瑞星卡卡安全论坛技术交流区反病毒/反流氓软件论坛 注册表值AppInit DLLs被修改为非正常值qhbpri.dll

1   1  /  1  页   跳转

注册表值AppInit DLLs被修改为非正常值qhbpri.dll

收藏
飞舞的风筝
头像
初生襁褓狮
  • 帖子:71
  • 注册: 2007-01-31
  • 来自:
发表于: 2007-08-01 14:31 | 显示全部 短消息 资料
字号: 1楼

注册表值AppInit DLLs被修改为非正常值qhbpri.dll

[CODE]

2007-08-01,14:17:59

System Repair Engineer 2.5.16.900
Smallfrogs (http://www.KZTechs.com)

Windows XP Professional Service Pack 2 (Build 2600) - 管理权限用户 - 完整功能

以下内容被选中:
    所有的启动项目(包括注册表、启动文件夹、服务等)
    浏览器加载项
    正在运行的进程(包括进程模块信息)
    文件关联
    Winsock 提供者
    Autorun.inf
    HOSTS 文件
    进程特权扫描


启动项目
注册表
[HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows]
    <load><>  [N/A]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
    <IMJPMIG8.1><"C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32>  [(Verified)Microsoft Windows Publisher]
    <PHIME2002ASync><C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC>  [(Verified)Microsoft Windows Publisher]
    <PHIME2002A><C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName>  [(Verified)Microsoft Windows Publisher]
    <LClock><C:\Program Files\LClock\LClock.exe>  []
    <SoundMan><SOUNDMAN.EXE>  [(Verified)Microsoft Windows Publisher]
    <paTray><"C:\Program Files\AhnLab\APC2\Policy Agent\patray.exe">  []
    <AHNSD><"C:\Program Files\AhnLab\Smart Update Utility\AhnSD.exe">  [(Verified)AhnLab Inc.]
    <TkBellExe><"C:\Program Files\Common Files\Real\Update_OB\realsched.exe"  -osboot>  [(Verified)"RealNetworks, Inc."]
    <wosa><C:\DOCUME~1\Boss\LOCALS~1\Temp\woso.exe>  [N/A]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run]
    <MSDEG32><LYLoader.exe>  []
    <MSDWG32><LYLoadbr.exe>  [N/A]
    <MSDCG32    ><LYLeador.exe>  [N/A]
    <MSDOG32><LYLoador.exe>  [N/A]
    <MSDSG32><LYLoadar.exe>  [N/A]
    <MSDMG32><LYLoadmr.exe>  [N/A]
    <MSDHG32><LYLoadhr.exe>  [N/A]
    <MSDQG32><LYLoadqr.exe>  [N/A]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
    <shell><Explorer.exe>  [(Verified)Microsoft Windows Publisher]
    <Userinit><C:\WINDOWS\system32\userinit.exe,>  [(Verified)Microsoft Windows Publisher]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Windows]
    <AppInit_DLLs><qhbpri.dll>  []
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
    <UIHost><logonui.exe>  [(Verified)Microsoft Windows Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
    <{26368135-64FA-BC34-DA32-DCF4FD431C92}><C:\WINDOWS\system32\qhbpri.dll>  []
    <{659AFD5B-159F-ACD8-954C-ACD545FA6586}><C:\WINDOWS\system32\jzfpri.dll>  []
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\>{26923b43-4d38-484f-9b9e-de460746276c}]
    <Internet Explorer><%systemroot%\system32\shmgrate.exe OCInstallUserConfigIE>  [N/A]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\>{881dd1c5-3dcf-431b-b061-f3f88e8be88a}]
    <Outlook Express><%systemroot%\system32\shmgrate.exe OCInstallUserConfigOE>  [N/A]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{2C7339CF-2B09-4501-B3F3-F3508C9228ED}]
    <Themes Setup><%SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll>  [N/A]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{44BBA840-CC51-11CF-AAFA-00AA00B6015C}]
    <Microsoft Outlook Express 6><"%ProgramFiles%\Outlook Express\setup50.exe" /APP:OE /CALLER:WINNT /user /install>  [N/A]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{44BBA842-CC51-11CF-AAFA-00AA00B6015B}]
    <NetMeeting 3.01><rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msnetmtg.inf,NetMtg.Install.PerUser.NT>  [(Verified)Microsoft Windows Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{5945c046-1e7d-11d1-bc44-00c04fd912be}]
    <Windows Messenger 4.7><rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msmsgs.inf,BLC.QuietInstall.PerUser>  [(Verified)Microsoft Windows Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{6BF52A52-394A-11d3-B153-00C04F79FAA6}]
    <Microsoft Windows Media Player><rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\wmp.inf,PerUserStub>  [(Verified)Microsoft Windows Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{7790769C-0471-11d2-AF11-00C04FA35D02}]
    <通讯簿 6><"%ProgramFiles%\Outlook Express\setup50.exe" /APP:WAB /CALLER:WINNT /user /install>  [N/A]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{89B4C1CD-B018-4511-B0A1-5476DBF70820}]
    <N/A><C:\WINDOWS\system32\Rundll32.exe C:\WINDOWS\system32\mscories.dll,Install>  [Microsoft Corporation]

==================================
启动文件夹
N/A

==================================
服务
[AhnLab Task Scheduler / AhnLab Task Scheduler][Running/Auto Start]
  <"C:\Program Files\AhnLab\Smart Update Utility\AhnSDsv.exe"><AhnLab, Inc.>
[ASP.NET State Service / aspnet_state][Stopped/Manual Start]
  <C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\aspnet_state.exe><Microsoft Corporation>
[Human Interface Device Access / HidServ][Stopped/Disabled]
  <C:\WINDOWS\System32\svchost.exe -k netsvcs-->%SystemRoot%\System32\hidserv.dll><N/A>
[MonSvcNT / MonSvcNT][Running/Auto Start]
  <C:\PROGRA~1\AhnLab\V3\MonSvcNT.exe><AhnLab, Inc.>
[P4P Service / P4P Service][Running/Auto Start]
  <C:\Program Files\Common Files\Sogou PXP\p2psvr.exe><Sohu.com Inc.>
[Policy Agent Service V2.5 / paSvc][Running/Auto Start]
  <"C:\Program Files\AhnLab\APC2\Policy Agent\pasvc.exe"><AhnLab, Inc.>
[Windows DHCP Service / WinDHCPsvc][Stopped/Auto Start]
  <C:\WINDOWS\system32\rundll32.exe windhcp.ocx,input><Microsoft Corporation>

[用户系统信息]Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; (R1 1.5); .NET CLR 1.1.4322)
最后编辑2007-08-01 15:49:53.687000000
分享到:
gototop
 
飞舞的风筝
头像
初生襁褓狮
  • 帖子:71
  • 注册: 2007-01-31
  • 来自:
发表于: 2007-08-01 14:33 | 显示全部 短消息 资料
字号: 2楼

[PID: 1488 / Boss][C:\Program Files\AhnLab\V3\V3P3AT.exe]  [AhnLab, Inc., 6, 1, 0, 201]
    [C:\Program Files\AhnLab\V3\v3if.dll]  [AhnLab, Inc., 6, 1, 0, 3]
    [C:\Program Files\AhnLab\V3\V3CfgE.dll]  [AhnLab, Inc., 6, 0, 0, 96]
    [C:\Program Files\AhnLab\V3\MSVCP60.dll]  [Microsoft Corporation, 6.00.8972.0]
    [C:\Program Files\AhnLab\V3\V3DrEx.dll]  [AhnLab, Inc., 7, 0, 0, 112]
    [C:\Program Files\AhnLab\V3\V3P3ATHL.dll]  [AhnLab, Inc., 6, 0, 0, 23]
    [C:\Program Files\AhnLab\V3\AhnI18N.dll]  [AhnLab, Inc., 6, 0, 0, 18]
    [C:\Program Files\AhnLab\V3\V3MsgFlt.dll]  [AhnLab, Inc., 6, 0, 0, 63]
    [C:\Program Files\AhnLab\V3\MFC42.DLL]  [Microsoft Corporation, 6.00.8665.0]
    [C:\Program Files\AhnLab\V3\V3NfCtl.dll]  [AhnLab, Inc., 6, 0, 0, 3]
    [C:\Program Files\AhnLab\V3\AnfdCtrl.dll]  [AhnLab, Inc., 2, 0, 0, 12]
    [C:\Program Files\AhnLab\V3\AhnCtlKD.dll]  [AhnLab, Inc., 1, 0, 1, 7]
    [C:\Program Files\AhnLab\V3\AhnIConv.dll]  [AhnLab, Inc., 1, 0, 0, 1]
    [C:\Program Files\AhnLab\V3\NLS\V3Dr0804.nls]  [AhnLab, Inc., 7, 0, 0, 8]
    [C:\Program Files\AhnLab\V3\NLS\V3MF0804.nls]  [AhnLab, Inc., 6, 0, 0, 8]
    [C:\Program Files\AhnLab\V3\v3logex.dll]  [AhnLab, Inc., 6, 1, 0, 2]
    [C:\Program Files\AhnLab\V3\NLS\p3at0804.nls]  [AhnLab, Inc., 6, 0, 0, 14]
    [C:\Program Files\AhnLab\V3\System\2\V3pro32e.dll]  [AhnLab, Inc., 2007,07,31,01]
    [C:\WINDOWS\system32\v3w32se2.dll]  [Ahnlab, Inc., 2002, 12, 16, 1]
    [C:\Program Files\AhnLab\V3\V3SR32.dll]  [AhnLab, Inc., 5, 0, 0, 2]
    [C:\Program Files\AhnLab\V3\V3azex.dll]  [AhnLab, Inc., 5, 0, 0, 14]
    [C:\Program Files\AhnLab\V3\AZMain.DLL]  [ESTSoft Corp, 3.6.9.543]
    [C:\Program Files\AhnLab\V3\V3MailDt.dll]  [AhnLab, Inc., 6, 0, 0, 91]
[PID: 1604 / SYSTEM][C:\Program Files\AhnLab\Smart Update Utility\AhnSDsv.exe]  [AhnLab, Inc., 5, 5, 0, 5]
    [C:\Program Files\AhnLab\Smart Update Utility\NLS\ASD0804.nls]  [AhnLab, Inc., 5, 0, 0, 6]
[PID: 1736 / SYSTEM][C:\Program Files\Common Files\Sogou PXP\p2psvr.exe]  [Sohu.com Inc., 2, 0, 0, 32]
    [C:\Program Files\Sogou PXP\vodsvr.dll]  [Sohu.com Inc., 3, 0, 0, 35]
    [C:\Program Files\Sogou PXP\pxpnet.dll]  [Sohu.com Inc., 2, 0, 0, 18]
    [C:\Program Files\Sogou PXP\p2pclient.dll]  [Sohu.com Inc., 2, 9, 1, 20]
[PID: 1748 / SYSTEM][C:\Program Files\AhnLab\APC2\Policy Agent\pasvc.exe]  [AhnLab, Inc., 2.5.5.76]
    [C:\Program Files\AhnLab\APC2\Policy Agent\SLogW.dll]  [AhnLab, 2, 1, 0, 0]
    [C:\Program Files\AhnLab\APC2\Policy Agent\SSync.dll]  [AhnLab, 2, 1, 0, 0]
    [C:\Program Files\AhnLab\APC2\Policy Agent\IniRW.dll]  [AhnLab, 2, 1, 0, 0]
    [C:\Program Files\AhnLab\APC2\Policy Agent\MSVCP60.dll]  [Microsoft Corporation, 6.00.8168.0]
    [C:\Program Files\AhnLab\APC2\Policy Agent\TPool.dll]  [AhnLab, 2, 1, 0, 0]
    [C:\Program Files\AhnLab\APC2\Policy Agent\MaCfgRw.dll]  [AhnLab, 2, 5, 5, 11]
    [C:\Program Files\AhnLab\APC2\Policy Agent\SBase64.dll]  [AhnLab, 2, 1, 0, 0]
    [C:\Program Files\AhnLab\APC2\Policy Agent\PaNetApi.dll]  [Ahnlab, Inc., 2, 5, 5, 90]
[PID: 1212 / LOCAL SERVICE][C:\WINDOWS\System32\alg.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 1036 / Boss][C:\Program Files\Internet Explorer\IEXPLORE.EXE]  [Microsoft Corporation, 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)]
    [C:\WINDOWS\system32\jzfpri.dll]  [N/A, ]
    [C:\WINDOWS\system32\windhcp.ocx]  [N/A, ]
    [C:\Program Files\Thunder Network\Thunder\ComDlls\TDAtOnce_Now.dll]  [Thunder Networking Technologies,LTD, 1.0.0.7]
    [C:\Program Files\AhnLab\V3\V3Bar.dll]  [AhnLab, Inc., 6, 0, 0, 23]
    [C:\Program Files\AhnLab\V3\NLS\bar0804.nls]  [AhnLab, Inc., 6, 0, 0, 7]
    [C:\Program Files\Thunder Network\Thunder\ComDlls\xunleiBHO_Now.dll]  [Thunder Networking Technologies,LTD, 5, 0, 2, 10]
    [C:\Program Files\Thunder Network\Thunder\Components\ResWorker\DsBho_00.dll]  [, 1, 0, 0, 4]
    [C:\Program Files\Thunder Network\Thunder\Components\ResWorker\DataProcessor_00.dll]  [Thunder Networking Technologies,LTD, 1, 0, 0, 6]
    [C:\WINDOWS\system32\qhbpri.dll]  [N/A, ]
    [C:\WINDOWS\system32\Macromed\Flash\Flash9d.ocx]  [Adobe Systems, Inc., 9,0,47,0]
    [C:\WINDOWS\system32\msacm32.drv]  [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)]
    [C:\WINDOWS\system32\msdmo.dll]  [, ]
    [C:\WINDOWS\system32\l3codeca.acm]  [Fraunhofer Institut Integrierte Schaltungen IIS, 1, 9, 0, 0305]
    [C:\WINDOWS\system32\DVobSub.ax]  [Gabest, 2, 0, 23, 0]
    [C:\WINDOWS\system32\vobsub.dll]  [Gabest, 2, 0, 23, 0]
    [C:\WINDOWS\system32\rmoc3260.dll]  [RealNetworks, Inc., 6.0.9.2568]
    [C:\WINDOWS\system32\PNCRT.dll]  [Real Networks, Inc, 6.0.0.0]
    [C:\Program Files\Common Files\Real\Common\pnrs3260.dll]  [RealNetworks, Inc., 6.0.9.4317]
[PID: 1988 / SYSTEM][C:\PROGRA~1\AhnLab\V3\MonSvcNT.exe]  [AhnLab, Inc., 6, 1, 0, 12]
    [C:\PROGRA~1\AhnLab\V3\AhnGICF.dll]  [AhnLab, Inc., 6, 0, 0, 2]
    [C:\PROGRA~1\AhnLab\V3\V3DrEx.dll]  [AhnLab, Inc., 7, 0, 0, 112]
    [C:\PROGRA~1\AhnLab\V3\v3svcctr.dll]  [AhnLab, Inc., 6, 1, 0, 1]
    [C:\PROGRA~1\AhnLab\V3\V3CfgE.dll]  [AhnLab, Inc., 6, 0, 0, 96]
    [C:\PROGRA~1\AhnLab\V3\MSVCP60.dll]  [Microsoft Corporation, 6.00.8972.0]
    [C:\PROGRA~1\AhnLab\V3\V3Flt.dll]  [AhnLab, Inc., 6, 1, 0, 8]
    [C:\PROGRA~1\AhnLab\V3\AhnCtlKD.dll]  [AhnLab, Inc., 1, 0, 1, 7]
    [C:\PROGRA~1\AhnLab\V3\v3if.dll]  [AhnLab, Inc., 6, 1, 0, 3]
    [C:\PROGRA~1\AhnLab\V3\V3STScan.dll]  [AhnLab, Inc., 6, 1, 0, 2]
    [C:\PROGRA~1\AhnLab\V3\AhnDMZ.dll]  [AhnLab, Inc., 6, 0, 0, 73]
    [C:\PROGRA~1\AhnLab\V3\V3Track.dll]  [AhnLab, Inc., 6, 0, 0, 26]
    [C:\PROGRA~1\AhnLab\V3\V3IMSvc.dll]  [AhnLab, Inc., 6, 0, 0, 33]
    [C:\PROGRA~1\AhnLab\V3\V3Ift.dll]  [AhnLab, Inc., 6, 0, 0, 5]
    [C:\PROGRA~1\AhnLab\V3\NLS\V3Dr0804.nls]  [AhnLab, Inc., 7, 0, 0, 8]
    [C:\WINDOWS\system32\windhcp.ocx]  [N/A, ]
    [C:\PROGRA~1\AhnLab\V3\v3logex.dll]  [AhnLab, Inc., 6, 1, 0, 2]
    [C:\PROGRA~1\AhnLab\V3\V3NETINT.dll]  [AhnLab, Inc., 6, 0, 0, 20]
    [C:\PROGRA~1\AhnLab\V3\System\2\V3pro32e.dll]  [AhnLab, Inc., 2007,07,31,01]
    [C:\WINDOWS\system32\v3w32se2.dll]  [Ahnlab, Inc., 2002, 12, 16, 1]
    [C:\PROGRA~1\AhnLab\V3\V3SR32.dll]  [AhnLab, Inc., 5, 0, 0, 2]
[PID: 428 / Boss][C:\PROGRA~1\AhnLab\V3\V3IMPro.exe]  [AhnLab, Inc., 6, 0, 0, 33]
    [C:\WINDOWS\system32\windhcp.ocx]  [N/A, ]
    [C:\PROGRA~1\AhnLab\V3\V3IM.dll]  [AhnLab, Inc., 6, 0, 0, 47]
    [C:\PROGRA~1\AhnLab\V3\V3Ift.dll]  [AhnLab, Inc., 6, 0, 0, 5]
    [C:\PROGRA~1\AhnLab\V3\AhnCtlKD.dll]  [AhnLab, Inc., 1, 0, 1, 7]
    [C:\PROGRA~1\AhnLab\V3\NLS\V3IM0804.nls]  [AhnLab, Inc., 6, 0, 0, 8]
    [C:\PROGRA~1\AhnLab\V3\V3CfgE.dll]  [AhnLab, Inc., 6, 0, 0, 96]
    [C:\PROGRA~1\AhnLab\V3\MSVCP60.dll]  [Microsoft Corporation, 6.00.8972.0]
[PID: 700 / Boss][C:\DOCUME~1\Boss\LOCALS~1\Temp\Rar$EX00.812\SREngPS.EXE]  [Smallfrogs Studio, 2.5.16.900]
    [C:\WINDOWS\system32\jzfpri.dll]  [N/A, ]
    [C:\WINDOWS\system32\windhcp.ocx]  [N/A, ]
    [C:\WINDOWS\system32\qhbpri.dll]  [N/A, ]
    [C:\DOCUME~1\Boss\LOCALS~1\Temp\Rar$EX00.812\Upload\3rdUpd.DLL]  [Smallfrogs Studio, 2, 1, 0, 15]
[PID: 1084 / Boss][C:\WINDOWS\system32\NOTEPAD.EXE]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
    [C:\WINDOWS\system32\jzfpri.dll]  [N/A, ]
    [C:\WINDOWS\system32\windhcp.ocx]  [N/A, ]
    [C:\WINDOWS\system32\qhbpri.dll]  [N/A, ]

==================================
文件关联
.TXT  OK. [%SystemRoot%\system32\NOTEPAD.EXE %1]
.EXE  OK. ["%1" %*]
.COM  OK. ["%1" %*]
.PIF  OK. ["%1" %*]
.REG  OK. [regedit.exe "%1"]
.BAT  OK. ["%1" %*]
.SCR  OK. ["%1" /S]
.CHM  OK. ["C:\WINDOWS\hh.exe" %1]
.HLP  OK. [%SystemRoot%\system32\winhlp32.exe %1]
.INI  OK. [%SystemRoot%\system32\NOTEPAD.EXE %1]
.INF  OK. [%SystemRoot%\system32\NOTEPAD.EXE %1]
.VBS  OK. [%SystemRoot%\System32\WScript.exe "%1" %*]
.JS  OK. [%SystemRoot%\System32\WScript.exe "%1" %*]
.LNK  OK. [{00021401-0000-0000-C000-000000000046}]

==================================
Winsock 提供者
N/A

==================================
Autorun.inf
N/A

==================================
HOSTS 文件
127.0.0.1      localhost

==================================
进程特权扫描
特殊特权被允许: SeLoadDriverPrivilege [PID = 1488, C:\PROGRAM FILES\AHNLAB\V3\V3P3AT.EXE]
特殊特权被允许: SeLoadDriverPrivilege [PID = 1988, C:\PROGRA~1\AHNLAB\V3\MONSVCNT.EXE]
特殊特权被允许: SeLoadDriverPrivilege [PID = 776, C:\PROGRAM FILES\WINRAR\WINRAR.EXE]

==================================
API HOOK
N/A

==================================
隐藏进程
N/A

==================================
gototop
 
飞舞的风筝
头像
初生襁褓狮
  • 帖子:71
  • 注册: 2007-01-31
  • 来自:
发表于: 2007-08-01 14:44 | 显示全部 短消息 资料
字号: 3楼

好像把中间的落下了,补上:
驱动程序
[AhnFlt2K / AhnFlt2K][Running/Manual Start]
  <\??\C:\WINDOWS\system32\Drivers\AhnFlt2K.sys><AhnLab, Inc.>
[AhnRec2K / AhnRec2K][Running/Manual Start]
  <\??\C:\WINDOWS\system32\Drivers\AhnRec2K.sys><AhnLab, Inc.>
[Service for WDM 3D Audio Driver / ALCXSENS][Running/Manual Start]
  <system32\drivers\ALCXSENS.SYS><Sensaura Ltd>
[Service for Realtek AC97 Audio (WDM) / ALCXWDM][Running/Manual Start]
  <system32\drivers\ALCXWDM.SYS><Realtek Semiconductor Corp.>
[AnfdIont / AnfdIont][Running/Auto Start]
  <\??\C:\WINDOWS\system32\drivers\AnfdIont.sys><AhnLab, Inc.>
[AnfdTDnt / AnfdTDnt][Running/System Start]
  <\??\C:\WINDOWS\system32\drivers\AnfdTDnt.sys><AhnLab, Inc.>
[ApfIPXX / ApfIPXX][Stopped/Manual Start]
  <\??\C:\PROGRA~1\AhnLab\V3\ApfIPXX.sys><AhnLab, Inc.>
[HOSTNT / HOSTNT][Running/Auto Start]
  <\??\C:\WINDOWS\system32\drivers\hostnt.sys><N/A>
[ialm / ialm][Running/Manual Start]
  <system32\DRIVERS\ialmnt5.sys><Intel Corporation>
[IdeBusDr / IdeBusDr][Running/Boot Start]
  <\SystemRoot\system32\DRIVERS\IdeBusDr.sys><Intel Corporation>
[Intel(R) Ultra ATA Controller / IdeChnDr][Running/Boot Start]
  <\SystemRoot\system32\DRIVERS\IdeChnDr.sys><Intel Corporation>
[ESS Maestro2E Audio Driver (WDM) / Maestro][Running/Manual Start]
  <system32\drivers\essm2e.sys><ESS Technology, Inc.>
[MHDRV / MHDRV][Running/Auto Start]
  <\??\C:\WINDOWS\system32\drivers\mhdrv.sys><Rainbow China Co., Ltd.>
[Direct Parallel Link Driver / Ptilink][Running/Manual Start]
  <system32\DRIVERS\ptilink.sys><Parallel Technologies, Inc.>
[RCMHDOG / RCMHDOG][Running/Auto Start]
  <\??\C:\WINDOWS\system32\drivers\rcmhdog.sys><Rainbow China Co., Ltd.>
[Realtek RTL8139(A/B/C)-based PCI Fast Ethernet Adapter NT Driver / rtl8139][Running/Manual Start]
  <system32\DRIVERS\RTL8139.SYS><Realtek Semiconductor Corporation>
[Secdrv / Secdrv][Stopped/Manual Start]
  <system32\DRIVERS\secdrv.sys><N/A>
[Rainbow China UMC Driver / UsbC][Stopped/Manual Start]
  <System32\Drivers\rcusbwdm.sys><Rainbow China Co. Ltd.>
[v3engine / v3engine][Running/Manual Start]
  <\??\C:\WINDOWS\system32\drivers\v3engine.sys><AhnLab, Inc.>
[V3Flt2K / V3Flt2K][Running/Manual Start]
  <\??\C:\PROGRA~1\AhnLab\V3\V3Flt2K.sys><AhnLab, Inc.>
[V3IFt2K / V3IFt2K][Running/Manual Start]
  <\??\C:\PROGRA~1\AhnLab\V3\V3IFt2K.sys><AhnLab, Inc.>
[V3IPXX / V3IPXX][Stopped/Manual Start]
  <\??\C:\PROGRA~1\AhnLab\V3\V3IPXX.sys><AhnLab, Inc.>
[V3NfeNt / V3NfeNt][Running/Auto Start]
  <\??\C:\Program Files\AhnLab\V3\V3NfeNt.sys><AhnLab, Inc.>
[Intel(R) Graphics Platform (SoftBIOS) Driver / {6080A529-897E-4629-A488-ABA0C29B635E}][Running/Manual Start]
  <system32\drivers\ialmsbw.sys><Intel Corporation>
[Intel(R) Graphics Chipset (KCH) Driver / {D31A0762-0CEB-444e-ACFF-B049A1F6FE91}][Running/Manual Start]
  <system32\drivers\ialmkchw.sys><Intel Corporation>

==================================
浏览器加载项
[ThunderAtOnce Class]
  {01443AEC-0FD1-40fd-9C87-E93D1494C233} <C:\Program Files\Thunder Network\Thunder\ComDlls\TDAtOnce_Now.dll, Thunder Networking Technologies,LTD>
[V3BOH Class]
  {76EAE03C-F2B1-4397-97E8-390920B7C2DC} <C:\Program Files\AhnLab\V3\V3Bar.dll, AhnLab, Inc.>
[Thunder Browser Helper]
  {889D2FEB-5411-4565-8998-1DD2C5261283} <C:\Program Files\Thunder Network\Thunder\ComDlls\xunleiBHO_Now.dll, Thunder Networking Technologies,LTD>
[江民在线杀毒]
  {06926B30-424E-4f1c-8EE3-543CD96573DC} <http://online.jiangmin.com/online.asp, N/A>
[启动迅雷5]
  {09BA8F6D-CB54-424B-839C-C2A6C8E6B436} <C:\Program Files\Thunder Network\Thunder\Thunder.exe, Thunder Networking Technologies,LTD>
[Messenger]
  {FB5F1910-F110-11d2-BB9E-00C04F795683} <C:\Program Files\Messenger\msmsgs.exe, Microsoft Corporation>
[V3]
  {9E3849D6-41EF-4B2F-86B7-632EF90758E4} <"C:\Program Files\AhnLab\V3\V3Bar.dll", N/A>
[MMCPlayer Class]
  {05C1004E-2596-48E5-8E26-39362985EEB9} <C:\Program Files\feidianTV\MMCShell.dll, Sohu.com Inc.>
[Shockwave Flash Object]
  {D27CDB6E-AE6D-11CF-96B8-444553540000} <C:\WINDOWS\system32\Macromed\Flash\Flash9d.ocx, Adobe Systems, Inc.>
[KvScanOnline Control]
  {EF6205C1-3F17-4829-BCB5-1336ED89E356} <C:\WINDOWS\system32\KvDown.ocx, dreamersoft>
[ThunderAtOnce Class]
  {01443AEC-0FD1-40FD-9C87-E93D1494C233} <C:\Program Files\Thunder Network\Thunder\ComDlls\TDAtOnce_Now.dll, Thunder Networking Technologies,LTD>
[MMCPlayer Class]
  {05C1004E-2596-48E5-8E26-39362985EEB9} <C:\Program Files\feidianTV\MMCShell.dll, Sohu.com Inc.>
[Windows Media Player]
  {22D6F312-B0F6-11D0-94AB-0080C74C7E95} <C:\WINDOWS\system32\wmpdxm.dll, Microsoft Corporation>
[Shell Name Space]
  {55136805-B2DE-11D1-B9F2-00A0C98BC547} <%SystemRoot%\system32\shdocvw.dll, N/A>
[KvScan Control]
  {626AEE7D-DC95-4405-8F9E-9FB1EA80AEDE} <C:\WINDOWS\KVSCAN~1\KvKill.ocx, jiangmin>
[Windows Media Player]
  {6BF52A52-394A-11D3-B153-00C04F79FAA6} <C:\WINDOWS\system32\wmp.dll, Microsoft Corporation>
[V3BOH Class]
  {76EAE03C-F2B1-4397-97E8-390920B7C2DC} <C:\Program Files\AhnLab\V3\V3Bar.dll, AhnLab, Inc.>
[Thunder Browser Helper]
  {889D2FEB-5411-4565-8998-1DD2C5261283} <C:\Program Files\Thunder Network\Thunder\ComDlls\xunleiBHO_Now.dll, Thunder Networking Technologies,LTD>
[SearchAssistantOC]
  {B45FF030-4447-11D2-85DE-00C04FA35C89} <%SystemRoot%\system32\shdocvw.dll, N/A>
[RealPlayer G2 Control]
  {CFCDAA03-8BE4-11CF-B84B-0020AFBBCCFA} <C:\WINDOWS\system32\rmoc3260.dll, RealNetworks, Inc.>
[Shockwave Flash Object]
  {D27CDB6E-AE6D-11CF-96B8-444553540000} <C:\WINDOWS\system32\Macromed\Flash\Flash9d.ocx, Adobe Systems, Inc.>
[KvScanOnline Control]
  {EF6205C1-3F17-4829-BCB5-1336ED89E356} <C:\WINDOWS\system32\KvDown.ocx, dreamersoft>
[使用迅雷下载]
  <C:\Program Files\Thunder Network\Thunder\Program\GetUrl.htm, N/A>
[使用迅雷下载全部链接]
  <C:\Program Files\Thunder Network\Thunder\Program\GetAllUrl.htm, N/A>

==================================
正在运行的进程
[PID: 444 / SYSTEM][\SystemRoot\System32\smss.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 500 / SYSTEM][\??\C:\WINDOWS\system32\csrss.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 524 / SYSTEM][\??\C:\WINDOWS\system32\winlogon.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
    [C:\WINDOWS\system32\jzfpri.dll]  [N/A, ]
    [C:\WINDOWS\system32\msacm32.drv]  [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)]
[PID: 572 / SYSTEM][C:\WINDOWS\system32\services.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
    [C:\WINDOWS\system32\jzfpri.dll]  [N/A, ]
    [C:\WINDOWS\system32\LYMANGR.DLL]  [N/A, ]
[PID: 584 / SYSTEM][C:\WINDOWS\system32\lsass.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
    [C:\WINDOWS\system32\jzfpri.dll]  [N/A, ]
[PID: 732 / SYSTEM][C:\WINDOWS\system32\svchost.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
    [C:\WINDOWS\system32\jzfpri.dll]  [N/A, ]
[PID: 792 / NETWORK SERVICE][C:\WINDOWS\system32\svchost.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
    [C:\WINDOWS\system32\jzfpri.dll]  [N/A, ]
[PID: 852 / SYSTEM][C:\WINDOWS\System32\svchost.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
    [C:\WINDOWS\System32\jzfpri.dll]  [N/A, ]
[PID: 896 / NETWORK SERVICE][C:\WINDOWS\system32\svchost.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
    [C:\WINDOWS\system32\jzfpri.dll]  [N/A, ]
[PID: 972 / LOCAL SERVICE][C:\WINDOWS\system32\svchost.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
    [C:\WINDOWS\system32\jzfpri.dll]  [N/A, ]
[PID: 1148 / Boss][C:\WINDOWS\Explorer.EXE]  [Microsoft Corporation, 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)]
    [C:\WINDOWS\system32\jzfpri.dll]  [N/A, ]
    [C:\WINDOWS\system32\qhbpri.dll]  [N/A, ]
    [C:\Program Files\LClock\LC.dll]  [N/A, ]
    [C:\Program Files\Thunder Network\Thunder\ComDlls\TDAtOnce_Now.dll]  [Thunder Networking Technologies,LTD, 1.0.0.7]
    [C:\Program Files\AhnLab\V3\V3Bar.dll]  [AhnLab, Inc., 6, 0, 0, 23]
    [C:\Program Files\AhnLab\V3\NLS\bar0804.nls]  [AhnLab, Inc., 6, 0, 0, 7]
    [C:\Program Files\Thunder Network\Thunder\ComDlls\xunleiBHO_Now.dll]  [Thunder Networking Technologies,LTD, 5, 0, 2, 10]
    [C:\Program Files\Thunder Network\Thunder\Components\ResWorker\DsBho_00.dll]  [, 1, 0, 0, 4]
    [C:\Program Files\Thunder Network\Thunder\Components\ResWorker\DataProcessor_00.dll]  [Thunder Networking Technologies,LTD, 1, 0, 0, 6]
    [C:\WINDOWS\system32\igfxpph.dll]  [Intel Corporation, 3,0,0,2104]
    [C:\WINDOWS\system32\hccutils.DLL]  [Intel Corporation, 3,0,0,2104]
    [C:\WINDOWS\system32\igfxres.dll]  [Intel Corporation, 3,0,0,2104]
    [C:\WINDOWS\system32\igfxsrvc.dll]  [Intel Corporation, 3,0,0,2104]
    [C:\WINDOWS\system32\igfxdev.dll]  [Intel Corporation, 3,0,0,2104]
[PID: 1240 / SYSTEM][C:\WINDOWS\system32\spoolsv.exe]  [Microsoft Corporation, 5.1.2600.2696 (xpsp_sp2_gdr.050610-1519)]
    [C:\WINDOWS\system32\jzfpri.dll]  [N/A, ]
[PID: 1364 / Boss][C:\Program Files\LClock\LClock.exe]  [, 1, 0, 0, 1]
    [C:\Program Files\LClock\LC.dll]  [N/A, ]
    [C:\Program Files\LClock\Calendar.dll]  [N/A, ]
[PID: 1372 / Boss][C:\WINDOWS\SOUNDMAN.EXE]  [Realtek Semiconductor Corp., 5.1.10]
[PID: 1380 / Boss][C:\Program Files\AhnLab\APC2\Policy Agent\patray.exe]  [, 2, 5, 0, 9]
    [C:\Program Files\AhnLab\APC2\Policy Agent\AhnInst.dll]  [AhnLab, Inc., 6, 0, 0, 52]
    [C:\Program Files\AhnLab\APC2\Policy Agent\MaCfgRw.dll]  [AhnLab, 2, 5, 5, 11]
    [C:\Program Files\AhnLab\APC2\Policy Agent\IniRW.dll]  [AhnLab, 2, 1, 0, 0]
    [C:\Program Files\AhnLab\APC2\Policy Agent\MSVCP60.dll]  [Microsoft Corporation, 6.00.8168.0]
    [C:\Program Files\AhnLab\APC2\Policy Agent\SBase64.dll]  [AhnLab, 2, 1, 0, 0]
    [C:\Program Files\AhnLab\APC2\Policy Agent\SLogW.dll]  [AhnLab, 2, 1, 0, 0]
    [C:\Program Files\AhnLab\APC2\Policy Agent\SSync.dll]  [AhnLab, 2, 1, 0, 0]
    [C:\Program Files\AhnLab\APC2\Policy Agent\AhnI18N.dll]  [AhnLab, Inc., 6, 0, 0, 18]
    [C:\Program Files\AhnLab\APC2\Policy Agent\MFC42.DLL]  [Microsoft Corporation, 6.00.8665.0]
    [C:\WINDOWS\system32\jzfpri.dll]  [N/A, ]
    [C:\Program Files\AhnLab\APC2\Policy Agent\NLS\MTRY0804.nls]  [, 2, 0, 0, 2]
[PID: 1388 / Boss][C:\Program Files\AhnLab\Smart Update Utility\AhnSD.exe]  [AhnLab, Inc., 5, 5, 0, 7]
    [C:\Program Files\AhnLab\Smart Update Utility\NLS\ASD0804.nls]  [AhnLab, Inc., 5, 0, 0, 6]
[PID: 1400 / Boss][C:\Program Files\Common Files\Real\Update_OB\realsched.exe]  [RealNetworks, Inc., 0.1.0.3760]
    [C:\WINDOWS\system32\jzfpri.dll]  [N/A, ]
[PID: 1480 / Boss][C:\Program Files\AhnLab\V3\MonSysNT.exe]  [AhnLab, Inc., 6, 1, 0, 91]
    [C:\Program Files\AhnLab\V3\V3CfgE.dll]  [AhnLab, Inc., 6, 0, 0, 96]
    [C:\Program Files\AhnLab\V3\MSVCP60.dll]  [Microsoft Corporation, 6.00.8972.0]
    [C:\Program Files\AhnLab\V3\V3SSCtrl.dll]  [AhnLab, Inc., 6, 0, 0, 100]
    [C:\Program Files\AhnLab\V3\AhnI18N.dll]  [AhnLab, Inc., 6, 0, 0, 18]
    [C:\Program Files\AhnLab\V3\MFC42.DLL]  [Microsoft Corporation, 6.00.8665.0]
    [C:\Program Files\AhnLab\V3\NLS\Mon0804.nls]  [AhnLab, Inc., 6, 0, 0, 26]
    [C:\Program Files\AhnLab\V3\AhnAlert.dll]  [AhnLab, Inc., 6, 0, 0, 17]
    [C:\WINDOWS\system32\qhbpri.dll]  [N/A, ]
    [C:\WINDOWS\system32\jzfpri.dll]  [N/A, ]
gototop
 
飞舞的风筝
头像
初生襁褓狮
  • 帖子:71
  • 注册: 2007-01-31
  • 来自:
发表于: 2007-08-01 15:19 | 显示全部 短消息 资料
字号: 4楼

用SRENG和IceSword不管用啊,删不掉,请教
gototop
 
飞舞的风筝
头像
初生襁褓狮
  • 帖子:71
  • 注册: 2007-01-31
  • 来自:
发表于: 2007-08-01 15:47 | 显示全部 短消息 资料
字号: 5楼

用IceSword编辑(去掉qhbpri.dll有时候是jzfpri.dll)后,马上恢复
gototop
 
<<上一主题|下一主题>>
1   1  /  1  页   跳转
页面顶部
Powered by Discuz!NT