瑞星卡卡安全论坛技术交流区反病毒/反流氓软件论坛 【求助】大虾救命啊~~~我快疯了~~~

1   1  /  1  页   跳转

【求助】大虾救命啊~~~我快疯了~~~

收藏
不懂撒
头像
初生襁褓狮
  • 帖子:3
  • 注册: 2005-10-22
  • 来自:
发表于: 2006-12-28 13:45 | 只看楼主 短消息 资料
字号: 1楼

【求助】大虾救命啊~~~我快疯了~~~

这几天经常弹出网页,还帮我装流氓软件,刚删掉又给我装上了,我快疯了~~~
下面是扫描日志,基本上是CNNIC,SofaToolbar,财富通,baidu,桌面媒体 这几个软件,扫描的时候baidu和桌面媒体 删掉了还没出现,大虾们快来救救我吧!!!
[CODE]

2006-12-28,13:22:34

System Repair Engineer 2.3.13.690
Smallfrogs (http://www.KZTechs.com)

Windows XP Professional Service Pack 2 (Build 2600)
- 管理权限用户 - 完整功能

以下内容被选中:
所有的启动项目(包括注册表、启动文件夹、服务等)
浏览器加载项
正在运行的进程(包括进程模块信息)
文件关联
Winsock 提供者
Autorun.inf
HOSTS 文件


启动项目
注册表
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
<ctfmon.exe><C:\WINDOWS\system32\ctfmon.exe> [(Verified)Microsoft Corporation]
<BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}><; "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"> [N/A]
<DrvMon.exe><; C:\WINDOWS\system32\DrvMon.exe> [N/A]
<MsServer><; msfir80.exe> [N/A]
[HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows]
<load><> [N/A]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
<IMJPMIG8.1><"C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32> [(Verified)Microsoft Corporation]
<PHIME2002ASync><C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC> [(Verified)Microsoft Corporation]
<PHIME2002A><C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName> [(Verified)Microsoft Corporation]
<NvCplDaemon><RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup> [(Verified)NVIDIA Corporation]
<nwiz><nwiz.exe /install> [NVIDIA Corporation]
<vptray><C:\PROGRA~1\SYMANT~1\SYMANT~1\vptray.exe> [Symantec Corporation]
<SoundMan><SOUNDMAN.EXE> [Realtek Semiconductor Corp.]
<NvMediaCenter><RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit> [(Verified)NVIDIA Corporation]
<IMSCMig><C:\PROGRA~1\COMMON~1\MICROS~1\IME\IMSC40A\IMSCMIG.EXE /Preload> [(Verified)Microsoft Corporation]
<!AVG Anti-Spyware><; "D:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized> [Anti-Malware Development a.s.]
<DAEMON Tools-2052><; "C:\Program Files\D-Tools\daemon.exe" -lang 2052> [DAEMON''S HOME]
<IEBarUp><; RunDll32 "C:\WINDOWS\system32\IeBar1.dll",Run> [N/A]
<IMJPMIG8.2><; msime80.exe> [N/A]
<Knight V><; "C:\Program Files\D-Tools\daemon.exe" -lang 2052> [DAEMON''S HOME]
<NeroFilterCheck><; C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe> [N/A]
<RavAV><; C:\WINDOWS\RavMonE.exe> [N/A]
<sdafdsafds><; C:\WINDOWS\temp\sd151.exe> [N/A]
<System><; C:\Program Files\Common Files\System\Updaterun.exe> [N/A]
<Thunder><; "C:\Program Files\Thunder Network\Thunder\ThunderShell.exe" /s> [N/A]
<WinampAgent><; "C:\Program Files\Winamp\Winampa.exe"> [N/A]
<CdnCtr><C:\Program Files\CNNIC\Cdn\cdnup.exe> [N/A]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
<shell><Explorer.exe> [(Verified)Microsoft Corporation]
<Userinit><C:\WINDOWS\system32\userinit.exe,> [(Verified)Microsoft Corporation]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Windows]
<AppInit_DLLs><> [N/A]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
<UIHost><logonui.exe> [(Verified)Microsoft Corporation]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
<{F3D0D422-CE6D-47B3-9CE6-C54DD63F1ADB}><C:\Program Files\Internet Explorer\PLUGINS\new123.sys> [N/A]
<{57B86673-276A-48B2-BAE7-C6DBB3020EB8}><d:\Program Files\Grisoft\AVG Anti-Spyware 7.5\shellexecutehook.dll> [Anti-Malware Development a.s.]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
<DLMon><C:\WINDOWS\system32\DLMain.dll> [N/A]
<stdup><> [N/A]
<Vision><> [N/A]
<SysTrays><C:\WINDOWS\system32\DLMain.dll> [N/A]
<WebSecurity><C:\WINDOWS\system32\PvSec.dll> []
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\NavLogon]
<WinlogonNotify: NavLogon><C:\WINDOWS\system32\NavLogon.dll> [N/A]

==================================
启动文件夹
[Rainlendar精美日历]
<C:\Documents and Settings\sunjinnn\「开始」菜单\程序\启动\Rainlendar精美日历.lnk --> C:\PROGRA~1\RAINLE~1\RAINLE~1.EXE [N/A]><N>

==================================
服务
[Adobe LM Service / Adobe LM Service][Stopped/Manual Start]
<"C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe"><Adobe Systems>
[ASP.NET State Service / aspnet_state][Stopped/Manual Start]
<C:\WINDOWS\Microsoft.NET\Framework\v2.0.50215\aspnet_state.exe><Microsoft Corporation>
[AVG Anti-Spyware Guard / AVG Anti-Spyware Guard][Stopped/Manual Start]
<d:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe><Anti-Malware Development a.s.>
[Internet Protect Service / BARCASE][Running/Auto Start]
<C:\WINDOWS\SYSTEM32\RUNDLL32.EXE C:\WINDOWS\SYSTEM32\WBEM\GYEIF.DLL,Export 1087><N/A>
[C-DillaCdaC11BA / C-DillaCdaC11BA][Running/Auto Start]
<C:\WINDOWS\system32\drivers\CDAC11BA.EXE><Macrovision>
[.NET Runtime Optimization Service v2.0.50215_X86 / clr_optimization_v2.0.50215_32][Stopped/Manual Start]
<C:\WINDOWS\Microsoft.NET\Framework\v2.0.50215\mscorsvw.exe><Microsoft Corporation>
[Computer Browsers / Computer Browsers][Stopped/Auto Start]
<C:\WINDOWS\msconfig.com><N/A>
[DefWatch / DefWatch][Running/Auto Start]
<C:\PROGRA~1\SYMANT~1\SYMANT~1\DefWatch.exe><Symantec Corporation>
[Human Interface Device Access / HidServ][Stopped/Disabled]
<C:\WINDOWS\System32\svchost.exe -k netsvcs-->%SystemRoot%\System32\hidserv.dll><N/A>
[InstallDriver Table Manager / IDriverT][Stopped/Manual Start]
<"C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe"><Macrovision Corporation>
[NBService / NBService][Stopped/Manual Start]
<C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe><N/A>
[Symantec AntiVirus Client / Norton AntiVirus Server][Running/Auto Start]
<C:\PROGRA~1\SYMANT~1\SYMANT~1\Rtvscan.exe><Symantec Corporation>
[NVIDIA Display Driver Service / NVSvc][Running/Auto Start]
<C:\WINDOWS\system32\nvsvc32.exe><NVIDIA Corporation>
[Remote Packet Capture Protocol v.0 (experimental) / rpcapd][Stopped/Manual Start]
<"C:\Program Files\WinPcap\rpcapd.exe" -d -f "C:\Program Files\WinPcap\rpcapd.ini"><N/A>
[Logical Disk Manager Amdindistrative Service8 / S8696668][Running/Auto Start]
<c:\windows\system\m8\iexplorer.exe><>
[Application Accelerator / Templates][Running/Auto Start]
<C:\WINDOWS\System32\svchost.exe -k netsvcs-->C:\WINDOWS\system32\leerc.dll><Microsoft Corporation>
[winmum / winmum][Stopped/Disabled]
<C:\DOCUME~1\sunjinnn\LOCALS~1\Temp\mum1\mum1.exe -R><N/A>

==================================
最后编辑2006-12-28 13:47:03.547000000
分享到:
gototop
 
不懂撒
头像
初生襁褓狮
  • 帖子:3
  • 注册: 2005-10-22
  • 来自:
发表于: 2006-12-28 13:46 | 只看楼主 短消息 资料
字号: 2楼

驱动程序
[Service for Realtek AC97 Audio (WDM) / ALCXWDM][Running/Manual Start]
<system32\drivers\ALCXWDM.SYS><Realtek Semiconductor Corp.>
[AVG Anti-Spyware Driver / AVG Anti-Spyware Driver][Running/System Start]
<\??\d:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.sys><N/A>
[AVG Anti-Spyware Clean Driver / AvgAsCln][Running/System Start]
<System32\DRIVERS\AvgAsCln.sys><GRISOFT, s.r.o.>
[CdaC15BA / CdaC15BA][Running/Auto Start]
<\??\C:\WINDOWS\system32\drivers\CDAC15BA.SYS><Macrovision Europe Ltd>
[d347bus / d347bus][Running/Boot Start]
<\SystemRoot\system32\DRIVERS\d347bus.sys><>
[d347prt / d347prt][Running/Boot Start]
<\SystemRoot\System32\Drivers\d347prt.sys><>
[GMSIPCI / GMSIPCI][Stopped/Manual Start]
<\??\G:\INSTALL\GMSIPCI.SYS><N/A>
[NAVAP / NAVAP][Running/Manual Start]
<\??\C:\PROGRA~1\SYMANT~1\SYMANT~1\NAVAP.sys><Symantec Corporation>
[NAVAPEL / NAVAPEL][Running/Auto Start]
<\??\C:\Program Files\Symantec_Client_Security\Symantec AntiVirus\NAVAPEL.SYS><Symantec Corporation>
[NAVENG / NAVENG][Running/Manual Start]
<\??\C:\PROGRA~1\COMMON~1\SYMANT~1\VIRUSD~1\20061206.016\NAVENG.sys><Symantec Corporation>
[NAVEX15 / NAVEX15][Running/Manual Start]
<\??\C:\PROGRA~1\COMMON~1\SYMANT~1\VIRUSD~1\20061206.016\NAVEX15.sys><Symantec Corporation>
[NetGroup Packet Filter Driver / NPF][Stopped/Manual Start]
<system32\drivers\npf.sys><Politecnico di Torino>
[npkcrypt / npkcrypt][Running/Auto Start]
<\??\F:\tencent\QQ\npkcrypt.sys><INCA Internet Co., Ltd.>
[npkycryp / npkycryp][Stopped/Manual Start]
<\??\F:\tencent\QQ\npkycryp.sys><N/A>
[NTACCESS / NTACCESS][Stopped/Manual Start]
<\??\G:\NTACCESS.sys><N/A>
[nv / nv][Running/Manual Start]
<system32\DRIVERS\nv4_mini.sys><NVIDIA Corporation>
[paraudio / paraudio][Running/Auto Start]
<\??\C:\WINDOWS\system32\drivers\paraudio.sys><Microsoft Corporation>
[Direct Parallel Link Driver / Ptilink][Running/Manual Start]
<system32\DRIVERS\ptilink.sys><Parallel Technologies, Inc.>
[rkgman1 / rkgman17][Running/Boot Start]
<\SystemRoot\System32\DRIVERS\rkgman17.sys><N/A>
[Realtek RTL8139/810x Family Fast Ethernet NIC NT Driver / rtl8139][Running/Manual Start]
<system32\DRIVERS\R8139n51.SYS><Realtek Semiconductor Corporation>
[Secdrv / Secdrv][Running/Auto Start]
<system32\DRIVERS\secdrv.sys><Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.>
[SetupNTGLM7X / SetupNTGLM7X][Stopped/Manual Start]
<\??\G:\NTGLM7X.sys><N/A>
[SVKP / SVKP][Running/Auto Start]
<\??\C:\WINDOWS\system32\SVKP.sys><AntiCracking>
[SymEvent / SymEvent][Running/Manual Start]
<\??\C:\Program Files\Symantec\SYMEVENT.SYS><Symantec Corporation>
[ugthiup / ugthiup][Running/Disabled]
<\??\C:\WINDOWS\TEMP\ugthiupwon><N/A>
[cdnprot / cdnprot][Running/Boot Start]
<\SystemRoot\system32\drivers\cdnprot.sys><中国互联网络信息中心(CNNIC)>
[parcls / parcls][Running/Auto Start]
<\??\C:\WINDOWS\system32\drivers\parcls.sys><N/A>

==================================
浏览器加载项
[WebThunder Browser Helper]
{00000AAA-A363-466E-BEF5-9BB68697AA7F} <C:\Program Files\Thunder Network\WebThunder\WebThunderBHO_015.dll, Thunder Networking Technologies,LTD>
[AcroIEHlprObj Class]
{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} <%SystemRoot%\System32\mmcndmgr.dll, N/A>
[Ad Engine]
{077FD0C3-1291-4104-A356-41E36B252682} <%SystemRoot%\System32\mmcndmgr.dll, N/A>
[CAdLogic Object]
{11F09AFD-75AD-4E51-AB43-E09E9351CE16} <C:\Program Files\Common Files\CPUSH\cpush.dll, N/A>
[CdnForIE Class]
{5C3853CF-C7E0-4946-B3FA-1ABDB6F48108} <C:\PROGRA~1\CNNIC\Cdn\cdnforie.dll, CNNIC>
[Thunder Browser Helper]
{889D2FEB-5411-4565-8998-1DD2C5261283} <C:\Program Files\Thunder Network\Thunder\ComDlls\XunLeiBHO_006.dll, Thunder Networking Technologies,LTD>
[XTTBPos00 Class]
{BBBE1C1A-89F7-4AF6-ABD1-1A1DE1C6962A} <C:\PROGRA~1\SOFATO~1\sofa.dll, IE Toolbar>
[启动迅雷5]
{09BA8F6D-CB54-424B-839C-C2A6C8E6B436} <C:\Program Files\Thunder Network\Thunder\Thunder.exe, Thunder Networking Technologies,LTD>
[浩方对战平台]
{0A155D3C-68E2-4215-A47A-E800A446447A} <F:\Program Files\浩方对战平台\GameClient.exe, 上海浩方在线信息技术有限公司>
[豪杰超级解霸V8]
{367E0A21-8601-4986-9C9A-153BF5ACA118} <d:\Herosoft\HeroV8\STHSDVD.EXE, N/A>
[CdnForIE Class]
{5C3853CF-C7E0-4946-B3FA-1ABDB6F48108} <C:\PROGRA~1\CNNIC\Cdn\cdnforie.dll, CNNIC>
[信息检索(&R)]
{92780B25-18CC-41C8-B9BE-3C9C571A8263} <C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL, Microsoft Corporation>
[启动Web迅雷]
{962EFB8E-2683-42d4-AC74-AAA4C759B9C6} <http://my.xunlei.com, N/A>
[sofa]
{B7D3E479-CC68-42B5-A338-B5A0E057163B} <C:\Program Files\SofaToolbar\sofa.dll, IE Toolbar>
[QQ]
{c95fe080-8f5d-11d2-a20b-00aa003c157b} <F:\tencent\QQ\QQ.EXE, TENCENT>
[FlashGet]
{D6E814A0-E0C5-11d4-8D29-0050BA6940E3} <C:\PROGRA~1\FLASHGET\flashget.exe, Amaze Soft>
[sofa]
{B7D3E479-CC68-42B5-A338-B5A0E057163B} <C:\Program Files\SofaToolbar\sofa.dll, IE Toolbar>
[CEditCtrl Object]
{488A4255-3236-44B3-8F27-FA1AECAA8844} <C:\WINDOWS\system32\aliedit\AliEdit.dll, www.alipay.com>
[AxSubmitControl Class]
{8D9E0B29-563C-4226-86C1-5FF2AE77E1D2} <C:\WINDOWS\DOWNLO~1\SUBMIT~1.DLL, >
[WebActivater Control]
{C661F36D-DF85-4EF4-83C7-E107B83D04B1} <C:\WINDOWS\system32\3DShowVM.ocx, QQ>
[Shockwave Flash Object]
{D27CDB6E-AE6D-11CF-96B8-444553540000} <C:\WINDOWS\system32\Macromed\Flash\Flash8a.ocx, Macromedia, Inc.>
[WebThunder Browser Helper]
{00000AAA-A363-466E-BEF5-9BB68697AA7F} <C:\Program Files\Thunder Network\WebThunder\WebThunderBHO_015.dll, Thunder Networking Technologies,LTD>
[AcroIEHlprObj Class]
{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} <%SystemRoot%\System32\mmcndmgr.dll, N/A>
[Ad Engine]
{077FD0C3-1291-4104-A356-41E36B252682} <%SystemRoot%\System32\mmcndmgr.dll, N/A>
[CAdLogic Object]
{11F09AFD-75AD-4E51-AB43-E09E9351CE16} <C:\Program Files\Common Files\CPUSH\cpush.dll, N/A>
[CdnForIE Class]
{5C3853CF-C7E0-4946-B3FA-1ABDB6F48108} <C:\PROGRA~1\CNNIC\Cdn\cdnforie.dll, CNNIC>
[Thunder Browser Helper]
{889D2FEB-5411-4565-8998-1DD2C5261283} <C:\Program Files\Thunder Network\Thunder\ComDlls\XunLeiBHO_006.dll, Thunder Networking Technologies,LTD>
[sofa]
{B7D3E479-CC68-42B5-A338-B5A0E057163B} <C:\Program Files\SofaToolbar\sofa.dll, IE Toolbar>
[XTTBPos00 Class]
{BBBE1C1A-89F7-4AF6-ABD1-1A1DE1C6962A} <C:\PROGRA~1\SOFATO~1\sofa.dll, IE Toolbar>
[&使用迅雷下载]
<C:\Program Files\Thunder Network\Thunder\Program\GetUrl.htm, N/A>
[&使用迅雷下载全部链接]
<C:\Program Files\Thunder Network\Thunder\Program\GetAllUrl.htm, N/A>
[Save豪杰超级解霸V8实时播放]
<C:\Herosoft\HeroV8\MPURLGET.HTM, N/A>
[上传到QQ网络硬盘]
<F:\tencent\QQ\AddToNetDisk.htm, N/A>
[使用Web迅雷下载]
<C:\Program Files\Thunder Network\WebThunder\GetUrl.htm, N/A>
[使用Web迅雷下载全部链接]
<C:\Program Files\Thunder Network\WebThunder\GetAllUrl.htm, N/A>
[使用网际快车下载]
<C:\PROGRA~1\FLASHGET\jc_link.htm, N/A>
[使用网际快车下载全部链接]
<C:\PROGRA~1\FLASHGET\jc_all.htm, N/A>
[导出到 Microsoft Office Excel(&X)]
<res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000, N/A>
[添加到QQ自定义面板]
<F:\tencent\QQ\AddPanel.htm, N/A>
[添加到QQ表情]
<F:\tencent\QQ\AddEmotion.htm, N/A>
[用QQ彩信发送该图片]
<F:\tencent\QQ\SendMMS.htm, N/A>
[豪杰超级解霸V8实时播放]
<d:\Herosoft\HeroV8\MPURLGET.HTM, N/A>
gototop
 
不懂撒
头像
初生襁褓狮
  • 帖子:3
  • 注册: 2005-10-22
  • 来自:
发表于: 2006-12-28 13:47 | 只看楼主 短消息 资料
字号: 3楼

==================================
正在运行的进程
[PID: 452][\SystemRoot\System32\smss.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 524][\??\C:\WINDOWS\system32\csrss.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 548][\??\C:\WINDOWS\system32\winlogon.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[C:\WINDOWS\system32\NavLogon.dll] [N/A, N/A]
[PID: 592][C:\WINDOWS\system32\services.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 604][C:\WINDOWS\system32\lsass.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 756][C:\WINDOWS\system32\svchost.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 844][C:\WINDOWS\system32\svchost.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 884][C:\WINDOWS\System32\svchost.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 936][C:\WINDOWS\system32\svchost.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 972][C:\WINDOWS\system32\svchost.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 1056][C:\WINDOWS\system32\spoolsv.exe] [Microsoft Corporation, 5.1.2600.2696 (xpsp_sp2_gdr.050610-1519)]
[PID: 1108][C:\WINDOWS\SYSTEM32\RUNDLL32.EXE] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 1124][C:\WINDOWS\system32\drivers\CDAC11BA.EXE] [Macrovision, 4.20.020]
[PID: 1172][C:\PROGRA~1\SYMANT~1\SYMANT~1\DefWatch.exe] [Symantec Corporation, 8.1.0.821]
[PID: 1272][C:\PROGRA~1\SYMANT~1\SYMANT~1\Rtvscan.exe] [Symantec Corporation, 8.1.0.821]
[C:\WINDOWS\system32\CBA.DLL] [Intel? Corporation, 6.12.0.105 E]
[C:\WINDOWS\system32\MsgSys.dll] [Intel? Corporation, 6.12.0.105 E]
[C:\WINDOWS\system32\NTS.dll] [Intel? Corporation, 6.12.0.105 E]
[C:\WINDOWS\system32\PDS.DLL] [Intel? Corporation, 6.12.0.105 E]
[C:\PROGRA~1\SYMANT~1\SYMANT~1\NAVLU.dll] [Symantec Corporation, 8.1.0.821]
[C:\PROGRA~1\SYMANT~1\SYMANT~1\NAVNTUTL.DLL] [Symantec/Peter Norton Group, 1, 0, 0, 1]
[C:\PROGRA~1\SYMANT~1\SYMANT~1\i2ldvp3.dll] [Symantec Corporation, 8.1.0.821]
[C:\PROGRA~1\SYMANT~1\SYMANT~1\NAVAPI32.DLL] [Symantec Corp., 4.2.0.7]
[C:\PROGRA~1\COMMON~1\SYMANT~1\VIRUSD~1\20061206.016\NAVEX32a.DLL] [Symantec Corporation, 20061.3.0.12]
[C:\PROGRA~1\COMMON~1\SYMANT~1\VIRUSD~1\20061206.016\NAVENG32.DLL] [Symantec Corporation, 20061.3.0.12]
[C:\Program Files\Symantec_Client_Security\Symantec AntiVirus\NAVAP32.DLL] [Symantec Corporation, 9.1.0.26]
[PID: 1332][C:\WINDOWS\system32\nvsvc32.exe] [NVIDIA Corporation, 6.14.10.7184]
[C:\WINDOWS\system32\NVRSZHC.DLL] [NVIDIA Corporation, 6.14.10.7184]
[PID: 1356][c:\windows\system\m8\iexplorer.exe] [, 1.0.0.0]
[d:\Program Files\Grisoft\AVG Anti-Spyware 7.5\shellexecutehook.dll] [Anti-Malware Development a.s., 7, 5, 0, 47]
[C:\Program Files\CNNIC\Cdn\cdnforie.dll] [CNNIC, 2, 0, 0, 2]
[PID: 1416][C:\WINDOWS\system32\svchost.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 1444][C:\WINDOWS\system32\wdfmgr.exe] [Microsoft Corporation, 5.2.3790.1230 built by: DNSRV(bld4act)]
[PID: 1624][C:\WINDOWS\System32\alg.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 336][C:\WINDOWS\Explorer.EXE] [Microsoft Corporation, 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)]
[C:\WINDOWS\system32\AcSignIcon.dll] [Autodesk, 16.0.0.86]
[d:\Program Files\Grisoft\AVG Anti-Spyware 7.5\shellexecutehook.dll] [Anti-Malware Development a.s., 7, 5, 0, 47]
[C:\Program Files\Common Files\Autodesk Shared\AcSignCore16.dll] [Autodesk, 16.0.0.86]
[C:\Program Files\Thunder Network\WebThunder\WebThunderBHO_015.dll] [Thunder Networking Technologies,LTD, 6, 0, 0, 5]
[C:\Program Files\Thunder Network\Thunder\ComDlls\XunLeiBHO_006.dll] [Thunder Networking Technologies,LTD, 5, 0, 0, 3]
[C:\Program Files\CNNIC\Cdn\cdnforie.dll] [CNNIC, 2, 0, 0, 2]
[PID: 1860][C:\PROGRA~1\SYMANT~1\SYMANT~1\vptray.exe] [Symantec Corporation, 8.1.0.821]
[C:\Program Files\Symantec_Client_Security\Symantec AntiVirus\Cliproxy.dll] [Symantec Corporation, 8.1.0.821]
[C:\PROGRA~1\SYMANT~1\SYMANT~1\NAVNTUTL.DLL] [Symantec/Peter Norton Group, 1, 0, 0, 1]
[C:\Program Files\Symantec_Client_Security\Symantec AntiVirus\Cliscan.dll] [Symantec Corporation, 8.1.0.821]
[PID: 664][C:\WINDOWS\SOUNDMAN.EXE] [Realtek Semiconductor Corp., 5.0.12]
[PID: 1924][C:\WINDOWS\system32\ctfmon.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 3344][F:\Program Files\Maxthon\Maxthon.exe] [Maxthon International Ltd., 1, 5, 9, 30]
[F:\Program Files\Maxthon\maxzlib.dll] [ , 1, 0, 0, 2]
[C:\WINDOWS\system32\AcSignIcon.dll] [Autodesk, 16.0.0.86]
[C:\Program Files\Thunder Network\Thunder\ComDlls\XunLeiBHO_006.dll] [Thunder Networking Technologies,LTD, 5, 0, 0, 3]
[F:\Program Files\Maxthon\Services\RealTime\real_time.dll] [, 1, 0, 0, 1]
[C:\Program Files\CNNIC\Cdn\cdnforie.dll] [CNNIC, 2, 0, 0, 2]
[PID: 2760][C:\Program Files\CNNIC\Cdn\cdnup.exe] [, 2, 4, 0, 6]
[C:\Program Files\CNNIC\Cdn\cdnforie.dll] [CNNIC, 2, 0, 0, 2]
[PID: 2952][D:\download\软件\sreng2\SREng.EXE] [Smallfrogs Studio, 2.3.13.690]
[C:\Program Files\CNNIC\Cdn\cdnforie.dll] [CNNIC, 2, 0, 0, 2]
[C:\WINDOWS\system32\AcSignIcon.dll] [Autodesk, 16.0.0.86]
[PID: 3816][f:\Program Files\Maxthon\maxthon.exe] [Maxthon International Ltd., 1, 5, 9, 30]
[f:\Program Files\Maxthon\maxzlib.dll] [ , 1, 0, 0, 2]
[C:\Program Files\CNNIC\Cdn\cdnforie.dll] [CNNIC, 2, 0, 0, 2]
[C:\WINDOWS\system32\AcSignIcon.dll] [Autodesk, 16.0.0.86]
[C:\Program Files\Thunder Network\Thunder\ComDlls\XunLeiBHO_006.dll] [Thunder Networking Technologies,LTD, 5, 0, 0, 3]
[f:\Program Files\Maxthon\Services\RealTime\real_time.dll] [, 1, 0, 0, 1]

==================================
文件关联
.TXT OK. [%SystemRoot%\system32\NOTEPAD.EXE %1]
.EXE OK. ["%1" %*]
.COM OK. ["%1" %*]
.PIF OK. ["%1" %*]
.REG OK. [regedit.exe "%1"]
.BAT OK. ["%1" %*]
.SCR OK. ["%1" /S]
.CHM OK. ["C:\WINDOWS\hh.exe" %1]
.HLP OK. [%SystemRoot%\system32\winhlp32.exe %1]
.INI OK. [%SystemRoot%\system32\NOTEPAD.EXE %1]
.INF OK. [%SystemRoot%\system32\NOTEPAD.EXE %1]
.VBS OK. [%SystemRoot%\System32\WScript.exe "%1" %*]
.JS OK. [%SystemRoot%\System32\WScript.exe "%1" %*]
.LNK OK. [{00021401-0000-0000-C000-000000000046}]

==================================
Winsock 提供者
N/A

==================================
Autorun.inf
N/A

==================================
HOSTS 文件
127.0.0.1 www.369mu.com
127.0.0.1 www.997j.com
127.0.0.1 www.xnidc.cn
127.0.0.1 www.2858168.com
127.0.0.1 www.idcmu.com
127.0.0.1 www.beibeisf.com
127.0.0.1 www.123pkmu.com
127.0.0.1 www.57zt.com
127.0.0.1 www.zh-mu.com
127.0.0.1 www.1988mu.com
127.0.0.1 www.see4f.net
127.0.0.1 www.xwmu.com
127.0.0.1 www.lay0.com
127.0.0.1 www.aaa
127.0.0.1 www.idcke.com
127.0.0.1 bbs.17ez.com
127.0.0.1 www.521ee.com
127.0.0.1 server.17ez.com
127.0.0.1 bbs.vzkj.com
127.0.0.1 www.vzkj.com
127.0.0.1 www.1717mu.com.cn
127.0.0.1 bbs.dandanweb.com
127.0.0.1 mu.dandanweb.com
127.0.0.1 www.dandanweb.com
127.0.0.1 see.tgmu.com
127.0.0.1 mu.7jtop.com
127.0.0.1 www.2345w.com
127.0.0.1 www.ww218.com
127.0.0.1 www.musfw.com
127.0.0.1 www.11vip.com
127.0.0.1 www.350w.com
127.0.0.1 www.753mu.com
127.0.0.1 www.1943mu.com
127.0.0.1 www.852sf.com
127.0.0.1 www.951mu.com
127.0.0.1 www.zh91.com
127.0.0.1 www.zh91.com
127.0.0.1 xwmu.com
127.0.0.1 www.1999mu.com

==================================
API HOOK
N/A

==================================


[/CODE]
gototop
 
<<上一主题|下一主题>>
1   1  /  1  页   跳转
页面顶部
Powered by Discuz!NT