‹‹ 上一主题 | 下一主题 ››
发新话题
打印

[求助] dodolook变种【adware 一般可以无视 080815】

ksef0560499

新兵

积分
威望
17  
元宝
0  
铜钱
14  
1楼 发表于 2008-8-15 16:15  只看该作者

dodolook变种【adware 一般可以无视 080815】

MdmDownLoader
dodolook变种           金山怎么杀不了   高手

[ 本帖最后由 一把锈剑 于 2008-8-15 16:20 编辑 ]

TOP

一把锈剑

菜苗助长队


上将(超级版主)

奋青代表队-常任理事

积分
11442 
威望
20385  
元宝
89  
铜钱
6494  

最勤奋版主 天才奖 最拉风人物 吃喝玩乐总指挥 毒霸MVP勋章 杀软原创技术写手勋章 爱毒霸社区技术大师

2楼 发表于 2008-8-15 16:21  只看该作者
使用sreng智能扫描个日志贴上来 有助分析问题(请不要修改日志内容,扫描时请关闭所有手动打开的程序,复制上来如果不能显示的 请去掉日志前面的[CODE]),不能运行请尝试改名为 ko.scr运行

扫描前关闭所有手工打开的软件和窗口,扫描后将日志发上来.但请不要用附件形式贴.

SRENG 官方下载页面
机器狗/AV终结者/磁碟机
金山系统急救箱
一把锈剑的一亩三分地
请新会员务必关注 新手入门版块 <strong>

TOP

ksef0560499

新兵

积分
威望
17  
元宝
0  
铜钱
14  
3楼 发表于 2008-8-15 16:34  只看该作者

急~~~~

复制内容到剪贴板
代码:
2008-08-15,16:32:35

System Repair Engineer 2.6.12.1018
Smallfrogs (http://www.KZTechs.com)

Windows XP Professional Service Pack 2 (Build 2600) - 管理权限用户 - 完整功能

以下内容被选中:
    所有的启动项目(包括注册表、启动文件夹、服务等)
    浏览器加载项
    正在运行的进程(包括进程模块信息)
    文件关联
    Winsock 提供者
    Autorun.inf
    HOSTS 文件
    进程特权扫描


启动项目
注册表
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
    <ctfmon.exe><C:\WINDOWS\system32\ctfmon.exe>  [(Verified)Microsoft Windows Publisher]
    <KavPFW><"F:\金山毒霸\Kingsoft Internet Security 2008\KPFW32.EXE" -startup>  [(Verified)"Zhuhai  Kingsoft Software Co.,Ltd"]
[HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows]
    <load><>  [N/A]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
    <TkBellExe><"C:\Program Files\Common Files\Real\Update_OB\realsched.exe"  -osboot>  [RealNetworks, Inc.]
    <RavTask><"C:\Program Files\Rising\Rav\RavTask.exe" -system>  [(Verified)Beijing Rising Science and Technology Corporation Limited]
    <NvCplDaemon><RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup>  [NVIDIA Corporation]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\RunOnce]
    <DUBA_TOOLS><F:\新建文件夹 (2)\DubaTool_AV_Killer.exe /C>  []
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
    <shell><Explorer.exe>  [(Verified)Microsoft Windows Component Publisher]
    <Userinit><C:\WINDOWS\system32\userinit.exe>  [(Verified)Microsoft Windows Publisher]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Windows]
    <AppInit_DLLs><>  [N/A]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
    <UIHost><logonui.exe>  [(Verified)Microsoft Windows Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
    <{32CD708B-60A7-4C00-9377-D73EAA495F0F}><C:\WINDOWS\system32\RavExt.dll>  [(Verified)Beijing Rising Science and Technology Corporation Limited]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\>{26923b43-4d38-484f-9b9e-de460746276c}]
    <Internet Explorer><%systemroot%\system32\shmgrate.exe OCInstallUserConfigIE>  [File is missing]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\>{881dd1c5-3dcf-431b-b061-f3f88e8be88a}]
    <Outlook Express><%systemroot%\system32\shmgrate.exe OCInstallUserConfigOE>  [File is missing]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{2C7339CF-2B09-4501-B3F3-F3508C9228ED}]
    <Themes Setup><%SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll>  [File is missing]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{44BBA840-CC51-11CF-AAFA-00AA00B6015C}]
    <Microsoft Outlook Express 6><"%ProgramFiles%\Outlook Express\setup50.exe" /APP:OE /CALLER:WINNT /user /install>  [File is missing]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{44BBA842-CC51-11CF-AAFA-00AA00B6015B}]
    <NetMeeting 3.01><rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msnetmtg.inf,NetMtg.Remove.PerUser.NT>  [(Verified)Microsoft Windows Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{5945c046-1e7d-11d1-bc44-00c04fd912be}]
    <Windows Messenger 4.7><rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msmsgs.inf,BLC.QuietInstall.PerUser>  [(Verified)Microsoft Windows Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{6BF52A52-394A-11d3-B153-00C04F79FAA6}]
    <Microsoft Windows Media Player><rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\wmp10.inf,PerUserStub>  [(Verified)Microsoft Windows Component Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{7790769C-0471-11d2-AF11-00C04FA35D02}]
    <通讯簿 6><"%ProgramFiles%\Outlook Express\setup50.exe" /APP:WAB /CALLER:WINNT /user /install>  [File is missing]

==================================
启动文件夹
[星空极速3.0]
  <C:\Documents and Settings\All Users\「开始」菜单\程序\启动\星空极速3.0.lnk --> C:\PROGRA~1\ChinaNet\VNETCL~1.EXE []><N>

==================================
服务
[3ware Controller Service / 3wareSrv][Stopped/Auto Start]
  <C:\WINDOWS\System32\3wareSrv.exe><N/A>
[Contrl Center of Storm Media / ccosm][Stopped/Disabled]
  <C:\Program Files\StormII\stormliv.exe /asservice><北京暴风网际科技有限公司>
[Help and Support / helpsvc][Stopped/Disabled]
  <C:\WINDOWS\System32\svchost.exe -k netsvcs-->%WINDIR%\PCHealth\HelpCtr\Binaries\pchsvc.dll><N/A>
[Human Interface Device Access / HidServ][Stopped/Boot Start]
  <\SystemRoot\C:\WINDOWS\System32\svchost.exe -k netsvcs-->%SystemRoot%\System32\hidserv.dll><N/A>
[Kingsoft Personal Firewall Service / KPfwSvc][Running/Auto Start]
  <"F:\金山毒霸\Kingsoft Internet Security 2008\KPfwSvc.EXE"><Kingsoft Corporation>
[NetMeeting Remote Desktop Sharing / mnmsrvc][Stopped/Disabled]
  <C:\WINDOWS\system32\mnmsrvc.exe><(File is missing)>
[NVIDIA Display Driver Service / NVSvc][Running/Auto Start]
  <C:\WINDOWS\system32\nvsvc32.exe><NVIDIA Corporation>
[Rising Process Communication Center / RsCCenter][Running/Auto Start]
  <"C:\Program Files\Rising\Rav\CCenter.exe"><Beijing Rising Technology Co., Ltd.>
[Rising RealTime Monitor / RsRavMon][Stopped/Auto Start]
  <"C:\PROGRAM FILES\RISING\RAV\Ravmond.exe"><Beijing Rising Technology Co., Ltd.>
[Audio Service / STacSV][Running/Auto Start]
  <C:\WINDOWS\system32\STacSV.exe><IDT, Inc.>
[ACWSIVCWQ / IYPKTNJFPN][Others/Auto Start]
  <C:\WINDOWS\system32\svchost.exe -k BJLKFBRTDHGG-->C:\Windows\system32\wbem\TENKDA.DLL><N/A>

==================================
驱动程序
[aaatimeo / aaatimeo][Running/Boot Start]
  <\SystemRoot\system32\DRIVERS\aaatimeo.sys><Microsoft Corporation>
[AFAMgt / AFAMgt][Running/Boot Start]
  <\SystemRoot\system32\DRIVERS\afamgt.sys><Adaptec, Inc.>
[ahcix86 / ahcix86][Running/Boot Start]
  <\SystemRoot\system32\DRIVERS\ahcix86.sys><ATI Technologies Inc.>
[AliIde / AliIde][Running/Boot Start]
  <\SystemRoot\system32\DRIVERS\aliide.sys><ALi Corporation>
[AMD AGP Bus Filter Driver / amdagp][Running/Boot Start]
  <\SystemRoot\system32\DRIVERS\amdagp.sys><Advanced Micro Devices, Inc.>
[amdbusdr / amdbusdr][Running/Boot Start]
  <\SystemRoot\system32\DRIVERS\amdbusdr.sys><AMD>
[AMD EIDE 驱动程衼E / amdeide][Running/Boot Start]
  <\SystemRoot\system32\DRIVERS\AmdEide.sys><AMD>
[AMD K8 Processor Driver / AmdK8][Stopped/Manual Start]
  <System32\DRIVERS\amdk8.sys><Advanced Micro Devices>
[apcdli / apcdli][Stopped/Auto Start]
  <\??\C:\Program Files\Microsoft Office\SYSTEM\apcdli.sys><N/A>
[SiI-3112 SATALink  Controller / ASH1205][Running/Boot Start]
  <\SystemRoot\system32\DRIVERS\ASH1205.sys><Silicon Image, Inc.>
[ata1200a / ata1200a][Running/Boot Start]
  <\SystemRoot\system32\DRIVERS\ata1200a.sys><Adaptec, Inc.>
[atiide / atiide][Running/Boot Start]
  <\SystemRoot\system32\DRIVERS\atiide.sys><ATI Technologies Inc.>
[Promise driver accelerator / bb-run][Running/Boot Start]
  <\SystemRoot\system32\DRIVERS\bb-run.sys><Promise Technology, Inc.>
[DELL CERC SATA 1.5/6ch RAID Miniport Driver / cercsr6][Running/Boot Start]
  <\SystemRoot\system32\DRIVERS\cercsr6.sys><Adaptec, Inc.>
[CmdIde / CmdIde][Running/Boot Start]
  <\SystemRoot\system32\DRIVERS\cmdide.sys><CMD Technology, Inc.>
[Cpq32fs2 / Cpq32fs2][Running/Boot Start]
  <\SystemRoot\system32\DRIVERS\Cpq32fs2.sys><Hewlett-Packard Company>
[Promise Removable Disk Control Driver / dontgo][Running/Boot Start]
  <\SystemRoot\system32\DRIVERS\DontGo.sys><Promise Technology, Inc.>
[fttxr52P / fttxr52P][Running/Boot Start]
  <\SystemRoot\system32\DRIVERS\fttxr52P.sys><Promise Technology, Inc.>
[gk3 / gk3q][Running/Boot Start]
  <\SystemRoot\System32\DRIVERS\gk3q.sys><>
[Microsoft UAA Bus Driver for High Definition Audio / HDAudBus][Running/Manual Start]
  <system32\DRIVERS\HDAudBus.sys><Windows (R) Server 2003 DDK provider>
[HookCont / HookCont][Running/System Start]
  <\SystemRoot\system32\drivers\HookCont.sys><Beijing Rising Technology Co., Ltd>
[HookNtos / HookNtos][Running/System Start]
  <\SystemRoot\system32\drivers\HookNtos.sys><Beijing Rising Technology Co., Ltd>
[HookReg / HookReg][Running/System Start]
  <\SystemRoot\system32\drivers\HookReg.sys><Beijing Rising Technology Co., Ltd>
[HookSys / HookSys][Running/System Start]
  <\SystemRoot\system32\drivers\HookSys.sys><Beijing Rising Technology Co., Ltd>
[HpCISSm2 / HpCISSm2][Running/Boot Start]
  <\SystemRoot\system32\DRIVERS\HpCISSm2.sys><Hewlett-Packard Company>
[hptmv6 / hptmv6][Stopped/Boot Start]
  <\SystemRoot\system32\DRIVERS\hptmv6.sys><HighPoint Technologies, Inc.>
[Intel  RAID Controller / iaStor55][Running/Boot Start]
  <\SystemRoot\system32\DRIVERS\iaStor55.sys><Intel Corporation>
[Intel RAID  Controller / iaStor70][Running/Boot Start]
  <\SystemRoot\system32\DRIVERS\iaStor70.sys><Intel Corporation>
[KAVBase / KAVBase][Running/Auto Start]
  <\??\C:\WINDOWS\system32\Drivers\KAVBase.sys><Kingsoft Corporation>
[KAVBootC / KAVBootC][Running/Boot Start]
  <\SystemRoot\system32\Drivers\KAVBootC.sys><Kingsoft Corporation>
[KAVSafe / KAVSafe][Running/Auto Start]
  <\??\C:\WINDOWS\system32\Drivers\KAVSafe.sys><Kingsoft Corporation>
[kcpvbogm / kcpvbogm][Stopped/Boot Start]
  <\SystemRoot\system32\drivers\kcpvbogm.sys><N/A>
[KNetWch / KNetWch][Running/System Start]
  <\??\F:\金山毒霸\Kingsoft Internet Security 2008\KNetWch.SYS><Kingsoft Corporation>
[KWatch3 / KWatch3][Running/Auto Start]
  <\??\C:\WINDOWS\system32\drivers\KWatch3.SYS><Kingsoft Corporation>
[mv61xx / mv61xx][Running/Boot Start]
  <\SystemRoot\system32\DRIVERS\mv61xx.sys><Marvell Semiconductor, Inc.>
[mvSata / mvSata][Running/Boot Start]
  <\SystemRoot\system32\DRIVERS\mvsata.sys><Marvell Semiconductors Inc.>
[Netgroup Packet Filter / NPF][Running/Manual Start]
  <system32\drivers\npf.sys><Politecnico di Torino>
[npkcrypt / npkcrypt][Stopped/Manual Start]
  <\??\C:\WINDOWS\system32\npkcrypt.sys><N/A>
[npkycryp / npkycryp][Stopped/Manual Start]
  <\??\C:\WINDOWS\system32\npkycryp.sys><N/A>
[ntptdb / ntptdb][Stopped/Auto Start]
  <\??\C:\Documents and Settings\All Users\Application Data\Microsoft\Office\SYSTEM\ntptdb.sys><N/A>
[nv / nv][Running/Manual Start]
  <system32\DRIVERS\nv4_mini.sys><NVIDIA Corporation>
[nvgts / nvgts][Running/Boot Start]
  <\SystemRoot\system32\DRIVERS\nvgts.sys><NVIDIA Corporation>
[NVIDIA nForce RAID Driver / nvrd32][Running/Boot Start]
  <\SystemRoot\system32\DRIVERS\nvrd32.sys><NVIDIA Corporation>
[Direct Parallel Link Driver / Ptilink][Running/Manual Start]
  <system32\DRIVERS\ptilink.sys><Parallel Technologies, Inc.>
[ql2100 / ql2100][Running/Boot Start]
  <\SystemRoot\system32\DRIVERS\ql2100.sys><QLogic Corporation>
[ql2200 / ql2200][Running/Boot Start]
  <\SystemRoot\system32\DRIVERS\ql2200.sys><QLogic Corporation>
[rr172x / rr172x][Stopped/Boot Start]
  <\SystemRoot\system32\DRIVERS\rr172x.sys><HighPoint Technologies, Inc.>
[rr174x / rr174x][Stopped/Boot Start]
  <\SystemRoot\system32\DRIVERS\rr174x.sys><HighPoint Technologies, Inc.>
[rr2340 / rr2340][Stopped/Boot Start]
  <\SystemRoot\system32\DRIVERS\rr2340.sys><HighPoint Technologies, Inc.>
[RsNTGDI / RsNTGDI][Running/Boot Start]
  <\SystemRoot\system32\Drivers\RsNTGdi.sys><Beijing Rising Technology Co., Ltd.>
[Realtek 10/100/1000 PCI NIC Family NDIS XP Driver / RTL8023xp][Running/Manual Start]
  <system32\DRIVERS\Rtnicxp.sys><Realtek Semiconductor Corporation>
[Secdrv / Secdrv][Stopped/Manual Start]
  <system32\DRIVERS\secdrv.sys><Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.>
[Sonic Focus Plugin for Sigmatel HDA / sfng32][Stopped/Manual Start]
  <system32\drivers\sfng32.sys><Sonic Focus, Inc>
[SATALink External Device Filter / SiRemFil][Running/Boot Start]
  <\SystemRoot\system32\DRIVERS\SiRemFil.sys><Silicon Image, Inc.>
[SIS AGP Bus Filter / sisagp][Running/Boot Start]
  <\SystemRoot\system32\DRIVERS\sisagp.sys><Silicon Integrated Systems Corporation>
[sisraidx / sisraidx][Running/Boot Start]
  <\SystemRoot\system32\DRIVERS\sisraidx.sys><Silicon Integrated Systems Corp.>
[IDT High Definition Audio CODEC / STHDA][Running/Manual Start]
  <system32\drivers\sthda.sys><IDT, Inc.>
[ViBus / ViBus][Running/Boot Start]
  <\SystemRoot\system32\DRIVERS\ViBus.sys><VIA Technologies, Inc.>
[videX32 / videX32][Running/Boot Start]
  <\SystemRoot\system32\DRIVERS\videX32.sys><VIA Technologies, Inc.>
[VIA SATA IDE Device Driver / ViPrt][Running/Boot Start]
  <\SystemRoot\system32\DRIVERS\ViPrt.sys><VIA Technologies, Inc.>
[VIA SATA IDE Hot-plug Driver / xfilt][Running/Boot Start]
  <\SystemRoot\system32\DRIVERS\xfilt.sys><VIA Technologies,Inc>
[KBaseZS / KBaseZS][Running/Disabled]
  <\??\F:\新建文件夹 (2)\KBaseZS.sys><N/A>

==================================
浏览器加载项
[QQCycloneHelper Class]
  {00000000-12C9-4305-82F9-43058F20E8D2} <F:\超级旋风\QQIEHelper01.dll, (Signed) 腾讯公司>
[IESuper]
  {1A49F431-2A2E-41a5-9080-0F41D1A3AEC2} <C:\PROGRA~1\IESuper\iesuper.dll, N/A>
[VnetCookie Class]
  {4E83D567-4697-4F7B-B1F0-A513B01DB89A} <C:\PROGRA~1\ChinaNet\VNETTR~1.DLL, >
[IncePrivate Class]
  {686488AF-13D5-9DDF-4FEF-9FB88698CFC1} <C:\Documents and Settings\All Users\Application Data\Microsoft\OFFICE\USERDATA\webbrowser_2054.dll, >
[kingsoft browser shield]
  {D963BE1A-6B35-47DB-B002-49FAE71D85CC} <F:\金山毒霸\Kingsoft Internet Security 2008\KASBrowserShield.DLL, (Signed) Kingsoft Corporation>
[QQCycloneHelper Class]
  {00000000-12C9-4305-82F9-43058F20E8D2} <F:\超级旋风\QQIEHelper01.dll, (Signed) 腾讯公司>
[]
  {01443AEC-0FD1-40FD-9C87-E93D1494C233} <, >
[]
  {03C12478-A0D3-4291-A535-F6D16BA08D68} <, >
[]
  {06926B30-424E-4F1C-8EE3-543CD96573DC} <, >
[IESuperHelper]
  {1A49F431-2A2E-41A5-9080-0F41D1A3AEC1} <C:\PROGRA~1\IESuper\iesuper.dll, N/A>
[IESuper]
  {1A49F431-2A2E-41A5-9080-0F41D1A3AEC2} <C:\PROGRA~1\IESuper\iesuper.dll, N/A>
[Windows Media Player]
  {22D6F312-B0F6-11D0-94AB-0080C74C7E95} <C:\WINDOWS\system32\wmpdxm.dll, (Signed) Microsoft Corporation>
[]
  {2318C2B1-4965-11D4-9B18-009027A5CD4F} <, >
[DHTML Edit Control Safe for Scripting for IE5]
  {2D360201-FFF5-11D1-8D03-00A0C959BC0A} <C:\Program Files\Common Files\Microsoft Shared\Triedit\dhtmled.ocx, (Signed) Microsoft Corporation>
[IEBuddyExtControl Class]
  {3AECD3C1-7085-4731-96DC-47B6CF7EF749} <F:\金山毒霸\Kingsoft Internet Security 2008\IEBuddyExt.DLL, (Signed) Kingsoft Corporation>
[]
  {485463B7-8FB2-4B3B-B29B-8B919B0EACCE} <, >
[VnetCookie Class]
  {4E83D567-4697-4F7B-B1F0-A513B01DB89A} <C:\PROGRA~1\ChinaNet\VNETTR~1.DLL, >
[]
  {6096E38F-5AC1-4391-8EC4-75DFA92FB32F} <, >
[IncePrivate Class]
  {686488AF-13D5-9DDF-4FEF-9FB88698CFC1} <C:\Documents and Settings\All Users\Application Data\Microsoft\OFFICE\USERDATA\webbrowser_2054.dll, >
[Windows Media Player]
  {6BF52A52-394A-11D3-B153-00C04F79FAA6} <C:\WINDOWS\system32\wmp.dll, (Signed) Microsoft Corporation>
[AxInputControl Class]
  {73E4740C-08EB-4133-896B-8D0A7C9EE3CD} <C:\WINDOWS\system32\INPUTC~1.DLL, >
[Microsoft Web 浏览器]
  {8856F961-340A-11D0-A96B-00C04FD705A2} <C:\WINDOWS\system32\shdocvw.dll, (Signed) Microsoft Corporation>
[]
  {889D2FEB-5411-4565-8998-1DD2C5261283} <, >
[AxSubmitControl Class]
  {8D9E0B29-563C-4226-86C1-5FF2AE77E1D2} <C:\WINDOWS\system32\SUBMIT~1.DLL, >
[]
  {AA58ED58-01DD-4D91-8333-CF10577473F7} <, >
[Microsoft Scriptlet Component]
  {AE24FDAE-03C6-11D1-8B76-0080C744F389} <C:\WINDOWS\system32\mshtml.dll, (Signed) Microsoft Corporation>
[Shockwave Flash Object]
  {D27CDB6E-AE6D-11CF-96B8-444553540000} <C:\WINDOWS\system32\Macromed\Flash\Flash9f.ocx, (Signed) Adobe Systems, Inc.>
[kingsoft browser shield]
  {D963BE1A-6B35-47DB-B002-49FAE71D85CC} <F:\金山毒霸\Kingsoft Internet Security 2008\KASBrowserShield.DLL, (Signed) Kingsoft Corporation>
[PlayerCtrl Class]
  {E05BC2A3-9A46-4A32-80C9-023A473F5B23} <C:\Program Files\Tencent\QQMusic\QzoneMusic.dll, (Signed) 深圳腾讯科技>
[&使用超级旋风下载]
  <F:\超级旋风\geturl.htm, N/A>
[&使用超级旋风下载全部链接]
  <F:\超级旋风\getAllurl.htm, N/A>
[使用UUSee下载]
  <C:\Program Files\uusee\geturltodown.htm, N/A>
[使用UUSee加速播放]
  <C:\Program Files\uusee\geturltoplay.htm, N/A>
[导出到 Microsoft Office Excel(&X)]
  <res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000, N/A>
[添加到QQ表情]
  <C:\Program Files\Tencent\QQ\AddEmotion.htm, N/A>

==================================
正在运行的进程
[PID: 460 / SYSTEM][\SystemRoot\System32\smss.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 520 / SYSTEM][\??\C:\WINDOWS\system32\csrss.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 544 / SYSTEM][\??\C:\WINDOWS\system32\winlogon.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
    [C:\WINDOWS\system32\msacm32.drv]  [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)]
[PID: 588 / SYSTEM][C:\WINDOWS\system32\services.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 600 / SYSTEM][C:\WINDOWS\system32\lsass.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 748 / SYSTEM][C:\WINDOWS\system32\svchost.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 828 / NETWORK SERVICE][C:\WINDOWS\system32\svchost.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 868 / SYSTEM][C:\Program Files\Rising\Rav\CCenter.exe]  [Beijing Rising Technology Co., Ltd., 20.0.0.28]
[PID: 884 / SYSTEM][C:\WINDOWS\System32\svchost.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 976 / NETWORK SERVICE][C:\WINDOWS\system32\svchost.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 1004 / LOCAL SERVICE][C:\WINDOWS\system32\svchost.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 1304 / Administrator][C:\WINDOWS\Explorer.EXE]  [Microsoft Corporation, 6.00.2900.3156 (xpsp_sp2_gdr.070613-1234)]
    [C:\WINDOWS\system32\RavExt.dll]  [Beijing Rising Technology Co., Ltd., 20.0.0.17]
    [C:\WINDOWS\system32\evcx8f5.dll]  [N/A, ]
    [C:\WINDOWS\system32\msacm32.drv]  [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)]
    [C:\WINDOWS\system32\nvshell.dll]  [, ]
    [C:\Program Files\Microsoft Office\OFFICE11\msohev.dll]  [Microsoft Corporation, 11.0.5510]
    [C:\Program Files\Tencent\QQ\qdshm.dll]  [, 1, 0, 101, 20]
    [C:\Program Files\WinRAR\rarext.dll]  [N/A, ]
    [C:\Program Files\Rising\Rav\RSCOMMON.DLL]  [Beijing Rising Technology Co., Ltd., 20, 0, 0, 16]
[PID: 1400 / SYSTEM][C:\WINDOWS\system32\spoolsv.exe]  [Microsoft Corporation, 5.1.2600.2696 (xpsp_sp2_gdr.050610-1519)]
    [C:\WINDOWS\system32\mdimon.dll]  [Microsoft Corporation, 11.3.8166.2]
    [C:\WINDOWS\System32\spool\PRTPROCS\W32X86\mdippr.dll]  [Microsoft Corporation, 11.3.8166.2]
[PID: 1552 / Administrator][C:\WINDOWS\Fonts\syttem.exe]  [N/A, ]
[PID: 1564 / Administrator][C:\WINDOWS\system32\ctfmon.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 1640 / Administrator][C:\Program Files\ChinaNet\VnetClient.exe]  [, 2007, 9, 25, 14]
    [C:\Program Files\ChinaNet\Communicate.dll]  [GDCN, 2006, 2, 15, 1]
    [C:\Program Files\ChinaNet\DialModule.dll]  [GDCN, 2007, 9, 18, 12]
    [C:\Program Files\ChinaNet\MFC42.DLL]  [Microsoft Corporation, 6.00.8665.0]
    [C:\PROGRA~1\ChinaNet\CLIENT~1.DLL]  [, 2004, 2, 28, 1]
    [C:\PROGRA~1\ChinaNet\ADVERT~1.OCX]  [, 2007, 4, 20, 15]
    [C:\PROGRA~1\ChinaNet\BDSearch.ocx]  [gdcn, 2007, 3, 1, 10]
    [C:\PROGRA~1\ChinaNet\PageFram.ocx]  [Workgroup, 2007, 8, 17, 16]
    [C:\PROGRA~1\ChinaNet\ACCOUN~1.OCX]  [GDCN, 2007, 10, 29, 16]
    [C:\PROGRA~1\ChinaNet\AccountMgr.dll]  [, 2006, 11, 19, 14]
    [C:\PROGRA~1\ChinaNet\PlugIns\PLUGIN~2\SMSMOD~1.OCX]  [gdcn, 2007.03.28.14]
    [C:\PROGRA~1\ChinaNet\PlugIns\PLUGIN~2\SmsCom.dll]  [, 2007.03.28.14]
    [C:\PROGRA~1\ChinaNet\PlugIns\PLUGIN~2\SmsCtrls.dll]  [, 2007.03.28.14]
    [C:\PROGRA~1\ChinaNet\IcosBar.ocx]  [Workgroup, 2007, 4, 29, 15]
    [C:\PROGRA~1\ChinaNet\VnetSkin.ocx]  [GDDC, 2006, 9, 6, 15]
    [C:\PROGRA~1\ChinaNet\DialogStyle.dll]  [, 1, 0, 0, 1]
    [C:\PROGRA~1\ChinaNet\Timer.ocx]  [, 2007, 5, 25, 11]
    [C:\PROGRA~1\ChinaNet\NEWMES~1.DLL]  [, 7, 9, 16, 1]
    [C:\PROGRA~1\ChinaNet\PassCtrl.dll]  [GDCN, 2006, 3, 1, 16]
    [C:\WINDOWS\system32\wpcap.dll]  [Politecnico di Torino, 3, 0, 0, 18]
    [C:\WINDOWS\system32\pthreadVC.dll]  [N/A, ]
    [C:\WINDOWS\system32\packet.dll]  [Politecnico di Torino, 3, 0, 0, 18]
    [C:\PROGRA~1\ChinaNet\PlugPush.dll]  [, 2006, 12, 20, 20]
    [C:\PROGRA~1\ChinaNet\ALLINT~1.DLL]  [, 2007, 4, 28, 18]
    [C:\PROGRA~1\ChinaNet\VNETLO~1.OCX]  [, 2007, 9, 20, 15]
    [C:\PROGRA~1\ChinaNet\StatNum.dll]  [, 2006, 12, 9, 17]
    [C:\PROGRA~1\ChinaNet\VNETON~1.OCX]  [, 7, 9, 17, 1]
    [C:\Program Files\ChinaNet\AllFunctions.dll]  [GDCN, 2007, 9, 25, 14]
    [C:\Program Files\ChinaNet\VnetOptLog.dll]  [ , 2007, 4, 11, 15]
    [C:\PROGRA~1\ChinaNet\VNETSE~1.OCX]  [, 2007, 9, 19, 17]
    [C:\PROGRA~1\ChinaNet\Weather.ocx]  [Microsoft, 2007, 3, 29, 15]
    [C:\PROGRA~1\ChinaNet\SetArea.dll]  [, 2007, 5, 28, 15]
    [C:\PROGRA~1\ChinaNet\SAFECO~1.OCX]  [gdcn, 2007, 10, 25, 16]
    [C:\Program Files\ChinaNet\Base64.dll]  [N/A, ]
[PID: 1656 / SYSTEM][C:\WINDOWS\system32\nvsvc32.exe]  [NVIDIA Corporation, 6.14.11.6928]
    [C:\WINDOWS\system32\nvapi.dll]  [NVIDIA Corporation, 6.14.11.6928]
[PID: 1688 / SYSTEM][C:\WINDOWS\system32\STacSV.exe]  [IDT, Inc., 1.0.5762.0  nd648 cp1]
    [C:\WINDOWS\system32\msacm32.drv]  [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)]
    [C:\WINDOWS\system32\stacapi.dll]  [IDT, Inc., 1.0.5762.0  nd648 cp1]
[PID: 1788 / Administrator][C:\WINDOWS\system32\conime.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 2000 / SYSTEM][C:\WINDOWS\system32\svchost.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 2028 / LOCAL SERVICE][C:\WINDOWS\system32\wdfmgr.exe]  [Microsoft Corporation, 5.2.3790.1230 built by: dnsrv(bld4act)]
[PID: 3472 / Administrator][C:\Program Files\Internet Explorer\iexplore.exe]  [Microsoft Corporation, 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)]
    [F:\超级旋风\QQIEHelper01.dll]  [腾讯公司, 1, 8, 215, 215]
    [C:\PROGRA~1\ChinaNet\VNETTR~1.DLL]  [, 2005, 4, 6, 1]
    [C:\PROGRA~1\ChinaNet\Communicate.dll]  [GDCN, 2006, 2, 15, 1]
    [C:\PROGRA~1\ChinaNet\CLIENT~1.DLL]  [, 2004, 2, 28, 1]
    [C:\Documents and Settings\All Users\Application Data\Microsoft\OFFICE\USERDATA\webbrowser_2054.dll]  [, 3, 5, 6, 0]
    [F:\金山毒霸\Kingsoft Internet Security 2008\KASBrowserShield.DLL]  [Kingsoft Corporation, 2008,04,15,2]
    [F:\金山毒霸\Kingsoft Internet Security 2008\IEBuddy.dll]  [Kingsoft Corporation, 2008,08,01,516]
    [F:\金山毒霸\Kingsoft Internet Security 2008\IEBuddyExt.DLL]  [Kingsoft Corporation, 2008,06,24,415]
    [F:\金山毒霸\Kingsoft Internet Security 2008\MFC80U.DLL]  [Microsoft Corporation, 8.00.50727.762]
    [F:\金山毒霸\Kingsoft Internet Security 2008\MSVCR80.dll]  [Microsoft Corporation, 8.00.50727.762]
    [F:\金山毒霸\Kingsoft Internet Security 2008\MSVCP80.dll]  [Microsoft Corporation, 8.00.50727.762]
    [F:\金山毒霸\Kingsoft Internet Security 2008\kis.dll]  [Kingsoft Corporation, 2008,04,22,364]
    [F:\金山毒霸\Kingsoft Internet Security 2008\KANTray.dll]  [Kingsoft Corporation, 2008,06,24,415]
    [F:\金山毒霸\Kingsoft Internet Security 2008\KAVAFish.DLL]  [Kingsoft Corporation, 2008,06,24,415]
    [C:\Program Files\Microsoft Office\OFFICE11\msohev.dll]  [Microsoft Corporation, 11.0.5510]
    [C:\Program Files\Rising\Rav\RavScrCh.dll]  [Beijing Rising Technology Co., Ltd., 20, 0, 0, 3]
    [C:\WINDOWS\system32\Macromed\Flash\Flash9f.ocx]  [Adobe Systems, Inc., 9,0,124,0]
    [C:\WINDOWS\system32\msacm32.drv]  [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)]
    [C:\WINDOWS\system32\msdmo.dll]  [, ]
[PID: 3884 / Administrator][C:\WINDOWS\Fonts\svchost.exe]  [N/A, ]
    [C:\WINDOWS\system32\MSVBVM60.DLL]  [Microsoft Corporation, 6.00.8268]
[PID: 2188 / Administrator][C:\Program Files\Tencent\QQ\QQ.exe]  [TENCENT, 8,0,830,1811]
    [C:\Program Files\Tencent\QQ\QQBaseClassInDll.dll]  [TENCENT, 8,0,830,1811]
    [C:\Program Files\Tencent\QQ\QQHelperDll.dll]  [TENCENT, 8,0,830,1811]
    [C:\Program Files\Tencent\QQ\BasicCtrlDll.dll]  [TENCENT, 8,0,830,1811]
    [C:\Program Files\Tencent\QQ\MFC42.DLL]  [Microsoft Corporation, 6.00.8665.0]
    [C:\Program Files\Tencent\QQ\RICHED32.DLL]  [Microsoft Corporation, 5.00.2134.1]
    [C:\Program Files\Tencent\QQ\RICHED20.dll]  [Microsoft Corporation, 5.31.23.1218]
    [C:\Program Files\Tencent\QQ\QQAPI.dll]  [TENCENT, 8,0,830,1811]
    [C:\Program Files\Tencent\QQ\LoginCtrl.dll]  [TENCENT, 8,0,830,1811]
    [C:\Program Files\Tencent\QQ\LoginCtrlRes.dll]  [TENCENT, 8,0,830,1811]
    [C:\Program Files\Tencent\QQ\QQRes.dll]  [TENCENT, 8, 0, 830, 1811]
    [C:\Program Files\Tencent\QQ\QQMainFrame.dll]  [N/A, ]
    [C:\Program Files\Tencent\QQ\gdiplus.dll]  [Microsoft Corporation, 5.1.3102.2180 (xpsp_sp2_rtm.040803-2158)]
    [C:\Program Files\Tencent\QQ\QQPlugin.dll]  [N/A, ]
    [C:\Program Files\Tencent\QQ\UnReadMsgMgr.dll]  [N/A, ]
    [C:\Program Files\Tencent\QQ\CQQApplication.dll]  [N/A, ]
    [C:\Program Files\Tencent\QQ\FlashAvatarDll.dll]  [, 1, 4, 0, 1]
    [C:\Program Files\Tencent\QQ\NewSkin.dll]  [TENCENT, 8,0,830,1811]
    [C:\Program Files\Tencent\QQ\MailSummary.dll]  [TENCENT, 8,0,773,1801]
    [C:\Program Files\Tencent\QQ\QQSpace.dll]  [TENCENT, 8,0,830,1811]
    [C:\Program Files\Tencent\QQ\vbscript.dll]  [Microsoft Corporation, 5.6.0.7426]
    [C:\WINDOWS\system32\msdmo.dll]  [, ]
    [C:\Program Files\Tencent\QQ\QQKnowledgeSearch.dll]  [TENCENT, 8,0,830,1811]
    [C:\Program Files\Tencent\QQ\OEMApplication.dll]  [TENCENT, 8,0,830,1811]
    [C:\Program Files\Tencent\QQ\QQGroupMng.dll]  [TENCENT, 8,0,830,1811]
    [C:\Program Files\Tencent\QQ\QQAvatar.dll]  [N/A, ]
    [C:\WINDOWS\system32\Macromed\Flash\Flash9f.ocx]  [Adobe Systems, Inc., 9,0,124,0]
    [C:\WINDOWS\system32\msacm32.drv]  [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)]
    [C:\Program Files\Tencent\QQ\QQAllInOne.dll]  [TENCENT, 8,0,830,1811]
    [C:\Program Files\Tencent\QQ\SCCore.dll]  [TENCENT, 1, 6, 0, 2]
    [C:\Program Files\Tencent\QQ\CameraDll.dll]  [TENCENT, 8,0,830,1811]
    [C:\Program Files\Tencent\QQ\QQPet.dll]  [TENCENT, 8,0,830,1811]
    [C:\Program Files\Tencent\QQ\QQSysMsgMng.dll]  [N/A, ]
    [C:\Program Files\Tencent\QQ\QRingMng.dll]  [N/A, ]
    [C:\Program Files\Common Files\Microsoft Shared\OFFICE11\MSOXMLMF.DLL]  [Microsoft Corporation, 11.0.8164]
    [C:\Program Files\Tencent\QQ\UserDefinedHead.dll]  [TENCENT, 8,0,830,1811]
    [C:\Program Files\Tencent\QQ\QQConfigPlugin.dll]  [TENCENT, 8,0,830,1811]
    [C:\Program Files\Tencent\QQ\QQCustomFace.dll]  [N/A, ]
    [C:\WINDOWS\system32\RavExt.dll]  [Beijing Rising Technology Co., Ltd., 20.0.0.17]
    [C:\Program Files\Tencent\QQ\LongConnection.dll]  [TENCENT, 8,0,830,1811]
    [C:\Program Files\Tencent\QQ\PhoneAPI.dll]  [TENCENT, 8,0,830,1811]
    [C:\Program Files\Tencent\QQ\DialerAllinOne.dll]  [tencent, 1, 4, 0, 0]
    [C:\Program Files\Tencent\QQ\BQQApplication.dll]  [N/A, ]
    [C:\Program Files\Tencent\QQ\PersonalDesktop.dll]  [TENCENT, 8,0,830,1811]
    [C:\Program Files\Tencent\QQ\CommercesMng.dll]  [TENCENT, 8,0,830,1811]
    [C:\Program Files\Tencent\QQ\QQAddr.dll]  [深圳市腾讯计算机系统有限公司, 5, 0, 101, 330]
    [C:\Program Files\Tencent\QQ\QQSceneMng.dll]  [N/A, ]
    [C:\Program Files\Tencent\QQ\AddrSearch.dll]  [腾讯科技(深圳)有限公司, 2, 2, 1, 15]
[PID: 2212 / Administrator][C:\Program Files\Tencent\QQ\TXPlatform.exe]  [Tencent, 1, 5, 225, 0]
[PID: 3528 / SYSTEM][C:\WINDOWS\system32\svchost.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
    [c:\windows\system32\wbem\tenkda.dll]  [N/A, ]
[PID: 3936 / Administrator][C:\WINDOWS\system32\cmd.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 3324 / Administrator][F:\新建文件夹 (2)\SREngLdr.EXE]  [Smallfrogs Studio, 2.6.12.1018]
[PID: 1132 / Administrator][F:\新建文件夹 (2)\SREce25f538.EXE]  [Smallfrogs Studio, 2.6.12.1018]
    [F:\新建文件夹 (2)\Upload\3rdUpd.DLL]  [Smallfrogs Studio, 2, 1, 0, 15]
    [C:\PROGRA~1\MICROS~2\OFFICE11\MCPS.DLL]  [Microsoft Corporation, 11.0.8164]
[PID: 3384 / Administrator][C:\WINDOWS\system32\ping.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]

==================================
文件关联
.TXT  Error. [C:\WINDOWS\notepad.exe %1]
.EXE  OK. ["%1" %*]
.COM  OK. ["%1" %*]
.PIF  OK. ["%1" %*]
.REG  OK. [regedit.exe "%1"]
.BAT  OK. ["%1" %*]
.SCR  OK. ["%1" /S]
.CHM  Error. ["hh.exe" %1]
.HLP  Error. [winhlp32.exe %1]
.INI  Error. [C:\WINDOWS\System32\NOTEPAD.EXE %1]
.INF  OK. [%SystemRoot%\System32\NOTEPAD.EXE %1]
.VBS  OK. [%SystemRoot%\System32\WScript.exe "%1" %*]
.JS   OK. [%SystemRoot%\System32\WScript.exe "%1" %*]
.LNK  OK. [{00021401-0000-0000-C000-000000000046}]

==================================
Winsock 提供者
N/A

==================================
Autorun.inf
N/A

==================================
HOSTS 文件
221.130.185.110  survey88.allyes.com
221.130.185.110  adtaobao.allyes.com
221.130.185.110  code.qihoo.com
221.130.185.110  union.mop.com
221.130.185.110  js.kkunion.com
221.130.185.110  v.kkunion.com
221.130.185.110  v.21cn.com
221.130.185.110  iplusms.allyes.com
221.130.185.110  mms.t2t2.com
221.130.185.110  ivr.dobig.net
221.130.185.110  www.u8u.com
221.130.185.110  u.u8u.com
221.130.185.110  img.zhangxiu.com
221.130.185.110  tl.linktone.com
221.130.185.110  channel.e78.com
221.130.185.110  u.7town.com
221.130.185.110  union.95ol.com.cn
221.130.185.110  mms1.95ol.com.cn
221.130.185.110  mfs.95ol.com.cn
221.130.185.110  tl.a8.com
221.130.185.110  ad01.a8.com
221.130.185.110  u2.caiku.com
221.130.185.110  mms.caiku.com
221.130.185.110  code1.caiku.com
221.130.185.110  pub.lele.com
221.130.185.110  u.lele.com
221.130.185.110  7town.com
221.130.185.110  tvsend.7town.com
221.130.185.110  ivrsend.7town.com
221.130.185.110  tlt.7town.com
221.130.185.110  gsend.7town.com
221.130.185.110  smssend.7town.com
221.130.185.110  mmssend.moyu.com
221.130.185.110  91ivr.com
221.130.185.110  myad.91ivr.com
221.130.185.110  u.91ivr.com
221.130.185.110  union.91ivr.com
221.130.185.110  cm.p4p.cn.yahoo.com
221.130.185.110  un.265.com
221.130.185.110  union.qq.com
221.130.185.110  view.aliunion.cn.yahoo.com
221.130.185.110  union.narrowad.com
221.130.185.110  ln.heima8.com
221.130.185.110  www.fboat.cn
221.130.185.110  cpro.baidu.com
221.130.185.110  unstat.baidu.com
221.130.185.110  y.cnxad.com
221.130.185.110  www.ewowo.com
221.130.185.110  template.union.163.com
221.130.185.110  new.is686.com
221.130.185.110  creative.unionsys.bolaa.com
221.130.185.110  www.qyule.com
221.130.185.110  99e.cc
221.130.185.110  www.91ivr.com
221.130.185.110  mg.ukaka.com
221.130.185.110  kooxoo2.ad4all.net
221.130.185.110  www.8fff.com
221.130.185.110  union.pomoho.com
221.130.185.110  202.107.233.211
221.130.185.110  www.end123.com
221.130.185.110  w1.7clink.com
221.130.185.110  w2.7clink.com
221.130.185.110  union01.com
221.130.185.110  click.8le8le.com
221.130.185.110  stbanner.allyes.com
221.130.185.110  mms1.moyu.com
221.130.185.110  u.moyu.com
221.130.185.110  mmsu.moyu.com
221.130.185.110  show.moyu.com
221.130.185.110  ivrsend.moyu.com
221.130.185.110  ivru.moyu.com
221.130.185.110  ivr1.moyu.com
221.130.185.110  corep.dmcast.com
221.130.185.110  m081.dmcast.com
221.130.185.110  dcww.dmcast.com
221.130.185.110  renren.dmcast.com
221.130.185.110  files.henbang.net
221.130.185.110  bannerbox.cn
221.130.185.110  www.bannerbox.cn
221.130.185.110  action.coopen.cn
221.130.185.110  u4.sky99.cn
221.130.185.110  u1.sky99.cn
221.130.185.110  u2.sky99.cn
221.130.185.110  u3.sky99.cn
221.130.185.110  sky99.cn
221.130.185.110  u.sky99.cn
221.130.185.110  u.ete.cn
221.130.185.110  ip.alexaanywhere.com
221.130.185.110  www.365tan.com
221.130.185.110  www.winopen.cn
221.130.185.110  www.tanip.com
221.130.185.110  alexaanywhere.com
221.130.185.110  jssb.alexaanywhere.com
221.130.185.110  ns250.alexaanywhere.com
221.130.185.110  sb.alexaanywhere.com
221.130.185.110  ip.alexaanywhere.com
221.130.185.110  pop.9v.cn
221.130.185.110  xuni.myad.cn
221.130.185.110  iebar.t2t2.com
221.130.185.110  error.newcell.cn
221.130.185.110  auto.search.msn.com
221.130.185.110  cns.3721.com
221.130.185.110  seek.3721.com
221.130.185.110  name.cnnic.cn
221.130.185.110  toolsbar.kuaiso.com
221.130.185.110  www.kuaiso.com
221.130.185.110  kuaiso.com
221.130.185.110  www.copyso.com
221.130.185.110  union.copyso.com
221.130.185.110  auto.search.msn.com
221.130.185.110  ok.mop-hz.com
221.130.185.110  www.ncast.cn
221.130.185.110  www.ads3721.com
221.130.185.110  360.ads3721.com
221.130.185.110  www.maohehe.com
221.130.185.110  www.5566.net
221.130.185.110  5566.net
221.130.185.110  www.gjj.cc
221.130.185.110  gjj.cc
221.130.185.110  www.9495.com
221.130.185.110  9495.com
221.130.185.110  my123.com
221.130.185.110  www.my123.com
221.130.185.110  7b.com.cn
221.130.185.110  www.7b.com.cn
221.130.185.110  www.3567.com
221.130.185.110  3567.com
221.130.185.110  www.37021.com
221.130.185.110  37021.com
221.130.185.110  k369.com
221.130.185.110  www.k369.com
221.130.185.110  www.haourl.com
221.130.185.110  haourl.com
221.130.185.110  www.37021.net
221.130.185.110  37021.net
221.130.185.110  www.4199.com
221.130.185.110  4199.com
221.130.185.110  www.9505.com
221.130.185.110  9505.com
221.130.185.110  7939.com
221.130.185.110  www.7939.com
221.130.185.110  www.3448.com
221.130.185.110  3448.com
221.130.185.110  8925.com
221.130.185.110  www.8925.com
221.130.185.110  www.ttmp3.com
221.130.185.110  ttmp3.com
221.130.185.110  www.3tg.cn
221.130.185.110  3tg.cn
221.130.185.110  www.ttjj.com
221.130.185.110  ttjj.com
221.130.185.110  www.59178.com
221.130.185.110  59178.com
221.130.185.110  www.987654.com
221.130.185.110  987654.com
221.130.185.110  www.zhao123.com
221.130.185.110  zhao123.com
221.130.185.110  123wa.com
221.130.185.110  www.123wa.com
221.130.185.110  www.159.com
221.130.185.110  soft.159.com
221.130.185.110  www.v111.com
221.130.185.110  v111.com
221.130.185.110  www.855.com
221.130.185.110  855.com
221.130.185.110  www.wu123.com
221.130.185.110  wu123.com
221.130.185.110  www.haodx.com
221.130.185.110  haodx.com
221.130.185.110  19ku.com
221.130.185.110  www.19ku.com
221.130.185.110  www.t2t2.com
221.130.185.110  t2t2.com
221.130.185.110  www.ku8.com
221.130.185.110  ku8.com
221.130.185.110  www.v23.com
221.130.185.110  v23.com
221.130.185.110  www.51115.com
221.130.185.110  www.52.com
221.130.185.110  52.com
221.130.185.110  www.qu123.com
221.130.185.110  qu123.com
221.130.185.110  www.haokan123.com
221.130.185.110  haokan123.com
221.130.185.110  www.kan123.com
221.130.185.110  kan123.com
221.130.185.110  hang123.com
221.130.185.110  www.hang123.com
221.130.185.110  3tom.com
221.130.185.110  www.3tom.com
221.130.185.110  www.anyso.com
221.130.185.110  anyso.com
221.130.185.110  59178.com
221.130.185.110  www.59178.com
221.130.185.110  t3j4.com
221.130.185.110  www.t3j4.com
221.130.185.110  www.zh130.com
221.130.185.110  zh130.com
221.130.185.110  www.8757.com
221.130.185.110  8757.com
221.130.185.110  www.7667.com
221.130.185.110  7667.com
221.130.185.110  ie.union123.com
221.130.185.110  www.daohangtu.com
221.130.185.110  daohangtu.com
221.130.185.110  www.ld123.com
221.130.185.110  ld123.com
221.130.185.110  www.369.com
221.130.185.110  369.com
221.130.185.110  91ni.com
221.130.185.110  www.91ni.com
221.130.185.110  www.17995.com
221.130.185.110  17995.com
221.130.185.110  www.sha123.com
221.130.185.110  sha123.com
221.130.185.110  www.lethot.com
221.130.185.110  lethot.com
221.130.185.110  www.8757.com
221.130.185.110  8757.com
221.130.185.110  4533.cn
221.130.185.110  6h.com.cn
221.130.185.110  www.6h.com.cn
221.130.185.110  www.jjol.cn
221.130.185.110  jjol.cn
221.130.185.110  wangzhiku.com
221.130.185.110  www.wangzhiku.com
221.130.185.110  www.1zhan.com
221.130.185.110  1zhan.com
221.130.185.110  www.262.com
221.130.185.110  262.com
221.130.185.110  www.365.com
221.130.185.110  365.com
221.130.185.110  www.4533.cn
221.130.185.110  4533.cn
221.130.185.110  31tg.com
221.130.185.110  www.31tg.com
221.130.185.110  tomatolei.com
221.130.185.110  www.tomatolei.com
221.130.185.110  999cha.com
221.130.185.110  www.999cha.com
127.0.0.1  mmsk.cn
127.0.0.1  ikaka.com
127.0.0.1  safe.qq.com
127.0.0.1  360safe.com
127.0.0.1  bbs.360safe.com
127.0.0.1  www.mmsk.cn
127.0.0.1  www.ikaka.com
127.0.0.1  tool.ikaka.com
127.0.0.1  www.360safe.com
127.0.0.1  zs.kingsoft.com
127.0.0.1  forum.ikaka.com
127.0.0.1  up.rising.com.cn
127.0.0.1  scan.kingsoft.com
127.0.0.1  kvup.jiangmin.com
127.0.0.1  reg.rising.com.cn
127.0.0.1  update.rising.com.cn
127.0.0.1  update7.jiangmin.com
127.0.0.1  download.rising.com.cn
127.0.0.1  dnl-us1.kaspersky-labs.com
127.0.0.1  dnl-us2.kaspersky-labs.com
127.0.0.1  dnl-us3.kaspersky-labs.com
127.0.0.1  dnl-us4.kaspersky-labs.com
127.0.0.1  dnl-us5.kaspersky-labs.com
127.0.0.1  dnl-us6.kaspersky-labs.com
127.0.0.1  dnl-us7.kaspersky-labs.com
127.0.0.1  dnl-us8.kaspersky-labs.com
127.0.0.1  dnl-us9.kaspersky-labs.com
127.0.0.1  dnl-us10.kaspersky-labs.com
127.0.0.1  dnl-eu1.kaspersky-labs.com
127.0.0.1  dnl-eu2.kaspersky-labs.com
127.0.0.1  dnl-eu3.kaspersky-labs.com
127.0.0.1  dnl-eu4.kaspersky-labs.com
127.0.0.1  dnl-eu5.kaspersky-labs.com
127.0.0.1  dnl-eu6.kaspersky-labs.com
127.0.0.1  dnl-eu7.kaspersky-labs.com
127.0.0.1  dnl-eu8.kaspersky-labs.com
127.0.0.1  dnl-eu9.kaspersky-labs.com
127.0.0.1  dnl-eu10.kaspersky-labs.com
221.130.185.110  www.ab365.com
221.130.185.110  ab365.com
221.130.185.110  www.5235.net
221.130.185.110  5235.net
221.130.185.110  www.haol23.net
221.130.185.110  haol23.net
221.130.185.110  www.8009.com
221.130.185.110  8009.com
221.130.185.110  www.3702.com
221.130.185.110  3702.com
221.130.185.110  www.9533.com
221.130.185.110  9533.com
221.130.185.110  www.baxun.com
221.130.185.110  baxun.cn
221.130.185.110  8749.com
221.130.185.110  www.8749.com
221.130.185.110  xrwz.com
221.130.185.110  www.xrwz.com
221.130.185.110  smarttaobao.allyes.com
221.130.185.110  17key.net
221.130.185.110  www.17key.net
127.0.0.1  luosoft.com
127.0.0.1  znmq.com
127.0.0.1  arswp.com
127.0.0.1  pctutu.com
127.0.0.1  tommsoft.com
127.0.0.1  www.luosoft.com
127.0.0.1  www.znmq.com
127.0.0.1  www.arswp.com
127.0.0.1  www.pctutu.com
127.0.0.1  www.tommsoft.com

==================================
进程特权扫描
特殊特权被允许: SeLoadDriverPrivilege [PID = 1552, C:\WINDOWS\FONTS\SYTTEM.EXE]
特殊特权被允许: SeLoadDriverPrivilege [PID = 1640, C:\PROGRAM FILES\CHINANET\VNETCLIENT.EXE]
特殊特权被允许: SeLoadDriverPrivilege [PID = 1656, C:\WINDOWS\SYSTEM32\NVSVC32.EXE]
特殊特权被允许: SeLoadDriverPrivilege [PID = 3884, C:\WINDOWS\FONTS\SVCHOST.EXE]
特殊特权被允许: SeLoadDriverPrivilege [PID = 3324, F:\新建文件夹 (2)\SRENGLDR.EXE]

==================================
API HOOK
N/A

==================================
隐藏进程
N/A

==================================

TOP

ksef0560499

新兵

积分
威望
17  
元宝
0  
铜钱
14  
4楼 发表于 2008-8-15 17:58  只看该作者

回复 2楼 的帖子

大哥  速度啊~!!!!!!!!!!!!!

TOP

guanxiaolei111

笑看人生


四级士官

积分
1073 
威望
2226  
元宝
9  
铜钱
1067  
5楼 发表于 2008-8-15 18:58  只看该作者
1.建议使用XDelBox删除以下文件:(XDelBox1.3下载)
使用说明:删除时复制所有要删除文件的路径,在待删除文件列表里点击右键选择从剪贴板导入,导入后在要删除文件上点击右键,选择立刻重启删除,电脑会重启进入DOS界面进行删除操作。运行xdelbox前最好卸载所有可移动存储介质(包括U盘,MP3,手机存储卡等)。

c:\windows\fonts\svchost.exe
c:\windows\fonts\syttem.exe
c:\windows\system32\evcx8f5.dll
c:\windows\system32\pthreadvc.dll
c:\documents and settings\all users\application data\microsoft\office\userdata\webbrowser_2054.dll
c:\windows\system32\wbem\tenkda.dll
c:\documents and settings\all users\application data\microsoft\office\system\ntptdb.sys
c:\windows\system32\npkycryp.sys
c:\windows\system32\npkcrypt.sys
c:\windows\system32\drivers\gk3q.sys

2.删除重启后使用SREng修复下面各项:

    启动项目 -- 注册表之如下项删除:
[TkBellExe]    <"C:\Program Files\Common Files\Real\Update_OB\realsched.exe"  -osboot>

    启动项目 -- 服务 -- Win32服务应用程序之如下项禁用:
[ACWSIVCWQ / IYPKTNJFPN]    <C:\WINDOWS\system32\svchost.exe -k BJLKFBRTDHGG-->C:\Windows\system32\wbem\TENKDA.DLL>

    启动项目 -- 服务-- 驱动程序之如下项禁用:
[ntptdb / ntptdb]    <\??\C:\Documents and Settings\All Users\Application Data\Microsoft\Office\SYSTEM\ntptdb.sys>
[npkycryp / npkycryp]    <\??\C:\WINDOWS\system32\npkycryp.sys>
[npkcrypt / npkcrypt]    <\??\C:\WINDOWS\system32\npkcrypt.sys>
[gk3 / gk3q]    <\SystemRoot\System32\DRIVERS\gk3q.sys>

    系统修复-- 浏览器加载项之如下项删除:
[IncePrivate Class]    <C:\Documents and Settings\All Users\Application Data\Microsoft\OFFICE\USERDATA\webbrowser_2054.dll>

    系统修复-- HOSTS文件--重置

**************以上分析报告由SREngLog分析助手提供******************
分析:guanxiaolei111
时间:2008-8-15
SREngLog分析助手 1.3 (20071108 更新 BY 草莽书生)
点击下载windows清理助手V2.7

TOP

‹‹ 上一主题 | 下一主题 ››
发新话题