iemnaw.dll为无效映像?毒霸瑞星也玩失踪?原来中了Win32.Logogo,RootKit.Win32.HideFile等1
来源:互联网 发布:怎样判断两个矩阵相似 编辑:程序博客网 时间:2024/04/29 17:07
iemnaw.dll为无效映像?毒霸瑞星也玩失踪?原来中了Win32.Logogo,RootKit.Win32.HideFile等1
endurer 原创
2008-04-17 第1版
一位朋友的电脑最近运行程序时总提示:应用程序或DLL c:/windows/system32/iemnaw.dll 为无效的Windows 映像,请再检测一遍您的安装盘。
电脑中的金山毒霸2008的实时监控图标也未显示,以为是过使用期了,又买来瑞星2008,安装后实时监控小伞也没显示出来……请偶帮助检查。
/===
pe_xscan 08-03-27 by Purple Endurer
2008-4-13 19:0:33
Windows XP Service Pack 2(5.1.2600)
管理员用户组
正常模式
[System Process] * 0
C:/WINDOWS/system32/xgnfn.dll | 2008-4-12 12:16:55
C:/WINDOWS/system32/hfjg.dll | 2007-4-16 15:54:26
C:/WINDOWS/system32/oqrthc.dll | 2007-4-16 15:54:26
C:/WINDOWS/system32/ijatnaw.dll | 2008-4-12 12:17:30
C:/WINDOWS/system32/rhs.dll | 2007-4-16 15:54:26
C:/WINDOWS/system32/fjyjy.dll | 2007-4-16 15:54:26
C:/WINDOWS/system32/bjrvm.dll | 2007-4-16 15:54:26
C:/WINDOWS/system32/ektvm.dll | 2007-4-16 15:54:26
C:/WINDOWS/system32/crugd.dll | 2007-4-16 15:54:26
C:/WINDOWS/system32/lariytrz.dll | 2007-4-16 15:54:26
C:/WINDOWS/system32/msepbe.dll | 2007-4-16 15:54:26
C:/WINDOWS/Fonts/syn00-1A-4D-04-42-EF/system/inudhya.dll | 2008-4-12 12:16:37
C:/WINDOWS/system32/mfchlp32.dll | 2008-4-12 12:17:26
C:/WINDOWS/system32/LotusHlp.dll | 2008-4-12 12:17:24
C:/WINDOWS/system32/AVPSrv.dll | 2008-4-12 12:17:11
C:/WINDOWS/system32/cmdbcs.dll | 2008-4-12 12:16:48
C:/WINDOWS/system32/WSockDrv32.dll | 2008-4-12 12:16:43
C:/WINDOWS/system32/tfrbmknh.dll | 2008-4-7 1:10:29
C:/WINDOWS/system32/msccrt.dll | 2008-4-12 12:16:46
C:/WINDOWS/system32/upxdnd.dll | 2008-4-12 12:16:40
C:/WINDOWS/system32/DbgHlp32.dlL | 2008-3-4 2:22:31
C:/WINDOWS/System32/csrss.exe* 676 | 2004-8-17 4:0:0 | Microsoft? Windows? Operating System | 5.1.2600.2180 | Client Server Runtime Process | ? Microsoft Corporation. All rights reserved. | 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Microsoft Corporation| ? | CSRSS.Exe | CSRSS.Exe
C:/WINDOWS/Fonts/syn00-1A-4D-04-42-EF/system/inudhya.dll | 2008-4-12 12:16:37
C:/WINDOWS/System32/winlogon.exe* 700 | 2004-8-17 4:0:0 | Microsoft(R) Windows(R) Operating System | 5.1.2600.2180 | Windows NT Logon Application | (C) Microsoft Corporation. All rights reserved. | 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Microsoft Corporation| ? | winlogon | WINLOGON.EXE
C:/WINDOWS/system32/xgnfn.dll | 2008-4-12 12:16:55
C:/WINDOWS/system32/hfjg.dll | 2007-4-16 15:54:26
C:/WINDOWS/system32/oqrthc.dll | 2007-4-16 15:54:26
C:/WINDOWS/system32/ijatnaw.dll | 2008-4-12 12:17:30
C:/WINDOWS/system32/rhs.dll | 2007-4-16 15:54:26
C:/WINDOWS/system32/fjyjy.dll | 2007-4-16 15:54:26
C:/WINDOWS/system32/bjrvm.dll | 2007-4-16 15:54:26
C:/WINDOWS/system32/ektvm.dll | 2007-4-16 15:54:26
C:/WINDOWS/system32/crugd.dll | 2007-4-16 15:54:26
C:/WINDOWS/system32/lariytrz.dll | 2007-4-16 15:54:26
C:/WINDOWS/system32/msepbe.dll | 2007-4-16 15:54:26
C:/WINDOWS/Fonts/syn00-1A-4D-04-42-EF/system/inudhya.dll | 2008-4-12 12:16:37
C:/WINDOWS/System32/services.exe* 748 | 2004-8-17 4:0:0 | Microsoft(R) Windows(R) Operating System | 5.1.2600.2180 | Services and Controller app | (C) Microsoft Corporation. All rights reserved. | 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Microsoft Corporation| ? | services.exe | services.exe
C:/WINDOWS/system32/xgnfn.dll | 2008-4-12 12:16:55
C:/WINDOWS/system32/hfjg.dll | 2007-4-16 15:54:26
C:/WINDOWS/system32/oqrthc.dll | 2007-4-16 15:54:26
C:/WINDOWS/system32/ijatnaw.dll | 2008-4-12 12:17:30
C:/WINDOWS/system32/rhs.dll | 2007-4-16 15:54:26
C:/WINDOWS/system32/fjyjy.dll | 2007-4-16 15:54:26
C:/WINDOWS/system32/bjrvm.dll | 2007-4-16 15:54:26
C:/WINDOWS/system32/ektvm.dll | 2007-4-16 15:54:26
C:/WINDOWS/system32/crugd.dll | 2007-4-16 15:54:26
C:/WINDOWS/system32/lariytrz.dll | 2007-4-16 15:54:26
C:/WINDOWS/system32/msepbe.dll | 2007-4-16 15:54:26
C:/WINDOWS/system32/D3D9_32.DLL | 2008-4-12 12:17:41
C:/WINDOWS/Fonts/syn00-1A-4D-04-42-EF/system/inudhya.dll | 2008-4-12 12:16:37
C:/WINDOWS/System32/lsass.exe* 760 | 2004-8-17 4:0:0 | Microsoft? Windows? Operating System | 5.1.2600.2180 | LSA Shell (Export Version) | ? Microsoft Corporation. All rights reserved. | 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Microsoft Corporation| ? | lsass.exe | lsass.exe
C:/WINDOWS/system32/xgnfn.dll | 2008-4-12 12:16:55
C:/WINDOWS/system32/hfjg.dll | 2007-4-16 15:54:26
C:/WINDOWS/system32/oqrthc.dll | 2007-4-16 15:54:26
C:/WINDOWS/system32/ijatnaw.dll | 2008-4-12 12:17:30
C:/WINDOWS/system32/rhs.dll | 2007-4-16 15:54:26
C:/WINDOWS/system32/fjyjy.dll | 2007-4-16 15:54:26
C:/WINDOWS/system32/bjrvm.dll | 2007-4-16 15:54:26
C:/WINDOWS/system32/ektvm.dll | 2007-4-16 15:54:26
C:/WINDOWS/system32/crugd.dll | 2007-4-16 15:54:26
C:/WINDOWS/system32/lariytrz.dll | 2007-4-16 15:54:26
C:/WINDOWS/system32/msepbe.dll | 2007-4-16 15:54:26
C:/WINDOWS/Fonts/syn00-1A-4D-04-42-EF/system/inudhya.dll | 2008-4-12 12:16:37
C:/WINDOWS/System32/svchost.exe* 944 | 2004-8-17 4:0:0 | Microsoft? Windows? Operating System | 5.1.2600.2180 | Generic Host Process for Win32 Services | ? Microsoft Corporation. All rights reserved. | 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Microsoft Corporation| ? | svchost.exe | svchost.exe
C:/WINDOWS/system32/xgnfn.dll | 2008-4-12 12:16:55
C:/WINDOWS/system32/hfjg.dll | 2007-4-16 15:54:26
C:/WINDOWS/system32/oqrthc.dll | 2007-4-16 15:54:26
C:/WINDOWS/system32/ijatnaw.dll | 2008-4-12 12:17:30
C:/WINDOWS/system32/rhs.dll | 2007-4-16 15:54:26
C:/WINDOWS/system32/fjyjy.dll | 2007-4-16 15:54:26
C:/WINDOWS/system32/bjrvm.dll | 2007-4-16 15:54:26
C:/WINDOWS/system32/ektvm.dll | 2007-4-16 15:54:26
C:/WINDOWS/system32/crugd.dll | 2007-4-16 15:54:26
C:/WINDOWS/system32/lariytrz.dll | 2007-4-16 15:54:26
C:/WINDOWS/system32/msepbe.dll | 2007-4-16 15:54:26
C:/WINDOWS/Fonts/syn00-1A-4D-04-42-EF/system/inudhya.dll | 2008-4-12 12:16:37
C:/Program Files/Kingsoft/Kingsoft Internet Security 2008/KISSvc.EXE* 1628 | 2007-12-2 15:15:0 | Kingsoft Internet Security | 7,8,2562,128 | Kingsoft AntiVirus Service Manager | Copyright (C) 1998-2007 Kingsoft Corporation | 2007,11,29,128 | Kingsoft Corporation| ? | kissvc | kissvc.exe
C:/WINDOWS/system32/xgnfn.dll | 2008-4-12 12:16:55
C:/WINDOWS/system32/hfjg.dll | 2007-4-16 15:54:26
C:/WINDOWS/system32/oqrthc.dll | 2007-4-16 15:54:26
C:/WINDOWS/system32/ijatnaw.dll | 2008-4-12 12:17:30
C:/WINDOWS/system32/rhs.dll | 2007-4-16 15:54:26
C:/WINDOWS/system32/fjyjy.dll | 2007-4-16 15:54:26
C:/WINDOWS/system32/bjrvm.dll | 2007-4-16 15:54:26
C:/WINDOWS/system32/ektvm.dll | 2007-4-16 15:54:26
C:/WINDOWS/system32/crugd.dll | 2007-4-16 15:54:26
C:/WINDOWS/system32/lariytrz.dll | 2007-4-16 15:54:26
C:/WINDOWS/system32/msepbe.dll | 2007-4-16 15:54:26
C:/WINDOWS/Fonts/syn00-1A-4D-04-42-EF/system/inudhya.dll | 2008-4-12 12:16:37
C:/WINDOWS/System32/alg.exe* 764 | 2004-8-17 4:0:0 | Microsoft? Windows? Operating System | 5.1.2600.2180 | Application Layer Gateway Service | ? Microsoft Corporation. All rights reserved. | 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Microsoft Corporation| ? | ALG.exe | ALG.exe
C:/WINDOWS/System32/xgnfn.dll | 2008-4-12 12:16:55
C:/WINDOWS/System32/hfjg.dll | 2007-4-16 15:54:26
C:/WINDOWS/System32/oqrthc.dll | 2007-4-16 15:54:26
C:/WINDOWS/System32/ijatnaw.dll | 2008-4-12 12:17:30
C:/WINDOWS/System32/rhs.dll | 2007-4-16 15:54:26
C:/WINDOWS/System32/fjyjy.dll | 2007-4-16 15:54:26
C:/WINDOWS/System32/bjrvm.dll | 2007-4-16 15:54:26
C:/WINDOWS/System32/ektvm.dll | 2007-4-16 15:54:26
C:/WINDOWS/System32/crugd.dll | 2007-4-16 15:54:26
C:/WINDOWS/System32/lariytrz.dll | 2007-4-16 15:54:26
C:/WINDOWS/System32/msepbe.dll | 2007-4-16 15:54:26
C:/WINDOWS/Fonts/syn00-1A-4D-04-42-EF/system/inudhya.dll | 2008-4-12 12:16:37
C:/WINDOWS/Explorer.EXE* 1464 | 2004-8-17 4:0:0 | Microsoft(R) Windows(R) Operating System | 6.00.2900.2180 | Windows Explorer | (C) Microsoft Corporation. All rights reserved. | 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158) | Microsoft Corporation| ? | explorer | EXPLORER.EXE
C:/WINDOWS/system32/xgnfn.dll | 2008-4-12 12:16:55
C:/WINDOWS/system32/hfjg.dll | 2007-4-16 15:54:26
C:/WINDOWS/system32/oqrthc.dll | 2007-4-16 15:54:26
C:/WINDOWS/system32/ijatnaw.dll | 2008-4-12 12:17:30
C:/WINDOWS/system32/rhs.dll | 2007-4-16 15:54:26
C:/WINDOWS/system32/fjyjy.dll | 2007-4-16 15:54:26
C:/WINDOWS/system32/bjrvm.dll | 2007-4-16 15:54:26
C:/WINDOWS/system32/ektvm.dll | 2007-4-16 15:54:26
C:/WINDOWS/system32/crugd.dll | 2007-4-16 15:54:26
C:/WINDOWS/system32/lariytrz.dll | 2007-4-16 15:54:26
C:/WINDOWS/system32/msepbe.dll | 2007-4-16 15:54:26
C:/Program Files/Internet Explorer/IEXPLORE32.Sys
C:/Program Files/Internet Explorer/IEXPLORE32.Dat
C:/Program Files/Internet Explorer/IEXPLORE32.win
C:/WINDOWS/system32/ttVUFVUF1011.dll
C:/WINDOWS/system32/ttHADHAD1061.dll
C:/WINDOWS/system32/ttQACQAC1035.dll
C:/WINDOWS/system32/ttKAFKAF1060.dll
C:/WINDOWS/system32/DbgHlp32.dlL | 2008-3-4 2:22:31
C:/WINDOWS/system32/upxdnd.dll | 2008-4-12 12:16:40
C:/WINDOWS/system32/msccrt.dll | 2008-4-12 12:16:46
C:/WINDOWS/system32/tfrbmknh.dll | 2008-4-7 1:10:29
C:/WINDOWS/system32/WSockDrv32.dll | 2008-4-12 12:16:43
C:/WINDOWS/system32/cmdbcs.dll | 2008-4-12 12:16:48
C:/WINDOWS/system32/AVPSrv.dll | 2008-4-12 12:17:11
C:/WINDOWS/system32/LotusHlp.dll | 2008-4-12 12:17:24
C:/WINDOWS/system32/mfchlp32.dll | 2008-4-12 12:17:26
C:/WINDOWS/Fonts/syn00-1A-4D-04-42-EF/system/inudhya.dll | 2008-4-12 12:16:37
C:/Program Files/Rising/Rav/RavTask.exe* 2336 | 2008-4-13 8:35:25 | Rising Antivirus 2008 | 20.00 | RavTimer | Rising Corp.All rights reserved. | 20.0.0.22 | Beijing Rising Technology Co., Ltd.| ? | Beijing Rising Technology Co., Ltd. | RavTask.exe
C:/WINDOWS/system32/xgnfn.dll | 2008-4-12 12:16:55
C:/WINDOWS/system32/hfjg.dll | 2007-4-16 15:54:26
C:/WINDOWS/system32/oqrthc.dll | 2007-4-16 15:54:26
C:/WINDOWS/system32/ijatnaw.dll | 2008-4-12 12:17:30
C:/WINDOWS/system32/rhs.dll | 2007-4-16 15:54:26
C:/WINDOWS/system32/fjyjy.dll | 2007-4-16 15:54:26
C:/WINDOWS/system32/bjrvm.dll | 2007-4-16 15:54:26
C:/WINDOWS/system32/ektvm.dll | 2007-4-16 15:54:26
C:/WINDOWS/system32/crugd.dll | 2007-4-16 15:54:26
C:/WINDOWS/system32/lariytrz.dll | 2007-4-16 15:54:26
C:/WINDOWS/system32/msepbe.dll | 2007-4-16 15:54:26
C:/Program Files/Internet Explorer/IEXPLORE32.Dat
C:/Program Files/Internet Explorer/IEXPLORE32.Sys
C:/WINDOWS/Fonts/syn00-1A-4D-04-42-EF/system/inudhya.dll | 2008-4-12 12:16:37
C:/WINDOWS/System32/ctfmon.exe* 2792 | 2004-8-17 4:0:0 | Microsoft? Windows? Operating System | 5.1.2600.2180 | CTF Loader | ? Microsoft Corporation. All rights reserved. | 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158) | Microsoft Corporation| ? | CTFMON | CTFMON.EXE
C:/WINDOWS/system32/xgnfn.dll | 2008-4-12 12:16:55
C:/WINDOWS/system32/hfjg.dll | 2007-4-16 15:54:26
C:/WINDOWS/system32/oqrthc.dll | 2007-4-16 15:54:26
C:/WINDOWS/system32/ijatnaw.dll | 2008-4-12 12:17:30
C:/WINDOWS/system32/rhs.dll | 2007-4-16 15:54:26
C:/WINDOWS/system32/fjyjy.dll | 2007-4-16 15:54:26
C:/WINDOWS/system32/bjrvm.dll | 2007-4-16 15:54:26
C:/WINDOWS/system32/ektvm.dll | 2007-4-16 15:54:26
C:/WINDOWS/system32/crugd.dll | 2007-4-16 15:54:26
C:/WINDOWS/system32/lariytrz.dll | 2007-4-16 15:54:26
C:/WINDOWS/system32/msepbe.dll | 2007-4-16 15:54:26
C:/Program Files/Internet Explorer/IEXPLORE32.Dat
C:/Program Files/Internet Explorer/IEXPLORE32.Sys
C:/WINDOWS/Fonts/syn00-1A-4D-04-42-EF/system/inudhya.dll | 2008-4-12 12:16:37
C:/Program Files/Internet Explorer/IEXPLORE.EXE* 5680 | 2007-2-26 12:33:37 | Microsoft(R) Windows(R) Operating System | 6.00.2900.2180 | Internet Explorer | (C) Microsoft Corporation. All rights reserved. | 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158) | Microsoft Corporation| ? | iexplore | IEXPLORE.EXE
C:/WINDOWS/system32/xgnfn.dll | 2008-4-12 12:16:55
C:/WINDOWS/system32/hfjg.dll | 2007-4-16 15:54:26
C:/WINDOWS/system32/oqrthc.dll | 2007-4-16 15:54:26
C:/WINDOWS/system32/ijatnaw.dll | 2008-4-12 12:17:30
C:/WINDOWS/system32/rhs.dll | 2007-4-16 15:54:26
C:/WINDOWS/system32/fjyjy.dll | 2007-4-16 15:54:26
C:/WINDOWS/system32/bjrvm.dll | 2007-4-16 15:54:26
C:/WINDOWS/system32/ektvm.dll | 2007-4-16 15:54:26
C:/WINDOWS/system32/crugd.dll | 2007-4-16 15:54:26
C:/WINDOWS/system32/lariytrz.dll | 2007-4-16 15:54:26
C:/WINDOWS/system32/msepbe.dll | 2007-4-16 15:54:26
C:/WINDOWS/Fonts/syn00-1A-4D-04-42-EF/system/inudhya.dll | 2008-4-12 12:16:37
C:/Program Files/Internet Explorer/IEXPLORE32.Dat
C:/Program Files/Internet Explorer/IEXPLORE32.Sys
C:/Program Files/Internet Explorer/IEXPLORE32.win
C:/WINDOWS/system32/mfchlp32.dll | 2008-4-12 12:17:26
C:/WINDOWS/system32/LotusHlp.dll | 2008-4-12 12:17:24
C:/WINDOWS/system32/AVPSrv.dll | 2008-4-12 12:17:11
C:/WINDOWS/system32/cmdbcs.dll | 2008-4-12 12:16:48
C:/WINDOWS/system32/WSockDrv32.dll | 2008-4-12 12:16:43
C:/WINDOWS/system32/tfrbmknh.dll | 2008-4-7 1:10:29
C:/WINDOWS/system32/msccrt.dll | 2008-4-12 12:16:46
C:/WINDOWS/system32/upxdnd.dll | 2008-4-12 12:16:40
C:/WINDOWS/system32/DbgHlp32.dlL | 2008-3-4 2:22:31
O2 - BHO - {A45B2C37-01D0-4D3E-BE5E-CC119B17BE9E} - C:/Program Files/Internet Explorer/IEXPLORE32.win
O2 - BHO - {C5E87A05-F463-4841-B19E-DD3EC3862368} - C:/Program Files/Internet Explorer/IEXPLORE32.Sys
O2 - BHO - {D29DCEE0-457B-45A2-A92D-741B95B7723B} - C:/Program Files/Internet Explorer/IEXPLORE32.Sys
O2 - BHO - {EE12D60D-AD9A-4095-B839-3BE6862679FD} - C:/Program Files/Internet Explorer/IEXPLORE32.Dat
O3 - IE工具栏: - {39852EFE-325B-45ef-9A60-3DBECD2DDDD5} - C:/WINDOWS/system32/thsbar.dll
O4 - HKLM/../Run: [rufntbdt] C:/WINDOWS/unbtahlf.exe
O4 - HKLM/../Run: [DbgHlp32] C:/WINDOWS/DbgHlp32.exe
O4 - HKLM/../Run: [TBMonEx] C:/WINDOWS/Fonts/syn00-1A-4D-04-42-EF/system/smss.exe
O4 - HKLM/../Run: [inudhya] C:/WINDOWS/Fonts/syn00-1A-4D-04-42-EF/system/1a.exe
O4 - HKLM/../Run: [upxdnd] C:/WINDOWS/upxdnd.exe
O4 - HKLM/../Policies/Explorer/Run: [DXDLG32] DXDLG.exe
O4 - HKLM/../Policies/Explorer/Run: [MSDWG32] LYLoadbr.exe
O4 - HKLM/../Policies/Explorer/Run: [MSDCG32 ] LYLeador.exe
O4 - HKLM/../Policies/Explorer/Run: [MSDOG32] LYLoador.exe
O4 - HKLM/../Policies/Explorer/Run: [MSDSG32] LYLoadar.exe
O4 - HKLM/../Policies/Explorer/Run: [MSDMG32] LYLoadmr.exe
O4 - HKLM/../Policies/Explorer/Run: [MSDHG32] LYLoadhr.exe
O4 - HKLM/../Policies/Explorer/Run: [MSDQG32] LYLoadqr.exeO4 - Global Startup: AtiSrv.exe -> Invalid lnk file
O4 - Global Startup: QQGAME1.vbs -> Invalid lnk fileC:/autorun.inf
/-----
[AutoRun]
OPEN=ntldr.exe
shellexecute=ntldr.exe
shell/打开(&O)/command=ntldr.exe
-----/
D:/autorun.inf
/-----
[AutoRun]
OPEN=ntldr.exe
shellexecute=ntldr.exe
shell/打开(&O)/command=ntldr.exe
-----/
E:/autorun.inf
/-----
[AutoRun]
OPEN=ntldr.exe
shellexecute=ntldr.exe
shell/打开(&O)/command=ntldr.exe
-----/O23 - 服务: askd (askd) - C:/WINDOWS/system32/drivers/askd.ahc | 2008-4-12 10:48:44(手动)
O23 - 服务: dohs (dohs) - C:/DOCUME~1/ADMINI~1/LOCALS~1/Temp/tmp1E.tmp (自动)
O23 - 服务: fpids32 (fpids32) - C:/WINDOWS/system32/drivers/msosfpids32.sys | 2008-3-3 12:42:25(自动)
O23 - 服务: iCafe Manager (iCafe Manager) - C:/DOCUME~1/ADMINI~1/LOCALS~1/Temp/usbhcid.sys (手动)
O23 - 服务: mchInjDrv () - C:/DOCUME~1/ADMINI~1/LOCALS~1/Temp/mc22.tmp (禁用)
O23 - 服务: mhfp (mhfp) - C:/DOCUME~1/ADMINI~1/LOCALS~1/Temp/tmp67.tmp | 2008-4-12 12:46:40(自动)
O23 - 服务: mnsf (mnsf) - C:/DOCUME~1/ADMINI~1/LOCALS~1/Temp/tmp35.tmp (自动)
O23 - 服务: msert (msert) - system32/drivers/mselk.sys (自动)
O23 - 服务: msertk (msertk) - system32/drivers/msyecp.sys (自动)
O23 - 服务: msfpfis64 (msfpfis64) - C:/WINDOWS/system32/drivers/msosmsfpfis64.sys | 2008-4-12 12:17:23(自动)
O23 - 服务: phy (phy) - C:/WINDOWS/system32/DRIVERS/phy.sys | 2008-4-13 9:52:35(手动)
O23 - 服务: ping (ping) - C:/DOCUME~1/ADMINI~1/LOCALS~1/Temp/tmp31.tmp (自动)
O23 - 服务: Sc Manager (Sc Manager) - C:/DOCUME~1/ADMINI~1/LOCALS~1/Temp/usbcams3.sys (手动)O24 - ShlExecHook: [C] - {BC207F7D-3E63-4ACA-99B5-FB5F8428200C} = C
O24 - ShlExecHook: [Microsoft] - {45AADFAA-DD36-42AB-83AD-0521BBF58C24} = C:/WINDOWS/system32/zjydcx.dll
O24 - ShlExecHook: [Microsoft] - {17DFD111-BF3A-4CB4-ADB0-88FCBFE69821} = C:/WINDOWS/system32/hhrdxd.dll
O24 - ShlExecHook: [] - {C5E87A05-F463-4841-B19E-DD3EC3862368} = C:/Program Files/Internet Explorer/IEXPLORE32.Sys
O24 - ShlExecHook: [] - {EE12D60D-AD9A-4095-B839-3BE6862679FD} = C:/Program Files/Internet Explorer/IEXPLORE32.Dat
O24 - ShlExecHook: [] - {A45B2C37-01D0-4D3E-BE5E-CC119B17BE9E} = C:/Program Files/Internet Explorer/IEXPLORE32.win
O24 - ShlExecHook: [5] - {5d965c11-4200-44fc-8fd8-6897bccc5d75} = C:/WINDOWS/system32/ffNNBNNB1033.dll
O24 - ShlExecHook: [1] - {6b22d384-97ba-4c43-81ab-a6bb24e9d831} = C:/WINDOWS/system32/fJACJAC1041.dll
O24 - ShlExecHook: [5] - {3be976db-b807-4251-81e8-38997856f675} = C:/WINDOWS/system32/fCBDCBD1033.dll
O24 - ShlExecHook: [b] - {29fab913-d0cd-477b-a3f0-3d7c3a90379b} = C:/WINDOWS/system32/ttVUFVUF1011.dll
O24 - ShlExecHook: [f] - {080b34df-5e9a-4771-99c1-f7269b42f44f} = C:/WINDOWS/system32/ttHADHAD1061.dll
O24 - ShlExecHook: [9] - {79dae25e-7bee-4484-bb1a-f30c45d535d9} = C:/WINDOWS/system32/ttQACQAC1035.dll
O24 - ShlExecHook: [8] - {5136d0e5-bad9-4d8e-9b62-7492bf467388} = C:/WINDOWS/system32/ttKAFKAF1060.dllO25 - InsCom: {AA312103-F04D-11cf-64CD-11EF5011CF20} = C:/WINDOWS/system32/nwizqjsj.exe
O26 - IFEO: 360rpt.exe -> net
O26 - IFEO: 360safe.exe -> net
O26 - IFEO: 360safebox.exe -> ntsd -d
O26 - IFEO: 360tray.exe -> net
O26 - IFEO: ACKWIN32.EXE -> net
O26 - IFEO: adam.exe -> ntsd -d
O26 - IFEO: AgentSvr.exe -> ntsd -d
O26 - IFEO: ANTI-TROJAN.EXE -> net
O26 - IFEO: AppSvc32.exe -> ntsd -d
O26 - IFEO: APVXDWIN.EXE -> net
O26 - IFEO: AtiSrv.exe -> ntsd -d
O26 - IFEO: AUTODOWN.EXE -> net
O26 - IFEO: autoruns.exe -> ntsd -d
O26 - IFEO: avconsol.exe -> net
O26 - IFEO: AVE32.EXE -> net
O26 - IFEO: AVGCTRL.EXE -> net
O26 - IFEO: avgrssvc.exe -> ntsd -d
O26 - IFEO: AVKSERV.EXE -> net
O26 - IFEO: AvMonitor.exe -> ntsd -d
O26 - IFEO: AVNT.EXE -> net
O26 - IFEO: avp.com -> ntsd -d
O26 - IFEO: avp.exe -> net
O26 - IFEO: AVP32.EXE -> net
O26 - IFEO: AVPCC.EXE -> net
O26 - IFEO: AVPDOS32.EXE -> net
O26 - IFEO: AVPM.EXE -> net
O26 - IFEO: AVPTC32.EXE -> net
O26 - IFEO: AVPUPD.EXE -> net
O26 - IFEO: AVSCHED32.EXE -> net
O26 - IFEO: AVWIN95.EXE -> net
O26 - IFEO: AVWUPD32.EXE -> net
O26 - IFEO: BLACKD.EXE -> net
O26 - IFEO: BLACKICE.EXE -> net
O26 - IFEO: CCenter.exe -> ntsd -d
O26 - IFEO: ccSvcHst.exe -> ntsd -d
O26 - IFEO: CFIADMIN.EXE -> net
O26 - IFEO: CFIAUDIT.EXE -> net
O26 - IFEO: CFINET.EXE -> net
O26 - IFEO: CFINET32.EXE -> net
O26 - IFEO: CLAW95.EXE -> net
O26 - IFEO: CLAW95CF.EXE -> net
O26 - IFEO: CLEANER.EXE -> net
O26 - IFEO: CLEANER3.EXE -> net
O26 - IFEO: DVP95.EXE -> net
O26 - IFEO: DVP95_0.EXE -> net
O26 - IFEO: ECENGINE.EXE -> net
O26 - IFEO: EGHOST.exe -> net
O26 - IFEO: ESAFE.EXE -> net
O26 - IFEO: EXPWATCH.EXE -> net
O26 - IFEO: F-AGNT95.EXE -> net
O26 - IFEO: F-PROT.EXE -> net
O26 - IFEO: F-PROT95.EXE -> net
O26 - IFEO: F-STOPW.EXE -> net
O26 - IFEO: FESCUE.EXE -> net
O26 - IFEO: FileDsty.exe -> ntsd -d
O26 - IFEO: FINDVIRU.EXE -> net
O26 - IFEO: FP-WIN.EXE -> net
O26 - IFEO: FPROT.EXE -> net
O26 - IFEO: FRW.EXE -> net
O26 - IFEO: FTCleanerShell.exe -> ntsd -d
O26 - IFEO: FYFireWall.exe -> ntsd -d
O26 - IFEO: HijackThis.exe -> ntsd -d
O26 - IFEO: IAMAPP.EXE -> net
O26 - IFEO: IAMSERV.EXE -> net
O26 - IFEO: IBMASN.EXE -> net
O26 - IFEO: IBMAVSP.EXE -> net
O26 - IFEO: IceSword.exe -> ntsd -d
O26 - IFEO: ICLOAD95.EXE -> net
O26 - IFEO: ICLOADNT.EXE -> net
O26 - IFEO: ICMON.EXE -> net
O26 - IFEO: ICSUPP95.EXE -> net
O26 - IFEO: ICSUPPNT.EXE -> net
O26 - IFEO: IFACE.EXE -> net
O26 - IFEO: IOMON98.EXE -> net
O26 - IFEO: iparmo.exe -> ntsd -d
O26 - IFEO: Iparmor.exe -> net
O26 - IFEO: isPwdSvc.exe -> ntsd -d
O26 - IFEO: JEDI.EXE -> net
O26 - IFEO: kabaload.exe -> ntsd -d
O26 - IFEO: KaScrScn.SCR -> ntsd -d
O26 - IFEO: KASMain.exe -> ntsd -d
O26 - IFEO: KASTask.exe -> ntsd -d
O26 - IFEO: KAV32.exe -> net
O26 - IFEO: KAVDX.exe -> ntsd -d
O26 - IFEO: KAVPF.exe -> ntsd -d
O26 - IFEO: KAVPFW.exe -> net
O26 - IFEO: KAVSetup.exe -> ntsd -d
O26 - IFEO: KAVStart.exe -> ntsd -d
O26 - IFEO: KAVsvc.exe -> net
O26 - IFEO: KAVSvcUI.exe -> net
O26 - IFEO: KISLnchr.exe -> ntsd -d
O26 - IFEO: KMailMon.exe -> ntsd -d
O26 - IFEO: KMFilter.exe -> ntsd -d
O26 - IFEO: KPFW32.exe -> ntsd -d
O26 - IFEO: KPFW32X.exe -> ntsd -d
O26 - IFEO: KPfwSvc.exe -> ntsd -d
O26 - IFEO: KRegEx.exe -> ntsd -d
O26 - IFEO: KRepair.com -> ntsd -d
O26 - IFEO: KsLoader.exe -> ntsd -d
O26 - IFEO: KVCenter.kxp -> ntsd -d
O26 - IFEO: KvDetect.exe -> ntsd -d
O26 - IFEO: KVFW.EXE -> net
O26 - IFEO: KvfwMcl.exe -> ntsd -d
O26 - IFEO: KVMonXP.exe -> net
O26 - IFEO: KVMonXP.kxp -> net
O26 - IFEO: KVMonXP_1.kxp -> ntsd -d
O26 - IFEO: kvol.exe -> ntsd -d
O26 - IFEO: kvolself.exe -> ntsd -d
O26 - IFEO: KvReport.kxp -> ntsd -d
O26 - IFEO: KVScan.kxp -> ntsd -d
O26 - IFEO: KVSrvXP.exe -> net
O26 - IFEO: KVStub.kxp -> ntsd -d
O26 - IFEO: kvupload.exe -> ntsd -d
O26 - IFEO: kvwsc.exe -> net
O26 - IFEO: KvXP.kxp -> net
O26 - IFEO: KvXP_1.kxp -> ntsd -d
O26 - IFEO: KWatch.exe -> ntsd -d
O26 - IFEO: KWatch9x.exe -> ntsd -d
O26 - IFEO: KWatchUI.EXE -> net
O26 - IFEO: KWatchX.exe -> ntsd -d
O26 - IFEO: LOCKDOWN2000.EXE -> net
O26 - IFEO: Logo1_.exe -> net
O26 - IFEO: Logo_1.exe -> net
O26 - IFEO: LOOKOUT.EXE -> net
O26 - IFEO: LUALL.EXE -> net
O26 - IFEO: MagicSet.exe -> ntsd -d
O26 - IFEO: MAILMON.EXE -> net
O26 - IFEO: mcconsol.exe -> ntsd -d
O26 - IFEO: mmqczj.exe -> ntsd -d
O26 - IFEO: mmsk.exe -> ntsd -d
O26 - IFEO: MOOLIVE.EXE -> net
O26 - IFEO: MPFTRAY.EXE -> net
O26 - IFEO: N32SCANW.EXE -> net
O26 - IFEO: Navapsvc.exe -> net
O26 - IFEO: Navapw32.exe -> net
O26 - IFEO: NAVLU32.EXE -> net
O26 - IFEO: NAVNT.EXE -> net
O26 - IFEO: navw32.EXE -> net
O26 - IFEO: NAVWNT.EXE -> net
O26 - IFEO: NISUM.EXE -> net
O26 - IFEO: NMain.exe -> net
O26 - IFEO: nod32.exe -> ntsd -d
O26 - IFEO: nod32krn.exe -> ntsd -d
O26 - IFEO: nod32kui.exe -> ntsd -d
O26 - IFEO: NORMIST.EXE -> net
O26 - IFEO: NPFMntor.exe -> ntsd -d
O26 - IFEO: NUPGRADE.EXE -> net
O26 - IFEO: NVC95.EXE -> net
O26 - IFEO: OllyDBG.EXE -> ntsd -d
O26 - IFEO: OllyICE.EXE -> ntsd -d
O26 - IFEO: PAVCL.EXE -> net
O26 - IFEO: PAVSCHED.EXE -> net
O26 - IFEO: PAVW.EXE -> net
O26 - IFEO: PCCWIN98.EXE -> net
O26 - IFEO: PCFWALLICON.EXE -> net
O26 - IFEO: PERSFW.EXE -> net
O26 - IFEO: PFW.exe -> net
O26 - IFEO: PFWLiveUpdate.exe -> ntsd -d
O26 - IFEO: procexp.exe -> ntsd -d
O26 - IFEO: QHSET.exe -> ntsd -d
O26 - IFEO: QQDoctor.exe -> ntsd -d
O26 - IFEO: QQKav.exe -> ntsd -d
O26 - IFEO: QQLogin.exe -> "C:/WINDOWS/system32/qqxyd.exe"
O26 - IFEO: Ras.exe -> ntsd -d
O26 - IFEO: Rav.exe -> net
O26 - IFEO: RAV7.EXE -> net
O26 - IFEO: RAV7WIN.EXE -> net
O26 - IFEO: RAVmon.exe -> net
O26 - IFEO: RavMonD.exe -> net
O26 - IFEO: RavStub.exe -> ntsd -d
O26 - IFEO: RAVtimer.exe -> net
O26 - IFEO: RawCopy.exe -> ntsd -d
O26 - IFEO: RegClean.exe -> ntsd -d
O26 - IFEO: RegTool.exe -> ntsd -d
O26 - IFEO: rfwcfg.exe -> ntsd -d
O26 - IFEO: rfwmain.exe -> ntsd -d
O26 - IFEO: rfwProxy.exe -> ntsd -d
O26 - IFEO: rfwsrv.exe -> ntsd -d
O26 - IFEO: rfwstub.exe -> ntsd -d
O26 - IFEO: Rising.exe -> net
O26 - IFEO: RsAgent.exe -> ntsd -d
O26 - IFEO: Rsaupd.exe -> ntsd -d
O26 - IFEO: runiep.exe -> ntsd -d
O26 - IFEO: safebank.exe -> ntsd -d
O26 - IFEO: safeboxTray.exe -> ntsd -d
O26 - IFEO: safelive.exe -> ntsd -d
O26 - IFEO: SAFEWEB.EXE -> net
O26 - IFEO: scan32.exe -> net
O26 - IFEO: SCAN95.EXE -> net
O26 - IFEO: SCANPM.EXE -> net
O26 - IFEO: SCRSCAN.EXE -> net
O26 - IFEO: SERV95.EXE -> net
O26 - IFEO: shcfg32.exe -> ntsd -d
O26 - IFEO: SmartUp.exe -> ntsd -d
O26 - IFEO: SMC.EXE -> net
O26 - IFEO: SPHINX.EXE -> net
O26 - IFEO: SREng.EXE -> ntsd -d
O26 - IFEO: SWEEP95.EXE -> net
O26 - IFEO: symlcsvc.exe -> ntsd -d
O26 - IFEO: SysSafe.exe -> ntsd -d
O26 - IFEO: TBSCAN.EXE -> net
O26 - IFEO: TCA.EXE -> net
O26 - IFEO: TDS2-98.EXE -> net
O26 - IFEO: TDS2-NT.EXE -> net
O26 - IFEO: THGUARD.EXE -> net
O26 - IFEO: tqat.exe -> ntsd -d
O26 - IFEO: TrojanDetector.exe -> ntsd -d
O26 - IFEO: TrojanHunter.exe -> net
O26 - IFEO: Trojanwall.exe -> ntsd -d
O26 - IFEO: TrojDie.kxp -> ntsd -d
O26 - IFEO: UIHost.exe -> ntsd -d
O26 - IFEO: UmxAgent.exe -> ntsd -d
O26 - IFEO: UmxAttachment.exe -> ntsd -d
O26 - IFEO: UmxCfg.exe -> ntsd -d
O26 - IFEO: UmxFwHlp.exe -> ntsd -d
O26 - IFEO: UmxPol.exe -> ntsd -d
O26 - IFEO: UpLive.exe -> ntsd -d
O26 - IFEO: VET95.EXE -> net
O26 - IFEO: VETTRAY.EXE -> net
O26 - IFEO: VSCAN40.EXE -> net
O26 - IFEO: VSECOMR.EXE -> net
O26 - IFEO: VSHWIN32.EXE -> net
O26 - IFEO: vsstat.exe -> net
O26 - IFEO: webscanx.exe -> net
O26 - IFEO: WFINDV32.EXE -> net
O26 - IFEO: WinDbg.exe -> ntsd -d
O26 - IFEO: WoptiClean.exe -> ntsd -d
O26 - IFEO: XYD2.exe -> "C:/WINDOWS/system32/qqxyd.exe"
O26 - IFEO: ZONEALARM.EXE -> net
O26 - IFEO: _AVP32.EXE -> net
O26 - IFEO: _AVPCC.EXE -> net
O26 - IFEO: _AVPM.EXE -> net
===/
有一些文件是老面孔了……
(未完待续)
- iemnaw.dll为无效映像?毒霸瑞星也玩失踪?原来中了Win32.Logogo,RootKit.Win32.HideFile等1
- iemnaw.dll为无效映像?毒霸瑞星也玩失踪?原来中了Win32.Logogo,RootKit.Win32.HideFile等2
- 中LOGOGO(Win32.Logogo.a)”病毒。。。。
- Rootkit.Win32.KernelBot,RootKit.Win32.Mnless,Trojan.Win32.Patched,Backdoor.Win32.RWX等1
- 遭遇RootKit.Win32.GameHack.GEN,Trojan.PSW.Win32.GameOL.GEN,RootKit.Win32.Mnless等1
- RootKit.Win32.Agent,Trojan.PSW.Win32.GameOnline,Trojan.Win32.Mnless等1
- 遭遇RootKit.Win32.GameHack,Trojan.PSW.Win32.QQPass,Trojan-PSW.Win32.OnLineGames等1
- Rootkit.Win32.KernelBot,RootKit.Win32.Mnless,Trojan.Win32.Patched,Backdoor.Win32.RWX等2
- ARP病毒所加网址传播Worm.Win32.Anilogo,Win32.Logogo.q等
- 遭遇RootKit.Win32.GameHack.GEN,Trojan.PSW.Win32.GameOL.GEN,RootKit.Win32.Mnless等2
- 解决灰鸽子变种、Rootkit.Win32.Vanti、Win32.Delf、Win32.Small等
- RootKit.Win32.Agent,Trojan.PSW.Win32.GameOnline,Trojan.Win32.Mnless等2
- RootKit.Win32.Agent,Trojan.PSW.Win32.GameOnline,Trojan.Win32.Mnless等3
- RootKit.Win32.Agent,Trojan.PSW.Win32.GameOnline,Trojan.Win32.Mnless等4
- 遭遇RootKit.Win32.GameHack,Trojan.PSW.Win32.QQPass,Trojan-PSW.Win32.OnLineGames等2
- 某职业指导网被挂Trojan.Win32.KillAV,Trojan.PSW.Win32.QQPass,RootKit.Win32.Mnless等
- 05-14/抓获会关闭瑞星实时监控的HiJack.dll、Worm.Win32.Agent.z等/v2
- 装了卡巴电脑更卡?原来是Trojan-PSW.Win32.QQPass等盗号木马群作梗1
- 如何为 MFC 应用程序创建本地化资源 DLL
- 继续joke
- Filter介绍
- c++强制类型转换
- 存储过程例子
- iemnaw.dll为无效映像?毒霸瑞星也玩失踪?原来中了Win32.Logogo,RootKit.Win32.HideFile等1
- Listener介绍
- DIV+CSS+JS树形菜单,可以刷新不改变菜单
- 使用存储过程演练SQL SEVER的三层安全模型
- 新技术把你的大脑与网络相连 成为搜索引擎
- 日期格式化
- Javascript可拖动的模式窗口
- 磁盘格式转换命令
- 出租车司机给我上了震撼一课
