中招求助：trojan-downloader.js.pasyme.kf

显示全部楼层 · 发表于 2007-8-27 21:21:16

从早上开始进中财网KIS6.0就不停的报病毒trojan-downloader.js.psyme.kf，本来想进Google搜一下，但是局域网这段时间进不去Google，就用了百度，但是百度也报这个病毒，真是头大了，下午下班时好不容易找到了一个办法：用木马清道夫，查出了四个木马，好像都是网络打印机的，清除掉之后因为急着下班，也没怎么看就关机了，好像是上这两个网已经没问题了，但是打开浏览器IE7.0和GREENBROWSER时提示有个什么“IN....”的新变种，我把它禁止通知了，因为单位上论坛也上不来，所以记得不是太清楚，请大家帮帮忙，看我的解决办法是否可行，我在线，大家也帮我提示提示。另外，刚才在网上看了一下，今天卡巴报这个病毒的不少啊。

以下是今天早上上班复制的：
已检测: 木马程序 Trojan-Downloader.JS.Psyme.kf 脚本: [url=http://www.singtaonet.com/[6]http://www.singtaonet.com/[6[/url]]
已检测: 木马程序 Trojan-Downloader.JS.Psyme.kf 脚本: [url=http://gb.chinareviewnews.com/[6]http://gb.chinareviewnews.com/[6[/url]]
已检测: 木马程序 Trojan-Downloader.JS.Psyme.kf 脚本: [url=http://www.baidu.com/[6]http://www.baidu.com/[6[/url]]
已检测: 木马程序 Trojan-Downloader.JS.Psyme.kf 脚本: [url=http://www.fund123.cn/[6]http://www.fund123.cn/[6[/url]]
已检测: 木马程序 Trojan-Downloader.JS.Psyme.kf 脚本: [url=http://www.baidu.com/s?wd=trojan-downloader.js.psyme.kf&cl=3[6]http://www.baidu.com/s?wd=trojan-downloader.js.psyme.kf&cl=3[6[/url]]
已检测: 木马程序 Trojan-Downloader.JS.Psyme.kf 脚本: [url=http://www.dngz.net/virus/28135.shtm[6]http://www.dngz.net/virus/28135.shtm[6[/url]]
已检测: 木马程序 Trojan-Downloader.JS.Psyme.kf 脚本: [url=http://www.baidu.com/s?ie=gb2312&bs=%CC%A9%B4%EF%B4%B4%D0%C2&sr=&z=&cl=3&f=8&wd=%CC%A9%B4%EF%BA%C9%D2%F8%B4%B4%D0%C2&ct=0[6]http://www.baidu.com/s?ie=gb2312&bs=%CC%A9%B4%EF%B4%B4%D0%C2&sr=&z=&cl=3&f=8&wd=%CC%A9%B4%EF%BA%C9%D2%F8%B4%B4%D0%C2&ct=0[6[/url]]
已检测: 木马程序 Trojan-Downloader.JS.Psyme.kf 脚本: [url=http://www.gffunds.com.cn/Hslogon.hsweb[6]http://www.gffunds.com.cn/Hslogon.hsweb[6[/url]]
已检测: 木马程序 Trojan-Downloader.JS.Psyme.kf 脚本: [url=http://www.baidu.com/s?wd=trojan-downloader.js.payme&cl=3[6]http://www.baidu.com/s?wd=trojan-downloader.js.payme&cl=3[6[/url]]
已检测: 木马程序 Trojan-Downloader.JS.Psyme.kf 脚本: [url=http://www.spkiller.com/Publish71.asp[6]http://www.spkiller.com/Publish71.asp[6[/url]]
已检测: 木马程序 Trojan-Downloader.JS.Psyme.kf 脚本: [url=http://www.baidu.com/s?lm=0&si=&rn=10&ie=gb2312&ct=0&wd=trojan%2Ddownloader%2Ejs%2Epsyme&pn=10&cl=3[6]http://www.baidu.com/s?lm=0&si=&rn=10&ie=gb2312&ct=0&wd=trojan%2Ddownloader%2Ejs%2Epsyme&pn=10&cl=3[6[/url]]
已检测: 木马程序 Trojan-Downloader.JS.Psyme.kf 脚本: [url=http://bbs.366tian.net/thread-670721-1-1.html[6]http://bbs.366tian.net/thread-670721-1-1.html[6[/url]]
已检测: 木马程序 Trojan-Downloader.JS.Psyme.kf 脚本: [url=http://www.baobaoxiaoyuan.cn/html/weifenlei/20070722/2140.html[6]http://www.baobaoxiaoyuan.cn/html/weifenlei/20070722/2140.html[6[/url]]
已检测: 木马程序 Trojan-Downloader.JS.Psyme.kf 脚本: [url=http://www.skycn.com/[6]http://www.skycn.com/[6[/url]]
已检测: 木马程序 Trojan-Downloader.JS.Psyme.kf 脚本: [url=http://www.onlinedown.net/soft/37369.htm#download[6]http://www.onlinedown.net/soft/37369.htm#download[6[/url]]
已检测: 风险软件 Hidden install 运行进程: D:\mmjk2007\uninstall.exe
已检测: 木马程序 Trojan-Downloader.JS.Psyme.kf 脚本: [url=http://www1.gobee.cn/downinfo/74.html[6]http://www1.gobee.cn/downinfo/74.html[6[/url]]
已检测: 木马程序 Trojan-Downloader.JS.Psyme.kf 脚本: [url=http://www1.gobee.cn/ViewDownloadUrl.asp?ID=74[6]http://www1.gobee.cn/ViewDownloadUrl.asp?ID=74[6[/url]]
已检测: 木马程序 Trojan-Downloader.JS.Psyme.kf 脚本: [url=http://www1.gobee.cn/Download.asp?ID=78&web=xun[6]http://www1.gobee.cn/Download.asp?ID=78&web=xun[6[/url]]
已检测: 木马程序 Trojan-Downloader.JS.Psyme.kf 脚本: [url=http://www.xunlei.com/[6]http://www.xunlei.com/[6[/url]]
已检测: 风险软件 Invader 运行进程: E:\下载\迅雷下载\Windows木马清道夫V10\ftc\Scandrive.exe
已检测: 风险软件 Invader 运行进程: E:\下载\迅雷下载\Windows木马清道夫V10\ftc\fygshare.exe
已检测: 风险软件 Invader 运行进程: C:\WINDOWS\Explorer.EXE
已检测: 风险软件 Invader 运行进程: C:\WINDOWS\system32\winlogon.exe

[ 本帖最后由 wwwsohu 于 2007-8-28 08:06 编辑 ]

显示全部楼层 · 发表于 2007-8-27 21:29:47

我今天早上还用了网上银行，不知道会不会泄密。
各位老大帮忙啊。

显示全部楼层 · 发表于 2007-8-28 02:26:53

有消息称，这个是卡巴的误报，在更新病毒库后就没有事情了。
这个，还在寻找中
至于网银。
不论是否中毒，为了安全考虑还是更改一下密码比较好
毕竟一时的麻烦避免了可能的隐患。你说对么？

显示全部楼层 · 发表于 2007-8-28 08:04:26

原帖由 mj_alexblair 于 2007-8-28 02:26 发表
有消息称，这个是卡巴的误报，在更新病毒库后就没有事情了。
这个，还在寻找中
至于网银。
不论是否中毒，为了安全考虑还是更改一下密码比较好
毕竟一时的麻烦避免了可能的隐患。你说对么？

兄弟啊，我昨天更新了一整天，到下班前还是有。我最初也感觉是误报，因为电脑我一个人用，很注意的，但是的确太不正常了。
求助求助！

显示全部楼层 · 发表于 2007-8-28 10:21:23

扫个SRENG日志上来看看
http://www.kztechs.com/sreng/download.html

显示全部楼层 · 发表于 2007-8-28 11:16:28

原帖由 lengxue624 于 2007-8-28 10:21 发表
扫个SRENG日志上来看看
http://www.kztechs.com/sreng/download.html

正在下载，怎么用？

显示全部楼层 · 发表于 2007-8-28 11:25:48

因为超过发贴字数，我也放在附件里了。

[CODE]
2007-08-28,11:23:04
System Repair Engineer 2.5.16.900
Smallfrogs (http://www.KZTechs.com)
Windows XP Professional Service Pack 2 (Build 2600) - 管理权限用户 - 完整功能
以下内容被选中：
所有的启动项目（包括注册表、启动文件夹、服务等）
浏览器加载项
正在运行的进程（包括进程模块信息）
文件关联
Winsock 提供者
Autorun.inf
HOSTS 文件
进程特权扫描

启动项目
注册表
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
<ctfmon.exe><; C:\WINDOWS\System32\ctfmon.exe>  [(Verified)]
<H/PC Connection Agent><; "D:\Microsoft ActiveSync\wcescomm.exe">  [(Verified)Microsoft Corporation]
<MSMSGS><; "C:\Program Files\Messenger\msmsgs.exe" /background>  [Microsoft Corporation]
[HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows]
<load><>  [N/A]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
<AVP><"D:\Kaspersky Lab\Kaspersky Internet Security 6.0\avp.exe">  [Kaspersky Lab]
<ATIModeChange><; Ati2mdxx.exe>  [ATI Technologies, Inc.]
<Google IME Autoupdater><; d:\Google\Google Pinyin\GooglePinyinDaemon.exe>  [N/A]
<IMJPMIG8.1><; C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE /Spoil /RemAdvDef /Migration32>  [(Verified)]
<Microsoft Pinyin IME Migration><; C:\PROGRA~1\COMMON~1\MICROS~1\IME12\IMESC\IMSCMIG.EXE /INSTALL>  [(Verified)Microsoft Corporation]
<PHIME2002A><; C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE /IMEName>  [(Verified)]
<PHIME2002ASync><; C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE /SYNC>  [(Verified)]
<TkBellExe><; "C:\Program Files\Common Files\Real\Update_OB\realsched.exe"  -osboot>  [(Verified)"RealNetworks, Inc."]
<UserFaultCheck><; %systemroot%\system32\dumprep 0 -u>  [N/A]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
<shell><Explorer.exe>  [(Verified)]
<Userinit><C:\WINDOWS\system32\userinit.exe,>  [(Verified)]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Windows]
<AppInit_DLLs><>  [N/A]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
<UIHost><logonui.exe>  [(Verified)]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
<WPDShServiceObj><C:\WINDOWS\system32\WPDShServiceObj.dll>  [Microsoft Corporation]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\klogon]
<WinlogonNotify: klogon><C:\WINDOWS\system32\klogon.dll>  [Kaspersky Lab]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\<{12d0ed0d-0ee0-4f90-8827-78cefb8f4988}]
<IE7 Uninstall Stub><C:\WINDOWS\system32\ieudinit.exe>  [Microsoft Corporation]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\>{881dd1c5-3dcf-431b-b061-f3f88e8be88a}]
<Outlook Express><%systemroot%\system32\shmgrate.exe OCInstallUserConfigOE>  [N/A]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{2C7339CF-2B09-4501-B3F3-F3508C9228ED}]
<Themes Setup><%SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll>  [N/A]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{44BBA840-CC51-11CF-AAFA-00AA00B6015C}]
<Microsoft Outlook Express 6><"%ProgramFiles%\Outlook Express\setup50.exe" /APP:OE /CALLER:WINNT /user /install>  [N/A]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{44BBA842-CC51-11CF-AAFA-00AA00B6015B}]
<NetMeeting 3.01><rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msnetmtg.inf,NetMtg.Install.PerUser.NT>  []
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{5945c046-1e7d-11d1-bc44-00c04fd912be}]
<Windows Messenger 4.7><rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msmsgs.inf,BLC.QuietInstall.PerUser>  []
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{6BF52A52-394A-11d3-B153-00C04F79FAA6}]
<Microsoft Windows Media Player><rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\wmp11.inf,PerUserStub>  []
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{7790769C-0471-11d2-AF11-00C04FA35D02}]
<通讯簿 6><"%ProgramFiles%\Outlook Express\setup50.exe" /APP:WAB /CALLER:WINNT /user /install>  [N/A]
==================================
启动文件夹
N/A
==================================
服务
[Ati HotKey Poller / Ati HotKey Poller][Stopped/Auto Start]
  <C:\WINDOWS\System32\Ati2evxx.exe><>
[卡巴斯基互联网安全套装6.0个人版 / AVP][Running/Auto Start]
  <"D:\Kaspersky Lab\Kaspersky Internet Security 6.0\avp.exe" -r><Kaspersky Lab>
[BES Client / BESClient][Running/Auto Start]
  <C:\Program Files\BigFix Enterprise\BES Client\BESClient.exe><BigFix Inc.>
[Human Interface Device Access / HidServ][Stopped/Disabled]
  <C:\WINDOWS\System32\svchost.exe -k netsvcs-->%SystemRoot%\System32\hidserv.dll><N/A>
[Machine Debug Manager / MDM][Running/Auto Start]
  <"C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe"><Microsoft Corporation>
[Windows Media Player Network Sharing Service / WMPNetworkSvc][Stopped/Manual Start]
  <C:\Program Files\Windows Media Player\WMPNetwk.exe><Microsoft Corporation>
[Automatic Updates / wuauserv][Stopped/Auto Start]
  <C:\WINDOWS\system32\drivers\svchost.exe><N/A>
[Windows Driver Foundation - User-mode Driver Framework / WudfSvc][Stopped/Manual Start]
  <C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup-->%SystemRoot%\System32\WUDFSvc.dll><Microsoft Corporation>
[BrSplService / Brother XP spl Service][Stopped/Auto Start]
  <C:\WINDOWS\system32\brsvc01a.exe><N/A>
==================================
驱动程序
[ati2mtag / ati2mtag][Running/Manual Start]
  <System32\DRIVERS\ati2mtag.sys><ATI Technologies Inc.>
[bootdrv / bootdrv][Stopped/Boot Start]
  <\SystemRoot\System32\Drivers\bootdrv.sys><N/A>
[kl1 / kl1][Running/Boot Start]
  <\SystemRoot\system32\drivers\kl1.sys><Kaspersky Lab>
[klif / klif][Running/System Start]
  <\??\C:\WINDOWS\system32\drivers\klif.sys><Kaspersky Lab>
[npkcrypt / npkcrypt][Stopped/Auto Start]
  <\??\E:\安装\QQ\npkcrypt.sys><N/A>
[Service for NVIDIA(R) nForce(TM) Audio Enumerator / nvax][Running/Manual Start]
  <system32\drivers\nvax.sys><NVIDIA Corporation>
[NVIDIA nForce Networking Controller Driver / NVENET][Running/Manual Start]
  <System32\DRIVERS\NVENET.sys><NVIDIA Corporation>
[Service for NVIDIA(R) nForce(TM) Audio / nvnforce][Running/Manual Start]
  <system32\drivers\nvapu.sys><NVIDIA Corporation>
[OrangeWare USB 2.0 Root Hub Support / ousb2hub][Running/Manual Start]
  <System32\DRIVERS\ousb2hub.sys><OrangeWare Corporation>
[NEC PCI to USB Enhanced Host Controller / ousbehci][Running/Auto Start]
  <System32\Drivers\ousbehci.sys><OrangeWare Corporation>
[Direct Parallel Link Driver / Ptilink][Running/Manual Start]
  <System32\DRIVERS\ptilink.sys><Parallel Technologies, Inc.>
[Feitian ROCKEY4 Device Service / ROCKEYNT][Running/Manual Start]
  <system32\DRIVERS\Rockey4.sys><Feitian Technologies Co., Ltd.>
[Feitian ROCKEY4 USB Service / Rockey_USB][Stopped/Manual Start]
  <system32\DRIVERS\Rockey4USB.sys><Feitian Technologies Co., Ltd.>
[Secdrv / Secdrv][Stopped/Manual Start]
  <System32\DRIVERS\secdrv.sys><N/A>
[StarForce Protection Environment Driver (version 1.x) / sfdrv01][Running/Boot Start]
  <\SystemRoot\System32\drivers\sfdrv01.sys><Protection Technology>
[StarForce Protection Helper Driver (version 2.x) / sfhlp02][Running/Boot Start]
  <\SystemRoot\System32\drivers\sfhlp02.sys><Protection Technology>
[StarForce Protection Synchronization Driver (version 3.x) / sfsync03][Running/Boot Start]
  <\SystemRoot\System32\drivers\sfsync03.sys><Protection Technology>
[TSP / TSP][Stopped/Manual Start]
  <\??\C:\WINDOWS\system32\drivers\klif.sys><Kaspersky Lab>
[Windows Driver Foundation - User-mode Driver Framework Platform Driver / WudfPf][Stopped/Manual Start]
  <system32\DRIVERS\WudfPf.sys><Microsoft Corporation>
[Windows Driver Foundation - User-mode Driver Framework Reflector / WudfRd][Stopped/Manual Start]
  <system32\DRIVERS\wudfrd.sys><Microsoft Corporation>
==================================
浏览器加载项
[启动迅雷5]
  {09BA8F6D-CB54-424B-839C-C2A6C8E6B436} <d:\Thunder Network\Thunder\Thunder.exe, Thunder Networking Technologies,LTD>
[Web反病毒统计]
  {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} <D:\Kaspersky Lab\Kaspersky Internet Security 6.0\scieplugin.dll, Kaspersky Lab>
[Send to OneNote from Internet Explorer button]
  {2670000A-7350-4f3c-8081-5663EE0C6C49} <D:\MICROS~1\Office12\ONBttnIE.dll, Microsoft Corporation>
[Create Mobile Favorite]
  {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} <D:\MICROS~2\INetRepl.dll, Microsoft Corporation>
[Create Mobile Favorite]
  {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} <D:\MICROS~2\INetRepl.dll, Microsoft Corporation>
[信息检索(&R)]
  {92780B25-18CC-41C8-B9BE-3C9C571A8263} <D:\MICROS~1\Office12\REFIEBAR.DLL, Microsoft Corporation>
[QQ]
  {c95fe080-8f5d-11d2-a20b-00aa003c157b} <E:\安装\QQ\QQ.EXE, TENCENT>
[Messenger]
  {FB5F1910-F110-11d2-BB9E-00C04F795683} <C:\Program Files\Messenger\msmsgs.exe, Microsoft Corporation>
[ICQ  Toolbar]
  {855F3B16-6D32-4fe6-8A56-BBB695989046} <, N/A>
[Google Web Accelerator]
  {DB87BFA2-A2E3-451E-8E5A-C89982D87CBF} <C:\Program Files\Google\Web Accelerator\GoogleWebAccToolbar.dll, N/A>
[OA Java Class]
  {0A836195-D1B3-4e6a-A1A5-AE9F69380B29} <C:\WINDOWS\system32\MSJAVA.DLL, Microsoft Corporation>
[ICBC Security Ctrl]
  {5AB9367B-DD7F-411D-A030-DF7DE5E17AAE} <C:\WINDOWS\DOWNLO~1\NETBAN~1.OCX, Industrial and Commercial Bank of China>
[Lotus Domino Java Class]
  {5F578872-8167-49ee-B0FE-90FE2572C5B0} <C:\WINDOWS\system32\MSJAVA.DLL, Microsoft Corporation>
[Shockwave Flash Object]
  {D27CDB6E-AE6D-11CF-96B8-444553540000} <C:\WINDOWS\system32\Macromed\Flash\Flash9b.ocx, Adobe Systems, Inc.>
[ThunderAtOnce Class]
  {01443AEC-0FD1-40FD-9C87-E93D1494C233} <d:\Thunder Network\Thunder\ComDlls\TDAtOnce_Now.dll, N/A>
[Outlook Today's Data-binding control]
  {0468C085-CA5B-11D0-AF08-00609797F0E0} <D:\MICROS~1\Office12\OUTLCTL.DLL, >
[AcroIEHlprObj Class]
  {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} <D:\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll, N/A>
[Web Browser Applet Control]
  {08B0E5C0-4FCB-11CF-AAA5-00401C608501} <C:\WINDOWS\system32\msjava.dll, Microsoft Corporation>
[OA Java Class]
  {0A836195-D1B3-4E6A-A1A5-AE9F69380B29} <C:\WINDOWS\system32\MSJAVA.DLL, Microsoft Corporation>
[IeHelper Class]
  {0D42E1BD-09DD-4873-A826-9C7E793EB7B6} <d:\Thunder Network\Thunder\Components\ResWorker\DSIeHelper.dll, N/A>
[Windows Media Player]
  {22D6F312-B0F6-11D0-94AB-0080C74C7E95} <C:\WINDOWS\system32\wmpdxm.dll, Microsoft Corporation>
[Recorder Control]
  {2423AB16-9F42-457B-A337-FE3B11964DB0} <d:\bluesky\BLUESK~1\recorder.ocx, Bluesky Studio (http://www.bluesky.cn)>
[XML DOM Document]
  {2933BF90-7B36-11D2-B20E-00C04F983E60} <%SystemRoot%\system32\msxml3.dll, N/A>
[BlueskyVideo Control]
  {2EA6D939-4445-43F1-A12B-8CB3DDA8B855} <d:\bluesky\BLUESK~1\v2.ocx, 蓝天工作室(http://www.bluesky.cn)>
[Ppd Control]
  {2F2BA87D-385E-4922-B41C-06E190B06AA9} <d:\bluesky\BLUESK~1\ppd.ocx, Bluesky Studio(http://www.bluesky.cn)>
[Share Control]
  {3072B1F1-0C4D-4E76-A7C6-FBAF129DBCC9} <d:\bluesky\BLUESK~1\share.ocx, http://www.bluesky.cn>
[Thunder Agent Class]
  {485463B7-8FB2-4B3B-B29B-8B919B0EACCE} <d:\Thunder Network\Thunder\ComDlls\ThunderAgent_Now.dll, Thunder Networking Technologies,LTD>
[Traceppd Control]
  {5910C66C-F9BA-4306-8175-C098B7F0ED62} <d:\bluesky\BLUESK~1\traceppd.ocx, BlueskyStudio(http://www.bluesky.cn)>
[ICBC Security Ctrl]
  {5AB9367B-DD7F-411D-A030-DF7DE5E17AAE} <C:\WINDOWS\DOWNLO~1\NETBAN~1.OCX, Industrial and Commercial Bank of China>
[Lotus Domino Java Class]
  {5F578872-8167-49EE-B0FE-90FE2572C5B0} <C:\WINDOWS\system32\MSJAVA.DLL, Microsoft Corporation>
[GLAvatar Control]
  {61238DE1-3317-4322-89AC-AC844831380D} <d:\GLOBAL~1\Game\Share\GLAVAT~1.OCX, >
[PP Control]
  {616DACC1-C5E6-4646-B36A-3FA4FC726BAD} <d:\bluesky\BLUESK~1\ppc.ocx, Bluesky Studio (http://www.bluesky.cn)>
[&Google Web Accelerator Helper]
  {69A87B7D-DE56-4136-9655-716BA50C19C7} <C:\Program Files\Google\Web Accelerator\GoogleWebAccToolbar.dll, N/A>
[Windows Media Player]
  {6BF52A52-394A-11D3-B153-00C04F79FAA6} <C:\WINDOWS\system32\wmp.dll, Microsoft Corporation>
[AxInputControl Class]
  {73E4740C-08EB-4133-896B-8D0A7C9EE3CD} <C:\WINDOWS\system32\INPUTC~1.DLL, >
[Videohelp Control]
  {75B75D86-D88B-4BEA-BC59-BFD9D7300518} <d:\bluesky\BLUESK~1\VIDEOH~1.OCX, Bluesky Studio(http://www.bluesky.cn)>
[MediaComm Class]
  {7670648D-461B-42AF-BDFE-46D26AF5EFF2} <d:\Thunder Network\Thunder\Components\InMedia\MediaAddin13.dll, Thunder Networking Technologies,LTD>
[ICQ  Toolbar]
  {855F3B16-6D32-4FE6-8A56-BBB695989046} <, N/A>
[Microsoft Web Browser]
  {8856F961-340A-11D0-A96B-00C04FD705A2} <C:\WINDOWS\system32\ieframe.dll, Microsoft Corporation>
[Filetran Control]
  {88734439-46D0-42C0-A13F-7E881EE550CF} <d:\bluesky\BLUESK~1\filetran.ocx, Bluesky Studio(http://www.bluesky.cn)>
[Thunder Browser Helper]
  {889D2FEB-5411-4565-8998-1DD2C5261283} <d:\Thunder Network\Thunder\ComDlls\xunleiBHO_Now.dll, N/A>
[XML DOM Document 5.0]
  {88D969E5-F192-11D4-A65F-0040963251E5} <C:\Program Files\Common Files\Microsoft Shared\OFFICE11\msxml5.dll, Microsoft Corporation>
[AxSubmitControl Class]
  {8D9E0B29-563C-4226-86C1-5FF2AE77E1D2} <C:\WINDOWS\system32\SUBMIT~1.DLL, >
[Chat Control]
  {94EFE58C-E678-4808-AD65-24CE4B94C1FE} <d:\bluesky\BLUESK~1\chat.ocx, Bluesky Studio(http://www.bluesky.cn)>
[Blueskyvoice Control]
  {991481A7-4669-4e15-8C24-100404E1F5CB} <d:\bluesky\BLUESK~1\BLUESK~1.OCX, 蓝天工作室(http://www.bluesky.cn)>
[Display Control]
  {A1D97DB3-E564-4743-B2E7-6F5182CBF406} <d:\bluesky\BLUESK~1\display.ocx, Bluesky Studio (http://www.bluesky.cn)>
[Tracechat Control]
  {A40335C4-D3D1-4E7B-9130-039CDA5B603C} <d:\bluesky\BLUESK~1\TRACEC~1.OCX, bluesky studio>
[PPChat Control]
  {AFB97F16-B7E8-4EB1-8133-FBD5AA2EBB3B} <d:\bluesky\BLUESK~1\ppchat.ocx, Bluesky Studio(http://www.bluesky.cn)>
[Blueskyvoice Control]
  {BA0F088C-72C1-475a-92F8-42391DEF6961} <d:\bluesky\BLUESK~1\BLUESK~2.OCX, 蓝天工作室(http://www.bluesky.cn)>
[RDS.DataSpace]
  {BD96C556-65A3-11D0-983A-00C04FC29E36} <C:\Program Files\Common Files\System\msadc\msadco.dll, Microsoft Corporation>
[Client Control]
  {C7B0C764-5D4E-433E-A854-591F28520577} <d:\bluesky\BLUESK~1\client.ocx, >
[Play Control]
  {CC20DDA1-9A21-4DEC-B5BE-E61E0351FCA9} <d:\bluesky\BLUESK~1\play.ocx, Bluesky Studio (http://www.bluesky.cn)>
[QQPlayerSvr Proxy Control]
  {CD108273-D434-43E6-AA90-1469F97EB398} <E:\安装\QQ\QQPlayerProxy.dll, Tencent>
[VIDEO__X_MS_ASF Moniker Class]
  {CD3AFA8F-B84F-48F0-9393-7EDC34128127} <C:\WINDOWS\system32\wmp.dll, Microsoft Corporation>
[RealPlayer G2 Control]
  {CFCDAA03-8BE4-11CF-B84B-0020AFBBCCFA} <C:\WINDOWS\system32\rmoc3260.dll, RealNetworks, Inc.>
[Shockwave Flash Object]
  {D27CDB6E-AE6D-11CF-96B8-444553540000} <C:\WINDOWS\system32\Macromed\Flash\Flash9b.ocx, Adobe Systems, Inc.>
[Google Web Accelerator]
  {DB87BFA2-A2E3-451E-8E5A-C89982D87CBF} <C:\Program Files\Google\Web Accelerator\GoogleWebAccToolbar.dll, N/A>
[PasswordEditCtrl Class]
  {E787FD25-8D7C-4693-AE67-9406BC6E22DF} <E:\安沧装癨\QQ\qqedit\qqedit.dll, N/A>
[XML HTTP Request]
  {ED8C108E-4349-11D2-91A4-00C04F7969E8} <%SystemRoot%\system32\msxml3.dll, N/A>
[Vod Class]
  {EEDD6FF9-13DE-496B-9A1C-D78B3215E266} <d:\Thunder Network\Thunder\Components\DownAndPlay\DapPlayer_Now.dll, XunLei>
[XML DOM Document]
  {F6D90F11-9C73-11D3-B32E-00C04F990BB4} <%SystemRoot%\system32\msxml3.dll, N/A>
[XML HTTP]
  {F6D90F16-9C73-11D3-B32E-00C04F990BB4} <%SystemRoot%\system32\msxml3.dll, N/A>
[使用迅雷下载]
  <d:\Thunder Network\Thunder\Program\GetUrl.htm, N/A>
[使用迅雷下载全部链接]
  <d:\Thunder Network\Thunder\Program\GetAllUrl.htm, N/A>
[添加到反广告黑名单]
  <D:\Kaspersky Lab\Kaspersky Internet Security 6.0\ie_banner_deny.htm, N/A>

显示全部楼层 · 发表于 2007-8-28 11:28:14

==================================
正在运行的进程
[PID: 416 / SYSTEM][\SystemRoot\System32\smss.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 760 / SYSTEM][\??\C:\WINDOWS\system32\csrss.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 792 / SYSTEM][\??\C:\WINDOWS\system32\winlogon.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[C:\WINDOWS\system32\Ati2evxx.dll]  [, ]
[C:\WINDOWS\system32\klogon.dll]  [Kaspersky Lab, 6.0.2.621]
[C:\WINDOWS\system32\msacm32.drv]  [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)]
[PID: 836 / SYSTEM][C:\WINDOWS\system32\services.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 848 / SYSTEM][C:\WINDOWS\system32\lsass.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 1012 / SYSTEM][C:\WINDOWS\system32\svchost.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 1088 / NETWORK SERVICE][C:\WINDOWS\system32\svchost.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 1172 / SYSTEM][C:\WINDOWS\System32\svchost.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[C:\WINDOWS\system32\Normaliz.dll]  [Microsoft Corporation, 6.0.5441.0 (winmain(wmbla).060628-1735)]
[C:\WINDOWS\system32\iertutil.dll]  [Microsoft Corporation, 7.00.5730.11 (winmain(wmbla).061017-1135)]
[D:\Kaspersky Lab\Kaspersky Internet Security 6.0\adialhk.dll]  [Kaspersky Lab, 6.0.2.621]
[PID: 1220 / NETWORK SERVICE][C:\WINDOWS\System32\svchost.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 1348 / LOCAL SERVICE][C:\WINDOWS\System32\svchost.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[C:\WINDOWS\system32\Normaliz.dll]  [Microsoft Corporation, 6.0.5441.0 (winmain(wmbla).060628-1735)]
[C:\WINDOWS\system32\iertutil.dll]  [Microsoft Corporation, 7.00.5730.11 (winmain(wmbla).061017-1135)]
[PID: 1608 / SYSTEM][C:\WINDOWS\system32\spoolsv.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[C:\WINDOWS\system32\mdimon.dll]  [Microsoft Corporation, 12.3.4518.1014]
[C:\WINDOWS\system32\msonpmon.dll]  [Microsoft Corporation, 12.3.4518.1014]
[C:\WINDOWS\System32\spool\PRTPROCS\W32X86\BRPP2KA.DLL]  [Brother Industries ,Ltd , 1.08]
[C:\WINDOWS\System32\spool\PRTPROCS\W32X86\mdippr.dll]  [Microsoft Corporation, 12.3.4518.1014]
[C:\WINDOWS\System32\spool\PRTPROCS\W32X86\msonpppr.dll]  [Microsoft Corporation, 12.3.4518.1014]
[C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\LEULJ03A.DLL]  [Brother Industries Ltd., 1.66]
[C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\LELLJ03A.DLL]  [Brother Industries Ltd., 1.66]
[C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\LENLJ03A.DLL]  [Brother Industries Ltd., 1.66]
[PID: 240 / SYSTEM][C:\Program Files\BigFix Enterprise\BES Client\BESClient.exe]  [BigFix Inc., 6.0.8.5]
[C:\Program Files\BigFix Enterprise\BES Client\BESLib\Engine.dll]  [BigFix, 6.0.8.5]
[C:\Program Files\BigFix Enterprise\BES Client\BESLib\Inspectors\Client.dll]  [BigFix, 6.0.8.5]
[C:\Program Files\BigFix Enterprise\BES Client\BESLib\Inspectors\Core.dll]  [BigFix, 6.0.8.5]
[C:\Program Files\BigFix Enterprise\BES Client\BESLib\Inspectors\RegExp.dll]  [BigFix, 6.0.8.5]
[D:\Kaspersky Lab\Kaspersky Internet Security 6.0\adialhk.dll]  [Kaspersky Lab, 6.0.2.621]
[C:\WINDOWS\system32\Normaliz.dll]  [Microsoft Corporation, 6.0.5441.0 (winmain(wmbla).060628-1735)]
[C:\WINDOWS\system32\iertutil.dll]  [Microsoft Corporation, 7.00.5730.11 (winmain(wmbla).061017-1135)]
[C:\Program Files\BigFix Enterprise\BES Client\PSAPI.DLL]  [Microsoft Corporation, 4.00]
[PID: 284 / SYSTEM][C:\WINDOWS\system32\inetsrv\inetinfo.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 328 / SYSTEM][C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe]  [Microsoft Corporation, 7.10.3077]
[C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\2052\mdmui.dll]  [Microsoft Corporation, 7.10.3077]
[PID: 508 / SYSTEM][C:\WINDOWS\System32\snmp.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 1984 / LOCAL SERVICE][C:\WINDOWS\System32\alg.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 1356 / 预算室][C:\WINDOWS\Explorer.EXE]  [Microsoft Corporation, 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)]
[C:\WINDOWS\system32\Normaliz.dll]  [Microsoft Corporation, 6.0.5441.0 (winmain(wmbla).060628-1735)]
[C:\WINDOWS\system32\iertutil.dll]  [Microsoft Corporation, 7.00.5730.11 (winmain(wmbla).061017-1135)]
[D:\Kaspersky Lab\Kaspersky Internet Security 6.0\scrchpg.dll]  [Kaspersky Lab, 6.0.2.621]
[C:\WINDOWS\system32\ieframe.dll]  [Microsoft Corporation, 7.00.5730.11 (winmain(wmbla).061017-1135)]
[C:\WINDOWS\system32\WPDShServiceObj.dll]  [Microsoft Corporation, 5.2.5358.4827 (WMP_11.060509-2009)]
[C:\WINDOWS\system32\msacm32.drv]  [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)]
[C:\WINDOWS\system32\PortableDeviceTypes.dll]  [Microsoft Corporation, 5.2.5358.4827 (WMP_11.060509-2009)]
[C:\WINDOWS\system32\PortableDeviceApi.dll]  [Microsoft Corporation, 5.2.5358.4827 (WMP_11.060509-2009)]
[D:\Adobe\Acrobat 7.0\ActiveX\PDFShell.dll]  [Adobe Systems, Inc., 7.0.0.0]
[C:\Program Files\WinRAR\rarext.dll]  [N/A, ]
[D:\Kaspersky Lab\Kaspersky Internet Security 6.0\ShellEx.dll]  [Kaspersky Lab, 6.0.2.621]
[D:\Kaspersky Lab\Kaspersky Internet Security 6.0\adialhk.dll]  [Kaspersky Lab, 6.0.2.621]
[D:\Kaspersky Lab\Kaspersky Internet Security 6.0\klscav.dll]  [Kaspersky Lab, 6.0.2.621]
[D:\Kaspersky Lab\Kaspersky Internet Security 6.0\prremote.dll]  [Kaspersky Lab, 6.0.2.621]
[D:\Kaspersky Lab\Kaspersky Internet Security 6.0\prloader.dll]  [Kaspersky Lab, 6.0.2.621]
[D:\Kaspersky Lab\Kaspersky Internet Security 6.0\prkernel.ppl]  [Kaspersky Lab, 6.0.2.621]
[d:\kaspersky lab\kaspersky internet security 6.0\params.ppl]  [Kaspersky Lab, 6.0.2.621]
[d:\kaspersky lab\kaspersky internet security 6.0\pxstub.ppl]  [Kaspersky Lab, 6.0.2.621]
[d:\kaspersky lab\kaspersky internet security 6.0\tempfile.ppl]  [Kaspersky Lab, 6.0.2.621]
[D:\Microsoft Office\Office12\msohevi.dll]  [Microsoft Corporation, 12.0.4518.1014]
[PID: 2400 / 预算室][C:\WINDOWS\system32\ctfmon.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 1908 / 预算室][E:\安装\QQ\QQ.exe]  [TENCENT, 7,0,365,1701]
[E:\安装\QQ\CoralAssist.dll]  [Coral Team, 5.0.0 build 20060829]
[E:\安装\QQ\CoralQQ.dll]  [Coral Team, 5.0.2 Build 20070716]
[E:\安装\QQ\kql.dll]  [Coral Team, 5.0.2 build 20070703]
[E:\安装\QQ\mfc42.dll]  [Microsoft Corporation, 6.00.8665.0]
[C:\WINDOWS\system32\iertutil.dll]  [Microsoft Corporation, 7.00.5730.11 (winmain(wmbla).061017-1135)]
[E:\安装\QQ\ipsearcher.dll]  [, 1.0.0.5]
[C:\WINDOWS\system32\Normaliz.dll]  [Microsoft Corporation, 6.0.5441.0 (winmain(wmbla).060628-1735)]
[E:\安装\QQ\QQBaseClassInDll.dll]  [TENCENT, 7,0,365,1701]
[E:\安装\QQ\QQHelperDll.dll]  [TENCENT, 7,0,365,1701]
[E:\安装\QQ\BasicCtrlDll.dll]  [TENCENT, 7,0,365,1701]
[E:\安装\QQ\NoDisturbFilter.cqx]  [Coral Team, 1.0]
[E:\安装\QQ\ConfigHotkey.cqx]  [Coral Team, 1.0]
[E:\安装\QQ\RICHED32.DLL]  [Microsoft Corporation, 5.00.2134.1]
[E:\安装\QQ\RICHED20.dll]  [Microsoft Corporation, 5.31.23.1218]
[E:\安装\QQ\QQAPI.dll]  [TENCENT, 7,0,365,1701]
[E:\安装\QQ\TIMProxy.dll]  [tencent, 0, 3, 2, 4]
[E:\安装\QQ\AutoReconnect.cqx]  [Coral Team, 1.0.0]
[E:\安装\QQ\LoginCtrl.dll]  [TENCENT, 7,0,365,1701]
[E:\安装\QQ\LoginCtrlRes.dll]  [TENCENT, 7,0,365,1701]
[E:\安装\QQ\QQRes.dll]  [TENCENT, 7,0,365,1701]
[E:\安装\QQ\QQMainFrame.dll]  [N/A, ]
[E:\安装\QQ\gdiplus.dll]  [Microsoft Corporation, 5.1.3102.2180 (xpsp_sp2_rtm.040803-2158)]

显示全部楼层 · 发表于 2007-8-28 11:28:41

[E:\安装\QQ\CQQApplication.dll]  [N/A, ]
[E:\安装\QQ\FlashAvatarDll.dll]  [, 1, 4, 0, 1]
[E:\安装\QQ\NewSkin.dll]  [TENCENT, 7,0,365,1701]
[E:\安装\QQ\HostingMgr.dll]  [TENCENT, 7,0,365,1701]
[E:\安装\QQ\CameraDll.dll]  [TENCENT, 7,0,365,1701]
[E:\安装\QQ\MailSummary.dll]  [TENCENT, 7,0,365,1701]
[E:\安装\QQ\CoralHotkey.cqx]  [Coral Team, 1.0]
[E:\安装\QQ\QQKnowledgeSearch.dll]  [TENCENT, 7,0,365,1701]
[D:\Kaspersky Lab\Kaspersky Internet Security 6.0\adialhk.dll]  [Kaspersky Lab, 6.0.2.621]
[E:\安装\QQ\QQAllInOne.dll]  [TENCENT, 7,0,365,1701]
[E:\安装\QQ\SCCore.dll]  [TENCENT, 1, 6, 0, 2]
[E:\安装\QQ\QQSpace.dll]  [TENCENT, 7,0,365,1701]
[E:\安装\QQ\vbscript.dll]  [Microsoft Corporation, 5.6.0.7426]
[C:\WINDOWS\system32\msdmo.dll]  [, ]
[E:\安装\QQ\QQGroupMng.dll]  [TENCENT, 7,0,365,1701]
[E:\安装\QQ\UserDefinedHead.dll]  [TENCENT, 7,0,365,1701]
[E:\安装\QQ\QQPlugin.dll]  [N/A, ]
[E:\安装\QQ\QQSysMsgMng.dll]  [N/A, ]
[E:\安装\QQ\QQConfigPlugin.dll]  [TENCENT, 7,0,365,1701]
[E:\安装\QQ\QQAvatar.dll]  [N/A, ]
[E:\安装\QQ\QQCustomFace.dll]  [N/A, ]
[C:\WINDOWS\system32\ieframe.dll]  [Microsoft Corporation, 7.00.5730.11 (winmain(wmbla).061017-1135)]
[D:\Kaspersky Lab\Kaspersky Internet Security 6.0\scrchpg.dll]  [Kaspersky Lab, 6.0.2.621]
[E:\安装\QQ\QRingMng.dll]  [N/A, ]
[E:\安装\QQ\GroupConnection.dll]  [TENCENT, 7,0,365,1701]
[C:\WINDOWS\system32\msacm32.drv]  [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)]
[E:\安装\QQ\LongConnection.dll]  [TENCENT, 7,0,365,1701]
[E:\安装\QQ\QQPet.dll]  [TENCENT, 7,0,365,1701]
[E:\安装\QQ\PhoneAPI.dll]  [TENCENT, 7,0,365,1701]
[E:\安装\QQ\DialerAllinOne.dll]  [tencent, 1, 4, 0, 0]
[E:\安装\QQ\BQQApplication.dll]  [N/A, ]
[E:\安装\QQ\PersonalDesktop.dll]  [深圳市腾讯计算机系统公司QQ工作小组, 1, 0, 0, 2]
[E:\安装\QQ\CommercesMng.dll]  [TENCENT, 7,0,365,1701]
[E:\安装\QQ\QQAddr.dll]  [深圳市腾讯计算机系统有限公司, 5, 0, 101, 320]
[E:\安装\QQ\QQSceneMng.dll]  [N/A, ]
[E:\安装\QQ\AddrSearch.dll]  [腾讯科技（深圳）有限公司, 2, 1, 9, 95]
[E:\安装\QQ\OEMApplication.dll]  [TENCENT, 7,0,365,1701]
[C:\WINDOWS\system32\IMSC12.IME]  [Microsoft Corporation, 12.0.4518.1014]
[C:\PROGRA~1\COMMON~1\MICROS~1\IME12\IMESC\IMSCCORE.DLL]  [Microsoft Corporation, 12.0.4518.1014]
[C:\PROGRA~1\COMMON~1\MICROS~1\IME12\IMESC\IMSCCFG.DLL]  [Microsoft Corporation, 12.0.4518.1014]
[C:\Program Files\Common Files\Microsoft Shared\ime12\Imesc\IMSCUI.DLL]  [Microsoft Corporation, 12.0.4518.1014]
[C:\WINDOWS\system32\GOOGLEPINYIN.IME]  [Google Inc., ]
[PID: 2052 / 预算室][E:\安装\QQ\TIMPlatform.exe]  [TENCENT, 7,0,365,1701]
[E:\安装\QQ\TIMProxy.dll]  [tencent, 0, 3, 2, 4]
[PID: 440 / 预算室][E:\安装\QQ\QQ.exe]  [TENCENT, 7,0,365,1701]
[E:\安装\QQ\CoralAssist.dll]  [Coral Team, 5.0.0 build 20060829]
[E:\安装\QQ\CoralQQ.dll]  [Coral Team, 5.0.2 Build 20070716]
[E:\安装\QQ\kql.dll]  [Coral Team, 5.0.2 build 20070703]
[E:\安装\QQ\mfc42.dll]  [Microsoft Corporation, 6.00.8665.0]
[C:\WINDOWS\system32\iertutil.dll]  [Microsoft Corporation, 7.00.5730.11 (winmain(wmbla).061017-1135)]
[E:\安装\QQ\ipsearcher.dll]  [, 1.0.0.5]
[C:\WINDOWS\system32\Normaliz.dll]  [Microsoft Corporation, 6.0.5441.0 (winmain(wmbla).060628-1735)]
[E:\安装\QQ\QQBaseClassInDll.dll]  [TENCENT, 7,0,365,1701]
[E:\安装\QQ\QQHelperDll.dll]  [TENCENT, 7,0,365,1701]
[E:\安装\QQ\BasicCtrlDll.dll]  [TENCENT, 7,0,365,1701]
[E:\安装\QQ\NoDisturbFilter.cqx]  [Coral Team, 1.0]
[E:\安装\QQ\ConfigHotkey.cqx]  [Coral Team, 1.0]
[E:\安装\QQ\RICHED32.DLL]  [Microsoft Corporation, 5.00.2134.1]
[E:\安装\QQ\RICHED20.dll]  [Microsoft Corporation, 5.31.23.1218]
[E:\安装\QQ\QQAPI.dll]  [TENCENT, 7,0,365,1701]
[E:\安装\QQ\TIMProxy.dll]  [tencent, 0, 3, 2, 4]
[E:\安装\QQ\AutoReconnect.cqx]  [Coral Team, 1.0.0]
[E:\安装\QQ\LoginCtrl.dll]  [TENCENT, 7,0,365,1701]
[E:\安装\QQ\LoginCtrlRes.dll]  [TENCENT, 7,0,365,1701]
[E:\安装\QQ\QQRes.dll]  [TENCENT, 7,0,365,1701]
[E:\安装\QQ\QQMainFrame.dll]  [N/A, ]
[E:\安装\QQ\gdiplus.dll]  [Microsoft Corporation, 5.1.3102.2180 (xpsp_sp2_rtm.040803-2158)]
[E:\安装\QQ\CQQApplication.dll]  [N/A, ]
[E:\安装\QQ\FlashAvatarDll.dll]  [, 1, 4, 0, 1]
[E:\安装\QQ\NewSkin.dll]  [TENCENT, 7,0,365,1701]
[E:\安装\QQ\HostingMgr.dll]  [TENCENT, 7,0,365,1701]
[E:\安装\QQ\CameraDll.dll]  [TENCENT, 7,0,365,1701]
[E:\安装\QQ\MailSummary.dll]  [TENCENT, 7,0,365,1701]
[E:\安装\QQ\CoralHotkey.cqx]  [Coral Team, 1.0]
[E:\安装\QQ\QQKnowledgeSearch.dll]  [TENCENT, 7,0,365,1701]
[E:\安装\QQ\QQAllInOne.dll]  [TENCENT, 7,0,365,1701]
[E:\安装\QQ\SCCore.dll]  [TENCENT, 1, 6, 0, 2]
[E:\安装\QQ\QQSpace.dll]  [TENCENT, 7,0,365,1701]
[E:\安装\QQ\vbscript.dll]  [Microsoft Corporation, 5.6.0.7426]
[C:\WINDOWS\system32\msdmo.dll]  [, ]
[D:\Kaspersky Lab\Kaspersky Internet Security 6.0\adialhk.dll]  [Kaspersky Lab, 6.0.2.621]
[E:\安装\QQ\QQGroupMng.dll]  [TENCENT, 7,0,365,1701]
[E:\安装\QQ\UserDefinedHead.dll]  [TENCENT, 7,0,365,1701]
[E:\安装\QQ\QQPlugin.dll]  [N/A, ]
[E:\安装\QQ\QQConfigPlugin.dll]  [TENCENT, 7,0,365,1701]
[E:\安装\QQ\QQAvatar.dll]  [N/A, ]
[E:\安装\QQ\QQCustomFace.dll]  [N/A, ]
[C:\WINDOWS\system32\ieframe.dll]  [Microsoft Corporation, 7.00.5730.11 (winmain(wmbla).061017-1135)]
[D:\Kaspersky Lab\Kaspersky Internet Security 6.0\scrchpg.dll]  [Kaspersky Lab, 6.0.2.621]
[E:\安装\QQ\QRingMng.dll]  [N/A, ]
[E:\安装\QQ\LongConnection.dll]  [TENCENT, 7,0,365,1701]
[E:\安装\QQ\PhoneAPI.dll]  [TENCENT, 7,0,365,1701]
[E:\安装\QQ\DialerAllinOne.dll]  [tencent, 1, 4, 0, 0]
[C:\WINDOWS\system32\msacm32.drv]  [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)]
[E:\安装\QQ\QQPet.dll]  [TENCENT, 7,0,365,1701]
[E:\安装\QQ\QQSysMsgMng.dll]  [N/A, ]
[E:\安装\QQ\BQQApplication.dll]  [N/A, ]
[E:\安装\QQ\PersonalDesktop.dll]  [深圳市腾讯计算机系统公司QQ工作小组, 1, 0, 0, 2]
[E:\安装\QQ\CommercesMng.dll]  [TENCENT, 7,0,365,1701]
[E:\安装\QQ\QQAddr.dll]  [深圳市腾讯计算机系统有限公司, 5, 0, 101, 320]
[E:\安装\QQ\QQSceneMng.dll]  [N/A, ]
[E:\安装\QQ\QQLiveQMng.dll]  [TENCENT, 7,0,365,1701]
[E:\安装\QQ\ImageOle.dll]  [TENCENT, 7,0,365,1701]
[C:\WINDOWS\system32\IMSC12.IME]  [Microsoft Corporation, 12.0.4518.1014]
[C:\PROGRA~1\COMMON~1\MICROS~1\IME12\IMESC\IMSCCORE.DLL]  [Microsoft Corporation, 12.0.4518.1014]
[C:\PROGRA~1\COMMON~1\MICROS~1\IME12\IMESC\IMSCCFG.DLL]  [Microsoft Corporation, 12.0.4518.1014]
[C:\Program Files\Common Files\Microsoft Shared\ime12\Imesc\IMSCUI.DLL]  [Microsoft Corporation, 12.0.4518.1014]
[C:\WINDOWS\system32\GOOGLEPINYIN.IME]  [Google Inc., ]
[E:\安装\QQ\GroupConnection.dll]  [TENCENT, 7,0,365,1701]
[E:\安装\QQ\QQMagicFace.dll]  [TENCENT, 7,0,365,1701]
[E:\安装\QQ\QQFileTransfer.dll]  [TENCENT, 7,0,365,1701]
[E:\安装\QQ\OEMApplication.dll]  [TENCENT, 7,0,365,1701]
[D:\Kaspersky Lab\Kaspersky Internet Security 6.0\klscav.dll]  [Kaspersky Lab, 6.0.2.621]
[D:\Kaspersky Lab\Kaspersky Internet Security 6.0\prremote.dll]  [Kaspersky Lab, 6.0.2.621]
[D:\Kaspersky Lab\Kaspersky Internet Security 6.0\prloader.dll]  [Kaspersky Lab, 6.0.2.621]
[D:\Kaspersky Lab\Kaspersky Internet Security 6.0\prkernel.ppl]  [Kaspersky Lab, 6.0.2.621]
[d:\kaspersky lab\kaspersky internet security 6.0\params.ppl]  [Kaspersky Lab, 6.0.2.621]
[d:\kaspersky lab\kaspersky internet security 6.0\pxstub.ppl]  [Kaspersky Lab, 6.0.2.621]
[d:\kaspersky lab\kaspersky internet security 6.0\tempfile.ppl]  [Kaspersky Lab, 6.0.2.621]
[E:\安装\QQ\QQZip.dll]  [TENCENT, 7,0,365,1701]
[PID: 2364 / 预算室][C:\WINDOWS\system32\conime.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 2900 / 预算室][D:\qijian\qj\QJ.exe]  [上海乾隆高科技有限公司, 5, 68, 0, 0]
[C:\WINDOWS\system32\Normaliz.dll]  [Microsoft Corporation, 6.0.5441.0 (winmain(wmbla).060628-1735)]
[C:\WINDOWS\system32\iertutil.dll]  [Microsoft Corporation, 7.00.5730.11 (winmain(wmbla).061017-1135)]
[D:\Kaspersky Lab\Kaspersky Internet Security 6.0\adialhk.dll]  [Kaspersky Lab, 6.0.2.621]
[C:\WINDOWS\system32\ieframe.dll]  [Microsoft Corporation, 7.00.5730.11 (winmain(wmbla).061017-1135)]
[D:\Kaspersky Lab\Kaspersky Internet Security 6.0\scrchpg.dll]  [Kaspersky Lab, 6.0.2.621]
[PID: 1756 / 预算室][E:\安装\JCB_ZYZQ_ZB\TDXW.EXE]  [, ]
[E:\安装\JCB_ZYZQ_ZB\TCalc.dll]  [, 1, 0, 0, 1]
[E:\安装\JCB_ZYZQ_ZB\MFC42.DLL]  [Microsoft Corporation, 6.00.8665.0]
[E:\安装\JCB_ZYZQ_ZB\MSVCP60.dll]  [Microsoft Corporation, 6.00.8972.0]
[E:\安装\JCB_ZYZQ_ZB\Viewthem.dll]  [, 1, 0, 0, 1]
[E:\安装\JCB_ZYZQ_ZB\invest.dll]  [, 1.15]
[E:\安装\JCB_ZYZQ_ZB\Dbf.dll]  [N/A, ]
[E:\安装\JCB_ZYZQ_ZB\Secure.dll]  [通达信, 1.00.00]
[E:\安装\JCB_ZYZQ_ZB\TTools.dll]  [, 1.00]
[E:\安装\JCB_ZYZQ_ZB\TList.dll]  [, 1, 0, 0, 1]
[E:\安装\JCB_ZYZQ_ZB\calcer.dll]  [, 1, 0, 0, 1]
[E:\安装\JCB_ZYZQ_ZB\Advhq.dll]  [, 1, 0, 0, 1]
[D:\Kaspersky Lab\Kaspersky Internet Security 6.0\scrchpg.dll]  [Kaspersky Lab, 6.0.2.621]
[PID: 4056 / 预算室][E:\安装\GreenBrowserGB\GreenBrowser.exe]  [MoreQuick, 4, 2, 712, 0]
[C:\WINDOWS\system32\iertutil.dll]  [Microsoft Corporation, 7.00.5730.11 (winmain(wmbla).061017-1135)]
[C:\WINDOWS\system32\Normaliz.dll]  [Microsoft Corporation, 6.0.5441.0 (winmain(wmbla).060628-1735)]
[C:\WINDOWS\system32\ieframe.dll]  [Microsoft Corporation, 7.00.5730.11 (winmain(wmbla).061017-1135)]
[D:\Kaspersky Lab\Kaspersky Internet Security 6.0\scrchpg.dll]  [Kaspersky Lab, 6.0.2.621]
[D:\Kaspersky Lab\Kaspersky Internet Security 6.0\adialhk.dll]  [Kaspersky Lab, 6.0.2.621]
[D:\Kaspersky Lab\Kaspersky Internet Security 6.0\klscav.dll]  [Kaspersky Lab, 6.0.2.621]
[D:\Kaspersky Lab\Kaspersky Internet Security 6.0\prremote.dll]  [Kaspersky Lab, 6.0.2.621]
[D:\Kaspersky Lab\Kaspersky Internet Security 6.0\prloader.dll]  [Kaspersky Lab, 6.0.2.621]
[D:\Kaspersky Lab\Kaspersky Internet Security 6.0\prkernel.ppl]  [Kaspersky Lab, 6.0.2.621]
[d:\kaspersky lab\kaspersky internet security 6.0\params.ppl]  [Kaspersky Lab, 6.0.2.621]
[d:\kaspersky lab\kaspersky internet security 6.0\pxstub.ppl]  [Kaspersky Lab, 6.0.2.621]
[d:\kaspersky lab\kaspersky internet security 6.0\tempfile.ppl]  [Kaspersky Lab, 6.0.2.621]
[C:\WINDOWS\system32\Macromed\Flash\Flash9b.ocx]  [Adobe Systems, Inc., 9,0,28,0]
[C:\WINDOWS\system32\msacm32.drv]  [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)]
[C:\WINDOWS\system32\GOOGLEPINYIN.IME]  [Google Inc., ]
[PID: 3072 / 预算室][C:\Documents and Settings\预算室\桌面\sreng2\SREngPS.EXE]  [Smallfrogs Studio, 2.5.16.900]
[C:\WINDOWS\system32\Normaliz.dll]  [Microsoft Corporation, 6.0.5441.0 (winmain(wmbla).060628-1735)]
[C:\WINDOWS\system32\iertutil.dll]  [Microsoft Corporation, 7.00.5730.11 (winmain(wmbla).061017-1135)]
[C:\Documents and Settings\预算室\桌面\sreng2\Upload\3rdUpd.DLL]  [Smallfrogs Studio, 2, 1, 0, 15]
[D:\Kaspersky Lab\Kaspersky Internet Security 6.0\adialhk.dll]  [Kaspersky Lab, 6.0.2.621]
==================================
文件关联
.TXT  OK. [%SystemRoot%\system32\NOTEPAD.EXE %1]
.EXE  OK. ["%1" %*]
.COM  OK. ["%1" %*]
.PIF  OK. ["%1" %*]
.REG  OK. [regedit.exe "%1"]
.BAT  OK. ["%1" %*]
.SCR  OK. ["%1" /S]
.CHM  Error. ["hh.exe" %1]
.HLP  OK. [%SystemRoot%\System32\winhlp32.exe %1]
.INI  Error. [C:\WINDOWS\System32\NOTEPAD.EXE %1]
.INF  OK. [%SystemRoot%\System32\NOTEPAD.EXE %1]
.VBS  OK. [%SystemRoot%\System32\WScript.exe "%1" %*]
.JS OK. [%SystemRoot%\System32\WScript.exe "%1" %*]
.LNK  OK. [{00021401-0000-0000-C000-000000000046}]
==================================
Winsock 提供者
N/A
==================================
Autorun.inf
N/A
==================================
HOSTS 文件
127.0.0.1    localhost
==================================
进程特权扫描
特殊特权被允许： SeLoadDriverPrivilege [PID = 792, C:\WINDOWS\SYSTEM32\WINLOGON.EXE]
特殊特权被允许： SeLoadDriverPrivilege [PID = 848, C:\WINDOWS\SYSTEM32\LSASS.EXE]
特殊特权被允许： SeLoadDriverPrivilege [PID = 1172, C:\WINDOWS\SYSTEM32\SVCHOST.EXE]
特殊特权被允许： SeSystemtimePrivilege [PID = 1172, C:\WINDOWS\SYSTEM32\SVCHOST.EXE]
特殊特权被允许： SeLoadDriverPrivilege [PID = 1608, C:\WINDOWS\SYSTEM32\SPOOLSV.EXE]
特殊特权被允许： SeLoadDriverPrivilege [PID = 240, C:\PROGRAM FILES\BIGFIX ENTERPRISE\BES CLIENT\BESCLIENT.EXE]
特殊特权被允许： SeLoadDriverPrivilege [PID = 1356, C:\WINDOWS\EXPLORER.EXE]
特殊特权被允许： SeLoadDriverPrivilege [PID = 2400, C:\WINDOWS\SYSTEM32\CTFMON.EXE]
特殊特权被允许： SeLoadDriverPrivilege [PID = 2364, C:\WINDOWS\SYSTEM32\CONIME.EXE]
特殊特权被允许： SeLoadDriverPrivilege [PID = 2900, D:\QIJIAN\QJ\QJ.EXE]
特殊特权被允许： SeLoadDriverPrivilege [PID = 1756, E:\安装\JCB_ZYZQ_ZB\TDXW.EXE]
特殊特权被允许： SeLoadDriverPrivilege [PID = 4056, E:\安装\GREENBROWSERGB\GREENBROWSER.EXE]
==================================
API HOOK
RVA  错误： LoadLibraryA (危险等级: 高,  被下面模块所HOOK: \??\C:\WINDOWS\system32\drivers\klif.sys)
RVA  错误： LoadLibraryExA (危险等级: 高,  被下面模块所HOOK: \??\C:\WINDOWS\system32\drivers\klif.sys)
RVA  错误： LoadLibraryExW (危险等级: 高,  被下面模块所HOOK: \??\C:\WINDOWS\system32\drivers\klif.sys)
RVA  错误： LoadLibraryW (危险等级: 高,  被下面模块所HOOK: \??\C:\WINDOWS\system32\drivers\klif.sys)
RVA  错误： GetProcAddress (危险等级: 高,  被下面模块所HOOK: \??\C:\WINDOWS\system32\drivers\klif.sys)
==================================
隐藏进程
N/A
==================================

[/CODE]

显示全部楼层 · 发表于 2007-8-28 11:57:31

日志没问题，ARP攻击，建议安装ARP防火墙
用木马剑客，查杀一下。

[ 本帖最后由 ALEXBLAIR 于 2007-8-28 12:23 编辑 ]

中招求助：trojan-downloader.js.pasyme.kf

回复 #1 wwwsohu 的帖子