瑞星卡卡安全论坛技术交流区反病毒/反流氓软件论坛 朋友的电脑,问题太多了,我无从下手,请大家帮忙,谢谢!

12   1  /  2  页   跳转

朋友的电脑,问题太多了,我无从下手,请大家帮忙,谢谢!

收藏
rushiqi
头像
健康舞勺狮
  • 帖子:266
  • 注册: 2006-06-21
  • 来自:
发表于: 2007-06-02 16:31 | 只看楼主 短消息 资料
字号: 1楼

朋友的电脑,问题太多了,我无从下手,请大家帮忙,谢谢!

[CODE]

2007-06-15,16:17:54

System Repair Engineer 2.4.12.806
Smallfrogs (http://www.KZTechs.com)

Windows XP Professional Service Pack 2 (Build 2600) - 管理权限用户 - 完整功能

以下内容被选中:
    所有的启动项目(包括注册表、启动文件夹、服务等)
    浏览器加载项
    正在运行的进程(包括进程模块信息)
    文件关联
    Winsock 提供者
    Autorun.inf
    HOSTS 文件


启动项目
注册表
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
    <ctfmon.exe><C:\WINDOWS\system32\ctfmon.exe>  [(Verified)]
    <q8b63qd8i9julg><C:\DOCUME~1\rjs\LOCALS~1\Temp\1explore.exe>  []
    <l7ftg9vy8><C:\DOCUME~1\rjs\LOCALS~1\Temp\iexpl0re.exe>  []
    <s><C:\DOCUME~1\rjs\LOCALS~1\Temp\rundl132.exe>  []
    <rhqbfe4dr><C:\DOCUME~1\rjs\LOCALS~1\Temp\winlog0n.exe>  []
    <3uihl0w><C:\DOCUME~1\rjs\LOCALS~1\Temp\c0nime.exe>  []
    <l7><C:\DOCUME~1\rjs\LOCALS~1\Temp\Servera.exe>  []
    <QQDownload><"C:\Program Files\Tencent\QQDownload\QQDownload.exe" autostart>  [N/A]
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run]
    <sun><C:\WINDOWS\SysSun2\svchost.exe>  []
    <fy><C:\WINDOWS\Sysfy4\svchost.exe>  []
    <JT><C:\WINDOWS\SysJT4\svchost.exe>  []
    <J2><C:\WINDOWS\system32\SysJ2\svchost.exe>  []
    <sj><C:\WINDOWS\Syssj5\svchost.exe>  []
    <wl><C:\WINDOWS\Syswl3\svchost.exe>  []
    <wm><C:\WINDOWS\Syswm7\svchost.exe>  []
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
    <RavTask><"E:\Program Files\Rising\Rav\RavTask.exe" -system>  []
    <BigDogPath><C:\WINDOWS\VM_STI.EXE VIMICRO USB PC Camera 301x>  [N/A]
    <TkBellExe><"C:\Program Files\Common Files\Real\Update_OB\realsched.exe"  -osboot>  [RealNetworks, Inc.]
    <pklihisss><C:\WINDOWS\pklihisss.exe /i>  []
    <Explrer><C:\WINDOWS\Explrer.exe>  []
    <Exprer><C:\WINDOWS\Exprer.exe>  []
    <nwiztlbb><C:\WINDOWS\system32\nwiztlbb.exe>  []
    <nwizAskTao><C:\WINDOWS\system32\nwizAskTao.exe>  []
    <svpecld><C:\WINDOWS\system32\svpecld.exe>  []
    <upxdnd><C:\WINDOWS\upxdnd.exe>  []
    <mppds><C:\WINDOWS\mppds.exe>  []
    <main32><C:\WINDOWS\main32.exe /i>  []
    <iPPro><C:\WINDOWS\iPPro.exe>  []
    <stup.exe><C:\PROGRA~1\TENCENT\Adplus\stup.exe>  [Tencent]
    <Kvsc3><C:\WINDOWS\Kvsc3.exe>  []
    <cmdbcs><C:\WINDOWS\cmdbcs.exe>  []
    <msccrt><C:\WINDOWS\msccrt.exe>  []
    <MsIMMs32><C:\WINDOWS\MsIMMs32.exe>  []
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
    <shell><Explorer.exe>  [(Verified)]
    <Userinit><C:\WINDOWS\system32\userinit.exe,>  [(Verified)]
    <UIHost><logonui.exe>  [(Verified)]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
    <{32CD708B-60A7-4C00-9377-D73EAA495F0F}><C:\WINDOWS\system32\RavExt.dll>  [Beijing Rising Technology Co., Ltd.]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    <AddrPlus3><; C:\PROGRA~1\TENCENT\AdPlus\Runner.exe C:\PROGRA~1\TENCENT\AdPlus\QAHook1.dll Rundll32>  [N/A]
    <assistse><; "C:\PROGRA~1\3721\assistse.exe">  [N/A]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    <ctfmon.exe><; C:\WINDOWS\system32\ctfmon.exe>  [(Verified)]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    <helper.dll><; C:\WINDOWS\system32\rundll32.exe C:\PROGRA~1\3721\helper.dll,Rundll32>  [N/A]
    <IMJPMIG8.1><; "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32>  [(Verified)]
    <IMSCMig><; C:\PROGRA~1\COMMON~1\MICROS~1\IME\IMSC40A\IMSCMIG.EXE /Preload>  [(Verified)Microsoft Corporation]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    <MSMSGS><; "C:\Program Files\Messenger\msmsgs.exe" /background>  [Microsoft Corporation]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    <PHIME2002A><; C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName>  [(Verified)]
    <PHIME2002ASync><; C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC>  [(Verified)]
    <RavTimer><; C:\Program Files\Rising\Rav\RavTimer.exe>  [N/A]
    <SKYNET Personal FireWall><; C:\Program Files\SkyNet\FireWall\pfw.exe>  [N/A]
    <SysExplr><; C:\HEROSOFT\Hero3000\SYSEXPLR.EXE>  []
    <TkBellExe><; "C:\Program Files\Common Files\Real\Update_OB\realsched.exe"  -osboot>  [RealNetworks, Inc.]
    <yahoo_mini><; C:\Program Files\3721\Dlaccel\YDownloader.exe>  [N/A]

==================================
启动文件夹
[QQ游戏启动加速程序]
  <C:\Documents and Settings\rjs\「开始」菜单\程序\启动\QQ游戏启动加速程序.lnk --> C:\PROGRA~1\Tencent\QQGame\Accel.exe [深圳市腾讯计算机系统有限公司]><N>
[腾讯QQ]
  <C:\Documents and Settings\rjs\「开始」菜单\程序\启动\腾讯QQ.lnk --> C:\PROGRA~1\Tencent\qq\QQ.exe [TENCENT]><N>

==================================
服务
[Disk Driver Service / Disk Service][Stopped/Auto Start]
  <C:\Program Files\Common Files\Microsoft Shared\Web Folders\MSOSV.EXE><N/A>
[局域网通讯协议 / Hello World][Stopped/Auto Start]
  <C:\Program Files\Common Files\Microsoft Shared\Web Folders\MSOSV.EXE><N/A>
[Human Interface Device Access / HidServ][Stopped/Disabled]
  <C:\WINDOWS\System32\svchost.exe -k netsvcs-->%SystemRoot%\System32\hidserv.dll><N/A>
[Rising Process Communication Center / RsCCenter][Running/Auto Start]
  <"E:\Program Files\Rising\Rav\CCenter.exe"><Beijing Rising Technology Co., Ltd.>
[RsRavMon Service / RsRavMon][Running/Auto Start]
  <"E:\Program Files\Rising\Rav\Ravmond.exe"><Beijing Rising Technology Co., Ltd.>
[Windows User Mode Driver Framework / UMWdf][Running/Auto Start]
  <C:\WINDOWS\system32\wdfmgr.exe><Microsoft Corporation>
[Win32 Debug Service / MSDebugsvc][Stopped/Auto Start]
  <C:\WINDOWS\system32\rundll32.exe msdebug.dll,input><Microsoft Corporation>
[Remote Debug Service / RemoteDbg][Stopped/Auto Start]
  <C:\WINDOWS\system32\rundll32.exe RemoteDbg.dll,input><Microsoft Corporation>
[Windows DHCP Service / WinDHCPsvc][Stopped/Auto Start]
  <C:\WINDOWS\system32\rundll32.exe windhcp.ocx,input><Microsoft Corporation>
[WMI Performance API / WMIApiSrv][Stopped/Auto Start]
  <C:\WINDOWS\system32\rundll32.exe WMIApiSrv.dll,input><Microsoft Corporation>
[WinXP DHCP Service / WinXPDHCPsvc][Stopped/Auto Start]
  <C:\WINDOWS\system32\rundll32.exe xpdhcp.dll,input><Microsoft Corporation>
[Win32 Display Driver / Win32DDS][Stopped/Auto Start]
  <C:\WINDOWS\system32\rundll32.exe windds32.dll,input><Microsoft Corporation>
[Wireless Service / WZCSRVC][Stopped/Auto Start]
  <C:\WINDOWS\system32\rundll32.exe netsrvcs.dll,input><Microsoft Corporation>

==================================
驱动程序
[ADMtek AN983/AN985/ADM951X 10/100Mbps Fast Ethernet Adapter / AN983][Running/Manual Start]
  <system32\DRIVERS\AN983.sys><ADMtek Incorporated.>
[Rising TDI Base Driver / BaseTDI][Running/Auto Start]
  <System32\DRIVERS\BaseTDI.SYS><Beijing Rising Technology Co., Ltd.>
[CelInDrv / CelInDrv][Running/Disabled]
  <\??\C:\WINDOWS\system32\Drivers\CelInDriver.sys><N/A>
[ExpScaner / ExpScaner][Running/Auto Start]
  <\??\E:\Program Files\Rising\Rav\ExpScan.sys><>
[VIA PCI 10/100Mb Fast Ethernet Adapter NT Driver / FETNDIS][Stopped/Manual Start]
  <system32\DRIVERS\fetnd5.sys><VIA Technologies, Inc.>
[HookCont / HookCont][Running/Auto Start]
  <\??\E:\Program Files\Rising\Rav\HOOKCONT.sys><Rising tech Co. ltd>
[HookReg / HookReg][Running/Auto Start]
  <\??\E:\Program Files\Rising\Rav\HookReg.sys><>
[HookSys / HookSys][Running/Auto Start]
  <\??\E:\Program Files\Rising\Rav\HookSys.sys><Rising>
[kmsinput / kmsinput][Stopped/Manual Start]
  <\??\C:\WINDOWS\system32\drivers\kmsinput.sys><N/A>
[lbi / lbi][Stopped/Manual Start]
  <\??\C:\DOCUME~1\rjs\LOCALS~1\Temp\lbikfk><N/A>
[lemepej / lemepej][Running/Boot Start]
  <\SystemRoot\\SystemRoot\System32\drivers\lemepej.sys><N/A>
[MEMSCAN / MEMSCAN][Running/Auto Start]
  <\??\E:\Program Files\Rising\Rav\MEMSCAN.sys><瑞星软件有限公司>
[npkcrypt / npkcrypt][Running/Auto Start]
  <\??\C:\Program Files\Tencent\qq\npkcrypt.sys><INCA Internet Co., Ltd.>
[npkycryp / npkycryp][Stopped/Manual Start]
  <\??\C:\Program Files\Tencent\qq\npkycryp.sys><N/A>
[nv / nv][Running/Manual Start]
  <system32\DRIVERS\nv4_mini.sys><NVIDIA Corporation>
[ppmoucls / ppmoucls][Running/System Start]
  <System32\DRIVERS\ppmoucls.sys><Windows (R) 2000 DDK provider>
[PenPower Touchpad / pptchpad][Running/System Start]
  <System32\DRIVERS\pptchpd5.sys><N/A>
[Direct Parallel Link Driver / Ptilink][Running/Manual Start]
  <system32\DRIVERS\ptilink.sys><Parallel Technologies, Inc.>
[Realtek RTL8139(A/B/C)-based PCI Fast Ethernet Adapter NT Driver / rtl8139][Stopped/Manual Start]
  <system32\DRIVERS\RTL8139.SYS><Realtek Semiconductor Corporation>
[Secdrv / Secdrv][Stopped/Manual Start]
  <system32\DRIVERS\secdrv.sys><N/A>
[uqbejte / uqbejte][Stopped/Manual Start]
  <\??\C:\DOCUME~1\rjs\LOCALS~1\Temp\uqbejtejxh><N/A>
[ViaIde / ViaIde][Running/Boot Start]
  <\SystemRoot\system32\DRIVERS\viaide.sys><Microsoft Corporation>
[VIA AC'97 Audio Controller (WDM) / VIAudio][Running/Manual Start]
  <system32\drivers\viaudios.sys><VIA Technologies, Inc.>
[World Standard Teletext Codec / WSTCODEC][Stopped/Manual Start]
  <system32\DRIVERS\WSTCODEC.SYS><Microsoft Corporation>
[zihhrd66 / zihhrd66][Stopped/Manual Start]
  <\??\C:\WINDOWS\system32\drivers\zihhrd66.sys><Microsoft Corporation>
[VIMICRO USB PC Camera 301x / ZSMC301b][Running/Manual Start]
  <System32\Drivers\usbVM31b.sys><VM>
最后编辑2007-06-06 17:37:53
分享到:
gototop
 
rushiqi
头像
健康舞勺狮
  • 帖子:266
  • 注册: 2006-06-21
  • 来自:
发表于: 2007-06-02 16:33 | 只看楼主 短消息 资料
字号: 2楼

==================================
浏览器加载项
[QQCycloneHelper Class]
  {00000000-12C9-4305-82F9-43058F20E8D2} <C:\Program Files\Tencent\QQDownload\QQIEHelper01.dll, 腾讯公司>
[Tencent Browser Helper]
  {0C7C23EF-A848-485B-873C-0ED954731014} <C:\Program Files\TENCENT\Adplus\SSAddr1.dll, Tencent>
[Messenger]
  {FB5F1910-F110-11d2-BB9E-00C04F795683} <C:\Program Files\Messenger\msmsgs.exe, Microsoft Corporation>
[Shockwave Flash Object]
  {D27CDB6E-AE6D-11CF-96B8-444553540000} <C:\WINDOWS\system32\Macromed\Flash\Flash8.ocx, Macromedia, Inc.>
[Ravonline]
  {DA984A6D-508E-11D6-AA49-0050FF3C628D} <C:\WINDOWS\Downloaded Program Files\RsOnline.dll, Beijing Rising Tech. Co., Ltd.>
[QQCycloneHelper Class]
  {00000000-12C9-4305-82F9-43058F20E8D2} <C:\Program Files\Tencent\QQDownload\QQIEHelper01.dll, 腾讯公司>
[ActiveMovieControl Object]
  {05589FA1-C356-11CE-BF01-00AA0055595A} <C:\WINDOWS\system32\wmpdxm.dll, Microsoft Corporation>
[Tencent Browser Helper]
  {0C7C23EF-A848-485B-873C-0ED954731014} <C:\Program Files\TENCENT\Adplus\SSAddr1.dll, Tencent>
[Windows Media Player]
  {22D6F312-B0F6-11D0-94AB-0080C74C7E95} <C:\WINDOWS\system32\wmpdxm.dll, Microsoft Corporation>
[DHTML Edit Control Safe for Scripting for IE5]
  {2D360201-FFF5-11D1-8D03-00A0C959BC0A} <C:\Program Files\Common Files\Microsoft Shared\Triedit\dhtmled.ocx, Microsoft Corporation>
[HHCtrl Object]
  {52A2AAAE-085D-4187-97EA-8C30DB990436} <C:\WINDOWS\system32\hhctrl.ocx, Microsoft Corporation>
[Windows Media Player]
  {6BF52A52-394A-11D3-B153-00C04F79FAA6} <C:\WINDOWS\system32\wmp.dll, Microsoft Corporation>
[Microsoft Web 浏览器]
  {8856F961-340A-11D0-A96B-00C04FD705A2} <C:\WINDOWS\system32\shdocvw.dll, Microsoft Corporation>
[Microsoft Scriptlet Component]
  {AE24FDAE-03C6-11D1-8B76-0080C744F389} <C:\WINDOWS\system32\Mshtml.dll, Microsoft Corporation>
[SearchAssistantOC]
  {B45FF030-4447-11D2-85DE-00C04FA35C89} <%SystemRoot%\system32\shdocvw.dll, N/A>
[RDS.DataSpace]
  {BD96C556-65A3-11D0-983A-00C04FC29E36} <C:\Program Files\Common Files\System\msadc\msadco.dll, Microsoft Corporation>
[RealPlayer G2 Control]
  {CFCDAA03-8BE4-11CF-B84B-0020AFBBCCFA} <C:\WINDOWS\system32\rmoc3260.dll, RealNetworks, Inc.>
[Shockwave Flash Object]
  {D27CDB6E-AE6D-11CF-96B8-444553540000} <C:\WINDOWS\system32\Macromed\Flash\Flash8.ocx, Macromedia, Inc.>
[&使用超级旋风下载]
  <C:\Program Files\Tencent\QQDownload\geturl.htm, N/A>
[&使用超级旋风下载全部链接]
  <C:\Program Files\Tencent\QQDownload\getAllurl.htm, N/A>
[导出到 Microsoft Office Excel(&X)]
  <res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000, N/A>
[添加到QQ表情]
  <C:\Program Files\Tencent\qq\AddEmotion.htm, N/A>

==================================
正在运行的进程
[PID: 472][\SystemRoot\System32\smss.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 528][\??\C:\WINDOWS\system32\csrss.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 552][\??\C:\WINDOWS\system32\winlogon.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
    [C:\WINDOWS\system32\msacm32.drv]  [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)]
[PID: 600][C:\WINDOWS\system32\services.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 612][C:\WINDOWS\system32\lsass.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 760][C:\WINDOWS\system32\svchost.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 816][C:\WINDOWS\system32\svchost.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 880][E:\Program Files\Rising\Rav\CCenter.exe]  [Beijing Rising Technology Co., Ltd., 18, 0, 0, 3]
    [C:\WINDOWS\Syssj5\Ghook.dll]  [N/A, ]
    [C:\WINDOWS\Syswm7\Ghook.dll]  [N/A, ]
[PID: 896][C:\WINDOWS\System32\svchost.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
    [C:\WINDOWS\Syssj5\Ghook.dll]  [N/A, ]
    [C:\WINDOWS\Syswm7\Ghook.dll]  [N/A, ]
    [C:\WINDOWS\system32\wups2.dll]  [Microsoft Corporation, 5.8.0.2469 built by: lab01_n(wmbla)]
[PID: 2036][C:\WINDOWS\Explorer.EXE]  [Microsoft Corporation, 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)]
    [C:\WINDOWS\system32\RavExt.dll]  [Beijing Rising Technology Co., Ltd., 18, 0, 0, 21]
    [C:\WINDOWS\system32\msacm32.drv]  [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)]
    [C:\WINDOWS\system32\Explrer.dll]  [N/A, ]
    [C:\WINDOWS\system32\Exprer.dll]  [N/A, ]
    [C:\WINDOWS\system32\nwizAsktao.dll]  [N/A, ]
    [C:\WINDOWS\system32\cpasevcl.dll]  [, 1, 0, 0, 4]
    [C:\WINDOWS\Syswl3\Ghook.dll]  [N/A, ]
    [C:\WINDOWS\system32\nwiztlbb.dll]  [N/A, ]
    [C:\Program Files\TENCENT\Adplus\Adplus1.dll]  [Tencent, 4, 5, 1, 14]
    [C:\WINDOWS\system32\iPPro.dll]  [N/A, ]
    [C:\WINDOWS\system32\main32.dll]  [N/A, ]
    [C:\WINDOWS\system32\mppds.dll]  [N/A, ]
    [C:\WINDOWS\system32\nwizhx2.dll]  [N/A, ]
    [C:\WINDOWS\system32\tlbb100.dll]  [N/A, ]
    [C:\WINDOWS\Sysfy4\Ghook.dll]  [N/A, ]
    [C:\WINDOWS\system32\cmdbcs.dll]  [N/A, ]
    [C:\DOCUME~1\rjs\LOCALS~1\Temp\upxdnd.dll]  [N/A, ]
    [C:\WINDOWS\system32\Kvsc3.dll]  [N/A, ]
    [C:\WINDOWS\system32\msccrt.dll]  [N/A, ]
    [C:\WINDOWS\Syssj5\Ghook.dll]  [N/A, ]
    [C:\WINDOWS\SysSun2\Ghook.dll]  [N/A, ]
    [C:\WINDOWS\system32\txwgmr.dll]  [N/A, ]
    [C:\WINDOWS\SysJT4\Ghook.dll]  [N/A, ]
    [C:\WINDOWS\system32\SysJ2\Ghook.dll]  [N/A, ]
    [C:\WINDOWS\Syswm7\Ghook.dll]  [N/A, ]
    [C:\DOCUME~1\rjs\LOCALS~1\Temp\LgSy1.dll]  [N/A, ]
    [C:\DOCUME~1\rjs\LOCALS~1\Temp\fyzo0.dll]  [N/A, ]
    [C:\DOCUME~1\rjs\LOCALS~1\Temp\Rav20.dll]  [N/A, ]
    [C:\DOCUME~1\rjs\LOCALS~1\Temp\LgSy0.dll]  [N/A, ]
    [C:\DOCUME~1\rjs\LOCALS~1\Temp\Gjzo0.dll]  [N/A, ]
    [C:\DOCUME~1\rjs\LOCALS~1\Temp\Kavs0.dll]  [N/A, ]
    [C:\WINDOWS\TEMP\upxdnd.dll]  [N/A, ]
    [C:\WINDOWS\system32\upxdnd.dll]  [N/A, ]
    [C:\Program Files\TENCENT\Adplus\SSAddr1.dll]  [Tencent, 4, 5, 1, 14]
    [C:\Program Files\Microsoft Office\OFFICE11\msohev.dll]  [Microsoft Corporation, 11.0.5510]
    [C:\WINDOWS\system32\Audiodev.dll]  [Microsoft Corporation, 5.2.3802.3802 built by: dnsrv(bld4act)]
[PID: 652][C:\program files\Internet Explorer\IEXPLORE.EXE]  [Microsoft Corporation, 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)]
    [C:\Program Files\Tencent\QQDownload\QQIEHelper01.dll]  [腾讯公司, 1, 1, 0, 5]
    [C:\Program Files\TENCENT\Adplus\SSAddr1.dll]  [Tencent, 4, 5, 1, 14]
    [C:\WINDOWS\Syswl3\Ghook.dll]  [N/A, ]
    [C:\Program Files\Microsoft Office\OFFICE11\msohev.dll]  [Microsoft Corporation, 11.0.5510]
    [C:\Program Files\TENCENT\Adplus\Adplus1.dll]  [Tencent, 4, 5, 1, 14]
    [C:\WINDOWS\Sysfy4\Ghook.dll]  [N/A, ]
    [C:\WINDOWS\system32\cmdbcs.dll]  [N/A, ]
    [C:\WINDOWS\system32\Kvsc3.dll]  [N/A, ]
    [C:\WINDOWS\system32\msccrt.dll]  [N/A, ]
    [C:\WINDOWS\Syssj5\Ghook.dll]  [N/A, ]
    [C:\WINDOWS\SysSun2\Ghook.dll]  [N/A, ]
    [C:\WINDOWS\SysJT4\Ghook.dll]  [N/A, ]
    [C:\WINDOWS\system32\txwgmr.dll]  [N/A, ]
    [C:\WINDOWS\system32\SysJ2\Ghook.dll]  [N/A, ]
    [C:\WINDOWS\Syswm7\Ghook.dll]  [N/A, ]
[PID: 1208][C:\WINDOWS\svchost.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
    [C:\WINDOWS\Syswl3\Ghook.dll]  [N/A, ]
    [C:\WINDOWS\system32\txwgmr.dll]  [N/A, ]
    [C:\WINDOWS\SysJT4\Ghook.dll]  [N/A, ]
    [C:\WINDOWS\SysSun2\Ghook.dll]  [N/A, ]
    [C:\WINDOWS\Syssj5\Ghook.dll]  [N/A, ]
    [C:\WINDOWS\system32\msccrt.dll]  [N/A, ]
    [C:\WINDOWS\system32\Kvsc3.dll]  [N/A, ]
    [C:\WINDOWS\system32\cmdbcs.dll]  [N/A, ]
    [C:\WINDOWS\Sysfy4\Ghook.dll]  [N/A, ]
    [C:\WINDOWS\Syswm7\Ghook.dll]  [N/A, ]
    [C:\WINDOWS\system32\SysJ2\Ghook.dll]  [N/A, ]
[PID: 1924][C:\WINDOWS\VM_STI.EXE]  [VM., 4.2.610.4]
    [C:\WINDOWS\system32\msdmo.dll]  [, ]
    [C:\WINDOWS\system32\VM31bPrp.Ax]  [VM, 4.2.711.31]
    [C:\WINDOWS\Syswl3\Ghook.dll]  [N/A, ]
    [C:\WINDOWS\Sysfy4\Ghook.dll]  [N/A, ]
    [C:\WINDOWS\system32\cmdbcs.dll]  [N/A, ]
    [C:\WINDOWS\system32\Kvsc3.dll]  [N/A, ]
    [C:\WINDOWS\system32\msccrt.dll]  [N/A, ]
    [C:\WINDOWS\Syssj5\Ghook.dll]  [N/A, ]
    [C:\WINDOWS\SysSun2\Ghook.dll]  [N/A, ]
    [C:\WINDOWS\SysJT4\Ghook.dll]  [N/A, ]
    [C:\WINDOWS\system32\txwgmr.dll]  [N/A, ]
    [C:\WINDOWS\system32\SysJ2\Ghook.dll]  [N/A, ]
    [C:\WINDOWS\Syswm7\Ghook.dll]  [N/A, ]
[PID: 2100][C:\Program Files\Common Files\Real\Update_OB\realsched.exe]  [RealNetworks, Inc., 0.1.0.3427]
    [C:\WINDOWS\Syswl3\Ghook.dll]  [N/A, ]
    [C:\WINDOWS\system32\txwgmr.dll]  [N/A, ]
    [C:\WINDOWS\SysJT4\Ghook.dll]  [N/A, ]
    [C:\WINDOWS\SysSun2\Ghook.dll]  [N/A, ]
    [C:\WINDOWS\Syssj5\Ghook.dll]  [N/A, ]
    [C:\WINDOWS\system32\msccrt.dll]  [N/A, ]
    [C:\WINDOWS\system32\Kvsc3.dll]  [N/A, ]
gototop
 
rushiqi
头像
健康舞勺狮
  • 帖子:266
  • 注册: 2006-06-21
  • 来自:
发表于: 2007-06-02 16:34 | 只看楼主 短消息 资料
字号: 3楼

[C:\WINDOWS\system32\cmdbcs.dll]  [N/A, ]
    [C:\WINDOWS\Sysfy4\Ghook.dll]  [N/A, ]
    [C:\WINDOWS\Syswm7\Ghook.dll]  [N/A, ]
    [C:\WINDOWS\system32\SysJ2\Ghook.dll]  [N/A, ]
[PID: 2276][C:\WINDOWS\pklihisss.exe]  [N/A, ]
    [C:\WINDOWS\system32\msacm32.drv]  [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)]
    [C:\WINDOWS\system32\pklihisss.dll]  [N/A, ]
[PID: 2880][C:\WINDOWS\Syswl3\svchost.exe]  [N/A, ]
    [C:\WINDOWS\Syswl3\Ghook.dll]  [N/A, ]
[PID: 2956][C:\WINDOWS\Sysfy4\svchost.exe]  [N/A, ]
    [C:\WINDOWS\Sysfy4\Ghook.dll]  [N/A, ]
[PID: 3000][C:\WINDOWS\main32.exe]  [N/A, ]
    [C:\WINDOWS\system32\msacm32.drv]  [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)]
    [C:\WINDOWS\system32\main32.dll]  [N/A, ]
[PID: 3052][C:\WINDOWS\system32\ctfmon.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
    [C:\WINDOWS\Syswl3\Ghook.dll]  [N/A, ]
    [C:\WINDOWS\Sysfy4\Ghook.dll]  [N/A, ]
    [C:\WINDOWS\system32\Kvsc3.dll]  [N/A, ]
    [C:\WINDOWS\system32\cmdbcs.dll]  [N/A, ]
    [C:\WINDOWS\system32\txwgmr.dll]  [N/A, ]
    [C:\WINDOWS\SysJT4\Ghook.dll]  [N/A, ]
    [C:\WINDOWS\SysSun2\Ghook.dll]  [N/A, ]
    [C:\WINDOWS\Syssj5\Ghook.dll]  [N/A, ]
    [C:\WINDOWS\system32\msccrt.dll]  [N/A, ]
    [C:\WINDOWS\Syswm7\Ghook.dll]  [N/A, ]
    [C:\WINDOWS\system32\SysJ2\Ghook.dll]  [N/A, ]
[PID: 3372][C:\WINDOWS\system32\conime.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
    [C:\Program Files\TENCENT\Adplus\Adplus1.dll]  [Tencent, 4, 5, 1, 14]
    [C:\WINDOWS\system32\txwgmr.dll]  [N/A, ]
    [C:\WINDOWS\SysJT4\Ghook.dll]  [N/A, ]
    [C:\WINDOWS\SysSun2\Ghook.dll]  [N/A, ]
    [C:\WINDOWS\Syssj5\Ghook.dll]  [N/A, ]
    [C:\WINDOWS\system32\msccrt.dll]  [N/A, ]
    [C:\WINDOWS\system32\Kvsc3.dll]  [N/A, ]
    [C:\WINDOWS\system32\cmdbcs.dll]  [N/A, ]
    [C:\WINDOWS\Sysfy4\Ghook.dll]  [N/A, ]
    [C:\WINDOWS\Syswl3\Ghook.dll]  [N/A, ]
    [C:\WINDOWS\Syswm7\Ghook.dll]  [N/A, ]
    [C:\WINDOWS\system32\SysJ2\Ghook.dll]  [N/A, ]
[PID: 3540][C:\WINDOWS\Syssj5\svchost.exe]  [N/A, ]
    [C:\WINDOWS\Syssj5\Ghook.dll]  [N/A, ]
[PID: 3660][C:\WINDOWS\SysSun2\svchost.exe]  [N/A, ]
    [C:\WINDOWS\SysSun2\Ghook.dll]  [N/A, ]
[PID: 3712][C:\WINDOWS\SysJT4\svchost.exe]  [N/A, ]
    [C:\WINDOWS\SysJT4\Ghook.dll]  [N/A, ]
[PID: 3860][C:\WINDOWS\system32\SysJ2\svchost.exe]  [N/A, ]
    [C:\WINDOWS\system32\SysJ2\Ghook.dll]  [N/A, ]
[PID: 3884][C:\WINDOWS\Syssj5\svchost.exe]  [N/A, ]
    [C:\WINDOWS\Syssj5\Ghook.dll]  [N/A, ]
[PID: 3900][C:\WINDOWS\Syswm7\svchost.exe]  [N/A, ]
    [C:\WINDOWS\Syswm7\Ghook.dll]  [N/A, ]
[PID: 3920][C:\Program Files\ChinaNet\VnetClient.exe]  [, 2005, 10, 8, 1]
    [C:\Program Files\ChinaNet\Communicate.dll]  [0, 2005, 3, 3, 1]
    [C:\Program Files\ChinaNet\DialModule.dll]  [, 2005, 3, 22, 1]
    [C:\Program Files\ChinaNet\MFC42.DLL]  [Microsoft Corporation, 6.00.8665.0]
    [C:\Program Files\TENCENT\Adplus\Adplus1.dll]  [Tencent, 4, 5, 1, 14]
    [C:\PROGRA~1\ChinaNet\CLIENT~1.DLL]  [, 2004, 2, 28, 1]
    [C:\PROGRA~1\ChinaNet\PLUGIN~1.OCX]  [, 2005, 7, 27, 1]
    [C:\PROGRA~1\ChinaNet\sign.dll]  [0, 2004, 12, 1, 1]
    [C:\Program Files\ChinaNet\SysPlug\4f14c0bd-1c30-4251-bcff-946b4fec7946\GLWorldPlug.dll]  [Ourgame, 1, 0, 0, 1]
    [C:\PROGRA~1\ChinaNet\WEBPLU~1.DLL]  [, 2005, 8, 18, 1]
    [C:\PROGRA~1\ChinaNet\PostPlug.dll]  [, 2004, 12, 16, 2]
    [C:\PROGRA~1\ChinaNet\ADVERT~1.OCX]  [, 2005, 10, 13, 1]
    [C:\PROGRA~1\ChinaNet\Gif89a.dll]  [, 2005, 6, 21, 1]
    [C:\PROGRA~1\ChinaNet\VnetBs.ocx]  [, 2004, 11, 18, 1]
    [C:\PROGRA~1\ChinaNet\ACCOUN~2.DLL]  [, 2005, 8, 11, 1]
    [C:\PROGRA~1\ChinaNet\AccountMgr.dll]  [, 2005, 8, 16, 1]
    [C:\PROGRA~1\ChinaNet\VnetSkin.ocx]  [GDDC, 1, 0, 0, 1]
    [C:\PROGRA~1\ChinaNet\DialogStyle.dll]  [, 1, 0, 0, 1]
    [C:\PROGRA~1\ChinaNet\Timer.ocx]  [, 2005, 10, 9, 14]
    [C:\PROGRA~1\ChinaNet\PLUGIN~2.OCX]  [, 2005, 2, 24, 1]
    [C:\PROGRA~1\ChinaNet\NEWMES~1.DLL]  [, 2005, 8, 26, 1]
    [C:\PROGRA~1\ChinaNet\PassCtrl.dll]  [, 1, 0, 0, 1]
    [C:\PROGRA~1\ChinaNet\PlugPush.dll]  [, 2004, 12, 21, 1]
    [C:\PROGRA~1\ChinaNet\ALLINT~1.DLL]  [, 2004, 11, 23, 1]
    [C:\PROGRA~1\ChinaNet\VNetLog.ocx]  [, 2005, 10, 9, 1]
    [C:\PROGRA~1\ChinaNet\StatNum.dll]  [, 2004, 11, 18, 1]
    [C:\PROGRA~1\ChinaNet\VNETON~1.OCX]  [, 2005, 3, 2, 1]
    [C:\PROGRA~1\ChinaNet\ALLFUN~1.DLL]  [GDCN, 2005, 10, 9, 1]
    [C:\PROGRA~1\ChinaNet\VnetOptLog.dll]  [, 2005, 9, 13, 9]
    [C:\WINDOWS\Syswm7\Ghook.dll]  [N/A, ]
    [C:\WINDOWS\system32\SysJ2\Ghook.dll]  [N/A, ]
    [C:\WINDOWS\Syssj5\Ghook.dll]  [N/A, ]
    [C:\WINDOWS\system32\txwgmr.dll]  [N/A, ]
    [C:\WINDOWS\SysJT4\Ghook.dll]  [N/A, ]
    [C:\WINDOWS\SysSun2\Ghook.dll]  [N/A, ]
    [C:\WINDOWS\system32\msccrt.dll]  [N/A, ]
    [C:\WINDOWS\system32\Kvsc3.dll]  [N/A, ]
    [C:\WINDOWS\system32\cmdbcs.dll]  [N/A, ]
    [C:\WINDOWS\Sysfy4\Ghook.dll]  [N/A, ]
    [C:\WINDOWS\Syswl3\Ghook.dll]  [N/A, ]
    [C:\DOCUME~1\rjs\LOCALS~1\Temp\Kavs0.dll]  [N/A, ]
    [C:\DOCUME~1\rjs\LOCALS~1\Temp\Gjzo0.dll]  [N/A, ]
    [C:\DOCUME~1\rjs\LOCALS~1\Temp\LgSy0.dll]  [N/A, ]
    [C:\DOCUME~1\rjs\LOCALS~1\Temp\Rav20.dll]  [N/A, ]
    [C:\DOCUME~1\rjs\LOCALS~1\Temp\fyzo0.dll]  [N/A, ]
    [C:\DOCUME~1\rjs\LOCALS~1\Temp\LgSy1.dll]  [N/A, ]
    [C:\DOCUME~1\rjs\LOCALS~1\Temp\upxdnd.dll]  [N/A, ]
    [C:\WINDOWS\system32\mppds.dll]  [N/A, ]
    [C:\WINDOWS\system32\main32.dll]  [N/A, ]
    [C:\WINDOWS\system32\iPPro.dll]  [N/A, ]
    [C:\WINDOWS\system32\Exprer.dll]  [N/A, ]
    [C:\WINDOWS\system32\Explrer.dll]  [N/A, ]
    [C:\WINDOWS\system32\msacm32.drv]  [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)]
    [C:\PROGRA~1\ChinaNet\DlgSkin.ocx]  [, 1, 0, 0, 1]
    [C:\WINDOWS\system32\Macromed\Flash\Flash8.ocx]  [Macromedia, Inc., 8,0,22,0]
[PID: 1960][C:\WINDOWS\iPPro.exe]  [N/A, ]
    [C:\WINDOWS\system32\msacm32.drv]  [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)]
[PID: 2284][C:\program files\Internet Explorer\IEXPLORE.EXE]  [Microsoft Corporation, 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)]
    [C:\Program Files\TENCENT\Adplus\Adplus1.dll]  [Tencent, 4, 5, 1, 14]
    [C:\Program Files\TENCENT\Adplus\SSAddr1.dll]  [Tencent, 4, 5, 1, 14]
    [C:\Program Files\Tencent\QQDownload\QQIEHelper01.dll]  [腾讯公司, 1, 1, 0, 5]
    [C:\WINDOWS\Syswm7\Ghook.dll]  [N/A, ]
    [C:\WINDOWS\system32\SysJ2\Ghook.dll]  [N/A, ]
    [C:\WINDOWS\Syssj5\Ghook.dll]  [N/A, ]
    [C:\WINDOWS\system32\txwgmr.dll]  [N/A, ]
    [C:\WINDOWS\SysJT4\Ghook.dll]  [N/A, ]
    [C:\WINDOWS\SysSun2\Ghook.dll]  [N/A, ]
    [C:\WINDOWS\system32\msccrt.dll]  [N/A, ]
    [C:\WINDOWS\system32\Kvsc3.dll]  [N/A, ]
    [C:\WINDOWS\system32\cmdbcs.dll]  [N/A, ]
    [C:\WINDOWS\Sysfy4\Ghook.dll]  [N/A, ]
    [C:\WINDOWS\Syswl3\Ghook.dll]  [N/A, ]
    [C:\Program Files\Microsoft Office\OFFICE11\msohev.dll]  [Microsoft Corporation, 11.0.5510]
[PID: 2588][C:\program files\Internet Explorer\IEXPLORE.EXE]  [Microsoft Corporation, 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)]
    [C:\Program Files\TENCENT\Adplus\Adplus1.dll]  [Tencent, 4, 5, 1, 14]
    [C:\Program Files\TENCENT\Adplus\SSAddr1.dll]  [Tencent, 4, 5, 1, 14]
    [C:\Program Files\Tencent\QQDownload\QQIEHelper01.dll]  [腾讯公司, 1, 1, 0, 5]
    [C:\WINDOWS\Syswm7\Ghook.dll]  [N/A, ]
    [C:\WINDOWS\system32\SysJ2\Ghook.dll]  [N/A, ]
    [C:\WINDOWS\Syssj5\Ghook.dll]  [N/A, ]
    [C:\WINDOWS\system32\txwgmr.dll]  [N/A, ]
    [C:\WINDOWS\SysJT4\Ghook.dll]  [N/A, ]
    [C:\WINDOWS\SysSun2\Ghook.dll]  [N/A, ]
    [C:\WINDOWS\system32\msccrt.dll]  [N/A, ]
    [C:\WINDOWS\system32\Kvsc3.dll]  [N/A, ]
    [C:\WINDOWS\system32\cmdbcs.dll]  [N/A, ]
    [C:\WINDOWS\Sysfy4\Ghook.dll]  [N/A, ]
    [C:\WINDOWS\Syswl3\Ghook.dll]  [N/A, ]
    [C:\Program Files\Microsoft Office\OFFICE11\msohev.dll]  [Microsoft Corporation, 11.0.5510]
    [C:\WINDOWS\system32\Macromed\Flash\Flash8.ocx]  [Macromedia, Inc., 8,0,22,0]
    [C:\WINDOWS\system32\msacm32.drv]  [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)]
    [C:\WINDOWS\system32\xpsp3res.dll]  [Microsoft Corporation, 5.1.2600.3100 (xpsp_sp2_gdr.070309-0025)]
[PID: 2840][C:\WINDOWS\svchost.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
    [C:\Program Files\TENCENT\Adplus\Adplus1.dll]  [Tencent, 4, 5, 1, 14]
    [C:\WINDOWS\Syswm7\Ghook.dll]  [N/A, ]
    [C:\WINDOWS\system32\SysJ2\Ghook.dll]  [N/A, ]
    [C:\WINDOWS\Syssj5\Ghook.dll]  [N/A, ]
    [C:\WINDOWS\system32\txwgmr.dll]  [N/A, ]
    [C:\WINDOWS\SysJT4\Ghook.dll]  [N/A, ]
    [C:\WINDOWS\SysSun2\Ghook.dll]  [N/A, ]
    [C:\WINDOWS\system32\msccrt.dll]  [N/A, ]
    [C:\WINDOWS\system32\Kvsc3.dll]  [N/A, ]
    [C:\WINDOWS\system32\cmdbcs.dll]  [N/A, ]
    [C:\WINDOWS\Sysfy4\Ghook.dll]  [N/A, ]
gototop
 
rushiqi
头像
健康舞勺狮
  • 帖子:266
  • 注册: 2006-06-21
  • 来自:
发表于: 2007-06-02 16:34 | 只看楼主 短消息 资料
字号: 4楼

[C:\WINDOWS\Syswl3\Ghook.dll]  [N/A, ]
[PID: 208][C:\program files\Internet Explorer\IEXPLORE.EXE]  [Microsoft Corporation, 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)]
    [C:\WINDOWS\system32\msdebug.dll]  [N/A, ]
    [C:\WINDOWS\system32\RemoteDbg.dll]  [N/A, ]
    [C:\Program Files\TENCENT\Adplus\Adplus1.dll]  [Tencent, 4, 5, 1, 14]
    [C:\Program Files\TENCENT\Adplus\SSAddr1.dll]  [Tencent, 4, 5, 1, 14]
    [C:\Program Files\Tencent\QQDownload\QQIEHelper01.dll]  [腾讯公司, 1, 1, 0, 5]
    [C:\WINDOWS\Syswm7\Ghook.dll]  [N/A, ]
    [C:\WINDOWS\system32\SysJ2\Ghook.dll]  [N/A, ]
    [C:\WINDOWS\Syssj5\Ghook.dll]  [N/A, ]
    [C:\WINDOWS\system32\txwgmr.dll]  [N/A, ]
    [C:\WINDOWS\SysJT4\Ghook.dll]  [N/A, ]
    [C:\WINDOWS\SysSun2\Ghook.dll]  [N/A, ]
    [C:\WINDOWS\system32\msccrt.dll]  [N/A, ]
    [C:\WINDOWS\system32\Kvsc3.dll]  [N/A, ]
    [C:\WINDOWS\system32\cmdbcs.dll]  [N/A, ]
    [C:\WINDOWS\Sysfy4\Ghook.dll]  [N/A, ]
    [C:\WINDOWS\Syswl3\Ghook.dll]  [N/A, ]
    [C:\Program Files\Microsoft Office\OFFICE11\msohev.dll]  [Microsoft Corporation, 11.0.5510]
[PID: 2752][C:\Program Files\Internet Explorer\iexplore.exe]  [Microsoft Corporation, 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)]
    [C:\WINDOWS\system32\msdebug.dll]  [N/A, ]
    [C:\WINDOWS\system32\RemoteDbg.dll]  [N/A, ]
    [C:\WINDOWS\system32\windds32.dll]  [N/A, ]
    [C:\WINDOWS\system32\windhcp.ocx]  [N/A, ]
    [C:\WINDOWS\system32\xpdhcp.dll]  [N/A, ]
    [C:\WINDOWS\system32\WMIApiSrv.dll]  [N/A, ]
    [C:\WINDOWS\system32\netsrvcs.dll]  [N/A, ]
    [C:\Program Files\TENCENT\Adplus\Adplus1.dll]  [Tencent, 4, 5, 1, 14]
    [C:\Program Files\TENCENT\Adplus\SSAddr1.dll]  [Tencent, 4, 5, 1, 14]
    [C:\Program Files\Tencent\QQDownload\QQIEHelper01.dll]  [腾讯公司, 1, 1, 0, 5]
    [C:\WINDOWS\Syswm7\Ghook.dll]  [N/A, ]
    [C:\WINDOWS\system32\SysJ2\Ghook.dll]  [N/A, ]
    [C:\WINDOWS\Syssj5\Ghook.dll]  [N/A, ]
    [C:\WINDOWS\system32\txwgmr.dll]  [N/A, ]
    [C:\WINDOWS\SysJT4\Ghook.dll]  [N/A, ]
    [C:\WINDOWS\SysSun2\Ghook.dll]  [N/A, ]
    [C:\WINDOWS\system32\msccrt.dll]  [N/A, ]
    [C:\WINDOWS\system32\Kvsc3.dll]  [N/A, ]
    [C:\WINDOWS\system32\cmdbcs.dll]  [N/A, ]
    [C:\WINDOWS\Sysfy4\Ghook.dll]  [N/A, ]
    [C:\WINDOWS\Syswl3\Ghook.dll]  [N/A, ]
    [C:\WINDOWS\system32\upxdnd.dll]  [N/A, ]
    [C:\WINDOWS\TEMP\upxdnd.dll]  [N/A, ]
    [C:\DOCUME~1\rjs\LOCALS~1\Temp\Kavs0.dll]  [N/A, ]
    [C:\DOCUME~1\rjs\LOCALS~1\Temp\Gjzo0.dll]  [N/A, ]
    [C:\DOCUME~1\rjs\LOCALS~1\Temp\LgSy0.dll]  [N/A, ]
    [C:\DOCUME~1\rjs\LOCALS~1\Temp\Rav20.dll]  [N/A, ]
    [C:\DOCUME~1\rjs\LOCALS~1\Temp\fyzo0.dll]  [N/A, ]
    [C:\DOCUME~1\rjs\LOCALS~1\Temp\LgSy1.dll]  [N/A, ]
    [C:\DOCUME~1\rjs\LOCALS~1\Temp\upxdnd.dll]  [N/A, ]
    [C:\WINDOWS\system32\mppds.dll]  [N/A, ]
    [C:\WINDOWS\system32\main32.dll]  [N/A, ]
    [C:\WINDOWS\system32\iPPro.dll]  [N/A, ]
    [C:\WINDOWS\system32\Exprer.dll]  [N/A, ]
    [C:\WINDOWS\system32\Explrer.dll]  [N/A, ]
    [C:\Program Files\Microsoft Office\OFFICE11\msohev.dll]  [Microsoft Corporation, 11.0.5510]
    [C:\WINDOWS\system32\Macromed\Flash\Flash8.ocx]  [Macromedia, Inc., 8,0,22,0]
    [C:\WINDOWS\system32\msacm32.drv]  [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)]
    [C:\WINDOWS\system32\xpsp3res.dll]  [Microsoft Corporation, 5.1.2600.3100 (xpsp_sp2_gdr.070309-0025)]
    [C:\WINDOWS\system32\IMSC40A.IME]  [Microsoft Corporation, 6.0.0.2527]
    [C:\PROGRA~1\COMMON~1\MICROS~1\IME\SHARED2.0\MSCAND20.DLL]  [Microsoft Corporation, 9.0.5510.0]
[PID: 2488][C:\program files\Internet Explorer\IEXPLORE.EXE]  [Microsoft Corporation, 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)]
    [C:\WINDOWS\system32\msdebug.dll]  [N/A, ]
    [C:\WINDOWS\system32\RemoteDbg.dll]  [N/A, ]
    [C:\WINDOWS\system32\windds32.dll]  [N/A, ]
    [C:\WINDOWS\system32\windhcp.ocx]  [N/A, ]
    [C:\WINDOWS\system32\xpdhcp.dll]  [N/A, ]
    [C:\WINDOWS\system32\WMIApiSrv.dll]  [N/A, ]
    [C:\WINDOWS\system32\netsrvcs.dll]  [N/A, ]
    [C:\Program Files\TENCENT\Adplus\Adplus1.dll]  [Tencent, 4, 5, 1, 14]
    [C:\Program Files\TENCENT\Adplus\SSAddr1.dll]  [Tencent, 4, 5, 1, 14]
    [C:\Program Files\Tencent\QQDownload\QQIEHelper01.dll]  [腾讯公司, 1, 1, 0, 5]
    [C:\WINDOWS\Syswm7\Ghook.dll]  [N/A, ]
    [C:\WINDOWS\system32\SysJ2\Ghook.dll]  [N/A, ]
    [C:\WINDOWS\Syssj5\Ghook.dll]  [N/A, ]
    [C:\WINDOWS\system32\txwgmr.dll]  [N/A, ]
    [C:\WINDOWS\SysJT4\Ghook.dll]  [N/A, ]
    [C:\WINDOWS\SysSun2\Ghook.dll]  [N/A, ]
    [C:\WINDOWS\system32\msccrt.dll]  [N/A, ]
    [C:\WINDOWS\system32\Kvsc3.dll]  [N/A, ]
    [C:\WINDOWS\system32\cmdbcs.dll]  [N/A, ]
    [C:\WINDOWS\Sysfy4\Ghook.dll]  [N/A, ]
    [C:\WINDOWS\Syswl3\Ghook.dll]  [N/A, ]
    [C:\Program Files\Microsoft Office\OFFICE11\msohev.dll]  [Microsoft Corporation, 11.0.5510]
    [C:\WINDOWS\system32\Macromed\Flash\Flash8.ocx]  [Macromedia, Inc., 8,0,22,0]
    [C:\WINDOWS\system32\msacm32.drv]  [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)]
    [C:\WINDOWS\system32\xpsp3res.dll]  [Microsoft Corporation, 5.1.2600.3100 (xpsp_sp2_gdr.070309-0025)]
[PID: 1988][C:\WINDOWS\svchost.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
    [C:\WINDOWS\system32\msdebug.dll]  [N/A, ]
    [C:\WINDOWS\system32\RemoteDbg.dll]  [N/A, ]
    [C:\WINDOWS\system32\windds32.dll]  [N/A, ]
    [C:\WINDOWS\system32\windhcp.ocx]  [N/A, ]
    [C:\WINDOWS\system32\xpdhcp.dll]  [N/A, ]
    [C:\WINDOWS\system32\WMIApiSrv.dll]  [N/A, ]
    [C:\WINDOWS\system32\netsrvcs.dll]  [N/A, ]
    [C:\Program Files\TENCENT\Adplus\Adplus1.dll]  [Tencent, 4, 5, 1, 14]
    [C:\WINDOWS\Syswm7\Ghook.dll]  [N/A, ]
    [C:\WINDOWS\system32\SysJ2\Ghook.dll]  [N/A, ]
    [C:\WINDOWS\Syssj5\Ghook.dll]  [N/A, ]
    [C:\WINDOWS\system32\txwgmr.dll]  [N/A, ]
    [C:\WINDOWS\SysJT4\Ghook.dll]  [N/A, ]
    [C:\WINDOWS\SysSun2\Ghook.dll]  [N/A, ]
    [C:\WINDOWS\system32\msccrt.dll]  [N/A, ]
    [C:\WINDOWS\system32\Kvsc3.dll]  [N/A, ]
    [C:\WINDOWS\system32\cmdbcs.dll]  [N/A, ]
    [C:\WINDOWS\Sysfy4\Ghook.dll]  [N/A, ]
    [C:\WINDOWS\Syswl3\Ghook.dll]  [N/A, ]
[PID: 336][C:\program files\Internet Explorer\IEXPLORE.EXE]  [Microsoft Corporation, 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)]
    [C:\WINDOWS\system32\msdebug.dll]  [N/A, ]
    [C:\WINDOWS\system32\RemoteDbg.dll]  [N/A, ]
    [C:\WINDOWS\system32\windds32.dll]  [N/A, ]
    [C:\WINDOWS\system32\windhcp.ocx]  [N/A, ]
    [C:\WINDOWS\system32\xpdhcp.dll]  [N/A, ]
    [C:\WINDOWS\system32\WMIApiSrv.dll]  [N/A, ]
    [C:\WINDOWS\system32\netsrvcs.dll]  [N/A, ]
    [C:\Program Files\TENCENT\Adplus\Adplus1.dll]  [Tencent, 4, 5, 1, 14]
    [C:\Program Files\TENCENT\Adplus\SSAddr1.dll]  [Tencent, 4, 5, 1, 14]
    [C:\Program Files\Tencent\QQDownload\QQIEHelper01.dll]  [腾讯公司, 1, 1, 0, 5]
    [C:\WINDOWS\Syswm7\Ghook.dll]  [N/A, ]
    [C:\WINDOWS\system32\SysJ2\Ghook.dll]  [N/A, ]
    [C:\WINDOWS\Syssj5\Ghook.dll]  [N/A, ]
    [C:\WINDOWS\system32\txwgmr.dll]  [N/A, ]
    [C:\WINDOWS\SysJT4\Ghook.dll]  [N/A, ]
    [C:\WINDOWS\SysSun2\Ghook.dll]  [N/A, ]
    [C:\WINDOWS\system32\msccrt.dll]  [N/A, ]
    [C:\WINDOWS\system32\Kvsc3.dll]  [N/A, ]
    [C:\WINDOWS\system32\cmdbcs.dll]  [N/A, ]
    [C:\WINDOWS\Sysfy4\Ghook.dll]  [N/A, ]
    [C:\WINDOWS\Syswl3\Ghook.dll]  [N/A, ]
gototop
 
rushiqi
头像
健康舞勺狮
  • 帖子:266
  • 注册: 2006-06-21
  • 来自:
发表于: 2007-06-02 16:34 | 只看楼主 短消息 资料
字号: 5楼

[C:\Program Files\Microsoft Office\OFFICE11\msohev.dll]  [Microsoft Corporation, 11.0.5510]
[PID: 3760][C:\WINDOWS\system32\wuauclt.exe]  [Microsoft Corporation, 5.8.0.2469 built by: lab01_n(wmbla)]
    [C:\WINDOWS\system32\msdebug.dll]  [N/A, ]
    [C:\WINDOWS\system32\RemoteDbg.dll]  [N/A, ]
    [C:\WINDOWS\system32\windds32.dll]  [N/A, ]
    [C:\WINDOWS\system32\windhcp.ocx]  [N/A, ]
    [C:\WINDOWS\system32\xpdhcp.dll]  [N/A, ]
    [C:\WINDOWS\system32\WMIApiSrv.dll]  [N/A, ]
    [C:\WINDOWS\system32\netsrvcs.dll]  [N/A, ]
    [C:\Program Files\TENCENT\Adplus\Adplus1.dll]  [Tencent, 4, 5, 1, 14]
    [C:\WINDOWS\system32\wups2.dll]  [Microsoft Corporation, 5.8.0.2469 built by: lab01_n(wmbla)]
    [C:\WINDOWS\Syswm7\Ghook.dll]  [N/A, ]
    [C:\WINDOWS\system32\SysJ2\Ghook.dll]  [N/A, ]
    [C:\WINDOWS\Syssj5\Ghook.dll]  [N/A, ]
    [C:\WINDOWS\system32\txwgmr.dll]  [N/A, ]
    [C:\WINDOWS\SysJT4\Ghook.dll]  [N/A, ]
    [C:\WINDOWS\SysSun2\Ghook.dll]  [N/A, ]
    [C:\WINDOWS\system32\msccrt.dll]  [N/A, ]
    [C:\WINDOWS\system32\Kvsc3.dll]  [N/A, ]
    [C:\WINDOWS\system32\cmdbcs.dll]  [N/A, ]
    [C:\WINDOWS\Sysfy4\Ghook.dll]  [N/A, ]
    [C:\WINDOWS\Syswl3\Ghook.dll]  [N/A, ]
[PID: 604][F:\新建文件夹\sreng2\SREng.EXE]  [Smallfrogs Studio, 2.4.12.806]
    [C:\WINDOWS\system32\msdebug.dll]  [N/A, ]
    [C:\WINDOWS\system32\RemoteDbg.dll]  [N/A, ]
    [C:\WINDOWS\system32\windds32.dll]  [N/A, ]
    [C:\WINDOWS\system32\windhcp.ocx]  [N/A, ]
    [C:\WINDOWS\system32\xpdhcp.dll]  [N/A, ]
    [C:\WINDOWS\system32\WMIApiSrv.dll]  [N/A, ]
    [C:\WINDOWS\system32\netsrvcs.dll]  [N/A, ]
    [C:\Program Files\TENCENT\Adplus\Adplus1.dll]  [Tencent, 4, 5, 1, 14]
    [C:\WINDOWS\Syswm7\Ghook.dll]  [N/A, ]
    [C:\WINDOWS\system32\SysJ2\Ghook.dll]  [N/A, ]
    [C:\WINDOWS\Syssj5\Ghook.dll]  [N/A, ]
    [C:\WINDOWS\system32\txwgmr.dll]  [N/A, ]
    [C:\WINDOWS\SysJT4\Ghook.dll]  [N/A, ]
    [C:\WINDOWS\SysSun2\Ghook.dll]  [N/A, ]
    [C:\WINDOWS\system32\msccrt.dll]  [N/A, ]
    [C:\WINDOWS\system32\Kvsc3.dll]  [N/A, ]
    [C:\WINDOWS\system32\cmdbcs.dll]  [N/A, ]
    [C:\WINDOWS\Sysfy4\Ghook.dll]  [N/A, ]
    [C:\WINDOWS\Syswl3\Ghook.dll]  [N/A, ]
    [C:\WINDOWS\system32\upxdnd.dll]  [N/A, ]
    [C:\WINDOWS\TEMP\upxdnd.dll]  [N/A, ]
    [C:\DOCUME~1\rjs\LOCALS~1\Temp\Kavs0.dll]  [N/A, ]
    [C:\DOCUME~1\rjs\LOCALS~1\Temp\Gjzo0.dll]  [N/A, ]
    [C:\DOCUME~1\rjs\LOCALS~1\Temp\LgSy0.dll]  [N/A, ]
    [C:\DOCUME~1\rjs\LOCALS~1\Temp\Rav20.dll]  [N/A, ]
    [C:\DOCUME~1\rjs\LOCALS~1\Temp\fyzo0.dll]  [N/A, ]
    [C:\DOCUME~1\rjs\LOCALS~1\Temp\LgSy1.dll]  [N/A, ]
    [C:\DOCUME~1\rjs\LOCALS~1\Temp\upxdnd.dll]  [N/A, ]
    [C:\WINDOWS\system32\mppds.dll]  [N/A, ]
    [C:\WINDOWS\system32\main32.dll]  [N/A, ]
    [C:\WINDOWS\system32\iPPro.dll]  [N/A, ]
    [C:\WINDOWS\system32\Exprer.dll]  [N/A, ]
    [C:\WINDOWS\system32\Explrer.dll]  [N/A, ]

==================================
文件关联
.TXT  Error. [NOTEPAD.EXE %1]
.EXE  OK. ["%1" %*]
.COM  OK. ["%1" %*]
.PIF  OK. ["%1" %*]
.REG  OK. [regedit.exe "%1"]
.BAT  OK. ["%1" %*]
.SCR  OK. ["%1" /S]
.CHM  OK. ["C:\WINDOWS\hh.exe" %1]
.HLP  OK. [%SystemRoot%\System32\winhlp32.exe %1]
.INI  Error. [notepad.exe %1]
.INF  Error. [notepad.exe %1]
.VBS  Error. [超级解霸3000]
.JS  OK. [%SystemRoot%\System32\WScript.exe "%1" %*]
.LNK  OK. [{00021401-0000-0000-C000-000000000046}]

==================================
Winsock 提供者
N/A

==================================
Autorun.inf
N/A

==================================
HOSTS 文件
127.0.0.1      localhost
127.0.0.1      mmm.caifu18.net
127.0.0.1      www.18dmm.com
127.0.0.1      d.qbbd.com
127.0.0.1      www.5117music.com
127.0.0.1      www.union123.com
127.0.0.1      www.wu7x.cn
127.0.0.1      www.54699.com
127.0.0.1      www1.6tan.com
127.0.0.1      www2.6tan.com
127.0.0.1      www.97725.com
127.0.0.1      down.97725.com
127.0.0.1      ip.315hack.com
127.0.0.1      ip.54liumang.com
127.0.0.1      www.41ip.com
127.0.0.1      xulao.com
127.0.0.1      www.heixiou.com
127.0.0.1      www.9cyy.com
127.0.0.1      www.hunll.com
127.0.0.1      www.down.hunll.com
127.0.0.1      do.77276.com
127.0.0.1      www.baidulink.com
127.0.0.1      adnx.yygou.cn
127.0.0.1      222.73.220.45
127.0.0.1      www.f5game.com
127.0.0.1      www.guazhan.cn
127.0.0.1      wm,103715.com
127.0.0.1      www.my6688.cn
127.0.0.1      i.96981.com
127.0.0.1      d.77276.com
127.0.0.1      www1.cw988.cn
127.0.0.1      cool.47555.com
127.0.0.1      www.asdwc.com
127.0.0.1      55880.cn
127.0.0.1      61.152.169.234
127.0.0.1      cc.wzxqy.com
127.0.0.1      www.54699.com
127.0.0.1      t.gcuj.com
127.0.0.1      www.puma163.com
127.0.0.1      ceoww.com
127.0.0.1      boolom.com
127.0.0.1      adult-novel.cn
127.0.0.1      ll.chinasese.net
127.0.0.1      www.tellumore.com
127.0.0.1      www.o1wg.com
127.0.0.1      www.qq756.com
127.0.0.1      ll.chinasese.net
127.0.0.1      cool.47555.com

==================================
API HOOK
N/A

==================================
隐藏进程
N/A

==================================


[/CODE]
gototop
 
天月来了
头像
版主
  • 帖子:76904
  • 注册: 2007-02-06
  • 来自:
发表于: 2007-06-02 16:47 | 短消息 资料
字号: 6楼

真要命

最多的毒,莫过于此了。
gototop
 
baohe
头像
大版主
  • 帖子:72578
  • 注册: 2003-04-10
  • 来自:
年度优秀版主奖端午辟邪香囊卡卡名人堂就爱不长大论坛9周年纪念09欢乐圣诞十周年年度风云人物2012我眼中的你们茶馆劳模瑞星金牌用户十一周年勋章
发表于: 2007-06-02 16:48 | 短消息 资料
字号: 7楼

【回复“rushiqi”的帖子】
用IceSword可以搞掂。

基本流程是:

1、禁止进程创建。
2、结束被病毒模块插入的进程(带有下面列出的病毒模块的进程;可以参照SRENG日志辨认):
[C:\WINDOWS\Syssj5\Ghook.dll] [N/A, ]
[C:\WINDOWS\Syswm7\Ghook.dll] [N/A, ]
[C:\WINDOWS\system32\Explrer.dll] [N/A, ]
[C:\WINDOWS\system32\Exprer.dll] [N/A, ]
[C:\WINDOWS\system32\nwizAsktao.dll] [N/A, ]
[C:\WINDOWS\system32\nwiztlbb.dll] [N/A, ]
[C:\WINDOWS\system32\iPPro.dll] [N/A, ]
[C:\WINDOWS\system32\main32.dll] [N/A, ]
[C:\WINDOWS\system32\mppds.dll] [N/A, ]
[C:\WINDOWS\system32\nwizhx2.dll] [N/A, ]
[C:\WINDOWS\system32\tlbb100.dll] [N/A, ]
[C:\WINDOWS\system32\cmdbcs.dll] [N/A, ]
[C:\DOCUME~1\rjs\LOCALS~1\Temp\upxdnd.dll] [N/A, ]
[C:\WINDOWS\system32\Kvsc3.dll] [N/A, ]
[C:\WINDOWS\system32\msccrt.dll] [N/A, ]
[C:\WINDOWS\system32\txwgmr.dll] [N/A, ]
[C:\WINDOWS\SysJT4\Ghook.dll] [N/A, ]
[C:\WINDOWS\system32\SysJ2\Ghook.dll] [N/A, ]
[C:\DOCUME~1\rjs\LOCALS~1\Temp\LgSy1.dll] [N/A, ]
[C:\DOCUME~1\rjs\LOCALS~1\Temp\fyzo0.dll] [N/A, ]
[C:\DOCUME~1\rjs\LOCALS~1\Temp\Rav20.dll] [N/A, ]
[C:\DOCUME~1\rjs\LOCALS~1\Temp\LgSy0.dll] [N/A, ]
[C:\DOCUME~1\rjs\LOCALS~1\Temp\Gjzo0.dll] [N/A, ]
[C:\DOCUME~1\rjs\LOCALS~1\Temp\Kavs0.dll] [N/A, ]
[C:\WINDOWS\TEMP\upxdnd.dll] [N/A, ]
[C:\WINDOWS\system32\upxdnd.dll] [N/A, ]
[C:\WINDOWS\system32\msdebug.dll] [N/A, ]
[C:\WINDOWS\system32\RemoteDbg.dll] [N/A, ]
[C:\WINDOWS\system32\windds32.dll] [N/A, ]
[C:\WINDOWS\system32\windhcp.ocx] [N/A, ]
[C:\WINDOWS\system32\xpdhcp.dll] [N/A, ]
[C:\WINDOWS\system32\WMIApiSrv.dll] [N/A, ]
[C:\WINDOWS\system32\netsrvcs.dll] [N/A, ]
3、删除上述病毒模块以及SRENG日志中病毒启动项、驱动项所指向的病毒文件(见后面内容)。

4、取消IceSword的“禁止进程创建。

5、用SRENG删除下列注册表内容:

启动项目
注册表
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
<q8b63qd8i9julg><C:\DOCUME~1\rjs\LOCALS~1\Temp\1explore.exe> []
<l7ftg9vy8><C:\DOCUME~1\rjs\LOCALS~1\Temp\iexpl0re.exe> []
<s><C:\DOCUME~1\rjs\LOCALS~1\Temp\rundl132.exe> []
<rhqbfe4dr><C:\DOCUME~1\rjs\LOCALS~1\Temp\winlog0n.exe> []
<3uihl0w><C:\DOCUME~1\rjs\LOCALS~1\Temp\c0nime.exe> []
<l7><C:\DOCUME~1\rjs\LOCALS~1\Temp\Servera.exe> []
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run]
<sun><C:\WINDOWS\SysSun2\svchost.exe> []
<fy><C:\WINDOWS\Sysfy4\svchost.exe> []
<JT><C:\WINDOWS\SysJT4\svchost.exe> []
<J2><C:\WINDOWS\system32\SysJ2\svchost.exe> []
<sj><C:\WINDOWS\Syssj5\svchost.exe> []
<wl><C:\WINDOWS\Syswl3\svchost.exe> []
<wm><C:\WINDOWS\Syswm7\svchost.exe> []
<pklihisss><C:\WINDOWS\pklihisss.exe /i> []
<Explrer><C:\WINDOWS\Explrer.exe> []
<Exprer><C:\WINDOWS\Exprer.exe> []
<nwiztlbb><C:\WINDOWS\system32\nwiztlbb.exe> []
<nwizAskTao><C:\WINDOWS\system32\nwizAskTao.exe> []
<svpecld><C:\WINDOWS\system32\svpecld.exe> []
<upxdnd><C:\WINDOWS\upxdnd.exe> []
<mppds><C:\WINDOWS\mppds.exe> []
<main32><C:\WINDOWS\main32.exe /i> []
<iPPro><C:\WINDOWS\iPPro.exe> []
<Kvsc3><C:\WINDOWS\Kvsc3.exe> []
<cmdbcs><C:\WINDOWS\cmdbcs.exe> []
<msccrt><C:\WINDOWS\msccrt.exe> []
<MsIMMs32><C:\WINDOWS\MsIMMs32.exe> []
驱动项
[CelInDrv / CelInDrv][Running/Disabled]
<\??\C:\WINDOWS\system32\Drivers\CelInDriver.sys><N/A>
[lbi / lbi][Stopped/Manual Start]
<\??\C:\DOCUME~1\rjs\LOCALS~1\Temp\lbikfk><N/A>
[lemepej / lemepej][Running/Boot Start]
<\SystemRoot\\SystemRoot\System32\drivers\lemepej.sys><N/A>
[uqbejte / uqbejte][Stopped/Manual Start]
<\??\C:\DOCUME~1\rjs\LOCALS~1\Temp\uqbejtejxh><N/A>
gototop
 
rushiqi
头像
健康舞勺狮
  • 帖子:266
  • 注册: 2006-06-21
  • 来自:
发表于: 2007-06-02 16:51 | 只看楼主 短消息 资料
字号: 8楼

请帮忙提供一个IceSword下载的链接,他这台电脑没有装,谢谢
gototop
 
newcenturymoon
头像
社区嘉宾
  • 帖子:15158
  • 注册: 2005-08-03
  • 来自:
论坛8周年活动礼物幸运草
发表于: 2007-06-02 16:53 | 短消息 资料
字号: 9楼

最后需要用杀毒软件全盘杀毒 清除艾尼感染的文件
gototop
 
天月来了
头像
版主
  • 帖子:76904
  • 注册: 2007-02-06
  • 来自:
发表于: 2007-06-02 16:54 | 短消息 资料
字号: 10楼

http://forum.ikaka.com/topic.asp?board=67&artid=8283060

找去
gototop
 
<<上一主题|下一主题>>
12   1  /  2  页   跳转
页面顶部
Powered by Discuz!NT