瑞星卡卡安全论坛技术交流区反病毒/反流氓软件论坛 【求助】急!好像中了番茄!高手来下

1   1  /  1  页   跳转

【求助】急!好像中了番茄!高手来下

收藏
邪心812
头像
初生襁褓狮
  • 帖子:23
  • 注册: 2006-10-22
  • 来自:
发表于: 2007-05-20 08:31 | 只看楼主 短消息 资料
字号: 1楼

【求助】急!好像中了番茄!高手来下

置顶贴的看不懂~~~~
启动项目
注册表
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
    <ctfmon.exe><C:\WINDOWS\system32\ctfmon.exe>  [(Verified)Microsoft Windows Publisher]
    <PcSync><C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog>  [Time Information Services Ltd.]
    <5g1vbgm8hmx><C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\iexpl0re.exe>  []
[HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows]
    <load><>  [N/A]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
    <IMJPMIG8.1><"C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32>  [(Verified)Microsoft Windows Publisher]
    <PHIME2002ASync><C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC>  [(Verified)Microsoft Windows Publisher]
    <PHIME2002A><C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName>  [(Verified)Microsoft Windows Publisher]
    <CAP3ON><C:\WINDOWS\system32\spool\drivers\w32x86\3\CAP3ONN.EXE>  [(Verified)Microsoft Windows Publisher]
    <IMSCMIG40W><C:\PROGRA~1\COMMON~1\MICROS~1\IME\IMSC40W\IMSCMIG.EXE /SetPreload /Log>  [Microsoft Corporation]
    <DataLayer><C:\Program Files\Common Files\PCSuite\DataLayer\DataLayer.exe>  [Nokia Mobile Phones Ltd.]
    <PCSuiteTrayApplication><C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe -onlytray>  [Nokia]
    <IgfxTray><C:\WINDOWS\system32\igfxtray.exe>  [(Verified)Microsoft Windows Publisher]
    <HotKeysCmds><C:\WINDOWS\system32\hkcmd.exe>  [(Verified)Microsoft Windows Publisher]
    <kis><"C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 6.0\avp.exe">  [Kaspersky Lab]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
    <shell><Explorer.exe>  [(Verified)Microsoft Windows Publisher]
    <Userinit><C:\WINDOWS\system32\userinit.exe,>  [(Verified)Microsoft Windows Publisher]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Windows]
    <AppInit_DLLs><C:\PROGRA~1\KASPER~1\KASPER~1.0\adialhk.dll>  [Kaspersky Lab]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
    <UIHost><logonui.exe>  [(Verified)Microsoft Windows Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\klogon]
    <WinlogonNotify: klogon><C:\WINDOWS\system32\klogon.dll>  [Kaspersky Lab]

==================================
启动文件夹
[Canon LASER SHOT LBP-1120 篈跌怠]
  <C:\Documents and Settings\All Users\「开始」菜单\程序\启动\Canon LASER SHOT LBP-1120 篈跌怠.LNK --> C:\WINDOWS\system32\spool\drivers\w32x86\3\CAP3LAK.EXE [CANON INC.]><N>
[Microsoft Office]
  <C:\Documents and Settings\All Users\「开始」菜单\程序\启动\Microsoft Office.lnk --> C:\PROGRA~1\MICROS~2\Office\OSA9.EXE [Microsoft Corporation]><N>

==================================
服务
[卡巴斯基互联网安全套装 6.0 / AVP][Running/Auto Start]
  <"C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 6.0\avp.exe" -r><Kaspersky Lab>
[局域网通讯协议 / Hello World][Stopped/Auto Start]
  <C:\Program Files\Common Files\Microsoft Shared\Web Folders\MSOSV.EXE><N/A>
[Human Interface Device Access / HidServ][Stopped/Disabled]
  <C:\WINDOWS\System32\svchost.exe -k netsvcs-->%SystemRoot%\System32\hidserv.dll><N/A>
[OracleOraHome81Agent / OracleOraHome81Agent][Stopped/Manual Start]
  <d:\Oracle\Ora81\bin\dbsnmp.exe><N/A>
[OracleOraHome81ClientCache / OracleOraHome81ClientCache][Stopped/Manual Start]
  <d:\Oracle\Ora81\BIN\ONRSD.EXE><N/A>
[OracleOraHome81DataGatherer / OracleOraHome81DataGatherer][Stopped/Manual Start]
  <d:\Oracle\Ora81\bin\vppdc.exe><N/A>
[OracleOraHome81ManagementServer / OracleOraHome81ManagementServer][Stopped/Manual Start]
  <d:\Oracle\Ora81\bin\OMSNTsrv.exe><N/A>
[OracleOraHome81TNSListener / OracleOraHome81TNSListener][Stopped/Auto Start]
  <d:\Oracle\Ora81\BIN\TNSLSNR ><N/A>
[OracleServiceTZD / OracleServiceTZD][Others/Auto Start]
  <d:\oracle\ora81\bin\ORACLE.EXE TZD><Oracle Corporation>
[OracleWebAssistant0 / OracleWebAssistant0][Running/Auto Start]
  <d:\Oracle\Ora81\BIN\OWASTSVR.EXE><Oracle Corporation>

==================================
驱动程序
[aeaudio / aeaudio][Running/Manual Start]
  <system32\drivers\aeaudio.sys><Andrea Electronics Corporation>
[ialm / ialm][Running/Manual Start]
  <system32\DRIVERS\ialmnt5.sys><Intel Corporation>
[kl1 / kl1][Running/Boot Start]
  <\SystemRoot\system32\drivers\kl1.sys><Kaspersky Lab>
[klif / klif][Running/System Start]
  <\??\C:\WINDOWS\system32\drivers\klif.sys><Kaspersky Lab>
[Nokia USB Generic / Nokia USB Generic][Stopped/Manual Start]
  <system32\drivers\nmwcdc.sys><Nokia>
[Nokia USB Modem / Nokia USB Modem][Stopped/Manual Start]
  <system32\drivers\nmwcdcm.sys><Nokia>
[Nokia USB Phone Parent / Nokia USB Phone Parent][Stopped/Manual Start]
  <system32\drivers\nmwcd.sys><Nokia>
[Direct Parallel Link Driver / Ptilink][Running/Manual Start]
  <system32\DRIVERS\ptilink.sys><Parallel Technologies, Inc.>
[Realtek RTL8139(A/B/C)-based PCI Fast Ethernet Adapter NT Driver / rtl8139][Running/Manual Start]
  <system32\DRIVERS\RTL8139.SYS><Realtek Semiconductor Corporation>
[Secdrv / Secdrv][Stopped/Manual Start]
  <system32\DRIVERS\secdrv.sys><N/A>
[smwdm / smwdm][Running/Manual Start]
  <system32\drivers\smwdm.sys><Analog Devices, Inc.>
[TSP / TSP][Stopped/Manual Start]
  <\??\C:\WINDOWS\system32\drivers\klif.sys><Kaspersky Lab>
[Intel(R) Graphics Platform (SoftBIOS) Driver / {6080A529-897E-4629-A488-ABA0C29B635E}][Running/Manual Start]
  <system32\drivers\ialmsbw.sys><Intel Corporation>
[Intel(R) Graphics Chipset (KCH) Driver / {D31A0762-0CEB-444e-ACFF-B049A1F6FE91}][Running/Manual Start]
  <system32\drivers\ialmkchw.sys><Intel Corporation>

==================================
浏览器加载项
[ThunderAtOnce Class]
  {01443AEC-0FD1-40fd-9C87-E93D1494C233} <C:\Program Files\Thunder Network\Thunder\ComDlls\TDAtOnce_Now.dll, Thunder Networking Technologies,LTD>
[Thunder Browser Helper]
  {889D2FEB-5411-4565-8998-1DD2C5261283} <C:\Program Files\Thunder Network\Thunder\ComDlls\xunleiBHO_Now.dll, Thunder Networking Technologies,LTD>
[启动迅雷5]
  {09BA8F6D-CB54-424B-839C-C2A6C8E6B436} <C:\Program Files\Thunder Network\Thunder\Thunder.exe, Thunder Networking Technologies,LTD>
[Web反病毒保护]
  {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} <C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 6.0\scieplugin.dll, Kaspersky Lab>
[Messenger]
  {FB5F1910-F110-11d2-BB9E-00C04F795683} <C:\Program Files\Messenger\msmsgs.exe, Microsoft Corporation>
[Shockwave Flash Object]
  {D27CDB6E-AE6D-11CF-96B8-444553540000} <C:\WINDOWS\system32\Macromed\Flash\Flash9c.ocx, Adobe Systems, Inc.>
[ThunderAtOnce Class]
  {01443AEC-0FD1-40FD-9C87-E93D1494C233} <C:\Program Files\Thunder Network\Thunder\ComDlls\TDAtOnce_Now.dll, Thunder Networking Technologies,LTD>
[XML Document]
  {48123BC4-99D9-11D1-A6B3-00C04FD91555} <%SystemRoot%\system32\msxml3.dll, N/A>
[Thunder Agent Class]
  {485463B7-8FB2-4B3B-B29B-8B919B0EACCE} <C:\Program Files\Thunder Network\Thunder\ComDlls\ThunderAgent_Now.dll, Thunder Networking Technologies,LTD>
[Microsoft Web 浏览器]
  {8856F961-340A-11D0-A96B-00C04FD705A2} <C:\WINDOWS\system32\shdocvw.dll, Microsoft Corporation>
[Thunder Browser Helper]
  {889D2FEB-5411-4565-8998-1DD2C5261283} <C:\Program Files\Thunder Network\Thunder\ComDlls\xunleiBHO_Now.dll, Thunder Networking Technologies,LTD>
[Shockwave Flash Object]
  {D27CDB6E-AE6D-11CF-96B8-444553540000} <C:\WINDOWS\system32\Macromed\Flash\Flash9c.ocx, Adobe Systems, Inc.>
[OfficeObj Class]
  {D2BD7935-05FC-11D2-9059-00C04FD7A1BD} <, N/A>
[使用迅雷下载]
  <C:\Program Files\Thunder Network\Thunder\Program\GetUrl.htm, N/A>
[使用迅雷下载全部链接]
  <C:\Program Files\Thunder Network\Thunder\Program\GetAllUrl.htm, N/A>
[导出到 Microsoft Excel(&x)]
  <res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000, N/A>
最后编辑2007-05-20 10:07:25
分享到:
gototop
 
邪心812
头像
初生襁褓狮
  • 帖子:23
  • 注册: 2006-10-22
  • 来自:
发表于: 2007-05-20 08:33 | 只看楼主 短消息 资料
字号: 2楼

正在运行的进程
[PID: 492][\SystemRoot\System32\smss.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 556][\??\C:\WINDOWS\system32\csrss.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 580][\??\C:\WINDOWS\system32\winlogon.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
    [C:\WINDOWS\system32\klogon.dll]  [Kaspersky Lab, 6.0.0.299]
    [C:\WINDOWS\system32\msacm32.drv]  [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)]
[PID: 624][C:\WINDOWS\system32\services.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 636][C:\WINDOWS\system32\lsass.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 784][C:\WINDOWS\system32\svchost.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 828][C:\WINDOWS\system32\svchost.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 888][C:\WINDOWS\System32\svchost.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
    [C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 6.0\adialhk.dll]  [Kaspersky Lab, 6.0.0.299]
    [d:\Oracle\Ora81\bin\oci.dll]  [Oracle Corporation, 8.1.6.0.0]
[PID: 1464][d:\oracle\ora81\bin\ORACLE.EXE]  [Oracle Corporation, 8.1.6.0.0]
    [d:\oracle\ora81\bin\oraclient8.dll]  [Oracle Corporation, 8.1.6.0.0]
    [d:\oracle\ora81\bin\oracore8.dll]  [Oracle Corporation, 8.1.3.0.0]
    [d:\oracle\ora81\bin\oranls8.dll]  [Oracle Corporation, 8.1.6.0.0]
    [d:\oracle\ora81\bin\oravsn8.dll]  [Oracle Corporation, 8.1.6.0.0]
    [d:\oracle\ora81\bin\oracommon8.dll]  [Oracle Corporation, 8.1.6.0.0]
    [d:\oracle\ora81\bin\orageneric8.dll]  [Oracle Corporation, 8.1.6.0.0]
    [d:\oracle\ora81\bin\orawtc8.dll]  [Oracle Corporation, 8.1.6.0.0]
    [d:\oracle\ora81\bin\oranl8.dll]  [Oracle Corporation, 8.1.6.0.0]
    [d:\oracle\ora81\bin\oran8.dll]  [Oracle Corporation, 8.1.6.0.0]
    [d:\oracle\ora81\bin\orancrypt8.dll]  [Oracle Corporation, 8.1.6.0.0]
    [d:\oracle\ora81\bin\oranro8.dll]  [Oracle Corporation, 8.1.6.0.0]
    [d:\oracle\ora81\bin\orannzsbb8.dll]  [Oracle Corporation, 8.1.6.0.0]
    [d:\oracle\ora81\bin\oranldap8.dll]  [Oracle Corporation, 8.1.6.0.0]
    [d:\oracle\ora81\bin\oraldapclnt8.dll]  [Oracle Corporation, 8.1.5.0.0]
    [d:\oracle\ora81\bin\oranhost8.dll]  [Oracle Corporation, 8.1.6.0.0]
    [d:\oracle\ora81\bin\oranoname8.dll]  [Oracle Corporation, 8.1.6.0.0]
    [d:\oracle\ora81\bin\orancds8.dll]  [Oracle Corporation, 8.1.6.0.0]
    [d:\oracle\ora81\bin\orantns8.dll]  [Oracle Corporation, 8.1.6.0.0]
    [d:\oracle\ora81\bin\orannds8.dll]  [Oracle Corporation, 8.1.6.0.0]
    [d:\oracle\ora81\bin\orannms8.dll]  [N/A, ]
    [d:\oracle\ora81\bin\ORATRACE8.dll]  [N/A, ]
    [d:\oracle\ora81\bin\orapls8.dll]  [Oracle Corporation, 8]
    [d:\oracle\ora81\bin\oraslax8.dll]  [Oracle Corporation, 8]
    [d:\oracle\ora81\bin\orasql8.dll]  [Oracle Corporation, 8.1.6.0.0]
    [d:\oracle\ora81\bin\oraplp8.dll]  [Oracle Corporation, 8]
    [d:\oracle\ora81\bin\oradbicx8.dll]  [Oracle Corporation, 8]
    [d:\oracle\ora81\bin\orajox8.dll]  [N/A, ]
    [d:\oracle\ora81\bin\oransgr8.dll]  [Oracle Corporation, 8.1.6.0.0]
[PID: 2412][C:\WINDOWS\Explorer.EXE]  [Microsoft Corporation, 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)]
    [C:\WINDOWS\system32\msacm32.drv]  [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)]
    [C:\WINDOWS\system32\igfxpph.dll]  [Intel Corporation, 3,0,0,2104]
    [C:\WINDOWS\system32\hccutils.DLL]  [Intel Corporation, 3,0,0,2104]
    [C:\WINDOWS\system32\igfxres.dll]  [Intel Corporation, 3,0,0,2104]
    [C:\WINDOWS\system32\igfxsrvc.dll]  [Intel Corporation, 3,0,0,2104]
    [C:\WINDOWS\system32\igfxdev.dll]  [Intel Corporation, 3,0,0,2104]
    [C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\LgSy1.dll]  [N/A, ]
    [C:\Program Files\WinRAR\rarext.dll]  [N/A, ]
    [C:\Program Files\Nokia\Nokia PC Suite 6\PhoneBrowser.dll]  [Nokia, 6, 60, 15, 3]
    [C:\WINDOWS\system32\ConnAPI.DLL]  [Nokia., 6, 60, 27, 2]
    [C:\Program Files\Nokia\Nokia PC Suite 6\PCSCM.dll]  [Nokia, 6, 60, 45, 4]
    [C:\Program Files\Nokia\Nokia PC Suite 6\Lang\PhoneBrowser_chi-sc.nlr]  [Nokia, 6, 60, 5, 1]
    [C:\Program Files\Nokia\Nokia PC Suite 6\Resource\PhoneBrowser_Nokia.ngr]  [Nokia, 6, 60, 1, 1]
    [C:\Program Files\Thunder Network\Thunder\ComDlls\xunleiBHO_Now.dll]  [Thunder Networking Technologies,LTD, 5, 0, 1, 4]
    [C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 6.0\shellex.dll]  [Kaspersky Lab, 6.0.0.299]
[PID: 2444][C:\WINDOWS\system32\wscntfy.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 2632][C:\Program Files\Common Files\PCSuite\DataLayer\DataLayer.exe]  [Nokia Mobile Phones Ltd., 6, 60, 109, 3]
    [C:\Program Files\Common Files\PCSuite\DataLayer\Lang\DataLayer_chi-sc.nlr]  [Nokia, 6, 60, 8, 0]
    [C:\WINDOWS\system32\msxml4.dll]  [Microsoft Corporation, 4.20.9818.0]
[PID: 2648][C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe]  [Nokia, 6, 60, 25, 5]
    [C:\WINDOWS\system32\ConnAPI.DLL]  [Nokia., 6, 60, 27, 2]
    [C:\Program Files\Nokia\Nokia PC Suite 6\PCSCM.dll]  [Nokia, 6, 60, 45, 4]
    [C:\Program Files\Common Files\PCSuite\ConfServer\ConfServer.dll]  [Nokia, 6, 60, 10, 0]
    [C:\WINDOWS\system32\msxml4.dll]  [Microsoft Corporation, 4.20.9818.0]
    [C:\Program Files\Nokia\Nokia PC Suite 6\Lang\LaunchApplication_chi-sc.NLR]  [, 6, 60, 14, 0]
[PID: 2660][C:\WINDOWS\system32\igfxtray.exe]  [Intel Corporation, 3,0,0,2104]
    [C:\WINDOWS\system32\hccutils.DLL]  [Intel Corporation, 3,0,0,2104]
    [C:\WINDOWS\system32\igfxdev.dll]  [Intel Corporation, 3,0,0,2104]
    [C:\WINDOWS\system32\igfxsrvc.dll]  [Intel Corporation, 3,0,0,2104]
    [C:\WINDOWS\system32\igfxres.dll]  [Intel Corporation, 3,0,0,2104]
    [C:\WINDOWS\system32\igfxress.dll]  [Intel Corporation, 3,0,0,2104]
[PID: 2668][C:\WINDOWS\system32\hkcmd.exe]  [Intel Corporation, 3,0,0,2104]
    [C:\WINDOWS\system32\hccutils.DLL]  [Intel Corporation, 3,0,0,2104]
    [C:\WINDOWS\system32\igfxdev.dll]  [Intel Corporation, 3,0,0,2104]
    [C:\WINDOWS\system32\igfxsrvc.dll]  [Intel Corporation, 3,0,0,2104]
    [C:\WINDOWS\system32\igfxhk.dll]  [Intel Corporation, 3,0,0,2104]
    [C:\WINDOWS\system32\igfxres.dll]  [Intel Corporation, 3,0,0,2104]
[PID: 2704][C:\WINDOWS\system32\ctfmon.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 2712][C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe]  [Time Information Services Ltd., 2.00 (449)]
    [C:\Program Files\Nokia\Nokia PC Suite 6\PCSCM.dll]  [Nokia, 6, 60, 45, 4]
    [C:\WINDOWS\system32\ConnAPI.DLL]  [Nokia., 6, 60, 27, 2]
    [C:\Program Files\Nokia\Nokia PC Suite 6\PCSL.dll]  [Nokia, 6, 60, 3, 0]
    [C:\PROGRAM FILES\NOKIA\NOKIA PC SUITE 6\Lang\PcSync2_chi-sc.nlr]  [Time Information Services Ltd., 8.00 (449)]
    [C:\PROGRAM FILES\NOKIA\NOKIA PC SUITE 6\Resource\PcSync2_Nokia.ngr]  [Time Information Services Ltd., 8.00 (449)]
    [C:\Program Files\Common Files\Nokia\Adapters\NclSet.dll]  [Nokia, 6.60.9.0]
    [C:\Program Files\Common Files\Nokia\Adapters\Nclaeo.dsc]  [Nokia Mobile Phones Ltd., 4.00.008]
    [C:\Program Files\Common Files\Nokia\MPAPI\MPAPIps.dll]  [Nokia Corporation, 6.60.73.0]
[PID: 2836][C:\WINDOWS\system32\spool\drivers\w32x86\3\CAP3LAK.EXE]  [CANON INC., 1.00.0.007]
[PID: 2908][C:\PROGRA~1\COMMON~1\PCSuite\Services\SERVIC~1.EXE]  [Nokia., 6, 60, 36, 1]
    [C:\WINDOWS\system32\NclTools.dll]  [Nokia., 6, 60, 12, 0]
    [C:\Program Files\Common Files\PCSuite\Transports\NCLIrDAMM.dll]  [Nokia Corp., 6, 60, 19, 0]
    [C:\Program Files\Common Files\PCSuite\Transports\NclMSBTMM.dll]  [Nokia., 6, 60, 29, 0]
    [C:\Program Files\Common Files\PCSuite\Transports\NCLRSMM.dll]  [Nokia, 6,60, 28, 0]
    [C:\Program Files\Common Files\PCSuite\Transports\NCLUSBMM.dll]  [Nokia, 6, 60, 28, 0]
    [C:\Program Files\Common Files\PCSuite\Services\NclDS.dll]  [Nokia, 6, 60, 6, 1]
[PID: 3044][C:\PROGRA~1\COMMON~1\Nokia\MPAPI\MPAPI3s.exe]  [Nokia Corporation, 6.60.158.0]
    [C:\Program Files\Common Files\Nokia\MPAPI\MPAPIps.dll]  [Nokia Corporation, 6.60.73.0]
[PID: 2256][C:\WINDOWS\svchost.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 980][C:\WINDOWS\system32\taskmgr.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
    [C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\LgSy1.dll]  [N/A, ]
gototop
 
邪心812
头像
初生襁褓狮
  • 帖子:23
  • 注册: 2006-10-22
  • 来自:
发表于: 2007-05-20 08:33 | 只看楼主 短消息 资料
字号: 3楼

[PID: 3504][C:\Program Files\Internet Explorer\IEXPLORE.EXE]  [Microsoft Corporation, 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)]
    [C:\Program Files\Thunder Network\Thunder\ComDlls\TDAtOnce_Now.dll]  [Thunder Networking Technologies,LTD, 1.0.0.4]
    [C:\Program Files\Thunder Network\Thunder\ComDlls\xunleiBHO_Now.dll]  [Thunder Networking Technologies,LTD, 5, 0, 1, 4]
    [C:\Program Files\Thunder Network\Thunder\Components\ResWorker\DsBho_00.dll]  [, 1, 0, 0, 2]
    [C:\Program Files\Thunder Network\Thunder\Components\ResWorker\DataProcessor_00.dll]  [Thunder Networking Technologies,LTD, 1, 0, 0, 4]
    [C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\LgSy1.dll]  [N/A, ]
    [C:\WINDOWS\system32\msacm32.drv]  [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)]
    [C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 6.0\adialhk.dll]  [Kaspersky Lab, 6.0.0.299]
    [C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 6.0\scr_ch_pg.dll]  [Kaspersky Lab, 1.0.6.299]
    [C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 6.0\klscav.dll]  [Kaspersky Lab, 6.0.0.299]
    [C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 6.0\pr_remote.dll]  [Kaspersky Lab, 6.0.0.299]
    [C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 6.0\prloader.dll]  [Kaspersky Lab, 6.0.0.299]
    [C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 6.0\prkernel.ppl]  [Kaspersky Lab, 6.0.0.299]
    [c:\program files\kaspersky lab\kaspersky internet security 6.0\params.ppl]  [Kaspersky Lab, 6.0.0.299]
    [c:\program files\kaspersky lab\kaspersky internet security 6.0\pxstub.ppl]  [Kaspersky Lab, 6.0.0.299]
    [c:\program files\kaspersky lab\kaspersky internet security 6.0\tempfile.ppl]  [Kaspersky Lab, 6.0.0.299]
    [c:\program files\kaspersky lab\kaspersky internet security 6.0\nfio.ppl]  [Kaspersky Lab, 6.0.0.299]
    [c:\program files\kaspersky lab\kaspersky internet security 6.0\fsdrvplgn.ppl]  [Kaspersky Lab, 6.0.0.299]
    [C:\WINDOWS\system32\Macromed\Flash\Flash9c.ocx]  [Adobe Systems, Inc., 9,0,45,0]
    [C:\WINDOWS\system32\UNISPIM.IME]  [北京清华紫光软件股份有限公司, 3.0.0.3045]

==================================
文件关联
.TXT  OK. [%SystemRoot%\system32\NOTEPAD.EXE %1]
.EXE  OK. ["%1" %*]
.COM  OK. ["%1" %*]
.PIF  OK. ["%1" %*]
.REG  OK. [regedit.exe "%1"]
.BAT  OK. ["%1" %*]
.SCR  OK. ["%1" /S]
.CHM  OK. ["C:\WINDOWS\hh.exe" %1]
.HLP  OK. [%SystemRoot%\System32\winhlp32.exe %1]
.INI  OK. [%SystemRoot%\System32\NOTEPAD.EXE %1]
.INF  OK. [%SystemRoot%\System32\NOTEPAD.EXE %1]
.VBS  OK. [%SystemRoot%\System32\WScript.exe "%1" %*]
.JS  OK. [%SystemRoot%\System32\WScript.exe "%1" %*]
.LNK  OK. [{00021401-0000-0000-C000-000000000046}]

==================================
Winsock 提供者
N/A

==================================
Autorun.inf
N/A

==================================
HOSTS 文件
127.0.0.1      localhost
127.0.0.1      mmm.caifu18.net
127.0.0.1      www.18dmm.com
127.0.0.1      d.qbbd.com
127.0.0.1      www.5117music.com
127.0.0.1      www.union123.com
127.0.0.1      www.wu7x.cn
127.0.0.1      www.54699.com
127.0.0.1      www1.6tan.com
127.0.0.1      www2.6tan.com
127.0.0.1      www.97725.com
127.0.0.1      down.97725.com
127.0.0.1      ip.315hack.com
127.0.0.1      ip.54liumang.com
127.0.0.1      www.41ip.com
127.0.0.1      xulao.com
127.0.0.1      www.heixiou.com
127.0.0.1      www.9cyy.com
127.0.0.1      www.hunll.com
127.0.0.1      www.down.hunll.com
127.0.0.1      do.77276.com
127.0.0.1      www.baidulink.com
127.0.0.1      adnx.yygou.cn
127.0.0.1      222.73.220.45
127.0.0.1      www.f5game.com
127.0.0.1      www.guazhan.cn
127.0.0.1      wm,103715.com
127.0.0.1      www.my6688.cn
127.0.0.1      i.96981.com
127.0.0.1      d.77276.com
127.0.0.1      www1.cw988.cn
127.0.0.1      cool.47555.com
127.0.0.1      www.asdwc.com
127.0.0.1      55880.cn
127.0.0.1      61.152.169.234
127.0.0.1      cc.wzxqy.com
127.0.0.1      www.54699.com
127.0.0.1      t.gcuj.com
127.0.0.1      www.puma163.com
127.0.0.1      ceoww.com
127.0.0.1      boolom.com
127.0.0.1      adult-novel.cn
127.0.0.1      ll.chinasese.net
127.0.0.1      www.tellumore.com
127.0.0.1      www.o1wg.com
127.0.0.1      www.qq756.com
127.0.0.1      ll.chinasese.net

==================================
API HOOK
RVA  错误: LoadLibraryA (危险等级: 一般,  被下面模块所HOOK: Dest Addr: 0xF0C7FB25)
RVA  错误: LoadLibraryExA (危险等级: 一般,  被下面模块所HOOK: Dest Addr: 0xF0C7FD67)
RVA  错误: LoadLibraryExW (危险等级: 一般,  被下面模块所HOOK: Dest Addr: 0xF0C7FF0B)
RVA  错误: LoadLibraryW (危险等级: 一般,  被下面模块所HOOK: Dest Addr: 0xF0C7FC49)
RVA  错误: GetProcAddress (危险等级: 高,  被下面模块所HOOK: Dest Addr: 0xF0C7FE8F)

==================================
隐藏进程
N/A

==================================


[/CODE]
gototop
 
邪心812
头像
初生襁褓狮
  • 帖子:23
  • 注册: 2006-10-22
  • 来自:
发表于: 2007-05-20 10:17 | 只看楼主 短消息 资料
字号: 4楼

怎么没人那,自己顶下
gototop
 
<<上一主题|下一主题>>
1   1  /  1  页   跳转
页面顶部
Powered by Discuz!NT