杀完毒后所有文件被隐藏重装系统还是那样..是什么毒? bbs.ikaka.com

pooply - 2007-8-13 20:50:00

昨天杀完毒后.所有文件都被隐藏起来. 都看不到了.只有去掉隐藏受保护文件的操作系统文件(推荐)的钩后才能看到文件可是.文件属性是隐藏的. 不能改的.重装系统盘也还是没用
怎么办我电脑现在所有的文件都是隐藏的.那次杀完毒后在杀也没发现有病毒.
我中了什么病毒?

各位高手：
非常感谢您留心我这份系统诊断报告，小菜鸟十万火急等待您的帮助！
该诊断报告由360安全卫士提供 http://www.360safe.com
诊断时间: 2007-08-13 15:40:43
诊断平台: Microsoft Windows XP Service Pack 2
IE版本: Internet Explorer V6.0.2900.2180 Build:62900.2180
计算机物理内存:1023.23MB - 当前可用内存:682.65MB

100 - 未知 - Process: Photoshop.exe [Adobe Photoshop CS] - D:\Program Files\Adobe\Photoshop CS\Photoshop.exe
O3 - 未知 - Toolbar: (第三方IE工具栏) - [无效的CLSID:{710EB7A1-45ED-11D0-924A-0020AFC7AC4D}] - {710EB7A1-45ED-11D0-924A-0020AFC7AC4D} -
O9 - 未知 - Extra button: 微软(HKLM) - http://www.microsoft.com/china/index.htm

=======================================

100 - 安全 - Process: smss.exe [进程为会话管理子系统用以初始化系统变量，ms-dos驱动名称类似lpt1以及com，调用win32壳子系统和运行在windows登陆过程。] - C:\WINDOWS\System32\smss.exe
100 - 安全 - Process: csrss.exe [客户端服务子系统，用以控制windows图形相关子系统。] - C:\WINDOWS\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,3072,512 Windows=On SubSystemType=Windows ServerDll=base
100 - 安全 - Process: winlogon.exe [windows nt用户登陆程序。] - C:\WINDOWS\system32\winlogon.exe
100 - 安全 - Process: services.exe [用于管理windows服务系统进程。] - C:\WINDOWS\system32\services.exe
100 - 安全 - Process: lsass.exe [本地安全权限服务控制windows安全机制。] - C:\WINDOWS\system32\lsass.exe
100 - 安全 - Process: svchost.exe [service host process是一个标准的动态连接库主机处理服务。] - C:\WINDOWS\system32\svchost -k DcomLaunch
100 - 安全 - Process: svchost.exe [service host process是一个标准的动态连接库主机处理服务。] - C:\WINDOWS\system32\svchost -k rpcss
100 - 安全 - Process: svchost.exe [service host process是一个标准的动态连接库主机处理服务。] - C:\WINDOWS\System32\svchost.exe -k netsvcs
100 - 安全 - Process: svchost.exe [service host process是一个标准的动态连接库主机处理服务。] - C:\WINDOWS\system32\svchost.exe -k NetworkService
100 - 安全 - Process: svchost.exe [service host process是一个标准的动态连接库主机处理服务。] - C:\WINDOWS\system32\svchost.exe -k LocalService
100 - 安全 - Process: spoolsv.exe [windows打印任务控制程序，用以打印机就绪。] - C:\WINDOWS\system32\spoolsv.exe
100 - 安全 - Process: explorer.exe [windows program manager或者windows explorer用于控制windows图形shell，包括开始菜单、任务栏，桌面和文件管理。] - C:\WINDOWS\Explorer.EXE
100 - 安全 - Process: kavsvc.exe [卡巴斯基出品的反病毒相关程序。] -
100 - 安全 - Process: nvsvc32.exe [nvidia driver helper service在nvida显卡驱动中被安装。] - C:\WINDOWS\system32\nvsvc32.exe
100 - 安全 - Process: ctfmon.exe [office xp输入法图标。] - C:\WINDOWS\system32\ctfmon.exe
100 - 安全 - Process: 360tray.exe [360安全卫士实时监控程序。] - C:\Program Files\360safe\safemon\360tray.exe
100 - 安全 - Process: 360Safe.exe [360安全卫士相关程序。] - C:\Program Files\360safe\360safe.exe
100 - 安全 - Process: svchost.exe [service host process是一个标准的动态连接库主机处理服务。] - C:\WINDOWS\system32\svchost.exe -k imgsvc
R1 - 安全 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page=C:\WINDOWS\system32\blank.htm
R1 - 安全 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page=C:\WINDOWS\system32\blank.htm
O4 - 安全 - HKLM\..\Run: [NvCplDaemon] [是NVIDIA显示卡相关动态链接库文件。] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - 安全 - HKLM\..\Run: [360Safetray] [360safe实时保护功能模块。] C:\Program Files\360safe\safemon\360tray.exe
O4 - 安全 - HKCU\..\Run: [ctfmon.exe] [office xp输入法图标。] C:\WINDOWS\system32\ctfmon.exe
O4 - 安全 - Startup folder: [Adobe Gamma Loader.lnk] [adobe用于加载图形参数] C:\Documents and Settings\All Users\「开始」菜单\程序\启动\Adobe Gamma Loader.lnk
O8 - 安全 - Extra context menu item: 使用影音传送带下载 - C:\Program Files\Xi\NetTransport 2\NTAddLink.html
O8 - 安全 - Extra context menu item: 使用影音传送带下载全部链接 - C:\Program Files\Xi\NetTransport 2\NTAddList.html
O8 - 安全 - Extra context menu item: 导出到 Microsoft Office Excel(&X) - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O18 - 安全 - Protocol: OFFICE 相关 - {807553E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE11\MSOXMLMF.DLL
O23 - 安全 - Service: kavsvc [卡巴斯基反病毒软件] - "C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Personal\kavsvc.exe" - (running)
O23 - 安全 - Service: NVSvc [是NVIDIA显示卡相关程序。] - C:\WINDOWS\system32\nvsvc32.exe - (running)

=======================================

O31 - 未知 - SEApproved: {42071714-76d4-11d1-8b24-00a0c9068ff3} - deskpan.dll - - - - 0 -
O31 - 未知 - SEApproved: 无效的CLSID：Shell extensions for file compression - - - - - 0 -
O31 - 未知 - SEApproved: 无效的CLSID：加密上下文菜单 - - - - - 0 -
O31 - 未知 - SEApproved: {0DF44EAA-FF21-4412-828E-260A8728E7F1} - - - - - 0 -
O31 - 未知 - SEApproved: {00E7B358-F65B-4dcf-83DF-CD026B94BFD4} - - - - - 0 -
O31 - 未知 - SEApproved: {7A9D77BD-5403-11d2-8785-2E0420524153} - - - - - 0 -
O31 - 未知 - SEApproved: {B41DB860-8EE4-11D2-9906-E49FADC173CA} - C:\Program Files\WinRAR\rarext.dll - - - - 124416 - 1b089bd70767a1ca5419a24b581cc753
O31 - 未知 - SEApproved: {F0CB00CD-5A07-4D91-97F5-A8C92CDA93E4} - C:\Program Files\Real\RealPlayer\rpshell.dll - RealNetworks, Inc. - RealPlayer Shell Extensions - 1.0.1.2156 - 49198 - 9ac5a66c293fef3858f442589e4b33eb
O31 - 未知 - SEApproved: {1CDB2949-8F65-4355-8456-263E7C208A5D} - C:\WINDOWS\system32\nvshell.dll - - - 6.14.10.11010 - 466944 - 766bc8f56b557b44a0ce89e4c631831e
O31 - 未知 - SEApproved: {1E9B04FB-F9E5-4718-997B-B8DA88302A47} - C:\WINDOWS\system32\nvshell.dll - - - 6.14.10.11010 - 466944 - 766bc8f56b557b44a0ce89e4c631831e
O31 - 未知 - SEApproved: {1E9B04FB-F9E5-4718-997B-B8DA88302A48} - C:\WINDOWS\system32\nvshell.dll - - - 6.14.10.11010 - 466944 - 766bc8f56b557b44a0ce89e4c631831e
O31 - 未知 - Directory Menu: {B41DB860-8EE4-11D2-9906-E49FADC173CA} - C:\Program Files\WinRAR\rarext.dll - - - - 124416 - 1b089bd70767a1ca5419a24b581cc753
O31 - 未知 - LSA: Security Packages - sv1_0.dll - - - - 0 -
O31 - 未知 - LSA: Security Packages - channel.dll - - - - 0 -

=======================================

O40 - Explorer.EXE - - C:\WINDOWS\system32\nvshell.dll - - 766bc8f56b557b44a0ce89e4c631831e

=======================================

[用户系统信息]Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; TencentTraveler )

pooply - 2007-8-13 20:51:00

O41 - Kl1 - Kaspersky Anti-Hacker Only Driver - C:\WINDOWS\system32\drivers\kl1.sys - (running) - Kaspersky Anti-Hacker Only Driver - Kaspersky Lab - 94b73d5dcb3198728394d0292a2f5bc6
O41 - Klif - spuper-ptor - C:\WINDOWS\system32\drivers\klif.sys - (running) - spuper-ptor - Kaspersky Labs - ac5fcf69b95dde2daa36698a6a0e1f2d
O41 - Klmc - Kaspersky Anti-Virus Mail Checker Proxy - C:\WINDOWS\system32\drivers\klmc.sys - (running) - Kaspersky Anti-Virus Mail Checker Proxy - Kaspersky Lab - 5a23435829f8724a0e196693d6149edd
O41 - a320raid - Adaptec HostRAID for Ultra320 SCSI - C:\WINDOWS\system32\drivers\a320raid.sys - (not running) - Adaptec HostRAID for Ultra320 SCSI - Adaptec, Inc. - 0532434d53314ee8858b7bfdbe761837
O41 - AAC - Adaptec RAID Miniport Driver - C:\WINDOWS\system32\drivers\aac.sys - (not running) - Adaptec RAID Miniport Driver - Adaptec, Inc. - f9ee3c7a185d121b145164cb10c057a7

pooply - 2007-8-13 20:52:00

O41 - aar1210 - Adaptec HostRAID for Serial ATA - C:\WINDOWS\system32\drivers\aar1210.sys - (not running) - Adaptec HostRAID for Serial ATA - Adaptec, Inc. - 316945ebc9398f222a6fff3d04d41fcb
O41 - aec6210 - aec6210 - C:\WINDOWS\system32\drivers\AEC6210.sys - (not running) - - ACARD Technology Corp. - 38e6c035e89fb8b079301e71b2523f3d
O41 - aec6260 - ID=0006, 0007 - C:\WINDOWS\system32\drivers\AEC6260.sys - (not running) - ID=0006, 0007 - ACARD Technology Corp. - db227bd0ba1f29bb38950f8fd97caa35
O41 - aec6280 - AEC6280 Miniport Driver - C:\WINDOWS\system32\drivers\AEC6280.SYS - (not running) - AEC6280 Miniport Driver - ACARD Technology Corp. - 71c3ab81b22c151a2e2ba97ec53430ca
O41 - AEC6290 - AEC6280 Miniport Driver - C:\WINDOWS\system32\drivers\AEC6290.SYS - (not running) - AEC6280 Miniport Driver - ACARD Technology Corp. - 71c3ab81b22c151a2e2ba97ec53430ca
O41 - AEC67160 - AEC67160 PCI Ultra3 LVD/SE Adapter Driver - C:\WINDOWS\system32\drivers\AEC67160.SYS - (not running) - AEC67160 PCI Ultra3 LVD/SE Adapter Driver - ACARD Technology Corp. - f2b276e8f4057dd1ba2bd40ecaf1ac57
O41 - AEC671X - AEC671X PCI Ultra/W SCSI3 Adapter Driver - C:\WINDOWS\system32\drivers\AEC671X.SYS - (not running) - AEC671X PCI Ultra/W SCSI3 Adapter Driver - ACARD Technology Corp. - 9493824293585203212d0157cb2430a7
O41 - AEC6880 - AEC6880/90 PCI Ultra ATA133 RAID Adapter Driver - C:\WINDOWS\system32\drivers\AEC6880.SYS - (not running) - AEC6880/90 PCI Ultra ATA133 RAID Adapter Driver - ACARD Technology Corp. - 415f252cee34bbf839acbcadb2bc85ce
O41 - AEC6890 - AEC6880/90 PCI Ultra ATA133 RAID Adapter Driver - C:\WINDOWS\system32\drivers\AEC6890.SYS - (not running) - AEC6880/90 PCI Ultra ATA133 RAID Adapter Driver - ACARD Technology Corp. - 415f252cee34bbf839acbcadb2bc85ce
O41 - aec68x5 - AEC6885/95/96 PCI ATA133 4 Channel RAID Adapter Driver - C:\WINDOWS\system32\drivers\aec68X5.sys - (not running) - AEC6885/95/96 PCI ATA133 4 Channel RAID Adapter Driver - ACARD Technology Corp. - 6275261ebb499358ff5c5cf901f7ad6c
O41 - FASTSX - Promise FastTRAK SX4/SX4000 Driver for WindowsXP - C:\WINDOWS\system32\drivers\fastsx.sys - (not running) - Promise FastTRAK SX4/SX4000 Driver for WindowsXP - Promise Technology, Inc. - 21ab10bc1c78a68cdf0cbd304dbfb7fa
O41 - fasttrak - Promise FastTrak Series Driver for WinXP - C:\WINDOWS\system32\drivers\fasttrak.sys - (not running) - Promise FastTrak Series Driver for WinXP - Promise Technology, Inc. - eb1c078d99cc081c1d2ae3a19e2284cc
O41 - fasttx2k - Promise Driver for Windows XP - C:\WINDOWS\system32\drivers\fasttx2k.sys - (not running) - Promise Driver for Windows XP - Promise Technology, Inc. - 5d95724d3c3923449c02be1106657bcd
O41 - fasttx2k2 - Promise FastTrak Series Driver for WindowsXP - C:\WINDOWS\system32\drivers\fasttx2k2.sys - (not running) - Promise FastTrak Series Driver for WindowsXP - Promise Technology, Inc. - c127946de07bbb00f69f78923577dae4
O41 - Hpt366 - ATAPI IDE Miniport Driver - C:\WINDOWS\system32\drivers\hpt366.sys - (not running) - ATAPI IDE Miniport Driver - Microsoft Corporation - 4e4c5dde3eb4e9392c9659818790ed6c
O41 - HPT371 - HPT3xx Miniport Driver - C:\WINDOWS\system32\drivers\hpt371.sys - (not running) - HPT3xx Miniport Driver - HighPoint Technologies, Inc. - cac96d5be76a3d20c41759b12167c09b
O41 - hpt374 - HPT374 Miniport Driver - C:\WINDOWS\system32\drivers\hpt374.sys - (not running) - HPT374 Miniport Driver - HighPoint Technologies, Inc. - ccee236589335d118e22d0fe400233a6
O41 - hpt3xx - HPT3xx Miniport Driver - C:\WINDOWS\system32\drivers\hpt3xx.sys - (not running) - HPT3xx Miniport Driver - HighPoint Technologies, Inc. - 9f2dfe54317b1cd38143686935a278d9
O41 - hptmv - hptmv Miniport Driver - C:\WINDOWS\system32\drivers\hptmv.sys - (not running) - hptmv Miniport Driver - HighPoint Technologies, Inc. - 4f92f14095d52ca870039b192a3319b0
O41 - hptpro - Hptpro - C:\WINDOWS\system32\drivers\hptpro.sys - (not running) - Hptpro - HighPoint Technologies, Inc. - 977716f8a6edda986fdb41de52bdb689
O41 - iaStor - Intel Application Accelerator driver - C:\WINDOWS\system32\drivers\iastor.sys - (not running) - Intel Application Accelerator driver - Intel Corporation - bdce6b54e1d7d8399175a83a02274b7a
O41 - m5228 - M5228 ATA RAID Controller Driver - C:\WINDOWS\system32\drivers\m5228.sys - (not running) - M5228 ATA RAID Controller Driver - ALi Corporation. - 4bc8aa133cdb516392ac76d9948138bc
O41 - m5281 - M5281 SATA RAID Controller Driver - C:\WINDOWS\system32\drivers\m5281.sys - (not running) - M5281 SATA RAID Controller Driver - ALi Corporation - 3bb7e4f0d880c57b75ab2197f6e21897
O41 - mraid2k - MEGARAID SCSI Controller Driver for Windows 2000 PAE - C:\WINDOWS\system32\drivers\MRAID2K.SYS - (not running) - MEGARAID SCSI Controller Driver for Windows 2000 PAE - American Megatrends, Inc. - a7bb113a38b04c0296bfa76b41d92f95
O41 - npkcrypt - npkcrypt - C:\Program Files\QQ2005\npkcrypt.sys - (not running) - - -
O41 - NvAtaBus - NVIDIA? nForce(TM) IDE Performance Driver - C:\WINDOWS\system32\drivers\NvAtaBus.sys - (not running) - NVIDIA? nForce(TM) IDE Performance Driver - NVIDIA Corporation - a1f88223528aadbb6374132becbbdcc1
O41 - PNP649R - IDE RAID miniport driver - C:\WINDOWS\system32\drivers\PnP649r.sys - (not running) - IDE RAID miniport driver - CMD Technology, Inc. - 5a5a6a1003eecd15df2f383972e86188
O41 - Pnp680 - DMA capable ATA miniport driver - C:\WINDOWS\system32\drivers\Pnp680.sys - (not running) - DMA capable ATA miniport driver - Silicon Image, Inc. - 023657a82e76ad98f3fafbd1ec425a71
O41 - Pnp680r - DMA capable ATA RAID miniport driver - C:\WINDOWS\system32\drivers\PnP680r.sys - (not running) - DMA capable ATA RAID miniport driver - Silicon Image, Inc - a1d7a9214b71ebbb6f31cb84aac15525
O41 - RAIDSRC - Intel(r)/ICP Miniport Driver - C:\WINDOWS\system32\drivers\raidsrc.sys - (not running) - Intel(r)/ICP Miniport Driver - Intel/ICP - 4ba4a4ac184ed0cf15faa62e2375883f
O41 - S150SX8 - Promise SATAII150 SX8 Driver for WindowsXP - C:\WINDOWS\system32\drivers\S150sx8.sys - (not running) - Promise SATAII150 SX8 Driver for WindowsXP - Promise Technology, Inc. - 13d1e68b006ae72276079f5fcbe5a471
O41 - SI3112 - Serial ATA miniport driver - C:\WINDOWS\system32\drivers\Si3112.sys - (not running) - Serial ATA miniport driver - Silicon Image, Inc. - 77f5cf403657f5086df7f4ed1f497cbb
O41 - SI3112r - Serial ATA RAID Miniport Driver - C:\WINDOWS\system32\drivers\Si3112r.sys - (not running) - Serial ATA RAID Miniport Driver - Silicon Image, Inc - d89dde61753a3b5d64e15a1a925588cc
O41 - SI3114 - Serial ATA miniport driver - C:\WINDOWS\system32\drivers\Si3114.sys - (not running) - Serial ATA miniport driver - Silicon Image, Inc. - 9c67403714df81c8bdf177ce440c9d84
O41 - SI3114r - SATARAID Miniport Driver - C:\WINDOWS\system32\drivers\Si3114r.sys - (not running) - SATARAID Miniport Driver - Silicon Image, Inc - 53ee85fa0b48eb64031a190adf23c8d8
O41 - SI3124 - Serial ATA miniport driver - C:\WINDOWS\system32\drivers\Si3124.sys - (not running) - Serial ATA miniport driver - Silicon Image, Inc. - da09038c6d12cf69031b515741250f7b
O41 - SI3124r - SATARAID miniport driver (PRE-RELEASE) - C:\WINDOWS\system32\drivers\Si3124r.sys - (not running) - SATARAID miniport driver (PRE-RELEASE) - Silicon Image, Inc - 0c71855057883e63ca2c19736cbab018
O41 - SiFilter - Windows Accelerator Driver - C:\WINDOWS\system32\drivers\SiWinAcc.sys - (not running) - Windows Accelerator Driver - Silicon Image, Inc. - 1582e88c6f340627247b1ecd00fa84fe

pooply - 2007-8-13 20:53:00

O41 - SISIDE - SiS PCI Mini IDE Driver - C:\WINDOWS\system32\drivers\siside.sys - (not running) - SiS PCI Mini IDE Driver - Silicon Integrated Systems Corp. - b4485881bd8aed9b157a2e6cf43c2d51
O41 - SiSRaid - SiS RAID Miniport Driver - C:\WINDOWS\system32\drivers\sisraid.sys - (not running) - SiS RAID Miniport Driver - Silicon Integrated Systems - 4c597e4de6edf6453990059ba0eac7d0
O41 - SiSRaid1 - SiS RAID Miniport Driver - C:\WINDOWS\system32\drivers\sisraid1.sys - (not running) - SiS RAID Miniport Driver - Silicon Integrated Systems - 52192d1a30ae56a203c047213b0f596b
O41 - SISRAIDS - SiS RAID Miniport Driver - C:\WINDOWS\system32\drivers\SISRAIDS.SYS - (not running) - SiS RAID Miniport Driver - Silicon Integrated Systems Corp - 46cecd8f57e63bdb9d6c9f130be2d97c
O41 - sptrak - Promise SuperTrak Family Driver for WindowsNT - C:\WINDOWS\system32\drivers\Sptrak.sys - (not running) - Promise SuperTrak Family Driver for WindowsNT - Promise Technology, Inc. - b04bdc24f80ecb319f64189194399989
O41 - SYMMPI - LSI Logic Fusion-MPT MiniPort Driver (ScsiPort) - C:\WINDOWS\system32\drivers\symmpi.sys - (not running) - LSI Logic Fusion-MPT MiniPort Driver (ScsiPort) - LSI Logic - 3adffb39782474652f4ea2cf1345b340
O41 - TAPBIND - TAPBIND - C:\DOCUME~1\new\LOCALS~1\Temp\_ISTMP1.DIR\_ISTMP0.DIR\TAPBIND1.SYS - (not running) - - -
O41 - ULSATAS - Promise SATAII150 Series Driver for Win2003 - C:\WINDOWS\system32\drivers\ulsatas.sys - (not running) - Promise SATAII150 Series Driver for Win2003 - Promise Technology, Inc. - 0c5583d3bb02e78e639eac234e97d515
O41 - viamraid - VIA RAID DRIVER FOR WIN 2000/XP/2003IA32 - C:\WINDOWS\system32\drivers\viamraid.sys - (not running) - VIA RAID DRIVER FOR WIN 2000/XP/2003IA32 - VIA Technologies inc,.ltd - f199939205dccc7836ae5ab8b5dd5e83
O41 - viapdsk - VIA VT4149 PATA Driver - C:\WINDOWS\system32\drivers\viapdsk.sys - (not running) - VIA VT4149 PATA Driver - VIA Technologies, Inc. - f314359357b6960eb727620470ffc9cf
O41 - viaraid - VT6410 RAID DRIVER FOR WINXP - C:\WINDOWS\system32\drivers\viaraid.sys - (not running) - VT6410 RAID DRIVER FOR WINXP - VIA Technologies inc,.ltd - 29d02cee410d4ed80014bbf0fc98bd2d
O41 - viasraid - VIA SATA RAID DRIVER FOR WINXP - C:\WINDOWS\system32\drivers\viasraid.sys - (not running) - VIA SATA RAID DRIVER FOR WINXP - VIA Technologies inc,.ltd - ebe101c01d80a42868f57b327be1b564
O41 - vmscsi - VMware SCSI Controller - C:\WINDOWS\system32\drivers\vmscsi.sys - (not running) - VMware SCSI Controller - VMware, Inc. - cd8a1f04836111dc0e6c0cd904b3c660

=======================================
360Safe.exe=3.6.0.1001
AntiAdwa.dll=3.5.1.1001
AntiEng.dll=3.5.2.1002
AntiActi.dll=2.0.0.3000
CleanHis.dll=3.0.2.1000
live.dll=1.0.1.1019

pooply - 2007-8-13 20:54:00

还有一个是听说这个有点像U盘病毒也扫了个日志
请将以下内容粘贴到论坛，我们会尽快解决该问题！

查杀结果:
U盘病毒专杀 V1.4 By MJ0011
2007-8-8
http://www.360safe.com

本专杀用于清除U盘病毒(Autorun.inf)传播的系列木马/病毒

只能清除病毒本体

找到恶意文件:C:\Autorun.inf
找到恶意文件:D:\Autorun.inf
找到恶意文件:E:\Autorun.inf
找到恶意文件:F:\Autorun.inf
启动Anti Defence系统...
释放驱动失败3 错误号:126 可能被新变种恶意拦截
请重试或到我们的论坛bbs.360safe.com进行反馈
上传专杀工具的查杀结果和安全卫士的检测报告

正在获取系统诊断报告，请稍等...

诊断报告:
各位高手：非常感谢您留心我这份系统诊断报告，小菜鸟十万火急等待您的帮助！该诊断报告由360安全卫士提供 http://www.360safe.com诊断时间: 2007-08-13 15:29:15诊断平台: Microsoft Windows XP Service Pack 2IE版本: Internet Explorer V6.0.2900.2180 Build:62900.2180 计算机物理内存:1023.23MB - 当前可用内存:808.75MB100 - 未知 - Process: AutoRunKiller.exe [] - H:\AutoRunKiller.exe100 - 未知 - Process: CheckTools.exe [ReportTool Microsoft 基础类应用程序] - C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\\CheckTools.exeR0 - 未知 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page=http://www.hao123.com/O3 - 未知 - Toolbar: (第三方IE工具栏) - [无效的CLSID:{710EB7A1-45ED-11D0-924A-0020AFC7AC4D}] - {710EB7A1-45ED-11D0-924A-0020AFC7AC4D} - O9 - 未知 - Extra button: 微软(HKLM) - http://www.microsoft.com/china/index.htmO30 - 未知 - HKCU\..\Desktop: [Scrnsave.exe] [Fullscreen Player for Bliss Video] C:\WINDOWS\system32\BLISS.SCR=======================================100 - 安全 - Process: smss.exe [进程为会话管理子系统用以初始化系统变量，ms-dos驱动名称类似lpt1以及com，调用win32壳子系统和运行在windows登陆过程。] - C:\WINDOWS\System32\smss.exe100 - 安全 - Process: csrss.exe [客户端服务子系统，用以控制windows图形相关子系统。] - C:\WINDOWS\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,3072,512 Windows=On SubSystemType=Windows ServerDll=base100 - 安全 - Process: winlogon.exe [windows nt用户登陆程序。] - C:\WINDOWS\system32\winlogon.exe100 - 安全 - Process: services.exe [用于管理windows服务系统进程。] - C:\WINDOWS\system32\services.exe100 - 安全 - Process: lsass.exe [本地安全权限服务控制windows安全机制。] - C:\WINDOWS\system32\lsass.exe100 - 安全 - Process: svchost.exe [service host process是一个标准的动态连接库主机处理服务。] - C:\WINDOWS\system32\svchost -k DcomLaunch100 - 安全 - Process: svchost.exe [service host process是一个标准的动态连接库主机处理服务。] - C:\WINDOWS\system32\svchost -k rpcss100 - 安全 - Process: svchost.exe [service host process是一个标准的动态连接库主机处理服务。] - C:\WINDOWS\system32\svchost.exe -k netsvcs100 - 安全 - Process: explorer.exe [windows program manager或者windows explorer用于控制windows图形shell，包括开始菜单、任务栏，桌面和文件管理。] - C:\WINDOWS\Explorer.EXE100 - 安全 - Process: 360tray.exe [360安全卫士实时监控程序。] - C:\Program Files\360safe\safemon\360Tray.exe100 - 安全 - Process: ctfmon.exe [office xp输入法图标。] - C:\WINDOWS\system32\ctfmon.exeR1 - 安全 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page=C:\WINDOWS\system32\blank.htmR1 - 安全 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page=C:\WINDOWS\system32\blank.htmO4 - 安全 - HKLM\..\Run: [NvCplDaemon] [是NVIDIA显示卡相关动态链接库文件。] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartupO4 - 安全 - HKLM\..\Run: [360Safetray] [360safe实时保护功能模块。] C:\Program Files\360safe\safemon\360Tray.exe /startO4 - 安全 - HKLM\..\RunOnce: [360Safe] [360安全卫士] Rundll32.exe C:\PROGRA~1\360safe\AntiAdwa.dll,KillAdwareO4 - 安全 - Startup folder: [Adobe Gamma Loader.lnk] [adobe用于加载图形参数] C:\Documents and Settings\All Users\「开始」菜单\程序\启动\Adobe Gamma Loader.lnkO8 - 安全 - Extra context menu item: 使用影音传送带下载 - C:\Program Files\Xi\NetTransport 2\NTAddLink.htmlO8 - 安全 - Extra context menu item: 使用影音传送带下载全部链接 - C:\Program Files\Xi\NetTransport 2\NTAddList.htmlO8 - 安全 - Extra context menu item: 导出到 Microsoft Office Excel(&X) - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000O18 - 安全 - Protocol: OFFICE 相关 - {807553E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE11\MSOXMLMF.DLLO23 - 安全 - Service: kavsvc [卡巴斯基反病毒软件] - "C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Personal\kavsvc.exe" - (not running)O23 - 安全 - Service: NVSvc [是NVIDIA显示卡相关程序。] - C:\WINDOWS\system32\nvsvc32.exe - (not running)=======================================O31 - 未知 - SEApproved: {42071714-76d4-11d1-8b24-00a0c9068ff3} - deskpan.dll - - - - 0 - O31 - 未知 - SEApproved: 无效的CLSID：Shell extensions for file compression - - - - - 0 - O31 - 未知 - SEApproved: 无效的CLSID：加密上下文菜单 - - - - - 0 - O31 - 未知 - SEApproved: {0DF44EAA-FF21-4412-828E-260A8728E7F1} - - - - - 0 - O31 - 未知 - SEApproved: {00E7B358-F65B-4dcf-83DF-CD026B94BFD4} - - - - - 0 - O31 - 未知 - SEApproved: {7A9D77BD-5403-11d2-8785-2E0420524153} - - - - - 0 - O31 - 未知 - SEApproved: {B41DB860-8EE4-11D2-9906-E49FADC173CA} - C:\Program Files\WinRAR\rarext.dll - - - - 124416 - 1b089bd70767a1ca5419a24b581cc753O31 - 未知 - SEApproved: {F0CB00CD-5A07-4D91-97F5-A8C92CDA93E4} - C:\Program Files\Real\RealPlayer\rpshell.dll - RealNetworks, Inc. - RealPlayer Shell Extensions - 1.0.1.2156 - 49198 - 9ac5a66c293fef3858f442589e4b33ebO31 - 未知 - SEApproved: {1CDB2949-8F65-4355-8456-263E7C208A5D} - C:\WINDOWS\system32\nvshell.dll - - - 6.14.10.11010 - 466944 - 766bc8f56b557b44a0ce89e4c631831eO31 - 未知 - SEApproved: {1E9B04FB-F9E5-4718-997B-B8DA88302A47} - C:\WINDOWS\system32\nvshell.dll - - - 6.14.10.11010 - 466944 - 766bc8f56b557b44a0ce89e4c631831eO31 - 未知 - SEApproved: {1E9B04FB-F9E5-4718-997B-B8DA88302A48} - C:\WINDOWS\system32\nvshell.dll - - - 6.14.10.11010 - 466944 - 766bc8f56b557b44a0ce89e4c631831eO31 - 未知 - Directory Menu: {B41DB860-8EE4-11D2-9906-E49FADC173CA} - C:\Program Files\WinRAR\rarext.dll - - - - 124416 - 1b089bd70767a1ca5419a24b581cc753O31 - 未知 - LSA: Security Packages - sv1_0.dll - - - - 0 - O31 - 未知 - LSA: Security Packages - channel.dll - - - - 0 - ==============================================================================

pooply - 2007-8-13 20:56:00

O41 - Kl1 - Kaspersky Anti-Hacker Only Driver - C:\WINDOWS\system32\drivers\kl1.sys - (running) - Kaspersky Anti-Hacker Only Driver - Kaspersky Lab - 94b73d5dcb3198728394d0292a2f5bc6O41 - a320raid - Adaptec HostRAID for Ultra320 SCSI - C:\WINDOWS\system32\drivers\a320raid.sys - (not running) - Adaptec HostRAID for Ultra320 SCSI - Adaptec, Inc. - 0532434d53314ee8858b7bfdbe761837O41 - AAC - Adaptec RAID Miniport Driver - C:\WINDOWS\system32\drivers\aac.sys - (not running) - Adaptec RAID Miniport Driver - Adaptec, Inc. - f9ee3c7a185d121b145164cb10c057a7O41 - aar1210 - Adaptec HostRAID for Serial ATA - C:\WINDOWS\system32\drivers\aar1210.sys - (not running) - Adaptec HostRAID for Serial ATA - Adaptec, Inc. - 316945ebc9398f222a6fff3d04d41fcbO41 - aec6210 - aec6210 - C:\WINDOWS\system32\drivers\AEC6210.sys - (not running) - - ACARD Technology Corp. - 38e6c035e89fb8b079301e71b2523f3dO41 - aec6260 - ID=0006, 0007 - C:\WINDOWS\system32\drivers\AEC6260.sys - (not running) - ID=0006, 0007 - ACARD Technology Corp. - db227bd0ba1f29bb38950f8fd97caa35O41 - aec6280 - AEC6280 Miniport Driver - C:\WINDOWS\system32\drivers\AEC6280.SYS - (not running) - AEC6280 Miniport Driver - ACARD Technology Corp. - 71c3ab81b22c151a2e2ba97ec53430caO41 - AEC6290 - AEC6280 Miniport Driver - C:\WINDOWS\system32\drivers\AEC6290.SYS - (not running) - AEC6280 Miniport Driver - ACARD Technology Corp. - 71c3ab81b22c151a2e2ba97ec53430caO41 - AEC67160 - AEC67160 PCI Ultra3 LVD/SE Adapter Driver - C:\WINDOWS\system32\drivers\AEC67160.SYS - (not running) - AEC67160 PCI Ultra3 LVD/SE Adapter Driver - ACARD Technology Corp. - f2b276e8f4057dd1ba2bd40ecaf1ac57O41 - AEC671X - AEC671X PCI Ultra/W SCSI3 Adapter Driver - C:\WINDOWS\system32\drivers\AEC671X.SYS - (not running) - AEC671X PCI Ultra/W SCSI3 Adapter Driver - ACARD Technology Corp. - 9493824293585203212d0157cb2430a7O41 - AEC6880 - AEC6880/90 PCI Ultra ATA133 RAID Adapter Driver - C:\WINDOWS\system32\drivers\AEC6880.SYS - (not running) - AEC6880/90 PCI Ultra ATA133 RAID Adapter Driver - ACARD Technology Corp. - 415f252cee34bbf839acbcadb2bc85ceO41 - AEC6890 - AEC6880/90 PCI Ultra ATA133 RAID Adapter Driver - C:\WINDOWS\system32\drivers\AEC6890.SYS - (not running) - AEC6880/90 PCI Ultra ATA133 RAID Adapter Driver - ACARD Technology Corp. - 415f252cee34bbf839acbcadb2bc85ceO41 - aec68x5 - AEC6885/95/96 PCI ATA133 4 Channel RAID Adapter Driver - C:\WINDOWS\system32\drivers\aec68X5.sys - (not running) - AEC6885/95/96 PCI ATA133 4 Channel RAID Adapter Driver - ACARD Technology Corp. - 6275261ebb499358ff5c5cf901f7ad6cO41 - FASTSX - Promise FastTRAK SX4/SX4000 Driver for WindowsXP - C:\WINDOWS\system32\drivers\fastsx.sys - (not running) - Promise FastTRAK SX4/SX4000 Driver for WindowsXP - Promise Technology, Inc. - 21ab10bc1c78a68cdf0cbd304dbfb7faO41 - fasttrak - Promise FastTrak Series Driver for WinXP - C:\WINDOWS\system32\drivers\fasttrak.sys - (not running) - Promise FastTrak Series Driver for WinXP - Promise Technology, Inc. - eb1c078d99cc081c1d2ae3a19e2284ccO41 - fasttx2k - Promise Driver for Windows XP - C:\WINDOWS\system32\drivers\fasttx2k.sys - (not running) - Promise Driver for Windows XP - Promise Technology, Inc. - 5d95724d3c3923449c02be1106657bcdO41 - fasttx2k2 - Promise FastTrak Series Driver for WindowsXP - C:\WINDOWS\system32\drivers\fasttx2k2.sys - (not running) - Promise FastTrak Series Driver for WindowsXP - Promise Technology, Inc. - c127946de07bbb00f69f78923577dae4O41 - Hpt366 - ATAPI IDE Miniport Driver - C:\WINDOWS\system32\drivers\hpt366.sys - (not running) - ATAPI IDE Miniport Driver - Microsoft Corporation - 4e4c5dde3eb4e9392c9659818790ed6cO41 - HPT371 - HPT3xx Miniport Driver - C:\WINDOWS\system32\drivers\hpt371.sys - (not running) - HPT3xx Miniport Driver - HighPoint Technologies, Inc. - cac96d5be76a3d20c41759b12167c09bO41 - hpt374 - HPT374 Miniport Driver - C:\WINDOWS\system32\drivers\hpt374.sys - (not running) - HPT374 Miniport Driver - HighPoint Technologies, Inc. - ccee236589335d118e22d0fe400233a6O41 - hpt3xx - HPT3xx Miniport Driver -

pooply - 2007-8-13 20:56:00

C:\WINDOWS\system32\drivers\hpt3xx.sys - (not running) - HPT3xx Miniport Driver - HighPoint Technologies, Inc. - 9f2dfe54317b1cd38143686935a278d9O41 - hptmv - hptmv Miniport Driver - C:\WINDOWS\system32\drivers\hptmv.sys - (not running) - hptmv Miniport Driver - HighPoint Technologies, Inc. - 4f92f14095d52ca870039b192a3319b0O41 - hptpro - Hptpro - C:\WINDOWS\system32\drivers\hptpro.sys - (not running) - Hptpro - HighPoint Technologies, Inc. - 977716f8a6edda986fdb41de52bdb689O41 - iaStor - Intel Application Accelerator driver - C:\WINDOWS\system32\drivers\iastor.sys - (not running) - Intel Application Accelerator driver - Intel Corporation - bdce6b54e1d7d8399175a83a02274b7aO41 - Klif - spuper-ptor - C:\WINDOWS\system32\drivers\klif.sys - (not running) - spuper-ptor - Kaspersky Labs - ac5fcf69b95dde2daa36698a6a0e1f2dO41 - Klmc - Kaspersky Anti-Virus Mail Checker Proxy - C:\WINDOWS\system32\drivers\klmc.sys - (not running) - Kaspersky Anti-Virus Mail Checker Proxy - Kaspersky Lab - 5a23435829f8724a0e196693d6149eddO41 - m5228 - M5228 ATA RAID Controller Driver - C:\WINDOWS\system32\drivers\m5228.sys - (not running) - M5228 ATA RAID Controller Driver - ALi Corporation. - 4bc8aa133cdb516392ac76d9948138bcO41 - m5281 - M5281 SATA RAID Controller Driver - C:\WINDOWS\system32\drivers\m5281.sys - (not running) - M5281 SATA RAID Controller Driver - ALi Corporation - 3bb7e4f0d880c57b75ab2197f6e21897O41 - mraid2k - MEGARAID SCSI Controller Driver for Windows 2000 PAE - C:\WINDOWS\system32\drivers\MRAID2K.SYS - (not running) - MEGARAID SCSI Controller Driver for Windows 2000 PAE - American Megatrends, Inc. - a7bb113a38b04c0296bfa76b41d92f95O41 - npkcrypt - npkcrypt - C:\Program Files\QQ2005\npkcrypt.sys - (not running) - - - O41 - NvAtaBus - NVIDIA? nForce(TM) IDE Performance Driver - C:\WINDOWS\system32\drivers\NvAtaBus.sys - (not running) - NVIDIA? nForce(TM) IDE Performance Driver - NVIDIA Corporation - a1f88223528aadbb6374132becbbdcc1O41 - PNP649R - IDE RAID miniport driver - C:\WINDOWS\system32\drivers\PnP649r.sys - (not running) - IDE RAID miniport driver - CMD Technology, Inc. - 5a5a6a1003eecd15df2f383972e86188O41 - Pnp680 - DMA capable ATA miniport driver - C:\WINDOWS\system32\drivers\Pnp680.sys - (not running) - DMA capable ATA miniport driver - Silicon Image, Inc. - 023657a82e76ad98f3fafbd1ec425a71O41 - Pnp680r - DMA capable ATA RAID miniport driver - C:\WINDOWS\system32\drivers\PnP680r.sys - (not running) - DMA capable ATA RAID miniport driver - Silicon Image, Inc - a1d7a9214b71ebbb6f31cb84aac15525O41 - RAIDSRC - Intel(r)/ICP Miniport Driver - C:\WINDOWS\system32\drivers\raidsrc.sys - (not running) - Intel(r)/ICP Miniport Driver - Intel/ICP - 4ba4a4ac184ed0cf15faa62e2375883fO41 - S150SX8 - Promise SATAII150 SX8 Driver for WindowsXP - C:\WINDOWS\system32\drivers\S150sx8.sys - (not running) - Promise SATAII150 SX8 Driver for WindowsXP - Promise Technology, Inc. - 13d1e68b006ae72276079f5fcbe5a471O41 - SI3112 - Serial ATA miniport driver - C:\WINDOWS\system32\drivers\Si3112.sys - (not running) - Serial ATA miniport driver - Silicon Image, Inc. - 77f5cf403657f5086df7f4ed1f497cbbO41 - SI3112r - Serial ATA RAID Miniport Driver - C:\WINDOWS\system32\drivers\Si3112r.sys - (not running) - Serial ATA RAID Miniport Driver - Silicon Image, Inc - d89dde61753a3b5d64e15a1a925588ccO41 - SI3114 - Serial ATA miniport driver - C:\WINDOWS\system32\drivers\Si3114.sys - (not running) - Serial ATA miniport driver - Silicon Image, Inc. - 9c67403714df81c8bdf177ce440c9d84O41 - SI3114r - SATARAID Miniport Driver - C:\WINDOWS\system32\drivers\Si3114r.sys - (not running) - SATARAID Miniport Driver - Silicon Image, Inc - 53ee85fa0b48eb64031a190adf23c8d8O41 - SI3124 - Serial ATA miniport driver - C:\WINDOWS\system32\drivers\Si3124.sys - (not running) - Serial ATA miniport driver - Silicon Image, Inc. - da09038c6d12cf69031b515741250f7bO41 - SI3124r - SATARAID miniport driver (PRE-RELEASE) - C:\WINDOWS\system32\drivers\Si3124r.sys - (not running) - SATARAID miniport driver (PRE-RELEASE) - Silicon Image, Inc - 0c71855057883e63ca2c19736cbab018O41 - SiFilter - Windows Accelerator Driver - C:\WINDOWS\system32\drivers\SiWinAcc.sys - (not running) - Windows Accelerator Driver - Silicon Image, Inc. - 1582e88c6f340627247b1ecd00fa84feO41 - SISIDE - SiS PCI Mini IDE Driver - C:\WINDOWS\system32\drivers\siside.sys - (not running) - SiS PCI Mini IDE Driver - Silicon Integrated Systems Corp. - b4485881bd8aed9b157a2e6cf43c2d51O41 - SiSRaid - SiS RAID Miniport Driver - C:\WINDOWS\system32\drivers\sisraid.sys - (not running) - SiS RAID Miniport Driver - Silicon Integrated Systems - 4c597e4de6edf6453990059ba0eac7d0O41 - SiSRaid1 - SiS RAID Miniport Driver - C:\WINDOWS\system32\drivers\sisraid1.sys - (not running) - SiS RAID Miniport Driver - Silicon Integrated Systems - 52192d1a30ae56a203c047213b0f596bO41 - SISRAIDS - SiS RAID Miniport Driver - C:\WINDOWS\system32\drivers\SISRAIDS.SYS - (not running) - SiS RAID Miniport Driver - Silicon Integrated Systems Corp - 46cecd8f57e63bdb9d6c9f130be2d97cO41 - sptrak - Promise SuperTrak Family Driver for WindowsNT - C:\WINDOWS\system32\drivers\Sptrak.sys - (not running) - Promise SuperTrak Family Driver for WindowsNT - Promise Technology, Inc. - b04bdc24f80ecb319f64189194399989O41 - SYMMPI - LSI Logic Fusion-MPT MiniPort Driver (ScsiPort) - C:\WINDOWS\system32\drivers\symmpi.sys - (not running) - LSI Logic Fusion-MPT MiniPort Driver (ScsiPort) - LSI Logic - 3adffb39782474652f4ea2cf1345b340O41 - TAPBIND - TAPBIND - C:\DOCUME~1\new\LOCALS~1\Temp\_ISTMP1.DIR\_ISTMP0.DIR\TAPBIND1.SYS - (not running) - - - O41 - ULSATAS - Promise SATAII150 Series Driver for Win2003 - C:\WINDOWS\system32\drivers\ulsatas.sys - (not running) - Promise SATAII150 Series Driver for Win2003 - Promise Technology, Inc. - 0c5583d3bb02e78e639eac234e97d515O41 - viamraid - VIA RAID DRIVER FOR WIN 2000/XP/2003IA32 - C:\WINDOWS\system32\drivers\viamraid.sys - (not running) - VIA RAID DRIVER FOR WIN 2000/XP/2003IA32 - VIA Technologies inc,.ltd - f199939205dccc7836ae5ab8b5dd5e83O41 - viapdsk - VIA VT4149 PATA Driver - C:\WINDOWS\system32\drivers\viapdsk.sys - (not running) - VIA VT4149 PATA Driver - VIA Technologies, Inc. - f314359357b6960eb727620470ffc9cfO41 - viaraid - VT6410 RAID DRIVER FOR WINXP - C:\WINDOWS\system32\drivers\viaraid.sys - (not running) - VT6410 RAID DRIVER FOR WINXP - VIA Technologies inc,.ltd - 29d02cee410d4ed80014bbf0fc98bd2dO41 - viasraid - VIA SATA RAID DRIVER FOR WINXP - C:\WINDOWS\system32\drivers\viasraid.sys - (not running) - VIA SATA RAID DRIVER FOR WINXP - VIA Technologies inc,.ltd - ebe101c01d80a42868f57b327be1b564O41 - vmscsi - VMware SCSI Controller - C:\WINDOWS\system32\drivers\vmscsi.sys - (not running) - VMware SCSI Controller - VMware, Inc. - cd8a1f04836111dc0e6c0cd904b3c660O41 - 360IceBreaker - 360IceBreaker - C:\WINDOWS\system32\drivers\360IceBreaker.sys - (not running) - - - O41 - wkyxntgh - wkyxntgh - C:\WINDOWS\system32\drivers\wkyxntgh.sys - (not running) - - - e3b1a67ab8f3117e82137be6bd0c6f8c=======================================AntiEng.dll=3.5.2.1002

----------查杀恶意软件历史----------

----------插件卸载操作历史----------

2007-08-13 15:26
清理恶评插件 - 36sqgw7 - C:\WINDOWS\rundl132.exe
清理恶评插件 - 灰鸽子变种0017 - C:\WINDOWS\svohost.exe
清理恶评插件 - 灰鸽子变种0024 - C:\WINDOWS\SVCH0ST.EXE
清理恶评插件 - aatievv.exe - C:\WINDOWS\rundl132.exe
清理恶评插件 - 未知自动运行程序(Autorun) - C:\autorun.inf
清理恶评插件 - 伪装CheckFaultKernel - C:\WINDOWS\system32\SVCH0ST.EXE
清理恶评插件 - zz恶意软件 - C:\WINDOWS\rundl132.exe
清理恶评插件 - SVCH0ST.exe - C:\WINDOWS\system32\SVCH0ST.exe
清理恶评插件 - 熊猫烧香 - C:\WINDOWS\system32\FUCKJA~1.EXE
清理恶评插件 - SoundMam - C:\WINDOWS\system32\SVOHOST.exe
清理恶评插件 - clipsrv.exe - C:\\GAMESE~1.EXE
清理恶评插件 - hdaha木马 - C:\WINDOWS\SVCH0ST.EXE
2007-08-13 15:26
清理恶评插件 - 36sqgw7 - C:\WINDOWS\rundl132.exe
清理恶评插件 - 灰鸽子变种0017 - C:\WINDOWS\svohost.exe
清理恶评插件 - 灰鸽子变种0024 - C:\WINDOWS\SVCH0ST.EXE
清理恶评插件 - aatievv.exe - C:\WINDOWS\rundl132.exe
清理恶评插件 - 未知自动运行程序(Autorun) - C:\autorun.inf
清理恶评插件 - 伪装CheckFaultKernel - C:\WINDOWS\system32\SVCH0ST.EXE
清理恶评插件 - zz恶意软件 - C:\WINDOWS\rundl132.exe
清理恶评插件 - SVCH0ST.exe - C:\WINDOWS\system32\SVCH0ST.exe
清理恶评插件 - 熊猫烧香 - C:\WINDOWS\system32\FUCKJA~1.EXE
清理恶评插件 - SoundMam - C:\WINDOWS\system32\SVOHOST.exe
清理恶评插件 - clipsrv.exe - C:\\GAMESE~1.EXE
清理恶评插件 - hdaha木马 - C:\WINDOWS\SVCH0ST.EXE

----------全面诊断修复历史----------

----------修复IE浏览器操作历史----------

天月来了 - 2007-8-13 21:32:00

先这样。

将你的系统日期对正确

下载 System Repair Engineer(2.5版本），到你的“Windows”文件夹里。

http://www.kztechs.com/sreng/download.html

1 解压缩sreng2.zip
2 将SREngPs.exe运行.
3 智能扫描=》扫描=》保存报告
4 把日志中的报告文字内容完整复制分段贴上来，不要修改

天月来了 - 2007-8-13 21:37:00

然后将下面文字内容全部复制到一个空记事本文件里。然后将这记事本文件的扩展名“.txt”改为“.bat”，放到各盘双击运行试试。

@echo off
@echo +-------------------------------------------------------------+
@echo 本程序消除文件夹被病毒置上的隐藏属性 Ver.1.5
@echo 拉法基
@echo 2007.6
@echo +-------------------------------------------------------------+
@echo.
@ECHO 可能需要一段时间，请耐心等待
@echo 耐心等待...
attrib -s -h *. /S /D
attrib +s +h System~1
attrib +s +h Recycled
attrib +s +h +a ntldr
@ECHO 完成！
@echo on

pooply - 2007-8-14 20:37:00

谢谢你,我的电脑好了.~感谢感谢 ^_^

爱之吻你 - 2008-10-31 18:04:00

[CODE]

2008-10-31,17:49:40

System Repair Engineer 2.7.0.1210
Smallfrogs (http://www.KZTechs.com)

Windows XP Professional Service Pack 2 (Build 2600) - 管理权限用户 - 完整功能

以下内容被选中：
所有的启动项目（包括注册表、启动文件夹、服务等）
浏览器加载项
正在运行的进程（包括进程模块信息）
文件关联
Winsock 提供者
Autorun.inf
HOSTS 文件
进程特权扫描
计划任务
API HOOK
隐藏进程

启动项目
注册表
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
<ctfmon.exe><C:\WINDOWS\system32\ctfmon.exe> [(Verified)Microsoft Windows Publisher]
<KavPFW><"C:\Program Files\Kingsoft\Kingsoft Internet Security 2008\KPFW32.EXE" -startup> [(Verified)"Zhuhai Kingsoft Software Co.,Ltd"]
[HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows]
<load><> [N/A]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
<YLive.exe><C:\PROGRA~1\Yahoo!\ASSIST~1\YLive.exe> [Yahoo! China]
<CnsMin><Rundll32.exe C:\WINDOWS\DOWNLO~1\CnsMin.dll,Rundll32> [北京三七二一科技有限公司]
<wallpaper><c:\windows\system32\壁纸自动换.exe> []
<helper.dll><C:\WINDOWS\system32\rundll32.exe C:\PROGRA~1\3721\helper.dll,Rundll32> [(Verified)"INTER CHINA NETWORK SOFTWARE (BEIJING) CO., LTD"]
<NvCplDaemon><RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup> [(Verified)Microsoft Windows Hardware Compatibility Publisher]
<nwiz><nwiz.exe /install> []
<NvMediaCenter><RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit> [(Verified)Microsoft Windows Hardware Compatibility Publisher]
<BigDogPath><C:\WINDOWS\VM_STI.EXE Vimicro USB PC Camera (ZC0301PL)> [File is missing]
<yassistse><c:\progra~1\yahoo!\assistant\yassistse.exe> [(Verified)"Beijing Yahoo! Information and Technology Co., Ltd."]
<KavStart><"C:\Program Files\Kingsoft\Kingsoft Internet Security 2008\KAVStart.exe" -startup> [(Verified)"Zhuhai Kingsoft Software Co.,Ltd"]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\RunOnce]
<CnsAssecblk><regsvr32.exe /s C:\PROGRA~1\Yahoo!\ASSIST~1\Assist\YASSEC~1.DLL> [(Verified)"Beijing Yahoo! Information and Technology Co., Ltd."]
<YahooC:\PROGRA~1\Yahoo!\ASSIST~1\Assist\ysearch.dll409921><regsvr32 /s C:\PROGRA~1\Yahoo!\ASSIST~1\Assist\ysearch.dll> [Yahoo! China]
<YahooC:\PROGRA~1\Yahoo!\ASSIST~1\yalive.dll459750><regsvr32 /s C:\PROGRA~1\Yahoo!\ASSIST~1\yalive.dll> [yahoo! china]
<YahooC:\PROGRA~1\Yahoo!\ASSIST~1\ylive.exe461968><regsvr32 /s C:\PROGRA~1\Yahoo!\ASSIST~1\ylive.exe> [Yahoo! China]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
<shell><Explorer.exe> [(Verified)Microsoft Windows Publisher]
<Userinit><C:\WINDOWS\system32\userinit.exe> [(Verified)Microsoft Windows Publisher]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Windows]
<AppInit_DLLs><> [N/A]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
<UIHost><logonui.exe> [(Verified)Microsoft Windows Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
<{AEB6717E-7E19-11d0-97EE-00C04FD91972}><shell32.dll> [(Verified)Microsoft Windows Component Publisher]
<{D157330A-9EF3-49F8-9A67-4141AC41ADD4}><C:\WINDOWS\DOWNLO~1\CnsHook.dll> [北京三七二一科技有限公司]
<{4BAB150F-DD97-476D-9C1E-41B6CDC0CA7A}><C:\PROGRA~1\Yahoo!\Assistant\yClickOn.dll> [YAHOO Corporation Limited]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
<PostBootReminder><%SystemRoot%\system32\SHELL32.dll> [(Verified)Microsoft Windows Component Publisher]
<CDBurn><%SystemRoot%\system32\SHELL32.dll> [(Verified)Microsoft Windows Component Publisher]
<WebCheck><%SystemRoot%\system32\webcheck.dll> [(Verified)Microsoft Windows Publisher]
<SysTray><C:\WINDOWS\system32\stobject.dll> [(Verified)Microsoft Windows Publisher]
<SysTime><C:\PROGRA~1\WinKld\WinKld.dll> [www.88dog.com]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\crypt32chain]
<WinlogonNotify: crypt32chain><crypt32.dll> [(Verified)Microsoft Windows Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\cryptnet]
<WinlogonNotify: cryptnet><cryptnet.dll> [(Verified)Microsoft Windows Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\cscdll]
<WinlogonNotify: cscdll><cscdll.dll> [(Verified)Microsoft Windows Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ScCertProp]
<WinlogonNotify: ScCertProp><wlnotify.dll> [(Verified)Microsoft Windows Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\Schedule]
<WinlogonNotify: Schedule><wlnotify.dll> [(Verified)Microsoft Windows Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\sclgntfy]
<WinlogonNotify: sclgntfy><sclgntfy.dll> [(Verified)Microsoft Windows Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\SensLogn]
<WinlogonNotify: SensLogn><WlNotify.dll> [(Verified)Microsoft Windows Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\termsrv]
<WinlogonNotify: termsrv><wlnotify.dll> [(Verified)Microsoft Windows Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\wlballoon]
<WinlogonNotify: wlballoon><wlnotify.dll> [(Verified)Microsoft Windows Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler]
<{438755C2-A8BA-11D1-B96B-00A0C90312E1}><%SystemRoot%\system32\browseui.dll> [(Verified)Microsoft Windows Component Publisher]
<{8C7461EF-2B13-11d2-BE35-3078302C2030}><%SystemRoot%\system32\browseui.dll> [(Verified)Microsoft Windows Component Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\>{22d6f312-b0f6-11d0-94ab-0080c74c7e95}]
<Microsoft Windows Media Player><C:\WINDOWS\inf\unregmp2.exe /ShowWMP> [(Verified)Microsoft Windows Component Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\>{26923b43-4d38-484f-9b9e-de460746276c}]
<Internet Explorer><%systemroot%\system32\shmgrate.exe OCInstallUserConfigIE> [File is missing]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\>{60B49E34-C7CC-11D0-8953-00A0C90347FF}MICROS]
<浏览器自定义组件><RunDLL32 IEDKCS32.DLL,BrandIE4 SIGNUP> [(Verified)Microsoft Windows Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\>{881dd1c5-3dcf-431b-b061-f3f88e8be88a}]
<Outlook Express><%systemroot%\system32\shmgrate.exe OCInstallUserConfigOE> [File is missing]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{2C7339CF-2B09-4501-B3F3-F3508C9228ED}]
<Themes Setup><%SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll> [File is missing]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{44BBA840-CC51-11CF-AAFA-00AA00B6015C}]
<Microsoft Outlook Express 6><"%ProgramFiles%\Outlook Express\setup50.exe" /APP:OE /CALLER:WINNT /user /install> [File is missing]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{44BBA842-CC51-11CF-AAFA-00AA00B6015B}]
<NetMeeting 3.01><rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msnetmtg.inf,NetMtg.Install.PerUser.NT> [(Verified)Microsoft Windows Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{5945c046-1e7d-11d1-bc44-00c04fd912be}]
<Windows Messenger 4.7><rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msmsgs.inf,BLC.QuietInstall.PerUser> [(Verified)Microsoft Windows Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{6BF52A52-394A-11d3-B153-00C04F79FAA6}]
<Microsoft Windows Media Player><rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\wmp10.inf,PerUserStub> [(Verified)Microsoft Windows Component Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{7790769C-0471-11d2-AF11-00C04FA35D02}]
<通讯簿 6><"%ProgramFiles%\Outlook Express\setup50.exe" /APP:WAB /CALLER:WINNT /user /install> [File is missing]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{89820200-ECBD-11cf-8B85-00AA005B4340}]
<Windows 桌面更新><regsvr32.exe /s /n /i:U shell32.dll> [(Verified)Microsoft Windows Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{89820200-ECBD-11cf-8B85-00AA005B4383}]
<Internet Explorer 6><%SystemRoot%\system32\ie4uinit.exe> [(Verified)Microsoft Windows Publisher]
[HKEY_CURRENT_USER\Control Panel\Desktop]
<SCRNSAVE.EXE><C:\WINDOWS\system32\ssmypics.scr> [(Verified)Microsoft Windows Publisher]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
<IMJPMIG8.1><; "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32> [(Verified)Microsoft Windows Publisher]
<PHIME2002A><; C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName> [File is missing]
<PHIME2002ASync><; C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC> [File is missing]

==================================
启动文件夹
N/A

==================================
服务
[Human Interface Device Access / HidServ][Stopped/Disabled]
<C:\WINDOWS\System32\svchost.exe -k netsvcs-->%SystemRoot%\System32\hidserv.dll><N/A>
[Kingsoft Internet Security Common Service / KISSvc][Running/Auto Start]
<C:\Program Files\Kingsoft\Kingsoft Internet Security 2008\KISSvc.EXE><Kingsoft Corporation>
[Kingsoft Personal Firewall Service / KPfwSvc][Running/Auto Start]
<"C:\Program Files\Kingsoft\Kingsoft Internet Security 2008\KPfwSvc.EXE"><Kingsoft Corporation>
[Kingsoft Antivirus KWatch Service / KWatchSvc][Running/Auto Start]
<"C:\Program Files\Kingsoft\Kingsoft Internet Security 2008\KWatch.EXE"><Kingsoft Corporation>
[NVIDIA Display Driver Service / NVSvc][Running/Auto Start]
<C:\WINDOWS\system32\nvsvc32.exe><NVIDIA Corporation>

==================================
驱动程序
[Intel(r) 82801 Audio Driver Install Service (WDM) / ac97intc][Stopped/Manual Start]
<system32\drivers\ac97intc.sys><Intel Corporation>
[AMD K8 Processor Driver / AmdK8][Stopped/Manual Start]
<System32\DRIVERS\amdk8.sys><Advanced Micro Devices>
[C-Media WDM Audio Interface / cmuda][Running/Manual Start]
<system32\drivers\cmuda.sys><C-Media Inc>
[CnsMinKP / CnsMinKP][Running/Boot Start]
<\SystemRoot\system32\drivers\CnsMinKP.sys><Copyright (C) 3721 Corporation.>
[VIA PCI 10/100Mb Fast Ethernet Adapter NT Driver / FETNDIS][Stopped/Manual Start]
<system32\DRIVERS\fetnd5.sys><VIA Technologies, Inc.>
[KAVBase / KAVBase][Running/Auto Start]
<\??\C:\WINDOWS\system32\Drivers\KAVBase.sys><Kingsoft Corporation>
[KAVBootC / KAVBootC][Running/Boot Start]
<\SystemRoot\system32\Drivers\KAVBootC.sys><Kingsoft Corporation>
[KAVSafe / KAVSafe][Running/Auto Start]
<\??\C:\WINDOWS\system32\Drivers\KAVSafe.sys><Kingsoft Corporation>
[KNetWch / KNetWch][Running/System Start]
<\??\C:\Program Files\Kingsoft\Kingsoft Internet Security 2008\KNetWch.SYS><Kingsoft Corporation>
[KWatch3 / KWatch3][Running/Auto Start]
<\??\C:\WINDOWS\system32\Drivers\KWatch3.sys><Kingsoft Corporation>
[nckjlb / nckjlb][Running/Boot Start]
<\SystemRoot\\SystemRoot\System32\drivers\nckjlb.sys><N/A>
[npkcrypt / npkcrypt][Running/Auto Start]
<\??\C:\Program Files\QQ2006\npkcrypt.sys><INCA Internet Co., Ltd.>
[nv / nv][Running/Manual Start]
<system32\DRIVERS\nv4_mini.sys><NVIDIA Corporation>
[Direct Parallel Link Driver / Ptilink][Running/Manual Start]
<system32\DRIVERS\ptilink.sys><Parallel Technologies, Inc.>
[Secdrv / Secdrv][Stopped/Manual Start]
<system32\DRIVERS\secdrv.sys><N/A>
[SiS PCI Fast Ethernet Adapter Driver for NDIS51 / SISNICXP][Running/Manual Start]
<system32\DRIVERS\sisnicxp.sys><SiS Corporation>
[smjhxdnt / smjhxdnt][Running/Manual Start]
<2 - 系统找不到指定的文件。
><N/A>
[TCP/IP Protocol Driver / Tcpip][Running/System Start]
<system32\DRIVERS\tcpip.sys><Microsoft Corporation>
[yaskp / yaskp][Running/Boot Start]
<\SystemRoot\system32\drivers\yaskp.sys><Copyright (C) yahoo Corporation.>
[Vimicro USB PC Camera (ZC0301PL) / ZSMC301b][Running/Manual Start]
<System32\Drivers\usbVM31b.sys><VM>
[R2A / R2A][Stopped/Disabled]
<\??\C:\WINDOWS\system32a2.sys><N/A>
[xsmnuhzd / xsmnuhzd][Stopped/Boot Start]
<\SystemRoot\System32\DRIVERS\xsmnuhzd.sys><Yahoo! China Corporation>

==================================
浏览器加载项
[WebThunder Browser Helper]
{00000AAA-A363-466E-BEF5-9BB68697AA7F} <C:\Program Files\Thunder Network\WebThunder\WebThunderBHO_016.dll, Thunder Networking Technologies,LTD>
[Yahoo!Photo]
{33BBE430-0E42-4f12-B075-8D21ACB10DCB} <C:\PROGRA~1\Yahoo!\ASSIST~1\Assist\yphtb.dll, (Signed) Yahoo! China>
[AntiFish Class]
{38928D50-8A48-44C2-945F-D2F23F771410} <C:\PROGRA~1\Yahoo!\ASSIST~1\Assist\yangling.dll, yahoo! china>
[DragSearch BHO]
{62EED7C6-9F02-42f9-B634-98E2899E147B} <C:\PROGRA~1\Yahoo!\ASSIST~1\Assist\YDRAGS~1.DLL, (Signed) yahoo! china>
[Thunder Browser Helper]
{889D2FEB-5411-4565-8998-1DD2C5261283} <C:\Program Files\Thunder Network\Thunder\ComDlls\XunLeiBHO_002.dll, Thunder Networking Technologies,LTD>
[CnsHook Class]
{D157330A-9EF3-49F8-9A67-4141AC41ADD4} <C:\WINDOWS\DOWNLO~1\CnsHook.dll, 北京三七二一科技有限公司>
[kingsoft browser shield]
{D963BE1A-6B35-47DB-B002-49FAE71D85CC} <C:\Program Files\Kingsoft\Kingsoft Internet Security 2008\KASBrowserShield.DLL, (Signed) Kingsoft Corporation>
[yFlashDl Class]
{F166BC04-3C84-44cc-A6E9-2315EC4844B9} <C:\PROGRA~1\Yahoo!\ASSIST~1\Assist\yflashdl.dll, (Signed) Yahoo! China>
[红心游戏]
{00000000-DAEB-480d-867B-D746D955765B} <C:\PROGRA~1\bdgame\RedHeart\GameHall.exe, >
[IEBuddyExtControl Class]
{3AECD3C1-7085-4731-96DC-47B6CF7EF749} <C:\Program Files\Kingsoft\Kingsoft Internet Security 2008\IEBuddyExt.DLL, (Signed) Kingsoft Corporation>
[Yahoo 3.5G电邮]
{507F9113-CD77-4866-BA92-0E86DA3D0B97} <http://cn.zs.yahoo.com/cnsbutton.htm?source=cns&btn=yahoomail, N/A>
[名品折扣]
{59BC54A2-56B3-44a0-93E5-432D58746E26} <http://adtaobao.allyes.com/main/adfclick?db=adtaobao&bid=138,140,18&cid=816,8,1&sid=5042&show=ignore&url=http://www.taobao.com/vertical/mall/pro.php?allyesPara=816, N/A>
[雅虎助手]
{5D73EE86-05F1-49ed-B850-E423120EC338} <http://cn.zs.yahoo.com/cnsbutton.htm?source=cns&btn=yassist, N/A>
[雅虎WIDGET]
{6354ABE6-05F1-49ed-B850-E423120EC338} <http://cn.widget.yahoo.com/index.htm?source=Cns, N/A>
[信息检索(&R)]
{92780B25-18CC-41C8-B9BE-3C9C571A8263} <C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL, (Signed) Microsoft Corporation>
[启动Web迅雷]
{962EFB8E-2683-42d4-AC74-AAA4C759B9C6} <http://my.xunlei.com, N/A>
[情景聊天]
{E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} <http://cn.zs.yahoo.com/cnsbutton.htm?source=cns&btn=yahoomsg, N/A>
[]
{ECF2E268-F28C-48d2-9AB7-8F69C11CCB71} <http://cn.zs.yahoo.com/cnsbutton.htm?source=cns&btn=repair, N/A>
[]
{FD00D911-7529-4084-9946-A29F1BDF4FE5} <http://cn.zs.yahoo.com/cnsbutton.htm?source=cns&btn=clean, N/A>
[雅虎助手]
{406F94F0-504F-4a40-8DFD-58B0666ABEBD} <C:\PROGRA~1\Yahoo!\ASSIST~1\Assist\yasbar0.dll, (Signed) yahoo! china>
[Windows Genuine Advantage Validation Tool]
{17492023-C23A-453E-A040-C7C580BBF700} <C:\WINDOWS\system32\LegitCheckControl.DLL, Microsoft Corporation>
[]
{00000000-DAEB-480D-867B-D746D955765B} <, >
[WebThunder Browser Helper]
{00000AAA-A363-466E-BEF5-9BB68697AA7F} <C:\Program Files\Thunder Network\WebThunder\WebThunderBHO_016.dll, Thunder Networking Technologies,LTD>
[Yahoo!Photo]
{33BBE430-0E42-4F12-B075-8D21ACB10DCB} <C:\PROGRA~1\Yahoo!\ASSIST~1\Assist\yphtb.dll, (Signed) Yahoo! China>
[AntiFish Class]
{38928D50-8A48-44C2-945F-D2F23F771410} <C:\PROGRA~1\Yahoo!\ASSIST~1\Assist\yangling.dll, yahoo! china>
[IEBuddyExtControl Class]
{3AECD3C1-7085-4731-96DC-47B6CF7EF749} <C:\Program Files\Kingsoft\Kingsoft Internet Security 2008\IEBuddyExt.DLL, (Signed) Kingsoft Corporation>
[雅虎助手]
{406F94F0-504F-4A40-8DFD-58B0666ABEBD} <C:\PROGRA~1\Yahoo!\ASSIST~1\Assist\yasbar0.dll, (Signed) yahoo! china>
[]
{507F9113-CD77-4866-BA92-0E86DA3D0B97} <, >
[]
{59BC54A2-56B3-44A0-93E5-432D58746E26} <, >
[]
{5D73EE86-05F1-49ED-B850-E423120EC338} <, >
[DragSearch BHO]
{62EED7C6-9F02-42F9-B634-98E2899E147B} <C:\PROGRA~1\Yahoo!\ASSIST~1\Assist\YDRAGS~1.DLL, (Signed) yahoo! china>
[]
{6354ABE6-05F1-49ED-B850-E423120EC338} <, >
[AutoLive]
{7CA83CF1-3AEA-42D0-A4E3-1594FC6E48B2} <C:\PROGRA~1\3721\autolive.dll, (Signed) 国风因特软件（北京）有限公司>
[Thunder Browser Helper]
{889D2FEB-5411-4565-8998-1DD2C5261283} <C:\Program Files\Thunder Network\Thunder\ComDlls\XunLeiBHO_002.dll, Thunder Networking Technologies,LTD>
[]
{92780B25-18CC-41C8-B9BE-3C9C571A8263} <, >
[]
{962EFB8E-2683-42D4-AC74-AAA4C759B9C6} <, >
[CnsHook Class]
{D157330A-9EF3-49F8-9A67-4141AC41ADD4} <C:\WINDOWS\DOWNLO~1\CnsHook.dll, 北京三七二一科技有限公司>
[Shockwave Flash Object]
{D27CDB6E-AE6D-11CF-96B8-444553540000} <C:\Program Files\Kingsoft\Kingsoft Internet Security 2008\Flash.OCX, (Signed) Adobe Systems, Inc.>
[kingsoft browser shield]
{D963BE1A-6B35-47DB-B002-49FAE71D85CC} <C:\Program Files\Kingsoft\Kingsoft Internet Security 2008\KASBrowserShield.DLL, (Signed) Kingsoft Corporation>
[]
{DEDEB80D-FA35-45D9-9460-4983E5A8AFE6} <, >
[]
{E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} <, >
[]
{ECF2E268-F28C-48D2-9AB7-8F69C11CCB71} <, >
[yFlashDl Class]
{F166BC04-3C84-44CC-A6E9-2315EC4844B9} <C:\PROGRA~1\Yahoo!\ASSIST~1\Assist\yflashdl.dll, (Signed) Yahoo! China>
[]
{FD00D911-7529-4084-9946-A29F1BDF4FE5} <, >
[使用Web迅雷下载]
<C:\Program Files\Thunder Network\WebThunder\GetUrl.htm, N/A>
[

爱之吻你 - 2008-10-31 18:05:00

使用Web迅雷下载全部链接]
<C:\Program Files\Thunder Network\WebThunder\GetAllUrl.htm, N/A>
[使用迅雷下载]
<C:\Program Files\Thunder Network\Thunder\Program\GetUrl.htm, N/A>
[使用迅雷下载全部链接]
<C:\Program Files\Thunder Network\Thunder\Program\GetAllUrl.htm, N/A>
[导出到 Microsoft Office Excel(&X)]
<res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000, N/A>
[添加到雅虎收藏+]
<http://myweb.cn.yahoo.com/post.html?F=D2_A, N/A>
[添加到雅虎订阅(&Y)]
<res://C:\PROGRA~1\Yahoo!\ASSIST~1\Assist\yrss.dll/YRSSMENUEXT, N/A>
[雅虎搜索]
<res://C:\PROGRA~1\Yahoo!\ASSIST~1\Assist\yasbar0.dll/203, N/A>

==================================
正在运行的进程
[PID: 456 / SYSTEM][\SystemRoot\System32\smss.exe] [(Verified) Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 512 / SYSTEM][\??\C:\WINDOWS\system32\csrss.exe] [(Verified) Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 536 / SYSTEM][\??\C:\WINDOWS\system32\winlogon.exe] [(Verified) Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[C:\WINDOWS\system32\uxtheme.dll] [Microsoft Corporation, 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)]
[C:\WINDOWS\system32\FOURI_M3.IME] [北京紫光华宇软件股份有限公司, 4.0.0.5027]
[PID: 580 / SYSTEM][C:\WINDOWS\system32\services.exe] [(Verified) Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[C:\WINDOWS\system32\UxTheme.dll] [Microsoft Corporation, 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 592 / SYSTEM][C:\WINDOWS\system32\lsass.exe] [(Verified) Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[C:\WINDOWS\system32\UxTheme.dll] [Microsoft Corporation, 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 744 / SYSTEM][C:\WINDOWS\system32\svchost.exe] [(Verified) Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[C:\WINDOWS\system32\UxTheme.dll] [Microsoft Corporation, 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 792 / NETWORK SERVICE][C:\WINDOWS\system32\svchost.exe] [(Verified) Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[C:\WINDOWS\system32\UxTheme.dll] [Microsoft Corporation, 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 868 / SYSTEM][C:\WINDOWS\System32\svchost.exe] [(Verified) Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[C:\WINDOWS\System32\UxTheme.dll] [Microsoft Corporation, 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 984 / NETWORK SERVICE][C:\WINDOWS\system32\svchost.exe] [(Verified) Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[C:\WINDOWS\system32\UxTheme.dll] [Microsoft Corporation, 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 1020 / LOCAL SERVICE][C:\WINDOWS\system32\svchost.exe] [(Verified) Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[C:\WINDOWS\system32\UxTheme.dll] [Microsoft Corporation, 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 1256 / Administrator][C:\WINDOWS\Explorer.EXE] [(Verified) Microsoft Corporation, 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)]
[C:\WINDOWS\system32\UxTheme.dll] [Microsoft Corporation, 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)]
[C:\WINDOWS\system32\FOURI_M3.IME] [北京紫光华宇软件股份有限公司, 4.0.0.5027]
[C:\WINDOWS\DOWNLO~1\CnsHook.dll] [北京三七二一科技有限公司, 2, 5, 0, 2]
[C:\PROGRA~1\Yahoo!\Assistant\yClickOn.dll] [YAHOO Corporation Limited, 3, 0, 3, 1004]
[C:\WINDOWS\DOWNLO~1\CnsMin.dll] [北京三七二一科技有限公司, 2, 5, 0, 3]
[C:\PROGRA~1\3721\helper.dll] [国风因特软件（北京）有限公司, 2.5.5.1008]
[C:\PROGRA~1\3721\alrex.dll] [国风因特软件（北京）有限公司, 2.5.3.1005]
[C:\PROGRA~1\Yahoo!\ASSIST~1\Yhelper.dll] [Yahoo! China, 3, 0, 5, 1023]
[C:\PROGRA~1\Yahoo!\ASSIST~1\assist\ykern.dll] [Yahoo! China, 3, 1, 9, 1025]
[C:\PROGRA~1\WinKld\Winkld.dat] [www.88dog.com, 2, 0, 0, 1]
[C:\Program Files\Kingsoft\Kingsoft Internet Security 2008\KMailOEBand.DLL] [Kingsoft Corporation, 2008,04,22,364]
[C:\Program Files\Kingsoft\Kingsoft Internet Security 2008\kis.dll] [Kingsoft Corporation, 2008,04,22,364]
[C:\Program Files\Kingsoft\Kingsoft Internet Security 2008\MFC80U.DLL] [Microsoft Corporation, 8.00.50727.762]
[C:\Program Files\Kingsoft\Kingsoft Internet Security 2008\MSVCR80.dll] [Microsoft Corporation, 8.00.50727.762]
[C:\Program Files\Kingsoft\Kingsoft Internet Security 2008\MSVCP80.dll] [Microsoft Corporation, 8.00.50727.762]
[C:\Program Files\WinRAR\rarext.dll] [N/A, ]
[C:\WINDOWS\system32\browselc.dll] [Microsoft Corporation, 6.00.2600.0000]
[C:\PROGRA~1\3721\autolive.dll] [国风因特软件（北京）有限公司, 2.6.0.1016]
[C:\PROGRA~1\Yahoo!\ASSIST~1\YAlive.dll] [yahoo! china, 3, 5, 9, 1111]
[C:\PROGRA~1\Yahoo!\ASSIST~1\Yalliveex.dll] [Yahoo! China, 3, 0, 3, 1012]
[C:\Program Files\Thunder Network\Thunder\ComDlls\XunLeiBHO_002.dll] [Thunder Networking Technologies,LTD, 5, 0, 0, 2]
[C:\Program Files\Thunder Network\WebThunder\WebThunderBHO_016.dll] [Thunder Networking Technologies,LTD, 6, 0, 0, 5]
[C:\PROGRA~1\Yahoo!\ASSIST~1\Assist\yphtb.dll] [Yahoo! China, 3, 1, 2, 1013]
[C:\PROGRA~1\Yahoo!\ASSIST~1\Assist\YDRAGS~1.DLL] [yahoo! china, 3, 1, 1, 1013]
[C:\Program Files\Kingsoft\Kingsoft Internet Security 2008\KAVEXT.DLL] [Kingsoft Corporation, 2008,07,09,459]
[C:\PROGRA~1\Yahoo!\ASSIST~1\Assist\ywiper.dll] [, 1, 0, 1, 1014]
[PID: 1392 / SYSTEM][C:\WINDOWS\system32\spoolsv.exe] [(Verified) Microsoft Corporation, 5.1.2600.2696 (xpsp_sp2_gdr.050610-1519)]
[C:\WINDOWS\system32\UxTheme.dll] [Microsoft Corporation, 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 1584 / SYSTEM][C:\WINDOWS\system32\nvsvc32.exe] [NVIDIA Corporation, 6.14.10.8198]
[C:\WINDOWS\system32\UxTheme.dll] [Microsoft Corporation, 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)]
[C:\WINDOWS\system32\FOURI_M3.IME] [北京紫光华宇软件股份有限公司, 4.0.0.5027]
[PID: 1612 / SYSTEM][C:\WINDOWS\system32\svchost.exe] [(Verified) Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[C:\WINDOWS\system32\UxTheme.dll] [Microsoft Corporation, 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 1628 / LOCAL SERVICE][C:\WINDOWS\system32\wdfmgr.exe] [Microsoft Corporation, 5.2.3790.1230 built by: dnsrv(bld4act)]
[PID: 1996 / Administrator][C:\WINDOWS\system32\Rundll32.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[C:\WINDOWS\system32\UxTheme.dll] [Microsoft Corporation, 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)]
[C:\WINDOWS\DOWNLO~1\CnsMin.dll] [北京三七二一科技有限公司, 2, 5, 0, 3]
[C:\WINDOWS\system32\FOURI_M3.IME] [北京紫光华宇软件股份有限公司, 4.0.0.5027]
[C:\WINDOWS\DOWNLO~1\CnsMinIO.dll] [北京三七二一科技有限公司, 1, 0, 3, 6]
[C:\WINDOWS\DOWNLO~1\cnsio.dll] [北京三七二一科技有限公司, 1, 0, 2, 7]
[C:\PROGRA~1\3721\helper.dll] [国风因特软件（北京）有限公司, 2.5.5.1008]
[C:\PROGRA~1\Yahoo!\ASSIST~1\Yhelper.dll] [Yahoo! China, 3, 0, 5, 1023][C:\PROGRA~1\Yahoo!\ASSIST~1\assist\ykern.dll] [Yahoo! China, 3, 1, 9, 1025]
[PID: 484 / LOCAL SERVICE][C:\WINDOWS\System32\alg.exe] [(Verified) Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[C:\WINDOWS\System32\UxTheme.dll] [Microsoft Corporation, 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 964 / Administrator][C:\PROGRA~1\Yahoo!\ASSIST~1\YLive.exe] [Yahoo! China, 3, 1, 9, 1025]
[C:\PROGRA~1\Yahoo!\ASSIST~1\assist\ykern.dll] [Yahoo! China, 3, 1, 9, 1025]
[C:\PROGRA~1\Yahoo!\ASSIST~1\Yhelper.dll] [Yahoo! China, 3, 0, 5, 1023]
[C:\WINDOWS\system32\uxtheme.dll] [Microsoft Corporation, 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)]
[C:\WINDOWS\DOWNLO~1\CnsMin.dll] [北京三七二一科技有限公司, 2, 5, 0, 3]
[C:\WINDOWS\system32\FOURI_M3.IME] [北京紫光华宇软件股份有限公司, 4.0.0.5027]
[C:\PROGRA~1\Yahoo!\ASSIST~1\YAlive.dll] [yahoo! china, 3, 5, 9, 1111]
[C:\PROGRA~1\Yahoo!\ASSIST~1\Yalliveex.dll] [Yahoo! China, 3, 0, 3, 1012]
[C:\Program Files\Kingsoft\Kingsoft Internet Security 2008\KMailOEBand.DLL] [Kingsoft Corporation, 2008,04,22,364][C:\Program Files\Kingsoft\Kingsoft Internet Security 2008\kis.dll] [Kingsoft Corporation, 2008,04,22,364]
[C:\Program Files\Kingsoft\Kingsoft Internet Security 2008\MFC80U.DLL] [Microsoft Corporation, 8.00.50727.762][C:\Program Files\Kingsoft\Kingsoft Internet Security 2008\MSVCR80.dll] [Microsoft Corporation, 8.00.50727.762]
[C:\Program Files\Kingsoft\Kingsoft Internet Security 2008\MSVCP80.dll] [Microsoft Corporation, 8.00.50727.762]
[C:\PROGRA~1\3721\helper.dll] [国风因特软件（北京）有限公司, 2.5.5.1008]
[C:\PROGRA~1\Yahoo!\ASSIST~1\ynotifier.dll] [yahoo! china, 3, 0, 6, 1007]
[C:\PROGRA~1\Yahoo!\ASSIST~1\Assist\yzsNetProto.dll] [Yahoo! China, 3, 0, 5, 1006]
[PID: 1032 / Administrator][C:\WINDOWS\system32\rundll32.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[C:\WINDOWS\system32\UxTheme.dll] [Microsoft Corporation, 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)]
[C:\PROGRA~1\3721\helper.dll] [国风因特软件（北京）有限公司, 2.5.5.1008]
[C:\PROGRA~1\Yahoo!\ASSIST~1\Yhelper.dll] [Yahoo! China, 3, 0, 5, 1023]
[C:\PROGRA~1\Yahoo!\ASSIST~1\assist\ykern.dll] [Yahoo! China, 3, 1, 9, 1025]
[C:\WINDOWS\DOWNLO~1\CnsMin.dll] [北京三七二一科技有限公司, 2, 5, 0, 3]
[C:\WINDOWS\system32\FOURI_M3.IME] [北京紫光华宇软件股份有限公司, 4.0.0.5027]
[C:\PROGRA~1\3721\autolive.dll] [国风因特软件（北京）有限公司, 2.6.0.1016]
[C:\PROGRA~1\3721\notifier.dll] [国风因特软件（北京）有限公司, 2.5.2.1004]
[PID: 1248 / Administrator][C:\WINDOWS\VM_STI.EXE] [Vimicro, 4, 2, 1124, 6]
[C:\WINDOWS\system32\uxtheme.dll] [Microsoft Corporation, 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)]
[C:\PROGRA~1\Yahoo!\ASSIST~1\Yhelper.dll] [Yahoo! China, 3, 0, 5, 1023]
[C:\PROGRA~1\Yahoo!\ASSIST~1\assist\ykern.dll] [Yahoo! China, 3, 1, 9, 1025]
[C:\WINDOWS\DOWNLO~1\CnsMin.dll] [北京三七二一科技有限公司, 2, 5, 0, 3]
[C:\PROGRA~1\3721\helper.dll] [国风因特软件（北京）有限公司, 2.5.5.1008]
[C:\WINDOWS\system32\msdmo.dll] [, ]
[C:\WINDOWS\system32\VM31bPrp.Ax] [Vimicro, 1.00.01.00]
[PID: 1560 / Administrator][C:\progra~1\yahoo!\assistant\yassistse.exe] [Yahoo! China, 3, 1, 0, 1013]
[C:\WINDOWS\system32\uxtheme.dll] [Microsoft Corporation, 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)]
[C:\PROGRA~1\3721\helper.dll] [国风因特软件（北京）有限公司, 2.5.5.1008]
[C:\PROGRA~1\Yahoo!\ASSIST~1\Yhelper.dll] [Yahoo! China, 3, 0, 5, 1023]
[C:\PROGRA~1\Yahoo!\ASSIST~1\assist\ykern.dll] [Yahoo! China, 3, 1, 9, 1025]
[C:\WINDOWS\DOWNLO~1\CnsMin.dll] [北京三七二一科技有限公司, 2, 5, 0, 3]
[C:\WINDOWS\system32\FOURI_M3.IME] [北京紫光华宇软件股份有限公司, 4.0.0.5027]
[C:\progra~1\yahoo!\assistant\shell\yAssecblk.dll] [Yahoo! China, 3, 1, 6, 1022]
[C:\progra~1\yahoo!\assistant\shell\yMenuInfo.dll] [Yahoo! China, 3, 0, 1, 1001]
[C:\progra~1\yahoo!\assistant\shell\yIEAngel.dll] [Yahoo! China, 3, 0, 4, 1005]
[C:\progra~1\yahoo!\assistant\shell\yAsMenu.dll] [Yahoo! China, 3, 0, 5, 1007]
[PID: 224 / Administrator][C:\WINDOWS\system32\ctfmon.exe] [(Verified) Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[C:\WINDOWS\system32\UxTheme.dll] [Microsoft Corporation, 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)]
[C:\PROGRA~1\3721\helper.dll] [国风因特软件（北京）有限公司, 2.5.5.1008]
[C:\PROGRA~1\Yahoo!\ASSIST~1\Yhelper.dll] [Yahoo! China, 3, 0, 5, 1023]
[C:\PROGRA~1\Yahoo!\ASSIST~1\assist\ykern.dll] [Yahoo! China, 3, 1, 9, 1025]
[C:\WINDOWS\DOWNLO~1\CnsMin.dll] [北京三七二一科技有限公司, 2, 5, 0, 3]
[C:\WINDOWS\system32\FOURI_M3.IME] [北京紫光华宇软件股份有限公司, 4.0.0.5027]
[PID: 3456 / Administrator][C:\Program Files\Internet Explorer\iexplore.exe] [Microsoft Corporation, 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)]
[C:\WINDOWS\system32\uxtheme.dll] [Microsoft Corporation, 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)]
[C:\Program Files\Kingsoft\Kingsoft Internet Security 2008\KMailOEBand.DLL] [Kingsoft Corporation, 2008,04,22,364]
[C:\Program Files\Kingsoft\Kingsoft Internet Security 2008\kis.dll] [Kingsoft Corporation, 2008,04,22,364]
[C:\Program Files\Kingsoft\Kingsoft Internet Security 2008\MFC80U.DLL] [Microsoft Corporation, 8.00.50727.762]
[C:\Program Files\Kingsoft\Kingsoft Internet Security 2008\MSVCR80.dll] [Microsoft Corporation, 8.00.50727.762]
[C:\Program Files\Kingsoft\Kingsoft Internet Security 2008\MSVCP80.dll] [Microsoft Corporation, 8.00.50727.762]
[C:\PROGRA~1\3721\helper.dll] [国风因特软件（北京）有限公司, 2.5.5.1008]
[C:\PROGRA~1\3721\scrblock.dll] [3721, 1, 0, 1, 1000]
[C:\PROGRA~1\3721\alrex.dll] [国风因特软件（北京）有限公司, 2.5.3.1005]
[C:\PROGRA~1\Yahoo!\ASSIST~1\Yhelper.dll] [Yahoo! China, 3, 0, 5, 1023]
[C:\PROGRA~1\Yahoo!\ASSIST~1\yscrblock.dll] [Yahoo! China, 3, 0, 3, 1004]
[C:\PROGRA~1\Yahoo!\ASSIST~1\assist\ykern.dll] [Yahoo! China, 3, 1, 9, 1025]
[C:\WINDOWS\DOWNLO~1\CnsMin.dll] [北京三七二一科技有限公司, 2, 5, 0, 3]
[C:\WINDOWS\DOWNLO~1\CnsHint.dll] [3721, 2, 5, 0, 2]
[C:\WINDOWS\system32\browselc.dll] [Microsoft Corporation, 6.00.2600.0000]
[C:\PROGRA~1\3721\autolive.dll] [国风因特软件（北京）有限公司, 2.6.0.1016]
[C:\PROGRA~1\Yahoo!\ASSIST~1\YAlive.dll] [yahoo! china, 3, 5, 9, 1111]
[C:\PROGRA~1\Yahoo!\ASSIST~1\Yalliveex.dll] [Yahoo! China, 3, 0, 3, 1012]
[C:\WINDOWS\system32\FOURI_M3.IME] [北京紫光华宇软件股份有限公司, 4.0.0.5027]
[C:\WINDOWS\DOWNLO~1\cnsplus.dll] [3721, 2, 5, 0, 2]
[C:\PROGRA~1\Yahoo!\ASSIST~1\Assist\yasbar.dll] [yahoo! china, 3, 3, 3, 1094]
[C:\PROGRA~1\Yahoo!\ASSIST~1\Assist\ysearch.dll] [Yahoo! China, 3, 1, 7, 1017]
[C:\PROGRA~1\Yahoo!\ASSIST~1\Assist\yasnoad.dll] [yahoo! china, 3, 0, 7, 1009]
[C:\PROGRA~1\Yahoo!\ASSIST~1\Assist\yzsNetProto.dll] [Yahoo! China, 3, 0, 5, 1006]
[C:\PROGRA~1\Yahoo!\ASSIST~1\Assist\yphtb.dll] [Yahoo! China, 3, 1, 2, 1013]
[C:\PROGRA~1\Yahoo!\ASSIST~1\Assist\yrss.dll] [Yahoo! China, 3, 1, 0, 1011]
[C:\PROGRA~1\Yahoo!\ASSIST~1\Assist\yaswiper.dll] [Yahoo! China, 3, 1, 2, 1012]
[C:\PROGRA~1\Yahoo!\ASSIST~1\Assist\yasiesec.dll] [Yahoo! China, 3, 1, 3, 1015]
[C:\PROGRA~1\Yahoo!\ASSIST~1\Assist\YSETTI~1.DLL] [yahoo! china, 3, 1, 3, 1024]
[C:\PROGRA~1\Yahoo!\ASSIST~1\Assist\ymailp.dll] [Yahoo! China, 3, 0, 7, 1013]
[C:\WINDOWS\DOWNLO~1\CnsHook.dll] [北京三七二一科技有限公司, 2, 5, 0, 2]
[C:\PROGRA~1\Yahoo!\Assistant\yClickOn.dll] [YAHOO Corporation Limited, 3, 0, 3, 1004]
[C:\Program Files\Thunder Network\WebThunder\WebThunderBHO_016.dll] [Thunder Networking Technologies,LTD, 6, 0, 0, 5]

爱之吻你 - 2008-10-31 18:06:00

[C:\PROGRA~1\Yahoo!\ASSIST~1\Assist\yangling.dll] [yahoo! china, 3, 0, 5, 1007]
[C:\PROGRA~1\Yahoo!\ASSIST~1\Assist\YDRAGS~1.DLL] [yahoo! china, 3, 1, 1, 1013]
[C:\Program Files\Thunder Network\Thunder\ComDlls\XunLeiBHO_002.dll] [Thunder Networking Technologies,LTD, 5, 0, 0, 2]
[C:\Program Files\Kingsoft\Kingsoft Internet Security 2008\KASBrowserShield.DLL] [Kingsoft Corporation, 2008,06,06,396]
[C:\Program Files\Kingsoft\Kingsoft Internet Security 2008\IEBuddy.dll] [Kingsoft Corporation, 2008,09,04,599]
[C:\Program Files\Kingsoft\Kingsoft Internet Security 2008\IEBuddyExt.DLL] [Kingsoft Corporation, 2008,06,24,415]
[C:\Program Files\Kingsoft\Kingsoft Internet Security 2008\KANTray.dll] [Kingsoft Corporation, 2008,06,24,415]
[C:\Program Files\Kingsoft\Kingsoft Internet Security 2008\KAVAFish.DLL] [Kingsoft Corporation, 2008,06,24,415]
[C:\Program Files\Kingsoft\Kingsoft Internet Security 2008\kisfree.dll] [Kingsoft Corporation, 2008,10,15,644]
[C:\Program Files\Kingsoft\Kingsoft Internet Security 2008\Flash.OCX] [Adobe Systems, Inc., 9,0,124,0]
[C:\PROGRA~1\Yahoo!\ASSIST~1\Assist\ymyweb.dll] [Yahoo! China, 3, 0, 5, 1007]
[C:\PROGRA~1\Yahoo!\ASSIST~1\Assist\ypagetr.dll] [, 3, 0, 1, 1006]
[C:\PROGRA~1\Yahoo!\ASSIST~1\Assist\yflashdl.dll] [Yahoo! China, 3, 1, 1, 1025]
[c:\progra~1\yahoo!\assist~1\assist\yadfil~1.dll] [Yahoo! China, 3, 0, 2, 1003]
[C:\PROGRA~1\Yahoo!\ASSIST~1\Assist\yrepair.dll] [Yahoo! China, 3, 0, 9, 1012]
[C:\PROGRA~1\Yahoo!\ASSIST~1\Assist\yasfsks.dll] [Yahoo! China, 2, 1, 3, 89]
[C:\PROGRA~1\Yahoo!\ASSIST~1\Assist\yoptimum.dll] [Yahoo! China, 3, 0, 5, 1009]
[C:\PROGRA~1\yahoo!\assistant\Shell\yAssecblk.dll] [Yahoo! China, 3, 1, 6, 1022]
[C:\PROGRA~1\Yahoo!\ASSIST~1\Assist\yxpstyle.dll] [Yahoo! China, 3, 0, 1, 1001]
[PID: 3308 / Administrator][C:\Program Files\Thunder Network\WebThunder\WebThunder.exe] [深圳市迅雷网络技术有限公司, 1, 6, 0, 87]
[C:\Program Files\Thunder Network\WebThunder\taskmanage.dll] [Thunder Networking Technologies,LTD, 1, 6, 0, 87]
[C:\Program Files\Thunder Network\WebThunder\download_interface.dll] [Thunder Networking Technologies,LTD, 2, 12, 3, 46]
[C:\Program Files\Thunder Network\WebThunder\asyn_dns.dll] [Thunder Networking Technologies,LTD, 2, 12, 3, 46]
[C:\Program Files\Thunder Network\WebThunder\RegisterDll.dll] [Thunder Networking Technologies,LTD, 2, 2, 1, 43]
[C:\WINDOWS\system32\uxtheme.dll] [Microsoft Corporation, 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)]
[C:\Program Files\Kingsoft\Kingsoft Internet Security 2008\KMailOEBand.DLL] [Kingsoft Corporation, 2008,04,22,364]
[C:\Program Files\Kingsoft\Kingsoft Internet Security 2008\kis.dll] [Kingsoft Corporation, 2008,04,22,364]
[C:\Program Files\Kingsoft\Kingsoft Internet Security 2008\MFC80U.DLL] [Microsoft Corporation, 8.00.50727.762]
[C:\Program Files\Kingsoft\Kingsoft Internet Security 2008\MSVCR80.dll] [Microsoft Corporation, 8.00.50727.762]
[C:\Program Files\Kingsoft\Kingsoft Internet Security 2008\MSVCP80.dll] [Microsoft Corporation, 8.00.50727.762]
[C:\PROGRA~1\3721\helper.dll] [国风因特软件（北京）有限公司, 2.5.5.1008]
[C:\PROGRA~1\Yahoo!\ASSIST~1\Yhelper.dll] [Yahoo! China, 3, 0, 5, 1023]
[C:\PROGRA~1\Yahoo!\ASSIST~1\assist\ykern.dll] [Yahoo! China, 3, 1, 9, 1025]
[C:\WINDOWS\DOWNLO~1\CnsMin.dll] [北京三七二一科技有限公司, 2, 5, 0, 3]
[C:\WINDOWS\system32\FOURI_M3.IME] [北京紫光华宇软件股份有限公司, 4.0.0.5027]
[C:\Program Files\Thunder Network\WebThunder\historyinfo_manage.dll] [Thunder Networking Technologies,LTD, 5, 3, 0, 228]
[C:\Program Files\Thunder Network\WebThunder\iEmbedShell.dll] [　, 1, 0, 0, 14]
[C:\Program Files\Thunder Network\WebThunder\iEmbed07.dll] [　, 3, 1, 0, 58]
[C:\Program Files\Thunder Network\WebThunder\MediaAddin10.dll] [Thunder Networking Technologies,LTD, 3, 1, 0, 62]
[C:\Program Files\Kingsoft\Kingsoft Internet Security 2008\Flash.OCX] [Adobe Systems, Inc., 9,0,124,0]
[PID: 2624 / Administrator][D:\卡拉\新建文件夹 (2)\SREngLdr.EXE] [Smallfrogs Studio, 2.7.0.1210]
[PID: 2600 / Administrator][D:\卡拉\新建文件夹 (2)\SRE7c456bda.EXE] [Smallfrogs Studio, 2.7.0.1210]
[C:\WINDOWS\system32\uxtheme.dll] [Microsoft Corporation, 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)]
[C:\Program Files\Kingsoft\Kingsoft Internet Security 2008\KMailOEBand.DLL] [Kingsoft Corporation, 2008,04,22,364]
[C:\Program Files\Kingsoft\Kingsoft Internet Security 2008\kis.dll] [Kingsoft Corporation, 2008,04,22,364]
[C:\Program Files\Kingsoft\Kingsoft Internet Security 2008\MFC80U.DLL] [Microsoft Corporation, 8.00.50727.762]
[C:\Program Files\Kingsoft\Kingsoft Internet Security 2008\MSVCR80.dll] [Microsoft Corporation, 8.00.50727.762]
[C:\Program Files\Kingsoft\Kingsoft Internet Security 2008\MSVCP80.dll] [Microsoft Corporation, 8.00.50727.762]
[C:\PROGRA~1\3721\helper.dll] [国风因特软件（北京）有限公司, 2.5.5.1008]
[C:\PROGRA~1\Yahoo!\ASSIST~1\Yhelper.dll] [Yahoo! China, 3, 0, 5, 1023]
[C:\PROGRA~1\Yahoo!\ASSIST~1\assist\ykern.dll] [Yahoo! China, 3, 1, 9, 1025]
[C:\WINDOWS\DOWNLO~1\CnsMin.dll] [北京三七二一科技有限公司, 2, 5, 0, 3]
[C:\WINDOWS\system32\FOURI_M3.IME] [北京紫光华宇软件股份有限公司, 4.0.0.5027]
[D:\卡拉\新建文件夹 (2)\Upload\3rdUpd.DLL] [Smallfrogs Studio, 2, 1, 0, 15]

==================================
文件关联
.TXT OK. [%SystemRoot%\system32\NOTEPAD.EXE %1]
.EXE OK. ["%1" %*]
.COM OK. ["%1" %*]
.PIF OK. ["%1" %*]
.REG OK. [regedit.exe "%1"]
.BAT OK. ["%1" %*]
.SCR OK. ["%1" /S]
.CHM Error. ["hh.exe" %1]
.HLP Error. [winhlp32.exe %1]
.INI OK. [%SystemRoot%\System32\NOTEPAD.EXE %1]
.INF OK. [%SystemRoot%\System32\NOTEPAD.EXE %1]
.VBS OK. [%SystemRoot%\System32\WScript.exe "%1" %*]
.JS OK. [%SystemRoot%\System32\WScript.exe "%1" %*]
.LNK OK. [{00021401-0000-0000-C000-000000000046}]

==================================
Winsock 提供者
N/A

==================================
Autorun.inf
N/A

==================================
HOSTS 文件
127.0.0.1 localhost

==================================
进程特权扫描
特殊特权被允许： SeDebugPrivilege [PID = 964, C:\PROGRA~1\YAHOO!\ASSIST~1\YLIVE.EXE]
特殊特权被允许： SeLoadDriverPrivilege [PID = 964, C:\PROGRA~1\YAHOO!\ASSIST~1\YLIVE.EXE]
特殊特权被允许： SeDebugPrivilege [PID = 3308, C:\PROGRAM FILES\THUNDER NETWORK\WEBTHUNDER\WEBTHUNDER.EXE]
特殊特权被允许： SeLoadDriverPrivilege [PID = 3308, C:\PROGRAM FILES\THUNDER NETWORK\WEBTHUNDER\WEBTHUNDER.EXE]
特殊特权被允许： SeDebugPrivilege [PID = 2624, D:\卡拉\新建文件夹 (2)\SRENGLDR.EXE]
特殊特权被允许： SeLoadDriverPrivilege [PID = 2624, D:\卡拉\新建文件夹 (2)\SRENGLDR.EXE]

==================================
计划任务
N/A

==================================
API HOOK
N/A

==================================
隐藏进程
N/A

==================================

[/CODE]

瑞星卡卡安全论坛