killer【sreng吧】

221.136.98.*

[CODE]

2007-01-25,12:23:24

System Repair Engineer 2.4.12.806
Smallfrogs (http://www.KZTechs.com)

Windows XP Professional Service Pack 2 (Build 2600) - 管理权限用户 - 完整功能

以下内容被选中：
    所有的启动项目（包括注册表、启动文件夹、服务等）
    浏览器加载项
    正在运行的进程（包括进程模块信息）
    文件关联
    Winsock 提供者
    Autorun.inf
    HOSTS 文件

启动项目
注册表
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
    <ctfmon.exe><C:\WINDOWS\system32\ctfmon.exe>  [(Verified)Microsoft Windows Publisher]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
    <WSockDrv32><C:\WINDOWS\muqhbj.exe>  [N/A]
    <PTSShell><C:\WINDOWS\PTSShell.exe>  []
    <LotusHlp><C:\WINDOWS\LotusHlp.exe>  []
    <NAVMon32><C:\WINDOWS\NAVMon32.exE>  []
    <WINSvr32><C:\WINDOWS\WINSvr32.exE>  []
    <SHAProc><C:\WINDOWS\SHAProc.exe>  []
    <RegSrv64D><C:\WINDOWS\ubcdpf.exe>  []
    <Kvsc3><C:\WINDOWS\Kvsc3.exE>  []
    <mppds><C:\WINDOWS\mppds.exe>  []
    <upxdnd><C:\WINDOWS\upxdnd.exe>  []
    <DbgHlp32><C:\WINDOWS\DbgHlp32.exe>  []
    <cmdbcs><C:\WINDOWS\cmdbcs.exe>  []
    <MsIMMs32><C:\WINDOWS\MsIMMs32.exE>  []
    <msccrt><C:\WINDOWS\msccrt.exe>  []
    <NVDispDrv><C:\WINDOWS\NVDispDRV.EXE>  []
    <WinSysW><C:\WINDOWS\49400L.exe>  [N/A]
    <AVPSrv><C:\WINDOWS\AVPSrv.exE>  []
    <Vmlist><regsvr32 /s apphelps.dll>  [N/A]
    <WinForm><C:\WINDOWS\WinForm.exE>  []
    <SSLDyn><C:\WINDOWS\SSLDyn.exE>  []
    <MsPrint32D><C:\WINDOWS\MsPrint32D.exe>  []
    <WinSysM><C:\WINDOWS\49400M.exe>  [N/A]
    <KernelFaultCheck><%systemroot%\system32\dumprep 0 -k>  [N/A]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run]
    <yfmy7t><rundll32 "C:\WINDOWS\Downlo~1\yfmy7t.dll",start>  [Microsoft Corporation]
    <pbwhs35k><rundll32 "C:\WINDOWS\Downlo~1\pbwhs35k.dll",Run>  [Microsoft Corporation]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
    <shell><Explorer.exe vchelp.exe>  []
    <Userinit><C:\WINDOWS\system32\userinit.exe,>  [(Verified)Microsoft Windows Publisher]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Windows]
    <AppInit_DLLs><utgnehz.dll,nauhgnem.dll,auhad.dll,nuygnef.dll,uohsom.dll,uyom.dll,gnolnait.dll,ijiq.dll,ijougiemnaw.dll,iemnaw.dll,niluw.dll,naixuhz.dll,xhtd.dll,oadgnohiac.dll,iqnauhc.dll,nahzij.dll,gnefnaib.dll,gsqq.dll,3auhad.dll,naijoad.dll,aixauh.dll,xhqq.dll,QQ.dll,hjxr.dll,zqhs.dll,oadnew.dll,dgzg.dll,hz.dll,2ty.dll,jsfg.dll,rj.dll,fmxh.dll,jmx.dll,wtwx.dll,ddtj.dll,fz.dll,gnaixnauhuoyizqq.dll,gnaixnauhqq.dll,2nauygniqaixnaij.dll,naijihzeuyouhz.dll,uyomielnux.dll,vlihzouhgnfe.dll,sfhx.dll,eve.dll,jsqc.dll,wtiemnaw.dll,dqncj.dll>  [N/A]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
    <UIHost><logonui.exe>  [(Verified)Microsoft Windows Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WgaLogon]
    <WinlogonNotify: WgaLogon><WgaLogon.dll>  [(Verified)Microsoft Corporation]

1楼2008-01-25 12:36回复

221.136.98.*

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    <AVP><; "D:\Kaspersky Lab\卡巴斯基互联网安全套装 6.0\avp.exe">  [N/A]
    <AVPSrv><; C:\WINDOWS\AVPSrv.exE>  []
    <cmdbcs><; C:\WINDOWS\cmdbcs.exe>  []
    <DbgHlp32><; C:\WINDOWS\DbgHlp32.exe>  []
    <GenProtect><; C:\WINDOWS\GenProtect.exe>  [N/A]
    <Google IME Autoupdater><; "C:\Program Files\Google\Google Pinyin\GooglePinyinDaemon.exe">  [Google Inc.]
    <KernelFaultCheck><; %systemroot%\system32\dumprep 0 -k>  [N/A]
    <Kvsc3><; C:\WINDOWS\Kvsc3.exE>  []
    <LotusHlp><; C:\WINDOWS\LotusHlp.exe>  []
    <mppds><; C:\WINDOWS\mppds.exe>  []
    <msccrt><; C:\WINDOWS\msccrt.exe>  []
    <MsIMMs32><; C:\WINDOWS\MsIMMs32.exE>  []
    <MsPrint32D><; C:\WINDOWS\MsPrint32D.exe>  []
    <NAVMon32><; C:\WINDOWS\NAVMon32.exE>  []
    <NVDispDrv><; C:\WINDOWS\NVDispDRV.EXE>  []
    <PTSShell><; C:\WINDOWS\PTSShell.exe>  []
    <RegSrv64D><; C:\WINDOWS\RegSrv64D.exE>  [N/A]
    <SHAProc><; C:\WINDOWS\SHAProc.exe>  []
    <SSLDyn><; C:\WINDOWS\SSLDyn.exe>  []
    <TkBellExe><; "C:\Program Files\Common Files\Real\Update_OB\realsched.exe"  -osboot>  [RealNetworks, Inc.]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    <updateMgr><; C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe AcRdB7_0_9>  [N/A]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    <upxdnd><; C:\WINDOWS\upxdnd.exe>  []
    <VTTimer><; VTTimer.exe>  [(Verified)Microsoft Windows Publisher]
    <VTTrayp><; VTtrayp.exe>  [(Verified)Microsoft Windows Publisher]
    <wildkwhn><; >  [N/A]
    <WinForm><; C:\WINDOWS\WinForm.exE>  []
    <WINSvr32><; C:\WINDOWS\WINSvr32.exE>  []
    <WinSysM><; C:\WINDOWS\49400M.exe>  [N/A]
    <WinSysW><; C:\WINDOWS\49400L.exe>  [N/A]
    <WSockDrv32><; C:\WINDOWS\zjydnw.exe>  []
    <XiaoiDesktop><; C:\Program Files\Incesoft\XiaoiAlerts\XiaoiUpdater.exe /hide>  [N/A]
    <yassistse><; C:\Program Files\Yahoo!\Assistant\yAssistSe.exe>  [N/A]
    <YLive.exe><; C:\PROGRA~1\Yahoo!\ASSIST~1\YLive.exe>  [N/A]

==================================
启动文件夹
N/A

==================================
服务
[4A0EF026 / 4A0EF026][Stopped/Auto Start]
  <C:\WINDOWS\system32\D5B48C21.EXE -g><Microsoft Corporation>
[C0BB5FDF / C0BB5FDF][Stopped/Auto Start]
  <C:\WINDOWS\system32\78FE7B6D.EXE -k><>
[Human Interface Device Access / HidServ][Stopped/Disabled]
  <C:\WINDOWS\System32\svchost.exe -k netsvcs-->%SystemRoot%\System32\hidserv.dll><N/A>
[DCOM Service Process Manager / MSDCOMClient16][Running/Auto Start]
  <C:\WINDOWS\system32\svchost.exe -k netsvcs-->c:\windows\inf\usbdevices.inf><N/A>
[ServicevcHelp / ServicevcHelp][Running/Auto Start]
  <C:\WINDOWS\system32\vcplay.exe><>
[System Event loader / sysloader][Stopped/Auto Start]
  <"C:\Documents and Settings\All Users\Application Data\Microsoft\Office\SYSTEM\sysloader.exe"><Microsoft>
[Windows Advanced Manager / wamer][Stopped/Auto Start]
  <"C:\Program Files\Microsoft Office\SYSTEM\dodolook_7591.exe"><N/A>
[COM+ Windows System / WinCOM][Running/Auto Start]

2楼2008-01-25 12:36

221.136.98.*

  <C:\WINDOWS\system32\wincom.exe><Microsoft Corporation>
[一起来音乐助手 / Yiqilai][Stopped/Disabled]
  <"C:\Program Files\Yiqilai\wmp\YiqilaiLyrics.exe"><Yiqilai>
[ms_2fax / ms_2fax][Running/Auto Start]
  <C:\WINDOWS\system32\8ef41.exe><Microsoft Corporation>

==================================
驱动程序
[2e0b5m / 2e0b5m][Running/Auto Start]
  <\??\C:\WINDOWS\system32\drivers\2e0b5m.sys><N/A>
[Service for WDM 3D Audio Driver / ALCXSENS][Running/Manual Start]
  <system32\drivers\ALCXSENS.SYS><Sensaura Ltd>
[Service for Realtek AC97 Audio (WDM) / ALCXWDM][Running/Manual Start]
  <system32\drivers\ALCXWDM.SYS><Realtek Semiconductor Corp.>
[CO_Mon / CO_Mon][Stopped/Manual Start]
  <\??\C:\WINDOWS\system32\Drivers\CO_Mon.sys><N/A>
[ega0i / ega0in][Running/Boot Start]
  <\SystemRoot\System32\DRIVERS\ega0in.sys><N/A>
[erac / eract][Running/Boot Start]
  <\SystemRoot\System32\DRIVERS\eract.sys><N/A>
[hwmefy5 / hwmefy51][Running/Boot Start]
  <\SystemRoot\System32\DRIVERS\hwmefy51.sys><N/A>
[jwaqty3 / jwaqty37][Running/Boot Start]
  <\SystemRoot\System32\DRIVERS\jwaqty37.sys><N/A>
[mseqsy / mseqsy][Running/Auto Start]
  <system32\DRIVERS\msacpe.sys><N/A>
[mxdispdr / mxdispdr][Running/Auto Start]
  <\??\C:\WINDOWS\system32\drivers\mxdispdr.sys><N/A>
[npkcrypt / npkcrypt][Running/Auto Start]
  <\??\C:\Program Files\Tencent\QQ\npkcrypt.sys><INCA Internet Co., Ltd.>
[olqwoikm / olqwoikm][Running/Boot Start]
  <\SystemRoot\System32\DRIVERS\olqwoikm.sys><Yahoo! China Corporation>
[Direct Parallel Link Driver / Ptilink][Running/Manual Start]
  <system32\DRIVERS\ptilink.sys><Parallel Technologies, Inc.>
[PxHelp20 / PxHelp20][Running/Boot Start]
  <\SystemRoot\System32\Drivers\PxHelp20.sys><Sonic Solutions>
[Realtek RTL8139(A/B/C)-based PCI Fast Ethernet Adapter NT Driver / rtl8139][Running/Manual Start]
  <system32\DRIVERS\RTL8139.SYS><Realtek Semiconductor Corporation>
[Secdrv / Secdrv][Stopped/Manual Start]
  <system32\DRIVERS\secdrv.sys><N/A>
[Sony USB Filter Driver (SONYPVU1) / SONYPVU1][Stopped/Manual Start]
  <system32\DRIVERS\SONYPVU1.SYS><Sony Corporation>
[TSP / TSP][Stopped/Manual Start]
  <\??\C:\WINDOWS\system32\drivers\klif.sys><N/A>
[viagfx / viagfx][Running/Manual Start]
  <system32\DRIVERS\vtmini.sys><Copyright (C) VIA/S3 Graphics Co, Ltd.>
[ViaIde / ViaIde][Running/Boot Start]
  <\SystemRoot\system32\DRIVERS\viaide.sys><Microsoft Corporation>
[winsth / winsth][Running/Boot Start]
  <\SystemRoot\system32\drivers\winsth.sys><N/A>

==================================
浏览器加载项
[Thunder Browser Helper]
  {00C104F6-0F5C-470C-ABCF-A5B2E70752F1} <c:\program files\thunder network\thunder\ComDlls\xunleiBHO_Now.dll, Thunder Networking Technologies,LTD>
[sosHlpr Class]
  {00C104F7-0F5C-470C-ABCF-A5B2E70752F1} <C:\WINDOWS\system32\abskey.dll, Microsoft Corporation>
[ThunderAtOnce Class]
  {01443AEC-0FD1-40fd-9C87-E93D1494C233} <c:\program files\thunder network\thunder\ComDlls\TDAtOnce_Now.dll, Thunder Networking Technologies,LTD>
[CAdLogic Object]
  {11F09AFD-75AD-4E51-AB43-E09E9351CE16} <C:\Program Files\Common Files\CPUSH\cpush1.dll, >

3楼2008-01-25 12:36

221.136.98.*

[get_atlcom Class]
  {CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7} <C:\WINDOWS\Downloaded Program Files\gp.ocx, NOS Microsystems Ltd.>
[Shockwave Flash Object]
  {D27CDB6E-AE6D-11CF-96B8-444553540000} <C:\WINDOWS\system32\Macromed\Flash\Flash9d.ocx, Adobe Systems, Inc.>
[XML HTTP Request]
  {ED8C108E-4349-11D2-91A4-00C04F7969E8} <%SystemRoot%\system32\msxml3.dll, N/A>
[Vod Class]
  {EEDD6FF9-13DE-496B-9A1C-D78B3215E266} <C:\Program Files\Thunder Network\Thunder\Components\DownAndPlay\DapPlayer_Now.dll, XunLei>
[XPPlayer Class]
  {F3E70CEA-956E-49CC-B444-73AFE593AD7F} <C:\Documents and Settings\All Users\Application Data\Thunder Network\KanKan\pplayer.dll_1_work, Thunder>
[XML DOM Document 3.0]
  {F5078F32-C551-11D3-89B9-0000F81FE221} <%SystemRoot%\system32\msxml3.dll, N/A>
[XML HTTP 3.0]
  {F5078F35-C551-11D3-89B9-0000F81FE221} <%SystemRoot%\system32\msxml3.dll, N/A>
[XML DOM Document]
  {F6D90F11-9C73-11D3-B32E-00C04F990BB4} <%SystemRoot%\system32\msxml3.dll, N/A>
[XML HTTP]
  {F6D90F16-9C73-11D3-B32E-00C04F990BB4} <%SystemRoot%\system32\msxml3.dll, N/A>
[IERPCtl Class]
  {FDC7A535-4070-4B92-A0EA-D9994BCC0DC5} <C:\Program Files\Real\RealPlayer\rpplugins\ierpplug.dll, RealNetworks, Inc.>
[上传到QQ网络硬盘]
  <, N/A>
[使用迅雷下载]
  <c:\program files\thunder network\thunder\Program\geturl.htm, N/A>
[使用迅雷下载全部链接]
  <c:\program files\thunder network\thunder\Program\getallurl.htm, N/A>
[导出到 Microsoft Office Excel(&X)]
  <res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000, N/A>
[添加到QQ自定义面板]
  <, N/A>
[添加到QQ表情]
  <, N/A>
[用QQ彩信发送该图片]
  <, N/A>

==================================
正在运行的进程
[PID: 480][\SystemRoot\System32\smss.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 544][\??\C:\WINDOWS\system32\csrss.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
    [C:\WINDOWS\system32\61958FAE.DLL]  [, ]
    [C:\WINDOWS\system32\iertutil.dll]  [Microsoft Corporation, 7.00.5730.13 (longhorn(wmbla).070711-1130)]
    [C:\WINDOWS\system32\Normaliz.dll]  [Microsoft Corporation, 6.0.5441.0 (winmain(wmbla).060628-1735)]
[PID: 568][\??\C:\WINDOWS\system32\winlogon.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
    [C:\WINDOWS\system32\iqnauhc.dll]  [N/A, ]
    [C:\WINDOWS\system32\Normaliz.dll]  [Microsoft Corporation, 6.0.5441.0 (winmain(wmbla).060628-1735)]
    [C:\WINDOWS\system32\iertutil.dll]  [Microsoft Corporation, 7.00.5730.13 (longhorn(wmbla).070711-1130)]
    [C:\WINDOWS\system32\WgaLogon.dll]  [Microsoft Corporation, 1.7.0018.5]
    [C:\WINDOWS\system32\msacm32.drv]  [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)]
    [C:\WINDOWS\system32\4A2CA3EF.DLL]  [Microsoft Corporation, ]
    [C:\WINDOWS\system32\61958FAE.DLL]  [, ]
    [C:\WINDOWS\system32\msplrct.dll]  [N/A, ]
[PID: 2308][C:\WINDOWS\system32\conime.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
    [C:\WINDOWS\system32\iqnauhc.dll]  [N/A, ]
    [C:\WINDOWS\system32\SSLDyn.dll]  [N/A, ]

6楼2008-01-25 12:36

221.136.98.*

    [C:\WINDOWS\system32\Normaliz.dll]  [Microsoft Corporation, 6.0.5441.0 (winmain(wmbla).060628-1735)]
    [C:\WINDOWS\system32\iertutil.dll]  [Microsoft Corporation, 7.00.5730.13 (longhorn(wmbla).070711-1130)]
    [C:\WINDOWS\system32\WinForm.dll]  [N/A, ]
    [C:\WINDOWS\system32\mppds.dll]  [N/A, ]
    [C:\WINDOWS\system32\AVPSrv.dll]  [N/A, ]
    [C:\WINDOWS\system32\MsPrint32D.dll]  [N/A, ]
    [C:\WINDOWS\system32\SHAProc.dll]  [N/A, ]
    [C:\WINDOWS\system32\NAVMon32.dll]  [N/A, ]
    [C:\WINDOWS\system32\LotusHlp.dll]  [N/A, ]
    [C:\WINDOWS\system32\PTSShell.dll]  [N/A, ]
    [C:\WINDOWS\system32\msccrt.dll]  [N/A, ]
    [C:\WINDOWS\system32\MsIMMs32.dll]  [N/A, ]
[PID: 3688][C:\WINDOWS\system32\wscntfy.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
    [C:\WINDOWS\system32\iqnauhc.dll]  [N/A, ]
    [C:\WINDOWS\system32\SSLDyn.dll]  [N/A, ]
    [C:\WINDOWS\system32\Normaliz.dll]  [Microsoft Corporation, 6.0.5441.0 (winmain(wmbla).060628-1735)]
    [C:\WINDOWS\system32\iertutil.dll]  [Microsoft Corporation, 7.00.5730.13 (longhorn(wmbla).070711-1130)]
    [C:\WINDOWS\system32\WinForm.dll]  [N/A, ]
    [C:\WINDOWS\system32\mppds.dll]  [N/A, ]
    [C:\WINDOWS\system32\AVPSrv.dll]  [N/A, ]
    [C:\WINDOWS\system32\MsPrint32D.dll]  [N/A, ]
    [C:\WINDOWS\system32\SHAProc.dll]  [N/A, ]
    [C:\WINDOWS\system32\NAVMon32.dll]  [N/A, ]
    [C:\WINDOWS\system32\LotusHlp.dll]  [N/A, ]
    [C:\WINDOWS\system32\PTSShell.dll]  [N/A, ]
    [C:\WINDOWS\system32\msccrt.dll]  [N/A, ]
    [C:\WINDOWS\system32\MsIMMs32.dll]  [N/A, ]
[PID: 4024][c:\windows\system32\ctfmon.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
    [c:\windows\system32\iqnauhc.dll]  [N/A, ]
    [C:\WINDOWS\system32\Normaliz.dll]  [Microsoft Corporation, 6.0.5441.0 (winmain(wmbla).060628-1735)]
    [C:\WINDOWS\system32\iertutil.dll]  [Microsoft Corporation, 7.00.5730.13 (longhorn(wmbla).070711-1130)]
    [C:\WINDOWS\system32\SSLDyn.dll]  [N/A, ]
    [C:\WINDOWS\system32\WinForm.dll]  [N/A, ]
    [C:\WINDOWS\system32\AVPSrv.dll]  [N/A, ]
    [C:\WINDOWS\system32\mppds.dll]  [N/A, ]
    [C:\WINDOWS\system32\SHAProc.dll]  [N/A, ]
    [C:\WINDOWS\system32\MsPrint32D.dll]  [N/A, ]
    [C:\WINDOWS\system32\NAVMon32.dll]  [N/A, ]
    [C:\WINDOWS\system32\LotusHlp.dll]  [N/A, ]
    [C:\WINDOWS\system32\msccrt.dll]  [N/A, ]
    [C:\WINDOWS\system32\PTSShell.dll]  [N/A, ]
    [C:\WINDOWS\system32\MsIMMs32.dll]  [N/A, ]
[PID: 4308][C:\WINDOWS\system32\RUNDLL32.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
    [C:\WINDOWS\system32\iqnauhc.dll]  [N/A, ]
    [C:\PROGRA~1\COMMON~1\CPUSH\cpush1.dll]  [, 1.0.7.1]
    [C:\WINDOWS\system32\Normaliz.dll]  [Microsoft Corporation, 6.0.5441.0 (winmain(wmbla).060628-1735)]
    [C:\WINDOWS\system32\iertutil.dll]  [Microsoft Corporation, 7.00.5730.13 (longhorn(wmbla).070711-1130)]
    [C:\WINDOWS\system32\SSLDyn.dll]  [N/A, ]
    [C:\WINDOWS\system32\WinForm.dll]  [N/A, ]
    [C:\WINDOWS\system32\mppds.dll]  [N/A, ]

7楼2008-01-25 12:36

221.136.98.*

    [C:\WINDOWS\system32\AVPSrv.dll]  [N/A, ]
    [C:\WINDOWS\system32\MsPrint32D.dll]  [N/A, ]
    [C:\WINDOWS\system32\SHAProc.dll]  [N/A, ]
    [C:\WINDOWS\system32\NAVMon32.dll]  [N/A, ]
    [C:\WINDOWS\system32\LotusHlp.dll]  [N/A, ]
    [C:\WINDOWS\system32\PTSShell.dll]  [N/A, ]
    [C:\WINDOWS\system32\msccrt.dll]  [N/A, ]
    [C:\WINDOWS\system32\MsIMMs32.dll]  [N/A, ]
[PID: 8168][C:\WINDOWS\system32\RUNDLL32.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
    [C:\WINDOWS\system32\iqnauhc.dll]  [N/A, ]
    [C:\PROGRA~1\COMMON~1\CPUSH\cpush1.dll]  [, 1.0.7.1]
    [C:\WINDOWS\system32\Normaliz.dll]  [Microsoft Corporation, 6.0.5441.0 (winmain(wmbla).060628-1735)]
    [C:\WINDOWS\system32\iertutil.dll]  [Microsoft Corporation, 7.00.5730.13 (longhorn(wmbla).070711-1130)]
    [C:\WINDOWS\system32\SSLDyn.dll]  [N/A, ]
    [C:\WINDOWS\system32\WinForm.dll]  [N/A, ]
    [C:\WINDOWS\system32\mppds.dll]  [N/A, ]
    [C:\WINDOWS\system32\AVPSrv.dll]  [N/A, ]
    [C:\WINDOWS\system32\MsPrint32D.dll]  [N/A, ]
    [C:\WINDOWS\system32\SHAProc.dll]  [N/A, ]
    [C:\WINDOWS\system32\NAVMon32.dll]  [N/A, ]
    [C:\WINDOWS\system32\LotusHlp.dll]  [N/A, ]
    [C:\WINDOWS\system32\PTSShell.dll]  [N/A, ]
    [C:\WINDOWS\system32\msccrt.dll]  [N/A, ]
    [C:\WINDOWS\system32\MsIMMs32.dll]  [N/A, ]
[PID: 8644][C:\WINDOWS\system32\RUNDLL32.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
    [C:\WINDOWS\system32\iqnauhc.dll]  [N/A, ]
    [C:\PROGRA~1\COMMON~1\CPUSH\cpush1.dll]  [, 1.0.7.1]
    [C:\WINDOWS\system32\Normaliz.dll]  [Microsoft Corporation, 6.0.5441.0 (winmain(wmbla).060628-1735)]
    [C:\WINDOWS\system32\iertutil.dll]  [Microsoft Corporation, 7.00.5730.13 (longhorn(wmbla).070711-1130)]
    [C:\WINDOWS\system32\SSLDyn.dll]  [N/A, ]
    [C:\WINDOWS\system32\WinForm.dll]  [N/A, ]
    [C:\WINDOWS\system32\mppds.dll]  [N/A, ]
    [C:\WINDOWS\system32\AVPSrv.dll]  [N/A, ]
    [C:\WINDOWS\system32\MsPrint32D.dll]  [N/A, ]
    [C:\WINDOWS\system32\SHAProc.dll]  [N/A, ]
    [C:\WINDOWS\system32\NAVMon32.dll]  [N/A, ]
    [C:\WINDOWS\system32\LotusHlp.dll]  [N/A, ]
    [C:\WINDOWS\system32\PTSShell.dll]  [N/A, ]
    [C:\WINDOWS\system32\msccrt.dll]  [N/A, ]
    [C:\WINDOWS\system32\MsIMMs32.dll]  [N/A, ]
[PID: 8980][C:\WINDOWS\system32\RUNDLL32.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
    [C:\WINDOWS\system32\iqnauhc.dll]  [N/A, ]
    [C:\PROGRA~1\COMMON~1\CPUSH\cpush1.dll]  [, 1.0.7.1]
    [C:\WINDOWS\system32\Normaliz.dll]  [Microsoft Corporation, 6.0.5441.0 (winmain(wmbla).060628-1735)]
    [C:\WINDOWS\system32\iertutil.dll]  [Microsoft Corporation, 7.00.5730.13 (longhorn(wmbla).070711-1130)]
    [C:\WINDOWS\system32\SSLDyn.dll]  [N/A, ]
    [C:\WINDOWS\system32\WinForm.dll]  [N/A, ]
    [C:\WINDOWS\system32\mppds.dll]  [N/A, ]
    [C:\WINDOWS\system32\AVPSrv.dll]  [N/A, ]
    [C:\WINDOWS\system32\MsPrint32D.dll]  [N/A, ]
    [C:\WINDOWS\system32\SHAProc.dll]  [N/A, ]
    [C:\WINDOWS\system32\NAVMon32.dll]  [N/A, ]

8楼2008-01-25 12:36

221.136.98.*

    [C:\WINDOWS\system32\LotusHlp.dll]  [N/A, ]
    [C:\WINDOWS\system32\PTSShell.dll]  [N/A, ]
    [C:\WINDOWS\system32\msccrt.dll]  [N/A, ]
    [C:\WINDOWS\system32\MsIMMs32.dll]  [N/A, ]
[PID: 8628][C:\WINDOWS\system32\RUNDLL32.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
    [C:\WINDOWS\system32\iqnauhc.dll]  [N/A, ]
    [C:\PROGRA~1\COMMON~1\CPUSH\cpush1.dll]  [, 1.0.7.1]
    [C:\WINDOWS\system32\Normaliz.dll]  [Microsoft Corporation, 6.0.5441.0 (winmain(wmbla).060628-1735)]
    [C:\WINDOWS\system32\iertutil.dll]  [Microsoft Corporation, 7.00.5730.13 (longhorn(wmbla).070711-1130)]
    [C:\WINDOWS\system32\SSLDyn.dll]  [N/A, ]
    [C:\WINDOWS\system32\WinForm.dll]  [N/A, ]
    [C:\WINDOWS\system32\mppds.dll]  [N/A, ]
    [C:\WINDOWS\system32\AVPSrv.dll]  [N/A, ]
    [C:\WINDOWS\system32\MsPrint32D.dll]  [N/A, ]
    [C:\WINDOWS\system32\SHAProc.dll]  [N/A, ]
    [C:\WINDOWS\system32\NAVMon32.dll]  [N/A, ]
    [C:\WINDOWS\system32\LotusHlp.dll]  [N/A, ]
    [C:\WINDOWS\system32\PTSShell.dll]  [N/A, ]
    [C:\WINDOWS\system32\msccrt.dll]  [N/A, ]
    [C:\WINDOWS\system32\MsIMMs32.dll]  [N/A, ]
[PID: 11424][C:\WINDOWS\system32\RUNDLL32.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
    [C:\WINDOWS\system32\iqnauhc.dll]  [N/A, ]
    [C:\PROGRA~1\COMMON~1\CPUSH\cpush1.dll]  [, 1.0.7.1]
    [C:\WINDOWS\system32\Normaliz.dll]  [Microsoft Corporation, 6.0.5441.0 (winmain(wmbla).060628-1735)]
    [C:\WINDOWS\system32\iertutil.dll]  [Microsoft Corporation, 7.00.5730.13 (longhorn(wmbla).070711-1130)]
    [C:\WINDOWS\system32\SSLDyn.dll]  [N/A, ]
    [C:\WINDOWS\system32\WinForm.dll]  [N/A, ]
    [C:\WINDOWS\system32\mppds.dll]  [N/A, ]
    [C:\WINDOWS\system32\AVPSrv.dll]  [N/A, ]
    [C:\WINDOWS\system32\MsPrint32D.dll]  [N/A, ]
    [C:\WINDOWS\system32\SHAProc.dll]  [N/A, ]
    [C:\WINDOWS\system32\NAVMon32.dll]  [N/A, ]
    [C:\WINDOWS\system32\LotusHlp.dll]  [N/A, ]
    [C:\WINDOWS\system32\PTSShell.dll]  [N/A, ]
    [C:\WINDOWS\system32\msccrt.dll]  [N/A, ]
    [C:\WINDOWS\system32\MsIMMs32.dll]  [N/A, ]
[PID: 12220][C:\WINDOWS\system32\RUNDLL32.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
    [C:\WINDOWS\system32\iqnauhc.dll]  [N/A, ]
    [C:\PROGRA~1\COMMON~1\CPUSH\cpush1.dll]  [, 1.0.7.1]
    [C:\WINDOWS\system32\Normaliz.dll]  [Microsoft Corporation, 6.0.5441.0 (winmain(wmbla).060628-1735)]
    [C:\WINDOWS\system32\iertutil.dll]  [Microsoft Corporation, 7.00.5730.13 (longhorn(wmbla).070711-1130)]
    [C:\WINDOWS\system32\SSLDyn.dll]  [N/A, ]
    [C:\WINDOWS\system32\WinForm.dll]  [N/A, ]
    [C:\WINDOWS\system32\mppds.dll]  [N/A, ]
    [C:\WINDOWS\system32\AVPSrv.dll]  [N/A, ]
    [C:\WINDOWS\system32\MsPrint32D.dll]  [N/A, ]
    [C:\WINDOWS\system32\SHAProc.dll]  [N/A, ]
    [C:\WINDOWS\system32\NAVMon32.dll]  [N/A, ]
    [C:\WINDOWS\system32\LotusHlp.dll]  [N/A, ]
    [C:\WINDOWS\system32\PTSShell.dll]  [N/A, ]
    [C:\WINDOWS\system32\msccrt.dll]  [N/A, ]
    [C:\WINDOWS\system32\MsIMMs32.dll]  [N/A, ]

9楼2008-01-25 12:36

221.136.98.*

    [C:\WINDOWS\system32\iertutil.dll]  [Microsoft Corporation, 7.00.5730.13 (longhorn(wmbla).070711-1130)]
    [C:\WINDOWS\system32\iqnauhc.dll]  [N/A, ]
    [C:\WINDOWS\system32\Normaliz.dll]  [Microsoft Corporation, 6.0.5441.0 (winmain(wmbla).060628-1735)]
[PID: 1524][c:\program files\thunder network\thunder\Program\Thunder5.exe]  [Thunder Networking Technologies,LTD, 5, 6, 7, 326]
    [C:\WINDOWS\system32\Normaliz.dll]  [Microsoft Corporation, 6.0.5441.0 (winmain(wmbla).060628-1735)]
    [C:\WINDOWS\system32\iertutil.dll]  [Microsoft Corporation, 7.00.5730.13 (longhorn(wmbla).070711-1130)]
    [C:\WINDOWS\system32\iqnauhc.dll]  [N/A, ]
    [c:\program files\thunder network\thunder\Program\TaskManager.dll]  [Thunder Networking Technologies,LTD, 1, 1, 2, 26]
    [c:\program files\thunder network\thunder\Program\download_interface.dll]  [Thunder Networking Technologies,LTD, 1, 0, 0, 46]
    [c:\program files\thunder network\thunder\Program\stlport_vc646.dll]  [STLport Consulting, Inc., 4.6.2003.1031]
    [c:\program files\thunder network\thunder\Program\asyn_dns.dll]  [Thunder Networking Technologies,LTD, 1, 0, 0, 46]
    [c:\program files\thunder network\thunder\Program\BHOStub.dll]  [Thunder Networking Technologies,LTD, 1, 1, 0, 8]
    [c:\program files\thunder network\thunder\Components\DownAndPlay\DownAndPlay.dll]  [, 1, 0, 0, 18]
    [C:\WINDOWS\system32\MsIMMs32.dll]  [N/A, ]
    [C:\WINDOWS\system32\PTSShell.dll]  [N/A, ]
    [C:\WINDOWS\system32\msccrt.dll]  [N/A, ]
    [C:\WINDOWS\system32\LotusHlp.dll]  [N/A, ]
    [C:\WINDOWS\system32\NAVMon32.dll]  [N/A, ]
    [C:\WINDOWS\system32\MsPrint32D.dll]  [N/A, ]
    [C:\WINDOWS\system32\SHAProc.dll]  [N/A, ]
    [C:\WINDOWS\system32\mppds.dll]  [N/A, ]
    [C:\WINDOWS\system32\AVPSrv.dll]  [N/A, ]
    [C:\WINDOWS\system32\SSLDyn.dll]  [N/A, ]
    [C:\WINDOWS\system32\WinForm.dll]  [N/A, ]
    [C:\WINDOWS\system32\Kvsc3.dll]  [N/A, ]
    [c:\program files\thunder network\thunder\Program\iTargetAD.dll]  [Thunder Networking Technologies,LTD, 1, 0, 2, 28]
    [C:\WINDOWS\system32\Macromed\Flash\Flash9d.ocx]  [Adobe Systems, Inc., 9,0,47,0]
    [C:\WINDOWS\system32\msacm32.drv]  [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)]
    [C:\WINDOWS\system32\ieframe.dll]  [Microsoft Corporation, 7.00.5730.13 (longhorn(wmbla).070711-1130)]
    [c:\program files\thunder network\thunder\Components\InMedia\iEmbedShell.dll]  [　, 1, 0, 0, 19]
    [c:\program files\thunder network\thunder\Components\Community\XLCommunity.dll]  [Thunder Networking Technologies,LTD, 1, 2, 1, 36]
    [c:\program files\thunder network\thunder\Components\Security\ThunderSafe.dll]  [深圳市迅雷网络技术有限公司, 1, 0, 2, 17]
    [c:\program files\thunder network\thunder\Components\Search\XLSearch.dll]  [Thunder Networking Technologies,LTD, 1, 1, 4, 15]
    [c:\program files\thunder network\thunder\Components\P4PClient\P4PClient.dll]  [Thunder Networking Technologies,LTD, 2, 2, 2, 55]
    [c:\program files\thunder network\thunder\Program\LiveUpdate.dll]  [Thunder Networking Technologies,LTD, 1, 2, 1, 20]

11楼2008-01-25 12:36

221.136.98.*

    [c:\program files\thunder network\thunder\Components\ExplorerHelper\ExplorerHelper.dll]  [Thunder Networking Technologies,LTD, 1, 0, 4, 15]
    [c:\program files\thunder network\thunder\Components\Tips\TipsClient.dll]  [Thunder Networking Technologies,LTD, 2, 2, 9, 97]
    [c:\program files\thunder network\thunder\Components\VPSHELL\VPSHELL.dll]  [XunLei, 1, 2, 0, 10]
    [c:\program files\thunder network\thunder\Components\UserExperience\UserExperience.dll]  [Thunder Networking Technologies,LTD, 1, 0, 0, 1]
    [c:\program files\thunder network\thunder\Components\ResWorker\DsXlCom.dll]  [, 1, 0, 0, 16]
    [C:\Program Files\Thunder Network\Thunder\Components\InMedia\iEmbed10.dll]  [　, 3, 3, 1, 83]
    [c:\program files\thunder network\thunder\Program\RegisterDll.dll]  [Thunder Networking Technologies,LTD, 2, 13, 4, 58]
    [c:\program files\thunder network\thunder\Program\MSVCIRT.dll]  [Microsoft Corporation, 7.0.2600.2180 (xpsp_sp2_rtm.040803-2158)]
    [c:\program files\thunder network\thunder\Program\XLNet.Dll]  [Thunder Networking Technologies,LTD, 1, 2, 0, 8]
    [c:\program files\thunder network\thunder\Plugins\GouGouTop\GouGouTop.dll]  [Thunder Networking Technologies,LTD, 1, 0, 0, 1]
    [c:\program files\thunder network\thunder\Plugins\BhoAdv\bho_adv.dll]  [深圳市迅雷网络技术有限公司, 1.0.1.0]
    [c:\program files\thunder network\thunder\Components\DownloadStat\DownloadStat.dll]  [深圳市迅雷网络技术有限公司, 1, 2, 0, 4]
    [C:\Program Files\Thunder Network\Thunder\Components\DownAndPlay\DapPlayer_Now.dll]  [XunLei, 1, 0, 1, 44]
    [c:\program files\thunder network\thunder\Plugins\KanKanTop\KanKanTop.dll]  [Thunder Networking Technologies,LTD, 1, 0, 0, 2]
    [c:\program files\thunder network\thunder\Components\VPSHELL\VideoPicture.dll]  [XunLei, 1, 2, 0, 11]
    [c:\program files\thunder network\thunder\Components\ResWorker\DataProcessor_00.dll]  [Thunder Networking Technologies,LTD, 1, 0, 0, 6]
    [c:\program files\thunder network\thunder\Components\ResWorker\MediaWorker.dll]  [Thunder Networking Technologies,LTD, 1, 2, 0, 18]
    [C:\WINDOWS\system32\msdmo.dll]  [, ]
    [c:\program files\thunder network\thunder\Components\Tips\XLIPC.DLL]  [Thunder Networking Technologies,LTD, 1, 0, 0, 2]
[PID: 12668][c:\program files\thunder network\thunder\Components\Tips\TipsExtend.exe]  [Thunder Networking Technologies,LTD, 1, 0, 2, 8]
    [C:\WINDOWS\system32\iqnauhc.dll]  [N/A, ]
    [c:\program files\thunder network\thunder\Components\Tips\XLIPC.DLL]  [Thunder Networking Technologies,LTD, 1, 0, 0, 2]
    [C:\WINDOWS\system32\MsIMMs32.dll]  [N/A, ]
    [C:\WINDOWS\system32\Normaliz.dll]  [Microsoft Corporation, 6.0.5441.0 (winmain(wmbla).060628-1735)]
    [C:\WINDOWS\system32\iertutil.dll]  [Microsoft Corporation, 7.00.5730.13 (longhorn(wmbla).070711-1130)]
    [C:\WINDOWS\system32\Macromed\Flash\Flash9d.ocx]  [Adobe Systems, Inc., 9,0,47,0]
    [C:\WINDOWS\system32\PTSShell.dll]  [N/A, ]
    [C:\WINDOWS\system32\msccrt.dll]  [N/A, ]
    [C:\WINDOWS\system32\LotusHlp.dll]  [N/A, ]

12楼2008-01-25 12:36

221.136.98.*

    [C:\WINDOWS\system32\NAVMon32.dll]  [N/A, ]
    [C:\WINDOWS\system32\MsPrint32D.dll]  [N/A, ]
    [C:\WINDOWS\system32\SHAProc.dll]  [N/A, ]
    [C:\WINDOWS\system32\mppds.dll]  [N/A, ]
    [C:\WINDOWS\system32\AVPSrv.dll]  [N/A, ]
    [C:\WINDOWS\system32\SSLDyn.dll]  [N/A, ]
    [C:\WINDOWS\system32\WinForm.dll]  [N/A, ]
    [C:\WINDOWS\system32\msacm32.drv]  [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)]
    [C:\WINDOWS\system32\ieframe.dll]  [Microsoft Corporation, 7.00.5730.13 (longhorn(wmbla).070711-1130)]
[PID: 12440][c:\win.exe]  [N/A, ]
    [C:\WINDOWS\system32\iertutil.dll]  [Microsoft Corporation, 7.00.5730.13 (longhorn(wmbla).070711-1130)]
    [C:\WINDOWS\system32\iqnauhc.dll]  [N/A, ]
    [C:\WINDOWS\system32\Normaliz.dll]  [Microsoft Corporation, 6.0.5441.0 (winmain(wmbla).060628-1735)]

==================================
文件关联
.TXT  Error. [C:\WINDOWS\notepad.exe %1]
.EXE  OK. ["%1" %*]
.COM  OK. ["%1" %*]
.PIF  OK. ["%1" %*]
.REG  OK. [regedit.exe "%1"]
.BAT  OK. ["%1" %*]
.SCR  OK. ["%1" /S]
.CHM  Error. ["hh.exe" %1]
.HLP  OK. [%SystemRoot%\system32\winhlp32.exe %1]
.INI  Error. [C:\WINDOWS\System32\NOTEPAD.EXE %1]
.INF  OK. [%SystemRoot%\system32\NOTEPAD.EXE %1]
.VBS  OK. [%SystemRoot%\System32\WScript.exe "%1" %*]
.JS   OK. [%SystemRoot%\System32\WScript.exe "%1" %*]
.LNK  OK. [{00021401-0000-0000-C000-000000000046}]

==================================
Winsock 提供者
N/A

==================================
Autorun.inf
[C:\]
[AutoRun]
open=auto.exe
shellexecute=auto.exe
shell\Auto\command=auto.exe
[D:\]
[AutoRun]
open=auto.exe
shellexecute=auto.exe
shell\Auto\command=auto.exe
[E:\]
[AutoRun]
open=auto.exe
shellexecute=auto.exe
shell\Auto\command=auto.exe
[F:\]
[AutoRun]
open=auto.exe
shellexecute=auto.exe
shell\Auto\command=auto.exe

==================================
HOSTS 文件
127.0.0.1       localhost

==================================
API HOOK
入口点错误：CreateProcessW (危险等级: 一般,  被下面模块所HOOK: C:\WINDOWS\system32\MsIMMs32.dll)

==================================
隐藏进程
    [2508] C:\WINDOWS\system32\wincom.exe

==================================

[/CODE]

13楼2008-01-25 12:36

日	一	二	三	四	五	六

killer

登录百度账号

扫二维码下载贴吧客户端