一下子多了好多conime.exe.

显示全部楼层 · 发表于 2007-5-23 15:18:50

不知怎么回事，一下多了好多CONIME。EXE进程。我查了下，这个是输入法的进程，也说是病毒的后门？
在任务管理器里关掉它后，不定什么时候就又出来了。
特别是用木马清道夫清理内存的时候，清一次，多一倍，再清，再多一倍。
我试着用搜索这个文件后，全部删除，结果不知什么时候又有了。安全模式下用卡巴杀了遍，没有发现病毒。
我用的系统是深度优化的XP飘零2合一版本，以前也用的，但没发现过这个问题。
对了，这个进程占的内存只有68K，用户名是本机的名字。
请教高手，这个是病毒吗？怎样解决？
谢谢。

[ 本帖最后由 hahakdl 于 2007-5-23 21:21 编辑 ]

显示全部楼层 · 发表于 2007-5-23 15:39:26

下载执行System Repair Engineer (SREng)

按「智能扫描」，再按「扫描」
最后，按「保存报告」，保存到桌面
将 SREngLOG.log 中内容完整的复制粘贴上来(快捷提示：ctrl+a全选，ctrl+c复制,ctrl+v粘贴)，不要做任何修改。
如出现无法运行，请重命名或修改扩展名，如abc.exe/abc.com/abc.bat/abc.scr等

显示全部楼层 · 发表于 2007-5-23 15:58:37

按楼主的说法很可能是病毒

显示全部楼层 · 发表于 2007-5-23 16:12:57

多了么肯定是病毒恭喜中标

显示全部楼层 · 发表于 2007-5-23 16:39:50

[CODE]

2007-05-23,16:32:20

System Repair Engineer 2.4.12.806
Smallfrogs (http://www.KZTechs.com)

Windows XP Professional Service Pack 2 (Build 2600) - 管理权限用户 - 完整功能

以下内容被选中：
所有的启动项目（包括注册表、启动文件夹、服务等）
浏览器加载项
正在运行的进程（包括进程模块信息）
文件关联
Winsock 提供者
Autorun.inf
HOSTS 文件

启动项目
注册表
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
<ctfmon.exe><C:\windows.0\system32\ctfmon.exe>  [(Verified)Microsoft Windows Publisher]
[HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows]
<load><>  [N/A]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
<AVP><"C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\avp.exe">  [Kaspersky Lab]
<SoundMan><SOUNDMAN.EXE>  [(Verified)Microsoft Windows Hardware Compatibility Publisher]
<racer><C:\Program Files\racer-han-cnc\racer.exe>  [Putian Runway]
<StormCodec_Helper><"D:\播放软件\暴风硬音\Storm Codec\StormSet.exe" /S /opti>  []
<RunShadowTip><C:\WINDOWS.0\system32\shadow\ShadowTip.exe>  [PowerShadow]
<Windows木马防火墙><D:\木马清道夫\Trojanwall.exe>  [风云谷]
<KernelFaultCheck><%systemroot%\system32\dumprep 0 -k>  [N/A]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
<shell><Explorer.exe>  [(Verified)Microsoft Windows Publisher]
<Userinit><C:\WINDOWS.0\system32\userinit.exe,>  [(Verified)Microsoft Windows Publisher]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Windows]
<AppInit_DLLs><>  [N/A]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
<UIHost><logonui.exe>  [(Verified)Microsoft Windows Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
<{AEB6717E-7E19-11d0-97EE-00C04FD91972}><shell32.dll>  [Microsoft Corporation]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
<PostBootReminder><%SystemRoot%\system32\SHELL32.dll>  [Microsoft Corporation]
<CDBurn><%SystemRoot%\system32\SHELL32.dll>  [Microsoft Corporation]
<WebCheck><%SystemRoot%\system32\webcheck.dll>  [(Verified)Microsoft Windows Publisher]
<SysTray><C:\WINDOWS.0\system32\stobject.dll>  [(Verified)Microsoft Windows Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\crypt32chain]
<WinlogonNotify: crypt32chain><crypt32.dll>  [(Verified)Microsoft Windows Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\cryptnet]
<WinlogonNotify: cryptnet><cryptnet.dll>  [(Verified)Microsoft Windows Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\cscdll]
<WinlogonNotify: cscdll><cscdll.dll>  [(Verified)Microsoft Windows Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\klogon]
<WinlogonNotify: klogon><C:\WINDOWS.0\system32\klogon.dll>  [Kaspersky Lab]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ScCertProp]
<WinlogonNotify: ScCertProp><wlnotify.dll>  [(Verified)Microsoft Windows Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\Schedule]
<WinlogonNotify: Schedule><wlnotify.dll>  [(Verified)Microsoft Windows Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\sclgntfy]
<WinlogonNotify: sclgntfy><sclgntfy.dll>  [(Verified)Microsoft Windows Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\SensLogn]
<WinlogonNotify: SensLogn><WlNotify.dll>  [(Verified)Microsoft Windows Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\termsrv]
<WinlogonNotify: termsrv><wlnotify.dll>  [(Verified)Microsoft Windows Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\wlballoon]
<WinlogonNotify: wlballoon><wlnotify.dll>  [(Verified)Microsoft Windows Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler]
<{438755C2-A8BA-11D1-B96B-00A0C90312E1}><%SystemRoot%\system32\browseui.dll>  [Microsoft Corporation]
<{8C7461EF-2B13-11d2-BE35-3078302C2030}><%SystemRoot%\system32\browseui.dll>  [Microsoft Corporation]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\>{22d6f312-b0f6-11d0-94ab-0080c74c7e95}]
<Microsoft Windows Media Player><C:\WINDOWS.0\inf\unregmp2.exe /ShowWMP>  [(Verified)Microsoft Windows Component Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\>{60B49E34-C7CC-11D0-8953-00A0C90347FF}MICROS]
<浏览器自定义组件><RunDLL32 IEDKCS32.DLL,BrandIE4 SIGNUP>  [(Verified)Microsoft Windows Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{89820200-ECBD-11cf-8B85-00AA005B4340}]
<Windows 桌面更新><regsvr32.exe /s /n /i:U shell32.dll>  [(Verified)Microsoft Windows Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{89820200-ECBD-11cf-8B85-00AA005B4383}]
<Internet Explorer 6><%SystemRoot%\system32\ie4uinit.exe>  [(Verified)Microsoft Windows Publisher]

显示全部楼层 · 发表于 2007-5-23 16:40:15

==================================
启动文件夹
N/A

==================================
服务
[Ati HotKey Poller / Ati HotKey Poller][Running/Auto Start]
  <C:\windows.0\system32\Ati2evxx.exe><>
[ATI Smart / ATI Smart][Stopped/Auto Start]
  <C:\WINDOWS.0\system32\ati2sgag.exe><>
[卡巴斯基反病毒6.0个人版 / AVP][Running/Auto Start]
  <"C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\avp.exe" -r><Kaspersky Lab>
[DCOM Server Process Launcher / DcomLaunch][Running/Auto Start]
  <C:\windows.0\system32\svchost -k DcomLaunch-->%SystemRoot%\system32\rpcss.dll><Microsoft Corporation>
[DHCP Client / Dhcp][Running/Auto Start]
  <C:\windows.0\system32\svchost.exe -k netsvcs-->%SystemRoot%\System32\dhcpcsvc.dll><Microsoft Corporation>
[COM+ Event System / EventSystem][Running/Manual Start]
  <C:\WINDOWS.0\system32\svchost.exe -k netsvcs-->C:\WINDOWS.0\system32\es.dll><Microsoft Corporation>
[Fast User Switching Compatibility / FastUserSwitchingCompatibility][Stopped/Manual Start]
  <C:\windows.0\System32\svchost.exe -k netsvcs-->%SystemRoot%\System32\shsvcs.dll><Microsoft Corporation>
[Google Updater Service / gusvc][Stopped/Manual Start]
  <"C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe"><Google>
[Human Interface Device Access / HidServ][Stopped/Disabled]
  <C:\windows.0\System32\svchost.exe -k netsvcs-->%SystemRoot%\System32\hidserv.dll><N/A>
[Server / lanmanserver][Running/Auto Start]
  <C:\windows.0\system32\svchost.exe -k netsvcs-->%SystemRoot%\System32\srvsvc.dll><Microsoft Corporation>
[Workstation / lanmanworkstation][Running/Auto Start]
  <C:\windows.0\system32\svchost.exe -k netsvcs-->%SystemRoot%\System32\wkssvc.dll><Microsoft Corporation>
[Remote Access Connection Manager / RasMan][Running/Manual Start]
  <C:\windows.0\system32\svchost.exe -k netsvcs-->%SystemRoot%\System32\rasmans.dll><Microsoft Corporation>
[Remote Procedure Call (RPC) / RpcSs][Running/Auto Start]
  <C:\windows.0\system32\svchost -k rpcss-->%SystemRoot%\system32\rpcss.dll><Microsoft Corporation>
[Windows Image Acquisition (WIA) / stisvc][Stopped/Manual Start]
  <C:\windows.0\system32\svchost.exe -k imgsvc-->%SystemRoot%\system32\wiaservc.dll><Microsoft Corporation>
[Telephony / TapiSrv][Running/Manual Start]
  <C:\windows.0\System32\svchost.exe -k netsvcs-->%SystemRoot%\System32\tapisrv.dll><Microsoft Corporation>
[Themes / Themes][Running/Auto Start]
  <C:\windows.0\System32\svchost.exe -k netsvcs-->%SystemRoot%\System32\shsvcs.dll><Microsoft Corporation>
[UPS / UPS][Stopped/Manual Start]
  <C:\windows.0\System32\ups.exe><N/A>
[WebClient / WebClient][Running/Auto Start]
  <C:\windows.0\system32\svchost.exe -k LocalService-->%SystemRoot%\System32\webclnt.dll><Microsoft Corporation>

==================================
驱动程序
[Microsoft Kernel Acoustic Echo Canceller / aec][Stopped/Manual Start]
  <system32\drivers\aec.sys><Microsoft Corporation>
[Service for WDM 3D Audio Driver / ALCXSENS][Running/Manual Start]
  <system32\drivers\ALCXSENS.SYS><Sensaura>
[Service for Realtek AC97 Audio (WDM) / ALCXWDM][Running/Manual Start]
  <system32\drivers\ALCXWDM.SYS><Realtek Semiconductor Corp.>
[ati2mtag / ati2mtag][Running/Manual Start]
  <system32\DRIVERS\ati2mtag.sys><ATI Technologies Inc.>
[ENUS_NDIS_DRIVER / ENUS_NDIS_DRIVER][Running/Boot Start]
  <\SystemRoot\system32\enusndis.sys><N/A>
[FltMgr / FltMgr][Running/Boot Start]
  <\SystemRoot\system32\DRIVERS\fltMgr.sys><Microsoft Corporation>
[HTTP / HTTP][Stopped/Manual Start]
  <System32\Drivers\HTTP.sys><Microsoft Corporation>
[IP Network Address Translator / IpNat][Running/Manual Start]
  <system32\DRIVERS\ipnat.sys><Microsoft Corporation>
[kl1 / kl1][Running/Boot Start]
  <\SystemRoot\system32\drivers\kl1.sys><Kaspersky Lab>
[klif / klif][Running/System Start]
  <\??\C:\WINDOWS.0\system32\drivers\klif.sys><Kaspersky Lab>
[Microsoft Kernel Wave Audio Mixer / kmixer][Stopped/Manual Start]
  <system32\drivers\kmixer.sys><Microsoft Corporation>
[MRxSmb / MRxSmb][Running/System Start]
  <system32\DRIVERS\mrxsmb.sys><Microsoft Corporation>
[NetGroup Packet Filter Driver / NPF][Running/Manual Start]
  <system32\drivers\npf.sys><CACE Technologies>
[npkcrypt / npkcrypt][Running/Auto Start]
  <\??\F:\07QQ\QQ\npkcrypt.sys><INCA Internet Co., Ltd.>
[Direct Parallel Link Driver / Ptilink][Running/Manual Start]
  <system32\DRIVERS\ptilink.sys><Parallel Technologies, Inc.>
[Rdbss / Rdbss][Running/System Start]
  <system32\DRIVERS\rdbss.sys><Microsoft Corporation>
[Realtek RTL8139(A/B/C)-based PCI Fast Ethernet Adapter NT Driver / rtl8139][Running/Manual Start]
  <system32\DRIVERS\RTL8139.SYS><Realtek Semiconductor Corporation>
[Secdrv / Secdrv][Stopped/Manual Start]
  <system32\DRIVERS\secdrv.sys><N/A>
[SiS AGP Filter / SISAGP][Running/Boot Start]
  <\SystemRoot\system32\DRIVERS\SISAGPX.sys><Silicon Integrated Systems Corporation>
[SiSide / SiSide][Running/Boot Start]
  <\SystemRoot\system32\DRIVERS\siside.sys><Silicon Integrated Systems Corp.>
[sisidex / sisidex][Running/Boot Start]
  <\SystemRoot\system32\drivers\sisidex.sys><Windows (R) 2000 DDK provider>
[Add Performance Filter Driver / sisperf][Running/Boot Start]
  <\SystemRoot\system32\drivers\sisperf.sys><Silicon Integrated Systems Corp.>
[Microsoft Kernel Audio Splitter / splitter][Stopped/Manual Start]
  <system32\drivers\splitter.sys><Microsoft Corporation>
[Srv / Srv][Running/Manual Start]
  <system32\DRIVERS\srv.sys><Microsoft Corporation>
[TCP/IP Protocol Driver / Tcpip][Running/System Start]
  <system32\DRIVERS\tcpip.sys><Microsoft Corporation>
[TSP / TSP][Stopped/Manual Start]
  <\??\C:\windows.0\system32\drivers\klif.sys><Kaspersky Lab>
[Microcode Update Driver / Update][Running/Manual Start]
  <system32\DRIVERS\update.sys><Microsoft Corporation>
[Microsoft WINMM WDM Audio Compatibility Driver / wdmaud][Running/Manual Start]
  <system32\drivers\wdmaud.sys><Microsoft Corporation>

显示全部楼层 · 发表于 2007-5-23 16:43:44

==================================
浏览器加载项
[ThunderAtOnce Class]
  {01443AEC-0FD1-40fd-9C87-E93D1494C233} <, N/A>
[Thunder Browser Helper]
  {889D2FEB-5411-4565-8998-1DD2C5261283} <, N/A>
[Google Toolbar Helper]
  {AA58ED58-01DD-4d91-8333-CF10577473F7} <c:\program files\google\googletoolbar2.dll, Google Inc.>
[NavigatMon Class]
  {B69F34DD-F0F9-42DC-9EDD-957187DA688D} <, N/A>
[Web反病毒统计]
  {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} <C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\scieplugin.dll, Kaspersky Lab>
[&Google]
  {2318C2B1-4965-11d4-9B18-009027A5CD4F} <c:\program files\google\googletoolbar2.dll, Google Inc.>
[ThunderAtOnce Class]
  {01443AEC-0FD1-40FD-9C87-E93D1494C233} <, N/A>
[&Google]
  {2318C2B1-4965-11D4-9B18-009027A5CD4F} <c:\program files\google\googletoolbar2.dll, Google Inc.>
[Thunder Agent Class]
  {485463B7-8FB2-4B3B-B29B-8B919B0EACCE} <, N/A>
[Microsoft Web 浏览器]
  {8856F961-340A-11D0-A96B-00C04FD705A2} <C:\WINDOWS.0\system32\shdocvw.dll, Microsoft Corporation>
[Thunder Browser Helper]
  {889D2FEB-5411-4565-8998-1DD2C5261283} <, N/A>
[Google Toolbar Helper]
  {AA58ED58-01DD-4D91-8333-CF10577473F7} <c:\program files\google\googletoolbar2.dll, Google Inc.>
[SearchAssistantOC]
  {B45FF030-4447-11D2-85DE-00C04FA35C89} <%SystemRoot%\system32\shdocvw.dll, N/A>
[NavigatMon Class]
  {B69F34DD-F0F9-42DC-9EDD-957187DA688D} <, N/A>
[Shockwave Flash Object]
  {D27CDB6E-AE6D-11CF-96B8-444553540000} <C:\WINDOWS.0\system32\Macromed\Flash\Flash9b.ocx, Adobe Systems, Inc.>
[使用迅雷下载]
  <D:\升级版迅雷\Thunder\Program\geturl.htm, N/A>
[使用迅雷下载全部链接]
  <D:\升级版迅雷\Thunder\Program\getallurl.htm, N/A>

显示全部楼层 · 发表于 2007-5-23 16:45:15

正在运行的进程
[PID: 476][\SystemRoot\System32\smss.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[C:\windows.0\system32\ntdll.dll]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 556][\??\C:\windows.0\system32\csrss.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[C:\windows.0\system32\ntdll.dll]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[C:\windows.0\system32\CSRSRV.dll]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[C:\windows.0\system32\basesrv.dll]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[C:\windows.0\system32\winsrv.dll]  [Microsoft Corporation, 5.1.2600.2751 (xpsp_sp2_gdr.050831-1520)]
[C:\windows.0\system32\GDI32.dll]  [Microsoft Corporation, 5.1.2600.2818 (xpsp_sp2_gdr.051228-1427)]
[C:\windows.0\system32\KERNEL32.dll]  [Microsoft Corporation, 5.1.2600.2945 (xpsp_sp2_gdr.060704-2349)]
[C:\windows.0\system32\USER32.dll]  [Microsoft Corporation, 5.1.2600.2622 (xpsp_sp2_gdr.050301-1519)]
[C:\windows.0\system32\LPK.DLL]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[C:\windows.0\system32\USP10.dll]  [Microsoft Corporation, 1.0420.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[C:\windows.0\system32\msvcrt.dll]  [Microsoft Corporation, 7.0.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[C:\windows.0\system32\ADVAPI32.dll]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[C:\windows.0\system32\RPCRT4.dll]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[C:\windows.0\system32\sxs.dll]  [Microsoft Corporation, 5.1.2600.3019 (xpsp_sp2_gdr.061019-0414)]
[D:\木马清道夫\ProcessHook.dll]  [Fygsoft and Microsoft, 1.1.0.55]
[C:\windows.0\system32\oleaut32.dll]  [Microsoft Corporation, 5.1.2600.2180]
[C:\windows.0\system32\ole32.dll]  [Microsoft Corporation, 5.1.2600.2726 (xpsp_sp2_gdr.050725-1528)]
[PID: 580][\??\C:\windows.0\system32\winlogon.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[C:\windows.0\system32\ntdll.dll]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[C:\windows.0\system32\kernel32.dll]  [Microsoft Corporation, 5.1.2600.2945 (xpsp_sp2_gdr.060704-2349)]
[C:\windows.0\system32\ADVAPI32.dll]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[C:\windows.0\system32\RPCRT4.dll]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[C:\windows.0\system32\AUTHZ.dll]  [Microsoft Corporation, 5.1.2600.2622 (xpsp_sp2_gdr.050301-1519)]
[C:\windows.0\system32\msvcrt.dll]  [Microsoft Corporation, 7.0.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[C:\windows.0\system32\CRYPT32.dll]  [Microsoft Corporation, 5.131.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[C:\windows.0\system32\USER32.dll]  [Microsoft Corporation, 5.1.2600.2622 (xpsp_sp2_gdr.050301-1519)]
[C:\windows.0\system32\GDI32.dll]  [Microsoft Corporation, 5.1.2600.2818 (xpsp_sp2_gdr.051228-1427)]
[C:\windows.0\system32\MSASN1.dll]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[C:\windows.0\system32\NDdeApi.dll]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[C:\windows.0\system32\PROFMAP.dll]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[C:\windows.0\system32\NETAPI32.dll]  [Microsoft Corporation, 5.1.2600.2976 (xpsp_sp2_gdr.060817-0106)]
[C:\windows.0\system32\USERENV.dll]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[C:\windows.0\system32\PSAPI.DLL]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[C:\windows.0\system32\REGAPI.dll]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[C:\windows.0\system32\Secur32.dll]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[C:\windows.0\system32\SETUPAPI.dll]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[C:\windows.0\system32\VERSION.dll]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[C:\windows.0\system32\WINSTA.dll]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[C:\windows.0\system32\WINTRUST.dll]  [Microsoft Corporation, 5.131.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[C:\windows.0\system32\IMAGEHLP.dll]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[C:\windows.0\system32\WS2_32.dll]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[C:\windows.0\system32\WS2HELP.dll]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[C:\windows.0\system32\IMM32.DLL]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[C:\windows.0\system32\LPK.DLL]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[C:\windows.0\system32\USP10.dll]  [Microsoft Corporation, 1.0420.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[C:\windows.0\system32\MSGINA.dll]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[C:\windows.0\system32\SHELL32.dll]  [Microsoft Corporation, 6.00.2900.3051 (xpsp_sp2_gdr.061219-0316)]
[C:\windows.0\system32\SHLWAPI.dll]  [Microsoft Corporation, 6.00.2900.3059 (xpsp_sp2_gdr.070104-0050)]
[C:\windows.0\system32\COMCTL32.dll]  [Microsoft Corporation, 5.82 (xpsp.060825-0040)]
[C:\windows.0\system32\ODBC32.dll]  [Microsoft Corporation, 3.525.1117.0 (xpsp_sp2_rtm.040803-2158)]
[C:\windows.0\system32\comdlg32.dll]  [Microsoft Corporation, 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)]
[C:\windows.0\system32\odbcint.dll]  [Microsoft Corporation, 3.525.1117.0 built by: (_sqlbld)]
[C:\windows.0\system32\SHSVCS.dll]  [Microsoft Corporation, 6.00.2900.3051 (xpsp_sp2_gdr.061219-0316)]
[C:\windows.0\system32\sfc.dll]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[C:\windows.0\system32\sfc_os.dll]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[C:\windows.0\system32\ole32.dll]  [Microsoft Corporation, 5.1.2600.2726 (xpsp_sp2_gdr.050725-1528)]
[C:\windows.0\system32\Apphelp.dll]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[C:\windows.0\system32\msctfime.ime]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[C:\windows.0\system32\WINSCARD.DLL]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[C:\windows.0\system32\WTSAPI32.dll]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[C:\windows.0\system32\uxtheme.dll]  [Microsoft Corporation, 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)]
[C:\windows.0\system32\WINMM.dll]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[C:\windows.0\system32\Ati2evxx.dll]  [, ]
[C:\windows.0\system32\rsaenh.dll]  [Microsoft Corporation, 5.1.2600.2161 (xpsp.040706-1629)]
[C:\windows.0\system32\cscdll.dll]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[C:\WINDOWS.0\system32\klogon.dll]  [Kaspersky Lab, 6.0.2.621]
[C:\windows.0\system32\WlNotify.dll]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[C:\windows.0\system32\WINSPOOL.DRV]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[C:\windows.0\system32\MPR.dll]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[C:\windows.0\system32\SAMLIB.dll]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[C:\windows.0\system32\cscui.dll]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[C:\windows.0\system32\xpsp2res.dll]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[C:\windows.0\system32\NTMARTA.DLL]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[C:\windows.0\system32\WLDAP32.dll]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[C:\windows.0\system32\msv1_0.dll]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[C:\windows.0\system32\iphlpapi.dll]  [Microsoft Corporation, 5.1.2600.2912 (xpsp_sp2_gdr.060519-0003)]
[C:\windows.0\system32\wdmaud.drv]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[C:\windows.0\system32\msacm32.drv]  [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)]
[C:\windows.0\system32\MSACM32.dll]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[C:\windows.0\system32\midimap.dll]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[C:\windows.0\system32\COMRes.dll]  [Microsoft Corporation, 2001.12.4414.258]
[C:\windows.0\system32\OLEAUT32.dll]  [Microsoft Corporation, 5.1.2600.2180]
[C:\windows.0\system32\CLBCATQ.DLL]  [Microsoft Corporation, 2001.12.4414.308]
[D:\木马清道夫\ProcessHook.dll]  [Fygsoft and Microsoft, 1.1.0.55]
[PID: 1292][C:\windows.0\Explorer.EXE]  [Microsoft Corporation, 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)]
[C:\windows.0\system32\ntdll.dll]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[C:\windows.0\system32\kernel32.dll]  [Microsoft Corporation, 5.1.2600.2945 (xpsp_sp2_gdr.060704-2349)]
[C:\windows.0\system32\msvcrt.dll]  [Microsoft Corporation, 7.0.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[C:\windows.0\system32\ADVAPI32.dll]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[C:\windows.0\system32\RPCRT4.dll]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[C:\windows.0\system32\GDI32.dll]  [Microsoft Corporation, 5.1.2600.2818 (xpsp_sp2_gdr.051228-1427)]
[C:\windows.0\system32\USER32.dll]  [Microsoft Corporation, 5.1.2600.2622 (xpsp_sp2_gdr.050301-1519)]
[C:\windows.0\system32\SHLWAPI.dll]  [Microsoft Corporation, 6.00.2900.3059 (xpsp_sp2_gdr.070104-0050)]
[C:\windows.0\system32\SHELL32.dll]  [Microsoft Corporation, 6.00.2900.3051 (xpsp_sp2_gdr.061219-0316)]
[C:\windows.0\system32\ole32.dll]  [Microsoft Corporation, 5.1.2600.2726 (xpsp_sp2_gdr.050725-1528)]
[C:\windows.0\system32\OLEAUT32.dll]  [Microsoft Corporation, 5.1.2600.2180]
[C:\windows.0\system32\BROWSEUI.dll]  [Microsoft Corporation, 6.00.2900.3059 (xpsp_sp2_gdr.070104-0050)]
[C:\windows.0\system32\SHDOCVW.dll]  [Microsoft Corporation, 6.00.2900.3059 (xpsp_sp2_gdr.070104-0050)]
[C:\windows.0\system32\CRYPT32.dll]  [Microsoft Corporation, 5.131.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[C:\windows.0\system32\MSASN1.dll]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[C:\windows.0\system32\CRYPTUI.dll]  [Microsoft Corporation, 5.131.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[C:\windows.0\system32\WINTRUST.dll]  [Microsoft Corporation, 5.131.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[C:\windows.0\system32\IMAGEHLP.dll]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[C:\windows.0\system32\NETAPI32.dll]  [Microsoft Corporation, 5.1.2600.2976 (xpsp_sp2_gdr.060817-0106)]
[C:\windows.0\system32\WININET.dll]  [Microsoft Corporation, 6.00.2900.3059 (xpsp_sp2_gdr.070104-0050)]
[C:\windows.0\system32\WLDAP32.dll]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[C:\windows.0\system32\VERSION.dll]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[C:\windows.0\system32\UxTheme.dll]  [Microsoft Corporation, 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)]
[C:\windows.0\system32\ShimEng.dll]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[C:\windows.0\AppPatch\AcGenral.DLL]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[C:\windows.0\system32\WINMM.dll]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[C:\windows.0\system32\MSACM32.dll]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[C:\windows.0\system32\USERENV.dll]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[C:\windows.0\system32\IMM32.DLL]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[C:\windows.0\system32\LPK.DLL]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[C:\windows.0\system32\USP10.dll]  [Microsoft Corporation, 1.0420.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[C:\windows.0\system32\comctl32.dll]  [Microsoft Corporation, 5.82 (xpsp.060825-0040)]
[C:\windows.0\system32\msctfime.ime]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[C:\windows.0\system32\appHelp.dll]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[C:\windows.0\system32\CLBCATQ.DLL]  [Microsoft Corporation, 2001.12.4414.308]
[C:\windows.0\system32\COMRes.dll]  [Microsoft Corporation, 2001.12.4414.258]
[C:\windows.0\System32\cscui.dll]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[C:\windows.0\System32\CSCDLL.dll]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[C:\windows.0\system32\themeui.dll]  [Microsoft Corporation, 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)]
[C:\windows.0\system32\Secur32.dll]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[C:\windows.0\system32\MSIMG32.dll]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[C:\windows.0\system32\xpsp2res.dll]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[C:\WINDOWS.0\system32\actxprxy.dll]  [Microsoft Corporation, 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)]
[C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\scrchpg.dll]  [Kaspersky Lab, 6.0.2.621]
[C:\WINDOWS.0\system32\msutb.dll]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[C:\WINDOWS.0\system32\MSCTF.dll]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[C:\windows.0\system32\ntshrui.dll]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[C:\windows.0\system32\ATL.DLL]  [Microsoft Corporation, 3.05.2284]
[C:\windows.0\system32\SETUPAPI.dll]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[C:\WINDOWS.0\system32\urlmon.dll]  [Microsoft Corporation, 6.00.2900.3072 (xpsp_sp2_gdr.070124-2319)]
[C:\windows.0\system32\WINSTA.dll]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[C:\windows.0\system32\webcheck.dll]  [Microsoft Corporation, 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)]
[C:\windows.0\system32\WSOCK32.dll]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[C:\windows.0\system32\WS2_32.dll]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[C:\windows.0\system32\WS2HELP.dll]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]

显示全部楼层 · 发表于 2007-5-23 16:46:19

日志不完整，要是一帖放不下直接发成附件。

显示全部楼层 · 发表于 2007-5-23 16:46:31

[D:\木马清道夫\ProcessHook.dll]  [Fygsoft and Microsoft, 1.1.0.55]
[C:\WINDOWS.0\system32\stobject.dll]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[C:\WINDOWS.0\system32\BatMeter.dll]  [Microsoft Corporation, 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)]
[C:\WINDOWS.0\system32\POWRPROF.dll]  [Microsoft Corporation, 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)]
[C:\WINDOWS.0\system32\WTSAPI32.dll]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[C:\windows.0\system32\wdmaud.drv]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[C:\windows.0\system32\msacm32.drv]  [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)]
[C:\windows.0\system32\midimap.dll]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[C:\WINDOWS.0\system32\NETSHELL.dll]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[C:\WINDOWS.0\system32\rtutils.dll]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[C:\WINDOWS.0\system32\credui.dll]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[C:\WINDOWS.0\system32\iphlpapi.dll]  [Microsoft Corporation, 5.1.2600.2912 (xpsp_sp2_gdr.060519-0003)]
[C:\windows.0\system32\WZCSAPI.DLL]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[C:\windows.0\system32\LINKINFO.dll]  [Microsoft Corporation, 5.1.2600.2751 (xpsp_sp2_gdr.050831-1520)]
[C:\Program Files\WinRAR\rarext.dll]  [N/A, ]
[D:\强力优化\SDShelEx-win32.dll]  [TuneUp Software GmbH, 2.0.0.2]
[C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\ShellEx.dll]  [Kaspersky Lab, 6.0.2.621]
[C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\MSVCR80.dll]  [Microsoft Corporation, 8.00.50727.42]
[C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\MSVCP80.dll]  [Microsoft Corporation, 8.00.50727.42]
[C:\windows.0\system32\MPR.dll]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[C:\windows.0\System32\drprov.dll]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[C:\windows.0\System32\ntlanman.dll]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[C:\windows.0\System32\NETUI0.dll]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[C:\windows.0\System32\NETUI1.dll]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[C:\windows.0\System32\NETRAP.dll]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[C:\windows.0\System32\SAMLIB.dll]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[C:\windows.0\System32\davclnt.dll]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[C:\windows.0\system32\rsaenh.dll]  [Microsoft Corporation, 5.1.2600.2161 (xpsp.040706-1629)]
[C:\windows.0\system32\SXS.DLL]  [Microsoft Corporation, 5.1.2600.3019 (xpsp_sp2_gdr.061019-0414)]
[C:\windows.0\system32\browselc.dll]  [Microsoft Corporation, 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)]
[C:\windows.0\system32\MSGINA.dll]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[C:\windows.0\system32\ODBC32.dll]  [Microsoft Corporation, 3.525.1117.0 (xpsp_sp2_rtm.040803-2158)]
[C:\windows.0\system32\comdlg32.dll]  [Microsoft Corporation, 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)]
[C:\windows.0\system32\odbcint.dll]  [Microsoft Corporation, 3.525.1117.0 built by: (_sqlbld)]
[C:\windows.0\system32\DUSER.dll]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[C:\windows.0\system32\MLANG.dll]  [Microsoft Corporation, 6.00.2900.2530 (xpsp.040919-1030)]
[C:\windows.0\system32\Audiodev.dll]  [Microsoft Corporation, 5.2.3802.3802 built by: dnsrv(bld4act)]
[C:\windows.0\system32\WMVCore.DLL]  [Microsoft Corporation, 10.00.00.4054 built by: dnsrv(bld4act)]
[C:\windows.0\system32\WMASF.DLL]  [Microsoft Corporation, 10.00.00.3802 built by: dnsrv(bld4act)]
[C:\windows.0\system32\diskcopy.dll]  [Microsoft Corporation, 6.00.2600.0000 (xpclient.010817-1148)]
[C:\WINDOWS.0\system32\wmpshell.dll]  [Microsoft Corporation, 10.00.00.3802]
[C:\windows.0\system32\shdoclc.dll]  [Microsoft Corporation, 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)]
[C:\windows.0\system32\NTMARTA.DLL]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\prremote.dll]  [Kaspersky Lab, 6.0.2.621]
[C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\prloader.dll]  [Kaspersky Lab, 6.0.2.621]
[PID: 916][C:\windows.0\SOUNDMAN.EXE]  [Realtek Semiconductor Corp., 5.1.0.29]
[C:\windows.0\system32\ntdll.dll]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[C:\windows.0\system32\kernel32.dll]  [Microsoft Corporation, 5.1.2600.2945 (xpsp_sp2_gdr.060704-2349)]
[C:\windows.0\system32\USER32.dll]  [Microsoft Corporation, 5.1.2600.2622 (xpsp_sp2_gdr.050301-1519)]
[C:\windows.0\system32\ADVAPI32.dll]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[C:\windows.0\system32\RPCRT4.dll]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[C:\windows.0\system32\SHELL32.dll]  [Microsoft Corporation, 6.00.2900.3051 (xpsp_sp2_gdr.061219-0316)]
[C:\windows.0\system32\msvcrt.dll]  [Microsoft Corporation, 7.0.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[C:\windows.0\system32\SHLWAPI.dll]  [Microsoft Corporation, 6.00.2900.3059 (xpsp_sp2_gdr.070104-0050)]
[C:\windows.0\system32\SETUPAPI.dll]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[C:\windows.0\system32\WINMM.dll]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[C:\windows.0\system32\HID.DLL]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[C:\windows.0\system32\IMM32.DLL]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[C:\windows.0\system32\LPK.DLL]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[C:\windows.0\system32\USP10.dll]  [Microsoft Corporation, 1.0420.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[C:\windows.0\system32\comctl32.dll]  [Microsoft Corporation, 5.82 (xpsp.060825-0040)]
[C:\windows.0\system32\msctfime.ime]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[C:\windows.0\system32\ole32.dll]  [Microsoft Corporation, 5.1.2600.2726 (xpsp_sp2_gdr.050725-1528)]
[C:\windows.0\system32\WINTRUST.dll]  [Microsoft Corporation, 5.131.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[C:\windows.0\system32\CRYPT32.dll]  [Microsoft Corporation, 5.131.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[C:\windows.0\system32\MSASN1.dll]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[C:\windows.0\system32\IMAGEHLP.dll]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[D:\木马清道夫\ProcessHook.dll]  [Fygsoft and Microsoft, 1.1.0.55]
[C:\windows.0\system32\oleaut32.dll]  [Microsoft Corporation, 5.1.2600.2180]
[C:\windows.0\system32\MSCTF.dll]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 976][C:\Program Files\racer-han-cnc\racer.exe]  [Putian Runway, 3,3,116,192]
[C:\windows.0\system32\ntdll.dll]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[C:\windows.0\system32\kernel32.dll]  [Microsoft Corporation, 5.1.2600.2945 (xpsp_sp2_gdr.060704-2349)]
[C:\windows.0\system32\USER32.dll]  [Microsoft Corporation, 5.1.2600.2622 (xpsp_sp2_gdr.050301-1519)]
[C:\windows.0\system32\GDI32.dll]  [Microsoft Corporation, 5.1.2600.2818 (xpsp_sp2_gdr.051228-1427)]
[C:\windows.0\system32\MSVCRT.dll]  [Microsoft Corporation, 7.0.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[C:\windows.0\system32\IMM32.DLL]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[C:\windows.0\system32\ADVAPI32.dll]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[C:\windows.0\system32\RPCRT4.dll]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[C:\windows.0\system32\LPK.DLL]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[C:\windows.0\system32\USP10.dll]  [Microsoft Corporation, 1.0420.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[C:\Program Files\racer-han-cnc\rwxre.dll]  [Mozilla Foundation, 1.7.3: 2006072418]
[C:\Program Files\racer-han-cnc\nspr4.dll]  [Netscape Communications Corporation, 4.5 Beta]
[C:\windows.0\system32\WSOCK32.dll]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[C:\windows.0\system32\WS2_32.dll]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[C:\windows.0\system32\WS2HELP.dll]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[C:\Program Files\racer-han-cnc\xpcom.dll]  [Mozilla Foundation, 1.7.3: 2006072418]
[C:\windows.0\system32\SHELL32.dll]  [Microsoft Corporation, 6.00.2900.3051 (xpsp_sp2_gdr.061219-0316)]
[C:\windows.0\system32\SHLWAPI.dll]  [Microsoft Corporation, 6.00.2900.3059 (xpsp_sp2_gdr.070104-0050)]
[C:\windows.0\system32\ole32.dll]  [Microsoft Corporation, 5.1.2600.2726 (xpsp_sp2_gdr.050725-1528)]
[C:\Program Files\racer-han-cnc\nss3.dll]  [Netscape Communications Corporation, 3.9.1]
[C:\Program Files\racer-han-cnc\softokn3.dll]  [Netscape Communications Corporation, 3.9.1]
[C:\Program Files\racer-han-cnc\gkgfx.dll]  [Mozilla Foundation, 1.7.3: 2006072418]
[C:\Program Files\racer-han-cnc\xpcom_compat.dll]  [Mozilla Foundation, 1.7.3: 2006072418]
[C:\windows.0\system32\comdlg32.dll]  [Microsoft Corporation, 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)]
[C:\windows.0\system32\COMCTL32.dll]  [Microsoft Corporation, 5.82 (xpsp.060825-0040)]
[C:\windows.0\system32\OLEAUT32.dll]  [Microsoft Corporation, 5.1.2600.2180]
[C:\windows.0\system32\VERSION.dll]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[C:\windows.0\system32\WINSPOOL.DRV]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[C:\Program Files\racer-han-cnc\js3250.dll]  [Netscape Communications Corporation, 4.0]
[C:\windows.0\system32\CLBCATQ.DLL]  [Microsoft Corporation, 2001.12.4414.308]
[C:\windows.0\system32\COMRes.dll]  [Microsoft Corporation, 2001.12.4414.258]
[C:\Program Files\racer-han-cnc\components\racer_base_comp.dll]  [Putian Runway, 3,3,116,192]
[C:\Program Files\racer-han-cnc\racer_base.dll]  [Putian Runway, 3,3,116,192]
[C:\Program Files\racer-han-cnc\kbdhook.dll]  [Putian Runway, 3,3,116,192]
[C:\windows.0\system32\HID.DLL]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[C:\windows.0\system32\SETUPAPI.dll]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[C:\windows.0\system32\MSCTF.dll]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[C:\windows.0\system32\msctfime.ime]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[C:\windows.0\system32\mswsock.dll]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[C:\windows.0\system32\hnetcfg.dll]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[C:\windows.0\System32\wshtcpip.dll]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[C:\Program Files\racer-han-cnc\components\pipnss.dll]  [Mozilla Foundation, 1.7.3: 2006072418]
[C:\Program Files\racer-han-cnc\components\gklayout.dll]  [Mozilla Foundation, 1.7.3: 2006072418]
[C:\WINDOWS.0\system32\msimtf.dll]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[C:\Program Files\racer-han-cnc\components\jar50.dll]  [Mozilla Foundation, 1.7.3: 2006072418]
[C:\windows.0\system32\xpsp2res.dll]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[C:\windows.0\system32\uxtheme.dll]  [Microsoft Corporation, 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)]
[C:\Program Files\racer-han-cnc\components\xpcom_compat_c.dll]  [Mozilla Foundation, 1.7.3: 2006072418]
[C:\windows.0\system32\msimg32.dll]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[C:\Program Files\racer-han-cnc\components\racer_ad_comp.dll]  [Putian Runway, 3,3,116,192]
[C:\Program Files\racer-han-cnc\components\racer_access_pppoe.dll]  [Putian Runway, 3,3,116,192]
[C:\Program Files\racer-han-cnc\pppoe.dll]  [北京润汇科技有限公司, 9, 0, 22, 48]
[C:\windows.0\system32\RASAPI32.dll]  [Microsoft Corporation, 5.1.2600.2180

[已解决] 一下子多了好多conime.exe.