朋友的电脑，问题太多了，我无从下手，请大家帮忙，谢谢！ bbs.ikaka.com

rushiqi - 2007-6-2 16:31:00

[CODE]

2007-06-15,16:17:54

System Repair Engineer 2.4.12.806
Smallfrogs (http://www.KZTechs.com)

Windows XP Professional Service Pack 2 (Build 2600) - 管理权限用户 - 完整功能

以下内容被选中：
所有的启动项目（包括注册表、启动文件夹、服务等）
浏览器加载项
正在运行的进程（包括进程模块信息）
文件关联
Winsock 提供者
Autorun.inf
HOSTS 文件

启动项目
注册表
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
<ctfmon.exe><C:\WINDOWS\system32\ctfmon.exe> [(Verified)]
<q8b63qd8i9julg><C:\DOCUME~1\rjs\LOCALS~1\Temp\1explore.exe> []
<l7ftg9vy8><C:\DOCUME~1\rjs\LOCALS~1\Temp\iexpl0re.exe> []
<s><C:\DOCUME~1\rjs\LOCALS~1\Temp\rundl132.exe> []
<rhqbfe4dr><C:\DOCUME~1\rjs\LOCALS~1\Temp\winlog0n.exe> []
<3uihl0w><C:\DOCUME~1\rjs\LOCALS~1\Temp\c0nime.exe> []
<l7><C:\DOCUME~1\rjs\LOCALS~1\Temp\Servera.exe> []
<QQDownload><"C:\Program Files\Tencent\QQDownload\QQDownload.exe" autostart> [N/A]
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run]
<sun><C:\WINDOWS\SysSun2\svchost.exe> []
<fy><C:\WINDOWS\Sysfy4\svchost.exe> []
<JT><C:\WINDOWS\SysJT4\svchost.exe> []
<J2><C:\WINDOWS\system32\SysJ2\svchost.exe> []
<sj><C:\WINDOWS\Syssj5\svchost.exe> []
<wl><C:\WINDOWS\Syswl3\svchost.exe> []
<wm><C:\WINDOWS\Syswm7\svchost.exe> []
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
<RavTask><"E:\Program Files\Rising\Rav\RavTask.exe" -system> []
<BigDogPath><C:\WINDOWS\VM_STI.EXE VIMICRO USB PC Camera 301x> [N/A]
<TkBellExe><"C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot> [RealNetworks, Inc.]
<pklihisss><C:\WINDOWS\pklihisss.exe /i> []
<Explrer><C:\WINDOWS\Explrer.exe> []
<Exprer><C:\WINDOWS\Exprer.exe> []
<nwiztlbb><C:\WINDOWS\system32\nwiztlbb.exe> []
<nwizAskTao><C:\WINDOWS\system32\nwizAskTao.exe> []
<svpecld><C:\WINDOWS\system32\svpecld.exe> []
<upxdnd><C:\WINDOWS\upxdnd.exe> []
<mppds><C:\WINDOWS\mppds.exe> []
<main32><C:\WINDOWS\main32.exe /i> []
<iPPro><C:\WINDOWS\iPPro.exe> []
<stup.exe><C:\PROGRA~1\TENCENT\Adplus\stup.exe> [Tencent]
<Kvsc3><C:\WINDOWS\Kvsc3.exe> []
<cmdbcs><C:\WINDOWS\cmdbcs.exe> []
<msccrt><C:\WINDOWS\msccrt.exe> []
<MsIMMs32><C:\WINDOWS\MsIMMs32.exe> []
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
<shell><Explorer.exe> [(Verified)]
<Userinit><C:\WINDOWS\system32\userinit.exe,> [(Verified)]
<UIHost><logonui.exe> [(Verified)]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
<{32CD708B-60A7-4C00-9377-D73EAA495F0F}><C:\WINDOWS\system32\RavExt.dll> [Beijing Rising Technology Co., Ltd.]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
<AddrPlus3><; C:\PROGRA~1\TENCENT\AdPlus\Runner.exe C:\PROGRA~1\TENCENT\AdPlus\QAHook1.dll Rundll32> [N/A]
<assistse><; "C:\PROGRA~1\3721\assistse.exe"> [N/A]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
<ctfmon.exe><; C:\WINDOWS\system32\ctfmon.exe> [(Verified)]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
<helper.dll><; C:\WINDOWS\system32\rundll32.exe C:\PROGRA~1\3721\helper.dll,Rundll32> [N/A]
<IMJPMIG8.1><; "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32> [(Verified)]
<IMSCMig><; C:\PROGRA~1\COMMON~1\MICROS~1\IME\IMSC40A\IMSCMIG.EXE /Preload> [(Verified)Microsoft Corporation]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
<MSMSGS><; "C:\Program Files\Messenger\msmsgs.exe" /background> [Microsoft Corporation]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
<PHIME2002A><; C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName> [(Verified)]
<PHIME2002ASync><; C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC> [(Verified)]
<RavTimer><; C:\Program Files\Rising\Rav\RavTimer.exe> [N/A]
<SKYNET Personal FireWall><; C:\Program Files\SkyNet\FireWall\pfw.exe> [N/A]
<SysExplr><; C:\HEROSOFT\Hero3000\SYSEXPLR.EXE> []
<TkBellExe><; "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot> [RealNetworks, Inc.]
<yahoo_mini><; C:\Program Files\3721\Dlaccel\YDownloader.exe> [N/A]

==================================
启动文件夹
[QQ游戏启动加速程序]
<C:\Documents and Settings\rjs\「开始」菜单\程序\启动\QQ游戏启动加速程序.lnk --> C:\PROGRA~1\Tencent\QQGame\Accel.exe [深圳市腾讯计算机系统有限公司]><N>
[腾讯QQ]
<C:\Documents and Settings\rjs\「开始」菜单\程序\启动\腾讯QQ.lnk --> C:\PROGRA~1\Tencent\qq\QQ.exe [TENCENT]><N>

==================================
服务
[Disk Driver Service / Disk Service][Stopped/Auto Start]
<C:\Program Files\Common Files\Microsoft Shared\Web Folders\MSOSV.EXE><N/A>
[局域网通讯协议 / Hello World][Stopped/Auto Start]
<C:\Program Files\Common Files\Microsoft Shared\Web Folders\MSOSV.EXE><N/A>
[Human Interface Device Access / HidServ][Stopped/Disabled]
<C:\WINDOWS\System32\svchost.exe -k netsvcs-->%SystemRoot%\System32\hidserv.dll><N/A>
[Rising Process Communication Center / RsCCenter][Running/Auto Start]
<"E:\Program Files\Rising\Rav\CCenter.exe"><Beijing Rising Technology Co., Ltd.>
[RsRavMon Service / RsRavMon][Running/Auto Start]
<"E:\Program Files\Rising\Rav\Ravmond.exe"><Beijing Rising Technology Co., Ltd.>
[Windows User Mode Driver Framework / UMWdf][Running/Auto Start]
<C:\WINDOWS\system32\wdfmgr.exe><Microsoft Corporation>
[Win32 Debug Service / MSDebugsvc][Stopped/Auto Start]
<C:\WINDOWS\system32\rundll32.exe msdebug.dll,input><Microsoft Corporation>
[Remote Debug Service / RemoteDbg][Stopped/Auto Start]
<C:\WINDOWS\system32\rundll32.exe RemoteDbg.dll,input><Microsoft Corporation>
[Windows DHCP Service / WinDHCPsvc][Stopped/Auto Start]
<C:\WINDOWS\system32\rundll32.exe windhcp.ocx,input><Microsoft Corporation>
[WMI Performance API / WMIApiSrv][Stopped/Auto Start]
<C:\WINDOWS\system32\rundll32.exe WMIApiSrv.dll,input><Microsoft Corporation>
[WinXP DHCP Service / WinXPDHCPsvc][Stopped/Auto Start]
<C:\WINDOWS\system32\rundll32.exe xpdhcp.dll,input><Microsoft Corporation>
[Win32 Display Driver / Win32DDS][Stopped/Auto Start]
<C:\WINDOWS\system32\rundll32.exe windds32.dll,input><Microsoft Corporation>
[Wireless Service / WZCSRVC][Stopped/Auto Start]
<C:\WINDOWS\system32\rundll32.exe netsrvcs.dll,input><Microsoft Corporation>

==================================
驱动程序
[ADMtek AN983/AN985/ADM951X 10/100Mbps Fast Ethernet Adapter / AN983][Running/Manual Start]
<system32\DRIVERS\AN983.sys><ADMtek Incorporated.>
[Rising TDI Base Driver / BaseTDI][Running/Auto Start]
<System32\DRIVERS\BaseTDI.SYS><Beijing Rising Technology Co., Ltd.>
[CelInDrv / CelInDrv][Running/Disabled]
<\??\C:\WINDOWS\system32\Drivers\CelInDriver.sys><N/A>
[ExpScaner / ExpScaner][Running/Auto Start]
<\??\E:\Program Files\Rising\Rav\ExpScan.sys><>
[VIA PCI 10/100Mb Fast Ethernet Adapter NT Driver / FETNDIS][Stopped/Manual Start]
<system32\DRIVERS\fetnd5.sys><VIA Technologies, Inc.>
[HookCont / HookCont][Running/Auto Start]
<\??\E:\Program Files\Rising\Rav\HOOKCONT.sys><Rising tech Co. ltd>
[HookReg / HookReg][Running/Auto Start]
<\??\E:\Program Files\Rising\Rav\HookReg.sys><>
[HookSys / HookSys][Running/Auto Start]
<\??\E:\Program Files\Rising\Rav\HookSys.sys><Rising>
[kmsinput / kmsinput][Stopped/Manual Start]
<\??\C:\WINDOWS\system32\drivers\kmsinput.sys><N/A>
[lbi / lbi][Stopped/Manual Start]
<\??\C:\DOCUME~1\rjs\LOCALS~1\Temp\lbikfk><N/A>
[lemepej / lemepej][Running/Boot Start]
<\SystemRoot\\SystemRoot\System32\drivers\lemepej.sys><N/A>
[MEMSCAN / MEMSCAN][Running/Auto Start]
<\??\E:\Program Files\Rising\Rav\MEMSCAN.sys><瑞星软件有限公司>
[npkcrypt / npkcrypt][Running/Auto Start]
<\??\C:\Program Files\Tencent\qq\npkcrypt.sys><INCA Internet Co., Ltd.>
[npkycryp / npkycryp][Stopped/Manual Start]
<\??\C:\Program Files\Tencent\qq\npkycryp.sys><N/A>
[nv / nv][Running/Manual Start]
<system32\DRIVERS\nv4_mini.sys><NVIDIA Corporation>
[ppmoucls / ppmoucls][Running/System Start]
<System32\DRIVERS\ppmoucls.sys><Windows (R) 2000 DDK provider>
[PenPower Touchpad / pptchpad][Running/System Start]
<System32\DRIVERS\pptchpd5.sys><N/A>
[Direct Parallel Link Driver / Ptilink][Running/Manual Start]
<system32\DRIVERS\ptilink.sys><Parallel Technologies, Inc.>
[Realtek RTL8139(A/B/C)-based PCI Fast Ethernet Adapter NT Driver / rtl8139][Stopped/Manual Start]
<system32\DRIVERS\RTL8139.SYS><Realtek Semiconductor Corporation>
[Secdrv / Secdrv][Stopped/Manual Start]
<system32\DRIVERS\secdrv.sys><N/A>
[uqbejte / uqbejte][Stopped/Manual Start]
<\??\C:\DOCUME~1\rjs\LOCALS~1\Temp\uqbejtejxh><N/A>
[ViaIde / ViaIde][Running/Boot Start]
<\SystemRoot\system32\DRIVERS\viaide.sys><Microsoft Corporation>
[VIA AC'97 Audio Controller (WDM) / VIAudio][Running/Manual Start]
<system32\drivers\viaudios.sys><VIA Technologies, Inc.>
[World Standard Teletext Codec / WSTCODEC][Stopped/Manual Start]
<system32\DRIVERS\WSTCODEC.SYS><Microsoft Corporation>
[zihhrd66 / zihhrd66][Stopped/Manual Start]
<\??\C:\WINDOWS\system32\drivers\zihhrd66.sys><Microsoft Corporation>
[VIMICRO USB PC Camera 301x / ZSMC301b][Running/Manual Start]
<System32\Drivers\usbVM31b.sys><VM>

rushiqi - 2007-6-2 16:33:00

==================================
浏览器加载项
[QQCycloneHelper Class]
{00000000-12C9-4305-82F9-43058F20E8D2} <C:\Program Files\Tencent\QQDownload\QQIEHelper01.dll, 腾讯公司>
[Tencent Browser Helper]
{0C7C23EF-A848-485B-873C-0ED954731014} <C:\Program Files\TENCENT\Adplus\SSAddr1.dll, Tencent>
[Messenger]
{FB5F1910-F110-11d2-BB9E-00C04F795683} <C:\Program Files\Messenger\msmsgs.exe, Microsoft Corporation>
[Shockwave Flash Object]
{D27CDB6E-AE6D-11CF-96B8-444553540000} <C:\WINDOWS\system32\Macromed\Flash\Flash8.ocx, Macromedia, Inc.>
[Ravonline]
{DA984A6D-508E-11D6-AA49-0050FF3C628D} <C:\WINDOWS\Downloaded Program Files\RsOnline.dll, Beijing Rising Tech. Co., Ltd.>
[QQCycloneHelper Class]
{00000000-12C9-4305-82F9-43058F20E8D2} <C:\Program Files\Tencent\QQDownload\QQIEHelper01.dll, 腾讯公司>
[ActiveMovieControl Object]
{05589FA1-C356-11CE-BF01-00AA0055595A} <C:\WINDOWS\system32\wmpdxm.dll, Microsoft Corporation>
[Tencent Browser Helper]
{0C7C23EF-A848-485B-873C-0ED954731014} <C:\Program Files\TENCENT\Adplus\SSAddr1.dll, Tencent>
[Windows Media Player]
{22D6F312-B0F6-11D0-94AB-0080C74C7E95} <C:\WINDOWS\system32\wmpdxm.dll, Microsoft Corporation>
[DHTML Edit Control Safe for Scripting for IE5]
{2D360201-FFF5-11D1-8D03-00A0C959BC0A} <C:\Program Files\Common Files\Microsoft Shared\Triedit\dhtmled.ocx, Microsoft Corporation>
[HHCtrl Object]
{52A2AAAE-085D-4187-97EA-8C30DB990436} <C:\WINDOWS\system32\hhctrl.ocx, Microsoft Corporation>
[Windows Media Player]
{6BF52A52-394A-11D3-B153-00C04F79FAA6} <C:\WINDOWS\system32\wmp.dll, Microsoft Corporation>
[Microsoft Web 浏览器]
{8856F961-340A-11D0-A96B-00C04FD705A2} <C:\WINDOWS\system32\shdocvw.dll, Microsoft Corporation>
[Microsoft Scriptlet Component]
{AE24FDAE-03C6-11D1-8B76-0080C744F389} <C:\WINDOWS\system32\Mshtml.dll, Microsoft Corporation>
[SearchAssistantOC]
{B45FF030-4447-11D2-85DE-00C04FA35C89} <%SystemRoot%\system32\shdocvw.dll, N/A>
[RDS.DataSpace]
{BD96C556-65A3-11D0-983A-00C04FC29E36} <C:\Program Files\Common Files\System\msadc\msadco.dll, Microsoft Corporation>
[RealPlayer G2 Control]
{CFCDAA03-8BE4-11CF-B84B-0020AFBBCCFA} <C:\WINDOWS\system32\rmoc3260.dll, RealNetworks, Inc.>
[Shockwave Flash Object]
{D27CDB6E-AE6D-11CF-96B8-444553540000} <C:\WINDOWS\system32\Macromed\Flash\Flash8.ocx, Macromedia, Inc.>
[&使用超级旋风下载]
<C:\Program Files\Tencent\QQDownload\geturl.htm, N/A>
[&使用超级旋风下载全部链接]
<C:\Program Files\Tencent\QQDownload\getAllurl.htm, N/A>
[导出到 Microsoft Office Excel(&X)]
<res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000, N/A>
[添加到QQ表情]
<C:\Program Files\Tencent\qq\AddEmotion.htm, N/A>

==================================
正在运行的进程
[PID: 472][\SystemRoot\System32\smss.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 528][\??\C:\WINDOWS\system32\csrss.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 552][\??\C:\WINDOWS\system32\winlogon.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[C:\WINDOWS\system32\msacm32.drv] [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)]
[PID: 600][C:\WINDOWS\system32\services.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 612][C:\WINDOWS\system32\lsass.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 760][C:\WINDOWS\system32\svchost.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 816][C:\WINDOWS\system32\svchost.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 880][E:\Program Files\Rising\Rav\CCenter.exe] [Beijing Rising Technology Co., Ltd., 18, 0, 0, 3]
[C:\WINDOWS\Syssj5\Ghook.dll] [N/A, ]
[C:\WINDOWS\Syswm7\Ghook.dll] [N/A, ]
[PID: 896][C:\WINDOWS\System32\svchost.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[C:\WINDOWS\Syssj5\Ghook.dll] [N/A, ]
[C:\WINDOWS\Syswm7\Ghook.dll] [N/A, ]
[C:\WINDOWS\system32\wups2.dll] [Microsoft Corporation, 5.8.0.2469 built by: lab01_n(wmbla)]
[PID: 2036][C:\WINDOWS\Explorer.EXE] [Microsoft Corporation, 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)]
[C:\WINDOWS\system32\RavExt.dll] [Beijing Rising Technology Co., Ltd., 18, 0, 0, 21]
[C:\WINDOWS\system32\msacm32.drv] [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)]
[C:\WINDOWS\system32\Explrer.dll] [N/A, ]
[C:\WINDOWS\system32\Exprer.dll] [N/A, ]
[C:\WINDOWS\system32\nwizAsktao.dll] [N/A, ]
[C:\WINDOWS\system32\cpasevcl.dll] [, 1, 0, 0, 4]
[C:\WINDOWS\Syswl3\Ghook.dll] [N/A, ]
[C:\WINDOWS\system32\nwiztlbb.dll] [N/A, ]
[C:\Program Files\TENCENT\Adplus\Adplus1.dll] [Tencent, 4, 5, 1, 14]
[C:\WINDOWS\system32\iPPro.dll] [N/A, ]
[C:\WINDOWS\system32\main32.dll] [N/A, ]
[C:\WINDOWS\system32\mppds.dll] [N/A, ]
[C:\WINDOWS\system32\nwizhx2.dll] [N/A, ]
[C:\WINDOWS\system32\tlbb100.dll] [N/A, ]
[C:\WINDOWS\Sysfy4\Ghook.dll] [N/A, ]
[C:\WINDOWS\system32\cmdbcs.dll] [N/A, ]
[C:\DOCUME~1\rjs\LOCALS~1\Temp\upxdnd.dll] [N/A, ]
[C:\WINDOWS\system32\Kvsc3.dll] [N/A, ]
[C:\WINDOWS\system32\msccrt.dll] [N/A, ]
[C:\WINDOWS\Syssj5\Ghook.dll] [N/A, ]
[C:\WINDOWS\SysSun2\Ghook.dll] [N/A, ]
[C:\WINDOWS\system32\txwgmr.dll] [N/A, ]
[C:\WINDOWS\SysJT4\Ghook.dll] [N/A, ]
[C:\WINDOWS\system32\SysJ2\Ghook.dll] [N/A, ]
[C:\WINDOWS\Syswm7\Ghook.dll] [N/A, ]
[C:\DOCUME~1\rjs\LOCALS~1\Temp\LgSy1.dll] [N/A, ]
[C:\DOCUME~1\rjs\LOCALS~1\Temp\fyzo0.dll] [N/A, ]
[C:\DOCUME~1\rjs\LOCALS~1\Temp\Rav20.dll] [N/A, ]
[C:\DOCUME~1\rjs\LOCALS~1\Temp\LgSy0.dll] [N/A, ]
[C:\DOCUME~1\rjs\LOCALS~1\Temp\Gjzo0.dll] [N/A, ]
[C:\DOCUME~1\rjs\LOCALS~1\Temp\Kavs0.dll] [N/A, ]
[C:\WINDOWS\TEMP\upxdnd.dll] [N/A, ]
[C:\WINDOWS\system32\upxdnd.dll] [N/A, ]
[C:\Program Files\TENCENT\Adplus\SSAddr1.dll] [Tencent, 4, 5, 1, 14]
[C:\Program Files\Microsoft Office\OFFICE11\msohev.dll] [Microsoft Corporation, 11.0.5510]
[C:\WINDOWS\system32\Audiodev.dll] [Microsoft Corporation, 5.2.3802.3802 built by: dnsrv(bld4act)]
[PID: 652][C:\program files\Internet Explorer\IEXPLORE.EXE] [Microsoft Corporation, 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)]
[C:\Program Files\Tencent\QQDownload\QQIEHelper01.dll] [腾讯公司, 1, 1, 0, 5]
[C:\Program Files\TENCENT\Adplus\SSAddr1.dll] [Tencent, 4, 5, 1, 14]
[C:\WINDOWS\Syswl3\Ghook.dll] [N/A, ]
[C:\Program Files\Microsoft Office\OFFICE11\msohev.dll] [Microsoft Corporation, 11.0.5510]
[C:\Program Files\TENCENT\Adplus\Adplus1.dll] [Tencent, 4, 5, 1, 14]
[C:\WINDOWS\Sysfy4\Ghook.dll] [N/A, ]
[C:\WINDOWS\system32\cmdbcs.dll] [N/A, ]
[C:\WINDOWS\system32\Kvsc3.dll] [N/A, ]
[C:\WINDOWS\system32\msccrt.dll] [N/A, ]
[C:\WINDOWS\Syssj5\Ghook.dll] [N/A, ]
[C:\WINDOWS\SysSun2\Ghook.dll] [N/A, ]
[C:\WINDOWS\SysJT4\Ghook.dll] [N/A, ]
[C:\WINDOWS\system32\txwgmr.dll] [N/A, ]
[C:\WINDOWS\system32\SysJ2\Ghook.dll] [N/A, ]
[C:\WINDOWS\Syswm7\Ghook.dll] [N/A, ]
[PID: 1208][C:\WINDOWS\svchost.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[C:\WINDOWS\Syswl3\Ghook.dll] [N/A, ]
[C:\WINDOWS\system32\txwgmr.dll] [N/A, ]
[C:\WINDOWS\SysJT4\Ghook.dll] [N/A, ]
[C:\WINDOWS\SysSun2\Ghook.dll] [N/A, ]
[C:\WINDOWS\Syssj5\Ghook.dll] [N/A, ]
[C:\WINDOWS\system32\msccrt.dll] [N/A, ]
[C:\WINDOWS\system32\Kvsc3.dll] [N/A, ]
[C:\WINDOWS\system32\cmdbcs.dll] [N/A, ]
[C:\WINDOWS\Sysfy4\Ghook.dll] [N/A, ]
[C:\WINDOWS\Syswm7\Ghook.dll] [N/A, ]
[C:\WINDOWS\system32\SysJ2\Ghook.dll] [N/A, ]
[PID: 1924][C:\WINDOWS\VM_STI.EXE] [VM., 4.2.610.4]
[C:\WINDOWS\system32\msdmo.dll] [, ]
[C:\WINDOWS\system32\VM31bPrp.Ax] [VM, 4.2.711.31]
[C:\WINDOWS\Syswl3\Ghook.dll] [N/A, ]
[C:\WINDOWS\Sysfy4\Ghook.dll] [N/A, ]
[C:\WINDOWS\system32\cmdbcs.dll] [N/A, ]
[C:\WINDOWS\system32\Kvsc3.dll] [N/A, ]
[C:\WINDOWS\system32\msccrt.dll] [N/A, ]
[C:\WINDOWS\Syssj5\Ghook.dll] [N/A, ]
[C:\WINDOWS\SysSun2\Ghook.dll] [N/A, ]
[C:\WINDOWS\SysJT4\Ghook.dll] [N/A, ]
[C:\WINDOWS\system32\txwgmr.dll] [N/A, ]
[C:\WINDOWS\system32\SysJ2\Ghook.dll] [N/A, ]
[C:\WINDOWS\Syswm7\Ghook.dll] [N/A, ]
[PID: 2100][C:\Program Files\Common Files\Real\Update_OB\realsched.exe] [RealNetworks, Inc., 0.1.0.3427]
[C:\WINDOWS\Syswl3\Ghook.dll] [N/A, ]
[C:\WINDOWS\system32\txwgmr.dll] [N/A, ]
[C:\WINDOWS\SysJT4\Ghook.dll] [N/A, ]
[C:\WINDOWS\SysSun2\Ghook.dll] [N/A, ]
[C:\WINDOWS\Syssj5\Ghook.dll] [N/A, ]
[C:\WINDOWS\system32\msccrt.dll] [N/A, ]
[C:\WINDOWS\system32\Kvsc3.dll] [N/A, ]

rushiqi - 2007-6-2 16:34:00

[C:\WINDOWS\system32\cmdbcs.dll] [N/A, ]
[C:\WINDOWS\Sysfy4\Ghook.dll] [N/A, ]
[C:\WINDOWS\Syswm7\Ghook.dll] [N/A, ]
[C:\WINDOWS\system32\SysJ2\Ghook.dll] [N/A, ]
[PID: 2276][C:\WINDOWS\pklihisss.exe] [N/A, ]
[C:\WINDOWS\system32\msacm32.drv] [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)]
[C:\WINDOWS\system32\pklihisss.dll] [N/A, ]
[PID: 2880][C:\WINDOWS\Syswl3\svchost.exe] [N/A, ]
[C:\WINDOWS\Syswl3\Ghook.dll] [N/A, ]
[PID: 2956][C:\WINDOWS\Sysfy4\svchost.exe] [N/A, ]
[C:\WINDOWS\Sysfy4\Ghook.dll] [N/A, ]
[PID: 3000][C:\WINDOWS\main32.exe] [N/A, ]
[C:\WINDOWS\system32\msacm32.drv] [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)]
[C:\WINDOWS\system32\main32.dll] [N/A, ]
[PID: 3052][C:\WINDOWS\system32\ctfmon.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[C:\WINDOWS\Syswl3\Ghook.dll] [N/A, ]
[C:\WINDOWS\Sysfy4\Ghook.dll] [N/A, ]
[C:\WINDOWS\system32\Kvsc3.dll] [N/A, ]
[C:\WINDOWS\system32\cmdbcs.dll] [N/A, ]
[C:\WINDOWS\system32\txwgmr.dll] [N/A, ]
[C:\WINDOWS\SysJT4\Ghook.dll] [N/A, ]
[C:\WINDOWS\SysSun2\Ghook.dll] [N/A, ]
[C:\WINDOWS\Syssj5\Ghook.dll] [N/A, ]
[C:\WINDOWS\system32\msccrt.dll] [N/A, ]
[C:\WINDOWS\Syswm7\Ghook.dll] [N/A, ]
[C:\WINDOWS\system32\SysJ2\Ghook.dll] [N/A, ]
[PID: 3372][C:\WINDOWS\system32\conime.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[C:\Program Files\TENCENT\Adplus\Adplus1.dll] [Tencent, 4, 5, 1, 14]
[C:\WINDOWS\system32\txwgmr.dll] [N/A, ]
[C:\WINDOWS\SysJT4\Ghook.dll] [N/A, ]
[C:\WINDOWS\SysSun2\Ghook.dll] [N/A, ]
[C:\WINDOWS\Syssj5\Ghook.dll] [N/A, ]
[C:\WINDOWS\system32\msccrt.dll] [N/A, ]
[C:\WINDOWS\system32\Kvsc3.dll] [N/A, ]
[C:\WINDOWS\system32\cmdbcs.dll] [N/A, ]
[C:\WINDOWS\Sysfy4\Ghook.dll] [N/A, ]
[C:\WINDOWS\Syswl3\Ghook.dll] [N/A, ]
[C:\WINDOWS\Syswm7\Ghook.dll] [N/A, ]
[C:\WINDOWS\system32\SysJ2\Ghook.dll] [N/A, ]
[PID: 3540][C:\WINDOWS\Syssj5\svchost.exe] [N/A, ]
[C:\WINDOWS\Syssj5\Ghook.dll] [N/A, ]
[PID: 3660][C:\WINDOWS\SysSun2\svchost.exe] [N/A, ]
[C:\WINDOWS\SysSun2\Ghook.dll] [N/A, ]
[PID: 3712][C:\WINDOWS\SysJT4\svchost.exe] [N/A, ]
[C:\WINDOWS\SysJT4\Ghook.dll] [N/A, ]
[PID: 3860][C:\WINDOWS\system32\SysJ2\svchost.exe] [N/A, ]
[C:\WINDOWS\system32\SysJ2\Ghook.dll] [N/A, ]
[PID: 3884][C:\WINDOWS\Syssj5\svchost.exe] [N/A, ]
[C:\WINDOWS\Syssj5\Ghook.dll] [N/A, ]
[PID: 3900][C:\WINDOWS\Syswm7\svchost.exe] [N/A, ]
[C:\WINDOWS\Syswm7\Ghook.dll] [N/A, ]
[PID: 3920][C:\Program Files\ChinaNet\VnetClient.exe] [, 2005, 10, 8, 1]
[C:\Program Files\ChinaNet\Communicate.dll] [0, 2005, 3, 3, 1]
[C:\Program Files\ChinaNet\DialModule.dll] [, 2005, 3, 22, 1]
[C:\Program Files\ChinaNet\MFC42.DLL] [Microsoft Corporation, 6.00.8665.0]
[C:\Program Files\TENCENT\Adplus\Adplus1.dll] [Tencent, 4, 5, 1, 14]
[C:\PROGRA~1\ChinaNet\CLIENT~1.DLL] [, 2004, 2, 28, 1]
[C:\PROGRA~1\ChinaNet\PLUGIN~1.OCX] [, 2005, 7, 27, 1]
[C:\PROGRA~1\ChinaNet\sign.dll] [0, 2004, 12, 1, 1]
[C:\Program Files\ChinaNet\SysPlug\4f14c0bd-1c30-4251-bcff-946b4fec7946\GLWorldPlug.dll] [Ourgame, 1, 0, 0, 1]
[C:\PROGRA~1\ChinaNet\WEBPLU~1.DLL] [, 2005, 8, 18, 1]
[C:\PROGRA~1\ChinaNet\PostPlug.dll] [, 2004, 12, 16, 2]
[C:\PROGRA~1\ChinaNet\ADVERT~1.OCX] [, 2005, 10, 13, 1]
[C:\PROGRA~1\ChinaNet\Gif89a.dll] [, 2005, 6, 21, 1]
[C:\PROGRA~1\ChinaNet\VnetBs.ocx] [, 2004, 11, 18, 1]
[C:\PROGRA~1\ChinaNet\ACCOUN~2.DLL] [, 2005, 8, 11, 1]
[C:\PROGRA~1\ChinaNet\AccountMgr.dll] [, 2005, 8, 16, 1]
[C:\PROGRA~1\ChinaNet\VnetSkin.ocx] [GDDC, 1, 0, 0, 1]
[C:\PROGRA~1\ChinaNet\DialogStyle.dll] [, 1, 0, 0, 1]
[C:\PROGRA~1\ChinaNet\Timer.ocx] [, 2005, 10, 9, 14]
[C:\PROGRA~1\ChinaNet\PLUGIN~2.OCX] [, 2005, 2, 24, 1]
[C:\PROGRA~1\ChinaNet\NEWMES~1.DLL] [, 2005, 8, 26, 1]
[C:\PROGRA~1\ChinaNet\PassCtrl.dll] [, 1, 0, 0, 1]
[C:\PROGRA~1\ChinaNet\PlugPush.dll] [, 2004, 12, 21, 1]
[C:\PROGRA~1\ChinaNet\ALLINT~1.DLL] [, 2004, 11, 23, 1]
[C:\PROGRA~1\ChinaNet\VNetLog.ocx] [, 2005, 10, 9, 1]
[C:\PROGRA~1\ChinaNet\StatNum.dll] [, 2004, 11, 18, 1]
[C:\PROGRA~1\ChinaNet\VNETON~1.OCX] [, 2005, 3, 2, 1]
[C:\PROGRA~1\ChinaNet\ALLFUN~1.DLL] [GDCN, 2005, 10, 9, 1]
[C:\PROGRA~1\ChinaNet\VnetOptLog.dll] [, 2005, 9, 13, 9]
[C:\WINDOWS\Syswm7\Ghook.dll] [N/A, ]
[C:\WINDOWS\system32\SysJ2\Ghook.dll] [N/A, ]
[C:\WINDOWS\Syssj5\Ghook.dll] [N/A, ]
[C:\WINDOWS\system32\txwgmr.dll] [N/A, ]
[C:\WINDOWS\SysJT4\Ghook.dll] [N/A, ]
[C:\WINDOWS\SysSun2\Ghook.dll] [N/A, ]
[C:\WINDOWS\system32\msccrt.dll] [N/A, ]
[C:\WINDOWS\system32\Kvsc3.dll] [N/A, ]
[C:\WINDOWS\system32\cmdbcs.dll] [N/A, ]
[C:\WINDOWS\Sysfy4\Ghook.dll] [N/A, ]
[C:\WINDOWS\Syswl3\Ghook.dll] [N/A, ]
[C:\DOCUME~1\rjs\LOCALS~1\Temp\Kavs0.dll] [N/A, ]
[C:\DOCUME~1\rjs\LOCALS~1\Temp\Gjzo0.dll] [N/A, ]
[C:\DOCUME~1\rjs\LOCALS~1\Temp\LgSy0.dll] [N/A, ]
[C:\DOCUME~1\rjs\LOCALS~1\Temp\Rav20.dll] [N/A, ]
[C:\DOCUME~1\rjs\LOCALS~1\Temp\fyzo0.dll] [N/A, ]
[C:\DOCUME~1\rjs\LOCALS~1\Temp\LgSy1.dll] [N/A, ]
[C:\DOCUME~1\rjs\LOCALS~1\Temp\upxdnd.dll] [N/A, ]
[C:\WINDOWS\system32\mppds.dll] [N/A, ]
[C:\WINDOWS\system32\main32.dll] [N/A, ]
[C:\WINDOWS\system32\iPPro.dll] [N/A, ]
[C:\WINDOWS\system32\Exprer.dll] [N/A, ]
[C:\WINDOWS\system32\Explrer.dll] [N/A, ]
[C:\WINDOWS\system32\msacm32.drv] [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)]
[C:\PROGRA~1\ChinaNet\DlgSkin.ocx] [, 1, 0, 0, 1]
[C:\WINDOWS\system32\Macromed\Flash\Flash8.ocx] [Macromedia, Inc., 8,0,22,0]
[PID: 1960][C:\WINDOWS\iPPro.exe] [N/A, ]
[C:\WINDOWS\system32\msacm32.drv] [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)]
[PID: 2284][C:\program files\Internet Explorer\IEXPLORE.EXE] [Microsoft Corporation, 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)]
[C:\Program Files\TENCENT\Adplus\Adplus1.dll] [Tencent, 4, 5, 1, 14]
[C:\Program Files\TENCENT\Adplus\SSAddr1.dll] [Tencent, 4, 5, 1, 14]
[C:\Program Files\Tencent\QQDownload\QQIEHelper01.dll] [腾讯公司, 1, 1, 0, 5]
[C:\WINDOWS\Syswm7\Ghook.dll] [N/A, ]
[C:\WINDOWS\system32\SysJ2\Ghook.dll] [N/A, ]
[C:\WINDOWS\Syssj5\Ghook.dll] [N/A, ]
[C:\WINDOWS\system32\txwgmr.dll] [N/A, ]
[C:\WINDOWS\SysJT4\Ghook.dll] [N/A, ]
[C:\WINDOWS\SysSun2\Ghook.dll] [N/A, ]
[C:\WINDOWS\system32\msccrt.dll] [N/A, ]
[C:\WINDOWS\system32\Kvsc3.dll] [N/A, ]
[C:\WINDOWS\system32\cmdbcs.dll] [N/A, ]
[C:\WINDOWS\Sysfy4\Ghook.dll] [N/A, ]
[C:\WINDOWS\Syswl3\Ghook.dll] [N/A, ]
[C:\Program Files\Microsoft Office\OFFICE11\msohev.dll] [Microsoft Corporation, 11.0.5510]
[PID: 2588][C:\program files\Internet Explorer\IEXPLORE.EXE] [Microsoft Corporation, 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)]
[C:\Program Files\TENCENT\Adplus\Adplus1.dll] [Tencent, 4, 5, 1, 14]
[C:\Program Files\TENCENT\Adplus\SSAddr1.dll] [Tencent, 4, 5, 1, 14]
[C:\Program Files\Tencent\QQDownload\QQIEHelper01.dll] [腾讯公司, 1, 1, 0, 5]
[C:\WINDOWS\Syswm7\Ghook.dll] [N/A, ]
[C:\WINDOWS\system32\SysJ2\Ghook.dll] [N/A, ]
[C:\WINDOWS\Syssj5\Ghook.dll] [N/A, ]
[C:\WINDOWS\system32\txwgmr.dll] [N/A, ]
[C:\WINDOWS\SysJT4\Ghook.dll] [N/A, ]
[C:\WINDOWS\SysSun2\Ghook.dll] [N/A, ]
[C:\WINDOWS\system32\msccrt.dll] [N/A, ]
[C:\WINDOWS\system32\Kvsc3.dll] [N/A, ]
[C:\WINDOWS\system32\cmdbcs.dll] [N/A, ]
[C:\WINDOWS\Sysfy4\Ghook.dll] [N/A, ]
[C:\WINDOWS\Syswl3\Ghook.dll] [N/A, ]
[C:\Program Files\Microsoft Office\OFFICE11\msohev.dll] [Microsoft Corporation, 11.0.5510]
[C:\WINDOWS\system32\Macromed\Flash\Flash8.ocx] [Macromedia, Inc., 8,0,22,0]
[C:\WINDOWS\system32\msacm32.drv] [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)]
[C:\WINDOWS\system32\xpsp3res.dll] [Microsoft Corporation, 5.1.2600.3100 (xpsp_sp2_gdr.070309-0025)]
[PID: 2840][C:\WINDOWS\svchost.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[C:\Program Files\TENCENT\Adplus\Adplus1.dll] [Tencent, 4, 5, 1, 14]
[C:\WINDOWS\Syswm7\Ghook.dll] [N/A, ]
[C:\WINDOWS\system32\SysJ2\Ghook.dll] [N/A, ]
[C:\WINDOWS\Syssj5\Ghook.dll] [N/A, ]
[C:\WINDOWS\system32\txwgmr.dll] [N/A, ]
[C:\WINDOWS\SysJT4\Ghook.dll] [N/A, ]
[C:\WINDOWS\SysSun2\Ghook.dll] [N/A, ]
[C:\WINDOWS\system32\msccrt.dll] [N/A, ]
[C:\WINDOWS\system32\Kvsc3.dll] [N/A, ]
[C:\WINDOWS\system32\cmdbcs.dll] [N/A, ]
[C:\WINDOWS\Sysfy4\Ghook.dll] [N/A, ]

rushiqi - 2007-6-2 16:34:00

[C:\WINDOWS\Syswl3\Ghook.dll] [N/A, ]
[PID: 208][C:\program files\Internet Explorer\IEXPLORE.EXE] [Microsoft Corporation, 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)]
[C:\WINDOWS\system32\msdebug.dll] [N/A, ]
[C:\WINDOWS\system32\RemoteDbg.dll] [N/A, ]
[C:\Program Files\TENCENT\Adplus\Adplus1.dll] [Tencent, 4, 5, 1, 14]
[C:\Program Files\TENCENT\Adplus\SSAddr1.dll] [Tencent, 4, 5, 1, 14]
[C:\Program Files\Tencent\QQDownload\QQIEHelper01.dll] [腾讯公司, 1, 1, 0, 5]
[C:\WINDOWS\Syswm7\Ghook.dll] [N/A, ]
[C:\WINDOWS\system32\SysJ2\Ghook.dll] [N/A, ]
[C:\WINDOWS\Syssj5\Ghook.dll] [N/A, ]
[C:\WINDOWS\system32\txwgmr.dll] [N/A, ]
[C:\WINDOWS\SysJT4\Ghook.dll] [N/A, ]
[C:\WINDOWS\SysSun2\Ghook.dll] [N/A, ]
[C:\WINDOWS\system32\msccrt.dll] [N/A, ]
[C:\WINDOWS\system32\Kvsc3.dll] [N/A, ]
[C:\WINDOWS\system32\cmdbcs.dll] [N/A, ]
[C:\WINDOWS\Sysfy4\Ghook.dll] [N/A, ]
[C:\WINDOWS\Syswl3\Ghook.dll] [N/A, ]
[C:\Program Files\Microsoft Office\OFFICE11\msohev.dll] [Microsoft Corporation, 11.0.5510]
[PID: 2752][C:\Program Files\Internet Explorer\iexplore.exe] [Microsoft Corporation, 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)]
[C:\WINDOWS\system32\msdebug.dll] [N/A, ]
[C:\WINDOWS\system32\RemoteDbg.dll] [N/A, ]
[C:\WINDOWS\system32\windds32.dll] [N/A, ]
[C:\WINDOWS\system32\windhcp.ocx] [N/A, ]
[C:\WINDOWS\system32\xpdhcp.dll] [N/A, ]
[C:\WINDOWS\system32\WMIApiSrv.dll] [N/A, ]
[C:\WINDOWS\system32\netsrvcs.dll] [N/A, ]
[C:\Program Files\TENCENT\Adplus\Adplus1.dll] [Tencent, 4, 5, 1, 14]
[C:\Program Files\TENCENT\Adplus\SSAddr1.dll] [Tencent, 4, 5, 1, 14]
[C:\Program Files\Tencent\QQDownload\QQIEHelper01.dll] [腾讯公司, 1, 1, 0, 5]
[C:\WINDOWS\Syswm7\Ghook.dll] [N/A, ]
[C:\WINDOWS\system32\SysJ2\Ghook.dll] [N/A, ]
[C:\WINDOWS\Syssj5\Ghook.dll] [N/A, ]
[C:\WINDOWS\system32\txwgmr.dll] [N/A, ]
[C:\WINDOWS\SysJT4\Ghook.dll] [N/A, ]
[C:\WINDOWS\SysSun2\Ghook.dll] [N/A, ]
[C:\WINDOWS\system32\msccrt.dll] [N/A, ]
[C:\WINDOWS\system32\Kvsc3.dll] [N/A, ]
[C:\WINDOWS\system32\cmdbcs.dll] [N/A, ]
[C:\WINDOWS\Sysfy4\Ghook.dll] [N/A, ]
[C:\WINDOWS\Syswl3\Ghook.dll] [N/A, ]
[C:\WINDOWS\system32\upxdnd.dll] [N/A, ]
[C:\WINDOWS\TEMP\upxdnd.dll] [N/A, ]
[C:\DOCUME~1\rjs\LOCALS~1\Temp\Kavs0.dll] [N/A, ]
[C:\DOCUME~1\rjs\LOCALS~1\Temp\Gjzo0.dll] [N/A, ]
[C:\DOCUME~1\rjs\LOCALS~1\Temp\LgSy0.dll] [N/A, ]
[C:\DOCUME~1\rjs\LOCALS~1\Temp\Rav20.dll] [N/A, ]
[C:\DOCUME~1\rjs\LOCALS~1\Temp\fyzo0.dll] [N/A, ]
[C:\DOCUME~1\rjs\LOCALS~1\Temp\LgSy1.dll] [N/A, ]
[C:\DOCUME~1\rjs\LOCALS~1\Temp\upxdnd.dll] [N/A, ]
[C:\WINDOWS\system32\mppds.dll] [N/A, ]
[C:\WINDOWS\system32\main32.dll] [N/A, ]
[C:\WINDOWS\system32\iPPro.dll] [N/A, ]
[C:\WINDOWS\system32\Exprer.dll] [N/A, ]
[C:\WINDOWS\system32\Explrer.dll] [N/A, ]
[C:\Program Files\Microsoft Office\OFFICE11\msohev.dll] [Microsoft Corporation, 11.0.5510]
[C:\WINDOWS\system32\Macromed\Flash\Flash8.ocx] [Macromedia, Inc., 8,0,22,0]
[C:\WINDOWS\system32\msacm32.drv] [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)]
[C:\WINDOWS\system32\xpsp3res.dll] [Microsoft Corporation, 5.1.2600.3100 (xpsp_sp2_gdr.070309-0025)]
[C:\WINDOWS\system32\IMSC40A.IME] [Microsoft Corporation, 6.0.0.2527]
[C:\PROGRA~1\COMMON~1\MICROS~1\IME\SHARED2.0\MSCAND20.DLL] [Microsoft Corporation, 9.0.5510.0]
[PID: 2488][C:\program files\Internet Explorer\IEXPLORE.EXE] [Microsoft Corporation, 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)]
[C:\WINDOWS\system32\msdebug.dll] [N/A, ]
[C:\WINDOWS\system32\RemoteDbg.dll] [N/A, ]
[C:\WINDOWS\system32\windds32.dll] [N/A, ]
[C:\WINDOWS\system32\windhcp.ocx] [N/A, ]
[C:\WINDOWS\system32\xpdhcp.dll] [N/A, ]
[C:\WINDOWS\system32\WMIApiSrv.dll] [N/A, ]
[C:\WINDOWS\system32\netsrvcs.dll] [N/A, ]
[C:\Program Files\TENCENT\Adplus\Adplus1.dll] [Tencent, 4, 5, 1, 14]
[C:\Program Files\TENCENT\Adplus\SSAddr1.dll] [Tencent, 4, 5, 1, 14]
[C:\Program Files\Tencent\QQDownload\QQIEHelper01.dll] [腾讯公司, 1, 1, 0, 5]
[C:\WINDOWS\Syswm7\Ghook.dll] [N/A, ]
[C:\WINDOWS\system32\SysJ2\Ghook.dll] [N/A, ]
[C:\WINDOWS\Syssj5\Ghook.dll] [N/A, ]
[C:\WINDOWS\system32\txwgmr.dll] [N/A, ]
[C:\WINDOWS\SysJT4\Ghook.dll] [N/A, ]
[C:\WINDOWS\SysSun2\Ghook.dll] [N/A, ]
[C:\WINDOWS\system32\msccrt.dll] [N/A, ]
[C:\WINDOWS\system32\Kvsc3.dll] [N/A, ]
[C:\WINDOWS\system32\cmdbcs.dll] [N/A, ]
[C:\WINDOWS\Sysfy4\Ghook.dll] [N/A, ]
[C:\WINDOWS\Syswl3\Ghook.dll] [N/A, ]
[C:\Program Files\Microsoft Office\OFFICE11\msohev.dll] [Microsoft Corporation, 11.0.5510]
[C:\WINDOWS\system32\Macromed\Flash\Flash8.ocx] [Macromedia, Inc., 8,0,22,0]
[C:\WINDOWS\system32\msacm32.drv] [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)]
[C:\WINDOWS\system32\xpsp3res.dll] [Microsoft Corporation, 5.1.2600.3100 (xpsp_sp2_gdr.070309-0025)]
[PID: 1988][C:\WINDOWS\svchost.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[C:\WINDOWS\system32\msdebug.dll] [N/A, ]
[C:\WINDOWS\system32\RemoteDbg.dll] [N/A, ]
[C:\WINDOWS\system32\windds32.dll] [N/A, ]
[C:\WINDOWS\system32\windhcp.ocx] [N/A, ]
[C:\WINDOWS\system32\xpdhcp.dll] [N/A, ]
[C:\WINDOWS\system32\WMIApiSrv.dll] [N/A, ]
[C:\WINDOWS\system32\netsrvcs.dll] [N/A, ]
[C:\Program Files\TENCENT\Adplus\Adplus1.dll] [Tencent, 4, 5, 1, 14]
[C:\WINDOWS\Syswm7\Ghook.dll] [N/A, ]
[C:\WINDOWS\system32\SysJ2\Ghook.dll] [N/A, ]
[C:\WINDOWS\Syssj5\Ghook.dll] [N/A, ]
[C:\WINDOWS\system32\txwgmr.dll] [N/A, ]
[C:\WINDOWS\SysJT4\Ghook.dll] [N/A, ]
[C:\WINDOWS\SysSun2\Ghook.dll] [N/A, ]
[C:\WINDOWS\system32\msccrt.dll] [N/A, ]
[C:\WINDOWS\system32\Kvsc3.dll] [N/A, ]
[C:\WINDOWS\system32\cmdbcs.dll] [N/A, ]
[C:\WINDOWS\Sysfy4\Ghook.dll] [N/A, ]
[C:\WINDOWS\Syswl3\Ghook.dll] [N/A, ]
[PID: 336][C:\program files\Internet Explorer\IEXPLORE.EXE] [Microsoft Corporation, 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)]
[C:\WINDOWS\system32\msdebug.dll] [N/A, ]
[C:\WINDOWS\system32\RemoteDbg.dll] [N/A, ]
[C:\WINDOWS\system32\windds32.dll] [N/A, ]
[C:\WINDOWS\system32\windhcp.ocx] [N/A, ]
[C:\WINDOWS\system32\xpdhcp.dll] [N/A, ]
[C:\WINDOWS\system32\WMIApiSrv.dll] [N/A, ]
[C:\WINDOWS\system32\netsrvcs.dll] [N/A, ]
[C:\Program Files\TENCENT\Adplus\Adplus1.dll] [Tencent, 4, 5, 1, 14]
[C:\Program Files\TENCENT\Adplus\SSAddr1.dll] [Tencent, 4, 5, 1, 14]
[C:\Program Files\Tencent\QQDownload\QQIEHelper01.dll] [腾讯公司, 1, 1, 0, 5]
[C:\WINDOWS\Syswm7\Ghook.dll] [N/A, ]
[C:\WINDOWS\system32\SysJ2\Ghook.dll] [N/A, ]
[C:\WINDOWS\Syssj5\Ghook.dll] [N/A, ]
[C:\WINDOWS\system32\txwgmr.dll] [N/A, ]
[C:\WINDOWS\SysJT4\Ghook.dll] [N/A, ]
[C:\WINDOWS\SysSun2\Ghook.dll] [N/A, ]
[C:\WINDOWS\system32\msccrt.dll] [N/A, ]
[C:\WINDOWS\system32\Kvsc3.dll] [N/A, ]
[C:\WINDOWS\system32\cmdbcs.dll] [N/A, ]
[C:\WINDOWS\Sysfy4\Ghook.dll] [N/A, ]
[C:\WINDOWS\Syswl3\Ghook.dll] [N/A, ]

rushiqi - 2007-6-2 16:34:00

[C:\Program Files\Microsoft Office\OFFICE11\msohev.dll] [Microsoft Corporation, 11.0.5510]
[PID: 3760][C:\WINDOWS\system32\wuauclt.exe] [Microsoft Corporation, 5.8.0.2469 built by: lab01_n(wmbla)]
[C:\WINDOWS\system32\msdebug.dll] [N/A, ]
[C:\WINDOWS\system32\RemoteDbg.dll] [N/A, ]
[C:\WINDOWS\system32\windds32.dll] [N/A, ]
[C:\WINDOWS\system32\windhcp.ocx] [N/A, ]
[C:\WINDOWS\system32\xpdhcp.dll] [N/A, ]
[C:\WINDOWS\system32\WMIApiSrv.dll] [N/A, ]
[C:\WINDOWS\system32\netsrvcs.dll] [N/A, ]
[C:\Program Files\TENCENT\Adplus\Adplus1.dll] [Tencent, 4, 5, 1, 14]
[C:\WINDOWS\system32\wups2.dll] [Microsoft Corporation, 5.8.0.2469 built by: lab01_n(wmbla)]
[C:\WINDOWS\Syswm7\Ghook.dll] [N/A, ]
[C:\WINDOWS\system32\SysJ2\Ghook.dll] [N/A, ]
[C:\WINDOWS\Syssj5\Ghook.dll] [N/A, ]
[C:\WINDOWS\system32\txwgmr.dll] [N/A, ]
[C:\WINDOWS\SysJT4\Ghook.dll] [N/A, ]
[C:\WINDOWS\SysSun2\Ghook.dll] [N/A, ]
[C:\WINDOWS\system32\msccrt.dll] [N/A, ]
[C:\WINDOWS\system32\Kvsc3.dll] [N/A, ]
[C:\WINDOWS\system32\cmdbcs.dll] [N/A, ]
[C:\WINDOWS\Sysfy4\Ghook.dll] [N/A, ]
[C:\WINDOWS\Syswl3\Ghook.dll] [N/A, ]
[PID: 604][F:\新建文件夹\sreng2\SREng.EXE] [Smallfrogs Studio, 2.4.12.806]
[C:\WINDOWS\system32\msdebug.dll] [N/A, ]
[C:\WINDOWS\system32\RemoteDbg.dll] [N/A, ]
[C:\WINDOWS\system32\windds32.dll] [N/A, ]
[C:\WINDOWS\system32\windhcp.ocx] [N/A, ]
[C:\WINDOWS\system32\xpdhcp.dll] [N/A, ]
[C:\WINDOWS\system32\WMIApiSrv.dll] [N/A, ]
[C:\WINDOWS\system32\netsrvcs.dll] [N/A, ]
[C:\Program Files\TENCENT\Adplus\Adplus1.dll] [Tencent, 4, 5, 1, 14]
[C:\WINDOWS\Syswm7\Ghook.dll] [N/A, ]
[C:\WINDOWS\system32\SysJ2\Ghook.dll] [N/A, ]
[C:\WINDOWS\Syssj5\Ghook.dll] [N/A, ]
[C:\WINDOWS\system32\txwgmr.dll] [N/A, ]
[C:\WINDOWS\SysJT4\Ghook.dll] [N/A, ]
[C:\WINDOWS\SysSun2\Ghook.dll] [N/A, ]
[C:\WINDOWS\system32\msccrt.dll] [N/A, ]
[C:\WINDOWS\system32\Kvsc3.dll] [N/A, ]
[C:\WINDOWS\system32\cmdbcs.dll] [N/A, ]
[C:\WINDOWS\Sysfy4\Ghook.dll] [N/A, ]
[C:\WINDOWS\Syswl3\Ghook.dll] [N/A, ]
[C:\WINDOWS\system32\upxdnd.dll] [N/A, ]
[C:\WINDOWS\TEMP\upxdnd.dll] [N/A, ]
[C:\DOCUME~1\rjs\LOCALS~1\Temp\Kavs0.dll] [N/A, ]
[C:\DOCUME~1\rjs\LOCALS~1\Temp\Gjzo0.dll] [N/A, ]
[C:\DOCUME~1\rjs\LOCALS~1\Temp\LgSy0.dll] [N/A, ]
[C:\DOCUME~1\rjs\LOCALS~1\Temp\Rav20.dll] [N/A, ]
[C:\DOCUME~1\rjs\LOCALS~1\Temp\fyzo0.dll] [N/A, ]
[C:\DOCUME~1\rjs\LOCALS~1\Temp\LgSy1.dll] [N/A, ]
[C:\DOCUME~1\rjs\LOCALS~1\Temp\upxdnd.dll] [N/A, ]
[C:\WINDOWS\system32\mppds.dll] [N/A, ]
[C:\WINDOWS\system32\main32.dll] [N/A, ]
[C:\WINDOWS\system32\iPPro.dll] [N/A, ]
[C:\WINDOWS\system32\Exprer.dll] [N/A, ]
[C:\WINDOWS\system32\Explrer.dll] [N/A, ]

==================================
文件关联
.TXT Error. [NOTEPAD.EXE %1]
.EXE OK. ["%1" %*]
.COM OK. ["%1" %*]
.PIF OK. ["%1" %*]
.REG OK. [regedit.exe "%1"]
.BAT OK. ["%1" %*]
.SCR OK. ["%1" /S]
.CHM OK. ["C:\WINDOWS\hh.exe" %1]
.HLP OK. [%SystemRoot%\System32\winhlp32.exe %1]
.INI Error. [notepad.exe %1]
.INF Error. [notepad.exe %1]
.VBS Error. [超级解霸3000]
.JS OK. [%SystemRoot%\System32\WScript.exe "%1" %*]
.LNK OK. [{00021401-0000-0000-C000-000000000046}]

==================================
Winsock 提供者
N/A

==================================
Autorun.inf
N/A

==================================
HOSTS 文件
127.0.0.1 localhost
127.0.0.1 mmm.caifu18.net
127.0.0.1 www.18dmm.com
127.0.0.1 d.qbbd.com
127.0.0.1 www.5117music.com
127.0.0.1 www.union123.com
127.0.0.1 www.wu7x.cn
127.0.0.1 www.54699.com
127.0.0.1 www1.6tan.com
127.0.0.1 www2.6tan.com
127.0.0.1 www.97725.com
127.0.0.1 down.97725.com
127.0.0.1 ip.315hack.com
127.0.0.1 ip.54liumang.com
127.0.0.1 www.41ip.com
127.0.0.1 xulao.com
127.0.0.1 www.heixiou.com
127.0.0.1 www.9cyy.com
127.0.0.1 www.hunll.com
127.0.0.1 www.down.hunll.com
127.0.0.1 do.77276.com
127.0.0.1 www.baidulink.com
127.0.0.1 adnx.yygou.cn
127.0.0.1 222.73.220.45
127.0.0.1 www.f5game.com
127.0.0.1 www.guazhan.cn
127.0.0.1 wm,103715.com
127.0.0.1 www.my6688.cn
127.0.0.1 i.96981.com
127.0.0.1 d.77276.com
127.0.0.1 www1.cw988.cn
127.0.0.1 cool.47555.com
127.0.0.1 www.asdwc.com
127.0.0.1 55880.cn
127.0.0.1 61.152.169.234
127.0.0.1 cc.wzxqy.com
127.0.0.1 www.54699.com
127.0.0.1 t.gcuj.com
127.0.0.1 www.puma163.com
127.0.0.1 ceoww.com
127.0.0.1 boolom.com
127.0.0.1 adult-novel.cn
127.0.0.1 ll.chinasese.net
127.0.0.1 www.tellumore.com
127.0.0.1 www.o1wg.com
127.0.0.1 www.qq756.com
127.0.0.1 ll.chinasese.net
127.0.0.1 cool.47555.com

==================================
API HOOK
N/A

==================================
隐藏进程
N/A

==================================

[/CODE]

天月来了 - 2007-6-2 16:47:00

真要命

最多的毒，莫过于此了。

baohe - 2007-6-2 16:48:00

【回复“rushiqi”的帖子】
用IceSword可以搞掂。

基本流程是：

1、禁止进程创建。
2、结束被病毒模块插入的进程（带有下面列出的病毒模块的进程；可以参照SRENG日志辨认）：
[C:\WINDOWS\Syssj5\Ghook.dll] [N/A, ]
[C:\WINDOWS\Syswm7\Ghook.dll] [N/A, ]
[C:\WINDOWS\system32\Explrer.dll] [N/A, ]
[C:\WINDOWS\system32\Exprer.dll] [N/A, ]
[C:\WINDOWS\system32\nwizAsktao.dll] [N/A, ]
[C:\WINDOWS\system32\nwiztlbb.dll] [N/A, ]
[C:\WINDOWS\system32\iPPro.dll] [N/A, ]
[C:\WINDOWS\system32\main32.dll] [N/A, ]
[C:\WINDOWS\system32\mppds.dll] [N/A, ]
[C:\WINDOWS\system32\nwizhx2.dll] [N/A, ]
[C:\WINDOWS\system32\tlbb100.dll] [N/A, ]
[C:\WINDOWS\system32\cmdbcs.dll] [N/A, ]
[C:\DOCUME~1\rjs\LOCALS~1\Temp\upxdnd.dll] [N/A, ]
[C:\WINDOWS\system32\Kvsc3.dll] [N/A, ]
[C:\WINDOWS\system32\msccrt.dll] [N/A, ]
[C:\WINDOWS\system32\txwgmr.dll] [N/A, ]
[C:\WINDOWS\SysJT4\Ghook.dll] [N/A, ]
[C:\WINDOWS\system32\SysJ2\Ghook.dll] [N/A, ]
[C:\DOCUME~1\rjs\LOCALS~1\Temp\LgSy1.dll] [N/A, ]
[C:\DOCUME~1\rjs\LOCALS~1\Temp\fyzo0.dll] [N/A, ]
[C:\DOCUME~1\rjs\LOCALS~1\Temp\Rav20.dll] [N/A, ]
[C:\DOCUME~1\rjs\LOCALS~1\Temp\LgSy0.dll] [N/A, ]
[C:\DOCUME~1\rjs\LOCALS~1\Temp\Gjzo0.dll] [N/A, ]
[C:\DOCUME~1\rjs\LOCALS~1\Temp\Kavs0.dll] [N/A, ]
[C:\WINDOWS\TEMP\upxdnd.dll] [N/A, ]
[C:\WINDOWS\system32\upxdnd.dll] [N/A, ]
[C:\WINDOWS\system32\msdebug.dll] [N/A, ]
[C:\WINDOWS\system32\RemoteDbg.dll] [N/A, ]
[C:\WINDOWS\system32\windds32.dll] [N/A, ]
[C:\WINDOWS\system32\windhcp.ocx] [N/A, ]
[C:\WINDOWS\system32\xpdhcp.dll] [N/A, ]
[C:\WINDOWS\system32\WMIApiSrv.dll] [N/A, ]
[C:\WINDOWS\system32\netsrvcs.dll] [N/A, ]
3、删除上述病毒模块以及SRENG日志中病毒启动项、驱动项所指向的病毒文件（见后面内容）。

4、取消IceSword的“禁止进程创建。

5、用SRENG删除下列注册表内容：

启动项目
注册表
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
<q8b63qd8i9julg><C:\DOCUME~1\rjs\LOCALS~1\Temp\1explore.exe> []
<l7ftg9vy8><C:\DOCUME~1\rjs\LOCALS~1\Temp\iexpl0re.exe> []
<s><C:\DOCUME~1\rjs\LOCALS~1\Temp\rundl132.exe> []
<rhqbfe4dr><C:\DOCUME~1\rjs\LOCALS~1\Temp\winlog0n.exe> []
<3uihl0w><C:\DOCUME~1\rjs\LOCALS~1\Temp\c0nime.exe> []
<l7><C:\DOCUME~1\rjs\LOCALS~1\Temp\Servera.exe> []
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run]
<sun><C:\WINDOWS\SysSun2\svchost.exe> []
<fy><C:\WINDOWS\Sysfy4\svchost.exe> []
<JT><C:\WINDOWS\SysJT4\svchost.exe> []
<J2><C:\WINDOWS\system32\SysJ2\svchost.exe> []
<sj><C:\WINDOWS\Syssj5\svchost.exe> []
<wl><C:\WINDOWS\Syswl3\svchost.exe> []
<wm><C:\WINDOWS\Syswm7\svchost.exe> []
<pklihisss><C:\WINDOWS\pklihisss.exe /i> []
<Explrer><C:\WINDOWS\Explrer.exe> []
<Exprer><C:\WINDOWS\Exprer.exe> []
<nwiztlbb><C:\WINDOWS\system32\nwiztlbb.exe> []
<nwizAskTao><C:\WINDOWS\system32\nwizAskTao.exe> []
<svpecld><C:\WINDOWS\system32\svpecld.exe> []
<upxdnd><C:\WINDOWS\upxdnd.exe> []
<mppds><C:\WINDOWS\mppds.exe> []
<main32><C:\WINDOWS\main32.exe /i> []
<iPPro><C:\WINDOWS\iPPro.exe> []
<Kvsc3><C:\WINDOWS\Kvsc3.exe> []
<cmdbcs><C:\WINDOWS\cmdbcs.exe> []
<msccrt><C:\WINDOWS\msccrt.exe> []
<MsIMMs32><C:\WINDOWS\MsIMMs32.exe> []
驱动项
[CelInDrv / CelInDrv][Running/Disabled]
<\??\C:\WINDOWS\system32\Drivers\CelInDriver.sys><N/A>
[lbi / lbi][Stopped/Manual Start]
<\??\C:\DOCUME~1\rjs\LOCALS~1\Temp\lbikfk><N/A>
[lemepej / lemepej][Running/Boot Start]
<\SystemRoot\\SystemRoot\System32\drivers\lemepej.sys><N/A>
[uqbejte / uqbejte][Stopped/Manual Start]
<\??\C:\DOCUME~1\rjs\LOCALS~1\Temp\uqbejtejxh><N/A>

rushiqi - 2007-6-2 16:51:00

请帮忙提供一个IceSword下载的链接，他这台电脑没有装，谢谢

newcenturymoon - 2007-6-2 16:53:00

最后需要用杀毒软件全盘杀毒清除艾尼感染的文件

天月来了 - 2007-6-2 16:54:00

http://forum.ikaka.com/topic.asp?board=67&artid=8283060

找去

rushiqi - 2007-6-6 17:48:00

不好意思，这么久才回复。按猫叔所说，用IceSword禁止线程创建，但是要结束被病毒模块插入的进程，却一个也找不到，本来想再来请教一下，后来有急事就先离开了，最后没办法我朋友说要把电脑拿去重装系统，汗～～～不了了之
辛苦各位了！

瑞星卡卡安全论坛