中了aotu.exe病毒删不掉,而且一打开网页就有病毒,请高手指点 bbs.ikaka.com

fatang - 2007-7-7 1:40:00

病毒有
Trojan.PSW.Win32.OnlineGames.dav
Trojan.PSW.Win32.WoWar.sb
Trojan.PSW.Win32.WoWar.sb
[1].exe>>upack0.39
等等

附件: 75004320077713002.txt

fatang - 2007-7-7 1:42:00

瑞星卡卡电脑诊断日志 v1.20 (2007-7-7 1:29:58) 北京瑞星科技股份有限公司

注释:[A]表示该文件存在自启动关联;
[M]表示该文件在内存中;

+ 注册表自运行项目
+ Win32 Services
+ HKLM\System\CurrentControlSet\Services
4ABE2F0A
[A ] 1. c:\windows\system32\27399081.exe
Microsoft Corporation
|8?0,|8?1,|8?2,
RfwProxySrv
[A ] 2. c:\program files\rising\rfw\rfwproxy.exe
Beijing Rising Technology Co., Ltd.
Rising Personal Proxy Service
.text,.rdata,.data,.rsrc,
55 8B EC 6A FF 68 60 94 40 00 68 60 85 40 00 64
RfwService
[A ] 3. c:\program files\rising\rfw\rfwsrv.exe
Beijing Rising Technology Co., Ltd.
Rising Personal FireWall Service
.text,.rdata,.data,.rsrc,
55 8B EC 6A FF 68 70 AC 41 00 68 80 94 41 00 64
rpcapd
[A ] 4. c:\program files\winpcap\rpcapd.exe
.text,.rdata,.data,
55 8B EC 6A FF 68 A8 E1 40 00 68 08 B4 40 00 64
RsCCenter
[A ] 5. c:\program files\rising\rav\ccenter.exe
Beijing Rising Technology Co., Ltd.
CCenter
.text,.rdata,.data,.rsrc,
55 8B EC 6A FF 68 C8 26 41 00 68 D8 AB 40 00 64
RsRavMon
[A ] 6. c:\program files\rising\rav\ravmond.exe
Beijing Rising Technology Co., Ltd.
RavMond
.text,.rdata,.data,.rsrc,
55 8B EC 6A FF 68 F8 D7 42 00 68 C4 E4 41 00 64
+ Kernel Drivers
+ HKLM\System\CurrentControlSet\Services
BaseTDI
[A ] 7. c:\windows\system32\drivers\basetdi.sys
Beijing Rising Technology Co., Ltd.
basetdi
.text,.rdata,.data,INIT,.rsrc,.reloc,
55 8B EC 83 EC 14 53 56 57 E8 13 04 00 00 8B 35
cmuda
[A ] 8. c:\windows\system32\drivers\cmuda.sys
C-Media Inc
C-Media Audio WDM Driver
.text,_LTEXT,_PTEXT,.data,.data1,_LDATA,_PDATA,PAGE,INIT,.rsrc,.reloc,
56 8B 74 24 08 57 68 D2 44 0B 00 FF 74 24 14 56
ExpScaner
[A ] 9. c:\program files\rising\rav\expscan.sys
ExpScan.sys
.text,.rdata,.data,INIT,.rsrc,.reloc,
55 8B EC 51 68 88 38 02 00 FF 15 70 1F 01 00 83
HookCont
[A ] 10. c:\program files\rising\rav\hookcont.sys
Rising
HookCont
.text,.rdata,.data,INIT,.rsrc,.reloc,
55 8B EC 83 EC 14 53 56 57 68 70 20 00 00 E8 F7
HookReg
[A ] 11. c:\program files\rising\rav\hookreg.sys
.text,.rdata,.data,INIT,.rsrc,.reloc,
55 8B EC 83 EC 64 56 57 C7 45 AC 00 00 00 00 B9
HookSys
[A ] 12. c:\program files\rising\rav\hooksys.sys
Rising
Hooksys
.text,.rdata,.data,INIT,.rsrc,.reloc,
55 8B EC 83 EC 14 53 56 57 E8 8A 08 00 00 68 FC
HookUrl
[A ] 13. c:\program files\rising\rfw\hookurl.sys
Beijing Rising Technology Co., Ltd.
HookUrl
.text,.rdata,.data,INIT,.rsrc,.reloc,
55 8B EC 83 EC 10 53 56 8B 75 08 57 6A 1B B8 8C
MEMSCAN
[A ] 14. c:\program files\rising\rav\memscan.sys
瑞星软件有限公司
MemScan Driver
.text,.rdata,.data,INIT,.rsrc,.reloc,
55 8B EC 83 EC 14 56 8B 35 DC 0C 01 00 57 8D 45
mProcRs
[A ] 15. c:\program files\rising\rfw\mprocrs.sys
Beijing Rising Technology Co., Ltd.
Rising Personal FireWall mprocrs.sys
.text,.rdata,.data,INIT,.rsrc,.reloc,
55 8B EC 83 EC 10 56 57 E8 29 02 00 00 85 C0 75
New0
[A ] 16. c:\windows\system32\new.sys
.text,.rdata,INIT,.reloc,
55 8B EC 83 EC 1C 68 60 02 01 00 E8 68 01 00 00
NPF
[A ] 17. c:\windows\system32\drivers\npf.sys
Politecnico di Torino
NPF Driver - TME extensions
.text,.rdata,.data,INIT,.rsrc,.reloc,
55 8D 6C 24 90 81 EC 84 00 00 00 53 56 33 DB 57
npkcrypt
[A ] 18. c:\program files\tencent\qq\npkcrypt.sys
INCA Internet Co., Ltd.
nProtect KeyCrypt Driver
.text,.rdata,.data,INIT,.rsrc,.reloc,
51 53 56 E8 6F 2C 00 00 A3 28 46 01 00 E8 EC 2B
RsAntiSpyware
[A ] 19. c:\windows\system32\drivers\rsboot.sys
Beijing Rising Technology Co., Ltd.
Anti-RootKit Driver
.text,.rdata,.data,INIT,.rsrc,.reloc,
55 8B EC 83 EC 20 53 56 33 F6 57 89 75 F4 60 8D
RsFwDrv
[A ] 20. c:\program files\rising\rfw\rsfwdrv.sys
Beijing Rising Technology Co., Ltd.
nt_fwdrv
.text,.rdata,.data,INIT,.rsrc,.reloc,
55 8B EC 83 EC 14 53 56 57 E8 74 CA FF FF 84 C0
RsNTGDI
[A ] 21. c:\windows\system32\drivers\rsntgdi.sys
Beijing Rising Technology Co., Ltd.
RsNTGDI
.text,.rdata,INIT,.rsrc,.reloc,
55 8B EC 83 EC 10 56 8B 75 08 57 8B 3D 58 05 01

fatang - 2007-7-7 1:43:00

RSPPSYS
[A ] 22. c:\program files\rising\rav\rsppsys.sys
Rising
RSPPSYS.SYS
.text,.rdata,.data,INIT,.rsrc,.reloc,
55 8B EC 83 EC 14 53 6A 5C E8 EE FB FF FF 33 DB
Secdrv
[A ] 23. c:\windows\system32\drivers\secdrv.sys
.text,.data,INIT,.reloc,
55 8B EC 83 EC 10 53 56 57 E8 E4 A3 FF FF 89 45
sisagp
[A ] 24. c:\windows\system32\drivers\sisagpx.sys
Silicon Integrated Systems Corporation
SiS AGPv3.5 Filter
.text,.rdata,.data,PAGE,INIT,.rsrc,.reloc,
55 8B EC 83 EC 28 53 8B 5D 0C 66 8B 03 66 05 02
SiSkp
[A ] 25. c:\windows\system32\drivers\srvkp.sys
Silicon Integrated Systems Corporation
SiS VGA Driver Manager
.text,.rdata,.data,INIT,.rsrc,.reloc,
A1 10 24 01 00 85 C0 B9 4E E6 40 BB 74 04 3B C1
SNPSTD3
[A ] 26. c:\windows\system32\drivers\snpstd3.sys
PC Camera driver
.text,.rdata,.data,INIT,.rsrc,.reloc,
55 8B EC 83 EC 3C 57 6A 0F 59 33 C0 6A 3C 8D 7D
+ Internet Explorer
+ HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects
{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}
[AM] 27. c:\program files\adobe\acrobat 7.0\activex\acroiehelper.dll
Adobe Systems Incorporated
Adobe Acrobat IE Helper Version 7.0 for ActiveX
.text,.rdata,.data,.rsrc,.reloc,
6A 0C 68 08 89 00 10 E8 62 FC FF FF 33 C0 40 89
{889D2FEB-5411-4565-8998-1DD2C5261283}
[AM] 28. c:\program files\thunder network\thunder\comdlls\xunleibho_now.dll
Thunder Networking Technologies,LTD
XunLeiBHO
.text,.rdata,.data,.rsrc,.reloc,
6A 0C 68 B8 FD 00 10 E8 92 F4 FF FF 33 C0 40 89
+ HKLM\SOFTWARE\Microsoft\Internet Explorer\Extensions
Exec
[A ] 29. c:\program files\thunder network\thunder\thunder.exe
Thunder Networking Technologies,LTD
.text,.rdata,.data,.rsrc,
55 8B EC 6A FF 68 F8 36 40 00 68 70 29 40 00 64
Script
[A ] 30. c:\windows\web\related.htm
+ Explorer
+ HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved
RISING
[A ] 31. c:\windows\system32\ravext.dll
Beijing Rising Technology Co., Ltd.
Rising Shell Ext Module
.text,.rdata,.data,.rsrc,.reloc,
55 8B EC 53 8B 5D 08 56 8B 75 0C 57 8B 7D 10 85
ScriptDropShellExt
[A ] 32. c:\program files\acd systems\roboenhancer\scriptdropshellext.dll
RoboEnhancer ScriptDropShellExt Module
.text,.rdata,.data,.rsrc,.reloc,
55 8B EC 53 8B 5D 08 56 8B 75 0C 57 8B 7D 10 85
WinRAR shell extension
[A ] 33. c:\program files\winrar\rarext.dll
.text,.data,.tls,.idata,.edata,.rsrc,.reloc,
+ Logon
+ HKLM\Software\Microsoft\Windows\CurrentVersion\Run
RavTask
[A ] 34. c:\program files\rising\rav\ravtask.exe
Beijing Rising Technology Co., Ltd.
RavTimer
.text,.rdata,.data,.rsrc,
55 8B EC 6A FF 68 50 E3 40 00 68 D4 90 40 00 64
RfwMain
[A ] 35. c:\program files\rising\rfw\rfwmain.exe
Beijing Rising Technology Co., Ltd.
Rising Personal FireWall Main Program
.text,.rdata,.data,.rsrc,
55 8B EC 6A FF 68 38 EB 41 00 68 20 B0 41 00 64
runeip
[AM] 36. c:\program files\rising\antispyware\runiep.exe
Beijing Rising Technology Co., Ltd.
Rising AntiSpyware Monitor
.text,.rdata,.data,.rsrc,
55 8B EC 6A FF 68 E0 6B 40 00 68 40 52 40 00 64
+ HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce
RavStub
[AM] 37. c:\program files\rising\rav\ravstub.exe
Beijing Rising Technology Co., Ltd.
Rising RavStub
.text,.rdata,.data,.rsrc,
55 8B EC 6A FF 68 98 F4 40 00 68 20 6D 40 00 64
KKDelay
[A ] 38. c:\program files\rising\antispyware\runonce.exe
Beijing Rising Technology Co., Ltd.
RunOnce Application
.text,.rdata,.data,.rsrc,
6A 60 68 18 51 40 00 E8 7F 0D 00 00 BF 94 00 00
+ Boot Execute
+ HKLM\SYSTEM\CurrentControlSet\Control\NetworkProvider\Order
BootExecute
[A ] 39. c:\windows\system32\bsmain.exe
Beijing Rising Technology Co., Ltd.
BootScan
.text,.data,.rsrc,.reloc,
55 8B EC 6A FF 68 F0 27 00 01 68 74 9E 00 01 64
[A ] 40. c:\windows\system32\kknative.exe
Beijing Rising Technology Co., Ltd.
NativeAp
.text,.data,.rsrc,.reloc,
68 00 00 00 01 E8 91 F1 FF FF 6A 00 E8 A0 FF FF
+ Image Hijacks
+ HKCR\.html
htmlfile\Edit\Command
[A ] 41. c:\program files\microsoft office\office\msohtmed.exe
Microsoft Corporation
Microsoft Office 2000 component
.text,.data,.idata,.rsrc,
E9 BF 10 00 00 E9 CA 44 00 00 E9 2F 23 00 00 E9
htmlfile\Print\Command
[A ] 41. c:\program files\microsoft office\office\msohtmed.exe
Microsoft Corporation
Microsoft Office 2000 component
.text,.data,.idata,.rsrc,
E9 BF 10 00 00 E9 CA 44 00 00 E9 2F 23 00 00 E9
+ HKCR\.htm
htmlfile\Edit\Command
[A ] 41. c:\program files\microsoft office\office\msohtmed.exe
Microsoft Corporation
Microsoft Office 2000 component
.text,.data,.idata,.rsrc,
E9 BF 10 00 00 E9 CA 44 00 00 E9 2F 23 00 00 E9
htmlfile\Print\Command
[A ] 41. c:\program files\microsoft office\office\msohtmed.exe
Microsoft Corporation
Microsoft Office 2000 component
.text,.data,.idata,.rsrc,
E9 BF 10 00 00 E9 CA 44 00 00 E9 2F 23 00 00 E9
+ HKCR\.mp3
Audio.MP3\open\Command
[A ] 42. c:\program files\ttplayer\ttplayer.exe
Alen Soft
千千静听
.text,.rdata,.data,.rsrc,
55 8B EC 6A FF 68 60 EA 4A 00 68 C0 6D 4A 00 64
Audio.MP3\PlayList\Command
[A ] 42. c:\program files\ttplayer\ttplayer.exe
Alen Soft
千千静听
.text,.rdata,.data,.rsrc,
55 8B EC 6A FF 68 60 EA 4A 00 68 C0 6D 4A 00 64
+ 其他自启动项目
+ c:\autorun.inf
open
[A ] 43. c:\auto.exe
Microsoft Corporation
|8?0,|8?1,|8?2,
shellexecute
[A ] 43. c:\auto.exe
Microsoft Corporation
|8?0,|8?1,|8?2,
shell\Auto\command
[A ] 43. c:\auto.exe
Microsoft Corporation
|8?0,|8?1,|8?2,
+ d:\autorun.inf
open
[A ] 44. d:\auto.exe
Microsoft Corporation
|8?0,|8?1,|8?2,
shellexecute
[A ] 44. d:\auto.exe
Microsoft Corporation
|8?0,|8?1,|8?2,
shell\Auto\command
[A ] 44. d:\auto.exe
Microsoft Corporation
|8?0,|8?1,|8?2,
+ e:\autorun.inf
open
[A ] 45. e:\auto.exe
Microsoft Corporation
|8?0,|8?1,|8?2,
shellexecute
[A ] 45. e:\auto.exe
Microsoft Corporation
|8?0,|8?1,|8?2,
shell\Auto\command
[A ] 45. e:\auto.exe
Microsoft Corporation
|8?0,|8?1,|8?2,
+ f:\autorun.inf
open
[A ] 46. f:\auto.exe
Microsoft Corporation
|8?0,|8?1,|8?2,
shellexecute
[A ] 46. f:\auto.exe
Microsoft Corporation
|8?0,|8?1,|8?2,
shell\Auto\command
[A ] 46. f:\auto.exe
Microsoft Corporation
|8?0,|8?1,|8?2,
+ g:\autorun.inf
open
[A ] 47. g:\auto.exe
Microsoft Corporation
|8?0,|8?1,|8?2,
shellexecute
[A ] 47. g:\auto.exe
Microsoft Corporation
|8?0,|8?1,|8?2,
shell\Auto\command
[A ] 47. g:\auto.exe
Microsoft Corporation
|8?0,|8?1,|8?2,
+ h:\autorun.inf
open
[A ] 48. h:\auto.exe
Microsoft Corporation
|8?0,|8?1,|8?2,
shellexecute
[A ] 48. h:\auto.exe
Microsoft Corporation
|8?0,|8?1,|8?2,
shell\Auto\command
[A ] 48. h:\auto.exe
Microsoft Corporation
|8?0,|8?1,|8?2,

fatang - 2007-7-7 1:44:00

+ 系统活动模块
+ 000001c8(456) smss.exe
+ 00000200(512) wuauclt.exe
+ 0000021c(540) csrss.exe
10000000[00012000]
[ M] 49. c:\windows\system32\666f796b.dll
Microsoft Corporation
??0,??1,??2,
+ 00000234(564) winlogon.exe
72C80000[00008000]
[ M] 50. c:\windows\system32\msacm32.drv
Microsoft Corporation
Microsoft Sound Mapper
.text,.data,.rsrc,.reloc,
8B 44 24 08 83 E8 00 74 30 48 75 3A 56 8B 74 24
00DC0000[00012000]
[ M] 49. c:\windows\system32\666f796b.dll
Microsoft Corporation
??0,??1,??2,
+ 00000260(608) services.exe
10000000[00012000]
[ M] 49. c:\windows\system32\666f796b.dll
Microsoft Corporation
??0,??1,??2,
+ 0000026c(620) lsass.exe
10000000[00012000]
[ M] 49. c:\windows\system32\666f796b.dll
Microsoft Corporation
??0,??1,??2,
+ 00000310(784) svchost.exe
00BD0000[00012000]
[ M] 49. c:\windows\system32\666f796b.dll
Microsoft Corporation
??0,??1,??2,
+ 00000330(816) svchost.exe
00900000[00012000]
[ M] 49. c:\windows\system32\666f796b.dll
Microsoft Corporation
??0,??1,??2,
+ 00000384(900) svchost.exe
017E0000[00012000]
[ M] 49. c:\windows\system32\666f796b.dll
Microsoft Corporation
??0,??1,??2,
+ 000003b0(944) svchost.exe
10000000[00012000]
[ M] 49. c:\windows\system32\666f796b.dll
Microsoft Corporation
??0,??1,??2,
+ 000003f0(1008) svchost.exe
00600000[00012000]
[ M] 49. c:\windows\system32\666f796b.dll
Microsoft Corporation
??0,??1,??2,
+ 00000544(1348) Explorer.EXE
01560000[0001B000]
[ M] 51. c:\program files\rising\antispyware\ieprot.dll
Beijing Rising Technology Co., Ltd.
IE Protector
.text,.rdata,.data,.rsrc,.reloc,
6A 0C 68 00 CD 26 01 E8 BD 02 00 00 33 C0 40 89
01610000[00012000]
[ M] 49. c:\windows\system32\666f796b.dll
Microsoft Corporation
??0,??1,??2,
72C80000[00008000]
[ M] 50. c:\windows\system32\msacm32.drv
Microsoft Corporation
Microsoft Sound Mapper
.text,.data,.rsrc,.reloc,
8B 44 24 08 83 E8 00 74 30 48 75 3A 56 8B 74 24
02600000[0000E000]
[AM] 27. c:\program files\adobe\acrobat 7.0\activex\acroiehelper.dll
Adobe Systems Incorporated
Adobe Acrobat IE Helper Version 7.0 for ActiveX
.text,.rdata,.data,.rsrc,.reloc,
6A 0C 68 08 89 00 10 E8 62 FC FF FF 33 C0 40 89
7C340000[00056000]
[ M] 52. c:\windows\system32\msvcr71.dll
Microsoft Corporation
Microsoft? C Runtime Library
.text,.rdata,.data,.rsrc,.reloc,
55 8B EC 8B 45 0C 83 F8 01 56 57 0F 84 50 FB FF
23700000[0001A000]
[ M] 53. c:\program files\rising\rav\rscommon.dll
Beijing Rising Technology Co., Ltd.
Rising Common Function Dynamic Link Library
.text,.rdata,.data,.rsrc,.reloc,
55 8B EC 53 8B 5D 08 56 8B 75 0C 57 8B 7D 10 85
02290000[00019000]
[AM] 28. c:\program files\thunder network\thunder\comdlls\xunleibho_now.dll
Thunder Networking Technologies,LTD
XunLeiBHO
.text,.rdata,.data,.rsrc,.reloc,
6A 0C 68 B8 FD 00 10 E8 92 F4 FF FF 33 C0 40 89
222B0000[00009000]
[ M] 54. c:\program files\thunder network\thunder\components\resworker\dsbho_00.dll
DsBho
.text,.rdata,.data,.rsrc,.reloc,
55 8B EC 53 8B 5D 08 56 8B 75 0C 57 8B 7D 10 85
22280000[0000C000]
[ M] 55. c:\program files\thunder network\thunder\components\resworker\dataprocessor_00.dll
Thunder Networking Technologies,LTD
DataProcessor
.text,.rdata,.data,.rsrc,.reloc,
55 8B EC 53 8B 5D 08 56 8B 75 0C 57 8B 7D 10 85
+ 0000055c(1372) wscntfy.exe
00890000[0001B000]
[ M] 51. c:\program files\rising\antispyware\ieprot.dll
Beijing Rising Technology Co., Ltd.
IE Protector
.text,.rdata,.data,.rsrc,.reloc,
6A 0C 68 00 CD 26 01 E8 BD 02 00 00 33 C0 40 89
+ 000005d0(1488) spoolsv.exe
10000000[00012000]
[ M] 49. c:\windows\system32\666f796b.dll
Microsoft Corporation
??0,??1,??2,
+ 000005ec(1516) NOTEPAD.EXE
10000000[0001B000]
[ M] 51. c:\program files\rising\antispyware\ieprot.dll
Beijing Rising Technology Co., Ltd.
IE Protector
.text,.rdata,.data,.rsrc,.reloc,
6A 0C 68 00 CD 26 01 E8 BD 02 00 00 33 C0 40 89
+ 00000628(1576) RavStub.exe
00400000[00018000]
[AM] 37. c:\program files\rising\rav\ravstub.exe
Beijing Rising Technology Co., Ltd.
Rising RavStub
.text,.rdata,.data,.rsrc,
55 8B EC 6A FF 68 98 F4 40 00 68 20 6D 40 00 64
10000000[0001B000]
[ M] 56. c:\program files\rising\rav\rscommx.dll
rising
RsCommX
.text,.rdata,.data,.rsrc,.reloc,
55 8B EC 53 8B 5D 08 56 8B 75 0C 57 8B 7D 10 85
23700000[0001A000]
[ M] 53. c:\program files\rising\rav\rscommon.dll
Beijing Rising Technology Co., Ltd.
Rising Common Function Dynamic Link Library
.text,.rdata,.data,.rsrc,.reloc,
55 8B EC 53 8B 5D 08 56 8B 75 0C 57 8B 7D 10 85
00A60000[00012000]
[ M] 49. c:\windows\system32\666f796b.dll
Microsoft Corporation
??0,??1,??2,
+ 00000734(1844) runiep.exe
00400000[00012000]
[AM] 36. c:\program files\rising\antispyware\runiep.exe
Beijing Rising Technology Co., Ltd.
Rising AntiSpyware Monitor
.text,.rdata,.data,.rsrc,
55 8B EC 6A FF 68 E0 6B 40 00 68 40 52 40 00 64
00C20000[0001B000]
[ M] 51. c:\program files\rising\antispyware\ieprot.dll
Beijing Rising Technology Co., Ltd.
IE Protector
.text,.rdata,.data,.rsrc,.reloc,
6A 0C 68 00 CD 26 01 E8 BD 02 00 00 33 C0 40 89
10000000[00012000]
[ M] 49. c:\windows\system32\666f796b.dll
Microsoft Corporation
??0,??1,??2,
+ 000007e0(2016) svchost.exe
10000000[00012000]
[ M] 49. c:\windows\system32\666f796b.dll
Microsoft Corporation
??0,??1,??2,
+ 00000af8(2808) iexplore.exe
10000000[0000E000]
[AM] 27. c:\program files\adobe\acrobat 7.0\activex\acroiehelper.dll
Adobe Systems Incorporated
Adobe Acrobat IE Helper Version 7.0 for ActiveX
.text,.rdata,.data,.rsrc,.reloc,
6A 0C 68 08 89 00 10 E8 62 FC FF FF 33 C0 40 89
7C340000[00056000]
[ M] 52. c:\windows\system32\msvcr71.dll
Microsoft Corporation
Microsoft? C Runtime Library
.text,.rdata,.data,.rsrc,.reloc,
55 8B EC 8B 45 0C 83 F8 01 56 57 0F 84 50 FB FF
00F40000[00019000]
[AM] 28. c:\program files\thunder network\thunder\comdlls\xunleibho_now.dll
Thunder Networking Technologies,LTD
XunLeiBHO
.text,.rdata,.data,.rsrc,.reloc,
6A 0C 68 B8 FD 00 10 E8 92 F4 FF FF 33 C0 40 89
222B0000[00009000]
[ M] 54. c:\program files\thunder network\thunder\components\resworker\dsbho_00.dll
DsBho
.text,.rdata,.data,.rsrc,.reloc,
55 8B EC 53 8B 5D 08 56 8B 75 0C 57 8B 7D 10 85
22280000[0000C000]
[ M] 55. c:\program files\thunder network\thunder\components\resworker\dataprocessor_00.dll
Thunder Networking Technologies,LTD
DataProcessor
.text,.rdata,.data,.rsrc,.reloc,
55 8B EC 53 8B 5D 08 56 8B 75 0C 57 8B 7D 10 85
011C0000[0001B000]
[ M] 51. c:\program files\rising\antispyware\ieprot.dll
Beijing Rising Technology Co., Ltd.
IE Protector
.text,.rdata,.data,.rsrc,.reloc,
6A 0C 68 00 CD 26 01 E8 BD 02 00 00 33 C0 40 89
02A70000[00019000]
[ M] 57. c:\program files\rising\rav\ravscrch.dll
Beijing Rising Technology Co., Ltd.
RavScrCh Module
.text,.rdata,.data,.rsrc,.reloc,
55 8B EC 53 8B 5D 08 56 8B 75 0C 57 8B 7D 10 85
30000000[002EF000]
[ M] 58. c:\windows\system32\macromed\flash\flash9c.ocx
Adobe Systems, Inc.
Adobe Flash Player 9.0 r45
.text,.rdata,.data,.rsrc,.reloc,
6A 0C 68 C8 C9 1C 30 E8 67 EB FF FF 33 C0 40 89
72C80000[00008000]
[ M] 50. c:\windows\system32\msacm32.drv
Microsoft Corporation
Microsoft Sound Mapper
.text,.data,.rsrc,.reloc,
8B 44 24 08 83 E8 00 74 30 48 75 3A 56 8B 74 24
73900000[0002D000]
[ M] 59. c:\windows\system32\jpwb.ime
常诚研制
极品五笔输入法版本6.6
.text,.data,.sgroup,.ShareDa,.rsrc,.reloc,
55 8B EC 83 EC 30 8B 45 0C 53 56 57 33 FF 2B C7
+ 00000ce8(3304) Ras.exe
00400000[0013D000]
[ M] 60. c:\program files\rising\antispyware\ras.exe
Beijing Rising Technology Co., Ltd.
Rising AntiSpyware
.text,.rdata,.data,.rsrc,
55 8B EC 6A FF 68 90 3A 4C 00 68 70 B7 4A 00 64
10000000[000A0000]
[ M] 61. c:\program files\rising\antispyware\rasgui.dll
Beijing Rising Technology Co., Ltd.
RasGUI
.text,.rdata,.data,.rsrc,.reloc,
55 8B EC 53 8B 5D 08 56 8B 75 0C 57 8B 7D 10 85
01260000[0001B000]
[ M] 51. c:\program files\rising\antispyware\ieprot.dll
Beijing Rising Technology Co., Ltd.
IE Protector
.text,.rdata,.data,.rsrc,.reloc,
6A 0C 68 00 CD 26 01 E8 BD 02 00 00 33 C0 40 89
+ 00000d78(3448) ctfmon.exe
10000000[0001B000]
[ M] 51. c:\program files\rising\antispyware\ieprot.dll
Beijing Rising Technology Co., Ltd.
IE Protector
.text,.rdata,.data,.rsrc,.reloc,
6A 0C 68 00 CD 26 01 E8 BD 02 00 00 33 C0 40 89

旅者 - 2007-7-7 8:18:00

没用，我试了好多办法都弄不掉，这个病毒一开机就自动联网下载病毒。导致机子病毒越来越多。好像是叫“木马下载器”病毒吧。

勇者¤斗恶龙 - 2007-7-7 11:42:00

先把网线拔了

newcenturymoon - 2007-7-7 11:46:00

下载 System Repair Engineer，
http://www.kztechs.com/sreng/download.html
1 解压缩sreng2.zip
2 把SREngPS.EXE改名为111.com运行
3 智能扫描=》扫描=》保存报告
4 把日志以自己Q号为名传共享

八戒归来 - 2007-7-7 11:51:00

1.下个AVG。安装了。
2.安全模式下，删掉AUTO文件，包括一个叫autorun.inf的，好象是这个。删不掉的话用工具删。通常会自动创建。
3.在各个盘建两空白文件夹。一个叫auto.exe 一个叫autorun.inf.
把他们改为只读，隐藏。
4.用AVG杀木马。
5.杀毒

八戒归来 - 2007-7-7 11:53:00

这方法只能治标，不能治本。
好象有些木马隐藏的好厉害，查不出来。
但至少，暂时不会发作。

haohe的fans - 2007-7-7 13:40:00

========Content========
http://www.kztechs.com/sreng/download.html 下载System Repair Engineer
1 解压缩sreng2.zip
2 运行SREng.exe
3 智能扫描=》扫描=》保存报告
4 把日志中的报告完整拷贝贴上来，不要修改（一次发不完请分次发上来）
5 扫日志的时候尽量把不必要的软件关闭如QQ TM等

fatang - 2007-7-7 18:11:00

【回复“haohe的fans”的帖子】
高手，按你说的做了，请指点
[CODE]

2007-07-07,17:53:04

System Repair Engineer 2.5.16.900
Smallfrogs (http://www.KZTechs.com)

Windows XP Professional Service Pack 2, v.2096 (Build 2600) - 管理权限用户 - 完整功能

以下内容被选中：
所有的启动项目（包括注册表、启动文件夹、服务等）
浏览器加载项
正在运行的进程（包括进程模块信息）
文件关联
Winsock 提供者
Autorun.inf
HOSTS 文件
进程特权扫描

启动项目
注册表
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
<ctfmon.exe><C:\WINDOWS\system32\ctfmon.exe> [(Verified)Microsoft Windows Publisher]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
<RavTask><"C:\Program Files\rising\Rav\RavTask.exe" -system> [Beijing Rising Technology Co., Ltd.]
<RfwMain><"C:\Program Files\Rising\Rfw\rfwmain.exe" -Startup> [Beijing Rising Technology Co., Ltd.]
<runeip><"C:\Program Files\Rising\AntiSpyware\runiep.exe" /startup> [Beijing Rising Technology Co., Ltd.]
<WinForm><C:\WINDOWS\WinForm.exe> []
<Microsoft Autorun7><C:\WINDOWS\system32\nwizqjsj.exe> []
<AVPSrv><C:\WINDOWS\AVPSrv.exe> []
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\RunOnce]
<RavStub><"C:\Program Files\rising\Rav\ravstub.exe" /RUNONCE> [Beijing Rising Technology Co., Ltd.]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
<shell><Explorer.exe> [(Verified)Microsoft Windows Publisher]
<Userinit><userinit.exe,> [(Verified)Microsoft Windows Publisher]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Windows]
<AppInit_DLLs><> [N/A]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
<UIHost><logonui.exe> [(Verified)Microsoft Windows Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\>{26923b43-4d38-484f-9b9e-de460746276c}]
<Internet Explorer><%systemroot%\system32\shmgrate.exe OCInstallUserConfigIE> [N/A]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\>{881dd1c5-3dcf-431b-b061-f3f88e8be88a}]
<Outlook Express><%systemroot%\system32\shmgrate.exe OCInstallUserConfigOE> [N/A]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{2C7339CF-2B09-4501-B3F3-F3508C9228ED}]
<Themes Setup><%SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll> [N/A]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{44BBA840-CC51-11CF-AAFA-00AA00B6015C}]
<Microsoft Outlook Express 6><"%ProgramFiles%\Outlook Express\setup50.exe" /APP:OE /CALLER:WINNT /user /install> [N/A]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{44BBA842-CC51-11CF-AAFA-00AA00B6015B}]
<NetMeeting 3.01><rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msnetmtg.inf,NetMtg.Install.PerUser.NT> [(Verified)Microsoft Windows Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{5945c046-1e7d-11d1-bc44-00c04fd912be}]
<Windows Messenger 4.7><rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msmsgs.inf,BLC.QuietInstall.PerUser> [(Verified)Microsoft Windows Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{6BF52A52-394A-11d3-B153-00C04F79FAA6}]
<Microsoft Windows Media Player><rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\wmp.inf,PerUserStub> [(Verified)Microsoft Windows Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{7790769C-0471-11d2-AF11-00C04FA35D02}]
<通讯簿 6><"%ProgramFiles%\Outlook Express\setup50.exe" /APP:WAB /CALLER:WINNT /user /install> [N/A]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{81716107-A10D-11cf-64CD-11115FE1CF41}]
<N/A><C:\WINDOWS\system32\nwizzhuxians.exe> []
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
<Cmaudio><; RunDll32 cmicnfg.cpl,CMICtrlWnd> [N/A]
<cmdbcs><; > [N/A]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
<ctfmon.exe><; C:\WINDOWS\system32\ctfmon.exe> [(Verified)Microsoft Windows Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
<FixCamera><; C:\WINDOWS\FixCamera.exe> []
<IMJPMIG8.1><; "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32> [(Verified)Microsoft Windows Publisher]
<KuGoo3><; C:\PROGRA~1\KUGOO2~1\KUGOO.EXE> []
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
<Load><; > [N/A]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
<Microsoft Autorun1><; > [N/A]
<Microsoft Autorun10><; > [N/A]
<Microsoft Autorun11><; > [N/A]
<Microsoft Autorun14><; > [N/A]
<Microsoft Autorun5><; > [N/A]
<Microsoft Autorun7><; > [N/A]
<MsIMMs32><; > [N/A]
<PHIME2002A><; C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName> [(Verified)Microsoft Windows Publisher]
<PHIME2002ASync><; C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC> [(Verified)Microsoft Windows Publisher]
<SiSPower><; Rundll32.exe SiSPower.dll,ModeAgent> [Silicon Integrated Systems Corporation]
<snpstd3><; C:\WINDOWS\vsnpstd3.exe> []
<StormCodec_Helper><; "C:\Program Files\Ringz Studio\Storm Codec\StormSet.exe" /S /opti> []
<TIMHost><; > [N/A]
<tsnpstd3><; C:\WINDOWS\tsnpstd3.exe> []
<WinForm><; > [N/A]

fatang - 2007-7-7 18:12:00

启动文件夹
N/A

==================================
服务
[4ABE2F0A / 4ABE2F0A][Stopped/Auto Start]
<C:\WINDOWS\system32\27399081.EXE -k><Microsoft Corporation>
[Human Interface Device Access / HidServ][Stopped/Disabled]
<C:\WINDOWS\System32\svchost.exe -k netsvcs-->%SystemRoot%\System32\hidserv.dll><N/A>
[Rising Proxy Service / RfwProxySrv][Stopped/Manual Start]
<c:\program files\rising\rfw\rfwproxy.exe><Beijing Rising Technology Co., Ltd.>
[Rising Personal Firewall Service / RfwService][Running/Auto Start]
<c:\program files\rising\rfw\rfwsrv.exe><Beijing Rising Technology Co., Ltd.>
[Remote Packet Capture Protocol v.0 (experimental) / rpcapd][Stopped/Manual Start]
<"C:\Program Files\WinPcap\rpcapd.exe" -d -f "C:\Program Files\WinPcap\rpcapd.ini"><N/A>
[Rising Process Communication Center / RsCCenter][Running/Auto Start]
<"C:\Program Files\rising\rav\CCenter.exe"><Beijing Rising Technology Co., Ltd.>
[Rising RealTime Monitor / RsRavMon][Running/Auto Start]
<"C:\Program Files\rising\Rav\Ravmond.exe"><Beijing Rising Technology Co., Ltd.>

==================================
驱动程序
[Rising TDI Base Driver / BaseTDI][Running/Auto Start]
<System32\DRIVERS\BaseTDI.SYS><Beijing Rising Technology Co., Ltd.>
[C-Media WDM Audio Interface / cmuda][Running/Manual Start]
<system32\drivers\cmuda.sys><C-Media Inc>
[ExpScaner / ExpScaner][Running/Auto Start]
<\??\C:\Program Files\rising\Rav\ExpScan.sys><>
[HookCont / HookCont][Running/Auto Start]
<\??\C:\Program Files\rising\Rav\HOOKCONT.sys><Rising>
[HookReg / HookReg][Running/Auto Start]
<\??\C:\Program Files\rising\Rav\HookReg.sys><>
[HookSys / HookSys][Running/Auto Start]
<\??\C:\Program Files\rising\Rav\HookSys.sys><Rising>
[HookUrl / HookUrl][Running/Auto Start]
<\??\C:\Program Files\Rising\Rfw\HookUrl.sys><Beijing Rising Technology Co., Ltd.>
[MEMSCAN / MEMSCAN][Running/Auto Start]
<\??\C:\Program Files\rising\Rav\MEMSCAN.sys><瑞星软件有限公司>
[mProcRs / mProcRs][Running/Auto Start]
<\??\c:\program files\rising\rfw\mProcRs.sys><Beijing Rising Technology Co., Ltd.>
[New0 / New0][Running/Auto Start]
<\??\C:\WINDOWS\system32\new.sys><N/A>
[NetGroup Packet Filter Driver / NPF][Stopped/Manual Start]
<system32\drivers\npf.sys><Politecnico di Torino>
[npkcrypt / npkcrypt][Running/Auto Start]
<\??\C:\Program Files\Tencent\QQ\npkcrypt.sys><INCA Internet Co., Ltd.>
[Direct Parallel Link Driver / Ptilink][Running/Manual Start]
<system32\DRIVERS\ptilink.sys><Parallel Technologies, Inc.>
[RsAntiSpyware / RsAntiSpyware][Running/Boot Start]
<\SystemRoot\system32\drivers\RsBoot.sys><Beijing Rising Technology Co., Ltd.>
[RsFwDrv / RsFwDrv][Running/Auto Start]
<\??\C:\Program Files\Rising\Rfw\RsFwDrv.sys><Beijing Rising Technology Co., Ltd.>
[RsNTGDI / RsNTGDI][Running/Boot Start]
<\SystemRoot\system32\Drivers\RsNTGdi.sys><Beijing Rising Technology Co., Ltd.>
[RSPPSYS / RSPPSYS][Running/Auto Start]
<\??\C:\Program Files\rising\Rav\RSPPSYS.sys><Rising>
[Secdrv / Secdrv][Stopped/Manual Start]
<system32\DRIVERS\secdrv.sys><N/A>
[SiS315 / SiS315][Running/Manual Start]
<system32\DRIVERS\sisgrp.sys><Silicon Integrated Systems Corporation>
[SiS AGP Filter / sisagp][Running/Boot Start]
<\SystemRoot\system32\DRIVERS\SISAGPX.sys><Silicon Integrated Systems Corporation>
[SiSkp / SiSkp][Running/System Start]
<system32\DRIVERS\srvkp.sys><Silicon Integrated Systems Corporation>
[SiS PCI Fast Ethernet Adapter Driver / SISNIC][Running/Manual Start]
<system32\DRIVERS\sisnic.sys><SiS Corporation>
[USB PC Camera (SNPSTD3) / SNPSTD3][Stopped/Manual Start]
<system32\DRIVERS\snpstd3.sys><>
[SigmaTel USB-IrDA Dongle / STIrUsb][Stopped/Manual Start]
<system32\DRIVERS\irstusb.sys><SigmaTel, Inc.>
[World Standard Teletext Codec / WSTCODEC][Stopped/Manual Start]
<system32\DRIVERS\WSTCODEC.SYS><Microsoft Corporation>

==================================
浏览器加载项
[AcroIEHlprObj Class]
{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} <C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll, Adobe Systems Incorporated>
[Thunder Browser Helper]
{889D2FEB-5411-4565-8998-1DD2C5261283} <C:\Program Files\Thunder Network\Thunder\ComDlls\xunleiBHO_Now.dll, Thunder Networking Technologies,LTD>
[启动迅雷5]
{09BA8F6D-CB54-424B-839C-C2A6C8E6B436} <C:\Program Files\Thunder Network\Thunder\Thunder.exe, Thunder Networking Technologies,LTD>
[@shdoclc.dll,-866]
{c95fe080-8f5d-11d2-a20b-00aa003c157a} <, N/A>
[电台(&R)]
{8E718888-423F-11D2-876E-00A0C9082467} <C:\WINDOWS\system32\msdxm.ocx, Microsoft Corporation>
[Java Plug-in 1.4.1_03]
{8AD9C840-044E-11D1-B3E9-00805F499D93} <C:\Program Files\Java\j2re1.4.1_03\bin\npjpi141_03.dll, JavaSoft / Sun Microsystems, Inc.>
[AxSubmitControl Class]
{8D9E0B29-563C-4226-86C1-5FF2AE77E1D2} <C:\WINDOWS\DOWNLO~1\SUBMIT~1.DLL, >
[Java Plug-in 1.4.1_03]
{CAFEEFAC-0014-0001-0003-ABCDEFFEDCBA} <C:\Program Files\Java\j2re1.4.1_03\bin\npjpi141_03.dll, JavaSoft / Sun Microsystems, Inc.>
[Shockwave Flash Object]
{D27CDB6E-AE6D-11CF-96B8-444553540000} <C:\WINDOWS\system32\Macromed\Flash\Flash9c.ocx, Adobe Systems, Inc.>
[DUKCatchUrl]
{00000000-0000-4442-9D0E-672429F57A60} <G:\WebDokerGreen\WebDoker\WebHelp.dll, 厦门读客信息科技有限公司>
[ThunderAtOnce Class]
{01443AEC-0FD1-40FD-9C87-E93D1494C233} <C:\Program Files\Thunder Network\Thunder\ComDlls\TDAtOnce_Now.dll, Thunder Networking Technologies,LTD>
[AcroIEHlprObj Class]
{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} <C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll, Adobe Systems Incorporated>
[PeerDraw 类]
{10072CEC-8CC1-11D1-986E-00A0C955B42E} <C:\Program Files\Common Files\Microsoft Shared\VGX\vgx.dll, Microsoft Corporation>
[HTML Document]
{25336920-03F9-11CF-8FD0-00AA00686F13} <%SystemRoot%\system32\mshtml.dll, N/A>
[PGEdit Class]
{2BFAA61B-5C83-4865-8281-D8BDBF863061} <C:\Program Files\GnetSecCtrl\PG_ATL_Edit.dll, 银联网络支付集团有限公司>
[HHCtrl Object]
{41B23C28-488E-4E5C-ACE2-BB0BBABE99E8} <C:\WINDOWS\system32\hhctrl.ocx, Microsoft Corporation>
[Thunder Agent Class]
{485463B7-8FB2-4B3B-B29B-8B919B0EACCE} <C:\Program Files\Thunder Network\Thunder\ComDlls\ThunderAgent_Now.dll, Thunder Networking Technologies,LTD>
[QQBrowserHelperObject Class]
{54EBD53A-9BC1-480B-966A-843A333CA162} <C:\Program Files\Tencent\QQ\QQIEHelper.dll, 深圳市腾讯计算机系统有限公司>
[Shell Name Space]
{55136805-B2DE-11D1-B9F2-00A0C98BC547} <%SystemRoot%\system32\shdocvw.dll, N/A>
[WUWebControl Class]
{6414512B-B978-451D-A0D8-FCFDF33E833C} <C:\WINDOWS\system32\wuweb.dll, Microsoft Corporation>
[Windows Media Player]
{6BF52A52-394A-11D3-B153-00C04F79FAA6} <C:\WINDOWS\system32\wmp.dll, Microsoft Corporation>
[AxInputControl Class]
{73E4740C-08EB-4133-896B-8D0A7C9EE3CD} <C:\WINDOWS\DOWNLO~1\INPUTC~1.DLL, >
[PGFund Class]
{7738573A-D66D-4002-8500-3F7A0E12E105} <C:\Program Files\GnetSecCtrl\PGFundATL.dll, 银联网络支付集团有限公司>
[Microsoft Web 浏览器]
{8856F961-340A-11D0-A96B-00C04FD705A2} <C:\WINDOWS\system32\shdocvw.dll, Microsoft Corporation>
[Thunder Browser Helper]
{889D2FEB-5411-4565-8998-1DD2C5261283} <C:\Program Files\Thunder Network\Thunder\ComDlls\xunleiBHO_Now.dll, Thunder Networking Technologies,LTD>
[AxSubmitControl Class]
{8D9E0B29-563C-4226-86C1-5FF2AE77E1D2} <C:\WINDOWS\DOWNLO~1\SUBMIT~1.DLL, >
[Microsoft Scriptlet Component]
{AE24FDAE-03C6-11D1-8B76-0080C744F389} <C:\WINDOWS\system32\mshtml.dll, Microsoft Corporation>
[SearchAssistantOC]
{B45FF030-4447-11D2-85DE-00C04FA35C89} <%SystemRoot%\system32\shdocvw.dll, N/A>
[RDS.DataSpace]
{BD96C556-65A3-11D0-983A-00C04FC29E36} <C:\Program Files\Common Files\System\msadc\msadco.dll, Microsoft Corporation>
[Tencent Safety Online Base Module]
{C09B522F-8AED-4E21-A65C-DC1AB652BAEE} <C:\WINDOWS\system32\TSOBase\TSOBase.ocx, Tencent Corporation>
[VIDEO__X_MS_WMV Moniker Class]
{CD3AFA94-B84F-48F0-9393-7EDC34128127} <C:\WINDOWS\system32\wmp.dll, Microsoft Corporation>
[Shockwave Flash Object]
{D27CDB6E-AE6D-11CF-96B8-444553540000} <C:\WINDOWS\system32\Macromed\Flash\Flash9c.ocx, Adobe Systems, Inc.>
[Vod Class]
{EEDD6FF9-13DE-496B-9A1C-D78B3215E266} <C:\Program Files\Thunder Network\Thunder\Components\DownAndPlay\DapPlayer1.0.0.41.dll, XunLei>
[上传到QQ网络硬盘]
<C:\Program Files\Tencent\QQ\AddToNetDisk.htm, N/A>
[使用迅雷下载]
<C:\Program Files\Thunder Network\Thunder\Program\GetUrl.htm, N/A>
[使用迅雷下载全部链接]
<C:\Program Files\Thunder Network\Thunder\Program\GetAllUrl.htm, N/A>
[添加到QQ表情]
<C:\Program Files\Tencent\QQ\AddEmotion.htm, N/A>

Scamp⒉ - 2007-7-7 18:15:00

http://forum.ikaka.com/topic.asp?board=28&artid=8330695

fatang - 2007-7-7 18:20:00

【回复“fatang”的帖子】
http://forum.ikaka.com/topic.asp?board=28&artid=8330695

newcenturymoon - 2007-7-7 18:24:00

日志不全

瑞星卡卡安全论坛