0.5002.290]
    [C:\Program Files\Common Files\Symantec Shared\SRTSP\SRTSP32.DLL]  [Symantec Corporation, 10.3.0.15]
    [c:\Program Files\Hewlett-Packard\IAM\Bin\ItClient.dll]  [Bioscrypt Inc., 3.0.0.135]
    [C:\Program Files\Symantec AntiVirus\ManagedUnloader.dll]  [Symantec Corporation, 11.0.5002.290]
[PID: 2356 / SYSTEM][C:\PROGRA~1\Altiris\CARBON~1\client.exe]  [Altiris, 6.2.1144]
    [C:\PROGRA~1\Altiris\CARBON~1\PhoneBk.dll]  [Altiris, 6.2.1144]
    [C:\PROGRA~1\Altiris\CARBON~1\registry.dll]  [Altiris, 6.2.1144]
    [C:\PROGRA~1\Altiris\CARBON~1\Commdevs.dll]  [Altiris, 6.2.1144]
    [C:\PROGRA~1\Altiris\CARBON~1\NETINFO.dll]  [Altiris, 6.2.1144]
    [C:\PROGRA~1\Altiris\CARBON~1\MSVCR71.dll]  [Microsoft Corporation, 7.10.3052.4]
    [C:\PROGRA~1\Altiris\CARBON~1\MCMSGBOX.dll]  [Altiris, 6.2.1144]
    [C:\PROGRA~1\Altiris\CARBON~1\MFC71.DLL]  [Microsoft Corporation, 7.10.3077.0]
    [C:\PROGRA~1\Altiris\CARBON~1\userprof.dll]  [Altiris, 6.2.1146]
    [C:\PROGRA~1\Altiris\CARBON~1\ACommon.dll]  [Altiris, 6.2.1144]
    [C:\PROGRA~1\Altiris\CARBON~1\MsgLog.dll]  [Altiris, 6.2.1144]
    [C:\PROGRA~1\Altiris\CARBON~1\MSVCP71.dll]  [Microsoft Corporation, 7.10.3077.0]
    [C:\WINDOWS\system32\APSHook.dll]  [Bioscrypt Inc., 3.0.0.041]
    [C:\WINDOWS\system32\MFC71ENU.DLL]  [Microsoft Corporation, 7.10.3077.0]
    [C:\PROGRA~1\Altiris\CARBON~1\SECUI.DLL]  [Altiris, 6.2.1144]
[PID: 2400 / cpengja][C:\Program Files\Synaptics\SynTP\SynTPEnh.exe]  [Synaptics, Inc., 10.2.4 18Jan08]
    [C:\WINDOWS\system32\APSHook.dll]  [Bioscrypt Inc., 3.0.0.041]
    [C:\WINDOWS\system32\SynCOM.dll]  [Synaptics, Inc., 10.2.4 18Jan08]
    [C:\WINDOWS\system32\SynTPAPI.dll]  [Synaptics, Inc., 10.2.4 18Jan08]
    [c:\Program Files\Hewlett-Packard\IAM\Bin\ItClient.dll]  [Bioscrypt Inc., 3.0.0.135]
[PID: 1756 / cpengja][C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe]  [ Hewlett-Packard Development Company, L.P., 6, 5, 3, 1]
    [C:\WINDOWS\system32\APSHook.dll]  [Bioscrypt Inc., 3.0.0.041]
    [C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QLBSERVICE.DLL]  [Hewlett-Packard Development Company, L.P., 6, 5, 2, 2]
    [c:\Program Files\Hewlett-Packard\IAM\Bin\ItClient.dll]  [Bioscrypt Inc., 3.0.0.135]
    [C:\Program Files\360\360Safe\safemon\safemon.dll]  [360.cn, 6, 6, 5, 1005]
[PID: 2756 / cpengja][C:\Program Files\360\360Safe\safemon\360Tray.exe]  [360.CN, 7, 3, 0, 1010]
    [C:\WINDOWS\system32\MFC42LOC.DLL]  [Microsoft Corporation, 6.00.8168.0]
    [C:\Program Files\360\360Safe\ipc\ipcservice.dll]  [360.CN, 6, 5, 5, 1001]
    [C:\Program Files\360\360Safe\ipc\fileMgr.dll]  [360.cn, 6, 5, 2, 1003]
    [C:\Program Files\360\360Safe\ipc\yhregd.dll]  [, 6, 5, 5, 1005]
    [C:\Program Files\360\360Safe\ipc\appd.dll]  [360.cn, 6, 5, 3, 1002]
    [C:\Program Files\360\360Safe\safemon\360compro.dll]  [360安全中心, 6, 2, 0, 1007]
    [C:\Program Files\360\360Safe\safemon\360webpro.dll]  [360.CN, 1, 3, 0, 1031]
    [C:\Program Files\360\360Safe\safemon\360traylive.dll]  [360安全中心, 6, 0, 1, 1013]
    [C:\Program Files\360\360Safe\safemon\360procmon.dll]  [360.CN, 6, 5, 2, 1015]
    [C:\Program Files\360\360Safe\safemon\SelfProtectAPI2.dll]  [360.CN, 6, 5, 5, 1001]
    [C:\Program Files\360\360Safe\safemon\360safemonpro.tpi]  [360.cn, 1, 1, 2, 1002]
    [C:\Program Files\360\360Safe\safemon\netm.tpi]  [360.cn, 1, 0, 1, 1012]
    [C:\Program Files\360\360Safe\safemon\netmon.tpi]  [360.CN, 1, 0, 2, 1011]
    [C:\Program Files\360\360Safe\deepscan\qutmload.dll]  [360安全中心, 6, 5, 0, 1003]
    [C:\Program Files\360\360Safe\ipc\qutmipc.dll]  [360安全中心, 6, 2, 0, 1007]
    [C:\Program Files\360\360Safe\SafeLive.dll]  [360.cn, 1, 0, 0, 1007]
    [C:\Program Files\360\360Safe\pdown.dll]  [360.cn, 1, 2, 0, 1014]
    [C:\Program Files\360\360Safe\safemon\safemon.dll]  [360.cn, 6, 6, 5, 1005]
    [C:\Program Files\360\360Safe\safemon\urlproc.dll]  [360.cn, 1, 2, 2, 1001]
    [C:\Program Files\360\360Safe\safemon\urlprocnet.dll]  [360.cn, 1, 2, 2, 1001]
    [C:\Program Files\360\360Safe\360ver.dll]  [奇虎网, 7, 1, 1, 1002]
    [C:\Program Files\360\360Safe\netmon\360netctrl.dll]  [360.CN, 1, 0, 3, 1009]
    [C:\Program Files\360\360Safe\efiproc.dll]  [奇虎360安全卫士, 1, 0, 0, 1005]
    [C:\Program Files\360\360Safe\ipc\PatchCheck.dll]  [360.cn, 1, 1, 0, 1001]
    [C:\Program Files\360\360Safe\LiveUpd360.dll]  [360.cn, 1, 2, 0, 1033]
    [C:\Program Files\360\360Safe\360net.dll]  [奇虎网, 1, 1, 17, 1020]
    [C:\Program Files\360\360Safe\360P2SP.dll]  [360.cn, 1, 1, 0, 1046]
    [C:\WINDOWS\system32\aetsprov.dll]  [A.E.T. Europe B.V., 2.3.0.9]
    [C:\WINDOWS\system32\MSVCP71.dll]  [Microsoft Corporation, 7.10.6030.0]
    [C:\WINDOWS\system32\MSVCR71.dll]  [Microsoft Corporation, 7.10.6030.0]
    [C:\Program Files\360\360Safe\deepscan\deepscan.dll]  [360.cn, 3, 2, 3, 3001]
    [C:\Program Files\360\360Safe\deepscan\Bapi.dll]  [360.cn, 1.0.0.1010]
    [C:\Program Files\360\360Safe\deepscan\Cloudcom2.dll]  [360.cn, 3, 2, 3, 3001]
[PID: 2764 / cpengja][C:\Program Files\ActivIdentity\ActivClient\accrdsub.exe]  [ActivIdentity, 6,1,3,12]
    [C:\WINDOWS\system32\ackpbsc.dll]  [ActivIdentity, 4,3,0,6]
    [C:\WINDOWS\system32\aclog.dll]  [ActivIdentity, 1,2,0,4]
    [C:\WINDOWS\system32\accrypto.dll]  [ActivIdentity, 2,3,0,5]
    [C:\WINDOWS\system32\ACLIBEAY.dll]  [ActivIdentity, 3,0,0,1]
    [C:\WINDOWS\WinSxS\x86_Microsoft.VC80.MFC_1fc8b3b9a1e18e3b_8.0.50727.4053_x-ww_b77cec8e\MFC80.DLL]  [Microsoft Corporation, 8.00.50727.4053]
    [C:\WINDOWS\system32\APSHook.dll]  [Bioscrypt Inc., 3.0.0.041]
    [C:\WINDOWS\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.922_x-ww_92403109\MFC80ENU.DLL]  [Microsoft Corporation, 8.00.50727.922]
    [C:\WINDOWS\system32\asphat32.dll]  [ActivIdentity, 2,5,0,19]
    [C:\WINDOWS\system32\acerrmes.dll]  [ActivIdentity, 2,5,0,9]
    [C:\WINDOWS\system32\acevtsub.dll]  [ActivIdentity, 4,3,0,2]
    [C:\WINDOWS\system32\aspcom.dll]  [ActivIdentity, 2,5,0,1]
    [c:\Program Files\ActivIdentity\ActivClient\Resources\Localized\acerrmrc.dll]  [ActivIdentity, 2,5,0,9]
    [C:\WINDOWS\system32\MFC42LOC.DLL]  [Microsoft Corporation, 6.00.8168.0]
    [c:\Program Files\ActivIdentity\ActivClient\Resources\Localized\asphatrc.dll]  [ActivIdentity, 2,5,0,19]
    [C:\Program Files\ActivIdentity\ActivClient\acunlock.dll]  [ActivIdentity, 6,1,3,13]
    [C:\WINDOWS\system32\aipingui.dll]  [ActivIdentity, 6,1,3,25]
    [C:\WINDOWS\system32\aicext.dll]  [N/A, ]
    [C:\Program Files\ActivIdentity\ActivClient\Resources\Localized\aipinguirc.dll]  [ActivIdentity, 6,1,3,25]
    [C:\Program Files\ActivIdentity\ActivClient\resources\acCobAPIrc.dll]  [ActivIdentity, 2,5,0,16]
    [c:\Program Files\ActivIdentity\ActivClient\Resources\Localized\acunlockrc.dll]  [ActivIdentity, 6,1,3,13]
    [c:\Program Files\Hewlett-Packard\IAM\Bin\ItClient.dll]  [Bioscrypt Inc., 3.0.0.135]
[PID: 2248 / cpengja][c:\Program Files\ActivIdentity\ActivClient\acevents.exe]  [ActivIdentity, 4,3,0,2]
    [C:\WINDOWS\system32\aclog.dll]  [ActivIdentity, 1,2,0,4]
    [C:\WINDOWS\system32\asphat32.dll]  [ActivIdentity, 2,5,0,19]
    [C:\WINDOWS\system32\ackpbsc.dll]  [ActivIdentity, 4,3,0,6]
    [C:\WINDOWS\system32\accrypto.dll]  [ActivIdentity, 2,3,0,5]
    [C:\WINDOWS\system32\ACLIBEAY.dll]  [ActivIdentity, 3,0,0,1]
    [C:\WINDOWS\WinSxS\x86_Microsoft.VC80.MFC_1fc8b3b9a1e18e3b_8.0.50727.4053_x-ww_b77cec8e\MFC80.DLL]  [Microsoft Corporation, 8.00.50727.4053]
    [C:\WINDOWS\system32\acerrmes.dll]  [ActivIdentity, 2,5,0,9]
    [C:\WINDOWS\system32\acevtsub.dll]  [ActivIdentity, 4,3,0,2]
    [C:\WINDOWS\system32\aspcom.dll]  [ActivIdentity, 2,5,0,1]
    [C:\WINDOWS\WinSxS\x86_Microsoft.VC80.ATL_1fc8b3b9a1e18e3b_8.0.50727.4053_x-ww_473666fd\ATL80.DLL]  [Microsoft Corporation, 8.00.50727.4053]
    [C:\WINDOWS\system32\APSHook.dll]  [Bioscrypt Inc., 3.0.0.041]
    [C:\WINDOWS\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.922_x-ww_92403109\MFC80ENU.DLL]  [Microsoft Corporation, 8.00.50727.922]
    [c:\Program Files\ActivIdentity\ActivClient\Resources\Localized\acerrmrc.dll]  [ActivIdentity, 2,5,0,9]
    [C:\WINDOWS\system32\MFC42LOC.DLL]  [Microsoft Corporation, 6.00.8168.0]
    [c:\Program Files\ActivIdentity\ActivClient\Resources\Localized\asphatrc.dll]  [ActivIdentity, 2,5,0,19]
    [c:\Program Files\Hewlett-Packard\IAM\Bin\ItClient.dll]  [Bioscrypt Inc., 3.0.0.135]
gototop
 

回复:近来总有人高价买我Q号,我怀疑给人注了木马,请帮我看看SREng扫描报告,谢谢!

第七部分:
[PID: 3528 / cpengja][C:\Program Files\Common Files\Symantec Shared\ccApp.exe]  [Symantec Corporation, 106.5.0.10]
    [C:\WINDOWS\system32\MSVCP71.dll]  [Microsoft Corporation, 7.10.6030.0]
    [C:\WINDOWS\system32\MSVCR71.dll]  [Microsoft Corporation, 7.10.6030.0]
    [C:\Program Files\Common Files\Symantec Shared\ccL60U.dll]  [Symantec Corporation, 106.5.0.10]
    [C:\WINDOWS\system32\APSHook.dll]  [Bioscrypt Inc., 3.0.0.041]
    [c:\Program Files\Hewlett-Packard\IAM\Bin\ItClient.dll]  [Bioscrypt Inc., 3.0.0.135]
    [C:\WINDOWS\system32\SymNeti.dll]  [Symantec Corporation, 7.2.5.9]
    [C:\WINDOWS\system32\aetsprov.dll]  [A.E.T. Europe B.V., 2.3.0.9]
    [C:\Program Files\Common Files\Symantec Shared\ccVrTrst.dll]  [Symantec Corporation, 106.5.0.10]
    [C:\Program Files\Common Files\Symantec Shared\ccSvc.dll]  [Symantec Corporation, 106.5.0.10]
    [C:\Program Files\Common Files\Symantec Shared\ccSet.dll]  [Symantec Corporation, 106.5.0.10]
    [C:\PROGRA~1\COMMON~1\SYMANT~1\CCALERT.DLL]  [Symantec Corporation, 106.5.0.10]
    [C:\PROGRA~1\COMMON~1\SYMANT~1\CCEMLPXY.DLL]  [Symantec Corporation, 106.5.0.10]
    [C:\PROGRA~1\SYMANT~1\SAVSES~1.DLL]  [Symantec Corporation, 11.0.5002.290]
    [C:\Program Files\Common Files\Symantec Shared\COH\sesHlp.dll]  [Symantec Corporation, 6.1.9.44]
    [C:\Program Files\360\360Safe\safemon\safemon.dll]  [360.cn, 6, 6, 5, 1005]
    [C:\Program Files\Common Files\Symantec Shared\ccSetEvt.dll]  [Symantec Corporation, 106.5.0.10]
    [C:\WINDOWS\system32\ATL71.DLL]  [Microsoft Corporation, 7.10.6041.0]
    [C:\Program Files\Common Files\Symantec Shared\ccProSub.dll]  [Symantec Corporation, 106.5.0.10]
    [C:\Program Files\Common Files\Symantec Shared\COH\sh0008.dll]  [Symantec Corporation, 6,1,9,44]
    [C:\PROGRA~1\COMMON~1\SYMANT~1\ccEvtCli.dll]  [Symantec Corporation, 106.5.0.10]
    [C:\PROGRA~1\COMMON~1\SYMANT~1\rcEmlPxy.dll]  [Symantec Corporation, 106.5.0.10]
    [C:\WINDOWS\system32\SymRedir.dll]  [Symantec Corporation, 7.2.5.9]
    [C:\Program Files\Symantec AntiVirus\SavEmail.dll]  [Symantec Corporation, 11.0.5002.290]
    [C:\Program Files\Common Files\Symantec Shared\SRTSP\SRTSP32.DLL]  [Symantec Corporation, 10.3.0.15]
[PID: 2816 / cpengja][C:\Program Files\Altiris\Altiris Agent\AeXAgentUIHost.exe]  [Altiris, Inc., 6.0.0.2394]
    [C:\WINDOWS\system32\APSHook.dll]  [Bioscrypt Inc., 3.0.0.041]
    [C:\Program Files\Altiris\Altiris Agent\AeXAgentUI.dll]  [Altiris, Inc., 6.0.0.2394]
    [c:\Program Files\Hewlett-Packard\IAM\Bin\ItClient.dll]  [Bioscrypt Inc., 3.0.0.135]
    [C:\Program Files\360\360Safe\safemon\safemon.dll]  [360.cn, 6, 6, 5, 1005]
    [C:\Program Files\Altiris\Altiris Agent\Languages\0804\AeXAgentUI.dll]  [Altiris, Inc., 6.0.0.2394]
[PID: 3048 / cpengja][C:\Program Files\360Safebox\SafeBoxTray.exe]  [360.cn, 3, 3, 0, 1005]
    [C:\Program Files\360Safebox\safeboxapi.dll]  [360.cn, 2, 3, 0, 1003]
    [C:\Program Files\360Safebox\SafeLive.dll]  [, 1, 0, 0, 1006]
    [C:\Program Files\360Safebox\pdown.dll]  [360.cn, 1, 2, 0, 1012]
    [C:\Program Files\360Safebox\LiveUpd360.dll]  [360.cn, 1, 2, 0, 1030]
    [C:\Program Files\360Safebox\360net.dll]  [奇虎网, 1, 1, 14, 1017]
    [C:\Program Files\360Safebox\360P2SP.dll]  [360.cn, 1, 1, 0, 1041]
    [C:\WINDOWS\system32\aetsprov.dll]  [A.E.T. Europe B.V., 2.3.0.9]
    [C:\WINDOWS\system32\MSVCP71.dll]  [Microsoft Corporation, 7.10.6030.0]
    [C:\WINDOWS\system32\MSVCR71.dll]  [Microsoft Corporation, 7.10.6030.0]
    [C:\Program Files\360Safebox\cloudsec2.dll]  [360.cn, 3, 2, 3, 1005]
    [C:\Program Files\360Safebox\deepscan.dll]  [360.cn, 3, 2, 3, 1003]
    [C:\Program Files\360Safebox\bapi.dll]  [360.cn, 1.0.0.1009]
    [C:\Program Files\360Safebox\cloudcom2.dll]  [360.cn, 3, 2, 3, 1005]
    [C:\WINDOWS\system32\MFC42LOC.DLL]  [Microsoft Corporation, 6.00.8168.0]
    [C:\Program Files\360Safebox\heavygate.dll]  [360.cn, 3, 6, 21, 0]
[PID: 3064 / cpengja][C:\WINDOWS\system32\ctfmon.exe]  [(Verified) Microsoft Corporation, 5.1.2600.5512 (xpsp.080413-2105)]
    [C:\WINDOWS\system32\APSHook.dll]  [Bioscrypt Inc., 3.0.0.041]
    [c:\Program Files\Hewlett-Packard\IAM\Bin\ItClient.dll]  [Bioscrypt Inc., 3.0.0.135]
    [C:\Program Files\360\360Safe\safemon\safemon.dll]  [360.cn, 6, 6, 5, 1005]
[PID: 3988 / cpengja][C:\Program Files\SnowFox\DesktopSprite2\DesktopSprite.exe]  [SnowFox Studio., 2.0.7.25]
    [C:\WINDOWS\system32\APSHook.dll]  [Bioscrypt Inc., 3.0.0.041]
    [c:\Program Files\Hewlett-Packard\IAM\Bin\ItClient.dll]  [Bioscrypt Inc., 3.0.0.135]
    [C:\Program Files\360\360Safe\safemon\safemon.dll]  [360.cn, 6, 6, 5, 1005]
    [C:\Program Files\Lingoes\Translator2\opentext2.dll]  [N/A, ]
[PID: 3976 / cpengja][C:\Program Files\Lingoes\Translator2\Lingoes.exe]  [Lingoes Project, 2, 6, 5, 0]
    [C:\Program Files\Lingoes\Translator2\LGui64u.dll]  [Lingoes Corporation, 1, 2, 0, 0]
    [C:\WINDOWS\system32\APSHook.dll]  [Bioscrypt Inc., 3.0.0.041]
    [C:\WINDOWS\system32\MFC42LOC.DLL]  [Microsoft Corporation, 6.00.8168.0]
    [C:\Program Files\360\360Safe\safemon\safemon.dll]  [360.cn, 6, 6, 5, 1005]
    [c:\Program Files\Hewlett-Packard\IAM\Bin\ItClient.dll]  [Bioscrypt Inc., 3.0.0.135]
    [C:\Program Files\Lingoes\Translator2\opentext2.dll]  [N/A, ]
[PID: 4900 / SYSTEM][C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe]  [Hewlett-Packard Development Company, L.P., 6.5.1.2]
    [C:\WINDOWS\system32\APSHook.dll]  [Bioscrypt Inc., 3.0.0.041]
[PID: 4904 / cpengja][C:\Program Files\Freecom Password\Password.exe]  [Freecom, 1.34]
    [C:\WINDOWS\system32\APSHook.dll]  [Bioscrypt Inc., 3.0.0.041]
    [C:\Program Files\360\360Safe\safemon\safemon.dll]  [360.cn, 6, 6, 5, 1005]
    [c:\Program Files\Hewlett-Packard\IAM\Bin\ItClient.dll]  [Bioscrypt Inc., 3.0.0.135]
[PID: 5148 / cpengja][C:\Program Files\ShiQiang\wnwb\wnwb.exe]  [深圳世强软件开发部 www.wn51.com , 2007, 10, 24, 1]
    [C:\WINDOWS\system32\APSHook.dll]  [Bioscrypt Inc., 3.0.0.041]
    [C:\Program Files\360\360Safe\safemon\safemon.dll]  [360.cn, 6, 6, 5, 1005]
    [c:\Program Files\Hewlett-Packard\IAM\Bin\ItClient.dll]  [Bioscrypt Inc., 3.0.0.135]
    [C:\Program Files\ShiQiang\wnwb\WNMKEY.DLL]  [深圳世强软件开发部 www.wnwb.com , 2007, 5, 21, 1]
    [C:\Program Files\ShiQiang\wnwb\wncfg.dll]  [深圳世强软件开发部 www.wn51.com, 2008, 6, 4, 1]
    [C:\Program Files\ShiQiang\wnwb\wnupdate.dll]  [深圳世强软件开发部 www.wn51.com, 2008.6.20.1]
[PID: 5220 / cpengja][C:\WINDOWS\system32\conime.exe]  [(Verified) Microsoft Corporation, 5.1.2600.5512 (xpsp.080413-2105)]
    [C:\WINDOWS\system32\APSHook.dll]  [Bioscrypt Inc., 3.0.0.041]
    [C:\Program Files\360\360Safe\safemon\safemon.dll]  [360.cn, 6, 6, 5, 1005]
    [c:\Program Files\Hewlett-Packard\IAM\Bin\ItClient.dll]  [Bioscrypt Inc., 3.0.0.135]
[PID: 5792 / cpengja][C:\Program Files\Windows Live\Messenger\msnmsgr.exe]  [Microsoft Corporation, 14.0.8117.0416]
    [C:\Program Files\Windows Live\Messenger\iphlpapi.dll]  [, 2, 4, 1, 7051]
    [C:\Program Files\Windows Live\Messenger\VTDll.dll]  [N/A, ]
    [C:\WINDOWS\system32\APSHook.dll]  [Bioscrypt Inc., 3.0.0.041]
    [C:\Program Files\Windows Live\Messenger\plgmngr.dll]  [N/A, ]
    [C:\Program Files\Windows Live\Messenger\IMAddInLib.dll]  [MSN CHINA, 2, 4, 1, 7021]
    [C:\Program Files\Windows Live\Messenger\MSGEC.dll]  [N/A, ]
    [C:\Program Files\Windows Live\Messenger\gghelper.dll]  [N/A, ]
    [C:\Program Files\Windows Live\Messenger\sfgsc.dll]  [N/A, ]
    [C:\Program Files\Windows Live\Messenger\ChimeResDll.dll]  [MSN CHINA, 2, 4, 1, 7021]
    [C:\Program Files\360\360Safe\safemon\safemon.dll]  [360.cn, 6, 6, 5, 1005]
    [c:\Program Files\Hewlett-Packard\IAM\Bin\ItClient.dll]  [Bioscrypt Inc., 3.0.0.135]
    [C:\WINDOWS\system32\aetsprov.dll]  [A.E.T. Europe B.V., 2.3.0.9]
    [C:\WINDOWS\system32\MSVCP71.dll]  [Microsoft Corporation, 7.10.6030.0]
    [C:\WINDOWS\system32\MSVCR71.dll]  [Microsoft Corporation, 7.10.6030.0]
    [C:\WINDOWS\system32\devenum.dll]  [, ]
    [C:\WINDOWS\system32\msdmo.dll]  [, ]
    [C:\WINDOWS\system32\quartz.dll]  [, ]
    [C:\Program Files\Lingoes\Translator2\opentext2.dll]  [N/A, ]
    [C:\WINDOWS\system32\Macromed\Flash\Flash10h.ocx]  [Adobe Systems, Inc., 10,1,53,64]
[PID: 4392 / cpengja][C:\Program Files\Windows Live\Contacts\wlcomm.exe]  [Microsoft Corporation, 14.0.8117.0416]
    [C:\WINDOWS\system32\APSHook.dll]  [Bioscrypt Inc., 3.0.0.041]
    [c:\Program Files\Hewlett-Packard\IAM\Bin\ItClient.dll]  [Bioscrypt Inc., 3.0.0.135]
    [C:\WINDOWS\system32\aetsprov.dll]  [A.E.T. Europe B.V., 2.3.0.9]
    [C:\WINDOWS\system32\MSVCP71.dll]  [Microsoft Corporation, 7.10.6030.0]
    [C:\WINDOWS\system32\MSVCR71.dll]  [Microsoft Corporation, 7.10.6030.0]
    [C:\Program Files\360\360Safe\safemon\safemon.dll]  [360.cn, 6, 6, 5, 1005]
[PID: 4836 / cpengja][C:\Program Files\Internet Explorer\iexplore.exe]  [Microsoft Corporation, 7.00.6000.17055 (vista_gdr.100414-0533)]
    [C:\WINDOWS\system32\APSHook.dll]  [Bioscrypt Inc., 3.0.0.041]
    [C:\Program Files\360\360Safe\safemon\safemon.dll]  [360.cn, 6, 6, 5, 1005]
    [c:\Program Files\Hewlett-Packard\IAM\Bin\ItClient.dll]  [Bioscrypt Inc., 3.0.0.135]
    [C:\WINDOWS\system32\AcSignIcon.dll]  [Autodesk, Inc., 17.2.56.0]
    [C:\WINDOWS\WinSxS\x86_Microsoft.VC80.MFC_1fc8b3b9a1e18e3b_8.0.50727.4053_x-ww_b77cec8e\MFC80U.DLL]  [Microsoft Corporation, 8.00.50727.4053]
    [C:\WINDOWS\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.922_x-ww_92403109\MFC80ENU.DLL]  [Microsoft Corporation, 8.00.50727.922]
    [C:\Program Files\360\360Safe\safemon\LoadWDUI.dll]  [360.cn, 1, 0, 0, 1019]
    [C:\WINDOWS\system32\MFC42LOC.DLL]  [Microsoft Corporation, 6.00.8168.0]
    [C:\Program Files\Lingoes\Translator2\opentext2.dll]  [N/A, ]
    [C:\Program Files\360\360Safe\safemon\urlproc.dll]  [360.cn, 1, 2, 2, 1001]
    [C:\Program Files\360\360Safe\safemon\urlprocnet.dll]  [360.cn, 1, 2, 2, 1001]
    [C:\WINDOWS\system32\aetsprov.dll]  [A.E.T. Europe B.V., 2.3.0.9]
    [C:\WINDOWS\system32\MSVCP71.dll]  [Microsoft Corporation, 7.10.6030.0]
    [C:\WINDOWS\system32\MSVCR71.dll]  [Microsoft Corporation, 7.10.6030.0]
    [C:\WINDOWS\system32\Macromed\Flash\Flash10h.ocx]  [Adobe Systems, Inc., 10,1,53,64]
    [C:\WINDOWS\system32\devenum.dll]  [, ]
    [C:\WINDOWS\system32\msdmo.dll]  [, ]
    [C:\Program Files\Symantec AntiVirus\SnacNp.dll]  [Symantec Corporation, 11.0.5002.267]
[PID: 232 / cpengja][D:\JamePeng\My Soft\反病毒常用小工具\System Repair Engineer(SREng) 2.8.2.1321\SREngLdr.EXE]  [Smallfrogs Studio, 2.8.2.1321]
[PID: 1320 / cpengja][D:\JamePeng\My Soft\反病毒常用小工具\System Repair Engineer(SREng) 2.8.2.1321\SRE3ad97701.EXE]  [Smallfrogs Studio, 2.8.2.1321]
    [C:\Program Files\360\360Safe\safemon\safemon.dll]  [360.cn, 6, 6, 5, 1005]
    [c:\Program Files\Hewlett-Packard\IAM\Bin\ItClient.dll]  [Bioscrypt Inc., 3.0.0.135]
    [C:\Program Files\Lingoes\Translator2\opentext2.dll]  [N/A, ]
    [D:\JamePeng\My Soft\反病毒常用小工具\System Repair Engineer(SREng) 2.8.2.1321\Upload\3rdUpd.DLL]  [Smallfrogs Studio, 2, 1, 0, 15]
    [C:\WINDOWS\system32\aetsprov.dll]  [A.E.T. Europe B.V., 2.3.0.9]
    [C:\WINDOWS\system32\MSVCP71.dll]  [Microsoft Corporation, 7.10.6030.0]
    [C:\WINDOWS\system32\MSVCR71.dll]  [Microsoft Corporation, 7.10.6030.0]

==================================
File Associations
.TXT  OK. [%SystemRoot%\system32\NOTEPAD.EXE %1]
.EXE  OK. ["%1" %*]
.COM  OK. ["%1" %*]
.PIF  OK. ["%1" %*]
.REG  OK. [regedit.exe "%1"]
.BAT  OK. ["%1" %*]
.SCR  OK. ["%1" /S]
.CHM  OK. ["C:\WINDOWS\hh.exe" %1]
.HLP  OK. [%SystemRoot%\system32\winhlp32.exe %1]
.INI  OK. [%SystemRoot%\system32\NOTEPAD.EXE %1]
.INF  OK. [%SystemRoot%\system32\NOTEPAD.EXE %1]
.VBS  OK. [%SystemRoot%\System32\WScript.exe "%1" %*]
.JS  OK. [%SystemRoot%\System32\WScript.exe "%1" %*]
.LNK  OK. [{00021401-0000-0000-C000-000000000046}]

==================================
Winsock Provider
N/A

==================================
Autorun.Inf
N/A

==================================
HOSTS File
127.0.0.1      localhost

==================================
Process Privileges Scan
Special Privileges Enabled: SeLoadDriverPrivilege [PID = 3988, C:\PROGRAM FILES\SNOWFOX\DESKTOPSPRITE2\DESKTOPSPRITE.EXE]
Special Privileges Enabled: SeLoadDriverPrivilege [PID = 3976, C:\PROGRAM FILES\LINGOES\TRANSLATOR2\LINGOES.EXE]
Special Privileges Enabled: SeLoadDriverPrivilege [PID = 4904, C:\PROGRAM FILES\FREECOM PASSWORD\PASSWORD.EXE]

==================================
Scheduled Tasks
N/A

==================================
Windows Security Update Check
N/A

==================================
API HOOK
N/A

==================================
Hidden Process
N/A

==================================


[/CODE]
gototop
 

回复 8F 是昔流芳 的帖子

扫描日志在第一份原贴就已经粘了,我QQ号是5位的,谢谢!
gototop
 

回复: 近来总有人高价买我Q号,我怀疑给人注了木马,请帮我看看SREng扫描报告,谢谢!



引用:
原帖由 荔枝饭饭 于 2010-7-30 20:41:00 发表
<Internet Explorer><%systemroot%\system32\shmgrate.exe OCInstallUserConfigIE>  [File is missing]
楼主,您的日志我看了第一部分,这个shmgrate.exe知道安装的是什么东西么?是恶意插件么?请用卡卡清理一下插件,再修复一下IE,看日志没发现什么大问题,电脑本身有无影响?QQ


不知那个shmgrate.exe是什么东东,也清理不到他啊。同时请问用360的扫描可以吗?
gototop
 

回复: 近来总有人高价买我Q号,我怀疑给人注了木马,请帮我看看SREng扫描报告,谢谢!



引用:
原帖由 是昔流芳 于 2010-7-30 20:31:00 发表
日志打包发上来,肢解的没法看

你QQ号几位的?


你好,现在把日志发上去,请帮忙看看,我的QQ号是5位的,通常这种号最多就一万八千不得了了,再多也不会超过二万吧?但人家出的价让我有点不相信,谢谢!

附件附件:

下载次数:134
文件类型:application/octet-stream
文件大小:
上传时间:2010-7-31 7:00:21
描述:log

gototop
 
12   1  /  2  页   跳转
页面顶部
Powered by Discuz!NT