(www.dngz.net)版权所有
[C:\Program Files\Common Files\Symantec Shared\Decomposers\Dec2CAB.dll] <Symantec Corporation><3.02.12.35> [C:\Program Files\Common Files\Symantec Shared\Decomposers\Dec2LHA.dll] <Symantec Corporation><3.02.12.35> [C:\Program Files\Common Files\Symantec Shared\Decomposers\Dec2ARJ.dll] <Symantec Corporation><3.02.12.35> [C:\Program Files\Common Files\Symantec Shared\Decomposers\Dec2TNEF.dll] <Symantec Corporation><3.02.12.35> [C:\Program Files\Common Files\Symantec Shared\Decomposers\Dec2LZ.dll] <Symantec Corporation><3.02.12.35> [C:\Program Files\Common Files\Symantec Shared\Decomposers\Dec2AMG.dll] <Symantec Corporation><3.02.12.35> [C:\Program Files\Common Files\Symantec Shared\Decomposers\Dec2RAR.dll] <Symantec Corporation><3.02.12.35> [C:\Program Files\Common Files\Symantec Shared\Decomposers\Dec2TAR.dll] <Symantec Corporation><3.02.12.35> [C:\Program Files\Common Files\Symantec Shared\Decomposers\Dec2RTF.dll] <Symantec Corporation><3.02.12.35> [C:\Program Files\Common Files\Symantec Shared\Decomposers\Dec2Text.dll] <Symantec Corporation><3.02.12.35> [C:\Program Files\Common Files\Symantec Shared\ccScan.dll] <Symantec Corporation><103.5.4.3> [C:\Program Files\Common Files\Symantec Shared\ecmldr32.DLL] <Symantec Corporation><1.4.0.11> [C:\PROGRA~1\COMMON~1\SYMANT~1\VIRUSD~1\20061216.007\ccEraser.dll] <Symantec Corporation><106.3.3.2> [C:\Program Files\Symantec AntiVirus\DefUtDCD.dll] <Symantec Corporation><3.1.13a.0> [C:\PROGRA~1\COMMON~1\SYMANT~1\VIRUSD~1\20061216.007\ecmsvr32.dll] <Symantec Corporation><61.3.0.18> [C:\PROGRA~1\COMMON~1\SYMANT~1\VIRUSD~1\20061216.007\NAVEX32a.DLL] <Symantec Corporation><20061.3.0.12> [C:\PROGRA~1\COMMON~1\SYMANT~1\VIRUSD~1\20061216.007\NAVENG32.DLL] <Symantec Corporation><20061.3.0.12> dngz.net [C:\Program Files\Symantec AntiVirus\NAVAP32.DLL] <Symantec Corporation><9.5.0.44> [C:\Program Files\Symantec AntiVirus\SAVRT32.DLL] <Symantec Corporation><9.5.0.44> [C:\Program Files\Symantec AntiVirus\IMail.dll] <Symantec Corporation><10.0.1.1000> [C:\Program Files\Symantec AntiVirus\NotesExt.dll] <Symantec Corporation><10.0.1.1000> [C:\Program Files\Symantec AntiVirus\vpmsece3.dll] <Symantec Corporation><10.0.1.1000> [C:\Program Files\Symantec AntiVirus\SymProtectStorage.dll] <Symantec Corporation><10.0.1.1000> [C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCEvt.dll] <Symantec Corporation><1,5,1,3> [C:\Program Files\Common Files\Symantec Shared\SSC\scandlgs.dll] <Symantec Corporation><10.0.1.1000> [C:\Program Files\Symantec AntiVirus\Cliscan.dll] <Symantec Corporation><10.0.1.1000> [PID: 1256][C:\WINDOWS\Explorer.EXE] <Microsoft Corporation><6.00.3790.1830 (srv03_sp1_rtm.050324-1447)> [C:\Program Files\WinRAR\rarext.dll] <N/A><N/A> [C:\Program Files\Common Files\Symantec Shared\SSC\vpshell2.dll] <Symantec Corporation><10.0.1.1000> [C:\Program Files\ewido anti-spyware 4.0\context.dll] <Anti-Malware Development a.s.><4, 0, 0, 172> [C:\Program Files\ewido anti-spyware 4.0\shellexecutehook.dll] <Anti-Malware Development a.s.><4, 0, 0, 172> [PID: 1860][C:\Program Files\Common Files\Symantec Shared\ccApp.exe] <Symantec Corporation><103.5.4.3> [C:\Program Files\Common Files\Symantec Shared\ccL35.dll] <Symantec Corporation><103.5.4.3> [C:\Program Files\Common Files\Symantec Shared\ccVrTrst.dll] <Symantec Corporation><103.5.4.3> [C:\PROGRA~1\COMMON~1\SYMANT~1\CCALERT.DLL] <Symantec Corporation><103.5.4.3> [C:\PROGRA~1\COMMON~1\SYMANT~1\CCEMLPXY.DLL] <Symantec Corporation><103.5.4.3> dngz.net版权所有 [C:\WINDOWS\system32\SYMREDIR.DLL] <Symantec Corporation><5.5.2.1> [C:\Program Files\Common Files\Symantec Shared\ccSetEvt.dll] <Symantec Corporation><103.5.4.3> [C:\Program Files\Symantec AntiVirus\SavEmail.dll] <Symantec Corporation><10.0.1.1000> [C:\Program Files\Common Files\Symantec Shared\ccProSub.dll] <Symantec Corporation><103.5.4.3> [PID: 1892][C:\PROGRA~1\SYMANT~1\VPTray.exe] <Symantec Corporation><10.0.1.1000> [C:\Program Files\Symantec AntiVirus\SAVRT32.DLL] <Symantec Corporation><9.5.0.44> [C:\Program Files\Symantec AntiVirus\Cliscan.dll] <Symantec Corporation><10.0.1.1000> [C:\PROGRA~1\SYMANT~1\NAVNTUTL.DLL] <Symantec Corporation><10.0.1.1000> [C:\Program Files\Symantec AntiVirus\Cliproxy.dll] <Symantec Corporation><10.0.1.1000> [PID: 1916][C:\WINDOWS\system32\Internat.exe] <Microsoft Corporation><5.00.2920.0000> [PID: 2032][C:\WINDOWS\System32\svchost.exe] <Microsoft Corporation><5.2.3790.1830 (srv03_sp1_rtm.050324-1447)> [PID: 2016][D:\服务端\iSCSI.exe] <浙江地区专用><9, 0, 0, 1> [PID: 428][C:\Documents and Settings\Administrator\「开始」菜单\程序\启动\lock.exe] <N/A><3, 1, 1, 133> [PID: 692][d:\qzserver\qzserver.exe] <><3.0.2005.323> [d:\qzserver\SERVERDLL.DLL] <><3.0.2005.323> [d:\qzserver\SKINDLL.DLL] <N/A><N/A> [d:\qzserver\SERSOCK.DLL] <N/A><N/A> [d:\qzserver\DOWNLIST.DLL] <N/A><N/A> [PID: 864][D:\服务端\iSCSIMonitor.exe] <Sunward Information Technology Co.Ltd><9, 0, 0, 1> [PID: 1660][C:\WINDOWS\System32\svchost.exe] <Microsoft Corporation><5.2.3790.1830 (srv03_sp1_rtm.050324-1447)> [PID: 3960][C:\WINDOWS\system32\wbem\wmiprvse.exe] <Microsoft Corporation><5.2.3790.1830 (srv03_sp1_rtm.050324-1447)> [PID: 504][C:\Program Files\Faronics\Deep Freeze Enterprise\DF5 Install Programs\DF5Console.exe] <Faronics Corporation><5,70,220,1426>(www.dngz.net)
[PID: 3944][C:\WINDOWS\system32\conime.exe] <Microsoft Corporation><5.2.3790.1830 (srv03_sp1_rtm.050324-1447)> [PID: 3432][C:\Program Files\ewido anti-spyware 4.0\ewido.exe] <Anti-Malware Development a.s.><4, 0, 0, 201> [C:\Program Files\ewido anti-spyware 4.0\engine.dll] <Anti-Malware Development a.s.><4, 0, 0, 172> [PID: 3240][C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\371918.exe] <北京江民新科技术有限公司><2, 0, 0, 2> [PID: 700][C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\Rar$EX00.203\SREng.exe] <Smallfrogs Studio><2.0.21.505> ================================== 文件关联 .TXT OK. [%SystemRoot%\system32\NOTEPAD.EXE %1] .EXE OK. ["%1" %*] .COM OK. ["%1" %*] .PIF OK. ["%1" %*] .REG OK. [regedit.exe "%1"] .BAT OK. ["%1" %*] .SCR OK. ["%1" /S] .CHM OK. ["C:\WINDOWS\hh.exe" %1] .HLP OK. [%SystemRoot%\System32\winhlp32.exe %1] .INI OK. [%SystemRoot%\System32\NOTEPAD.EXE %1] .INF OK. [%SystemRoot%\System32\NOTEPAD.EXE %1] .VBS OK. [%SystemRoot%\System32\WScript.exe "%1" %*] .JS OK. [%SystemRoot%\System32\WScript.exe "%1" %*] .LNK OK. [{00021401-0000-0000-C000-000000000046}]Logfile of HijackThis v1.99.1 Scan saved at 23:56:15, on 2006-12-18 Platform: Windows 2003 SP1 (WinNT 5.02.3790) MSIE: Internet Explorer v6.00 SP1 (6.00.3790.1830) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Symantec AntiVirus\DefWatch.exe C:\WINDOWS\System32\svchost.exe ~ C:\Program Files\Symantec AntiVirus\Rtvscan.exe C:\WINDOWS\Explorer.EXE C:\Program Files\Common Files\Symantec Shared\ccApp.exe C:\PROGRA~1\SYMANT~1\VPTray.exe C:\WINDOWS\system32\Internat.exe C:\WINDOWS\System32\svchost.exe D:\服务端\iSCSI.exe C:\Documents and Settings\Administrator\「开始」菜单\程序\启动\lock.exe d:\qzserver\qzserver.exe D:\服务端\iSCSIMonitor.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Faronics\Deep Freeze Enterprise\DF5 Install Programs\DF5Console.exe C:\WINDOWS\system32\conime.exe C:\Program Files\ewido anti-spyware 4.0\guard.exe C:\Program Files\ewido anti-spyware 4.0\ewido.exe H:\扫描\系统扫描\HijackThis.exe O1 - Hosts: QZSER 192.168.0.250 O1 - Hosts: QZSER 127.0.0.1
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe" O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\VPTray.exe O4 - HKLM\..\Run: [!ewido] "C:\Program Files\ewido anti-spyware 4.0\ewido.exe" /minimized O4 - HKCU\..\Run: [Internat.exe] Internat.exe O4 - HKCU\..\RunOnce: [FlashPlayerUpdate] C:\WINDOWS\system32\Macromed\Flash\GetFlash.exe O4 - Startup: iSCSI.lnk = ? O4 - Startup: lock.exe O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present O8 - Extra context menu item: &使用迅雷下载 - C:\Program Files\Thunder Network\Thunder\Program\GetUrl.htm O8 - Extra context menu item: &使用迅雷下载全部链接 - C:\Program Files\Thunder Network\Thunder\Program\GetAllUrl.htm O9 - Extra button: 启动迅雷 - {0062C9BD-B349-40DE-91A0-755F37ACD559} - C:\Program Files\Thunder Network\Thunder\Thunder.exe O9 - Extra 'Tools' menuitem: 启动迅雷 - {0062C9BD-B349-40DE-91A0-755F37ACD559} - C:\Program Files\Thunder Network\Thunder\Thunder.exe O17 - HKLM\System\CCS\Services\Tcpip\..\{D4ACFE7E-EC0B-4148-AE60-32DB7108813B}: NameServer = 202.98.96.68,61.139.2.69 (www.dngz.net) O20 - Winlogon Notify: dimsntfy - C:\WINDOWS\SYSTEM32\dimsntfy.dll O20 - Winlogon Notify: NavLogon - C:\WINDOWS\system32\NavLogon.dll O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe O23 - Service: Symantec AntiVirus Definition Watcher (DefWatch) - Symantec Corporation - C:\Program Files\Symantec AntiVirus\DefWatch.exe O23 - Service: ewido anti-spyware 4.0 guard - Anti-Malware Development a.s. - C:\Program Files\ewido anti-spyware 4.0\guard.exe O23 - Service: SAVRoam (SavRoam) - symantec - C:\Program Files\Symantec AntiVirus\SavRoam.exe O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe O23 - Service: Symantec AntiVirus - Symantec Corporation - C:\Program Files\Symantec AntiVirus\Rtvscan.exe看过了,呵呵.好像没有马子哦,你如果机子有问题,或许是潜伏的,在日志里头没有。 还有就是楼主的ewido anti-spyware 4.0版本太老了,现在都已经是7.5的啦;P 详细参阅http://bbs.dngz.net/viewthread.php?tid=123833&page=1#pid1379817
xiexie谢谢。。。
[PID: 3240][C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\371918.exe] <北京江民新科技术有限公司><2, 0, 0, 2>(江民不会有这exe吧) 这个再查查O20 - Winlogon Notify: dimsntfy - C:\WINDOWS\SYSTEM32\dimsntfy.dll