前2天中毒...今天连网页都上不了~(日志) bbs.ikaka.com

毒孽太深 - 2006-11-11 11:42:00

前2天中了毒....游戏还能玩..不过网页先被锁定...今天连上都不能上了....
兔子和完美都用不了~~完美从新装也没用....

2006-11-11,11:22:40

System Repair Engineer 2.2.6.605
Smallfrogs (http://www.KZTechs.com)

Windows XP Professional Service Pack 2 (Build 2600)
- 管理权限用户 - 完整功能

以下内容被选中：
所有的启动项目（包括注册表、启动文件夹、服务等）
浏览器加载项
正在运行的进程（包括进程模块信息）
文件关联
Winsock 提供者
Autorun.inf
HOSTS 文件

启动项目
注册表
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
<ctfmon.exe><C:\WINDOWS\system32\ctfmon.exe> [(Verified)Microsoft Corporation]
<bgswitch><C:\WINDOWS\system32\bgswitch.exe> [N/A]
<NexonPlug><C:\Program Files\Nexon\NexonPlug\NexonPlug.exe> [N/A]
<Super Rabbit IEPro><C:\Program Files\Super Rabbit\MagicSet\SRIECLI.EXE /LOAD> [N/A]
<ProxyCap><D:\跑跑韩服\crack\proxycap.exe> [Proxy Labs]
[HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows]
<load><> [N/A]
<run><> [N/A]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
<IMJPMIG8.1><"C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32> [(Verified)Microsoft Corporation]
<PHIME2002ASync><C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC> [(Verified)Microsoft Corporation]
<PHIME2002A><C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName> [(Verified)Microsoft Corporation]
<TkBellExe><"C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot> [RealNetworks, Inc.]
<CnsMin><Rundll32.exe C:\WINDOWS\DOWNLO~1\CnsMin.dll,Rundll32> [北京三七二一科技有限公司]
<Thunder><"E:\迅雷\Thunder.exe" /s> [Thunder Networking Technologies,LTD]
<LiveUpatePower><E:\完美卸载\完美卸载V2006\MyUpdate.exe -PowerOn> [N/A]
<IMEKRMIG6.1><C:\WINDOWS\ime\imkr6_1\IMEKRMIG.EXE> [(Verified)Microsoft Corporation]
<MSPY2002><C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC> [(Verified)N/A]
<SoundMan><SOUNDMAN.EXE> [(Verified)Realtek Semiconductor Corp.]
<SOUNDM><win32smd.exe> [N/A]
<WinStar><C:\WINDOWS\IEXPL0RE.exe> [N/A]
<KAVPersonal50><"E:\卡巴斯基\shadu\Kaspersky Anti-Virus Personal\kav.exe" /minimize> [Kaspersky Lab]
<Rundll32><C:\WINDOWS\Rundll32.exe> [N/A]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
<shell><Explorer.exe> [(Verified)Microsoft Corporation]
<Userinit><C:\WINDOWS\system32\userinit.exe,> [(Verified)Microsoft Corporation]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Windows]
<AppInit_DLLs><49400M.BMP> [N/A]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
<UIHost><logonui.exe> [(Verified)Microsoft Corporation]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
<AdobePDF><c:\program files\internet explorer\PLUGINS\nppdf.dll> [N/A]

==================================
启动文件夹
[eBay易趣--全球商品一网打尽]
<C:\Documents and Settings\All Users\「开始」菜单\程序\启动\eBay易趣--全球商品一网打尽.lnk --> C:\PROGRA~1\EbayShop\EbayShop.exe []><N>
[星空极速]
<C:\Documents and Settings\All Users\「开始」菜单\程序\启动\星空极速.lnk --> C:\PROGRA~1\ChinaNet\VNETCL~1.EXE []><N>
[卡巴斯基反黑客]
<C:\Documents and Settings\All Users\「开始」菜单\程序\启动\卡巴斯基反黑客.lnk --> E:\卡巴斯基\KASPER~1\KAVPF.exe [Kaspersky Lab]><N>
[腾讯QQ]
<C:\Documents and Settings\new\「开始」菜单\程序\启动\腾讯QQ.lnk --> C:\PROGRA~1\QQ2005\QQ.exe [TENCENT]><N>

==================================
服务
[Human Interface Device Access / HidServ]
<C:\WINDOWS\System32\svchost.exe -k netsvcs-->%SystemRoot%\System32\hidserv.dll><N/A>
[kavsvc / kavsvc]
<"E:\卡巴斯基\shadu\Kaspersky Anti-Virus Personal\kavsvc.exe"><Kaspersky Lab>
[NT Data Provider / MouTALS]
<C:\WINDOWS\SYSTEM32\RUNDLL.EXE C:\WINDOWS\SYSTEM32\WBEM\SMTPCONFS.DLL,Export 1087><Microsoft Corporation>
[Security Accounts / Sac]
<C:\WINDOWS\smcc.exe><N/A>
[Event Service / Trial]
<C:\WINDOWS\System32\svchost.exe -k netsvcs-->C:\WINDOWS\system32\mssapi.dll><N/A>
[User Profile Hive Cleanup / UPHClean]
<C:\Program Files\UPHClean\uphclean.exe><Microsoft Corporation>
[Windows Kernel Services / Windows Kernel Services]
<"C:\WINDOWS\winlogon.exe"><N/A>

==================================
驱动程序
[abp480n5 / abp480n5]
<C:\WINDOWS\SYSTEM32\DRIVERS\abp480n5.SYS><Microsoft Corporation>
[Intel(r) 82801 Audio Driver Install Service (WDM) / ac97intc]
<system32\drivers\ac97intc.sys><Intel Corporation>
[adpu160m / adpu160m]
<C:\WINDOWS\SYSTEM32\DRIVERS\adpu160m.SYS><Microsoft Corporation>
[Aha154x / Aha154x]
<C:\WINDOWS\SYSTEM32\DRIVERS\Aha154x.SYS><Microsoft Corporation>
[aic78u2 / aic78u2]
<C:\WINDOWS\SYSTEM32\DRIVERS\aic78u2.SYS><Microsoft Corporation>
[aic78xx / aic78xx]
<C:\WINDOWS\SYSTEM32\DRIVERS\aic78xx.SYS><Microsoft Corporation>
[Service for Realtek AC97 Audio (WDM) / ALCXWDM]
<system32\drivers\ALCXWDM.SYS><Realtek Semiconductor Corp.>
[AliIde / AliIde]
<\SystemRoot\System32\DRIVERS\aliide.sys><N/A>
[asc / asc]
<C:\WINDOWS\SYSTEM32\DRIVERS\asc.SYS><Advanced System Products, Inc.>
[asc3550 / asc3550]
<C:\WINDOWS\SYSTEM32\DRIVERS\asc3550.SYS><Advanced System Products, Inc.>
[CmdIde / CmdIde]
<\SystemRoot\System32\DRIVERS\cmdide.sys><CMD Technology, Inc.>
[EagleNT / EagleNT]
<\??\C:\WINDOWS\system32\drivers\EagleNT.sys><N/A>
[VIA PCI 10/100Mb Fast Ethernet Adapter NT Driver / FETNDIS]
<system32\DRIVERS\fetnd5.sys><N/A>
[HWiNFO32 Kernel Driver / HWiNFO32]
<\??\C:\Program Files\HWiNFO32\HWiNFO32.SYS><REALiX(tm)>
[ini910u / ini910u]

毒孽太深 - 2006-11-11 11:42:00

<C:\WINDOWS\SYSTEM32\DRIVERS\ini910u.SYS><Microsoft Corporation>
[Kl1 / Kl1]
<\SystemRoot\System32\drivers\kl1.sys><Kaspersky Lab>
[Klif / Klif]
<System32\drivers\klif.sys><Kaspersky Labs>
[Klmc / Klmc]
<System32\drivers\klmc.sys><Kaspersky Lab>
[Klpf / Klpf]
<\SystemRoot\System32\drivers\Klpf.sys><KL>
[Klpid / Klpid]
<\SystemRoot\System32\drivers\Klpid.sys><KL>
[kmsinput / kmsinput]
<\??\C:\WINDOWS\system32\drivers\kmsinput.sys><N/A>
[MegaIDE / MegaIDE]
<\SystemRoot\System32\DRIVERS\MegaIDE.sys><LSI Logic Corporation.>
[mraid35x / mraid35x]
<C:\WINDOWS\SYSTEM32\DRIVERS\mraid35x.SYS><American Megatrends Inc.>
[NetGroup Packet Filter Driver / Npf]
<system32\drivers\npf.sys><CACE Technologies>
[npkcrypt / npkcrypt]
<\??\D:\QQ\npkcrypt.sys><INCA Internet Co., Ltd.>
[npkycryp / npkycryp]
<\??\C:\Program Files\QQ2005\npkycryp.sys><N/A>
[nv / nv]
<system32\DRIVERS\nv4_mini.sys><NVIDIA Corporation>
[nwlnksipx / nwlnksipx]
<\??\C:\WINDOWS\system32\drivers\nwlnksipx.sys><Microsoft Corporation>
[Direct Parallel Link Driver / Ptilink]
<system32\DRIVERS\ptilink.sys><Parallel Technologies, Inc.>
[ql1080 / ql1080]
<C:\WINDOWS\SYSTEM32\DRIVERS\ql1080.SYS><QLogic Corporation>
[Ql10wnt / Ql10wnt]
<C:\WINDOWS\SYSTEM32\DRIVERS\Ql10wnt.SYS><Microsoft Corporation>
[ql12160 / ql12160]
<C:\WINDOWS\SYSTEM32\DRIVERS\ql12160.SYS><QLogic Corporation>
[ql1280 / ql1280]
<C:\WINDOWS\SYSTEM32\DRIVERS\ql1280.SYS><QLogic Corporation>
[Realtek 10/100/1000 NIC Family all in one NDIS XP Driver / RTL8023xp]
<system32\DRIVERS\Rtlnicxp.sys><Realtek Semiconductor Corporation>
[Secdrv / Secdrv]
<system32\DRIVERS\secdrv.sys><N/A>
[Sparrow / Sparrow]
<C:\WINDOWS\SYSTEM32\DRIVERS\Sparrow.SYS><Adaptec, Inc.>
[symc810 / symc810]
<C:\WINDOWS\SYSTEM32\DRIVERS\symc810.SYS><Symbios Logic Inc.>
[symc8xx / symc8xx]
<C:\WINDOWS\SYSTEM32\DRIVERS\symc8xx.SYS><LSI Logic>
[sym_hi / sym_hi]
<C:\WINDOWS\SYSTEM32\DRIVERS\sym_hi.SYS><LSI Logic>
[sym_u3 / sym_u3]
<C:\WINDOWS\SYSTEM32\DRIVERS\sym_u3.SYS><LSI Logic>
[TSP / TSP]
<\??\C:\WINDOWS\system32\drivers\klif.sys><Kaspersky Labs>
[ultra / ultra]
<C:\WINDOWS\SYSTEM32\DRIVERS\ultra.SYS><Promise Technology, Inc.>

==================================
浏览器加载项
[VnetCookie Class]
{4E83D567-4697-4F7B-B1F0-A513B01DB89A} <c:\PROGRA~1\chinanet\VNETTR~1.DLL, >
[QQBrowserHelperObject Class]
{54EBD53A-9BC1-480B-966A-843A333CA162} <C:\Program Files\QQ2005\QQIEHelper.dll, N/A>
[超级兔子上网精灵]
{7369D35A-5B70-4A5B-B789-B25FE09B4AF3} <C:\PROGRA~1\SUPERR~1\MAGICSET\haokanbar.dll, Xiang Feng Technology>
[Thunder Browser Helper]
{889D2FEB-5411-4565-8998-1DD2C5261283} <E:\迅雷\ComDlls\XunLeiBHO_002.dll, Thunder Networking Technologies,LTD>
[]
{A9930D97-9CF0-42A0-A10D-4F28836579D5} <D:\PROGRA~1\KuGoo3\KUGOO3~1.OCX, N/A>
[NTIECatcher Class]
{C56CB6B0-0D96-11D6-8C65-B2868B609932} <C:\Program Files\Xi\NetTransport 2\NTIEHelper.dll, Xi>
[assist]
{FE3ECAE7-0A37-4506-8A7D-3CC9A04D2CA8} <C:\PROGRA~1\Yahoo!\ASSIST~1\Assist\yassist.dll, Yahoo! China>
[启动迅雷]
{0062C9BD-B349-40DE-91A0-755F37ACD559} <E:\迅雷\Thunder.exe, Thunder Networking Technologies,LTD>
[浩方对战平台]
{0A155D3C-68E2-4215-A47A-E800A446447A} <D:\魔兽\浩方对战平台\GameClient.exe, 上海浩方在线信息技术有限公司>
[Yahoo 3.5G电邮]
{507F9113-CD77-4866-BA92-0E86DA3D0B97} <http://cn.zs.yahoo.com/cnsbutton.htm?source=cns&btn=yahoomail, N/A>
[名品折扣]
{59BC54A2-56B3-44a0-93E5-432D58746E26} <http://adtaobao.allyes.com/main/adfclick?db=adtaobao&bid=138,140,18&cid=816,8,1&sid=5042&show=ignore&url=http://www.taobao.com/vertical/mall/pro.php?allyesPara=816, N/A>
[雅虎助手]
{5D73EE86-05F1-49ed-B850-E423120EC338} <http://cn.zs.yahoo.com/cnsbutton.htm?source=cns&btn=yassist, N/A>

毒孽太深 - 2006-11-11 11:43:00

[微软]
{6096E38F-5AC1-4391-8EC4-75DFA92FB32F} <http://www.microsoft.com/china/index.htm, N/A>
[雅虎WIDGET]
{6354ABE6-05F1-49ed-B850-E423120EC338} <http://cn.widget.yahoo.com/index.htm?source=Cns, N/A>
[QQ]
{c95fe080-8f5d-11d2-a20b-00aa003c157b} <D:\QQ2005\QQ.EXE, N/A>
[QQIEFloatBarCfgCmd Class]
{DEDEB80D-FA35-45d9-9460-4983E5A8AFE6} <C:\Program Files\QQ2005\QQIEHelper.dll, N/A>
[情景聊天]
{E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} <http://cn.zs.yahoo.com/cnsbutton.htm?source=cns&btn=yahoomsg, N/A>
[]
{ECF2E268-F28C-48d2-9AB7-8F69C11CCB71} <http://cn.zs.yahoo.com/cnsbutton.htm?source=cns&btn=repair, N/A>
[Messenger]
{FB5F1910-F110-11d2-BB9E-00C04F795683} <C:\Program Files\Messenger\msmsgs.exe, Microsoft Corporation>
[]
{FD00D911-7529-4084-9946-A29F1BDF4FE5} <http://cn.zs.yahoo.com/cnsbutton.htm?source=cns&btn=clean, N/A>
[雅虎助手]
{406F94F0-504F-4A40-8DFD-58B0666ABEBD} <C:\PROGRA~1\Yahoo!\ASSIST~1\Assist\yasbar.dll, yahoo! china>
[超级兔子上网精灵]
{43869BB3-22FD-4F15-9B46-238106BA2F4E} <C:\PROGRA~1\SUPERR~1\MAGICSET\haokanbar.dll, Xiang Feng Technology>
[Ad Engine]
{077FD0C3-1291-4104-A356-41E36B252682} <C:\Program Files\Yayad\AdCore.dll, CDM>
[PeerDraw Class]
{10072CEC-8CC1-11D1-986E-00A0C955B42E} <C:\Program Files\Common Files\Microsoft Shared\VGX\vgx.dll, Microsoft Corporation>
[Windows Genuine Advantage Validation Tool]
{17492023-C23A-453E-A040-C7C580BBF700} <C:\WINDOWS\system32\legitcheckcontrol.dll, Microsoft Corporation>
[XLink Class]
{18F57D30-EF36-4C0E-9343-7BFA6DF79B4A} <C:\WINDOWS\system32\aelupsvc32.dll, >
[Windows Media Player]
{22D6F312-B0F6-11D0-94AB-0080C74C7E95} <C:\WINDOWS\system32\wmpdxm.dll, Microsoft Corporation>
[CNxConnCtrl Object]
{25142CCA-6788-434C-80BB-B9026F4273A1} <C:\WINDOWS\nxconn3.ocx, Nexon>
[HTML Document]
{25336920-03F9-11CF-8FD0-00AA00686F13} <%SystemRoot%\system32\mshtml.dll, N/A>
[DHTML Edit Control Safe for Scripting for IE5]
{2D360201-FFF5-11D1-8D03-00A0C959BC0A} <C:\Program Files\Common Files\Microsoft Shared\Triedit\dhtmled.ocx, Microsoft Corporation>
[雅虎助手]
{406F94F0-504F-4A40-8DFD-58B0666ABEBD} <C:\PROGRA~1\Yahoo!\ASSIST~1\Assist\yasbar.dll, yahoo! china>
[超级兔子上网精灵]
{43869BB3-22FD-4F15-9B46-238106BA2F4E} <C:\PROGRA~1\SUPERR~1\MAGICSET\haokanbar.dll, Xiang Feng Technology>
[VnetCookie Class]
{4E83D567-4697-4F7B-B1F0-A513B01DB89A} <c:\PROGRA~1\chinanet\VNETTR~1.DLL, >
[QQBrowserHelperObject Class]
{54EBD53A-9BC1-480B-966A-843A333CA162} <C:\Program Files\QQ2005\QQIEHelper.dll, N/A>
[Shell Name Space]
{55136805-B2DE-11D1-B9F2-00A0C98BC547} <%SystemRoot%\system32\shdocvw.dll, N/A>
[Yahoo!Live]
{57421194-58FB-49AE-9B4F-FD48869B9AD4} <C:\PROGRA~1\Yahoo!\ASSIST~1\YAlive.dll, yahoo! china>
[WUWebControl Class]
{6414512B-B978-451D-A0D8-FCFDF33E833C} <C:\WINDOWS\system32\wuweb.dll, Microsoft Corporation>
[Windows Media Player]
{6BF52A52-394A-11D3-B153-00C04F79FAA6} <C:\WINDOWS\system32\wmp.dll, Microsoft Corporation>
[BHOImp Class]
{70AFF2CB-9DA2-499C-8D15-900729FCE83D} <C:\WINDOWS\system32\YHBO.dll, YHBO>
[Active Desktop Mover]
{72267F6A-A6F9-11D0-BC94-00C04FB67863} <%SystemRoot%\system32\SHELL32.dll, N/A>
[超级兔子上网精灵]
{7369D35A-5B70-4A5B-B789-B25FE09B4AF3} <C:\PROGRA~1\SUPERR~1\MAGICSET\haokanbar.dll, Xiang Feng Technology>
[MediaComm Class]
{7670648D-461B-42AF-BDFE-46D26AF5EFF2} <E:\迅雷\Components\InMedia\MediaAddin07.dll, Thunder Networking Technologies,LTD>
[RestrictWordCtrl Class]
{7B030E2F-E210-4A1D-9837-861E9CB3B42A} <C:\WINDOWS\restrictword.ocx, TODO: <?? ??>>
[AutoLive]
{7CA83CF1-3AEA-42D0-A4E3-1594FC6E48B2} <C:\PROGRA~1\3721\autolive.dll, >
[Microsoft Web 浏览器]
{8856F961-340A-11D0-A96B-00C04FD705A2} <C:\WINDOWS\system32\shdocvw.dll, Microsoft Corporation>
[Thunder Browser Helper]
{889D2FEB-5411-4565-8998-1DD2C5261283} <E:\迅雷\ComDlls\XunLeiBHO_002.dll, Thunder Networking Technologies,LTD>
[]
{A9930D97-9CF0-42A0-A10D-4F28836579D5} <D:\PROGRA~1\KuGoo3\KUGOO3~1.OCX, N/A>
[Microsoft Scriptlet Component]
{AE24FDAE-03C6-11D1-8B76-0080C744F389} <C:\WINDOWS\system32\mshtml.dll, Microsoft Corporation>
[SearchAssistantOC]
{B45FF030-4447-11D2-85DE-00C04FA35C89} <%SystemRoot%\system32\shdocvw.dll, N/A>
[3721]
{B83FC273-3522-4CC6-92EC-75CC86678DA4} <C:\WINDOWS\Downloaded Program Files\CnsMin.dll, 北京三七二一科技有限公司>
[RDS.DataSpace]
{BD96C556-65A3-11D0-983A-00C04FC29E36} <C:\Program Files\Common Files\System\msadc\msadco.dll, Microsoft Corporation>
[NTIECatcher Class]
{C56CB6B0-0D96-11D6-8C65-B2868B609932} <C:\Program Files\Xi\NetTransport 2\NTIEHelper.dll, Xi>
[VIDEO__X_MS_WMV Moniker Class]
{CD3AFA94-B84F-48F0-9393-7EDC34128127} <C:\WINDOWS\system32\wmp.dll, Microsoft Corporation>
[RealPlayer G2 Control]
{CFCDAA03-8BE4-11CF-B84B-0020AFBBCCFA} <C:\WINDOWS\system32\rmoc3260.dll, RealNetworks, Inc.>
[CnsHook Class]

毒孽太深 - 2006-11-11 11:43:00

{D157330A-9EF3-49F8-9A67-4141AC41ADD4} <C:\WINDOWS\DOWNLO~1\CnsHook.dll, N/A>
[Shockwave Flash Object]
{D27CDB6E-AE6D-11CF-96B8-444553540000} <C:\WINDOWS\system32\Macromed\Flash\Flash9.ocx, Adobe Systems, Inc.>
[TencentVmpCtl Class]
{D9819BD5-422B-4281-8523-726466ED692B} <C:\Program Files\Tencent\Viewpoint Media Player\AxMetaStream.dll, Viewpoint Corporation>
[assist]
{FE3ECAE7-0A37-4506-8A7D-3CC9A04D2CA8} <C:\PROGRA~1\Yahoo!\ASSIST~1\Assist\yassist.dll, Yahoo! China>
[&使用迅雷下载]
<E:\迅雷\Program\GetUrl.htm, N/A>
[&使用迅雷下载全部链接]
<E:\迅雷\Program\GetAllUrl.htm, N/A>
[上传到QQ网络硬盘]
<C:\WINDOWS\QQ2005\AddToNetDisk.htm, N/A>
[使用KuGoo3下载(&K)]
<D:\Program Files\KuGoo3\KuGoo3DownX.htm, N/A>
[使用影音传送带下载]
<C:\Program Files\Xi\NetTransport 2\NTAddLink.html, N/A>
[使用影音传送带下载全部链接]
<C:\Program Files\Xi\NetTransport 2\NTAddList.html, N/A>
[导出到 Microsoft Office Excel(&X)]
<res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000, N/A>
[添加到QQ自定义面板]
<C:\WINDOWS\QQ2005\AddPanel.htm, N/A>
[添加到QQ表情]
<C:\WINDOWS\QQ2005\AddEmotion.htm, N/A>
[用QQ彩信发送该图片]
<C:\WINDOWS\QQ2005\SendMMS.htm, N/A>
[雅虎搜索]
<res://C:\PROGRA~1\Yahoo!\ASSIST~1\Assist\yasbar.dll/203, N/A>

==================================
正在运行的进程
[PID: 476][\SystemRoot\System32\smss.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 540][\??\C:\WINDOWS\system32\csrss.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 564][\??\C:\WINDOWS\system32\winlogon.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 608][C:\WINDOWS\system32\services.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 620][C:\WINDOWS\system32\lsass.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[C:\WINDOWS\system32\w2pxdrv.dll] [Proxy Labs, 3, 0, 0, 3]
[PID: 772][C:\WINDOWS\system32\svchost.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 816][C:\WINDOWS\system32\svchost.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[C:\WINDOWS\system32\aelupsvc32.dll] [, 4, 1, 0, 0]
[C:\WINDOWS\system32\w2pxdrv.dll] [Proxy Labs, 3, 0, 0, 3]
[PID: 880][C:\WINDOWS\System32\svchost.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[C:\WINDOWS\System32\w2pxdrv.dll] [Proxy Labs, 3, 0, 0, 3]
[C:\WINDOWS\system32\aelupsvc32.dll] [, 4, 1, 0, 0]
[PID: 924][C:\WINDOWS\system32\svchost.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[C:\WINDOWS\system32\w2pxdrv.dll] [Proxy Labs, 3, 0, 0, 3]
[PID: 988][C:\WINDOWS\system32\svchost.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[C:\WINDOWS\system32\w2pxdrv.dll] [Proxy Labs, 3, 0, 0, 3]
[PID: 1212][C:\WINDOWS\system32\spoolsv.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 1412][C:\WINDOWS\Explorer.EXE] [Microsoft Corporation, 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)]
[C:\PROGRA~1\Yahoo!\ASSIST~1\Yhelper.dll] [Yahoo! China, 3, 0, 3, 1021]
[C:\PROGRA~1\Yahoo!\ASSIST~1\assist\ypatch.dll] [Yahoo! China, 3, 1, 3, 1019]
[C:\WINDOWS\DOWNLO~1\CnsMin.dll] [北京三七二一科技有限公司, 1, 5, 1, 9]
[C:\PROGRA~1\Yahoo!\ASSIST~1\YAlive.dll] [yahoo! china, 3, 2, 5, 1075]
[C:\PROGRA~1\Yahoo!\ASSIST~1\Yalliveex.dll] [Yahoo! China, 3, 0, 1, 1010]
[E:\迅雷\ComDlls\XunLeiBHO_002.dll] [Thunder Networking Technologies,LTD, 5, 0, 0, 2]
[D:\PROGRA~1\KuGoo3\KUGOO3~1.OCX] [N/A, N/A]
[C:\Program Files\Xi\NetTransport 2\NTIEHelper.dll] [Xi, 1.91.12]
[C:\PROGRA~1\Yahoo!\ASSIST~1\Assist\yassist.dll] [Yahoo! China, 3, 1, 0, 1015]
[PID: 1532][C:\Program Files\Common Files\Real\Update_OB\realsched.exe] [RealNetworks, Inc., 0.1.0.3275]
[C:\WINDOWS\DOWNLO~1\CnsMin.dll] [北京三七二一科技有限公司, 1, 5, 1, 9]
[PID: 1540][C:\WINDOWS\system32\Rundll32.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[C:\WINDOWS\DOWNLO~1\CnsMin.dll] [北京三七二一科技有限公司, 1, 5, 1, 9]
[C:\PROGRA~1\Yahoo!\ASSIST~1\assist\ypatch.dll] [Yahoo! China, 3, 1, 3, 1019]
[C:\PROGRA~1\Yahoo!\ASSIST~1\Yhelper.dll] [Yahoo! China, 3, 0, 3, 1021]
[PID: 1576][C:\WINDOWS\SOUNDMAN.EXE] [Realtek Semiconductor Corp., 5.1.0.34]
[C:\WINDOWS\DOWNLO~1\CnsMin.dll] [北京三七二一科技有限公司, 1, 5, 1, 9]
[PID: 1628][C:\PROGRA~1\Yahoo!\ASSIST~1\YLive.exe] [Yahoo! China, 3, 1, 3, 1019]
[C:\PROGRA~1\Yahoo!\ASSIST~1\assist\ypatch.dll] [Yahoo! China, 3, 1, 3, 1019]
[C:\PROGRA~1\Yahoo!\ASSIST~1\Yhelper.dll] [Yahoo! China, 3, 0, 3, 1021]
[C:\PROGRA~1\Yahoo!\ASSIST~1\YAlive.dll] [yahoo! china, 3, 2, 5, 1075]
[C:\PROGRA~1\Yahoo!\ASSIST~1\Yalliveex.dll] [Yahoo! China, 3, 0, 1, 1010]
[C:\WINDOWS\DOWNLO~1\CnsMin.dll] [北京三七二一科技有限公司, 1, 5, 1, 9]
[PID: 1636][C:\WINDOWS\system32\ctfmon.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[C:\WINDOWS\DOWNLO~1\CnsMin.dll] [北京三七二一科技有限公司, 1, 5, 1, 9]
[PID: 1668][C:\Program Files\EbayShop\EbayShop.exe] [, 1, 0, 0, 1]
[C:\PROGRA~1\Yahoo!\ASSIST~1\assist\ypatch.dll] [Yahoo! China, 3, 1, 3, 1019]
[C:\WINDOWS\DOWNLO~1\CnsMin.dll] [北京三七二一科技有限公司, 1, 5, 1, 9]
[C:\PROGRA~1\Yahoo!\ASSIST~1\Yhelper.dll] [Yahoo! China, 3, 0, 3, 1021]
[C:\WINDOWS\system32\aelupsvc32.dll] [, 4, 1, 0, 0]
[C:\WINDOWS\system32\w2pxdrv.dll] [Proxy Labs, 3, 0, 0, 3]
[E:\卡巴斯基\shadu\Kaspersky Anti-Virus Personal\scrch_ag.dll] [Kaspersky Lab, 5.0.388.1]
[E:\卡巴斯基\shadu\Kaspersky Anti-Virus Personal\FSSync.dll] [Kaspersky Lab, 5.0.388.0]
[E:\卡巴斯基\shadu\Kaspersky Anti-Virus Personal\pr_rmt.dll] [Kaspersky Lab, 5.0.388.0]

毒孽太深 - 2006-11-11 11:44:00

[E:\卡巴斯基\shadu\Kaspersky Anti-Virus Personal\ccclient.dll] [Kaspersky Lab, 5.0.388.1]
[E:\卡巴斯基\shadu\Kaspersky Anti-Virus Personal\klipc.dll] [Kaspersky Lab, 5.0.388.0]
[E:\卡巴斯基\shadu\Kaspersky Anti-Virus Personal\KLUtil.dll] [Kaspersky Lab, 5.0.388.1]
[E:\卡巴斯基\shadu\Kaspersky Anti-Virus Personal\rpt.dll] [Kaspersky Lab, 5.0.388.2]
[E:\卡巴斯基\shadu\Kaspersky Anti-Virus Personal\CCIFACE.dll] [Kaspersky Lab, 5.0.388.1]
[E:\卡巴斯基\shadu\Kaspersky Anti-Virus Personal\prloader.dll] [Kaspersky Lab, 5.0.388.0]
[E:\卡巴斯基\shadu\Kaspersky Anti-Virus Personal\prkernel.ppl] [Kaspersky Lab, 5.0.388.0]
[e:\卡巴斯基\shadu\kaspersky anti-virus personal\prstring.ppl] [Kaspersky Lab, 5.0.388.0]
[e:\卡巴斯基\shadu\kaspersky anti-virus personal\pr_srv.ppl] [Kaspersky Lab, 5.0.388.0]
[e:\卡巴斯基\shadu\kaspersky anti-virus personal\pr_clnt.ppl] [Kaspersky Lab, 5.0.388.0]
[e:\卡巴斯基\shadu\kaspersky anti-virus personal\tempfile.ppl] [Kaspersky Lab, 5.0.388.0]
[PID: 1692][E:\卡巴斯基\Kaspersky Anti-Hacker\KAVPF.exe] [Kaspersky Lab, 1.8.0.180]
[E:\卡巴斯基\Kaspersky Anti-Hacker\BCGCB59.dll] [BCGSoft Ltd, 5, 84, 0, 0]
[C:\WINDOWS\DOWNLO~1\CnsMin.dll] [北京三七二一科技有限公司, 1, 5, 1, 9]
[C:\PROGRA~1\Yahoo!\ASSIST~1\Yhelper.dll] [Yahoo! China, 3, 0, 3, 1021]
[C:\PROGRA~1\Yahoo!\ASSIST~1\assist\ypatch.dll] [Yahoo! China, 3, 1, 3, 1019]
[E:\卡巴斯基\Kaspersky Anti-Hacker\perfiloc.dll] [Kaspersky Lab, 1.5.0.0]
[E:\卡巴斯基\Kaspersky Anti-Hacker\BCGCBRes.dll] [BCGSoft Ltd, 5, 84, 0, 0]
[E:\卡巴斯基\Kaspersky Anti-Hacker\wcswmi.dll] [Kaspersky Lab, 5.0.201.1]
[PID: 856][C:\Program Files\UPHClean\uphclean.exe] [Microsoft Corporation, 1.5.5.21]
[PID: 1996][C:\WINDOWS\System32\alg.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[C:\WINDOWS\system32\aelupsvc32.dll] [, 4, 1, 0, 0]
[PID: 3076][C:\Program Files\QQ2005\TIMPlatform.exe] [tencent, 0, 3, 1, 8]
[C:\WINDOWS\DOWNLO~1\CnsMin.dll] [北京三七二一科技有限公司, 1, 5, 1, 9]
[C:\PROGRA~1\Yahoo!\ASSIST~1\Yhelper.dll] [Yahoo! China, 3, 0, 3, 1021]
[C:\PROGRA~1\Yahoo!\ASSIST~1\assist\ypatch.dll] [Yahoo! China, 3, 1, 3, 1019]
[C:\Program Files\QQ2005\TIMProxy.dll] [tencent, 0, 3, 2, 4]
[PID: 1492][C:\WINDOWS\QQ2005\QQ.exe] [TENCENT, 0, 0, 0, 0]
[C:\WINDOWS\QQ2005\QQBaseClassInDll.dll] [, 1, 0, 0, 1]
[C:\WINDOWS\QQ2005\QQHelperDll.dll] [, 1, 0, 0, 1]
[C:\WINDOWS\QQ2005\BasicCtrlDll.dll] [Tencent, 5, 0, 200, 160]
[C:\WINDOWS\DOWNLO~1\CnsMin.dll] [北京三七二一科技有限公司, 1, 5, 1, 9]
[C:\PROGRA~1\Yahoo!\ASSIST~1\Yhelper.dll] [Yahoo! China, 3, 0, 3, 1021]
[C:\PROGRA~1\Yahoo!\ASSIST~1\assist\ypatch.dll] [Yahoo! China, 3, 1, 3, 1019]
[C:\WINDOWS\QQ2005\QQAPI.dll] [, 1, 0, 0, 1]
[C:\Program Files\QQ2005\TIMProxy.dll] [tencent, 0, 3, 2, 4]
[C:\WINDOWS\QQ2005\LoginCtrl.dll] [, 1, 0, 0, 1]
[C:\WINDOWS\QQ2005\npkcntc.dll] [INCA Internet Co., Ltd., 2006, 3, 2, 1]
[C:\WINDOWS\QQ2005\npkpdb.dll] [INCA Internet Co., Ltd., 2003, 10, 1, 1]
[C:\WINDOWS\QQ2005\QQRes.dll] [tencent, 1, 0, 0, 1]
[C:\WINDOWS\QQ2005\QQMainFrame.dll] [N/A, N/A]
[C:\WINDOWS\QQ2005\CQQApplication.dll] [N/A, N/A]
[C:\WINDOWS\system32\w2pxdrv.dll] [Proxy Labs, 3, 0, 0, 3]
[C:\WINDOWS\system32\aelupsvc32.dll] [, 4, 1, 0, 0]
[C:\WINDOWS\QQ2005\NewSkin.dll] [, 1, 0, 0, 1]
[C:\WINDOWS\QQ2005\HostingMgr.dll] [, 1, 0, 0, 1]
[C:\WINDOWS\QQ2005\CameraDll.dll] [, 1, 0, 0, 1]
[C:\WINDOWS\QQ2005\MailSummary.dll] [, 1, 0, 0, 1]
[C:\WINDOWS\QQ2005\QQSpace.dll] [, 1, 0, 0, 1]
[C:\WINDOWS\system32\msdmo.dll] [N/A, N/A]
[C:\WINDOWS\QQ2005\QQGroupMng.dll] [, 1, 0, 0, 1]
[C:\WINDOWS\QQ2005\GroupLive.dll] [N/A, N/A]
[C:\WINDOWS\QQ2005\QQSysMsgMng.dll] [N/A, N/A]
[C:\WINDOWS\QQ2005\UserDefinedHead.dll] [, 1, 0, 0, 1]
[C:\WINDOWS\QQ2005\QQPlugin.dll] [N/A, N/A]
[C:\WINDOWS\QQ2005\QQConfigPlugin.dll] [, 1, 0, 0, 1]
[C:\WINDOWS\QQ2005\QRingMng.dll] [N/A, N/A]
[C:\WINDOWS\QQ2005\PhoneAPI.dll] [, 1, 0, 0, 1]
[C:\WINDOWS\QQ2005\DialerAllinOne.dll] [tencent, 1, 4, 0, 0]
[C:\WINDOWS\QQ2005\QQAvatar.dll] [N/A, N/A]
[C:\WINDOWS\QQ2005\FlashAvatarDll.dll] [, 1, 4, 0, 1]
[C:\WINDOWS\QQ2005\LongConnection.dll] [tencent, 5, 0, 200, 160]
[C:\WINDOWS\QQ2005\QQPet.dll] [, 1, 0, 0, 1]
[C:\WINDOWS\QQ2005\BQQApplication.dll] [N/A, N/A]
[C:\WINDOWS\QQ2005\QQAllInOne.dll] [N/A, N/A]
[C:\WINDOWS\QQ2005\SCCore.dll] [N/A, N/A]
[C:\WINDOWS\QQ2005\QQCustomFace.dll] [N/A, N/A]
[C:\WINDOWS\system32\Macromed\Flash\Flash9.ocx] [Adobe Systems, Inc., 9,0,16,0]
[C:\WINDOWS\QQ2005\QQSceneMng.dll] [N/A, N/A]
[C:\WINDOWS\QQ2005\CommercesMng.dll] [, 1, 0, 0, 1]
[C:\WINDOWS\QQ2005\PersonalDesktop.dll] [深圳市腾讯计算机系统公司QQ工作小组, 1, 0, 0, 2]
[C:\WINDOWS\QQ2005\QQUdpGetFileLib.dll] [tencent, 0, 2, 2, 3]
[C:\WINDOWS\QQ2005\QQAddr.dll] [深圳市腾讯计算机系统有限公司, 5, 0, 101, 200]
[C:\WINDOWS\QQ2005\QQMagicFace.dll] [, 1, 0, 0, 1]
[C:\WINDOWS\QQ2005\ImageOle.dll] [TODO: <Company name>, 1.0.0.1]
[C:\WINDOWS\QQ2005\QQFileTransfer.dll] [Tencent, 5, 0, 202, 180]
[PID: 3608][C:\WINDOWS\QQ2005\366289316\MyRecvFiles\sreng\sreng\SREng.exe] [Smallfrogs Studio, 2.2.6.605]
[C:\WINDOWS\DOWNLO~1\CnsMin.dll] [北京三七二一科技有限公司, 1, 5, 1, 9]
[C:\PROGRA~1\Yahoo!\ASSIST~1\Yhelper.dll] [Yahoo! China, 3, 0, 3, 1021]
[C:\PROGRA~1\Yahoo!\ASSIST~1\assist\ypatch.dll] [Yahoo! China, 3, 1, 3, 1019]
[C:\WINDOWS\system32\w2pxdrv.dll] [Proxy Labs, 3, 0, 0, 3]
[C:\WINDOWS\system32\aelupsvc32.dll] [, 4, 1, 0, 0]

==================================
文件关联
.TXT OK. [%SystemRoot%\system32\NOTEPAD.EXE %1]
.EXE OK. ["%1" %*]
.COM OK. ["%1" %*]
.PIF OK. ["%1" %*]
.REG OK. [regedit.exe "%1"]
.BAT OK. ["%1" %*]
.SCR OK. ["%1" /S]
.CHM OK. ["C:\WINDOWS\hh.exe" %1]
.HLP OK. [%SystemRoot%\system32\winhlp32.exe %1]
.INI OK. [%SystemRoot%\system32\NOTEPAD.EXE %1]
.INF OK. [%SystemRoot%\system32\NOTEPAD.EXE %1]
.VBS OK. [%SystemRoot%\System32\WScript.exe "%1" %*]
.JS OK. [%SystemRoot%\System32\WScript.exe "%1" %*]
.LNK OK. [{00021401-0000-0000-C000-000000000046}]

==================================
Winsock 提供者
MSTCPChain Provider
C:\WINDOWS\system32\aelupsvc32.dll(, MFClDLL)
PROXYCAP MSAFD Tcpip [TCP/IP]
w2pxdrv.dll(Proxy Labs, Winsock2 Proxy Driver)
PROXYCAP MSAFD Tcpip [UDP/IP]
w2pxdrv.dll(Proxy Labs, Winsock2 Proxy Driver)
PROXYCAP MSAFD Tcpip [RAW/IP]
w2pxdrv.dll(Proxy Labs, Winsock2 Proxy Driver)
PROXYCAP RSVP UDP Service Provider
w2pxdrv.dll(Proxy Labs, Winsock2 Proxy Driver)
PROXYCAP RSVP TCP Service Provider
w2pxdrv.dll(Proxy Labs, Winsock2 Proxy Driver)
PROXYCAP LSP
w2pxdrv.dll(Proxy Labs, Winsock2 Proxy Driver)
MSTCP Provider
C:\WINDOWS\system32\aelupsvc32.dll(, MFClDLL)

==================================
Autorun.inf
[D:\]
[AutoRun]
open=sxs.exe
shellexecute=sxs.exe
shell\Auto\command=sxs.exe
[E:\]
[AutoRun]
open=sxs.exe
shellexecute=sxs.exe
shell\Auto\command=sxs.exe
[F:\]
[AutoRun]
open=sxs.exe
shellexecute=sxs.exe
shell\Auto\command=sxs.exe

==================================
HOSTS 文件
127.0.0.1 localhost

==================================

瑞星卡卡安全论坛