sreng 扫描日志检测，希望高手来看看

显示全部楼层 · 发表于 2010-10-13 09:53:28

本帖最后由 p5891201 于 2010.10.17 11:28 编辑

确定已中此木马，system32文件夹下发现qq.sys”，“cmd.txt”，“mcsql.exe”，“NTPass.dll”，“eulagold.txt”，“GinaPwd.txt”，“mssql.exe”，“mmsql.exe”，“SysS.ldb”，“qq3.exe”，j.i”，“dboysb.sys”的文件夹
使用的window 2000家庭版，做服务器，平时也办公，双系统，E盘装window 7

英文名称：TrojanDownloader.Generic.ari
中文名称：“通犯”变种ari
病毒长度：220672字节
病毒类型：木马下载器
危险级别：★
影响平台：Win 9X/ME/NT/2000/XP/2003/VISTA
MD5 校验：b6d2410ef19be8c15f4195f39396d3b4
特征描述：
TrojanDownloader.Generic.ari“通犯”变种ari是“通犯”家族中的最新成员之一，采用高级语言编写，经过加壳保护处理。“通犯”变种ari运行后，会自我复制到被感染计算机的系统盘根目录下，重新命名为“QQ2009.exe”。其会将“%programfiles%\WinRAR\”文件夹下的“WinRAR.exe”重命名为“WinRAREx.exe”，然后在被感染系统的“%USERPROFILE%\Local Settings\Temp\”文件夹下释放恶意文件“kb-9138531.tmp”，之后会将其复制到“%programfiles%\WinRAR\”文件夹下，重新命名为“WinRAR.exe”。其还会在“%SystemRoot%\system32\”文件夹下创建名为“DUData.dll”、“qq.sys”，“cmd.txt”，“mcsql.exe”，“NTPass.dll”，“eulagold.txt”，“GinaPwd.txt”，“mssql.exe”，“mmsql.exe”，“SysS.ldb”，“qq3.exe”，“qq.exe”，“j.i”，“dboysb.sys”的文件夹。完成上述释放和创建操作后，原病毒程序会将自身删除，以此消除痕迹。“通犯”变种ari运行时，会在被感染系统的后台连接骇客指定的远程站点“123.30.*.114”，下载恶意程序“1.rar”、“2.rar”、“3.rar”、“4.rar”、“5.rar”、“6.rar”并自动调用运行。其所下载的恶意程序可能为网络游戏盗号木马、远程控制后门或恶意广告程序（流氓软件）等，致使用户面临更多的威胁。另外，“通犯”变种ari会在被感染计算机中注册名为“Ias ”的系统服务，以此实现开机自动运行。

曾经使用过卡巴斯基工作站版，瑞星，正在使用赛门铁克，均无法根除
经常性自动生成木马，无法根除
以下是扫描日记：
希望高手给分析下，提供个根除的方法
谢谢各位饭友！！！

显示全部楼层 · 发表于 2010-10-13 11:05:39

2010-10-13,09:36:08
System Repair Engineer 2.8.2.1321
Smallfrogs (http://www.KZTechs.com)
Windows 2000 Server Service Pack 4 (Build 2195) - 管理权限用户 - 完整功能
以下内容被选中：
所有的启动项目（包括注册表、启动文件夹、服务等）
浏览器加载项
正在运行的进程（包括进程模块信息）
文件关联
Winsock 提供者
Autorun.inf
HOSTS 文件
进程特权扫描
计划任务
Windows 安全更新检查
API HOOK
隐藏进程
启动项目
注册表
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
<ctfmon.exe><ctfmon.exe> [Microsoft Corporation]
[HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows]
<load><> [N/A]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
<360Safetray><"C:\Program Files\360\360safe\safemon\360Tray.exe" /start> [(Verified)Qizhi Software (beijing) Co. Ltd]
<ccApp><"C:\Program Files\Common Files\Symantec Shared\ccApp.exe"> [(Verified)Symantec Corporation]
<vptray><C:\PROGRA~1\SYMANT~1\VPTray.exe> [(Verified)Symantec Corporation]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
<shell><Explorer.exe> [(Verified)Microsoft Windows 2000 Publisher]
<Userinit><C:\winnt\system32\userinit.exe,> [(Verified)Microsoft Windows 2000 Publisher]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Windows]
<AppInit_DLLs><> [N/A]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
<{AEB6717E-7E19-11d0-97EE-00C04FD91972}><shell32.dll> [(Verified)Microsoft Windows Component Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
<Network.ConnectionTray><C:\WINNT\system32\NETSHELL.dll> [(Verified)Microsoft Windows 2000 Publisher]
<WebCheck><%SystemRoot%\system32\webcheck.dll> [(Verified)Microsoft Windows Component Publisher]
<SysTray><stobject.dll> [(Verified)Microsoft Windows 2000 Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\crypt32chain]
<WinlogonNotify: crypt32chain><crypt32.dll> [(Verified)Microsoft Windows 2000 Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\cryptnet]
<WinlogonNotify: cryptnet><cryptnet.dll> [(Verified)Microsoft Windows 2000 Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\cscdll]
<WinlogonNotify: cscdll><cscdll.dll> [(Verified)Microsoft Windows 2000 Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\NavLogon]
<WinlogonNotify: NavLogon><C:\winnt\system32\NavLogon.dll> [(Verified)Symantec Corporation]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\sclgntfy]
<WinlogonNotify: sclgntfy><sclgntfy.dll> [(Verified)Microsoft Windows 2000 Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\SensLogn]
<WinlogonNotify: SensLogn><WlNotify.dll> [(Verified)Microsoft Windows 2000 Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\termsrv]
<WinlogonNotify: termsrv><wlnotify.dll> [(Verified)Microsoft Windows 2000 Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\wzcnotif]
<WinlogonNotify: wzcnotif><wzcdlg.dll> [(Verified)Microsoft Windows 2000 Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler]
<{438755C2-A8BA-11D1-B96B-00A0C90312E1}><%SystemRoot%\System32\browseui.dll> [(Verified)Microsoft Windows Component Publisher]
<{8C7461EF-2B13-11d2-BE35-3078302C2030}><%SystemRoot%\System32\browseui.dll> [(Verified)Microsoft Windows Component Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\>{60B49E34-C7CC-11D0-8953-00A0C90347FF}MICROS]
<自定义浏览器><RunDLL32 IEDKCS32.DLL,BrandIE4 SIGNUP> [(Verified)Microsoft Windows Component Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{22d6f312-b0f6-11d0-94ab-0080c74c7e95}]
<Microsoft Windows Media Player 6.4><rundll32.exe advpack.dll,LaunchINFSection C:\WINNT\INF\mplayer2.inf,PerUserStub.NT> [(Verified)Microsoft Windows 2000 Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{44BBA842-CC51-11CF-AAFA-00AA00B6015B}]
<NetMeeting 3.01><rundll32.exe advpack.dll,LaunchINFSection C:\WINNT\INF\msnetmtg.inf,NetMtg.Install.PerUser.NT> [(Verified)Microsoft Windows 2000 Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{6A5110B5-E14B-4268-A065-EF89FF33C325}]
<EnableRevocation><regsvr32.exe /s /n /i:"S 2 true 3 true 4 true 5 true 6 true 7 true" initpki.dll> [(Verified)Microsoft Windows 2000 Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{89820200-ECBD-11cf-8B85-00AA005B4340}]
<Windows 桌面更新><regsvr32.exe /s /n /i:U shell32.dll> [(Verified)Microsoft Windows 2000 Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{89820200-ECBD-11cf-8B85-00AA005B4383}]
<Internet Explorer 6><%SystemRoot%\System32\ie4uinit.exe> [(Verified)Microsoft Windows Component Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{89B4C1CD-B018-4511-B0A1-5476DBF70820}]
<N/A><C:\WINNT\system32\Rundll32.exe C:\WINNT\system32\mscories.dll,Install> [Microsoft Corporation]
[HKEY_CURRENT_USER\Control Panel\Desktop]
<SCRNSAVE.EXE><C:\winnt\system32\ssmarque.scr> [(Verified)Microsoft Windows 2000 Publisher]
==================================
启动文件夹
N/A
==================================
服务
[Symantec Event Manager / ccEvtMgr][Running/Auto Start]
<"C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe"><Symantec Corporation>
[Symantec Settings Manager / ccSetMgr][Running/Auto Start]
<"C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe"><Symantec Corporation>
[Symantec AntiVirus Definition Watcher / DefWatch][Running/Auto Start]
<"C:\Program Files\Symantec AntiVirus\DefWatch.exe"><Symantec Corporation>
[Logical Disk Manager Administrative Service / dmadmin][Stopped/Manual Start]
<C:\winnt\System32\dmadmin.exe /com><VERITAS Software Corp.>
[LiveUpdate / LiveUpdate][Running/Auto Start]
<"C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE"><Symantec Corporation>
[Messenger / Messenger][Stopped/Boot Start]
<\SystemRoot\C:\winnt\System32\services.exe><(File is missing)>
[Microsoft Search / MSSEARCH][Stopped/Manual Start]
<"C:\Program Files\Common Files\System\MSSearch\Bin\mssearch.exe"><Microsoft Corporation>
[MSSQLSERVER / MSSQLSERVER][Running/Auto Start]
<C:\PROGRA~1\MICROS~4\MSSQL\binn\sqlservr.exe><Microsoft Corporation>
[MSSQLServerADHelper / MSSQLServerADHelper][Stopped/Disabled]
<><(File is missing)>
[PeanutHull DDNS Background Service / PeanuthullDDNSCore][Running/Auto Start]
<C:\Program Files\Oray\PhDDNS\PhDdnsCore.exe><上海贝锐>
[SavRoam / SavRoam][Running/Auto Start]
<"C:\Program Files\Symantec AntiVirus\SavRoam.exe"><symantec>
[Symantec SPBBCSvc / SPBBCSvc][Running/Auto Start]
<"C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe"><Symantec Corporation>
[SQLSERVERAGENT / SQLSERVERAGENT][Running/Auto Start]
<C:\Program Files\Microsoft SQL Server\MSSQL\binn\sqlagent.exe -i MSSQLSERVER><Microsoft Corporation>
[Symantec AntiVirus / Symantec AntiVirus][Running/Auto Start]
<"C:\Program Files\Symantec AntiVirus\Rtvscan.exe"><Symantec Corporation>
[Tencent Software Update Service / TSUSVC][Stopped/Auto Start]
<"C:\Program Files\Tencent\QQSoftMgr\1.0.375.203\TencentUpdateSvc.exe" -run><Tencent>
[主动防御 / ZhuDongFangYu][Running/Auto Start]
<"C:\Program Files\360\360safe\deepscan\zhudongfangyu.exe"><360.cn>
==================================
驱动程序
[360AntiARP / 360AntiARP][Running/System Start]
<\??\C:\winnt\system32\Drivers\360AntiARP.sys><360安全中心>
[360SelfProtection / 360SelfProtection][Running/System Start]
<system32\drivers\360SelfProtection.sys><360安全中心>
[Ambfilt / Ambfilt][Stopped/Manual Start]
<system32\drivers\Ambfilt.sys><Creative>
[BAPIDRV / BAPIDRV][Running/System Start]
<\??\C:\winnt\system32\drivers\BAPIDRV.SYS><360.cn>
[ComputerZ / ComputerZ][Stopped/Manual Start]
<\??\C:\Program Files\LuDaShi\ComputerZ.sys><N/A>
[cpuz130 / cpuz130][Stopped/Manual Start]
<\??\C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\cpuz130\cpuz_x32.sys><N/A>
[dmboot / dmboot][Stopped/Disabled]
<System32\drivers\dmboot.sys><VERITAS Software Corp.>
[Logical Disk Manager Driver / dmio][Running/Boot Start]
<\SystemRoot\System32\drivers\dmio.sys><VERITAS Software Corp.>
[dmload / dmload][Running/Boot Start]
<\SystemRoot\System32\drivers\dmload.sys><VERITAS Software Corp.>
[Symantec Eraser Control driver / eeCtrl][Running/System Start]
<\??\C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys><Symantec Corporation>
[EfiSystemMon / EfiMon][Running/System Start]
<System32\Drivers\Efimon.sys><奇虎网>
[EraserUtilDrv11010 / EraserUtilDrv11010][Stopped/Manual Start]
<\??\C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilDrv11010.sys><N/A>
[EraserUtilRebootDrv / EraserUtilRebootDrv][Running/Manual Start]
<\??\C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys><Symantec Corporation>
[Microsoft 用于 High Definition Audio 的 UAA 总线驱动程序 / HDAudBus][Running/Manual Start]
<system32\DRIVERS\HDAudBus.sys><Windows (R) Server 2003 DDK provider>
[HookPort / HookPort][Running/Boot Start]
<\SystemRoot\System32\Drivers\Hookport.sys><360安全中心>
[ialm / ialm][Running/Manual Start]
<System32\DRIVERS\igxpmp32.sys><Intel Corporation>
[Service for Realtek HD Audio (WDM) / IntcAzAudAddService][Running/Manual Start]
<system32\drivers\RtkHDAud.sys><Realtek Semiconductor Corp.>
[Monfilt / Monfilt][Stopped/Manual Start]
<system32\drivers\Monfilt.sys><Creative Technology Ltd.>
[NAVENG / NAVENG][Running/Manual Start]
<\??\C:\PROGRA~1\COMMON~1\SYMANT~1\VIRUSD~1\20101008.004\naveng.sys><Symantec Corporation>
[NAVEX15 / NAVEX15][Running/Manual Start]
<\??\C:\PROGRA~1\COMMON~1\SYMANT~1\VIRUSD~1\20101008.004\navex15.sys><Symantec Corporation>
[NLNdisMP / NLNdisMP][Stopped/Manual Start]
<system32\DRIVERS\nlndis.sys><N/A>
[NetLimiter Ndis Protocol Service / NLNdisPT][Stopped/Manual Start]
<system32\DRIVERS\nlndis.sys><N/A>
[DDK PACKET Protocol / Packet][Running/System Start]
<system32\DRIVERS\ProtoDrv.sys><360安全中心>
[Direct Parallel Link Driver / Ptilink][Running/Manual Start]
<System32\DRIVERS\ptilink.sys><Parallel Technologies, Inc.>
[Quantum DeepScanner Servers / qutmdserv][Running/System Start]
<\??\C:\winnt\system32\drivers\qutmdrv.sys><360安全中心>
[qutmipc / qutmipc][Running/System Start]
<\??\C:\winnt\system32\drivers\qutmipc.sys><360安全中心>
[Realtek 10/100/1000 PCI NIC Family NDIS NT Driver / RTL8023][Running/Manual Start]
<System32\DRIVERS\Rtnic.sys><Realtek Semiconductor Corporation>
[SAVRT / SAVRT][Running/System Start]
<\??\C:\Program Files\Symantec AntiVirus\savrt.sys><Symantec Corporation>
[SAVRTPEL / SAVRTPEL][Running/System Start]
<\??\C:\Program Files\Symantec AntiVirus\Savrtpel.sys><Symantec Corporation>
[SPBBCDrv / SPBBCDrv][Running/System Start]
<\??\C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCDrv.sys><Symantec Corporation>
[SymEvent / SymEvent][Running/Manual Start]
<\??\C:\Program Files\Symantec\SYMEVENT.SYS><Symantec Corporation>
[TesDrvPt / TesDrvPt][Stopped/Manual Start]
<\??\C:\winnt\system32\TesDrvPt.sys><TENCENT>
[TesSafe / TesSafe][Stopped/Manual Start]
<\??\C:\winnt\system32\TesSafe.sys><TENCENT>
[vmfilter303 / vmfilter303][Stopped/Manual Start]
<system32\drivers\vmfilter303.sys><N/A>
[A4 TECH PC Camera H / ZSMC303][Stopped/Manual Start]
<System32\Drivers\usbVM303.sys><N/A>
==================================
浏览器加载项
[ThunderAtOnce Class]
{01443AEC-0FD1-40fd-9C87-E93D1494C233} <C:\Program Files\Thunder\ComDlls\TDAtOnce_Now.dll, Thunder Networking Technologies,LTD>
[Thunder Browser Helper]
{889D2FEB-5411-4565-8998-1DD2C5261283} <C:\Program Files\Thunder\ComDlls\xunleiBHO_Now.dll, (Signed) Thunder Networking Technologies,LTD>
[SafeMon Class]
{B69F34DD-F0F9-42DC-9EDD-957187DA688D} <C:\Program Files\360\360safe\safemon\safemon.dll, (Signed) 360.cn>
[InstallHelper Class]
{1DABF8D5-8430-4985-9B7F-A30E53D709B3} <C:\winnt\system32\MMInstaller.dll, (Signed) Tencent>
[Thunder Agent Class]
{485463B7-8FB2-4B3B-B29B-8B919B0EACCE} <C:\Program Files\Thunder\ComDlls\ThunderAgent_Now.dll, (Signed) Thunder Networking Technologies,LTD>
[QQPYChecker Class]
{5052B4D0-9DF7-45ef-88EF-F42C0EA33A43} <C:\Program Files\Tencent\QQPinyin\3.3.881.400\QQImeChecker.dll, (Signed) Tencent>
[]
{6EE9CD3E-A386-4DAE-9737-A759DBF927AE} <, >
[360SafeLive]
{87515F61-A66C-4319-A0E0-D416CB8059E3} <C:\Program Files\360\360safe\Safelive.dll, (Signed) 360.cn>
[OFrameObject Class]
{9701758C-4373-482E-B13C-776C048EC890} <C:\Program Files\Common Files\Thunder Network\KanKan\DapCtrl.2.3.5921.297.(410).dll, N/A>
[VersionDetector Class]
{9EFF1953-9694-47B1-AEF6-B2A3FE8BFE9B} <C:\Program Files\Common Files\Thunder Network\KanKan\vd.1.1.0.30.(411).dll, (Signed) 深圳市迅雷网络技术有限公司>
[APlayer Control]
{A9322148-C691-4B9D-91FC-B9C461DBE9DD} <C:\Program Files\Common Files\Thunder Network\APlayer\APlayer_001.dll, (Signed) ShenZhen Thunder Networking Technologies, LTD>
[]
{ACACC6EB-1FBA-4E13-A729-53AEB2DF54F8} <, >
[PlayerCtrl Class]
{E05BC2A3-9A46-4a32-80C9-023A473F5B23} <C:\Program Files\Tencent\QQMusic\QzoneMusic.dll, (Signed) Tencent>
[]
{F3E70CEA-956E-49CC-B444-73AFE593AD7F} <, >
[使用迅雷下载]
<C:\Program Files\Thunder\Program\geturl.htm, N/A>
[使用迅雷下载全部链接]
<C:\Program Files\Thunder\Program\getallurl.htm, N/A>
==================================
正在运行的进程
[PID: 228][\SystemRoot\System32\smss.exe] [(Verified) Microsoft Corporation, 5.00.2195.6601]
[PID: 276][\??\C:\winnt\system32\winlogon.exe] [(Verified) Microsoft Corporation, 5.00.2195.6997]
[C:\winnt\system32\QQPINYIN.IME] [Tencent, 3.3.881.400]
[C:\winnt\system32\NavLogon.dll] [Symantec Corporation, 10.1.4.4000]
[C:\winnt\system32\msctf.dll] [Microsoft Corporation, 1.00.2409.34 built by: Lab06_N]
[PID: 304][C:\winnt\system32\services.exe] [(Verified) Microsoft Corporation, 5.00.2195.7035]
[C:\winnt\system32\dmserver.dll] [VERITAS Software Corp., 2195.6605.297.3]
[PID: 464][C:\winnt\system32\svchost.exe] [(Verified) Microsoft Corporation, 5.00.2134.1]
[PID: 696][C:\winnt\system32\spoolsv.exe] [(Verified) Microsoft Corporation, 5.00.2195.7059]
[C:\winnt\system32\HP1006LM.DLL] [Software 2000 Limited, 2.6]
[C:\winnt\system32\HpTcpMon.dll] [Hewlett Packard, 7.01.01.054]
[C:\winnt\system32\HPTcpMUI.dll] [Microsoft Corporation, 7.01.01.054]
[C:\winnt\system32\hpzjrd01.dll] [Hewlett Packard, 2.01.00.004]
[C:\winnt\system32\hptcpmib.dll] [Hewlett Packard, 7.01.01.054]
[C:\winnt\system32\mdimon.dll] [Microsoft Corporation, 11.3.1897.0]
[C:\winnt\system32\spool\PRTPROCS\W32X86\HP1006S.DLL] [Hewlett-Packard , 7.0.1.11101]
[C:\winnt\system32\spool\PRTPROCS\W32X86\mdippr.dll] [Microsoft Corporation, 11.3.1897.0]
[C:\winnt\system32\spool\DRIVERS\W32X86\3\HP1006MT.DLL] [Software 2000 Limited, 4.0.0.53]
[C:\WINNT\system32\spool\DRIVERS\W32X86\3\HP1006MP.DLL] [Software 2000 Limited, 4.0.0.53]
[PID: 792][C:\WINNT\System32\svchost.exe] [(Verified) Microsoft Corporation, 5.00.2134.1]
[PID: 840][C:\winnt\System32\llssrv.exe] [(Verified) Microsoft Corporation, 5.00.2195.7337]
[PID: 980][C:\PROGRA~1\MICROS~4\MSSQL\binn\sqlservr.exe] [Microsoft Corporation, 2000.080.2039.00]
[C:\winnt\system32\MSVCP71.dll] [Microsoft Corporation, 7.10.3077.0]
[C:\winnt\system32\MSVCR71.dll] [Microsoft Corporation, 7.10.3052.4]
[C:\PROGRA~1\MICROS~4\MSSQL\binn\opends60.dll] [Microsoft Corporation, 2000.080.2039.00]
[C:\PROGRA~1\MICROS~4\MSSQL\binn\sqlsort.dll] [Microsoft Corporation, 2000.080.2039.00]
[C:\PROGRA~1\MICROS~4\MSSQL\binn\ums.dll] [Microsoft Corporation, 2000.080.2039.00]
[C:\PROGRA~1\MICROS~4\MSSQL\binn\Resources\2052\sqlevn70.RLL] [Microsoft Corporation, 2000.080.2039.00]
[C:\Program Files\Microsoft SQL Server\MSSQL\binn\SSNETLIB.dll] [Microsoft Corporation, 2000.080.2039.00]
[C:\PROGRA~1\MICROS~4\MSSQL\binn\SSmsLPCn.dll] [Microsoft Corporation, 2000.080.2039.00]
[C:\PROGRA~1\MICROS~4\MSSQL\binn\SSnmPN70.dll] [Microsoft Corporation, 2000.080.2039.00]
[C:\Program Files\Microsoft SQL Server\MSSQL\binn\SQLFTQRY.DLL] [Microsoft Corporation, 2000.080.2039.00]
[C:\PROGRA~1\MICROS~4\MSSQL\binn\xpsqlbot.dll] [Microsoft Corporation, 2000.080.2039.00]
[C:\Program Files\Microsoft SQL Server\MSSQL\binn\odsole70.dll] [Microsoft Corporation, 2000.080.2039.00]
[C:\WINNT\System32\msjetoledb40.dll] [, ]
[PID: 1036][C:\WINNT\system32\spool\DRIVERS\W32X86\3\HP1006MC.EXE] [Software 2000 Limited, 4.0.0.53]
[C:\WINNT\system32\spool\DRIVERS\W32X86\3\HP1006MP.DLL] [Software 2000 Limited, 4.0.0.53]
[PID: 1212][C:\winnt\system32\MSTask.exe] [(Verified) Microsoft Corporation, 4.71.2195.6972]
[PID: 1272][C:\winnt\system32\stisvc.exe] [(Verified) Microsoft Corporation, 5.00.2195.6656]
[PID: 1416][C:\winnt\System32\WBEM\WinMgmt.exe] [(Verified) Microsoft Corporation, 1.50.1085.0100]
[PID: 1436][C:\winnt\system32\Dfssvc.exe] [(Verified) Microsoft Corporation, 5.00.2195.6664]
[PID: 1456][C:\winnt\system32\inetsrv\inetinfo.exe] [(Verified) Microsoft Corporation, 5.00.0984]
[PID: 1468][C:\Program Files\Microsoft SQL Server\MSSQL\binn\sqlagent.exe] [Microsoft Corporation, 2000.080.2039.00]
[C:\Program Files\Microsoft SQL Server\MSSQL\binn\SQLRESLD.dll] [Microsoft Corporation, 2000.080.2039.00]
[C:\winnt\system32\MSVCR71.dll] [Microsoft Corporation, 7.10.3052.4]
[C:\Program Files\Microsoft SQL Server\MSSQL\binn\SQLSVC.dll] [Microsoft Corporation, 2000.080.2039.00]
[C:\Program Files\Microsoft SQL Server\MSSQL\binn\W95SCM.dll] [Microsoft Corporation, 2000.080.2039.00]
[C:\Program Files\Microsoft SQL Server\MSSQL\binn\SEMMAP.dll] [Microsoft Corporation, 2000.080.2039.00]
[C:\Program Files\Microsoft SQL Server\MSSQL\binn\Resources\2052\SQLSVC.RLL] [Microsoft Corporation, 2000.080.0194.00]
[C:\Program Files\Microsoft SQL Server\MSSQL\binn\Resources\2052\SEMMAP.RLL] [Microsoft Corporation, 2000.080.0194.00]
[C:\Program Files\Microsoft SQL Server\MSSQL\binn\Resources\2052\sqlagent.RLL] [Microsoft Corporation, 2000.080.2039.00]
[C:\Program Files\Microsoft SQL Server\MSSQL\binn\SQLAGENT.DLL] [Microsoft Corporation, 2000.080.2039.00]
[C:\Program Files\Microsoft SQL Server\MSSQL\BINN\SQLCMDSS.DLL] [Microsoft Corporation, 2000.080.2039.00]
[C:\Program Files\Microsoft SQL Server\MSSQL\BINN\Resources\2052\SQLCMDSS.RLL] [Microsoft Corporation, 2000.080.2039.00]
[C:\Program Files\Microsoft SQL Server\MSSQL\BINN\SQLREPSS.DLL] [Microsoft Corporation, 2000.080.2039.00]
[C:\Program Files\Microsoft SQL Server\MSSQL\BINN\Resources\2052\SQLREPSS.RLL] [Microsoft Corporation, 2000.080.2039.00]
[C:\Program Files\Microsoft SQL Server\MSSQL\BINN\SQLATXSS.DLL] [Microsoft Corporation, 2000.080.2039.00]
[C:\Program Files\Microsoft SQL Server\MSSQL\binn\ATXCORE.dll] [Microsoft Corporation, 2000.080.2039.00]
[C:\Program Files\Microsoft SQL Server\MSSQL\binn\Resources\2052\ATXCORE.RLL] [Microsoft Corporation, 2000.080.2039.00]
[C:\Program Files\Microsoft SQL Server\MSSQL\BINN\Resources\2052\SQLATXSS.RLL] [Microsoft Corporation, 2000.080.0194.00]
[C:\Program Files\Microsoft SQL Server\80\Tools\BINN\AXSCPHST.DLL] [Microsoft Corporation, 2000.080.2039.00]
[C:\Program Files\Microsoft SQL Server\80\Tools\BINN\Resources\2052\AXSCPHST.RLL] [Microsoft Corporation, 2000.080.0194.00]
[C:\winnt\system32\DBmsLPCn.dll] [Microsoft Corporation, 2000.080.2039.00]
[PID: 1640][C:\winnt\Explorer.EXE] [(Verified) Microsoft Corporation, 5.00.3700.6690]
[C:\winnt\system32\QQPINYIN.IME] [Tencent, 3.3.881.400]
[C:\winnt\system32\msctf.dll] [Microsoft Corporation, 1.00.2409.34 built by: Lab06_N]
[C:\Program Files\360\360safe\safemon\safemon.dll] [360.cn, 6, 7, 3, 1003]
[C:\winnt\system32\MSVCP60.dll] [Microsoft Corporation, 6.00.8972.0]
[PID: 1756][C:\winnt\system32\ctfmon.exe] [Microsoft Corporation, 1.00.2409.34 built by: Lab06_N]
[C:\winnt\system32\MSCTF.dll] [Microsoft Corporation, 1.00.2409.34 built by: Lab06_N]
[C:\winnt\system32\MSUTB.dll] [Microsoft Corporation, 1.00.2409.34 built by: Lab06_N]
[C:\winnt\system32\QQPINYIN.IME] [Tencent, 3.3.881.400]
[C:\winnt\mui\fallback\0804\msutb.dll.mui] [Microsoft Corporation, 1.00.2409.7 built by: Lab06_N]
[C:\winnt\mui\fallback\0804\msctf.dll.mui] [Microsoft Corporation, 1.00.2409.7 built by: Lab06_N]
[PID: 1852][C:\winnt\System32\svchost.exe] [(Verified) Microsoft Corporation, 5.00.2134.1]
[PID: 2272][C:\Program Files\Tencent\QQ\Bin\QQ.exe] [Tencent, 1, 55, 1861, 0]
[C:\Program Files\Tencent\QQ\Bin\Common.dll] [Tencent, 1, 55, 1840, 0]
[C:\winnt\system32\ATL80.DLL] [Microsoft Corporation, 8.00.50727.4053]
[C:\Program Files\Tencent\QQ\Bin\KernelUtil.dll] [Tencent, 1, 55, 1840, 0]
[C:\Program Files\Tencent\QQ\Bin\GF.dll] [Tencent, 1, 55, 1840, 0]
[C:\Program Files\Tencent\QQ\Bin\xGraphic32.dll] [Tencent, 1, 55, 1840, 0]
[C:\Program Files\Tencent\QQ\Bin\AFUtil.dll] [Tencent, 1, 55, 1861, 0]
[C:\Program Files\360\360safe\safemon\safemon.dll] [360.cn, 6, 7, 3, 1003]
[C:\winnt\system32\MSCTF.dll] [Microsoft Corporation, 1.00.2409.34 built by: Lab06_N]
[C:\Program Files\Tencent\QQ\Bin\LoginPanel.dll] [Tencent, 1, 55, 1861, 0]
[C:\winnt\system32\gdiplus.dll] [Microsoft Corporation, 5.2.6001.22319 (vistasp1_ldr.081126-1506)]
[C:\winnt\system32\QQPINYIN.IME] [Tencent, 3.3.881.400]
[C:\Program Files\360\360safe\safemon\iNetSafe.dll] [, 1, 0, 0, 1004]
[C:\Program Files\360\360safe\safemon\AppFltr.dll] [, 1, 0, 0, 1001]
[C:\Program Files\Tencent\QQ\Bin\IM.dll] [Tencent, 1, 55, 1840, 0]
[C:\Program Files\Tencent\QQ\Bin\TaskTray.dll] [Tencent, 1, 55, 1861, 0]
[C:\Program Files\Tencent\QQ\Bin\TXPFProxy.dll] [Tencent, 1, 55, 1840, 0]
[C:\Program Files\Tencent\QQ\Bin\MainFrame.dll] [Tencent, 1, 55, 1861, 0]
[C:\Program Files\Tencent\QQ\Bin\AppUtil.dll] [Tencent, 1, 55, 1861, 0]
[C:\Program Files\Tencent\QQ\Bin\AppFramework.dll] [Tencent, 1, 55, 1861, 0]
[C:\Program Files\Common Files\Tencent\TXSSO\1.2.1.12\Bin\SSOPlatform.dll] [Tencent, 1.2.1.12]
[C:\Program Files\Common Files\Tencent\TXSSO\1.2.1.12\Bin\SSOCommon.DLL] [Tencent, 1.2.1.7]
[C:\Program Files\Tencent\QQ\Bin\SkinMgr.dll] [Tencent, 1, 55, 1861, 0]
[C:\Program Files\Tencent\QQ\Bin\BasicCtrlDll.dll] [TENCENT, 8,0,773,1801]
[C:\Program Files\Tencent\QQ\Bin\AFCtrl.dll] [Tencent, 1, 55, 1861, 0]
[C:\Program Files\Tencent\QQ\Bin\ProcessSession.DLL] [Tencent, 1, 55, 1840, 0]
[C:\Program Files\Tencent\QQ\Bin\KernelMisc.dll] [Tencent, 1, 55, 1840, 0]
[C:\Program Files\Tencent\QQ\Bin\AppMisc.dll] [Tencent, 1, 55, 1861, 0]
[C:\winnt\system32\msdmo.dll] [, ]
[C:\Program Files\Tencent\QQ\Bin\ChatFrameApp.dll] [Tencent, 1, 55, 1861, 0]
[C:\Program Files\Tencent\QQ\Bin\ConfigCenter.dll] [Tencent, 1, 55, 1861, 0]
[C:\Program Files\Tencent\QQ\Bin\CustomFace.dll] [Tencent, 1, 55, 1861, 0]
[C:\Program Files\Tencent\QQ\Bin\LongCnn.dll] [Tencent, 1, 55, 1840, 0]
[C:\Program Files\Tencent\QQ\Bin\ContactInfoFrame.dll] [Tencent, 1, 55, 1861, 0]
[C:\Program Files\Tencent\QQ\Bin\SystemMsg.dll] [Tencent, 1, 55, 1861, 0]
[C:\Program Files\Tencent\QQ\Bin\QInterLive.dll] [Tencent, 1, 55, 1861, 0]
[C:\Program Files\Tencent\QQ\Bin\GroupApp.dll] [Tencent, 1, 55, 1861, 0]
[C:\Program Files\Tencent\QQ\Bin\WBlog.dll] [Tencent, 1, 55, 1861, 0]
[C:\Program Files\Tencent\QQ\Plugin\com.tencent.snsapp\Bin\SNSApp.dll] [Tencent, 1, 55, 1861, 0]
[C:\Program Files\Tencent\QQ\Plugin\com.tencent.paycenter\Bin\PayCenter.dll] [Tencent, 1, 55, 1861, 0]
[C:\Program Files\Tencent\QQ\Plugin\com.tencent.qqvipmisc\Bin\QQVipMisc.dll] [Tencent, 1, 55, 1861, 0]
[C:\Program Files\Tencent\QQ\Plugin\com.tencent.vas\Bin\VAS.dll] [Tencent, 1, 55, 1861, 0]
[C:\Program Files\Tencent\QQ\Plugin\com.tencent.wenwen\Bin\WenWen.dll] [Tencent, 1, 55, 1861, 0]
[C:\Program Files\Tencent\QQ\Bin\Contacts.dll] [Tencent, 1, 55, 1861, 0]
[C:\Program Files\Tencent\QQ\Plugin\com.tencent.netbar\Bin\NetBar.dll] [Tencent, 1, 55, 1861, 0]
[C:\Program Files\Tencent\QQ\Plugin\com.tencent.paipai\Bin\PaiPai.dll] [Tencent, 1, 55, 1861, 0]
[C:\Program Files\Tencent\QQ\Plugin\com.tencent.wireless\Bin\Wireless.dll] [Tencent, 1, 55, 1861, 0]
[C:\Program Files\Tencent\QQ\Plugin\com.tencent.crm\Bin\CRM.dll] [Tencent, 1, 55, 1861, 0]
[C:\Program Files\Tencent\QQ\Plugin\com.tencent.paipaigift\Bin\PaiPaiGift.dll] [Tencent, 1, 55, 1861, 0]
[C:\Program Files\Tencent\QQ\Plugin\com.tencent.qqshow\Bin\QQShow.dll] [Tencent, 1, 55, 1861, 0]
[C:\Program Files\Tencent\QQ\Plugin\com.tencent.qzone\Bin\Qzone.dll] [Tencent, 1, 55, 1861, 0]
[C:\Program Files\Tencent\QQ\Plugin\com.tencent.audiovideo\Bin\AudioVideo.dll] [Tencent, 1, 55, 1861, 0]
[C:\Program Files\Tencent\QQ\Plugin\com.tencent.soso\Bin\Soso.dll] [Tencent, 1, 55, 1861, 0]
[C:\Program Files\Tencent\QQ\Plugin\com.tencent.weather\Bin\Weather.dll] [Tencent, 1, 55, 1861, 0]
[C:\Program Files\Tencent\QQ\Bin\InformationBox.dll] [Tencent, 1, 55, 1861, 0]
[C:\Program Files\Tencent\QQ\Plugin\com.tencent.qqvip\Bin\QQVip.dll] [Tencent, 1, 55, 1861, 0]
[C:\Program Files\Tencent\QQ\Plugin\com.tencent.mmog\Bin\MMOG.dll] [Tencent, 1, 55, 1861, 0]
[C:\Program Files\Tencent\QQ\Plugin\com.tencent.qqgame\Bin\QQGame.dll] [Tencent, 1, 55, 1861, 0]
[C:\Program Files\Tencent\QQ\Plugin\com.tencent.qqlive\Bin\QQLive.dll] [Tencent, 1, 55, 1861, 0]
[C:\Program Files\Tencent\QQ\Plugin\com.tencent.qqmusic\Bin\QQMusic.dll] [Tencent, 1, 55, 1861, 0]
[C:\Program Files\Tencent\QQ\Plugin\com.tencent.qqpet\Bin\QQPet.dll] [Tencent, 1, 55, 1861, 0]
[C:\Program Files\Tencent\QQ\Plugin\com.tencent.mail\Bin\Mail.dll] [Tencent, 1, 55, 1861, 0]
[C:\Program Files\Tencent\QQ\Plugin\com.tencent.memo\Bin\Memo.dll] [Tencent, 1, 55, 1861, 0]
[C:\Program Files\Tencent\QQ\Plugin\com.tencent.advertisement\Bin\Advertisement.dll] [Tencent, 1, 55, 1861, 0]
[C:\Program Files\Tencent\QQ\Plugin\com.tencent.gamelife\Bin\GameLife.dll] [Tencent, 1, 55, 1861, 0]
[C:\Program Files\Tencent\QQ\Plugin\com.tencent.qqring\Bin\QQRing.dll] [Tencent, 1, 55, 1861, 0]
[C:\Program Files\Tencent\QQ\Plugin\com.tencent.sobar\Bin\SoBar.dll] [Tencent, 1, 55, 1861, 0]
[C:\Program Files\Tencent\QQ\Plugin\com.tencent.today\Bin\Today.dll] [Tencent, 1, 55, 1861, 0]
[C:\Program Files\Tencent\QQ\Bin\vqqsdl.dll] [Tencent, 5, 0, 3, 24]
[C:\Program Files\Tencent\QQ\Plugin\com.tencent.qqwebsite\Bin\QQWebsite.dll] [Tencent, 1, 55, 1861, 0]
[C:\Program Files\Tencent\QQ\Plugin\com.tencent.filetransfer\Bin\FileTransfer.dll] [Tencent, 1, 55, 1861, 0]
[C:\Program Files\Tencent\QQ\Bin\MsgMgr.dll] [Tencent, 1, 55, 1861, 0]
[C:\winnt\mui\fallback\0804\msctf.dll.mui] [Microsoft Corporation, 1.00.2409.7 built by: Lab06_N]
[C:\winnt\system32\MSIMTF.dll] [Microsoft Corporation, 1.00.2409.34 built by: Lab06_N]
[C:\Program Files\Tencent\QQ\Bin\AddrSearch.dll] [Tencent, 2, 3, 12, 11]
[C:\Program Files\Tencent\QQ\Bin\SoftUpgrade.dll] [Tencent, 1.0 Beta1 Build 109]
[C:\Program Files\Tencent\QQ\Plugin\com.tencent.winks\Bin\Winks.dll] [Tencent, 1, 55, 1861, 0]
[PID: 1632][C:\Program Files\Tencent\QQ\Bin\TXPlatform.exe] [Tencent, 1, 55, 1840, 0]
[C:\Program Files\360\360safe\safemon\safemon.dll] [360.cn, 6, 7, 3, 1003]
[C:\winnt\system32\MSVCP60.dll] [Microsoft Corporation, 6.00.8972.0]
[C:\winnt\system32\MSCTF.dll] [Microsoft Corporation, 1.00.2409.34 built by: Lab06_N]
[C:\Program Files\Tencent\QQ\Bin\TXPFProxy.dll] [Tencent, 1, 55, 1840, 0]
[PID: 2040][C:\Program Files\Tencent\QQ\Bin\QQHostService.exe] [Tencent, 1, 55, 1840, 0]
[C:\Program Files\Tencent\QQ\Bin\Common.dll] [Tencent, 1, 55, 1840, 0]
[C:\winnt\system32\ATL80.DLL] [Microsoft Corporation, 8.00.50727.4053]
[C:\Program Files\Tencent\QQ\Bin\ProcessSession.DLL] [Tencent, 1, 55, 1840, 0]
[C:\Program Files\360\360safe\safemon\safemon.dll] [360.cn, 6, 7, 3, 1003]
[C:\winnt\system32\MSCTF.dll] [Microsoft Corporation, 1.00.2409.34 built by: Lab06_N]
[PID: 2504][C:\Program Files\Maxthon2\Maxthon.exe] [Maxthon International ltd., 2, 5, 15, 1000]
[C:\Program Files\Maxthon2\MxPp.dll] [Maxthon International ltd., 1, 0, 0, 365]
[C:\winnt\system32\MSVCP60.dll] [Microsoft Corporation, 6.00.8972.0]
[C:\Program Files\Maxthon2\MxSk.dll] [Maxthon, 1, 0, 0, 575]
[C:\winnt\system32\gdiplus.dll] [Microsoft Corporation, 5.2.6001.22319 (vistasp1_ldr.081126-1506)]
[C:\Program Files\Maxthon2\MxHttpRq.dll] [Maxthon International ltd., 2, 0, 0, 29]
[C:\Program Files\Maxthon2\MxProxy2.dll] [Maxthon International ltd., 1, 0, 0, 4490]
[C:\Program Files\Maxthon2\MxUI.dll] [Maxthon International ltd., 3, 3, 1, 30]
[C:\Program Files\Maxthon2\MxAccount.dll] [Maxthon International ltd., 1, 0, 2, 5]
[C:\Program Files\Maxthon2\MxTool.dll] [, 1, 0, 0, 3]
[C:\Program Files\Maxthon2\maxzlib.dll] [, 1,2,3,1]
[C:\winnt\system32\MSCTF.dll] [Microsoft Corporation, 1.00.2409.34 built by: Lab06_N]
[C:\winnt\system32\QQPINYIN.IME] [Tencent, 3.3.881.400]
[C:\Program Files\Maxthon2\mxtool2.dll] [, 1, 0, 0, 1]
[C:\Program Files\Maxthon2\Modules\MxSandBox\MxSec.dll] [Maxthon International ltd., 1, 0, 0, 20]
[C:\Program Files\Maxthon2\MxFav.dll] [Maxthon International ltd., 2, 0, 0, 185]
[C:\Program Files\Maxthon2\Modules\MxHistory\MxHistory.dll] [Maxthon International ltd., 1, 0, 0, 323]
[C:\Program Files\Maxthon2\mxdb.dll] [Max, 3, 5, 3, 125]
[C:\Program Files\Maxthon2\Modules\MxVideoPopup\MxVideoPopup.dll] [Maxthon International ltd., 1, 0, 0, 14]
[C:\Program Files\Maxthon2\Modules\MxLocation\WifiLocation.dll] [, 1, 0, 0, 6]
[C:\Program Files\Maxthon2\Modules\MxMute\MxMute.dll] [Maxthon International ltd., 1, 0, 0, 11]
[C:\Program Files\Maxthon2\Modules\MxUrlSec\MxUrlSec.dll] [Maxthon International ltd., 1, 0, 0, 14]
[C:\Program Files\Maxthon2\Modules\MxPageSearch\MxPageSearch.dll] [Maxthon International ltd., 1,0,0,1892]
[C:\WINNT\system32\mscoree.dll] [Microsoft Corporation, 1.1.4322.573]
[C:\WINNT\Microsoft.NET\Framework\v1.1.4322\mscorie.dll] [Microsoft Corporation, 1.1.4322.573]
[C:\WINNT\Microsoft.NET\Framework\v1.1.4322\MSVCR71.dll] [Microsoft Corporation, 7.10.3052.4]
[C:\Program Files\Maxthon2\Modules\MxSpeedDial\MxSpeedDial.dll] [Maxthon International ltd., 1, 0, 15, 802]
[C:\Program Files\Maxthon2\Modules\MxSpeedDial\MxIeCore.dll] [Maxthon International ltd., 0, 0, 0, 22]
[C:\WINNT\Microsoft.NET\Framework\v1.1.4322\mscorld.dll] [Microsoft Corporation, 1.1.4322.573]
[PID: 2400][C:\winnt\system32\dllhost.exe] [(Verified) Microsoft Corporation, 5.00.2195.6692]
[C:\WINNT\System32\msjetoledb40.dll] [, ]
[PID: 1732][C:\winnt\system32\dllhost.exe] [(Verified) Microsoft Corporation, 5.00.2195.6692]
[PID: 2588][C:\WINNT\System32\mdm.exe] [Microsoft Corporation, 6.00.8424]
[C:\Program Files\360\360safe\safemon\safemon.dll] [360.cn, 6, 7, 3, 1003]
[C:\winnt\system32\MSVCP60.dll] [Microsoft Corporation, 6.00.8972.0]
[C:\winnt\system32\MSCTF.dll] [Microsoft Corporation, 1.00.2409.34 built by: Lab06_N]
[PID: 1108][C:\Program Files\Oray\PhDDNS\PhDDNS.exe] [上海贝锐, 6, 0, 2, 9607]
[C:\winnt\system32\QQPINYIN.IME] [Tencent, 3.3.881.400]
[C:\winnt\system32\msctf.dll] [Microsoft Corporation, 1.00.2409.34 built by: Lab06_N]
[C:\Program Files\360\360safe\safemon\safemon.dll] [360.cn, 6, 7, 3, 1003]
[C:\winnt\system32\MSVCP60.dll] [Microsoft Corporation, 6.00.8972.0]
[PID: 2432][C:\Program Files\Oray\PhDDNS\PhDdnsCore.exe] [上海贝锐, 1, 0, 2, 9592]
[C:\winnt\system32\QQPINYIN.IME] [Tencent, 3.3.881.400]
[C:\Program Files\Oray\PhDDNS\PhAlive.dll] [上海贝锐, 1, 0, 2, 9592]
[PID: 1372][C:\gongju\sreng2\SREngLdr.EXE] [Smallfrogs Studio, 2.8.2.1321]
[PID: 2516][C:\gongju\sreng2\SRE4da25238.EXE] [Smallfrogs Studio, 2.8.2.1321]
[C:\Program Files\360\360safe\safemon\safemon.dll] [360.cn, 6, 7, 3, 1003]
[C:\winnt\system32\MSVCP60.dll] [Microsoft Corporation, 6.00.8972.0]
[C:\winnt\system32\MSCTF.dll] [Microsoft Corporation, 1.00.2409.34 built by: Lab06_N]
[C:\winnt\system32\QQPINYIN.IME] [Tencent, 3.3.881.400]
[C:\gongju\sreng2\Upload\3rdUpd.DLL] [Smallfrogs Studio, 2, 1, 0, 15]
==================================
文件关联
.TXT OK. [%SystemRoot%\system32\NOTEPAD.EXE %1]
.EXE OK. ["%1" %*]
.COM OK. ["%1" %*]
.PIF OK. ["%1" %*]
.REG OK. [regedit.exe "%1"]
.BAT OK. ["%1" %*]
.SCR OK. ["%1" /S]
.CHM OK. ["C:\winnt\hh.exe" %1]
.HLP OK. [%SystemRoot%\System32\winhlp32.exe %1]
.INI OK. [%SystemRoot%\system32\NOTEPAD.EXE %1]
.INF OK. [%SystemRoot%\system32\NOTEPAD.EXE %1]
.VBS OK. [%SystemRoot%\System32\WScript.exe "%1" %*]
.JS OK. [%SystemRoot%\System32\WScript.exe "%1" %*]
.LNK OK. [{00021401-0000-0000-C000-000000000046}]
==================================
Winsock 提供者
N/A
==================================
Autorun.inf
N/A
==================================
HOSTS 文件
127.0.0.1 localhost
==================================
进程特权扫描
特殊特权被允许： SeLoadDriverPrivilege [PID = 980, C:\PROGRA~1\MICROS~4\MSSQL\BINN\SQLSERVR.EXE]
特殊特权被允许： SeLoadDriverPrivilege [PID = 1468, C:\PROGRAM FILES\MICROSOFT SQL SERVER\MSSQL\BINN\SQLAGENT.EXE]
特殊特权被允许： SeLoadDriverPrivilege [PID = 1756, C:\WINNT\SYSTEM32\CTFMON.EXE]
==================================
计划任务
N/A
==================================
Windows 安全更新检查
Microsoft .NET Framework 版本 1.1 简体中文语言包
Windows Media Player 9 系列
Outlook Express 6
DirectX 9.0c 最终用户运行时
KB829019, Microsoft .NET Framework 2.0： x86 (KB829019)
KB917537, Windows 2000 安全更新程序 (KB917537) MS06-034
KB917537, 根证书更新程序
KB891861, Windows 2000 Service Pack 4 更新汇总 1 (KB891861)
KB955069, Windows 2000 安全更新程序 (KB955069) MS08-069
KB909520, Microsoft 基本智能卡加密服务提供程序包： x86 (KB909520)
KB867460, Microsoft .NET Framework 1.1 Service Pack 1
KB982381, Internet Explorer 6 Service Pack 1 累积安全更新程序 (KB982381) MS10-035
==================================
API HOOK
入口点错误：CreateProcessW (危险等级: 一般, 被下面模块所HOOK: C:\Program Files\360\360safe\safemon\safemon.dll)
==================================
隐藏进程
N/A
==================================

复制代码

显示全部楼层 · 发表于 2010-10-13 12:32:19

本帖最后由 Markel.Scofield 于 2010.10.13 12:33 编辑

看了一下，日志没有大问题。貌似这两个文件C:\winnt\system32\DRIVERS\nlndis.sys和Ambfilt.sys有点奇特，自己多引擎下扫描。如果系统中了这类感染性病毒，感染了exe文件，SREng日志是看不出来的！

对于这种强大的感染型病毒......

进入PE系统(或者带网络安全模式,但个人更推荐PE系统)

先下载windows清理助手清理恶意软件和系统垃圾(注意升级后使用)

然后“运行”---“sfc /scannow”命,这时sfc文件检测器将立即扫描所有受保护的系统文件,其间会提示用户插入Windows安装光盘.这,在大约10分钟左右的时间里,SFC就将会检测并修复好受保护的系统文件.
(如果没有系统盘,此步可省!!!)

接着下载大蜘蛛扫描器:
快速扫描完成后请做一次完全扫描
ftp://ftp.drweb.com/pub/drweb/cureit/cureit.exe
ftp://ftp.drweb.com/pub/drweb/cureit/launch.exe
ftp://ftp.drweb.com/pub/drweb/cureit/drweb-cureit.exe

之后下载文件感染修复工具进行系统文件修复工作

最后下载Combofix(下载地址:http://www.vdisk.cn/down/index/4197682A5616)进行系统修复与清毒！

另外，如果确定上面我提到的那两个驱动有问题的话，建议使用XDelBox删除以下文件:(XDelBox1.8下载)
复制所有要删除文件的路径,在待删除文件列表里点击右键选择从剪贴板导入,重启删除
c:\system32\drivers\nlndis.sys
c:\system32\drivers\Ambfilt.sys

删除重启后使用SREng修复下面各项:

启动项目---服务---驱动程序之如下项禁用:
[NLNdisMP / NLNdisMP][Stopped/Manual Start]
<system32\DRIVERS\nlndis.sys><N/A>
[NetLimiter Ndis Protocol Service / NLNdisPT][Stopped/Manual Start]
<system32\DRIVERS\nlndis.sys><N/A>
PS:下次扫描SREng前先清理浏览器缓存，关闭出系统以外的所有软件进程

显示全部楼层 · 发表于 2010-10-13 16:10:09

回复 3楼 Markel.Scofield 的帖子

先表示下感谢
扫描时是在平时基本操作的状况下弄的
本来还打算上传两份日记，不好意思
顺便请教下大蜘蛛扫描器三个exe文件是可以在pe下的运行的程序
三者缺一不可
还是单一的不依赖

显示全部楼层 · 发表于 2010-10-13 16:11:27

大小是一样的
难道是同一种东西

显示全部楼层 · 发表于 2010-10-13 16:39:36

回复 4楼 p5891201 的帖子

哦，那三个是同一种软件，任意选择其中一个就可以了。

显示全部楼层 · 发表于 2010-10-13 19:39:06

回复 6楼 Markel.Scofield 的帖子

Ambfilt.sys
在多引擎扫描下没有发现异常
nlndis.sys竟然自动删除了
找不到
应该就是它的问题了
把服务项删除了试试
谢谢您的帮助

[已解决] sreng 扫描日志检测，希望高手来看看