帮同学问的。。具体的看日志吧~~
我同学说他中了木马,然后说用江民清了又出来。然后我叫他扫描了份日志。我初步看下来是启动项的注册表有些有被劫持的迹象,而后就是在大多数的进程中被插入了Gdsad2007.DLL这个文件。网上查了么也没这个资料的,所以对这个也不敢动手,HOSTS文件的开头就觉得很怪的,隐藏的asd。exe这个进程么也不知道是用来干什么的。。以上种种是我粗略看出来的希望那个高手能给个好的解决方法~~谢谢了[code]
2008-08-29,00:06:34
System Repair Engineer 2.6.12.1018
Smallfrogs (http://www.KZTechs.com)
Windows XP Professional Service Pack 2 (Build 2600) - 管理权限用户 - 完整功能
以下内容被选中:
所有的启动项目(包括注册表、启动文件夹、服务等)
浏览器加载项
正在运行的进程(包括进程模块信息)
文件关联
Winsock 提供者
Autorun.inf
HOSTS 文件
进程特权扫描
启动项目
注册表
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
<ctfmon.exe><C:\WINDOWS\system32\ctfmon.exe> [(Verified)Microsoft Windows Publisher]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
<switch><c:\windows\system32\壁纸自动换.exe> []
<NvCplDaemon><RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup> [(Verified)Microsoft Windows Hardware Compatibility Publisher]
<nwiz><nwiz.exe /install> []
<NvMediaCenter><RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit> [(Verified)Microsoft Windows Hardware Compatibility Publisher]
<SoundMan><SOUNDMAN.EXE> [(Verified)Microsoft Windows Hardware Compatibility Publisher]
<snpstd3><C:\WINDOWS\vsnpstd3.exe> []
<KVMON><"C:\Program Files\Jiangmin\AntiVirus\KVMonXP_2.kxp"> [Jiangmin Co.Ltd]
<360Safebox><"D:\360安全软件\360Safebox\safeboxTray.exe" /r> [(Verified)Qizhi Software (beijing) Co. Ltd]
<360Safetray><D:\360安全软件\360safe\safemon\360tray.exe /start> [(Verified)Qizhi Software (beijing) Co. Ltd]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
<shell><Explorer.exe> [(Verified)Microsoft Windows Component Publisher]
<Userinit><C:\WINDOWS\system32\userinit.exe,> [(Verified)Microsoft Windows Publisher]
<UIHost><logonui.exe> [(Verified)Microsoft Windows Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
<WPDShServiceObj><C:\WINDOWS\system32\WPDShServiceObj.dll> [(Verified)Microsoft Windows Component Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WgaLogon]
<WinlogonNotify: WgaLogon><WgaLogon.dll> [(Verified)Microsoft Corporation]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\<{12d0ed0d-0ee0-4f90-8827-78cefb8f4988}]
<IE7 Uninstall Stub><C:\WINDOWS\system32\ieudinit.exe> [(Verified)Microsoft Windows Component Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\>{881dd1c5-3dcf-431b-b061-f3f88e8be88a}]
<Outlook Express><%systemroot%\system32\shmgrate.exe OCInstallUserConfigOE> [File is missing]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{2C7339CF-2B09-4501-B3F3-F3508C9228ED}]
<Themes Setup><%SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll> [File is missing]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{44BBA840-CC51-11CF-AAFA-00AA00B6015C}]
<Microsoft Outlook Express 6><"%ProgramFiles%\Outlook Express\setup50.exe" /APP:OE /CALLER:WINNT /user /install> [File is missing]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{44BBA842-CC51-11CF-AAFA-00AA00B6015B}]
<NetMeeting 3.01><rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msnetmtg.inf,NetMtg.Install.PerUser.NT> [(Verified)Microsoft Windows Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{5945c046-1e7d-11d1-bc44-00c04fd912be}]
<Windows Messenger 4.7><rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msmsgs.inf,BLC.QuietInstall.PerUser> [(Verified)Microsoft Windows Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{6BF52A52-394A-11d3-B153-00C04F79FAA6}]
<Microsoft Windows Media Player><rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\wmp11.inf,PerUserStub> [(Verified)Microsoft Windows Component Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{7790769C-0471-11d2-AF11-00C04FA35D02}]
<通讯簿 6><"%ProgramFiles%\Outlook Express\setup50.exe" /APP:WAB /CALLER:WINNT /user /install> [File is missing]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\avast.exe]
<IFEO[avast.exe]><IFEOFILE> [N/A]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\avcenter.exe]
<IFEO[avcenter.exe]><IFEOFILE> [N/A]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\avguard.exe]
<IFEO[avguard.exe]><IFEOFILE> [N/A]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\guard.exe]
<IFEO[guard.exe]><IFEOFILE> [N/A]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\kav.exe]
<IFEO[kav.exe]><IFEOFILE> [N/A]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\kissvc.exe]
<IFEO[kissvc.exe]><IFEOFILE> [N/A]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\rfwproxy.exe]
<IFEO[rfwproxy.exe]><IFEOFILE> [N/A]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\sched.exe]
<IFEO[sched.exe]><IFEOFILE> [N/A]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\wscntfy.exe]
<IFEO[wscntfy.exe]><IFEOFILE> [N/A]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\wuauclt.exe]
<IFEO[wuauclt.exe]><IFEOFILE> [N/A]
[HKEY_CURRENT_USER\Control Panel\Desktop]
<SCRNSAVE.EXE><C:\WINDOWS\system32\夜光时钟.SCR> []
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
<360Safebox><; "D:\360安全软件\360Safebox\SafeBoxTray.exe" /r> [(Verified)Qizhi Software (beijing) Co. Ltd]
<FixCamera><; C:\WINDOWS\FixCamera.exe> []
<PCSuiteTrayApplication><; C:\PROGRA~1\Nokia\NOKIAP~1\LAUNCH~1.EXE -startup> [Nokia]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
<PcSync><; C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog> [Time Information Services Ltd.]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
<WangWang><; "D:\阿里旺旺\WangWang\WangWang.EXE"> [(Verified)"Alibaba Software(Shanghai)Co,. Ltd"]
<WebThunder><; "D:\web迅雷\WebThunder.exe" /autostart> [(Verified)ShenZhen Thunder Networking Technologies Ltd.]
==================================
启动文件夹
[Adobe Gamma Loader]
<C:\Documents and Settings\All Users\「开始」菜单\程序\启动\Adobe Gamma Loader.lnk --> C:\PROGRA~1\COMMON~1\Adobe\CALIBR~1\ADOBEG~1.EXE [Adobe Systems, Inc.]><N>
[QQ游戏启动加速程序]
<C:\Documents and Settings\zxl\「开始」菜单\程序\启动\QQ游戏启动加速程序.lnk --> D:\QQ\QQGAME\Accel.exe [深圳市腾讯计算机系统有限公司]><N>
[Adobe Gamma]
<C:\Documents and Settings\zxl\「开始」菜单\程序\启动\Adobe Gamma.lnk --> C:\PROGRA~1\COMMON~1\Adobe\CALIBR~1\ADOBEG~1.EXE [Adobe Systems, Inc.]><N>
==================================
服务
[Adobe LM Service / Adobe LM Service][Stopped/Manual Start]
<"C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe"><Adobe Systems>
[Contrl Center of Storm Media / ccosm][Running/Auto Start]
<D:\暴风影音\stormliv.exe /asservice><北京暴风网际科技有限公司>
[Human Interface Device Access / HidServ][Stopped/Disabled]
<C:\WINDOWS\System32\svchost.exe -k netsvcs-->%SystemRoot%\System32\hidserv.dll><N/A>
[KVSrvXP / KVSrvXP][Running/Auto Start]
<C:\Program Files\Jiangmin\AntiVirus\kvsrvxp.exe /Service><Jiangmin Co., Ltd.>
[KVWSC / KVWSC][Running/Auto Start]
<"C:\Program Files\Jiangmin\AntiVirus\KVWSC.exe"><Jiangmin Co.,Ltd>
[NVIDIA Display Driver Service / NVSvc][Running/Auto Start]
<C:\WINDOWS\system32\nvsvc32.exe><NVIDIA Corporation>
[ServiceLayer / ServiceLayer][Stopped/Manual Start]
<"C:\Program Files\Common Files\PCSuite\Services\ServiceLayer.exe"><Nokia.>
==================================
驱动程序
[Intel(r) 82801 Audio Driver Install Service (WDM) / ac97intc][Stopped/Manual Start]
<system32\drivers\ac97intc.sys><Intel Corporation>
[Service for Realtek AC97 Audio (WDM) / ALCXWDM][Running/Manual Start]
<system32\drivers\ALCXWDM.SYS><Realtek Semiconductor Corp.>
[AliIde / AliIde][Running/Boot Start]
<\SystemRoot\System32\DRIVERS\aliide.sys><Acer Laboratories Inc.>
[AMD K8 Processor Driver / AmdK8][Stopped/Manual Start]
<System32\DRIVERS\amdk8.sys><Advanced Micro Devices>
[BsDeamon / BsDeamon][Stopped/System Start]
<\??\C:\PROGRA~1\Jiangmin\ANTIVI~1\BsDeamon.sys><N/A>
[CmdIde / CmdIde][Running/Boot Start]
<\SystemRoot\System32\DRIVERS\cmdide.sys><CMD Technology, Inc.>
[VIA PCI 10/100Mb Fast Ethernet Adapter NT Driver / FETNDIS][Stopped/Manual Start]
<system32\DRIVERS\fetnd5.sys><VIA Technologies, Inc.>
[VIA Rhine Family Fast Ethernet Adapter Driver Service / FETNDISB][Running/Manual Start]
<system32\DRIVERS\fetnd5b.sys><VIA Technologies, Inc.>
[KAnalyser / KAnalyser][Stopped/System Start]
<\??\C:\PROGRA~1\Jiangmin\ANTIVI~1\KANALY~1.SYS><Jiangmin Co.,Ltd.>
[KPGuard / KPGuard][Running/System Start]
<\??\C:\PROGRA~1\Jiangmin\ANTIVI~1\KPGuard.sys><Jiangmin Co., Ltd.>
[KRegEx / KRegEx][Running/System Start]
<\??\C:\PROGRA~1\Jiangmin\ANTIVI~1\KRegEx.sys><Jiangmin Co. Ltd.>
[Jiangmin Antivirus Software / KSysCall][Running/System Start]
<\??\C:\PROGRA~1\Jiangmin\common\KSysCall.sys><Jiangmin Co., Ltd.>
[KSysFilter / KSysFilter][Running/Boot Start]
<\SystemRoot\System32\Drivers\KSysFilt.sys><Jiangmin Co. Ltd.>
[KSysMon / KSysMon][Running/System Start]
<\??\C:\PROGRA~1\Jiangmin\ANTIVI~1\KSysMon.sys><Jiangmin Co. Ltd.>
[KVDP / KVDP][Running/Manual Start]
<\??\C:\Program Files\Jiangmin\AntiVirus\KVDP.sys><Jiangmin Co., Ltd.>
[KVREDIR / KVREDIR][Running/System Start]
<\??\C:\Program Files\Jiangmin\AntiVirus\KVREDIR.sys><Jiangmin Co., Ltd.>
[Nokia USB Generic / Nokia USB Generic][Stopped/Manual Start]
<system32\drivers\nmwcdc.sys><Nokia>
[Nokia USB Modem / Nokia USB Modem][Stopped/Manual Start]
<system32\drivers\nmwcdcm.sys><Nokia>
[Nokia USB Phone Parent / Nokia USB Phone Parent][Stopped/Manual Start]
<system32\drivers\nmwcd.sys><Nokia>
[Nokia USB Port / Nokia USB Port][Stopped/Manual Start]
<system32\drivers\nmwcdcj.sys><Nokia>
[npkcrypt / npkcrypt][Stopped/Auto Start]
<\??\D:\QQ2007\npkcrypt.sys><N/A>
[nv / nv][Running/Manual Start]
<system32\DRIVERS\nv4_mini.sys><NVIDIA Corporation>
[PProtect / PProtect][Stopped/System Start]
<\??\C:\PROGRA~1\KV2006\PProtect.sys><N/A>
[Direct Parallel Link Driver / Ptilink][Running/Manual Start]
<system32\DRIVERS\ptilink.sys><Parallel Technologies, Inc.>
[SafeBoxKrnl / SafeBoxKrnl][Running/System Start]
<\??\D:\360安全软件\360Safebox\SafeBoxKrnl.sys><360安全中心>
[Secdrv / Secdrv][Stopped/Manual Start]
<system32\DRIVERS\secdrv.sys><Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.>
[USB PC Camera (SNPSTD3) / SNPSTD3][Running/Manual Start]
<system32\DRIVERS\snpstd3.sys><>
[VIA AGP Filter / viaagp1][Running/Boot Start]
<\SystemRoot\system32\DRIVERS\viaagp1.sys><VIA Technologies, Inc.>
[VIAMRAID / VIAMRAID][Stopped/Boot Start]
<\SystemRoot\system32\DRIVERS\viamraid.sys><VIA Technologies inc,.ltd>
==================================
浏览器加载项
[WebThunder Browser Helper]
{00000AAA-A363-466E-BEF5-9BB68697AA7F} <D:\web迅雷\WebThunderBHO_Now.dll, (Signed) Thunder Networking Technologies,LTD>
[BrowseHelper Class]
{80BF4637-D65B-43F3-BB60-C5DD3D5FB7B9} <C:\Program Files\Jiangmin\AntiVirus\KVshell.dll, Jiangmin Co.Ltd>
[SafeMon Class]
{B69F34DD-F0F9-42DC-9EDD-957187DA688D} <D:\360安全软件\360safe\safemon\safemon.dll, (Signed) 360.CN>
[启动WEB迅雷]
{962EFB8E-2683-42d4-AC74-AAA4C759B9C6} <http://my.xunlei.com, N/A>
[]
{e2e2dd38-d088-4134-82b7-f2ba38496583} <%windir%\Network Diagnostic\xpnetdiag.exe, (Signed) N/A>
[江民杀毒工具栏]
{B5A34A93-D538-43A7-8371-864CB6148D12} <C:\Program Files\Jiangmin\AntiVirus\KVshell.dll, Jiangmin Co.Ltd>
[PhotoDraw Class]
{2375BEE5-F175-4F1C-81EC-8E4E2E72E2DD} <D:\QQ\Qzone\QQPhotoDraw.dll, (Signed) TENCENT>
[EditCtrl Class]
{488A4255-3236-44B3-8F27-FA1AECAA8844} <C:\WINDOWS\system32\aliedit\aliedit.dll, (Signed) >
[AxSubmitControl Class]
{8D9E0B29-563C-4226-86C1-5FF2AE77E1D2} <C:\WINDOWS\DOWNLO~1\SUBMIT~1.DLL, >
[]
{9C3C2C08-C494-4F52-AE94-85156A447D43} <, >
[Shockwave Flash Object]
{D27CDB6E-AE6D-11CF-96B8-444553540000} <C:\WINDOWS\system32\Macromed\Flash\Flash9f.ocx, (Signed) Adobe Systems, Inc.>
[WebThunder Browser Helper]
{00000AAA-A363-466E-BEF5-9BB68697AA7F} <D:\web迅雷\WebThunderBHO_Now.dll, (Signed) Thunder Networking Technologies,LTD>
[WebThunder Class]
{03507A1A-E0C5-4404-AA26-205385C0892D} <, >
[iTrusPTA Class]
{1E0DFFCF-27FF-4574-849B-55007349FEDA} <C:\WINDOWS\system32\aliedit\pta.dll, (Signed) >
[Windows Media Player]
{22D6F312-B0F6-11D0-94AB-0080C74C7E95} <C:\WINDOWS\system32\wmpdxm.dll, (Signed) Microsoft Corporation>
[PhotoDraw Class]
{2375BEE5-F175-4F1C-81EC-8E4E2E72E2DD} <D:\QQ\Qzone\QQPhotoDraw.dll, (Signed) TENCENT>
[HTML Document]
{25336920-03F9-11CF-8FD0-00AA00686F13} <C:\WINDOWS\system32\mshtml.dll, (Signed) Microsoft Corporation>
[XML DOM Document]
{2933BF90-7B36-11D2-B20E-00C04F983E60} <%SystemRoot%\system32\msxml3.dll, (Signed) N/A>
[DHTML Edit Control Safe for Scripting for IE5]
{2D360201-FFF5-11D1-8D03-00A0C959BC0A} <C:\Program Files\Common Files\Microsoft Shared\Triedit\dhtmled.ocx, (Signed) Microsoft Corporation>
[WebThunder DapPlayer]
{2EEDA47E-8D5C-4d7e-B4B6-E16E19218555} <D:\web迅雷\DownAndPlay\DapPlayer3.0.41.65.641.dll, ShenZhen Thunder Networking Technologies Ltd.>
[]
{2F364306-AA45-47B5-9F9D-39A8B94E7EF7} <, >
[HtmlDlgSafeHelper Class]
{3050F819-98B5-11CF-BB82-00AA00BDCE0B} <C:\WINDOWS\system32\mshtmled.dll, (Signed) Microsoft Corporation>
[IETag Factory]
{38481807-CA0E-42D2-BF39-B33AF135CC4D} <C:\PROGRA~1\COMMON~1\MICROS~1\SMARTT~1\IETAG.DLL, (Signed) Microsoft Corporation>
[XML Document]
{48123BC4-99D9-11D1-A6B3-00C04FD91555} <%SystemRoot%\system32\msxml3.dll, (Signed) N/A>
[EditCtrl Class]
{488A4255-3236-44B3-8F27-FA1AECAA8844} <C:\WINDOWS\system32\aliedit\aliedit.dll, (Signed) >
[WUWebControl Class]
{6414512B-B978-451D-A0D8-FCFDF33E833C} <C:\WINDOWS\system32\wuweb.dll, (Signed) Microsoft Corporation>
[XMP Class]
{6483F145-A768-4C41-AACC-52D4D7845851} <C:\Documents and Settings\All Users\Application Data\Thunder Network\KanKan\xplayer.dll_1_work, >
[XDRM]
{693571CB-54A3-4E90-9D52-EEAE1334E2D3} <C:\Documents and Settings\All Users\Application Data\Thunder Network\KanKan\xdrm.dll_1_work, >
[StormPlayer Object]
{6BE52E1D-E586-474F-A6E2-1A85A9B4D9FB} <D:\暴风影音\mps.dll, (Signed) 北京暴风网际科技有限公司>
[Windows Media Player]
{6BF52A52-394A-11D3-B153-00C04F79FAA6} <C:\WINDOWS\system32\wmp.dll, (Signed) Microsoft Corporation>
[WangWangObj Class]
{6E213FC7-DD5A-4115-B7E6-D4C7838C361E} <D:\阿里旺旺\WangWang\WangWangX6.dll, (Signed) 阿里巴巴软件(上海)有限公司>
[Active Desktop Mover]
{72267F6A-A6F9-11D0-BC94-00C04FB67863} <%SystemRoot%\system32\SHELL32.dll, (Signed) N/A>
[AxInputControl Class]
{73E4740C-08EB-4133-896B-8D0A7C9EE3CD} <C:\WINDOWS\DOWNLO~1\INPUTC~1.DLL, >
[WBEM Scripting Sink]
{75718C9A-F029-11D1-A1AC-00C04FB6C223} <C:\WINDOWS\system32\wbem\wbemdisp.dll, (Signed) Microsoft Corporation>
[MediaComm Class]
{7670648D-461B-42AF-BDFE-46D26AF5EFF2} <D:\web迅雷\InMedia\MediaAddin13.dll, Thunder Networking Technologies,LTD>
[WBEM Scripting Locator]
{76A64158-CB41-11D1-8B02-00600806D9B6} <C:\WINDOWS\system32\wbem\wbemdisp.dll, (Signed) Microsoft Corporation>
[BrowseHelper Class]
{80BF4637-D65B-43F3-BB60-C5DD3D5FB7B9} <C:\Program Files\Jiangmin\AntiVirus\KVshell.dll, Jiangmin Co.Ltd>
[360SafeLive]
{87515F61-A66C-4319-A0E0-D416CB8059E3} <D:\360安全软件\360safe\live.dll, (Signed) 360.cn>
[Microsoft Web Browser]
{8856F961-340A-11D0-A96B-00C04FD705A2} <C:\WINDOWS\system32\ieframe.dll, (Signed) Microsoft Corporation>
[]
{889D2FEB-5411-4565-8998-1DD2C5261283} <, >
[XML DOM Document 4.0]
{88D969C0-F192-11D4-A65F-0040963251E5} <C:\WINDOWS\system32\msxml4.dll, Microsoft Corporation>
[XML HTTP 4.0]
{88D969C5-F192-11D4-A65F-0040963251E5} <C:\WINDOWS\system32\msxml4.dll, Microsoft Corporation>
[XML DOM 文档 5.0]
{88D969E5-F192-11D4-A65F-0040963251E5} <C:\Program Files\Common Files\Microsoft Shared\OFFICE11\MSXML5.DLL, Microsoft Corporation>
[XML HTTP 5.0]
{88D969EA-F192-11D4-A65F-0040963251E5} <C:\Program Files\Common Files\Microsoft Shared\OFFICE11\MSXML5.DLL, Microsoft Corporation>
[AxSubmitControl Class]
{8D9E0B29-563C-4226-86C1-5FF2AE77E1D2} <C:\WINDOWS\DOWNLO~1\SUBMIT~1.DLL, >
[]
{962EFB8E-2683-42D4-AC74-AAA4C759B9C6} <, >
[]
{9C3C2C08-C494-4F52-AE94-85156A447D43} <, >
[RMGetLicense Class]
{A9FC132B-096D-460B-B7D5-1DB0FAE0C062} <C:\WINDOWS\system32\msnetobj.dll, (Signed) Microsoft Corporation>
[Thunder DapCtrl]
{ACACC6EB-1FBA-4E13-A729-53AEB2DF54F8} <C:\Documents and Settings\All Users\Application Data\Thunder Network\KanKan\DapCtrl1.5.578.28.641.dll, ShenZhen Thunder Networking Technologies Ltd.>
[Microsoft Scriptlet Component]
{AE24FDAE-03C6-11D1-8B76-0080C744F389} <C:\WINDOWS\system32\mshtml.dll, (Signed) Microsoft Corporation>
[SearchAssistantOC]
{B45FF030-4447-11D2-85DE-00C04FA35C89} <%SystemRoot%\system32\shdocvw.dll, (Signed) N/A>
[江民杀毒工具栏]
{B5A34A93-D538-43A7-8371-864CB6148D12} <C:\Program Files\Jiangmin\AntiVirus\KVshell.dll, Jiangmin Co.Ltd>
[SafeMon Class]
{B69F34DD-F0F9-42DC-9EDD-957187DA688D} <D:\360安全软件\360safe\safemon\safemon.dll, (Signed) 360.CN>
[RDS.DataSpace]
{BD96C556-65A3-11D0-983A-00C04FC29E36} <C:\Program Files\Common Files\System\msadc\msadco.dll, (Signed) Microsoft Corporation>
[]
{BE830FD4-E393-417F-9F4B-CC70ABB3384C} <, >
[QQPlayerCtrl Class]
{CD108273-D434-43E6-AA90-1469F97EB398} <D:\QQMusic\QzoneMusic.dll, N/A>
[AUDIO__MID Moniker Class]
{CD3AFA74-B84F-48F0-9393-7EDC34128127} <C:\WINDOWS\system32\wmp.dll, (Signed) Microsoft Corporation>
[AUDIO__MP3 Moniker Class]
{CD3AFA76-B84F-48F0-9393-7EDC34128127} <C:\WINDOWS\system32\wmp.dll, (Signed) Microsoft Corporation>
[RealPlayer G2 Control]
{CFCDAA03-8BE4-11CF-B84B-0020AFBBCCFA} <C:\WINDOWS\system32\rmoc3260.dll, (Signed) RealNetworks, Inc.>
[Shockwave Flash Object]
{D27CDB6E-AE6D-11CF-96B8-444553540000} <C:\WINDOWS\system32\Macromed\Flash\Flash9f.ocx, (Signed) Adobe Systems, Inc.>
[PlayerCtrl Class]
{E05BC2A3-9A46-4A32-80C9-023A473F5B23} <D:\QQMusic\QzoneMusic.dll, N/A>
[]
{E2E2DD38-D088-4134-82B7-F2BA38496583} <, >
[PasswordEditCtrl Class]
{E787FD25-8D7C-4693-AE67-9406BC6E22DF} <C:\WINDOWS\system32\qqedit\qqedit.dll, (Signed) 腾讯科技(深圳)有限公司>
[TimwpDll.TimwpCheck]
{ED4CA2E5-0EEA-44C1-AD7E-74A07A7507A4} <D:\QQ\Timwp.dll, (Signed) TENCENT>
[XML HTTP Request]
{ED8C108E-4349-11D2-91A4-00C04F7969E8} <%SystemRoot%\system32\msxml3.dll, (Signed) N/A>
[Thunder DapCtrl]
{EF1EA76E-5428-4e40-85A1-D4DD2893183A} <D:\web迅雷\DownAndPlay\DapCtrl1.3.17.20.403.dll, ShenZhen Thunder Networking Technologies Ltd.>
[]
{F08555B0-9CC3-11D2-AA8E-000000000000} <, >
[]
{F156768E-81EF-470C-9057-481BA8380DBA} <, >
[XPPlayer Class]
{F3E70CEA-956E-49CC-B444-73AFE593AD7F} <C:\Documents and Settings\All Users\Application Data\Thunder Network\KanKan\pplayer.dll_1_work, Thunder>
[XML DOM Document 3.0]
{F5078F32-C551-11D3-89B9-0000F81FE221} <%SystemRoot%\system32\msxml3.dll, (Signed) N/A>
[XML HTTP 3.0]
{F5078F35-C551-11D3-89B9-0000F81FE221} <%SystemRoot%\system32\msxml3.dll, (Signed) N/A>
[XML DOM Document]
{F6D90F11-9C73-11D3-B32E-00C04F990BB4} <%SystemRoot%\system32\msxml3.dll, (Signed) N/A>
[XML HTTP]
{F6D90F16-9C73-11D3-B32E-00C04F990BB4} <%SystemRoot%\system32\msxml3.dll, (Signed) N/A>
[InfoCheck Class]
{F91BA567-79B9-467E-BC97-5DBA01BBC5EE} <D:\阿里旺旺\WangWang\Ali_Check.dll, >
[]
{FB5F1910-F110-11D2-BB9E-00C04F795683} <, >
[InstallCheck Class]
{FFB8C97E-39D4-4E8A-9FE4-B451A0D6CA65} <D:\阿里旺旺\WangWang\Ali_Check.dll, >
[&使用快车(FlashGet)下载]
<C:\Program Files\FlashGet\jc_link.htm, N/A>
[使用Web迅雷下载]
<D:\web迅雷\GetUrl.htm, N/A>
[使用Web迅雷下载全部链接]
<D:\web迅雷\GetAllUrl.htm, N/A>
[使用迅雷下载]
<C:\Program Files\Thunder\Program\geturl.htm, N/A>
[导出到 Microsoft Office Excel(&X)]
<res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000, N/A>
[添加到QQ表情]
<D:\QQ\AddEmotion.htm, N/A>
==================================
正在运行的进程
[PID: 568 / SYSTEM][\SystemRoot\System32\smss.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 636 / SYSTEM][\??\C:\WINDOWS\system32\csrss.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 660 / SYSTEM][\??\C:\WINDOWS\system32\winlogon.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[C:\WINDOWS\system32\WgaLogon.dll] [Microsoft Corporation, 1.7.0018.7]
[C:\WINDOWS\system32\msacm32.drv] [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)]
[PID: 704 / SYSTEM][C:\WINDOWS\system32\services.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[C:\WINDOWS\AppPatch\AcAdProc.dll] [Microsoft Corporation, 5.1.2600.3008 (xpsp.061004-0027)]
[PID: 716 / SYSTEM][C:\WINDOWS\system32\lsass.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 864 / SYSTEM][C:\WINDOWS\system32\svchost.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 944 / NETWORK SERVICE][C:\WINDOWS\system32\svchost.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 1036 / SYSTEM][C:\WINDOWS\System32\svchost.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[C:\WINDOWS\system32\Normaliz.dll] [Microsoft Corporation, 6.0.5441.0 (winmain(wmbla).060628-1735)]
[C:\WINDOWS\system32\iertutil.dll] [Microsoft Corporation, 7.00.6000.16705 (vista_gdr.080618-1506)]
[PID: 1092 / NETWORK SERVICE][C:\WINDOWS\system32\svchost.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 1200 / LOCAL SERVICE][C:\WINDOWS\system32\svchost.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[C:\WINDOWS\system32\Normaliz.dll] [Microsoft Corporation, 6.0.5441.0 (winmain(wmbla).060628-1735)]
[C:\WINDOWS\system32\iertutil.dll] [Microsoft Corporation, 7.00.6000.16705 (vista_gdr.080618-1506)]
[PID: 1408 / SYSTEM][C:\WINDOWS\system32\spoolsv.exe] [Microsoft Corporation, 5.1.2600.2696 (xpsp_sp2_gdr.050610-1519)]
[PID: 1640 / zxl][C:\WINDOWS\Explorer.EXE] [Microsoft Corporation, 6.00.2900.3156 (xpsp_sp2_gdr.070613-1234)]
[C:\WINDOWS\system32\Normaliz.dll] [Microsoft Corporation, 6.0.5441.0 (winmain(wmbla).060628-1735)]
[C:\WINDOWS\system32\iertutil.dll] [Microsoft Corporation, 7.00.6000.16705 (vista_gdr.080618-1506)]
[C:\WINDOWS\system32\ieframe.dll] [Microsoft Corporation, 7.00.6000.16705 (vista_gdr.080618-1506)]
[C:\WINDOWS\system32\WPDShServiceObj.dll] [Microsoft Corporation, 5.2.5721.5145 (WMP_11.061018-2006)]
[C:\WINDOWS\system32\PortableDeviceTypes.dll] [Microsoft Corporation, 5.2.5721.5145 (WMP_11.061018-2006)]
[C:\WINDOWS\system32\PortableDeviceApi.dll] [Microsoft Corporation, 5.2.5721.5145 (WMP_11.061018-2006)]
[C:\WINDOWS\system32\msacm32.drv] [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)]
[D:\360安全软件\360safe\safemon\safemon.dll] [360.CN, 4, 2, 0, 1005]
[C:\Program Files\WinRAR\rarext.dll] [N/A, ]
[C:\Program Files\Jiangmin\AntiVirus\KVshell.dll] [Jiangmin Co.Ltd, 1, 0, 7, 806]
[C:\WINDOWS\system32\HiveBase.dll] [Jiangmin Co., Ltd., 1, 0, 7, 226]
[C:\Program Files\Jiangmin\AntiVirus\lang\kvxp0804.lng] [N/A, ]
[C:\Program Files\Nokia\Nokia PC Suite 6\PhoneBrowser.dll] [Nokia, 6, 81, 46, 1]
[C:\Program Files\Nokia\Nokia PC Suite 6\PCSCM.dll] [Nokia, 6, 81, 68, 0]
[C:\WINDOWS\system32\ConnAPI.DLL] [Nokia., 6, 81, 62, 0]
[C:\WINDOWS\system32\MSVCP71.dll] [Microsoft Corporation, 7.10.3077.0]
[C:\WINDOWS\system32\MSVCR71.dll] [Microsoft Corporation, 7.10.3052.4]
[C:\Program Files\Nokia\Nokia PC Suite 6\Lang\PhoneBrowser_chi-sc.nlr] [Nokia, 6, 81, 29, 0]
[C:\Program Files\Nokia\Nokia PC Suite 6\Resource\PhoneBrowser_Nokia.ngr] [Nokia, 6, 81, 11, 0]
[C:\WINDOWS\system32\nvshell.dll] [, ]
[C:\WINDOWS\Gdsad2007.DLL] [N/A, ]
[C:\Program Files\Jiangmin\common\GUIEXT.DLL] [Jiangmin Co.Ltd, 1, 0, 7, 626]
[C:\Program Files\Jiangmin\common\lang\guiext0804.lng] [JiangMin Ltd., 7, 1, 0, 200]
[C:\WINDOWS\system32\UNISPIM6.IME] [北京紫光华宇软件股份有限公司, 6.0.0.6117]
[D:\web迅雷\WebThunderBHO_Now.dll] [Thunder Networking Technologies,LTD, 5, 0, 8, 75]
[C:\Program Files\Microsoft Office\OFFICE11\msohev.dll] [Microsoft Corporation, 11.0.5510]
[D:\QQ\qdshm.dll] [, 1, 0, 101, 20]
[D:\QQ\MFC42.DLL] [Microsoft Corporation, 6.00.8665.0]
[PID: 1820 / zxl][C:\WINDOWS\SOUNDMAN.EXE] [Realtek Semiconductor Corp., 5, 1, 0, 58]
[C:\WINDOWS\Gdsad2007.DLL] [N/A, ]
[C:\WINDOWS\system32\Normaliz.dll] [Microsoft Corporation, 6.0.5441.0 (winmain(wmbla).060628-1735)]
[C:\WINDOWS\system32\iertutil.dll] [Microsoft Corporation, 7.00.6000.16705 (vista_gdr.080618-1506)]
[PID: 1860 / zxl][D:\360安全软件\360safe\safemon\360tray.exe] [奇虎网, 5, 0, 0, 1002]
[C:\WINDOWS\system32\iertutil.dll] [Microsoft Corporation, 7.00.6000.16705 (vista_gdr.080618-1506)]
[C:\WINDOWS\system32\Normaliz.dll] [Microsoft Corporation, 6.0.5441.0 (winmain(wmbla).060628-1735)]
[D:\360安全软件\360safe\safemon\safemon.dll] [360.CN, 4, 2, 0, 1005]
[D:\360安全软件\360safe\safemon\SafeKrnl.dll] [奇虎网, 4, 3, 0, 1003]
[D:\360安全软件\360safe\AntiAdwa.dll] [360Safe.com, 4, 2, 0, 1001]
[C:\WINDOWS\Gdsad2007.DLL] [N/A, ]
[D:\360安全软件\360safe\live.dll] [360.cn, 1, 0, 1, 1028]
[PID: 1888 / zxl][C:\WINDOWS\system32\ctfmon.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[C:\WINDOWS\Gdsad2007.DLL] [N/A, ]
[C:\WINDOWS\system32\Normaliz.dll] [Microsoft Corporation, 6.0.5441.0 (winmain(wmbla).060628-1735)]
[C:\WINDOWS\system32\iertutil.dll] [Microsoft Corporation, 7.00.6000.16705 (vista_gdr.080618-1506)]
[PID: 124 / zxl][C:\WINDOWS\system32\conime.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[D:\360安全软件\360safe\safemon\safemon.dll] [360.CN, 4, 2, 0, 1005]
[C:\WINDOWS\Gdsad2007.DLL] [N/A, ]
[C:\WINDOWS\system32\Normaliz.dll] [Microsoft Corporation, 6.0.5441.0 (winmain(wmbla).060628-1735)]
[C:\WINDOWS\system32\iertutil.dll] [Microsoft Corporation, 7.00.6000.16705 (vista_gdr.080618-1506)]
[PID: 1352 / SYSTEM][D:\暴风影音\stormliv.exe] [北京暴风网际科技有限公司, 3, 8, 6, 20]
[D:\暴风影音\MSVCP60.dll] [Microsoft Corporation, 6.02.3104.0]
[C:\WINDOWS\system32\Normaliz.dll] [Microsoft Corporation, 6.0.5441.0 (winmain(wmbla).060628-1735)]
[C:\WINDOWS\system32\iertutil.dll] [Microsoft Corporation, 7.00.6000.16705 (vista_gdr.080618-1506)]
[PID: 1712 / SYSTEM][C:\Program Files\Jiangmin\AntiVirus\KVWSC.exe] [Jiangmin Co.,Ltd, 1, 0, 7, 131]
[C:\Program Files\Jiangmin\Kernel\EngFace.dll] [Jiangmin Co., Ltd., 2, 0, 8, 514]
[C:\WINDOWS\system32\HiveBase.dll] [Jiangmin Co., Ltd., 1, 0, 7, 226]
[C:\WINDOWS\system32\KVInstall.dll] [Jiangmin Co.,Ltd, 2, 0, 7, 831]
[PID: 1872 / SYSTEM][C:\WINDOWS\system32\nvsvc32.exe] [NVIDIA Corporation, 6.14.10.9136]
[C:\WINDOWS\Gdsad2007.DLL] [N/A, ]
[C:\WINDOWS\system32\Normaliz.dll] [Microsoft Corporation, 6.0.5441.0 (winmain(wmbla).060628-1735)]
[C:\WINDOWS\system32\iertutil.dll] [Microsoft Corporation, 7.00.6000.16705 (vista_gdr.080618-1506)]
[PID: 160 / SYSTEM][C:\WINDOWS\system32\svchost.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 2312 / LOCAL SERVICE][C:\WINDOWS\System32\alg.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 1568 / zxl][C:\WINDOWS\system32\DllHost.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[D:\360安全软件\360safe\safemon\safemon.dll] [360.CN, 4, 2, 0, 1005]
[C:\WINDOWS\Gdsad2007.DLL] [N/A, ]
[C:\WINDOWS\system32\Normaliz.dll] [Microsoft Corporation, 6.0.5441.0 (winmain(wmbla).060628-1735)]
[C:\WINDOWS\system32\iertutil.dll] [Microsoft Corporation, 7.00.6000.16705 (vista_gdr.080618-1506)]
[C:\Program Files\Jiangmin\common\ComUI.dll] [Jiangmin Co,.Ltd, 1, 0, 7, 112]
[C:\Program Files\Jiangmin\common\ComUIPS.dll] [Jiangmin Co.Ltd, 1.0.0.808]
[PID: 1160 / zxl][D:\360安全软件\360safe\360Safe.exe] [奇虎网, 4, 3, 0, 1007]
[D:\360安全软件\360safe\safemon\safemon.dll] [360.CN, 4, 2, 0, 1005]
[C:\WINDOWS\Gdsad2007.DLL] [N/A, ]
[C:\WINDOWS\system32\Normaliz.dll] [Microsoft Corporation, 6.0.5441.0 (winmain(wmbla).060628-1735)]
[C:\WINDOWS\system32\iertutil.dll] [Microsoft Corporation, 7.00.6000.16705 (vista_gdr.080618-1506)]
[D:\360安全软件\360safe\AntiAdwa.dll] [360Safe.com, 4, 2, 0, 1001]
[D:\360安全软件\360safe\AntiEng.dll] [360Safe.com, 4, 3, 0, 1001]
[C:\WINDOWS\system32\ieframe.dll] [Microsoft Corporation, 7.00.6000.16705 (vista_gdr.080618-1506)]
[D:\360安全软件\360safe\Antispy.dll] [奇虎网, 4, 2, 0, 1005]
[PID: 2936 / zxl][C:\Program Files\Jiangmin\AntiVirus\kvxp.kxp] [Jiangmin Co.,Ltd, 1, 0, 7, 1102]
[C:\WINDOWS\system32\iertutil.dll] [Microsoft Corporation, 7.00.6000.16705 (vista_gdr.080618-1506)]
[C:\WINDOWS\system32\Normaliz.dll] [Microsoft Corporation, 6.0.5441.0 (winmain(wmbla).060628-1735)]
[D:\360安全软件\360safe\safemon\safemon.dll] [360.CN, 4, 2, 0, 1005]
[C:\WINDOWS\Gdsad2007.DLL] [N/A, ]
[C:\WINDOWS\system32\HiveBase.dll] [Jiangmin Co., Ltd., 1, 0, 7, 226]
[C:\Program Files\Jiangmin\Kernel\EngFace.dll] [Jiangmin Co., Ltd., 2, 0, 8, 514]
[C:\WINDOWS\system32\KVInstall.dll] [Jiangmin Co.,Ltd, 2, 0, 7, 831]
[C:\Program Files\Jiangmin\AntiVirus\kvxpuw.dll] [Jiangmin Co.,Ltd, 1, 0, 7, 1102]
[C:\Program Files\Jiangmin\AntiVirus\lang\kvxp0804.lng] [N/A, ]
[C:\Program Files\Jiangmin\common\GUIEXT.DLL] [Jiangmin Co.Ltd, 1, 0, 7, 626]
[C:\Program Files\Jiangmin\common\lang\guiext0804.lng] [JiangMin Ltd., 7, 1, 0, 200]
[C:\Program Files\Jiangmin\AntiVirus\KvInterpreter.dll] [Jiangmin Co., Ltd., 10, 0, 7, 417]
[C:\WINDOWS\system32\wpdshext.dll] [Microsoft Corporation, 5.2.5721.5145 (WMP_11.061018-2006)]
[C:\WINDOWS\system32\PortableDeviceApi.dll] [Microsoft Corporation, 5.2.5721.5145 (WMP_11.061018-2006)]
[C:\WINDOWS\system32\Audiodev.dll] [Microsoft Corporation, 5.2.5721.5145 (WMP_11.061018-2006)]
[C:\Program Files\Jiangmin\AntiVirus\VirusUpload.dll] [, 2, 2, 7, 607]
[C:\Program Files\Jiangmin\Kernel\Scan.dll] [Jiangmin Co., Ltd., 2, 0, 8, 525]
[C:\Program Files\Jiangmin\AntiVirus\ScanSet.dll] [Jiangmin Co., Ltd., 1, 0, 7, 621]
[C:\Program Files\Jiangmin\AntiVirus\lang\scanset0804.lng] [Jiangmin Co., Ltd., 1, 0, 7, 621]
[PID: 2656 / zxl][D:\QQ\QQ.exe] [TENCENT, 8,0,978,1833]
[D:\QQ\QQBaseClassInDll.dll] [TENCENT, 8,0,978,1833]
[D:\QQ\QQHelperDll.dll] [TENCENT, 8,0,978,1833]
[D:\QQ\BasicCtrlDll.dll] [TENCENT, 8,0,978,1833]
[D:\QQ\MFC42.DLL] [Microsoft Corporation, 6.00.8665.0]
[C:\WINDOWS\system32\Normaliz.dll] [Microsoft Corporation, 6.0.5441.0 (winmain(wmbla).060628-1735)]
[C:\WINDOWS\system32\iertutil.dll] [Microsoft Corporation, 7.00.6000.16705 (vista_gdr.080618-1506)]
[D:\360安全软件\360safe\safemon\safemon.dll] [360.CN, 4, 2, 0, 1005]
[C:\WINDOWS\Gdsad2007.DLL] [N/A, ]
[D:\QQ\RICHED32.DLL] [Microsoft Corporation, 5.00.2134.1]
[D:\QQ\RICHED20.dll] [Jiangmin Co Ltd, 10, 0, 0, 831]
[D:\QQ\riched20_.dll] [Microsoft Corporation, 5.31.23.1218]
[D:\QQ\QQAPI.dll] [TENCENT, 8,0,978,1833]
[D:\QQ\LoginCtrl.dll] [TENCENT, 8,0,978,1833]
[D:\QQ\LoginCtrlRes.dll] [TENCENT, 8,0,978,1833]
[D:\QQ\QQRes.dll] [TENCENT, 8,0,978,1833]
[D:\QQ\QQMainFrame.dll] [TENCENT, 8,0,978,1833]
[D:\QQ\gdiplus.dll] [Microsoft Corporation, 5.1.3102.2180 (xpsp_sp2_rtm.040803-2158)]
[D:\QQ\QQPlugin.dll] [TENCENT, 8,0,978,1833]
[D:\QQ\UnReadMsgMgr.dll] [TENCENT, 8,0,978,1833]
[D:\QQ\QQAllInOne.dll] [TENCENT, 8,0,978,1833]
[D:\QQ\SCCore.dll] [TENCENT, 1, 6, 0, 2]
[D:\QQ\CameraDll.dll] [TENCENT, 8,0,978,1833]
[D:\QQ\CQQApplication.dll] [TENCENT, 8,0,978,1833]
[D:\QQ\FlashAvatarDll.dll] [, 1, 0, 0, 1]
[D:\QQ\NewSkin.dll] [TENCENT, 8,0,978,1833]
[D:\QQ\MailSummary.dll] [TENCENT, 8,0,978,1833]
[D:\QQ\QQSpace.dll] [TENCENT, 8,0,978,1833]
[D:\QQ\vbscript.dll] [Microsoft Corporation, 5.6.0.7426]
[C:\WINDOWS\system32\Macromed\Flash\Flash9f.ocx] [Adobe Systems, Inc., 9,0,124,0]
[C:\WINDOWS\system32\msacm32.drv] [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)]
[C:\WINDOWS\system32\ieframe.dll] [Microsoft Corporation, 7.00.6000.16705 (vista_gdr.080618-1506)]
[C:\WINDOWS\system32\msdmo.dll] [, ]
[D:\QQ\OEMApplication.dll] [TENCENT, 8,0,978,1833]
[D:\QQ\QQAvatar.dll] [TENCENT, 8,0,978,1833]
[D:\QQ\QQKnowledgeSearch.dll] [TENCENT, 8,0,978,1833]
[D:\QQ\QQGroupMng.dll] [TENCENT, 8,0,978,1833]
[D:\QQ\QQPet.dll] [TENCENT, 8,0,978,1833]
[D:\QQ\QRingMng.dll] [TENCENT, 8,0,978,1833]
[D:\QQ\QQSysMsgMng.dll] [TENCENT, 8,0,978,1833]
[D:\QQ\UserDefinedHead.dll] [TENCENT, 8,0,978,1833]
[D:\QQ\QQConfigPlugin.dll] [TENCENT, 8,0,978,1833]
[D:\QQ\QQCustomFace.dll] [TENCENT, 8,0,978,1833]
[D:\QQ\LongConnection.dll] [TENCENT, 8,0,978,1833]
[C:\WINDOWS\system32\msadp32.acm] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[D:\QQ\PhoneAPI.dll] [TENCENT, 8,0,978,1833]
[D:\QQ\DialerAllinOne.dll] [tencent, 1, 4, 0, 0]
[C:\Program Files\Jiangmin\AntiVirus\KVGuard.dll] [Jiangmin Co Ltd, 10, 0, 0, 831]
[C:\Program Files\Jiangmin\AntiVirus\lang\KVGuard0804.lng] [JiangMin Ltd., 10, 0, 6, 812]
[C:\Program Files\Jiangmin\AntiVirus\KVAddrDb.dll] [Jiangmin Co., Ltd., 1.0.0.1]
[D:\QQ\ImageOle.dll] [TENCENT, 8,0,978,1833]
[D:\QQ\QQMagicFace.dll] [TENCENT, 8,0,978,1833]
[D:\QQ\QQLiveQMng.dll] [TENCENT, 8,0,978,1833]
[D:\QQ\BQQApplication.dll] [TENCENT, 8,0,978,1833]
[C:\WINDOWS\system32\PortableDeviceApi.dll] [Microsoft Corporation, 5.2.5721.5145 (WMP_11.061018-2006)]
[C:\Program Files\Jiangmin\AntiVirus\KVshell.dll] [Jiangmin Co.Ltd, 1, 0, 7, 806]
[C:\WINDOWS\system32\HiveBase.dll] [Jiangmin Co., Ltd., 1, 0, 7, 226]
[C:\Program Files\Jiangmin\AntiVirus\lang\kvxp0804.lng] [N/A, ]
[C:\WINDOWS\system32\nvshell.dll] [, ]
[C:\Program Files\Nokia\Nokia PC Suite 6\PhoneBrowser.dll] [Nokia, 6, 81, 46, 1]
[C:\Program Files\Nokia\Nokia PC Suite 6\PCSCM.dll] [Nokia, 6, 81, 68, 0]
[C:\WINDOWS\system32\ConnAPI.DLL] [Nokia., 6, 81, 62, 0]
[C:\WINDOWS\system32\MSVCP71.dll] [Microsoft Corporation, 7.10.3077.0]
[C:\WINDOWS\system32\MSVCR71.dll] [Microsoft Corporation, 7.10.3052.4]
[C:\Program Files\Nokia\Nokia PC Suite 6\Lang\PhoneBrowser_chi-sc.nlr] [Nokia, 6, 81, 29, 0]
[C:\Program Files\Nokia\Nokia PC Suite 6\Resource\PhoneBrowser_Nokia.ngr] [Nokia, 6, 81, 11, 0]
[D:\QQ\QQFileTransfer.dll] [TENCENT, 8,0,978,1833]
[D:\QQ\CommercesMng.dll] [TENCENT, 8,0,978,1833]
[D:\QQ\PersonalDesktop.dll] [TENCENT, 8,0,978,1833]
[D:\QQ\QQAddr.dll] [深圳市腾讯计算机系统有限公司, 5, 0, 101, 330]
[D:\QQ\QQSceneMng.dll] [TENCENT, 8,0,978,1833]
[D:\QQ\GroupConnection.dll] [TENCENT, 8,0,978,1833]
[D:\QQ\AddrSearch.dll] [腾讯科技(深圳)有限公司, 2, 2, 1, 15]
[C:\WINDOWS\system32\UNISPIM6.IME] [北京紫光华宇软件股份有限公司, 6.0.0.6117]
[C:\WINDOWS\system32\WINWB86.IME] [Microsoft Corporation, 4.00.950]
[PID: 3540 / zxl][D:\QQ\TXPlatform.exe] [Tencent, 1, 5, 225, 0]
[D:\360安全软件\360safe\safemon\safemon.dll] [360.CN, 4, 2, 0, 1005]
[C:\WINDOWS\Gdsad2007.DLL] [N/A, ]
[C:\WINDOWS\system32\Normaliz.dll] [Microsoft Corporation, 6.0.5441.0 (winmain(wmbla).060628-1735)]
[C:\WINDOWS\system32\iertutil.dll] [Microsoft Corporation, 7.00.6000.16705 (vista_gdr.080618-1506)]
[PID: 3944 / zxl][D:\du\sreng1018\sreng1018\sre.EXE] [Small frogs Studio, 2.6.12.1018]
[C:\WINDOWS\system32\Normaliz.dll] [Microsoft Corporation, 6.0.5441.0 (winmain(wmbla).060628-1735)]
[C:\WINDOWS\system32\iertutil.dll] [Microsoft Corporation, 7.00.6000.16705 (vista_gdr.080618-1506)]
[D:\360安全软件\360safe\safemon\safemon.dll] [360.CN, 4, 2, 0, 1005]
[C:\WINDOWS\Gdsad2007.DLL] [N/A, ]
==================================
文件关联
.TXT Error. [C:\WINDOWS\notepad.exe %1]
.EXE OK. ["%1" %*]
.COM OK. ["%1" %*]
.PIF OK. ["%1" %*]
.REG OK. [regedit.exe "%1"]
.BAT OK. ["%1" %*]
.SCR OK. ["%1" /S]
.CHM Error. ["hh.exe" %1]
.HLP OK. [%SystemRoot%\System32\winhlp32.exe %1]
.INI Error. [C:\WINDOWS\System32\NOTEPAD.EXE %1]
.INF OK. [%SystemRoot%\System32\NOTEPAD.EXE %1]
.VBS OK. [%SystemRoot%\System32\WScript.exe "%1" %*]
.JS Error. []
.LNK OK. [{00021401-0000-0000-C000-000000000046}]
==================================
Winsock 提供者
N/A
==================================
Autorun.inf
N/A
==================================
HOSTS 文件
<html><head><title></title><meta http-equiv="content-type" content="text/html; charset=gb2312" /><link href="../css/ad.css" rel="stylesheet" type="text/css"/><script type="text/javascript" src="../js/ad.js"></script></head><body>
<table width="760" cellpadding="0" cellspacing="0" background="../images/411/76030cx_4_1_05.gif"><tr><td width="35"><a href="#" onclick="su()"><img src="../images/411/76030cx_4_1_01.gif" border="0" /></a></td><td align="center"><a href="#" onclick="su()">来电铃声</a></td><td width="2"><img src="../images/411/76030cx_4_1_04.gif" /></td><td width="33"><a href="#" onclick="su()"><img src="../images/411/76030cx_4_1_06.gif" border="0" /></a></td><td align="center"><a href="#" onclick="su()">动画图片</a></td><td width="2"><img src="../images/411/76030cx_4_1_04.gif"
127.0.0.1 yu.8s7.net
127.0.0.1 1.jopanqc.com
127.0.0.1 2.joppnqq.com
127.0.0.1 wg.47255.com
127.0.0.1 1.joppnqq.com
127.0.0.1 xxx.m111.biz
127.0.0.1 1.jopenqc.com
127.0.0.1 1.jopenkk.com
127.0.0.1 xxx.vh7.biz
127.0.0.1 xxx.j41m.com
127.0.0.1 3.joppnqq.com
127.0.0.1 d.93se.com
127.0.0.1 www.868wg.com
127.0.0.1 xxx.mmma.biz
127.0.0.1 ilove.com
127.0.0.1 tp.shpzhan.cn
127.0.0.1 www.tomwg.com
127.0.0.1 www.cike007.cn
127.0.0.1 www.22aaa.com
127.0.0.1 xx.exiao01.com
127.0.0.1 www.exiao01.com
127.0.0.1 www.exiao01.com
127.0.0.1 new.749571.com
127.0.0.1 xtx.kv8.info
127.0.0.1 cao.kv8.info
127.0.0.1 1.jopmmqq.com
127.0.0.1 171817.171817.com
127.0.0.1 d2.llsging.com
127.0.0.1 down.malasc.cn
127.0.0.1 llboss.com
127.0.0.1 nx.51ylb.cn
127.0.0.1 my.531jx.cn
127.0.0.1 qqq.dzydhx.com
127.0.0.1 qqq.hao1658.com
127.0.0.1 www.333292.com
127.0.0.1 down.18dd.net
127.0.0.1 up.22x44.com
127.0.0.1 aaa.faba01.com
127.0.0.1 bad.tqdlt.cn
127.0.0.1 1.chsipo.com
127.0.0.1 c3.aishangai.net
127.0.0.1 c2.aishangai.net
127.0.0.1 xxx.188dm.com
127.0.0.1 x2.1a2b3c1.com
127.0.0.1 d1.163500.net
127.0.0.1 down.google-serv.cn
==================================
进程特权扫描
特殊特权被允许: SeDebugPrivilege [PID = 2936, C:\PROGRAM FILES\JIANGMIN\ANTIVIRUS\KVXP.KXP]
特殊特权被允许: SeLoadDriverPrivilege [PID = 2936, C:\PROGRAM FILES\JIANGMIN\ANTIVIRUS\KVXP.KXP]
==================================
API HOOK
入口点错误:NtQuerySystemInformation (危险等级: 高, 被下面模块所HOOK: C:\WINDOWS\Gdsad2007.DLL)
入口点错误:NtTerminateProcess (危险等级: 高, 被下面模块所HOOK: C:\WINDOWS\Gdsad2007.DLL)
入口点错误:ZwTerminateProcess (危险等级: 高, 被下面模块所HOOK: C:\WINDOWS\Gdsad2007.DLL)
入口点错误:EnumServicesStatusA (危险等级: 高, 被下面模块所HOOK: C:\WINDOWS\Gdsad2007.DLL)
入口点错误:EnumServicesStatusW (危险等级: 高, 被下面模块所HOOK: C:\WINDOWS\Gdsad2007.DLL)
入口点错误:FindNextFileA (危险等级: 高, 被下面模块所HOOK: C:\WINDOWS\Gdsad2007.DLL)
入口点错误:FindNextFileW (危险等级: 高, 被下面模块所HOOK: C:\WINDOWS\Gdsad2007.DLL)
==================================
隐藏进程
[176] C:\WINDOWS\asd.exe
[492] C:\Program Files\Internet Explorer\IEXPLORE.EXE
[841] C:\Program Files\Jiangmin\AntiVirus\kvsrvxp.exe
[1837] C:\Program Files\Jiangmin\AntiVirus\KVMonXP_2.kxp
==================================
[/code]
[[i] 本帖最后由 秋叶濛濛 于 2008-8-29 16:53 编辑 [/i]] [b]1.建议使用XDelBox删除以下文件[/b]:([url=http://www.dodudou.com/down/index.php]XDelBox1.7下载[/url])
使用说明:删除时复制所有要删除文件的路径,在待删除文件列表里点击右键选择[color=red]从剪贴板导入不检查路径[/color],导入后在要删除文件上点击右键,选择立刻重启删除,电脑会重启进入DOS界面进行删除操作。运行xdelbox前最好卸载所有可移动存储介质(包括U盘,MP3,手机存储卡等)。
c:\windows\gdsad2007.dll
c:\windows\asd.exe
[b]2.[/b]下载临时文件清理工具清理一下临时文件
[url=http://www.xpi386.com.cn/tools/HA-ATF-Cleaner.rar]http://www.xpi386.com.cn/tools/HA-ATF-Cleaner.rar[/url]
下载金山灰鸽子专杀杀一遍
[url=http://www.duba.net/tool/zhuansha/255.shtml]http://www.duba.net/tool/zhuansha/255.shtml[/url]
下载 windows 清理助手V2.7清理恶意软件
[url=http://www.arswp.com/download/arswp2/arswp2.zip]http://www.arswp.com/download/arswp2/arswp2.zip[/url]
下载IFEO修复程序
[url=http://www.dodudou.com/down/IFEO.rar]http://www.dodudou.com/down/IFEO.rar[/url]
[color=green][b]**************以上分析报告由SREngLog分析助手提供******************[/b][/color]
[color=purple]分析:dibei
时间:2008-8-29
SREngLog分析助手 1.3 (20070808 更新 BY 草莽书生)[/color] [quote]<html><head><title></title><meta http-equiv="content-type" content="text/html; charset=gb2312" /><link href="../css/ad.css" rel="stylesheet" type="text/css"/><script type="text/javascript" src="../js/ad.js"></script></head><body>
<table width="760" cellpadding="0" cellspacing="0" background="../images/411/76030cx_4_1_05.gif"><tr><td width="35"><a href="#"><img src="../images/411/76030cx_4_1_01.gif" border="0" /></a></td><td align="center"><a href="#">来电铃声</a></td><td width="2"><img src="../images/411/76030cx_4_1_04.gif" /></td><td width="33"><a href="#"><img src="../images/411/76030cx_4_1_06.gif" border="0" /></a></td><td align="center"><a href="#">动画图片</a></td><td width="2"><img src="../images/411/76030cx_4_1_04.gif"[/quote]
host文件里哪来的这些东西?
回复 3楼 dibei 的帖子
我也看不懂啊~这些是什么东西为什么在host中,有什么用。。。? 有疑问建议重置Hosts 文件關聯也修復.TXT Error. [C:\WINDOWS\notepad.exe %1]
.CHM Error. ["hh.exe" %1]
.JS Error. []
页:
[1]