IE劫持，系统缓慢。 bbs.ikaka.com

4706634 - 2006-10-4 14:58:00

System Repair Engineer 2.2.6.605
Smallfrogs (http://www.KZTechs.com)

Windows XP Professional Service Pack 1 (Build 2600)
- Administrative User - Completed Functions Allowed

Follow item(s) have been choosed:
All Boot Items (Including Registry, Startup Folders, Services and so on)
Browser Add-ons
Runing Processes (Including process model information)
File Associations
Winsock Provider
Autorun.Inf
HOSTS File

Boot Items
Registry
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
<Syss><; C:\DOCUME~1\w7880c\LOCALS~1\Temp\ehuupdate.exe> [Micorsoft EXE]
<MyShares><; c:\program Files\忆多多\MyShares.exe /tray> [N/A]
<MsnMsgr><; "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background> [N/A]
<MSMSGS><; "C:\Program Files\Messenger\MSMSGS.EXE" /background> [Microsoft Corporation]
<Realplayer.exe><C:\WINDOWS\System32\Realplayer.exe> [N/A]
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run]
<svhoost><C:\WINDOWS\System32\checksys.exe> [N/A]
[HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows]
<load><> [N/A]
<run><C:\WINDOWS\System32\checksys.exe> [N/A]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
<spoolsv><; > [N/A]
<YLive.exe><; C:\PROGRA~1\Yahoo!\ASSIST~1\YLive.exe> [N/A]
<yassistse><; "C:\PROGRA~1\Yahoo!\Assistant\yassistse.exe"> [N/A]
<xBarUpdate><; C:\Program Files\xBar\xBarUpdate.exe> [N/A]
<wdfmgr32><; C:\WINDOWS\System32\wdfmgr32.exe> [N/A]
<TkBellExe><"C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot> [RealNetworks, Inc.]
<RavMont><; C:\WINDOWS\System32\RavMon.exe> [China]
<PHIME2002ASync><; C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE /SYNC> [(Verified)Microsoft Corporation]
<PHIME2002A><; C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE /IMEName> [(Verified)Microsoft Corporation]
<KernelFaultCheck><; %systemroot%\system32\dumprep 0 -k> [N/A]
<iMookUpdate><; C:\iMookSetup_14-776.exe> [N/A]
<IMJPMIG8.1><; "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32> [(Verified)Microsoft Corporation]
<hxgame-update><; C:\Program Files\hxupdate\hxgame-update.exe> [N/A]
<HupooShell><"C:\HupShell.exe " > [Hupoo Tech]
<helper.dll><; C:\WINDOWS\system32\rundll32.exe C:\PROGRA~1\3721\helper.dll,Rundll32> []
<CnsMin><; Rundll32.exe C:\WINDOWS\DOWNLO~1\CnsMin.dll,Rundll32> [N/A]
<RichMedia><C:\WINDOWS\System32\Rundll32.exe "C:\PROGRA~1\pcast\hbcast.dll",WaitWindows> [Shanghai Henbang Technology Co., Ltd]
<Realplayer.exe><C:\WINDOWS\System32\Realplayer.exe> [N/A]
<svhoost><C:\WINDOWS\System32\checksys.exe> [N/A]
<CdnCtr><C:\Program Files\CNNIC\Cdn\cdnup.exe> [N/A]
<Desktop><C:\WINDOWS\System32\rundll32.exe "C:\Program Files\DeskAdTop\Run.dll" ,Rundll> [N/A]
<rundll32><rundll32 rscfg.dll s> [N/A]
<Torjan Program><C:\WINDOWS\WINLOGON.EXE> [lFVjBhx2wUsWKHo8Rznh]
<realtpsk><C:\WINDOWS\system\realsched.exe> [N/A]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run]
<DTService><rundll32.exe C:\WINDOWS\System32\soundmix.dll,Load> []
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
<shell><Explorer.exe 1> [N/A]
<Userinit><C:\WINDOWS\System32\Userinit.exe> [(Verified)Microsoft Corporation]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Windows]
<AppInit_DLLs><KB205910M.LOG> [N/A]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
<UIHost><logonui.exe> [(Verified)Microsoft Corporation]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
<{11760322-2400-4AC3-9605-6CAF086E809E}><C:\Program Files\Internet Explorer\PLUGINS\Windows.sys> [N/A]
<{99F1D023-7CEB-4586-80F7-BB1A98DB7602}><C:\Program Files\Internet Explorer\IEXPLORE.Sys> [N/A]
<{FEB94F5A-69F3-4645-8C2B-9E71D270AF2E}><C:\Program Files\Internet Explorer\IEXPLORE.Dat> [N/A]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
<DLMon><C:\WINDOWS\System32\DLMain.dll> [N/A]
<DVDBurn><C:\WINDOWS\Downloaded Program Files\AfxEdit.dll> [N/A]

==================================
Startup Folders
[腾讯QQ]
<C:\Documents and Settings\qch7154.DS\Start Menu\Programs\Startup\腾讯QQ.lnk --> C:\TDdownload\65421\QQ.exe [N/A]><N>

==================================
Services
[AutoUpgrade / AutoUpgrade]
<C:\WINDOWS\System32\svchost.exe -k AutoUpgrade-->c:\windows\system32\tasklist.dll><N/A>
[ClipBook / ClipSrv]
<C:\WINDOWS\system32\clipsrv.exe><N/A>
[COM+ Event System Helper / COMEventHelper]
<C:\WINDOWS\System32\svchost.exe -k COMEventHelper-->c:\windows\system32\comeventhelper.dll><Microsoft Corporation>
[SVCH0ST.EXE / Curity Center]
<C:\WINDOWS\system32\ver2006.exe><N/A>
[DameWare Mini Remote Control / DWMRCS]
<C:\WINDOWS\SYSTEM32\DWRCS.EXE -service><DameWare Development LLC>
[Ftp-Server / Ftp_Server_Admin]
<C:\WINDOWS\FtpServer.exe><N/A>
[Hummingbird Inetd / HCLInetd]
<C:\WINDOWS\System32\Hummbird\inetd32.exe><Hummingbird Communications Ltd.>
[Human Interface Device Access / HidServ]
<C:\WINDOWS\System32\svchost.exe -k netsvcs-->%SystemRoot%\System32\hidserv.dll><N/A>
[Spectrum24 Events Monitor / IPRIP]
<C:\WINDOWS\System32\svchost.exe -k netsvcs-->C:\WINDOWS\System32\acss.dll><LINKMEDIA Tech>
[NetMeeting Remote Desktop Agent / Nwsapagent]
<C:\WINDOWS\System32\svchost.exe -k netsvcs-->C:\WINDOWS\System32\Nwsapagent.dll><LINKMEDIA Tech>
[system / system ]
<C:\WINDOWS\system.exe><N/A>
[Windows_rejoice / Windows_rejoice]
<C:\Program Files\Common Files\Microsoft Shared\MSINFO\je2006_4.exe><N/A>

4706634 - 2006-10-4 15:15:00

==================================
Drivers
[57274246 / 57274246]
<\SystemRoot\System32\drivers\57274246.sys><N/A>
[Intel(r) 82801 Audio Driver Install Service (WDM) / ac97intc]
<system32\drivers\ac97intc.sys><Intel Corporation>
[atssse / atssse]
<\??\C:\WINDOWS\System32\sosdrp.sys><N/A>
[bhacfjeh / bhacfjeh]
<\??\C:\WINDOWS\system32\drivers\bhacfjeh.sys><N/A>
[cdnprot / cdnprot]
<\SystemRoot\system32\drivers\cdnprot.sys><中国互联网络信息中心(CNNIC)>
[ecejbffe / ecejbffe]
<\??\C:\WINDOWS\system32\drivers\ecejbffe.sys><N/A>
[3Com EtherLink XL 90XB/C Adapter Driver / EL90XBC]
<System32\DRIVERS\el90xbc5.sys><3Com Corporation>
[i81x / i81x]
<System32\DRIVERS\i81xnt5.sys><Intel Corporation>
[iAimFP0 / iAimFP0]
<System32\DRIVERS\wADV01nt.sys><Intel Corporation>
[iAimFP1 / iAimFP1]
<System32\DRIVERS\wADV02NT.sys><Intel Corporation>
[iAimFP2 / iAimFP2]
<System32\DRIVERS\wADV05NT.sys><Intel Corporation>
[iAimFP3 / iAimFP3]
<System32\DRIVERS\wSiINTxx.sys><Intel Corporation>
[iAimFP4 / iAimFP4]
<System32\DRIVERS\wVchNTxx.sys><Intel Corporation>
[iAimTV0 / iAimTV0]
<System32\DRIVERS\wATV01nt.sys><Intel Corporation>
[iAimTV1 / iAimTV1]
<System32\DRIVERS\wATV02NT.sys><Intel Corporation>
[iAimTV2 / iAimTV2]
<System32\DRIVERS\wATV03nt.sys><Intel Corporation>
[iAimTV3 / iAimTV3]
<System32\DRIVERS\wATV04nt.sys><Intel Corporation>
[iAimTV4 / iAimTV4]
<System32\DRIVERS\wCh7xxNT.sys><Intel Corporation>
[Netgroup Packet Filter / NPF]
<system32\drivers\npf.sys><CACE Technologies>
[npkcrypt / npkcrypt]
<\??\C:\TDdownload\65421\npkcrypt.sys><N/A>
[npkcusb / npkcusb]
<\??\D:\simulator\TM\TMDlls\npkcusb.sys><N/A>
[nwupspx / nwupspx]
<\SystemRoot\System32\drivers\nwupspx.sys><N/A>
[Padus ASPI Shell / pfc]
<system32\drivers\pfc.sys><Padus, Inc.>
[Direct Parallel Link Driver / Ptilink]
<System32\DRIVERS\ptilink.sys><Parallel Technologies, Inc.>
[Secdrv / Secdrv]
<System32\DRIVERS\secdrv.sys><N/A>
[USB Data Cable driver / vusbser]
<System32\DRIVERS\vusbser.sys><N/A>
[Sony Ericsson W550 driver (WDM) / w550bus]
<System32\DRIVERS\w550bus.sys><MCCI>
[Sony Ericsson W550 USB WMC Modem Filter / w550mdfl]
<System32\DRIVERS\w550mdfl.sys><MCCI>
[Sony Ericsson W550 USB WMC Modem Drivers / w550mdm]
<System32\DRIVERS\w550mdm.sys><MCCI>

==================================
Browser Add-ons
[ThunderIEHelper Class]
{0005A87D-D626-4B3A-84F9-1D9571695F55} <C:\WINDOWS\System32\xunleibho_v14.dll, Thunder Networking Technologies,LTD>
[IEMonitor Class]
{08A312BB-5409-49FC-9347-54BB7D069AC6} <C:\Program Files\DeskAdTop\deskipn.dll, >
[ChajianHelper Class]
{0CB66BA8-5E1F-4963-93D1-E1D6B78FE9A2} <C:\WINDOWS\System32\SYSREA~1.DLL, Kmedia>
[MyIEHelper Class]
{16B770A0-0E87-4278-B748-2460D64A8386} <C:\Documents and Settings\All Users\Application Data\Microsoft\IEHelper\IEHelper_5025.dll, N/A>
[raObject Class]
{46F194EB-B7DB-4B7A-BD42-5FF39FD17664} <C:\PROGRA~1\pcast\hbcast.dll, Shanghai Henbang Technology Co., Ltd>
[CdnForIE Class]
{5C3853CF-C7E0-4946-B3FA-1ABDB6F48108} <C:\PROGRA~1\CNNIC\Cdn\cdnforie.dll, CNNIC>
[DragSearch BHO]
{62EED7C6-9F02-42f9-B634-98E2899E147B} <C:\PROGRA~1\Yahoo!\ASSIST~1\assist\YDRAGS~1.DLL, N/A>
[BHOImp Class]
{70AFF2CB-9DA2-499C-8D15-900729FCE83D} <C:\WINDOWS\system32\YHBO.dll, YHBO>
[Status Class]
{7BDAF75A-0D6F-4F50-AFE9-333D08DF4005} <C:\Program Files\baigoo\BGooBHO.dll, >
[conimehlp Class]
{B10343BD-1DC6-442F-9BA2-D44C708CEE83} <C:\WINDOWS\System32\mskey32.dll, Microsoft>
[Macromedia. Flash8 Object]
{C61A70F3-505E-4B90-916F-627A8706B4BC} <C:\WINDOWS\system32\COMBoHEvent.dll, N/A>
[51导航]
{D271A289-57EB-4D0E-9131-A0CD25D4D1F8} <C:\WINDOWS\system32\browsewmzero.dll, N/A>
[InteSearch]
{EBBC6E6D-7B65-46be-B509-86CED2D17876} <C:\WINDOWS\system32\Inte.dll, N/A>
[Yahoo 1G mail]
{507F9113-CD77-4866-BA92-0E86DA3D0B97} <http://cn.zs.yahoo.com/cnsbutton.htm?source=cns&btn=yahoomail, N/A>
[E bazar]
{59BC54A2-56B3-44a0-93E5-432D58746E26} <http://cn.zs.yahoo.com/cnsbutton.htm?source=cns&btn=taobao, N/A>
[CdnForIE Class]
{5C3853CF-C7E0-4946-B3FA-1ABDB6F48108} <C:\PROGRA~1\CNNIC\Cdn\cdnforie.dll, CNNIC>
[Yahoo Assistant]
{5D73EE86-05F1-49ed-B850-E423120EC338} <http://cn.zs.yahoo.com/cnsbutton.htm?source=cns&btn=yassist, N/A>
[QQ]
{c95fe080-8f5d-11d2-a20b-00aa003c157b} <C:\TDdownload\65421\QQ.EXE, N/A>
[Instant Messenger]
{E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} <http://cn.zs.yahoo.com/cnsbutton.htm?source=cns&btn=yahoomsg, N/A>
[]
{ECF2E268-F28C-48d2-9AB7-8F69C11CCB71} <http://cn.zs.yahoo.com/cnsbutton.htm?source=cns&btn=repair, N/A>
[Messenger]
{FB5F1910-F110-11d2-BB9E-00C04F795683} <C:\Program Files\Messenger\MSMSGS.EXE, Microsoft Corporation>
[]
{FD00D911-7529-4084-9946-A29F1BDF4FE5} <http://cn.zs.yahoo.com/cnsbutton.htm?source=cns&btn=clean, N/A>
[&Radio]
{8E718888-423F-11D2-876E-00A0C9082467} <C:\WINDOWS\System32\msdxm.ocx, N/A>
[HBHelper.HBActivex]
{038318E8-0C2D-4DF5-A7AF-B4FB373F501E} <C:\WINDOWS\DOWNLO~1\hbhelper.dll, Shanghai Henbang Technology Co., Ltd>
[photo_uploader Control]
{A984ED9F-E8DA-44E5-BC18-C14B9ABEF79D} <C:\WINDOWS\DOWNLO~1\PHOTO_~1.OCX, N/A>
[Shockwave Flash Object]
{D27CDB6E-AE6D-11CF-96B8-444553540000} <C:\WINDOWS\System32\Macromed\Flash\Flash8b.ocx, Macromedia, Inc.>
[上传到QQ网络硬盘]
<C:\TDdownload\65421\AddToNetDisk.htm, N/A>
[使用迅雷下载]
<C:\Program Files\Thunder Network\Thunder\Program\GetUrl.htm, N/A>
[使用迅雷下载全部链接]
<C:\Program Files\Thunder Network\Thunder\Program\GetAllUrl.htm, N/A>
[发送到手机]
<C:\Program Files\xBar\xBar.htm, N/A>
[添加到QQ自定义面板]
<C:\TDdownload\65421\AddPanel.htm, N/A>
[添加到QQ表情]
<C:\TDdownload\65421\AddEmotion.htm, N/A>
[添加到雅虎收藏+]
<http://myweb.cn.yahoo.com/post.html?F=D2_A, N/A>
[用QQ彩信发送该图片]
<C:\TDdownload\65421\SendMMS.htm, N/A>
[访问通用网址]
<C:\Program Files\CNNIC\Cdn\cnnic.htm, N/A>
[雅虎搜索]
<res://C:\PROGRA~1\Yahoo!\ASSIST~1\Assist\yasbar.dll/246, N/A>

4706634 - 2006-10-4 15:19:00

==================================
Running Processes
[PID: 340][\SystemRoot\System32\smss.exe] [Microsoft Corporation, 5.1.2600.1106 (xpsp1.020828-1920)]
[PID: 484][\??\C:\WINDOWS\system32\csrss.exe] [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)]
[PID: 508][\??\C:\WINDOWS\system32\winlogon.exe] [Microsoft Corporation, 5.1.2600.1106 (xpsp1.020828-1920)]
[C:\WINDOWS\KB205910M.LOG] [N/A, N/A]
[C:\WINDOWS\System32\quartz32.dll] [, 4, 1, 0, 0]
[C:\WINDOWS\FtpServerKey.DLL] [N/A, N/A]
[PID: 556][C:\WINDOWS\system32\services.exe] [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)]
[C:\WINDOWS\KB205910M.LOG] [N/A, N/A]
[C:\WINDOWS\System32\quartz32.dll] [, 4, 1, 0, 0]
[PID: 568][C:\WINDOWS\system32\lsass.exe] [Microsoft Corporation, 5.1.2600.1106 (xpsp1.020828-1920)]
[C:\WINDOWS\KB205910M.LOG] [N/A, N/A]
[C:\WINDOWS\System32\quartz32.dll] [, 4, 1, 0, 0]
[PID: 748][C:\WINDOWS\system32\svchost.exe] [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)]
[C:\WINDOWS\KB205910M.LOG] [N/A, N/A]
[C:\WINDOWS\System32\quartz32.dll] [, 4, 1, 0, 0]
[C:\WINDOWS\FtpServerKey.DLL] [N/A, N/A]
[C:\Program Files\Internet Explorer\IEXPLORE.Sys] [N/A, N/A]
[C:\Program Files\Internet Explorer\IEXPLORE.Dat] [N/A, N/A]
[C:\Program Files\Internet Explorer\PLUGINS\Windows.sys] [N/A, N/A]
[PID: 840][C:\WINDOWS\System32\svchost.exe] [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)]
[C:\WINDOWS\KB205910M.LOG] [N/A, N/A]
[C:\WINDOWS\System32\quartz32.dll] [, 4, 1, 0, 0]
[c:\windows\system32\acss.dll] [LINKMEDIA Tech, 1, 5, 0, 4]
[c:\windows\system32\nwsapagent.dll] [LINKMEDIA Tech, 1, 5, 0, 4]
[PID: 988][C:\WINDOWS\System32\svchost.exe] [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)]
[C:\WINDOWS\KB205910M.LOG] [N/A, N/A]
[C:\WINDOWS\System32\quartz32.dll] [, 4, 1, 0, 0]
[PID: 1028][C:\WINDOWS\System32\svchost.exe] [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)]
[C:\WINDOWS\KB205910M.LOG] [N/A, N/A]
[C:\WINDOWS\System32\quartz32.dll] [, 4, 1, 0, 0]
[PID: 1148][C:\WINDOWS\system32\spoolsv.exe] [Microsoft Corporation, 5.1.2600.1699 (xpsp2.050610-1533)]
[C:\WINDOWS\KB205910M.LOG] [N/A, N/A]
[C:\WINDOWS\system32\Hummbird\hcllpr.dll] [Hummingbird Communications Ltd., 6.1.0.0]
[C:\WINDOWS\system32\Hummbird\hcllpr.nls] [Hummingbird Communications Ltd., 6.1.0.0]
[PID: 1272][C:\WINDOWS\System32\alg.exe] [Microsoft Corporation, 5.1.2600.1106 (xpsp1.020828-1920)]
[C:\WINDOWS\KB205910M.LOG] [N/A, N/A]
[C:\WINDOWS\System32\quartz32.dll] [, 4, 1, 0, 0]
[PID: 1292][C:\WINDOWS\System32\svchost.exe] [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)]
[c:\windows\system32\tasklist.dll] [N/A, N/A]
[C:\WINDOWS\KB205910M.LOG] [N/A, N/A]
[C:\WINDOWS\System32\quartz32.dll] [, 4, 1, 0, 0]
[PID: 1312][C:\WINDOWS\System32\svchost.exe] [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)]
[C:\WINDOWS\KB205910M.LOG] [N/A, N/A]
[C:\WINDOWS\System32\quartz32.dll] [, 4, 1, 0, 0]
[C:\WINDOWS\system32\COMAdEvent.dll] [N/A, N/A]
[C:\WINDOWS\FtpServerKey.DLL] [N/A, N/A]
[PID: 1372][C:\Program Files\Internet Explorer\IEXPLORE.EXE] [Microsoft Corporation, 6.00.2800.1106 (xpsp1.020828-1920)]
[C:\WINDOWS\KB205910M.LOG] [N/A, N/A]
[C:\WINDOWS\system32\ver2006.DLL] [N/A, N/A]
[C:\WINDOWS\System32\quartz32.dll] [, 4, 1, 0, 0]
[PID: 1392][C:\WINDOWS\SYSTEM32\DWRCS.EXE] [DameWare Development LLC, 4, 1, 0, 0]
[C:\WINDOWS\KB205910M.LOG] [N/A, N/A]
[C:\WINDOWS\System32\quartz32.dll] [, 4, 1, 0, 0]
[C:\WINDOWS\FtpServerKey.DLL] [N/A, N/A]
[PID: 1516][C:\WINDOWS\System32\Hummbird\inetd32.exe] [Hummingbird Communications Ltd., 6.1.0.0]
[C:\WINDOWS\System32\HCLNLS.dll] [Hummingbird Communications Ltd., 6.1.0.0]
[C:\WINDOWS\KB205910M.LOG] [N/A, N/A]
[C:\WINDOWS\System32\Hummbird\HCINETD.NLS] [N/A, N/A]
[PID: 1576][C:\WINDOWS\System32\inetsrv\inetinfo.exe] [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)]
[C:\WINDOWS\KB205910M.LOG] [N/A, N/A]
[PID: 1696][C:\WINDOWS\System32\snmp.exe] [Microsoft Corporation, 5.1.2600.1106 (xpsp1.020828-1920)]
[C:\WINDOWS\KB205910M.LOG] [N/A, N/A]
[PID: 1784][C:\WINDOWS\System32\wdfmgr.exe] [Microsoft Corporation, 5.2.3790.1230 built by: dnsrv(bld4act)]
[C:\WINDOWS\KB205910M.LOG] [N/A, N/A]
[PID: 1804][C:\WINDOWS\system32\sysmgr.exe] [N/A, N/A]
[C:\WINDOWS\KB205910M.LOG] [N/A, N/A]
[PID: 264][C:\program files\internet explorer\IEXPLORE.EXE] [Microsoft Corporation, 6.00.2800.1106 (xpsp1.020828-1920)]
[C:\WINDOWS\KB205910M.LOG] [N/A, N/A]
[C:\WINDOWS\FtpServerKey.DLL] [N/A, N/A]

4706634 - 2006-10-4 15:20:00

[C:\WINDOWS\System32\quartz32.dll] [, 4, 1, 0, 0]
[PID: 2904][c:\windows\system32\inetsrv\csrss.exe] [Microsoft, 1.0.0.0]
[C:\WINDOWS\KB205910M.LOG] [N/A, N/A]
[C:\WINDOWS\FtpServerKey.DLL] [N/A, N/A]
[PID: 1264][C:\Program Files\Common Files\Real\Update_OB\realsched.exe] [RealNetworks, Inc., 0.1.0.3510]
[C:\WINDOWS\KB205910M.LOG] [N/A, N/A]
[C:\WINDOWS\FtpServerKey.DLL] [N/A, N/A]
[C:\Program Files\Internet Explorer\PLUGINS\Windows.sys] [N/A, N/A]
[C:\Program Files\Internet Explorer\IEXPLORE.Dat] [N/A, N/A]
[C:\Program Files\Internet Explorer\IEXPLORE.Sys] [N/A, N/A]
[PID: 3352][C:\WINDOWS\System32\Realplayer.exe] [N/A, N/A]
[C:\WINDOWS\KB205910M.LOG] [N/A, N/A]
[PID: 4012][C:\Program Files\CNNIC\Cdn\cdnup.exe] [, 2, 4, 0, 6]
[C:\WINDOWS\KB205910M.LOG] [N/A, N/A]
[C:\WINDOWS\FtpServerKey.DLL] [N/A, N/A]
[C:\Program Files\CNNIC\Cdn\cdnforie.dll] [CNNIC, 2, 0, 0, 2]
[C:\Program Files\Internet Explorer\PLUGINS\Windows.sys] [N/A, N/A]
[C:\Program Files\Internet Explorer\IEXPLORE.Dat] [N/A, N/A]
[C:\Program Files\Internet Explorer\IEXPLORE.Sys] [N/A, N/A]
[PID: 4048][C:\WINDOWS\WINLOGON.EXE] [lFVjBhx2wUsWKHo8Rznh, 0.00.0118]
[C:\WINDOWS\KB205910M.LOG] [N/A, N/A]
[C:\WINDOWS\FtpServerKey.DLL] [N/A, N/A]
[C:\Program Files\CNNIC\Cdn\cdnforie.dll] [CNNIC, 2, 0, 0, 2]
[C:\Program Files\Internet Explorer\IEXPLORE.Sys] [N/A, N/A]
[C:\Program Files\Internet Explorer\IEXPLORE.Dat] [N/A, N/A]
[C:\Program Files\Internet Explorer\PLUGINS\Windows.sys] [N/A, N/A]
[PID: 3172][C:\WINDOWS\System32\conime.exe] [Microsoft Corporation, 5.1.2600.1106 (xpsp1.020828-1920)]
[C:\WINDOWS\KB205910M.LOG] [N/A, N/A]
[C:\Program Files\CNNIC\Cdn\cdnforie.dll] [CNNIC, 2, 0, 0, 2]
[C:\WINDOWS\FtpServerKey.DLL] [N/A, N/A]
[C:\Program Files\Internet Explorer\PLUGINS\Windows.sys] [N/A, N/A]
[C:\Program Files\Internet Explorer\IEXPLORE.Dat] [N/A, N/A]
[C:\Program Files\Internet Explorer\IEXPLORE.Sys] [N/A, N/A]
[PID: 2692][C:\WINDOWS\System32\rundll32.exe] [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)]
[C:\WINDOWS\KB205910M.LOG] [N/A, N/A]
[C:\WINDOWS\System32\sdmAgent20.dll] [LINKMEDIA Tech, 1, 5, 0, 7]
[C:\Program Files\CNNIC\Cdn\cdnforie.dll] [CNNIC, 2, 0, 0, 2]
[C:\WINDOWS\FtpServerKey.DLL] [N/A, N/A]
[C:\Program Files\Internet Explorer\PLUGINS\Windows.sys] [N/A, N/A]
[C:\WINDOWS\System32\quartz32.dll] [, 4, 1, 0, 0]
[C:\Program Files\Internet Explorer\IEXPLORE.Dat] [N/A, N/A]
[C:\Program Files\Internet Explorer\IEXPLORE.Sys] [N/A, N/A]
[PID: 192][D:\Softwares\123\Luxor AR.exe] [MumboJumbo, LLC, 1.5.5.8]
[C:\WINDOWS\KB205910M.LOG] [N/A, N/A]
[D:\Softwares\123\core.dll] [N/A, N/A]
[D:\Softwares\123\file.dll] [N/A, N/A]
[D:\Softwares\123\logger.dll] [N/A, N/A]
[D:\Softwares\123\ui2.dll] [N/A, N/A]
[D:\Softwares\123\gfx2d.dll] [N/A, N/A]
[D:\Softwares\123\imglib.dll] [N/A, N/A]
[D:\Softwares\123\jpeg.dll] [N/A, N/A]
[D:\Softwares\123\snd3d.dll] [N/A, N/A]
[D:\Softwares\123\crash.dll] [N/A, N/A]
[C:\Program Files\CNNIC\Cdn\cdnforie.dll] [CNNIC, 2, 0, 0, 2]
[C:\WINDOWS\FtpServerKey.DLL] [N/A, N/A]
[D:\Softwares\123\gfx2d_dx8.dll] [N/A, N/A]
[D:\Softwares\123\snd3d_fmod.dll] [N/A, N/A]
[D:\Softwares\123\fmod.dll] [Firelight Technologies Pty, Ltd, 3.74]
[C:\Program Files\Internet Explorer\PLUGINS\Windows.sys] [N/A, N/A]
[C:\Program Files\Internet Explorer\IEXPLORE.Dat] [N/A, N/A]
[C:\Program Files\Internet Explorer\IEXPLORE.Sys] [N/A, N/A]
[PID: 3204][C:\WINDOWS\Explorer.exe] [Microsoft Corporation, 6.00.2800.1106 (xpsp1.020828-1920)]
[C:\WINDOWS\KB205910M.LOG] [N/A, N/A]
[C:\WINDOWS\System32\Rsvtub.dll] [N/A, N/A]
[C:\Program Files\CNNIC\Cdn\cdnforie.dll] [CNNIC, 2, 0, 0, 2]
[C:\WINDOWS\FtpServerKey.DLL] [N/A, N/A]
[C:\WINDOWS\System32\quartz32.dll] [, 4, 1, 0, 0]
[C:\Program Files\Internet Explorer\PLUGINS\Windows.sys] [N/A, N/A]
[C:\Program Files\Internet Explorer\IEXPLORE.Sys] [N/A, N/A]
[C:\Program Files\Internet Explorer\IEXPLORE.Dat] [N/A, N/A]
[C:\WINDOWS\System32\DLMon.dll] [N/A, N/A]
[C:\WINDOWS\Downloaded Program Files\swflash.dll] [N/A, N/A]
[C:\Program Files\WinRAR\rarext.dll] [N/A, N/A]
[C:\WINDOWS\System32\xunleibho_v14.dll] [Thunder Networking Technologies,LTD, 4, 6, 0, 62]
[C:\Program Files\baigoo\BGooBHO.dll] [, 1, 0, 0, 1]
[C:\WINDOWS\System32\mskey32.dll] [Microsoft, 1, 0, 0, 1]
[C:\WINDOWS\system32\browsewmzero.dll] [N/A, N/A]
[C:\Program Files\Exceed.nt\HESHELL.DLL] [Hummingbird Communications Ltd., Version: 6.2.0.0]
[PID: 3232][C:\WINDOWS\System32\Rundll32.exe] [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)]
[C:\WINDOWS\KB205910M.LOG] [N/A, N/A]
[C:\PROGRA~1\pcast\hbcast.dll] [Shanghai Henbang Technology Co., Ltd, 1, 1, 3, 8]
[C:\Program Files\CNNIC\Cdn\cdnforie.dll] [CNNIC, 2, 0, 0, 2]
[C:\Program Files\Internet Explorer\PLUGINS\Windows.sys] [N/A, N/A]
[C:\WINDOWS\FtpServerKey.DLL] [N/A, N/A]
[C:\Program Files\Internet Explorer\IEXPLORE.Dat] [N/A, N/A]
[C:\Program Files\Internet Explorer\IEXPLORE.Sys] [N/A, N/A]
[PID: 3376][C:\Program Files\Internet Explorer\IEXPLORE.EXE] [Microsoft Corporation, 6.00.2800.1106 (xpsp1.020828-1920)]
[C:\WINDOWS\KB205910M.LOG] [N/A, N/A]
[C:\Program Files\CNNIC\Cdn\cdnforie.dll] [CNNIC, 2, 0, 0, 2]
[C:\Program Files\Internet Explorer\PLUGINS\Windows.sys] [N/A, N/A]
[C:\WINDOWS\FtpServerKey.DLL] [N/A, N/A]
[C:\WINDOWS\System32\xunleibho_v14.dll] [Thunder Networking Technologies,LTD, 4, 6, 0, 62]
[C:\Program Files\DeskAdTop\deskipn.dll] [, 1, 0, 0, 1]
[C:\WINDOWS\System32\SYSREA~1.DLL] [Kmedia, 1, 0, 0, 2]
[C:\PROGRA~1\pcast\hbcast.dll] [Shanghai Henbang Technology Co., Ltd, 1, 1, 3, 8]
[C:\WINDOWS\system32\YHBO.dll] [YHBO, 1.0.0.1]
[C:\Program Files\baigoo\BGooBHO.dll] [, 1, 0, 0, 1]
[C:\WINDOWS\System32\mskey32.dll] [Microsoft, 1, 0, 0, 1]
[C:\WINDOWS\system32\COMBoHEvent.dll] [N/A, N/A]
[C:\WINDOWS\system32\browsewmzero.dll] [N/A, N/A]
[C:\Program Files\Internet Explorer\IEXPLORE.Dat] [N/A, N/A]
[C:\Program Files\Internet Explorer\IEXPLORE.Sys] [N/A, N/A]
[C:\WINDOWS\system32\Inte.dll] [N/A, N/A]
[C:\WINDOWS\system32\HTTPDll.dll] [TODO: <公司名>, 1.0.0.1]
[C:\WINDOWS\system32\COMAdEvent.dll] [N/A, N/A]
[PID: 2448][Z:\LOGISTICS\Receiving\B班文件\Tools\SREng\SREng.exe] [Smallfrogs Studio, 2.2.6.605]
[C:\WINDOWS\KB205910M.LOG] [N/A, N/A]
[C:\Program Files\CNNIC\Cdn\cdnforie.dll] [CNNIC, 2, 0, 0, 2]
[C:\Program Files\Internet Explorer\PLUGINS\Windows.sys] [N/A, N/A]
[C:\WINDOWS\FtpServerKey.DLL] [N/A, N/A]
[C:\Program Files\Internet Explorer\IEXPLORE.Dat] [N/A, N/A]
[C:\Program Files\Internet Explorer\IEXPLORE.Sys] [N/A, N/A]

==================================
File Associations
.TXT OK. [%SystemRoot%\system32\NOTEPAD.EXE %1]
.EXE Error. [winfiles]
.COM OK. ["%1" %*]
.PIF OK. ["%1" %*]
.REG OK. [regedit.exe "%1"]
.BAT OK. ["%1" %*]
.SCR OK. ["%1" /S]
.CHM OK. ["C:\WINDOWS\hh.exe" %1]
.HLP OK. [%SystemRoot%\System32\winhlp32.exe %1]
.INI OK. [%SystemRoot%\System32\NOTEPAD.EXE %1]
.INF OK. [%SystemRoot%\System32\NOTEPAD.EXE %1]
.VBS OK. [%SystemRoot%\System32\WScript.exe "%1" %*]
.JS Error. []
.LNK OK. [{00021401-0000-0000-C000-000000000046}]

==================================
Winsock Provider
MSTCPChain Provider
C:\WINDOWS\System32\quartz32.dll(, MFClDLL)
MSTCP Provider
C:\WINDOWS\System32\quartz32.dll(, MFClDLL)

==================================
Autorun.Inf
[C:\]
[AutoRun]
open=pagefile.pif
shellexecute=pagefile.pif
shell\Auto\command=pagefile.pif
[D:\]
[autorun]
OPEN=D:\pagefile.pif

==================================
HOSTS File
127.0.0.1 localhost
59.34.148.98 www.hao123.com

==================================

瑞星卡卡安全论坛