风云小站 » 『 求助专区 』 » 疑似中毒 机子很慢 麻烦各位前辈大大分析一下日志 谢谢
本页主题: 疑似中毒 机子很慢 麻烦各位前辈大大分析一下日志 谢谢 打印 | 加为IE收藏 | 复制链接 | 收藏主题 | 上一主题 | 下一主题

kyohyde
级别: *


精华: *
发帖: *
威望: * 点
风云币: * 元
专家分: 0 分
在线时间:(小时)
注册时间:*
最后登录:*
引用 推荐 编辑 只看 复制

 疑似中毒 机子很慢 麻烦各位前辈大大分析一下日志 谢谢

[CODE]

2007-01-16,11:27:33

System Repair Engineer 2.3.13.690
Smallfrogs (http://www.KZTechs.com)

Windows Server 2003 Enterprise Edition Service Pack 1 (Build 3790)
- 管理权限用户 - 完整功能

以下内容被选中:
  所有的启动项目(包括注册表、启动文件夹、服务等)
  浏览器加载项
  正在运行的进程(包括进程模块信息)
  文件关联
  Winsock 提供者
  Autorun.inf
  HOSTS 文件


启动项目
注册表
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
  <ctfmon.exe><C:\WINDOWS\system32\ctfmon.exe> [(Verified)Microsoft Corporation]
[HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows]
  <load><> [N/A]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
  <IMJPMIG8.1><"C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32> [(Verified)Microsoft Corporation]
  <PHIME2002ASync><C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC> [(Verified)Microsoft Corporation]
  <PHIME2002A><C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName> [(Verified)Microsoft Corporation]
  <DiskeeperSystray><"C:\Program Files\Diskeeper Corporation\Diskeeper\DkIcon.exe"> [Diskeeper Corporation]
  <ccApp><"C:\Program Files\Common Files\Symantec Shared\ccApp.exe"> [(Verified)Symantec Corporation]
  <vptray><C:\PROGRA~1\SYMANT~1\VPTray.exe> [(Verified)Symantec Corporation]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
  <shell><Explorer.exe> [(Verified)Microsoft Corporation]
  <Userinit><C:\WINDOWS\system32\userinit.exe,> [(Verified)Microsoft Corporation]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Windows]
  <AppInit_DLLs><> [N/A]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
  <UIHost><%SystemRoot%\system32\logonui.exe> [(Verified)Microsoft Corporation]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\NavLogon]
  <WinlogonNotify: NavLogon><C:\WINDOWS\system32\NavLogon.dll> [(Verified)Symantec Corporation]

==================================
启动文件夹
[服务管理器]
<C:\Documents and Settings\All Users\「开始」菜单\程序\启动\服务管理器.lnk --> C:\PROGRA~1\MICROS~1\80\Tools\Binn\sqlmangr.exe [Microsoft Corporation]><N>

==================================
服务
[Symantec Event Manager / ccEvtMgr][Running/Auto Start]
<"C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe"><Symantec Corporation>
[Symantec Password Validation / ccPwdSvc][Stopped/Manual Start]
<"C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe"><Symantec Corporation>
[Symantec Settings Manager / ccSetMgr][Running/Auto Start]
<"C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe"><Symantec Corporation>
[Symantec AntiVirus Definition Watcher / DefWatch][Running/Auto Start]
<"C:\Program Files\Symantec AntiVirus\DefWatch.exe"><Symantec Corporation>
[Diskeeper / Diskeeper][Running/Auto Start]
<"C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe"><Diskeeper Corporation>
[Human Interface Device Access / HidServ][Stopped/Disabled]
<C:\WINDOWS\System32\svchost.exe -k netsvcs-->%SystemRoot%\System32\hidserv.dll><N/A>
[Microsoft Search / MSSEARCH][Running/Auto Start]
<"C:\Program Files\Common Files\System\MSSearch\Bin\mssearch.exe"><Microsoft Corporation>
[MSSQLSERVER / MSSQLSERVER][Running/Auto Start]
<D:\MICROS~2\MSSQL\binn\sqlservr.exe><Microsoft Corporation>
[SavRoam / SavRoam][Running/Auto Start]
<"C:\Program Files\Symantec AntiVirus\SavRoam.exe"><symantec>
[Symantec Network Drivers Service / SNDSrvc][Stopped/Manual Start]
<"C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe"><Symantec Corporation>
[Symantec SPBBCSvc / SPBBCSvc][Stopped/Manual Start]
<"C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe"><Symantec Corporation>
[SQLSERVERAGENT / SQLSERVERAGENT][Running/Auto Start]
<D:\Microsoft SQL Server\MSSQL\binn\sqlagent.exe -i MSSQLSERVER><Microsoft Corporation>
[Symantec AntiVirus / Symantec AntiVirus][Running/Auto Start]
<"C:\Program Files\Symantec AntiVirus\Rtvscan.exe"><Symantec Corporation>

==================================
驱动程序
[adpu320 / adpu320][Running/Boot Start]
<\SystemRoot\system32\DRIVERS\adpu320.sys><Adaptec, Inc.>
[ati2mpad / ati2mpad][Running/Manual Start]
<system32\DRIVERS\ati2mpad.sys><ATI Technologies Inc.>
[Intel(R) PRO/1000 Network Connection Driver / E1000][Running/Manual Start]
<system32\DRIVERS\e1000325.sys><Intel Corporation>
[Symantec Eraser Control driver / eeCtrl][Running/System Start]
<\??\C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys><Symantec Corporation>
[IP in IP Tunnel Driver / IpInIp][Stopped/Manual Start]
<system32\DRIVERS\ipinip.sys><N/A>
[mraid35x / mraid35x][Running/Boot Start]
<\SystemRoot\system32\drivers\mraid35x.sys><LSI Logic Corporation>
[NAVENG / NAVENG][Running/Manual Start]
<\??\C:\PROGRA~1\COMMON~1\SYMANT~1\VIRUSD~1\20070114.008\naveng.sys><Symantec Corporation>
[NAVEX15 / NAVEX15][Running/Manual Start]
<\??\C:\PROGRA~1\COMMON~1\SYMANT~1\VIRUSD~1\20070114.008\navex15.sys><Symantec Corporation>
[Direct Parallel Link Driver / Ptilink][Running/Manual Start]
<system32\DRIVERS\ptilink.sys><Parallel Technologies, Inc.>
[ql2300 / ql2300][Running/Boot Start]
<\SystemRoot\system32\DRIVERS\ql2300.sys><QLogic Corporation>
[SAVRT / SAVRT][Running/System Start]
<\??\C:\Program Files\Symantec AntiVirus\savrt.sys><Symantec Corporation>
[SAVRTPEL / SAVRTPEL][Running/System Start]
<\??\C:\Program Files\Symantec AntiVirus\Savrtpel.sys><Symantec Corporation>
[Secdrv / Secdrv][Stopped/Manual Start]
<system32\DRIVERS\secdrv.sys><Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.>
[SPBBCDrv / SPBBCDrv][Stopped/Manual Start]
<\??\C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCDrv.sys><Symantec Corporation>
[SymEvent / SymEvent][Running/Manual Start]
<\??\C:\Program Files\Symantec\SYMEVENT.SYS><Symantec Corporation>
[SYMREDRV / SYMREDRV][Running/Manual Start]
<\SystemRoot\System32\Drivers\SYMREDRV.SYS><Symantec Corporation>
[SYMTDI / SYMTDI][Running/System Start]
<\SystemRoot\System32\Drivers\SYMTDI.SYS><Symantec Corporation>

==================================
浏览器加载项
[WUWebControl Class]
{6414512B-B978-451D-A0D8-FCFDF33E833C} <C:\WINDOWS\system32\wuweb.dll, Microsoft Corporation>

==================================
正在运行的进程
[PID: 992][\SystemRoot\System32\smss.exe] [Microsoft Corporation, 5.2.3790.1830 (srv03_sp1_rtm.050324-1447)]
[PID: 1200][\??\C:\WINDOWS\system32\csrss.exe] [Microsoft Corporation, 5.2.3790.0 (srv03_rtm.030324-2048)]
[PID: 1352][\??\C:\WINDOWS\system32\winlogon.exe] [Microsoft Corporation, 5.2.3790.1830 (srv03_sp1_rtm.050324-1447)]
  [C:\WINDOWS\system32\NavLogon.dll] [Symantec Corporation, 10.0.0.359]
[PID: 1540][C:\WINDOWS\system32\services.exe] [Microsoft Corporation, 5.2.3790.1830 (srv03_sp1_rtm.050324-1447)]
[PID: 1568][C:\WINDOWS\system32\lsass.exe] [Microsoft Corporation, 5.2.3790.0 (srv03_rtm.030324-2048)]
[PID: 1812][C:\WINDOWS\system32\svchost.exe] [Microsoft Corporation, 5.2.3790.1830 (srv03_sp1_rtm.050324-1447)]
[PID: 288][C:\WINDOWS\system32\svchost.exe] [Microsoft Corporation, 5.2.3790.1830 (srv03_sp1_rtm.050324-1447)]
[PID: 372][C:\WINDOWS\system32\svchost.exe] [Microsoft Corporation, 5.2.3790.1830 (srv03_sp1_rtm.050324-1447)]
[PID: 448][C:\WINDOWS\system32\svchost.exe] [Microsoft Corporation, 5.2.3790.1830 (srv03_sp1_rtm.050324-1447)]
[PID: 484][C:\WINDOWS\System32\svchost.exe] [Microsoft Corporation, 5.2.3790.1830 (srv03_sp1_rtm.050324-1447)]
[PID: 596][C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe] [Symantec Corporation, 103.5.1.9]
  [C:\Program Files\Common Files\Symantec Shared\ccL35.dll] [Symantec Corporation, 103.5.1.9]
  [C:\Program Files\Common Files\Symantec Shared\ccVrTrst.dll] [Symantec Corporation, 103.5.1.9]
  [C:\Program Files\Common Files\Symantec Shared\ccSetEvt.dll] [Symantec Corporation, 103.5.1.9]
[PID: 716][C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe] [Symantec Corporation, 103.5.1.9]
  [C:\Program Files\Common Files\Symantec Shared\ccL35.dll] [Symantec Corporation, 103.5.1.9]
  [C:\Program Files\Common Files\Symantec Shared\ccVrTrst.dll] [Symantec Corporation, 103.5.1.9]
  [C:\PROGRA~1\COMMON~1\SYMANT~1\SPBBC\BB.DLL] [Symantec Corporation, 1,5,1,3]
  [C:\PROGRA~1\COMMON~1\SYMANT~1\SPBBC\SPBBCEVT.DLL] [Symantec Corporation, 1,5,1,3]
  [C:\Program Files\Common Files\Symantec Shared\ccSet.dll] [Symantec Corporation, 103.5.1.9]
  [C:\PROGRA~1\COMMON~1\SYMANT~1\CCSETEVT.DLL] [Symantec Corporation, 103.5.1.9]
[PID: 1508][C:\WINDOWS\system32\spoolsv.exe] [Microsoft Corporation, 5.2.3790.1830 (srv03_sp1_rtm.050324-1447)]
[PID: 1580][C:\WINDOWS\system32\msdtc.exe] [Microsoft Corporation, 2001.12.4720.1830 (srv03_sp1_rtm.050324-1447)]
[PID: 192][C:\Program Files\Symantec AntiVirus\DefWatch.exe] [Symantec Corporation, 10.0.0.359]
[PID: 220][C:\WINDOWS\system32\Dfssvc.exe] [Microsoft Corporation, 5.2.3790.1830 (srv03_sp1_rtm.050324-1447)]
[PID: 1096][C:\WINDOWS\System32\dns.exe] [Microsoft Corporation, 5.2.3790.1830 (srv03_sp1_rtm.050324-1447)]
[PID: 1164][C:\WINDOWS\System32\svchost.exe] [Microsoft Corporation, 5.2.3790.1830 (srv03_sp1_rtm.050324-1447)]
[PID: 368][C:\WINDOWS\system32\inetsrv\inetinfo.exe] [Microsoft Corporation, 6.0.3790.1830 (srv03_sp1_rtm.050324-1447)]
[PID: 748][C:\WINDOWS\System32\ismserv.exe] [Microsoft Corporation, 5.2.3790.0 (srv03_rtm.030324-2048)]
[PID: 536][C:\WINDOWS\System32\llssrv.exe] [Microsoft Corporation, 5.2.3790.1830 (srv03_sp1_rtm.050324-1447)]
[PID: 700][D:\MICROS~2\MSSQL\binn\sqlservr.exe] [Microsoft Corporation, 2000.080.2040.00 Hotfix 2140]
[PID: 1032][C:\WINDOWS\system32\ntfrs.exe] [Microsoft Corporation, 5.2.3790.1830 (srv03_sp1_rtm.050324-1447)]
[PID: 2136][C:\WINDOWS\system32\svchost.exe] [Microsoft Corporation, 5.2.3790.1830 (srv03_sp1_rtm.050324-1447)]
[PID: 2152][C:\Program Files\Symantec AntiVirus\SavRoam.exe] [symantec, 10.0.0.359]
  [C:\Program Files\Common Files\Symantec Shared\SSC\Transman.dll] [Symantec Corporation, 10.0.0.359]
  [C:\WINDOWS\system32\CBA.DLL] [Intel? Corporation, 6.12.0.130 E]
  [C:\WINDOWS\system32\MsgSys.dll] [Intel? Corporation, 6.12.0.130 E]
  [C:\WINDOWS\system32\NTS.dll] [Intel? Corporation, 6.12.0.130 E]
  [C:\WINDOWS\system32\PDS.DLL] [Intel? Corporation, 6.12.0.130 E]
  [c:\program files\common files\symantec shared\ssc\ScsComms.dll] [Symantec Corporation, 10.0.0.359]
[PID: 2900][C:\Program Files\Symantec AntiVirus\Rtvscan.exe] [Symantec Corporation, 10.0.0.359]
  [C:\WINDOWS\system32\CBA.DLL] [Intel? Corporation, 6.12.0.130 E]
  [C:\WINDOWS\system32\MsgSys.dll] [Intel? Corporation, 6.12.0.130 E]
  [C:\WINDOWS\system32\NTS.dll] [Intel? Corporation, 6.12.0.130 E]
  [C:\WINDOWS\system32\PDS.DLL] [Intel? Corporation, 6.12.0.130 E]
  [C:\Program Files\Symantec AntiVirus\NAVLU.dll] [Symantec Corporation, 10.0.0.359]
  [C:\Program Files\Symantec AntiVirus\NAVNTUTL.DLL] [Symantec Corporation, 10.0.0.359]
  [c:\program files\common files\symantec shared\ssc\ScsComms.dll] [Symantec Corporation, 10.0.0.359]
  [C:\Program Files\Symantec AntiVirus\I2ldvp3.dll] [Symantec Corporation, 10.0.0.359]
  [C:\Program Files\Common Files\Symantec Shared\ccVrTrst.dll] [Symantec Corporation, 103.5.1.9]
  [C:\Program Files\Common Files\Symantec Shared\ccL35.dll] [Symantec Corporation, 103.5.1.9]
  [C:\Program Files\Common Files\Symantec Shared\ccDec.dll] [Symantec Corporation, 103.5.1.9]
  [C:\Program Files\Common Files\Symantec Shared\Decomposers\decsdk.dll] [Symantec Corporation, 3.02.12.35]
  [C:\Program Files\Common Files\Symantec Shared\Decomposers\Dec2.dll] [Symantec Corporation, 3.02.12.35]
  [C:\Program Files\Common Files\Symantec Shared\Decomposers\Dec2ID.dll] [Symantec Corporation, 3.02.12.35]
  [C:\Program Files\Common Files\Symantec Shared\Decomposers\Dec2Zip.dll] [Symantec Corporation, 3.02.12.35]
  [C:\Program Files\Common Files\Symantec Shared\Decomposers\Dec2SS.dll] [Symantec Corporation, 3.02.12.35]
  [C:\Program Files\Common Files\Symantec Shared\Decomposers\Dec2GZIP.dll] [Symantec Corporation, 3.02.12.35]
  [C:\Program Files\Common Files\Symantec Shared\Decomposers\Dec2CAB.dll] [Symantec Corporation, 3.02.12.35]
  [C:\Program Files\Common Files\Symantec Shared\Decomposers\Dec2LHA.dll] [Symantec Corporation, 3.02.12.35]
  [C:\Program Files\Common Files\Symantec Shared\Decomposers\Dec2ARJ.dll] [Symantec Corporation, 3.02.12.35]
  [C:\Program Files\Common Files\Symantec Shared\Decomposers\Dec2TNEF.dll] [Symantec Corporation, 3.02.12.35]
  [C:\Program Files\Common Files\Symantec Shared\Decomposers\Dec2LZ.dll] [Symantec Corporation, 3.02.12.35]
  [C:\Program Files\Common Files\Symantec Shared\Decomposers\Dec2AMG.dll] [Symantec Corporation, 3.02.12.35]
  [C:\Program Files\Common Files\Symantec Shared\Decomposers\Dec2RAR.dll] [Symantec Corporation, 3.02.12.35]
  [C:\Program Files\Common Files\Symantec Shared\Decomposers\Dec2TAR.dll] [Symantec Corporation, 3.02.12.35]
  [C:\Program Files\Common Files\Symantec Shared\Decomposers\Dec2RTF.dll] [Symantec Corporation, 3.02.12.35]
  [C:\Program Files\Common Files\Symantec Shared\Decomposers\Dec2Text.dll] [Symantec Corporation, 3.02.12.35]
  [C:\Program Files\Common Files\Symantec Shared\ccScan.dll] [Symantec Corporation, 103.5.1.9]
  [C:\Program Files\Common Files\Symantec Shared\ecmldr32.DLL] [Symantec Corporation, 1.4.0.11]
  [C:\Program Files\Symantec AntiVirus\DefUtDCD.dll] [Symantec Corporation, 3.1.13a.0]
  [C:\Program Files\Symantec AntiVirus\SAVRT32.DLL] [Symantec Corporation, 9.5.0.44]
  [C:\Program Files\Symantec AntiVirus\IMail.dll] [Symantec Corporation, 10.0.0.359]
  [C:\Program Files\Symantec AntiVirus\NotesExt.dll] [Symantec Corporation, 10.0.0.359]
  [C:\Program Files\Symantec AntiVirus\vpmsece3.dll] [Symantec Corporation, 10.0.0.359]
  [C:\Program Files\Symantec AntiVirus\SymProtectStorage.dll] [Symantec Corporation, 10.0.0.359]
  [C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCEvt.dll] [Symantec Corporation, 1,5,1,3]
  [C:\Program Files\Common Files\Symantec Shared\SSC\scandlgs.dll] [Symantec Corporation, 10.0.0.359]
  [C:\Program Files\Symantec AntiVirus\Cliscan.dll] [Symantec Corporation, 10.0.0.359]
  [C:\PROGRA~1\COMMON~1\SYMANT~1\VIRUSD~1\20070114.008\ccEraser.dll] [Symantec Corporation, 106.3.3.2]
  [C:\PROGRA~1\COMMON~1\SYMANT~1\VIRUSD~1\20070114.008\ecmsvr32.dll] [Symantec Corporation, 61.3.0.18]
  [C:\PROGRA~1\COMMON~1\SYMANT~1\VIRUSD~1\20070114.008\NAVEX32a.DLL] [Symantec Corporation, 20061.3.0.12]
  [C:\PROGRA~1\COMMON~1\SYMANT~1\VIRUSD~1\20070114.008\NAVENG32.DLL] [Symantec Corporation, 20061.3.0.12]
  [C:\Program Files\Symantec AntiVirus\NAVAP32.DLL] [Symantec Corporation, 9.5.0.44]
[PID: 3020][C:\Program Files\Common Files\System\MSSearch\Bin\mssearch.exe] [Microsoft Corporation, 9.107.8320.9]
[PID: 3356][C:\WINDOWS\System32\svchost.exe] [Microsoft Corporation, 5.2.3790.1830 (srv03_sp1_rtm.050324-1447)]
[PID: 408][D:\Microsoft SQL Server\MSSQL\binn\sqlagent.exe] [Microsoft Corporation, 2000.080.2039.00]
[PID: 3388][C:\WINDOWS\System32\svchost.exe] [Microsoft Corporation, 5.2.3790.1830 (srv03_sp1_rtm.050324-1447)]
[PID: 3464][C:\WINDOWS\System32\dmadmin.exe] [Microsoft Corporation, 5.2.3790.1830 (srv03_sp1_rtm.050324-1447)]
[PID: 2324][C:\WINDOWS\System32\alg.exe] [Microsoft Corporation, 5.2.3790.1830 (srv03_sp1_rtm.050324-1447)]
[PID: 2432][C:\WINDOWS\system32\wbem\wmiprvse.exe] [Microsoft Corporation, 5.2.3790.1830 (srv03_sp1_rtm.050324-1447)]
[PID: 3780][C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe] [Diskeeper Corporation, 10.0.593.0]
  [C:\Program Files\Diskeeper Corporation\Diskeeper\DkLib.dll] [Diskeeper Corporation, 10.0.593.0]
  [C:\Program Files\Diskeeper Corporation\Diskeeper\Tab.dll] [Diskeeper? Corporation., 1.0.37.0]
  [C:\Program Files\Diskeeper Corporation\Diskeeper\GetFATExtents.dll] [Diskeeper Corporation, 10.0.593.0]
  [C:\Program Files\Diskeeper Corporation\Diskeeper\2052\DkRes.dll] [Diskeeper Corporation, 10.0.593.0]
  [C:\Program Files\Diskeeper Corporation\Diskeeper\DkTabProvider.dll] [Diskeeper Corporation, 10.0.593.0]
[PID: 1924][\??\C:\WINDOWS\system32\csrss.exe] [Microsoft Corporation, 5.2.3790.0 (srv03_rtm.030324-2048)]
[PID: 3004][\??\C:\WINDOWS\system32\winlogon.exe] [Microsoft Corporation, 5.2.3790.1830 (srv03_sp1_rtm.050324-1447)]
  [C:\WINDOWS\system32\tssoft32.acm] [DSP GROUP, INC., 1.01]
  [C:\WINDOWS\system32\tsd32.dll] [N/A, N/A]
  [C:\WINDOWS\system32\sl_anet.acm] [Sipro Lab Telecom Inc., 3.02]
  [C:\WINDOWS\system32\l3codeca.acm] [Fraunhofer Institut Integrierte Schaltungen IIS, 1, 9, 0, 0305]
  [C:\WINDOWS\system32\NavLogon.dll] [Symantec Corporation, 10.0.0.359]
[PID: 3840][C:\WINDOWS\system32\rdpclip.exe] [Microsoft Corporation, 5.2.3790.1830 (srv03_sp1_rtm.050324-1447)]
[PID: 3536][C:\WINDOWS\Explorer.EXE] [Microsoft Corporation, 6.00.3790.1830 (srv03_sp1_rtm.050324-1447)]
  [C:\Program Files\Common Files\Symantec Shared\SSC\vpshell2.dll] [Symantec Corporation, 10.0.0.359]
  [C:\Program Files\WinRAR\rarext.dll] [N/A, N/A]
[PID: 3892][C:\Program Files\Common Files\Symantec Shared\ccApp.exe] [Symantec Corporation, 103.5.1.9]
  [C:\Program Files\Common Files\Symantec Shared\ccL35.dll] [Symantec Corporation, 103.5.1.9]
  [C:\Program Files\Common Files\Symantec Shared\ccVrTrst.dll] [Symantec Corporation, 103.5.1.9]
  [C:\PROGRA~1\COMMON~1\SYMANT~1\CCALERT.DLL] [Symantec Corporation, 103.5.1.9]
  [C:\PROGRA~1\COMMON~1\SYMANT~1\CCEMLPXY.DLL] [Symantec Corporation, 103.5.1.9]
  [C:\WINDOWS\system32\SYMREDIR.DLL] [Symantec Corporation, 5.5.1.6]
  [C:\Program Files\Common Files\Symantec Shared\ccSetEvt.dll] [Symantec Corporation, 103.5.1.9]
  [C:\Program Files\Symantec AntiVirus\SavEmail.dll] [Symantec Corporation, 10.0.0.359]
  [C:\Program Files\Common Files\Symantec Shared\ccProSub.dll] [Symantec Corporation, 103.5.1.9]
[PID: 1260][C:\WINDOWS\system32\ctfmon.exe] [Microsoft Corporation, 5.2.3790.1830 (srv03_sp1_rtm.050324-1447)]
[PID: 3012][C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe] [Microsoft Corporation, 2000.080.2039.00]
[PID: 4032][C:\Documents and Settings\Administrator.CNHAN\桌面\sreng2\SREng.EXE] [Smallfrogs Studio, 2.3.13.690]

==================================
文件关联
.TXT OK. [%SystemRoot%\system32\NOTEPAD.EXE %1]
.EXE OK. ["%1" %*]
.COM OK. ["%1" %*]
.PIF OK. ["%1" %*]
.REG OK. [regedit.exe "%1"]
.BAT OK. ["%1" %*]
.SCR OK. ["%1" /S]
.CHM OK. ["C:\WINDOWS\hh.exe" %1]
.HLP OK. [%SystemRoot%\System32\winhlp32.exe %1]
.INI OK. [%SystemRoot%\System32\NOTEPAD.EXE %1]
.INF OK. [%SystemRoot%\System32\NOTEPAD.EXE %1]
.VBS OK. [%SystemRoot%\System32\WScript.exe "%1" %*]
.JS   OK. [%SystemRoot%\System32\WScript.exe "%1" %*]
.LNK OK. [{00021401-0000-0000-C000-000000000046}]

==================================
Winsock 提供者
N/A

==================================
Autorun.inf
N/A

==================================
HOSTS 文件
127.0.0.1     localhost

==================================
API HOOK
N/A

==================================


[/CODE]
顶端 Posted: 2007-01-16 15:06 | 湖北省武汉市电信 [楼 主]
lfengnet
还在努力中。。。
级别: 资深会员


精华: 0
发帖: 566
威望: 1184 点
风云币: 3109 元
专家分: 1 分
在线时间:44(小时)
注册时间:2006-11-22
最后登录:2008-04-29
引用 推荐 编辑 只看 复制

 

你的机器有什么问题啊?
驱动程序
[IP in IP Tunnel Driver / IpInIp][Stopped/Manual Start]
<system32\DRIVERS\ipinip.sys><N/A>
浏览器
[WUWebControl Class]
{6414512B-B978-451D-A0D8-FCFDF33E833C} <C:\WINDOWS\system32\wuweb.dll, Microsoft Corporation>

系统中就只有这2个有问题。
[ 此贴被lfengnet在2007-01-16 15:22重新编辑 ]
学习病毒分析的地方
http://hi.baidu.com/teyqiu
http://hi.baidu.com/nslog
顶端 Posted: 2007-01-16 15:17 | 1 楼
帖子浏览记录 版块浏览记录
风云小站 » 『 求助专区 』
感谢,曾经的版主
Total 0.008822(s) query 6, Time now is:01-08 22:57, Gzip enabled 渝ICP备20004412号-1

Powered by PHPWind v6.3.2 Certificate Code © 2003-07 PHPWind.com Corporation Skin by Chen Bo