1   1  /  1  页   跳转

[求助] 中了iexplore.exe病毒

中了iexplore.exe病毒

中了iexplore.exe病毒
360打不开
瑞星无法升级

System Repair Engineer Smart Scan Log扫描报告
System Repair Engineer Smart Scan LogSystem Repair Engineer 2.8.2.1321
Smallfrogs (http://www.KZTechs.com)

Windows XP Professional Service Pack 3 (Build 2600) - 管理权限用户 - 完整功能

以下内容被选中:
所有的启动项目(包括注册表、启动文件夹、服务等)
浏览器加载项
正在运行的进程(包括进程模块信息)
文件关联
Winsock 提供者
Autorun.inf
HOSTS 文件
进程特权扫描
API HOOK
隐藏进程

启动项目


注册表

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
(ctfmon.exe)(C:\WINDOWS\system32\ctfmon.exe) [(Verified)Microsoft Windows Component Publisher]
(daemon tools lite)("F:\DAEMON Tools Lite\daemon.exe" -autorun) [(Verified)DAEMON Tools Code Signing Services]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
(360Safetray)("F:\360\360Safe\safemon\360tray.exe" /start) [(Verified)Qizhi Software (beijing) Co. Ltd]
(Systray)(c:\windows\system32\Systray.exe) [(Verified)Microsoft Windows Component Publisher]
(RavTray)("f:\Rising\Rav\RsTray.exe" -system) [(Verified)Beijing Rising Information Technology Corporation Limited]
(KernelFaultCheck)(%systemroot%\system32\dumprep 0 -k) [File is missing]
(IMJPMIG8.1)(; ) [N/A]
(PHIME2002A)(; ) [N/A]
(PHIME2002ASync)(; ) [N/A]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
(shell)(EXPLORER.EXE) [(Verified)Microsoft Windows Component Publisher]
(Userinit)(C:\WINDOWS\system32\userinit.exe,) [(Verified)Microsoft Windows Component Publisher]
(UIHost)(logonui.exe) [(Verified)Microsoft Windows Component Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
({AEB6717E-7E19-11d0-97EE-00C04FD91972})(shell32.dll) [(Verified)Microsoft Windows Component Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
(PostBootReminder)(%SystemRoot%\system32\SHELL32.dll) [(Verified)Microsoft Windows Component Publisher]
(CDBurn)(%SystemRoot%\system32\SHELL32.dll) [(Verified)Microsoft Windows Component Publisher]
(WebCheck)(C:\WINDOWS\system32\webcheck.dll) [(Verified)Microsoft Windows]
(SysTray)(C:\WINDOWS\system32\stobject.dll) [(Verified)Microsoft Windows Component Publisher]
(UPnPMonitor)(C:\WINDOWS\system32\upnpui.dll) [(Verified)Microsoft Windows Component Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\crypt32chain]
(WinlogonNotify: crypt32chain)(crypt32.dll) [(Verified)Microsoft Windows Component Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\cryptnet]
(WinlogonNotify: cryptnet)(cryptnet.dll) [(Verified)Microsoft Windows Component Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\cscdll]
(WinlogonNotify: cscdll)(cscdll.dll) [(Verified)Microsoft Windows Component Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\dimsntfy]
(WinlogonNotify: dimsntfy)(%SystemRoot%\System32\dimsntfy.dll) [(Verified)Microsoft Windows Component Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ScCertProp]
(WinlogonNotify: ScCertProp)(wlnotify.dll) [(Verified)Microsoft Windows Component Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\Schedule]
(WinlogonNotify: Schedule)(wlnotify.dll) [(Verified)Microsoft Windows Component Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\sclgntfy]
(WinlogonNotify: sclgntfy)(sclgntfy.dll) [(Verified)Microsoft Windows Component Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\SensLogn]
(WinlogonNotify: SensLogn)(WlNotify.dll) [(Verified)Microsoft Windows Component Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\termsrv]
(WinlogonNotify: termsrv)(wlnotify.dll) [(Verified)Microsoft Windows Component Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\wlballoon]
(WinlogonNotify: wlballoon)(wlnotify.dll) [(Verified)Microsoft Windows Component Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler]
({438755C2-A8BA-11D1-B96B-00A0C90312E1})(%SystemRoot%\system32\browseui.dll) [(Verified)Microsoft Windows Component Publisher]
({8C7461EF-2B13-11d2-BE35-3078302C2030})(%SystemRoot%\system32\browseui.dll) [(Verified)Microsoft Windows Component Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\({12d0ed0d-0ee0-4f90-8827-78cefb8f4988}]
(Internet Explorer 版本更新)(C:\WINDOWS\system32\ieudinit.exe) [(Verified)Microsoft Windows]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\){22d6f312-b0f6-11d0-94ab-0080c74c7e95}]
(Microsoft Windows Media Player)(C:\WINDOWS\inf\unregmp2.exe /ShowWMP) [(Verified)Microsoft Windows Component Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\){26923b43-4d38-484f-9b9e-de460746276c}]
(Internet Explorer)(C:\WINDOWS\system32\ie4uinit.exe -UserIconConfig) [(Verified)Microsoft Windows Component Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\){60B49E34-C7CC-11D0-8953-00A0C90347FF}]
(Browser Customizations)("C:\WINDOWS\system32\rundll32.exe" "C:\WINDOWS\system32\iedkcs32.dll",BrandIEActiveSetup SIGNUP) [(Verified)Microsoft Windows Component Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\){60B49E34-C7CC-11D0-8953-00A0C90347FF}MICROS]
(浏览器自定义组件)(RunDLL32 IEDKCS32.DLL,BrandIE4 SIGNUP) [(Verified)Microsoft Windows Component Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\){881dd1c5-3dcf-431b-b061-f3f88e8be88a}]
(Outlook Express)(%systemroot%\system32\shmgrate.exe OCInstallUserConfigOE) [File is missing]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{2C7339CF-2B09-4501-B3F3-F3508C9228ED}]
(Themes Setup)(%SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll) [File is missing]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{44BBA840-CC51-11CF-AAFA-00AA00B6015C}]
(Microsoft Outlook Express 6)("%ProgramFiles%\Outlook Express\setup50.exe" /APP:OE /CALLER:WINNT /user /install) [File is missing]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{44BBA842-CC51-11CF-AAFA-00AA00B6015B}]
(NetMeeting 3.01)(rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msnetmtg.inf,NetMtg.Install.PerUser.NT) [(Verified)Microsoft Windows Component Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{5945c046-1e7d-11d1-bc44-00c04fd912be}]
(Windows Messenger 4.7)(rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msmsgs.inf,BLC.QuietInstall.PerUser) [(Verified)Microsoft Windows Component Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{6BF52A52-394A-11d3-B153-00C04F79FAA6}]
(Microsoft Windows Media Player)(rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\wmp10.inf,PerUserStub) [(Verified)Microsoft Windows Component Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{7790769C-0471-11d2-AF11-00C04FA35D02}]
(通讯簿 6)("%ProgramFiles%\Outlook Express\setup50.exe" /APP:WAB /CALLER:WINNT /user /install) [File is missing]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{89820200-ECBD-11cf-8B85-00AA005B4340}]
(Windows 桌面更新)(regsvr32.exe /s /n /i:U shell32.dll) [(Verified)Microsoft Windows Component Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{89820200-ECBD-11cf-8B85-00AA005B4383}]
(Internet Explorer)(C:\WINDOWS\system32\ie4uinit.exe -BaseSettings) [(Verified)Microsoft Windows Component Publisher]

用户系统信息:Mozilla/5.0 (Windows; U; Windows NT 5.1; zh-CN; rv:1.9.1.3) Gecko/20090824 Firefox/3.5.3
分享到:
gototop
 

回复:中了iexplore.exe病毒

System Repair Engineer 2.8.2.1321
Smallfrogs (http://www.KZTechs.com)

Windows XP Professional Service Pack 3 (Build 2600) - 管理权限用户 - 完整功能

以下内容被选中:
所有的启动项目(包括注册表、启动文件夹、服务等)
浏览器加载项
正在运行的进程(包括进程模块信息)
文件关联
Winsock 提供者
Autorun.inf
HOSTS 文件
进程特权扫描
API HOOK
隐藏进程


启动项目


注册表

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
(ctfmon.exe)(C:\WINDOWS\system32\ctfmon.exe) [(Verified)Microsoft Windows Component Publisher]
(daemon tools lite)("F:\DAEMON Tools Lite\daemon.exe" -autorun) [(Verified)DAEMON Tools Code Signing Services]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
(360Safetray)("F:\360\360Safe\safemon\360tray.exe" /start) [(Verified)Qizhi Software (beijing) Co. Ltd]
(Systray)(c:\windows\system32\Systray.exe) [(Verified)Microsoft Windows Component Publisher]
(RavTray)("f:\Rising\Rav\RsTray.exe" -system) [(Verified)Beijing Rising Information Technology Corporation Limited]
(KernelFaultCheck)(%systemroot%\system32\dumprep 0 -k) [File is missing]
(IMJPMIG8.1)(; ) [N/A]
(PHIME2002A)(; ) [N/A]
(PHIME2002ASync)(; ) [N/A]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
(shell)(EXPLORER.EXE) [(Verified)Microsoft Windows Component Publisher]
(Userinit)(C:\WINDOWS\system32\userinit.exe,) [(Verified)Microsoft Windows Component Publisher]
(UIHost)(logonui.exe) [(Verified)Microsoft Windows Component Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
({AEB6717E-7E19-11d0-97EE-00C04FD91972})(shell32.dll) [(Verified)Microsoft Windows Component Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
(PostBootReminder)(%SystemRoot%\system32\SHELL32.dll) [(Verified)Microsoft Windows Component Publisher]
(CDBurn)(%SystemRoot%\system32\SHELL32.dll) [(Verified)Microsoft Windows Component Publisher]
(WebCheck)(C:\WINDOWS\system32\webcheck.dll) [(Verified)Microsoft Windows]
(SysTray)(C:\WINDOWS\system32\stobject.dll) [(Verified)Microsoft Windows Component Publisher]
(UPnPMonitor)(C:\WINDOWS\system32\upnpui.dll) [(Verified)Microsoft Windows Component Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\crypt32chain]
(WinlogonNotify: crypt32chain)(crypt32.dll) [(Verified)Microsoft Windows Component Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\cryptnet]
(WinlogonNotify: cryptnet)(cryptnet.dll) [(Verified)Microsoft Windows Component Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\cscdll]
(WinlogonNotify: cscdll)(cscdll.dll) [(Verified)Microsoft Windows Component Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\dimsntfy]
(WinlogonNotify: dimsntfy)(%SystemRoot%\System32\dimsntfy.dll) [(Verified)Microsoft Windows Component Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ScCertProp]
(WinlogonNotify: ScCertProp)(wlnotify.dll) [(Verified)Microsoft Windows Component Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\Schedule]
(WinlogonNotify: Schedule)(wlnotify.dll) [(Verified)Microsoft Windows Component Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\sclgntfy]
(WinlogonNotify: sclgntfy)(sclgntfy.dll) [(Verified)Microsoft Windows Component Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\SensLogn]
(WinlogonNotify: SensLogn)(WlNotify.dll) [(Verified)Microsoft Windows Component Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\termsrv]
(WinlogonNotify: termsrv)(wlnotify.dll) [(Verified)Microsoft Windows Component Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\wlballoon]
(WinlogonNotify: wlballoon)(wlnotify.dll) [(Verified)Microsoft Windows Component Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler]
({438755C2-A8BA-11D1-B96B-00A0C90312E1})(%SystemRoot%\system32\browseui.dll) [(Verified)Microsoft Windows Component Publisher]
({8C7461EF-2B13-11d2-BE35-3078302C2030})(%SystemRoot%\system32\browseui.dll) [(Verified)Microsoft Windows Component Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\({12d0ed0d-0ee0-4f90-8827-78cefb8f4988}]
(Internet Explorer 版本更新)(C:\WINDOWS\system32\ieudinit.exe) [(Verified)Microsoft Windows]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\){22d6f312-b0f6-11d0-94ab-0080c74c7e95}]
(Microsoft Windows Media Player)(C:\WINDOWS\inf\unregmp2.exe /ShowWMP) [(Verified)Microsoft Windows Component Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\){26923b43-4d38-484f-9b9e-de460746276c}]
(Internet Explorer)(C:\WINDOWS\system32\ie4uinit.exe -UserIconConfig) [(Verified)Microsoft Windows Component Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\){60B49E34-C7CC-11D0-8953-00A0C90347FF}]
(Browser Customizations)("C:\WINDOWS\system32\rundll32.exe" "C:\WINDOWS\system32\iedkcs32.dll",BrandIEActiveSetup SIGNUP) [(Verified)Microsoft Windows Component Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\){60B49E34-C7CC-11D0-8953-00A0C90347FF}MICROS]
(浏览器自定义组件)(RunDLL32 IEDKCS32.DLL,BrandIE4 SIGNUP) [(Verified)Microsoft Windows Component Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\){881dd1c5-3dcf-431b-b061-f3f88e8be88a}]
(Outlook Express)(%systemroot%\system32\shmgrate.exe OCInstallUserConfigOE) [File is missing]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{2C7339CF-2B09-4501-B3F3-F3508C9228ED}]
(Themes Setup)(%SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll) [File is missing]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{44BBA840-CC51-11CF-AAFA-00AA00B6015C}]
(Microsoft Outlook Express 6)("%ProgramFiles%\Outlook Express\setup50.exe" /APP:OE /CALLER:WINNT /user /install) [File is missing]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{44BBA842-CC51-11CF-AAFA-00AA00B6015B}]
(NetMeeting 3.01)(rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msnetmtg.inf,NetMtg.Install.PerUser.NT) [(Verified)Microsoft Windows Component Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{5945c046-1e7d-11d1-bc44-00c04fd912be}]
(Windows Messenger 4.7)(rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msmsgs.inf,BLC.QuietInstall.PerUser) [(Verified)Microsoft Windows Component Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{6BF52A52-394A-11d3-B153-00C04F79FAA6}]
(Microsoft Windows Media Player)(rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\wmp10.inf,PerUserStub) [(Verified)Microsoft Windows Component Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{7790769C-0471-11d2-AF11-00C04FA35D02}]
(通讯簿 6)("%ProgramFiles%\Outlook Express\setup50.exe" /APP:WAB /CALLER:WINNT /user /install) [File is missing]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{89820200-ECBD-11cf-8B85-00AA005B4340}]
(Windows 桌面更新)(regsvr32.exe /s /n /i:U shell32.dll) [(Verified)Microsoft Windows Component Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{89820200-ECBD-11cf-8B85-00AA005B4383}]
(Internet Explorer)(C:\WINDOWS\system32\ie4uinit.exe -BaseSettings) [(Verified)Microsoft Windows Component Publisher]
gototop
 

回复:中了iexplore.exe病毒

浏览器加载项

[QvodExtend]
{53AC8551-0DE0-4606-8A1E-A51AF20ADD60} (F:\QvodPlayer\QvodExtend.dll, N/A)
[xiamistart Class]
{658D2C4F-158A-46FB-8C96-B1C8F56DBBE9} (f:\Shark\XIAMIP~1.DLL, XiaMi music)
[Thunder Browser Helper]
{889D2FEB-5411-4565-8998-1DD2C5261283} (F:\Thunder Network\Thunder\ComDlls\xunleiBHO_Now.dll, (Signed) 深圳市迅雷网络技术有限公司)
[SafeMon Class]
{B69F34DD-F0F9-42DC-9EDD-957187DA688D} (F:\360\360Safe\safemon\safemon.dll, (Signed) 360安全中心)
[PhotoDrawEx Class]
{05F5F404-7C24-4B39-B5CC-340CEDEB9C0D} (C:\WINDOWS\system32\QQPhotoDrawEx.dll, (Signed) TENCENT)
[Java Plug-in 1.6.0_14]
{8AD9C840-044E-11D1-B3E9-00805F499D93} (F:\Java\jre6\bin\jp2iexp.dll, (Signed) )
[DLoader Class]
{A8618259-B7D4-4800-8FEA-D93EED14396A} (C:\WINDOWS\Downloaded Program Files\downloader.dll, Sina Com)
[Java Plug-in 1.6.0_14]
{CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA} (F:\Java\jre6\bin\jp2iexp.dll, (Signed) )
[Java Plug-in 1.6.0_14]
{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} (F:\Java\jre6\bin\npjpi160_14.dll, (Signed) Sun Microsystems, Inc.)
[PasswordEditCtrl Class]
{E787FD25-8D7C-4693-AE67-9406BC6E22DF} (f:\QQ2009\bin\qqedit.dll, (Signed) Tencent)
[WebThunder Browser Helper]
{00000AAA-A363-466E-BEF5-9BB68697AA7F} (C:\Program Files\Thunder Network\WebThunder\WebThunderBHO_Now.dll, N/A)
[ThunderAtOnce Class]
{01443AEC-0FD1-40FD-9C87-E93D1494C233} (f:\Thunder Network\Thunder\ComDlls\TDAtOnce_Now.dll, (Signed) 深圳市迅雷网络技术有限公司)
[]
{03507A1A-E0C5-4404-AA26-205385C0892D} (, )
[ActiveMovieControl Object]
{05589FA1-C356-11CE-BF01-00AA0055595A} (C:\WINDOWS\system32\wmpdxm.dll, (Signed) Microsoft Corporation)
[PhotoDrawEx Class]
{05F5F404-7C24-4B39-B5CC-340CEDEB9C0D} (C:\WINDOWS\system32\QQPhotoDrawEx.dll, (Signed) TENCENT)
[]
{09BA8F6D-CB54-424B-839C-C2A6C8E6B436} (, )
[XDownloaddManager Class]
{15BD4A12-BEDA-4A4D-8FB1-04553F1FD1CB} (C:\Program Files\Thunder Network\WebThunder\WebThunderBHO_Now.dll, N/A)
[KuGoo3Down Control]
{162AF25B-5A2A-448E-A842-194653EF3E05} (C:\WINDOWS\system32\KuGoo3DownXControl.ocx, (Signed) 酷狗)
[Fade]
{16B280C5-EE70-11D1-9066-00C04FD9189D} (C:\WINDOWS\system32\Dxtmsft.dll, (Signed) Microsoft Corporation)
[]
{1A3440C6-F123-4CAB-84EE-C814E1AE0D8F} (, )
[HallToolkit Class]
{1E36C446-29F0-4773-A3FB-59C5501446EB} (f:\Thunder Network\Thunder\Program\HallTool.dll, (Signed) 深圳市迅雷网络技术有限公司)
[]
{1F14548F-6975-40F1-AE24-6E2D1D449B2F} (, )
[Windows Media Player]
{22D6F312-B0F6-11D0-94AB-0080C74C7E95} (C:\WINDOWS\system32\wmpdxm.dll, (Signed) Microsoft Corporation)
[QQCPHelper.CPAdder]
{23752AA7-CAD7-40C2-99EE-7A9CD3C20C6D} (F:\QQ2009\Bin\CPHelper.dll, (Signed) Tencent)
[HTML Document]
{25336920-03F9-11CF-8FD0-00AA00686F13} (C:\WINDOWS\system32\mshtml.dll, (Signed) Microsoft Corporation)
[XML DOM Document]
{2933BF90-7B36-11D2-B20E-00C04F983E60} (C:\WINDOWS\system32\msxml3.dll, (Signed) Microsoft Corporation)
[XSL Template]
{2933BF94-7B36-11D2-B20E-00C04F983E60} (C:\WINDOWS\system32\msxml3.dll, (Signed) Microsoft Corporation)
[DHTML Edit Control Safe for Scripting for IE5]
{2D360201-FFF5-11D1-8D03-00A0C959BC0A} (C:\Program Files\Common Files\Microsoft Shared\Triedit\dhtmled.ocx, (Signed) Microsoft Corporation)
[WEBChatRoomOCX Control]
{448A5F6B-8C03-4B54-A338-F00237C508AD} (C:\PROGRA~1\sina\UCWEBC~1\UCWEBC~1.OCX, 北京新浪信息技术有限公司)
[XML Document]
{48123BC4-99D9-11D1-A6B3-00C04FD91555} (C:\WINDOWS\system32\msxml3.dll, (Signed) Microsoft Corporation)
[Thunder Agent Class]
{485463B7-8FB2-4B3B-B29B-8B919B0EACCE} (F:\Thunder Network\Thunder\ComDlls\ThunderAgent5.9.13.1222.dll, (Signed) 深圳市迅雷网络技术有限公司)
[VaCom.Application]
{51E88884-1306-4444-B22D-C34119E44232} (F:\Tudou\飞速TU~1\TDVaCom.dll, (Signed) 土豆网)
[HHCtrl Object]
{52A2AAAE-085D-4187-97EA-8C30DB990436} (C:\WINDOWS\system32\hhctrl.ocx, (Signed) Microsoft Corporation)
[QvodExtend]
{53AC8551-0DE0-4606-8A1E-A51AF20ADD60} (F:\QvodPlayer\QvodExtend.dll, N/A)
[Shell Name Space]
{55136805-B2DE-11D1-B9F2-00A0C98BC547} (C:\WINDOWS\system32\ieframe.dll, (Signed) Microsoft Corporation)
[isInstalled Class]
{5852F5ED-8BF4-11D4-A245-0080C6F74284} (F:\Java\jre6\bin\wsdetect.dll, Sun Microsystems, Inc.)
[PowerPlayer Control]
{5EC7C511-CD0F-42E6-830C-1BD9882F3458} (c:\PROGRA~1\PPStream\110~1.277\POWERP~1.DLL, (Signed) PPStream Inc.)
[XMP Class]
{6483F145-A768-4C41-AACC-52D4D7845851} (C:\Documents and Settings\All Users\Application Data\Thunder Network\KanKan\xplayer.dll_1_work, 深圳市迅雷网络技术有限公司)
[Microsoft Shell UI Helper]
{64AB4BB7-111E-11D1-8F79-00C04FC2FBE1} (C:\WINDOWS\system32\ieframe.dll, (Signed) Microsoft Corporation)
[]
{654921BB-4DEA-41C7-BA97-9A1A5CDA9C72} (, )
[xiamistart Class]
{658D2C4F-158A-46FB-8C96-B1C8F56DBBE9} (f:\Shark\XIAMIP~1.DLL, XiaMi music)
[Windows Media Player]
{6BF52A52-394A-11D3-B153-00C04F79FAA6} (C:\WINDOWS\system32\wmp.dll, (Signed) Microsoft Corporation)
[Active Desktop Mover]
{72267F6A-A6F9-11D0-BC94-00C04FB67863} (%SystemRoot%\system32\SHELL32.dll, (Signed) N/A)
[Windows Script Host Shell Object]
{72C24DD5-D70A-438B-8A42-98424B88AFB8} (C:\WINDOWS\system32\wshom.ocx, (Signed) Microsoft Corporation)
[]
{73E4740C-08EB-4133-896B-8D0A7C9EE3CD} (, )
[MediaComm Class]
{7670648D-461B-42AF-BDFE-46D26AF5EFF2} (f:\Thunder Network\Thunder\userdata\Components\InMedia\MediaAddin.dll, (Signed) 深圳市迅雷网络技术有限公司)
[]
{77FEF28E-EB96-44FF-B511-3185DEA48697} (, )
[XDownloaddManager Class]
{802F530B-A8F6-4631-AE49-6BACAAC6373E} (F:\Thunder Network\Thunder\ComDlls\xunleiBHO_Now.dll, (Signed) 深圳市迅雷网络技术有限公司)
[Peer Adapter]
{80E18282-3716-48CA-B50C-F7B7F6A32791} (, )
[360SafeLive]
{87515F61-A66C-4319-A0E0-D416CB8059E3} (F:\360\360Safe\Safelive.dll, (Signed) )
[Microsoft Web Browser]
{8856F961-340A-11D0-A96B-00C04FD705A2} (C:\WINDOWS\system32\ieframe.dll, (Signed) Microsoft Corporation)
[Thunder Browser Helper]
{889D2FEB-5411-4565-8998-1DD2C5261283} (F:\Thunder Network\Thunder\ComDlls\xunleiBHO_Now.dll, (Signed) 深圳市迅雷网络技术有限公司)
[XML DOM Document 4.0]
{88D969C0-F192-11D4-A65F-0040963251E5} (C:\WINDOWS\system32\msxml4.dll, (Signed) Microsoft Corporation)
[XML HTTP 4.0]
{88D969C5-F192-11D4-A65F-0040963251E5} (C:\WINDOWS\system32\msxml4.dll, (Signed) Microsoft Corporation)
[XML DOM 文档 5.0]
{88D969E5-F192-11D4-A65F-0040963251E5} (C:\Program Files\Common Files\Microsoft Shared\OFFICE11\MSXML5.DLL, (Signed) Microsoft Corporation)
[XML HTTP 5.0]
{88D969EA-F192-11D4-A65F-0040963251E5} (C:\Program Files\Common Files\Microsoft Shared\OFFICE11\MSXML5.DLL, (Signed) Microsoft Corporation)
[XML DOM Document 6.0]
{88D96A05-F192-11D4-A65F-0040963251E5} (C:\WINDOWS\system32\msxml6.dll, (Signed) Microsoft Corporation)
[XML HTTP 6.0]
{88D96A0A-F192-11D4-A65F-0040963251E5} (C:\WINDOWS\system32\msxml6.dll, (Signed) Microsoft Corporation)
[TTPlayer ActiveX Control]
{89AE5F82-410A-4040-9387-68D1144EFD03} (C:\Program Files\TTPlayer\ttpctrl.dll, Alen Soft)
[]
{8D9E0B29-563C-4226-86C1-5FF2AE77E1D2} (, )
[SSOForPTLogin Class]
{8FC1EE75-72B3-4A23-B987-2B1C4C8A611B} (f:\QQ2009\bin\SSOAxCtrlForPTLogin.dll, (Signed) Tencent)
[]
{962EFB8E-2683-42D4-AC74-AAA4C759B9C6} (, )
[OFrameObject Class]
{9701758C-4373-482E-B13C-776C048EC890} (C:\Program Files\Common Files\Thunder Network\KanKan\DapCtrl.2.3.5913.250.(925).dll, (Signed) 深圳市迅雷网络技术有限公司)
[VersionDetector Class]
{9EFF1953-9694-47B1-AEF6-B2A3FE8BFE9B} (C:\Program Files\Common Files\Thunder Network\KanKan\vd.1.1.0.29.(615).dll, (Signed) ShenZhen Thunder Networking Technologies,Ltd.)
[]
{A3C4EB4E-1883-4CE0-A4A3-90F3ADDA246D} (, )
[]
{A7F05EE4-0426-454F-8013-C41E3596E9E9} (, )
[DLoader Class]
{A8618259-B7D4-4800-8FEA-D93EED14396A} (C:\WINDOWS\Downloaded Program Files\downloader.dll, Sina Com)
[APlayer Control]
{A9322148-C691-4B9D-91FC-B9C461DBE9DD} (C:\Program Files\Common Files\Thunder Network\APlayer\APlayer_002.dll, (Signed) ShenZhen Thunder Networking Technologies, LTD)
[WebVGPlayer Class]
{AA899B43-24BD-4B6B-BBD0-45557D8D11E0} (C:\PROGRA~1\VIEWGOOD\WEBPLA~1\VGPlayer.dll, )
[DapCtrl Class]
{ACACC6EB-1FBA-4E13-A729-53AEB2DF54F8} (C:\Program Files\Common Files\Thunder Network\KanKan\DapCtrl.2.3.5913.250.(925).dll, (Signed) 深圳市迅雷网络技术有限公司)
[SearchAssistantOC]
{B45FF030-4447-11D2-85DE-00C04FA35C89} (%SystemRoot%\system32\shdocvw.dll, (Signed) N/A)
[]
{B580CF65-E151-49C3-B73F-70B13FCA8E86} (, )
[SafeMon Class]
{B69F34DD-F0F9-42DC-9EDD-957187DA688D} (F:\360\360Safe\safemon\safemon.dll, (Signed) 360安全中心)
[]
{BC96F5A4-C930-4226-ADAB-59349AE585E9} (, )
[RDS.DataSpace]
{BD96C556-65A3-11D0-983A-00C04FC29E36} (C:\Program Files\Common Files\System\msadc\msadco.dll, (Signed) Microsoft Corporation)
[FTNUpload Class]
{BDEACC50-F56D-4D60-860F-CF6ED1766D65} (f:\QQ2009\bin\TXFTNActiveX.dll, (Signed) Tencent)
[QQPlayerCtrl Class]
{CD108273-D434-43E6-AA90-1469F97EB398} (f:\QQMusic\QzoneMusic.dll, (Signed) 深圳腾讯科技)
[VIDEO__X_MS_ASF Moniker Class]
{CD3AFA8F-B84F-48F0-9393-7EDC34128127} (C:\WINDOWS\system32\wmp.dll, (Signed) Microsoft Corporation)
[VIDEO__X_MS_WMV Moniker Class]
{CD3AFA94-B84F-48F0-9393-7EDC34128127} (C:\WINDOWS\system32\wmp.dll, (Signed) Microsoft Corporation)
[WDCCBCtrl Class]
{CE0460F5-48BD-4DC1-A046-0BDCB5A06CEB} (, )
[Microsoft Url Search Hook]
{CFBFAE00-17A6-11D0-99CB-00C04FD64497} (C:\WINDOWS\system32\ieframe.dll, (Signed) Microsoft Corporation)
[RealPlayer G2 Control]
{CFCDAA03-8BE4-11CF-B84B-0020AFBBCCFA} (C:\WINDOWS\system32\rmoc3260.dll, (Signed) RealNetworks, Inc.)
[Shockwave Flash Object]
{D27CDB6E-AE6D-11CF-96B8-444553540000} (C:\WINDOWS\system32\Macromed\Flash\Flash10e.ocx, (Signed) Adobe Systems, Inc.)
[KuAgent2 Class]
{D928E486-C465-4A64-976D-F3B24BBECC69} (f:\YouKu\iKu\YouKuAgent.dll, (Signed) www.youku.com)
[Java(tm) Plug-In 2 SSV Helper]
{DBC80044-A445-435B-BC74-9C25C1C588A9} (F:\Java\jre6\bin\jp2ssv.dll, N/A)
[PlayerCtrl Class]
{E05BC2A3-9A46-4A32-80C9-023A473F5B23} (f:\QQMusic\QzoneMusic.dll, (Signed) 深圳腾讯科技)
[]
{E2E2DD38-D088-4134-82B7-F2BA38496583} (, )
[RevealTrans]
{E31E87C4-86EA-4940-9B8A-5BD5D179A737} (C:\WINDOWS\system32\Dxtmsft.dll, (Signed) Microsoft Corporation)
[PasswordEditCtrl Class]
{E787FD25-8D7C-4693-AE67-9406BC6E22DF} (f:\QQ2009\bin\qqedit.dll, (Signed) Tencent)
[]
{E7C5259E-52D0-459B-AA9D-41AD25E79AFD} (, )
[]
{E7E6F031-17CE-4C07-BC86-EABFE594F69C} (, )
[TimwpDll.TimwpCheck]
{ED4CA2E5-0EEA-44C1-AD7E-74A07A7507A4} (F:\QQ2009\Bin\Timwp.dll, (Signed) Tencent)
[XML HTTP Request]
{ED8C108E-4349-11D2-91A4-00C04F7969E8} (C:\WINDOWS\system32\msxml3.dll, (Signed) Microsoft Corporation)
[QvodCtrl Class]
{F3D0D36F-23F8-4682-A195-74C92B03D4AF} (F:\QvodPlayer\QvodInsert.dll, (Signed) Shenzhen QVOD Technology Co.,Ltd)
[XPPlayer Class]
{F3E70CEA-956E-49CC-B444-73AFE593AD7F} (C:\Program Files\Common Files\Thunder Network\KanKan\PPlayer.2.1.59050.255.(618).dll, ShenZhen Thunder Networking Technologies Ltd.)
[XML DOM Document 3.0]
{F5078F32-C551-11D3-89B9-0000F81FE221} (C:\WINDOWS\system32\msxml3.dll, (Signed) Microsoft Corporation)
[Free Threaded XML DOM Document 3.0]
{F5078F33-C551-11D3-89B9-0000F81FE221} (C:\WINDOWS\system32\msxml3.dll, (Signed) Microsoft Corporation)
[XML HTTP 3.0]
{F5078F35-C551-11D3-89B9-0000F81FE221} (C:\WINDOWS\system32\msxml3.dll, (Signed) Microsoft Corporation)
[XSL Template 3.0]
{F5078F36-C551-11D3-89B9-0000F81FE221} (C:\WINDOWS\system32\msxml3.dll, (Signed) Microsoft Corporation)
[XML DOM Document]
{F6D90F11-9C73-11D3-B32E-00C04F990BB4} (C:\WINDOWS\system32\msxml3.dll, (Signed) Microsoft Corporation)
[XML HTTP]
{F6D90F16-9C73-11D3-B32E-00C04F990BB4} (C:\WINDOWS\system32\msxml3.dll, (Signed) Microsoft Corporation)
[上传到QQ网络硬盘]
(, )
[使用迅雷下载]
(f:\Thunder Network\Thunder\Program\GetUrl.htm, N/A)
[使用迅雷下载全部链接]
(f:\Thunder Network\Thunder\Program\GetAllUrl.htm, N/A)
[添加到QQ表情]
(, )
[百度一下所选文字 (&S)]
(C:\Program Files\Common Files\baidu\Baidu.html, N/A)
gototop
 

回复:中了iexplore.exe病毒

正在运行的进程

[PID: 776][\SystemRoot\System32\smss.exe] [(Verified) Microsoft Corporation, 5.1.2600.5512 (xpsp.080413-2111)]
[PID: 900][\??\C:\WINDOWS\system32\csrss.exe] [(Verified) Microsoft Corporation, 5.1.2600.5512 (xpsp.080413-2111)]
[PID: 932][\??\C:\WINDOWS\system32\winlogon.exe] [(Verified) Microsoft Corporation, 5.1.2600.5512 (xpsp.080413-2113)]
[C:\WINDOWS\system32\uxtheme.dll] [Microsoft Corporation, 6.00.2900.5512 (xpsp.080413-2105)]
[C:\WINDOWS\system32\Ati2evxx.dll] [ATI Technologies Inc., 6.14.10.4178]
[PID: 976][C:\WINDOWS\system32\services.exe] [(Verified) Microsoft Corporation, 5.1.2600.5755 (xpsp_sp3_qfe.090206-1316)]
[PID: 988][C:\WINDOWS\system32\lsass.exe] [(Verified) Microsoft Corporation, 5.1.2600.5512 (xpsp.080413-2113)]
[C:\WINDOWS\system32\UxTheme.dll] [Microsoft Corporation, 6.00.2900.5512 (xpsp.080413-2105)]
[PID: 1248][C:\WINDOWS\system32\svchost.exe] [(Verified) Microsoft Corporation, 5.1.2600.5512 (xpsp.080413-2111)]
[C:\WINDOWS\system32\UxTheme.dll] [Microsoft Corporation, 6.00.2900.5512 (xpsp.080413-2105)]
[C:\Documents and Settings\Administrator\Application Data\ampro\ampro.dll] [N/A, ]
[C:\WINDOWS\system32\msi.dll] [Microsoft Corporation, 4.5.6001.22159]
[PID: 1416][f:\Rising\Rav\RavMonD.exe] [Beijing Rising Information Technology Co., Ltd., 22, 0, 0, 2]
[f:\Rising\Rav\combase.dll] [Beijing Rising Information Technology Co., Ltd., 22, 0, 0, 17]
[f:\Rising\Rav\cnt09.dll] [Beijing Rising Information Technology Co., Ltd., 22, 0, 0, 5]
[f:\Rising\Rav\moncomm.dll] [Beijing Rising Information Technology Co., Ltd., 22, 0, 0, 9]
[f:\Rising\Rav\MonBase.dll] [Beijing Rising Information Technology Co., Ltd., 22, 0, 0, 3]
[f:\Rising\Rav\Rslog.dll] [Beijing Rising Information Technology Co., Ltd., 22.0.0.41]
[f:\Rising\Rav\mondrv.dll] [Beijing Rising Information Technology Co., Ltd., 22, 0, 0, 6]
[f:\Rising\Rav\defmon.dll] [Beijing Rising Information Technology Co., Ltd., 22, 0, 0, 46]
[f:\Rising\Rav\moncom08.dll] [Beijing Rising Information Technology Co., Ltd., 22, 0, 0, 1]
[f:\Rising\Rav\MonRule.dll] [Beijing Rising Information Technology Co., Ltd., 22, 0, 0, 10]
[f:\Rising\Rav\FileMon.dll] [Beijing Rising Information Technology Co., Ltd., 22, 0, 0, 29]
[f:\Rising\Rav\MailMon.dll] [Beijing Rising Information Technology Co., Ltd., 22, 0, 0, 22]
[f:\Rising\Rav\HookWeb.dll] [Beijing Rising Information Technology Co., Ltd., 22, 0, 0, 12]
[f:\Rising\Rav\rsindent.dll] [Beijing Rising Information Technology Co., Ltd., 22, 0, 0, 11]
[f:\Rising\Rav\Syslay.dll] [Beijing Rising Information Technology Co., Ltd., 21.0.0.6]
[f:\Rising\Rav\taskplug.dll] [Beijing Rising Information Technology Co., Ltd., 22, 0, 0, 10]
[f:\Rising\Rav\scansrvp.dll] [Beijing Rising Information Technology Co., Ltd., 22.0.0.7]
[f:\Rising\Rav\cnt08.dll] [Beijing Rising Information Technology Co., Ltd., 22, 0, 0, 1]
[f:\Rising\Rav\proccomm.dll] [Beijing Rising Information Technology Co., Ltd., 22, 0, 0, 4]
[f:\Rising\Rav\RSAPPMGR.dll] [Beijing Rising Information Technology Co., Ltd., 22.0.0.0]
[f:\Rising\Rav\CfgDll.dll] [Beijing Rising Information Technology Co., Ltd., 22.0.0.0]
[f:\Rising\Rav\comx3.dll] [Beijing Rising Information Technology Co., Ltd., 21.0.0.37]
[f:\Rising\Rav\Hooksys.dll] [Beijing Rising Information Technology Co., Ltd., 24, 0, 0, 3]
[f:\Rising\Rav\ProcCom.dll] [Beijing Rising Information Technology Co., Ltd., 20, 0, 0, 20]
[f:\Rising\Rav\RsCommX2.dll] [Beijing Rising Information Technology Co., Ltd., 20, 0, 0, 20]
[f:\Rising\Rav\HookCont.dll] [Beijing Rising Information Technology Co., Ltd., 24, 0, 0, 1]
[f:\Rising\Rav\BACore.dll] [Beijing Rising Information Technology Co., Ltd., 22, 0, 0, 36]
[f:\Rising\Rav\recomp.dll] [Beijing Rising Information Technology Co., Ltd., 22, 0, 0, 6]
[f:\Rising\Rav\refs.dll] [Beijing Rising Information Technology Co., Ltd., 22, 0, 0, 3]
[f:\Rising\Rav\viruslib.dll] [Beijing Rising Information Technology Co., Ltd., 22, 0, 0, 3]
[f:\Rising\Rav\relibldr.dll] [Beijing Rising Information Technology Co., Ltd., 22, 0, 0, 3]
[f:\Rising\Rav\rsnetsvr.dll] [Beijing Rising Information Technology Co., Ltd., 22, 0, 0, 3]
[f:\Rising\Rav\bawhite.dll] [Beijing Rising Information Technology Co., Ltd., 22, 0, 0, 3]
[f:\Rising\Rav\RSStore.dll] [Beijing Rising Information Technology Co., Ltd., 22, 0, 0, 5]
[f:\Rising\Rav\Scanner.dll] [Beijing Rising Information Technology Co., Ltd., 22.0.0.22]
[f:\Rising\Rav\ScanAdd.dll] [Beijing Rising Information Technology Co., Ltd., 22.0.0.4]
[C:\Documents and Settings\Administrator\Application Data\ampro\ampro.dll] [N/A, ]
[f:\Rising\Rav\NComm2.dll] [Beijing Rising Information Technology Co., Ltd., 22, 0, 0, 3]
[f:\Rising\Rav\rstask.dll] [Beijing Rising Information Technology Co., Ltd., 22, 0, 0, 5]
[f:\Rising\Rav\rsstub.dll] [Beijing Rising Information Technology Co., Ltd., 22, 0, 0, 1]
[f:\Rising\Rav\ScanSrv.dll] [Beijing Rising Information Technology Co., Ltd., 22.0.0.3]
[f:\Rising\Rav\scanpe.dll] [Beijing Rising Information Technology Co., Ltd., 22, 0, 0, 10]
[f:\Rising\Rav\pearc.dll] [Beijing Rising Information Technology Co., Ltd., 22, 0, 0, 2]
[f:\Rising\Rav\ur000.dat] [Beijing Rising Information Technology Co., Ltd., 22, 0, 0, 4]
[f:\Rising\Rav\urutils.dll] [Beijing Rising Information Technology Co., Ltd., 22, 0, 0, 1]
[f:\Rising\Rav\revm.dll] [Beijing Rising Information Technology Co., Ltd., 22, 0, 0, 6]
[f:\Rising\Rav\ffr.dll] [Beijing Rising Information Technology Co., Ltd., 22, 0, 0, 4]
[f:\Rising\Rav\nvfile.dll] [Beijing Rising Information Technology Co., Ltd., 22, 0, 0, 1]
[f:\Rising\Rav\scanexec.dll] [Beijing Rising Information Technology Co., Ltd., 22, 0, 0, 2]
[f:\Rising\Rav\unexe.dll] [Beijing Rising Information Technology Co., Ltd., 22, 0, 0, 2]
[f:\Rising\Rav\scanex.dll] [Beijing Rising Information Technology Co., Ltd., 22, 0, 0, 73]
[f:\Rising\Rav\scantj.dll] [Beijing Rising Information Technology Co., Ltd., 22, 0, 0, 4]
[f:\Rising\Rav\methodex.dll] [Beijing Rising Information Technology Co., Ltd., 22, 0, 0, 3]
[f:\Rising\Rav\heurex.dll] [Beijing Rising Information Technology Co., Ltd., 22, 0, 0, 16]
[f:\Rising\Rav\pecompd.dll] [Beijing Rising Information Technology Co., Ltd., 22, 0, 0, 5]
[f:\Rising\Rav\scansct.dll] [Beijing Rising Information Technology Co., Ltd., 22, 0, 0, 4]
[f:\Rising\Rav\extsfx.dll] [Beijing Rising Information Technology Co., Ltd., 22, 0, 0, 4]
[f:\Rising\Rav\ur001.dat] [Beijing Rising Information Technology Co., Ltd., 22, 0, 0, 2]
[f:\Rising\Rav\extmail.dll] [Beijing Rising Information Technology Co., Ltd., 22, 0, 0, 5]
[f:\Rising\Rav\ScanRavT.dll] [Beijing Rising Information Technology Co., Ltd., 22.0.0.4]
[f:\Rising\Rav\ScanBT.dll] [Beijing Rising Information Technology Co., Ltd., 22.0.0.19]
[f:\Rising\Rav\ScanStub.dll] [Beijing Rising Information Technology Co., Ltd., 22.0.0.1]
[f:\Rising\Rav\ur027.dat] [Beijing Rising Information Technology Co., Ltd., 22, 0, 0, 1]
[f:\Rising\Rav\ur025.dat] [Beijing Rising Information Technology Co., Ltd., 22, 0, 0, 2]
[f:\Rising\Rav\ur023.dat] [Beijing Rising Information Technology Co., Ltd., 22, 0, 0, 1]
[PID: 1432][C:\WINDOWS\System32\svchost.exe] [(Verified) Microsoft Corporation, 5.1.2600.5512 (xpsp.080413-2111)]
[C:\WINDOWS\system32\UxTheme.dll] [Microsoft Corporation, 6.00.2900.5512 (xpsp.080413-2105)]
[C:\Documents and Settings\Administrator\Application Data\ampro\ampro.dll] [N/A, ]
[c:\windows\system32\msi.dll] [Microsoft Corporation, 4.5.6001.22159]
[PID: 1480][C:\WINDOWS\system32\svchost.exe] [(Verified) Microsoft Corporation, 5.1.2600.5512 (xpsp.080413-2111)]
[C:\WINDOWS\system32\UxTheme.dll] [Microsoft Corporation, 6.00.2900.5512 (xpsp.080413-2105)]
[C:\Documents and Settings\Administrator\Application Data\ampro\ampro.dll] [N/A, ]
[PID: 1648][C:\WINDOWS\system32\spoolsv.exe] [(Verified) Microsoft Corporation, 5.1.2600.5512 (xpsp.080413-0852)]
[C:\WINDOWS\system32\UxTheme.dll] [Microsoft Corporation, 6.00.2900.5512 (xpsp.080413-2105)]
[C:\WINDOWS\system32\HP1006LM.DLL] [Software 2000 Limited, 2.6]
[C:\WINDOWS\system32\msi.dll] [Microsoft Corporation, 4.5.6001.22159]
[C:\WINDOWS\System32\spool\PRTPROCS\W32X86\HP1006S.DLL] [Hewlett-Packard , 1.0.5]
[PID: 1884][C:\WINDOWS\Explorer.EXE] [(Verified) Microsoft Corporation, 6.00.2900.5512 (xpsp.080413-2105)]
[C:\WINDOWS\system32\UxTheme.dll] [Microsoft Corporation, 6.00.2900.5512 (xpsp.080413-2105)]
[C:\WINDOWS\system32\msi.dll] [Microsoft Corporation, 4.5.6001.22159]
[C:\Documents and Settings\Administrator\Application Data\ampro\ampro.dll] [N/A, ]
[F:\360\360Safe\safemon\safemon.dll] [360安全中心, 6, 3, 1, 1013]
[F:\Thunder Network\Thunder\ComDlls\xunleiBHO_Now.dll] [深圳市迅雷网络技术有限公司, 5,9,13,1222]
[F:\Thunder Network\Thunder\ComDlls\MSVCP71.dll] [Microsoft Corporation, 7.10.6030.0]
[F:\Thunder Network\Thunder\ComDlls\MSVCR71.dll] [Microsoft Corporation, 7.10.6030.0]
[F:\Thunder Network\Thunder\ComDlls\ATL71.DLL] [Microsoft Corporation, 7.10.6101.0]
[F:\Thunder Network\Thunder\userdata\Components\ResWorker\DsBho_00.dll] [深圳市迅雷网络技术有限公司, 1, 0, 0, 26]
[F:\Thunder Network\Thunder\userdata\Components\ResWorker\DataProcessor_00.dll] [深圳市迅雷网络技术有限公司, 1, 0, 0, 20]
[C:\WINDOWS\system32\SOGOUPY.IME] [Sogou.com Inc., 4.3.1.3416]
[C:\Program Files\WinRAR\rarext.dll] [N/A, ]
[C:\WINDOWS\system32\RavExt.dll] [Beijing Rising Information Technology Co., Ltd., 22.0.0.1]
[F:\QvodPlayer\QvodBand.dll] [Shenzhen QVOD Technology Co.,Ltd, 3, 0, 0, 0]
[C:\WINDOWS\system32\YouKuDesktopShell.dll] [www.youku.com, 1.2.7.1700]
[C:\WINDOWS\system32\TudouUpload.dll] [www.Tudou.com, 1.1.0.0]
[C:\WINDOWS\system32\CmdLineExt.dll] [Sony DADC Austria AG., 1,1,221,0]
[C:\WINDOWS\system32\shdoclc.dll] [Microsoft Corporation, 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 2024][F:\360\360Safe\safemon\360tray.exe] [360.CN, 6, 2, 0, 5002]
[C:\WINDOWS\system32\UxTheme.dll] [Microsoft Corporation, 6.00.2900.5512 (xpsp.080413-2105)]
[F:\360\360Safe\ipc\ipcservice.dll] [360.CN, 6, 2, 0, 1008]
[F:\360\360Safe\ipc\fileMgr.dll] [360.cn, 6, 2, 0, 2001]
[F:\360\360Safe\ipc\yhregd.dll] [, 6, 2, 0, 3001]
[F:\360\360Safe\ipc\appd.dll] [360.cn, 6, 2, 0, 2006]
[F:\360\360Safe\safemon\360compro.dll] [360安全中心, 6, 2, 0, 1002]
[F:\360\360Safe\safemon\360webpro.dll] [360.CN, 1, 3, 0, 1030]
[F:\360\360Safe\safemon\360traylive.dll] [360安全中心, 6, 0, 1, 1013]
[F:\360\360Safe\safemon\360procmon.dll] [360.CN, 1, 3, 0, 2003]
[F:\360\360Safe\safemon\SelfProtectAPI2.dll] [360.CN, 1, 1, 0, 1012]
[F:\360\360Safe\safemon\netmon.tpi] [360.CN, 1, 0, 1, 1007]
[F:\360\360Safe\safemon\netm.tpi] [360.cn, 1, 0, 0, 1008]
[F:\360\360Safe\netmon\360netctrl.dll] [360.CN, 1, 0, 1, 1008]
[F:\360\360Safe\safemon\360safemonpro.tpi] [360安全中心, 1, 1, 0, 1003]
[F:\360\360Safe\deepscan\qutmload.dll] [360.cn, 6, 2, 0, 1007]
[F:\360\360Safe\ipc\qutmipc.dll] [360安全中心, 6, 2, 0, 1006]
[F:\360\360Safe\safemon\safemon.dll] [360安全中心, 6, 3, 1, 1013]
[F:\360\360Safe\safemon\urlproc.dll] [360安全中心, 1, 2, 0, 1003]
[F:\360\360Safe\SafeLive.dll] [, 1, 0, 0, 1006]
[F:\360\360Safe\pdown.dll] [360.cn, 1, 2, 0, 1011]
[F:\360\360Safe\deepscan\Cloudcom2.dll] [360.cn, 3, 2, 2, 1002]
[F:\360\360Safe\deepscan\bapi.dll] [360.cn, 1.0.0.1008]
[F:\360\360Safe\efiproc.dll] [奇虎360安全卫士, 1, 0, 0, 1005]
[F:\360\360Safe\deepscan\deepscan.dll] [360.cn, 3, 2, 2, 1005]
[C:\Documents and Settings\Administrator\Application Data\ampro\ampro.dll] [N/A, ]
[PID: 176][F:\Rising\Rav\RsTray.exe] [Beijing Rising Information Technology Co., Ltd., 22.0.0.11]
[F:\Rising\Rav\comserv.dll] [Beijing Rising Information Technology Co., Ltd., 22.0.0.15]
[F:\Rising\Rav\rslang.dll] [Beijing Rising Information Technology Co., Ltd., 22, 0, 0, 1]
[F:\Rising\Rav\comx3.dll] [Beijing Rising Information Technology Co., Ltd., 21.0.0.37]
[F:\Rising\Rav\Syslay.dll] [Beijing Rising Information Technology Co., Ltd., 21.0.0.6]
[F:\Rising\Rav\ProcComm.dll] [Beijing Rising Information Technology Co., Ltd., 22, 0, 0, 4]
[F:\Rising\Rav\rsxml.dll] [Beijing Rising Information Technology Co., Ltd., 22, 0, 0, 2]
[F:\Rising\Rav\MonState.dll] [Beijing Rising Information Technology Co., Ltd., 22, 0, 0, 2]
[F:\Rising\Rav\ScanEvnt.dll] [Beijing Rising Information Technology Co., Ltd., 22.0.0.3]
[F:\Rising\Rav\rsguilib.dll] [Beijing Rising Information Technology Co., Ltd., 22, 0, 0, 57]
[F:\Rising\Rav\rsconf.dll] [Beijing Rising Information Technology Co., Ltd., 22.0.0.1]
[F:\Rising\Rav\rspalvd.dll] [Beijing Rising Information Technology Co., Ltd., 22.0.0.7]
[F:\Rising\Rav\ravbintl.dll] [Beijing Rising Information Technology Co., Ltd., 22, 0, 0, 22]
[F:\Rising\Rav\mruleui.dll] [Beijing Rising Information Technology Co., Ltd., 22, 0, 0, 7]
[F:\Rising\Rav\MonTray.dll] [Beijing Rising Information Technology Co., Ltd., 22.0.0.74]
[F:\Rising\Rav\RavITray.dll] [Beijing Rising Information Technology Co., Ltd., 22, 0, 0, 6]
[F:\Rising\Rav\rsmginfo.dll] [Beijing Rising Information Technology Co., Ltd., 22, 0, 0, 4]
[F:\Rising\Rav\scanleak.dll] [Beijing Rising Information Technology Co., Ltd., 22, 0, 0, 6]
[F:\Rising\Rav\ravppops.dll] [Beijing Rising Information Technology Co., Ltd., 22, 0, 0, 21]
[F:\Rising\Rav\RSAPPMGR.dll] [Beijing Rising Information Technology Co., Ltd., 22.0.0.0]
[F:\Rising\Rav\CfgDll.dll] [Beijing Rising Information Technology Co., Ltd., 22.0.0.0]
[C:\WINDOWS\system32\UxTheme.dll] [Microsoft Corporation, 6.00.2900.5512 (xpsp.080413-2105)]
[F:\Rising\Rav\PngDll.dll] [Beijing Rising Information Technology Co., Ltd., 21, 0, 0, 4]
[F:\Rising\Rav\ScanPrxy.dll] [Beijing Rising Information Technology Co., Ltd., 22.0.0.4]
[C:\Documents and Settings\Administrator\Application Data\ampro\ampro.dll] [N/A, ]
[PID: 316][C:\WINDOWS\system32\ctfmon.exe] [(Verified) Microsoft Corporation, 5.1.2600.5512 (xpsp.080413-2105)]
[C:\WINDOWS\system32\UxTheme.dll] [Microsoft Corporation, 6.00.2900.5512 (xpsp.080413-2105)]
[F:\360\360Safe\safemon\safemon.dll] [360安全中心, 6, 3, 1, 1013]
[PID: 1860][C:\WINDOWS\system32\svchost.exe] [(Verified) Microsoft Corporation, 5.1.2600.5512 (xpsp.080413-2111)]
[C:\WINDOWS\system32\UxTheme.dll] [Microsoft Corporation, 6.00.2900.5512 (xpsp.080413-2105)]
[c:\windows\system32\netfe32.dll] [N/A, ]
[PID: 1896][C:\WINDOWS\system32\imapi.exe] [(Verified) Microsoft Corporation, 5.1.2600.5512 (xpsp.080413-2105)]
[C:\WINDOWS\system32\UxTheme.dll] [Microsoft Corporation, 6.00.2900.5512 (xpsp.080413-2105)]
[PID: 1316][C:\WINDOWS\system32\svchost.exe] [(Verified) Microsoft Corporation, 5.1.2600.5512 (xpsp.080413-2111)]
[C:\WINDOWS\system32\UxTheme.dll] [Microsoft Corporation, 6.00.2900.5512 (xpsp.080413-2105)]
[c:\windows\system32\netpt32.dll] [N/A, ]
[C:\Documents and Settings\Administrator\Application Data\ampro\ampro.dll] [N/A, ]
[PID: 1468][C:\WINDOWS\system32\svchost.exe] [(Verified) Microsoft Corporation, 5.1.2600.5512 (xpsp.080413-2111)]
[C:\WINDOWS\system32\UxTheme.dll] [Microsoft Corporation, 6.00.2900.5512 (xpsp.080413-2105)]
[C:\Documents and Settings\Administrator\Application Data\ampro\ampro.dll] [N/A, ]
[PID: 220][C:\WINDOWS\system32\svchost.exe] [(Verified) Microsoft Corporation, 5.1.2600.5512 (xpsp.080413-2111)]
[C:\WINDOWS\system32\UxTheme.dll] [Microsoft Corporation, 6.00.2900.5512 (xpsp.080413-2105)]
[PID: 2820][F:\Mozilla Firefox\firefox.exe] [Mozilla Corporation, 1.9.1.3]
[F:\Mozilla Firefox\xul.dll] [Mozilla Foundation, 1.9.1.3]
[F:\Mozilla Firefox\sqlite3.dll] [sqlite.org, 3.6.10]
[F:\Mozilla Firefox\MOZCRT19.dll] [Mozilla Foundation, 8.00.0000]
[F:\Mozilla Firefox\js3250.dll] [Netscape Communications Corporation, 4.0]
[F:\Mozilla Firefox\nspr4.dll] [Mozilla Foundation, 4.8]
[F:\Mozilla Firefox\smime3.dll] [Mozilla Foundation, 3.12.3.1 Basic ECC]
[F:\Mozilla Firefox\nss3.dll] [Mozilla Foundation, 3.12.3.1 Basic ECC]
[F:\Mozilla Firefox\nssutil3.dll] [Mozilla Foundation, 3.12.3.1]
[F:\Mozilla Firefox\plc4.dll] [Mozilla Foundation, 4.8]
[F:\Mozilla Firefox\plds4.dll] [Mozilla Foundation, 4.8]
[F:\Mozilla Firefox\ssl3.dll] [Mozilla Foundation, 3.12.3.1 Basic ECC]
[F:\Mozilla Firefox\xpcom.dll] [Mozilla Foundation, 1.9.1.3]
[C:\WINDOWS\system32\uxtheme.dll] [Microsoft Corporation, 6.00.2900.5512 (xpsp.080413-2105)]
[F:\360\360Safe\safemon\safemon.dll] [360安全中心, 6, 3, 1, 1013]
[F:\Mozilla Firefox\components\browserdirprovider.dll] [Mozilla Foundation, 1.9.1.3]
[C:\Documents and Settings\Administrator\Application Data\ampro\ampro.dll] [N/A, ]
[F:\Mozilla Firefox\components\brwsrcmp.dll] [Mozilla Foundation, 1.9.1.3]
[F:\Mozilla Firefox\components\ThunderComponent.dll] [深圳市迅雷网络技术有限公司, 1, 0, 0, 9]
[C:\WINDOWS\system32\MSVCP71.dll] [Microsoft Corporation, 7.10.3077.0]
[C:\WINDOWS\system32\MSVCR71.dll] [Microsoft Corporation, 7.10.3052.4]
[F:\Mozilla Firefox\softokn3.dll] [Mozilla Foundation, 3.12.3.1 Basic ECC]
[F:\Mozilla Firefox\nssdbm3.dll] [Mozilla Foundation, 3.12.3.1 Basic ECC]
[F:\Mozilla Firefox\freebl3.dll] [Mozilla Foundation, 3.12.3.1 Basic ECC]
[F:\Mozilla Firefox\nssckbi.dll] [Mozilla Foundation, 1.75]
[F:\360\360Safe\safemon\LoadWDUI.dll] [360安全中心, 1, 0, 0, 1016]
[F:\360\360Safe\safemon\urlproc.dll] [360安全中心, 1, 2, 0, 1003]
[C:\WINDOWS\system32\SOGOUPY.IME] [Sogou.com Inc., 4.3.1.3416]
[C:\WINDOWS\system32\icm32.dll] [Microsoft Corporation, 5.1.2600.5512 (xpsp.080413-2105)]
[PID: 1760][C:\Program Files\WinRAR\WinRAR.exe] [N/A, ]
[F:\360\360Safe\safemon\safemon.dll] [360安全中心, 6, 3, 1, 1013]
[C:\WINDOWS\system32\UxTheme.dll] [Microsoft Corporation, 6.00.2900.5512 (xpsp.080413-2105)]
[F:\Nokia\Nokia PC Suite 7\PhoneBrowser.dll] [Nokia, 7, 1, 105, 0]
[F:\Nokia\Nokia PC Suite 7\NGSCM.DLL] [Nokia, 7, 1, 151, 0]
[F:\Nokia\Nokia PC Suite 7\Lang\PhoneBrowser_chi-sc.nlr] [Nokia, 7, 1, 66, 0]
[F:\Nokia\Nokia PC Suite 7\Resource\PhoneBrowser_Nokia.ngr] [Nokia, 7, 1, 21, 0]
[PID: 3776][C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\Rar$EX00.547\SREngLdr.EXE] [Smallfrogs Studio, 2.8.2.1321]
[PID: 1288][C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\Rar$EX00.547\SREb81984d7.EXE] [Smallfrogs Studio, 2.8.2.1321]
[F:\360\360Safe\safemon\safemon.dll] [360安全中心, 6, 3, 1, 1013]
[C:\WINDOWS\system32\UxTheme.dll] [Microsoft Corporation, 6.00.2900.5512 (xpsp.080413-2105)]
[C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\Rar$EX00.547\Upload\3rdUpd.DLL] [Smallfrogs Studio, 2, 1, 0, 15]
[C:\Documents and Settings\Administrator\Application Data\ampro\ampro.dll] [N/A, ]
[PID: 3704][C:\pRoGrAm Files\Internet Explorer\iexplore.exe] [Microsoft Corporation, 8.00.6001.18702 (longhorn_ie8_rtm(wmbla).090308-0339)]
[F:\360\360Safe\safemon\safemon.dll] [360安全中心, 6, 3, 1, 1013]
[C:\WINDOWS\system32\UxTheme.dll] [Microsoft Corporation, 6.00.2900.5512 (xpsp.080413-2105)]
[C:\Documents and Settings\Administrator\Application Data\ampro\ampro.dll] [N/A, ]
[f:\Shark\XIAMIP~1.DLL] [XiaMi music, 0, 9, 0, 10]
[F:\Thunder Network\Thunder\ComDlls\xunleiBHO_Now.dll] [深圳市迅雷网络技术有限公司, 5,9,13,1222]
[F:\Thunder Network\Thunder\ComDlls\MSVCP71.dll] [Microsoft Corporation, 7.10.6030.0]
[F:\Thunder Network\Thunder\ComDlls\MSVCR71.dll] [Microsoft Corporation, 7.10.6030.0]
[F:\Thunder Network\Thunder\ComDlls\ATL71.DLL] [Microsoft Corporation, 7.10.6101.0]
[F:\Thunder Network\Thunder\userdata\Components\ResWorker\DsBho_00.dll] [深圳市迅雷网络技术有限公司, 1, 0, 0, 26]
[F:\Thunder Network\Thunder\userdata\Components\ResWorker\DataProcessor_00.dll] [深圳市迅雷网络技术有限公司, 1, 0, 0, 20]
[F:\360\360Safe\safemon\urlproc.dll] [360安全中心, 1, 2, 0, 1003]
[C:\WINDOWS\system32\msi.dll] [Microsoft Corporation, 4.5.6001.22159]
[f:\Rising\Rav\RavScrCh.dll] [Beijing Rising Information Technology Co., Ltd., 22, 0, 0, 26]
[F:\360\360Safe\safemon\LoadWDUI.dll] [360安全中心, 1, 0, 0, 1016]
gototop
 

回复:中了iexplore.exe病毒

文件关联

.TXT OK. [%systemroot%\system32\notepad.exe %1]
.EXE OK. ["%1" %*]
.COM OK. ["%1" %*]
.PIF OK. ["%1" %*]
.REG OK. [regedit.exe "%1"]
.BAT OK. ["%1" %*]
.SCR OK. ["%1" /S]
.CHM Error. [c:\windows\hh.exe %1]
.HLP OK. [%SystemRoot%\System32\winhlp32.exe %1]
.INI Error. [C:\WINDOWS\System32\NOTEPAD.EXE %1]
.INF OK. [%SystemRoot%\System32\NOTEPAD.EXE %1]
.VBS OK. [%SystemRoot%\System32\WScript.exe "%1" %*]
.JS OK. [%SystemRoot%\System32\WScript.exe "%1" %*]
.LNK OK. [{00021401-0000-0000-C000-000000000046}]



--------------------------------------------------------------------------------



Winsock 提供者

MSAFD Tcpip [TCP/IP]
C:\Documents and Settings\Administrator\Application Data\ampro\ampro.dll(, N/A)
MSAFD Tcpip [UDP/IP]
C:\Documents and Settings\Administrator\Application Data\ampro\ampro.dll(, N/A)
MSAFD Tcpip [RAW/IP]
C:\Documents and Settings\Administrator\Application Data\ampro\ampro.dll(, N/A)
RSVP UDP Service Provider
C:\Documents and Settings\Administrator\Application Data\ampro\ampro.dll(, N/A)
RSVP TCP Service Provider
C:\Documents and Settings\Administrator\Application Data\ampro\ampro.dll(, N/A)



--------------------------------------------------------------------------------



Autorun.inf

N/A



--------------------------------------------------------------------------------



HOSTS 文件

127.0.0.1 localhost



--------------------------------------------------------------------------------



进程特权扫描

特殊特权被允许: SeLoadDriverPrivilege [PID = 1760, C:\PROGRAM FILES\WINRAR\WINRAR.EXE]



--------------------------------------------------------------------------------



计划任务

N/A



--------------------------------------------------------------------------------



Windows 安全更新检查

N/A



--------------------------------------------------------------------------------



API HOOK

N/A



--------------------------------------------------------------------------------



隐藏进程

N/A
gototop
 
1   1  /  1  页   跳转
页面顶部
Powered by Discuz!NT