求助 - 中 Infostealer.Lineage 病毒

psac · 2006-06-07, 08:24 AM

引用:

作者: 披著狼皮的羊

物件名稱: C:Windows\system32\kerne0223.dll
病毒名稱: Infostealer.Lineaque
採取動作: 無法存取檔案

請問各位高手
我的Norton 掃出這隻病毒
而且跑出顯示如上列情況的視窗
該視窗無法關閉只能強迫關防毒軟體

...

HijackThis看起來沒問題....應該是Norton 掃出這隻病毒 .,已幫你擋掉...
要不再放心,可再smart SCAN,(選英文)
System Repair Engineer (SREng) 的智慧式掃瞄,掃瞄一個報告上來

,
http://www.kztechs.com/sreng/sreng2.zip
http://www.slime2.com.tw/forums/showthread.php?t=176477

放下是真功夫 · 2006-06-13, 01:22 PM

2006-06-13,13:16:57

System Repair Engineer 2.0.21.505 (2.0 RC 2)
Smallfrogs (http://www.KZTechs.com)

Windows XP Professional Service Pack 2 (Build 2600)
- Administrative User - Completed Functions Allowed

Follow item(s) have been choosed:
All Boot Items (Including Registry, Startup Folders, Services and so on)
Browser Add-ons
Runing Processes (Including process model information)
File Associations

Boot Items

Registry

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
(ctfmon.exe)(C:\WINDOWS\system32\ctfmon.exe) [Microsoft Corporation]
(Kerne0223)(C:\WINDOWS\system32\Kerne0223.exe) []
[HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows]
(load)() []
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
(IMJPMIG8.1)(; "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32) [Microsoft Corporation]
(ccApp)("C:\Program Files\Common Files\Symantec Shared\ccApp.exe") [Symantec Corporation]
(CJIMETIPSYNC)(C:\Program Files\Common Files\Microsoft Shared\IME\IMTC65\CHANGJIE\CINTLCFG.EXE /CJIMETIPSync) [Microsoft Corp.]
(PHIMETIPSYNC)(C:\Program Files\Common Files\Microsoft Shared\IME\IMTC65\PHONETIC\TINTLCFG.EXE /PHIMETIPSync) [Microsoft Corp.]
(Symantec NetDriver Monitor)(C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer) [Symantec Corporation]
(NeroFilterCheck)(C:\WINDOWS\system32\NeroCheck.exe) [Ahead Software Gmbh]
(WinampAgent)(C:\Program Files\Winamp\winampa.exe) []
(fzg)(C:\WINDOWS\Config\svhost32.exe) []
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
(shell)(Explorer.exe) [Microsoft Corporation]
(Userinit)(C:\WINDOWS\system32\userinit.exe,) [Microsoft Corporation]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Windows]
(AppInit_DLLs)() []
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
(UIHost)(logonui.exe) [Microsoft Corporation]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
({3EA18648-FAF6-490D-9C92-8FD729028A58})(C:\WINDOWS\system32\RegistryInfo.dll) []
({8E3526E3-F160-437B-9095-46A011877CBE})(C:\WINDOWS\system32\pKerme123.dll) []

放下是真功夫 · 2006-06-13, 01:22 PM

Startup Folders

Services

[Symantec Event Manager / ccEvtMgr]
("C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe")(Symantec Corporation)
[Symantec Password Validation / ccPwdSvc]
("C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe")(Symantec Corporation)
[Symantec Settings Manager / ccSetMgr]
("C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe")(Symantec Corporation)
[Norton AntiVirus Auto-Protect Service / navapsvc]
("C:\Program Files\Norton AntiVirus\navapsvc.exe")(Symantec Corporation)
[Norton AntiVirus Firewall Monitor Service / NPFMntor]
("C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe")(Symantec Corporation)
[SAVScan / SAVScan]
("C:\Program Files\Norton AntiVirus\SAVScan.exe")(Symantec Corporation)
[ScriptBlocking Service / SBService]
(C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe)(Symantec Corporation)
[Symantec Network Drivers Service / SNDSrvc]
("C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe")(Symantec Corporation)
[Symantec SPBBCSvc / SPBBCSvc]
("C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe")(Symantec Corporation)
[Symantec Core LC / Symantec Core LC]
(C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe)(Symantec Corporation)

放下是真功夫 · 2006-06-13, 01:23 PM

Browser Add-ons

[CNavExtBho Class]
{BDF3E430-B101-42AD-A544-FADC6B084872} (C:\Program Files\Norton AntiVirus\NavShExt.dll, Symantec Corporation)
[把σ戈(&R)]
{92780B25-18CC-41C8-B9BE-3C9C571A8263} (C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL, Microsoft Corporation)
[Yahoo! Messenger]
{E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} (C:\PROGRA~1\YAHOO!\MESSEN~1\YPAGER.EXE, N/A)
[Norton AntiVirus]
{42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} (C:\Program Files\Norton AntiVirus\NavShExt.dll, Symantec Corporation)
[Symantec AntiVirus scanner]
{2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (C:\WINDOWS\Downloaded Program Files\avsniff.dll, Symantec Corporation)
[Symantec RuFSI Utility Class]
{644E432F-49D3-41A1-8DD5-E099162EEEC5} (C:\WINDOWS\Downloaded Program Files\rufsi.dll, Symantec Corporation)
[Housecall ActiveX 6.5]
{6E5A37BF-FD42-463A-877C-4EB7002E68AE} (C:\WINDOWS\Downloaded Program Files\Housecall_ActiveX.dll, TrendMicro Deutschland GmbH)
[McFreeScan Class]
{EF791A6B-FC12-4C68-99EF-FB9E207A39E6} (C:\WINDOWS\McAfee.com\FreeScan\mcfscan.dll, McAfee, Inc.)
[QuickTime Object]
{02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (C:\WINDOWS\system32\QTPlugin.ocx, Apple Computer, Inc.)
[Windows Media Player]
{22D6F312-B0F6-11D0-94AB-0080C74C7E95} (C:\WINDOWS\system32\wmpdxm.dll, Microsoft Corporation)
[Norton AntiVirus]
{42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} (C:\Program Files\Norton AntiVirus\NavShExt.dll, Symantec Corporation)
[Windows Media Player]
{6BF52A52-394A-11D3-B153-00C04F79FAA6} (C:\WINDOWS\system32\wmp.dll, Microsoft Corporation)
[RealPlayer Stream Handler]
{A1A41E11-91DB-4461-95CD-0C02327FD934} (C:\WINDOWS\system32\rmoc3260.dll, RealNetworks, Inc.)
[CNavExtBho Class]
{BDF3E430-B101-42AD-A544-FADC6B084872} (C:\Program Files\Norton AntiVirus\NavShExt.dll, Symantec Corporation)
[Shockwave Flash Object]
{D27CDB6E-AE6D-11CF-96B8-444553540000} (C:\WINDOWS\system32\Macromed\Flash\Flash8b.ocx, Macromedia, Inc.)
[MessengerChecker Class]
{DA4F543C-C8A9-4E88-9A79-548CBB46F18F} (C:\Program Files\Yahoo!\Messenger\YPagerChecker.dll, TODO: (Company name))
[Messenger Class]
{E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} (, N/A)
[ㄏノ紇肚癳盿更]
(C:\Program Files\Xi\NetTransport 2\NTAddLink.html, N/A)
[ㄏノ紇肚癳盿更场硈挡]
(C:\Program Files\Xi\NetTransport 2\NTAddList.html, N/A)
[蹲 Microsoft Office Excel(&X)]
(res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000, N/A)

放下是真功夫 · 2006-06-13, 01:24 PM

Running Processes

[PID: 576][\SystemRoot\System32\smss.exe] (Microsoft Corporation)(5.1.2600.2180 (xpsp_sp2_rtm.040803-2158))
[PID: 636][\??\C:\WINDOWS\system32\csrss.exe] (Microsoft Corporation)(5.1.2600.2180 (xpsp_sp2_rtm.040803-2158))
[PID: 660][\??\C:\WINDOWS\system32\winlogon.exe] (Microsoft Corporation)(5.1.2600.2180 (xpsp_sp2_rtm.040803-2158))
[PID: 704][C:\WINDOWS\system32\services.exe] (Microsoft Corporation)(5.1.2600.2180 (xpsp_sp2_rtm.040803-2158))
[PID: 716][C:\WINDOWS\system32\lsass.exe] (Microsoft Corporation)(5.1.2600.2180 (xpsp_sp2_rtm.040803-2158))
[PID: 876][C:\WINDOWS\system32\svchost.exe] (Microsoft Corporation)(5.1.2600.2180 (xpsp_sp2_rtm.040803-2158))
[PID: 928][C:\WINDOWS\system32\svchost.exe] (Microsoft Corporation)(5.1.2600.2180 (xpsp_sp2_rtm.040803-2158))
[C:\WINDOWS\system32\mprxpau.dll] (N/A)(N/A)
[PID: 1068][C:\WINDOWS\System32\svchost.exe] (Microsoft Corporation)(5.1.2600.2180 (xpsp_sp2_rtm.040803-2158))
[C:\WINDOWS\system32\mprxpau.dll] (N/A)(N/A)
[PID: 1144][C:\WINDOWS\system32\svchost.exe] (Microsoft Corporation)(5.1.2600.2180 (xpsp_sp2_rtm.040803-2158))
[PID: 1192][C:\WINDOWS\system32\svchost.exe] (Microsoft Corporation)(5.1.2600.2180 (xpsp_sp2_rtm.040803-2158))
[PID: 1564][C:\WINDOWS\Explorer.EXE] (Microsoft Corporation)(6.00.2900.2180 (xpsp_sp2_rtm.040803-2158))
[C:\WINDOWS\system32\pKerme123.dll] (N/A)(N/A)
[C:\WINDOWS\system32\fzgdll.dll] (N/A)(N/A)
[C:\WINDOWS\system32\Kerne0223.dll] (N/A)(N/A)
[C:\Program Files\Yahoo!\Messenger\idle.dll] (Yahoo! Inc.)(1, 0, 0, 2)
[C:\Program Files\Common Files\Symantec Shared\ccL30.dll] (Symantec Corporation)(103.0.6.5)
[C:\Program Files\Norton AntiVirus\NavShExt.dll] (Symantec Corporation)(11.0.9.16)
[C:\Program Files\WinRAR\rarext.dll] (N/A)(N/A)
[F:\ъ祘Α\unlocker\UnlockerCOM.dll] (N/A)(N/A)
[PID: 1904][C:\WINDOWS\system32\spoolsv.exe] (Microsoft Corporation)(5.1.2600.2180 (xpsp_sp2_rtm.040803-2158))
[PID: 156][C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE] (Microsoft Corporation)(7.00.9466)
[PID: 624][C:\WINDOWS\system32\wdfmgr.exe] (Microsoft Corporation)(5.2.3790.1230 built by: dnsrv(bld4act))
[PID: 616][C:\Program Files\Winamp\winampa.exe] (N/A)(N/A)
[C:\WINDOWS\system32\pKerme123.dll] (N/A)(N/A)
[C:\WINDOWS\system32\fzgdll.dll] (N/A)(N/A)
[PID: 912][C:\WINDOWS\Config\svhost32.exe] (N/A)(N/A)
[C:\WINDOWS\system32\fzgdll.dll] (N/A)(N/A)
[PID: 1052][C:\WINDOWS\system32\ctfmon.exe] (Microsoft Corporation)(5.1.2600.2180 (xpsp_sp2_rtm.040803-2158))
[C:\WINDOWS\system32\pKerme123.dll] (N/A)(N/A)
[C:\WINDOWS\system32\fzgdll.dll] (N/A)(N/A)
[PID: 1112][C:\WINDOWS\system32\Kerne0223.exe] (N/A)(N/A)
[C:\WINDOWS\system32\Kerne0223.dll] (N/A)(N/A)
[C:\WINDOWS\system32\pKerme123.dll] (N/A)(N/A)
[PID: 1404][C:\WINDOWS\System32\alg.exe] (Microsoft Corporation)(5.1.2600.2180 (xpsp_sp2_rtm.040803-2158))
[C:\WINDOWS\system32\mprxpau.dll] (N/A)(N/A)
[PID: 1448][C:\Program Files\MSN Messenger\msnmsgr.exe] (Microsoft Corporation)(7.5.0324)
[C:\WINDOWS\system32\pKerme123.dll] (N/A)(N/A)
[C:\WINDOWS\system32\fzgdll.dll] (N/A)(N/A)
[C:\WINDOWS\system32\msdmo.dll] (N/A)(N/A)
[C:\Program Files\Yahoo!\Messenger\idle.dll] (Yahoo! Inc.)(1, 0, 0, 2)
[C:\WINDOWS\system32\mprxpau.dll] (N/A)(N/A)
[C:\Program Files\Common Files\Symantec Shared\Script Blocking\scrauth.dll] (Symantec Corporation)(11.0.9.16)
[C:\Program Files\Common Files\Symantec Shared\Script Blocking\ScrBlock.dll] (Symantec Corporation)(11.0.9.16)
[C:\Program Files\Common Files\Symantec Shared\ccL30.dll] (Symantec Corporation)(103.0.6.5)
[C:\Program Files\Common Files\Symantec Shared\ccVrTrst.dll] (Symantec Corporation)(103.0.6.5)
[C:\WINDOWS\system32\Macromed\Flash\Flash8b.ocx] (Macromedia, Inc.)(8,0,24,0)
[C:\WINDOWS\system32\Macromed\Common\SwSupport.dll] (Macromedia, Inc.)(10.1r11)
[PID: 1256][C:\Program Files\Yahoo!\Messenger\YPager.exe] (N/A)(N/A)
[C:\Program Files\Yahoo!\Messenger\idle.dll] (Yahoo! Inc.)(1, 0, 0, 2)
[C:\Program Files\Yahoo!\Messenger\ygxa_2.dll] (Yahoo! Inc.)(2004, 2, 19, 1)
[C:\Program Files\Yahoo!\Messenger\pcre.dll] (Pcre)(3.9)
[C:\Program Files\Yahoo!\Messenger\YML.dll] (N/A)(3, 0, 0, 2)
[C:\Program Files\Yahoo!\Messenger\YImage.dll] (Yahoo! Inc.)(1, 0, 0, 1)
[C:\Program Files\Yahoo!\Messenger\xmlparse.dll] (N/A)(N/A)
[C:\Program Files\Yahoo!\Messenger\xmltok.dll] (N/A)(N/A)
[C:\WINDOWS\system32\pKerme123.dll] (N/A)(N/A)
[C:\Program Files\Yahoo!\Messenger\ft60.dll] (Yahoo! Inc.)(1.0.0.4)
[C:\Program Files\Yahoo!\Messenger\res_msgr.dll] (Yahoo! Inc.)(6, 0, 0, 1610)
[C:\Program Files\Yahoo!\Shared\YbSkin2.dll] (Yahoo! Inc.)(2005, 6, 3, 1)
[C:\Program Files\Yahoo!\Messenger\MyYahoo.dll] (Yahoo! Inc.)(6, 0, 0, 600)
[C:\Program Files\Yahoo!\Messenger\D32-FW.DLL] (Distinct Corporation)(3.4.6)
[C:\WINDOWS\system32\icm32.dll] (Microsoft Corporation)(5.1.2600.2180 (xpsp_sp2_rtm.040803-2158))
[C:\WINDOWS\system32\Macromed\Flash\Flash8b.ocx] (Macromedia, Inc.)(8,0,24,0)
[C:\WINDOWS\system32\Macromed\Common\SwSupport.dll] (Macromedia, Inc.)(10.1r11)
[C:\WINDOWS\system32\fzgdll.dll] (N/A)(N/A)
[C:\WINDOWS\system32\mprxpau.dll] (N/A)(N/A)
[C:\Program Files\Yahoo!\Messenger\yvoicesm.dll] (N/A)(1, 0, 201, 1)
[C:\Program Files\Yahoo!\Messenger\yvoiceui.dll] (N/A)(N/A)
[C:\Program Files\Yahoo!\Messenger\yaudiomgr.dll] (N/A)(1, 0, 200, 1)
[C:\Program Files\Yahoo!\Messenger\yxtldr.dll] (N/A)(1, 0, 200, 1)
[C:\Program Files\Yahoo!\Messenger\rvsip.dll] (RADVISION)(3.1.1.30)
[C:\Program Files\Yahoo!\Messenger\rvcommon.dll] (RADVISION)(1.0.18)
[C:\Program Files\Yahoo!\Messenger\rvads.dll] (RADVISION)(3.1.1.30)
[C:\Program Files\Yahoo!\Messenger\rvsdp.dll] (RADVISION)()
[C:\Program Files\Yahoo!\Messenger\yv_res.dll] (N/A)(N/A)
[C:\Program Files\Yahoo!\Messenger\eyeBeamAsDLL.dll] (N/A)(N/A)
[C:\Program Files\Yahoo!\Messenger\AEC_PC_DLL.dll] (N/A)(N/A)
[C:\Program Files\Yahoo!\Shared\YAlertCenter.dll] (Yahoo! Inc.)(2004, 10, 20, 1)
[PID: 3132][C:\Program Files\Internet Explorer\iexplore.exe] (Microsoft Corporation)(6.00.2900.2180 (xpsp_sp2_rtm.040803-2158))
[C:\WINDOWS\system32\pKerme123.dll] (N/A)(N/A)
[C:\Program Files\Norton AntiVirus\NavShExt.dll] (Symantec Corporation)(11.0.9.16)
[C:\Program Files\Common Files\Symantec Shared\ccL30.dll] (Symantec Corporation)(103.0.6.5)
[C:\WINDOWS\system32\fzgdll.dll] (N/A)(N/A)
[C:\Program Files\Yahoo!\Messenger\idle.dll] (Yahoo! Inc.)(1, 0, 0, 2)
[C:\WINDOWS\system32\mprxpau.dll] (N/A)(N/A)
[C:\Program Files\Common Files\Symantec Shared\Script Blocking\scrauth.dll] (Symantec Corporation)(11.0.9.16)
[C:\Program Files\Common Files\Symantec Shared\Script Blocking\ScrBlock.dll] (Symantec Corporation)(11.0.9.16)
[C:\Program Files\Common Files\Symantec Shared\ccVrTrst.dll] (Symantec Corporation)(103.0.6.5)
[C:\WINDOWS\system32\Macromed\Flash\Flash8b.ocx] (Macromedia, Inc.)(8,0,24,0)
[PID: 2104][C:\Program Files\WinRAR\WinRAR.exe] (N/A)(N/A)
[C:\WINDOWS\system32\pKerme123.dll] (N/A)(N/A)
[C:\WINDOWS\system32\fzgdll.dll] (N/A)(N/A)
[C:\Program Files\Yahoo!\Messenger\idle.dll] (Yahoo! Inc.)(1, 0, 0, 2)
[PID: 3564][C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\Rar$EX00.566\SREng2\SREng.exe] (Smallfrogs Studio)(2.0.21.505)
[C:\WINDOWS\system32\pKerme123.dll] (N/A)(N/A)
[C:\WINDOWS\system32\fzgdll.dll] (N/A)(N/A)
[C:\Program Files\Yahoo!\Messenger\idle.dll] (Yahoo! Inc.)(1, 0, 0, 2)
[C:\WINDOWS\system32\mprxpau.dll] (N/A)(N/A)

放下是真功夫 · 2006-06-13, 01:25 PM

File Associations

.TXT OK. [%SystemRoot%\system32\NOTEPAD.EXE %1]
.EXE OK. ["%1" %*]
.COM OK. ["%1" %*]
.PIF OK. ["%1" %*]
.REG OK. [regedit.exe "%1"]
.BAT OK. ["%1" %*]
.SCR OK. ["%1" /S]
.CHM OK. ["C:\WINDOWS\hh.exe" %1]
.HLP OK. [%SystemRoot%\System32\winhlp32.exe %1]
.INI OK. [%SystemRoot%\System32\NOTEPAD.EXE %1]
.INF OK. [%SystemRoot%\System32\NOTEPAD.EXE %1]
.VBS OK. [%SystemRoot%\System32\WScript.exe "%1" %*]
.JS OK. [%SystemRoot%\System32\WScript.exe "%1" %*]
.LNK OK. [{00021401-0000-0000-C000-000000000046}]

--------------------------------------------------------------------------------

Winsock Provider

2006-06-13, 01:22 PM	#2 (permalink)
放下是真功夫長老會員榮譽勳章勳章總數12 UID - 2441 在線等級: 註冊日期: 2002-12-06 住址: 傻瓜花園文章: 4785 精華: 0 現金: 1405 金幣資產: 733785 金幣	2006-06-13,13:16:57 System Repair Engineer 2.0.21.505 (2.0 RC 2) Smallfrogs (http://www.KZTechs.com) Windows XP Professional Service Pack 2 (Build 2600) - Administrative User - Completed Functions Allowed Follow item(s) have been choosed: All Boot Items (Including Registry, Startup Folders, Services and so on) Browser Add-ons Runing Processes (Including process model information) File Associations Boot Items Registry [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run] (ctfmon.exe)(C:\WINDOWS\system32\ctfmon.exe) [Microsoft Corporation] (Kerne0223)(C:\WINDOWS\system32\Kerne0223.exe) [] [HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows] (load)() [] [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run] (IMJPMIG8.1)(; "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32) [Microsoft Corporation] (ccApp)("C:\Program Files\Common Files\Symantec Shared\ccApp.exe") [Symantec Corporation] (CJIMETIPSYNC)(C:\Program Files\Common Files\Microsoft Shared\IME\IMTC65\CHANGJIE\CINTLCFG.EXE /CJIMETIPSync) [Microsoft Corp.] (PHIMETIPSYNC)(C:\Program Files\Common Files\Microsoft Shared\IME\IMTC65\PHONETIC\TINTLCFG.EXE /PHIMETIPSync) [Microsoft Corp.] (Symantec NetDriver Monitor)(C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer) [Symantec Corporation] (NeroFilterCheck)(C:\WINDOWS\system32\NeroCheck.exe) [Ahead Software Gmbh] (WinampAgent)(C:\Program Files\Winamp\winampa.exe) [] (fzg)(C:\WINDOWS\Config\svhost32.exe) [] [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon] (shell)(Explorer.exe) [Microsoft Corporation] (Userinit)(C:\WINDOWS\system32\userinit.exe,) [Microsoft Corporation] [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Windows] (AppInit_DLLs)() [] [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon] (UIHost)(logonui.exe) [Microsoft Corporation] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks] ({3EA18648-FAF6-490D-9C92-8FD729028A58})(C:\WINDOWS\system32\RegistryInfo.dll) [] ({8E3526E3-F160-437B-9095-46A011877CBE})(C:\WINDOWS\system32\pKerme123.dll) []
	__________________ 勇氣鼓舞運氣　　 Just　Do　It !! You　Are　What　You　Think　You　Are　善念充滿^^　　惡念退散 !!　　　沒有能不能成功　　只有願不願意付出代價趴下是真功夫
	送花文章: 40448, 收花文章: 4182 篇, 收花: 26564 次

2006-06-13, 01:22 PM	#3 (permalink)
放下是真功夫長老會員榮譽勳章勳章總數12 UID - 2441 在線等級: 註冊日期: 2002-12-06 住址: 傻瓜花園文章: 4785 精華: 0 現金: 1405 金幣資產: 733785 金幣	Startup Folders Services [Symantec Event Manager / ccEvtMgr] ("C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe")(Symantec Corporation) [Symantec Password Validation / ccPwdSvc] ("C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe")(Symantec Corporation) [Symantec Settings Manager / ccSetMgr] ("C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe")(Symantec Corporation) [Norton AntiVirus Auto-Protect Service / navapsvc] ("C:\Program Files\Norton AntiVirus\navapsvc.exe")(Symantec Corporation) [Norton AntiVirus Firewall Monitor Service / NPFMntor] ("C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe")(Symantec Corporation) [SAVScan / SAVScan] ("C:\Program Files\Norton AntiVirus\SAVScan.exe")(Symantec Corporation) [ScriptBlocking Service / SBService] (C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe)(Symantec Corporation) [Symantec Network Drivers Service / SNDSrvc] ("C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe")(Symantec Corporation) [Symantec SPBBCSvc / SPBBCSvc] ("C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe")(Symantec Corporation) [Symantec Core LC / Symantec Core LC] (C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe)(Symantec Corporation)

	送花文章: 40448, 收花文章: 4182 篇, 收花: 26564 次

2006-06-13, 01:23 PM	#4 (permalink)
放下是真功夫長老會員榮譽勳章勳章總數12 UID - 2441 在線等級: 註冊日期: 2002-12-06 住址: 傻瓜花園文章: 4785 精華: 0 現金: 1405 金幣資產: 733785 金幣	Browser Add-ons [CNavExtBho Class] {BDF3E430-B101-42AD-A544-FADC6B084872} (C:\Program Files\Norton AntiVirus\NavShExt.dll, Symantec Corporation) [把σ戈(&R)] {92780B25-18CC-41C8-B9BE-3C9C571A8263} (C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL, Microsoft Corporation) [Yahoo! Messenger] {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} (C:\PROGRA~1\YAHOO!\MESSEN~1\YPAGER.EXE, N/A) [Norton AntiVirus] {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} (C:\Program Files\Norton AntiVirus\NavShExt.dll, Symantec Corporation) [Symantec AntiVirus scanner] {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (C:\WINDOWS\Downloaded Program Files\avsniff.dll, Symantec Corporation) [Symantec RuFSI Utility Class] {644E432F-49D3-41A1-8DD5-E099162EEEC5} (C:\WINDOWS\Downloaded Program Files\rufsi.dll, Symantec Corporation) [Housecall ActiveX 6.5] {6E5A37BF-FD42-463A-877C-4EB7002E68AE} (C:\WINDOWS\Downloaded Program Files\Housecall_ActiveX.dll, TrendMicro Deutschland GmbH) [McFreeScan Class] {EF791A6B-FC12-4C68-99EF-FB9E207A39E6} (C:\WINDOWS\McAfee.com\FreeScan\mcfscan.dll, McAfee, Inc.) [QuickTime Object] {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (C:\WINDOWS\system32\QTPlugin.ocx, Apple Computer, Inc.) [Windows Media Player] {22D6F312-B0F6-11D0-94AB-0080C74C7E95} (C:\WINDOWS\system32\wmpdxm.dll, Microsoft Corporation) [Norton AntiVirus] {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} (C:\Program Files\Norton AntiVirus\NavShExt.dll, Symantec Corporation) [Windows Media Player] {6BF52A52-394A-11D3-B153-00C04F79FAA6} (C:\WINDOWS\system32\wmp.dll, Microsoft Corporation) [RealPlayer Stream Handler] {A1A41E11-91DB-4461-95CD-0C02327FD934} (C:\WINDOWS\system32\rmoc3260.dll, RealNetworks, Inc.) [CNavExtBho Class] {BDF3E430-B101-42AD-A544-FADC6B084872} (C:\Program Files\Norton AntiVirus\NavShExt.dll, Symantec Corporation) [Shockwave Flash Object] {D27CDB6E-AE6D-11CF-96B8-444553540000} (C:\WINDOWS\system32\Macromed\Flash\Flash8b.ocx, Macromedia, Inc.) [MessengerChecker Class] {DA4F543C-C8A9-4E88-9A79-548CBB46F18F} (C:\Program Files\Yahoo!\Messenger\YPagerChecker.dll, TODO: (Company name)) [Messenger Class] {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} (, N/A) [ㄏノ紇肚癳盿更] (C:\Program Files\Xi\NetTransport 2\NTAddLink.html, N/A) [ㄏノ紇肚癳盿更场硈挡] (C:\Program Files\Xi\NetTransport 2\NTAddList.html, N/A) [蹲 Microsoft Office Excel(&X)] (res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000, N/A)

	送花文章: 40448, 收花文章: 4182 篇, 收花: 26564 次

2006-06-13, 01:24 PM	#5 (permalink)
放下是真功夫長老會員榮譽勳章勳章總數12 UID - 2441 在線等級: 註冊日期: 2002-12-06 住址: 傻瓜花園文章: 4785 精華: 0 現金: 1405 金幣資產: 733785 金幣	Running Processes [PID: 576][\SystemRoot\System32\smss.exe] (Microsoft Corporation)(5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)) [PID: 636][\??\C:\WINDOWS\system32\csrss.exe] (Microsoft Corporation)(5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)) [PID: 660][\??\C:\WINDOWS\system32\winlogon.exe] (Microsoft Corporation)(5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)) [PID: 704][C:\WINDOWS\system32\services.exe] (Microsoft Corporation)(5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)) [PID: 716][C:\WINDOWS\system32\lsass.exe] (Microsoft Corporation)(5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)) [PID: 876][C:\WINDOWS\system32\svchost.exe] (Microsoft Corporation)(5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)) [PID: 928][C:\WINDOWS\system32\svchost.exe] (Microsoft Corporation)(5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)) [C:\WINDOWS\system32\mprxpau.dll] (N/A)(N/A) [PID: 1068][C:\WINDOWS\System32\svchost.exe] (Microsoft Corporation)(5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)) [C:\WINDOWS\system32\mprxpau.dll] (N/A)(N/A) [PID: 1144][C:\WINDOWS\system32\svchost.exe] (Microsoft Corporation)(5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)) [PID: 1192][C:\WINDOWS\system32\svchost.exe] (Microsoft Corporation)(5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)) [PID: 1564][C:\WINDOWS\Explorer.EXE] (Microsoft Corporation)(6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)) [C:\WINDOWS\system32\pKerme123.dll] (N/A)(N/A) [C:\WINDOWS\system32\fzgdll.dll] (N/A)(N/A) [C:\WINDOWS\system32\Kerne0223.dll] (N/A)(N/A) [C:\Program Files\Yahoo!\Messenger\idle.dll] (Yahoo! Inc.)(1, 0, 0, 2) [C:\Program Files\Common Files\Symantec Shared\ccL30.dll] (Symantec Corporation)(103.0.6.5) [C:\Program Files\Norton AntiVirus\NavShExt.dll] (Symantec Corporation)(11.0.9.16) [C:\Program Files\WinRAR\rarext.dll] (N/A)(N/A) [F:\ъ祘Α\unlocker\UnlockerCOM.dll] (N/A)(N/A) [PID: 1904][C:\WINDOWS\system32\spoolsv.exe] (Microsoft Corporation)(5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)) [PID: 156][C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE] (Microsoft Corporation)(7.00.9466) [PID: 624][C:\WINDOWS\system32\wdfmgr.exe] (Microsoft Corporation)(5.2.3790.1230 built by: dnsrv(bld4act)) [PID: 616][C:\Program Files\Winamp\winampa.exe] (N/A)(N/A) [C:\WINDOWS\system32\pKerme123.dll] (N/A)(N/A) [C:\WINDOWS\system32\fzgdll.dll] (N/A)(N/A) [PID: 912][C:\WINDOWS\Config\svhost32.exe] (N/A)(N/A) [C:\WINDOWS\system32\fzgdll.dll] (N/A)(N/A) [PID: 1052][C:\WINDOWS\system32\ctfmon.exe] (Microsoft Corporation)(5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)) [C:\WINDOWS\system32\pKerme123.dll] (N/A)(N/A) [C:\WINDOWS\system32\fzgdll.dll] (N/A)(N/A) [PID: 1112][C:\WINDOWS\system32\Kerne0223.exe] (N/A)(N/A) [C:\WINDOWS\system32\Kerne0223.dll] (N/A)(N/A) [C:\WINDOWS\system32\pKerme123.dll] (N/A)(N/A) [PID: 1404][C:\WINDOWS\System32\alg.exe] (Microsoft Corporation)(5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)) [C:\WINDOWS\system32\mprxpau.dll] (N/A)(N/A) [PID: 1448][C:\Program Files\MSN Messenger\msnmsgr.exe] (Microsoft Corporation)(7.5.0324) [C:\WINDOWS\system32\pKerme123.dll] (N/A)(N/A) [C:\WINDOWS\system32\fzgdll.dll] (N/A)(N/A) [C:\WINDOWS\system32\msdmo.dll] (N/A)(N/A) [C:\Program Files\Yahoo!\Messenger\idle.dll] (Yahoo! Inc.)(1, 0, 0, 2) [C:\WINDOWS\system32\mprxpau.dll] (N/A)(N/A) [C:\Program Files\Common Files\Symantec Shared\Script Blocking\scrauth.dll] (Symantec Corporation)(11.0.9.16) [C:\Program Files\Common Files\Symantec Shared\Script Blocking\ScrBlock.dll] (Symantec Corporation)(11.0.9.16) [C:\Program Files\Common Files\Symantec Shared\ccL30.dll] (Symantec Corporation)(103.0.6.5) [C:\Program Files\Common Files\Symantec Shared\ccVrTrst.dll] (Symantec Corporation)(103.0.6.5) [C:\WINDOWS\system32\Macromed\Flash\Flash8b.ocx] (Macromedia, Inc.)(8,0,24,0) [C:\WINDOWS\system32\Macromed\Common\SwSupport.dll] (Macromedia, Inc.)(10.1r11) [PID: 1256][C:\Program Files\Yahoo!\Messenger\YPager.exe] (N/A)(N/A) [C:\Program Files\Yahoo!\Messenger\idle.dll] (Yahoo! Inc.)(1, 0, 0, 2) [C:\Program Files\Yahoo!\Messenger\ygxa_2.dll] (Yahoo! Inc.)(2004, 2, 19, 1) [C:\Program Files\Yahoo!\Messenger\pcre.dll] (Pcre)(3.9) [C:\Program Files\Yahoo!\Messenger\YML.dll] (N/A)(3, 0, 0, 2) [C:\Program Files\Yahoo!\Messenger\YImage.dll] (Yahoo! Inc.)(1, 0, 0, 1) [C:\Program Files\Yahoo!\Messenger\xmlparse.dll] (N/A)(N/A) [C:\Program Files\Yahoo!\Messenger\xmltok.dll] (N/A)(N/A) [C:\WINDOWS\system32\pKerme123.dll] (N/A)(N/A) [C:\Program Files\Yahoo!\Messenger\ft60.dll] (Yahoo! Inc.)(1.0.0.4) [C:\Program Files\Yahoo!\Messenger\res_msgr.dll] (Yahoo! Inc.)(6, 0, 0, 1610) [C:\Program Files\Yahoo!\Shared\YbSkin2.dll] (Yahoo! Inc.)(2005, 6, 3, 1) [C:\Program Files\Yahoo!\Messenger\MyYahoo.dll] (Yahoo! Inc.)(6, 0, 0, 600) [C:\Program Files\Yahoo!\Messenger\D32-FW.DLL] (Distinct Corporation)(3.4.6) [C:\WINDOWS\system32\icm32.dll] (Microsoft Corporation)(5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)) [C:\WINDOWS\system32\Macromed\Flash\Flash8b.ocx] (Macromedia, Inc.)(8,0,24,0) [C:\WINDOWS\system32\Macromed\Common\SwSupport.dll] (Macromedia, Inc.)(10.1r11) [C:\WINDOWS\system32\fzgdll.dll] (N/A)(N/A) [C:\WINDOWS\system32\mprxpau.dll] (N/A)(N/A) [C:\Program Files\Yahoo!\Messenger\yvoicesm.dll] (N/A)(1, 0, 201, 1) [C:\Program Files\Yahoo!\Messenger\yvoiceui.dll] (N/A)(N/A) [C:\Program Files\Yahoo!\Messenger\yaudiomgr.dll] (N/A)(1, 0, 200, 1) [C:\Program Files\Yahoo!\Messenger\yxtldr.dll] (N/A)(1, 0, 200, 1) [C:\Program Files\Yahoo!\Messenger\rvsip.dll] (RADVISION)(3.1.1.30) [C:\Program Files\Yahoo!\Messenger\rvcommon.dll] (RADVISION)(1.0.18) [C:\Program Files\Yahoo!\Messenger\rvads.dll] (RADVISION)(3.1.1.30) [C:\Program Files\Yahoo!\Messenger\rvsdp.dll] (RADVISION)() [C:\Program Files\Yahoo!\Messenger\yv_res.dll] (N/A)(N/A) [C:\Program Files\Yahoo!\Messenger\eyeBeamAsDLL.dll] (N/A)(N/A) [C:\Program Files\Yahoo!\Messenger\AEC_PC_DLL.dll] (N/A)(N/A) [C:\Program Files\Yahoo!\Shared\YAlertCenter.dll] (Yahoo! Inc.)(2004, 10, 20, 1) [PID: 3132][C:\Program Files\Internet Explorer\iexplore.exe] (Microsoft Corporation)(6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)) [C:\WINDOWS\system32\pKerme123.dll] (N/A)(N/A) [C:\Program Files\Norton AntiVirus\NavShExt.dll] (Symantec Corporation)(11.0.9.16) [C:\Program Files\Common Files\Symantec Shared\ccL30.dll] (Symantec Corporation)(103.0.6.5) [C:\WINDOWS\system32\fzgdll.dll] (N/A)(N/A) [C:\Program Files\Yahoo!\Messenger\idle.dll] (Yahoo! Inc.)(1, 0, 0, 2) [C:\WINDOWS\system32\mprxpau.dll] (N/A)(N/A) [C:\Program Files\Common Files\Symantec Shared\Script Blocking\scrauth.dll] (Symantec Corporation)(11.0.9.16) [C:\Program Files\Common Files\Symantec Shared\Script Blocking\ScrBlock.dll] (Symantec Corporation)(11.0.9.16) [C:\Program Files\Common Files\Symantec Shared\ccVrTrst.dll] (Symantec Corporation)(103.0.6.5) [C:\WINDOWS\system32\Macromed\Flash\Flash8b.ocx] (Macromedia, Inc.)(8,0,24,0) [PID: 2104][C:\Program Files\WinRAR\WinRAR.exe] (N/A)(N/A) [C:\WINDOWS\system32\pKerme123.dll] (N/A)(N/A) [C:\WINDOWS\system32\fzgdll.dll] (N/A)(N/A) [C:\Program Files\Yahoo!\Messenger\idle.dll] (Yahoo! Inc.)(1, 0, 0, 2) [PID: 3564][C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\Rar$EX00.566\SREng2\SREng.exe] (Smallfrogs Studio)(2.0.21.505) [C:\WINDOWS\system32\pKerme123.dll] (N/A)(N/A) [C:\WINDOWS\system32\fzgdll.dll] (N/A)(N/A) [C:\Program Files\Yahoo!\Messenger\idle.dll] (Yahoo! Inc.)(1, 0, 0, 2) [C:\WINDOWS\system32\mprxpau.dll] (N/A)(N/A)

	送花文章: 40448, 收花文章: 4182 篇, 收花: 26564 次

2006-06-13, 01:25 PM	#6 (permalink)
放下是真功夫長老會員榮譽勳章勳章總數12 UID - 2441 在線等級: 註冊日期: 2002-12-06 住址: 傻瓜花園文章: 4785 精華: 0 現金: 1405 金幣資產: 733785 金幣	File Associations .TXT OK. [%SystemRoot%\system32\NOTEPAD.EXE %1] .EXE OK. ["%1" %] .COM OK. ["%1" %] .PIF OK. ["%1" %] .REG OK. [regedit.exe "%1"] .BAT OK. ["%1" %] .SCR OK. ["%1" /S] .CHM OK. ["C:\WINDOWS\hh.exe" %1] .HLP OK. [%SystemRoot%\System32\winhlp32.exe %1] .INI OK. [%SystemRoot%\System32\NOTEPAD.EXE %1] .INF OK. [%SystemRoot%\System32\NOTEPAD.EXE %1] .VBS OK. [%SystemRoot%\System32\WScript.exe "%1" %] .JS OK. [%SystemRoot%\System32\WScript.exe "%1" %] .LNK OK. [{00021401-0000-0000-C000-000000000046}] -------------------------------------------------------------------------------- Winsock Provider

	送花文章: 40448, 收花文章: 4182 篇, 收花: 26564 次

Google 提供的廣告