收藏本站 |切换到宽版 | 更换论坛皮肤
 找回密码  忘记邮箱  QQ快速登录  快速登录  快速注册

卡饭»论坛 安全区 原创工具区 打开网页 出现打开go368.gif的提示 系统变非常非常慢
返回列表 发新帖
查看: 2819|回复: 5
收起左侧

打开网页 出现打开go368.gif的提示 系统变非常非常慢

[复制链接]
aimotion
发表于 2007-9-24 15:07:08 | 显示全部楼层 |阅读模式
打开网页 出现正在打开http://count.16.vg/S368/Go368.gif 的提示 然后系统马上变得非常慢 似乎go368.gif是个什么脚本
回复

举报

whzl123
发表于 2007-9-24 17:54:06 | 显示全部楼层
不能解决的话建议 下载SREng  扫描一个log贴上来,,扫描时请尽量关闭其他手动打开的程序

解压sreng2.zip-->运行SREngPS.exe-->智能扫描-->扫描-->保存报告

把报告(SREngLOG.log)完整贴上来  注意不要作任何改动!!       [全选(Ctrl+a)-->复制(Ctrl+c)-->粘贴(Ctrl+v)]

如果发现不能运行SREngPS.exe,请删除已下载的,重新下载解压后先将SREngPS.exe重命名为abc.com后再运行.
回复

举报

aimotion
 楼主| 发表于 2007-9-25 15:36:45 | 显示全部楼层
好像是arp欺骗的问题 不知道有没有比较好点的解决办法


扫描日记

2007-09-25,15:33:08
System Repair Engineer 2.5.16.900
Smallfrogs (http://www.KZTechs.com)
Windows XP Professional Service Pack 2 (Build 2600) - 管理权限用户 - 完整功能
以下内容被选中:
    所有的启动项目(包括注册表、启动文件夹、服务等)
    浏览器加载项
    正在运行的进程(包括进程模块信息)
    文件关联
    Winsock 提供者
    Autorun.inf
    HOSTS 文件
    进程特权扫描

启动项目
注册表
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
    <ctfmon.exe><; C:\WINDOWS\system32\ctfmon.exe>  [(Verified)Microsoft Windows Publisher]
    <bgswitch><; C:\WINDOWS\system32\bgswitch.exe>  []
    <eMuleAutoStart><; F:\Program Files\eMule\emule.exe -AutoStart>  [N/A]
[HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows]
    <load>< >  [N/A]
    <run>< >  [N/A]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
    <internat.exe><internat.exe>  [N/A]
    <ctfmon.exe><ctfmon.exe>  [(Verified)Microsoft Windows Publisher]
    <LoadPowerProfile><Rundll32.exe powrprof.dll,LoadCurrentPwrScheme>  [(Verified)Microsoft Windows Publisher]
    <SystemTray><SysTray.Exe>  [(Verified)Microsoft Windows Publisher]
    <ScanRegistry><scanregw.exe/autorun>  [N/A]
    <AVP><"C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe">  [(Verified)Kaspersky Lab]
    <domino><; C:\WINDOWS\domino.exe>  []
    <kav><; "C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\avp.exe">  [N/A]
    <KernelFaultCheck><; %systemroot%\system32\dumprep 0 -k>  [N/A]
    <miniqqlive><; "C:\Program Files\Tencent\QQLive\MiniQQLive.exe">  [N/A]
    <SoundMan><; SOUNDMAN.EXE>  [Realtek Semiconductor Corp.]
    <StormCodec_Helper><; "C:\Program Files\Ringz Studio\Storm Codec\StormSet.exe" /S /opti>  [N/A]
    <VMSnap1><; C:\WINDOWS\VMSnap1.exe>  [Vimicro]
    <WangWang><; "C:\Program Files\Alisoft\WangWang\WangWang.EXE">  [N/A]
    <wcmdmgr><; C:\WINDOWS\wt\updater\wcmdmgrl.exe -launch>  [WildTangent, Inc.]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\RunServices]
    <LoadPowerProfile><Rundll32.exe powrprof.dll,LoadCurrentPwrScheme>  [(Verified)Microsoft Windows Publisher]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
    <shell><Explorer.exe>  [(Verified)Microsoft Windows Component Publisher]
    <Userinit><C:\WINDOWS\system32\userinit.exe,>  [(Verified)Microsoft Windows Publisher]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Windows]
    <AppInit_DLLs><>  [N/A]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
    <UIHost><logonui.exe>  [(Verified)Microsoft Windows Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\klogon]
    <WinlogonNotify: klogon><C:\WINDOWS\system32\klogon.dll>  [(Verified)Kaspersky Lab]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WgaLogon]
    <WinlogonNotify: WgaLogon><WgaLogon.dll>  [(Verified)Microsoft Corporation]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\>{26923b43-4d38-484f-9b9e-de460746276c}]
    <Internet Explorer><%systemroot%\system32\shmgrate.exe OCInstallUserConfigIE>  [N/A]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\>{881dd1c5-3dcf-431b-b061-f3f88e8be88a}]
    <Outlook Express><%systemroot%\system32\shmgrate.exe OCInstallUserConfigOE>  [N/A]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{2C7339CF-2B09-4501-B3F3-F3508C9228ED}]
    <Themes Setup><%SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll>  [N/A]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{44BBA840-CC51-11CF-AAFA-00AA00B6015C}]
    <Microsoft Outlook Express 6><"%ProgramFiles%\Outlook Express\setup50.exe" /APP:OE /CALLER:WINNT /user /install>  [N/A]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{44BBA842-CC51-11CF-AAFA-00AA00B6015B}]
    <NetMeeting 3.01><rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msnetmtg.inf,NetMtg.Install.PerUser.NT>  [(Verified)Microsoft Windows Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{6BF52A52-394A-11d3-B153-00C04F79FAA6}]
    <Microsoft Windows Media Player><rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\wmp11.inf,PerUserStub>  [(Verified)Microsoft Windows Component Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{7790769C-0471-11d2-AF11-00C04FA35D02}]
    <通讯簿 6><"%ProgramFiles%\Outlook Express\setup50.exe" /APP:WAB /CALLER:WINNT /user /install>  [N/A]
==================================
启动文件夹
[antiarp]
  <C:\Documents and Settings\Administrator\「开始」菜单\程序\启动\antiarp.bat -->  [N/A]><N>
==================================
服务
[Adobe LM Service / Adobe LM Service][Stopped/Manual Start]
  <"C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe"><Adobe Systems>
[Kaspersky Anti-Virus 7.0 / AVP][Running/Auto Start]
  <"C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe" -r><Kaspersky Lab>
[Human Interface Device Access / HidServ][Stopped/Disabled]
  <C:\WINDOWS\System32\svchost.exe -k netsvcs-->%SystemRoot%\System32\hidserv.dll><N/A>
[Macromedia Licensing Service / Macromedia Licensing Service][Stopped/Manual Start]
  <"C:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe"><>
[Remote Packet Capture Protocol v.0 (experimental) / rpcapd][Stopped/Manual Start]
  <"C:\Program Files\WinPcap\rpcapd.exe" -d -f "C:\Program Files\WinPcap\rpcapd.ini"><N/A>
[RpcSs. / Remote Procedure Call][Stopped/Auto Start]
  <C:\WINDOWS\$hf_mig$\rpcss><N/A>
==================================
驱动程序
[ADMtek ADM8511/AN986 USB To Fast Ethernet Converter / ADM8511][Stopped/Manual Start]
  <system32\DRIVERS\ADM8511.SYS><ADMtek Incorporated>
[Service for Realtek AC97 Audio (WDM) / ALCXWDM][Running/Manual Start]
  <system32\drivers\ALCXWDM.SYS><Realtek Semiconductor Corp.>
[C-Media WDM Audio Interface / cmuda][Stopped/Manual Start]
  <system32\drivers\cmuda.sys><C-Media Inc>
[D-Link DFE-530TX PCI Fast Ethernet Adapter Driver Service / FETNDISB][Running/Manual Start]
  <system32\DRIVERS\dlkfet5b.sys><D-Link>
[GMSIPCI / GMSIPCI][Stopped/Manual Start]
  <\??\H:\新建文件夹 (2)\INSTALL\GMSIPCI.SYS><N/A>
[kl1 / kl1][Running/Boot Start]
  <\SystemRoot\system32\drivers\kl1.sys><Kaspersky Lab>
[klif / klif][Running/System Start]
  <\??\C:\WINDOWS\system32\drivers\klif.sys><Kaspersky Lab>
[NetGroup Packet Filter Driver / NPF][Stopped/Manual Start]
  <system32\drivers\npf.sys><Politecnico di Torino>
[npkcrypt / npkcrypt][Stopped/Manual Start]
  <\??\C:\WINDOWS\system32\npkcrypt.sys><N/A>
[npkcusb / npkcusb][Stopped/Auto Start]
  <\??\C:\Program Files\Tencent\QQ\npkcusb.sys><N/A>
[npkycryp / npkycryp][Stopped/Manual Start]
  <\??\C:\WINDOWS\system32\npkycryp.sys><N/A>
[nv / nv][Running/Manual Start]
  <system32\DRIVERS\nv4_mini.sys><NVIDIA Corporation>
[Direct Parallel Link Driver / Ptilink][Running/Manual Start]
  <system32\DRIVERS\ptilink.sys><Parallel Technologies, Inc.>
[Secdrv / Secdrv][Stopped/Manual Start]
  <system32\DRIVERS\secdrv.sys><N/A>
[World Standard Teletext Codec / WSTCODEC][Stopped/Manual Start]
  <system32\DRIVERS\WSTCODEC.SYS><Microsoft Corporation>
[xAntiArpSpoof Service / xAntiArp][Stopped/Manual Start]
  <system32\DRIVERS\xAntiArp.sys><Windows (R) 2000 DDK provider>
[XPAD Filter Service 02 / XPADFL02][Stopped/Manual Start]
  <system32\DRIVERS\xpadfl02.sys><Compuware Corporation>
[Vimicro USB PC Camera(ZC0301PL) / ZSMC301b][Stopped/Manual Start]
  <System32\Drivers\usbVM31b.sys><VM>
[AntiARP NDIS Protocol Driver / AntiArpNdisProt][Running/Auto Start]
  <system32\DRIVERS\AntiArpNdisProt.sys><Windows (R) 2000 DDK provider>
==================================
浏览器加载项
[QQCycloneHelper Class]
  {00000000-12C9-4305-82F9-43058F20E8D2} <C:\Program Files\Tencent\QQDownload\QQIEHelper01.dll, 腾讯公司>
[Web 反病毒统计]
  {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} <C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\SCIEPlgn.dll, Kaspersky Lab>
[QQCycloneHelper Class]
  {00000000-12C9-4305-82F9-43058F20E8D2} <C:\Program Files\Tencent\QQDownload\QQIEHelper01.dll, 腾讯公司>
[StormPlayer Object]
  {6BE52E1D-E586-474F-A6E2-1A85A9B4D9FB} <C:\Program Files\StormII\mps.dll, Biejing Baofeng Inc.>
[RDS.DataSpace]
  {BD96C556-65A3-11D0-983A-00C04FC29E36} <C:\Program Files\Common Files\System\MSADC\msadco.dll, Microsoft Corporation>
[Shockwave Flash Object]
  {D27CDB6E-AE6D-11CF-96B8-444553540000} <C:\WINDOWS\system32\Macromed\Flash\Flash9d.ocx, Adobe Systems, Inc.>
[Microsoft Agent Control 2.0]
  {D45FD31B-5C6E-11D1-9EC1-00C04FD7081F} <C:\WINDOWS\msagent\agentctl.dll, Microsoft Corporation>
[&使用BitComet下载]
  <res://e:\Program Files\BitComet\BitComet.exe/AddLink.htm, N/A>
[&使用BitComet下载全部链接]
  <res://e:\Program Files\BitComet\BitComet.exe/AddAllLink.htm, N/A>
[&使用BitComet下载本页视频]
  <res://e:\Program Files\BitComet\BitComet.exe/AddVideo.htm, N/A>
[&使用超级旋风下载]
  <C:\Program Files\Tencent\QQDownload\geturl.htm, N/A>
[&使用超级旋风下载全部链接]
  <C:\Program Files\Tencent\QQDownload\getAllurl.htm, N/A>
[使用迅雷下载]
  <C:\Program Files\Thunder Network\Thunder\Program\GetUrl.htm, N/A>
[使用迅雷下载全部链接]
  <C:\Program Files\Thunder Network\Thunder\Program\GetAllUrl.htm, N/A>
[添加到QQ表情]
  <d:\Program Files\Tencent\QQ\AddEmotion.htm, N/A>
==================================
正在运行的进程
[PID: 628 / SYSTEM][\SystemRoot\System32\smss.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 696 / SYSTEM][\??\C:\WINDOWS\system32\csrss.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 720 / SYSTEM][\??\C:\WINDOWS\system32\winlogon.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
    [C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\miscr3.dll]  [Kaspersky Lab, 7.0.0.125]
    [C:\WINDOWS\system32\klogon.dll]  [Kaspersky Lab, 7.0.0.125]
    [C:\WINDOWS\system32\WgaLogon.dll]  [Microsoft Corporation, 1.7.0018.5]
    [C:\WINDOWS\system32\SOGOUPY.IME]  [Sohu.com Inc., 2, 0, 0, 1]
    [C:\WINDOWS\system32\dllMergeDict.dll]  [N/A, ]
    [C:\Program Files\SogouInput\Plugin\SgImeWord.dll]  [, 1, 0, 0, 31]
    [C:\WINDOWS\system32\msacm32.drv]  [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)]
[PID: 764 / SYSTEM][C:\WINDOWS\system32\services.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
    [C:\WINDOWS\AppPatch\AcAdProc.dll]  [Microsoft Corporation, 5.1.2600.3008 (xpsp.061004-0027)]
[PID: 776 / SYSTEM][C:\WINDOWS\system32\lsass.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
    [C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\dnsq.dll]  [Kaspersky Lab, 7.0.0.125]
    [C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\miscr3.dll]  [Kaspersky Lab, 7.0.0.125]
[PID: 920 / SYSTEM][C:\WINDOWS\system32\svchost.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 1024 / NETWORK SERVICE][C:\WINDOWS\system32\svchost.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
    [C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\dnsq.dll]  [Kaspersky Lab, 7.0.0.125]
[PID: 1132 / SYSTEM][C:\WINDOWS\System32\svchost.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
    [C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\miscr3.dll]  [Kaspersky Lab, 7.0.0.125]
    [C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\dnsq.dll]  [Kaspersky Lab, 7.0.0.125]
    [C:\WINDOWS\system32\wups2.dll]  [Microsoft Corporation, 7.0.6000.381 (winmain(wmbla).070730-1740)]
[PID: 1236 / NETWORK SERVICE][C:\WINDOWS\system32\svchost.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
    [C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\miscr3.dll]  [Kaspersky Lab, 7.0.0.125]
[PID: 1328 / LOCAL SERVICE][C:\WINDOWS\system32\svchost.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
    [C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\miscr3.dll]  [Kaspersky Lab, 7.0.0.125]
[PID: 1424 / SYSTEM][C:\WINDOWS\system32\spoolsv.exe]  [Microsoft Corporation, 5.1.2600.2696 (xpsp_sp2_gdr.050610-1519)]
回复

举报

aimotion
 楼主| 发表于 2007-9-25 15:37:12 | 显示全部楼层
[C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\dnsq.dll]  [Kaspersky Lab, 7.0.0.125]
    [C:\WINDOWS\system32\mdimon.dll]  [Microsoft Corporation, 11.3.1897.0]
    [C:\WINDOWS\System32\spool\PRTPROCS\W32X86\mdippr.dll]  [Microsoft Corporation, 11.3.1897.0]
    [C:\WINDOWS\System32\spool\PRTPROCS\W32X86\vprproc.dll]  [Windows (R) 2000 DDK provider, 5.00.2195.1620]
[PID: 1632 / SYSTEM][C:\WINDOWS\System32\svchost.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 1680 / SYSTEM][C:\WINDOWS\system32\svchost.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 1900 / NETWORK SERVICE][C:\Program Files\Windows Media Player\WMPNetwk.exe]  [Microsoft Corporation, 11.0.5721.5145 (WMP_11.061018-2006)]
    [C:\WINDOWS\system32\wmpmde.dll]  [Microsoft Corporation, 11.0.5721.5145 (WMP_11.061018-2006)]
    [C:\WINDOWS\system32\MFPlat.DLL]  [Microsoft Corporation, 11.0.5721.5145 (WMP_11.061018-2006)]
    [C:\WINDOWS\system32\wmpps.dll]  [Microsoft Corporation, 11.0.5721.5145 (WMP_11.061018-2006)]
[PID: 664 / LOCAL SERVICE][C:\WINDOWS\System32\alg.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 268 / Administrator][C:\WINDOWS\Explorer.EXE]  [Microsoft Corporation, 6.00.2900.3156 (xpsp_sp2_gdr.070613-1234)]
    [C:\WINDOWS\system32\SOGOUPY.IME]  [Sohu.com Inc., 2, 0, 0, 1]
    [C:\WINDOWS\system32\dllMergeDict.dll]  [N/A, ]
    [C:\Program Files\SogouInput\Plugin\SgImeWord.dll]  [, 1, 0, 0, 31]
    [C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\miscr3.dll]  [Kaspersky Lab, 7.0.0.125]
    [C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\scrchpg.dll]  [Kaspersky Lab, 7.0.0.125]
    [C:\WINDOWS\system32\msacm32.drv]  [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)]
    [C:\Program Files\Adobe\Acrobat 7.0\ActiveX\PDFShell.dll]  [Adobe Systems, Inc., 7.0.0.0]
    [C:\WINDOWS\system32\PortableDeviceApi.dll]  [Microsoft Corporation, 5.2.5721.5145 (WMP_11.061018-2006)]
    [C:\Program Files\Microsoft Office\OFFICE11\msohev.dll]  [Microsoft Corporation, 11.0.5510]
    [D:\Program Files\Tencent\TMDlls\qdshm.dll]  [, 1, 0, 1, 2]
    [D:\Program Files\Tencent\TMDlls\MFC42.DLL]  [Microsoft Corporation, 6.00.8665.0]
    [C:\Program Files\WinRAR\rarext.dll]  [N/A, ]
    [C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\ShellEx.dll]  [Kaspersky Lab, 7.0.0.125]
    [C:\Program Files\MSN Messenger\fsshext.8.1.0178.00.dll]  [Microsoft Corporation, 8.1.0178.00]
    [C:\WINDOWS\system32\wpdshext.dll]  [Microsoft Corporation, 5.2.5721.5145 (WMP_11.061018-2006)]
    [C:\WINDOWS\system32\Audiodev.dll]  [Microsoft Corporation, 5.2.5721.5145 (WMP_11.061018-2006)]
[PID: 1476 / Administrator][C:\WINDOWS\system32\ctfmon.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
    [C:\WINDOWS\system32\SOGOUPY.IME]  [Sohu.com Inc., 2, 0, 0, 1]
    [C:\WINDOWS\system32\dllMergeDict.dll]  [N/A, ]
    [C:\Program Files\SogouInput\Plugin\SgImeWord.dll]  [, 1, 0, 0, 31]
    [C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\miscr3.dll]  [Kaspersky Lab, 7.0.0.125]
[PID: 3288 / Administrator][D:\Program Files\Tencent\TMDlls\TM.exe]  [腾讯公司, 0, 0, 0, 0]
    [D:\Program Files\Tencent\TMDlls\BasicCtrlDll.dll]  [Tencent, 6, 0, 200, 320]
    [D:\Program Files\Tencent\TMDlls\MFC42.DLL]  [Microsoft Corporation, 6.00.8665.0]
    [D:\Program Files\Tencent\TMDlls\QQHelperDll.dll]  [, 1, 0, 0, 1]
    [D:\Program Files\Tencent\TMDlls\BaseUIClass.dll]  [, 1, 0, 0, 1]
    [D:\Program Files\Tencent\TMDlls\BaseCtrlClass.dll]  [, 1, 0, 0, 1]
    [D:\Program Files\Tencent\TMDlls\QQBaseClassInDll.dll]  [, 1, 0, 0, 1]
    [D:\Program Files\Tencent\TMDlls\gdiplus.dll]  [Microsoft Corporation, 5.1.3102.2180 (xpsp_sp2_rtm.040803-2158)]
    [D:\Program Files\Tencent\TMDlls\QQZip.dll]  [tencent, 0, 3, 2, 4]
    [C:\WINDOWS\system32\SOGOUPY.IME]  [Sohu.com Inc., 2, 0, 0, 1]
    [C:\WINDOWS\system32\dllMergeDict.dll]  [N/A, ]
    [C:\Program Files\SogouInput\Plugin\SgImeWord.dll]  [, 1, 0, 0, 31]
    [D:\Program Files\Tencent\TMDlls\ImageOle.dll]  [TODO: <Company name>, 1.0.0.1]
    [D:\Program Files\Tencent\TMDlls\RICHED20.DLL]  [Microsoft Corporation, 5.31.23.1218]
    [D:\Program Files\Tencent\TMDlls\RICHED32.DLL]  [Microsoft Corporation, 5.00.2134.1]
    [D:\Program Files\Tencent\TMDlls\QQAPI.dll]  [, 1, 0, 0, 1]
    [D:\Program Files\Tencent\TMDlls\TIMProxy.dll]  [tencent, 0, 3, 2, 4]
    [D:\Program Files\Tencent\TMDlls\CQQApplication.dll]  [N/A, ]
    [D:\Program Files\Tencent\TMDlls\QQRes.dll]  [N/A, ]
    [D:\Program Files\Tencent\TMDlls\WizardCtrl.dll]  [Tencent, 1, 0, 0, 1]
    [D:\Program Files\Tencent\TMDlls\HostingMgr.dll]  [, 1, 0, 0, 1]
    [D:\Program Files\Tencent\TMDlls\QQMainFrame.dll]  [TENCENT, 1, 0, 0, 1]
    [C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\miscr3.dll]  [Kaspersky Lab, 7.0.0.125]
    [C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\dnsq.dll]  [Kaspersky Lab, 7.0.0.125]
    [C:\WINDOWS\system32\msdmo.dll]  [, ]
    [D:\Program Files\Tencent\TMDlls\NewSkin.dll]  [, 1, 0, 0, 1]
    [D:\Program Files\Tencent\TMDlls\MailSummary.dll]  [, 1, 0, 0, 1]
    [D:\Program Files\Tencent\TMDlls\FrameBar.dll]  [, 1, 0, 0, 1]
    [D:\Program Files\Tencent\TMDlls\QQConfigPlugin.dll]  [, 1, 0, 0, 1]
    [D:\Program Files\Tencent\TMDlls\CameraDll.dll]  [, 1, 0, 0, 1]
    [D:\Program Files\Tencent\TMDlls\UserRelationWeight.dll]  [, 1, 0, 0, 1]
    [D:\Program Files\Tencent\TMDlls\vbscript.dll]  [Microsoft Corporation, 5.6.0.7426]
    [D:\Program Files\Tencent\TMDlls\CommercesMng.dll]  [, 1, 0, 0, 1]
    [D:\Program Files\Tencent\TMDlls\LongConnection.dll]  [tencent, 5, 0, 200, 160]
    [D:\Program Files\Tencent\TMDlls\InstantSession.dll]  [, 1, 0, 0, 1]
    [D:\Program Files\Tencent\TMDlls\CustomFace.dll]  [, 1, 0, 0, 1]
    [C:\WINDOWS\system32\msacm32.drv]  [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)]
    [C:\WINDOWS\system32\msadp32.acm]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
    [D:\Program Files\Tencent\TMDlls\QQSpace.dll]  [, 1, 0, 0, 1]
    [D:\Program Files\Tencent\TMDlls\QQGroupMng.dll]  [, 1, 0, 0, 1]
    [D:\Program Files\Tencent\TMDlls\MiscCtrl.dll]  [, 1, 0, 0, 1]
    [D:\Program Files\Tencent\TMDlls\QQAddr.dll]  [深圳市腾讯计算机系统有限公司, 0, 3, 0, 44]
    [D:\Program Files\Tencent\TMDlls\GroupConnection.dll]  [Tencent, 0, 3, 3, 5]
    [D:\Program Files\Tencent\TMDlls\QQFileTransfer.dll]  [Tencent, 0, 3, 3, 5]
[PID: 3312 / Administrator][D:\Program Files\Tencent\QQ.exe]  [TENCENT, 7,0,365,1701]
    [D:\Program Files\Tencent\CoralAssist.dll]  [Coral Team, 5.0.0 build 20060829]
    [D:\Program Files\Tencent\CoralQQ.dll]  [Coral Team, 5.0.1a Build 20070620]
    [D:\Program Files\Tencent\kql.dll]  [Coral Team, 5.0.1a build 20070620]
    [D:\Program Files\Tencent\mfc42.dll]  [Microsoft Corporation, 6.00.8665.0]
    [D:\Program Files\Tencent\ipsearcher.dll]  [, 1.0.0.5]
    [D:\Program Files\Tencent\QQBaseClassInDll.dll]  [TENCENT, 7,0,365,1701]
    [D:\Program Files\Tencent\QQHelperDll.dll]  [TENCENT, 7,0,365,1701]
    [D:\Program Files\Tencent\BasicCtrlDll.dll]  [TENCENT, 7,0,365,1701]
    [C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\miscr3.dll]  [Kaspersky Lab, 7.0.0.125]
    [D:\Program Files\Tencent\ConfigHotkey.cqx]  [Coral Team, 1.0]
    [C:\WINDOWS\system32\SOGOUPY.IME]  [Sohu.com Inc., 2, 0, 0, 1]
    [C:\WINDOWS\system32\dllMergeDict.dll]  [N/A, ]
    [C:\Program Files\SogouInput\Plugin\SgImeWord.dll]  [, 1, 0, 0, 31]
    [D:\Program Files\Tencent\RICHED32.DLL]  [Microsoft Corporation, 5.00.2134.1]
    [D:\Program Files\Tencent\RICHED20.dll]  [Microsoft Corporation, 5.31.23.1218]
    [D:\Program Files\Tencent\QQAPI.dll]  [TENCENT, 7,0,365,1701]
    [D:\Program Files\Tencent\TMDlls\TIMProxy.dll]  [tencent, 0, 3, 2, 4]
    [D:\Program Files\Tencent\LoginCtrl.dll]  [TENCENT, 7,0,365,1701]
    [D:\Program Files\Tencent\LoginCtrlRes.dll]  [TENCENT, 7,0,365,1701]
    [D:\Program Files\Tencent\QQRes.dll]  [TENCENT, 7,0,365,1701]
    [D:\Program Files\Tencent\QQMainFrame.dll]  [N/A, ]
    [D:\Program Files\Tencent\gdiplus.dll]  [Microsoft Corporation, 5.1.3102.2180 (xpsp_sp2_rtm.040803-2158)]
    [D:\Program Files\Tencent\CQQApplication.dll]  [N/A, ]
    [D:\Program Files\Tencent\FlashAvatarDll.dll]  [, 1, 4, 0, 1]
    [D:\Program Files\Tencent\NewSkin.dll]  [TENCENT, 7,0,365,1701]
    [D:\Program Files\Tencent\HostingMgr.dll]  [TENCENT, 7,0,365,1701]
    [D:\Program Files\Tencent\CameraDll.dll]  [TENCENT, 7,0,365,1701]
    [D:\Program Files\Tencent\MailSummary.dll]  [TENCENT, 7,0,365,1701]
    [D:\Program Files\Tencent\CoralHotkey.cqx]  [Coral Team, 1.0]
    [D:\Program Files\Tencent\QQKnowledgeSearch.dll]  [TENCENT, 7,0,365,1701]
    [C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\dnsq.dll]  [Kaspersky Lab, 7.0.0.125]
    [D:\Program Files\Tencent\QQAllInOne.dll]  [TENCENT, 7,0,365,1701]
    [D:\Program Files\Tencent\SCCore.dll]  [TENCENT, 1, 6, 0, 2]
    [D:\Program Files\Tencent\QQSpace.dll]  [TENCENT, 7,0,365,1701]
    [D:\Program Files\Tencent\vbscript.dll]  [Microsoft Corporation, 5.6.0.7426]
    [C:\WINDOWS\system32\msdmo.dll]  [, ]
    [D:\Program Files\Tencent\QQGroupMng.dll]  [TENCENT, 7,0,365,1701]
    [C:\WINDOWS\system32\msacm32.drv]  [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)]
    [D:\Program Files\Tencent\QQAvatar.dll]  [N/A, ]
    [D:\Program Files\Tencent\QQSysMsgMng.dll]  [N/A, ]
    [D:\Program Files\Tencent\UserDefinedHead.dll]  [TENCENT, 7,0,365,1701]
    [D:\Program Files\Tencent\QQPlugin.dll]  [N/A, ]
    [D:\Program Files\Tencent\QQConfigPlugin.dll]  [TENCENT, 7,0,365,1701]
    [D:\Program Files\Tencent\QQCustomFace.dll]  [N/A, ]
    [C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\scrchpg.dll]  [Kaspersky Lab, 7.0.0.125]
    [D:\Program Files\Tencent\QRingMng.dll]  [N/A, ]
    [D:\Program Files\Tencent\LongConnection.dll]  [TENCENT, 7,0,365,1701]
    [D:\Program Files\Tencent\PhoneAPI.dll]  [TENCENT, 7,0,365,1701]
    [D:\Program Files\Tencent\DialerAllinOne.dll]  [tencent, 1, 4, 0, 0]
    [D:\Program Files\Tencent\QQPet.dll]  [TENCENT, 7,0,365,1701]
    [D:\Program Files\Tencent\BQQApplication.dll]  [N/A, ]
    [D:\Program Files\Tencent\QQSettingCtrl.dll]  [TENCENT, 7,0,365,1701]
    [D:\Program Files\Tencent\CommercesMng.dll]  [TENCENT, 7,0,365,1701]
    [D:\Program Files\Tencent\PersonalDesktop.dll]  [深圳市腾讯计算机系统公司QQ工作小组, 1, 0, 0, 2]
    [D:\Program Files\Tencent\QQAddr.dll]  [深圳市腾讯计算机系统有限公司, 5, 0, 101, 320]
    [D:\Program Files\Tencent\QQSceneMng.dll]  [N/A, ]
    [D:\Program Files\Tencent\AddrSearch.dll]  [腾讯科技(深圳)有限公司, 2, 1, 9, 95]
    [D:\Program Files\Tencent\ImageOle.dll]  [TENCENT, 7,0,365,1701]
    [D:\Program Files\Tencent\QQLiveQMng.dll]  [TENCENT, 7,0,365,1701]
    [D:\Program Files\Tencent\GroupConnection.dll]  [TENCENT, 7,0,365,1701]
    [C:\WINDOWS\system32\msadp32.acm]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
    [D:\Program Files\Tencent\QQFileTransfer.dll]  [TENCENT, 7,0,365,1701]
    [D:\Program Files\Tencent\QQMagicFace.dll]  [TENCENT, 7,0,365,1701]
    [D:\Program Files\Tencent\QQZip.dll]  [TENCENT, 7,0,365,1701]
[PID: 3436 / Administrator][D:\Program Files\Tencent\TMDlls\TIMPlatform.exe]  [tencent, 0, 3, 1, 8]
    [D:\Program Files\Tencent\TMDlls\TIMProxy.dll]  [tencent, 0, 3, 2, 4]
[PID: 840 / Administrator][C:\WINDOWS\system32\conime.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
    [C:\WINDOWS\system32\SOGOUPY.IME]  [Sohu.com Inc., 2, 0, 0, 1]
    [C:\WINDOWS\system32\dllMergeDict.dll]  [N/A, ]
    [C:\Program Files\SogouInput\Plugin\SgImeWord.dll]  [, 1, 0, 0, 31]
[PID: 3696 / SYSTEM][C:\windows\system32\svchost.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
    [C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\miscr3.dll]  [Kaspersky Lab, 7.0.0.125]
    [C:\WINDOWS\system32\SOGOUPY.IME]  [Sohu.com Inc., 2, 0, 0, 1]
    [C:\windows\system32\dllMergeDict.dll]  [N/A, ]
    [C:\Program Files\SogouInput\Plugin\SgImeWord.dll]  [, 1, 0, 0, 31]
    [C:\windows\system32\msacm32.drv]  [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)]
    [C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\dnsq.dll]  [Kaspersky Lab, 7.0.0.125]
[PID: 3804 / Administrator][C:\Program Files\Tencent\TT\TTraveler.exe]  [Tencent, 3, 8, 308, 201]
    [C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\miscr3.dll]  [Kaspersky Lab, 7.0.0.125]
    [C:\WINDOWS\system32\SOGOUPY.IME]  [Sohu.com Inc., 2, 0, 0, 1]
    [C:\WINDOWS\system32\dllMergeDict.dll]  [N/A, ]
    [C:\Program Files\SogouInput\Plugin\SgImeWord.dll]  [, 1, 0, 0, 31]
    [C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\scrchpg.dll]  [Kaspersky Lab, 7.0.0.125]
    [C:\Program Files\Tencent\TT\Plugins\QQFloatBar\QQFloatBar4TT2.dll]  [腾讯公司, 1, 1, 0, 5]
    [C:\Program Files\Tencent\TT\Plugins\TWeather\TWeather.dll]  [, 1, 0, 0, 3]
    [C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\dnsq.dll]  [Kaspersky Lab, 7.0.0.125]
    [C:\Program Files\Tencent\TT\TTNetFavor.dll]  [N/A, ]
    [C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\klscav.dll]  [Kaspersky Lab, 7.0.0.125]
    [C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\prremote.dll]  [Kaspersky Lab, 7.0.0.125]
    [C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\prloader.dll]  [Kaspersky Lab, 7.0.0.125]
    [C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\prkernel.ppl]  [Kaspersky Lab, 7.0.0.125]
    [c:\program files\kaspersky lab\kaspersky anti-virus 7.0\params.ppl]  [Kaspersky Lab, 7.0.0.125]
    [c:\program files\kaspersky lab\kaspersky anti-virus 7.0\pxstub.ppl]  [Kaspersky Lab, 7.0.0.125]
    [c:\program files\kaspersky lab\kaspersky anti-virus 7.0\tempfile.ppl]  [Kaspersky Lab, 7.0.0.125]
    [C:\WINDOWS\system32\msacm32.drv]  [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)]
    [C:\WINDOWS\system32\Macromed\Flash\Flash9d.ocx]  [Adobe Systems, Inc., 9,0,47,0]
    [C:\WINDOWS\system32\PortableDeviceApi.dll]  [Microsoft Corporation, 5.2.5721.5145 (WMP_11.061018-2006)]
[PID: 2664 / Administrator][E:\反病毒\SREng2\SREngPS.EXE]  [Smallfrogs Studio, 2.5.16.900]
    [C:\WINDOWS\system32\SOGOUPY.IME]  [Sohu.com Inc., 2, 0, 0, 1]
    [C:\WINDOWS\system32\dllMergeDict.dll]  [N/A, ]
    [C:\Program Files\SogouInput\Plugin\SgImeWord.dll]  [, 1, 0, 0, 31]
    [C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\miscr3.dll]  [Kaspersky Lab, 7.0.0.125]
    [E:\反病毒\SREng2\Upload\3rdUpd.DLL]  [Smallfrogs Studio, 2, 1, 0, 15]
    [C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\dnsq.dll]  [Kaspersky Lab, 7.0.0.125]
==================================
文件关联
.TXT  Error. [C:\WINDOWS\notepad.exe %1]
.EXE  OK. ["%1" %*]
.COM  OK. ["%1" %*]
.PIF  OK. ["%1" %*]
.REG  OK. [regedit.exe "%1"]
.BAT  OK. ["%1" %*]
.SCR  OK. ["%1" /S]
.CHM  Error. ["hh.exe" %1]
.HLP  Error. [C:\WINDOWS\winhlp32.exe %1]
.INI  Error. [C:\WINDOWS\System32\NOTEPAD.EXE %1]
.INF  Error. [C:\WINDOWS\NOTEPAD.EXE %1]
.VBS  OK. [%SystemRoot%\System32\WScript.exe "%1" %*]
.JS   Error. ["d:\Program Files\Macromedia\Dreamweaver MX 2004\Dreamweaver.exe" "%1"]
.LNK  OK. [{00021401-0000-0000-C000-000000000046}]
==================================
Winsock 提供者
N/A
==================================
Autorun.inf
N/A
==================================
HOSTS 文件
127.0.0.1                     count.16.vg
127.0.0.1                     count.16.vg/s368/go368.gif
127.0.0.1                     fadama.com
127.0.0.1                     stat.t2t2.com
127.0.0.1                     www.amsterdamsexxx.com
127.0.0.1                     www.avsex.tv
127.0.0.1                     www.easypic2.com
127.0.0.1                     www.freepicturepage.com
127.0.0.1                     www.link8.com
127.0.0.1                     www.rawpussy.com
127.0.0.1                     www.seetu.net
127.0.0.1                     www.sexushost.com
127.0.0.1                     www.sleazydream.com
127.0.0.1                     www.thumbco.com
127.0.0.1                     www.xfreehosting.com
127.0.0.1                     www.xxx166.com
127.0.0.1                     www2.xfreehosting.com
127.0.0.1                     www3.xfreehosting.com
==================================
进程特权扫描
特殊特权被允许: SeLoadDriverPrivilege [PID = 3288, D:\PROGRAM FILES\TENCENT\TMDLLS\TM.EXE]
特殊特权被允许: SeLoadDriverPrivilege [PID = 3436, D:\PROGRAM FILES\TENCENT\TMDLLS\TIMPLATFORM.EXE]
特殊特权被允许: SeLoadDriverPrivilege [PID = 3804, C:\PROGRAM FILES\TENCENT\TT\TTRAVELER.EXE]
==================================
API HOOK
RVA  错误: LoadLibraryA (危险等级: 高,  被下面模块所HOOK: \??\C:\WINDOWS\system32\drivers\klif.sys)
RVA  错误: LoadLibraryExA (危险等级: 高,  被下面模块所HOOK: \??\C:\WINDOWS\system32\drivers\klif.sys)
RVA  错误: LoadLibraryExW (危险等级: 高,  被下面模块所HOOK: \??\C:\WINDOWS\system32\drivers\klif.sys)
RVA  错误: LoadLibraryW (危险等级: 高,  被下面模块所HOOK: \??\C:\WINDOWS\system32\drivers\klif.sys)
RVA  错误: GetProcAddress (危险等级: 高,  被下面模块所HOOK: \??\C:\WINDOWS\system32\drivers\klif.sys)
==================================
隐藏进程
N/A
==================================

[/CODE]
回复

举报

叶知秋1
发表于 2007-9-25 16:45:25 | 显示全部楼层
楼主的机器是不是局域网,如果是的,估计网内有机器中标了,你的机器估计没什么问题。要把那台机器重新系统就行了。
回复

举报

xqiafl
发表于 2007-9-26 11:07:52 | 显示全部楼层
这个溢出型的网马, 有可能是06024 这个,不过,你查下,你的补丁打了没!

要是打了,重启下电脑就行了!
回复

举报

返回列表 发新帖
高级模式
B Color Image Link Quote Code Smilies
您需要登录后才可以回帖 登录 | 快速注册

本版积分规则

手机版|杀毒软件|软件论坛| 卡饭论坛

Copyright © KaFan  KaFan.cn All Rights Reserved.

Powered by Discuz! X3.4( 沪ICP备2020031077号-2 ) GMT+8, 2025-3-19 08:59 , Processed in 0.132093 second(s), 17 queries .

卡饭网所发布的一切软件、样本、工具、文章等仅限用于学习和研究,不得将上述内容用于商业或者其他非法用途,否则产生的一切后果自负,本站信息来自网络,版权争议问题与本站无关,您必须在下载后的24小时之内从您的电脑中彻底删除上述信息,如有问题请通过邮件与我们联系。

快速回复 客服 返回顶部 返回列表