返回列表 发帖

朋友中了病毒nod 卡巴查不到的 sreng扫描日记帮看下

朋友中了病毒nod 卡巴查不到的 sreng扫描日记帮看下

中了jpg.exe 这个伪装成文件夹图片 不小心打开了  怎么帮  nod  卡巴扫不出有毒

病毒样本我打包上传 有高手帮测试下的吗? 谢谢了****2008-02-24,20:26:33

System Repair Engineer 2.5.16.900
Smallfrogs (http://www.KZTechs.com)

Windows XP Professional Service Pack 2 (Build 2600) - 管理权限用户 - 完整功能

以下内容被选中:
    所有的启动项目(包括注册表、启动文件夹、服务等)
    浏览器加载项
    正在运行的进程(包括进程模块信息)
    文件关联
    Winsock 提供者
    Autorun.inf
    HOSTS 文件
    进程特权扫描


启动项目
注册表
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
    <ctfmon.exe><C:\WINDOWS\system32\ctfmon.exe>  [(Verified)Microsoft Windows Publisher]
[HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows]
    <load><>  [N/A]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
    <amd_dc_opt><C:\Program Files\AMD\Dual-Core Optimizer\amd_dc_opt.exe>  [AMD]
    <SKYNET Personal FireWall><C:\PROGRA~1\SkyNet\FireWall\pfw.exe>  [广州众达天网技术有限公司]
    <nod32kui><"C:\Program Files\Eset\nod32kui.exe" /WAITSERVICE>  [Eset ]
    <360Safetray><C:\Program Files\360safe\safemon\360tray.exe /start>  [奇虎网]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
    <shell><Explorer.exe>  [(Verified)Microsoft Windows Component Publisher]
    <Userinit><C:\WINDOWS\system32\userinit.exe,>  [(Verified)Microsoft Windows Publisher]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Windows]
    <AppInit_DLLs><>  [N/A]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
    <UIHost><logonui.exe>  [(Verified)Microsoft Windows Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
    <{AEB6717E-7E19-11d0-97EE-00C04FD91972}><shell32.dll>  [(Verified)Microsoft Windows Component Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
    <PostBootReminder><%SystemRoot%\system32\SHELL32.dll>  [(Verified)Microsoft Windows Component Publisher]
    <CDBurn><%SystemRoot%\system32\SHELL32.dll>  [(Verified)Microsoft Windows Component Publisher]
    <WebCheck><%SystemRoot%\system32\webcheck.dll>  [(Verified)Tencent Technology(Shenzhen) Company Limited]
    <SysTray><C:\WINDOWS\system32\stobject.dll>  [(Verified)Microsoft Windows Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\crypt32chain]
    <WinlogonNotify: crypt32chain><crypt32.dll>  [(Verified)Microsoft Windows Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\cryptnet]
    <WinlogonNotify: cryptnet><cryptnet.dll>  [(Verified)Microsoft Windows Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\cscdll]
    <WinlogonNotify: cscdll><cscdll.dll>  [(Verified)Microsoft Windows Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ScCertProp]
    <WinlogonNotify: ScCertProp><wlnotify.dll>  [(Verified)Microsoft Windows Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\Schedule]
    <WinlogonNotify: Schedule><wlnotify.dll>  [(Verified)Microsoft Windows Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\sclgntfy]
    <WinlogonNotify: sclgntfy><sclgntfy.dll>  [(Verified)Microsoft Windows Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\SensLogn]
    <WinlogonNotify: SensLogn><WlNotify.dll>  [(Verified)Microsoft Windows Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\termsrv]
    <WinlogonNotify: termsrv><wlnotify.dll>  [(Verified)Microsoft Windows Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WgaLogon]
    <WinlogonNotify: WgaLogon><WgaLogon.dll>  [N/A]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\wlballoon]
    <WinlogonNotify: wlballoon><wlnotify.dll>  [(Verified)Microsoft Windows XP Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler]
    <{438755C2-A8BA-11D1-B96B-00A0C90312E1}><%SystemRoot%\system32\browseui.dll>  [Microsoft Corporation]
    <{8C7461EF-2B13-11d2-BE35-3078302C2030}><%SystemRoot%\system32\browseui.dll>  [Microsoft Corporation]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\>{22d6f312-b0f6-11d0-94ab-0080c74c7e95}]
    <Microsoft Windows Media Player><C:\WINDOWS\inf\unregmp2.exe /ShowWMP>  [(Verified)Microsoft Windows Component Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\>{26923b43-4d38-484f-9b9e-de460746276c}]
    <Internet Explorer><%systemroot%\system32\shmgrate.exe OCInstallUserConfigIE>  [N/A]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\>{60B49E34-C7CC-11D0-8953-00A0C90347FF}MICROS]
    <浏览器自定义组件><RunDLL32 IEDKCS32.DLL,BrandIE4 SIGNUP>  [(Verified)Microsoft Windows Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\>{881dd1c5-3dcf-431b-b061-f3f88e8be88a}]
    <Outlook Express><%systemroot%\system32\shmgrate.exe OCInstallUserConfigOE>  [N/A]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{2C7339CF-2B09-4501-B3F3-F3508C9228ED}]
    <Themes Setup><%SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll>  [N/A]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{44BBA840-CC51-11CF-AAFA-00AA00B6015C}]
    <Microsoft Outlook Express 6><"%ProgramFiles%\Outlook Express\setup50.exe" /APP:OE /CALLER:WINNT /user /install>  [N/A]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{44BBA842-CC51-11CF-AAFA-00AA00B6015B}]
    <NetMeeting 3.01><rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msnetmtg.inf,NetMtg.Install.PerUser.NT>  [(Verified)Microsoft Windows Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{6BF52A52-394A-11d3-B153-00C04F79FAA6}]
    <Microsoft Windows Media Player><rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\wmp.inf,PerUserStub>  [(Verified)Microsoft Windows Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{7790769C-0471-11d2-AF11-00C04FA35D02}]
    <通讯簿 6><"%ProgramFiles%\Outlook Express\setup50.exe" /APP:WAB /CALLER:WINNT /user /install>  [N/A]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{89820200-ECBD-11cf-8B85-00AA005B4340}]
    <Windows 桌面更新><regsvr32.exe /s /n /i:U shell32.dll>  [(Verified)Microsoft Windows Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{89820200-ECBD-11cf-8B85-00AA005B4383}]
    <Internet Explorer 6><%SystemRoot%\system32\ie4uinit.exe>  [(Verified)Microsoft Windows Component Publisher]
[HKEY_CURRENT_USER\Control Panel\Desktop]
    <SCRNSAVE.EXE><C:\WINDOWS\system32\bubbles.scr>  [Microsoft Corporation]

==================================
启动文件夹
N/A

==================================
服务
[Ati HotKey Poller / Ati HotKey Poller][Running/Auto Start]
  <C:\WINDOWS\system32\Ati2evxx.exe><ATI Technologies Inc.>
[Contrl Center of Storm Media / ccosm][Running/Auto Start]
  <C:\Program Files\StormII\stormliv.exe /asservice><北京暴风网际科技有限公司>
[Human Interface Device Access / HidServ][Stopped/Disabled]
  <C:\WINDOWS\System32\svchost.exe -k netsvcs-->%SystemRoot%\System32\hidserv.dll><N/A>
[NOD32 Kernel Service / NOD32krn][Running/Auto Start]
  <"C:\Program Files\Eset\nod32krn.exe"><Eset>

==================================
驱动程序
[Intel(r) 82801 Audio Driver Install Service (WDM) / ac97intc][Stopped/Manual Start]
  <system32\drivers\ac97intc.sys><Intel Corporation>
[ahcix86 / ahcix86][Running/Boot Start]
  <\SystemRoot\system32\DRIVERS\ahci8086.sys><ATI Technologies Inc.>
[AMD Processor Driver / AmdK8][Running/System Start]
  <System32\drivers\amdk8.sys><Advanced Micro Devices>
[AMD Low Level Device Driver / AmdLLD][Running/Manual Start]
  <system32\DRIVERS\AmdLLD.sys><AMD, Inc.>
[AMON / AMON][Running/Auto Start]
  <\SystemRoot\system32\drivers\amon.sys><Eset>
[ati2mtag / ati2mtag][Running/Manual Start]
  <system32\DRIVERS\ati2mtag.sys><ATI Technologies Inc.>
[ATI Function Driver for HDMI Service / AtiHdmiService][Running/Manual Start]
  <system32\drivers\AtiHdmi.sys><ATI Research Inc.>
[VIA PCI 10/100Mb Fast Ethernet Adapter NT Driver / FETNDIS][Stopped/Manual Start]
  <system32\DRIVERS\fetnd5.sys><VIA Technologies, Inc.>
[Microsoft UAA Bus Driver for High Definition Audio / HDAudBus][Running/Manual Start]
  <system32\DRIVERS\HDAudBus.sys><Windows (R) Server 2003 DDK provider>
[Intel RAID Controller / iaStor][Running/Boot Start]
  <\SystemRoot\system32\DRIVERS\iaStor7.sys><Intel Corporation>
[Service for Realtek HD Audio (WDM) / IntcAzAudAddService][Running/Manual Start]
  <system32\drivers\RtkHDAud.sys><Realtek Semiconductor Corp.>
[ITEATAPI_Service_Install / iteatapi][Running/Boot Start]
  <\SystemRoot\system32\DRIVERS\iteatapi.sys><Integrated Technology Express, Inc.>
[JMicron Hot-Plug Driver / JGOGO][Running/Boot Start]
  <\SystemRoot\system32\DRIVERS\JGOGO.sys><JMicron>
[JRAID / JRAID][Running/Boot Start]
  <\SystemRoot\system32\DRIVERS\jraid.sys><JMicron Technology Corp.>
[m5228 / m5228][Running/Boot Start]
  <\SystemRoot\system32\DRIVERS\m5228.sys><ALi Corporation.>
[m5281 / m5281][Running/Boot Start]
  <\SystemRoot\system32\DRIVERS\m5281.sys><ALi Corporation>
[m5287 / m5287][Running/Boot Start]
  <\SystemRoot\system32\DRIVERS\m5287.sys><ULi Electronics Inc.>
[m5288 / m5288][Running/Boot Start]
  <\SystemRoot\system32\DRIVERS\m5288.sys><ULi Electronics Inc.>
[m5289 / m5289][Running/Boot Start]
  <\SystemRoot\system32\DRIVERS\m5289.sys><ULi Electronics Inc.>
[mv61xx / mv61xx][Running/Boot Start]
  <\SystemRoot\system32\DRIVERS\mv61xx.sys><Marvell Semiconductor, Inc.>
[nod32drv / nod32drv][Running/System Start]
  <\SystemRoot\system32\drivers\nod32drv.sys><N/A>
[nv / nv][Stopped/Manual Start]
  <system32\DRIVERS\nv4_mini.sys><NVIDIA Corporation>
[nvatabus / nvatabus][Running/Boot Start]
  <\SystemRoot\system32\DRIVERS\nvatabus.sys><NVIDIA Corporation>
[nvgts / nvgts][Running/Boot Start]
  <\SystemRoot\system32\DRIVERS\nvgts.sys><NVIDIA Corporation>
[NVIDIA nForce RAID Driver / nvrd32][Running/Boot Start]
  <\SystemRoot\system32\DRIVERS\nvrd32.sys><NVIDIA Corporation>
[Direct Parallel Link Driver / Ptilink][Running/Manual Start]
  <system32\DRIVERS\ptilink.sys><Parallel Technologies, Inc.>
[Realtek 10/100/1000 PCI NIC Family NDIS XP Driver / RTL8023xp][Running/Manual Start]
  <system32\DRIVERS\Rtnicxp.sys><Realtek Semiconductor Corporation>
[Secdrv / Secdrv][Stopped/Manual Start]
  <system32\DRIVERS\secdrv.sys><Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.>
[ATI-437A Serial ATA Controller / SI3112r][Running/Boot Start]
  <\SystemRoot\system32\DRIVERS\SI3112r.sys><Silicon Image, Inc>
[SATALink driver accelerator / SiFilter][Running/Boot Start]
  <\SystemRoot\system32\DRIVERS\SiWinAcc.sys><Silicon Image, Inc.>
[SiSRaid / SiSRaid][Running/Boot Start]
  <\SystemRoot\system32\DRIVERS\SiSRaid.sys><Silicon Integrated Systems>
[SiSRaid2 / SiSRaid2][Running/Boot Start]
  <\SystemRoot\system32\DRIVERS\SiSRaid2.sys><Silicon Integrated Systems Corp>
[SiSRaid4 / SiSRaid4][Running/Boot Start]
  <\SystemRoot\system32\DRIVERS\sisraid4.sys><Silicon Integrated Systems>
[SKNFW / SKNFW][Running/System Start]
  <\??\C:\WINDOWS\system32\Drivers\SKNFW.sys><N/A>
[SkyProcs / SkyProcs][Running/Manual Start]
  <\??\C:\PROGRA~1\SkyNet\FireWall\SkyProcs.sys><N/A>
[TCP/IP Protocol Driver / Tcpip][Running/System Start]
  <system32\DRIVERS\tcpip.sys><Microsoft Corporation>
[viamraid / viamraid][Stopped/Boot Start]
  <\SystemRoot\system32\DRIVERS\viamraid.sys><VIA Technologies inc,.ltd>
[vmscsi / vmscsi][Running/Boot Start]
  <\SystemRoot\system32\DRIVERS\vmscsi.sys><VMware, Inc.>

==================================
浏览器加载项
[ThunderAtOnce Class]
  {01443AEC-0FD1-40fd-9C87-E93D1494C233} <C:\Program Files\Thunder\ComDlls\TDAtOnce_Now.dll, Thunder Networking Technologies,LTD>
[Thunder Browser Helper]
  {889D2FEB-5411-4565-8998-1DD2C5261283} <C:\Program Files\Thunder\ComDlls\xunleiBHO_Now.dll, Thunder Networking Technologies,LTD>
[SafeMon Class]
  {B69F34DD-F0F9-42DC-9EDD-957187DA688D} <C:\Program Files\360safe\safemon\safemon.dll, 奇虎网>
[迅雷5]
  {09BA8F6D-CB54-424B-839C-C2A6C8E6B436} <C:\Program Files\Thunder\Thunder.exe, Thunder Networking Technologies,LTD>
[深度技术论坛]
  {6096E38F-5AC1-4391-8EC4-75DFA92FB32F} <http://bbs.deepin.org, N/A>
[Shockwave Flash Object]
  {D27CDB6E-AE6D-11CF-96B8-444553540000} <C:\WINDOWS\system32\Macromed\Flash\Flash9e.ocx, Adobe Systems, Inc.>
[ThunderAtOnce Class]
  {01443AEC-0FD1-40FD-9C87-E93D1494C233} <C:\Program Files\Thunder\ComDlls\TDAtOnce_Now.dll, Thunder Networking Technologies,LTD>
[GerneralPeerID Class]
  {0A47E819-F82E-4D5D-B806-6A9EA94D68CD} <C:\Program Files\Thunder Network\Thunder\Components\InMedia\peerid.dll, N/A>
[Thunder Agent Class]
  {485463B7-8FB2-4B3B-B29B-8B919B0EACCE} <C:\Program Files\Thunder\ComDlls\ThunderAgent_Now.dll, Thunder Networking Technologies,LTD>
[XMP Class]
  {6483F145-A768-4C41-AACC-52D4D7845851} <C:\Documents and Settings\All Users\Application Data\Thunder Network\KanKan\xplayer.dll_1_work, >
[XDRM]
  {693571CB-54A3-4E90-9D52-EEAE1334E2D3} <C:\Documents and Settings\All Users\Application Data\Thunder Network\KanKan\xdrm.dll_1_work, >
[Windows Media Player]
  {6BF52A52-394A-11D3-B153-00C04F79FAA6} <C:\WINDOWS\system32\wmp.dll, Microsoft Corporation>
[MediaComm Class]
  {7670648D-461B-42AF-BDFE-46D26AF5EFF2} <C:\Program Files\Thunder Network\Thunder\Components\InMedia\MediaAddin15.dll, N/A>
[360SafeLive]
  {87515F61-A66C-4319-A0E0-D416CB8059E3} <C:\Program Files\360safe\live.dll, 360safe.com>
[Microsoft Web 浏览器]
  {8856F961-340A-11D0-A96B-00C04FD705A2} <C:\WINDOWS\system32\shdocvw.dll, Microsoft Corporation>
[Thunder Browser Helper]
  {889D2FEB-5411-4565-8998-1DD2C5261283} <C:\Program Files\Thunder\ComDlls\xunleiBHO_Now.dll, Thunder Networking Technologies,LTD>
[RMGetLicense Class]
  {A9FC132B-096D-460B-B7D5-1DB0FAE0C062} <C:\WINDOWS\system32\msnetobj.dll, Microsoft Corporation>
[Thunder DapCtrl]
  {ACACC6EB-1FBA-4E13-A729-53AEB2DF54F8} <C:\Program Files\Thunder\Components\DownAndPlay\DapCtrl1.4.19.22.642.dll, ShenZhen Thunder Networking Technologies Ltd.>
[SearchAssistantOC]
  {B45FF030-4447-11D2-85DE-00C04FA35C89} <%SystemRoot%\system32\shdocvw.dll, N/A>
[SafeMon Class]
  {B69F34DD-F0F9-42DC-9EDD-957187DA688D} <C:\Program Files\360safe\safemon\safemon.dll, 奇虎网>
[Shockwave Flash Object]
  {D27CDB6E-AE6D-11CF-96B8-444553540000} <C:\WINDOWS\system32\Macromed\Flash\Flash9e.ocx, Adobe Systems, Inc.>
[PasswordEditCtrl Class]
  {E787FD25-8D7C-4693-AE67-9406BC6E22DF} <C:\WINDOWS\system32\qqedit\qqedit.dll, 腾讯科技(深圳)有限公司>
[Thunder DapPlayer]
  {EEDD6FF9-13DE-496B-9A1C-D78B3215E266} <C:\Program Files\Thunder\Components\DownAndPlay\DapPlayer3.0.44.68.642.dll, ShenZhen Thunder Networking Technologies Ltd.>
[XPPlayer Class]
  {F3E70CEA-956E-49CC-B444-73AFE593AD7F} <C:\Documents and Settings\All Users\Application Data\Thunder Network\KanKan\pplayer.dll_1_work, Thunder>
[使用迅雷下载]
  <C:\Program Files\Thunder\Program\geturl.htm, N/A>
[使用迅雷下载全部链接]
  <C:\Program Files\Thunder\Program\getallurl.htm, N/A>

==================================
正在运行的进程
[PID: 696 / SYSTEM][\SystemRoot\System32\smss.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 744 / SYSTEM][\??\C:\WINDOWS\system32\csrss.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
    [C:\WINDOWS\system32\GDI32.dll]  [Microsoft Corporation, 5.1.2600.3159 (xpsp_sp2_gdr.070619-1300)]
    [C:\WINDOWS\system32\sxs.dll]  [Microsoft Corporation, 5.1.2600.3019 (xpsp_sp2_gdr.061019-0414)]
[PID: 776 / SYSTEM][\??\C:\WINDOWS\system32\winlogon.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
    [C:\WINDOWS\system32\GDI32.dll]  [Microsoft Corporation, 5.1.2600.3159 (xpsp_sp2_gdr.070619-1300)]
    [C:\WINDOWS\system32\SHLWAPI.dll]  [Microsoft Corporation, 6.00.2900.3231 (xpsp_sp2_gdr.071010-1320)]
    [C:\WINDOWS\system32\sfc_os.dll]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
    [C:\WINDOWS\system32\uxtheme.dll]  [Microsoft Corporation, 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)]
    [C:\WINDOWS\system32\Ati2evxx.dll]  [ATI Technologies Inc., 6.14.10.4176]
[PID: 820 / SYSTEM][C:\WINDOWS\system32\services.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
    [C:\WINDOWS\system32\GDI32.dll]  [Microsoft Corporation, 5.1.2600.3159 (xpsp_sp2_gdr.070619-1300)]
    [C:\WINDOWS\system32\SHLWAPI.dll]  [Microsoft Corporation, 6.00.2900.3231 (xpsp_sp2_gdr.071010-1320)]
    [C:\WINDOWS\system32\UxTheme.dll]  [Microsoft Corporation, 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 832 / SYSTEM][C:\WINDOWS\system32\lsass.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
    [C:\WINDOWS\system32\GDI32.dll]  [Microsoft Corporation, 5.1.2600.3159 (xpsp_sp2_gdr.070619-1300)]
    [C:\WINDOWS\system32\SHLWAPI.dll]  [Microsoft Corporation, 6.00.2900.3231 (xpsp_sp2_gdr.071010-1320)]
    [C:\WINDOWS\system32\UxTheme.dll]  [Microsoft Corporation, 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)]
    [C:\WINDOWS\system32\imon.dll]  [Eset , 2, 70, 39 ]
    [C:\Program Files\Eset\pr_imon.dll]  [N/A, ]
[PID: 988 / SYSTEM][C:\WINDOWS\system32\Ati2evxx.exe]  [ATI Technologies Inc., 6.14.10.4178]
    [C:\WINDOWS\system32\GDI32.dll]  [Microsoft Corporation, 5.1.2600.3159 (xpsp_sp2_gdr.070619-1300)]
    [C:\WINDOWS\system32\Ati2edxx.dll]  [ATI Technologies, Inc., 6, 14, 10, 2512]
    [C:\WINDOWS\system32\atipdlxx.dll]  [ATI Technologies, Inc., 6, 14, 10, 2524]
    [C:\WINDOWS\system32\uxtheme.dll]  [Microsoft Corporation, 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 1004 / SYSTEM][C:\WINDOWS\system32\svchost.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
    [C:\WINDOWS\system32\GDI32.dll]  [Microsoft Corporation, 5.1.2600.3159 (xpsp_sp2_gdr.070619-1300)]
    [C:\WINDOWS\system32\SHLWAPI.dll]  [Microsoft Corporation, 6.00.2900.3231 (xpsp_sp2_gdr.071010-1320)]
    [C:\WINDOWS\system32\UxTheme.dll]  [Microsoft Corporation, 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 1112 / NETWORK SERVICE][C:\WINDOWS\system32\svchost.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
    [C:\WINDOWS\system32\GDI32.dll]  [Microsoft Corporation, 5.1.2600.3159 (xpsp_sp2_gdr.070619-1300)]
    [C:\WINDOWS\system32\SHLWAPI.dll]  [Microsoft Corporation, 6.00.2900.3231 (xpsp_sp2_gdr.071010-1320)]
    [C:\WINDOWS\system32\UxTheme.dll]  [Microsoft Corporation, 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)]
    [C:\WINDOWS\system32\imon.dll]  [Eset , 2, 70, 39 ]
    [C:\Program Files\Eset\pr_imon.dll]  [N/A, ]
[PID: 1232 / SYSTEM][C:\WINDOWS\System32\svchost.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
    [C:\WINDOWS\system32\GDI32.dll]  [Microsoft Corporation, 5.1.2600.3159 (xpsp_sp2_gdr.070619-1300)]
    [C:\WINDOWS\system32\SHLWAPI.dll]  [Microsoft Corporation, 6.00.2900.3231 (xpsp_sp2_gdr.071010-1320)]
    [C:\WINDOWS\System32\UxTheme.dll]  [Microsoft Corporation, 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)]
    [C:\WINDOWS\system32\WININET.dll]  [Microsoft Corporation, 6.00.2900.3231 (xpsp_sp2_gdr.071010-1320)]
    [C:\WINDOWS\system32\imon.dll]  [Eset , 2, 70, 39 ]
    [C:\Program Files\Eset\pr_imon.dll]  [N/A, ]
    [C:\WINDOWS\System32\SXS.DLL]  [Microsoft Corporation, 5.1.2600.3019 (xpsp_sp2_gdr.061019-0414)]
    [C:\WINDOWS\System32\sfc_os.dll]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 1316 / NETWORK SERVICE][C:\WINDOWS\system32\svchost.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
    [C:\WINDOWS\system32\GDI32.dll]  [Microsoft Corporation, 5.1.2600.3159 (xpsp_sp2_gdr.070619-1300)]
    [C:\WINDOWS\system32\SHLWAPI.dll]  [Microsoft Corporation, 6.00.2900.3231 (xpsp_sp2_gdr.071010-1320)]
    [C:\WINDOWS\system32\UxTheme.dll]  [Microsoft Corporation, 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)]
    [C:\WINDOWS\system32\imon.dll]  [Eset , 2, 70, 39 ]
    [C:\Program Files\Eset\pr_imon.dll]  [N/A, ]
[PID: 1356 / SYSTEM][C:\WINDOWS\system32\Ati2evxx.exe]  [ATI Technologies Inc., 6.14.10.4178]
    [C:\WINDOWS\system32\GDI32.dll]  [Microsoft Corporation, 5.1.2600.3159 (xpsp_sp2_gdr.070619-1300)]
    [C:\WINDOWS\system32\Ati2edxx.dll]  [ATI Technologies, Inc., 6, 14, 10, 2512]
    [C:\WINDOWS\system32\atipdlxx.dll]  [ATI Technologies, Inc., 6, 14, 10, 2524]
    [C:\WINDOWS\system32\ati2evxx.dll]  [ATI Technologies Inc., 6.14.10.4176]
    [C:\WINDOWS\system32\uxtheme.dll]  [Microsoft Corporation, 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 1416 / LOCAL SERVICE][C:\WINDOWS\system32\svchost.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
    [C:\WINDOWS\system32\GDI32.dll]  [Microsoft Corporation, 5.1.2600.3159 (xpsp_sp2_gdr.070619-1300)]
    [C:\WINDOWS\system32\SHLWAPI.dll]  [Microsoft Corporation, 6.00.2900.3231 (xpsp_sp2_gdr.071010-1320)]
    [C:\WINDOWS\system32\UxTheme.dll]  [Microsoft Corporation, 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)]
    [C:\WINDOWS\system32\WININET.dll]  [Microsoft Corporation, 6.00.2900.3231 (xpsp_sp2_gdr.071010-1320)]
    [C:\WINDOWS\system32\imon.dll]  [Eset , 2, 70, 39 ]
    [C:\Program Files\Eset\pr_imon.dll]  [N/A, ]
[PID: 1620 / SYSTEM][C:\WINDOWS\system32\spoolsv.exe]  [Microsoft Corporation, 5.1.2600.2696 (xpsp_sp2_gdr.050610-1519)]
    [C:\WINDOWS\system32\GDI32.dll]  [Microsoft Corporation, 5.1.2600.3159 (xpsp_sp2_gdr.070619-1300)]
    [C:\WINDOWS\system32\SHLWAPI.dll]  [Microsoft Corporation, 6.00.2900.3231 (xpsp_sp2_gdr.071010-1320)]
    [C:\WINDOWS\system32\UxTheme.dll]  [Microsoft Corporation, 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)]
    [C:\WINDOWS\system32\sfc_os.dll]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 1784 / Administrator][C:\WINDOWS\Explorer.EXE]  [Microsoft Corporation, 6.00.2900.3156 (xpsp_sp2_gdr.070613-1234)]
    [C:\WINDOWS\system32\BROWSEUI.dll]  [Microsoft Corporation, 6.00.2900.3231 (xpsp_sp2_gdr.071010-1320)]
    [C:\WINDOWS\system32\GDI32.dll]  [Microsoft Corporation, 5.1.2600.3159 (xpsp_sp2_gdr.070619-1300)]
    [C:\WINDOWS\system32\SHLWAPI.dll]  [Microsoft Corporation, 6.00.2900.3231 (xpsp_sp2_gdr.071010-1320)]
    [C:\WINDOWS\system32\SHDOCVW.dll]  [Microsoft Corporation, 6.00.2900.3231 (xpsp_sp2_gdr.071010-1320)]
    [C:\WINDOWS\system32\WININET.dll]  [Microsoft Corporation, 6.00.2900.3231 (xpsp_sp2_gdr.071010-1320)]
    [C:\WINDOWS\system32\UxTheme.dll]  [Microsoft Corporation, 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)]
    [C:\WINDOWS\system32\urlmon.dll]  [Microsoft Corporation, 6.00.2900.3231 (xpsp_sp2_gdr.071010-1320)]
    [C:\Program Files\360safe\safemon\safemon.dll]  [奇虎网, 4, 0, 3, 1003]
    [D:\QQ2007\Tencent\qdshm.dll]  [, 1, 0, 101, 20]
    [C:\Program Files\WinRAR\rarext.dll]  [N/A, ]
    [C:\Program Files\Eset\nodshex.dll]  [N/A, ]
    [C:\Program Files\Imagine\Imagine.DLL]  [nyam's Laboratory, 0.9.7.0]
    [C:\Program Files\Imagine\Plugin\J2K.DLL]  [N/A, ]
    [C:\Program Files\Imagine\Plugin\JBIG.DLL]  [N/A, ]
    [C:\Program Files\Thunder\Components\ResWorker\DsBho_00.dll]  [, 1, 0, 0, 17]
    [C:\Program Files\Thunder\Components\ResWorker\DataProcessor_00.dll]  [Thunder Networking Technologies,LTD, 1, 0, 0, 16]
    [C:\WINDOWS\system32\SXS.DLL]  [Microsoft Corporation, 5.1.2600.3019 (xpsp_sp2_gdr.061019-0414)]
    [C:\WINDOWS\system32\shdoclc.dll]  [Microsoft Corporation, 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 1968 / Administrator][C:\Program Files\Eset\nod32kui.exe]  [Eset , 2, 70, 39 ]
    [C:\WINDOWS\system32\GDI32.dll]  [Microsoft Corporation, 5.1.2600.3159 (xpsp_sp2_gdr.070619-1300)]
    [C:\WINDOWS\system32\SHLWAPI.dll]  [Microsoft Corporation, 6.00.2900.3231 (xpsp_sp2_gdr.071010-1320)]
    [C:\Program Files\Eset\nod32rui.dll]  [N/A, ]
    [C:\WINDOWS\system32\uxtheme.dll]  [Microsoft Corporation, 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)]
    [C:\Program Files\360safe\safemon\safemon.dll]  [奇虎网, 4, 0, 3, 1003]
    [C:\Program Files\Eset\pu_amon.dll]  [Eset , 2, 70, 39 ]
    [C:\Program Files\Eset\pr_amon.dll]  [Eset , 2, 70, 39 ]
    [C:\Program Files\Eset\pu_dmon.dll]  [Eset , 2, 70, 39 ]
    [C:\Program Files\Eset\pr_dmon.dll]  [N/A, ]
    [C:\Program Files\Eset\pu_emon.dll]  [Eset , 2, 70, 39 ]
    [C:\Program Files\Eset\pr_emon.dll]  [N/A, ]
    [C:\Program Files\Eset\pu_imon.dll]  [Eset , 2, 70, 39 ]
    [C:\Program Files\Eset\pr_imon.dll]  [N/A, ]
    [C:\Program Files\Eset\pu_nod32.dll]  [Eset , 2, 70, 39 ]
    [C:\Program Files\Eset\pr_nod32.dll]  [Eset , 2, 70, 39 ]
    [C:\Program Files\Eset\pu_upd.dll]  [Eset , 2, 70, 39 ]
    [C:\Program Files\Eset\pr_upd.dll]  [N/A, ]
[PID: 1984 / Administrator][C:\Program Files\360safe\safemon\360tray.exe]  [奇虎网, 4, 0, 3, 1003]
    [C:\WINDOWS\system32\GDI32.dll]  [Microsoft Corporation, 5.1.2600.3159 (xpsp_sp2_gdr.070619-1300)]
    [C:\WINDOWS\system32\SHLWAPI.dll]  [Microsoft Corporation, 6.00.2900.3231 (xpsp_sp2_gdr.071010-1320)]
    [C:\WINDOWS\system32\urlmon.dll]  [Microsoft Corporation, 6.00.2900.3231 (xpsp_sp2_gdr.071010-1320)]
    [C:\WINDOWS\system32\WININET.dll]  [Microsoft Corporation, 6.00.2900.3231 (xpsp_sp2_gdr.071010-1320)]
    [C:\WINDOWS\system32\uxtheme.dll]  [Microsoft Corporation, 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)]
    [C:\Program Files\360safe\safemon\safemon.dll]  [奇虎网, 4, 0, 3, 1003]
    [C:\Program Files\360safe\safemon\SafeKrnl.dll]  [奇虎网, 4, 0, 3, 1001]
    [C:\Program Files\360safe\AntiAdwa.dll]  [360Safe.com, 4, 0, 0, 1002]
    [C:\Program Files\360safe\live.dll]  [360safe.com, 1, 0, 1, 1022]
    [C:\WINDOWS\system32\imon.dll]  [Eset , 2, 70, 39 ]
    [C:\Program Files\Eset\pr_imon.dll]  [N/A, ]
[PID: 1992 / Administrator][C:\WINDOWS\system32\ctfmon.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
    [C:\WINDOWS\system32\GDI32.dll]  [Microsoft Corporation, 5.1.2600.3159 (xpsp_sp2_gdr.070619-1300)]
    [C:\WINDOWS\system32\SHLWAPI.dll]  [Microsoft Corporation, 6.00.2900.3231 (xpsp_sp2_gdr.071010-1320)]
    [C:\WINDOWS\system32\UxTheme.dll]  [Microsoft Corporation, 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 208 / SYSTEM][C:\Program Files\StormII\stormliv.exe]  [北京暴风网际科技有限公司, 3, 8, 3, 1]
    [C:\WINDOWS\system32\SHLWAPI.dll]  [Microsoft Corporation, 6.00.2900.3231 (xpsp_sp2_gdr.071010-1320)]
    [C:\WINDOWS\system32\GDI32.dll]  [Microsoft Corporation, 5.1.2600.3159 (xpsp_sp2_gdr.070619-1300)]
    [C:\WINDOWS\system32\WININET.dll]  [Microsoft Corporation, 6.00.2900.3231 (xpsp_sp2_gdr.071010-1320)]
    [C:\WINDOWS\system32\uxtheme.dll]  [Microsoft Corporation, 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)]
    [C:\WINDOWS\system32\imon.dll]  [Eset , 2, 70, 39 ]
    [C:\Program Files\Eset\pr_imon.dll]  [N/A, ]
    [C:\WINDOWS\system32\urlmon.dll]  [Microsoft Corporation, 6.00.2900.3231 (xpsp_sp2_gdr.071010-1320)]
[PID: 260 / SYSTEM][C:\Program Files\Eset\nod32krn.exe]  [Eset , 2, 70, 39 ]
    [C:\WINDOWS\system32\GDI32.dll]  [Microsoft Corporation, 5.1.2600.3159 (xpsp_sp2_gdr.070619-1300)]
    [C:\Program Files\Eset\nod32krr.dll]  [Eset , 2, 70, 39 ]
    [C:\Program Files\Eset\ps_amon.dll]  [Eset , 2, 70, 39 ]
    [C:\Program Files\Eset\pr_amon.dll]  [Eset , 2, 70, 39 ]
    [C:\Program Files\Eset\ps_dmon.dll]  [Eset , 2, 70, 39 ]
    [C:\Program Files\Eset\pr_dmon.dll]  [N/A, ]
    [C:\Program Files\Eset\ps_emon.dll]  [Eset , 2, 70, 39 ]
    [C:\WINDOWS\system32\SHLWAPI.dll]  [Microsoft Corporation, 6.00.2900.3231 (xpsp_sp2_gdr.071010-1320)]
    [C:\Program Files\Eset\pr_emon.dll]  [N/A, ]
    [C:\WINDOWS\system32\imon.dll]  [Eset , 2, 70, 39 ]
    [C:\Program Files\Eset\pr_imon.dll]  [N/A, ]
    [C:\Program Files\Eset\ps_nod32.dll]  [Eset , 2, 70, 39 ]
    [C:\Program Files\Eset\pr_nod32.dll]  [Eset , 2, 70, 39 ]
    [C:\Program Files\Eset\ps_upd.dll]  [Eset , 2, 70, 39 ]
    [C:\Program Files\Eset\pr_upd.dll]  [N/A, ]
    [C:\WINDOWS\system32\uxtheme.dll]  [Microsoft Corporation, 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 1876 / LOCAL SERVICE][C:\WINDOWS\System32\alg.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
    [C:\WINDOWS\system32\GDI32.dll]  [Microsoft Corporation, 5.1.2600.3159 (xpsp_sp2_gdr.070619-1300)]
    [C:\WINDOWS\system32\SHLWAPI.dll]  [Microsoft Corporation, 6.00.2900.3231 (xpsp_sp2_gdr.071010-1320)]
    [C:\WINDOWS\System32\UxTheme.dll]  [Microsoft Corporation, 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)]
    [C:\WINDOWS\system32\imon.dll]  [Eset , 2, 70, 39 ]
    [C:\Program Files\Eset\pr_imon.dll]  [N/A, ]
[PID: 1888 / Administrator][D:\QQ2007\Tencent\QQ.exe]  [TENCENT, 7,1,638,1773]
    [D:\QQ2007\Tencent\QQBaseClassInDll.dll]  [TENCENT, 7,1,638,1773]
    [D:\QQ2007\Tencent\QQHelperDll.dll]  [TENCENT, 7,1,638,1773]
    [D:\QQ2007\Tencent\BasicCtrlDll.dll]  [TENCENT, 7,1,638,1773]
    [C:\WINDOWS\system32\GDI32.dll]  [Microsoft Corporation, 5.1.2600.3159 (xpsp_sp2_gdr.070619-1300)]
    [C:\WINDOWS\system32\SHLWAPI.dll]  [Microsoft Corporation, 6.00.2900.3231 (xpsp_sp2_gdr.071010-1320)]
    [C:\WINDOWS\system32\WININET.dll]  [Microsoft Corporation, 6.00.2900.3231 (xpsp_sp2_gdr.071010-1320)]
    [D:\QQ2007\Tencent\MSIMG32.dll]  [N/A, ]
    [C:\WINDOWS\system32\uxtheme.dll]  [Microsoft Corporation, 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)]
    [C:\Program Files\360safe\safemon\safemon.dll]  [奇虎网, 4, 0, 3, 1003]
    [D:\QQ2007\Tencent\FinePlus.dll]  [N/A, ]
    [D:\QQ2007\Tencent\fphelper.dll]  [N/A, ]
    [D:\QQ2007\Tencent\QQAPI.dll]  [TENCENT, 7,1,638,1773]
    [D:\Program Files\QQ2007\TIMProxy.dll]  [tencent, 0, 3, 2, 4]
    [C:\WINDOWS\system32\SXS.DLL]  [Microsoft Corporation, 5.1.2600.3019 (xpsp_sp2_gdr.061019-0414)]
    [D:\QQ2007\Tencent\LoginCtrl.dll]  [TENCENT, 7,1,638,1773]
    [D:\QQ2007\Tencent\LoginCtrlRes.dll]  [TENCENT, 7,1,638,1773]
    [D:\QQ2007\Tencent\QQRes.dll]  [TENCENT, 7,0,431,1723]
    [D:\QQ2007\Tencent\QQMainFrame.dll]  [N/A, ]
    [C:\WINDOWS\system32\urlmon.dll]  [Microsoft Corporation, 6.00.2900.3231 (xpsp_sp2_gdr.071010-1320)]
    [C:\WINDOWS\system32\shdocvw.dll]  [Microsoft Corporation, 6.00.2900.3231 (xpsp_sp2_gdr.071010-1320)]
    [D:\QQ2007\Tencent\UnReadMsgMgr.dll]  [N/A, ]
    [D:\QQ2007\Tencent\QQPlugin.dll]  [N/A, ]
    [D:\QQ2007\Tencent\CQQApplication.dll]  [N/A, ]
    [D:\QQ2007\Tencent\FlashAvatarDll.dll]  [, 1, 4, 0, 1]
    [D:\QQ2007\Tencent\NewSkin.dll]  [TENCENT, 7,1,638,1773]
    [D:\QQ2007\Tencent\decode.dll]  [N/A, ]
    [D:\QQ2007\Tencent\aqing.dll]  [Microsoft Corporation, 5.6.0.8825]
    [D:\QQ2007\Tencent\MailSummary.dll]  [TENCENT, 7,1,638,1773]
    [D:\QQ2007\Tencent\QQSpace.dll]  [TENCENT, 7,1,638,1773]
    [D:\QQ2007\Tencent\vbscript.dll]  [Microsoft Corporation, 5.6.0.8825]
    [D:\QQ2007\Tencent\QQAllInOne.dll]  [TENCENT, 7,1,638,1773]
    [D:\QQ2007\Tencent\SCCore.dll]  [TENCENT, 1, 6, 0, 2]
    [D:\QQ2007\Tencent\CameraDll.dll]  [TENCENT, 7,1,638,1773]
    [C:\WINDOWS\system32\imon.dll]  [Eset , 2, 70, 39 ]
    [C:\Program Files\Eset\pr_imon.dll]  [N/A, ]
    [C:\WINDOWS\system32\msdmo.dll]  [, ]
    [D:\QQ2007\Tencent\QQKnowledgeSearch.dll]  [TENCENT, 7,1,638,1773]
    [D:\QQ2007\Tencent\OEMApplication.dll]  [TENCENT, 7,1,638,1773]
    [D:\QQ2007\Tencent\QQGroupMng.dll]  [TENCENT, 7,1,638,1773]
    [D:\QQ2007\Tencent\QQAvatar.dll]  [N/A, ]
    [D:\QQ2007\Tencent\QQPet.dll]  [TENCENT, 7,1,638,1773]
    [D:\QQ2007\Tencent\QQSysMsgMng.dll]  [N/A, ]
    [D:\QQ2007\Tencent\UserDefinedHead.dll]  [TENCENT, 7,1,638,1773]
    [D:\QQ2007\Tencent\QQConfigPlugin.dll]  [TENCENT, 7,1,638,1773]
    [D:\QQ2007\Tencent\QQCustomFace.dll]  [N/A, ]
    [D:\QQ2007\Tencent\QRingMng.dll]  [N/A, ]
    [D:\QQ2007\Tencent\LongConnection.dll]  [TENCENT, 7,1,638,1773]
    [D:\QQ2007\Tencent\PhoneAPI.dll]  [TENCENT, 7,1,638,1773]
    [D:\QQ2007\Tencent\DialerAllinOne.dll]  [tencent, 1, 4, 0, 0]
    [D:\QQ2007\Tencent\BQQApplication.dll]  [N/A, ]
    [D:\QQ2007\Tencent\PersonalDesktop.dll]  [TENCENT, 7,1,638,1773]
    [D:\QQ2007\Tencent\CommercesMng.dll]  [TENCENT, 7,1,638,1773]
    [D:\QQ2007\Tencent\QQAddr.dll]  [深圳市腾讯计算机系统有限公司, 5, 0, 101, 330]
    [D:\QQ2007\Tencent\QQLiveQMng.dll]  [TENCENT, 7,1,638,1773]
    [D:\QQ2007\Tencent\ImageOle.dll]  [TENCENT, 7,1,638,1773]
    [D:\QQ2007\Tencent\QQSceneMng.dll]  [N/A, ]
    [C:\WINDOWS\system32\SOGOUPY.IME]  [Sohu.com Inc., 3, 1, 0, 0]
    [C:\Program Files\SogouInput\Plugin\SgImeWord.dll]  [, 1, 0, 0, 31]
    [C:\Program Files\SogouInput\ZipLib.dll]  [N/A, ]
    [D:\QQ2007\Tencent\GroupConnection.dll]  [TENCENT, 7,1,638,1773]
    [D:\QQ2007\Tencent\QQMagicFace.dll]  [TENCENT, 7,1,638,1773]
    [C:\WINDOWS\system32\Macromed\Flash\Flash9e.ocx]  [Adobe Systems, Inc., 9,0,115,0]
    [D:\QQ2007\Tencent\QQFileTransfer.dll]  [TENCENT, 7,1,638,1773]
    [D:\QQ2007\Tencent\VqqModule.dll]  [TENCENT, 7,0,431,1723]
    [D:\QQ2007\Tencent\VqqAllInOne.dll]  [Tencent, 1, 6, 0, 4]
    [D:\QQ2007\Tencent\InPlus.dll]  [Tencent, 1, 6, 0, 4]
    [D:\QQ2007\Tencent\tencent-proto1.dll]  [tencent, 1, 6, 0, 4]
    [D:\QQ2007\Tencent\tencent-comlib.dll]  [tencent, 1, 6, 0, 4]
    [D:\QQ2007\Tencent\tencent-proto2.dll]  [tencent, 1, 6, 0, 4]
[PID: 2720 / Administrator][D:\Program Files\QQ2007\TIMPlatform.exe]  [TENCENT, 7,0,431,1723]
    [C:\WINDOWS\system32\GDI32.dll]  [Microsoft Corporation, 5.1.2600.3159 (xpsp_sp2_gdr.070619-1300)]
    [C:\WINDOWS\system32\uxtheme.dll]  [Microsoft Corporation, 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)]
    [C:\Program Files\360safe\safemon\safemon.dll]  [奇虎网, 4, 0, 3, 1003]
    [C:\WINDOWS\system32\SHLWAPI.dll]  [Microsoft Corporation, 6.00.2900.3231 (xpsp_sp2_gdr.071010-1320)]
    [D:\Program Files\QQ2007\TIMProxy.dll]  [tencent, 0, 3, 2, 4]
    [C:\WINDOWS\system32\SXS.DLL]  [Microsoft Corporation, 5.1.2600.3019 (xpsp_sp2_gdr.061019-0414)]
[PID: 1860 / Administrator][D:\QQ2007\Tencent\qqpet\QQPenguin\QQPenguin.exe]  [腾讯公司, 2, 64, 101, 8]
    [C:\WINDOWS\system32\WININET.dll]  [Microsoft Corporation, 6.00.2900.3231 (xpsp_sp2_gdr.071010-1320)]
    [C:\WINDOWS\system32\GDI32.dll]  [Microsoft Corporation, 5.1.2600.3159 (xpsp_sp2_gdr.070619-1300)]
    [C:\WINDOWS\system32\SHLWAPI.dll]  [Microsoft Corporation, 6.00.2900.3231 (xpsp_sp2_gdr.071010-1320)]
    [D:\QQ2007\Tencent\qqpet\QQPenguin\Pnet.dll]  [N/A, ]
    [D:\QQ2007\Tencent\qqpet\QQPenguin\Prm.dll]  [, 1, 0, 0, 1]
    [C:\WINDOWS\system32\uxtheme.dll]  [Microsoft Corporation, 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)]
    [C:\Program Files\360safe\safemon\safemon.dll]  [奇虎网, 4, 0, 3, 1003]
    [D:\QQ2007\Tencent\qqpet\QQPenguin\TerSafe.dll]  [tencent, 1, 0, 11, 6]
    [D:\QQ2007\Tencent\qqpet\QQPenguin\QQPetResDownloadPet.dll]  [, 6, 1, 101, 1]
    [D:\QQ2007\Tencent\qqpet\QQPenguin\QQPetCommunity.dll]  [, 6, 5, 101, 1]
    [C:\WINDOWS\system32\imon.dll]  [Eset , 2, 70, 39 ]
    [C:\Program Files\Eset\pr_imon.dll]  [N/A, ]
    [C:\WINDOWS\system32\Macromed\Flash\Flash9e.ocx]  [Adobe Systems, Inc., 9,0,115,0]
    [C:\WINDOWS\system32\urlmon.dll]  [Microsoft Corporation, 6.00.2900.3231 (xpsp_sp2_gdr.071010-1320)]
    [C:\WINDOWS\system32\SXS.DLL]  [Microsoft Corporation, 5.1.2600.3019 (xpsp_sp2_gdr.061019-0414)]
    [C:\WINDOWS\system32\shdocvw.dll]  [Microsoft Corporation, 6.00.2900.3231 (xpsp_sp2_gdr.071010-1320)]
    [C:\WINDOWS\system32\shdoclc.dll]  [Microsoft Corporation, 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)]
    [C:\WINDOWS\system32\jscript.dll]  [Microsoft Corporation, 5.6.0.8834]
[PID: 3120 / Administrator][D:\QQ2007\Tencent\qqpet\QQPig\QQPig.exe]  [深圳市腾讯计算机系统有限公司, 1, 5, 0, 6]
    [D:\QQ2007\Tencent\qqpet\QQPig\factory.dll]  [N/A, ]
    [C:\WINDOWS\system32\GDI32.dll]  [Microsoft Corporation, 5.1.2600.3159 (xpsp_sp2_gdr.070619-1300)]
    [C:\WINDOWS\system32\SHLWAPI.dll]  [Microsoft Corporation, 6.00.2900.3231 (xpsp_sp2_gdr.071010-1320)]
    [C:\WINDOWS\system32\uxtheme.dll]  [Microsoft Corporation, 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)]
    [C:\Program Files\360safe\safemon\safemon.dll]  [奇虎网, 4, 0, 3, 1003]
    [D:\QQ2007\Tencent\qqpet\QQPig\MainLogic.dll]  [N/A, ]
    [D:\QQ2007\Tencent\qqpet\QQPig\PEL.dll]  [, 1, 0, 0, 1]
    [D:\QQ2007\Tencent\qqpet\QQPig\MFC42.DLL]  [Microsoft Corporation, 6.00.8665.0]
    [D:\QQ2007\Tencent\qqpet\QQPig\RSM.dll]  [N/A, ]
    [D:\QQ2007\Tencent\qqpet\QQPig\SCM.dll]  [, 1, 0, 0, 1]
    [D:\QQ2007\Tencent\qqpet\QQPig\TerSafe.dll]  [tencent, 1, 0, 11, 6]
    [D:\QQ2007\Tencent\qqpet\QQPig\SceneManager.dll]  [N/A, ]
    [D:\QQ2007\Tencent\qqpet\QQPig\Community.dll]  [N/A, ]
    [C:\WINDOWS\system32\WININET.dll]  [Microsoft Corporation, 6.00.2900.3231 (xpsp_sp2_gdr.071010-1320)]
    [D:\QQ2007\Tencent\qqpet\QQPig\tenfact.dll]  [N/A, ]
    [D:\QQ2007\Tencent\qqpet\QQPig\tenpet1.dll]  [N/A, ]
    [D:\QQ2007\Tencent\qqpet\QQPig\BaseComponent.dll]  [N/A, ]
    [C:\WINDOWS\system32\imon.dll]  [Eset , 2, 70, 39 ]
    [C:\Program Files\Eset\pr_imon.dll]  [N/A, ]
    [C:\WINDOWS\system32\Macromed\Flash\Flash9e.ocx]  [Adobe Systems, Inc., 9,0,115,0]
    [C:\WINDOWS\system32\urlmon.dll]  [Microsoft Corporation, 6.00.2900.3231 (xpsp_sp2_gdr.071010-1320)]
    [C:\WINDOWS\system32\shdocvw.dll]  [Microsoft Corporation, 6.00.2900.3231 (xpsp_sp2_gdr.071010-1320)]
    [C:\WINDOWS\system32\SXS.DLL]  [Microsoft Corporation, 5.1.2600.3019 (xpsp_sp2_gdr.061019-0414)]
    [C:\WINDOWS\system32\shdoclc.dll]  [Microsoft Corporation, 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)]
    [C:\WINDOWS\system32\mshtml.dll]  [Microsoft Corporation, 6.00.2900.3243 (xpsp_sp2_gdr.071029-1246)]
    [C:\WINDOWS\system32\jscript.dll]  [Microsoft Corporation, 5.6.0.8834]
[PID: 2944 / Administrator][F:\视频\SREngPS.EXE]  [Smallfrogs Studio, 2.5.16.900]
    [C:\WINDOWS\system32\GDI32.dll]  [Microsoft Corporation, 5.1.2600.3159 (xpsp_sp2_gdr.070619-1300)]
    [C:\WINDOWS\system32\SHLWAPI.dll]  [Microsoft Corporation, 6.00.2900.3231 (xpsp_sp2_gdr.071010-1320)]
    [C:\WINDOWS\system32\WININET.dll]  [Microsoft Corporation, 6.00.2900.3231 (xpsp_sp2_gdr.071010-1320)]
    [C:\WINDOWS\system32\uxtheme.dll]  [Microsoft Corporation, 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)]
    [C:\Program Files\360safe\safemon\safemon.dll]  [奇虎网, 4, 0, 3, 1003]
    [C:\WINDOWS\system32\sfc_os.dll]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
    [F:\视频\Upload\3rdUpd.DLL]  [Smallfrogs Studio, 2, 1, 0, 15]
    [C:\WINDOWS\system32\urlmon.dll]  [Microsoft Corporation, 6.00.2900.3231 (xpsp_sp2_gdr.071010-1320)]
    [C:\WINDOWS\system32\imon.dll]  [Eset , 2, 70, 39 ]
    [C:\Program Files\Eset\pr_imon.dll]  [N/A, ]

==================================
文件关联
.TXT  OK. [%SystemRoot%\system32\NOTEPAD.EXE %1]
.EXE  OK. ["%1" %*]
.COM  OK. ["%1" %*]
.PIF  OK. ["%1" %*]
.REG  OK. [regedit.exe "%1"]
.BAT  OK. ["%1" %*]
.SCR  OK. ["%1" /S]
.CHM  OK. ["C:\WINDOWS\hh.exe" %1]
.HLP  OK. [%SystemRoot%\System32\winhlp32.exe %1]
.INI  OK. [%SystemRoot%\System32\NOTEPAD.EXE %1]
.INF  OK. [%SystemRoot%\System32\NOTEPAD.EXE %1]
.VBS  OK. [%SystemRoot%\System32\WScript.exe "%1" %*]
.JS   OK. [%SystemRoot%\System32\WScript.exe "%1" %*]
.LNK  OK. [{00021401-0000-0000-C000-000000000046}]

==================================
Winsock 提供者
NOD32 protected [MSAFD Tcpip [TCP/IP]]
    C:\WINDOWS\system32\imon.dll(Eset , NOD32 IMON - Internet scanning support)
NOD32 protected [MSAFD Tcpip [UDP/IP]]
    C:\WINDOWS\system32\imon.dll(Eset , NOD32 IMON - Internet scanning support)
NOD32 protected [MSAFD Tcpip [RAW/IP]]
    C:\WINDOWS\system32\imon.dll(Eset , NOD32 IMON - Internet scanning support)
NOD32 protected [RSVP UDP Service Provider]
    C:\WINDOWS\system32\imon.dll(Eset , NOD32 IMON - Internet scanning support)
NOD32 protected [RSVP TCP Service Provider]
    C:\WINDOWS\system32\imon.dll(Eset , NOD32 IMON - Internet scanning support)
NOD32
    C:\WINDOWS\system32\imon.dll(Eset , NOD32 IMON - Internet scanning support)

==================================
Autorun.inf
N/A

==================================
HOSTS 文件
127.0.0.1       localhost
127.0.0.1  yu.8s7.net
127.0.0.1  1.jopanqc.com
127.0.0.1  2.joppnqq.com
127.0.0.1  wg.47255.com
127.0.0.1  1.joppnqq.com
127.0.0.1  xxx.m111.biz
127.0.0.1  1.jopenqc.com
127.0.0.1  1.jopenkk.com
127.0.0.1  xxx.vh7.biz
127.0.0.1  xxx.j41m.com
127.0.0.1  3.joppnqq.com
127.0.0.1  d.93se.com
127.0.0.1  www.868wg.com
127.0.0.1  xxx.mmma.biz
127.0.0.1  ilove.com
127.0.0.1  tp.shpzhan.cn
127.0.0.1  www.tomwg.com
127.0.0.1  www.cike007.cn
127.0.0.1  www.22aaa.com
127.0.0.1  xx.exiao01.com
127.0.0.1  www.exiao01.com
127.0.0.1  www.exiao01.com
127.0.0.1  new.749571.com
127.0.0.1  xtx.kv8.info
127.0.0.1  cao.kv8.info
127.0.0.1  1.jopmmqq.com
127.0.0.1  171817.171817.com
127.0.0.1  d2.llsging.com
127.0.0.1  down.malasc.cn
127.0.0.1  llboss.com
127.0.0.1  nx.51ylb.cn
127.0.0.1  my.531jx.cn
127.0.0.1  qqq.dzydhx.com
127.0.0.1  qqq.hao1658.com
127.0.0.1  www.333292.com
127.0.0.1  down.18dd.net
127.0.0.1  up.22x44.com

==================================
进程特权扫描
特殊特权被允许: SeLoadDriverPrivilege [PID = 988, C:\WINDOWS\SYSTEM32\ATI2EVXX.EXE]
特殊特权被允许: SeLoadDriverPrivilege [PID = 1356, C:\WINDOWS\SYSTEM32\ATI2EVXX.EXE]
特殊特权被允许: SeLoadDriverPrivilege [PID = 1968, C:\PROGRAM FILES\ESET\NOD32KUI.EXE]
特殊特权被允许: SeDebugPrivilege [PID = 1984, C:\PROGRAM FILES\360SAFE\SAFEMON\360TRAY.EXE]
特殊特权被允许: SeLoadDriverPrivilege [PID = 1984, C:\PROGRAM FILES\360SAFE\SAFEMON\360TRAY.EXE]

==================================
API HOOK
N/A

==================================
隐藏进程
N/A

==================================****.

感谢大家

[ 本帖最后由 only小熠 于 2008-2-25 16:16 编辑 ]
附件: 您需要登录才可以下载或查看附件。没有帐号?加入剑盟

日志没看出问题

TOP

TOP

jpg.exe也运行了MS没问题.楼下继续...:

TOP

没什么.....我看不出什么来的说
我家有月亮.............

月下桂花

TOP

在WINGDOWS目录下生成SSL.exe后调用IE
卡巴主防  已检测到: 风险软件 Invader        正在运行的进程: C:\Sandbox\紫枫\DefaultBox\drive\C\WINDOWS\SSL.EXE
呵呵,baohe版来验证一下吧,没有虚拟机,只能在沙盘下玩玩了,再往下就无能为了了

TOP

日志没有看来什么,有什么症状
关闭IE用下面的工具全选,清理系统临时文件和IE临时文件夹      
http://www.atribune.org/public-beta/ATF-Cleaner.exe
http://www.duba.net/zt/ksc/down.shtml 用金山清理专家清理恶意软件
Windows清理助手升级查一下:
http://www.arswp.com/download/arswp2/arswp2.zip

我运行了一下,江民\卡巴不报,清理助手也没反映,但江民未知病毒检测报99%之高,所以删除
目录为C:\WINDOWS\SSL.EXE,我的该服务已关闭了,所以估计是打开服务后从后门连接的方法吧
楼下接着说,我得从启机器了,江民从启才能删除的

[ 本帖最后由 dyd12 于 2008-2-24 21:18 编辑 ]

TOP

从启没事,对了同时还建立了个SSL的服务,我的卡巴是迅雷的卡巴模块的

TOP

运行了附件,也没有发现有什么问题!
也没有看出有楼上说的SSL.exe文件!

TOP

原帖由 dyd12 于 2008-2-24 21:28 发表
从启没事,对了同时还建立了个SSL的服务,我的卡巴是迅雷的卡巴模块的

是的,建立了SSL服务。迅雷的卡巴模块只是扫描模块,其实卡巴的主防还是不错滴

TOP

返回列表

剑盟资讯 - 反病毒资讯门户|扑奔PPT - 扑奔PPT社区|力洋网络 - 企业网站建设

冀ICP备09001109号|粤湛网安备4408002113号

广东剑盟网络科技工作室 © 2004 - 2010 All Rights Reserved.

Powered by Discuz! 剑盟社区已通过广东省公安厅网络信息安全备案!