我的电脑中什么毒了,怎么局域网内其他用户频繁收到我的数据包啊。
跟我一个局域网的用户频繁拦截到我的电脑发出的数据包,但是我的电脑没有任何中毒症状,用sreng扫描只说有两个隐藏进程,大家帮我看看我的扫描日志:[CODE]
2008-08-21,17:44:01
System Repair Engineer 2.6.11.992
Smallfrogs ([url=http://www.KZTechs.com]http://www.KZTechs.com[/url])
Windows 2000 Professional Service Pack 4 (Build 2195) - 管理权限用户 - 完整功能
以下内容被选中:
所有的启动项目(包括注册表、启动文件夹、服务等)
浏览器加载项
正在运行的进程(包括进程模块信息)
文件关联
Winsock 提供者
Autorun.inf
HOSTS 文件
进程特权扫描
启动项目
注册表
[HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows]
<load><> [N/A]
<run><> [N/A]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
<EQSysSecure><C:\Program Files\EQSysSecure\EQSysSecure.exe /background> [EQSecure]
<Synchronization Manager><mobsync.exe /logon> [(Verified)Microsoft Windows 2000 Publisher]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
<shell><Explorer.exe> [(Verified)Microsoft Windows 2000 Publisher]
<Userinit><C:\WINNT\system32\userinit.exe,> [(Verified)Microsoft Windows 2000 Publisher]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Windows]
<AppInit_DLLs><> [N/A]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\klogon]
<WinlogonNotify: klogon><C:\WINNT\system32\klogon.dll> [(Verified)Kaspersky Lab]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\>{26923b43-4d38-484f-9b9e-de460746276c}]
<Internet Explorer 访问><"C:\WINNT\system32\shmgrate.exe" OCInstallUserConfigIE> [File is missing]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\>{881dd1c5-3dcf-431b-b061-f3f88e8be88a}]
<Outlook Express 访问><"C:\WINNT\system32\shmgrate.exe" OCInstallUserConfigOE> [File is missing]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{44BBA840-CC51-11CF-AAFA-00AA00B6015C}]
<Microsoft Outlook Express 6><"%ProgramFiles%\Outlook Express\setup50.exe" /APP:OE /CALLER:WINNT /user /install> [File is missing]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{44BBA842-CC51-11CF-AAFA-00AA00B6015B}]
<NetMeeting 3.01><rundll32.exe advpack.dll,LaunchINFSection C:\WINNT\INF\msnetmtg.inf,NetMtg.Install.PerUser.NT> [(Verified)Microsoft Windows 2000 Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{6BF52A52-394A-11d3-B153-00C04F79FAA6}]
<Microsoft Windows Media Player><rundll32.exe advpack.dll,LaunchINFSection C:\WINNT\INF\wmp.inf,PerUserStub> []
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{7790769C-0471-11d2-AF11-00C04FA35D02}]
<Address Book 5><"%ProgramFiles%\Outlook Express\setup50.exe" /APP:WAB /CALLER:WINNT /user /install> [File is missing]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{89B4C1CD-B018-4511-B0A1-5476DBF70820}]
<N/A><C:\WINNT\system32\Rundll32.exe C:\WINNT\system32\mscories.dll,Install> [Microsoft Corporation]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{9EF0045A-CDD9-438e-95E6-02B9AFEC8E11}]
<CRLUpdate><%SystemRoot%\system32\updcrl.exe -e -u %SystemRoot%\system32\verisignpub1.crl> [File is missing]
==================================
启动文件夹
N/A
==================================
服务
[Logical Disk Manager Administrative Service / dmadmin][Stopped/Manual Start]
<C:\WINNT\System32\dmadmin.exe /com><VERITAS Software Corp.>
[Eset HTTP Server / EhttpSrv][Stopped/Disabled]
<"C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe"><(File is missing)>
[EQService / EQService][Running/Auto Start]
<C:\Program Files\EQSysSecure\EQService.exe><EQSecure>
[InstallDriver Table Manager / IDriverT][Stopped/Manual Start]
<"C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe"><Macrovision Corporation>
[InterBase Guardian / InterBaseGuardian][Stopped/Manual Start]
<C:\Program Files\Borland\InterBase\bin\ibguard.exe><Borland Software Corporation>
[InterBase Server / InterBaseServer][Stopped/Manual Start]
<C:\Program Files\Borland\InterBase\bin\ibserver.exe><Borland Software Corporation>
[MATLAB Server / matlabserver][Running/Auto Start]
<C:\MATLAB6p5\webserver\bin\win32\matlabserver.exe><N/A>
[MSSQL$HXG / MSSQL$HXG][Stopped/Manual Start]
<f:\PROGRA~1\MICROS~1\MSSQL$~1\binn\sqlservr.exe -sHXG><Microsoft Corporation>
[MSSQLServerADHelper / MSSQLServerADHelper][Stopped/Manual Start]
<C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqladhlp.exe><Microsoft Corporation>
[Remote Packet Capture Protocol v.0 (experimental) / rpcapd][Stopped/Manual Start]
<"C:\Program Files\WinPcap\rpcapd.exe" -d -f "C:\Program Files\WinPcap\rpcapd.ini"><N/A>
[SQLAgent$HXG / SQLAgent$HXG][Stopped/Manual Start]
<f:\PROGRA~1\MICROS~1\MSSQL$~1\binn\sqlagent.exe -i HXG><Microsoft Corporation>
[User Profile Hive Cleanup / UPHClean][Stopped/Manual Start]
<C:\Program Files\UPHClean\uphclean.exe><Microsoft Corporation>
[Portable Media Serial Number Service / WmdmPmSN][Stopped/Manual Start]
<C:\WINNT\System32\svchost.exe -k netsvcs-->C:\WINNT\system32\mspmsnsv.dll><Microsoft Corporation>
==================================
驱动程序
[Service for Realtek AC97 Audio (WDM) / ALCXWDM][Running/Manual Start]
<system32\drivers\ALCXWDM.SYS><Realtek Semiconductor Corp.>
[Cypress Generic USB Driver / CyUsb][Stopped/Manual Start]
<System32\Drivers\CyUsb.sys><N/A>
[dmboot / dmboot][Stopped/Disabled]
<System32\drivers\dmboot.sys><VERITAS Software Corp.>
[Logical Disk Manager Driver / dmio][Running/Boot Start]
<\SystemRoot\System32\drivers\dmio.sys><VERITAS Software Corp.>
[dmload / dmload][Running/Boot Start]
<\SystemRoot\System32\drivers\dmload.sys><VERITAS Software Corp.>
[eamon / eamon][Running/Auto Start]
<system32\DRIVERS\eamon.sys><ESET>
[easdrv / easdrv][Running/System Start]
<system32\DRIVERS\easdrv.sys><ESET>
[epfwtdir / epfwtdir][Running/System Start]
<system32\DRIVERS\epfwtdir.sys><N/A>
[EQSysSecure / EQSysSecure][Running/System Start]
<\??\C:\WINNT\system32\drivers\EQSysSecure.sys><EQSecure>
[ialm / ialm][Running/Manual Start]
<system32\DRIVERS\ialmnt5.sys><Intel Corporation>
[KAVBootC / KAVBootC][Stopped/Boot Start]
<\SystemRoot\system32\Drivers\KAVBootC.sys><Kingsoft Corporation>
[KAVSafe / KAVSafe][Stopped/Auto Start]
<\??\C:\WINNT\system32\Drivers\KAVSafe.sys><Kingsoft Corporation>
[kl1 / kl1][Running/Boot Start]
<\SystemRoot\system32\drivers\kl1.sys><Kaspersky Lab>
[KLIF / KLIF][Running/System Start]
<\??\C:\WINNT\system32\drivers\klif.sys><Kaspersky Lab>
[Kaspersky Anti-Virus NDIS Filter / klim5][Running/Manual Start]
<system32\DRIVERS\klim5.sys><Kaspersky Lab>
[MINICD / MINICD][Running/Auto Start]
<system32\DRIVERS\minicd.sys><[url=http://www.138soft.com]http://www.138soft.com[/url]>
[NetGroup Packet Filter Driver / NPF][Stopped/Manual Start]
<system32\drivers\npf.sys><Politecnico di Torino>
[PCANDIS5 Protocol Driver / PCANDIS5][Stopped/Manual Start]
<\??\C:\WINNT\system32\PCANDIS5.SYS><Printing Communications Assoc., Inc. (PCAUSA)>
[ProSecur / ProSecur][Stopped/Auto Start]
<\??\F:\Program Files\ProSecurity\ProSecur.sys><N/A>
[Direct Parallel Link Driver / Ptilink][Running/Manual Start]
<system32\DRIVERS\ptilink.sys><Parallel Technologies, Inc.>
[Realtek RTL8139-based PCI Fast Ethernet Adapter NT Driver / rtl8139][Running/Manual Start]
<system32\DRIVERS\RTL8139.SYS><Realtek Semiconductor Corporation>
[sptd / sptd][Running/Boot Start]
<\SystemRoot\System32\Drivers\sptd.sys><N/A>
[st324bus / st324bus][Running/Manual Start]
<system32\DRIVERS\st324bus.sys><Generic>
[st324kj / st324kj][Running/Manual Start]
<system32\DRIVERS\st324kj.sys><Generic>
[TG2000 USB DRIVER / USBFORDEC][Stopped/Auto Start]
<System32\Drivers\usbfordec.sys><cypress semiconductor>
==================================
浏览器加载项
[IE7Pro BHO]
{00011268-E188-40DF-A514-835FCD78B1BF} <C:\Program Files\IEPro\iepro.dll, IE7Pro.com>
[ThunderAtOnce Class]
{01443AEC-0FD1-40fd-9C87-E93D1494C233} <C:\Program Files\Thunder Network\Thunder\ComDlls\TDAtOnce_Now.dll, Thunder Networking Technologies,LTD>
[AcroIEHlprObj Class]
{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} <F:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll, Adobe Systems Incorporated>
[Thunder Browser Helper]
{889D2FEB-5411-4565-8998-1DD2C5261283} <C:\Program Files\Thunder Network\Thunder\ComDlls\xunleiBHO_Now.dll, Thunder Networking Technologies,LTD>
[IE7Pro ToolsExt]
{0026439F-A980-4f18-8C95-4F1CBBF9C1D8} <C:\Program Files\IEPro\iepro.dll, IE7Pro.com>
[启动迅雷5]
{09BA8F6D-CB54-424B-839C-C2A6C8E6B436} <C:\Program Files\Thunder Network\Thunder\Thunder.exe, Thunder Networking Technologies,LTD>
[Web 反病毒统计]
{1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} <C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\SCIEPlgn.dll, Kaspersky Lab>
[番茄花园]
{6096E38F-5AC1-4391-8EC4-75DFA92FB32F} <[url=http://www.tomatolei.com]http://www.tomatolei.com[/url], N/A>
[易趣购物]
{BE9C13C3-9E46-4db1-BC05-BD8DA44599F2} <[url=http://adfarm.mediaplex.com/ad/ck/4080-22910-9640-151?cn=song;icon;hp&mpro=http://www.ebay.com.cn]http://adfarm.mediaplex.com/ad/ck/4080-22910-9640-151?cn=song;icon;hp&mpro=http://www.ebay.com.cn[/url], N/A>
[@shdoclc.dll,-866]
{c95fe080-8f5d-11d2-a20b-00aa003c157a} <, N/A>
[@msdxmLC.dll,-1@2052,电台(&R)]
{8E718888-423F-11D2-876E-00A0C9082467} <C:\WINNT\system32\msdxm.ocx, Microsoft Corporation>
[EditCtrl Class]
{488A4255-3236-44B3-8F27-FA1AECAA8844} <C:\WINNT\system32\aliedit\aliedit.dll, >
[UploadFilePartition Class]
{A877BA28-1F7E-4876-B299-50B3199A1A5D} <C:\WINNT\system32\TXGYMailActiveX.dll, Tencent Inc.>
[ScreenCapture Class]
{BFB79EE1-04AE-4D4A-B85E-27EE5F30C095} <C:\WINNT\system32\TXGYMailActiveX.dll, Tencent Inc.>
[PasswordEditCtrl Class]
{E787FD25-8D7C-4693-AE67-9406BC6E22DF} <C:\WINNT\system32\qqedit\qqedit.dll, 腾讯科技(深圳)有限公司>
[GerneralPeerID Class]
{0A47E819-F82E-4D5D-B806-6A9EA94D68CD} <C:\Program Files\Thunder Network\Thunder\Components\InMedia\peerid.dll, >
[Thunder Agent Class]
{485463B7-8FB2-4B3B-B29B-8B919B0EACCE} <C:\Program Files\Thunder Network\Thunder\ComDlls\ThunderAgent_Now.dll, Thunder Networking Technologies,LTD>
[XMP Class]
{6483F145-A768-4C41-AACC-52D4D7845851} <C:\Documents and Settings\All Users\Application Data\Thunder Network\KanKan\xplayer.dll_1_work, >
[XDRM]
{693571CB-54A3-4E90-9D52-EEAE1334E2D3} <C:\Documents and Settings\All Users\Application Data\Thunder Network\KanKan\xdrm.dll_1_work, >
[WangWangObj Class]
{6E213FC7-DD5A-4115-B7E6-D4C7838C361E} <C:\Program Files\Alisoft\WangWang\WangWangX6.dll, 阿里巴巴软件(上海)有限公司>
[MediaComm Class]
{7670648D-461B-42AF-BDFE-46D26AF5EFF2} <C:\Program Files\Thunder Network\Thunder\Components\InMedia\MediaAddin16.dll, Thunder Networking Technologies,LTD>
[RMGetLicense Class]
{A9FC132B-096D-460B-B7D5-1DB0FAE0C062} <C:\WINNT\system32\msnetobj.dll, Microsoft Corporation>
[DapCtrl COM Module]
{ACACC6EB-1FBA-4E13-A729-53AEB2DF54F8} <C:\Program Files\Common Files\Thunder Network\KanKan\DapCtrl.1.6.5711.41.206.dll, ShenZhen Thunder Networking Technologies Ltd.>
[Thunder DapPlayer]
{EEDD6FF9-13DE-496B-9A1C-D78B3215E266} <C:\Program Files\Thunder Network\Thunder\Components\DownAndPlay\DapPlayer3.0.5712.71.205.dll, ShenZhen Thunder Networking Technologies Ltd.>
[XPPlayer Class]
{F3E70CEA-956E-49CC-B444-73AFE593AD7F} <C:\Documents and Settings\All Users\Application Data\Thunder Network\KanKan\pplayer.dll_1_work, Thunder>
[&U使用纳米机器人下载并收藏]
<C:\Program Files\NamiRobot\Data\du.html, N/A>
[使用迅雷下载]
<C:\Program Files\Thunder Network\Thunder\Program\geturl.htm, N/A>
[使用迅雷下载全部链接]
<C:\Program Files\Thunder Network\Thunder\Program\getallurl.htm, N/A>
[导出到 Microsoft Office Excel(&X)]
<res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000, N/A>
==================================
正在运行的进程
[PID: 252][\SystemRoot\System32\smss.exe] [Microsoft Corporation, 5.00.2195.6601]
[PID: 276][\??\C:\WINNT\system32\csrss.exe] [Microsoft Corporation, 5.00.2195.6601]
[PID: 272][\??\C:\WINNT\system32\winlogon.exe] [Microsoft Corporation, 5.00.2195.6997]
[C:\WINNT\system32\klogon.dll] [Kaspersky Lab, 7.0.0.125]
[PID: 324][C:\WINNT\system32\services.exe] [Microsoft Corporation, 5.00.2195.7035]
[C:\WINNT\system32\dmserver.dll] [VERITAS Software Corp., 2195.6605.297.3]
[C:\WINNT\system32\w2pxdrv.dll] [Proxy Labs, 2, 0, 1, 1]
[PID: 336][C:\WINNT\system32\lsass.exe] [Microsoft Corporation, 5.00.2195.7011]
[C:\WINNT\system32\w2pxdrv.dll] [Proxy Labs, 2, 0, 1, 1]
[PID: 580][C:\MATLAB6p5\webserver\bin\win32\matlabserver.exe] [N/A, ]
[c:\matlab6p5\bin\win32\libeng.dll] [The MathWorks Inc., 6.5.0.180913a]
[c:\matlab6p5\bin\win32\libut.dll] [The MathWorks Inc., 6.5.0.180913a]
[c:\matlab6p5\bin\win32\libmx.dll] [The MathWorks Inc., 6.5.0.180913a]
[C:\WINNT\system32\w2pxdrv.dll] [Proxy Labs, 2, 0, 1, 1]
[c:\matlab6p5\bin\win32\mwoles05.dll] [N/A, ]
[c:\matlab6p5\bin\win32\libmex.dll] [The MathWorks Inc., 6.5.0.180913a]
[c:\matlab6p5\bin\win32\libmwservices.dll] [The MathWorks Inc., 6.5.0.180913a]
[c:\matlab6p5\bin\win32\mpath.dll] [The MathWorks Inc., 6.5.0.180913a]
[c:\matlab6p5\bin\win32\m_interpreter.dll] [The MathWorks Inc., 6.5.0.181260]
[c:\matlab6p5\bin\win32\libmat.dll] [The MathWorks Inc., 6.5.0.180913a]
[c:\matlab6p5\bin\win32\mlib.dll] [N/A, ]
[c:\matlab6p5\bin\win32\m_pcodeio.dll] [The MathWorks Inc., 6.5.0.180913a]
[c:\matlab6p5\bin\win32\m_ir.dll] [The MathWorks Inc., 6.5.0.180913a]
[c:\matlab6p5\bin\win32\m_parser.dll] [The MathWorks Inc., 6.5.0.180913a]
[c:\matlab6p5\bin\win32\m_pcodegen.dll] [The MathWorks Inc., 6.5.0.180913a]
[c:\matlab6p5\bin\win32\m_dispatcher.dll] [The MathWorks Inc., 6.5.0.180913a]
[c:\matlab6p5\bin\win32\hg.dll] [The MathWorks Inc., 6.5.0.180913a]
[c:\matlab6p5\bin\win32\numerics.dll] [The MathWorks Inc., 6.5.0.181030a]
[c:\matlab6p5\bin\win32\libmwlapack.dll] [N/A, ]
[c:\matlab6p5\bin\win32\libmwfftw.dll] [N/A, ]
[c:\matlab6p5\bin\win32\libmwumfpack.dll] [N/A, ]
[c:\matlab6p5\bin\win32\udd.dll] [The MathWorks Inc., 6.5.0.180913a]
[c:\matlab6p5\bin\win32\uiw.dll] [The MathWorks Inc., 6.5.0.180913a]
[c:\matlab6p5\bin\win32\matlab.exe] [The MathWorks Inc., 6.0.0.180601]
[c:\matlab6p5\bin\win32\dastudio.dll] [N/A, ]
[c:\matlab6p5\bin\win32\glee.dll] [N/A, ]
[c:\matlab6p5\bin\win32\jmi.dll] [The MathWorks Inc., 6.5.0.181035]
[c:\matlab6p5\bin\win32\simulink.dll] [The MathWorks Inc., 5.0.0.181371]
[c:\matlab6p5\bin\win32\libmwbuiltins.dll] [The MathWorks Inc., 6.5.0.180913a]
[c:\matlab6p5\bin\win32\cg_ir.dll] [The MathWorks Inc., 1.0.0.0]
[c:\matlab6p5\bin\win32\libfixedpoint.dll] [N/A, ]
[c:\matlab6p5\bin\win32\hardcopy.dll] [The MathWorks Inc., 6.5.0.180913a]
[c:\matlab6p5\bin\win32\gui.dll] [The MathWorks Inc., 6.5.0.180913a]
[c:\matlab6p5\bin\win32\sl_solver.dll] [N/A, ]
[c:\matlab6p5\bin\win32\MFC42.DLL] [Microsoft Corporation, 6.00.8267.0]
[c:\matlab6p5\bin\win32\udd_mi.dll] [The MathWorks Inc., 6.5.0.180913a]
[c:\matlab6p5\bin\win32\comcli.dll] [N/A, ]
[c:\matlab6p5\bin\win32\mclcom.dll] [N/A, ]
[c:\matlab6p5\bin\win32\atlas_P4.dll] [N/A, ]
[c:\matlab6p5\bin\win32\lapack.dll] [N/A, ]
[c:\matlab6p5\bin\win32\DFORRT.dll] [Digital Equipment Corporation, 6.0 - 575] [PID: 640][C:\WINNT\system32\regsvc.exe] [Microsoft Corporation, 5.00.2195.6701]
[PID: 652][C:\WINNT\system32\svchost.exe] [Microsoft Corporation, 5.00.2134.1]
[C:\WINNT\system32\w2pxdrv.dll] [Proxy Labs, 2, 0, 1, 1]
[PID: 672][C:\WINNT\system32\svchost.exe] [Microsoft Corporation, 5.00.2134.1]
[C:\WINNT\system32\w2pxdrv.dll] [Proxy Labs, 2, 0, 1, 1]
[PID: 704][C:\WINNT\system32\svchost.exe] [Microsoft Corporation, 5.00.2134.1]
[PID: 744][c:\matlab6p5\bin\win32\matlab.exe] [The MathWorks Inc., 6.0.0.180601]
[c:\matlab6p5\bin\win32\mwoles05.dll] [N/A, ]
[c:\matlab6p5\bin\win32\libut.dll] [The MathWorks Inc., 6.5.0.180913a]
[c:\matlab6p5\bin\win32\libmx.dll] [The MathWorks Inc., 6.5.0.180913a]
[c:\matlab6p5\bin\win32\libmex.dll] [The MathWorks Inc., 6.5.0.180913a]
[c:\matlab6p5\bin\win32\libmwservices.dll] [The MathWorks Inc., 6.5.0.180913a]
[c:\matlab6p5\bin\win32\mpath.dll] [The MathWorks Inc., 6.5.0.180913a]
[c:\matlab6p5\bin\win32\m_interpreter.dll] [The MathWorks Inc., 6.5.0.181260]
[c:\matlab6p5\bin\win32\libmat.dll] [The MathWorks Inc., 6.5.0.180913a]
[c:\matlab6p5\bin\win32\mlib.dll] [N/A, ]
[c:\matlab6p5\bin\win32\m_pcodeio.dll] [The MathWorks Inc., 6.5.0.180913a]
[c:\matlab6p5\bin\win32\m_ir.dll] [The MathWorks Inc., 6.5.0.180913a]
[c:\matlab6p5\bin\win32\m_parser.dll] [The MathWorks Inc., 6.5.0.180913a]
[c:\matlab6p5\bin\win32\m_pcodegen.dll] [The MathWorks Inc., 6.5.0.180913a]
[c:\matlab6p5\bin\win32\m_dispatcher.dll] [The MathWorks Inc., 6.5.0.180913a]
[c:\matlab6p5\bin\win32\hg.dll] [The MathWorks Inc., 6.5.0.180913a]
[c:\matlab6p5\bin\win32\numerics.dll] [The MathWorks Inc., 6.5.0.181030a]
[c:\matlab6p5\bin\win32\libmwlapack.dll] [N/A, ]
[c:\matlab6p5\bin\win32\libmwfftw.dll] [N/A, ]
[c:\matlab6p5\bin\win32\libmwumfpack.dll] [N/A, ]
[c:\matlab6p5\bin\win32\udd.dll] [The MathWorks Inc., 6.5.0.180913a]
[c:\matlab6p5\bin\win32\uiw.dll] [The MathWorks Inc., 6.5.0.180913a]
[c:\matlab6p5\bin\win32\gui.dll] [The MathWorks Inc., 6.5.0.180913a]
[c:\matlab6p5\bin\win32\simulink.dll] [The MathWorks Inc., 5.0.0.181371]
[c:\matlab6p5\bin\win32\libmwbuiltins.dll] [The MathWorks Inc., 6.5.0.180913a]
[c:\matlab6p5\bin\win32\cg_ir.dll] [The MathWorks Inc., 1.0.0.0]
[c:\matlab6p5\bin\win32\libfixedpoint.dll] [N/A, ]
[c:\matlab6p5\bin\win32\glee.dll] [N/A, ]
[c:\matlab6p5\bin\win32\jmi.dll] [The MathWorks Inc., 6.5.0.181035]
[c:\matlab6p5\bin\win32\dastudio.dll] [N/A, ]
[c:\matlab6p5\bin\win32\hardcopy.dll] [The MathWorks Inc., 6.5.0.180913a]
[c:\matlab6p5\bin\win32\sl_solver.dll] [N/A, ]
[c:\matlab6p5\bin\win32\MFC42.DLL] [Microsoft Corporation, 6.00.8267.0]
[c:\matlab6p5\bin\win32\mclcom.dll] [N/A, ]
[c:\matlab6p5\bin\win32\udd_mi.dll] [The MathWorks Inc., 6.5.0.180913a]
[c:\matlab6p5\bin\win32\comcli.dll] [N/A, ]
[c:\matlab6p5\bin\win32\atlas_P4.dll] [N/A, ]
[c:\matlab6p5\bin\win32\lapack.dll] [N/A, ]
[c:\matlab6p5\bin\win32\DFORRT.dll] [Digital Equipment Corporation, 6.0 - 575]
[c:\matlab6p5\sys\java\jre\win32\jre\bin\hotspot\jvm.dll] [N/A, ]
[c:\matlab6p5\sys\java\jre\win32\jre\bin\hpi.dll] [N/A, ]
[c:\matlab6p5\sys\java\jre\win32\jre\bin\verify.dll] [N/A, ]
[c:\matlab6p5\sys\java\jre\win32\jre\bin\java.dll] [N/A, ]
[c:\matlab6p5\sys\java\jre\win32\jre\bin\zip.dll] [N/A, ]
[C:\MATLAB6p5\sys\java\jre\win32\jre\bin\awt.dll] [N/A, ]
[C:\MATLAB6p5\sys\java\jre\win32\jre\bin\fontmanager.dll] [N/A, ]
[C:\WINNT\system32\ialmgicd.dll] [Intel Corporation, 6.14.10.4342]
[C:\WINNT\system32\ialmgdev.dll] [Intel Corporation, 6.14.10.4342]
[C:\MATLAB6p5\bin\win32\nativejava.dll] [N/A, ]
[c:\matlab6p5\bin\win32\glren.dll] [The MathWorks Inc., 6.0.0.180913a]
[PID: 752][C:\WINNT\system32\MSTask.exe] [Microsoft Corporation, 4.71.2195.6972]
[C:\WINNT\system32\w2pxdrv.dll] [Proxy Labs, 2, 0, 1, 1]
[PID: 840][C:\WINNT\System32\WBEM\WinMgmt.exe] [Microsoft Corporation, 1.50.1085.0100]
[PID: 960][C:\WINNT\Explorer.EXE] [Microsoft Corporation, 5.00.3700.6690]
[C:\Program Files\EQSysSecure\EQSandBoxUI.dll] [EQSecure, 2008, 3, 1, 2]
[C:\WINNT\system32\igfxpph.dll] [Intel Corporation, 3.0.0.4342]
[C:\WINNT\system32\hccutils.DLL] [Intel Corporation, 3.0.0.4342]
[C:\WINNT\system32\igfxres.dll] [Intel Corporation, 3.0.0.4342]
[C:\WINNT\system32\igfxsrvc.dll] [Intel Corporation, 3.0.0.4342]
[C:\WINNT\system32\igfxdev.dll] [Intel Corporation, 3.0.0.4342]
[C:\Documents and Settings\Administrator\桌面\超级清理\Erasext.dll] [, 1.0.1.2]
[C:\Documents and Settings\Administrator\桌面\超级清理\ERASER.dll] [, 0.0.1.2]
[C:\Program Files\Thunder Network\Thunder\ComDlls\TDAtOnce_Now.dll] [Thunder Networking Technologies,LTD, 1.0.5.29]
[F:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll] [Adobe Systems Incorporated, 7.0.5.2005092300]
[C:\WINNT\system32\MSVCR71.dll] [Microsoft Corporation, 7.10.3052.4]
[C:\Program Files\Thunder Network\Thunder\ComDlls\xunleiBHO_Now.dll] [Thunder Networking Technologies,LTD, 5, 0, 8, 96]
[C:\Program Files\Thunder Network\Thunder\Components\ResWorker\DsBho_00.dll] [Thunder Networking Technologies,LTD, 1, 0, 0, 19]
[C:\WINNT\system32\MSVCP60.dll] [Microsoft Corporation, 6.02.3104.0]
[C:\Program Files\Thunder Network\Thunder\Components\ResWorker\DataProcessor_00.dll] [Thunder Networking Technologies,LTD, 1, 0, 0, 16]
[F:\Program Files\Adobe\Acrobat 7.0\ActiveX\PDFShell.dll] [Adobe Systems, Inc., 7.0.0.0]
[PID: 932][F:\杀软\SREngLdr.EXE] [Smallfrogs Studio, 2.6.11.992]
[PID: 716][F:\杀软\SRE68b46ab8.EXE] [Smallfrogs Studio, 2.6.11.992]
[C:\Program Files\EQSysSecure\EQSandBoxUI.dll] [EQSecure, 2008, 3, 1, 2]
[F:\杀软\Upload\3rdUpd.DLL] [Smallfrogs Studio, 2, 1, 0, 15]
==================================
文件关联
.TXT Error. [C:\WINNT\system32\notepad.exe %1]
.EXE OK. ["%1" %*]
.COM OK. ["%1" %*]
.PIF OK. ["%1" %*]
.REG OK. [regedit.exe "%1"]
.BAT OK. ["%1" %*]
.SCR OK. ["%1" /S]
.CHM Error. ["hh.exe" %1]
.HLP OK. [%SystemRoot%\System32\winhlp32.exe %1]
.INI Error. [UltraEdit.ini]
.INF OK. [%SystemRoot%\System32\NOTEPAD.EXE %1]
.VBS OK. [%SystemRoot%\System32\WScript.exe "%1" %*]
.JS Error. [UltraEdit.js]
.LNK OK. [{00021401-0000-0000-C000-000000000046}]
==================================
Winsock 提供者
PROXYCAP MSAFD Tcpip [TCP/IP]
w2pxdrv.dll(Proxy Labs, Winsock2 Proxy Driver)
PROXYCAP MSAFD Tcpip [UDP/IP]
w2pxdrv.dll(Proxy Labs, Winsock2 Proxy Driver)
PROXYCAP MSAFD Tcpip [RAW/IP]
w2pxdrv.dll(Proxy Labs, Winsock2 Proxy Driver)
PROXYCAP RSVP UDP Service Provider
w2pxdrv.dll(Proxy Labs, Winsock2 Proxy Driver)
PROXYCAP RSVP TCP Service Provider
w2pxdrv.dll(Proxy Labs, Winsock2 Proxy Driver)
PROXYCAP LSP
w2pxdrv.dll(Proxy Labs, Winsock2 Proxy Driver)
==================================
Autorun.inf
N/A
==================================
HOSTS 文件
N/A
==================================
进程特权扫描
N/A
==================================
API HOOK
N/A
==================================
隐藏进程
[521] C:\Program Files\EQSysSecure\EQService.exe
[1033] C:\Program Files\EQSysSecure\EQSysSecure.exe
==================================
[/CODE] 很有可能。。。ARP攻击。。。 顶楼上~~~~~~~~~~~~ 用ARP定位一下 看看是不是中毒了先
页:
[1]