高手救命```` bbs.ikaka.com

惨遭病毒侵害 - 2007-7-6 21:17:00

电脑不知是不是因为病毒的原因,搞的网速很卡`````请人指教?
启动项目
注册表
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
<ctfmon.exe><C:\WINDOWS\system32\ctfmon.exe> [(Verified)Microsoft Windows Publisher]
[HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows]
<load><> [N/A]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
<switch><c:\windows\system32\壁纸自动换.exe> []
<CdnCtr><C:\Program Files\CNNIC\Cdn\cdnup.exe> [CNNIC]
<helper.dll><C:\WINDOWS\system32\rundll32.exe C:\PROGRA~1\3721\helper.dll,Rundll32> []
<TkBellExe><"C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot> [(Verified)"RealNetworks, Inc."]
<Windows木马防火墙><E:\软件\木马清道夫\Trojanwall.exe> [风云谷]
<HP Component Manager><"C:\Program Files\HP\hpcoretech\hpcmpmgr.exe"> [Hewlett-Packard Company]
<HPDJ Taskbar Utility><C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb10.exe> [(Verified)Microsoft Windows Hardware Compatibility Publisher]
<HP Software Update><"C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe"> [Hewlett-Packard Company]
<RavTask><"C:\Program Files\Rising\Rav\RavTask.exe" -system> [Beijing Rising Technology Co., Ltd.]
<BigDogPath><C:\WINDOWS\VM_STI.EXE Vimicro USB PC Camera (ZC0301PL)> [N/A]
<NeroFilterCheck><C:\WINDOWS\system32\NeroCheck.exe> [Ahead Software Gmbh]
<KuGoo3><E:\软件\新建文件夹\KuGoo3\KuGoo.exe> []
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\RunOnce]
<RavStub><"C:\PROGRAM FILES\RISING\RAV\ravstub.exe" /RUNONCE> [Beijing Rising Technology Co., Ltd.]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
<shell><Explorer.exe> [(Verified)Microsoft Windows Publisher]
<Userinit><C:\WINDOWS\system32\userinit.exe,> [(Verified)Microsoft Windows Publisher]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Windows]
<AppInit_DLLs><> [N/A]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
<UIHost><logonui.exe> [(Verified)Microsoft Windows Component Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
<{D157330A-9EF3-49F8-9A67-4141AC41ADD4}><> [N/A]
<{32CD708B-60A7-4C00-9377-D73EAA495F0F}><C:\WINDOWS\system32\RavExt.dll> [Beijing Rising Technology Co., Ltd.]

==================================
启动文件夹
N/A

==================================
服务
[Human Interface Device Access / HidServ][Stopped/Disabled]
<C:\WINDOWS\System32\svchost.exe -k netsvcs-->%SystemRoot%\System32\hidserv.dll><N/A>
[Remote Registry Protect / Patterns][Stopped/Auto Start]
<C:\WINDOWS\System32\svchost.exe -k netsvcs-->C:\WINDOWS\system32\krsua.dll><N/A>
[Qvod Terminal / Qvod Terminal][Running/Auto Start]
<E:\软件\新建文件夹 (2)\QvodPlayer\QvodTerminal.exe><N/A>
[Rising Process Communication Center / RsCCenter][Running/Auto Start]
<"C:\Program Files\Rising\Rav\CCenter.exe"><Beijing Rising Technology Co., Ltd.>
[Rising RealTime Monitor / RsRavMon][Running/Auto Start]
<"C:\PROGRAM FILES\RISING\RAV\Ravmond.exe"><Beijing Rising Technology Co., Ltd.>
[DNS Cache / SHipING][Stopped/Auto Start]
<C:\WINDOWS\SYSTEM32\RUNDLL2KXP.EXE C:\WINDOWS\SYSTEM32\WBEM\ERSHS.DLL,Export 1087><Microsoft Corporation>
[SoundMAX Agent Service / SoundMAX Agent Service (default)][Running/Auto Start]
<C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe><Analog Devices, Inc.>
[Windows Accounts Driver / windows_0][Stopped/Auto Start]
<><N/A>

==================================
驱动程序
[Intel(r) 82801 Audio Driver Install Service (WDM) / ac97intc][Stopped/Manual Start]
<system32\drivers\ac97intc.sys><Intel Corporation>
[aeaudio / aeaudio][Running/Manual Start]
<system32\drivers\aeaudio.sys><Andrea Electronics Corporation>
[AliIde / AliIde][Running/Boot Start]
<\SystemRoot\System32\DRIVERS\aliide.sys><Acer Laboratories Inc.>
[AMD K8 Processor Driver / AmdK8][Stopped/Manual Start]
<System32\DRIVERS\amdk8.sys><Advanced Micro Devices>
[ati2mtag / ati2mtag][Running/Manual Start]
<system32\DRIVERS\ati2mtag.sys><ATI Technologies Inc.>
[BaseTDI / BaseTDI][Running/Auto Start]
<\??\C:\WINDOWS\system32\drivers\basetdi.sys><Rising>
[cdnprot / cdnprot][Running/Boot Start]
<\SystemRoot\system32\drivers\cdnprot.sys><中国互联网络信息中心(CNNIC)>
[CmdIde / CmdIde][Running/Boot Start]
<\SystemRoot\System32\DRIVERS\cmdide.sys><CMD Technology, Inc.>
[CnsMinKP / CnsMinKP][Stopped/Boot Start]
<\SystemRoot\system32\drivers\CnsMinKP.sys><Copyright (C) 3721 Corporation.>
[EagleNT / EagleNT][Stopped/Manual Start]
<\??\C:\WINDOWS\system32\drivers\EagleNT.sys><N/A>
[ExpScaner / ExpScaner][Running/Auto Start]
<\??\C:\PROGRAM FILES\RISING\RAV\ExpScan.sys><>
[VIA PCI 10/100Mb Fast Ethernet Adapter NT Driver / FETNDIS][Stopped/Manual Start]
<system32\DRIVERS\fetnd5.sys><VIA Technologies, Inc.>
[HOOKAPI / HOOKAPI][Stopped/Manual Start]
<\??\C:\PROGRAM FILES\RISING\RAV\HOOKAPI.SYS><瑞星软件有限公司>
[HookCont / HookCont][Running/Auto Start]
<\??\C:\PROGRAM FILES\RISING\RAV\HOOKCONT.sys><Rising>
[HookReg / HookReg][Running/Auto Start]
<\??\C:\PROGRAM FILES\RISING\RAV\HookReg.sys><>
[HookSys / HookSys][Running/Auto Start]
<\??\C:\PROGRAM FILES\RISING\RAV\HookSys.sys><Rising>
[lgmfobo / lgmfobo][Running/Boot Start]
<\SystemRoot\\SystemRoot\System32\drivers\lgmfobo.sys><N/A>
[MEMSCAN / MEMSCAN][Running/Auto Start]
<\??\C:\PROGRAM FILES\RISING\RAV\MEMSCAN.sys><瑞星软件有限公司>
[msqmx / msqmx][Running/Boot Start]
<\SystemRoot\system32\drivers\msqmx.sys><N/A>
[npkcrypt / npkcrypt][Running/Auto Start]
<\??\D:\QQ2006\npkcrypt.sys><INCA Internet Co., Ltd.>
[nv / nv][Stopped/Manual Start]
<system32\DRIVERS\nv4_mini.sys><NVIDIA Corporation>
[nyyr / nyyrw][Running/Boot Start]
<\SystemRoot\System32\DRIVERS\nyyrw.sys><N/A>
[Direct Parallel Link Driver / Ptilink][Running/Manual Start]
<system32\DRIVERS\ptilink.sys><Parallel Technologies, Inc.>
[RsNTGDI / RsNTGDI][Running/Boot Start]
<\SystemRoot\system32\Drivers\RsNTGdi.sys><Beijing Rising Technology Co., Ltd.>
[RSPPSYS / RSPPSYS][Running/Auto Start]
<\??\C:\PROGRAM FILES\RISING\RAV\RSPPSYS.sys><Rising>
[Realtek 10/100/1000 NIC Family all in one NDIS XP Driver / RTL8023xp][Running/Manual Start]
<system32\DRIVERS\Rtnicxp.sys><Realtek Semiconductor Corporation>
[Secdrv / Secdrv][Stopped/Manual Start]
<system32\DRIVERS\secdrv.sys><N/A>
[smwdm / smwdm][Running/Manual Start]
<system32\drivers\smwdm.sys><Analog Devices, Inc.>
[World Standard Teletext Codec / WSTCODEC][Stopped/Manual Start]
<system32\DRIVERS\WSTCODEC.SYS><Microsoft Corporation>
[Vimicro USB PC Camera (ZC0301PL) / ZSMC301b][Running/Manual Start]
<System32\Drivers\usbVM31b.sys><VM>

==================================
浏览器加载项
[CAdLogic Object]
{11F09AFD-75AD-4E51-AB43-E09E9351CE16} <C:\Program Files\Common Files\CPUSH\cpush1.dll, >
[Cbho Object]
{352E3B3A-CAB5-4DBC-B940-C7F84D0447D8} <C:\PROGRA~1\CNNIC\Cdn\cdndrag.dll, CNNIC>
[Info cache]
{385AB8C6-FB22-4D17-8834-064E2BA0A6F0} <C:\Documents and Settings\All Users\Application Data\Microsoft\PCTools\pctools.dll, 金泰丰(广州)科技有限公司>
[CdnForIE Class]
{5C3853CF-C7E0-4946-B3FA-1ABDB6F48108} <C:\PROGRA~1\CNNIC\Cdn\cdnforie.dll, CNNIC>
[实用搜索]
{6CFD436C-7AAD-4e50-992F-C0C87A94CAD2} <, N/A>
[CnsHook Class]
{D157330A-9EF3-49F8-9A67-4141AC41ADD4} <, N/A>
[SrchHook Class]
{F08555B0-9CC3-11D2-AA8E-000000000000} <C:\WINDOWS\system32\IEBHO.dll, >
[WMHlprObj Class]
{F5824EFB-728A-4726-A5A5-85A68B20EDC3} <C:\PROGRA~1\CNNIC\Cdn\wmhlpr.dll, CNNIC>
[Yahoo 3.5G电邮]
{507F9113-CD77-4866-BA92-0E86DA3D0B97} <http://cn.zs.yahoo.com/cnsbutton.htm?source=cns&btn=yahoomail, N/A>
[名品折扣]
{59BC54A2-56B3-44a0-93E5-432D58746E26} <http://adtaobao.allyes.com/main/adfclick?db=adtaobao&bid=138,140,18&cid=816,8,1&sid=5042&show=ignore&url=http://www.taobao.com/vertical/mall/pro.php?allyesPara=816, N/A>
[CdnForIE Class]
{5C3853CF-C7E0-4946-B3FA-1ABDB6F48108} <C:\PROGRA~1\CNNIC\Cdn\cdnforie.dll, CNNIC>
[雅虎助手]
{5D73EE86-05F1-49ed-B850-E423120EC338} <http://cn.zs.yahoo.com/cnsbutton.htm?source=cns&btn=yassist, N/A>
[雅虎WIDGET]
{6354ABE6-05F1-49ed-B850-E423120EC338} <http://cn.widget.yahoo.com/index.htm?source=Cns, N/A>
[情景聊天]
{E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} <http://cn.zs.yahoo.com/cnsbutton.htm?source=cns&btn=yahoomsg, N/A>
[]
{ECF2E268-F28C-48d2-9AB7-8F69C11CCB71} <http://cn.zs.yahoo.com/cnsbutton.htm?source=cns&btn=repair, N/A>
[]
{FD00D911-7529-4084-9946-A29F1BDF4FE5} <http://cn.zs.yahoo.com/cnsbutton.htm?source=cns&btn=clean, N/A>
[IE搜索工具条]
{BE830FD4-E393-417F-9F4B-CC70ABB3384C} <C:\WINDOWS\system32\IETool.dll, N/A>
[实用搜索工具条2.0]
{03465FF5-00AE-411a-9C34-960ED566EC03} <, N/A>
[实用搜索工具条2.0]
{03465FF5-00AE-411A-9C34-960ED566EC03} <, N/A>
[CAdLogic Object]
{11F09AFD-75AD-4E51-AB43-E09E9351CE16} <C:\Program Files\Common Files\CPUSH\cpush1.dll, >
[Windows Media Player]
{22D6F312-B0F6-11D0-94AB-0080C74C7E95} <C:\WINDOWS\system32\wmpdxm.dll, Microsoft Corporation>
[Cbho Object]
{352E3B3A-CAB5-4DBC-B940-C7F84D0447D8} <C:\PROGRA~1\CNNIC\Cdn\cdndrag.dll, CNNIC>
[Info cache]
{385AB8C6-FB22-4D17-8834-064E2BA0A6F0} <C:\Documents and Settings\All Users\Application Data\Microsoft\PCTools\pctools.dll, 金泰丰(广州)科技有限公司>
[CdnForIE Class]
{5C3853CF-C7E0-4946-B3FA-1ABDB6F48108} <C:\PROGRA~1\CNNIC\Cdn\cdnforie.dll, CNNIC>
[Windows Media Player]
{6BF52A52-394A-11D3-B153-00C04F79FAA6} <C:\WINDOWS\system32\wmp.dll, Microsoft Corporation>
[实用搜索]
{6CFD436C-7AAD-4E50-992F-C0C87A94CAD2} <, N/A>
[AutoLive]
{7CA83CF1-3AEA-42D0-A4E3-1594FC6E48B2} <, N/A>
[Microsoft Web 浏览器]
{8856F961-340A-11D0-A96B-00C04FD705A2} <C:\WINDOWS\system32\shdocvw.dll, Microsoft Corporation>
[Microsoft Scriptlet Component]
{AE24FDAE-03C6-11D1-8B76-0080C744F389} <C:\WINDOWS\system32\mshtml.dll, Microsoft Corporation>
[SearchAssistantOC]
{B45FF030-4447-11D2-85DE-00C04FA35C89} <%SystemRoot%\system32\shdocvw.dll, N/A>
[RDS.DataSpace]
{BD96C556-65A3-11D0-983A-00C04FC29E36} <C:\Program Files\Common Files\System\msadc\msadco.dll, Microsoft Corporation>
[IE搜索工具条]
{BE830FD4-E393-417F-9F4B-CC70ABB3384C} <C:\WINDOWS\system32\IETool.dll, N/A>
[RealPlayer G2 Control]
{CFCDAA03-8BE4-11CF-B84B-0020AFBBCCFA} <C:\WINDOWS\system32\rmoc3260.dll, RealNetworks, Inc.>
[CnsHook Class]
{D157330A-9EF3-49F8-9A67-4141AC41ADD4} <, N/A>
[Shockwave Flash Object]
{D27CDB6E-AE6D-11CF-96B8-444553540000} <C:\WINDOWS\system32\Macromed\Flash\Flash9b.ocx, Adobe Systems, Inc.>
[SrchHook Class]
{F08555B0-9CC3-11D2-AA8E-000000000000} <C:\WINDOWS\system32\IEBHO.dll, >
[Insertctrl Class]
{F3D0D36F-23F8-4682-A195-74C92B03D4AF} <C:\WINDOWS\system32\QvodInster.dll, Shenzhen TASK Technology Co.,Ltd>
[WMHlprObj Class]
{F5824EFB-728A-4726-A5A5-85A68B20EDC3} <C:\PROGRA~1\CNNIC\Cdn\wmhlpr.dll, CNNIC>
[使用迅雷下载]
<E:\软件\迅雷\迅雷\Program\GetUrl.htm, N/A>
[使用迅雷下载全部链接]
<E:\软件\迅雷\迅雷\Program\GetUrl.htm, N/A>
[导出到 Microsoft Office Excel(&X)]
<res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000, N/A>
[访问通用网址]
<C:\Program Files\CNNIC\Cdn\cnnic.htm, N/A>

惨遭病毒侵害 - 2007-7-6 21:18:00

正在运行的进程
[PID: 440][\SystemRoot\System32\smss.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 504][\??\C:\WINDOWS\system32\csrss.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 1588][C:\Program Files\CNNIC\Cdn\cdnup.exe] [CNNIC, 2, 5, 0, 8]
[C:\Program Files\CNNIC\Cdn\cdnuplib.dll] [CNNIC, 2, 5, 0, 11]
[C:\Program Files\CNNIC\Cdn\cdnprh.dll] [CNNIC, 2, 4, 0, 7]
[C:\Program Files\CNNIC\Cdn\cdndet.dll] [CNNIC, 2, 5, 0, 0]
[C:\Program Files\CNNIC\Cdn\cdnforie.dll] [CNNIC, 2, 1, 0, 11]
[C:\Program Files\CNNIC\Cdn\imaoe.dll] [CNNIC, 2, 2, 0, 1]
[C:\Program Files\CNNIC\Cdn\cdntdns.dll] [CNNIC, 2, 2, 0, 3]
[PID: 1836][C:\WINDOWS\system32\rundll32.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[C:\WINDOWS\system32\SYNCOR11.DLL] [SoundMAX, 1.2.3]
[C:\PROGRA~1\3721\helper.dll] [, 2, 5, 0, 1003]
[C:\Program Files\CNNIC\Cdn\imaoe.dll] [CNNIC, 2, 2, 0, 1]
[C:\Program Files\CNNIC\Cdn\cdnforie.dll] [CNNIC, 2, 1, 0, 11]
[C:\Program Files\CNNIC\Cdn\cdndet.dll] [CNNIC, 2, 5, 0, 0]
[C:\PROGRA~1\3721\autolive.dll] [, 2, 5, 2, 1005]
[C:\PROGRA~1\3721\alLiveEx.dll] [ , 1, 0, 3, 1006]
[C:\WINDOWS\system32\cdnns.dll] [CNNIC, 2, 0, 0, 0]
[PID: 1864][C:\Program Files\Common Files\Real\Update_OB\realsched.exe] [RealNetworks, Inc., 0.1.0.3760]
[C:\PROGRA~1\3721\helper.dll] [, 2, 5, 0, 1003]
[C:\Program Files\CNNIC\Cdn\imaoe.dll] [CNNIC, 2, 2, 0, 1]
[C:\Program Files\CNNIC\Cdn\cdnforie.dll] [CNNIC, 2, 1, 0, 11]
[C:\Program Files\CNNIC\Cdn\cdndet.dll] [CNNIC, 2, 5, 0, 0]
[PID: 1904][E:\软件\木马清道夫\Trojanwall.exe] [风云谷, 3.0.0.618]
[C:\WINDOWS\system32\SYNCOR11.DLL] [SoundMAX, 1.2.3]
[C:\PROGRA~1\3721\helper.dll] [, 2, 5, 0, 1003]
[C:\Program Files\CNNIC\Cdn\imaoe.dll] [CNNIC, 2, 2, 0, 1]
[C:\Program Files\CNNIC\Cdn\cdnforie.dll] [CNNIC, 2, 1, 0, 11]
[C:\Program Files\CNNIC\Cdn\cdndet.dll] [CNNIC, 2, 5, 0, 0]
[E:\软件\木马清道夫\PSAPI.dll] [Microsoft Corporation, 5.1.2600.1106 (xpsp1.020828-1920)]
[PID: 1964][C:\Program Files\HP\hpcoretech\hpcmpmgr.exe] [Hewlett-Packard Company, 2.1.1.0]
[C:\Program Files\HP\hpcoretech\HPVCR70.dll] [Microsoft Corporation, 7.00.9466.0]
[C:\PROGRA~1\3721\helper.dll] [, 2, 5, 0, 1003]
[C:\Program Files\CNNIC\Cdn\imaoe.dll] [CNNIC, 2, 2, 0, 1]
[C:\Program Files\CNNIC\Cdn\cdnforie.dll] [CNNIC, 2, 1, 0, 11]
[C:\Program Files\CNNIC\Cdn\cdndet.dll] [CNNIC, 2, 5, 0, 0]
[C:\WINDOWS\system32\MSXML4.dll] [Microsoft Corporation, 4.10.9404.0]
[PID: 1988][C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb10.exe] [HP, 2.323.0.0]
[C:\WINDOWS\system32\spool\drivers\w32x86\3\HPZR3210.dll] [HP, 2.323.0.0]
[C:\PROGRA~1\3721\helper.dll] [, 2, 5, 0, 1003]
[C:\Program Files\CNNIC\Cdn\imaoe.dll] [CNNIC, 2, 2, 0, 1]
[C:\Program Files\CNNIC\Cdn\cdnforie.dll] [CNNIC, 2, 1, 0, 11]
[C:\Program Files\CNNIC\Cdn\cdndet.dll] [CNNIC, 2, 5, 0, 0]
[PID: 2008][C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe] [Hewlett-Packard Company, 3, 0, 38, 1]
[C:\PROGRA~1\3721\helper.dll] [, 2, 5, 0, 1003]
[C:\Program Files\CNNIC\Cdn\imaoe.dll] [CNNIC, 2, 2, 0, 1]
[C:\Program Files\CNNIC\Cdn\cdnforie.dll] [CNNIC, 2, 1, 0, 11]
[C:\Program Files\CNNIC\Cdn\cdndet.dll] [CNNIC, 2, 5, 0, 0]
[PID: 212][C:\WINDOWS\VM_STI.EXE] [Vimicro, 4, 2, 1124, 6]
[C:\PROGRA~1\3721\helper.dll] [, 2, 5, 0, 1003]
[C:\Program Files\CNNIC\Cdn\imaoe.dll] [CNNIC, 2, 2, 0, 1]
[C:\Program Files\CNNIC\Cdn\cdnforie.dll] [CNNIC, 2, 1, 0, 11]
[C:\Program Files\CNNIC\Cdn\cdndet.dll] [CNNIC, 2, 5, 0, 0]
[C:\WINDOWS\system32\SYNCOR11.DLL] [SoundMAX, 1.2.3]
[C:\WINDOWS\system32\msdmo.dll] [, ]
[C:\WINDOWS\system32\VM31bPrp.Ax] [Vimicro, 1.00.01.00]
[PID: 160][C:\WINDOWS\system32\ctfmon.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[C:\WINDOWS\system32\SYNCOR11.DLL] [SoundMAX, 1.2.3]
[C:\PROGRA~1\3721\helper.dll] [, 2, 5, 0, 1003]
[C:\Program Files\CNNIC\Cdn\imaoe.dll] [CNNIC, 2, 2, 0, 1]
[C:\Program Files\CNNIC\Cdn\cdnforie.dll] [CNNIC, 2, 1, 0, 11]
[C:\Program Files\CNNIC\Cdn\cdndet.dll] [CNNIC, 2, 5, 0, 0]
[PID: 2544][D:\QQ2006\QQ.exe] [TENCENT, 0, 0, 0, 0]
[D:\QQ2006\QQBaseClassInDll.dll] [, 1, 0, 0, 1]
[D:\QQ2006\QQHelperDll.dll] [, 1, 0, 0, 1]
[D:\QQ2006\BasicCtrlDll.dll] [Tencent, 5, 0, 200, 160]
[D:\QQ2006\MFC42.DLL] [Microsoft Corporation, 6.00.8665.0]
[D:\QQ2006\PYKer.dll] [飘云 http://www.pyqq.cn, 飘云]
[C:\WINDOWS\system32\SYNCOR11.DLL] [SoundMAX, 1.2.3]
[D:\QQ2006\ipsearcher.dll] [, 1.0.0.3]
[C:\PROGRA~1\3721\helper.dll] [, 2, 5, 0, 1003]
[C:\Program Files\CNNIC\Cdn\imaoe.dll] [CNNIC, 2, 2, 0, 1]
[C:\Program Files\CNNIC\Cdn\cdnforie.dll] [CNNIC, 2, 1, 0, 11]
[C:\Program Files\CNNIC\Cdn\cdndet.dll] [CNNIC, 2, 5, 0, 0]
[D:\QQ2006\RICHED32.DLL] [Microsoft Corporation, 5.00.2134.1]
[D:\QQ2006\RICHED20.dll] [Microsoft Corporation, 5.31.23.1218]
[D:\QQ2006\QQAPI.dll] [, 1, 0, 0, 1]
[D:\QQ2006\LoginCtrl.dll] [, 1, 0, 0, 1]
[D:\QQ2006\npkcntc.dll] [INCA Internet Co., Ltd., 2006, 3, 2, 1]
[D:\QQ2006\npkpdb.dll] [INCA Internet Co., Ltd., 2003, 10, 1, 1]
[D:\QQ2006\QQRes.dll] [tencent, 1, 0, 0, 1]
[D:\QQ2006\QQMainFrame.dll] [N/A, ]
[D:\QQ2006\CQQApplication.dll] [N/A, ]
[D:\QQ2006\NewSkin.dll] [, 1, 0, 0, 1]
[D:\QQ2006\HostingMgr.dll] [, 1, 0, 0, 1]
[D:\QQ2006\CameraDll.dll] [, 1, 0, 0, 1]
[D:\QQ2006\MailSummary.dll] [, 1, 0, 0, 1]
[C:\WINDOWS\system32\cdnns.dll] [CNNIC, 2, 0, 0, 0]
[D:\QQ2006\QQSpace.dll] [, 1, 0, 0, 1]
[D:\QQ2006\vbscript.dll] [Microsoft Corporation, 5.6.0.7426]
[C:\WINDOWS\system32\msdmo.dll] [, ]
[D:\QQ2006\QQGroupMng.dll] [, 1, 0, 0, 1]
[D:\QQ2006\GroupLive.dll] [N/A, ]
[D:\QQ2006\UserDefinedHead.dll] [, 1, 0, 0, 1]
[D:\QQ2006\QQPlugin.dll] [N/A, ]
[D:\QQ2006\QQConfigPlugin.dll] [, 1, 0, 0, 1]
[D:\QQ2006\QRingMng.dll] [N/A, ]
[D:\QQ2006\QQAvatar.dll] [N/A, ]
[D:\QQ2006\FlashAvatarDll.dll] [, 1, 4, 0, 1]
[D:\QQ2006\QQSysMsgMng.dll] [N/A, ]
[D:\QQ2006\LongConnection.dll] [tencent, 5, 0, 200, 160]
[D:\QQ2006\PhoneAPI.dll] [, 1, 0, 0, 1]
[D:\QQ2006\DialerAllinOne.dll] [tencent, 1, 4, 0, 0]
[C:\WINDOWS\system32\Macromed\Flash\Flash9b.ocx] [Adobe Systems, Inc., 9,0,28,0]
[D:\QQ2006\QQAllInOne.dll] [N/A, ]
[D:\QQ2006\SCCore.dll] [N/A, ]
[D:\QQ2006\QQCustomFace.dll] [N/A, ]
[D:\QQ2006\gdiplus.dll] [Microsoft Corporation, 5.1.3102.2180 (xpsp_sp2_rtm.040803-2158)]
[D:\QQ2006\BQQApplication.dll] [N/A, ]
[C:\WINDOWS\system32\RavExt.dll] [Beijing Rising Technology Co., Ltd., 19, 0, 0, 9]
[D:\QQ2006\CommercesMng.dll] [, 1, 0, 0, 1]
[D:\QQ2006\PersonalDesktop.dll] [深圳市腾讯计算机系统公司QQ工作小组, 1, 0, 0, 2]
[D:\QQ2006\QQUdpGetFileLib.dll] [tencent, 0, 2, 2, 3]
[D:\QQ2006\QQAddr.dll] [深圳市腾讯计算机系统有限公司, 5, 0, 101, 200]
[D:\QQ2006\QQSceneMng.dll] [N/A, ]
[D:\QQ2006\QQPhoneHelper.dll] [腾讯科技（深圳）有限公司, 2, 1, 8, 81]
[PID: 2748][C:\WINDOWS\explorer.exe] [Microsoft Corporation, 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)]
[C:\WINDOWS\system32\SYNCOR11.DLL] [SoundMAX, 1.2.3]
[C:\PROGRA~1\3721\helper.dll] [, 2, 5, 0, 1003]
[C:\PROGRA~1\3721\alrex.dll] [, 1, 0, 1, 1001]
[C:\Program Files\CNNIC\Cdn\imaoe.dll] [CNNIC, 2, 2, 0, 1]
[C:\Program Files\CNNIC\Cdn\cdnforie.dll] [CNNIC, 2, 1, 0, 11]
[C:\Program Files\CNNIC\Cdn\cdndet.dll] [CNNIC, 2, 5, 0, 0]
[C:\PROGRA~1\3721\autolive.dll] [, 2, 5, 2, 1005]
[C:\PROGRA~1\3721\alLiveEx.dll] [ , 1, 0, 3, 1006]
[C:\Program Files\Rising\Rav\RSCOMMON.DLL] [Beijing Rising Technology Co., Ltd., 19, 0, 0, 5]
[C:\WINDOWS\system32\RavExt.dll] [Beijing Rising Technology Co., Ltd., 19, 0, 0, 9]
[PID: 3672][D:\QQ2006\QQ.exe] [TENCENT, 0, 0, 0, 0]
[D:\QQ2006\QQBaseClassInDll.dll] [, 1, 0, 0, 1]
[D:\QQ2006\QQHelperDll.dll] [, 1, 0, 0, 1]
[D:\QQ2006\BasicCtrlDll.dll] [Tencent, 5, 0, 200, 160]
[D:\QQ2006\MFC42.DLL] [Microsoft Corporation, 6.00.8665.0]
[D:\QQ2006\PYKer.dll] [飘云 http://www.pyqq.cn, 飘云]
[C:\WINDOWS\system32\SYNCOR11.DLL] [SoundMAX, 1.2.3]
[D:\QQ2006\ipsearcher.dll] [, 1.0.0.3]
[C:\PROGRA~1\3721\helper.dll] [, 2, 5, 0, 1003]
[C:\Program Files\CNNIC\Cdn\imaoe.dll] [CNNIC, 2, 2, 0, 1]
[C:\Program Files\CNNIC\Cdn\cdnforie.dll] [CNNIC, 2, 1, 0, 11]
[C:\Program Files\CNNIC\Cdn\cdndet.dll] [CNNIC, 2, 5, 0, 0]
[D:\QQ2006\RICHED32.DLL] [Microsoft Corporation, 5.00.2134.1]
[D:\QQ2006\RICHED20.dll] [Microsoft Corporation, 5.31.23.1218]
[D:\QQ2006\QQAPI.dll] [, 1, 0, 0, 1]
[D:\QQ2006\LoginCtrl.dll] [, 1, 0, 0, 1]
[D:\QQ2006\npkcntc.dll] [INCA Internet Co., Ltd., 2006, 3, 2, 1]
[D:\QQ2006\npkpdb.dll] [INCA Internet Co., Ltd., 2003, 10, 1, 1]
[D:\QQ2006\QQRes.dll] [tencent, 1, 0, 0, 1]
[D:\QQ2006\QQMainFrame.dll] [N/A, ]
[D:\QQ2006\CQQApplication.dll] [N/A, ]
[D:\QQ2006\NewSkin.dll] [, 1, 0, 0, 1]
[D:\QQ2006\HostingMgr.dll] [, 1, 0, 0, 1]
[D:\QQ2006\CameraDll.dll] [, 1, 0, 0, 1]
[D:\QQ2006\MailSummary.dll] [, 1, 0, 0, 1]
[C:\WINDOWS\system32\cdnns.dll] [CNNIC, 2, 0, 0, 0]
[D:\QQ2006\QQSpace.dll] [, 1, 0, 0, 1]
[D:\QQ2006\vbscript.dll] [Microsoft Corporation, 5.6.0.7426]
[C:\WINDOWS\system32\msdmo.dll] [, ]
[D:\QQ2006\QQGroupMng.dll] [, 1, 0, 0, 1]
[D:\QQ2006\GroupLive.dll] [N/A, ]
[D:\QQ2006\QQSysMsgMng.dll] [N/A, ]
[D:\QQ2006\QQAllInOne.dll] [N/A, ]
[D:\QQ2006\SCCore.dll] [N/A, ]
[D:\QQ2006\QQCustomFace.dll] [N/A, ]
[D:\QQ2006\gdiplus.dll] [Microsoft Corporation, 5.1.3102.2180 (xpsp_sp2_rtm.040803-2158)]
[D:\QQ2006\QQAvatar.dll] [N/A, ]
[D:\QQ2006\FlashAvatarDll.dll] [, 1, 4, 0, 1]
[D:\QQ2006\UserDefinedHead.dll] [, 1, 0, 0, 1]
[D:\QQ2006\QQPlugin.dll] [N/A, ]
[D:\QQ2006\QQConfigPlugin.dll] [, 1, 0, 0, 1]
[D:\QQ2006\PersonalDesktop.dll] [深圳市腾讯计算机系统公司QQ工作小组, 1, 0, 0, 2]
[D:\QQ2006\OEMApplication.dll] [, 1, 0, 0, 1]
[D:\QQ2006\QRingMng.dll] [N/A, ]
[D:\QQ2006\PhoneAPI.dll] [, 1, 0, 0, 1]
[D:\QQ2006\DialerAllinOne.dll] [tencent, 1, 4, 0, 0]
[C:\WINDOWS\system32\Macromed\Flash\Flash9b.ocx] [Adobe Systems, Inc., 9,0,28,0]
[D:\QQ2006\QQSceneMng.dll] [N/A, ]
[D:\QQ2006\LongConnection.dll] [tencent, 5, 0, 200, 160]
[D:\QQ2006\GroupConnection.dll] [Tencent, 5, 0, 202, 170]
[D:\QQ2006\ImageOle.dll] [TODO: <Company name>, 1.0.0.1]
[D:\QQ2006\QQMsgFriendMng.dll] [N/A, ]
[D:\QQ2006\QQZip.dll] [tencent, 0, 3, 2, 4]
[D:\QQ2006\BQQApplication.dll] [N/A, ]
[C:\WINDOWS\system32\WINWB86.IME] [Microsoft Corporation, 4.00.950]
[D:\QQ2006\QQAddr.dll] [深圳市腾讯计算机系统有限公司, 5, 0, 101, 200]
[C:\WINDOWS\system32\RavExt.dll] [Beijing Rising Technology Co., Ltd., 19, 0, 0, 9]
[D:\QQ2006\CommercesMng.dll] [, 1, 0, 0, 1]
[D:\QQ2006\QQPhoneHelper.dll] [腾讯科技（深圳）有限公司, 2, 1, 8, 81]

惨遭病毒侵害 - 2007-7-6 21:19:00

[PID: 564][E:\软件\新建文件夹\KuGoo3\KuGoo.exe] [, 3.2.0.102]
[C:\WINDOWS\system32\SYNCOR11.DLL] [SoundMAX, 1.2.3]
[C:\PROGRA~1\3721\helper.dll] [, 2, 5, 0, 1003]
[C:\Program Files\CNNIC\Cdn\imaoe.dll] [CNNIC, 2, 2, 0, 1]
[C:\Program Files\CNNIC\Cdn\cdnforie.dll] [CNNIC, 2, 1, 0, 11]
[C:\Program Files\CNNIC\Cdn\cdndet.dll] [CNNIC, 2, 5, 0, 0]
[E:\软件\新建文件夹\KuGoo3\mp3lib.dll] [N/A, ]
[C:\WINDOWS\system32\cdnns.dll] [CNNIC, 2, 0, 0, 0]
[E:\软件\新建文件夹\KuGoo3\RandomShuffle.dll] [Microsoft Corporation, 6.0.3790.2662]
[C:\WINDOWS\system32\RavExt.dll] [Beijing Rising Technology Co., Ltd., 19, 0, 0, 9]
[C:\Program Files\Rising\Rav\RavScrCh.dll] [Beijing Rising Technology Co., Ltd., 18, 0, 0, 4]
[C:\WINDOWS\system32\Macromed\Flash\Flash9b.ocx] [Adobe Systems, Inc., 9,0,28,0]
[PID: 3856][D:\TT\TTraveler.exe] [腾讯公司, 3.2.200.275]
[C:\PROGRA~1\3721\helper.dll] [, 2, 5, 0, 1003]
[C:\Program Files\CNNIC\Cdn\imaoe.dll] [CNNIC, 2, 2, 0, 1]
[C:\Program Files\CNNIC\Cdn\cdnforie.dll] [CNNIC, 2, 1, 0, 11]
[C:\Program Files\CNNIC\Cdn\cdndet.dll] [CNNIC, 2, 5, 0, 0]
[C:\PROGRA~1\3721\autolive.dll] [, 2, 5, 2, 1005]
[D:\TT\Plugins\QQFloatBar\QQFloatBar4TT2.dll] [腾讯公司, 1, 1, 0, 5]
[D:\TT\Plugins\TWeather\TWeather.dll] [, 1, 0, 0, 3]
[C:\PROGRA~1\3721\alLiveEx.dll] [ , 1, 0, 3, 1006]
[C:\WINDOWS\system32\SYNCOR11.DLL] [SoundMAX, 1.2.3]
[D:\TT\PersonalDesktop.dll] [深圳市腾讯计算机系统公司QQ工作小组, 1, 0, 0, 4]
[C:\WINDOWS\system32\cdnns.dll] [CNNIC, 2, 0, 0, 0]
[C:\Program Files\Rising\Rav\RavScrCh.dll] [Beijing Rising Technology Co., Ltd., 18, 0, 0, 4]
[C:\WINDOWS\system32\WINWB86.IME] [Microsoft Corporation, 4.00.950]
[C:\WINDOWS\system32\Macromed\Flash\Flash9b.ocx] [Adobe Systems, Inc., 9,0,28,0]
[PID: 3268][C:\Program Files\WinRAR\WinRAR.exe] [N/A, ]
[C:\PROGRA~1\3721\helper.dll] [, 2, 5, 0, 1003]
[C:\Program Files\CNNIC\Cdn\imaoe.dll] [CNNIC, 2, 2, 0, 1]
[C:\Program Files\CNNIC\Cdn\cdnforie.dll] [CNNIC, 2, 1, 0, 11]
[C:\Program Files\CNNIC\Cdn\cdndet.dll] [CNNIC, 2, 5, 0, 0]
[PID: 3944][C:\Program Files\WinRAR\WinRAR.exe] [N/A, ]
[C:\PROGRA~1\3721\helper.dll] [, 2, 5, 0, 1003]
[C:\Program Files\CNNIC\Cdn\imaoe.dll] [CNNIC, 2, 2, 0, 1]
[C:\Program Files\CNNIC\Cdn\cdnforie.dll] [CNNIC, 2, 1, 0, 11]
[C:\Program Files\CNNIC\Cdn\cdndet.dll] [CNNIC, 2, 5, 0, 0]
[PID: 3252][C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\Rar$EX00.235\SREng.EXE] [Smallfrogs Studio, 2.4.12.806]
[C:\WINDOWS\system32\SYNCOR11.DLL] [SoundMAX, 1.2.3]
[C:\PROGRA~1\3721\helper.dll] [, 2, 5, 0, 1003]
[C:\Program Files\CNNIC\Cdn\imaoe.dll] [CNNIC, 2, 2, 0, 1]
[C:\Program Files\CNNIC\Cdn\cdnforie.dll] [CNNIC, 2, 1, 0, 11]
[C:\Program Files\CNNIC\Cdn\cdndet.dll] [CNNIC, 2, 5, 0, 0]
[C:\WINDOWS\system32\cdnns.dll] [CNNIC, 2, 0, 0, 0]

==================================
文件关联
.TXT OK. [%SystemRoot%\system32\NOTEPAD.EXE %1]
.EXE OK. ["%1" %*]
.COM OK. ["%1" %*]
.PIF OK. ["%1" %*]
.REG OK. [regedit.exe "%1"]
.BAT OK. ["%1" %*]
.SCR OK. ["%1" /S]
.CHM OK. ["C:\WINDOWS\hh.exe" %1]
.HLP OK. [%SystemRoot%\System32\winhlp32.exe %1]
.INI OK. [%SystemRoot%\system32\NOTEPAD.EXE %1]
.INF OK. [%SystemRoot%\system32\NOTEPAD.EXE %1]
.VBS OK. [%SystemRoot%\System32\WScript.exe "%1" %*]
.JS OK. [%SystemRoot%\System32\WScript.exe "%1" %*]
.LNK OK. [{00021401-0000-0000-C000-000000000046}]

==================================
Winsock 提供者
N/A

==================================
Autorun.inf
N/A

==================================
HOSTS 文件
127.0.0.1 localhost
0.0.0.0 182838.com
0.0.0.0 204.177.92.68
0.0.0.0 asiafriendfinder.com
0.0.0.0 asqin123.51.net
0.0.0.0 babe520.5188.org
0.0.0.0 music.feifa.com
0.0.0.0 music.v111.com
0.0.0.0 www.jpbeauty.com
0.0.0.0 beautishow.com
0.0.0.0 goodmovies88.com
0.0.0.0 hothack.home.chinaren.com
0.0.0.0 hualiao.net
0.0.0.0 iplus.allyes.com
0.0.0.0 jjkafei.longcity.net
0.0.0.0 kaomm.8m.cn
0.0.0.0 l3iaoliao.com
0.0.0.0 lingaonbvm.myrice.com
0.0.0.0 lovejava.boy.net.cn
0.0.0.0 love7liao.com
0.0.0.0 asqin123.51.net
0.0.0.0 babe520.5188.org
0.0.0.0 music.feifa.com
0.0.0.0 jjkafei.longcity.net
0.0.0.0 kaomm.8m.cn
0.0.0.0 l3iaoliao.com
0.0.0.0 l3iaoliao.com
0.0.0.0 lingaonbvm.myrice.com
0.0.0.0 lovejava.boy.net.cn
0.0.0.0 love7liao.com
0.0.0.0 babe520.5188.org
0.0.0.0 music.feifa.com
0.0.0.0 music.v111.com
0.0.0.0 babe520.5188.org
0.0.0.0 music.feifa.com
0.0.0.0 jjkafei.longcity.net
0.0.0.0 kaomm.8m.cn
0.0.0.0 l3iaoliao.com
0.0.0.0 l3iaoliao.com
0.0.0.0 lingaonbvm.myrice.com
0.0.0.0 lovejava.boy.net.cn
0.0.0.0 love7liao.com
0.0.0.0 babe520.5188.org
0.0.0.0 music.feifa.com
0.0.0.0 music.v111.com
219.153.32.215 auto.search.msn.com

==================================
API HOOK
N/A

==================================
隐藏进程
N/A

==================================

[/CODE]

瑞星卡卡安全论坛